* [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2
@ 2023-06-06 8:58 Fiona Ebner
2023-06-06 8:58 ` [pve-devel] [PATCH qemu 2/2] update reentrancy patches to version in upstream git Fiona Ebner
2023-06-06 16:03 ` [pve-devel] applied: [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Thomas Lamprecht
0 siblings, 2 replies; 4+ messages in thread
From: Fiona Ebner @ 2023-06-06 8:58 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...le-reentrancy-detection-for-script-R.patch | 4 +-
...39-fix-large_send_mss-divide-by-zero.patch | 72 ----
...en-getting-cursor-without-a-console.patch} | 2 +-
...-Fix-crash-when-executing-HMP-commit.patch | 48 ---
...our-channel-order-for-PNG-screenshot.patch | 77 ----
...arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch | 41 --
...e-incorrect-computation-in-float32_e.patch | 56 ---
...ge-wrong-XFRM-value-in-SGX-CPUID-lea.patch | 39 --
...t-assert_bdrv_graph_readable-by-defa.patch | 106 -----
...CI_ERR_UNCOR_MASK-register-for-machi.patch | 100 -----
...after-free-in-blockdev_mark_auto_del.patch | 57 ---
...ly-call-bdrv_activate-outside-corout.patch | 64 ---
...o_unref-for-calls-in-coroutine-conte.patch | 373 ------------------
...-no_coroutine_fns-in-qmp_block_resiz.patch | 43 --
...-tcg-Fix-atomic_mmu_lookup-for-reads.patch | 36 --
debian/patches/series | 15 +-
qemu | 2 +-
17 files changed, 5 insertions(+), 1130 deletions(-)
delete mode 100644 debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
rename debian/patches/extra/{0009-ui-return-NULL-when-getting-cursor-without-a-console.patch => 0007-ui-return-NULL-when-getting-cursor-without-a-console.patch} (97%)
delete mode 100644 debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
delete mode 100644 debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
delete mode 100644 debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
delete mode 100644 debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
delete mode 100644 debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
delete mode 100644 debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
delete mode 100644 debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
delete mode 100644 debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
delete mode 100644 debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
delete mode 100644 debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
delete mode 100644 debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
delete mode 100644 debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
diff --git a/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch b/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
index d7c7496..8f488dc 100644
--- a/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
+++ b/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
@@ -15,10 +15,10 @@ Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
1 file changed, 6 insertions(+)
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
-index af93557a9a..db27872963 100644
+index bbf32d3f73..17af67935f 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
-@@ -2302,6 +2302,12 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
+@@ -2313,6 +2313,12 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
"lsi-io", 256);
diff --git a/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch b/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
deleted file mode 100644
index ab3db30..0000000
--- a/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Thu, 13 Apr 2023 13:19:46 -0400
-Subject: [PATCH] rtl8139: fix large_send_mss divide-by-zero
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If the driver sets large_send_mss to 0 then a divide-by-zero occurs.
-Even if the division wasn't a problem, the for loop that emits MSS-sized
-packets would never terminate.
-
-Solve these issues by skipping offloading when large_send_mss=0.
-
-This issue was found by OSS-Fuzz as part of Alexander Bulekov's device
-fuzzing work. The reproducer is:
-
- $ cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
- 512M,slots=1,maxmem=0xffff000000000000 -machine q35 -nodefaults -device \
- rtl8139,netdev=net0 -netdev user,id=net0 -device \
- pc-dimm,id=nv1,memdev=mem1,addr=0xb800a64602800000 -object \
- memory-backend-ram,id=mem1,size=2M -qtest stdio
- outl 0xcf8 0x80000814
- outl 0xcfc 0xe0000000
- outl 0xcf8 0x80000804
- outw 0xcfc 0x06
- write 0xe0000037 0x1 0x04
- write 0xe00000e0 0x2 0x01
- write 0x1 0x1 0x04
- write 0x3 0x1 0x98
- write 0xa 0x1 0x8c
- write 0xb 0x1 0x02
- write 0xc 0x1 0x46
- write 0xd 0x1 0xa6
- write 0xf 0x1 0xb8
- write 0xb800a646028c000c 0x1 0x08
- write 0xb800a646028c000e 0x1 0x47
- write 0xb800a646028c0010 0x1 0x02
- write 0xb800a646028c0017 0x1 0x06
- write 0xb800a646028c0036 0x1 0x80
- write 0xe00000d9 0x1 0x40
- EOF
-
-Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1582
-Fixes: 6d71357a3b65 ("rtl8139: honor large send MSS value")
-Reported-by: Alexander Bulekov <alxndr@bu.edu>
-Cc: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Tested-by: Alexander Bulekov <alxndr@bu.edu>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Acked-by: Jason Wang <jasowang@redhat.com>
-(picked up from https://patchew.org/QEMU/20230413171946.2865726-1-stefanha@redhat.com/)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/net/rtl8139.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
-index 5a5aaf868d..5f1a4d359b 100644
---- a/hw/net/rtl8139.c
-+++ b/hw/net/rtl8139.c
-@@ -2154,6 +2154,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
-
- int large_send_mss = (txdw0 >> CP_TC_LGSEN_MSS_SHIFT) &
- CP_TC_LGSEN_MSS_MASK;
-+ if (large_send_mss == 0) {
-+ goto skip_offload;
-+ }
-
- DPRINTF("+++ C+ mode offloaded task TSO IP data %d "
- "frame data %d specified MSS=%d\n",
diff --git a/debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch b/debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
similarity index 97%
rename from debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch
rename to debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
index c0368b8..0b8d2c0 100644
--- a/debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch
+++ b/debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
@@ -22,7 +22,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ui/console.c b/ui/console.c
-index 6e8a3cdc62..594517ecdb 100644
+index e173731e20..7461446e71 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -2306,7 +2306,7 @@ QEMUCursor *qemu_console_get_cursor(QemuConsole *con)
diff --git a/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch b/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
deleted file mode 100644
index 0255bd3..0000000
--- a/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Wang Liang <wangliangzz@inspur.com>
-Date: Mon, 24 Apr 2023 18:39:02 +0800
-Subject: [PATCH] block/monitor: Fix crash when executing HMP commit
-
-hmp_commit() calls blk_is_available() from a non-coroutine context (and
-in the main loop). blk_is_available() is a co_wrapper_mixed_bdrv_rdlock
-function, and in the non-coroutine context it calls AIO_WAIT_WHILE(),
-which crashes if the aio_context lock is not taken before.
-
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1615
-Signed-off-by: Wang Liang <wangliangzz@inspur.com>
-Message-Id: <20230424103902.45265-1-wangliangzz@126.com>
-Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Reviewed-by: Kevin Wolf <kwolf@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry-picked from commit 8c1e8fb2e7fc2cbeb57703e143965a4cd3ad301a)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block/monitor/block-hmp-cmds.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 2846083546..ca2599de44 100644
---- a/block/monitor/block-hmp-cmds.c
-+++ b/block/monitor/block-hmp-cmds.c
-@@ -214,15 +214,17 @@ void hmp_commit(Monitor *mon, const QDict *qdict)
- error_report("Device '%s' not found", device);
- return;
- }
-- if (!blk_is_available(blk)) {
-- error_report("Device '%s' has no medium", device);
-- return;
-- }
-
- bs = bdrv_skip_implicit_filters(blk_bs(blk));
- aio_context = bdrv_get_aio_context(bs);
- aio_context_acquire(aio_context);
-
-+ if (!blk_is_available(blk)) {
-+ error_report("Device '%s' has no medium", device);
-+ aio_context_release(aio_context);
-+ return;
-+ }
-+
- ret = bdrv_commit(bs);
-
- aio_context_release(aio_context);
diff --git a/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch b/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
deleted file mode 100644
index d76b723..0000000
--- a/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Tue, 2 May 2023 14:55:48 +0100
-Subject: [PATCH] ui: Fix pixel colour channel order for PNG screenshots
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When we take a PNG screenshot the ordering of the colour channels in
-the data is not correct, resulting in the image having weird
-colouring compared to the actual display. (Specifically, on a
-little-endian host the blue and red channels are swapped; on
-big-endian everything is wrong.)
-
-This happens because the pixman idea of the pixel data and the libpng
-idea differ. PIXMAN_a9r8g8b8 defines that pixels are 32-bit values,
-with A in bits 24-31, R in bits 16-23, G in bits 8-15 and B in bits
-0-7. This means that on little-endian systems the bytes in memory
-are
- B G R A
-and on big-endian systems they are
- A R G B
-
-libpng, on the other hand, thinks of pixels as being a series of
-values for each channel, so its format PNG_COLOR_TYPE_RGB_ALPHA
-always wants bytes in the order
- R G B A
-
-This isn't the same as the pixman order for either big or little
-endian hosts.
-
-The alpha channel is also unnecessary bulk in the output PNG file,
-because there is no alpha information in a screenshot.
-
-To handle the endianness issue, we already define in ui/qemu-pixman.h
-various PIXMAN_BE_* and PIXMAN_LE_* values that give consistent
-byte-order pixel channel formats. So we can use PIXMAN_BE_r8g8b8 and
-PNG_COLOR_TYPE_RGB, which both have an in-memory byte order of
- R G B
-and 3 bytes per pixel.
-
-(PPM format screenshots get this right; they already use the
-PIXMAN_BE_r8g8b8 format.)
-
-Cc: qemu-stable@nongnu.org
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1622
-Fixes: 9a0a119a382867 ("Added parameter to take screenshot with screendump as PNG")
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00229.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- ui/console.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ui/console.c b/ui/console.c
-index 594517ecdb..7461446e71 100644
---- a/ui/console.c
-+++ b/ui/console.c
-@@ -311,7 +311,7 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
- png_struct *png_ptr;
- png_info *info_ptr;
- g_autoptr(pixman_image_t) linebuf =
-- qemu_pixman_linebuf_create(PIXMAN_a8r8g8b8, width);
-+ qemu_pixman_linebuf_create(PIXMAN_BE_r8g8b8, width);
- uint8_t *buf = (uint8_t *)pixman_image_get_data(linebuf);
- FILE *f = fdopen(fd, "wb");
- int y;
-@@ -341,7 +341,7 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
- png_init_io(png_ptr, f);
-
- png_set_IHDR(png_ptr, info_ptr, width, height, 8,
-- PNG_COLOR_TYPE_RGB_ALPHA, PNG_INTERLACE_NONE,
-+ PNG_COLOR_TYPE_RGB, PNG_INTERLACE_NONE,
- PNG_COMPRESSION_TYPE_BASE, PNG_FILTER_TYPE_BASE);
-
- png_write_info(png_ptr, info_ptr);
diff --git a/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch b/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
deleted file mode 100644
index 799aa84..0000000
--- a/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Richard Henderson <richard.henderson@linaro.org>
-Date: Thu, 4 May 2023 11:42:32 +0100
-Subject: [PATCH] target/arm: Fix vd == vm overlap in sve_ldff1_z
-
-If vd == vm, copy vm to scratch, so that we can pre-zero
-the output and still access the gather indicies.
-
-Cc: qemu-stable@nongnu.org
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1612
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00961.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/sve_helper.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c
-index ccf5e5beca..0097522470 100644
---- a/target/arm/tcg/sve_helper.c
-+++ b/target/arm/tcg/sve_helper.c
-@@ -6727,6 +6727,7 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
- intptr_t reg_off;
- SVEHostPage info;
- target_ulong addr, in_page;
-+ ARMVectorReg scratch;
-
- /* Skip to the first true predicate. */
- reg_off = find_next_active(vg, 0, reg_max, esz);
-@@ -6736,6 +6737,11 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
- return;
- }
-
-+ /* Protect against overlap between vd and vm. */
-+ if (unlikely(vd == vm)) {
-+ vm = memcpy(&scratch, vm, reg_max);
-+ }
-+
- /*
- * Probe the first element, allowing faults.
- */
diff --git a/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch b/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
deleted file mode 100644
index a9cc766..0000000
--- a/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shivaprasad G Bhat <sbhat@linux.ibm.com>
-Date: Tue, 2 May 2023 20:55:30 +0530
-Subject: [PATCH] softfloat: Fix the incorrect computation in float32_exp2
-
-The float32_exp2 function is computing wrong exponent of 2.
-
-For example, with the following set of values {0.1, 2.0, 2.0, -1.0},
-the expected output would be {1.071773, 4.000000, 4.000000, 0.500000}.
-Instead, the function is computing {1.119102, 3.382044, 3.382044, -0.191022}
-
-Looking at the code, the float32_exp2() attempts to do this
-
- 2 3 4 5 n
- x x x x x x x
- e = 1 + --- + --- + --- + --- + --- + ... + --- + ...
- 1! 2! 3! 4! 5! n!
-
-But because of the typo it ends up doing
-
- x x x x x x x
- e = 1 + --- + --- + --- + --- + --- + ... + --- + ...
- 1! 2! 3! 4! 5! n!
-
-This is because instead of the xnp which holds the numerator, parts_muladd
-is using the xp which is just 'x'. Commit '572c4d862ff2' refactored this
-function, and mistakenly used xp instead of xnp.
-
-Cc: qemu-stable@nongnu.org
-Fixes: 572c4d862ff2 "softfloat: Convert float32_exp2 to FloatParts"
-Partially-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1623
-Reported-By: Luca Barbato (https://gitlab.com/lu-zero)
-Signed-off-by: Shivaprasad G Bhat <sbhat@linux.ibm.com>
-Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
-Message-Id: <168304110865.537992.13059030916325018670.stgit@localhost.localdomain>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-(cherry-picked from commit 1098cc3fcf952763fc9fd72c1c8fda30a18cc8ea)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- fpu/softfloat.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fpu/softfloat.c b/fpu/softfloat.c
-index c7454c3eb1..108f9cb224 100644
---- a/fpu/softfloat.c
-+++ b/fpu/softfloat.c
-@@ -5135,7 +5135,7 @@ float32 float32_exp2(float32 a, float_status *status)
- float64_unpack_canonical(&rp, float64_one, status);
- for (i = 0 ; i < 15 ; i++) {
- float64_unpack_canonical(&tp, float32_exp2_coefficients[i], status);
-- rp = *parts_muladd(&tp, &xp, &rp, 0, status);
-+ rp = *parts_muladd(&tp, &xnp, &rp, 0, status);
- xnp = *parts_mul(&xnp, &xp, status);
- }
-
diff --git a/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch b/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
deleted file mode 100644
index 425b39d..0000000
--- a/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Yang Zhong <yang.zhong@linux.intel.com>
-Date: Thu, 6 Apr 2023 02:40:41 -0400
-Subject: [PATCH] target/i386: Change wrong XFRM value in SGX CPUID leaf
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The previous patch wrongly replaced FEAT_XSAVE_XCR0_{LO|HI} with
-FEAT_XSAVE_XSS_{LO|HI} in CPUID(EAX=12,ECX=1):{ECX,EDX}. As a result,
-SGX enclaves only supported SSE and x87 feature (xfrm=0x3).
-
-Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")
-Signed-off-by: Yang Zhong <yang.zhong@linux.intel.com>
-Reviewed-by: Yang Weijiang <weijiang.yang@intel.com>
-Reviewed-by: Kai Huang <kai.huang@intel.com>
-Message-Id: <20230406064041.420039-1-yang.zhong@linux.intel.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry-picked from commit 72497cff896fecf74306ed33626c30e43633cdd6)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/i386/cpu.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/target/i386/cpu.c b/target/i386/cpu.c
-index 6576287e5b..f083ff4335 100644
---- a/target/i386/cpu.c
-+++ b/target/i386/cpu.c
-@@ -5718,8 +5718,8 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
- } else {
- *eax &= env->features[FEAT_SGX_12_1_EAX];
- *ebx &= 0; /* ebx reserve */
-- *ecx &= env->features[FEAT_XSAVE_XSS_LO];
-- *edx &= env->features[FEAT_XSAVE_XSS_HI];
-+ *ecx &= env->features[FEAT_XSAVE_XCR0_LO];
-+ *edx &= env->features[FEAT_XSAVE_XCR0_HI];
-
- /* FP and SSE are always allowed regardless of XSAVE/XCR0. */
- *ecx |= XSTATE_FP_MASK | XSTATE_SSE_MASK;
diff --git a/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch b/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
deleted file mode 100644
index f0534d8..0000000
--- a/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Mon, 1 May 2023 13:34:43 -0400
-Subject: [PATCH] block: compile out assert_bdrv_graph_readable() by default
-
-reader_count() is a performance bottleneck because the global
-aio_context_list_lock mutex causes thread contention. Put this debugging
-assertion behind a new ./configure --enable-debug-graph-lock option and
-disable it by default.
-
-The --enable-debug-graph-lock option is also enabled by the more general
---enable-debug option.
-
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00058.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block/graph-lock.c | 3 +++
- configure | 1 +
- meson.build | 2 ++
- meson_options.txt | 2 ++
- scripts/meson-buildoptions.sh | 4 ++++
- 5 files changed, 12 insertions(+)
-
-diff --git a/block/graph-lock.c b/block/graph-lock.c
-index 454c31e691..259a7a0bde 100644
---- a/block/graph-lock.c
-+++ b/block/graph-lock.c
-@@ -265,7 +265,10 @@ void bdrv_graph_rdunlock_main_loop(void)
-
- void assert_bdrv_graph_readable(void)
- {
-+ /* reader_count() is slow due to aio_context_list_lock lock contention */
-+#ifdef CONFIG_DEBUG_GRAPH_LOCK
- assert(qemu_in_main_thread() || reader_count());
-+#endif
- }
-
- void assert_bdrv_graph_writable(void)
-diff --git a/configure b/configure
-index 800b5850f4..a62a3e6be9 100755
---- a/configure
-+++ b/configure
-@@ -806,6 +806,7 @@ for opt do
- --enable-debug)
- # Enable debugging options that aren't excessively noisy
- debug_tcg="yes"
-+ meson_option_parse --enable-debug-graph-lock ""
- meson_option_parse --enable-debug-mutex ""
- meson_option_add -Doptimization=0
- fortify_source="no"
-diff --git a/meson.build b/meson.build
-index c44d05a13f..d964e741e7 100644
---- a/meson.build
-+++ b/meson.build
-@@ -1956,6 +1956,7 @@ if get_option('debug_stack_usage') and have_coroutine_pool
- have_coroutine_pool = false
- endif
- config_host_data.set10('CONFIG_COROUTINE_POOL', have_coroutine_pool)
-+config_host_data.set('CONFIG_DEBUG_GRAPH_LOCK', get_option('debug_graph_lock'))
- config_host_data.set('CONFIG_DEBUG_MUTEX', get_option('debug_mutex'))
- config_host_data.set('CONFIG_DEBUG_STACK_USAGE', get_option('debug_stack_usage'))
- config_host_data.set('CONFIG_GPROF', get_option('gprof'))
-@@ -3833,6 +3834,7 @@ summary_info += {'PIE': get_option('b_pie')}
- summary_info += {'static build': config_host.has_key('CONFIG_STATIC')}
- summary_info += {'malloc trim support': has_malloc_trim}
- summary_info += {'membarrier': have_membarrier}
-+summary_info += {'debug graph lock': get_option('debug_graph_lock')}
- summary_info += {'debug stack usage': get_option('debug_stack_usage')}
- summary_info += {'mutex debugging': get_option('debug_mutex')}
- summary_info += {'memory allocator': get_option('malloc')}
-diff --git a/meson_options.txt b/meson_options.txt
-index fc9447d267..bc857fe68b 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -311,6 +311,8 @@ option('rng_none', type: 'boolean', value: false,
- description: 'dummy RNG, avoid using /dev/(u)random and getrandom()')
- option('coroutine_pool', type: 'boolean', value: true,
- description: 'coroutine freelist (better performance)')
-+option('debug_graph_lock', type: 'boolean', value: false,
-+ description: 'graph lock debugging support')
- option('debug_mutex', type: 'boolean', value: false,
- description: 'mutex debugging support')
- option('debug_stack_usage', type: 'boolean', value: false,
-diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh
-index 009fab1515..30e1f25259 100644
---- a/scripts/meson-buildoptions.sh
-+++ b/scripts/meson-buildoptions.sh
-@@ -21,6 +21,8 @@ meson_options_help() {
- printf "%s\n" ' QEMU'
- printf "%s\n" ' --enable-cfi Control-Flow Integrity (CFI)'
- printf "%s\n" ' --enable-cfi-debug Verbose errors in case of CFI violation'
-+ printf "%s\n" ' --enable-debug-graph-lock'
-+ printf "%s\n" ' graph lock debugging support'
- printf "%s\n" ' --enable-debug-mutex mutex debugging support'
- printf "%s\n" ' --enable-debug-stack-usage'
- printf "%s\n" ' measure coroutine stack usage'
-@@ -249,6 +251,8 @@ _meson_option_parse() {
- --datadir=*) quote_sh "-Ddatadir=$2" ;;
- --enable-dbus-display) printf "%s" -Ddbus_display=enabled ;;
- --disable-dbus-display) printf "%s" -Ddbus_display=disabled ;;
-+ --enable-debug-graph-lock) printf "%s" -Ddebug_graph_lock=true ;;
-+ --disable-debug-graph-lock) printf "%s" -Ddebug_graph_lock=false ;;
- --enable-debug-mutex) printf "%s" -Ddebug_mutex=true ;;
- --disable-debug-mutex) printf "%s" -Ddebug_mutex=false ;;
- --enable-debug-stack-usage) printf "%s" -Ddebug_stack_usage=true ;;
diff --git a/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch b/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
deleted file mode 100644
index b7e45e5..0000000
--- a/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Leonardo Bras <leobras@redhat.com>
-Date: Tue, 2 May 2023 21:27:02 -0300
-Subject: [PATCH] hw/pci: Disable PCI_ERR_UNCOR_MASK register for machine type
- < 8.0
-
-Since it's implementation on v8.0.0-rc0, having the PCI_ERR_UNCOR_MASK
-set for machine types < 8.0 will cause migration to fail if the target
-QEMU version is < 8.0.0 :
-
-qemu-system-x86_64: get_pci_config_device: Bad config data: i=0x10a read: 40 device: 0 cmask: ff wmask: 0 w1cmask:0
-qemu-system-x86_64: Failed to load PCIDevice:config
-qemu-system-x86_64: Failed to load e1000e:parent_obj
-qemu-system-x86_64: error while loading state for instance 0x0 of device '0000:00:02.0/e1000e'
-qemu-system-x86_64: load of migration failed: Invalid argument
-
-The above test migrated a 7.2 machine type from QEMU master to QEMU 7.2.0,
-with this cmdline:
-
-./qemu-system-x86_64 -M pc-q35-7.2 [-incoming XXX]
-
-In order to fix this, property x-pcie-err-unc-mask was introduced to
-control when PCI_ERR_UNCOR_MASK is enabled. This property is enabled by
-default, but is disabled if machine type <= 7.2.
-
-Fixes: 010746ae1d ("hw/pci/aer: Implement PCI_ERR_UNCOR_MASK register")
-Suggested-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Leonardo Bras <leobras@redhat.com>
-Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
-Reviewed-by: Peter Xu <peterx@redhat.com>
-Reviewed-by: Juan Quintela <quintela@redhat.com>
-(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00350.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/core/machine.c | 1 +
- hw/pci/pci.c | 2 ++
- hw/pci/pcie_aer.c | 11 +++++++----
- include/hw/pci/pci.h | 2 ++
- 4 files changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/hw/core/machine.c b/hw/core/machine.c
-index cd13b8b0a3..5060119952 100644
---- a/hw/core/machine.c
-+++ b/hw/core/machine.c
-@@ -43,6 +43,7 @@ GlobalProperty hw_compat_7_2[] = {
- { "e1000e", "migrate-timadj", "off" },
- { "virtio-mem", "x-early-migration", "false" },
- { "migration", "x-preempt-pre-7-2", "true" },
-+ { TYPE_PCI_DEVICE, "x-pcie-err-unc-mask", "off" },
- };
- const size_t hw_compat_7_2_len = G_N_ELEMENTS(hw_compat_7_2);
-
-diff --git a/hw/pci/pci.c b/hw/pci/pci.c
-index def5000e7b..8ad4349e96 100644
---- a/hw/pci/pci.c
-+++ b/hw/pci/pci.c
-@@ -79,6 +79,8 @@ static Property pci_props[] = {
- DEFINE_PROP_STRING("failover_pair_id", PCIDevice,
- failover_pair_id),
- DEFINE_PROP_UINT32("acpi-index", PCIDevice, acpi_index, 0),
-+ DEFINE_PROP_BIT("x-pcie-err-unc-mask", PCIDevice, cap_present,
-+ QEMU_PCIE_ERR_UNC_MASK_BITNR, true),
- DEFINE_PROP_END_OF_LIST()
- };
-
-diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
-index 103667c368..374d593ead 100644
---- a/hw/pci/pcie_aer.c
-+++ b/hw/pci/pcie_aer.c
-@@ -112,10 +112,13 @@ int pcie_aer_init(PCIDevice *dev, uint8_t cap_ver, uint16_t offset,
-
- pci_set_long(dev->w1cmask + offset + PCI_ERR_UNCOR_STATUS,
- PCI_ERR_UNC_SUPPORTED);
-- pci_set_long(dev->config + offset + PCI_ERR_UNCOR_MASK,
-- PCI_ERR_UNC_MASK_DEFAULT);
-- pci_set_long(dev->wmask + offset + PCI_ERR_UNCOR_MASK,
-- PCI_ERR_UNC_SUPPORTED);
-+
-+ if (dev->cap_present & QEMU_PCIE_ERR_UNC_MASK) {
-+ pci_set_long(dev->config + offset + PCI_ERR_UNCOR_MASK,
-+ PCI_ERR_UNC_MASK_DEFAULT);
-+ pci_set_long(dev->wmask + offset + PCI_ERR_UNCOR_MASK,
-+ PCI_ERR_UNC_SUPPORTED);
-+ }
-
- pci_set_long(dev->config + offset + PCI_ERR_UNCOR_SEVER,
- PCI_ERR_UNC_SEVERITY_DEFAULT);
-diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
-index d5a40cd058..6dc6742fc4 100644
---- a/include/hw/pci/pci.h
-+++ b/include/hw/pci/pci.h
-@@ -207,6 +207,8 @@ enum {
- QEMU_PCIE_EXTCAP_INIT = (1 << QEMU_PCIE_EXTCAP_INIT_BITNR),
- #define QEMU_PCIE_CXL_BITNR 10
- QEMU_PCIE_CAP_CXL = (1 << QEMU_PCIE_CXL_BITNR),
-+#define QEMU_PCIE_ERR_UNC_MASK_BITNR 11
-+ QEMU_PCIE_ERR_UNC_MASK = (1 << QEMU_PCIE_ERR_UNC_MASK_BITNR),
- };
-
- typedef struct PCIINTxRoute {
diff --git a/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch b/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
deleted file mode 100644
index 20e3e35..0000000
--- a/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Wed, 3 May 2023 16:01:42 +0200
-Subject: [PATCH] block: Fix use after free in blockdev_mark_auto_del()
-
-job_cancel_locked() drops the job list lock temporarily and it may call
-aio_poll(). We must assume that the list has changed after this call.
-Also, with unlucky timing, it can end up freeing the job during
-job_completed_txn_abort_locked(), making the job pointer invalid, too.
-
-For both reasons, we can't just continue at block_job_next_locked(job).
-Instead, start at the head of the list again after job_cancel_locked()
-and skip those jobs that we already cancelled (or that are completing
-anyway).
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Message-Id: <20230503140142.474404-1-kwolf@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry-picked from commit e2626874a32602d4e52971c786ef5ffb4430629d)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- blockdev.c | 18 ++++++++++++++----
- 1 file changed, 14 insertions(+), 4 deletions(-)
-
-diff --git a/blockdev.c b/blockdev.c
-index d7b5c18f0a..2c1752a403 100644
---- a/blockdev.c
-+++ b/blockdev.c
-@@ -153,12 +153,22 @@ void blockdev_mark_auto_del(BlockBackend *blk)
-
- JOB_LOCK_GUARD();
-
-- for (job = block_job_next_locked(NULL); job;
-- job = block_job_next_locked(job)) {
-- if (block_job_has_bdrv(job, blk_bs(blk))) {
-+ do {
-+ job = block_job_next_locked(NULL);
-+ while (job && (job->job.cancelled ||
-+ job->job.deferred_to_main_loop ||
-+ !block_job_has_bdrv(job, blk_bs(blk))))
-+ {
-+ job = block_job_next_locked(job);
-+ }
-+ if (job) {
-+ /*
-+ * This drops the job lock temporarily and polls, so we need to
-+ * restart processing the list from the start after this.
-+ */
- job_cancel_locked(&job->job, false);
- }
-- }
-+ } while (job);
-
- dinfo->auto_del = 1;
- }
diff --git a/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch b/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
deleted file mode 100644
index a65c044..0000000
--- a/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 4 May 2023 13:57:32 +0200
-Subject: [PATCH] block: Consistently call bdrv_activate() outside coroutine
-
-Migration code can call bdrv_activate() in coroutine context, whereas
-other callers call it outside of coroutines. As it calls other code that
-is not supposed to run in coroutines, standardise on running outside of
-coroutines.
-
-This adds a no_co_wrapper to switch to the main loop before calling
-bdrv_activate().
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-Id: <20230504115750.54437-3-kwolf@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry-picked from commit da4afaff074e56b0fa0d25abf865784148018895)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block/block-backend.c | 10 +++++++++-
- include/block/block-global-state.h | 6 +++++-
- 2 files changed, 14 insertions(+), 2 deletions(-)
-
-diff --git a/block/block-backend.c b/block/block-backend.c
-index 55efc735b4..d59f759daf 100644
---- a/block/block-backend.c
-+++ b/block/block-backend.c
-@@ -2018,7 +2018,15 @@ void blk_activate(BlockBackend *blk, Error **errp)
- return;
- }
-
-- bdrv_activate(bs, errp);
-+ /*
-+ * Migration code can call this function in coroutine context, so leave
-+ * coroutine context if necessary.
-+ */
-+ if (qemu_in_coroutine()) {
-+ bdrv_co_activate(bs, errp);
-+ } else {
-+ bdrv_activate(bs, errp);
-+ }
- }
-
- bool coroutine_fn blk_co_is_inserted(BlockBackend *blk)
-diff --git a/include/block/block-global-state.h b/include/block/block-global-state.h
-index 399200a9a3..2c312cc774 100644
---- a/include/block/block-global-state.h
-+++ b/include/block/block-global-state.h
-@@ -166,7 +166,11 @@ int bdrv_amend_options(BlockDriverState *bs_new, QemuOpts *opts,
- BlockDriverState *check_to_replace_node(BlockDriverState *parent_bs,
- const char *node_name, Error **errp);
-
--int bdrv_activate(BlockDriverState *bs, Error **errp);
-+int no_coroutine_fn bdrv_activate(BlockDriverState *bs, Error **errp);
-+
-+int coroutine_fn no_co_wrapper
-+bdrv_co_activate(BlockDriverState *bs, Error **errp);
-+
- void bdrv_activate_all(Error **errp);
- int bdrv_inactivate_all(void);
-
diff --git a/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch b/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
deleted file mode 100644
index 541e64e..0000000
--- a/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
+++ /dev/null
@@ -1,373 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 4 May 2023 13:57:33 +0200
-Subject: [PATCH] block: bdrv/blk_co_unref() for calls in coroutine context
-
-These functions must not be called in coroutine context, because they
-need write access to the graph.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-Id: <20230504115750.54437-4-kwolf@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry-picked from commit b2ab5f545fa1eaaf2955dd617bee19a8b3279786)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block.c | 2 +-
- block/crypto.c | 6 +++---
- block/parallels.c | 6 +++---
- block/qcow.c | 6 +++---
- block/qcow2.c | 14 +++++++-------
- block/qed.c | 6 +++---
- block/vdi.c | 6 +++---
- block/vhdx.c | 6 +++---
- block/vmdk.c | 18 +++++++++---------
- block/vpc.c | 6 +++---
- include/block/block-global-state.h | 3 ++-
- include/sysemu/block-backend-global-state.h | 5 ++++-
- 12 files changed, 44 insertions(+), 40 deletions(-)
-
-diff --git a/block.c b/block.c
-index d79a52ca74..a48112f945 100644
---- a/block.c
-+++ b/block.c
-@@ -680,7 +680,7 @@ int coroutine_fn bdrv_co_create_opts_simple(BlockDriver *drv,
-
- ret = 0;
- out:
-- blk_unref(blk);
-+ blk_co_unref(blk);
- return ret;
- }
-
-diff --git a/block/crypto.c b/block/crypto.c
-index ca67289187..8fd3ad0054 100644
---- a/block/crypto.c
-+++ b/block/crypto.c
-@@ -355,7 +355,7 @@ block_crypto_co_create_generic(BlockDriverState *bs, int64_t size,
- ret = 0;
- cleanup:
- qcrypto_block_free(crypto);
-- blk_unref(blk);
-+ blk_co_unref(blk);
- return ret;
- }
-
-@@ -661,7 +661,7 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp)
-
- ret = 0;
- fail:
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- return ret;
- }
-
-@@ -730,7 +730,7 @@ fail:
- bdrv_co_delete_file_noerr(bs);
- }
-
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- qapi_free_QCryptoBlockCreateOptions(create_opts);
- qobject_unref(cryptoopts);
- return ret;
-diff --git a/block/parallels.c b/block/parallels.c
-index 013684801a..b49c35929e 100644
---- a/block/parallels.c
-+++ b/block/parallels.c
-@@ -613,8 +613,8 @@ static int coroutine_fn parallels_co_create(BlockdevCreateOptions* opts,
-
- ret = 0;
- out:
-- blk_unref(blk);
-- bdrv_unref(bs);
-+ blk_co_unref(blk);
-+ bdrv_co_unref(bs);
- return ret;
-
- exit:
-@@ -691,7 +691,7 @@ parallels_co_create_opts(BlockDriver *drv, const char *filename,
-
- done:
- qobject_unref(qdict);
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- qapi_free_BlockdevCreateOptions(create_options);
- return ret;
- }
-diff --git a/block/qcow.c b/block/qcow.c
-index 490e4f819e..a0c701f578 100644
---- a/block/qcow.c
-+++ b/block/qcow.c
-@@ -915,8 +915,8 @@ static int coroutine_fn qcow_co_create(BlockdevCreateOptions *opts,
- g_free(tmp);
- ret = 0;
- exit:
-- blk_unref(qcow_blk);
-- bdrv_unref(bs);
-+ blk_co_unref(qcow_blk);
-+ bdrv_co_unref(bs);
- qcrypto_block_free(crypto);
- return ret;
- }
-@@ -1015,7 +1015,7 @@ qcow_co_create_opts(BlockDriver *drv, const char *filename,
- fail:
- g_free(backing_fmt);
- qobject_unref(qdict);
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- qapi_free_BlockdevCreateOptions(create_options);
- return ret;
- }
-diff --git a/block/qcow2.c b/block/qcow2.c
-index 30fd53fa64..6746763c34 100644
---- a/block/qcow2.c
-+++ b/block/qcow2.c
-@@ -3705,7 +3705,7 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp)
- goto out;
- }
-
-- blk_unref(blk);
-+ blk_co_unref(blk);
- blk = NULL;
-
- /*
-@@ -3785,7 +3785,7 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp)
- }
- }
-
-- blk_unref(blk);
-+ blk_co_unref(blk);
- blk = NULL;
-
- /* Reopen the image without BDRV_O_NO_FLUSH to flush it before returning.
-@@ -3810,9 +3810,9 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp)
-
- ret = 0;
- out:
-- blk_unref(blk);
-- bdrv_unref(bs);
-- bdrv_unref(data_bs);
-+ blk_co_unref(blk);
-+ bdrv_co_unref(bs);
-+ bdrv_co_unref(data_bs);
- return ret;
- }
-
-@@ -3943,8 +3943,8 @@ finish:
- }
-
- qobject_unref(qdict);
-- bdrv_unref(bs);
-- bdrv_unref(data_bs);
-+ bdrv_co_unref(bs);
-+ bdrv_co_unref(data_bs);
- qapi_free_BlockdevCreateOptions(create_options);
- return ret;
- }
-diff --git a/block/qed.c b/block/qed.c
-index 0705a7b4e2..aff2a2076e 100644
---- a/block/qed.c
-+++ b/block/qed.c
-@@ -748,8 +748,8 @@ static int coroutine_fn bdrv_qed_co_create(BlockdevCreateOptions *opts,
- ret = 0; /* success */
- out:
- g_free(l1_table);
-- blk_unref(blk);
-- bdrv_unref(bs);
-+ blk_co_unref(blk);
-+ bdrv_co_unref(bs);
- return ret;
- }
-
-@@ -819,7 +819,7 @@ bdrv_qed_co_create_opts(BlockDriver *drv, const char *filename,
-
- fail:
- qobject_unref(qdict);
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- qapi_free_BlockdevCreateOptions(create_options);
- return ret;
- }
-diff --git a/block/vdi.c b/block/vdi.c
-index f2434d6153..08331d2dd7 100644
---- a/block/vdi.c
-+++ b/block/vdi.c
-@@ -886,8 +886,8 @@ static int coroutine_fn vdi_co_do_create(BlockdevCreateOptions *create_options,
-
- ret = 0;
- exit:
-- blk_unref(blk);
-- bdrv_unref(bs_file);
-+ blk_co_unref(blk);
-+ bdrv_co_unref(bs_file);
- g_free(bmap);
- return ret;
- }
-@@ -975,7 +975,7 @@ vdi_co_create_opts(BlockDriver *drv, const char *filename,
- done:
- qobject_unref(qdict);
- qapi_free_BlockdevCreateOptions(create_options);
-- bdrv_unref(bs_file);
-+ bdrv_co_unref(bs_file);
- return ret;
- }
-
-diff --git a/block/vhdx.c b/block/vhdx.c
-index 81420722a1..00777da91a 100644
---- a/block/vhdx.c
-+++ b/block/vhdx.c
-@@ -2053,8 +2053,8 @@ static int coroutine_fn vhdx_co_create(BlockdevCreateOptions *opts,
-
- ret = 0;
- delete_and_exit:
-- blk_unref(blk);
-- bdrv_unref(bs);
-+ blk_co_unref(blk);
-+ bdrv_co_unref(bs);
- g_free(creator);
- return ret;
- }
-@@ -2144,7 +2144,7 @@ vhdx_co_create_opts(BlockDriver *drv, const char *filename,
-
- fail:
- qobject_unref(qdict);
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- qapi_free_BlockdevCreateOptions(create_options);
- return ret;
- }
-diff --git a/block/vmdk.c b/block/vmdk.c
-index f5f49018fe..01ca13c82b 100644
---- a/block/vmdk.c
-+++ b/block/vmdk.c
-@@ -2306,7 +2306,7 @@ exit:
- if (pbb) {
- *pbb = blk;
- } else {
-- blk_unref(blk);
-+ blk_co_unref(blk);
- blk = NULL;
- }
- }
-@@ -2516,12 +2516,12 @@ vmdk_co_do_create(int64_t size,
- if (strcmp(blk_bs(backing)->drv->format_name, "vmdk")) {
- error_setg(errp, "Invalid backing file format: %s. Must be vmdk",
- blk_bs(backing)->drv->format_name);
-- blk_unref(backing);
-+ blk_co_unref(backing);
- ret = -EINVAL;
- goto exit;
- }
- ret = vmdk_read_cid(blk_bs(backing), 0, &parent_cid);
-- blk_unref(backing);
-+ blk_co_unref(backing);
- if (ret) {
- error_setg(errp, "Failed to read parent CID");
- goto exit;
-@@ -2542,14 +2542,14 @@ vmdk_co_do_create(int64_t size,
- blk_bs(extent_blk)->filename);
- created_size += cur_size;
- extent_idx++;
-- blk_unref(extent_blk);
-+ blk_co_unref(extent_blk);
- }
-
- /* Check whether we got excess extents */
- extent_blk = extent_fn(-1, extent_idx, flat, split, compress, zeroed_grain,
- opaque, NULL);
- if (extent_blk) {
-- blk_unref(extent_blk);
-+ blk_co_unref(extent_blk);
- error_setg(errp, "List of extents contains unused extents");
- ret = -EINVAL;
- goto exit;
-@@ -2590,7 +2590,7 @@ vmdk_co_do_create(int64_t size,
- ret = 0;
- exit:
- if (blk) {
-- blk_unref(blk);
-+ blk_co_unref(blk);
- }
- g_free(desc);
- g_free(parent_desc_line);
-@@ -2641,7 +2641,7 @@ vmdk_co_create_opts_cb(int64_t size, int idx, bool flat, bool split,
- errp)) {
- goto exit;
- }
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- exit:
- g_free(ext_filename);
- return blk;
-@@ -2797,12 +2797,12 @@ static BlockBackend * coroutine_fn vmdk_co_create_cb(int64_t size, int idx,
- return NULL;
- }
- blk_set_allow_write_beyond_eof(blk, true);
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
-
- if (size != -1) {
- ret = vmdk_init_extent(blk, size, flat, compress, zeroed_grain, errp);
- if (ret) {
-- blk_unref(blk);
-+ blk_co_unref(blk);
- blk = NULL;
- }
- }
-diff --git a/block/vpc.c b/block/vpc.c
-index b89b0ff8e2..07ddda5b99 100644
---- a/block/vpc.c
-+++ b/block/vpc.c
-@@ -1082,8 +1082,8 @@ static int coroutine_fn vpc_co_create(BlockdevCreateOptions *opts,
- }
-
- out:
-- blk_unref(blk);
-- bdrv_unref(bs);
-+ blk_co_unref(blk);
-+ bdrv_co_unref(bs);
- return ret;
- }
-
-@@ -1162,7 +1162,7 @@ vpc_co_create_opts(BlockDriver *drv, const char *filename,
-
- fail:
- qobject_unref(qdict);
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- qapi_free_BlockdevCreateOptions(create_options);
- return ret;
- }
-diff --git a/include/block/block-global-state.h b/include/block/block-global-state.h
-index 2c312cc774..ec3ddb17a8 100644
---- a/include/block/block-global-state.h
-+++ b/include/block/block-global-state.h
-@@ -218,7 +218,8 @@ void bdrv_img_create(const char *filename, const char *fmt,
- bool quiet, Error **errp);
-
- void bdrv_ref(BlockDriverState *bs);
--void bdrv_unref(BlockDriverState *bs);
-+void no_coroutine_fn bdrv_unref(BlockDriverState *bs);
-+void coroutine_fn no_co_wrapper bdrv_co_unref(BlockDriverState *bs);
- void bdrv_unref_child(BlockDriverState *parent, BdrvChild *child);
- BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
- BlockDriverState *child_bs,
-diff --git a/include/sysemu/block-backend-global-state.h b/include/sysemu/block-backend-global-state.h
-index 2b6d27db7c..fa83f9389c 100644
---- a/include/sysemu/block-backend-global-state.h
-+++ b/include/sysemu/block-backend-global-state.h
-@@ -42,7 +42,10 @@ blk_co_new_open(const char *filename, const char *reference, QDict *options,
-
- int blk_get_refcnt(BlockBackend *blk);
- void blk_ref(BlockBackend *blk);
--void blk_unref(BlockBackend *blk);
-+
-+void no_coroutine_fn blk_unref(BlockBackend *blk);
-+void coroutine_fn no_co_wrapper blk_co_unref(BlockBackend *blk);
-+
- void blk_remove_all_bs(void);
- BlockBackend *blk_by_name(const char *name);
- BlockBackend *blk_next(BlockBackend *blk);
diff --git a/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch b/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
deleted file mode 100644
index 685b7a8..0000000
--- a/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 4 May 2023 13:57:34 +0200
-Subject: [PATCH] block: Don't call no_coroutine_fns in qmp_block_resize()
-
-This QMP handler runs in a coroutine, so it must use the corresponding
-no_co_wrappers instead.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2185688
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-Id: <20230504115750.54437-5-kwolf@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry-picked from commit 0c7d204f50c382c6baac8c94bd57af4a022b3888)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- blockdev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/blockdev.c b/blockdev.c
-index 2c1752a403..e464daea58 100644
---- a/blockdev.c
-+++ b/blockdev.c
-@@ -2440,7 +2440,7 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name,
- return;
- }
-
-- blk = blk_new_with_bs(bs, BLK_PERM_RESIZE, BLK_PERM_ALL, errp);
-+ blk = blk_co_new_with_bs(bs, BLK_PERM_RESIZE, BLK_PERM_ALL, errp);
- if (!blk) {
- return;
- }
-@@ -2455,7 +2455,7 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name,
-
- bdrv_co_lock(bs);
- bdrv_drained_end(bs);
-- blk_unref(blk);
-+ blk_co_unref(blk);
- bdrv_co_unlock(bs);
- }
-
diff --git a/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch b/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
deleted file mode 100644
index e4d9946..0000000
--- a/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Richard Henderson <richard.henderson@linaro.org>
-Date: Fri, 5 May 2023 21:40:49 +0100
-Subject: [PATCH] accel/tcg: Fix atomic_mmu_lookup for reads
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-A copy-paste bug had us looking at the victim cache for writes.
-
-Cc: qemu-stable@nongnu.org
-Reported-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Fixes: 08dff435e2 ("tcg: Probe the proper permissions for atomic ops")
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-Id: <20230505204049.352469-1-richard.henderson@linaro.org>
-(cherry-picked from commit 8c313254e61ed47a1bf4a2db714b25cdd94fbcce)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- accel/tcg/cputlb.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
-index e984a98dc4..145fba45b2 100644
---- a/accel/tcg/cputlb.c
-+++ b/accel/tcg/cputlb.c
-@@ -1830,7 +1830,7 @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
- } else /* if (prot & PAGE_READ) */ {
- tlb_addr = tlbe->addr_read;
- if (!tlb_hit(tlb_addr, addr)) {
-- if (!VICTIM_TLB_HIT(addr_write, addr)) {
-+ if (!VICTIM_TLB_HIT(addr_read, addr)) {
- tlb_fill(env_cpu(env), addr, size,
- MMU_DATA_LOAD, mmu_idx, retaddr);
- index = tlb_index(env, mmu_idx, addr);
diff --git a/debian/patches/series b/debian/patches/series
index 375b2db..7b45528 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,20 +4,7 @@ extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch
extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
-extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
-extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
-extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch
-extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
-extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
-extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
-extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
-extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
-extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
-extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
-extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
-extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
-extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
-extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
+extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
diff --git a/qemu b/qemu
index c1eb2dd..f7f686b 160000
--- a/qemu
+++ b/qemu
@@ -1 +1 @@
-Subproject commit c1eb2ddf0f8075faddc5f7c3d39feae3e8e9d6b4
+Subproject commit f7f686b61cf7ee142c9264d2e04ac2c6a96d37f8
--
2.39.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH qemu 2/2] update reentrancy patches to version in upstream git
2023-06-06 8:58 [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Fiona Ebner
@ 2023-06-06 8:58 ` Fiona Ebner
2023-06-06 16:03 ` [pve-devel] applied: " Thomas Lamprecht
2023-06-06 16:03 ` [pve-devel] applied: [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Thomas Lamprecht
1 sibling, 1 reply; 4+ messages in thread
From: Fiona Ebner @ 2023-06-06 8:58 UTC (permalink / raw)
To: pve-devel
The previous version was picked from the mailing list and still had
an object_dynamic_cast call in a hot path, which is avoided with the
version that landed in git.
Also adds a few more exceptions for devices that need reentrancy.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...-memory-prevent-dma-reentracy-issues.patch | 118 ----------------
...s-Internal-cdbs-have-16-byte-length.patch} | 0
...al-deadlock-when-draining-during-tr.patch} | 0
...en-getting-cursor-without-a-console.patch} | 0
...isabling-re-entrancy-checking-per-MR.patch | 38 -----
...-memory-prevent-dma-reentracy-issues.patch | 130 ++++++++++++++++++
...le-reentrancy-detection-for-script-R.patch | 8 +-
...-disable-reentrancy-detection-for-io.patch | 37 +++++
...sable-reentrancy-detection-for-iomem.patch | 35 +++++
...le-reentrancy-detection-for-apic-msi.patch | 36 +++++
debian/patches/series | 12 +-
11 files changed, 252 insertions(+), 162 deletions(-)
delete mode 100644 debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch
rename debian/patches/extra/{0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch => 0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch} (100%)
rename debian/patches/extra/{0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch => 0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch} (100%)
rename debian/patches/extra/{0007-ui-return-NULL-when-getting-cursor-without-a-console.patch => 0004-ui-return-NULL-when-getting-cursor-without-a-console.patch} (100%)
delete mode 100644 debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
create mode 100644 debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch
create mode 100644 debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
create mode 100644 debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
create mode 100644 debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
diff --git a/debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch b/debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch
deleted file mode 100644
index 5be13d6..0000000
--- a/debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alexander Bulekov <alxndr@bu.edu>
-Date: Sat, 4 Feb 2023 23:07:34 -0500
-Subject: [PATCH] memory: prevent dma-reentracy issues
-
-Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
-This flag is set/checked prior to calling a device's MemoryRegion
-handlers, and set when device code initiates DMA. The purpose of this
-flag is to prevent two types of DMA-based reentrancy issues:
-
-1.) mmio -> dma -> mmio case
-2.) bh -> dma write -> mmio case
-
-These issues have led to problems such as stack-exhaustion and
-use-after-frees.
-
-Summary of the problem from Peter Maydell:
-https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
-
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
-
-Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
-Acked-by: Peter Xu <peterx@redhat.com>
-(picked-up from https://lists.nongnu.org/archive/html/qemu-devel/2023-02/msg01142.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- include/hw/qdev-core.h | 7 +++++++
- softmmu/memory.c | 17 +++++++++++++++++
- softmmu/trace-events | 1 +
- 3 files changed, 25 insertions(+)
-
-diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
-index bd50ad5ee1..7623703943 100644
---- a/include/hw/qdev-core.h
-+++ b/include/hw/qdev-core.h
-@@ -162,6 +162,10 @@ struct NamedClockList {
- QLIST_ENTRY(NamedClockList) node;
- };
-
-+typedef struct {
-+ bool engaged_in_io;
-+} MemReentrancyGuard;
-+
- /**
- * DeviceState:
- * @realized: Indicates whether the device has been fully constructed.
-@@ -194,6 +198,9 @@ struct DeviceState {
- int alias_required_for_version;
- ResettableState reset;
- GSList *unplug_blockers;
-+
-+ /* Is the device currently in mmio/pio/dma? Used to prevent re-entrancy */
-+ MemReentrancyGuard mem_reentrancy_guard;
- };
-
- struct DeviceListener {
-diff --git a/softmmu/memory.c b/softmmu/memory.c
-index b1a6cae6f5..e4d2268d32 100644
---- a/softmmu/memory.c
-+++ b/softmmu/memory.c
-@@ -533,6 +533,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
- uint64_t access_mask;
- unsigned access_size;
- unsigned i;
-+ DeviceState *dev = NULL;
- MemTxResult r = MEMTX_OK;
-
- if (!access_size_min) {
-@@ -542,6 +543,19 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
- access_size_max = 4;
- }
-
-+ /* Do not allow more than one simultanous access to a device's IO Regions */
-+ if (mr->owner &&
-+ !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) {
-+ dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE);
-+ if (dev) {
-+ if (dev->mem_reentrancy_guard.engaged_in_io) {
-+ trace_memory_region_reentrant_io(get_cpu_index(), mr, addr, size);
-+ return MEMTX_ERROR;
-+ }
-+ dev->mem_reentrancy_guard.engaged_in_io = true;
-+ }
-+ }
-+
- /* FIXME: support unaligned access? */
- access_size = MAX(MIN(size, access_size_max), access_size_min);
- access_mask = MAKE_64BIT_MASK(0, access_size * 8);
-@@ -556,6 +570,9 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
- access_mask, attrs);
- }
- }
-+ if (dev) {
-+ dev->mem_reentrancy_guard.engaged_in_io = false;
-+ }
- return r;
- }
-
-diff --git a/softmmu/trace-events b/softmmu/trace-events
-index 22606dc27b..62d04ea9a7 100644
---- a/softmmu/trace-events
-+++ b/softmmu/trace-events
-@@ -13,6 +13,7 @@ memory_region_ops_read(int cpu_index, void *mr, uint64_t addr, uint64_t value, u
- memory_region_ops_write(int cpu_index, void *mr, uint64_t addr, uint64_t value, unsigned size, const char *name) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u name '%s'"
- memory_region_subpage_read(int cpu_index, void *mr, uint64_t offset, uint64_t value, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" value 0x%"PRIx64" size %u"
- memory_region_subpage_write(int cpu_index, void *mr, uint64_t offset, uint64_t value, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" value 0x%"PRIx64" size %u"
-+memory_region_reentrant_io(int cpu_index, void *mr, uint64_t offset, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" size %u"
- memory_region_ram_device_read(int cpu_index, void *mr, uint64_t addr, uint64_t value, unsigned size) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u"
- memory_region_ram_device_write(int cpu_index, void *mr, uint64_t addr, uint64_t value, unsigned size) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u"
- memory_region_sync_dirty(const char *mr, const char *listener, int global) "mr '%s' listener '%s' synced (global=%d)"
diff --git a/debian/patches/extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch b/debian/patches/extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
similarity index 100%
rename from debian/patches/extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
rename to debian/patches/extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
diff --git a/debian/patches/extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch b/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
similarity index 100%
rename from debian/patches/extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch
rename to debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
diff --git a/debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch b/debian/patches/extra/0004-ui-return-NULL-when-getting-cursor-without-a-console.patch
similarity index 100%
rename from debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
rename to debian/patches/extra/0004-ui-return-NULL-when-getting-cursor-without-a-console.patch
diff --git a/debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch b/debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
deleted file mode 100644
index 47c0b80..0000000
--- a/debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alexander Bulekov <alxndr@bu.edu>
-Date: Mon, 13 Mar 2023 04:24:16 -0400
-Subject: [PATCH] memory: Allow disabling re-entrancy checking per-MR
-
-Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
----
- include/exec/memory.h | 3 +++
- softmmu/memory.c | 2 +-
- 2 files changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/include/exec/memory.h b/include/exec/memory.h
-index 15ade918ba..e6819e3c39 100644
---- a/include/exec/memory.h
-+++ b/include/exec/memory.h
-@@ -791,6 +791,9 @@ struct MemoryRegion {
- unsigned ioeventfd_nb;
- MemoryRegionIoeventfd *ioeventfds;
- RamDiscardManager *rdm; /* Only for RAM */
-+
-+ /* For devices designed to perform re-entrant IO into their own IO MRs */
-+ bool disable_reentrancy_guard;
- };
-
- struct IOMMUMemoryRegion {
-diff --git a/softmmu/memory.c b/softmmu/memory.c
-index e4d2268d32..d88acb204b 100644
---- a/softmmu/memory.c
-+++ b/softmmu/memory.c
-@@ -544,7 +544,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
- }
-
- /* Do not allow more than one simultanous access to a device's IO Regions */
-- if (mr->owner &&
-+ if (mr->owner && !mr->disable_reentrancy_guard &&
- !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) {
- dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE);
- if (dev) {
diff --git a/debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch b/debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch
new file mode 100644
index 0000000..c9d0cd5
--- /dev/null
+++ b/debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch
@@ -0,0 +1,130 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov <alxndr@bu.edu>
+Date: Thu, 27 Apr 2023 17:10:06 -0400
+Subject: [PATCH] memory: prevent dma-reentracy issues
+
+Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
+This flag is set/checked prior to calling a device's MemoryRegion
+handlers, and set when device code initiates DMA. The purpose of this
+flag is to prevent two types of DMA-based reentrancy issues:
+
+1.) mmio -> dma -> mmio case
+2.) bh -> dma write -> mmio case
+
+These issues have led to problems such as stack-exhaustion and
+use-after-frees.
+
+Summary of the problem from Peter Maydell:
+https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
+Resolves: CVE-2023-0330
+
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Message-Id: <20230427211013.2994127-2-alxndr@bu.edu>
+[thuth: Replace warn_report() with warn_report_once()]
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit a2e1753b8054344f32cf94f31c6399a58794a380)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ include/exec/memory.h | 5 +++++
+ include/hw/qdev-core.h | 7 +++++++
+ softmmu/memory.c | 16 ++++++++++++++++
+ 3 files changed, 28 insertions(+)
+
+diff --git a/include/exec/memory.h b/include/exec/memory.h
+index 15ade918ba..e45ce6061f 100644
+--- a/include/exec/memory.h
++++ b/include/exec/memory.h
+@@ -767,6 +767,8 @@ struct MemoryRegion {
+ bool is_iommu;
+ RAMBlock *ram_block;
+ Object *owner;
++ /* owner as TYPE_DEVICE. Used for re-entrancy checks in MR access hotpath */
++ DeviceState *dev;
+
+ const MemoryRegionOps *ops;
+ void *opaque;
+@@ -791,6 +793,9 @@ struct MemoryRegion {
+ unsigned ioeventfd_nb;
+ MemoryRegionIoeventfd *ioeventfds;
+ RamDiscardManager *rdm; /* Only for RAM */
++
++ /* For devices designed to perform re-entrant IO into their own IO MRs */
++ bool disable_reentrancy_guard;
+ };
+
+ struct IOMMUMemoryRegion {
+diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
+index bd50ad5ee1..7623703943 100644
+--- a/include/hw/qdev-core.h
++++ b/include/hw/qdev-core.h
+@@ -162,6 +162,10 @@ struct NamedClockList {
+ QLIST_ENTRY(NamedClockList) node;
+ };
+
++typedef struct {
++ bool engaged_in_io;
++} MemReentrancyGuard;
++
+ /**
+ * DeviceState:
+ * @realized: Indicates whether the device has been fully constructed.
+@@ -194,6 +198,9 @@ struct DeviceState {
+ int alias_required_for_version;
+ ResettableState reset;
+ GSList *unplug_blockers;
++
++ /* Is the device currently in mmio/pio/dma? Used to prevent re-entrancy */
++ MemReentrancyGuard mem_reentrancy_guard;
+ };
+
+ struct DeviceListener {
+diff --git a/softmmu/memory.c b/softmmu/memory.c
+index b1a6cae6f5..b7b3386e9d 100644
+--- a/softmmu/memory.c
++++ b/softmmu/memory.c
+@@ -542,6 +542,18 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
+ access_size_max = 4;
+ }
+
++ /* Do not allow more than one simultaneous access to a device's IO Regions */
++ if (mr->dev && !mr->disable_reentrancy_guard &&
++ !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) {
++ if (mr->dev->mem_reentrancy_guard.engaged_in_io) {
++ warn_report_once("Blocked re-entrant IO on MemoryRegion: "
++ "%s at addr: 0x%" HWADDR_PRIX,
++ memory_region_name(mr), addr);
++ return MEMTX_ACCESS_ERROR;
++ }
++ mr->dev->mem_reentrancy_guard.engaged_in_io = true;
++ }
++
+ /* FIXME: support unaligned access? */
+ access_size = MAX(MIN(size, access_size_max), access_size_min);
+ access_mask = MAKE_64BIT_MASK(0, access_size * 8);
+@@ -556,6 +568,9 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
+ access_mask, attrs);
+ }
+ }
++ if (mr->dev) {
++ mr->dev->mem_reentrancy_guard.engaged_in_io = false;
++ }
+ return r;
+ }
+
+@@ -1170,6 +1185,7 @@ static void memory_region_do_init(MemoryRegion *mr,
+ }
+ mr->name = g_strdup(name);
+ mr->owner = owner;
++ mr->dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE);
+ mr->ram_block = NULL;
+
+ if (name) {
diff --git a/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch b/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
index 8f488dc..96d254c 100644
--- a/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
+++ b/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
@@ -1,6 +1,6 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alexander Bulekov <alxndr@bu.edu>
-Date: Mon, 13 Mar 2023 04:24:17 -0400
+Date: Thu, 27 Apr 2023 17:10:10 -0400
Subject: [PATCH] lsi53c895a: disable reentrancy detection for script RAM
As the code is designed to use the memory APIs to access the script ram,
@@ -10,6 +10,12 @@ In the future, ram_io may be converted from an IO to a proper RAM MemoryRegion.
Reported-by: Fiona Ebner <f.ebner@proxmox.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
+Message-Id: <20230427211013.2994127-6-alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit bfd6e7ae6a72b84e2eb9574f56e6ec037f05182c)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
hw/scsi/lsi53c895a.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch b/debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
new file mode 100644
index 0000000..6ec9d03
--- /dev/null
+++ b/debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
@@ -0,0 +1,37 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov <alxndr@bu.edu>
+Date: Thu, 27 Apr 2023 17:10:11 -0400
+Subject: [PATCH] bcm2835_property: disable reentrancy detection for iomem
+
+As the code is designed for re-entrant calls from bcm2835_property to
+bcm2835_mbox and back into bcm2835_property, mark iomem as
+reentrancy-safe.
+
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Message-Id: <20230427211013.2994127-7-alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit 985c4a4e547afb9573b6bd6843d20eb2c3d1d1cd)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/misc/bcm2835_property.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c
+index 890ae7bae5..de056ea2df 100644
+--- a/hw/misc/bcm2835_property.c
++++ b/hw/misc/bcm2835_property.c
+@@ -382,6 +382,13 @@ static void bcm2835_property_init(Object *obj)
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &bcm2835_property_ops, s,
+ TYPE_BCM2835_PROPERTY, 0x10);
++
++ /*
++ * bcm2835_property_ops call into bcm2835_mbox, which in-turn reads from
++ * iomem. As such, mark iomem as re-entracy safe.
++ */
++ s->iomem.disable_reentrancy_guard = true;
++
+ sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
+ sysbus_init_irq(SYS_BUS_DEVICE(s), &s->mbox_irq);
+ }
diff --git a/debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch b/debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
new file mode 100644
index 0000000..bea68d4
--- /dev/null
+++ b/debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov <alxndr@bu.edu>
+Date: Thu, 27 Apr 2023 17:10:12 -0400
+Subject: [PATCH] raven: disable reentrancy detection for iomem
+
+As the code is designed for re-entrant calls from raven_io_ops to
+pci-conf, mark raven_io_ops as reentrancy-safe.
+
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Message-Id: <20230427211013.2994127-8-alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit 6dad5a6810d9c60ca320d01276f6133bbcfa1fc7)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/pci-host/raven.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/pci-host/raven.c b/hw/pci-host/raven.c
+index 072ffe3c5e..9a11ac4b2b 100644
+--- a/hw/pci-host/raven.c
++++ b/hw/pci-host/raven.c
+@@ -294,6 +294,13 @@ static void raven_pcihost_initfn(Object *obj)
+ memory_region_init(&s->pci_memory, obj, "pci-memory", 0x3f000000);
+ address_space_init(&s->pci_io_as, &s->pci_io, "raven-io");
+
++ /*
++ * Raven's raven_io_ops use the address-space API to access pci-conf-idx
++ * (which is also owned by the raven device). As such, mark the
++ * pci_io_non_contiguous as re-entrancy safe.
++ */
++ s->pci_io_non_contiguous.disable_reentrancy_guard = true;
++
+ /* CPU address space */
+ memory_region_add_subregion(address_space_mem, PCI_IO_BASE_ADDR,
+ &s->pci_io);
diff --git a/debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch b/debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
new file mode 100644
index 0000000..154cc36
--- /dev/null
+++ b/debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
@@ -0,0 +1,36 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov <alxndr@bu.edu>
+Date: Thu, 27 Apr 2023 17:10:13 -0400
+Subject: [PATCH] apic: disable reentrancy detection for apic-msi
+
+As the code is designed for re-entrant calls to apic-msi, mark apic-msi
+as reentrancy-safe.
+
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
+Message-Id: <20230427211013.2994127-9-alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit 50795ee051a342c681a9b45671c552fbd6274db8)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/intc/apic.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/intc/apic.c b/hw/intc/apic.c
+index 20b5a94073..ac3d47d231 100644
+--- a/hw/intc/apic.c
++++ b/hw/intc/apic.c
+@@ -885,6 +885,13 @@ static void apic_realize(DeviceState *dev, Error **errp)
+ memory_region_init_io(&s->io_memory, OBJECT(s), &apic_io_ops, s, "apic-msi",
+ APIC_SPACE_SIZE);
+
++ /*
++ * apic-msi's apic_mem_write can call into ioapic_eoi_broadcast, which can
++ * write back to apic-msi. As such mark the apic-msi region re-entrancy
++ * safe.
++ */
++ s->io_memory.disable_reentrancy_guard = true;
++
+ s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, apic_timer, s);
+ local_apics[s->id] = s;
+
diff --git a/debian/patches/series b/debian/patches/series
index 7b45528..32c51a1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,10 +1,12 @@
extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
-extra/0002-memory-prevent-dma-reentracy-issues.patch
-extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
-extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch
-extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
+extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
+extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
+extra/0004-ui-return-NULL-when-getting-cursor-without-a-console.patch
+extra/0005-memory-prevent-dma-reentracy-issues.patch
extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
-extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
+extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
+extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
+extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
--
2.39.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] applied: [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2
2023-06-06 8:58 [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Fiona Ebner
2023-06-06 8:58 ` [pve-devel] [PATCH qemu 2/2] update reentrancy patches to version in upstream git Fiona Ebner
@ 2023-06-06 16:03 ` Thomas Lamprecht
1 sibling, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2023-06-06 16:03 UTC (permalink / raw)
To: Proxmox VE development discussion, Fiona Ebner
Am 06/06/2023 um 10:58 schrieb Fiona Ebner:
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
> ...le-reentrancy-detection-for-script-R.patch | 4 +-
> ...39-fix-large_send_mss-divide-by-zero.patch | 72 ----
> ...en-getting-cursor-without-a-console.patch} | 2 +-
> ...-Fix-crash-when-executing-HMP-commit.patch | 48 ---
> ...our-channel-order-for-PNG-screenshot.patch | 77 ----
> ...arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch | 41 --
> ...e-incorrect-computation-in-float32_e.patch | 56 ---
> ...ge-wrong-XFRM-value-in-SGX-CPUID-lea.patch | 39 --
> ...t-assert_bdrv_graph_readable-by-defa.patch | 106 -----
> ...CI_ERR_UNCOR_MASK-register-for-machi.patch | 100 -----
> ...after-free-in-blockdev_mark_auto_del.patch | 57 ---
> ...ly-call-bdrv_activate-outside-corout.patch | 64 ---
> ...o_unref-for-calls-in-coroutine-conte.patch | 373 ------------------
> ...-no_coroutine_fns-in-qmp_block_resiz.patch | 43 --
> ...-tcg-Fix-atomic_mmu_lookup-for-reads.patch | 36 --
> debian/patches/series | 15 +-
> qemu | 2 +-
> 17 files changed, 5 insertions(+), 1130 deletions(-)
> delete mode 100644 debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
> rename debian/patches/extra/{0009-ui-return-NULL-when-getting-cursor-without-a-console.patch => 0007-ui-return-NULL-when-getting-cursor-without-a-console.patch} (97%)
> delete mode 100644 debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
> delete mode 100644 debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
> delete mode 100644 debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
> delete mode 100644 debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
> delete mode 100644 debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
> delete mode 100644 debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
> delete mode 100644 debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
> delete mode 100644 debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
> delete mode 100644 debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
> delete mode 100644 debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
> delete mode 100644 debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
> delete mode 100644 debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] applied: [PATCH qemu 2/2] update reentrancy patches to version in upstream git
2023-06-06 8:58 ` [pve-devel] [PATCH qemu 2/2] update reentrancy patches to version in upstream git Fiona Ebner
@ 2023-06-06 16:03 ` Thomas Lamprecht
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2023-06-06 16:03 UTC (permalink / raw)
To: Proxmox VE development discussion, Fiona Ebner
Am 06/06/2023 um 10:58 schrieb Fiona Ebner:
> The previous version was picked from the mailing list and still had
> an object_dynamic_cast call in a hot path, which is avoided with the
> version that landed in git.
>
> Also adds a few more exceptions for devices that need reentrancy.
>
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
> ...-memory-prevent-dma-reentracy-issues.patch | 118 ----------------
> ...s-Internal-cdbs-have-16-byte-length.patch} | 0
> ...al-deadlock-when-draining-during-tr.patch} | 0
> ...en-getting-cursor-without-a-console.patch} | 0
> ...isabling-re-entrancy-checking-per-MR.patch | 38 -----
> ...-memory-prevent-dma-reentracy-issues.patch | 130 ++++++++++++++++++
> ...le-reentrancy-detection-for-script-R.patch | 8 +-
> ...-disable-reentrancy-detection-for-io.patch | 37 +++++
> ...sable-reentrancy-detection-for-iomem.patch | 35 +++++
> ...le-reentrancy-detection-for-apic-msi.patch | 36 +++++
> debian/patches/series | 12 +-
> 11 files changed, 252 insertions(+), 162 deletions(-)
> delete mode 100644 debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch
> rename debian/patches/extra/{0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch => 0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch} (100%)
> rename debian/patches/extra/{0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch => 0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch} (100%)
> rename debian/patches/extra/{0007-ui-return-NULL-when-getting-cursor-without-a-console.patch => 0004-ui-return-NULL-when-getting-cursor-without-a-console.patch} (100%)
> delete mode 100644 debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
> create mode 100644 debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch
> create mode 100644 debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
> create mode 100644 debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
> create mode 100644 debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-06-06 16:03 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-06 8:58 [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Fiona Ebner
2023-06-06 8:58 ` [pve-devel] [PATCH qemu 2/2] update reentrancy patches to version in upstream git Fiona Ebner
2023-06-06 16:03 ` [pve-devel] applied: " Thomas Lamprecht
2023-06-06 16:03 ` [pve-devel] applied: [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal