Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- block/mirror.c | 98 +++++++++++++++++++++++++-------
- blockdev.c | 39 ++++++++++++-
- include/block/block_int.h | 4 +-
- qapi/block-core.json | 29 ++++++++--
- tests/unit/test-block-iothread.c | 4 +-
+ block/mirror.c | 98 +++++++++++++++++++++-----
+ blockdev.c | 39 +++++++++-
+ include/block/block_int-global-state.h | 4 +-
+ qapi/block-core.json | 29 ++++++--
+ tests/unit/test-block-iothread.c | 4 +-
5 files changed, 145 insertions(+), 29 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index efec2c7674..f7804638f9 100644
+index d8ecb9efa2..d95a7d7940 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -50,7 +50,7 @@ typedef struct MirrorBlockJob {
+@@ -51,7 +51,7 @@ typedef struct MirrorBlockJob {
BlockDriverState *to_replace;
/* Used to block operations on the drive-mirror-replace target */
Error *replace_blocker;
BlockMirrorBackingMode backing_mode;
/* Whether the target image requires explicit zero-initialization */
bool zero_target;
-@@ -64,6 +64,8 @@ typedef struct MirrorBlockJob {
+@@ -65,6 +65,8 @@ typedef struct MirrorBlockJob {
size_t buf_size;
int64_t bdev_length;
unsigned long *cow_bitmap;
BdrvDirtyBitmap *dirty_bitmap;
BdrvDirtyBitmapIter *dbi;
uint8_t *buf;
-@@ -695,7 +697,8 @@ static int mirror_exit_common(Job *job)
+@@ -696,7 +698,8 @@ static int mirror_exit_common(Job *job)
bdrv_child_refresh_perms(mirror_top_bs, mirror_top_bs->backing,
&error_abort);
if (!abort && s->backing_mode == MIRROR_SOURCE_BACKING_CHAIN) {
BlockDriverState *unfiltered_target = bdrv_skip_filters(target_bs);
if (bdrv_cow_bs(unfiltered_target) != backing) {
-@@ -800,6 +803,16 @@ static void mirror_abort(Job *job)
+@@ -794,6 +797,16 @@ static void mirror_abort(Job *job)
assert(ret == 0);
}
static void coroutine_fn mirror_throttle(MirrorBlockJob *s)
{
int64_t now = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
-@@ -979,7 +992,8 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
+@@ -973,7 +986,8 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
mirror_free_init(s);
s->last_pause_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
ret = mirror_dirty_init(s);
if (ret < 0 || job_is_cancelled(&s->common.job)) {
goto immediate_exit;
-@@ -1221,6 +1235,7 @@ static const BlockJobDriver mirror_job_driver = {
+@@ -1212,6 +1226,7 @@ static const BlockJobDriver mirror_job_driver = {
.run = mirror_run,
.prepare = mirror_prepare,
.abort = mirror_abort,
.pause = mirror_pause,
.complete = mirror_complete,
.cancel = mirror_cancel,
-@@ -1237,6 +1252,7 @@ static const BlockJobDriver commit_active_job_driver = {
+@@ -1228,6 +1243,7 @@ static const BlockJobDriver commit_active_job_driver = {
.run = mirror_run,
.prepare = mirror_prepare,
.abort = mirror_abort,
.pause = mirror_pause,
.complete = mirror_complete,
.cancel = commit_active_cancel,
-@@ -1602,7 +1618,10 @@ static BlockJob *mirror_start_job(
+@@ -1593,7 +1609,10 @@ static BlockJob *mirror_start_job(
BlockCompletionFunc *cb,
void *opaque,
const BlockJobDriver *driver,
bool auto_complete, const char *filter_node_name,
bool is_mirror, MirrorCopyMode copy_mode,
Error **errp)
-@@ -1614,10 +1633,39 @@ static BlockJob *mirror_start_job(
+@@ -1605,10 +1624,39 @@ static BlockJob *mirror_start_job(
uint64_t target_perms, target_shared_perms;
int ret;
- if (granularity == 0) {
+- granularity = bdrv_get_default_bitmap_granularity(target);
+ if (sync_mode == MIRROR_SYNC_MODE_INCREMENTAL) {
+ error_setg(errp, "Sync mode '%s' not supported",
+ MirrorSyncMode_str(sync_mode));
+ "sync mode '%s' is not compatible with bitmaps",
+ MirrorSyncMode_str(sync_mode));
+ return NULL;
-+ }
-+
+ }
+
+ if (bitmap) {
+ if (granularity) {
+ error_setg(errp, "granularity (%d)"
+ }
+ granularity = bdrv_dirty_bitmap_granularity(bitmap);
+ } else if (granularity == 0) {
- granularity = bdrv_get_default_bitmap_granularity(target);
- }
--
++ granularity = bdrv_get_default_bitmap_granularity(target);
++ }
assert(is_power_of_2(granularity));
if (buf_size < 0) {
-@@ -1755,7 +1803,9 @@ static BlockJob *mirror_start_job(
+@@ -1740,7 +1788,9 @@ static BlockJob *mirror_start_job(
s->replaces = g_strdup(replaces);
s->on_source_error = on_source_error;
s->on_target_error = on_target_error;
s->backing_mode = backing_mode;
s->zero_target = zero_target;
s->copy_mode = copy_mode;
-@@ -1776,6 +1826,18 @@ static BlockJob *mirror_start_job(
+@@ -1761,6 +1811,18 @@ static BlockJob *mirror_start_job(
bdrv_disable_dirty_bitmap(s->dirty_bitmap);
}
ret = block_job_add_bdrv(&s->common, "source", bs, 0,
BLK_PERM_WRITE_UNCHANGED | BLK_PERM_WRITE |
BLK_PERM_CONSISTENT_READ,
-@@ -1853,6 +1915,9 @@ fail:
+@@ -1838,6 +1900,9 @@ fail:
if (s->dirty_bitmap) {
bdrv_release_dirty_bitmap(s->dirty_bitmap);
}
job_early_fail(&s->common.job);
}
-@@ -1870,29 +1935,23 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
+@@ -1855,31 +1920,25 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *target, const char *replaces,
int creation_flags, int64_t speed,
uint32_t granularity, int64_t buf_size,
- bool is_none_mode;
BlockDriverState *base;
+ GLOBAL_STATE_CODE();
+
- if ((mode == MIRROR_SYNC_MODE_INCREMENTAL) ||
- (mode == MIRROR_SYNC_MODE_BITMAP)) {
- error_setg(errp, "Sync mode '%s' not supported",
}
BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
-@@ -1917,7 +1976,8 @@ BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
+@@ -1906,7 +1965,8 @@ BlockJob *commit_active_start(const char *job_id, BlockDriverState *bs,
job_id, bs, creation_flags, base, NULL, speed, 0, 0,
MIRROR_LEAVE_BACKING_CHAIN, false,
on_error, on_error, true, cb, opaque,
errp);
if (!job) {
diff --git a/blockdev.c b/blockdev.c
-index b35072644e..9940116fe0 100644
+index e46e831212..fa601838a3 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -2956,6 +2956,10 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2951,6 +2951,10 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
BlockDriverState *target,
bool has_replaces, const char *replaces,
enum MirrorSyncMode sync,
BlockMirrorBackingMode backing_mode,
bool zero_target,
bool has_speed, int64_t speed,
-@@ -2975,6 +2979,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -2970,6 +2974,7 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
{
BlockDriverState *unfiltered_bs;
int job_flags = JOB_DEFAULT;
if (!has_speed) {
speed = 0;
-@@ -3029,6 +3034,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3024,6 +3029,29 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
sync = MIRROR_SYNC_MODE_FULL;
}
if (!has_replaces) {
/* We want to mirror from @bs, but keep implicit filters on top */
unfiltered_bs = bdrv_skip_implicit_filters(bs);
-@@ -3075,8 +3103,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3070,8 +3098,8 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
* and will allow to check whether the node still exist at mirror completion
*/
mirror_start(job_id, bs, target,
on_source_error, on_target_error, unmap, filter_node_name,
copy_mode, errp);
}
-@@ -3221,6 +3249,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
+@@ -3216,6 +3244,8 @@ void qmp_drive_mirror(DriveMirror *arg, Error **errp)
blockdev_mirror_common(arg->has_job_id ? arg->job_id : NULL, bs, target_bs,
arg->has_replaces, arg->replaces, arg->sync,
backing_mode, zero_target,
arg->has_speed, arg->speed,
arg->has_granularity, arg->granularity,
-@@ -3242,6 +3272,8 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
+@@ -3237,6 +3267,8 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
const char *device, const char *target,
bool has_replaces, const char *replaces,
MirrorSyncMode sync,
bool has_speed, int64_t speed,
bool has_granularity, uint32_t granularity,
bool has_buf_size, int64_t buf_size,
-@@ -3291,7 +3323,8 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
+@@ -3286,7 +3318,8 @@ void qmp_blockdev_mirror(bool has_job_id, const char *job_id,
}
blockdev_mirror_common(has_job_id ? job_id : NULL, bs, target_bs,
zero_target, has_speed, speed,
has_granularity, granularity,
has_buf_size, buf_size,
-diff --git a/include/block/block_int.h b/include/block/block_int.h
-index f4c75e8ba9..ee0aeb1414 100644
---- a/include/block/block_int.h
-+++ b/include/block/block_int.h
-@@ -1287,7 +1287,9 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
+diff --git a/include/block/block_int-global-state.h b/include/block/block_int-global-state.h
+index 0f21b0570b..e7f901d048 100644
+--- a/include/block/block_int-global-state.h
++++ b/include/block/block_int-global-state.h
+@@ -148,7 +148,9 @@ void mirror_start(const char *job_id, BlockDriverState *bs,
BlockDriverState *target, const char *replaces,
int creation_flags, int64_t speed,
uint32_t granularity, int64_t buf_size,
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 1d3dd9cb48..da5dca1e3b 100644
+index beeb91952a..fb25c2b245 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -1995,10 +1995,19 @@
+@@ -1993,10 +1993,19 @@
# (all the disk, only the sectors allocated in the topmost image, or
# only new I/O).
#
#
# @buf-size: maximum amount of data in flight from source to
# target (since 1.4).
-@@ -2036,7 +2045,9 @@
+@@ -2034,7 +2043,9 @@
{ 'struct': 'DriveMirror',
'data': { '*job-id': 'str', 'device': 'str', 'target': 'str',
'*format': 'str', '*node-name': 'str', '*replaces': 'str',
'*speed': 'int', '*granularity': 'uint32',
'*buf-size': 'int', '*on-source-error': 'BlockdevOnError',
'*on-target-error': 'BlockdevOnError',
-@@ -2308,10 +2319,19 @@
+@@ -2306,10 +2317,19 @@
# (all the disk, only the sectors allocated in the topmost image, or
# only new I/O).
#
#
# @buf-size: maximum amount of data in flight from source to
# target
-@@ -2360,7 +2380,8 @@
+@@ -2358,7 +2378,8 @@
{ 'command': 'blockdev-mirror',
'data': { '*job-id': 'str', 'device': 'str', 'target': 'str',
'*replaces': 'str',
'*buf-size': 'int', '*on-source-error': 'BlockdevOnError',
'*on-target-error': 'BlockdevOnError',
diff --git a/tests/unit/test-block-iothread.c b/tests/unit/test-block-iothread.c
-index aea660aeed..22b9770a3e 100644
+index 94718c9319..7977ac14f4 100644
--- a/tests/unit/test-block-iothread.c
+++ b/tests/unit/test-block-iothread.c
@@ -626,8 +626,8 @@ static void test_propagate_mirror(void)
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index f7804638f9..4f5f74e2cf 100644
+index d95a7d7940..2c79ee41af 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -672,8 +672,6 @@ static int mirror_exit_common(Job *job)
+@@ -673,8 +673,6 @@ static int mirror_exit_common(Job *job)
bdrv_unfreeze_backing_chain(mirror_top_bs, target_bs);
}
/* Make sure that the source BDS doesn't go away during bdrv_replace_node,
* before we can call bdrv_drained_end */
bdrv_ref(src);
-@@ -781,6 +779,18 @@ static int mirror_exit_common(Job *job)
- blk_set_perm(bjob->blk, 0, BLK_PERM_ALL, &error_abort);
- blk_insert_bs(bjob->blk, mirror_top_bs, &error_abort);
+@@ -775,6 +773,18 @@ static int mirror_exit_common(Job *job)
+ block_job_remove_all_bdrv(bjob);
+ bdrv_replace_node(mirror_top_bs, mirror_top_bs->backing->bs, &error_abort);
+ if (s->sync_bitmap) {
+ if (s->bitmap_mode == BITMAP_SYNC_MODE_ALWAYS ||
bs_opaque->job = NULL;
bdrv_drained_end(src);
-@@ -1643,10 +1653,6 @@ static BlockJob *mirror_start_job(
+@@ -1634,10 +1644,6 @@ static BlockJob *mirror_start_job(
" sync mode",
MirrorSyncMode_str(sync_mode));
return NULL;
}
} else if (bitmap) {
error_setg(errp,
-@@ -1663,6 +1669,12 @@ static BlockJob *mirror_start_job(
+@@ -1654,6 +1660,12 @@ static BlockJob *mirror_start_job(
return NULL;
}
granularity = bdrv_dirty_bitmap_granularity(bitmap);
1 file changed, 3 insertions(+)
diff --git a/blockdev.c b/blockdev.c
-index 9940116fe0..b113e57d68 100644
+index fa601838a3..93fd0a61a4 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -3055,6 +3055,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3050,6 +3050,9 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
if (bdrv_dirty_bitmap_check(bitmap, BDRV_BITMAP_ALLOW_RO, errp)) {
return;
}
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 4f5f74e2cf..7024f3bbf0 100644
+index 2c79ee41af..e04a3ea6f4 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -785,8 +785,8 @@ static int mirror_exit_common(Job *job)
+@@ -779,8 +779,8 @@ static int mirror_exit_common(Job *job)
job->ret == 0 && ret == 0)) {
/* Success; synchronize copy back to sync. */
bdrv_clear_dirty_bitmap(s->sync_bitmap, NULL);
}
}
bdrv_release_dirty_bitmap(s->dirty_bitmap);
-@@ -1843,11 +1843,8 @@ static BlockJob *mirror_start_job(
+@@ -1828,11 +1828,8 @@ static BlockJob *mirror_start_job(
}
if (s->sync_mode == MIRROR_SYNC_MODE_BITMAP) {
3 files changed, 70 insertions(+), 59 deletions(-)
diff --git a/block/mirror.c b/block/mirror.c
-index 7024f3bbf0..6211ff22fc 100644
+index e04a3ea6f4..4feec2a002 100644
--- a/block/mirror.c
+++ b/block/mirror.c
-@@ -1643,31 +1643,13 @@ static BlockJob *mirror_start_job(
+@@ -1634,31 +1634,13 @@ static BlockJob *mirror_start_job(
uint64_t target_perms, target_shared_perms;
int ret;
if (bitmap_mode != BITMAP_SYNC_MODE_NEVER) {
diff --git a/blockdev.c b/blockdev.c
-index b113e57d68..4be0863050 100644
+index 93fd0a61a4..1af5a1fcb2 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -3034,7 +3034,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
+@@ -3029,7 +3029,36 @@ static void blockdev_mirror_common(const char *job_id, BlockDriverState *bs,
sync = MIRROR_SYNC_MODE_FULL;
}
6 files changed, 59 insertions(+), 5 deletions(-)
diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h
-index 12d395d62d..b182943324 100644
+index cc4cc6c6ad..82f649d9ab 100644
--- a/include/monitor/monitor.h
+++ b/include/monitor/monitor.h
@@ -16,6 +16,7 @@ extern QemuOptsList qemu_mon_opts;
void monitor_init_globals(void);
void monitor_init_globals_core(void);
diff --git a/monitor/monitor-internal.h b/monitor/monitor-internal.h
-index 3da3f86c6a..9953e0cd2d 100644
+index caa2e90ef2..e1596f79ab 100644
--- a/monitor/monitor-internal.h
+++ b/monitor/monitor-internal.h
-@@ -151,6 +151,13 @@ typedef struct {
+@@ -152,6 +152,13 @@ typedef struct {
QemuMutex qmp_queue_lock;
/* Input queue that holds all the parsed QMP requests */
GQueue *qmp_requests;
monitor_qmp_caps_reset(mon);
data = qmp_greeting(mon);
diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
-index d378bccac7..fb8936e7cd 100644
+index 0990873ec8..e605003771 100644
--- a/qapi/qmp-dispatch.c
+++ b/qapi/qmp-dispatch.c
-@@ -118,16 +118,28 @@ typedef struct QmpDispatchBH {
+@@ -117,16 +117,28 @@ typedef struct QmpDispatchBH {
QObject **ret;
Error **errp;
Coroutine *co;
aio_co_wake(data->co);
}
-@@ -232,6 +244,7 @@ QDict *qmp_dispatch(const QmpCommandList *cmds, QObject *request,
+@@ -231,6 +243,7 @@ QDict *qmp_dispatch(const QmpCommandList *cmds, QObject *request,
.ret = &ret,
.errp = &err,
.co = qemu_coroutine_self(),
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Fri, 6 May 2022 14:38:35 +0200
+Subject: [PATCH] block/gluster: correctly set max_pdiscard which is int64_t
+
+Previously, max_pdiscard would be zero in the following assertion:
+qemu-system-x86_64: ../block/io.c:3166: bdrv_co_pdiscard: Assertion
+`max_pdiscard >= bs->bl.request_alignment' failed.
+
+Fixes: 0c8022876f ("block: use int64_t instead of int in driver discard handlers")
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
+---
+ block/gluster.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/block/gluster.c b/block/gluster.c
+index 398976bc66..592e71b22a 100644
+--- a/block/gluster.c
++++ b/block/gluster.c
+@@ -891,7 +891,7 @@ out:
+ static void qemu_gluster_refresh_limits(BlockDriverState *bs, Error **errp)
+ {
+ bs->bl.max_transfer = GLUSTER_MAX_TRANSFER;
+- bs->bl.max_pdiscard = SIZE_MAX;
++ bs->bl.max_pdiscard = INT64_MAX;
+ }
+
+ static int qemu_gluster_reopen_prepare(BDRVReopenState *state,
+@@ -1304,7 +1304,7 @@ static coroutine_fn int qemu_gluster_co_pdiscard(BlockDriverState *bs,
+ GlusterAIOCB acb;
+ BDRVGlusterState *s = bs->opaque;
+
+- assert(bytes <= SIZE_MAX); /* rely on max_pdiscard */
++ assert(bytes <= INT64_MAX); /* rely on max_pdiscard */
+
+ acb.size = 0;
+ acb.ret = 0;
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefan Reiter <s.reiter@proxmox.com>
-Date: Wed, 1 Sep 2021 16:51:04 +0200
-Subject: [PATCH] monitor/hmp: add support for flag argument with value
-
-Adds support for the "-xS" parameter type, where "-x" denotes a flag
-name and the "S" suffix indicates that this flag is supposed to take an
-arbitrary string parameter.
-
-These parameters are always optional, the entry in the qdict will be
-omitted if the flag is not given.
-
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- monitor/hmp.c | 17 ++++++++++++++++-
- 1 file changed, 16 insertions(+), 1 deletion(-)
-
-diff --git a/monitor/hmp.c b/monitor/hmp.c
-index b20737e63c..b29dbb1833 100644
---- a/monitor/hmp.c
-+++ b/monitor/hmp.c
-@@ -981,6 +981,7 @@ static QDict *monitor_parse_arguments(Monitor *mon,
- {
- const char *tmp = p;
- int skip_key = 0;
-+ int ret;
- /* option */
-
- c = *typestr++;
-@@ -1003,8 +1004,22 @@ static QDict *monitor_parse_arguments(Monitor *mon,
- }
- if (skip_key) {
- p = tmp;
-+ } else if (*typestr == 'S') {
-+ /* has option with string value */
-+ typestr++;
-+ tmp = p++;
-+ while (qemu_isspace(*p)) {
-+ p++;
-+ }
-+ ret = get_str(buf, sizeof(buf), &p);
-+ if (ret < 0) {
-+ monitor_printf(mon, "%s: value expected for -%c\n",
-+ cmd->name, *tmp);
-+ goto fail;
-+ }
-+ qdict_put_str(qdict, key, buf);
- } else {
-- /* has option */
-+ /* has boolean option */
- p++;
- qdict_put_bool(qdict, key, true);
- }
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefan Reiter <s.reiter@proxmox.com>
-Date: Wed, 25 Aug 2021 11:14:13 +0200
-Subject: [PATCH] monitor: refactor set/expire_password and allow VNC display
- id
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-It is possible to specify more than one VNC server on the command line,
-either with an explicit ID or the auto-generated ones à la "default",
-"vnc2", "vnc3", ...
-
-It is not possible to change the password on one of these extra VNC
-displays though. Fix this by adding a "display" parameter to the
-"set_password" and "expire_password" QMP and HMP commands.
-
-For HMP, the display is specified using the "-d" value flag.
-
-For QMP, the schema is updated to explicitly express the supported
-variants of the commands with protocol-discriminated unions.
-
-Suggested-by: Eric Blake <eblake@redhat.com>
-Suggested-by: Markus Armbruster <armbru@redhat.com>
-Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
----
- hmp-commands.hx | 24 ++++---
- monitor/hmp-cmds.c | 57 +++++++++++++++-
- monitor/qmp-cmds.c | 62 ++++++-----------
- qapi/ui.json | 165 ++++++++++++++++++++++++++++++++++++++-------
- 4 files changed, 231 insertions(+), 77 deletions(-)
-
-diff --git a/hmp-commands.hx b/hmp-commands.hx
-index 70a9136ac2..5efb47fc32 100644
---- a/hmp-commands.hx
-+++ b/hmp-commands.hx
-@@ -1514,33 +1514,35 @@ ERST
-
- {
- .name = "set_password",
-- .args_type = "protocol:s,password:s,connected:s?",
-- .params = "protocol password action-if-connected",
-+ .args_type = "protocol:s,password:s,display:-dS,connected:s?",
-+ .params = "protocol password [-d display] [action-if-connected]",
- .help = "set spice/vnc password",
- .cmd = hmp_set_password,
- },
-
- SRST
--``set_password [ vnc | spice ] password [ action-if-connected ]``
-- Change spice/vnc password. *action-if-connected* specifies what
-- should happen in case a connection is established: *fail* makes the
-- password change fail. *disconnect* changes the password and
-+``set_password [ vnc | spice ] password [ -d display ] [ action-if-connected ]``
-+ Change spice/vnc password. *display* can be used with 'vnc' to specify
-+ which display to set the password on. *action-if-connected* specifies
-+ what should happen in case a connection is established: *fail* makes
-+ the password change fail. *disconnect* changes the password and
- disconnects the client. *keep* changes the password and keeps the
- connection up. *keep* is the default.
