* [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2
@ 2023-06-06 8:58 Fiona Ebner
2023-06-06 8:58 ` [pve-devel] [PATCH qemu 2/2] update reentrancy patches to version in upstream git Fiona Ebner
2023-06-06 16:03 ` [pve-devel] applied: [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Thomas Lamprecht
0 siblings, 2 replies; 4+ messages in thread
From: Fiona Ebner @ 2023-06-06 8:58 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...le-reentrancy-detection-for-script-R.patch | 4 +-
...39-fix-large_send_mss-divide-by-zero.patch | 72 ----
...en-getting-cursor-without-a-console.patch} | 2 +-
...-Fix-crash-when-executing-HMP-commit.patch | 48 ---
...our-channel-order-for-PNG-screenshot.patch | 77 ----
...arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch | 41 --
...e-incorrect-computation-in-float32_e.patch | 56 ---
...ge-wrong-XFRM-value-in-SGX-CPUID-lea.patch | 39 --
...t-assert_bdrv_graph_readable-by-defa.patch | 106 -----
...CI_ERR_UNCOR_MASK-register-for-machi.patch | 100 -----
...after-free-in-blockdev_mark_auto_del.patch | 57 ---
...ly-call-bdrv_activate-outside-corout.patch | 64 ---
...o_unref-for-calls-in-coroutine-conte.patch | 373 ------------------
...-no_coroutine_fns-in-qmp_block_resiz.patch | 43 --
...-tcg-Fix-atomic_mmu_lookup-for-reads.patch | 36 --
debian/patches/series | 15 +-
qemu | 2 +-
17 files changed, 5 insertions(+), 1130 deletions(-)
delete mode 100644 debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
rename debian/patches/extra/{0009-ui-return-NULL-when-getting-cursor-without-a-console.patch => 0007-ui-return-NULL-when-getting-cursor-without-a-console.patch} (97%)
delete mode 100644 debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
delete mode 100644 debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
delete mode 100644 debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
delete mode 100644 debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
delete mode 100644 debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
delete mode 100644 debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
delete mode 100644 debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
delete mode 100644 debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
delete mode 100644 debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
delete mode 100644 debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
delete mode 100644 debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
delete mode 100644 debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
diff --git a/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch b/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
index d7c7496..8f488dc 100644
--- a/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
+++ b/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
@@ -15,10 +15,10 @@ Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
1 file changed, 6 insertions(+)
diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
-index af93557a9a..db27872963 100644
+index bbf32d3f73..17af67935f 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
-@@ -2302,6 +2302,12 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
+@@ -2313,6 +2313,12 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
"lsi-io", 256);
diff --git a/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch b/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
deleted file mode 100644
index ab3db30..0000000
--- a/debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Thu, 13 Apr 2023 13:19:46 -0400
-Subject: [PATCH] rtl8139: fix large_send_mss divide-by-zero
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If the driver sets large_send_mss to 0 then a divide-by-zero occurs.
-Even if the division wasn't a problem, the for loop that emits MSS-sized
-packets would never terminate.
-
-Solve these issues by skipping offloading when large_send_mss=0.
-
-This issue was found by OSS-Fuzz as part of Alexander Bulekov's device
-fuzzing work. The reproducer is:
-
- $ cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
- 512M,slots=1,maxmem=0xffff000000000000 -machine q35 -nodefaults -device \
- rtl8139,netdev=net0 -netdev user,id=net0 -device \
- pc-dimm,id=nv1,memdev=mem1,addr=0xb800a64602800000 -object \
- memory-backend-ram,id=mem1,size=2M -qtest stdio
- outl 0xcf8 0x80000814
- outl 0xcfc 0xe0000000
- outl 0xcf8 0x80000804
- outw 0xcfc 0x06
- write 0xe0000037 0x1 0x04
- write 0xe00000e0 0x2 0x01
- write 0x1 0x1 0x04
- write 0x3 0x1 0x98
- write 0xa 0x1 0x8c
- write 0xb 0x1 0x02
- write 0xc 0x1 0x46
- write 0xd 0x1 0xa6
- write 0xf 0x1 0xb8
- write 0xb800a646028c000c 0x1 0x08
- write 0xb800a646028c000e 0x1 0x47
- write 0xb800a646028c0010 0x1 0x02
- write 0xb800a646028c0017 0x1 0x06
- write 0xb800a646028c0036 0x1 0x80
- write 0xe00000d9 0x1 0x40
- EOF
-
-Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1582
-Fixes: 6d71357a3b65 ("rtl8139: honor large send MSS value")
-Reported-by: Alexander Bulekov <alxndr@bu.edu>
-Cc: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Tested-by: Alexander Bulekov <alxndr@bu.edu>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Acked-by: Jason Wang <jasowang@redhat.com>
-(picked up from https://patchew.org/QEMU/20230413171946.2865726-1-stefanha@redhat.com/)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/net/rtl8139.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
-index 5a5aaf868d..5f1a4d359b 100644
---- a/hw/net/rtl8139.c
-+++ b/hw/net/rtl8139.c
-@@ -2154,6 +2154,9 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
-
- int large_send_mss = (txdw0 >> CP_TC_LGSEN_MSS_SHIFT) &
- CP_TC_LGSEN_MSS_MASK;
-+ if (large_send_mss == 0) {
-+ goto skip_offload;
-+ }
-
- DPRINTF("+++ C+ mode offloaded task TSO IP data %d "
- "frame data %d specified MSS=%d\n",
diff --git a/debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch b/debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
similarity index 97%
rename from debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch
rename to debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
index c0368b8..0b8d2c0 100644
--- a/debian/patches/extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch
+++ b/debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
@@ -22,7 +22,7 @@ Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ui/console.c b/ui/console.c
-index 6e8a3cdc62..594517ecdb 100644
+index e173731e20..7461446e71 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -2306,7 +2306,7 @@ QEMUCursor *qemu_console_get_cursor(QemuConsole *con)
diff --git a/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch b/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
deleted file mode 100644
index 0255bd3..0000000
--- a/debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Wang Liang <wangliangzz@inspur.com>
-Date: Mon, 24 Apr 2023 18:39:02 +0800
-Subject: [PATCH] block/monitor: Fix crash when executing HMP commit
-
-hmp_commit() calls blk_is_available() from a non-coroutine context (and
-in the main loop). blk_is_available() is a co_wrapper_mixed_bdrv_rdlock
-function, and in the non-coroutine context it calls AIO_WAIT_WHILE(),
-which crashes if the aio_context lock is not taken before.
-
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1615
-Signed-off-by: Wang Liang <wangliangzz@inspur.com>
-Message-Id: <20230424103902.45265-1-wangliangzz@126.com>
-Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
-Reviewed-by: Kevin Wolf <kwolf@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry-picked from commit 8c1e8fb2e7fc2cbeb57703e143965a4cd3ad301a)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block/monitor/block-hmp-cmds.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 2846083546..ca2599de44 100644
---- a/block/monitor/block-hmp-cmds.c
-+++ b/block/monitor/block-hmp-cmds.c
-@@ -214,15 +214,17 @@ void hmp_commit(Monitor *mon, const QDict *qdict)
- error_report("Device '%s' not found", device);
- return;
- }
-- if (!blk_is_available(blk)) {
-- error_report("Device '%s' has no medium", device);
-- return;
-- }
-
- bs = bdrv_skip_implicit_filters(blk_bs(blk));
- aio_context = bdrv_get_aio_context(bs);
- aio_context_acquire(aio_context);
-
-+ if (!blk_is_available(blk)) {
-+ error_report("Device '%s' has no medium", device);
-+ aio_context_release(aio_context);
-+ return;
-+ }
-+
- ret = bdrv_commit(bs);
-
- aio_context_release(aio_context);
diff --git a/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch b/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
deleted file mode 100644
index d76b723..0000000
--- a/debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Tue, 2 May 2023 14:55:48 +0100
-Subject: [PATCH] ui: Fix pixel colour channel order for PNG screenshots
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When we take a PNG screenshot the ordering of the colour channels in
-the data is not correct, resulting in the image having weird
-colouring compared to the actual display. (Specifically, on a
-little-endian host the blue and red channels are swapped; on
-big-endian everything is wrong.)
-
-This happens because the pixman idea of the pixel data and the libpng
-idea differ. PIXMAN_a9r8g8b8 defines that pixels are 32-bit values,
-with A in bits 24-31, R in bits 16-23, G in bits 8-15 and B in bits
-0-7. This means that on little-endian systems the bytes in memory
-are
- B G R A
-and on big-endian systems they are
- A R G B
-
-libpng, on the other hand, thinks of pixels as being a series of
-values for each channel, so its format PNG_COLOR_TYPE_RGB_ALPHA
-always wants bytes in the order
- R G B A
-
-This isn't the same as the pixman order for either big or little
-endian hosts.
-
-The alpha channel is also unnecessary bulk in the output PNG file,
-because there is no alpha information in a screenshot.
-
-To handle the endianness issue, we already define in ui/qemu-pixman.h
-various PIXMAN_BE_* and PIXMAN_LE_* values that give consistent
-byte-order pixel channel formats. So we can use PIXMAN_BE_r8g8b8 and
-PNG_COLOR_TYPE_RGB, which both have an in-memory byte order of
- R G B
-and 3 bytes per pixel.
