From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id E72D31FF13A for ; Wed, 27 May 2026 13:02:35 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B40A318CD8; Wed, 27 May 2026 13:02:35 +0200 (CEST) From: Fiona Ebner To: pve-devel@lists.proxmox.com Subject: [PATCH qemu 3/6] update submodule and patches to QEMU 11.0.1 Date: Wed, 27 May 2026 13:00:47 +0200 Message-ID: <20260527110106.287916-4-f.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260527110106.287916-1-f.ebner@proxmox.com> References: <20260527110106.287916-1-f.ebner@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1779879644085 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.116 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LOTSOFHASH 0.25 Emails with lots of hash-like gibberish SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: E723ZKEBDZNFBI62AIGKD6VHUC4XNMYK X-Message-ID-Hash: E723ZKEBDZNFBI62AIGKD6VHUC4XNMYK X-MailFrom: f.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Most notably, patches for fixing the deadlock between trim and drain with IDE/SATA has finally been applied upstream with the following two commits, so the stop-gap patch "ide: avoid potential deadlock when draining during trim" can be dropped: 6e5b03431b ide: Minimal fix for deadlock between TRIM and drain 5044ebfad8 ide: Clean up ide_trim_co_entry() to be idiomatic coroutine code Signed-off-by: Fiona Ebner --- ...d-support-for-sync-bitmap-mode-never.patch | 6 +- ...-support-for-conditional-and-always-.patch | 2 +- ...-to-bdrv_dirty_bitmap_merge_internal.patch | 2 +- .../0006-mirror-move-some-checks-to-qmp.patch | 2 +- ...-to-bounce-buffer-if-BLKZEROOUT-is-.patch} | 0 ...ial-deadlock-when-draining-during-tr.patch | 100 ------------------ ...oid-idle-event-loop-being-accounted.patch} | 0 ...-fix-regression-when-mmap-ing-expor.patch} | 0 ...-fix-regression-with-block-device-e.patch} | 0 ...fix-decoding-of-MOVBE-and-CRC32-in-1.patch | 84 --------------- ...-accidentally-autofree-existing-virg.patch | 59 ----------- ...store-IRQ-polling-for-non-kernel-irq.patch | 47 -------- ...strList-leak-in-x86_cpu_get_unavaila.patch | 36 ------- ...-missing-PF_INSTR-in-SIGSEGV-context.patch | 43 -------- ...e_save_state_v-fix-double-error_setg.patch | 46 -------- ...add-the-zeroinit-block-driver-filter.patch | 4 +- ...le-posix-make-locking-optiono-on-cre.patch | 6 +- ...VE-Backup-add-vma-backup-format-code.patch | 6 +- ...ckup-Proxmox-backup-patches-for-QEMU.patch | 6 +- ...estore-new-command-to-restore-from-p.patch | 4 +- ...k-driver-to-map-backup-archives-into.patch | 8 +- ...ct-stderr-to-journal-when-daemonized.patch | 6 +- ...igrate-dirty-bitmap-state-via-savevm.patch | 4 +- .../0037-block-add-alloc-track-driver.patch | 4 +- .../0038-PVE-backup-add-fleecing-option.patch | 2 +- ...ment-backup-access-setup-and-teardow.patch | 2 +- ...se-migration-blocker-check-for-snaps.patch | 2 +- debian/patches/series | 15 +-- qemu | 2 +- 29 files changed, 38 insertions(+), 460 deletions(-) rename debian/patches/extra/{0003-block-io-fallback-to-bounce-buffer-if-BLKZEROOUT-is-.patch => 0002-block-io-fallback-to-bounce-buffer-if-BLKZEROOUT-is-.patch} (100%) delete mode 100644 debian/patches/extra/0002-ide-avoid-potential-deadlock-when-draining-during-tr.patch rename debian/patches/extra/{0004-fdmon-io_uring-avoid-idle-event-loop-being-accounted.patch => 0003-fdmon-io_uring-avoid-idle-event-loop-being-accounted.patch} (100%) rename debian/patches/extra/{0011-block-export-fuse-fix-regression-when-mmap-ing-expor.patch => 0004-block-export-fuse-fix-regression-when-mmap-ing-expor.patch} (100%) rename debian/patches/extra/{0012-block-export-fuse-fix-regression-with-block-device-e.patch => 0005-block-export-fuse-fix-regression-with-block-device-e.patch} (100%) delete mode 100644 debian/patches/extra/0005-target-i386-tcg-fix-decoding-of-MOVBE-and-CRC32-in-1.patch delete mode 100644 debian/patches/extra/0006-hw-display-don-t-accidentally-autofree-existing-virg.patch delete mode 100644 debian/patches/extra/0007-hw-i386-vapic-restore-IRQ-polling-for-non-kernel-irq.patch delete mode 100644 debian/patches/extra/0008-target-i386-fix-strList-leak-in-x86_cpu_get_unavaila.patch delete mode 100644 debian/patches/extra/0009-target-i386-fix-missing-PF_INSTR-in-SIGSEGV-context.patch delete mode 100644 debian/patches/extra/0010-migration-vmstate_save_state_v-fix-double-error_setg.patch diff --git a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch index 8f196da9e2..0fb45d16e0 100644 --- a/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch +++ b/debian/patches/bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch @@ -38,7 +38,7 @@ Signed-off-by: Fiona Ebner 5 files changed, 135 insertions(+), 21 deletions(-) diff --git a/block/mirror.c b/block/mirror.c -index 2fcded9e93..f34b5fe733 100644 +index 089856f4a8..e6f645e0f2 100644 --- a/block/mirror.c +++ b/block/mirror.c @@ -74,6 +74,8 @@ typedef struct MirrorBlockJob { @@ -333,7 +333,7 @@ index e7c8f1a856..d5aa68caeb 100644 BlockdevOnError on_source_error, BlockdevOnError on_target_error, diff --git a/qapi/block-core.json b/qapi/block-core.json -index 508b081ac1..496118bdc7 100644 +index 0efd51787b..50a0af3569 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2280,6 +2280,15 @@ @@ -390,7 +390,7 @@ index 508b081ac1..496118bdc7 100644 '*buf-size': 'int', '*on-source-error': 'BlockdevOnError', '*on-target-error': 'BlockdevOnError', diff --git a/tests/unit/test-block-iothread.c b/tests/unit/test-block-iothread.c -index e26b3be593..396a53a757 100644 +index 5273ff235a..7055d32686 100644 --- a/tests/unit/test-block-iothread.c +++ b/tests/unit/test-block-iothread.c @@ -755,8 +755,8 @@ static void test_propagate_mirror(void) diff --git a/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch b/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch index 2c030dc751..468bd94bc5 100644 --- a/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch +++ b/debian/patches/bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch @@ -24,7 +24,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/block/mirror.c b/block/mirror.c -index f34b5fe733..67d85799f4 100644 +index e6f645e0f2..414737045f 100644 --- a/block/mirror.c +++ b/block/mirror.c @@ -735,8 +735,6 @@ static int mirror_exit_common(Job *job) diff --git a/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch b/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch index faef2cc4b9..5215b95855 100644 --- a/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch +++ b/debian/patches/bitmap-mirror/0004-mirror-switch-to-bdrv_dirty_bitmap_merge_internal.patch @@ -16,7 +16,7 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/block/mirror.c b/block/mirror.c -index 67d85799f4..b88e8b4c51 100644 +index 414737045f..0f56ad1f54 100644 --- a/block/mirror.c +++ b/block/mirror.c @@ -856,8 +856,8 @@ static int mirror_exit_common(Job *job) diff --git a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch index 9223eefaa5..98c3f7b93d 100644 --- a/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch +++ b/debian/patches/bitmap-mirror/0006-mirror-move-some-checks-to-qmp.patch @@ -21,7 +21,7 @@ Signed-off-by: Fiona Ebner 3 files changed, 70 insertions(+), 59 deletions(-) diff --git a/block/mirror.c b/block/mirror.c -index b88e8b4c51..1e143ccab1 100644 +index 0f56ad1f54..75563e6e75 100644 --- a/block/mirror.c +++ b/block/mirror.c @@ -1885,31 +1885,13 @@ static BlockJob *mirror_start_job( diff --git a/debian/patches/extra/0003-block-io-fallback-to-bounce-buffer-if-BLKZEROOUT-is-.patch b/debian/patches/extra/0002-block-io-fallback-to-bounce-buffer-if-BLKZEROOUT-is-.patch similarity index 100% rename from debian/patches/extra/0003-block-io-fallback-to-bounce-buffer-if-BLKZEROOUT-is-.patch rename to debian/patches/extra/0002-block-io-fallback-to-bounce-buffer-if-BLKZEROOUT-is-.patch diff --git a/debian/patches/extra/0002-ide-avoid-potential-deadlock-when-draining-during-tr.patch b/debian/patches/extra/0002-ide-avoid-potential-deadlock-when-draining-during-tr.patch deleted file mode 100644 index 04271fe4fe..0000000000 --- a/debian/patches/extra/0002-ide-avoid-potential-deadlock-when-draining-during-tr.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Fiona Ebner -Date: Tue, 7 Mar 2023 15:03:02 +0100 -Subject: [PATCH] ide: avoid potential deadlock when draining during trim -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The deadlock can happen as follows: -1. ide_issue_trim is called, and increments the in_flight counter. -2. ide_issue_trim_cb calls blk_aio_pdiscard. -3. Somebody else starts draining (e.g. backup to insert the cbw node). -4. ide_issue_trim_cb is called as the completion callback for - blk_aio_pdiscard. -5. ide_issue_trim_cb issues yet another blk_aio_pdiscard request. -6. The request is added to the wait queue via blk_wait_while_drained, - because draining has been started. -7. Nobody ever decrements the in_flight counter and draining can't - finish. This would be done by ide_trim_bh_cb, which is called after - ide_issue_trim_cb has issued its last request, but - ide_issue_trim_cb is not called anymore, because it's the - completion callback of blk_aio_pdiscard, which waits on draining. - -Quoting Hanna Czenczek: -> The point of 7e5cdb345f was that we need any in-flight count to -> accompany a set s->bus->dma->aiocb. While blk_aio_pdiscard() is -> happening, we don’t necessarily need another count. But we do need -> it while there is no blk_aio_pdiscard(). -> ide_issue_trim_cb() returns in two cases (and, recursively through -> its callers, leaves s->bus->dma->aiocb set): -> 1. After calling blk_aio_pdiscard(), which will keep an in-flight -> count, -> 2. After calling replay_bh_schedule_event() (i.e. -> qemu_bh_schedule()), which does not keep an in-flight count. - -Thus, even after moving the blk_inc_in_flight to above the -replay_bh_schedule_event call, the invariant "ide_issue_trim_cb -returns with an accompanying in-flight count" is still satisfied. - -However, the issue 7e5cdb345f fixed for canceling resurfaces, because -ide_cancel_dma_sync assumes that it just needs to drain once. But now -the in_flight count is not consistently > 0 during the trim operation. -So, change it to drain until !s->bus->dma->aiocb, which means that the -operation finished (s->bus->dma->aiocb is cleared by ide_set_inactive -via the ide_dma_cb when the end of the transfer is reached). - -Discussion here: -https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg02506.html - -Fixes: 7e5cdb345f ("ide: Increment BB in-flight counter for TRIM BH") -Suggested-by: Hanna Czenczek -Signed-off-by: Fiona Ebner ---- - hw/ide/core.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/hw/ide/core.c b/hw/ide/core.c -index 7a15d6cac9..db44d83f57 100644 ---- a/hw/ide/core.c -+++ b/hw/ide/core.c -@@ -456,7 +456,7 @@ static void ide_trim_bh_cb(void *opaque) - iocb->bh = NULL; - qemu_aio_unref(iocb); - -- /* Paired with an increment in ide_issue_trim() */ -+ /* Paired with an increment in ide_issue_trim_cb() */ - blk_dec_in_flight(blk); - } - -@@ -516,6 +516,8 @@ static void ide_issue_trim_cb(void *opaque, int ret) - done: - iocb->aiocb = NULL; - if (iocb->bh) { -+ /* Paired with a decrement in ide_trim_bh_cb() */ -+ blk_inc_in_flight(s->blk); - replay_bh_schedule_event(iocb->bh); - } - } -@@ -528,9 +530,6 @@ BlockAIOCB *ide_issue_trim( - IDEDevice *dev = s->unit ? s->bus->slave : s->bus->master; - TrimAIOCB *iocb; - -- /* Paired with a decrement in ide_trim_bh_cb() */ -- blk_inc_in_flight(s->blk); -- - iocb = blk_aio_get(&trim_aiocb_info, s->blk, cb, cb_opaque); - iocb->s = s; - iocb->bh = qemu_bh_new_guarded(ide_trim_bh_cb, iocb, -@@ -754,8 +753,9 @@ void ide_cancel_dma_sync(IDEState *s) - */ - if (s->bus->dma->aiocb) { - trace_ide_cancel_dma_sync_remaining(); -- blk_drain(s->blk); -- assert(s->bus->dma->aiocb == NULL); -+ while (s->bus->dma->aiocb) { -+ blk_drain(s->blk); -+ } - } - } - diff --git a/debian/patches/extra/0004-fdmon-io_uring-avoid-idle-event-loop-being-accounted.patch b/debian/patches/extra/0003-fdmon-io_uring-avoid-idle-event-loop-being-accounted.patch similarity index 100% rename from debian/patches/extra/0004-fdmon-io_uring-avoid-idle-event-loop-being-accounted.patch rename to debian/patches/extra/0003-fdmon-io_uring-avoid-idle-event-loop-being-accounted.patch diff --git a/debian/patches/extra/0011-block-export-fuse-fix-regression-when-mmap-ing-expor.patch b/debian/patches/extra/0004-block-export-fuse-fix-regression-when-mmap-ing-expor.patch similarity index 100% rename from debian/patches/extra/0011-block-export-fuse-fix-regression-when-mmap-ing-expor.patch rename to debian/patches/extra/0004-block-export-fuse-fix-regression-when-mmap-ing-expor.patch diff --git a/debian/patches/extra/0012-block-export-fuse-fix-regression-with-block-device-e.patch b/debian/patches/extra/0005-block-export-fuse-fix-regression-with-block-device-e.patch similarity index 100% rename from debian/patches/extra/0012-block-export-fuse-fix-regression-with-block-device-e.patch rename to debian/patches/extra/0005-block-export-fuse-fix-regression-with-block-device-e.patch diff --git a/debian/patches/extra/0005-target-i386-tcg-fix-decoding-of-MOVBE-and-CRC32-in-1.patch b/debian/patches/extra/0005-target-i386-tcg-fix-decoding-of-MOVBE-and-CRC32-in-1.patch deleted file mode 100644 index 9874c26972..0000000000 --- a/debian/patches/extra/0005-target-i386-tcg-fix-decoding-of-MOVBE-and-CRC32-in-1.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini -Date: Tue, 31 Mar 2026 08:32:23 +0200 -Subject: [PATCH] target/i386/tcg: fix decoding of MOVBE and CRC32 in 16-bit - mode - -Table A-4 of the SDM shows - - F0 F1 --------------------------------------------------------- - NP MOVBE Gy,My MOVBE My,Gy - 66 MOVBE Gw,Mw MOVBW Mw,Gw - F2 CRC32 Gd,Eb CRC32 Gd,Ey - 66+F2 CRC32 Gd,Eb CRC32 Gd,Ew - -However, this is incorrect. Both MOVBE and (for 0xF1) CRC32 -take Gv, Ev or Mv operands. In 16-bit mode therefore the -operand is of 16-bit size without prefix and 32-bit mode -with 0x66 (the data size override). - -For example, with NASM you get: - - bits 16 - 67 0F 38 F0 02 movbe ax, [edx] - 66 67 0F 38 F0 02 movbe eax, [edx] - - 67 F2 0F 38 F1 02 crc32 ax, word [edx] - 66 67 F2 0F 38 F1 02 crc32 eax, dword [edx] - -versus - - bits 32 - 66 0F 38 F0 02 movbe ax, [edx] - 0F 38 F0 02 movbe eax, [edx] - - 66 F2 0F 38 F1 02 crc32 eax, word [edx] - F2 0F 38 F1 02 crc32 eax, dword [edx] - -The instruction is listed correctly in the APX documentation -as "SCALABLE" (which means it has v-size operands). - -Cc: qemu-stable@nongnu.org -Reviewed-by: Richard Henderson -Signed-off-by: Paolo Bonzini -(cherry picked from commit 76ad26dd172d27aae9f1e76d1165b497167c36c2) -Signed-off-by: Fiona Ebner ---- - target/i386/tcg/decode-new.c.inc | 16 ++++++++++------ - 1 file changed, 10 insertions(+), 6 deletions(-) - -diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc -index bc105aab9e..c8b5bd6ad2 100644 ---- a/target/i386/tcg/decode-new.c.inc -+++ b/target/i386/tcg/decode-new.c.inc -@@ -875,19 +875,23 @@ static const X86OpEntry opcodes_0F38_00toEF[240] = { - - /* five rows for no prefix, 66, F3, F2, 66+F2 */ - static const X86OpEntry opcodes_0F38_F0toFF[16][5] = { -+ /* -+ * MOVBE and CRC32 are incorrectly listed as always doing 32-bit operation -+ * without prefix and 16-bit operation with 0x66. -+ */ - [0] = { -- X86_OP_ENTRYwr(MOVBE, G,y, M,y, cpuid(MOVBE)), -- X86_OP_ENTRYwr(MOVBE, G,w, M,w, cpuid(MOVBE)), -+ X86_OP_ENTRYwr(MOVBE, G,v, M,v, cpuid(MOVBE)), -+ X86_OP_ENTRYwr(MOVBE, G,v, M,v, cpuid(MOVBE)), - {}, - X86_OP_ENTRY2(CRC32, G,d, E,b, cpuid(SSE42)), - X86_OP_ENTRY2(CRC32, G,d, E,b, cpuid(SSE42)), - }, - [1] = { -- X86_OP_ENTRYwr(MOVBE, M,y, G,y, cpuid(MOVBE)), -- X86_OP_ENTRYwr(MOVBE, M,w, G,w, cpuid(MOVBE)), -+ X86_OP_ENTRYwr(MOVBE, M,v, G,v, cpuid(MOVBE)), -+ X86_OP_ENTRYwr(MOVBE, M,v, G,v, cpuid(MOVBE)), - {}, -- X86_OP_ENTRY2(CRC32, G,d, E,y, cpuid(SSE42)), -- X86_OP_ENTRY2(CRC32, G,d, E,w, cpuid(SSE42)), -+ X86_OP_ENTRY2(CRC32, G,d, E,v, cpuid(SSE42)), -+ X86_OP_ENTRY2(CRC32, G,d, E,v, cpuid(SSE42)), - }, - [2] = { - X86_OP_ENTRY3(ANDN, G,y, B,y, E,y, vex13 cpuid(BMI1)), diff --git a/debian/patches/extra/0006-hw-display-don-t-accidentally-autofree-existing-virg.patch b/debian/patches/extra/0006-hw-display-don-t-accidentally-autofree-existing-virg.patch deleted file mode 100644 index b8f224e9be..0000000000 --- a/debian/patches/extra/0006-hw-display-don-t-accidentally-autofree-existing-virg.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Alex=20Benn=C3=A9e?= -Date: Fri, 17 Apr 2026 13:27:03 +0100 -Subject: [PATCH] hw/display: don't accidentally autofree existing virgl - resources -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -While sanity checking a create blob operation the use of the auto -freed res variable could lead to inadvertently freeing an existing -blob. - -Avoid this by in-lining the virtio_gpu_virgl_find_resource() check as -the value is not needed anyway. - -While at it add a comment to the end and use g_steal_pointer to make -it clearer the object lifetime exceeds the function bounds if we pass -all the checks. - -Fixes: CVE-2026-6502 -Fixes: 7c092f17cce (virtio-gpu: Handle resource blob commands) -Message-ID: 20260417094443.785462-1-alex.bennee@linaro.org -Reviewed-by: Manos Pitsidianakis -Cc: qemu-stable@nongnu.org -Message-ID: <20260417122703.845442-1-alex.bennee@linaro.org> -Signed-off-by: Alex Bennée -Reviewed-by: Dmitry Osipenko -(cherry picked from commit 30fad722ce68316d22b926ba0e6017f0440465df) -Signed-off-by: Fiona Ebner ---- - hw/display/virtio-gpu-virgl.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/hw/display/virtio-gpu-virgl.c b/hw/display/virtio-gpu-virgl.c -index b7a2d160dd..add85bd4e6 100644 ---- a/hw/display/virtio-gpu-virgl.c -+++ b/hw/display/virtio-gpu-virgl.c -@@ -830,8 +830,7 @@ static void virgl_cmd_resource_create_blob(VirtIOGPU *g, - return; - } - -- res = virtio_gpu_virgl_find_resource(g, cblob.resource_id); -- if (res) { -+ if (virtio_gpu_virgl_find_resource(g, cblob.resource_id)) { - qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", - __func__, cblob.resource_id); - cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; -@@ -884,8 +883,9 @@ static void virgl_cmd_resource_create_blob(VirtIOGPU *g, - - res->base.dmabuf_fd = info.fd; - -+ /* Now live, cleaned up in virtio_gpu_virgl_resource_unref */ - QTAILQ_INSERT_HEAD(&g->reslist, &res->base, next); -- res = NULL; -+ g_steal_pointer(&res); - } - - static void virgl_cmd_resource_map_blob(VirtIOGPU *g, diff --git a/debian/patches/extra/0007-hw-i386-vapic-restore-IRQ-polling-for-non-kernel-irq.patch b/debian/patches/extra/0007-hw-i386-vapic-restore-IRQ-polling-for-non-kernel-irq.patch deleted file mode 100644 index 88f899f85f..0000000000 --- a/debian/patches/extra/0007-hw-i386-vapic-restore-IRQ-polling-for-non-kernel-irq.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: rickgcn -Date: Sat, 18 Apr 2026 14:14:29 +0800 -Subject: [PATCH] hw: i386: vapic: restore IRQ polling for non-kernel irqchip - backends - -69dfc078 extended vAPIC handling for WHPX with user-mode irqchip, but it -also changed vapic_write() case 4 in a way that excludes TCG from -apic_poll_irq(). - -Before that change, IRQ polling happened whenever no in-kernel irqchip -was active. After the change, it only happened for KVM or WHPX with a -user-mode irqchip. Under TCG, both kvm_enabled() and whpx_enabled() are -false, so the poll never happens. - -This regresses 32-bit Windows XP guests on a Windows host with --machine pc-i440fx-10.0,accel=tcg, causing a STOP 0x0000000A during boot. - -Fix it by making the decision depend on whether KVM or WHPX is using an -in-kernel irqchip, instead of whether either accelerator is enabled. - -Fixes: 69dfc078a6f0 ("hw: i386: vapic: enable on WHPX with user-mode irqchip") - -Signed-off-by: rickgcn -Link: https://lore.kernel.org/r/20260418061429.16898-1-rickgcn@gmail.com -Cc: qemu-stable@nongnu.org -Signed-off-by: Paolo Bonzini -(cherry picked from commit c906c2337058bd467e6ac0176c2966d1eeb6f8f5) -Signed-off-by: Fiona Ebner ---- - hw/i386/vapic.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/hw/i386/vapic.c b/hw/i386/vapic.c -index 41e5ca26df..1acb9f91b2 100644 ---- a/hw/i386/vapic.c -+++ b/hw/i386/vapic.c -@@ -716,8 +716,7 @@ static void vapic_write(void *opaque, hwaddr addr, uint64_t data, - break; - default: - case 4: -- if ((kvm_enabled() && !kvm_irqchip_in_kernel()) -- || (whpx_enabled() && !whpx_irqchip_in_kernel())) { -+ if (!kvm_irqchip_in_kernel() && !whpx_irqchip_in_kernel()) { - apic_poll_irq(cpu->apic_state); - } - break; diff --git a/debian/patches/extra/0008-target-i386-fix-strList-leak-in-x86_cpu_get_unavaila.patch b/debian/patches/extra/0008-target-i386-fix-strList-leak-in-x86_cpu_get_unavaila.patch deleted file mode 100644 index a9975bbb3b..0000000000 --- a/debian/patches/extra/0008-target-i386-fix-strList-leak-in-x86_cpu_get_unavaila.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Mon, 13 Apr 2026 16:50:40 +0400 -Subject: [PATCH] target/i386: fix strList leak in - x86_cpu_get_unavailable_features -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The result list built by x86_cpu_list_feature_names() was never freed -after being visited, causing a memory leak detected by ASan. -(the getter visitor is VISITOR_OUTPUT kind and doesn't own data) - -Fixes: 506174bf8219 ("i386: "unavailable-features" QOM property") -Signed-off-by: Marc-André Lureau -Link: https://lore.kernel.org/r/20260413125040.3842686-1-marcandre.lureau@redhat.com -Cc: qemu-stable@nongnu.org -Signed-off-by: Paolo Bonzini -(cherry picked from commit 87e1226e6f6844845ac407d50198d84205e7ed7f) -Signed-off-by: Fiona Ebner ---- - target/i386/cpu.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/target/i386/cpu.c b/target/i386/cpu.c -index c6fd1dc00e..9d126600c0 100644 ---- a/target/i386/cpu.c -+++ b/target/i386/cpu.c -@@ -7842,6 +7842,7 @@ static void x86_cpu_get_unavailable_features(Object *obj, Visitor *v, - - x86_cpu_list_feature_names(xc->filtered_features, &result); - visit_type_strList(v, "unavailable-features", &result, errp); -+ qapi_free_strList(result); - } - - /* Print all cpuid feature names in featureset diff --git a/debian/patches/extra/0009-target-i386-fix-missing-PF_INSTR-in-SIGSEGV-context.patch b/debian/patches/extra/0009-target-i386-fix-missing-PF_INSTR-in-SIGSEGV-context.patch deleted file mode 100644 index dfa3f4c20a..0000000000 --- a/debian/patches/extra/0009-target-i386-fix-missing-PF_INSTR-in-SIGSEGV-context.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Simon Scherer -Date: Mon, 13 Apr 2026 13:56:22 +0200 -Subject: [PATCH] target/i386: fix missing PF_INSTR in SIGSEGV context - -When running linux-user emulation, the SIGSEGV handler does not -correctly set the 4th bit (PF_INSTR) in the error_code variable of -the context argument (context->uc_mcontext.gregs[REG_ERR]). - -Because this bit is never set, guest applications cannot distinguish -if a fault was due to missing executable permissions. This patch -ensures that when a page fault occurs during an instruction fetch, -the PF_INSTR flag is properly populated in the signal context. - -Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3384 -Signed-off-by: Simon Scherer -Link: https://lore.kernel.org/r/20260413115622.160212-1-scherer.simon89@gmail.com -Cc: qemu-stable@nongnu.org -Signed-off-by: Paolo Bonzini -(cherry picked from commit 3eae91a8b93a35f194a39ab5b894ae405def9270) -Signed-off-by: Fiona Ebner ---- - target/i386/tcg/user/excp_helper.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/target/i386/tcg/user/excp_helper.c b/target/i386/tcg/user/excp_helper.c -index 98fab4cbc3..6c5df5e0e8 100644 ---- a/target/i386/tcg/user/excp_helper.c -+++ b/target/i386/tcg/user/excp_helper.c -@@ -36,9 +36,10 @@ void x86_cpu_record_sigsegv(CPUState *cs, vaddr addr, - * signal and set exception_index to EXCP_INTERRUPT. - */ - env->cr[2] = addr; -- env->error_code = ((access_type == MMU_DATA_STORE) << PG_ERROR_W_BIT) -- | (maperr ? 0 : PG_ERROR_P_MASK) -- | PG_ERROR_U_MASK; -+ env->error_code = (maperr ? 0 : PG_ERROR_P_MASK) -+ | ((access_type == MMU_DATA_STORE) << PG_ERROR_W_BIT) -+ | PG_ERROR_U_MASK -+ | ((access_type == MMU_INST_FETCH) ? PG_ERROR_I_D_MASK : 0); - cs->exception_index = EXCP0E_PAGE; - - /* Disable do_interrupt_user. */ diff --git a/debian/patches/extra/0010-migration-vmstate_save_state_v-fix-double-error_setg.patch b/debian/patches/extra/0010-migration-vmstate_save_state_v-fix-double-error_setg.patch deleted file mode 100644 index a4faa8635c..0000000000 --- a/debian/patches/extra/0010-migration-vmstate_save_state_v-fix-double-error_setg.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Vladimir Sementsov-Ogievskiy -Date: Thu, 5 Mar 2026 00:22:45 +0300 -Subject: [PATCH] migration: vmstate_save_state_v: fix double error_setg - -We may call error_setg twice on same errp if inner -vmstate_save_state_v() or vmstate_save_state() call fails. Next we will -crash on assertion in error_setv(). - -Fixes: 848a0503422d043 "migration: Update error description outside migration.c" -Signed-off-by: Vladimir Sementsov-Ogievskiy -Reviewed-by: Fabiano Rosas -Reviewed-by: Peter Xu -Link: https://lore.kernel.org/qemu-devel/20260304212303.667141-2-vsementsov@yandex-team.ru -Signed-off-by: Fabiano Rosas -(cherry picked from commit d41ce10d0f5a3d6e497e4b75807a8e675033c597) -Signed-off-by: Fiona Ebner ---- - migration/vmstate.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/migration/vmstate.c b/migration/vmstate.c -index 4d28364f7b..fccd030dfd 100644 ---- a/migration/vmstate.c -+++ b/migration/vmstate.c -@@ -539,6 +539,9 @@ int vmstate_save_state_v(QEMUFile *f, const VMStateDescription *vmsd, - } else { - ret = inner_field->info->put(f, curr_elem, size, - inner_field, vmdesc_loop); -+ if (ret < 0) { -+ error_setg(errp, "put failed"); -+ } - } - - written_bytes = qemu_file_transferred(f) - old_offset; -@@ -551,8 +554,8 @@ int vmstate_save_state_v(QEMUFile *f, const VMStateDescription *vmsd, - } - - if (ret) { -- error_setg(errp, "Save of field %s/%s failed", -- vmsd->name, field->name); -+ error_prepend(errp, "Save of field %s/%s failed: ", -+ vmsd->name, field->name); - if (vmsd->post_save) { - vmsd->post_save(opaque); - } diff --git a/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch b/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch index 76e5fcce71..52e7ed9c50 100644 --- a/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch +++ b/debian/patches/pve/0019-PVE-block-add-the-zeroinit-block-driver-filter.patch @@ -247,7 +247,7 @@ index 0000000000..036edb17f5 + +block_init(bdrv_zeroinit_init); diff --git a/qapi/block-core.json b/qapi/block-core.json -index 496118bdc7..f0f225a3c2 100644 +index 50a0af3569..4e8bc65bdb 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -3381,7 +3381,7 @@ @@ -259,7 +259,7 @@ index 496118bdc7..f0f225a3c2 100644 ## # @BlockdevOptionsFile: -@@ -4936,7 +4936,8 @@ +@@ -4940,7 +4940,8 @@ 'if': 'CONFIG_BLKIO' }, 'vmdk': 'BlockdevOptionsGenericCOWFormat', 'vpc': 'BlockdevOptionsGenericFormat', diff --git a/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch b/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch index 0701eb7265..f63cc7b27b 100644 --- a/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch +++ b/debian/patches/pve/0022-PVE-Up-Config-file-posix-make-locking-optiono-on-cre.patch @@ -119,10 +119,10 @@ index 328ddaa3bd..5fd49844af 100644 }; return raw_co_create(&options, errp); diff --git a/qapi/block-core.json b/qapi/block-core.json -index f0f225a3c2..0c00aabbab 100644 +index 4e8bc65bdb..d5a2bbcff1 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json -@@ -5155,6 +5155,10 @@ +@@ -5159,6 +5159,10 @@ # @extent-size-hint: Extent size hint to add to the image file; 0 for # not adding an extent size hint (default: 1 MB, since 5.1) # @@ -133,7 +133,7 @@ index f0f225a3c2..0c00aabbab 100644 # Since: 2.12 ## { 'struct': 'BlockdevCreateOptionsFile', -@@ -5162,7 +5166,8 @@ +@@ -5166,7 +5170,8 @@ 'size': 'size', '*preallocation': 'PreallocMode', '*nocow': 'bool', diff --git a/debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch b/debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch index d116ae3569..814b939bed 100644 --- a/debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch +++ b/debian/patches/pve/0026-PVE-Backup-add-vma-backup-format-code.patch @@ -40,10 +40,10 @@ index a21d9a5411..1373612c10 100644 system_ss.add(files('block-ram-registrar.c')) diff --git a/meson.build b/meson.build -index ab3e97eb9f..f747bc3cb2 100644 +index 51f5f2851a..a88b007017 100644 --- a/meson.build +++ b/meson.build -@@ -2149,6 +2149,8 @@ endif +@@ -2155,6 +2155,8 @@ endif has_gettid = cc.has_function('gettid') @@ -52,7 +52,7 @@ index ab3e97eb9f..f747bc3cb2 100644 # libselinux selinux = dependency('libselinux', required: get_option('selinux'), -@@ -4517,6 +4519,9 @@ if have_tools +@@ -4523,6 +4525,9 @@ if have_tools dependencies: [blockdev, qemuutil, selinux], install: true) diff --git a/debian/patches/pve/0029-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch b/debian/patches/pve/0029-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch index a4ac880fa7..74ce2a426e 100644 --- a/debian/patches/pve/0029-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch +++ b/debian/patches/pve/0029-PVE-Backup-Proxmox-backup-patches-for-QEMU.patch @@ -263,10 +263,10 @@ index abebfea0e2..bc727a3a6a 100644 void hmp_device_add(Monitor *mon, const QDict *qdict); void hmp_device_del(Monitor *mon, const QDict *qdict); diff --git a/meson.build b/meson.build -index f747bc3cb2..7aa0ed1b5a 100644 +index a88b007017..684501a185 100644 --- a/meson.build +++ b/meson.build -@@ -2150,6 +2150,7 @@ endif +@@ -2156,6 +2156,7 @@ endif has_gettid = cc.has_function('gettid') libuuid = cc.find_library('uuid', required: true) @@ -1685,7 +1685,7 @@ index 0000000000..177fb851b4 + return ret; +} diff --git a/qapi/block-core.json b/qapi/block-core.json -index 0c00aabbab..4f407007b9 100644 +index d5a2bbcff1..7f1daf42fe 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -952,6 +952,248 @@ diff --git a/debian/patches/pve/0030-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch b/debian/patches/pve/0030-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch index 44e42c7f6b..8344e666ed 100644 --- a/debian/patches/pve/0030-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch +++ b/debian/patches/pve/0030-PVE-Backup-pbs-restore-new-command-to-restore-from-p.patch @@ -14,10 +14,10 @@ Signed-off-by: Wolfgang Bumiller create mode 100644 pbs-restore.c diff --git a/meson.build b/meson.build -index 7aa0ed1b5a..3a57c44ade 100644 +index 684501a185..7111b47319 100644 --- a/meson.build +++ b/meson.build -@@ -4523,6 +4523,10 @@ if have_tools +@@ -4529,6 +4529,10 @@ if have_tools vma = executable('vma', files('vma.c', 'vma-reader.c') + genh, dependencies: [authz, block, crypto, io, qemuutil, qom], install: true) diff --git a/debian/patches/pve/0031-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch b/debian/patches/pve/0031-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch index 8791b16dbc..1d2396f318 100644 --- a/debian/patches/pve/0031-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch +++ b/debian/patches/pve/0031-PVE-Add-PBS-block-driver-to-map-backup-archives-into.patch @@ -348,10 +348,10 @@ index 0000000000..3e41421716 + +block_init(bdrv_pbs_init); diff --git a/meson.build b/meson.build -index 3a57c44ade..eb84d64604 100644 +index 7111b47319..4115c35884 100644 --- a/meson.build +++ b/meson.build -@@ -4997,7 +4997,7 @@ summary_info += {'Query Processing Library support': qpl} +@@ -5003,7 +5003,7 @@ summary_info += {'Query Processing Library support': qpl} summary_info += {'UADK Library support': uadk} summary_info += {'qatzip support': qatzip} summary_info += {'NUMA host support': numa} @@ -361,7 +361,7 @@ index 3a57c44ade..eb84d64604 100644 summary_info += {'libdaxctl support': libdaxctl} summary_info += {'libcbor support': libcbor} diff --git a/qapi/block-core.json b/qapi/block-core.json -index 4f407007b9..84a4572625 100644 +index 7f1daf42fe..e1c659310d 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -3619,6 +3619,7 @@ @@ -406,7 +406,7 @@ index 4f407007b9..84a4572625 100644 ## # @BlockdevOptionsNVMe: # -@@ -5149,6 +5177,7 @@ +@@ -5153,6 +5181,7 @@ 'nfs': 'BlockdevOptionsNfs', 'null-aio': 'BlockdevOptionsNull', 'null-co': 'BlockdevOptionsNull', diff --git a/debian/patches/pve/0032-PVE-redirect-stderr-to-journal-when-daemonized.patch b/debian/patches/pve/0032-PVE-redirect-stderr-to-journal-when-daemonized.patch index 42759e606b..8c558401c8 100644 --- a/debian/patches/pve/0032-PVE-redirect-stderr-to-journal-when-daemonized.patch +++ b/debian/patches/pve/0032-PVE-redirect-stderr-to-journal-when-daemonized.patch @@ -14,10 +14,10 @@ Signed-off-by: Thomas Lamprecht 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/meson.build b/meson.build -index eb84d64604..d71baddfa6 100644 +index 4115c35884..87c765f622 100644 --- a/meson.build +++ b/meson.build -@@ -2150,6 +2150,7 @@ endif +@@ -2156,6 +2156,7 @@ endif has_gettid = cc.has_function('gettid') libuuid = cc.find_library('uuid', required: true) @@ -25,7 +25,7 @@ index eb84d64604..d71baddfa6 100644 libproxmox_backup_qemu = cc.find_library('proxmox_backup_qemu', required: true) # libselinux -@@ -3840,7 +3841,7 @@ if have_block +@@ -3846,7 +3847,7 @@ if have_block elif host_os == 'emscripten' blockdev_ss.add(files('os-wasm.c')) else diff --git a/debian/patches/pve/0033-PVE-Migrate-dirty-bitmap-state-via-savevm.patch b/debian/patches/pve/0033-PVE-Migrate-dirty-bitmap-state-via-savevm.patch index ec8e4e9a4f..adb41f4572 100644 --- a/debian/patches/pve/0033-PVE-Migrate-dirty-bitmap-state-via-savevm.patch +++ b/debian/patches/pve/0033-PVE-Migrate-dirty-bitmap-state-via-savevm.patch @@ -58,7 +58,7 @@ index 90d62d5723..6010ccaef0 100644 'ram.c', 'savevm.c', diff --git a/migration/migration.c b/migration/migration.c -index 5c9aaa6e58..23b05a64cf 100644 +index dfc60372cf..f415448689 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -329,6 +329,7 @@ void migration_object_init(void) @@ -192,7 +192,7 @@ index 177fb851b4..7575abab7c 100644 ret->pbs_masterkey = true; ret->backup_max_workers = true; diff --git a/qapi/block-core.json b/qapi/block-core.json -index 84a4572625..4a6769c053 100644 +index e1c659310d..b314192e30 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -1112,6 +1112,11 @@ diff --git a/debian/patches/pve/0037-block-add-alloc-track-driver.patch b/debian/patches/pve/0037-block-add-alloc-track-driver.patch index 042929c527..ed5e2f5d31 100644 --- a/debian/patches/pve/0037-block-add-alloc-track-driver.patch +++ b/debian/patches/pve/0037-block-add-alloc-track-driver.patch @@ -449,7 +449,7 @@ index d023753091..a777c8079c 100644 out: diff --git a/qapi/block-core.json b/qapi/block-core.json -index 4a6769c053..8af4107bf5 100644 +index b314192e30..a8a7d227a8 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -3611,7 +3611,8 @@ @@ -484,7 +484,7 @@ index 4a6769c053..8af4107bf5 100644 ## # @BlockdevOptionsPbs: # -@@ -5155,6 +5171,7 @@ +@@ -5159,6 +5175,7 @@ '*detect-zeroes': 'BlockdevDetectZeroesOptions' }, 'discriminator': 'driver', 'data': { diff --git a/debian/patches/pve/0038-PVE-backup-add-fleecing-option.patch b/debian/patches/pve/0038-PVE-backup-add-fleecing-option.patch index cd27516275..5e6a4d9791 100644 --- a/debian/patches/pve/0038-PVE-backup-add-fleecing-option.patch +++ b/debian/patches/pve/0038-PVE-backup-add-fleecing-option.patch @@ -429,7 +429,7 @@ index 7575abab7c..8b83465ebd 100644 return ret; } diff --git a/qapi/block-core.json b/qapi/block-core.json -index 8af4107bf5..5c8b872000 100644 +index a8a7d227a8..977daf0191 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -1054,6 +1054,10 @@ diff --git a/debian/patches/pve/0044-PVE-backup-implement-backup-access-setup-and-teardow.patch b/debian/patches/pve/0044-PVE-backup-implement-backup-access-setup-and-teardow.patch index d30aaf8f23..031eeba6b6 100644 --- a/debian/patches/pve/0044-PVE-backup-implement-backup-access-setup-and-teardow.patch +++ b/debian/patches/pve/0044-PVE-backup-implement-backup-access-setup-and-teardow.patch @@ -740,7 +740,7 @@ index 0000000000..9ebeef7c8f + +#endif /* PVE_BACKUP_H */ diff --git a/qapi/block-core.json b/qapi/block-core.json -index 5c8b872000..cf4f5ce7f1 100644 +index 977daf0191..ed37a4a22f 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -1128,6 +1128,9 @@ diff --git a/debian/patches/pve/0046-savevm-async-reuse-migration-blocker-check-for-snaps.patch b/debian/patches/pve/0046-savevm-async-reuse-migration-blocker-check-for-snaps.patch index df9f3df96b..0c4cef7f09 100644 --- a/debian/patches/pve/0046-savevm-async-reuse-migration-blocker-check-for-snaps.patch +++ b/debian/patches/pve/0046-savevm-async-reuse-migration-blocker-check-for-snaps.patch @@ -89,7 +89,7 @@ index 80b75ad5cb..f8417347a1 100644 * @migrate_add_blocker - prevent all modes of migration from proceeding * diff --git a/migration/migration.c b/migration/migration.c -index 23b05a64cf..8acd9610de 100644 +index f415448689..979fc7050e 100644 --- a/migration/migration.c +++ b/migration/migration.c @@ -1886,6 +1886,30 @@ bool migration_is_blocked(Error **errp) diff --git a/debian/patches/series b/debian/patches/series index 9ca5887599..352c8eb278 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,15 +1,8 @@ extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch -extra/0002-ide-avoid-potential-deadlock-when-draining-during-tr.patch -extra/0003-block-io-fallback-to-bounce-buffer-if-BLKZEROOUT-is-.patch -extra/0004-fdmon-io_uring-avoid-idle-event-loop-being-accounted.patch -extra/0005-target-i386-tcg-fix-decoding-of-MOVBE-and-CRC32-in-1.patch -extra/0006-hw-display-don-t-accidentally-autofree-existing-virg.patch -extra/0007-hw-i386-vapic-restore-IRQ-polling-for-non-kernel-irq.patch -extra/0008-target-i386-fix-strList-leak-in-x86_cpu_get_unavaila.patch -extra/0009-target-i386-fix-missing-PF_INSTR-in-SIGSEGV-context.patch -extra/0010-migration-vmstate_save_state_v-fix-double-error_setg.patch -extra/0011-block-export-fuse-fix-regression-when-mmap-ing-expor.patch -extra/0012-block-export-fuse-fix-regression-with-block-device-e.patch +extra/0002-block-io-fallback-to-bounce-buffer-if-BLKZEROOUT-is-.patch +extra/0003-fdmon-io_uring-avoid-idle-event-loop-being-accounted.patch +extra/0004-block-export-fuse-fix-regression-when-mmap-ing-expor.patch +extra/0005-block-export-fuse-fix-regression-with-block-device-e.patch bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch diff --git a/qemu b/qemu index 98b060da3a..6e9a825c1d 160000 --- a/qemu +++ b/qemu @@ -1 +1 @@ -Subproject commit 98b060da3a4f92b2a994ead5b16a87e783baf77c +Subproject commit 6e9a825c1d4e7b62d072e99a89ecd1a74c7f0d55 -- 2.47.3