- ERST
-
- {
- .name = "expire_password",
-- .args_type = "protocol:s,time:s",
-- .params = "protocol time",
-+ .args_type = "protocol:s,time:s,display:-dS",
-+ .params = "protocol time [-d display]",
- .help = "set spice/vnc password expire-time",
- .cmd = hmp_expire_password,
- },
-
- SRST
--``expire_password [ vnc | spice ]`` *expire-time*
-- Specify when a password for spice/vnc becomes
-- invalid. *expire-time* accepts:
-+``expire_password [ vnc | spice ] expire-time [ -d display ]``
-+ Specify when a password for spice/vnc becomes invalid.
-+ *display* behaves the same as in ``set_password``.
-+ *expire-time* accepts:
-
- ``now``
- Invalidate password instantly.
-diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index 9c91bf93e9..2e91ccb738 100644
---- a/monitor/hmp-cmds.c
-+++ b/monitor/hmp-cmds.c
-@@ -1384,10 +1384,41 @@ void hmp_set_password(Monitor *mon, const QDict *qdict)
- {
- const char *protocol = qdict_get_str(qdict, "protocol");
- const char *password = qdict_get_str(qdict, "password");
-+ const char *display = qdict_get_try_str(qdict, "display");
- const char *connected = qdict_get_try_str(qdict, "connected");
- Error *err = NULL;
-+ DisplayProtocol proto;
-
-- qmp_set_password(protocol, password, !!connected, connected, &err);
-+ SetPasswordOptions opts = {
-+ .password = g_strdup(password),
-+ .u.vnc.display = NULL,
-+ };
-+
-+ proto = qapi_enum_parse(&DisplayProtocol_lookup, protocol,
-+ DISPLAY_PROTOCOL_VNC, &err);
-+ if (err) {
-+ hmp_handle_error(mon, err);
-+ return;
-+ }
-+ opts.protocol = proto;
-+
-+ if (proto == DISPLAY_PROTOCOL_VNC) {
-+ opts.u.vnc.has_display = !!display;
-+ opts.u.vnc.display = g_strdup(display);
-+ } else if (proto == DISPLAY_PROTOCOL_SPICE) {
-+ opts.u.spice.has_connected = !!connected;
-+ opts.u.spice.connected =
-+ qapi_enum_parse(&SetPasswordAction_lookup, connected,
-+ SET_PASSWORD_ACTION_KEEP, &err);
-+ if (err) {
-+ hmp_handle_error(mon, err);
-+ return;
-+ }
-+ }
-+
-+ qmp_set_password(&opts, &err);
-+ g_free(opts.password);
-+ g_free(opts.u.vnc.display);
- hmp_handle_error(mon, err);
- }
-
-@@ -1395,9 +1426,31 @@ void hmp_expire_password(Monitor *mon, const QDict *qdict)
- {
- const char *protocol = qdict_get_str(qdict, "protocol");
- const char *whenstr = qdict_get_str(qdict, "time");
-+ const char *display = qdict_get_try_str(qdict, "display");
- Error *err = NULL;
-+ DisplayProtocol proto;
-
-- qmp_expire_password(protocol, whenstr, &err);
-+ ExpirePasswordOptions opts = {
-+ .time = g_strdup(whenstr),
-+ .u.vnc.display = NULL,
-+ };
-+
-+ proto = qapi_enum_parse(&DisplayProtocol_lookup, protocol,
-+ DISPLAY_PROTOCOL_VNC, &err);
-+ if (err) {
-+ hmp_handle_error(mon, err);
-+ return;
-+ }
-+ opts.protocol = proto;
-+
-+ if (proto == DISPLAY_PROTOCOL_VNC) {
-+ opts.u.vnc.has_display = !!display;
-+ opts.u.vnc.display = g_strdup(display);
-+ }
-+
-+ qmp_expire_password(&opts, &err);
-+ g_free(opts.time);
-+ g_free(opts.u.vnc.display);
- hmp_handle_error(mon, err);
- }
-
-diff --git a/monitor/qmp-cmds.c b/monitor/qmp-cmds.c
-index 343353e27a..729ca7cceb 100644
---- a/monitor/qmp-cmds.c
-+++ b/monitor/qmp-cmds.c
-@@ -167,45 +167,30 @@ void qmp_system_wakeup(Error **errp)
- qemu_system_wakeup_request(QEMU_WAKEUP_REASON_OTHER, errp);
- }
-
--void qmp_set_password(const char *protocol, const char *password,
-- bool has_connected, const char *connected, Error **errp)
-+void qmp_set_password(SetPasswordOptions *opts, Error **errp)
- {
-- int disconnect_if_connected = 0;
-- int fail_if_connected = 0;
-- int rc;
-+ bool disconnect_if_connected = false;
-+ bool fail_if_connected = false;
-+ int rc = 0;
-
-- if (has_connected) {
-- if (strcmp(connected, "fail") == 0) {
-- fail_if_connected = 1;
-- } else if (strcmp(connected, "disconnect") == 0) {
-- disconnect_if_connected = 1;
-- } else if (strcmp(connected, "keep") == 0) {
-- /* nothing */
-- } else {
-- error_setg(errp, QERR_INVALID_PARAMETER, "connected");
-- return;
-- }
-- }
--
-- if (strcmp(protocol, "spice") == 0) {
-+ if (opts->protocol == DISPLAY_PROTOCOL_SPICE) {
- if (!qemu_using_spice(errp)) {
- return;
- }
-- rc = qemu_spice.set_passwd(password, fail_if_connected,
-+ if (opts->u.spice.has_connected) {
-+ fail_if_connected =
-+ opts->u.spice.connected == SET_PASSWORD_ACTION_FAIL;
-+ disconnect_if_connected =
-+ opts->u.spice.connected == SET_PASSWORD_ACTION_DISCONNECT;
-+ }
-+ rc = qemu_spice.set_passwd(opts->password, fail_if_connected,
- disconnect_if_connected);
-- } else if (strcmp(protocol, "vnc") == 0) {
-- if (fail_if_connected || disconnect_if_connected) {
-- /* vnc supports "connected=keep" only */
-- error_setg(errp, QERR_INVALID_PARAMETER, "connected");
-- return;
-- }
-+ } else if (opts->protocol == DISPLAY_PROTOCOL_VNC) {
- /* Note that setting an empty password will not disable login through
- * this interface. */
-- rc = vnc_display_password(NULL, password);
-- } else {
-- error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "protocol",
-- "'vnc' or 'spice'");
-- return;
-+ rc = vnc_display_password(
-+ opts->u.vnc.has_display ? opts->u.vnc.display : NULL,
-+ opts->password);
- }
-
- if (rc != 0) {
-@@ -213,11 +198,11 @@ void qmp_set_password(const char *protocol, const char *password,
- }
- }
-
--void qmp_expire_password(const char *protocol, const char *whenstr,
-- Error **errp)
-+void qmp_expire_password(ExpirePasswordOptions *opts, Error **errp)
- {
- time_t when;
- int rc;
-+ const char* whenstr = opts->time;
-
- if (strcmp(whenstr, "now") == 0) {
- when = 0;
-@@ -229,17 +214,14 @@ void qmp_expire_password(const char *protocol, const char *whenstr,
- when = strtoull(whenstr, NULL, 10);
- }
-
-- if (strcmp(protocol, "spice") == 0) {
-+ if (opts->protocol == DISPLAY_PROTOCOL_SPICE) {
- if (!qemu_using_spice(errp)) {
- return;
- }
- rc = qemu_spice.set_pw_expire(when);
-- } else if (strcmp(protocol, "vnc") == 0) {
-- rc = vnc_display_pw_expire(NULL, when);
-- } else {
-- error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "protocol",
-- "'vnc' or 'spice'");
-- return;
-+ } else if (opts->protocol == DISPLAY_PROTOCOL_VNC) {
-+ rc = vnc_display_pw_expire(
-+ opts->u.vnc.has_display ? opts->u.vnc.display : NULL, when);
- }
-
- if (rc != 0) {
-diff --git a/qapi/ui.json b/qapi/ui.json
-index d7567ac866..4244c62c30 100644
---- a/qapi/ui.json
-+++ b/qapi/ui.json
-@@ -9,22 +9,23 @@
- { 'include': 'common.json' }
- { 'include': 'sockets.json' }
-
-+##
-+# @DisplayProtocol:
-+#
-+# Display protocols which support changing password options.
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'enum': 'DisplayProtocol',
-+ 'data': [ { 'name': 'vnc', 'if': 'CONFIG_VNC' },
-+ { 'name': 'spice', 'if': 'CONFIG_SPICE' } ] }
-+
- ##
- # @set_password:
- #
- # Sets the password of a remote display session.
- #
--# @protocol: - 'vnc' to modify the VNC server password
--# - 'spice' to modify the Spice server password
--#
--# @password: the new password
--#
--# @connected: how to handle existing clients when changing the
--# password. If nothing is specified, defaults to 'keep'
--# 'fail' to fail the command if clients are connected
--# 'disconnect' to disconnect existing clients
--# 'keep' to maintain existing clients
--#
- # Returns: - Nothing on success
- # - If Spice is not enabled, DeviceNotFound
- #
-@@ -37,16 +38,123 @@
- # <- { "return": {} }
- #
- ##
--{ 'command': 'set_password',
-- 'data': {'protocol': 'str', 'password': 'str', '*connected': 'str'} }
-+{ 'command': 'set_password', 'boxed': true, 'data': 'SetPasswordOptions' }
-+
-+##
-+# @SetPasswordOptions:
-+#
-+# Data required to set a new password on a display server protocol.
-+#
-+# @protocol: - 'vnc' to modify the VNC server password
-+# - 'spice' to modify the Spice server password
-+#
-+# @password: the new password
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'union': 'SetPasswordOptions',
-+ 'base': { 'protocol': 'DisplayProtocol',
-+ 'password': 'str' },
-+ 'discriminator': 'protocol',
-+ 'data': { 'vnc': 'SetPasswordOptionsVnc',
-+ 'spice': 'SetPasswordOptionsSpice' } }
-+
-+##
-+# @SetPasswordAction:
-+#
-+# An action to take on changing a password on a connection with active clients.
-+#
-+# @fail: fail the command if clients are connected
-+#
-+# @disconnect: disconnect existing clients
-+#
-+# @keep: maintain existing clients
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'enum': 'SetPasswordAction',
-+ 'data': [ 'fail', 'disconnect', 'keep' ] }
-+
-+##
-+# @SetPasswordActionVnc:
-+#
-+# See @SetPasswordAction. VNC only supports the keep action. 'connection'
-+# should just be omitted for VNC, this is kept for backwards compatibility.
-+#
-+# @keep: maintain existing clients
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'enum': 'SetPasswordActionVnc',
-+ 'data': [ 'keep' ] }
-+
-+##
-+# @SetPasswordOptionsSpice:
-+#
-+# Options for set_password specific to the VNC procotol.
-+#
-+# @connected: How to handle existing clients when changing the
-+# password. If nothing is specified, defaults to 'keep'.
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'struct': 'SetPasswordOptionsSpice',
-+ 'data': { '*connected': 'SetPasswordAction' } }
-+
-+##
-+# @SetPasswordOptionsVnc:
-+#
-+# Options for set_password specific to the VNC procotol.
-+#
-+# @display: The id of the display where the password should be changed.
-+# Defaults to the first.
-+#
-+# @connected: How to handle existing clients when changing the
-+# password.
-+#
-+# Features:
-+# @deprecated: For VNC, @connected will always be 'keep', parameter should be
-+# omitted.
-+#
-+# Since: 6.2
-+#
-+##
-+{ 'struct': 'SetPasswordOptionsVnc',
-+ 'data': { '*display': 'str',
-+ '*connected': { 'type': 'SetPasswordActionVnc',
-+ 'features': ['deprecated'] } } }
-
- ##
- # @expire_password:
- #
- # Expire the password of a remote display server.
- #
--# @protocol: the name of the remote display protocol 'vnc' or 'spice'
-+# Returns: - Nothing on success
-+# - If @protocol is 'spice' and Spice is not active, DeviceNotFound
- #
-+# Since: 0.14
-+#
-+# Example:
-+#
-+# -> { "execute": "expire_password", "arguments": { "protocol": "vnc",
-+# "time": "+60" } }
-+# <- { "return": {} }
-+#
-+##
-+{ 'command': 'expire_password', 'boxed': true, 'data': 'ExpirePasswordOptions' }
-+
-+##
-+# @ExpirePasswordOptions:
-+#
-+# Data required to set password expiration on a display server protocol.
-+#
-+# @protocol: - 'vnc' to modify the VNC server expiration
-+# - 'spice' to modify the Spice server expiration
-+
- # @time: when to expire the password.
- #
- # - 'now' to expire the password immediately
-@@ -54,24 +162,33 @@
- # - '+INT' where INT is the number of seconds from now (integer)
- # - 'INT' where INT is the absolute time in seconds
- #
--# Returns: - Nothing on success
--# - If @protocol is 'spice' and Spice is not active, DeviceNotFound
--#
--# Since: 0.14
--#
- # Notes: Time is relative to the server and currently there is no way to
- # coordinate server time with client time. It is not recommended to
- # use the absolute time version of the @time parameter unless you're
- # sure you are on the same machine as the QEMU instance.
- #
--# Example:
-+# Since: 6.2
- #
--# -> { "execute": "expire_password", "arguments": { "protocol": "vnc",
--# "time": "+60" } }
--# <- { "return": {} }
-+##
-+{ 'union': 'ExpirePasswordOptions',
-+ 'base': { 'protocol': 'DisplayProtocol',
-+ 'time': 'str' },
-+ 'discriminator': 'protocol',
-+ 'data': { 'vnc': 'ExpirePasswordOptionsVnc' } }
-+
-+##
-+# @ExpirePasswordOptionsVnc:
-+#
-+# Options for expire_password specific to the VNC procotol.
-+#
-+# @display: The id of the display where the expiration should be changed.
-+# Defaults to the first.
-+#
-+# Since: 6.2
- #
- ##
--{ 'command': 'expire_password', 'data': {'protocol': 'str', 'time': 'str'} }
-+{ 'struct': 'ExpirePasswordOptionsVnc',
-+ 'data': { '*display': 'str' } }
-
- ##
- # @screendump:
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Tue, 18 Jan 2022 17:59:59 +0100
-Subject: [PATCH] block/io: Update BSC only if want_zero is true
-
-We update the block-status cache whenever we get new information from a
-bdrv_co_block_status() call to the block driver. However, if we have
-passed want_zero=false to that call, it may flag areas containing zeroes
-as data, and so we would update the block-status cache with wrong
-information.
-
-Therefore, we should not update the cache with want_zero=false.
-
-Reported-by: Nir Soffer <nsoffer@redhat.com>
-Fixes: 0bc329fbb00 ("block: block-status cache for data regions")
-Reviewed-by: Nir Soffer <nsoffer@redhat.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-Message-Id: <20220118170000.49423-2-hreitz@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
----
- block/io.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/block/io.c b/block/io.c
-index bb0a254def..4e4cb556c5 100644
---- a/block/io.c
-+++ b/block/io.c
-@@ -2497,8 +2497,12 @@ static int coroutine_fn bdrv_co_block_status(BlockDriverState *bs,
- * non-protocol nodes, and then it is never used. However, filling
- * the cache requires an RCU update, so double check here to avoid
- * such an update if possible.
-+ *
-+ * Check want_zero, because we only want to update the cache when we
-+ * have accurate information about what is zero and what is data.
- */
-- if (ret == (BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID) &&
-+ if (want_zero &&
-+ ret == (BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID) &&
- QLIST_EMPTY(&bs->children))
- {
- /*
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Wed, 9 Feb 2022 15:02:52 +0100
-Subject: [PATCH] block/nbd: Delete reconnect delay timer when done
-
-We start the reconnect delay timer to cancel the reconnection attempt
-after a while. Once nbd_co_do_establish_connection() has returned, this
-attempt is over, and we no longer need the timer.
-
-Delete it before returning from nbd_reconnect_attempt(), so that it does
-not persist beyond the I/O request that was paused for reconnecting; we
-do not want it to fire in a drained section, because all sort of things
-can happen in such a section (e.g. the AioContext might be changed, and
-we do not want the timer to fire in the wrong context; or the BDS might
-even be deleted, and so the timer CB would access already-freed data).
-
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
----
- block/nbd.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/block/nbd.c b/block/nbd.c
-index 5ef462db1b..b8e5a9b4cc 100644
---- a/block/nbd.c
-+++ b/block/nbd.c
-@@ -353,6 +353,13 @@ static coroutine_fn void nbd_reconnect_attempt(BDRVNBDState *s)
- }
-
- nbd_co_do_establish_connection(s->bs, NULL);
-+
-+ /*
-+ * The reconnect attempt is done (maybe successfully, maybe not), so
-+ * we no longer need this timer. Delete it so it will not outlive
-+ * this I/O request (so draining removes all timers).
-+ */
-+ reconnect_delay_timer_del(s);
- }
-
- static coroutine_fn int nbd_receive_replies(BDRVNBDState *s, uint64_t handle)
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Wed, 9 Feb 2022 15:02:54 +0100
-Subject: [PATCH] block/nbd: Assert there are no timers when closed
-
-Our two timers must not remain armed beyond nbd_clear_bdrvstate(), or
-they will access freed data when they fire.
-
-This patch is separate from the patches that actually fix the issue
-(HEAD^^ and HEAD^) so that you can run the associated regression iotest
-(281) on a configuration that reproducibly exposes the bug.
-
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-[FE: backport (open_timer doesn't exist yet in 6.2.0)]
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
----
- block/nbd.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/block/nbd.c b/block/nbd.c
-index b8e5a9b4cc..aab20125d8 100644
---- a/block/nbd.c
-+++ b/block/nbd.c
-@@ -108,6 +108,9 @@ static void nbd_clear_bdrvstate(BlockDriverState *bs)
-
- yank_unregister_instance(BLOCKDEV_YANK_INSTANCE(bs->node_name));
-
-+ /* Must not leave timers behind that would access freed data */
-+ assert(!s->reconnect_delay_timer);
-+
- object_unref(OBJECT(s->tlscreds));
- qapi_free_SocketAddress(s->saddr);
- s->saddr = NULL;
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Hanna Reitz <hreitz@redhat.com>
-Date: Wed, 9 Feb 2022 15:02:57 +0100
-Subject: [PATCH] block/nbd: Move s->ioc on AioContext change
-
-s->ioc must always be attached to the NBD node's AioContext. If that
-context changes, s->ioc must be attached to the new context.
-
-Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2033626
-Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
-Signed-off-by: Hanna Reitz <hreitz@redhat.com>
-[FE: backport (open_timer doesn't exist yet in 6.2.0)]
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
----
- block/nbd.c | 41 +++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 41 insertions(+)
-
-diff --git a/block/nbd.c b/block/nbd.c
-index aab20125d8..a3896c7f5f 100644
---- a/block/nbd.c
-+++ b/block/nbd.c
-@@ -2003,6 +2003,38 @@ static void nbd_cancel_in_flight(BlockDriverState *bs)
- nbd_co_establish_connection_cancel(s->conn);
- }
-
-+static void nbd_attach_aio_context(BlockDriverState *bs,
-+ AioContext *new_context)
-+{
-+ BDRVNBDState *s = bs->opaque;
-+
-+ /*
-+ * The reconnect_delay_timer is scheduled in I/O paths when the
-+ * connection is lost, to cancel the reconnection attempt after a
-+ * given time. Once this attempt is done (successfully or not),
-+ * nbd_reconnect_attempt() ensures the timer is deleted before the
-+ * respective I/O request is resumed.
-+ * Since the AioContext can only be changed when a node is drained,
-+ * the reconnect_delay_timer cannot be active here.
-+ */
-+ assert(!s->reconnect_delay_timer);
-+
-+ if (s->ioc) {
-+ qio_channel_attach_aio_context(s->ioc, new_context);
-+ }
-+}
-+
-+static void nbd_detach_aio_context(BlockDriverState *bs)
-+{
-+ BDRVNBDState *s = bs->opaque;
-+
-+ assert(!s->reconnect_delay_timer);
-+
-+ if (s->ioc) {
-+ qio_channel_detach_aio_context(s->ioc);
-+ }
-+}
-+
- static BlockDriver bdrv_nbd = {
- .format_name = "nbd",
- .protocol_name = "nbd",
-@@ -2026,6 +2058,9 @@ static BlockDriver bdrv_nbd = {
- .bdrv_dirname = nbd_dirname,
- .strong_runtime_opts = nbd_strong_runtime_opts,
- .bdrv_cancel_in_flight = nbd_cancel_in_flight,
-+
-+ .bdrv_attach_aio_context = nbd_attach_aio_context,
-+ .bdrv_detach_aio_context = nbd_detach_aio_context,
- };
-
- static BlockDriver bdrv_nbd_tcp = {
-@@ -2051,6 +2086,9 @@ static BlockDriver bdrv_nbd_tcp = {
- .bdrv_dirname = nbd_dirname,
- .strong_runtime_opts = nbd_strong_runtime_opts,
- .bdrv_cancel_in_flight = nbd_cancel_in_flight,
-+
-+ .bdrv_attach_aio_context = nbd_attach_aio_context,
-+ .bdrv_detach_aio_context = nbd_detach_aio_context,
- };
-
- static BlockDriver bdrv_nbd_unix = {
-@@ -2076,6 +2114,9 @@ static BlockDriver bdrv_nbd_unix = {
- .bdrv_dirname = nbd_dirname,
- .strong_runtime_opts = nbd_strong_runtime_opts,
- .bdrv_cancel_in_flight = nbd_cancel_in_flight,
-+
-+ .bdrv_attach_aio_context = nbd_attach_aio_context,
-+ .bdrv_detach_aio_context = nbd_detach_aio_context,
- };
-
- static void bdrv_nbd_init(void)
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Mon, 27 Dec 2021 14:31:17 -0500
-Subject: [PATCH] acpi: fix QEMU crash when started with SLIC table
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-if QEMU is started with used provided SLIC table blob,
-
- -acpitable sig=SLIC,oem_id='CRASH ',oem_table_id="ME",oem_rev=00002210,asl_compiler_id="",asl_compiler_rev=00000000,data=/dev/null
-it will assert with:
-
- hw/acpi/aml-build.c:61:build_append_padded_str: assertion failed: (len <= maxlen)
-
-and following backtrace:
-
- ...
- build_append_padded_str (array=0x555556afe320, str=0x555556afdb2e "CRASH ME", maxlen=0x6, pad=0x20) at hw/acpi/aml-build.c:61
- acpi_table_begin (desc=0x7fffffffd1b0, array=0x555556afe320) at hw/acpi/aml-build.c:1727
- build_fadt (tbl=0x555556afe320, linker=0x555557ca3830, f=0x7fffffffd318, oem_id=0x555556afdb2e "CRASH ME", oem_table_id=0x555556afdb34 "ME") at hw/acpi/aml-build.c:2064
- ...
-
-which happens due to acpi_table_begin() expecting NULL terminated
-oem_id and oem_table_id strings, which is normally the case, but
-in case of user provided SLIC table, oem_id points to table's blob
-directly and as result oem_id became longer than expected.
-
-Fix issue by handling oem_id consistently and make acpi_get_slic_oem()
-return NULL terminated strings.
-
-PS:
-After [1] refactoring, oem_id semantics became inconsistent, where
-NULL terminated string was coming from machine and old way pointer
-into byte array coming from -acpitable option. That used to work
-since build_header() wasn't expecting NULL terminated string and
-blindly copied the 1st 6 bytes only.
-
-However commit [2] broke that by replacing build_header() with
-acpi_table_begin(), which was expecting NULL terminated string
-and was checking oem_id size.
-
-1) 602b45820 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
-2)
-Fixes: 4b56e1e4eb08 ("acpi: build_fadt: use acpi_table_begin()/acpi_table_end() instead of build_header()")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/786
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Message-Id: <20211227193120.1084176-2-imammedo@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Tested-by: Denis Lisov <dennis.lissov@gmail.com>
-Tested-by: Alexander Tsoy <alexander@tsoy.me>
-Cc: qemu-stable@nongnu.org
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 8cdb99af45365727ac17f45239a9b8c1d5155c6d)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/acpi/core.c | 4 ++--
- hw/i386/acpi-build.c | 2 ++
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/hw/acpi/core.c b/hw/acpi/core.c
-index 1e004d0078..3e811bf03c 100644
---- a/hw/acpi/core.c
-+++ b/hw/acpi/core.c
-@@ -345,8 +345,8 @@ int acpi_get_slic_oem(AcpiSlicOem *oem)
- struct acpi_table_header *hdr = (void *)(u - sizeof(hdr->_length));
-
- if (memcmp(hdr->sig, "SLIC", 4) == 0) {
-- oem->id = hdr->oem_id;
-- oem->table_id = hdr->oem_table_id;
-+ oem->id = g_strndup(hdr->oem_id, 6);
-+ oem->table_id = g_strndup(hdr->oem_table_id, 8);
- return 0;
- }
- }
-diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
-index a99c6e4fe3..570f82997b 100644
---- a/hw/i386/acpi-build.c
-+++ b/hw/i386/acpi-build.c
-@@ -2721,6 +2721,8 @@ void acpi_build(AcpiBuildTables *tables, MachineState *machine)
-
- /* Cleanup memory that's no longer used. */
- g_array_free(table_offsets, true);
-+ g_free(slic_oem.id);
-+ g_free(slic_oem.table_id);
- }
-
- static void acpi_ram_update(MemoryRegion *mr, GArray *data)
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Jason Wang <jasowang@redhat.com>
-Date: Tue, 8 Mar 2022 10:42:51 +0800
-Subject: [PATCH] virtio-net: fix map leaking on error during receive
-
-Commit bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg")
-tries to fix the use after free of the sg by caching the virtqueue
-elements in an array and unmap them at once after receiving the
-packets, But it forgot to unmap the cached elements on error which
-will lead to leaking of mapping and other unexpected results.
-
-Fixing this by detaching the cached elements on error. This addresses
-CVE-2022-26353.
-
-Reported-by: Victor Tom <vv474172261@gmail.com>
-Cc: qemu-stable@nongnu.org
-Fixes: CVE-2022-26353
-Fixes: bedd7e93d0196 ("virtio-net: fix use after unmap/free for sg")
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit abe300d9d894f7138e1af7c8e9c88c04bfe98b37)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/net/virtio-net.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
-index f2014d5ea0..e1f4748831 100644
---- a/hw/net/virtio-net.c
-+++ b/hw/net/virtio-net.c
-@@ -1862,6 +1862,7 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
-
- err:
- for (j = 0; j < i; j++) {
-+ virtqueue_detach_element(q->rx_vq, elems[j], lens[j]);
- g_free(elems[j]);
- }
-
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Peter Xu <peterx@redhat.com>
-Date: Tue, 30 Nov 2021 16:00:28 +0800
-Subject: [PATCH] memory: Fix incorrect calls of log_global_start/stop
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We should only call the log_global_start/stop when the global dirty track
-bitmask changes from zero<->non-zero.
-
-No real issue reported for this yet probably because no immediate user to
-enable both dirty rate measurement and migration at the same time. However
-it'll be good to be prepared for it.
-
-Fixes: 63b41db4bc ("memory: make global_dirty_tracking a bitmask")
-Cc: qemu-stable@nongnu.org
-Cc: Hyman Huang <huangy81@chinatelecom.cn>
-Cc: Paolo Bonzini <pbonzini@redhat.com>
-Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
-Cc: Juan Quintela <quintela@redhat.com>
-Cc: David Hildenbrand <david@redhat.com>
-Signed-off-by: Peter Xu <peterx@redhat.com>
-Reviewed-by: David Hildenbrand <david@redhat.com>
-Message-Id: <20211130080028.6474-1-peterx@redhat.com>
-Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-(cherry picked from commit 7b0538ed3a22ce30817f818449d10701fb0821f9)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- softmmu/memory.c | 27 ++++++++++++++-------------
- 1 file changed, 14 insertions(+), 13 deletions(-)
-
-diff --git a/softmmu/memory.c b/softmmu/memory.c
-index 7340e19ff5..81d4bf1454 100644
---- a/softmmu/memory.c
-+++ b/softmmu/memory.c
-@@ -2773,6 +2773,8 @@ static VMChangeStateEntry *vmstate_change;
-
- void memory_global_dirty_log_start(unsigned int flags)
- {
-+ unsigned int old_flags = global_dirty_tracking;
-+
- if (vmstate_change) {
- qemu_del_vm_change_state_handler(vmstate_change);
- vmstate_change = NULL;
-@@ -2781,15 +2783,14 @@ void memory_global_dirty_log_start(unsigned int flags)
- assert(flags && !(flags & (~GLOBAL_DIRTY_MASK)));
- assert(!(global_dirty_tracking & flags));
- global_dirty_tracking |= flags;
--
- trace_global_dirty_changed(global_dirty_tracking);
-
-- MEMORY_LISTENER_CALL_GLOBAL(log_global_start, Forward);
--
-- /* Refresh DIRTY_MEMORY_MIGRATION bit. */
-- memory_region_transaction_begin();
-- memory_region_update_pending = true;
-- memory_region_transaction_commit();
-+ if (!old_flags) {
-+ MEMORY_LISTENER_CALL_GLOBAL(log_global_start, Forward);
-+ memory_region_transaction_begin();
-+ memory_region_update_pending = true;
-+ memory_region_transaction_commit();
-+ }
- }
-
- static void memory_global_dirty_log_do_stop(unsigned int flags)
-@@ -2800,12 +2801,12 @@ static void memory_global_dirty_log_do_stop(unsigned int flags)
-
- trace_global_dirty_changed(global_dirty_tracking);
-
-- /* Refresh DIRTY_MEMORY_MIGRATION bit. */
-- memory_region_transaction_begin();
-- memory_region_update_pending = true;
-- memory_region_transaction_commit();
--
-- MEMORY_LISTENER_CALL_GLOBAL(log_global_stop, Reverse);
-+ if (!global_dirty_tracking) {
-+ memory_region_transaction_begin();
-+ memory_region_update_pending = true;
-+ memory_region_transaction_commit();
-+ MEMORY_LISTENER_CALL_GLOBAL(log_global_stop, Reverse);
-+ }
- }
-
- static void memory_vm_change_state_handler(void *opaque, bool running,
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Igor Mammedov <imammedo@redhat.com>
-Date: Wed, 12 Jan 2022 08:03:31 -0500
-Subject: [PATCH] acpi: fix OEM ID/OEM Table ID padding
-
-Commit [2] broke original '\0' padding of OEM ID and OEM Table ID
-fields in headers of ACPI tables. While it doesn't have impact on
-default values since QEMU uses 6 and 8 characters long values
-respectively, it broke usecase where IDs are provided on QEMU CLI.
-It shouldn't affect guest (but may cause licensing verification
-issues in guest OS).
-One of the broken usecases is user supplied SLIC table with IDs
-shorter than max possible length, where [2] mangles IDs with extra
-spaces in RSDT and FADT tables whereas guest OS expects those to
-mirror the respective values of the used SLIC table.
-
-Fix it by replacing whitespace padding with '\0' padding in
-accordance with [1] and expectations of guest OS
-
-1) ACPI spec, v2.0b
- 17.2 AML Grammar Definition
- ...
- //OEM ID of up to 6 characters. If the OEM ID is
- //shorter than 6 characters, it can be terminated
- //with a NULL character.
-
-2)
-Fixes: 602b458201 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
-Resolves: https://gitlab.com/qemu-project/qemu/-/issues/707
-Reported-by: Dmitry V. Orekhov <dima.orekhov@gmail.com>
-Signed-off-by: Igor Mammedov <imammedo@redhat.com>
-Cc: qemu-stable@nongnu.org
-Message-Id: <20220112130332.1648664-4-imammedo@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-Reviewed-by: Ani Sinha <ani@anisinha.ca>
-Tested-by: Dmitry V. Orekhov dima.orekhov@gmail.com
-(cherry picked from commit 748c030f360a940fe0c9382c8ca1649096c3a80d)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/acpi/aml-build.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
-index b3b3310df3..65148d5b9d 100644
---- a/hw/acpi/aml-build.c
-+++ b/hw/acpi/aml-build.c
-@@ -1724,9 +1724,9 @@ void acpi_table_begin(AcpiTable *desc, GArray *array)
- build_append_int_noprefix(array, 0, 4); /* Length */
- build_append_int_noprefix(array, desc->rev, 1); /* Revision */
- build_append_int_noprefix(array, 0, 1); /* Checksum */
-- build_append_padded_str(array, desc->oem_id, 6, ' '); /* OEMID */
-+ build_append_padded_str(array, desc->oem_id, 6, '\0'); /* OEMID */
- /* OEM Table ID */
-- build_append_padded_str(array, desc->oem_table_id, 8, ' ');
-+ build_append_padded_str(array, desc->oem_table_id, 8, '\0');
- build_append_int_noprefix(array, 1, 4); /* OEM Revision */
- g_array_append_vals(array, ACPI_BUILD_APPNAME8, 4); /* Creator ID */
- build_append_int_noprefix(array, 1, 4); /* Creator Revision */
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Stefano Garzarella <sgarzare@redhat.com>
-Date: Mon, 28 Feb 2022 10:50:58 +0100
-Subject: [PATCH] vhost-vsock: detach the virqueue element in case of error
-
-In vhost_vsock_common_send_transport_reset(), if an element popped from
-the virtqueue is invalid, we should call virtqueue_detach_element() to
-detach it from the virtqueue before freeing its memory.
-
-Fixes: fc0b9b0e1c ("vhost-vsock: add virtio sockets device")
-Fixes: CVE-2022-26354
-Cc: qemu-stable@nongnu.org
-Reported-by: VictorV <vv474172261@gmail.com>
-Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
-Message-Id: <20220228095058.27899-1-sgarzare@redhat.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 8d1b247f3748ac4078524130c6d7ae42b6140aaf)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/virtio/vhost-vsock-common.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/hw/virtio/vhost-vsock-common.c b/hw/virtio/vhost-vsock-common.c
-index 3f3771274e..ed706681ac 100644
---- a/hw/virtio/vhost-vsock-common.c
-+++ b/hw/virtio/vhost-vsock-common.c
-@@ -153,19 +153,23 @@ static void vhost_vsock_common_send_transport_reset(VHostVSockCommon *vvc)
- if (elem->out_num) {
- error_report("invalid vhost-vsock event virtqueue element with "
- "out buffers");
-- goto out;
-+ goto err;
- }
-
- if (iov_from_buf(elem->in_sg, elem->in_num, 0,
- &event, sizeof(event)) != sizeof(event)) {
- error_report("vhost-vsock event virtqueue element is too short");
-- goto out;
-+ goto err;
- }
-
- virtqueue_push(vq, elem, sizeof(event));
- virtio_notify(VIRTIO_DEVICE(vvc), vq);
-
--out:
-+ g_free(elem);
-+ return;
-+
-+err:
-+ virtqueue_detach_element(vq, elem, 0);
- g_free(elem);
- }
-
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Xueming Li <xuemingl@nvidia.com>
-Date: Mon, 7 Feb 2022 15:19:28 +0800
-Subject: [PATCH] vhost-user: remove VirtQ notifier restore
-
-Notifier set when vhost-user backend asks qemu to mmap an FD and
-offset. When vhost-user backend restart or getting killed, VQ notifier
-FD and mmap addresses become invalid. After backend restart, MR contains
-the invalid address will be restored and fail on notifier access.
-
-On the other hand, qemu should munmap the notifier, release underlying
-hardware resources to enable backend restart and allocate hardware
-notifier resources correctly.
-
-Qemu shouldn't reference and use resources of disconnected backend.
-
-This patch removes VQ notifier restore, uses the default vhost-user
-notifier to avoid invalid address access.
-
-After backend restart, the backend should ask qemu to install a hardware
-notifier if needed.
-
-Fixes: 44866521bd6e ("vhost-user: support registering external host notifiers")
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Xueming Li <xuemingl@nvidia.com>
-Message-Id: <20220207071929.527149-2-xuemingl@nvidia.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit e867144b73b3c5009266b6df07d5ff44acfb82c3)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/virtio/vhost-user.c | 19 +------------------
- include/hw/virtio/vhost-user.h | 1 -
- 2 files changed, 1 insertion(+), 19 deletions(-)
-
-diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
-index bf6e50223c..c671719e9b 100644
---- a/hw/virtio/vhost-user.c
-+++ b/hw/virtio/vhost-user.c
-@@ -1143,19 +1143,6 @@ static int vhost_user_set_vring_num(struct vhost_dev *dev,
- return vhost_set_vring(dev, VHOST_USER_SET_VRING_NUM, ring);
- }
-
--static void vhost_user_host_notifier_restore(struct vhost_dev *dev,
-- int queue_idx)
--{
-- struct vhost_user *u = dev->opaque;
-- VhostUserHostNotifier *n = &u->user->notifier[queue_idx];
-- VirtIODevice *vdev = dev->vdev;
--
-- if (n->addr && !n->set) {
-- virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, true);
-- n->set = true;
-- }
--}
--
- static void vhost_user_host_notifier_remove(struct vhost_dev *dev,
- int queue_idx)
- {
-@@ -1163,17 +1150,14 @@ static void vhost_user_host_notifier_remove(struct vhost_dev *dev,
- VhostUserHostNotifier *n = &u->user->notifier[queue_idx];
- VirtIODevice *vdev = dev->vdev;
-
-- if (n->addr && n->set) {
-+ if (n->addr) {
- virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, false);
-- n->set = false;
- }
- }
-
- static int vhost_user_set_vring_base(struct vhost_dev *dev,
- struct vhost_vring_state *ring)
- {
-- vhost_user_host_notifier_restore(dev, ring->index);
--
- return vhost_set_vring(dev, VHOST_USER_SET_VRING_BASE, ring);
- }
-
-@@ -1538,7 +1522,6 @@ static int vhost_user_slave_handle_vring_host_notifier(struct vhost_dev *dev,
- }
-
- n->addr = addr;
-- n->set = true;
-
- return 0;
- }
-diff --git a/include/hw/virtio/vhost-user.h b/include/hw/virtio/vhost-user.h
-index a9abca3288..f6012b2078 100644
---- a/include/hw/virtio/vhost-user.h
-+++ b/include/hw/virtio/vhost-user.h
-@@ -14,7 +14,6 @@
- typedef struct VhostUserHostNotifier {
- MemoryRegion mr;
- void *addr;
-- bool set;
- } VhostUserHostNotifier;
-
- typedef struct VhostUserState {
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Xueming Li <xuemingl@nvidia.com>
-Date: Mon, 7 Feb 2022 15:19:29 +0800
-Subject: [PATCH] vhost-user: fix VirtQ notifier cleanup
-
-When vhost-user device cleanup, remove notifier MR and munmaps notifier
-address in the event-handling thread, VM CPU thread writing the notifier
-in concurrent fails with an error of accessing invalid address. It
-happens because MR is still being referenced and accessed in another
-thread while the underlying notifier mmap address is being freed and
-becomes invalid.
-
-This patch calls RCU and munmap notifiers in the callback after the
-memory flatview update finish.
-
-Fixes: 44866521bd6e ("vhost-user: support registering external host notifiers")
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Xueming Li <xuemingl@nvidia.com>
-Message-Id: <20220207071929.527149-3-xuemingl@nvidia.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 0b0af4d62f7002b31cd7b2762b26d2fcb76bb2ba)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/virtio/vhost-user.c | 48 ++++++++++++++++++++--------------
- include/hw/virtio/vhost-user.h | 2 ++
- 2 files changed, 31 insertions(+), 19 deletions(-)
-
-diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
-index c671719e9b..ed5f9a5471 100644
---- a/hw/virtio/vhost-user.c
-+++ b/hw/virtio/vhost-user.c
-@@ -25,6 +25,7 @@
- #include "migration/migration.h"
- #include "migration/postcopy-ram.h"
- #include "trace.h"
-+#include "exec/ramblock.h"
-
- #include <sys/ioctl.h>
- #include <sys/socket.h>
-@@ -1143,15 +1144,26 @@ static int vhost_user_set_vring_num(struct vhost_dev *dev,
- return vhost_set_vring(dev, VHOST_USER_SET_VRING_NUM, ring);
- }
-
--static void vhost_user_host_notifier_remove(struct vhost_dev *dev,
-- int queue_idx)
-+static void vhost_user_host_notifier_free(VhostUserHostNotifier *n)
- {
-- struct vhost_user *u = dev->opaque;
-- VhostUserHostNotifier *n = &u->user->notifier[queue_idx];
-- VirtIODevice *vdev = dev->vdev;
-+ assert(n && n->unmap_addr);
-+ munmap(n->unmap_addr, qemu_real_host_page_size);
-+ n->unmap_addr = NULL;
-+}
-+
-+static void vhost_user_host_notifier_remove(VhostUserState *user,
-+ VirtIODevice *vdev, int queue_idx)
-+{
-+ VhostUserHostNotifier *n = &user->notifier[queue_idx];
-
- if (n->addr) {
-- virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, false);
-+ if (vdev) {
-+ virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, false);
-+ }
-+ assert(!n->unmap_addr);
-+ n->unmap_addr = n->addr;
-+ n->addr = NULL;
-+ call_rcu(n, vhost_user_host_notifier_free, rcu);
- }
- }
-
-@@ -1190,8 +1202,9 @@ static int vhost_user_get_vring_base(struct vhost_dev *dev,
- .payload.state = *ring,
- .hdr.size = sizeof(msg.payload.state),
- };
-+ struct vhost_user *u = dev->opaque;
-
-- vhost_user_host_notifier_remove(dev, ring->index);
-+ vhost_user_host_notifier_remove(u->user, dev->vdev, ring->index);
-
- if (vhost_user_write(dev, &msg, NULL, 0) < 0) {
- return -1;
-@@ -1486,12 +1499,7 @@ static int vhost_user_slave_handle_vring_host_notifier(struct vhost_dev *dev,
-
- n = &user->notifier[queue_idx];
-
-- if (n->addr) {
-- virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, false);
-- object_unparent(OBJECT(&n->mr));
-- munmap(n->addr, page_size);
-- n->addr = NULL;
-- }
-+ vhost_user_host_notifier_remove(user, vdev, queue_idx);
-
- if (area->u64 & VHOST_USER_VRING_NOFD_MASK) {
- return 0;
-@@ -1510,9 +1518,12 @@ static int vhost_user_slave_handle_vring_host_notifier(struct vhost_dev *dev,
-
- name = g_strdup_printf("vhost-user/host-notifier@%p mmaps[%d]",
- user, queue_idx);
-- if (!n->mr.ram) /* Don't init again after suspend. */
-+ if (!n->mr.ram) { /* Don't init again after suspend. */
- memory_region_init_ram_device_ptr(&n->mr, OBJECT(vdev), name,
- page_size, addr);
-+ } else {
-+ n->mr.ram_block->host = addr;
-+ }
- g_free(name);
-
- if (virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, true)) {
-@@ -2460,17 +2471,16 @@ bool vhost_user_init(VhostUserState *user, CharBackend *chr, Error **errp)
- void vhost_user_cleanup(VhostUserState *user)
- {
- int i;
-+ VhostUserHostNotifier *n;
-
- if (!user->chr) {
- return;
- }
- memory_region_transaction_begin();
- for (i = 0; i < VIRTIO_QUEUE_MAX; i++) {
-- if (user->notifier[i].addr) {
-- object_unparent(OBJECT(&user->notifier[i].mr));
-- munmap(user->notifier[i].addr, qemu_real_host_page_size);
-- user->notifier[i].addr = NULL;
-- }
-+ n = &user->notifier[i];
-+ vhost_user_host_notifier_remove(user, NULL, i);
-+ object_unparent(OBJECT(&n->mr));
- }
- memory_region_transaction_commit();
- user->chr = NULL;
-diff --git a/include/hw/virtio/vhost-user.h b/include/hw/virtio/vhost-user.h
-index f6012b2078..e44a41bb70 100644
---- a/include/hw/virtio/vhost-user.h
-+++ b/include/hw/virtio/vhost-user.h
-@@ -12,8 +12,10 @@
- #include "hw/virtio/virtio.h"
-
- typedef struct VhostUserHostNotifier {
-+ struct rcu_head rcu;
- MemoryRegion mr;
- void *addr;
-+ void *unmap_addr;
- } VhostUserHostNotifier;
-
- typedef struct VhostUserState {
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Halil Pasic <pasic@linux.ibm.com>
-Date: Mon, 7 Feb 2022 12:28:57 +0100
-Subject: [PATCH] virtio: fix the condition for iommu_platform not supported
-
-The commit 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but
-unsupported") claims to fail the device hotplug when iommu_platform
-is requested, but not supported by the (vhost) device. On the first
-glance the condition for detecting that situation looks perfect, but
-because a certain peculiarity of virtio_platform it ain't.
-
-In fact the aforementioned commit introduces a regression. It breaks
-virtio-fs support for Secure Execution, and most likely also for AMD SEV
-or any other confidential guest scenario that relies encrypted guest
-memory. The same also applies to any other vhost device that does not
-support _F_ACCESS_PLATFORM.
-
-The peculiarity is that iommu_platform and _F_ACCESS_PLATFORM collates
-"device can not access all of the guest RAM" and "iova != gpa, thus
-device needs to translate iova".
-
-Confidential guest technologies currently rely on the device/hypervisor
-offering _F_ACCESS_PLATFORM, so that, after the feature has been
-negotiated, the guest grants access to the portions of memory the
-device needs to see. So in for confidential guests, generally,
-_F_ACCESS_PLATFORM is about the restricted access to memory, but not
-about the addresses used being something else than guest physical
-addresses.
-
-This is the very reason for which commit f7ef7e6e3b ("vhost: correctly
-turn on VIRTIO_F_IOMMU_PLATFORM") fences _F_ACCESS_PLATFORM from the
-vhost device that does not need it, because on the vhost interface it
-only means "I/O address translation is needed".
-
-This patch takes inspiration from f7ef7e6e3b ("vhost: correctly turn on
-VIRTIO_F_IOMMU_PLATFORM"), and uses the same condition for detecting the
-situation when _F_ACCESS_PLATFORM is requested, but no I/O translation
-by the device, and thus no device capability is needed. In this
-situation claiming that the device does not support iommu_plattform=on
-is counter-productive. So let us stop doing that!
-
-Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
-Reported-by: Jakob Naucke <Jakob.Naucke@ibm.com>
-Fixes: 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but
-unsupported")
-Acked-by: Cornelia Huck <cohuck@redhat.com>
-Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
-Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com>
-Cc: Kevin Wolf <kwolf@redhat.com>
-Cc: qemu-stable@nongnu.org
-
-Message-Id: <20220207112857.607829-1-pasic@linux.ibm.com>
-Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-Acked-by: Jason Wang <jasowang@redhat.com>
-(cherry picked from commit e65902a913bf31ba79a83a3bd3621108b85cf645)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/virtio/virtio-bus.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c
-index d23db98c56..0f69d1c742 100644
---- a/hw/virtio/virtio-bus.c
-+++ b/hw/virtio/virtio-bus.c
-@@ -48,6 +48,7 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
- VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);
- VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);
- bool has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
-+ bool vdev_has_iommu;
- Error *local_err = NULL;
-
- DPRINTF("%s: plug device.\n", qbus->name);
-@@ -69,11 +70,6 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
- return;
- }
-
-- if (has_iommu && !virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) {
-- error_setg(errp, "iommu_platform=true is not supported by the device");
-- return;
-- }
--
- if (klass->device_plugged != NULL) {
- klass->device_plugged(qbus->parent, &local_err);
- }
-@@ -82,9 +78,15 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
- return;
- }
-
-+ vdev_has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
- if (klass->get_dma_as != NULL && has_iommu) {
- virtio_add_feature(&vdev->host_features, VIRTIO_F_IOMMU_PLATFORM);
- vdev->dma_as = klass->get_dma_as(qbus->parent);
-+ if (!vdev_has_iommu && vdev->dma_as != &address_space_memory) {
-+ error_setg(errp,
-+ "iommu_platform=true is not supported by the device");
-+ return;
-+ }
- } else {
- vdev->dma_as = &address_space_memory;
- }
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fabian Ebner <f.ebner@proxmox.com>
-Date: Fri, 6 May 2022 14:38:35 +0200
-Subject: [PATCH] block/gluster: correctly set max_pdiscard which is int64_t
-
-Previously, max_pdiscard would be zero in the following assertion:
-qemu-system-x86_64: ../block/io.c:3166: bdrv_co_pdiscard: Assertion
-`max_pdiscard >= bs->bl.request_alignment' failed.
-
-Fixes: 0c8022876f ("block: use int64_t instead of int in driver discard handlers")
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- block/gluster.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/block/gluster.c b/block/gluster.c
-index 398976bc66..592e71b22a 100644
---- a/block/gluster.c
-+++ b/block/gluster.c
-@@ -891,7 +891,7 @@ out:
- static void qemu_gluster_refresh_limits(BlockDriverState *bs, Error **errp)
- {
- bs->bl.max_transfer = GLUSTER_MAX_TRANSFER;
-- bs->bl.max_pdiscard = SIZE_MAX;
-+ bs->bl.max_pdiscard = INT64_MAX;
- }
-
- static int qemu_gluster_reopen_prepare(BDRVReopenState *state,
-@@ -1304,7 +1304,7 @@ static coroutine_fn int qemu_gluster_co_pdiscard(BlockDriverState *bs,
- GlusterAIOCB acb;
- BDRVGlusterState *s = bs->opaque;
-
-- assert(bytes <= SIZE_MAX); /* rely on max_pdiscard */
-+ assert(bytes <= INT64_MAX); /* rely on max_pdiscard */
-
- acb.size = 0;
- acb.ret = 0;
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Rao Lei <lei.rao@intel.com>
-Date: Fri, 6 May 2022 14:38:36 +0200
-Subject: [PATCH] ui/vnc.c: Fixed a deadlock bug.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The GDB statck is as follows:
-(gdb) bt
-0 __lll_lock_wait (futex=futex@entry=0x56211df20360, private=0) at lowlevellock.c:52
-1 0x00007f263caf20a3 in __GI___pthread_mutex_lock (mutex=0x56211df20360) at ../nptl/pthread_mutex_lock.c:80
-2 0x000056211a757364 in qemu_mutex_lock_impl (mutex=0x56211df20360, file=0x56211a804857 "../ui/vnc-jobs.h", line=60)
- at ../util/qemu-thread-posix.c:80
-3 0x000056211a0ef8c7 in vnc_lock_output (vs=0x56211df14200) at ../ui/vnc-jobs.h:60
-4 0x000056211a0efcb7 in vnc_clipboard_send (vs=0x56211df14200, count=1, dwords=0x7ffdf1701338) at ../ui/vnc-clipboard.c:138
-5 0x000056211a0f0129 in vnc_clipboard_notify (notifier=0x56211df244c8, data=0x56211dd1bbf0) at ../ui/vnc-clipboard.c:209
-6 0x000056211a75dde8 in notifier_list_notify (list=0x56211afa17d0 <clipboard_notifiers>, data=0x56211dd1bbf0) at ../util/notify.c:39
-7 0x000056211a0bf0e6 in qemu_clipboard_update (info=0x56211dd1bbf0) at ../ui/clipboard.c:50
-8 0x000056211a0bf05d in qemu_clipboard_peer_release (peer=0x56211df244c0, selection=QEMU_CLIPBOARD_SELECTION_CLIPBOARD)
- at ../ui/clipboard.c:41
-9 0x000056211a0bef9b in qemu_clipboard_peer_unregister (peer=0x56211df244c0) at ../ui/clipboard.c:19
-10 0x000056211a0d45f3 in vnc_disconnect_finish (vs=0x56211df14200) at ../ui/vnc.c:1358
-11 0x000056211a0d4c9d in vnc_client_read (vs=0x56211df14200) at ../ui/vnc.c:1611
-12 0x000056211a0d4df8 in vnc_client_io (ioc=0x56211ce70690, condition=G_IO_IN, opaque=0x56211df14200) at ../ui/vnc.c:1649
-13 0x000056211a5b976c in qio_channel_fd_source_dispatch
- (source=0x56211ce50a00, callback=0x56211a0d4d71 <vnc_client_io>, user_data=0x56211df14200) at ../io/channel-watch.c:84
-14 0x00007f263ccede8e in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
-15 0x000056211a77d4a1 in glib_pollfds_poll () at ../util/main-loop.c:232
-16 0x000056211a77d51f in os_host_main_loop_wait (timeout=958545) at ../util/main-loop.c:255
-17 0x000056211a77d630 in main_loop_wait (nonblocking=0) at ../util/main-loop.c:531
-18 0x000056211a45bc8e in qemu_main_loop () at ../softmmu/runstate.c:726
-19 0x000056211a0b45fa in main (argc=69, argv=0x7ffdf1701778, envp=0x7ffdf17019a8) at ../softmmu/main.c:50
-
-From the call trace, we can see it is a deadlock bug.
-vnc_disconnect_finish will acquire the output_mutex.
-But, the output_mutex will be acquired again in vnc_clipboard_send.
-Repeated locking will cause deadlock. So, I move
-qemu_clipboard_peer_unregister() behind vnc_unlock_output();
-
-Fixes: 0bf41cab93e ("ui/vnc: clipboard support")
-Signed-off-by: Lei Rao <lei.rao@intel.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-Id: <20220105020808.597325-1-lei.rao@intel.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry-picked from commit 1dbbe6f172810026c51dc84ed927a3cc23017949)
-[FE: trivial backport for 6.2]
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- ui/vnc.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ui/vnc.c b/ui/vnc.c
-index af02522e84..b253e85c65 100644
---- a/ui/vnc.c
-+++ b/ui/vnc.c
-@@ -1354,12 +1354,12 @@ void vnc_disconnect_finish(VncState *vs)
- /* last client gone */
- vnc_update_server_surface(vs->vd);
- }
-+ vnc_unlock_output(vs);
-+
- if (vs->cbpeer.update.notify) {
- qemu_clipboard_peer_unregister(&vs->cbpeer);
- }
-
-- vnc_unlock_output(vs);
--
- qemu_mutex_destroy(&vs->output_mutex);
- if (vs->bh != NULL) {
- qemu_bh_delete(vs->bh);
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Mauro Matteo Cascella <mcascell@redhat.com>
-Date: Thu, 7 Apr 2022 10:11:06 +0200
-Subject: [PATCH] display/qxl-render: fix race condition in qxl_cursor
- (CVE-2021-4207)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Avoid fetching 'width' and 'height' a second time to prevent possible
-race condition. Refer to security advisory
-https://starlabs.sg/advisories/22-4207/ for more information.
-
-Fixes: CVE-2021-4207
-Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-Id: <20220407081106.343235-1-mcascell@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit 9569f5cb5b4bffa9d3ebc8ba7da1e03830a9a895)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/display/qxl-render.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
-index d28849b121..237ed293ba 100644
---- a/hw/display/qxl-render.c
-+++ b/hw/display/qxl-render.c
-@@ -266,7 +266,7 @@ static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor,
- }
- break;
- case SPICE_CURSOR_TYPE_ALPHA:
-- size = sizeof(uint32_t) * cursor->header.width * cursor->header.height;
-+ size = sizeof(uint32_t) * c->width * c->height;
- qxl_unpack_chunks(c->data, size, qxl, &cursor->chunk, group_id);
- if (qxl->debug > 2) {
- cursor_print_ascii_art(c, "qxl/alpha");
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Mauro Matteo Cascella <mcascell@redhat.com>
-Date: Thu, 7 Apr 2022 10:17:12 +0200
-Subject: [PATCH] ui/cursor: fix integer overflow in cursor_alloc
- (CVE-2021-4206)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Prevent potential integer overflow by limiting 'width' and 'height' to
-512x512. Also change 'datasize' type to size_t. Refer to security
-advisory https://starlabs.sg/advisories/22-4206/ for more information.
-
-Fixes: CVE-2021-4206
-Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
-Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Message-Id: <20220407081712.345609-1-mcascell@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit fa892e9abb728e76afcf27323ab29c57fb0fe7aa)
-Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
----
- hw/display/qxl-render.c | 7 +++++++
- hw/display/vmware_vga.c | 2 ++
- ui/cursor.c | 8 +++++++-
- 3 files changed, 16 insertions(+), 1 deletion(-)
-
-diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
-index 237ed293ba..ca217004bf 100644
---- a/hw/display/qxl-render.c
-+++ b/hw/display/qxl-render.c
-@@ -247,6 +247,13 @@ static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor,
- size_t size;
-
- c = cursor_alloc(cursor->header.width, cursor->header.height);
-+
-+ if (!c) {
-+ qxl_set_guest_bug(qxl, "%s: cursor %ux%u alloc error", __func__,
-+ cursor->header.width, cursor->header.height);
-+ goto fail;
-+ }
-+
- c->hot_x = cursor->header.hot_spot_x;
- c->hot_y = cursor->header.hot_spot_y;
- switch (cursor->header.type) {
-diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
-index e2969a6c81..2b81d6122f 100644
---- a/hw/display/vmware_vga.c
-+++ b/hw/display/vmware_vga.c
-@@ -509,6 +509,8 @@ static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,
- int i, pixels;
-
- qc = cursor_alloc(c->width, c->height);
-+ assert(qc != NULL);
-+
- qc->hot_x = c->hot_x;
- qc->hot_y = c->hot_y;
- switch (c->bpp) {
-diff --git a/ui/cursor.c b/ui/cursor.c
-index 1d62ddd4d0..835f0802f9 100644
---- a/ui/cursor.c
-+++ b/ui/cursor.c
-@@ -46,6 +46,8 @@ static QEMUCursor *cursor_parse_xpm(const char *xpm[])
-
- /* parse pixel data */
- c = cursor_alloc(width, height);
-+ assert(c != NULL);
-+
- for (pixel = 0, y = 0; y < height; y++, line++) {
- for (x = 0; x < height; x++, pixel++) {
- idx = xpm[line][x];
-@@ -91,7 +93,11 @@ QEMUCursor *cursor_builtin_left_ptr(void)
- QEMUCursor *cursor_alloc(int width, int height)
- {
- QEMUCursor *c;
-- int datasize = width * height * sizeof(uint32_t);
-+ size_t datasize = width * height * sizeof(uint32_t);
-+
-+ if (width > 512 || height > 512) {
-+ return NULL;
-+ }
-
- c = g_malloc0(sizeof(QEMUCursor) + datasize);
- c->width = width;
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index b283093e5b..821405fd02 100644
+index 39a3d6dbe6..e5bf5d59bf 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -552,7 +552,7 @@ static QemuOptsList raw_runtime_opts = {
+@@ -554,7 +554,7 @@ static QemuOptsList raw_runtime_opts = {
{
.name = "locking",
.type = QEMU_OPT_STRING,
},
{
.name = "pr-manager",
-@@ -652,7 +652,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
+@@ -654,7 +654,7 @@ static int raw_open_common(BlockDriverState *bs, QDict *options,
s->use_lock = false;
break;
case ON_OFF_AUTO_AUTO:
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
-index 04f2b790c9..19fdbb981c 100644
+index 982c532353..5395e7e471 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
-@@ -2039,9 +2039,9 @@ uint64_t cpu_get_tsc(CPUX86State *env);
+@@ -2087,9 +2087,9 @@ uint64_t cpu_get_tsc(CPUX86State *env);
#define CPU_RESOLVING_TYPE TYPE_X86_CPU
#ifdef TARGET_X86_64
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/ui/spice-core.c b/ui/spice-core.c
-index 31974b8d6c..a3acdbd682 100644
+index c3ac20ad43..37774f1c0a 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -689,32 +689,35 @@ static void qemu_spice_init(void)
1 file changed, 2 insertions(+)
diff --git a/block/rbd.c b/block/rbd.c
-index def96292e0..a4b8fb482c 100644
+index 6caf35cbba..0cec24c86d 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -820,6 +820,8 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
{
NetClientState *nc;
diff --git a/qapi/net.json b/qapi/net.json
-index 7fab2e7cd8..74c9a6109e 100644
+index b92f3f5fb4..52c7e1f82b 100644
--- a/qapi/net.json
+++ b/qapi/net.json
@@ -35,6 +35,21 @@
# @netdev_add:
#
diff --git a/qapi/pragma.json b/qapi/pragma.json
-index 3bc0335d1f..7c91ea3685 100644
+index e6a021c19c..41139d8645 100644
--- a/qapi/pragma.json
+++ b/qapi/pragma.json
-@@ -22,6 +22,7 @@
+@@ -25,6 +25,7 @@
'system_reset',
'system_wakeup' ],
'command-returns-exceptions': [
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/qemu-img.c b/qemu-img.c
-index f036a1d428..080ad9bca7 100644
+index 1caddfb23a..2782e181c0 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -2989,7 +2989,8 @@ static int img_info(int argc, char **argv)
+@@ -3005,7 +3005,8 @@ static int img_info(int argc, char **argv)
list = collect_image_info_list(image_opts, filename, fmt, chain,
force_share);
if (!list) {
2 files changed, 119 insertions(+), 72 deletions(-)
diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
-index 72bcdcfbfa..0b2999f3ab 100644
+index 1b1dab5b17..d1616c045a 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -58,9 +58,9 @@ SRST
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index 080ad9bca7..1f457d9e80 100644
+index 2782e181c0..8cd43b3601 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4805,10 +4805,12 @@ static int img_bitmap(int argc, char **argv)
+@@ -4821,10 +4821,12 @@ static int img_bitmap(int argc, char **argv)
#define C_IF 04
#define C_OF 010
#define C_SKIP 020
};
struct DdIo {
-@@ -4884,6 +4886,19 @@ static int img_dd_skip(const char *arg,
+@@ -4900,6 +4902,19 @@ static int img_dd_skip(const char *arg,
return 0;
}
static int img_dd(int argc, char **argv)
{
int ret = 0;
-@@ -4924,6 +4939,7 @@ static int img_dd(int argc, char **argv)
+@@ -4940,6 +4955,7 @@ static int img_dd(int argc, char **argv)
{ "if", img_dd_if, C_IF },
{ "of", img_dd_of, C_OF },
{ "skip", img_dd_skip, C_SKIP },
{ NULL, NULL, 0 }
};
const struct option long_options[] = {
-@@ -4999,91 +5015,112 @@ static int img_dd(int argc, char **argv)
+@@ -5015,91 +5031,112 @@ static int img_dd(int argc, char **argv)
arg = NULL;
}
}
if (dd.flags & C_SKIP && (in.offset > INT64_MAX / in.bsz ||
-@@ -5101,11 +5138,17 @@ static int img_dd(int argc, char **argv)
+@@ -5117,11 +5154,17 @@ static int img_dd(int argc, char **argv)
for (out_pos = 0; in_pos < size; block_count++) {
int in_ret, out_ret;
}
if (in_ret < 0) {
error_report("error while reading from input image file: %s",
-@@ -5115,9 +5158,13 @@ static int img_dd(int argc, char **argv)
+@@ -5131,9 +5174,13 @@ static int img_dd(int argc, char **argv)
}
in_pos += in_ret;
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/qemu-img.c b/qemu-img.c
-index 1f457d9e80..d9e8a8c4d4 100644
+index 8cd43b3601..67033b2d2c 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4806,11 +4806,13 @@ static int img_bitmap(int argc, char **argv)
+@@ -4822,11 +4822,13 @@ static int img_bitmap(int argc, char **argv)
#define C_OF 010
#define C_SKIP 020
#define C_OSIZE 040
};
struct DdIo {
-@@ -4899,6 +4901,19 @@ static int img_dd_osize(const char *arg,
+@@ -4915,6 +4917,19 @@ static int img_dd_osize(const char *arg,
return 0;
}
static int img_dd(int argc, char **argv)
{
int ret = 0;
-@@ -4913,12 +4928,14 @@ static int img_dd(int argc, char **argv)
+@@ -4929,12 +4944,14 @@ static int img_dd(int argc, char **argv)
int c, i;
const char *out_fmt = "raw";
const char *fmt = NULL;
};
struct DdIo in = {
.bsz = 512, /* Block size is by default 512 bytes */
-@@ -4940,6 +4957,7 @@ static int img_dd(int argc, char **argv)
+@@ -4956,6 +4973,7 @@ static int img_dd(int argc, char **argv)
{ "of", img_dd_of, C_OF },
{ "skip", img_dd_skip, C_SKIP },
{ "osize", img_dd_osize, C_OSIZE },
{ NULL, NULL, 0 }
};
const struct option long_options[] = {
-@@ -5136,14 +5154,18 @@ static int img_dd(int argc, char **argv)
+@@ -5152,14 +5170,18 @@ static int img_dd(int argc, char **argv)
in.buf = g_new(uint8_t, in.bsz);
3 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/docs/tools/qemu-img.rst b/docs/tools/qemu-img.rst
-index d663dd92bd..a49badb158 100644
+index 8885ea11cf..33979b7430 100644
--- a/docs/tools/qemu-img.rst
+++ b/docs/tools/qemu-img.rst
@@ -208,6 +208,10 @@ Parameters to convert subcommand:
Give information about the disk image *FILENAME*. Use it in
diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
-index 0b2999f3ab..f3b2b1b4de 100644
+index d1616c045a..b5b0bb4467 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -58,9 +58,9 @@ SRST
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index d9e8a8c4d4..015d6d2ce4 100644
+index 67033b2d2c..35c2bdc95c 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4930,7 +4930,7 @@ static int img_dd(int argc, char **argv)
+@@ -4946,7 +4946,7 @@ static int img_dd(int argc, char **argv)
const char *fmt = NULL;
int64_t size = 0, readsize = 0;
int64_t block_count = 0, out_pos, in_pos;
struct DdInfo dd = {
.flags = 0,
.count = 0,
-@@ -4968,7 +4968,7 @@ static int img_dd(int argc, char **argv)
+@@ -4984,7 +4984,7 @@ static int img_dd(int argc, char **argv)
{ 0, 0, 0, 0 }
};
if (c == EOF) {
break;
}
-@@ -4988,6 +4988,9 @@ static int img_dd(int argc, char **argv)
+@@ -5004,6 +5004,9 @@ static int img_dd(int argc, char **argv)
case 'h':
help();
break;
case 'U':
force_share = true;
break;
-@@ -5118,13 +5121,15 @@ static int img_dd(int argc, char **argv)
+@@ -5134,13 +5137,15 @@ static int img_dd(int argc, char **argv)
size - in.bsz * in.offset, &error_abort);
}
3 files changed, 81 insertions(+), 4 deletions(-)
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
-index 9a4f491b54..1faa16234e 100644
+index 163d244eb4..389907f1f8 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
-@@ -812,8 +812,37 @@ static uint64_t virtio_balloon_get_features(VirtIODevice *vdev, uint64_t f,
+@@ -813,8 +813,37 @@ static uint64_t virtio_balloon_get_features(VirtIODevice *vdev, uint64_t f,
static void virtio_balloon_stat(void *opaque, BalloonInfo *info)
{
VirtIOBalloon *dev = opaque;
static void virtio_balloon_to_target(void *opaque, ram_addr_t target)
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index 2e91ccb738..e9fa9af6bd 100644
+index 634968498b..5482dd0569 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
-@@ -696,7 +696,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict)
+@@ -708,7 +708,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict)
return;
}
qapi_free_BalloonInfo(info);
}
diff --git a/qapi/machine.json b/qapi/machine.json
-index 067e3f5378..91f3be6f44 100644
+index d25a481ce4..3627172aed 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -1018,10 +1018,30 @@
info->default_cpu_type = g_strdup(mc->default_cpu_type);
info->has_default_cpu_type = true;
diff --git a/qapi/machine.json b/qapi/machine.json
-index 91f3be6f44..0905618e25 100644
+index 3627172aed..ca133e68ce 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
-@@ -141,6 +141,8 @@
+@@ -139,6 +139,8 @@
#
# @is-default: whether the machine is default
#
# @cpu-max: maximum number of CPUs supported by the machine type
# (since 1.5)
#
-@@ -162,7 +164,7 @@
+@@ -160,7 +162,7 @@
##
{ 'struct': 'MachineInfo',
'data': { 'name': 'str', '*alias': 'str',
2 files changed, 8 insertions(+)
diff --git a/qapi/ui.json b/qapi/ui.json
-index 4244c62c30..f946fbd8c1 100644
+index 13a8bb82aa..4c34436ba7 100644
--- a/qapi/ui.json
+++ b/qapi/ui.json
-@@ -333,11 +333,14 @@
+@@ -300,11 +300,14 @@
#
# @channels: a list of @SpiceChannel for each active spice channel
#
'if': 'CONFIG_SPICE' }
diff --git a/ui/spice-core.c b/ui/spice-core.c
-index a3acdbd682..756776778d 100644
+index 37774f1c0a..367f77f2b4 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -534,6 +534,11 @@ static SpiceInfo *qmp_query_spice_real(Error **errp)
create mode 100644 migration/savevm-async.c
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
-index 407a1da800..245f8acc55 100644
+index adfa085a9b..925e680e5a 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
-@@ -536,6 +536,19 @@ SRST
+@@ -538,6 +538,19 @@ SRST
Show current migration parameters.
ERST
.name = "balloon",
.args_type = "",
diff --git a/hmp-commands.hx b/hmp-commands.hx
-index 5efb47fc32..1ad13b668b 100644
+index 8476277aa9..7f0ac498c4 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1746,3 +1746,36 @@ ERST
void hmp_screendump(Monitor *mon, const QDict *qdict);
void hmp_chardev_add(Monitor *mon, const QDict *qdict);
diff --git a/migration/meson.build b/migration/meson.build
-index f8714dcb15..ea9aedeefc 100644
+index 8b5ca5c047..1e2aec8486 100644
--- a/migration/meson.build
+++ b/migration/meson.build
@@ -23,6 +23,7 @@ softmmu_ss.add(files(
+ return ret;
+}
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index e9fa9af6bd..5000ce39d1 100644
+index 5482dd0569..c64b959738 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
-@@ -1903,6 +1903,63 @@ void hmp_info_memory_devices(Monitor *mon, const QDict *qdict)
+@@ -1906,6 +1906,63 @@ void hmp_info_memory_devices(Monitor *mon, const QDict *qdict)
hmp_handle_error(mon, err);
}
{
IOThreadInfoList *info_list = qmp_query_iothreads(NULL);
diff --git a/qapi/migration.json b/qapi/migration.json
-index bbfd48cf0b..45686390a2 100644
+index 27d7b28158..31d6cc902e 100644
--- a/qapi/migration.json
+++ b/qapi/migration.json
-@@ -247,6 +247,40 @@
+@@ -258,6 +258,40 @@
'*compression': 'CompressionStats',
'*socket-address': ['SocketAddress'] } }
# @query-migrate:
#
diff --git a/qapi/misc.json b/qapi/misc.json
-index 358548abe1..25b3febc52 100644
+index b83cc39029..1e5dd7db29 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -435,6 +435,38 @@
# @CommandLineParameterType:
#
diff --git a/qemu-options.hx b/qemu-options.hx
-index ae2c6dbbfc..423144abeb 100644
+index 34e9b32a5c..aeade4ef80 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
-@@ -4171,6 +4171,18 @@ SRST
+@@ -4254,6 +4254,18 @@ SRST
Start right away with a saved state (``loadvm`` in monitor)
ERST
DEF("daemonize", 0, QEMU_OPTION_daemonize, \
"-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL)
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index 620a1f1367..fd82efb8b3 100644
+index 6f646531a0..a3f2a3818c 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
-@@ -156,6 +156,7 @@ static const char *incoming;
+@@ -157,6 +157,7 @@ static const char *incoming;
static const char *loadvm;
static const char *accelerators;
static QDict *machine_opts_dict;
static QTAILQ_HEAD(, ObjectOption) object_opts = QTAILQ_HEAD_INITIALIZER(object_opts);
static QTAILQ_HEAD(, DeviceOption) device_opts = QTAILQ_HEAD_INITIALIZER(device_opts);
static ram_addr_t maxram_size;
-@@ -2743,6 +2744,12 @@ void qmp_x_exit_preconfig(Error **errp)
+@@ -2749,6 +2750,12 @@ void qmp_x_exit_preconfig(Error **errp)
if (loadvm) {
load_snapshot(loadvm, NULL, false, NULL, &error_fatal);
}
if (replay_mode != REPLAY_MODE_NONE) {
replay_vmstate_init();
-@@ -3284,6 +3291,9 @@ void qemu_init(int argc, char **argv, char **envp)
+@@ -3289,6 +3296,9 @@ void qemu_init(int argc, char **argv, char **envp)
case QEMU_OPTION_loadvm:
loadvm = optarg;
break;
3 files changed, 28 insertions(+), 15 deletions(-)
diff --git a/migration/qemu-file.c b/migration/qemu-file.c
-index 6338d8e2ff..6697a93a7e 100644
+index 1479cddad9..21a3355ae2 100644
--- a/migration/qemu-file.c
+++ b/migration/qemu-file.c
-@@ -30,8 +30,8 @@
+@@ -31,8 +31,8 @@
#include "trace.h"
#include "qapi/error.h"
struct QEMUFile {
const QEMUFileOps *ops;
-@@ -45,7 +45,8 @@ struct QEMUFile {
+@@ -46,7 +46,8 @@ struct QEMUFile {
when reading */
int buf_index;
int buf_size; /* 0 when writing */
DECLARE_BITMAP(may_free, MAX_IOV_SIZE);
struct iovec iov[MAX_IOV_SIZE];
-@@ -103,7 +104,7 @@ bool qemu_file_mode_is_not_valid(const char *mode)
+@@ -104,7 +105,7 @@ bool qemu_file_mode_is_not_valid(const char *mode)
return false;
}
{
QEMUFile *f;
-@@ -112,9 +113,17 @@ QEMUFile *qemu_fopen_ops(void *opaque, const QEMUFileOps *ops, bool has_ioc)
+@@ -113,9 +114,17 @@ QEMUFile *qemu_fopen_ops(void *opaque, const QEMUFileOps *ops, bool has_ioc)
f->opaque = opaque;
f->ops = ops;
f->has_ioc = has_ioc;
void qemu_file_set_hooks(QEMUFile *f, const QEMUFileHooks *hooks)
{
-@@ -349,7 +358,7 @@ static ssize_t qemu_fill_buffer(QEMUFile *f)
+@@ -350,7 +359,7 @@ static ssize_t qemu_fill_buffer(QEMUFile *f)
}
len = f->ops->get_buffer(f->opaque, f->buf + pending, f->pos,
if (len > 0) {
f->buf_size += len;
f->pos += len;
-@@ -389,6 +398,9 @@ int qemu_fclose(QEMUFile *f)
+@@ -390,6 +399,9 @@ int qemu_fclose(QEMUFile *f)
ret = ret2;
}
}
/* If any error was spotted before closing, we should report it
* instead of the close() return value.
*/
-@@ -443,7 +455,7 @@ static void add_buf_to_iovec(QEMUFile *f, size_t len)
+@@ -444,7 +456,7 @@ static void add_buf_to_iovec(QEMUFile *f, size_t len)
{
if (!add_to_iovec(f, f->buf + f->buf_index, len, false)) {
f->buf_index += len;
qemu_fflush(f);
}
}
-@@ -469,7 +481,7 @@ void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, size_t size)
+@@ -470,7 +482,7 @@ void qemu_put_buffer(QEMUFile *f, const uint8_t *buf, size_t size)
}
while (size > 0) {
if (l > size) {
l = size;
}
-@@ -516,8 +528,8 @@ size_t qemu_peek_buffer(QEMUFile *f, uint8_t **buf, size_t size, size_t offset)
+@@ -517,8 +529,8 @@ size_t qemu_peek_buffer(QEMUFile *f, uint8_t **buf, size_t size, size_t offset)
size_t index;
assert(!qemu_file_is_writable(f));
/* The 1st byte to read from */
index = f->buf_index + offset;
-@@ -567,7 +579,7 @@ size_t qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size)
+@@ -568,7 +580,7 @@ size_t qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size)
size_t res;
uint8_t *src;
if (res == 0) {
return done;
}
-@@ -601,7 +613,7 @@ size_t qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size)
+@@ -602,7 +614,7 @@ size_t qemu_get_buffer(QEMUFile *f, uint8_t *buf, size_t size)
*/
size_t qemu_get_buffer_in_place(QEMUFile *f, uint8_t **buf, size_t size)
{
size_t res;
uint8_t *src = NULL;
-@@ -626,7 +638,7 @@ int qemu_peek_byte(QEMUFile *f, int offset)
+@@ -627,7 +639,7 @@ int qemu_peek_byte(QEMUFile *f, int offset)
int index = f->buf_index + offset;
assert(!qemu_file_is_writable(f));
if (index >= f->buf_size) {
qemu_fill_buffer(f);
-@@ -778,7 +790,7 @@ static int qemu_compress_data(z_stream *stream, uint8_t *dest, size_t dest_len,
+@@ -779,7 +791,7 @@ static int qemu_compress_data(z_stream *stream, uint8_t *dest, size_t dest_len,
ssize_t qemu_put_compression_data(QEMUFile *f, z_stream *stream,
const uint8_t *p, size_t size)
{
create mode 100644 block/zeroinit.c
diff --git a/block/meson.build b/block/meson.build
-index deb73ca389..c9d1fdca7d 100644
+index 0b2a60c99b..9451fc3ccd 100644
--- a/block/meson.build
+++ b/block/meson.build
-@@ -41,6 +41,7 @@ block_ss.add(files(
+@@ -43,6 +43,7 @@ block_ss.add(files(
'vmdk.c',
'vpc.c',
'write-threshold.c',
2 files changed, 11 insertions(+)
diff --git a/qemu-options.hx b/qemu-options.hx
-index 423144abeb..4879471aeb 100644
+index aeade4ef80..a26f0b0400 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
-@@ -1019,6 +1019,9 @@ DEFHEADING()
+@@ -1075,6 +1075,9 @@ DEFHEADING()
DEFHEADING(Block device options:)
"-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL)
DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL)
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index fd82efb8b3..eb05e5a000 100644
+index a3f2a3818c..4208142685 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
-@@ -2779,6 +2779,7 @@ void qemu_init(int argc, char **argv, char **envp)
+@@ -2785,6 +2785,7 @@ void qemu_init(int argc, char **argv, char **envp)
MachineClass *machine_class;
bool userconfig = true;
FILE *vmstate_dump_file = NULL;
qemu_add_opts(&qemu_drive_opts);
qemu_add_drive_opts(&qemu_legacy_drive_opts);
-@@ -3421,6 +3422,13 @@ void qemu_init(int argc, char **argv, char **envp)
+@@ -3420,6 +3421,13 @@ void qemu_init(int argc, char **argv, char **envp)
machine_parse_property_opt(qemu_find_opts("smp-opts"),
"smp", optarg);
break;
2 files changed, 42 insertions(+), 20 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
-index 821405fd02..e3b6c3c524 100644
+index e5bf5d59bf..b013668dce 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
-@@ -2465,6 +2465,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2461,6 +2461,7 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
int fd;
uint64_t perm, shared;
int result = 0;
/* Validate options and set default values */
assert(options->driver == BLOCKDEV_DRIVER_FILE);
-@@ -2505,19 +2506,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2501,19 +2502,22 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
perm = BLK_PERM_WRITE | BLK_PERM_RESIZE;
shared = BLK_PERM_ALL & ~BLK_PERM_RESIZE;
}
/* Clear the file by truncating it to 0 */
-@@ -2571,13 +2575,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
+@@ -2567,13 +2571,15 @@ raw_co_create(BlockdevCreateOptions *options, Error **errp)
}
out_unlock:
}
out_close:
-@@ -2602,6 +2608,7 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
+@@ -2598,6 +2604,7 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
PreallocMode prealloc;
char *buf = NULL;
Error *local_err = NULL;
/* Skip file: protocol prefix */
strstart(filename, "file:", &filename);
-@@ -2624,6 +2631,18 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
+@@ -2620,6 +2627,18 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
return -EINVAL;
}
options = (BlockdevCreateOptions) {
.driver = BLOCKDEV_DRIVER_FILE,
.u.file = {
-@@ -2635,6 +2654,8 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
+@@ -2631,6 +2650,8 @@ static int coroutine_fn raw_co_create_opts(BlockDriver *drv,
.nocow = nocow,
.has_extent_size_hint = has_extent_size_hint,
.extent_size_hint = extent_size_hint,
};
return raw_co_create(&options, errp);
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 1d3dd9cb48..3f81d6a5c0 100644
+index fb25c2b245..564b6b43f7 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -4445,7 +4445,8 @@
+@@ -4484,7 +4484,8 @@
'size': 'size',
'*preallocation': 'PreallocMode',
'*nocow': 'bool',
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/core/machine.c b/hw/core/machine.c
-index 53a99abc56..ad2cb2592e 100644
+index 1e23fdc14b..8a50445ee8 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
-@@ -113,7 +113,8 @@ GlobalProperty hw_compat_4_0[] = {
+@@ -118,7 +118,8 @@ GlobalProperty hw_compat_4_0[] = {
{ "virtio-vga", "edid", "false" },
{ "virtio-gpu-device", "edid", "false" },
{ "virtio-device", "use-started", "false" },
if (mc->default_cpu_type) {
diff --git a/include/hw/boards.h b/include/hw/boards.h
-index 9c1c190104..51e04bde62 100644
+index c92ac8815c..572d911ed4 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
-@@ -227,6 +227,8 @@ struct MachineClass {
+@@ -230,6 +230,8 @@ struct MachineClass {
const char *desc;
const char *deprecation_reason;
void (*reset)(MachineState *state);
void (*wakeup)(MachineState *state);
diff --git a/qapi/machine.json b/qapi/machine.json
-index 0905618e25..a05c46e253 100644
+index ca133e68ce..39ba204b52 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
-@@ -160,6 +160,8 @@
+@@ -158,6 +158,8 @@
#
# @default-ram-id: the default ID of initial RAM memory backend (since 5.2)
#
# Since: 1.2
##
{ 'struct': 'MachineInfo',
-@@ -167,7 +169,7 @@
+@@ -165,7 +167,7 @@
'*is-default': 'bool', '*is-current': 'bool', 'cpu-max': 'int',
'hotpluggable-cpus': 'bool', 'numa-mem-supported': 'bool',
'deprecated': 'bool', '*default-cpu-type': 'str',
##
# @query-machines:
diff --git a/softmmu/vl.c b/softmmu/vl.c
-index eb05e5a000..f306d21d63 100644
+index 4208142685..37d85f1b96 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
-@@ -1655,6 +1655,7 @@ static const QEMUOption *lookup_opt(int argc, char **argv,
+@@ -1659,6 +1659,7 @@ static const QEMUOption *lookup_opt(int argc, char **argv,
static MachineClass *select_machine(QDict *qdict, Error **errp)
{
const char *optarg = qdict_get_try_str(qdict, "type");
GSList *machines = object_class_get_list(TYPE_MACHINE, false);
MachineClass *machine_class;
Error *local_err = NULL;
-@@ -1672,6 +1673,11 @@ static MachineClass *select_machine(QDict *qdict, Error **errp)
+@@ -1676,6 +1677,11 @@ static MachineClass *select_machine(QDict *qdict, Error **errp)
}
}
g_slist_free(machines);
if (local_err) {
error_append_hint(&local_err, "Use -machine help to list supported machines\n");
-@@ -3363,12 +3369,31 @@ void qemu_init(int argc, char **argv, char **envp)
+@@ -3362,12 +3368,31 @@ void qemu_init(int argc, char **argv, char **envp)
case QEMU_OPTION_machine:
{
bool help;
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/block/backup.c b/block/backup.c
-index 21d5983779..47e218857d 100644
+index 5cfd0b999c..07b899035c 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -239,8 +239,8 @@ static void backup_init_bcs_bitmap(BackupBlockJob *job)
if (s->sync_mode == MIRROR_SYNC_MODE_TOP) {
int64_t offset = 0;
int64_t count;
-@@ -493,6 +491,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
+@@ -494,6 +492,8 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL,
&error_abort);
block/meson.build | 2 +
meson.build | 5 +
vma-reader.c | 860 ++++++++++++++++++++++++++++++++++++++++++++++
- vma-writer.c | 790 ++++++++++++++++++++++++++++++++++++++++++
- vma.c | 849 +++++++++++++++++++++++++++++++++++++++++++++
+ vma-writer.c | 791 ++++++++++++++++++++++++++++++++++++++++++
+ vma.c | 850 +++++++++++++++++++++++++++++++++++++++++++++
vma.h | 150 ++++++++
- 6 files changed, 2656 insertions(+)
+ 6 files changed, 2658 insertions(+)
create mode 100644 vma-reader.c
create mode 100644 vma-writer.c
create mode 100644 vma.c
create mode 100644 vma.h
diff --git a/block/meson.build b/block/meson.build
-index c9d1fdca7d..72081a9974 100644
+index 9451fc3ccd..819eb80951 100644
--- a/block/meson.build
+++ b/block/meson.build
-@@ -44,6 +44,8 @@ block_ss.add(files(
+@@ -46,6 +46,8 @@ block_ss.add(files(
'zeroinit.c',
), zstd, zlib, gnutls)
+
softmmu_ss.add(when: 'CONFIG_TCG', if_true: files('blkreplay.c'))
- block_ss.add(when: 'CONFIG_QCOW1', if_true: files('qcow.c'))
+ if get_option('qcow1').allowed()
diff --git a/meson.build b/meson.build
-index 96de1a6ef9..54c23b9567 100644
+index 861de93c4f..96a91b95e4 100644
--- a/meson.build
+++ b/meson.build
-@@ -1202,6 +1202,8 @@ keyutils = dependency('libkeyutils', required: false,
+@@ -1267,6 +1267,8 @@ keyutils = dependency('libkeyutils', required: false,
has_gettid = cc.has_function('gettid')
# libselinux
selinux = dependency('libselinux',
required: get_option('selinux'),
-@@ -3070,6 +3072,9 @@ if have_tools
+@@ -3359,6 +3361,9 @@ if have_tools
dependencies: [blockdev, qemuutil, gnutls, selinux],
install: true)
+
diff --git a/vma-writer.c b/vma-writer.c
new file mode 100644
-index 0000000000..11d8321ffd
+index 0000000000..df4b20793d
--- /dev/null
+++ b/vma-writer.c
-@@ -0,0 +1,790 @@
+@@ -0,0 +1,791 @@
+/*
+ * VMA: Virtual Machine Archive
+ *
+#include "qemu/main-loop.h"
+#include "qemu/coroutine.h"
+#include "qemu/cutils.h"
++#include "qemu/memalign.h"
+
+#define DEBUG_VMA 0
+
+ assert(qemu_in_coroutine());
+ AioContext *ctx = qemu_get_current_aio_context();
+ aio_set_fd_handler(ctx, fd, false, NULL, (IOHandler *)qemu_coroutine_enter,
-+ NULL, qemu_coroutine_self());
++ NULL, NULL, qemu_coroutine_self());
+ qemu_coroutine_yield();
-+ aio_set_fd_handler(ctx, fd, false, NULL, NULL, NULL, NULL);
++ aio_set_fd_handler(ctx, fd, false, NULL, NULL, NULL, NULL, NULL);
+}
+
+static ssize_t coroutine_fn
+}
diff --git a/vma.c b/vma.c
new file mode 100644
-index 0000000000..89440733b1
+index 0000000000..91612d50a2
--- /dev/null
+++ b/vma.c
-@@ -0,0 +1,849 @@
+@@ -0,0 +1,850 @@
+/*
+ * VMA: Virtual Machine Archive
+ *
+#include "qemu/error-report.h"
+#include "qemu/main-loop.h"
+#include "qemu/cutils.h"
++#include "qemu/memalign.h"
+#include "qapi/qmp/qdict.h"
+#include "sysemu/block-backend.h"
+
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- block/backup-dump.c | 168 ++++++++++++++++++++++++++++++++++++++
- block/backup.c | 30 ++-----
- block/meson.build | 1 +
- include/block/block_int.h | 35 ++++++++
- job.c | 3 +-
+ block/backup-dump.c | 168 +++++++++++++++++++++++++++++++
+ block/backup.c | 30 ++----
+ block/meson.build | 1 +
+ include/block/block_int-common.h | 35 +++++++
+ job.c | 3 +-
5 files changed, 214 insertions(+), 23 deletions(-)
create mode 100644 block/backup-dump.c
+ return bs;
+}
diff --git a/block/backup.c b/block/backup.c
-index 47e218857d..4d8fad70c4 100644
+index 07b899035c..7b5d02f580 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -29,28 +29,6 @@
static const BlockJobDriver backup_job_driver;
static void backup_cleanup_sync_bitmap(BackupBlockJob *job, int ret)
-@@ -455,6 +433,14 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
+@@ -456,6 +434,14 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
}
cluster_size = block_copy_cluster_size(bcs);
if (perf->max_chunk && perf->max_chunk < cluster_size) {
error_setg(errp, "Required max-chunk (%" PRIi64 ") is less than backup "
diff --git a/block/meson.build b/block/meson.build
-index 72081a9974..7883df047c 100644
+index 819eb80951..067708b7c0 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -4,6 +4,7 @@ block_ss.add(files(
'copy-before-write.c',
'blkdebug.c',
'blklogwrites.c',
-diff --git a/include/block/block_int.h b/include/block/block_int.h
-index f4c75e8ba9..169dc43d59 100644
---- a/include/block/block_int.h
-+++ b/include/block/block_int.h
+diff --git a/include/block/block_int-common.h b/include/block/block_int-common.h
+index 8947abab76..f272d0d8dc 100644
+--- a/include/block/block_int-common.h
++++ b/include/block/block_int-common.h
@@ -26,6 +26,7 @@
#include "block/accounting.h"
+typedef int BackupDumpFunc(void *opaque, uint64_t offset, uint64_t bytes, const void *buf);
+
-+BlockDriverState *bdrv_backuo_dump_create(
++BlockDriverState *bdrv_backup_dump_create(
+ int dump_cb_block_size,
+ uint64_t byte_size,
+ BackupDumpFunc *dump_cb,
BDRV_TRACKED_READ,
BDRV_TRACKED_WRITE,
diff --git a/job.c b/job.c
-index dbfa67bb0a..af25dd5b98 100644
+index 075c6f3a20..e5699ad200 100644
--- a/job.c
+++ b/job.c
@@ -276,7 +276,8 @@ static bool job_started(Job *job)
blockdev.c | 1 +
hmp-commands-info.hx | 14 +
hmp-commands.hx | 29 +
- include/block/block_int.h | 2 +-
include/monitor/hmp.h | 3 +
meson.build | 1 +
monitor/hmp-cmds.c | 44 ++
qapi/block-core.json | 109 ++++
qapi/common.json | 13 +
qapi/machine.json | 15 +-
- 15 files changed, 1449 insertions(+), 14 deletions(-)
+ 14 files changed, 1448 insertions(+), 13 deletions(-)
create mode 100644 proxmox-backup-client.c
create mode 100644 proxmox-backup-client.h
create mode 100644 pve-backup.c
diff --git a/block/meson.build b/block/meson.build
-index 7883df047c..9d3dd5b7c3 100644
+index 067708b7c0..42aac96dbb 100644
--- a/block/meson.build
+++ b/block/meson.build
-@@ -46,6 +46,11 @@ block_ss.add(files(
+@@ -48,6 +48,11 @@ block_ss.add(files(
), zstd, zlib, gnutls)
block_ss.add(files('../vma-writer.c'), libuuid)
softmmu_ss.add(when: 'CONFIG_TCG', if_true: files('blkreplay.c'))
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 2ac4aedfff..f6668ab01d 100644
+index bfb3c043a0..89ca64444d 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1015,3 +1015,36 @@ void hmp_info_snapshots(Monitor *mon, const QDict *qdict)
+ hmp_handle_error(mon, error);
+}
diff --git a/blockdev.c b/blockdev.c
-index b35072644e..c0bc3db33e 100644
+index 1af5a1fcb2..9916a72334 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -36,6 +36,7 @@
#include "monitor/monitor.h"
#include "qemu/error-report.h"
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
-index 245f8acc55..3e7f2421eb 100644
+index 925e680e5a..d9b787d2c6 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
-@@ -482,6 +482,20 @@ SRST
+@@ -484,6 +484,20 @@ SRST
Show the current VM UUID.
ERST
{
.name = "usernet",
diff --git a/hmp-commands.hx b/hmp-commands.hx
-index 1ad13b668b..d4bb00216e 100644
+index 7f0ac498c4..994445f301 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -99,6 +99,35 @@ ERST
ERST
{
-diff --git a/include/block/block_int.h b/include/block/block_int.h
-index 169dc43d59..92f90c43eb 100644
---- a/include/block/block_int.h
-+++ b/include/block/block_int.h
-@@ -67,7 +67,7 @@
-
- typedef int BackupDumpFunc(void *opaque, uint64_t offset, uint64_t bytes, const void *buf);
-
--BlockDriverState *bdrv_backuo_dump_create(
-+BlockDriverState *bdrv_backup_dump_create(
- int dump_cb_block_size,
- uint64_t byte_size,
- BackupDumpFunc *dump_cb,
diff --git a/include/monitor/hmp.h b/include/monitor/hmp.h
index 3a39ba41b5..d269b4c99c 100644
--- a/include/monitor/hmp.h
void hmp_device_add(Monitor *mon, const QDict *qdict);
void hmp_device_del(Monitor *mon, const QDict *qdict);
diff --git a/meson.build b/meson.build
-index 54c23b9567..37dab249cc 100644
+index 96a91b95e4..76fcb23299 100644
--- a/meson.build
+++ b/meson.build
-@@ -1203,6 +1203,7 @@ keyutils = dependency('libkeyutils', required: false,
+@@ -1268,6 +1268,7 @@ keyutils = dependency('libkeyutils', required: false,
has_gettid = cc.has_function('gettid')
libuuid = cc.find_library('uuid', required: true)
# libselinux
selinux = dependency('libselinux',
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index 5000ce39d1..b2687eae3a 100644
+index c64b959738..ef654221c4 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -195,6 +195,50 @@ void hmp_info_mice(Monitor *mon, const QDict *qdict)
+ return info;
+}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 3f81d6a5c0..551ee28275 100644
+index 564b6b43f7..ffcc25367b 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -744,6 +744,115 @@
+##
+{ 'struct': 'UuidInfo', 'data': {'UUID': 'str'} }
diff --git a/qapi/machine.json b/qapi/machine.json
-index a05c46e253..e2cec7922f 100644
+index 39ba204b52..091aafeff7 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -4,6 +4,8 @@
##
# = Machines
##
-@@ -229,19 +231,6 @@
+@@ -227,19 +229,6 @@
##
{ 'command': 'query-target', 'returns': 'TargetInfo' }
create mode 100644 pbs-restore.c
diff --git a/meson.build b/meson.build
-index 37dab249cc..1a4dfab4e2 100644
+index 76fcb23299..9476ccbe07 100644
--- a/meson.build
+++ b/meson.build
-@@ -3076,6 +3076,10 @@ if have_tools
+@@ -3365,6 +3365,10 @@ if have_tools
vma = executable('vma', files('vma.c', 'vma-reader.c') + genh,
dependencies: [authz, block, crypto, io, qom], install: true)
6 files changed, 142 insertions(+), 23 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index f6668ab01d..3c06734e6d 100644
+index 89ca64444d..45da74d7a0 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1042,6 +1042,7 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
false, NULL, false, NULL, !!devlist,
devlist, qdict_haskey(qdict, "speed"), speed, &error);
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index b2687eae3a..cfd7a60f32 100644
+index ef654221c4..c5c74ac1dc 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -221,19 +221,42 @@ void hmp_info_backup(Monitor *mon, const QDict *qdict)
qemu_mutex_unlock(&backup_state.stat.lock);
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 551ee28275..b9d6f52f0c 100644
+index ffcc25367b..b332d8a8da 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -757,8 +757,13 @@
3 files changed, 54 insertions(+), 13 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 3c06734e6d..4481b60a5c 100644
+index 45da74d7a0..ea7b665aa2 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1042,7 +1042,9 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
.format = format,
.has_config_file = has_config_file,
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index b9d6f52f0c..5d8e2eb303 100644
+index b332d8a8da..abef91062a 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -822,6 +822,10 @@
create mode 100644 block/pbs.c
diff --git a/block/meson.build b/block/meson.build
-index 9d3dd5b7c3..8c758c0218 100644
+index 42aac96dbb..f94cc0cd25 100644
--- a/block/meson.build
+++ b/block/meson.build
-@@ -51,6 +51,9 @@ block_ss.add(files(
+@@ -53,6 +53,9 @@ block_ss.add(files(
'../pve-backup.c',
), libproxmox_backup_qemu)
+
+block_init(bdrv_pbs_init);
diff --git a/configure b/configure
-index 48c21775f3..eda4e9225a 100755
+index 7c08c18358..08d164b4f5 100755
--- a/configure
+++ b/configure
-@@ -356,6 +356,7 @@ vdi=${default_feature:-yes}
- vvfat=${default_feature:-yes}
- qed=${default_feature:-yes}
- parallels=${default_feature:-yes}
+@@ -325,6 +325,7 @@ trace_file="trace"
+ opengl="$default_feature"
+ coroutine=""
+ tls_priority="NORMAL"
+pbs_bdrv="yes"
- debug_mutex="no"
plugins="$default_feature"
- rng_none="no"
-@@ -1126,6 +1127,10 @@ for opt do
+ secret_keyring="$default_feature"
+ meson=""
+@@ -991,6 +992,10 @@ for opt do
;;
- --enable-parallels) parallels="yes"
+ --disable-pvrdma) pvrdma="no"
;;
+ --disable-pbs-bdrv) pbs_bdrv="no"
+ ;;
--disable-vhost-user) vhost_user="no"
;;
--enable-vhost-user) vhost_user="yes"
-@@ -1465,6 +1470,7 @@ cat << EOF
- vvfat vvfat image format support
- qed qed image format support
- parallels parallels image format support
+@@ -1265,6 +1270,7 @@ cat << EOF
+ vhost-user vhost-user backend support
+ vhost-vdpa vhost-vdpa kernel backend support
+ opengl opengl support
+ pbs-bdrv Proxmox backup server read-only block driver support
- crypto-afalg Linux AF_ALG crypto backend driver
- debug-mutex mutex debugging support
- rng-none dummy RNG, avoid using /dev/(u)random and getrandom()
-@@ -3534,6 +3540,9 @@ if test "$xen" = "enabled" ; then
+ gio libgio support
+
+ NOTE: The object files are built at the place where configure is launched
+@@ -2848,6 +2854,9 @@ if test "$xen" = "enabled" ; then
echo "XEN_CFLAGS=$xen_cflags" >> $config_host_mak
echo "XEN_LIBS=$xen_libs" >> $config_host_mak
fi
echo "CONFIG_VHOST_SCSI=y" >> $config_host_mak
fi
diff --git a/meson.build b/meson.build
-index 1a4dfab4e2..85b3c63199 100644
+index 9476ccbe07..d3783a83e4 100644
--- a/meson.build
+++ b/meson.build
-@@ -3448,6 +3448,7 @@ summary_info += {'lzfse support': liblzfse}
+@@ -3743,6 +3743,7 @@ summary_info += {'bzip2 support': libbzip2}
+ summary_info += {'lzfse support': liblzfse}
summary_info += {'zstd support': zstd}
- summary_info += {'NUMA host support': config_host.has_key('CONFIG_NUMA')}
- summary_info += {'libxml2': libxml2}
+ summary_info += {'NUMA host support': numa}
+summary_info += {'PBS bdrv support': config_host.has_key('CONFIG_PBS_BDRV')}
summary_info += {'capstone': capstone_opt == 'internal' ? capstone_opt : capstone}
summary_info += {'libpmem support': libpmem}
summary_info += {'libdaxctl support': libdaxctl}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 5d8e2eb303..777863e33b 100644
+index abef91062a..68591cb343 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
-@@ -3053,6 +3053,7 @@
+@@ -3073,6 +3073,7 @@
'luks', 'nbd', 'nfs', 'null-aio', 'null-co', 'nvme', 'parallels',
'preallocate', 'qcow', 'qcow2', 'qed', 'quorum', 'raw', 'rbd',
{ 'name': 'replication', 'if': 'CONFIG_REPLICATION' },
'ssh', 'throttle', 'vdi', 'vhdx', 'vmdk', 'vpc', 'vvfat' ] }
##
-@@ -3125,6 +3126,17 @@
+@@ -3145,6 +3146,17 @@
{ 'struct': 'BlockdevOptionsNull',
'data': { '*size': 'int', '*latency-ns': 'uint64', '*read-zeroes': 'bool' } }
##
# @BlockdevOptionsNVMe:
#
-@@ -4367,6 +4379,7 @@
+@@ -4405,6 +4417,7 @@
'nfs': 'BlockdevOptionsNfs',
'null-aio': 'BlockdevOptionsNull',
'null-co': 'BlockdevOptionsNull',
+ return ret;
+}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 777863e33b..cfd980b70f 100644
+index 68591cb343..7d25aa4fa1 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -867,6 +867,35 @@
3 files changed, 159 insertions(+), 42 deletions(-)
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
-index cfd7a60f32..b613190a3c 100644
+index c5c74ac1dc..df273f41fb 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -198,6 +198,7 @@ void hmp_info_mice(Monitor *mon, const QDict *qdict)
return ret;
}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index cfd980b70f..8833060385 100644
+index 7d25aa4fa1..69571d86eb 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -875,6 +875,8 @@
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/meson.build b/meson.build
-index 85b3c63199..31ba7d70d6 100644
+index d3783a83e4..715245ba20 100644
--- a/meson.build
+++ b/meson.build
-@@ -1203,6 +1203,7 @@ keyutils = dependency('libkeyutils', required: false,
+@@ -1268,6 +1268,7 @@ keyutils = dependency('libkeyutils', required: false,
has_gettid = cc.has_function('gettid')
libuuid = cc.find_library('uuid', required: true)
libproxmox_backup_qemu = cc.find_library('proxmox_backup_qemu', required: true)
# libselinux
-@@ -2571,6 +2572,7 @@ if have_block
+@@ -2861,6 +2862,7 @@ if have_block
# os-posix.c contains POSIX-specific functions used by qemu-storage-daemon,
# os-win32.c does not
blockdev_ss.add(when: 'CONFIG_POSIX', if_true: files('os-posix.c'))
endif
diff --git a/os-posix.c b/os-posix.c
-index ae6c9f2a5e..36807806bf 100644
+index 24692c8593..d1bc5ac12d 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -28,6 +28,8 @@
2 files changed, 43 insertions(+)
diff --git a/include/qemu/job.h b/include/qemu/job.h
-index 6e67b6977f..60376c99ee 100644
+index c105b31076..5096679571 100644
--- a/include/qemu/job.h
+++ b/include/qemu/job.h
-@@ -294,6 +294,18 @@ typedef enum JobCreateFlags {
+@@ -316,6 +316,18 @@ typedef enum JobCreateFlags {
*/
JobTxn *job_txn_new(void);
* Release a reference that was previously acquired with job_txn_add_job or
* job_txn_new. If it's the last reference to the object, it will be freed.
diff --git a/job.c b/job.c
-index af25dd5b98..d0d152e697 100644
+index e5699ad200..34c9758349 100644
--- a/job.c
+++ b/job.c
@@ -72,6 +72,8 @@ struct JobTxn {
static void job_txn_ref(JobTxn *txn)
{
txn->refcnt++;
-@@ -888,6 +909,9 @@ static void job_completed_txn_success(Job *job)
+@@ -897,6 +918,9 @@ static void job_completed_txn_success(Job *job)
*/
QLIST_FOREACH(other_job, &txn->jobs, txn_list) {
if (!job_is_completed(other_job)) {
return;
}
assert(other_job->ret == 0);
-@@ -1082,6 +1106,13 @@ int job_finish_sync(Job *job, void (*finish)(Job *, Error **errp), Error **errp)
+@@ -1093,6 +1117,13 @@ int job_finish_sync(Job *job, void (*finish)(Job *, Error **errp), Error **errp)
return -EBUSY;
}
qemu_mutex_unlock(&backup_state.stat.lock);
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 8833060385..6a67adf923 100644
+index 69571d86eb..e6c3687bea 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -774,12 +774,15 @@
+
#endif
diff --git a/migration/meson.build b/migration/meson.build
-index ea9aedeefc..c27dc9bd97 100644
+index 1e2aec8486..259e863a43 100644
--- a/migration/meson.build
+++ b/migration/meson.build
@@ -7,8 +7,10 @@ migration_files = files(
softmmu_ss.add(files(
'block-dirty-bitmap.c',
diff --git a/migration/migration.c b/migration/migration.c
-index abaf6f9e3d..d925fd7488 100644
+index 695f0f2900..6e17f8e91c 100644
--- a/migration/migration.c
+++ b/migration/migration.c
-@@ -213,6 +213,7 @@ void migration_object_init(void)
+@@ -214,6 +214,7 @@ void migration_object_init(void)
blk_mig_init();
ram_mig_init();
dirty_bitmap_mig_init();
return ret;
}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 6a67adf923..c99ddf8628 100644
+index e6c3687bea..05382a1069 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -883,6 +883,11 @@
1 file changed, 30 insertions(+)
diff --git a/block/iscsi.c b/block/iscsi.c
-index 57aa07a40d..a8902b84d5 100644
+index 51f2a5eeaa..f11591ac94 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -1386,12 +1386,42 @@ static char *get_initiator_name(QemuOpts *opts)
5 files changed, 77 insertions(+), 196 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 4481b60a5c..c9849a5b29 100644
+index ea7b665aa2..ef45552e3b 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1016,7 +1016,7 @@ void hmp_info_snapshots(Monitor *mon, const QDict *qdict)
Error *error = NULL;
diff --git a/hmp-commands.hx b/hmp-commands.hx
-index d4bb00216e..4e21911fa6 100644
+index 994445f301..aaea875970 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -109,6 +109,7 @@ ERST
BackupStatus *qmp_query_backup(Error **errp)
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index c99ddf8628..829dc7b8e9 100644
+index 05382a1069..f0399bf249 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -846,7 +846,7 @@
3 files changed, 11 insertions(+)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index c9849a5b29..52ddbf95ad 100644
+index ef45552e3b..4c799f00d9 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1039,6 +1039,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
return ret;
}
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index 829dc7b8e9..d089328a1f 100644
+index f0399bf249..13e03ca154 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -817,6 +817,8 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/stream.c b/block/stream.c
-index e45113aed6..c3c0c5febe 100644
+index 694709bd25..e09bd5c4ef 100644
--- a/block/stream.c
+++ b/block/stream.c
@@ -28,7 +28,7 @@ enum {
1 file changed, 4 insertions(+)
diff --git a/block/io.c b/block/io.c
-index 4e4cb556c5..04061f1e68 100644
+index 3280144a17..cd7ba08768 100644
--- a/block/io.c
+++ b/block/io.c
-@@ -1765,6 +1765,10 @@ static int bdrv_pad_request(BlockDriverState *bs,
+@@ -1794,6 +1794,10 @@ static int bdrv_pad_request(BlockDriverState *bs,
{
int ret;
+
+block_init(bdrv_alloc_track_init);
diff --git a/block/meson.build b/block/meson.build
-index 8c758c0218..45b72e10f1 100644
+index f94cc0cd25..1716febb1d 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -2,6 +2,7 @@ block_ss.add(genh)
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/qapi/pragma.json b/qapi/pragma.json
-index 7c91ea3685..c3888d654c 100644
+index 41139d8645..a581acf7d4 100644
--- a/qapi/pragma.json
+++ b/qapi/pragma.json
-@@ -12,6 +12,7 @@
+@@ -15,6 +15,7 @@
'device_add',
'device_del',
'expire_password',
'migrate_cancel',
'netdev_add',
'netdev_del',
-@@ -60,6 +61,8 @@
+@@ -63,6 +64,8 @@
'SysEmuTarget', # query-cpu-fast, query-target
'UuidInfo', # query-uuid
'VncClientInfo', # query-vnc, query-vnc-servers, ...
3 files changed, 36 insertions(+), 7 deletions(-)
diff --git a/docs/tools/qemu-img.rst b/docs/tools/qemu-img.rst
-index a49badb158..1039aec01c 100644
+index 33979b7430..68e9c80788 100644
--- a/docs/tools/qemu-img.rst
+++ b/docs/tools/qemu-img.rst
@@ -492,10 +492,10 @@ Command description:
The data is by default read and written using blocks of 512 bytes but can be
modified by specifying *BLOCK_SIZE*. If count=\ *BLOCKS* is specified
diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
-index f3b2b1b4de..e77ed9347f 100644
+index b5b0bb4467..36f97e1f19 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -58,9 +58,9 @@ SRST
DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
-index 015d6d2ce4..7031195e32 100644
+index 35c2bdc95c..6e93bbd425 100644
--- a/qemu-img.c
+++ b/qemu-img.c
-@@ -4922,6 +4922,7 @@ static int img_dd(int argc, char **argv)
+@@ -4938,6 +4938,7 @@ static int img_dd(int argc, char **argv)
BlockDriver *drv = NULL, *proto_drv = NULL;
BlockBackend *blk1 = NULL, *blk2 = NULL;
QemuOpts *opts = NULL;
QemuOptsList *create_opts = NULL;
Error *local_err = NULL;
bool image_opts = false;
-@@ -4931,6 +4932,7 @@ static int img_dd(int argc, char **argv)
+@@ -4947,6 +4948,7 @@ static int img_dd(int argc, char **argv)
int64_t size = 0, readsize = 0;
int64_t block_count = 0, out_pos, in_pos;
bool force_share = false, skip_create = false;
struct DdInfo dd = {
.flags = 0,
.count = 0,
-@@ -4968,7 +4970,7 @@ static int img_dd(int argc, char **argv)
+@@ -4984,7 +4986,7 @@ static int img_dd(int argc, char **argv)
{ 0, 0, 0, 0 }
};
if (c == EOF) {
break;
}
-@@ -4991,6 +4993,19 @@ static int img_dd(int argc, char **argv)
+@@ -5007,6 +5009,19 @@ static int img_dd(int argc, char **argv)
case 'n':
skip_create = true;
break;
case 'U':
force_share = true;
break;
-@@ -5050,11 +5065,24 @@ static int img_dd(int argc, char **argv)
+@@ -5066,11 +5081,24 @@ static int img_dd(int argc, char **argv)
if (dd.flags & C_IF) {
blk1 = img_open(image_opts, in.filename, fmt, 0, false, false,
force_share);
}
if (dd.flags & C_OSIZE) {
-@@ -5203,6 +5231,7 @@ static int img_dd(int argc, char **argv)
+@@ -5219,6 +5247,7 @@ static int img_dd(int argc, char **argv)
out:
g_free(arg);
qemu_opts_del(opts);
}
diff --git a/vma.c b/vma.c
-index 89440733b1..21e765a469 100644
+index 91612d50a2..e1a750ff50 100644
--- a/vma.c
+++ b/vma.c
-@@ -138,6 +138,7 @@ typedef struct RestoreMap {
+@@ -139,6 +139,7 @@ typedef struct RestoreMap {
char *throttling_group;
char *cache;
bool write_zero;
} RestoreMap;
static bool try_parse_option(char **line, const char *optname, char **out, const char *inbuf) {
-@@ -245,47 +246,61 @@ static int extract_content(int argc, char **argv)
+@@ -246,47 +247,61 @@ static int extract_content(int argc, char **argv)
char *bps = NULL;
char *group = NULL;
char *cache = NULL;
if (!devname) {
g_error("read map failed - no dev name specified ('%s')",
inbuf);
-@@ -299,6 +314,7 @@ static int extract_content(int argc, char **argv)
+@@ -300,6 +315,7 @@ static int extract_content(int argc, char **argv)
map->throttling_group = group;
map->cache = cache;
map->write_zero = write_zero;
g_hash_table_insert(devmap, map->devname, map);
-@@ -328,6 +344,7 @@ static int extract_content(int argc, char **argv)
+@@ -329,6 +345,7 @@ static int extract_content(int argc, char **argv)
const char *cache = NULL;
int flags = BDRV_O_RDWR;
bool write_zero = true;
BlockBackend *blk = NULL;
-@@ -343,6 +360,7 @@ static int extract_content(int argc, char **argv)
+@@ -344,6 +361,7 @@ static int extract_content(int argc, char **argv)
throttling_group = map->throttling_group;
cache = map->cache;
write_zero = map->write_zero;
} else {
devfn = g_strdup_printf("%s/tmp-disk-%s.raw",
dirname, di->devname);
-@@ -361,57 +379,60 @@ static int extract_content(int argc, char **argv)
+@@ -362,57 +380,60 @@ static int extract_content(int argc, char **argv)
write_zero = false;
}
5 files changed, 47 insertions(+), 9 deletions(-)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
-index 52ddbf95ad..69c868887a 100644
+index 4c799f00d9..0502f42be6 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -1041,6 +1041,7 @@ void coroutine_fn hmp_backup(Monitor *mon, const QDict *qdict)
backup_time,
dump_cb_block_size,
diff --git a/qapi/block-core.json b/qapi/block-core.json
-index d089328a1f..705f0c97ba 100644
+index 13e03ca154..89875f309c 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -821,6 +821,8 @@
'*backup-id': 'str',
'*backup-time': 'int',
'*use-dirty-bitmap': 'bool',
-@@ -3236,7 +3239,7 @@
+@@ -3256,7 +3259,7 @@
{ 'struct': 'BlockdevOptionsPbs',
'data': { 'repository': 'str', 'snapshot': 'str', 'archive': 'str',
'*keyfile': 'str', '*password': 'str', '*fingerprint': 'str',
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fabian Ebner <f.ebner@proxmox.com>
-Date: Tue, 17 May 2022 09:46:02 +0200
-Subject: [PATCH] Revert "block/rbd: implement bdrv_co_block_status"
-
-During backup, bdrv_co_block_status is called for each block copy
-chunk. When RBD is used, the current implementation with
-rbd_diff_iterate2() using whole_object=true takes about linearly more
-time, depending on the image size. Since there are linearly more
-chunks, the slowdown is quadratic, becoming unacceptable for large
-images (starting somewhere between 500-1000 GiB in my testing).
-
-This reverts commit 0347a8fd4c3faaedf119be04c197804be40a384b as a
-stop-gap measure, until it's clear how to make the implemenation
-more efficient.
-
-Upstream bug report:
-https://gitlab.com/qemu-project/qemu/-/issues/1026
-
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
----
- block/rbd.c | 112 ----------------------------------------------------
- 1 file changed, 112 deletions(-)
-
-diff --git a/block/rbd.c b/block/rbd.c
-index a4b8fb482c..3393b06a4e 100644
---- a/block/rbd.c
-+++ b/block/rbd.c
-@@ -97,12 +97,6 @@ typedef struct RBDTask {
- int64_t ret;
- } RBDTask;
-
--typedef struct RBDDiffIterateReq {
-- uint64_t offs;
-- uint64_t bytes;
-- bool exists;
--} RBDDiffIterateReq;
--
- static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
- BlockdevOptionsRbd *opts, bool cache,
- const char *keypairs, const char *secretid,
-@@ -1267,111 +1261,6 @@ static ImageInfoSpecific *qemu_rbd_get_specific_info(BlockDriverState *bs,
- return spec_info;
- }
-
--/*
-- * rbd_diff_iterate2 allows to interrupt the exection by returning a negative
-- * value in the callback routine. Choose a value that does not conflict with
-- * an existing exitcode and return it if we want to prematurely stop the
-- * execution because we detected a change in the allocation status.
-- */
--#define QEMU_RBD_EXIT_DIFF_ITERATE2 -9000
--
--static int qemu_rbd_diff_iterate_cb(uint64_t offs, size_t len,
-- int exists, void *opaque)
--{
-- RBDDiffIterateReq *req = opaque;
--
-- assert(req->offs + req->bytes <= offs);
-- /*
-- * we do not diff against a snapshot so we should never receive a callback
-- * for a hole.
-- */
-- assert(exists);
--
-- if (!req->exists && offs > req->offs) {
-- /*
-- * we started in an unallocated area and hit the first allocated
-- * block. req->bytes must be set to the length of the unallocated area
-- * before the allocated area. stop further processing.
-- */
-- req->bytes = offs - req->offs;
-- return QEMU_RBD_EXIT_DIFF_ITERATE2;
-- }
--
-- if (req->exists && offs > req->offs + req->bytes) {
-- /*
-- * we started in an allocated area and jumped over an unallocated area,
-- * req->bytes contains the length of the allocated area before the
-- * unallocated area. stop further processing.
-- */
-- return QEMU_RBD_EXIT_DIFF_ITERATE2;
-- }
--
-- req->bytes += len;
-- req->exists = true;
--
-- return 0;
--}
--
--static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
-- bool want_zero, int64_t offset,
-- int64_t bytes, int64_t *pnum,
-- int64_t *map,
-- BlockDriverState **file)
--{
-- BDRVRBDState *s = bs->opaque;
-- int status, r;
-- RBDDiffIterateReq req = { .offs = offset };
-- uint64_t features, flags;
--
-- assert(offset + bytes <= s->image_size);
--
-- /* default to all sectors allocated */
-- status = BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID;
-- *map = offset;
-- *file = bs;
-- *pnum = bytes;
--
-- /* check if RBD image supports fast-diff */
-- r = rbd_get_features(s->image, &features);
-- if (r < 0) {
-- return status;
-- }
-- if (!(features & RBD_FEATURE_FAST_DIFF)) {
-- return status;
-- }
--
-- /* check if RBD fast-diff result is valid */
-- r = rbd_get_flags(s->image, &flags);
-- if (r < 0) {
-- return status;
-- }
-- if (flags & RBD_FLAG_FAST_DIFF_INVALID) {
-- return status;
-- }
--
-- r = rbd_diff_iterate2(s->image, NULL, offset, bytes, true, true,
-- qemu_rbd_diff_iterate_cb, &req);
-- if (r < 0 && r != QEMU_RBD_EXIT_DIFF_ITERATE2) {
-- return status;
-- }
-- assert(req.bytes <= bytes);
-- if (!req.exists) {
-- if (r == 0) {
-- /*
-- * rbd_diff_iterate2 does not invoke callbacks for unallocated
-- * areas. This here catches the case where no callback was
-- * invoked at all (req.bytes == 0).
-- */
-- assert(req.bytes == 0);
-- req.bytes = bytes;
-- }
-- status = BDRV_BLOCK_ZERO | BDRV_BLOCK_OFFSET_VALID;
-- }
--
-- *pnum = req.bytes;
-- return status;
--}
--
- static int64_t qemu_rbd_getlength(BlockDriverState *bs)
- {
- BDRVRBDState *s = bs->opaque;
-@@ -1607,7 +1496,6 @@ static BlockDriver bdrv_rbd = {
- #ifdef LIBRBD_SUPPORTS_WRITE_ZEROES
- .bdrv_co_pwrite_zeroes = qemu_rbd_co_pwrite_zeroes,
- #endif
-- .bdrv_co_block_status = qemu_rbd_co_block_status,
-
- .bdrv_snapshot_create = qemu_rbd_snap_create,
- .bdrv_snapshot_delete = qemu_rbd_snap_remove,
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Thu, 23 Jun 2022 14:00:05 +0200
+Subject: [PATCH] Revert "block/rbd: workaround for ceph issue #53784"
+
+This reverts commit fc176116cdea816ceb8dd969080b2b95f58edbc0 in
+preparation to revert 0347a8fd4c3faaedf119be04c197804be40a384b.
+
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/rbd.c | 42 ++----------------------------------------
+ 1 file changed, 2 insertions(+), 40 deletions(-)
+
+diff --git a/block/rbd.c b/block/rbd.c
+index 0cec24c86d..0a9b97aa5e 100644
+--- a/block/rbd.c
++++ b/block/rbd.c
+@@ -1324,7 +1324,6 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
+ int status, r;
+ RBDDiffIterateReq req = { .offs = offset };
+ uint64_t features, flags;
+- uint64_t head = 0;
+
+ assert(offset + bytes <= s->image_size);
+
+@@ -1352,43 +1351,7 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
+ return status;
+ }
+
+-#if LIBRBD_VERSION_CODE < LIBRBD_VERSION(1, 17, 0)
+- /*
+- * librbd had a bug until early 2022 that affected all versions of ceph that
+- * supported fast-diff. This bug results in reporting of incorrect offsets
+- * if the offset parameter to rbd_diff_iterate2 is not object aligned.
+- * Work around this bug by rounding down the offset to object boundaries.
+- * This is OK because we call rbd_diff_iterate2 with whole_object = true.
+- * However, this workaround only works for non cloned images with default
+- * striping.
+- *
+- * See: https://tracker.ceph.com/issues/53784
+- */
+-
+- /* check if RBD image has non-default striping enabled */
+- if (features & RBD_FEATURE_STRIPINGV2) {
+- return status;
+- }
+-
+-#pragma GCC diagnostic push
+-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+- /*
+- * check if RBD image is a clone (= has a parent).
+- *
+- * rbd_get_parent_info is deprecated from Nautilus onwards, but the
+- * replacement rbd_get_parent is not present in Luminous and Mimic.
+- */
+- if (rbd_get_parent_info(s->image, NULL, 0, NULL, 0, NULL, 0) != -ENOENT) {
+- return status;
+- }
+-#pragma GCC diagnostic pop
+-
+- head = req.offs & (s->object_size - 1);
+- req.offs -= head;
+- bytes += head;
+-#endif
+-
+- r = rbd_diff_iterate2(s->image, NULL, req.offs, bytes, true, true,
++ r = rbd_diff_iterate2(s->image, NULL, offset, bytes, true, true,
+ qemu_rbd_diff_iterate_cb, &req);
+ if (r < 0 && r != QEMU_RBD_EXIT_DIFF_ITERATE2) {
+ return status;
+@@ -1407,8 +1370,7 @@ static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
+ status = BDRV_BLOCK_ZERO | BDRV_BLOCK_OFFSET_VALID;
+ }
+
+- assert(req.bytes > head);
+- *pnum = req.bytes - head;
++ *pnum = req.bytes;
+ return status;
+ }
+
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fabian Ebner <f.ebner@proxmox.com>
-Date: Wed, 25 May 2022 13:59:37 +0200
-Subject: [PATCH] PVE-Backup: create jobs: correctly cancel in error scenario
-
-The first call to job_cancel_sync() will cancel and free all jobs in
-the transaction, so ensure that it's called only once and get rid of
-the job_unref() that would operate on freed memory.
-
-It's also necessary to NULL backup_state.pbs in the error scenario,
-because a subsequent backup_cancel QMP call (as happens in PVE when
-the backup QMP command fails) would try to call proxmox_backup_abort()
-and run into a segfault.
-
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
----
- pve-backup.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/pve-backup.c b/pve-backup.c
-index f6a5f8c785..5bed6f4014 100644
---- a/pve-backup.c
-+++ b/pve-backup.c
-@@ -506,6 +506,11 @@ static void create_backup_jobs_bh(void *opaque) {
- }
-
- if (*errp) {
-+ /*
-+ * It's enough to cancel one job in the transaction, the rest will
-+ * follow automatically.
-+ */
-+ bool canceled = false;
- l = backup_state.di_list;
- while (l) {
- PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
-@@ -516,12 +521,12 @@ static void create_backup_jobs_bh(void *opaque) {
- di->target = NULL;
- }
-
-- if (di->job) {
-+ if (!canceled && di->job) {
- AioContext *ctx = di->job->job.aio_context;
- aio_context_acquire(ctx);
- job_cancel_sync(&di->job->job, true);
-- job_unref(&di->job->job);
- aio_context_release(ctx);
-+ canceled = true;
- }
- }
- }
-@@ -947,6 +952,7 @@ err:
-
- if (pbs) {
- proxmox_backup_disconnect(pbs);
-+ backup_state.pbs = NULL;
- }
-
- if (backup_dir) {
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Thu, 23 Jun 2022 14:00:07 +0200
+Subject: [PATCH] Revert "block/rbd: fix handling of holes in
+ .bdrv_co_block_status"
+
+This reverts commit 9e302f64bb407a9bb097b626da97228c2654cfee in
+preparation to revert 0347a8fd4c3faaedf119be04c197804be40a384b.
+
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/rbd.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/block/rbd.c b/block/rbd.c
+index 0a9b97aa5e..1c585d23e9 100644
+--- a/block/rbd.c
++++ b/block/rbd.c
+@@ -1283,11 +1283,11 @@ static int qemu_rbd_diff_iterate_cb(uint64_t offs, size_t len,
+ RBDDiffIterateReq *req = opaque;
+
+ assert(req->offs + req->bytes <= offs);
+-
+- /* treat a hole like an unallocated area and bail out */
+- if (!exists) {
+- return 0;
+- }
++ /*
++ * we do not diff against a snapshot so we should never receive a callback
++ * for a hole.
++ */
++ assert(exists);
+
+ if (!req->exists && offs > req->offs) {
+ /*
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fabian Ebner <f.ebner@proxmox.com>
-Date: Wed, 25 May 2022 13:59:38 +0200
-Subject: [PATCH] PVE-Backup: ensure jobs in di_list are referenced
-
-Ensures that qmp_backup_cancel doesn't pick a job that's already been
-freed. With unlucky timings it seems possible that:
-1. job_exit -> job_completed -> job_finalize_single starts
-2. pvebackup_co_complete_stream gets spawned in completion callback
-3. job finalize_single finishes -> job's refcount hits zero -> job is
- freed
-4. qmp_backup_cancel comes in and locks backup_state.backup_mutex
- before pvebackup_co_complete_stream can remove the job from the
- di_list
-5. qmp_backup_cancel will pick a job that's already been freed
-
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
----
- pve-backup.c | 25 ++++++++++++++++++++-----
- 1 file changed, 20 insertions(+), 5 deletions(-)
-
-diff --git a/pve-backup.c b/pve-backup.c
-index 5bed6f4014..0c34428713 100644
---- a/pve-backup.c
-+++ b/pve-backup.c
-@@ -316,6 +316,14 @@ static void coroutine_fn pvebackup_co_complete_stream(void *opaque)
- }
- }
-
-+ if (di->job) {
-+ AioContext *ctx = di->job->job.aio_context;
-+ aio_context_acquire(ctx);
-+ job_unref(&di->job->job);
-+ di->job = NULL;
-+ aio_context_release(ctx);
-+ }
-+
- // remove self from job list
- backup_state.di_list = g_list_remove(backup_state.di_list, di);
-
-@@ -491,9 +499,12 @@ static void create_backup_jobs_bh(void *opaque) {
- bitmap_mode, false, NULL, &perf, BLOCKDEV_ON_ERROR_REPORT, BLOCKDEV_ON_ERROR_REPORT,
- JOB_DEFAULT, pvebackup_complete_cb, di, backup_state.txn, &local_err);
-
-- aio_context_release(aio_context);
--
- di->job = job;
-+ if (job) {
-+ job_ref(&job->job);
-+ }
-+
-+ aio_context_release(aio_context);
-
- if (!job || local_err) {
- error_setg(errp, "backup_job_create failed: %s",
-@@ -521,12 +532,16 @@ static void create_backup_jobs_bh(void *opaque) {
- di->target = NULL;
- }
-
-- if (!canceled && di->job) {
-+ if (di->job) {
- AioContext *ctx = di->job->job.aio_context;
- aio_context_acquire(ctx);
-- job_cancel_sync(&di->job->job, true);
-+ if (!canceled) {
-+ job_cancel_sync(&di->job->job, true);
-+ canceled = true;
-+ }
-+ job_unref(&di->job->job);
-+ di->job = NULL;
- aio_context_release(ctx);
-- canceled = true;
- }
- }
- }
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Tue, 17 May 2022 09:46:02 +0200
+Subject: [PATCH] Revert "block/rbd: implement bdrv_co_block_status"
+
+During backup, bdrv_co_block_status is called for each block copy
+chunk. When RBD is used, the current implementation with
+rbd_diff_iterate2() using whole_object=true takes about linearly more
+time, depending on the image size. Since there are linearly more
+chunks, the slowdown is quadratic, becoming unacceptable for large
+images (starting somewhere between 500-1000 GiB in my testing).
+
+This reverts commit 0347a8fd4c3faaedf119be04c197804be40a384b as a
+stop-gap measure, until it's clear how to make the implemenation
+more efficient.
+
+Upstream bug report:
+https://gitlab.com/qemu-project/qemu/-/issues/1026
+
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/rbd.c | 112 ----------------------------------------------------
+ 1 file changed, 112 deletions(-)
+
+diff --git a/block/rbd.c b/block/rbd.c
+index 1c585d23e9..1704767041 100644
+--- a/block/rbd.c
++++ b/block/rbd.c
+@@ -97,12 +97,6 @@ typedef struct RBDTask {
+ int64_t ret;
+ } RBDTask;
+
+-typedef struct RBDDiffIterateReq {
+- uint64_t offs;
+- uint64_t bytes;
+- bool exists;
+-} RBDDiffIterateReq;
+-
+ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
+ BlockdevOptionsRbd *opts, bool cache,
+ const char *keypairs, const char *secretid,
+@@ -1269,111 +1263,6 @@ static ImageInfoSpecific *qemu_rbd_get_specific_info(BlockDriverState *bs,
+ return spec_info;
+ }
+
+-/*
+- * rbd_diff_iterate2 allows to interrupt the exection by returning a negative
+- * value in the callback routine. Choose a value that does not conflict with
+- * an existing exitcode and return it if we want to prematurely stop the
+- * execution because we detected a change in the allocation status.
+- */
+-#define QEMU_RBD_EXIT_DIFF_ITERATE2 -9000
+-
+-static int qemu_rbd_diff_iterate_cb(uint64_t offs, size_t len,
+- int exists, void *opaque)
+-{
+- RBDDiffIterateReq *req = opaque;
+-
+- assert(req->offs + req->bytes <= offs);
+- /*
+- * we do not diff against a snapshot so we should never receive a callback
+- * for a hole.
+- */
+- assert(exists);
+-
+- if (!req->exists && offs > req->offs) {
+- /*
+- * we started in an unallocated area and hit the first allocated
+- * block. req->bytes must be set to the length of the unallocated area
+- * before the allocated area. stop further processing.
+- */
+- req->bytes = offs - req->offs;
+- return QEMU_RBD_EXIT_DIFF_ITERATE2;
+- }
+-
+- if (req->exists && offs > req->offs + req->bytes) {
+- /*
+- * we started in an allocated area and jumped over an unallocated area,
+- * req->bytes contains the length of the allocated area before the
+- * unallocated area. stop further processing.
+- */
+- return QEMU_RBD_EXIT_DIFF_ITERATE2;
+- }
+-
+- req->bytes += len;
+- req->exists = true;
+-
+- return 0;
+-}
+-
+-static int coroutine_fn qemu_rbd_co_block_status(BlockDriverState *bs,
+- bool want_zero, int64_t offset,
+- int64_t bytes, int64_t *pnum,
+- int64_t *map,
+- BlockDriverState **file)
+-{
+- BDRVRBDState *s = bs->opaque;
+- int status, r;
+- RBDDiffIterateReq req = { .offs = offset };
+- uint64_t features, flags;
+-
+- assert(offset + bytes <= s->image_size);
+-
+- /* default to all sectors allocated */
+- status = BDRV_BLOCK_DATA | BDRV_BLOCK_OFFSET_VALID;
+- *map = offset;
+- *file = bs;
+- *pnum = bytes;
+-
+- /* check if RBD image supports fast-diff */
+- r = rbd_get_features(s->image, &features);
+- if (r < 0) {
+- return status;
+- }
+- if (!(features & RBD_FEATURE_FAST_DIFF)) {
+- return status;
+- }
+-
+- /* check if RBD fast-diff result is valid */
+- r = rbd_get_flags(s->image, &flags);
+- if (r < 0) {
+- return status;
+- }
+- if (flags & RBD_FLAG_FAST_DIFF_INVALID) {
+- return status;
+- }
+-
+- r = rbd_diff_iterate2(s->image, NULL, offset, bytes, true, true,
+- qemu_rbd_diff_iterate_cb, &req);
+- if (r < 0 && r != QEMU_RBD_EXIT_DIFF_ITERATE2) {
+- return status;
+- }
+- assert(req.bytes <= bytes);
+- if (!req.exists) {
+- if (r == 0) {
+- /*
+- * rbd_diff_iterate2 does not invoke callbacks for unallocated
+- * areas. This here catches the case where no callback was
+- * invoked at all (req.bytes == 0).
+- */
+- assert(req.bytes == 0);
+- req.bytes = bytes;
+- }
+- status = BDRV_BLOCK_ZERO | BDRV_BLOCK_OFFSET_VALID;
+- }
+-
+- *pnum = req.bytes;
+- return status;
+-}
+-
+ static int64_t qemu_rbd_getlength(BlockDriverState *bs)
+ {
+ BDRVRBDState *s = bs->opaque;
+@@ -1609,7 +1498,6 @@ static BlockDriver bdrv_rbd = {
+ #ifdef LIBRBD_SUPPORTS_WRITE_ZEROES
+ .bdrv_co_pwrite_zeroes = qemu_rbd_co_pwrite_zeroes,
+ #endif
+- .bdrv_co_block_status = qemu_rbd_co_block_status,
+
+ .bdrv_snapshot_create = qemu_rbd_snap_create,
+ .bdrv_snapshot_delete = qemu_rbd_snap_remove,
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fabian Ebner <f.ebner@proxmox.com>
-Date: Wed, 25 May 2022 13:59:39 +0200
-Subject: [PATCH] PVE-Backup: avoid segfault issues upon backup-cancel
-
-When canceling a backup in PVE via a signal it's easy to run into a
-situation where the job is already failing when the backup_cancel QMP
-command comes in. With a bit of unlucky timing on top, it can happen
-that job_exit() runs between schedulung of job_cancel_bh() and
-execution of job_cancel_bh(). But job_cancel_sync() does not expect
-that the job is already finalized (in fact, the job might've been
-freed already, but even if it isn't, job_cancel_sync() would try to
-deref job->txn which would be NULL at that point).
-
-It is not possible to simply use the job_cancel() (which is advertised
-as being async but isn't in all cases) in qmp_backup_cancel() for the
-same reason job_cancel_sync() cannot be used. Namely, because it can
-invoke job_finish_sync() (which uses AIO_WAIT_WHILE and thus hangs if
-called from a coroutine). This happens when there's multiple jobs in
-the transaction and job->deferred_to_main_loop is true (is set before
-scheduling job_exit()) or if the job was not started yet.
-
-Fix the issue by selecting the job to cancel in job_cancel_bh() itself
-using the first job that's not completed yet. This is not necessarily
-the first job in the list, because pvebackup_co_complete_stream()
-might not yet have removed a completed job when job_cancel_bh() runs.
-
-An alternative would be to continue using only the first job and
-checking against JOB_STATUS_CONCLUDED or JOB_STATUS_NULL to decide if
-it's still necessary and possible to cancel, but the approach with
-using the first non-completed job seemed more robust.
-
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
----
- pve-backup.c | 61 +++++++++++++++++++++++++++++++++-------------------
- 1 file changed, 39 insertions(+), 22 deletions(-)
-
-diff --git a/pve-backup.c b/pve-backup.c
-index 0c34428713..2e22030eec 100644
---- a/pve-backup.c
-+++ b/pve-backup.c
-@@ -355,15 +355,42 @@ static void pvebackup_complete_cb(void *opaque, int ret)
-
- /*
- * job_cancel(_sync) does not like to be called from coroutines, so defer to
-- * main loop processing via a bottom half.
-+ * main loop processing via a bottom half. Assumes that caller holds
-+ * backup_mutex.
- */
- static void job_cancel_bh(void *opaque) {
- CoCtxData *data = (CoCtxData*)opaque;
-- Job *job = (Job*)data->data;
-- AioContext *job_ctx = job->aio_context;
-- aio_context_acquire(job_ctx);
-- job_cancel_sync(job, true);
-- aio_context_release(job_ctx);
-+
-+ /*
-+ * Be careful to pick a valid job to cancel:
-+ * 1. job_cancel_sync() does not expect the job to be finalized already.
-+ * 2. job_exit() might run between scheduling and running job_cancel_bh()
-+ * and pvebackup_co_complete_stream() might not have removed the job from
-+ * the list yet (in fact, cannot, because it waits for the backup_mutex).
-+ * Requiring !job_is_completed() ensures that no finalized job is picked.
-+ */
-+ GList *bdi = g_list_first(backup_state.di_list);
-+ while (bdi) {
-+ if (bdi->data) {
-+ BlockJob *bj = ((PVEBackupDevInfo *)bdi->data)->job;
-+ if (bj) {
-+ Job *job = &bj->job;
-+ if (!job_is_completed(job)) {
-+ AioContext *job_ctx = job->aio_context;
-+ aio_context_acquire(job_ctx);
-+ job_cancel_sync(job, true);
-+ aio_context_release(job_ctx);
-+ /*
-+ * It's enough to cancel one job in the transaction, the
-+ * rest will follow automatically.
-+ */
-+ break;
-+ }
-+ }
-+ }
-+ bdi = g_list_next(bdi);
-+ }
-+
- aio_co_enter(data->ctx, data->co);
- }
-
-@@ -384,22 +411,12 @@ void coroutine_fn qmp_backup_cancel(Error **errp)
- proxmox_backup_abort(backup_state.pbs, "backup canceled");
- }
-
-- /* it's enough to cancel one job in the transaction, the rest will follow
-- * automatically */
-- GList *bdi = g_list_first(backup_state.di_list);
-- BlockJob *cancel_job = bdi && bdi->data ?
-- ((PVEBackupDevInfo *)bdi->data)->job :
-- NULL;
--
-- if (cancel_job) {
-- CoCtxData data = {
-- .ctx = qemu_get_current_aio_context(),
-- .co = qemu_coroutine_self(),
-- .data = &cancel_job->job,
-- };
-- aio_bh_schedule_oneshot(data.ctx, job_cancel_bh, &data);
-- qemu_coroutine_yield();
-- }
-+ CoCtxData data = {
-+ .ctx = qemu_get_current_aio_context(),
-+ .co = qemu_coroutine_self(),
-+ };
-+ aio_bh_schedule_oneshot(data.ctx, job_cancel_bh, &data);
-+ qemu_coroutine_yield();
-
- qemu_co_mutex_unlock(&backup_state.backup_mutex);
- }
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Wed, 25 May 2022 13:59:37 +0200
+Subject: [PATCH] PVE-Backup: create jobs: correctly cancel in error scenario
+
+The first call to job_cancel_sync() will cancel and free all jobs in
+the transaction, so ensure that it's called only once and get rid of
+the job_unref() that would operate on freed memory.
+
+It's also necessary to NULL backup_state.pbs in the error scenario,
+because a subsequent backup_cancel QMP call (as happens in PVE when
+the backup QMP command fails) would try to call proxmox_backup_abort()
+and run into a segfault.
+
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ pve-backup.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/pve-backup.c b/pve-backup.c
+index f6a5f8c785..5bed6f4014 100644
+--- a/pve-backup.c
++++ b/pve-backup.c
+@@ -506,6 +506,11 @@ static void create_backup_jobs_bh(void *opaque) {
+ }
+
+ if (*errp) {
++ /*
++ * It's enough to cancel one job in the transaction, the rest will
++ * follow automatically.
++ */
++ bool canceled = false;
+ l = backup_state.di_list;
+ while (l) {
+ PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
+@@ -516,12 +521,12 @@ static void create_backup_jobs_bh(void *opaque) {
+ di->target = NULL;
+ }
+
+- if (di->job) {
++ if (!canceled && di->job) {
+ AioContext *ctx = di->job->job.aio_context;
+ aio_context_acquire(ctx);
+ job_cancel_sync(&di->job->job, true);
+- job_unref(&di->job->job);
+ aio_context_release(ctx);
++ canceled = true;
+ }
+ }
+ }
+@@ -947,6 +952,7 @@ err:
+
+ if (pbs) {
+ proxmox_backup_disconnect(pbs);
++ backup_state.pbs = NULL;
+ }
+
+ if (backup_dir) {
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Wed, 25 May 2022 13:59:38 +0200
+Subject: [PATCH] PVE-Backup: ensure jobs in di_list are referenced
+
+Ensures that qmp_backup_cancel doesn't pick a job that's already been
+freed. With unlucky timings it seems possible that:
+1. job_exit -> job_completed -> job_finalize_single starts
+2. pvebackup_co_complete_stream gets spawned in completion callback
+3. job finalize_single finishes -> job's refcount hits zero -> job is
+ freed
+4. qmp_backup_cancel comes in and locks backup_state.backup_mutex
+ before pvebackup_co_complete_stream can remove the job from the
+ di_list
+5. qmp_backup_cancel will pick a job that's already been freed
+
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ pve-backup.c | 25 ++++++++++++++++++++-----
+ 1 file changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/pve-backup.c b/pve-backup.c
+index 5bed6f4014..0c34428713 100644
+--- a/pve-backup.c
++++ b/pve-backup.c
+@@ -316,6 +316,14 @@ static void coroutine_fn pvebackup_co_complete_stream(void *opaque)
+ }
+ }
+
++ if (di->job) {
++ AioContext *ctx = di->job->job.aio_context;
++ aio_context_acquire(ctx);
++ job_unref(&di->job->job);
++ di->job = NULL;
++ aio_context_release(ctx);
++ }
++
+ // remove self from job list
+ backup_state.di_list = g_list_remove(backup_state.di_list, di);
+
+@@ -491,9 +499,12 @@ static void create_backup_jobs_bh(void *opaque) {
+ bitmap_mode, false, NULL, &perf, BLOCKDEV_ON_ERROR_REPORT, BLOCKDEV_ON_ERROR_REPORT,
+ JOB_DEFAULT, pvebackup_complete_cb, di, backup_state.txn, &local_err);
+
+- aio_context_release(aio_context);
+-
+ di->job = job;
++ if (job) {
++ job_ref(&job->job);
++ }
++
++ aio_context_release(aio_context);
+
+ if (!job || local_err) {
+ error_setg(errp, "backup_job_create failed: %s",
+@@ -521,12 +532,16 @@ static void create_backup_jobs_bh(void *opaque) {
+ di->target = NULL;
+ }
+
+- if (!canceled && di->job) {
++ if (di->job) {
+ AioContext *ctx = di->job->job.aio_context;
+ aio_context_acquire(ctx);
+- job_cancel_sync(&di->job->job, true);
++ if (!canceled) {
++ job_cancel_sync(&di->job->job, true);
++ canceled = true;
++ }
++ job_unref(&di->job->job);
++ di->job = NULL;
+ aio_context_release(ctx);
+- canceled = true;
+ }
+ }
+ }
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fabian Ebner <f.ebner@proxmox.com>
-Date: Wed, 22 Jun 2022 10:45:11 +0200
-Subject: [PATCH] vma: create: support 64KiB-unaligned input images
-
-which fixes backing up templates with such disks in PVE, for example
-efitype=4m EFI disks on a file-based storage (size = 540672).
-
-If there is not enough left to read, blk_co_preadv will return -EIO,
-so limit the size in the last iteration.
-
-For writing, an unaligned end is already handled correctly.
-
-The call to memset is not strictly necessary, because writing also
-checks that it doesn't write data beyond the end of the image. But
-there are two reasons to do it:
-1. It's cleaner that way.
-2. It allows detecting when the final piece is all zeroes, which might
- not happen if the buffer still contains data from the previous
- iteration.
-
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
----
- vma.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/vma.c b/vma.c
-index 21e765a469..6d02b29047 100644
---- a/vma.c
-+++ b/vma.c
-@@ -548,7 +548,7 @@ static void coroutine_fn backup_run(void *opaque)
- struct iovec iov;
- QEMUIOVector qiov;
-
-- int64_t start, end;
-+ int64_t start, end, readlen;
- int ret = 0;
-
- unsigned char *buf = blk_blockalign(job->target, VMA_CLUSTER_SIZE);
-@@ -562,8 +562,16 @@ static void coroutine_fn backup_run(void *opaque)
- iov.iov_len = VMA_CLUSTER_SIZE;
- qemu_iovec_init_external(&qiov, &iov, 1);
-
-+ if (start + 1 == end) {
-+ memset(buf, 0, VMA_CLUSTER_SIZE);
-+ readlen = job->len - start * VMA_CLUSTER_SIZE;
-+ assert(readlen > 0 && readlen <= VMA_CLUSTER_SIZE);
-+ } else {
-+ readlen = VMA_CLUSTER_SIZE;
-+ }
-+
- ret = blk_co_preadv(job->target, start * VMA_CLUSTER_SIZE,
-- VMA_CLUSTER_SIZE, &qiov, 0);
-+ readlen, &qiov, 0);
- if (ret < 0) {
- vma_writer_set_error(job->vmaw, "read error", -1);
- goto out;
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Wed, 25 May 2022 13:59:39 +0200
+Subject: [PATCH] PVE-Backup: avoid segfault issues upon backup-cancel
+
+When canceling a backup in PVE via a signal it's easy to run into a
+situation where the job is already failing when the backup_cancel QMP
+command comes in. With a bit of unlucky timing on top, it can happen
+that job_exit() runs between schedulung of job_cancel_bh() and
+execution of job_cancel_bh(). But job_cancel_sync() does not expect
+that the job is already finalized (in fact, the job might've been
+freed already, but even if it isn't, job_cancel_sync() would try to
+deref job->txn which would be NULL at that point).
+
+It is not possible to simply use the job_cancel() (which is advertised
+as being async but isn't in all cases) in qmp_backup_cancel() for the
+same reason job_cancel_sync() cannot be used. Namely, because it can
+invoke job_finish_sync() (which uses AIO_WAIT_WHILE and thus hangs if
+called from a coroutine). This happens when there's multiple jobs in
+the transaction and job->deferred_to_main_loop is true (is set before
+scheduling job_exit()) or if the job was not started yet.
+
+Fix the issue by selecting the job to cancel in job_cancel_bh() itself
+using the first job that's not completed yet. This is not necessarily
+the first job in the list, because pvebackup_co_complete_stream()
+might not yet have removed a completed job when job_cancel_bh() runs.
+
+An alternative would be to continue using only the first job and
+checking against JOB_STATUS_CONCLUDED or JOB_STATUS_NULL to decide if
+it's still necessary and possible to cancel, but the approach with
+using the first non-completed job seemed more robust.
+
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ pve-backup.c | 61 +++++++++++++++++++++++++++++++++-------------------
+ 1 file changed, 39 insertions(+), 22 deletions(-)
+
+diff --git a/pve-backup.c b/pve-backup.c
+index 0c34428713..2e22030eec 100644
+--- a/pve-backup.c
++++ b/pve-backup.c
+@@ -355,15 +355,42 @@ static void pvebackup_complete_cb(void *opaque, int ret)
+
+ /*
+ * job_cancel(_sync) does not like to be called from coroutines, so defer to
+- * main loop processing via a bottom half.
++ * main loop processing via a bottom half. Assumes that caller holds
++ * backup_mutex.
+ */
+ static void job_cancel_bh(void *opaque) {
+ CoCtxData *data = (CoCtxData*)opaque;
+- Job *job = (Job*)data->data;
+- AioContext *job_ctx = job->aio_context;
+- aio_context_acquire(job_ctx);
+- job_cancel_sync(job, true);
+- aio_context_release(job_ctx);
++
++ /*
++ * Be careful to pick a valid job to cancel:
++ * 1. job_cancel_sync() does not expect the job to be finalized already.
++ * 2. job_exit() might run between scheduling and running job_cancel_bh()
++ * and pvebackup_co_complete_stream() might not have removed the job from
++ * the list yet (in fact, cannot, because it waits for the backup_mutex).
++ * Requiring !job_is_completed() ensures that no finalized job is picked.
++ */
++ GList *bdi = g_list_first(backup_state.di_list);
++ while (bdi) {
++ if (bdi->data) {
++ BlockJob *bj = ((PVEBackupDevInfo *)bdi->data)->job;
++ if (bj) {
++ Job *job = &bj->job;
++ if (!job_is_completed(job)) {
++ AioContext *job_ctx = job->aio_context;
++ aio_context_acquire(job_ctx);
++ job_cancel_sync(job, true);
++ aio_context_release(job_ctx);
++ /*
++ * It's enough to cancel one job in the transaction, the
++ * rest will follow automatically.
++ */
++ break;
++ }
++ }
++ }
++ bdi = g_list_next(bdi);
++ }
++
+ aio_co_enter(data->ctx, data->co);
+ }
+
+@@ -384,22 +411,12 @@ void coroutine_fn qmp_backup_cancel(Error **errp)
+ proxmox_backup_abort(backup_state.pbs, "backup canceled");
+ }
+
+- /* it's enough to cancel one job in the transaction, the rest will follow
+- * automatically */
+- GList *bdi = g_list_first(backup_state.di_list);
+- BlockJob *cancel_job = bdi && bdi->data ?
+- ((PVEBackupDevInfo *)bdi->data)->job :
+- NULL;
+-
+- if (cancel_job) {
+- CoCtxData data = {
+- .ctx = qemu_get_current_aio_context(),
+- .co = qemu_coroutine_self(),
+- .data = &cancel_job->job,
+- };
+- aio_bh_schedule_oneshot(data.ctx, job_cancel_bh, &data);
+- qemu_coroutine_yield();
+- }
++ CoCtxData data = {
++ .ctx = qemu_get_current_aio_context(),
++ .co = qemu_coroutine_self(),
++ };
++ aio_bh_schedule_oneshot(data.ctx, job_cancel_bh, &data);
++ qemu_coroutine_yield();
+
+ qemu_co_mutex_unlock(&backup_state.backup_mutex);
+ }
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fabian Ebner <f.ebner@proxmox.com>
-Date: Wed, 22 Jun 2022 10:45:12 +0200
-Subject: [PATCH] vma: create: avoid triggering assertion in error case
-
-error_setg expects its argument to not be initialized yet.
-
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
----
- vma-writer.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/vma-writer.c b/vma-writer.c
-index 11d8321ffd..29567cba68 100644
---- a/vma-writer.c
-+++ b/vma-writer.c
-@@ -310,6 +310,8 @@ VmaWriter *vma_writer_create(const char *filename, uuid_t uuid, Error **errp)
- }
-
- if (vmaw->fd < 0) {
-+ error_free(*errp);
-+ *errp = NULL;
- error_setg(errp, "can't open file %s - %s\n", filename,
- g_strerror(errno));
- goto err;
+++ /dev/null
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Fabian Ebner <f.ebner@proxmox.com>
-Date: Wed, 22 Jun 2022 10:45:13 +0200
-Subject: [PATCH] block: alloc-track: avoid premature break
-
-While the bdrv_co_preadv() calls are expected to return 0 on success,
-qemu_iovec_memset() will return the number of bytes set (will be
-local_bytes, because the slice with that size was just initialized).
-
-Don't break out of the loop after the branch with qemu_iovec_memset(),
-because there might still be work to do. Additionally, ret is an int,
-which on 64-bit platforms is too small to hold the size_t returned by
-qemu_iovec_memset().
-
-The branch seems to be difficult to reach in practice, because the
-whole point of alloc-track is to be used with a backing device.
-
-Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
----
- block/alloc-track.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/block/alloc-track.c b/block/alloc-track.c
-index 6b50fbe537..c1160af04b 100644
---- a/block/alloc-track.c
-+++ b/block/alloc-track.c
-@@ -174,7 +174,8 @@ static int coroutine_fn track_co_preadv(BlockDriverState *bs,
- ret = bdrv_co_preadv(bs->backing, local_offset, local_bytes,
- &local_qiov, flags);
- } else {
-- ret = qemu_iovec_memset(&local_qiov, cur_offset, 0, local_bytes);
-+ qemu_iovec_memset(&local_qiov, cur_offset, 0, local_bytes);
-+ ret = 0;
- }
-
- if (ret != 0) {
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Wed, 22 Jun 2022 10:45:11 +0200
+Subject: [PATCH] vma: create: support 64KiB-unaligned input images
+
+which fixes backing up templates with such disks in PVE, for example
+efitype=4m EFI disks on a file-based storage (size = 540672).
+
+If there is not enough left to read, blk_co_preadv will return -EIO,
+so limit the size in the last iteration.
+
+For writing, an unaligned end is already handled correctly.
+
+The call to memset is not strictly necessary, because writing also
+checks that it doesn't write data beyond the end of the image. But
+there are two reasons to do it:
+1. It's cleaner that way.
+2. It allows detecting when the final piece is all zeroes, which might
+ not happen if the buffer still contains data from the previous
+ iteration.
+
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ vma.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/vma.c b/vma.c
+index e1a750ff50..b1137e27a7 100644
+--- a/vma.c
++++ b/vma.c
+@@ -549,7 +549,7 @@ static void coroutine_fn backup_run(void *opaque)
+ struct iovec iov;
+ QEMUIOVector qiov;
+
+- int64_t start, end;
++ int64_t start, end, readlen;
+ int ret = 0;
+
+ unsigned char *buf = blk_blockalign(job->target, VMA_CLUSTER_SIZE);
+@@ -563,8 +563,16 @@ static void coroutine_fn backup_run(void *opaque)
+ iov.iov_len = VMA_CLUSTER_SIZE;
+ qemu_iovec_init_external(&qiov, &iov, 1);
+
++ if (start + 1 == end) {
++ memset(buf, 0, VMA_CLUSTER_SIZE);
++ readlen = job->len - start * VMA_CLUSTER_SIZE;
++ assert(readlen > 0 && readlen <= VMA_CLUSTER_SIZE);
++ } else {
++ readlen = VMA_CLUSTER_SIZE;
++ }
++
+ ret = blk_co_preadv(job->target, start * VMA_CLUSTER_SIZE,
+- VMA_CLUSTER_SIZE, &qiov, 0);
++ readlen, &qiov, 0);
+ if (ret < 0) {
+ vma_writer_set_error(job->vmaw, "read error", -1);
+ goto out;
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Wed, 22 Jun 2022 10:45:12 +0200
+Subject: [PATCH] vma: create: avoid triggering assertion in error case
+
+error_setg expects its argument to not be initialized yet.
+
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ vma-writer.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/vma-writer.c b/vma-writer.c
+index df4b20793d..ac7da237d0 100644
+--- a/vma-writer.c
++++ b/vma-writer.c
+@@ -311,6 +311,8 @@ VmaWriter *vma_writer_create(const char *filename, uuid_t uuid, Error **errp)
+ }
+
+ if (vmaw->fd < 0) {
++ error_free(*errp);
++ *errp = NULL;
+ error_setg(errp, "can't open file %s - %s\n", filename,
+ g_strerror(errno));
+ goto err;
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fabian Ebner <f.ebner@proxmox.com>
+Date: Wed, 22 Jun 2022 10:45:13 +0200
+Subject: [PATCH] block: alloc-track: avoid premature break
+
+While the bdrv_co_preadv() calls are expected to return 0 on success,
+qemu_iovec_memset() will return the number of bytes set (will be
+local_bytes, because the slice with that size was just initialized).
+
+Don't break out of the loop after the branch with qemu_iovec_memset(),
+because there might still be work to do. Additionally, ret is an int,
+which on 64-bit platforms is too small to hold the size_t returned by
+qemu_iovec_memset().
+
+The branch seems to be difficult to reach in practice, because the
+whole point of alloc-track is to be used with a backing device.
+
+Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
+---
+ block/alloc-track.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/block/alloc-track.c b/block/alloc-track.c
+index 6b50fbe537..c1160af04b 100644
+--- a/block/alloc-track.c
++++ b/block/alloc-track.c
+@@ -174,7 +174,8 @@ static int coroutine_fn track_co_preadv(BlockDriverState *bs,
+ ret = bdrv_co_preadv(bs->backing, local_offset, local_bytes,
+ &local_qiov, flags);
+ } else {
+- ret = qemu_iovec_memset(&local_qiov, cur_offset, 0, local_bytes);
++ qemu_iovec_memset(&local_qiov, cur_offset, 0, local_bytes);
++ ret = 0;
+ }
+
+ if (ret != 0) {
extra/0001-monitor-qmp-fix-race-with-clients-disconnecting-earl.patch
-extra/0002-monitor-hmp-add-support-for-flag-argument-with-value.patch
-extra/0003-monitor-refactor-set-expire_password-and-allow-VNC-d.patch
-extra/0006-block-io-Update-BSC-only-if-want_zero-is-true.patch
-extra/0007-block-nbd-Delete-reconnect-delay-timer-when-done.patch
-extra/0008-block-nbd-Assert-there-are-no-timers-when-closed.patch
-extra/0009-block-nbd-Move-s-ioc-on-AioContext-change.patch
-extra/0010-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch
-extra/0011-virtio-net-fix-map-leaking-on-error-during-receive.patch
-extra/0012-memory-Fix-incorrect-calls-of-log_global_start-stop.patch
-extra/0013-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch
-extra/0014-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch
-extra/0015-vhost-user-remove-VirtQ-notifier-restore.patch
-extra/0016-vhost-user-fix-VirtQ-notifier-cleanup.patch
-extra/0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch
-extra/0018-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
-extra/0019-ui-vnc.c-Fixed-a-deadlock-bug.patch
-extra/0020-display-qxl-render-fix-race-condition-in-qxl_cursor-.patch
-extra/0021-ui-cursor-fix-integer-overflow-in-cursor_alloc-CVE-2.patch
+extra/0002-block-gluster-correctly-set-max_pdiscard-which-is-in.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
pve/0050-qemu-img-dd-add-l-option-for-loading-a-snapshot.patch
pve/0051-vma-allow-partial-restore.patch
pve/0052-pbs-namespace-support.patch
-pve/0053-Revert-block-rbd-implement-bdrv_co_block_status.patch
-pve/0054-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
-pve/0055-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
-pve/0056-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
-pve/0057-vma-create-support-64KiB-unaligned-input-images.patch
-pve/0058-vma-create-avoid-triggering-assertion-in-error-case.patch
-pve/0059-block-alloc-track-avoid-premature-break.patch
+pve/0053-Revert-block-rbd-workaround-for-ceph-issue-53784.patch
+pve/0054-Revert-block-rbd-fix-handling-of-holes-in-.bdrv_co_b.patch
+pve/0055-Revert-block-rbd-implement-bdrv_co_block_status.patch
+pve/0056-PVE-Backup-create-jobs-correctly-cancel-in-error-sce.patch
+pve/0057-PVE-Backup-ensure-jobs-in-di_list-are-referenced.patch
+pve/0058-PVE-Backup-avoid-segfault-issues-upon-backup-cancel.patch
+pve/0059-vma-create-support-64KiB-unaligned-input-images.patch
+pve/0060-vma-create-avoid-triggering-assertion-in-error-case.patch
+pve/0061-block-alloc-track-avoid-premature-break.patch
-Subproject commit 44f28df24767cf9dca1ddc9b23157737c4cbb645
+Subproject commit 823a3f11fb8f04c3c3cc0f95f968fef1bfc6534f