-
-(PPM format screenshots get this right; they already use the
-PIXMAN_BE_r8g8b8 format.)
-
-Cc: qemu-stable@nongnu.org
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1622
-Fixes: 9a0a119a382867 ("Added parameter to take screenshot with screendump as PNG")
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00229.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- ui/console.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ui/console.c b/ui/console.c
-index 594517ecdb..7461446e71 100644
---- a/ui/console.c
-+++ b/ui/console.c
-@@ -311,7 +311,7 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
- png_struct *png_ptr;
- png_info *info_ptr;
- g_autoptr(pixman_image_t) linebuf =
-- qemu_pixman_linebuf_create(PIXMAN_a8r8g8b8, width);
-+ qemu_pixman_linebuf_create(PIXMAN_BE_r8g8b8, width);
- uint8_t *buf = (uint8_t *)pixman_image_get_data(linebuf);
- FILE *f = fdopen(fd, "wb");
- int y;
-@@ -341,7 +341,7 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
- png_init_io(png_ptr, f);
-
- png_set_IHDR(png_ptr, info_ptr, width, height, 8,
-- PNG_COLOR_TYPE_RGB_ALPHA, PNG_INTERLACE_NONE,
-+ PNG_COLOR_TYPE_RGB, PNG_INTERLACE_NONE,
- PNG_COMPRESSION_TYPE_BASE, PNG_FILTER_TYPE_BASE);
-
- png_write_info(png_ptr, info_ptr);
diff --git a/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch b/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
deleted file mode 100644
index 799aa84..0000000
--- a/debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Richard Henderson <richard.henderson@linaro.org>
-Date: Thu, 4 May 2023 11:42:32 +0100
-Subject: [PATCH] target/arm: Fix vd == vm overlap in sve_ldff1_z
-
-If vd == vm, copy vm to scratch, so that we can pre-zero
-the output and still access the gather indicies.
-
-Cc: qemu-stable@nongnu.org
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1612
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00961.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/arm/tcg/sve_helper.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/target/arm/tcg/sve_helper.c b/target/arm/tcg/sve_helper.c
-index ccf5e5beca..0097522470 100644
---- a/target/arm/tcg/sve_helper.c
-+++ b/target/arm/tcg/sve_helper.c
-@@ -6727,6 +6727,7 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
- intptr_t reg_off;
- SVEHostPage info;
- target_ulong addr, in_page;
-+ ARMVectorReg scratch;
-
- /* Skip to the first true predicate. */
- reg_off = find_next_active(vg, 0, reg_max, esz);
-@@ -6736,6 +6737,11 @@ void sve_ldff1_z(CPUARMState *env, void *vd, uint64_t *vg, void *vm,
- return;
- }
-
-+ /* Protect against overlap between vd and vm. */
-+ if (unlikely(vd == vm)) {
-+ vm = memcpy(&scratch, vm, reg_max);
-+ }
-+
- /*
- * Probe the first element, allowing faults.
- */
diff --git a/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch b/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
deleted file mode 100644
index a9cc766..0000000
--- a/debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shivaprasad G Bhat <sbhat@linux.ibm.com>
-Date: Tue, 2 May 2023 20:55:30 +0530
-Subject: [PATCH] softfloat: Fix the incorrect computation in float32_exp2
-
-The float32_exp2 function is computing wrong exponent of 2.
-
-For example, with the following set of values {0.1, 2.0, 2.0, -1.0},
-the expected output would be {1.071773, 4.000000, 4.000000, 0.500000}.
-Instead, the function is computing {1.119102, 3.382044, 3.382044, -0.191022}
-
-Looking at the code, the float32_exp2() attempts to do this
-
- 2 3 4 5 n
- x x x x x x x
- e = 1 + --- + --- + --- + --- + --- + ... + --- + ...
- 1! 2! 3! 4! 5! n!
-
-But because of the typo it ends up doing
-
- x x x x x x x
- e = 1 + --- + --- + --- + --- + --- + ... + --- + ...
- 1! 2! 3! 4! 5! n!
-
-This is because instead of the xnp which holds the numerator, parts_muladd
-is using the xp which is just 'x'. Commit '572c4d862ff2' refactored this
-function, and mistakenly used xp instead of xnp.
-
-Cc: qemu-stable@nongnu.org
-Fixes: 572c4d862ff2 "softfloat: Convert float32_exp2 to FloatParts"
-Partially-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1623
-Reported-By: Luca Barbato (https://gitlab.com/lu-zero)
-Signed-off-by: Shivaprasad G Bhat <sbhat@linux.ibm.com>
-Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
-Message-Id: <168304110865.537992.13059030916325018670.stgit@localhost.localdomain>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-(cherry-picked from commit 1098cc3fcf952763fc9fd72c1c8fda30a18cc8ea)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- fpu/softfloat.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fpu/softfloat.c b/fpu/softfloat.c
-index c7454c3eb1..108f9cb224 100644
---- a/fpu/softfloat.c
-+++ b/fpu/softfloat.c
-@@ -5135,7 +5135,7 @@ float32 float32_exp2(float32 a, float_status *status)
- float64_unpack_canonical(&rp, float64_one, status);
- for (i = 0 ; i < 15 ; i++) {
- float64_unpack_canonical(&tp, float32_exp2_coefficients[i], status);
-- rp = *parts_muladd(&tp, &xp, &rp, 0, status);
-+ rp = *parts_muladd(&tp, &xnp, &rp, 0, status);
- xnp = *parts_mul(&xnp, &xp, status);
- }
-
diff --git a/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch b/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
deleted file mode 100644
index 425b39d..0000000
--- a/debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Yang Zhong <yang.zhong@linux.intel.com>
-Date: Thu, 6 Apr 2023 02:40:41 -0400
-Subject: [PATCH] target/i386: Change wrong XFRM value in SGX CPUID leaf
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The previous patch wrongly replaced FEAT_XSAVE_XCR0_{LO|HI} with
-FEAT_XSAVE_XSS_{LO|HI} in CPUID(EAX=12,ECX=1):{ECX,EDX}. As a result,
-SGX enclaves only supported SSE and x87 feature (xfrm=0x3).
-
-Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")
-Signed-off-by: Yang Zhong <yang.zhong@linux.intel.com>
-Reviewed-by: Yang Weijiang <weijiang.yang@intel.com>
-Reviewed-by: Kai Huang <kai.huang@intel.com>
-Message-Id: <20230406064041.420039-1-yang.zhong@linux.intel.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry-picked from commit 72497cff896fecf74306ed33626c30e43633cdd6)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- target/i386/cpu.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/target/i386/cpu.c b/target/i386/cpu.c
-index 6576287e5b..f083ff4335 100644
---- a/target/i386/cpu.c
-+++ b/target/i386/cpu.c
-@@ -5718,8 +5718,8 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
- } else {
- *eax &= env->features[FEAT_SGX_12_1_EAX];
- *ebx &= 0; /* ebx reserve */
-- *ecx &= env->features[FEAT_XSAVE_XSS_LO];
-- *edx &= env->features[FEAT_XSAVE_XSS_HI];
-+ *ecx &= env->features[FEAT_XSAVE_XCR0_LO];
-+ *edx &= env->features[FEAT_XSAVE_XCR0_HI];
-
- /* FP and SSE are always allowed regardless of XSAVE/XCR0. */
- *ecx |= XSTATE_FP_MASK | XSTATE_SSE_MASK;
diff --git a/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch b/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
deleted file mode 100644
index f0534d8..0000000
--- a/debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Mon, 1 May 2023 13:34:43 -0400
-Subject: [PATCH] block: compile out assert_bdrv_graph_readable() by default
-
-reader_count() is a performance bottleneck because the global
-aio_context_list_lock mutex causes thread contention. Put this debugging
-assertion behind a new ./configure --enable-debug-graph-lock option and
-disable it by default.
-
-The --enable-debug-graph-lock option is also enabled by the more general
---enable-debug option.
-
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00058.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block/graph-lock.c | 3 +++
- configure | 1 +
- meson.build | 2 ++
- meson_options.txt | 2 ++
- scripts/meson-buildoptions.sh | 4 ++++
- 5 files changed, 12 insertions(+)
-
-diff --git a/block/graph-lock.c b/block/graph-lock.c
-index 454c31e691..259a7a0bde 100644
---- a/block/graph-lock.c
-+++ b/block/graph-lock.c
-@@ -265,7 +265,10 @@ void bdrv_graph_rdunlock_main_loop(void)
-
- void assert_bdrv_graph_readable(void)
- {
-+ /* reader_count() is slow due to aio_context_list_lock lock contention */
-+#ifdef CONFIG_DEBUG_GRAPH_LOCK
- assert(qemu_in_main_thread() || reader_count());
-+#endif
- }
-
- void assert_bdrv_graph_writable(void)
-diff --git a/configure b/configure
-index 800b5850f4..a62a3e6be9 100755
---- a/configure
-+++ b/configure
-@@ -806,6 +806,7 @@ for opt do
- --enable-debug)
- # Enable debugging options that aren't excessively noisy
- debug_tcg="yes"
-+ meson_option_parse --enable-debug-graph-lock ""
- meson_option_parse --enable-debug-mutex ""
- meson_option_add -Doptimization=0
- fortify_source="no"
-diff --git a/meson.build b/meson.build
-index c44d05a13f..d964e741e7 100644
---- a/meson.build
-+++ b/meson.build
-@@ -1956,6 +1956,7 @@ if get_option('debug_stack_usage') and have_coroutine_pool
- have_coroutine_pool = false
- endif
- config_host_data.set10('CONFIG_COROUTINE_POOL', have_coroutine_pool)
-+config_host_data.set('CONFIG_DEBUG_GRAPH_LOCK', get_option('debug_graph_lock'))
- config_host_data.set('CONFIG_DEBUG_MUTEX', get_option('debug_mutex'))
- config_host_data.set('CONFIG_DEBUG_STACK_USAGE', get_option('debug_stack_usage'))
- config_host_data.set('CONFIG_GPROF', get_option('gprof'))
-@@ -3833,6 +3834,7 @@ summary_info += {'PIE': get_option('b_pie')}
- summary_info += {'static build': config_host.has_key('CONFIG_STATIC')}
- summary_info += {'malloc trim support': has_malloc_trim}
- summary_info += {'membarrier': have_membarrier}
-+summary_info += {'debug graph lock': get_option('debug_graph_lock')}
- summary_info += {'debug stack usage': get_option('debug_stack_usage')}
- summary_info += {'mutex debugging': get_option('debug_mutex')}
- summary_info += {'memory allocator': get_option('malloc')}
-diff --git a/meson_options.txt b/meson_options.txt
-index fc9447d267..bc857fe68b 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -311,6 +311,8 @@ option('rng_none', type: 'boolean', value: false,
- description: 'dummy RNG, avoid using /dev/(u)random and getrandom()')
- option('coroutine_pool', type: 'boolean', value: true,
- description: 'coroutine freelist (better performance)')
-+option('debug_graph_lock', type: 'boolean', value: false,
-+ description: 'graph lock debugging support')
- option('debug_mutex', type: 'boolean', value: false,
- description: 'mutex debugging support')
- option('debug_stack_usage', type: 'boolean', value: false,
-diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh
-index 009fab1515..30e1f25259 100644
---- a/scripts/meson-buildoptions.sh
-+++ b/scripts/meson-buildoptions.sh
-@@ -21,6 +21,8 @@ meson_options_help() {
- printf "%s\n" ' QEMU'
- printf "%s\n" ' --enable-cfi Control-Flow Integrity (CFI)'
- printf "%s\n" ' --enable-cfi-debug Verbose errors in case of CFI violation'
-+ printf "%s\n" ' --enable-debug-graph-lock'
-+ printf "%s\n" ' graph lock debugging support'
- printf "%s\n" ' --enable-debug-mutex mutex debugging support'
- printf "%s\n" ' --enable-debug-stack-usage'
- printf "%s\n" ' measure coroutine stack usage'
-@@ -249,6 +251,8 @@ _meson_option_parse() {
- --datadir=*) quote_sh "-Ddatadir=$2" ;;
- --enable-dbus-display) printf "%s" -Ddbus_display=enabled ;;
- --disable-dbus-display) printf "%s" -Ddbus_display=disabled ;;
-+ --enable-debug-graph-lock) printf "%s" -Ddebug_graph_lock=true ;;
-+ --disable-debug-graph-lock) printf "%s" -Ddebug_graph_lock=false ;;
- --enable-debug-mutex) printf "%s" -Ddebug_mutex=true ;;
- --disable-debug-mutex) printf "%s" -Ddebug_mutex=false ;;
- --enable-debug-stack-usage) printf "%s" -Ddebug_stack_usage=true ;;
diff --git a/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch b/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
deleted file mode 100644
index b7e45e5..0000000
--- a/debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Leonardo Bras <leobras@redhat.com>
-Date: Tue, 2 May 2023 21:27:02 -0300
-Subject: [PATCH] hw/pci: Disable PCI_ERR_UNCOR_MASK register for machine type
- < 8.0
-
-Since it's implementation on v8.0.0-rc0, having the PCI_ERR_UNCOR_MASK
-set for machine types < 8.0 will cause migration to fail if the target
-QEMU version is < 8.0.0 :
-
-qemu-system-x86_64: get_pci_config_device: Bad config data: i=0x10a read: 40 device: 0 cmask: ff wmask: 0 w1cmask:0
-qemu-system-x86_64: Failed to load PCIDevice:config
-qemu-system-x86_64: Failed to load e1000e:parent_obj
-qemu-system-x86_64: error while loading state for instance 0x0 of device '0000:00:02.0/e1000e'
-qemu-system-x86_64: load of migration failed: Invalid argument
-
-The above test migrated a 7.2 machine type from QEMU master to QEMU 7.2.0,
-with this cmdline:
-
-./qemu-system-x86_64 -M pc-q35-7.2 [-incoming XXX]
-
-In order to fix this, property x-pcie-err-unc-mask was introduced to
-control when PCI_ERR_UNCOR_MASK is enabled. This property is enabled by
-default, but is disabled if machine type <= 7.2.
-
-Fixes: 010746ae1d ("hw/pci/aer: Implement PCI_ERR_UNCOR_MASK register")
-Suggested-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Leonardo Bras <leobras@redhat.com>
-Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
-Reviewed-by: Peter Xu <peterx@redhat.com>
-Reviewed-by: Juan Quintela <quintela@redhat.com>
-(picked up from https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg00350.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- hw/core/machine.c | 1 +
- hw/pci/pci.c | 2 ++
- hw/pci/pcie_aer.c | 11 +++++++----
- include/hw/pci/pci.h | 2 ++
- 4 files changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/hw/core/machine.c b/hw/core/machine.c
-index cd13b8b0a3..5060119952 100644
---- a/hw/core/machine.c
-+++ b/hw/core/machine.c
-@@ -43,6 +43,7 @@ GlobalProperty hw_compat_7_2[] = {
- { "e1000e", "migrate-timadj", "off" },
- { "virtio-mem", "x-early-migration", "false" },
- { "migration", "x-preempt-pre-7-2", "true" },
-+ { TYPE_PCI_DEVICE, "x-pcie-err-unc-mask", "off" },
- };
- const size_t hw_compat_7_2_len = G_N_ELEMENTS(hw_compat_7_2);
-
-diff --git a/hw/pci/pci.c b/hw/pci/pci.c
-index def5000e7b..8ad4349e96 100644
---- a/hw/pci/pci.c
-+++ b/hw/pci/pci.c
-@@ -79,6 +79,8 @@ static Property pci_props[] = {
- DEFINE_PROP_STRING("failover_pair_id", PCIDevice,
- failover_pair_id),
- DEFINE_PROP_UINT32("acpi-index", PCIDevice, acpi_index, 0),
-+ DEFINE_PROP_BIT("x-pcie-err-unc-mask", PCIDevice, cap_present,
-+ QEMU_PCIE_ERR_UNC_MASK_BITNR, true),
- DEFINE_PROP_END_OF_LIST()
- };
-
-diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
-index 103667c368..374d593ead 100644
---- a/hw/pci/pcie_aer.c
-+++ b/hw/pci/pcie_aer.c
-@@ -112,10 +112,13 @@ int pcie_aer_init(PCIDevice *dev, uint8_t cap_ver, uint16_t offset,
-
- pci_set_long(dev->w1cmask + offset + PCI_ERR_UNCOR_STATUS,
- PCI_ERR_UNC_SUPPORTED);
-- pci_set_long(dev->config + offset + PCI_ERR_UNCOR_MASK,
-- PCI_ERR_UNC_MASK_DEFAULT);
-- pci_set_long(dev->wmask + offset + PCI_ERR_UNCOR_MASK,
-- PCI_ERR_UNC_SUPPORTED);
-+
-+ if (dev->cap_present & QEMU_PCIE_ERR_UNC_MASK) {
-+ pci_set_long(dev->config + offset + PCI_ERR_UNCOR_MASK,
-+ PCI_ERR_UNC_MASK_DEFAULT);
-+ pci_set_long(dev->wmask + offset + PCI_ERR_UNCOR_MASK,
-+ PCI_ERR_UNC_SUPPORTED);
-+ }
-
- pci_set_long(dev->config + offset + PCI_ERR_UNCOR_SEVER,
- PCI_ERR_UNC_SEVERITY_DEFAULT);
-diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
-index d5a40cd058..6dc6742fc4 100644
---- a/include/hw/pci/pci.h
-+++ b/include/hw/pci/pci.h
-@@ -207,6 +207,8 @@ enum {
- QEMU_PCIE_EXTCAP_INIT = (1 << QEMU_PCIE_EXTCAP_INIT_BITNR),
- #define QEMU_PCIE_CXL_BITNR 10
- QEMU_PCIE_CAP_CXL = (1 << QEMU_PCIE_CXL_BITNR),
-+#define QEMU_PCIE_ERR_UNC_MASK_BITNR 11
-+ QEMU_PCIE_ERR_UNC_MASK = (1 << QEMU_PCIE_ERR_UNC_MASK_BITNR),
- };
-
- typedef struct PCIINTxRoute {
diff --git a/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch b/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
deleted file mode 100644
index 20e3e35..0000000
--- a/debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Wed, 3 May 2023 16:01:42 +0200
-Subject: [PATCH] block: Fix use after free in blockdev_mark_auto_del()
-
-job_cancel_locked() drops the job list lock temporarily and it may call
-aio_poll(). We must assume that the list has changed after this call.
-Also, with unlucky timing, it can end up freeing the job during
-job_completed_txn_abort_locked(), making the job pointer invalid, too.
-
-For both reasons, we can't just continue at block_job_next_locked(job).
-Instead, start at the head of the list again after job_cancel_locked()
-and skip those jobs that we already cancelled (or that are completing
-anyway).
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Message-Id: <20230503140142.474404-1-kwolf@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry-picked from commit e2626874a32602d4e52971c786ef5ffb4430629d)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- blockdev.c | 18 ++++++++++++++----
- 1 file changed, 14 insertions(+), 4 deletions(-)
-
-diff --git a/blockdev.c b/blockdev.c
-index d7b5c18f0a..2c1752a403 100644
---- a/blockdev.c
-+++ b/blockdev.c
-@@ -153,12 +153,22 @@ void blockdev_mark_auto_del(BlockBackend *blk)
-
- JOB_LOCK_GUARD();
-
-- for (job = block_job_next_locked(NULL); job;
-- job = block_job_next_locked(job)) {
-- if (block_job_has_bdrv(job, blk_bs(blk))) {
-+ do {
-+ job = block_job_next_locked(NULL);
-+ while (job && (job->job.cancelled ||
-+ job->job.deferred_to_main_loop ||
-+ !block_job_has_bdrv(job, blk_bs(blk))))
-+ {
-+ job = block_job_next_locked(job);
-+ }
-+ if (job) {
-+ /*
-+ * This drops the job lock temporarily and polls, so we need to
-+ * restart processing the list from the start after this.
-+ */
- job_cancel_locked(&job->job, false);
- }
-- }
-+ } while (job);
-
- dinfo->auto_del = 1;
- }
diff --git a/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch b/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
deleted file mode 100644
index a65c044..0000000
--- a/debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 4 May 2023 13:57:32 +0200
-Subject: [PATCH] block: Consistently call bdrv_activate() outside coroutine
-
-Migration code can call bdrv_activate() in coroutine context, whereas
-other callers call it outside of coroutines. As it calls other code that
-is not supposed to run in coroutines, standardise on running outside of
-coroutines.
-
-This adds a no_co_wrapper to switch to the main loop before calling
-bdrv_activate().
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-Id: <20230504115750.54437-3-kwolf@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry-picked from commit da4afaff074e56b0fa0d25abf865784148018895)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block/block-backend.c | 10 +++++++++-
- include/block/block-global-state.h | 6 +++++-
- 2 files changed, 14 insertions(+), 2 deletions(-)
-
-diff --git a/block/block-backend.c b/block/block-backend.c
-index 55efc735b4..d59f759daf 100644
---- a/block/block-backend.c
-+++ b/block/block-backend.c
-@@ -2018,7 +2018,15 @@ void blk_activate(BlockBackend *blk, Error **errp)
- return;
- }
-
-- bdrv_activate(bs, errp);
-+ /*
-+ * Migration code can call this function in coroutine context, so leave
-+ * coroutine context if necessary.
-+ */
-+ if (qemu_in_coroutine()) {
-+ bdrv_co_activate(bs, errp);
-+ } else {
-+ bdrv_activate(bs, errp);
-+ }
- }
-
- bool coroutine_fn blk_co_is_inserted(BlockBackend *blk)
-diff --git a/include/block/block-global-state.h b/include/block/block-global-state.h
-index 399200a9a3..2c312cc774 100644
---- a/include/block/block-global-state.h
-+++ b/include/block/block-global-state.h
-@@ -166,7 +166,11 @@ int bdrv_amend_options(BlockDriverState *bs_new, QemuOpts *opts,
- BlockDriverState *check_to_replace_node(BlockDriverState *parent_bs,
- const char *node_name, Error **errp);
-
--int bdrv_activate(BlockDriverState *bs, Error **errp);
-+int no_coroutine_fn bdrv_activate(BlockDriverState *bs, Error **errp);
-+
-+int coroutine_fn no_co_wrapper
-+bdrv_co_activate(BlockDriverState *bs, Error **errp);
-+
- void bdrv_activate_all(Error **errp);
- int bdrv_inactivate_all(void);
-
diff --git a/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch b/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
deleted file mode 100644
index 541e64e..0000000
--- a/debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
+++ /dev/null
@@ -1,373 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 4 May 2023 13:57:33 +0200
-Subject: [PATCH] block: bdrv/blk_co_unref() for calls in coroutine context
-
-These functions must not be called in coroutine context, because they
-need write access to the graph.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-Id: <20230504115750.54437-4-kwolf@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry-picked from commit b2ab5f545fa1eaaf2955dd617bee19a8b3279786)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- block.c | 2 +-
- block/crypto.c | 6 +++---
- block/parallels.c | 6 +++---
- block/qcow.c | 6 +++---
- block/qcow2.c | 14 +++++++-------
- block/qed.c | 6 +++---
- block/vdi.c | 6 +++---
- block/vhdx.c | 6 +++---
- block/vmdk.c | 18 +++++++++---------
- block/vpc.c | 6 +++---
- include/block/block-global-state.h | 3 ++-
- include/sysemu/block-backend-global-state.h | 5 ++++-
- 12 files changed, 44 insertions(+), 40 deletions(-)
-
-diff --git a/block.c b/block.c
-index d79a52ca74..a48112f945 100644
---- a/block.c
-+++ b/block.c
-@@ -680,7 +680,7 @@ int coroutine_fn bdrv_co_create_opts_simple(BlockDriver *drv,
-
- ret = 0;
- out:
-- blk_unref(blk);
-+ blk_co_unref(blk);
- return ret;
- }
-
-diff --git a/block/crypto.c b/block/crypto.c
-index ca67289187..8fd3ad0054 100644
---- a/block/crypto.c
-+++ b/block/crypto.c
-@@ -355,7 +355,7 @@ block_crypto_co_create_generic(BlockDriverState *bs, int64_t size,
- ret = 0;
- cleanup:
- qcrypto_block_free(crypto);
-- blk_unref(blk);
-+ blk_co_unref(blk);
- return ret;
- }
-
-@@ -661,7 +661,7 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp)
-
- ret = 0;
- fail:
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- return ret;
- }
-
-@@ -730,7 +730,7 @@ fail:
- bdrv_co_delete_file_noerr(bs);
- }
-
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- qapi_free_QCryptoBlockCreateOptions(create_opts);
- qobject_unref(cryptoopts);
- return ret;
-diff --git a/block/parallels.c b/block/parallels.c
-index 013684801a..b49c35929e 100644
---- a/block/parallels.c
-+++ b/block/parallels.c
-@@ -613,8 +613,8 @@ static int coroutine_fn parallels_co_create(BlockdevCreateOptions* opts,
-
- ret = 0;
- out:
-- blk_unref(blk);
-- bdrv_unref(bs);
-+ blk_co_unref(blk);
-+ bdrv_co_unref(bs);
- return ret;
-
- exit:
-@@ -691,7 +691,7 @@ parallels_co_create_opts(BlockDriver *drv, const char *filename,
-
- done:
- qobject_unref(qdict);
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- qapi_free_BlockdevCreateOptions(create_options);
- return ret;
- }
-diff --git a/block/qcow.c b/block/qcow.c
-index 490e4f819e..a0c701f578 100644
---- a/block/qcow.c
-+++ b/block/qcow.c
-@@ -915,8 +915,8 @@ static int coroutine_fn qcow_co_create(BlockdevCreateOptions *opts,
- g_free(tmp);
- ret = 0;
- exit:
-- blk_unref(qcow_blk);
-- bdrv_unref(bs);
-+ blk_co_unref(qcow_blk);
-+ bdrv_co_unref(bs);
- qcrypto_block_free(crypto);
- return ret;
- }
-@@ -1015,7 +1015,7 @@ qcow_co_create_opts(BlockDriver *drv, const char *filename,
- fail:
- g_free(backing_fmt);
- qobject_unref(qdict);
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- qapi_free_BlockdevCreateOptions(create_options);
- return ret;
- }
-diff --git a/block/qcow2.c b/block/qcow2.c
-index 30fd53fa64..6746763c34 100644
---- a/block/qcow2.c
-+++ b/block/qcow2.c
-@@ -3705,7 +3705,7 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp)
- goto out;
- }
-
-- blk_unref(blk);
-+ blk_co_unref(blk);
- blk = NULL;
-
- /*
-@@ -3785,7 +3785,7 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp)
- }
- }
-
-- blk_unref(blk);
-+ blk_co_unref(blk);
- blk = NULL;
-
- /* Reopen the image without BDRV_O_NO_FLUSH to flush it before returning.
-@@ -3810,9 +3810,9 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp)
-
- ret = 0;
- out:
-- blk_unref(blk);
-- bdrv_unref(bs);
-- bdrv_unref(data_bs);
-+ blk_co_unref(blk);
-+ bdrv_co_unref(bs);
-+ bdrv_co_unref(data_bs);
- return ret;
- }
-
-@@ -3943,8 +3943,8 @@ finish:
- }
-
- qobject_unref(qdict);
-- bdrv_unref(bs);
-- bdrv_unref(data_bs);
-+ bdrv_co_unref(bs);
-+ bdrv_co_unref(data_bs);
- qapi_free_BlockdevCreateOptions(create_options);
- return ret;
- }
-diff --git a/block/qed.c b/block/qed.c
-index 0705a7b4e2..aff2a2076e 100644
---- a/block/qed.c
-+++ b/block/qed.c
-@@ -748,8 +748,8 @@ static int coroutine_fn bdrv_qed_co_create(BlockdevCreateOptions *opts,
- ret = 0; /* success */
- out:
- g_free(l1_table);
-- blk_unref(blk);
-- bdrv_unref(bs);
-+ blk_co_unref(blk);
-+ bdrv_co_unref(bs);
- return ret;
- }
-
-@@ -819,7 +819,7 @@ bdrv_qed_co_create_opts(BlockDriver *drv, const char *filename,
-
- fail:
- qobject_unref(qdict);
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- qapi_free_BlockdevCreateOptions(create_options);
- return ret;
- }
-diff --git a/block/vdi.c b/block/vdi.c
-index f2434d6153..08331d2dd7 100644
---- a/block/vdi.c
-+++ b/block/vdi.c
-@@ -886,8 +886,8 @@ static int coroutine_fn vdi_co_do_create(BlockdevCreateOptions *create_options,
-
- ret = 0;
- exit:
-- blk_unref(blk);
-- bdrv_unref(bs_file);
-+ blk_co_unref(blk);
-+ bdrv_co_unref(bs_file);
- g_free(bmap);
- return ret;
- }
-@@ -975,7 +975,7 @@ vdi_co_create_opts(BlockDriver *drv, const char *filename,
- done:
- qobject_unref(qdict);
- qapi_free_BlockdevCreateOptions(create_options);
-- bdrv_unref(bs_file);
-+ bdrv_co_unref(bs_file);
- return ret;
- }
-
-diff --git a/block/vhdx.c b/block/vhdx.c
-index 81420722a1..00777da91a 100644
---- a/block/vhdx.c
-+++ b/block/vhdx.c
-@@ -2053,8 +2053,8 @@ static int coroutine_fn vhdx_co_create(BlockdevCreateOptions *opts,
-
- ret = 0;
- delete_and_exit:
-- blk_unref(blk);
-- bdrv_unref(bs);
-+ blk_co_unref(blk);
-+ bdrv_co_unref(bs);
- g_free(creator);
- return ret;
- }
-@@ -2144,7 +2144,7 @@ vhdx_co_create_opts(BlockDriver *drv, const char *filename,
-
- fail:
- qobject_unref(qdict);
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- qapi_free_BlockdevCreateOptions(create_options);
- return ret;
- }
-diff --git a/block/vmdk.c b/block/vmdk.c
-index f5f49018fe..01ca13c82b 100644
---- a/block/vmdk.c
-+++ b/block/vmdk.c
-@@ -2306,7 +2306,7 @@ exit:
- if (pbb) {
- *pbb = blk;
- } else {
-- blk_unref(blk);
-+ blk_co_unref(blk);
- blk = NULL;
- }
- }
-@@ -2516,12 +2516,12 @@ vmdk_co_do_create(int64_t size,
- if (strcmp(blk_bs(backing)->drv->format_name, "vmdk")) {
- error_setg(errp, "Invalid backing file format: %s. Must be vmdk",
- blk_bs(backing)->drv->format_name);
-- blk_unref(backing);
-+ blk_co_unref(backing);
- ret = -EINVAL;
- goto exit;
- }
- ret = vmdk_read_cid(blk_bs(backing), 0, &parent_cid);
-- blk_unref(backing);
-+ blk_co_unref(backing);
- if (ret) {
- error_setg(errp, "Failed to read parent CID");
- goto exit;
-@@ -2542,14 +2542,14 @@ vmdk_co_do_create(int64_t size,
- blk_bs(extent_blk)->filename);
- created_size += cur_size;
- extent_idx++;
-- blk_unref(extent_blk);
-+ blk_co_unref(extent_blk);
- }
-
- /* Check whether we got excess extents */
- extent_blk = extent_fn(-1, extent_idx, flat, split, compress, zeroed_grain,
- opaque, NULL);
- if (extent_blk) {
-- blk_unref(extent_blk);
-+ blk_co_unref(extent_blk);
- error_setg(errp, "List of extents contains unused extents");
- ret = -EINVAL;
- goto exit;
-@@ -2590,7 +2590,7 @@ vmdk_co_do_create(int64_t size,
- ret = 0;
- exit:
- if (blk) {
-- blk_unref(blk);
-+ blk_co_unref(blk);
- }
- g_free(desc);
- g_free(parent_desc_line);
-@@ -2641,7 +2641,7 @@ vmdk_co_create_opts_cb(int64_t size, int idx, bool flat, bool split,
- errp)) {
- goto exit;
- }
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- exit:
- g_free(ext_filename);
- return blk;
-@@ -2797,12 +2797,12 @@ static BlockBackend * coroutine_fn vmdk_co_create_cb(int64_t size, int idx,
- return NULL;
- }
- blk_set_allow_write_beyond_eof(blk, true);
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
-
- if (size != -1) {
- ret = vmdk_init_extent(blk, size, flat, compress, zeroed_grain, errp);
- if (ret) {
-- blk_unref(blk);
-+ blk_co_unref(blk);
- blk = NULL;
- }
- }
-diff --git a/block/vpc.c b/block/vpc.c
-index b89b0ff8e2..07ddda5b99 100644
---- a/block/vpc.c
-+++ b/block/vpc.c
-@@ -1082,8 +1082,8 @@ static int coroutine_fn vpc_co_create(BlockdevCreateOptions *opts,
- }
-
- out:
-- blk_unref(blk);
-- bdrv_unref(bs);
-+ blk_co_unref(blk);
-+ bdrv_co_unref(bs);
- return ret;
- }
-
-@@ -1162,7 +1162,7 @@ vpc_co_create_opts(BlockDriver *drv, const char *filename,
-
- fail:
- qobject_unref(qdict);
-- bdrv_unref(bs);
-+ bdrv_co_unref(bs);
- qapi_free_BlockdevCreateOptions(create_options);
- return ret;
- }
-diff --git a/include/block/block-global-state.h b/include/block/block-global-state.h
-index 2c312cc774..ec3ddb17a8 100644
---- a/include/block/block-global-state.h
-+++ b/include/block/block-global-state.h
-@@ -218,7 +218,8 @@ void bdrv_img_create(const char *filename, const char *fmt,
- bool quiet, Error **errp);
-
- void bdrv_ref(BlockDriverState *bs);
--void bdrv_unref(BlockDriverState *bs);
-+void no_coroutine_fn bdrv_unref(BlockDriverState *bs);
-+void coroutine_fn no_co_wrapper bdrv_co_unref(BlockDriverState *bs);
- void bdrv_unref_child(BlockDriverState *parent, BdrvChild *child);
- BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs,
- BlockDriverState *child_bs,
-diff --git a/include/sysemu/block-backend-global-state.h b/include/sysemu/block-backend-global-state.h
-index 2b6d27db7c..fa83f9389c 100644
---- a/include/sysemu/block-backend-global-state.h
-+++ b/include/sysemu/block-backend-global-state.h
-@@ -42,7 +42,10 @@ blk_co_new_open(const char *filename, const char *reference, QDict *options,
-
- int blk_get_refcnt(BlockBackend *blk);
- void blk_ref(BlockBackend *blk);
--void blk_unref(BlockBackend *blk);
-+
-+void no_coroutine_fn blk_unref(BlockBackend *blk);
-+void coroutine_fn no_co_wrapper blk_co_unref(BlockBackend *blk);
-+
- void blk_remove_all_bs(void);
- BlockBackend *blk_by_name(const char *name);
- BlockBackend *blk_next(BlockBackend *blk);
diff --git a/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch b/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
deleted file mode 100644
index 685b7a8..0000000
--- a/debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Thu, 4 May 2023 13:57:34 +0200
-Subject: [PATCH] block: Don't call no_coroutine_fns in qmp_block_resize()
-
-This QMP handler runs in a coroutine, so it must use the corresponding
-no_co_wrappers instead.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2185688
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-Id: <20230504115750.54437-5-kwolf@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry-picked from commit 0c7d204f50c382c6baac8c94bd57af4a022b3888)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- blockdev.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/blockdev.c b/blockdev.c
-index 2c1752a403..e464daea58 100644
---- a/blockdev.c
-+++ b/blockdev.c
-@@ -2440,7 +2440,7 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name,
- return;
- }
-
-- blk = blk_new_with_bs(bs, BLK_PERM_RESIZE, BLK_PERM_ALL, errp);
-+ blk = blk_co_new_with_bs(bs, BLK_PERM_RESIZE, BLK_PERM_ALL, errp);
- if (!blk) {
- return;
- }
-@@ -2455,7 +2455,7 @@ void coroutine_fn qmp_block_resize(const char *device, const char *node_name,
-
- bdrv_co_lock(bs);
- bdrv_drained_end(bs);
-- blk_unref(blk);
-+ blk_co_unref(blk);
- bdrv_co_unlock(bs);
- }
-
diff --git a/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch b/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
deleted file mode 100644
index e4d9946..0000000
--- a/debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Richard Henderson <richard.henderson@linaro.org>
-Date: Fri, 5 May 2023 21:40:49 +0100
-Subject: [PATCH] accel/tcg: Fix atomic_mmu_lookup for reads
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-A copy-paste bug had us looking at the victim cache for writes.
-
-Cc: qemu-stable@nongnu.org
-Reported-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Fixes: 08dff435e2 ("tcg: Probe the proper permissions for atomic ops")
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Message-Id: <20230505204049.352469-1-richard.henderson@linaro.org>
-(cherry-picked from commit 8c313254e61ed47a1bf4a2db714b25cdd94fbcce)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- accel/tcg/cputlb.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
-index e984a98dc4..145fba45b2 100644
---- a/accel/tcg/cputlb.c
-+++ b/accel/tcg/cputlb.c
-@@ -1830,7 +1830,7 @@ static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
- } else /* if (prot & PAGE_READ) */ {
- tlb_addr = tlbe->addr_read;
- if (!tlb_hit(tlb_addr, addr)) {
-- if (!VICTIM_TLB_HIT(addr_write, addr)) {
-+ if (!VICTIM_TLB_HIT(addr_read, addr)) {
- tlb_fill(env_cpu(env), addr, size,
- MMU_DATA_LOAD, mmu_idx, retaddr);
- index = tlb_index(env, mmu_idx, addr);
diff --git a/debian/patches/series b/debian/patches/series
index 375b2db..7b45528 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,20 +4,7 @@ extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch
extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
-extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
-extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
-extra/0009-ui-return-NULL-when-getting-cursor-without-a-console.patch
-extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
-extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
-extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
-extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
-extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
-extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
-extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
-extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
-extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
-extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
-extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
+extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
diff --git a/qemu b/qemu
index c1eb2dd..f7f686b 160000
--- a/qemu
+++ b/qemu
@@ -1 +1 @@
-Subproject commit c1eb2ddf0f8075faddc5f7c3d39feae3e8e9d6b4
+Subproject commit f7f686b61cf7ee142c9264d2e04ac2c6a96d37f8
--
2.39.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH qemu 2/2] update reentrancy patches to version in upstream git
2023-06-06 8:58 [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Fiona Ebner
@ 2023-06-06 8:58 ` Fiona Ebner
2023-06-06 16:03 ` [pve-devel] applied: " Thomas Lamprecht
2023-06-06 16:03 ` [pve-devel] applied: [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Thomas Lamprecht
1 sibling, 1 reply; 4+ messages in thread
From: Fiona Ebner @ 2023-06-06 8:58 UTC (permalink / raw)
To: pve-devel
The previous version was picked from the mailing list and still had
an object_dynamic_cast call in a hot path, which is avoided with the
version that landed in git.
Also adds a few more exceptions for devices that need reentrancy.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...-memory-prevent-dma-reentracy-issues.patch | 118 ----------------
...s-Internal-cdbs-have-16-byte-length.patch} | 0
...al-deadlock-when-draining-during-tr.patch} | 0
...en-getting-cursor-without-a-console.patch} | 0
...isabling-re-entrancy-checking-per-MR.patch | 38 -----
...-memory-prevent-dma-reentracy-issues.patch | 130 ++++++++++++++++++
...le-reentrancy-detection-for-script-R.patch | 8 +-
...-disable-reentrancy-detection-for-io.patch | 37 +++++
...sable-reentrancy-detection-for-iomem.patch | 35 +++++
...le-reentrancy-detection-for-apic-msi.patch | 36 +++++
debian/patches/series | 12 +-
11 files changed, 252 insertions(+), 162 deletions(-)
delete mode 100644 debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch
rename debian/patches/extra/{0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch => 0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch} (100%)
rename debian/patches/extra/{0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch => 0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch} (100%)
rename debian/patches/extra/{0007-ui-return-NULL-when-getting-cursor-without-a-console.patch => 0004-ui-return-NULL-when-getting-cursor-without-a-console.patch} (100%)
delete mode 100644 debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
create mode 100644 debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch
create mode 100644 debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
create mode 100644 debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
create mode 100644 debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
diff --git a/debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch b/debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch
deleted file mode 100644
index 5be13d6..0000000
--- a/debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alexander Bulekov <alxndr@bu.edu>
-Date: Sat, 4 Feb 2023 23:07:34 -0500
-Subject: [PATCH] memory: prevent dma-reentracy issues
-
-Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
-This flag is set/checked prior to calling a device's MemoryRegion
-handlers, and set when device code initiates DMA. The purpose of this
-flag is to prevent two types of DMA-based reentrancy issues:
-
-1.) mmio -> dma -> mmio case
-2.) bh -> dma write -> mmio case
-
-These issues have led to problems such as stack-exhaustion and
-use-after-frees.
-
-Summary of the problem from Peter Maydell:
-https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
-
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
-
-Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
-Acked-by: Peter Xu <peterx@redhat.com>
-(picked-up from https://lists.nongnu.org/archive/html/qemu-devel/2023-02/msg01142.html)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- include/hw/qdev-core.h | 7 +++++++
- softmmu/memory.c | 17 +++++++++++++++++
- softmmu/trace-events | 1 +
- 3 files changed, 25 insertions(+)
-
-diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
-index bd50ad5ee1..7623703943 100644
---- a/include/hw/qdev-core.h
-+++ b/include/hw/qdev-core.h
-@@ -162,6 +162,10 @@ struct NamedClockList {
- QLIST_ENTRY(NamedClockList) node;
- };
-
-+typedef struct {
-+ bool engaged_in_io;
-+} MemReentrancyGuard;
-+
- /**
- * DeviceState:
- * @realized: Indicates whether the device has been fully constructed.
-@@ -194,6 +198,9 @@ struct DeviceState {
- int alias_required_for_version;
- ResettableState reset;
- GSList *unplug_blockers;
-+
-+ /* Is the device currently in mmio/pio/dma? Used to prevent re-entrancy */
-+ MemReentrancyGuard mem_reentrancy_guard;
- };
-
- struct DeviceListener {
-diff --git a/softmmu/memory.c b/softmmu/memory.c
-index b1a6cae6f5..e4d2268d32 100644
---- a/softmmu/memory.c
-+++ b/softmmu/memory.c
-@@ -533,6 +533,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
- uint64_t access_mask;
- unsigned access_size;
- unsigned i;
-+ DeviceState *dev = NULL;
- MemTxResult r = MEMTX_OK;
-
- if (!access_size_min) {
-@@ -542,6 +543,19 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
- access_size_max = 4;
- }
-
-+ /* Do not allow more than one simultanous access to a device's IO Regions */
-+ if (mr->owner &&
-+ !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) {
-+ dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE);
-+ if (dev) {
-+ if (dev->mem_reentrancy_guard.engaged_in_io) {
-+ trace_memory_region_reentrant_io(get_cpu_index(), mr, addr, size);
-+ return MEMTX_ERROR;
-+ }
-+ dev->mem_reentrancy_guard.engaged_in_io = true;
-+ }
-+ }
-+
- /* FIXME: support unaligned access? */
- access_size = MAX(MIN(size, access_size_max), access_size_min);
- access_mask = MAKE_64BIT_MASK(0, access_size * 8);
-@@ -556,6 +570,9 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
- access_mask, attrs);
- }
- }
-+ if (dev) {
-+ dev->mem_reentrancy_guard.engaged_in_io = false;
-+ }
- return r;
- }
-
-diff --git a/softmmu/trace-events b/softmmu/trace-events
-index 22606dc27b..62d04ea9a7 100644
---- a/softmmu/trace-events
-+++ b/softmmu/trace-events
-@@ -13,6 +13,7 @@ memory_region_ops_read(int cpu_index, void *mr, uint64_t addr, uint64_t value, u
- memory_region_ops_write(int cpu_index, void *mr, uint64_t addr, uint64_t value, unsigned size, const char *name) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u name '%s'"
- memory_region_subpage_read(int cpu_index, void *mr, uint64_t offset, uint64_t value, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" value 0x%"PRIx64" size %u"
- memory_region_subpage_write(int cpu_index, void *mr, uint64_t offset, uint64_t value, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" value 0x%"PRIx64" size %u"
-+memory_region_reentrant_io(int cpu_index, void *mr, uint64_t offset, unsigned size) "cpu %d mr %p offset 0x%"PRIx64" size %u"
- memory_region_ram_device_read(int cpu_index, void *mr, uint64_t addr, uint64_t value, unsigned size) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u"
- memory_region_ram_device_write(int cpu_index, void *mr, uint64_t addr, uint64_t value, unsigned size) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u"
- memory_region_sync_dirty(const char *mr, const char *listener, int global) "mr '%s' listener '%s' synced (global=%d)"
diff --git a/debian/patches/extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch b/debian/patches/extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
similarity index 100%
rename from debian/patches/extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
rename to debian/patches/extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
diff --git a/debian/patches/extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch b/debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
similarity index 100%
rename from debian/patches/extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch
rename to debian/patches/extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
diff --git a/debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch b/debian/patches/extra/0004-ui-return-NULL-when-getting-cursor-without-a-console.patch
similarity index 100%
rename from debian/patches/extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
rename to debian/patches/extra/0004-ui-return-NULL-when-getting-cursor-without-a-console.patch
diff --git a/debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch b/debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
deleted file mode 100644
index 47c0b80..0000000
--- a/debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Alexander Bulekov <alxndr@bu.edu>
-Date: Mon, 13 Mar 2023 04:24:16 -0400
-Subject: [PATCH] memory: Allow disabling re-entrancy checking per-MR
-
-Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
----
- include/exec/memory.h | 3 +++
- softmmu/memory.c | 2 +-
- 2 files changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/include/exec/memory.h b/include/exec/memory.h
-index 15ade918ba..e6819e3c39 100644
---- a/include/exec/memory.h
-+++ b/include/exec/memory.h
-@@ -791,6 +791,9 @@ struct MemoryRegion {
- unsigned ioeventfd_nb;
- MemoryRegionIoeventfd *ioeventfds;
- RamDiscardManager *rdm; /* Only for RAM */
-+
-+ /* For devices designed to perform re-entrant IO into their own IO MRs */
-+ bool disable_reentrancy_guard;
- };
-
- struct IOMMUMemoryRegion {
-diff --git a/softmmu/memory.c b/softmmu/memory.c
-index e4d2268d32..d88acb204b 100644
---- a/softmmu/memory.c
-+++ b/softmmu/memory.c
-@@ -544,7 +544,7 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
- }
-
- /* Do not allow more than one simultanous access to a device's IO Regions */
-- if (mr->owner &&
-+ if (mr->owner && !mr->disable_reentrancy_guard &&
- !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) {
- dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE);
- if (dev) {
diff --git a/debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch b/debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch
new file mode 100644
index 0000000..c9d0cd5
--- /dev/null
+++ b/debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch
@@ -0,0 +1,130 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov <alxndr@bu.edu>
+Date: Thu, 27 Apr 2023 17:10:06 -0400
+Subject: [PATCH] memory: prevent dma-reentracy issues
+
+Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA.
+This flag is set/checked prior to calling a device's MemoryRegion
+handlers, and set when device code initiates DMA. The purpose of this
+flag is to prevent two types of DMA-based reentrancy issues:
+
+1.) mmio -> dma -> mmio case
+2.) bh -> dma write -> mmio case
+
+These issues have led to problems such as stack-exhaustion and
+use-after-frees.
+
+Summary of the problem from Peter Maydell:
+https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com
+
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282
+Resolves: CVE-2023-0330
+
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Message-Id: <20230427211013.2994127-2-alxndr@bu.edu>
+[thuth: Replace warn_report() with warn_report_once()]
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit a2e1753b8054344f32cf94f31c6399a58794a380)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ include/exec/memory.h | 5 +++++
+ include/hw/qdev-core.h | 7 +++++++
+ softmmu/memory.c | 16 ++++++++++++++++
+ 3 files changed, 28 insertions(+)
+
+diff --git a/include/exec/memory.h b/include/exec/memory.h
+index 15ade918ba..e45ce6061f 100644
+--- a/include/exec/memory.h
++++ b/include/exec/memory.h
+@@ -767,6 +767,8 @@ struct MemoryRegion {
+ bool is_iommu;
+ RAMBlock *ram_block;
+ Object *owner;
++ /* owner as TYPE_DEVICE. Used for re-entrancy checks in MR access hotpath */
++ DeviceState *dev;
+
+ const MemoryRegionOps *ops;
+ void *opaque;
+@@ -791,6 +793,9 @@ struct MemoryRegion {
+ unsigned ioeventfd_nb;
+ MemoryRegionIoeventfd *ioeventfds;
+ RamDiscardManager *rdm; /* Only for RAM */
++
++ /* For devices designed to perform re-entrant IO into their own IO MRs */
++ bool disable_reentrancy_guard;
+ };
+
+ struct IOMMUMemoryRegion {
+diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
+index bd50ad5ee1..7623703943 100644
+--- a/include/hw/qdev-core.h
++++ b/include/hw/qdev-core.h
+@@ -162,6 +162,10 @@ struct NamedClockList {
+ QLIST_ENTRY(NamedClockList) node;
+ };
+
++typedef struct {
++ bool engaged_in_io;
++} MemReentrancyGuard;
++
+ /**
+ * DeviceState:
+ * @realized: Indicates whether the device has been fully constructed.
+@@ -194,6 +198,9 @@ struct DeviceState {
+ int alias_required_for_version;
+ ResettableState reset;
+ GSList *unplug_blockers;
++
++ /* Is the device currently in mmio/pio/dma? Used to prevent re-entrancy */
++ MemReentrancyGuard mem_reentrancy_guard;
+ };
+
+ struct DeviceListener {
+diff --git a/softmmu/memory.c b/softmmu/memory.c
+index b1a6cae6f5..b7b3386e9d 100644
+--- a/softmmu/memory.c
++++ b/softmmu/memory.c
+@@ -542,6 +542,18 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
+ access_size_max = 4;
+ }
+
++ /* Do not allow more than one simultaneous access to a device's IO Regions */
++ if (mr->dev && !mr->disable_reentrancy_guard &&
++ !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) {
++ if (mr->dev->mem_reentrancy_guard.engaged_in_io) {
++ warn_report_once("Blocked re-entrant IO on MemoryRegion: "
++ "%s at addr: 0x%" HWADDR_PRIX,
++ memory_region_name(mr), addr);
++ return MEMTX_ACCESS_ERROR;
++ }
++ mr->dev->mem_reentrancy_guard.engaged_in_io = true;
++ }
++
+ /* FIXME: support unaligned access? */
+ access_size = MAX(MIN(size, access_size_max), access_size_min);
+ access_mask = MAKE_64BIT_MASK(0, access_size * 8);
+@@ -556,6 +568,9 @@ static MemTxResult access_with_adjusted_size(hwaddr addr,
+ access_mask, attrs);
+ }
+ }
++ if (mr->dev) {
++ mr->dev->mem_reentrancy_guard.engaged_in_io = false;
++ }
+ return r;
+ }
+
+@@ -1170,6 +1185,7 @@ static void memory_region_do_init(MemoryRegion *mr,
+ }
+ mr->name = g_strdup(name);
+ mr->owner = owner;
++ mr->dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE);
+ mr->ram_block = NULL;
+
+ if (name) {
diff --git a/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch b/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
index 8f488dc..96d254c 100644
--- a/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
+++ b/debian/patches/extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
@@ -1,6 +1,6 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alexander Bulekov <alxndr@bu.edu>
-Date: Mon, 13 Mar 2023 04:24:17 -0400
+Date: Thu, 27 Apr 2023 17:10:10 -0400
Subject: [PATCH] lsi53c895a: disable reentrancy detection for script RAM
As the code is designed to use the memory APIs to access the script ram,
@@ -10,6 +10,12 @@ In the future, ram_io may be converted from an IO to a proper RAM MemoryRegion.
Reported-by: Fiona Ebner <f.ebner@proxmox.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
+Message-Id: <20230427211013.2994127-6-alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit bfd6e7ae6a72b84e2eb9574f56e6ec037f05182c)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
hw/scsi/lsi53c895a.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch b/debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
new file mode 100644
index 0000000..6ec9d03
--- /dev/null
+++ b/debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
@@ -0,0 +1,37 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov <alxndr@bu.edu>
+Date: Thu, 27 Apr 2023 17:10:11 -0400
+Subject: [PATCH] bcm2835_property: disable reentrancy detection for iomem
+
+As the code is designed for re-entrant calls from bcm2835_property to
+bcm2835_mbox and back into bcm2835_property, mark iomem as
+reentrancy-safe.
+
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Message-Id: <20230427211013.2994127-7-alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit 985c4a4e547afb9573b6bd6843d20eb2c3d1d1cd)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/misc/bcm2835_property.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/misc/bcm2835_property.c b/hw/misc/bcm2835_property.c
+index 890ae7bae5..de056ea2df 100644
+--- a/hw/misc/bcm2835_property.c
++++ b/hw/misc/bcm2835_property.c
+@@ -382,6 +382,13 @@ static void bcm2835_property_init(Object *obj)
+
+ memory_region_init_io(&s->iomem, OBJECT(s), &bcm2835_property_ops, s,
+ TYPE_BCM2835_PROPERTY, 0x10);
++
++ /*
++ * bcm2835_property_ops call into bcm2835_mbox, which in-turn reads from
++ * iomem. As such, mark iomem as re-entracy safe.
++ */
++ s->iomem.disable_reentrancy_guard = true;
++
+ sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
+ sysbus_init_irq(SYS_BUS_DEVICE(s), &s->mbox_irq);
+ }
diff --git a/debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch b/debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
new file mode 100644
index 0000000..bea68d4
--- /dev/null
+++ b/debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov <alxndr@bu.edu>
+Date: Thu, 27 Apr 2023 17:10:12 -0400
+Subject: [PATCH] raven: disable reentrancy detection for iomem
+
+As the code is designed for re-entrant calls from raven_io_ops to
+pci-conf, mark raven_io_ops as reentrancy-safe.
+
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Message-Id: <20230427211013.2994127-8-alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit 6dad5a6810d9c60ca320d01276f6133bbcfa1fc7)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/pci-host/raven.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/pci-host/raven.c b/hw/pci-host/raven.c
+index 072ffe3c5e..9a11ac4b2b 100644
+--- a/hw/pci-host/raven.c
++++ b/hw/pci-host/raven.c
+@@ -294,6 +294,13 @@ static void raven_pcihost_initfn(Object *obj)
+ memory_region_init(&s->pci_memory, obj, "pci-memory", 0x3f000000);
+ address_space_init(&s->pci_io_as, &s->pci_io, "raven-io");
+
++ /*
++ * Raven's raven_io_ops use the address-space API to access pci-conf-idx
++ * (which is also owned by the raven device). As such, mark the
++ * pci_io_non_contiguous as re-entrancy safe.
++ */
++ s->pci_io_non_contiguous.disable_reentrancy_guard = true;
++
+ /* CPU address space */
+ memory_region_add_subregion(address_space_mem, PCI_IO_BASE_ADDR,
+ &s->pci_io);
diff --git a/debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch b/debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
new file mode 100644
index 0000000..154cc36
--- /dev/null
+++ b/debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
@@ -0,0 +1,36 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov <alxndr@bu.edu>
+Date: Thu, 27 Apr 2023 17:10:13 -0400
+Subject: [PATCH] apic: disable reentrancy detection for apic-msi
+
+As the code is designed for re-entrant calls to apic-msi, mark apic-msi
+as reentrancy-safe.
+
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
+Message-Id: <20230427211013.2994127-9-alxndr@bu.edu>
+Signed-off-by: Thomas Huth <thuth@redhat.com>
+(cherry-picked from commit 50795ee051a342c681a9b45671c552fbd6274db8)
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ hw/intc/apic.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/hw/intc/apic.c b/hw/intc/apic.c
+index 20b5a94073..ac3d47d231 100644
+--- a/hw/intc/apic.c
++++ b/hw/intc/apic.c
+@@ -885,6 +885,13 @@ static void apic_realize(DeviceState *dev, Error **errp)
+ memory_region_init_io(&s->io_memory, OBJECT(s), &apic_io_ops, s, "apic-msi",
+ APIC_SPACE_SIZE);
+
++ /*
++ * apic-msi's apic_mem_write can call into ioapic_eoi_broadcast, which can
++ * write back to apic-msi. As such mark the apic-msi region re-entrancy
++ * safe.
++ */
++ s->io_memory.disable_reentrancy_guard = true;
++
+ s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, apic_timer, s);
+ local_apics[s->id] = s;
+
diff --git a/debian/patches/series b/debian/patches/series
index 7b45528..32c51a1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,10 +1,12 @@
extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
-extra/0002-memory-prevent-dma-reentracy-issues.patch
-extra/0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
-extra/0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch
-extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
+extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch
+extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch
+extra/0004-ui-return-NULL-when-getting-cursor-without-a-console.patch
+extra/0005-memory-prevent-dma-reentracy-issues.patch
extra/0006-lsi53c895a-disable-reentrancy-detection-for-script-R.patch
-extra/0007-ui-return-NULL-when-getting-cursor-without-a-console.patch
+extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
+extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
+extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
--
2.39.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] applied: [PATCH qemu 2/2] update reentrancy patches to version in upstream git
2023-06-06 8:58 ` [pve-devel] [PATCH qemu 2/2] update reentrancy patches to version in upstream git Fiona Ebner
@ 2023-06-06 16:03 ` Thomas Lamprecht
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2023-06-06 16:03 UTC (permalink / raw)
To: Proxmox VE development discussion, Fiona Ebner
Am 06/06/2023 um 10:58 schrieb Fiona Ebner:
> The previous version was picked from the mailing list and still had
> an object_dynamic_cast call in a hot path, which is avoided with the
> version that landed in git.
>
> Also adds a few more exceptions for devices that need reentrancy.
>
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
> ...-memory-prevent-dma-reentracy-issues.patch | 118 ----------------
> ...s-Internal-cdbs-have-16-byte-length.patch} | 0
> ...al-deadlock-when-draining-during-tr.patch} | 0
> ...en-getting-cursor-without-a-console.patch} | 0
> ...isabling-re-entrancy-checking-per-MR.patch | 38 -----
> ...-memory-prevent-dma-reentracy-issues.patch | 130 ++++++++++++++++++
> ...le-reentrancy-detection-for-script-R.patch | 8 +-
> ...-disable-reentrancy-detection-for-io.patch | 37 +++++
> ...sable-reentrancy-detection-for-iomem.patch | 35 +++++
> ...le-reentrancy-detection-for-apic-msi.patch | 36 +++++
> debian/patches/series | 12 +-
> 11 files changed, 252 insertions(+), 162 deletions(-)
> delete mode 100644 debian/patches/extra/0002-memory-prevent-dma-reentracy-issues.patch
> rename debian/patches/extra/{0003-scsi-megasas-Internal-cdbs-have-16-byte-length.patch => 0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch} (100%)
> rename debian/patches/extra/{0004-ide-avoid-potential-deadlock-when-draining-during-tr.patch => 0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch} (100%)
> rename debian/patches/extra/{0007-ui-return-NULL-when-getting-cursor-without-a-console.patch => 0004-ui-return-NULL-when-getting-cursor-without-a-console.patch} (100%)
> delete mode 100644 debian/patches/extra/0005-memory-Allow-disabling-re-entrancy-checking-per-MR.patch
> create mode 100644 debian/patches/extra/0005-memory-prevent-dma-reentracy-issues.patch
> create mode 100644 debian/patches/extra/0007-bcm2835_property-disable-reentrancy-detection-for-io.patch
> create mode 100644 debian/patches/extra/0008-raven-disable-reentrancy-detection-for-iomem.patch
> create mode 100644 debian/patches/extra/0009-apic-disable-reentrancy-detection-for-apic-msi.patch
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] applied: [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2
2023-06-06 8:58 [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Fiona Ebner
2023-06-06 8:58 ` [pve-devel] [PATCH qemu 2/2] update reentrancy patches to version in upstream git Fiona Ebner
@ 2023-06-06 16:03 ` Thomas Lamprecht
1 sibling, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2023-06-06 16:03 UTC (permalink / raw)
To: Proxmox VE development discussion, Fiona Ebner
Am 06/06/2023 um 10:58 schrieb Fiona Ebner:
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
> ...le-reentrancy-detection-for-script-R.patch | 4 +-
> ...39-fix-large_send_mss-divide-by-zero.patch | 72 ----
> ...en-getting-cursor-without-a-console.patch} | 2 +-
> ...-Fix-crash-when-executing-HMP-commit.patch | 48 ---
> ...our-channel-order-for-PNG-screenshot.patch | 77 ----
> ...arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch | 41 --
> ...e-incorrect-computation-in-float32_e.patch | 56 ---
> ...ge-wrong-XFRM-value-in-SGX-CPUID-lea.patch | 39 --
> ...t-assert_bdrv_graph_readable-by-defa.patch | 106 -----
> ...CI_ERR_UNCOR_MASK-register-for-machi.patch | 100 -----
> ...after-free-in-blockdev_mark_auto_del.patch | 57 ---
> ...ly-call-bdrv_activate-outside-corout.patch | 64 ---
> ...o_unref-for-calls-in-coroutine-conte.patch | 373 ------------------
> ...-no_coroutine_fns-in-qmp_block_resiz.patch | 43 --
> ...-tcg-Fix-atomic_mmu_lookup-for-reads.patch | 36 --
> debian/patches/series | 15 +-
> qemu | 2 +-
> 17 files changed, 5 insertions(+), 1130 deletions(-)
> delete mode 100644 debian/patches/extra/0007-rtl8139-fix-large_send_mss-divide-by-zero.patch
> rename debian/patches/extra/{0009-ui-return-NULL-when-getting-cursor-without-a-console.patch => 0007-ui-return-NULL-when-getting-cursor-without-a-console.patch} (97%)
> delete mode 100644 debian/patches/extra/0008-block-monitor-Fix-crash-when-executing-HMP-commit.patch
> delete mode 100644 debian/patches/extra/0010-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch
> delete mode 100644 debian/patches/extra/0011-target-arm-Fix-vd-vm-overlap-in-sve_ldff1_z.patch
> delete mode 100644 debian/patches/extra/0012-softfloat-Fix-the-incorrect-computation-in-float32_e.patch
> delete mode 100644 debian/patches/extra/0013-target-i386-Change-wrong-XFRM-value-in-SGX-CPUID-lea.patch
> delete mode 100644 debian/patches/extra/0014-block-compile-out-assert_bdrv_graph_readable-by-defa.patch
> delete mode 100644 debian/patches/extra/0015-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch
> delete mode 100644 debian/patches/extra/0016-block-Fix-use-after-free-in-blockdev_mark_auto_del.patch
> delete mode 100644 debian/patches/extra/0017-block-Consistently-call-bdrv_activate-outside-corout.patch
> delete mode 100644 debian/patches/extra/0018-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch
> delete mode 100644 debian/patches/extra/0019-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch
> delete mode 100644 debian/patches/extra/0020-accel-tcg-Fix-atomic_mmu_lookup-for-reads.patch
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-06-06 16:03 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-06 8:58 [pve-devel] [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Fiona Ebner
2023-06-06 8:58 ` [pve-devel] [PATCH qemu 2/2] update reentrancy patches to version in upstream git Fiona Ebner
2023-06-06 16:03 ` [pve-devel] applied: " Thomas Lamprecht
2023-06-06 16:03 ` [pve-devel] applied: [PATCH qemu 1/2] update submodule and patches to QEMU 8.0.2 Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox