* [pve-devel] [PATCH-SERIES qemu] update to 7.0.0
@ 2022-06-27 11:05 Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches " Fabian Ebner
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Fabian Ebner @ 2022-06-27 11:05 UTC (permalink / raw)
To: pve-devel
Clean rebase and didn't run into any obvious issues when testing (I
did when testing the release candidates, but those issues got
addressed before the release :)). Still, more testing is always
appreciated!
Fabian Ebner (4):
update submodule and patches to 7.0.0
d/rules: drop outdated configure flags
d/rules: adapt to changed opensbi riscv filenames in 7.0.0
cherry-pick upstream fixes for 7.0.0
...d-support-for-sync-bitmap-mode-never.patch | 90 ++--
...-support-for-conditional-and-always-.patch | 14 +-
...check-for-bitmap-mode-without-bitmap.patch | 4 +-
...-to-bdrv_dirty_bitmap_merge_internal.patch | 6 +-
.../0006-mirror-move-some-checks-to-qmp.patch | 8 +-
...race-with-clients-disconnecting-earl.patch | 12 +-
...k-gluster-correctly-set-max_pdiscard.patch | 47 ++
...support-for-flag-argument-with-value.patch | 55 --
...003-block-vmdk-Fix-reopening-bs-file.patch | 129 +++++
...-set-expire_password-and-allow-VNC-d.patch | 477 ------------------
...balanced-plugged-counter-in-laio_io_.patch | 44 ++
...erflow-in-snprintf-string-formatting.patch | 100 ++++
...Update-BSC-only-if-want_zero-is-true.patch | 43 --
...Fix-disabling-MPX-on-cpu-host-with-M.patch | 48 ++
...lete-reconnect-delay-timer-when-done.patch | 40 --
...ontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch | 121 +++++
...sert-there-are-no-timers-when-closed.patch | 34 --
...outine-use-QEMU_DEFINE_STATIC_CO_TLS.patch | 123 +++++
...-nbd-Move-s-ioc-on-AioContext-change.patch | 90 ----
...ame-qemu_coroutine_inc-dec_pool_size.patch | 90 ++++
...U-crash-when-started-with-SLIC-table.patch | 89 ----
...outine-Revert-to-constant-batch-size.patch | 121 +++++
...-not-consult-nonexistent-host-leaves.patch | 117 +++++
...-map-leaking-on-error-during-receive.patch | 38 --
...rrect-calls-of-log_global_start-stop.patch | 86 ----
...ctrl-and-event-handler-functions-in-.patch | 108 ++++
...acpi-fix-OEM-ID-OEM-Table-ID-padding.patch | 59 ---
...t-waste-CPU-polling-the-event-virtqu.patch | 91 ++++
...k-descriptor-chain-in-private-at-SVQ.patch | 102 ++++
...ch-the-virqueue-element-in-case-of-e.patch | 55 --
...Fix-device-s-used-descriptor-dequeue.patch | 62 +++
...t-user-remove-VirtQ-notifier-restore.patch | 98 ----
...ex-calculus-at-vhost_vdpa_get_vring_.patch | 39 ++
...host-user-fix-VirtQ-notifier-cleanup.patch | 149 ------
...ex-calculus-at-vhost_vdpa_svqs_start.patch | 35 ++
...ondition-for-iommu_platform-not-supp.patch | 101 ----
...rrectly-set-max_pdiscard-which-is-in.patch | 38 --
...virtio-Replace-g_memdup-by-g_memdup2.patch | 74 +++
.../0019-ui-vnc.c-Fixed-a-deadlock-bug.patch | 72 ---
...Fix-element-in-vhost_svq_add-failure.patch | 47 ++
...er-fix-race-condition-in-qxl_cursor-.patch | 37 --
...teger-overflow-in-cursor_alloc-CVE-2.patch | 83 ---
...k-file-change-locking-default-to-off.patch | 6 +-
...he-CPU-model-to-kvm64-32-instead-of-.patch | 4 +-
...ui-spice-default-to-pve-certificates.patch | 2 +-
...lock-rbd-disable-rbd_cache_writethro.patch | 2 +-
.../0007-PVE-Up-qmp-add-get_link_status.patch | 6 +-
...return-success-on-info-without-snaps.patch | 4 +-
...dd-add-osize-and-read-from-to-stdin-.patch | 16 +-
...E-Up-qemu-img-dd-add-isize-parameter.patch | 12 +-
...PVE-Up-qemu-img-dd-add-n-skip_create.patch | 14 +-
...virtio-balloon-improve-query-balloon.patch | 10 +-
.../0014-PVE-qapi-modify-query-machines.patch | 6 +-
.../0015-PVE-qapi-modify-spice-query.patch | 6 +-
...async-for-background-state-snapshots.patch | 30 +-
...add-optional-buffer-size-to-QEMUFile.patch | 28 +-
...add-the-zeroinit-block-driver-filter.patch | 4 +-
...-Add-dummy-id-command-line-parameter.patch | 10 +-
...le-posix-make-locking-optiono-on-cre.patch | 18 +-
...sed-balloon-qemu-4-0-config-size-fal.patch | 4 +-
...E-Allow-version-code-in-machine-type.patch | 18 +-
...e-bcs-bitmap-initialization-to-job-c.patch | 4 +-
...VE-Backup-add-vma-backup-format-code.patch | 32 +-
...-Backup-add-backup-dump-block-driver.patch | 28 +-
...ckup-proxmox-backup-patches-for-qemu.patch | 42 +-
...estore-new-command-to-restore-from-p.patch | 4 +-
...irty-bitmap-tracking-for-incremental.patch | 6 +-
.../pve/0031-PVE-various-PBS-fixes.patch | 4 +-
...k-driver-to-map-backup-archives-into.patch | 54 +-
...dd-query_proxmox_support-QMP-command.patch | 2 +-
...E-add-query-pbs-bitmap-info-QMP-call.patch | 4 +-
...ct-stderr-to-journal-when-daemonized.patch | 8 +-
...d-sequential-job-transaction-support.patch | 10 +-
...-block-on-finishing-and-cleanup-crea.patch | 2 +-
...igrate-dirty-bitmap-state-via-savevm.patch | 8 +-
...all-back-to-open-iscsi-initiatorname.patch | 2 +-
...routine-QMP-for-backup-cancel_backup.patch | 6 +-
.../pve/0043-PBS-add-master-key-support.patch | 4 +-
...PVE-block-stream-increase-chunk-size.patch | 2 +-
...accept-NULL-qiov-in-bdrv_pad_request.patch | 4 +-
.../0047-block-add-alloc-track-driver.patch | 2 +-
...valid-QAPI-names-for-backwards-compa.patch | 6 +-
...-add-l-option-for-loading-a-snapshot.patch | 18 +-
.../pve/0051-vma-allow-partial-restore.patch | 14 +-
.../pve/0052-pbs-namespace-support.patch | 6 +-
...-rbd-workaround-for-ceph-issue-53784.patch | 80 +++
...-fix-handling-of-holes-in-.bdrv_co_b.patch | 35 ++
...-rbd-implement-bdrv_co_block_status.patch} | 6 +-
...-jobs-correctly-cancel-in-error-sce.patch} | 0
...sure-jobs-in-di_list-are-referenced.patch} | 0
...-segfault-issues-upon-backup-cancel.patch} | 0
...upport-64KiB-unaligned-input-images.patch} | 6 +-
...-triggering-assertion-in-error-case.patch} | 4 +-
...k-alloc-track-avoid-premature-break.patch} | 0
debian/patches/series | 52 +-
debian/rules | 6 +-
qemu | 2 +-
97 files changed, 1949 insertions(+), 1990 deletions(-)
create mode 100644 debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard.patch
delete mode 100644 debian/patches/extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch
create mode 100644 debian/patches/extra/0003-block-vmdk-Fix-reopening-bs-file.patch
delete mode 100644 debian/patches/extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
create mode 100644 debian/patches/extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
create mode 100644 debian/patches/extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch
delete mode 100644 debian/patches/extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch
create mode 100644 debian/patches/extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch
delete mode 100644 debian/patches/extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch
create mode 100644 debian/patches/extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
delete mode 100644 debian/patches/extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch
create mode 100644 debian/patches/extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
delete mode 100644 debian/patches/extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch
create mode 100644 debian/patches/extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
delete mode 100644 debian/patches/extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
create mode 100644 debian/patches/extra/0010-coroutine-Revert-to-constant-batch-size.patch
create mode 100644 debian/patches/extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch
delete mode 100644 debian/patches/extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch
delete mode 100644 debian/patches/extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
create mode 100644 debian/patches/extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
delete mode 100644 debian/patches/extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
create mode 100644 debian/patches/extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
create mode 100644 debian/patches/extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
delete mode 100644 debian/patches/extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
create mode 100644 debian/patches/extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch
delete mode 100644 debian/patches/extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch
create mode 100644 debian/patches/extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
delete mode 100644 debian/patches/extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch
create mode 100644 debian/patches/extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
delete mode 100644 debian/patches/extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch
delete mode 100644 debian/patches/extra/0018-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
create mode 100644 debian/patches/extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
delete mode 100644 debian/patches/extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch
create mode 100644 debian/patches/extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch
delete mode 100644 debian/patches/extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
delete mode 100644 debian/patches/extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
create mode 100644 debian/patches/pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
create mode 100644 debian/patches/pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
rename debian/patches/pve/{0053-Revert-block-rbd-implement-bdrv_co_block_status.patch => 0055-Revert-block-rbd-implement-bdrv_co_block_status.patch} (97%)
rename debian/patches/pve/{0054-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch => 0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch} (100%)
rename debian/patches/pve/{0055-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch => 0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch} (100%)
rename debian/patches/pve/{0056-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch => 0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch} (100%)
rename debian/patches/pve/{0057-vma-create-support-64KiB-unaligned-input-images.patch => 0059-vma-create-support-64KiB-unaligned-input-images.patch} (92%)
rename debian/patches/pve/{0058-vma-create-avoid-triggering-assertion-in-error-case.patch => 0060-vma-create-avoid-triggering-assertion-in-error-case.patch} (88%)
rename debian/patches/pve/{0059-block-alloc-track-avoid-premature-break.patch => 0061-block-alloc-track-avoid-premature-break.patch} (100%)
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH qemu 1/4] update submodule and patches to 7.0.0
2022-06-27 11:05 [pve-devel] [PATCH-SERIES qemu] update to 7.0.0 Fabian Ebner
@ 2022-06-27 11:05 ` Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 2/4] d/rules: drop outdated configure flags Fabian Ebner
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Fabian Ebner @ 2022-06-27 11:05 UTC (permalink / raw)
To: pve-devel
Only very minor changes needed:
* Most patches in extra (or some version of them) are part of 7.0.0.
* aio_set_fd_handler got an extra parameter, but can just pass NULL
like we did for the related 'poll' parameter. See QEMU commit
826cc32423db2a99d184dbf4f507c737d7e7a4ae for more.
* Add include for qemu/memalign.h in vma.c and vma-writer.c.
* Add reverts for fixups of already reverted 0347a8fd4c ("block/rbd:
implement bdrv_co_block_status") that came in with 7.0.0. Those
fixups are not enough, see Proxmox bugzilla #4047.
* Two trivial context changes for bitmap-mirror patches.
* block_int.h got split up into multiple headers.
* Some context changes in configure and meson.build.
* Used the oppurtunity to squash fixup of bdrv_backuo_dump_create typo
in a later patch into the patch introducing the function (had to
move code to new header during rebase).
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
...d-support-for-sync-bitmap-mode-never.patch | 90 ++--
...-support-for-conditional-and-always-.patch | 14 +-
...check-for-bitmap-mode-without-bitmap.patch | 4 +-
...-to-bdrv_dirty_bitmap_merge_internal.patch | 6 +-
.../0006-mirror-move-some-checks-to-qmp.patch | 8 +-
...race-with-clients-disconnecting-earl.patch | 12 +-
...rectly-set-max_pdiscard-which-is-in.patch} | 0
...support-for-flag-argument-with-value.patch | 55 --
...-set-expire_password-and-allow-VNC-d.patch | 477 ------------------
...Update-BSC-only-if-want_zero-is-true.patch | 43 --
...lete-reconnect-delay-timer-when-done.patch | 40 --
...sert-there-are-no-timers-when-closed.patch | 34 --
...-nbd-Move-s-ioc-on-AioContext-change.patch | 90 ----
...U-crash-when-started-with-SLIC-table.patch | 89 ----
...-map-leaking-on-error-during-receive.patch | 38 --
...rrect-calls-of-log_global_start-stop.patch | 86 ----
...acpi-fix-OEM-ID-OEM-Table-ID-padding.patch | 59 ---
...ch-the-virqueue-element-in-case-of-e.patch | 55 --
...t-user-remove-VirtQ-notifier-restore.patch | 98 ----
...host-user-fix-VirtQ-notifier-cleanup.patch | 149 ------
...ondition-for-iommu_platform-not-supp.patch | 101 ----
.../0019-ui-vnc.c-Fixed-a-deadlock-bug.patch | 72 ---
...er-fix-race-condition-in-qxl_cursor-.patch | 37 --
...teger-overflow-in-cursor_alloc-CVE-2.patch | 83 ---
...k-file-change-locking-default-to-off.patch | 6 +-
...he-CPU-model-to-kvm64-32-instead-of-.patch | 4 +-
...ui-spice-default-to-pve-certificates.patch | 2 +-
...lock-rbd-disable-rbd_cache_writethro.patch | 2 +-
.../0007-PVE-Up-qmp-add-get_link_status.patch | 6 +-
...return-success-on-info-without-snaps.patch | 4 +-
...dd-add-osize-and-read-from-to-stdin-.patch | 16 +-
...E-Up-qemu-img-dd-add-isize-parameter.patch | 12 +-
...PVE-Up-qemu-img-dd-add-n-skip_create.patch | 14 +-
...virtio-balloon-improve-query-balloon.patch | 10 +-
.../0014-PVE-qapi-modify-query-machines.patch | 6 +-
.../0015-PVE-qapi-modify-spice-query.patch | 6 +-
...async-for-background-state-snapshots.patch | 30 +-
...add-optional-buffer-size-to-QEMUFile.patch | 28 +-
...add-the-zeroinit-block-driver-filter.patch | 4 +-
...-Add-dummy-id-command-line-parameter.patch | 10 +-
...le-posix-make-locking-optiono-on-cre.patch | 18 +-
...sed-balloon-qemu-4-0-config-size-fal.patch | 4 +-
...E-Allow-version-code-in-machine-type.patch | 18 +-
...e-bcs-bitmap-initialization-to-job-c.patch | 4 +-
...VE-Backup-add-vma-backup-format-code.patch | 32 +-
...-Backup-add-backup-dump-block-driver.patch | 28 +-
...ckup-proxmox-backup-patches-for-qemu.patch | 42 +-
...estore-new-command-to-restore-from-p.patch | 4 +-
...irty-bitmap-tracking-for-incremental.patch | 6 +-
.../pve/0031-PVE-various-PBS-fixes.patch | 4 +-
...k-driver-to-map-backup-archives-into.patch | 54 +-
...dd-query_proxmox_support-QMP-command.patch | 2 +-
...E-add-query-pbs-bitmap-info-QMP-call.patch | 4 +-
...ct-stderr-to-journal-when-daemonized.patch | 8 +-
...d-sequential-job-transaction-support.patch | 10 +-
...-block-on-finishing-and-cleanup-crea.patch | 2 +-
...igrate-dirty-bitmap-state-via-savevm.patch | 8 +-
...all-back-to-open-iscsi-initiatorname.patch | 2 +-
...routine-QMP-for-backup-cancel_backup.patch | 6 +-
.../pve/0043-PBS-add-master-key-support.patch | 4 +-
...PVE-block-stream-increase-chunk-size.patch | 2 +-
...accept-NULL-qiov-in-bdrv_pad_request.patch | 4 +-
.../0047-block-add-alloc-track-driver.patch | 2 +-
...valid-QAPI-names-for-backwards-compa.patch | 6 +-
...-add-l-option-for-loading-a-snapshot.patch | 18 +-
.../pve/0051-vma-allow-partial-restore.patch | 14 +-
.../pve/0052-pbs-namespace-support.patch | 6 +-
...-rbd-workaround-for-ceph-issue-53784.patch | 80 +++
...-fix-handling-of-holes-in-.bdrv_co_b.patch | 35 ++
...-rbd-implement-bdrv_co_block_status.patch} | 6 +-
...-jobs-correctly-cancel-in-error-sce.patch} | 0
...sure-jobs-in-di_list-are-referenced.patch} | 0
...-segfault-issues-upon-backup-cancel.patch} | 0
...upport-64KiB-unaligned-input-images.patch} | 6 +-
...-triggering-assertion-in-error-case.patch} | 4 +-
...k-alloc-track-avoid-premature-break.patch} | 0
debian/patches/series | 35 +-
qemu | 2 +-
78 files changed, 432 insertions(+), 1948 deletions(-)
rename debian/patches/extra/{0018-block-gluster-correctly-set-max_pdiscard-which-is-in.patch => 0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch} (100%)
delete mode 100644 debian/patches/extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch
delete mode 100644 debian/patches/extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
delete mode 100644 debian/patches/extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch
delete mode 100644 debian/patches/extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch
delete mode 100644 debian/patches/extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch
delete mode 100644 debian/patches/extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch
delete mode 100644 debian/patches/extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
delete mode 100644 debian/patches/extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch
delete mode 100644 debian/patches/extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
delete mode 100644 debian/patches/extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
delete mode 100644 debian/patches/extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
delete mode 100644 debian/patches/extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch
delete mode 100644 debian/patches/extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch
delete mode 100644 debian/patches/extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch
delete mode 100644 debian/patches/extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch
delete mode 100644 debian/patches/extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
delete mode 100644 debian/patches/extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
create mode 100644 debian/patches/pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
create mode 100644 debian/patches/pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
rename debian/patches/pve/{0053-Revert-block-rbd-implement-bdrv_co_block_status.patch => 0055-Revert-block-rbd-implement-bdrv_co_block_status.patch} (97%)
rename debian/patches/pve/{0054-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch => 0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch} (100%)
rename debian/patches/pve/{0055-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch => 0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch} (100%)
rename debian/patches/pve/{0056-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch => 0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch} (100%)
rename debian/patches/pve/{0057-vma-create-support-64KiB-unaligned-input-images.patch => 0059-vma-create-support-64KiB-unaligned-input-images.patch} (92%)
rename debian/patches/pve/{0058-vma-create-avoid-triggering-assertion-in-error-case.patch => 0060-vma-create-avoid-triggering-assertion-in-error-case.patch} (88%)
rename debian/patches/pve/{0059-block-alloc-track-avoid-premature-break.patch => 0061-block-alloc-track-avoid-premature-break.patch} (100%)
diff --git a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
index 61ce22a..5301cf0 100644
--- a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
+++ b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
@@ -28,18 +28,18 @@ Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- block/mirror.c | 98 +++++++++++++++++++++++++-------
- blockdev.c | 39 ++++++++++++-
- include/block/block_int.h | 4 +-
- qapi/block-core.json | 29 ++++++++--
- tests/unit/test-block-iothread.c | 4 +-
+ block/mirror.c | 98 +++++++++++++++++++++-----
+ blockdev.c | 39 +++++++++-
+ include/block/block_int-global-state.h | 4 +-
+ qapi/block-core.json | 29 ++++++--
+ tests/unit/test-block-iothread.c | 4 +-
5 files changed, 145 insertions(+), 29 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index efec2c7674..f7804638f9 100644
+index d8ecb9efa2..d95a7d7940 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -50,7 +50,7 @@ typedef struct MirrorBlockJob {
+@@ -51,7 +51,7 @@ typedef struct MirrorBlockJob {
BlockDriverState *to_replace;
/* Used to block operations on the drive-mirror-replace target */
Error *replace_blocker;
@@ -48,7 +48,7 @@ index efec2c7674..f7804638f9 100644
BlockMirrorBackingMode backing_mode;
/* Whether the target image requires explicit zero-initialization */
bool zero_target;
-@@ -64,6 +64,8 @@ typedef struct MirrorBlockJob {
+@@ -65,6 +65,8 @@ typedef struct MirrorBlockJob {
size_t buf_size;
int64_t bdev_length;
unsigned long *cow_bitmap;
@@ -57,7 +57,7 @@ index efec2c7674..f7804638f9 100644
BdrvDirtyBitmap *dirty_bitmap;
BdrvDirtyBitmapIter *dbi;
uint8_t *buf;
-@@ -695,7 +697,8 @@ static int mirror_exit_common(Job *job)
+@@ -696,7 +698,8 @@ static int mirror_exit_common(Job *job)
bdrv_child_refresh_perms(mirror_top_bs, mirror_top_bs->backing,
&error_abort);
if (!abort && s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) {
@@ -67,7 +67,7 @@ index efec2c7674..f7804638f9 100644
BlockDriverState *unfiltered_target = bdrv_skip_filters(target_bs);
if (bdrv_cow_bs(unfiltered_target) != backing) {
-@@ -800,6 +803,16 @@ static void mirror_abort(Job *job)
+@@ -794,6 +797,16 @@ static void mirror_abort(Job *job)
assert(ret == 0);
}
@@ -84,7 +84,7 @@ index efec2c7674..f7804638f9 100644
static void coroutine_fn mirror_throttle(MirrorBlockJob *s)
{
int64_t now = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
-@@ -979,7 +992,8 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
+@@ -973,7 +986,8 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
mirror_free_init(s);
s->last_pause_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
@@ -94,7 +94,7 @@ index efec2c7674..f7804638f9 100644
ret = mirror_dirty_init(s);
if (ret < 0 || job_is_cancelled(&s->common.job)) {
goto immediate_exit;
-@@ -1221,6 +1235,7 @@ static const BlockJobDriver mirror_job_driver = {
+@@ -1212,6 +1226,7 @@ static const BlockJobDriver mirror_job_driver = {
.run = mirror_run,
.prepare = mirror_prepare,
.abort = mirror_abort,
@@ -102,7 +102,7 @@ index efec2c7674..f7804638f9 100644
.pause = mirror_pause,
.complete = mirror_complete,
.cancel = mirror_cancel,
-@@ -1237,6 +1252,7 @@ static const BlockJobDriver commit_active_job_driver = {
+@@ -1228,6 +1243,7 @@ static const BlockJobDriver commit_active_job_driver = {
.run = mirror_run,
.prepare = mirror_prepare,
.abort = mirror_abort,
@@ -110,7 +110,7 @@ index efec2c7674..f7804638f9 100644
.pause = mirror_pause,
.complete = mirror_complete,
.cancel = commit_active_cancel,
-@@ -1602,7 +1618,10 @@ static BlockJob *mirror_start_job(
+@@ -1593,7 +1609,10 @@ static BlockJob *mirror_start_job(
BlockCompletionFunc *cb,
void *opaque,
const BlockJobDriver *driver,
@@ -122,11 +122,12 @@ index efec2c7674..f7804638f9 100644
bool auto_complete, const char *filter_node_name,
bool is_mirror, MirrorCopyMode copy_mode,
Error **errp)
-@@ -1614,10 +1633,39 @@ static BlockJob *mirror_start_job(
+@@ -1605,10 +1624,39 @@ static BlockJob *mirror_start_job(
uint64_t target_perms, target_shared_perms;
int ret;
- if (granularity == 0) {
+- granularity = bdrv_get_default_bitmap_granularity(target);
+ if (sync_mode == MIRROR_SYNC_MODE_INCREMENTAL) {
+ error_setg(errp, "Sync mode '%s' not supported",
+ MirrorSyncMode_str(sync_mode));
@@ -147,8 +148,8 @@ index efec2c7674..f7804638f9 100644
+ "sync mode '%s' is not compatible with bitmaps",
+ MirrorSyncMode_str(sync_mode));
+ return NULL;
-+ }
-+
+ }
+
+ if (bitmap) {
+ if (granularity) {
+ error_setg(errp, "granularity (%d)"
@@ -158,13 +159,12 @@ index efec2c7674..f7804638f9 100644
+ }
+ granularity = bdrv_dirty_bitmap_granularity(bitmap);
+ } else if (granularity == 0) {
- granularity = bdrv_get_default_bitmap_granularity(target);
- }
--
++ granularity = bdrv_get_default_bitmap_granularity(target);
++ }
assert(is_power_of_2(granularity));
if (buf_size < 0) {
-@@ -1755,7 +1803,9 @@ static BlockJob *mirror_start_job(
+@@ -1740,7 +1788,9 @@ static BlockJob *mirror_start_job(
s->replaces = g_strdup(replaces);
s->on_source_error = on_source_error;
s->on_target_error = on_target_error;
@@ -175,7 +175,7 @@ index efec2c7674..f7804638f9 100644
s->backing_mode = backing_mode;
s->zero_target = zero_target;
s->copy_mode = copy_mode;
-@@ -1776,6 +1826,18 @@ static BlockJob *mirror_start_job(
+@@ -1761,6 +1811,18 @@ static BlockJob *mirror_start_job(
bdrv_disable_dirty_bitmap(s->dirty_bitmap);
}
@@ -194,7 +194,7 @@ index efec2c7674..f7804638f9 100644
ret = block_job_add_bdrv(&s->common, "source", bs, 0,
BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE |
BLK_PERM_CONSISTENT_READ,
-@@ -1853,6 +1915,9 @@ fail:
+@@ -1838,6 +1900,9 @@ fail:
if (s->dirty_bitmap) {
bdrv_release_dirty_bitmap(s->dirty_bitmap);
}
@@ -204,7 +204,7 @@ index efec2c7674..f7804638f9 100644
job_early_fail(&s->common.job);
}
-@@ -1870,29 +1935,23 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
+@@ -1855,31 +1920,25 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *target, const char *replaces,
int creation_flags, int64_t speed,
uint32_t granularity, int64_t buf_size,
@@ -221,6 +221,8 @@ index efec2c7674..f7804638f9 100644
- bool is_none_mode;
BlockDriverState *base;
+ GLOBAL_STATE_CODE();
+
- if ((mode == MIRROR_SYNC_MODE_INCREMENTAL) ||
- (mode == MIRROR_SYNC_MODE_BITMAP)) {
- error_setg(errp, "Sync mode '%s' not supported",
@@ -239,7 +241,7 @@ index efec2c7674..f7804638f9 100644
}
BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
-@@ -1917,7 +1976,8 @@ BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
+@@ -1906,7 +1965,8 @@ BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
job_id, bs, creation_flags, base, NULL, speed, 0, 0,
MIRROR_LEAVE_BACKING_CHAIN, false,
on_error, on_error, true, cb, opaque,
@@ -250,10 +252,10 @@ index efec2c7674..f7804638f9 100644
errp);
if (!job) {
diff --git a/blockdev.c b/blockdev.c
-index b35072644e..9940116fe0 100644
+index e46e831212..fa601838a3 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -2956,6 +2956,10 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2951,6 +2951,10 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
BlockDriverState *target,
bool has_replaces, const char *replaces,
enum MirrorSyncMode sync,
@@ -264,7 +266,7 @@ index b35072644e..9940116fe0 100644
BlockMirrorBackingMode backing_mode,
bool zero_target,
bool has_speed, int64_t speed,
-@@ -2975,6 +2979,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2970,6 +2974,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
{
BlockDriverState *unfiltered_bs;
int job_flags = JOB_DEFAULT;
@@ -272,7 +274,7 @@ index b35072644e..9940116fe0 100644
if (!has_speed) {
speed = 0;
-@@ -3029,6 +3034,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3024,6 +3029,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
sync = MIRROR_SYNC_MODE_FULL;
}
@@ -302,7 +304,7 @@ index b35072644e..9940116fe0 100644
if (!has_replaces) {
/* We want to mirror from @bs, but keep implicit filters on top */
unfiltered_bs = bdrv_skip_implicit_filters(bs);
-@@ -3075,8 +3103,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3070,8 +3098,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
* and will allow to check whether the node still exist at mirror completion
*/
mirror_start(job_id, bs, target,
@@ -313,7 +315,7 @@ index b35072644e..9940116fe0 100644
on_source_error, on_target_error, unmap, filter_node_name,
copy_mode, errp);
}
-@@ -3221,6 +3249,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
+@@ -3216,6 +3244,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
blockdev_mirror_common(arg->has_job_id ? arg->job_id : NULL, bs, target_bs,
arg->has_replaces, arg->replaces, arg->sync,
@@ -322,7 +324,7 @@ index b35072644e..9940116fe0 100644
backing_mode, zero_target,
arg->has_speed, arg->speed,
arg->has_granularity, arg->granularity,
-@@ -3242,6 +3272,8 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
+@@ -3237,6 +3267,8 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
const char *device, const char *target,
bool has_replaces, const char *replaces,
MirrorSyncMode sync,
@@ -331,7 +333,7 @@ index b35072644e..9940116fe0 100644
bool has_speed, int64_t speed,
bool has_granularity, uint32_t granularity,
bool has_buf_size, int64_t buf_size,
-@@ -3291,7 +3323,8 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
+@@ -3286,7 +3318,8 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
}
blockdev_mirror_common(has_job_id ? job_id : NULL, bs, target_bs,
@@ -341,11 +343,11 @@ index b35072644e..9940116fe0 100644
zero_target, has_speed, speed,
has_granularity, granularity,
has_buf_size, buf_size,
-diff --git a/include/block/block_int.h b/include/block/block_int.h
-index f4c75e8ba9..ee0aeb1414 100644
---- a/include/block/block_int.h
-+++ b/include/block/block_int.h
-@@ -1287,7 +1287,9 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
+diff --git a/include/block/block_int-global-state.h b/include/block/block_int-global-state.h
+index 0f21b0570b..e7f901d048 100644
+--- a/include/block/block_int-global-state.h
++++ b/include/block/block_int-global-state.h
+@@ -148,7 +148,9 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *target, const char *replaces,
int creation_flags, int64_t speed,
uint32_t granularity, int64_t buf_size,
@@ -357,10 +359,10 @@ index f4c75e8ba9..ee0aeb1414 100644
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 1d3dd9cb48..da5dca1e3b 100644
+index beeb91952a..fb25c2b245 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -1995,10 +1995,19 @@
+@@ -1993,10 +1993,19 @@
# (all the disk, only the sectors allocated in the topmost image, or
# only new I/O).
#
@@ -381,7 +383,7 @@ index 1d3dd9cb48..da5dca1e3b 100644
#
# @buf-size: maximum amount of data in flight from source to
# target (since 1.4).
-@@ -2036,7 +2045,9 @@
+@@ -2034,7 +2043,9 @@
{ 'struct': 'DriveMirror',
'data': { '*job-id': 'str', 'device': 'str', 'target': 'str',
'*format': 'str', '*node-name': 'str', '*replaces': 'str',
@@ -392,7 +394,7 @@ index 1d3dd9cb48..da5dca1e3b 100644
'*speed': 'int', '*granularity': 'uint32',
'*buf-size': 'int', '*on-source-error': 'BlockdevOnError',
'*on-target-error': 'BlockdevOnError',
-@@ -2308,10 +2319,19 @@
+@@ -2306,10 +2317,19 @@
# (all the disk, only the sectors allocated in the topmost image, or
# only new I/O).
#
@@ -413,7 +415,7 @@ index 1d3dd9cb48..da5dca1e3b 100644
#
# @buf-size: maximum amount of data in flight from source to
# target
-@@ -2360,7 +2380,8 @@
+@@ -2358,7 +2378,8 @@
{ 'command': 'blockdev-mirror',
'data': { '*job-id': 'str', 'device': 'str', 'target': 'str',
'*replaces': 'str',
@@ -424,7 +426,7 @@ index 1d3dd9cb48..da5dca1e3b 100644
'*buf-size': 'int', '*on-source-error': 'BlockdevOnError',
'*on-target-error': 'BlockdevOnError',
diff --git a/tests/unit/test-block-iothread.c b/tests/unit/test-block-iothread.c
-index aea660aeed..22b9770a3e 100644
+index 94718c9319..7977ac14f4 100644
--- a/tests/unit/test-block-iothread.c
+++ b/tests/unit/test-block-iothread.c
@@ -626,8 +626,8 @@ static void test_propagate_mirror(void)
diff --git a/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch b/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
index 441198e..d30b46d 100644
--- a/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
+++ b/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
@@ -24,10 +24,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index f7804638f9..4f5f74e2cf 100644
+index d95a7d7940..2c79ee41af 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -672,8 +672,6 @@ static int mirror_exit_common(Job *job)
+@@ -673,8 +673,6 @@ static int mirror_exit_common(Job *job)
bdrv_unfreeze_backing_chain(mirror_top_bs, target_bs);
}
@@ -36,9 +36,9 @@ index f7804638f9..4f5f74e2cf 100644
/* Make sure that the source BDS doesn't go away during bdrv_replace_node,
* before we can call bdrv_drained_end */
bdrv_ref(src);
-@@ -781,6 +779,18 @@ static int mirror_exit_common(Job *job)
- blk_set_perm(bjob->blk, 0, BLK_PERM_ALL, &error_abort);
- blk_insert_bs(bjob->blk, mirror_top_bs, &error_abort);
+@@ -775,6 +773,18 @@ static int mirror_exit_common(Job *job)
+ block_job_remove_all_bdrv(bjob);
+ bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort);
+ if (s->sync_bitmap) {
+ if (s->bitmap_mode == BITMAP_SYNC_MODE_ALWAYS ||
@@ -55,7 +55,7 @@ index f7804638f9..4f5f74e2cf 100644
bs_opaque->job = NULL;
bdrv_drained_end(src);
-@@ -1643,10 +1653,6 @@ static BlockJob *mirror_start_job(
+@@ -1634,10 +1644,6 @@ static BlockJob *mirror_start_job(
" sync mode",
MirrorSyncMode_str(sync_mode));
return NULL;
@@ -66,7 +66,7 @@ index f7804638f9..4f5f74e2cf 100644
}
} else if (bitmap) {
error_setg(errp,
-@@ -1663,6 +1669,12 @@ static BlockJob *mirror_start_job(
+@@ -1654,6 +1660,12 @@ static BlockJob *mirror_start_job(
return NULL;
}
granularity = bdrv_dirty_bitmap_granularity(bitmap);
diff --git a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
index de15507..ffd3efe 100644
--- a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
+++ b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
@@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 3 insertions(+)
diff --git a/blockdev.c b/blockdev.c
-index 9940116fe0..b113e57d68 100644
+index fa601838a3..93fd0a61a4 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -3055,6 +3055,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3050,6 +3050,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_ALLOW_RO, errp)) {
return;
}
diff --git a/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch b/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch
index 872496a..c86ceca 100644
--- a/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch
+++ b/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch
@@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 4f5f74e2cf..7024f3bbf0 100644
+index 2c79ee41af..e04a3ea6f4 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -785,8 +785,8 @@ static int mirror_exit_common(Job *job)
+@@ -779,8 +779,8 @@ static int mirror_exit_common(Job *job)
job->ret == 0 && ret == 0)) {
/* Success; synchronize copy back to sync. */
bdrv_clear_dirty_bitmap(s->sync_bitmap, NULL);
@@ -30,7 +30,7 @@ index 4f5f74e2cf..7024f3bbf0 100644
}
}
bdrv_release_dirty_bitmap(s->dirty_bitmap);
-@@ -1843,11 +1843,8 @@ static BlockJob *mirror_start_job(
+@@ -1828,11 +1828,8 @@ static BlockJob *mirror_start_job(
}
if (s->sync_mode == MIRROR_SYNC_MODE_BITMAP) {
diff --git a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
index ca9d5ee..4d4747b 100644
--- a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
+++ b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
@@ -19,10 +19,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 70 insertions(+), 59 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 7024f3bbf0..6211ff22fc 100644
+index e04a3ea6f4..4feec2a002 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -1643,31 +1643,13 @@ static BlockJob *mirror_start_job(
+@@ -1634,31 +1634,13 @@ static BlockJob *mirror_start_job(
uint64_t target_perms, target_shared_perms;
int ret;
@@ -60,10 +60,10 @@ index 7024f3bbf0..6211ff22fc 100644
if (bitmap_mode != BITMAP_SYNC_MODE_NEVER) {
diff --git a/blockdev.c b/blockdev.c
-index b113e57d68..4be0863050 100644
+index 93fd0a61a4..1af5a1fcb2 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -3034,7 +3034,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3029,7 +3029,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
sync = MIRROR_SYNC_MODE_FULL;
}
diff --git a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
index 1836dff..9d8322c 100644
--- a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
+++ b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
@@ -48,7 +48,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 files changed, 59 insertions(+), 5 deletions(-)
diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h
-index 12d395d62d..b182943324 100644
+index cc4cc6c6ad..82f649d9ab 100644
--- a/include/monitor/monitor.h
+++ b/include/monitor/monitor.h
@@ -16,6 +16,7 @@ extern QemuOptsList qemu_mon_opts;
@@ -60,10 +60,10 @@ index 12d395d62d..b182943324 100644
void monitor_init_globals(void);
void monitor_init_globals_core(void);
diff --git a/monitor/monitor-internal.h b/monitor/monitor-internal.h
-index 3da3f86c6a..9953e0cd2d 100644
+index caa2e90ef2..e1596f79ab 100644
--- a/monitor/monitor-internal.h
+++ b/monitor/monitor-internal.h
-@@ -151,6 +151,13 @@ typedef struct {
+@@ -152,6 +152,13 @@ typedef struct {
QemuMutex qmp_queue_lock;
/* Input queue that holds all the parsed QMP requests */
GQueue *qmp_requests;
@@ -144,10 +144,10 @@ index 092c527b6f..6b8cfcf6d8 100644
monitor_qmp_caps_reset(mon);
data = qmp_greeting(mon);
diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
-index d378bccac7..fb8936e7cd 100644
+index 0990873ec8..e605003771 100644
--- a/qapi/qmp-dispatch.c
+++ b/qapi/qmp-dispatch.c
-@@ -118,16 +118,28 @@ typedef struct QmpDispatchBH {
+@@ -117,16 +117,28 @@ typedef struct QmpDispatchBH {
QObject **ret;
Error **errp;
Coroutine *co;
@@ -180,7 +180,7 @@ index d378bccac7..fb8936e7cd 100644
aio_co_wake(data->co);
}
-@@ -232,6 +244,7 @@ QDict *qmp_dispatch(const QmpCommandList *cmds, QObject *request,
+@@ -231,6 +243,7 @@ QDict *qmp_dispatch(const QmpCommandList *cmds, QObject *request,
.ret = &ret,
.errp = &err,
.co = qemu_coroutine_self(),
diff --git a/debian/patches/extra/0018-block-gluster-correctly-set-max_pdiscard-which-is-in.patch b/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
similarity index 100%
rename from debian/patches/extra/0018-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
rename to debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
diff --git a/debian/patches/extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch b/debian/patches/extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch
deleted file mode 100644
index 4606c6a..0000000
--- a/debian/patches/extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefan Reiter <s.reiter@proxmox.com>
-Date: Wed, 1 Sep 2021 16:51:04 +0200
-Subject: [PATCH] monitor/hmp: add support for flag argument with value
-
-Adds support for the "-xS" parameter type, where "-x" denotes a flag
-name and the "S" suffix indicates that this flag is supposed to take an
-arbitrary string parameter.
-
-These parameters are always optional, the entry in the qdict will be
-omitted if the flag is not given.
-
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- monitor/hmp.c | 17 ++++++++++++++++-
- 1 file changed, 16 insertions(+), 1 deletion(-)
-
-diff --git a/monitor/hmp.c b/monitor/hmp.c
-index b20737e63c..b29dbb1833 100644
---- a/monitor/hmp.c
-+++ b/monitor/hmp.c
-@@ -981,6 +981,7 @@ static QDict *monitor_parse_arguments(Monitor *mon,
- {
- const char *tmp = p;
- int skip_key = 0;
-+ int ret;
- /* option */
-
- c = *typestr++;
-@@ -1003,8 +1004,22 @@ static QDict *monitor_parse_arguments(Monitor *mon,
- }
- if (skip_key) {
- p = tmp;
-+ } else if (*typestr == 'S') {
-+ /* has option with string value */
-+ typestr++;
-+ tmp = p++;
-+ while (qemu_isspace(*p)) {
-+ p++;
-+ }
-+ ret = get_str(buf, sizeof(buf), &p);
-+ if (ret < 0) {
-+ monitor_printf(mon, "%s: value expected for -%c\n",
-+ cmd->name, *tmp);
-+ goto fail;
-+ }
-+ qdict_put_str(qdict, key, buf);
- } else {
-- /* has option */
-+ /* has boolean option */
- p++;
- qdict_put_bool(qdict, key, true);
- }
diff --git a/debian/patches/extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch b/debian/patches/extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
deleted file mode 100644
index 6ea0549..0000000
--- a/debian/patches/extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
+++ /dev/null
@@ -1,477 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefan Reiter <s.reiter@proxmox.com>
-Date: Wed, 25 Aug 2021 11:14:13 +0200
-Subject: [PATCH] monitor: refactor set/expire_password and allow VNC display
- id
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-It is possible to specify more than one VNC server on the command line,
-either with an explicit ID or the auto-generated ones à la "default",
-"vnc2", "vnc3", ...
-
-It is not possible to change the password on one of these extra VNC
-displays though. Fix this by adding a "display" parameter to the
-"set_password" and "expire_password" QMP and HMP commands.
-
-For HMP, the display is specified using the "-d" value flag.
-
-For QMP, the schema is updated to explicitly express the supported
-variants of the commands with protocol-discriminated unions.
-
-Suggested-by: Eric Blake <eblake@redhat.com>
-Suggested-by: Markus Armbruster <armbru@redhat.com>
-Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
----
- hmp-commands.hx | 24 ++++---
- monitor/hmp-cmds.c | 57 +++++++++++++++-
- monitor/qmp-cmds.c | 62 ++++++-----------
- qapi/ui.json | 165 ++++++++++++++++++++++++++++++++++++++-------
- 4 files changed, 231 insertions(+), 77 deletions(-)
-
-diff --git a/hmp-commands.hx b/hmp-commands.hx
-index 70a9136ac2..5efb47fc32 100644
---- a/hmp-commands.hx
-+++ b/hmp-commands.hx
-@@ -1514,33 +1514,35 @@ ERST
-
- {
- .name = "set_password",
-- .args_type = "protocol:s,password:s,connected:s?",
-- .params = "protocol password action-if-connected",
-+ .args_type = "protocol:s,password:s,display:-dS,connected:s?",
-+ .params = "protocol password [-d display] [action-if-connected]",
- .help = "set spice/vnc password",
- .cmd = hmp_set_password,
- },
-
- SRST
--``set_password [ vnc | spice ] password [ action-if-connected ]``
-- Change spice/vnc password. *action-if-connected* specifies what
-- should happen in case a connection is established: *fail* makes the
-- password change fail. *disconnect* changes the password and
-+``set_password [ vnc | spice ] password [ -d display ] [ action-if-connected ]``
-+ Change spice/vnc password. *display* can be used with 'vnc' to specify
-+ which display to set the password on. *action-if-connected* specifies
-+ what should happen in case a connection is established: *fail* makes
-+ the password change fail. *disconnect* changes the password and
- disconnects the client. *keep* changes the password and keeps the
- connection up. *keep* is the default.
- ERST
-
- {
- .name = "expire_password",
-- .args_type = "protocol:s,time:s",
-- .params = "protocol time",
-+ .args_type = "protocol:s,time:s,display:-dS",
-+ .params = "protocol time [-d display]",
- .help = "set spice/vnc password expire-time",
- .cmd = hmp_expire_password,
- },
-
- SRST
--``expire_password [ vnc | spice ]`` *expire-time*
-- Specify when a password for spice/vnc becomes
-- invalid. *expire-time* accepts:
-+``expire_password [ vnc | spice ] expire-time [ -d display ]``
-+ Specify when a password for spice/vnc becomes invalid.
-+ *display* behaves the same as in ``set_password``.
-+ *expire-time* accepts:
-
- ``now``
- Invalidate password instantly.
-diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index 9c91bf93e9..2e91ccb738 100644
---- a/monitor/hmp-cmds.c
-+++ b/monitor/hmp-cmds.c
-@@ -1384,10 +1384,41 @@ void hmp_set_password(Monitor *mon, const QDict *qdict)
- {
- const char *protocol = qdict_get_str(qdict, "protocol");
- const char *password = qdict_get_str(qdict, "password");
-+ const char *display = qdict_get_try_str(qdict, "display");
- const char *connected = qdict_get_try_str(qdict, "connected");
- Error *err = NULL;
-+ DisplayProtocol proto;
-
-- qmp_set_password(protocol, password, !!connected, connected, &err);
-+ SetPasswordOptions opts = {
-+ .password = g_strdup(password),
-+ .u.vnc.display = NULL,
-+ };
-+
-+ proto = qapi_enum_parse(&DisplayProtocol_lookup, protocol,
-+ DISPLAY_PROTOCOL_VNC, &err);
-+ if (err) {
-+ hmp_handle_error(mon, err);
-+ return;
-+ }
-+ opts.protocol = proto;
-+
-+ if (proto == DISPLAY_PROTOCOL_VNC) {
-+ opts.u.vnc.has_display = !!display;
-+ opts.u.vnc.display = g_strdup(display);
-+ } else if (proto == DISPLAY_PROTOCOL_SPICE) {
-+ opts.u.spice.has_connected = !!connected;
-+ opts.u.spice.connected =
-+ qapi_enum_parse(&SetPasswordAction_lookup, connected,
-+ SET_PASSWORD_ACTION_KEEP, &err);
-+ if (err) {
-+ hmp_handle_error(mon, err);
-+ return;
-+ }
-+ }
-+
-+ qmp_set_password(&opts, &err);
-+ g_free(opts.password);
-+ g_free(opts.u.vnc.display);
- hmp_handle_error(mon, err);
- }
-
-@@ -1395,9 +1426,31 @@ void hmp_expire_password(Monitor *mon, const QDict *qdict)
- {
- const char *protocol = qdict_get_str(qdict, "protocol");
- const char *whenstr = qdict_get_str(qdict, "time");
-+ const char *display = qdict_get_try_str(qdict, "display");
- Error *err = NULL;
-+ DisplayProtocol proto;
-
-- qmp_expire_password(protocol, whenstr, &err);
-+ ExpirePasswordOptions opts = {
-+ .time = g_strdup(whenstr),
-+ .u.vnc.display = NULL,
-+ };
-+
-+ proto = qapi_enum_parse(&DisplayProtocol_lookup, protocol,
-+ DISPLAY_PROTOCOL_VNC, &err);
-+ if (err) {
-+ hmp_handle_error(mon, err);
-+ return;
-+ }
-+ opts.protocol = proto;
-+
-+ if (proto == DISPLAY_PROTOCOL_VNC) {
-+ opts.u.vnc.has_display = !!display;
-+ opts.u.vnc.display = g_strdup(display);
-+ }
-+
-+ qmp_expire_password(&opts, &err);
-+ g_free(opts.time);
-+ g_free(opts.u.vnc.display);
- hmp_handle_error(mon, err);
- }
-
-diff --git a/monitor/qmp-cmds.c b/monitor/qmp-cmds.c
-index 343353e27a..729ca7cceb 100644
---- a/monitor/qmp-cmds.c
-+++ b/monitor/qmp-cmds.c
-@@ -167,45 +167,30 @@ void qmp_system_wakeup(Error **errp)
- qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER, errp);
- }
-
--void qmp_set_password(const char *protocol, const char *password,
-- bool has_connected, const char *connected, Error **errp)
-+void qmp_set_password(SetPasswordOptions *opts, Error **errp)
- {
-- int disconnect_if_connected = 0;
-- int fail_if_connected = 0;
-- int rc;
-+ bool disconnect_if_connected = false;
-+ bool fail_if_connected = false;
-+ int rc = 0;
-
-- if (has_connected) {
-- if (strcmp(connected, "fail") == 0) {
-- fail_if_connected = 1;
-- } else if (strcmp(connected, "disconnect") == 0) {
-- disconnect_if_connected = 1;
-- } else if (strcmp(connected, "keep") == 0) {
-- /* nothing */
-- } else {
-- error_setg(errp, QERR_INVALID_PARAMETER, "connected");
-- return;
-- }
-- }
--
-- if (strcmp(protocol, "spice") == 0) {
-+ if (opts->protocol == DISPLAY_PROTOCOL_SPICE) {
- if (!qemu_using_spice(errp)) {
- return;
- }
-- rc = qemu_spice.set_passwd(password, fail_if_connected,
-+ if (opts->u.spice.has_connected) {
-+ fail_if_connected =
-+ opts->u.spice.connected == SET_PASSWORD_ACTION_FAIL;
-+ disconnect_if_connected =
-+ opts->u.spice.connected == SET_PASSWORD_ACTION_DISCONNECT;
-+ }
-+ rc = qemu_spice.set_passwd(opts->password, fail_if_connected,
- disconnect_if_connected);
-- } else if (strcmp(protocol, "vnc") == 0) {
-- if (fail_if_connected || disconnect_if_connected) {
-- /* vnc supports "connected=keep" only */
-- error_setg(errp, QERR_INVALID_PARAMETER, "connected");
-- return;
-- }
-+ } else if (opts->protocol == DISPLAY_PROTOCOL_VNC) {
- /* Note that setting an empty password will not disable login through
- * this interface. */
-- rc = vnc_display_password(NULL, password);
-- } else {
-- error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "protocol",
-- "'vnc' or 'spice'");
-- return;
-+ rc = vnc_display_password(
-+ opts->u.vnc.has_display ? opts->u.vnc.display : NULL,
-+ opts->password);
- }
-
- if (rc != 0) {
-@@ -213,11 +198,11 @@ void qmp_set_password(const char *protocol, const char *password,
- }
- }
-
--void qmp_expire_password(const char *protocol, const char *whenstr,
-- Error **errp)
-+void qmp_expire_password(ExpirePasswordOptions *opts, Error **errp)
- {
- time_t when;
- int rc;
-+ const char* whenstr = opts->time;
-
- if (strcmp(whenstr, "now") == 0) {
- when = 0;
-@@ -229,17 +214,14 @@ void qmp_expire_password(const char *protocol, const char *whenstr,
- when = strtoull(whenstr, NULL, 10);
- }
-
-- if (strcmp(protocol, "spice") == 0) {
-+ if (opts->protocol == DISPLAY_PROTOCOL_SPICE) {
- if (!qemu_using_spice(errp)) {
- return;
- }
- rc = qemu_spice.set_pw_expire(when);
-- } else if (strcmp(protocol, "vnc") == 0) {
-- rc = vnc_display_pw_expire(NULL, when);
-- } else {
-- error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "protocol",
-- "'vnc' or 'spice'");
-- return;
-+ } else if (opts->protocol == DISPLAY_PROTOCOL_VNC) {
-+ rc = vnc_display_pw_expire(
-+ opts->u.vnc.has_display ? opts->u.vnc.display : NULL, when);
- }
-
- if (rc != 0) {
-diff --git a/qapi/ui.json b/qapi/ui.json
-index d7567ac866..4244c62c30 100644
---- a/qapi/ui.json
-+++ b/qapi/ui.json
-@@ -9,22 +9,23 @@
- { 'include': 'common.json' }
- { 'include': 'sockets.json' }
-
-+##
-+# @DisplayProtocol:
-+#
-+# Display protocols which support changing password options.
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'enum': 'DisplayProtocol',
-+ 'data': [ { 'name': 'vnc', 'if': 'CONFIG_VNC' },
-+ { 'name': 'spice', 'if': 'CONFIG_SPICE' } ] }
-+
- ##
- # @set_password:
- #
- # Sets the password of a remote display session.
- #
--# @protocol: - 'vnc' to modify the VNC server password
--# - 'spice' to modify the Spice server password
--#
--# @password: the new password
--#
--# @connected: how to handle existing clients when changing the
--# password. If nothing is specified, defaults to 'keep'
--# 'fail' to fail the command if clients are connected
--# 'disconnect' to disconnect existing clients
--# 'keep' to maintain existing clients
--#
- # Returns: - Nothing on success
- # - If Spice is not enabled, DeviceNotFound
- #
-@@ -37,16 +38,123 @@
- # <- { "return": {} }
- #
- ##
--{ 'command': 'set_password',
-- 'data': {'protocol': 'str', 'password': 'str', '*connected': 'str'} }
-+{ 'command': 'set_password', 'boxed': true, 'data': 'SetPasswordOptions' }
-+
-+##
-+# @SetPasswordOptions:
-+#
-+# Data required to set a new password on a display server protocol.
-+#
-+# @protocol: - 'vnc' to modify the VNC server password
-+# - 'spice' to modify the Spice server password
-+#
-+# @password: the new password
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'union': 'SetPasswordOptions',
-+ 'base': { 'protocol': 'DisplayProtocol',
-+ 'password': 'str' },
-+ 'discriminator': 'protocol',
-+ 'data': { 'vnc': 'SetPasswordOptionsVnc',
-+ 'spice': 'SetPasswordOptionsSpice' } }
-+
-+##
-+# @SetPasswordAction:
-+#
-+# An action to take on changing a password on a connection with active clients.
-+#
-+# @fail: fail the command if clients are connected
-+#
-+# @disconnect: disconnect existing clients
-+#
-+# @keep: maintain existing clients
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'enum': 'SetPasswordAction',
-+ 'data': [ 'fail', 'disconnect', 'keep' ] }
-+
-+##
-+# @SetPasswordActionVnc:
-+#
-+# See @SetPasswordAction. VNC only supports the keep action. 'connection'
-+# should just be omitted for VNC, this is kept for backwards compatibility.
-+#
-+# @keep: maintain existing clients
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'enum': 'SetPasswordActionVnc',
-+ 'data': [ 'keep' ] }
-+
-+##
-+# @SetPasswordOptionsSpice:
-+#
-+# Options for set_password specific to the VNC procotol.
-+#
-+# @connected: How to handle existing clients when changing the
-+# password. If nothing is specified, defaults to 'keep'.
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'struct': 'SetPasswordOptionsSpice',
-+ 'data': { '*connected': 'SetPasswordAction' } }
-+
-+##
-+# @SetPasswordOptionsVnc:
-+#
-+# Options for set_password specific to the VNC procotol.
-+#
-+# @display: The id of the display where the password should be changed.
-+# Defaults to the first.
-+#
-+# @connected: How to handle existing clients when changing the
-+# password.
-+#
-+# Features:
-+# @deprecated: For VNC, @connected will always be 'keep', parameter should be
-+# omitted.
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'struct': 'SetPasswordOptionsVnc',
-+ 'data': { '*display': 'str',
-+ '*connected': { 'type': 'SetPasswordActionVnc',
-+ 'features': ['deprecated'] } } }
-
- ##
- # @expire_password:
- #
- # Expire the password of a remote display server.
- #
--# @protocol: the name of the remote display protocol 'vnc' or 'spice'
-+# Returns: - Nothing on success
-+# - If @protocol is 'spice' and Spice is not active, DeviceNotFound
- #
-+# Since: 0.14
-+#
-+# Example:
-+#
-+# -> { "execute": "expire_password", "arguments": { "protocol": "vnc",
-+# "time": "+60" } }
-+# <- { "return": {} }
-+#
-+##
-+{ 'command': 'expire_password', 'boxed': true, 'data': 'ExpirePasswordOptions' }
-+
-+##
-+# @ExpirePasswordOptions:
-+#
-+# Data required to set password expiration on a display server protocol.
-+#
-+# @protocol: - 'vnc' to modify the VNC server expiration
-+# - 'spice' to modify the Spice server expiration
-+
- # @time: when to expire the password.
- #
- # - 'now' to expire the password immediately
-@@ -54,24 +162,33 @@
- # - '+INT' where INT is the number of seconds from now (integer)
- # - 'INT' where INT is the absolute time in seconds
- #
--# Returns: - Nothing on success
--# - If @protocol is 'spice' and Spice is not active, DeviceNotFound
--#
--# Since: 0.14
--#
- # Notes: Time is relative to the server and currently there is no way to
- # coordinate server time with client time. It is not recommended to
- # use the absolute time version of the @time parameter unless you're
- # sure you are on the same machine as the QEMU instance.
- #
--# Example:
-+# Since: 6.2
- #
--# -> { "execute": "expire_password", "arguments": { "protocol": "vnc",
--# "time": "+60" } }
--# <- { "return": {} }
-+##
-+{ 'union': 'ExpirePasswordOptions',
-+ 'base': { 'protocol': 'DisplayProtocol',
-+ 'time': 'str' },
-+ 'discriminator': 'protocol',
-+ 'data': { 'vnc': 'ExpirePasswordOptionsVnc' } }
-+
-+##
-+# @ExpirePasswordOptionsVnc:
-+#
-+# Options for expire_password specific to the VNC procotol.
-+#
-+# @display: The id of the display where the expiration should be changed.
-+# Defaults to the first.
-+#
-+# Since: 6.2
- #
- ##
--{ 'command': 'expire_password', 'data': {'protocol': 'str', 'time': 'str'} }
-+{ 'struct': 'ExpirePasswordOptionsVnc',
-+ 'data': { '*display': 'str' } }
-
- ##
- # @screendump:
diff --git a/debian/patches/extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch b/debian/patches/extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch
deleted file mode 100644
index 99abfc3..0000000
--- a/debian/patches/extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Tue, 18 Jan 2022 17:59:59 +0100
-Subject: [PATCH] block/io: Update BSC only if want_zero is true
-
-We update the block-status cache whenever we get new information from a
-bdrv_co_block_status() call to the block driver. However, if we have
-passed want_zero=false to that call, it may flag areas containing zeroes
-as data, and so we would update the block-status cache with wrong
-information.
-
-Therefore, we should not update the cache with want_zero=false.
-
-Reported-by: Nir Soffer <nsoffer@redhat.com>
-Fixes: 0bc329fbb00 ("block: block-status cache for data regions")
-Reviewed-by: Nir Soffer <nsoffer@redhat.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-Message-Id: <20220118170000.49423-2-hreitz@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
----
- block/io.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/block/io.c b/block/io.c
-index bb0a254def..4e4cb556c5 100644
---- a/block/io.c
-+++ b/block/io.c
-@@ -2497,8 +2497,12 @@ static int coroutine_fn bdrv_co_block_status(BlockDriverState *bs,
- * non-protocol nodes, and then it is never used. However, filling
- * the cache requires an RCU update, so double check here to avoid
- * such an update if possible.
-+ *
-+ * Check want_zero, because we only want to update the cache when we
-+ * have accurate information about what is zero and what is data.
- */
-- if (ret == (BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID) &&
-+ if (want_zero &&
-+ ret == (BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID) &&
- QLIST_EMPTY(&bs->children))
- {
- /*
diff --git a/debian/patches/extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch b/debian/patches/extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch
deleted file mode 100644
index ade6a06..0000000
--- a/debian/patches/extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Wed, 9 Feb 2022 15:02:52 +0100
-Subject: [PATCH] block/nbd: Delete reconnect delay timer when done
-
-We start the reconnect delay timer to cancel the reconnection attempt
-after a while. Once nbd_co_do_establish_connection() has returned, this
-attempt is over, and we no longer need the timer.
-
-Delete it before returning from nbd_reconnect_attempt(), so that it does
-not persist beyond the I/O request that was paused for reconnecting; we
-do not want it to fire in a drained section, because all sort of things
-can happen in such a section (e.g. the AioContext might be changed, and
-we do not want the timer to fire in the wrong context; or the BDS might
-even be deleted, and so the timer CB would access already-freed data).
-
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
----
- block/nbd.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/block/nbd.c b/block/nbd.c
-index 5ef462db1b..b8e5a9b4cc 100644
---- a/block/nbd.c
-+++ b/block/nbd.c
-@@ -353,6 +353,13 @@ static coroutine_fn void nbd_reconnect_attempt(BDRVNBDState *s)
- }
-
- nbd_co_do_establish_connection(s->bs, NULL);
-+
-+ /*
-+ * The reconnect attempt is done (maybe successfully, maybe not), so
-+ * we no longer need this timer. Delete it so it will not outlive
-+ * this I/O request (so draining removes all timers).
-+ */
-+ reconnect_delay_timer_del(s);
- }
-
- static coroutine_fn int nbd_receive_replies(BDRVNBDState *s, uint64_t handle)
diff --git a/debian/patches/extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch b/debian/patches/extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch
deleted file mode 100644
index 07550c3..0000000
--- a/debian/patches/extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Wed, 9 Feb 2022 15:02:54 +0100
-Subject: [PATCH] block/nbd: Assert there are no timers when closed
-
-Our two timers must not remain armed beyond nbd_clear_bdrvstate(), or
-they will access freed data when they fire.
-
-This patch is separate from the patches that actually fix the issue
-(HEAD^^ and HEAD^) so that you can run the associated regression iotest
-(281) on a configuration that reproducibly exposes the bug.
-
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-[FE: backport (open_timer doesn't exist yet in 6.2.0)]
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
----
- block/nbd.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/block/nbd.c b/block/nbd.c
-index b8e5a9b4cc..aab20125d8 100644
---- a/block/nbd.c
-+++ b/block/nbd.c
-@@ -108,6 +108,9 @@ static void nbd_clear_bdrvstate(BlockDriverState *bs)
-
- yank_unregister_instance(BLOCKDEV_YANK_INSTANCE(bs->node_name));
-
-+ /* Must not leave timers behind that would access freed data */
-+ assert(!s->reconnect_delay_timer);
-+
- object_unref(OBJECT(s->tlscreds));
- qapi_free_SocketAddress(s->saddr);
- s->saddr = NULL;
diff --git a/debian/patches/extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch b/debian/patches/extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch
deleted file mode 100644
index 6b431c6..0000000
--- a/debian/patches/extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Wed, 9 Feb 2022 15:02:57 +0100
-Subject: [PATCH] block/nbd: Move s->ioc on AioContext change
-
-s->ioc must always be attached to the NBD node's AioContext. If that
-context changes, s->ioc must be attached to the new context.
-
-Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2033626
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-[FE: backport (open_timer doesn't exist yet in 6.2.0)]
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
----
- block/nbd.c | 41 +++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 41 insertions(+)
-
-diff --git a/block/nbd.c b/block/nbd.c
-index aab20125d8..a3896c7f5f 100644
---- a/block/nbd.c
-+++ b/block/nbd.c
-@@ -2003,6 +2003,38 @@ static void nbd_cancel_in_flight(BlockDriverState *bs)
- nbd_co_establish_connection_cancel(s->conn);
- }
-
-+static void nbd_attach_aio_context(BlockDriverState *bs,
-+ AioContext *new_context)
-+{
-+ BDRVNBDState *s = bs->opaque;
-+
-+ /*
-+ * The reconnect_delay_timer is scheduled in I/O paths when the
-+ * connection is lost, to cancel the reconnection attempt after a
-+ * given time. Once this attempt is done (successfully or not),
-+ * nbd_reconnect_attempt() ensures the timer is deleted before the
-+ * respective I/O request is resumed.
-+ * Since the AioContext can only be changed when a node is drained,
-+ * the reconnect_delay_timer cannot be active here.
-+ */
-+ assert(!s->reconnect_delay_timer);
-+
-+ if (s->ioc) {
-+ qio_channel_attach_aio_context(s->ioc, new_context);
-+ }
-+}
-+
-+static void nbd_detach_aio_context(BlockDriverState *bs)
-+{
-+ BDRVNBDState *s = bs->opaque;
-+
-+ assert(!s->reconnect_delay_timer);
-+
-+ if (s->ioc) {
-+ qio_channel_detach_aio_context(s->ioc);
-+ }
-+}
-+
- static BlockDriver bdrv_nbd = {
- .format_name = "nbd",
- .protocol_name = "nbd",
-@@ -2026,6 +2058,9 @@ static BlockDriver bdrv_nbd = {
- .bdrv_dirname = nbd_dirname,
- .strong_runtime_opts = nbd_strong_runtime_opts,
- .bdrv_cancel_in_flight = nbd_cancel_in_flight,
-+
-+ .bdrv_attach_aio_context = nbd_attach_aio_context,
-+ .bdrv_detach_aio_context = nbd_detach_aio_context,
- };
-
- static BlockDriver bdrv_nbd_tcp = {
-@@ -2051,6 +2086,9 @@ static BlockDriver bdrv_nbd_tcp = {
- .bdrv_dirname = nbd_dirname,
- .strong_runtime_opts = nbd_strong_runtime_opts,
- .bdrv_cancel_in_flight = nbd_cancel_in_flight,
-+
-+ .bdrv_attach_aio_context = nbd_attach_aio_context,
-+ .bdrv_detach_aio_context = nbd_detach_aio_context,
- };
-
- static BlockDriver bdrv_nbd_unix = {
-@@ -2076,6 +2114,9 @@ static BlockDriver bdrv_nbd_unix = {
- .bdrv_dirname = nbd_dirname,
- .strong_runtime_opts = nbd_strong_runtime_opts,
- .bdrv_cancel_in_flight = nbd_cancel_in_flight,
-+
-+ .bdrv_attach_aio_context = nbd_attach_aio_context,
-+ .bdrv_detach_aio_context = nbd_detach_aio_context,
- };
-
- static void bdrv_nbd_init(void)
diff --git a/debian/patches/extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch b/debian/patches/extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
deleted file mode 100644
index bb8cf86..0000000
--- a/debian/patches/extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Mon, 27 Dec 2021 14:31:17 -0500
-Subject: [PATCH] acpi: fix QEMU crash when started with SLIC table
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-if QEMU is started with used provided SLIC table blob,
-
- -acpitable sig=SLIC,oem_id='CRASH ',oem_table_id="ME",oem_rev=00002210,asl_compiler_id="",asl_compiler_rev=00000000,data=/dev/null
-it will assert with:
-
- hw/acpi/aml-build.c:61:build_append_padded_str: assertion failed: (len <= maxlen)
-
-and following backtrace:
-
- ...
- build_append_padded_str (array=0x555556afe320, str=0x555556afdb2e "CRASH ME", maxlen=0x6, pad=0x20) at hw/acpi/aml-build.c:61
- acpi_table_begin (desc=0x7fffffffd1b0, array=0x555556afe320) at hw/acpi/aml-build.c:1727
- build_fadt (tbl=0x555556afe320, linker=0x555557ca3830, f=0x7fffffffd318, oem_id=0x555556afdb2e "CRASH ME", oem_table_id=0x555556afdb34 "ME") at hw/acpi/aml-build.c:2064
- ...
-
-which happens due to acpi_table_begin() expecting NULL terminated
-oem_id and oem_table_id strings, which is normally the case, but
-in case of user provided SLIC table, oem_id points to table's blob
-directly and as result oem_id became longer than expected.
-
-Fix issue by handling oem_id consistently and make acpi_get_slic_oem()
-return NULL terminated strings.
-
-PS:
-After [1] refactoring, oem_id semantics became inconsistent, where
-NULL terminated string was coming from machine and old way pointer
-into byte array coming from -acpitable option. That used to work
-since build_header() wasn't expecting NULL terminated string and
-blindly copied the 1st 6 bytes only.
-
-However commit [2] broke that by replacing build_header() with
-acpi_table_begin(), which was expecting NULL terminated string
-and was checking oem_id size.
-
-1) 602b45820 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
-2)
-Fixes: 4b56e1e4eb08 ("acpi: build_fadt: use acpi_table_begin()/acpi_table_end() instead of build_header()")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/786
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Message-Id: <20211227193120.1084176-2-imammedo@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Tested-by: Denis Lisov <dennis.lissov@gmail.com>
-Tested-by: Alexander Tsoy <alexander@tsoy.me>
-Cc: qemu-stable@nongnu.org
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 8cdb99af45365727ac17f45239a9b8c1d5155c6d)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/acpi/core.c | 4 ++--
- hw/i386/acpi-build.c | 2 ++
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/hw/acpi/core.c b/hw/acpi/core.c
-index 1e004d0078..3e811bf03c 100644
---- a/hw/acpi/core.c
-+++ b/hw/acpi/core.c
-@@ -345,8 +345,8 @@ int acpi_get_slic_oem(AcpiSlicOem *oem)
- struct acpi_table_header *hdr = (void *)(u - sizeof(hdr->_length));
-
- if (memcmp(hdr->sig, "SLIC", 4) == 0) {
-- oem->id = hdr->oem_id;
-- oem->table_id = hdr->oem_table_id;
-+ oem->id = g_strndup(hdr->oem_id, 6);
-+ oem->table_id = g_strndup(hdr->oem_table_id, 8);
- return 0;
- }
- }
-diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
-index a99c6e4fe3..570f82997b 100644
---- a/hw/i386/acpi-build.c
-+++ b/hw/i386/acpi-build.c
-@@ -2721,6 +2721,8 @@ void acpi_build(AcpiBuildTables *tables, MachineState *machine)
-
- /* Cleanup memory that's no longer used. */
- g_array_free(table_offsets, true);
-+ g_free(slic_oem.id);
-+ g_free(slic_oem.table_id);
- }
-
- static void acpi_ram_update(MemoryRegion *mr, GArray *data)
diff --git a/debian/patches/extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch b/debian/patches/extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch
deleted file mode 100644
index 02e7bab..0000000
--- a/debian/patches/extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Jason Wang <jasowang@redhat.com>
-Date: Tue, 8 Mar 2022 10:42:51 +0800
-Subject: [PATCH] virtio-net: fix map leaking on error during receive
-
-Commit bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg")
-tries to fix the use after free of the sg by caching the virtqueue
-elements in an array and unmap them at once after receiving the
-packets, But it forgot to unmap the cached elements on error which
-will lead to leaking of mapping and other unexpected results.
-
-Fixing this by detaching the cached elements on error. This addresses
-CVE-2022-26353.
-
-Reported-by: Victor Tom <vv474172261@gmail.com>
-Cc: qemu-stable@nongnu.org
-Fixes: CVE-2022-26353
-Fixes: bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg")
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit abe300d9d894f7138e1af7c8e9c88c04bfe98b37)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/net/virtio-net.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
-index f2014d5ea0..e1f4748831 100644
---- a/hw/net/virtio-net.c
-+++ b/hw/net/virtio-net.c
-@@ -1862,6 +1862,7 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
-
- err:
- for (j = 0; j < i; j++) {
-+ virtqueue_detach_element(q->rx_vq, elems[j], lens[j]);
- g_free(elems[j]);
- }
-
diff --git a/debian/patches/extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch b/debian/patches/extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
deleted file mode 100644
index b1e97e5..0000000
--- a/debian/patches/extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Xu <peterx@redhat.com>
-Date: Tue, 30 Nov 2021 16:00:28 +0800
-Subject: [PATCH] memory: Fix incorrect calls of log_global_start/stop
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We should only call the log_global_start/stop when the global dirty track
-bitmask changes from zero<->non-zero.
-
-No real issue reported for this yet probably because no immediate user to
-enable both dirty rate measurement and migration at the same time. However
-it'll be good to be prepared for it.
-
-Fixes: 63b41db4bc ("memory: make global_dirty_tracking a bitmask")
-Cc: qemu-stable@nongnu.org
-Cc: Hyman Huang <huangy81@chinatelecom.cn>
-Cc: Paolo Bonzini <pbonzini@redhat.com>
-Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
-Cc: Juan Quintela <quintela@redhat.com>
-Cc: David Hildenbrand <david@redhat.com>
-Signed-off-by: Peter Xu <peterx@redhat.com>
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Message-Id: <20211130080028.6474-1-peterx@redhat.com>
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-(cherry picked from commit 7b0538ed3a22ce30817f818449d10701fb0821f9)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- softmmu/memory.c | 27 ++++++++++++++-------------
- 1 file changed, 14 insertions(+), 13 deletions(-)
-
-diff --git a/softmmu/memory.c b/softmmu/memory.c
-index 7340e19ff5..81d4bf1454 100644
---- a/softmmu/memory.c
-+++ b/softmmu/memory.c
-@@ -2773,6 +2773,8 @@ static VMChangeStateEntry *vmstate_change;
-
- void memory_global_dirty_log_start(unsigned int flags)
- {
-+ unsigned int old_flags = global_dirty_tracking;
-+
- if (vmstate_change) {
- qemu_del_vm_change_state_handler(vmstate_change);
- vmstate_change = NULL;
-@@ -2781,15 +2783,14 @@ void memory_global_dirty_log_start(unsigned int flags)
- assert(flags && !(flags & (~GLOBAL_DIRTY_MASK)));
- assert(!(global_dirty_tracking & flags));
- global_dirty_tracking |= flags;
--
- trace_global_dirty_changed(global_dirty_tracking);
-
-- MEMORY_LISTENER_CALL_GLOBAL(log_global_start, Forward);
--
-- /* Refresh DIRTY_MEMORY_MIGRATION bit. */
-- memory_region_transaction_begin();
-- memory_region_update_pending = true;
-- memory_region_transaction_commit();
-+ if (!old_flags) {
-+ MEMORY_LISTENER_CALL_GLOBAL(log_global_start, Forward);
-+ memory_region_transaction_begin();
-+ memory_region_update_pending = true;
-+ memory_region_transaction_commit();
-+ }
- }
-
- static void memory_global_dirty_log_do_stop(unsigned int flags)
-@@ -2800,12 +2801,12 @@ static void memory_global_dirty_log_do_stop(unsigned int flags)
-
- trace_global_dirty_changed(global_dirty_tracking);
-
-- /* Refresh DIRTY_MEMORY_MIGRATION bit. */
-- memory_region_transaction_begin();
-- memory_region_update_pending = true;
-- memory_region_transaction_commit();
--
-- MEMORY_LISTENER_CALL_GLOBAL(log_global_stop, Reverse);
-+ if (!global_dirty_tracking) {
-+ memory_region_transaction_begin();
-+ memory_region_update_pending = true;
-+ memory_region_transaction_commit();
-+ MEMORY_LISTENER_CALL_GLOBAL(log_global_stop, Reverse);
-+ }
- }
-
- static void memory_vm_change_state_handler(void *opaque, bool running,
diff --git a/debian/patches/extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch b/debian/patches/extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
deleted file mode 100644
index 3696302..0000000
--- a/debian/patches/extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Wed, 12 Jan 2022 08:03:31 -0500
-Subject: [PATCH] acpi: fix OEM ID/OEM Table ID padding
-
-Commit [2] broke original '\0' padding of OEM ID and OEM Table ID
-fields in headers of ACPI tables. While it doesn't have impact on
-default values since QEMU uses 6 and 8 characters long values
-respectively, it broke usecase where IDs are provided on QEMU CLI.
-It shouldn't affect guest (but may cause licensing verification
-issues in guest OS).
-One of the broken usecases is user supplied SLIC table with IDs
-shorter than max possible length, where [2] mangles IDs with extra
-spaces in RSDT and FADT tables whereas guest OS expects those to
-mirror the respective values of the used SLIC table.
-
-Fix it by replacing whitespace padding with '\0' padding in
-accordance with [1] and expectations of guest OS
-
-1) ACPI spec, v2.0b
- 17.2 AML Grammar Definition
- ...
- //OEM ID of up to 6 characters. If the OEM ID is
- //shorter than 6 characters, it can be terminated
- //with a NULL character.
-
-2)
-Fixes: 602b458201 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/707
-Reported-by: Dmitry V. Orekhov <dima.orekhov@gmail.com>
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Cc: qemu-stable@nongnu.org
-Message-Id: <20220112130332.1648664-4-imammedo@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-Reviewed-by: Ani Sinha <ani@anisinha.ca>
-Tested-by: Dmitry V. Orekhov dima.orekhov@gmail.com
-(cherry picked from commit 748c030f360a940fe0c9382c8ca1649096c3a80d)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/acpi/aml-build.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
-index b3b3310df3..65148d5b9d 100644
---- a/hw/acpi/aml-build.c
-+++ b/hw/acpi/aml-build.c
-@@ -1724,9 +1724,9 @@ void acpi_table_begin(AcpiTable *desc, GArray *array)
- build_append_int_noprefix(array, 0, 4); /* Length */
- build_append_int_noprefix(array, desc->rev, 1); /* Revision */
- build_append_int_noprefix(array, 0, 1); /* Checksum */
-- build_append_padded_str(array, desc->oem_id, 6, ' '); /* OEMID */
-+ build_append_padded_str(array, desc->oem_id, 6, '\0'); /* OEMID */
- /* OEM Table ID */
-- build_append_padded_str(array, desc->oem_table_id, 8, ' ');
-+ build_append_padded_str(array, desc->oem_table_id, 8, '\0');
- build_append_int_noprefix(array, 1, 4); /* OEM Revision */
- g_array_append_vals(array, ACPI_BUILD_APPNAME8, 4); /* Creator ID */
- build_append_int_noprefix(array, 1, 4); /* Creator Revision */
diff --git a/debian/patches/extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch b/debian/patches/extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
deleted file mode 100644
index 35482c8..0000000
--- a/debian/patches/extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefano Garzarella <sgarzare@redhat.com>
-Date: Mon, 28 Feb 2022 10:50:58 +0100
-Subject: [PATCH] vhost-vsock: detach the virqueue element in case of error
-
-In vhost_vsock_common_send_transport_reset(), if an element popped from
-the virtqueue is invalid, we should call virtqueue_detach_element() to
-detach it from the virtqueue before freeing its memory.
-
-Fixes: fc0b9b0e1c ("vhost-vsock: add virtio sockets device")
-Fixes: CVE-2022-26354
-Cc: qemu-stable@nongnu.org
-Reported-by: VictorV <vv474172261@gmail.com>
-Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
-Message-Id: <20220228095058.27899-1-sgarzare@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 8d1b247f3748ac4078524130c6d7ae42b6140aaf)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/virtio/vhost-vsock-common.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/hw/virtio/vhost-vsock-common.c b/hw/virtio/vhost-vsock-common.c
-index 3f3771274e..ed706681ac 100644
---- a/hw/virtio/vhost-vsock-common.c
-+++ b/hw/virtio/vhost-vsock-common.c
-@@ -153,19 +153,23 @@ static void vhost_vsock_common_send_transport_reset(VHostVSockCommon *vvc)
- if (elem->out_num) {
- error_report("invalid vhost-vsock event virtqueue element with "
- "out buffers");
-- goto out;
-+ goto err;
- }
-
- if (iov_from_buf(elem->in_sg, elem->in_num, 0,
- &event, sizeof(event)) != sizeof(event)) {
- error_report("vhost-vsock event virtqueue element is too short");
-- goto out;
-+ goto err;
- }
-
- virtqueue_push(vq, elem, sizeof(event));
- virtio_notify(VIRTIO_DEVICE(vvc), vq);
-
--out:
-+ g_free(elem);
-+ return;
-+
-+err:
-+ virtqueue_detach_element(vq, elem, 0);
- g_free(elem);
- }
-
diff --git a/debian/patches/extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch b/debian/patches/extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch
deleted file mode 100644
index d6d0877..0000000
--- a/debian/patches/extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Xueming Li <xuemingl@nvidia.com>
-Date: Mon, 7 Feb 2022 15:19:28 +0800
-Subject: [PATCH] vhost-user: remove VirtQ notifier restore
-
-Notifier set when vhost-user backend asks qemu to mmap an FD and
-offset. When vhost-user backend restart or getting killed, VQ notifier
-FD and mmap addresses become invalid. After backend restart, MR contains
-the invalid address will be restored and fail on notifier access.
-
-On the other hand, qemu should munmap the notifier, release underlying
-hardware resources to enable backend restart and allocate hardware
-notifier resources correctly.
-
-Qemu shouldn't reference and use resources of disconnected backend.
-
-This patch removes VQ notifier restore, uses the default vhost-user
-notifier to avoid invalid address access.
-
-After backend restart, the backend should ask qemu to install a hardware
-notifier if needed.
-
-Fixes: 44866521bd6e ("vhost-user: support registering external host notifiers")
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Xueming Li <xuemingl@nvidia.com>
-Message-Id: <20220207071929.527149-2-xuemingl@nvidia.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit e867144b73b3c5009266b6df07d5ff44acfb82c3)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/virtio/vhost-user.c | 19 +------------------
- include/hw/virtio/vhost-user.h | 1 -
- 2 files changed, 1 insertion(+), 19 deletions(-)
-
-diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
-index bf6e50223c..c671719e9b 100644
---- a/hw/virtio/vhost-user.c
-+++ b/hw/virtio/vhost-user.c
-@@ -1143,19 +1143,6 @@ static int vhost_user_set_vring_num(struct vhost_dev *dev,
- return vhost_set_vring(dev, VHOST_USER_SET_VRING_NUM, ring);
- }
-
--static void vhost_user_host_notifier_restore(struct vhost_dev *dev,
-- int queue_idx)
--{
-- struct vhost_user *u = dev->opaque;
-- VhostUserHostNotifier *n = &u->user->notifier[queue_idx];
-- VirtIODevice *vdev = dev->vdev;
--
-- if (n->addr && !n->set) {
-- virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, true);
-- n->set = true;
-- }
--}
--
- static void vhost_user_host_notifier_remove(struct vhost_dev *dev,
- int queue_idx)
- {
-@@ -1163,17 +1150,14 @@ static void vhost_user_host_notifier_remove(struct vhost_dev *dev,
- VhostUserHostNotifier *n = &u->user->notifier[queue_idx];
- VirtIODevice *vdev = dev->vdev;
-
-- if (n->addr && n->set) {
-+ if (n->addr) {
- virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, false);
-- n->set = false;
- }
- }
-
- static int vhost_user_set_vring_base(struct vhost_dev *dev,
- struct vhost_vring_state *ring)
- {
-- vhost_user_host_notifier_restore(dev, ring->index);
--
- return vhost_set_vring(dev, VHOST_USER_SET_VRING_BASE, ring);
- }
-
-@@ -1538,7 +1522,6 @@ static int vhost_user_slave_handle_vring_host_notifier(struct vhost_dev *dev,
- }
-
- n->addr = addr;
-- n->set = true;
-
- return 0;
- }
-diff --git a/include/hw/virtio/vhost-user.h b/include/hw/virtio/vhost-user.h
-index a9abca3288..f6012b2078 100644
---- a/include/hw/virtio/vhost-user.h
-+++ b/include/hw/virtio/vhost-user.h
-@@ -14,7 +14,6 @@
- typedef struct VhostUserHostNotifier {
- MemoryRegion mr;
- void *addr;
-- bool set;
- } VhostUserHostNotifier;
-
- typedef struct VhostUserState {
diff --git a/debian/patches/extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch b/debian/patches/extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch
deleted file mode 100644
index 25a9644..0000000
--- a/debian/patches/extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Xueming Li <xuemingl@nvidia.com>
-Date: Mon, 7 Feb 2022 15:19:29 +0800
-Subject: [PATCH] vhost-user: fix VirtQ notifier cleanup
-
-When vhost-user device cleanup, remove notifier MR and munmaps notifier
-address in the event-handling thread, VM CPU thread writing the notifier
-in concurrent fails with an error of accessing invalid address. It
-happens because MR is still being referenced and accessed in another
-thread while the underlying notifier mmap address is being freed and
-becomes invalid.
-
-This patch calls RCU and munmap notifiers in the callback after the
-memory flatview update finish.
-
-Fixes: 44866521bd6e ("vhost-user: support registering external host notifiers")
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Xueming Li <xuemingl@nvidia.com>
-Message-Id: <20220207071929.527149-3-xuemingl@nvidia.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 0b0af4d62f7002b31cd7b2762b26d2fcb76bb2ba)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/virtio/vhost-user.c | 48 ++++++++++++++++++++--------------
- include/hw/virtio/vhost-user.h | 2 ++
- 2 files changed, 31 insertions(+), 19 deletions(-)
-
-diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
-index c671719e9b..ed5f9a5471 100644
---- a/hw/virtio/vhost-user.c
-+++ b/hw/virtio/vhost-user.c
-@@ -25,6 +25,7 @@
- #include "migration/migration.h"
- #include "migration/postcopy-ram.h"
- #include "trace.h"
-+#include "exec/ramblock.h"
-
- #include <sys/ioctl.h>
- #include <sys/socket.h>
-@@ -1143,15 +1144,26 @@ static int vhost_user_set_vring_num(struct vhost_dev *dev,
- return vhost_set_vring(dev, VHOST_USER_SET_VRING_NUM, ring);
- }
-
--static void vhost_user_host_notifier_remove(struct vhost_dev *dev,
-- int queue_idx)
-+static void vhost_user_host_notifier_free(VhostUserHostNotifier *n)
- {
-- struct vhost_user *u = dev->opaque;
-- VhostUserHostNotifier *n = &u->user->notifier[queue_idx];
-- VirtIODevice *vdev = dev->vdev;
-+ assert(n && n->unmap_addr);
-+ munmap(n->unmap_addr, qemu_real_host_page_size);
-+ n->unmap_addr = NULL;
-+}
-+
-+static void vhost_user_host_notifier_remove(VhostUserState *user,
-+ VirtIODevice *vdev, int queue_idx)
-+{
-+ VhostUserHostNotifier *n = &user->notifier[queue_idx];
-
- if (n->addr) {
-- virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, false);
-+ if (vdev) {
-+ virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, false);
-+ }
-+ assert(!n->unmap_addr);
-+ n->unmap_addr = n->addr;
-+ n->addr = NULL;
-+ call_rcu(n, vhost_user_host_notifier_free, rcu);
- }
- }
-
-@@ -1190,8 +1202,9 @@ static int vhost_user_get_vring_base(struct vhost_dev *dev,
- .payload.state = *ring,
- .hdr.size = sizeof(msg.payload.state),
- };
-+ struct vhost_user *u = dev->opaque;
-
-- vhost_user_host_notifier_remove(dev, ring->index);
-+ vhost_user_host_notifier_remove(u->user, dev->vdev, ring->index);
-
- if (vhost_user_write(dev, &msg, NULL, 0) < 0) {
- return -1;
-@@ -1486,12 +1499,7 @@ static int vhost_user_slave_handle_vring_host_notifier(struct vhost_dev *dev,
-
- n = &user->notifier[queue_idx];
-
-- if (n->addr) {
-- virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, false);
-- object_unparent(OBJECT(&n->mr));
-- munmap(n->addr, page_size);
-- n->addr = NULL;
-- }
-+ vhost_user_host_notifier_remove(user, vdev, queue_idx);
-
- if (area->u64 & VHOST_USER_VRING_NOFD_MASK) {
- return 0;
-@@ -1510,9 +1518,12 @@ static int vhost_user_slave_handle_vring_host_notifier(struct vhost_dev *dev,
-
- name = g_strdup_printf("vhost-user/host-notifier@%p mmaps[%d]",
- user, queue_idx);
-- if (!n->mr.ram) /* Don't init again after suspend. */
-+ if (!n->mr.ram) { /* Don't init again after suspend. */
- memory_region_init_ram_device_ptr(&n->mr, OBJECT(vdev), name,
- page_size, addr);
-+ } else {
-+ n->mr.ram_block->host = addr;
-+ }
- g_free(name);
-
- if (virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, true)) {
-@@ -2460,17 +2471,16 @@ bool vhost_user_init(VhostUserState *user, CharBackend *chr, Error **errp)
- void vhost_user_cleanup(VhostUserState *user)
- {
- int i;
-+ VhostUserHostNotifier *n;
-
- if (!user->chr) {
- return;
- }
- memory_region_transaction_begin();
- for (i = 0; i < VIRTIO_QUEUE_MAX; i++) {
-- if (user->notifier[i].addr) {
-- object_unparent(OBJECT(&user->notifier[i].mr));
-- munmap(user->notifier[i].addr, qemu_real_host_page_size);
-- user->notifier[i].addr = NULL;
-- }
-+ n = &user->notifier[i];
-+ vhost_user_host_notifier_remove(user, NULL, i);
-+ object_unparent(OBJECT(&n->mr));
- }
- memory_region_transaction_commit();
- user->chr = NULL;
-diff --git a/include/hw/virtio/vhost-user.h b/include/hw/virtio/vhost-user.h
-index f6012b2078..e44a41bb70 100644
---- a/include/hw/virtio/vhost-user.h
-+++ b/include/hw/virtio/vhost-user.h
-@@ -12,8 +12,10 @@
- #include "hw/virtio/virtio.h"
-
- typedef struct VhostUserHostNotifier {
-+ struct rcu_head rcu;
- MemoryRegion mr;
- void *addr;
-+ void *unmap_addr;
- } VhostUserHostNotifier;
-
- typedef struct VhostUserState {
diff --git a/debian/patches/extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch b/debian/patches/extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch
deleted file mode 100644
index a1b56e1..0000000
--- a/debian/patches/extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Halil Pasic <pasic@linux.ibm.com>
-Date: Mon, 7 Feb 2022 12:28:57 +0100
-Subject: [PATCH] virtio: fix the condition for iommu_platform not supported
-
-The commit 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but
-unsupported") claims to fail the device hotplug when iommu_platform
-is requested, but not supported by the (vhost) device. On the first
-glance the condition for detecting that situation looks perfect, but
-because a certain peculiarity of virtio_platform it ain't.
-
-In fact the aforementioned commit introduces a regression. It breaks
-virtio-fs support for Secure Execution, and most likely also for AMD SEV
-or any other confidential guest scenario that relies encrypted guest
-memory. The same also applies to any other vhost device that does not
-support _F_ACCESS_PLATFORM.
-
-The peculiarity is that iommu_platform and _F_ACCESS_PLATFORM collates
-"device can not access all of the guest RAM" and "iova != gpa, thus
-device needs to translate iova".
-
-Confidential guest technologies currently rely on the device/hypervisor
-offering _F_ACCESS_PLATFORM, so that, after the feature has been
-negotiated, the guest grants access to the portions of memory the
-device needs to see. So in for confidential guests, generally,
-_F_ACCESS_PLATFORM is about the restricted access to memory, but not
-about the addresses used being something else than guest physical
-addresses.
-
-This is the very reason for which commit f7ef7e6e3b ("vhost: correctly
-turn on VIRTIO_F_IOMMU_PLATFORM") fences _F_ACCESS_PLATFORM from the
-vhost device that does not need it, because on the vhost interface it
-only means "I/O address translation is needed".
-
-This patch takes inspiration from f7ef7e6e3b ("vhost: correctly turn on
-VIRTIO_F_IOMMU_PLATFORM"), and uses the same condition for detecting the
-situation when _F_ACCESS_PLATFORM is requested, but no I/O translation
-by the device, and thus no device capability is needed. In this
-situation claiming that the device does not support iommu_plattform=on
-is counter-productive. So let us stop doing that!
-
-Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
-Reported-by: Jakob Naucke <Jakob.Naucke@ibm.com>
-Fixes: 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but
-unsupported")
-Acked-by: Cornelia Huck <cohuck@redhat.com>
-Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
-Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com>
-Cc: Kevin Wolf <kwolf@redhat.com>
-Cc: qemu-stable@nongnu.org
-
-Message-Id: <20220207112857.607829-1-pasic@linux.ibm.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-Acked-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit e65902a913bf31ba79a83a3bd3621108b85cf645)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/virtio/virtio-bus.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c
-index d23db98c56..0f69d1c742 100644
---- a/hw/virtio/virtio-bus.c
-+++ b/hw/virtio/virtio-bus.c
-@@ -48,6 +48,7 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
- VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);
- VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);
- bool has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
-+ bool vdev_has_iommu;
- Error *local_err = NULL;
-
- DPRINTF("%s: plug device.\n", qbus->name);
-@@ -69,11 +70,6 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
- return;
- }
-
-- if (has_iommu && !virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) {
-- error_setg(errp, "iommu_platform=true is not supported by the device");
-- return;
-- }
--
- if (klass->device_plugged != NULL) {
- klass->device_plugged(qbus->parent, &local_err);
- }
-@@ -82,9 +78,15 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
- return;
- }
-
-+ vdev_has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
- if (klass->get_dma_as != NULL && has_iommu) {
- virtio_add_feature(&vdev->host_features, VIRTIO_F_IOMMU_PLATFORM);
- vdev->dma_as = klass->get_dma_as(qbus->parent);
-+ if (!vdev_has_iommu && vdev->dma_as != &address_space_memory) {
-+ error_setg(errp,
-+ "iommu_platform=true is not supported by the device");
-+ return;
-+ }
- } else {
- vdev->dma_as = &address_space_memory;
- }
diff --git a/debian/patches/extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch b/debian/patches/extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch
deleted file mode 100644
index 722ab2c..0000000
--- a/debian/patches/extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Rao Lei <lei.rao@intel.com>
-Date: Fri, 6 May 2022 14:38:36 +0200
-Subject: [PATCH] ui/vnc.c: Fixed a deadlock bug.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The GDB statck is as follows:
-(gdb) bt
-0 __lll_lock_wait (futex=futex@entry=0x56211df20360, private=0) at lowlevellock.c:52
-1 0x00007f263caf20a3 in __GI___pthread_mutex_lock (mutex=0x56211df20360) at ../nptl/pthread_mutex_lock.c:80
-2 0x000056211a757364 in qemu_mutex_lock_impl (mutex=0x56211df20360, file=0x56211a804857 "../ui/vnc-jobs.h", line=60)
- at ../util/qemu-thread-posix.c:80
-3 0x000056211a0ef8c7 in vnc_lock_output (vs=0x56211df14200) at ../ui/vnc-jobs.h:60
-4 0x000056211a0efcb7 in vnc_clipboard_send (vs=0x56211df14200, count=1, dwords=0x7ffdf1701338) at ../ui/vnc-clipboard.c:138
-5 0x000056211a0f0129 in vnc_clipboard_notify (notifier=0x56211df244c8, data=0x56211dd1bbf0) at ../ui/vnc-clipboard.c:209
-6 0x000056211a75dde8 in notifier_list_notify (list=0x56211afa17d0 <clipboard_notifiers>, data=0x56211dd1bbf0) at ../util/notify.c:39
-7 0x000056211a0bf0e6 in qemu_clipboard_update (info=0x56211dd1bbf0) at ../ui/clipboard.c:50
-8 0x000056211a0bf05d in qemu_clipboard_peer_release (peer=0x56211df244c0, selection=QEMU_CLIPBOARD_SELECTION_CLIPBOARD)
- at ../ui/clipboard.c:41
-9 0x000056211a0bef9b in qemu_clipboard_peer_unregister (peer=0x56211df244c0) at ../ui/clipboard.c:19
-10 0x000056211a0d45f3 in vnc_disconnect_finish (vs=0x56211df14200) at ../ui/vnc.c:1358
-11 0x000056211a0d4c9d in vnc_client_read (vs=0x56211df14200) at ../ui/vnc.c:1611
-12 0x000056211a0d4df8 in vnc_client_io (ioc=0x56211ce70690, condition=G_IO_IN, opaque=0x56211df14200) at ../ui/vnc.c:1649
-13 0x000056211a5b976c in qio_channel_fd_source_dispatch
- (source=0x56211ce50a00, callback=0x56211a0d4d71 <vnc_client_io>, user_data=0x56211df14200) at ../io/channel-watch.c:84
-14 0x00007f263ccede8e in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
-15 0x000056211a77d4a1 in glib_pollfds_poll () at ../util/main-loop.c:232
-16 0x000056211a77d51f in os_host_main_loop_wait (timeout=958545) at ../util/main-loop.c:255
-17 0x000056211a77d630 in main_loop_wait (nonblocking=0) at ../util/main-loop.c:531
-18 0x000056211a45bc8e in qemu_main_loop () at ../softmmu/runstate.c:726
-19 0x000056211a0b45fa in main (argc=69, argv=0x7ffdf1701778, envp=0x7ffdf17019a8) at ../softmmu/main.c:50
-
-From the call trace, we can see it is a deadlock bug.
-vnc_disconnect_finish will acquire the output_mutex.
-But, the output_mutex will be acquired again in vnc_clipboard_send.
-Repeated locking will cause deadlock. So, I move
-qemu_clipboard_peer_unregister() behind vnc_unlock_output();
-
-Fixes: 0bf41cab93e ("ui/vnc: clipboard support")
-Signed-off-by: Lei Rao <lei.rao@intel.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-Id: <20220105020808.597325-1-lei.rao@intel.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry-picked from commit 1dbbe6f172810026c51dc84ed927a3cc23017949)
-[FE: trivial backport for 6.2]
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- ui/vnc.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ui/vnc.c b/ui/vnc.c
-index af02522e84..b253e85c65 100644
---- a/ui/vnc.c
-+++ b/ui/vnc.c
-@@ -1354,12 +1354,12 @@ void vnc_disconnect_finish(VncState *vs)
- /* last client gone */
- vnc_update_server_surface(vs->vd);
- }
-+ vnc_unlock_output(vs);
-+
- if (vs->cbpeer.update.notify) {
- qemu_clipboard_peer_unregister(&vs->cbpeer);
- }
-
-- vnc_unlock_output(vs);
--
- qemu_mutex_destroy(&vs->output_mutex);
- if (vs->bh != NULL) {
- qemu_bh_delete(vs->bh);
diff --git a/debian/patches/extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch b/debian/patches/extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
deleted file mode 100644
index cac949b..0000000
--- a/debian/patches/extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Mauro Matteo Cascella <mcascell@redhat.com>
-Date: Thu, 7 Apr 2022 10:11:06 +0200
-Subject: [PATCH] display/qxl-render: fix race condition in qxl_cursor
- (CVE-2021-4207)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Avoid fetching 'width' and 'height' a second time to prevent possible
-race condition. Refer to security advisory
-https://starlabs.sg/advisories/22-4207/ for more information.
-
-Fixes: CVE-2021-4207
-Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-Id: <20220407081106.343235-1-mcascell@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit 9569f5cb5b4bffa9d3ebc8ba7da1e03830a9a895)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/display/qxl-render.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
-index d28849b121..237ed293ba 100644
---- a/hw/display/qxl-render.c
-+++ b/hw/display/qxl-render.c
-@@ -266,7 +266,7 @@ static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor,
- }
- break;
- case SPICE_CURSOR_TYPE_ALPHA:
-- size = sizeof(uint32_t) * cursor->header.width * cursor->header.height;
-+ size = sizeof(uint32_t) * c->width * c->height;
- qxl_unpack_chunks(c->data, size, qxl, &cursor->chunk, group_id);
- if (qxl->debug > 2) {
- cursor_print_ascii_art(c, "qxl/alpha");
diff --git a/debian/patches/extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch b/debian/patches/extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
deleted file mode 100644
index 7c295f9..0000000
--- a/debian/patches/extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Mauro Matteo Cascella <mcascell@redhat.com>
-Date: Thu, 7 Apr 2022 10:17:12 +0200
-Subject: [PATCH] ui/cursor: fix integer overflow in cursor_alloc
- (CVE-2021-4206)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Prevent potential integer overflow by limiting 'width' and 'height' to
-512x512. Also change 'datasize' type to size_t. Refer to security
-advisory https://starlabs.sg/advisories/22-4206/ for more information.
-
-Fixes: CVE-2021-4206
-Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-Id: <20220407081712.345609-1-mcascell@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit fa892e9abb728e76afcf27323ab29c57fb0fe7aa)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/display/qxl-render.c | 7 +++++++
- hw/display/vmware_vga.c | 2 ++
- ui/cursor.c | 8 +++++++-
- 3 files changed, 16 insertions(+), 1 deletion(-)
-
-diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
-index 237ed293ba..ca217004bf 100644
---- a/hw/display/qxl-render.c
-+++ b/hw/display/qxl-render.c
-@@ -247,6 +247,13 @@ static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor,
- size_t size;
-
- c = cursor_alloc(cursor->header.width, cursor->header.height);
-+
-+ if (!c) {
-+ qxl_set_guest_bug(qxl, "%s: cursor %ux%u alloc error", __func__,
-+ cursor->header.width, cursor->header.height);
-+ goto fail;
-+ }
-+
- c->hot_x = cursor->header.hot_spot_x;
- c->hot_y = cursor->header.hot_spot_y;
- switch (cursor->header.type) {
-diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
-index e2969a6c81..2b81d6122f 100644
---- a/hw/display/vmware_vga.c
-+++ b/hw/display/vmware_vga.c
-@@ -509,6 +509,8 @@ static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,
- int i, pixels;
-
- qc = cursor_alloc(c->width, c->height);
-+ assert(qc != NULL);
-+
- qc->hot_x = c->hot_x;
- qc->hot_y = c->hot_y;
- switch (c->bpp) {
-diff --git a/ui/cursor.c b/ui/cursor.c
-index 1d62ddd4d0..835f0802f9 100644
---- a/ui/cursor.c
-+++ b/ui/cursor.c
-@@ -46,6 +46,8 @@ static QEMUCursor *cursor_parse_xpm(const char *xpm[])
-
- /* parse pixel data */
- c = cursor_alloc(width, height);
-+ assert(c != NULL);
-+
- for (pixel = 0, y = 0; y < height; y++, line++) {
- for (x = 0; x < height; x++, pixel++) {
- idx = xpm[line][x];
-@@ -91,7 +93,11 @@ QEMUCursor *cursor_builtin_left_ptr(void)
- QEMUCursor *cursor_alloc(int width, int height)
- {
- QEMUCursor *c;
-- int datasize = width * height * sizeof(uint32_t);
-+ size_t datasize = width * height * sizeof(uint32_t);
-+
-+ if (width > 512 || height > 512) {
-+ return NULL;
-+ }
-
- c = g_malloc0(sizeof(QEMUCursor) + datasize);
- c->width = width;
diff --git a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
index ae9a483..700afed 100644
--- a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
+++ b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index b283093e5b..821405fd02 100644
+index 39a3d6dbe6..e5bf5d59bf 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -552,7 +552,7 @@ static QemuOptsList raw_runtime_opts = {
+@@ -554,7 +554,7 @@ static QemuOptsList raw_runtime_opts = {
{
.name = "locking",
.type = QEMU_OPT_STRING,
@@ -26,7 +26,7 @@ index b283093e5b..821405fd02 100644
},
{
.name = "pr-manager",
-@@ -652,7 +652,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
+@@ -654,7 +654,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
s->use_lock = false;
break;
case ON_OFF_AUTO_AUTO:
diff --git a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
index 051e997..6a19ef0 100644
--- a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
+++ b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
@@ -10,10 +10,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
-index 04f2b790c9..19fdbb981c 100644
+index 982c532353..5395e7e471 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
-@@ -2039,9 +2039,9 @@ uint64_t cpu_get_tsc(CPUX86State *env);
+@@ -2087,9 +2087,9 @@ uint64_t cpu_get_tsc(CPUX86State *env);
#define CPU_RESOLVING_TYPE TYPE_X86_CPU
#ifdef TARGET_X86_64
diff --git a/debian/patches/pve/0004-PVE-Config-ui-spice-default-to-pve-certificates.patch b/debian/patches/pve/0004-PVE-Config-ui-spice-default-to-pve-certificates.patch
index 0e41fd1..39aedf0 100644
--- a/debian/patches/pve/0004-PVE-Config-ui-spice-default-to-pve-certificates.patch
+++ b/debian/patches/pve/0004-PVE-Config-ui-spice-default-to-pve-certificates.patch
@@ -9,7 +9,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/ui/spice-core.c b/ui/spice-core.c
-index 31974b8d6c..a3acdbd682 100644
+index c3ac20ad43..37774f1c0a 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -689,32 +689,35 @@ static void qemu_spice_init(void)
diff --git a/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch b/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch
index e378405..ce4366d 100644
--- a/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch
+++ b/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch
@@ -18,7 +18,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+)
diff --git a/block/rbd.c b/block/rbd.c
-index def96292e0..a4b8fb482c 100644
+index 6caf35cbba..0cec24c86d 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -820,6 +820,8 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
diff --git a/debian/patches/pve/0007-PVE-Up-qmp-add-get_link_status.patch b/debian/patches/pve/0007-PVE-Up-qmp-add-get_link_status.patch
index ac54142..d6b5440 100644
--- a/debian/patches/pve/0007-PVE-Up-qmp-add-get_link_status.patch
+++ b/debian/patches/pve/0007-PVE-Up-qmp-add-get_link_status.patch
@@ -49,7 +49,7 @@ index f0d14dbfc1..6d476c47ef 100644
{
NetClientState *nc;
diff --git a/qapi/net.json b/qapi/net.json
-index 7fab2e7cd8..74c9a6109e 100644
+index b92f3f5fb4..52c7e1f82b 100644
--- a/qapi/net.json
+++ b/qapi/net.json
@@ -35,6 +35,21 @@
@@ -75,10 +75,10 @@ index 7fab2e7cd8..74c9a6109e 100644
# @netdev_add:
#
diff --git a/qapi/pragma.json b/qapi/pragma.json
-index 3bc0335d1f..7c91ea3685 100644
+index e6a021c19c..41139d8645 100644
--- a/qapi/pragma.json
+++ b/qapi/pragma.json
-@@ -22,6 +22,7 @@
+@@ -25,6 +25,7 @@
'system_reset',
'system_wakeup' ],
'command-returns-exceptions': [
diff --git a/debian/patches/pve/0009-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch b/debian/patches/pve/0009-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch
index 58f04c8..0d67cd2 100644
--- a/debian/patches/pve/0009-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch
+++ b/debian/patches/pve/0009-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch
@@ -9,10 +9,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/qemu-img.c b/qemu-img.c
-index f036a1d428..080ad9bca7 100644
+index 1caddfb23a..2782e181c0 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -2989,7 +2989,8 @@ static int img_info(int argc, char **argv)
+@@ -3005,7 +3005,8 @@ static int img_info(int argc, char **argv)
list = collect_image_info_list(image_opts, filename, fmt, chain,
force_share);
if (!list) {
diff --git a/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch b/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch
index 26ccf4f..7163f0f 100644
--- a/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch
+++ b/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch
@@ -37,7 +37,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 119 insertions(+), 72 deletions(-)
diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
-index 72bcdcfbfa..0b2999f3ab 100644
+index 1b1dab5b17..d1616c045a 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -58,9 +58,9 @@ SRST
@@ -53,10 +53,10 @@ index 72bcdcfbfa..0b2999f3ab 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index 080ad9bca7..1f457d9e80 100644
+index 2782e181c0..8cd43b3601 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4805,10 +4805,12 @@ static int img_bitmap(int argc, char **argv)
+@@ -4821,10 +4821,12 @@ static int img_bitmap(int argc, char **argv)
#define C_IF 04
#define C_OF 010
#define C_SKIP 020
@@ -69,7 +69,7 @@ index 080ad9bca7..1f457d9e80 100644
};
struct DdIo {
-@@ -4884,6 +4886,19 @@ static int img_dd_skip(const char *arg,
+@@ -4900,6 +4902,19 @@ static int img_dd_skip(const char *arg,
return 0;
}
@@ -89,7 +89,7 @@ index 080ad9bca7..1f457d9e80 100644
static int img_dd(int argc, char **argv)
{
int ret = 0;
-@@ -4924,6 +4939,7 @@ static int img_dd(int argc, char **argv)
+@@ -4940,6 +4955,7 @@ static int img_dd(int argc, char **argv)
{ "if", img_dd_if, C_IF },
{ "of", img_dd_of, C_OF },
{ "skip", img_dd_skip, C_SKIP },
@@ -97,7 +97,7 @@ index 080ad9bca7..1f457d9e80 100644
{ NULL, NULL, 0 }
};
const struct option long_options[] = {
-@@ -4999,91 +5015,112 @@ static int img_dd(int argc, char **argv)
+@@ -5015,91 +5031,112 @@ static int img_dd(int argc, char **argv)
arg = NULL;
}
@@ -274,7 +274,7 @@ index 080ad9bca7..1f457d9e80 100644
}
if (dd.flags & C_SKIP && (in.offset > INT64_MAX / in.bsz ||
-@@ -5101,11 +5138,17 @@ static int img_dd(int argc, char **argv)
+@@ -5117,11 +5154,17 @@ static int img_dd(int argc, char **argv)
for (out_pos = 0; in_pos < size; block_count++) {
int in_ret, out_ret;
@@ -296,7 +296,7 @@ index 080ad9bca7..1f457d9e80 100644
}
if (in_ret < 0) {
error_report("error while reading from input image file: %s",
-@@ -5115,9 +5158,13 @@ static int img_dd(int argc, char **argv)
+@@ -5131,9 +5174,13 @@ static int img_dd(int argc, char **argv)
}
in_pos += in_ret;
diff --git a/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-isize-parameter.patch b/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-isize-parameter.patch
index 3e4434f..29df3de 100644
--- a/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-isize-parameter.patch
+++ b/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-isize-parameter.patch
@@ -15,10 +15,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/qemu-img.c b/qemu-img.c
-index 1f457d9e80..d9e8a8c4d4 100644
+index 8cd43b3601..67033b2d2c 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4806,11 +4806,13 @@ static int img_bitmap(int argc, char **argv)
+@@ -4822,11 +4822,13 @@ static int img_bitmap(int argc, char **argv)
#define C_OF 010
#define C_SKIP 020
#define C_OSIZE 040
@@ -32,7 +32,7 @@ index 1f457d9e80..d9e8a8c4d4 100644
};
struct DdIo {
-@@ -4899,6 +4901,19 @@ static int img_dd_osize(const char *arg,
+@@ -4915,6 +4917,19 @@ static int img_dd_osize(const char *arg,
return 0;
}
@@ -52,7 +52,7 @@ index 1f457d9e80..d9e8a8c4d4 100644
static int img_dd(int argc, char **argv)
{
int ret = 0;
-@@ -4913,12 +4928,14 @@ static int img_dd(int argc, char **argv)
+@@ -4929,12 +4944,14 @@ static int img_dd(int argc, char **argv)
int c, i;
const char *out_fmt = "raw";
const char *fmt = NULL;
@@ -68,7 +68,7 @@ index 1f457d9e80..d9e8a8c4d4 100644
};
struct DdIo in = {
.bsz = 512, /* Block size is by default 512 bytes */
-@@ -4940,6 +4957,7 @@ static int img_dd(int argc, char **argv)
+@@ -4956,6 +4973,7 @@ static int img_dd(int argc, char **argv)
{ "of", img_dd_of, C_OF },
{ "skip", img_dd_skip, C_SKIP },
{ "osize", img_dd_osize, C_OSIZE },
@@ -76,7 +76,7 @@ index 1f457d9e80..d9e8a8c4d4 100644
{ NULL, NULL, 0 }
};
const struct option long_options[] = {
-@@ -5136,14 +5154,18 @@ static int img_dd(int argc, char **argv)
+@@ -5152,14 +5170,18 @@ static int img_dd(int argc, char **argv)
in.buf = g_new(uint8_t, in.bsz);
diff --git a/debian/patches/pve/0012-PVE-Up-qemu-img-dd-add-n-skip_create.patch b/debian/patches/pve/0012-PVE-Up-qemu-img-dd-add-n-skip_create.patch
index f086107..39991dd 100644
--- a/debian/patches/pve/0012-PVE-Up-qemu-img-dd-add-n-skip_create.patch
+++ b/debian/patches/pve/0012-PVE-Up-qemu-img-dd-add-n-skip_create.patch
@@ -13,7 +13,7 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
3 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/docs/tools/qemu-img.rst b/docs/tools/qemu-img.rst
-index d663dd92bd..a49badb158 100644
+index 8885ea11cf..33979b7430 100644
--- a/docs/tools/qemu-img.rst
+++ b/docs/tools/qemu-img.rst
@@ -208,6 +208,10 @@ Parameters to convert subcommand:
@@ -49,7 +49,7 @@ index d663dd92bd..a49badb158 100644
Give information about the disk image *FILENAME*. Use it in
diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
-index 0b2999f3ab..f3b2b1b4de 100644
+index d1616c045a..b5b0bb4467 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -58,9 +58,9 @@ SRST
@@ -65,10 +65,10 @@ index 0b2999f3ab..f3b2b1b4de 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index d9e8a8c4d4..015d6d2ce4 100644
+index 67033b2d2c..35c2bdc95c 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4930,7 +4930,7 @@ static int img_dd(int argc, char **argv)
+@@ -4946,7 +4946,7 @@ static int img_dd(int argc, char **argv)
const char *fmt = NULL;
int64_t size = 0, readsize = 0;
int64_t block_count = 0, out_pos, in_pos;
@@ -77,7 +77,7 @@ index d9e8a8c4d4..015d6d2ce4 100644
struct DdInfo dd = {
.flags = 0,
.count = 0,
-@@ -4968,7 +4968,7 @@ static int img_dd(int argc, char **argv)
+@@ -4984,7 +4984,7 @@ static int img_dd(int argc, char **argv)
{ 0, 0, 0, 0 }
};
@@ -86,7 +86,7 @@ index d9e8a8c4d4..015d6d2ce4 100644
if (c == EOF) {
break;
}
-@@ -4988,6 +4988,9 @@ static int img_dd(int argc, char **argv)
+@@ -5004,6 +5004,9 @@ static int img_dd(int argc, char **argv)
case 'h':
help();
break;
@@ -96,7 +96,7 @@ index d9e8a8c4d4..015d6d2ce4 100644
case 'U':
force_share = true;
break;
-@@ -5118,13 +5121,15 @@ static int img_dd(int argc, char **argv)
+@@ -5134,13 +5137,15 @@ static int img_dd(int argc, char **argv)
size - in.bsz * in.offset, &error_abort);
}
diff --git a/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch b/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch
index 88a9785..a52235f 100644
--- a/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch
+++ b/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 81 insertions(+), 4 deletions(-)
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
-index 9a4f491b54..1faa16234e 100644
+index 163d244eb4..389907f1f8 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
-@@ -812,8 +812,37 @@ static uint64_t virtio_balloon_get_features(VirtIODevice *vdev, uint64_t f,
+@@ -813,8 +813,37 @@ static uint64_t virtio_balloon_get_features(VirtIODevice *vdev, uint64_t f,
static void virtio_balloon_stat(void *opaque, BalloonInfo *info)
{
VirtIOBalloon *dev = opaque;
@@ -58,10 +58,10 @@ index 9a4f491b54..1faa16234e 100644
static void virtio_balloon_to_target(void *opaque, ram_addr_t target)
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index 2e91ccb738..e9fa9af6bd 100644
+index 634968498b..5482dd0569 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
-@@ -696,7 +696,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict)
+@@ -708,7 +708,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict)
return;
}
@@ -99,7 +99,7 @@ index 2e91ccb738..e9fa9af6bd 100644
qapi_free_BalloonInfo(info);
}
diff --git a/qapi/machine.json b/qapi/machine.json
-index 067e3f5378..91f3be6f44 100644
+index d25a481ce4..3627172aed 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -1018,10 +1018,30 @@
diff --git a/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch b/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch
index a7dfb1d..8c7d776 100644
--- a/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch
+++ b/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch
@@ -30,10 +30,10 @@ index 4f4ab30f8c..76fff60a6b 100644
info->default_cpu_type = g_strdup(mc->default_cpu_type);
info->has_default_cpu_type = true;
diff --git a/qapi/machine.json b/qapi/machine.json
-index 91f3be6f44..0905618e25 100644
+index 3627172aed..ca133e68ce 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
-@@ -141,6 +141,8 @@
+@@ -139,6 +139,8 @@
#
# @is-default: whether the machine is default
#
@@ -42,7 +42,7 @@ index 91f3be6f44..0905618e25 100644
# @cpu-max: maximum number of CPUs supported by the machine type
# (since 1.5)
#
-@@ -162,7 +164,7 @@
+@@ -160,7 +162,7 @@
##
{ 'struct': 'MachineInfo',
'data': { 'name': 'str', '*alias': 'str',
diff --git a/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch b/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch
index 538a0c0..3f7fd62 100644
--- a/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch
+++ b/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch
@@ -12,10 +12,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 8 insertions(+)
diff --git a/qapi/ui.json b/qapi/ui.json
-index 4244c62c30..f946fbd8c1 100644
+index 13a8bb82aa..4c34436ba7 100644
--- a/qapi/ui.json
+++ b/qapi/ui.json
-@@ -333,11 +333,14 @@
+@@ -300,11 +300,14 @@
#
# @channels: a list of @SpiceChannel for each active spice channel
#
@@ -31,7 +31,7 @@ index 4244c62c30..f946fbd8c1 100644
'if': 'CONFIG_SPICE' }
diff --git a/ui/spice-core.c b/ui/spice-core.c
-index a3acdbd682..756776778d 100644
+index 37774f1c0a..367f77f2b4 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -534,6 +534,11 @@ static SpiceInfo *qmp_query_spice_real(Error **errp)
diff --git a/debian/patches/pve/0016-PVE-add-savevm-async-for-background-state-snapshots.patch b/debian/patches/pve/0016-PVE-add-savevm-async-for-background-state-snapshots.patch
index 365e481..0197289 100644
--- a/debian/patches/pve/0016-PVE-add-savevm-async-for-background-state-snapshots.patch
+++ b/debian/patches/pve/0016-PVE-add-savevm-async-for-background-state-snapshots.patch
@@ -39,10 +39,10 @@ Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
create mode 100644 migration/savevm-async.c
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
-index 407a1da800..245f8acc55 100644
+index adfa085a9b..925e680e5a 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
-@@ -536,6 +536,19 @@ SRST
+@@ -538,6 +538,19 @@ SRST
Show current migration parameters.
ERST
@@ -63,7 +63,7 @@ index 407a1da800..245f8acc55 100644
.name = "balloon",
.args_type = "",
diff --git a/hmp-commands.hx b/hmp-commands.hx
-index 5efb47fc32..1ad13b668b 100644
+index 8476277aa9..7f0ac498c4 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1746,3 +1746,36 @@ ERST
@@ -138,7 +138,7 @@ index 96d014826a..3a39ba41b5 100644
void hmp_screendump(Monitor *mon, const QDict *qdict);
void hmp_chardev_add(Monitor *mon, const QDict *qdict);
diff --git a/migration/meson.build b/migration/meson.build
-index f8714dcb15..ea9aedeefc 100644
+index 8b5ca5c047..1e2aec8486 100644
--- a/migration/meson.build
+++ b/migration/meson.build
@@ -23,6 +23,7 @@ softmmu_ss.add(files(
@@ -754,10 +754,10 @@ index 0000000000..79a0cda906
+ return ret;
+}
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index e9fa9af6bd..5000ce39d1 100644
+index 5482dd0569..c64b959738 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
-@@ -1903,6 +1903,63 @@ void hmp_info_memory_devices(Monitor *mon, const QDict *qdict)
+@@ -1906,6 +1906,63 @@ void hmp_info_memory_devices(Monitor *mon, const QDict *qdict)
hmp_handle_error(mon, err);
}
@@ -822,10 +822,10 @@ index e9fa9af6bd..5000ce39d1 100644
{
IOThreadInfoList *info_list = qmp_query_iothreads(NULL);
diff --git a/qapi/migration.json b/qapi/migration.json
-index bbfd48cf0b..45686390a2 100644
+index 27d7b28158..31d6cc902e 100644
--- a/qapi/migration.json
+++ b/qapi/migration.json
-@@ -247,6 +247,40 @@
+@@ -258,6 +258,40 @@
'*compression': 'CompressionStats',
'*socket-address': ['SocketAddress'] } }
@@ -867,7 +867,7 @@ index bbfd48cf0b..45686390a2 100644
# @query-migrate:
#
diff --git a/qapi/misc.json b/qapi/misc.json
-index 358548abe1..25b3febc52 100644
+index b83cc39029..1e5dd7db29 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -435,6 +435,38 @@
@@ -910,10 +910,10 @@ index 358548abe1..25b3febc52 100644
# @CommandLineParameterType:
#
diff --git a/qemu-options.hx b/qemu-options.hx
-index ae2c6dbbfc..423144abeb 100644
+index 34e9b32a5c..aeade4ef80 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
-@@ -4171,6 +4171,18 @@ SRST
+@@ -4254,6 +4254,18 @@ SRST
Start right away with a saved state (``loadvm`` in monitor)
ERST
@@ -933,10 +933,10 @@ index ae2c6dbbfc..423144abeb 100644
DEF("daemonize", 0, QEMU_OPTION_daemonize, \
"-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL)
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index 620a1f1367..fd82efb8b3 100644
+index 6f646531a0..a3f2a3818c 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
-@@ -156,6 +156,7 @@ static const char *incoming;
+@@ -157,6 +157,7 @@ static const char *incoming;
static const char *loadvm;
static const char *accelerators;
static QDict *machine_opts_dict;
@@ -944,7 +944,7 @@ index 620a1f1367..fd82efb8b3 100644
static QTAILQ_HEAD(, ObjectOption) object_opts = QTAILQ_HEAD_INITIALIZER(object_opts);
static QTAILQ_HEAD(, DeviceOption) device_opts = QTAILQ_HEAD_INITIALIZER(device_opts);
static ram_addr_t maxram_size;
-@@ -2743,6 +2744,12 @@ void qmp_x_exit_preconfig(Error **errp)
+@@ -2749,6 +2750,12 @@ void qmp_x_exit_preconfig(Error **errp)
if (loadvm) {
load_snapshot(loadvm, NULL, false, NULL, &error_fatal);
@@ -957,7 +957,7 @@ index 620a1f1367..fd82efb8b3 100644
}
if (replay_mode != REPLAY_MODE_NONE) {
replay_vmstate_init();
-@@ -3284,6 +3291,9 @@ void qemu_init(int argc, char **argv, char **envp)
+@@ -3289,6 +3296,9 @@ void qemu_init(int argc, char **argv, char **envp)
case QEMU_OPTION_loadvm:
loadvm = optarg;
break;
diff --git a/debian/patches/pve/0017-PVE-add-optional-buffer-size-to-QEMUFile.patch b/debian/patches/pve/0017-PVE-add-optional-buffer-size-to-QEMUFile.patch
index 0bbaed4..e64ebbe 100644
--- a/debian/patches/pve/0017-PVE-add-optional-buffer-size-to-QEMUFile.patch
+++ b/debian/patches/pve/0017-PVE-add-optional-buffer-size-to-QEMUFile.patch
@@ -17,10 +17,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 28 insertions(+), 15 deletions(-)
diff --git a/migration/qemu-file.c b/migration/qemu-file.c
-index 6338d8e2ff..6697a93a7e 100644
+index 1479cddad9..21a3355ae2 100644
--- a/migration/qemu-file.c
+++ b/migration/qemu-file.c
-@@ -30,8 +30,8 @@
+@@ -31,8 +31,8 @@
#include "trace.h"
#include "qapi/error.h"
@@ -31,7 +31,7 @@ index 6338d8e2ff..6697a93a7e 100644
struct QEMUFile {
const QEMUFileOps *ops;
-@@ -45,7 +45,8 @@ struct QEMUFile {
+@@ -46,7 +46,8 @@ struct QEMUFile {
when reading */
int buf_index;
int buf_size; /* 0 when writing */
@@ -41,7 +41,7 @@ index 6338d8e2ff..6697a93a7e 100644
DECLARE_BITMAP(may_free, MAX_IOV_SIZE);
struct iovec iov[MAX_IOV_SIZE];
-@@ -103,7 +104,7 @@ bool qemu_file_mode_is_not_valid(const char *mode)
+@@ -104,7 +105,7 @@ bool qemu_file_mode_is_not_valid(const char *mode)
return false;
}
@@ -50,7 +50,7 @@ index 6338d8e2ff..6697a93a7e 100644
{
QEMUFile *f;
-@@ -112,9 +113,17 @@ QEMUFile *qemu_fopen_ops(void *opaque, const QEMUFileOps *ops, bool has_ioc)
+@@ -113,9 +114,17 @@ QEMUFile *qemu_fopen_ops(void *opaque, const QEMUFileOps *ops, bool has_ioc)
f->opaque = opaque;
f->ops = ops;
f->has_ioc = has_ioc;
@@ -68,7 +68,7 @@ index 6338d8e2ff..6697a93a7e 100644
void qemu_file_set_hooks(QEMUFile *f, const QEMUFileHooks *hooks)
{
-@@ -349,7 +358,7 @@ static ssize_t qemu_fill_buffer(QEMUFile *f)
+@@ -350,7 +359,7 @@ static ssize_t qemu_fill_buffer(QEMUFile *f)
}
len = f->ops->get_buffer(f->opaque, f->buf + pending, f->pos,
@@ -77,7 +77,7 @@ index 6338d8e2ff..6697a93a7e 100644
if (len > 0) {
f->buf_size += len;
f->pos += len;
-@@ -389,6 +398,9 @@ int qemu_fclose(QEMUFile *f)
+@@ -390,6 +399,9 @@ int qemu_fclose(QEMUFile *f)
ret = ret2;
}
}
@@ -87,7 +87,7 @@ index 6338d8e2ff..6697a93a7e 100644
/* If any error was spotted before closing, we should report it
* instead of the close() return value.
*/
-@@ -443,7 +455,7 @@ static void add_buf_to_iovec(QEMUFile *f, size_t len)
+@@ -444,7 +456,7 @@ static void add_buf_to_iovec(QEMUFile *f, size_t len)
{
if (!add_to_iovec(f, f->buf + f->buf_index, len, false)) {
f->buf_index += len;
@@ -96,7 +96,7 @@ index 6338d8e2ff..6697a93a7e 100644
qemu_fflush(f);
}
}
-@@ -469,7 +481,7 @@ void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, size_t size)
+@@ -470,7 +482,7 @@ void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, size_t size)
}
while (size > 0) {
@@ -105,7 +105,7 @@ index 6338d8e2ff..6697a93a7e 100644
if (l > size) {
l = size;
}
-@@ -516,8 +528,8 @@ size_t qemu_peek_buffer(QEMUFile *f, uint8_t **buf, size_t size, size_t offset)
+@@ -517,8 +529,8 @@ size_t qemu_peek_buffer(QEMUFile *f, uint8_t **buf, size_t size, size_t offset)
size_t index;
assert(!qemu_file_is_writable(f));
@@ -116,7 +116,7 @@ index 6338d8e2ff..6697a93a7e 100644
/* The 1st byte to read from */
index = f->buf_index + offset;
-@@ -567,7 +579,7 @@ size_t qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size)
+@@ -568,7 +580,7 @@ size_t qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size)
size_t res;
uint8_t *src;
@@ -125,7 +125,7 @@ index 6338d8e2ff..6697a93a7e 100644
if (res == 0) {
return done;
}
-@@ -601,7 +613,7 @@ size_t qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size)
+@@ -602,7 +614,7 @@ size_t qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size)
*/
size_t qemu_get_buffer_in_place(QEMUFile *f, uint8_t **buf, size_t size)
{
@@ -134,7 +134,7 @@ index 6338d8e2ff..6697a93a7e 100644
size_t res;
uint8_t *src = NULL;
-@@ -626,7 +638,7 @@ int qemu_peek_byte(QEMUFile *f, int offset)
+@@ -627,7 +639,7 @@ int qemu_peek_byte(QEMUFile *f, int offset)
int index = f->buf_index + offset;
assert(!qemu_file_is_writable(f));
@@ -143,7 +143,7 @@ index 6338d8e2ff..6697a93a7e 100644
if (index >= f->buf_size) {
qemu_fill_buffer(f);
-@@ -778,7 +790,7 @@ static int qemu_compress_data(z_stream *stream, uint8_t *dest, size_t dest_len,
+@@ -779,7 +791,7 @@ static int qemu_compress_data(z_stream *stream, uint8_t *dest, size_t dest_len,
ssize_t qemu_put_compression_data(QEMUFile *f, z_stream *stream,
const uint8_t *p, size_t size)
{
diff --git a/debian/patches/pve/0018-PVE-block-add-the-zeroinit-block-driver-filter.patch b/debian/patches/pve/0018-PVE-block-add-the-zeroinit-block-driver-filter.patch
index 9a17710..a0cc957 100644
--- a/debian/patches/pve/0018-PVE-block-add-the-zeroinit-block-driver-filter.patch
+++ b/debian/patches/pve/0018-PVE-block-add-the-zeroinit-block-driver-filter.patch
@@ -13,10 +13,10 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
create mode 100644 block/zeroinit.c
diff --git a/block/meson.build b/block/meson.build
-index deb73ca389..c9d1fdca7d 100644
+index 0b2a60c99b..9451fc3ccd 100644
--- a/block/meson.build
+++ b/block/meson.build
-@@ -41,6 +41,7 @@ block_ss.add(files(
+@@ -43,6 +43,7 @@ block_ss.add(files(
'vmdk.c',
'vpc.c',
'write-threshold.c',
diff --git a/debian/patches/pve/0019-PVE-Add-dummy-id-command-line-parameter.patch b/debian/patches/pve/0019-PVE-Add-dummy-id-command-line-parameter.patch
index be8407b..488a70c 100644
--- a/debian/patches/pve/0019-PVE-Add-dummy-id-command-line-parameter.patch
+++ b/debian/patches/pve/0019-PVE-Add-dummy-id-command-line-parameter.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 11 insertions(+)
diff --git a/qemu-options.hx b/qemu-options.hx
-index 423144abeb..4879471aeb 100644
+index aeade4ef80..a26f0b0400 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
-@@ -1019,6 +1019,9 @@ DEFHEADING()
+@@ -1075,6 +1075,9 @@ DEFHEADING()
DEFHEADING(Block device options:)
@@ -28,10 +28,10 @@ index 423144abeb..4879471aeb 100644
"-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL)
DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL)
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index fd82efb8b3..eb05e5a000 100644
+index a3f2a3818c..4208142685 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
-@@ -2779,6 +2779,7 @@ void qemu_init(int argc, char **argv, char **envp)
+@@ -2785,6 +2785,7 @@ void qemu_init(int argc, char **argv, char **envp)
MachineClass *machine_class;
bool userconfig = true;
FILE *vmstate_dump_file = NULL;
@@ -39,7 +39,7 @@ index fd82efb8b3..eb05e5a000 100644
qemu_add_opts(&qemu_drive_opts);
qemu_add_drive_opts(&qemu_legacy_drive_opts);
-@@ -3421,6 +3422,13 @@ void qemu_init(int argc, char **argv, char **envp)
+@@ -3420,6 +3421,13 @@ void qemu_init(int argc, char **argv, char **envp)
machine_parse_property_opt(qemu_find_opts("smp-opts"),
"smp", optarg);
break;
diff --git a/debian/patches/pve/0021-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch b/debian/patches/pve/0021-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
index 1d758aa..99299d3 100644
--- a/debian/patches/pve/0021-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
+++ b/debian/patches/pve/0021-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
@@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 42 insertions(+), 20 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index 821405fd02..e3b6c3c524 100644
+index e5bf5d59bf..b013668dce 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -2465,6 +2465,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2461,6 +2461,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
int fd;
uint64_t perm, shared;
int result = 0;
@@ -24,7 +24,7 @@ index 821405fd02..e3b6c3c524 100644
/* Validate options and set default values */
assert(options->driver == BLOCKDEV_DRIVER_FILE);
-@@ -2505,19 +2506,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2501,19 +2502,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
perm = BLK_PERM_WRITE | BLK_PERM_RESIZE;
shared = BLK_PERM_ALL & ~BLK_PERM_RESIZE;
@@ -59,7 +59,7 @@ index 821405fd02..e3b6c3c524 100644
}
/* Clear the file by truncating it to 0 */
-@@ -2571,13 +2575,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2567,13 +2571,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
}
out_unlock:
@@ -82,7 +82,7 @@ index 821405fd02..e3b6c3c524 100644
}
out_close:
-@@ -2602,6 +2608,7 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
+@@ -2598,6 +2604,7 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
PreallocMode prealloc;
char *buf = NULL;
Error *local_err = NULL;
@@ -90,7 +90,7 @@ index 821405fd02..e3b6c3c524 100644
/* Skip file: protocol prefix */
strstart(filename, "file:", &filename);
-@@ -2624,6 +2631,18 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
+@@ -2620,6 +2627,18 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
return -EINVAL;
}
@@ -109,7 +109,7 @@ index 821405fd02..e3b6c3c524 100644
options = (BlockdevCreateOptions) {
.driver = BLOCKDEV_DRIVER_FILE,
.u.file = {
-@@ -2635,6 +2654,8 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
+@@ -2631,6 +2650,8 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
.nocow = nocow,
.has_extent_size_hint = has_extent_size_hint,
.extent_size_hint = extent_size_hint,
@@ -119,10 +119,10 @@ index 821405fd02..e3b6c3c524 100644
};
return raw_co_create(&options, errp);
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 1d3dd9cb48..3f81d6a5c0 100644
+index fb25c2b245..564b6b43f7 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -4445,7 +4445,8 @@
+@@ -4484,7 +4484,8 @@
'size': 'size',
'*preallocation': 'PreallocMode',
'*nocow': 'bool',
diff --git a/debian/patches/pve/0023-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch b/debian/patches/pve/0023-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
index 867084d..61528fd 100644
--- a/debian/patches/pve/0023-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
+++ b/debian/patches/pve/0023-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
@@ -26,10 +26,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/core/machine.c b/hw/core/machine.c
-index 53a99abc56..ad2cb2592e 100644
+index 1e23fdc14b..8a50445ee8 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
-@@ -113,7 +113,8 @@ GlobalProperty hw_compat_4_0[] = {
+@@ -118,7 +118,8 @@ GlobalProperty hw_compat_4_0[] = {
{ "virtio-vga", "edid", "false" },
{ "virtio-gpu-device", "edid", "false" },
{ "virtio-device", "use-started", "false" },
diff --git a/debian/patches/pve/0024-PVE-Allow-version-code-in-machine-type.patch b/debian/patches/pve/0024-PVE-Allow-version-code-in-machine-type.patch
index 5656e1f..a0ca907 100644
--- a/debian/patches/pve/0024-PVE-Allow-version-code-in-machine-type.patch
+++ b/debian/patches/pve/0024-PVE-Allow-version-code-in-machine-type.patch
@@ -36,10 +36,10 @@ index 76fff60a6b..ec9201fb9a 100644
if (mc->default_cpu_type) {
diff --git a/include/hw/boards.h b/include/hw/boards.h
-index 9c1c190104..51e04bde62 100644
+index c92ac8815c..572d911ed4 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
-@@ -227,6 +227,8 @@ struct MachineClass {
+@@ -230,6 +230,8 @@ struct MachineClass {
const char *desc;
const char *deprecation_reason;
@@ -49,10 +49,10 @@ index 9c1c190104..51e04bde62 100644
void (*reset)(MachineState *state);
void (*wakeup)(MachineState *state);
diff --git a/qapi/machine.json b/qapi/machine.json
-index 0905618e25..a05c46e253 100644
+index ca133e68ce..39ba204b52 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
-@@ -160,6 +160,8 @@
+@@ -158,6 +158,8 @@
#
# @default-ram-id: the default ID of initial RAM memory backend (since 5.2)
#
@@ -61,7 +61,7 @@ index 0905618e25..a05c46e253 100644
# Since: 1.2
##
{ 'struct': 'MachineInfo',
-@@ -167,7 +169,7 @@
+@@ -165,7 +167,7 @@
'*is-default': 'bool', '*is-current': 'bool', 'cpu-max': 'int',
'hotpluggable-cpus': 'bool', 'numa-mem-supported': 'bool',
'deprecated': 'bool', '*default-cpu-type': 'str',
@@ -71,10 +71,10 @@ index 0905618e25..a05c46e253 100644
##
# @query-machines:
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index eb05e5a000..f306d21d63 100644
+index 4208142685..37d85f1b96 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
-@@ -1655,6 +1655,7 @@ static const QEMUOption *lookup_opt(int argc, char **argv,
+@@ -1659,6 +1659,7 @@ static const QEMUOption *lookup_opt(int argc, char **argv,
static MachineClass *select_machine(QDict *qdict, Error **errp)
{
const char *optarg = qdict_get_try_str(qdict, "type");
@@ -82,7 +82,7 @@ index eb05e5a000..f306d21d63 100644
GSList *machines = object_class_get_list(TYPE_MACHINE, false);
MachineClass *machine_class;
Error *local_err = NULL;
-@@ -1672,6 +1673,11 @@ static MachineClass *select_machine(QDict *qdict, Error **errp)
+@@ -1676,6 +1677,11 @@ static MachineClass *select_machine(QDict *qdict, Error **errp)
}
}
@@ -94,7 +94,7 @@ index eb05e5a000..f306d21d63 100644
g_slist_free(machines);
if (local_err) {
error_append_hint(&local_err, "Use -machine help to list supported machines\n");
-@@ -3363,12 +3369,31 @@ void qemu_init(int argc, char **argv, char **envp)
+@@ -3362,12 +3368,31 @@ void qemu_init(int argc, char **argv, char **envp)
case QEMU_OPTION_machine:
{
bool help;
diff --git a/debian/patches/pve/0025-block-backup-move-bcs-bitmap-initialization-to-job-c.patch b/debian/patches/pve/0025-block-backup-move-bcs-bitmap-initialization-to-job-c.patch
index 5d2679c..8621cdf 100644
--- a/debian/patches/pve/0025-block-backup-move-bcs-bitmap-initialization-to-job-c.patch
+++ b/debian/patches/pve/0025-block-backup-move-bcs-bitmap-initialization-to-job-c.patch
@@ -25,7 +25,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/block/backup.c b/block/backup.c
-index 21d5983779..47e218857d 100644
+index 5cfd0b999c..07b899035c 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -239,8 +239,8 @@ static void backup_init_bcs_bitmap(BackupBlockJob *job)
@@ -48,7 +48,7 @@ index 21d5983779..47e218857d 100644
if (s->sync_mode == MIRROR_SYNC_MODE_TOP) {
int64_t offset = 0;
int64_t count;
-@@ -493,6 +491,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
+@@ -494,6 +492,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL,
&error_abort);
diff --git a/debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch b/debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch
index b37b17c..ced8e74 100644
--- a/debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch
+++ b/debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch
@@ -10,20 +10,20 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
block/meson.build | 2 +
meson.build | 5 +
vma-reader.c | 860 ++++++++++++++++++++++++++++++++++++++++++++++
- vma-writer.c | 790 ++++++++++++++++++++++++++++++++++++++++++
- vma.c | 849 +++++++++++++++++++++++++++++++++++++++++++++
+ vma-writer.c | 791 ++++++++++++++++++++++++++++++++++++++++++
+ vma.c | 850 +++++++++++++++++++++++++++++++++++++++++++++
vma.h | 150 ++++++++
- 6 files changed, 2656 insertions(+)
+ 6 files changed, 2658 insertions(+)
create mode 100644 vma-reader.c
create mode 100644 vma-writer.c
create mode 100644 vma.c
create mode 100644 vma.h
diff --git a/block/meson.build b/block/meson.build
-index c9d1fdca7d..72081a9974 100644
+index 9451fc3ccd..819eb80951 100644
--- a/block/meson.build
+++ b/block/meson.build
-@@ -44,6 +44,8 @@ block_ss.add(files(
+@@ -46,6 +46,8 @@ block_ss.add(files(
'zeroinit.c',
), zstd, zlib, gnutls)
@@ -31,12 +31,12 @@ index c9d1fdca7d..72081a9974 100644
+
softmmu_ss.add(when: 'CONFIG_TCG', if_true: files('blkreplay.c'))
- block_ss.add(when: 'CONFIG_QCOW1', if_true: files('qcow.c'))
+ if get_option('qcow1').allowed()
diff --git a/meson.build b/meson.build
-index 96de1a6ef9..54c23b9567 100644
+index 861de93c4f..96a91b95e4 100644
--- a/meson.build
+++ b/meson.build
-@@ -1202,6 +1202,8 @@ keyutils = dependency('libkeyutils', required: false,
+@@ -1267,6 +1267,8 @@ keyutils = dependency('libkeyutils', required: false,
has_gettid = cc.has_function('gettid')
@@ -45,7 +45,7 @@ index 96de1a6ef9..54c23b9567 100644
# libselinux
selinux = dependency('libselinux',
required: get_option('selinux'),
-@@ -3070,6 +3072,9 @@ if have_tools
+@@ -3359,6 +3361,9 @@ if have_tools
dependencies: [blockdev, qemuutil, gnutls, selinux],
install: true)
@@ -923,10 +923,10 @@ index 0000000000..4f4ee2b47b
+
diff --git a/vma-writer.c b/vma-writer.c
new file mode 100644
-index 0000000000..11d8321ffd
+index 0000000000..df4b20793d
--- /dev/null
+++ b/vma-writer.c
-@@ -0,0 +1,790 @@
+@@ -0,0 +1,791 @@
+/*
+ * VMA: Virtual Machine Archive
+ *
@@ -950,6 +950,7 @@ index 0000000000..11d8321ffd
+#include "qemu/main-loop.h"
+#include "qemu/coroutine.h"
+#include "qemu/cutils.h"
++#include "qemu/memalign.h"
+
+#define DEBUG_VMA 0
+
@@ -1133,9 +1134,9 @@ index 0000000000..11d8321ffd
+ assert(qemu_in_coroutine());
+ AioContext *ctx = qemu_get_current_aio_context();
+ aio_set_fd_handler(ctx, fd, false, NULL, (IOHandler *)qemu_coroutine_enter,
-+ NULL, qemu_coroutine_self());
++ NULL, NULL, qemu_coroutine_self());
+ qemu_coroutine_yield();
-+ aio_set_fd_handler(ctx, fd, false, NULL, NULL, NULL, NULL);
++ aio_set_fd_handler(ctx, fd, false, NULL, NULL, NULL, NULL, NULL);
+}
+
+static ssize_t coroutine_fn
@@ -1719,10 +1720,10 @@ index 0000000000..11d8321ffd
+}
diff --git a/vma.c b/vma.c
new file mode 100644
-index 0000000000..89440733b1
+index 0000000000..91612d50a2
--- /dev/null
+++ b/vma.c
-@@ -0,0 +1,849 @@
+@@ -0,0 +1,850 @@
+/*
+ * VMA: Virtual Machine Archive
+ *
@@ -1745,6 +1746,7 @@ index 0000000000..89440733b1
+#include "qemu/error-report.h"
+#include "qemu/main-loop.h"
+#include "qemu/cutils.h"
++#include "qemu/memalign.h"
+#include "qapi/qmp/qdict.h"
+#include "sysemu/block-backend.h"
+
diff --git a/debian/patches/pve/0027-PVE-Backup-add-backup-dump-block-driver.patch b/debian/patches/pve/0027-PVE-Backup-add-backup-dump-block-driver.patch
index 4b57124..ea3bb84 100644
--- a/debian/patches/pve/0027-PVE-Backup-add-backup-dump-block-driver.patch
+++ b/debian/patches/pve/0027-PVE-Backup-add-backup-dump-block-driver.patch
@@ -10,11 +10,11 @@ Subject: [PATCH] PVE-Backup: add backup-dump block driver
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- block/backup-dump.c | 168 ++++++++++++++++++++++++++++++++++++++
- block/backup.c | 30 ++-----
- block/meson.build | 1 +
- include/block/block_int.h | 35 ++++++++
- job.c | 3 +-
+ block/backup-dump.c | 168 +++++++++++++++++++++++++++++++
+ block/backup.c | 30 ++----
+ block/meson.build | 1 +
+ include/block/block_int-common.h | 35 +++++++
+ job.c | 3 +-
5 files changed, 214 insertions(+), 23 deletions(-)
create mode 100644 block/backup-dump.c
@@ -193,7 +193,7 @@ index 0000000000..93d7f46950
+ return bs;
+}
diff --git a/block/backup.c b/block/backup.c
-index 47e218857d..4d8fad70c4 100644
+index 07b899035c..7b5d02f580 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -29,28 +29,6 @@
@@ -225,7 +225,7 @@ index 47e218857d..4d8fad70c4 100644
static const BlockJobDriver backup_job_driver;
static void backup_cleanup_sync_bitmap(BackupBlockJob *job, int ret)
-@@ -455,6 +433,14 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
+@@ -456,6 +434,14 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
}
cluster_size = block_copy_cluster_size(bcs);
@@ -241,7 +241,7 @@ index 47e218857d..4d8fad70c4 100644
if (perf->max_chunk && perf->max_chunk < cluster_size) {
error_setg(errp, "Required max-chunk (%" PRIi64 ") is less than backup "
diff --git a/block/meson.build b/block/meson.build
-index 72081a9974..7883df047c 100644
+index 819eb80951..067708b7c0 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -4,6 +4,7 @@ block_ss.add(files(
@@ -252,10 +252,10 @@ index 72081a9974..7883df047c 100644
'copy-before-write.c',
'blkdebug.c',
'blklogwrites.c',
-diff --git a/include/block/block_int.h b/include/block/block_int.h
-index f4c75e8ba9..169dc43d59 100644
---- a/include/block/block_int.h
-+++ b/include/block/block_int.h
+diff --git a/include/block/block_int-common.h b/include/block/block_int-common.h
+index 8947abab76..f272d0d8dc 100644
+--- a/include/block/block_int-common.h
++++ b/include/block/block_int-common.h
@@ -26,6 +26,7 @@
#include "block/accounting.h"
@@ -270,7 +270,7 @@ index f4c75e8ba9..169dc43d59 100644
+typedef int BackupDumpFunc(void *opaque, uint64_t offset, uint64_t bytes, const void *buf);
+
-+BlockDriverState *bdrv_backuo_dump_create(
++BlockDriverState *bdrv_backup_dump_create(
+ int dump_cb_block_size,
+ uint64_t byte_size,
+ BackupDumpFunc *dump_cb,
@@ -306,7 +306,7 @@ index f4c75e8ba9..169dc43d59 100644
BDRV_TRACKED_READ,
BDRV_TRACKED_WRITE,
diff --git a/job.c b/job.c
-index dbfa67bb0a..af25dd5b98 100644
+index 075c6f3a20..e5699ad200 100644
--- a/job.c
+++ b/job.c
@@ -276,7 +276,8 @@ static bool job_started(Job *job)
diff --git a/debian/patches/pve/0028-PVE-Backup-proxmox-backup-patches-for-qemu.patch b/debian/patches/pve/0028-PVE-Backup-proxmox-backup-patches-for-qemu.patch
index c081345..faa9483 100644
--- a/debian/patches/pve/0028-PVE-Backup-proxmox-backup-patches-for-qemu.patch
+++ b/debian/patches/pve/0028-PVE-Backup-proxmox-backup-patches-for-qemu.patch
@@ -15,7 +15,6 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
blockdev.c | 1 +
hmp-commands-info.hx | 14 +
hmp-commands.hx | 29 +
- include/block/block_int.h | 2 +-
include/monitor/hmp.h | 3 +
meson.build | 1 +
monitor/hmp-cmds.c | 44 ++
@@ -25,16 +24,16 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
qapi/block-core.json | 109 ++++
qapi/common.json | 13 +
qapi/machine.json | 15 +-
- 15 files changed, 1449 insertions(+), 14 deletions(-)
+ 14 files changed, 1448 insertions(+), 13 deletions(-)
create mode 100644 proxmox-backup-client.c
create mode 100644 proxmox-backup-client.h
create mode 100644 pve-backup.c
diff --git a/block/meson.build b/block/meson.build
-index 7883df047c..9d3dd5b7c3 100644
+index 067708b7c0..42aac96dbb 100644
--- a/block/meson.build
+++ b/block/meson.build
-@@ -46,6 +46,11 @@ block_ss.add(files(
+@@ -48,6 +48,11 @@ block_ss.add(files(
), zstd, zlib, gnutls)
block_ss.add(files('../vma-writer.c'), libuuid)
@@ -47,7 +46,7 @@ index 7883df047c..9d3dd5b7c3 100644
softmmu_ss.add(when: 'CONFIG_TCG', if_true: files('blkreplay.c'))
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 2ac4aedfff..f6668ab01d 100644
+index bfb3c043a0..89ca64444d 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1015,3 +1015,36 @@ void hmp_info_snapshots(Monitor *mon, const QDict *qdict)
@@ -88,7 +87,7 @@ index 2ac4aedfff..f6668ab01d 100644
+ hmp_handle_error(mon, error);
+}
diff --git a/blockdev.c b/blockdev.c
-index b35072644e..c0bc3db33e 100644
+index 1af5a1fcb2..9916a72334 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -36,6 +36,7 @@
@@ -100,10 +99,10 @@ index b35072644e..c0bc3db33e 100644
#include "monitor/monitor.h"
#include "qemu/error-report.h"
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
-index 245f8acc55..3e7f2421eb 100644
+index 925e680e5a..d9b787d2c6 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
-@@ -482,6 +482,20 @@ SRST
+@@ -484,6 +484,20 @@ SRST
Show the current VM UUID.
ERST
@@ -125,7 +124,7 @@ index 245f8acc55..3e7f2421eb 100644
{
.name = "usernet",
diff --git a/hmp-commands.hx b/hmp-commands.hx
-index 1ad13b668b..d4bb00216e 100644
+index 7f0ac498c4..994445f301 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -99,6 +99,35 @@ ERST
@@ -164,19 +163,6 @@ index 1ad13b668b..d4bb00216e 100644
ERST
{
-diff --git a/include/block/block_int.h b/include/block/block_int.h
-index 169dc43d59..92f90c43eb 100644
---- a/include/block/block_int.h
-+++ b/include/block/block_int.h
-@@ -67,7 +67,7 @@
-
- typedef int BackupDumpFunc(void *opaque, uint64_t offset, uint64_t bytes, const void *buf);
-
--BlockDriverState *bdrv_backuo_dump_create(
-+BlockDriverState *bdrv_backup_dump_create(
- int dump_cb_block_size,
- uint64_t byte_size,
- BackupDumpFunc *dump_cb,
diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h
index 3a39ba41b5..d269b4c99c 100644
--- a/include/monitor/hmp.h
@@ -199,10 +185,10 @@ index 3a39ba41b5..d269b4c99c 100644
void hmp_device_add(Monitor *mon, const QDict *qdict);
void hmp_device_del(Monitor *mon, const QDict *qdict);
diff --git a/meson.build b/meson.build
-index 54c23b9567..37dab249cc 100644
+index 96a91b95e4..76fcb23299 100644
--- a/meson.build
+++ b/meson.build
-@@ -1203,6 +1203,7 @@ keyutils = dependency('libkeyutils', required: false,
+@@ -1268,6 +1268,7 @@ keyutils = dependency('libkeyutils', required: false,
has_gettid = cc.has_function('gettid')
libuuid = cc.find_library('uuid', required: true)
@@ -211,7 +197,7 @@ index 54c23b9567..37dab249cc 100644
# libselinux
selinux = dependency('libselinux',
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index 5000ce39d1..b2687eae3a 100644
+index c64b959738..ef654221c4 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -195,6 +195,50 @@ void hmp_info_mice(Monitor *mon, const QDict *qdict)
@@ -1478,7 +1464,7 @@ index 0000000000..88f5ee133f
+ return info;
+}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 3f81d6a5c0..551ee28275 100644
+index 564b6b43f7..ffcc25367b 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -744,6 +744,115 @@
@@ -1619,7 +1605,7 @@ index 412cc4f5ae..3e7a77ea66 100644
+##
+{ 'struct': 'UuidInfo', 'data': {'UUID': 'str'} }
diff --git a/qapi/machine.json b/qapi/machine.json
-index a05c46e253..e2cec7922f 100644
+index 39ba204b52..091aafeff7 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -4,6 +4,8 @@
@@ -1631,7 +1617,7 @@ index a05c46e253..e2cec7922f 100644
##
# = Machines
##
-@@ -229,19 +231,6 @@
+@@ -227,19 +229,6 @@
##
{ 'command': 'query-target', 'returns': 'TargetInfo' }
diff --git a/debian/patches/pve/0029-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch b/debian/patches/pve/0029-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
index 132d390..f1c77cb 100644
--- a/debian/patches/pve/0029-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
+++ b/debian/patches/pve/0029-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
@@ -12,10 +12,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
create mode 100644 pbs-restore.c
diff --git a/meson.build b/meson.build
-index 37dab249cc..1a4dfab4e2 100644
+index 76fcb23299..9476ccbe07 100644
--- a/meson.build
+++ b/meson.build
-@@ -3076,6 +3076,10 @@ if have_tools
+@@ -3365,6 +3365,10 @@ if have_tools
vma = executable('vma', files('vma.c', 'vma-reader.c') + genh,
dependencies: [authz, block, crypto, io, qom], install: true)
diff --git a/debian/patches/pve/0030-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch b/debian/patches/pve/0030-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch
index 4c45d91..012c0b3 100644
--- a/debian/patches/pve/0030-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch
+++ b/debian/patches/pve/0030-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch
@@ -29,7 +29,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 files changed, 142 insertions(+), 23 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index f6668ab01d..3c06734e6d 100644
+index 89ca64444d..45da74d7a0 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1042,6 +1042,7 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
@@ -41,7 +41,7 @@ index f6668ab01d..3c06734e6d 100644
false, NULL, false, NULL, !!devlist,
devlist, qdict_haskey(qdict, "speed"), speed, &error);
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index b2687eae3a..cfd7a60f32 100644
+index ef654221c4..c5c74ac1dc 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -221,19 +221,42 @@ void hmp_info_backup(Monitor *mon, const QDict *qdict)
@@ -405,7 +405,7 @@ index 88f5ee133f..1c49cd178d 100644
qemu_mutex_unlock(&backup_state.stat.lock);
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 551ee28275..b9d6f52f0c 100644
+index ffcc25367b..b332d8a8da 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -757,8 +757,13 @@
diff --git a/debian/patches/pve/0031-PVE-various-PBS-fixes.patch b/debian/patches/pve/0031-PVE-various-PBS-fixes.patch
index d3a7334..e5ebc18 100644
--- a/debian/patches/pve/0031-PVE-various-PBS-fixes.patch
+++ b/debian/patches/pve/0031-PVE-various-PBS-fixes.patch
@@ -19,7 +19,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 54 insertions(+), 13 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 3c06734e6d..4481b60a5c 100644
+index 45da74d7a0..ea7b665aa2 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1042,7 +1042,9 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
@@ -194,7 +194,7 @@ index 1c49cd178d..c15abefdda 100644
.format = format,
.has_config_file = has_config_file,
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index b9d6f52f0c..5d8e2eb303 100644
+index b332d8a8da..abef91062a 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -822,6 +822,10 @@
diff --git a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
index b3ea6b5..3b08ed1 100644
--- a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
+++ b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
@@ -19,10 +19,10 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
create mode 100644 block/pbs.c
diff --git a/block/meson.build b/block/meson.build
-index 9d3dd5b7c3..8c758c0218 100644
+index 42aac96dbb..f94cc0cd25 100644
--- a/block/meson.build
+++ b/block/meson.build
-@@ -51,6 +51,9 @@ block_ss.add(files(
+@@ -53,6 +53,9 @@ block_ss.add(files(
'../pve-backup.c',
), libproxmox_backup_qemu)
@@ -315,20 +315,20 @@ index 0000000000..0b05ea9080
+
+block_init(bdrv_pbs_init);
diff --git a/configure b/configure
-index 48c21775f3..eda4e9225a 100755
+index 7c08c18358..08d164b4f5 100755
--- a/configure
+++ b/configure
-@@ -356,6 +356,7 @@ vdi=${default_feature:-yes}
- vvfat=${default_feature:-yes}
- qed=${default_feature:-yes}
- parallels=${default_feature:-yes}
+@@ -325,6 +325,7 @@ trace_file="trace"
+ opengl="$default_feature"
+ coroutine=""
+ tls_priority="NORMAL"
+pbs_bdrv="yes"
- debug_mutex="no"
plugins="$default_feature"
- rng_none="no"
-@@ -1126,6 +1127,10 @@ for opt do
+ secret_keyring="$default_feature"
+ meson=""
+@@ -991,6 +992,10 @@ for opt do
;;
- --enable-parallels) parallels="yes"
+ --disable-pvrdma) pvrdma="no"
;;
+ --disable-pbs-bdrv) pbs_bdrv="no"
+ ;;
@@ -337,15 +337,15 @@ index 48c21775f3..eda4e9225a 100755
--disable-vhost-user) vhost_user="no"
;;
--enable-vhost-user) vhost_user="yes"
-@@ -1465,6 +1470,7 @@ cat << EOF
- vvfat vvfat image format support
- qed qed image format support
- parallels parallels image format support
+@@ -1265,6 +1270,7 @@ cat << EOF
+ vhost-user vhost-user backend support
+ vhost-vdpa vhost-vdpa kernel backend support
+ opengl opengl support
+ pbs-bdrv Proxmox backup server read-only block driver support
- crypto-afalg Linux AF_ALG crypto backend driver
- debug-mutex mutex debugging support
- rng-none dummy RNG, avoid using /dev/(u)random and getrandom()
-@@ -3534,6 +3540,9 @@ if test "$xen" = "enabled" ; then
+ gio libgio support
+
+ NOTE: The object files are built at the place where configure is launched
+@@ -2848,6 +2854,9 @@ if test "$xen" = "enabled" ; then
echo "XEN_CFLAGS=$xen_cflags" >> $config_host_mak
echo "XEN_LIBS=$xen_libs" >> $config_host_mak
fi
@@ -356,22 +356,22 @@ index 48c21775f3..eda4e9225a 100755
echo "CONFIG_VHOST_SCSI=y" >> $config_host_mak
fi
diff --git a/meson.build b/meson.build
-index 1a4dfab4e2..85b3c63199 100644
+index 9476ccbe07..d3783a83e4 100644
--- a/meson.build
+++ b/meson.build
-@@ -3448,6 +3448,7 @@ summary_info += {'lzfse support': liblzfse}
+@@ -3743,6 +3743,7 @@ summary_info += {'bzip2 support': libbzip2}
+ summary_info += {'lzfse support': liblzfse}
summary_info += {'zstd support': zstd}
- summary_info += {'NUMA host support': config_host.has_key('CONFIG_NUMA')}
- summary_info += {'libxml2': libxml2}
+ summary_info += {'NUMA host support': numa}
+summary_info += {'PBS bdrv support': config_host.has_key('CONFIG_PBS_BDRV')}
summary_info += {'capstone': capstone_opt == 'internal' ? capstone_opt : capstone}
summary_info += {'libpmem support': libpmem}
summary_info += {'libdaxctl support': libdaxctl}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 5d8e2eb303..777863e33b 100644
+index abef91062a..68591cb343 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -3053,6 +3053,7 @@
+@@ -3073,6 +3073,7 @@
'luks', 'nbd', 'nfs', 'null-aio', 'null-co', 'nvme', 'parallels',
'preallocate', 'qcow', 'qcow2', 'qed', 'quorum', 'raw', 'rbd',
{ 'name': 'replication', 'if': 'CONFIG_REPLICATION' },
@@ -379,7 +379,7 @@ index 5d8e2eb303..777863e33b 100644
'ssh', 'throttle', 'vdi', 'vhdx', 'vmdk', 'vpc', 'vvfat' ] }
##
-@@ -3125,6 +3126,17 @@
+@@ -3145,6 +3146,17 @@
{ 'struct': 'BlockdevOptionsNull',
'data': { '*size': 'int', '*latency-ns': 'uint64', '*read-zeroes': 'bool' } }
@@ -397,7 +397,7 @@ index 5d8e2eb303..777863e33b 100644
##
# @BlockdevOptionsNVMe:
#
-@@ -4367,6 +4379,7 @@
+@@ -4405,6 +4417,7 @@
'nfs': 'BlockdevOptionsNfs',
'null-aio': 'BlockdevOptionsNull',
'null-co': 'BlockdevOptionsNull',
diff --git a/debian/patches/pve/0033-PVE-add-query_proxmox_support-QMP-command.patch b/debian/patches/pve/0033-PVE-add-query_proxmox_support-QMP-command.patch
index 3df9eb6..0f1f0c6 100644
--- a/debian/patches/pve/0033-PVE-add-query_proxmox_support-QMP-command.patch
+++ b/debian/patches/pve/0033-PVE-add-query_proxmox_support-QMP-command.patch
@@ -33,7 +33,7 @@ index c15abefdda..4684789813 100644
+ return ret;
+}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 777863e33b..cfd980b70f 100644
+index 68591cb343..7d25aa4fa1 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -867,6 +867,35 @@
diff --git a/debian/patches/pve/0034-PVE-add-query-pbs-bitmap-info-QMP-call.patch b/debian/patches/pve/0034-PVE-add-query-pbs-bitmap-info-QMP-call.patch
index 54b268f..d3ba75c 100644
--- a/debian/patches/pve/0034-PVE-add-query-pbs-bitmap-info-QMP-call.patch
+++ b/debian/patches/pve/0034-PVE-add-query-pbs-bitmap-info-QMP-call.patch
@@ -15,7 +15,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 159 insertions(+), 42 deletions(-)
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index cfd7a60f32..b613190a3c 100644
+index c5c74ac1dc..df273f41fb 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -198,6 +198,7 @@ void hmp_info_mice(Monitor *mon, const QDict *qdict)
@@ -359,7 +359,7 @@ index 4684789813..f90abaa50a 100644
return ret;
}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index cfd980b70f..8833060385 100644
+index 7d25aa4fa1..69571d86eb 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -875,6 +875,8 @@
diff --git a/debian/patches/pve/0035-PVE-redirect-stderr-to-journal-when-daemonized.patch b/debian/patches/pve/0035-PVE-redirect-stderr-to-journal-when-daemonized.patch
index 9085387..89727a4 100644
--- a/debian/patches/pve/0035-PVE-redirect-stderr-to-journal-when-daemonized.patch
+++ b/debian/patches/pve/0035-PVE-redirect-stderr-to-journal-when-daemonized.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/meson.build b/meson.build
-index 85b3c63199..31ba7d70d6 100644
+index d3783a83e4..715245ba20 100644
--- a/meson.build
+++ b/meson.build
-@@ -1203,6 +1203,7 @@ keyutils = dependency('libkeyutils', required: false,
+@@ -1268,6 +1268,7 @@ keyutils = dependency('libkeyutils', required: false,
has_gettid = cc.has_function('gettid')
libuuid = cc.find_library('uuid', required: true)
@@ -25,7 +25,7 @@ index 85b3c63199..31ba7d70d6 100644
libproxmox_backup_qemu = cc.find_library('proxmox_backup_qemu', required: true)
# libselinux
-@@ -2571,6 +2572,7 @@ if have_block
+@@ -2861,6 +2862,7 @@ if have_block
# os-posix.c contains POSIX-specific functions used by qemu-storage-daemon,
# os-win32.c does not
blockdev_ss.add(when: 'CONFIG_POSIX', if_true: files('os-posix.c'))
@@ -34,7 +34,7 @@ index 85b3c63199..31ba7d70d6 100644
endif
diff --git a/os-posix.c b/os-posix.c
-index ae6c9f2a5e..36807806bf 100644
+index 24692c8593..d1bc5ac12d 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -28,6 +28,8 @@
diff --git a/debian/patches/pve/0036-PVE-Add-sequential-job-transaction-support.patch b/debian/patches/pve/0036-PVE-Add-sequential-job-transaction-support.patch
index 3a56d3c..b85b914 100644
--- a/debian/patches/pve/0036-PVE-Add-sequential-job-transaction-support.patch
+++ b/debian/patches/pve/0036-PVE-Add-sequential-job-transaction-support.patch
@@ -11,10 +11,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 43 insertions(+)
diff --git a/include/qemu/job.h b/include/qemu/job.h
-index 6e67b6977f..60376c99ee 100644
+index c105b31076..5096679571 100644
--- a/include/qemu/job.h
+++ b/include/qemu/job.h
-@@ -294,6 +294,18 @@ typedef enum JobCreateFlags {
+@@ -316,6 +316,18 @@ typedef enum JobCreateFlags {
*/
JobTxn *job_txn_new(void);
@@ -34,7 +34,7 @@ index 6e67b6977f..60376c99ee 100644
* Release a reference that was previously acquired with job_txn_add_job or
* job_txn_new. If it's the last reference to the object, it will be freed.
diff --git a/job.c b/job.c
-index af25dd5b98..d0d152e697 100644
+index e5699ad200..34c9758349 100644
--- a/job.c
+++ b/job.c
@@ -72,6 +72,8 @@ struct JobTxn {
@@ -72,7 +72,7 @@ index af25dd5b98..d0d152e697 100644
static void job_txn_ref(JobTxn *txn)
{
txn->refcnt++;
-@@ -888,6 +909,9 @@ static void job_completed_txn_success(Job *job)
+@@ -897,6 +918,9 @@ static void job_completed_txn_success(Job *job)
*/
QLIST_FOREACH(other_job, &txn->jobs, txn_list) {
if (!job_is_completed(other_job)) {
@@ -82,7 +82,7 @@ index af25dd5b98..d0d152e697 100644
return;
}
assert(other_job->ret == 0);
-@@ -1082,6 +1106,13 @@ int job_finish_sync(Job *job, void (*finish)(Job *, Error **errp), Error **errp)
+@@ -1093,6 +1117,13 @@ int job_finish_sync(Job *job, void (*finish)(Job *, Error **errp), Error **errp)
return -EBUSY;
}
diff --git a/debian/patches/pve/0038-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch b/debian/patches/pve/0038-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch
index 0367445..51a2b53 100644
--- a/debian/patches/pve/0038-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch
+++ b/debian/patches/pve/0038-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch
@@ -481,7 +481,7 @@ index 63c686463f..6f05796fad 100644
qemu_mutex_unlock(&backup_state.stat.lock);
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 8833060385..6a67adf923 100644
+index 69571d86eb..e6c3687bea 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -774,12 +774,15 @@
diff --git a/debian/patches/pve/0039-PVE-Migrate-dirty-bitmap-state-via-savevm.patch b/debian/patches/pve/0039-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
index 2463eb6..36c6d96 100644
--- a/debian/patches/pve/0039-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
+++ b/debian/patches/pve/0039-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
@@ -36,7 +36,7 @@ index 465906710d..4f0aeceb6f 100644
+
#endif
diff --git a/migration/meson.build b/migration/meson.build
-index ea9aedeefc..c27dc9bd97 100644
+index 1e2aec8486..259e863a43 100644
--- a/migration/meson.build
+++ b/migration/meson.build
@@ -7,8 +7,10 @@ migration_files = files(
@@ -51,10 +51,10 @@ index ea9aedeefc..c27dc9bd97 100644
softmmu_ss.add(files(
'block-dirty-bitmap.c',
diff --git a/migration/migration.c b/migration/migration.c
-index abaf6f9e3d..d925fd7488 100644
+index 695f0f2900..6e17f8e91c 100644
--- a/migration/migration.c
+++ b/migration/migration.c
-@@ -213,6 +213,7 @@ void migration_object_init(void)
+@@ -214,6 +214,7 @@ void migration_object_init(void)
blk_mig_init();
ram_mig_init();
dirty_bitmap_mig_init();
@@ -187,7 +187,7 @@ index 6f05796fad..5fa3cc1352 100644
return ret;
}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 6a67adf923..c99ddf8628 100644
+index e6c3687bea..05382a1069 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -883,6 +883,11 @@
diff --git a/debian/patches/pve/0041-PVE-fall-back-to-open-iscsi-initiatorname.patch b/debian/patches/pve/0041-PVE-fall-back-to-open-iscsi-initiatorname.patch
index ae11626..c30bb2b 100644
--- a/debian/patches/pve/0041-PVE-fall-back-to-open-iscsi-initiatorname.patch
+++ b/debian/patches/pve/0041-PVE-fall-back-to-open-iscsi-initiatorname.patch
@@ -21,7 +21,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 30 insertions(+)
diff --git a/block/iscsi.c b/block/iscsi.c
-index 57aa07a40d..a8902b84d5 100644
+index 51f2a5eeaa..f11591ac94 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -1386,12 +1386,42 @@ static char *get_initiator_name(QemuOpts *opts)
diff --git a/debian/patches/pve/0042-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch b/debian/patches/pve/0042-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch
index fc78bfb..3de10a6 100644
--- a/debian/patches/pve/0042-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch
+++ b/debian/patches/pve/0042-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch
@@ -32,7 +32,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 files changed, 77 insertions(+), 196 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 4481b60a5c..c9849a5b29 100644
+index ea7b665aa2..ef45552e3b 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1016,7 +1016,7 @@ void hmp_info_snapshots(Monitor *mon, const QDict *qdict)
@@ -54,7 +54,7 @@ index 4481b60a5c..c9849a5b29 100644
Error *error = NULL;
diff --git a/hmp-commands.hx b/hmp-commands.hx
-index d4bb00216e..4e21911fa6 100644
+index 994445f301..aaea875970 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -109,6 +109,7 @@ ERST
@@ -575,7 +575,7 @@ index 5fa3cc1352..323014744c 100644
BackupStatus *qmp_query_backup(Error **errp)
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index c99ddf8628..829dc7b8e9 100644
+index 05382a1069..f0399bf249 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -846,7 +846,7 @@
diff --git a/debian/patches/pve/0043-PBS-add-master-key-support.patch b/debian/patches/pve/0043-PBS-add-master-key-support.patch
index eeaf6ba..356cfd9 100644
--- a/debian/patches/pve/0043-PBS-add-master-key-support.patch
+++ b/debian/patches/pve/0043-PBS-add-master-key-support.patch
@@ -19,7 +19,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 11 insertions(+)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index c9849a5b29..52ddbf95ad 100644
+index ef45552e3b..4c799f00d9 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1039,6 +1039,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
@@ -58,7 +58,7 @@ index 323014744c..9f6c04a512 100644
return ret;
}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 829dc7b8e9..d089328a1f 100644
+index f0399bf249..13e03ca154 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -817,6 +817,8 @@
diff --git a/debian/patches/pve/0045-PVE-block-stream-increase-chunk-size.patch b/debian/patches/pve/0045-PVE-block-stream-increase-chunk-size.patch
index fe0ec25..09e8d31 100644
--- a/debian/patches/pve/0045-PVE-block-stream-increase-chunk-size.patch
+++ b/debian/patches/pve/0045-PVE-block-stream-increase-chunk-size.patch
@@ -11,7 +11,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/stream.c b/block/stream.c
-index e45113aed6..c3c0c5febe 100644
+index 694709bd25..e09bd5c4ef 100644
--- a/block/stream.c
+++ b/block/stream.c
@@ -28,7 +28,7 @@ enum {
diff --git a/debian/patches/pve/0046-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch b/debian/patches/pve/0046-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch
index 49f0f9d..d1d30b1 100644
--- a/debian/patches/pve/0046-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch
+++ b/debian/patches/pve/0046-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch
@@ -17,10 +17,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 4 insertions(+)
diff --git a/block/io.c b/block/io.c
-index 4e4cb556c5..04061f1e68 100644
+index 3280144a17..cd7ba08768 100644
--- a/block/io.c
+++ b/block/io.c
-@@ -1765,6 +1765,10 @@ static int bdrv_pad_request(BlockDriverState *bs,
+@@ -1794,6 +1794,10 @@ static int bdrv_pad_request(BlockDriverState *bs,
{
int ret;
diff --git a/debian/patches/pve/0047-block-add-alloc-track-driver.patch b/debian/patches/pve/0047-block-add-alloc-track-driver.patch
index 71790d8..1cf88ab 100644
--- a/debian/patches/pve/0047-block-add-alloc-track-driver.patch
+++ b/debian/patches/pve/0047-block-add-alloc-track-driver.patch
@@ -389,7 +389,7 @@ index 0000000000..6b50fbe537
+
+block_init(bdrv_alloc_track_init);
diff --git a/block/meson.build b/block/meson.build
-index 8c758c0218..45b72e10f1 100644
+index f94cc0cd25..1716febb1d 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -2,6 +2,7 @@ block_ss.add(genh)
diff --git a/debian/patches/pve/0048-PVE-whitelist-invalid-QAPI-names-for-backwards-compa.patch b/debian/patches/pve/0048-PVE-whitelist-invalid-QAPI-names-for-backwards-compa.patch
index ced1323..0496b93 100644
--- a/debian/patches/pve/0048-PVE-whitelist-invalid-QAPI-names-for-backwards-compa.patch
+++ b/debian/patches/pve/0048-PVE-whitelist-invalid-QAPI-names-for-backwards-compa.patch
@@ -10,10 +10,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/qapi/pragma.json b/qapi/pragma.json
-index 7c91ea3685..c3888d654c 100644
+index 41139d8645..a581acf7d4 100644
--- a/qapi/pragma.json
+++ b/qapi/pragma.json
-@@ -12,6 +12,7 @@
+@@ -15,6 +15,7 @@
'device_add',
'device_del',
'expire_password',
@@ -21,7 +21,7 @@ index 7c91ea3685..c3888d654c 100644
'migrate_cancel',
'netdev_add',
'netdev_del',
-@@ -60,6 +61,8 @@
+@@ -63,6 +64,8 @@
'SysEmuTarget', # query-cpu-fast, query-target
'UuidInfo', # query-uuid
'VncClientInfo', # query-vnc, query-vnc-servers, ...
diff --git a/debian/patches/pve/0050-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch b/debian/patches/pve/0050-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
index 62c1711..9b7c51e 100644
--- a/debian/patches/pve/0050-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
+++ b/debian/patches/pve/0050-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
@@ -12,7 +12,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 files changed, 36 insertions(+), 7 deletions(-)
diff --git a/docs/tools/qemu-img.rst b/docs/tools/qemu-img.rst
-index a49badb158..1039aec01c 100644
+index 33979b7430..68e9c80788 100644
--- a/docs/tools/qemu-img.rst
+++ b/docs/tools/qemu-img.rst
@@ -492,10 +492,10 @@ Command description:
@@ -30,7 +30,7 @@ index a49badb158..1039aec01c 100644
The data is by default read and written using blocks of 512 bytes but can be
modified by specifying *BLOCK_SIZE*. If count=\ *BLOCKS* is specified
diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
-index f3b2b1b4de..e77ed9347f 100644
+index b5b0bb4467..36f97e1f19 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -58,9 +58,9 @@ SRST
@@ -46,10 +46,10 @@ index f3b2b1b4de..e77ed9347f 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index 015d6d2ce4..7031195e32 100644
+index 35c2bdc95c..6e93bbd425 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4922,6 +4922,7 @@ static int img_dd(int argc, char **argv)
+@@ -4938,6 +4938,7 @@ static int img_dd(int argc, char **argv)
BlockDriver *drv = NULL, *proto_drv = NULL;
BlockBackend *blk1 = NULL, *blk2 = NULL;
QemuOpts *opts = NULL;
@@ -57,7 +57,7 @@ index 015d6d2ce4..7031195e32 100644
QemuOptsList *create_opts = NULL;
Error *local_err = NULL;
bool image_opts = false;
-@@ -4931,6 +4932,7 @@ static int img_dd(int argc, char **argv)
+@@ -4947,6 +4948,7 @@ static int img_dd(int argc, char **argv)
int64_t size = 0, readsize = 0;
int64_t block_count = 0, out_pos, in_pos;
bool force_share = false, skip_create = false;
@@ -65,7 +65,7 @@ index 015d6d2ce4..7031195e32 100644
struct DdInfo dd = {
.flags = 0,
.count = 0,
-@@ -4968,7 +4970,7 @@ static int img_dd(int argc, char **argv)
+@@ -4984,7 +4986,7 @@ static int img_dd(int argc, char **argv)
{ 0, 0, 0, 0 }
};
@@ -74,7 +74,7 @@ index 015d6d2ce4..7031195e32 100644
if (c == EOF) {
break;
}
-@@ -4991,6 +4993,19 @@ static int img_dd(int argc, char **argv)
+@@ -5007,6 +5009,19 @@ static int img_dd(int argc, char **argv)
case 'n':
skip_create = true;
break;
@@ -94,7 +94,7 @@ index 015d6d2ce4..7031195e32 100644
case 'U':
force_share = true;
break;
-@@ -5050,11 +5065,24 @@ static int img_dd(int argc, char **argv)
+@@ -5066,11 +5081,24 @@ static int img_dd(int argc, char **argv)
if (dd.flags & C_IF) {
blk1 = img_open(image_opts, in.filename, fmt, 0, false, false,
force_share);
@@ -120,7 +120,7 @@ index 015d6d2ce4..7031195e32 100644
}
if (dd.flags & C_OSIZE) {
-@@ -5203,6 +5231,7 @@ static int img_dd(int argc, char **argv)
+@@ -5219,6 +5247,7 @@ static int img_dd(int argc, char **argv)
out:
g_free(arg);
qemu_opts_del(opts);
diff --git a/debian/patches/pve/0051-vma-allow-partial-restore.patch b/debian/patches/pve/0051-vma-allow-partial-restore.patch
index 670eb68..ede4d67 100644
--- a/debian/patches/pve/0051-vma-allow-partial-restore.patch
+++ b/debian/patches/pve/0051-vma-allow-partial-restore.patch
@@ -166,10 +166,10 @@ index 4f4ee2b47b..844d95a5ba 100644
}
diff --git a/vma.c b/vma.c
-index 89440733b1..21e765a469 100644
+index 91612d50a2..e1a750ff50 100644
--- a/vma.c
+++ b/vma.c
-@@ -138,6 +138,7 @@ typedef struct RestoreMap {
+@@ -139,6 +139,7 @@ typedef struct RestoreMap {
char *throttling_group;
char *cache;
bool write_zero;
@@ -177,7 +177,7 @@ index 89440733b1..21e765a469 100644
} RestoreMap;
static bool try_parse_option(char **line, const char *optname, char **out, const char *inbuf) {
-@@ -245,47 +246,61 @@ static int extract_content(int argc, char **argv)
+@@ -246,47 +247,61 @@ static int extract_content(int argc, char **argv)
char *bps = NULL;
char *group = NULL;
char *cache = NULL;
@@ -265,7 +265,7 @@ index 89440733b1..21e765a469 100644
if (!devname) {
g_error("read map failed - no dev name specified ('%s')",
inbuf);
-@@ -299,6 +314,7 @@ static int extract_content(int argc, char **argv)
+@@ -300,6 +315,7 @@ static int extract_content(int argc, char **argv)
map->throttling_group = group;
map->cache = cache;
map->write_zero = write_zero;
@@ -273,7 +273,7 @@ index 89440733b1..21e765a469 100644
g_hash_table_insert(devmap, map->devname, map);
-@@ -328,6 +344,7 @@ static int extract_content(int argc, char **argv)
+@@ -329,6 +345,7 @@ static int extract_content(int argc, char **argv)
const char *cache = NULL;
int flags = BDRV_O_RDWR;
bool write_zero = true;
@@ -281,7 +281,7 @@ index 89440733b1..21e765a469 100644
BlockBackend *blk = NULL;
-@@ -343,6 +360,7 @@ static int extract_content(int argc, char **argv)
+@@ -344,6 +361,7 @@ static int extract_content(int argc, char **argv)
throttling_group = map->throttling_group;
cache = map->cache;
write_zero = map->write_zero;
@@ -289,7 +289,7 @@ index 89440733b1..21e765a469 100644
} else {
devfn = g_strdup_printf("%s/tmp-disk-%s.raw",
dirname, di->devname);
-@@ -361,57 +379,60 @@ static int extract_content(int argc, char **argv)
+@@ -362,57 +380,60 @@ static int extract_content(int argc, char **argv)
write_zero = false;
}
diff --git a/debian/patches/pve/0052-pbs-namespace-support.patch b/debian/patches/pve/0052-pbs-namespace-support.patch
index 8d97602..67bda69 100644
--- a/debian/patches/pve/0052-pbs-namespace-support.patch
+++ b/debian/patches/pve/0052-pbs-namespace-support.patch
@@ -13,7 +13,7 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
5 files changed, 47 insertions(+), 9 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 52ddbf95ad..69c868887a 100644
+index 4c799f00d9..0502f42be6 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1041,6 +1041,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
@@ -202,7 +202,7 @@ index 9f6c04a512..f6a5f8c785 100644
backup_time,
dump_cb_block_size,
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index d089328a1f..705f0c97ba 100644
+index 13e03ca154..89875f309c 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -821,6 +821,8 @@
@@ -222,7 +222,7 @@ index d089328a1f..705f0c97ba 100644
'*backup-id': 'str',
'*backup-time': 'int',
'*use-dirty-bitmap': 'bool',
-@@ -3236,7 +3239,7 @@
+@@ -3256,7 +3259,7 @@
{ 'struct': 'BlockdevOptionsPbs',
'data': { 'repository': 'str', 'snapshot': 'str', 'archive': 'str',
'*keyfile': 'str', '*password': 'str', '*fingerprint': 'str',
diff --git a/debian/patches/pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch b/debian/patches/pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
new file mode 100644
index 0000000..4fd82ac
--- /dev/null
+++ b/debian/patches/pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
@@ -0,0 +1,80 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Thu, 23 Jun 2022 14:00:05 +0200
+Subject: [PATCH] Revert "block/rbd: workaround for ceph issue #53784"
+
+This reverts commit fc176116cdea816ceb8dd969080b2b95f58edbc0 in
+preparation to revert 0347a8fd4c3faaedf119be04c197804be40a384b.
+
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/rbd.c | 42 ++----------------------------------------
+ 1 file changed, 2 insertions(+), 40 deletions(-)
+
+diff --git a/block/rbd.c b/block/rbd.c
+index 0cec24c86d..0a9b97aa5e 100644
+--- a/block/rbd.c
++++ b/block/rbd.c
+@@ -1324,7 +1324,6 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
+ int status, r;
+ RBDDiffIterateReq req = { .offs = offset };
+ uint64_t features, flags;
+- uint64_t head = 0;
+
+ assert(offset + bytes <= s->image_size);
+
+@@ -1352,43 +1351,7 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
+ return status;
+ }
+
+-#if LIBRBD_VERSION_CODE < LIBRBD_VERSION(1, 17, 0)
+- /*
+- * librbd had a bug until early 2022 that affected all versions of ceph that
+- * supported fast-diff. This bug results in reporting of incorrect offsets
+- * if the offset parameter to rbd_diff_iterate2 is not object aligned.
+- * Work around this bug by rounding down the offset to object boundaries.
+- * This is OK because we call rbd_diff_iterate2 with whole_object = true.
+- * However, this workaround only works for non cloned images with default
+- * striping.
+- *
+- * See: https://tracker.ceph.com/issues/53784
+- */
+-
+- /* check if RBD image has non-default striping enabled */
+- if (features & RBD_FEATURE_STRIPINGV2) {
+- return status;
+- }
+-
+-#pragma GCC diagnostic push
+-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+- /*
+- * check if RBD image is a clone (= has a parent).
+- *
+- * rbd_get_parent_info is deprecated from Nautilus onwards, but the
+- * replacement rbd_get_parent is not present in Luminous and Mimic.
+- */
+- if (rbd_get_parent_info(s->image, NULL, 0, NULL, 0, NULL, 0) != -ENOENT) {
+- return status;
+- }
+-#pragma GCC diagnostic pop
+-
+- head = req.offs & (s->object_size - 1);
+- req.offs -= head;
+- bytes += head;
+-#endif
+-
+- r = rbd_diff_iterate2(s->image, NULL, req.offs, bytes, true, true,
++ r = rbd_diff_iterate2(s->image, NULL, offset, bytes, true, true,
+ qemu_rbd_diff_iterate_cb, &req);
+ if (r < 0 && r != QEMU_RBD_EXIT_DIFF_ITERATE2) {
+ return status;
+@@ -1407,8 +1370,7 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
+ status = BDRV_BLOCK_ZERO | BDRV_BLOCK_OFFSET_VALID;
+ }
+
+- assert(req.bytes > head);
+- *pnum = req.bytes - head;
++ *pnum = req.bytes;
+ return status;
+ }
+
diff --git a/debian/patches/pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch b/debian/patches/pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
new file mode 100644
index 0000000..6624c1d
--- /dev/null
+++ b/debian/patches/pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Thu, 23 Jun 2022 14:00:07 +0200
+Subject: [PATCH] Revert "block/rbd: fix handling of holes in
+ .bdrv_co_block_status"
+
+This reverts commit 9e302f64bb407a9bb097b626da97228c2654cfee in
+preparation to revert 0347a8fd4c3faaedf119be04c197804be40a384b.
+
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/rbd.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/block/rbd.c b/block/rbd.c
+index 0a9b97aa5e..1c585d23e9 100644
+--- a/block/rbd.c
++++ b/block/rbd.c
+@@ -1283,11 +1283,11 @@ static int qemu_rbd_diff_iterate_cb(uint64_t offs, size_t len,
+ RBDDiffIterateReq *req = opaque;
+
+ assert(req->offs + req->bytes <= offs);
+-
+- /* treat a hole like an unallocated area and bail out */
+- if (!exists) {
+- return 0;
+- }
++ /*
++ * we do not diff against a snapshot so we should never receive a callback
++ * for a hole.
++ */
++ assert(exists);
+
+ if (!req->exists && offs > req->offs) {
+ /*
diff --git a/debian/patches/pve/0053-Revert-block-rbd-implement-bdrv_co_block_status.patch b/debian/patches/pve/0055-Revert-block-rbd-implement-bdrv_co_block_status.patch
similarity index 97%
rename from debian/patches/pve/0053-Revert-block-rbd-implement-bdrv_co_block_status.patch
rename to debian/patches/pve/0055-Revert-block-rbd-implement-bdrv_co_block_status.patch
index d3c6a71..13e71b7 100644
--- a/debian/patches/pve/0053-Revert-block-rbd-implement-bdrv_co_block_status.patch
+++ b/debian/patches/pve/0055-Revert-block-rbd-implement-bdrv_co_block_status.patch
@@ -23,7 +23,7 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
1 file changed, 112 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
-index a4b8fb482c..3393b06a4e 100644
+index 1c585d23e9..1704767041 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -97,12 +97,6 @@ typedef struct RBDTask {
@@ -39,7 +39,7 @@ index a4b8fb482c..3393b06a4e 100644
static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
BlockdevOptionsRbd *opts, bool cache,
const char *keypairs, const char *secretid,
-@@ -1267,111 +1261,6 @@ static ImageInfoSpecific *qemu_rbd_get_specific_info(BlockDriverState *bs,
+@@ -1269,111 +1263,6 @@ static ImageInfoSpecific *qemu_rbd_get_specific_info(BlockDriverState *bs,
return spec_info;
}
@@ -151,7 +151,7 @@ index a4b8fb482c..3393b06a4e 100644
static int64_t qemu_rbd_getlength(BlockDriverState *bs)
{
BDRVRBDState *s = bs->opaque;
-@@ -1607,7 +1496,6 @@ static BlockDriver bdrv_rbd = {
+@@ -1609,7 +1498,6 @@ static BlockDriver bdrv_rbd = {
#ifdef LIBRBD_SUPPORTS_WRITE_ZEROES
.bdrv_co_pwrite_zeroes = qemu_rbd_co_pwrite_zeroes,
#endif
diff --git a/debian/patches/pve/0054-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch b/debian/patches/pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
similarity index 100%
rename from debian/patches/pve/0054-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
rename to debian/patches/pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
diff --git a/debian/patches/pve/0055-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch b/debian/patches/pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
similarity index 100%
rename from debian/patches/pve/0055-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
rename to debian/patches/pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
diff --git a/debian/patches/pve/0056-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch b/debian/patches/pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
similarity index 100%
rename from debian/patches/pve/0056-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
rename to debian/patches/pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
diff --git a/debian/patches/pve/0057-vma-create-support-64KiB-unaligned-input-images.patch b/debian/patches/pve/0059-vma-create-support-64KiB-unaligned-input-images.patch
similarity index 92%
rename from debian/patches/pve/0057-vma-create-support-64KiB-unaligned-input-images.patch
rename to debian/patches/pve/0059-vma-create-support-64KiB-unaligned-input-images.patch
index 7d9a07d..3097cf6 100644
--- a/debian/patches/pve/0057-vma-create-support-64KiB-unaligned-input-images.patch
+++ b/debian/patches/pve/0059-vma-create-support-64KiB-unaligned-input-images.patch
@@ -25,10 +25,10 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/vma.c b/vma.c
-index 21e765a469..6d02b29047 100644
+index e1a750ff50..b1137e27a7 100644
--- a/vma.c
+++ b/vma.c
-@@ -548,7 +548,7 @@ static void coroutine_fn backup_run(void *opaque)
+@@ -549,7 +549,7 @@ static void coroutine_fn backup_run(void *opaque)
struct iovec iov;
QEMUIOVector qiov;
@@ -37,7 +37,7 @@ index 21e765a469..6d02b29047 100644
int ret = 0;
unsigned char *buf = blk_blockalign(job->target, VMA_CLUSTER_SIZE);
-@@ -562,8 +562,16 @@ static void coroutine_fn backup_run(void *opaque)
+@@ -563,8 +563,16 @@ static void coroutine_fn backup_run(void *opaque)
iov.iov_len = VMA_CLUSTER_SIZE;
qemu_iovec_init_external(&qiov, &iov, 1);
diff --git a/debian/patches/pve/0058-vma-create-avoid-triggering-assertion-in-error-case.patch b/debian/patches/pve/0060-vma-create-avoid-triggering-assertion-in-error-case.patch
similarity index 88%
rename from debian/patches/pve/0058-vma-create-avoid-triggering-assertion-in-error-case.patch
rename to debian/patches/pve/0060-vma-create-avoid-triggering-assertion-in-error-case.patch
index 586f2ba..c7961ae 100644
--- a/debian/patches/pve/0058-vma-create-avoid-triggering-assertion-in-error-case.patch
+++ b/debian/patches/pve/0060-vma-create-avoid-triggering-assertion-in-error-case.patch
@@ -11,10 +11,10 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
1 file changed, 2 insertions(+)
diff --git a/vma-writer.c b/vma-writer.c
-index 11d8321ffd..29567cba68 100644
+index df4b20793d..ac7da237d0 100644
--- a/vma-writer.c
+++ b/vma-writer.c
-@@ -310,6 +310,8 @@ VmaWriter *vma_writer_create(const char *filename, uuid_t uuid, Error **errp)
+@@ -311,6 +311,8 @@ VmaWriter *vma_writer_create(const char *filename, uuid_t uuid, Error **errp)
}
if (vmaw->fd < 0) {
diff --git a/debian/patches/pve/0059-block-alloc-track-avoid-premature-break.patch b/debian/patches/pve/0061-block-alloc-track-avoid-premature-break.patch
similarity index 100%
rename from debian/patches/pve/0059-block-alloc-track-avoid-premature-break.patch
rename to debian/patches/pve/0061-block-alloc-track-avoid-premature-break.patch
diff --git a/debian/patches/series b/debian/patches/series
index dc51355..6fa7ca8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,22 +1,5 @@
extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
-extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch
-extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
-extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch
-extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch
-extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch
-extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch
-extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
-extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch
-extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
-extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
-extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
-extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch
-extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch
-extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch
-extra/0018-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
-extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch
-extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
-extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
+extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
@@ -75,10 +58,12 @@ pve/0049-PVE-savevm-async-register-yank-before-migration_inco.patch
pve/0050-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
pve/0051-vma-allow-partial-restore.patch
pve/0052-pbs-namespace-support.patch
-pve/0053-Revert-block-rbd-implement-bdrv_co_block_status.patch
-pve/0054-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
-pve/0055-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
-pve/0056-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
-pve/0057-vma-create-support-64KiB-unaligned-input-images.patch
-pve/0058-vma-create-avoid-triggering-assertion-in-error-case.patch
-pve/0059-block-alloc-track-avoid-premature-break.patch
+pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
+pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
+pve/0055-Revert-block-rbd-implement-bdrv_co_block_status.patch
+pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
+pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
+pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
+pve/0059-vma-create-support-64KiB-unaligned-input-images.patch
+pve/0060-vma-create-avoid-triggering-assertion-in-error-case.patch
+pve/0061-block-alloc-track-avoid-premature-break.patch
diff --git a/qemu b/qemu
index 44f28df..823a3f1 160000
--- a/qemu
+++ b/qemu
@@ -1 +1 @@
-Subproject commit 44f28df24767cf9dca1ddc9b23157737c4cbb645
+Subproject commit 823a3f11fb8f04c3c3cc0f95f968fef1bfc6534f
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH qemu 2/4] d/rules: drop outdated configure flags
2022-06-27 11:05 [pve-devel] [PATCH-SERIES qemu] update to 7.0.0 Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches " Fabian Ebner
@ 2022-06-27 11:05 ` Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 3/4] d/rules: adapt to changed opensbi riscv filenames in 7.0.0 Fabian Ebner
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Fabian Ebner @ 2022-06-27 11:05 UTC (permalink / raw)
To: pve-devel
See QEMU commits 9e8be4c546ce8469ca9702715bf8f198d604b685 and
a5730b8bd3675f484ed0eacea052452048eeb35d for more information.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
debian/rules | 2 --
1 file changed, 2 deletions(-)
diff --git a/debian/rules b/debian/rules
index 6814f42..5e03193 100755
--- a/debian/rules
+++ b/debian/rules
@@ -58,7 +58,6 @@ ${BUILDDIR}/config.status: configure
--disable-guest-agent-msi \
--disable-libnfs \
--disable-libssh \
- --disable-libxml2 \
--disable-sdl \
--disable-smartcard \
--disable-strip \
@@ -80,7 +79,6 @@ ${BUILDDIR}/config.status: configure
--enable-virglrenderer \
--enable-virtfs \
--enable-virtiofsd \
- --enable-xfsctl \
--enable-zstd
build: build-stamp
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH qemu 3/4] d/rules: adapt to changed opensbi riscv filenames in 7.0.0
2022-06-27 11:05 [pve-devel] [PATCH-SERIES qemu] update to 7.0.0 Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches " Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 2/4] d/rules: drop outdated configure flags Fabian Ebner
@ 2022-06-27 11:05 ` Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 4/4] cherry-pick upstream fixes for 7.0.0 Fabian Ebner
2022-06-30 11:16 ` [pve-devel] applied-series: [PATCH-SERIES qemu] update to 7.0.0 Wolfgang Bumiller
4 siblings, 0 replies; 6+ messages in thread
From: Fabian Ebner @ 2022-06-27 11:05 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
debian/rules | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/debian/rules b/debian/rules
index 5e03193..6192fe7 100755
--- a/debian/rules
+++ b/debian/rules
@@ -132,8 +132,8 @@ install: build
# remove Alpha files
rm $(destdir)/usr/share/kvm/palcode-clipper
# remove RISC-V files
- rm $(destdir)/usr/share/kvm/opensbi-riscv32-generic-fw_dynamic.elf
- rm $(destdir)/usr/share/kvm/opensbi-riscv64-generic-fw_dynamic.elf
+ rm $(destdir)/usr/share/kvm/opensbi-riscv32-generic-fw_dynamic.bin
+ rm $(destdir)/usr/share/kvm/opensbi-riscv64-generic-fw_dynamic.bin
# Remove things we don't package at all, would be a "kvm-dev" package
rm -Rf $(destdir)/usr/include/linux/
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH qemu 4/4] cherry-pick upstream fixes for 7.0.0
2022-06-27 11:05 [pve-devel] [PATCH-SERIES qemu] update to 7.0.0 Fabian Ebner
` (2 preceding siblings ...)
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 3/4] d/rules: adapt to changed opensbi riscv filenames in 7.0.0 Fabian Ebner
@ 2022-06-27 11:05 ` Fabian Ebner
2022-06-30 11:16 ` [pve-devel] applied-series: [PATCH-SERIES qemu] update to 7.0.0 Wolfgang Bumiller
4 siblings, 0 replies; 6+ messages in thread
From: Fabian Ebner @ 2022-06-27 11:05 UTC (permalink / raw)
To: pve-devel
coming in via qemu-stable (except for the vdmk fix, which was tagged
for-7.0 on the qemu-devel list, but didn't make it into the release).
Also took the chance to switch the gluster fix to the version that
made it into upstream.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
...rrectly-set-max_pdiscard-which-is-in.patch | 38 ------
...k-gluster-correctly-set-max_pdiscard.patch | 47 +++++++
...003-block-vmdk-Fix-reopening-bs-file.patch | 129 ++++++++++++++++++
...balanced-plugged-counter-in-laio_io_.patch | 44 ++++++
...erflow-in-snprintf-string-formatting.patch | 100 ++++++++++++++
...Fix-disabling-MPX-on-cpu-host-with-M.patch | 48 +++++++
...ontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch | 121 ++++++++++++++++
...outine-use-QEMU_DEFINE_STATIC_CO_TLS.patch | 123 +++++++++++++++++
...ame-qemu_coroutine_inc-dec_pool_size.patch | 90 ++++++++++++
...outine-Revert-to-constant-batch-size.patch | 121 ++++++++++++++++
...-not-consult-nonexistent-host-leaves.patch | 117 ++++++++++++++++
...ctrl-and-event-handler-functions-in-.patch | 108 +++++++++++++++
...t-waste-CPU-polling-the-event-virtqu.patch | 91 ++++++++++++
...k-descriptor-chain-in-private-at-SVQ.patch | 102 ++++++++++++++
...Fix-device-s-used-descriptor-dequeue.patch | 62 +++++++++
...ex-calculus-at-vhost_vdpa_get_vring_.patch | 39 ++++++
...ex-calculus-at-vhost_vdpa_svqs_start.patch | 35 +++++
...virtio-Replace-g_memdup-by-g_memdup2.patch | 74 ++++++++++
...Fix-element-in-vhost_svq_add-failure.patch | 47 +++++++
debian/patches/series | 19 ++-
20 files changed, 1516 insertions(+), 39 deletions(-)
delete mode 100644 debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
create mode 100644 debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard.patch
create mode 100644 debian/patches/extra/0003-block-vmdk-Fix-reopening-bs-file.patch
create mode 100644 debian/patches/extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
create mode 100644 debian/patches/extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch
create mode 100644 debian/patches/extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch
create mode 100644 debian/patches/extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
create mode 100644 debian/patches/extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
create mode 100644 debian/patches/extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
create mode 100644 debian/patches/extra/0010-coroutine-Revert-to-constant-batch-size.patch
create mode 100644 debian/patches/extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch
create mode 100644 debian/patches/extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
create mode 100644 debian/patches/extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
create mode 100644 debian/patches/extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
create mode 100644 debian/patches/extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch
create mode 100644 debian/patches/extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
create mode 100644 debian/patches/extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
create mode 100644 debian/patches/extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
create mode 100644 debian/patches/extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch
diff --git a/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch b/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
deleted file mode 100644
index 91676e4..0000000
--- a/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fabian Ebner <f.ebner@proxmox.com>
-Date: Fri, 6 May 2022 14:38:35 +0200
-Subject: [PATCH] block/gluster: correctly set max_pdiscard which is int64_t
-
-Previously, max_pdiscard would be zero in the following assertion:
-qemu-system-x86_64: ../block/io.c:3166: bdrv_co_pdiscard: Assertion
-`max_pdiscard >= bs->bl.request_alignment' failed.
-
-Fixes: 0c8022876f ("block: use int64_t instead of int in driver discard handlers")
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- block/gluster.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/block/gluster.c b/block/gluster.c
-index 398976bc66..592e71b22a 100644
---- a/block/gluster.c
-+++ b/block/gluster.c
-@@ -891,7 +891,7 @@ out:
- static void qemu_gluster_refresh_limits(BlockDriverState *bs, Error **errp)
- {
- bs->bl.max_transfer = GLUSTER_MAX_TRANSFER;
-- bs->bl.max_pdiscard = SIZE_MAX;
-+ bs->bl.max_pdiscard = INT64_MAX;
- }
-
- static int qemu_gluster_reopen_prepare(BDRVReopenState *state,
-@@ -1304,7 +1304,7 @@ static coroutine_fn int qemu_gluster_co_pdiscard(BlockDriverState *bs,
- GlusterAIOCB acb;
- BDRVGlusterState *s = bs->opaque;
-
-- assert(bytes <= SIZE_MAX); /* rely on max_pdiscard */
-+ assert(bytes <= INT64_MAX); /* rely on max_pdiscard */
-
- acb.size = 0;
- acb.ret = 0;
diff --git a/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard.patch b/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard.patch
new file mode 100644
index 0000000..c0b8ee0
--- /dev/null
+++ b/debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard.patch
@@ -0,0 +1,47 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Fri, 20 May 2022 09:59:22 +0200
+Subject: [PATCH] block/gluster: correctly set max_pdiscard
+
+On 64-bit platforms, assigning SIZE_MAX to the int64_t max_pdiscard
+results in a negative value, and the following assertion would trigger
+down the line (it's not the same max_pdiscard, but computed from the
+other one):
+qemu-system-x86_64: ../block/io.c:3166: bdrv_co_pdiscard: Assertion
+`max_pdiscard >= bs->bl.request_alignment' failed.
+
+On 32-bit platforms, it's fine to keep using SIZE_MAX.
+
+The assertion in qemu_gluster_co_pdiscard() is checking that the value
+of 'bytes' can safely be passed to glfs_discard_async(), which takes a
+size_t for the argument in question, so it is kept as is. And since
+max_pdiscard is still <= SIZE_MAX, relying on max_pdiscard is still
+fine.
+
+Fixes: 0c8022876f ("block: use int64_t instead of int in driver discard handlers")
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+Message-Id: <20220520075922.43972-1-f.ebner@proxmox.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
+Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit 9b38fc56c054c7de65fa3bf7cdd82b32654f6b7d)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/gluster.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/block/gluster.c b/block/gluster.c
+index 80b75cb96c..1079b6186b 100644
+--- a/block/gluster.c
++++ b/block/gluster.c
+@@ -901,7 +901,7 @@ out:
+ static void qemu_gluster_refresh_limits(BlockDriverState *bs, Error **errp)
+ {
+ bs->bl.max_transfer = GLUSTER_MAX_TRANSFER;
+- bs->bl.max_pdiscard = SIZE_MAX;
++ bs->bl.max_pdiscard = MIN(SIZE_MAX, INT64_MAX);
+ }
+
+ static int qemu_gluster_reopen_prepare(BDRVReopenState *state,
diff --git a/debian/patches/extra/0003-block-vmdk-Fix-reopening-bs-file.patch b/debian/patches/extra/0003-block-vmdk-Fix-reopening-bs-file.patch
new file mode 100644
index 0000000..65c43de
--- /dev/null
+++ b/debian/patches/extra/0003-block-vmdk-Fix-reopening-bs-file.patch
@@ -0,0 +1,129 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Hanna Reitz <hreitz@redhat.com>
+Date: Mon, 14 Mar 2022 17:27:18 +0100
+Subject: [PATCH] block/vmdk: Fix reopening bs->file
+
+VMDK disk data is stored in extents, which may or may not be separate
+from bs->file. VmdkExtent.file points to where they are stored. Each
+that is stored in bs->file will simply reuse the exact pointer value of
+bs->file.
+
+(That is why vmdk_free_extents() will unref VmdkExtent.file (e->file)
+only if e->file != bs->file.)
+
+Reopen operations can change bs->file (they will replace the whole
+BdrvChild object, not just the BDS stored in that BdrvChild), and then
+we will need to change all .file pointers of all such VmdkExtents to
+point to the new BdrvChild.
+
+In vmdk_reopen_prepare(), we have to check which VmdkExtents are
+affected, and in vmdk_reopen_commit(), we can modify them. We have to
+split this because:
+- The new BdrvChild is created only after prepare, so we can change
+ VmdkExtent.file only in commit
+- In commit, there no longer is any (valid) reference to the old
+ BdrvChild object, so there would be nothing to compare VmdkExtent.file
+ against to see whether it was equal to bs->file before reopening
+ (There is BDRVReopenState.old_file_bs, but the old bs->file
+ BdrvChild's .bs pointer will be NULL-ed when the new BdrvChild is
+ created, and so we cannot compare VmdkExtent.file->bs against
+ BDRVReopenState.old_file_bs)
+
+Signed-off-by: Hanna Reitz <hreitz@redhat.com>
+Message-Id: <20220314162719.65384-2-hreitz@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit 6d17e2879854d7d0e623c06a9286085e97bf3545)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/vmdk.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 55 insertions(+), 1 deletion(-)
+
+diff --git a/block/vmdk.c b/block/vmdk.c
+index 37c0946066..38e5ab3806 100644
+--- a/block/vmdk.c
++++ b/block/vmdk.c
+@@ -178,6 +178,10 @@ typedef struct BDRVVmdkState {
+ char *create_type;
+ } BDRVVmdkState;
+
++typedef struct BDRVVmdkReopenState {
++ bool *extents_using_bs_file;
++} BDRVVmdkReopenState;
++
+ typedef struct VmdkMetaData {
+ unsigned int l1_index;
+ unsigned int l2_index;
+@@ -400,15 +404,63 @@ static int vmdk_is_cid_valid(BlockDriverState *bs)
+ return 1;
+ }
+
+-/* We have nothing to do for VMDK reopen, stubs just return success */
+ static int vmdk_reopen_prepare(BDRVReopenState *state,
+ BlockReopenQueue *queue, Error **errp)
+ {
++ BDRVVmdkState *s;
++ BDRVVmdkReopenState *rs;
++ int i;
++
+ assert(state != NULL);
+ assert(state->bs != NULL);
++ assert(state->opaque == NULL);
++
++ s = state->bs->opaque;
++
++ rs = g_new0(BDRVVmdkReopenState, 1);
++ state->opaque = rs;
++
++ /*
++ * Check whether there are any extents stored in bs->file; if bs->file
++ * changes, we will need to update their .file pointers to follow suit
++ */
++ rs->extents_using_bs_file = g_new(bool, s->num_extents);
++ for (i = 0; i < s->num_extents; i++) {
++ rs->extents_using_bs_file[i] = s->extents[i].file == state->bs->file;
++ }
++
+ return 0;
+ }
+
++static void vmdk_reopen_clean(BDRVReopenState *state)
++{
++ BDRVVmdkReopenState *rs = state->opaque;
++
++ g_free(rs->extents_using_bs_file);
++ g_free(rs);
++ state->opaque = NULL;
++}
++
++static void vmdk_reopen_commit(BDRVReopenState *state)
++{
++ BDRVVmdkState *s = state->bs->opaque;
++ BDRVVmdkReopenState *rs = state->opaque;
++ int i;
++
++ for (i = 0; i < s->num_extents; i++) {
++ if (rs->extents_using_bs_file[i]) {
++ s->extents[i].file = state->bs->file;
++ }
++ }
++
++ vmdk_reopen_clean(state);
++}
++
++static void vmdk_reopen_abort(BDRVReopenState *state)
++{
++ vmdk_reopen_clean(state);
++}
++
+ static int vmdk_parent_open(BlockDriverState *bs)
+ {
+ char *p_name;
+@@ -3072,6 +3124,8 @@ static BlockDriver bdrv_vmdk = {
+ .bdrv_open = vmdk_open,
+ .bdrv_co_check = vmdk_co_check,
+ .bdrv_reopen_prepare = vmdk_reopen_prepare,
++ .bdrv_reopen_commit = vmdk_reopen_commit,
++ .bdrv_reopen_abort = vmdk_reopen_abort,
+ .bdrv_child_perm = bdrv_default_perms,
+ .bdrv_co_preadv = vmdk_co_preadv,
+ .bdrv_co_pwritev = vmdk_co_pwritev,
diff --git a/debian/patches/extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch b/debian/patches/extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
new file mode 100644
index 0000000..cf130ac
--- /dev/null
+++ b/debian/patches/extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
@@ -0,0 +1,44 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Thu, 9 Jun 2022 17:47:11 +0100
+Subject: [PATCH] linux-aio: fix unbalanced plugged counter in laio_io_unplug()
+
+Every laio_io_plug() call has a matching laio_io_unplug() call. There is
+a plugged counter that tracks the number of levels of plugging and
+allows for nesting.
+
+The plugged counter must reflect the balance between laio_io_plug() and
+laio_io_unplug() calls accurately. Otherwise I/O stalls occur since
+io_submit(2) calls are skipped while plugged.
+
+Reported-by: Nikolay Tenev <nt@storpool.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
+Message-id: 20220609164712.1539045-2-stefanha@redhat.com
+Cc: Stefano Garzarella <sgarzare@redhat.com>
+Fixes: 68d7946648 ("linux-aio: add `dev_max_batch` parameter to laio_io_unplug()")
+[Stefano Garzarella suggested adding a Fixes tag.
+--Stefan]
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry-picked from commit f387cac5af030a58ac5a0dacf64cab5e5a4fe5c7)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/linux-aio.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/block/linux-aio.c b/block/linux-aio.c
+index 4c423fcccf..6078da7e42 100644
+--- a/block/linux-aio.c
++++ b/block/linux-aio.c
+@@ -363,8 +363,10 @@ void laio_io_unplug(BlockDriverState *bs, LinuxAioState *s,
+ uint64_t dev_max_batch)
+ {
+ assert(s->io_q.plugged);
++ s->io_q.plugged--;
++
+ if (s->io_q.in_queue >= laio_max_batch(s, dev_max_batch) ||
+- (--s->io_q.plugged == 0 &&
++ (!s->io_q.plugged &&
+ !s->io_q.blocked && !QSIMPLEQ_EMPTY(&s->io_q.pending))) {
+ ioq_submit(s);
+ }
diff --git a/debian/patches/extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch b/debian/patches/extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch
new file mode 100644
index 0000000..3f2dfa9
--- /dev/null
+++ b/debian/patches/extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch
@@ -0,0 +1,100 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Claudio Fontana <cfontana@suse.de>
+Date: Tue, 31 May 2022 13:47:07 +0200
+Subject: [PATCH] pci: fix overflow in snprintf string formatting
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+the code in pcibus_get_fw_dev_path contained the potential for a
+stack buffer overflow of 1 byte, potentially writing to the stack an
+extra NUL byte.
+
+This overflow could happen if the PCI slot is >= 0x10000000,
+and the PCI function is >= 0x10000000, due to the size parameter
+of snprintf being incorrectly calculated in the call:
+
+ if (PCI_FUNC(d->devfn))
+ snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
+
+since the off obtained from a previous call to snprintf is added
+instead of subtracted from the total available size of the buffer.
+
+Without the accurate size guard from snprintf, we end up writing in the
+worst case:
+
+name (32) + "@" (1) + SLOT (8) + "," (1) + FUNC (8) + term NUL (1) = 51 bytes
+
+In order to provide something more robust, replace all of the code in
+pcibus_get_fw_dev_path with a single call to g_strdup_printf,
+so there is no need to rely on manual calculations.
+
+Found by compiling QEMU with FORTIFY_SOURCE=3 as the error:
+
+*** buffer overflow detected ***: terminated
+
+Thread 1 "qemu-system-x86" received signal SIGABRT, Aborted.
+[Switching to Thread 0x7ffff642c380 (LWP 121307)]
+0x00007ffff71ff55c in __pthread_kill_implementation () from /lib64/libc.so.6
+(gdb) bt
+ #0 0x00007ffff71ff55c in __pthread_kill_implementation () at /lib64/libc.so.6
+ #1 0x00007ffff71ac6f6 in raise () at /lib64/libc.so.6
+ #2 0x00007ffff7195814 in abort () at /lib64/libc.so.6
+ #3 0x00007ffff71f279e in __libc_message () at /lib64/libc.so.6
+ #4 0x00007ffff729767a in __fortify_fail () at /lib64/libc.so.6
+ #5 0x00007ffff7295c36 in () at /lib64/libc.so.6
+ #6 0x00007ffff72957f5 in __snprintf_chk () at /lib64/libc.so.6
+ #7 0x0000555555b1c1fd in pcibus_get_fw_dev_path ()
+ #8 0x0000555555f2bde4 in qdev_get_fw_dev_path_helper.constprop ()
+ #9 0x0000555555f2bd86 in qdev_get_fw_dev_path_helper.constprop ()
+ #10 0x00005555559a6e5d in get_boot_device_path ()
+ #11 0x00005555559a712c in get_boot_devices_list ()
+ #12 0x0000555555b1a3d0 in fw_cfg_machine_reset ()
+ #13 0x0000555555bf4c2d in pc_machine_reset ()
+ #14 0x0000555555c66988 in qemu_system_reset ()
+ #15 0x0000555555a6dff6 in qdev_machine_creation_done ()
+ #16 0x0000555555c79186 in qmp_x_exit_preconfig.part ()
+ #17 0x0000555555c7b459 in qemu_init ()
+ #18 0x0000555555960a29 in main ()
+
+Found-by: Dario Faggioli <Dario Faggioli <dfaggioli@suse.com>
+Found-by: Martin Liška <martin.liska@suse.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Claudio Fontana <cfontana@suse.de>
+Message-Id: <20220531114707.18830-1-cfontana@suse.de>
+Reviewed-by: Ani Sinha <ani@anisinha.ca>
+(cherry-picked from commit 36f18c6989a3d1ff1d7a0e50b0868ef3958299b4)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/pci/pci.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/hw/pci/pci.c b/hw/pci/pci.c
+index dae9119bfe..c69b412434 100644
+--- a/hw/pci/pci.c
++++ b/hw/pci/pci.c
+@@ -2625,15 +2625,15 @@ static char *pci_dev_fw_name(DeviceState *dev, char *buf, int len)
+ static char *pcibus_get_fw_dev_path(DeviceState *dev)
+ {
+ PCIDevice *d = (PCIDevice *)dev;
+- char path[50], name[33];
+- int off;
+-
+- off = snprintf(path, sizeof(path), "%s@%x",
+- pci_dev_fw_name(dev, name, sizeof name),
+- PCI_SLOT(d->devfn));
+- if (PCI_FUNC(d->devfn))
+- snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn));
+- return g_strdup(path);
++ char name[33];
++ int has_func = !!PCI_FUNC(d->devfn);
++
++ return g_strdup_printf("%s@%x%s%.*x",
++ pci_dev_fw_name(dev, name, sizeof(name)),
++ PCI_SLOT(d->devfn),
++ has_func ? "," : "",
++ has_func,
++ PCI_FUNC(d->devfn));
+ }
+
+ static char *pcibus_get_dev_path(DeviceState *dev)
diff --git a/debian/patches/extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch b/debian/patches/extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch
new file mode 100644
index 0000000..d393ed1
--- /dev/null
+++ b/debian/patches/extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch
@@ -0,0 +1,48 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
+Date: Mon, 23 May 2022 18:26:58 +0200
+Subject: [PATCH] target/i386/kvm: Fix disabling MPX on "-cpu host" with
+ MPX-capable host
+
+Since KVM commit 5f76f6f5ff96 ("KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled")
+it is not possible to disable MPX on a "-cpu host" just by adding "-mpx"
+there if the host CPU does indeed support MPX.
+QEMU will fail to set MSR_IA32_VMX_TRUE_{EXIT,ENTRY}_CTLS MSRs in this case
+and so trigger an assertion failure.
+
+Instead, besides "-mpx" one has to explicitly add also
+"-vmx-exit-clear-bndcfgs" and "-vmx-entry-load-bndcfgs" to QEMU command
+line to make it work, which is a bit convoluted.
+
+Make the MPX-related bits in FEAT_VMX_{EXIT,ENTRY}_CTLS dependent on MPX
+being actually enabled so such workarounds are no longer necessary.
+
+Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
+Message-Id: <51aa2125c76363204cc23c27165e778097c33f0b.1653323077.git.maciej.szmigiero@oracle.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry-picked from commit 267b5e7e378afd260004cb37a66a6fcd641e3b53)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ target/i386/cpu.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index cb6b5467d0..6e6945139b 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -1327,6 +1327,14 @@ static FeatureDep feature_dependencies[] = {
+ .from = { FEAT_7_0_EBX, CPUID_7_0_EBX_INVPCID },
+ .to = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_ENABLE_INVPCID },
+ },
++ {
++ .from = { FEAT_7_0_EBX, CPUID_7_0_EBX_MPX },
++ .to = { FEAT_VMX_EXIT_CTLS, VMX_VM_EXIT_CLEAR_BNDCFGS },
++ },
++ {
++ .from = { FEAT_7_0_EBX, CPUID_7_0_EBX_MPX },
++ .to = { FEAT_VMX_ENTRY_CTLS, VMX_VM_ENTRY_LOAD_BNDCFGS },
++ },
+ {
+ .from = { FEAT_7_0_EBX, CPUID_7_0_EBX_RDSEED },
+ .to = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_RDSEED_EXITING },
diff --git a/debian/patches/extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch b/debian/patches/extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
new file mode 100644
index 0000000..6c4d523
--- /dev/null
+++ b/debian/patches/extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
@@ -0,0 +1,121 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Mon, 7 Mar 2022 15:38:51 +0000
+Subject: [PATCH] coroutine-ucontext: use QEMU_DEFINE_STATIC_CO_TLS()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Thread-Local Storage variables cannot be used directly from coroutine
+code because the compiler may optimize TLS variable accesses across
+qemu_coroutine_yield() calls. When the coroutine is re-entered from
+another thread the TLS variables from the old thread must no longer be
+used.
+
+Use QEMU_DEFINE_STATIC_CO_TLS() for the current and leader variables.
+
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20220307153853.602859-2-stefanha@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit 34145a307d849d0b6734d0222a7aa0bb9eef7407)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ util/coroutine-ucontext.c | 38 ++++++++++++++++++++++++--------------
+ 1 file changed, 24 insertions(+), 14 deletions(-)
+
+diff --git a/util/coroutine-ucontext.c b/util/coroutine-ucontext.c
+index 904b375192..127d5a13c8 100644
+--- a/util/coroutine-ucontext.c
++++ b/util/coroutine-ucontext.c
+@@ -25,6 +25,7 @@
+ #include "qemu/osdep.h"
+ #include <ucontext.h>
+ #include "qemu/coroutine_int.h"
++#include "qemu/coroutine-tls.h"
+
+ #ifdef CONFIG_VALGRIND_H
+ #include <valgrind/valgrind.h>
+@@ -66,8 +67,8 @@ typedef struct {
+ /**
+ * Per-thread coroutine bookkeeping
+ */
+-static __thread CoroutineUContext leader;
+-static __thread Coroutine *current;
++QEMU_DEFINE_STATIC_CO_TLS(Coroutine *, current);
++QEMU_DEFINE_STATIC_CO_TLS(CoroutineUContext, leader);
+
+ /*
+ * va_args to makecontext() must be type 'int', so passing
+@@ -97,14 +98,15 @@ static inline __attribute__((always_inline))
+ void finish_switch_fiber(void *fake_stack_save)
+ {
+ #ifdef CONFIG_ASAN
++ CoroutineUContext *leaderp = get_ptr_leader();
+ const void *bottom_old;
+ size_t size_old;
+
+ __sanitizer_finish_switch_fiber(fake_stack_save, &bottom_old, &size_old);
+
+- if (!leader.stack) {
+- leader.stack = (void *)bottom_old;
+- leader.stack_size = size_old;
++ if (!leaderp->stack) {
++ leaderp->stack = (void *)bottom_old;
++ leaderp->stack_size = size_old;
+ }
+ #endif
+ #ifdef CONFIG_TSAN
+@@ -161,8 +163,10 @@ static void coroutine_trampoline(int i0, int i1)
+
+ /* Initialize longjmp environment and switch back the caller */
+ if (!sigsetjmp(self->env, 0)) {
+- start_switch_fiber_asan(COROUTINE_YIELD, &fake_stack_save, leader.stack,
+- leader.stack_size);
++ CoroutineUContext *leaderp = get_ptr_leader();
++
++ start_switch_fiber_asan(COROUTINE_YIELD, &fake_stack_save,
++ leaderp->stack, leaderp->stack_size);
+ start_switch_fiber_tsan(&fake_stack_save, self, true); /* true=caller */
+ siglongjmp(*(sigjmp_buf *)co->entry_arg, 1);
+ }
+@@ -297,7 +301,7 @@ qemu_coroutine_switch(Coroutine *from_, Coroutine *to_,
+ int ret;
+ void *fake_stack_save = NULL;
+
+- current = to_;
++ set_current(to_);
+
+ ret = sigsetjmp(from->env, 0);
+ if (ret == 0) {
+@@ -315,18 +319,24 @@ qemu_coroutine_switch(Coroutine *from_, Coroutine *to_,
+
+ Coroutine *qemu_coroutine_self(void)
+ {
+- if (!current) {
+- current = &leader.base;
++ Coroutine *self = get_current();
++ CoroutineUContext *leaderp = get_ptr_leader();
++
++ if (!self) {
++ self = &leaderp->base;
++ set_current(self);
+ }
+ #ifdef CONFIG_TSAN
+- if (!leader.tsan_co_fiber) {
+- leader.tsan_co_fiber = __tsan_get_current_fiber();
++ if (!leaderp->tsan_co_fiber) {
++ leaderp->tsan_co_fiber = __tsan_get_current_fiber();
+ }
+ #endif
+- return current;
++ return self;
+ }
+
+ bool qemu_in_coroutine(void)
+ {
+- return current && current->caller;
++ Coroutine *self = get_current();
++
++ return self && self->caller;
+ }
diff --git a/debian/patches/extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch b/debian/patches/extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
new file mode 100644
index 0000000..b5c4d3b
--- /dev/null
+++ b/debian/patches/extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
@@ -0,0 +1,123 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Mon, 7 Mar 2022 15:38:52 +0000
+Subject: [PATCH] coroutine: use QEMU_DEFINE_STATIC_CO_TLS()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Thread-Local Storage variables cannot be used directly from coroutine
+code because the compiler may optimize TLS variable accesses across
+qemu_coroutine_yield() calls. When the coroutine is re-entered from
+another thread the TLS variables from the old thread must no longer be
+used.
+
+Use QEMU_DEFINE_STATIC_CO_TLS() for the current and leader variables.
+The alloc_pool QSLIST needs a typedef so the return value of
+get_ptr_alloc_pool() can be stored in a local variable.
+
+One example of why this code is necessary: a coroutine that yields
+before calling qemu_coroutine_create() to create another coroutine is
+affected by the TLS issue.
+
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20220307153853.602859-3-stefanha@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit ac387a08a9c9f6b36757da912f0339c25f421f90)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ util/qemu-coroutine.c | 41 ++++++++++++++++++++++++-----------------
+ 1 file changed, 24 insertions(+), 17 deletions(-)
+
+diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
+index c03b2422ff..f3e8300c8d 100644
+--- a/util/qemu-coroutine.c
++++ b/util/qemu-coroutine.c
+@@ -18,6 +18,7 @@
+ #include "qemu/atomic.h"
+ #include "qemu/coroutine.h"
+ #include "qemu/coroutine_int.h"
++#include "qemu/coroutine-tls.h"
+ #include "block/aio.h"
+
+ /** Initial batch size is 64, and is increased on demand */
+@@ -29,17 +30,20 @@ enum {
+ static QSLIST_HEAD(, Coroutine) release_pool = QSLIST_HEAD_INITIALIZER(pool);
+ static unsigned int pool_batch_size = POOL_INITIAL_BATCH_SIZE;
+ static unsigned int release_pool_size;
+-static __thread QSLIST_HEAD(, Coroutine) alloc_pool = QSLIST_HEAD_INITIALIZER(pool);
+-static __thread unsigned int alloc_pool_size;
+-static __thread Notifier coroutine_pool_cleanup_notifier;
++
++typedef QSLIST_HEAD(, Coroutine) CoroutineQSList;
++QEMU_DEFINE_STATIC_CO_TLS(CoroutineQSList, alloc_pool);
++QEMU_DEFINE_STATIC_CO_TLS(unsigned int, alloc_pool_size);
++QEMU_DEFINE_STATIC_CO_TLS(Notifier, coroutine_pool_cleanup_notifier);
+
+ static void coroutine_pool_cleanup(Notifier *n, void *value)
+ {
+ Coroutine *co;
+ Coroutine *tmp;
++ CoroutineQSList *alloc_pool = get_ptr_alloc_pool();
+
+- QSLIST_FOREACH_SAFE(co, &alloc_pool, pool_next, tmp) {
+- QSLIST_REMOVE_HEAD(&alloc_pool, pool_next);
++ QSLIST_FOREACH_SAFE(co, alloc_pool, pool_next, tmp) {
++ QSLIST_REMOVE_HEAD(alloc_pool, pool_next);
+ qemu_coroutine_delete(co);
+ }
+ }
+@@ -49,27 +53,30 @@ Coroutine *qemu_coroutine_create(CoroutineEntry *entry, void *opaque)
+ Coroutine *co = NULL;
+
+ if (CONFIG_COROUTINE_POOL) {
+- co = QSLIST_FIRST(&alloc_pool);
++ CoroutineQSList *alloc_pool = get_ptr_alloc_pool();
++
++ co = QSLIST_FIRST(alloc_pool);
+ if (!co) {
+ if (release_pool_size > qatomic_read(&pool_batch_size)) {
+ /* Slow path; a good place to register the destructor, too. */
+- if (!coroutine_pool_cleanup_notifier.notify) {
+- coroutine_pool_cleanup_notifier.notify = coroutine_pool_cleanup;
+- qemu_thread_atexit_add(&coroutine_pool_cleanup_notifier);
++ Notifier *notifier = get_ptr_coroutine_pool_cleanup_notifier();
++ if (!notifier->notify) {
++ notifier->notify = coroutine_pool_cleanup;
++ qemu_thread_atexit_add(notifier);
+ }
+
+ /* This is not exact; there could be a little skew between
+ * release_pool_size and the actual size of release_pool. But
+ * it is just a heuristic, it does not need to be perfect.
+ */
+- alloc_pool_size = qatomic_xchg(&release_pool_size, 0);
+- QSLIST_MOVE_ATOMIC(&alloc_pool, &release_pool);
+- co = QSLIST_FIRST(&alloc_pool);
++ set_alloc_pool_size(qatomic_xchg(&release_pool_size, 0));
++ QSLIST_MOVE_ATOMIC(alloc_pool, &release_pool);
++ co = QSLIST_FIRST(alloc_pool);
+ }
+ }
+ if (co) {
+- QSLIST_REMOVE_HEAD(&alloc_pool, pool_next);
+- alloc_pool_size--;
++ QSLIST_REMOVE_HEAD(alloc_pool, pool_next);
++ set_alloc_pool_size(get_alloc_pool_size() - 1);
+ }
+ }
+
+@@ -93,9 +100,9 @@ static void coroutine_delete(Coroutine *co)
+ qatomic_inc(&release_pool_size);
+ return;
+ }
+- if (alloc_pool_size < qatomic_read(&pool_batch_size)) {
+- QSLIST_INSERT_HEAD(&alloc_pool, co, pool_next);
+- alloc_pool_size++;
++ if (get_alloc_pool_size() < qatomic_read(&pool_batch_size)) {
++ QSLIST_INSERT_HEAD(get_ptr_alloc_pool(), co, pool_next);
++ set_alloc_pool_size(get_alloc_pool_size() + 1);
+ return;
+ }
+ }
diff --git a/debian/patches/extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch b/debian/patches/extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
new file mode 100644
index 0000000..9459471
--- /dev/null
+++ b/debian/patches/extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
@@ -0,0 +1,90 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Tue, 10 May 2022 17:10:19 +0200
+Subject: [PATCH] coroutine: Rename qemu_coroutine_inc/dec_pool_size()
+
+It's true that these functions currently affect the batch size in which
+coroutines are reused (i.e. moved from the global release pool to the
+allocation pool of a specific thread), but this is a bug and will be
+fixed in a separate patch.
+
+In fact, the comment in the header file already just promises that it
+influences the pool size, so reflect this in the name of the functions.
+As a nice side effect, the shorter function name makes some line
+wrapping unnecessary.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Message-Id: <20220510151020.105528-2-kwolf@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit 98e3ab35054b946f7c2aba5408822532b0920b53)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/block/virtio-blk.c | 6 ++----
+ include/qemu/coroutine.h | 6 +++---
+ util/qemu-coroutine.c | 4 ++--
+ 3 files changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
+index 540c38f829..6a1cc41877 100644
+--- a/hw/block/virtio-blk.c
++++ b/hw/block/virtio-blk.c
+@@ -1215,8 +1215,7 @@ static void virtio_blk_device_realize(DeviceState *dev, Error **errp)
+ for (i = 0; i < conf->num_queues; i++) {
+ virtio_add_queue(vdev, conf->queue_size, virtio_blk_handle_output);
+ }
+- qemu_coroutine_increase_pool_batch_size(conf->num_queues * conf->queue_size
+- / 2);
++ qemu_coroutine_inc_pool_size(conf->num_queues * conf->queue_size / 2);
+ virtio_blk_data_plane_create(vdev, conf, &s->dataplane, &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+@@ -1253,8 +1252,7 @@ static void virtio_blk_device_unrealize(DeviceState *dev)
+ for (i = 0; i < conf->num_queues; i++) {
+ virtio_del_queue(vdev, i);
+ }
+- qemu_coroutine_decrease_pool_batch_size(conf->num_queues * conf->queue_size
+- / 2);
++ qemu_coroutine_dec_pool_size(conf->num_queues * conf->queue_size / 2);
+ qemu_del_vm_change_state_handler(s->change);
+ blockdev_mark_auto_del(s->blk);
+ virtio_cleanup(vdev);
+diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
+index c828a95ee0..5b621d1295 100644
+--- a/include/qemu/coroutine.h
++++ b/include/qemu/coroutine.h
+@@ -334,12 +334,12 @@ void coroutine_fn yield_until_fd_readable(int fd);
+ /**
+ * Increase coroutine pool size
+ */
+-void qemu_coroutine_increase_pool_batch_size(unsigned int additional_pool_size);
++void qemu_coroutine_inc_pool_size(unsigned int additional_pool_size);
+
+ /**
+- * Devcrease coroutine pool size
++ * Decrease coroutine pool size
+ */
+-void qemu_coroutine_decrease_pool_batch_size(unsigned int additional_pool_size);
++void qemu_coroutine_dec_pool_size(unsigned int additional_pool_size);
+
+ #include "qemu/lockable.h"
+
+diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
+index f3e8300c8d..ea23929a74 100644
+--- a/util/qemu-coroutine.c
++++ b/util/qemu-coroutine.c
+@@ -212,12 +212,12 @@ AioContext *coroutine_fn qemu_coroutine_get_aio_context(Coroutine *co)
+ return co->ctx;
+ }
+
+-void qemu_coroutine_increase_pool_batch_size(unsigned int additional_pool_size)
++void qemu_coroutine_inc_pool_size(unsigned int additional_pool_size)
+ {
+ qatomic_add(&pool_batch_size, additional_pool_size);
+ }
+
+-void qemu_coroutine_decrease_pool_batch_size(unsigned int removing_pool_size)
++void qemu_coroutine_dec_pool_size(unsigned int removing_pool_size)
+ {
+ qatomic_sub(&pool_batch_size, removing_pool_size);
+ }
diff --git a/debian/patches/extra/0010-coroutine-Revert-to-constant-batch-size.patch b/debian/patches/extra/0010-coroutine-Revert-to-constant-batch-size.patch
new file mode 100644
index 0000000..711ffe0
--- /dev/null
+++ b/debian/patches/extra/0010-coroutine-Revert-to-constant-batch-size.patch
@@ -0,0 +1,121 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Tue, 10 May 2022 17:10:20 +0200
+Subject: [PATCH] coroutine: Revert to constant batch size
+
+Commit 4c41c69e changed the way the coroutine pool is sized because for
+virtio-blk devices with a large queue size and heavy I/O, it was just
+too small and caused coroutines to be deleted and reallocated soon
+afterwards. The change made the size dynamic based on the number of
+queues and the queue size of virtio-blk devices.
+
+There are two important numbers here: Slightly simplified, when a
+coroutine terminates, it is generally stored in the global release pool
+up to a certain pool size, and if the pool is full, it is freed.
+Conversely, when allocating a new coroutine, the coroutines in the
+release pool are reused if the pool already has reached a certain
+minimum size (the batch size), otherwise we allocate new coroutines.
+
+The problem after commit 4c41c69e is that it not only increases the
+maximum pool size (which is the intended effect), but also the batch
+size for reusing coroutines (which is a bug). It means that in cases
+with many devices and/or a large queue size (which defaults to the
+number of vcpus for virtio-blk-pci), many thousand coroutines could be
+sitting in the release pool without being reused.
+
+This is not only a waste of memory and allocations, but it actually
+makes the QEMU process likely to hit the vm.max_map_count limit on Linux
+because each coroutine requires two mappings (its stack and the guard
+page for the stack), causing it to abort() in qemu_alloc_stack() because
+when the limit is hit, mprotect() starts to fail with ENOMEM.
+
+In order to fix the problem, change the batch size back to 64 to avoid
+uselessly accumulating coroutines in the release pool, but keep the
+dynamic maximum pool size so that coroutines aren't freed too early
+in heavy I/O scenarios.
+
+Note that this fix doesn't strictly make it impossible to hit the limit,
+but this would only happen if most of the coroutines are actually in use
+at the same time, not just sitting in a pool. This is the same behaviour
+as we already had before commit 4c41c69e. Fully preventing this would
+require allowing qemu_coroutine_create() to return an error, but it
+doesn't seem to be a scenario that people hit in practice.
+
+Cc: qemu-stable@nongnu.org
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2079938
+Fixes: 4c41c69e05fe28c0f95f8abd2ebf407e95a4f04b
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Message-Id: <20220510151020.105528-3-kwolf@redhat.com>
+Tested-by: Hiroki Narukawa <hnarukaw@yahoo-corp.jp>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit 9ec7a59b5aad4b736871c378d30f5ef5ec51cb52)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ util/qemu-coroutine.c | 22 ++++++++++++++--------
+ 1 file changed, 14 insertions(+), 8 deletions(-)
+
+diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
+index ea23929a74..4a8bd63ef0 100644
+--- a/util/qemu-coroutine.c
++++ b/util/qemu-coroutine.c
+@@ -21,14 +21,20 @@
+ #include "qemu/coroutine-tls.h"
+ #include "block/aio.h"
+
+-/** Initial batch size is 64, and is increased on demand */
++/**
++ * The minimal batch size is always 64, coroutines from the release_pool are
++ * reused as soon as there are 64 coroutines in it. The maximum pool size starts
++ * with 64 and is increased on demand so that coroutines are not deleted even if
++ * they are not immediately reused.
++ */
+ enum {
+- POOL_INITIAL_BATCH_SIZE = 64,
++ POOL_MIN_BATCH_SIZE = 64,
++ POOL_INITIAL_MAX_SIZE = 64,
+ };
+
+ /** Free list to speed up creation */
+ static QSLIST_HEAD(, Coroutine) release_pool = QSLIST_HEAD_INITIALIZER(pool);
+-static unsigned int pool_batch_size = POOL_INITIAL_BATCH_SIZE;
++static unsigned int pool_max_size = POOL_INITIAL_MAX_SIZE;
+ static unsigned int release_pool_size;
+
+ typedef QSLIST_HEAD(, Coroutine) CoroutineQSList;
+@@ -57,7 +63,7 @@ Coroutine *qemu_coroutine_create(CoroutineEntry *entry, void *opaque)
+
+ co = QSLIST_FIRST(alloc_pool);
+ if (!co) {
+- if (release_pool_size > qatomic_read(&pool_batch_size)) {
++ if (release_pool_size > POOL_MIN_BATCH_SIZE) {
+ /* Slow path; a good place to register the destructor, too. */
+ Notifier *notifier = get_ptr_coroutine_pool_cleanup_notifier();
+ if (!notifier->notify) {
+@@ -95,12 +101,12 @@ static void coroutine_delete(Coroutine *co)
+ co->caller = NULL;
+
+ if (CONFIG_COROUTINE_POOL) {
+- if (release_pool_size < qatomic_read(&pool_batch_size) * 2) {
++ if (release_pool_size < qatomic_read(&pool_max_size) * 2) {
+ QSLIST_INSERT_HEAD_ATOMIC(&release_pool, co, pool_next);
+ qatomic_inc(&release_pool_size);
+ return;
+ }
+- if (get_alloc_pool_size() < qatomic_read(&pool_batch_size)) {
++ if (get_alloc_pool_size() < qatomic_read(&pool_max_size)) {
+ QSLIST_INSERT_HEAD(get_ptr_alloc_pool(), co, pool_next);
+ set_alloc_pool_size(get_alloc_pool_size() + 1);
+ return;
+@@ -214,10 +220,10 @@ AioContext *coroutine_fn qemu_coroutine_get_aio_context(Coroutine *co)
+
+ void qemu_coroutine_inc_pool_size(unsigned int additional_pool_size)
+ {
+- qatomic_add(&pool_batch_size, additional_pool_size);
++ qatomic_add(&pool_max_size, additional_pool_size);
+ }
+
+ void qemu_coroutine_dec_pool_size(unsigned int removing_pool_size)
+ {
+- qatomic_sub(&pool_batch_size, removing_pool_size);
++ qatomic_sub(&pool_max_size, removing_pool_size);
+ }
diff --git a/debian/patches/extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch b/debian/patches/extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch
new file mode 100644
index 0000000..cf535bb
--- /dev/null
+++ b/debian/patches/extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch
@@ -0,0 +1,117 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 29 Apr 2022 21:16:28 +0200
+Subject: [PATCH] target/i386: do not consult nonexistent host leaves
+
+When cache_info_passthrough is requested, QEMU passes the host values
+of the cache information CPUID leaves down to the guest. However,
+it blindly assumes that the CPUID leaf exists on the host, and this
+cannot be guaranteed: for example, KVM has recently started to
+synthesize AMD leaves up to 0x80000021 in order to provide accurate
+CPU bug information to guests.
+
+Querying a nonexistent host leaf fills the output arguments of
+host_cpuid with data that (albeit deterministic) is nonsensical
+as cache information, namely the data in the highest Intel CPUID
+leaf. If said highest leaf is not ECX-dependent, this can even
+cause an infinite loop when kvm_arch_init_vcpu prepares the input
+to KVM_SET_CPUID2. The infinite loop is only terminated by an
+abort() when the array gets full.
+
+Reported-by: Maxim Levitsky <mlevitsk@redhat.com>
+Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry-picked from commit 798d8ec0dacd4cc0034298d94f430c14f23e2919)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ target/i386/cpu.c | 41 ++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 36 insertions(+), 5 deletions(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 6e6945139b..c79e151887 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -5030,6 +5030,37 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
+ return r;
+ }
+
++static void x86_cpu_get_cache_cpuid(uint32_t func, uint32_t index,
++ uint32_t *eax, uint32_t *ebx,
++ uint32_t *ecx, uint32_t *edx)
++{
++ uint32_t level, unused;
++
++ /* Only return valid host leaves. */
++ switch (func) {
++ case 2:
++ case 4:
++ host_cpuid(0, 0, &level, &unused, &unused, &unused);
++ break;
++ case 0x80000005:
++ case 0x80000006:
++ case 0x8000001d:
++ host_cpuid(0x80000000, 0, &level, &unused, &unused, &unused);
++ break;
++ default:
++ return;
++ }
++
++ if (func > level) {
++ *eax = 0;
++ *ebx = 0;
++ *ecx = 0;
++ *edx = 0;
++ } else {
++ host_cpuid(func, index, eax, ebx, ecx, edx);
++ }
++}
++
+ /*
+ * Only for builtin_x86_defs models initialized with x86_register_cpudef_types.
+ */
+@@ -5288,7 +5319,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ case 2:
+ /* cache info: needed for Pentium Pro compatibility */
+ if (cpu->cache_info_passthrough) {
+- host_cpuid(index, 0, eax, ebx, ecx, edx);
++ x86_cpu_get_cache_cpuid(index, 0, eax, ebx, ecx, edx);
+ break;
+ } else if (cpu->vendor_cpuid_only && IS_AMD_CPU(env)) {
+ *eax = *ebx = *ecx = *edx = 0;
+@@ -5308,7 +5339,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ case 4:
+ /* cache info: needed for Core compatibility */
+ if (cpu->cache_info_passthrough) {
+- host_cpuid(index, count, eax, ebx, ecx, edx);
++ x86_cpu_get_cache_cpuid(index, count, eax, ebx, ecx, edx);
+ /* QEMU gives out its own APIC IDs, never pass down bits 31..26. */
+ *eax &= ~0xFC000000;
+ if ((*eax & 31) && cs->nr_cores > 1) {
+@@ -5710,7 +5741,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ case 0x80000005:
+ /* cache info (L1 cache) */
+ if (cpu->cache_info_passthrough) {
+- host_cpuid(index, 0, eax, ebx, ecx, edx);
++ x86_cpu_get_cache_cpuid(index, 0, eax, ebx, ecx, edx);
+ break;
+ }
+ *eax = (L1_DTLB_2M_ASSOC << 24) | (L1_DTLB_2M_ENTRIES << 16) |
+@@ -5723,7 +5754,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ case 0x80000006:
+ /* cache info (L2 cache) */
+ if (cpu->cache_info_passthrough) {
+- host_cpuid(index, 0, eax, ebx, ecx, edx);
++ x86_cpu_get_cache_cpuid(index, 0, eax, ebx, ecx, edx);
+ break;
+ }
+ *eax = (AMD_ENC_ASSOC(L2_DTLB_2M_ASSOC) << 28) |
+@@ -5783,7 +5814,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ case 0x8000001D:
+ *eax = 0;
+ if (cpu->cache_info_passthrough) {
+- host_cpuid(index, count, eax, ebx, ecx, edx);
++ x86_cpu_get_cache_cpuid(index, count, eax, ebx, ecx, edx);
+ break;
+ }
+ switch (count) {
diff --git a/debian/patches/extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch b/debian/patches/extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
new file mode 100644
index 0000000..92a57cf
--- /dev/null
+++ b/debian/patches/extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
@@ -0,0 +1,108 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Wed, 27 Apr 2022 15:35:36 +0100
+Subject: [PATCH] virtio-scsi: fix ctrl and event handler functions in
+ dataplane mode
+
+Commit f34e8d8b8d48d73f36a67b6d5e492ef9784b5012 ("virtio-scsi: prepare
+virtio_scsi_handle_cmd for dataplane") prepared the virtio-scsi cmd
+virtqueue handler function to be used in both the dataplane and
+non-datpalane code paths.
+
+It failed to convert the ctrl and event virtqueue handler functions,
+which are not designed to be called from the dataplane code path but
+will be since the ioeventfd is set up for those virtqueues when
+dataplane starts.
+
+Convert the ctrl and event virtqueue handler functions now so they
+operate correctly when called from the dataplane code path. Avoid code
+duplication by extracting this code into a helper function.
+
+Fixes: f34e8d8b8d48d73f36a67b6d5e492ef9784b5012 ("virtio-scsi: prepare virtio_scsi_handle_cmd for dataplane")
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-id: 20220427143541.119567-2-stefanha@redhat.com
+[Fixed s/by used/be used/ typo pointed out by Michael Tokarev
+<mjt@tls.msk.ru>.
+--Stefan]
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry-picked from commit 2f743ef6366c2df4ef51ef3ae318138cdc0125ab)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/scsi/virtio-scsi.c | 42 +++++++++++++++++++++++++++---------------
+ 1 file changed, 27 insertions(+), 15 deletions(-)
+
+diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
+index 34a968ecfb..417fbc71d6 100644
+--- a/hw/scsi/virtio-scsi.c
++++ b/hw/scsi/virtio-scsi.c
+@@ -472,16 +472,32 @@ bool virtio_scsi_handle_ctrl_vq(VirtIOSCSI *s, VirtQueue *vq)
+ return progress;
+ }
+
++/*
++ * If dataplane is configured but not yet started, do so now and return true on
++ * success.
++ *
++ * Dataplane is started by the core virtio code but virtqueue handler functions
++ * can also be invoked when a guest kicks before DRIVER_OK, so this helper
++ * function helps us deal with manually starting ioeventfd in that case.
++ */
++static bool virtio_scsi_defer_to_dataplane(VirtIOSCSI *s)
++{
++ if (!s->ctx || s->dataplane_started) {
++ return false;
++ }
++
++ virtio_device_start_ioeventfd(&s->parent_obj.parent_obj);
++ return !s->dataplane_fenced;
++}
++
+ static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
+ {
+ VirtIOSCSI *s = (VirtIOSCSI *)vdev;
+
+- if (s->ctx) {
+- virtio_device_start_ioeventfd(vdev);
+- if (!s->dataplane_fenced) {
+- return;
+- }
++ if (virtio_scsi_defer_to_dataplane(s)) {
++ return;
+ }
++
+ virtio_scsi_acquire(s);
+ virtio_scsi_handle_ctrl_vq(s, vq);
+ virtio_scsi_release(s);
+@@ -720,12 +736,10 @@ static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq)
+ /* use non-QOM casts in the data path */
+ VirtIOSCSI *s = (VirtIOSCSI *)vdev;
+
+- if (s->ctx && !s->dataplane_started) {
+- virtio_device_start_ioeventfd(vdev);
+- if (!s->dataplane_fenced) {
+- return;
+- }
++ if (virtio_scsi_defer_to_dataplane(s)) {
++ return;
+ }
++
+ virtio_scsi_acquire(s);
+ virtio_scsi_handle_cmd_vq(s, vq);
+ virtio_scsi_release(s);
+@@ -855,12 +869,10 @@ static void virtio_scsi_handle_event(VirtIODevice *vdev, VirtQueue *vq)
+ {
+ VirtIOSCSI *s = VIRTIO_SCSI(vdev);
+
+- if (s->ctx) {
+- virtio_device_start_ioeventfd(vdev);
+- if (!s->dataplane_fenced) {
+- return;
+- }
++ if (virtio_scsi_defer_to_dataplane(s)) {
++ return;
+ }
++
+ virtio_scsi_acquire(s);
+ virtio_scsi_handle_event_vq(s, vq);
+ virtio_scsi_release(s);
diff --git a/debian/patches/extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch b/debian/patches/extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
new file mode 100644
index 0000000..238d456
--- /dev/null
+++ b/debian/patches/extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
@@ -0,0 +1,91 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Wed, 27 Apr 2022 15:35:37 +0100
+Subject: [PATCH] virtio-scsi: don't waste CPU polling the event virtqueue
+
+The virtio-scsi event virtqueue is not emptied by its handler function.
+This is typical for rx virtqueues where the device uses buffers when
+some event occurs (e.g. a packet is received, an error condition
+happens, etc).
+
+Polling non-empty virtqueues wastes CPU cycles. We are not waiting for
+new buffers to become available, we are waiting for an event to occur,
+so it's a misuse of CPU resources to poll for buffers.
+
+Introduce the new virtio_queue_aio_attach_host_notifier_no_poll() API,
+which is identical to virtio_queue_aio_attach_host_notifier() except
+that it does not poll the virtqueue.
+
+Before this patch the following command-line consumed 100% CPU in the
+IOThread polling and calling virtio_scsi_handle_event():
+
+ $ qemu-system-x86_64 -M accel=kvm -m 1G -cpu host \
+ --object iothread,id=iothread0 \
+ --device virtio-scsi-pci,iothread=iothread0 \
+ --blockdev file,filename=test.img,aio=native,cache.direct=on,node-name=drive0 \
+ --device scsi-hd,drive=drive0
+
+After this patch CPU is no longer wasted.
+
+Reported-by: Nir Soffer <nsoffer@redhat.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Tested-by: Nir Soffer <nsoffer@redhat.com>
+Message-id: 20220427143541.119567-3-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(cherry-picked from commit 38738f7dbbda90fbc161757b7f4be35b52205552)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/scsi/virtio-scsi-dataplane.c | 2 +-
+ hw/virtio/virtio.c | 13 +++++++++++++
+ include/hw/virtio/virtio.h | 1 +
+ 3 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/hw/scsi/virtio-scsi-dataplane.c b/hw/scsi/virtio-scsi-dataplane.c
+index 29575cbaf6..8bb6e6acfc 100644
+--- a/hw/scsi/virtio-scsi-dataplane.c
++++ b/hw/scsi/virtio-scsi-dataplane.c
+@@ -138,7 +138,7 @@ int virtio_scsi_dataplane_start(VirtIODevice *vdev)
+
+ aio_context_acquire(s->ctx);
+ virtio_queue_aio_attach_host_notifier(vs->ctrl_vq, s->ctx);
+- virtio_queue_aio_attach_host_notifier(vs->event_vq, s->ctx);
++ virtio_queue_aio_attach_host_notifier_no_poll(vs->event_vq, s->ctx);
+
+ for (i = 0; i < vs->conf.num_queues; i++) {
+ virtio_queue_aio_attach_host_notifier(vs->cmd_vqs[i], s->ctx);
+diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
+index 9d637e043e..67a873f54a 100644
+--- a/hw/virtio/virtio.c
++++ b/hw/virtio/virtio.c
+@@ -3534,6 +3534,19 @@ void virtio_queue_aio_attach_host_notifier(VirtQueue *vq, AioContext *ctx)
+ virtio_queue_host_notifier_aio_poll_end);
+ }
+
++/*
++ * Same as virtio_queue_aio_attach_host_notifier() but without polling. Use
++ * this for rx virtqueues and similar cases where the virtqueue handler
++ * function does not pop all elements. When the virtqueue is left non-empty
++ * polling consumes CPU cycles and should not be used.
++ */
++void virtio_queue_aio_attach_host_notifier_no_poll(VirtQueue *vq, AioContext *ctx)
++{
++ aio_set_event_notifier(ctx, &vq->host_notifier, true,
++ virtio_queue_host_notifier_read,
++ NULL, NULL);
++}
++
+ void virtio_queue_aio_detach_host_notifier(VirtQueue *vq, AioContext *ctx)
+ {
+ aio_set_event_notifier(ctx, &vq->host_notifier, true, NULL, NULL, NULL);
+diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
+index b31c4507f5..b62a35fdca 100644
+--- a/include/hw/virtio/virtio.h
++++ b/include/hw/virtio/virtio.h
+@@ -317,6 +317,7 @@ EventNotifier *virtio_queue_get_host_notifier(VirtQueue *vq);
+ void virtio_queue_set_host_notifier_enabled(VirtQueue *vq, bool enabled);
+ void virtio_queue_host_notifier_read(EventNotifier *n);
+ void virtio_queue_aio_attach_host_notifier(VirtQueue *vq, AioContext *ctx);
++void virtio_queue_aio_attach_host_notifier_no_poll(VirtQueue *vq, AioContext *ctx);
+ void virtio_queue_aio_detach_host_notifier(VirtQueue *vq, AioContext *ctx);
+ VirtQueue *virtio_vector_first_queue(VirtIODevice *vdev, uint16_t vector);
+ VirtQueue *virtio_vector_next_queue(VirtQueue *vq);
diff --git a/debian/patches/extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch b/debian/patches/extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
new file mode 100644
index 0000000..2f52fd3
--- /dev/null
+++ b/debian/patches/extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
@@ -0,0 +1,102 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 12 May 2022 19:57:42 +0200
+Subject: [PATCH] vhost: Track descriptor chain in private at SVQ
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The device could have access to modify them, and it definitely have
+access when we implement packed vq. Harden SVQ maintaining a private
+copy of the descriptor chain. Other fields like buffer addresses are
+already maintained sepparatedly.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Message-Id: <20220512175747.142058-2-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry-picked from commit 495fe3a78749c39c0e772c4e1a55d6cb8a7e5292)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 12 +++++++-----
+ hw/virtio/vhost-shadow-virtqueue.h | 6 ++++++
+ 2 files changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index b232803d1b..3155801f50 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -138,6 +138,7 @@ static void vhost_vring_write_descs(VhostShadowVirtqueue *svq, hwaddr *sg,
+ for (n = 0; n < num; n++) {
+ if (more_descs || (n + 1 < num)) {
+ descs[i].flags = flags | cpu_to_le16(VRING_DESC_F_NEXT);
++ descs[i].next = cpu_to_le16(svq->desc_next[i]);
+ } else {
+ descs[i].flags = flags;
+ }
+@@ -145,10 +146,10 @@ static void vhost_vring_write_descs(VhostShadowVirtqueue *svq, hwaddr *sg,
+ descs[i].len = cpu_to_le32(iovec[n].iov_len);
+
+ last = i;
+- i = cpu_to_le16(descs[i].next);
++ i = cpu_to_le16(svq->desc_next[i]);
+ }
+
+- svq->free_head = le16_to_cpu(descs[last].next);
++ svq->free_head = le16_to_cpu(svq->desc_next[last]);
+ }
+
+ static bool vhost_svq_add_split(VhostShadowVirtqueue *svq,
+@@ -336,7 +337,6 @@ static void vhost_svq_disable_notification(VhostShadowVirtqueue *svq)
+ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ uint32_t *len)
+ {
+- vring_desc_t *descs = svq->vring.desc;
+ const vring_used_t *used = svq->vring.used;
+ vring_used_elem_t used_elem;
+ uint16_t last_used;
+@@ -365,7 +365,7 @@ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ return NULL;
+ }
+
+- descs[used_elem.id].next = svq->free_head;
++ svq->desc_next[used_elem.id] = svq->free_head;
+ svq->free_head = used_elem.id;
+
+ *len = used_elem.len;
+@@ -540,8 +540,9 @@ void vhost_svq_start(VhostShadowVirtqueue *svq, VirtIODevice *vdev,
+ svq->vring.used = qemu_memalign(qemu_real_host_page_size, device_size);
+ memset(svq->vring.used, 0, device_size);
+ svq->ring_id_maps = g_new0(VirtQueueElement *, svq->vring.num);
++ svq->desc_next = g_new0(uint16_t, svq->vring.num);
+ for (unsigned i = 0; i < svq->vring.num - 1; i++) {
+- svq->vring.desc[i].next = cpu_to_le16(i + 1);
++ svq->desc_next[i] = cpu_to_le16(i + 1);
+ }
+ }
+
+@@ -574,6 +575,7 @@ void vhost_svq_stop(VhostShadowVirtqueue *svq)
+ virtqueue_detach_element(svq->vq, next_avail_elem, 0);
+ }
+ svq->vq = NULL;
++ g_free(svq->desc_next);
+ g_free(svq->ring_id_maps);
+ qemu_vfree(svq->vring.desc);
+ qemu_vfree(svq->vring.used);
+diff --git a/hw/virtio/vhost-shadow-virtqueue.h b/hw/virtio/vhost-shadow-virtqueue.h
+index e5e24c536d..c132c994e9 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.h
++++ b/hw/virtio/vhost-shadow-virtqueue.h
+@@ -53,6 +53,12 @@ typedef struct VhostShadowVirtqueue {
+ /* Next VirtQueue element that guest made available */
+ VirtQueueElement *next_guest_avail_elem;
+
++ /*
++ * Backup next field for each descriptor so we can recover securely, not
++ * needing to trust the device access.
++ */
++ uint16_t *desc_next;
++
+ /* Next head to expose to the device */
+ uint16_t shadow_avail_idx;
+
diff --git a/debian/patches/extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch b/debian/patches/extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch
new file mode 100644
index 0000000..497bcec
--- /dev/null
+++ b/debian/patches/extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch
@@ -0,0 +1,62 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 12 May 2022 19:57:43 +0200
+Subject: [PATCH] vhost: Fix device's used descriptor dequeue
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Only the first one of them were properly enqueued back.
+
+Fixes: 100890f7ca ("vhost: Shadow virtqueue buffers forwarding")
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Message-Id: <20220512175747.142058-3-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry-picked from commit 81abfa5724c9a6502d7a1d3a67c55f2a303a1170)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 3155801f50..31fc50907d 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -334,12 +334,22 @@ static void vhost_svq_disable_notification(VhostShadowVirtqueue *svq)
+ svq->vring.avail->flags |= cpu_to_le16(VRING_AVAIL_F_NO_INTERRUPT);
+ }
+
++static uint16_t vhost_svq_last_desc_of_chain(const VhostShadowVirtqueue *svq,
++ uint16_t num, uint16_t i)
++{
++ for (uint16_t j = 0; j < (num - 1); ++j) {
++ i = le16_to_cpu(svq->desc_next[i]);
++ }
++
++ return i;
++}
++
+ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ uint32_t *len)
+ {
+ const vring_used_t *used = svq->vring.used;
+ vring_used_elem_t used_elem;
+- uint16_t last_used;
++ uint16_t last_used, last_used_chain, num;
+
+ if (!vhost_svq_more_used(svq)) {
+ return NULL;
+@@ -365,7 +375,10 @@ static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq,
+ return NULL;
+ }
+
+- svq->desc_next[used_elem.id] = svq->free_head;
++ num = svq->ring_id_maps[used_elem.id]->in_num +
++ svq->ring_id_maps[used_elem.id]->out_num;
++ last_used_chain = vhost_svq_last_desc_of_chain(svq, num, used_elem.id);
++ svq->desc_next[last_used_chain] = svq->free_head;
+ svq->free_head = used_elem.id;
+
+ *len = used_elem.len;
diff --git a/debian/patches/extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch b/debian/patches/extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
new file mode 100644
index 0000000..6f33164
--- /dev/null
+++ b/debian/patches/extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
@@ -0,0 +1,39 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 12 May 2022 19:57:44 +0200
+Subject: [PATCH] vdpa: Fix bad index calculus at vhost_vdpa_get_vring_base
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes: 6d0b222666 ("vdpa: Adapt vhost_vdpa_get_vring_base to SVQ")
+
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Message-Id: <20220512175747.142058-4-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry-picked from commit 639036477ef890958415967e753ca2cbb348c16c)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/virtio/vhost-vdpa.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 8adf7c0b92..8555a84f87 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -1170,11 +1170,11 @@ static int vhost_vdpa_get_vring_base(struct vhost_dev *dev,
+ struct vhost_vring_state *ring)
+ {
+ struct vhost_vdpa *v = dev->opaque;
++ int vdpa_idx = ring->index - dev->vq_index;
+ int ret;
+
+ if (v->shadow_vqs_enabled) {
+- VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs,
+- ring->index);
++ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, vdpa_idx);
+
+ /*
+ * Setting base as last used idx, so destination will see as available
diff --git a/debian/patches/extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch b/debian/patches/extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
new file mode 100644
index 0000000..8c74f0c
--- /dev/null
+++ b/debian/patches/extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 12 May 2022 19:57:45 +0200
+Subject: [PATCH] vdpa: Fix index calculus at vhost_vdpa_svqs_start
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+With the introduction of MQ the index of the vq needs to be calculated
+with the device model vq_index.
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Message-Id: <20220512175747.142058-5-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry-picked from commit 1c82fdfef8a227518ffecae9d419bcada995c202)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/virtio/vhost-vdpa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
+index 8555a84f87..aa43cfa7d9 100644
+--- a/hw/virtio/vhost-vdpa.c
++++ b/hw/virtio/vhost-vdpa.c
+@@ -1016,7 +1016,7 @@ static bool vhost_vdpa_svqs_start(struct vhost_dev *dev)
+ VirtQueue *vq = virtio_get_queue(dev->vdev, dev->vq_index + i);
+ VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, i);
+ struct vhost_vring_addr addr = {
+- .index = i,
++ .index = dev->vq_index + i,
+ };
+ int r;
+ bool ok = vhost_vdpa_svq_setup(dev, svq, i, &err);
diff --git a/debian/patches/extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch b/debian/patches/extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
new file mode 100644
index 0000000..12ea0ad
--- /dev/null
+++ b/debian/patches/extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
@@ -0,0 +1,74 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 12 May 2022 19:57:46 +0200
+Subject: [PATCH] hw/virtio: Replace g_memdup() by g_memdup2()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Per https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538
+
+ The old API took the size of the memory to duplicate as a guint,
+ whereas most memory functions take memory sizes as a gsize. This
+ made it easy to accidentally pass a gsize to g_memdup(). For large
+ values, that would lead to a silent truncation of the size from 64
+ to 32 bits, and result in a heap area being returned which is
+ significantly smaller than what the caller expects. This can likely
+ be exploited in various modules to cause a heap buffer overflow.
+
+Replace g_memdup() by the safer g_memdup2() wrapper.
+
+Acked-by: Jason Wang <jasowang@redhat.com>
+Acked-by: Eugenio Pérez <eperezma@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-Id: <20220512175747.142058-6-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry-picked from commit d792199de55ca5cb5334016884039c740290b5c7)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/net/virtio-net.c | 3 ++-
+ hw/virtio/virtio-crypto.c | 6 +++---
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index 1067e72b39..e4748a7e6c 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -1443,7 +1443,8 @@ static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
+ }
+
+ iov_cnt = elem->out_num;
+- iov2 = iov = g_memdup(elem->out_sg, sizeof(struct iovec) * elem->out_num);
++ iov2 = iov = g_memdup2(elem->out_sg,
++ sizeof(struct iovec) * elem->out_num);
+ s = iov_to_buf(iov, iov_cnt, 0, &ctrl, sizeof(ctrl));
+ iov_discard_front(&iov, &iov_cnt, sizeof(ctrl));
+ if (s != sizeof(ctrl)) {
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index dcd80b904d..0e31e3cc04 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -242,7 +242,7 @@ static void virtio_crypto_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
+ }
+
+ out_num = elem->out_num;
+- out_iov_copy = g_memdup(elem->out_sg, sizeof(out_iov[0]) * out_num);
++ out_iov_copy = g_memdup2(elem->out_sg, sizeof(out_iov[0]) * out_num);
+ out_iov = out_iov_copy;
+
+ in_num = elem->in_num;
+@@ -605,11 +605,11 @@ virtio_crypto_handle_request(VirtIOCryptoReq *request)
+ }
+
+ out_num = elem->out_num;
+- out_iov_copy = g_memdup(elem->out_sg, sizeof(out_iov[0]) * out_num);
++ out_iov_copy = g_memdup2(elem->out_sg, sizeof(out_iov[0]) * out_num);
+ out_iov = out_iov_copy;
+
+ in_num = elem->in_num;
+- in_iov_copy = g_memdup(elem->in_sg, sizeof(in_iov[0]) * in_num);
++ in_iov_copy = g_memdup2(elem->in_sg, sizeof(in_iov[0]) * in_num);
+ in_iov = in_iov_copy;
+
+ if (unlikely(iov_to_buf(out_iov, out_num, 0, &req, sizeof(req))
diff --git a/debian/patches/extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch b/debian/patches/extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch
new file mode 100644
index 0000000..daa5bca
--- /dev/null
+++ b/debian/patches/extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch
@@ -0,0 +1,47 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Eugenio=20P=C3=A9rez?= <eperezma@redhat.com>
+Date: Thu, 12 May 2022 19:57:47 +0200
+Subject: [PATCH] vhost: Fix element in vhost_svq_add failure
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Coverity rightly reports that is not free in that case.
+
+Fixes: Coverity CID 1487559
+Fixes: 100890f7ca ("vhost: Shadow virtqueue buffers forwarding")
+
+Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
+Message-Id: <20220512175747.142058-7-eperezma@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+(cherry-picked from commit 5181db132b587754dda3a520eec923b87a65bbb7)
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ hw/virtio/vhost-shadow-virtqueue.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/virtio/vhost-shadow-virtqueue.c b/hw/virtio/vhost-shadow-virtqueue.c
+index 31fc50907d..06d0bb39d9 100644
+--- a/hw/virtio/vhost-shadow-virtqueue.c
++++ b/hw/virtio/vhost-shadow-virtqueue.c
+@@ -199,11 +199,19 @@ static bool vhost_svq_add_split(VhostShadowVirtqueue *svq,
+ return true;
+ }
+
++/**
++ * Add an element to a SVQ.
++ *
++ * The caller must check that there is enough slots for the new element. It
++ * takes ownership of the element: In case of failure, it is free and the SVQ
++ * is considered broken.
++ */
+ static bool vhost_svq_add(VhostShadowVirtqueue *svq, VirtQueueElement *elem)
+ {
+ unsigned qemu_head;
+ bool ok = vhost_svq_add_split(svq, elem, &qemu_head);
+ if (unlikely(!ok)) {
++ g_free(elem);
+ return false;
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index 6fa7ca8..3850a52 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,22 @@
extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
-extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
+extra/0002-block-gluster-correctly-set-max_pdiscard.patch
+extra/0003-block-vmdk-Fix-reopening-bs-file.patch
+extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
+extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch
+extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch
+extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
+extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
+extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
+extra/0010-coroutine-Revert-to-constant-batch-size.patch
+extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch
+extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
+extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
+extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
+extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch
+extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
+extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
+extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
+extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
--
2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] applied-series: [PATCH-SERIES qemu] update to 7.0.0
2022-06-27 11:05 [pve-devel] [PATCH-SERIES qemu] update to 7.0.0 Fabian Ebner
` (3 preceding siblings ...)
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 4/4] cherry-pick upstream fixes for 7.0.0 Fabian Ebner
@ 2022-06-30 11:16 ` Wolfgang Bumiller
4 siblings, 0 replies; 6+ messages in thread
From: Wolfgang Bumiller @ 2022-06-30 11:16 UTC (permalink / raw)
To: Fabian Ebner; +Cc: pve-devel
applied & bumped, thanks
On Mon, Jun 27, 2022 at 01:05:39PM +0200, Fabian Ebner wrote:
> Clean rebase and didn't run into any obvious issues when testing (I
> did when testing the release candidates, but those issues got
> addressed before the release :)). Still, more testing is always
> appreciated!
>
> Fabian Ebner (4):
> update submodule and patches to 7.0.0
> d/rules: drop outdated configure flags
> d/rules: adapt to changed opensbi riscv filenames in 7.0.0
> cherry-pick upstream fixes for 7.0.0
>
> ...d-support-for-sync-bitmap-mode-never.patch | 90 ++--
> ...-support-for-conditional-and-always-.patch | 14 +-
> ...check-for-bitmap-mode-without-bitmap.patch | 4 +-
> ...-to-bdrv_dirty_bitmap_merge_internal.patch | 6 +-
> .../0006-mirror-move-some-checks-to-qmp.patch | 8 +-
> ...race-with-clients-disconnecting-earl.patch | 12 +-
> ...k-gluster-correctly-set-max_pdiscard.patch | 47 ++
> ...support-for-flag-argument-with-value.patch | 55 --
> ...003-block-vmdk-Fix-reopening-bs-file.patch | 129 +++++
> ...-set-expire_password-and-allow-VNC-d.patch | 477 ------------------
> ...balanced-plugged-counter-in-laio_io_.patch | 44 ++
> ...erflow-in-snprintf-string-formatting.patch | 100 ++++
> ...Update-BSC-only-if-want_zero-is-true.patch | 43 --
> ...Fix-disabling-MPX-on-cpu-host-with-M.patch | 48 ++
> ...lete-reconnect-delay-timer-when-done.patch | 40 --
> ...ontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch | 121 +++++
> ...sert-there-are-no-timers-when-closed.patch | 34 --
> ...outine-use-QEMU_DEFINE_STATIC_CO_TLS.patch | 123 +++++
> ...-nbd-Move-s-ioc-on-AioContext-change.patch | 90 ----
> ...ame-qemu_coroutine_inc-dec_pool_size.patch | 90 ++++
> ...U-crash-when-started-with-SLIC-table.patch | 89 ----
> ...outine-Revert-to-constant-batch-size.patch | 121 +++++
> ...-not-consult-nonexistent-host-leaves.patch | 117 +++++
> ...-map-leaking-on-error-during-receive.patch | 38 --
> ...rrect-calls-of-log_global_start-stop.patch | 86 ----
> ...ctrl-and-event-handler-functions-in-.patch | 108 ++++
> ...acpi-fix-OEM-ID-OEM-Table-ID-padding.patch | 59 ---
> ...t-waste-CPU-polling-the-event-virtqu.patch | 91 ++++
> ...k-descriptor-chain-in-private-at-SVQ.patch | 102 ++++
> ...ch-the-virqueue-element-in-case-of-e.patch | 55 --
> ...Fix-device-s-used-descriptor-dequeue.patch | 62 +++
> ...t-user-remove-VirtQ-notifier-restore.patch | 98 ----
> ...ex-calculus-at-vhost_vdpa_get_vring_.patch | 39 ++
> ...host-user-fix-VirtQ-notifier-cleanup.patch | 149 ------
> ...ex-calculus-at-vhost_vdpa_svqs_start.patch | 35 ++
> ...ondition-for-iommu_platform-not-supp.patch | 101 ----
> ...rrectly-set-max_pdiscard-which-is-in.patch | 38 --
> ...virtio-Replace-g_memdup-by-g_memdup2.patch | 74 +++
> .../0019-ui-vnc.c-Fixed-a-deadlock-bug.patch | 72 ---
> ...Fix-element-in-vhost_svq_add-failure.patch | 47 ++
> ...er-fix-race-condition-in-qxl_cursor-.patch | 37 --
> ...teger-overflow-in-cursor_alloc-CVE-2.patch | 83 ---
> ...k-file-change-locking-default-to-off.patch | 6 +-
> ...he-CPU-model-to-kvm64-32-instead-of-.patch | 4 +-
> ...ui-spice-default-to-pve-certificates.patch | 2 +-
> ...lock-rbd-disable-rbd_cache_writethro.patch | 2 +-
> .../0007-PVE-Up-qmp-add-get_link_status.patch | 6 +-
> ...return-success-on-info-without-snaps.patch | 4 +-
> ...dd-add-osize-and-read-from-to-stdin-.patch | 16 +-
> ...E-Up-qemu-img-dd-add-isize-parameter.patch | 12 +-
> ...PVE-Up-qemu-img-dd-add-n-skip_create.patch | 14 +-
> ...virtio-balloon-improve-query-balloon.patch | 10 +-
> .../0014-PVE-qapi-modify-query-machines.patch | 6 +-
> .../0015-PVE-qapi-modify-spice-query.patch | 6 +-
> ...async-for-background-state-snapshots.patch | 30 +-
> ...add-optional-buffer-size-to-QEMUFile.patch | 28 +-
> ...add-the-zeroinit-block-driver-filter.patch | 4 +-
> ...-Add-dummy-id-command-line-parameter.patch | 10 +-
> ...le-posix-make-locking-optiono-on-cre.patch | 18 +-
> ...sed-balloon-qemu-4-0-config-size-fal.patch | 4 +-
> ...E-Allow-version-code-in-machine-type.patch | 18 +-
> ...e-bcs-bitmap-initialization-to-job-c.patch | 4 +-
> ...VE-Backup-add-vma-backup-format-code.patch | 32 +-
> ...-Backup-add-backup-dump-block-driver.patch | 28 +-
> ...ckup-proxmox-backup-patches-for-qemu.patch | 42 +-
> ...estore-new-command-to-restore-from-p.patch | 4 +-
> ...irty-bitmap-tracking-for-incremental.patch | 6 +-
> .../pve/0031-PVE-various-PBS-fixes.patch | 4 +-
> ...k-driver-to-map-backup-archives-into.patch | 54 +-
> ...dd-query_proxmox_support-QMP-command.patch | 2 +-
> ...E-add-query-pbs-bitmap-info-QMP-call.patch | 4 +-
> ...ct-stderr-to-journal-when-daemonized.patch | 8 +-
> ...d-sequential-job-transaction-support.patch | 10 +-
> ...-block-on-finishing-and-cleanup-crea.patch | 2 +-
> ...igrate-dirty-bitmap-state-via-savevm.patch | 8 +-
> ...all-back-to-open-iscsi-initiatorname.patch | 2 +-
> ...routine-QMP-for-backup-cancel_backup.patch | 6 +-
> .../pve/0043-PBS-add-master-key-support.patch | 4 +-
> ...PVE-block-stream-increase-chunk-size.patch | 2 +-
> ...accept-NULL-qiov-in-bdrv_pad_request.patch | 4 +-
> .../0047-block-add-alloc-track-driver.patch | 2 +-
> ...valid-QAPI-names-for-backwards-compa.patch | 6 +-
> ...-add-l-option-for-loading-a-snapshot.patch | 18 +-
> .../pve/0051-vma-allow-partial-restore.patch | 14 +-
> .../pve/0052-pbs-namespace-support.patch | 6 +-
> ...-rbd-workaround-for-ceph-issue-53784.patch | 80 +++
> ...-fix-handling-of-holes-in-.bdrv_co_b.patch | 35 ++
> ...-rbd-implement-bdrv_co_block_status.patch} | 6 +-
> ...-jobs-correctly-cancel-in-error-sce.patch} | 0
> ...sure-jobs-in-di_list-are-referenced.patch} | 0
> ...-segfault-issues-upon-backup-cancel.patch} | 0
> ...upport-64KiB-unaligned-input-images.patch} | 6 +-
> ...-triggering-assertion-in-error-case.patch} | 4 +-
> ...k-alloc-track-avoid-premature-break.patch} | 0
> debian/patches/series | 52 +-
> debian/rules | 6 +-
> qemu | 2 +-
> 97 files changed, 1949 insertions(+), 1990 deletions(-)
> create mode 100644 debian/patches/extra/0002-block-gluster-correctly-set-max_pdiscard.patch
> delete mode 100644 debian/patches/extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch
> create mode 100644 debian/patches/extra/0003-block-vmdk-Fix-reopening-bs-file.patch
> delete mode 100644 debian/patches/extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
> create mode 100644 debian/patches/extra/0004-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch
> create mode 100644 debian/patches/extra/0005-pci-fix-overflow-in-snprintf-string-formatting.patch
> delete mode 100644 debian/patches/extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch
> create mode 100644 debian/patches/extra/0006-target-i386-kvm-Fix-disabling-MPX-on-cpu-host-with-M.patch
> delete mode 100644 debian/patches/extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch
> create mode 100644 debian/patches/extra/0007-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch
> delete mode 100644 debian/patches/extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch
> create mode 100644 debian/patches/extra/0008-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
> delete mode 100644 debian/patches/extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch
> create mode 100644 debian/patches/extra/0009-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch
> delete mode 100644 debian/patches/extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
> create mode 100644 debian/patches/extra/0010-coroutine-Revert-to-constant-batch-size.patch
> create mode 100644 debian/patches/extra/0011-target-i386-do-not-consult-nonexistent-host-leaves.patch
> delete mode 100644 debian/patches/extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch
> delete mode 100644 debian/patches/extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
> create mode 100644 debian/patches/extra/0012-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch
> delete mode 100644 debian/patches/extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
> create mode 100644 debian/patches/extra/0013-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch
> create mode 100644 debian/patches/extra/0014-vhost-Track-descriptor-chain-in-private-at-SVQ.patch
> delete mode 100644 debian/patches/extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
> create mode 100644 debian/patches/extra/0015-vhost-Fix-device-s-used-descriptor-dequeue.patch
> delete mode 100644 debian/patches/extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch
> create mode 100644 debian/patches/extra/0016-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch
> delete mode 100644 debian/patches/extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch
> create mode 100644 debian/patches/extra/0017-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch
> delete mode 100644 debian/patches/extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch
> delete mode 100644 debian/patches/extra/0018-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
> create mode 100644 debian/patches/extra/0018-hw-virtio-Replace-g_memdup-by-g_memdup2.patch
> delete mode 100644 debian/patches/extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch
> create mode 100644 debian/patches/extra/0019-vhost-Fix-element-in-vhost_svq_add-failure.patch
> delete mode 100644 debian/patches/extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
> delete mode 100644 debian/patches/extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
> create mode 100644 debian/patches/pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
> create mode 100644 debian/patches/pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
> rename debian/patches/pve/{0053-Revert-block-rbd-implement-bdrv_co_block_status.patch => 0055-Revert-block-rbd-implement-bdrv_co_block_status.patch} (97%)
> rename debian/patches/pve/{0054-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch => 0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch} (100%)
> rename debian/patches/pve/{0055-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch => 0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch} (100%)
> rename debian/patches/pve/{0056-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch => 0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch} (100%)
> rename debian/patches/pve/{0057-vma-create-support-64KiB-unaligned-input-images.patch => 0059-vma-create-support-64KiB-unaligned-input-images.patch} (92%)
> rename debian/patches/pve/{0058-vma-create-avoid-triggering-assertion-in-error-case.patch => 0060-vma-create-avoid-triggering-assertion-in-error-case.patch} (88%)
> rename debian/patches/pve/{0059-block-alloc-track-avoid-premature-break.patch => 0061-block-alloc-track-avoid-premature-break.patch} (100%)
>
> --
> 2.30.2
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-06-30 11:17 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-27 11:05 [pve-devel] [PATCH-SERIES qemu] update to 7.0.0 Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches " Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 2/4] d/rules: drop outdated configure flags Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 3/4] d/rules: adapt to changed opensbi riscv filenames in 7.0.0 Fabian Ebner
2022-06-27 11:05 ` [pve-devel] [PATCH qemu 4/4] cherry-pick upstream fixes for 7.0.0 Fabian Ebner
2022-06-30 11:16 ` [pve-devel] applied-series: [PATCH-SERIES qemu] update to 7.0.0 Wolfgang Bumiller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox