* [pve-devel] [PATCH qemu 4/5] add stable patches for 8.0.0
2023-05-12 15:10 [pve-devel] [PATCH-SERIES qemu] update to QEMU 8.0 Fiona Ebner
2023-05-12 15:10 ` [pve-devel] [PATCH qemu 1/5] d/rules: drop virtiofsd switch Fiona Ebner
2023-05-12 15:10 ` [pve-devel] [PATCH qemu 2/5] d/rules: set job flag for make based on DEB_BUILD_OPTIONS Fiona Ebner
@ 2023-05-12 15:10 ` Fiona Ebner
2023-05-12 15:10 ` [pve-devel] [PATCH qemu 5/5] PVE backup: don't call no_co_wrapper function from coroutine Fiona Ebner
3 siblings, 0 replies; 5+ messages in thread
From: Fiona Ebner @ 2023-05-12 15:10 UTC (permalink / raw)
To: pve-devel
Changes to other patches are all just metadata/context changes except
for pvebackup_co_prepare() needing to call bdrv_co_unref() rather than
bdrv_unref(), because it is a coroutine itself. This is documented in
d6ee2e324e ("block-coroutine-wrapper: Introduce no_co_wrapper"). The
change is necessary, because one of the stable fixes converts
bdrv_unref and blk_unref into no_co_wrappers (in preparation for a
second patch to fix a hang with the block resize QMP command).
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...d-support-for-sync-bitmap-mode-never.patch | 16 +-
...check-for-bitmap-mode-without-bitmap.patch | 4 +-
.../0006-mirror-move-some-checks-to-qmp.patch | 4 +-
...39-fix-large_send_mss-divide-by-zero.patch | 72 ++++
...-Fix-crash-when-executing-HMP-commit.patch | 48 +++
...hen-getting-cursor-without-a-console.patch | 36 ++
...our-channel-order-for-PNG-screenshot.patch | 77 ++++
...arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch | 41 ++
...e-incorrect-computation-in-float32_e.patch | 56 +++
...ge-wrong-XFRM-value-in-SGX-CPUID-lea.patch | 39 ++
...t-assert_bdrv_graph_readable-by-defa.patch | 106 +++++
...CI_ERR_UNCOR_MASK-register-for-machi.patch | 100 +++++
...after-free-in-blockdev_mark_auto_del.patch | 57 +++
...ly-call-bdrv_activate-outside-corout.patch | 64 +++
...o_unref-for-calls-in-coroutine-conte.patch | 373 ++++++++++++++++++
...-no_coroutine_fns-in-qmp_block_resiz.patch | 43 ++
...-tcg-Fix-atomic_mmu_lookup-for-reads.patch | 36 ++
...sed-balloon-qemu-4-0-config-size-fal.patch | 4 +-
...VE-Backup-add-vma-backup-format-code.patch | 4 +-
...ckup-proxmox-backup-patches-for-qemu.patch | 12 +-
...estore-new-command-to-restore-from-p.patch | 4 +-
...irty-bitmap-tracking-for-incremental.patch | 8 +-
.../pve/0032-PVE-various-PBS-fixes.patch | 6 +-
...k-driver-to-map-backup-archives-into.patch | 12 +-
...dd-query_proxmox_support-QMP-command.patch | 2 +-
...E-add-query-pbs-bitmap-info-QMP-call.patch | 2 +-
...ct-stderr-to-journal-when-daemonized.patch | 4 +-
...-transaction-to-synchronize-job-stat.patch | 4 +-
...-block-on-finishing-and-cleanup-crea.patch | 2 +-
...igrate-dirty-bitmap-state-via-savevm.patch | 2 +-
...routine-QMP-for-backup-cancel_backup.patch | 8 +-
.../pve/0044-PBS-add-master-key-support.patch | 6 +-
.../pve/0052-pbs-namespace-support.patch | 6 +-
...e-jobs-correctly-cancel-in-error-sce.patch | 2 +-
...nsure-jobs-in-di_list-are-referenced.patch | 2 +-
...d-segfault-issues-upon-backup-cancel.patch | 2 +-
...-passing-max-workers-performance-set.patch | 6 +-
debian/patches/series | 14 +
38 files changed, 1223 insertions(+), 61 deletions(-)
create mode 100644 debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
create mode 100644 debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
create mode 100644 debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch
create mode 100644 debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
create mode 100644 debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
create mode 100644 debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
create mode 100644 debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
create mode 100644 debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
create mode 100644 debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
create mode 100644 debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
create mode 100644 debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
create mode 100644 debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
create mode 100644 debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
create mode 100644 debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
diff --git a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
index 306dc3b..a45ee6e 100644
--- a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
+++ b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
@@ -254,10 +254,10 @@ index 663e2b7002..9099c75992 100644
errp);
if (!job) {
diff --git a/blockdev.c b/blockdev.c
-index d7b5c18f0a..6c34d9bb3a 100644
+index e464daea58..1010b60804 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -2932,6 +2932,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2942,6 +2942,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
BlockDriverState *target,
const char *replaces,
enum MirrorSyncMode sync,
@@ -267,7 +267,7 @@ index d7b5c18f0a..6c34d9bb3a 100644
BlockMirrorBackingMode backing_mode,
bool zero_target,
bool has_speed, int64_t speed,
-@@ -2950,6 +2953,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2960,6 +2963,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
{
BlockDriverState *unfiltered_bs;
int job_flags = JOB_DEFAULT;
@@ -275,7 +275,7 @@ index d7b5c18f0a..6c34d9bb3a 100644
if (!has_speed) {
speed = 0;
-@@ -3001,6 +3005,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3011,6 +3015,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
sync = MIRROR_SYNC_MODE_FULL;
}
@@ -305,7 +305,7 @@ index d7b5c18f0a..6c34d9bb3a 100644
if (!replaces) {
/* We want to mirror from @bs, but keep implicit filters on top */
unfiltered_bs = bdrv_skip_implicit_filters(bs);
-@@ -3046,8 +3073,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3056,8 +3083,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
* and will allow to check whether the node still exist at mirror completion
*/
mirror_start(job_id, bs, target,
@@ -316,7 +316,7 @@ index d7b5c18f0a..6c34d9bb3a 100644
on_source_error, on_target_error, unmap, filter_node_name,
copy_mode, errp);
}
-@@ -3192,6 +3219,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
+@@ -3202,6 +3229,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
blockdev_mirror_common(arg->job_id, bs, target_bs,
arg->replaces, arg->sync,
@@ -325,7 +325,7 @@ index d7b5c18f0a..6c34d9bb3a 100644
backing_mode, zero_target,
arg->has_speed, arg->speed,
arg->has_granularity, arg->granularity,
-@@ -3213,6 +3242,8 @@ void qmp_blockdev_mirror(const char *job_id,
+@@ -3223,6 +3252,8 @@ void qmp_blockdev_mirror(const char *job_id,
const char *device, const char *target,
const char *replaces,
MirrorSyncMode sync,
@@ -334,7 +334,7 @@ index d7b5c18f0a..6c34d9bb3a 100644
bool has_speed, int64_t speed,
bool has_granularity, uint32_t granularity,
bool has_buf_size, int64_t buf_size,
-@@ -3261,7 +3292,8 @@ void qmp_blockdev_mirror(const char *job_id,
+@@ -3271,7 +3302,8 @@ void qmp_blockdev_mirror(const char *job_id,
}
blockdev_mirror_common(job_id, bs, target_bs,
diff --git a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
index 3061723..e1cd354 100644
--- a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
+++ b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
@@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 3 insertions(+)
diff --git a/blockdev.c b/blockdev.c
-index 6c34d9bb3a..24a76b451d 100644
+index 1010b60804..19f490fce7 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -3026,6 +3026,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3036,6 +3036,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_ALLOW_RO, errp)) {
return;
}
diff --git a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
index 4139251..7dc188b 100644
--- a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
+++ b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
@@ -62,10 +62,10 @@ index f42953837b..8f79efaa87 100644
if (bitmap_mode != BITMAP_SYNC_MODE_NEVER) {
diff --git a/blockdev.c b/blockdev.c
-index 24a76b451d..3917af7d02 100644
+index 19f490fce7..9a010f3a86 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -3005,7 +3005,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3015,7 +3015,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
sync = MIRROR_SYNC_MODE_FULL;
}
diff --git a/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch b/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
new file mode 100644
index 0000000..ab3db30
--- /dev/null
+++ b/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
@@ -0,0 +1,72 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Thu, 13 Apr 2023 13:19:46 -0400
+Subject: [PATCH] rtl8139: fix large_send_mss divide-by-zero
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the driver sets large_send_mss to 0 then a divide-by-zero occurs.
+Even if the division wasn't a problem, the for loop that emits MSS-sized
+packets would never terminate.
+
+Solve these issues by skipping offloading when large_send_mss=0.
+
+This issue was found by OSS-Fuzz as part of Alexander Bulekov's device
+fuzzing work. The reproducer is:
+
+ $ cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
+ 512M,slots=1,maxmem=0xffff000000000000 -machine q35 -nodefaults -device \
+ rtl8139,netdev=net0 -netdev user,id=net0 -device \
+ pc-dimm,id=nv1,memdev=mem1,addr=0xb800a64602800000 -object \
+ memory-backend-ram,id=mem1,size=2M -qtest stdio
+ outl 0xcf8 0x80000814
+ outl 0xcfc 0xe0000000
+ outl 0xcf8 0x80000804
+ outw 0xcfc 0x06
+ write 0xe0000037 0x1 0x04
+ write 0xe00000e0 0x2 0x01
+ write 0x1 0x1 0x04
+ write 0x3 0x1 0x98
+ write 0xa 0x1 0x8c
+ write 0xb 0x1 0x02
+ write 0xc 0x1 0x46
+ write 0xd 0x1 0xa6
+ write 0xf 0x1 0xb8
+ write 0xb800a646028c000c 0x1 0x08
+ write 0xb800a646028c000e 0x1 0x47
+ write 0xb800a646028c0010 0x1 0x02
+ write 0xb800a646028c0017 0x1 0x06
+ write 0xb800a646028c0036 0x1 0x80
+ write 0xe00000d9 0x1 0x40
+ EOF
+
+Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1582
+Fixes: 6d71357a3b65 ("rtl8139: honor large send MSS value")
+Reported-by: Alexander Bulekov <alxndr@bu.edu>
+Cc: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Tested-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Acked-by: Jason Wang <jasowang@redhat.com>
+(picked up from https://patchew.org/QEMU/20230413171946.2865726-1-stefanha@redhat.com/)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/net/rtl8139.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
+index 5a5aaf868d..5f1a4d359b 100644
+--- a/hw/net/rtl8139.c
++++ b/hw/net/rtl8139.c
+@@ -2154,6 +2154,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
+
+ int large_send_mss = (txdw0 >> CP_TC_LGSEN_MSS_SHIFT) &
+ CP_TC_LGSEN_MSS_MASK;
++ if (large_send_mss == 0) {
++ goto skip_offload;
++ }
+
+ DPRINTF("+++ C+ mode offloaded task TSO IP data %d "
+ "frame data %d specified MSS=%d\n",
diff --git a/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch b/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
new file mode 100644
index 0000000..0255bd3
--- /dev/null
+++ b/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
@@ -0,0 +1,48 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Wang Liang <wangliangzz@inspur.com>
+Date: Mon, 24 Apr 2023 18:39:02 +0800
+Subject: [PATCH] block/monitor: Fix crash when executing HMP commit
+
+hmp_commit() calls blk_is_available() from a non-coroutine context (and
+in the main loop). blk_is_available() is a co_wrapper_mixed_bdrv_rdlock
+function, and in the non-coroutine context it calls AIO_WAIT_WHILE(),
+which crashes if the aio_context lock is not taken before.
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1615
+Signed-off-by: Wang Liang <wangliangzz@inspur.com>
+Message-Id: <20230424103902.45265-1-wangliangzz@126.com>
+Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
+Reviewed-by: Kevin Wolf <kwolf@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit 8c1e8fb2e7fc2cbeb57703e143965a4cd3ad301a)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ block/monitor/block-hmp-cmds.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
+index 2846083546..ca2599de44 100644
+--- a/block/monitor/block-hmp-cmds.c
++++ b/block/monitor/block-hmp-cmds.c
+@@ -214,15 +214,17 @@ void hmp_commit(Monitor *mon, const QDict *qdict)
+ error_report("Device '%s' not found", device);
+ return;
+ }
+- if (!blk_is_available(blk)) {
+- error_report("Device '%s' has no medium", device);
+- return;
+- }
+
+ bs = bdrv_skip_implicit_filters(blk_bs(blk));
+ aio_context = bdrv_get_aio_context(bs);
+ aio_context_acquire(aio_context);
+
++ if (!blk_is_available(blk)) {
++ error_report("Device '%s' has no medium", device);
++ aio_context_release(aio_context);
++ return;
++ }
++
+ ret = bdrv_commit(bs);
+
+ aio_context_release(aio_context);
diff --git a/debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch b/debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch
new file mode 100644
index 0000000..c0368b8
--- /dev/null
+++ b/debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch
@@ -0,0 +1,36 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
+Date: Fri, 28 Apr 2023 19:48:06 +0400
+Subject: [PATCH] ui: return NULL when getting cursor without a console
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+VNC may try to get the current cursor even when there are no consoles
+and crashes. Simple reproducer is qemu with -nodefaults.
+
+Fixes: (again)
+https://gitlab.com/qemu-project/qemu/-/issues/1548
+
+Fixes: commit 385ac97f8 ("ui: keep current cursor with QemuConsole")
+Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-04/msg05598.html)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ ui/console.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ui/console.c b/ui/console.c
+index 6e8a3cdc62..594517ecdb 100644
+--- a/ui/console.c
++++ b/ui/console.c
+@@ -2306,7 +2306,7 @@ QEMUCursor *qemu_console_get_cursor(QemuConsole *con)
+ if (con == NULL) {
+ con = active_console;
+ }
+- return con->cursor;
++ return con ? con->cursor : NULL;
+ }
+
+ bool qemu_console_is_visible(QemuConsole *con)
diff --git a/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch b/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
new file mode 100644
index 0000000..d76b723
--- /dev/null
+++ b/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
@@ -0,0 +1,77 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Peter Maydell <peter.maydell@linaro.org>
+Date: Tue, 2 May 2023 14:55:48 +0100
+Subject: [PATCH] ui: Fix pixel colour channel order for PNG screenshots
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When we take a PNG screenshot the ordering of the colour channels in
+the data is not correct, resulting in the image having weird
+colouring compared to the actual display. (Specifically, on a
+little-endian host the blue and red channels are swapped; on
+big-endian everything is wrong.)
+
+This happens because the pixman idea of the pixel data and the libpng
+idea differ. PIXMAN_a9r8g8b8 defines that pixels are 32-bit values,
+with A in bits 24-31, R in bits 16-23, G in bits 8-15 and B in bits
+0-7. This means that on little-endian systems the bytes in memory
+are
+ B G R A
+and on big-endian systems they are
+ A R G B
+
+libpng, on the other hand, thinks of pixels as being a series of
+values for each channel, so its format PNG_COLOR_TYPE_RGB_ALPHA
+always wants bytes in the order
+ R G B A
+
+This isn't the same as the pixman order for either big or little
+endian hosts.
+
+The alpha channel is also unnecessary bulk in the output PNG file,
+because there is no alpha information in a screenshot.
+
+To handle the endianness issue, we already define in ui/qemu-pixman.h
+various PIXMAN_BE_* and PIXMAN_LE_* values that give consistent
+byte-order pixel channel formats. So we can use PIXMAN_BE_r8g8b8 and
+PNG_COLOR_TYPE_RGB, which both have an in-memory byte order of
+ R G B
+and 3 bytes per pixel.
+
+(PPM format screenshots get this right; they already use the
+PIXMAN_BE_r8g8b8 format.)
+
+Cc: qemu-stable@nongnu.org
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1622
+Fixes: 9a0a119a382867 ("Added parameter to take screenshot with screendump as PNG")
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00229.html)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ ui/console.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ui/console.c b/ui/console.c
+index 594517ecdb..7461446e71 100644
+--- a/ui/console.c
++++ b/ui/console.c
+@@ -311,7 +311,7 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
+ png_struct *png_ptr;
+ png_info *info_ptr;
+ g_autoptr(pixman_image_t) linebuf =
+- qemu_pixman_linebuf_create(PIXMAN_a8r8g8b8, width);
++ qemu_pixman_linebuf_create(PIXMAN_BE_r8g8b8, width);
+ uint8_t *buf = (uint8_t *)pixman_image_get_data(linebuf);
+ FILE *f = fdopen(fd, "wb");
+ int y;
+@@ -341,7 +341,7 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
+ png_init_io(png_ptr, f);
+
+ png_set_IHDR(png_ptr, info_ptr, width, height, 8,
+- PNG_COLOR_TYPE_RGB_ALPHA, PNG_INTERLACE_NONE,
++ PNG_COLOR_TYPE_RGB, PNG_INTERLACE_NONE,
+ PNG_COMPRESSION_TYPE_BASE, PNG_FILTER_TYPE_BASE);
+
+ png_write_info(png_ptr, info_ptr);
diff --git a/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch b/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
new file mode 100644
index 0000000..799aa84
--- /dev/null
+++ b/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
@@ -0,0 +1,41 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Richard Henderson <richard.henderson@linaro.org>
+Date: Thu, 4 May 2023 11:42:32 +0100
+Subject: [PATCH] target/arm: Fix vd == vm overlap in sve_ldff1_z
+
+If vd == vm, copy vm to scratch, so that we can pre-zero
+the output and still access the gather indicies.
+
+Cc: qemu-stable@nongnu.org
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1612
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00961.html)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ target/arm/tcg/sve_helper.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c
+index ccf5e5beca..0097522470 100644
+--- a/target/arm/tcg/sve_helper.c
++++ b/target/arm/tcg/sve_helper.c
+@@ -6727,6 +6727,7 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
+ intptr_t reg_off;
+ SVEHostPage info;
+ target_ulong addr, in_page;
++ ARMVectorReg scratch;
+
+ /* Skip to the first true predicate. */
+ reg_off = find_next_active(vg, 0, reg_max, esz);
+@@ -6736,6 +6737,11 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
+ return;
+ }
+
++ /* Protect against overlap between vd and vm. */
++ if (unlikely(vd == vm)) {
++ vm = memcpy(&scratch, vm, reg_max);
++ }
++
+ /*
+ * Probe the first element, allowing faults.
+ */
diff --git a/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch b/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
new file mode 100644
index 0000000..a9cc766
--- /dev/null
+++ b/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
@@ -0,0 +1,56 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Shivaprasad G Bhat <sbhat@linux.ibm.com>
+Date: Tue, 2 May 2023 20:55:30 +0530
+Subject: [PATCH] softfloat: Fix the incorrect computation in float32_exp2
+
+The float32_exp2 function is computing wrong exponent of 2.
+
+For example, with the following set of values {0.1, 2.0, 2.0, -1.0},
+the expected output would be {1.071773, 4.000000, 4.000000, 0.500000}.
+Instead, the function is computing {1.119102, 3.382044, 3.382044, -0.191022}
+
+Looking at the code, the float32_exp2() attempts to do this
+
+ 2 3 4 5 n
+ x x x x x x x
+ e = 1 + --- + --- + --- + --- + --- + ... + --- + ...
+ 1! 2! 3! 4! 5! n!
+
+But because of the typo it ends up doing
+
+ x x x x x x x
+ e = 1 + --- + --- + --- + --- + --- + ... + --- + ...
+ 1! 2! 3! 4! 5! n!
+
+This is because instead of the xnp which holds the numerator, parts_muladd
+is using the xp which is just 'x'. Commit '572c4d862ff2' refactored this
+function, and mistakenly used xp instead of xnp.
+
+Cc: qemu-stable@nongnu.org
+Fixes: 572c4d862ff2 "softfloat: Convert float32_exp2 to FloatParts"
+Partially-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1623
+Reported-By: Luca Barbato (https://gitlab.com/lu-zero)
+Signed-off-by: Shivaprasad G Bhat <sbhat@linux.ibm.com>
+Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
+Message-Id: <168304110865.537992.13059030916325018670.stgit@localhost.localdomain>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+(cherry-picked from commit 1098cc3fcf952763fc9fd72c1c8fda30a18cc8ea)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ fpu/softfloat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fpu/softfloat.c b/fpu/softfloat.c
+index c7454c3eb1..108f9cb224 100644
+--- a/fpu/softfloat.c
++++ b/fpu/softfloat.c
+@@ -5135,7 +5135,7 @@ float32 float32_exp2(float32 a, float_status *status)
+ float64_unpack_canonical(&rp, float64_one, status);
+ for (i = 0 ; i < 15 ; i++) {
+ float64_unpack_canonical(&tp, float32_exp2_coefficients[i], status);
+- rp = *parts_muladd(&tp, &xp, &rp, 0, status);
++ rp = *parts_muladd(&tp, &xnp, &rp, 0, status);
+ xnp = *parts_mul(&xnp, &xp, status);
+ }
+
diff --git a/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch b/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
new file mode 100644
index 0000000..425b39d
--- /dev/null
+++ b/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
@@ -0,0 +1,39 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Yang Zhong <yang.zhong@linux.intel.com>
+Date: Thu, 6 Apr 2023 02:40:41 -0400
+Subject: [PATCH] target/i386: Change wrong XFRM value in SGX CPUID leaf
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The previous patch wrongly replaced FEAT_XSAVE_XCR0_{LO|HI} with
+FEAT_XSAVE_XSS_{LO|HI} in CPUID(EAX=12,ECX=1):{ECX,EDX}. As a result,
+SGX enclaves only supported SSE and x87 feature (xfrm=0x3).
+
+Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")
+Signed-off-by: Yang Zhong <yang.zhong@linux.intel.com>
+Reviewed-by: Yang Weijiang <weijiang.yang@intel.com>
+Reviewed-by: Kai Huang <kai.huang@intel.com>
+Message-Id: <20230406064041.420039-1-yang.zhong@linux.intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry-picked from commit 72497cff896fecf74306ed33626c30e43633cdd6)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ target/i386/cpu.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 6576287e5b..f083ff4335 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -5718,8 +5718,8 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
+ } else {
+ *eax &= env->features[FEAT_SGX_12_1_EAX];
+ *ebx &= 0; /* ebx reserve */
+- *ecx &= env->features[FEAT_XSAVE_XSS_LO];
+- *edx &= env->features[FEAT_XSAVE_XSS_HI];
++ *ecx &= env->features[FEAT_XSAVE_XCR0_LO];
++ *edx &= env->features[FEAT_XSAVE_XCR0_HI];
+
+ /* FP and SSE are always allowed regardless of XSAVE/XCR0. */
+ *ecx |= XSTATE_FP_MASK | XSTATE_SSE_MASK;
diff --git a/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch b/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
new file mode 100644
index 0000000..f0534d8
--- /dev/null
+++ b/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
@@ -0,0 +1,106 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Stefan Hajnoczi <stefanha@redhat.com>
+Date: Mon, 1 May 2023 13:34:43 -0400
+Subject: [PATCH] block: compile out assert_bdrv_graph_readable() by default
+
+reader_count() is a performance bottleneck because the global
+aio_context_list_lock mutex causes thread contention. Put this debugging
+assertion behind a new ./configure --enable-debug-graph-lock option and
+disable it by default.
+
+The --enable-debug-graph-lock option is also enabled by the more general
+--enable-debug option.
+
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00058.html)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ block/graph-lock.c | 3 +++
+ configure | 1 +
+ meson.build | 2 ++
+ meson_options.txt | 2 ++
+ scripts/meson-buildoptions.sh | 4 ++++
+ 5 files changed, 12 insertions(+)
+
+diff --git a/block/graph-lock.c b/block/graph-lock.c
+index 454c31e691..259a7a0bde 100644
+--- a/block/graph-lock.c
++++ b/block/graph-lock.c
+@@ -265,7 +265,10 @@ void bdrv_graph_rdunlock_main_loop(void)
+
+ void assert_bdrv_graph_readable(void)
+ {
++ /* reader_count() is slow due to aio_context_list_lock lock contention */
++#ifdef CONFIG_DEBUG_GRAPH_LOCK
+ assert(qemu_in_main_thread() || reader_count());
++#endif
+ }
+
+ void assert_bdrv_graph_writable(void)
+diff --git a/configure b/configure
+index 800b5850f4..a62a3e6be9 100755
+--- a/configure
++++ b/configure
+@@ -806,6 +806,7 @@ for opt do
+ --enable-debug)
+ # Enable debugging options that aren't excessively noisy
+ debug_tcg="yes"
++ meson_option_parse --enable-debug-graph-lock ""
+ meson_option_parse --enable-debug-mutex ""
+ meson_option_add -Doptimization=0
+ fortify_source="no"
+diff --git a/meson.build b/meson.build
+index c44d05a13f..d964e741e7 100644
+--- a/meson.build
++++ b/meson.build
+@@ -1956,6 +1956,7 @@ if get_option('debug_stack_usage') and have_coroutine_pool
+ have_coroutine_pool = false
+ endif
+ config_host_data.set10('CONFIG_COROUTINE_POOL', have_coroutine_pool)
++config_host_data.set('CONFIG_DEBUG_GRAPH_LOCK', get_option('debug_graph_lock'))
+ config_host_data.set('CONFIG_DEBUG_MUTEX', get_option('debug_mutex'))
+ config_host_data.set('CONFIG_DEBUG_STACK_USAGE', get_option('debug_stack_usage'))
+ config_host_data.set('CONFIG_GPROF', get_option('gprof'))
+@@ -3833,6 +3834,7 @@ summary_info += {'PIE': get_option('b_pie')}
+ summary_info += {'static build': config_host.has_key('CONFIG_STATIC')}
+ summary_info += {'malloc trim support': has_malloc_trim}
+ summary_info += {'membarrier': have_membarrier}
++summary_info += {'debug graph lock': get_option('debug_graph_lock')}
+ summary_info += {'debug stack usage': get_option('debug_stack_usage')}
+ summary_info += {'mutex debugging': get_option('debug_mutex')}
+ summary_info += {'memory allocator': get_option('malloc')}
+diff --git a/meson_options.txt b/meson_options.txt
+index fc9447d267..bc857fe68b 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -311,6 +311,8 @@ option('rng_none', type: 'boolean', value: false,
+ description: 'dummy RNG, avoid using /dev/(u)random and getrandom()')
+ option('coroutine_pool', type: 'boolean', value: true,
+ description: 'coroutine freelist (better performance)')
++option('debug_graph_lock', type: 'boolean', value: false,
++ description: 'graph lock debugging support')
+ option('debug_mutex', type: 'boolean', value: false,
+ description: 'mutex debugging support')
+ option('debug_stack_usage', type: 'boolean', value: false,
+diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh
+index 009fab1515..30e1f25259 100644
+--- a/scripts/meson-buildoptions.sh
++++ b/scripts/meson-buildoptions.sh
+@@ -21,6 +21,8 @@ meson_options_help() {
+ printf "%s\n" ' QEMU'
+ printf "%s\n" ' --enable-cfi Control-Flow Integrity (CFI)'
+ printf "%s\n" ' --enable-cfi-debug Verbose errors in case of CFI violation'
++ printf "%s\n" ' --enable-debug-graph-lock'
++ printf "%s\n" ' graph lock debugging support'
+ printf "%s\n" ' --enable-debug-mutex mutex debugging support'
+ printf "%s\n" ' --enable-debug-stack-usage'
+ printf "%s\n" ' measure coroutine stack usage'
+@@ -249,6 +251,8 @@ _meson_option_parse() {
+ --datadir=*) quote_sh "-Ddatadir=$2" ;;
+ --enable-dbus-display) printf "%s" -Ddbus_display=enabled ;;
+ --disable-dbus-display) printf "%s" -Ddbus_display=disabled ;;
++ --enable-debug-graph-lock) printf "%s" -Ddebug_graph_lock=true ;;
++ --disable-debug-graph-lock) printf "%s" -Ddebug_graph_lock=false ;;
+ --enable-debug-mutex) printf "%s" -Ddebug_mutex=true ;;
+ --disable-debug-mutex) printf "%s" -Ddebug_mutex=false ;;
+ --enable-debug-stack-usage) printf "%s" -Ddebug_stack_usage=true ;;
diff --git a/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch b/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
new file mode 100644
index 0000000..b7e45e5
--- /dev/null
+++ b/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
@@ -0,0 +1,100 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Leonardo Bras <leobras@redhat.com>
+Date: Tue, 2 May 2023 21:27:02 -0300
+Subject: [PATCH] hw/pci: Disable PCI_ERR_UNCOR_MASK register for machine type
+ < 8.0
+
+Since it's implementation on v8.0.0-rc0, having the PCI_ERR_UNCOR_MASK
+set for machine types < 8.0 will cause migration to fail if the target
+QEMU version is < 8.0.0 :
+
+qemu-system-x86_64: get_pci_config_device: Bad config data: i=0x10a read: 40 device: 0 cmask: ff wmask: 0 w1cmask:0
+qemu-system-x86_64: Failed to load PCIDevice:config
+qemu-system-x86_64: Failed to load e1000e:parent_obj
+qemu-system-x86_64: error while loading state for instance 0x0 of device '0000:00:02.0/e1000e'
+qemu-system-x86_64: load of migration failed: Invalid argument
+
+The above test migrated a 7.2 machine type from QEMU master to QEMU 7.2.0,
+with this cmdline:
+
+./qemu-system-x86_64 -M pc-q35-7.2 [-incoming XXX]
+
+In order to fix this, property x-pcie-err-unc-mask was introduced to
+control when PCI_ERR_UNCOR_MASK is enabled. This property is enabled by
+default, but is disabled if machine type <= 7.2.
+
+Fixes: 010746ae1d ("hw/pci/aer: Implement PCI_ERR_UNCOR_MASK register")
+Suggested-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Leonardo Bras <leobras@redhat.com>
+Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: Juan Quintela <quintela@redhat.com>
+(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00350.html)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/core/machine.c | 1 +
+ hw/pci/pci.c | 2 ++
+ hw/pci/pcie_aer.c | 11 +++++++----
+ include/hw/pci/pci.h | 2 ++
+ 4 files changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/hw/core/machine.c b/hw/core/machine.c
+index cd13b8b0a3..5060119952 100644
+--- a/hw/core/machine.c
++++ b/hw/core/machine.c
+@@ -43,6 +43,7 @@ GlobalProperty hw_compat_7_2[] = {
+ { "e1000e", "migrate-timadj", "off" },
+ { "virtio-mem", "x-early-migration", "false" },
+ { "migration", "x-preempt-pre-7-2", "true" },
++ { TYPE_PCI_DEVICE, "x-pcie-err-unc-mask", "off" },
+ };
+ const size_t hw_compat_7_2_len = G_N_ELEMENTS(hw_compat_7_2);
+
+diff --git a/hw/pci/pci.c b/hw/pci/pci.c
+index def5000e7b..8ad4349e96 100644
+--- a/hw/pci/pci.c
++++ b/hw/pci/pci.c
+@@ -79,6 +79,8 @@ static Property pci_props[] = {
+ DEFINE_PROP_STRING("failover_pair_id", PCIDevice,
+ failover_pair_id),
+ DEFINE_PROP_UINT32("acpi-index", PCIDevice, acpi_index, 0),
++ DEFINE_PROP_BIT("x-pcie-err-unc-mask", PCIDevice, cap_present,
++ QEMU_PCIE_ERR_UNC_MASK_BITNR, true),
+ DEFINE_PROP_END_OF_LIST()
+ };
+
+diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
+index 103667c368..374d593ead 100644
+--- a/hw/pci/pcie_aer.c
++++ b/hw/pci/pcie_aer.c
+@@ -112,10 +112,13 @@ int pcie_aer_init(PCIDevice *dev, uint8_t cap_ver, uint16_t offset,
+
+ pci_set_long(dev->w1cmask + offset + PCI_ERR_UNCOR_STATUS,
+ PCI_ERR_UNC_SUPPORTED);
+- pci_set_long(dev->config + offset + PCI_ERR_UNCOR_MASK,
+- PCI_ERR_UNC_MASK_DEFAULT);
+- pci_set_long(dev->wmask + offset + PCI_ERR_UNCOR_MASK,
+- PCI_ERR_UNC_SUPPORTED);
++
++ if (dev->cap_present & QEMU_PCIE_ERR_UNC_MASK) {
++ pci_set_long(dev->config + offset + PCI_ERR_UNCOR_MASK,
++ PCI_ERR_UNC_MASK_DEFAULT);
++ pci_set_long(dev->wmask + offset + PCI_ERR_UNCOR_MASK,
++ PCI_ERR_UNC_SUPPORTED);
++ }
+
+ pci_set_long(dev->config + offset + PCI_ERR_UNCOR_SEVER,
+ PCI_ERR_UNC_SEVERITY_DEFAULT);
+diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
+index d5a40cd058..6dc6742fc4 100644
+--- a/include/hw/pci/pci.h
++++ b/include/hw/pci/pci.h
+@@ -207,6 +207,8 @@ enum {
+ QEMU_PCIE_EXTCAP_INIT = (1 << QEMU_PCIE_EXTCAP_INIT_BITNR),
+ #define QEMU_PCIE_CXL_BITNR 10
+ QEMU_PCIE_CAP_CXL = (1 << QEMU_PCIE_CXL_BITNR),
++#define QEMU_PCIE_ERR_UNC_MASK_BITNR 11
++ QEMU_PCIE_ERR_UNC_MASK = (1 << QEMU_PCIE_ERR_UNC_MASK_BITNR),
+ };
+
+ typedef struct PCIINTxRoute {
diff --git a/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch b/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
new file mode 100644
index 0000000..20e3e35
--- /dev/null
+++ b/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
@@ -0,0 +1,57 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Wed, 3 May 2023 16:01:42 +0200
+Subject: [PATCH] block: Fix use after free in blockdev_mark_auto_del()
+
+job_cancel_locked() drops the job list lock temporarily and it may call
+aio_poll(). We must assume that the list has changed after this call.
+Also, with unlucky timing, it can end up freeing the job during
+job_completed_txn_abort_locked(), making the job pointer invalid, too.
+
+For both reasons, we can't just continue at block_job_next_locked(job).
+Instead, start at the head of the list again after job_cancel_locked()
+and skip those jobs that we already cancelled (or that are completing
+anyway).
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Message-Id: <20230503140142.474404-1-kwolf@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit e2626874a32602d4e52971c786ef5ffb4430629d)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ blockdev.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/blockdev.c b/blockdev.c
+index d7b5c18f0a..2c1752a403 100644
+--- a/blockdev.c
++++ b/blockdev.c
+@@ -153,12 +153,22 @@ void blockdev_mark_auto_del(BlockBackend *blk)
+
+ JOB_LOCK_GUARD();
+
+- for (job = block_job_next_locked(NULL); job;
+- job = block_job_next_locked(job)) {
+- if (block_job_has_bdrv(job, blk_bs(blk))) {
++ do {
++ job = block_job_next_locked(NULL);
++ while (job && (job->job.cancelled ||
++ job->job.deferred_to_main_loop ||
++ !block_job_has_bdrv(job, blk_bs(blk))))
++ {
++ job = block_job_next_locked(job);
++ }
++ if (job) {
++ /*
++ * This drops the job lock temporarily and polls, so we need to
++ * restart processing the list from the start after this.
++ */
+ job_cancel_locked(&job->job, false);
+ }
+- }
++ } while (job);
+
+ dinfo->auto_del = 1;
+ }
diff --git a/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch b/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
new file mode 100644
index 0000000..a65c044
--- /dev/null
+++ b/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
@@ -0,0 +1,64 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Thu, 4 May 2023 13:57:32 +0200
+Subject: [PATCH] block: Consistently call bdrv_activate() outside coroutine
+
+Migration code can call bdrv_activate() in coroutine context, whereas
+other callers call it outside of coroutines. As it calls other code that
+is not supposed to run in coroutines, standardise on running outside of
+coroutines.
+
+This adds a no_co_wrapper to switch to the main loop before calling
+bdrv_activate().
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20230504115750.54437-3-kwolf@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit da4afaff074e56b0fa0d25abf865784148018895)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ block/block-backend.c | 10 +++++++++-
+ include/block/block-global-state.h | 6 +++++-
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/block/block-backend.c b/block/block-backend.c
+index 55efc735b4..d59f759daf 100644
+--- a/block/block-backend.c
++++ b/block/block-backend.c
+@@ -2018,7 +2018,15 @@ void blk_activate(BlockBackend *blk, Error **errp)
+ return;
+ }
+
+- bdrv_activate(bs, errp);
++ /*
++ * Migration code can call this function in coroutine context, so leave
++ * coroutine context if necessary.
++ */
++ if (qemu_in_coroutine()) {
++ bdrv_co_activate(bs, errp);
++ } else {
++ bdrv_activate(bs, errp);
++ }
+ }
+
+ bool coroutine_fn blk_co_is_inserted(BlockBackend *blk)
+diff --git a/include/block/block-global-state.h b/include/block/block-global-state.h
+index 399200a9a3..2c312cc774 100644
+--- a/include/block/block-global-state.h
++++ b/include/block/block-global-state.h
+@@ -166,7 +166,11 @@ int bdrv_amend_options(BlockDriverState *bs_new, QemuOpts *opts,
+ BlockDriverState *check_to_replace_node(BlockDriverState *parent_bs,
+ const char *node_name, Error **errp);
+
+-int bdrv_activate(BlockDriverState *bs, Error **errp);
++int no_coroutine_fn bdrv_activate(BlockDriverState *bs, Error **errp);
++
++int coroutine_fn no_co_wrapper
++bdrv_co_activate(BlockDriverState *bs, Error **errp);
++
+ void bdrv_activate_all(Error **errp);
+ int bdrv_inactivate_all(void);
+
diff --git a/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch b/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
new file mode 100644
index 0000000..541e64e
--- /dev/null
+++ b/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
@@ -0,0 +1,373 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Thu, 4 May 2023 13:57:33 +0200
+Subject: [PATCH] block: bdrv/blk_co_unref() for calls in coroutine context
+
+These functions must not be called in coroutine context, because they
+need write access to the graph.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20230504115750.54437-4-kwolf@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit b2ab5f545fa1eaaf2955dd617bee19a8b3279786)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ block.c | 2 +-
+ block/crypto.c | 6 +++---
+ block/parallels.c | 6 +++---
+ block/qcow.c | 6 +++---
+ block/qcow2.c | 14 +++++++-------
+ block/qed.c | 6 +++---
+ block/vdi.c | 6 +++---
+ block/vhdx.c | 6 +++---
+ block/vmdk.c | 18 +++++++++---------
+ block/vpc.c | 6 +++---
+ include/block/block-global-state.h | 3 ++-
+ include/sysemu/block-backend-global-state.h | 5 ++++-
+ 12 files changed, 44 insertions(+), 40 deletions(-)
+
+diff --git a/block.c b/block.c
+index d79a52ca74..a48112f945 100644
+--- a/block.c
++++ b/block.c
+@@ -680,7 +680,7 @@ int coroutine_fn bdrv_co_create_opts_simple(BlockDriver *drv,
+
+ ret = 0;
+ out:
+- blk_unref(blk);
++ blk_co_unref(blk);
+ return ret;
+ }
+
+diff --git a/block/crypto.c b/block/crypto.c
+index ca67289187..8fd3ad0054 100644
+--- a/block/crypto.c
++++ b/block/crypto.c
+@@ -355,7 +355,7 @@ block_crypto_co_create_generic(BlockDriverState *bs, int64_t size,
+ ret = 0;
+ cleanup:
+ qcrypto_block_free(crypto);
+- blk_unref(blk);
++ blk_co_unref(blk);
+ return ret;
+ }
+
+@@ -661,7 +661,7 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp)
+
+ ret = 0;
+ fail:
+- bdrv_unref(bs);
++ bdrv_co_unref(bs);
+ return ret;
+ }
+
+@@ -730,7 +730,7 @@ fail:
+ bdrv_co_delete_file_noerr(bs);
+ }
+
+- bdrv_unref(bs);
++ bdrv_co_unref(bs);
+ qapi_free_QCryptoBlockCreateOptions(create_opts);
+ qobject_unref(cryptoopts);
+ return ret;
+diff --git a/block/parallels.c b/block/parallels.c
+index 013684801a..b49c35929e 100644
+--- a/block/parallels.c
++++ b/block/parallels.c
+@@ -613,8 +613,8 @@ static int coroutine_fn parallels_co_create(BlockdevCreateOptions* opts,
+
+ ret = 0;
+ out:
+- blk_unref(blk);
+- bdrv_unref(bs);
++ blk_co_unref(blk);
++ bdrv_co_unref(bs);
+ return ret;
+
+ exit:
+@@ -691,7 +691,7 @@ parallels_co_create_opts(BlockDriver *drv, const char *filename,
+
+ done:
+ qobject_unref(qdict);
+- bdrv_unref(bs);
++ bdrv_co_unref(bs);
+ qapi_free_BlockdevCreateOptions(create_options);
+ return ret;
+ }
+diff --git a/block/qcow.c b/block/qcow.c
+index 490e4f819e..a0c701f578 100644
+--- a/block/qcow.c
++++ b/block/qcow.c
+@@ -915,8 +915,8 @@ static int coroutine_fn qcow_co_create(BlockdevCreateOptions *opts,
+ g_free(tmp);
+ ret = 0;
+ exit:
+- blk_unref(qcow_blk);
+- bdrv_unref(bs);
++ blk_co_unref(qcow_blk);
++ bdrv_co_unref(bs);
+ qcrypto_block_free(crypto);
+ return ret;
+ }
+@@ -1015,7 +1015,7 @@ qcow_co_create_opts(BlockDriver *drv, const char *filename,
+ fail:
+ g_free(backing_fmt);
+ qobject_unref(qdict);
+- bdrv_unref(bs);
++ bdrv_co_unref(bs);
+ qapi_free_BlockdevCreateOptions(create_options);
+ return ret;
+ }
+diff --git a/block/qcow2.c b/block/qcow2.c
+index 30fd53fa64..6746763c34 100644
+--- a/block/qcow2.c
++++ b/block/qcow2.c
+@@ -3705,7 +3705,7 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp)
+ goto out;
+ }
+
+- blk_unref(blk);
++ blk_co_unref(blk);
+ blk = NULL;
+
+ /*
+@@ -3785,7 +3785,7 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp)
+ }
+ }
+
+- blk_unref(blk);
++ blk_co_unref(blk);
+ blk = NULL;
+
+ /* Reopen the image without BDRV_O_NO_FLUSH to flush it before returning.
+@@ -3810,9 +3810,9 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp)
+
+ ret = 0;
+ out:
+- blk_unref(blk);
+- bdrv_unref(bs);
+- bdrv_unref(data_bs);
++ blk_co_unref(blk);
++ bdrv_co_unref(bs);
++ bdrv_co_unref(data_bs);
+ return ret;
+ }
+
+@@ -3943,8 +3943,8 @@ finish:
+ }
+
+ qobject_unref(qdict);
+- bdrv_unref(bs);
+- bdrv_unref(data_bs);
++ bdrv_co_unref(bs);
++ bdrv_co_unref(data_bs);
+ qapi_free_BlockdevCreateOptions(create_options);
+ return ret;
+ }
+diff --git a/block/qed.c b/block/qed.c
+index 0705a7b4e2..aff2a2076e 100644
+--- a/block/qed.c
++++ b/block/qed.c
+@@ -748,8 +748,8 @@ static int coroutine_fn bdrv_qed_co_create(BlockdevCreateOptions *opts,
+ ret = 0; /* success */
+ out:
+ g_free(l1_table);
+- blk_unref(blk);
+- bdrv_unref(bs);
++ blk_co_unref(blk);
++ bdrv_co_unref(bs);
+ return ret;
+ }
+
+@@ -819,7 +819,7 @@ bdrv_qed_co_create_opts(BlockDriver *drv, const char *filename,
+
+ fail:
+ qobject_unref(qdict);
+- bdrv_unref(bs);
++ bdrv_co_unref(bs);
+ qapi_free_BlockdevCreateOptions(create_options);
+ return ret;
+ }
+diff --git a/block/vdi.c b/block/vdi.c
+index f2434d6153..08331d2dd7 100644
+--- a/block/vdi.c
++++ b/block/vdi.c
+@@ -886,8 +886,8 @@ static int coroutine_fn vdi_co_do_create(BlockdevCreateOptions *create_options,
+
+ ret = 0;
+ exit:
+- blk_unref(blk);
+- bdrv_unref(bs_file);
++ blk_co_unref(blk);
++ bdrv_co_unref(bs_file);
+ g_free(bmap);
+ return ret;
+ }
+@@ -975,7 +975,7 @@ vdi_co_create_opts(BlockDriver *drv, const char *filename,
+ done:
+ qobject_unref(qdict);
+ qapi_free_BlockdevCreateOptions(create_options);
+- bdrv_unref(bs_file);
++ bdrv_co_unref(bs_file);
+ return ret;
+ }
+
+diff --git a/block/vhdx.c b/block/vhdx.c
+index 81420722a1..00777da91a 100644
+--- a/block/vhdx.c
++++ b/block/vhdx.c
+@@ -2053,8 +2053,8 @@ static int coroutine_fn vhdx_co_create(BlockdevCreateOptions *opts,
+
+ ret = 0;
+ delete_and_exit:
+- blk_unref(blk);
+- bdrv_unref(bs);
++ blk_co_unref(blk);
++ bdrv_co_unref(bs);
+ g_free(creator);
+ return ret;
+ }
+@@ -2144,7 +2144,7 @@ vhdx_co_create_opts(BlockDriver *drv, const char *filename,
+
+ fail:
+ qobject_unref(qdict);
+- bdrv_unref(bs);
++ bdrv_co_unref(bs);
+ qapi_free_BlockdevCreateOptions(create_options);
+ return ret;
+ }
+diff --git a/block/vmdk.c b/block/vmdk.c
+index f5f49018fe..01ca13c82b 100644
+--- a/block/vmdk.c
++++ b/block/vmdk.c
+@@ -2306,7 +2306,7 @@ exit:
+ if (pbb) {
+ *pbb = blk;
+ } else {
+- blk_unref(blk);
++ blk_co_unref(blk);
+ blk = NULL;
+ }
+ }
+@@ -2516,12 +2516,12 @@ vmdk_co_do_create(int64_t size,
+ if (strcmp(blk_bs(backing)->drv->format_name, "vmdk")) {
+ error_setg(errp, "Invalid backing file format: %s. Must be vmdk",
+ blk_bs(backing)->drv->format_name);
+- blk_unref(backing);
++ blk_co_unref(backing);
+ ret = -EINVAL;
+ goto exit;
+ }
+ ret = vmdk_read_cid(blk_bs(backing), 0, &parent_cid);
+- blk_unref(backing);
++ blk_co_unref(backing);
+ if (ret) {
+ error_setg(errp, "Failed to read parent CID");
+ goto exit;
+@@ -2542,14 +2542,14 @@ vmdk_co_do_create(int64_t size,
+ blk_bs(extent_blk)->filename);
+ created_size += cur_size;
+ extent_idx++;
+- blk_unref(extent_blk);
++ blk_co_unref(extent_blk);
+ }
+
+ /* Check whether we got excess extents */
+ extent_blk = extent_fn(-1, extent_idx, flat, split, compress, zeroed_grain,
+ opaque, NULL);
+ if (extent_blk) {
+- blk_unref(extent_blk);
++ blk_co_unref(extent_blk);
+ error_setg(errp, "List of extents contains unused extents");
+ ret = -EINVAL;
+ goto exit;
+@@ -2590,7 +2590,7 @@ vmdk_co_do_create(int64_t size,
+ ret = 0;
+ exit:
+ if (blk) {
+- blk_unref(blk);
++ blk_co_unref(blk);
+ }
+ g_free(desc);
+ g_free(parent_desc_line);
+@@ -2641,7 +2641,7 @@ vmdk_co_create_opts_cb(int64_t size, int idx, bool flat, bool split,
+ errp)) {
+ goto exit;
+ }
+- bdrv_unref(bs);
++ bdrv_co_unref(bs);
+ exit:
+ g_free(ext_filename);
+ return blk;
+@@ -2797,12 +2797,12 @@ static BlockBackend * coroutine_fn vmdk_co_create_cb(int64_t size, int idx,
+ return NULL;
+ }
+ blk_set_allow_write_beyond_eof(blk, true);
+- bdrv_unref(bs);
++ bdrv_co_unref(bs);
+
+ if (size != -1) {
+ ret = vmdk_init_extent(blk, size, flat, compress, zeroed_grain, errp);
+ if (ret) {
+- blk_unref(blk);
++ blk_co_unref(blk);
+ blk = NULL;
+ }
+ }
+diff --git a/block/vpc.c b/block/vpc.c
+index b89b0ff8e2..07ddda5b99 100644
+--- a/block/vpc.c
++++ b/block/vpc.c
+@@ -1082,8 +1082,8 @@ static int coroutine_fn vpc_co_create(BlockdevCreateOptions *opts,
+ }
+
+ out:
+- blk_unref(blk);
+- bdrv_unref(bs);
++ blk_co_unref(blk);
++ bdrv_co_unref(bs);
+ return ret;
+ }
+
+@@ -1162,7 +1162,7 @@ vpc_co_create_opts(BlockDriver *drv, const char *filename,
+
+ fail:
+ qobject_unref(qdict);
+- bdrv_unref(bs);
++ bdrv_co_unref(bs);
+ qapi_free_BlockdevCreateOptions(create_options);
+ return ret;
+ }
+diff --git a/include/block/block-global-state.h b/include/block/block-global-state.h
+index 2c312cc774..ec3ddb17a8 100644
+--- a/include/block/block-global-state.h
++++ b/include/block/block-global-state.h
+@@ -218,7 +218,8 @@ void bdrv_img_create(const char *filename, const char *fmt,
+ bool quiet, Error **errp);
+
+ void bdrv_ref(BlockDriverState *bs);
+-void bdrv_unref(BlockDriverState *bs);
++void no_coroutine_fn bdrv_unref(BlockDriverState *bs);
++void coroutine_fn no_co_wrapper bdrv_co_unref(BlockDriverState *bs);
+ void bdrv_unref_child(BlockDriverState *parent, BdrvChild *child);
+ BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
+ BlockDriverState *child_bs,
+diff --git a/include/sysemu/block-backend-global-state.h b/include/sysemu/block-backend-global-state.h
+index 2b6d27db7c..fa83f9389c 100644
+--- a/include/sysemu/block-backend-global-state.h
++++ b/include/sysemu/block-backend-global-state.h
+@@ -42,7 +42,10 @@ blk_co_new_open(const char *filename, const char *reference, QDict *options,
+
+ int blk_get_refcnt(BlockBackend *blk);
+ void blk_ref(BlockBackend *blk);
+-void blk_unref(BlockBackend *blk);
++
++void no_coroutine_fn blk_unref(BlockBackend *blk);
++void coroutine_fn no_co_wrapper blk_co_unref(BlockBackend *blk);
++
+ void blk_remove_all_bs(void);
+ BlockBackend *blk_by_name(const char *name);
+ BlockBackend *blk_next(BlockBackend *blk);
diff --git a/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch b/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
new file mode 100644
index 0000000..685b7a8
--- /dev/null
+++ b/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
@@ -0,0 +1,43 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Thu, 4 May 2023 13:57:34 +0200
+Subject: [PATCH] block: Don't call no_coroutine_fns in qmp_block_resize()
+
+This QMP handler runs in a coroutine, so it must use the corresponding
+no_co_wrappers instead.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2185688
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20230504115750.54437-5-kwolf@redhat.com>
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+(cherry-picked from commit 0c7d204f50c382c6baac8c94bd57af4a022b3888)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ blockdev.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/blockdev.c b/blockdev.c
+index 2c1752a403..e464daea58 100644
+--- a/blockdev.c
++++ b/blockdev.c
+@@ -2440,7 +2440,7 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name,
+ return;
+ }
+
+- blk = blk_new_with_bs(bs, BLK_PERM_RESIZE, BLK_PERM_ALL, errp);
++ blk = blk_co_new_with_bs(bs, BLK_PERM_RESIZE, BLK_PERM_ALL, errp);
+ if (!blk) {
+ return;
+ }
+@@ -2455,7 +2455,7 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name,
+
+ bdrv_co_lock(bs);
+ bdrv_drained_end(bs);
+- blk_unref(blk);
++ blk_co_unref(blk);
+ bdrv_co_unlock(bs);
+ }
+
diff --git a/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch b/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
new file mode 100644
index 0000000..e4d9946
--- /dev/null
+++ b/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
@@ -0,0 +1,36 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Richard Henderson <richard.henderson@linaro.org>
+Date: Fri, 5 May 2023 21:40:49 +0100
+Subject: [PATCH] accel/tcg: Fix atomic_mmu_lookup for reads
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+A copy-paste bug had us looking at the victim cache for writes.
+
+Cc: qemu-stable@nongnu.org
+Reported-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Fixes: 08dff435e2 ("tcg: Probe the proper permissions for atomic ops")
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-Id: <20230505204049.352469-1-richard.henderson@linaro.org>
+(cherry-picked from commit 8c313254e61ed47a1bf4a2db714b25cdd94fbcce)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ accel/tcg/cputlb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
+index e984a98dc4..145fba45b2 100644
+--- a/accel/tcg/cputlb.c
++++ b/accel/tcg/cputlb.c
+@@ -1830,7 +1830,7 @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
+ } else /* if (prot & PAGE_READ) */ {
+ tlb_addr = tlbe->addr_read;
+ if (!tlb_hit(tlb_addr, addr)) {
+- if (!VICTIM_TLB_HIT(addr_write, addr)) {
++ if (!VICTIM_TLB_HIT(addr_read, addr)) {
+ tlb_fill(env_cpu(env), addr, size,
+ MMU_DATA_LOAD, mmu_idx, retaddr);
+ index = tlb_index(env, mmu_idx, addr);
diff --git a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
index 524cdb4..8c76070 100644
--- a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
+++ b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
@@ -26,10 +26,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/core/machine.c b/hw/core/machine.c
-index cd13b8b0a3..cb1d334bcb 100644
+index 5060119952..9d1c358c12 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
-@@ -141,7 +141,8 @@ GlobalProperty hw_compat_4_0[] = {
+@@ -142,7 +142,8 @@ GlobalProperty hw_compat_4_0[] = {
{ "virtio-vga", "edid", "false" },
{ "virtio-gpu-device", "edid", "false" },
{ "virtio-device", "use-started", "false" },
diff --git a/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch b/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch
index b356f34..fd0c8e6 100644
--- a/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch
+++ b/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch
@@ -33,7 +33,7 @@ index 253fe49fa2..744b698a82 100644
softmmu_ss.add(files('block-ram-registrar.c'))
diff --git a/meson.build b/meson.build
-index c44d05a13f..b9bc31b01c 100644
+index d964e741e7..603cdb97bb 100644
--- a/meson.build
+++ b/meson.build
@@ -1527,6 +1527,8 @@ keyutils = dependency('libkeyutils', required: false,
@@ -45,7 +45,7 @@ index c44d05a13f..b9bc31b01c 100644
# libselinux
selinux = dependency('libselinux',
required: get_option('selinux'),
-@@ -3645,6 +3647,9 @@ if have_tools
+@@ -3646,6 +3648,9 @@ if have_tools
dependencies: [blockdev, qemuutil, gnutls, selinux],
install: true)
diff --git a/debian/patches/pve/0029-PVE-Backup-proxmox-backup-patches-for-qemu.patch b/debian/patches/pve/0029-PVE-Backup-proxmox-backup-patches-for-qemu.patch
index add2222..268f13b 100644
--- a/debian/patches/pve/0029-PVE-Backup-proxmox-backup-patches-for-qemu.patch
+++ b/debian/patches/pve/0029-PVE-Backup-proxmox-backup-patches-for-qemu.patch
@@ -48,10 +48,10 @@ index f580f95395..5bcebb934b 100644
softmmu_ss.add(when: 'CONFIG_TCG', if_true: files('blkreplay.c'))
softmmu_ss.add(files('block-ram-registrar.c'))
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 2846083546..947d4f3df0 100644
+index ca2599de44..d50e99df26 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
-@@ -1027,3 +1027,36 @@ void hmp_change_medium(Monitor *mon, const char *device, const char *target,
+@@ -1029,3 +1029,36 @@ void hmp_change_medium(Monitor *mon, const char *device, const char *target,
qmp_blockdev_change_medium(device, NULL, target, arg, true, force,
!!read_only, read_only_mode, errp);
}
@@ -89,7 +89,7 @@ index 2846083546..947d4f3df0 100644
+ hmp_handle_error(mon, error);
+}
diff --git a/blockdev.c b/blockdev.c
-index 47c70eeb91..3b95f54b64 100644
+index 9a010f3a86..b9505c95d3 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -37,6 +37,7 @@
@@ -187,7 +187,7 @@ index c012bad741..2e504db706 100644
void hmp_device_add(Monitor *mon, const QDict *qdict);
void hmp_device_del(Monitor *mon, const QDict *qdict);
diff --git a/meson.build b/meson.build
-index b9bc31b01c..b12ef9f8d4 100644
+index 603cdb97bb..d307d8eabf 100644
--- a/meson.build
+++ b/meson.build
@@ -1528,6 +1528,7 @@ keyutils = dependency('libkeyutils', required: false,
@@ -510,7 +510,7 @@ index 0000000000..1dda8b7d8f
+#endif /* PROXMOX_BACKUP_CLIENT_H */
diff --git a/pve-backup.c b/pve-backup.c
new file mode 100644
-index 0000000000..bb51c030bd
+index 0000000000..389d6c84a0
--- /dev/null
+++ b/pve-backup.c
@@ -0,0 +1,938 @@
@@ -1328,7 +1328,7 @@ index 0000000000..bb51c030bd
+ l = g_list_next(l);
+
+ if (di->target) {
-+ bdrv_unref(di->target);
++ bdrv_co_unref(di->target);
+ }
+
+ if (di->targetfile[0]) {
diff --git a/debian/patches/pve/0030-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch b/debian/patches/pve/0030-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
index 2d29a8d..4ee6100 100644
--- a/debian/patches/pve/0030-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
+++ b/debian/patches/pve/0030-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
@@ -12,10 +12,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
create mode 100644 pbs-restore.c
diff --git a/meson.build b/meson.build
-index b12ef9f8d4..8ec21bba90 100644
+index d307d8eabf..afd105001e 100644
--- a/meson.build
+++ b/meson.build
-@@ -3651,6 +3651,10 @@ if have_tools
+@@ -3652,6 +3652,10 @@ if have_tools
vma = executable('vma', files('vma.c', 'vma-reader.c') + genh,
dependencies: [authz, block, crypto, io, qom], install: true)
diff --git a/debian/patches/pve/0031-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch b/debian/patches/pve/0031-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch
index f28236a..082241a 100644
--- a/debian/patches/pve/0031-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch
+++ b/debian/patches/pve/0031-PVE-Backup-Add-dirty-bitmap-tracking-for-incremental.patch
@@ -29,10 +29,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 files changed, 143 insertions(+), 23 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 947d4f3df0..bcba630f12 100644
+index d50e99df26..cda5de792b 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
-@@ -1054,6 +1054,7 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
+@@ -1056,6 +1056,7 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
NULL, // PBS fingerprint
NULL, // PBS backup-id
false, 0, // PBS backup-time
@@ -132,7 +132,7 @@ index 1dda8b7d8f..8cbf645b2c 100644
diff --git a/pve-backup.c b/pve-backup.c
-index bb51c030bd..cfdeb50f23 100644
+index 389d6c84a0..c4cbff7fb1 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -7,6 +7,7 @@
@@ -378,7 +378,7 @@ index bb51c030bd..cfdeb50f23 100644
+ }
+
if (di->target) {
- bdrv_unref(di->target);
+ bdrv_co_unref(di->target);
}
@@ -852,6 +931,7 @@ UuidInfo *qmp_backup(
const char *fingerprint,
diff --git a/debian/patches/pve/0032-PVE-various-PBS-fixes.patch b/debian/patches/pve/0032-PVE-various-PBS-fixes.patch
index f4711cd..a5d7a02 100644
--- a/debian/patches/pve/0032-PVE-various-PBS-fixes.patch
+++ b/debian/patches/pve/0032-PVE-various-PBS-fixes.patch
@@ -21,10 +21,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
3 files changed, 52 insertions(+), 12 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index bcba630f12..6a6ed6d0e7 100644
+index cda5de792b..ecbebd39ac 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
-@@ -1054,7 +1054,9 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
+@@ -1056,7 +1056,9 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
NULL, // PBS fingerprint
NULL, // PBS backup-id
false, 0, // PBS backup-time
@@ -36,7 +36,7 @@ index bcba630f12..6a6ed6d0e7 100644
NULL, NULL,
devlist, qdict_haskey(qdict, "speed"), speed, &error);
diff --git a/pve-backup.c b/pve-backup.c
-index cfdeb50f23..f1eacbcaf6 100644
+index c4cbff7fb1..95f742e1d1 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -10,6 +10,7 @@
diff --git a/debian/patches/pve/0033-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch b/debian/patches/pve/0033-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
index c78dbd7..d7868e1 100644
--- a/debian/patches/pve/0033-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
+++ b/debian/patches/pve/0033-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
@@ -319,7 +319,7 @@ index 0000000000..43e69ada46
+
+block_init(bdrv_pbs_init);
diff --git a/configure b/configure
-index 800b5850f4..37e12a3dce 100755
+index a62a3e6be9..1ac0feb46b 100755
--- a/configure
+++ b/configure
@@ -288,6 +288,7 @@ linux_user=""
@@ -330,7 +330,7 @@ index 800b5850f4..37e12a3dce 100755
plugins="$default_feature"
meson=""
ninja=""
-@@ -872,6 +873,10 @@ for opt do
+@@ -873,6 +874,10 @@ for opt do
;;
--with-coroutine=*) coroutine="$optarg"
;;
@@ -341,7 +341,7 @@ index 800b5850f4..37e12a3dce 100755
--with-git=*) git="$optarg"
;;
--with-git-submodules=*)
-@@ -1048,6 +1053,7 @@ cat << EOF
+@@ -1049,6 +1054,7 @@ cat << EOF
debug-info debugging information
safe-stack SafeStack Stack Smash Protection. Depends on
clang/llvm and requires coroutine backend ucontext.
@@ -349,7 +349,7 @@ index 800b5850f4..37e12a3dce 100755
NOTE: The object files are built at the place where configure is launched
EOF
-@@ -2385,6 +2391,9 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak
+@@ -2386,6 +2392,9 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak
if test "$modules" = "yes"; then
echo "CONFIG_MODULES=y" >> $config_host_mak
fi
@@ -360,10 +360,10 @@ index 800b5850f4..37e12a3dce 100755
# XXX: suppress that
if [ "$bsd" = "yes" ] ; then
diff --git a/meson.build b/meson.build
-index 8ec21bba90..419bea5cf4 100644
+index afd105001e..d01ee5d489 100644
--- a/meson.build
+++ b/meson.build
-@@ -4035,7 +4035,7 @@ summary_info += {'bzip2 support': libbzip2}
+@@ -4037,7 +4037,7 @@ summary_info += {'bzip2 support': libbzip2}
summary_info += {'lzfse support': liblzfse}
summary_info += {'zstd support': zstd}
summary_info += {'NUMA host support': numa}
diff --git a/debian/patches/pve/0034-PVE-add-query_proxmox_support-QMP-command.patch b/debian/patches/pve/0034-PVE-add-query_proxmox_support-QMP-command.patch
index 0ceb595..60ba5dd 100644
--- a/debian/patches/pve/0034-PVE-add-query_proxmox_support-QMP-command.patch
+++ b/debian/patches/pve/0034-PVE-add-query_proxmox_support-QMP-command.patch
@@ -16,7 +16,7 @@ Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2 files changed, 38 insertions(+)
diff --git a/pve-backup.c b/pve-backup.c
-index f1eacbcaf6..c6fee40a67 100644
+index 95f742e1d1..9eb8645e63 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -1054,3 +1054,12 @@ BackupStatus *qmp_query_backup(Error **errp)
diff --git a/debian/patches/pve/0035-PVE-add-query-pbs-bitmap-info-QMP-call.patch b/debian/patches/pve/0035-PVE-add-query-pbs-bitmap-info-QMP-call.patch
index 418ae1c..cd76e86 100644
--- a/debian/patches/pve/0035-PVE-add-query-pbs-bitmap-info-QMP-call.patch
+++ b/debian/patches/pve/0035-PVE-add-query-pbs-bitmap-info-QMP-call.patch
@@ -69,7 +69,7 @@ index 087161a967..9a67e544ce 100644
info->zero_bytes, zero_per);
diff --git a/pve-backup.c b/pve-backup.c
-index c6fee40a67..d4abe6e703 100644
+index 9eb8645e63..2db35f90e0 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -48,6 +48,7 @@ static struct PVEBackupState {
diff --git a/debian/patches/pve/0036-PVE-redirect-stderr-to-journal-when-daemonized.patch b/debian/patches/pve/0036-PVE-redirect-stderr-to-journal-when-daemonized.patch
index 7f8fe9e..98e02a0 100644
--- a/debian/patches/pve/0036-PVE-redirect-stderr-to-journal-when-daemonized.patch
+++ b/debian/patches/pve/0036-PVE-redirect-stderr-to-journal-when-daemonized.patch
@@ -14,7 +14,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/meson.build b/meson.build
-index 419bea5cf4..c39c6054ee 100644
+index d01ee5d489..6129c3ce0c 100644
--- a/meson.build
+++ b/meson.build
@@ -1528,6 +1528,7 @@ keyutils = dependency('libkeyutils', required: false,
@@ -25,7 +25,7 @@ index 419bea5cf4..c39c6054ee 100644
libproxmox_backup_qemu = cc.find_library('proxmox_backup_qemu', required: true)
# libselinux
-@@ -3143,6 +3144,7 @@ if have_block
+@@ -3144,6 +3145,7 @@ if have_block
# os-posix.c contains POSIX-specific functions used by qemu-storage-daemon,
# os-win32.c does not
blockdev_ss.add(when: 'CONFIG_POSIX', if_true: files('os-posix.c'))
diff --git a/debian/patches/pve/0038-PVE-Backup-Use-a-transaction-to-synchronize-job-stat.patch b/debian/patches/pve/0038-PVE-Backup-Use-a-transaction-to-synchronize-job-stat.patch
index 616b170..3a6b4d3 100644
--- a/debian/patches/pve/0038-PVE-Backup-Use-a-transaction-to-synchronize-job-stat.patch
+++ b/debian/patches/pve/0038-PVE-Backup-Use-a-transaction-to-synchronize-job-stat.patch
@@ -20,7 +20,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 50 insertions(+), 113 deletions(-)
diff --git a/pve-backup.c b/pve-backup.c
-index d4abe6e703..214c839c0b 100644
+index 2db35f90e0..b4bc2de76e 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -54,6 +54,7 @@ static struct PVEBackupState {
@@ -271,7 +271,7 @@ index d4abe6e703..214c839c0b 100644
- }
-
if (di->target) {
- bdrv_unref(di->target);
+ bdrv_co_unref(di->target);
}
@@ -1021,9 +952,15 @@ UuidInfo *qmp_backup(
block_on_coroutine_fn(pvebackup_co_prepare, &task);
diff --git a/debian/patches/pve/0039-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch b/debian/patches/pve/0039-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch
index 7cd670e..7f2f945 100644
--- a/debian/patches/pve/0039-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch
+++ b/debian/patches/pve/0039-PVE-Backup-Don-t-block-on-finishing-and-cleanup-crea.patch
@@ -57,7 +57,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2 files changed, 138 insertions(+), 79 deletions(-)
diff --git a/pve-backup.c b/pve-backup.c
-index 214c839c0b..1d233dac93 100644
+index b4bc2de76e..6d6d7708b6 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -35,7 +35,9 @@ const char *PBS_BITMAP_NAME = "pbs-incremental-dirty-bitmap";
diff --git a/debian/patches/pve/0040-PVE-Migrate-dirty-bitmap-state-via-savevm.patch b/debian/patches/pve/0040-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
index b678e74..2c86cb2 100644
--- a/debian/patches/pve/0040-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
+++ b/debian/patches/pve/0040-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
@@ -175,7 +175,7 @@ index 0000000000..887e998b9e
+ NULL);
+}
diff --git a/pve-backup.c b/pve-backup.c
-index 1d233dac93..5c9c153e31 100644
+index 6d6d7708b6..e9264e5025 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -1110,6 +1110,7 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
diff --git a/debian/patches/pve/0043-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch b/debian/patches/pve/0043-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch
index 810a801..21ca3a5 100644
--- a/debian/patches/pve/0043-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch
+++ b/debian/patches/pve/0043-PVE-Use-coroutine-QMP-for-backup-cancel_backup.patch
@@ -35,10 +35,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
5 files changed, 79 insertions(+), 182 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 6a6ed6d0e7..bcf5849196 100644
+index ecbebd39ac..56f39b14d4 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
-@@ -1028,7 +1028,7 @@ void hmp_change_medium(Monitor *mon, const char *device, const char *target,
+@@ -1030,7 +1030,7 @@ void hmp_change_medium(Monitor *mon, const char *device, const char *target,
!!read_only, read_only_mode, errp);
}
@@ -47,7 +47,7 @@ index 6a6ed6d0e7..bcf5849196 100644
{
Error *error = NULL;
-@@ -1037,7 +1037,7 @@ void hmp_backup_cancel(Monitor *mon, const QDict *qdict)
+@@ -1039,7 +1039,7 @@ void hmp_backup_cancel(Monitor *mon, const QDict *qdict)
hmp_handle_error(mon, error);
}
@@ -119,7 +119,7 @@ index 4ce7bc0b5e..0923037dec 100644
static void proxmox_backup_schedule_wake(void *data) {
CoCtxData *waker = (CoCtxData *)data;
diff --git a/pve-backup.c b/pve-backup.c
-index 5c9c153e31..378e4a9a63 100644
+index e9264e5025..4536650b24 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -356,7 +356,7 @@ static void job_cancel_bh(void *opaque) {
diff --git a/debian/patches/pve/0044-PBS-add-master-key-support.patch b/debian/patches/pve/0044-PBS-add-master-key-support.patch
index 7a7db33..cdcf7db 100644
--- a/debian/patches/pve/0044-PBS-add-master-key-support.patch
+++ b/debian/patches/pve/0044-PBS-add-master-key-support.patch
@@ -21,10 +21,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
3 files changed, 11 insertions(+)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index bcf5849196..fb881056e9 100644
+index 56f39b14d4..f852c70611 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
-@@ -1051,6 +1051,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
+@@ -1053,6 +1053,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
NULL, // PBS password
NULL, // PBS keyfile
NULL, // PBS key_password
@@ -33,7 +33,7 @@ index bcf5849196..fb881056e9 100644
NULL, // PBS backup-id
false, 0, // PBS backup-time
diff --git a/pve-backup.c b/pve-backup.c
-index 378e4a9a63..504c11657a 100644
+index 4536650b24..0d8bf1c332 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -531,6 +531,7 @@ UuidInfo coroutine_fn *qmp_backup(
diff --git a/debian/patches/pve/0052-pbs-namespace-support.patch b/debian/patches/pve/0052-pbs-namespace-support.patch
index 958fb5f..d8d730b 100644
--- a/debian/patches/pve/0052-pbs-namespace-support.patch
+++ b/debian/patches/pve/0052-pbs-namespace-support.patch
@@ -15,10 +15,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
5 files changed, 47 insertions(+), 9 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index fb881056e9..25ac598980 100644
+index f852c70611..ac23f21eef 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
-@@ -1053,6 +1053,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
+@@ -1055,6 +1055,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
NULL, // PBS key_password
NULL, // PBS master_keyfile
NULL, // PBS fingerprint
@@ -172,7 +172,7 @@ index 2f834cf42e..f03d9bab8d 100644
fprintf(stderr, "restore failed: %s\n", pbs_error);
return -1;
diff --git a/pve-backup.c b/pve-backup.c
-index 504c11657a..809ff6d134 100644
+index 0d8bf1c332..8a4ecba394 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -12,6 +12,8 @@
diff --git a/debian/patches/pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch b/debian/patches/pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
index 1b3e9ec..03f6a06 100644
--- a/debian/patches/pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
+++ b/debian/patches/pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
@@ -21,7 +21,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/pve-backup.c b/pve-backup.c
-index 809ff6d134..221e45ed0e 100644
+index 8a4ecba394..5eba2abde0 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -505,6 +505,11 @@ static void create_backup_jobs_bh(void *opaque) {
diff --git a/debian/patches/pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch b/debian/patches/pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
index 0e66858..7addf09 100644
--- a/debian/patches/pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
+++ b/debian/patches/pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
@@ -23,7 +23,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/pve-backup.c b/pve-backup.c
-index 221e45ed0e..a20fa38ee8 100644
+index 5eba2abde0..99a91f88b2 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -318,6 +318,13 @@ static void coroutine_fn pvebackup_co_complete_stream(void *opaque)
diff --git a/debian/patches/pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch b/debian/patches/pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
index 5a9da14..f386f72 100644
--- a/debian/patches/pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
+++ b/debian/patches/pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
@@ -39,7 +39,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 38 insertions(+), 19 deletions(-)
diff --git a/pve-backup.c b/pve-backup.c
-index a20fa38ee8..3509f46ed8 100644
+index 99a91f88b2..04c8ce0a3d 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -356,12 +356,41 @@ static void pvebackup_complete_cb(void *opaque, int ret)
diff --git a/debian/patches/pve/0062-PVE-Backup-allow-passing-max-workers-performance-set.patch b/debian/patches/pve/0062-PVE-Backup-allow-passing-max-workers-performance-set.patch
index 43efd1d..1aece72 100644
--- a/debian/patches/pve/0062-PVE-Backup-allow-passing-max-workers-performance-set.patch
+++ b/debian/patches/pve/0062-PVE-Backup-allow-passing-max-workers-performance-set.patch
@@ -31,10 +31,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
3 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 25ac598980..74e43a757f 100644
+index ac23f21eef..636509b83e 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
-@@ -1061,7 +1061,9 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
+@@ -1063,7 +1063,9 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
false, false, // PBS encrypt
true, dir ? BACKUP_FORMAT_DIR : BACKUP_FORMAT_VMA,
NULL, NULL,
@@ -46,7 +46,7 @@ index 25ac598980..74e43a757f 100644
hmp_handle_error(mon, error);
}
diff --git a/pve-backup.c b/pve-backup.c
-index 3509f46ed8..a343d63586 100644
+index 04c8ce0a3d..56da408001 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -57,6 +57,7 @@ static struct PVEBackupState {
diff --git a/debian/patches/series b/debian/patches/series
index 175ec2d..90d7943 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,6 +4,20 @@ extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch
extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
+extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
+extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
+extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch
+extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
+extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
+extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
+extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
+extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
+extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
+extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
+extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
+extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
+extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
+extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
--
2.39.2
^ permalink raw reply [flat|nested] 5+ messages in thread