* [pve-devel] [PATCH qemu 0/4] QEMU 9.1.2
@ 2024-11-25 11:00 Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches to " Fiona Ebner
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Fiona Ebner @ 2024-11-25 11:00 UTC (permalink / raw)
To: pve-devel
No issues encountered during initial smoke testing of migration,
snapshot, backup functionality, SPICE, drive-mirror, with a selection
of different VM configs and guests.
Fiona Ebner (4):
update submodule and patches to QEMU 9.1.2
async snapshot: code cleanup: use error_setg() helper
async snapshot: improve error handling for 'savevm-start' QMP command
stable fixes for QEMU 9.1.2
...d-support-for-sync-bitmap-mode-never.patch | 54 +--
...-support-for-conditional-and-always-.patch | 10 +-
...check-for-bitmap-mode-without-bitmap.patch | 4 +-
...-to-bdrv_dirty_bitmap_merge_internal.patch | 6 +-
.../0006-mirror-move-some-checks-to-qmp.patch | 8 +-
...race-with-clients-disconnecting-earl.patch | 14 +-
...ial-deadlock-when-draining-during-tr.patch | 2 +-
...workaround-Windows-not-handling-name.patch | 4 +-
...e-write-use-uint64_t-for-timeout-in-.patch | 35 --
...o-net-Add-queues-before-loading-them.patch | 81 ++++
...ock-copy-before-write-fix-permission.patch | 55 ---
...ix-size-check-in-dhclient-workaround.patch | 36 ++
...e-write-support-unligned-snapshot-di.patch | 48 ---
...e-write-create-block_copy-bitmap-in-.patch | 373 ------------------
...-backup-add-discard-source-parameter.patch | 277 -------------
...e-de-initialization-of-vhost-user-de.patch | 92 -----
...Use-float_status-copy-in-sme_fmopa_s.patch | 43 --
...-Use-FPST_F16-for-SME-FMOPA-widening.patch | 62 ---
...ion-and-honor-bootindex-again-for-le.patch | 60 ---
...5a-bump-instruction-limit-in-scripts.patch | 48 ---
...15-block-copy-Fix-missing-graph-lock.patch | 38 --
...-do-not-operate-on-sources-from-fina.patch | 93 -----
...ix-the-use-of-an-uninitialized-irqfd.patch | 77 ----
...net-Ensure-queue-index-fits-with-RSS.patch | 35 --
...etwork-stall-at-the-host-side-waitin.patch | 338 ----------------
...t-nic-model-help-output-as-documente.patch | 70 ----
...net-nic-model-for-non-help-arguments.patch | 32 --
...-assert-for-128-bit-tile-accesses-wh.patch | 57 ---
...arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch | 59 ---
...-shifts-by-1-in-tszimm_shr-and-tszim.patch | 62 ---
...e-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch | 41 --
...e-denormals-correctly-for-FMOPA-wide.patch | 164 --------
...el_iommu-fix-FRCD-construction-macro.patch | 39 --
...386-Do-not-apply-REX-to-MMX-operands.patch | 33 --
...rash-by-resetting-local_err-in-modul.patch | 42 --
...-Plumb-in-new-args-to-nbd_client_add.patch | 164 --------
...024-7409-Cap-default-max-connections.patch | 172 --------
...024-7409-Drop-non-negotiating-client.patch | 123 ------
...024-7409-Close-stray-clients-at-serv.patch | 161 --------
...c-fix-crash-when-no-console-attached.patch | 47 ---
...024-7409-Avoid-use-after-free-when-c.patch | 89 -----
...fix-memory-leak-in-dirty_memory_exte.patch | 134 -------
...st-allow-adding-overlapping-requests.patch | 104 -----
...k-file-change-locking-default-to-off.patch | 6 +-
...djust-network-script-path-to-etc-kvm.patch | 4 +-
...he-CPU-model-to-kvm64-32-instead-of-.patch | 4 +-
...erfs-no-default-logfile-if-daemonize.patch | 8 +-
...lock-rbd-disable-rbd_cache_writethro.patch | 2 +-
...PVE-Up-glusterfs-allow-partial-reads.patch | 14 +-
...virtio-balloon-improve-query-balloon.patch | 8 +-
.../0014-PVE-qapi-modify-query-machines.patch | 12 +-
.../0015-PVE-qapi-modify-spice-query.patch | 4 +-
...nnel-implementation-for-savevm-async.patch | 2 +-
...async-for-background-state-snapshots.patch | 92 ++---
...add-optional-buffer-size-to-QEMUFile.patch | 53 ++-
...add-the-zeroinit-block-driver-filter.patch | 8 +-
...-Add-dummy-id-command-line-parameter.patch | 10 +-
...t-target-i386-disable-LINT0-after-re.patch | 2 +-
...le-posix-make-locking-optiono-on-cre.patch | 20 +-
...3-PVE-monitor-disable-oob-capability.patch | 4 +-
...sed-balloon-qemu-4-0-config-size-fal.patch | 4 +-
...E-Allow-version-code-in-machine-type.patch | 65 ++-
...VE-Backup-add-vma-backup-format-code.patch | 14 +-
...-Backup-add-backup-dump-block-driver.patch | 4 +-
...ckup-Proxmox-backup-patches-for-QEMU.patch | 48 +--
...estore-new-command-to-restore-from-p.patch | 8 +-
...k-driver-to-map-backup-archives-into.patch | 29 +-
...ct-stderr-to-journal-when-daemonized.patch | 10 +-
...igrate-dirty-bitmap-state-via-savevm.patch | 32 +-
...dirty-bitmap-migrate-other-bitmaps-e.patch | 15 +-
...all-back-to-open-iscsi-initiatorname.patch | 2 +-
.../0038-block-add-alloc-track-driver.patch | 6 +-
...-rbd-workaround-for-ceph-issue-53784.patch | 2 +-
...-fix-handling-of-holes-in-.bdrv_co_b.patch | 2 +-
...k-rbd-implement-bdrv_co_block_status.patch | 4 +-
...rror-out-when-auto-remove-is-not-set.patch | 2 +-
...d-seemingly-superfluous-child-permis.patch | 2 +-
...e-allow-specifying-minimum-cluster-s.patch | 4 +-
...um-cluster-size-to-performance-optio.patch | 6 +-
.../0046-PVE-backup-add-fleecing-option.patch | 6 +-
...ve-error-when-copy-before-write-fail.patch | 2 +-
...up-fixup-error-handling-for-fleecing.patch | 2 +-
...r-out-setting-up-snapshot-access-for.patch | 2 +-
...device-name-in-device-info-structure.patch | 2 +-
...de-device-name-in-error-when-setting.patch | 2 +-
debian/patches/series | 35 +-
qemu | 2 +-
87 files changed, 433 insertions(+), 3618 deletions(-)
delete mode 100644 debian/patches/extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
create mode 100644 debian/patches/extra/0005-virtio-net-Add-queues-before-loading-them.patch
delete mode 100644 debian/patches/extra/0006-block-copy-before-write-fix-permission.patch
create mode 100644 debian/patches/extra/0006-virtio-net-Fix-size-check-in-dhclient-workaround.patch
delete mode 100644 debian/patches/extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch
delete mode 100644 debian/patches/extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch
delete mode 100644 debian/patches/extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch
delete mode 100644 debian/patches/extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch
delete mode 100644 debian/patches/extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch
delete mode 100644 debian/patches/extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch
delete mode 100644 debian/patches/extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch
delete mode 100644 debian/patches/extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch
delete mode 100644 debian/patches/extra/0015-block-copy-Fix-missing-graph-lock.patch
delete mode 100644 debian/patches/extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch
delete mode 100644 debian/patches/extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch
delete mode 100644 debian/patches/extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch
delete mode 100644 debian/patches/extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch
delete mode 100644 debian/patches/extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch
delete mode 100644 debian/patches/extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch
delete mode 100644 debian/patches/extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch
delete mode 100644 debian/patches/extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch
delete mode 100644 debian/patches/extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch
delete mode 100644 debian/patches/extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch
delete mode 100644 debian/patches/extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch
delete mode 100644 debian/patches/extra/0027-intel_iommu-fix-FRCD-construction-macro.patch
delete mode 100644 debian/patches/extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch
delete mode 100644 debian/patches/extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch
delete mode 100644 debian/patches/extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch
delete mode 100644 debian/patches/extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch
delete mode 100644 debian/patches/extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch
delete mode 100644 debian/patches/extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch
delete mode 100644 debian/patches/extra/0034-vnc-fix-crash-when-no-console-attached.patch
delete mode 100644 debian/patches/extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch
delete mode 100644 debian/patches/extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch
delete mode 100644 debian/patches/extra/0037-block-reqlist-allow-adding-overlapping-requests.patch
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] [PATCH qemu 1/4] update submodule and patches to QEMU 9.1.2
2024-11-25 11:00 [pve-devel] [PATCH qemu 0/4] QEMU 9.1.2 Fiona Ebner
@ 2024-11-25 11:00 ` Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 2/4] async snapshot: code cleanup: use error_setg() helper Fiona Ebner
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Fiona Ebner @ 2024-11-25 11:00 UTC (permalink / raw)
To: pve-devel
Notable changes, most interestingly the two build system changes:
* avoid making 'migration' target depend on 'libproxmox_backup_qemu':
Having pbs-state.c be part of the 'migration_files' makes the
'migration' target depend on 'libproxmox_backup_qemu'. Adding the
dependency to 'migration' and 'libmigration' would not be enough
however, because pbs-state.c depends on savevm.c (for
register_savevm_live()), and savevm.c is not itself part of the
'migration_files' and would need to be moved too. Otherwise, linking
the 'test-xbzrle' unit test is broken. Instead, don't declare
pbs-state.c to be part of the 'migration_files'.
* meson: pbs-restore + vma: add qemuutil dependency explicitly
Both pbs-restore and vma use "qemu/osdep.h" so the dependency is
present. Being explicit is required after commit 414b180d42 ("meson:
Pass objects and dependencies to declare_dependency()").
* QAPI docs "Notes:" to ".. note::" conversion following commit
d461c27973 ("qapi: convert "Note" sections to plain rST").
* Removal of QERR_* macros following commit
a95921f171 ("qapi: Inline and remove QERR_DEVICE_HAS_NO_MEDIUM
definition") and friends.
* Signature change for .save_setup callbacks following commit
01c3ac681b ("migration: Add Error** argument to .save_setup()
handler").
* Removal of separate .bdrv_file_open callbacks following commit
44b424dc4a ("block: remove separate bdrv_file_open callback")
* Adapt dirty bitmap migration error handling following commit
dd03167725 ("migration: Add Error** argument to
add_bitmaps_to_list()")
* Adapt savevm async to removed block migration following commit
eef0bae3a7 ("migration: Remove block migration")
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...d-support-for-sync-bitmap-mode-never.patch | 54 +--
...-support-for-conditional-and-always-.patch | 10 +-
...check-for-bitmap-mode-without-bitmap.patch | 4 +-
...-to-bdrv_dirty_bitmap_merge_internal.patch | 6 +-
.../0006-mirror-move-some-checks-to-qmp.patch | 8 +-
...race-with-clients-disconnecting-earl.patch | 14 +-
...ial-deadlock-when-draining-during-tr.patch | 2 +-
...workaround-Windows-not-handling-name.patch | 4 +-
...e-write-use-uint64_t-for-timeout-in-.patch | 35 --
...ock-copy-before-write-fix-permission.patch | 55 ---
...e-write-support-unligned-snapshot-di.patch | 48 ---
...e-write-create-block_copy-bitmap-in-.patch | 373 ------------------
...-backup-add-discard-source-parameter.patch | 277 -------------
...e-de-initialization-of-vhost-user-de.patch | 92 -----
...Use-float_status-copy-in-sme_fmopa_s.patch | 43 --
...-Use-FPST_F16-for-SME-FMOPA-widening.patch | 62 ---
...ion-and-honor-bootindex-again-for-le.patch | 60 ---
...5a-bump-instruction-limit-in-scripts.patch | 48 ---
...15-block-copy-Fix-missing-graph-lock.patch | 38 --
...-do-not-operate-on-sources-from-fina.patch | 93 -----
...ix-the-use-of-an-uninitialized-irqfd.patch | 77 ----
| 35 --
...etwork-stall-at-the-host-side-waitin.patch | 338 ----------------
...t-nic-model-help-output-as-documente.patch | 70 ----
...net-nic-model-for-non-help-arguments.patch | 32 --
...-assert-for-128-bit-tile-accesses-wh.patch | 57 ---
...arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch | 59 ---
...-shifts-by-1-in-tszimm_shr-and-tszim.patch | 62 ---
...e-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch | 41 --
...e-denormals-correctly-for-FMOPA-wide.patch | 164 --------
...el_iommu-fix-FRCD-construction-macro.patch | 39 --
...386-Do-not-apply-REX-to-MMX-operands.patch | 33 --
...rash-by-resetting-local_err-in-modul.patch | 42 --
...-Plumb-in-new-args-to-nbd_client_add.patch | 164 --------
...024-7409-Cap-default-max-connections.patch | 172 --------
...024-7409-Drop-non-negotiating-client.patch | 123 ------
...024-7409-Close-stray-clients-at-serv.patch | 161 --------
...c-fix-crash-when-no-console-attached.patch | 47 ---
...024-7409-Avoid-use-after-free-when-c.patch | 89 -----
...fix-memory-leak-in-dirty_memory_exte.patch | 134 -------
...st-allow-adding-overlapping-requests.patch | 104 -----
...k-file-change-locking-default-to-off.patch | 6 +-
...djust-network-script-path-to-etc-kvm.patch | 4 +-
...he-CPU-model-to-kvm64-32-instead-of-.patch | 4 +-
...erfs-no-default-logfile-if-daemonize.patch | 8 +-
...lock-rbd-disable-rbd_cache_writethro.patch | 2 +-
...PVE-Up-glusterfs-allow-partial-reads.patch | 14 +-
...virtio-balloon-improve-query-balloon.patch | 8 +-
.../0014-PVE-qapi-modify-query-machines.patch | 12 +-
.../0015-PVE-qapi-modify-spice-query.patch | 4 +-
...nnel-implementation-for-savevm-async.patch | 2 +-
...async-for-background-state-snapshots.patch | 63 ++-
...add-optional-buffer-size-to-QEMUFile.patch | 51 +--
...add-the-zeroinit-block-driver-filter.patch | 8 +-
...-Add-dummy-id-command-line-parameter.patch | 10 +-
...t-target-i386-disable-LINT0-after-re.patch | 2 +-
...le-posix-make-locking-optiono-on-cre.patch | 20 +-
...3-PVE-monitor-disable-oob-capability.patch | 4 +-
...sed-balloon-qemu-4-0-config-size-fal.patch | 4 +-
...E-Allow-version-code-in-machine-type.patch | 65 ++-
...VE-Backup-add-vma-backup-format-code.patch | 14 +-
...-Backup-add-backup-dump-block-driver.patch | 4 +-
...ckup-Proxmox-backup-patches-for-QEMU.patch | 48 +--
...estore-new-command-to-restore-from-p.patch | 8 +-
...k-driver-to-map-backup-archives-into.patch | 29 +-
...ct-stderr-to-journal-when-daemonized.patch | 10 +-
...igrate-dirty-bitmap-state-via-savevm.patch | 32 +-
...dirty-bitmap-migrate-other-bitmaps-e.patch | 15 +-
...all-back-to-open-iscsi-initiatorname.patch | 2 +-
.../0038-block-add-alloc-track-driver.patch | 6 +-
...-rbd-workaround-for-ceph-issue-53784.patch | 2 +-
...-fix-handling-of-holes-in-.bdrv_co_b.patch | 2 +-
...k-rbd-implement-bdrv_co_block_status.patch | 4 +-
...rror-out-when-auto-remove-is-not-set.patch | 2 +-
...d-seemingly-superfluous-child-permis.patch | 2 +-
...e-allow-specifying-minimum-cluster-s.patch | 4 +-
...um-cluster-size-to-performance-optio.patch | 6 +-
.../0046-PVE-backup-add-fleecing-option.patch | 6 +-
...ve-error-when-copy-before-write-fail.patch | 2 +-
...up-fixup-error-handling-for-fleecing.patch | 2 +-
...r-out-setting-up-snapshot-access-for.patch | 2 +-
...device-name-in-device-info-structure.patch | 2 +-
...de-device-name-in-error-when-setting.patch | 2 +-
debian/patches/series | 33 --
qemu | 2 +-
85 files changed, 294 insertions(+), 3607 deletions(-)
delete mode 100644 debian/patches/extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
delete mode 100644 debian/patches/extra/0006-block-copy-before-write-fix-permission.patch
delete mode 100644 debian/patches/extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch
delete mode 100644 debian/patches/extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch
delete mode 100644 debian/patches/extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch
delete mode 100644 debian/patches/extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch
delete mode 100644 debian/patches/extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch
delete mode 100644 debian/patches/extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch
delete mode 100644 debian/patches/extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch
delete mode 100644 debian/patches/extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch
delete mode 100644 debian/patches/extra/0015-block-copy-Fix-missing-graph-lock.patch
delete mode 100644 debian/patches/extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch
delete mode 100644 debian/patches/extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch
delete mode 100644 debian/patches/extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch
delete mode 100644 debian/patches/extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch
delete mode 100644 debian/patches/extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch
delete mode 100644 debian/patches/extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch
delete mode 100644 debian/patches/extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch
delete mode 100644 debian/patches/extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch
delete mode 100644 debian/patches/extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch
delete mode 100644 debian/patches/extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch
delete mode 100644 debian/patches/extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch
delete mode 100644 debian/patches/extra/0027-intel_iommu-fix-FRCD-construction-macro.patch
delete mode 100644 debian/patches/extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch
delete mode 100644 debian/patches/extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch
delete mode 100644 debian/patches/extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch
delete mode 100644 debian/patches/extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch
delete mode 100644 debian/patches/extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch
delete mode 100644 debian/patches/extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch
delete mode 100644 debian/patches/extra/0034-vnc-fix-crash-when-no-console-attached.patch
delete mode 100644 debian/patches/extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch
delete mode 100644 debian/patches/extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch
delete mode 100644 debian/patches/extra/0037-block-reqlist-allow-adding-overlapping-requests.patch
diff --git a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
index 0532896..ddf26e4 100644
--- a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
+++ b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
@@ -27,7 +27,7 @@ Signed-off-by: Ma Haocong <mahaocong@didichuxing.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
-[FE: rebased for 8.2.2]
+[FE: rebased for 9.1.2]
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
block/mirror.c | 99 ++++++++++++++++++++------
@@ -38,7 +38,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
5 files changed, 142 insertions(+), 28 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 1bdce3b657..0c5c72df2e 100644
+index 61f0a717b7..83a88562c5 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -51,7 +51,7 @@ typedef struct MirrorBlockJob {
@@ -59,7 +59,7 @@ index 1bdce3b657..0c5c72df2e 100644
BdrvDirtyBitmap *dirty_bitmap;
BdrvDirtyBitmapIter *dbi;
uint8_t *buf;
-@@ -722,7 +724,8 @@ static int mirror_exit_common(Job *job)
+@@ -723,7 +725,8 @@ static int mirror_exit_common(Job *job)
&error_abort);
if (!abort && s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) {
@@ -69,7 +69,7 @@ index 1bdce3b657..0c5c72df2e 100644
BlockDriverState *unfiltered_target = bdrv_skip_filters(target_bs);
if (bdrv_cow_bs(unfiltered_target) != backing) {
-@@ -819,6 +822,16 @@ static void mirror_abort(Job *job)
+@@ -824,6 +827,16 @@ static void mirror_abort(Job *job)
assert(ret == 0);
}
@@ -86,7 +86,7 @@ index 1bdce3b657..0c5c72df2e 100644
static void coroutine_fn mirror_throttle(MirrorBlockJob *s)
{
int64_t now = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
-@@ -1015,7 +1028,8 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
+@@ -1020,7 +1033,8 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
mirror_free_init(s);
s->last_pause_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
@@ -96,7 +96,7 @@ index 1bdce3b657..0c5c72df2e 100644
ret = mirror_dirty_init(s);
if (ret < 0 || job_is_cancelled(&s->common.job)) {
goto immediate_exit;
-@@ -1304,6 +1318,7 @@ static const BlockJobDriver mirror_job_driver = {
+@@ -1309,6 +1323,7 @@ static const BlockJobDriver mirror_job_driver = {
.run = mirror_run,
.prepare = mirror_prepare,
.abort = mirror_abort,
@@ -104,7 +104,7 @@ index 1bdce3b657..0c5c72df2e 100644
.pause = mirror_pause,
.complete = mirror_complete,
.cancel = mirror_cancel,
-@@ -1322,6 +1337,7 @@ static const BlockJobDriver commit_active_job_driver = {
+@@ -1327,6 +1342,7 @@ static const BlockJobDriver commit_active_job_driver = {
.run = mirror_run,
.prepare = mirror_prepare,
.abort = mirror_abort,
@@ -112,7 +112,7 @@ index 1bdce3b657..0c5c72df2e 100644
.pause = mirror_pause,
.complete = mirror_complete,
.cancel = commit_active_cancel,
-@@ -1714,7 +1730,10 @@ static BlockJob *mirror_start_job(
+@@ -1719,7 +1735,10 @@ static BlockJob *mirror_start_job(
BlockCompletionFunc *cb,
void *opaque,
const BlockJobDriver *driver,
@@ -123,8 +123,8 @@ index 1bdce3b657..0c5c72df2e 100644
+ BlockDriverState *base,
bool auto_complete, const char *filter_node_name,
bool is_mirror, MirrorCopyMode copy_mode,
- Error **errp)
-@@ -1728,10 +1747,39 @@ static BlockJob *mirror_start_job(
+ bool base_ro,
+@@ -1734,10 +1753,39 @@ static BlockJob *mirror_start_job(
GLOBAL_STATE_CODE();
@@ -166,7 +166,7 @@ index 1bdce3b657..0c5c72df2e 100644
assert(is_power_of_2(granularity));
if (buf_size < 0) {
-@@ -1871,7 +1919,9 @@ static BlockJob *mirror_start_job(
+@@ -1878,7 +1926,9 @@ static BlockJob *mirror_start_job(
s->replaces = g_strdup(replaces);
s->on_source_error = on_source_error;
s->on_target_error = on_target_error;
@@ -177,7 +177,7 @@ index 1bdce3b657..0c5c72df2e 100644
s->backing_mode = backing_mode;
s->zero_target = zero_target;
qatomic_set(&s->copy_mode, copy_mode);
-@@ -1897,6 +1947,18 @@ static BlockJob *mirror_start_job(
+@@ -1904,6 +1954,18 @@ static BlockJob *mirror_start_job(
*/
bdrv_disable_dirty_bitmap(s->dirty_bitmap);
@@ -196,7 +196,7 @@ index 1bdce3b657..0c5c72df2e 100644
bdrv_graph_wrlock();
ret = block_job_add_bdrv(&s->common, "source", bs, 0,
BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE |
-@@ -1979,6 +2041,9 @@ fail:
+@@ -1986,6 +2048,9 @@ fail:
if (s->dirty_bitmap) {
bdrv_release_dirty_bitmap(s->dirty_bitmap);
}
@@ -206,7 +206,7 @@ index 1bdce3b657..0c5c72df2e 100644
job_early_fail(&s->common.job);
}
-@@ -2001,35 +2066,28 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
+@@ -2008,35 +2073,28 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *target, const char *replaces,
int creation_flags, int64_t speed,
uint32_t granularity, int64_t buf_size,
@@ -241,13 +241,13 @@ index 1bdce3b657..0c5c72df2e 100644
speed, granularity, buf_size, backing_mode, zero_target,
on_source_error, on_target_error, unmap, NULL, NULL,
- &mirror_job_driver, is_none_mode, base, false,
-- filter_node_name, true, copy_mode, errp);
+- filter_node_name, true, copy_mode, false, errp);
+ &mirror_job_driver, mode, bitmap, bitmap_mode, base,
-+ false, filter_node_name, true, copy_mode, errp);
++ false, filter_node_name, true, copy_mode, false, errp);
}
BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
-@@ -2056,7 +2114,8 @@ BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
+@@ -2063,7 +2121,8 @@ BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
job_id, bs, creation_flags, base, NULL, speed, 0, 0,
MIRROR_LEAVE_BACKING_CHAIN, false,
on_error, on_error, true, cb, opaque,
@@ -255,13 +255,13 @@ index 1bdce3b657..0c5c72df2e 100644
+ &commit_active_job_driver, MIRROR_SYNC_MODE_FULL,
+ NULL, 0, base, auto_complete,
filter_node_name, false, MIRROR_COPY_MODE_BACKGROUND,
- errp);
+ base_read_only, errp);
if (!job) {
diff --git a/blockdev.c b/blockdev.c
-index 4c33c3f5f0..f3e508a6a7 100644
+index 835064ed03..9b10e3917c 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -2776,6 +2776,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2778,6 +2778,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
BlockDriverState *target,
const char *replaces,
enum MirrorSyncMode sync,
@@ -271,7 +271,7 @@ index 4c33c3f5f0..f3e508a6a7 100644
BlockMirrorBackingMode backing_mode,
bool zero_target,
bool has_speed, int64_t speed,
-@@ -2794,6 +2797,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2796,6 +2799,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
{
BlockDriverState *unfiltered_bs;
int job_flags = JOB_DEFAULT;
@@ -279,7 +279,7 @@ index 4c33c3f5f0..f3e508a6a7 100644
GLOBAL_STATE_CODE();
GRAPH_RDLOCK_GUARD_MAINLOOP();
-@@ -2848,6 +2852,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2850,6 +2854,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
sync = MIRROR_SYNC_MODE_FULL;
}
@@ -309,7 +309,7 @@ index 4c33c3f5f0..f3e508a6a7 100644
if (!replaces) {
/* We want to mirror from @bs, but keep implicit filters on top */
unfiltered_bs = bdrv_skip_implicit_filters(bs);
-@@ -2889,8 +2916,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2891,8 +2918,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
* and will allow to check whether the node still exist at mirror completion
*/
mirror_start(job_id, bs, target,
@@ -320,7 +320,7 @@ index 4c33c3f5f0..f3e508a6a7 100644
on_source_error, on_target_error, unmap, filter_node_name,
copy_mode, errp);
}
-@@ -3034,6 +3061,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
+@@ -3036,6 +3063,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
blockdev_mirror_common(arg->job_id, bs, target_bs,
arg->replaces, arg->sync,
@@ -329,7 +329,7 @@ index 4c33c3f5f0..f3e508a6a7 100644
backing_mode, zero_target,
arg->has_speed, arg->speed,
arg->has_granularity, arg->granularity,
-@@ -3053,6 +3082,8 @@ void qmp_blockdev_mirror(const char *job_id,
+@@ -3055,6 +3084,8 @@ void qmp_blockdev_mirror(const char *job_id,
const char *device, const char *target,
const char *replaces,
MirrorSyncMode sync,
@@ -338,7 +338,7 @@ index 4c33c3f5f0..f3e508a6a7 100644
bool has_speed, int64_t speed,
bool has_granularity, uint32_t granularity,
bool has_buf_size, int64_t buf_size,
-@@ -3093,7 +3124,8 @@ void qmp_blockdev_mirror(const char *job_id,
+@@ -3095,7 +3126,8 @@ void qmp_blockdev_mirror(const char *job_id,
}
blockdev_mirror_common(job_id, bs, target_bs,
@@ -364,7 +364,7 @@ index eb2d92a226..f0c642b194 100644
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index b179d65520..905da8be72 100644
+index aa40d44f1d..c2a337cc04 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2174,6 +2174,15 @@
diff --git a/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch b/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
index 8a1b5d8..7bce3ec 100644
--- a/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
+++ b/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
@@ -24,10 +24,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 0c5c72df2e..37fee3fa25 100644
+index 83a88562c5..fc439ea936 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -693,8 +693,6 @@ static int mirror_exit_common(Job *job)
+@@ -694,8 +694,6 @@ static int mirror_exit_common(Job *job)
bdrv_unfreeze_backing_chain(mirror_top_bs, target_bs);
}
@@ -36,7 +36,7 @@ index 0c5c72df2e..37fee3fa25 100644
/* Make sure that the source BDS doesn't go away during bdrv_replace_node,
* before we can call bdrv_drained_end */
bdrv_ref(src);
-@@ -800,6 +798,18 @@ static int mirror_exit_common(Job *job)
+@@ -805,6 +803,18 @@ static int mirror_exit_common(Job *job)
bdrv_drained_end(target_bs);
bdrv_unref(target_bs);
@@ -55,7 +55,7 @@ index 0c5c72df2e..37fee3fa25 100644
bs_opaque->job = NULL;
bdrv_drained_end(src);
-@@ -1757,10 +1767,6 @@ static BlockJob *mirror_start_job(
+@@ -1763,10 +1773,6 @@ static BlockJob *mirror_start_job(
" sync mode",
MirrorSyncMode_str(sync_mode));
return NULL;
@@ -66,7 +66,7 @@ index 0c5c72df2e..37fee3fa25 100644
}
} else if (bitmap) {
error_setg(errp,
-@@ -1777,6 +1783,12 @@ static BlockJob *mirror_start_job(
+@@ -1783,6 +1789,12 @@ static BlockJob *mirror_start_job(
return NULL;
}
granularity = bdrv_dirty_bitmap_granularity(bitmap);
diff --git a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
index d1e0fb0..d82c415 100644
--- a/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
+++ b/debian/patches/bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
@@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 3 insertions(+)
diff --git a/blockdev.c b/blockdev.c
-index f3e508a6a7..37b8437f3e 100644
+index 9b10e3917c..c3fa897289 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -2873,6 +2873,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2875,6 +2875,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_ALLOW_RO, errp)) {
return;
}
diff --git a/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch b/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch
index 33e6923..dee6c7e 100644
--- a/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch
+++ b/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch
@@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 37fee3fa25..6b3cce1007 100644
+index fc439ea936..cde5d710fd 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -804,8 +804,8 @@ static int mirror_exit_common(Job *job)
+@@ -809,8 +809,8 @@ static int mirror_exit_common(Job *job)
job->ret == 0 && ret == 0)) {
/* Success; synchronize copy back to sync. */
bdrv_clear_dirty_bitmap(s->sync_bitmap, NULL);
@@ -30,7 +30,7 @@ index 37fee3fa25..6b3cce1007 100644
}
}
bdrv_release_dirty_bitmap(s->dirty_bitmap);
-@@ -1964,11 +1964,8 @@ static BlockJob *mirror_start_job(
+@@ -1971,11 +1971,8 @@ static BlockJob *mirror_start_job(
}
if (s->sync_mode == MIRROR_SYNC_MODE_BITMAP) {
diff --git a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
index 9f68e4f..f0165d5 100644
--- a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
+++ b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch
@@ -21,10 +21,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
3 files changed, 70 insertions(+), 59 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 6b3cce1007..2f1223852b 100644
+index cde5d710fd..e20f50e5fb 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -1757,31 +1757,13 @@ static BlockJob *mirror_start_job(
+@@ -1763,31 +1763,13 @@ static BlockJob *mirror_start_job(
GLOBAL_STATE_CODE();
@@ -62,10 +62,10 @@ index 6b3cce1007..2f1223852b 100644
if (bitmap_mode != BITMAP_SYNC_MODE_NEVER) {
diff --git a/blockdev.c b/blockdev.c
-index 37b8437f3e..ed8198f351 100644
+index c3fa897289..9cbd166674 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -2852,7 +2852,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2854,7 +2854,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
sync = MIRROR_SYNC_MODE_FULL;
}
diff --git a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
index 45e7f87..e0be888 100644
--- a/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
+++ b/debian/patches/extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
@@ -48,7 +48,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 files changed, 59 insertions(+), 5 deletions(-)
diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h
-index 965f5d5450..e04bd059b6 100644
+index c3740ec616..7f38ce6b8b 100644
--- a/include/monitor/monitor.h
+++ b/include/monitor/monitor.h
@@ -16,6 +16,7 @@ extern QemuOptsList qemu_mon_opts;
@@ -60,7 +60,7 @@ index 965f5d5450..e04bd059b6 100644
void monitor_init_globals(void);
void monitor_init_globals_core(void);
diff --git a/monitor/monitor-internal.h b/monitor/monitor-internal.h
-index 252de85681..8db28f9272 100644
+index cb628f681d..93dbd62fc2 100644
--- a/monitor/monitor-internal.h
+++ b/monitor/monitor-internal.h
@@ -151,6 +151,13 @@ typedef struct {
@@ -78,10 +78,10 @@ index 252de85681..8db28f9272 100644
/**
diff --git a/monitor/monitor.c b/monitor/monitor.c
-index 01ede1babd..5681bca346 100644
+index db52a9c7ef..2d63959351 100644
--- a/monitor/monitor.c
+++ b/monitor/monitor.c
-@@ -117,6 +117,21 @@ bool monitor_cur_is_qmp(void)
+@@ -116,6 +116,21 @@ bool monitor_cur_is_qmp(void)
return cur_mon && monitor_is_qmp(cur_mon);
}
@@ -104,7 +104,7 @@ index 01ede1babd..5681bca346 100644
* Is @mon is using readline?
* Note: not all HMP monitors use readline, e.g., gdbserver has a
diff --git a/monitor/qmp.c b/monitor/qmp.c
-index a239945e8d..589c9524f8 100644
+index 5e538f34c0..eb181d5979 100644
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
@@ -165,6 +165,8 @@ static void monitor_qmp_dispatch(MonitorQMP *mon, QObject *req)
@@ -189,7 +189,7 @@ index 176b549473..790bb7d1da 100644
aio_bh_schedule_oneshot(iohandler_get_aio_context(), do_qmp_dispatch_bh,
&data);
diff --git a/stubs/monitor-core.c b/stubs/monitor-core.c
-index afa477aae6..d3ff124bf3 100644
+index 1894cdfe1f..d74d0459f0 100644
--- a/stubs/monitor-core.c
+++ b/stubs/monitor-core.c
@@ -12,6 +12,11 @@ Monitor *monitor_set_cur(Coroutine *co, Monitor *mon)
@@ -201,6 +201,6 @@ index afa477aae6..d3ff124bf3 100644
+ return -1;
+}
+
- void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp)
+ void qapi_event_emit(QAPIEvent event, QDict *qdict)
{
}
diff --git a/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch b/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
index 502c9d2..b97684d 100644
--- a/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
+++ b/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
@@ -55,7 +55,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
-index e8cb2dac92..3b21acf651 100644
+index 08d9218455..20d8c0cf66 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -456,7 +456,7 @@ static void ide_trim_bh_cb(void *opaque)
diff --git a/debian/patches/extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch b/debian/patches/extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
index 22eb1e7..99b9499 100644
--- a/debian/patches/extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
+++ b/debian/patches/extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
@@ -24,10 +24,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
-index 53f804ac16..9b1b9f0412 100644
+index 5d4bd2b710..67194bb705 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
-@@ -347,13 +347,9 @@ Aml *aml_pci_device_dsm(void)
+@@ -346,13 +346,9 @@ Aml *aml_pci_device_dsm(void)
{
Aml *params = aml_local(0);
Aml *pkg = aml_package(2);
diff --git a/debian/patches/extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch b/debian/patches/extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
deleted file mode 100644
index a8bdd85..0000000
--- a/debian/patches/extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Mon, 29 Apr 2024 15:41:11 +0200
-Subject: [PATCH] block/copy-before-write: use uint64_t for timeout in
- nanoseconds
-
-rather than the uint32_t for which the maximum is slightly more than 4
-seconds and larger values would overflow. The QAPI interface allows
-specifying the number of seconds, so only values 0 to 4 are safe right
-now, other values lead to a much lower timeout than a user expects.
-
-The block_copy() call where this is used already takes a uint64_t for
-the timeout, so no change required there.
-
-Fixes: 6db7fd1ca9 ("block/copy-before-write: implement cbw-timeout option")
-Reported-by: Friedrich Weber <f.weber@proxmox.com>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Tested-by: Friedrich Weber <f.weber@proxmox.com>
----
- block/copy-before-write.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/block/copy-before-write.c b/block/copy-before-write.c
-index 8aba27a71d..026fa9840f 100644
---- a/block/copy-before-write.c
-+++ b/block/copy-before-write.c
-@@ -43,7 +43,7 @@ typedef struct BDRVCopyBeforeWriteState {
- BlockCopyState *bcs;
- BdrvChild *target;
- OnCbwError on_cbw_error;
-- uint32_t cbw_timeout_ns;
-+ uint64_t cbw_timeout_ns;
-
- /*
- * @lock: protects access to @access_bitmap, @done_bitmap and
diff --git a/debian/patches/extra/0006-block-copy-before-write-fix-permission.patch b/debian/patches/extra/0006-block-copy-before-write-fix-permission.patch
deleted file mode 100644
index 6a759a4..0000000
--- a/debian/patches/extra/0006-block-copy-before-write-fix-permission.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Date: Thu, 11 Apr 2024 11:29:22 +0200
-Subject: [PATCH] block/copy-before-write: fix permission
-
-In case when source node does not have any parents, the condition still
-works as required: backup job do create the parent by
-
- block_job_create -> block_job_add_bdrv -> bdrv_root_attach_child
-
-Still, in this case checking @perm variable doesn't work, as backup job
-creates the root blk with empty permissions (as it rely on CBW filter
-to require correct permissions and don't want to create extra
-conflicts).
-
-So, we should not check @perm.
-
-The hack may be dropped entirely when transactional insertion of
-filter (when we don't try to recalculate permissions in intermediate
-state, when filter does conflict with original parent of the source
-node) merged (old big series
-"[PATCH v5 00/45] Transactional block-graph modifying API"[1] and it's
-current in-flight part is "[PATCH v8 0/7] blockdev-replace"[2])
-
-[1] https://patchew.org/QEMU/20220330212902.590099-1-vsementsov@openvz.org/
-[2] https://patchew.org/QEMU/20231017184444.932733-1-vsementsov@yandex-team.ru/
-
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- block/copy-before-write.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/block/copy-before-write.c b/block/copy-before-write.c
-index 026fa9840f..5a9456d426 100644
---- a/block/copy-before-write.c
-+++ b/block/copy-before-write.c
-@@ -364,9 +364,13 @@ cbw_child_perm(BlockDriverState *bs, BdrvChild *c, BdrvChildRole role,
- perm, shared, nperm, nshared);
-
- if (!QLIST_EMPTY(&bs->parents)) {
-- if (perm & BLK_PERM_WRITE) {
-- *nperm = *nperm | BLK_PERM_CONSISTENT_READ;
-- }
-+ /*
-+ * Note, that source child may be shared with backup job. Backup job
-+ * does create own blk parent on copy-before-write node, so this
-+ * works even if source node does not have any parents before backup
-+ * start
-+ */
-+ *nperm = *nperm | BLK_PERM_CONSISTENT_READ;
- *nshared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
- }
- }
diff --git a/debian/patches/extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch b/debian/patches/extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch
deleted file mode 100644
index f651c58..0000000
--- a/debian/patches/extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Date: Thu, 11 Apr 2024 11:29:23 +0200
-Subject: [PATCH] block/copy-before-write: support unligned snapshot-discard
-
-First thing that crashes on unligned access here is
-bdrv_reset_dirty_bitmap(). Correct way is to align-down the
-snapshot-discard request.
-
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- block/copy-before-write.c | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/block/copy-before-write.c b/block/copy-before-write.c
-index 5a9456d426..c0e70669a2 100644
---- a/block/copy-before-write.c
-+++ b/block/copy-before-write.c
-@@ -325,14 +325,24 @@ static int coroutine_fn GRAPH_RDLOCK
- cbw_co_pdiscard_snapshot(BlockDriverState *bs, int64_t offset, int64_t bytes)
- {
- BDRVCopyBeforeWriteState *s = bs->opaque;
-+ uint32_t cluster_size = block_copy_cluster_size(s->bcs);
-+ int64_t aligned_offset = QEMU_ALIGN_UP(offset, cluster_size);
-+ int64_t aligned_end = QEMU_ALIGN_DOWN(offset + bytes, cluster_size);
-+ int64_t aligned_bytes;
-+
-+ if (aligned_end <= aligned_offset) {
-+ return 0;
-+ }
-+ aligned_bytes = aligned_end - aligned_offset;
-
- WITH_QEMU_LOCK_GUARD(&s->lock) {
-- bdrv_reset_dirty_bitmap(s->access_bitmap, offset, bytes);
-+ bdrv_reset_dirty_bitmap(s->access_bitmap, aligned_offset,
-+ aligned_bytes);
- }
-
-- block_copy_reset(s->bcs, offset, bytes);
-+ block_copy_reset(s->bcs, aligned_offset, aligned_bytes);
-
-- return bdrv_co_pdiscard(s->target, offset, bytes);
-+ return bdrv_co_pdiscard(s->target, aligned_offset, aligned_bytes);
- }
-
- static void GRAPH_RDLOCK cbw_refresh_filename(BlockDriverState *bs)
diff --git a/debian/patches/extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch b/debian/patches/extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch
deleted file mode 100644
index 7cd24d0..0000000
--- a/debian/patches/extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch
+++ /dev/null
@@ -1,373 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Date: Thu, 11 Apr 2024 11:29:24 +0200
-Subject: [PATCH] block/copy-before-write: create block_copy bitmap in filter
- node
-
-Currently block_copy creates copy_bitmap in source node. But that is in
-bad relation with .independent_close=true of copy-before-write filter:
-source node may be detached and removed before .bdrv_close() handler
-called, which should call block_copy_state_free(), which in turn should
-remove copy_bitmap.
-
-That's all not ideal: it would be better if internal bitmap of
-block-copy object is not attached to any node. But that is not possible
-now.
-
-The simplest solution is just create copy_bitmap in filter node, where
-anyway two other bitmaps are created.
-
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- block/block-copy.c | 3 +-
- block/copy-before-write.c | 2 +-
- include/block/block-copy.h | 1 +
- tests/qemu-iotests/257.out | 112 ++++++++++++++++++-------------------
- 4 files changed, 60 insertions(+), 58 deletions(-)
-
-diff --git a/block/block-copy.c b/block/block-copy.c
-index 9ee3dd7ef5..8fca2c3698 100644
---- a/block/block-copy.c
-+++ b/block/block-copy.c
-@@ -351,6 +351,7 @@ static int64_t block_copy_calculate_cluster_size(BlockDriverState *target,
- }
-
- BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
-+ BlockDriverState *copy_bitmap_bs,
- const BdrvDirtyBitmap *bitmap,
- Error **errp)
- {
-@@ -367,7 +368,7 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
- return NULL;
- }
-
-- copy_bitmap = bdrv_create_dirty_bitmap(source->bs, cluster_size, NULL,
-+ copy_bitmap = bdrv_create_dirty_bitmap(copy_bitmap_bs, cluster_size, NULL,
- errp);
- if (!copy_bitmap) {
- return NULL;
-diff --git a/block/copy-before-write.c b/block/copy-before-write.c
-index c0e70669a2..94db31512d 100644
---- a/block/copy-before-write.c
-+++ b/block/copy-before-write.c
-@@ -468,7 +468,7 @@ static int cbw_open(BlockDriverState *bs, QDict *options, int flags,
- ((BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK) &
- bs->file->bs->supported_zero_flags);
-
-- s->bcs = block_copy_state_new(bs->file, s->target, bitmap, errp);
-+ s->bcs = block_copy_state_new(bs->file, s->target, bs, bitmap, errp);
- if (!s->bcs) {
- error_prepend(errp, "Cannot create block-copy-state: ");
- return -EINVAL;
-diff --git a/include/block/block-copy.h b/include/block/block-copy.h
-index 0700953ab8..8b41643bfa 100644
---- a/include/block/block-copy.h
-+++ b/include/block/block-copy.h
-@@ -25,6 +25,7 @@ typedef struct BlockCopyState BlockCopyState;
- typedef struct BlockCopyCallState BlockCopyCallState;
-
- BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
-+ BlockDriverState *copy_bitmap_bs,
- const BdrvDirtyBitmap *bitmap,
- Error **errp);
-
-diff --git a/tests/qemu-iotests/257.out b/tests/qemu-iotests/257.out
-index aa76131ca9..c33dd7f3a9 100644
---- a/tests/qemu-iotests/257.out
-+++ b/tests/qemu-iotests/257.out
-@@ -120,16 +120,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -596,16 +596,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -865,16 +865,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -1341,16 +1341,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -1610,16 +1610,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -2086,16 +2086,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -2355,16 +2355,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -2831,16 +2831,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -3100,16 +3100,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -3576,16 +3576,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -3845,16 +3845,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -4321,16 +4321,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -4590,16 +4590,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
-@@ -5066,16 +5066,16 @@ write -P0x67 0x3fe0000 0x20000
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- }
-- ],
-- "drive0": [
-+ },
- {
- "busy": false,
- "count": 0,
- "granularity": 65536,
- "persistent": false,
- "recording": false
-- },
-+ }
-+ ],
-+ "drive0": [
- {
- "busy": false,
- "count": 458752,
diff --git a/debian/patches/extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch b/debian/patches/extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch
deleted file mode 100644
index e11a37d..0000000
--- a/debian/patches/extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch
+++ /dev/null
@@ -1,277 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Date: Thu, 11 Apr 2024 11:29:25 +0200
-Subject: [PATCH] qapi: blockdev-backup: add discard-source parameter
-
-Add a parameter that enables discard-after-copy. That is mostly useful
-in "push backup with fleecing" scheme, when source is snapshot-access
-format driver node, based on copy-before-write filter snapshot-access
-API:
-
-[guest] [snapshot-access] ~~ blockdev-backup ~~> [backup target]
- | |
- | root | file
- v v
-[copy-before-write]
- | |
- | file | target
- v v
-[active disk] [temp.img]
-
-In this case discard-after-copy does two things:
-
- - discard data in temp.img to save disk space
- - avoid further copy-before-write operation in discarded area
-
-Note that we have to declare WRITE permission on source in
-copy-before-write filter, for discard to work. Still we can't take it
-unconditionally, as it will break normal backup from RO source. So, we
-have to add a parameter and pass it thorough bdrv_open flags.
-
-Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- block/backup.c | 5 +++--
- block/block-copy.c | 9 +++++++++
- block/copy-before-write.c | 15 +++++++++++++--
- block/copy-before-write.h | 1 +
- block/replication.c | 4 ++--
- blockdev.c | 2 +-
- include/block/block-common.h | 2 ++
- include/block/block-copy.h | 1 +
- include/block/block_int-global-state.h | 2 +-
- qapi/block-core.json | 4 ++++
- 10 files changed, 37 insertions(+), 8 deletions(-)
-
-diff --git a/block/backup.c b/block/backup.c
-index ec29d6b810..3dd2e229d2 100644
---- a/block/backup.c
-+++ b/block/backup.c
-@@ -356,7 +356,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
- BlockDriverState *target, int64_t speed,
- MirrorSyncMode sync_mode, BdrvDirtyBitmap *sync_bitmap,
- BitmapSyncMode bitmap_mode,
-- bool compress,
-+ bool compress, bool discard_source,
- const char *filter_node_name,
- BackupPerf *perf,
- BlockdevOnError on_source_error,
-@@ -457,7 +457,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
- goto error;
- }
-
-- cbw = bdrv_cbw_append(bs, target, filter_node_name, &bcs, errp);
-+ cbw = bdrv_cbw_append(bs, target, filter_node_name, discard_source,
-+ &bcs, errp);
- if (!cbw) {
- goto error;
- }
-diff --git a/block/block-copy.c b/block/block-copy.c
-index 8fca2c3698..7e3b378528 100644
---- a/block/block-copy.c
-+++ b/block/block-copy.c
-@@ -137,6 +137,7 @@ typedef struct BlockCopyState {
- CoMutex lock;
- int64_t in_flight_bytes;
- BlockCopyMethod method;
-+ bool discard_source;
- BlockReqList reqs;
- QLIST_HEAD(, BlockCopyCallState) calls;
- /*
-@@ -353,6 +354,7 @@ static int64_t block_copy_calculate_cluster_size(BlockDriverState *target,
- BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
- BlockDriverState *copy_bitmap_bs,
- const BdrvDirtyBitmap *bitmap,
-+ bool discard_source,
- Error **errp)
- {
- ERRP_GUARD();
-@@ -418,6 +420,7 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
- cluster_size),
- };
-
-+ s->discard_source = discard_source;
- block_copy_set_copy_opts(s, false, false);
-
- ratelimit_init(&s->rate_limit);
-@@ -589,6 +592,12 @@ static coroutine_fn int block_copy_task_entry(AioTask *task)
- co_put_to_shres(s->mem, t->req.bytes);
- block_copy_task_end(t, ret);
-
-+ if (s->discard_source && ret == 0) {
-+ int64_t nbytes =
-+ MIN(t->req.offset + t->req.bytes, s->len) - t->req.offset;
-+ bdrv_co_pdiscard(s->source, t->req.offset, nbytes);
-+ }
-+
- return ret;
- }
-
-diff --git a/block/copy-before-write.c b/block/copy-before-write.c
-index 94db31512d..853e01a1eb 100644
---- a/block/copy-before-write.c
-+++ b/block/copy-before-write.c
-@@ -44,6 +44,7 @@ typedef struct BDRVCopyBeforeWriteState {
- BdrvChild *target;
- OnCbwError on_cbw_error;
- uint64_t cbw_timeout_ns;
-+ bool discard_source;
-
- /*
- * @lock: protects access to @access_bitmap, @done_bitmap and
-@@ -357,6 +358,8 @@ cbw_child_perm(BlockDriverState *bs, BdrvChild *c, BdrvChildRole role,
- uint64_t perm, uint64_t shared,
- uint64_t *nperm, uint64_t *nshared)
- {
-+ BDRVCopyBeforeWriteState *s = bs->opaque;
-+
- if (!(role & BDRV_CHILD_FILTERED)) {
- /*
- * Target child
-@@ -381,6 +384,10 @@ cbw_child_perm(BlockDriverState *bs, BdrvChild *c, BdrvChildRole role,
- * start
- */
- *nperm = *nperm | BLK_PERM_CONSISTENT_READ;
-+ if (s->discard_source) {
-+ *nperm = *nperm | BLK_PERM_WRITE;
-+ }
-+
- *nshared &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE);
- }
- }
-@@ -468,7 +475,9 @@ static int cbw_open(BlockDriverState *bs, QDict *options, int flags,
- ((BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK) &
- bs->file->bs->supported_zero_flags);
-
-- s->bcs = block_copy_state_new(bs->file, s->target, bs, bitmap, errp);
-+ s->discard_source = flags & BDRV_O_CBW_DISCARD_SOURCE;
-+ s->bcs = block_copy_state_new(bs->file, s->target, bs, bitmap,
-+ flags & BDRV_O_CBW_DISCARD_SOURCE, errp);
- if (!s->bcs) {
- error_prepend(errp, "Cannot create block-copy-state: ");
- return -EINVAL;
-@@ -535,12 +544,14 @@ static BlockDriver bdrv_cbw_filter = {
- BlockDriverState *bdrv_cbw_append(BlockDriverState *source,
- BlockDriverState *target,
- const char *filter_node_name,
-+ bool discard_source,
- BlockCopyState **bcs,
- Error **errp)
- {
- BDRVCopyBeforeWriteState *state;
- BlockDriverState *top;
- QDict *opts;
-+ int flags = BDRV_O_RDWR | (discard_source ? BDRV_O_CBW_DISCARD_SOURCE : 0);
-
- assert(source->total_sectors == target->total_sectors);
- GLOBAL_STATE_CODE();
-@@ -553,7 +564,7 @@ BlockDriverState *bdrv_cbw_append(BlockDriverState *source,
- qdict_put_str(opts, "file", bdrv_get_node_name(source));
- qdict_put_str(opts, "target", bdrv_get_node_name(target));
-
-- top = bdrv_insert_node(source, opts, BDRV_O_RDWR, errp);
-+ top = bdrv_insert_node(source, opts, flags, errp);
- if (!top) {
- return NULL;
- }
-diff --git a/block/copy-before-write.h b/block/copy-before-write.h
-index 6e72bb25e9..01af0cd3c4 100644
---- a/block/copy-before-write.h
-+++ b/block/copy-before-write.h
-@@ -39,6 +39,7 @@
- BlockDriverState *bdrv_cbw_append(BlockDriverState *source,
- BlockDriverState *target,
- const char *filter_node_name,
-+ bool discard_source,
- BlockCopyState **bcs,
- Error **errp);
- void bdrv_cbw_drop(BlockDriverState *bs);
-diff --git a/block/replication.c b/block/replication.c
-index ca6bd0a720..0415a5e8b7 100644
---- a/block/replication.c
-+++ b/block/replication.c
-@@ -582,8 +582,8 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode,
-
- s->backup_job = backup_job_create(
- NULL, s->secondary_disk->bs, s->hidden_disk->bs,
-- 0, MIRROR_SYNC_MODE_NONE, NULL, 0, false, NULL,
-- &perf,
-+ 0, MIRROR_SYNC_MODE_NONE, NULL, 0, false, false,
-+ NULL, &perf,
- BLOCKDEV_ON_ERROR_REPORT,
- BLOCKDEV_ON_ERROR_REPORT, JOB_INTERNAL,
- backup_job_completed, bs, NULL, &local_err);
-diff --git a/blockdev.c b/blockdev.c
-index 057601dcf0..4c33c3f5f0 100644
---- a/blockdev.c
-+++ b/blockdev.c
-@@ -2726,7 +2726,7 @@ static BlockJob *do_backup_common(BackupCommon *backup,
-
- job = backup_job_create(backup->job_id, bs, target_bs, backup->speed,
- backup->sync, bmap, backup->bitmap_mode,
-- backup->compress,
-+ backup->compress, backup->discard_source,
- backup->filter_node_name,
- &perf,
- backup->on_source_error,
-diff --git a/include/block/block-common.h b/include/block/block-common.h
-index a846023a09..338fe5ff7a 100644
---- a/include/block/block-common.h
-+++ b/include/block/block-common.h
-@@ -243,6 +243,8 @@ typedef enum {
- read-write fails */
- #define BDRV_O_IO_URING 0x40000 /* use io_uring instead of the thread pool */
-
-+#define BDRV_O_CBW_DISCARD_SOURCE 0x80000 /* for copy-before-write filter */
-+
- #define BDRV_O_CACHE_MASK (BDRV_O_NOCACHE | BDRV_O_NO_FLUSH)
-
-
-diff --git a/include/block/block-copy.h b/include/block/block-copy.h
-index 8b41643bfa..bdc703bacd 100644
---- a/include/block/block-copy.h
-+++ b/include/block/block-copy.h
-@@ -27,6 +27,7 @@ typedef struct BlockCopyCallState BlockCopyCallState;
- BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
- BlockDriverState *copy_bitmap_bs,
- const BdrvDirtyBitmap *bitmap,
-+ bool discard_source,
- Error **errp);
-
- /* Function should be called prior any actual copy request */
-diff --git a/include/block/block_int-global-state.h b/include/block/block_int-global-state.h
-index d2201e27f4..eb2d92a226 100644
---- a/include/block/block_int-global-state.h
-+++ b/include/block/block_int-global-state.h
-@@ -193,7 +193,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
- MirrorSyncMode sync_mode,
- BdrvDirtyBitmap *sync_bitmap,
- BitmapSyncMode bitmap_mode,
-- bool compress,
-+ bool compress, bool discard_source,
- const char *filter_node_name,
- BackupPerf *perf,
- BlockdevOnError on_source_error,
-diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 4b18e01b85..b179d65520 100644
---- a/qapi/block-core.json
-+++ b/qapi/block-core.json
-@@ -1610,6 +1610,9 @@
- # node specified by @drive. If this option is not given, a node
- # name is autogenerated. (Since: 4.2)
- #
-+# @discard-source: Discard blocks on source which are already copied
-+# to the target. (Since 9.0)
-+#
- # @x-perf: Performance options. (Since 6.0)
- #
- # Features:
-@@ -1631,6 +1634,7 @@
- '*on-target-error': 'BlockdevOnError',
- '*auto-finalize': 'bool', '*auto-dismiss': 'bool',
- '*filter-node-name': 'str',
-+ '*discard-source': 'bool',
- '*x-perf': { 'type': 'BackupPerf',
- 'features': [ 'unstable' ] } } }
-
diff --git a/debian/patches/extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch b/debian/patches/extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch
deleted file mode 100644
index c5a3e92..0000000
--- a/debian/patches/extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Thomas Huth <thuth@redhat.com>
-Date: Tue, 18 Jun 2024 14:19:58 +0200
-Subject: [PATCH] hw/virtio: Fix the de-initialization of vhost-user devices
-
-The unrealize functions of the various vhost-user devices are
-calling the corresponding vhost_*_set_status() functions with a
-status of 0 to shut down the device correctly.
-
-Now these vhost_*_set_status() functions all follow this scheme:
-
- bool should_start = virtio_device_should_start(vdev, status);
-
- if (vhost_dev_is_started(&vvc->vhost_dev) == should_start) {
- return;
- }
-
- if (should_start) {
- /* ... do the initialization stuff ... */
- } else {
- /* ... do the cleanup stuff ... */
- }
-
-The problem here is virtio_device_should_start(vdev, 0) currently
-always returns "true" since it internally only looks at vdev->started
-instead of looking at the "status" parameter. Thus once the device
-got started once, virtio_device_should_start() always returns true
-and thus the vhost_*_set_status() functions return early, without
-ever doing any clean-up when being called with status == 0. This
-causes e.g. problems when trying to hot-plug and hot-unplug a vhost
-user devices multiple times since the de-initialization step is
-completely skipped during the unplug operation.
-
-This bug has been introduced in commit 9f6bcfd99f ("hw/virtio: move
-vm_running check to virtio_device_started") which replaced
-
- should_start = status & VIRTIO_CONFIG_S_DRIVER_OK;
-
-with
-
- should_start = virtio_device_started(vdev, status);
-
-which later got replaced by virtio_device_should_start(). This blocked
-the possibility to set should_start to false in case the status flag
-VIRTIO_CONFIG_S_DRIVER_OK was not set.
-
-Fix it by adjusting the virtio_device_should_start() function to
-only consider the status flag instead of vdev->started. Since this
-function is only used in the various vhost_*_set_status() functions
-for exactly the same purpose, it should be fine to fix it in this
-central place there without any risk to change the behavior of other
-code.
-
-Fixes: 9f6bcfd99f ("hw/virtio: move vm_running check to virtio_device_started")
-Buglink: https://issues.redhat.com/browse/RHEL-40708
-Signed-off-by: Thomas Huth <thuth@redhat.com>
-Message-Id: <20240618121958.88673-1-thuth@redhat.com>
-Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit d72479b11797c28893e1e3fc565497a9cae5ca16)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- include/hw/virtio/virtio.h | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
-index 7d5ffdc145..2eafad17b8 100644
---- a/include/hw/virtio/virtio.h
-+++ b/include/hw/virtio/virtio.h
-@@ -470,9 +470,9 @@ static inline bool virtio_device_started(VirtIODevice *vdev, uint8_t status)
- * @vdev - the VirtIO device
- * @status - the devices status bits
- *
-- * This is similar to virtio_device_started() but also encapsulates a
-- * check on the VM status which would prevent a device starting
-- * anyway.
-+ * This is similar to virtio_device_started() but ignores vdev->started
-+ * and also encapsulates a check on the VM status which would prevent a
-+ * device from starting anyway.
- */
- static inline bool virtio_device_should_start(VirtIODevice *vdev, uint8_t status)
- {
-@@ -480,7 +480,7 @@ static inline bool virtio_device_should_start(VirtIODevice *vdev, uint8_t status
- return false;
- }
-
-- return virtio_device_started(vdev, status);
-+ return status & VIRTIO_CONFIG_S_DRIVER_OK;
- }
-
- static inline void virtio_set_started(VirtIODevice *vdev, bool started)
diff --git a/debian/patches/extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch b/debian/patches/extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch
deleted file mode 100644
index 3ca2147..0000000
--- a/debian/patches/extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Daniyal Khan <danikhan632@gmail.com>
-Date: Wed, 17 Jul 2024 16:01:47 +1000
-Subject: [PATCH] target/arm: Use float_status copy in sme_fmopa_s
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We made a copy above because the fp exception flags
-are not propagated back to the FPST register, but
-then failed to use the copy.
-
-Cc: qemu-stable@nongnu.org
-Fixes: 558e956c719 ("target/arm: Implement FMOPA, FMOPS (non-widening)")
-Signed-off-by: Daniyal Khan <danikhan632@gmail.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Message-id: 20240717060149.204788-2-richard.henderson@linaro.org
-[rth: Split from a larger patch]
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-(cherry picked from commit 31d93fedf41c24b0badb38cd9317590d1ef74e37)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/sme_helper.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c
-index e2e0575039..5a6dd76489 100644
---- a/target/arm/tcg/sme_helper.c
-+++ b/target/arm/tcg/sme_helper.c
-@@ -916,7 +916,7 @@ void HELPER(sme_fmopa_s)(void *vza, void *vzn, void *vzm, void *vpn,
- if (pb & 1) {
- uint32_t *a = vza_row + H1_4(col);
- uint32_t *m = vzm + H1_4(col);
-- *a = float32_muladd(n, *m, *a, 0, vst);
-+ *a = float32_muladd(n, *m, *a, 0, &fpst);
- }
- col += 4;
- pb >>= 4;
diff --git a/debian/patches/extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch b/debian/patches/extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch
deleted file mode 100644
index 56f24fc..0000000
--- a/debian/patches/extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Richard Henderson <richard.henderson@linaro.org>
-Date: Wed, 17 Jul 2024 16:01:48 +1000
-Subject: [PATCH] target/arm: Use FPST_F16 for SME FMOPA (widening)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This operation has float16 inputs and thus must use
-the FZ16 control not the FZ control.
-
-Cc: qemu-stable@nongnu.org
-Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)")
-Reported-by: Daniyal Khan <danikhan632@gmail.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Message-id: 20240717060149.204788-3-richard.henderson@linaro.org
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2374
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-(cherry picked from commit 207d30b5fdb5b45a36f26eefcf52fe2c1714dd4f)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/translate-sme.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c
-index 46c7fce8b4..185a8a917b 100644
---- a/target/arm/tcg/translate-sme.c
-+++ b/target/arm/tcg/translate-sme.c
-@@ -304,6 +304,7 @@ static bool do_outprod(DisasContext *s, arg_op *a, MemOp esz,
- }
-
- static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz,
-+ ARMFPStatusFlavour e_fpst,
- gen_helper_gvec_5_ptr *fn)
- {
- int svl = streaming_vec_reg_size(s);
-@@ -319,15 +320,18 @@ static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz,
- zm = vec_full_reg_ptr(s, a->zm);
- pn = pred_full_reg_ptr(s, a->pn);
- pm = pred_full_reg_ptr(s, a->pm);
-- fpst = fpstatus_ptr(FPST_FPCR);
-+ fpst = fpstatus_ptr(e_fpst);
-
- fn(za, zn, zm, pn, pm, fpst, tcg_constant_i32(desc));
- return true;
- }
-
--TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a, MO_32, gen_helper_sme_fmopa_h)
--TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a, MO_32, gen_helper_sme_fmopa_s)
--TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a, MO_64, gen_helper_sme_fmopa_d)
-+TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a,
-+ MO_32, FPST_FPCR_F16, gen_helper_sme_fmopa_h)
-+TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a,
-+ MO_32, FPST_FPCR, gen_helper_sme_fmopa_s)
-+TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a,
-+ MO_64, FPST_FPCR, gen_helper_sme_fmopa_d)
-
- /* TODO: FEAT_EBF16 */
- TRANS_FEAT(BFMOPA, aa64_sme, do_outprod, a, MO_32, gen_helper_sme_bfmopa)
diff --git a/debian/patches/extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch b/debian/patches/extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch
deleted file mode 100644
index 6fad4dc..0000000
--- a/debian/patches/extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Wed, 10 Jul 2024 17:25:29 +0200
-Subject: [PATCH] scsi: fix regression and honor bootindex again for legacy
- drives
-
-Commit 3089637461 ("scsi: Don't ignore most usb-storage properties")
-removed the call to object_property_set_int() and thus the 'set'
-method for the bootindex property was also not called anymore. Here
-that method is device_set_bootindex() (as configured by
-scsi_dev_instance_init() -> device_add_bootindex_property()) which as
-a side effect registers the device via add_boot_device_path().
-
-As reported by a downstream user [0], the bootindex property did not
-have the desired effect anymore for legacy drives. Fix the regression
-by explicitly calling the add_boot_device_path() function after
-checking that the bootindex is not yet used (to avoid
-add_boot_device_path() calling exit()).
-
-[0]: https://forum.proxmox.com/threads/149772/post-679433
-
-Cc: qemu-stable@nongnu.org
-Fixes: 3089637461 ("scsi: Don't ignore most usb-storage properties")
-Suggested-by: Kevin Wolf <kwolf@redhat.com>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Link: https://lore.kernel.org/r/20240710152529.1737407-1-f.ebner@proxmox.com
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 57a8a80d1a5b28797b21d30bfc60601945820e51)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/scsi/scsi-bus.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
-index 9e40b0c920..53eff5dd3d 100644
---- a/hw/scsi/scsi-bus.c
-+++ b/hw/scsi/scsi-bus.c
-@@ -384,6 +384,7 @@ SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockBackend *blk,
- DeviceState *dev;
- SCSIDevice *s;
- DriveInfo *dinfo;
-+ Error *local_err = NULL;
-
- if (blk_is_sg(blk)) {
- driver = "scsi-generic";
-@@ -403,6 +404,14 @@ SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockBackend *blk,
- s = SCSI_DEVICE(dev);
- s->conf = *conf;
-
-+ check_boot_index(conf->bootindex, &local_err);
-+ if (local_err) {
-+ object_unparent(OBJECT(dev));
-+ error_propagate(errp, local_err);
-+ return NULL;
-+ }
-+ add_boot_device_path(conf->bootindex, dev, NULL);
-+
- qdev_prop_set_uint32(dev, "scsi-id", unit);
- if (object_property_find(OBJECT(dev), "removable")) {
- qdev_prop_set_bit(dev, "removable", removable);
diff --git a/debian/patches/extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch b/debian/patches/extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch
deleted file mode 100644
index e118289..0000000
--- a/debian/patches/extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Mon, 15 Jul 2024 15:14:03 +0200
-Subject: [PATCH] hw/scsi/lsi53c895a: bump instruction limit in scripts
- processing to fix regression
-
-Commit 9876359990 ("hw/scsi/lsi53c895a: add timer to scripts
-processing") reduced the maximum allowed instruction count by
-a factor of 100 all the way down to 100.
-
-This causes the "Check Point R81.20 Gaia" appliance [0] to fail to
-boot after fully finishing the installation via the appliance's web
-interface (there is already one reboot before that).
-
-With a limit of 150, the appliance still fails to boot, while with a
-limit of 200, it works. Bump to 500 to fix the regression and be on
-the safe side.
-
-Originally reported in the Proxmox community forum[1].
-
-[0]: https://support.checkpoint.com/results/download/124397
-[1]: https://forum.proxmox.com/threads/149772/post-683459
-
-Cc: qemu-stable@nongnu.org
-Fixes: 9876359990 ("hw/scsi/lsi53c895a: add timer to scripts processing")
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Acked-by: Sven Schnelle <svens@stackframe.org>
-Link: https://lore.kernel.org/r/20240715131403.223239-1-f.ebner@proxmox.com
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit a4975023fb13cf229bd59c9ceec1b8cbdc5b9a20)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/scsi/lsi53c895a.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
-index eb9828dd5e..f1935e5328 100644
---- a/hw/scsi/lsi53c895a.c
-+++ b/hw/scsi/lsi53c895a.c
-@@ -188,7 +188,7 @@ static const char *names[] = {
- #define LSI_TAG_VALID (1 << 16)
-
- /* Maximum instructions to process. */
--#define LSI_MAX_INSN 100
-+#define LSI_MAX_INSN 500
-
- typedef struct lsi_request {
- SCSIRequest *req;
diff --git a/debian/patches/extra/0015-block-copy-Fix-missing-graph-lock.patch b/debian/patches/extra/0015-block-copy-Fix-missing-graph-lock.patch
deleted file mode 100644
index dc1d2c1..0000000
--- a/debian/patches/extra/0015-block-copy-Fix-missing-graph-lock.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 27 Jun 2024 20:12:44 +0200
-Subject: [PATCH] block-copy: Fix missing graph lock
-
-The graph lock needs to be held when calling bdrv_co_pdiscard(). Fix
-block_copy_task_entry() to take it for the call.
-
-WITH_GRAPH_RDLOCK_GUARD() was implemented in a weak way because of
-limitations in clang's Thread Safety Analysis at the time, so that it
-only asserts that the lock is held (which allows calling functions that
-require the lock), but we never deal with the unlocking (so even after
-the scope of the guard, the compiler assumes that the lock is still
-held). This is why the compiler didn't catch this locking error.
-
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-(picked from https://lore.kernel.org/qemu-devel/20240627181245.281403-2-kwolf@redhat.com/)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block/block-copy.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/block/block-copy.c b/block/block-copy.c
-index 7e3b378528..cc618e4561 100644
---- a/block/block-copy.c
-+++ b/block/block-copy.c
-@@ -595,7 +595,9 @@ static coroutine_fn int block_copy_task_entry(AioTask *task)
- if (s->discard_source && ret == 0) {
- int64_t nbytes =
- MIN(t->req.offset + t->req.bytes, s->len) - t->req.offset;
-- bdrv_co_pdiscard(s->source, t->req.offset, nbytes);
-+ WITH_GRAPH_RDLOCK_GUARD() {
-+ bdrv_co_pdiscard(s->source, t->req.offset, nbytes);
-+ }
- }
-
- return ret;
diff --git a/debian/patches/extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch b/debian/patches/extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch
deleted file mode 100644
index 088af84..0000000
--- a/debian/patches/extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Sergey Dyasli <sergey.dyasli@nutanix.com>
-Date: Fri, 12 Jul 2024 09:26:59 +0000
-Subject: [PATCH] Revert "qemu-char: do not operate on sources from finalize
- callbacks"
-
-This reverts commit 2b316774f60291f57ca9ecb6a9f0712c532cae34.
-
-After 038b4217884c ("Revert "chardev: use a child source for qio input
-source"") we've been observing the "iwp->src == NULL" assertion
-triggering periodically during the initial capabilities querying by
-libvirtd. One of possible backtraces:
-
-Thread 1 (Thread 0x7f16cd4f0700 (LWP 43858)):
-0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
-1 0x00007f16c6c21e65 in __GI_abort () at abort.c:79
-2 0x00007f16c6c21d39 in __assert_fail_base at assert.c:92
-3 0x00007f16c6c46e86 in __GI___assert_fail (assertion=assertion@entry=0x562e9bcdaadd "iwp->src == NULL", file=file@entry=0x562e9bcdaac8 "../chardev/char-io.c", line=line@entry=99, function=function@entry=0x562e9bcdab10 <__PRETTY_FUNCTION__.20549> "io_watch_poll_finalize") at assert.c:101
-4 0x0000562e9ba20c2c in io_watch_poll_finalize (source=<optimized out>) at ../chardev/char-io.c:99
-5 io_watch_poll_finalize (source=<optimized out>) at ../chardev/char-io.c:88
-6 0x00007f16c904aae0 in g_source_unref_internal () from /lib64/libglib-2.0.so.0
-7 0x00007f16c904baf9 in g_source_destroy_internal () from /lib64/libglib-2.0.so.0
-8 0x0000562e9ba20db0 in io_remove_watch_poll (source=0x562e9d6720b0) at ../chardev/char-io.c:147
-9 remove_fd_in_watch (chr=chr@entry=0x562e9d5f3800) at ../chardev/char-io.c:153
-10 0x0000562e9ba23ffb in update_ioc_handlers (s=0x562e9d5f3800) at ../chardev/char-socket.c:592
-11 0x0000562e9ba2072f in qemu_chr_fe_set_handlers_full at ../chardev/char-fe.c:279
-12 0x0000562e9ba207a9 in qemu_chr_fe_set_handlers at ../chardev/char-fe.c:304
-13 0x0000562e9ba2ca75 in monitor_qmp_setup_handlers_bh (opaque=0x562e9d4c2c60) at ../monitor/qmp.c:509
-14 0x0000562e9bb6222e in aio_bh_poll (ctx=ctx@entry=0x562e9d4c2f20) at ../util/async.c:216
-15 0x0000562e9bb4de0a in aio_poll (ctx=0x562e9d4c2f20, blocking=blocking@entry=true) at ../util/aio-posix.c:722
-16 0x0000562e9b99dfaa in iothread_run (opaque=0x562e9d4c26f0) at ../iothread.c:63
-17 0x0000562e9bb505a4 in qemu_thread_start (args=0x562e9d4c7ea0) at ../util/qemu-thread-posix.c:543
-18 0x00007f16c70081ca in start_thread (arg=<optimized out>) at pthread_create.c:479
-19 0x00007f16c6c398d3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
-
-io_remove_watch_poll(), which makes sure that iwp->src is NULL, calls
-g_source_destroy() which finds that iwp->src is not NULL in the finalize
-callback. This can only happen if another thread has managed to trigger
-io_watch_poll_prepare() callback in the meantime.
-
-Move iwp->src destruction back to the finalize callback to prevent the
-described race, and also remove the stale comment. The deadlock glib bug
-was fixed back in 2010 by b35820285668 ("gmain: move finalization of
-GSource outside of context lock").
-
-Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Sergey Dyasli <sergey.dyasli@nutanix.com>
-Link: https://lore.kernel.org/r/20240712092659.216206-1-sergey.dyasli@nutanix.com
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit e0bf95443ee9326d44031373420cf9f3513ee255)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- chardev/char-io.c | 19 +++++--------------
- 1 file changed, 5 insertions(+), 14 deletions(-)
-
-diff --git a/chardev/char-io.c b/chardev/char-io.c
-index dab77b112e..3be17b51ca 100644
---- a/chardev/char-io.c
-+++ b/chardev/char-io.c
-@@ -87,16 +87,12 @@ static gboolean io_watch_poll_dispatch(GSource *source, GSourceFunc callback,
-
- static void io_watch_poll_finalize(GSource *source)
- {
-- /*
-- * Due to a glib bug, removing the last reference to a source
-- * inside a finalize callback causes recursive locking (and a
-- * deadlock). This is not a problem inside other callbacks,
-- * including dispatch callbacks, so we call io_remove_watch_poll
-- * to remove this source. At this point, iwp->src must
-- * be NULL, or we would leak it.
-- */
- IOWatchPoll *iwp = io_watch_poll_from_source(source);
-- assert(iwp->src == NULL);
-+ if (iwp->src) {
-+ g_source_destroy(iwp->src);
-+ g_source_unref(iwp->src);
-+ iwp->src = NULL;
-+ }
- }
-
- static GSourceFuncs io_watch_poll_funcs = {
-@@ -139,11 +135,6 @@ static void io_remove_watch_poll(GSource *source)
- IOWatchPoll *iwp;
-
- iwp = io_watch_poll_from_source(source);
-- if (iwp->src) {
-- g_source_destroy(iwp->src);
-- g_source_unref(iwp->src);
-- iwp->src = NULL;
-- }
- g_source_destroy(&iwp->parent);
- }
-
diff --git a/debian/patches/extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch b/debian/patches/extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch
deleted file mode 100644
index 055d7c0..0000000
--- a/debian/patches/extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Cindy Lu <lulu@redhat.com>
-Date: Tue, 6 Aug 2024 17:37:12 +0800
-Subject: [PATCH] virtio-pci: Fix the use of an uninitialized irqfd
-
-The crash was reported in MAC OS and NixOS, here is the link for this bug
-https://gitlab.com/qemu-project/qemu/-/issues/2334
-https://gitlab.com/qemu-project/qemu/-/issues/2321
-
-In this bug, they are using the virtio_input device. The guest notifier was
-not supported for this device, The function virtio_pci_set_guest_notifiers()
-was not called, and the vector_irqfd was not initialized.
-
-So the fix is adding the check for vector_irqfd in virtio_pci_get_notifier()
-
-The function virtio_pci_get_notifier() can be used in various devices.
-It could also be called when VIRTIO_CONFIG_S_DRIVER_OK is not set. In this situation,
-the vector_irqfd being NULL is acceptable. We can allow the device continue to boot
-
-If the vector_irqfd still hasn't been initialized after VIRTIO_CONFIG_S_DRIVER_OK
-is set, it means that the function set_guest_notifiers was not called before the
-driver started. This indicates that the device is not using the notifier.
-At this point, we will let the check fail.
-
-This fix is verified in vyatta,MacOS,NixOS,fedora system.
-
-The bt tree for this bug is:
-Thread 6 "CPU 0/KVM" received signal SIGSEGV, Segmentation fault.
-[Switching to Thread 0x7c817be006c0 (LWP 1269146)]
-kvm_virtio_pci_vq_vector_use () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:817
-817 if (irqfd->users == 0) {
-(gdb) thread apply all bt
-...
-Thread 6 (Thread 0x7c817be006c0 (LWP 1269146) "CPU 0/KVM"):
-0 kvm_virtio_pci_vq_vector_use () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:817
-1 kvm_virtio_pci_vector_use_one () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:893
-2 0x00005983657045e2 in memory_region_write_accessor () at ../qemu-9.0.0/system/memory.c:497
-3 0x0000598365704ba6 in access_with_adjusted_size () at ../qemu-9.0.0/system/memory.c:573
-4 0x0000598365705059 in memory_region_dispatch_write () at ../qemu-9.0.0/system/memory.c:1528
-5 0x00005983659b8e1f in flatview_write_continue_step.isra.0 () at ../qemu-9.0.0/system/physmem.c:2713
-6 0x000059836570ba7d in flatview_write_continue () at ../qemu-9.0.0/system/physmem.c:2743
-7 flatview_write () at ../qemu-9.0.0/system/physmem.c:2774
-8 0x000059836570bb76 in address_space_write () at ../qemu-9.0.0/system/physmem.c:2894
-9 0x0000598365763afe in address_space_rw () at ../qemu-9.0.0/system/physmem.c:2904
-10 kvm_cpu_exec () at ../qemu-9.0.0/accel/kvm/kvm-all.c:2917
-11 0x000059836576656e in kvm_vcpu_thread_fn () at ../qemu-9.0.0/accel/kvm/kvm-accel-ops.c:50
-12 0x0000598365926ca8 in qemu_thread_start () at ../qemu-9.0.0/util/qemu-thread-posix.c:541
-13 0x00007c8185bcd1cf in ??? () at /usr/lib/libc.so.6
-14 0x00007c8185c4e504 in clone () at /usr/lib/libc.so.6
-
-Fixes: 2ce6cff94d ("virtio-pci: fix use of a released vector")
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Cindy Lu <lulu@redhat.com>
-Message-Id: <20240806093715.65105-1-lulu@redhat.com>
-Acked-by: Jason Wang <jasowang@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit a8e63ff289d137197ad7a701a587cc432872d798)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/virtio/virtio-pci.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
-index e04218a9fb..389bab003f 100644
---- a/hw/virtio/virtio-pci.c
-+++ b/hw/virtio/virtio-pci.c
-@@ -860,6 +860,9 @@ static int virtio_pci_get_notifier(VirtIOPCIProxy *proxy, int queue_no,
- VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- VirtQueue *vq;
-
-+ if (!proxy->vector_irqfd && vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)
-+ return -1;
-+
- if (queue_no == VIRTIO_CONFIG_IRQ_IDX) {
- *n = virtio_config_get_guest_notifier(vdev);
- *vector = vdev->config_vector;
diff --git a/debian/patches/extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch b/debian/patches/extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch
deleted file mode 100644
index 1dcb129..0000000
--- a/debian/patches/extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Akihiko Odaki <akihiko.odaki@daynix.com>
-Date: Mon, 1 Jul 2024 20:58:04 +0900
-Subject: [PATCH] virtio-net: Ensure queue index fits with RSS
-
-Ensure the queue index points to a valid queue when software RSS
-enabled. The new calculation matches with the behavior of Linux's TAP
-device with the RSS eBPF program.
-
-Fixes: 4474e37a5b3a ("virtio-net: implement RX RSS processing")
-Reported-by: Zhibin Hu <huzhibin5@huawei.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit f1595ceb9aad36a6c1da95bcb77ab9509b38822d)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/net/virtio-net.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
-index 3644bfd91b..f48588638d 100644
---- a/hw/net/virtio-net.c
-+++ b/hw/net/virtio-net.c
-@@ -1949,7 +1949,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
- if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) {
- int index = virtio_net_process_rss(nc, buf, size);
- if (index >= 0) {
-- NetClientState *nc2 = qemu_get_subqueue(n->nic, index);
-+ NetClientState *nc2 =
-+ qemu_get_subqueue(n->nic, index % n->curr_queue_pairs);
- return virtio_net_receive_rcu(nc2, buf, size, true);
- }
- }
diff --git a/debian/patches/extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch b/debian/patches/extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch
deleted file mode 100644
index b8f67d4..0000000
--- a/debian/patches/extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch
+++ /dev/null
@@ -1,338 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: thomas <east.moutain.yang@gmail.com>
-Date: Fri, 12 Jul 2024 11:10:53 +0800
-Subject: [PATCH] virtio-net: Fix network stall at the host side waiting for
- kick
-
-Patch 06b12970174 ("virtio-net: fix network stall under load")
-added double-check to test whether the available buffer size
-can satisfy the request or not, in case the guest has added
-some buffers to the avail ring simultaneously after the first
-check. It will be lucky if the available buffer size becomes
-okay after the double-check, then the host can send the packet
-to the guest. If the buffer size still can't satisfy the request,
-even if the guest has added some buffers, viritio-net would
-stall at the host side forever.
-
-The patch enables notification and checks whether the guest has
-added some buffers since last check of available buffers when
-the available buffers are insufficient. If no buffer is added,
-return false, else recheck the available buffers in the loop.
-If the available buffers are sufficient, disable notification
-and return true.
-
-Changes:
-1. Change the return type of virtqueue_get_avail_bytes() from void
- to int, it returns an opaque that represents the shadow_avail_idx
- of the virtqueue on success, else -1 on error.
-2. Add a new API: virtio_queue_enable_notification_and_check(),
- it takes an opaque as input arg which is returned from
- virtqueue_get_avail_bytes(). It enables notification firstly,
- then checks whether the guest has added some buffers since
- last check of available buffers or not by virtio_queue_poll(),
- return ture if yes.
-
-The patch also reverts patch "06b12970174".
-
-The case below can reproduce the stall.
-
- Guest 0
- +--------+
- | iperf |
- ---------------> | server |
- Host | +--------+
- +--------+ | ...
- | iperf |----
- | client |---- Guest n
- +--------+ | +--------+
- | | iperf |
- ---------------> | server |
- +--------+
-
-Boot many guests from qemu with virtio network:
- qemu ... -netdev tap,id=net_x \
- -device virtio-net-pci-non-transitional,\
- iommu_platform=on,mac=xx:xx:xx:xx:xx:xx,netdev=net_x
-
-Each guest acts as iperf server with commands below:
- iperf3 -s -D -i 10 -p 8001
- iperf3 -s -D -i 10 -p 8002
-
-The host as iperf client:
- iperf3 -c guest_IP -p 8001 -i 30 -w 256k -P 20 -t 40000
- iperf3 -c guest_IP -p 8002 -i 30 -w 256k -P 20 -t 40000
-
-After some time, the host loses connection to the guest,
-the guest can send packet to the host, but can't receive
-packet from the host.
-
-It's more likely to happen if SWIOTLB is enabled in the guest,
-allocating and freeing bounce buffer takes some CPU ticks,
-copying from/to bounce buffer takes more CPU ticks, compared
-with that there is no bounce buffer in the guest.
-Once the rate of producing packets from the host approximates
-the rate of receiveing packets in the guest, the guest would
-loop in NAPI.
-
- receive packets ---
- | |
- v |
- free buf virtnet_poll
- | |
- v |
- add buf to avail ring ---
- |
- | need kick the host?
- | NAPI continues
- v
- receive packets ---
- | |
- v |
- free buf virtnet_poll
- | |
- v |
- add buf to avail ring ---
- |
- v
- ... ...
-
-On the other hand, the host fetches free buf from avail
-ring, if the buf in the avail ring is not enough, the
-host notifies the guest the event by writing the avail
-idx read from avail ring to the event idx of used ring,
-then the host goes to sleep, waiting for the kick signal
-from the guest.
-
-Once the guest finds the host is waiting for kick singal
-(in virtqueue_kick_prepare_split()), it kicks the host.
-
-The host may stall forever at the sequences below:
-
- Host Guest
- ------------ -----------
- fetch buf, send packet receive packet ---
- ... ... |
- fetch buf, send packet add buf |
- ... add buf virtnet_poll
- buf not enough avail idx-> add buf |
- read avail idx add buf |
- add buf ---
- receive packet ---
- write event idx ... |
- wait for kick add buf virtnet_poll
- ... |
- ---
- no more packet, exit NAPI
-
-In the first loop of NAPI above, indicated in the range of
-virtnet_poll above, the host is sending packets while the
-guest is receiving packets and adding buffers.
- step 1: The buf is not enough, for example, a big packet
- needs 5 buf, but the available buf count is 3.
- The host read current avail idx.
- step 2: The guest adds some buf, then checks whether the
- host is waiting for kick signal, not at this time.
- The used ring is not empty, the guest continues
- the second loop of NAPI.
- step 3: The host writes the avail idx read from avail
- ring to used ring as event idx via
- virtio_queue_set_notification(q->rx_vq, 1).
- step 4: At the end of the second loop of NAPI, recheck
- whether kick is needed, as the event idx in the
- used ring written by the host is beyound the
- range of kick condition, the guest will not
- send kick signal to the host.
-
-Fixes: 06b12970174 ("virtio-net: fix network stall under load")
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Wencheng Yang <east.moutain.yang@gmail.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit f937309fbdbb48c354220a3e7110c202ae4aa7fa)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/net/virtio-net.c | 28 ++++++++++-------
- hw/virtio/virtio.c | 64 +++++++++++++++++++++++++++++++++++---
- include/hw/virtio/virtio.h | 21 +++++++++++--
- 3 files changed, 94 insertions(+), 19 deletions(-)
-
-diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
-index f48588638d..d4b979d343 100644
---- a/hw/net/virtio-net.c
-+++ b/hw/net/virtio-net.c
-@@ -1680,24 +1680,28 @@ static bool virtio_net_can_receive(NetClientState *nc)
-
- static int virtio_net_has_buffers(VirtIONetQueue *q, int bufsize)
- {
-+ int opaque;
-+ unsigned int in_bytes;
- VirtIONet *n = q->n;
-- if (virtio_queue_empty(q->rx_vq) ||
-- (n->mergeable_rx_bufs &&
-- !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
-- virtio_queue_set_notification(q->rx_vq, 1);
--
-- /* To avoid a race condition where the guest has made some buffers
-- * available after the above check but before notification was
-- * enabled, check for available buffers again.
-- */
-- if (virtio_queue_empty(q->rx_vq) ||
-- (n->mergeable_rx_bufs &&
-- !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
-+
-+ while (virtio_queue_empty(q->rx_vq) || n->mergeable_rx_bufs) {
-+ opaque = virtqueue_get_avail_bytes(q->rx_vq, &in_bytes, NULL,
-+ bufsize, 0);
-+ /* Buffer is enough, disable notifiaction */
-+ if (bufsize <= in_bytes) {
-+ break;
-+ }
-+
-+ if (virtio_queue_enable_notification_and_check(q->rx_vq, opaque)) {
-+ /* Guest has added some buffers, try again */
-+ continue;
-+ } else {
- return 0;
- }
- }
-
- virtio_queue_set_notification(q->rx_vq, 0);
-+
- return 1;
- }
-
-diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
-index fd2dfe3a6b..08fba6b2d8 100644
---- a/hw/virtio/virtio.c
-+++ b/hw/virtio/virtio.c
-@@ -743,6 +743,60 @@ int virtio_queue_empty(VirtQueue *vq)
- }
- }
-
-+static bool virtio_queue_split_poll(VirtQueue *vq, unsigned shadow_idx)
-+{
-+ if (unlikely(!vq->vring.avail)) {
-+ return false;
-+ }
-+
-+ return (uint16_t)shadow_idx != vring_avail_idx(vq);
-+}
-+
-+static bool virtio_queue_packed_poll(VirtQueue *vq, unsigned shadow_idx)
-+{
-+ VRingPackedDesc desc;
-+ VRingMemoryRegionCaches *caches;
-+
-+ if (unlikely(!vq->vring.desc)) {
-+ return false;
-+ }
-+
-+ caches = vring_get_region_caches(vq);
-+ if (!caches) {
-+ return false;
-+ }
-+
-+ vring_packed_desc_read(vq->vdev, &desc, &caches->desc,
-+ shadow_idx, true);
-+
-+ return is_desc_avail(desc.flags, vq->shadow_avail_wrap_counter);
-+}
-+
-+static bool virtio_queue_poll(VirtQueue *vq, unsigned shadow_idx)
-+{
-+ if (virtio_device_disabled(vq->vdev)) {
-+ return false;
-+ }
-+
-+ if (virtio_vdev_has_feature(vq->vdev, VIRTIO_F_RING_PACKED)) {
-+ return virtio_queue_packed_poll(vq, shadow_idx);
-+ } else {
-+ return virtio_queue_split_poll(vq, shadow_idx);
-+ }
-+}
-+
-+bool virtio_queue_enable_notification_and_check(VirtQueue *vq,
-+ int opaque)
-+{
-+ virtio_queue_set_notification(vq, 1);
-+
-+ if (opaque >= 0) {
-+ return virtio_queue_poll(vq, (unsigned)opaque);
-+ } else {
-+ return false;
-+ }
-+}
-+
- static void virtqueue_unmap_sg(VirtQueue *vq, const VirtQueueElement *elem,
- unsigned int len)
- {
-@@ -1330,9 +1384,9 @@ err:
- goto done;
- }
-
--void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
-- unsigned int *out_bytes,
-- unsigned max_in_bytes, unsigned max_out_bytes)
-+int virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
-+ unsigned int *out_bytes, unsigned max_in_bytes,
-+ unsigned max_out_bytes)
- {
- uint16_t desc_size;
- VRingMemoryRegionCaches *caches;
-@@ -1365,7 +1419,7 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
- caches);
- }
-
-- return;
-+ return (int)vq->shadow_avail_idx;
- err:
- if (in_bytes) {
- *in_bytes = 0;
-@@ -1373,6 +1427,8 @@ err:
- if (out_bytes) {
- *out_bytes = 0;
- }
-+
-+ return -1;
- }
-
- int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes,
-diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
-index 2eafad17b8..8b4da92889 100644
---- a/include/hw/virtio/virtio.h
-+++ b/include/hw/virtio/virtio.h
-@@ -271,9 +271,13 @@ void qemu_put_virtqueue_element(VirtIODevice *vdev, QEMUFile *f,
- VirtQueueElement *elem);
- int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes,
- unsigned int out_bytes);
--void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
-- unsigned int *out_bytes,
-- unsigned max_in_bytes, unsigned max_out_bytes);
-+/**
-+ * Return <0 on error or an opaque >=0 to pass to
-+ * virtio_queue_enable_notification_and_check on success.
-+ */
-+int virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
-+ unsigned int *out_bytes, unsigned max_in_bytes,
-+ unsigned max_out_bytes);
-
- void virtio_notify_irqfd(VirtIODevice *vdev, VirtQueue *vq);
- void virtio_notify(VirtIODevice *vdev, VirtQueue *vq);
-@@ -307,6 +311,17 @@ int virtio_queue_ready(VirtQueue *vq);
-
- int virtio_queue_empty(VirtQueue *vq);
-
-+/**
-+ * Enable notification and check whether guest has added some
-+ * buffers since last call to virtqueue_get_avail_bytes.
-+ *
-+ * @opaque: value returned from virtqueue_get_avail_bytes
-+ */
-+bool virtio_queue_enable_notification_and_check(VirtQueue *vq,
-+ int opaque);
-+
-+void virtio_queue_set_shadow_avail_idx(VirtQueue *vq, uint16_t idx);
-+
- /* Host binding interface. */
-
- uint32_t virtio_config_readb(VirtIODevice *vdev, uint32_t addr);
diff --git a/debian/patches/extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch b/debian/patches/extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch
deleted file mode 100644
index c99b7a5..0000000
--- a/debian/patches/extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: David Woodhouse <dwmw@amazon.co.uk>
-Date: Tue, 9 Jul 2024 13:34:44 +0100
-Subject: [PATCH] net: Reinstate '-net nic, model=help' output as documented in
- man page
-
-While refactoring the NIC initialization code, I broke '-net nic,model=help'
-which no longer outputs a list of available NIC models.
-
-Fixes: 2cdeca04adab ("net: report list of available models according to platform")
-Cc: qemu-stable@nongnu.org
-Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
-Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit 64f75f57f9d2c8c12ac6d9355fa5d3a2af5879ca)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- net/net.c | 25 ++++++++++++++++++++++---
- 1 file changed, 22 insertions(+), 3 deletions(-)
-
-diff --git a/net/net.c b/net/net.c
-index a2f0c828bb..e6ca2529bb 100644
---- a/net/net.c
-+++ b/net/net.c
-@@ -1150,6 +1150,21 @@ NICInfo *qemu_find_nic_info(const char *typename, bool match_default,
- return NULL;
- }
-
-+static bool is_nic_model_help_option(const char *model)
-+{
-+ if (model && is_help_option(model)) {
-+ /*
-+ * Trigger the help output by instantiating the hash table which
-+ * will gather tha available models as they get registered.
-+ */
-+ if (!nic_model_help) {
-+ nic_model_help = g_hash_table_new_full(g_str_hash, g_str_equal,
-+ g_free, NULL);
-+ }
-+ return true;
-+ }
-+ return false;
-+}
-
- /* "I have created a device. Please configure it if you can" */
- bool qemu_configure_nic_device(DeviceState *dev, bool match_default,
-@@ -1733,6 +1748,12 @@ void net_check_clients(void)
-
- static int net_init_client(void *dummy, QemuOpts *opts, Error **errp)
- {
-+ const char *model = qemu_opt_get_del(opts, "model");
-+
-+ if (is_nic_model_help_option(model)) {
-+ return 0;
-+ }
-+
- return net_client_init(opts, false, errp);
- }
-
-@@ -1789,9 +1810,7 @@ static int net_param_nic(void *dummy, QemuOpts *opts, Error **errp)
- memset(ni, 0, sizeof(*ni));
- ni->model = qemu_opt_get_del(opts, "model");
-
-- if (!nic_model_help && !g_strcmp0(ni->model, "help")) {
-- nic_model_help = g_hash_table_new_full(g_str_hash, g_str_equal,
-- g_free, NULL);
-+ if (is_nic_model_help_option(ni->model)) {
- return 0;
- }
-
diff --git a/debian/patches/extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch b/debian/patches/extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch
deleted file mode 100644
index 3ab2407..0000000
--- a/debian/patches/extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: David Woodhouse <dwmw@amazon.co.uk>
-Date: Tue, 6 Aug 2024 18:21:37 +0100
-Subject: [PATCH] net: Fix '-net nic,model=' for non-help arguments
-
-Oops, don't *delete* the model option when checking for 'help'.
-
-Fixes: 64f75f57f9d2 ("net: Reinstate '-net nic, model=help' output as documented in man page")
-Reported-by: Hans <sungdgdhtryrt@gmail.com>
-Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
-Cc: qemu-stable@nongnu.org
-Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit fa62cb989a9146c82f8f172715042852f5d36200)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- net/net.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/net/net.c b/net/net.c
-index e6ca2529bb..897bb936cf 100644
---- a/net/net.c
-+++ b/net/net.c
-@@ -1748,7 +1748,7 @@ void net_check_clients(void)
-
- static int net_init_client(void *dummy, QemuOpts *opts, Error **errp)
- {
-- const char *model = qemu_opt_get_del(opts, "model");
-+ const char *model = qemu_opt_get(opts, "model");
-
- if (is_nic_model_help_option(model)) {
- return 0;
diff --git a/debian/patches/extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch b/debian/patches/extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch
deleted file mode 100644
index 9667ef4..0000000
--- a/debian/patches/extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Mon, 22 Jul 2024 18:29:54 +0100
-Subject: [PATCH] target/arm: Don't assert for 128-bit tile accesses when SVL
- is 128
-
-For an instruction which accesses a 128-bit element tile when
-the SVL is also 128 (for example MOV z0.Q, p0/M, ZA0H.Q[w0,0]),
-we will assert in get_tile_rowcol():
-
-qemu-system-aarch64: ../../tcg/tcg-op.c:926: tcg_gen_deposit_z_i32: Assertion `len > 0' failed.
-
-This happens because we calculate
- len = ctz32(streaming_vec_reg_size(s)) - esz;$
-but if the SVL and the element size are the same len is 0, and
-the deposit operation asserts.
-
-In this case the ZA storage contains exactly one 128 bit
-element ZA tile, and the horizontal or vertical slice is just
-that tile. This means that regardless of the index value in
-the Ws register, we always access that tile. (In pseudocode terms,
-we calculate (index + offset) MOD 1, which is 0.)
-
-Special case the len == 0 case to avoid hitting the assertion
-in tcg_gen_deposit_z_i32().
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20240722172957.1041231-2-peter.maydell@linaro.org
-(cherry picked from commit 56f1c0db928aae0b83fd91c89ddb226b137e2b21)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/translate-sme.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c
-index 185a8a917b..a50a419af2 100644
---- a/target/arm/tcg/translate-sme.c
-+++ b/target/arm/tcg/translate-sme.c
-@@ -49,7 +49,15 @@ static TCGv_ptr get_tile_rowcol(DisasContext *s, int esz, int rs,
- /* Prepare a power-of-two modulo via extraction of @len bits. */
- len = ctz32(streaming_vec_reg_size(s)) - esz;
-
-- if (vertical) {
-+ if (!len) {
-+ /*
-+ * SVL is 128 and the element size is 128. There is exactly
-+ * one 128x128 tile in the ZA storage, and so we calculate
-+ * (Rs + imm) MOD 1, which is always 0. We need to special case
-+ * this because TCG doesn't allow deposit ops with len 0.
-+ */
-+ tcg_gen_movi_i32(tmp, 0);
-+ } else if (vertical) {
- /*
- * Compute the byte offset of the index within the tile:
- * (index % (svl / size)) * size
diff --git a/debian/patches/extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch b/debian/patches/extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch
deleted file mode 100644
index cd60b30..0000000
--- a/debian/patches/extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Mon, 22 Jul 2024 18:29:55 +0100
-Subject: [PATCH] target/arm: Fix UMOPA/UMOPS of 16-bit values
-
-The UMOPA/UMOPS instructions are supposed to multiply unsigned 8 or
-16 bit elements and accumulate the products into a 64-bit element.
-In the Arm ARM pseudocode, this is done with the usual
-infinite-precision signed arithmetic. However our implementation
-doesn't quite get it right, because in the DEF_IMOP_64() macro we do:
- sum += (NTYPE)(n >> 0) * (MTYPE)(m >> 0);
-
-where NTYPE and MTYPE are uint16_t or int16_t. In the uint16_t case,
-the C usual arithmetic conversions mean the values are converted to
-"int" type and the multiply is done as a 32-bit multiply. This means
-that if the inputs are, for example, 0xffff and 0xffff then the
-result is 0xFFFE0001 as an int, which is then promoted to uint64_t
-for the accumulation into sum; this promotion incorrectly sign
-extends the multiply.
-
-Avoid the incorrect sign extension by casting to int64_t before
-the multiply, so we do the multiply as 64-bit signed arithmetic,
-which is a type large enough that the multiply can never
-overflow into the sign bit.
-
-(The equivalent 8-bit operations in DEF_IMOP_32() are fine, because
-the 8-bit multiplies can never overflow into the sign bit of a
-32-bit integer.)
-
-Cc: qemu-stable@nongnu.org
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2372
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20240722172957.1041231-3-peter.maydell@linaro.org
-(cherry picked from commit ea3f5a90f036734522e9af3bffd77e69e9f47355)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/sme_helper.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c
-index 5a6dd76489..f9001f5213 100644
---- a/target/arm/tcg/sme_helper.c
-+++ b/target/arm/tcg/sme_helper.c
-@@ -1146,10 +1146,10 @@ static uint64_t NAME(uint64_t n, uint64_t m, uint64_t a, uint8_t p, bool neg) \
- uint64_t sum = 0; \
- /* Apply P to N as a mask, making the inactive elements 0. */ \
- n &= expand_pred_h(p); \
-- sum += (NTYPE)(n >> 0) * (MTYPE)(m >> 0); \
-- sum += (NTYPE)(n >> 16) * (MTYPE)(m >> 16); \
-- sum += (NTYPE)(n >> 32) * (MTYPE)(m >> 32); \
-- sum += (NTYPE)(n >> 48) * (MTYPE)(m >> 48); \
-+ sum += (int64_t)(NTYPE)(n >> 0) * (MTYPE)(m >> 0); \
-+ sum += (int64_t)(NTYPE)(n >> 16) * (MTYPE)(m >> 16); \
-+ sum += (int64_t)(NTYPE)(n >> 32) * (MTYPE)(m >> 32); \
-+ sum += (int64_t)(NTYPE)(n >> 48) * (MTYPE)(m >> 48); \
- return neg ? a - sum : a + sum; \
- }
-
diff --git a/debian/patches/extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch b/debian/patches/extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch
deleted file mode 100644
index 52ca765..0000000
--- a/debian/patches/extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Mon, 22 Jul 2024 18:29:56 +0100
-Subject: [PATCH] target/arm: Avoid shifts by -1 in tszimm_shr() and
- tszimm_shl()
-
-The function tszimm_esz() returns a shift amount, or possibly -1 in
-certain cases that correspond to unallocated encodings in the
-instruction set. We catch these later in the trans_ functions
-(generally with an "a-esz < 0" check), but before we do the
-decodetree-generated code will also call tszimm_shr() or tszimm_sl(),
-which will use the tszimm_esz() return value as a shift count without
-checking that it is not negative, which is undefined behaviour.
-
-Avoid the UB by checking the return value in tszimm_shr() and
-tszimm_shl().
-
-Cc: qemu-stable@nongnu.org
-Resolves: Coverity CID 1547617, 1547694
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20240722172957.1041231-4-peter.maydell@linaro.org
-(cherry picked from commit 76916dfa89e8900639c1055c07a295c06628a0bc)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/translate-sve.c | 18 ++++++++++++++++--
- 1 file changed, 16 insertions(+), 2 deletions(-)
-
-diff --git a/target/arm/tcg/translate-sve.c b/target/arm/tcg/translate-sve.c
-index ada05aa530..466a19c25a 100644
---- a/target/arm/tcg/translate-sve.c
-+++ b/target/arm/tcg/translate-sve.c
-@@ -50,13 +50,27 @@ static int tszimm_esz(DisasContext *s, int x)
-
- static int tszimm_shr(DisasContext *s, int x)
- {
-- return (16 << tszimm_esz(s, x)) - x;
-+ /*
-+ * We won't use the tszimm_shr() value if tszimm_esz() returns -1 (the
-+ * trans function will check for esz < 0), so we can return any
-+ * value we like from here in that case as long as we avoid UB.
-+ */
-+ int esz = tszimm_esz(s, x);
-+ if (esz < 0) {
-+ return esz;
-+ }
-+ return (16 << esz) - x;
- }
-
- /* See e.g. LSL (immediate, predicated). */
- static int tszimm_shl(DisasContext *s, int x)
- {
-- return x - (8 << tszimm_esz(s, x));
-+ /* As with tszimm_shr(), value will be unused if esz < 0 */
-+ int esz = tszimm_esz(s, x);
-+ if (esz < 0) {
-+ return esz;
-+ }
-+ return x - (8 << esz);
- }
-
- /* The SH bit is in bit 8. Extract the low 8 and shift. */
diff --git a/debian/patches/extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch b/debian/patches/extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch
deleted file mode 100644
index bc8bd39..0000000
--- a/debian/patches/extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Mon, 22 Jul 2024 18:29:57 +0100
-Subject: [PATCH] target/arm: Ignore SMCR_EL2.LEN and SVCR_EL2.LEN if EL2 is
- not enabled
-
-When determining the current vector length, the SMCR_EL2.LEN and
-SVCR_EL2.LEN settings should only be considered if EL2 is enabled
-(compare the pseudocode CurrentSVL and CurrentNSVL which call
-EL2Enabled()).
-
-We were checking against ARM_FEATURE_EL2 rather than calling
-arm_is_el2_enabled(), which meant that we would look at
-SMCR_EL2/SVCR_EL2 when in Secure EL1 or Secure EL0 even if Secure EL2
-was not enabled.
-
-Use the correct check in sve_vqm1_for_el_sm().
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20240722172957.1041231-5-peter.maydell@linaro.org
-(cherry picked from commit f573ac059ed060234fcef4299fae9e500d357c33)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/helper.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/target/arm/helper.c b/target/arm/helper.c
-index a620481d7c..42044ae14b 100644
---- a/target/arm/helper.c
-+++ b/target/arm/helper.c
-@@ -7191,7 +7191,7 @@ uint32_t sve_vqm1_for_el_sm(CPUARMState *env, int el, bool sm)
- if (el <= 1 && !el_is_in_host(env, el)) {
- len = MIN(len, 0xf & (uint32_t)cr[1]);
- }
-- if (el <= 2 && arm_feature(env, ARM_FEATURE_EL2)) {
-+ if (el <= 2 && arm_is_el2_enabled(env)) {
- len = MIN(len, 0xf & (uint32_t)cr[2]);
- }
- if (arm_feature(env, ARM_FEATURE_EL3)) {
diff --git a/debian/patches/extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch b/debian/patches/extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch
deleted file mode 100644
index b1a55e8..0000000
--- a/debian/patches/extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Thu, 1 Aug 2024 10:15:03 +0100
-Subject: [PATCH] target/arm: Handle denormals correctly for FMOPA (widening)
-
-The FMOPA (widening) SME instruction takes pairs of half-precision
-floating point values, widens them to single-precision, does a
-two-way dot product and accumulates the results into a
-single-precision destination. We don't quite correctly handle the
-FPCR bits FZ and FZ16 which control flushing of denormal inputs and
-outputs. This is because at the moment we pass a single float_status
-value to the helper function, which then uses that configuration for
-all the fp operations it does. However, because the inputs to this
-operation are float16 and the outputs are float32 we need to use the
-fp_status_f16 for the float16 input widening but the normal fp_status
-for everything else. Otherwise we will apply the flushing control
-FPCR.FZ16 to the 32-bit output rather than the FPCR.FZ control, and
-incorrectly flush a denormal output to zero when we should not (or
-vice-versa).
-
-(In commit 207d30b5fdb5b we tried to fix the FZ handling but
-didn't get it right, switching from "use FPCR.FZ for everything" to
-"use FPCR.FZ16 for everything".)
-
-Pass the CPU env to the sme_fmopa_h helper instead of an fp_status
-pointer, and have the helper pass an extra fp_status into the
-f16_dotadd() function so that we can use the right status for the
-right parts of this operation.
-
-Cc: qemu-stable@nongnu.org
-Fixes: 207d30b5fdb5 ("target/arm: Use FPST_F16 for SME FMOPA (widening)")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2373
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-(cherry picked from commit 55f9f4ee018c5ccea81d8c8c586756d7711ae46f)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/helper-sme.h | 2 +-
- target/arm/tcg/sme_helper.c | 39 +++++++++++++++++++++++-----------
- target/arm/tcg/translate-sme.c | 25 ++++++++++++++++++++--
- 3 files changed, 51 insertions(+), 15 deletions(-)
-
-diff --git a/target/arm/tcg/helper-sme.h b/target/arm/tcg/helper-sme.h
-index 27eef49a11..d22bf9d21b 100644
---- a/target/arm/tcg/helper-sme.h
-+++ b/target/arm/tcg/helper-sme.h
-@@ -121,7 +121,7 @@ DEF_HELPER_FLAGS_5(sme_addha_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32)
- DEF_HELPER_FLAGS_5(sme_addva_d, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32)
-
- DEF_HELPER_FLAGS_7(sme_fmopa_h, TCG_CALL_NO_RWG,
-- void, ptr, ptr, ptr, ptr, ptr, ptr, i32)
-+ void, ptr, ptr, ptr, ptr, ptr, env, i32)
- DEF_HELPER_FLAGS_7(sme_fmopa_s, TCG_CALL_NO_RWG,
- void, ptr, ptr, ptr, ptr, ptr, ptr, i32)
- DEF_HELPER_FLAGS_7(sme_fmopa_d, TCG_CALL_NO_RWG,
-diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c
-index f9001f5213..3906bb51c0 100644
---- a/target/arm/tcg/sme_helper.c
-+++ b/target/arm/tcg/sme_helper.c
-@@ -976,12 +976,23 @@ static inline uint32_t f16mop_adj_pair(uint32_t pair, uint32_t pg, uint32_t neg)
- }
-
- static float32 f16_dotadd(float32 sum, uint32_t e1, uint32_t e2,
-- float_status *s_std, float_status *s_odd)
-+ float_status *s_f16, float_status *s_std,
-+ float_status *s_odd)
- {
-- float64 e1r = float16_to_float64(e1 & 0xffff, true, s_std);
-- float64 e1c = float16_to_float64(e1 >> 16, true, s_std);
-- float64 e2r = float16_to_float64(e2 & 0xffff, true, s_std);
-- float64 e2c = float16_to_float64(e2 >> 16, true, s_std);
-+ /*
-+ * We need three different float_status for different parts of this
-+ * operation:
-+ * - the input conversion of the float16 values must use the
-+ * f16-specific float_status, so that the FPCR.FZ16 control is applied
-+ * - operations on float32 including the final accumulation must use
-+ * the normal float_status, so that FPCR.FZ is applied
-+ * - we have pre-set-up copy of s_std which is set to round-to-odd,
-+ * for the multiply (see below)
-+ */
-+ float64 e1r = float16_to_float64(e1 & 0xffff, true, s_f16);
-+ float64 e1c = float16_to_float64(e1 >> 16, true, s_f16);
-+ float64 e2r = float16_to_float64(e2 & 0xffff, true, s_f16);
-+ float64 e2c = float16_to_float64(e2 >> 16, true, s_f16);
- float64 t64;
- float32 t32;
-
-@@ -1003,20 +1014,23 @@ static float32 f16_dotadd(float32 sum, uint32_t e1, uint32_t e2,
- }
-
- void HELPER(sme_fmopa_h)(void *vza, void *vzn, void *vzm, void *vpn,
-- void *vpm, void *vst, uint32_t desc)
-+ void *vpm, CPUARMState *env, uint32_t desc)
- {
- intptr_t row, col, oprsz = simd_maxsz(desc);
- uint32_t neg = simd_data(desc) * 0x80008000u;
- uint16_t *pn = vpn, *pm = vpm;
-- float_status fpst_odd, fpst_std;
-+ float_status fpst_odd, fpst_std, fpst_f16;
-
- /*
-- * Make a copy of float_status because this operation does not
-- * update the cumulative fp exception status. It also produces
-- * default nans. Make a second copy with round-to-odd -- see above.
-+ * Make copies of fp_status and fp_status_f16, because this operation
-+ * does not update the cumulative fp exception status. It also
-+ * produces default NaNs. We also need a second copy of fp_status with
-+ * round-to-odd -- see above.
- */
-- fpst_std = *(float_status *)vst;
-+ fpst_f16 = env->vfp.fp_status_f16;
-+ fpst_std = env->vfp.fp_status;
- set_default_nan_mode(true, &fpst_std);
-+ set_default_nan_mode(true, &fpst_f16);
- fpst_odd = fpst_std;
- set_float_rounding_mode(float_round_to_odd, &fpst_odd);
-
-@@ -1036,7 +1050,8 @@ void HELPER(sme_fmopa_h)(void *vza, void *vzn, void *vzm, void *vpn,
- uint32_t m = *(uint32_t *)(vzm + H1_4(col));
-
- m = f16mop_adj_pair(m, pcol, 0);
-- *a = f16_dotadd(*a, n, m, &fpst_std, &fpst_odd);
-+ *a = f16_dotadd(*a, n, m,
-+ &fpst_f16, &fpst_std, &fpst_odd);
- }
- col += 4;
- pcol >>= 4;
-diff --git a/target/arm/tcg/translate-sme.c b/target/arm/tcg/translate-sme.c
-index a50a419af2..ae42ddef7b 100644
---- a/target/arm/tcg/translate-sme.c
-+++ b/target/arm/tcg/translate-sme.c
-@@ -334,8 +334,29 @@ static bool do_outprod_fpst(DisasContext *s, arg_op *a, MemOp esz,
- return true;
- }
-
--TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_fpst, a,
-- MO_32, FPST_FPCR_F16, gen_helper_sme_fmopa_h)
-+static bool do_outprod_env(DisasContext *s, arg_op *a, MemOp esz,
-+ gen_helper_gvec_5_ptr *fn)
-+{
-+ int svl = streaming_vec_reg_size(s);
-+ uint32_t desc = simd_desc(svl, svl, a->sub);
-+ TCGv_ptr za, zn, zm, pn, pm;
-+
-+ if (!sme_smza_enabled_check(s)) {
-+ return true;
-+ }
-+
-+ za = get_tile(s, esz, a->zad);
-+ zn = vec_full_reg_ptr(s, a->zn);
-+ zm = vec_full_reg_ptr(s, a->zm);
-+ pn = pred_full_reg_ptr(s, a->pn);
-+ pm = pred_full_reg_ptr(s, a->pm);
-+
-+ fn(za, zn, zm, pn, pm, tcg_env, tcg_constant_i32(desc));
-+ return true;
-+}
-+
-+TRANS_FEAT(FMOPA_h, aa64_sme, do_outprod_env, a,
-+ MO_32, gen_helper_sme_fmopa_h)
- TRANS_FEAT(FMOPA_s, aa64_sme, do_outprod_fpst, a,
- MO_32, FPST_FPCR, gen_helper_sme_fmopa_s)
- TRANS_FEAT(FMOPA_d, aa64_sme_f64f64, do_outprod_fpst, a,
diff --git a/debian/patches/extra/0027-intel_iommu-fix-FRCD-construction-macro.patch b/debian/patches/extra/0027-intel_iommu-fix-FRCD-construction-macro.patch
deleted file mode 100644
index b10cff7..0000000
--- a/debian/patches/extra/0027-intel_iommu-fix-FRCD-construction-macro.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cl=C3=A9ment=20Mathieu--Drif?=
- <clement.mathieu--drif@eviden.com>
-Date: Tue, 9 Jul 2024 14:26:08 +0000
-Subject: [PATCH] intel_iommu: fix FRCD construction macro
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The constant must be unsigned, otherwise the two's complement
-overrides the other fields when a PASID is present.
-
-Fixes: 1b2b12376c8a ("intel-iommu: PASID support")
-Signed-off-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com>
-Reviewed-by: Yi Liu <yi.l.liu@intel.com>
-Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
-Reviewed-by: Minwoo Im <minwoo.im@samsung.com>
-Message-Id: <20240709142557.317271-2-clement.mathieu--drif@eviden.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit a3c8d7e38550c3d5a46e6fa94ffadfa625a4861d)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/i386/intel_iommu_internal.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/i386/intel_iommu_internal.h b/hw/i386/intel_iommu_internal.h
-index f8cf99bddf..cbc4030031 100644
---- a/hw/i386/intel_iommu_internal.h
-+++ b/hw/i386/intel_iommu_internal.h
-@@ -267,7 +267,7 @@
- /* For the low 64-bit of 128-bit */
- #define VTD_FRCD_FI(val) ((val) & ~0xfffULL)
- #define VTD_FRCD_PV(val) (((val) & 0xffffULL) << 40)
--#define VTD_FRCD_PP(val) (((val) & 0x1) << 31)
-+#define VTD_FRCD_PP(val) (((val) & 0x1ULL) << 31)
- #define VTD_FRCD_IR_IDX(val) (((val) & 0xffffULL) << 48)
-
- /* DMA Remapping Fault Conditions */
diff --git a/debian/patches/extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch b/debian/patches/extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch
deleted file mode 100644
index 04ce93b..0000000
--- a/debian/patches/extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Richard Henderson <richard.henderson@linaro.org>
-Date: Mon, 12 Aug 2024 12:58:42 +1000
-Subject: [PATCH] target/i386: Do not apply REX to MMX operands
-
-Cc: qemu-stable@nongnu.org
-Fixes: b3e22b2318a ("target/i386: add core of new i386 decoder")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2495
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Link: https://lore.kernel.org/r/20240812025844.58956-2-richard.henderson@linaro.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 416f2b16c02c618c0f233372ebfe343f9ee667d4)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/i386/tcg/decode-new.c.inc | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
-index 4209d59ca8..09b8d2314a 100644
---- a/target/i386/tcg/decode-new.c.inc
-+++ b/target/i386/tcg/decode-new.c.inc
-@@ -1271,7 +1271,10 @@ static bool decode_op(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode,
- op->unit = X86_OP_SSE;
- }
- get_reg:
-- op->n = ((get_modrm(s, env) >> 3) & 7) | REX_R(s);
-+ op->n = ((get_modrm(s, env) >> 3) & 7);
-+ if (op->unit != X86_OP_MMX) {
-+ op->n |= REX_R(s);
-+ }
- break;
-
- case X86_TYPE_E: /* ALU modrm operand */
diff --git a/debian/patches/extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch b/debian/patches/extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch
deleted file mode 100644
index fca8612..0000000
--- a/debian/patches/extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alexander Ivanov <alexander.ivanov@virtuozzo.com>
-Date: Fri, 9 Aug 2024 14:13:40 +0200
-Subject: [PATCH] module: Prevent crash by resetting local_err in
- module_load_qom_all()
-
-Set local_err to NULL after it has been freed in error_report_err(). This
-avoids triggering assert(*errp == NULL) failure in error_setv() when
-local_err is reused in the loop.
-
-Signed-off-by: Alexander Ivanov <alexander.ivanov@virtuozzo.com>
-Reviewed-by: Claudio Fontana <cfontana@suse.de>
-Reviewed-by: Denis V. Lunev <den@openvz.org>
-Link: https://lore.kernel.org/r/20240809121340.992049-2-alexander.ivanov@virtuozzo.com
-[Do the same by moving the declaration instead. - Paolo]
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 940d802b24e63650e0eacad3714e2ce171cba17c)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- util/module.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/util/module.c b/util/module.c
-index 32e263163c..3eb0f06df1 100644
---- a/util/module.c
-+++ b/util/module.c
-@@ -354,13 +354,13 @@ int module_load_qom(const char *type, Error **errp)
- void module_load_qom_all(void)
- {
- const QemuModinfo *modinfo;
-- Error *local_err = NULL;
-
- if (module_loaded_qom_all) {
- return;
- }
-
- for (modinfo = module_info; modinfo->name != NULL; modinfo++) {
-+ Error *local_err = NULL;
- if (!modinfo->objs) {
- continue;
- }
diff --git a/debian/patches/extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch b/debian/patches/extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch
deleted file mode 100644
index 57eb418..0000000
--- a/debian/patches/extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Wed, 7 Aug 2024 08:50:01 -0500
-Subject: [PATCH] nbd/server: Plumb in new args to nbd_client_add()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Upcoming patches to fix a CVE need to track an opaque pointer passed
-in by the owner of a client object, as well as request for a time
-limit on how fast negotiation must complete. Prepare for that by
-changing the signature of nbd_client_new() and adding an accessor to
-get at the opaque pointer, although for now the two servers
-(qemu-nbd.c and blockdev-nbd.c) do not change behavior even though
-they pass in a new default timeout value.
-
-Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-11-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-[eblake: s/LIMIT/MAX_SECS/ as suggested by Dan]
-Signed-off-by: Eric Blake <eblake@redhat.com>
-(cherry picked from commit fb1c2aaa981e0a2fa6362c9985f1296b74f055ac)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- blockdev-nbd.c | 6 ++++--
- include/block/nbd.h | 11 ++++++++++-
- nbd/server.c | 20 +++++++++++++++++---
- qemu-nbd.c | 4 +++-
- 4 files changed, 34 insertions(+), 7 deletions(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index 213012435f..267a1de903 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -64,8 +64,10 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
- nbd_update_server_watch(nbd_server);
-
- qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
-- nbd_client_new(cioc, nbd_server->tlscreds, nbd_server->tlsauthz,
-- nbd_blockdev_client_closed);
-+ /* TODO - expose handshake timeout as QMP option */
-+ nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS,
-+ nbd_server->tlscreds, nbd_server->tlsauthz,
-+ nbd_blockdev_client_closed, NULL);
- }
-
- static void nbd_update_server_watch(NBDServerData *s)
-diff --git a/include/block/nbd.h b/include/block/nbd.h
-index 4e7bd6342f..1d4d65922d 100644
---- a/include/block/nbd.h
-+++ b/include/block/nbd.h
-@@ -33,6 +33,12 @@ typedef struct NBDMetaContexts NBDMetaContexts;
-
- extern const BlockExportDriver blk_exp_nbd;
-
-+/*
-+ * NBD_DEFAULT_HANDSHAKE_MAX_SECS: Number of seconds in which client must
-+ * succeed at NBD_OPT_GO before being forcefully dropped as too slow.
-+ */
-+#define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10
-+
- /* Handshake phase structs - this struct is passed on the wire */
-
- typedef struct NBDOption {
-@@ -403,9 +409,12 @@ AioContext *nbd_export_aio_context(NBDExport *exp);
- NBDExport *nbd_export_find(const char *name);
-
- void nbd_client_new(QIOChannelSocket *sioc,
-+ uint32_t handshake_max_secs,
- QCryptoTLSCreds *tlscreds,
- const char *tlsauthz,
-- void (*close_fn)(NBDClient *, bool));
-+ void (*close_fn)(NBDClient *, bool),
-+ void *owner);
-+void *nbd_client_owner(NBDClient *client);
- void nbd_client_get(NBDClient *client);
- void nbd_client_put(NBDClient *client);
-
-diff --git a/nbd/server.c b/nbd/server.c
-index 892797bb11..e50012499f 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -124,12 +124,14 @@ struct NBDMetaContexts {
- struct NBDClient {
- int refcount; /* atomic */
- void (*close_fn)(NBDClient *client, bool negotiated);
-+ void *owner;
-
- QemuMutex lock;
-
- NBDExport *exp;
- QCryptoTLSCreds *tlscreds;
- char *tlsauthz;
-+ uint32_t handshake_max_secs;
- QIOChannelSocket *sioc; /* The underlying data channel */
- QIOChannel *ioc; /* The current I/O channel which may differ (eg TLS) */
-
-@@ -3191,6 +3193,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
-
- qemu_co_mutex_init(&client->send_lock);
-
-+ /* TODO - utilize client->handshake_max_secs */
- if (nbd_negotiate(client, &local_err)) {
- if (local_err) {
- error_report_err(local_err);
-@@ -3205,14 +3208,17 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
- }
-
- /*
-- * Create a new client listener using the given channel @sioc.
-+ * Create a new client listener using the given channel @sioc and @owner.
- * Begin servicing it in a coroutine. When the connection closes, call
-- * @close_fn with an indication of whether the client completed negotiation.
-+ * @close_fn with an indication of whether the client completed negotiation
-+ * within @handshake_max_secs seconds (0 for unbounded).
- */
- void nbd_client_new(QIOChannelSocket *sioc,
-+ uint32_t handshake_max_secs,
- QCryptoTLSCreds *tlscreds,
- const char *tlsauthz,
-- void (*close_fn)(NBDClient *, bool))
-+ void (*close_fn)(NBDClient *, bool),
-+ void *owner)
- {
- NBDClient *client;
- Coroutine *co;
-@@ -3225,13 +3231,21 @@ void nbd_client_new(QIOChannelSocket *sioc,
- object_ref(OBJECT(client->tlscreds));
- }
- client->tlsauthz = g_strdup(tlsauthz);
-+ client->handshake_max_secs = handshake_max_secs;
- client->sioc = sioc;
- qio_channel_set_delay(QIO_CHANNEL(sioc), false);
- object_ref(OBJECT(client->sioc));
- client->ioc = QIO_CHANNEL(sioc);
- object_ref(OBJECT(client->ioc));
- client->close_fn = close_fn;
-+ client->owner = owner;
-
- co = qemu_coroutine_create(nbd_co_client_start, client);
- qemu_coroutine_enter(co);
- }
-+
-+void *
-+nbd_client_owner(NBDClient *client)
-+{
-+ return client->owner;
-+}
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index d7b3ccab21..48e2fa5858 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -390,7 +390,9 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
-
- nb_fds++;
- nbd_update_server_watch();
-- nbd_client_new(cioc, tlscreds, tlsauthz, nbd_client_closed);
-+ /* TODO - expose handshake timeout as command line option */
-+ nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS,
-+ tlscreds, tlsauthz, nbd_client_closed, NULL);
- }
-
- static void nbd_update_server_watch(void)
diff --git a/debian/patches/extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch b/debian/patches/extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch
deleted file mode 100644
index 5f804f9..0000000
--- a/debian/patches/extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch
+++ /dev/null
@@ -1,172 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Tue, 6 Aug 2024 13:53:00 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Cap default max-connections to 100
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Allowing an unlimited number of clients to any web service is a recipe
-for a rudimentary denial of service attack: the client merely needs to
-open lots of sockets without closing them, until qemu no longer has
-any more fds available to allocate.
-
-For qemu-nbd, we default to allowing only 1 connection unless more are
-explicitly asked for (-e or --shared); this was historically picked as
-a nice default (without an explicit -t, a non-persistent qemu-nbd goes
-away after a client disconnects, without needing any additional
-follow-up commands), and we are not going to change that interface now
-(besides, someday we want to point people towards qemu-storage-daemon
-instead of qemu-nbd).
-
-But for qemu proper, and the newer qemu-storage-daemon, the QMP
-nbd-server-start command has historically had a default of unlimited
-number of connections, in part because unlike qemu-nbd it is
-inherently persistent until nbd-server-stop. Allowing multiple client
-sockets is particularly useful for clients that can take advantage of
-MULTI_CONN (creating parallel sockets to increase throughput),
-although known clients that do so (such as libnbd's nbdcopy) typically
-use only 8 or 16 connections (the benefits of scaling diminish once
-more sockets are competing for kernel attention). Picking a number
-large enough for typical use cases, but not unlimited, makes it
-slightly harder for a malicious client to perform a denial of service
-merely by opening lots of connections withot progressing through the
-handshake.
-
-This change does not eliminate CVE-2024-7409 on its own, but reduces
-the chance for fd exhaustion or unlimited memory usage as an attack
-surface. On the other hand, by itself, it makes it more obvious that
-with a finite limit, we have the problem of an unauthenticated client
-holding 100 fds opened as a way to block out a legitimate client from
-being able to connect; thus, later patches will further add timeouts
-to reject clients that are not making progress.
-
-This is an INTENTIONAL change in behavior, and will break any client
-of nbd-server-start that was not passing an explicit max-connections
-parameter, yet expects more than 100 simultaneous connections. We are
-not aware of any such client (as stated above, most clients aware of
-MULTI_CONN get by just fine on 8 or 16 connections, and probably cope
-with later connections failing by relying on the earlier connections;
-libvirt has not yet been passing max-connections, but generally
-creates NBD servers with the intent for a single client for the sake
-of live storage migration; meanwhile, the KubeSAN project anticipates
-a large cluster sharing multiple clients [up to 8 per node, and up to
-100 nodes in a cluster], but it currently uses qemu-nbd with an
-explicit --shared=0 rather than qemu-storage-daemon with
-nbd-server-start).
-
-We considered using a deprecation period (declare that omitting
-max-parameters is deprecated, and make it mandatory in 3 releases -
-then we don't need to pick an arbitrary default); that has zero risk
-of breaking any apps that accidentally depended on more than 100
-connections, and where such breakage might not be noticed under unit
-testing but only under the larger loads of production usage. But it
-does not close the denial-of-service hole until far into the future,
-and requires all apps to change to add the parameter even if 100 was
-good enough. It also has a drawback that any app (like libvirt) that
-is accidentally relying on an unlimited default should seriously
-consider their own CVE now, at which point they are going to change to
-pass explicit max-connections sooner than waiting for 3 qemu releases.
-Finally, if our changed default breaks an app, that app can always
-pass in an explicit max-parameters with a larger value.
-
-It is also intentional that the HMP interface to nbd-server-start is
-not changed to expose max-connections (any client needing to fine-tune
-things should be using QMP).
-
-Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-12-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-[ericb: Expand commit message to summarize Dan's argument for why we
-break corner-case back-compat behavior without a deprecation period]
-Signed-off-by: Eric Blake <eblake@redhat.com>
-(cherry picked from commit c8a76dbd90c2f48df89b75bef74917f90a59b623)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block/monitor/block-hmp-cmds.c | 3 ++-
- blockdev-nbd.c | 8 ++++++++
- include/block/nbd.h | 7 +++++++
- qapi/block-export.json | 4 ++--
- 4 files changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index d954bec6f1..bdf2eb50b6 100644
---- a/block/monitor/block-hmp-cmds.c
-+++ b/block/monitor/block-hmp-cmds.c
-@@ -402,7 +402,8 @@ void hmp_nbd_server_start(Monitor *mon, const QDict *qdict)
- goto exit;
- }
-
-- nbd_server_start(addr, NULL, NULL, 0, &local_err);
-+ nbd_server_start(addr, NULL, NULL, NBD_DEFAULT_MAX_CONNECTIONS,
-+ &local_err);
- qapi_free_SocketAddress(addr);
- if (local_err != NULL) {
- goto exit;
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index 267a1de903..24ba5382db 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -170,6 +170,10 @@ void nbd_server_start(SocketAddress *addr, const char *tls_creds,
-
- void nbd_server_start_options(NbdServerOptions *arg, Error **errp)
- {
-+ if (!arg->has_max_connections) {
-+ arg->max_connections = NBD_DEFAULT_MAX_CONNECTIONS;
-+ }
-+
- nbd_server_start(arg->addr, arg->tls_creds, arg->tls_authz,
- arg->max_connections, errp);
- }
-@@ -182,6 +186,10 @@ void qmp_nbd_server_start(SocketAddressLegacy *addr,
- {
- SocketAddress *addr_flat = socket_address_flatten(addr);
-
-+ if (!has_max_connections) {
-+ max_connections = NBD_DEFAULT_MAX_CONNECTIONS;
-+ }
-+
- nbd_server_start(addr_flat, tls_creds, tls_authz, max_connections, errp);
- qapi_free_SocketAddress(addr_flat);
- }
-diff --git a/include/block/nbd.h b/include/block/nbd.h
-index 1d4d65922d..d4f8b21aec 100644
---- a/include/block/nbd.h
-+++ b/include/block/nbd.h
-@@ -39,6 +39,13 @@ extern const BlockExportDriver blk_exp_nbd;
- */
- #define NBD_DEFAULT_HANDSHAKE_MAX_SECS 10
-
-+/*
-+ * NBD_DEFAULT_MAX_CONNECTIONS: Number of client sockets to allow at
-+ * once; must be large enough to allow a MULTI_CONN-aware client like
-+ * nbdcopy to create its typical number of 8-16 sockets.
-+ */
-+#define NBD_DEFAULT_MAX_CONNECTIONS 100
-+
- /* Handshake phase structs - this struct is passed on the wire */
-
- typedef struct NBDOption {
-diff --git a/qapi/block-export.json b/qapi/block-export.json
-index 3919a2d5b9..f45e4fd481 100644
---- a/qapi/block-export.json
-+++ b/qapi/block-export.json
-@@ -28,7 +28,7 @@
- # @max-connections: The maximum number of connections to allow at the
- # same time, 0 for unlimited. Setting this to 1 also stops the
- # server from advertising multiple client support (since 5.2;
--# default: 0)
-+# default: 100)
- #
- # Since: 4.2
- ##
-@@ -63,7 +63,7 @@
- # @max-connections: The maximum number of connections to allow at the
- # same time, 0 for unlimited. Setting this to 1 also stops the
- # server from advertising multiple client support (since 5.2;
--# default: 0).
-+# default: 100).
- #
- # Errors:
- # - if the server is already running
diff --git a/debian/patches/extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch b/debian/patches/extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch
deleted file mode 100644
index 0b113e5..0000000
--- a/debian/patches/extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Thu, 8 Aug 2024 16:05:08 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Drop non-negotiating clients
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-A client that opens a socket but does not negotiate is merely hogging
-qemu's resources (an open fd and a small amount of memory); and a
-malicious client that can access the port where NBD is listening can
-attempt a denial of service attack by intentionally opening and
-abandoning lots of unfinished connections. The previous patch put a
-default bound on the number of such ongoing connections, but once that
-limit is hit, no more clients can connect (including legitimate ones).
-The solution is to insist that clients complete handshake within a
-reasonable time limit, defaulting to 10 seconds. A client that has
-not successfully completed NBD_OPT_GO by then (including the case of
-where the client didn't know TLS credentials to even reach the point
-of NBD_OPT_GO) is wasting our time and does not deserve to stay
-connected. Later patches will allow fine-tuning the limit away from
-the default value (including disabling it for doing integration
-testing of the handshake process itself).
-
-Note that this patch in isolation actually makes it more likely to see
-qemu SEGV after nbd-server-stop, as any client socket still connected
-when the server shuts down will now be closed after 10 seconds rather
-than at the client's whims. That will be addressed in the next patch.
-
-For a demo of this patch in action:
-$ qemu-nbd -f raw -r -t -e 10 file &
-$ nbdsh --opt-mode -c '
-H = list()
-for i in range(20):
- print(i)
- H.insert(i, nbd.NBD())
- H[i].set_opt_mode(True)
- H[i].connect_uri("nbd://localhost")
-'
-$ kill $!
-
-where later connections get to start progressing once earlier ones are
-forcefully dropped for taking too long, rather than hanging.
-
-Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-13-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-[eblake: rebase to changes earlier in series, reduce scope of timer]
-Signed-off-by: Eric Blake <eblake@redhat.com>
-(cherry picked from commit b9b72cb3ce15b693148bd09cef7e50110566d8a0)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- nbd/server.c | 28 +++++++++++++++++++++++++++-
- nbd/trace-events | 1 +
- 2 files changed, 28 insertions(+), 1 deletion(-)
-
-diff --git a/nbd/server.c b/nbd/server.c
-index e50012499f..39285cc971 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -3186,22 +3186,48 @@ static void nbd_client_receive_next_request(NBDClient *client)
- }
- }
-
-+static void nbd_handshake_timer_cb(void *opaque)
-+{
-+ QIOChannel *ioc = opaque;
-+
-+ trace_nbd_handshake_timer_cb();
-+ qio_channel_shutdown(ioc, QIO_CHANNEL_SHUTDOWN_BOTH, NULL);
-+}
-+
- static coroutine_fn void nbd_co_client_start(void *opaque)
- {
- NBDClient *client = opaque;
- Error *local_err = NULL;
-+ QEMUTimer *handshake_timer = NULL;
-
- qemu_co_mutex_init(&client->send_lock);
-
-- /* TODO - utilize client->handshake_max_secs */
-+ /*
-+ * Create a timer to bound the time spent in negotiation. If the
-+ * timer expires, it is likely nbd_negotiate will fail because the
-+ * socket was shutdown.
-+ */
-+ if (client->handshake_max_secs > 0) {
-+ handshake_timer = aio_timer_new(qemu_get_aio_context(),
-+ QEMU_CLOCK_REALTIME,
-+ SCALE_NS,
-+ nbd_handshake_timer_cb,
-+ client->sioc);
-+ timer_mod(handshake_timer,
-+ qemu_clock_get_ns(QEMU_CLOCK_REALTIME) +
-+ client->handshake_max_secs * NANOSECONDS_PER_SECOND);
-+ }
-+
- if (nbd_negotiate(client, &local_err)) {
- if (local_err) {
- error_report_err(local_err);
- }
-+ timer_free(handshake_timer);
- client_close(client, false);
- return;
- }
-
-+ timer_free(handshake_timer);
- WITH_QEMU_LOCK_GUARD(&client->lock) {
- nbd_client_receive_next_request(client);
- }
-diff --git a/nbd/trace-events b/nbd/trace-events
-index 00ae3216a1..cbd0a4ab7e 100644
---- a/nbd/trace-events
-+++ b/nbd/trace-events
-@@ -76,6 +76,7 @@ nbd_co_receive_request_payload_received(uint64_t cookie, uint64_t len) "Payload
- nbd_co_receive_ext_payload_compliance(uint64_t from, uint64_t len) "client sent non-compliant write without payload flag: from=0x%" PRIx64 ", len=0x%" PRIx64
- nbd_co_receive_align_compliance(const char *op, uint64_t from, uint64_t len, uint32_t align) "client sent non-compliant unaligned %s request: from=0x%" PRIx64 ", len=0x%" PRIx64 ", align=0x%" PRIx32
- nbd_trip(void) "Reading request"
-+nbd_handshake_timer_cb(void) "client took too long to negotiate"
-
- # client-connection.c
- nbd_connect_thread_sleep(uint64_t timeout) "timeout %" PRIu64
diff --git a/debian/patches/extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch b/debian/patches/extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch
deleted file mode 100644
index 1d16a52..0000000
--- a/debian/patches/extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch
+++ /dev/null
@@ -1,161 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Wed, 7 Aug 2024 12:23:13 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Close stray clients at server-stop
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-A malicious client can attempt to connect to an NBD server, and then
-intentionally delay progress in the handshake, including if it does
-not know the TLS secrets. Although the previous two patches reduce
-this behavior by capping the default max-connections parameter and
-killing slow clients, they did not eliminate the possibility of a
-client waiting to close the socket until after the QMP nbd-server-stop
-command is executed, at which point qemu would SEGV when trying to
-dereference the NULL nbd_server global which is no longer present.
-This amounts to a denial of service attack. Worse, if another NBD
-server is started before the malicious client disconnects, I cannot
-rule out additional adverse effects when the old client interferes
-with the connection count of the new server (although the most likely
-is a crash due to an assertion failure when checking
-nbd_server->connections > 0).
-
-For environments without this patch, the CVE can be mitigated by
-ensuring (such as via a firewall) that only trusted clients can
-connect to an NBD server. Note that using frameworks like libvirt
-that ensure that TLS is used and that nbd-server-stop is not executed
-while any trusted clients are still connected will only help if there
-is also no possibility for an untrusted client to open a connection
-but then stall on the NBD handshake.
-
-Given the previous patches, it would be possible to guarantee that no
-clients remain connected by having nbd-server-stop sleep for longer
-than the default handshake deadline before finally freeing the global
-nbd_server object, but that could make QMP non-responsive for a long
-time. So intead, this patch fixes the problem by tracking all client
-sockets opened while the server is running, and forcefully closing any
-such sockets remaining without a completed handshake at the time of
-nbd-server-stop, then waiting until the coroutines servicing those
-sockets notice the state change. nbd-server-stop now has a second
-AIO_WAIT_WHILE_UNLOCKED (the first is indirectly through the
-blk_exp_close_all_type() that disconnects all clients that completed
-handshakes), but forced socket shutdown is enough to progress the
-coroutines and quickly tear down all clients before the server is
-freed, thus finally fixing the CVE.
-
-This patch relies heavily on the fact that nbd/server.c guarantees
-that it only calls nbd_blockdev_client_closed() from the main loop
-(see the assertion in nbd_client_put() and the hoops used in
-nbd_client_put_nonzero() to achieve that); if we did not have that
-guarantee, we would also need a mutex protecting our accesses of the
-list of connections to survive re-entrancy from independent iothreads.
-
-Although I did not actually try to test old builds, it looks like this
-problem has existed since at least commit 862172f45c (v2.12.0, 2017) -
-even back when that patch started using a QIONetListener to handle
-listening on multiple sockets, nbd_server_free() was already unaware
-that the nbd_blockdev_client_closed callback can be reached later by a
-client thread that has not completed handshakes (and therefore the
-client's socket never got added to the list closed in
-nbd_export_close_all), despite that patch intentionally tearing down
-the QIONetListener to prevent new clients.
-
-Reported-by: Alexander Ivanov <alexander.ivanov@virtuozzo.com>
-Fixes: CVE-2024-7409
-CC: qemu-stable@nongnu.org
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240807174943.771624-14-eblake@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 3e7ef738c8462c45043a1d39f702a0990406a3b3)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- blockdev-nbd.c | 35 ++++++++++++++++++++++++++++++++++-
- 1 file changed, 34 insertions(+), 1 deletion(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index 24ba5382db..f73409ae49 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -21,12 +21,18 @@
- #include "io/channel-socket.h"
- #include "io/net-listener.h"
-
-+typedef struct NBDConn {
-+ QIOChannelSocket *cioc;
-+ QLIST_ENTRY(NBDConn) next;
-+} NBDConn;
-+
- typedef struct NBDServerData {
- QIONetListener *listener;
- QCryptoTLSCreds *tlscreds;
- char *tlsauthz;
- uint32_t max_connections;
- uint32_t connections;
-+ QLIST_HEAD(, NBDConn) conns;
- } NBDServerData;
-
- static NBDServerData *nbd_server;
-@@ -51,6 +57,14 @@ int nbd_server_max_connections(void)
-
- static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
- {
-+ NBDConn *conn = nbd_client_owner(client);
-+
-+ assert(qemu_in_main_thread() && nbd_server);
-+
-+ object_unref(OBJECT(conn->cioc));
-+ QLIST_REMOVE(conn, next);
-+ g_free(conn);
-+
- nbd_client_put(client);
- assert(nbd_server->connections > 0);
- nbd_server->connections--;
-@@ -60,14 +74,20 @@ static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
- static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
- gpointer opaque)
- {
-+ NBDConn *conn = g_new0(NBDConn, 1);
-+
-+ assert(qemu_in_main_thread() && nbd_server);
- nbd_server->connections++;
-+ object_ref(OBJECT(cioc));
-+ conn->cioc = cioc;
-+ QLIST_INSERT_HEAD(&nbd_server->conns, conn, next);
- nbd_update_server_watch(nbd_server);
-
- qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
- /* TODO - expose handshake timeout as QMP option */
- nbd_client_new(cioc, NBD_DEFAULT_HANDSHAKE_MAX_SECS,
- nbd_server->tlscreds, nbd_server->tlsauthz,
-- nbd_blockdev_client_closed, NULL);
-+ nbd_blockdev_client_closed, conn);
- }
-
- static void nbd_update_server_watch(NBDServerData *s)
-@@ -81,12 +101,25 @@ static void nbd_update_server_watch(NBDServerData *s)
-
- static void nbd_server_free(NBDServerData *server)
- {
-+ NBDConn *conn, *tmp;
-+
- if (!server) {
- return;
- }
-
-+ /*
-+ * Forcefully close the listener socket, and any clients that have
-+ * not yet disconnected on their own.
-+ */
- qio_net_listener_disconnect(server->listener);
- object_unref(OBJECT(server->listener));
-+ QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) {
-+ qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH,
-+ NULL);
-+ }
-+
-+ AIO_WAIT_WHILE_UNLOCKED(NULL, server->connections > 0);
-+
- if (server->tlscreds) {
- object_unref(OBJECT(server->tlscreds));
- }
diff --git a/debian/patches/extra/0034-vnc-fix-crash-when-no-console-attached.patch b/debian/patches/extra/0034-vnc-fix-crash-when-no-console-attached.patch
deleted file mode 100644
index 65b5be0..0000000
--- a/debian/patches/extra/0034-vnc-fix-crash-when-no-console-attached.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Tue, 20 Aug 2024 17:11:12 +0400
-Subject: [PATCH] vnc: fix crash when no console attached
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Since commit e99441a3793b5 ("ui/curses: Do not use console_select()")
-qemu_text_console_put_keysym() no longer checks for NULL console
-argument, which leads to a later crash:
-
-Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
-0x00005555559ee186 in qemu_text_console_handle_keysym (s=0x0, keysym=31) at ../ui/console-vc.c:332
-332 } else if (s->echo && (keysym == '\r' || keysym == '\n')) {
-(gdb) bt
- #0 0x00005555559ee186 in qemu_text_console_handle_keysym (s=0x0, keysym=31) at ../ui/console-vc.c:332
- #1 0x00005555559e18e5 in qemu_text_console_put_keysym (s=<optimized out>, keysym=<optimized out>) at ../ui/console.c:303
- #2 0x00005555559f2e88 in do_key_event (vs=vs@entry=0x5555579045c0, down=down@entry=1, keycode=keycode@entry=60, sym=sym@entry=65471) at ../ui/vnc.c:2034
- #3 0x00005555559f845c in ext_key_event (vs=0x5555579045c0, down=1, sym=65471, keycode=<optimized out>) at ../ui/vnc.c:2070
- #4 protocol_client_msg (vs=0x5555579045c0, data=<optimized out>, len=<optimized out>) at ../ui/vnc.c:2514
- #5 0x00005555559f515c in vnc_client_read (vs=0x5555579045c0) at ../ui/vnc.c:1607
-
-Fixes: e99441a3793b5 ("ui/curses: Do not use console_select()")
-Fixes: https://issues.redhat.com/browse/RHEL-50529
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
-(picked from https://lore.kernel.org/qemu-devel/20240820131112.1267954-1-marcandre.lureau@redhat.com/)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- ui/vnc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ui/vnc.c b/ui/vnc.c
-index b3fd78022b..953ea38318 100644
---- a/ui/vnc.c
-+++ b/ui/vnc.c
-@@ -1935,7 +1935,7 @@ static void do_key_event(VncState *vs, int down, int keycode, int sym)
- }
-
- qkbd_state_key_event(vs->vd->kbd, qcode, down);
-- if (!qemu_console_is_graphic(vs->vd->dcl.con)) {
-+ if (QEMU_IS_TEXT_CONSOLE(vs->vd->dcl.con)) {
- QemuTextConsole *con = QEMU_TEXT_CONSOLE(vs->vd->dcl.con);
- bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
- bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
diff --git a/debian/patches/extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch b/debian/patches/extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch
deleted file mode 100644
index d40a438..0000000
--- a/debian/patches/extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Thu, 22 Aug 2024 09:35:29 -0500
-Subject: [PATCH] nbd/server: CVE-2024-7409: Avoid use-after-free when closing
- server
-
-Commit 3e7ef738 plugged the use-after-free of the global nbd_server
-object, but overlooked a use-after-free of nbd_server->listener.
-Although this race is harder to hit, notice that our shutdown path
-first drops the reference count of nbd_server->listener, then triggers
-actions that can result in a pending client reaching the
-nbd_blockdev_client_closed() callback, which in turn calls
-qio_net_listener_set_client_func on a potentially stale object.
-
-If we know we don't want any more clients to connect, and have already
-told the listener socket to shut down, then we should not be trying to
-update the listener socket's associated function.
-
-Reproducer:
-
-> #!/usr/bin/python3
->
-> import os
-> from threading import Thread
->
-> def start_stop():
-> while 1:
-> os.system('virsh qemu-monitor-command VM \'{"execute": "nbd-server-start",
-+"arguments":{"addr":{"type":"unix","data":{"path":"/tmp/nbd-sock"}}}}\'')
-> os.system('virsh qemu-monitor-command VM \'{"execute": "nbd-server-stop"}\'')
->
-> def nbd_list():
-> while 1:
-> os.system('/path/to/build/qemu-nbd -L -k /tmp/nbd-sock')
->
-> def test():
-> sst = Thread(target=start_stop)
-> sst.start()
-> nlt = Thread(target=nbd_list)
-> nlt.start()
->
-> sst.join()
-> nlt.join()
->
-> test()
-
-Fixes: CVE-2024-7409
-Fixes: 3e7ef738c8 ("nbd/server: CVE-2024-7409: Close stray clients at server-stop")
-CC: qemu-stable@nongnu.org
-Reported-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-ID: <20240822143617.800419-2-eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-(cherry picked from commit 3874f5f73c441c52f1c699c848d463b0eda01e4c)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- blockdev-nbd.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index f73409ae49..b36f41b7c5 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -92,10 +92,13 @@ static void nbd_accept(QIONetListener *listener, QIOChannelSocket *cioc,
-
- static void nbd_update_server_watch(NBDServerData *s)
- {
-- if (!s->max_connections || s->connections < s->max_connections) {
-- qio_net_listener_set_client_func(s->listener, nbd_accept, NULL, NULL);
-- } else {
-- qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL);
-+ if (s->listener) {
-+ if (!s->max_connections || s->connections < s->max_connections) {
-+ qio_net_listener_set_client_func(s->listener, nbd_accept, NULL,
-+ NULL);
-+ } else {
-+ qio_net_listener_set_client_func(s->listener, NULL, NULL, NULL);
-+ }
- }
- }
-
-@@ -113,6 +116,7 @@ static void nbd_server_free(NBDServerData *server)
- */
- qio_net_listener_disconnect(server->listener);
- object_unref(OBJECT(server->listener));
-+ server->listener = NULL;
- QLIST_FOREACH_SAFE(conn, &server->conns, next, tmp) {
- qio_channel_shutdown(QIO_CHANNEL(conn->cioc), QIO_CHANNEL_SHUTDOWN_BOTH,
- NULL);
diff --git a/debian/patches/extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch b/debian/patches/extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch
deleted file mode 100644
index a185744..0000000
--- a/debian/patches/extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: David Hildenbrand <david@redhat.com>
-Date: Wed, 28 Aug 2024 11:07:43 +0200
-Subject: [PATCH] softmmu/physmem: fix memory leak in dirty_memory_extend()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-As reported by Peter, we might be leaking memory when removing the
-highest RAMBlock (in the weird ram_addr_t space), and adding a new one.
-
-We will fail to realize that we already allocated bitmaps for more
-dirty memory blocks, and effectively discard the pointers to them.
-
-Fix it by getting rid of last_ram_page() and by remembering the number
-of dirty memory blocks that have been allocated already.
-
-While at it, let's use "unsigned int" for the number of blocks, which
-should be sufficient until we reach ~32 exabytes.
-
-Looks like this leak was introduced as we switched from using a single
-bitmap_zero_extend() to allocating multiple bitmaps:
-bitmap_zero_extend() relies on g_renew() which should have taken care of
-this.
-
-Resolves: https://lkml.kernel.org/r/CAFEAcA-k7a+VObGAfCFNygQNfCKL=AfX6A4kScq=VSSK0peqPg@mail.gmail.com
-Reported-by: Peter Maydell <peter.maydell@linaro.org>
-Fixes: 5b82b703b69a ("memory: RCU ram_list.dirty_memory[] for safe RAM hotplug")
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Peter Xu <peterx@redhat.com>
-Tested-by: Peter Maydell <peter.maydell@linaro.org>
-Cc: qemu-stable@nongnu.org
-Cc: Stefan Hajnoczi <stefanha@redhat.com>
-Cc: Paolo Bonzini <pbonzini@redhat.com>
-Cc: Peter Xu <peterx@redhat.com>
-Cc: "Philippe Mathieu-Daudé" <philmd@linaro.org>
-Signed-off-by: David Hildenbrand <david@redhat.com>
-(picked from https://lore.kernel.org/qemu-devel/20240828090743.128647-1-david@redhat.com/)
-[FE: backport - remove not-yet-existing variable in context of hunk touching ram_block_add()]
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- include/exec/ramlist.h | 1 +
- system/physmem.c | 35 +++++++++--------------------------
- 2 files changed, 10 insertions(+), 26 deletions(-)
-
-diff --git a/include/exec/ramlist.h b/include/exec/ramlist.h
-index 2ad2a81acc..d9cfe530be 100644
---- a/include/exec/ramlist.h
-+++ b/include/exec/ramlist.h
-@@ -50,6 +50,7 @@ typedef struct RAMList {
- /* RCU-enabled, writes protected by the ramlist lock. */
- QLIST_HEAD(, RAMBlock) blocks;
- DirtyMemoryBlocks *dirty_memory[DIRTY_MEMORY_NUM];
-+ unsigned int num_dirty_blocks;
- uint32_t version;
- QLIST_HEAD(, RAMBlockNotifier) ramblock_notifiers;
- } RAMList;
-diff --git a/system/physmem.c b/system/physmem.c
-index a4fe3d2bf8..78f7db1121 100644
---- a/system/physmem.c
-+++ b/system/physmem.c
-@@ -1497,18 +1497,6 @@ static ram_addr_t find_ram_offset(ram_addr_t size)
- return offset;
- }
-
--static unsigned long last_ram_page(void)
--{
-- RAMBlock *block;
-- ram_addr_t last = 0;
--
-- RCU_READ_LOCK_GUARD();
-- RAMBLOCK_FOREACH(block) {
-- last = MAX(last, block->offset + block->max_length);
-- }
-- return last >> TARGET_PAGE_BITS;
--}
--
- static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
- {
- int ret;
-@@ -1762,13 +1750,11 @@ void qemu_ram_msync(RAMBlock *block, ram_addr_t start, ram_addr_t length)
- }
-
- /* Called with ram_list.mutex held */
--static void dirty_memory_extend(ram_addr_t old_ram_size,
-- ram_addr_t new_ram_size)
-+static void dirty_memory_extend(ram_addr_t new_ram_size)
- {
-- ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
-- DIRTY_MEMORY_BLOCK_SIZE);
-- ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
-- DIRTY_MEMORY_BLOCK_SIZE);
-+ unsigned int old_num_blocks = ram_list.num_dirty_blocks;
-+ unsigned int new_num_blocks = DIV_ROUND_UP(new_ram_size,
-+ DIRTY_MEMORY_BLOCK_SIZE);
- int i;
-
- /* Only need to extend if block count increased */
-@@ -1800,6 +1786,8 @@ static void dirty_memory_extend(ram_addr_t old_ram_size,
- g_free_rcu(old_blocks, rcu);
- }
- }
-+
-+ ram_list.num_dirty_blocks = new_num_blocks;
- }
-
- static void ram_block_add(RAMBlock *new_block, Error **errp)
-@@ -1808,11 +1796,9 @@ static void ram_block_add(RAMBlock *new_block, Error **errp)
- const bool shared = qemu_ram_is_shared(new_block);
- RAMBlock *block;
- RAMBlock *last_block = NULL;
-- ram_addr_t old_ram_size, new_ram_size;
-+ ram_addr_t ram_size;
- Error *err = NULL;
-
-- old_ram_size = last_ram_page();
--
- qemu_mutex_lock_ramlist();
- new_block->offset = find_ram_offset(new_block->max_length);
-
-@@ -1840,11 +1826,8 @@ static void ram_block_add(RAMBlock *new_block, Error **errp)
- }
- }
-
-- new_ram_size = MAX(old_ram_size,
-- (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
-- if (new_ram_size > old_ram_size) {
-- dirty_memory_extend(old_ram_size, new_ram_size);
-- }
-+ ram_size = (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS;
-+ dirty_memory_extend(ram_size);
- /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
- * QLIST (which has an RCU-friendly variant) does not have insertion at
- * tail, so save the last element in last_block.
diff --git a/debian/patches/extra/0037-block-reqlist-allow-adding-overlapping-requests.patch b/debian/patches/extra/0037-block-reqlist-allow-adding-overlapping-requests.patch
deleted file mode 100644
index 3a9e131..0000000
--- a/debian/patches/extra/0037-block-reqlist-allow-adding-overlapping-requests.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fiona Ebner <f.ebner@proxmox.com>
-Date: Thu, 7 Nov 2024 17:51:13 +0100
-Subject: [PATCH] block/reqlist: allow adding overlapping requests
-
-Allow overlapping request by removing the assert that made it
-impossible. There are only two callers:
-
-1. block_copy_task_create()
-
-It already asserts the very same condition before calling
-reqlist_init_req().
-
-2. cbw_snapshot_read_lock()
-
-There is no need to have read requests be non-overlapping in
-copy-before-write when used for snapshot-access. In fact, there was no
-protection against two callers of cbw_snapshot_read_lock() calling
-reqlist_init_req() with overlapping ranges and this could lead to an
-assertion failure [1].
-
-In particular, with the reproducer script below [0], two
-cbw_co_snapshot_block_status() callers could race, with the second
-calling reqlist_init_req() before the first one finishes and removes
-its conflicting request.
-
-[0]:
-
-> #!/bin/bash -e
-> dd if=/dev/urandom of=/tmp/disk.raw bs=1M count=1024
-> ./qemu-img create /tmp/fleecing.raw -f raw 1G
-> (
-> ./qemu-system-x86_64 --qmp stdio \
-> --blockdev raw,node-name=node0,file.driver=file,file.filename=/tmp/disk.raw \
-> --blockdev raw,node-name=node1,file.driver=file,file.filename=/tmp/fleecing.raw \
-> <<EOF
-> {"execute": "qmp_capabilities"}
-> {"execute": "blockdev-add", "arguments": { "driver": "copy-before-write", "file": "node0", "target": "node1", "node-name": "node3" } }
-> {"execute": "blockdev-add", "arguments": { "driver": "snapshot-access", "file": "node3", "node-name": "snap0" } }
-> {"execute": "nbd-server-start", "arguments": {"addr": { "type": "unix", "data": { "path": "/tmp/nbd.socket" } } } }
-> {"execute": "block-export-add", "arguments": {"id": "exp0", "node-name": "snap0", "type": "nbd", "name": "exp0"}}
-> EOF
-> ) &
-> sleep 5
-> while true; do
-> ./qemu-nbd -d /dev/nbd0
-> ./qemu-nbd -c /dev/nbd0 nbd:unix:/tmp/nbd.socket:exportname=exp0 -f raw -r
-> nbdinfo --map 'nbd+unix:///exp0?socket=/tmp/nbd.socket'
-> done
-
-[1]:
-
-> #5 0x000071e5f0088eb2 in __GI___assert_fail (...) at ./assert/assert.c:101
-> #6 0x0000615285438017 in reqlist_init_req (...) at ../block/reqlist.c:23
-> #7 0x00006152853e2d98 in cbw_snapshot_read_lock (...) at ../block/copy-before-write.c:237
-> #8 0x00006152853e3068 in cbw_co_snapshot_block_status (...) at ../block/copy-before-write.c:304
-> #9 0x00006152853f4d22 in bdrv_co_snapshot_block_status (...) at ../block/io.c:3726
-> #10 0x000061528543a63e in snapshot_access_co_block_status (...) at ../block/snapshot-access.c:48
-> #11 0x00006152853f1a0a in bdrv_co_do_block_status (...) at ../block/io.c:2474
-> #12 0x00006152853f2016 in bdrv_co_common_block_status_above (...) at ../block/io.c:2652
-> #13 0x00006152853f22cf in bdrv_co_block_status_above (...) at ../block/io.c:2732
-> #14 0x00006152853d9a86 in blk_co_block_status_above (...) at ../block/block-backend.c:1473
-> #15 0x000061528538da6c in blockstatus_to_extents (...) at ../nbd/server.c:2374
-> #16 0x000061528538deb1 in nbd_co_send_block_status (...) at ../nbd/server.c:2481
-> #17 0x000061528538f424 in nbd_handle_request (...) at ../nbd/server.c:2978
-> #18 0x000061528538f906 in nbd_trip (...) at ../nbd/server.c:3121
-> #19 0x00006152855a7caf in coroutine_trampoline (...) at ../util/coroutine-ucontext.c:175
-
-Cc: qemu-stable@nongnu.org
-Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
----
- block/copy-before-write.c | 3 ++-
- block/reqlist.c | 2 --
- 2 files changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/block/copy-before-write.c b/block/copy-before-write.c
-index 8aba27a71d..3698b3bc60 100644
---- a/block/copy-before-write.c
-+++ b/block/copy-before-write.c
-@@ -65,7 +65,8 @@ typedef struct BDRVCopyBeforeWriteState {
-
- /*
- * @frozen_read_reqs: current read requests for fleecing user in bs->file
-- * node. These areas must not be rewritten by guest.
-+ * node. These areas must not be rewritten by guest. There can be multiple
-+ * overlapping read requests.
- */
- BlockReqList frozen_read_reqs;
-
-diff --git a/block/reqlist.c b/block/reqlist.c
-index 08cb57cfa4..098e807378 100644
---- a/block/reqlist.c
-+++ b/block/reqlist.c
-@@ -20,8 +20,6 @@
- void reqlist_init_req(BlockReqList *reqs, BlockReq *req, int64_t offset,
- int64_t bytes)
- {
-- assert(!reqlist_find_conflict(reqs, offset, bytes));
--
- *req = (BlockReq) {
- .offset = offset,
- .bytes = bytes,
diff --git a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
index f68e0df..0e5a7d3 100644
--- a/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
+++ b/debian/patches/pve/0001-PVE-Config-block-file-change-locking-default-to-off.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index 35684f7e21..43bc0bd520 100644
+index ff928b5e85..99e5bea1cc 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -563,7 +563,7 @@ static QemuOptsList raw_runtime_opts = {
+@@ -564,7 +564,7 @@ static QemuOptsList raw_runtime_opts = {
{
.name = "locking",
.type = QEMU_OPT_STRING,
@@ -26,7 +26,7 @@ index 35684f7e21..43bc0bd520 100644
},
{
.name = "pr-manager",
-@@ -663,7 +663,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
+@@ -664,7 +664,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
s->use_lock = false;
break;
case ON_OFF_AUTO_AUTO:
diff --git a/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch b/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch
index 62bbda8..69efd94 100644
--- a/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch
+++ b/debian/patches/pve/0002-PVE-Config-Adjust-network-script-path-to-etc-kvm.patch
@@ -9,10 +9,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/net.h b/include/net/net.h
-index b1f9b35fcc..096c0d52e4 100644
+index c8f679761b..35a1338e40 100644
--- a/include/net/net.h
+++ b/include/net/net.h
-@@ -317,8 +317,8 @@ void netdev_add(QemuOpts *opts, Error **errp);
+@@ -309,8 +309,8 @@ void netdev_add(QemuOpts *opts, Error **errp);
int net_hub_id_for_client(NetClientState *nc, int *id);
NetClientState *net_hub_port_find(int hub_id);
diff --git a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
index 71236cf..74d94eb 100644
--- a/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
+++ b/debian/patches/pve/0003-PVE-Config-set-the-CPU-model-to-kvm64-32-instead-of-.patch
@@ -10,10 +10,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
-index 6b05738079..d82869900a 100644
+index fa027cc206..da7ef0cbe6 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
-@@ -2291,9 +2291,9 @@ uint64_t cpu_get_tsc(CPUX86State *env);
+@@ -2418,9 +2418,9 @@ uint64_t cpu_get_tsc(CPUX86State *env);
#define CPU_RESOLVING_TYPE TYPE_X86_CPU
#ifdef TARGET_X86_64
diff --git a/debian/patches/pve/0005-PVE-Config-glusterfs-no-default-logfile-if-daemonize.patch b/debian/patches/pve/0005-PVE-Config-glusterfs-no-default-logfile-if-daemonize.patch
index cb94976..6d4cc69 100644
--- a/debian/patches/pve/0005-PVE-Config-glusterfs-no-default-logfile-if-daemonize.patch
+++ b/debian/patches/pve/0005-PVE-Config-glusterfs-no-default-logfile-if-daemonize.patch
@@ -9,10 +9,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/block/gluster.c b/block/gluster.c
-index cc74af06dc..3ba9bbfa5e 100644
+index f8b415f381..02bde39d94 100644
--- a/block/gluster.c
+++ b/block/gluster.c
-@@ -43,7 +43,7 @@
+@@ -42,7 +42,7 @@
#define GLUSTER_DEBUG_DEFAULT 4
#define GLUSTER_DEBUG_MAX 9
#define GLUSTER_OPT_LOGFILE "logfile"
@@ -21,7 +21,7 @@ index cc74af06dc..3ba9bbfa5e 100644
/*
* Several versions of GlusterFS (3.12? -> 6.0.1) fail when the transfer size
* is greater or equal to 1024 MiB, so we are limiting the transfer size to 512
-@@ -425,6 +425,7 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
+@@ -421,6 +421,7 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
int old_errno;
SocketAddressList *server;
uint64_t port;
@@ -29,7 +29,7 @@ index cc74af06dc..3ba9bbfa5e 100644
glfs = glfs_find_preopened(gconf->volume);
if (glfs) {
-@@ -467,9 +468,15 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
+@@ -463,9 +464,15 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
}
}
diff --git a/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch b/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch
index 8881ab8..3b31de2 100644
--- a/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch
+++ b/debian/patches/pve/0006-PVE-Config-rbd-block-rbd-disable-rbd_cache_writethro.patch
@@ -18,7 +18,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+)
diff --git a/block/rbd.c b/block/rbd.c
-index 84bb2fa5d7..63f60d41be 100644
+index 9c0fd0cb3f..101ee59d6e 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -963,6 +963,8 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
diff --git a/debian/patches/pve/0007-PVE-Up-glusterfs-allow-partial-reads.patch b/debian/patches/pve/0007-PVE-Up-glusterfs-allow-partial-reads.patch
index 56f56f6..ddcaa1f 100644
--- a/debian/patches/pve/0007-PVE-Up-glusterfs-allow-partial-reads.patch
+++ b/debian/patches/pve/0007-PVE-Up-glusterfs-allow-partial-reads.patch
@@ -16,10 +16,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/block/gluster.c b/block/gluster.c
-index 3ba9bbfa5e..34936eb855 100644
+index 02bde39d94..36c00088cc 100644
--- a/block/gluster.c
+++ b/block/gluster.c
-@@ -58,6 +58,7 @@ typedef struct GlusterAIOCB {
+@@ -57,6 +57,7 @@ typedef struct GlusterAIOCB {
int ret;
Coroutine *coroutine;
AioContext *aio_context;
@@ -27,7 +27,7 @@ index 3ba9bbfa5e..34936eb855 100644
} GlusterAIOCB;
typedef struct BDRVGlusterState {
-@@ -753,8 +754,10 @@ static void gluster_finish_aiocb(struct glfs_fd *fd, ssize_t ret,
+@@ -749,8 +750,10 @@ static void gluster_finish_aiocb(struct glfs_fd *fd, ssize_t ret,
acb->ret = 0; /* Success */
} else if (ret < 0) {
acb->ret = -errno; /* Read/Write failed */
@@ -39,7 +39,7 @@ index 3ba9bbfa5e..34936eb855 100644
}
aio_co_schedule(acb->aio_context, acb->coroutine);
-@@ -1023,6 +1026,7 @@ static coroutine_fn int qemu_gluster_co_pwrite_zeroes(BlockDriverState *bs,
+@@ -1019,6 +1022,7 @@ static coroutine_fn int qemu_gluster_co_pwrite_zeroes(BlockDriverState *bs,
acb.ret = 0;
acb.coroutine = qemu_coroutine_self();
acb.aio_context = bdrv_get_aio_context(bs);
@@ -47,7 +47,7 @@ index 3ba9bbfa5e..34936eb855 100644
ret = glfs_zerofill_async(s->fd, offset, bytes, gluster_finish_aiocb, &acb);
if (ret < 0) {
-@@ -1203,9 +1207,11 @@ static coroutine_fn int qemu_gluster_co_rw(BlockDriverState *bs,
+@@ -1199,9 +1203,11 @@ static coroutine_fn int qemu_gluster_co_rw(BlockDriverState *bs,
acb.aio_context = bdrv_get_aio_context(bs);
if (write) {
@@ -59,7 +59,7 @@ index 3ba9bbfa5e..34936eb855 100644
ret = glfs_preadv_async(s->fd, qiov->iov, qiov->niov, offset, 0,
gluster_finish_aiocb, &acb);
}
-@@ -1268,6 +1274,7 @@ static coroutine_fn int qemu_gluster_co_flush_to_disk(BlockDriverState *bs)
+@@ -1264,6 +1270,7 @@ static coroutine_fn int qemu_gluster_co_flush_to_disk(BlockDriverState *bs)
acb.ret = 0;
acb.coroutine = qemu_coroutine_self();
acb.aio_context = bdrv_get_aio_context(bs);
@@ -67,7 +67,7 @@ index 3ba9bbfa5e..34936eb855 100644
ret = glfs_fsync_async(s->fd, gluster_finish_aiocb, &acb);
if (ret < 0) {
-@@ -1316,6 +1323,7 @@ static coroutine_fn int qemu_gluster_co_pdiscard(BlockDriverState *bs,
+@@ -1312,6 +1319,7 @@ static coroutine_fn int qemu_gluster_co_pdiscard(BlockDriverState *bs,
acb.ret = 0;
acb.coroutine = qemu_coroutine_self();
acb.aio_context = bdrv_get_aio_context(bs);
diff --git a/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch b/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch
index 4fc6215..6face40 100644
--- a/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch
+++ b/debian/patches/pve/0013-PVE-virtio-balloon-improve-query-balloon.patch
@@ -18,10 +18,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
4 files changed, 82 insertions(+), 4 deletions(-)
diff --git a/hw/core/machine-hmp-cmds.c b/hw/core/machine-hmp-cmds.c
-index a6ff6a4875..e7f74d1c63 100644
+index 8701f00cc7..3b4c5ef403 100644
--- a/hw/core/machine-hmp-cmds.c
+++ b/hw/core/machine-hmp-cmds.c
-@@ -175,7 +175,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict)
+@@ -179,7 +179,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict)
return;
}
@@ -103,10 +103,10 @@ index 609e39a821..8cb6dfcac3 100644
static void virtio_balloon_to_target(void *opaque, ram_addr_t target)
diff --git a/qapi/machine.json b/qapi/machine.json
-index e8b60641f2..2054cdc70d 100644
+index d4317435e7..db8ed2e357 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
-@@ -1079,9 +1079,29 @@
+@@ -1164,9 +1164,29 @@
# @actual: the logical size of the VM in bytes Formula used:
# logical_vm_size = vm_ram_size - balloon_size
#
diff --git a/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch b/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch
index 255faf5..274665d 100644
--- a/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch
+++ b/debian/patches/pve/0014-PVE-qapi-modify-query-machines.patch
@@ -13,10 +13,10 @@ Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/hw/core/machine-qmp-cmds.c b/hw/core/machine-qmp-cmds.c
-index 4b72009cd3..314351cdff 100644
+index 130217da8f..52a6d74820 100644
--- a/hw/core/machine-qmp-cmds.c
+++ b/hw/core/machine-qmp-cmds.c
-@@ -90,6 +90,12 @@ MachineInfoList *qmp_query_machines(Error **errp)
+@@ -90,6 +90,12 @@ MachineInfoList *qmp_query_machines(bool has_compat_props, bool compat_props,
info->numa_mem_supported = mc->numa_mem_supported;
info->deprecated = !!mc->deprecation_reason;
info->acpi = !!object_class_property_find(OBJECT_CLASS(mc), "acpi");
@@ -30,10 +30,10 @@ index 4b72009cd3..314351cdff 100644
info->default_cpu_type = g_strdup(mc->default_cpu_type);
}
diff --git a/qapi/machine.json b/qapi/machine.json
-index 2054cdc70d..a024d5b05d 100644
+index db8ed2e357..0c703316f5 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
-@@ -146,6 +146,8 @@
+@@ -168,6 +168,8 @@
#
# @is-default: whether the machine is default
#
@@ -42,7 +42,7 @@ index 2054cdc70d..a024d5b05d 100644
# @cpu-max: maximum number of CPUs supported by the machine type
# (since 1.5)
#
-@@ -170,7 +172,7 @@
+@@ -200,7 +202,7 @@
##
{ 'struct': 'MachineInfo',
'data': { 'name': 'str', '*alias': 'str',
@@ -50,4 +50,4 @@ index 2054cdc70d..a024d5b05d 100644
+ '*is-default': 'bool', '*is-current': 'bool', 'cpu-max': 'int',
'hotpluggable-cpus': 'bool', 'numa-mem-supported': 'bool',
'deprecated': 'bool', '*default-cpu-type': 'str',
- '*default-ram-id': 'str', 'acpi': 'bool' } }
+ '*default-ram-id': 'str', 'acpi': 'bool',
diff --git a/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch b/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch
index b1aff6a..ade3910 100644
--- a/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch
+++ b/debian/patches/pve/0015-PVE-qapi-modify-spice-query.patch
@@ -14,10 +14,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2 files changed, 7 insertions(+)
diff --git a/qapi/ui.json b/qapi/ui.json
-index f610bce118..6ea26a9acb 100644
+index 8c8464faac..cebda37f8f 100644
--- a/qapi/ui.json
+++ b/qapi/ui.json
-@@ -314,11 +314,14 @@
+@@ -312,11 +312,14 @@
#
# @channels: a list of @SpiceChannel for each active spice channel
#
diff --git a/debian/patches/pve/0016-PVE-add-IOChannel-implementation-for-savevm-async.patch b/debian/patches/pve/0016-PVE-add-IOChannel-implementation-for-savevm-async.patch
index 875fe26..fb825fa 100644
--- a/debian/patches/pve/0016-PVE-add-IOChannel-implementation-for-savevm-async.patch
+++ b/debian/patches/pve/0016-PVE-add-IOChannel-implementation-for-savevm-async.patch
@@ -271,7 +271,7 @@ index 0000000000..17ae2cb261
+
+#endif /* QIO_CHANNEL_SAVEVM_ASYNC_H */
diff --git a/migration/meson.build b/migration/meson.build
-index 1eeb915ff6..95d1cf2250 100644
+index 5ce2acb41e..020127d901 100644
--- a/migration/meson.build
+++ b/migration/meson.build
@@ -13,6 +13,7 @@ system_ss.add(files(
diff --git a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
index b0e75e9..f1053f4 100644
--- a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
+++ b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
@@ -37,20 +37,20 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
include/migration/snapshot.h | 2 +
include/monitor/hmp.h | 3 +
migration/meson.build | 1 +
- migration/savevm-async.c | 545 +++++++++++++++++++++++++++++++++++
+ migration/savevm-async.c | 540 +++++++++++++++++++++++++++++++++++
monitor/hmp-cmds.c | 38 +++
qapi/migration.json | 34 +++
qapi/misc.json | 18 ++
qemu-options.hx | 12 +
system/vl.c | 10 +
- 11 files changed, 693 insertions(+)
+ 11 files changed, 688 insertions(+)
create mode 100644 migration/savevm-async.c
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
-index ad1b1306e3..d5ab880492 100644
+index c59cd6637b..d1a7b99add 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
-@@ -525,6 +525,19 @@ SRST
+@@ -512,6 +512,19 @@ SRST
Show current migration parameters.
ERST
@@ -71,10 +71,10 @@ index ad1b1306e3..d5ab880492 100644
.name = "balloon",
.args_type = "",
diff --git a/hmp-commands.hx b/hmp-commands.hx
-index 2e2a3bcf98..7506de251c 100644
+index 06746f0afc..0c7c6f2c16 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
-@@ -1862,3 +1862,20 @@ SRST
+@@ -1859,3 +1859,20 @@ SRST
List event channels in the guest
ERST
#endif
@@ -107,7 +107,7 @@ index 9e4dcaaa75..2581730d74 100644
+
#endif
diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h
-index 13f9a2dedb..7a7def7530 100644
+index ae116d9804..2596cc2426 100644
--- a/include/monitor/hmp.h
+++ b/include/monitor/hmp.h
@@ -28,6 +28,7 @@ void hmp_info_status(Monitor *mon, const QDict *qdict);
@@ -118,7 +118,7 @@ index 13f9a2dedb..7a7def7530 100644
void hmp_info_migrate(Monitor *mon, const QDict *qdict);
void hmp_info_migrate_capabilities(Monitor *mon, const QDict *qdict);
void hmp_info_migrate_parameters(Monitor *mon, const QDict *qdict);
-@@ -94,6 +95,8 @@ void hmp_closefd(Monitor *mon, const QDict *qdict);
+@@ -92,6 +93,8 @@ void hmp_closefd(Monitor *mon, const QDict *qdict);
void hmp_mouse_move(Monitor *mon, const QDict *qdict);
void hmp_mouse_button(Monitor *mon, const QDict *qdict);
void hmp_mouse_set(Monitor *mon, const QDict *qdict);
@@ -128,10 +128,10 @@ index 13f9a2dedb..7a7def7530 100644
void coroutine_fn hmp_screendump(Monitor *mon, const QDict *qdict);
void hmp_chardev_add(Monitor *mon, const QDict *qdict);
diff --git a/migration/meson.build b/migration/meson.build
-index 95d1cf2250..800f12a60d 100644
+index 020127d901..4b0c4f0f51 100644
--- a/migration/meson.build
+++ b/migration/meson.build
-@@ -28,6 +28,7 @@ system_ss.add(files(
+@@ -27,6 +27,7 @@ system_ss.add(files(
'options.c',
'postcopy-ram.c',
'savevm.c',
@@ -141,10 +141,10 @@ index 95d1cf2250..800f12a60d 100644
'threadinfo.c',
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
new file mode 100644
-index 0000000000..1af32604c7
+index 0000000000..4f1ef0ebd8
--- /dev/null
+++ b/migration/savevm-async.c
-@@ -0,0 +1,545 @@
+@@ -0,0 +1,540 @@
+#include "qemu/osdep.h"
+#include "migration/channel-savevm-async.h"
+#include "migration/migration.h"
@@ -489,13 +489,8 @@ index 0000000000..1af32604c7
+ }
+
+ if (migration_is_running()) {
-+ error_set(errp, ERROR_CLASS_GENERIC_ERROR, QERR_MIGRATION_ACTIVE);
-+ return;
-+ }
-+
-+ if (migrate_block()) {
+ error_set(errp, ERROR_CLASS_GENERIC_ERROR,
-+ "Block migration and snapshots are incompatible");
++ "There's a migration process in progress");
+ return;
+ }
+
@@ -558,7 +553,7 @@ index 0000000000..1af32604c7
+ snap_state.finalize_bh = qemu_bh_new(process_savevm_finalize, &snap_state);
+ snap_state.co = qemu_coroutine_create(&process_savevm_co, NULL);
+ qemu_savevm_state_header(snap_state.file);
-+ qemu_savevm_state_setup(snap_state.file);
++ qemu_savevm_state_setup(snap_state.file, &local_err);
+
+ /* Async processing from here on out happens in iohandler context, so let
+ * the target bdrv have its home there.
@@ -691,21 +686,21 @@ index 0000000000..1af32604c7
+ return ret;
+}
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index 871898ac46..ef4634e5c1 100644
+index f601d06ab8..874084565f 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
-@@ -22,6 +22,7 @@
- #include "monitor/monitor-internal.h"
+@@ -24,6 +24,7 @@
#include "qapi/error.h"
#include "qapi/qapi-commands-control.h"
+ #include "qapi/qapi-commands-machine.h"
+#include "qapi/qapi-commands-migration.h"
#include "qapi/qapi-commands-misc.h"
#include "qapi/qmp/qdict.h"
#include "qemu/cutils.h"
-@@ -443,3 +444,40 @@ void hmp_info_mtree(Monitor *mon, const QDict *qdict)
-
- mtree_info(flatview, dispatch_tree, owner, disabled);
+@@ -434,3 +435,40 @@ void hmp_dumpdtb(Monitor *mon, const QDict *qdict)
+ monitor_printf(mon, "dtb dumped to %s", filename);
}
+ #endif
+
+void hmp_savevm_start(Monitor *mon, const QDict *qdict)
+{
@@ -744,10 +739,10 @@ index 871898ac46..ef4634e5c1 100644
+ }
+}
diff --git a/qapi/migration.json b/qapi/migration.json
-index 8c65b90328..ed20d066cd 100644
+index 7324571e92..d6e94a7c41 100644
--- a/qapi/migration.json
+++ b/qapi/migration.json
-@@ -297,6 +297,40 @@
+@@ -276,6 +276,40 @@
'*dirty-limit-throttle-time-per-round': 'uint64',
'*dirty-limit-ring-full-time': 'uint64'} }
@@ -789,7 +784,7 @@ index 8c65b90328..ed20d066cd 100644
# @query-migrate:
#
diff --git a/qapi/misc.json b/qapi/misc.json
-index ec30e5c570..3c68633f68 100644
+index 559b66f201..7959e89c1e 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -454,6 +454,24 @@
@@ -818,10 +813,10 @@ index ec30e5c570..3c68633f68 100644
# @CommandLineParameterType:
#
diff --git a/qemu-options.hx b/qemu-options.hx
-index 8ce85d4559..511ab9415e 100644
+index d94e2cbbae..07730f9e65 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
-@@ -4610,6 +4610,18 @@ SRST
+@@ -4805,6 +4805,18 @@ SRST
Start right away with a saved state (``loadvm`` in monitor)
ERST
@@ -841,10 +836,10 @@ index 8ce85d4559..511ab9415e 100644
DEF("daemonize", 0, QEMU_OPTION_daemonize, \
"-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL)
diff --git a/system/vl.c b/system/vl.c
-index c644222982..2738ab7c91 100644
+index 01b8b8e77a..d6bbdc906e 100644
--- a/system/vl.c
+++ b/system/vl.c
-@@ -163,6 +163,7 @@ static const char *accelerators;
+@@ -164,6 +164,7 @@ static const char *accelerators;
static bool have_custom_ram_size;
static const char *ram_memdev_id;
static QDict *machine_opts_dict;
@@ -852,7 +847,7 @@ index c644222982..2738ab7c91 100644
static QTAILQ_HEAD(, ObjectOption) object_opts = QTAILQ_HEAD_INITIALIZER(object_opts);
static QTAILQ_HEAD(, DeviceOption) device_opts = QTAILQ_HEAD_INITIALIZER(device_opts);
static int display_remote;
-@@ -2712,6 +2713,12 @@ void qmp_x_exit_preconfig(Error **errp)
+@@ -2727,6 +2728,12 @@ void qmp_x_exit_preconfig(Error **errp)
RunState state = autostart ? RUN_STATE_RUNNING : runstate_get();
load_snapshot(loadvm, NULL, false, NULL, &error_fatal);
load_snapshot_resume(state);
@@ -865,7 +860,7 @@ index c644222982..2738ab7c91 100644
}
if (replay_mode != REPLAY_MODE_NONE) {
replay_vmstate_init();
-@@ -3259,6 +3266,9 @@ void qemu_init(int argc, char **argv)
+@@ -3275,6 +3282,9 @@ void qemu_init(int argc, char **argv)
case QEMU_OPTION_loadvm:
loadvm = optarg;
break;
diff --git a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
index 92bc9f2..176ce0a 100644
--- a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
+++ b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
@@ -13,16 +13,16 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
[FE: adapt to removal of QEMUFileOps]
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
- migration/qemu-file.c | 50 +++++++++++++++++++++++++++-------------
+ migration/qemu-file.c | 48 +++++++++++++++++++++++++++-------------
migration/qemu-file.h | 2 ++
- migration/savevm-async.c | 5 ++--
- 3 files changed, 39 insertions(+), 18 deletions(-)
+ migration/savevm-async.c | 5 +++--
+ 3 files changed, 38 insertions(+), 17 deletions(-)
diff --git a/migration/qemu-file.c b/migration/qemu-file.c
-index a10882d47f..19c1de0472 100644
+index b6d2f588bd..754dc0b3f7 100644
--- a/migration/qemu-file.c
+++ b/migration/qemu-file.c
-@@ -35,8 +35,8 @@
+@@ -34,8 +34,8 @@
#include "rdma.h"
#include "io/channel-file.h"
@@ -33,7 +33,7 @@ index a10882d47f..19c1de0472 100644
struct QEMUFile {
QIOChannel *ioc;
-@@ -44,7 +44,8 @@ struct QEMUFile {
+@@ -43,7 +43,8 @@ struct QEMUFile {
int buf_index;
int buf_size; /* 0 when writing */
@@ -43,7 +43,7 @@ index a10882d47f..19c1de0472 100644
DECLARE_BITMAP(may_free, MAX_IOV_SIZE);
struct iovec iov[MAX_IOV_SIZE];
-@@ -101,7 +102,9 @@ int qemu_file_shutdown(QEMUFile *f)
+@@ -100,7 +101,9 @@ int qemu_file_shutdown(QEMUFile *f)
return 0;
}
@@ -54,7 +54,7 @@ index a10882d47f..19c1de0472 100644
{
QEMUFile *f;
-@@ -110,6 +113,8 @@ static QEMUFile *qemu_file_new_impl(QIOChannel *ioc, bool is_writable)
+@@ -109,6 +112,8 @@ static QEMUFile *qemu_file_new_impl(QIOChannel *ioc, bool is_writable)
object_ref(ioc);
f->ioc = ioc;
f->is_writable = is_writable;
@@ -63,7 +63,7 @@ index a10882d47f..19c1de0472 100644
return f;
}
-@@ -120,17 +125,27 @@ static QEMUFile *qemu_file_new_impl(QIOChannel *ioc, bool is_writable)
+@@ -119,17 +124,27 @@ static QEMUFile *qemu_file_new_impl(QIOChannel *ioc, bool is_writable)
*/
QEMUFile *qemu_file_get_return_path(QEMUFile *f)
{
@@ -94,7 +94,7 @@ index a10882d47f..19c1de0472 100644
}
/*
-@@ -328,7 +343,7 @@ static ssize_t coroutine_mixed_fn qemu_fill_buffer(QEMUFile *f)
+@@ -327,7 +342,7 @@ static ssize_t coroutine_mixed_fn qemu_fill_buffer(QEMUFile *f)
do {
len = qio_channel_read(f->ioc,
(char *)f->buf + pending,
@@ -103,7 +103,7 @@ index a10882d47f..19c1de0472 100644
&local_error);
if (len == QIO_CHANNEL_ERR_BLOCK) {
if (qemu_in_coroutine()) {
-@@ -368,6 +383,9 @@ int qemu_fclose(QEMUFile *f)
+@@ -367,6 +382,9 @@ int qemu_fclose(QEMUFile *f)
ret = ret2;
}
g_clear_pointer(&f->ioc, object_unref);
@@ -113,7 +113,7 @@ index a10882d47f..19c1de0472 100644
error_free(f->last_error_obj);
g_free(f);
trace_qemu_file_fclose();
-@@ -416,7 +434,7 @@ static void add_buf_to_iovec(QEMUFile *f, size_t len)
+@@ -415,7 +433,7 @@ static void add_buf_to_iovec(QEMUFile *f, size_t len)
{
if (!add_to_iovec(f, f->buf + f->buf_index, len, false)) {
f->buf_index += len;
@@ -122,7 +122,7 @@ index a10882d47f..19c1de0472 100644
qemu_fflush(f);
}
}
-@@ -441,7 +459,7 @@ void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, size_t size)
+@@ -440,7 +458,7 @@ void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, size_t size)
}
while (size > 0) {
@@ -131,7 +131,7 @@ index a10882d47f..19c1de0472 100644
if (l > size) {
l = size;
}
-@@ -587,8 +605,8 @@ size_t coroutine_mixed_fn qemu_peek_buffer(QEMUFile *f, uint8_t **buf, size_t si
+@@ -586,8 +604,8 @@ size_t coroutine_mixed_fn qemu_peek_buffer(QEMUFile *f, uint8_t **buf, size_t si
size_t index;
assert(!qemu_file_is_writable(f));
@@ -142,7 +142,7 @@ index a10882d47f..19c1de0472 100644
/* The 1st byte to read from */
index = f->buf_index + offset;
-@@ -638,7 +656,7 @@ size_t coroutine_mixed_fn qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size
+@@ -637,7 +655,7 @@ size_t coroutine_mixed_fn qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size
size_t res;
uint8_t *src;
@@ -151,7 +151,7 @@ index a10882d47f..19c1de0472 100644
if (res == 0) {
return done;
}
-@@ -672,7 +690,7 @@ size_t coroutine_mixed_fn qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size
+@@ -671,7 +689,7 @@ size_t coroutine_mixed_fn qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size
*/
size_t coroutine_mixed_fn qemu_get_buffer_in_place(QEMUFile *f, uint8_t **buf, size_t size)
{
@@ -160,7 +160,7 @@ index a10882d47f..19c1de0472 100644
size_t res;
uint8_t *src = NULL;
-@@ -697,7 +715,7 @@ int coroutine_mixed_fn qemu_peek_byte(QEMUFile *f, int offset)
+@@ -696,7 +714,7 @@ int coroutine_mixed_fn qemu_peek_byte(QEMUFile *f, int offset)
int index = f->buf_index + offset;
assert(!qemu_file_is_writable(f));
@@ -169,17 +169,8 @@ index a10882d47f..19c1de0472 100644
if (index >= f->buf_size) {
qemu_fill_buffer(f);
-@@ -811,7 +829,7 @@ static int qemu_compress_data(z_stream *stream, uint8_t *dest, size_t dest_len,
- ssize_t qemu_put_compression_data(QEMUFile *f, z_stream *stream,
- const uint8_t *p, size_t size)
- {
-- ssize_t blen = IO_BUF_SIZE - f->buf_index - sizeof(int32_t);
-+ ssize_t blen = f->buf_allocated_size - f->buf_index - sizeof(int32_t);
-
- if (blen < compressBound(size)) {
- return -1;
diff --git a/migration/qemu-file.h b/migration/qemu-file.h
-index 32fd4a34fd..36a0cd8cc8 100644
+index 11c2120edd..edf3c5d147 100644
--- a/migration/qemu-file.h
+++ b/migration/qemu-file.h
@@ -30,7 +30,9 @@
@@ -193,10 +184,10 @@ index 32fd4a34fd..36a0cd8cc8 100644
/*
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
-index 1af32604c7..be2035cd2e 100644
+index 4f1ef0ebd8..84e10b2c4c 100644
--- a/migration/savevm-async.c
+++ b/migration/savevm-async.c
-@@ -386,7 +386,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
+@@ -381,7 +381,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
QIOChannel *ioc = QIO_CHANNEL(qio_channel_savevm_async_new(snap_state.target,
&snap_state.bs_pos));
@@ -205,7 +196,7 @@ index 1af32604c7..be2035cd2e 100644
if (!snap_state.file) {
error_set(errp, ERROR_CLASS_GENERIC_ERROR, "failed to open '%s'", statefile);
-@@ -510,7 +510,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
+@@ -505,7 +505,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
blk_op_block_all(be, blocker);
/* restore the VM state */
diff --git a/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch b/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch
index 7464ca5..360f54e 100644
--- a/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch
+++ b/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch
@@ -15,7 +15,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
create mode 100644 block/zeroinit.c
diff --git a/block/meson.build b/block/meson.build
-index e1f03fd773..b530e117b5 100644
+index f1262ec2ba..6a60b5d6b9 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -39,6 +39,7 @@ block_ss.add(files(
@@ -23,12 +23,12 @@ index e1f03fd773..b530e117b5 100644
'throttle-groups.c',
'write-threshold.c',
+ 'zeroinit.c',
- ), zstd, zlib, gnutls)
+ ), zstd, zlib)
system_ss.add(when: 'CONFIG_TCG', if_true: files('blkreplay.c'))
diff --git a/block/zeroinit.c b/block/zeroinit.c
new file mode 100644
-index 0000000000..7998c9332d
+index 0000000000..2b2b194ccf
--- /dev/null
+++ b/block/zeroinit.c
@@ -0,0 +1,207 @@
@@ -212,7 +212,7 @@ index 0000000000..7998c9332d
+ .instance_size = sizeof(BDRVZeroinitState),
+
+ .bdrv_parse_filename = zeroinit_parse_filename,
-+ .bdrv_file_open = zeroinit_open,
++ .bdrv_open = zeroinit_open,
+ .bdrv_close = zeroinit_close,
+ .bdrv_co_getlength = zeroinit_co_getlength,
+ .bdrv_child_perm = bdrv_default_perms,
diff --git a/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch b/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch
index bc472b0..d69cfab 100644
--- a/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch
+++ b/debian/patches/pve/0020-PVE-Add-dummy-id-command-line-parameter.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 11 insertions(+)
diff --git a/qemu-options.hx b/qemu-options.hx
-index 511ab9415e..92e301d545 100644
+index 07730f9e65..7fdc944965 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
-@@ -1237,6 +1237,9 @@ legacy PC, they are not recommended for modern configurations.
+@@ -1239,6 +1239,9 @@ legacy PC, they are not recommended for modern configurations.
ERST
@@ -28,10 +28,10 @@ index 511ab9415e..92e301d545 100644
"-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL)
DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL)
diff --git a/system/vl.c b/system/vl.c
-index 2738ab7c91..20ebf2c920 100644
+index d6bbdc906e..200468a753 100644
--- a/system/vl.c
+++ b/system/vl.c
-@@ -2748,6 +2748,7 @@ void qemu_init(int argc, char **argv)
+@@ -2764,6 +2764,7 @@ void qemu_init(int argc, char **argv)
MachineClass *machine_class;
bool userconfig = true;
FILE *vmstate_dump_file = NULL;
@@ -39,7 +39,7 @@ index 2738ab7c91..20ebf2c920 100644
qemu_add_opts(&qemu_drive_opts);
qemu_add_drive_opts(&qemu_legacy_drive_opts);
-@@ -3371,6 +3372,13 @@ void qemu_init(int argc, char **argv)
+@@ -3387,6 +3388,13 @@ void qemu_init(int argc, char **argv)
machine_parse_property_opt(qemu_find_opts("smp-opts"),
"smp", optarg);
break;
diff --git a/debian/patches/pve/0021-PVE-Config-Revert-target-i386-disable-LINT0-after-re.patch b/debian/patches/pve/0021-PVE-Config-Revert-target-i386-disable-LINT0-after-re.patch
index 9845cf2..016810d 100644
--- a/debian/patches/pve/0021-PVE-Config-Revert-target-i386-disable-LINT0-after-re.patch
+++ b/debian/patches/pve/0021-PVE-Config-Revert-target-i386-disable-LINT0-after-re.patch
@@ -11,7 +11,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 9 insertions(+)
diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
-index d8fc1e2815..789694b8b3 100644
+index c13cdd7994..fd5808cdc0 100644
--- a/hw/intc/apic_common.c
+++ b/hw/intc/apic_common.c
@@ -263,6 +263,15 @@ static void apic_reset_common(DeviceState *dev)
diff --git a/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch b/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
index 8b7439c..ec053d8 100644
--- a/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
+++ b/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch
@@ -13,10 +13,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 46 insertions(+), 20 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index 43bc0bd520..60e98c87f1 100644
+index 99e5bea1cc..6a4f6a25e6 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -2876,6 +2876,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2884,6 +2884,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
int fd;
uint64_t perm, shared;
int result = 0;
@@ -24,7 +24,7 @@ index 43bc0bd520..60e98c87f1 100644
/* Validate options and set default values */
assert(options->driver == BLOCKDEV_DRIVER_FILE);
-@@ -2916,19 +2917,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2924,19 +2925,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
perm = BLK_PERM_WRITE | BLK_PERM_RESIZE;
shared = BLK_PERM_ALL & ~BLK_PERM_RESIZE;
@@ -59,7 +59,7 @@ index 43bc0bd520..60e98c87f1 100644
}
/* Clear the file by truncating it to 0 */
-@@ -2982,13 +2986,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2990,13 +2994,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
}
out_unlock:
@@ -82,7 +82,7 @@ index 43bc0bd520..60e98c87f1 100644
}
out_close:
-@@ -3012,6 +3018,7 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
+@@ -3020,6 +3026,7 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
PreallocMode prealloc;
char *buf = NULL;
Error *local_err = NULL;
@@ -90,7 +90,7 @@ index 43bc0bd520..60e98c87f1 100644
/* Skip file: protocol prefix */
strstart(filename, "file:", &filename);
-@@ -3034,6 +3041,18 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
+@@ -3042,6 +3049,18 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
return -EINVAL;
}
@@ -109,7 +109,7 @@ index 43bc0bd520..60e98c87f1 100644
options = (BlockdevCreateOptions) {
.driver = BLOCKDEV_DRIVER_FILE,
.u.file = {
-@@ -3045,6 +3064,8 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
+@@ -3053,6 +3072,8 @@ raw_co_create_opts(BlockDriver *drv, const char *filename,
.nocow = nocow,
.has_extent_size_hint = has_extent_size_hint,
.extent_size_hint = extent_size_hint,
@@ -119,10 +119,10 @@ index 43bc0bd520..60e98c87f1 100644
};
return raw_co_create(&options, errp);
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 905da8be72..3db587a6e4 100644
+index c2a337cc04..1cb6f04db3 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -4956,6 +4956,10 @@
+@@ -4959,6 +4959,10 @@
# @extent-size-hint: Extent size hint to add to the image file; 0 for
# not adding an extent size hint (default: 1 MB, since 5.1)
#
@@ -133,7 +133,7 @@ index 905da8be72..3db587a6e4 100644
# Since: 2.12
##
{ 'struct': 'BlockdevCreateOptionsFile',
-@@ -4963,7 +4967,8 @@
+@@ -4966,7 +4970,8 @@
'size': 'size',
'*preallocation': 'PreallocMode',
'*nocow': 'bool',
diff --git a/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch b/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch
index e3c7ba1..c7e00c9 100644
--- a/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch
+++ b/debian/patches/pve/0023-PVE-monitor-disable-oob-capability.patch
@@ -18,10 +18,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/monitor/qmp.c b/monitor/qmp.c
-index 589c9524f8..2505dd658a 100644
+index eb181d5979..20fc0d20a6 100644
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
-@@ -536,8 +536,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp)
+@@ -534,8 +534,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error **errp)
qemu_chr_fe_set_echo(&mon->common.chr, true);
/* Note: we run QMP monitor in I/O thread when @chr supports that */
diff --git a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
index a7630d2..74bc24e 100644
--- a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
+++ b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch
@@ -26,10 +26,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/core/machine.c b/hw/core/machine.c
-index 4273de16a0..83f1fc0293 100644
+index 27dcda0248..7a13e9f014 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
-@@ -162,7 +162,8 @@ GlobalProperty hw_compat_4_0[] = {
+@@ -173,7 +173,8 @@ GlobalProperty hw_compat_4_0[] = {
{ "virtio-vga", "edid", "false" },
{ "virtio-gpu-device", "edid", "false" },
{ "virtio-device", "use-started", "false" },
diff --git a/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch b/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch
index eb27304..70c1d15 100644
--- a/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch
+++ b/debian/patches/pve/0025-PVE-Allow-version-code-in-machine-type.patch
@@ -16,15 +16,15 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
hw/core/machine-qmp-cmds.c | 5 +++++
include/hw/boards.h | 2 ++
- qapi/machine.json | 4 +++-
- system/vl.c | 25 +++++++++++++++++++++++++
- 4 files changed, 35 insertions(+), 1 deletion(-)
+ qapi/machine.json | 3 +++
+ system/vl.c | 24 ++++++++++++++++++++++++
+ 4 files changed, 34 insertions(+)
diff --git a/hw/core/machine-qmp-cmds.c b/hw/core/machine-qmp-cmds.c
-index 314351cdff..628a3537c5 100644
+index 52a6d74820..362128842d 100644
--- a/hw/core/machine-qmp-cmds.c
+++ b/hw/core/machine-qmp-cmds.c
-@@ -94,6 +94,11 @@ MachineInfoList *qmp_query_machines(Error **errp)
+@@ -94,6 +94,11 @@ MachineInfoList *qmp_query_machines(bool has_compat_props, bool compat_props,
if (strcmp(mc->name, MACHINE_GET_CLASS(current_machine)->name) == 0) {
info->has_is_current = true;
info->is_current = true;
@@ -37,10 +37,10 @@ index 314351cdff..628a3537c5 100644
if (mc->default_cpu_type) {
diff --git a/include/hw/boards.h b/include/hw/boards.h
-index 8b8f6d5c00..dd6d0a1447 100644
+index 48ff6d8b93..5cddeb7fcb 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
-@@ -246,6 +246,8 @@ struct MachineClass {
+@@ -252,6 +252,8 @@ struct MachineClass {
const char *desc;
const char *deprecation_reason;
@@ -50,52 +50,51 @@ index 8b8f6d5c00..dd6d0a1447 100644
void (*reset)(MachineState *state, ShutdownCause reason);
void (*wakeup)(MachineState *state);
diff --git a/qapi/machine.json b/qapi/machine.json
-index a024d5b05d..1d69bffaa0 100644
+index 0c703316f5..dc46a3e93f 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
-@@ -168,6 +168,8 @@
+@@ -190,6 +190,8 @@
#
# @acpi: machine type supports ACPI (since 8.0)
#
+# @pve-version: custom PVE version suffix specified as 'machine+pveN'
+#
- # Since: 1.2
- ##
- { 'struct': 'MachineInfo',
-@@ -175,7 +177,7 @@
- '*is-default': 'bool', '*is-current': 'bool', 'cpu-max': 'int',
+ # @compat-props: The machine type's compatibility properties. Only
+ # present when query-machines argument @compat-props is true.
+ # (since 9.1)
+@@ -206,6 +208,7 @@
'hotpluggable-cpus': 'bool', 'numa-mem-supported': 'bool',
'deprecated': 'bool', '*default-cpu-type': 'str',
-- '*default-ram-id': 'str', 'acpi': 'bool' } }
-+ '*default-ram-id': 'str', 'acpi': 'bool', '*pve-version': 'str' } }
+ '*default-ram-id': 'str', 'acpi': 'bool',
++ '*pve-version': 'str',
+ '*compat-props': { 'type': ['CompatProperty'],
+ 'features': ['unstable'] } } }
- ##
- # @query-machines:
diff --git a/system/vl.c b/system/vl.c
-index 20ebf2c920..4d39e32097 100644
+index 200468a753..0dbdba6421 100644
--- a/system/vl.c
+++ b/system/vl.c
-@@ -1659,6 +1659,7 @@ static const QEMUOption *lookup_opt(int argc, char **argv,
- static MachineClass *select_machine(QDict *qdict, Error **errp)
+@@ -1675,6 +1675,7 @@ static MachineClass *select_machine(QDict *qdict, Error **errp)
{
+ ERRP_GUARD();
const char *machine_type = qdict_get_try_str(qdict, "type");
+ const char *pvever = qdict_get_try_str(qdict, "pvever");
- GSList *machines = object_class_get_list(TYPE_MACHINE, false);
- MachineClass *machine_class;
- Error *local_err = NULL;
-@@ -1676,6 +1677,11 @@ static MachineClass *select_machine(QDict *qdict, Error **errp)
- }
- }
+ g_autoptr(GSList) machines = object_class_get_list(TYPE_MACHINE, false);
+ MachineClass *machine_class = NULL;
-+ if (machine_class) {
+@@ -1694,7 +1695,11 @@ static MachineClass *select_machine(QDict *qdict, Error **errp)
+ if (!machine_class) {
+ error_append_hint(errp,
+ "Use -machine help to list supported machines\n");
++ } else {
+ machine_class->pve_version = g_strdup(pvever);
+ qdict_del(qdict, "pvever");
-+ }
+ }
+
- g_slist_free(machines);
- if (local_err) {
- error_append_hint(&local_err, "Use -machine help to list supported machines\n");
-@@ -3313,12 +3319,31 @@ void qemu_init(int argc, char **argv)
+ return machine_class;
+ }
+
+@@ -3329,12 +3334,31 @@ void qemu_init(int argc, char **argv)
case QEMU_OPTION_machine:
{
bool help;
diff --git a/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch b/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch
index d6d7767..0f197ba 100644
--- a/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch
+++ b/debian/patches/pve/0027-PVE-Backup-add-vma-backup-format-code.patch
@@ -26,12 +26,12 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
create mode 100644 vma.h
diff --git a/block/meson.build b/block/meson.build
-index b530e117b5..b245daa98e 100644
+index 6a60b5d6b9..652c8cbdb7 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -42,6 +42,8 @@ block_ss.add(files(
'zeroinit.c',
- ), zstd, zlib, gnutls)
+ ), zstd, zlib)
+block_ss.add(files('../vma-writer.c'), libuuid)
+
@@ -39,10 +39,10 @@ index b530e117b5..b245daa98e 100644
system_ss.add(files('block-ram-registrar.c'))
diff --git a/meson.build b/meson.build
-index 91a0aa64c6..620cc594b2 100644
+index aa7ea85d0b..7eee5b4249 100644
--- a/meson.build
+++ b/meson.build
-@@ -1922,6 +1922,8 @@ endif
+@@ -2012,6 +2012,8 @@ endif
has_gettid = cc.has_function('gettid')
@@ -51,12 +51,12 @@ index 91a0aa64c6..620cc594b2 100644
# libselinux
selinux = dependency('libselinux',
required: get_option('selinux'),
-@@ -4023,6 +4025,9 @@ if have_tools
- dependencies: [blockdev, qemuutil, gnutls, selinux],
+@@ -4097,6 +4099,9 @@ if have_tools
+ dependencies: [blockdev, qemuutil, selinux],
install: true)
+ vma = executable('vma', files('vma.c', 'vma-reader.c') + genh,
-+ dependencies: [authz, block, crypto, io, qom], install: true)
++ dependencies: [authz, block, crypto, io, qemuutil, qom], install: true)
+
subdir('storage-daemon')
diff --git a/debian/patches/pve/0028-PVE-Backup-add-backup-dump-block-driver.patch b/debian/patches/pve/0028-PVE-Backup-add-backup-dump-block-driver.patch
index 722a22f..39bb0c3 100644
--- a/debian/patches/pve/0028-PVE-Backup-add-backup-dump-block-driver.patch
+++ b/debian/patches/pve/0028-PVE-Backup-add-backup-dump-block-driver.patch
@@ -247,7 +247,7 @@ index eba5b11493..1963e47ab9 100644
if (perf->max_chunk && perf->max_chunk < cluster_size) {
error_setg(errp, "Required max-chunk (%" PRIi64 ") is less than backup "
diff --git a/block/meson.build b/block/meson.build
-index b245daa98e..e99914eaa4 100644
+index 652c8cbdb7..e1cf5a2e65 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -4,6 +4,7 @@ block_ss.add(files(
@@ -259,7 +259,7 @@ index b245daa98e..e99914eaa4 100644
'blklogwrites.c',
'blkverify.c',
diff --git a/include/block/block_int-common.h b/include/block/block_int-common.h
-index 761276127e..b3e6697613 100644
+index ebb4e56a50..e717a74e5f 100644
--- a/include/block/block_int-common.h
+++ b/include/block/block_int-common.h
@@ -26,6 +26,7 @@
diff --git a/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch b/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
index 4cc9c97..7ed6dd2 100644
--- a/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
+++ b/debian/patches/pve/0030-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch
@@ -104,11 +104,11 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
create mode 100644 pve-backup.c
diff --git a/block/meson.build b/block/meson.build
-index e99914eaa4..6bba803f94 100644
+index e1cf5a2e65..2367e1ac1b 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -44,6 +44,11 @@ block_ss.add(files(
- ), zstd, zlib, gnutls)
+ ), zstd, zlib)
block_ss.add(files('../vma-writer.c'), libuuid)
+block_ss.add(files(
@@ -167,7 +167,7 @@ index bdf2eb50b6..439a7a14c8 100644
+ hmp_handle_error(mon, error);
+}
diff --git a/blockdev.c b/blockdev.c
-index ed8198f351..1054a69279 100644
+index 9cbd166674..8080c47fa6 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -37,6 +37,7 @@
@@ -179,10 +179,10 @@ index ed8198f351..1054a69279 100644
#include "monitor/monitor.h"
#include "qemu/error-report.h"
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
-index d5ab880492..6c97248d1b 100644
+index d1a7b99add..af588145ff 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
-@@ -471,6 +471,20 @@ SRST
+@@ -458,6 +458,20 @@ SRST
Show the current VM UUID.
ERST
@@ -204,7 +204,7 @@ index d5ab880492..6c97248d1b 100644
{
.name = "usernet",
diff --git a/hmp-commands.hx b/hmp-commands.hx
-index 7506de251c..d5f9c28194 100644
+index 0c7c6f2c16..bf8315f226 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -101,6 +101,35 @@ ERST
@@ -244,7 +244,7 @@ index 7506de251c..d5f9c28194 100644
{
diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h
-index 7a7def7530..cba7afe70c 100644
+index 2596cc2426..9dda91d65a 100644
--- a/include/monitor/hmp.h
+++ b/include/monitor/hmp.h
@@ -32,6 +32,7 @@ void hmp_info_savevm(Monitor *mon, const QDict *qdict);
@@ -255,7 +255,7 @@ index 7a7def7530..cba7afe70c 100644
void hmp_info_cpus(Monitor *mon, const QDict *qdict);
void hmp_info_vnc(Monitor *mon, const QDict *qdict);
void hmp_info_spice(Monitor *mon, const QDict *qdict);
-@@ -84,6 +85,8 @@ void hmp_change_vnc(Monitor *mon, const char *device, const char *target,
+@@ -82,6 +83,8 @@ void hmp_change_vnc(Monitor *mon, const char *device, const char *target,
void hmp_change_medium(Monitor *mon, const char *device, const char *target,
const char *arg, const char *read_only, bool force,
Error **errp);
@@ -265,10 +265,10 @@ index 7a7def7530..cba7afe70c 100644
void hmp_device_add(Monitor *mon, const QDict *qdict);
void hmp_device_del(Monitor *mon, const QDict *qdict);
diff --git a/meson.build b/meson.build
-index 620cc594b2..d16b97cf3c 100644
+index 7eee5b4249..979c452f74 100644
--- a/meson.build
+++ b/meson.build
-@@ -1923,6 +1923,7 @@ endif
+@@ -2013,6 +2013,7 @@ endif
has_gettid = cc.has_function('gettid')
libuuid = cc.find_library('uuid', required: true)
@@ -277,18 +277,18 @@ index 620cc594b2..d16b97cf3c 100644
# libselinux
selinux = dependency('libselinux',
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index ef4634e5c1..6e25279f42 100644
+index 874084565f..bedeb81f8c 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
-@@ -21,6 +21,7 @@
+@@ -22,6 +22,7 @@
#include "qemu/help_option.h"
#include "monitor/monitor-internal.h"
#include "qapi/error.h"
+#include "qapi/qapi-commands-block-core.h"
#include "qapi/qapi-commands-control.h"
+ #include "qapi/qapi-commands-machine.h"
#include "qapi/qapi-commands-migration.h"
- #include "qapi/qapi-commands-misc.h"
-@@ -144,6 +145,77 @@ void hmp_sync_profile(Monitor *mon, const QDict *qdict)
+@@ -119,6 +120,77 @@ void hmp_sync_profile(Monitor *mon, const QDict *qdict)
}
}
@@ -586,7 +586,7 @@ index 0000000000..8cbf645b2c
+#endif /* PROXMOX_BACKUP_CLIENT_H */
diff --git a/pve-backup.c b/pve-backup.c
new file mode 100644
-index 0000000000..c755bf302b
+index 0000000000..9f83ecb310
--- /dev/null
+++ b/pve-backup.c
@@ -0,0 +1,1092 @@
@@ -1194,7 +1194,7 @@ index 0000000000..c755bf302b
+ }
+ BlockDriverState *bs = blk_bs(blk);
+ if (!bdrv_co_is_inserted(bs)) {
-+ error_setg(errp, QERR_DEVICE_HAS_NO_MEDIUM, *d);
++ error_setg(errp, "Device '%s' has no medium", *d);
+ goto err;
+ }
+ PVEBackupDevInfo *di = g_new0(PVEBackupDevInfo, 1);
@@ -1683,7 +1683,7 @@ index 0000000000..c755bf302b
+ return ret;
+}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 3db587a6e4..d05fffce1d 100644
+index 1cb6f04db3..ac83c3495d 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -851,6 +851,239 @@
@@ -1825,7 +1825,7 @@ index 3db587a6e4..d05fffce1d 100644
+#
+# Cancel the current executing backup process.
+#
-+# Notes: This command succeeds even if there is no backup process running.
++# .. note:: This command succeeds even if there is no backup process running.
+#
+##
+{ 'command': 'backup-cancel', 'coroutine': true }
@@ -1927,7 +1927,7 @@ index 3db587a6e4..d05fffce1d 100644
# @BlockDeviceTimedStats:
#
diff --git a/qapi/common.json b/qapi/common.json
-index 7558ce5430..6e3d800373 100644
+index 7558ce5430..5c00bddeb7 100644
--- a/qapi/common.json
+++ b/qapi/common.json
@@ -200,3 +200,17 @@
@@ -1944,12 +1944,12 @@ index 7558ce5430..6e3d800373 100644
+#
+# Since: 0.14.0
+#
-+# Notes: If no UUID was specified for the guest, a null UUID is
++# .. note:: If no UUID was specified for the guest, a null UUID is
+# returned.
+##
+{ 'struct': 'UuidInfo', 'data': {'UUID': 'str'} }
diff --git a/qapi/machine.json b/qapi/machine.json
-index 1d69bffaa0..731d8d2f60 100644
+index dc46a3e93f..bd58d58fc5 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -4,6 +4,8 @@
@@ -1961,7 +1961,7 @@ index 1d69bffaa0..731d8d2f60 100644
##
# = Machines
##
-@@ -237,20 +239,6 @@
+@@ -303,20 +305,6 @@
##
{ 'command': 'query-target', 'returns': 'TargetInfo' }
@@ -1974,8 +1974,8 @@ index 1d69bffaa0..731d8d2f60 100644
-#
-# Since: 0.14
-#
--# Notes: If no UUID was specified for the guest, a null UUID is
--# returned.
+-# .. note:: If no UUID was specified for the guest, the nil UUID (all
+-# zeroes) is returned.
-##
-{ 'struct': 'UuidInfo', 'data': {'UUID': 'str'} }
-
diff --git a/debian/patches/pve/0031-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch b/debian/patches/pve/0031-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
index bde2cb2..5d6f956 100644
--- a/debian/patches/pve/0031-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
+++ b/debian/patches/pve/0031-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch
@@ -14,15 +14,15 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
create mode 100644 pbs-restore.c
diff --git a/meson.build b/meson.build
-index d16b97cf3c..6de51c34cb 100644
+index 979c452f74..426f382178 100644
--- a/meson.build
+++ b/meson.build
-@@ -4029,6 +4029,10 @@ if have_tools
+@@ -4103,6 +4103,10 @@ if have_tools
vma = executable('vma', files('vma.c', 'vma-reader.c') + genh,
- dependencies: [authz, block, crypto, io, qom], install: true)
+ dependencies: [authz, block, crypto, io, qemuutil, qom], install: true)
+ pbs_restore = executable('pbs-restore', files('pbs-restore.c') + genh,
-+ dependencies: [authz, block, crypto, io, qom,
++ dependencies: [authz, block, crypto, io, qemuutil, qom,
+ libproxmox_backup_qemu], install: true)
+
subdir('storage-daemon')
diff --git a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
index 02efb58..95b82a2 100644
--- a/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
+++ b/debian/patches/pve/0032-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch
@@ -15,15 +15,15 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
block/meson.build | 2 +
- block/pbs.c | 313 +++++++++++++++++++++++++++++++++++++++++++
+ block/pbs.c | 306 +++++++++++++++++++++++++++++++++++++++++++
meson.build | 2 +-
qapi/block-core.json | 29 ++++
qapi/pragma.json | 1 +
- 5 files changed, 346 insertions(+), 1 deletion(-)
+ 5 files changed, 339 insertions(+), 1 deletion(-)
create mode 100644 block/pbs.c
diff --git a/block/meson.build b/block/meson.build
-index 6bba803f94..1945e04eeb 100644
+index 2367e1ac1b..e178047ec9 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -49,6 +49,8 @@ block_ss.add(files(
@@ -37,10 +37,10 @@ index 6bba803f94..1945e04eeb 100644
system_ss.add(files('block-ram-registrar.c'))
diff --git a/block/pbs.c b/block/pbs.c
new file mode 100644
-index 0000000000..aee66c2e93
+index 0000000000..2d5e28ce8f
--- /dev/null
+++ b/block/pbs.c
-@@ -0,0 +1,313 @@
+@@ -0,0 +1,306 @@
+/*
+ * Proxmox Backup Server read-only block driver
+ */
@@ -223,12 +223,6 @@ index 0000000000..aee66c2e93
+ return 0;
+}
+
-+static int pbs_file_open(BlockDriverState *bs, QDict *options, int flags,
-+ Error **errp)
-+{
-+ return pbs_open(bs, options, flags, errp);
-+}
-+
+static void pbs_close(BlockDriverState *bs) {
+ BDRVPBSState *s = bs->opaque;
+ g_free(s->repository);
@@ -336,7 +330,6 @@ index 0000000000..aee66c2e93
+
+ .bdrv_parse_filename = pbs_parse_filename,
+
-+ .bdrv_file_open = pbs_file_open,
+ .bdrv_open = pbs_open,
+ .bdrv_close = pbs_close,
+ .bdrv_co_getlength = pbs_co_getlength,
@@ -355,12 +348,12 @@ index 0000000000..aee66c2e93
+
+block_init(bdrv_pbs_init);
diff --git a/meson.build b/meson.build
-index 6de51c34cb..3bc039f60f 100644
+index 426f382178..7e6130cfdf 100644
--- a/meson.build
+++ b/meson.build
-@@ -4477,7 +4477,7 @@ summary_info += {'bzip2 support': libbzip2}
- summary_info += {'lzfse support': liblzfse}
- summary_info += {'zstd support': zstd}
+@@ -4559,7 +4559,7 @@ summary_info += {'zstd support': zstd}
+ summary_info += {'Query Processing Library support': qpl}
+ summary_info += {'UADK Library support': uadk}
summary_info += {'NUMA host support': numa}
-summary_info += {'capstone': capstone}
+summary_info += {'PBS bdrv support': config_host.has_key('CONFIG_PBS_BDRV')}
@@ -368,7 +361,7 @@ index 6de51c34cb..3bc039f60f 100644
summary_info += {'libdaxctl support': libdaxctl}
summary_info += {'libudev': libudev}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index d05fffce1d..e7cf3d94f3 100644
+index ac83c3495d..fe0eefcea6 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3457,6 +3457,7 @@
@@ -413,7 +406,7 @@ index d05fffce1d..e7cf3d94f3 100644
##
# @BlockdevOptionsNVMe:
#
-@@ -4977,6 +5005,7 @@
+@@ -4978,6 +5006,7 @@
'nfs': 'BlockdevOptionsNfs',
'null-aio': 'BlockdevOptionsNull',
'null-co': 'BlockdevOptionsNull',
diff --git a/debian/patches/pve/0033-PVE-redirect-stderr-to-journal-when-daemonized.patch b/debian/patches/pve/0033-PVE-redirect-stderr-to-journal-when-daemonized.patch
index f564373..a4b4cdf 100644
--- a/debian/patches/pve/0033-PVE-redirect-stderr-to-journal-when-daemonized.patch
+++ b/debian/patches/pve/0033-PVE-redirect-stderr-to-journal-when-daemonized.patch
@@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/meson.build b/meson.build
-index 3bc039f60f..067e8956a7 100644
+index 7e6130cfdf..984f858bdc 100644
--- a/meson.build
+++ b/meson.build
-@@ -1923,6 +1923,7 @@ endif
+@@ -2013,6 +2013,7 @@ endif
has_gettid = cc.has_function('gettid')
libuuid = cc.find_library('uuid', required: true)
@@ -25,7 +25,7 @@ index 3bc039f60f..067e8956a7 100644
libproxmox_backup_qemu = cc.find_library('proxmox_backup_qemu', required: true)
# libselinux
-@@ -3530,7 +3531,7 @@ if have_block
+@@ -3597,7 +3598,7 @@ if have_block
if host_os == 'windows'
system_ss.add(files('os-win32.c'))
else
@@ -35,7 +35,7 @@ index 3bc039f60f..067e8956a7 100644
endif
diff --git a/os-posix.c b/os-posix.c
-index a4284e2c07..197a2120fd 100644
+index 43f9a43f3f..a47e46d1c2 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -29,6 +29,8 @@
@@ -47,7 +47,7 @@ index a4284e2c07..197a2120fd 100644
#include "qemu/error-report.h"
#include "qemu/log.h"
-@@ -302,9 +304,10 @@ void os_setup_post(void)
+@@ -306,9 +308,10 @@ void os_setup_post(void)
dup2(fd, 0);
dup2(fd, 1);
diff --git a/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch b/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
index 388bd04..6377a09 100644
--- a/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
+++ b/debian/patches/pve/0034-PVE-Migrate-dirty-bitmap-state-via-savevm.patch
@@ -26,10 +26,10 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
create mode 100644 migration/pbs-state.c
diff --git a/include/migration/misc.h b/include/migration/misc.h
-index c9e200f4eb..12c99ebc69 100644
+index bfadc5613b..e2e51fcf6b 100644
--- a/include/migration/misc.h
+++ b/include/migration/misc.h
-@@ -117,4 +117,7 @@ bool migration_in_bg_snapshot(void);
+@@ -111,4 +111,7 @@ bool migration_in_bg_snapshot(void);
/* migration/block-dirty-bitmap.c */
void dirty_bitmap_mig_init(void);
@@ -38,25 +38,31 @@ index c9e200f4eb..12c99ebc69 100644
+
#endif
diff --git a/migration/meson.build b/migration/meson.build
-index 800f12a60d..35a4306183 100644
+index 4b0c4f0f51..d039797132 100644
--- a/migration/meson.build
+++ b/migration/meson.build
-@@ -7,7 +7,9 @@ migration_files = files(
- 'vmstate.c',
+@@ -8,6 +8,7 @@ migration_files = files(
'qemu-file.c',
'yank_functions.c',
-+ 'pbs-state.c',
)
+system_ss.add(libproxmox_backup_qemu)
system_ss.add(files(
'block-dirty-bitmap.c',
+@@ -25,6 +26,7 @@ system_ss.add(files(
+ 'multifd-zlib.c',
+ 'multifd-zero-page.c',
+ 'options.c',
++ 'pbs-state.c',
+ 'postcopy-ram.c',
+ 'savevm.c',
+ 'savevm-async.c',
diff --git a/migration/migration.c b/migration/migration.c
-index 86bf76e925..b8d7e471a4 100644
+index ae2be31557..fab4c20ee4 100644
--- a/migration/migration.c
+++ b/migration/migration.c
-@@ -239,6 +239,7 @@ void migration_object_init(void)
- blk_mig_init();
+@@ -263,6 +263,7 @@ void migration_object_init(void)
+
ram_mig_init();
dirty_bitmap_mig_init();
+ pbs_state_mig_init();
@@ -65,7 +71,7 @@ index 86bf76e925..b8d7e471a4 100644
typedef struct {
diff --git a/migration/pbs-state.c b/migration/pbs-state.c
new file mode 100644
-index 0000000000..887e998b9e
+index 0000000000..a97187e4d7
--- /dev/null
+++ b/migration/pbs-state.c
@@ -0,0 +1,104 @@
@@ -114,7 +120,7 @@ index 0000000000..887e998b9e
+}
+
+/* serialize PBS state and send to target via f, called on source */
-+static int pbs_state_save_setup(QEMUFile *f, void *opaque)
++static int pbs_state_save_setup(QEMUFile *f, void *opaque, Error **errp)
+{
+ size_t buf_size;
+ uint8_t *buf = proxmox_export_state(&buf_size);
@@ -174,7 +180,7 @@ index 0000000000..887e998b9e
+ NULL);
+}
diff --git a/pve-backup.c b/pve-backup.c
-index c755bf302b..5ebb6a3947 100644
+index 9f83ecb310..57477f7f2a 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -1085,6 +1085,7 @@ ProxmoxSupportStatus *qmp_query_proxmox_support(Error **errp)
@@ -186,7 +192,7 @@ index c755bf302b..5ebb6a3947 100644
ret->pbs_masterkey = true;
ret->backup_max_workers = true;
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index e7cf3d94f3..282e2e8a8c 100644
+index fe0eefcea6..521a1914e8 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -1004,6 +1004,11 @@
diff --git a/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch b/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch
index 4a5b701..066ad77 100644
--- a/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch
+++ b/debian/patches/pve/0035-migration-block-dirty-bitmap-migrate-other-bitmaps-e.patch
@@ -15,18 +15,21 @@ transferred.
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- migration/block-dirty-bitmap.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ migration/block-dirty-bitmap.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c
-index 2708abf3d7..fb17c01308 100644
+index a7d55048c2..77346a5fa2 100644
--- a/migration/block-dirty-bitmap.c
+++ b/migration/block-dirty-bitmap.c
-@@ -540,7 +540,7 @@ static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs,
+@@ -539,7 +539,10 @@ static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs,
+ }
- if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_DEFAULT, &local_err)) {
- error_report_err(local_err);
+ if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_DEFAULT, errp)) {
- return -1;
++ if (errp != NULL) {
++ error_report_err(*errp);
++ }
+ continue;
}
diff --git a/debian/patches/pve/0036-PVE-fall-back-to-open-iscsi-initiatorname.patch b/debian/patches/pve/0036-PVE-fall-back-to-open-iscsi-initiatorname.patch
index c78bc03..0dc48df 100644
--- a/debian/patches/pve/0036-PVE-fall-back-to-open-iscsi-initiatorname.patch
+++ b/debian/patches/pve/0036-PVE-fall-back-to-open-iscsi-initiatorname.patch
@@ -21,7 +21,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 30 insertions(+)
diff --git a/block/iscsi.c b/block/iscsi.c
-index 2ff14b7472..46f275fbf7 100644
+index 979bf90cb7..961714a4be 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -1392,12 +1392,42 @@ static char *get_initiator_name(QemuOpts *opts)
diff --git a/debian/patches/pve/0038-block-add-alloc-track-driver.patch b/debian/patches/pve/0038-block-add-alloc-track-driver.patch
index d302c8e..a398c56 100644
--- a/debian/patches/pve/0038-block-add-alloc-track-driver.patch
+++ b/debian/patches/pve/0038-block-add-alloc-track-driver.patch
@@ -42,7 +42,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
diff --git a/block/alloc-track.c b/block/alloc-track.c
new file mode 100644
-index 0000000000..b9f8ea9137
+index 0000000000..b4a9851144
--- /dev/null
+++ b/block/alloc-track.c
@@ -0,0 +1,366 @@
@@ -386,7 +386,7 @@ index 0000000000..b9f8ea9137
+ .format_name = "alloc-track",
+ .instance_size = sizeof(BDRVAllocTrackState),
+
-+ .bdrv_file_open = track_open,
++ .bdrv_open = track_open,
+ .bdrv_close = track_close,
+ .bdrv_co_getlength = track_co_getlength,
+ .bdrv_child_perm = track_child_perm,
@@ -413,7 +413,7 @@ index 0000000000..b9f8ea9137
+
+block_init(bdrv_alloc_track_init);
diff --git a/block/meson.build b/block/meson.build
-index 1945e04eeb..2873f3a25a 100644
+index e178047ec9..7ef7250d31 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -2,6 +2,7 @@ block_ss.add(genh)
diff --git a/debian/patches/pve/0039-Revert-block-rbd-workaround-for-ceph-issue-53784.patch b/debian/patches/pve/0039-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
index f99f717..c773c6c 100644
--- a/debian/patches/pve/0039-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
+++ b/debian/patches/pve/0039-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
@@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 2 insertions(+), 40 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
-index 63f60d41be..367db42dce 100644
+index 101ee59d6e..4ad3b1a7b1 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -1515,7 +1515,6 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
diff --git a/debian/patches/pve/0040-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch b/debian/patches/pve/0040-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
index 5ae0bff..dfe5895 100644
--- a/debian/patches/pve/0040-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
+++ b/debian/patches/pve/0040-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
@@ -14,7 +14,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
-index 367db42dce..347b121626 100644
+index 4ad3b1a7b1..e341745255 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -1474,11 +1474,11 @@ static int qemu_rbd_diff_iterate_cb(uint64_t offs, size_t len,
diff --git a/debian/patches/pve/0041-Revert-block-rbd-implement-bdrv_co_block_status.patch b/debian/patches/pve/0041-Revert-block-rbd-implement-bdrv_co_block_status.patch
index 38966fe..596649e 100644
--- a/debian/patches/pve/0041-Revert-block-rbd-implement-bdrv_co_block_status.patch
+++ b/debian/patches/pve/0041-Revert-block-rbd-implement-bdrv_co_block_status.patch
@@ -24,7 +24,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
1 file changed, 112 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
-index 347b121626..e61b359b97 100644
+index e341745255..436d3d7811 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -108,12 +108,6 @@ typedef struct RBDTask {
@@ -152,7 +152,7 @@ index 347b121626..e61b359b97 100644
static int64_t coroutine_fn qemu_rbd_co_getlength(BlockDriverState *bs)
{
BDRVRBDState *s = bs->opaque;
-@@ -1800,7 +1689,6 @@ static BlockDriver bdrv_rbd = {
+@@ -1801,7 +1690,6 @@ static BlockDriver bdrv_rbd = {
#ifdef LIBRBD_SUPPORTS_WRITE_ZEROES
.bdrv_co_pwrite_zeroes = qemu_rbd_co_pwrite_zeroes,
#endif
diff --git a/debian/patches/pve/0042-alloc-track-error-out-when-auto-remove-is-not-set.patch b/debian/patches/pve/0042-alloc-track-error-out-when-auto-remove-is-not-set.patch
index 812026d..c0e323a 100644
--- a/debian/patches/pve/0042-alloc-track-error-out-when-auto-remove-is-not-set.patch
+++ b/debian/patches/pve/0042-alloc-track-error-out-when-auto-remove-is-not-set.patch
@@ -17,7 +17,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/block/alloc-track.c b/block/alloc-track.c
-index b9f8ea9137..f3ed2935c4 100644
+index b4a9851144..fc7d58a5d0 100644
--- a/block/alloc-track.c
+++ b/block/alloc-track.c
@@ -34,7 +34,6 @@ typedef struct {
diff --git a/debian/patches/pve/0043-alloc-track-avoid-seemingly-superfluous-child-permis.patch b/debian/patches/pve/0043-alloc-track-avoid-seemingly-superfluous-child-permis.patch
index 295319c..5e1683b 100644
--- a/debian/patches/pve/0043-alloc-track-avoid-seemingly-superfluous-child-permis.patch
+++ b/debian/patches/pve/0043-alloc-track-avoid-seemingly-superfluous-child-permis.patch
@@ -20,7 +20,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 26 deletions(-)
diff --git a/block/alloc-track.c b/block/alloc-track.c
-index f3ed2935c4..29138dcc49 100644
+index fc7d58a5d0..b56425b7f0 100644
--- a/block/alloc-track.c
+++ b/block/alloc-track.c
@@ -25,15 +25,9 @@
diff --git a/debian/patches/pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch b/debian/patches/pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch
index 0b9717c..3c13f8c 100644
--- a/debian/patches/pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch
+++ b/debian/patches/pve/0044-copy-before-write-allow-specifying-minimum-cluster-s.patch
@@ -108,10 +108,10 @@ index bdc703bacd..77857c6c68 100644
/* Function should be called prior any actual copy request */
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 282e2e8a8c..9caf04cbe9 100644
+index 521a1914e8..171846deb1 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -4926,12 +4926,18 @@
+@@ -4927,12 +4927,18 @@
# @on-cbw-error parameter will decide how this failure is handled.
# Default 0. (Since 7.1)
#
diff --git a/debian/patches/pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch b/debian/patches/pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch
index 267dead..e0ab0b3 100644
--- a/debian/patches/pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch
+++ b/debian/patches/pve/0045-backup-add-minimum-cluster-size-to-performance-optio.patch
@@ -68,10 +68,10 @@ index 01af0cd3c4..dc6cafe7fa 100644
Error **errp);
void bdrv_cbw_drop(BlockDriverState *bs);
diff --git a/blockdev.c b/blockdev.c
-index 1054a69279..cbe224387b 100644
+index 8080c47fa6..3f67eb413d 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -2654,6 +2654,9 @@ static BlockJob *do_backup_common(BackupCommon *backup,
+@@ -2656,6 +2656,9 @@ static BlockJob *do_backup_common(BackupCommon *backup,
if (backup->x_perf->has_max_chunk) {
perf.max_chunk = backup->x_perf->max_chunk;
}
@@ -82,7 +82,7 @@ index 1054a69279..cbe224387b 100644
if ((backup->sync == MIRROR_SYNC_MODE_BITMAP) ||
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 9caf04cbe9..df934647ed 100644
+index 171846deb1..653df22046 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -1790,11 +1790,16 @@
diff --git a/debian/patches/pve/0046-PVE-backup-add-fleecing-option.patch b/debian/patches/pve/0046-PVE-backup-add-fleecing-option.patch
index 2f63bc0..3a70297 100644
--- a/debian/patches/pve/0046-PVE-backup-add-fleecing-option.patch
+++ b/debian/patches/pve/0046-PVE-backup-add-fleecing-option.patch
@@ -80,7 +80,7 @@ index 439a7a14c8..d0e7771dcc 100644
hmp_handle_error(mon, error);
diff --git a/pve-backup.c b/pve-backup.c
-index 5ebb6a3947..a747d12d3d 100644
+index 57477f7f2a..0f098000dd 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -7,9 +7,11 @@
@@ -252,7 +252,7 @@ index 5ebb6a3947..a747d12d3d 100644
+ }
+ BlockDriverState *fleecing_bs = blk_bs(fleecing_blk);
+ if (!bdrv_co_is_inserted(fleecing_bs)) {
-+ error_setg(errp, QERR_DEVICE_HAS_NO_MEDIUM, fleecing_devid);
++ error_setg(errp, "Device '%s' has no medium", fleecing_devid);
+ goto err;
+ }
+ /*
@@ -294,7 +294,7 @@ index 5ebb6a3947..a747d12d3d 100644
return ret;
}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index df934647ed..ff441d4258 100644
+index 653df22046..9f25c398ec 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -948,6 +948,10 @@
diff --git a/debian/patches/pve/0047-PVE-backup-improve-error-when-copy-before-write-fail.patch b/debian/patches/pve/0047-PVE-backup-improve-error-when-copy-before-write-fail.patch
index a57cebd..a7e8986 100644
--- a/debian/patches/pve/0047-PVE-backup-improve-error-when-copy-before-write-fail.patch
+++ b/debian/patches/pve/0047-PVE-backup-improve-error-when-copy-before-write-fail.patch
@@ -96,7 +96,7 @@ index dc6cafe7fa..a27d2d7d9f 100644
#endif /* COPY_BEFORE_WRITE_H */
diff --git a/pve-backup.c b/pve-backup.c
-index a747d12d3d..4e730aa3da 100644
+index 0f098000dd..75da1dc051 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -374,6 +374,15 @@ static void pvebackup_complete_cb(void *opaque, int ret)
diff --git a/debian/patches/pve/0048-PVE-backup-fixup-error-handling-for-fleecing.patch b/debian/patches/pve/0048-PVE-backup-fixup-error-handling-for-fleecing.patch
index dc5e3f1..9a8ac00 100644
--- a/debian/patches/pve/0048-PVE-backup-fixup-error-handling-for-fleecing.patch
+++ b/debian/patches/pve/0048-PVE-backup-fixup-error-handling-for-fleecing.patch
@@ -18,7 +18,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 25 insertions(+), 13 deletions(-)
diff --git a/pve-backup.c b/pve-backup.c
-index 4e730aa3da..c4178758b3 100644
+index 75da1dc051..167f0b5c3f 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -357,22 +357,23 @@ static void coroutine_fn pvebackup_co_complete_stream(void *opaque)
diff --git a/debian/patches/pve/0049-PVE-backup-factor-out-setting-up-snapshot-access-for.patch b/debian/patches/pve/0049-PVE-backup-factor-out-setting-up-snapshot-access-for.patch
index 81ac557..7cac5cb 100644
--- a/debian/patches/pve/0049-PVE-backup-factor-out-setting-up-snapshot-access-for.patch
+++ b/debian/patches/pve/0049-PVE-backup-factor-out-setting-up-snapshot-access-for.patch
@@ -15,7 +15,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 58 insertions(+), 37 deletions(-)
diff --git a/pve-backup.c b/pve-backup.c
-index c4178758b3..051ebffe48 100644
+index 167f0b5c3f..f136d004c4 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -525,6 +525,62 @@ static int coroutine_fn pvebackup_co_add_config(
diff --git a/debian/patches/pve/0050-PVE-backup-save-device-name-in-device-info-structure.patch b/debian/patches/pve/0050-PVE-backup-save-device-name-in-device-info-structure.patch
index 5ad62ca..a854b32 100644
--- a/debian/patches/pve/0050-PVE-backup-save-device-name-in-device-info-structure.patch
+++ b/debian/patches/pve/0050-PVE-backup-save-device-name-in-device-info-structure.patch
@@ -17,7 +17,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/pve-backup.c b/pve-backup.c
-index 051ebffe48..33c23e53c2 100644
+index f136d004c4..8ccb281c8c 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -94,6 +94,7 @@ typedef struct PVEBackupDevInfo {
diff --git a/debian/patches/pve/0051-PVE-backup-include-device-name-in-error-when-setting.patch b/debian/patches/pve/0051-PVE-backup-include-device-name-in-error-when-setting.patch
index dc9c883..bf79355 100644
--- a/debian/patches/pve/0051-PVE-backup-include-device-name-in-error-when-setting.patch
+++ b/debian/patches/pve/0051-PVE-backup-include-device-name-in-error-when-setting.patch
@@ -10,7 +10,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/pve-backup.c b/pve-backup.c
-index 33c23e53c2..d931746453 100644
+index 8ccb281c8c..255465676c 100644
--- a/pve-backup.c
+++ b/pve-backup.c
@@ -626,7 +626,8 @@ static void create_backup_jobs_bh(void *opaque) {
diff --git a/debian/patches/series b/debian/patches/series
index 93c97bf..3b57a3a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,39 +2,6 @@ extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
-extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch
-extra/0006-block-copy-before-write-fix-permission.patch
-extra/0007-block-copy-before-write-support-unligned-snapshot-di.patch
-extra/0008-block-copy-before-write-create-block_copy-bitmap-in-.patch
-extra/0009-qapi-blockdev-backup-add-discard-source-parameter.patch
-extra/0010-hw-virtio-Fix-the-de-initialization-of-vhost-user-de.patch
-extra/0011-target-arm-Use-float_status-copy-in-sme_fmopa_s.patch
-extra/0012-target-arm-Use-FPST_F16-for-SME-FMOPA-widening.patch
-extra/0013-scsi-fix-regression-and-honor-bootindex-again-for-le.patch
-extra/0014-hw-scsi-lsi53c895a-bump-instruction-limit-in-scripts.patch
-extra/0015-block-copy-Fix-missing-graph-lock.patch
-extra/0016-Revert-qemu-char-do-not-operate-on-sources-from-fina.patch
-extra/0017-virtio-pci-Fix-the-use-of-an-uninitialized-irqfd.patch
-extra/0018-virtio-net-Ensure-queue-index-fits-with-RSS.patch
-extra/0019-virtio-net-Fix-network-stall-at-the-host-side-waitin.patch
-extra/0020-net-Reinstate-net-nic-model-help-output-as-documente.patch
-extra/0021-net-Fix-net-nic-model-for-non-help-arguments.patch
-extra/0022-target-arm-Don-t-assert-for-128-bit-tile-accesses-wh.patch
-extra/0023-target-arm-Fix-UMOPA-UMOPS-of-16-bit-values.patch
-extra/0024-target-arm-Avoid-shifts-by-1-in-tszimm_shr-and-tszim.patch
-extra/0025-target-arm-Ignore-SMCR_EL2.LEN-and-SVCR_EL2.LEN-if-E.patch
-extra/0026-target-arm-Handle-denormals-correctly-for-FMOPA-wide.patch
-extra/0027-intel_iommu-fix-FRCD-construction-macro.patch
-extra/0028-target-i386-Do-not-apply-REX-to-MMX-operands.patch
-extra/0029-module-Prevent-crash-by-resetting-local_err-in-modul.patch
-extra/0030-nbd-server-Plumb-in-new-args-to-nbd_client_add.patch
-extra/0031-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch
-extra/0032-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch
-extra/0033-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch
-extra/0034-vnc-fix-crash-when-no-console-attached.patch
-extra/0035-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch
-extra/0036-softmmu-physmem-fix-memory-leak-in-dirty_memory_exte.patch
-extra/0037-block-reqlist-allow-adding-overlapping-requests.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
diff --git a/qemu b/qemu
index 5ebde3b..508081a 160000
--- a/qemu
+++ b/qemu
@@ -1 +1 @@
-Subproject commit 5ebde3b5c00e15f560f73055fac4ab31c0cac6d2
+Subproject commit 508081a49b0d624930ca479b8a27bccdc50bdfb2
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] [PATCH qemu 2/4] async snapshot: code cleanup: use error_setg() helper
2024-11-25 11:00 [pve-devel] [PATCH qemu 0/4] QEMU 9.1.2 Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches to " Fiona Ebner
@ 2024-11-25 11:00 ` Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 3/4] async snapshot: improve error handling for 'savevm-start' QMP command Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 4/4] stable fixes for QEMU 9.1.2 Fiona Ebner
3 siblings, 0 replies; 5+ messages in thread
From: Fiona Ebner @ 2024-11-25 11:00 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...async-for-background-state-snapshots.patch | 23 ++++++++-----------
...add-optional-buffer-size-to-QEMUFile.patch | 8 +++----
2 files changed, 14 insertions(+), 17 deletions(-)
diff --git a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
index f1053f4..1fe4648 100644
--- a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
+++ b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
@@ -37,13 +37,13 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
include/migration/snapshot.h | 2 +
include/monitor/hmp.h | 3 +
migration/meson.build | 1 +
- migration/savevm-async.c | 540 +++++++++++++++++++++++++++++++++++
+ migration/savevm-async.c | 537 +++++++++++++++++++++++++++++++++++
monitor/hmp-cmds.c | 38 +++
qapi/migration.json | 34 +++
qapi/misc.json | 18 ++
qemu-options.hx | 12 +
system/vl.c | 10 +
- 11 files changed, 688 insertions(+)
+ 11 files changed, 685 insertions(+)
create mode 100644 migration/savevm-async.c
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
@@ -141,10 +141,10 @@ index 020127d901..4b0c4f0f51 100644
'threadinfo.c',
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
new file mode 100644
-index 0000000000..4f1ef0ebd8
+index 0000000000..59bb0b57d9
--- /dev/null
+++ b/migration/savevm-async.c
-@@ -0,0 +1,540 @@
+@@ -0,0 +1,537 @@
+#include "qemu/osdep.h"
+#include "migration/channel-savevm-async.h"
+#include "migration/migration.h"
@@ -292,7 +292,7 @@ index 0000000000..4f1ef0ebd8
+ DPRINTF("save_snapshot_error: %s\n", msg);
+
+ if (!snap_state.error) {
-+ error_set(&snap_state.error, ERROR_CLASS_GENERIC_ERROR, "%s", msg);
++ error_setg(&snap_state.error, "%s", msg);
+ }
+
+ g_free (msg);
@@ -483,14 +483,12 @@ index 0000000000..4f1ef0ebd8
+ int bdrv_oflags = BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_NO_FLUSH;
+
+ if (snap_state.state != SAVE_STATE_DONE) {
-+ error_set(errp, ERROR_CLASS_GENERIC_ERROR,
-+ "VM snapshot already started\n");
++ error_setg(errp, "VM snapshot already started\n");
+ return;
+ }
+
+ if (migration_is_running()) {
-+ error_set(errp, ERROR_CLASS_GENERIC_ERROR,
-+ "There's a migration process in progress");
++ error_setg(errp, "There's a migration process in progress");
+ return;
+ }
+
@@ -522,7 +520,7 @@ index 0000000000..4f1ef0ebd8
+ qdict_put_str(options, "driver", "raw");
+ snap_state.target = blk_new_open(statefile, NULL, options, bdrv_oflags, &local_err);
+ if (!snap_state.target) {
-+ error_set(errp, ERROR_CLASS_GENERIC_ERROR, "failed to open '%s'", statefile);
++ error_setg(errp, "failed to open '%s'", statefile);
+ goto restart;
+ }
+
@@ -531,7 +529,7 @@ index 0000000000..4f1ef0ebd8
+ snap_state.file = qemu_file_new_output(ioc);
+
+ if (!snap_state.file) {
-+ error_set(errp, ERROR_CLASS_GENERIC_ERROR, "failed to open '%s'", statefile);
++ error_setg(errp, "failed to open '%s'", statefile);
+ goto restart;
+ }
+
@@ -608,8 +606,7 @@ index 0000000000..4f1ef0ebd8
+void qmp_savevm_end(Error **errp)
+{
+ if (snap_state.state == SAVE_STATE_DONE) {
-+ error_set(errp, ERROR_CLASS_GENERIC_ERROR,
-+ "VM snapshot not started\n");
++ error_setg(errp, "VM snapshot not started\n");
+ return;
+ }
+
diff --git a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
index 176ce0a..cd2e2d2 100644
--- a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
+++ b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
@@ -184,10 +184,10 @@ index 11c2120edd..edf3c5d147 100644
/*
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
-index 4f1ef0ebd8..84e10b2c4c 100644
+index 59bb0b57d9..9a4dd1e4f5 100644
--- a/migration/savevm-async.c
+++ b/migration/savevm-async.c
-@@ -381,7 +381,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
+@@ -379,7 +379,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
QIOChannel *ioc = QIO_CHANNEL(qio_channel_savevm_async_new(snap_state.target,
&snap_state.bs_pos));
@@ -195,8 +195,8 @@ index 4f1ef0ebd8..84e10b2c4c 100644
+ snap_state.file = qemu_file_new_output_sized(ioc, 4 * 1024 * 1024);
if (!snap_state.file) {
- error_set(errp, ERROR_CLASS_GENERIC_ERROR, "failed to open '%s'", statefile);
-@@ -505,7 +505,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
+ error_setg(errp, "failed to open '%s'", statefile);
+@@ -502,7 +502,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
blk_op_block_all(be, blocker);
/* restore the VM state */
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] [PATCH qemu 3/4] async snapshot: improve error handling for 'savevm-start' QMP command
2024-11-25 11:00 [pve-devel] [PATCH qemu 0/4] QEMU 9.1.2 Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches to " Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 2/4] async snapshot: code cleanup: use error_setg() helper Fiona Ebner
@ 2024-11-25 11:00 ` Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 4/4] stable fixes for QEMU 9.1.2 Fiona Ebner
3 siblings, 0 replies; 5+ messages in thread
From: Fiona Ebner @ 2024-11-25 11:00 UTC (permalink / raw)
To: pve-devel
Return values for qemu_savevm_state_setup() and blk_set_aio_context()
now get checked.
Move the qemu_coroutine_create() call to after the new early return
to avoid a potential memory leak.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...async-for-background-state-snapshots.patch | 26 ++++++++++++++-----
...add-optional-buffer-size-to-QEMUFile.patch | 6 ++---
2 files changed, 22 insertions(+), 10 deletions(-)
diff --git a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
index 1fe4648..4e9c6bf 100644
--- a/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
+++ b/debian/patches/pve/0017-PVE-add-savevm-async-for-background-state-snapshots.patch
@@ -37,13 +37,13 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
include/migration/snapshot.h | 2 +
include/monitor/hmp.h | 3 +
migration/meson.build | 1 +
- migration/savevm-async.c | 537 +++++++++++++++++++++++++++++++++++
+ migration/savevm-async.c | 549 +++++++++++++++++++++++++++++++++++
monitor/hmp-cmds.c | 38 +++
qapi/migration.json | 34 +++
qapi/misc.json | 18 ++
qemu-options.hx | 12 +
system/vl.c | 10 +
- 11 files changed, 685 insertions(+)
+ 11 files changed, 697 insertions(+)
create mode 100644 migration/savevm-async.c
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
@@ -141,10 +141,10 @@ index 020127d901..4b0c4f0f51 100644
'threadinfo.c',
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
new file mode 100644
-index 0000000000..59bb0b57d9
+index 0000000000..4c90209188
--- /dev/null
+++ b/migration/savevm-async.c
-@@ -0,0 +1,537 @@
+@@ -0,0 +1,549 @@
+#include "qemu/osdep.h"
+#include "migration/channel-savevm-async.h"
+#include "migration/migration.h"
@@ -167,6 +167,7 @@ index 0000000000..59bb0b57d9
+#include "qapi/qapi-commands-misc.h"
+#include "qapi/qapi-commands-block.h"
+#include "qemu/cutils.h"
++#include "qemu/error-report.h"
+#include "qemu/timer.h"
+#include "qemu/main-loop.h"
+#include "qemu/rcu.h"
@@ -479,6 +480,7 @@ index 0000000000..59bb0b57d9
+ Error *local_err = NULL;
+ MigrationState *ms = migrate_get_current();
+ AioContext *iohandler_ctx = iohandler_get_aio_context();
++ int ret = 0;
+
+ int bdrv_oflags = BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_NO_FLUSH;
+
@@ -549,15 +551,25 @@ index 0000000000..59bb0b57d9
+
+ snap_state.state = SAVE_STATE_ACTIVE;
+ snap_state.finalize_bh = qemu_bh_new(process_savevm_finalize, &snap_state);
-+ snap_state.co = qemu_coroutine_create(&process_savevm_co, NULL);
+ qemu_savevm_state_header(snap_state.file);
-+ qemu_savevm_state_setup(snap_state.file, &local_err);
++ ret = qemu_savevm_state_setup(snap_state.file, &local_err);
++ if (ret != 0) {
++ error_setg_errno(errp, -ret, "savevm state setup failed: %s",
++ local_err ? error_get_pretty(local_err) : "unknown error");
++ return;
++ }
+
+ /* Async processing from here on out happens in iohandler context, so let
+ * the target bdrv have its home there.
+ */
-+ blk_set_aio_context(snap_state.target, iohandler_ctx, &local_err);
++ ret = blk_set_aio_context(snap_state.target, iohandler_ctx, &local_err);
++ if (ret != 0) {
++ warn_report("failed to set iohandler context for VM state target: %s %s",
++ local_err ? error_get_pretty(local_err) : "unknown error",
++ strerror(-ret));
++ }
+
++ snap_state.co = qemu_coroutine_create(&process_savevm_co, NULL);
+ aio_co_schedule(iohandler_ctx, snap_state.co);
+
+ return;
diff --git a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
index cd2e2d2..67d6ba8 100644
--- a/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
+++ b/debian/patches/pve/0018-PVE-add-optional-buffer-size-to-QEMUFile.patch
@@ -184,10 +184,10 @@ index 11c2120edd..edf3c5d147 100644
/*
diff --git a/migration/savevm-async.c b/migration/savevm-async.c
-index 59bb0b57d9..9a4dd1e4f5 100644
+index 4c90209188..eb562d3dcf 100644
--- a/migration/savevm-async.c
+++ b/migration/savevm-async.c
-@@ -379,7 +379,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
+@@ -381,7 +381,7 @@ void qmp_savevm_start(const char *statefile, Error **errp)
QIOChannel *ioc = QIO_CHANNEL(qio_channel_savevm_async_new(snap_state.target,
&snap_state.bs_pos));
@@ -196,7 +196,7 @@ index 59bb0b57d9..9a4dd1e4f5 100644
if (!snap_state.file) {
error_setg(errp, "failed to open '%s'", statefile);
-@@ -502,7 +502,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
+@@ -514,7 +514,8 @@ int load_snapshot_from_blockdev(const char *filename, Error **errp)
blk_op_block_all(be, blocker);
/* restore the VM state */
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] [PATCH qemu 4/4] stable fixes for QEMU 9.1.2
2024-11-25 11:00 [pve-devel] [PATCH qemu 0/4] QEMU 9.1.2 Fiona Ebner
` (2 preceding siblings ...)
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 3/4] async snapshot: improve error handling for 'savevm-start' QMP command Fiona Ebner
@ 2024-11-25 11:00 ` Fiona Ebner
3 siblings, 0 replies; 5+ messages in thread
From: Fiona Ebner @ 2024-11-25 11:00 UTC (permalink / raw)
To: pve-devel
Pick up to stable fixes for virtio-net, one fixing multiqueue
initialization and one fixing potential out-of-bounds access (in the
work_around_broken_dhclient() hack that luckily seems to be
unreachable when 'vhost=on' is used for the device, which Proxmox VE
does except when running a non-native VM arch or if the vhost device
is not available).
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...o-net-Add-queues-before-loading-them.patch | 81 +++++++++++++++++++
...ix-size-check-in-dhclient-workaround.patch | 36 +++++++++
debian/patches/series | 2 +
3 files changed, 119 insertions(+)
create mode 100644 debian/patches/extra/0005-virtio-net-Add-queues-before-loading-them.patch
create mode 100644 debian/patches/extra/0006-virtio-net-Fix-size-check-in-dhclient-workaround.patch
diff --git a/debian/patches/extra/0005-virtio-net-Add-queues-before-loading-them.patch b/debian/patches/extra/0005-virtio-net-Add-queues-before-loading-them.patch
new file mode 100644
index 0000000..7369a49
--- /dev/null
+++ b/debian/patches/extra/0005-virtio-net-Add-queues-before-loading-them.patch
@@ -0,0 +1,81 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki <akihiko.odaki@daynix.com>
+Date: Tue, 22 Oct 2024 15:49:01 +0900
+Subject: [PATCH] virtio-net: Add queues before loading them
+
+Call virtio_net_set_multiqueue() to add queues before loading their
+states. Otherwise the loaded queues will not have handlers and elements
+in them will not be processed.
+
+Cc: qemu-stable@nongnu.org
+Fixes: 8c49756825da ("virtio-net: Add only one queue pair when realizing")
+Reported-by: Laurent Vivier <lvivier@redhat.com>
+Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+Acked-by: Michael S. Tsirkin <mst@redhat.com>
+(picked from https://lore.kernel.org/qemu-devel/20241022-load-v1-1-99df0bff7939@daynix.com/)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/net/virtio-net.c | 10 ++++++++++
+ hw/virtio/virtio.c | 7 +++++++
+ include/hw/virtio/virtio.h | 2 ++
+ 3 files changed, 19 insertions(+)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index ed33a32877..90d05f94d4 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -3032,6 +3032,15 @@ static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue)
+ virtio_net_set_queue_pairs(n);
+ }
+
++static int virtio_net_pre_load_queues(VirtIODevice *vdev)
++{
++ virtio_net_set_multiqueue(VIRTIO_NET(vdev),
++ virtio_has_feature(vdev->guest_features, VIRTIO_NET_F_RSS) ||
++ virtio_has_feature(vdev->guest_features, VIRTIO_NET_F_MQ));
++
++ return 0;
++}
++
+ static int virtio_net_post_load_device(void *opaque, int version_id)
+ {
+ VirtIONet *n = opaque;
+@@ -4010,6 +4019,7 @@ static void virtio_net_class_init(ObjectClass *klass, void *data)
+ vdc->guest_notifier_mask = virtio_net_guest_notifier_mask;
+ vdc->guest_notifier_pending = virtio_net_guest_notifier_pending;
+ vdc->legacy_features |= (0x1 << VIRTIO_NET_F_GSO);
++ vdc->pre_load_queues = virtio_net_pre_load_queues;
+ vdc->post_load = virtio_net_post_load_virtio;
+ vdc->vmsd = &vmstate_virtio_net_device;
+ vdc->primary_unplug_pending = primary_unplug_pending;
+diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
+index 9e10cbc058..10f24a58dd 100644
+--- a/hw/virtio/virtio.c
++++ b/hw/virtio/virtio.c
+@@ -3251,6 +3251,13 @@ virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
+ config_len--;
+ }
+
++ if (vdc->pre_load_queues) {
++ ret = vdc->pre_load_queues(vdev);
++ if (ret) {
++ return ret;
++ }
++ }
++
+ num = qemu_get_be32(f);
+
+ if (num > VIRTIO_QUEUE_MAX) {
+diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
+index 0fcbc5c0c6..953dfca27c 100644
+--- a/include/hw/virtio/virtio.h
++++ b/include/hw/virtio/virtio.h
+@@ -210,6 +210,8 @@ struct VirtioDeviceClass {
+ void (*guest_notifier_mask)(VirtIODevice *vdev, int n, bool mask);
+ int (*start_ioeventfd)(VirtIODevice *vdev);
+ void (*stop_ioeventfd)(VirtIODevice *vdev);
++ /* Called before loading queues. Useful to add queues before loading. */
++ int (*pre_load_queues)(VirtIODevice *vdev);
+ /* Saving and loading of a device; trying to deprecate save/load
+ * use vmsd for new devices.
+ */
diff --git a/debian/patches/extra/0006-virtio-net-Fix-size-check-in-dhclient-workaround.patch b/debian/patches/extra/0006-virtio-net-Fix-size-check-in-dhclient-workaround.patch
new file mode 100644
index 0000000..29df2c1
--- /dev/null
+++ b/debian/patches/extra/0006-virtio-net-Fix-size-check-in-dhclient-workaround.patch
@@ -0,0 +1,36 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki <akihiko.odaki@daynix.com>
+Date: Fri, 22 Nov 2024 14:03:08 +0900
+Subject: [PATCH] virtio-net: Fix size check in dhclient workaround
+
+work_around_broken_dhclient() accesses IP and UDP headers to detect
+relevant packets and to calculate checksums, but it didn't check if
+the packet has size sufficient to accommodate them, causing out-of-bound
+access hazards. Fix this by correcting the size requirement.
+
+Fixes: 1d41b0c1ec66 ("Work around dhclient brokenness")
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+(picked from https://lore.kernel.org/qemu-devel/20241122-queue-v3-2-f2ff03b8dbfd@daynix.com/#t)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/net/virtio-net.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index 90d05f94d4..c1fe457359 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -1692,8 +1692,11 @@ static void virtio_net_hdr_swap(VirtIODevice *vdev, struct virtio_net_hdr *hdr)
+ static void work_around_broken_dhclient(struct virtio_net_hdr *hdr,
+ uint8_t *buf, size_t size)
+ {
++ size_t csum_size = ETH_HLEN + sizeof(struct ip_header) +
++ sizeof(struct udp_header);
++
+ if ((hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && /* missing csum */
+- (size > 27 && size < 1500) && /* normal sized MTU */
++ (size >= csum_size && size < 1500) && /* normal sized MTU */
+ (buf[12] == 0x08 && buf[13] == 0x00) && /* ethertype == IPv4 */
+ (buf[23] == 17) && /* ip.protocol == UDP */
+ (buf[34] == 0 && buf[35] == 67)) { /* udp.srcport == bootps */
diff --git a/debian/patches/series b/debian/patches/series
index 3b57a3a..0b48878 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,6 +2,8 @@ extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
+extra/0005-virtio-net-Add-queues-before-loading-them.patch
+extra/0006-virtio-net-Fix-size-check-in-dhclient-workaround.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-11-25 11:18 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-11-25 11:00 [pve-devel] [PATCH qemu 0/4] QEMU 9.1.2 Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 1/4] update submodule and patches to " Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 2/4] async snapshot: code cleanup: use error_setg() helper Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 3/4] async snapshot: improve error handling for 'savevm-start' QMP command Fiona Ebner
2024-11-25 11:00 ` [pve-devel] [PATCH qemu 4/4] stable fixes for QEMU 9.1.2 Fiona Ebner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox