From f33f068cda22a289846713dbca84bcc7ad95daafcc613d2fbf93735110f3c441 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Ricardo=20Ziviani?= Date: Fri, 30 Apr 2021 21:53:49 +0000 Subject: [PATCH] Accepting request 889648 from Virtualization:Staging Update version to v6.0.0 OBS-URL: https://build.opensuse.org/request/show/889648 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=641 --- ...-Fully-restart-unreclaim-loop-CVE-20.patch | 76 - ...-char-muxer-more-robust-wrt-small-FI.patch | 33 +- ...-keycode-gen-output-reproducible-use.patch | 35 - ...file-Don-t-check-pc-bios-as-pre-requ.patch | 4 +- PPC-KVM-Disable-mmu-notifier-check.patch | 8 +- ...e-soft-address-space-limit-to-hard-l.patch | 27 +- Update-linux-headers-to-5.11-rc2.patch | 1017 ---------- XXX-dont-dump-core-on-sigabort.patch | 6 +- acpi_piix4-Fix-migration-from-SLE11-SP2.patch | 4 +- audio-add-sanity-check.patch | 35 - ...k-Fix-deadlock-in-bdrv_co_yield_to_d.patch | 119 -- block-Fix-locking-in-qmp_block_resize.patch | 42 - ...k-Separate-blk_is_writable-and-blk_s.patch | 481 ----- ...k-Simplify-qmp_block_resize-error-pa.patch | 62 - ...k-nfs-fix-int-overflow-in-nfs_client.patch | 33 - ...k-rbd-Fix-memory-leak-in-qemu_rbd_co.patch | 47 - ...k-rbd-fix-memory-leak-in-qemu_rbd_co.patch | 74 - ...kjob-Fix-crash-with-IOthread-when-bl.patch | 113 -- ...li-fix-actual-variable-array-paramet.patch | 49 - ...d-no-pie-is-no-functional-linker-fla.patch | 74 - bundles.tar.xz | 4 +- ...nce_gem-switch-to-use-qemu_receive_p.patch | 39 - config.sh | 4 +- configure-only-populate-roms-if-softmmu.patch | 4 +- ...igure-remove-pkgversion-from-CONFIG_.patch | 4 +- ...core-Fix-help-of-CPU-core-device-typ.patch | 60 - ...add-our-support-doc-to-the-main-proj.patch | 23 + ...-add-SUSE-support-statements-to-html.patch | 27 - ...93x-switch-to-use-qemu_receive_packe.patch | 36 - e1000-fail-early-for-evil-descriptor.patch | 50 - ...0-switch-to-use-qemu_receive_packet-.patch | 36 - ...rm-virt-Disable-pl011-clock-migratio.patch | 87 - ...rm-virt-acpi-build-Fix-GSIV-values-o.patch | 36 - ...lock-fdc-Fix-fallback-property-on-sy.patch | 47 - ...ntc-arm_gic-Fix-interrupt-ID-in-GICD.patch | 65 - ...sa-Kconfig-Add-missing-dependency-VI.patch | 33 - ...sa-piix4-Migrate-Reset-Control-Regis.patch | 62 - ...et-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch | 36 - hw-s390x-fix-build-for-virtio-9p-ccw.patch | 40 - ...d-sd-Actually-perform-the-erase-oper.patch | 69 - ...d-sd-Fix-build-error-when-DEBUG_SD-i.patch | 35 - ...d-sd-Move-the-sd_block_-read-write-a.patch | 83 - ...d-sd-Skip-write-protect-groups-check.patch | 71 - ...d-sdhci-Correctly-set-the-controller.patch | 70 - ...d-sdhci-Don-t-transfer-any-data-when.patch | 87 - ...d-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch | 105 -- ...d-sdhci-Limit-block-size-only-when-S.patch | 52 - ...d-sdhci-Reset-the-data-pointer-of-s-.patch | 95 - ...mbios-handle-both-file-formats-regar.patch | 2 +- ...imer-slavio_timer-Allow-64-bit-acces.patch | 88 - hw-virtio-pci-Added-AER-capability.patch | 84 - ...irtio-pci-Added-counter-for-pcie-cap.patch | 41 - ...-acpi-restore-device-paths-for-pre-5.patch | 110 -- increase-x86_64-physical-bits-to-42.patch | 22 +- ...sts-Fix-_send_qemu_cmd-with-bash-5.1.patch | 1652 ----------------- ...118-switch-to-use-qemu_receive_packe.patch | 37 - linux-user-Fake-proc-cpuinfo.patch | 6 +- ...x-user-add-binfmt-wrapper-for-argv-0.patch | 4 +- ...x-user-lseek-explicitly-cast-non-set.patch | 4 +- linux-user-use-target_ulong.patch | 10 +- ...ogic-Use-PCIDevice-exit-instead-of-D.patch | 52 - ...ry-clamp-cached-translation-in-case-.patch | 137 -- ...le-for-virtio-gpu-pre-load-module-to.patch | 14 +- ...tor-Fix-assertion-failure-on-shutdow.patch | 86 - ...as-Remove-unused-MPTSASState-pending.patch | 86 - ...-mac-switch-to-use-qemu_receive_pack.patch | 36 - ...Fix-handling-of-id-in-netdev_add-and.patch | 119 -- net-introduce-qemu_receive_packet.patch | 171 -- ...t-switch-to-use-qemu_receive_packet-.patch | 38 - qemu-5.2.0.tar.xz | 3 - qemu-5.2.0.tar.xz.sig | Bin 310 -> 0 bytes qemu-6.0.0.tar.xz | 3 + qemu-6.0.0.tar.xz.sig | Bin 0 -> 310 bytes qemu-binfmt-conf-Modify-default-path.patch | 6 +- qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch | 8 +- qemu-cvs-gettimeofday.patch | 4 +- qemu-cvs-ioctl_debug.patch | 4 +- qemu-cvs-ioctl_nodirection.patch | 6 +- ...-nbd-Use-SOMAXCONN-for-socket-listen.patch | 83 - qemu-storage-daemon-Enable-object-add.patch | 36 - qemu.changes | 134 ++ qemu.spec | 408 ++-- qemu.spec.in | 128 +- ...handle-case-of-chardev-spice-module-.patch | 2 +- ...139-switch-to-use-qemu_receive_packe.patch | 39 - ...x-Fix-stringop-truncation-issue-repo.patch | 22 - s390x-add-have_virtio_ccw.patch | 50 - ...x-css-report-errors-from-ccw_dstream.patch | 269 --- s390x-modularize-virtio-gpu-ccw.patch | 87 - s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch | 96 - ...x-pci-restore-missing-Query-PCI-Func.patch | 41 - ...e-app-avoid-crash-when-core-spice-mo.patch | 55 - ...em-switch-to-use-qemu_receive_packet.patch | 38 - supported.arm.txt | 153 +- supported.ppc.txt | 3 +- supported.s390.txt | 123 +- supported.x86.txt | 171 +- ...et-arm-Don-t-decode-insns-in-the-XSc.patch | 48 - target-arm-Fix-MTE0_ACTIVE.patch | 35 - ...et-arm-Introduce-PREDDESC-field-defi.patch | 45 - ...et-arm-Update-PFIRST-PNEXT-for-pred_.patch | 65 - ...et-arm-Update-REV-PUNPK-for-pred_des.patch | 75 - ...et-arm-Update-ZIP-UZP-TRN-for-pred_d.patch | 91 - ...et-xtensa-fix-meson.build-rule-for-x.patch | 54 - ...Use-memset-for-large-vector-byte-rep.patch | 123 -- ...s-Fix-block-tests-to-be-compatible-w.patch | 12 +- ...s-qemu-iotests-Triple-timeout-of-i-o.patch | 8 +- ...s-virtiofsd-Replace-the-word-whiteli.patch | 93 - ...kt-switch-to-use-qemu_receive_packet.patch | 36 - ...nc-Add-missing-lock-for-send_color_m.patch | 38 - update-linux-headers-Include-const.h.patch | 48 - ...Help-compiler-out-to-avoid-a-warning.patch | 2 +- ...-fix-use-after-free-in-module_load_o.patch | 58 - ...-ccw-Connect-the-device-request-noti.patch | 115 -- ...t-user-blk-fix-blkcfg-num_queues-end.patch | 51 - ...ofsd-Add-support-for-FUSE_HANDLE_KIL.patch | 335 ---- ...io-move-use-disabled-flag-property-t.patch | 63 - virtio-pci-compat-page-aligned-ATS.patch | 134 -- ...iofs-drop-remapped-security.capabili.patch | 208 --- ...iofsd-Save-error-code-early-at-the-f.patch | 87 - ...iofsd-extract-lo_do_open-from-lo_ope.patch | 145 -- ...iofsd-optionally-return-inode-pointe.patch | 108 -- ...iofsd-prevent-opening-of-special-fil.patch | 298 --- ...add-block-resize-support-for-xen-dis.patch | 4 +- ...block-Fix-removal-of-backend-instanc.patch | 49 - ...ignore-live-parameter-from-xen-save-.patch | 4 +- ...disk-Add-suse-specific-flush-disable.patch | 6 +- 127 files changed, 729 insertions(+), 10179 deletions(-) delete mode 100644 9pfs-Fully-restart-unreclaim-loop-CVE-20.patch delete mode 100644 Make-keycode-gen-output-reproducible-use.patch delete mode 100644 Update-linux-headers-to-5.11-rc2.patch delete mode 100644 audio-add-sanity-check.patch delete mode 100644 block-Fix-deadlock-in-bdrv_co_yield_to_d.patch delete mode 100644 block-Fix-locking-in-qmp_block_resize.patch delete mode 100644 block-Separate-blk_is_writable-and-blk_s.patch delete mode 100644 block-Simplify-qmp_block_resize-error-pa.patch delete mode 100644 block-nfs-fix-int-overflow-in-nfs_client.patch delete mode 100644 block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch delete mode 100644 block-rbd-fix-memory-leak-in-qemu_rbd_co.patch delete mode 100644 blockjob-Fix-crash-with-IOthread-when-bl.patch delete mode 100644 brotli-fix-actual-variable-array-paramet.patch delete mode 100644 build-no-pie-is-no-functional-linker-fla.patch delete mode 100644 cadence_gem-switch-to-use-qemu_receive_p.patch delete mode 100644 cpu-core-Fix-help-of-CPU-core-device-typ.patch create mode 100644 doc-add-our-support-doc-to-the-main-proj.patch delete mode 100644 docs-add-SUSE-support-statements-to-html.patch delete mode 100644 dp8393x-switch-to-use-qemu_receive_packe.patch delete mode 100644 e1000-fail-early-for-evil-descriptor.patch delete mode 100644 e1000-switch-to-use-qemu_receive_packet-.patch delete mode 100644 hw-arm-virt-Disable-pl011-clock-migratio.patch delete mode 100644 hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch delete mode 100644 hw-block-fdc-Fix-fallback-property-on-sy.patch delete mode 100644 hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch delete mode 100644 hw-isa-Kconfig-Add-missing-dependency-VI.patch delete mode 100644 hw-isa-piix4-Migrate-Reset-Control-Regis.patch delete mode 100644 hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch delete mode 100644 hw-s390x-fix-build-for-virtio-9p-ccw.patch delete mode 100644 hw-sd-sd-Actually-perform-the-erase-oper.patch delete mode 100644 hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch delete mode 100644 hw-sd-sd-Move-the-sd_block_-read-write-a.patch delete mode 100644 hw-sd-sd-Skip-write-protect-groups-check.patch delete mode 100644 hw-sd-sdhci-Correctly-set-the-controller.patch delete mode 100644 hw-sd-sdhci-Don-t-transfer-any-data-when.patch delete mode 100644 hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch delete mode 100644 hw-sd-sdhci-Limit-block-size-only-when-S.patch delete mode 100644 hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch delete mode 100644 hw-timer-slavio_timer-Allow-64-bit-acces.patch delete mode 100644 hw-virtio-pci-Added-AER-capability.patch delete mode 100644 hw-virtio-pci-Added-counter-for-pcie-cap.patch delete mode 100644 i386-acpi-restore-device-paths-for-pre-5.patch delete mode 100644 iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch delete mode 100644 lan9118-switch-to-use-qemu_receive_packe.patch delete mode 100644 lsilogic-Use-PCIDevice-exit-instead-of-D.patch delete mode 100644 memory-clamp-cached-translation-in-case-.patch delete mode 100644 monitor-Fix-assertion-failure-on-shutdow.patch delete mode 100644 mptsas-Remove-unused-MPTSASState-pending.patch delete mode 100644 msf2-mac-switch-to-use-qemu_receive_pack.patch delete mode 100644 net-Fix-handling-of-id-in-netdev_add-and.patch delete mode 100644 net-introduce-qemu_receive_packet.patch delete mode 100644 pcnet-switch-to-use-qemu_receive_packet-.patch delete mode 100644 qemu-5.2.0.tar.xz delete mode 100644 qemu-5.2.0.tar.xz.sig create mode 100644 qemu-6.0.0.tar.xz create mode 100644 qemu-6.0.0.tar.xz.sig delete mode 100644 qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch delete mode 100644 qemu-storage-daemon-Enable-object-add.patch delete mode 100644 rtl8139-switch-to-use-qemu_receive_packe.patch delete mode 100644 s390x-Fix-stringop-truncation-issue-repo.patch delete mode 100644 s390x-add-have_virtio_ccw.patch delete mode 100644 s390x-css-report-errors-from-ccw_dstream.patch delete mode 100644 s390x-modularize-virtio-gpu-ccw.patch delete mode 100644 s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch delete mode 100644 s390x-pci-restore-missing-Query-PCI-Func.patch delete mode 100644 spice-app-avoid-crash-when-core-spice-mo.patch delete mode 100644 sungem-switch-to-use-qemu_receive_packet.patch delete mode 100644 target-arm-Don-t-decode-insns-in-the-XSc.patch delete mode 100644 target-arm-Fix-MTE0_ACTIVE.patch delete mode 100644 target-arm-Introduce-PREDDESC-field-defi.patch delete mode 100644 target-arm-Update-PFIRST-PNEXT-for-pred_.patch delete mode 100644 target-arm-Update-REV-PUNPK-for-pred_des.patch delete mode 100644 target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch delete mode 100644 target-xtensa-fix-meson.build-rule-for-x.patch delete mode 100644 tcg-Use-memset-for-large-vector-byte-rep.patch delete mode 100644 tools-virtiofsd-Replace-the-word-whiteli.patch delete mode 100644 tx_pkt-switch-to-use-qemu_receive_packet.patch delete mode 100644 ui-vnc-Add-missing-lock-for-send_color_m.patch delete mode 100644 update-linux-headers-Include-const.h.patch delete mode 100644 util-fix-use-after-free-in-module_load_o.patch delete mode 100644 vfio-ccw-Connect-the-device-request-noti.patch delete mode 100644 vhost-user-blk-fix-blkcfg-num_queues-end.patch delete mode 100644 viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch delete mode 100644 virtio-move-use-disabled-flag-property-t.patch delete mode 100644 virtio-pci-compat-page-aligned-ATS.patch delete mode 100644 virtiofs-drop-remapped-security.capabili.patch delete mode 100644 virtiofsd-Save-error-code-early-at-the-f.patch delete mode 100644 virtiofsd-extract-lo_do_open-from-lo_ope.patch delete mode 100644 virtiofsd-optionally-return-inode-pointe.patch delete mode 100644 virtiofsd-prevent-opening-of-special-fil.patch delete mode 100644 xen-block-Fix-removal-of-backend-instanc.patch diff --git a/9pfs-Fully-restart-unreclaim-loop-CVE-20.patch b/9pfs-Fully-restart-unreclaim-loop-CVE-20.patch deleted file mode 100644 index bdf9d1c8..00000000 --- a/9pfs-Fully-restart-unreclaim-loop-CVE-20.patch +++ /dev/null @@ -1,76 +0,0 @@ -From: Greg Kurz -Date: Thu, 14 Jan 2021 17:04:12 +0100 -Subject: 9pfs: Fully restart unreclaim loop (CVE-2021-20181) - -Git-commit: 89fbea8737e8f7b954745a1ffc4238d377055305 -References: bsc#1182137 - -Depending on the client activity, the server can be asked to open a huge -number of file descriptors and eventually hit RLIMIT_NOFILE. This is -currently mitigated using a reclaim logic : the server closes the file -descriptors of idle fids, based on the assumption that it will be able -to re-open them later. This assumption doesn't hold of course if the -client requests the file to be unlinked. In this case, we loop on the -entire fid list and mark all related fids as unreclaimable (the reclaim -logic will just ignore them) and, of course, we open or re-open their -file descriptors if needed since we're about to unlink the file. - -This is the purpose of v9fs_mark_fids_unreclaim(). Since the actual -opening of a file can cause the coroutine to yield, another client -request could possibly add a new fid that we may want to mark as -non-reclaimable as well. The loop is thus restarted if the re-open -request was actually transmitted to the backend. This is achieved -by keeping a reference on the first fid (head) before traversing -the list. - -This is wrong in several ways: -- a potential clunk request from the client could tear the first - fid down and cause the reference to be stale. This leads to a - use-after-free error that can be detected with ASAN, using a - custom 9p client -- fids are added at the head of the list : restarting from the - previous head will always miss fids added by a some other - potential request - -All these problems could be avoided if fids were being added at the -end of the list. This can be achieved with a QSIMPLEQ, but this is -probably too much change for a bug fix. For now let's keep it -simple and just restart the loop from the current head. - -Fixes: CVE-2021-20181 -Buglink: https://bugs.launchpad.net/qemu/+bug/1911666 -Reported-by: Zero Day Initiative -Reviewed-by: Christian Schoenebeck -Reviewed-by: Stefano Stabellini -Message-Id: <161064025265.1838153.15185571283519390907.stgit@bahia.lan> -Signed-off-by: Greg Kurz -Signed-off-by: Bruce Rogers ---- - hw/9pfs/9p.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c -index 94df440fc74004bfa45b3fe30540..6026b51a1c04ee82d6366cb13d50 100644 ---- a/hw/9pfs/9p.c -+++ b/hw/9pfs/9p.c -@@ -502,9 +502,9 @@ static int coroutine_fn v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) - { - int err; - V9fsState *s = pdu->s; -- V9fsFidState *fidp, head_fid; -+ V9fsFidState *fidp; - -- head_fid.next = s->fid_list; -+again: - for (fidp = s->fid_list; fidp; fidp = fidp->next) { - if (fidp->path.size != path->size) { - continue; -@@ -524,7 +524,7 @@ static int coroutine_fn v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) - * switched to the worker thread - */ - if (err == 0) { -- fidp = &head_fid; -+ goto again; - } - } - } diff --git a/Make-char-muxer-more-robust-wrt-small-FI.patch b/Make-char-muxer-more-robust-wrt-small-FI.patch index 7a6177d6..a2d994ef 100644 --- a/Make-char-muxer-more-robust-wrt-small-FI.patch +++ b/Make-char-muxer-more-robust-wrt-small-FI.patch @@ -25,9 +25,8 @@ Signed-off-by: Bruce Rogers chardev/char-mux.c | 16 ++++++++++++++++ chardev/char.c | 1 + chardev/chardev-internal.h | 3 +++ - chardev/chardev-sysemu.c | 1 + - tests/test-char.c | 1 + - 6 files changed, 23 insertions(+) + tests/unit/test-char.c | 1 + + 5 files changed, 22 insertions(+) diff --git a/chardev/char-fe.c b/chardev/char-fe.c index 474715c5a9257ae9e9e286d2e02d..eeb1b3e0b548027e2bcda0c272d5 100644 @@ -42,7 +41,7 @@ index 474715c5a9257ae9e9e286d2e02d..eeb1b3e0b548027e2bcda0c272d5 100644 #include "qemu/error-report.h" #include "qapi/error.h" diff --git a/chardev/char-mux.c b/chardev/char-mux.c -index 6f980bb83647da13c62f514391b3..094bc6703a3febdf5fefb7c0024f 100644 +index 72beef29d21c3bed1ffe6e48c7e7..6e5a3fb272c6b02e900b9775bad6 100644 --- a/chardev/char-mux.c +++ b/chardev/char-mux.c @@ -22,6 +22,7 @@ @@ -53,7 +52,7 @@ index 6f980bb83647da13c62f514391b3..094bc6703a3febdf5fefb7c0024f 100644 #include "qemu/osdep.h" #include "qapi/error.h" #include "qemu/module.h" -@@ -191,6 +192,17 @@ static void mux_chr_accept_input(Chardev *chr) +@@ -198,6 +199,17 @@ static void mux_chr_accept_input(Chardev *chr) be->chr_read(be->opaque, &d->buffer[m][d->cons[m]++ & MUX_BUFFER_MASK], 1); } @@ -71,7 +70,7 @@ index 6f980bb83647da13c62f514391b3..094bc6703a3febdf5fefb7c0024f 100644 } static int mux_chr_can_read(void *opaque) -@@ -325,6 +337,10 @@ static void qemu_chr_open_mux(Chardev *chr, +@@ -332,6 +344,10 @@ static void qemu_chr_open_mux(Chardev *chr, } d->focus = -1; @@ -83,7 +82,7 @@ index 6f980bb83647da13c62f514391b3..094bc6703a3febdf5fefb7c0024f 100644 * set of muxes */ diff --git a/chardev/char.c b/chardev/char.c -index aa4282164acabbba58a6eea76b8c..9add6ca377e402f5ce3215e4934d 100644 +index 398f09df19cd8567fa1ea96ee4d4..5778bd7666f8ff053269bf5b6b81 100644 --- a/chardev/char.c +++ b/chardev/char.c @@ -22,6 +22,7 @@ @@ -108,22 +107,10 @@ index aba0240759ebf938cf391d89edb8..fb3957b771f9e24547619fd45669 100644 int focus; int mux_cnt; int term_got_escape; -diff --git a/chardev/chardev-sysemu.c b/chardev/chardev-sysemu.c -index eecdc615ee1c6c64060452ac837d..c052f101e89c193af1effa9c6fa5 100644 ---- a/chardev/chardev-sysemu.c -+++ b/chardev/chardev-sysemu.c -@@ -22,6 +22,7 @@ - * THE SOFTWARE. - */ - -+#define HW_POISON_H /* avoid poison since we patch against rules it "enforces" */ - #include "qemu/osdep.h" - #include "sysemu/sysemu.h" - #include "chardev/char.h" -diff --git a/tests/test-char.c b/tests/test-char.c -index 9196e566e9ba671ed268a3178845..5d84a777738abfb28de151930c46 100644 ---- a/tests/test-char.c -+++ b/tests/test-char.c +diff --git a/tests/unit/test-char.c b/tests/unit/test-char.c +index 5b3b48ebacd353d4525226e3aaf5..6ce130a663ec372d18f0a674af8e 100644 +--- a/tests/unit/test-char.c ++++ b/tests/unit/test-char.c @@ -1,3 +1,4 @@ +#define HW_POISON_H /* avoid poison since we patch against rules it "enforces" */ #include "qemu/osdep.h" diff --git a/Make-keycode-gen-output-reproducible-use.patch b/Make-keycode-gen-output-reproducible-use.patch deleted file mode 100644 index 60e37eb7..00000000 --- a/Make-keycode-gen-output-reproducible-use.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: =?UTF-8?q?Stefan=20Br=C3=BCns?= -Date: Mon, 5 Aug 2019 20:03:11 +0000 -Subject: Make keycode-gen output reproducible (use SOURCE_DATE_EPOCH - timestamp) - -Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index 76dbb917f5cd3085ad93cb634c14..2e4808da4de018be61545ec681e3 100644 +index bcbbec71a1cb61342dada30c54d3..884d7b03faeb6d17f677a298ebef 100644 --- a/Makefile +++ b/Makefile -@@ -105,7 +105,7 @@ x := $(shell rm -rf meson-private meson-info meson-logs) +@@ -85,7 +85,7 @@ x := $(shell rm -rf meson-private meson-info meson-logs) endif # 1. ensure config-host.mak is up-to-date diff --git a/PPC-KVM-Disable-mmu-notifier-check.patch b/PPC-KVM-Disable-mmu-notifier-check.patch index 1289266c..67ec0e96 100644 --- a/PPC-KVM-Disable-mmu-notifier-check.patch +++ b/PPC-KVM-Disable-mmu-notifier-check.patch @@ -14,10 +14,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 2 insertions(+) diff --git a/softmmu/physmem.c b/softmmu/physmem.c -index 2cd1de4a2c46814f10c60fc1b8e5..2b06d754afdea5215fead91d3419 100644 +index 85034d9c11e3f65cce6041ea8acc..98d51d87249ea17ef30b7eaa2157 100644 --- a/softmmu/physmem.c +++ b/softmmu/physmem.c -@@ -1957,11 +1957,13 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr, +@@ -2029,11 +2029,13 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr, return NULL; } @@ -29,5 +29,5 @@ index 2cd1de4a2c46814f10c60fc1b8e5..2b06d754afdea5215fead91d3419 100644 } +#endif - if (phys_mem_alloc != qemu_anon_ram_alloc) { - /* + size = HOST_PAGE_ALIGN(size); + file_size = get_file_size(fd); diff --git a/Raise-soft-address-space-limit-to-hard-l.patch b/Raise-soft-address-space-limit-to-hard-l.patch index 6af5e1cc..39d390c9 100644 --- a/Raise-soft-address-space-limit-to-hard-l.patch +++ b/Raise-soft-address-space-limit-to-hard-l.patch @@ -16,29 +16,23 @@ Signed-off-by: Bruce Rogers 1 file changed, 12 insertions(+) diff --git a/softmmu/vl.c b/softmmu/vl.c -index e6e0ad5a9259038413f855ef6374..eaab7bf13e8c51e93b3d0f348f06 100644 +index aadb52613888ef6ac1fe7ec3a038..07ade8e5ccd2934a69b82bcaabae 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c -@@ -34,6 +34,7 @@ - #include "qemu/uuid.h" +@@ -40,6 +40,7 @@ #include "sysemu/reset.h" #include "sysemu/runstate.h" + #include "sysemu/runstate-action.h" +#include #include "sysemu/seccomp.h" #include "sysemu/tcg.h" #include "sysemu/xen.h" -@@ -2899,6 +2900,7 @@ void qemu_init(int argc, char **argv, char **envp) - BlockdevOptionsQueue bdo_queue = QSIMPLEQ_HEAD_INITIALIZER(bdo_queue); - QemuPluginList plugin_list = QTAILQ_HEAD_INITIALIZER(plugin_list); - int mem_prealloc = 0; /* force preallocation of physical target memory */ +@@ -2625,6 +2626,17 @@ void qemu_init(int argc, char **argv, char **envp) + MachineClass *machine_class; + bool userconfig = true; + FILE *vmstate_dump_file = NULL; + struct rlimit rlimit_as; - - os_set_line_buffering(); - -@@ -2910,6 +2912,16 @@ void qemu_init(int argc, char **argv, char **envp) - - qemu_mutex_lock_iothread(); - ++ + /* + * Try to raise the soft address space limit. + * Default on SLES 11 SP2 is 80% of physical+swap memory. @@ -48,7 +42,6 @@ index e6e0ad5a9259038413f855ef6374..eaab7bf13e8c51e93b3d0f348f06 100644 + rlimit_as.rlim_cur = rlimit_as.rlim_max; + setrlimit(RLIMIT_AS, &rlimit_as); + } -+ - atexit(qemu_run_exit_notifiers); - qemu_init_exec_dir(argv[0]); + qemu_add_opts(&qemu_drive_opts); + qemu_add_drive_opts(&qemu_legacy_drive_opts); diff --git a/Update-linux-headers-to-5.11-rc2.patch b/Update-linux-headers-to-5.11-rc2.patch deleted file mode 100644 index 528a148d..00000000 --- a/Update-linux-headers-to-5.11-rc2.patch +++ /dev/null @@ -1,1017 +0,0 @@ -From: Eric Farman -Date: Mon, 4 Jan 2021 21:20:56 +0100 -Subject: Update linux headers to 5.11-rc2 - -Git-commit: b3c818a47f419b6e2f5508fe29e7a30843236fee -References: bsc#1183634 - -Signed-off-by: Eric Farman -Message-Id: <20210104202057.48048-3-farman@linux.ibm.com> -[CH: dropped qatomic->atomic changes in pvrdma_ring.h] -Signed-off-by: Cornelia Huck -Signed-off-by: Bruce Rogers ---- - .../infiniband/hw/vmw_pvrdma/pvrdma_verbs.h | 2 +- - include/standard-headers/drm/drm_fourcc.h | 175 +++++++++++++++++- - include/standard-headers/linux/const.h | 36 ++++ - include/standard-headers/linux/ethtool.h | 2 +- - include/standard-headers/linux/fuse.h | 30 ++- - include/standard-headers/linux/kernel.h | 9 +- - include/standard-headers/linux/pci_regs.h | 16 ++ - include/standard-headers/linux/vhost_types.h | 9 + - include/standard-headers/linux/virtio_gpu.h | 82 ++++++++ - include/standard-headers/linux/virtio_ids.h | 44 +++-- - linux-headers/asm-arm64/kvm.h | 3 - - linux-headers/asm-generic/unistd.h | 6 +- - linux-headers/asm-mips/unistd_n32.h | 1 + - linux-headers/asm-mips/unistd_n64.h | 1 + - linux-headers/asm-mips/unistd_o32.h | 1 + - linux-headers/asm-powerpc/unistd_32.h | 1 + - linux-headers/asm-powerpc/unistd_64.h | 1 + - linux-headers/asm-s390/unistd_32.h | 1 + - linux-headers/asm-s390/unistd_64.h | 1 + - linux-headers/asm-x86/kvm.h | 1 + - linux-headers/asm-x86/unistd_32.h | 1 + - linux-headers/asm-x86/unistd_64.h | 1 + - linux-headers/asm-x86/unistd_x32.h | 1 + - linux-headers/linux/kvm.h | 56 +++++- - linux-headers/linux/userfaultfd.h | 9 + - linux-headers/linux/vfio.h | 1 + - linux-headers/linux/vhost.h | 4 + - 27 files changed, 454 insertions(+), 41 deletions(-) - -diff --git a/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.h b/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.h -index 0a8c7c9311994e3a9c3fabdabea1..1677208a411fa575d490de6cce15 100644 ---- a/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.h -+++ b/include/standard-headers/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.h -@@ -176,7 +176,7 @@ struct pvrdma_port_attr { - uint8_t subnet_timeout; - uint8_t init_type_reply; - uint8_t active_width; -- uint16_t active_speed; -+ uint8_t active_speed; - uint8_t phys_state; - uint8_t reserved[2]; - }; -diff --git a/include/standard-headers/drm/drm_fourcc.h b/include/standard-headers/drm/drm_fourcc.h -index 0de1a552cab235c00ff21de583f0..c47e19810c056da941878e6177dc 100644 ---- a/include/standard-headers/drm/drm_fourcc.h -+++ b/include/standard-headers/drm/drm_fourcc.h -@@ -57,6 +57,30 @@ extern "C" { - * may preserve meaning - such as number of planes - from the fourcc code, - * whereas others may not. - * -+ * Modifiers must uniquely encode buffer layout. In other words, a buffer must -+ * match only a single modifier. A modifier must not be a subset of layouts of -+ * another modifier. For instance, it's incorrect to encode pitch alignment in -+ * a modifier: a buffer may match a 64-pixel aligned modifier and a 32-pixel -+ * aligned modifier. That said, modifiers can have implicit minimal -+ * requirements. -+ * -+ * For modifiers where the combination of fourcc code and modifier can alias, -+ * a canonical pair needs to be defined and used by all drivers. Preferred -+ * combinations are also encouraged where all combinations might lead to -+ * confusion and unnecessarily reduced interoperability. An example for the -+ * latter is AFBC, where the ABGR layouts are preferred over ARGB layouts. -+ * -+ * There are two kinds of modifier users: -+ * -+ * - Kernel and user-space drivers: for drivers it's important that modifiers -+ * don't alias, otherwise two drivers might support the same format but use -+ * different aliases, preventing them from sharing buffers in an efficient -+ * format. -+ * - Higher-level programs interfacing with KMS/GBM/EGL/Vulkan/etc: these users -+ * see modifiers as opaque tokens they can check for equality and intersect. -+ * These users musn't need to know to reason about the modifier value -+ * (i.e. they are not expected to extract information out of the modifier). -+ * - * Vendors should document their modifier usage in as much detail as - * possible, to ensure maximum compatibility across devices, drivers and - * applications. -@@ -154,6 +178,12 @@ extern "C" { - #define DRM_FORMAT_ARGB16161616F fourcc_code('A', 'R', '4', 'H') /* [63:0] A:R:G:B 16:16:16:16 little endian */ - #define DRM_FORMAT_ABGR16161616F fourcc_code('A', 'B', '4', 'H') /* [63:0] A:B:G:R 16:16:16:16 little endian */ - -+/* -+ * RGBA format with 10-bit components packed in 64-bit per pixel, with 6 bits -+ * of unused padding per component: -+ */ -+#define DRM_FORMAT_AXBXGXRX106106106106 fourcc_code('A', 'B', '1', '0') /* [63:0] A:x:B:x:G:x:R:x 10:6:10:6:10:6:10:6 little endian */ -+ - /* packed YCbCr */ - #define DRM_FORMAT_YUYV fourcc_code('Y', 'U', 'Y', 'V') /* [31:0] Cr0:Y1:Cb0:Y0 8:8:8:8 little endian */ - #define DRM_FORMAT_YVYU fourcc_code('Y', 'V', 'Y', 'U') /* [31:0] Cb0:Y1:Cr0:Y0 8:8:8:8 little endian */ -@@ -319,7 +349,6 @@ extern "C" { - */ - - /* Vendor Ids: */ --#define DRM_FORMAT_MOD_NONE 0 - #define DRM_FORMAT_MOD_VENDOR_NONE 0 - #define DRM_FORMAT_MOD_VENDOR_INTEL 0x01 - #define DRM_FORMAT_MOD_VENDOR_AMD 0x02 -@@ -391,6 +420,16 @@ extern "C" { - */ - #define DRM_FORMAT_MOD_LINEAR fourcc_mod_code(NONE, 0) - -+/* -+ * Deprecated: use DRM_FORMAT_MOD_LINEAR instead -+ * -+ * The "none" format modifier doesn't actually mean that the modifier is -+ * implicit, instead it means that the layout is linear. Whether modifiers are -+ * used is out-of-band information carried in an API-specific way (e.g. in a -+ * flag for drm_mode_fb_cmd2). -+ */ -+#define DRM_FORMAT_MOD_NONE 0 -+ - /* Intel framebuffer modifiers */ - - /* -@@ -1055,6 +1094,140 @@ drm_fourcc_canonicalize_nvidia_format_mod(uint64_t modifier) - */ - #define AMLOGIC_FBC_OPTION_MEM_SAVING (1ULL << 0) - -+/* -+ * AMD modifiers -+ * -+ * Memory layout: -+ * -+ * without DCC: -+ * - main surface -+ * -+ * with DCC & without DCC_RETILE: -+ * - main surface in plane 0 -+ * - DCC surface in plane 1 (RB-aligned, pipe-aligned if DCC_PIPE_ALIGN is set) -+ * -+ * with DCC & DCC_RETILE: -+ * - main surface in plane 0 -+ * - displayable DCC surface in plane 1 (not RB-aligned & not pipe-aligned) -+ * - pipe-aligned DCC surface in plane 2 (RB-aligned & pipe-aligned) -+ * -+ * For multi-plane formats the above surfaces get merged into one plane for -+ * each format plane, based on the required alignment only. -+ * -+ * Bits Parameter Notes -+ * ----- ------------------------ --------------------------------------------- -+ * -+ * 7:0 TILE_VERSION Values are AMD_FMT_MOD_TILE_VER_* -+ * 12:8 TILE Values are AMD_FMT_MOD_TILE__* -+ * 13 DCC -+ * 14 DCC_RETILE -+ * 15 DCC_PIPE_ALIGN -+ * 16 DCC_INDEPENDENT_64B -+ * 17 DCC_INDEPENDENT_128B -+ * 19:18 DCC_MAX_COMPRESSED_BLOCK Values are AMD_FMT_MOD_DCC_BLOCK_* -+ * 20 DCC_CONSTANT_ENCODE -+ * 23:21 PIPE_XOR_BITS Only for some chips -+ * 26:24 BANK_XOR_BITS Only for some chips -+ * 29:27 PACKERS Only for some chips -+ * 32:30 RB Only for some chips -+ * 35:33 PIPE Only for some chips -+ * 55:36 - Reserved for future use, must be zero -+ */ -+#define AMD_FMT_MOD fourcc_mod_code(AMD, 0) -+ -+#define IS_AMD_FMT_MOD(val) (((val) >> 56) == DRM_FORMAT_MOD_VENDOR_AMD) -+ -+/* Reserve 0 for GFX8 and older */ -+#define AMD_FMT_MOD_TILE_VER_GFX9 1 -+#define AMD_FMT_MOD_TILE_VER_GFX10 2 -+#define AMD_FMT_MOD_TILE_VER_GFX10_RBPLUS 3 -+ -+/* -+ * 64K_S is the same for GFX9/GFX10/GFX10_RBPLUS and hence has GFX9 as canonical -+ * version. -+ */ -+#define AMD_FMT_MOD_TILE_GFX9_64K_S 9 -+ -+/* -+ * 64K_D for non-32 bpp is the same for GFX9/GFX10/GFX10_RBPLUS and hence has -+ * GFX9 as canonical version. -+ */ -+#define AMD_FMT_MOD_TILE_GFX9_64K_D 10 -+#define AMD_FMT_MOD_TILE_GFX9_64K_S_X 25 -+#define AMD_FMT_MOD_TILE_GFX9_64K_D_X 26 -+#define AMD_FMT_MOD_TILE_GFX9_64K_R_X 27 -+ -+#define AMD_FMT_MOD_DCC_BLOCK_64B 0 -+#define AMD_FMT_MOD_DCC_BLOCK_128B 1 -+#define AMD_FMT_MOD_DCC_BLOCK_256B 2 -+ -+#define AMD_FMT_MOD_TILE_VERSION_SHIFT 0 -+#define AMD_FMT_MOD_TILE_VERSION_MASK 0xFF -+#define AMD_FMT_MOD_TILE_SHIFT 8 -+#define AMD_FMT_MOD_TILE_MASK 0x1F -+ -+/* Whether DCC compression is enabled. */ -+#define AMD_FMT_MOD_DCC_SHIFT 13 -+#define AMD_FMT_MOD_DCC_MASK 0x1 -+ -+/* -+ * Whether to include two DCC surfaces, one which is rb & pipe aligned, and -+ * one which is not-aligned. -+ */ -+#define AMD_FMT_MOD_DCC_RETILE_SHIFT 14 -+#define AMD_FMT_MOD_DCC_RETILE_MASK 0x1 -+ -+/* Only set if DCC_RETILE = false */ -+#define AMD_FMT_MOD_DCC_PIPE_ALIGN_SHIFT 15 -+#define AMD_FMT_MOD_DCC_PIPE_ALIGN_MASK 0x1 -+ -+#define AMD_FMT_MOD_DCC_INDEPENDENT_64B_SHIFT 16 -+#define AMD_FMT_MOD_DCC_INDEPENDENT_64B_MASK 0x1 -+#define AMD_FMT_MOD_DCC_INDEPENDENT_128B_SHIFT 17 -+#define AMD_FMT_MOD_DCC_INDEPENDENT_128B_MASK 0x1 -+#define AMD_FMT_MOD_DCC_MAX_COMPRESSED_BLOCK_SHIFT 18 -+#define AMD_FMT_MOD_DCC_MAX_COMPRESSED_BLOCK_MASK 0x3 -+ -+/* -+ * DCC supports embedding some clear colors directly in the DCC surface. -+ * However, on older GPUs the rendering HW ignores the embedded clear color -+ * and prefers the driver provided color. This necessitates doing a fastclear -+ * eliminate operation before a process transfers control. -+ * -+ * If this bit is set that means the fastclear eliminate is not needed for these -+ * embeddable colors. -+ */ -+#define AMD_FMT_MOD_DCC_CONSTANT_ENCODE_SHIFT 20 -+#define AMD_FMT_MOD_DCC_CONSTANT_ENCODE_MASK 0x1 -+ -+/* -+ * The below fields are for accounting for per GPU differences. These are only -+ * relevant for GFX9 and later and if the tile field is *_X/_T. -+ * -+ * PIPE_XOR_BITS = always needed -+ * BANK_XOR_BITS = only for TILE_VER_GFX9 -+ * PACKERS = only for TILE_VER_GFX10_RBPLUS -+ * RB = only for TILE_VER_GFX9 & DCC -+ * PIPE = only for TILE_VER_GFX9 & DCC & (DCC_RETILE | DCC_PIPE_ALIGN) -+ */ -+#define AMD_FMT_MOD_PIPE_XOR_BITS_SHIFT 21 -+#define AMD_FMT_MOD_PIPE_XOR_BITS_MASK 0x7 -+#define AMD_FMT_MOD_BANK_XOR_BITS_SHIFT 24 -+#define AMD_FMT_MOD_BANK_XOR_BITS_MASK 0x7 -+#define AMD_FMT_MOD_PACKERS_SHIFT 27 -+#define AMD_FMT_MOD_PACKERS_MASK 0x7 -+#define AMD_FMT_MOD_RB_SHIFT 30 -+#define AMD_FMT_MOD_RB_MASK 0x7 -+#define AMD_FMT_MOD_PIPE_SHIFT 33 -+#define AMD_FMT_MOD_PIPE_MASK 0x7 -+ -+#define AMD_FMT_MOD_SET(field, value) \ -+ ((uint64_t)(value) << AMD_FMT_MOD_##field##_SHIFT) -+#define AMD_FMT_MOD_GET(field, value) \ -+ (((value) >> AMD_FMT_MOD_##field##_SHIFT) & AMD_FMT_MOD_##field##_MASK) -+#define AMD_FMT_MOD_CLEAR(field) \ -+ (~((uint64_t)AMD_FMT_MOD_##field##_MASK << AMD_FMT_MOD_##field##_SHIFT)) -+ - #if defined(__cplusplus) - } - #endif -diff --git a/include/standard-headers/linux/const.h b/include/standard-headers/linux/const.h -new file mode 100644 -index 0000000000000000000000000000000000000000..5e489872516827f195db45746660b9ed7d1f4870 ---- /dev/null -+++ b/include/standard-headers/linux/const.h -@@ -0,0 +1,36 @@ -+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -+/* const.h: Macros for dealing with constants. */ -+ -+#ifndef _LINUX_CONST_H -+#define _LINUX_CONST_H -+ -+/* Some constant macros are used in both assembler and -+ * C code. Therefore we cannot annotate them always with -+ * 'UL' and other type specifiers unilaterally. We -+ * use the following macros to deal with this. -+ * -+ * Similarly, _AT() will cast an expression with a type in C, but -+ * leave it unchanged in asm. -+ */ -+ -+#ifdef __ASSEMBLY__ -+#define _AC(X,Y) X -+#define _AT(T,X) X -+#else -+#define __AC(X,Y) (X##Y) -+#define _AC(X,Y) __AC(X,Y) -+#define _AT(T,X) ((T)(X)) -+#endif -+ -+#define _UL(x) (_AC(x, UL)) -+#define _ULL(x) (_AC(x, ULL)) -+ -+#define _BITUL(x) (_UL(1) << (x)) -+#define _BITULL(x) (_ULL(1) << (x)) -+ -+#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1) -+#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask)) -+ -+#define __KERNEL_DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) -+ -+#endif /* _LINUX_CONST_H */ -diff --git a/include/standard-headers/linux/ethtool.h b/include/standard-headers/linux/ethtool.h -index 0df22f7538e3227e9d2a07e5bca9..8bfd01d230dac8ce236b84b59790 100644 ---- a/include/standard-headers/linux/ethtool.h -+++ b/include/standard-headers/linux/ethtool.h -@@ -16,7 +16,7 @@ - - #include "net/eth.h" - --#include "standard-headers/linux/kernel.h" -+#include "standard-headers/linux/const.h" - #include "standard-headers/linux/types.h" - #include "standard-headers/linux/if_ether.h" - -diff --git a/include/standard-headers/linux/fuse.h b/include/standard-headers/linux/fuse.h -index 82c0a38b591ecf0685557bf57eac..950d7edb7ef683071481d0a69d8b 100644 ---- a/include/standard-headers/linux/fuse.h -+++ b/include/standard-headers/linux/fuse.h -@@ -175,6 +175,10 @@ - * - * 7.32 - * - add flags to fuse_attr, add FUSE_ATTR_SUBMOUNT, add FUSE_SUBMOUNTS -+ * -+ * 7.33 -+ * - add FUSE_HANDLE_KILLPRIV_V2, FUSE_WRITE_KILL_SUIDGID, FATTR_KILL_SUIDGID -+ * - add FUSE_OPEN_KILL_SUIDGID - */ - - #ifndef _LINUX_FUSE_H -@@ -206,7 +210,7 @@ - #define FUSE_KERNEL_VERSION 7 - - /** Minor version number of this interface */ --#define FUSE_KERNEL_MINOR_VERSION 32 -+#define FUSE_KERNEL_MINOR_VERSION 33 - - /** The node ID of the root inode */ - #define FUSE_ROOT_ID 1 -@@ -267,6 +271,7 @@ struct fuse_file_lock { - #define FATTR_MTIME_NOW (1 << 8) - #define FATTR_LOCKOWNER (1 << 9) - #define FATTR_CTIME (1 << 10) -+#define FATTR_KILL_SUIDGID (1 << 11) - - /** - * Flags returned by the OPEN request -@@ -316,6 +321,11 @@ struct fuse_file_lock { - * foffset and moffset fields in struct - * fuse_setupmapping_out and fuse_removemapping_one. - * FUSE_SUBMOUNTS: kernel supports auto-mounting directory submounts -+ * FUSE_HANDLE_KILLPRIV_V2: fs kills suid/sgid/cap on write/chown/trunc. -+ * Upon write/truncate suid/sgid is only killed if caller -+ * does not have CAP_FSETID. Additionally upon -+ * write/truncate sgid is killed only if file has group -+ * execute permission. (Same as Linux VFS behavior). - */ - #define FUSE_ASYNC_READ (1 << 0) - #define FUSE_POSIX_LOCKS (1 << 1) -@@ -345,6 +355,7 @@ struct fuse_file_lock { - #define FUSE_EXPLICIT_INVAL_DATA (1 << 25) - #define FUSE_MAP_ALIGNMENT (1 << 26) - #define FUSE_SUBMOUNTS (1 << 27) -+#define FUSE_HANDLE_KILLPRIV_V2 (1 << 28) - - /** - * CUSE INIT request/reply flags -@@ -374,11 +385,14 @@ struct fuse_file_lock { - * - * FUSE_WRITE_CACHE: delayed write from page cache, file handle is guessed - * FUSE_WRITE_LOCKOWNER: lock_owner field is valid -- * FUSE_WRITE_KILL_PRIV: kill suid and sgid bits -+ * FUSE_WRITE_KILL_SUIDGID: kill suid and sgid bits - */ - #define FUSE_WRITE_CACHE (1 << 0) - #define FUSE_WRITE_LOCKOWNER (1 << 1) --#define FUSE_WRITE_KILL_PRIV (1 << 2) -+#define FUSE_WRITE_KILL_SUIDGID (1 << 2) -+ -+/* Obsolete alias; this flag implies killing suid/sgid only. */ -+#define FUSE_WRITE_KILL_PRIV FUSE_WRITE_KILL_SUIDGID - - /** - * Read flags -@@ -427,6 +441,12 @@ struct fuse_file_lock { - */ - #define FUSE_ATTR_SUBMOUNT (1 << 0) - -+/** -+ * Open flags -+ * FUSE_OPEN_KILL_SUIDGID: Kill suid and sgid if executable -+ */ -+#define FUSE_OPEN_KILL_SUIDGID (1 << 0) -+ - enum fuse_opcode { - FUSE_LOOKUP = 1, - FUSE_FORGET = 2, /* no reply */ -@@ -588,14 +608,14 @@ struct fuse_setattr_in { - - struct fuse_open_in { - uint32_t flags; -- uint32_t unused; -+ uint32_t open_flags; /* FUSE_OPEN_... */ - }; - - struct fuse_create_in { - uint32_t flags; - uint32_t mode; - uint32_t umask; -- uint32_t padding; -+ uint32_t open_flags; /* FUSE_OPEN_... */ - }; - - struct fuse_open_out { -diff --git a/include/standard-headers/linux/kernel.h b/include/standard-headers/linux/kernel.h -index 1eeba2ef9242dfd61a820ba615bb..7848c5ae25e2385e59fd710ccf2f 100644 ---- a/include/standard-headers/linux/kernel.h -+++ b/include/standard-headers/linux/kernel.h -@@ -3,13 +3,6 @@ - #define _LINUX_KERNEL_H - - #include "standard-headers/linux/sysinfo.h" -- --/* -- * 'kernel.h' contains some often-used function prototypes etc -- */ --#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1) --#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask)) -- --#define __KERNEL_DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) -+#include "standard-headers/linux/const.h" - - #endif /* _LINUX_KERNEL_H */ -diff --git a/include/standard-headers/linux/pci_regs.h b/include/standard-headers/linux/pci_regs.h -index a95d55f9f25761ab78c8ef529dc4..e709ae8235e7fd2deeeb63b0ad50 100644 ---- a/include/standard-headers/linux/pci_regs.h -+++ b/include/standard-headers/linux/pci_regs.h -@@ -531,6 +531,7 @@ - #define PCI_EXP_LNKCAP_SLS_8_0GB 0x00000003 /* LNKCAP2 SLS Vector bit 2 */ - #define PCI_EXP_LNKCAP_SLS_16_0GB 0x00000004 /* LNKCAP2 SLS Vector bit 3 */ - #define PCI_EXP_LNKCAP_SLS_32_0GB 0x00000005 /* LNKCAP2 SLS Vector bit 4 */ -+#define PCI_EXP_LNKCAP_SLS_64_0GB 0x00000006 /* LNKCAP2 SLS Vector bit 5 */ - #define PCI_EXP_LNKCAP_MLW 0x000003f0 /* Maximum Link Width */ - #define PCI_EXP_LNKCAP_ASPMS 0x00000c00 /* ASPM Support */ - #define PCI_EXP_LNKCAP_ASPM_L0S 0x00000400 /* ASPM L0s Support */ -@@ -562,6 +563,7 @@ - #define PCI_EXP_LNKSTA_CLS_8_0GB 0x0003 /* Current Link Speed 8.0GT/s */ - #define PCI_EXP_LNKSTA_CLS_16_0GB 0x0004 /* Current Link Speed 16.0GT/s */ - #define PCI_EXP_LNKSTA_CLS_32_0GB 0x0005 /* Current Link Speed 32.0GT/s */ -+#define PCI_EXP_LNKSTA_CLS_64_0GB 0x0006 /* Current Link Speed 64.0GT/s */ - #define PCI_EXP_LNKSTA_NLW 0x03f0 /* Negotiated Link Width */ - #define PCI_EXP_LNKSTA_NLW_X1 0x0010 /* Current Link Width x1 */ - #define PCI_EXP_LNKSTA_NLW_X2 0x0020 /* Current Link Width x2 */ -@@ -670,6 +672,7 @@ - #define PCI_EXP_LNKCAP2_SLS_8_0GB 0x00000008 /* Supported Speed 8GT/s */ - #define PCI_EXP_LNKCAP2_SLS_16_0GB 0x00000010 /* Supported Speed 16GT/s */ - #define PCI_EXP_LNKCAP2_SLS_32_0GB 0x00000020 /* Supported Speed 32GT/s */ -+#define PCI_EXP_LNKCAP2_SLS_64_0GB 0x00000040 /* Supported Speed 64GT/s */ - #define PCI_EXP_LNKCAP2_CROSSLINK 0x00000100 /* Crosslink supported */ - #define PCI_EXP_LNKCTL2 48 /* Link Control 2 */ - #define PCI_EXP_LNKCTL2_TLS 0x000f -@@ -678,6 +681,7 @@ - #define PCI_EXP_LNKCTL2_TLS_8_0GT 0x0003 /* Supported Speed 8GT/s */ - #define PCI_EXP_LNKCTL2_TLS_16_0GT 0x0004 /* Supported Speed 16GT/s */ - #define PCI_EXP_LNKCTL2_TLS_32_0GT 0x0005 /* Supported Speed 32GT/s */ -+#define PCI_EXP_LNKCTL2_TLS_64_0GT 0x0006 /* Supported Speed 64GT/s */ - #define PCI_EXP_LNKCTL2_ENTER_COMP 0x0010 /* Enter Compliance */ - #define PCI_EXP_LNKCTL2_TX_MARGIN 0x0380 /* Transmit Margin */ - #define PCI_EXP_LNKCTL2_HASD 0x0020 /* HW Autonomous Speed Disable */ -@@ -723,6 +727,7 @@ - #define PCI_EXT_CAP_ID_DPC 0x1D /* Downstream Port Containment */ - #define PCI_EXT_CAP_ID_L1SS 0x1E /* L1 PM Substates */ - #define PCI_EXT_CAP_ID_PTM 0x1F /* Precision Time Measurement */ -+#define PCI_EXT_CAP_ID_DVSEC 0x23 /* Designated Vendor-Specific */ - #define PCI_EXT_CAP_ID_DLF 0x25 /* Data Link Feature */ - #define PCI_EXT_CAP_ID_PL_16GT 0x26 /* Physical Layer 16.0 GT/s */ - #define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_PL_16GT -@@ -831,6 +836,13 @@ - #define PCI_PWR_CAP_BUDGET(x) ((x) & 1) /* Included in system budget */ - #define PCI_EXT_CAP_PWR_SIZEOF 16 - -+/* Root Complex Event Collector Endpoint Association */ -+#define PCI_RCEC_RCIEP_BITMAP 4 /* Associated Bitmap for RCiEPs */ -+#define PCI_RCEC_BUSN 8 /* RCEC Associated Bus Numbers */ -+#define PCI_RCEC_BUSN_REG_VER 0x02 /* Least version with BUSN present */ -+#define PCI_RCEC_BUSN_NEXT(x) (((x) >> 8) & 0xff) -+#define PCI_RCEC_BUSN_LAST(x) (((x) >> 16) & 0xff) -+ - /* Vendor-Specific (VSEC, PCI_EXT_CAP_ID_VNDR) */ - #define PCI_VNDR_HEADER 4 /* Vendor-Specific Header */ - #define PCI_VNDR_HEADER_ID(x) ((x) & 0xffff) -@@ -1066,6 +1078,10 @@ - #define PCI_L1SS_CTL1_LTR_L12_TH_SCALE 0xe0000000 /* LTR_L1.2_THRESHOLD_Scale */ - #define PCI_L1SS_CTL2 0x0c /* Control 2 Register */ - -+/* Designated Vendor-Specific (DVSEC, PCI_EXT_CAP_ID_DVSEC) */ -+#define PCI_DVSEC_HEADER1 0x4 /* Designated Vendor-Specific Header1 */ -+#define PCI_DVSEC_HEADER2 0x8 /* Designated Vendor-Specific Header2 */ -+ - /* Data Link Feature */ - #define PCI_DLF_CAP 0x04 /* Capabilities Register */ - #define PCI_DLF_EXCHANGE_ENABLE 0x80000000 /* Data Link Feature Exchange Enable */ -diff --git a/include/standard-headers/linux/vhost_types.h b/include/standard-headers/linux/vhost_types.h -index 486630b33287408183ce932564ad..0bd2684a2ae47993594e5f8fcf5b 100644 ---- a/include/standard-headers/linux/vhost_types.h -+++ b/include/standard-headers/linux/vhost_types.h -@@ -138,6 +138,15 @@ struct vhost_vdpa_config { - uint8_t buf[0]; - }; - -+/* vhost vdpa IOVA range -+ * @first: First address that can be mapped by vhost-vDPA -+ * @last: Last address that can be mapped by vhost-vDPA -+ */ -+struct vhost_vdpa_iova_range { -+ uint64_t first; -+ uint64_t last; -+}; -+ - /* Feature bits */ - /* Log all write descriptors. Can be changed while device is active. */ - #define VHOST_F_LOG_ALL 26 -diff --git a/include/standard-headers/linux/virtio_gpu.h b/include/standard-headers/linux/virtio_gpu.h -index 4183cdc74b33fc510a83f3c47293..1357e4774ea65573eae228a33b08 100644 ---- a/include/standard-headers/linux/virtio_gpu.h -+++ b/include/standard-headers/linux/virtio_gpu.h -@@ -55,6 +55,11 @@ - */ - #define VIRTIO_GPU_F_RESOURCE_UUID 2 - -+/* -+ * VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB -+ */ -+#define VIRTIO_GPU_F_RESOURCE_BLOB 3 -+ - enum virtio_gpu_ctrl_type { - VIRTIO_GPU_UNDEFINED = 0, - -@@ -71,6 +76,8 @@ enum virtio_gpu_ctrl_type { - VIRTIO_GPU_CMD_GET_CAPSET, - VIRTIO_GPU_CMD_GET_EDID, - VIRTIO_GPU_CMD_RESOURCE_ASSIGN_UUID, -+ VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB, -+ VIRTIO_GPU_CMD_SET_SCANOUT_BLOB, - - /* 3d commands */ - VIRTIO_GPU_CMD_CTX_CREATE = 0x0200, -@@ -81,6 +88,8 @@ enum virtio_gpu_ctrl_type { - VIRTIO_GPU_CMD_TRANSFER_TO_HOST_3D, - VIRTIO_GPU_CMD_TRANSFER_FROM_HOST_3D, - VIRTIO_GPU_CMD_SUBMIT_3D, -+ VIRTIO_GPU_CMD_RESOURCE_MAP_BLOB, -+ VIRTIO_GPU_CMD_RESOURCE_UNMAP_BLOB, - - /* cursor commands */ - VIRTIO_GPU_CMD_UPDATE_CURSOR = 0x0300, -@@ -93,6 +102,7 @@ enum virtio_gpu_ctrl_type { - VIRTIO_GPU_RESP_OK_CAPSET, - VIRTIO_GPU_RESP_OK_EDID, - VIRTIO_GPU_RESP_OK_RESOURCE_UUID, -+ VIRTIO_GPU_RESP_OK_MAP_INFO, - - /* error responses */ - VIRTIO_GPU_RESP_ERR_UNSPEC = 0x1200, -@@ -103,6 +113,15 @@ enum virtio_gpu_ctrl_type { - VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER, - }; - -+enum virtio_gpu_shm_id { -+ VIRTIO_GPU_SHM_ID_UNDEFINED = 0, -+ /* -+ * VIRTIO_GPU_CMD_RESOURCE_MAP_BLOB -+ * VIRTIO_GPU_CMD_RESOURCE_UNMAP_BLOB -+ */ -+ VIRTIO_GPU_SHM_ID_HOST_VISIBLE = 1 -+}; -+ - #define VIRTIO_GPU_FLAG_FENCE (1 << 0) - - struct virtio_gpu_ctrl_hdr { -@@ -359,4 +378,67 @@ struct virtio_gpu_resp_resource_uuid { - uint8_t uuid[16]; - }; - -+/* VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB */ -+struct virtio_gpu_resource_create_blob { -+ struct virtio_gpu_ctrl_hdr hdr; -+ uint32_t resource_id; -+#define VIRTIO_GPU_BLOB_MEM_GUEST 0x0001 -+#define VIRTIO_GPU_BLOB_MEM_HOST3D 0x0002 -+#define VIRTIO_GPU_BLOB_MEM_HOST3D_GUEST 0x0003 -+ -+#define VIRTIO_GPU_BLOB_FLAG_USE_MAPPABLE 0x0001 -+#define VIRTIO_GPU_BLOB_FLAG_USE_SHAREABLE 0x0002 -+#define VIRTIO_GPU_BLOB_FLAG_USE_CROSS_DEVICE 0x0004 -+ /* zero is invalid blob mem */ -+ uint32_t blob_mem; -+ uint32_t blob_flags; -+ uint32_t nr_entries; -+ uint64_t blob_id; -+ uint64_t size; -+ /* -+ * sizeof(nr_entries * virtio_gpu_mem_entry) bytes follow -+ */ -+}; -+ -+/* VIRTIO_GPU_CMD_SET_SCANOUT_BLOB */ -+struct virtio_gpu_set_scanout_blob { -+ struct virtio_gpu_ctrl_hdr hdr; -+ struct virtio_gpu_rect r; -+ uint32_t scanout_id; -+ uint32_t resource_id; -+ uint32_t width; -+ uint32_t height; -+ uint32_t format; -+ uint32_t padding; -+ uint32_t strides[4]; -+ uint32_t offsets[4]; -+}; -+ -+/* VIRTIO_GPU_CMD_RESOURCE_MAP_BLOB */ -+struct virtio_gpu_resource_map_blob { -+ struct virtio_gpu_ctrl_hdr hdr; -+ uint32_t resource_id; -+ uint32_t padding; -+ uint64_t offset; -+}; -+ -+/* VIRTIO_GPU_RESP_OK_MAP_INFO */ -+#define VIRTIO_GPU_MAP_CACHE_MASK 0x0f -+#define VIRTIO_GPU_MAP_CACHE_NONE 0x00 -+#define VIRTIO_GPU_MAP_CACHE_CACHED 0x01 -+#define VIRTIO_GPU_MAP_CACHE_UNCACHED 0x02 -+#define VIRTIO_GPU_MAP_CACHE_WC 0x03 -+struct virtio_gpu_resp_map_info { -+ struct virtio_gpu_ctrl_hdr hdr; -+ uint32_t map_info; -+ uint32_t padding; -+}; -+ -+/* VIRTIO_GPU_CMD_RESOURCE_UNMAP_BLOB */ -+struct virtio_gpu_resource_unmap_blob { -+ struct virtio_gpu_ctrl_hdr hdr; -+ uint32_t resource_id; -+ uint32_t padding; -+}; -+ - #endif -diff --git a/include/standard-headers/linux/virtio_ids.h b/include/standard-headers/linux/virtio_ids.h -index b052355ac7a324e173f4ea44c48d..bc1c0621f5edd18ee6e3c9328f4d 100644 ---- a/include/standard-headers/linux/virtio_ids.h -+++ b/include/standard-headers/linux/virtio_ids.h -@@ -29,24 +29,30 @@ - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. */ - --#define VIRTIO_ID_NET 1 /* virtio net */ --#define VIRTIO_ID_BLOCK 2 /* virtio block */ --#define VIRTIO_ID_CONSOLE 3 /* virtio console */ --#define VIRTIO_ID_RNG 4 /* virtio rng */ --#define VIRTIO_ID_BALLOON 5 /* virtio balloon */ --#define VIRTIO_ID_RPMSG 7 /* virtio remote processor messaging */ --#define VIRTIO_ID_SCSI 8 /* virtio scsi */ --#define VIRTIO_ID_9P 9 /* 9p virtio console */ --#define VIRTIO_ID_RPROC_SERIAL 11 /* virtio remoteproc serial link */ --#define VIRTIO_ID_CAIF 12 /* Virtio caif */ --#define VIRTIO_ID_GPU 16 /* virtio GPU */ --#define VIRTIO_ID_INPUT 18 /* virtio input */ --#define VIRTIO_ID_VSOCK 19 /* virtio vsock transport */ --#define VIRTIO_ID_CRYPTO 20 /* virtio crypto */ --#define VIRTIO_ID_IOMMU 23 /* virtio IOMMU */ --#define VIRTIO_ID_MEM 24 /* virtio mem */ --#define VIRTIO_ID_FS 26 /* virtio filesystem */ --#define VIRTIO_ID_PMEM 27 /* virtio pmem */ --#define VIRTIO_ID_MAC80211_HWSIM 29 /* virtio mac80211-hwsim */ -+#define VIRTIO_ID_NET 1 /* virtio net */ -+#define VIRTIO_ID_BLOCK 2 /* virtio block */ -+#define VIRTIO_ID_CONSOLE 3 /* virtio console */ -+#define VIRTIO_ID_RNG 4 /* virtio rng */ -+#define VIRTIO_ID_BALLOON 5 /* virtio balloon */ -+#define VIRTIO_ID_IOMEM 6 /* virtio ioMemory */ -+#define VIRTIO_ID_RPMSG 7 /* virtio remote processor messaging */ -+#define VIRTIO_ID_SCSI 8 /* virtio scsi */ -+#define VIRTIO_ID_9P 9 /* 9p virtio console */ -+#define VIRTIO_ID_MAC80211_WLAN 10 /* virtio WLAN MAC */ -+#define VIRTIO_ID_RPROC_SERIAL 11 /* virtio remoteproc serial link */ -+#define VIRTIO_ID_CAIF 12 /* Virtio caif */ -+#define VIRTIO_ID_MEMORY_BALLOON 13 /* virtio memory balloon */ -+#define VIRTIO_ID_GPU 16 /* virtio GPU */ -+#define VIRTIO_ID_CLOCK 17 /* virtio clock/timer */ -+#define VIRTIO_ID_INPUT 18 /* virtio input */ -+#define VIRTIO_ID_VSOCK 19 /* virtio vsock transport */ -+#define VIRTIO_ID_CRYPTO 20 /* virtio crypto */ -+#define VIRTIO_ID_SIGNAL_DIST 21 /* virtio signal distribution device */ -+#define VIRTIO_ID_PSTORE 22 /* virtio pstore device */ -+#define VIRTIO_ID_IOMMU 23 /* virtio IOMMU */ -+#define VIRTIO_ID_MEM 24 /* virtio mem */ -+#define VIRTIO_ID_FS 26 /* virtio filesystem */ -+#define VIRTIO_ID_PMEM 27 /* virtio pmem */ -+#define VIRTIO_ID_MAC80211_HWSIM 29 /* virtio mac80211-hwsim */ - - #endif /* _LINUX_VIRTIO_IDS_H */ -diff --git a/linux-headers/asm-arm64/kvm.h b/linux-headers/asm-arm64/kvm.h -index a72de1ae4cb5638b42ea7057a9cc..b6a0eaa32ae68ff63a86b89f2c20 100644 ---- a/linux-headers/asm-arm64/kvm.h -+++ b/linux-headers/asm-arm64/kvm.h -@@ -156,9 +156,6 @@ struct kvm_sync_regs { - __u64 device_irq_level; - }; - --struct kvm_arch_memory_slot { --}; -- - /* - * PMU filter structure. Describe a range of events with a particular - * action. To be used with KVM_ARM_VCPU_PMU_V3_FILTER. -diff --git a/linux-headers/asm-generic/unistd.h b/linux-headers/asm-generic/unistd.h -index 2056318988f774931c4e0a310414..728752917785efe99cc6a325edbb 100644 ---- a/linux-headers/asm-generic/unistd.h -+++ b/linux-headers/asm-generic/unistd.h -@@ -517,7 +517,7 @@ __SC_COMP(__NR_settimeofday, sys_settimeofday, compat_sys_settimeofday) - __SC_3264(__NR_adjtimex, sys_adjtimex_time32, sys_adjtimex) - #endif - --/* kernel/timer.c */ -+/* kernel/sys.c */ - #define __NR_getpid 172 - __SYSCALL(__NR_getpid, sys_getpid) - #define __NR_getppid 173 -@@ -859,9 +859,11 @@ __SYSCALL(__NR_pidfd_getfd, sys_pidfd_getfd) - __SYSCALL(__NR_faccessat2, sys_faccessat2) - #define __NR_process_madvise 440 - __SYSCALL(__NR_process_madvise, sys_process_madvise) -+#define __NR_epoll_pwait2 441 -+__SC_COMP(__NR_epoll_pwait2, sys_epoll_pwait2, compat_sys_epoll_pwait2) - - #undef __NR_syscalls --#define __NR_syscalls 441 -+#define __NR_syscalls 442 - - /* - * 32 bit systems traditionally used different -diff --git a/linux-headers/asm-mips/unistd_n32.h b/linux-headers/asm-mips/unistd_n32.h -index aba284d190a0f7b887943283bfb6..59e53b6e076fc4ac2d044a1b5a1f 100644 ---- a/linux-headers/asm-mips/unistd_n32.h -+++ b/linux-headers/asm-mips/unistd_n32.h -@@ -370,6 +370,7 @@ - #define __NR_pidfd_getfd (__NR_Linux + 438) - #define __NR_faccessat2 (__NR_Linux + 439) - #define __NR_process_madvise (__NR_Linux + 440) -+#define __NR_epoll_pwait2 (__NR_Linux + 441) - - - #endif /* _ASM_MIPS_UNISTD_N32_H */ -diff --git a/linux-headers/asm-mips/unistd_n64.h b/linux-headers/asm-mips/unistd_n64.h -index 0465ab94db8966b453f1e1863e00..683558a7f8ad6178f83caedc9cac 100644 ---- a/linux-headers/asm-mips/unistd_n64.h -+++ b/linux-headers/asm-mips/unistd_n64.h -@@ -346,6 +346,7 @@ - #define __NR_pidfd_getfd (__NR_Linux + 438) - #define __NR_faccessat2 (__NR_Linux + 439) - #define __NR_process_madvise (__NR_Linux + 440) -+#define __NR_epoll_pwait2 (__NR_Linux + 441) - - - #endif /* _ASM_MIPS_UNISTD_N64_H */ -diff --git a/linux-headers/asm-mips/unistd_o32.h b/linux-headers/asm-mips/unistd_o32.h -index 5222a0dd50e18b778dcc38f45af8..ca6a7e5c0b91e7b61e1919360831 100644 ---- a/linux-headers/asm-mips/unistd_o32.h -+++ b/linux-headers/asm-mips/unistd_o32.h -@@ -416,6 +416,7 @@ - #define __NR_pidfd_getfd (__NR_Linux + 438) - #define __NR_faccessat2 (__NR_Linux + 439) - #define __NR_process_madvise (__NR_Linux + 440) -+#define __NR_epoll_pwait2 (__NR_Linux + 441) - - - #endif /* _ASM_MIPS_UNISTD_O32_H */ -diff --git a/linux-headers/asm-powerpc/unistd_32.h b/linux-headers/asm-powerpc/unistd_32.h -index 21066a3d5f4a65bd2a1e09c002a3..4624c9004368474b9bbb7d534bef 100644 ---- a/linux-headers/asm-powerpc/unistd_32.h -+++ b/linux-headers/asm-powerpc/unistd_32.h -@@ -423,6 +423,7 @@ - #define __NR_pidfd_getfd 438 - #define __NR_faccessat2 439 - #define __NR_process_madvise 440 -+#define __NR_epoll_pwait2 441 - - - #endif /* _ASM_POWERPC_UNISTD_32_H */ -diff --git a/linux-headers/asm-powerpc/unistd_64.h b/linux-headers/asm-powerpc/unistd_64.h -index c153da29f2362aa32b379a711ac8..7e851b30bb13bc407be07ffe01ac 100644 ---- a/linux-headers/asm-powerpc/unistd_64.h -+++ b/linux-headers/asm-powerpc/unistd_64.h -@@ -395,6 +395,7 @@ - #define __NR_pidfd_getfd 438 - #define __NR_faccessat2 439 - #define __NR_process_madvise 440 -+#define __NR_epoll_pwait2 441 - - - #endif /* _ASM_POWERPC_UNISTD_64_H */ -diff --git a/linux-headers/asm-s390/unistd_32.h b/linux-headers/asm-s390/unistd_32.h -index 3b4f2dda6049767ea56e3a29ecf6..c94d2c3a22d698692ff4b2a2d890 100644 ---- a/linux-headers/asm-s390/unistd_32.h -+++ b/linux-headers/asm-s390/unistd_32.h -@@ -413,5 +413,6 @@ - #define __NR_pidfd_getfd 438 - #define __NR_faccessat2 439 - #define __NR_process_madvise 440 -+#define __NR_epoll_pwait2 441 - - #endif /* _ASM_S390_UNISTD_32_H */ -diff --git a/linux-headers/asm-s390/unistd_64.h b/linux-headers/asm-s390/unistd_64.h -index 030a51fa3828b9a8ea64d42dc84b..984a06b7ebe4e8e56b9a26dc01b5 100644 ---- a/linux-headers/asm-s390/unistd_64.h -+++ b/linux-headers/asm-s390/unistd_64.h -@@ -361,5 +361,6 @@ - #define __NR_pidfd_getfd 438 - #define __NR_faccessat2 439 - #define __NR_process_madvise 440 -+#define __NR_epoll_pwait2 441 - - #endif /* _ASM_S390_UNISTD_64_H */ -diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h -index 89e5f3d1bba86b8bbb0e7a80cbed..8e76d3701db3f2432c91c9bd3262 100644 ---- a/linux-headers/asm-x86/kvm.h -+++ b/linux-headers/asm-x86/kvm.h -@@ -12,6 +12,7 @@ - - #define KVM_PIO_PAGE_OFFSET 1 - #define KVM_COALESCED_MMIO_PAGE_OFFSET 2 -+#define KVM_DIRTY_LOG_PAGE_OFFSET 64 - - #define DE_VECTOR 0 - #define DB_VECTOR 1 -diff --git a/linux-headers/asm-x86/unistd_32.h b/linux-headers/asm-x86/unistd_32.h -index cfba368f9dffa9ed90eeff567849..18fb99dfa287ae7d01b77980a030 100644 ---- a/linux-headers/asm-x86/unistd_32.h -+++ b/linux-headers/asm-x86/unistd_32.h -@@ -431,6 +431,7 @@ - #define __NR_pidfd_getfd 438 - #define __NR_faccessat2 439 - #define __NR_process_madvise 440 -+#define __NR_epoll_pwait2 441 - - - #endif /* _ASM_X86_UNISTD_32_H */ -diff --git a/linux-headers/asm-x86/unistd_64.h b/linux-headers/asm-x86/unistd_64.h -index 61af7250955feef3be80c70eeccc..bde959328d65f30e0480f9c62c28 100644 ---- a/linux-headers/asm-x86/unistd_64.h -+++ b/linux-headers/asm-x86/unistd_64.h -@@ -353,6 +353,7 @@ - #define __NR_pidfd_getfd 438 - #define __NR_faccessat2 439 - #define __NR_process_madvise 440 -+#define __NR_epoll_pwait2 441 - - - #endif /* _ASM_X86_UNISTD_64_H */ -diff --git a/linux-headers/asm-x86/unistd_x32.h b/linux-headers/asm-x86/unistd_x32.h -index a6890cb1f5b534b152455e07e707..4ff6b17d3bb4de09ffd5b1c22b5a 100644 ---- a/linux-headers/asm-x86/unistd_x32.h -+++ b/linux-headers/asm-x86/unistd_x32.h -@@ -306,6 +306,7 @@ - #define __NR_pidfd_getfd (__X32_SYSCALL_BIT + 438) - #define __NR_faccessat2 (__X32_SYSCALL_BIT + 439) - #define __NR_process_madvise (__X32_SYSCALL_BIT + 440) -+#define __NR_epoll_pwait2 (__X32_SYSCALL_BIT + 441) - #define __NR_rt_sigaction (__X32_SYSCALL_BIT + 512) - #define __NR_rt_sigreturn (__X32_SYSCALL_BIT + 513) - #define __NR_ioctl (__X32_SYSCALL_BIT + 514) -diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h -index 56ce14ad209f7f47615d0940c980..020b62a619a710d3ff7f4c6e679c 100644 ---- a/linux-headers/linux/kvm.h -+++ b/linux-headers/linux/kvm.h -@@ -250,6 +250,7 @@ struct kvm_hyperv_exit { - #define KVM_EXIT_ARM_NISV 28 - #define KVM_EXIT_X86_RDMSR 29 - #define KVM_EXIT_X86_WRMSR 30 -+#define KVM_EXIT_DIRTY_RING_FULL 31 - - /* For KVM_EXIT_INTERNAL_ERROR */ - /* Emulate instruction failed. */ -@@ -1053,6 +1054,8 @@ struct kvm_ppc_resize_hpt { - #define KVM_CAP_X86_USER_SPACE_MSR 188 - #define KVM_CAP_X86_MSR_FILTER 189 - #define KVM_CAP_ENFORCE_PV_FEATURE_CPUID 190 -+#define KVM_CAP_SYS_HYPERV_CPUID 191 -+#define KVM_CAP_DIRTY_LOG_RING 192 - - #ifdef KVM_CAP_IRQ_ROUTING - -@@ -1511,7 +1514,7 @@ struct kvm_enc_region { - /* Available with KVM_CAP_MANUAL_DIRTY_LOG_PROTECT_2 */ - #define KVM_CLEAR_DIRTY_LOG _IOWR(KVMIO, 0xc0, struct kvm_clear_dirty_log) - --/* Available with KVM_CAP_HYPERV_CPUID */ -+/* Available with KVM_CAP_HYPERV_CPUID (vcpu) / KVM_CAP_SYS_HYPERV_CPUID (system) */ - #define KVM_GET_SUPPORTED_HV_CPUID _IOWR(KVMIO, 0xc1, struct kvm_cpuid2) - - /* Available with KVM_CAP_ARM_SVE */ -@@ -1557,6 +1560,9 @@ struct kvm_pv_cmd { - /* Available with KVM_CAP_X86_MSR_FILTER */ - #define KVM_X86_SET_MSR_FILTER _IOW(KVMIO, 0xc6, struct kvm_msr_filter) - -+/* Available with KVM_CAP_DIRTY_LOG_RING */ -+#define KVM_RESET_DIRTY_RINGS _IO(KVMIO, 0xc7) -+ - /* Secure Encrypted Virtualization command */ - enum sev_cmd_id { - /* Guest initialization commands */ -@@ -1710,4 +1716,52 @@ struct kvm_hyperv_eventfd { - #define KVM_DIRTY_LOG_MANUAL_PROTECT_ENABLE (1 << 0) - #define KVM_DIRTY_LOG_INITIALLY_SET (1 << 1) - -+/* -+ * Arch needs to define the macro after implementing the dirty ring -+ * feature. KVM_DIRTY_LOG_PAGE_OFFSET should be defined as the -+ * starting page offset of the dirty ring structures. -+ */ -+#ifndef KVM_DIRTY_LOG_PAGE_OFFSET -+#define KVM_DIRTY_LOG_PAGE_OFFSET 0 -+#endif -+ -+/* -+ * KVM dirty GFN flags, defined as: -+ * -+ * |---------------+---------------+--------------| -+ * | bit 1 (reset) | bit 0 (dirty) | Status | -+ * |---------------+---------------+--------------| -+ * | 0 | 0 | Invalid GFN | -+ * | 0 | 1 | Dirty GFN | -+ * | 1 | X | GFN to reset | -+ * |---------------+---------------+--------------| -+ * -+ * Lifecycle of a dirty GFN goes like: -+ * -+ * dirtied harvested reset -+ * 00 -----------> 01 -------------> 1X -------+ -+ * ^ | -+ * | | -+ * +------------------------------------------+ -+ * -+ * The userspace program is only responsible for the 01->1X state -+ * conversion after harvesting an entry. Also, it must not skip any -+ * dirty bits, so that dirty bits are always harvested in sequence. -+ */ -+#define KVM_DIRTY_GFN_F_DIRTY BIT(0) -+#define KVM_DIRTY_GFN_F_RESET BIT(1) -+#define KVM_DIRTY_GFN_F_MASK 0x3 -+ -+/* -+ * KVM dirty rings should be mapped at KVM_DIRTY_LOG_PAGE_OFFSET of -+ * per-vcpu mmaped regions as an array of struct kvm_dirty_gfn. The -+ * size of the gfn buffer is decided by the first argument when -+ * enabling KVM_CAP_DIRTY_LOG_RING. -+ */ -+struct kvm_dirty_gfn { -+ __u32 flags; -+ __u32 slot; -+ __u64 offset; -+}; -+ - #endif /* __LINUX_KVM_H */ -diff --git a/linux-headers/linux/userfaultfd.h b/linux-headers/linux/userfaultfd.h -index 8d3996eb8285583ba11952bc85e5..1ba9a9feeb833e16bcffefa044de 100644 ---- a/linux-headers/linux/userfaultfd.h -+++ b/linux-headers/linux/userfaultfd.h -@@ -257,4 +257,13 @@ struct uffdio_writeprotect { - __u64 mode; - }; - -+/* -+ * Flags for the userfaultfd(2) system call itself. -+ */ -+ -+/* -+ * Create a userfaultfd that can handle page faults only in user mode. -+ */ -+#define UFFD_USER_MODE_ONLY 1 -+ - #endif /* _LINUX_USERFAULTFD_H */ -diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h -index b92dcc4dafd5f00fd1ab89199aee..609099e455cdf86cf471808b03a4 100644 ---- a/linux-headers/linux/vfio.h -+++ b/linux-headers/linux/vfio.h -@@ -820,6 +820,7 @@ enum { - enum { - VFIO_CCW_IO_IRQ_INDEX, - VFIO_CCW_CRW_IRQ_INDEX, -+ VFIO_CCW_REQ_IRQ_INDEX, - VFIO_CCW_NUM_IRQS - }; - -diff --git a/linux-headers/linux/vhost.h b/linux-headers/linux/vhost.h -index 75232185324abb8bf16521b525ed..c998860d7bbc4351c37c702ea69e 100644 ---- a/linux-headers/linux/vhost.h -+++ b/linux-headers/linux/vhost.h -@@ -146,4 +146,8 @@ - - /* Set event fd for config interrupt*/ - #define VHOST_VDPA_SET_CONFIG_CALL _IOW(VHOST_VIRTIO, 0x77, int) -+ -+/* Get the valid iova range */ -+#define VHOST_VDPA_GET_IOVA_RANGE _IOR(VHOST_VIRTIO, 0x78, \ -+ struct vhost_vdpa_iova_range) - #endif diff --git a/XXX-dont-dump-core-on-sigabort.patch b/XXX-dont-dump-core-on-sigabort.patch index c6f29e23..6546a7c1 100644 --- a/XXX-dont-dump-core-on-sigabort.patch +++ b/XXX-dont-dump-core-on-sigabort.patch @@ -8,10 +8,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 6 insertions(+) diff --git a/linux-user/signal.c b/linux-user/signal.c -index 73de934c65117c5caa0f2dabe8e2..be83f5e4030f2a6e90606f762396 100644 +index 7eecec46c4070c119cfee9be2316..fdd9a86cc1ce0b8238562d1612a3 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c -@@ -632,6 +632,10 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig) +@@ -631,6 +631,10 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig) trace_user_force_sig(env, target_sig, host_sig); gdb_signalled(env, target_sig); @@ -22,7 +22,7 @@ index 73de934c65117c5caa0f2dabe8e2..be83f5e4030f2a6e90606f762396 100644 /* dump core if supported by target binary format */ if (core_dump_signal(target_sig) && (ts->bprm->core_dump != NULL)) { stop_all_tasks(); -@@ -649,6 +653,8 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig) +@@ -648,6 +652,8 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig) target_sig, strsignal(host_sig), "core dumped" ); } diff --git a/acpi_piix4-Fix-migration-from-SLE11-SP2.patch b/acpi_piix4-Fix-migration-from-SLE11-SP2.patch index 2e823c21..d31de03a 100644 --- a/acpi_piix4-Fix-migration-from-SLE11-SP2.patch +++ b/acpi_piix4-Fix-migration-from-SLE11-SP2.patch @@ -16,10 +16,10 @@ Signed-off-by: Andreas Färber 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c -index 669be5bbf61ecc9308bb4b25e2b8..bd1c7cc447bda59190590cb4551f 100644 +index 8f8b0e95e5201b1404b2a9bc7abd..4083edb21d17346ca9733de4915c 100644 --- a/hw/acpi/piix4.c +++ b/hw/acpi/piix4.c -@@ -276,7 +276,7 @@ static bool piix4_vmstate_need_smbus(void *opaque, int version_id) +@@ -277,7 +277,7 @@ static bool piix4_vmstate_need_smbus(void *opaque, int version_id) static const VMStateDescription vmstate_acpi = { .name = "piix4_pm", .version_id = 3, diff --git a/audio-add-sanity-check.patch b/audio-add-sanity-check.patch deleted file mode 100644 index ea029ec8..00000000 --- a/audio-add-sanity-check.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Gerd Hoffmann -Date: Tue, 15 Dec 2020 09:11:51 +0100 -Subject: audio: add sanity check - -Git-commit: 06c8c375389a54d8e4457d967f4f0896caecefb2 -References: boo#1180210 - -Check whenever we actually found the spiceaudio driver -before flipping the can_be_default field. - -Fixes: f0c4555edfdd ("audio: remove qemu_spice_audio_init()") -Buglink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977301 -Reported-by: dann frazier -Signed-off-by: Gerd Hoffmann -Message-Id: <20201215081151.20095-1-kraxel@redhat.com> -Signed-off-by: Bruce Rogers ---- - audio/audio.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/audio/audio.c b/audio/audio.c -index 46578e4a583b9ad5c5fd4d40c711..973804620d7b057b70833694947c 100644 ---- a/audio/audio.c -+++ b/audio/audio.c -@@ -1709,7 +1709,9 @@ static AudioState *audio_init(Audiodev *dev, const char *name) - * backend and this can go away. - */ - driver = audio_driver_lookup("spice"); -- driver->can_be_default = 1; -+ if (driver) { -+ driver->can_be_default = 1; -+ } - } - - if (dev) { diff --git a/block-Fix-deadlock-in-bdrv_co_yield_to_d.patch b/block-Fix-deadlock-in-bdrv_co_yield_to_d.patch deleted file mode 100644 index e9c4effe..00000000 --- a/block-Fix-deadlock-in-bdrv_co_yield_to_d.patch +++ /dev/null @@ -1,119 +0,0 @@ -From: Kevin Wolf -Date: Thu, 3 Dec 2020 18:23:11 +0100 -Subject: block: Fix deadlock in bdrv_co_yield_to_drain() - -Git-commit: 960d5fb3e8ee09bc5f1a5c84f66dce42a6cef920 - -If bdrv_co_yield_to_drain() is called for draining a block node that -runs in a different AioContext, it keeps that AioContext locked while it -yields and schedules a BH in the AioContext to do the actual drain. - -As long as executing the BH is the very next thing that the event loop -of the node's AioContext does, this actually happens to work, but when -it tries to execute something else that wants to take the AioContext -lock, it will deadlock. (In the bug report, this other thing is a -virtio-scsi device running virtio_scsi_data_plane_handle_cmd().) - -Instead, always drop the AioContext lock across the yield and reacquire -it only when the coroutine is reentered. The BH needs to unconditionally -take the lock for itself now. - -This fixes the 'block_resize' QMP command on a block node that runs in -an iothread. - -Cc: qemu-stable@nongnu.org -Fixes: eb94b81a94bce112e6b206df846c1551aaf6cab6 -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1903511 -Signed-off-by: Kevin Wolf -Message-Id: <20201203172311.68232-4-kwolf@redhat.com> -Reviewed-by: Vladimir Sementsov-Ogievskiy -Signed-off-by: Kevin Wolf -Signed-off-by: Bruce Rogers ---- - block/io.c | 41 ++++++++++++++++++++++++----------------- - 1 file changed, 24 insertions(+), 17 deletions(-) - -diff --git a/block/io.c b/block/io.c -index ec5e152bb70f62371b608e95d514..a9f56a9ab1c56a3ca83833bfb0fa 100644 ---- a/block/io.c -+++ b/block/io.c -@@ -306,17 +306,7 @@ static void bdrv_co_drain_bh_cb(void *opaque) - - if (bs) { - AioContext *ctx = bdrv_get_aio_context(bs); -- AioContext *co_ctx = qemu_coroutine_get_aio_context(co); -- -- /* -- * When the coroutine yielded, the lock for its home context was -- * released, so we need to re-acquire it here. If it explicitly -- * acquired a different context, the lock is still held and we don't -- * want to lock it a second time (or AIO_WAIT_WHILE() would hang). -- */ -- if (ctx == co_ctx) { -- aio_context_acquire(ctx); -- } -+ aio_context_acquire(ctx); - bdrv_dec_in_flight(bs); - if (data->begin) { - assert(!data->drained_end_counter); -@@ -328,9 +318,7 @@ static void bdrv_co_drain_bh_cb(void *opaque) - data->ignore_bds_parents, - data->drained_end_counter); - } -- if (ctx == co_ctx) { -- aio_context_release(ctx); -- } -+ aio_context_release(ctx); - } else { - assert(data->begin); - bdrv_drain_all_begin(); -@@ -348,13 +336,16 @@ static void coroutine_fn bdrv_co_yield_to_drain(BlockDriverState *bs, - int *drained_end_counter) - { - BdrvCoDrainData data; -+ Coroutine *self = qemu_coroutine_self(); -+ AioContext *ctx = bdrv_get_aio_context(bs); -+ AioContext *co_ctx = qemu_coroutine_get_aio_context(self); - - /* Calling bdrv_drain() from a BH ensures the current coroutine yields and - * other coroutines run if they were queued by aio_co_enter(). */ - - assert(qemu_in_coroutine()); - data = (BdrvCoDrainData) { -- .co = qemu_coroutine_self(), -+ .co = self, - .bs = bs, - .done = false, - .begin = begin, -@@ -368,13 +359,29 @@ static void coroutine_fn bdrv_co_yield_to_drain(BlockDriverState *bs, - if (bs) { - bdrv_inc_in_flight(bs); - } -- replay_bh_schedule_oneshot_event(bdrv_get_aio_context(bs), -- bdrv_co_drain_bh_cb, &data); -+ -+ /* -+ * Temporarily drop the lock across yield or we would get deadlocks. -+ * bdrv_co_drain_bh_cb() reaquires the lock as needed. -+ * -+ * When we yield below, the lock for the current context will be -+ * released, so if this is actually the lock that protects bs, don't drop -+ * it a second time. -+ */ -+ if (ctx != co_ctx) { -+ aio_context_release(ctx); -+ } -+ replay_bh_schedule_oneshot_event(ctx, bdrv_co_drain_bh_cb, &data); - - qemu_coroutine_yield(); - /* If we are resumed from some other event (such as an aio completion or a - * timer callback), it is a bug in the caller that should be fixed. */ - assert(data.done); -+ -+ /* Reaquire the AioContext of bs if we dropped it */ -+ if (ctx != co_ctx) { -+ aio_context_acquire(ctx); -+ } - } - - void bdrv_do_drained_begin_quiesce(BlockDriverState *bs, diff --git a/block-Fix-locking-in-qmp_block_resize.patch b/block-Fix-locking-in-qmp_block_resize.patch deleted file mode 100644 index 113d105c..00000000 --- a/block-Fix-locking-in-qmp_block_resize.patch +++ /dev/null @@ -1,42 +0,0 @@ -From: Kevin Wolf -Date: Thu, 3 Dec 2020 18:23:10 +0100 -Subject: block: Fix locking in qmp_block_resize() - -Git-commit: 8089eab2bd5fb160b038e64e14cf7ffb3f37091e - -The drain functions assume that we hold the AioContext lock of the -drained block node. Make sure to actually take the lock. - -Cc: qemu-stable@nongnu.org -Fixes: eb94b81a94bce112e6b206df846c1551aaf6cab6 -Signed-off-by: Kevin Wolf -Message-Id: <20201203172311.68232-3-kwolf@redhat.com> -Reviewed-by: Vladimir Sementsov-Ogievskiy -Signed-off-by: Kevin Wolf -Signed-off-by: Bruce Rogers ---- - blockdev.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/blockdev.c b/blockdev.c -index a7f0149d64152651be78f6cd8e61..e4dfa65aa444346c3c09dbc6d1c5 100644 ---- a/blockdev.c -+++ b/blockdev.c -@@ -2481,13 +2481,16 @@ void coroutine_fn qmp_block_resize(bool has_device, const char *device, - return; - } - -+ bdrv_co_lock(bs); - bdrv_drained_begin(bs); -+ bdrv_co_unlock(bs); -+ - old_ctx = bdrv_co_enter(bs); - blk_truncate(blk, size, false, PREALLOC_MODE_OFF, 0, errp); - bdrv_co_leave(bs, old_ctx); -- bdrv_drained_end(bs); - - bdrv_co_lock(bs); -+ bdrv_drained_end(bs); - blk_unref(blk); - bdrv_co_unlock(bs); - } diff --git a/block-Separate-blk_is_writable-and-blk_s.patch b/block-Separate-blk_is_writable-and-blk_s.patch deleted file mode 100644 index 93e6dc1d..00000000 --- a/block-Separate-blk_is_writable-and-blk_s.patch +++ /dev/null @@ -1,481 +0,0 @@ -From: Kevin Wolf -Date: Mon, 18 Jan 2021 13:34:47 +0100 -Subject: block: Separate blk_is_writable() and blk_supports_write_perm() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 86b1cf322789b79c8ace977430ac6a443d491cc0 - -Currently, blk_is_read_only() tells whether a given BlockBackend can -only be used in read-only mode because its root node is read-only. Some -callers actually try to answer a slightly different question: Is the -BlockBackend configured to be writable, by taking write permissions on -the root node? - -This can differ, for example, for CD-ROM devices which don't take write -permissions, but may be backed by a writable image file. scsi-cd allows -write requests to the drive if blk_is_read_only() returns false. -However, the write request will immediately run into an assertion -failure because the write permission is missing. - -This patch introduces separate functions for both questions. -blk_supports_write_perm() answers the question whether the block -node/image file can support writable devices, whereas blk_is_writable() -tells whether the BlockBackend is currently configured to be writable. - -All calls of blk_is_read_only() are converted to one of the two new -functions. - -Fixes: https://bugs.launchpad.net/bugs/1906693 -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf -Message-Id: <20210118123448.307825-2-kwolf@redhat.com> -Reviewed-by: Philippe Mathieu-Daudé -Reviewed-by: Max Reitz -Signed-off-by: Kevin Wolf -Signed-off-by: Bruce Rogers ---- - block/block-backend.c | 19 ++++++++++++++++--- - hw/block/dataplane/xen-block.c | 2 +- - hw/block/fdc.c | 9 +++++---- - hw/block/m25p80.c | 6 +++--- - hw/block/nand.c | 2 +- - hw/block/nvme-ns.c | 7 ++++--- - hw/block/onenand.c | 2 +- - hw/block/pflash_cfi01.c | 2 +- - hw/block/pflash_cfi02.c | 2 +- - hw/block/swim.c | 6 +++--- - hw/block/virtio-blk.c | 6 +++--- - hw/block/xen-block.c | 2 +- - hw/ide/core.c | 2 +- - hw/misc/sifive_u_otp.c | 2 +- - hw/ppc/pnv_pnor.c | 2 +- - hw/scsi/scsi-disk.c | 10 +++++----- - hw/scsi/scsi-generic.c | 4 ++-- - hw/sd/sd.c | 6 +++--- - hw/usb/dev-storage.c | 4 ++-- - include/sysemu/block-backend.h | 3 ++- - 20 files changed, 57 insertions(+), 41 deletions(-) - -diff --git a/block/block-backend.c b/block/block-backend.c -index ce78d30794ade042fa9f1b8d2b68..e493f17515d88465796d298b5566 100644 ---- a/block/block-backend.c -+++ b/block/block-backend.c -@@ -1826,17 +1826,30 @@ void blk_error_action(BlockBackend *blk, BlockErrorAction action, - } - } - --bool blk_is_read_only(BlockBackend *blk) -+/* -+ * Returns true if the BlockBackend can support taking write permissions -+ * (because its root node is not read-only). -+ */ -+bool blk_supports_write_perm(BlockBackend *blk) - { - BlockDriverState *bs = blk_bs(blk); - - if (bs) { -- return bdrv_is_read_only(bs); -+ return !bdrv_is_read_only(bs); - } else { -- return blk->root_state.read_only; -+ return !blk->root_state.read_only; - } - } - -+/* -+ * Returns true if the BlockBackend can be written to in its current -+ * configuration (i.e. if write permission have been requested) -+ */ -+bool blk_is_writable(BlockBackend *blk) -+{ -+ return blk->perm & BLK_PERM_WRITE; -+} -+ - bool blk_is_sg(BlockBackend *blk) - { - BlockDriverState *bs = blk_bs(blk); -diff --git a/hw/block/dataplane/xen-block.c b/hw/block/dataplane/xen-block.c -index 71c337c7b7e74085532754bb28b2..f5b4f4c0790c26887e21649010f1 100644 ---- a/hw/block/dataplane/xen-block.c -+++ b/hw/block/dataplane/xen-block.c -@@ -168,7 +168,7 @@ static int xen_block_parse_request(XenBlockRequest *request) - }; - - if (request->req.operation != BLKIF_OP_READ && -- blk_is_read_only(dataplane->blk)) { -+ !blk_is_writable(dataplane->blk)) { - error_report("error: write req for ro device"); - goto err; - } -diff --git a/hw/block/fdc.c b/hw/block/fdc.c -index 4c2c35e223aa5fccb6b855b1aa9e..d6ba6c8f730092632770cf66908b 100644 ---- a/hw/block/fdc.c -+++ b/hw/block/fdc.c -@@ -443,7 +443,7 @@ static void fd_revalidate(FDrive *drv) - - FLOPPY_DPRINTF("revalidate\n"); - if (drv->blk != NULL) { -- drv->ro = blk_is_read_only(drv->blk); -+ drv->ro = !blk_is_writable(drv->blk); - if (!blk_is_inserted(drv->blk)) { - FLOPPY_DPRINTF("No disk in drive\n"); - drv->disk = FLOPPY_DRIVE_TYPE_NONE; -@@ -478,8 +478,8 @@ static void fd_change_cb(void *opaque, bool load, Error **errp) - blk_set_perm(drive->blk, 0, BLK_PERM_ALL, &error_abort); - } else { - if (!blkconf_apply_backend_options(drive->conf, -- blk_is_read_only(drive->blk), false, -- errp)) { -+ !blk_supports_write_perm(drive->blk), -+ false, errp)) { - return; - } - } -@@ -552,7 +552,8 @@ static void floppy_drive_realize(DeviceState *qdev, Error **errp) - * read-only node later */ - read_only = true; - } else { -- read_only = !blk_bs(dev->conf.blk) || blk_is_read_only(dev->conf.blk); -+ read_only = !blk_bs(dev->conf.blk) || -+ !blk_supports_write_perm(dev->conf.blk); - } - - if (!blkconf_blocksizes(&dev->conf, errp)) { -diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c -index 483925f57a9023f349bd70e8db9a..efe490a52fe4ff5dfeaec609b3e3 100644 ---- a/hw/block/m25p80.c -+++ b/hw/block/m25p80.c -@@ -499,7 +499,7 @@ static void flash_sync_page(Flash *s, int page) - { - QEMUIOVector *iov; - -- if (!s->blk || blk_is_read_only(s->blk)) { -+ if (!s->blk || !blk_is_writable(s->blk)) { - return; - } - -@@ -515,7 +515,7 @@ static inline void flash_sync_area(Flash *s, int64_t off, int64_t len) - { - QEMUIOVector *iov; - -- if (!s->blk || blk_is_read_only(s->blk)) { -+ if (!s->blk || !blk_is_writable(s->blk)) { - return; - } - -@@ -1278,7 +1278,7 @@ static void m25p80_realize(SSISlave *ss, Error **errp) - - if (s->blk) { - uint64_t perm = BLK_PERM_CONSISTENT_READ | -- (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE); -+ (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0); - ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp); - if (ret < 0) { - return; -diff --git a/hw/block/nand.c b/hw/block/nand.c -index 1d7a48a2ec2ad7ac77dc4b28f677..8c5087f96a960420fc3f7aea03a5 100644 ---- a/hw/block/nand.c -+++ b/hw/block/nand.c -@@ -409,7 +409,7 @@ static void nand_realize(DeviceState *dev, Error **errp) - pagesize = 1 << s->oob_shift; - s->mem_oob = 1; - if (s->blk) { -- if (blk_is_read_only(s->blk)) { -+ if (!blk_supports_write_perm(s->blk)) { - error_setg(errp, "Can't use a read-only drive"); - return; - } -diff --git a/hw/block/nvme-ns.c b/hw/block/nvme-ns.c -index 31c80cdf5b5ff302052383cbada1..2670787d2630f8a3d1b1c7f138b8 100644 ---- a/hw/block/nvme-ns.c -+++ b/hw/block/nvme-ns.c -@@ -48,13 +48,14 @@ static void nvme_ns_init(NvmeNamespace *ns) - - static int nvme_ns_init_blk(NvmeCtrl *n, NvmeNamespace *ns, Error **errp) - { -+ bool read_only; -+ - if (!blkconf_blocksizes(&ns->blkconf, errp)) { - return -1; - } - -- if (!blkconf_apply_backend_options(&ns->blkconf, -- blk_is_read_only(ns->blkconf.blk), -- false, errp)) { -+ read_only = !blk_supports_write_perm(ns->blkconf.blk); -+ if (!blkconf_apply_backend_options(&ns->blkconf, read_only, false, errp)) { - return -1; - } - -diff --git a/hw/block/onenand.c b/hw/block/onenand.c -index 5ff7be86bb798190b976779d7603..08994ca7da1aff06ff12615d4777 100644 ---- a/hw/block/onenand.c -+++ b/hw/block/onenand.c -@@ -796,7 +796,7 @@ static void onenand_realize(DeviceState *dev, Error **errp) - s->image = memset(g_malloc(size + (size >> 5)), - 0xff, size + (size >> 5)); - } else { -- if (blk_is_read_only(s->blk)) { -+ if (!blk_supports_write_perm(s->blk)) { - error_setg(errp, "Can't use a read-only drive"); - return; - } -diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c -index daae9658605f4a348d6e91c84b31..af0bb6c26342405dc558df1be36c 100644 ---- a/hw/block/pflash_cfi01.c -+++ b/hw/block/pflash_cfi01.c -@@ -744,7 +744,7 @@ static void pflash_cfi01_realize(DeviceState *dev, Error **errp) - - if (pfl->blk) { - uint64_t perm; -- pfl->ro = blk_is_read_only(pfl->blk); -+ pfl->ro = !blk_supports_write_perm(pfl->blk); - perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); - ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); - if (ret < 0) { -diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c -index 1b3d94e0473bd4490b7c97d7c7e7..1a855c5d3865c0d64b46c90a4cda 100644 ---- a/hw/block/pflash_cfi02.c -+++ b/hw/block/pflash_cfi02.c -@@ -801,7 +801,7 @@ static void pflash_cfi02_realize(DeviceState *dev, Error **errp) - - if (pfl->blk) { - uint64_t perm; -- pfl->ro = blk_is_read_only(pfl->blk); -+ pfl->ro = !blk_supports_write_perm(pfl->blk); - perm = BLK_PERM_CONSISTENT_READ | (pfl->ro ? 0 : BLK_PERM_WRITE); - ret = blk_set_perm(pfl->blk, perm, BLK_PERM_ALL, errp); - if (ret < 0) { -diff --git a/hw/block/swim.c b/hw/block/swim.c -index 20133a814c44095028ea0efe7d53..509c2f4900353c3b1e7fad9117f1 100644 ---- a/hw/block/swim.c -+++ b/hw/block/swim.c -@@ -137,8 +137,8 @@ static void swim_change_cb(void *opaque, bool load, Error **errp) - blk_set_perm(drive->blk, 0, BLK_PERM_ALL, &error_abort); - } else { - if (!blkconf_apply_backend_options(drive->conf, -- blk_is_read_only(drive->blk), false, -- errp)) { -+ !blk_supports_write_perm(drive->blk), -+ false, errp)) { - return; - } - } -@@ -210,7 +210,7 @@ static void swim_drive_realize(DeviceState *qdev, Error **errp) - dev->conf.werror = BLOCKDEV_ON_ERROR_AUTO; - - if (!blkconf_apply_backend_options(&dev->conf, -- blk_is_read_only(dev->conf.blk), -+ !blk_supports_write_perm(dev->conf.blk), - false, errp)) { - return; - } -diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c -index bac2d6fa2b283854b21f225bea1c..e8600b069da36372f68c6b59baf9 100644 ---- a/hw/block/virtio-blk.c -+++ b/hw/block/virtio-blk.c -@@ -1021,7 +1021,7 @@ static uint64_t virtio_blk_get_features(VirtIODevice *vdev, uint64_t features, - virtio_has_feature(features, VIRTIO_BLK_F_CONFIG_WCE))) { - virtio_add_feature(&features, VIRTIO_BLK_F_WCE); - } -- if (blk_is_read_only(s->blk)) { -+ if (!blk_is_writable(s->blk)) { - virtio_add_feature(&features, VIRTIO_BLK_F_RO); - } - if (s->conf.num_queues > 1) { -@@ -1175,8 +1175,8 @@ static void virtio_blk_device_realize(DeviceState *dev, Error **errp) - } - - if (!blkconf_apply_backend_options(&conf->conf, -- blk_is_read_only(conf->conf.blk), true, -- errp)) { -+ !blk_supports_write_perm(conf->conf.blk), -+ true, errp)) { - return; - } - s->original_wce = blk_enable_write_cache(conf->conf.blk); -diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c -index 8a7a3f54523ed050587c3e2047de..20b23c699bc1cb4cd796bf352c45 100644 ---- a/hw/block/xen-block.c -+++ b/hw/block/xen-block.c -@@ -574,7 +574,7 @@ static void xen_disk_realize(XenBlockDevice *blockdev, Error **errp) - return; - } - -- blockdev->info = blk_is_read_only(conf->blk) ? VDISK_READONLY : 0; -+ blockdev->info = blk_supports_write_perm(conf->blk) ? 0 : VDISK_READONLY; - } - - static void xen_disk_class_init(ObjectClass *class, void *data) -diff --git a/hw/ide/core.c b/hw/ide/core.c -index e85821637c961121ad7a2ccfbaf9..50758a944172ba6ed12c3ca2bc4c 100644 ---- a/hw/ide/core.c -+++ b/hw/ide/core.c -@@ -2537,7 +2537,7 @@ int ide_init_drive(IDEState *s, BlockBackend *blk, IDEDriveKind kind, - error_setg(errp, "Device needs media, but drive is empty"); - return -1; - } -- if (blk_is_read_only(blk)) { -+ if (!blk_is_writable(blk)) { - error_setg(errp, "Can't use a read-only drive"); - return -1; - } -diff --git a/hw/misc/sifive_u_otp.c b/hw/misc/sifive_u_otp.c -index 60066375abddfa4e74e424b7d693..84547ebf1ba4aae4c99be01342e5 100644 ---- a/hw/misc/sifive_u_otp.c -+++ b/hw/misc/sifive_u_otp.c -@@ -218,7 +218,7 @@ static void sifive_u_otp_realize(DeviceState *dev, Error **errp) - - if (s->blk) { - perm = BLK_PERM_CONSISTENT_READ | -- (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE); -+ (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0); - ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp); - if (ret < 0) { - return; -diff --git a/hw/ppc/pnv_pnor.c b/hw/ppc/pnv_pnor.c -index c365ee58b884c02c77851a35f566..cc2a6a3db7eac7cab6750fe7f011 100644 ---- a/hw/ppc/pnv_pnor.c -+++ b/hw/ppc/pnv_pnor.c -@@ -85,7 +85,7 @@ static void pnv_pnor_realize(DeviceState *dev, Error **errp) - - if (s->blk) { - uint64_t perm = BLK_PERM_CONSISTENT_READ | -- (blk_is_read_only(s->blk) ? 0 : BLK_PERM_WRITE); -+ (blk_supports_write_perm(s->blk) ? BLK_PERM_WRITE : 0); - ret = blk_set_perm(s->blk, perm, BLK_PERM_ALL, errp); - if (ret < 0) { - return; -diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c -index 90841ad79123a3a86547a70d6dd4..7ab2be05b3ce3f4fad2212037b34 100644 ---- a/hw/scsi/scsi-disk.c -+++ b/hw/scsi/scsi-disk.c -@@ -1269,7 +1269,7 @@ static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf) - - if (s->qdev.type == TYPE_DISK) { - dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0; -- if (blk_is_read_only(s->qdev.conf.blk)) { -+ if (!blk_is_writable(s->qdev.conf.blk)) { - dev_specific_param |= 0x80; /* Readonly. */ - } - } else { -@@ -1703,7 +1703,7 @@ static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf) - goto invalid_param_len; - } - -- if (blk_is_read_only(s->qdev.conf.blk)) { -+ if (!blk_is_writable(s->qdev.conf.blk)) { - block_acct_invalid(blk_get_stats(s->qdev.conf.blk), BLOCK_ACCT_UNMAP); - scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); - return; -@@ -1794,7 +1794,7 @@ static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf) - return; - } - -- if (blk_is_read_only(s->qdev.conf.blk)) { -+ if (!blk_is_writable(s->qdev.conf.blk)) { - scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); - return; - } -@@ -2206,7 +2206,7 @@ static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) - case WRITE_VERIFY_10: - case WRITE_VERIFY_12: - case WRITE_VERIFY_16: -- if (blk_is_read_only(s->qdev.conf.blk)) { -+ if (!blk_is_writable(s->qdev.conf.blk)) { - scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); - return 0; - } -@@ -2379,7 +2379,7 @@ static void scsi_realize(SCSIDevice *dev, Error **errp) - } - } - -- read_only = blk_is_read_only(s->qdev.conf.blk); -+ read_only = !blk_supports_write_perm(s->qdev.conf.blk); - if (dev->type == TYPE_ROM) { - read_only = true; - } -diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c -index 2cb23ca8913c91fc06f497af21be..836479ab017326fa058381efbb87 100644 ---- a/hw/scsi/scsi-generic.c -+++ b/hw/scsi/scsi-generic.c -@@ -305,7 +305,7 @@ static void scsi_read_complete(void * opaque, int ret) - * readonly. - */ - if ((s->type == TYPE_DISK || s->type == TYPE_TAPE || s->type == TYPE_ZBC) && -- blk_is_read_only(s->conf.blk) && -+ !blk_is_writable(s->conf.blk) && - (r->req.cmd.buf[0] == MODE_SENSE || - r->req.cmd.buf[0] == MODE_SENSE_10) && - (r->req.cmd.buf[1] & 0x8) == 0) { -@@ -693,7 +693,7 @@ static void scsi_generic_realize(SCSIDevice *s, Error **errp) - return; - } - if (!blkconf_apply_backend_options(&s->conf, -- blk_is_read_only(s->conf.blk), -+ !blk_supports_write_perm(s->conf.blk), - true, errp)) { - return; - } -diff --git a/hw/sd/sd.c b/hw/sd/sd.c -index 1842c037978c6b17c74d6b81a169..5cdcd54cfcbf467342b2e485ac3e 100644 ---- a/hw/sd/sd.c -+++ b/hw/sd/sd.c -@@ -583,7 +583,7 @@ static void sd_reset(DeviceState *dev) - sd_set_sdstatus(sd); - - g_free(sd->wp_groups); -- sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false; -+ sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false; - sd->wpgrps_size = sect; - sd->wp_groups = bitmap_new(sd->wpgrps_size); - memset(sd->function_group, 0, sizeof(sd->function_group)); -@@ -751,7 +751,7 @@ void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert) - { - sd->readonly_cb = readonly; - sd->inserted_cb = insert; -- qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0); -+ qemu_set_irq(readonly, sd->blk ? !blk_is_writable(sd->blk) : 0); - qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0); - } - -@@ -2155,7 +2155,7 @@ static void sd_realize(DeviceState *dev, Error **errp) - if (sd->blk) { - int64_t blk_size; - -- if (blk_is_read_only(sd->blk)) { -+ if (!blk_supports_write_perm(sd->blk)) { - error_setg(errp, "Cannot use read-only drive as SD card"); - return; - } -diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c -index f0f005869d25976cc4d5d2394237..c49e8b819e97df5f3f1814f2f63f 100644 ---- a/hw/usb/dev-storage.c -+++ b/hw/usb/dev-storage.c -@@ -613,8 +613,8 @@ static void usb_msd_storage_realize(USBDevice *dev, Error **errp) - return; - } - -- if (!blkconf_apply_backend_options(&s->conf, blk_is_read_only(blk), true, -- errp)) { -+ if (!blkconf_apply_backend_options(&s->conf, !blk_supports_write_perm(blk), -+ true, errp)) { - return; - } - -diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h -index 8203d7f6f90c792ca3f70e516909..880e9032930b0207e2e3e6fe1bd7 100644 ---- a/include/sysemu/block-backend.h -+++ b/include/sysemu/block-backend.h -@@ -191,7 +191,8 @@ BlockErrorAction blk_get_error_action(BlockBackend *blk, bool is_read, - int error); - void blk_error_action(BlockBackend *blk, BlockErrorAction action, - bool is_read, int error); --bool blk_is_read_only(BlockBackend *blk); -+bool blk_supports_write_perm(BlockBackend *blk); -+bool blk_is_writable(BlockBackend *blk); - bool blk_is_sg(BlockBackend *blk); - bool blk_enable_write_cache(BlockBackend *blk); - void blk_set_enable_write_cache(BlockBackend *blk, bool wce); diff --git a/block-Simplify-qmp_block_resize-error-pa.patch b/block-Simplify-qmp_block_resize-error-pa.patch deleted file mode 100644 index ecc96b1c..00000000 --- a/block-Simplify-qmp_block_resize-error-pa.patch +++ /dev/null @@ -1,62 +0,0 @@ -From: Kevin Wolf -Date: Thu, 3 Dec 2020 18:23:09 +0100 -Subject: block: Simplify qmp_block_resize() error paths - -Git-commit: d9dbf25f9624aac43e4357019bed4422f0b3368d - -The only thing that happens after the 'out:' label is blk_unref(blk). -However, blk = NULL in all of the error cases, so instead of jumping to -'out:', we can just return directly. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Kevin Wolf -Message-Id: <20201203172311.68232-2-kwolf@redhat.com> -Reviewed-by: Vladimir Sementsov-Ogievskiy -Signed-off-by: Kevin Wolf -Signed-off-by: Bruce Rogers ---- - blockdev.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/blockdev.c b/blockdev.c -index fe6fb5dc1d19716fba52e8b900e2..a7f0149d64152651be78f6cd8e61 100644 ---- a/blockdev.c -+++ b/blockdev.c -@@ -2454,7 +2454,7 @@ void coroutine_fn qmp_block_resize(bool has_device, const char *device, - int64_t size, Error **errp) - { - Error *local_err = NULL; -- BlockBackend *blk = NULL; -+ BlockBackend *blk; - BlockDriverState *bs; - AioContext *old_ctx; - -@@ -2468,17 +2468,17 @@ void coroutine_fn qmp_block_resize(bool has_device, const char *device, - - if (size < 0) { - error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "size", "a >0 size"); -- goto out; -+ return; - } - - if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_RESIZE, NULL)) { - error_setg(errp, QERR_DEVICE_IN_USE, device); -- goto out; -+ return; - } - - blk = blk_new_with_bs(bs, BLK_PERM_RESIZE, BLK_PERM_ALL, errp); - if (!blk) { -- goto out; -+ return; - } - - bdrv_drained_begin(bs); -@@ -2487,7 +2487,6 @@ void coroutine_fn qmp_block_resize(bool has_device, const char *device, - bdrv_co_leave(bs, old_ctx); - bdrv_drained_end(bs); - --out: - bdrv_co_lock(bs); - blk_unref(blk); - bdrv_co_unlock(bs); diff --git a/block-nfs-fix-int-overflow-in-nfs_client.patch b/block-nfs-fix-int-overflow-in-nfs_client.patch deleted file mode 100644 index 873277e4..00000000 --- a/block-nfs-fix-int-overflow-in-nfs_client.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: Peter Lieven -Date: Wed, 9 Dec 2020 13:17:35 +0100 -Subject: block/nfs: fix int overflow in nfs_client_open_qdict - -Git-commit: 182454dc63c66ff5a29eddd60cc987b6a1b45e7f - -nfs_client_open returns the file size in sectors. This effectively -makes it impossible to open files larger than 1TB. - -Fixes: c22a03454544c2a08f1107c5cc8481a5574533d5 -Cc: qemu-stable@nongnu.org -Signed-off-by: Peter Lieven -Message-Id: <20201209121735.16437-1-pl@kamp.de> -Reviewed-by: Stefano Garzarella -Signed-off-by: Kevin Wolf -Signed-off-by: Bruce Rogers ---- - block/nfs.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/block/nfs.c b/block/nfs.c -index 77905f516d203d03012cdf362daf..8c1968bb415d9a9e542988fd5112 100644 ---- a/block/nfs.c -+++ b/block/nfs.c -@@ -592,7 +592,7 @@ static int64_t nfs_client_open_qdict(NFSClient *client, QDict *options, - int flags, int open_flags, Error **errp) - { - BlockdevOptionsNfs *opts; -- int ret; -+ int64_t ret; - - opts = nfs_options_qdict_to_qapi(options, errp); - if (opts == NULL) { diff --git a/block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch b/block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch deleted file mode 100644 index c9f6f299..00000000 --- a/block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch +++ /dev/null @@ -1,47 +0,0 @@ -From: Stefano Garzarella -Date: Mon, 29 Mar 2021 17:01:29 +0200 -Subject: block/rbd: Fix memory leak in qemu_rbd_co_create_opts() - -Git-commit: b084b420d9d6347dede328fbcf18c8e4c695f7e8 - -When we allocate 'q_namespace', we forgot to set 'has_q_namespace' -to true. This can cause several issues, including a memory leak, -since qapi_free_BlockdevCreateOptions() does not deallocate that -memory, as reported by valgrind: - - 13 bytes in 1 blocks are definitely lost in loss record 7 of 96 - at 0x4839809: malloc (vg_replace_malloc.c:307) - by 0x48CEBB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8) - by 0x48E3FE3: g_strdup (in /usr/lib64/libglib-2.0.so.0.6600.8) - by 0x180010: qemu_rbd_co_create_opts (rbd.c:446) - by 0x1AE72C: bdrv_create_co_entry (block.c:492) - by 0x241902: coroutine_trampoline (coroutine-ucontext.c:173) - by 0x57530AF: ??? (in /usr/lib64/libc-2.32.so) - by 0x1FFEFFFA6F: ??? - -Fix setting 'has_q_namespace' to true when we allocate 'q_namespace'. - -Fixes: 19ae9ae014 ("block/rbd: Add support for ceph namespaces") -Signed-off-by: Stefano Garzarella -Message-Id: <20210329150129.121182-3-sgarzare@redhat.com> -Reviewed-by: Markus Armbruster -Reviewed-by: Max Reitz -Signed-off-by: Kevin Wolf -Signed-off-by: Bruce Rogers -[BR: Modified subject to acheive unique patchname] ---- - block/rbd.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/block/rbd.c b/block/rbd.c -index 15f1ac3b47d45e347a34579130ea..318e2826fc4180a1ad6837c81150 100644 ---- a/block/rbd.c -+++ b/block/rbd.c -@@ -444,6 +444,7 @@ static int coroutine_fn qemu_rbd_co_create_opts(BlockDriver *drv, - loc->user = g_strdup(qdict_get_try_str(options, "user")); - loc->has_user = !!loc->user; - loc->q_namespace = g_strdup(qdict_get_try_str(options, "namespace")); -+ loc->has_q_namespace = !!loc->q_namespace; - loc->image = g_strdup(qdict_get_try_str(options, "image")); - keypairs = qdict_get_try_str(options, "=keyvalue-pairs"); - diff --git a/block-rbd-fix-memory-leak-in-qemu_rbd_co.patch b/block-rbd-fix-memory-leak-in-qemu_rbd_co.patch deleted file mode 100644 index b990660a..00000000 --- a/block-rbd-fix-memory-leak-in-qemu_rbd_co.patch +++ /dev/null @@ -1,74 +0,0 @@ -From: Stefano Garzarella -Date: Mon, 29 Mar 2021 17:01:28 +0200 -Subject: block/rbd: fix memory leak in qemu_rbd_connect() - -Git-commit: c1c1f6cf511496b985cb9a1c536d59c9be7b9317 - -In qemu_rbd_connect(), 'mon_host' is allocated by qemu_rbd_mon_host() -using g_strjoinv(), but it's only freed in the error path, leaking -memory in the success path as reported by valgrind: - - 80 bytes in 4 blocks are definitely lost in loss record 5,028 of 6,516 - at 0x4839809: malloc (vg_replace_malloc.c:307) - by 0x5315BB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8) - by 0x532B6FF: g_strjoinv (in /usr/lib64/libglib-2.0.so.0.6600.8) - by 0x87D07E: qemu_rbd_mon_host (rbd.c:538) - by 0x87D07E: qemu_rbd_connect (rbd.c:562) - by 0x87E1CE: qemu_rbd_open (rbd.c:740) - by 0x840EB1: bdrv_open_driver (block.c:1528) - by 0x8453A9: bdrv_open_common (block.c:1802) - by 0x8453A9: bdrv_open_inherit (block.c:3444) - by 0x8464C2: bdrv_open (block.c:3537) - by 0x8108CD: qmp_blockdev_add (blockdev.c:3569) - by 0x8EA61B: qmp_marshal_blockdev_add (qapi-commands-block-core.c:1086) - by 0x90B528: do_qmp_dispatch_bh (qmp-dispatch.c:131) - by 0x907EA4: aio_bh_poll (async.c:164) - -Fix freeing 'mon_host' also when qemu_rbd_connect() ends correctly. - -Fixes: 0a55679b4a5061f4d74bdb1a0e81611ba3390b00 -Signed-off-by: Stefano Garzarella -Message-Id: <20210329150129.121182-2-sgarzare@redhat.com> -Reviewed-by: Markus Armbruster -Reviewed-by: Max Reitz -Signed-off-by: Kevin Wolf -Signed-off-by: Bruce Rogers ---- - block/rbd.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/block/rbd.c b/block/rbd.c -index 9bd2bce71651b8612e37c5dc040d..15f1ac3b47d45e347a34579130ea 100644 ---- a/block/rbd.c -+++ b/block/rbd.c -@@ -563,13 +563,13 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx, - if (local_err) { - error_propagate(errp, local_err); - r = -EINVAL; -- goto failed_opts; -+ goto out; - } - - r = rados_create(cluster, opts->user); - if (r < 0) { - error_setg_errno(errp, -r, "error initializing"); -- goto failed_opts; -+ goto out; - } - - /* try default location when conf=NULL, but ignore failure */ -@@ -626,11 +626,12 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx, - */ - rados_ioctx_set_namespace(*io_ctx, opts->q_namespace); - -- return 0; -+ r = 0; -+ goto out; - - failed_shutdown: - rados_shutdown(*cluster); --failed_opts: -+out: - g_free(mon_host); - return r; - } diff --git a/blockjob-Fix-crash-with-IOthread-when-bl.patch b/blockjob-Fix-crash-with-IOthread-when-bl.patch deleted file mode 100644 index 2a3c1709..00000000 --- a/blockjob-Fix-crash-with-IOthread-when-bl.patch +++ /dev/null @@ -1,113 +0,0 @@ -From: Michael Qiu -Date: Wed, 3 Feb 2021 10:40:59 +0800 -Subject: blockjob: Fix crash with IOthread when block commit after snapshot - -Git-commit: 076d467aacdf6dc5d01e2e61740b1795f2aec2f6 - -Currently, if guest has workloads, IO thread will acquire aio_context -lock before do io_submit, it leads to segmentfault when do block commit -after snapshot. Just like below: - -Program received signal SIGSEGV, Segmentation fault. - -[Switching to Thread 0x7f7c7d91f700 (LWP 99907)] -0x00005576d0f65aab in bdrv_mirror_top_pwritev at ../block/mirror.c:1437 -1437 ../block/mirror.c: No such file or directory. -(gdb) p s->job -$17 = (MirrorBlockJob *) 0x0 -(gdb) p s->stop -$18 = false - -Call trace of IO thread: -0 0x00005576d0f65aab in bdrv_mirror_top_pwritev at ../block/mirror.c:1437 -1 0x00005576d0f7f3ab in bdrv_driver_pwritev at ../block/io.c:1174 -2 0x00005576d0f8139d in bdrv_aligned_pwritev at ../block/io.c:1988 -3 0x00005576d0f81b65 in bdrv_co_pwritev_part at ../block/io.c:2156 -4 0x00005576d0f8e6b7 in blk_do_pwritev_part at ../block/block-backend.c:1260 -5 0x00005576d0f8e84d in blk_aio_write_entry at ../block/block-backend.c:1476 -... - -Switch to qemu main thread: -0 0x00007f903be704ed in __lll_lock_wait at -/lib/../lib64/libpthread.so.0 -1 0x00007f903be6bde6 in _L_lock_941 at /lib/../lib64/libpthread.so.0 -2 0x00007f903be6bcdf in pthread_mutex_lock at -/lib/../lib64/libpthread.so.0 -3 0x0000564b21456889 in qemu_mutex_lock_impl at -../util/qemu-thread-posix.c:79 -4 0x0000564b213af8a5 in block_job_add_bdrv at ../blockjob.c:224 -5 0x0000564b213b00ad in block_job_create at ../blockjob.c:440 -6 0x0000564b21357c0a in mirror_start_job at ../block/mirror.c:1622 -7 0x0000564b2135a9af in commit_active_start at ../block/mirror.c:1867 -8 0x0000564b2133d132 in qmp_block_commit at ../blockdev.c:2768 -9 0x0000564b2141fef3 in qmp_marshal_block_commit at -qapi/qapi-commands-block-core.c:346 -10 0x0000564b214503c9 in do_qmp_dispatch_bh at -../qapi/qmp-dispatch.c:110 -11 0x0000564b21451996 in aio_bh_poll at ../util/async.c:164 -12 0x0000564b2146018e in aio_dispatch at ../util/aio-posix.c:381 -13 0x0000564b2145187e in aio_ctx_dispatch at ../util/async.c:306 -14 0x00007f9040239049 in g_main_context_dispatch at -/lib/../lib64/libglib-2.0.so.0 -15 0x0000564b21447368 in main_loop_wait at ../util/main-loop.c:232 -16 0x0000564b21447368 in main_loop_wait at ../util/main-loop.c:255 -17 0x0000564b21447368 in main_loop_wait at ../util/main-loop.c:531 -18 0x0000564b212304e1 in qemu_main_loop at ../softmmu/runstate.c:721 -19 0x0000564b20f7975e in main at ../softmmu/main.c:50 - -In IO thread when do bdrv_mirror_top_pwritev, the job is NULL, and stop field -is false, this means the MirrorBDSOpaque "s" object has not been initialized -yet, and this object is initialized by block_job_create(), but the initialize -process is stuck in acquiring the lock. - -In this situation, IO thread come to bdrv_mirror_top_pwritev(),which means that -mirror-top node is already inserted into block graph, but its bs->opaque->job -is not initialized. - -The root cause is that qemu main thread do release/acquire when hold the lock, -at the same time, IO thread get the lock after release stage, and the crash -occured. - -Actually, in this situation, job->job.aio_context will not equal to -qemu_get_aio_context(), and will be the same as bs->aio_context, -thus, no need to release the lock, becasue bdrv_root_attach_child() -will not change the context. - -This patch fix this issue. - -Fixes: 132ada80 "block: Adjust AioContexts when attaching nodes" - -Signed-off-by: Michael Qiu -Message-Id: <20210203024059.52683-1-08005325@163.com> -Signed-off-by: Kevin Wolf -Signed-off-by: Bruce Rogers ---- - blockjob.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/blockjob.c b/blockjob.c -index 98ac8af98299ac26c50ce5e4c5bb..62f1a537399f07a88ebf520eb560 100644 ---- a/blockjob.c -+++ b/blockjob.c -@@ -212,15 +212,19 @@ int block_job_add_bdrv(BlockJob *job, const char *name, BlockDriverState *bs, - uint64_t perm, uint64_t shared_perm, Error **errp) - { - BdrvChild *c; -+ bool need_context_ops; - - bdrv_ref(bs); -- if (job->job.aio_context != qemu_get_aio_context()) { -+ -+ need_context_ops = bdrv_get_aio_context(bs) != job->job.aio_context; -+ -+ if (need_context_ops && job->job.aio_context != qemu_get_aio_context()) { - aio_context_release(job->job.aio_context); - } - c = bdrv_root_attach_child(bs, name, &child_job, 0, - job->job.aio_context, perm, shared_perm, job, - errp); -- if (job->job.aio_context != qemu_get_aio_context()) { -+ if (need_context_ops && job->job.aio_context != qemu_get_aio_context()) { - aio_context_acquire(job->job.aio_context); - } - if (c == NULL) { diff --git a/brotli-fix-actual-variable-array-paramet.patch b/brotli-fix-actual-variable-array-paramet.patch deleted file mode 100644 index 83d2695d..00000000 --- a/brotli-fix-actual-variable-array-paramet.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: Bruce Rogers -Date: Fri, 5 Mar 2021 13:25:44 -0700 -Subject: brotli: fix actual variable-array parameters to match declaration - -References: boo#1181922 - -GCC 11 complains about the mismatch between the variable-array -parameters not being defined as such in the actual function definition. -Make them match. - -Signed-off-by: Bruce Rogers ---- - c/dec/decode.c | 6 ++++-- - c/enc/encode.c | 5 +++-- - 2 files changed, 7 insertions(+), 4 deletions(-) - -diff --git a/roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/c/dec/decode.c b/roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/c/dec/decode.c -index 114c5057d7d91f5a634167e00d84..bb6f1ab6cc42f54720fd07f665e3 100644 ---- a/roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/c/dec/decode.c -+++ b/roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/c/dec/decode.c -@@ -2030,8 +2030,10 @@ static BROTLI_NOINLINE BrotliDecoderErrorCode SafeProcessCommands( - } - - BrotliDecoderResult BrotliDecoderDecompress( -- size_t encoded_size, const uint8_t* encoded_buffer, size_t* decoded_size, -- uint8_t* decoded_buffer) { -+ size_t encoded_size, -+ const uint8_t encoded_buffer[BROTLI_ARRAY_PARAM(encoded_size)], -+ size_t* decoded_size, -+ uint8_t decoded_buffer[BROTLI_ARRAY_PARAM(*decoded_size)]) { - BrotliDecoderState s; - BrotliDecoderResult result; - size_t total_out = 0; -diff --git a/roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/c/enc/encode.c b/roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/c/enc/encode.c -index 68548ef55af8036d6f0fe720e721..ab0a4906060c98461102d45ab61d 100644 ---- a/roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/c/enc/encode.c -+++ b/roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/c/enc/encode.c -@@ -1470,8 +1470,9 @@ static size_t MakeUncompressedStream( - - BROTLI_BOOL BrotliEncoderCompress( - int quality, int lgwin, BrotliEncoderMode mode, size_t input_size, -- const uint8_t* input_buffer, size_t* encoded_size, -- uint8_t* encoded_buffer) { -+ const uint8_t input_buffer[BROTLI_ARRAY_PARAM(input_size)], -+ size_t* encoded_size, -+ uint8_t encoded_buffer[BROTLI_ARRAY_PARAM(*encoded_size)]) { - BrotliEncoderState* s; - size_t out_size = *encoded_size; - const uint8_t* input_start = input_buffer; diff --git a/build-no-pie-is-no-functional-linker-fla.patch b/build-no-pie-is-no-functional-linker-fla.patch deleted file mode 100644 index 0d38dce3..00000000 --- a/build-no-pie-is-no-functional-linker-fla.patch +++ /dev/null @@ -1,74 +0,0 @@ -From: Christian Ehrhardt -Date: Mon, 14 Dec 2020 16:09:38 +0100 -Subject: build: -no-pie is no functional linker flag - -Git-commit: bbd2d5a8120771ec59b86a80a1f51884e0a26e53 - -Recent binutils changes dropping unsupported options [1] caused a build -issue in regard to the optionroms. - - ld -m elf_i386 -T /<>/pc-bios/optionrom//flat.lds -no-pie \ - -s -o multiboot.img multiboot.o - ld.bfd: Error: unable to disambiguate: -no-pie (did you mean --no-pie ?) - -This isn't really a regression in ld.bfd, filing the bug upstream -revealed that this never worked as a ld flag [2] - in fact it seems we -were by accident setting --nmagic). - -Since it never had the wanted effect this usage of LDFLAGS_NOPIE, should be -droppable without any effect. This also is the only use-case of LDFLAGS_NOPIE -in .mak, therefore we can also remove it from being added there. - -[1]: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=983d925d -[2]: https://sourceware.org/bugzilla/show_bug.cgi?id=27050#c5 - -Signed-off-by: Christian Ehrhardt -Message-Id: <20201214150938.1297512-1-christian.ehrhardt@canonical.com> -Cc: qemu-stable@nongnu.org -Signed-off-by: Paolo Bonzini -Signed-off-by: Bruce Rogers ---- - configure | 3 --- - pc-bios/optionrom/Makefile | 1 - - 2 files changed, 4 deletions(-) - -diff --git a/configure b/configure -index 18c26e0389741643748c70ac7788..7ce723bbe769dac2af8456079e89 100755 ---- a/configure -+++ b/configure -@@ -2121,7 +2121,6 @@ EOF - # Check we support --no-pie first; we will need this for building ROMs. - if compile_prog "-Werror -fno-pie" "-no-pie"; then - CFLAGS_NOPIE="-fno-pie" -- LDFLAGS_NOPIE="-no-pie" - fi - - if test "$static" = "yes"; then -@@ -2137,7 +2136,6 @@ if test "$static" = "yes"; then - fi - elif test "$pie" = "no"; then - CONFIGURE_CFLAGS="$CFLAGS_NOPIE $CONFIGURE_CFLAGS" -- CONFIGURE_LDFLAGS="$LDFLAGS_NOPIE $CONFIGURE_LDFLAGS" - elif compile_prog "-Werror -fPIE -DPIE" "-pie"; then - CONFIGURE_CFLAGS="-fPIE -DPIE $CONFIGURE_CFLAGS" - CONFIGURE_LDFLAGS="-pie $CONFIGURE_LDFLAGS" -@@ -6756,7 +6754,6 @@ echo "QEMU_CXXFLAGS=$QEMU_CXXFLAGS" >> $config_host_mak - echo "GLIB_CFLAGS=$glib_cflags" >> $config_host_mak - echo "GLIB_LIBS=$glib_libs" >> $config_host_mak - echo "QEMU_LDFLAGS=$QEMU_LDFLAGS" >> $config_host_mak --echo "LDFLAGS_NOPIE=$LDFLAGS_NOPIE" >> $config_host_mak - echo "LD_I386_EMULATION=$ld_i386_emulation" >> $config_host_mak - echo "EXESUF=$EXESUF" >> $config_host_mak - echo "HOST_DSOSUF=$HOST_DSOSUF" >> $config_host_mak -diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile -index 084fc10f0540b62df06c476bb11c..30771f8d17cb2143eb7bbb004ceb 100644 ---- a/pc-bios/optionrom/Makefile -+++ b/pc-bios/optionrom/Makefile -@@ -41,7 +41,6 @@ override CFLAGS += $(call cc-option, $(Wa)-32) - - LD_I386_EMULATION ?= elf_i386 - override LDFLAGS = -m $(LD_I386_EMULATION) -T $(SRC_DIR)/flat.lds --override LDFLAGS += $(LDFLAGS_NOPIE) - - all: multiboot.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin pvh.bin - diff --git a/bundles.tar.xz b/bundles.tar.xz index e4102fc1..488fa1f0 100644 --- a/bundles.tar.xz +++ b/bundles.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:efac9c8c227a19a38d7ab7ce7739d477c22732a6f6fcee07ce6b86d5d4f88ea7 -size 109568 +oid sha256:6ffc77f1d0e614c0f9b05329be58af08284d7d00063ef72cda10d54ef40c89ba +size 52160 diff --git a/cadence_gem-switch-to-use-qemu_receive_p.patch b/cadence_gem-switch-to-use-qemu_receive_p.patch deleted file mode 100644 index bc3ce304..00000000 --- a/cadence_gem-switch-to-use-qemu_receive_p.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Alexander Bulekov -Date: Mon, 1 Mar 2021 14:33:43 -0500 -Subject: cadence_gem: switch to use qemu_receive_packet() for loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: e73adfbeec9d4e008630c814759052ed945c3fed - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Alexander Bulekov -Signed-off-by: Jason Wang -Signed-off-by: Bruce Rogers ---- - hw/net/cadence_gem.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c -index 7a534691f1f43ab4fefaf2f82dc9..43b760e3f1b7fb9bf0d116361713 100644 ---- a/hw/net/cadence_gem.c -+++ b/hw/net/cadence_gem.c -@@ -1275,8 +1275,8 @@ static void gem_transmit(CadenceGEMState *s) - /* Send the packet somewhere */ - if (s->phy_loop || (s->regs[GEM_NWCTRL] & - GEM_NWCTRL_LOCALLOOP)) { -- gem_receive(qemu_get_queue(s->nic), s->tx_packet, -- total_bytes); -+ qemu_receive_packet(qemu_get_queue(s->nic), s->tx_packet, -+ total_bytes); - } else { - qemu_send_packet(qemu_get_queue(s->nic), s->tx_packet, - total_bytes); diff --git a/config.sh b/config.sh index de202fb4..6aac9d9a 100644 --- a/config.sh +++ b/config.sh @@ -18,12 +18,12 @@ UPSTREAM_GIT_REPO=https://gitlab.com/qemu-project/qemu.git # The following specifies the upstream tag or commit upon which our patchqueue # gets rebased. The special value LATEST may be used to "automatically" track # the upstream development tree in the master branch -GIT_UPSTREAM_COMMIT_ISH=v5.2.0 +GIT_UPSTREAM_COMMIT_ISH=v6.0.0 # WARNING: If transitioning from using LATEST to not, MANUALLY re-set the # tarball present. If transitioning TO LATEST, make sure that # NEXT_RELEASE_IS_MAJOR is set correctly # This is used to choose the version number when LATEST processing is active -NEXT_RELEASE_IS_MAJOR=1 +NEXT_RELEASE_IS_MAJOR=0 # Unfortunately, SeaBIOS doesn't always follow an "always increasing" version # model, so there may be times we should overide the automated version setting. diff --git a/configure-only-populate-roms-if-softmmu.patch b/configure-only-populate-roms-if-softmmu.patch index 49fdb989..3347029b 100644 --- a/configure-only-populate-roms-if-softmmu.patch +++ b/configure-only-populate-roms-if-softmmu.patch @@ -12,10 +12,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure -index 7ce723bbe769dac2af8456079e89..a1312935a5683ed740c9b6143c6b 100755 +index 4f374b48890e7f1a868672f2fe49..9de240a6b3e7fb7d72b57353546a 100755 --- a/configure +++ b/configure -@@ -5858,7 +5858,7 @@ if { test "$cpu" = "i386" || test "$cpu" = "x86_64"; } && \ +@@ -5417,7 +5417,7 @@ if { test "$cpu" = "i386" || test "$cpu" = "x86_64"; } && \ fi # Only build s390-ccw bios if we're on s390x and the compiler has -march=z900 diff --git a/configure-remove-pkgversion-from-CONFIG_.patch b/configure-remove-pkgversion-from-CONFIG_.patch index 2a4092c8..7acc4a09 100644 --- a/configure-remove-pkgversion-from-CONFIG_.patch +++ b/configure-remove-pkgversion-from-CONFIG_.patch @@ -18,10 +18,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure -index a1312935a5683ed740c9b6143c6b..2ed5366e82a194946a5a2ca12bac 100755 +index 9de240a6b3e7fb7d72b57353546a..ceec2d3830ed44083a6c22295e70 100755 --- a/configure +++ b/configure -@@ -6045,7 +6045,7 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak +@@ -5581,7 +5581,7 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak if test "$modules" = "yes"; then # $shacmd can generate a hash started with digit, which the compiler doesn't # like as an symbol. So prefix it with an underscore diff --git a/cpu-core-Fix-help-of-CPU-core-device-typ.patch b/cpu-core-Fix-help-of-CPU-core-device-typ.patch deleted file mode 100644 index 1cd7f8f0..00000000 --- a/cpu-core-Fix-help-of-CPU-core-device-typ.patch +++ /dev/null @@ -1,60 +0,0 @@ -From: Greg Kurz -Date: Fri, 9 Apr 2021 18:03:39 +0200 -Subject: cpu/core: Fix "help" of CPU core device types - -Git-commit: 0b47ec4b95ad1952e55e639711d442f8ec6e1345 - -Calling qdev_get_machine() from a QOM instance_init function is -fragile because we can't be sure the machine object actually -exists. And this happens to break when passing ",help" on the -command line to get the list of properties for a CPU core -device types : - -$ ./qemu-system-ppc64 -device power8_v2.0-spapr-cpu-core,help -qemu-system-ppc64: ../../hw/core/machine.c:1290: - qdev_get_machine: Assertion `machine != NULL' failed. -Aborted (core dumped) - -This used to work before QEMU 5.0, but commit 3df261b6676b -unwillingly introduced a subtle regression : the above command -line needs to create an instance but the instance_init function -of the base class calls qdev_get_machine() before -qemu_create_machine() has been called, which is a programming bug. - -Use current_machine instead. It is okay to skip the setting of -nr_thread in this case since only its type is displayed. - -Fixes: 3df261b6676b ("softmmu/vl.c: Handle '-cpu help' and '-device help' before 'no default machine'") -Reported-by: Thomas Huth -Signed-off-by: Greg Kurz -Cc: peter.maydell@linaro.org -Message-Id: <20210409160339.500167-3-groug@kaod.org> -Signed-off-by: Eduardo Habkost -Signed-off-by: Bruce Rogers ---- - hw/cpu/core.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/hw/cpu/core.c b/hw/cpu/core.c -index 92d3b2fbad62cc3dd7656f148bfd..9876075155743d8966a8383412fd 100644 ---- a/hw/cpu/core.c -+++ b/hw/cpu/core.c -@@ -66,10 +66,16 @@ static void core_prop_set_nr_threads(Object *obj, Visitor *v, const char *name, - - static void cpu_core_instance_init(Object *obj) - { -- MachineState *ms = MACHINE(qdev_get_machine()); - CPUCore *core = CPU_CORE(obj); - -- core->nr_threads = ms->smp.threads; -+ /* -+ * Only '-device something-cpu-core,help' can get us there before -+ * the machine has been created. We don't care to set nr_threads -+ * in this case since it isn't used afterwards. -+ */ -+ if (current_machine) { -+ core->nr_threads = current_machine->smp.threads; -+ } - } - - static void cpu_core_class_init(ObjectClass *oc, void *data) diff --git a/doc-add-our-support-doc-to-the-main-proj.patch b/doc-add-our-support-doc-to-the-main-proj.patch new file mode 100644 index 00000000..dc54994a --- /dev/null +++ b/doc-add-our-support-doc-to-the-main-proj.patch @@ -0,0 +1,23 @@ +From: Bruce Rogers +Date: Fri, 29 Jan 2021 20:06:16 -0700 +Subject: doc: add our support doc to the main project doc for x86 and s390x + +Include-If: %if %{legacy_qemu_kvm} + +Signed-off-by: Bruce Rogers +--- + docs/index.rst | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/docs/index.rst b/docs/index.rst +index 763e3d0426e8b15245b6ff0d0611..b659236f162532ea64931ec3e674 100644 +--- a/docs/index.rst ++++ b/docs/index.rst +@@ -10,6 +10,7 @@ Welcome to QEMU's documentation! + :maxdepth: 2 + :caption: Contents: + ++ supported.rst + system/index + user/index + tools/index diff --git a/docs-add-SUSE-support-statements-to-html.patch b/docs-add-SUSE-support-statements-to-html.patch deleted file mode 100644 index 31f07f06..00000000 --- a/docs-add-SUSE-support-statements-to-html.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Bruce Rogers -Date: Tue, 28 Apr 2020 09:53:49 -0600 -Subject: docs: add SUSE support statements to html docs - -Include-If: %if %{legacy_qemu_kvm} - -We can fairly easily produce an html version of our support statements. -Now that qemu includes fairly good html-based documentation, leverage it -to expose our SUSE specific in-package support documentation. - -Signed-off-by: Bruce Rogers ---- - docs/index.html.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/docs/index.html.in b/docs/index.html.in -index 33db4396ac83b95b60ef16580d31..ba157bf3c8dcace7149eabf171af 100644 ---- a/docs/index.html.in -+++ b/docs/index.html.in -@@ -7,6 +7,7 @@ - -

QEMU @VERSION@ Documentation

-
    -+
  • SUSE Support Statements
    • -
  • System Emulation User's Guide
    • -
  • User Mode Emulation User's Guide
    • -
  • Tools Guide
    • diff --git a/dp8393x-switch-to-use-qemu_receive_packe.patch b/dp8393x-switch-to-use-qemu_receive_packe.patch deleted file mode 100644 index cafeac9d..00000000 --- a/dp8393x-switch-to-use-qemu_receive_packe.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Jason Wang -Date: Wed, 24 Feb 2021 12:57:40 +0800 -Subject: dp8393x: switch to use qemu_receive_packet() for loopback packet -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 331d2ac9ea307c990dc86e6493e8f0c48d14bb33 - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Bruce Rogers ---- - hw/net/dp8393x.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c -index 205c0decc535724de568023e9f23..533a8304d0bc4b7b8a7750389cc0 100644 ---- a/hw/net/dp8393x.c -+++ b/hw/net/dp8393x.c -@@ -506,7 +506,7 @@ static void dp8393x_do_transmit_packets(dp8393xState *s) - s->regs[SONIC_TCR] |= SONIC_TCR_CRSL; - if (nc->info->can_receive(nc)) { - s->loopback_packet = 1; -- nc->info->receive(nc, s->tx_buffer, tx_len); -+ qemu_receive_packet(nc, s->tx_buffer, tx_len); - } - } else { - /* Transmit packet */ diff --git a/e1000-fail-early-for-evil-descriptor.patch b/e1000-fail-early-for-evil-descriptor.patch deleted file mode 100644 index 3267b735..00000000 --- a/e1000-fail-early-for-evil-descriptor.patch +++ /dev/null @@ -1,50 +0,0 @@ -From: Jason Wang -Date: Wed, 24 Feb 2021 13:45:28 +0800 -Subject: e1000: fail early for evil descriptor - -Git-commit: 3de46e6fc489c52c9431a8a832ad8170a7569bd8 -References: bsc#1182577, CVE-2021-20257 - -During procss_tx_desc(), driver can try to chain data descriptor with -legacy descriptor, when will lead underflow for the following -calculation in process_tx_desc() for bytes: - - if (tp->size + bytes > msh) - bytes = msh - tp->size; - -This will lead a infinite loop. So check and fail early if tp->size if -greater or equal to msh. - -Reported-by: Alexander Bulekov -Reported-by: Cheolwoo Myung -Reported-by: Ruhr-University Bochum -Cc: Prasad J Pandit -Cc: qemu-stable@nongnu.org -Signed-off-by: Jason Wang -Signed-off-by: Bruce Rogers ---- - hw/net/e1000.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/hw/net/e1000.c b/hw/net/e1000.c -index d7d05ae30afafb2e7979c74564a6..02a446b89bae0dec0acdefa54760 100644 ---- a/hw/net/e1000.c -+++ b/hw/net/e1000.c -@@ -670,6 +670,9 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) - msh = tp->tso_props.hdr_len + tp->tso_props.mss; - do { - bytes = split_size; -+ if (tp->size >= msh) { -+ goto eop; -+ } - if (tp->size + bytes > msh) - bytes = msh - tp->size; - -@@ -695,6 +698,7 @@ process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) - tp->size += split_size; - } - -+eop: - if (!(txd_lower & E1000_TXD_CMD_EOP)) - return; - if (!(tp->cptse && tp->size < tp->tso_props.hdr_len)) { diff --git a/e1000-switch-to-use-qemu_receive_packet-.patch b/e1000-switch-to-use-qemu_receive_packet-.patch deleted file mode 100644 index 33d80fac..00000000 --- a/e1000-switch-to-use-qemu_receive_packet-.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Jason Wang -Date: Wed, 24 Feb 2021 12:13:22 +0800 -Subject: e1000: switch to use qemu_receive_packet() for loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 1caff0340f49c93d535c6558a5138d20d475315c - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Jason Wang -Signed-off-by: Bruce Rogers ---- - hw/net/e1000.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/e1000.c b/hw/net/e1000.c -index 02a446b89bae0dec0acdefa54760..c3564c7ce814004f72ab42854542 100644 ---- a/hw/net/e1000.c -+++ b/hw/net/e1000.c -@@ -546,7 +546,7 @@ e1000_send_packet(E1000State *s, const uint8_t *buf, int size) - - NetClientState *nc = qemu_get_queue(s->nic); - if (s->phy_reg[PHY_CTRL] & MII_CR_LOOPBACK) { -- nc->info->receive(nc, buf, size); -+ qemu_receive_packet(nc, buf, size); - } else { - qemu_send_packet(nc, buf, size); - } diff --git a/hw-arm-virt-Disable-pl011-clock-migratio.patch b/hw-arm-virt-Disable-pl011-clock-migratio.patch deleted file mode 100644 index a4f03cbe..00000000 --- a/hw-arm-virt-Disable-pl011-clock-migratio.patch +++ /dev/null @@ -1,87 +0,0 @@ -From: Gavin Shan -Date: Thu, 18 Mar 2021 10:38:01 +0800 -Subject: hw/arm/virt: Disable pl011 clock migration if needed - -Git-commit: e6fa978d8343ec7cf20b9c8b2dcb390646242457 - -A clock is added by commit aac63e0e6ea3 ("hw/char/pl011: add a clock -input") since v5.2.0 which corresponds to virt-5.2 machine type. It -causes backwards migration failure from upstream to downstream (v5.1.0) -when the machine type is specified with virt-5.1. - -This fixes the issue by following instructions from section "Connecting -subsections to properties" in docs/devel/migration.rst. With this applied, -the PL011 clock is migrated based on the machine type. - - virt-5.2 or newer: migration - virt-5.1 or older: non-migration - -Cc: qemu-stable@nongnu.org # v5.2.0+ -Fixes: aac63e0e6ea3 ("hw/char/pl011: add a clock input") -Suggested-by: Andrew Jones -Signed-off-by: Gavin Shan -Reviewed-by: Andrew Jones -Message-id: 20210318023801.18287-1-gshan@redhat.com -Signed-off-by: Peter Maydell -Signed-off-by: Bruce Rogers ---- - hw/char/pl011.c | 9 +++++++++ - hw/core/machine.c | 1 + - include/hw/char/pl011.h | 1 + - 3 files changed, 11 insertions(+) - -diff --git a/hw/char/pl011.c b/hw/char/pl011.c -index ede16c781c9abcbeaf3ffb8f5c73..74cfa6cd663e397fdc4ba6d3bfe9 100644 ---- a/hw/char/pl011.c -+++ b/hw/char/pl011.c -@@ -321,10 +321,18 @@ static const MemoryRegionOps pl011_ops = { - .endianness = DEVICE_NATIVE_ENDIAN, - }; - -+static bool pl011_clock_needed(void *opaque) -+{ -+ PL011State *s = PL011(opaque); -+ -+ return s->migrate_clk; -+} -+ - static const VMStateDescription vmstate_pl011_clock = { - .name = "pl011/clock", - .version_id = 1, - .minimum_version_id = 1, -+ .needed = pl011_clock_needed, - .fields = (VMStateField[]) { - VMSTATE_CLOCK(clk, PL011State), - VMSTATE_END_OF_LIST() -@@ -362,6 +370,7 @@ static const VMStateDescription vmstate_pl011 = { - - static Property pl011_properties[] = { - DEFINE_PROP_CHR("chardev", PL011State, chr), -+ DEFINE_PROP_BOOL("migrate-clk", PL011State, migrate_clk, true), - DEFINE_PROP_END_OF_LIST(), - }; - -diff --git a/hw/core/machine.c b/hw/core/machine.c -index 9e83400ecbfdd1c8ab20a54ff39c..72ceba57def38ca9dd5c683a71c4 100644 ---- a/hw/core/machine.c -+++ b/hw/core/machine.c -@@ -36,6 +36,7 @@ GlobalProperty hw_compat_5_1[] = { - { "virtio-scsi-device", "num_queues", "1"}, - { "nvme", "use-intel-id", "on"}, - { "pvpanic", "events", "1"}, /* PVPANIC_PANICKED */ -+ { "pl011", "migrate-clk", "off" }, - }; - const size_t hw_compat_5_1_len = G_N_ELEMENTS(hw_compat_5_1); - -diff --git a/include/hw/char/pl011.h b/include/hw/char/pl011.h -index 33e5e5317b82caaf39078a10b821..dc2c90eedca7b5f23d9db0c3a4ec 100644 ---- a/include/hw/char/pl011.h -+++ b/include/hw/char/pl011.h -@@ -50,6 +50,7 @@ struct PL011State { - CharBackend chr; - qemu_irq irq[6]; - Clock *clk; -+ bool migrate_clk; - const unsigned char *id; - }; - diff --git a/hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch b/hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch deleted file mode 100644 index ec73f2a9..00000000 --- a/hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Zenghui Yu -Date: Fri, 2 Apr 2021 16:47:31 +0800 -Subject: hw/arm/virt-acpi-build: Fix GSIV values of the {GERR, Sync} - interrupts - -Git-commit: 0c38f607836af40921ea2b58676b7c4a9fe33bef - -The GSIV values in SMMUv3 IORT node are not correct as they don't match -the SMMUIrq enumeration, which describes the IRQ<->PIN mapping used by -our emulated vSMMU. - -Fixes: a703b4f6c1ee ("hw/arm/virt-acpi-build: Add smmuv3 node in IORT table") -Signed-off-by: Zenghui Yu -Acked-by: Eric Auger -Message-id: 20210402084731.93-1-yuzenghui@huawei.com -Signed-off-by: Peter Maydell -Signed-off-by: Bruce Rogers ---- - hw/arm/virt-acpi-build.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c -index 9747a6458f0bfd34a3c2b3fda96a..6cd17c58c5535ee7277292b7372f 100644 ---- a/hw/arm/virt-acpi-build.c -+++ b/hw/arm/virt-acpi-build.c -@@ -287,8 +287,8 @@ build_iort(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms) - smmu->flags = cpu_to_le32(ACPI_IORT_SMMU_V3_COHACC_OVERRIDE); - smmu->event_gsiv = cpu_to_le32(irq); - smmu->pri_gsiv = cpu_to_le32(irq + 1); -- smmu->gerr_gsiv = cpu_to_le32(irq + 2); -- smmu->sync_gsiv = cpu_to_le32(irq + 3); -+ smmu->sync_gsiv = cpu_to_le32(irq + 2); -+ smmu->gerr_gsiv = cpu_to_le32(irq + 3); - - /* Identity RID mapping covering the whole input RID range */ - idmap = &smmu->id_mapping_array[0]; diff --git a/hw-block-fdc-Fix-fallback-property-on-sy.patch b/hw-block-fdc-Fix-fallback-property-on-sy.patch deleted file mode 100644 index 496a4c64..00000000 --- a/hw-block-fdc-Fix-fallback-property-on-sy.patch +++ /dev/null @@ -1,47 +0,0 @@ -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Wed, 7 Apr 2021 15:37:42 +0200 -Subject: hw/block/fdc: Fix 'fallback' property on sysbus floppy disk - controllers -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: da64789d3a16b2c5b5f1be9c75b00c2b8ae393a0 - -Setting the 'fallback' property corrupts the QOM instance state -(FDCtrlSysBus) because it accesses an incorrect offset (it uses -the offset of the FDCtrlISABus state). - -Cc: qemu-stable@nongnu.org -Fixes: a73275dd6fc ("fdc: Add fallback option") -Signed-off-by: Philippe Mathieu-Daudé -Message-Id: <20210407133742.1680424-1-f4bug@amsat.org> -Reviewed-by: Markus Armbruster -Signed-off-by: Kevin Wolf -Signed-off-by: Bruce Rogers ---- - hw/block/fdc.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/block/fdc.c b/hw/block/fdc.c -index d6ba6c8f730092632770cf66908b..11a43cd4a18c02e3492d3f171049 100644 ---- a/hw/block/fdc.c -+++ b/hw/block/fdc.c -@@ -2961,7 +2961,7 @@ static Property sysbus_fdc_properties[] = { - DEFINE_PROP_SIGNED("fdtypeB", FDCtrlSysBus, state.qdev_for_drives[1].type, - FLOPPY_DRIVE_TYPE_AUTO, qdev_prop_fdc_drive_type, - FloppyDriveType), -- DEFINE_PROP_SIGNED("fallback", FDCtrlISABus, state.fallback, -+ DEFINE_PROP_SIGNED("fallback", FDCtrlSysBus, state.fallback, - FLOPPY_DRIVE_TYPE_144, qdev_prop_fdc_drive_type, - FloppyDriveType), - DEFINE_PROP_END_OF_LIST(), -@@ -2987,7 +2987,7 @@ static Property sun4m_fdc_properties[] = { - DEFINE_PROP_SIGNED("fdtype", FDCtrlSysBus, state.qdev_for_drives[0].type, - FLOPPY_DRIVE_TYPE_AUTO, qdev_prop_fdc_drive_type, - FloppyDriveType), -- DEFINE_PROP_SIGNED("fallback", FDCtrlISABus, state.fallback, -+ DEFINE_PROP_SIGNED("fallback", FDCtrlSysBus, state.fallback, - FLOPPY_DRIVE_TYPE_144, qdev_prop_fdc_drive_type, - FloppyDriveType), - DEFINE_PROP_END_OF_LIST(), diff --git a/hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch b/hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch deleted file mode 100644 index 2e5c07ee..00000000 --- a/hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch +++ /dev/null @@ -1,65 +0,0 @@ -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Sun, 31 Jan 2021 11:34:01 +0100 -Subject: hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: edfe2eb4360cde4ed5d95bda7777edcb3510f76a -References: bsc#1181933 - -Per the ARM Generic Interrupt Controller Architecture specification -(document "ARM IHI 0048B.b (ID072613)"), the SGIINTID field is 4 bit, -not 10: - - - 4.3 Distributor register descriptions - - 4.3.15 Software Generated Interrupt Register, GICD_SG - - - Table 4-21 GICD_SGIR bit assignments - - The Interrupt ID of the SGI to forward to the specified CPU - interfaces. The value of this field is the Interrupt ID, in - the range 0-15, for example a value of 0b0011 specifies - Interrupt ID 3. - -Correct the irq mask to fix an undefined behavior (which eventually -lead to a heap-buffer-overflow, see [Buglink]): - - $ echo 'writel 0x8000f00 0xff4affb0' | qemu-system-aarch64 -M virt,accel=qtest -qtest stdio - [I 1612088147.116987] OPENED - [R +0.278293] writel 0x8000f00 0xff4affb0 - ../hw/intc/arm_gic.c:1498:13: runtime error: index 944 out of bounds for type 'uint8_t [16][8]' - SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/intc/arm_gic.c:1498:13 - -This fixes a security issue when running with KVM on Arm with -kernel-irqchip=off. (The default is kernel-irqchip=on, which is -unaffected, and which is also the correct choice for performance.) - -Cc: qemu-stable@nongnu.org -Fixes: CVE-2021-20221 -Fixes: 9ee6e8bb853 ("ARMv7 support.") -Buglink: https://bugs.launchpad.net/qemu/+bug/1913916 -Buglink: https://bugs.launchpad.net/qemu/+bug/1913917 -Reported-by: Alexander Bulekov -Signed-off-by: Philippe Mathieu-Daudé -Message-id: 20210131103401.217160-1-f4bug@amsat.org -Reviewed-by: Peter Maydell -Signed-off-by: Peter Maydell -Signed-off-by: Bruce Rogers ---- - hw/intc/arm_gic.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c -index c60dc6b5e6e519e61b20dda66c7b..fbde60de05a20a607a64a5a91bad 100644 ---- a/hw/intc/arm_gic.c -+++ b/hw/intc/arm_gic.c -@@ -1474,7 +1474,7 @@ static void gic_dist_writel(void *opaque, hwaddr offset, - int target_cpu; - - cpu = gic_get_current_cpu(s); -- irq = value & 0x3ff; -+ irq = value & 0xf; - switch ((value >> 24) & 3) { - case 0: - mask = (value >> 16) & ALL_CPU_MASK; diff --git a/hw-isa-Kconfig-Add-missing-dependency-VI.patch b/hw-isa-Kconfig-Add-missing-dependency-VI.patch deleted file mode 100644 index 11636cf3..00000000 --- a/hw-isa-Kconfig-Add-missing-dependency-VI.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Tue, 2 Mar 2021 09:00:42 +0100 -Subject: hw/isa/Kconfig: Add missing dependency VIA VT82C686 -> APM -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 50fab4cc672233fee22fff2cf51543af57602c7d - -TYPE_VIA_PM calls apm_init() in via_pm_realize(), so -requires APM to be selected. - -Reported-by: BALATON Zoltan -Fixes: dd0ff8191ab ("isa: express SuperIO dependencies with Kconfig") -Signed-off-by: Philippe Mathieu-Daudé -Message-Id: <20210302080531.913802-1-f4bug@amsat.org> -Signed-off-by: Bruce Rogers ---- - hw/isa/Kconfig | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/hw/isa/Kconfig b/hw/isa/Kconfig -index c7f07854f7e7777a03c7dd1db0d0..9c026d0c5103b87b3e8c9348a8d0 100644 ---- a/hw/isa/Kconfig -+++ b/hw/isa/Kconfig -@@ -47,6 +47,7 @@ config VT82C686 - select ACPI_SMBUS - select SERIAL_ISA - select FDC -+ select APM - - config SMC37C669 - bool diff --git a/hw-isa-piix4-Migrate-Reset-Control-Regis.patch b/hw-isa-piix4-Migrate-Reset-Control-Regis.patch deleted file mode 100644 index 21aa415c..00000000 --- a/hw-isa-piix4-Migrate-Reset-Control-Regis.patch +++ /dev/null @@ -1,62 +0,0 @@ -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Wed, 24 Mar 2021 14:54:43 +0100 -Subject: hw/isa/piix4: Migrate Reset Control Register -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 62271205bcfaee440d06c06060ee79dac657caff - -When adding the Reset register in commit 5790b757cfb we -forgot to migrate it. - -While it is possible a VM using the PIIX4 is migrated just -after requesting a system shutdown, it is very unlikely. -However when restoring a migrated VM, we might have the -RCR bit #4 set on the stack and when the VM resume it -directly shutdowns. - -Add a post_load() migration handler and set the default -RCR value to 0 for earlier versions, assuming the VM was -not going to shutdown before migration. - -Fixes: 5790b757cfb ("piix4: Add the Reset Control Register") -Signed-off-by: Philippe Mathieu-Daudé -Reviewed-by: Dr. David Alan Gilbert -Message-Id: <20210324200334.729899-1-f4bug@amsat.org> -Signed-off-by: Bruce Rogers ---- - hw/isa/piix4.c | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c -index a50d97834c760e3ebc5103614ee9..b3b6a4378a334b1a4bf0105a6857 100644 ---- a/hw/isa/piix4.c -+++ b/hw/isa/piix4.c -@@ -93,12 +93,25 @@ static void piix4_isa_reset(DeviceState *dev) - pci_conf[0xae] = 0x00; - } - -+static int piix4_ide_post_load(void *opaque, int version_id) -+{ -+ PIIX4State *s = opaque; -+ -+ if (version_id == 2) { -+ s->rcr = 0; -+ } -+ -+ return 0; -+} -+ - static const VMStateDescription vmstate_piix4 = { - .name = "PIIX4", -- .version_id = 2, -+ .version_id = 3, - .minimum_version_id = 2, -+ .post_load = piix4_ide_post_load, - .fields = (VMStateField[]) { - VMSTATE_PCI_DEVICE(dev, PIIX4State), -+ VMSTATE_UINT8_V(rcr, PIIX4State, 3), - VMSTATE_END_OF_LIST() - } - }; diff --git a/hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch b/hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch deleted file mode 100644 index 99a41b19..00000000 --- a/hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Peter Maydell -Date: Fri, 8 Jan 2021 18:04:00 +0000 -Subject: hw/net/lan9118: Fix RX Status FIFO PEEK value -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: e7e29fdbbe07fb762d85af9c4d8eeff9b0f52a8e - -A copy-and-paste error meant that the return value for register offset 0x44 -(the RX Status FIFO PEEK register) returned a byte from a bogus offset in -the rx status FIFO. Fix the typo. - -Cc: qemu-stable@nongnu.org -Fixes: https://bugs.launchpad.net/qemu/+bug/1904954 -Signed-off-by: Peter Maydell -Reviewed-by: Philippe Mathieu-Daudé -Message-id: 20210108180401.2263-2-peter.maydell@linaro.org -Signed-off-by: Bruce Rogers ---- - hw/net/lan9118.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c -index ab57c02c8e10d3ea1feb258fa4c5..13d469fe24fd8dd3a03eb2b60a58 100644 ---- a/hw/net/lan9118.c -+++ b/hw/net/lan9118.c -@@ -1206,7 +1206,7 @@ static uint64_t lan9118_readl(void *opaque, hwaddr offset, - case 0x40: - return rx_status_fifo_pop(s); - case 0x44: -- return s->rx_status_fifo[s->tx_status_fifo_head]; -+ return s->rx_status_fifo[s->rx_status_fifo_head]; - case 0x48: - return tx_status_fifo_pop(s); - case 0x4c: diff --git a/hw-s390x-fix-build-for-virtio-9p-ccw.patch b/hw-s390x-fix-build-for-virtio-9p-ccw.patch deleted file mode 100644 index 9bf01780..00000000 --- a/hw-s390x-fix-build-for-virtio-9p-ccw.patch +++ /dev/null @@ -1,40 +0,0 @@ -From: Halil Pasic -Date: Thu, 18 Feb 2021 04:40:59 +0100 -Subject: hw/s390x: fix build for virtio-9p-ccw - -Git-commit: 24056cbfd577fd219d55c03f69df66e6351456e7 -References: bsc#1182496 - -Commit 2c44220d05 ("meson: convert hw/arch*"), which migrated the old -Makefile.objs to meson.build accidentally excluded virtio-ccw-9p.c and -thus the virtio-9p-ccw device from the build (and potentially also -included the file virtio-ccw-blk.c twice in the source set). And since -CONFIG_VIRTFS can't be used the way it was used here (see commit -2c9dce0196 ("meson: do not use CONFIG_VIRTFS")), the preconditions have -to be written differently. - -Let's fix this! - -Signed-off-by: Halil Pasic -Fixes: 2c44220d05 ("meson: convert hw/arch*") -Reported-by: Jakob Naucke -Cc: qemu-stable@nongnu.org -[BR: back out the part which depends on the have_virtfs change] -Signed-off-by: Bruce Rogers ---- - hw/s390x/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/s390x/meson.build b/hw/s390x/meson.build -index 2a7818d94b94d3832c0e944ecc42..e53b7a69930a27dd030994ab6a54 100644 ---- a/hw/s390x/meson.build -+++ b/hw/s390x/meson.build -@@ -40,7 +40,7 @@ virtio_ss.add(when: 'CONFIG_VIRTIO_NET', if_true: files('virtio-ccw-net.c')) - virtio_ss.add(when: 'CONFIG_VIRTIO_RNG', if_true: files('virtio-ccw-rng.c')) - virtio_ss.add(when: 'CONFIG_VIRTIO_SCSI', if_true: files('virtio-ccw-scsi.c')) - virtio_ss.add(when: 'CONFIG_VIRTIO_SERIAL', if_true: files('virtio-ccw-serial.c')) --virtio_ss.add(when: ['CONFIG_VIRTIO_9P', 'CONFIG_VIRTFS'], if_true: files('virtio-ccw-blk.c')) -+virtio_ss.add(when: ['CONFIG_VIRTIO_9P', 'CONFIG_VIRTFS'], if_true: files('virtio-ccw-9p.c')) - virtio_ss.add(when: 'CONFIG_VHOST_VSOCK', if_true: files('vhost-vsock-ccw.c')) - virtio_ss.add(when: 'CONFIG_VHOST_USER_FS', if_true: files('vhost-user-fs-ccw.c')) - s390x_ss.add_all(when: 'CONFIG_VIRTIO_CCW', if_true: virtio_ss) diff --git a/hw-sd-sd-Actually-perform-the-erase-oper.patch b/hw-sd-sd-Actually-perform-the-erase-oper.patch deleted file mode 100644 index 013def03..00000000 --- a/hw-sd-sd-Actually-perform-the-erase-oper.patch +++ /dev/null @@ -1,69 +0,0 @@ -From: Bin Meng -Date: Sat, 20 Feb 2021 16:58:13 +0800 -Subject: hw/sd: sd: Actually perform the erase operation -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 818a5cdcfcf0a55d60b59b2cb74482ef4ba6b205 -References: bsc#1175144, CVE-2020-17380, bsc#1176681, CVE-2020-25085 -References: bsc#1182282, CVE-2021-3409 - -At present the sd_erase() does not erase the requested range of card -data to 0xFFs. Let's make the erase operation actually happen. - -Signed-off-by: Bin Meng -Message-Id: <1613811493-58815-1-git-send-email-bmeng.cn@gmail.com> -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Bruce Rogers ---- - hw/sd/sd.c | 22 +++++++++++++--------- - 1 file changed, 13 insertions(+), 9 deletions(-) - -diff --git a/hw/sd/sd.c b/hw/sd/sd.c -index 6719cda1a0db8e6afa04c2b23915..26a5ae4d202656b4d04547cac8b8 100644 ---- a/hw/sd/sd.c -+++ b/hw/sd/sd.c -@@ -779,10 +779,12 @@ static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) - - static void sd_erase(SDState *sd) - { -- int i; - uint64_t erase_start = sd->erase_start; - uint64_t erase_end = sd->erase_end; - bool sdsc = true; -+ uint64_t wpnum; -+ uint64_t erase_addr; -+ int erase_len = 1 << HWBLOCK_SHIFT; - - trace_sdcard_erase(sd->erase_start, sd->erase_end); - if (sd->erase_start == INVALID_ADDRESS -@@ -811,17 +813,19 @@ static void sd_erase(SDState *sd) - sd->erase_end = INVALID_ADDRESS; - sd->csd[14] |= 0x40; - -- /* Only SDSC cards support write protect groups */ -- if (sdsc) { -- erase_start = sd_addr_to_wpnum(erase_start); -- erase_end = sd_addr_to_wpnum(erase_end); -- -- for (i = erase_start; i <= erase_end; i++) { -- assert(i < sd->wpgrps_size); -- if (test_bit(i, sd->wp_groups)) { -+ memset(sd->data, 0xff, erase_len); -+ for (erase_addr = erase_start; erase_addr <= erase_end; -+ erase_addr += erase_len) { -+ if (sdsc) { -+ /* Only SDSC cards support write protect groups */ -+ wpnum = sd_addr_to_wpnum(erase_addr); -+ assert(wpnum < sd->wpgrps_size); -+ if (test_bit(wpnum, sd->wp_groups)) { - sd->card_status |= WP_ERASE_SKIP; -+ continue; - } - } -+ BLK_WRITE_BLOCK(erase_addr, erase_len); - } - } - diff --git a/hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch b/hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch deleted file mode 100644 index 86599b2e..00000000 --- a/hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Bin Meng -Date: Sun, 28 Feb 2021 13:06:09 +0800 -Subject: hw/sd: sd: Fix build error when DEBUG_SD is on -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: a78d9f27b73de3c42f376540bd1d1d0570eb1fa3 -References: bsc#1175144, CVE-2020-17380, bsc#1176681, CVE-2020-25085 -References: bsc#1182282, CVE-2021-3409 - -"qemu-common.h" should be included to provide the forward declaration -of qemu_hexdump() when DEBUG_SD is on. - -Signed-off-by: Bin Meng -Reviewed-by: Philippe Mathieu-Daudé -Message-Id: <20210228050609.24779-1-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Bruce Rogers ---- - hw/sd/sd.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/hw/sd/sd.c b/hw/sd/sd.c -index a4ea365f4a74afd30dee5b16eebe..6719cda1a0db8e6afa04c2b23915 100644 ---- a/hw/sd/sd.c -+++ b/hw/sd/sd.c -@@ -46,6 +46,7 @@ - #include "qemu/timer.h" - #include "qemu/log.h" - #include "qemu/module.h" -+#include "qemu-common.h" - #include "sdmmc-internal.h" - #include "trace.h" - diff --git a/hw-sd-sd-Move-the-sd_block_-read-write-a.patch b/hw-sd-sd-Move-the-sd_block_-read-write-a.patch deleted file mode 100644 index 8bfa6c93..00000000 --- a/hw-sd-sd-Move-the-sd_block_-read-write-a.patch +++ /dev/null @@ -1,83 +0,0 @@ -From: Bin Meng -Date: Tue, 16 Feb 2021 23:02:21 +0800 -Subject: hw/sd: sd: Move the sd_block_{read, write} and macros ahead -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: ce6ea2efc5fb308ebf11339276f60215fe0ec44c -References: bsc#1175144, CVE-2020-17380, bsc#1176681, CVE-2020-25085 -References: bsc#1182282, CVE-2021-3409 - -These APIs and macros may be referenced by functions that are -currently before them. Move them ahead a little bit. - -Signed-off-by: Bin Meng -Reviewed-by: Philippe Mathieu-Daudé -Message-Id: <20210216150225.27996-5-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Bruce Rogers ---- - hw/sd/sd.c | 42 +++++++++++++++++++++--------------------- - 1 file changed, 21 insertions(+), 21 deletions(-) - -diff --git a/hw/sd/sd.c b/hw/sd/sd.c -index 5cdcd54cfcbf467342b2e485ac3e..ac48140251de7845a01ab4ad656c 100644 ---- a/hw/sd/sd.c -+++ b/hw/sd/sd.c -@@ -755,6 +755,27 @@ void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert) - qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0); - } - -+static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len) -+{ -+ trace_sdcard_read_block(addr, len); -+ if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) { -+ fprintf(stderr, "sd_blk_read: read error on host side\n"); -+ } -+} -+ -+static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) -+{ -+ trace_sdcard_write_block(addr, len); -+ if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) { -+ fprintf(stderr, "sd_blk_write: write error on host side\n"); -+ } -+} -+ -+#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len) -+#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len) -+#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len) -+#define APP_WRITE_BLOCK(a, len) -+ - static void sd_erase(SDState *sd) - { - int i; -@@ -1815,27 +1836,6 @@ send_response: - return rsplen; - } - --static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len) --{ -- trace_sdcard_read_block(addr, len); -- if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) { -- fprintf(stderr, "sd_blk_read: read error on host side\n"); -- } --} -- --static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) --{ -- trace_sdcard_write_block(addr, len); -- if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) { -- fprintf(stderr, "sd_blk_write: write error on host side\n"); -- } --} -- --#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len) --#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len) --#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len) --#define APP_WRITE_BLOCK(a, len) -- - void sd_write_byte(SDState *sd, uint8_t value) - { - int i; diff --git a/hw-sd-sd-Skip-write-protect-groups-check.patch b/hw-sd-sd-Skip-write-protect-groups-check.patch deleted file mode 100644 index 2900274f..00000000 --- a/hw-sd-sd-Skip-write-protect-groups-check.patch +++ /dev/null @@ -1,71 +0,0 @@ -From: Bin Meng -Date: Tue, 16 Feb 2021 23:02:22 +0800 -Subject: hw/sd: sd: Skip write protect groups check in sd_erase() for high - capacity cards -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 2473dc4022458dcc05ec367ce97edbef29d7e50c -References: bsc#1175144, CVE-2020-17380, bsc#1176681, CVE-2020-25085 -References: bsc#1182282, CVE-2021-3409 - -High capacity cards don't support write protection hence we should -not perform the write protect groups check in sd_erase() for them. - -Signed-off-by: Bin Meng -Reviewed-by: Philippe Mathieu-Daudé -Message-Id: <20210216150225.27996-6-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Bruce Rogers ---- - hw/sd/sd.c | 18 ++++++++++++------ - 1 file changed, 12 insertions(+), 6 deletions(-) - -diff --git a/hw/sd/sd.c b/hw/sd/sd.c -index ac48140251de7845a01ab4ad656c..a4ea365f4a74afd30dee5b16eebe 100644 ---- a/hw/sd/sd.c -+++ b/hw/sd/sd.c -@@ -781,6 +781,7 @@ static void sd_erase(SDState *sd) - int i; - uint64_t erase_start = sd->erase_start; - uint64_t erase_end = sd->erase_end; -+ bool sdsc = true; - - trace_sdcard_erase(sd->erase_start, sd->erase_end); - if (sd->erase_start == INVALID_ADDRESS -@@ -795,6 +796,7 @@ static void sd_erase(SDState *sd) - /* High capacity memory card: erase units are 512 byte blocks */ - erase_start *= 512; - erase_end *= 512; -+ sdsc = false; - } - - if (sd->erase_start > sd->size || sd->erase_end > sd->size) { -@@ -804,16 +806,20 @@ static void sd_erase(SDState *sd) - return; - } - -- erase_start = sd_addr_to_wpnum(erase_start); -- erase_end = sd_addr_to_wpnum(erase_end); - sd->erase_start = INVALID_ADDRESS; - sd->erase_end = INVALID_ADDRESS; - sd->csd[14] |= 0x40; - -- for (i = erase_start; i <= erase_end; i++) { -- assert(i < sd->wpgrps_size); -- if (test_bit(i, sd->wp_groups)) { -- sd->card_status |= WP_ERASE_SKIP; -+ /* Only SDSC cards support write protect groups */ -+ if (sdsc) { -+ erase_start = sd_addr_to_wpnum(erase_start); -+ erase_end = sd_addr_to_wpnum(erase_end); -+ -+ for (i = erase_start; i <= erase_end; i++) { -+ assert(i < sd->wpgrps_size); -+ if (test_bit(i, sd->wp_groups)) { -+ sd->card_status |= WP_ERASE_SKIP; -+ } - } - } - } diff --git a/hw-sd-sdhci-Correctly-set-the-controller.patch b/hw-sd-sdhci-Correctly-set-the-controller.patch deleted file mode 100644 index 2803b1cd..00000000 --- a/hw-sd-sdhci-Correctly-set-the-controller.patch +++ /dev/null @@ -1,70 +0,0 @@ -From: Bin Meng -Date: Wed, 3 Mar 2021 20:26:37 +0800 -Subject: hw/sd: sdhci: Correctly set the controller status for ADMA -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: bc6f28995ff88f5d82c38afcfd65406f0ae375aa -References: bsc#1175144, CVE-2020-17380, bsc#1176681, CVE-2020-25085 -References: bsc#1182282, CVE-2021-3409 - -When an ADMA transfer is started, the codes forget to set the -controller status to indicate a transfer is in progress. - -With this fix, the following 2 reproducers: - -https://paste.debian.net/plain/1185136 -https://paste.debian.net/plain/1185141 - -cannot be reproduced with the following QEMU command line: - -$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \ - -nodefaults -device sdhci-pci,sd-spec-version=3 \ - -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ - -device sd-card,drive=mydrive -qtest stdio - -Cc: qemu-stable@nongnu.org -Fixes: CVE-2020-17380 -Fixes: CVE-2020-25085 -Fixes: CVE-2021-3409 -Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller") -Reported-by: Alexander Bulekov -Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum) -Reported-by: Sergej Schumilo (Ruhr-Universität Bochum) -Reported-by: Simon Wörner (Ruhr-Universität Bochum) -Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 -Buglink: https://bugs.launchpad.net/qemu/+bug/1909418 -Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 -Tested-by: Alexander Bulekov -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Bin Meng -Message-Id: <20210303122639.20004-4-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Bruce Rogers ---- - hw/sd/sdhci.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c -index 006426b64da916a3be86afcf75cf..a1639bbd39ca264fa24f27978d54 100644 ---- a/hw/sd/sdhci.c -+++ b/hw/sd/sdhci.c -@@ -769,7 +769,9 @@ static void sdhci_do_adma(SDHCIState *s) - - switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) { - case SDHC_ADMA_ATTR_ACT_TRAN: /* data transfer */ -+ s->prnsts |= SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE; - if (s->trnmod & SDHC_TRNS_READ) { -+ s->prnsts |= SDHC_DOING_READ; - while (length) { - if (s->data_count == 0) { - sdbus_read_data(&s->sdbus, s->fifo_buffer, block_size); -@@ -797,6 +799,7 @@ static void sdhci_do_adma(SDHCIState *s) - } - } - } else { -+ s->prnsts |= SDHC_DOING_WRITE; - while (length) { - begin = s->data_count; - if ((length + begin) < block_size) { diff --git a/hw-sd-sdhci-Don-t-transfer-any-data-when.patch b/hw-sd-sdhci-Don-t-transfer-any-data-when.patch deleted file mode 100644 index e56e1c1a..00000000 --- a/hw-sd-sdhci-Don-t-transfer-any-data-when.patch +++ /dev/null @@ -1,87 +0,0 @@ -From: Bin Meng -Date: Wed, 3 Mar 2021 20:26:35 +0800 -Subject: hw/sd: sdhci: Don't transfer any data when command time out -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: b263d8f928001b5cfa2a993ea43b7a5b3a1811e8 -References: bsc#1175144, CVE-2020-17380, bsc#1176681, CVE-2020-25085 -References: bsc#1182282, CVE-2021-3409 - -At the end of sdhci_send_command(), it starts a data transfer if the -command register indicates data is associated. But the data transfer -should only be initiated when the command execution has succeeded. - -With this fix, the following reproducer: - -outl 0xcf8 0x80001810 -outl 0xcfc 0xe1068000 -outl 0xcf8 0x80001804 -outw 0xcfc 0x7 -write 0xe106802c 0x1 0x0f -write 0xe1068004 0xc 0x2801d10101fffffbff28a384 -write 0xe106800c 0x1f 0x9dacbbcad9e8f7061524334251606f7e8d9cabbac9d8e7f60514233241505f -write 0xe1068003 0x28 0x80d000251480d000252280d000253080d000253e80d000254c80d000255a80d000256880d0002576 -write 0xe1068003 0x1 0xfe - -cannot be reproduced with the following QEMU command line: - -$ qemu-system-x86_64 -nographic -M pc-q35-5.0 \ - -device sdhci-pci,sd-spec-version=3 \ - -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ - -device sd-card,drive=mydrive \ - -monitor none -serial none -qtest stdio - -Cc: qemu-stable@nongnu.org -Fixes: CVE-2020-17380 -Fixes: CVE-2020-25085 -Fixes: CVE-2021-3409 -Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller") -Reported-by: Alexander Bulekov -Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum) -Reported-by: Sergej Schumilo (Ruhr-Universität Bochum) -Reported-by: Simon Wörner (Ruhr-Universität Bochum) -Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 -Buglink: https://bugs.launchpad.net/qemu/+bug/1909418 -Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 -Acked-by: Alistair Francis -Tested-by: Alexander Bulekov -Tested-by: Philippe Mathieu-Daudé -Signed-off-by: Bin Meng -Message-Id: <20210303122639.20004-2-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Bruce Rogers ---- - hw/sd/sdhci.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c -index 2f8b74a84f75ae72153dbffab8c1..5a4a156341eb1e330022f1128ba1 100644 ---- a/hw/sd/sdhci.c -+++ b/hw/sd/sdhci.c -@@ -326,6 +326,7 @@ static void sdhci_send_command(SDHCIState *s) - SDRequest request; - uint8_t response[16]; - int rlen; -+ bool timeout = false; - - s->errintsts = 0; - s->acmd12errsts = 0; -@@ -349,6 +350,7 @@ static void sdhci_send_command(SDHCIState *s) - trace_sdhci_response16(s->rspreg[3], s->rspreg[2], - s->rspreg[1], s->rspreg[0]); - } else { -+ timeout = true; - trace_sdhci_error("timeout waiting for command response"); - if (s->errintstsen & SDHC_EISEN_CMDTIMEOUT) { - s->errintsts |= SDHC_EIS_CMDTIMEOUT; -@@ -369,7 +371,7 @@ static void sdhci_send_command(SDHCIState *s) - - sdhci_update_irq(s); - -- if (s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) { -+ if (!timeout && s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) { - s->data_count = 0; - sdhci_data_transfer(s); - } diff --git a/hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch b/hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch deleted file mode 100644 index 25450ef3..00000000 --- a/hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch +++ /dev/null @@ -1,105 +0,0 @@ -From: Bin Meng -Date: Wed, 3 Mar 2021 20:26:36 +0800 -Subject: hw/sd: sdhci: Don't write to SDHC_SYSAD register when transfer is in - progress -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 8be45cc947832b3c02144c9d52921f499f2d77fe -References: bsc#1175144, CVE-2020-17380, bsc#1176681, CVE-2020-25085 -References: bsc#1182282, CVE-2021-3409 - -Per "SD Host Controller Standard Specification Version 7.00" -chapter 2.2.1 SDMA System Address Register: - -This register can be accessed only if no transaction is executing -(i.e., after a transaction has stopped). - -With this fix, the following reproducer: - -outl 0xcf8 0x80001010 -outl 0xcfc 0xfbefff00 -outl 0xcf8 0x80001001 -outl 0xcfc 0x06000000 -write 0xfbefff2c 0x1 0x05 -write 0xfbefff0f 0x1 0x37 -write 0xfbefff0a 0x1 0x01 -write 0xfbefff0f 0x1 0x29 -write 0xfbefff0f 0x1 0x02 -write 0xfbefff0f 0x1 0x03 -write 0xfbefff04 0x1 0x01 -write 0xfbefff05 0x1 0x01 -write 0xfbefff07 0x1 0x02 -write 0xfbefff0c 0x1 0x33 -write 0xfbefff0e 0x1 0x20 -write 0xfbefff0f 0x1 0x00 -write 0xfbefff2a 0x1 0x01 -write 0xfbefff0c 0x1 0x00 -write 0xfbefff03 0x1 0x00 -write 0xfbefff05 0x1 0x00 -write 0xfbefff2a 0x1 0x02 -write 0xfbefff0c 0x1 0x32 -write 0xfbefff01 0x1 0x01 -write 0xfbefff02 0x1 0x01 -write 0xfbefff03 0x1 0x01 - -cannot be reproduced with the following QEMU command line: - -$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \ - -nodefaults -device sdhci-pci,sd-spec-version=3 \ - -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ - -device sd-card,drive=mydrive -qtest stdio - -Cc: qemu-stable@nongnu.org -Fixes: CVE-2020-17380 -Fixes: CVE-2020-25085 -Fixes: CVE-2021-3409 -Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller") -Reported-by: Alexander Bulekov -Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum) -Reported-by: Sergej Schumilo (Ruhr-Universität Bochum) -Reported-by: Simon Wörner (Ruhr-Universität Bochum) -Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 -Buglink: https://bugs.launchpad.net/qemu/+bug/1909418 -Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 -Tested-by: Alexander Bulekov -Signed-off-by: Bin Meng -Message-Id: <20210303122639.20004-3-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Bruce Rogers ---- - hw/sd/sdhci.c | 20 +++++++++++--------- - 1 file changed, 11 insertions(+), 9 deletions(-) - -diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c -index 5a4a156341eb1e330022f1128ba1..006426b64da916a3be86afcf75cf 100644 ---- a/hw/sd/sdhci.c -+++ b/hw/sd/sdhci.c -@@ -1122,15 +1122,17 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) - - switch (offset & ~0x3) { - case SDHC_SYSAD: -- s->sdmasysad = (s->sdmasysad & mask) | value; -- MASKED_WRITE(s->sdmasysad, mask, value); -- /* Writing to last byte of sdmasysad might trigger transfer */ -- if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) && s->blkcnt && -- s->blksize && SDHC_DMA_TYPE(s->hostctl1) == SDHC_CTRL_SDMA) { -- if (s->trnmod & SDHC_TRNS_MULTI) { -- sdhci_sdma_transfer_multi_blocks(s); -- } else { -- sdhci_sdma_transfer_single_block(s); -+ if (!TRANSFERRING_DATA(s->prnsts)) { -+ s->sdmasysad = (s->sdmasysad & mask) | value; -+ MASKED_WRITE(s->sdmasysad, mask, value); -+ /* Writing to last byte of sdmasysad might trigger transfer */ -+ if (!(mask & 0xFF000000) && s->blkcnt && s->blksize && -+ SDHC_DMA_TYPE(s->hostctl1) == SDHC_CTRL_SDMA) { -+ if (s->trnmod & SDHC_TRNS_MULTI) { -+ sdhci_sdma_transfer_multi_blocks(s); -+ } else { -+ sdhci_sdma_transfer_single_block(s); -+ } - } - } - break; diff --git a/hw-sd-sdhci-Limit-block-size-only-when-S.patch b/hw-sd-sdhci-Limit-block-size-only-when-S.patch deleted file mode 100644 index 704d672e..00000000 --- a/hw-sd-sdhci-Limit-block-size-only-when-S.patch +++ /dev/null @@ -1,52 +0,0 @@ -From: Bin Meng -Date: Wed, 3 Mar 2021 20:26:38 +0800 -Subject: hw/sd: sdhci: Limit block size only when SDHC_BLKSIZE register is - writable -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd -References: bsc#1175144, CVE-2020-17380, bsc#1176681, CVE-2020-25085 -References: bsc#1182282, CVE-2021-3409 - -The codes to limit the maximum block size is only necessary when -SDHC_BLKSIZE register is writable. - -Tested-by: Alexander Bulekov -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Bin Meng -Message-Id: <20210303122639.20004-5-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Bruce Rogers ---- - hw/sd/sdhci.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c -index a1639bbd39ca264fa24f27978d54..51c2a3ffde21314afe2a2c84fa1b 100644 ---- a/hw/sd/sdhci.c -+++ b/hw/sd/sdhci.c -@@ -1143,15 +1143,15 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) - if (!TRANSFERRING_DATA(s->prnsts)) { - MASKED_WRITE(s->blksize, mask, extract32(value, 0, 12)); - MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16); -- } - -- /* Limit block size to the maximum buffer size */ -- if (extract32(s->blksize, 0, 12) > s->buf_maxsz) { -- qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than " -- "the maximum buffer 0x%x\n", __func__, s->blksize, -- s->buf_maxsz); -+ /* Limit block size to the maximum buffer size */ -+ if (extract32(s->blksize, 0, 12) > s->buf_maxsz) { -+ qemu_log_mask(LOG_GUEST_ERROR, "%s: Size 0x%x is larger than " -+ "the maximum buffer 0x%x\n", __func__, s->blksize, -+ s->buf_maxsz); - -- s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); -+ s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); -+ } - } - - break; diff --git a/hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch b/hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch deleted file mode 100644 index cecfa4c8..00000000 --- a/hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch +++ /dev/null @@ -1,95 +0,0 @@ -From: Bin Meng -Date: Wed, 3 Mar 2021 20:26:39 +0800 -Subject: hw/sd: sdhci: Reset the data pointer of s->fifo_buffer[] when a - different block size is programmed -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9 -References: bsc#1175144, CVE-2020-17380, bsc#1176681, CVE-2020-25085 -References: bsc#1182282, CVE-2021-3409 - -If the block size is programmed to a different value from the -previous one, reset the data pointer of s->fifo_buffer[] so that -s->fifo_buffer[] can be filled in using the new block size in -the next transfer. - -With this fix, the following reproducer: - -outl 0xcf8 0x80001010 -outl 0xcfc 0xe0000000 -outl 0xcf8 0x80001001 -outl 0xcfc 0x06000000 -write 0xe000002c 0x1 0x05 -write 0xe0000005 0x1 0x02 -write 0xe0000007 0x1 0x01 -write 0xe0000028 0x1 0x10 -write 0x0 0x1 0x23 -write 0x2 0x1 0x08 -write 0xe000000c 0x1 0x01 -write 0xe000000e 0x1 0x20 -write 0xe000000f 0x1 0x00 -write 0xe000000c 0x1 0x32 -write 0xe0000004 0x2 0x0200 -write 0xe0000028 0x1 0x00 -write 0xe0000003 0x1 0x40 - -cannot be reproduced with the following QEMU command line: - -$ qemu-system-x86_64 -nographic -machine accel=qtest -m 512M \ - -nodefaults -device sdhci-pci,sd-spec-version=3 \ - -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ - -device sd-card,drive=mydrive -qtest stdio - -Cc: qemu-stable@nongnu.org -Fixes: CVE-2020-17380 -Fixes: CVE-2020-25085 -Fixes: CVE-2021-3409 -Fixes: d7dfca0807a0 ("hw/sdhci: introduce standard SD host controller") -Reported-by: Alexander Bulekov -Reported-by: Cornelius Aschermann (Ruhr-Universität Bochum) -Reported-by: Sergej Schumilo (Ruhr-Universität Bochum) -Reported-by: Simon Wörner (Ruhr-Universität Bochum) -Buglink: https://bugs.launchpad.net/qemu/+bug/1892960 -Buglink: https://bugs.launchpad.net/qemu/+bug/1909418 -Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 -Tested-by: Alexander Bulekov -Signed-off-by: Bin Meng -Message-Id: <20210303122639.20004-6-bmeng.cn@gmail.com> -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Bruce Rogers ---- - hw/sd/sdhci.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c -index 51c2a3ffde21314afe2a2c84fa1b..3c35942161097989e626f5cfd887 100644 ---- a/hw/sd/sdhci.c -+++ b/hw/sd/sdhci.c -@@ -1141,6 +1141,8 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) - break; - case SDHC_BLKSIZE: - if (!TRANSFERRING_DATA(s->prnsts)) { -+ uint16_t blksize = s->blksize; -+ - MASKED_WRITE(s->blksize, mask, extract32(value, 0, 12)); - MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16); - -@@ -1152,6 +1154,16 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) - - s->blksize = deposit32(s->blksize, 0, 12, s->buf_maxsz); - } -+ -+ /* -+ * If the block size is programmed to a different value from -+ * the previous one, reset the data pointer of s->fifo_buffer[] -+ * so that s->fifo_buffer[] can be filled in using the new block -+ * size in the next transfer. -+ */ -+ if (blksize != s->blksize) { -+ s->data_count = 0; -+ } - } - - break; diff --git a/hw-smbios-handle-both-file-formats-regar.patch b/hw-smbios-handle-both-file-formats-regar.patch index 0698c4aa..70495f5a 100644 --- a/hw-smbios-handle-both-file-formats-regar.patch +++ b/hw-smbios-handle-both-file-formats-regar.patch @@ -16,7 +16,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c -index 6a3d39793bc9dd13f6c6cc8c08e4..e3c9d92c1d60c0f791c5852f88e5 100644 +index f22c4f5b734e89a390cada7ea422..c65f1b9dcfad50ab69ba92881b5f 100644 --- a/hw/smbios/smbios.c +++ b/hw/smbios/smbios.c @@ -1040,6 +1040,7 @@ void smbios_entry_add(QemuOpts *opts, Error **errp) diff --git a/hw-timer-slavio_timer-Allow-64-bit-acces.patch b/hw-timer-slavio_timer-Allow-64-bit-acces.patch deleted file mode 100644 index 4cc36f3c..00000000 --- a/hw-timer-slavio_timer-Allow-64-bit-acces.patch +++ /dev/null @@ -1,88 +0,0 @@ -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Sat, 5 Dec 2020 16:09:03 +0100 -Subject: hw/timer/slavio_timer: Allow 64-bit accesses -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 62a9b228b5fefe0f9e364dfeaf3c65022c63cdb9 - -Per the "NCR89C105 Chip Specification" referenced in the header: - - Chip-level Address Map - - ------------------------------------------------------------------ - | 1D0 0000 -> | Counter/Timers | W,D | - | 1DF FFFF | | | - ... - - The address map indicated the allowed accesses at each address. - [...] W indicates a word access, and D indicates a double-word - access. - -The SLAVIO timer controller is implemented expecting 32-bit accesses. -Commit a3d12d073e1 restricted the memory accesses to 32-bit, while -the device allows 64-bit accesses. - -This was not an issue until commit 5d971f9e67 which reverted -("memory: accept mismatching sizes in memory_region_access_valid"). - -Fix by renaming .valid MemoryRegionOps as .impl, and add the valid -access range (W -> 4, D -> 8). - -Since commit 21786c7e598 ("memory: Log invalid memory accesses") -this class of bug can be quickly debugged displaying 'guest_errors' -accesses, as: - - $ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -serial stdio -d guest_errors - - Power-ON Reset - Invalid access at addr 0x0, size 8, region 'timer-1', reason: invalid size (min:4 max:4) - - $ qemu-system-sparc -M SS-20 -m 256 -bios ss20_v2.25_rom -monitor stdio -S - (qemu) info mtree - address-space: memory - 0000000000000000-ffffffffffffffff (prio 0, i/o): system - ... - 0000000ff1300000-0000000ff130000f (prio 0, i/o): timer-1 - ^^^^^^^^^ ^^^^^^^ - \ memory region base address and name / - - (qemu) info qtree - bus: main-system-bus - dev: slavio_timer, id "" <-- device type name - gpio-out "sysbus-irq" 17 - num_cpus = 1 (0x1) - mmio 0000000ff1310000/0000000000000014 - mmio 0000000ff1300000/0000000000000010 <--- base address - mmio 0000000ff1301000/0000000000000010 - mmio 0000000ff1302000/0000000000000010 - ... - -Reported-by: Yap KV -Buglink: https://bugs.launchpad.net/bugs/1906905 -Fixes: a3d12d073e1 ("slavio_timer: convert to memory API") -CC: qemu-stable@nongnu.org -Signed-off-by: Philippe Mathieu-Daudé -Message-Id: <20201205150903.3062711-1-f4bug@amsat.org> -Signed-off-by: Mark Cave-Ayland -Signed-off-by: Bruce Rogers ---- - hw/timer/slavio_timer.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/hw/timer/slavio_timer.c b/hw/timer/slavio_timer.c -index 5b2d20cb6a5a65a762e8021243cb..03e33fc592665360a72e87e1ac64 100644 ---- a/hw/timer/slavio_timer.c -+++ b/hw/timer/slavio_timer.c -@@ -331,6 +331,10 @@ static const MemoryRegionOps slavio_timer_mem_ops = { - .write = slavio_timer_mem_writel, - .endianness = DEVICE_NATIVE_ENDIAN, - .valid = { -+ .min_access_size = 4, -+ .max_access_size = 8, -+ }, -+ .impl = { - .min_access_size = 4, - .max_access_size = 4, - }, diff --git a/hw-virtio-pci-Added-AER-capability.patch b/hw-virtio-pci-Added-AER-capability.patch deleted file mode 100644 index 8e4ca78c..00000000 --- a/hw-virtio-pci-Added-AER-capability.patch +++ /dev/null @@ -1,84 +0,0 @@ -From: Andrew Melnychenko -Date: Thu, 3 Dec 2020 13:07:13 +0200 -Subject: hw/virtio-pci Added AER capability. - -Git-commit: fdfa3b1d6f9edd97c807df496a0d8e9ea49240da - -Added AER capability for virtio-pci devices. -Also added property for devices, by default AER is disabled. - -Signed-off-by: Andrew Melnychenko -Message-Id: <20201203110713.204938-3-andrew@daynix.com> -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Bruce Rogers -[BR: needed for stable commit d83f46d189a26fa32434139954d264326f199a45] ---- - hw/virtio/virtio-pci.c | 16 ++++++++++++++++ - hw/virtio/virtio-pci.h | 4 ++++ - 2 files changed, 20 insertions(+) - -diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c -index ceaa233129c529b604f461e45336..f863f69ede4f4bf1c09fc39a5035 100644 ---- a/hw/virtio/virtio-pci.c -+++ b/hw/virtio/virtio-pci.c -@@ -1817,6 +1817,12 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp) - */ - pci_set_word(pci_dev->config + pos + PCI_PM_PMC, 0x3); - -+ if (proxy->flags & VIRTIO_PCI_FLAG_AER) { -+ pcie_aer_init(pci_dev, PCI_ERR_VER, last_pcie_cap_offset, -+ PCI_ERR_SIZEOF, NULL); -+ last_pcie_cap_offset += PCI_ERR_SIZEOF; -+ } -+ - if (proxy->flags & VIRTIO_PCI_FLAG_INIT_DEVERR) { - /* Init error enabling flags */ - pcie_cap_deverr_init(pci_dev); -@@ -1858,7 +1864,15 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp) - - static void virtio_pci_exit(PCIDevice *pci_dev) - { -+ VirtIOPCIProxy *proxy = VIRTIO_PCI(pci_dev); -+ bool pcie_port = pci_bus_is_express(pci_get_bus(pci_dev)) && -+ !pci_bus_is_root(pci_get_bus(pci_dev)); -+ - msix_uninit_exclusive_bar(pci_dev); -+ if (proxy->flags & VIRTIO_PCI_FLAG_AER && pcie_port && -+ pci_is_express(pci_dev)) { -+ pcie_aer_exit(pci_dev); -+ } - } - - static void virtio_pci_reset(DeviceState *qdev) -@@ -1911,6 +1925,8 @@ static Property virtio_pci_properties[] = { - VIRTIO_PCI_FLAG_INIT_PM_BIT, true), - DEFINE_PROP_BIT("x-pcie-flr-init", VirtIOPCIProxy, flags, - VIRTIO_PCI_FLAG_INIT_FLR_BIT, true), -+ DEFINE_PROP_BIT("aer", VirtIOPCIProxy, flags, -+ VIRTIO_PCI_FLAG_AER_BIT, false), - DEFINE_PROP_END_OF_LIST(), - }; - -diff --git a/hw/virtio/virtio-pci.h b/hw/virtio/virtio-pci.h -index 06e2af12de64c32f8c26c7f9e858..d7d5d403a9483f5f7e0f0f9b4110 100644 ---- a/hw/virtio/virtio-pci.h -+++ b/hw/virtio/virtio-pci.h -@@ -41,6 +41,7 @@ enum { - VIRTIO_PCI_FLAG_INIT_LNKCTL_BIT, - VIRTIO_PCI_FLAG_INIT_PM_BIT, - VIRTIO_PCI_FLAG_INIT_FLR_BIT, -+ VIRTIO_PCI_FLAG_AER_BIT, - }; - - /* Need to activate work-arounds for buggy guests at vmstate load. */ -@@ -80,6 +81,9 @@ enum { - /* Init Function Level Reset capability */ - #define VIRTIO_PCI_FLAG_INIT_FLR (1 << VIRTIO_PCI_FLAG_INIT_FLR_BIT) - -+/* Advanced Error Reporting capability */ -+#define VIRTIO_PCI_FLAG_AER (1 << VIRTIO_PCI_FLAG_AER_BIT) -+ - typedef struct { - MSIMessage msg; - int virq; diff --git a/hw-virtio-pci-Added-counter-for-pcie-cap.patch b/hw-virtio-pci-Added-counter-for-pcie-cap.patch deleted file mode 100644 index 56aee18e..00000000 --- a/hw-virtio-pci-Added-counter-for-pcie-cap.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Andrew Melnychenko -Date: Thu, 3 Dec 2020 13:07:12 +0200 -Subject: hw/virtio-pci Added counter for pcie capabilities offsets. - -Git-commit: 06e97442420b03a1e0ff05e8eb554fac684ca736 - -Removed hardcoded offset for ats. Added cap offset counter -for future capabilities like AER. - -Signed-off-by: Andrew Melnychenko -Message-Id: <20201203110713.204938-2-andrew@daynix.com> -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Bruce Rogers -[BR: needed for stable commit d83f46d189a26fa32434139954d264326f199a45] ---- - hw/virtio/virtio-pci.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c -index 36524a5728e40da961b4db862558..ceaa233129c529b604f461e45336 100644 ---- a/hw/virtio/virtio-pci.c -+++ b/hw/virtio/virtio-pci.c -@@ -1798,6 +1798,7 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp) - - if (pcie_port && pci_is_express(pci_dev)) { - int pos; -+ uint16_t last_pcie_cap_offset = PCI_CONFIG_SPACE_SIZE; - - pos = pcie_endpoint_cap_init(pci_dev, 0); - assert(pos > 0); -@@ -1833,7 +1834,8 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp) - } - - if (proxy->flags & VIRTIO_PCI_FLAG_ATS) { -- pcie_ats_init(pci_dev, 256); -+ pcie_ats_init(pci_dev, last_pcie_cap_offset); -+ last_pcie_cap_offset += PCI_EXT_CAP_ATS_SIZEOF; - } - - if (proxy->flags & VIRTIO_PCI_FLAG_INIT_FLR) { diff --git a/i386-acpi-restore-device-paths-for-pre-5.patch b/i386-acpi-restore-device-paths-for-pre-5.patch deleted file mode 100644 index 2c4e168f..00000000 --- a/i386-acpi-restore-device-paths-for-pre-5.patch +++ /dev/null @@ -1,110 +0,0 @@ -From: Vitaly Cheptsov -Date: Mon, 1 Mar 2021 22:59:18 +0300 -Subject: i386/acpi: restore device paths for pre-5.1 vms - -Git-commit: 0a343a5add75f9f90c65e932863d57ddbcb28f5c - -After fixing the _UID value for the primary PCI root bridge in -af1b80ae it was discovered that this change updates Windows -configuration in an incompatible way causing network configuration -failure unless DHCP is used. More details provided on the list: - -https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg08484.html - -This change reverts the _UID update from 1 to 0 for q35 and i440fx -VMs before version 5.2 to maintain the original behaviour when -upgrading. - -Cc: qemu-stable@nongnu.org -Cc: qemu-devel@nongnu.org -Reported-by: Thomas Lamprecht -Suggested-by: Michael S. Tsirkin -Signed-off-by: Vitaly Cheptsov -Message-Id: <20210301195919.9333-1-cheptsov@ispras.ru> -Tested-by: Thomas Lamprecht -Reviewed-by: Igor Mammedov -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Fixes: af1b80ae56c9 ("i386/acpi: fix inconsistent QEMU/OVMF device paths") -Signed-off-by: Bruce Rogers ---- - hw/i386/acpi-build.c | 4 ++-- - hw/i386/pc_piix.c | 2 ++ - hw/i386/pc_q35.c | 2 ++ - include/hw/i386/pc.h | 1 + - 4 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c -index 1f5c2112452a74bc19cb3a129fa9..b5616582a5d8395ab38080567356 100644 ---- a/hw/i386/acpi-build.c -+++ b/hw/i386/acpi-build.c -@@ -1513,7 +1513,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, - dev = aml_device("PCI0"); - aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A03"))); - aml_append(dev, aml_name_decl("_ADR", aml_int(0))); -- aml_append(dev, aml_name_decl("_UID", aml_int(0))); -+ aml_append(dev, aml_name_decl("_UID", aml_int(pcmc->pci_root_uid))); - aml_append(sb_scope, dev); - aml_append(dsdt, sb_scope); - -@@ -1530,7 +1530,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, - aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A08"))); - aml_append(dev, aml_name_decl("_CID", aml_eisaid("PNP0A03"))); - aml_append(dev, aml_name_decl("_ADR", aml_int(0))); -- aml_append(dev, aml_name_decl("_UID", aml_int(0))); -+ aml_append(dev, aml_name_decl("_UID", aml_int(pcmc->pci_root_uid))); - aml_append(dev, build_q35_osc_method()); - aml_append(sb_scope, dev); - -diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c -index 13d1628f13bfc537cbefaec47e27..2524c962161115d026cc810b8dc8 100644 ---- a/hw/i386/pc_piix.c -+++ b/hw/i386/pc_piix.c -@@ -417,6 +417,7 @@ static void pc_i440fx_machine_options(MachineClass *m) - { - PCMachineClass *pcmc = PC_MACHINE_CLASS(m); - pcmc->default_nic_model = "e1000"; -+ pcmc->pci_root_uid = 0; - - m->family = "pc_piix"; - m->desc = "Standard PC (i440FX + PIIX, 1996)"; -@@ -448,6 +449,7 @@ static void pc_i440fx_5_1_machine_options(MachineClass *m) - compat_props_add(m->compat_props, hw_compat_5_1, hw_compat_5_1_len); - compat_props_add(m->compat_props, pc_compat_5_1, pc_compat_5_1_len); - pcmc->kvmclock_create_always = false; -+ pcmc->pci_root_uid = 1; - } - - DEFINE_I440FX_MACHINE(v5_1, "pc-i440fx-5.1", NULL, -diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c -index a3f4959c43575ad9809a0ac8b7a5..c58dad5ae37f7190f308c512c339 100644 ---- a/hw/i386/pc_q35.c -+++ b/hw/i386/pc_q35.c -@@ -329,6 +329,7 @@ static void pc_q35_machine_options(MachineClass *m) - { - PCMachineClass *pcmc = PC_MACHINE_CLASS(m); - pcmc->default_nic_model = "e1000e"; -+ pcmc->pci_root_uid = 0; - - m->family = "pc_q35"; - m->desc = "Standard PC (Q35 + ICH9, 2009)"; -@@ -364,6 +365,7 @@ static void pc_q35_5_1_machine_options(MachineClass *m) - compat_props_add(m->compat_props, hw_compat_5_1, hw_compat_5_1_len); - compat_props_add(m->compat_props, pc_compat_5_1, pc_compat_5_1_len); - pcmc->kvmclock_create_always = false; -+ pcmc->pci_root_uid = 1; - } - - DEFINE_Q35_MACHINE(v5_1, "pc-q35-5.1", NULL, -diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h -index 911e4600970c36de9371a46601c6..7f8e1a791f88ead6cd5cb2a91e8b 100644 ---- a/include/hw/i386/pc.h -+++ b/include/hw/i386/pc.h -@@ -99,6 +99,7 @@ struct PCMachineClass { - int legacy_acpi_table_size; - unsigned acpi_data_size; - bool do_not_add_smb_acpi; -+ int pci_root_uid; - - /* SMBIOS compat: */ - bool smbios_defaults; diff --git a/increase-x86_64-physical-bits-to-42.patch b/increase-x86_64-physical-bits-to-42.patch index 45e0c2fd..41bc06d9 100644 --- a/increase-x86_64-physical-bits-to-42.patch +++ b/increase-x86_64-physical-bits-to-42.patch @@ -14,19 +14,19 @@ memory hole. Signed-off-by: Bruce Rogers Signed-off-by: Andreas Färber --- - target/i386/cpu.h | 2 +- + target/i386/tcg/helper-tcg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/target/i386/cpu.h b/target/i386/cpu.h -index 88e8586f8fb46293810cb34a06a0..a72134a1874f2d7b3ab7c8f4fd59 100644 ---- a/target/i386/cpu.h -+++ b/target/i386/cpu.h -@@ -1961,7 +1961,7 @@ uint64_t cpu_get_tsc(CPUX86State *env); - /* XXX: This value should match the one returned by CPUID - * and in exec.c */ - # if defined(TARGET_X86_64) +diff --git a/target/i386/tcg/helper-tcg.h b/target/i386/tcg/helper-tcg.h +index bcdfca06f699863a6dd2e872231c..ade34e5681775657b0b5220b43d7 100644 +--- a/target/i386/tcg/helper-tcg.h ++++ b/target/i386/tcg/helper-tcg.h +@@ -26,7 +26,7 @@ + #define TARGET_MAX_INSN_SIZE 16 + + #if defined(TARGET_X86_64) -# define TCG_PHYS_ADDR_BITS 40 +# define TCG_PHYS_ADDR_BITS 42 - # else + #else # define TCG_PHYS_ADDR_BITS 36 - # endif + #endif diff --git a/iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch b/iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch deleted file mode 100644 index 6ef7f7cc..00000000 --- a/iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch +++ /dev/null @@ -1,1652 +0,0 @@ -From: Max Reitz -Date: Thu, 17 Dec 2020 16:38:03 +0100 -Subject: iotests: Fix _send_qemu_cmd with bash 5.1 - -Git-commit: 0e72078128229bf9efb542e396ab44bf91b91340 -References: boo#1181054 - -With bash 5.1, the output of the following script changes: - - a=("double space") - a=${a[@]:0:1} - echo "$a" - -from "double space" to "double space", i.e. all white space is -preserved as-is. This is probably what we actually want here (judging -from the "...to accommodate pathnames with spaces" comment), but before -5.1, we would have to quote the ${} slice to get the same behavior. - -In any case, without quoting, the reference output of many iotests is -different between bash 5.1 and pre-5.1, which is not very good. The -output of 5.1 is what we want, so whatever we do to get pre-5.1 to the -same result, it means we have to fix the reference output of basically -all tests that invoke _send_qemu_cmd (except the ones that only use -single spaces in the commands they invoke). - -Instead of quoting the ${} slice (cmd="${$@: 1:...}"), we can also just -not use array slicing and replace the whole thing with a simple "cmd=$1; -shift", which works because all callers quote the whole $cmd argument -anyway. - -Signed-off-by: Max Reitz -Message-Id: <20201217153803.101231-3-mreitz@redhat.com> -Reviewed-by: Kevin Wolf -Signed-off-by: Bruce Rogers ---- - tests/qemu-iotests/085.out | 167 ++++++++++++++++++++++++++++----- - tests/qemu-iotests/094.out | 10 +- - tests/qemu-iotests/095.out | 4 +- - tests/qemu-iotests/109.out | 88 ++++++++++++----- - tests/qemu-iotests/117.out | 13 ++- - tests/qemu-iotests/127.out | 12 ++- - tests/qemu-iotests/140.out | 10 +- - tests/qemu-iotests/141.out | 128 +++++++++++++++++++------ - tests/qemu-iotests/143.out | 4 +- - tests/qemu-iotests/144.out | 28 +++++- - tests/qemu-iotests/153.out | 18 ++-- - tests/qemu-iotests/156.out | 39 ++++++-- - tests/qemu-iotests/161.out | 18 +++- - tests/qemu-iotests/173.out | 25 ++++- - tests/qemu-iotests/182.out | 42 +++++++-- - tests/qemu-iotests/183.out | 19 +++- - tests/qemu-iotests/185.out | 45 +++++++-- - tests/qemu-iotests/191.out | 12 ++- - tests/qemu-iotests/223.out | 92 ++++++++++++------ - tests/qemu-iotests/229.out | 13 ++- - tests/qemu-iotests/249.out | 16 +++- - tests/qemu-iotests/common.qemu | 11 +-- - 22 files changed, 632 insertions(+), 182 deletions(-) - -diff --git a/tests/qemu-iotests/085.out b/tests/qemu-iotests/085.out -index 7fc44b1c610c29222837daeefef0..32a193f2c29452d9b4530bad2181 100644 ---- a/tests/qemu-iotests/085.out -+++ b/tests/qemu-iotests/085.out -@@ -12,56 +12,135 @@ Formatting 'TEST_DIR/t.IMGFMT.2', fmt=IMGFMT size=134217728 - - === Create a single snapshot on virtio0 === - --{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'virtio0', 'snapshot-file':'TEST_DIR/1-snapshot-v0.IMGFMT', 'format': 'IMGFMT' } } -+{ 'execute': 'blockdev-snapshot-sync', -+ 'arguments': { 'device': 'virtio0', -+ 'snapshot-file':'TEST_DIR/1-snapshot-v0.IMGFMT', -+ 'format': 'IMGFMT' } } - Formatting 'TEST_DIR/1-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/t.qcow2.1 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} - - === Invalid command - missing device and nodename === - --{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'snapshot-file':'TEST_DIR/1-snapshot-v0.IMGFMT', 'format': 'IMGFMT' } } -+{ 'execute': 'blockdev-snapshot-sync', -+ 'arguments': { 'snapshot-file':'TEST_DIR/1-snapshot-v0.IMGFMT', -+ 'format': 'IMGFMT' } } - {"error": {"class": "GenericError", "desc": "Cannot find device= nor node_name="}} - - === Invalid command - missing snapshot-file === - --{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'virtio0', 'format': 'IMGFMT' } } -+{ 'execute': 'blockdev-snapshot-sync', -+ 'arguments': { 'device': 'virtio0', -+ 'format': 'IMGFMT' } } - {"error": {"class": "GenericError", "desc": "Parameter 'snapshot-file' is missing"}} - - - === Create several transactional group snapshots === - --{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/2-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/2-snapshot-v1.IMGFMT' } } ] } } -+{ 'execute': 'transaction', 'arguments': -+ {'actions': [ -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio0', -+ 'snapshot-file': 'TEST_DIR/2-snapshot-v0.IMGFMT' } }, -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio1', -+ 'snapshot-file': 'TEST_DIR/2-snapshot-v1.IMGFMT' } } ] -+ } } - Formatting 'TEST_DIR/2-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/1-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - Formatting 'TEST_DIR/2-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/t.qcow2.2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} --{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/3-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/3-snapshot-v1.IMGFMT' } } ] } } -+{ 'execute': 'transaction', 'arguments': -+ {'actions': [ -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio0', -+ 'snapshot-file': 'TEST_DIR/3-snapshot-v0.IMGFMT' } }, -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio1', -+ 'snapshot-file': 'TEST_DIR/3-snapshot-v1.IMGFMT' } } ] -+ } } - Formatting 'TEST_DIR/3-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/2-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - Formatting 'TEST_DIR/3-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/2-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} --{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/4-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/4-snapshot-v1.IMGFMT' } } ] } } -+{ 'execute': 'transaction', 'arguments': -+ {'actions': [ -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio0', -+ 'snapshot-file': 'TEST_DIR/4-snapshot-v0.IMGFMT' } }, -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio1', -+ 'snapshot-file': 'TEST_DIR/4-snapshot-v1.IMGFMT' } } ] -+ } } - Formatting 'TEST_DIR/4-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/3-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - Formatting 'TEST_DIR/4-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/3-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} --{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/5-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/5-snapshot-v1.IMGFMT' } } ] } } -+{ 'execute': 'transaction', 'arguments': -+ {'actions': [ -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio0', -+ 'snapshot-file': 'TEST_DIR/5-snapshot-v0.IMGFMT' } }, -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio1', -+ 'snapshot-file': 'TEST_DIR/5-snapshot-v1.IMGFMT' } } ] -+ } } - Formatting 'TEST_DIR/5-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/4-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - Formatting 'TEST_DIR/5-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/4-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} --{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/6-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/6-snapshot-v1.IMGFMT' } } ] } } -+{ 'execute': 'transaction', 'arguments': -+ {'actions': [ -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio0', -+ 'snapshot-file': 'TEST_DIR/6-snapshot-v0.IMGFMT' } }, -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio1', -+ 'snapshot-file': 'TEST_DIR/6-snapshot-v1.IMGFMT' } } ] -+ } } - Formatting 'TEST_DIR/6-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/5-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - Formatting 'TEST_DIR/6-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/5-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} --{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/7-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/7-snapshot-v1.IMGFMT' } } ] } } -+{ 'execute': 'transaction', 'arguments': -+ {'actions': [ -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio0', -+ 'snapshot-file': 'TEST_DIR/7-snapshot-v0.IMGFMT' } }, -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio1', -+ 'snapshot-file': 'TEST_DIR/7-snapshot-v1.IMGFMT' } } ] -+ } } - Formatting 'TEST_DIR/7-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/6-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - Formatting 'TEST_DIR/7-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/6-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} --{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/8-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/8-snapshot-v1.IMGFMT' } } ] } } -+{ 'execute': 'transaction', 'arguments': -+ {'actions': [ -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio0', -+ 'snapshot-file': 'TEST_DIR/8-snapshot-v0.IMGFMT' } }, -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio1', -+ 'snapshot-file': 'TEST_DIR/8-snapshot-v1.IMGFMT' } } ] -+ } } - Formatting 'TEST_DIR/8-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/7-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - Formatting 'TEST_DIR/8-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/7-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} --{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/9-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/9-snapshot-v1.IMGFMT' } } ] } } -+{ 'execute': 'transaction', 'arguments': -+ {'actions': [ -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio0', -+ 'snapshot-file': 'TEST_DIR/9-snapshot-v0.IMGFMT' } }, -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio1', -+ 'snapshot-file': 'TEST_DIR/9-snapshot-v1.IMGFMT' } } ] -+ } } - Formatting 'TEST_DIR/9-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/8-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - Formatting 'TEST_DIR/9-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/8-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} --{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 'TEST_DIR/10-snapshot-v0.IMGFMT' } }, { 'type': 'blockdev-snapshot-sync', 'data' : { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/10-snapshot-v1.IMGFMT' } } ] } } -+{ 'execute': 'transaction', 'arguments': -+ {'actions': [ -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio0', -+ 'snapshot-file': 'TEST_DIR/10-snapshot-v0.IMGFMT' } }, -+ { 'type': 'blockdev-snapshot-sync', 'data' : -+ { 'device': 'virtio1', -+ 'snapshot-file': 'TEST_DIR/10-snapshot-v1.IMGFMT' } } ] -+ } } - Formatting 'TEST_DIR/10-snapshot-v0.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/9-snapshot-v0.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - Formatting 'TEST_DIR/10-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=134217728 backing_file=TEST_DIR/9-snapshot-v1.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} -@@ -69,48 +148,84 @@ Formatting 'TEST_DIR/10-snapshot-v1.qcow2', fmt=qcow2 cluster_size=65536 extende - === Create a couple of snapshots using blockdev-snapshot === - - Formatting 'TEST_DIR/11-snapshot-v0.IMGFMT', fmt=IMGFMT size=134217728 backing_file=TEST_DIR/10-snapshot-v0.IMGFMT backing_fmt=IMGFMT --{ 'execute': 'blockdev-add', 'arguments': { 'driver': 'IMGFMT', 'node-name': 'snap_11', 'backing': null, 'file': { 'driver': 'file', 'filename': 'TEST_DIR/11-snapshot-v0.IMGFMT', 'node-name': 'file_11' } } } -+{ 'execute': 'blockdev-add', 'arguments': -+ { 'driver': 'IMGFMT', 'node-name': 'snap_11', 'backing': null, -+ 'file': -+ { 'driver': 'file', 'filename': 'TEST_DIR/11-snapshot-v0.IMGFMT', -+ 'node-name': 'file_11' } } } - {"return": {}} --{ 'execute': 'blockdev-snapshot', 'arguments': { 'node': 'virtio0', 'overlay':'snap_11' } } -+{ 'execute': 'blockdev-snapshot', -+ 'arguments': { 'node': 'virtio0', -+ 'overlay':'snap_11' } } - {"return": {}} - Formatting 'TEST_DIR/12-snapshot-v0.IMGFMT', fmt=IMGFMT size=134217728 backing_file=TEST_DIR/11-snapshot-v0.IMGFMT backing_fmt=IMGFMT --{ 'execute': 'blockdev-add', 'arguments': { 'driver': 'IMGFMT', 'node-name': 'snap_12', 'backing': null, 'file': { 'driver': 'file', 'filename': 'TEST_DIR/12-snapshot-v0.IMGFMT', 'node-name': 'file_12' } } } -+{ 'execute': 'blockdev-add', 'arguments': -+ { 'driver': 'IMGFMT', 'node-name': 'snap_12', 'backing': null, -+ 'file': -+ { 'driver': 'file', 'filename': 'TEST_DIR/12-snapshot-v0.IMGFMT', -+ 'node-name': 'file_12' } } } - {"return": {}} --{ 'execute': 'blockdev-snapshot', 'arguments': { 'node': 'virtio0', 'overlay':'snap_12' } } -+{ 'execute': 'blockdev-snapshot', -+ 'arguments': { 'node': 'virtio0', -+ 'overlay':'snap_12' } } - {"return": {}} - - === Invalid command - cannot create a snapshot using a file BDS === - --{ 'execute': 'blockdev-snapshot', 'arguments': { 'node':'virtio0', 'overlay':'file_12' } } -+{ 'execute': 'blockdev-snapshot', -+ 'arguments': { 'node':'virtio0', -+ 'overlay':'file_12' } -+ } - {"error": {"class": "GenericError", "desc": "The overlay is already in use"}} - - === Invalid command - snapshot node used as active layer === - --{ 'execute': 'blockdev-snapshot', 'arguments': { 'node': 'virtio0', 'overlay':'snap_12' } } -+{ 'execute': 'blockdev-snapshot', -+ 'arguments': { 'node': 'virtio0', -+ 'overlay':'snap_12' } } - {"error": {"class": "GenericError", "desc": "The overlay is already in use"}} --{ 'execute': 'blockdev-snapshot', 'arguments': { 'node':'virtio0', 'overlay':'virtio0' } } -+{ 'execute': 'blockdev-snapshot', -+ 'arguments': { 'node':'virtio0', -+ 'overlay':'virtio0' } -+ } - {"error": {"class": "GenericError", "desc": "The overlay is already in use"}} --{ 'execute': 'blockdev-snapshot', 'arguments': { 'node':'virtio0', 'overlay':'virtio1' } } -+{ 'execute': 'blockdev-snapshot', -+ 'arguments': { 'node':'virtio0', -+ 'overlay':'virtio1' } -+ } - {"error": {"class": "GenericError", "desc": "The overlay is already in use"}} - - === Invalid command - snapshot node used as backing hd === - --{ 'execute': 'blockdev-snapshot', 'arguments': { 'node': 'virtio0', 'overlay':'snap_11' } } -+{ 'execute': 'blockdev-snapshot', -+ 'arguments': { 'node': 'virtio0', -+ 'overlay':'snap_11' } } - {"error": {"class": "GenericError", "desc": "The overlay is already in use"}} - - === Invalid command - snapshot node has a backing image === - - Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=134217728 - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 backing_file=TEST_DIR/t.IMGFMT.base backing_fmt=IMGFMT --{ 'execute': 'blockdev-add', 'arguments': { 'driver': 'IMGFMT', 'node-name': 'snap_13', 'file': { 'driver': 'file', 'filename': 'TEST_DIR/t.IMGFMT', 'node-name': 'file_13' } } } --{"return": {}} --{ 'execute': 'blockdev-snapshot', 'arguments': { 'node': 'virtio0', 'overlay':'snap_13' } } -+{ 'execute': 'blockdev-add', 'arguments': -+ { 'driver': 'IMGFMT', 'node-name': 'snap_13', -+ 'file': -+ { 'driver': 'file', 'filename': 'TEST_DIR/t.IMGFMT', -+ 'node-name': 'file_13' } } } -+{"return": {}} -+{ 'execute': 'blockdev-snapshot', -+ 'arguments': { 'node': 'virtio0', -+ 'overlay':'snap_13' } } - {"error": {"class": "GenericError", "desc": "The overlay already has a backing image"}} - - === Invalid command - The node does not exist === - --{ 'execute': 'blockdev-snapshot', 'arguments': { 'node': 'virtio0', 'overlay':'snap_14' } } -+{ 'execute': 'blockdev-snapshot', -+ 'arguments': { 'node': 'virtio0', -+ 'overlay':'snap_14' } } - {"error": {"class": "GenericError", "desc": "Cannot find device=snap_14 nor node_name=snap_14"}} --{ 'execute': 'blockdev-snapshot', 'arguments': { 'node':'nodevice', 'overlay':'snap_13' } } -+{ 'execute': 'blockdev-snapshot', -+ 'arguments': { 'node':'nodevice', -+ 'overlay':'snap_13' } -+ } - {"error": {"class": "GenericError", "desc": "Cannot find device=nodevice nor node_name=nodevice"}} - *** done -diff --git a/tests/qemu-iotests/094.out b/tests/qemu-iotests/094.out -index 9b6c57b3e28015da0569d2cb79c0..97f894cf8f013fe95601f07b8573 100644 ---- a/tests/qemu-iotests/094.out -+++ b/tests/qemu-iotests/094.out -@@ -3,13 +3,19 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 - Formatting 'TEST_DIR/source.IMGFMT', fmt=IMGFMT size=67108864 - {'execute': 'qmp_capabilities'} - {"return": {}} --{'execute': 'drive-mirror', 'arguments': {'device': 'src', 'target': 'nbd+unix:///?socket=SOCK_DIR/nbd', 'format': 'nbd', 'sync':'full', 'mode':'existing'}} -+{'execute': 'drive-mirror', -+ 'arguments': {'device': 'src', -+ 'target': 'nbd+unix:///?socket=SOCK_DIR/nbd', -+ 'format': 'nbd', -+ 'sync':'full', -+ 'mode':'existing'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "src"}} - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "ready", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_READY", "data": {"device": "src", "len": 67108864, "offset": 67108864, "speed": 0, "type": "mirror"}} --{'execute': 'block-job-complete', 'arguments': {'device': 'src'}} -+{'execute': 'block-job-complete', -+ 'arguments': {'device': 'src'}} - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "src"}} -diff --git a/tests/qemu-iotests/095.out b/tests/qemu-iotests/095.out -index e66ced58f85528d74ed621a4872f..8257c5e1e62248370e876764d752 100644 ---- a/tests/qemu-iotests/095.out -+++ b/tests/qemu-iotests/095.out -@@ -12,7 +12,9 @@ virtual size: 5 MiB (5242880 bytes) - - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'execute': 'block-commit', 'arguments': { 'device': 'test', 'top': 'TEST_DIR/t.IMGFMT.snp1' } } -+{ 'execute': 'block-commit', -+ 'arguments': { 'device': 'test', -+ 'top': 'TEST_DIR/t.IMGFMT.snp1' } } - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "test"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "test"}} - {"return": {}} -diff --git a/tests/qemu-iotests/109.out b/tests/qemu-iotests/109.out -index ad739df46c1a37a1a512942101e2..6e73406cdb0a33dbb28723c23e01 100644 ---- a/tests/qemu-iotests/109.out -+++ b/tests/qemu-iotests/109.out -@@ -6,7 +6,9 @@ Formatting 'TEST_DIR/t.raw.src', fmt=IMGFMT size=67108864 - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=SIZE - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - WARNING: Image format was not specified for 'TEST_DIR/t.raw' and probing guessed raw. - Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. - Specify the 'raw' format explicitly to remove the restrictions. -@@ -27,7 +29,9 @@ read 512/512 bytes at offset 0 - 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "src"}} - {"return": {}} -@@ -51,7 +55,9 @@ Formatting 'TEST_DIR/t.raw.src', fmt=IMGFMT size=67108864 - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=SIZE - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - WARNING: Image format was not specified for 'TEST_DIR/t.raw' and probing guessed raw. - Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. - Specify the 'raw' format explicitly to remove the restrictions. -@@ -72,7 +78,9 @@ read 512/512 bytes at offset 0 - 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "src"}} - {"return": {}} -@@ -96,7 +104,9 @@ Formatting 'TEST_DIR/t.raw.src', fmt=IMGFMT size=67108864 - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=SIZE - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - WARNING: Image format was not specified for 'TEST_DIR/t.raw' and probing guessed raw. - Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. - Specify the 'raw' format explicitly to remove the restrictions. -@@ -117,7 +127,9 @@ read 512/512 bytes at offset 0 - 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "src"}} - {"return": {}} -@@ -141,7 +153,9 @@ Formatting 'TEST_DIR/t.raw.src', fmt=IMGFMT size=67108864 - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=SIZE - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - WARNING: Image format was not specified for 'TEST_DIR/t.raw' and probing guessed raw. - Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. - Specify the 'raw' format explicitly to remove the restrictions. -@@ -162,7 +176,9 @@ read 512/512 bytes at offset 0 - 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "src"}} - {"return": {}} -@@ -186,7 +202,9 @@ Formatting 'TEST_DIR/t.raw.src', fmt=IMGFMT size=67108864 - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=SIZE - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - WARNING: Image format was not specified for 'TEST_DIR/t.raw' and probing guessed raw. - Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. - Specify the 'raw' format explicitly to remove the restrictions. -@@ -207,7 +225,9 @@ read 512/512 bytes at offset 0 - 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "src"}} - {"return": {}} -@@ -231,7 +251,9 @@ Formatting 'TEST_DIR/t.raw.src', fmt=IMGFMT size=67108864 - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=SIZE - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - WARNING: Image format was not specified for 'TEST_DIR/t.raw' and probing guessed raw. - Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. - Specify the 'raw' format explicitly to remove the restrictions. -@@ -252,7 +274,9 @@ read 512/512 bytes at offset 0 - 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "src"}} - {"return": {}} -@@ -275,7 +299,9 @@ Images are identical. - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=SIZE - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - WARNING: Image format was not specified for 'TEST_DIR/t.raw' and probing guessed raw. - Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. - Specify the 'raw' format explicitly to remove the restrictions. -@@ -296,7 +322,9 @@ read 512/512 bytes at offset 0 - 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "src"}} - {"return": {}} -@@ -319,7 +347,9 @@ Images are identical. - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=SIZE - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - WARNING: Image format was not specified for 'TEST_DIR/t.raw' and probing guessed raw. - Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. - Specify the 'raw' format explicitly to remove the restrictions. -@@ -340,7 +370,9 @@ read 512/512 bytes at offset 0 - 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "src"}} - {"return": {}} -@@ -363,7 +395,9 @@ Images are identical. - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=SIZE - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - WARNING: Image format was not specified for 'TEST_DIR/t.raw' and probing guessed raw. - Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. - Specify the 'raw' format explicitly to remove the restrictions. -@@ -384,7 +418,9 @@ read 512/512 bytes at offset 0 - 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "src"}} - {"return": {}} -@@ -407,7 +443,9 @@ Images are identical. - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=SIZE - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - WARNING: Image format was not specified for 'TEST_DIR/t.raw' and probing guessed raw. - Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. - Specify the 'raw' format explicitly to remove the restrictions. -@@ -428,7 +466,9 @@ read 512/512 bytes at offset 0 - 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "src"}} - {"return": {}} -@@ -451,7 +491,9 @@ Images are identical. - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=SIZE - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - WARNING: Image format was not specified for 'TEST_DIR/t.raw' and probing guessed raw. - Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. - Specify the 'raw' format explicitly to remove the restrictions. -@@ -473,7 +515,9 @@ WARNING: Image format was not specified for 'TEST_DIR/t.raw' and probing guessed - Images are identical. - { 'execute': 'qmp_capabilities' } - {"return": {}} --{'execute':'drive-mirror', 'arguments':{ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', 'mode': 'existing', 'sync': 'full'}} -+{'execute':'drive-mirror', 'arguments':{ -+ 'device': 'src', 'target': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', -+ 'mode': 'existing', 'sync': 'full'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "src"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "src"}} - {"return": {}} -diff --git a/tests/qemu-iotests/117.out b/tests/qemu-iotests/117.out -index bb623dcc0a4923bf183da122f3d5..735ffd25c65d63258cbc4baf0679 100644 ---- a/tests/qemu-iotests/117.out -+++ b/tests/qemu-iotests/117.out -@@ -2,11 +2,18 @@ QA output created by 117 - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=65536 - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'execute': 'blockdev-add', 'arguments': { 'node-name': 'protocol', 'driver': 'file', 'filename': 'TEST_DIR/t.IMGFMT' } } -+{ 'execute': 'blockdev-add', -+ 'arguments': { 'node-name': 'protocol', -+ 'driver': 'file', -+ 'filename': 'TEST_DIR/t.IMGFMT' } } - {"return": {}} --{ 'execute': 'blockdev-add', 'arguments': { 'node-name': 'format', 'driver': 'IMGFMT', 'file': 'protocol' } } -+{ 'execute': 'blockdev-add', -+ 'arguments': { 'node-name': 'format', -+ 'driver': 'IMGFMT', -+ 'file': 'protocol' } } - {"return": {}} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io format "write -P 42 0 64k"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': 'qemu-io format "write -P 42 0 64k"' } } - wrote 65536/65536 bytes at offset 0 - 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - {"return": ""} -diff --git a/tests/qemu-iotests/127.out b/tests/qemu-iotests/127.out -index efd6cb327fe579db3bf5d7a8c0f9..1685c4850a5aa54ab94312b848d4 100644 ---- a/tests/qemu-iotests/127.out -+++ b/tests/qemu-iotests/127.out -@@ -6,13 +6,21 @@ wrote 42/42 bytes at offset 0 - 42 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'execute': 'drive-mirror', 'arguments': { 'job-id': 'mirror', 'device': 'source', 'target': 'TEST_DIR/t.IMGFMT.overlay1', 'mode': 'existing', 'sync': 'top' } } -+{ 'execute': 'drive-mirror', -+ 'arguments': { -+ 'job-id': 'mirror', -+ 'device': 'source', -+ 'target': 'TEST_DIR/t.IMGFMT.overlay1', -+ 'mode': 'existing', -+ 'sync': 'top' -+ } } - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "mirror"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "mirror"}} - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "ready", "id": "mirror"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_READY", "data": {"device": "mirror", "len": 65536, "offset": 65536, "speed": 0, "type": "mirror"}} --{ 'execute': 'block-job-complete', 'arguments': { 'device': 'mirror' } } -+{ 'execute': 'block-job-complete', -+ 'arguments': { 'device': 'mirror' } } - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "mirror"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "mirror"}} -diff --git a/tests/qemu-iotests/140.out b/tests/qemu-iotests/140.out -index 62d9c3ab3c7bd8de35c322207a53..312f76d5dafe472ba6828b5c757b 100644 ---- a/tests/qemu-iotests/140.out -+++ b/tests/qemu-iotests/140.out -@@ -4,13 +4,17 @@ wrote 65536/65536 bytes at offset 0 - 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'execute': 'nbd-server-start', 'arguments': { 'addr': { 'type': 'unix', 'data': { 'path': 'SOCK_DIR/nbd' }}}} -+{ 'execute': 'nbd-server-start', -+ 'arguments': { 'addr': { 'type': 'unix', -+ 'data': { 'path': 'SOCK_DIR/nbd' }}}} - {"return": {}} --{ 'execute': 'nbd-server-add', 'arguments': { 'device': 'drv' }} -+{ 'execute': 'nbd-server-add', -+ 'arguments': { 'device': 'drv' }} - {"return": {}} - read 65536/65536 bytes at offset 0 - 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) --{ 'execute': 'eject', 'arguments': { 'device': 'drv' }} -+{ 'execute': 'eject', -+ 'arguments': { 'device': 'drv' }} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_EXPORT_DELETED", "data": {"id": "drv"}} - qemu-io: can't open device nbd+unix:///drv?socket=SOCK_DIR/nbd: Requested export not available - server reported: export 'drv' not present -diff --git a/tests/qemu-iotests/141.out b/tests/qemu-iotests/141.out -index 08e0aecd65f4b335a76f18f0f617..6d8652e22b8092bafa7f404c2ade 100644 ---- a/tests/qemu-iotests/141.out -+++ b/tests/qemu-iotests/141.out -@@ -7,105 +7,173 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/m. - - === Testing drive-backup === - --{'execute': 'blockdev-add', 'arguments': { 'node-name': 'drv0', 'driver': 'IMGFMT', 'file': { 'driver': 'file', 'filename': 'TEST_DIR/t.IMGFMT' }}} --{"return": {}} --{'execute': 'drive-backup', 'arguments': {'job-id': 'job0', 'device': 'drv0', 'target': 'TEST_DIR/o.IMGFMT', 'format': 'IMGFMT', 'sync': 'none'}} -+{'execute': 'blockdev-add', -+ 'arguments': { -+ 'node-name': 'drv0', -+ 'driver': 'IMGFMT', -+ 'file': { -+ 'driver': 'file', -+ 'filename': 'TEST_DIR/t.IMGFMT' -+ }}} -+{"return": {}} -+{'execute': 'drive-backup', -+'arguments': {'job-id': 'job0', -+'device': 'drv0', -+'target': 'TEST_DIR/o.IMGFMT', -+'format': 'IMGFMT', -+'sync': 'none'}} - Formatting 'TEST_DIR/o.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.IMGFMT backing_fmt=IMGFMT - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "paused", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job0"}} --{'execute': 'blockdev-del', 'arguments': {'node-name': 'drv0'}} -+{'execute': 'blockdev-del', -+ 'arguments': {'node-name': 'drv0'}} - {"error": {"class": "GenericError", "desc": "Node 'drv0' is busy: node is used as backing hd of 'NODE_NAME'"}} --{'execute': 'block-job-cancel', 'arguments': {'device': 'job0'}} -+{'execute': 'block-job-cancel', -+ 'arguments': {'device': 'job0'}} - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "aborting", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_CANCELLED", "data": {"device": "job0", "len": 1048576, "offset": 0, "speed": 0, "type": "backup"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job0"}} --{'execute': 'blockdev-del', 'arguments': {'node-name': 'drv0'}} -+{'execute': 'blockdev-del', -+ 'arguments': {'node-name': 'drv0'}} - {"return": {}} - - === Testing drive-mirror === - --{'execute': 'blockdev-add', 'arguments': { 'node-name': 'drv0', 'driver': 'IMGFMT', 'file': { 'driver': 'file', 'filename': 'TEST_DIR/t.IMGFMT' }}} --{"return": {}} --{'execute': 'drive-mirror', 'arguments': {'job-id': 'job0', 'device': 'drv0', 'target': 'TEST_DIR/o.IMGFMT', 'format': 'IMGFMT', 'sync': 'none'}} -+{'execute': 'blockdev-add', -+ 'arguments': { -+ 'node-name': 'drv0', -+ 'driver': 'IMGFMT', -+ 'file': { -+ 'driver': 'file', -+ 'filename': 'TEST_DIR/t.IMGFMT' -+ }}} -+{"return": {}} -+{'execute': 'drive-mirror', -+'arguments': {'job-id': 'job0', -+'device': 'drv0', -+'target': 'TEST_DIR/o.IMGFMT', -+'format': 'IMGFMT', -+'sync': 'none'}} - Formatting 'TEST_DIR/o.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.IMGFMT backing_fmt=IMGFMT - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "ready", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_READY", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "mirror"}} --{'execute': 'blockdev-del', 'arguments': {'node-name': 'drv0'}} -+{'execute': 'blockdev-del', -+ 'arguments': {'node-name': 'drv0'}} - {"error": {"class": "GenericError", "desc": "Node 'drv0' is busy: block device is in use by block job: mirror"}} --{'execute': 'block-job-cancel', 'arguments': {'device': 'job0'}} -+{'execute': 'block-job-cancel', -+ 'arguments': {'device': 'job0'}} - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_COMPLETED", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "mirror"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job0"}} --{'execute': 'blockdev-del', 'arguments': {'node-name': 'drv0'}} -+{'execute': 'blockdev-del', -+ 'arguments': {'node-name': 'drv0'}} - {"return": {}} - - === Testing active block-commit === - --{'execute': 'blockdev-add', 'arguments': { 'node-name': 'drv0', 'driver': 'IMGFMT', 'file': { 'driver': 'file', 'filename': 'TEST_DIR/t.IMGFMT' }}} --{"return": {}} --{'execute': 'block-commit', 'arguments': {'job-id': 'job0', 'device': 'drv0'}} -+{'execute': 'blockdev-add', -+ 'arguments': { -+ 'node-name': 'drv0', -+ 'driver': 'IMGFMT', -+ 'file': { -+ 'driver': 'file', -+ 'filename': 'TEST_DIR/t.IMGFMT' -+ }}} -+{"return": {}} -+{'execute': 'block-commit', -+'arguments': {'job-id': 'job0', 'device': 'drv0'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "ready", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_READY", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "commit"}} --{'execute': 'blockdev-del', 'arguments': {'node-name': 'drv0'}} -+{'execute': 'blockdev-del', -+ 'arguments': {'node-name': 'drv0'}} - {"error": {"class": "GenericError", "desc": "Node 'drv0' is busy: block device is in use by block job: commit"}} --{'execute': 'block-job-cancel', 'arguments': {'device': 'job0'}} -+{'execute': 'block-job-cancel', -+ 'arguments': {'device': 'job0'}} - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_COMPLETED", "data": {"device": "job0", "len": 0, "offset": 0, "speed": 0, "type": "commit"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job0"}} --{'execute': 'blockdev-del', 'arguments': {'node-name': 'drv0'}} -+{'execute': 'blockdev-del', -+ 'arguments': {'node-name': 'drv0'}} - {"return": {}} - - === Testing non-active block-commit === - - wrote 1048576/1048576 bytes at offset 0 - 1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) --{'execute': 'blockdev-add', 'arguments': { 'node-name': 'drv0', 'driver': 'IMGFMT', 'file': { 'driver': 'file', 'filename': 'TEST_DIR/t.IMGFMT' }}} --{"return": {}} --{'execute': 'block-commit', 'arguments': {'job-id': 'job0', 'device': 'drv0', 'top': 'TEST_DIR/m.IMGFMT', 'speed': 1}} -+{'execute': 'blockdev-add', -+ 'arguments': { -+ 'node-name': 'drv0', -+ 'driver': 'IMGFMT', -+ 'file': { -+ 'driver': 'file', -+ 'filename': 'TEST_DIR/t.IMGFMT' -+ }}} -+{"return": {}} -+{'execute': 'block-commit', -+'arguments': {'job-id': 'job0', -+'device': 'drv0', -+'top': 'TEST_DIR/m.IMGFMT', -+'speed': 1}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job0"}} --{'execute': 'blockdev-del', 'arguments': {'node-name': 'drv0'}} -+{'execute': 'blockdev-del', -+ 'arguments': {'node-name': 'drv0'}} - {"error": {"class": "GenericError", "desc": "Node drv0 is in use"}} --{'execute': 'block-job-cancel', 'arguments': {'device': 'job0'}} -+{'execute': 'block-job-cancel', -+ 'arguments': {'device': 'job0'}} - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "aborting", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_CANCELLED", "data": {"device": "job0", "len": 1048576, "offset": 524288, "speed": 1, "type": "commit"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job0"}} --{'execute': 'blockdev-del', 'arguments': {'node-name': 'drv0'}} -+{'execute': 'blockdev-del', -+ 'arguments': {'node-name': 'drv0'}} - {"return": {}} - - === Testing block-stream === - - wrote 1048576/1048576 bytes at offset 0 - 1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) --{'execute': 'blockdev-add', 'arguments': { 'node-name': 'drv0', 'driver': 'IMGFMT', 'file': { 'driver': 'file', 'filename': 'TEST_DIR/t.IMGFMT' }}} --{"return": {}} --{'execute': 'block-stream', 'arguments': {'job-id': 'job0', 'device': 'drv0', 'speed': 1}} -+{'execute': 'blockdev-add', -+ 'arguments': { -+ 'node-name': 'drv0', -+ 'driver': 'IMGFMT', -+ 'file': { -+ 'driver': 'file', -+ 'filename': 'TEST_DIR/t.IMGFMT' -+ }}} -+{"return": {}} -+{'execute': 'block-stream', -+'arguments': {'job-id': 'job0', -+'device': 'drv0', -+'speed': 1}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job0"}} --{'execute': 'blockdev-del', 'arguments': {'node-name': 'drv0'}} -+{'execute': 'blockdev-del', -+ 'arguments': {'node-name': 'drv0'}} - {"error": {"class": "GenericError", "desc": "Node drv0 is in use"}} --{'execute': 'block-job-cancel', 'arguments': {'device': 'job0'}} -+{'execute': 'block-job-cancel', -+ 'arguments': {'device': 'job0'}} - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "aborting", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_CANCELLED", "data": {"device": "job0", "len": 1048576, "offset": 524288, "speed": 1, "type": "stream"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job0"}} --{'execute': 'blockdev-del', 'arguments': {'node-name': 'drv0'}} -+{'execute': 'blockdev-del', -+ 'arguments': {'node-name': 'drv0'}} - {"return": {}} - *** done -diff --git a/tests/qemu-iotests/143.out b/tests/qemu-iotests/143.out -index fc9c0a761fa107a5c800d27af843..9ec5888e0ee18f2e3f83929e7da3 100644 ---- a/tests/qemu-iotests/143.out -+++ b/tests/qemu-iotests/143.out -@@ -1,7 +1,9 @@ - QA output created by 143 - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'execute': 'nbd-server-start', 'arguments': { 'addr': { 'type': 'unix', 'data': { 'path': 'SOCK_DIR/nbd' }}}} -+{ 'execute': 'nbd-server-start', -+ 'arguments': { 'addr': { 'type': 'unix', -+ 'data': { 'path': 'SOCK_DIR/nbd' }}}} - {"return": {}} - qemu-io: can't open device nbd+unix:///no_such_export?socket=SOCK_DIR/nbd: Requested export not available - server reported: export 'no_such_export' not present -diff --git a/tests/qemu-iotests/144.out b/tests/qemu-iotests/144.out -index 13e0c4f5a7dce51094fcbb77d069..b3b48120150b89d83c560ef2c9da 100644 ---- a/tests/qemu-iotests/144.out -+++ b/tests/qemu-iotests/144.out -@@ -8,19 +8,33 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=536870912 - - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'virtio0', 'snapshot-file':'TEST_DIR/tmp.IMGFMT', 'format': 'IMGFMT' } } -+{ 'execute': 'blockdev-snapshot-sync', -+ 'arguments': { -+ 'device': 'virtio0', -+ 'snapshot-file':'TEST_DIR/tmp.IMGFMT', -+ 'format': 'IMGFMT' -+ } -+ } - Formatting 'TEST_DIR/tmp.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=536870912 backing_file=TEST_DIR/t.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} - - === Performing block-commit on active layer === - --{ 'execute': 'block-commit', 'arguments': { 'device': 'virtio0' } } -+{ 'execute': 'block-commit', -+ 'arguments': { -+ 'device': 'virtio0' -+ } -+ } - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "virtio0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "virtio0"}} - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "ready", "id": "virtio0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_READY", "data": {"device": "virtio0", "len": 0, "offset": 0, "speed": 0, "type": "commit"}} --{ 'execute': 'block-job-complete', 'arguments': { 'device': 'virtio0' } } -+{ 'execute': 'block-job-complete', -+ 'arguments': { -+ 'device': 'virtio0' -+ } -+ } - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "virtio0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "virtio0"}} -@@ -30,7 +44,13 @@ Formatting 'TEST_DIR/tmp.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off co - - === Performing Live Snapshot 2 === - --{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'virtio0', 'snapshot-file':'TEST_DIR/tmp2.IMGFMT', 'format': 'IMGFMT' } } -+{ 'execute': 'blockdev-snapshot-sync', -+ 'arguments': { -+ 'device': 'virtio0', -+ 'snapshot-file':'TEST_DIR/tmp2.IMGFMT', -+ 'format': 'IMGFMT' -+ } -+ } - Formatting 'TEST_DIR/tmp2.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=536870912 backing_file=TEST_DIR/t.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} - *** done -diff --git a/tests/qemu-iotests/153.out b/tests/qemu-iotests/153.out -index fcaa71aeeebd855d684d8056410f..ff8e55864a53501197bb4a66bf99 100644 ---- a/tests/qemu-iotests/153.out -+++ b/tests/qemu-iotests/153.out -@@ -425,7 +425,8 @@ _qemu_img_wrapper commit -b TEST_DIR/t.qcow2.b TEST_DIR/t.qcow2.c - { 'execute': 'qmp_capabilities' } - {"return": {}} - Adding drive --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } } - {"return": "OKrn"} - - _qemu_io_wrapper TEST_DIR/t.qcow2 -c write 0 512 -@@ -435,25 +436,30 @@ Creating overlay with qemu-img when the guest is running should be allowed - - _qemu_img_wrapper create -f qcow2 -b TEST_DIR/t.qcow2 -F qcow2 TEST_DIR/t.qcow2.overlay - == Closing an image should unlock it == --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'drive_del d0' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': 'drive_del d0' } } - {"return": ""} - - _qemu_io_wrapper TEST_DIR/t.qcow2 -c write 0 512 - Adding two and closing one --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT,readonly=on' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT,readonly=on' } } - {"return": "OKrn"} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'drive_add 0 if=none,id=d1,file=TEST_DIR/t.IMGFMT,readonly=on' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': 'drive_add 0 if=none,id=d1,file=TEST_DIR/t.IMGFMT,readonly=on' } } - {"return": "OKrn"} - - _qemu_img_wrapper info TEST_DIR/t.qcow2 --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'drive_del d0' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': 'drive_del d0' } } - {"return": ""} - - _qemu_io_wrapper TEST_DIR/t.qcow2 -c write 0 512 - qemu-io: can't open device TEST_DIR/t.qcow2: Failed to get "write" lock - Is another process using the image [TEST_DIR/t.qcow2]? - Closing the other --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'drive_del d1' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': 'drive_del d1' } } - {"return": ""} - - _qemu_io_wrapper TEST_DIR/t.qcow2 -c write 0 512 -diff --git a/tests/qemu-iotests/156.out b/tests/qemu-iotests/156.out -index cce167b63fe336e1632d9ce15f3c..4a22f0c41af8671acdb3796b9f3d 100644 ---- a/tests/qemu-iotests/156.out -+++ b/tests/qemu-iotests/156.out -@@ -8,24 +8,37 @@ wrote 196608/196608 bytes at offset 65536 - { 'execute': 'qmp_capabilities' } - {"return": {}} - Formatting 'TEST_DIR/t.IMGFMT.overlay', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.IMGFMT backing_fmt=IMGFMT --{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'source', 'snapshot-file': 'TEST_DIR/t.IMGFMT.overlay', 'format': 'IMGFMT', 'mode': 'existing' } } -+{ 'execute': 'blockdev-snapshot-sync', -+ 'arguments': { 'device': 'source', -+ 'snapshot-file': 'TEST_DIR/t.IMGFMT.overlay', -+ 'format': 'IMGFMT', -+ 'mode': 'existing' } } - {"return": {}} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io source "write -P 3 128k 128k"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io source "write -P 3 128k 128k"' } } - wrote 131072/131072 bytes at offset 131072 - 128 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - {"return": ""} - Formatting 'TEST_DIR/t.IMGFMT.target.overlay', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.IMGFMT.target backing_fmt=IMGFMT --{ 'execute': 'drive-mirror', 'arguments': { 'device': 'source', 'target': 'TEST_DIR/t.IMGFMT.target.overlay', 'mode': 'existing', 'sync': 'top' } } -+{ 'execute': 'drive-mirror', -+ 'arguments': { 'device': 'source', -+ 'target': 'TEST_DIR/t.IMGFMT.target.overlay', -+ 'mode': 'existing', -+ 'sync': 'top' } } - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "source"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "source"}} - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "ready", "id": "source"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_READY", "data": {"device": "source", "len": 131072, "offset": 131072, "speed": 0, "type": "mirror"}} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io source "write -P 4 192k 64k"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io source "write -P 4 192k 64k"' } } - wrote 65536/65536 bytes at offset 196608 - 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - {"return": ""} --{ 'execute': 'block-job-complete', 'arguments': { 'device': 'source' } } -+{ 'execute': 'block-job-complete', -+ 'arguments': { 'device': 'source' } } - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "source"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "source"}} -@@ -33,19 +46,27 @@ wrote 65536/65536 bytes at offset 196608 - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "concluded", "id": "source"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "source"}} - --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io source "read -P 1 0k 64k"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io source "read -P 1 0k 64k"' } } - read 65536/65536 bytes at offset 0 - 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - {"return": ""} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io source "read -P 2 64k 64k"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io source "read -P 2 64k 64k"' } } - read 65536/65536 bytes at offset 65536 - 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - {"return": ""} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io source "read -P 3 128k 64k"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io source "read -P 3 128k 64k"' } } - read 65536/65536 bytes at offset 131072 - 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - {"return": ""} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io source "read -P 4 192k 64k"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io source "read -P 4 192k 64k"' } } - read 65536/65536 bytes at offset 196608 - 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - {"return": ""} -diff --git a/tests/qemu-iotests/161.out b/tests/qemu-iotests/161.out -index 3d8d89a9da3f22a54ec7ad985c9a..6cc285afcfdc315f886ad082dd3e 100644 ---- a/tests/qemu-iotests/161.out -+++ b/tests/qemu-iotests/161.out -@@ -7,18 +7,23 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t. - - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io none0 "reopen -o backing.detect-zeroes=on"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io none0 "reopen -o backing.detect-zeroes=on"' } } - {"return": ""} - - *** Stream and then change an option on the backing file - - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'execute': 'block-stream', 'arguments': { 'device': 'none0', 'base': 'TEST_DIR/t.IMGFMT.base' } } -+{ 'execute': 'block-stream', 'arguments': { 'device': 'none0', -+ 'base': 'TEST_DIR/t.IMGFMT.base' } } - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "none0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "none0"}} - {"return": {}} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io none0 "reopen -o backing.detect-zeroes=on"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io none0 "reopen -o backing.detect-zeroes=on"' } } - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "none0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "none0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_COMPLETED", "data": {"device": "none0", "len": 1048576, "offset": 1048576, "speed": 0, "type": "stream"}} -@@ -33,11 +38,14 @@ Formatting 'TEST_DIR/t.IMGFMT.int', fmt=IMGFMT size=1048576 backing_file=TEST_DI - Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t.IMGFMT.int backing_fmt=IMGFMT - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'execute': 'block-commit', 'arguments': { 'device': 'none0', 'top': 'TEST_DIR/t.IMGFMT.int' } } -+{ 'execute': 'block-commit', 'arguments': { 'device': 'none0', -+ 'top': 'TEST_DIR/t.IMGFMT.int' } } - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "none0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "none0"}} - {"return": {}} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io none0 "reopen -o backing.detect-zeroes=on"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io none0 "reopen -o backing.detect-zeroes=on"' } } - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "none0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "none0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_JOB_COMPLETED", "data": {"device": "none0", "len": 1048576, "offset": 1048576, "speed": 0, "type": "commit"}} -diff --git a/tests/qemu-iotests/173.out b/tests/qemu-iotests/173.out -index b5114b5c79521f354e39c066af29..2d6490d680d604b213dae36f3dec 100644 ---- a/tests/qemu-iotests/173.out -+++ b/tests/qemu-iotests/173.out -@@ -6,11 +6,30 @@ Formatting 'TEST_DIR/image.snp1', fmt=IMGFMT size=104857600 - - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'arguments': { 'device': 'disk2', 'format': 'IMGFMT', 'mode': 'existing', 'snapshot-file': 'TEST_DIR/image.snp1', 'snapshot-node-name': 'snp1' }, 'execute': 'blockdev-snapshot-sync' } -+{ 'arguments': { -+ 'device': 'disk2', -+ 'format': 'IMGFMT', -+ 'mode': 'existing', -+ 'snapshot-file': 'TEST_DIR/image.snp1', -+ 'snapshot-node-name': 'snp1' -+ }, -+ 'execute': 'blockdev-snapshot-sync' -+ } - {"return": {}} --{ 'arguments': { 'backing-file': 'image.base', 'device': 'disk2', 'image-node-name': 'snp1' }, 'execute': 'change-backing-file' } -+{ 'arguments': { -+ 'backing-file': 'image.base', -+ 'device': 'disk2', -+ 'image-node-name': 'snp1' -+ }, -+ 'execute': 'change-backing-file' -+ } - {"return": {}} --{ 'arguments': { 'base': 'TEST_DIR/image.base', 'device': 'disk2' }, 'execute': 'block-stream' } -+{ 'arguments': { -+ 'base': 'TEST_DIR/image.base', -+ 'device': 'disk2' -+ }, -+ 'execute': 'block-stream' -+ } - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "disk2"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "disk2"}} - {"return": {}} -diff --git a/tests/qemu-iotests/182.out b/tests/qemu-iotests/182.out -index ce2334067041172df246eb813d78..57f7265458f0fd1ef1dbb2e47760 100644 ---- a/tests/qemu-iotests/182.out -+++ b/tests/qemu-iotests/182.out -@@ -10,16 +10,42 @@ Is another process using the image [TEST_DIR/t.qcow2]? - - {'execute': 'qmp_capabilities'} - {"return": {}} --{'execute': 'blockdev-add', 'arguments': { 'node-name': 'node0', 'driver': 'file', 'filename': 'TEST_DIR/t.IMGFMT', 'locking': 'on' } } --{"return": {}} --{'execute': 'blockdev-snapshot-sync', 'arguments': { 'node-name': 'node0', 'snapshot-file': 'TEST_DIR/t.IMGFMT.overlay', 'snapshot-node-name': 'node1' } } -+{'execute': 'blockdev-add', -+ 'arguments': { -+ 'node-name': 'node0', -+ 'driver': 'file', -+ 'filename': 'TEST_DIR/t.IMGFMT', -+ 'locking': 'on' -+ } } -+{"return": {}} -+{'execute': 'blockdev-snapshot-sync', -+ 'arguments': { -+ 'node-name': 'node0', -+ 'snapshot-file': 'TEST_DIR/t.IMGFMT.overlay', -+ 'snapshot-node-name': 'node1' -+ } } - Formatting 'TEST_DIR/t.qcow2.overlay', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=197120 backing_file=TEST_DIR/t.qcow2 backing_fmt=file lazy_refcounts=off refcount_bits=16 - {"return": {}} --{'execute': 'blockdev-add', 'arguments': { 'node-name': 'node1', 'driver': 'file', 'filename': 'TEST_DIR/t.IMGFMT', 'locking': 'on' } } --{"return": {}} --{'execute': 'nbd-server-start', 'arguments': { 'addr': { 'type': 'unix', 'data': { 'path': 'SOCK_DIR/nbd.socket' } } } } --{"return": {}} --{'execute': 'nbd-server-add', 'arguments': { 'device': 'node1' } } -+{'execute': 'blockdev-add', -+ 'arguments': { -+ 'node-name': 'node1', -+ 'driver': 'file', -+ 'filename': 'TEST_DIR/t.IMGFMT', -+ 'locking': 'on' -+ } } -+{"return": {}} -+{'execute': 'nbd-server-start', -+ 'arguments': { -+ 'addr': { -+ 'type': 'unix', -+ 'data': { -+ 'path': 'SOCK_DIR/nbd.socket' -+ } } } } -+{"return": {}} -+{'execute': 'nbd-server-add', -+ 'arguments': { -+ 'device': 'node1' -+ } } - {"return": {}} - - === Testing failure to loosen restrictions === -diff --git a/tests/qemu-iotests/183.out b/tests/qemu-iotests/183.out -index d4be2cb2de5ff5b2ea33babb1cdb..fd9c2e52a586ef141f1c417a733d 100644 ---- a/tests/qemu-iotests/183.out -+++ b/tests/qemu-iotests/183.out -@@ -11,18 +11,23 @@ Formatting 'TEST_DIR/t.IMGFMT.dest', fmt=IMGFMT size=67108864 - - === Write something on the source === - --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io disk "write -P 0x55 0 64k"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io disk "write -P 0x55 0 64k"' } } - wrote 65536/65536 bytes at offset 0 - 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - {"return": ""} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io disk "read -P 0x55 0 64k"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io disk "read -P 0x55 0 64k"' } } - read 65536/65536 bytes at offset 0 - 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - {"return": ""} - - === Do block migration to destination === - --{ 'execute': 'migrate', 'arguments': { 'uri': 'unix:SOCK_DIR/migrate', 'blk': true } } -+{ 'execute': 'migrate', -+ 'arguments': { 'uri': 'unix:SOCK_DIR/migrate', 'blk': true } } - {"return": {}} - { 'execute': 'query-status' } - {"return": {"status": "postmigrate", "singlestep": false, "running": false}} -@@ -32,11 +37,15 @@ read 65536/65536 bytes at offset 0 - { 'execute': 'query-status' } - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "RESUME"} - {"return": {"status": "running", "singlestep": false, "running": true}} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io disk "read -P 0x55 0 64k"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io disk "read -P 0x55 0 64k"' } } - read 65536/65536 bytes at offset 0 - 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - {"return": ""} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io disk "write -P 0x66 1M 64k"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io disk "write -P 0x66 1M 64k"' } } - wrote 65536/65536 bytes at offset 1048576 - 64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - {"return": ""} -diff --git a/tests/qemu-iotests/185.out b/tests/qemu-iotests/185.out -index 339438ac682c111ff1cef63f3263..eab55d22bf207624dba390a1c0bc 100644 ---- a/tests/qemu-iotests/185.out -+++ b/tests/qemu-iotests/185.out -@@ -8,20 +8,34 @@ Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=67108864 - - === Creating backing chain === - --{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'disk', 'snapshot-file': 'TEST_DIR/t.IMGFMT.mid', 'format': 'IMGFMT', 'mode': 'absolute-paths' } } -+{ 'execute': 'blockdev-snapshot-sync', -+ 'arguments': { 'device': 'disk', -+ 'snapshot-file': 'TEST_DIR/t.IMGFMT.mid', -+ 'format': 'IMGFMT', -+ 'mode': 'absolute-paths' } } - Formatting 'TEST_DIR/t.qcow2.mid', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=67108864 backing_file=TEST_DIR/t.qcow2.base backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} --{ 'execute': 'human-monitor-command', 'arguments': { 'command-line': 'qemu-io disk "write 0 4M"' } } -+{ 'execute': 'human-monitor-command', -+ 'arguments': { 'command-line': -+ 'qemu-io disk "write 0 4M"' } } - wrote 4194304/4194304 bytes at offset 0 - 4 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) - {"return": ""} --{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'disk', 'snapshot-file': 'TEST_DIR/t.IMGFMT', 'format': 'IMGFMT', 'mode': 'absolute-paths' } } -+{ 'execute': 'blockdev-snapshot-sync', -+ 'arguments': { 'device': 'disk', -+ 'snapshot-file': 'TEST_DIR/t.IMGFMT', -+ 'format': 'IMGFMT', -+ 'mode': 'absolute-paths' } } - Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=67108864 backing_file=TEST_DIR/t.qcow2.mid backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 - {"return": {}} - - === Start commit job and exit qemu === - --{ 'execute': 'block-commit', 'arguments': { 'device': 'disk', 'base':'TEST_DIR/t.IMGFMT.base', 'top': 'TEST_DIR/t.IMGFMT.mid', 'speed': 65536 } } -+{ 'execute': 'block-commit', -+ 'arguments': { 'device': 'disk', -+ 'base':'TEST_DIR/t.IMGFMT.base', -+ 'top': 'TEST_DIR/t.IMGFMT.mid', -+ 'speed': 65536 } } - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "disk"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "disk"}} - {"return": {}} -@@ -34,7 +48,10 @@ Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off comp - - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'execute': 'block-commit', 'arguments': { 'device': 'disk', 'base':'TEST_DIR/t.IMGFMT.base', 'speed': 65536 } } -+{ 'execute': 'block-commit', -+ 'arguments': { 'device': 'disk', -+ 'base':'TEST_DIR/t.IMGFMT.base', -+ 'speed': 65536 } } - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "disk"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "disk"}} - {"return": {}} -@@ -47,7 +64,12 @@ Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off comp - - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'execute': 'drive-mirror', 'arguments': { 'device': 'disk', 'target': 'TEST_DIR/t.IMGFMT.copy', 'format': 'IMGFMT', 'sync': 'full', 'speed': 65536 } } -+{ 'execute': 'drive-mirror', -+ 'arguments': { 'device': 'disk', -+ 'target': 'TEST_DIR/t.IMGFMT.copy', -+ 'format': 'IMGFMT', -+ 'sync': 'full', -+ 'speed': 65536 } } - Formatting 'TEST_DIR/t.qcow2.copy', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16 - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "disk"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "disk"}} -@@ -61,7 +83,12 @@ Formatting 'TEST_DIR/t.qcow2.copy', fmt=qcow2 cluster_size=65536 extended_l2=off - - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'execute': 'drive-backup', 'arguments': { 'device': 'disk', 'target': 'TEST_DIR/t.IMGFMT.copy', 'format': 'IMGFMT', 'sync': 'full', 'speed': 65536 } } -+{ 'execute': 'drive-backup', -+ 'arguments': { 'device': 'disk', -+ 'target': 'TEST_DIR/t.IMGFMT.copy', -+ 'format': 'IMGFMT', -+ 'sync': 'full', -+ 'speed': 65536 } } - Formatting 'TEST_DIR/t.qcow2.copy', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=67108864 lazy_refcounts=off refcount_bits=16 - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "disk"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "disk"}} -@@ -77,7 +104,9 @@ Formatting 'TEST_DIR/t.qcow2.copy', fmt=qcow2 cluster_size=65536 extended_l2=off - - { 'execute': 'qmp_capabilities' } - {"return": {}} --{ 'execute': 'block-stream', 'arguments': { 'device': 'disk', 'speed': 65536 } } -+{ 'execute': 'block-stream', -+ 'arguments': { 'device': 'disk', -+ 'speed': 65536 } } - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "disk"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "disk"}} - {"return": {}} -diff --git a/tests/qemu-iotests/191.out b/tests/qemu-iotests/191.out -index 11aaf3b691fd23797a7dd0cbd4c2..022021efabb7a13360f39fd33d95 100644 ---- a/tests/qemu-iotests/191.out -+++ b/tests/qemu-iotests/191.out -@@ -16,7 +16,11 @@ wrote 65536/65536 bytes at offset 1048576 - - === Perform commit job === - --{ 'execute': 'block-commit', 'arguments': { 'job-id': 'commit0', 'device': 'top', 'base':'TEST_DIR/t.IMGFMT.base', 'top': 'TEST_DIR/t.IMGFMT.mid' } } -+{ 'execute': 'block-commit', -+ 'arguments': { 'job-id': 'commit0', -+ 'device': 'top', -+ 'base':'TEST_DIR/t.IMGFMT.base', -+ 'top': 'TEST_DIR/t.IMGFMT.mid' } } - { - "timestamp": { - "seconds": TIMESTAMP, -@@ -427,7 +431,11 @@ wrote 65536/65536 bytes at offset 1048576 - - === Perform commit job === - --{ 'execute': 'block-commit', 'arguments': { 'job-id': 'commit0', 'device': 'top', 'base':'TEST_DIR/t.IMGFMT.base', 'top': 'TEST_DIR/t.IMGFMT.mid' } } -+{ 'execute': 'block-commit', -+ 'arguments': { 'job-id': 'commit0', -+ 'device': 'top', -+ 'base':'TEST_DIR/t.IMGFMT.base', -+ 'top': 'TEST_DIR/t.IMGFMT.mid' } } - { - "timestamp": { - "seconds": TIMESTAMP, -diff --git a/tests/qemu-iotests/223.out b/tests/qemu-iotests/223.out -index f6eac23f04cd26409f5048eb2a28..bbc85289e33132ece90830a67546 100644 ---- a/tests/qemu-iotests/223.out -+++ b/tests/qemu-iotests/223.out -@@ -26,31 +26,48 @@ wrote 2097152/2097152 bytes at offset 2097152 - - {"execute":"qmp_capabilities"} - {"return": {}} --{"execute":"blockdev-add", "arguments":{"driver":"IMGFMT", "node-name":"n", "file":{"driver":"file", "filename":"TEST_DIR/t.IMGFMT"}}} -+{"execute":"blockdev-add", -+ "arguments":{"driver":"IMGFMT", "node-name":"n", -+ "file":{"driver":"file", "filename":"TEST_DIR/t.IMGFMT"}}} - {"return": {}} --{"execute":"block-dirty-bitmap-disable", "arguments":{"node":"n", "name":"b"}} -+{"execute":"block-dirty-bitmap-disable", -+ "arguments":{"node":"n", "name":"b"}} - {"return": {}} - - === Set up NBD with normal access === - --{"execute":"nbd-server-add", "arguments":{"device":"n"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"n"}} - {"error": {"class": "GenericError", "desc": "NBD server not running"}} --{"execute":"nbd-server-start", "arguments":{"addr":{"type":"unix", "data":{"path":"SOCK_DIR/nbd"}}}} -+{"execute":"nbd-server-start", -+ "arguments":{"addr":{"type":"unix", -+ "data":{"path":"SOCK_DIR/nbd"}}}} - {"return": {}} --{"execute":"nbd-server-start", "arguments":{"addr":{"type":"unix", "data":{"path":"SOCK_DIR/nbd1"}}}} -+{"execute":"nbd-server-start", -+ "arguments":{"addr":{"type":"unix", -+ "data":{"path":"SOCK_DIR/nbd1"}}}} - {"error": {"class": "GenericError", "desc": "NBD server already running"}} - exports available: 0 --{"execute":"nbd-server-add", "arguments":{"device":"n", "bitmap":"b"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"n", "bitmap":"b"}} - {"return": {}} --{"execute":"nbd-server-add", "arguments":{"device":"nosuch"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"nosuch"}} - {"error": {"class": "GenericError", "desc": "Cannot find device=nosuch nor node_name=nosuch"}} --{"execute":"nbd-server-add", "arguments":{"device":"n"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"n"}} - {"error": {"class": "GenericError", "desc": "Block export id 'n' is already in use"}} --{"execute":"nbd-server-add", "arguments":{"device":"n", "name":"n2", "bitmap":"b2"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"n", "name":"n2", -+ "bitmap":"b2"}} - {"error": {"class": "GenericError", "desc": "Enabled bitmap 'b2' incompatible with readonly export"}} --{"execute":"nbd-server-add", "arguments":{"device":"n", "name":"n2", "bitmap":"b3"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"n", "name":"n2", -+ "bitmap":"b3"}} - {"error": {"class": "GenericError", "desc": "Bitmap 'b3' is not found"}} --{"execute":"nbd-server-add", "arguments":{"device":"n", "name":"n2", "writable":true, "description":"some text", "bitmap":"b2"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"n", "name":"n2", "writable":true, -+ "description":"some text", "bitmap":"b2"}} - {"return": {}} - exports available: 2 - export: 'n' -@@ -99,12 +116,15 @@ read 2097152/2097152 bytes at offset 2097152 - - === End qemu NBD server === - --{"execute":"nbd-server-remove", "arguments":{"name":"n"}} -+{"execute":"nbd-server-remove", -+ "arguments":{"name":"n"}} - {"return": {}} --{"execute":"nbd-server-remove", "arguments":{"name":"n2"}} -+{"execute":"nbd-server-remove", -+ "arguments":{"name":"n2"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_EXPORT_DELETED", "data": {"id": "n"}} - {"return": {}} --{"execute":"nbd-server-remove", "arguments":{"name":"n2"}} -+{"execute":"nbd-server-remove", -+ "arguments":{"name":"n2"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_EXPORT_DELETED", "data": {"id": "n2"}} - {"error": {"class": "GenericError", "desc": "Export 'n2' is not found"}} - {"execute":"nbd-server-stop"} -@@ -114,26 +134,41 @@ read 2097152/2097152 bytes at offset 2097152 - - === Set up NBD with iothread access === - --{"execute":"x-blockdev-set-iothread", "arguments":{"node-name":"n", "iothread":"io0"}} -+{"execute":"x-blockdev-set-iothread", -+ "arguments":{"node-name":"n", "iothread":"io0"}} - {"return": {}} --{"execute":"nbd-server-add", "arguments":{"device":"n"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"n"}} - {"error": {"class": "GenericError", "desc": "NBD server not running"}} --{"execute":"nbd-server-start", "arguments":{"addr":{"type":"unix", "data":{"path":"SOCK_DIR/nbd"}}}} -+{"execute":"nbd-server-start", -+ "arguments":{"addr":{"type":"unix", -+ "data":{"path":"SOCK_DIR/nbd"}}}} - {"return": {}} --{"execute":"nbd-server-start", "arguments":{"addr":{"type":"unix", "data":{"path":"SOCK_DIR/nbd1"}}}} -+{"execute":"nbd-server-start", -+ "arguments":{"addr":{"type":"unix", -+ "data":{"path":"SOCK_DIR/nbd1"}}}} - {"error": {"class": "GenericError", "desc": "NBD server already running"}} - exports available: 0 --{"execute":"nbd-server-add", "arguments":{"device":"n", "bitmap":"b"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"n", "bitmap":"b"}} - {"return": {}} --{"execute":"nbd-server-add", "arguments":{"device":"nosuch"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"nosuch"}} - {"error": {"class": "GenericError", "desc": "Cannot find device=nosuch nor node_name=nosuch"}} --{"execute":"nbd-server-add", "arguments":{"device":"n"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"n"}} - {"error": {"class": "GenericError", "desc": "Block export id 'n' is already in use"}} --{"execute":"nbd-server-add", "arguments":{"device":"n", "name":"n2", "bitmap":"b2"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"n", "name":"n2", -+ "bitmap":"b2"}} - {"error": {"class": "GenericError", "desc": "Enabled bitmap 'b2' incompatible with readonly export"}} --{"execute":"nbd-server-add", "arguments":{"device":"n", "name":"n2", "bitmap":"b3"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"n", "name":"n2", -+ "bitmap":"b3"}} - {"error": {"class": "GenericError", "desc": "Bitmap 'b3' is not found"}} --{"execute":"nbd-server-add", "arguments":{"device":"n", "name":"n2", "writable":true, "description":"some text", "bitmap":"b2"}} -+{"execute":"nbd-server-add", -+ "arguments":{"device":"n", "name":"n2", "writable":true, -+ "description":"some text", "bitmap":"b2"}} - {"return": {}} - exports available: 2 - export: 'n' -@@ -182,12 +217,15 @@ read 2097152/2097152 bytes at offset 2097152 - - === End qemu NBD server === - --{"execute":"nbd-server-remove", "arguments":{"name":"n"}} -+{"execute":"nbd-server-remove", -+ "arguments":{"name":"n"}} - {"return": {}} --{"execute":"nbd-server-remove", "arguments":{"name":"n2"}} -+{"execute":"nbd-server-remove", -+ "arguments":{"name":"n2"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_EXPORT_DELETED", "data": {"id": "n"}} - {"return": {}} --{"execute":"nbd-server-remove", "arguments":{"name":"n2"}} -+{"execute":"nbd-server-remove", -+ "arguments":{"name":"n2"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "BLOCK_EXPORT_DELETED", "data": {"id": "n2"}} - {"error": {"class": "GenericError", "desc": "Export 'n2' is not found"}} - {"execute":"nbd-server-stop"} -diff --git a/tests/qemu-iotests/229.out b/tests/qemu-iotests/229.out -index 4de6dfaa28359ed7d657a2620065..73ccd111557e6ccb9ad141ef11d3 100644 ---- a/tests/qemu-iotests/229.out -+++ b/tests/qemu-iotests/229.out -@@ -8,7 +8,14 @@ wrote 2097152/2097152 bytes at offset 0 - - === Starting drive-mirror, causing error & stop === - --{'execute': 'drive-mirror', 'arguments': {'device': 'testdisk', 'format': 'IMGFMT', 'target': 'blkdebug:TEST_DIR/blkdebug.conf:TEST_DIR/d.IMGFMT', 'sync': 'full', 'mode': 'existing', 'on-source-error': 'stop', 'on-target-error': 'stop' }} -+{'execute': 'drive-mirror', -+ 'arguments': {'device': 'testdisk', -+ 'format': 'IMGFMT', -+ 'target': 'blkdebug:TEST_DIR/blkdebug.conf:TEST_DIR/d.IMGFMT', -+ 'sync': 'full', -+ 'mode': 'existing', -+ 'on-source-error': 'stop', -+ 'on-target-error': 'stop' }} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "testdisk"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "testdisk"}} - {"return": {}} -@@ -17,7 +24,9 @@ wrote 2097152/2097152 bytes at offset 0 - - === Force cancel job paused in error state === - --{'execute': 'block-job-cancel', 'arguments': { 'device': 'testdisk', 'force': true}} -+{'execute': 'block-job-cancel', -+ 'arguments': { 'device': 'testdisk', -+ 'force': true}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "testdisk"}} - {"return": {}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "aborting", "id": "testdisk"}} -diff --git a/tests/qemu-iotests/249.out b/tests/qemu-iotests/249.out -index 85acda4635b37c14c40c485ca288..92ec81db034fd8af8520d160033c 100644 ---- a/tests/qemu-iotests/249.out -+++ b/tests/qemu-iotests/249.out -@@ -7,24 +7,29 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t. - - === Send a write command to a drive opened in read-only mode (1) - --{ 'execute': 'human-monitor-command', 'arguments': {'command-line': 'qemu-io none0 "aio_write 0 2k"'}} -+{ 'execute': 'human-monitor-command', -+ 'arguments': {'command-line': 'qemu-io none0 "aio_write 0 2k"'}} - {"return": "Block node is read-onlyrn"} - - === Run block-commit on base using an invalid filter node name - --{ 'execute': 'block-commit', 'arguments': {'job-id': 'job0', 'device': 'none1', 'top-node': 'int', 'filter-node-name': '1234'}} -+{ 'execute': 'block-commit', -+ 'arguments': {'job-id': 'job0', 'device': 'none1', 'top-node': 'int', -+ 'filter-node-name': '1234'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "null", "id": "job0"}} - {"error": {"class": "GenericError", "desc": "Invalid node name"}} - - === Send a write command to a drive opened in read-only mode (2) - --{ 'execute': 'human-monitor-command', 'arguments': {'command-line': 'qemu-io none0 "aio_write 0 2k"'}} -+{ 'execute': 'human-monitor-command', -+ 'arguments': {'command-line': 'qemu-io none0 "aio_write 0 2k"'}} - {"return": "Block node is read-onlyrn"} - - === Run block-commit on base using the default filter node name - --{ 'execute': 'block-commit', 'arguments': {'job-id': 'job0', 'device': 'none1', 'top-node': 'int'}} -+{ 'execute': 'block-commit', -+ 'arguments': {'job-id': 'job0', 'device': 'none1', 'top-node': 'int'}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "created", "id": "job0"}} - {"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "JOB_STATUS_CHANGE", "data": {"status": "running", "id": "job0"}} - {"return": {}} -@@ -36,6 +41,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576 backing_file=TEST_DIR/t. - - === Send a write command to a drive opened in read-only mode (3) - --{ 'execute': 'human-monitor-command', 'arguments': {'command-line': 'qemu-io none0 "aio_write 0 2k"'}} -+{ 'execute': 'human-monitor-command', -+ 'arguments': {'command-line': 'qemu-io none0 "aio_write 0 2k"'}} - {"return": "Block node is read-onlyrn"} - *** done -diff --git a/tests/qemu-iotests/common.qemu b/tests/qemu-iotests/common.qemu -index de680cf1c7c92e50b82aa2bc0262..ef105dfc393e96c6ef2f34c1466d 100644 ---- a/tests/qemu-iotests/common.qemu -+++ b/tests/qemu-iotests/common.qemu -@@ -146,14 +146,9 @@ _send_qemu_cmd() - count=${qemu_cmd_repeat} - use_error="no" - fi -- # This array element extraction is done to accommodate pathnames with spaces -- if [ -z "${success_or_failure}" ]; then -- cmd=${@: 1:${#@}-1} -- shift $(($# - 1)) -- else -- cmd=${@: 1:${#@}-2} -- shift $(($# - 2)) -- fi -+ -+ cmd=$1 -+ shift - - # Display QMP being sent, but not HMP (since HMP already echoes its - # input back to output); decide based on leading '{' diff --git a/lan9118-switch-to-use-qemu_receive_packe.patch b/lan9118-switch-to-use-qemu_receive_packe.patch deleted file mode 100644 index ae224ff6..00000000 --- a/lan9118-switch-to-use-qemu_receive_packe.patch +++ /dev/null @@ -1,37 +0,0 @@ -From: Alexander Bulekov -Date: Mon, 1 Mar 2021 14:35:30 -0500 -Subject: lan9118: switch to use qemu_receive_packet() for loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 37cee01784ff0df13e5209517e1b3594a5e792d1 - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Jason Wang -Signed-off-by: Bruce Rogers ---- - hw/net/lan9118.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c -index 13d469fe24fd8dd3a03eb2b60a58..da82dc1ad32be5e176aea93e7b11 100644 ---- a/hw/net/lan9118.c -+++ b/hw/net/lan9118.c -@@ -669,7 +669,7 @@ static void do_tx_packet(lan9118_state *s) - /* FIXME: Honor TX disable, and allow queueing of packets. */ - if (s->phy_control & 0x4000) { - /* This assumes the receive routine doesn't touch the VLANClient. */ -- lan9118_receive(qemu_get_queue(s->nic), s->txp->data, s->txp->len); -+ qemu_receive_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); - } else { - qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); - } diff --git a/linux-user-Fake-proc-cpuinfo.patch b/linux-user-Fake-proc-cpuinfo.patch index a6a4b8b8..86af7fbe 100644 --- a/linux-user-Fake-proc-cpuinfo.patch +++ b/linux-user-Fake-proc-cpuinfo.patch @@ -21,10 +21,10 @@ Signed-off-by: Andreas Färber 1 file changed, 24 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 2839a2c5e906dde840f040c5f235..e1341c9d391bde792d37443c4b9f 100644 +index 9002e4d6187d4796773cfeb63723..e5d22c4806cf4f11b43371dc52c2 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -7887,6 +7887,27 @@ static int open_self_stat(void *cpu_env, int fd) +@@ -7977,6 +7977,27 @@ static int open_self_stat(void *cpu_env, int fd) return 0; } @@ -52,7 +52,7 @@ index 2839a2c5e906dde840f040c5f235..e1341c9d391bde792d37443c4b9f 100644 static int open_self_auxv(void *cpu_env, int fd) { CPUState *cpu = env_cpu((CPUArchState *)cpu_env); -@@ -8041,6 +8062,9 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags, +@@ -8131,6 +8152,9 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags, #if defined(TARGET_SPARC) || defined(TARGET_HPPA) { "/proc/cpuinfo", open_cpuinfo, is_proc }, #endif diff --git a/linux-user-add-binfmt-wrapper-for-argv-0.patch b/linux-user-add-binfmt-wrapper-for-argv-0.patch index c047ff85..ecb933a6 100644 --- a/linux-user-add-binfmt-wrapper-for-argv-0.patch +++ b/linux-user-add-binfmt-wrapper-for-argv-0.patch @@ -82,10 +82,10 @@ index 0000000000000000000000000000000000000000..cd1f513b334f3b263d9e4b5adb1981e3 + return execve(new_argv[0], new_argv, envp); +} diff --git a/meson.build b/meson.build -index e3386196ba4106a973edb7f9d07c..a4743a83ae82bbe57e8dfeec3da4 100644 +index c6f4b0cf5e8a88e2019fabd13f3a..4dd9c13852c017e89106e6a444ee 100644 --- a/meson.build +++ b/meson.build -@@ -1883,6 +1883,11 @@ endforeach +@@ -2318,6 +2318,11 @@ endforeach # Other build targets diff --git a/linux-user-lseek-explicitly-cast-non-set.patch b/linux-user-lseek-explicitly-cast-non-set.patch index 82bea3c8..d92bdeab 100644 --- a/linux-user-lseek-explicitly-cast-non-set.patch +++ b/linux-user-lseek-explicitly-cast-non-set.patch @@ -15,10 +15,10 @@ Signed-off-by: Alexander Graf 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 4c178ceab8ac708e4ee4587f6589..72c10911d6773e1e53fa36a3e741 100644 +index ee3f66b0118d21748c1ff7475793..f15b5fda1296f2b1f9dc53f74734 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -8563,8 +8563,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1, +@@ -8653,8 +8653,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1, return ret; #endif #ifdef TARGET_NR_lseek diff --git a/linux-user-use-target_ulong.patch b/linux-user-use-target_ulong.patch index ffa9d402..f55e4ce9 100644 --- a/linux-user-use-target_ulong.patch +++ b/linux-user-use-target_ulong.patch @@ -16,7 +16,7 @@ Signed-off-by: Alexander Graf 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/linux-user/qemu.h b/linux-user/qemu.h -index 534753ca12542383002cbf5544ac..c1c7448ef304cf8a56ac60ec8639 100644 +index 74e06e7121c56fbf568bc0d48164..709714dad5384d0813083af204c4 100644 --- a/linux-user/qemu.h +++ b/linux-user/qemu.h @@ -231,10 +231,10 @@ abi_long memcpy_to_target(abi_ulong dest, const void *src, @@ -35,10 +35,10 @@ index 534753ca12542383002cbf5544ac..c1c7448ef304cf8a56ac60ec8639 100644 void cpu_loop(CPUArchState *env); const char *target_strerror(int err); diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index e1341c9d391bde792d37443c4b9f..4c178ceab8ac708e4ee4587f6589 100644 +index e5d22c4806cf4f11b43371dc52c2..ee3f66b0118d21748c1ff7475793 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -8205,10 +8205,10 @@ static int host_to_target_cpu_mask(const unsigned long *host_mask, +@@ -8295,10 +8295,10 @@ static int host_to_target_cpu_mask(const unsigned long *host_mask, * of syscall results, can be performed. * All errnos that do_syscall() returns must be -TARGET_. */ @@ -53,7 +53,7 @@ index e1341c9d391bde792d37443c4b9f..4c178ceab8ac708e4ee4587f6589 100644 { CPUState *cpu = env_cpu(cpu_env); abi_long ret; -@@ -10871,7 +10871,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, +@@ -10966,7 +10966,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, */ ret = -TARGET_EINVAL; if (cpu_isar_feature(aa64_sve, env_archcpu(cpu_env)) @@ -62,7 +62,7 @@ index e1341c9d391bde792d37443c4b9f..4c178ceab8ac708e4ee4587f6589 100644 CPUARMState *env = cpu_env; ARMCPU *cpu = env_archcpu(env); uint32_t vq, old_vq; -@@ -13120,10 +13120,10 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, +@@ -13318,10 +13318,10 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, return ret; } diff --git a/lsilogic-Use-PCIDevice-exit-instead-of-D.patch b/lsilogic-Use-PCIDevice-exit-instead-of-D.patch deleted file mode 100644 index b9ea25fe..00000000 --- a/lsilogic-Use-PCIDevice-exit-instead-of-D.patch +++ /dev/null @@ -1,52 +0,0 @@ -From: Peng Liang -Date: Tue, 2 Mar 2021 21:30:16 +0800 -Subject: lsilogic: Use PCIDevice::exit instead of DeviceState::unrealize - -Git-commit: faabca42cc4ff51110116dfe44d420c668b4d8d8 - -PCI_DEVICE has overwritten DeviceState::unrealize (pci_qdev_unrealize). -However, LSI53C895A, which is a subclass of PCI_DEVICE, overwrites it -again and doesn't save the parent's implementation so the PCI_DEVICE's -implementation of DeviceState::unrealize will never be called when -unrealize a LSI53C895A device. And it will lead to memory leak and -unplug failure. - -For a PCI device, it's better to implement PCIDevice::exit instead of -DeviceState::unrealize. So let's change to use PCIDevice::exit. - -Fixes: a8632434c7e9 ("lsi: implement I/O memory space for Memory Move instructions") -Cc: qemu-stable@nongnu.org -Signed-off-by: Peng Liang -Message-Id: <20210302133016.1221081-1-liangpeng10@huawei.com> -Signed-off-by: Paolo Bonzini -Signed-off-by: Bruce Rogers ---- - hw/scsi/lsi53c895a.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c -index 7d13c7dc1c46e8a32ed0e3e090ff..af46c62f0d78268b52d19ca9fd07 100644 ---- a/hw/scsi/lsi53c895a.c -+++ b/hw/scsi/lsi53c895a.c -@@ -2312,7 +2312,7 @@ static void lsi_scsi_realize(PCIDevice *dev, Error **errp) - scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL); - } - --static void lsi_scsi_unrealize(DeviceState *dev) -+static void lsi_scsi_exit(PCIDevice *dev) - { - LSIState *s = LSI53C895A(dev); - -@@ -2325,11 +2325,11 @@ static void lsi_class_init(ObjectClass *klass, void *data) - PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); - - k->realize = lsi_scsi_realize; -+ k->exit = lsi_scsi_exit; - k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; - k->device_id = PCI_DEVICE_ID_LSI_53C895A; - k->class_id = PCI_CLASS_STORAGE_SCSI; - k->subsystem_id = 0x1000; -- dc->unrealize = lsi_scsi_unrealize; - dc->reset = lsi_scsi_reset; - dc->vmsd = &vmstate_lsi_scsi; - set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); diff --git a/memory-clamp-cached-translation-in-case-.patch b/memory-clamp-cached-translation-in-case-.patch deleted file mode 100644 index 31c99f18..00000000 --- a/memory-clamp-cached-translation-in-case-.patch +++ /dev/null @@ -1,137 +0,0 @@ -From: Paolo Bonzini -Date: Tue, 1 Dec 2020 09:29:56 -0500 -Subject: memory: clamp cached translation in case it points to an MMIO region - -Git-commit: 4bfb024bc76973d40a359476dc0291f46e435442 -References: bsc#1179686, CVE-2020-27821 - -In using the address_space_translate_internal API, address_space_cache_init -forgot one piece of advice that can be found in the code for -address_space_translate_internal: - - /* MMIO registers can be expected to perform full-width accesses based only - * on their address, without considering adjacent registers that could - * decode to completely different MemoryRegions. When such registers - * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO - * regions overlap wildly. For this reason we cannot clamp the accesses - * here. - * - * If the length is small (as is the case for address_space_ldl/stl), - * everything works fine. If the incoming length is large, however, - * the caller really has to do the clamping through memory_access_size. - */ - -address_space_cache_init is exactly one such case where "the incoming length -is large", therefore we need to clamp the resulting length---not to -memory_access_size though, since we are not doing an access yet, but to -the size of the resulting section. This ensures that subsequent accesses -to the cached MemoryRegionSection will be in range. - -With this patch, the enclosed testcase notices that the used ring does -not fit into the MSI-X table and prints a "qemu-system-x86_64: Cannot map used" -error. - -Signed-off-by: Paolo Bonzini -Signed-off-by: Bruce Rogers ---- - softmmu/physmem.c | 10 ++++++++ - tests/qtest/fuzz-test.c | 51 +++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 61 insertions(+) - -diff --git a/softmmu/physmem.c b/softmmu/physmem.c -index 3027747c0302c0904db2568eabb8..2cd1de4a2c46814f10c60fc1b8e5 100644 ---- a/softmmu/physmem.c -+++ b/softmmu/physmem.c -@@ -3255,6 +3255,7 @@ int64_t address_space_cache_init(MemoryRegionCache *cache, - AddressSpaceDispatch *d; - hwaddr l; - MemoryRegion *mr; -+ Int128 diff; - - assert(len > 0); - -@@ -3263,6 +3264,15 @@ int64_t address_space_cache_init(MemoryRegionCache *cache, - d = flatview_to_dispatch(cache->fv); - cache->mrs = *address_space_translate_internal(d, addr, &cache->xlat, &l, true); - -+ /* -+ * cache->xlat is now relative to cache->mrs.mr, not to the section itself. -+ * Take that into account to compute how many bytes are there between -+ * cache->xlat and the end of the section. -+ */ -+ diff = int128_sub(cache->mrs.size, -+ int128_make64(cache->xlat - cache->mrs.offset_within_region)); -+ l = int128_get64(int128_min(diff, int128_make64(l))); -+ - mr = cache->mrs.mr; - memory_region_ref(mr); - if (memory_access_is_direct(mr, is_write)) { -diff --git a/tests/qtest/fuzz-test.c b/tests/qtest/fuzz-test.c -index 9cb4c42bdea5cefa23473ed41b10..28739248e24d0b41d8ea5defebb8 100644 ---- a/tests/qtest/fuzz-test.c -+++ b/tests/qtest/fuzz-test.c -@@ -47,6 +47,55 @@ static void test_lp1878642_pci_bus_get_irq_level_assert(void) - qtest_outl(s, 0x5d02, 0xebed205d); - } - -+/* -+ * Here a MemoryRegionCache pointed to an MMIO region but had a -+ * larger size than the underlying region. -+ */ -+static void test_mmio_oob_from_memory_region_cache(void) -+{ -+ QTestState *s; -+ -+ s = qtest_init("-M pc-q35-5.2 -display none -m 512M " -+ "-device virtio-scsi,num_queues=8,addr=03.0 "); -+ -+ qtest_outl(s, 0xcf8, 0x80001811); -+ qtest_outb(s, 0xcfc, 0x6e); -+ qtest_outl(s, 0xcf8, 0x80001824); -+ qtest_outl(s, 0xcf8, 0x80001813); -+ qtest_outl(s, 0xcfc, 0xa080000); -+ qtest_outl(s, 0xcf8, 0x80001802); -+ qtest_outl(s, 0xcfc, 0x5a175a63); -+ qtest_outb(s, 0x6e08, 0x9e); -+ qtest_writeb(s, 0x9f003, 0xff); -+ qtest_writeb(s, 0x9f004, 0x01); -+ qtest_writeb(s, 0x9e012, 0x0e); -+ qtest_writeb(s, 0x9e01b, 0x0e); -+ qtest_writeb(s, 0x9f006, 0x01); -+ qtest_writeb(s, 0x9f008, 0x01); -+ qtest_writeb(s, 0x9f00a, 0x01); -+ qtest_writeb(s, 0x9f00c, 0x01); -+ qtest_writeb(s, 0x9f00e, 0x01); -+ qtest_writeb(s, 0x9f010, 0x01); -+ qtest_writeb(s, 0x9f012, 0x01); -+ qtest_writeb(s, 0x9f014, 0x01); -+ qtest_writeb(s, 0x9f016, 0x01); -+ qtest_writeb(s, 0x9f018, 0x01); -+ qtest_writeb(s, 0x9f01a, 0x01); -+ qtest_writeb(s, 0x9f01c, 0x01); -+ qtest_writeb(s, 0x9f01e, 0x01); -+ qtest_writeb(s, 0x9f020, 0x01); -+ qtest_writeb(s, 0x9f022, 0x01); -+ qtest_writeb(s, 0x9f024, 0x01); -+ qtest_writeb(s, 0x9f026, 0x01); -+ qtest_writeb(s, 0x9f028, 0x01); -+ qtest_writeb(s, 0x9f02a, 0x01); -+ qtest_writeb(s, 0x9f02c, 0x01); -+ qtest_writeb(s, 0x9f02e, 0x01); -+ qtest_writeb(s, 0x9f030, 0x01); -+ qtest_outb(s, 0x6e10, 0x00); -+ qtest_quit(s); -+} -+ - int main(int argc, char **argv) - { - const char *arch = qtest_get_arch(); -@@ -58,6 +107,8 @@ int main(int argc, char **argv) - test_lp1878263_megasas_zero_iov_cnt); - qtest_add_func("fuzz/test_lp1878642_pci_bus_get_irq_level_assert", - test_lp1878642_pci_bus_get_irq_level_assert); -+ qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache", -+ test_mmio_oob_from_memory_region_cache); - } - - return g_test_run(); diff --git a/module-for-virtio-gpu-pre-load-module-to.patch b/module-for-virtio-gpu-pre-load-module-to.patch index e50b2e2a..88453792 100644 --- a/module-for-virtio-gpu-pre-load-module-to.patch +++ b/module-for-virtio-gpu-pre-load-module-to.patch @@ -28,10 +28,10 @@ index 944d403cbd1535cc121af76a94f2..4b42dd285eeac1ba12e5c9e18ac0 100644 #endif diff --git a/qom/object.c b/qom/object.c -index 10653552334549241cd5672d7a02..6f301fec34d103b0b07bc41d107c 100644 +index 6a01d56546968c094ac4831acb2c..1b132653c3fc8d5150723b2d4cf7 100644 --- a/qom/object.c +++ b/qom/object.c -@@ -516,6 +516,18 @@ static void object_initialize_with_type(Object *obj, size_t size, TypeImpl *type +@@ -518,6 +518,18 @@ static void object_initialize_with_type(Object *obj, size_t size, TypeImpl *type object_post_init_with_type(obj, type); } @@ -51,10 +51,10 @@ index 10653552334549241cd5672d7a02..6f301fec34d103b0b07bc41d107c 100644 { TypeImpl *type = type_get_by_name(typename); diff --git a/qom/qom-qmp-cmds.c b/qom/qom-qmp-cmds.c -index 310ab2d0481d1517b0432be23256..cf130dc875bb6a7921fd7fb5af26 100644 +index 2d6f41ecc7ef4f2b82e55e730dc6..5ec565ad8f0f06d68022f3a4d3d5 100644 --- a/qom/qom-qmp-cmds.c +++ b/qom/qom-qmp-cmds.c -@@ -131,6 +131,23 @@ ObjectPropertyInfoList *qmp_device_list_properties(const char *typename, +@@ -129,6 +129,23 @@ ObjectPropertyInfoList *qmp_device_list_properties(const char *typename, ObjectPropertyIterator iter; ObjectPropertyInfoList *prop_list = NULL; @@ -79,10 +79,10 @@ index 310ab2d0481d1517b0432be23256..cf130dc875bb6a7921fd7fb5af26 100644 if (klass == NULL) { error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c -index bf79d0bbcd986320eb609f37253e..564dfaeeda9c3ae9dbf1afa97825 100644 +index a9955b97a078ea657546d9e2382f..8b71c08af53010428b0fc209bc5b 100644 --- a/softmmu/qdev-monitor.c +++ b/softmmu/qdev-monitor.c -@@ -263,6 +263,13 @@ int qdev_device_help(QemuOpts *opts) +@@ -274,6 +274,13 @@ int qdev_device_help(QemuOpts *opts) int i; driver = qemu_opt_get(opts, "driver"); @@ -96,7 +96,7 @@ index bf79d0bbcd986320eb609f37253e..564dfaeeda9c3ae9dbf1afa97825 100644 if (driver && is_help_option(driver)) { qdev_print_devinfos(false); return 1; -@@ -650,6 +657,14 @@ DeviceState *qdev_device_add(QemuOpts *opts, Error **errp) +@@ -646,6 +653,14 @@ DeviceState *qdev_device_add(QemuOpts *opts, Error **errp) return NULL; } diff --git a/monitor-Fix-assertion-failure-on-shutdow.patch b/monitor-Fix-assertion-failure-on-shutdow.patch deleted file mode 100644 index b61c4b86..00000000 --- a/monitor-Fix-assertion-failure-on-shutdow.patch +++ /dev/null @@ -1,86 +0,0 @@ -From: Kevin Wolf -Date: Fri, 12 Feb 2021 18:20:27 +0100 -Subject: monitor: Fix assertion failure on shutdown - -Git-commit: c81219a7dd36a815bd85beed9932fc973d4f5d51 - -Commit 357bda95 already tried to fix the order in monitor_cleanup() by -moving shutdown of the dispatcher coroutine further to the start. -However, it didn't go far enough: - -iothread_stop() makes sure that all pending work (bottom halves) in the -AioContext of the monitor iothread is completed. iothread_destroy() -depends on this and fails an assertion if there is still a pending BH. - -While the dispatcher coroutine is running, it will try to resume the -monitor after taking a request out of the queue, which involves a BH. -The dispatcher is run until it terminates in the AIO_WAIT_WHILE() loop. -However, adding new BHs between iothread_stop() and iothread_destroy() -is forbidden. - -Fix this by stopping the dispatcher first before shutting down the other -parts of the monitor. This means we can now receive requests that aren't -handled any more when QEMU is shutting down, but this is unlikely to be -a problem for QMP clients. - -Fixes: 357bda9590784ff75803d52de43150d4107ed98e -Signed-off-by: Kevin Wolf -Message-Id: <20210212172028.288825-2-kwolf@redhat.com> -Tested-by: Markus Armbruster -Reviewed-by: Markus Armbruster -Signed-off-by: Kevin Wolf -Signed-off-by: Bruce Rogers ---- - monitor/monitor.c | 25 +++++++++++++++---------- - 1 file changed, 15 insertions(+), 10 deletions(-) - -diff --git a/monitor/monitor.c b/monitor/monitor.c -index 84222cd130043fd618bd40343829..27573348f3d7ac5c03b56637235d 100644 ---- a/monitor/monitor.c -+++ b/monitor/monitor.c -@@ -622,16 +622,6 @@ void monitor_data_destroy(Monitor *mon) - - void monitor_cleanup(void) - { -- /* -- * We need to explicitly stop the I/O thread (but not destroy it), -- * clean up the monitor resources, then destroy the I/O thread since -- * we need to unregister from chardev below in -- * monitor_data_destroy(), and chardev is not thread-safe yet -- */ -- if (mon_iothread) { -- iothread_stop(mon_iothread); -- } -- - /* - * The dispatcher needs to stop before destroying the monitor and - * the I/O thread. -@@ -641,6 +631,11 @@ void monitor_cleanup(void) - * eventually terminates. qemu_aio_context is automatically - * polled by calling AIO_WAIT_WHILE on it, but we must poll - * iohandler_ctx manually. -+ * -+ * Letting the iothread continue while shutting down the dispatcher -+ * means that new requests may still be coming in. This is okay, -+ * we'll just leave them in the queue without sending a response -+ * and monitor_data_destroy() will free them. - */ - qmp_dispatcher_co_shutdown = true; - if (!qatomic_xchg(&qmp_dispatcher_co_busy, true)) { -@@ -651,6 +646,16 @@ void monitor_cleanup(void) - (aio_poll(iohandler_get_aio_context(), false), - qatomic_mb_read(&qmp_dispatcher_co_busy))); - -+ /* -+ * We need to explicitly stop the I/O thread (but not destroy it), -+ * clean up the monitor resources, then destroy the I/O thread since -+ * we need to unregister from chardev below in -+ * monitor_data_destroy(), and chardev is not thread-safe yet -+ */ -+ if (mon_iothread) { -+ iothread_stop(mon_iothread); -+ } -+ - /* Flush output buffers and destroy monitors */ - qemu_mutex_lock(&monitor_lock); - monitor_destroyed = true; diff --git a/mptsas-Remove-unused-MPTSASState-pending.patch b/mptsas-Remove-unused-MPTSASState-pending.patch deleted file mode 100644 index 685fdb52..00000000 --- a/mptsas-Remove-unused-MPTSASState-pending.patch +++ /dev/null @@ -1,86 +0,0 @@ -From: Michael Tokarev -Date: Mon, 19 Apr 2021 15:42:47 +0200 -Subject: mptsas: Remove unused MPTSASState 'pending' field (CVE-2021-3392) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 3791642c8d60029adf9b00bcb4e34d7d8a1aea4d - -While processing SCSI i/o requests in mptsas_process_scsi_io_request(), -the Megaraid emulator appends new MPTSASRequest object 'req' to -the 's->pending' queue. In case of an error, this same object gets -dequeued in mptsas_free_request() only if SCSIRequest object -'req->sreq' is initialised. This may lead to a use-after-free issue. - -Since s->pending is actually not used, simply remove it from -MPTSASState. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Michael Tokarev -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Philippe Mathieu-Daudé -Reported-by: Cheolwoo Myung -Message-id: 20210419134247.1467982-1-f4bug@amsat.org -Message-Id: <20210416102243.1293871-1-mjt@msgid.tls.msk.ru> -Suggested-by: Paolo Bonzini -Reported-by: Cheolwoo Myung -BugLink: https://bugs.launchpad.net/qemu/+bug/1914236 (CVE-2021-3392) -Fixes: e351b826112 ("hw: Add support for LSI SAS1068 (mptsas) device") -[PMD: Reworded description, added more tags] -Signed-off-by: Philippe Mathieu-Daudé -Reviewed-by: Peter Maydell -Signed-off-by: Peter Maydell -Signed-off-by: Bruce Rogers ---- - hw/scsi/mptsas.c | 6 ------ - hw/scsi/mptsas.h | 1 - - 2 files changed, 7 deletions(-) - -diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c -index f86616544bacf71da60270ad06ed..12c957e06be41e80963bcabae1f8 100644 ---- a/hw/scsi/mptsas.c -+++ b/hw/scsi/mptsas.c -@@ -251,13 +251,10 @@ static int mptsas_build_sgl(MPTSASState *s, MPTSASRequest *req, hwaddr addr) - - static void mptsas_free_request(MPTSASRequest *req) - { -- MPTSASState *s = req->dev; -- - if (req->sreq != NULL) { - req->sreq->hba_private = NULL; - scsi_req_unref(req->sreq); - req->sreq = NULL; -- QTAILQ_REMOVE(&s->pending, req, next); - } - qemu_sglist_destroy(&req->qsg); - g_free(req); -@@ -303,7 +300,6 @@ static int mptsas_process_scsi_io_request(MPTSASState *s, - } - - req = g_new0(MPTSASRequest, 1); -- QTAILQ_INSERT_TAIL(&s->pending, req, next); - req->scsi_io = *scsi_io; - req->dev = s; - -@@ -1318,8 +1314,6 @@ static void mptsas_scsi_realize(PCIDevice *dev, Error **errp) - - s->request_bh = qemu_bh_new(mptsas_fetch_requests, s); - -- QTAILQ_INIT(&s->pending); -- - scsi_bus_new(&s->bus, sizeof(s->bus), &dev->qdev, &mptsas_scsi_info, NULL); - } - -diff --git a/hw/scsi/mptsas.h b/hw/scsi/mptsas.h -index b85ac1a5fcc7ad3ffc72923c734c..c046497db71989a564ed46481036 100644 ---- a/hw/scsi/mptsas.h -+++ b/hw/scsi/mptsas.h -@@ -79,7 +79,6 @@ struct MPTSASState { - uint16_t reply_frame_size; - - SCSIBus bus; -- QTAILQ_HEAD(, MPTSASRequest) pending; - }; - - void mptsas_fix_scsi_io_endianness(MPIMsgSCSIIORequest *req); diff --git a/msf2-mac-switch-to-use-qemu_receive_pack.patch b/msf2-mac-switch-to-use-qemu_receive_pack.patch deleted file mode 100644 index f81daca4..00000000 --- a/msf2-mac-switch-to-use-qemu_receive_pack.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Jason Wang -Date: Wed, 24 Feb 2021 13:00:01 +0800 -Subject: msf2-mac: switch to use qemu_receive_packet() for loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 26194a58f4eb83c5bdf4061a1628508084450ba1 - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Jason Wang -Signed-off-by: Bruce Rogers ---- - hw/net/msf2-emac.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/msf2-emac.c b/hw/net/msf2-emac.c -index 32ba9e84124496fe22f165095d61..3e6206044f8b441c9222f28cc1ec 100644 ---- a/hw/net/msf2-emac.c -+++ b/hw/net/msf2-emac.c -@@ -158,7 +158,7 @@ static void msf2_dma_tx(MSF2EmacState *s) - * R_CFG1 bit 0 is set. - */ - if (s->regs[R_CFG1] & R_CFG1_LB_EN_MASK) { -- nc->info->receive(nc, buf, size); -+ qemu_receive_packet(nc, buf, size); - } else { - qemu_send_packet(nc, buf, size); - } diff --git a/net-Fix-handling-of-id-in-netdev_add-and.patch b/net-Fix-handling-of-id-in-netdev_add-and.patch deleted file mode 100644 index 7d18c4a7..00000000 --- a/net-Fix-handling-of-id-in-netdev_add-and.patch +++ /dev/null @@ -1,119 +0,0 @@ -From: Markus Armbruster -Date: Wed, 25 Nov 2020 11:02:20 +0100 -Subject: net: Fix handling of id in netdev_add and netdev_del - -Git-commit: 831734cce6494032e9233caff4d8442b3a1e7fef - -CLI -netdev accumulates in option group "netdev". - -Before commit 08712fcb85 "net: Track netdevs in NetClientState rather -than QemuOpt", netdev_add added to the option group, and netdev_del -removed from it, both HMP and QMP. Thus, every netdev had a -corresponding QemuOpts in this option group. - -Commit 08712fcb85 dropped this for QMP netdev_add and both netdev_del. -Now a netdev has a corresponding QemuOpts only when it was created -with CLI or HMP. Two issues: - -* QMP and HMP netdev_del can leave QemuOpts behind, breaking HMP - netdev_add. Reproducer: - - $ qemu-system-x86_64 -S -display none -nodefaults -monitor stdio - QEMU 5.1.92 monitor - type 'help' for more information - (qemu) netdev_add user,id=net0 - (qemu) info network - net0: index=0,type=user,net=10.0.2.0,restrict=off - (qemu) netdev_del net0 - (qemu) info network - (qemu) netdev_add user,id=net0 - upstream-qemu: Duplicate ID 'net0' for netdev - Try "help netdev_add" for more information - - Fix by restoring the QemuOpts deletion in qmp_netdev_del(), but with - a guard, because the QemuOpts need not exist. - -* QMP netdev_add loses its "no duplicate ID" check. Reproducer: - - $ qemu-system-x86_64 -S -display none -qmp stdio - {"QMP": {"version": {"qemu": {"micro": 92, "minor": 1, "major": 5}, "package": "v5.2.0-rc2-1-g02c1f0142c"}, "capabilities": ["oob"]}} - {"execute": "qmp_capabilities"} - {"return": {}} - {"execute": "netdev_add", "arguments": {"type": "user", "id":"net0"}} - {"return": {}} - {"execute": "netdev_add", "arguments": {"type": "user", "id":"net0"}} - {"return": {}} - - Fix by adding a duplicate ID check to net_client_init1() to replace - the lost one. The check is redundant for callers where QemuOpts - still checks, i.e. for CLI and HMP. - -Reported-by: Andrew Melnichenko -Fixes: 08712fcb851034228b61f75bd922863a984a4f60 -Cc: qemu-stable@nongnu.org -Signed-off-by: Markus Armbruster -Reviewed-by: Eric Blake -Signed-off-by: Jason Wang -Signed-off-by: Bruce Rogers ---- - net/net.c | 20 ++++++++++++++++++-- - 1 file changed, 18 insertions(+), 2 deletions(-) - -diff --git a/net/net.c b/net/net.c -index 6a2c3d95670ed5fec78078276301..af35fb2db7cd99933d20f8613ab3 100644 ---- a/net/net.c -+++ b/net/net.c -@@ -983,6 +983,7 @@ static int (* const net_client_init_fun[NET_CLIENT_DRIVER__MAX])( - static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp) - { - NetClientState *peer = NULL; -+ NetClientState *nc; - - if (is_netdev) { - if (netdev->type == NET_CLIENT_DRIVER_NIC || -@@ -1010,6 +1011,12 @@ static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp) - } - } - -+ nc = qemu_find_netdev(netdev->id); -+ if (nc) { -+ error_setg(errp, "Duplicate ID '%s'", netdev->id); -+ return -1; -+ } -+ - if (net_client_init_fun[netdev->type](netdev, netdev->id, peer, errp) < 0) { - /* FIXME drop when all init functions store an Error */ - if (errp && !*errp) { -@@ -1020,8 +1027,6 @@ static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp) - } - - if (is_netdev) { -- NetClientState *nc; -- - nc = qemu_find_netdev(netdev->id); - assert(nc); - nc->is_netdev = true; -@@ -1135,6 +1140,7 @@ void qmp_netdev_add(Netdev *netdev, Error **errp) - void qmp_netdev_del(const char *id, Error **errp) - { - NetClientState *nc; -+ QemuOpts *opts; - - nc = qemu_find_netdev(id); - if (!nc) { -@@ -1149,6 +1155,16 @@ void qmp_netdev_del(const char *id, Error **errp) - } - - qemu_del_net_client(nc); -+ -+ /* -+ * Wart: we need to delete the QemuOpts associated with netdevs -+ * created via CLI or HMP, to avoid bogus "Duplicate ID" errors in -+ * HMP netdev_add. -+ */ -+ opts = qemu_opts_find(qemu_find_opts("netdev"), id); -+ if (opts) { -+ qemu_opts_del(opts); -+ } - } - - static void netfilter_print_info(Monitor *mon, NetFilterState *nf) diff --git a/net-introduce-qemu_receive_packet.patch b/net-introduce-qemu_receive_packet.patch deleted file mode 100644 index 4cb798dc..00000000 --- a/net-introduce-qemu_receive_packet.patch +++ /dev/null @@ -1,171 +0,0 @@ -From: Jason Wang -Date: Wed, 24 Feb 2021 11:44:36 +0800 -Subject: net: introduce qemu_receive_packet() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 705df5466c98f3efdd2b68d3b31dad86858acad7 -References: bsc#1182968, CVE-2021-3416 -Some NIC supports loopback mode and this is done by calling -nc->info->receive() directly which in fact suppresses the effort of -reentrancy check that is done in qemu_net_queue_send(). - -Unfortunately we can't use qemu_net_queue_send() here since for -loopback there's no sender as peer, so this patch introduce a -qemu_receive_packet() which is used for implementing loopback mode -for a NIC with this check. - -NIC that supports loopback mode will be converted to this helper. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit -Reviewed-by: Philippe Mathieu-Daudé -Cc: qemu-stable@nongnu.org -Signed-off-by: Jason Wang -Signed-off-by: Bruce Rogers ---- - include/net/net.h | 5 +++++ - include/net/queue.h | 8 ++++++++ - net/net.c | 38 +++++++++++++++++++++++++++++++------- - net/queue.c | 22 ++++++++++++++++++++++ - 4 files changed, 66 insertions(+), 7 deletions(-) - -diff --git a/include/net/net.h b/include/net/net.h -index 778fc787ca14d3e1bc6f59d76cc6..03f058ecb0c1e8d4f4d3a8cb6c58 100644 ---- a/include/net/net.h -+++ b/include/net/net.h -@@ -143,12 +143,17 @@ void *qemu_get_nic_opaque(NetClientState *nc); - void qemu_del_net_client(NetClientState *nc); - typedef void (*qemu_nic_foreach)(NICState *nic, void *opaque); - void qemu_foreach_nic(qemu_nic_foreach func, void *opaque); -+int qemu_can_receive_packet(NetClientState *nc); - int qemu_can_send_packet(NetClientState *nc); - ssize_t qemu_sendv_packet(NetClientState *nc, const struct iovec *iov, - int iovcnt); - ssize_t qemu_sendv_packet_async(NetClientState *nc, const struct iovec *iov, - int iovcnt, NetPacketSent *sent_cb); - ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size); -+ssize_t qemu_receive_packet(NetClientState *nc, const uint8_t *buf, int size); -+ssize_t qemu_receive_packet_iov(NetClientState *nc, -+ const struct iovec *iov, -+ int iovcnt); - ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size); - ssize_t qemu_send_packet_async(NetClientState *nc, const uint8_t *buf, - int size, NetPacketSent *sent_cb); -diff --git a/include/net/queue.h b/include/net/queue.h -index c0269bb1dc436a912e2abc75db3b..9f2f289d7719ca1ed78604c37b65 100644 ---- a/include/net/queue.h -+++ b/include/net/queue.h -@@ -55,6 +55,14 @@ void qemu_net_queue_append_iov(NetQueue *queue, - - void qemu_del_net_queue(NetQueue *queue); - -+ssize_t qemu_net_queue_receive(NetQueue *queue, -+ const uint8_t *data, -+ size_t size); -+ -+ssize_t qemu_net_queue_receive_iov(NetQueue *queue, -+ const struct iovec *iov, -+ int iovcnt); -+ - ssize_t qemu_net_queue_send(NetQueue *queue, - NetClientState *sender, - unsigned flags, -diff --git a/net/net.c b/net/net.c -index af35fb2db7cd99933d20f8613ab3..cad72a791d3f173eaaa66b8feb50 100644 ---- a/net/net.c -+++ b/net/net.c -@@ -528,6 +528,17 @@ int qemu_set_vnet_be(NetClientState *nc, bool is_be) - #endif - } - -+int qemu_can_receive_packet(NetClientState *nc) -+{ -+ if (nc->receive_disabled) { -+ return 0; -+ } else if (nc->info->can_receive && -+ !nc->info->can_receive(nc)) { -+ return 0; -+ } -+ return 1; -+} -+ - int qemu_can_send_packet(NetClientState *sender) - { - int vm_running = runstate_is_running(); -@@ -540,13 +551,7 @@ int qemu_can_send_packet(NetClientState *sender) - return 1; - } - -- if (sender->peer->receive_disabled) { -- return 0; -- } else if (sender->peer->info->can_receive && -- !sender->peer->info->can_receive(sender->peer)) { -- return 0; -- } -- return 1; -+ return qemu_can_receive_packet(sender->peer); - } - - static ssize_t filter_receive_iov(NetClientState *nc, -@@ -679,6 +684,25 @@ ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size) - return qemu_send_packet_async(nc, buf, size, NULL); - } - -+ssize_t qemu_receive_packet(NetClientState *nc, const uint8_t *buf, int size) -+{ -+ if (!qemu_can_receive_packet(nc)) { -+ return 0; -+ } -+ -+ return qemu_net_queue_receive(nc->incoming_queue, buf, size); -+} -+ -+ssize_t qemu_receive_packet_iov(NetClientState *nc, const struct iovec *iov, -+ int iovcnt) -+{ -+ if (!qemu_can_receive_packet(nc)) { -+ return 0; -+ } -+ -+ return qemu_net_queue_receive_iov(nc->incoming_queue, iov, iovcnt); -+} -+ - ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size) - { - return qemu_send_packet_async_with_flags(nc, QEMU_NET_PACKET_FLAG_RAW, -diff --git a/net/queue.c b/net/queue.c -index 19e32c80fda730604fe7febf421f..c872d51df8b58518a644a2a8f68b 100644 ---- a/net/queue.c -+++ b/net/queue.c -@@ -182,6 +182,28 @@ static ssize_t qemu_net_queue_deliver_iov(NetQueue *queue, - return ret; - } - -+ssize_t qemu_net_queue_receive(NetQueue *queue, -+ const uint8_t *data, -+ size_t size) -+{ -+ if (queue->delivering) { -+ return 0; -+ } -+ -+ return qemu_net_queue_deliver(queue, NULL, 0, data, size); -+} -+ -+ssize_t qemu_net_queue_receive_iov(NetQueue *queue, -+ const struct iovec *iov, -+ int iovcnt) -+{ -+ if (queue->delivering) { -+ return 0; -+ } -+ -+ return qemu_net_queue_deliver_iov(queue, NULL, 0, iov, iovcnt); -+} -+ - ssize_t qemu_net_queue_send(NetQueue *queue, - NetClientState *sender, - unsigned flags, diff --git a/pcnet-switch-to-use-qemu_receive_packet-.patch b/pcnet-switch-to-use-qemu_receive_packet-.patch deleted file mode 100644 index 87181047..00000000 --- a/pcnet-switch-to-use-qemu_receive_packet-.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: Alexander Bulekov -Date: Mon, 1 Mar 2021 10:33:34 -0500 -Subject: pcnet: switch to use qemu_receive_packet() for loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928 - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit -Cc: qemu-stable@nongnu.org -Buglink: https://bugs.launchpad.net/qemu/+bug/1917085 -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Jason Wang -Signed-off-by: Bruce Rogers ---- - hw/net/pcnet.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c -index f3f18d8598c43aca02ca138aa46e..dcd3fc49481b46a6d4bb7c726572 100644 ---- a/hw/net/pcnet.c -+++ b/hw/net/pcnet.c -@@ -1250,7 +1250,7 @@ txagain: - if (BCR_SWSTYLE(s) == 1) - add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS); - s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC; -- pcnet_receive(qemu_get_queue(s->nic), s->buffer, s->xmit_pos); -+ qemu_receive_packet(qemu_get_queue(s->nic), s->buffer, s->xmit_pos); - s->looptest = 0; - } else { - if (s->nic) { diff --git a/qemu-5.2.0.tar.xz b/qemu-5.2.0.tar.xz deleted file mode 100644 index 5ceeff7a..00000000 --- a/qemu-5.2.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cb18d889b628fbe637672b0326789d9b0e3b8027e0445b936537c78549df17bc -size 106902800 diff --git a/qemu-5.2.0.tar.xz.sig b/qemu-5.2.0.tar.xz.sig deleted file mode 100644 index 77e50a7a1fb1f0cec27fe29116230de01ac1adeed26e4820e77d6b5d777a8717..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SW*e79j-AtjXb3H0!IlEkB?$Q_0Tp2(^R-0$n>hBNS$NX z*~-#}uG{6suDC87i-bgR!plJ!1}2?*PAmS;IHUCsZw=XvyZ{#etDAG@&(X;f<9Oue I6doMR(}d!g0ssI2 diff --git a/qemu-6.0.0.tar.xz b/qemu-6.0.0.tar.xz new file mode 100644 index 00000000..a45a1ff2 --- /dev/null +++ b/qemu-6.0.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:307a7c86ceaa9ea3fb4c01b792bf8c06a41505adbd35a25dd6ae015d25eea1dc +size 110592924 diff --git a/qemu-6.0.0.tar.xz.sig b/qemu-6.0.0.tar.xz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..7c09263182297bbe29f832e8ebb10ce0d9e728371782e91317134987d77f37d0 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SW*e79j-AtjXb3H0!IlEkB?$Q_0Tp2(^R-0$_^>D2ewhk$VDnn8!W zB`O4Z+T9Bv_ct?gm-F$Nq=)|+JaOE#&7vAbp4u&0YqVrXe?D1d=0J4cPm@}T?IyrJ z8U74Mp{jwn@udxXEo6W<1SWq>A5iY5`vt z-qSzXzlcBnqPyD5R&8lz73*B^>hwLRSh3>uRbPnW)u}~U0kxK(O_hez^CXbDlzT76 IP@~25tLj{zTmS$7 literal 0 HcmV?d00001 diff --git a/qemu-binfmt-conf-Modify-default-path.patch b/qemu-binfmt-conf-Modify-default-path.patch index d6c799b2..792b6935 100644 --- a/qemu-binfmt-conf-Modify-default-path.patch +++ b/qemu-binfmt-conf-Modify-default-path.patch @@ -13,10 +13,10 @@ Signed-off-by: Andreas Färber 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh -index 9f1580a91c7d3ad64120fe8ee66d..246546b10ca5df38035e5ba46a09 100755 +index 573b5dc6acd7901b907ec8ffc065..820b0cecf80d0dd1fb564674b438 100755 --- a/scripts/qemu-binfmt-conf.sh +++ b/scripts/qemu-binfmt-conf.sh -@@ -323,7 +323,7 @@ BINFMT_SET=qemu_register_interpreter +@@ -332,7 +332,7 @@ BINFMT_SET=qemu_register_interpreter SYSTEMDDIR="/etc/binfmt.d" DEBIANDIR="/usr/share/binfmts" @@ -24,4 +24,4 @@ index 9f1580a91c7d3ad64120fe8ee66d..246546b10ca5df38035e5ba46a09 100755 +QEMU_PATH=/usr/bin CREDENTIAL=no PERSISTENT=no - QEMU_SUFFIX="" + PRESERVE_ARG0=no diff --git a/qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch b/qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch index 00d17eb9..f52f347d 100644 --- a/qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch +++ b/qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch @@ -12,11 +12,11 @@ Signed-off-by: Andreas Färber 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh -index 246546b10ca5df38035e5ba46a09..e0666a3afdc81f0f8277a53f3e1e 100755 +index 820b0cecf80d0dd1fb564674b438..fb504a44a1e8d07220b65ee534dd 100755 --- a/scripts/qemu-binfmt-conf.sh +++ b/scripts/qemu-binfmt-conf.sh -@@ -266,7 +266,7 @@ qemu_generate_register() { - flags="${flags}F" +@@ -275,7 +275,7 @@ qemu_generate_register() { + flags="${flags}P" fi - echo ":qemu-$cpu:M::$magic:$mask:$qemu:$flags" @@ -24,7 +24,7 @@ index 246546b10ca5df38035e5ba46a09..e0666a3afdc81f0f8277a53f3e1e 100755 } qemu_register_interpreter() { -@@ -305,9 +305,9 @@ qemu_set_binfmts() { +@@ -314,9 +314,9 @@ qemu_set_binfmts() { continue fi diff --git a/qemu-cvs-gettimeofday.patch b/qemu-cvs-gettimeofday.patch index 266bd082..f56bb2bf 100644 --- a/qemu-cvs-gettimeofday.patch +++ b/qemu-cvs-gettimeofday.patch @@ -11,10 +11,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 3 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 27adee908ebcf5151a2e0c9875bc..e0cfb6227803c30755841477b593 100644 +index 95d79ddc437a6741586071af532f..1e7f0206f4e4852c317f8ab0a7b6 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -9444,6 +9444,9 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, +@@ -9534,6 +9534,9 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, { struct timeval tv; struct timezone tz; diff --git a/qemu-cvs-ioctl_debug.patch b/qemu-cvs-ioctl_debug.patch index 187d990f..e4dfbcb7 100644 --- a/qemu-cvs-ioctl_debug.patch +++ b/qemu-cvs-ioctl_debug.patch @@ -13,10 +13,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index e0cfb6227803c30755841477b593..1526c70a6ef9899fa160bae96efc 100644 +index 1e7f0206f4e4852c317f8ab0a7b6..dcbd44dbb4202e311c9fe91aa427 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -5728,8 +5728,21 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) +@@ -5805,8 +5805,21 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) ie = ioctl_entries; for(;;) { if (ie->target_cmd == 0) { diff --git a/qemu-cvs-ioctl_nodirection.patch b/qemu-cvs-ioctl_nodirection.patch index ea2d87ba..fee05a42 100644 --- a/qemu-cvs-ioctl_nodirection.patch +++ b/qemu-cvs-ioctl_nodirection.patch @@ -16,10 +16,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 8 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 1526c70a6ef9899fa160bae96efc..2839a2c5e906dde840f040c5f235 100644 +index dcbd44dbb4202e311c9fe91aa427..9002e4d6187d4796773cfeb63723 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c -@@ -5773,6 +5773,13 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) +@@ -5850,6 +5850,13 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) arg_type++; target_size = thunk_type_size(arg_type, 0); switch(ie->access) { @@ -33,7 +33,7 @@ index 1526c70a6ef9899fa160bae96efc..2839a2c5e906dde840f040c5f235 100644 case IOC_R: ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp)); if (!is_error(ret)) { -@@ -5791,6 +5798,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) +@@ -5868,6 +5875,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg) unlock_user(argptr, arg, 0); ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp)); break; diff --git a/qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch b/qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch deleted file mode 100644 index d723bfa1..00000000 --- a/qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch +++ /dev/null @@ -1,83 +0,0 @@ -From: Eric Blake -Date: Tue, 9 Feb 2021 09:27:58 -0600 -Subject: qemu-nbd: Use SOMAXCONN for socket listen() backlog -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 582d4210eb2f2ab5baac328fe4b479cd86da1647 - -Our default of a backlog of 1 connection is rather puny; it gets in -the way when we are explicitly allowing multiple clients (such as -qemu-nbd -e N [--shared], or nbd-server-start with its default -"max-connections":0 for unlimited), but is even a problem when we -stick to qemu-nbd's default of only 1 active client but use -t -[--persistent] where a second client can start using the server once -the first finishes. While the effects are less noticeable on TCP -sockets (since the client can poll() to learn when the server is ready -again), it is definitely observable on Unix sockets, where on Linux, a -client will fail with EAGAIN and no recourse but to sleep an arbitrary -amount of time before retrying if the server backlog is already full. - -Since QMP nbd-server-start is always persistent, it now always -requests a backlog of SOMAXCONN; meanwhile, qemu-nbd will request -SOMAXCONN if persistent, otherwise its backlog should be based on the -expected number of clients. - -See https://bugzilla.redhat.com/1925045 for a demonstration of where -our low backlog prevents libnbd from connecting as many parallel -clients as it wants. - -Reported-by: Richard W.M. Jones -Signed-off-by: Eric Blake -CC: qemu-stable@nongnu.org -Message-Id: <20210209152759.209074-2-eblake@redhat.com> -Tested-by: Richard W.M. Jones -Reviewed-by: Daniel P. Berrangé -Signed-off-by: Eric Blake -Signed-off-by: Bruce Rogers ---- - blockdev-nbd.c | 7 ++++++- - qemu-nbd.c | 10 +++++++++- - 2 files changed, 15 insertions(+), 2 deletions(-) - -diff --git a/blockdev-nbd.c b/blockdev-nbd.c -index d8443d235b7338949a4e6e10dec5..b264620b98d8c024b147872ce089 100644 ---- a/blockdev-nbd.c -+++ b/blockdev-nbd.c -@@ -134,7 +134,12 @@ void nbd_server_start(SocketAddress *addr, const char *tls_creds, - qio_net_listener_set_name(nbd_server->listener, - "nbd-listener"); - -- if (qio_net_listener_open_sync(nbd_server->listener, addr, 1, errp) < 0) { -+ /* -+ * Because this server is persistent, a backlog of SOMAXCONN is -+ * better than trying to size it to max_connections. -+ */ -+ if (qio_net_listener_open_sync(nbd_server->listener, addr, SOMAXCONN, -+ errp) < 0) { - goto error; - } - -diff --git a/qemu-nbd.c b/qemu-nbd.c -index a7075c5419d710d773a5c5ed749f..39b517c948b4c45544e01fc3f070 100644 ---- a/qemu-nbd.c -+++ b/qemu-nbd.c -@@ -969,8 +969,16 @@ int main(int argc, char **argv) - - server = qio_net_listener_new(); - if (socket_activation == 0) { -+ int backlog; -+ -+ if (persistent) { -+ backlog = SOMAXCONN; -+ } else { -+ backlog = MIN(shared, SOMAXCONN); -+ } - saddr = nbd_build_socket_address(sockpath, bindto, port); -- if (qio_net_listener_open_sync(server, saddr, 1, &local_err) < 0) { -+ if (qio_net_listener_open_sync(server, saddr, backlog, -+ &local_err) < 0) { - object_unref(OBJECT(server)); - error_report_err(local_err); - exit(EXIT_FAILURE); diff --git a/qemu-storage-daemon-Enable-object-add.patch b/qemu-storage-daemon-Enable-object-add.patch deleted file mode 100644 index 835361ce..00000000 --- a/qemu-storage-daemon-Enable-object-add.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Kevin Wolf -Date: Thu, 4 Feb 2021 08:21:37 +0100 -Subject: qemu-storage-daemon: Enable object-add -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 15d40e9204eb3d89577187f117a1dde2237bdc4d - -As we don't have a fully QAPIfied version of object-add yet and it still -has 'gen': false in the schema, it needs to be registered explicitly in -init_qmp_commands() to be available for users. - -Fixes: 2af282ec51a27116d0402cab237b8970800f870c -Signed-off-by: Kevin Wolf -Message-Id: <20210204072137.19663-1-kwolf@redhat.com> -Reviewed-by: Daniel P. Berrangé -Signed-off-by: Kevin Wolf -Signed-off-by: Bruce Rogers ---- - storage-daemon/qemu-storage-daemon.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/storage-daemon/qemu-storage-daemon.c b/storage-daemon/qemu-storage-daemon.c -index 7c914b0dc1f851d6b6e72afd296c..65ccdb17c1a9fcb825dabaf38bb7 100644 ---- a/storage-daemon/qemu-storage-daemon.c -+++ b/storage-daemon/qemu-storage-daemon.c -@@ -144,6 +144,8 @@ static void init_qmp_commands(void) - qmp_init_marshal(&qmp_commands); - qmp_register_command(&qmp_commands, "query-qmp-schema", - qmp_query_qmp_schema, QCO_ALLOW_PRECONFIG); -+ qmp_register_command(&qmp_commands, "object-add", qmp_object_add, -+ QCO_NO_OPTIONS); - - QTAILQ_INIT(&qmp_cap_negotiation_commands); - qmp_register_command(&qmp_cap_negotiation_commands, "qmp_capabilities", diff --git a/qemu.changes b/qemu.changes index 2c0c3912..81adfd40 100644 --- a/qemu.changes +++ b/qemu.changes @@ -1,3 +1,137 @@ +------------------------------------------------------------------- +Fri Apr 30 16:37:51 UTC 2021 - José Ricardo Ziviani + +- Update to v6.0: see https://wiki.qemu.org/ChangeLog/6.0 + For a full list of formely deprecated features that are removed now, + consult: https://qemu-project.gitlab.io/qemu/system/removed-features.html. + For a list of new deprecated features, consult: + https://qemu-project.gitlab.io/qemu/system/deprecated.html + Some noteworthy changes: +* Removed tileGX CPU (linux-user mode). +* Removed ide-drive device (use ide-hd or ide-cd instead). +* Removed scsi-disk device (use scsi-hd or scsi-cd instead). +* Removed pc-1.0, pc-1.1, pc-1.2, and pc-1.3 machine types. +* Added emulation of Arm-v8.1M arch and Cortex-M55 CPU. +* Added boards mps3-an524 (Cortex-M33) and mps3-an547 (Cortex-M55). +* x86: Support for running SEV-ES encrypted guests; TCG can emulate + the PKS feature; WHPX accelerator supports accelerated APIC. +* ARM: ARMv8.4-TTST, ARMv8.4-SEL2, FEAT_SSBS, and ARMv8.4-DIT emulation + are now supported; Added ARMv8.5-MemTag extension is now supported formely + linux-user. Additional device emulation support for xlnx-zynqmp, xlnx-versal, + sbsa-ref, npcm7xx, and sabrelite board models. +* PowerPC: powernv now allows external BMC; pseries can send QAPI message + if it detects a memory hotplug failure; CPU unplug request can be retried. +* s390: TCG works with Linux kernels built with clang-11 and clang12. +* RISC-V: OpenSBI upgraded to v0.9; Support the QMP dump-guest-memory + command; Add support for the SiFive SPI controller (sifive_u); Add QSPI + NOR flash to Microchip PFSoC. +* Misc doc improvements. +* Multiprocess: Add experimental options to support out-of-process device + emulation. +* ACPI: support for assigning NICs to known names in guest OS independently of + PCI slot placement. +* NVMe: new emulation support for v1.4 spec with many new features, experimental + support for Zoned Namespaces, multipath I/O, and End-to-End Data Protection. +* Xen: New guest loader for testing of Xen-like hypervisors booting kernels. +* virtiofs: misc. security fixes and performance improvements. +* Tools: FUSE block exports to allow mounting any QEMU block device node + as a host file. +* Migration: query/info-migrate now display the migration blocker status and + the reasons for blocking. +* User-mode: Added support for the Qualcomm Hexagon processor. +* TCG: Added support for Apple Silicon hosts (macOS). +* QMP: backup jobs now support multiple asynchronous requests in parallel +* VNC: virtio-vga support for scaling resolution based on client window size +* Patches added: + doc-add-our-support-doc-to-the-main-proj.patch +* Patches removed: + 9pfs-Fully-restart-unreclaim-loop-CVE-20.patch + audio-add-sanity-check.patch + block-Fix-deadlock-in-bdrv_co_yield_to_d.patch + block-Fix-locking-in-qmp_block_resize.patch + blockjob-Fix-crash-with-IOthread-when-bl.patch + block-nfs-fix-int-overflow-in-nfs_client.patch + block-rbd-fix-memory-leak-in-qemu_rbd_co.patch + block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch + block-Separate-blk_is_writable-and-blk_s.patch + block-Simplify-qmp_block_resize-error-pa.patch + brotli-fix-actual-variable-array-paramet.patch + build-no-pie-is-no-functional-linker-fla.patch + cadence_gem-switch-to-use-qemu_receive_p.patch + cpu-core-Fix-help-of-CPU-core-device-typ.patch + docs-add-SUSE-support-statements-to-html.patch + dp8393x-switch-to-use-qemu_receive_packe.patch + e1000-fail-early-for-evil-descriptor.patch + e1000-switch-to-use-qemu_receive_packet-.patch + hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch + hw-arm-virt-Disable-pl011-clock-migratio.patch + hw-block-fdc-Fix-fallback-property-on-sy.patch + hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch + hw-isa-Kconfig-Add-missing-dependency-VI.patch + hw-isa-piix4-Migrate-Reset-Control-Regis.patch + hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch + hw-s390x-fix-build-for-virtio-9p-ccw.patch + hw-sd-sd-Actually-perform-the-erase-oper.patch + hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch + hw-sd-sdhci-Correctly-set-the-controller.patch + hw-sd-sdhci-Don-t-transfer-any-data-when.patch + hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch + hw-sd-sdhci-Limit-block-size-only-when-S.patch + hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch + hw-sd-sd-Move-the-sd_block_-read-write-a.patch + hw-sd-sd-Skip-write-protect-groups-check.patch + hw-timer-slavio_timer-Allow-64-bit-acces.patch + hw-virtio-pci-Added-AER-capability.patch + hw-virtio-pci-Added-counter-for-pcie-cap.patch + i386-acpi-restore-device-paths-for-pre-5.patch + iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch + lan9118-switch-to-use-qemu_receive_packe.patch + lsilogic-Use-PCIDevice-exit-instead-of-D.patch + Make-keycode-gen-output-reproducible-use.patch + memory-clamp-cached-translation-in-case-.patch + monitor-Fix-assertion-failure-on-shutdow.patch + mptsas-Remove-unused-MPTSASState-pending.patch + msf2-mac-switch-to-use-qemu_receive_pack.patch + net-Fix-handling-of-id-in-netdev_add-and.patch + net-introduce-qemu_receive_packet.patch + pcnet-switch-to-use-qemu_receive_packet-.patch + qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch + qemu-storage-daemon-Enable-object-add.patch + rtl8139-switch-to-use-qemu_receive_packe.patch + s390x-add-have_virtio_ccw.patch + s390x-css-report-errors-from-ccw_dstream.patch + s390x-Fix-stringop-truncation-issue-repo.patch + s390x-modularize-virtio-gpu-ccw.patch + s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch + s390x-pci-restore-missing-Query-PCI-Func.patch + spice-app-avoid-crash-when-core-spice-mo.patch + sungem-switch-to-use-qemu_receive_packet.patch + target-arm-Don-t-decode-insns-in-the-XSc.patch + target-arm-Fix-MTE0_ACTIVE.patch + target-arm-Introduce-PREDDESC-field-defi.patch + target-arm-Update-PFIRST-PNEXT-for-pred_.patch + target-arm-Update-REV-PUNPK-for-pred_des.patch + target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch + target-xtensa-fix-meson.build-rule-for-x.patch + tcg-Use-memset-for-large-vector-byte-rep.patch + tools-virtiofsd-Replace-the-word-whiteli.patch + tx_pkt-switch-to-use-qemu_receive_packet.patch + ui-vnc-Add-missing-lock-for-send_color_m.patch + update-linux-headers-Include-const.h.patch + Update-linux-headers-to-5.11-rc2.patch + util-fix-use-after-free-in-module_load_o.patch + vfio-ccw-Connect-the-device-request-noti.patch + vhost-user-blk-fix-blkcfg-num_queues-end.patch + viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch + virtiofsd-extract-lo_do_open-from-lo_ope.patch + virtiofsd-optionally-return-inode-pointe.patch + virtiofsd-prevent-opening-of-special-fil.patch + virtiofs-drop-remapped-security.capabili.patch + virtiofsd-Save-error-code-early-at-the-f.patch + virtio-move-use-disabled-flag-property-t.patch + virtio-pci-compat-page-aligned-ATS.patch + xen-block-Fix-removal-of-backend-instanc.patch + ------------------------------------------------------------------- Mon Apr 19 15:40:22 UTC 2021 - Bruce Rogers diff --git a/qemu.spec b/qemu.spec index e0aaea1e..835674f0 100644 --- a/qemu.spec +++ b/qemu.spec @@ -93,8 +93,8 @@ %bcond_with system_membarrier -%define qemuver 5.2.0 -%define srcver 5.2.0 +%define qemuver 6.0.0 +%define srcver 6.0.0 %define sbver 1.14.0_0_g155821a %define srcname qemu Name: qemu%{name_suffix} @@ -132,134 +132,51 @@ Source303: README.PACKAGING # This patch queue is auto-generated - see README.PACKAGING for process # Patches applied in base project: -Patch00000: ui-vnc-Add-missing-lock-for-send_color_m.patch -Patch00001: block-Simplify-qmp_block_resize-error-pa.patch -Patch00002: block-Fix-locking-in-qmp_block_resize.patch -Patch00003: block-Fix-deadlock-in-bdrv_co_yield_to_d.patch -Patch00004: audio-add-sanity-check.patch -Patch00005: memory-clamp-cached-translation-in-case-.patch -Patch00006: build-no-pie-is-no-functional-linker-fla.patch -Patch00007: block-nfs-fix-int-overflow-in-nfs_client.patch -Patch00008: iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch -Patch00009: tcg-Use-memset-for-large-vector-byte-rep.patch -Patch00010: hw-timer-slavio_timer-Allow-64-bit-acces.patch -Patch00011: target-arm-Fix-MTE0_ACTIVE.patch -Patch00012: target-arm-Don-t-decode-insns-in-the-XSc.patch -Patch00013: hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch -Patch00014: 9pfs-Fully-restart-unreclaim-loop-CVE-20.patch -Patch00015: target-arm-Introduce-PREDDESC-field-defi.patch -Patch00016: target-arm-Update-PFIRST-PNEXT-for-pred_.patch -Patch00017: target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch -Patch00018: target-arm-Update-REV-PUNPK-for-pred_des.patch -Patch00019: update-linux-headers-Include-const.h.patch -Patch00020: Update-linux-headers-to-5.11-rc2.patch -Patch00021: vfio-ccw-Connect-the-device-request-noti.patch -Patch00022: net-Fix-handling-of-id-in-netdev_add-and.patch -Patch00023: block-Separate-blk_is_writable-and-blk_s.patch -Patch00024: hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch -Patch00025: virtiofsd-extract-lo_do_open-from-lo_ope.patch -Patch00026: virtiofsd-optionally-return-inode-pointe.patch -Patch00027: virtiofsd-prevent-opening-of-special-fil.patch -Patch00028: virtio-move-use-disabled-flag-property-t.patch -Patch00029: qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch -Patch00030: qemu-storage-daemon-Enable-object-add.patch -Patch00031: blockjob-Fix-crash-with-IOthread-when-bl.patch -Patch00032: monitor-Fix-assertion-failure-on-shutdow.patch -Patch00033: tools-virtiofsd-Replace-the-word-whiteli.patch -Patch00034: virtiofsd-Save-error-code-early-at-the-f.patch -Patch00035: viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch -Patch00036: spice-app-avoid-crash-when-core-spice-mo.patch -Patch00037: i386-acpi-restore-device-paths-for-pre-5.patch -Patch00038: virtiofs-drop-remapped-security.capabili.patch -Patch00039: hw-s390x-fix-build-for-virtio-9p-ccw.patch -Patch00040: s390x-pci-restore-missing-Query-PCI-Func.patch -Patch00041: lsilogic-Use-PCIDevice-exit-instead-of-D.patch -Patch00042: vhost-user-blk-fix-blkcfg-num_queues-end.patch -Patch00043: e1000-fail-early-for-evil-descriptor.patch -Patch00044: net-introduce-qemu_receive_packet.patch -Patch00045: e1000-switch-to-use-qemu_receive_packet-.patch -Patch00046: dp8393x-switch-to-use-qemu_receive_packe.patch -Patch00047: msf2-mac-switch-to-use-qemu_receive_pack.patch -Patch00048: sungem-switch-to-use-qemu_receive_packet.patch -Patch00049: tx_pkt-switch-to-use-qemu_receive_packet.patch -Patch00050: rtl8139-switch-to-use-qemu_receive_packe.patch -Patch00051: pcnet-switch-to-use-qemu_receive_packet-.patch -Patch00052: cadence_gem-switch-to-use-qemu_receive_p.patch -Patch00053: lan9118-switch-to-use-qemu_receive_packe.patch -Patch00054: hw-sd-sd-Move-the-sd_block_-read-write-a.patch -Patch00055: hw-sd-sd-Skip-write-protect-groups-check.patch -Patch00056: hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch -Patch00057: hw-sd-sd-Actually-perform-the-erase-oper.patch -Patch00058: hw-sd-sdhci-Don-t-transfer-any-data-when.patch -Patch00059: hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch -Patch00060: hw-sd-sdhci-Correctly-set-the-controller.patch -Patch00061: hw-sd-sdhci-Limit-block-size-only-when-S.patch -Patch00062: hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch -Patch00063: xen-block-Fix-removal-of-backend-instanc.patch -Patch00064: hw-arm-virt-Disable-pl011-clock-migratio.patch -Patch00065: s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch -Patch00066: s390x-add-have_virtio_ccw.patch -Patch00067: s390x-modularize-virtio-gpu-ccw.patch -Patch00068: util-fix-use-after-free-in-module_load_o.patch -Patch00069: target-xtensa-fix-meson.build-rule-for-x.patch -Patch00070: hw-virtio-pci-Added-counter-for-pcie-cap.patch -Patch00071: hw-virtio-pci-Added-AER-capability.patch -Patch00072: virtio-pci-compat-page-aligned-ATS.patch -Patch00073: s390x-css-report-errors-from-ccw_dstream.patch -Patch00074: block-rbd-fix-memory-leak-in-qemu_rbd_co.patch -Patch00075: block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch -Patch00076: hw-block-fdc-Fix-fallback-property-on-sy.patch -Patch00077: cpu-core-Fix-help-of-CPU-core-device-typ.patch -Patch00078: hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch -Patch00079: hw-isa-Kconfig-Add-missing-dependency-VI.patch -Patch00080: hw-isa-piix4-Migrate-Reset-Control-Regis.patch -Patch00081: mptsas-Remove-unused-MPTSASState-pending.patch -Patch00082: net-vmxnet3-validate-configuration-value.patch -Patch00083: XXX-dont-dump-core-on-sigabort.patch -Patch00084: qemu-binfmt-conf-Modify-default-path.patch -Patch00085: qemu-cvs-gettimeofday.patch -Patch00086: qemu-cvs-ioctl_debug.patch -Patch00087: qemu-cvs-ioctl_nodirection.patch -Patch00088: linux-user-add-binfmt-wrapper-for-argv-0.patch -Patch00089: PPC-KVM-Disable-mmu-notifier-check.patch -Patch00090: linux-user-binfmt-support-host-binaries.patch -Patch00091: linux-user-Fake-proc-cpuinfo.patch -Patch00092: linux-user-use-target_ulong.patch -Patch00093: Make-char-muxer-more-robust-wrt-small-FI.patch -Patch00094: linux-user-lseek-explicitly-cast-non-set.patch -Patch00095: AIO-Reduce-number-of-threads-for-32bit-h.patch -Patch00096: xen_disk-Add-suse-specific-flush-disable.patch -Patch00097: qemu-bridge-helper-reduce-security-profi.patch -Patch00098: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch -Patch00099: roms-Makefile-pass-a-packaging-timestamp.patch -Patch00100: Raise-soft-address-space-limit-to-hard-l.patch -Patch00101: increase-x86_64-physical-bits-to-42.patch -Patch00102: i8254-Fix-migration-from-SLE11-SP2.patch -Patch00103: acpi_piix4-Fix-migration-from-SLE11-SP2.patch -Patch00104: Make-installed-scripts-explicitly-python.patch -Patch00105: hw-smbios-handle-both-file-formats-regar.patch -Patch00106: xen-add-block-resize-support-for-xen-dis.patch -Patch00107: tests-qemu-iotests-Triple-timeout-of-i-o.patch -Patch00108: tests-Fix-block-tests-to-be-compatible-w.patch -Patch00109: xen-ignore-live-parameter-from-xen-save-.patch -Patch00110: tests-change-error-message-in-test-162.patch -Patch00111: hw-intc-exynos4210_gic-provide-more-room.patch -Patch00112: configure-only-populate-roms-if-softmmu.patch -Patch00113: pc-bios-s390-ccw-net-avoid-warning-about.patch -Patch00114: roms-change-cross-compiler-naming-to-be-.patch -Patch00115: test-add-mapping-from-arch-of-i686-to-qe.patch -Patch00116: configure-remove-pkgversion-from-CONFIG_.patch -Patch00117: docs-add-SUSE-support-statements-to-html.patch -Patch00118: s390x-Fix-stringop-truncation-issue-repo.patch -Patch00119: Revert-qht-constify-qht_statistics_init.patch -Patch00120: qht-Revert-some-constification-in-qht.c.patch -Patch00121: meson-install-ivshmem-client-and-ivshmem.patch -Patch00122: Revert-roms-efirom-tests-uefi-test-tools.patch -Patch00123: Makefile-Don-t-check-pc-bios-as-pre-requ.patch -Patch00124: roms-Makefile-add-cross-file-to-qboot-me.patch -Patch00125: usb-Help-compiler-out-to-avoid-a-warning.patch -Patch00126: module-for-virtio-gpu-pre-load-module-to.patch -Patch00127: qom-handle-case-of-chardev-spice-module-.patch +Patch00000: net-vmxnet3-validate-configuration-value.patch +Patch00001: XXX-dont-dump-core-on-sigabort.patch +Patch00002: qemu-binfmt-conf-Modify-default-path.patch +Patch00003: qemu-cvs-gettimeofday.patch +Patch00004: qemu-cvs-ioctl_debug.patch +Patch00005: qemu-cvs-ioctl_nodirection.patch +Patch00006: linux-user-add-binfmt-wrapper-for-argv-0.patch +Patch00007: PPC-KVM-Disable-mmu-notifier-check.patch +Patch00008: linux-user-binfmt-support-host-binaries.patch +Patch00009: linux-user-Fake-proc-cpuinfo.patch +Patch00010: linux-user-use-target_ulong.patch +Patch00011: Make-char-muxer-more-robust-wrt-small-FI.patch +Patch00012: linux-user-lseek-explicitly-cast-non-set.patch +Patch00013: AIO-Reduce-number-of-threads-for-32bit-h.patch +Patch00014: xen_disk-Add-suse-specific-flush-disable.patch +Patch00015: qemu-bridge-helper-reduce-security-profi.patch +Patch00016: qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch +Patch00017: roms-Makefile-pass-a-packaging-timestamp.patch +Patch00018: Raise-soft-address-space-limit-to-hard-l.patch +Patch00019: increase-x86_64-physical-bits-to-42.patch +Patch00020: i8254-Fix-migration-from-SLE11-SP2.patch +Patch00021: acpi_piix4-Fix-migration-from-SLE11-SP2.patch +Patch00022: Make-installed-scripts-explicitly-python.patch +Patch00023: hw-smbios-handle-both-file-formats-regar.patch +Patch00024: xen-add-block-resize-support-for-xen-dis.patch +Patch00025: tests-qemu-iotests-Triple-timeout-of-i-o.patch +Patch00026: tests-Fix-block-tests-to-be-compatible-w.patch +Patch00027: xen-ignore-live-parameter-from-xen-save-.patch +Patch00028: tests-change-error-message-in-test-162.patch +Patch00029: hw-intc-exynos4210_gic-provide-more-room.patch +Patch00030: configure-only-populate-roms-if-softmmu.patch +Patch00031: pc-bios-s390-ccw-net-avoid-warning-about.patch +Patch00032: roms-change-cross-compiler-naming-to-be-.patch +Patch00033: test-add-mapping-from-arch-of-i686-to-qe.patch +Patch00034: configure-remove-pkgversion-from-CONFIG_.patch +Patch00035: Revert-qht-constify-qht_statistics_init.patch +Patch00036: qht-Revert-some-constification-in-qht.c.patch +Patch00037: meson-install-ivshmem-client-and-ivshmem.patch +Patch00038: Revert-roms-efirom-tests-uefi-test-tools.patch +Patch00039: Makefile-Don-t-check-pc-bios-as-pre-requ.patch +Patch00040: roms-Makefile-add-cross-file-to-qboot-me.patch +Patch00041: usb-Help-compiler-out-to-avoid-a-warning.patch +Patch00042: module-for-virtio-gpu-pre-load-module-to.patch +Patch00043: qom-handle-case-of-chardev-spice-module-.patch +Patch00044: doc-add-our-support-doc-to-the-main-proj.patch # Patches applied in roms/seabios/: Patch01000: seabios-use-python2-explicitly-as-needed.patch Patch01001: seabios-switch-to-python3-as-needed.patch @@ -273,12 +190,8 @@ Patch02003: help-compiler-out-by-initializing-array.patch # Patches applied in roms/sgabios/: Patch03000: sgabios-Makefile-fix-issues-of-build-rep.patch Patch03001: roms-sgabios-Fix-csum8-to-be-built-by-ho.patch -# Patches applied in ui/keycodemapdb/: -Patch08000: Make-keycode-gen-output-reproducible-use.patch # Patches applied in roms/qboot/: Patch11000: qboot-add-cross.ini-file-to-handle-aarch.patch -# Patches applied in roms/edk2/BaseTools/Source/C/BrotliCompress/brotli/: -Patch27000: brotli-fix-actual-variable-array-paramet.patch # Please do not add patches manually here. @@ -328,7 +241,7 @@ BuildRequires: cross-x86_64-binutils BuildRequires: cross-x86_64-gcc%gcc_version %endif %endif -BuildRequires: pkgconfig(libcurl) +BuildRequires: pkgconfig(libcurl) >= 7.29 BuildRequires: pkgconfig(libsasl2) %if %{build_x86_firmware_from_source} BuildRequires: dos2unix @@ -1128,100 +1041,17 @@ This package records qemu testsuite results and represents successful testing. %patch00037 -p1 %patch00038 -p1 %patch00039 -p1 -%patch00040 -p1 -%patch00041 -p1 -%patch00042 -p1 -%patch00043 -p1 -%patch00044 -p1 -%patch00045 -p1 -%patch00046 -p1 -%patch00047 -p1 -%patch00048 -p1 -%patch00049 -p1 -%patch00050 -p1 -%patch00051 -p1 -%patch00052 -p1 -%patch00053 -p1 -%patch00054 -p1 -%patch00055 -p1 -%patch00056 -p1 -%patch00057 -p1 -%patch00058 -p1 -%patch00059 -p1 -%patch00060 -p1 -%patch00061 -p1 -%patch00062 -p1 -%patch00063 -p1 -%patch00064 -p1 -%patch00065 -p1 -%patch00066 -p1 -%patch00067 -p1 -%patch00068 -p1 -%patch00069 -p1 -%patch00070 -p1 -%patch00071 -p1 -%patch00072 -p1 -%patch00073 -p1 -%patch00074 -p1 -%patch00075 -p1 -%patch00076 -p1 -%patch00077 -p1 -%patch00078 -p1 -%patch00079 -p1 -%patch00080 -p1 -%patch00081 -p1 -%patch00082 -p1 -%patch00083 -p1 -%patch00084 -p1 -%patch00085 -p1 -%patch00086 -p1 -%patch00087 -p1 -%patch00088 -p1 -%patch00089 -p1 -%patch00090 -p1 -%patch00091 -p1 -%patch00092 -p1 -%patch00093 -p1 -%patch00094 -p1 -%patch00095 -p1 -%patch00096 -p1 -%patch00097 -p1 -%patch00098 -p1 -%patch00099 -p1 -%patch00100 -p1 -%patch00101 -p1 -%patch00102 -p1 -%patch00103 -p1 -%patch00104 -p1 -%patch00105 -p1 -%patch00106 -p1 -%patch00107 -p1 -%patch00108 -p1 -%patch00109 -p1 -%patch00110 -p1 -%patch00111 -p1 -%patch00112 -p1 -%patch00113 -p1 -%patch00114 -p1 -%patch00115 -p1 -%patch00116 -p1 -%if %{legacy_qemu_kvm} -%patch00117 -p1 -%endif -%patch00118 -p1 -%patch00119 -p1 -%patch00120 -p1 -%patch00121 -p1 -%patch00122 -p1 -%patch00123 -p1 %ifarch aarch64 -%patch00124 -p1 +%patch00040 -p1 %endif %ifarch %arm %ix86 ppc -%patch00125 -p1 +%patch00041 -p1 +%endif +%patch00042 -p1 +%patch00043 -p1 +%if %{legacy_qemu_kvm} +%patch00044 -p1 %endif -%patch00126 -p1 -%patch00127 -p1 %patch01000 -p1 %patch01001 -p1 %patch01002 -p1 @@ -1234,9 +1064,7 @@ This package records qemu testsuite results and represents successful testing. %patch02003 -p1 %patch03000 -p1 %patch03001 -p1 -%patch08000 -p1 %patch11000 -p1 -%patch27000 -p1 %if "%{name}" != "qemu-linux-user" # for the record, this set of firmware files is installed, but we don't @@ -1338,6 +1166,14 @@ efi-vmxnet3.rom} %define _lto_cflags %{nil} %endif +%if %{legacy_qemu_kvm} +%ifarch s390x +cp %{SOURCE13} docs/supported.rst +%else +cp %{SOURCE13} docs/supported.rst +%endif +%endif + %define srcdir %{_builddir}/%buildsubdir %define blddir %srcdir/build mkdir -p %blddir @@ -1353,9 +1189,13 @@ cd %blddir --firmwarepath=%_datadir/%name \ --python=%_bindir/python3 \ --extra-cflags="%{optflags}" \ + --with-git-submodules=ignore \ --disable-fuzzing \ + --disable-multiprocess \ --disable-stack-protector \ --disable-strip \ + --disable-tcg-interpreter \ + --with-git-submodules=ignore \ %if "%{name}" != "qemu-linux-user" --with-pkgversion="%(echo '%{distro}' | sed 's/ (.*)//')" \ --with-default-devices \ @@ -1381,6 +1221,7 @@ cd %blddir --enable-curses \ --enable-dmg \ --enable-fdt \ + --enable-gio \ --enable-gcrypt \ --enable-glusterfs \ --enable-gnutls \ @@ -1503,6 +1344,7 @@ cd %blddir --enable-coroutine-pool \ --disable-dmg \ --disable-fdt \ + --disable-gio \ --disable-iconv \ --disable-kvm \ --disable-libdaxctl \ @@ -1780,6 +1622,7 @@ ln -s qemu-binfmt %{buildroot}%_bindir/qemu-alpha-binfmt ln -s qemu-binfmt %{buildroot}%_bindir/qemu-arm-binfmt ln -s qemu-binfmt %{buildroot}%_bindir/qemu-armeb-binfmt ln -s qemu-binfmt %{buildroot}%_bindir/qemu-cris-binfmt +ln -s qemu-binfmt %{buildroot}%_bindir/qemu-hexagon-binfmt ln -s qemu-binfmt %{buildroot}%_bindir/qemu-hppa-binfmt ln -s qemu-binfmt %{buildroot}%_bindir/qemu-i386-binfmt ln -s qemu-binfmt %{buildroot}%_bindir/qemu-m68k-binfmt @@ -2001,52 +1844,91 @@ fi %_datadir/%name/trace-events-all %dir %_datadir/%name/vhost-user %_datadir/%name/vhost-user/50-qemu-virtiofsd.json +%dir %_docdir/%name/_static +%dir %_docdir/%name/devel %dir %_docdir/%name/interop -%dir %_docdir/%name/interop/_static %dir %_docdir/%name/specs -%dir %_docdir/%name/specs/_static %dir %_docdir/%name/system -%dir %_docdir/%name/system/_static %dir %_docdir/%name/system/arm %dir %_docdir/%name/system/i386 +%dir %_docdir/%name/system/ppc +%dir %_docdir/%name/system/riscv %dir %_docdir/%name/system/s390x %dir %_docdir/%name/tools -%dir %_docdir/%name/tools/_static %dir %_docdir/%name/user -%dir %_docdir/%name/user/_static +%_docdir/%name/.buildinfo +%_docdir/%name/_static/alabaster.css +%_docdir/%name/_static/basic.css +%_docdir/%name/_static/custom.css +%_docdir/%name/_static/doctools.js +%_docdir/%name/_static/documentation_options.js +%_docdir/%name/_static/file.png +%_docdir/%name/_static/jquery-3.5.1.js +%_docdir/%name/_static/jquery.js +%_docdir/%name/_static/language_data.js +%_docdir/%name/_static/minus.png +%_docdir/%name/_static/plus.png +%_docdir/%name/_static/pygments.css +%_docdir/%name/_static/searchtools.js +%_docdir/%name/_static/underscore-* +%_docdir/%name/_static/underscore.js +%_docdir/%name/devel/atomics.html +%_docdir/%name/devel/bitops.html +%_docdir/%name/devel/block-coroutine-wrapper.html +%_docdir/%name/devel/build-system.html +%_docdir/%name/devel/clocks.html +%_docdir/%name/devel/code-of-conduct.html +%_docdir/%name/devel/conflict-resolution.html +%_docdir/%name/devel/control-flow-integrity.html +%_docdir/%name/devel/decodetree.html +%_docdir/%name/devel/fuzzing.html +%_docdir/%name/devel/index.html +%_docdir/%name/devel/kconfig.html +%_docdir/%name/devel/loads-stores.html +%_docdir/%name/devel/memory.html +%_docdir/%name/devel/multi-process.html +%_docdir/%name/devel/migration.html +%_docdir/%name/devel/multi-thread-tcg.html +%_docdir/%name/devel/qom.html +%_docdir/%name/devel/qgraph.html +%_docdir/%name/devel/qtest.html +%_docdir/%name/devel/reset.html +%_docdir/%name/devel/s390-dasd-ipl.html +%_docdir/%name/devel/secure-coding-practices.html +%_docdir/%name/devel/stable-process.html +%_docdir/%name/devel/style.html +%_docdir/%name/devel/tcg-icount.html +%_docdir/%name/devel/tcg-plugins.html +%_docdir/%name/devel/tcg.html +%_docdir/%name/devel/testing.html +%_docdir/%name/devel/tracing.html +%_docdir/%name/genindex.html %_docdir/%name/index.html -%_docdir/%name/interop/.buildinfo -%_docdir/%name/interop/_static/* %_docdir/%name/interop/bitmaps.html %_docdir/%name/interop/dbus.html %_docdir/%name/interop/dbus-vmstate.html -%_docdir/%name/interop/genindex.html %_docdir/%name/interop/index.html %_docdir/%name/interop/live-block-operations.html -%_docdir/%name/interop/objects.inv %_docdir/%name/interop/pr-helper.html %_docdir/%name/interop/qemu-ga-ref.html %_docdir/%name/interop/qemu-qmp-ref.html -%_docdir/%name/interop/search.html -%_docdir/%name/interop/searchindex.js +%_docdir/%name/interop/qemu-storage-daemon-qmp-ref.html %_docdir/%name/interop/vhost-user.html %_docdir/%name/interop/vhost-user-gpu.html %_docdir/%name/interop/vhost-vdpa.html -%_docdir/%name/specs/.buildinfo -%_docdir/%name/specs/_static/* +%_docdir/%name/objects.inv +%_docdir/%name/search.html +%_docdir/%name/searchindex.js %_docdir/%name/specs/acpi_hest_ghes.html %_docdir/%name/specs/acpi_hw_reduced_hotplug.html -%_docdir/%name/specs/genindex.html %_docdir/%name/specs/index.html -%_docdir/%name/specs/objects.inv %_docdir/%name/specs/ppc-spapr-numa.html %_docdir/%name/specs/ppc-spapr-xive.html %_docdir/%name/specs/ppc-xive.html -%_docdir/%name/specs/search.html -%_docdir/%name/specs/searchindex.js %_docdir/%name/specs/tpm.html -%_docdir/%name/system/.buildinfo -%_docdir/%name/system/_static/* +%if %{legacy_qemu_kvm} +%_docdir/%name/supported.html +%endif %_docdir/%name/system/arm/aspeed.html %_docdir/%name/system/arm/collie.html %_docdir/%name/system/arm/cpu-features.html @@ -2062,6 +1944,7 @@ fi %_docdir/%name/system/arm/palm.html %_docdir/%name/system/arm/raspi.html %_docdir/%name/system/arm/realview.html +%_docdir/%name/system/arm/sabrelite.html %_docdir/%name/system/arm/sbsa.html %_docdir/%name/system/arm/stellaris.html %_docdir/%name/system/arm/sx1.html @@ -2074,7 +1957,8 @@ fi %_docdir/%name/system/cpu-hotplug.html %_docdir/%name/system/deprecated.html %_docdir/%name/system/gdb.html -%_docdir/%name/system/genindex.html +%_docdir/%name/system/generic-loader.html +%_docdir/%name/system/guest-loader.html %_docdir/%name/system/i386/microvm.html %_docdir/%name/system/i386/pc.html %_docdir/%name/system/images.html @@ -2086,22 +1970,29 @@ fi %_docdir/%name/system/linuxboot.html %_docdir/%name/system/managed-startup.html %_docdir/%name/system/monitor.html +%_docdir/%name/system/multi-process.html %_docdir/%name/system/mux-chardev.html %_docdir/%name/system/net.html -%_docdir/%name/system/objects.inv +%_docdir/%name/system/nvme.html +%_docdir/%name/system/ppc/embedded.html +%_docdir/%name/system/ppc/powermac.html +%_docdir/%name/system/ppc/powernv.html +%_docdir/%name/system/ppc/prep.html +%_docdir/%name/system/ppc/pseries.html %_docdir/%name/system/pr-manager.html %_docdir/%name/system/qemu-block-drivers.html %_docdir/%name/system/qemu-cpu-models.html %_docdir/%name/system/qemu-manpage.html %_docdir/%name/system/quickstart.html +%_docdir/%name/system/removed-features.html +%_docdir/%name/system/riscv/microchip-icicle-kit.html +%_docdir/%name/system/riscv/sifive_u.html %_docdir/%name/system/s390x/3270.html %_docdir/%name/system/s390x/bootdevices.html %_docdir/%name/system/s390x/css.html %_docdir/%name/system/s390x/protvirt.html %_docdir/%name/system/s390x/vfio-ap.html %_docdir/%name/system/s390x/vfio-ccw.html -%_docdir/%name/system/search.html -%_docdir/%name/system/searchindex.js %_docdir/%name/system/security.html %_docdir/%name/system/target-arm.html %_docdir/%name/system/target-avr.html @@ -2109,6 +2000,7 @@ fi %_docdir/%name/system/target-m68k.html %_docdir/%name/system/target-mips.html %_docdir/%name/system/target-ppc.html +%_docdir/%name/system/target-riscv.html %_docdir/%name/system/target-rx.html %_docdir/%name/system/target-s390x.html %_docdir/%name/system/target-sparc64.html @@ -2120,36 +2012,27 @@ fi %_docdir/%name/system/virtio-net-failover.html %_docdir/%name/system/virtio-pmem.html %_docdir/%name/system/vnc-security.html -%_docdir/%name/tools/.buildinfo -%_docdir/%name/tools/_static/* -%_docdir/%name/tools/genindex.html %_docdir/%name/tools/index.html -%_docdir/%name/tools/objects.inv %_docdir/%name/tools/qemu-img.html %_docdir/%name/tools/qemu-nbd.html %_docdir/%name/tools/qemu-pr-helper.html %_docdir/%name/tools/qemu-trace-stap.html -%_docdir/%name/tools/search.html -%_docdir/%name/tools/searchindex.js +%_docdir/%name/tools/qemu-storage-daemon.html %_docdir/%name/tools/virtfs-proxy-helper.html %_docdir/%name/tools/virtiofsd.html -%_docdir/%name/user/.buildinfo -%_docdir/%name/user/_static/* -%_docdir/%name/user/genindex.html %_docdir/%name/user/index.html %_docdir/%name/user/main.html -%_docdir/%name/user/objects.inv -%_docdir/%name/user/search.html -%_docdir/%name/user/searchindex.js %dir %_libexecdir/supportconfig %dir %_libexecdir/supportconfig/plugins %_libexecdir/supportconfig/plugins/%name %_mandir/man1/%name.1.gz +%_mandir/man1/qemu-storage-daemon.1.gz %_mandir/man1/virtiofsd.1.gz %_mandir/man7/qemu-block-drivers.7.gz %_mandir/man7/qemu-cpu-models.7.gz %_mandir/man7/qemu-qmp-ref.7.gz %_mandir/man7/qemu-ga-ref.7.gz +%_mandir/man7/qemu-storage-daemon-qmp-ref.7.gz %dir %_sysconfdir/%name %dir %_sysconfdir/%name/firmware %if %{kvm_available} @@ -2531,6 +2414,7 @@ fi %_bindir/qemu-arm %_bindir/qemu-armeb %_bindir/qemu-cris +%_bindir/qemu-hexagon %_bindir/qemu-hppa %_bindir/qemu-i386 %_bindir/qemu-m68k diff --git a/qemu.spec.in b/qemu.spec.in index b65793d5..4ceab249 100644 --- a/qemu.spec.in +++ b/qemu.spec.in @@ -178,7 +178,7 @@ BuildRequires: cross-x86_64-binutils BuildRequires: cross-x86_64-gcc%gcc_version %endif %endif -BuildRequires: pkgconfig(libcurl) +BuildRequires: pkgconfig(libcurl) >= 7.29 BuildRequires: pkgconfig(libsasl2) %if %{build_x86_firmware_from_source} BuildRequires: dos2unix @@ -1040,6 +1040,14 @@ efi-vmxnet3.rom} %define _lto_cflags %{nil} %endif +%if %{legacy_qemu_kvm} +%ifarch s390x +cp %{SOURCE13} docs/supported.rst +%else +cp %{SOURCE13} docs/supported.rst +%endif +%endif + %define srcdir %{_builddir}/%buildsubdir %define blddir %srcdir/build mkdir -p %blddir @@ -1055,9 +1063,13 @@ cd %blddir --firmwarepath=%_datadir/%name \ --python=%_bindir/python3 \ --extra-cflags="%{optflags}" \ + --with-git-submodules=ignore \ --disable-fuzzing \ + --disable-multiprocess \ --disable-stack-protector \ --disable-strip \ + --disable-tcg-interpreter \ + --with-git-submodules=ignore \ %if "%{name}" != "qemu-linux-user" --with-pkgversion="%(echo '%{distro}' | sed 's/ (.*)//')" \ --with-default-devices \ @@ -1083,6 +1095,7 @@ cd %blddir --enable-curses \ --enable-dmg \ --enable-fdt \ + --enable-gio \ --enable-gcrypt \ --enable-glusterfs \ --enable-gnutls \ @@ -1205,6 +1218,7 @@ cd %blddir --enable-coroutine-pool \ --disable-dmg \ --disable-fdt \ + --disable-gio \ --disable-iconv \ --disable-kvm \ --disable-libdaxctl \ @@ -1482,6 +1496,7 @@ ln -s qemu-binfmt %{buildroot}%_bindir/qemu-alpha-binfmt ln -s qemu-binfmt %{buildroot}%_bindir/qemu-arm-binfmt ln -s qemu-binfmt %{buildroot}%_bindir/qemu-armeb-binfmt ln -s qemu-binfmt %{buildroot}%_bindir/qemu-cris-binfmt +ln -s qemu-binfmt %{buildroot}%_bindir/qemu-hexagon-binfmt ln -s qemu-binfmt %{buildroot}%_bindir/qemu-hppa-binfmt ln -s qemu-binfmt %{buildroot}%_bindir/qemu-i386-binfmt ln -s qemu-binfmt %{buildroot}%_bindir/qemu-m68k-binfmt @@ -1703,52 +1718,91 @@ fi %_datadir/%name/trace-events-all %dir %_datadir/%name/vhost-user %_datadir/%name/vhost-user/50-qemu-virtiofsd.json +%dir %_docdir/%name/_static +%dir %_docdir/%name/devel %dir %_docdir/%name/interop -%dir %_docdir/%name/interop/_static %dir %_docdir/%name/specs -%dir %_docdir/%name/specs/_static %dir %_docdir/%name/system -%dir %_docdir/%name/system/_static %dir %_docdir/%name/system/arm %dir %_docdir/%name/system/i386 +%dir %_docdir/%name/system/ppc +%dir %_docdir/%name/system/riscv %dir %_docdir/%name/system/s390x %dir %_docdir/%name/tools -%dir %_docdir/%name/tools/_static %dir %_docdir/%name/user -%dir %_docdir/%name/user/_static +%_docdir/%name/.buildinfo +%_docdir/%name/_static/alabaster.css +%_docdir/%name/_static/basic.css +%_docdir/%name/_static/custom.css +%_docdir/%name/_static/doctools.js +%_docdir/%name/_static/documentation_options.js +%_docdir/%name/_static/file.png +%_docdir/%name/_static/jquery-3.5.1.js +%_docdir/%name/_static/jquery.js +%_docdir/%name/_static/language_data.js +%_docdir/%name/_static/minus.png +%_docdir/%name/_static/plus.png +%_docdir/%name/_static/pygments.css +%_docdir/%name/_static/searchtools.js +%_docdir/%name/_static/underscore-* +%_docdir/%name/_static/underscore.js +%_docdir/%name/devel/atomics.html +%_docdir/%name/devel/bitops.html +%_docdir/%name/devel/block-coroutine-wrapper.html +%_docdir/%name/devel/build-system.html +%_docdir/%name/devel/clocks.html +%_docdir/%name/devel/code-of-conduct.html +%_docdir/%name/devel/conflict-resolution.html +%_docdir/%name/devel/control-flow-integrity.html +%_docdir/%name/devel/decodetree.html +%_docdir/%name/devel/fuzzing.html +%_docdir/%name/devel/index.html +%_docdir/%name/devel/kconfig.html +%_docdir/%name/devel/loads-stores.html +%_docdir/%name/devel/memory.html +%_docdir/%name/devel/multi-process.html +%_docdir/%name/devel/migration.html +%_docdir/%name/devel/multi-thread-tcg.html +%_docdir/%name/devel/qom.html +%_docdir/%name/devel/qgraph.html +%_docdir/%name/devel/qtest.html +%_docdir/%name/devel/reset.html +%_docdir/%name/devel/s390-dasd-ipl.html +%_docdir/%name/devel/secure-coding-practices.html +%_docdir/%name/devel/stable-process.html +%_docdir/%name/devel/style.html +%_docdir/%name/devel/tcg-icount.html +%_docdir/%name/devel/tcg-plugins.html +%_docdir/%name/devel/tcg.html +%_docdir/%name/devel/testing.html +%_docdir/%name/devel/tracing.html +%_docdir/%name/genindex.html %_docdir/%name/index.html -%_docdir/%name/interop/.buildinfo -%_docdir/%name/interop/_static/* %_docdir/%name/interop/bitmaps.html %_docdir/%name/interop/dbus.html %_docdir/%name/interop/dbus-vmstate.html -%_docdir/%name/interop/genindex.html %_docdir/%name/interop/index.html %_docdir/%name/interop/live-block-operations.html -%_docdir/%name/interop/objects.inv %_docdir/%name/interop/pr-helper.html %_docdir/%name/interop/qemu-ga-ref.html %_docdir/%name/interop/qemu-qmp-ref.html -%_docdir/%name/interop/search.html -%_docdir/%name/interop/searchindex.js +%_docdir/%name/interop/qemu-storage-daemon-qmp-ref.html %_docdir/%name/interop/vhost-user.html %_docdir/%name/interop/vhost-user-gpu.html %_docdir/%name/interop/vhost-vdpa.html -%_docdir/%name/specs/.buildinfo -%_docdir/%name/specs/_static/* +%_docdir/%name/objects.inv +%_docdir/%name/search.html +%_docdir/%name/searchindex.js %_docdir/%name/specs/acpi_hest_ghes.html %_docdir/%name/specs/acpi_hw_reduced_hotplug.html -%_docdir/%name/specs/genindex.html %_docdir/%name/specs/index.html -%_docdir/%name/specs/objects.inv %_docdir/%name/specs/ppc-spapr-numa.html %_docdir/%name/specs/ppc-spapr-xive.html %_docdir/%name/specs/ppc-xive.html -%_docdir/%name/specs/search.html -%_docdir/%name/specs/searchindex.js %_docdir/%name/specs/tpm.html -%_docdir/%name/system/.buildinfo -%_docdir/%name/system/_static/* +%if %{legacy_qemu_kvm} +%_docdir/%name/supported.html +%endif %_docdir/%name/system/arm/aspeed.html %_docdir/%name/system/arm/collie.html %_docdir/%name/system/arm/cpu-features.html @@ -1764,6 +1818,7 @@ fi %_docdir/%name/system/arm/palm.html %_docdir/%name/system/arm/raspi.html %_docdir/%name/system/arm/realview.html +%_docdir/%name/system/arm/sabrelite.html %_docdir/%name/system/arm/sbsa.html %_docdir/%name/system/arm/stellaris.html %_docdir/%name/system/arm/sx1.html @@ -1776,7 +1831,8 @@ fi %_docdir/%name/system/cpu-hotplug.html %_docdir/%name/system/deprecated.html %_docdir/%name/system/gdb.html -%_docdir/%name/system/genindex.html +%_docdir/%name/system/generic-loader.html +%_docdir/%name/system/guest-loader.html %_docdir/%name/system/i386/microvm.html %_docdir/%name/system/i386/pc.html %_docdir/%name/system/images.html @@ -1788,22 +1844,29 @@ fi %_docdir/%name/system/linuxboot.html %_docdir/%name/system/managed-startup.html %_docdir/%name/system/monitor.html +%_docdir/%name/system/multi-process.html %_docdir/%name/system/mux-chardev.html %_docdir/%name/system/net.html -%_docdir/%name/system/objects.inv +%_docdir/%name/system/nvme.html +%_docdir/%name/system/ppc/embedded.html +%_docdir/%name/system/ppc/powermac.html +%_docdir/%name/system/ppc/powernv.html +%_docdir/%name/system/ppc/prep.html +%_docdir/%name/system/ppc/pseries.html %_docdir/%name/system/pr-manager.html %_docdir/%name/system/qemu-block-drivers.html %_docdir/%name/system/qemu-cpu-models.html %_docdir/%name/system/qemu-manpage.html %_docdir/%name/system/quickstart.html +%_docdir/%name/system/removed-features.html +%_docdir/%name/system/riscv/microchip-icicle-kit.html +%_docdir/%name/system/riscv/sifive_u.html %_docdir/%name/system/s390x/3270.html %_docdir/%name/system/s390x/bootdevices.html %_docdir/%name/system/s390x/css.html %_docdir/%name/system/s390x/protvirt.html %_docdir/%name/system/s390x/vfio-ap.html %_docdir/%name/system/s390x/vfio-ccw.html -%_docdir/%name/system/search.html -%_docdir/%name/system/searchindex.js %_docdir/%name/system/security.html %_docdir/%name/system/target-arm.html %_docdir/%name/system/target-avr.html @@ -1811,6 +1874,7 @@ fi %_docdir/%name/system/target-m68k.html %_docdir/%name/system/target-mips.html %_docdir/%name/system/target-ppc.html +%_docdir/%name/system/target-riscv.html %_docdir/%name/system/target-rx.html %_docdir/%name/system/target-s390x.html %_docdir/%name/system/target-sparc64.html @@ -1822,36 +1886,27 @@ fi %_docdir/%name/system/virtio-net-failover.html %_docdir/%name/system/virtio-pmem.html %_docdir/%name/system/vnc-security.html -%_docdir/%name/tools/.buildinfo -%_docdir/%name/tools/_static/* -%_docdir/%name/tools/genindex.html %_docdir/%name/tools/index.html -%_docdir/%name/tools/objects.inv %_docdir/%name/tools/qemu-img.html %_docdir/%name/tools/qemu-nbd.html %_docdir/%name/tools/qemu-pr-helper.html %_docdir/%name/tools/qemu-trace-stap.html -%_docdir/%name/tools/search.html -%_docdir/%name/tools/searchindex.js +%_docdir/%name/tools/qemu-storage-daemon.html %_docdir/%name/tools/virtfs-proxy-helper.html %_docdir/%name/tools/virtiofsd.html -%_docdir/%name/user/.buildinfo -%_docdir/%name/user/_static/* -%_docdir/%name/user/genindex.html %_docdir/%name/user/index.html %_docdir/%name/user/main.html -%_docdir/%name/user/objects.inv -%_docdir/%name/user/search.html -%_docdir/%name/user/searchindex.js %dir %_libexecdir/supportconfig %dir %_libexecdir/supportconfig/plugins %_libexecdir/supportconfig/plugins/%name %_mandir/man1/%name.1.gz +%_mandir/man1/qemu-storage-daemon.1.gz %_mandir/man1/virtiofsd.1.gz %_mandir/man7/qemu-block-drivers.7.gz %_mandir/man7/qemu-cpu-models.7.gz %_mandir/man7/qemu-qmp-ref.7.gz %_mandir/man7/qemu-ga-ref.7.gz +%_mandir/man7/qemu-storage-daemon-qmp-ref.7.gz %dir %_sysconfdir/%name %dir %_sysconfdir/%name/firmware %if %{kvm_available} @@ -2233,6 +2288,7 @@ fi %_bindir/qemu-arm %_bindir/qemu-armeb %_bindir/qemu-cris +%_bindir/qemu-hexagon %_bindir/qemu-hppa %_bindir/qemu-i386 %_bindir/qemu-m68k diff --git a/qom-handle-case-of-chardev-spice-module-.patch b/qom-handle-case-of-chardev-spice-module-.patch index 2fc61da1..ff36e228 100644 --- a/qom-handle-case-of-chardev-spice-module-.patch +++ b/qom-handle-case-of-chardev-spice-module-.patch @@ -14,7 +14,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 6 insertions(+) diff --git a/qom/object.c b/qom/object.c -index 6f301fec34d103b0b07bc41d107c..0dec164192a55d3d9d955d445db9 100644 +index 1b132653c3fc8d5150723b2d4cf7..cb8cd9e6a5f48f94a0829ecc9e97 100644 --- a/qom/object.c +++ b/qom/object.c @@ -236,6 +236,12 @@ static bool type_is_ancestor(TypeImpl *type, TypeImpl *target_type) diff --git a/rtl8139-switch-to-use-qemu_receive_packe.patch b/rtl8139-switch-to-use-qemu_receive_packe.patch deleted file mode 100644 index 884a337e..00000000 --- a/rtl8139-switch-to-use-qemu_receive_packe.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Alexander Bulekov -Date: Fri, 26 Feb 2021 13:47:53 -0500 -Subject: rtl8139: switch to use qemu_receive_packet() for loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 5311fb805a4403bba024e83886fa0e7572265de4 -References: bsc#1182968, CVE-2021-3416 - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit -Cc: qemu-stable@nongnu.org -Buglink: https://bugs.launchpad.net/qemu/+bug/1910826 -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Jason Wang -Signed-off-by: Bruce Rogers ---- - hw/net/rtl8139.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c -index ba5ace1ab75cc91330f8f60b25c0..d2dd03e6a5866f4f549af2e97399 100644 ---- a/hw/net/rtl8139.c -+++ b/hw/net/rtl8139.c -@@ -1795,7 +1795,7 @@ static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size, - } - - DPRINTF("+++ transmit loopback mode\n"); -- rtl8139_do_receive(qemu_get_queue(s->nic), buf, size, do_interrupt); -+ qemu_receive_packet(qemu_get_queue(s->nic), buf, size); - - if (iov) { - g_free(buf2); diff --git a/s390x-Fix-stringop-truncation-issue-repo.patch b/s390x-Fix-stringop-truncation-issue-repo.patch deleted file mode 100644 index ab9d979e..00000000 --- a/s390x-Fix-stringop-truncation-issue-repo.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Bruce Rogers -Date: Thu, 13 Aug 2020 14:03:29 -0600 -Subject: s390x: Fix stringop-truncation issue reported by gcc 11 - -Signed-off-by: Bruce Rogers ---- - target/s390x/misc_helper.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c -index 58dbc023eb5495ec5da0321651ad..d8e18c0d4617c333fcd4cc1c5c8c 100644 ---- a/target/s390x/misc_helper.c -+++ b/target/s390x/misc_helper.c -@@ -370,7 +370,7 @@ uint32_t HELPER(stsi)(CPUS390XState *env, uint64_t a0, uint64_t r0, uint64_t r1) - MIN(sizeof(sysib.sysib_322.vm[0].name), - strlen(qemu_name))); - strncpy((char *)sysib.sysib_322.ext_names[0], qemu_name, -- sizeof(sysib.sysib_322.ext_names[0])); -+ sizeof(sysib.sysib_322.ext_names[0] - 1)); - } else { - ebcdic_put(sysib.sysib_322.vm[0].name, "TCGguest", 8); - strcpy((char *)sysib.sysib_322.ext_names[0], "TCGguest"); diff --git a/s390x-add-have_virtio_ccw.patch b/s390x-add-have_virtio_ccw.patch deleted file mode 100644 index 7aebee48..00000000 --- a/s390x-add-have_virtio_ccw.patch +++ /dev/null @@ -1,50 +0,0 @@ -From: Gerd Hoffmann -Date: Wed, 17 Mar 2021 10:56:21 +0100 -Subject: s390x: add have_virtio_ccw - -Git-commit: 2dd9d8cfb4f3bd30d9cdfc2edba5cb7ee5917f4b -References: bsc#1181103 - -Introduce a symbol which can be used to prevent ccw modules -being loaded into system emulators without ccw support. - -Signed-off-by: Gerd Hoffmann -Reviewed-by: Halil Pasic -Tested-by: Halil Pasic -Message-Id: <20210317095622.2839895-3-kraxel@redhat.com> -Signed-off-by: Gerd Hoffmann -Signed-off-by: Bruce Rogers ---- - hw/s390x/virtio-ccw.c | 2 ++ - hw/s390x/virtio-ccw.h | 5 +++++ - 2 files changed, 7 insertions(+) - -diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c -index 4582e94ae7dc4d75117ffc201047..82ec2889b0c7ce64bb96b9c67212 100644 ---- a/hw/s390x/virtio-ccw.c -+++ b/hw/s390x/virtio-ccw.c -@@ -35,6 +35,8 @@ - - #define NR_CLASSIC_INDICATOR_BITS 64 - -+bool have_virtio_ccw = true; -+ - static int virtio_ccw_dev_post_load(void *opaque, int version_id) - { - VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(opaque); -diff --git a/hw/s390x/virtio-ccw.h b/hw/s390x/virtio-ccw.h -index 49a2b8ca42df799f1815f8af32d1..0168232e3b8db1da2a91dfd157db 100644 ---- a/hw/s390x/virtio-ccw.h -+++ b/hw/s390x/virtio-ccw.h -@@ -63,6 +63,11 @@ typedef struct VirtioBusClass VirtioCcwBusClass; - DECLARE_OBJ_CHECKERS(VirtioCcwBusState, VirtioCcwBusClass, - VIRTIO_CCW_BUS, TYPE_VIRTIO_CCW_BUS) - -+/* -+ * modules can reference this symbol to avoid being loaded -+ * into system emulators without ccw support -+ */ -+extern bool have_virtio_ccw; - - struct VirtIOCCWDeviceClass { - CCWDeviceClass parent_class; diff --git a/s390x-css-report-errors-from-ccw_dstream.patch b/s390x-css-report-errors-from-ccw_dstream.patch deleted file mode 100644 index d307c244..00000000 --- a/s390x-css-report-errors-from-ccw_dstream.patch +++ /dev/null @@ -1,269 +0,0 @@ -From: Pierre Morel -Date: Thu, 8 Apr 2021 18:32:09 +0200 -Subject: s390x: css: report errors from ccw_dstream_read/write - -Git-commit: d895d25ae2bb8519aa715dd2a97f09d4a66b189d - -ccw_dstream_read/write functions returned values are sometime -not taking into account and reported back to the upper level -of interpretation of CCW instructions. - -It follows that accessing an invalid address does not trigger -a subchannel status program check to the guest as it should. - -Let's test the return values of ccw_dstream_write[_buf] and -ccw_dstream_read[_buf] and report it to the caller. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Pierre Morel -Acked-by: Halil Pasic -Message-Id: <1617899529-9329-2-git-send-email-pmorel@linux.ibm.com> -Signed-off-by: Cornelia Huck -Signed-off-by: Bruce Rogers ---- - hw/char/terminal3270.c | 11 +++++-- - hw/s390x/3270-ccw.c | 5 +++- - hw/s390x/css.c | 14 +++++---- - hw/s390x/virtio-ccw.c | 66 ++++++++++++++++++++++++++++++------------ - 4 files changed, 69 insertions(+), 27 deletions(-) - -diff --git a/hw/char/terminal3270.c b/hw/char/terminal3270.c -index d77981bb6d52a2af651bfa2b6ecb..f969ee57fd85164073f98c3285b5 100644 ---- a/hw/char/terminal3270.c -+++ b/hw/char/terminal3270.c -@@ -199,9 +199,13 @@ static int read_payload_3270(EmulatedCcw3270Device *dev) - { - Terminal3270 *t = TERMINAL_3270(dev); - int len; -+ int ret; - - len = MIN(ccw_dstream_avail(get_cds(t)), t->in_len); -- ccw_dstream_write_buf(get_cds(t), t->inv, len); -+ ret = ccw_dstream_write_buf(get_cds(t), t->inv, len); -+ if (ret < 0) { -+ return ret; -+ } - t->in_len -= len; - - return len; -@@ -259,7 +263,10 @@ static int write_payload_3270(EmulatedCcw3270Device *dev, uint8_t cmd) - - t->outv[out_len++] = cmd; - do { -- ccw_dstream_read_buf(get_cds(t), &t->outv[out_len], len); -+ retval = ccw_dstream_read_buf(get_cds(t), &t->outv[out_len], len); -+ if (retval < 0) { -+ return retval; -+ } - count = ccw_dstream_avail(get_cds(t)); - out_len += len; - -diff --git a/hw/s390x/3270-ccw.c b/hw/s390x/3270-ccw.c -index 821319eee6d1066d7cf3113d3ab3..f3e7342b1e8eadc1938b5ad024c7 100644 ---- a/hw/s390x/3270-ccw.c -+++ b/hw/s390x/3270-ccw.c -@@ -31,6 +31,9 @@ static int handle_payload_3270_read(EmulatedCcw3270Device *dev, CCW1 *ccw) - } - - len = ck->read_payload_3270(dev); -+ if (len < 0) { -+ return len; -+ } - ccw_dev->sch->curr_status.scsw.count = ccw->count - len; - - return 0; -@@ -50,7 +53,7 @@ static int handle_payload_3270_write(EmulatedCcw3270Device *dev, CCW1 *ccw) - len = ck->write_payload_3270(dev, ccw->cmd_code); - - if (len <= 0) { -- return -EIO; -+ return len ? len : -EIO; - } - - ccw_dev->sch->curr_status.scsw.count = ccw->count - len; -diff --git a/hw/s390x/css.c b/hw/s390x/css.c -index 9961cfe7bf67460924ea68cb72bd..1ad6069ceacfc7459c25307c1fd9 100644 ---- a/hw/s390x/css.c -+++ b/hw/s390x/css.c -@@ -1055,10 +1055,11 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr, - } - } - len = MIN(ccw.count, sizeof(sch->sense_data)); -- ccw_dstream_write_buf(&sch->cds, sch->sense_data, len); -+ ret = ccw_dstream_write_buf(&sch->cds, sch->sense_data, len); - sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds); -- memset(sch->sense_data, 0, sizeof(sch->sense_data)); -- ret = 0; -+ if (!ret) { -+ memset(sch->sense_data, 0, sizeof(sch->sense_data)); -+ } - break; - case CCW_CMD_SENSE_ID: - { -@@ -1083,9 +1084,10 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr, - } else { - sense_id[0] = 0; - } -- ccw_dstream_write_buf(&sch->cds, sense_id, len); -- sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds); -- ret = 0; -+ ret = ccw_dstream_write_buf(&sch->cds, sense_id, len); -+ if (!ret) { -+ sch->curr_status.scsw.count = ccw_dstream_residual_count(&sch->cds); -+ } - break; - } - case CCW_CMD_TIC: -diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c -index 82ec2889b0c7ce64bb96b9c67212..43db5b93e1125d5ef806abfebb32 100644 ---- a/hw/s390x/virtio-ccw.c -+++ b/hw/s390x/virtio-ccw.c -@@ -288,14 +288,20 @@ static int virtio_ccw_handle_set_vq(SubchDev *sch, CCW1 ccw, bool check_len, - return -EFAULT; - } - if (is_legacy) { -- ccw_dstream_read(&sch->cds, linfo); -+ ret = ccw_dstream_read(&sch->cds, linfo); -+ if (ret) { -+ return ret; -+ } - linfo.queue = be64_to_cpu(linfo.queue); - linfo.align = be32_to_cpu(linfo.align); - linfo.index = be16_to_cpu(linfo.index); - linfo.num = be16_to_cpu(linfo.num); - ret = virtio_ccw_set_vqs(sch, NULL, &linfo); - } else { -- ccw_dstream_read(&sch->cds, info); -+ ret = ccw_dstream_read(&sch->cds, info); -+ if (ret) { -+ return ret; -+ } - info.desc = be64_to_cpu(info.desc); - info.index = be16_to_cpu(info.index); - info.num = be16_to_cpu(info.num); -@@ -364,7 +370,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) - VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev); - - ccw_dstream_advance(&sch->cds, sizeof(features.features)); -- ccw_dstream_read(&sch->cds, features.index); -+ ret = ccw_dstream_read(&sch->cds, features.index); -+ if (ret) { -+ break; -+ } - if (features.index == 0) { - if (dev->revision >= 1) { - /* Don't offer legacy features for modern devices. */ -@@ -385,9 +394,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) - } - ccw_dstream_rewind(&sch->cds); - features.features = cpu_to_le32(features.features); -- ccw_dstream_write(&sch->cds, features.features); -- sch->curr_status.scsw.count = ccw.count - sizeof(features); -- ret = 0; -+ ret = ccw_dstream_write(&sch->cds, features.features); -+ if (!ret) { -+ sch->curr_status.scsw.count = ccw.count - sizeof(features); -+ } - } - break; - case CCW_CMD_WRITE_FEAT: -@@ -404,7 +414,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) - if (!ccw.cda) { - ret = -EFAULT; - } else { -- ccw_dstream_read(&sch->cds, features); -+ ret = ccw_dstream_read(&sch->cds, features); -+ if (ret) { -+ break; -+ } - features.features = le32_to_cpu(features.features); - if (features.index == 0) { - virtio_set_features(vdev, -@@ -447,9 +460,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) - ret = -EFAULT; - } else { - virtio_bus_get_vdev_config(&dev->bus, vdev->config); -- ccw_dstream_write_buf(&sch->cds, vdev->config, len); -- sch->curr_status.scsw.count = ccw.count - len; -- ret = 0; -+ ret = ccw_dstream_write_buf(&sch->cds, vdev->config, len); -+ if (ret) { -+ sch->curr_status.scsw.count = ccw.count - len; -+ } - } - break; - case CCW_CMD_WRITE_CONF: -@@ -504,7 +518,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) - if (!ccw.cda) { - ret = -EFAULT; - } else { -- ccw_dstream_read(&sch->cds, status); -+ ret = ccw_dstream_read(&sch->cds, status); -+ if (ret) { -+ break; -+ } - if (!(status & VIRTIO_CONFIG_S_DRIVER_OK)) { - virtio_ccw_stop_ioeventfd(dev); - } -@@ -547,7 +564,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) - if (!ccw.cda) { - ret = -EFAULT; - } else { -- ccw_dstream_read(&sch->cds, indicators); -+ ret = ccw_dstream_read(&sch->cds, indicators); -+ if (ret) { -+ break; -+ } - indicators = be64_to_cpu(indicators); - dev->indicators = get_indicator(indicators, sizeof(uint64_t)); - sch->curr_status.scsw.count = ccw.count - sizeof(indicators); -@@ -568,7 +588,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) - if (!ccw.cda) { - ret = -EFAULT; - } else { -- ccw_dstream_read(&sch->cds, indicators); -+ ret = ccw_dstream_read(&sch->cds, indicators); -+ if (ret) { -+ break; -+ } - indicators = be64_to_cpu(indicators); - dev->indicators2 = get_indicator(indicators, sizeof(uint64_t)); - sch->curr_status.scsw.count = ccw.count - sizeof(indicators); -@@ -589,7 +612,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) - if (!ccw.cda) { - ret = -EFAULT; - } else { -- ccw_dstream_read(&sch->cds, vq_config.index); -+ ret = ccw_dstream_read(&sch->cds, vq_config.index); -+ if (ret) { -+ break; -+ } - vq_config.index = be16_to_cpu(vq_config.index); - if (vq_config.index >= VIRTIO_QUEUE_MAX) { - ret = -EINVAL; -@@ -598,9 +624,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) - vq_config.num_max = virtio_queue_get_num(vdev, - vq_config.index); - vq_config.num_max = cpu_to_be16(vq_config.num_max); -- ccw_dstream_write(&sch->cds, vq_config.num_max); -- sch->curr_status.scsw.count = ccw.count - sizeof(vq_config); -- ret = 0; -+ ret = ccw_dstream_write(&sch->cds, vq_config.num_max); -+ if (!ret) { -+ sch->curr_status.scsw.count = ccw.count - sizeof(vq_config); -+ } - } - break; - case CCW_CMD_SET_IND_ADAPTER: -@@ -657,7 +684,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) - ret = -EFAULT; - break; - } -- ccw_dstream_read_buf(&sch->cds, &revinfo, 4); -+ ret = ccw_dstream_read_buf(&sch->cds, &revinfo, 4); -+ if (ret < 0) { -+ break; -+ } - revinfo.revision = be16_to_cpu(revinfo.revision); - revinfo.length = be16_to_cpu(revinfo.length); - if (ccw.count < len + revinfo.length || diff --git a/s390x-modularize-virtio-gpu-ccw.patch b/s390x-modularize-virtio-gpu-ccw.patch deleted file mode 100644 index 733559e3..00000000 --- a/s390x-modularize-virtio-gpu-ccw.patch +++ /dev/null @@ -1,87 +0,0 @@ -From: Gerd Hoffmann -Date: Wed, 17 Mar 2021 10:56:22 +0100 -Subject: s390x: modularize virtio-gpu-ccw - -Git-commit: adcf33a504de29feb720736051dc32889314c9e6 -References: bsc#1181103 - -Since the virtio-gpu-ccw device depends on the hw-display-virtio-gpu -module, which provides the type virtio-gpu-device, packaging the -hw-display-virtio-gpu module as a separate package that may or may not -be installed along with the qemu package leads to problems. Namely if -the hw-display-virtio-gpu is absent, qemu continues to advertise -virtio-gpu-ccw, but it aborts not only when one attempts using -virtio-gpu-ccw, but also when libvirtd's capability probing tries -to instantiate the type to introspect it. - -Let us thus introduce a module named hw-s390x-virtio-gpu-ccw that -is going to provide the virtio-gpu-ccw device. The hw-s390x prefix -was chosen because it is not a portable device. - -With virtio-gpu-ccw built as a module, the correct way to package a -modularized qemu is to require that hw-display-virtio-gpu must be -installed whenever the module hw-s390x-virtio-gpu-ccw. - -Signed-off-by: Halil Pasic -Signed-off-by: Gerd Hoffmann -Reviewed-by: Halil Pasic -Tested-by: Halil Pasic -Message-Id: <20210317095622.2839895-4-kraxel@redhat.com> -Signed-off-by: Gerd Hoffmann -Signed-off-by: Bruce Rogers ---- - hw/s390x/meson.build | 8 +++++++- - hw/s390x/virtio-ccw-gpu.c | 4 +++- - util/module.c | 1 + - 3 files changed, 11 insertions(+), 2 deletions(-) - -diff --git a/hw/s390x/meson.build b/hw/s390x/meson.build -index e53b7a69930a27dd030994ab6a54..8662ad04db2c51a229cbf7108c55 100644 ---- a/hw/s390x/meson.build -+++ b/hw/s390x/meson.build -@@ -34,7 +34,6 @@ virtio_ss.add(files('virtio-ccw.c')) - virtio_ss.add(when: 'CONFIG_VIRTIO_BALLOON', if_true: files('virtio-ccw-balloon.c')) - virtio_ss.add(when: 'CONFIG_VIRTIO_BLK', if_true: files('virtio-ccw-blk.c')) - virtio_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('virtio-ccw-crypto.c')) --virtio_ss.add(when: 'CONFIG_VIRTIO_GPU', if_true: files('virtio-ccw-gpu.c')) - virtio_ss.add(when: 'CONFIG_VIRTIO_INPUT', if_true: files('virtio-ccw-input.c')) - virtio_ss.add(when: 'CONFIG_VIRTIO_NET', if_true: files('virtio-ccw-net.c')) - virtio_ss.add(when: 'CONFIG_VIRTIO_RNG', if_true: files('virtio-ccw-rng.c')) -@@ -46,3 +45,10 @@ virtio_ss.add(when: 'CONFIG_VHOST_USER_FS', if_true: files('vhost-user-fs-ccw.c' - s390x_ss.add_all(when: 'CONFIG_VIRTIO_CCW', if_true: virtio_ss) - - hw_arch += {'s390x': s390x_ss} -+ -+hw_s390x_modules = {} -+virtio_gpu_ccw_ss = ss.source_set() -+virtio_gpu_ccw_ss.add(when: ['CONFIG_VIRTIO_GPU', 'CONFIG_VIRTIO_CCW'], -+ if_true: [files('virtio-ccw-gpu.c'), pixman]) -+hw_s390x_modules += {'virtio-gpu-ccw': virtio_gpu_ccw_ss} -+modules += {'hw-s390x': hw_s390x_modules} -diff --git a/hw/s390x/virtio-ccw-gpu.c b/hw/s390x/virtio-ccw-gpu.c -index c301e2586bde8aff7333ea029c02..75a9e4bb3908178d3aea335fd7a0 100644 ---- a/hw/s390x/virtio-ccw-gpu.c -+++ b/hw/s390x/virtio-ccw-gpu.c -@@ -62,7 +62,9 @@ static const TypeInfo virtio_ccw_gpu = { - - static void virtio_ccw_gpu_register(void) - { -- type_register_static(&virtio_ccw_gpu); -+ if (have_virtio_ccw) { -+ type_register_static(&virtio_ccw_gpu); -+ } - } - - type_init(virtio_ccw_gpu_register) -diff --git a/util/module.c b/util/module.c -index c65060c167df236d6e2163472708..cbe89fede628c3674e49194ee688 100644 ---- a/util/module.c -+++ b/util/module.c -@@ -304,6 +304,7 @@ static struct { - { "virtio-gpu-pci-base", "hw-", "display-virtio-gpu-pci" }, - { "virtio-gpu-pci", "hw-", "display-virtio-gpu-pci" }, - { "vhost-user-gpu-pci", "hw-", "display-virtio-gpu-pci" }, -+ { "virtio-gpu-ccw", "hw-", "s390x-virtio-gpu-ccw" }, - { "virtio-vga-base", "hw-", "display-virtio-vga" }, - { "virtio-vga", "hw-", "display-virtio-vga" }, - { "vhost-user-vga", "hw-", "display-virtio-vga" }, diff --git a/s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch b/s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch deleted file mode 100644 index bdae99fc..00000000 --- a/s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch +++ /dev/null @@ -1,96 +0,0 @@ -From: Gerd Hoffmann -Date: Wed, 17 Mar 2021 10:56:20 +0100 -Subject: s390x: move S390_ADAPTER_SUPPRESSIBLE - -Git-commit: d4c603d7be2e4173252c5b55e62d30ddd26edaca -References: bsc#1181103 - -The definition S390_ADAPTER_SUPPRESSIBLE was moved to "cpu.h", per -suggestion of Thomas Huth. From interface design perspective, IMHO, not -a good thing as it belongs to the public interface of -css_register_io_adapters(). We did this because CONFIG_KVM requeires -NEED_CPU_H and Thomas, and other commenters did not like the -consequences of that. - -Moving the interrupt related declarations to s390_flic.h was suggested -by Cornelia Huck. - -Signed-off-by: Halil Pasic -Signed-off-by: Gerd Hoffmann -Reviewed-by: Halil Pasic -Tested-by: Halil Pasic -Message-Id: <20210317095622.2839895-2-kraxel@redhat.com> -Signed-off-by: Gerd Hoffmann -Signed-off-by: Bruce Rogers ---- - include/hw/s390x/css.h | 7 ------- - include/hw/s390x/s390_flic.h | 3 +++ - target/s390x/cpu.h | 9 ++++++--- - 3 files changed, 9 insertions(+), 10 deletions(-) - -diff --git a/include/hw/s390x/css.h b/include/hw/s390x/css.h -index 08c869ab0afc18f34fb28056ce29..7858666307a1baaf2586dce56c07 100644 ---- a/include/hw/s390x/css.h -+++ b/include/hw/s390x/css.h -@@ -12,7 +12,6 @@ - #ifndef CSS_H - #define CSS_H - --#include "cpu.h" - #include "hw/s390x/adapter.h" - #include "hw/s390x/s390_flic.h" - #include "hw/s390x/ioinst.h" -@@ -233,12 +232,6 @@ uint32_t css_get_adapter_id(CssIoAdapterType type, uint8_t isc); - void css_register_io_adapters(CssIoAdapterType type, bool swap, bool maskable, - uint8_t flags, Error **errp); - --#ifndef CONFIG_KVM --#define S390_ADAPTER_SUPPRESSIBLE 0x01 --#else --#define S390_ADAPTER_SUPPRESSIBLE KVM_S390_ADAPTER_SUPPRESSIBLE --#endif -- - #ifndef CONFIG_USER_ONLY - SubchDev *css_find_subch(uint8_t m, uint8_t cssid, uint8_t ssid, - uint16_t schid); -diff --git a/include/hw/s390x/s390_flic.h b/include/hw/s390x/s390_flic.h -index e91b15d2d6af5feb2e7e7284bfbd..3907a13d07664bad96d466b3d20a 100644 ---- a/include/hw/s390x/s390_flic.h -+++ b/include/hw/s390x/s390_flic.h -@@ -134,6 +134,9 @@ void s390_flic_init(void); - S390FLICState *s390_get_flic(void); - QEMUS390FLICState *s390_get_qemu_flic(S390FLICState *fs); - S390FLICStateClass *s390_get_flic_class(S390FLICState *fs); -+void s390_crw_mchk(void); -+void s390_io_interrupt(uint16_t subchannel_id, uint16_t subchannel_nr, -+ uint32_t io_int_parm, uint32_t io_int_word); - bool ais_needed(void *opaque); - - #endif /* HW_S390_FLIC_H */ -diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h -index 60d434d5edd55c59cfe7e345967c..b434b905c0ae337c62ddcc9d7e34 100644 ---- a/target/s390x/cpu.h -+++ b/target/s390x/cpu.h -@@ -40,6 +40,12 @@ - - #define S390_MAX_CPUS 248 - -+#ifndef CONFIG_KVM -+#define S390_ADAPTER_SUPPRESSIBLE 0x01 -+#else -+#define S390_ADAPTER_SUPPRESSIBLE KVM_S390_ADAPTER_SUPPRESSIBLE -+#endif -+ - typedef struct PSW { - uint64_t mask; - uint64_t addr; -@@ -806,9 +812,6 @@ int cpu_s390x_signal_handler(int host_signum, void *pinfo, void *puc); - - - /* interrupt.c */ --void s390_crw_mchk(void); --void s390_io_interrupt(uint16_t subchannel_id, uint16_t subchannel_nr, -- uint32_t io_int_parm, uint32_t io_int_word); - #define RA_IGNORED 0 - void s390_program_interrupt(CPUS390XState *env, uint32_t code, uintptr_t ra); - /* service interrupts are floating therefore we must not pass an cpustate */ diff --git a/s390x-pci-restore-missing-Query-PCI-Func.patch b/s390x-pci-restore-missing-Query-PCI-Func.patch deleted file mode 100644 index 680747b3..00000000 --- a/s390x-pci-restore-missing-Query-PCI-Func.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Matthew Rosato -Date: Thu, 18 Feb 2021 15:53:29 -0500 -Subject: s390x/pci: restore missing Query PCI Function CLP data - -Git-commit: 403af209db8c030ed1e000640cd3cd80c6882883 -References: bsc#1183372 - -Some CLP response data was accidentally dropped when fixing endianness -issues with the Query PCI Function CLP response. All of these values are -sent as 0s to the guest for emulated devices, so the impact is only -observed on passthrough devices. - -Fixes: a4e2fff1b104 ("s390x/pci: fix endianness issues") -Signed-off-by: Matthew Rosato -Message-Id: <1613681609-9349-1-git-send-email-mjrosato@linux.ibm.com> -Signed-off-by: Cornelia Huck -Signed-off-by: Bruce Rogers ---- - hw/s390x/s390-pci-inst.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c -index 70bfd91bf70edafaa7c93469f459..f0ed9ea6f96b1202521ae434e680 100644 ---- a/hw/s390x/s390-pci-inst.c -+++ b/hw/s390x/s390-pci-inst.c -@@ -284,10 +284,15 @@ int clp_service_call(S390CPU *cpu, uint8_t r2, uintptr_t ra) - stq_p(&resquery->sdma, pbdev->zpci_fn.sdma); - stq_p(&resquery->edma, pbdev->zpci_fn.edma); - stw_p(&resquery->pchid, pbdev->zpci_fn.pchid); -+ stw_p(&resquery->vfn, pbdev->zpci_fn.vfn); - resquery->flags = pbdev->zpci_fn.flags; - resquery->pfgid = pbdev->zpci_fn.pfgid; -+ resquery->pft = pbdev->zpci_fn.pft; -+ resquery->fmbl = pbdev->zpci_fn.fmbl; - stl_p(&resquery->fid, pbdev->zpci_fn.fid); - stl_p(&resquery->uid, pbdev->zpci_fn.uid); -+ memcpy(resquery->pfip, pbdev->zpci_fn.pfip, CLP_PFIP_NR_SEGMENTS); -+ memcpy(resquery->util_str, pbdev->zpci_fn.util_str, CLP_UTIL_STR_LEN); - - for (i = 0; i < PCI_BAR_COUNT; i++) { - uint32_t data = pci_get_long(pbdev->pdev->config + diff --git a/spice-app-avoid-crash-when-core-spice-mo.patch b/spice-app-avoid-crash-when-core-spice-mo.patch deleted file mode 100644 index fdd1f4aa..00000000 --- a/spice-app-avoid-crash-when-core-spice-mo.patch +++ /dev/null @@ -1,55 +0,0 @@ -From: Bruce Rogers -Date: Fri, 12 Feb 2021 20:23:18 -0700 -Subject: spice-app: avoid crash when core spice module doesn't loaded -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -git-commit: 122e4ef6dea14a078a860ca253852e18ddebb8e2 - -When qemu is built with modules, but a given module doesn't load -qemu should handle that gracefully. When ui-spice-core.so isn't -able to be loaded and qemu is invoked with -display spice-app or --spice, qemu will dereference a null pointer. With this change we -check the pointer before dereferencing and error out in a normal -way. - -Signed-off-by: Bruce Rogers -Reviewed-by: Marc-André Lureau -Reviewed-by: Philippe Mathieu-Daudé -Message-Id: <20210213032318.346093-1-brogers@suse.com> -Signed-off-by: Gerd Hoffmann ---- - ui/spice-app.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/ui/spice-app.c b/ui/spice-app.c -index 026124ef56a0ef26fbe3cf0a1aba..4325ac2d9c5403e8d77099825fc3 100644 ---- a/ui/spice-app.c -+++ b/ui/spice-app.c -@@ -129,6 +129,7 @@ static void spice_app_atexit(void) - static void spice_app_display_early_init(DisplayOptions *opts) - { - QemuOpts *qopts; -+ QemuOptsList *list; - GError *err = NULL; - - if (opts->has_full_screen) { -@@ -159,11 +160,16 @@ static void spice_app_display_early_init(DisplayOptions *opts) - exit(1); - } - } -+ list = qemu_find_opts("spice"); -+ if (list == NULL) { -+ error_report("spice-app missing spice support"); -+ exit(1); -+ } - - type_register(&char_vc_type_info); - - sock_path = g_strjoin("", app_dir, "/", "spice.sock", NULL); -- qopts = qemu_opts_create(qemu_find_opts("spice"), NULL, 0, &error_abort); -+ qopts = qemu_opts_create(list, NULL, 0, &error_abort); - qemu_opt_set(qopts, "disable-ticketing", "on", &error_abort); - qemu_opt_set(qopts, "unix", "on", &error_abort); - qemu_opt_set(qopts, "addr", sock_path, &error_abort); diff --git a/sungem-switch-to-use-qemu_receive_packet.patch b/sungem-switch-to-use-qemu_receive_packet.patch deleted file mode 100644 index 72c747cb..00000000 --- a/sungem-switch-to-use-qemu_receive_packet.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: Jason Wang -Date: Wed, 24 Feb 2021 13:14:35 +0800 -Subject: sungem: switch to use qemu_receive_packet() for loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 8c92060d3c0248bd4d515719a35922cd2391b9b4 - -This patch switches to use qemu_receive_packet() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit -Cc: qemu-stable@nongnu.org -Reviewed-by: Mark Cave-Ayland -Reviewed-by: Philippe Mathieu-Daudé -Reviewed-by: Alistair Francis -Signed-off-by: Jason Wang -Signed-off-by: Bruce Rogers ---- - hw/net/sungem.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/sungem.c b/hw/net/sungem.c -index 33c3722df6f7c052b1632115e602..3684a4d733b6ec8bea39b4487e18 100644 ---- a/hw/net/sungem.c -+++ b/hw/net/sungem.c -@@ -306,7 +306,7 @@ static void sungem_send_packet(SunGEMState *s, const uint8_t *buf, - NetClientState *nc = qemu_get_queue(s->nic); - - if (s->macregs[MAC_XIFCFG >> 2] & MAC_XIFCFG_LBCK) { -- nc->info->receive(nc, buf, size); -+ qemu_receive_packet(nc, buf, size); - } else { - qemu_send_packet(nc, buf, size); - } diff --git a/supported.arm.txt b/supported.arm.txt index d49a8077..b2ab7556 100644 --- a/supported.arm.txt +++ b/supported.arm.txt @@ -1,6 +1,7 @@ [qemu-arm package document] -SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS +POST SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS +==================================================== Overview -------- @@ -142,13 +143,14 @@ Noteworthy QEMU/KVM Unsupported Features Deprecated, Superseded, Modified and Dropped Features ----------------------------------------------------- -- http://wiki.qemu-project.org/Features/LegacyRemoval - This website tracks feature deprecation and removal at the upstream +- http://wiki.qemu-project.org/Features/LegacyRemoval and + https://qemu-project.gitlab.io/qemu/system/deprecated.html + These websites track features deprecation and removal at the upstream development level. Our qemu package inherits this community direction, but be aware that we can and will deviate as needed. Those deviations and additional information can be found in this section. Feature deprecation as well as - removed features are also tracked in the "QEMU System Emulator User's Guide" - section of the documentation installed with the qemu package. + removed features are also tracked in the "System Emulation" section of the + documentation installed with the qemu package. - The use of "?" as a parameter to "-cpu", "-soundhw", "-device", "-M", "-machine" and "-d" is now considered deprecated. Use "help" @@ -170,19 +172,21 @@ Deprecated, Superseded, Modified and Dropped Features acpitable, boot, and smp respectively. - These previously supported command line options are now considered deprecated: - -device scsi-disk (use scsi-hd or scsi-cd instead) - -device virtio-blk,scsi= (use virtio-scsi instead) - -device virtio-blk-pci,scsi= (use virtio-scsi instead) - -realtime mlock= (use -overcommit mem-lock- instead) - (the following are early notices of deprecation in a future qemu version) -chardev tty (use serial name instead) -chardev paraport (use parallel name instead) + -device virtio-blk,scsi= (use virtio-scsi instead) + -device virtio-blk-pci,scsi= (use virtio-scsi instead) -enable-fips (not really helpful - see https://git.qemu.org/?p=qemu.git;a=commit;h=166310299a1e7824bbff17e1f016659d18b4a559 for details) + -realtime mlock= (use -overcommit mem-lock- instead) -spice password=string (use password-string option instead) -writeconfig (no replacement - never really worked right) + -share and noshare must be replaced by share=on/share=off + -nodelay must be replaced by nodelay=on rather than delay=off + -object-add options opened=on and loaded=on (both had no effect) - These previously supported command line options are no longer supported: - + -device ide-drive (use ide-hd or ide-cd instead) + -device scsi-disk (use scsi-hd or scsi-cd instead) - These previously supported command line options are no longer recognized: -balloon (use -device virtio-balloon instead) @@ -193,7 +197,9 @@ Deprecated, Superseded, Modified and Dropped Features -display sdl -no-frame -nodefconfig (use -no-user-config instead) + -realtime ... -sdl + -show-cursor -virtioconsole (use -device virtconsole instead) - The previously unsupported machine type xlnx-ep108 is no longer recognized @@ -210,22 +216,29 @@ Deprecated, Superseded, Modified and Dropped Features - This previously unsupported command line option is now deprecated: -soundhw (use -device ... instead) - -tb-size - These previously unsupported command line options are no longer recognized: -bt -device at24c-eeprom -device mmio_interface -device ssi-sd + -device tpm-tis-device + -device u2f-passthru -device vhost-user-vsock-pci-transitional -device vhost-vsock-pci-transitional -device virtio-iommu-pci-transitional -enable-hax + -tb-size -tdf -xen-create - These previously supported QMP commands are now deprecated: + + +- These previously supported QMP commands are no longer recognized: + block_passwd change (use blockdev-change-medium or change-vnc-password instead) + cpu-add (use device_add instead) migrate-set-cache-size (use migrate-set-parameters instead) migrate_set_downtime (use migrate-set-parameters instead) migrate_set_speed (use migrate-set-parameters instead) @@ -233,29 +246,29 @@ Deprecated, Superseded, Modified and Dropped Features query-events query-migrate-cache-size (use query-migrate-parameters instead) -- This previously supported QMP command is no longer recognized: - cpu-add (use device_add instead) - - These previously supported monitor commands are now deprecated: change - migrate_set_downtime - migrate_set_speed - These previously supported monitor commands are no longer recognized: + block_passwd ... cpu-add (use device_add instead) + migrate_set_cache_size + migrate_set_downtime + migrate_set_speed pci_add (use device_add instead) pci_del (use device_del instead) usb_add (use device_add instead) usb_del (use device_del instead) - These previously unsupported monitor command are now deprecated: + + +- These previously unsupported monitor commands are no longer recognized: acl_add ... acl_policy ... acl_remove ... acl_reset ... acl_show ... - -- These previously unsupported monitor commands are no longer recognized: host_net_add host_net_remove @@ -298,6 +311,7 @@ QEMU Command-Line and Monitor Syntax and Support - The following command line options are supported: -accel ... + -action ... -add-fd ... -alt-grab -append ... @@ -307,7 +321,8 @@ QEMU Command-Line and Monitor Syntax and Support -blockdev ... -boot ... -cdrom ... - -chardev .. + -chardev ... + -compat ... -cpu host -ctrl-grab -d ... @@ -338,7 +353,7 @@ QEMU Command-Line and Monitor Syntax and Support virtio-scsi-pci-transitional|virtio-serial-pci-non-transitional| virtio-serial-pci-transitional|vhost-user-fs-pci|vhost-user-gpu| vhost-user-pci-pci|vhost-user-input|vhost-user-input-pci| - vhost-user-vga|virtio-mmio] + vhost-user-vga|virtio-mmio|guest-loader|nvme-subsys|pvpanic-pci] (the following are aliases of these supported devices: ahci| virtio-blk|virtio-net|virtio-serial|virtio-balloon| virtio-9p| virtio-input-host|virtio-keyboard|virtio-mouse|virtio-tablet| @@ -368,8 +383,8 @@ QEMU Command-Line and Monitor Syntax and Support -kernel ... -loadvm ... -m ... - -M [help|?|none|virt|virt-2.6|virt-2.11|virtio-3.1|virt-4.2|virt-5.2] - -machine [help|?|none|virt|virt-2.6|virt-2.11|virt-3.1|virt-4.2|virt-5.2] + -M [help|?|none|virt-2.6|virt-2.11|virtio-3.1|virt-4.2|virt-5.2] + -machine [help|?|none|virt-2.6|virt-2.11|virt-3.1|virt-4.2|virt-5.2] -mem-path ... -mem-prealloc -mon ... @@ -398,7 +413,6 @@ QEMU Command-Line and Monitor Syntax and Support -qmp ... -qmp-pretty ... -readconfig ... - -realtime ... -rtc ... -runas ... -s @@ -406,7 +420,6 @@ QEMU Command-Line and Monitor Syntax and Support -sandbox ... -seed ... -serial ... - -show-cursor -smbios ... -smp ... -spice @@ -414,7 +427,7 @@ QEMU Command-Line and Monitor Syntax and Support -trace ... -usb -usbdevice [braile|disk|host|mouse|net|serial|tablet] - -uuid .. + -uuid ... -version -vga [none|qxl|std|virtio] -virtfs ... @@ -465,11 +478,8 @@ QEMU Command-Line and Monitor Syntax and Support migrate_incoming migrate_pause migrate_recover ... - migrate_set_cache_size ... migrate_set_capability ... - migrate_set_downtime ... migrate_set_parameter ... - migrate_set_speed ... migrate_start_post_copy mouse_button ... mouse_move ... @@ -529,13 +539,11 @@ QEMU Command-Line and Monitor Syntax and Support block-export-add block-export-del block-latency-histogram-set - block_passwd block_resize block_set_io_throttle block-set-write-threshold block_stream calc-dirty-rate - change change-vnc-password chardev-add chardev-change @@ -548,6 +556,7 @@ QEMU Command-Line and Monitor Syntax and Support device_add device_del device-list-properties + display-reload dump-guest-memory eject expire_password @@ -568,10 +577,7 @@ QEMU Command-Line and Monitor Syntax and Support migrate-incoming migrate-pause migrate-resume - migrate-set-cache-size migrate-set-capabilities - migrate_set_downtime - migrate_set_speed migrate-set-parameters migrate-start-postcopy object-add @@ -594,14 +600,12 @@ QEMU Command-Line and Monitor Syntax and Support query-commands query-cpu-definitions query-cpu-model-expansion - query-cpus query-cpus-fast query-current-machine query-display-options query-dirty-rate query-dump query-dump-guest-memory-capability - query-events query-fdsets query-gic-capabilities query-hotpluggable-cpus @@ -614,7 +618,6 @@ QEMU Command-Line and Monitor Syntax and Support query-memory-size-summary query-mice query-migrate - query-migrate-cache-size query-migrate-capabilities query-migrate-parameters query-name @@ -637,6 +640,7 @@ QEMU Command-Line and Monitor Syntax and Support query-version query-vnc query-vnc-servers + query-yank query-xen-replication-status quit remove-fd @@ -644,8 +648,12 @@ QEMU Command-Line and Monitor Syntax and Support ringbuf-write screendump send-key + set-action set_link set_password + snapshot-delete + snapshot-load + snapshot-save stop system_powerdown system_reset @@ -654,6 +662,7 @@ QEMU Command-Line and Monitor Syntax and Support trace-event-set-state transaction watchdog-set-action + yank - The following command line options are unsupported: @@ -668,7 +677,7 @@ QEMU Command-Line and Monitor Syntax and Support allwinner-emac|amd-iommu|AMDVI-PCI|arm1026-arm-cpu|arm1136-arm-cpu| arm1136-r2-arm-cpu|arm1176-arm-cpu|arm11mpcore-arm-cpu| arm11mpcore_priv|arm11-scu|arm926-arm-cpu|arm946-arm-cpu| - ARMbitband-memory|arm.cortex-a9-global-timer|arm_gic|arm-gicv2m| + arm.cortex-a9-global-timer|arm_gic|arm-gicv2m| arm_mptimer|armv7m_nvic|aspeed.timer|aspeed.vic|ast2400| at25128a-nonjedec|at25256a-nonjedec|at25df041a|at25df321a|at25df641| at25fs010|at25fs040|at26df081a|at26df161a|at26df321|at26f004| @@ -684,7 +693,7 @@ QEMU Command-Line and Monitor Syntax and Support en25q64|exynos4210.combiner|exynos4210-ehci-usb|exynos4210.fimd| exynos4210.gic|exynos4210.i2c|exynos4210.irq_gate|exynos4210.mct| exynos4210.pmu|exynos4210.pwm|exynos4210.rtc|exynos4210.uart|floppy| - fsl,imx6ul|fslimx25|fslimx31|fusbh200-ehci-usb|fw_cfg|gd25q32|gd25q64| + fslimx25|fslimx31|fusbh200-ehci-usb|fw_cfg|gd25q32|gd25q64| gpex-pcihost|gpex-root|gpio_i2c|gpio-key|gus|hyperv-testdev| highbank-regs|host-arm-cpu|*-i386-cpu|i8042|ib700|icp-ctrl-regs| igd-passthrough-isa-bridge|imx25.ccm|imx31.ccm|imx6.ccm|imx.avic| @@ -743,13 +752,16 @@ QEMU Command-Line and Monitor Syntax and Support allwinner-rtc-sun4i|allwinner-rtc-sun6i|allwinner-rtc-sun7i| allwinner-sdhost-sun4i|allwinner-sdhost-sun5i|allwinner-sid| allwinner-sun8i-emac|imx.rngc|imx.usbphy|serial|serial-io| - stm32f405-soc|stm32f4xx-exti|stm32f4xx-syscfg|tpm-tis-device|nvdimm| + stm32f405-soc|stm32f4xx-exti|stm32f4xx-syscfg|nvdimm| vhost-user-vsock-device|vhost-user-vsock-pci| vhost-user-vsock-pci-non-transitional|nvme-ns|ads7846|led|ssd0323| vhost-user-vga|ctucan_pci|bcm2835-cprman-clock-mux| bcm2835-cprman-cprman-dsi0hsck-mux|bcm2835-cprman-cprman-pll| bcm2835-cprman-cprman-pll-channel|mt25ql512ab|mx66l5123f|n25q512ax3| - ssd0323|u2f-passthru] + ssd0323|at24c-eeprom|emc1413|emc1414|is25lp016d|is25lp032|is25lp064| + is25lp080d|is25lp128|is25lp256|is25lq040b|is25wp032|is25wp064| + is25wp128|is25wp256|npcm7xx-clock-divider|npcm7xx-clock-pll| + npcm7xx-clock-sel] (the following are aliases of these unsupported devices: lsi| piix3-usb-uhci) (note that some of these device names represent supported devices and @@ -771,34 +783,36 @@ QEMU Command-Line and Monitor Syntax and Support -L ... -M - [akita|ast2500-evb|ast2600-evb|borzoi|canon-a1100|cheetah|collie|connex| - cubieboard|highbank|imx25-pdk|integratorcp|kzm|lm3s6965evb|lm3s811evb| - mainstone|mcimx6ul-evk|mcimx7d-sabre|microbit|midway|mps2-an385|mps2-an386| - mps2-an500|mps2-an505|mps2-an511|mps2-an521|musca-a|musca-b1|musicpal|n800| - n810|netduino2|netduinoplus2|npcm750-evb|nuri|orangepi-pc|palmetto-bmc| - quanta-gsj|raspi0|raspi1ap|raspi2|raspi2b|raspi3|raspi3ap|raspi3b| - realview-eb|realview-eb-mpcore|realview-pb-a8|realview-pbx-a9|romulus-bmc| - sabrelite|sbsa-ref|smdkc210|sonorapass-bmc|spitz|supermicrox11-bmc| - swift-bmc|sx1|sx1-v1|tacoma-bmc|terrier|tosa|verdex|versatileab| - versatilepb|vexpress-a15|vexpress-a9|virt-2.7|virt-2.8|virt-2.12|virt-3.0| - virt-4.0|virt-4.1|virt-5.0|virt-5.1|witherspoon-bmc|xilinx-zynq-a9| - xlnx-versal-virt|xlnx-zcu102|z2] + [virt|akita|ast2500-evb|ast2600-evb|borzoi|canon-a1100|cheetah|collie| + connex|cubieboard|g220a-bmc|highbank|imx25-pdk|integratorcp|kzm| + lm3s6965evb|lm3s811evb|mainstone|mcimx6ul-evk|mcimx7d-sabre|microbit| + midway|mps2-an385|mps2-an386|mps2-an500|mps2-an505|mps2-an511|mps2-an521| + mps3-an524|mps3-an547|musca-a|musca-b1|musicpal|n800|n810|netduino2| + netduinoplus2|npcm750-evb|nuri|orangepi-pc|palmetto-bmc|quanta-gsj|raspi0| + raspi1ap|raspi2|raspi2b|raspi3|raspi3ap|raspi3b|realview-eb| + realview-eb-mpcore|realview-pb-a8|realview-pbx-a9|romulus-bmc|sabrelite| + sbsa-ref|smdkc210|sonorapass-bmc|spitz|supermicrox11-bmc|swift-bmc|sx1| + sx1-v1|tacoma-bmc|terrier|tosa|verdex|versatileab|versatilepb|vexpress-a15| + vexpress-a9|virt-2.7|virt-2.8|virt-2.12|virt-3.0|virt-4.0|virt-4.1| + virt-5.0|virt-5.1|virt-6.0|witherspoon-bmc|xilinx-zynq-a9|xlnx-versal-virt| + xlnx-zcu102|z2] -machine - [akita|ast2500-evb|ast2600-evb|borzoi|canon-a1100|cheetah|collie| - connex|cubieboard|highbank|imx25-pdk|integratorcp|kzm|lm3s6965evb| - lm3s811evb|mainstone|mcimx6ul-evk|mcimx7d-sabre|microbit|midway| - mps2-an385|mps2-an386|mps2-an500|mps2-an521|mps2-an505|mps2-an511| - musca-a|musca-b1|musicpal|n800|n810|netduino2|netduinoplus2| - npcm750-evb|nuri|orangepi-pc|palmetto-bmc|quanta-gsj|raspi0|raspi1ap| - raspi2|raspi2b|raspi3|raspi3ap|raspi3b|realview-eb| - realview-eb-mpcore|realview-pb-a8|realview-pbx-a9|romulus-bmc| - sabrelite|sbsa-ref|smdkc210|sonorapass-bmc|spitz|supermicrox11-bmc| - swift-bmc|sx1|sx1-v1|tacoma-bmc|terrier|tosa|verdex|versatileab| - versatilepb|vexpress-a15|vexpress-a9|virt-2.7|virt-2.8|virt-2.12| - virt-3.0|virt-4.0|virt-4.1|virt-5.0|virt-5.1|witherspoon-bmc| - xilinx-zynq-a9|xlnx-versal-virt|xlnx-zcu102|z2] + [virt|akita|ast2500-evb|ast2600-evb|borzoi|canon-a1100|cheetah| + collie|connex|cubieboard|g220a-bmc|highbank|imx25-pdk|integratorcp| + kzm|lm3s6965evb|lm3s811evb|mainstone|mcimx6ul-evk|mcimx7d-sabre| + microbit|midway|mps2-an385|mps2-an386|mps2-an500|mps2-an521| + mps2-an505|mps2-an511|mps3-an524|mps3-an547|musca-a|musca-b1| + musicpal|n800|n810|netduino2|netduinoplus2|npcm750-evb|nuri| + orangepi-pc|palmetto-bmc|quanta-gsj|raspi0|raspi1ap|raspi2|raspi2b| + raspi3|raspi3ap|raspi3b|realview-eb|realview-eb-mpcore| + realview-pb-a8|realview-pbx-a9|romulus-bmc|sabrelite|sbsa-ref| + smdkc210|sonorapass-bmc|spitz|supermicrox11-bmc|swift-bmc|sx1|sx1-v1| + tacoma-bmc|terrier|tosa|verdex|versatileab|versatilepb|vexpress-a15| + vexpress-a9|virt-2.7|virt-2.8|virt-2.12|virt-3.0|virt-4.0|virt-4.1| + virt-5.0|virt-5.1|virt-6.0|witherspoon-bmc|xilinx-zynq-a9| + xlnx-versal-virt|xlnx-zcu102|z2] -mtdblock file -net [dump|socket|vde] ... @@ -827,7 +841,6 @@ QEMU Command-Line and Monitor Syntax and Support -singlestep -snapshot -soundhw ... - -tb-size ... -tpmdev emulator ... -vga [cg3|tcx|virtio|cirrus|xenfb] -win2k-hack @@ -836,17 +849,11 @@ QEMU Command-Line and Monitor Syntax and Support -xen-domid-restrict ... - The following monitor commands are unsupported: - acl_add ... - acl_policy ... - acl_remove ... - acl_reset ... - acl_show ... block_job_cancel ... block_job_complete ... block_job_pause ... block_job_resume ... block_job_set_speed ... - block_passwd ... commit ... drive_mirror ... exit_preconfig diff --git a/supported.ppc.txt b/supported.ppc.txt index 46e21c2e..a9842c9b 100644 --- a/supported.ppc.txt +++ b/supported.ppc.txt @@ -1,5 +1,6 @@ [qemu-ppc package document] -SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS +POST SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS +==================================================== QEMU/KVM on ppc is not supported. diff --git a/supported.s390.txt b/supported.s390.txt index a899eb74..306e1131 100644 --- a/supported.s390.txt +++ b/supported.s390.txt @@ -1,6 +1,7 @@ [qemu-s390 package document] -SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS +POST SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS +==================================================== Overview -------- @@ -138,13 +139,14 @@ Noteworthy QEMU/KVM Unsupported Features Deprecated, Superseded, Modified and Dropped Features ----------------------------------------------------- -- http://wiki.qemu-project.org/Features/LegacyRemoval - This website tracks feature deprecation and removal at the upstream +- http://wiki.qemu-project.org/Features/LegacyRemoval and + https://qemu-project.gitlab.io/qemu/system/deprecated.html + These websites track features deprecation and removal at the upstream development level. Our qemu package inherits this community direction, but be aware that we can and will deviate as needed. Those deviations and additional information can be found in this section. Feature deprecation as well as - removed features are also tracked in the "QEMU System Emulator User's Guide" - section of the documentation installed with the qemu package. + removed features are also tracked in the "System Emulation" section of the + documentation installed with the qemu package. - The use of "?" as a parameter to "-cpu", "-soundhw", "-device", "-M", "-machine" and "-d" is now considered deprecated. Use "help" @@ -166,15 +168,17 @@ Deprecated, Superseded, Modified and Dropped Features acpitable, boot, and smp respectively. - These previously supported command line options are now considered deprecated: - -device virtio-blk,scsi= (use virtio-scsi instead) - -device virtio-blk-pci,scsi= (use virtio-scsi instead) - -realtime mlock= (use -overcommit mem-lock= instead) - (the following are early notices of deprecation in a future qemu version) -chardev tty (use serial name instead) -chardev paraport (use parallel name instead) + -device virtio-blk,scsi= (use virtio-scsi instead) + -device virtio-blk-pci,scsi= (use virtio-scsi instead) -enable-fips (not really helpful - see https://git.qemu.org/?p=qemu.git;a=commit;h=166310299a1e7824bbff17e1f016659d18b4a559 for details) + -realtime mlock= (use -overcommit mem-lock= instead) -spice password=string (use password-string option instead) -writeconfig (no replacement - never really worked right) + -share and noshare must be replaced by share=on/share=off + -nodelay must be replaced by nodelay=on rather than delay=off + -object-add options opened=on and loaded=on (both had no effect) - These previously supported command line options are no longer supported: @@ -188,7 +192,9 @@ Deprecated, Superseded, Modified and Dropped Features -display sdl -no-frame -nodefconfig (use -no-user-config instead) + -realtime ... -sdl + -show-cursor -virtioconsole (use -device virtconsole instead) - Specifying a cpu feature with both "+feature/-feature" and "feature=on/off" @@ -202,23 +208,28 @@ Deprecated, Superseded, Modified and Dropped Features - These previously unsupported command line options are now deprecated: -bt - -device ide-drive (use ide-hd or ide-cd) - -device scsi-disk (use scsi-hd or scsi-cd) -soundhw (use -device ... instead) - -tb-size - These previously unsupported command line options are no longer recognized: + -device ide-drive (use ide-hd or ide-cd) -device mmio_interface -device ramfb + -device scsi-disk (use scsi-hd or scsi-cd) -device vhost-user-vsock-pci-transitional -device vhost-vsock-pci-transitional -device virtio-iommu-pci-transitional -enable-hax + -tb-size -tdf -xen-create - These previously supported QMP commands are now deprecated: + + +- These previously supported QMP commands are no longer recognized: + block_passwd change (use blockdev-change-medium or change-vnc-password instead) + cpu-add (use device_add instead) migrate-set-cache-size (use migrate-set-parameters instead) migrate_set_downtime (use migrate-set-parameters instead) migrate_set_speed (use migrate-set-parameters instead) @@ -226,27 +237,27 @@ Deprecated, Superseded, Modified and Dropped Features query-events query-migrate-cache-size (use query-migrate-parameters instead) -- This previously supported QMP command is no longer recognized: - cpu-add (use device_add instead) - - These previously supported monitor commands are now deprecated: change - migrate_set_downtime - migrate_set_speed - These previously supported monitor commands are no longer recognized: + block_passwd cpu-add (use device_add instead) + migrate_set_cache_size + migrate_set_downtime + migrate_set_speed pci_add (use device_add instead) pci_del (use device_del instead) - These previously unsupported monitor command are now deprecated: + + +- These previously unsupported monitor commands are no longer recognized: acl_add ... acl_policy ... acl_remove ... acl_reset ... acl_show ... - -- These previously unsupported monitor commands are no longer recognized: host_net_add host_net_remove usb_add @@ -291,6 +302,7 @@ QEMU Command-Line and Monitor Syntax and Support - The following command line options are supported: -accel ... + -action ... -add-fd ... -alt-grab -append ... @@ -300,7 +312,8 @@ QEMU Command-Line and Monitor Syntax and Support -blockdev ... -boot ... -cdrom ... - -chardev .. + -chardev ... + -compat ... -cpu host -ctrl-grab -d ... @@ -310,13 +323,13 @@ QEMU Command-Line and Monitor Syntax and Support [virtio-net-pci|virtio-blk-pci|virtio-balloon-pci|virtserialport| virtconsole|virtio-serial-pci|virtio-scsi-pci|scsi-cd|scsi-hd| - scsi-generic|scsi-disk|scsi-block|virtio-rng-pci|pci-bridge| - megasas-gen2|e1000e|e1000|zpci|virtio-gpu-ccw|virtio-keyboard-ccw| - vhost-user-blk-pci|vhost-user-scsi|vhost-user-scsi-pci| - vhost-vsock-ccw|virtio-balloon-ccw|virtio-blk-ccw|vhost-scsi-ccw| - vhost-user-blk|virtio-crypto-ccw|virtio-net-ccw|virtio-rng-ccw| - virtio-scsi-ccw|virtio-serial-ccw|virtio-mouse-ccw|virtio-tablet-ccw| - vfio-pci|virtio-vga|vhost-scsi-pci-non-transitional| + scsi-generic|scsi-block|virtio-rng-pci|pci-bridge|megasas-gen2|e1000e| + e1000|zpci|virtio-gpu-ccw|virtio-keyboard-ccw|vhost-user-blk-pci| + vhost-user-scsi|vhost-user-scsi-pci|vhost-vsock-ccw| + virtio-balloon-ccw|virtio-blk-ccw|vhost-scsi-ccw|vhost-user-blk| + virtio-crypto-ccw|virtio-net-ccw|virtio-rng-ccw|virtio-scsi-ccw| + virtio-serial-ccw|virtio-mouse-ccw|virtio-tablet-ccw|vfio-pci| + virtio-vga|vhost-scsi-pci-non-transitional| vhost-scsi-pci-transitional|vhost-user-blk-pci-non-transitional| vhost-user-blk-pci-transitional|vhost-user-scsi-pci-non-transitional| vhost-user-scsi-pci-transitional|vhost-vsock-pci-non-transitional| @@ -362,13 +375,12 @@ QEMU Command-Line and Monitor Syntax and Support -m ... -M - [help|?|none|s390-ccw-virtio|s390-ccw-virtio-2.6|s390-ccw-virtio-2.9| - s390-ccw-virtio-2.11|s390-ccw-virtio-3.1|s390-ccw-virtio-4.2| - s390-ccw-virtio-5.2] + [help|?|none|s390-ccw-virtio-2.6|s390-ccw-virtio-2.9|s390-ccw-virtio-2.11| + s390-ccw-virtio-3.1|s390-ccw-virtio-4.2|s390-ccw-virtio-5.2] -machine - [help|?|none|s390-ccw-virtio|s390-ccw-virtio-2.6|s390-ccw-virtio-2.9| + [help|?|none|s390-ccw-virtio-2.6|s390-ccw-virtio-2.9| s390-ccw-virtio-2.11|s390-ccw-virtio-3.1|s390-ccw-virtio-4.2| s390-ccw-virtio-5.2] @@ -399,7 +411,6 @@ QEMU Command-Line and Monitor Syntax and Support -qmp ... -qmp-pretty ... -readconfig ... - -realtime ... -rtc ... -runas ... -s @@ -407,10 +418,9 @@ QEMU Command-Line and Monitor Syntax and Support -sandbox ... -seed ... -serial ... - -show-cursor -smp ... -trace ... - -uuid .. + -uuid ... -version -vga [none|qxl|std] -virtfs ... @@ -461,11 +471,8 @@ QEMU Command-Line and Monitor Syntax and Support migrate_incoming migrate_pause migrate_recover ... - migrate_set_cache_size ... migrate_set_capability ... - migrate_set_downtime ... migrate_set_parameter ... - migrate_set_speed ... migrate_start_post_copy mouse_button ... mouse_move ... @@ -525,13 +532,11 @@ QEMU Command-Line and Monitor Syntax and Support block-export-add block-export-del block-latency-histogram-set - block_passwd block_resize block_set_io_throttle block-set-write-threshold block_stream calc-dirty-rate - change change-vnc-password chardev-add chardev-change @@ -544,6 +549,7 @@ QEMU Command-Line and Monitor Syntax and Support device_add device_del device-list-properties + display-reload dump-guest-memory eject expire_password @@ -564,10 +570,7 @@ QEMU Command-Line and Monitor Syntax and Support migrate-incoming migrate-pause migrate-resume - migrate-set-cache-size migrate-set-capabilities - migrate_set_downtime - migrate_set_speed migrate-set-parameters migrate-start-postcopy object-add @@ -592,14 +595,12 @@ QEMU Command-Line and Monitor Syntax and Support query-cpu-model-baseline query-cpu-model-comparison query-cpu-model-expansion - query-cpus query-cpus-fast query-current-machine query-dirty-rate query-display-options query-dump query-dump-guest-memory-capability - query-events query-fdsets query-gic-capabilities query-hotpluggable-cpus @@ -612,7 +613,6 @@ QEMU Command-Line and Monitor Syntax and Support query-memory-size-summary query-mice query-migrate - query-migrate-cache-size query-migrate-capabilities query-migrate-parameters query-name @@ -632,6 +632,7 @@ QEMU Command-Line and Monitor Syntax and Support query-version query-vnc query-vnc-servers + query-yank query-xen-replication-status quit remove-fd @@ -639,8 +640,12 @@ QEMU Command-Line and Monitor Syntax and Support ringbuf-write screendump send-key + set-action set_link set_password + snapshot-delete + snapshot-load + snapshot-save stop system_powerdown system_reset @@ -649,6 +654,7 @@ QEMU Command-Line and Monitor Syntax and Support trace-event-set-state transaction watchdog-set-action + yank - The following command line options are unsupported: @@ -706,7 +712,7 @@ QEMU Command-Line and Monitor Syntax and Support virtio-iommu-device|virtio-iommu-pci| virtio-iommu-pci-non-transitional|vhost-user-vsock-device| vhost-user-vsock-pci|vhost-user-vsock-pci-non-transitional| - vhost-user-fs-ccw] + vhost-user-fs-ccw|guest-loader] (the following are aliases of these unsupported devices: lsi| ahci|e1000-82540em|vfio-ccw) (note that some of these device names represent supported devices and @@ -728,17 +734,19 @@ QEMU Command-Line and Monitor Syntax and Support -L ... -M - [s390-ccw-virtio-2.4|s390-ccw-virtio-2.5|s390-ccw-virtio-2.7| - s390-ccw-virtio-2.8|s390-ccw-virtio-2.10|s390-ccw-virtio-2.12| - s390-ccw-virtio-3.0|s390-ccw-virtio-4.0|s390-ccw-virtio-4.1| - s390-ccw-virtio-5.0|s390-ccw-virtio-5.1] + [s390-ccw-virtio|s390-ccw-virtio-2.4|s390-ccw-virtio-2.5| + s390-ccw-virtio-2.7|s390-ccw-virtio-2.8|s390-ccw-virtio-2.10| + s390-ccw-virtio-2.12|s390-ccw-virtio-3.0|s390-ccw-virtio-4.0| + s390-ccw-virtio-4.1|s390-ccw-virtio-5.0|s390-ccw-virtio-5.1| + s390-ccw-virtio-6.0] -machine - [s390-ccw-virtio-2.4|s390-ccw-virtio-2.5|s390-ccw-virtio-2.7| - s390-ccw-virtio-2.8|s390-ccw-virtio-2.10|s390-ccw-virtio-2.12| - s390-ccw-virtio-3.0|s390-ccw-virtio-4.0|s390-ccw-virtio-4.1| - s390-ccw-virtio-5.0|s390-ccw-virtio-5.1] + [s390-ccw-virtio|s390-ccw-virtio-2.4|s390-ccw-virtio-2.5| + s390-ccw-virtio-2.7|s390-ccw-virtio-2.8|s390-ccw-virtio-2.10| + s390-ccw-virtio-2.12|s390-ccw-virtio-3.0|s390-ccw-virtio-4.0| + s390-ccw-virtio-4.1|s390-ccw-virtio-5.0|s390-ccw-virtio-5.1| + s390-ccw-virtio-6.0] -mtdblock file -net [dump|socket|vde] ... @@ -770,7 +778,6 @@ QEMU Command-Line and Monitor Syntax and Support -snapshot -soundhw ... -spice - -tb-size ... -tdf -tpmdev emulator ... -tpmdev passthrough ... @@ -783,17 +790,11 @@ QEMU Command-Line and Monitor Syntax and Support -xen-domid-restrict ... - The following monitor commands are unsupported: - acl_add ... - acl_policy ... - acl_remove ... - acl_reset ... - acl_show ... block_job_cancel ... block_job_complete ... block_job_pause ... block_job_resume ... block_job_set_speed ... - block_passwd ... commit ... drive_mirror ... exit_preconfig diff --git a/supported.x86.txt b/supported.x86.txt index fe1165ef..e595cc5e 100644 --- a/supported.x86.txt +++ b/supported.x86.txt @@ -1,6 +1,7 @@ [qemu-x86 package document] -SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS +POST SLES 15 SP3 QEMU/KVM RELATED SUPPORT STATEMENTS +==================================================== Overview -------- @@ -161,13 +162,14 @@ Noteworthy QEMU/KVM Unsupported Features Deprecated, Superseded, Modified and Dropped Features ----------------------------------------------------- -- http://wiki.qemu-project.org/Features/LegacyRemoval - This website tracks feature deprecation and removal at the upstream +- http://wiki.qemu-project.org/Features/LegacyRemoval and + https://qemu-project.gitlab.io/qemu/system/deprecated.html + These websites track feature deprecation and removal at the upstream development level. Our qemu package inherits this community direction, but be aware that we can and will deviate as needed. Those deviations and additional information can be found in this section. Feature deprecation as well as - removed features are also tracked in the "QEMU System Emulator User's Guide" - section of the documentation installed with the qemu package. + removed features are also tracked in the "System Emulation" section of the + documentation installed with the qemu package. - When no video adapter is specified, the default used is stdvga. This differs from the default of prior releases which was cirrus. The cirrus adapter was @@ -207,21 +209,22 @@ Deprecated, Superseded, Modified and Dropped Features versions. - These previously supported command line options are now considered deprecated: - -device ide-drive (use ide-hd or ide-cd instead) - -device scsi-disk (use scsi-hd or scsi-cd instead) - -device virtio-blk,scsi= (use virtio-scsi instead) - -device virtio-blk-pci,scsi= (use virtio-scsi instead) - -realtime mlock= (use -overcommit mem-lock= instead) - (the following are early notices of deprecation in a future qemu version) -M option kernel-irqchip=off -chardev tty (use serial name instead) -chardev paraport (use parallel name instead) + -device virtio-blk,scsi= (use virtio-scsi instead) + -device virtio-blk-pci,scsi= (use virtio-scsi instead) -enable-fips (not really helpful - see https://git.qemu.org/?p=qemu.git;a=commit;h=166310299a1e7824bbff17e1f016659d18b4a559 for details) + -realtime mlock= (use -overcommit mem-lock= instead) -spice password=string (use password-string option instead) -writeconfig (no replacement - never really worked right) + -share and noshare must be replaced by share=on/share=off + -nodelay must be replaced by nodelay=on rather than delay=off + -object-add options opened=on and loaded=on (both had no effect) - These previously supported command line options are no longer supported: - + -device ide-drive (use ide-hd or ide-cd instead) + -device scsi-disk (use scsi-hd or scsi-cd instead) - The previously supported machine types pc-0.12, pc-0.14 and pc-0.15 are no longer recognized. Switch to a newer machine type. @@ -235,7 +238,9 @@ Deprecated, Superseded, Modified and Dropped Features -display sdl -no-frame -nodefconfig (use -no-user-config instead) + -realtime ... -sdl + -show-cursor -virtioconsole (use -device virtconsole instead) - Specifying a cpu feature with both "+feature/-feature" and "feature=on/off" @@ -244,17 +249,16 @@ Deprecated, Superseded, Modified and Dropped Features so that "+feature" and "-feature" will be synonyms for "feature=on" and "feature=off" respectively. +- The case of specified sockets, cores, and threads not matching the vcpu count + is no longer silently ignored. QEMU now requires that the topology match the + vcpu count. + - The previously supported blkdev-add QMP command has been flagged as lacking and could possibly change syntax in the future. - These previously unsupported command line options are now deprecated: -no-kvm-pit -soundhw (use -device ... instead) - -tb-size - -- The case of specified sockets, cores, and threads not matching the vcpu count - is no longer silently ignored. QEMU now requires that the topology match the - vcpu count. - These previously unsupported command line options are no longer recognized: -bt @@ -294,17 +298,20 @@ Deprecated, Superseded, Modified and Dropped Features -pcidevice (use -device vfio-pci instead) -qtest -semihosting + -tb-size -tdf (note: mistakenly listed previously as supported) -xen-create -- The previously unsupported machine types pc-1.0, pc-1.1, pc-1.2 and pc-1.3 are - now deprecated. - -- The previously unsupported machine types pc-0.10, pc-0.13, pc-0.14 and - pc-0.11 are no longer recognized. +- The previously unsupported machine types pc-0.10, pc-0.11, pc-0.13, + pc-1.0, pc-1.1, pc-1.2 and pc-1.3 are are no longer recognized. - These previously supported QMP commands are now deprecated: + + +- These previously supported QMP commands are no longer recognized: + block_passwd change (use blockdev-change-medium or change-vnc-password instead) + cpu-add (use device_add instead) migrate-set-cache-size (use migrate-set-parameters instead) migrate_set_downtime (use migrate-set-parameters instead) migrate_set_speed (use migrate-set-parameters instead) @@ -312,30 +319,30 @@ Deprecated, Superseded, Modified and Dropped Features query-events query-migrate-cache-size (use query-migrate-parameters instead) -- This previously supported QMP command is no longer recognized: - cpu-add (use device_add instead) - - These previously supported monitor commands are now deprecated: change - migrate_set_downtime - migrate_set_speed - These previously supported monitor commands are no longer recognized: - cpu-add (use device_add instead) + block_passwd + cpu-add cpu_set + migrate_set_cache_size + migrate_set_downtime + migrate_set_speed pci_add (use device_add instead) pci_del (use device_del instead) usb_add (use device_add instead) usb_del (use device_del instead) - These previously unsupported monitor command are now deprecated: + + +- These previously unsupported monitor commands are no longer recognized: acl_add ... acl_policy ... acl_remove ... acl_reset ... acl_show ... - -- These previously unsupported monitor commands are no longer recognized: host_net_add host_net_remove @@ -390,6 +397,7 @@ QEMU Command-Line and Monitor Syntax and Support - The following command line options are supported: -accel ... + -action ... -add-fd ... -alt-grab -append ... @@ -399,7 +407,8 @@ QEMU Command-Line and Monitor Syntax and Support -blockdev ... -boot ... -cdrom ... - -chardev .. + -chardev ... + -compat ... -cpu ... (all except host) -ctrl-grab -d ... @@ -407,19 +416,19 @@ QEMU Command-Line and Monitor Syntax and Support -debugcon ... -device - [isa-serial|isa-parallel|isa-fdc|ide-drive|ide-hd|ide-cd|VGA| - cirrus-vga|rtl8139|usb-hub|usb-ehci|usb-tablet|usb-storage|usb-mouse| - usb-kbd|virtserialport|virtconsole|sga|i82559er|scsi-cd|scsi-hd| - scsi-generic|scsi-disk|scsi-block|pci-serial|pci-serial-2x| - pci-serial-4x|ich9-ahci|piix3-usb-uhci|usb-host|usb-serial| - usb-wacom-tablet|usb-braille|usb-net|pci-ohci|piix4-usb-uhci|i6300esb| - ib700|qxl|qxl-vga|pvpanic|vfio-pci|ivshmem-doorbell|ivshmem-plain| - pci-bridge|megasas-gen2|pc-dimm|floppy|e1000e|ccid-card-emulated| - ccid-card-passthrough|xen-backend|loader|e1000-82540em|vmgenid| - vmcoreinfo|pcie-pci-bridge|ich9-usb-ehci1|ich9-usb-ehci2| - ich9-usb-uhci1|ich9-usb-uhci2|ich9-usb-uhci3|ich9-usb-uhci4| - ich9-usb-uhci5|ich9-usb-uhci6|usb-redir|vhost-scsi|vhost-scsi-pci| - vhost-user-blk|vhost-user-blk-pci|vhost-user-blk-pci-non-transitional| + [isa-serial|isa-parallel|isa-fdc|ide-hd|ide-cd|VGA|cirrus-vga|rtl8139| + usb-hub|usb-ehci|usb-tablet|usb-storage|usb-mouse|usb-kbd| + virtserialport|virtconsole|sga|i82559er|scsi-cd|scsi-hd|scsi-generic| + scsi-block|pci-serial|pci-serial-2x|pci-serial-4x|ich9-ahci| + piix3-usb-uhci|usb-host|usb-serial|usb-wacom-tablet|usb-braille| + usb-net|pci-ohci|piix4-usb-uhci|i6300esb|ib700|qxl|qxl-vga|pvpanic| + vfio-pci|ivshmem-doorbell|ivshmem-plain|pci-bridge|megasas-gen2| + pc-dimm|floppy|e1000e|ccid-card-emulated|ccid-card-passthrough| + xen-backend|loader|e1000-82540em|vmgenid|vmcoreinfo|pcie-pci-bridge| + ich9-usb-ehci1|ich9-usb-ehci2|ich9-usb-uhci1|ich9-usb-uhci2| + ich9-usb-uhci3|ich9-usb-uhci4|ich9-usb-uhci5|ich9-usb-uhci6| + usb-redir|vhost-scsi|vhost-scsi-pci|vhost-user-blk| + vhost-user-blk-pci|vhost-user-blk-pci-non-transitional| vhost-user-blk-pci-transitional|vhost-user-scsi|vhost-user-scsi-pci| vhost-user-scsi-pci-non-transitional|vhost-user-pci-transitional| vhost-vsock-pci|vhost-vsock-pci-non-transitional|virtio-balloon-pci| @@ -438,11 +447,11 @@ QEMU Command-Line and Monitor Syntax and Support virtio-mouse-pci|virtio-tablet-pci|virtio-gpu-pci|virtio-crypto-pci| virtio-vga|vhost-user-fs-pci|vhost-user-gpu|vhost-user-pci-pci| vhost-user-input|vhost-user-input-pci|vhost-user-vga|virtio-mmio| - virtio-pmem|virtio-pmem-pci|mc146818rtc] + virtio-pmem|virtio-pmem-pci|mc146818rtci|nvme-subsys|guest-loader| + pvpanic-pci] (the following are aliases of these supported devices: ahci| e1000|virtio-blk|virtio-net|virtio-serial|virtio-balloon|virtio-9p| - virtio-scsi|virtio-rng|virtio-input-host|virtio-keyboard|virtio-mouse| - virtio-tablet|virtio-gpu) + virtio-scsi|virtio-rng|virtio-input-host|virtio-keyboard|virtio-mouse|virtio-tablet|virtio-gpu) -dfilter range, ... -display ... @@ -472,16 +481,16 @@ QEMU Command-Line and Monitor Syntax and Support -m ... -M - [help|?|none|pc|pc-i440fx-1.4|pc-i440fx-1.7|pc-i440fx-2.0|pc-i440fx-2.3| + [help|?|none|pc-i440fx-1.4|pc-i440fx-1.7|pc-i440fx-2.0|pc-i440fx-2.3| pc-i440fx-2.6|pc-i440fx-2.9|pc-i440fx-2.11|pc-i440fx-3.1|pc-i440fx-4.2| - pc-i440fx-5.2|q35|pc-q35-2.6|pc-q35-2.9|pc-q35-2.11|pc-q35-3.1|pc-q35-4.2| + pc-i440fx-5.2|pc-q35-2.6|pc-q35-2.9|pc-q35-2.11|pc-q35-3.1|pc-q35-4.2| pc-q35-5.2|xenfv|xenfv-4.2] -machine - [help|?|none|pc|pc-i440fx-1.4|pc-i440fx-1.7|pc-i440fx-2.0| + [help|?|none|pc-i440fx-1.4|pc-i440fx-1.7|pc-i440fx-2.0| pc-i440fx-2.3|pc-440fx-2.6|pc-i440fx-2.9|pc-i440fx-2.11| - pc-i440fx-3.1|pc-i440fx-4.2|pc-i440fx-5.2|q35|pc-q35-2.6|pc-q35-2.9| + pc-i440fx-3.1|pc-i440fx-4.2|pc-i440fx-5.2|pc-q35-2.6|pc-q35-2.9| pc-q35-2.11|pc-q35-3.1|pc-q35-4.2|pc-q35-5.2|xenfv|xenifv-4.2] -mem-path ... @@ -516,7 +525,6 @@ QEMU Command-Line and Monitor Syntax and Support -qmp ... -qmp-pretty ... -readconfig ... - -realtime ... -rtc ... -runas ... -s @@ -524,7 +532,6 @@ QEMU Command-Line and Monitor Syntax and Support -sandbox ... -seed ... -serial ... - -show-cursor -smbios ... -smp ... -spice @@ -532,7 +539,7 @@ QEMU Command-Line and Monitor Syntax and Support -trace ... -usb -usbdevice [braile|disk|host|mouse|net|serial|tablet] - -uuid .. + -uuid ... -version -vga [cirrus|none|qxl|std|xenfb] -virtfs ... @@ -586,11 +593,8 @@ QEMU Command-Line and Monitor Syntax and Support migrate_incoming migrate_pause migrate_recover ... - migrate_set_cache_size ... migrate_set_capability ... - migrate_set_downtime ... migrate_set_parameter ... - migrate_set_speed ... migrate_start_post_copy mouse_button ... mouse_move ... @@ -652,13 +656,11 @@ QEMU Command-Line and Monitor Syntax and Support block-export-add block-export-del block-latency-histogram-set - block_passwd block_resize block_set_io_throttle block-set-write-threshold block_stream calc-dirty-rate - change change-vnc-password chardev-add chardev-change @@ -671,6 +673,7 @@ QEMU Command-Line and Monitor Syntax and Support device_add device_del device-list-properties + display-reload dump-guest-memory eject expire_password @@ -691,10 +694,7 @@ QEMU Command-Line and Monitor Syntax and Support migrate-incoming migrate-pause migrate-resume - migrate-set-cache-size migrate-set-capabilities - migrate_set_downtime - migrate_set_speed migrate-set-parameters migrate-start-postcopy object-add @@ -717,14 +717,12 @@ QEMU Command-Line and Monitor Syntax and Support query-commands query-cpu-definitions query-cpu-model-expansion - query-cpus query-cpus-fast query-current-machine query-dirty-rate query-display-options query-dump query-dump-guest-memory-capability - query-events query-fdsets query-gic-capabilities query-hotpluggable-cpus @@ -737,7 +735,6 @@ QEMU Command-Line and Monitor Syntax and Support query-memory-size-summary query-mice query-migrate - query-migrate-cache-size query-migrate-capabilities query-migrate-parameters query-name @@ -763,6 +760,7 @@ QEMU Command-Line and Monitor Syntax and Support query-version query-vnc query-vnc-servers + query-yank query-xen-replication-status quit remove-fd @@ -770,9 +768,14 @@ QEMU Command-Line and Monitor Syntax and Support ringbuf-write screendump send-key + set-action set_link set_password set-numa-node + sev-inject-launch-secret + snapshot-delete + snapshot-load + snapshot-save stop system_powerdown system_reset @@ -784,6 +787,7 @@ QEMU Command-Line and Monitor Syntax and Support xen-load-devices-state xen-save-devices-state xen-set-global-dirty-log + yank - The following command line options are unsupported: @@ -840,24 +844,24 @@ QEMU Command-Line and Monitor Syntax and Support -L ... -M - [isapc|microvm|pc-1.0|pc-1.1|pc-1.2|pc-1.3|pc-i440fx-1.5|pc-i440fx-1.6| - pc-i440fx-2.1|pc-i440fx-2.2|pc-i440fx-2.4|pc-i440fx-2.5|pc-i440fx-2.7| - pc-i440fx-2.8|pc-i440fx-2.10|pc-i440fx-2.12|pc-i440fx-3.0|pc-i440fx-4.0| - pc-i440fx-4.1|pc-i440fx-5.0|pc-i440fx-5.1|pc-q35-1.4|pc-q35-1.5|pc-q35-1.6| - pc-q35-1.7|pc-q35-2.0|pc-q35-2.1|pc-q35-2.2|pc-q35-2.3|pc-q35-2.4| - pc-q35-2.5|pc-q35-2.7|pc-q35-2.8|pc-q35-2.10|pc-q35-2.12|pc-q35-3.0| - pc-q35-4.0|pc-q35-4.1|pc-q35-5.0|pc-q35-5.1] + [pc|isapc|microvm|x-remote|pc-i440fx-1.5|pc-i440fx-1.6|pc-i440fx-2.1| + pc-i440fx-2.2|pc-i440fx-2.4|pc-i440fx-2.5|pc-i440fx-2.7|pc-i440fx-2.8| + pc-i440fx-2.10|pc-i440fx-2.12|pc-i440fx-3.0|pc-i440fx-4.0|pc-i440fx-4.1| + pc-i440fx-5.0|pc-i440fx-5.1|pc-i440fx-6.0|q35|pc-q35-1.4|pc-q35-1.5| + pc-q35-1.6|pc-q35-1.7|pc-q35-2.0|pc-q35-2.1|pc-q35-2.2|pc-q35-2.3| + pc-q35-2.4|pc-q35-2.5|pc-q35-2.7|pc-q35-2.8|pc-q35-2.10|pc-q35-2.12| + pc-q35-3.0|pc-q35-4.0|pc-q35-4.1|pc-q35-5.0|pc-q35-5.1|pc-q35-6.0] -machine - [isapc|microvm|pc-1.0|pc-1.1|pc-1.2|pc-1.3|pc-i440fx-1.5| - pc-i440fx-1.6|pc-i440fx-2.1|pc-i440fx-2.2|pc-i440fx-2.4| - pc-i440fx-2.5|pc-i440fx-2.7|pc-i440fx-2.8|pc-i440fx-2.10| - pc-i440fx-2.12|pc-i440fx-3.0|pc-i440fx-4.0|pc-i440fx-4.1| - pc-i440fx-5.0|pc-i440fx-5.1|pc-q35-1.4|pc-q35-1.5|pc-q35-1.6| - pc-q35-1.7|pc-q35-2.0|pc-q35-2.1|pc-q35-2.2|pc-q35-2.3|pc-q35-2.4| - pc-q35-2.5|pc-q35-2.7|pc-q35-2.8|pc-q35-2.10|pc-q35-2.12|pc-q35-3.0| - pc-q35-4.0|pc-q35-4.1|pc-q35-5.0|pc-q35-5.1] + [pc|isapc|microvm|x-remote|pc-i440fx-1.5|pc-i440fx-1.6|pc-i440fx-2.1| + pc-i440fx-2.2|pc-i440fx-2.4|pc-i440fx-2.5|pc-i440fx-2.7| + pc-i440fx-2.8|pc-i440fx-2.10|pc-i440fx-2.12|pc-i440fx-3.0| + pc-i440fx-4.0|pc-i440fx-4.1|pc-i440fx-5.0|pc-i440fx-5.1| + pc-i440fx-6.0|q35|pc-q35-1.4|pc-q35-1.5|pc-q35-1.6|pc-q35-1.7| + pc-q35-2.0|pc-q35-2.1|pc-q35-2.2|pc-q35-2.3|pc-q35-2.4|pc-q35-2.5| + pc-q35-2.7|pc-q35-2.8|pc-q35-2.10|pc-q35-2.12|pc-q35-3.0|pc-q35-4.0| + pc-q35-4.1|pc-q35-5.0|pc-q35-5.1|pc-q35-6.0] -mtdblock file -net [dump|socket|vde] ... @@ -879,23 +883,16 @@ QEMU Command-Line and Monitor Syntax and Support -singlestep -snapshot -soundhw ... - -tb-size ... -tpmdev emulator ... -vga [cg3|tcx|virtio|vmware] -win2k-hack - The following monitor commands are unsupported: - acl_add ... - acl_policy ... - acl_remove ... - acl_reset ... - acl_show ... block_job_cancel ... block_job_complete ... block_job_pause ... block_job_resume ... block_job_set_speed ... - block_passwd ... commit ... drive_mirror ... exit_preconfig diff --git a/target-arm-Don-t-decode-insns-in-the-XSc.patch b/target-arm-Don-t-decode-insns-in-the-XSc.patch deleted file mode 100644 index 5be74019..00000000 --- a/target-arm-Don-t-decode-insns-in-the-XSc.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: Peter Maydell -Date: Fri, 8 Jan 2021 19:51:57 +0000 -Subject: target/arm: Don't decode insns in the XScale/iWMMXt space as cp insns - -Git-commit: e4d51ac6921dc861bfb3d20e4c7dcf345840a9da - -In commit cd8be50e58f63413c0 we converted the A32 coprocessor -insns to decodetree. This accidentally broke XScale/iWMMXt insns, -because it moved the handling of "cp insns which are handled -by looking up the cp register in the hashtable" from after the -call to the legacy disas_xscale_insn() decode to before it, -with the result that all XScale/iWMMXt insns now UNDEF. - -Update valid_cp() so that it knows that on XScale cp 0 and 1 -are not standard coprocessor instructions; this will cause -the decodetree trans_ functions to ignore them, so that -execution will correctly get through to the legacy decode again. - -Cc: qemu-stable@nongnu.org -Reported-by: Guenter Roeck -Signed-off-by: Peter Maydell -Reviewed-by: Richard Henderson -Tested-by: Guenter Roeck -Message-id: 20210108195157.32067-1-peter.maydell@linaro.org -Signed-off-by: Bruce Rogers ---- - target/arm/translate.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/target/arm/translate.c b/target/arm/translate.c -index 6d04ca3a8a09818cfbfba706a4c3..8089a4ff7e542204a6a1bf6f5637 100644 ---- a/target/arm/translate.c -+++ b/target/arm/translate.c -@@ -5275,7 +5275,14 @@ static bool valid_cp(DisasContext *s, int cp) - * only cp14 and cp15 are valid, and other values aren't considered - * to be in the coprocessor-instruction space at all. v8M still - * permits coprocessors 0..7. -+ * For XScale, we must not decode the XScale cp0, cp1 space as -+ * a standard coprocessor insn, because we want to fall through to -+ * the legacy disas_xscale_insn() decoder after decodetree is done. - */ -+ if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cp == 0 || cp == 1)) { -+ return false; -+ } -+ - if (arm_dc_feature(s, ARM_FEATURE_V8) && - !arm_dc_feature(s, ARM_FEATURE_M)) { - return cp >= 14; diff --git a/target-arm-Fix-MTE0_ACTIVE.patch b/target-arm-Fix-MTE0_ACTIVE.patch deleted file mode 100644 index b65cdce2..00000000 --- a/target-arm-Fix-MTE0_ACTIVE.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Richard Henderson -Date: Mon, 21 Dec 2020 12:44:26 -0800 -Subject: target/arm: Fix MTE0_ACTIVE - -Git-commit: cc97b0019bb590b9b3c2a623e9ebee48831e0ce3 - -In 50244cc76abc we updated mte_check_fail to match the ARM -pseudocode, using the correct EL to select the TCF field. -But we failed to update MTE0_ACTIVE the same way, which led -to g_assert_not_reached(). - -Cc: qemu-stable@nongnu.org -Buglink: https://bugs.launchpad.net/bugs/1907137 -Signed-off-by: Richard Henderson -Message-id: 20201221204426.88514-1-richard.henderson@linaro.org -Reviewed-by: Peter Maydell -Signed-off-by: Peter Maydell -Signed-off-by: Bruce Rogers ---- - target/arm/helper.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/target/arm/helper.c b/target/arm/helper.c -index 38cd35c049292d40df5a35854f4b..194d752763b2a74af2e4e45e0a96 100644 ---- a/target/arm/helper.c -+++ b/target/arm/helper.c -@@ -12927,7 +12927,7 @@ static uint32_t rebuild_hflags_a64(CPUARMState *env, int el, int fp_el, - if (FIELD_EX32(flags, TBFLAG_A64, UNPRIV) - && tbid - && !(env->pstate & PSTATE_TCO) -- && (sctlr & SCTLR_TCF0) -+ && (sctlr & SCTLR_TCF) - && allocation_tag_access_enabled(env, 0, sctlr)) { - flags = FIELD_DP32(flags, TBFLAG_A64, MTE0_ACTIVE, 1); - } diff --git a/target-arm-Introduce-PREDDESC-field-defi.patch b/target-arm-Introduce-PREDDESC-field-defi.patch deleted file mode 100644 index 43c0a2df..00000000 --- a/target-arm-Introduce-PREDDESC-field-defi.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: Richard Henderson -Date: Tue, 12 Jan 2021 20:26:47 -1000 -Subject: target/arm: Introduce PREDDESC field definitions - -Git-commit: b64ee454a4a086ed459bcda4c0bbb54e197841e4 - -SVE predicate operations cannot use the "usual" simd_desc -encoding, because the lengths are not a multiple of 8. -But we were abusing the SIMD_* fields to store values anyway. -This abuse broke when SIMD_OPRSZ_BITS was modified in e2e7168a214. - -Introduce a new set of field definitions for exclusive use -of predicates, so that it is obvious what kind of predicate -we are manipulating. To be used in future patches. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Richard Henderson -Message-id: 20210113062650.593824-2-richard.henderson@linaro.org -Reviewed-by: Peter Maydell -Signed-off-by: Peter Maydell -Signed-off-by: Bruce Rogers ---- - target/arm/internals.h | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/target/arm/internals.h b/target/arm/internals.h -index 5460678756d3c4e5f34abe5f6411..73698587d6b8eeffd6ccd1515e7a 100644 ---- a/target/arm/internals.h -+++ b/target/arm/internals.h -@@ -1312,6 +1312,15 @@ void arm_log_exception(int idx); - #define LOG2_TAG_GRANULE 4 - #define TAG_GRANULE (1 << LOG2_TAG_GRANULE) - -+/* -+ * SVE predicates are 1/8 the size of SVE vectors, and cannot use -+ * the same simd_desc() encoding due to restrictions on size. -+ * Use these instead. -+ */ -+FIELD(PREDDESC, OPRSZ, 0, 6) -+FIELD(PREDDESC, ESZ, 6, 2) -+FIELD(PREDDESC, DATA, 8, 24) -+ - /* - * The SVE simd_data field, for memory ops, contains either - * rd (5 bits) or a shift count (2 bits). diff --git a/target-arm-Update-PFIRST-PNEXT-for-pred_.patch b/target-arm-Update-PFIRST-PNEXT-for-pred_.patch deleted file mode 100644 index fe2ede90..00000000 --- a/target-arm-Update-PFIRST-PNEXT-for-pred_.patch +++ /dev/null @@ -1,65 +0,0 @@ -From: Richard Henderson -Date: Tue, 12 Jan 2021 20:26:48 -1000 -Subject: target/arm: Update PFIRST, PNEXT for pred_desc - -Git-commit: 86300b5d044064046395ae8ed605cc19e63f2a7c - -These two were odd, in that do_pfirst_pnext passed the -count of 64-bit words rather than bytes. Change to pass -the standard pred_full_reg_size to avoid confusion. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Richard Henderson -Message-id: 20210113062650.593824-3-richard.henderson@linaro.org -Reviewed-by: Peter Maydell -Signed-off-by: Peter Maydell -Signed-off-by: Bruce Rogers ---- - target/arm/sve_helper.c | 7 ++++--- - target/arm/translate-sve.c | 6 +++--- - 2 files changed, 7 insertions(+), 6 deletions(-) - -diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c -index 5f037c3a8f8cbc6c093433703153..ff01851bf288009ec3e7585b8e03 100644 ---- a/target/arm/sve_helper.c -+++ b/target/arm/sve_helper.c -@@ -889,8 +889,9 @@ static intptr_t last_active_element(uint64_t *g, intptr_t words, intptr_t esz) - return (intptr_t)-1 << esz; - } - --uint32_t HELPER(sve_pfirst)(void *vd, void *vg, uint32_t words) -+uint32_t HELPER(sve_pfirst)(void *vd, void *vg, uint32_t pred_desc) - { -+ intptr_t words = DIV_ROUND_UP(FIELD_EX32(pred_desc, PREDDESC, OPRSZ), 8); - uint32_t flags = PREDTEST_INIT; - uint64_t *d = vd, *g = vg; - intptr_t i = 0; -@@ -914,8 +915,8 @@ uint32_t HELPER(sve_pfirst)(void *vd, void *vg, uint32_t words) - - uint32_t HELPER(sve_pnext)(void *vd, void *vg, uint32_t pred_desc) - { -- intptr_t words = extract32(pred_desc, 0, SIMD_OPRSZ_BITS); -- intptr_t esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); -+ intptr_t words = DIV_ROUND_UP(FIELD_EX32(pred_desc, PREDDESC, OPRSZ), 8); -+ intptr_t esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); - uint32_t flags = PREDTEST_INIT; - uint64_t *d = vd, *g = vg, esz_mask; - intptr_t i, next; -diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c -index 0c3a6d21210404a1340e58c9a021..efcb646f729b1dbe4f7989e2fb9d 100644 ---- a/target/arm/translate-sve.c -+++ b/target/arm/translate-sve.c -@@ -1494,10 +1494,10 @@ static bool do_pfirst_pnext(DisasContext *s, arg_rr_esz *a, - TCGv_ptr t_pd = tcg_temp_new_ptr(); - TCGv_ptr t_pg = tcg_temp_new_ptr(); - TCGv_i32 t; -- unsigned desc; -+ unsigned desc = 0; - -- desc = DIV_ROUND_UP(pred_full_reg_size(s), 8); -- desc = deposit32(desc, SIMD_DATA_SHIFT, 2, a->esz); -+ desc = FIELD_DP32(desc, PREDDESC, OPRSZ, pred_full_reg_size(s)); -+ desc = FIELD_DP32(desc, PREDDESC, ESZ, a->esz); - - tcg_gen_addi_ptr(t_pd, cpu_env, pred_full_reg_offset(s, a->rd)); - tcg_gen_addi_ptr(t_pg, cpu_env, pred_full_reg_offset(s, a->rn)); diff --git a/target-arm-Update-REV-PUNPK-for-pred_des.patch b/target-arm-Update-REV-PUNPK-for-pred_des.patch deleted file mode 100644 index eceb6c3d..00000000 --- a/target-arm-Update-REV-PUNPK-for-pred_des.patch +++ /dev/null @@ -1,75 +0,0 @@ -From: Richard Henderson -Date: Tue, 12 Jan 2021 20:26:50 -1000 -Subject: target/arm: Update REV, PUNPK for pred_desc - -Git-commit: 70acaafef2e053a312d54c09b6721c730690e72c - -Update all users of do_perm_pred2 for the new -predicate descriptor field definitions. - -Cc: qemu-stable@nongnu.org -Buglink: https://bugs.launchpad.net/bugs/1908551 -Signed-off-by: Richard Henderson -Message-id: 20210113062650.593824-5-richard.henderson@linaro.org -Reviewed-by: Peter Maydell -Signed-off-by: Peter Maydell -Signed-off-by: Bruce Rogers ---- - target/arm/sve_helper.c | 8 ++++---- - target/arm/translate-sve.c | 13 ++++--------- - 2 files changed, 8 insertions(+), 13 deletions(-) - -diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c -index 7eec4b6b73a273ecaf2fc218d8d4..844db08bd577016081329d6c4002 100644 ---- a/target/arm/sve_helper.c -+++ b/target/arm/sve_helper.c -@@ -2036,8 +2036,8 @@ static uint8_t reverse_bits_8(uint8_t x, int n) - - void HELPER(sve_rev_p)(void *vd, void *vn, uint32_t pred_desc) - { -- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; -- int esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); -+ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); -+ int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); - intptr_t i, oprsz_2 = oprsz / 2; - - if (oprsz <= 8) { -@@ -2066,8 +2066,8 @@ void HELPER(sve_rev_p)(void *vd, void *vn, uint32_t pred_desc) - - void HELPER(sve_punpk_p)(void *vd, void *vn, uint32_t pred_desc) - { -- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; -- intptr_t high = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1); -+ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); -+ intptr_t high = FIELD_EX32(pred_desc, PREDDESC, DATA); - uint64_t *d = vd; - intptr_t i; - -diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c -index 0baca176a090001de915a7866af4..27402af23c0b58fa94b4ac185951 100644 ---- a/target/arm/translate-sve.c -+++ b/target/arm/translate-sve.c -@@ -2145,19 +2145,14 @@ static bool do_perm_pred2(DisasContext *s, arg_rr_esz *a, bool high_odd, - TCGv_ptr t_d = tcg_temp_new_ptr(); - TCGv_ptr t_n = tcg_temp_new_ptr(); - TCGv_i32 t_desc; -- int desc; -+ uint32_t desc = 0; - - tcg_gen_addi_ptr(t_d, cpu_env, pred_full_reg_offset(s, a->rd)); - tcg_gen_addi_ptr(t_n, cpu_env, pred_full_reg_offset(s, a->rn)); - -- /* Predicate sizes may be smaller and cannot use simd_desc. -- We cannot round up, as we do elsewhere, because we need -- the exact size for ZIP2 and REV. We retain the style for -- the other helpers for consistency. */ -- -- desc = vsz - 2; -- desc = deposit32(desc, SIMD_DATA_SHIFT, 2, a->esz); -- desc = deposit32(desc, SIMD_DATA_SHIFT + 2, 2, high_odd); -+ desc = FIELD_DP32(desc, PREDDESC, OPRSZ, vsz); -+ desc = FIELD_DP32(desc, PREDDESC, ESZ, a->esz); -+ desc = FIELD_DP32(desc, PREDDESC, DATA, high_odd); - t_desc = tcg_const_i32(desc); - - fn(t_d, t_n, t_desc); diff --git a/target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch b/target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch deleted file mode 100644 index e398ff8c..00000000 --- a/target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch +++ /dev/null @@ -1,91 +0,0 @@ -From: Richard Henderson -Date: Tue, 12 Jan 2021 20:26:49 -1000 -Subject: target/arm: Update ZIP, UZP, TRN for pred_desc - -Git-commit: f9b0fcceccfc05cde62ff7577fbf2bc13b842414 - -Update all users of do_perm_pred3 for the new -predicate descriptor field definitions. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Richard Henderson -Message-id: 20210113062650.593824-4-richard.henderson@linaro.org -Reviewed-by: Peter Maydell -Signed-off-by: Peter Maydell -Signed-off-by: Bruce Rogers ---- - target/arm/sve_helper.c | 18 +++++++++--------- - target/arm/translate-sve.c | 12 ++++-------- - 2 files changed, 13 insertions(+), 17 deletions(-) - -diff --git a/target/arm/sve_helper.c b/target/arm/sve_helper.c -index ff01851bf288009ec3e7585b8e03..7eec4b6b73a273ecaf2fc218d8d4 100644 ---- a/target/arm/sve_helper.c -+++ b/target/arm/sve_helper.c -@@ -1868,9 +1868,9 @@ static uint64_t compress_bits(uint64_t x, int n) - - void HELPER(sve_zip_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) - { -- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; -- int esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); -- intptr_t high = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1); -+ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); -+ int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); -+ intptr_t high = FIELD_EX32(pred_desc, PREDDESC, DATA); - uint64_t *d = vd; - intptr_t i; - -@@ -1929,9 +1929,9 @@ void HELPER(sve_zip_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) - - void HELPER(sve_uzp_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) - { -- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; -- int esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); -- int odd = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1) << esz; -+ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); -+ int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); -+ int odd = FIELD_EX32(pred_desc, PREDDESC, DATA) << esz; - uint64_t *d = vd, *n = vn, *m = vm; - uint64_t l, h; - intptr_t i; -@@ -1986,9 +1986,9 @@ void HELPER(sve_uzp_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) - - void HELPER(sve_trn_p)(void *vd, void *vn, void *vm, uint32_t pred_desc) - { -- intptr_t oprsz = extract32(pred_desc, 0, SIMD_OPRSZ_BITS) + 2; -- uintptr_t esz = extract32(pred_desc, SIMD_DATA_SHIFT, 2); -- bool odd = extract32(pred_desc, SIMD_DATA_SHIFT + 2, 1); -+ intptr_t oprsz = FIELD_EX32(pred_desc, PREDDESC, OPRSZ); -+ int esz = FIELD_EX32(pred_desc, PREDDESC, ESZ); -+ int odd = FIELD_EX32(pred_desc, PREDDESC, DATA); - uint64_t *d = vd, *n = vn, *m = vm; - uint64_t mask; - int shr, shl; -diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c -index efcb646f729b1dbe4f7989e2fb9d..0baca176a090001de915a7866af4 100644 ---- a/target/arm/translate-sve.c -+++ b/target/arm/translate-sve.c -@@ -2110,19 +2110,15 @@ static bool do_perm_pred3(DisasContext *s, arg_rrr_esz *a, bool high_odd, - - unsigned vsz = pred_full_reg_size(s); - -- /* Predicate sizes may be smaller and cannot use simd_desc. -- We cannot round up, as we do elsewhere, because we need -- the exact size for ZIP2 and REV. We retain the style for -- the other helpers for consistency. */ - TCGv_ptr t_d = tcg_temp_new_ptr(); - TCGv_ptr t_n = tcg_temp_new_ptr(); - TCGv_ptr t_m = tcg_temp_new_ptr(); - TCGv_i32 t_desc; -- int desc; -+ uint32_t desc = 0; - -- desc = vsz - 2; -- desc = deposit32(desc, SIMD_DATA_SHIFT, 2, a->esz); -- desc = deposit32(desc, SIMD_DATA_SHIFT + 2, 2, high_odd); -+ desc = FIELD_DP32(desc, PREDDESC, OPRSZ, vsz); -+ desc = FIELD_DP32(desc, PREDDESC, ESZ, a->esz); -+ desc = FIELD_DP32(desc, PREDDESC, DATA, high_odd); - - tcg_gen_addi_ptr(t_d, cpu_env, pred_full_reg_offset(s, a->rd)); - tcg_gen_addi_ptr(t_n, cpu_env, pred_full_reg_offset(s, a->rn)); diff --git a/target-xtensa-fix-meson.build-rule-for-x.patch b/target-xtensa-fix-meson.build-rule-for-x.patch deleted file mode 100644 index 627c1608..00000000 --- a/target-xtensa-fix-meson.build-rule-for-x.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: Max Filippov -Date: Tue, 30 Mar 2021 00:25:24 -0700 -Subject: target/xtensa: fix meson.build rule for xtensa cores - -Git-commit: 84317d57e8c61ff68eeaa1f2de93472fa930a6a4 - -import_core.sh tries to change Makefile.objs when importing new xtensa -core, but that file no longer exists. Rewrite meson.build rule to pick -up all source files that match core-*.c pattern and drop commands that -change Makefile.objs. - -Cc: qemu-stable@nongnu.org # v5.2.0 -Signed-off-by: Max Filippov -Reviewed-by: Richard Henderson -Signed-off-by: Bruce Rogers ---- - target/xtensa/import_core.sh | 3 --- - target/xtensa/meson.build | 13 ++++--------- - 2 files changed, 4 insertions(+), 12 deletions(-) - -diff --git a/target/xtensa/import_core.sh b/target/xtensa/import_core.sh -index c8626a8c02ebb41e2ab9aab3648f..1120a4a2a5e1ca6568d27a8eb06e 100755 ---- a/target/xtensa/import_core.sh -+++ b/target/xtensa/import_core.sh -@@ -65,6 +65,3 @@ static XtensaConfig $NAME __attribute__((unused)) = { - - REGISTER_CORE($NAME) - EOF -- --grep -q core-${NAME}.o "$BASE"/Makefile.objs || \ -- echo "obj-y += core-${NAME}.o" >> "$BASE"/Makefile.objs -diff --git a/target/xtensa/meson.build b/target/xtensa/meson.build -index dd750a977ef9c046a12e16415b58..7c4efa6c6290d68abb68d9fc9016 100644 ---- a/target/xtensa/meson.build -+++ b/target/xtensa/meson.build -@@ -1,14 +1,9 @@ - xtensa_ss = ss.source_set() -+ -+xtensa_cores = run_command('sh', '-c', 'cd $MESON_SOURCE_ROOT/$MESON_SUBDIR ; ls -1 core-*.c') -+xtensa_ss.add(files(xtensa_cores.stdout().strip().split('\n'))) -+ - xtensa_ss.add(files( -- 'core-dc232b.c', -- 'core-dc233c.c', -- 'core-de212.c', -- 'core-de233_fpu.c', -- 'core-dsp3400.c', -- 'core-fsf.c', -- 'core-sample_controller.c', -- 'core-test_kc705_be.c', -- 'core-test_mmuhifi_c3.c', - 'cpu.c', - 'exc_helper.c', - 'fpu_helper.c', diff --git a/tcg-Use-memset-for-large-vector-byte-rep.patch b/tcg-Use-memset-for-large-vector-byte-rep.patch deleted file mode 100644 index e5f35a16..00000000 --- a/tcg-Use-memset-for-large-vector-byte-rep.patch +++ /dev/null @@ -1,123 +0,0 @@ -From: Richard Henderson -Date: Tue, 15 Dec 2020 11:47:59 -0600 -Subject: tcg: Use memset for large vector byte replication -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 6d3ef04893bdea3e7aa08be3cce5141902836a31 - -In f47db80cc07, we handled odd-sized tail clearing for -the case of hosts that have vector operations, but did -not handle the case of hosts that do not have vector ops. - -This was ok until e2e7168a214b, which changed the encoding -of simd_desc such that the odd sizes are impossible. - -Add memset as a tcg helper, and use that for all out-of-line -byte stores to vectors. This includes, but is not limited to, -the tail clearing operation in question. - -Cc: qemu-stable@nongnu.org -Buglink: https://bugs.launchpad.net/bugs/1907817 -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Richard Henderson -Signed-off-by: Bruce Rogers ---- - accel/tcg/tcg-runtime.h | 11 +++++++++++ - include/exec/helper-proto.h | 4 ++++ - tcg/tcg-op-gvec.c | 32 ++++++++++++++++++++++++++++++++ - 3 files changed, 47 insertions(+) - -diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h -index 4eda24e63af46de4873822cdabf5..2e36d6eb0c66393ffa3656e88401 100644 ---- a/accel/tcg/tcg-runtime.h -+++ b/accel/tcg/tcg-runtime.h -@@ -28,6 +28,17 @@ DEF_HELPER_FLAGS_1(lookup_tb_ptr, TCG_CALL_NO_WG_SE, ptr, env) - - DEF_HELPER_FLAGS_1(exit_atomic, TCG_CALL_NO_WG, noreturn, env) - -+#ifndef IN_HELPER_PROTO -+/* -+ * Pass calls to memset directly to libc, without a thunk in qemu. -+ * Do not re-declare memset, especially since we fudge the type here; -+ * we assume sizeof(void *) == sizeof(size_t), which is true for -+ * all supported hosts. -+ */ -+#define helper_memset memset -+DEF_HELPER_FLAGS_3(memset, TCG_CALL_NO_RWG, ptr, ptr, int, ptr) -+#endif /* IN_HELPER_PROTO */ -+ - #ifdef CONFIG_SOFTMMU - - DEF_HELPER_FLAGS_5(atomic_cmpxchgb, TCG_CALL_NO_WG, -diff --git a/include/exec/helper-proto.h b/include/exec/helper-proto.h -index a0a8d9aa46f02eaeec1ffdd6a547..659f9298e8fe2935cd3ea9931d44 100644 ---- a/include/exec/helper-proto.h -+++ b/include/exec/helper-proto.h -@@ -35,11 +35,15 @@ dh_ctype(ret) HELPER(name) (dh_ctype(t1), dh_ctype(t2), dh_ctype(t3), \ - dh_ctype(t4), dh_ctype(t5), dh_ctype(t6), \ - dh_ctype(t7)); - -+#define IN_HELPER_PROTO -+ - #include "helper.h" - #include "trace/generated-helpers.h" - #include "tcg-runtime.h" - #include "plugin-helpers.h" - -+#undef IN_HELPER_PROTO -+ - #undef DEF_HELPER_FLAGS_0 - #undef DEF_HELPER_FLAGS_1 - #undef DEF_HELPER_FLAGS_2 -diff --git a/tcg/tcg-op-gvec.c b/tcg/tcg-op-gvec.c -index ddbe06b71a81fad997c6348b68d9..1a41dfa90871740669799867f34d 100644 ---- a/tcg/tcg-op-gvec.c -+++ b/tcg/tcg-op-gvec.c -@@ -547,6 +547,9 @@ static void do_dup(unsigned vece, uint32_t dofs, uint32_t oprsz, - in_c = dup_const(vece, in_c); - if (in_c == 0) { - oprsz = maxsz; -+ vece = MO_8; -+ } else if (in_c == dup_const(MO_8, in_c)) { -+ vece = MO_8; - } - } - -@@ -628,6 +631,35 @@ static void do_dup(unsigned vece, uint32_t dofs, uint32_t oprsz, - /* Otherwise implement out of line. */ - t_ptr = tcg_temp_new_ptr(); - tcg_gen_addi_ptr(t_ptr, cpu_env, dofs); -+ -+ /* -+ * This may be expand_clr for the tail of an operation, e.g. -+ * oprsz == 8 && maxsz == 64. The size of the clear is misaligned -+ * wrt simd_desc and will assert. Simply pass all replicated byte -+ * stores through to memset. -+ */ -+ if (oprsz == maxsz && vece == MO_8) { -+ TCGv_ptr t_size = tcg_const_ptr(oprsz); -+ TCGv_i32 t_val; -+ -+ if (in_32) { -+ t_val = in_32; -+ } else if (in_64) { -+ t_val = tcg_temp_new_i32(); -+ tcg_gen_extrl_i64_i32(t_val, in_64); -+ } else { -+ t_val = tcg_const_i32(in_c); -+ } -+ gen_helper_memset(t_ptr, t_ptr, t_val, t_size); -+ -+ if (!in_32) { -+ tcg_temp_free_i32(t_val); -+ } -+ tcg_temp_free_ptr(t_size); -+ tcg_temp_free_ptr(t_ptr); -+ return; -+ } -+ - t_desc = tcg_const_i32(simd_desc(oprsz, maxsz, 0)); - - if (vece == MO_64) { diff --git a/tests-Fix-block-tests-to-be-compatible-w.patch b/tests-Fix-block-tests-to-be-compatible-w.patch index 7f62ba07..7cbad25b 100644 --- a/tests-Fix-block-tests-to-be-compatible-w.patch +++ b/tests-Fix-block-tests-to-be-compatible-w.patch @@ -16,10 +16,10 @@ Signed-off-by: Bruce Rogers 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/tests/qemu-iotests/130 b/tests/qemu-iotests/130 -index a7b365701c490b4b4894eb0c26a8..02cb0f8216a6618b5e0dc526c361 100755 +index 7257f096774f6e9e835479006ba4..bfb7bfda6b4d0925fccc87853cd2 100755 --- a/tests/qemu-iotests/130 +++ b/tests/qemu-iotests/130 -@@ -63,7 +63,8 @@ echo +@@ -64,7 +64,8 @@ echo _launch_qemu -drive id=testdisk,file="$TEST_IMG",backing.file.filename="$TEST_IMG.base" _send_qemu_cmd $QEMU_HANDLE "commit testdisk" "(qemu)" _send_qemu_cmd $QEMU_HANDLE '' '(qemu)' @@ -29,7 +29,7 @@ index a7b365701c490b4b4894eb0c26a8..02cb0f8216a6618b5e0dc526c361 100755 _img_info | _filter_img_info # Make sure that if there was a backing file that was just overridden on the -@@ -72,7 +73,8 @@ _make_test_img -F raw -b "$TEST_IMG.orig" 64M +@@ -73,7 +74,8 @@ _make_test_img -F raw -b "$TEST_IMG.orig" 64M _launch_qemu -drive id=testdisk,file="$TEST_IMG",backing.file.filename="$TEST_IMG.base",backing.driver=$IMGFMT _send_qemu_cmd $QEMU_HANDLE "commit testdisk" "(qemu)" _send_qemu_cmd $QEMU_HANDLE '' '(qemu)' @@ -60,10 +60,10 @@ index e45285ccc311522481ac1b27ba99..7168bdf70c3eb32d4de0d28bb947 100644 file format: IMGFMT virtual size: 64 MiB (67108864 bytes) diff --git a/tests/qemu-iotests/153 b/tests/qemu-iotests/153 -index 34045ea3cfeb5e30acac17ae8a10..b5cec71dd9a718055d9264e51946 100755 +index 607af590918aaccd12490493b42a..987158ca49a88cef0815ea86f39e 100755 --- a/tests/qemu-iotests/153 +++ b/tests/qemu-iotests/153 -@@ -201,7 +201,8 @@ _send_qemu_cmd $QEMU_HANDLE \ +@@ -202,7 +202,8 @@ _send_qemu_cmd $QEMU_HANDLE \ 'return' _run_cmd $QEMU_IMG commit -b "${TEST_IMG}.b" "${TEST_IMG}.c" @@ -73,7 +73,7 @@ index 34045ea3cfeb5e30acac17ae8a10..b5cec71dd9a718055d9264e51946 100755 _launch_qemu -@@ -253,7 +254,8 @@ _send_qemu_cmd $QEMU_HANDLE \ +@@ -254,7 +255,8 @@ _send_qemu_cmd $QEMU_HANDLE \ _run_cmd $QEMU_IO "${TEST_IMG}" -c 'write 0 512' diff --git a/tests-qemu-iotests-Triple-timeout-of-i-o.patch b/tests-qemu-iotests-Triple-timeout-of-i-o.patch index 241968a5..286c5b66 100644 --- a/tests-qemu-iotests-Triple-timeout-of-i-o.patch +++ b/tests-qemu-iotests-Triple-timeout-of-i-o.patch @@ -13,15 +13,15 @@ Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/qemu-iotests/common.qemu b/tests/qemu-iotests/common.qemu -index ef105dfc393e96c6ef2f34c1466d..3ecff3edfa7569d49ec7d81c2195 100644 +index 0fc52d20d74020a4c4a0d697aaa2..622495201eed12a5fe4734581f84 100644 --- a/tests/qemu-iotests/common.qemu +++ b/tests/qemu-iotests/common.qemu -@@ -76,7 +76,7 @@ _timed_wait_for() +@@ -85,7 +85,7 @@ _timed_wait_for() timeout=yes QEMU_STATUS[$h]=0 - while IFS= read -t ${QEMU_COMM_TIMEOUT} resp <&${QEMU_OUT[$h]} + while IFS= read -t $((${QEMU_COMM_TIMEOUT}*3)) resp <&${QEMU_OUT[$h]} do - if [ -z "${silent}" ] && [ -z "${mismatch_only}" ]; then - echo "${resp}" | _filter_testdir | _filter_qemu \ + if [ -n "$capture_events" ]; then + capture=0 diff --git a/tools-virtiofsd-Replace-the-word-whiteli.patch b/tools-virtiofsd-Replace-the-word-whiteli.patch deleted file mode 100644 index 988c403c..00000000 --- a/tools-virtiofsd-Replace-the-word-whiteli.patch +++ /dev/null @@ -1,93 +0,0 @@ -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Fri, 5 Feb 2021 18:18:11 +0100 -Subject: tools/virtiofsd: Replace the word 'whitelist' -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: a65963efa3a8533e8c9fc62e899147612d913058 -References: bsc#1183373, CVE-2021-20263 - -Follow the inclusive terminology from the "Conscious Language in your -Open Source Projects" guidelines [*] and replace the words "whitelist" -appropriately. - -[*] https://github.com/conscious-lang/conscious-lang-docs/blob/main/faq.md - -Reviewed-by: Dr. David Alan Gilbert -Reviewed-by: Daniel P. Berrangé -Signed-off-by: Philippe Mathieu-Daudé -Message-Id: <20210205171817.2108907-3-philmd@redhat.com> -Signed-off-by: Dr. David Alan Gilbert -Signed-off-by: Bruce Rogers ---- - tools/virtiofsd/passthrough_ll.c | 6 +++--- - tools/virtiofsd/passthrough_seccomp.c | 12 ++++++------ - 2 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index 03c5e0d13c35849ec90d32fa38a2..90f5281f10ab747098e57a3157c1 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -3195,7 +3195,7 @@ static void setup_mounts(const char *source) - } - - /* -- * Only keep whitelisted capabilities that are needed for file system operation -+ * Only keep capabilities in allowlist that are needed for file system operation - * The (possibly NULL) modcaps_in string passed in is free'd before exit. - */ - static void setup_capabilities(char *modcaps_in) -@@ -3205,8 +3205,8 @@ static void setup_capabilities(char *modcaps_in) - capng_restore_state(&cap.saved); - - /* -- * Whitelist file system-related capabilities that are needed for a file -- * server to act like root. Drop everything else like networking and -+ * Add to allowlist file system-related capabilities that are needed for a -+ * file server to act like root. Drop everything else like networking and - * sysadmin capabilities. - * - * Exclusions: -diff --git a/tools/virtiofsd/passthrough_seccomp.c b/tools/virtiofsd/passthrough_seccomp.c -index 11623f56f20ca6ceb850ecf2cb8d..c98d28da6c41106d12608cf4b576 100644 ---- a/tools/virtiofsd/passthrough_seccomp.c -+++ b/tools/virtiofsd/passthrough_seccomp.c -@@ -24,7 +24,7 @@ - #endif - #endif - --static const int syscall_whitelist[] = { -+static const int syscall_allowlist[] = { - /* TODO ireg sem*() syscalls */ - SCMP_SYS(brk), - SCMP_SYS(capget), /* For CAP_FSETID */ -@@ -118,12 +118,12 @@ static const int syscall_whitelist[] = { - }; - - /* Syscalls used when --syslog is enabled */ --static const int syscall_whitelist_syslog[] = { -+static const int syscall_allowlist_syslog[] = { - SCMP_SYS(send), - SCMP_SYS(sendto), - }; - --static void add_whitelist(scmp_filter_ctx ctx, const int syscalls[], size_t len) -+static void add_allowlist(scmp_filter_ctx ctx, const int syscalls[], size_t len) - { - size_t i; - -@@ -154,10 +154,10 @@ void setup_seccomp(bool enable_syslog) - exit(1); - } - -- add_whitelist(ctx, syscall_whitelist, G_N_ELEMENTS(syscall_whitelist)); -+ add_allowlist(ctx, syscall_allowlist, G_N_ELEMENTS(syscall_allowlist)); - if (enable_syslog) { -- add_whitelist(ctx, syscall_whitelist_syslog, -- G_N_ELEMENTS(syscall_whitelist_syslog)); -+ add_allowlist(ctx, syscall_allowlist_syslog, -+ G_N_ELEMENTS(syscall_allowlist_syslog)); - } - - /* libvhost-user calls this for post-copy migration, we don't need it */ diff --git a/tx_pkt-switch-to-use-qemu_receive_packet.patch b/tx_pkt-switch-to-use-qemu_receive_packet.patch deleted file mode 100644 index 742ff612..00000000 --- a/tx_pkt-switch-to-use-qemu_receive_packet.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Jason Wang -Date: Wed, 24 Feb 2021 13:27:52 +0800 -Subject: tx_pkt: switch to use qemu_receive_packet_iov() for loopback -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 8c552542b81e56ff532dd27ec6e5328954bdda73 - -This patch switches to use qemu_receive_receive_iov() which can detect -reentrancy and return early. - -This is intended to address CVE-2021-3416. - -Cc: Prasad J Pandit -Cc: qemu-stable@nongnu.org -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Jason Wang -Signed-off-by: Bruce Rogers ---- - hw/net/net_tx_pkt.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c -index da262edc3e95e71f2aa8a52026f9..1f9aa59eca258a51c462be114888 100644 ---- a/hw/net/net_tx_pkt.c -+++ b/hw/net/net_tx_pkt.c -@@ -553,7 +553,7 @@ static inline void net_tx_pkt_sendv(struct NetTxPkt *pkt, - NetClientState *nc, const struct iovec *iov, int iov_cnt) - { - if (pkt->is_loopback) { -- nc->info->receive_iov(nc, iov, iov_cnt); -+ qemu_receive_packet_iov(nc, iov, iov_cnt); - } else { - qemu_sendv_packet(nc, iov, iov_cnt); - } diff --git a/ui-vnc-Add-missing-lock-for-send_color_m.patch b/ui-vnc-Add-missing-lock-for-send_color_m.patch deleted file mode 100644 index bb3f6823..00000000 --- a/ui-vnc-Add-missing-lock-for-send_color_m.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: Peng Liang -Date: Mon, 16 Nov 2020 22:13:38 +0800 -Subject: ui/vnc: Add missing lock for send_color_map - -Git-commit: 947191b4312a547621566d77d7b922d9e13bb63d -vnc_write() should be locked after the RFB protocol is initialized. - -Fixes: 0c426e4534b4 ("vnc: Add support for color map") -Cc: qemu-stable@nongnu.org -Reported-by: Euler Robot -Signed-off-by: Peng Liang -Message-id: 20201116141338.148911-1-liangpeng10@huawei.com -Signed-off-by: Gerd Hoffmann -Signed-off-by: Bruce Rogers ---- - ui/vnc.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/ui/vnc.c b/ui/vnc.c -index 49235056f7a893f5f7c86500afbc..ca3fc376aeb547681e5a26a480b6 100644 ---- a/ui/vnc.c -+++ b/ui/vnc.c -@@ -2156,6 +2156,7 @@ static void send_color_map(VncState *vs) - { - int i; - -+ vnc_lock_output(vs); - vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES); - vnc_write_u8(vs, 0); /* padding */ - vnc_write_u16(vs, 0); /* first color */ -@@ -2168,6 +2169,7 @@ static void send_color_map(VncState *vs) - vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits))); - vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits))); - } -+ vnc_unlock_output(vs); - } - - static void set_pixel_format(VncState *vs, int bits_per_pixel, diff --git a/update-linux-headers-Include-const.h.patch b/update-linux-headers-Include-const.h.patch deleted file mode 100644 index 3feeef3c..00000000 --- a/update-linux-headers-Include-const.h.patch +++ /dev/null @@ -1,48 +0,0 @@ -From: Eric Farman -Date: Mon, 4 Jan 2021 21:20:55 +0100 -Subject: update-linux-headers: Include const.h -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: ab5ec23f9cc25215c1281d575c07c0f35e8e9e26 -References: bsc#1183634 - -Kernel commit a85cbe6159ff ("uapi: move constants from - to ") breaks our script -because of the unrecognized include. Let's add that to -our processing. - -Signed-off-by: Eric Farman -Reviewed-by: Peter Xu -Reviewed-by: Philippe Mathieu-Daudé -Message-Id: <20210104202057.48048-2-farman@linux.ibm.com> -Signed-off-by: Cornelia Huck -Signed-off-by: Bruce Rogers ---- - scripts/update-linux-headers.sh | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh -index 9efbaf2f84b38bee183517934b84..fa6f2b6272b78223d28f4c823858 100755 ---- a/scripts/update-linux-headers.sh -+++ b/scripts/update-linux-headers.sh -@@ -41,6 +41,7 @@ cp_portable() { - -e 'pvrdma_verbs' \ - -e 'drm.h' \ - -e 'limits' \ -+ -e 'linux/const' \ - -e 'linux/kernel' \ - -e 'linux/sysinfo' \ - -e 'asm-generic/kvm_para' \ -@@ -190,7 +191,9 @@ for i in "$tmpdir"/include/linux/*virtio*.h \ - "$tmpdir/include/linux/input.h" \ - "$tmpdir/include/linux/input-event-codes.h" \ - "$tmpdir/include/linux/pci_regs.h" \ -- "$tmpdir/include/linux/ethtool.h" "$tmpdir/include/linux/kernel.h" \ -+ "$tmpdir/include/linux/ethtool.h" \ -+ "$tmpdir/include/linux/const.h" \ -+ "$tmpdir/include/linux/kernel.h" \ - "$tmpdir/include/linux/vhost_types.h" \ - "$tmpdir/include/linux/sysinfo.h"; do - cp_portable "$i" "$output/include/standard-headers/linux" diff --git a/usb-Help-compiler-out-to-avoid-a-warning.patch b/usb-Help-compiler-out-to-avoid-a-warning.patch index ba433292..c90faacd 100644 --- a/usb-Help-compiler-out-to-avoid-a-warning.patch +++ b/usb-Help-compiler-out-to-avoid-a-warning.patch @@ -18,7 +18,7 @@ Signed-off-by: Bruce Rogers 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c -index 9ce7ca706e3beff96cde32ddded3..e0884d777093a39506ac01fdce3a 100644 +index 46212b1e695acc657122ae6645ac..b487818908839ca4c3dd2c082c6a 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -3306,7 +3306,7 @@ static void usb_xhci_init(XHCIState *xhci) diff --git a/util-fix-use-after-free-in-module_load_o.patch b/util-fix-use-after-free-in-module_load_o.patch deleted file mode 100644 index db0967dd..00000000 --- a/util-fix-use-after-free-in-module_load_o.patch +++ /dev/null @@ -1,58 +0,0 @@ -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Tue, 16 Mar 2021 17:44:56 +0400 -Subject: util: fix use-after-free in module_load_one -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Git-commit: 64e16fbbf49ce81b37841480d14b0caf5753c98e - -g_hash_table_add always retains ownership of the pointer passed in as -the key. Its return status merely indicates whether the added entry was -new, or replaced an existing entry. Thus key must never be freed after -this method returns. - -Spotted by ASAN: - -==2407186==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020003ac4f0 at pc 0x7ffff766659c bp 0x7fffffffd1d0 sp 0x7fffffffc980 -READ of size 1 at 0x6020003ac4f0 thread T0 - #0 0x7ffff766659b (/lib64/libasan.so.6+0x8a59b) - #1 0x7ffff6bfa843 in g_str_equal ../glib/ghash.c:2303 - #2 0x7ffff6bf8167 in g_hash_table_lookup_node ../glib/ghash.c:493 - #3 0x7ffff6bf9b78 in g_hash_table_insert_internal ../glib/ghash.c:1598 - #4 0x7ffff6bf9c32 in g_hash_table_add ../glib/ghash.c:1689 - #5 0x5555596caad4 in module_load_one ../util/module.c:233 - #6 0x5555596ca949 in module_load_one ../util/module.c:225 - #7 0x5555596ca949 in module_load_one ../util/module.c:225 - #8 0x5555596cbdf4 in module_load_qom_all ../util/module.c:349 - -Typical C bug... - -Fixes: 90629122d2e ("module: use g_hash_table_add()") -Cc: qemu-stable@nongnu.org -Signed-off-by: Marc-André Lureau -Reviewed-by: Daniel P. Berrangé -Message-Id: <20210316134456.3243102-1-marcandre.lureau@redhat.com> -Reviewed-by: Philippe Mathieu-Daudé -Signed-off-by: Bruce Rogers ---- - util/module.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/util/module.c b/util/module.c -index cbe89fede628c3674e49194ee688..7661d0f6234d952f375ad09f67d7 100644 ---- a/util/module.c -+++ b/util/module.c -@@ -230,10 +230,11 @@ bool module_load_one(const char *prefix, const char *lib_name, bool mayfail) - } - } - -- if (!g_hash_table_add(loaded_modules, module_name)) { -+ if (g_hash_table_contains(loaded_modules, module_name)) { - g_free(module_name); - return true; - } -+ g_hash_table_add(loaded_modules, module_name); - - search_dir = getenv("QEMU_MODULE_DIR"); - if (search_dir != NULL) { diff --git a/vfio-ccw-Connect-the-device-request-noti.patch b/vfio-ccw-Connect-the-device-request-noti.patch deleted file mode 100644 index f5858414..00000000 --- a/vfio-ccw-Connect-the-device-request-noti.patch +++ /dev/null @@ -1,115 +0,0 @@ -From: Eric Farman -Date: Mon, 4 Jan 2021 21:20:57 +0100 -Subject: vfio-ccw: Connect the device request notifier - -Git-commit: b2f96f9e4f5fbc8f2770a436191cb328da4d5350 -References: 1183634 - -Now that the vfio-ccw code has a notifier interface to request that -a device be unplugged, let's wire that together. - -Signed-off-by: Eric Farman -Reviewed-by: Cornelia Huck -Message-Id: <20210104202057.48048-4-farman@linux.ibm.com> -Signed-off-by: Cornelia Huck -Signed-off-by: Bruce Rogers ---- - hw/vfio/ccw.c | 40 ++++++++++++++++++++++++++++++++++++---- - 1 file changed, 36 insertions(+), 4 deletions(-) - -diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c -index d2755d7fc5cace038ca7e4f87822..bc78a0ad7638c329bbc06a69a432 100644 ---- a/hw/vfio/ccw.c -+++ b/hw/vfio/ccw.c -@@ -49,6 +49,7 @@ struct VFIOCCWDevice { - struct ccw_crw_region *crw_region; - EventNotifier io_notifier; - EventNotifier crw_notifier; -+ EventNotifier req_notifier; - bool force_orb_pfch; - bool warned_orb_pfch; - }; -@@ -287,6 +288,21 @@ static void vfio_ccw_crw_read(VFIOCCWDevice *vcdev) - } while (1); - } - -+static void vfio_ccw_req_notifier_handler(void *opaque) -+{ -+ VFIOCCWDevice *vcdev = opaque; -+ Error *err = NULL; -+ -+ if (!event_notifier_test_and_clear(&vcdev->req_notifier)) { -+ return; -+ } -+ -+ qdev_unplug(DEVICE(vcdev), &err); -+ if (err) { -+ warn_reportf_err(err, VFIO_MSG_PREFIX, vcdev->vdev.name); -+ } -+} -+ - static void vfio_ccw_crw_notifier_handler(void *opaque) - { - VFIOCCWDevice *vcdev = opaque; -@@ -386,6 +402,10 @@ static void vfio_ccw_register_irq_notifier(VFIOCCWDevice *vcdev, - notifier = &vcdev->crw_notifier; - fd_read = vfio_ccw_crw_notifier_handler; - break; -+ case VFIO_CCW_REQ_IRQ_INDEX: -+ notifier = &vcdev->req_notifier; -+ fd_read = vfio_ccw_req_notifier_handler; -+ break; - default: - error_setg(errp, "vfio: Unsupported device irq(%d)", irq); - return; -@@ -440,6 +460,9 @@ static void vfio_ccw_unregister_irq_notifier(VFIOCCWDevice *vcdev, - case VFIO_CCW_CRW_IRQ_INDEX: - notifier = &vcdev->crw_notifier; - break; -+ case VFIO_CCW_REQ_IRQ_INDEX: -+ notifier = &vcdev->req_notifier; -+ break; - default: - error_report("vfio: Unsupported device irq(%d)", irq); - return; -@@ -661,20 +684,28 @@ static void vfio_ccw_realize(DeviceState *dev, Error **errp) - - vfio_ccw_register_irq_notifier(vcdev, VFIO_CCW_IO_IRQ_INDEX, &err); - if (err) { -- goto out_notifier_err; -+ goto out_io_notifier_err; - } - - if (vcdev->crw_region) { - vfio_ccw_register_irq_notifier(vcdev, VFIO_CCW_CRW_IRQ_INDEX, &err); - if (err) { -- vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_IO_IRQ_INDEX); -- goto out_notifier_err; -+ goto out_crw_notifier_err; - } - } - -+ vfio_ccw_register_irq_notifier(vcdev, VFIO_CCW_REQ_IRQ_INDEX, &err); -+ if (err) { -+ goto out_req_notifier_err; -+ } -+ - return; - --out_notifier_err: -+out_req_notifier_err: -+ vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_CRW_IRQ_INDEX); -+out_crw_notifier_err: -+ vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_IO_IRQ_INDEX); -+out_io_notifier_err: - vfio_ccw_put_region(vcdev); - out_region_err: - vfio_ccw_put_device(vcdev); -@@ -696,6 +727,7 @@ static void vfio_ccw_unrealize(DeviceState *dev) - S390CCWDeviceClass *cdc = S390_CCW_DEVICE_GET_CLASS(cdev); - VFIOGroup *group = vcdev->vdev.group; - -+ vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_REQ_IRQ_INDEX); - vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_CRW_IRQ_INDEX); - vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_IO_IRQ_INDEX); - vfio_ccw_put_region(vcdev); diff --git a/vhost-user-blk-fix-blkcfg-num_queues-end.patch b/vhost-user-blk-fix-blkcfg-num_queues-end.patch deleted file mode 100644 index 5a6886f7..00000000 --- a/vhost-user-blk-fix-blkcfg-num_queues-end.patch +++ /dev/null @@ -1,51 +0,0 @@ -From: Stefan Hajnoczi -Date: Tue, 23 Feb 2021 14:46:42 +0000 -Subject: vhost-user-blk: fix blkcfg->num_queues endianness - -Git-commit: 535255b43898d2e96744057eb86f8497d4d7a461 - -Treat the num_queues field as virtio-endian. On big-endian hosts the -vhost-user-blk num_queues field was in the wrong endianness. - -Move the blkcfg.num_queues store operation from realize to -vhost_user_blk_update_config() so feature negotiation has finished and -we know the endianness of the device. VIRTIO 1.0 devices are -little-endian, but in case someone wants to use legacy VIRTIO we support -all endianness cases. - -Cc: qemu-stable@nongnu.org -Signed-off-by: Stefan Hajnoczi -Reviewed-by: Raphael Norwitz -Reviewed-by: Michael S. Tsirkin -Message-Id: <20210223144653.811468-2-stefanha@redhat.com> -Signed-off-by: Kevin Wolf -Signed-off-by: Bruce Rogers ---- - hw/block/vhost-user-blk.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c -index 2dd3d93ca02f077b9fe8aaaa4d14..d9d9dc8a890d9d24b772c029e57f 100644 ---- a/hw/block/vhost-user-blk.c -+++ b/hw/block/vhost-user-blk.c -@@ -53,6 +53,9 @@ static void vhost_user_blk_update_config(VirtIODevice *vdev, uint8_t *config) - { - VHostUserBlk *s = VHOST_USER_BLK(vdev); - -+ /* Our num_queues overrides the device backend */ -+ virtio_stw_p(vdev, &s->blkcfg.num_queues, s->num_queues); -+ - memcpy(config, &s->blkcfg, sizeof(struct virtio_blk_config)); - } - -@@ -490,10 +493,6 @@ reconnect: - goto reconnect; - } - -- if (s->blkcfg.num_queues != s->num_queues) { -- s->blkcfg.num_queues = s->num_queues; -- } -- - return; - - virtio_err: diff --git a/viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch b/viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch deleted file mode 100644 index 6589f349..00000000 --- a/viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch +++ /dev/null @@ -1,335 +0,0 @@ -From: Vivek Goyal -Date: Mon, 8 Feb 2021 17:40:24 -0500 -Subject: viriofsd: Add support for FUSE_HANDLE_KILLPRIV_V2 - -Git-commit: d64907acbf6e436099fd26fbb6312fd56f9fb29d -References: bsc#1183373, CVE-2021-20263 - -This patch adds basic support for FUSE_HANDLE_KILLPRIV_V2. virtiofsd -can enable/disable this by specifying option "-o killpriv_v2/no_killpriv_v2". -By default this is enabled as long as client supports it - -Enabling this option helps with performance in write path. Without this -option, currently every write is first preceeded with a getxattr() operation -to find out if security.capability is set. (Write is supposed to clear -security.capability). With this option enabled, server is signing up for -clearing security.capability on every WRITE and also clearing suid/sgid -subject to certain rules. This gets rid of extra getxattr() call for every -WRITE and improves performance. This is true when virtiofsd is run with -option -o xattr. - -What does enabling FUSE_HANDLE_KILLPRIV_V2 mean for file server implementation. -It needs to adhere to following rules. Thanks to Miklos for this summary. - -- clear "security.capability" on write, truncate and chown unconditionally -- clear suid/sgid in case of following. Note, sgid is cleared only if - group executable bit is set. - o setattr has FATTR_SIZE and FATTR_KILL_SUIDGID set. - o setattr has FATTR_UID or FATTR_GID - o open has O_TRUNC and FUSE_OPEN_KILL_SUIDGID - o create has O_TRUNC and FUSE_OPEN_KILL_SUIDGID flag set. - o write has FUSE_WRITE_KILL_SUIDGID - ->From Linux VFS client perspective, here are the requirements. - -- caps are always cleared on chown/write/truncate -- suid is always cleared on chown, while for truncate/write it is cleared - only if caller does not have CAP_FSETID. -- sgid is always cleared on chown, while for truncate/write it is cleared - only if caller does not have CAP_FSETID as well as file has group execute - permission. - -virtiofsd implementation has not changed much to adhere to above ruls. And -reason being that current assumption is that we are running on Linux -and on top of filesystems like ext4/xfs which already follow above rules. -On write, truncate, chown, seucurity.capability is cleared. And virtiofsd -drops CAP_FSETID if need be and that will lead to clearing of suid/sgid. - -But if virtiofsd is running on top a filesystem which breaks above assumptions, -then it will have to take extra actions to emulate above. That's a TODO -for later when need arises. - -Note: create normally is supposed to be called only when file does not - exist. So generally there should not be any question of clearing - setuid/setgid. But it is possible that after client checks that - file is not present, some other client creates file on server - and this race can trigger sending FUSE_CREATE. In that case, if - O_TRUNC is set, we should clear suid/sgid if FUSE_OPEN_KILL_SUIDGID - is also set. - -v3: - - Resolved conflicts due to lo_inode_open() changes. - - Moved capability code in lo_do_open() so that both lo_open() and - lo_create() can benefit from common code. - - Dropped changes to kernel headers as these are part of qemu already. - -Signed-off-by: Vivek Goyal -Acked-by: Stefan Hajnoczi -Reviewed-by: Dr. David Alan Gilbert -Message-Id: <20210208224024.43555-3-vgoyal@redhat.com> -Signed-off-by: Dr. David Alan Gilbert -Signed-off-by: Bruce Rogers ---- - tools/virtiofsd/fuse_common.h | 15 ++++++ - tools/virtiofsd/fuse_lowlevel.c | 11 ++++- - tools/virtiofsd/fuse_lowlevel.h | 1 + - tools/virtiofsd/passthrough_ll.c | 84 +++++++++++++++++++++++++++++--- - 4 files changed, 103 insertions(+), 8 deletions(-) - -diff --git a/tools/virtiofsd/fuse_common.h b/tools/virtiofsd/fuse_common.h -index 5aee5193eb29ea10de8e6ce46b63..6f4a1ff3a9227964ea98d547d110 100644 ---- a/tools/virtiofsd/fuse_common.h -+++ b/tools/virtiofsd/fuse_common.h -@@ -359,6 +359,21 @@ struct fuse_file_info { - */ - #define FUSE_CAP_SUBMOUNTS (1 << 27) - -+/** -+ * Indicates that the filesystem is responsible for clearing -+ * security.capability xattr and clearing setuid and setgid bits. Following -+ * are the rules. -+ * - clear "security.capability" on write, truncate and chown unconditionally -+ * - clear suid/sgid if following is true. Note, sgid is cleared only if -+ * group executable bit is set. -+ * o setattr has FATTR_SIZE and FATTR_KILL_SUIDGID set. -+ * o setattr has FATTR_UID or FATTR_GID -+ * o open has O_TRUNC and FUSE_OPEN_KILL_SUIDGID -+ * o create has O_TRUNC and FUSE_OPEN_KILL_SUIDGID flag set. -+ * o write has FUSE_WRITE_KILL_SUIDGID -+ */ -+#define FUSE_CAP_HANDLE_KILLPRIV_V2 (1 << 28) -+ - /** - * Ioctl flags - * -diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c -index c70fb16a9a5313160a4cc53faf86..65f01a3fe31de0864948230b2e47 100644 ---- a/tools/virtiofsd/fuse_lowlevel.c -+++ b/tools/virtiofsd/fuse_lowlevel.c -@@ -865,7 +865,7 @@ static void do_setattr(fuse_req_t req, fuse_ino_t nodeid, - FUSE_SET_ATTR_GID | FUSE_SET_ATTR_SIZE | - FUSE_SET_ATTR_ATIME | FUSE_SET_ATTR_MTIME | - FUSE_SET_ATTR_ATIME_NOW | FUSE_SET_ATTR_MTIME_NOW | -- FUSE_SET_ATTR_CTIME; -+ FUSE_SET_ATTR_CTIME | FUSE_SET_ATTR_KILL_SUIDGID; - - req->se->op.setattr(req, nodeid, &stbuf, arg->valid, fi); - } else { -@@ -1079,6 +1079,7 @@ static void do_create(fuse_req_t req, fuse_ino_t nodeid, - - memset(&fi, 0, sizeof(fi)); - fi.flags = arg->flags; -+ fi.kill_priv = arg->open_flags & FUSE_OPEN_KILL_SUIDGID; - - req->ctx.umask = arg->umask; - -@@ -1102,6 +1103,7 @@ static void do_open(fuse_req_t req, fuse_ino_t nodeid, - - memset(&fi, 0, sizeof(fi)); - fi.flags = arg->flags; -+ fi.kill_priv = arg->open_flags & FUSE_OPEN_KILL_SUIDGID; - - if (req->se->op.open) { - req->se->op.open(req, nodeid, &fi); -@@ -1993,6 +1995,9 @@ static void do_init(fuse_req_t req, fuse_ino_t nodeid, - if (arg->flags & FUSE_SUBMOUNTS) { - se->conn.capable |= FUSE_CAP_SUBMOUNTS; - } -+ if (arg->flags & FUSE_HANDLE_KILLPRIV_V2) { -+ se->conn.capable |= FUSE_CAP_HANDLE_KILLPRIV_V2; -+ } - #ifdef HAVE_SPLICE - #ifdef HAVE_VMSPLICE - se->conn.capable |= FUSE_CAP_SPLICE_WRITE | FUSE_CAP_SPLICE_MOVE; -@@ -2124,6 +2129,10 @@ static void do_init(fuse_req_t req, fuse_ino_t nodeid, - outarg.congestion_threshold = se->conn.congestion_threshold; - outarg.time_gran = se->conn.time_gran; - -+ if (se->conn.want & FUSE_CAP_HANDLE_KILLPRIV_V2) { -+ outarg.flags |= FUSE_HANDLE_KILLPRIV_V2; -+ } -+ - fuse_log(FUSE_LOG_DEBUG, " INIT: %u.%u\n", outarg.major, outarg.minor); - fuse_log(FUSE_LOG_DEBUG, " flags=0x%08x\n", outarg.flags); - fuse_log(FUSE_LOG_DEBUG, " max_readahead=0x%08x\n", outarg.max_readahead); -diff --git a/tools/virtiofsd/fuse_lowlevel.h b/tools/virtiofsd/fuse_lowlevel.h -index 9c06240f9e61ea259241a3ec77e9..96d10defc8936b00e8410589a183 100644 ---- a/tools/virtiofsd/fuse_lowlevel.h -+++ b/tools/virtiofsd/fuse_lowlevel.h -@@ -146,6 +146,7 @@ struct fuse_forget_data { - #define FUSE_SET_ATTR_ATIME_NOW (1 << 7) - #define FUSE_SET_ATTR_MTIME_NOW (1 << 8) - #define FUSE_SET_ATTR_CTIME (1 << 10) -+#define FUSE_SET_ATTR_KILL_SUIDGID (1 << 11) - - /* - * Request methods and replies -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index 200a1d26bd11bcde5729c4f33195..f330fb72b93f24331174f52bf6b9 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -180,6 +180,7 @@ struct lo_data { - - /* An O_PATH file descriptor to /proc/self/fd/ */ - int proc_self_fd; -+ int user_killpriv_v2, killpriv_v2; - }; - - static const struct fuse_opt lo_opts[] = { -@@ -210,6 +211,8 @@ static const struct fuse_opt lo_opts[] = { - { "allow_direct_io", offsetof(struct lo_data, allow_direct_io), 1 }, - { "no_allow_direct_io", offsetof(struct lo_data, allow_direct_io), 0 }, - { "announce_submounts", offsetof(struct lo_data, announce_submounts), 1 }, -+ { "killpriv_v2", offsetof(struct lo_data, user_killpriv_v2), 1 }, -+ { "no_killpriv_v2", offsetof(struct lo_data, user_killpriv_v2), 0 }, - FUSE_OPT_END - }; - static bool use_syslog = false; -@@ -642,6 +645,34 @@ static void lo_init(void *userdata, struct fuse_conn_info *conn) - "does not support it\n"); - lo->announce_submounts = false; - } -+ -+ if (lo->user_killpriv_v2 == 1) { -+ /* -+ * User explicitly asked for this option. Enable it unconditionally. -+ * If connection does not have this capability, it should fail -+ * in fuse_lowlevel.c -+ */ -+ fuse_log(FUSE_LOG_DEBUG, "lo_init: enabling killpriv_v2\n"); -+ conn->want |= FUSE_CAP_HANDLE_KILLPRIV_V2; -+ lo->killpriv_v2 = 1; -+ } else if (lo->user_killpriv_v2 == -1 && -+ conn->capable & FUSE_CAP_HANDLE_KILLPRIV_V2) { -+ /* -+ * User did not specify a value for killpriv_v2. By default enable it -+ * if connection offers this capability -+ */ -+ fuse_log(FUSE_LOG_DEBUG, "lo_init: enabling killpriv_v2\n"); -+ conn->want |= FUSE_CAP_HANDLE_KILLPRIV_V2; -+ lo->killpriv_v2 = 1; -+ } else { -+ /* -+ * Either user specified to disable killpriv_v2, or connection does -+ * not offer this capability. Disable killpriv_v2 in both the cases -+ */ -+ fuse_log(FUSE_LOG_DEBUG, "lo_init: disabling killpriv_v2\n"); -+ conn->want &= ~FUSE_CAP_HANDLE_KILLPRIV_V2; -+ lo->killpriv_v2 = 0; -+ } - } - - static void lo_getattr(fuse_req_t req, fuse_ino_t ino, -@@ -726,7 +757,10 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, - } - if (valid & FUSE_SET_ATTR_SIZE) { - int truncfd; -+ bool kill_suidgid; -+ bool cap_fsetid_dropped = false; - -+ kill_suidgid = lo->killpriv_v2 && (valid & FUSE_SET_ATTR_KILL_SUIDGID); - if (fi) { - truncfd = fd; - } else { -@@ -737,8 +771,25 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, - } - } - -+ if (kill_suidgid) { -+ res = drop_effective_cap("FSETID", &cap_fsetid_dropped); -+ if (res != 0) { -+ saverr = res; -+ if (!fi) { -+ close(truncfd); -+ } -+ goto out_err; -+ } -+ } -+ - res = ftruncate(truncfd, attr->st_size); - saverr = res == -1 ? errno : 0; -+ -+ if (cap_fsetid_dropped) { -+ if (gain_effective_cap("FSETID")) { -+ fuse_log(FUSE_LOG_ERR, "Failed to gain CAP_FSETID\n"); -+ } -+ } - if (!fi) { - close(truncfd); - } -@@ -1719,11 +1770,27 @@ static int lo_do_open(struct lo_data *lo, struct lo_inode *inode, - { - ssize_t fh; - int fd = existing_fd; -+ int err; -+ bool cap_fsetid_dropped = false; -+ bool kill_suidgid = lo->killpriv_v2 && fi->kill_priv; - - update_open_flags(lo->writeback, lo->allow_direct_io, fi); - - if (fd < 0) { -+ if (kill_suidgid) { -+ err = drop_effective_cap("FSETID", &cap_fsetid_dropped); -+ if (err) { -+ return err; -+ } -+ } -+ - fd = lo_inode_open(lo, inode, fi->flags); -+ -+ if (cap_fsetid_dropped) { -+ if (gain_effective_cap("FSETID")) { -+ fuse_log(FUSE_LOG_ERR, "Failed to gain CAP_FSETID\n"); -+ } -+ } - if (fd < 0) { - return -fd; - } -@@ -1757,8 +1824,8 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, - int err; - struct lo_cred old = {}; - -- fuse_log(FUSE_LOG_DEBUG, "lo_create(parent=%" PRIu64 ", name=%s)\n", parent, -- name); -+ fuse_log(FUSE_LOG_DEBUG, "lo_create(parent=%" PRIu64 ", name=%s)" -+ " kill_priv=%d\n", parent, name, fi->kill_priv); - - if (!is_safe_path_component(name)) { - fuse_reply_err(req, EINVAL); -@@ -1981,8 +2048,8 @@ static void lo_open(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi) - struct lo_inode *inode = lo_inode(req, ino); - int err; - -- fuse_log(FUSE_LOG_DEBUG, "lo_open(ino=%" PRIu64 ", flags=%d)\n", ino, -- fi->flags); -+ fuse_log(FUSE_LOG_DEBUG, "lo_open(ino=%" PRIu64 ", flags=%d, kill_priv=%d)" -+ "\n", ino, fi->flags, fi->kill_priv); - - if (!inode) { - fuse_reply_err(req, EBADF); -@@ -2112,12 +2179,14 @@ static void lo_write_buf(fuse_req_t req, fuse_ino_t ino, - out_buf.buf[0].pos = off; - - fuse_log(FUSE_LOG_DEBUG, -- "lo_write_buf(ino=%" PRIu64 ", size=%zd, off=%lu)\n", ino, -- out_buf.buf[0].size, (unsigned long)off); -+ "lo_write_buf(ino=%" PRIu64 ", size=%zd, off=%lu kill_priv=%d)\n", -+ ino, out_buf.buf[0].size, (unsigned long)off, fi->kill_priv); - - /* - * If kill_priv is set, drop CAP_FSETID which should lead to kernel -- * clearing setuid/setgid on file. -+ * clearing setuid/setgid on file. Note, for WRITE, we need to do -+ * this even if killpriv_v2 is not enabled. fuse direct write path -+ * relies on this. - */ - if (fi->kill_priv) { - res = drop_effective_cap("FSETID", &cap_fsetid_dropped); -@@ -3496,6 +3565,7 @@ int main(int argc, char *argv[]) - .posix_lock = 0, - .allow_direct_io = 0, - .proc_self_fd = -1, -+ .user_killpriv_v2 = -1, - }; - struct lo_map_elem *root_elem; - struct lo_map_elem *reserve_elem; diff --git a/virtio-move-use-disabled-flag-property-t.patch b/virtio-move-use-disabled-flag-property-t.patch deleted file mode 100644 index d85e4686..00000000 --- a/virtio-move-use-disabled-flag-property-t.patch +++ /dev/null @@ -1,63 +0,0 @@ -From: Stefano Garzarella -Date: Fri, 8 Jan 2021 18:12:52 +0100 -Subject: virtio: move 'use-disabled-flag' property to hw_compat_4_2 - -Git-commit: c126b4c57e0164549de606ca35d1512762051083 - -Commit 9d7bd0826f introduced a new 'use-disabled-flag' property -set to true by default. -To allow the migration, we set this property to false in the hw_compat, -but in the wrong place (hw_compat_4_1). - -Since commit 9d7bd0826f was released with QEMU 5.0, we move -'use-disabled-flag' property to hw_compat_4_2, so 4.2 machine types -will have the pre-patch behavior and the migration can work. - -The issue was discovered with vhost-vsock device and 4.2 machine -type without running any kernel in the VM: - $ qemu-4.2 -M pc-q35-4.2,accel=kvm \ - -device vhost-vsock-pci,guest-cid=4 \ - -monitor stdio -incoming tcp:0:3333 - - $ qemu-5.2 -M pc-q35-4.2,accel=kvm \ - -device vhost-vsock-pci,guest-cid=3 \ - -monitor stdio - (qemu) migrate -d tcp:0:3333 - - # qemu-4.2 output - qemu-system-x86_64: Failed to load virtio-vhost_vsock:virtio - qemu-system-x86_64: error while loading state for instance 0x0 of device '0000:00:03.0/virtio-vhost_vsock' - qemu-system-x86_64: load of migration failed: No such file or directory - -Reported-by: Jing Zhao -Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1907255 -Fixes: 9d7bd0826f ("virtio-pci: disable vring processing when bus-mastering is disabled") -Cc: mdroth@linux.vnet.ibm.com -CC: qemu-stable@nongnu.org -Signed-off-by: Stefano Garzarella -Message-Id: <20210108171252.209502-1-sgarzare@redhat.com> -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Bruce Rogers ---- - hw/core/machine.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/core/machine.c b/hw/core/machine.c -index d0408049b53c795d095ca7ec8c28..9e83400ecbfdd1c8ab20a54ff39c 100644 ---- a/hw/core/machine.c -+++ b/hw/core/machine.c -@@ -62,12 +62,12 @@ GlobalProperty hw_compat_4_2[] = { - { "qxl", "revision", "4" }, - { "qxl-vga", "revision", "4" }, - { "fw_cfg", "acpi-mr-restore", "false" }, -+ { "virtio-device", "use-disabled-flag", "false" }, - }; - const size_t hw_compat_4_2_len = G_N_ELEMENTS(hw_compat_4_2); - - GlobalProperty hw_compat_4_1[] = { - { "virtio-pci", "x-pcie-flr-init", "off" }, -- { "virtio-device", "use-disabled-flag", "false" }, - }; - const size_t hw_compat_4_1_len = G_N_ELEMENTS(hw_compat_4_1); - diff --git a/virtio-pci-compat-page-aligned-ATS.patch b/virtio-pci-compat-page-aligned-ATS.patch deleted file mode 100644 index 573fef56..00000000 --- a/virtio-pci-compat-page-aligned-ATS.patch +++ /dev/null @@ -1,134 +0,0 @@ -From: Jason Wang -Date: Tue, 6 Apr 2021 12:03:30 +0800 -Subject: virtio-pci: compat page aligned ATS - -Git-commit: d83f46d189a26fa32434139954d264326f199a45 - -Commit 4c70875372b8 ("pci: advertise a page aligned ATS") advertises -the page aligned via ATS capability (RO) to unbrek recent Linux IOMMU -drivers since 5.2. But it forgot the compat the capability which -breaks the migration from old machine type: - -(qemu) qemu-kvm: get_pci_config_device: Bad config data: i=0x104 read: -0 device: 20 cmask: ff wmask: 0 w1cmask:0 - -This patch introduces a new parameter "x-ats-page-aligned" for -virtio-pci device and turns it on for machine type which is newer than -5.1. - -Cc: Michael S. Tsirkin -Cc: Peter Xu -Cc: Dr. David Alan Gilbert -Cc: qemu-stable@nongnu.org -Fixes: 4c70875372b8 ("pci: advertise a page aligned ATS") -Signed-off-by: Jason Wang -Message-Id: <20210406040330.11306-1-jasowang@redhat.com> -Reviewed-by: Michael S. Tsirkin -Signed-off-by: Michael S. Tsirkin -Signed-off-by: Bruce Rogers ---- - hw/core/machine.c | 1 + - hw/pci/pcie.c | 10 ++++++---- - hw/virtio/virtio-pci.c | 5 ++++- - hw/virtio/virtio-pci.h | 5 +++++ - include/hw/pci/pcie.h | 2 +- - 5 files changed, 17 insertions(+), 6 deletions(-) - -diff --git a/hw/core/machine.c b/hw/core/machine.c -index 72ceba57def38ca9dd5c683a71c4..7e99d0a05bdf1a7c898bc8923a77 100644 ---- a/hw/core/machine.c -+++ b/hw/core/machine.c -@@ -37,6 +37,7 @@ GlobalProperty hw_compat_5_1[] = { - { "nvme", "use-intel-id", "on"}, - { "pvpanic", "events", "1"}, /* PVPANIC_PANICKED */ - { "pl011", "migrate-clk", "off" }, -+ { "virtio-pci", "x-ats-page-aligned", "off"}, - }; - const size_t hw_compat_5_1_len = G_N_ELEMENTS(hw_compat_5_1); - -diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c -index d4010cf8f36178758315627d56bb..8bbabd6e2bb7b03c0f786e977fbf 100644 ---- a/hw/pci/pcie.c -+++ b/hw/pci/pcie.c -@@ -964,16 +964,18 @@ void pcie_dev_ser_num_init(PCIDevice *dev, uint16_t offset, uint64_t ser_num) - pci_set_quad(dev->config + offset + pci_dsn_cap, ser_num); - } - --void pcie_ats_init(PCIDevice *dev, uint16_t offset) -+void pcie_ats_init(PCIDevice *dev, uint16_t offset, bool aligned) - { - pcie_add_capability(dev, PCI_EXT_CAP_ID_ATS, 0x1, - offset, PCI_EXT_CAP_ATS_SIZEOF); - - dev->exp.ats_cap = offset; - -- /* Invalidate Queue Depth 0, Page Aligned Request 1 */ -- pci_set_word(dev->config + offset + PCI_ATS_CAP, -- PCI_ATS_CAP_PAGE_ALIGNED); -+ /* Invalidate Queue Depth 0 */ -+ if (aligned) { -+ pci_set_word(dev->config + offset + PCI_ATS_CAP, -+ PCI_ATS_CAP_PAGE_ALIGNED); -+ } - /* STU 0, Disabled by default */ - pci_set_word(dev->config + offset + PCI_ATS_CTRL, 0); - -diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c -index f863f69ede4f4bf1c09fc39a5035..b7ab325ae99176ae18ee64a0bfa5 100644 ---- a/hw/virtio/virtio-pci.c -+++ b/hw/virtio/virtio-pci.c -@@ -1840,7 +1840,8 @@ static void virtio_pci_realize(PCIDevice *pci_dev, Error **errp) - } - - if (proxy->flags & VIRTIO_PCI_FLAG_ATS) { -- pcie_ats_init(pci_dev, last_pcie_cap_offset); -+ pcie_ats_init(pci_dev, last_pcie_cap_offset, -+ proxy->flags & VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED); - last_pcie_cap_offset += PCI_EXT_CAP_ATS_SIZEOF; - } - -@@ -1917,6 +1918,8 @@ static Property virtio_pci_properties[] = { - ignore_backend_features, false), - DEFINE_PROP_BIT("ats", VirtIOPCIProxy, flags, - VIRTIO_PCI_FLAG_ATS_BIT, false), -+ DEFINE_PROP_BIT("x-ats-page-aligned", VirtIOPCIProxy, flags, -+ VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED_BIT, true), - DEFINE_PROP_BIT("x-pcie-deverr-init", VirtIOPCIProxy, flags, - VIRTIO_PCI_FLAG_INIT_DEVERR_BIT, true), - DEFINE_PROP_BIT("x-pcie-lnkctl-init", VirtIOPCIProxy, flags, -diff --git a/hw/virtio/virtio-pci.h b/hw/virtio/virtio-pci.h -index d7d5d403a9483f5f7e0f0f9b4110..2446dcd9aef197964b59f83b6183 100644 ---- a/hw/virtio/virtio-pci.h -+++ b/hw/virtio/virtio-pci.h -@@ -42,6 +42,7 @@ enum { - VIRTIO_PCI_FLAG_INIT_PM_BIT, - VIRTIO_PCI_FLAG_INIT_FLR_BIT, - VIRTIO_PCI_FLAG_AER_BIT, -+ VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED_BIT, - }; - - /* Need to activate work-arounds for buggy guests at vmstate load. */ -@@ -84,6 +85,10 @@ enum { - /* Advanced Error Reporting capability */ - #define VIRTIO_PCI_FLAG_AER (1 << VIRTIO_PCI_FLAG_AER_BIT) - -+/* Page Aligned Address space Translation Service */ -+#define VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED \ -+ (1 << VIRTIO_PCI_FLAG_ATS_PAGE_ALIGNED_BIT) -+ - typedef struct { - MSIMessage msg; - int virq; -diff --git a/include/hw/pci/pcie.h b/include/hw/pci/pcie.h -index 14c58ebdb6ec1fd5dc3c8563fed9..6063bee0ec632c563f236f520aef 100644 ---- a/include/hw/pci/pcie.h -+++ b/include/hw/pci/pcie.h -@@ -137,7 +137,7 @@ void pcie_acs_reset(PCIDevice *dev); - - void pcie_ari_init(PCIDevice *dev, uint16_t offset, uint16_t nextfn); - void pcie_dev_ser_num_init(PCIDevice *dev, uint16_t offset, uint64_t ser_num); --void pcie_ats_init(PCIDevice *dev, uint16_t offset); -+void pcie_ats_init(PCIDevice *dev, uint16_t offset, bool aligned); - - void pcie_cap_slot_pre_plug_cb(HotplugHandler *hotplug_dev, DeviceState *dev, - Error **errp); diff --git a/virtiofs-drop-remapped-security.capabili.patch b/virtiofs-drop-remapped-security.capabili.patch deleted file mode 100644 index 400bce31..00000000 --- a/virtiofs-drop-remapped-security.capabili.patch +++ /dev/null @@ -1,208 +0,0 @@ -From: "Dr. David Alan Gilbert" -Date: Wed, 24 Feb 2021 19:56:25 +0000 -Subject: virtiofs: drop remapped security.capability xattr as needed - -Git-commit: e586edcb410543768ef009eaa22a2d9dd4a53846 -References: bsc#1183373, CVE-2021-20263 - -On Linux, the 'security.capability' xattr holds a set of -capabilities that can change when an executable is run, giving -a limited form of privilege escalation to those programs that -the writer of the file deemed worthy. - -Any write causes the 'security.capability' xattr to be dropped, -stopping anyone from gaining privilege by modifying a blessed -file. - -Fuse relies on the daemon to do this dropping, and in turn the -daemon relies on the host kernel to drop the xattr for it. However, -with the addition of -o xattrmap, the xattr that the guest -stores its capabilities in is now not the same as the one that -the host kernel automatically clears. - -Where the mapping changes 'security.capability', explicitly clear -the remapped name to preserve the same behaviour. - -This bug is assigned CVE-2021-20263. - -Signed-off-by: Dr. David Alan Gilbert -Reviewed-by: Vivek Goyal -Signed-off-by: Bruce Rogers ---- - docs/tools/virtiofsd.rst | 4 ++ - tools/virtiofsd/passthrough_ll.c | 77 +++++++++++++++++++++++++++++++- - 2 files changed, 80 insertions(+), 1 deletion(-) - -diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst -index 866b7db3eed36302bc96bbef8184..00554c75bd75785689e08a16086d 100644 ---- a/docs/tools/virtiofsd.rst -+++ b/docs/tools/virtiofsd.rst -@@ -228,6 +228,10 @@ The 'map' type adds a number of separate rules to add **prepend** as a prefix - to the matched **key** (or all attributes if **key** is empty). - There may be at most one 'map' rule and it must be the last rule in the set. - -+Note: When the 'security.capability' xattr is remapped, the daemon has to do -+extra work to remove it during many operations, which the host kernel normally -+does itself. -+ - xattr-mapping Examples - ---------------------- - -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index f330fb72b93f24331174f52bf6b9..c18475e94635ad189f54ed400aff 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -160,6 +160,7 @@ struct lo_data { - int posix_lock; - int xattr; - char *xattrmap; -+ char *xattr_security_capability; - char *source; - char *modcaps; - double timeout; -@@ -229,6 +230,8 @@ static __thread bool cap_loaded = 0; - - static struct lo_inode *lo_find(struct lo_data *lo, struct stat *st, - uint64_t mnt_id); -+static int xattr_map_client(const struct lo_data *lo, const char *client_name, -+ char **out_name); - - static int is_dot_or_dotdot(const char *name) - { -@@ -368,6 +371,37 @@ out: - return ret; - } - -+/* -+ * The host kernel normally drops security.capability xattr's on -+ * any write, however if we're remapping xattr names we need to drop -+ * whatever the clients security.capability is actually stored as. -+ */ -+static int drop_security_capability(const struct lo_data *lo, int fd) -+{ -+ if (!lo->xattr_security_capability) { -+ /* We didn't remap the name, let the host kernel do it */ -+ return 0; -+ } -+ if (!fremovexattr(fd, lo->xattr_security_capability)) { -+ /* All good */ -+ return 0; -+ } -+ -+ switch (errno) { -+ case ENODATA: -+ /* Attribute didn't exist, that's fine */ -+ return 0; -+ -+ case ENOTSUP: -+ /* FS didn't support attribute anyway, also fine */ -+ return 0; -+ -+ default: -+ /* Hmm other error */ -+ return errno; -+ } -+} -+ - static void lo_map_init(struct lo_map *map) - { - map->elems = NULL; -@@ -749,6 +783,11 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, - uid_t uid = (valid & FUSE_SET_ATTR_UID) ? attr->st_uid : (uid_t)-1; - gid_t gid = (valid & FUSE_SET_ATTR_GID) ? attr->st_gid : (gid_t)-1; - -+ saverr = drop_security_capability(lo, ifd); -+ if (saverr) { -+ goto out_err; -+ } -+ - res = fchownat(ifd, "", uid, gid, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW); - if (res == -1) { - saverr = errno; -@@ -771,6 +810,14 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, - } - } - -+ saverr = drop_security_capability(lo, truncfd); -+ if (saverr) { -+ if (!fi) { -+ close(truncfd); -+ } -+ goto out_err; -+ } -+ - if (kill_suidgid) { - res = drop_effective_cap("FSETID", &cap_fsetid_dropped); - if (res != 0) { -@@ -1794,6 +1841,13 @@ static int lo_do_open(struct lo_data *lo, struct lo_inode *inode, - if (fd < 0) { - return -fd; - } -+ if (fi->flags & (O_TRUNC)) { -+ int err = drop_security_capability(lo, fd); -+ if (err) { -+ close(fd); -+ return err; -+ } -+ } - } - - pthread_mutex_lock(&lo->mutex); -@@ -2182,6 +2236,12 @@ static void lo_write_buf(fuse_req_t req, fuse_ino_t ino, - "lo_write_buf(ino=%" PRIu64 ", size=%zd, off=%lu kill_priv=%d)\n", - ino, out_buf.buf[0].size, (unsigned long)off, fi->kill_priv); - -+ res = drop_security_capability(lo_data(req), out_buf.buf[0].fd); -+ if (res) { -+ fuse_reply_err(req, res); -+ return; -+ } -+ - /* - * If kill_priv is set, drop CAP_FSETID which should lead to kernel - * clearing setuid/setgid on file. Note, for WRITE, we need to do -@@ -2423,6 +2483,7 @@ static void parse_xattrmap(struct lo_data *lo) - { - const char *map = lo->xattrmap; - const char *tmp; -+ int ret; - - lo->xattr_map_nentries = 0; - while (*map) { -@@ -2453,7 +2514,7 @@ static void parse_xattrmap(struct lo_data *lo) - * the last entry. - */ - parse_xattrmap_map(lo, map, sep); -- return; -+ break; - } else { - fuse_log(FUSE_LOG_ERR, - "%s: Unexpected type;" -@@ -2522,6 +2583,19 @@ static void parse_xattrmap(struct lo_data *lo) - fuse_log(FUSE_LOG_ERR, "Empty xattr map\n"); - exit(1); - } -+ -+ ret = xattr_map_client(lo, "security.capability", -+ &lo->xattr_security_capability); -+ if (ret) { -+ fuse_log(FUSE_LOG_ERR, "Failed to map security.capability: %s\n", -+ strerror(ret)); -+ exit(1); -+ } -+ if (!strcmp(lo->xattr_security_capability, "security.capability")) { -+ /* 1-1 mapping, don't need to do anything */ -+ free(lo->xattr_security_capability); -+ lo->xattr_security_capability = NULL; -+ } - } - - /* -@@ -3550,6 +3624,7 @@ static void fuse_lo_data_cleanup(struct lo_data *lo) - - free(lo->xattrmap); - free_xattrmap(lo); -+ free(lo->xattr_security_capability); - free(lo->source); - } - diff --git a/virtiofsd-Save-error-code-early-at-the-f.patch b/virtiofsd-Save-error-code-early-at-the-f.patch deleted file mode 100644 index c79e293d..00000000 --- a/virtiofsd-Save-error-code-early-at-the-f.patch +++ /dev/null @@ -1,87 +0,0 @@ -From: Vivek Goyal -Date: Mon, 8 Feb 2021 17:40:23 -0500 -Subject: virtiofsd: Save error code early at the failure callsite - -Git-commit: 1e08f164e9fdc9528ad6990012301b9a04b0bc90 -References: bsc#1183373, CVE-2021-20263 - -Change error code handling slightly in lo_setattr(). Right now we seem -to jump to out_err and assume that "errno" is valid and use that to -send reply. - -But if caller has to do some other operations before jumping to out_err, -then it does the dance of first saving errno to saverr and the restore -errno before jumping to out_err. This makes it more confusing. - -I am about to make more changes where caller will have to do some -work after error before jumping to out_err. I found it easier to -change the convention a bit. That is caller saves error in "saverr" -before jumping to out_err. And out_err uses "saverr" to send error -back and does not rely on "errno" having actual error. - -v3: Resolved conflicts in lo_setattr() due to lo_inode_open() changes. - -Signed-off-by: Vivek Goyal -Reviewed-by: Dr. David Alan Gilbert -Message-Id: <20210208224024.43555-2-vgoyal@redhat.com> -Signed-off-by: Dr. David Alan Gilbert -Signed-off-by: Bruce Rogers ---- - tools/virtiofsd/passthrough_ll.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index 90f5281f10ab747098e57a3157c1..200a1d26bd11bcde5729c4f33195 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -710,6 +710,7 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, - res = fchmodat(lo->proc_self_fd, procname, attr->st_mode, 0); - } - if (res == -1) { -+ saverr = errno; - goto out_err; - } - } -@@ -719,6 +720,7 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, - - res = fchownat(ifd, "", uid, gid, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW); - if (res == -1) { -+ saverr = errno; - goto out_err; - } - } -@@ -730,16 +732,15 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, - } else { - truncfd = lo_inode_open(lo, inode, O_RDWR); - if (truncfd < 0) { -- errno = -truncfd; -+ saverr = -truncfd; - goto out_err; - } - } - - res = ftruncate(truncfd, attr->st_size); -+ saverr = res == -1 ? errno : 0; - if (!fi) { -- saverr = errno; - close(truncfd); -- errno = saverr; - } - if (res == -1) { - goto out_err; -@@ -772,6 +773,7 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, - res = utimensat(lo->proc_self_fd, procname, tv, 0); - } - if (res == -1) { -+ saverr = errno; - goto out_err; - } - } -@@ -780,7 +782,6 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, - return lo_getattr(req, ino, fi); - - out_err: -- saverr = errno; - lo_inode_put(lo, &inode); - fuse_reply_err(req, saverr); - } diff --git a/virtiofsd-extract-lo_do_open-from-lo_ope.patch b/virtiofsd-extract-lo_do_open-from-lo_ope.patch deleted file mode 100644 index a02b15a8..00000000 --- a/virtiofsd-extract-lo_do_open-from-lo_ope.patch +++ /dev/null @@ -1,145 +0,0 @@ -From: Stefan Hajnoczi -Date: Thu, 4 Feb 2021 15:02:06 +0000 -Subject: virtiofsd: extract lo_do_open() from lo_open() - -Git-commit: 8afaaee976965b7fb90ec225a51d60f35c5f173c -References: bsc#1183373, CVE-2021-20263 - -Both lo_open() and lo_create() have similar code to open a file. Extract -a common lo_do_open() function from lo_open() that will be used by -lo_create() in a later commit. - -Since lo_do_open() does not otherwise need fuse_req_t req, convert -lo_add_fd_mapping() to use struct lo_data *lo instead. - -Signed-off-by: Stefan Hajnoczi -Message-Id: <20210204150208.367837-2-stefanha@redhat.com> -Reviewed-by: Greg Kurz -Signed-off-by: Dr. David Alan Gilbert -Signed-off-by: Bruce Rogers ---- - tools/virtiofsd/passthrough_ll.c | 73 ++++++++++++++++++++------------ - 1 file changed, 46 insertions(+), 27 deletions(-) - -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index 97485b22b4114228e622a0b256d9..218e20e9d7901f22e26ef8dc56c2 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -471,17 +471,17 @@ static void lo_map_remove(struct lo_map *map, size_t key) - } - - /* Assumes lo->mutex is held */ --static ssize_t lo_add_fd_mapping(fuse_req_t req, int fd) -+static ssize_t lo_add_fd_mapping(struct lo_data *lo, int fd) - { - struct lo_map_elem *elem; - -- elem = lo_map_alloc_elem(&lo_data(req)->fd_map); -+ elem = lo_map_alloc_elem(&lo->fd_map); - if (!elem) { - return -1; - } - - elem->fd = fd; -- return elem - lo_data(req)->fd_map.elems; -+ return elem - lo->fd_map.elems; - } - - /* Assumes lo->mutex is held */ -@@ -1661,6 +1661,38 @@ static void update_open_flags(int writeback, int allow_direct_io, - } - } - -+static int lo_do_open(struct lo_data *lo, struct lo_inode *inode, -+ struct fuse_file_info *fi) -+{ -+ char buf[64]; -+ ssize_t fh; -+ int fd; -+ -+ update_open_flags(lo->writeback, lo->allow_direct_io, fi); -+ -+ sprintf(buf, "%i", inode->fd); -+ fd = openat(lo->proc_self_fd, buf, fi->flags & ~O_NOFOLLOW); -+ if (fd == -1) { -+ return errno; -+ } -+ -+ pthread_mutex_lock(&lo->mutex); -+ fh = lo_add_fd_mapping(lo, fd); -+ pthread_mutex_unlock(&lo->mutex); -+ if (fh == -1) { -+ close(fd); -+ return ENOMEM; -+ } -+ -+ fi->fh = fh; -+ if (lo->cache == CACHE_NONE) { -+ fi->direct_io = 1; -+ } else if (lo->cache == CACHE_ALWAYS) { -+ fi->keep_cache = 1; -+ } -+ return 0; -+} -+ - static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, - mode_t mode, struct fuse_file_info *fi) - { -@@ -1701,7 +1733,7 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, - ssize_t fh; - - pthread_mutex_lock(&lo->mutex); -- fh = lo_add_fd_mapping(req, fd); -+ fh = lo_add_fd_mapping(lo, fd); - pthread_mutex_unlock(&lo->mutex); - if (fh == -1) { - close(fd); -@@ -1892,38 +1924,25 @@ static void lo_fsyncdir(fuse_req_t req, fuse_ino_t ino, int datasync, - - static void lo_open(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi) - { -- int fd; -- ssize_t fh; -- char buf[64]; - struct lo_data *lo = lo_data(req); -+ struct lo_inode *inode = lo_inode(req, ino); -+ int err; - - fuse_log(FUSE_LOG_DEBUG, "lo_open(ino=%" PRIu64 ", flags=%d)\n", ino, - fi->flags); - -- update_open_flags(lo->writeback, lo->allow_direct_io, fi); -- -- sprintf(buf, "%i", lo_fd(req, ino)); -- fd = openat(lo->proc_self_fd, buf, fi->flags & ~O_NOFOLLOW); -- if (fd == -1) { -- return (void)fuse_reply_err(req, errno); -- } -- -- pthread_mutex_lock(&lo->mutex); -- fh = lo_add_fd_mapping(req, fd); -- pthread_mutex_unlock(&lo->mutex); -- if (fh == -1) { -- close(fd); -- fuse_reply_err(req, ENOMEM); -+ if (!inode) { -+ fuse_reply_err(req, EBADF); - return; - } - -- fi->fh = fh; -- if (lo->cache == CACHE_NONE) { -- fi->direct_io = 1; -- } else if (lo->cache == CACHE_ALWAYS) { -- fi->keep_cache = 1; -+ err = lo_do_open(lo, inode, fi); -+ lo_inode_put(lo, &inode); -+ if (err) { -+ fuse_reply_err(req, err); -+ } else { -+ fuse_reply_open(req, fi); - } -- fuse_reply_open(req, fi); - } - - static void lo_release(fuse_req_t req, fuse_ino_t ino, diff --git a/virtiofsd-optionally-return-inode-pointe.patch b/virtiofsd-optionally-return-inode-pointe.patch deleted file mode 100644 index d9ef4d2d..00000000 --- a/virtiofsd-optionally-return-inode-pointe.patch +++ /dev/null @@ -1,108 +0,0 @@ -From: Stefan Hajnoczi -Date: Thu, 4 Feb 2021 15:02:07 +0000 -Subject: virtiofsd: optionally return inode pointer from lo_do_lookup() - -Git-commit: 22d2ece71e533310da31f2857ebc4a00d91968b3 -References: bsc#1183373, CVE-2021-20263 - -lo_do_lookup() finds an existing inode or allocates a new one. It -increments nlookup so that the inode stays alive until the client -releases it. - -Existing callers don't need the struct lo_inode so the function doesn't -return it. Extend the function to optionally return the inode. The next -commit will need it. - -Signed-off-by: Stefan Hajnoczi -Reviewed-by: Greg Kurz -Message-Id: <20210204150208.367837-3-stefanha@redhat.com> -Signed-off-by: Dr. David Alan Gilbert -Signed-off-by: Bruce Rogers ---- - tools/virtiofsd/passthrough_ll.c | 29 +++++++++++++++++++++-------- - 1 file changed, 21 insertions(+), 8 deletions(-) - -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index 218e20e9d7901f22e26ef8dc56c2..2bd050b6202e41476dc1cdce811a 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -843,11 +843,13 @@ static int do_statx(struct lo_data *lo, int dirfd, const char *pathname, - } - - /* -- * Increments nlookup and caller must release refcount using -- * lo_inode_put(&parent). -+ * Increments nlookup on the inode on success. unref_inode_lolocked() must be -+ * called eventually to decrement nlookup again. If inodep is non-NULL, the -+ * inode pointer is stored and the caller must call lo_inode_put(). - */ - static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, -- struct fuse_entry_param *e) -+ struct fuse_entry_param *e, -+ struct lo_inode **inodep) - { - int newfd; - int res; -@@ -857,6 +859,10 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, - struct lo_inode *inode = NULL; - struct lo_inode *dir = lo_inode(req, parent); - -+ if (inodep) { -+ *inodep = NULL; -+ } -+ - /* - * name_to_handle_at() and open_by_handle_at() can reach here with fuse - * mount point in guest, but we don't have its inode info in the -@@ -924,7 +930,14 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, - pthread_mutex_unlock(&lo->mutex); - } - e->ino = inode->fuse_ino; -- lo_inode_put(lo, &inode); -+ -+ /* Transfer ownership of inode pointer to caller or drop it */ -+ if (inodep) { -+ *inodep = inode; -+ } else { -+ lo_inode_put(lo, &inode); -+ } -+ - lo_inode_put(lo, &dir); - - fuse_log(FUSE_LOG_DEBUG, " %lli/%s -> %lli\n", (unsigned long long)parent, -@@ -959,7 +972,7 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name) - return; - } - -- err = lo_do_lookup(req, parent, name, &e); -+ err = lo_do_lookup(req, parent, name, &e, NULL); - if (err) { - fuse_reply_err(req, err); - } else { -@@ -1067,7 +1080,7 @@ static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent, - goto out; - } - -- saverr = lo_do_lookup(req, parent, name, &e); -+ saverr = lo_do_lookup(req, parent, name, &e, NULL); - if (saverr) { - goto out; - } -@@ -1544,7 +1557,7 @@ static void lo_do_readdir(fuse_req_t req, fuse_ino_t ino, size_t size, - - if (plus) { - if (!is_dot_or_dotdot(name)) { -- err = lo_do_lookup(req, ino, name, &e); -+ err = lo_do_lookup(req, ino, name, &e, NULL); - if (err) { - goto error; - } -@@ -1742,7 +1755,7 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, - } - - fi->fh = fh; -- err = lo_do_lookup(req, parent, name, &e); -+ err = lo_do_lookup(req, parent, name, &e, NULL); - } - if (lo->cache == CACHE_NONE) { - fi->direct_io = 1; diff --git a/virtiofsd-prevent-opening-of-special-fil.patch b/virtiofsd-prevent-opening-of-special-fil.patch deleted file mode 100644 index da714eee..00000000 --- a/virtiofsd-prevent-opening-of-special-fil.patch +++ /dev/null @@ -1,298 +0,0 @@ -From: Stefan Hajnoczi -Date: Thu, 4 Feb 2021 15:02:08 +0000 -Subject: virtiofsd: prevent opening of special files (CVE-2020-35517) - -Git-commit: a3fdbbc7f271bff7d53d0501b29d910ece0b3789 -References: bsc#1183373, CVE-2021-20263 - -A well-behaved FUSE client does not attempt to open special files with -FUSE_OPEN because they are handled on the client side (e.g. device nodes -are handled by client-side device drivers). - -The check to prevent virtiofsd from opening special files is missing in -a few cases, most notably FUSE_OPEN. A malicious client can cause -virtiofsd to open a device node, potentially allowing the guest to -escape. This can be exploited by a modified guest device driver. It is -not exploitable from guest userspace since the guest kernel will handle -special files inside the guest instead of sending FUSE requests. - -This patch fixes this issue by introducing the lo_inode_open() function -to check the file type before opening it. This is a short-term solution -because it does not prevent a compromised virtiofsd process from opening -device nodes on the host. - -Restructure lo_create() to try O_CREAT | O_EXCL first. Note that O_CREAT -| O_EXCL does not follow symlinks, so O_NOFOLLOW masking is not -necessary here. If the file exists and the user did not specify O_EXCL, -open it via lo_do_open(). - -Reported-by: Alex Xu -Fixes: CVE-2020-35517 -Reviewed-by: Dr. David Alan Gilbert -Reviewed-by: Vivek Goyal -Reviewed-by: Greg Kurz -Signed-off-by: Stefan Hajnoczi -Message-Id: <20210204150208.367837-4-stefanha@redhat.com> -Signed-off-by: Dr. David Alan Gilbert -Signed-off-by: Bruce Rogers ---- - tools/virtiofsd/passthrough_ll.c | 144 ++++++++++++++++++++----------- - 1 file changed, 92 insertions(+), 52 deletions(-) - -diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c -index 2bd050b6202e41476dc1cdce811a..03c5e0d13c35849ec90d32fa38a2 100644 ---- a/tools/virtiofsd/passthrough_ll.c -+++ b/tools/virtiofsd/passthrough_ll.c -@@ -567,6 +567,38 @@ static int lo_fd(fuse_req_t req, fuse_ino_t ino) - return fd; - } - -+/* -+ * Open a file descriptor for an inode. Returns -EBADF if the inode is not a -+ * regular file or a directory. -+ * -+ * Use this helper function instead of raw openat(2) to prevent security issues -+ * when a malicious client opens special files such as block device nodes. -+ * Symlink inodes are also rejected since symlinks must already have been -+ * traversed on the client side. -+ */ -+static int lo_inode_open(struct lo_data *lo, struct lo_inode *inode, -+ int open_flags) -+{ -+ g_autofree char *fd_str = g_strdup_printf("%d", inode->fd); -+ int fd; -+ -+ if (!S_ISREG(inode->filetype) && !S_ISDIR(inode->filetype)) { -+ return -EBADF; -+ } -+ -+ /* -+ * The file is a symlink so O_NOFOLLOW must be ignored. We checked earlier -+ * that the inode is not a special file but if an external process races -+ * with us then symlinks are traversed here. It is not possible to escape -+ * the shared directory since it is mounted as "/" though. -+ */ -+ fd = openat(lo->proc_self_fd, fd_str, open_flags & ~O_NOFOLLOW); -+ if (fd < 0) { -+ return -errno; -+ } -+ return fd; -+} -+ - static void lo_init(void *userdata, struct fuse_conn_info *conn) - { - struct lo_data *lo = (struct lo_data *)userdata; -@@ -696,9 +728,9 @@ static void lo_setattr(fuse_req_t req, fuse_ino_t ino, struct stat *attr, - if (fi) { - truncfd = fd; - } else { -- sprintf(procname, "%i", ifd); -- truncfd = openat(lo->proc_self_fd, procname, O_RDWR); -+ truncfd = lo_inode_open(lo, inode, O_RDWR); - if (truncfd < 0) { -+ errno = -truncfd; - goto out_err; - } - } -@@ -860,7 +892,7 @@ static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name, - struct lo_inode *dir = lo_inode(req, parent); - - if (inodep) { -- *inodep = NULL; -+ *inodep = NULL; /* in case there is an error */ - } - - /* -@@ -1674,19 +1706,26 @@ static void update_open_flags(int writeback, int allow_direct_io, - } - } - -+/* -+ * Open a regular file, set up an fd mapping, and fill out the struct -+ * fuse_file_info for it. If existing_fd is not negative, use that fd instead -+ * opening a new one. Takes ownership of existing_fd. -+ * -+ * Returns 0 on success or a positive errno. -+ */ - static int lo_do_open(struct lo_data *lo, struct lo_inode *inode, -- struct fuse_file_info *fi) -+ int existing_fd, struct fuse_file_info *fi) - { -- char buf[64]; - ssize_t fh; -- int fd; -+ int fd = existing_fd; - - update_open_flags(lo->writeback, lo->allow_direct_io, fi); - -- sprintf(buf, "%i", inode->fd); -- fd = openat(lo->proc_self_fd, buf, fi->flags & ~O_NOFOLLOW); -- if (fd == -1) { -- return errno; -+ if (fd < 0) { -+ fd = lo_inode_open(lo, inode, fi->flags); -+ if (fd < 0) { -+ return -fd; -+ } - } - - pthread_mutex_lock(&lo->mutex); -@@ -1709,9 +1748,10 @@ static int lo_do_open(struct lo_data *lo, struct lo_inode *inode, - static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, - mode_t mode, struct fuse_file_info *fi) - { -- int fd; -+ int fd = -1; - struct lo_data *lo = lo_data(req); - struct lo_inode *parent_inode; -+ struct lo_inode *inode = NULL; - struct fuse_entry_param e; - int err; - struct lo_cred old = {}; -@@ -1737,36 +1777,38 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name, - - update_open_flags(lo->writeback, lo->allow_direct_io, fi); - -- fd = openat(parent_inode->fd, name, (fi->flags | O_CREAT) & ~O_NOFOLLOW, -- mode); -+ /* Try to create a new file but don't open existing files */ -+ fd = openat(parent_inode->fd, name, fi->flags | O_CREAT | O_EXCL, mode); - err = fd == -1 ? errno : 0; -- lo_restore_cred(&old); - -- if (!err) { -- ssize_t fh; -+ lo_restore_cred(&old); - -- pthread_mutex_lock(&lo->mutex); -- fh = lo_add_fd_mapping(lo, fd); -- pthread_mutex_unlock(&lo->mutex); -- if (fh == -1) { -- close(fd); -- err = ENOMEM; -- goto out; -- } -+ /* Ignore the error if file exists and O_EXCL was not given */ -+ if (err && (err != EEXIST || (fi->flags & O_EXCL))) { -+ goto out; -+ } - -- fi->fh = fh; -- err = lo_do_lookup(req, parent, name, &e, NULL); -+ err = lo_do_lookup(req, parent, name, &e, &inode); -+ if (err) { -+ goto out; - } -- if (lo->cache == CACHE_NONE) { -- fi->direct_io = 1; -- } else if (lo->cache == CACHE_ALWAYS) { -- fi->keep_cache = 1; -+ -+ err = lo_do_open(lo, inode, fd, fi); -+ fd = -1; /* lo_do_open() takes ownership of fd */ -+ if (err) { -+ /* Undo lo_do_lookup() nlookup ref */ -+ unref_inode_lolocked(lo, inode, 1); - } - - out: -+ lo_inode_put(lo, &inode); - lo_inode_put(lo, &parent_inode); - - if (err) { -+ if (fd >= 0) { -+ close(fd); -+ } -+ - fuse_reply_err(req, err); - } else { - fuse_reply_create(req, &e, fi); -@@ -1780,7 +1822,6 @@ static struct lo_inode_plock *lookup_create_plock_ctx(struct lo_data *lo, - pid_t pid, int *err) - { - struct lo_inode_plock *plock; -- char procname[64]; - int fd; - - plock = -@@ -1797,12 +1838,10 @@ static struct lo_inode_plock *lookup_create_plock_ctx(struct lo_data *lo, - } - - /* Open another instance of file which can be used for ofd locks. */ -- sprintf(procname, "%i", inode->fd); -- - /* TODO: What if file is not writable? */ -- fd = openat(lo->proc_self_fd, procname, O_RDWR); -- if (fd == -1) { -- *err = errno; -+ fd = lo_inode_open(lo, inode, O_RDWR); -+ if (fd < 0) { -+ *err = -fd; - free(plock); - return NULL; - } -@@ -1949,7 +1988,7 @@ static void lo_open(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi) - return; - } - -- err = lo_do_open(lo, inode, fi); -+ err = lo_do_open(lo, inode, -1, fi); - lo_inode_put(lo, &inode); - if (err) { - fuse_reply_err(req, err); -@@ -2005,39 +2044,40 @@ static void lo_flush(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi) - static void lo_fsync(fuse_req_t req, fuse_ino_t ino, int datasync, - struct fuse_file_info *fi) - { -+ struct lo_inode *inode = lo_inode(req, ino); -+ struct lo_data *lo = lo_data(req); - int res; - int fd; -- char *buf; - - fuse_log(FUSE_LOG_DEBUG, "lo_fsync(ino=%" PRIu64 ", fi=0x%p)\n", ino, - (void *)fi); - -- if (!fi) { -- struct lo_data *lo = lo_data(req); -- -- res = asprintf(&buf, "%i", lo_fd(req, ino)); -- if (res == -1) { -- return (void)fuse_reply_err(req, errno); -- } -+ if (!inode) { -+ fuse_reply_err(req, EBADF); -+ return; -+ } - -- fd = openat(lo->proc_self_fd, buf, O_RDWR); -- free(buf); -- if (fd == -1) { -- return (void)fuse_reply_err(req, errno); -+ if (!fi) { -+ fd = lo_inode_open(lo, inode, O_RDWR); -+ if (fd < 0) { -+ res = -fd; -+ goto out; - } - } else { - fd = lo_fi_fd(req, fi); - } - - if (datasync) { -- res = fdatasync(fd); -+ res = fdatasync(fd) == -1 ? errno : 0; - } else { -- res = fsync(fd); -+ res = fsync(fd) == -1 ? errno : 0; - } - if (!fi) { - close(fd); - } -- fuse_reply_err(req, res == -1 ? errno : 0); -+out: -+ lo_inode_put(lo, &inode); -+ fuse_reply_err(req, res); - } - - static void lo_read(fuse_req_t req, fuse_ino_t ino, size_t size, off_t offset, diff --git a/xen-add-block-resize-support-for-xen-dis.patch b/xen-add-block-resize-support-for-xen-dis.patch index f16757b0..79a7fa69 100644 --- a/xen-add-block-resize-support-for-xen-dis.patch +++ b/xen-add-block-resize-support-for-xen-dis.patch @@ -15,10 +15,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 3 insertions(+) diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c -index f6b66a0428eaa37db4c1bbe7e2c4..4bfd55a854afdc2359f03610724d 100644 +index 581f1d5f7a1a2ec3d9b5f7bfe2aa..9076221c0f995e622ecfbb0408c1 100644 --- a/hw/block/xen-block.c +++ b/hw/block/xen-block.c -@@ -270,6 +270,9 @@ static void xen_block_realize(XenDevice *xendev, Error **errp) +@@ -271,6 +271,9 @@ static void xen_block_realize(XenDevice *xendev, Error **errp) xen_block_set_size(blockdev); diff --git a/xen-block-Fix-removal-of-backend-instanc.patch b/xen-block-Fix-removal-of-backend-instanc.patch deleted file mode 100644 index 4bfec74a..00000000 --- a/xen-block-Fix-removal-of-backend-instanc.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: Anthony PERARD -Date: Mon, 8 Mar 2021 14:32:32 +0000 -Subject: xen-block: Fix removal of backend instance via xenstore - -Git-commit: b807ca3fa0ca29ec015adcf4045e716337cd3635 - -Whenever a Xen block device is detach via xenstore, the image -associated with it remained open by the backend QEMU and an error is -logged: - qemu-system-i386: failed to destroy drive: Node xvdz-qcow2 is in use - -This happened since object_unparent() doesn't immediately frees the -object and thus keep a reference to the node we are trying to free. -The reference is hold by the "drive" property and the call -xen_block_drive_destroy() fails. - -In order to fix that, we call drain_call_rcu() to run the callback -setup by bus_remove_child() via object_unparent(). - -Fixes: 2d24a6466154 ("device-core: use RCU for list of children of a bus") - -Signed-off-by: Anthony PERARD -Reviewed-by: Paul Durrant -Message-Id: <20210308143232.83388-1-anthony.perard@citrix.com> -Signed-off-by: Bruce Rogers ---- - hw/block/xen-block.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c -index 20b23c699bc1cb4cd796bf352c45..b1a3fa9b6a91f7748ce54d77cad6 100644 ---- a/hw/block/xen-block.c -+++ b/hw/block/xen-block.c -@@ -978,6 +978,15 @@ static void xen_block_device_destroy(XenBackendInstance *backend, - - object_unparent(OBJECT(xendev)); - -+ /* -+ * Drain all pending RCU callbacks as object_unparent() frees `xendev' -+ * in a RCU callback. -+ * And due to the property "drive" still existing in `xendev', we -+ * can't destroy the XenBlockDrive associated with `xendev' with -+ * xen_block_drive_destroy() below. -+ */ -+ drain_call_rcu(); -+ - if (iothread) { - xen_block_iothread_destroy(iothread, errp); - if (*errp) { diff --git a/xen-ignore-live-parameter-from-xen-save-.patch b/xen-ignore-live-parameter-from-xen-save-.patch index 3647a4b1..c7ec94d1 100644 --- a/xen-ignore-live-parameter-from-xen-save-.patch +++ b/xen-ignore-live-parameter-from-xen-save-.patch @@ -27,10 +27,10 @@ Signed-off-by: Bruce Rogers 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/migration/savevm.c b/migration/savevm.c -index 5f937a2762793f2cc48bcd40a423..c302ca3048d0c9684d5757149f76 100644 +index 52e2d72e4b08e2693ba671752bc8..f2ccecadba94324b2518f64622dc 100644 --- a/migration/savevm.c +++ b/migration/savevm.c -@@ -2893,7 +2893,7 @@ void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live, +@@ -2937,7 +2937,7 @@ void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live, * So call bdrv_inactivate_all (release locks) here to let the other * side of the migration take control of the images. */ diff --git a/xen_disk-Add-suse-specific-flush-disable.patch b/xen_disk-Add-suse-specific-flush-disable.patch index 349a9870..28516a66 100644 --- a/xen_disk-Add-suse-specific-flush-disable.patch +++ b/xen_disk-Add-suse-specific-flush-disable.patch @@ -18,10 +18,10 @@ Signed-off-by: Olaf Hering 1 file changed, 12 insertions(+) diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c -index b1a3fa9b6a91f7748ce54d77cad6..f6b66a0428eaa37db4c1bbe7e2c4 100644 +index 83754a434481d9cd02bbe35bffc3..581f1d5f7a1a2ec3d9b5f7bfe2aa 100644 --- a/hw/block/xen-block.c +++ b/hw/block/xen-block.c -@@ -729,6 +729,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id, +@@ -723,6 +723,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id, const char *mode = qdict_get_try_str(opts, "mode"); const char *direct_io_safe = qdict_get_try_str(opts, "direct-io-safe"); const char *discard_enable = qdict_get_try_str(opts, "discard-enable"); @@ -30,7 +30,7 @@ index b1a3fa9b6a91f7748ce54d77cad6..f6b66a0428eaa37db4c1bbe7e2c4 100644 char *driver = NULL; char *filename = NULL; XenBlockDrive *drive = NULL; -@@ -797,6 +799,16 @@ static XenBlockDrive *xen_block_drive_create(const char *id, +@@ -791,6 +793,16 @@ static XenBlockDrive *xen_block_drive_create(const char *id, } }