* [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5
@ 2024-01-30 14:14 Fiona Ebner
2024-01-30 14:14 ` [pve-devel] [PATCH qemu 2/2] stable fixes for corner case in i386 emulation and crash with VNC clipboard Fiona Ebner
2024-02-02 18:17 ` [pve-devel] applied-series: [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5 Thomas Lamprecht
0 siblings, 2 replies; 3+ messages in thread
From: Fiona Ebner @ 2024-01-30 14:14 UTC (permalink / raw)
To: pve-devel
Most notable fixes from a Proxmox VE perspective are:
* "virtio-net: correctly copy vnet header when flushing TX"
To prevent a stack overflow that could lead to leaking parts of the
QEMU process's memory.
* "hw/pflash: implement update buffer for block writes"
To prevent an edge case for half-completed writes. This potentially
affected EFI disks.
* Fixes to i386 emulation and ARM emulation.
No changes for patches were necessary (all are just automatic context
changes).
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...d-support-for-sync-bitmap-mode-never.patch | 2 +-
...race-with-clients-disconnecting-earl.patch | 10 +-
...ial-deadlock-when-draining-during-tr.patch | 2 +-
...-graph-lock-Disable-locking-for-now.patch} | 0
...cel-async-DMA-operation-before-reset.patch | 100 ----------------
...workaround-snapshot-performance-reg.patch} | 0
...orkaround-Windows-not-handling-name.patch} | 0
...w-ide-ahci-fix-legacy-software-reset.patch | 107 ------------------
...-ui-vnc-clipboard-fix-inflate_buffer.patch | 34 ------
...oContext-locking-in-qmp_block_resize.patch | 36 ------
...k-file-change-locking-default-to-off.patch | 6 +-
...djust-network-script-path-to-etc-kvm.patch | 4 +-
...he-CPU-model-to-kvm64-32-instead-of-.patch | 2 +-
...return-success-on-info-without-snaps.patch | 2 +-
...dd-add-osize-and-read-from-to-stdin-.patch | 12 +-
...E-Up-qemu-img-dd-add-isize-parameter.patch | 14 +--
...PVE-Up-qemu-img-dd-add-n-skip_create.patch | 10 +-
...-add-l-option-for-loading-a-snapshot.patch | 14 +--
...async-for-background-state-snapshots.patch | 10 +-
...-Add-dummy-id-command-line-parameter.patch | 8 +-
...le-posix-make-locking-optiono-on-cre.patch | 18 +--
...3-PVE-monitor-disable-oob-capability.patch | 4 +-
...E-Allow-version-code-in-machine-type.patch | 4 +-
...ckup-Proxmox-backup-patches-for-QEMU.patch | 2 +-
...k-driver-to-map-backup-archives-into.patch | 4 +-
...igrate-dirty-bitmap-state-via-savevm.patch | 2 +-
...accept-NULL-qiov-in-bdrv_pad_request.patch | 2 +-
...apshots-hold-the-BQL-during-setup-ca.patch | 8 +-
debian/patches/series | 10 +-
qemu | 2 +-
30 files changed, 74 insertions(+), 355 deletions(-)
rename debian/patches/extra/{0006-Revert-Revert-graph-lock-Disable-locking-for-now.patch => 0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch} (100%)
delete mode 100644 debian/patches/extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
rename debian/patches/extra/{0007-migration-states-workaround-snapshot-performance-reg.patch => 0006-migration-states-workaround-snapshot-performance-reg.patch} (100%)
rename debian/patches/extra/{0008-Revert-x86-acpi-workaround-Windows-not-handling-name.patch => 0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch} (100%)
delete mode 100644 debian/patches/extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch
delete mode 100644 debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
delete mode 100644 debian/patches/extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch
diff --git a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
index 1f149e9..c9c63b5 100644
--- a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
+++ b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
@@ -360,7 +360,7 @@ index da5fb31089..32f0f9858a 100644
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 2b1d493d6e..903392cb8f 100644
+index bca1a0c372..a5cea82139 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2145,6 +2145,15 @@
diff --git a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
index 5ed0d76..cd9797a 100644
--- a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
+++ b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
@@ -104,7 +104,7 @@ index dc352f9e9d..56e1307014 100644
* Is @mon is using readline?
* Note: not all HMP monitors use readline, e.g., gdbserver has a
diff --git a/monitor/qmp.c b/monitor/qmp.c
-index 6eee450fe4..c15bf1e1fc 100644
+index a239945e8d..589c9524f8 100644
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
@@ -165,6 +165,8 @@ static void monitor_qmp_dispatch(MonitorQMP *mon, QObject *req)
@@ -135,7 +135,7 @@ index 6eee450fe4..c15bf1e1fc 100644
qobject_unref(rsp);
}
-@@ -478,6 +490,7 @@ static void monitor_qmp_event(void *opaque, QEMUChrEvent event)
+@@ -461,6 +473,7 @@ static void monitor_qmp_event(void *opaque, QEMUChrEvent event)
switch (event) {
case CHR_EVENT_OPENED:
@@ -144,7 +144,7 @@ index 6eee450fe4..c15bf1e1fc 100644
monitor_qmp_caps_reset(mon);
data = qmp_greeting(mon);
diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
-index 555528b6bb..3baa508b4b 100644
+index 176b549473..790bb7d1da 100644
--- a/qapi/qmp-dispatch.c
+++ b/qapi/qmp-dispatch.c
@@ -117,16 +117,28 @@ typedef struct QmpDispatchBH {
@@ -180,13 +180,13 @@ index 555528b6bb..3baa508b4b 100644
aio_co_wake(data->co);
}
-@@ -231,6 +243,7 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ
+@@ -253,6 +265,7 @@ QDict *coroutine_mixed_fn qmp_dispatch(const QmpCommandList *cmds, QObject *requ
.ret = &ret,
.errp = &err,
.co = qemu_coroutine_self(),
+ .conn_nr = monitor_get_connection_nr(cur_mon),
};
- aio_bh_schedule_oneshot(qemu_get_aio_context(), do_qmp_dispatch_bh,
+ aio_bh_schedule_oneshot(iohandler_get_aio_context(), do_qmp_dispatch_bh,
&data);
diff --git a/stubs/monitor-core.c b/stubs/monitor-core.c
index afa477aae6..d3ff124bf3 100644
diff --git a/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch b/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
index 018f0c9..7705d72 100644
--- a/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
+++ b/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
@@ -55,7 +55,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
-index 07971c0218..6a74afe564 100644
+index c3508acbb1..289347af58 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -444,7 +444,7 @@ static void ide_trim_bh_cb(void *opaque)
diff --git a/debian/patches/extra/0006-Revert-Revert-graph-lock-Disable-locking-for-now.patch b/debian/patches/extra/0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch
similarity index 100%
rename from debian/patches/extra/0006-Revert-Revert-graph-lock-Disable-locking-for-now.patch
rename to debian/patches/extra/0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch
diff --git a/debian/patches/extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch b/debian/patches/extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
deleted file mode 100644
index ef1a649..0000000
--- a/debian/patches/extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Thu, 24 Aug 2023 11:22:21 +0200
-Subject: [PATCH] hw/ide: reset: cancel async DMA operation before reseting
- state
-
-If there is a pending DMA operation during ide_bus_reset(), the fact
-that the IDEstate is already reset before the operation is canceled
-can be problematic. In particular, ide_dma_cb() might be called and
-then use the reset IDEstate which contains the signature after the
-reset. When used to construct the IO operation this leads to
-ide_get_sector() returning 0 and nsector being 1. This is particularly
-bad, because a write command will thus destroy the first sector which
-often contains a partition table or similar.
-
-Traces showing the unsolicited write happening with IDEstate
-0x5595af6949d0 being used after reset:
-
-> ahci_port_write ahci(0x5595af6923f0)[0]: port write [reg:PxSCTL] @ 0x2c: 0x00000300
-> ahci_reset_port ahci(0x5595af6923f0)[0]: reset port
-> ide_reset IDEstate 0x5595af6949d0
-> ide_reset IDEstate 0x5595af694da8
-> ide_bus_reset_aio aio_cancel
-> dma_aio_cancel dbs=0x7f64600089a0
-> dma_blk_cb dbs=0x7f64600089a0 ret=0
-> dma_complete dbs=0x7f64600089a0 ret=0 cb=0x5595acd40b30
-> ahci_populate_sglist ahci(0x5595af6923f0)[0]
-> ahci_dma_prepare_buf ahci(0x5595af6923f0)[0]: prepare buf limit=512 prepared=512
-> ide_dma_cb IDEState 0x5595af6949d0; sector_num=0 n=1 cmd=DMA WRITE
-> dma_blk_io dbs=0x7f6420802010 bs=0x5595ae2c6c30 offset=0 to_dev=1
-> dma_blk_cb dbs=0x7f6420802010 ret=0
-
-> (gdb) p *qiov
-> $11 = {iov = 0x7f647c76d840, niov = 1, {{nalloc = 1, local_iov = {iov_base = 0x0,
-> iov_len = 512}}, {__pad = "\001\000\000\000\000\000\000\000\000\000\000",
-> size = 512}}}
-> (gdb) bt
-> #0 blk_aio_pwritev (blk=0x5595ae2c6c30, offset=0, qiov=0x7f6420802070, flags=0,
-> cb=0x5595ace6f0b0 <dma_blk_cb>, opaque=0x7f6420802010)
-> at ../block/block-backend.c:1682
-> #1 0x00005595ace6f185 in dma_blk_cb (opaque=0x7f6420802010, ret=<optimized out>)
-> at ../softmmu/dma-helpers.c:179
-> #2 0x00005595ace6f778 in dma_blk_io (ctx=0x5595ae0609f0,
-> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
-> io_func=io_func@entry=0x5595ace6ee30 <dma_blk_write_io_func>,
-> io_func_opaque=io_func_opaque@entry=0x5595ae2c6c30,
-> cb=0x5595acd40b30 <ide_dma_cb>, opaque=0x5595af6949d0,
-> dir=DMA_DIRECTION_TO_DEVICE) at ../softmmu/dma-helpers.c:244
-> #3 0x00005595ace6f90a in dma_blk_write (blk=0x5595ae2c6c30,
-> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
-> cb=cb@entry=0x5595acd40b30 <ide_dma_cb>, opaque=opaque@entry=0x5595af6949d0)
-> at ../softmmu/dma-helpers.c:280
-> #4 0x00005595acd40e18 in ide_dma_cb (opaque=0x5595af6949d0, ret=<optimized out>)
-> at ../hw/ide/core.c:953
-> #5 0x00005595ace6f319 in dma_complete (ret=0, dbs=0x7f64600089a0)
-> at ../softmmu/dma-helpers.c:107
-> #6 dma_blk_cb (opaque=0x7f64600089a0, ret=0) at ../softmmu/dma-helpers.c:127
-> #7 0x00005595ad12227d in blk_aio_complete (acb=0x7f6460005b10)
-> at ../block/block-backend.c:1527
-> #8 blk_aio_complete (acb=0x7f6460005b10) at ../block/block-backend.c:1524
-> #9 blk_aio_write_entry (opaque=0x7f6460005b10) at ../block/block-backend.c:1594
-> #10 0x00005595ad258cfb in coroutine_trampoline (i0=<optimized out>,
-> i1=<optimized out>) at ../util/coroutine-ucontext.c:177
-
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/ide/core.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/hw/ide/core.c b/hw/ide/core.c
-index 6a74afe564..289347af58 100644
---- a/hw/ide/core.c
-+++ b/hw/ide/core.c
-@@ -2515,19 +2515,19 @@ static void ide_dummy_transfer_stop(IDEState *s)
-
- void ide_bus_reset(IDEBus *bus)
- {
-- bus->unit = 0;
-- bus->cmd = 0;
-- ide_reset(&bus->ifs[0]);
-- ide_reset(&bus->ifs[1]);
-- ide_clear_hob(bus);
--
-- /* pending async DMA */
-+ /* pending async DMA - needs the IDEState before it is reset */
- if (bus->dma->aiocb) {
- trace_ide_bus_reset_aio();
- blk_aio_cancel(bus->dma->aiocb);
- bus->dma->aiocb = NULL;
- }
-
-+ bus->unit = 0;
-+ bus->cmd = 0;
-+ ide_reset(&bus->ifs[0]);
-+ ide_reset(&bus->ifs[1]);
-+ ide_clear_hob(bus);
-+
- /* reset dma provider too */
- if (bus->dma->ops->reset) {
- bus->dma->ops->reset(bus->dma);
diff --git a/debian/patches/extra/0007-migration-states-workaround-snapshot-performance-reg.patch b/debian/patches/extra/0006-migration-states-workaround-snapshot-performance-reg.patch
similarity index 100%
rename from debian/patches/extra/0007-migration-states-workaround-snapshot-performance-reg.patch
rename to debian/patches/extra/0006-migration-states-workaround-snapshot-performance-reg.patch
diff --git a/debian/patches/extra/0008-Revert-x86-acpi-workaround-Windows-not-handling-name.patch b/debian/patches/extra/0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
similarity index 100%
rename from debian/patches/extra/0008-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
rename to debian/patches/extra/0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
diff --git a/debian/patches/extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch b/debian/patches/extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch
deleted file mode 100644
index f070818..0000000
--- a/debian/patches/extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Niklas Cassel <niklas.cassel@wdc.com>
-Date: Wed, 8 Nov 2023 23:26:57 +0100
-Subject: [PATCH] hw/ide/ahci: fix legacy software reset
-
-Legacy software contains a standard mechanism for generating a reset to a
-Serial ATA device - setting the SRST (software reset) bit in the Device
-Control register.
-
-Serial ATA has a more robust mechanism called COMRESET, also referred to
-as port reset. A port reset is the preferred mechanism for error
-recovery and should be used in place of software reset.
-
-Commit e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
-improved the handling of PxCI, such that PxCI gets cleared after handling
-a non-NCQ, or NCQ command (instead of incorrectly clearing PxCI after
-receiving anything - even a FIS that failed to parse, which should NOT
-clear PxCI, so that you can see which command slot that caused an error).
-
-However, simply clearing PxCI after a non-NCQ, or NCQ command, is not
-enough, we also need to clear PxCI when receiving a SRST in the Device
-Control register.
-
-A legacy software reset is performed by the host sending two H2D FISes,
-the first H2D FIS asserts SRST, and the second H2D FIS deasserts SRST.
-
-The first H2D FIS will not get a D2H reply, and requires the FIS to have
-the C bit set to one, such that the HBA itself will clear the bit in PxCI.
-
-The second H2D FIS will get a D2H reply once the diagnostic is completed.
-The clearing of the bit in PxCI for this command should ideally be done
-in ahci_init_d2h() (if it was a legacy software reset that caused the
-reset (a COMRESET does not use a command slot)). However, since the reset
-value for PxCI is 0, modify ahci_reset_port() to actually clear PxCI to 0,
-that way we can avoid complex logic in ahci_init_d2h().
-
-This fixes an issue for FreeBSD where the device would fail to reset.
-The problem was not noticed in Linux, because Linux uses a COMRESET
-instead of a legacy software reset by default.
-
-Fixes: e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
-Reported-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
-Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
-(picked from https://lists.nongnu.org/archive/html/qemu-devel/2023-11/msg02277.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/ide/ahci.c | 27 ++++++++++++++++++++++++++-
- 1 file changed, 26 insertions(+), 1 deletion(-)
-
-diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
-index d0a774bc17..1718b7e902 100644
---- a/hw/ide/ahci.c
-+++ b/hw/ide/ahci.c
-@@ -623,9 +623,13 @@ static void ahci_init_d2h(AHCIDevice *ad)
- return;
- }
-
-+ /*
-+ * For simplicity, do not call ahci_clear_cmd_issue() for this
-+ * ahci_write_fis_d2h(). (The reset value for PxCI is 0.)
-+ */
- if (ahci_write_fis_d2h(ad, true)) {
- ad->init_d2h_sent = true;
-- /* We're emulating receiving the first Reg H2D Fis from the device;
-+ /* We're emulating receiving the first Reg D2H FIS from the device;
- * Update the SIG register, but otherwise proceed as normal. */
- pr->sig = ((uint32_t)ide_state->hcyl << 24) |
- (ide_state->lcyl << 16) |
-@@ -663,6 +667,7 @@ static void ahci_reset_port(AHCIState *s, int port)
- pr->scr_act = 0;
- pr->tfdata = 0x7F;
- pr->sig = 0xFFFFFFFF;
-+ pr->cmd_issue = 0;
- d->busy_slot = -1;
- d->init_d2h_sent = false;
-
-@@ -1243,10 +1248,30 @@ static void handle_reg_h2d_fis(AHCIState *s, int port,
- case STATE_RUN:
- if (cmd_fis[15] & ATA_SRST) {
- s->dev[port].port_state = STATE_RESET;
-+ /*
-+ * When setting SRST in the first H2D FIS in the reset sequence,
-+ * the device does not send a D2H FIS. Host software thus has to
-+ * set the "Clear Busy upon R_OK" bit such that PxCI (and BUSY)
-+ * gets cleared. See AHCI 1.3.1, section 10.4.1 Software Reset.
-+ */
-+ if (opts & AHCI_CMD_CLR_BUSY) {
-+ ahci_clear_cmd_issue(ad, slot);
-+ }
- }
- break;
- case STATE_RESET:
- if (!(cmd_fis[15] & ATA_SRST)) {
-+ /*
-+ * When clearing SRST in the second H2D FIS in the reset
-+ * sequence, the device will execute diagnostics. When this is
-+ * done, the device will send a D2H FIS with the good status.
-+ * See SATA 3.5a Gold, section 11.4 Software reset protocol.
-+ *
-+ * This D2H FIS is the first D2H FIS received from the device,
-+ * and is received regardless if the reset was performed by a
-+ * COMRESET or by setting and clearing the SRST bit. Therefore,
-+ * the logic for this is found in ahci_init_d2h() and not here.
-+ */
- ahci_reset_port(s, port);
- }
- break;
diff --git a/debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch b/debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
deleted file mode 100644
index 4711fa0..0000000
--- a/debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Wed, 22 Nov 2023 13:17:25 +0100
-Subject: [PATCH] ui/vnc-clipboard: fix inflate_buffer
-
-Commit d921fea338 ("ui/vnc-clipboard: fix infinite loop in
-inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still
-required, because it can happen that stream.avail_in becomes zero
-before coming across a return value of Z_STREAM_END.
-
-This fixes the host->guest direction with noNVC.
-
-Reported-by: Friedrich Weber <f.weber@proxmox.com>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- ui/vnc-clipboard.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/ui/vnc-clipboard.c b/ui/vnc-clipboard.c
-index c759be3438..124b6fbd9c 100644
---- a/ui/vnc-clipboard.c
-+++ b/ui/vnc-clipboard.c
-@@ -69,6 +69,11 @@ static uint8_t *inflate_buffer(uint8_t *in, uint32_t in_len, uint32_t *size)
- }
- }
-
-+ *size = stream.total_out;
-+ inflateEnd(&stream);
-+
-+ return out;
-+
- err_end:
- inflateEnd(&stream);
- err:
diff --git a/debian/patches/extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch b/debian/patches/extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch
deleted file mode 100644
index a79fa80..0000000
--- a/debian/patches/extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Fri, 8 Dec 2023 13:43:52 +0100
-Subject: [PATCH] block: Fix AioContext locking in qmp_block_resize()
-
-The AioContext must be unlocked before calling blk_co_unref(), because
-it takes the AioContext lock internally in blk_unref_bh(), which is
-scheduled in the main thread. If we don't unlock, the AioContext is
-locked twice and nested event loops such as in bdrv_graph_wrlock() will
-deadlock.
-
-Cc: qemu-stable@nongnu.org
-Fixes: https://issues.redhat.com/browse/RHEL-15965
-Fixes: 0c7d204f50c382c6baac8c94bd57af4a022b3888
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-12/msg01102.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- blockdev.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/blockdev.c b/blockdev.c
-index e6eba61484..c28462a633 100644
---- a/blockdev.c
-+++ b/blockdev.c
-@@ -2361,8 +2361,9 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name,
-
- bdrv_co_lock(bs);
- bdrv_drained_end(bs);
-- blk_co_unref(blk);
- bdrv_co_unlock(bs);
-+
-+ blk_co_unref(blk);
- }
-
- void qmp_block_stream(const char *job_id, const char *device,
diff --git a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
index 3d8785c..30dd2d4 100644
--- a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
+++ b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index aa89789737..0db366a851 100644
+index 7f540b03ed..ca551baa42 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -564,7 +564,7 @@ static QemuOptsList raw_runtime_opts = {
+@@ -563,7 +563,7 @@ static QemuOptsList raw_runtime_opts = {
{
.name = "locking",
.type = QEMU_OPT_STRING,
@@ -26,7 +26,7 @@ index aa89789737..0db366a851 100644
},
{
.name = "pr-manager",
-@@ -664,7 +664,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
+@@ -663,7 +663,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
s->use_lock = false;
break;
case ON_OFF_AUTO_AUTO:
diff --git a/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch b/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch
index acd23d4..f7c9754 100644
--- a/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch
+++ b/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch
@@ -9,10 +9,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/net.h b/include/net/net.h
-index 1448d00afb..d1601d32c1 100644
+index 685ec58318..22edf4ee96 100644
--- a/include/net/net.h
+++ b/include/net/net.h
-@@ -258,8 +258,8 @@ void netdev_add(QemuOpts *opts, Error **errp);
+@@ -260,8 +260,8 @@ void netdev_add(QemuOpts *opts, Error **errp);
int net_hub_id_for_client(NetClientState *nc, int *id);
NetClientState *net_hub_port_find(int hub_id);
diff --git a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
index 297e250..4955ba3 100644
--- a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
+++ b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
@@ -10,7 +10,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
-index e0771a1043..1018ccc0b8 100644
+index 0893b794e9..6d650a58b9 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2243,9 +2243,9 @@ uint64_t cpu_get_tsc(CPUX86State *env);
diff --git a/debian/patches/pve/0008-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch b/debian/patches/pve/0008-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch
index fb505e5..3bdb7ee 100644
--- a/debian/patches/pve/0008-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch
+++ b/debian/patches/pve/0008-PVE-Up-qemu-img-return-success-on-info-without-snaps.patch
@@ -9,7 +9,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/qemu-img.c b/qemu-img.c
-index 27f48051b0..bb287d8538 100644
+index 78433f3746..25d427edd1 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3062,7 +3062,8 @@ static int img_info(int argc, char **argv)
diff --git a/debian/patches/pve/0009-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch b/debian/patches/pve/0009-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch
index 5b88664..5255268 100644
--- a/debian/patches/pve/0009-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch
+++ b/debian/patches/pve/0009-PVE-Up-qemu-img-dd-add-osize-and-read-from-to-stdin-.patch
@@ -54,10 +54,10 @@ index 1b1dab5b17..d1616c045a 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index bb287d8538..09c0340d16 100644
+index 25d427edd1..220e6ec577 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4888,10 +4888,12 @@ static int img_bitmap(int argc, char **argv)
+@@ -4899,10 +4899,12 @@ static int img_bitmap(int argc, char **argv)
#define C_IF 04
#define C_OF 010
#define C_SKIP 020
@@ -70,7 +70,7 @@ index bb287d8538..09c0340d16 100644
};
struct DdIo {
-@@ -4967,6 +4969,19 @@ static int img_dd_skip(const char *arg,
+@@ -4978,6 +4980,19 @@ static int img_dd_skip(const char *arg,
return 0;
}
@@ -90,7 +90,7 @@ index bb287d8538..09c0340d16 100644
static int img_dd(int argc, char **argv)
{
int ret = 0;
-@@ -5007,6 +5022,7 @@ static int img_dd(int argc, char **argv)
+@@ -5018,6 +5033,7 @@ static int img_dd(int argc, char **argv)
{ "if", img_dd_if, C_IF },
{ "of", img_dd_of, C_OF },
{ "skip", img_dd_skip, C_SKIP },
@@ -98,7 +98,7 @@ index bb287d8538..09c0340d16 100644
{ NULL, NULL, 0 }
};
const struct option long_options[] = {
-@@ -5082,91 +5098,112 @@ static int img_dd(int argc, char **argv)
+@@ -5093,91 +5109,112 @@ static int img_dd(int argc, char **argv)
arg = NULL;
}
@@ -275,7 +275,7 @@ index bb287d8538..09c0340d16 100644
}
if (dd.flags & C_SKIP && (in.offset > INT64_MAX / in.bsz ||
-@@ -5183,20 +5220,43 @@ static int img_dd(int argc, char **argv)
+@@ -5194,20 +5231,43 @@ static int img_dd(int argc, char **argv)
in.buf = g_new(uint8_t, in.bsz);
for (out_pos = 0; in_pos < size; ) {
diff --git a/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-isize-parameter.patch b/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-isize-parameter.patch
index 0325fe9..d68e2aa 100644
--- a/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-isize-parameter.patch
+++ b/debian/patches/pve/0010-PVE-Up-qemu-img-dd-add-isize-parameter.patch
@@ -16,10 +16,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/qemu-img.c b/qemu-img.c
-index 09c0340d16..556535d9d5 100644
+index 220e6ec577..58bf9b43d1 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4889,11 +4889,13 @@ static int img_bitmap(int argc, char **argv)
+@@ -4900,11 +4900,13 @@ static int img_bitmap(int argc, char **argv)
#define C_OF 010
#define C_SKIP 020
#define C_OSIZE 040
@@ -33,7 +33,7 @@ index 09c0340d16..556535d9d5 100644
};
struct DdIo {
-@@ -4982,6 +4984,19 @@ static int img_dd_osize(const char *arg,
+@@ -4993,6 +4995,19 @@ static int img_dd_osize(const char *arg,
return 0;
}
@@ -53,7 +53,7 @@ index 09c0340d16..556535d9d5 100644
static int img_dd(int argc, char **argv)
{
int ret = 0;
-@@ -4996,12 +5011,14 @@ static int img_dd(int argc, char **argv)
+@@ -5007,12 +5022,14 @@ static int img_dd(int argc, char **argv)
int c, i;
const char *out_fmt = "raw";
const char *fmt = NULL;
@@ -69,7 +69,7 @@ index 09c0340d16..556535d9d5 100644
};
struct DdIo in = {
.bsz = 512, /* Block size is by default 512 bytes */
-@@ -5023,6 +5040,7 @@ static int img_dd(int argc, char **argv)
+@@ -5034,6 +5051,7 @@ static int img_dd(int argc, char **argv)
{ "of", img_dd_of, C_OF },
{ "skip", img_dd_skip, C_SKIP },
{ "osize", img_dd_osize, C_OSIZE },
@@ -77,7 +77,7 @@ index 09c0340d16..556535d9d5 100644
{ NULL, NULL, 0 }
};
const struct option long_options[] = {
-@@ -5219,9 +5237,10 @@ static int img_dd(int argc, char **argv)
+@@ -5230,9 +5248,10 @@ static int img_dd(int argc, char **argv)
in.buf = g_new(uint8_t, in.bsz);
@@ -90,7 +90,7 @@ index 09c0340d16..556535d9d5 100644
if (blk1) {
in_ret = blk_pread(blk1, in_pos, bytes, in.buf, 0);
if (in_ret == 0) {
-@@ -5230,6 +5249,9 @@ static int img_dd(int argc, char **argv)
+@@ -5241,6 +5260,9 @@ static int img_dd(int argc, char **argv)
} else {
in_ret = read(STDIN_FILENO, in.buf, bytes);
if (in_ret == 0) {
diff --git a/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-n-skip_create.patch b/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-n-skip_create.patch
index 5cca59a..5131d98 100644
--- a/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-n-skip_create.patch
+++ b/debian/patches/pve/0011-PVE-Up-qemu-img-dd-add-n-skip_create.patch
@@ -65,10 +65,10 @@ index d1616c045a..b5b0bb4467 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index 556535d9d5..289c78febb 100644
+index 58bf9b43d1..9d414d639b 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -5013,7 +5013,7 @@ static int img_dd(int argc, char **argv)
+@@ -5024,7 +5024,7 @@ static int img_dd(int argc, char **argv)
const char *fmt = NULL;
int64_t size = 0, readsize = 0;
int64_t out_pos, in_pos;
@@ -77,7 +77,7 @@ index 556535d9d5..289c78febb 100644
struct DdInfo dd = {
.flags = 0,
.count = 0,
-@@ -5051,7 +5051,7 @@ static int img_dd(int argc, char **argv)
+@@ -5062,7 +5062,7 @@ static int img_dd(int argc, char **argv)
{ 0, 0, 0, 0 }
};
@@ -86,7 +86,7 @@ index 556535d9d5..289c78febb 100644
if (c == EOF) {
break;
}
-@@ -5071,6 +5071,9 @@ static int img_dd(int argc, char **argv)
+@@ -5082,6 +5082,9 @@ static int img_dd(int argc, char **argv)
case 'h':
help();
break;
@@ -96,7 +96,7 @@ index 556535d9d5..289c78febb 100644
case 'U':
force_share = true;
break;
-@@ -5201,13 +5204,15 @@ static int img_dd(int argc, char **argv)
+@@ -5212,13 +5215,15 @@ static int img_dd(int argc, char **argv)
size - in.bsz * in.offset, &error_abort);
}
diff --git a/debian/patches/pve/0012-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch b/debian/patches/pve/0012-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
index d649d24..a956795 100644
--- a/debian/patches/pve/0012-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
+++ b/debian/patches/pve/0012-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
@@ -46,10 +46,10 @@ index b5b0bb4467..36f97e1f19 100644
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index 289c78febb..da543d05cb 100644
+index 9d414d639b..e13a12137b 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -5005,6 +5005,7 @@ static int img_dd(int argc, char **argv)
+@@ -5016,6 +5016,7 @@ static int img_dd(int argc, char **argv)
BlockDriver *drv = NULL, *proto_drv = NULL;
BlockBackend *blk1 = NULL, *blk2 = NULL;
QemuOpts *opts = NULL;
@@ -57,7 +57,7 @@ index 289c78febb..da543d05cb 100644
QemuOptsList *create_opts = NULL;
Error *local_err = NULL;
bool image_opts = false;
-@@ -5014,6 +5015,7 @@ static int img_dd(int argc, char **argv)
+@@ -5025,6 +5026,7 @@ static int img_dd(int argc, char **argv)
int64_t size = 0, readsize = 0;
int64_t out_pos, in_pos;
bool force_share = false, skip_create = false;
@@ -65,7 +65,7 @@ index 289c78febb..da543d05cb 100644
struct DdInfo dd = {
.flags = 0,
.count = 0,
-@@ -5051,7 +5053,7 @@ static int img_dd(int argc, char **argv)
+@@ -5062,7 +5064,7 @@ static int img_dd(int argc, char **argv)
{ 0, 0, 0, 0 }
};
@@ -74,7 +74,7 @@ index 289c78febb..da543d05cb 100644
if (c == EOF) {
break;
}
-@@ -5074,6 +5076,19 @@ static int img_dd(int argc, char **argv)
+@@ -5085,6 +5087,19 @@ static int img_dd(int argc, char **argv)
case 'n':
skip_create = true;
break;
@@ -94,7 +94,7 @@ index 289c78febb..da543d05cb 100644
case 'U':
force_share = true;
break;
-@@ -5133,11 +5148,24 @@ static int img_dd(int argc, char **argv)
+@@ -5144,11 +5159,24 @@ static int img_dd(int argc, char **argv)
if (dd.flags & C_IF) {
blk1 = img_open(image_opts, in.filename, fmt, 0, false, false,
force_share);
@@ -120,7 +120,7 @@ index 289c78febb..da543d05cb 100644
}
if (dd.flags & C_OSIZE) {
-@@ -5292,6 +5320,7 @@ static int img_dd(int argc, char **argv)
+@@ -5303,6 +5331,7 @@ static int img_dd(int argc, char **argv)
out:
g_free(arg);
qemu_opts_del(opts);
diff --git a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
index 976f73f..d80d1a1 100644
--- a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
+++ b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
@@ -800,10 +800,10 @@ index cda2effa81..94a58bb0bf 100644
# @CommandLineParameterType:
#
diff --git a/qemu-options.hx b/qemu-options.hx
-index b56f6b2fb2..c8c78c92d4 100644
+index 8073f5edf5..dc1ececc9c 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
-@@ -4479,6 +4479,18 @@ SRST
+@@ -4483,6 +4483,18 @@ SRST
Start right away with a saved state (``loadvm`` in monitor)
ERST
@@ -823,7 +823,7 @@ index b56f6b2fb2..c8c78c92d4 100644
DEF("daemonize", 0, QEMU_OPTION_daemonize, \
"-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL)
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index b0b96f67fa..f3251de3e7 100644
+index c9e9ede237..3f2681aded 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -164,6 +164,7 @@ static const char *accelerators;
@@ -834,7 +834,7 @@ index b0b96f67fa..f3251de3e7 100644
static QTAILQ_HEAD(, ObjectOption) object_opts = QTAILQ_HEAD_INITIALIZER(object_opts);
static QTAILQ_HEAD(, DeviceOption) device_opts = QTAILQ_HEAD_INITIALIZER(device_opts);
static int display_remote;
-@@ -2643,6 +2644,12 @@ void qmp_x_exit_preconfig(Error **errp)
+@@ -2647,6 +2648,12 @@ void qmp_x_exit_preconfig(Error **errp)
if (loadvm) {
load_snapshot(loadvm, NULL, false, NULL, &error_fatal);
@@ -847,7 +847,7 @@ index b0b96f67fa..f3251de3e7 100644
}
if (replay_mode != REPLAY_MODE_NONE) {
replay_vmstate_init();
-@@ -3190,6 +3197,9 @@ void qemu_init(int argc, char **argv)
+@@ -3194,6 +3201,9 @@ void qemu_init(int argc, char **argv)
case QEMU_OPTION_loadvm:
loadvm = optarg;
break;
diff --git a/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch b/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch
index 5327c11..fee97e0 100644
--- a/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch
+++ b/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch
@@ -14,7 +14,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 11 insertions(+)
diff --git a/qemu-options.hx b/qemu-options.hx
-index c8c78c92d4..20ca2cdba7 100644
+index dc1ececc9c..848d2dfdd1 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1197,6 +1197,9 @@ legacy PC, they are not recommended for modern configurations.
@@ -28,10 +28,10 @@ index c8c78c92d4..20ca2cdba7 100644
"-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL)
DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL)
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index f3251de3e7..1b63ffd33d 100644
+index 3f2681aded..1a3b9cc4b8 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
-@@ -2679,6 +2679,7 @@ void qemu_init(int argc, char **argv)
+@@ -2683,6 +2683,7 @@ void qemu_init(int argc, char **argv)
MachineClass *machine_class;
bool userconfig = true;
FILE *vmstate_dump_file = NULL;
@@ -39,7 +39,7 @@ index f3251de3e7..1b63ffd33d 100644
qemu_add_opts(&qemu_drive_opts);
qemu_add_drive_opts(&qemu_legacy_drive_opts);
-@@ -3302,6 +3303,13 @@ void qemu_init(int argc, char **argv)
+@@ -3306,6 +3307,13 @@ void qemu_init(int argc, char **argv)
machine_parse_property_opt(qemu_find_opts("smp-opts"),
"smp", optarg);
break;
diff --git a/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch b/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
index 766c4f9..f48fe4f 100644
--- a/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
+++ b/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
@@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 42 insertions(+), 20 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index 0db366a851..46f1ee38ae 100644
+index ca551baa42..8b3b83e9d4 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -2870,6 +2870,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2873,6 +2873,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
int fd;
uint64_t perm, shared;
int result = 0;
@@ -24,7 +24,7 @@ index 0db366a851..46f1ee38ae 100644
/* Validate options and set default values */
assert(options->driver == BLOCKDEV_DRIVER_FILE);
-@@ -2910,19 +2911,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2913,19 +2914,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
perm = BLK_PERM_WRITE | BLK_PERM_RESIZE;
shared = BLK_PERM_ALL & ~BLK_PERM_RESIZE;
@@ -59,7 +59,7 @@ index 0db366a851..46f1ee38ae 100644
}
/* Clear the file by truncating it to 0 */
-@@ -2976,13 +2980,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2979,13 +2983,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
}
out_unlock:
@@ -82,7 +82,7 @@ index 0db366a851..46f1ee38ae 100644
}
out_close:
-@@ -3006,6 +3012,7 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
+@@ -3009,6 +3015,7 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
PreallocMode prealloc;
char *buf = NULL;
Error *local_err = NULL;
@@ -90,7 +90,7 @@ index 0db366a851..46f1ee38ae 100644
/* Skip file: protocol prefix */
strstart(filename, "file:", &filename);
-@@ -3028,6 +3035,18 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
+@@ -3031,6 +3038,18 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
return -EINVAL;
}
@@ -109,7 +109,7 @@ index 0db366a851..46f1ee38ae 100644
options = (BlockdevCreateOptions) {
.driver = BLOCKDEV_DRIVER_FILE,
.u.file = {
-@@ -3039,6 +3058,8 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
+@@ -3042,6 +3061,8 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
.nocow = nocow,
.has_extent_size_hint = has_extent_size_hint,
.extent_size_hint = extent_size_hint,
@@ -119,10 +119,10 @@ index 0db366a851..46f1ee38ae 100644
};
return raw_co_create(&options, errp);
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 903392cb8f..125aa89858 100644
+index a5cea82139..bb471c078d 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -4876,7 +4876,8 @@
+@@ -4880,7 +4880,8 @@
'size': 'size',
'*preallocation': 'PreallocMode',
'*nocow': 'bool',
diff --git a/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch b/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch
index e2f16af..e3c7ba1 100644
--- a/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch
+++ b/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch
@@ -18,10 +18,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/monitor/qmp.c b/monitor/qmp.c
-index c15bf1e1fc..04fe25c62c 100644
+index 589c9524f8..2505dd658a 100644
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
-@@ -553,8 +553,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp)
+@@ -536,8 +536,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp)
qemu_chr_fe_set_echo(&mon->common.chr, true);
/* Note: we run QMP monitor in I/O thread when @chr supports that */
diff --git a/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch b/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch
index 5ec00c1..27a801a 100644
--- a/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch
+++ b/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch
@@ -72,7 +72,7 @@ index fbb61f18e4..7da3c519ba 100644
##
# @query-machines:
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index 1b63ffd33d..20ba2c5c87 100644
+index 1a3b9cc4b8..e9b5f62cc3 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -1597,6 +1597,7 @@ static const QEMUOption *lookup_opt(int argc, char **argv,
@@ -95,7 +95,7 @@ index 1b63ffd33d..20ba2c5c87 100644
g_slist_free(machines);
if (local_err) {
error_append_hint(&local_err, "Use -machine help to list supported machines\n");
-@@ -3244,12 +3250,31 @@ void qemu_init(int argc, char **argv)
+@@ -3248,12 +3254,31 @@ void qemu_init(int argc, char **argv)
case QEMU_OPTION_machine:
{
bool help;
diff --git a/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch b/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
index 3829068..2014c9c 100644
--- a/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
+++ b/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
@@ -1709,7 +1709,7 @@ index 0000000000..d84d807654
+ return ret;
+}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 125aa89858..331c8336d1 100644
+index bb471c078d..1b8462a51b 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -839,6 +839,235 @@
diff --git a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
index 5657376..0927c4d 100644
--- a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
+++ b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
@@ -403,7 +403,7 @@ index c3330310d9..cbfc9a43fb 100644
summary_info += {'libdaxctl support': libdaxctl}
summary_info += {'libudev': libudev}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 331c8336d1..a818d5f90f 100644
+index 1b8462a51b..d67a6d448a 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3396,6 +3396,7 @@
@@ -432,7 +432,7 @@ index 331c8336d1..a818d5f90f 100644
##
# @BlockdevOptionsNVMe:
#
-@@ -4886,6 +4898,7 @@
+@@ -4890,6 +4902,7 @@
'nfs': 'BlockdevOptionsNfs',
'null-aio': 'BlockdevOptionsNull',
'null-co': 'BlockdevOptionsNull',
diff --git a/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch b/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
index f6cd3c3..09c42e5 100644
--- a/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
+++ b/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
@@ -186,7 +186,7 @@ index d84d807654..9c8b88d075 100644
ret->pbs_masterkey = true;
ret->backup_max_workers = true;
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index a818d5f90f..48eb47c6ea 100644
+index d67a6d448a..09de550c95 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -991,6 +991,11 @@
diff --git a/debian/patches/pve/0038-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch b/debian/patches/pve/0038-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch
index 0e43de5..851851f 100644
--- a/debian/patches/pve/0038-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch
+++ b/debian/patches/pve/0038-block-io-accept-NULL-qiov-in-bdrv_pad_request.patch
@@ -17,7 +17,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 4 insertions(+)
diff --git a/block/io.c b/block/io.c
-index 055fcf7438..63f7b3ad3e 100644
+index 83d1b1dfdc..24a3c84c93 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1710,6 +1710,10 @@ static int bdrv_pad_request(BlockDriverState *bs,
diff --git a/debian/patches/pve/0044-migration-for-snapshots-hold-the-BQL-during-setup-ca.patch b/debian/patches/pve/0044-migration-for-snapshots-hold-the-BQL-during-setup-ca.patch
index a7f6e4d..3fa7ef7 100644
--- a/debian/patches/pve/0044-migration-for-snapshots-hold-the-BQL-during-setup-ca.patch
+++ b/debian/patches/pve/0044-migration-for-snapshots-hold-the-BQL-during-setup-ca.patch
@@ -140,10 +140,10 @@ index 86c2256a2b..8423e0c9f9 100644
if (ret) {
return ret;
diff --git a/migration/ram.c b/migration/ram.c
-index 9040d66e61..01532c9fc9 100644
+index 6e1514f69f..6a1aec7031 100644
--- a/migration/ram.c
+++ b/migration/ram.c
-@@ -2895,8 +2895,16 @@ static void migration_bitmap_clear_discarded_pages(RAMState *rs)
+@@ -2896,8 +2896,16 @@ static void migration_bitmap_clear_discarded_pages(RAMState *rs)
static void ram_init_bitmaps(RAMState *rs)
{
@@ -162,7 +162,7 @@ index 9040d66e61..01532c9fc9 100644
qemu_mutex_lock_ramlist();
WITH_RCU_READ_LOCK_GUARD() {
-@@ -2908,7 +2916,9 @@ static void ram_init_bitmaps(RAMState *rs)
+@@ -2909,7 +2917,9 @@ static void ram_init_bitmaps(RAMState *rs)
}
}
qemu_mutex_unlock_ramlist();
@@ -174,7 +174,7 @@ index 9040d66e61..01532c9fc9 100644
/*
* After an eventual first bitmap sync, fixup the initial bitmap
diff --git a/migration/savevm.c b/migration/savevm.c
-index a2cb8855e2..ea8b30a630 100644
+index d60c4f487a..3c015722f7 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -1625,10 +1625,8 @@ static int qemu_savevm_state(QEMUFile *f, Error **errp)
diff --git a/debian/patches/series b/debian/patches/series
index b3da8bb..c37e3b9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,13 +2,9 @@ extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
extra/0004-migration-block-dirty-bitmap-fix-loading-bitmap-when.patch
-extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
-extra/0006-Revert-Revert-graph-lock-Disable-locking-for-now.patch
-extra/0007-migration-states-workaround-snapshot-performance-reg.patch
-extra/0008-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
-extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch
-extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
-extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch
+extra/0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch
+extra/0006-migration-states-workaround-snapshot-performance-reg.patch
+extra/0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
diff --git a/qemu b/qemu
index 78385bc..20a1b34 160000
--- a/qemu
+++ b/qemu
@@ -1 +1 @@
-Subproject commit 78385bc738108a9b5b20e639520dc60425ca2a5a
+Subproject commit 20a1b341a0af1fef84cec9e521d33da0e8d9ecf3
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] [PATCH qemu 2/2] stable fixes for corner case in i386 emulation and crash with VNC clipboard
2024-01-30 14:14 [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5 Fiona Ebner
@ 2024-01-30 14:14 ` Fiona Ebner
2024-02-02 18:17 ` [pve-devel] applied-series: [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5 Thomas Lamprecht
1 sibling, 0 replies; 3+ messages in thread
From: Fiona Ebner @ 2024-01-30 14:14 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...sgx_epc_get_section-stub-is-reachabl.patch | 34 ++++++++
...k-type-as-not-available-when-there-i.patch | 86 +++++++++++++++++++
debian/patches/series | 2 +
3 files changed, 122 insertions(+)
create mode 100644 debian/patches/extra/0008-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch
create mode 100644 debian/patches/extra/0009-ui-clipboard-mark-type-as-not-available-when-there-i.patch
diff --git a/debian/patches/extra/0008-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch b/debian/patches/extra/0008-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch
new file mode 100644
index 0000000..194635f
--- /dev/null
+++ b/debian/patches/extra/0008-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch
@@ -0,0 +1,34 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 1 Feb 2022 20:09:41 +0100
+Subject: [PATCH] target/i386: the sgx_epc_get_section stub is reachable
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The sgx_epc_get_section stub is reachable from cpu_x86_cpuid. It
+should not assert, instead it should just return true just like
+the "real" sgx_epc_get_section does when SGX is disabled.
+
+Reported-by: Vladimír Beneš <vbenes@redhat.com>
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-ID: <20220201190941.106001-1-pbonzini@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry-picked from commit 219615740425d9683588207b40a365e6741691a6)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/i386/sgx-stub.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/i386/sgx-stub.c b/hw/i386/sgx-stub.c
+index 26833eb233..16b1dfd90b 100644
+--- a/hw/i386/sgx-stub.c
++++ b/hw/i386/sgx-stub.c
+@@ -34,5 +34,5 @@ void pc_machine_init_sgx_epc(PCMachineState *pcms)
+
+ bool sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
+ {
+- g_assert_not_reached();
++ return true;
+ }
diff --git a/debian/patches/extra/0009-ui-clipboard-mark-type-as-not-available-when-there-i.patch b/debian/patches/extra/0009-ui-clipboard-mark-type-as-not-available-when-there-i.patch
new file mode 100644
index 0000000..4b09063
--- /dev/null
+++ b/debian/patches/extra/0009-ui-clipboard-mark-type-as-not-available-when-there-i.patch
@@ -0,0 +1,86 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fiona Ebner <f.ebner@proxmox.com>
+Date: Wed, 24 Jan 2024 11:57:48 +0100
+Subject: [PATCH] ui/clipboard: mark type as not available when there is no
+ data
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+With VNC, a client can send a non-extended VNC_MSG_CLIENT_CUT_TEXT
+message with len=0. In qemu_clipboard_set_data(), the clipboard info
+will be updated setting data to NULL (because g_memdup(data, size)
+returns NULL when size is 0). If the client does not set the
+VNC_ENCODING_CLIPBOARD_EXT feature when setting up the encodings, then
+the 'request' callback for the clipboard peer is not initialized.
+Later, because data is NULL, qemu_clipboard_request() can be reached
+via vdagent_chr_write() and vdagent_clipboard_recv_request() and
+there, the clipboard owner's 'request' callback will be attempted to
+be called, but that is a NULL pointer.
+
+In particular, this can happen when using the KRDC (22.12.3) VNC
+client.
+
+Another scenario leading to the same issue is with two clients (say
+noVNC and KRDC):
+
+The noVNC client sets the extension VNC_FEATURE_CLIPBOARD_EXT and
+initializes its cbpeer.
+
+The KRDC client does not, but triggers a vnc_client_cut_text() (note
+it's not the _ext variant)). There, a new clipboard info with it as
+the 'owner' is created and via qemu_clipboard_set_data() is called,
+which in turn calls qemu_clipboard_update() with that info.
+
+In qemu_clipboard_update(), the notifier for the noVNC client will be
+called, i.e. vnc_clipboard_notify() and also set vs->cbinfo for the
+noVNC client. The 'owner' in that clipboard info is the clipboard peer
+for the KRDC client, which did not initialize the 'request' function.
+That sounds correct to me, it is the owner of that clipboard info.
+
+Then when noVNC sends a VNC_MSG_CLIENT_CUT_TEXT message (it did set
+the VNC_FEATURE_CLIPBOARD_EXT feature correctly, so a check for it
+passes), that clipboard info is passed to qemu_clipboard_request() and
+the original segfault still happens.
+
+Fix the issue by handling updates with size 0 differently. In
+particular, mark in the clipboard info that the type is not available.
+
+While at it, switch to g_memdup2(), because g_memdup() is deprecated.
+
+Cc: qemu-stable@nongnu.org
+Fixes: CVE-2023-6683
+Reported-by: Markus Frank <m.frank@proxmox.com>
+Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Tested-by: Markus Frank <m.frank@proxmox.com>
+(picked from https://lists.nongnu.org/archive/html/qemu-stable/2024-01/msg00228.html)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ ui/clipboard.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/ui/clipboard.c b/ui/clipboard.c
+index 3d14bffaf8..b3f6fa3c9e 100644
+--- a/ui/clipboard.c
++++ b/ui/clipboard.c
+@@ -163,9 +163,15 @@ void qemu_clipboard_set_data(QemuClipboardPeer *peer,
+ }
+
+ g_free(info->types[type].data);
+- info->types[type].data = g_memdup(data, size);
+- info->types[type].size = size;
+- info->types[type].available = true;
++ if (size) {
++ info->types[type].data = g_memdup2(data, size);
++ info->types[type].size = size;
++ info->types[type].available = true;
++ } else {
++ info->types[type].data = NULL;
++ info->types[type].size = 0;
++ info->types[type].available = false;
++ }
+
+ if (update) {
+ qemu_clipboard_update(info);
diff --git a/debian/patches/series b/debian/patches/series
index c37e3b9..381ff8c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,6 +5,8 @@ extra/0004-migration-block-dirty-bitmap-fix-loading-bitmap-when.patch
extra/0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch
extra/0006-migration-states-workaround-snapshot-performance-reg.patch
extra/0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
+extra/0008-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch
+extra/0009-ui-clipboard-mark-type-as-not-available-when-there-i.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
--
2.39.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pve-devel] applied-series: [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5
2024-01-30 14:14 [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5 Fiona Ebner
2024-01-30 14:14 ` [pve-devel] [PATCH qemu 2/2] stable fixes for corner case in i386 emulation and crash with VNC clipboard Fiona Ebner
@ 2024-02-02 18:17 ` Thomas Lamprecht
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Lamprecht @ 2024-02-02 18:17 UTC (permalink / raw)
To: Proxmox VE development discussion, Fiona Ebner
Am 30/01/2024 um 15:14 schrieb Fiona Ebner:
> Most notable fixes from a Proxmox VE perspective are:
>
> * "virtio-net: correctly copy vnet header when flushing TX"
> To prevent a stack overflow that could lead to leaking parts of the
> QEMU process's memory.
> * "hw/pflash: implement update buffer for block writes"
> To prevent an edge case for half-completed writes. This potentially
> affected EFI disks.
> * Fixes to i386 emulation and ARM emulation.
>
> No changes for patches were necessary (all are just automatic context
> changes).
>
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
> ...d-support-for-sync-bitmap-mode-never.patch | 2 +-
> ...race-with-clients-disconnecting-earl.patch | 10 +-
> ...ial-deadlock-when-draining-during-tr.patch | 2 +-
> ...-graph-lock-Disable-locking-for-now.patch} | 0
> ...cel-async-DMA-operation-before-reset.patch | 100 ----------------
> ...workaround-snapshot-performance-reg.patch} | 0
> ...orkaround-Windows-not-handling-name.patch} | 0
> ...w-ide-ahci-fix-legacy-software-reset.patch | 107 ------------------
> ...-ui-vnc-clipboard-fix-inflate_buffer.patch | 34 ------
> ...oContext-locking-in-qmp_block_resize.patch | 36 ------
> ...k-file-change-locking-default-to-off.patch | 6 +-
> ...djust-network-script-path-to-etc-kvm.patch | 4 +-
> ...he-CPU-model-to-kvm64-32-instead-of-.patch | 2 +-
> ...return-success-on-info-without-snaps.patch | 2 +-
> ...dd-add-osize-and-read-from-to-stdin-.patch | 12 +-
> ...E-Up-qemu-img-dd-add-isize-parameter.patch | 14 +--
> ...PVE-Up-qemu-img-dd-add-n-skip_create.patch | 10 +-
> ...-add-l-option-for-loading-a-snapshot.patch | 14 +--
> ...async-for-background-state-snapshots.patch | 10 +-
> ...-Add-dummy-id-command-line-parameter.patch | 8 +-
> ...le-posix-make-locking-optiono-on-cre.patch | 18 +--
> ...3-PVE-monitor-disable-oob-capability.patch | 4 +-
> ...E-Allow-version-code-in-machine-type.patch | 4 +-
> ...ckup-Proxmox-backup-patches-for-QEMU.patch | 2 +-
> ...k-driver-to-map-backup-archives-into.patch | 4 +-
> ...igrate-dirty-bitmap-state-via-savevm.patch | 2 +-
> ...accept-NULL-qiov-in-bdrv_pad_request.patch | 2 +-
> ...apshots-hold-the-BQL-during-setup-ca.patch | 8 +-
> debian/patches/series | 10 +-
> qemu | 2 +-
> 30 files changed, 74 insertions(+), 355 deletions(-)
> rename debian/patches/extra/{0006-Revert-Revert-graph-lock-Disable-locking-for-now.patch => 0005-Revert-Revert-graph-lock-Disable-locking-for-now.patch} (100%)
> delete mode 100644 debian/patches/extra/0005-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch
> rename debian/patches/extra/{0007-migration-states-workaround-snapshot-performance-reg.patch => 0006-migration-states-workaround-snapshot-performance-reg.patch} (100%)
> rename debian/patches/extra/{0008-Revert-x86-acpi-workaround-Windows-not-handling-name.patch => 0007-Revert-x86-acpi-workaround-Windows-not-handling-name.patch} (100%)
> delete mode 100644 debian/patches/extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch
> delete mode 100644 debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
> delete mode 100644 debian/patches/extra/0011-block-Fix-AioContext-locking-in-qmp_block_resize.patch
>
>
applied series, thanks!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-02-02 18:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-30 14:14 [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5 Fiona Ebner
2024-01-30 14:14 ` [pve-devel] [PATCH qemu 2/2] stable fixes for corner case in i386 emulation and crash with VNC clipboard Fiona Ebner
2024-02-02 18:17 ` [pve-devel] applied-series: [PATCH qemu 1/2] update submodule and patches to QEMU 8.1.5 Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox