import stable-4 build files
This commit is contained in:
commit
9525982417
3
.gitmodules
vendored
Normal file
3
.gitmodules
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
[submodule "qemu"]
|
||||
path = qemu
|
||||
url = ../mirror_qemu
|
54
Makefile
Normal file
54
Makefile
Normal file
@ -0,0 +1,54 @@
|
||||
# also update debian/changelog
|
||||
KVMVER=2.7.1
|
||||
KVMPKGREL=4
|
||||
|
||||
KVMPACKAGE = pve-qemu-kvm
|
||||
KVMSRC = qemu
|
||||
BUILDSRC = $(KVMSRC).tmp
|
||||
|
||||
SRCDIR := qemu
|
||||
|
||||
ARCH := $(shell dpkg-architecture -qDEB_BUILD_ARCH)
|
||||
GITVERSION := $(shell git rev-parse master)
|
||||
|
||||
DEB = ${KVMPACKAGE}_${KVMVER}-${KVMPKGREL}_${ARCH}.deb
|
||||
DEB_DBG = ${KVMPACKAGE}-dbg_${KVMVER}-${KVMPKGREL}_${ARCH}.deb
|
||||
DEBS = $(DEB) $(DEB_DBG)
|
||||
|
||||
|
||||
all: $(DEBS)
|
||||
|
||||
.PHONY: submodule
|
||||
submodule:
|
||||
test -f "${SRCDIR}/debian/changelog" || git submodule update --init
|
||||
|
||||
.PHONY: deb kvm
|
||||
deb kvm: $(DEBS)
|
||||
$(DEB_DBG): $(DEB)
|
||||
$(DEB): | submodule
|
||||
rm -f *.deb
|
||||
rm -rf $(BUILDSRC)
|
||||
mkdir $(BUILDSRC)
|
||||
cp -a $(KVMSRC)/* $(BUILDSRC)/
|
||||
tar -C $(BUILDSRC) -xJf efi-roms-1182.tar.xz
|
||||
cp -a debian $(BUILDSRC)/debian
|
||||
echo "git clone git://git.proxmox.com/git/pve-qemu-kvm.git\\ngit checkout $(GITVERSION)" > $(BUILDSRC)/debian/SOURCE
|
||||
# set package version
|
||||
sed -i 's/^pkgversion="".*/pkgversion="${KVMPACKAGE}_${KVMVER}-${KVMPKGREL}"/' $(BUILDSRC)/configure
|
||||
cd $(BUILDSRC); dpkg-buildpackage -b -rfakeroot -us -uc
|
||||
lintian $(DEBS) || true
|
||||
|
||||
.PHONY: upload
|
||||
upload: $(DEBS)
|
||||
tar cf - $(DEBS) | ssh repoman@repo.proxmox.com upload --produce pve --dist jessie
|
||||
|
||||
.PHONY: distclean
|
||||
distclean: clean
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
rm -rf $(BUILDSRC) $(KVMPACKAGE)_* $(DEBS) *.buildinfo
|
||||
|
||||
.PHONY: dinstall
|
||||
dinstall: $(DEBS)
|
||||
dpkg -i $(DEBS)
|
116
backup.txt
Normal file
116
backup.txt
Normal file
@ -0,0 +1,116 @@
|
||||
Efficient VM backup for qemu
|
||||
|
||||
=Requirements=
|
||||
|
||||
* Backup to a single archive file
|
||||
* Backup needs to contain all data to restore VM (full backup)
|
||||
* Do not depend on storage type or image format
|
||||
* Avoid use of temporary storage
|
||||
* store sparse images efficiently
|
||||
|
||||
=Introduction=
|
||||
|
||||
Most VM backup solutions use some kind of snapshot to get a consistent
|
||||
VM view at a specific point in time. For example, we previously used
|
||||
LVM to create a snapshot of all used VM images, which are then copied
|
||||
into a tar file.
|
||||
|
||||
That basically means that any data written during backup involve
|
||||
considerable overhead. For LVM we get the following steps:
|
||||
|
||||
1.) read original data (VM write)
|
||||
2.) write original data into snapshot (VM write)
|
||||
3.) write new data (VM write)
|
||||
4.) read data from snapshot (backup)
|
||||
5.) write data from snapshot into tar file (backup)
|
||||
|
||||
Another approach to backup VM images is to create a new qcow2 image
|
||||
which use the old image as base. During backup, writes are redirected
|
||||
to the new image, so the old image represents a 'snapshot'. After
|
||||
backup, data need to be copied back from new image into the old
|
||||
one (commit). So a simple write during backup triggers the following
|
||||
steps:
|
||||
|
||||
1.) write new data to new image (VM write)
|
||||
2.) read data from old image (backup)
|
||||
3.) write data from old image into tar file (backup)
|
||||
|
||||
4.) read data from new image (commit)
|
||||
5.) write data to old image (commit)
|
||||
|
||||
This is in fact the same overhead as before. Other tools like qemu
|
||||
livebackup produces similar overhead (2 reads, 3 writes).
|
||||
|
||||
Some storage types/formats supports internal snapshots using some kind
|
||||
of reference counting (rados, sheepdog, dm-thin, qcow2). It would be possible
|
||||
to use that for backups, but for now we want to be storage-independent.
|
||||
|
||||
=Make it more efficient=
|
||||
|
||||
The be more efficient, we simply need to avoid unnecessary steps. The
|
||||
following steps are always required:
|
||||
|
||||
1.) read old data before it gets overwritten
|
||||
2.) write that data into the backup archive
|
||||
3.) write new data (VM write)
|
||||
|
||||
As you can see, this involves only one read, and two writes.
|
||||
|
||||
To make that work, our backup archive need to be able to store image
|
||||
data 'out of order'. It is important to notice that this will not work
|
||||
with traditional archive formats like tar.
|
||||
|
||||
During backup we simply intercept writes, then read existing data and
|
||||
store that directly into the archive. After that we can continue the
|
||||
write.
|
||||
|
||||
==Advantages==
|
||||
|
||||
* very good performance (1 read, 2 writes)
|
||||
* works on any storage type and image format.
|
||||
* avoid usage of temporary storage
|
||||
* we can define a new and simple archive format, which is able to
|
||||
store sparse files efficiently.
|
||||
|
||||
Note: Storing sparse files is a mess with existing archive
|
||||
formats. For example, tar requires information about holes at the
|
||||
beginning of the archive.
|
||||
|
||||
==Disadvantages==
|
||||
|
||||
* we need to define a new archive format
|
||||
|
||||
Note: Most existing archive formats are optimized to store small files
|
||||
including file attributes. We simply do not need that for VM archives.
|
||||
|
||||
* archive contains data 'out of order'
|
||||
|
||||
If you want to access image data in sequential order, you need to
|
||||
re-order archive data. It would be possible to to that on the fly,
|
||||
using temporary files.
|
||||
|
||||
Fortunately, a normal restore/extract works perfectly with 'out of
|
||||
order' data, because the target files are seekable.
|
||||
|
||||
* slow backup storage can slow down VM during backup
|
||||
|
||||
It is important to note that we only do sequential writes to the
|
||||
backup storage. Furthermore one can compress the backup stream. IMHO,
|
||||
it is better to slow down the VM a bit. All other solutions creates
|
||||
large amounts of temporary data during backup.
|
||||
|
||||
=Archive format requirements=
|
||||
|
||||
The basic requirement for such new format is that we can store image
|
||||
date 'out of order'. It is also very likely that we have less than 256
|
||||
drives/images per VM, and we want to be able to store VM configuration
|
||||
files.
|
||||
|
||||
We have defined a very simply format with those properties, see:
|
||||
|
||||
https://git.proxmox.com/?p=pve-qemu-kvm.git;a=blob;f=vma_spec.txt;
|
||||
|
||||
Please let us know if you know an existing format which provides the
|
||||
same functionality.
|
||||
|
||||
|
BIN
debian/Logo.bmp
vendored
Normal file
BIN
debian/Logo.bmp
vendored
Normal file
Binary file not shown.
After Width: | Height: | Size: 48 KiB |
BIN
debian/OVMF_CODE-pure-efi.fd
vendored
Normal file
BIN
debian/OVMF_CODE-pure-efi.fd
vendored
Normal file
Binary file not shown.
11
debian/OVMF_README.txt
vendored
Normal file
11
debian/OVMF_README.txt
vendored
Normal file
@ -0,0 +1,11 @@
|
||||
The OVMF images were built through the edk2 github repository.
|
||||
|
||||
git clone https://github.com/tianocore/edk2
|
||||
|
||||
set up the build environment
|
||||
|
||||
copy the Logo.bmp to ./edk2/MdeModulePkg/Logo/
|
||||
|
||||
call ./edk2/OvmfPkg/build.sh -a X64 -b RELEASE
|
||||
|
||||
The license is under ./edk2/OvmfPkg/License.txt
|
BIN
debian/OVMF_VARS-pure-efi.fd
vendored
Normal file
BIN
debian/OVMF_VARS-pure-efi.fd
vendored
Normal file
Binary file not shown.
1328
debian/changelog
vendored
Normal file
1328
debian/changelog
vendored
Normal file
File diff suppressed because it is too large
Load Diff
1
debian/compat
vendored
Normal file
1
debian/compat
vendored
Normal file
@ -0,0 +1 @@
|
||||
5
|
25
debian/control
vendored
Normal file
25
debian/control
vendored
Normal file
@ -0,0 +1,25 @@
|
||||
Source: pve-qemu-kvm
|
||||
Section: admin
|
||||
Priority: extra
|
||||
Maintainer: Proxmox Support Team <support@proxmox.com>
|
||||
Build-Depends: debhelper (>= 5), autotools-dev, libpci-dev, quilt, texinfo, texi2html, libgnutls28-dev, libsdl1.2-dev, check, libaio-dev, uuid-dev, librbd-dev (>= 0.48), libiscsi-dev (>= 1.12.0), libspice-protocol-dev (>= 0.12.5), pve-libspice-server-dev (>= 0.12.5-1), libusbredirparser-dev (>= 0.6-2), glusterfs-common (>= 3.5.2-1), libusb-1.0-0-dev (>= 1.0.17-1), xfslibs-dev, libnuma-dev, libjemalloc-dev, libjpeg-dev, libacl1-dev
|
||||
Standards-Version: 3.7.2
|
||||
|
||||
Package: pve-qemu-kvm
|
||||
Architecture: any
|
||||
Depends: iproute2, bridge-utils, python, libsdl1.2debian, libaio1, libuuid1, ceph-common (>= 0.48), libiscsi4 (>= 1.12.0) | libiscsi7, pve-libspice-server1 (>= 0.12.5-1), ${shlibs:Depends}, ${misc:Depends}, libusbredirparser1 (>= 0.6-2), glusterfs-common (>= 3.5.2-1), libusb-1.0-0 (>= 1.0.17-1), numactl, libjemalloc1, libjpeg62-turbo
|
||||
Conflicts: qemu, qemu-kvm, qemu-utils, kvm, pve-kvm, pve-qemu-kvm-2.6.18
|
||||
Provides: qemu-utils
|
||||
Replaces: pve-kvm, pve-qemu-kvm-2.6.18, qemu-utils
|
||||
Description: Full virtualization on x86 hardware
|
||||
Using KVM, one can run multiple virtual PCs, each running unmodified Linux or
|
||||
Windows images. Each virtual machine has private virtualized hardware: a
|
||||
network card, disk, graphics adapter, etc.
|
||||
|
||||
Package: pve-qemu-kvm-dbg
|
||||
Architecture: any
|
||||
Section: debug
|
||||
Depends: pve-qemu-kvm (= ${binary:Version})
|
||||
Description: pve qemu debugging symbols
|
||||
This package contains the debugging symbols for pve-qemu-kvm.
|
||||
|
92
debian/copyright
vendored
Normal file
92
debian/copyright
vendored
Normal file
@ -0,0 +1,92 @@
|
||||
This package was debianized by the proxmox support team <support@proxmox.com>
|
||||
|
||||
|
||||
It was downloaded from
|
||||
|
||||
git://git.kernel.org/pub/scm/virt/kvm/qemu-kvm.git
|
||||
|
||||
Upstream Author: Fabrice Bellard <fabrice.bellard@free.fr>
|
||||
|
||||
Upstream Maintainers: Avi Kivity <avi@redhat.com>
|
||||
Anthony Liguori <aliguori@us.ibm.com>
|
||||
|
||||
Copyright: Copyright (C) 2006 Qumranet, Inc.
|
||||
Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Fabrice Bellard
|
||||
|
||||
License:
|
||||
|
||||
QEMU as a whole is released under the GNU General Public License version 2.
|
||||
On Debian systems, the complete text of the GNU General Public License
|
||||
version 2 can be found in the file /usr/share/common-licenses/GPL-2.
|
||||
|
||||
Parts of QEMU have specific licenses which are compatible with the
|
||||
GNU General Public License. Hence each source file contains its own
|
||||
licensing information.
|
||||
|
||||
In particular, the QEMU virtual CPU core library (libqemu.a) is
|
||||
released under the GNU Lesser General Public License version 2 or later.
|
||||
On Debian systems, the complete text of the GNU Lesser General Public
|
||||
License can be found in the file /usr/share/common-licenses/LGPL.
|
||||
|
||||
Some hardware device emulation sources and other QEMU functionality are
|
||||
released under the BSD license, including:
|
||||
* aes, bsd-user, sd, slirp, sys-queue
|
||||
|
||||
Some hardware device emulation sources and other QEMU functionality are
|
||||
released under the MIT/X11 (BSD-like) license, including:
|
||||
* sdl, host-utils, vnc, keymaps, ioport, usb, hw/*, net, acl, block,
|
||||
kqemu, monitor, curses, readline, vl, savevm, osdep, audio, tcg,
|
||||
qemu-malloc, qemu-img
|
||||
|
||||
The following points clarify the QEMU license:
|
||||
1) QEMU as a whole is released under the GNU General Public License
|
||||
2) Parts of QEMU have specific licenses which are compatible with the
|
||||
GNU General Public License. Hence each source file contains its own
|
||||
licensing information.
|
||||
In particular, the QEMU virtual CPU core library (libqemu.a) is
|
||||
released under the GNU Lesser General Public License. Many hardware
|
||||
device emulation sources are released under the BSD license.
|
||||
3) The Tiny Code Generator (TCG) is released under the BSD license
|
||||
(see license headers in files).
|
||||
4) QEMU is a trademark of Fabrice Bellard.
|
||||
-- Fabrice Bellard.
|
||||
|
||||
BIOS sources in QEMU:
|
||||
bios.bin: Copyright (C) 2002 MandrakeSoft S.A. and others. This file
|
||||
is licensed under the GNU LGPL, version 2, or (at your option) any later
|
||||
version.
|
||||
Homepage: http://sourceforge.net/projects/bochs
|
||||
|
||||
vgabios.bin and vgabios-cirrus.bin: (C) 2003 the LGPL VGABios
|
||||
developers Team. These files are licensed under the GNU LGPL, version 2,
|
||||
or (at your option) any later version.
|
||||
Homepage: http://savannah.nongnu.org/projects/vgabios
|
||||
|
||||
BSD license:
|
||||
|
||||
Copyright (c) The Regents of the University of California.
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. Neither the name of the University nor the names of its contributors
|
||||
may be used to endorse or promote products derived from this software
|
||||
without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGE.
|
1
debian/docs
vendored
Normal file
1
debian/docs
vendored
Normal file
@ -0,0 +1 @@
|
||||
debian/SOURCE
|
3
debian/kvm-ifdown
vendored
Executable file
3
debian/kvm-ifdown
vendored
Executable file
@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
|
||||
exit 0
|
5
debian/kvm-ifup
vendored
Executable file
5
debian/kvm-ifup
vendored
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/sh
|
||||
|
||||
switch=$(/sbin/ip route list | awk '/^default / { print $NF }')
|
||||
/sbin/ifconfig $1 0.0.0.0 promisc up
|
||||
/sbin/brctl addif ${switch} $1
|
33
debian/patches/extra/0001-Revert-target-i386-disable-LINT0-after-reset.patch
vendored
Normal file
33
debian/patches/extra/0001-Revert-target-i386-disable-LINT0-after-reset.patch
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
From 603c472d61c354c30bc898b0e9ff1914302cbca9 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Mon, 4 Jul 2016 15:02:26 +0200
|
||||
Subject: [PATCH 1/3] Revert "target-i386: disable LINT0 after reset"
|
||||
|
||||
This reverts commit b8eb5512fd8a115f164edbbe897cdf8884920ccb.
|
||||
---
|
||||
hw/intc/apic_common.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
|
||||
index 14ac43c..1ed0511 100644
|
||||
--- a/hw/intc/apic_common.c
|
||||
+++ b/hw/intc/apic_common.c
|
||||
@@ -246,6 +246,15 @@ static void apic_reset_common(DeviceState *dev)
|
||||
info->vapic_base_update(s);
|
||||
|
||||
apic_init_reset(dev);
|
||||
+
|
||||
+ if (bsp) {
|
||||
+ /*
|
||||
+ * LINT0 delivery mode on CPU #0 is set to ExtInt at initialization
|
||||
+ * time typically by BIOS, so PIC interrupt can be delivered to the
|
||||
+ * processor when local APIC is enabled.
|
||||
+ */
|
||||
+ s->lvt[APIC_LVT_LINT0] = 0x700;
|
||||
+ }
|
||||
}
|
||||
|
||||
/* This function is only used for old state version 1 and 2 */
|
||||
--
|
||||
2.1.4
|
||||
|
100
debian/patches/extra/0001-cirrus-fix-patterncopy-checks.patch
vendored
Normal file
100
debian/patches/extra/0001-cirrus-fix-patterncopy-checks.patch
vendored
Normal file
@ -0,0 +1,100 @@
|
||||
From 391a9e6fd8c6cf615f2ffe44bb85245df52cc2b6 Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Thu, 9 Feb 2017 14:02:20 +0100
|
||||
Subject: [PATCH 1/2] cirrus: fix patterncopy checks
|
||||
|
||||
The blit_region_is_unsafe checks don't work correctly for the
|
||||
patterncopy source. It's a fixed-sized region, which doesn't
|
||||
depend on cirrus_blt_{width,height}. So go do the check in
|
||||
cirrus_bitblt_common_patterncopy instead, then tell blit_is_unsafe that
|
||||
it doesn't need to verify the source. Also handle the case where we
|
||||
blit from cirrus_bitbuf correctly.
|
||||
|
||||
This patch replaces 5858dd1801883309bdd208d72ddb81c4e9fee30c.
|
||||
|
||||
Security impact: I think for the most part error on the safe side this
|
||||
time, refusing blits which should have been allowed.
|
||||
|
||||
Only exception is placing the blit source at the end of the video ram,
|
||||
so cirrus_blt_srcaddr + 256 goes beyond the end of video memory. But
|
||||
even in that case I'm not fully sure this actually allows read access to
|
||||
host memory. To trick the commit 5858dd18 security checks one has to
|
||||
pick very small cirrus_blt_{width,height} values, which in turn implies
|
||||
only a fraction of the blit source will actually be used.
|
||||
|
||||
Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
hw/display/cirrus_vga.c | 36 ++++++++++++++++++++++++++++++------
|
||||
1 file changed, 30 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
||||
index 16f27e8..6bd13fc 100644
|
||||
--- a/hw/display/cirrus_vga.c
|
||||
+++ b/hw/display/cirrus_vga.c
|
||||
@@ -683,14 +683,39 @@ static void cirrus_invalidate_region(CirrusVGAState * s, int off_begin,
|
||||
}
|
||||
}
|
||||
|
||||
-static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
|
||||
- const uint8_t * src)
|
||||
+static int cirrus_bitblt_common_patterncopy(CirrusVGAState *s, bool videosrc)
|
||||
{
|
||||
+ uint32_t patternsize;
|
||||
uint8_t *dst;
|
||||
+ uint8_t *src;
|
||||
|
||||
dst = s->vga.vram_ptr + s->cirrus_blt_dstaddr;
|
||||
|
||||
- if (blit_is_unsafe(s, false, true)) {
|
||||
+ if (videosrc) {
|
||||
+ switch (s->vga.get_bpp(&s->vga)) {
|
||||
+ case 8:
|
||||
+ patternsize = 64;
|
||||
+ break;
|
||||
+ case 15:
|
||||
+ case 16:
|
||||
+ patternsize = 128;
|
||||
+ break;
|
||||
+ case 24:
|
||||
+ case 32:
|
||||
+ default:
|
||||
+ patternsize = 256;
|
||||
+ break;
|
||||
+ }
|
||||
+ s->cirrus_blt_srcaddr &= ~(patternsize - 1);
|
||||
+ if (s->cirrus_blt_srcaddr + patternsize > s->vga.vram_size) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+ src = s->vga.vram_ptr + s->cirrus_blt_srcaddr;
|
||||
+ } else {
|
||||
+ src = s->cirrus_bltbuf;
|
||||
+ }
|
||||
+
|
||||
+ if (blit_is_unsafe(s, true, true)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -731,8 +756,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
|
||||
|
||||
static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s)
|
||||
{
|
||||
- return cirrus_bitblt_common_patterncopy(s, s->vga.vram_ptr +
|
||||
- (s->cirrus_blt_srcaddr & ~7));
|
||||
+ return cirrus_bitblt_common_patterncopy(s, true);
|
||||
}
|
||||
|
||||
static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
|
||||
@@ -831,7 +855,7 @@ static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s)
|
||||
|
||||
if (s->cirrus_srccounter > 0) {
|
||||
if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
|
||||
- cirrus_bitblt_common_patterncopy(s, s->cirrus_bltbuf);
|
||||
+ cirrus_bitblt_common_patterncopy(s, false);
|
||||
the_end:
|
||||
s->cirrus_srccounter = 0;
|
||||
cirrus_bitblt_reset(s);
|
||||
--
|
||||
2.1.4
|
||||
|
51
debian/patches/extra/0001-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch
vendored
Normal file
51
debian/patches/extra/0001-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch
vendored
Normal file
@ -0,0 +1,51 @@
|
||||
From b3ce5aeaacdd0cec5bab1d83ee24bae73b0dd506 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 25 Jan 2017 14:48:57 +0100
|
||||
Subject: [PATCH 1/4] cirrus: handle negative pitch in
|
||||
cirrus_invalidate_region()
|
||||
|
||||
cirrus_invalidate_region() calls memory_region_set_dirty()
|
||||
on a per-line basis, always ranging from off_begin to
|
||||
off_begin+bytesperline. With a negative pitch off_begin
|
||||
marks the top most used address and thus we need to do an
|
||||
initial shift backwards by a line for negative pitches of
|
||||
backward blits, otherwise the first iteration covers the
|
||||
line going from the start offset forwards instead of
|
||||
backwards.
|
||||
Additionally since the start address is inclusive, if we
|
||||
shift by a full `bytesperline` we move to the first address
|
||||
*not* included in the blit, so we only shift by one less
|
||||
than bytesperline.
|
||||
|
||||
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Message-id: 1485352137-29367-1-git-send-email-w.bumiller@proxmox.com
|
||||
|
||||
[ kraxel: codestyle fixes ]
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
hw/display/cirrus_vga.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
||||
index 379910d..0f05e45 100644
|
||||
--- a/hw/display/cirrus_vga.c
|
||||
+++ b/hw/display/cirrus_vga.c
|
||||
@@ -661,9 +661,14 @@ static void cirrus_invalidate_region(CirrusVGAState * s, int off_begin,
|
||||
int off_cur;
|
||||
int off_cur_end;
|
||||
|
||||
+ if (off_pitch < 0) {
|
||||
+ off_begin -= bytesperline - 1;
|
||||
+ }
|
||||
+
|
||||
for (y = 0; y < lines; y++) {
|
||||
off_cur = off_begin;
|
||||
off_cur_end = (off_cur + bytesperline) & s->cirrus_addr_mask;
|
||||
+ assert(off_cur_end >= off_cur);
|
||||
memory_region_set_dirty(&s->vga.vram, off_cur, off_cur_end - off_cur);
|
||||
off_begin += off_pitch;
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
72
debian/patches/extra/0001-display-cirrus-ignore-source-pitch-value-as-needed-i.patch
vendored
Normal file
72
debian/patches/extra/0001-display-cirrus-ignore-source-pitch-value-as-needed-i.patch
vendored
Normal file
@ -0,0 +1,72 @@
|
||||
From f5dc8e6b503fda1ed87c0f4f53c6d2c76a584872 Mon Sep 17 00:00:00 2001
|
||||
From: Bruce Rogers <brogers@suse.com>
|
||||
Date: Mon, 9 Jan 2017 13:35:20 -0700
|
||||
Subject: [PATCH 1/5] display: cirrus: ignore source pitch value as needed in
|
||||
blit_is_unsafe
|
||||
|
||||
Commit 4299b90 added a check which is too broad, given that the source
|
||||
pitch value is not required to be initialized for solid fill operations.
|
||||
This patch refines the blit_is_unsafe() check to ignore source pitch in
|
||||
that case. After applying the above commit as a security patch, we
|
||||
noticed the SLES 11 SP4 guest gui failed to initialize properly.
|
||||
|
||||
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||
Message-id: 20170109203520.5619-1-brogers@suse.com
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
hw/display/cirrus_vga.c | 11 +++++++----
|
||||
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
||||
index bdb092e..379910d 100644
|
||||
--- a/hw/display/cirrus_vga.c
|
||||
+++ b/hw/display/cirrus_vga.c
|
||||
@@ -294,7 +294,7 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
|
||||
return false;
|
||||
}
|
||||
|
||||
-static bool blit_is_unsafe(struct CirrusVGAState *s)
|
||||
+static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
|
||||
{
|
||||
/* should be the case, see cirrus_bitblt_start */
|
||||
assert(s->cirrus_blt_width > 0);
|
||||
@@ -308,6 +308,9 @@ static bool blit_is_unsafe(struct CirrusVGAState *s)
|
||||
s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) {
|
||||
return true;
|
||||
}
|
||||
+ if (dst_only) {
|
||||
+ return false;
|
||||
+ }
|
||||
if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
|
||||
s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
|
||||
return true;
|
||||
@@ -673,7 +676,7 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
|
||||
|
||||
dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
|
||||
|
||||
- if (blit_is_unsafe(s))
|
||||
+ if (blit_is_unsafe(s, false))
|
||||
return 0;
|
||||
|
||||
(*s->cirrus_rop) (s, dst, src,
|
||||
@@ -691,7 +694,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
|
||||
{
|
||||
cirrus_fill_t rop_func;
|
||||
|
||||
- if (blit_is_unsafe(s)) {
|
||||
+ if (blit_is_unsafe(s, true)) {
|
||||
return 0;
|
||||
}
|
||||
rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
|
||||
@@ -795,7 +798,7 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
|
||||
|
||||
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
|
||||
{
|
||||
- if (blit_is_unsafe(s))
|
||||
+ if (blit_is_unsafe(s, false))
|
||||
return 0;
|
||||
|
||||
return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
|
||||
--
|
||||
2.1.4
|
||||
|
101
debian/patches/extra/0002-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch
vendored
Normal file
101
debian/patches/extra/0002-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch
vendored
Normal file
@ -0,0 +1,101 @@
|
||||
From cba280fe94eaed53952e2997cac1ee2bed6cfdee Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Fri, 10 Feb 2017 08:34:03 +0100
|
||||
Subject: [PATCH 2/2] Revert "cirrus: allow zero source pitch in pattern fill
|
||||
rops"
|
||||
|
||||
This reverts commit cf9c099a7694eb47ded529e1ed40ee8789f32d31.
|
||||
|
||||
Conflicts:
|
||||
hw/display/cirrus_vga.c
|
||||
---
|
||||
hw/display/cirrus_vga.c | 29 +++++++++--------------------
|
||||
1 file changed, 9 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
||||
index 6bd13fc..92e7951 100644
|
||||
--- a/hw/display/cirrus_vga.c
|
||||
+++ b/hw/display/cirrus_vga.c
|
||||
@@ -272,6 +272,9 @@ static void cirrus_update_memory_access(CirrusVGAState *s);
|
||||
static bool blit_region_is_unsafe(struct CirrusVGAState *s,
|
||||
int32_t pitch, int32_t addr)
|
||||
{
|
||||
+ if (!pitch) {
|
||||
+ return true;
|
||||
+ }
|
||||
if (pitch < 0) {
|
||||
int64_t min = addr
|
||||
+ ((int64_t)s->cirrus_blt_height - 1) * pitch
|
||||
@@ -290,11 +293,8 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
|
||||
return false;
|
||||
}
|
||||
|
||||
-static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only,
|
||||
- bool zero_src_pitch_ok)
|
||||
+static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
|
||||
{
|
||||
- int32_t check_pitch;
|
||||
-
|
||||
/* should be the case, see cirrus_bitblt_start */
|
||||
assert(s->cirrus_blt_width > 0);
|
||||
assert(s->cirrus_blt_height > 0);
|
||||
@@ -303,10 +303,6 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only,
|
||||
return true;
|
||||
}
|
||||
|
||||
- if (!s->cirrus_blt_dstpitch) {
|
||||
- return true;
|
||||
- }
|
||||
-
|
||||
if (blit_region_is_unsafe(s, s->cirrus_blt_dstpitch,
|
||||
s->cirrus_blt_dstaddr)) {
|
||||
return true;
|
||||
@@ -314,14 +310,8 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only,
|
||||
if (dst_only) {
|
||||
return false;
|
||||
}
|
||||
-
|
||||
- check_pitch = s->cirrus_blt_srcpitch;
|
||||
- if (!zero_src_pitch_ok && !check_pitch) {
|
||||
- check_pitch = s->cirrus_blt_width;
|
||||
- }
|
||||
-
|
||||
- if (blit_region_is_unsafe(s, check_pitch,
|
||||
- s->cirrus_blt_srcaddr)) {
|
||||
+ if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
|
||||
+ s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -715,9 +705,8 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState *s, bool videosrc)
|
||||
src = s->cirrus_bltbuf;
|
||||
}
|
||||
|
||||
- if (blit_is_unsafe(s, true, true)) {
|
||||
+ if (blit_is_unsafe(s, true))
|
||||
return 0;
|
||||
- }
|
||||
|
||||
(*s->cirrus_rop) (s, dst, src,
|
||||
s->cirrus_blt_dstpitch, 0,
|
||||
@@ -734,7 +723,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
|
||||
{
|
||||
cirrus_fill_t rop_func;
|
||||
|
||||
- if (blit_is_unsafe(s, true, true)) {
|
||||
+ if (blit_is_unsafe(s, true)) {
|
||||
return 0;
|
||||
}
|
||||
rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
|
||||
@@ -834,7 +823,7 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
|
||||
|
||||
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
|
||||
{
|
||||
- if (blit_is_unsafe(s, false, false))
|
||||
+ if (blit_is_unsafe(s, false))
|
||||
return 0;
|
||||
|
||||
return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
|
||||
--
|
||||
2.1.4
|
||||
|
102
debian/patches/extra/0002-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch
vendored
Normal file
102
debian/patches/extra/0002-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch
vendored
Normal file
@ -0,0 +1,102 @@
|
||||
From cf9c099a7694eb47ded529e1ed40ee8789f32d31 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Tue, 24 Jan 2017 16:35:38 +0100
|
||||
Subject: [PATCH 2/4] cirrus: allow zero source pitch in pattern fill rops
|
||||
|
||||
The rops used by cirrus_bitblt_common_patterncopy only use
|
||||
the destination pitch, so the source pitch shoul allowed to
|
||||
be zero and the blit with used for the range check around the
|
||||
source address.
|
||||
|
||||
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Message-id: 1485272138-23249-1-git-send-email-w.bumiller@proxmox.com
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
hw/display/cirrus_vga.c | 27 +++++++++++++++++++--------
|
||||
1 file changed, 19 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
||||
index 0f05e45..98f089e 100644
|
||||
--- a/hw/display/cirrus_vga.c
|
||||
+++ b/hw/display/cirrus_vga.c
|
||||
@@ -272,9 +272,6 @@ static void cirrus_update_memory_access(CirrusVGAState *s);
|
||||
static bool blit_region_is_unsafe(struct CirrusVGAState *s,
|
||||
int32_t pitch, int32_t addr)
|
||||
{
|
||||
- if (!pitch) {
|
||||
- return true;
|
||||
- }
|
||||
if (pitch < 0) {
|
||||
int64_t min = addr
|
||||
+ ((int64_t)s->cirrus_blt_height-1) * pitch;
|
||||
@@ -294,8 +291,11 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
|
||||
return false;
|
||||
}
|
||||
|
||||
-static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
|
||||
+static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only,
|
||||
+ bool zero_src_pitch_ok)
|
||||
{
|
||||
+ int32_t check_pitch;
|
||||
+
|
||||
/* should be the case, see cirrus_bitblt_start */
|
||||
assert(s->cirrus_blt_width > 0);
|
||||
assert(s->cirrus_blt_height > 0);
|
||||
@@ -304,6 +304,10 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
|
||||
return true;
|
||||
}
|
||||
|
||||
+ if (!s->cirrus_blt_dstpitch) {
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
if (blit_region_is_unsafe(s, s->cirrus_blt_dstpitch,
|
||||
s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) {
|
||||
return true;
|
||||
@@ -311,7 +315,13 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
|
||||
if (dst_only) {
|
||||
return false;
|
||||
}
|
||||
- if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
|
||||
+
|
||||
+ check_pitch = s->cirrus_blt_srcpitch;
|
||||
+ if (!zero_src_pitch_ok && !check_pitch) {
|
||||
+ check_pitch = s->cirrus_blt_width;
|
||||
+ }
|
||||
+
|
||||
+ if (blit_region_is_unsafe(s, check_pitch,
|
||||
s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
|
||||
return true;
|
||||
}
|
||||
@@ -681,8 +691,9 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
|
||||
|
||||
dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
|
||||
|
||||
- if (blit_is_unsafe(s, false))
|
||||
+ if (blit_is_unsafe(s, false, true)) {
|
||||
return 0;
|
||||
+ }
|
||||
|
||||
(*s->cirrus_rop) (s, dst, src,
|
||||
s->cirrus_blt_dstpitch, 0,
|
||||
@@ -699,7 +710,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
|
||||
{
|
||||
cirrus_fill_t rop_func;
|
||||
|
||||
- if (blit_is_unsafe(s, true)) {
|
||||
+ if (blit_is_unsafe(s, true, true)) {
|
||||
return 0;
|
||||
}
|
||||
rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
|
||||
@@ -803,7 +814,7 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
|
||||
|
||||
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
|
||||
{
|
||||
- if (blit_is_unsafe(s, false))
|
||||
+ if (blit_is_unsafe(s, false, false))
|
||||
return 0;
|
||||
|
||||
return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
|
||||
--
|
||||
2.1.4
|
||||
|
31
debian/patches/extra/0002-net-vmxnet-initialise-local-tx-descriptor.patch
vendored
Normal file
31
debian/patches/extra/0002-net-vmxnet-initialise-local-tx-descriptor.patch
vendored
Normal file
@ -0,0 +1,31 @@
|
||||
From 1313d27fc347633d0cf6fc2ff8cbe17a740dd658 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Thu, 11 Aug 2016 00:42:20 +0530
|
||||
Subject: [PATCH 2/3] net: vmxnet: initialise local tx descriptor
|
||||
|
||||
In Vmxnet3 device emulator while processing transmit(tx) queue,
|
||||
when it reaches end of packet, it calls vmxnet3_complete_packet.
|
||||
In that local 'txcq_descr' object is not initialised, which could
|
||||
leak host memory bytes a guest.
|
||||
|
||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
---
|
||||
hw/net/vmxnet3.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
|
||||
index 90f6943..92f6af9 100644
|
||||
--- a/hw/net/vmxnet3.c
|
||||
+++ b/hw/net/vmxnet3.c
|
||||
@@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, int qidx, uint32_t tx_ridx)
|
||||
|
||||
VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, &s->txq_descr[qidx].comp_ring);
|
||||
|
||||
+ memset(&txcq_descr, 0, sizeof(txcq_descr));
|
||||
txcq_descr.txdIdx = tx_ridx;
|
||||
txcq_descr.gen = vmxnet3_ring_curr_gen(&s->txq_descr[qidx].comp_ring);
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
104
debian/patches/extra/0003-cirrus-fix-blit-address-mask-handling.patch
vendored
Normal file
104
debian/patches/extra/0003-cirrus-fix-blit-address-mask-handling.patch
vendored
Normal file
@ -0,0 +1,104 @@
|
||||
From a173829e6ebd8b2d7f29028f106173ba067c8b8c Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Wed, 25 Jan 2017 11:09:56 +0100
|
||||
Subject: [PATCH 3/4] cirrus: fix blit address mask handling
|
||||
|
||||
Apply the cirrus_addr_mask to cirrus_blt_dstaddr and cirrus_blt_srcaddr
|
||||
right after assigning them, in cirrus_bitblt_start(), instead of having
|
||||
this all over the place in the cirrus code, and missing a few places.
|
||||
|
||||
Reported-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Message-id: 1485338996-17095-1-git-send-email-kraxel@redhat.com
|
||||
---
|
||||
hw/display/cirrus_vga.c | 25 ++++++++++++-------------
|
||||
1 file changed, 12 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
||||
index 98f089e..7db6409 100644
|
||||
--- a/hw/display/cirrus_vga.c
|
||||
+++ b/hw/display/cirrus_vga.c
|
||||
@@ -309,7 +309,7 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only,
|
||||
}
|
||||
|
||||
if (blit_region_is_unsafe(s, s->cirrus_blt_dstpitch,
|
||||
- s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) {
|
||||
+ s->cirrus_blt_dstaddr)) {
|
||||
return true;
|
||||
}
|
||||
if (dst_only) {
|
||||
@@ -322,7 +322,7 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only,
|
||||
}
|
||||
|
||||
if (blit_region_is_unsafe(s, check_pitch,
|
||||
- s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
|
||||
+ s->cirrus_blt_srcaddr)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -689,7 +689,7 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
|
||||
{
|
||||
uint8_t *dst;
|
||||
|
||||
- dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
|
||||
+ dst = s->vga.vram_ptr + s->cirrus_blt_dstaddr;
|
||||
|
||||
if (blit_is_unsafe(s, false, true)) {
|
||||
return 0;
|
||||
@@ -714,7 +714,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
|
||||
return 0;
|
||||
}
|
||||
rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
|
||||
- rop_func(s, s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
|
||||
+ rop_func(s, s->vga.vram_ptr + s->cirrus_blt_dstaddr,
|
||||
s->cirrus_blt_dstpitch,
|
||||
s->cirrus_blt_width, s->cirrus_blt_height);
|
||||
cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
|
||||
@@ -732,9 +732,8 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
|
||||
|
||||
static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s)
|
||||
{
|
||||
- return cirrus_bitblt_common_patterncopy(s,
|
||||
- s->vga.vram_ptr + ((s->cirrus_blt_srcaddr & ~7) &
|
||||
- s->cirrus_addr_mask));
|
||||
+ return cirrus_bitblt_common_patterncopy(s, s->vga.vram_ptr +
|
||||
+ (s->cirrus_blt_srcaddr & ~7));
|
||||
}
|
||||
|
||||
static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
|
||||
@@ -788,10 +787,8 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
|
||||
if (notify)
|
||||
graphic_hw_update(s->vga.con);
|
||||
|
||||
- (*s->cirrus_rop) (s, s->vga.vram_ptr +
|
||||
- (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
|
||||
- s->vga.vram_ptr +
|
||||
- (s->cirrus_blt_srcaddr & s->cirrus_addr_mask),
|
||||
+ (*s->cirrus_rop) (s, s->vga.vram_ptr + s->cirrus_blt_dstaddr,
|
||||
+ s->vga.vram_ptr + s->cirrus_blt_srcaddr,
|
||||
s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch,
|
||||
s->cirrus_blt_width, s->cirrus_blt_height);
|
||||
|
||||
@@ -842,8 +839,7 @@ static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s)
|
||||
} else {
|
||||
/* at least one scan line */
|
||||
do {
|
||||
- (*s->cirrus_rop)(s, s->vga.vram_ptr +
|
||||
- (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
|
||||
+ (*s->cirrus_rop)(s, s->vga.vram_ptr + s->cirrus_blt_dstaddr,
|
||||
s->cirrus_bltbuf, 0, 0, s->cirrus_blt_width, 1);
|
||||
cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, 0,
|
||||
s->cirrus_blt_width, 1);
|
||||
@@ -962,6 +958,9 @@ static void cirrus_bitblt_start(CirrusVGAState * s)
|
||||
s->cirrus_blt_modeext = s->vga.gr[0x33];
|
||||
blt_rop = s->vga.gr[0x32];
|
||||
|
||||
+ s->cirrus_blt_dstaddr &= s->cirrus_addr_mask;
|
||||
+ s->cirrus_blt_srcaddr &= s->cirrus_addr_mask;
|
||||
+
|
||||
#ifdef DEBUG_BITBLT
|
||||
printf("rop=0x%02x mode=0x%02x modeext=0x%02x w=%d h=%d dpitch=%d spitch=%d daddr=0x%08x saddr=0x%08x writemask=0x%02x\n",
|
||||
blt_rop,
|
||||
--
|
||||
2.1.4
|
||||
|
37
debian/patches/extra/0003-net-limit-allocation-in-nc_sendv_compat.patch
vendored
Normal file
37
debian/patches/extra/0003-net-limit-allocation-in-nc_sendv_compat.patch
vendored
Normal file
@ -0,0 +1,37 @@
|
||||
From 2705772316ff905f3ed08871c602fca1c636f332 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Lieven <pl@kamp.de>
|
||||
Date: Thu, 30 Jun 2016 11:49:40 +0200
|
||||
Subject: [PATCH 3/3] net: limit allocation in nc_sendv_compat
|
||||
|
||||
we only need to allocate enough memory to hold the packet. This might be
|
||||
less than NET_BUFSIZE. Additionally fail early if the packet is larger
|
||||
than NET_BUFSIZE.
|
||||
|
||||
Signed-off-by: Peter Lieven <pl@kamp.de>
|
||||
---
|
||||
net/net.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/net/net.c b/net/net.c
|
||||
index c94d93d..2ac46a6 100644
|
||||
--- a/net/net.c
|
||||
+++ b/net/net.c
|
||||
@@ -690,9 +690,13 @@ static ssize_t nc_sendv_compat(NetClientState *nc, const struct iovec *iov,
|
||||
buffer = iov[0].iov_base;
|
||||
offset = iov[0].iov_len;
|
||||
} else {
|
||||
- buf = g_new(uint8_t, NET_BUFSIZE);
|
||||
+ offset = iov_size(iov, iovcnt);
|
||||
+ if (offset > NET_BUFSIZE) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+ buf = g_malloc(offset);
|
||||
buffer = buf;
|
||||
- offset = iov_to_buf(iov, iovcnt, 0, buf, NET_BUFSIZE);
|
||||
+ offset = iov_to_buf(iov, iovcnt, 0, buf, offset);
|
||||
}
|
||||
|
||||
if (flags & QEMU_NET_PACKET_FLAG_RAW && nc->info->receive_raw) {
|
||||
--
|
||||
2.1.4
|
||||
|
61
debian/patches/extra/0003-sd-sdhci-check-transfer-mode-register-in-multi-block.patch
vendored
Normal file
61
debian/patches/extra/0003-sd-sdhci-check-transfer-mode-register-in-multi-block.patch
vendored
Normal file
@ -0,0 +1,61 @@
|
||||
From da4c6050712be98934918e348aa34a74be0e4e57 Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Tue, 31 Jan 2017 17:54:15 +0530
|
||||
Subject: [PATCH 3/8] sd: sdhci: check transfer mode register in multi block
|
||||
transfer
|
||||
|
||||
In SDHCI device emulation the transfer mode register value
|
||||
is used during multi block transfer to check if block count
|
||||
register is enabled and should be updated. Transfer mode
|
||||
register could be set such that, block count register would
|
||||
not be updated, thus leading to an infinite loop. Add check
|
||||
to avoid it.
|
||||
|
||||
Reported-by: Wjjzhang <wjjzhang@tencent.com>
|
||||
Reported-by: Jiang Xin <jiangxin1@huawei.com>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
---
|
||||
hw/sd/sdhci.c | 13 +++++++------
|
||||
1 file changed, 7 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
|
||||
index 01fbf22..35f953a 100644
|
||||
--- a/hw/sd/sdhci.c
|
||||
+++ b/hw/sd/sdhci.c
|
||||
@@ -486,6 +486,12 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
|
||||
uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
|
||||
uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk);
|
||||
|
||||
+ if (!(s->trnmod & SDHC_TRNS_MULTI)
|
||||
+ || !(s->trnmod & SDHC_TRNS_BLK_CNT_EN)
|
||||
+ || !s->blkcnt) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
/* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
|
||||
* possible stop at page boundary if initial address is not page aligned,
|
||||
* allow them to work properly */
|
||||
@@ -797,11 +803,6 @@ static void sdhci_data_transfer(void *opaque)
|
||||
if (s->trnmod & SDHC_TRNS_DMA) {
|
||||
switch (SDHC_DMA_TYPE(s->hostctl)) {
|
||||
case SDHC_CTRL_SDMA:
|
||||
- if ((s->trnmod & SDHC_TRNS_MULTI) &&
|
||||
- (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) {
|
||||
- break;
|
||||
- }
|
||||
-
|
||||
if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
|
||||
sdhci_sdma_transfer_single_block(s);
|
||||
} else {
|
||||
@@ -1050,7 +1051,7 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size)
|
||||
if (!(s->capareg & SDHC_CAN_DO_DMA)) {
|
||||
value &= ~SDHC_TRNS_DMA;
|
||||
}
|
||||
- MASKED_WRITE(s->trnmod, mask, value);
|
||||
+ MASKED_WRITE(s->trnmod, mask, value & 0x0037);
|
||||
MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16);
|
||||
|
||||
/* Writing to the upper byte of CMDREG triggers SD command generation */
|
||||
--
|
||||
2.1.4
|
||||
|
50
debian/patches/extra/0004-cirrus-fix-oob-access-issue-CVE-2017-2615.patch
vendored
Normal file
50
debian/patches/extra/0004-cirrus-fix-oob-access-issue-CVE-2017-2615.patch
vendored
Normal file
@ -0,0 +1,50 @@
|
||||
From e3ff618899e53791fdff5dbd3f8fa889a2ed7b1d Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Wed, 1 Feb 2017 09:35:01 +0100
|
||||
Subject: [PATCH 4/4] cirrus: fix oob access issue (CVE-2017-2615)
|
||||
|
||||
When doing bitblt copy in backward mode, we should minus the
|
||||
blt width first just like the adding in the forward mode. This
|
||||
can avoid the oob access of the front of vga's vram.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
|
||||
Message-id: 5887254f.863a240a.2c122.5500@mx.google.com
|
||||
|
||||
{ kraxel: with backward blits (negative pitch) addr is the topmost
|
||||
address, so check it as-is against vram size ]
|
||||
|
||||
Cc: qemu-stable@nongnu.org
|
||||
Cc: P J P <ppandit@redhat.com>
|
||||
Cc: Laszlo Ersek <lersek@redhat.com>
|
||||
Cc: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
hw/display/cirrus_vga.c | 7 +++----
|
||||
1 file changed, 3 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
||||
index 7db6409..16f27e8 100644
|
||||
--- a/hw/display/cirrus_vga.c
|
||||
+++ b/hw/display/cirrus_vga.c
|
||||
@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
|
||||
{
|
||||
if (pitch < 0) {
|
||||
int64_t min = addr
|
||||
- + ((int64_t)s->cirrus_blt_height-1) * pitch;
|
||||
- int32_t max = addr
|
||||
- + s->cirrus_blt_width;
|
||||
- if (min < 0 || max > s->vga.vram_size) {
|
||||
+ + ((int64_t)s->cirrus_blt_height - 1) * pitch
|
||||
+ - s->cirrus_blt_width;
|
||||
+ if (min < -1 || addr >= s->vga.vram_size) {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
--
|
||||
2.1.4
|
||||
|
42
debian/patches/extra/0004-sd-sdhci-block-count-enable-not-relevant-in-single-b.patch
vendored
Normal file
42
debian/patches/extra/0004-sd-sdhci-block-count-enable-not-relevant-in-single-b.patch
vendored
Normal file
@ -0,0 +1,42 @@
|
||||
From b9bc05a3a687f9993c5c2a8890b53ab9e8dbc96c Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Tue, 31 Jan 2017 17:54:16 +0530
|
||||
Subject: [PATCH 4/8] sd: sdhci: block count enable not relevant in single
|
||||
block transfer
|
||||
|
||||
In SDHCI device emulation the 'Block count enable' bit
|
||||
of the Transfer Mode register is only relevant in multi block
|
||||
transfers. We need not check it in single block transfers.
|
||||
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
---
|
||||
hw/sd/sdhci.c | 6 +-----
|
||||
1 file changed, 1 insertion(+), 5 deletions(-)
|
||||
|
||||
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
|
||||
index 35f953a..85cac42 100644
|
||||
--- a/hw/sd/sdhci.c
|
||||
+++ b/hw/sd/sdhci.c
|
||||
@@ -570,7 +570,6 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
|
||||
}
|
||||
|
||||
/* single block SDMA transfer */
|
||||
-
|
||||
static void sdhci_sdma_transfer_single_block(SDHCIState *s)
|
||||
{
|
||||
int n;
|
||||
@@ -589,10 +588,7 @@ static void sdhci_sdma_transfer_single_block(SDHCIState *s)
|
||||
sdbus_write_data(&s->sdbus, s->fifo_buffer[n]);
|
||||
}
|
||||
}
|
||||
-
|
||||
- if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
|
||||
- s->blkcnt--;
|
||||
- }
|
||||
+ s->blkcnt--;
|
||||
|
||||
sdhci_end_transfer(s);
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
44
debian/patches/extra/CVE-2016-10028-display-virtio-gpu-3d-check-virgl-capabilities-max_s.patch
vendored
Normal file
44
debian/patches/extra/CVE-2016-10028-display-virtio-gpu-3d-check-virgl-capabilities-max_s.patch
vendored
Normal file
@ -0,0 +1,44 @@
|
||||
From b891912de9c0ef615955fccc043915eb36ce3c02 Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Wed, 14 Dec 2016 12:31:56 +0530
|
||||
Subject: [PATCH 2/8] display: virtio-gpu-3d: check virgl capabilities max_size
|
||||
|
||||
Virtio GPU device while processing 'VIRTIO_GPU_CMD_GET_CAPSET'
|
||||
command, retrieves the maximum capabilities size to fill in the
|
||||
response object. It continues to fill in capabilities even if
|
||||
retrieved 'max_size' is zero(0), thus resulting in OOB access.
|
||||
Add check to avoid it.
|
||||
|
||||
Reported-by: Zhenhao Hong <zhenhaohong@gmail.com>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Message-id: 20161214070156.23368-1-ppandit@redhat.com
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
|
||||
Notes:
|
||||
CVE-2016-10028
|
||||
|
||||
hw/display/virtio-gpu-3d.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
|
||||
index d98b140..cdd03a4 100644
|
||||
--- a/hw/display/virtio-gpu-3d.c
|
||||
+++ b/hw/display/virtio-gpu-3d.c
|
||||
@@ -371,8 +371,12 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
|
||||
|
||||
virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
|
||||
&max_size);
|
||||
- resp = g_malloc0(sizeof(*resp) + max_size);
|
||||
+ if (!max_size) {
|
||||
+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
+ resp = g_malloc0(sizeof(*resp) + max_size);
|
||||
resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
|
||||
virgl_renderer_fill_caps(gc.capset_id,
|
||||
gc.capset_version,
|
||||
--
|
||||
2.1.4
|
||||
|
50
debian/patches/extra/CVE-2016-10155-watchdog-6300esb-add-exit-function.patch
vendored
Normal file
50
debian/patches/extra/CVE-2016-10155-watchdog-6300esb-add-exit-function.patch
vendored
Normal file
@ -0,0 +1,50 @@
|
||||
From a8341ea109259c17ad18b02597e5e03e99db60ae Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Mon, 28 Nov 2016 17:49:04 -0800
|
||||
Subject: [PATCH 1/8] watchdog: 6300esb: add exit function
|
||||
|
||||
When the Intel 6300ESB watchdog is hot unplug. The timer allocated
|
||||
in realize isn't freed thus leaking memory leak. This patch avoid
|
||||
this through adding the exit function.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
|
||||
Notes:
|
||||
CVE-2016-10155
|
||||
|
||||
hw/watchdog/wdt_i6300esb.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
|
||||
index a83d951..49b3cd1 100644
|
||||
--- a/hw/watchdog/wdt_i6300esb.c
|
||||
+++ b/hw/watchdog/wdt_i6300esb.c
|
||||
@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
|
||||
/* qemu_register_coalesced_mmio (addr, 0x10); ? */
|
||||
}
|
||||
|
||||
+static void i6300esb_exit(PCIDevice *dev)
|
||||
+{
|
||||
+ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
|
||||
+
|
||||
+ timer_del(d->timer);
|
||||
+ timer_free(d->timer);
|
||||
+}
|
||||
+
|
||||
static WatchdogTimerModel model = {
|
||||
.wdt_name = "i6300esb",
|
||||
.wdt_description = "Intel 6300ESB",
|
||||
@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
|
||||
k->config_read = i6300esb_config_read;
|
||||
k->config_write = i6300esb_config_write;
|
||||
k->realize = i6300esb_realize;
|
||||
+ k->exit = i6300esb_exit;
|
||||
k->vendor_id = PCI_VENDOR_ID_INTEL;
|
||||
k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
|
||||
k->class_id = PCI_CLASS_SYSTEM_OTHER;
|
||||
--
|
||||
2.1.4
|
||||
|
63
debian/patches/extra/CVE-2016-7156-scsi-pvscsi-avoid-infinite-loop-while-building-SG-li.patch
vendored
Normal file
63
debian/patches/extra/CVE-2016-7156-scsi-pvscsi-avoid-infinite-loop-while-building-SG-li.patch
vendored
Normal file
@ -0,0 +1,63 @@
|
||||
From a8ceb006190b9072b0b9866ec5a07bd6de4eca6d Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Tue, 6 Sep 2016 23:23:17 +0530
|
||||
Subject: [PATCH 5/6] scsi: pvscsi: avoid infinite loop while building SG list
|
||||
|
||||
In PVSCSI paravirtual SCSI bus, pvscsi_convert_sglist can take a very
|
||||
long time or go into an infinite loop due to two different bugs:
|
||||
|
||||
1) the request descriptor data length is defined to be 64 bit. While
|
||||
building SG list from a request descriptor, it gets truncated to 32bit
|
||||
in routine 'pvscsi_convert_sglist'. This could lead to an infinite loop
|
||||
situation for large 'dataLen' values, when data_length is cast to uint32_t
|
||||
and chunk_size becomes always zero. Fix this by removing the incorrect
|
||||
cast.
|
||||
|
||||
2) pvscsi_get_next_sg_elem can be called arbitrarily many times if the
|
||||
element has a zero length. Get out of the loop early when this happens,
|
||||
by introducing an upper limit on the number of SG list elements.
|
||||
|
||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
---
|
||||
hw/scsi/vmw_pvscsi.c | 11 ++++++-----
|
||||
1 file changed, 6 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
|
||||
index 22f872c..e43e0a4 100644
|
||||
--- a/hw/scsi/vmw_pvscsi.c
|
||||
+++ b/hw/scsi/vmw_pvscsi.c
|
||||
@@ -40,6 +40,8 @@
|
||||
#define PVSCSI_MAX_DEVS (64)
|
||||
#define PVSCSI_MSIX_NUM_VECTORS (1)
|
||||
|
||||
+#define PVSCSI_MAX_SG_ELEM 2048
|
||||
+
|
||||
#define PVSCSI_MAX_CMD_DATA_WORDS \
|
||||
(sizeof(PVSCSICmdDescSetupRings)/sizeof(uint32_t))
|
||||
|
||||
@@ -629,17 +631,16 @@ pvscsi_queue_pending_descriptor(PVSCSIState *s, SCSIDevice **d,
|
||||
static void
|
||||
pvscsi_convert_sglist(PVSCSIRequest *r)
|
||||
{
|
||||
- int chunk_size;
|
||||
+ uint32_t chunk_size, elmcnt = 0;
|
||||
uint64_t data_length = r->req.dataLen;
|
||||
PVSCSISGState sg = r->sg;
|
||||
- while (data_length) {
|
||||
- while (!sg.resid) {
|
||||
+ while (data_length && elmcnt < PVSCSI_MAX_SG_ELEM) {
|
||||
+ while (!sg.resid && elmcnt++ < PVSCSI_MAX_SG_ELEM) {
|
||||
pvscsi_get_next_sg_elem(&sg);
|
||||
trace_pvscsi_convert_sglist(r->req.context, r->sg.dataAddr,
|
||||
r->sg.resid);
|
||||
}
|
||||
- assert(data_length > 0);
|
||||
- chunk_size = MIN((unsigned) data_length, sg.resid);
|
||||
+ chunk_size = MIN(data_length, sg.resid);
|
||||
if (chunk_size) {
|
||||
qemu_sglist_add(&r->sgl, sg.dataAddr, chunk_size);
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
35
debian/patches/extra/CVE-2016-7161-hw-net-Fix-a-heap-overflow-in-xlnx.xps-ethernetlite.patch
vendored
Normal file
35
debian/patches/extra/CVE-2016-7161-hw-net-Fix-a-heap-overflow-in-xlnx.xps-ethernetlite.patch
vendored
Normal file
@ -0,0 +1,35 @@
|
||||
From b5cfb53ba6a976d0d478eb438a5ada3b719e8d59 Mon Sep 17 00:00:00 2001
|
||||
From: chaojianhu <chaojianhu@hotmail.com>
|
||||
Date: Tue, 9 Aug 2016 11:52:54 +0800
|
||||
Subject: [PATCH 2/5] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite
|
||||
|
||||
The .receive callback of xlnx.xps-ethernetlite doesn't check the length
|
||||
of data before calling memcpy. As a result, the NetClientState object in
|
||||
heap will be overflowed. All versions of qemu with xlnx.xps-ethernetlite
|
||||
will be affected.
|
||||
|
||||
Reported-by: chaojianhu <chaojianhu@hotmail.com>
|
||||
Signed-off-by: chaojianhu <chaojianhu@hotmail.com>
|
||||
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
||||
---
|
||||
hw/net/xilinx_ethlite.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/hw/net/xilinx_ethlite.c b/hw/net/xilinx_ethlite.c
|
||||
index bc846e7..12b7419 100644
|
||||
--- a/hw/net/xilinx_ethlite.c
|
||||
+++ b/hw/net/xilinx_ethlite.c
|
||||
@@ -197,6 +197,10 @@ static ssize_t eth_rx(NetClientState *nc, const uint8_t *buf, size_t size)
|
||||
}
|
||||
|
||||
D(qemu_log("%s %zd rxbase=%x\n", __func__, size, rxbase));
|
||||
+ if (size > (R_MAX - R_RX_BUF0 - rxbase) * 4) {
|
||||
+ D(qemu_log("ethlite packet is too big, size=%x\n", size));
|
||||
+ return -1;
|
||||
+ }
|
||||
memcpy(&s->regs[rxbase + R_RX_BUF0], buf, size);
|
||||
|
||||
s->regs[rxbase + R_RX_CTRL0] |= CTRL_S;
|
||||
--
|
||||
2.1.4
|
||||
|
45
debian/patches/extra/CVE-2016-7170-vmsvga-correct-bitmap-and-pixmap-size-checks.patch
vendored
Normal file
45
debian/patches/extra/CVE-2016-7170-vmsvga-correct-bitmap-and-pixmap-size-checks.patch
vendored
Normal file
@ -0,0 +1,45 @@
|
||||
From 167d97a3def77ee2dbf6e908b0ecbfe2103977db Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Thu, 8 Sep 2016 18:15:54 +0530
|
||||
Subject: [PATCH] vmsvga: correct bitmap and pixmap size checks
|
||||
|
||||
When processing svga command DEFINE_CURSOR in vmsvga_fifo_run,
|
||||
the computed BITMAP and PIXMAP size are checked against the
|
||||
'cursor.mask[]' and 'cursor.image[]' array sizes in bytes.
|
||||
Correct these checks to avoid OOB memory access.
|
||||
|
||||
Reported-by: Qinghao Tang <luodalongde@gmail.com>
|
||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Message-id: 1473338754-15430-1-git-send-email-ppandit@redhat.com
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
hw/display/vmware_vga.c | 12 +++++++-----
|
||||
1 file changed, 7 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
|
||||
index e51a05e..6599cf0 100644
|
||||
--- a/hw/display/vmware_vga.c
|
||||
+++ b/hw/display/vmware_vga.c
|
||||
@@ -676,11 +676,13 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
|
||||
cursor.bpp = vmsvga_fifo_read(s);
|
||||
|
||||
args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
|
||||
- if (cursor.width > 256 ||
|
||||
- cursor.height > 256 ||
|
||||
- cursor.bpp > 32 ||
|
||||
- SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
|
||||
- SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
|
||||
+ if (cursor.width > 256
|
||||
+ || cursor.height > 256
|
||||
+ || cursor.bpp > 32
|
||||
+ || SVGA_BITMAP_SIZE(x, y)
|
||||
+ > sizeof(cursor.mask) / sizeof(cursor.mask[0])
|
||||
+ || SVGA_PIXMAP_SIZE(x, y, cursor.bpp)
|
||||
+ > sizeof(cursor.image) / sizeof(cursor.image[0])) {
|
||||
goto badcmd;
|
||||
}
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
38
debian/patches/extra/CVE-2016-7422-virtio-add-check-for-descriptor-s-mapped-address.patch
vendored
Normal file
38
debian/patches/extra/CVE-2016-7422-virtio-add-check-for-descriptor-s-mapped-address.patch
vendored
Normal file
@ -0,0 +1,38 @@
|
||||
From 1723b5e7962eb077353bab0772ca8114774b6c60 Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Mon, 19 Sep 2016 23:55:45 +0530
|
||||
Subject: [PATCH 4/7] virtio: add check for descriptor's mapped address
|
||||
|
||||
virtio back end uses set of buffers to facilitate I/O operations.
|
||||
If its size is too large, 'cpu_physical_memory_map' could return
|
||||
a null address. This would result in a null dereference while
|
||||
un-mapping descriptors. Add check to avoid it.
|
||||
|
||||
Reported-by: Qinghao Tang <luodalongde@gmail.com>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
hw/virtio/virtio.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
|
||||
index 74c085c..eabe573 100644
|
||||
--- a/hw/virtio/virtio.c
|
||||
+++ b/hw/virtio/virtio.c
|
||||
@@ -473,6 +473,11 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, hwaddr *addr, struct iove
|
||||
}
|
||||
|
||||
iov[num_sg].iov_base = cpu_physical_memory_map(pa, &len, is_write);
|
||||
+ if (!iov[num_sg].iov_base) {
|
||||
+ error_report("virtio: bogus descriptor or out of resources");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
iov[num_sg].iov_len = len;
|
||||
addr[num_sg] = pa;
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
32
debian/patches/extra/CVE-2016-7466-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch
vendored
Normal file
32
debian/patches/extra/CVE-2016-7466-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch
vendored
Normal file
@ -0,0 +1,32 @@
|
||||
From b53dd4495ced2432a0b652ea895e651d07336f7e Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Tue, 13 Sep 2016 03:20:03 -0700
|
||||
Subject: [PATCH] usb:xhci:fix memory leak in usb_xhci_exit
|
||||
|
||||
If the xhci uses msix, it doesn't free the corresponding
|
||||
memory, thus leading a memory leak. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Message-id: 57d7d2e0.d4301c0a.d13e9.9a55@mx.google.com
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
hw/usb/hcd-xhci.c | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
|
||||
index 37c1493..726435c 100644
|
||||
--- a/hw/usb/hcd-xhci.c
|
||||
+++ b/hw/usb/hcd-xhci.c
|
||||
@@ -3715,8 +3715,7 @@ static void usb_xhci_exit(PCIDevice *dev)
|
||||
/* destroy msix memory region */
|
||||
if (dev->msix_table && dev->msix_pba
|
||||
&& dev->msix_entry_used) {
|
||||
- memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio);
|
||||
- memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio);
|
||||
+ msix_uninit(dev, &xhci->mem, &xhci->mem);
|
||||
}
|
||||
|
||||
usb_bus_release(&xhci->bus);
|
||||
--
|
||||
2.1.4
|
||||
|
48
debian/patches/extra/CVE-2016-7907-net-imx-limit-buffer-descriptor-count.patch
vendored
Normal file
48
debian/patches/extra/CVE-2016-7907-net-imx-limit-buffer-descriptor-count.patch
vendored
Normal file
@ -0,0 +1,48 @@
|
||||
From 3798522afcf58abbce6de67446fcae7a34ae919d Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Thu, 22 Sep 2016 16:01:38 +0530
|
||||
Subject: [PATCH 5/7] net: imx: limit buffer descriptor count
|
||||
|
||||
i.MX Fast Ethernet Controller uses buffer descriptors to manage
|
||||
data flow to/fro receive & transmit queues. While transmitting
|
||||
packets, it could continue to read buffer descriptors if a buffer
|
||||
descriptor has length of zero and has crafted values in bd.flags.
|
||||
Set an upper limit to number of buffer descriptors.
|
||||
|
||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
---
|
||||
hw/net/imx_fec.c | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
|
||||
index 1c415ab..1d74827 100644
|
||||
--- a/hw/net/imx_fec.c
|
||||
+++ b/hw/net/imx_fec.c
|
||||
@@ -220,6 +220,8 @@ static const VMStateDescription vmstate_imx_eth = {
|
||||
#define PHY_INT_PARFAULT (1 << 2)
|
||||
#define PHY_INT_AUTONEG_PAGE (1 << 1)
|
||||
|
||||
+#define IMX_MAX_DESC 1024
|
||||
+
|
||||
static void imx_eth_update(IMXFECState *s);
|
||||
|
||||
/*
|
||||
@@ -402,12 +404,12 @@ static void imx_eth_update(IMXFECState *s)
|
||||
|
||||
static void imx_fec_do_tx(IMXFECState *s)
|
||||
{
|
||||
- int frame_size = 0;
|
||||
+ int frame_size = 0, descnt = 0;
|
||||
uint8_t frame[ENET_MAX_FRAME_SIZE];
|
||||
uint8_t *ptr = frame;
|
||||
uint32_t addr = s->tx_descriptor;
|
||||
|
||||
- while (1) {
|
||||
+ while (descnt++ < IMX_MAX_DESC) {
|
||||
IMXFECBufDesc bd;
|
||||
int len;
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
52
debian/patches/extra/CVE-2016-7908-net-mcf-limit-buffer-descriptor-count.patch
vendored
Normal file
52
debian/patches/extra/CVE-2016-7908-net-mcf-limit-buffer-descriptor-count.patch
vendored
Normal file
@ -0,0 +1,52 @@
|
||||
From 94087c0cbe014b4a60d96930d7cb43d54a05c701 Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Thu, 22 Sep 2016 16:02:37 +0530
|
||||
Subject: [PATCH 6/7] net: mcf: limit buffer descriptor count
|
||||
|
||||
ColdFire Fast Ethernet Controller uses buffer descriptors to manage
|
||||
data flow to/fro receive & transmit queues. While transmitting
|
||||
packets, it could continue to read buffer descriptors if a buffer
|
||||
descriptor has length of zero and has crafted values in bd.flags.
|
||||
Set upper limit to number of buffer descriptors.
|
||||
|
||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
||||
---
|
||||
hw/net/mcf_fec.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
|
||||
index 0ee8ad9..d31fea1 100644
|
||||
--- a/hw/net/mcf_fec.c
|
||||
+++ b/hw/net/mcf_fec.c
|
||||
@@ -23,6 +23,7 @@ do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0)
|
||||
#define DPRINTF(fmt, ...) do {} while(0)
|
||||
#endif
|
||||
|
||||
+#define FEC_MAX_DESC 1024
|
||||
#define FEC_MAX_FRAME_SIZE 2032
|
||||
|
||||
typedef struct {
|
||||
@@ -149,7 +150,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
|
||||
uint32_t addr;
|
||||
mcf_fec_bd bd;
|
||||
int frame_size;
|
||||
- int len;
|
||||
+ int len, descnt = 0;
|
||||
uint8_t frame[FEC_MAX_FRAME_SIZE];
|
||||
uint8_t *ptr;
|
||||
|
||||
@@ -157,7 +158,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
|
||||
ptr = frame;
|
||||
frame_size = 0;
|
||||
addr = s->tx_descriptor;
|
||||
- while (1) {
|
||||
+ while (descnt++ < FEC_MAX_DESC) {
|
||||
mcf_fec_read_bd(&bd, addr);
|
||||
DPRINTF("tx_bd %x flags %04x len %d data %08x\n",
|
||||
addr, bd.flags, bd.length, bd.data);
|
||||
--
|
||||
2.1.4
|
||||
|
36
debian/patches/extra/CVE-2016-7909-net-pcnet-check-rx-tx-descriptor-ring-length.patch
vendored
Normal file
36
debian/patches/extra/CVE-2016-7909-net-pcnet-check-rx-tx-descriptor-ring-length.patch
vendored
Normal file
@ -0,0 +1,36 @@
|
||||
From ed825b783750cbe88aa67bbe83cf662082828efa Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Fri, 30 Sep 2016 00:27:33 +0530
|
||||
Subject: [PATCH 7/7] net: pcnet: check rx/tx descriptor ring length
|
||||
|
||||
The AMD PC-Net II emulator has set of control and status(CSR)
|
||||
registers. Of these, CSR76 and CSR78 hold receive and transmit
|
||||
descriptor ring length respectively. This ring length could range
|
||||
from 1 to 65535. Setting ring length to zero leads to an infinite
|
||||
loop in pcnet_rdra_addr. Add check to avoid it.
|
||||
|
||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
---
|
||||
hw/net/pcnet.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
|
||||
index 198a01f..3078de8 100644
|
||||
--- a/hw/net/pcnet.c
|
||||
+++ b/hw/net/pcnet.c
|
||||
@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
|
||||
case 47: /* POLLINT */
|
||||
case 72:
|
||||
case 74:
|
||||
+ break;
|
||||
case 76: /* RCVRL */
|
||||
case 78: /* XMTRL */
|
||||
+ val = (val > 0) ? val : 512;
|
||||
+ break;
|
||||
case 112:
|
||||
if (CSR_STOP(s) || CSR_SPND(s))
|
||||
break;
|
||||
--
|
||||
2.1.4
|
||||
|
30
debian/patches/extra/CVE-2016-7994-virtio-gpu-fix-memory-leak-in-virtio_gpu_resource_cr.patch
vendored
Normal file
30
debian/patches/extra/CVE-2016-7994-virtio-gpu-fix-memory-leak-in-virtio_gpu_resource_cr.patch
vendored
Normal file
@ -0,0 +1,30 @@
|
||||
From 594fa98211f92ab07ee6d6b6a9eda93a416a1f57 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Sun, 18 Sep 2016 19:07:11 -0700
|
||||
Subject: [PATCH 1/2] virtio-gpu: fix memory leak in
|
||||
virtio_gpu_resource_create_2d
|
||||
|
||||
In virtio gpu resource create dispatch, if the pixman format is zero
|
||||
it doesn't free the resource object allocated previously. Thus leading
|
||||
a host memory leak issue. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
---
|
||||
hw/display/virtio-gpu.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
|
||||
index 7fe6ed8..5b6d17b 100644
|
||||
--- a/hw/display/virtio-gpu.c
|
||||
+++ b/hw/display/virtio-gpu.c
|
||||
@@ -333,6 +333,7 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g,
|
||||
qemu_log_mask(LOG_GUEST_ERROR,
|
||||
"%s: host couldn't handle guest format %d\n",
|
||||
__func__, c2d.format);
|
||||
+ g_free(res);
|
||||
cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
|
||||
return;
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
32
debian/patches/extra/CVE-2016-7995-usb-ehci-fix-memory-leak-in-ehci_process_itd.patch
vendored
Normal file
32
debian/patches/extra/CVE-2016-7995-usb-ehci-fix-memory-leak-in-ehci_process_itd.patch
vendored
Normal file
@ -0,0 +1,32 @@
|
||||
From 91a16e6e51a4e046d59379fc83b9dfc1e860e9c7 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Sat, 8 Oct 2016 11:58:03 +0300
|
||||
Subject: [PATCH 2/2] usb: ehci: fix memory leak in ehci_process_itd
|
||||
|
||||
While processing isochronous transfer descriptors(iTD), if the page
|
||||
select(PG) field value is out of bands it will return. In this
|
||||
situation the ehci's sg list is not freed thus leading to a memory
|
||||
leak issue. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Reviewed-by: Thomas Huth <thuth@redhat.com>
|
||||
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
||||
---
|
||||
hw/usb/hcd-ehci.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
|
||||
index b093db7..f4ece9a 100644
|
||||
--- a/hw/usb/hcd-ehci.c
|
||||
+++ b/hw/usb/hcd-ehci.c
|
||||
@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci,
|
||||
if (off + len > 4096) {
|
||||
/* transfer crosses page border */
|
||||
if (pg == 6) {
|
||||
+ qemu_sglist_destroy(&ehci->isgl);
|
||||
return -1; /* avoid page pg + 1 */
|
||||
}
|
||||
ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
|
||||
--
|
||||
2.1.4
|
||||
|
69
debian/patches/extra/CVE-2016-8576-xhci-limit-the-number-of-link-trbs-we-are-willing-to.patch
vendored
Normal file
69
debian/patches/extra/CVE-2016-8576-xhci-limit-the-number-of-link-trbs-we-are-willing-to.patch
vendored
Normal file
@ -0,0 +1,69 @@
|
||||
From b5ef1754de94247de307044b19e6bc3fa0ad5ba8 Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Mon, 10 Oct 2016 12:46:22 +0200
|
||||
Subject: [PATCH 2/4] xhci: limit the number of link trbs we are willing to
|
||||
process
|
||||
|
||||
Needed to avoid we run in circles forever in case the guest builds
|
||||
an endless loop with link trbs.
|
||||
|
||||
Reported-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Tested-by: P J P <ppandit@redhat.com>
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Message-id: 1476096382-7981-1-git-send-email-kraxel@redhat.com
|
||||
---
|
||||
hw/usb/hcd-xhci.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
|
||||
index 281a2a5..8a9a31a 100644
|
||||
--- a/hw/usb/hcd-xhci.c
|
||||
+++ b/hw/usb/hcd-xhci.c
|
||||
@@ -54,6 +54,8 @@
|
||||
* to the specs when it gets them */
|
||||
#define ER_FULL_HACK
|
||||
|
||||
+#define TRB_LINK_LIMIT 4
|
||||
+
|
||||
#define LEN_CAP 0x40
|
||||
#define LEN_OPER (0x400 + 0x10 * MAXPORTS)
|
||||
#define LEN_RUNTIME ((MAXINTRS + 1) * 0x20)
|
||||
@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
|
||||
dma_addr_t *addr)
|
||||
{
|
||||
PCIDevice *pci_dev = PCI_DEVICE(xhci);
|
||||
+ uint32_t link_cnt = 0;
|
||||
|
||||
while (1) {
|
||||
TRBType type;
|
||||
@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
|
||||
ring->dequeue += TRB_SIZE;
|
||||
return type;
|
||||
} else {
|
||||
+ if (++link_cnt > TRB_LINK_LIMIT) {
|
||||
+ return 0;
|
||||
+ }
|
||||
ring->dequeue = xhci_mask64(trb->parameter);
|
||||
if (trb->control & TRB_LK_TC) {
|
||||
ring->ccs = !ring->ccs;
|
||||
@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
|
||||
bool ccs = ring->ccs;
|
||||
/* hack to bundle together the two/three TDs that make a setup transfer */
|
||||
bool control_td_set = 0;
|
||||
+ uint32_t link_cnt = 0;
|
||||
|
||||
while (1) {
|
||||
TRBType type;
|
||||
@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
|
||||
type = TRB_TYPE(trb);
|
||||
|
||||
if (type == TR_LINK) {
|
||||
+ if (++link_cnt > TRB_LINK_LIMIT) {
|
||||
+ return -length;
|
||||
+ }
|
||||
dequeue = xhci_mask64(trb.parameter);
|
||||
if (trb.control & TRB_LK_TC) {
|
||||
ccs = !ccs;
|
||||
--
|
||||
2.1.4
|
||||
|
39
debian/patches/extra/CVE-2016-8577-9pfs-fix-potential-host-memory-leak-in-v9fs_read.patch
vendored
Normal file
39
debian/patches/extra/CVE-2016-8577-9pfs-fix-potential-host-memory-leak-in-v9fs_read.patch
vendored
Normal file
@ -0,0 +1,39 @@
|
||||
From 8794fc68736fda80d7191f100c03c960a5ef1224 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Tue, 11 Oct 2016 09:27:45 +0200
|
||||
Subject: [PATCH 3/4] 9pfs: fix potential host memory leak in v9fs_read
|
||||
|
||||
In 9pfs read dispatch function, it doesn't free two QEMUIOVector
|
||||
object thus causing potential memory leak. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
---
|
||||
hw/9pfs/9p.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index dfe293d..54e18a2 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -1812,14 +1812,15 @@ static void v9fs_read(void *opaque)
|
||||
if (len < 0) {
|
||||
/* IO error return the error */
|
||||
err = len;
|
||||
- goto out;
|
||||
+ goto out_free_iovec;
|
||||
}
|
||||
} while (count < max_count && len > 0);
|
||||
err = pdu_marshal(pdu, offset, "d", count);
|
||||
if (err < 0) {
|
||||
- goto out;
|
||||
+ goto out_free_iovec;
|
||||
}
|
||||
err += offset + count;
|
||||
+out_free_iovec:
|
||||
qemu_iovec_destroy(&qiov);
|
||||
qemu_iovec_destroy(&qiov_full);
|
||||
} else if (fidp->fid_type == P9_FID_XATTR) {
|
||||
--
|
||||
2.1.4
|
||||
|
58
debian/patches/extra/CVE-2016-8578-9pfs-allocate-space-for-guest-originated-empty-strin.patch
vendored
Normal file
58
debian/patches/extra/CVE-2016-8578-9pfs-allocate-space-for-guest-originated-empty-strin.patch
vendored
Normal file
@ -0,0 +1,58 @@
|
||||
From 630abd0c70f272b36361348e9ee7d6a71577b72f Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Tue, 11 Oct 2016 09:27:45 +0200
|
||||
Subject: [PATCH 4/4] 9pfs: allocate space for guest originated empty strings
|
||||
|
||||
If a guest sends an empty string paramater to any 9P operation, the current
|
||||
code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }.
|
||||
|
||||
This is unfortunate because it can cause NULL pointer dereference to happen
|
||||
at various locations in the 9pfs code. And we don't want to check str->data
|
||||
everywhere we pass it to strcmp() or any other function which expects a
|
||||
dereferenceable pointer.
|
||||
|
||||
This patch enforces the allocation of genuine C empty strings instead, so
|
||||
callers don't have to bother.
|
||||
|
||||
Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if
|
||||
the returned string is empty. It now uses v9fs_string_size() since
|
||||
name.data cannot be NULL anymore.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
[groug, rewritten title and changelog,
|
||||
fix empty string check in v9fs_xattrwalk()]
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
---
|
||||
fsdev/9p-iov-marshal.c | 2 +-
|
||||
hw/9pfs/9p.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
|
||||
index 663cad5..1d16f8d 100644
|
||||
--- a/fsdev/9p-iov-marshal.c
|
||||
+++ b/fsdev/9p-iov-marshal.c
|
||||
@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset,
|
||||
str->data = g_malloc(str->size + 1);
|
||||
copied = v9fs_unpack(str->data, out_sg, out_num, offset,
|
||||
str->size);
|
||||
- if (copied > 0) {
|
||||
+ if (copied >= 0) {
|
||||
str->data[str->size] = 0;
|
||||
} else {
|
||||
v9fs_string_free(str);
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index 54e18a2..75ba5f1 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -3161,7 +3161,7 @@ static void v9fs_xattrwalk(void *opaque)
|
||||
goto out;
|
||||
}
|
||||
v9fs_path_copy(&xattr_fidp->path, &file_fidp->path);
|
||||
- if (name.data == NULL) {
|
||||
+ if (!v9fs_string_size(&name)) {
|
||||
/*
|
||||
* listxattr request. Get the size first
|
||||
*/
|
||||
--
|
||||
2.1.4
|
||||
|
34
debian/patches/extra/CVE-2016-8668-net-rocker-set-limit-to-DMA-buffer-size.patch
vendored
Normal file
34
debian/patches/extra/CVE-2016-8668-net-rocker-set-limit-to-DMA-buffer-size.patch
vendored
Normal file
@ -0,0 +1,34 @@
|
||||
From 0d3ac427e34f12b1a33646d47ef3dc390a9b569d Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Wed, 12 Oct 2016 14:40:55 +0530
|
||||
Subject: [PATCH 1/2] net: rocker: set limit to DMA buffer size
|
||||
|
||||
Rocker network switch emulator has test registers to help debug
|
||||
DMA operations. While testing host DMA access, a buffer address
|
||||
is written to register 'TEST_DMA_ADDR' and its size is written to
|
||||
register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT
|
||||
test, if DMA buffer size was greater than 'INT_MAX', it leads to
|
||||
an invalid buffer access. Limit the DMA buffer size to avoid it.
|
||||
|
||||
Reported-by: Huawei PSIRT <psirt@huawei.com>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
---
|
||||
hw/net/rocker/rocker.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
|
||||
index 30f2ce4..e9d215a 100644
|
||||
--- a/hw/net/rocker/rocker.c
|
||||
+++ b/hw/net/rocker/rocker.c
|
||||
@@ -860,7 +860,7 @@ static void rocker_io_writel(void *opaque, hwaddr addr, uint32_t val)
|
||||
rocker_msix_irq(r, val);
|
||||
break;
|
||||
case ROCKER_TEST_DMA_SIZE:
|
||||
- r->test_dma_size = val;
|
||||
+ r->test_dma_size = val & 0xFFFF;
|
||||
break;
|
||||
case ROCKER_TEST_DMA_ADDR + 4:
|
||||
r->test_dma_addr = ((uint64_t)val) << 32 | r->lower32;
|
||||
--
|
||||
2.1.4
|
||||
|
35
debian/patches/extra/CVE-2016-8669-char-serial-check-divider-value-against-baud-base.patch
vendored
Normal file
35
debian/patches/extra/CVE-2016-8669-char-serial-check-divider-value-against-baud-base.patch
vendored
Normal file
@ -0,0 +1,35 @@
|
||||
From 7e0ebfd13e55a706396197437f375692bbf75d15 Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Wed, 12 Oct 2016 11:28:08 +0530
|
||||
Subject: [PATCH 2/2] char: serial: check divider value against baud base
|
||||
|
||||
16550A UART device uses an oscillator to generate frequencies
|
||||
(baud base), which decide communication speed. This speed could
|
||||
be changed by dividing it by a divider. If the divider is
|
||||
greater than the baud base, speed is set to zero, leading to a
|
||||
divide by zero error. Add check to avoid it.
|
||||
|
||||
Reported-by: Huawei PSIRT <psirt@huawei.com>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
---
|
||||
hw/char/serial.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/char/serial.c b/hw/char/serial.c
|
||||
index 3442f47..eec72b7 100644
|
||||
--- a/hw/char/serial.c
|
||||
+++ b/hw/char/serial.c
|
||||
@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s)
|
||||
int speed, parity, data_bits, stop_bits, frame_size;
|
||||
QEMUSerialSetParams ssp;
|
||||
|
||||
- if (s->divider == 0)
|
||||
+ if (s->divider == 0 || s->divider > s->baudbase) {
|
||||
return;
|
||||
+ }
|
||||
|
||||
/* Start bit. */
|
||||
frame_size = 1;
|
||||
--
|
||||
2.1.4
|
||||
|
39
debian/patches/extra/CVE-2016-8909-audio-intel-hda-check-stream-entry-count-during-tran.patch
vendored
Normal file
39
debian/patches/extra/CVE-2016-8909-audio-intel-hda-check-stream-entry-count-during-tran.patch
vendored
Normal file
@ -0,0 +1,39 @@
|
||||
From ad0e6e88e0432aa1e6c75f52a6b3b4bf463e2563 Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Thu, 20 Oct 2016 13:10:24 +0530
|
||||
Subject: [PATCH 1/8] audio: intel-hda: check stream entry count during
|
||||
transfer
|
||||
|
||||
Intel HDA emulator uses stream of buffers during DMA data
|
||||
transfers. Each entry has buffer length and buffer pointer
|
||||
position, which are used to derive bytes to 'copy'. If this
|
||||
length and buffer pointer were to be same, 'copy' could be
|
||||
set to zero(0), leading to an infinite loop. Add check to
|
||||
avoid it.
|
||||
|
||||
Reported-by: Huawei PSIRT <psirt@huawei.com>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
||||
Message-id: 1476949224-6865-1-git-send-email-ppandit@redhat.com
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
hw/audio/intel-hda.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
|
||||
index cd95340..537face 100644
|
||||
--- a/hw/audio/intel-hda.c
|
||||
+++ b/hw/audio/intel-hda.c
|
||||
@@ -416,7 +416,8 @@ static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
|
||||
}
|
||||
|
||||
left = len;
|
||||
- while (left > 0) {
|
||||
+ s = st->bentries;
|
||||
+ while (left > 0 && s-- > 0) {
|
||||
copy = left;
|
||||
if (copy > st->bsize - st->lpib)
|
||||
copy = st->bsize - st->lpib;
|
||||
--
|
||||
2.1.4
|
||||
|
30
debian/patches/extra/CVE-2016-9101-net-eepro100-fix-memory-leak-in-device-uninit.patch
vendored
Normal file
30
debian/patches/extra/CVE-2016-9101-net-eepro100-fix-memory-leak-in-device-uninit.patch
vendored
Normal file
@ -0,0 +1,30 @@
|
||||
From 1fab838b55ee7cc199b105d80de4a80f336231b3 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Sat, 8 Oct 2016 05:07:25 -0700
|
||||
Subject: [PATCH 3/8] net: eepro100: fix memory leak in device uninit
|
||||
|
||||
The exit dispatch of eepro100 network card device doesn't free
|
||||
the 's->vmstate' field which was allocated in device realize thus
|
||||
leading a host memory leak. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
||||
---
|
||||
hw/net/eepro100.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
|
||||
index bab4dbf..4bf71f2 100644
|
||||
--- a/hw/net/eepro100.c
|
||||
+++ b/hw/net/eepro100.c
|
||||
@@ -1843,6 +1843,7 @@ static void pci_nic_uninit(PCIDevice *pci_dev)
|
||||
EEPRO100State *s = DO_UPCAST(EEPRO100State, dev, pci_dev);
|
||||
|
||||
vmstate_unregister(&pci_dev->qdev, s->vmstate, s);
|
||||
+ g_free(s->vmstate);
|
||||
eeprom93xx_free(&pci_dev->qdev, s->eeprom);
|
||||
qemu_del_nic(s->nic);
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
34
debian/patches/extra/CVE-2016-9102-9pfs-fix-memory-leak-in-v9fs_xattrcreate.patch
vendored
Normal file
34
debian/patches/extra/CVE-2016-9102-9pfs-fix-memory-leak-in-v9fs_xattrcreate.patch
vendored
Normal file
@ -0,0 +1,34 @@
|
||||
From f132108afabf074403afadf822ad2d2275d115cd Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Mon, 17 Oct 2016 14:13:58 +0200
|
||||
Subject: [PATCH 5/8] 9pfs: fix memory leak in v9fs_xattrcreate
|
||||
|
||||
The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
|
||||
situation that this field has been allocated previously. Every time, it
|
||||
will be allocated directly. This leads to a host memory leak issue if
|
||||
the client sends another Txattrcreate message with the same fid number
|
||||
before the fid from the previous time got clunked.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
[groug, updated the changelog to indicate how the leak can occur]
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
---
|
||||
hw/9pfs/9p.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index 3becdd0..f5af4e3 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -3269,6 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
|
||||
xattr_fidp->fs.xattr.flags = flags;
|
||||
v9fs_string_init(&xattr_fidp->fs.xattr.name);
|
||||
v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
|
||||
+ g_free(xattr_fidp->fs.xattr.value);
|
||||
xattr_fidp->fs.xattr.value = g_malloc0(size);
|
||||
err = offset;
|
||||
put_fid(pdu, file_fidp);
|
||||
--
|
||||
2.1.4
|
||||
|
32
debian/patches/extra/CVE-2016-9103-9pfs-fix-information-leak-in-xattr-read.patch
vendored
Normal file
32
debian/patches/extra/CVE-2016-9103-9pfs-fix-information-leak-in-xattr-read.patch
vendored
Normal file
@ -0,0 +1,32 @@
|
||||
From 644566ea6fe2896b6b171797cfe6e7219939d968 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Mon, 17 Oct 2016 14:13:58 +0200
|
||||
Subject: [PATCH 4/8] 9pfs: fix information leak in xattr read
|
||||
|
||||
9pfs uses g_malloc() to allocate the xattr memory space, if the guest
|
||||
reads this memory before writing to it, this will leak host heap memory
|
||||
to the guest. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
---
|
||||
hw/9pfs/9p.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index 75ba5f1..3becdd0 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -3269,7 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
|
||||
xattr_fidp->fs.xattr.flags = flags;
|
||||
v9fs_string_init(&xattr_fidp->fs.xattr.name);
|
||||
v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
|
||||
- xattr_fidp->fs.xattr.value = g_malloc(size);
|
||||
+ xattr_fidp->fs.xattr.value = g_malloc0(size);
|
||||
err = offset;
|
||||
put_fid(pdu, file_fidp);
|
||||
out_nofid:
|
||||
--
|
||||
2.1.4
|
||||
|
92
debian/patches/extra/CVE-2016-9104-9pfs-fix-integer-overflow-issue-in-xattr-read-write.patch
vendored
Normal file
92
debian/patches/extra/CVE-2016-9104-9pfs-fix-integer-overflow-issue-in-xattr-read-write.patch
vendored
Normal file
@ -0,0 +1,92 @@
|
||||
From 86a37b0a0ed8f32db819782ca4a367712ece1453 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Tue, 1 Nov 2016 12:00:40 +0100
|
||||
Subject: [PATCH 8/8] 9pfs: fix integer overflow issue in xattr read/write
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The v9fs_xattr_read() and v9fs_xattr_write() are passed a guest
|
||||
originated offset: they must ensure this offset does not go beyond
|
||||
the size of the extended attribute that was set in v9fs_xattrcreate().
|
||||
Unfortunately, the current code implement these checks with unsafe
|
||||
calculations on 32 and 64 bit values, which may allow a malicious
|
||||
guest to cause OOB access anyway.
|
||||
|
||||
Fix this by comparing the offset and the xattr size, which are
|
||||
both uint64_t, before trying to compute the effective number of bytes
|
||||
to read or write.
|
||||
|
||||
Suggested-by: Greg Kurz <groug@kaod.org>
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
Reviewed-By: Guido Günther <agx@sigxcpu.org>
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
---
|
||||
hw/9pfs/9p.c | 32 ++++++++++++--------------------
|
||||
1 file changed, 12 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index af07846..fc4f2cd 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -1628,20 +1628,17 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
|
||||
{
|
||||
ssize_t err;
|
||||
size_t offset = 7;
|
||||
- int read_count;
|
||||
- int64_t xattr_len;
|
||||
+ uint64_t read_count;
|
||||
V9fsVirtioState *v = container_of(s, V9fsVirtioState, state);
|
||||
VirtQueueElement *elem = v->elems[pdu->idx];
|
||||
|
||||
- xattr_len = fidp->fs.xattr.len;
|
||||
- read_count = xattr_len - off;
|
||||
+ if (fidp->fs.xattr.len < off) {
|
||||
+ read_count = 0;
|
||||
+ } else {
|
||||
+ read_count = fidp->fs.xattr.len - off;
|
||||
+ }
|
||||
if (read_count > max_count) {
|
||||
read_count = max_count;
|
||||
- } else if (read_count < 0) {
|
||||
- /*
|
||||
- * read beyond XATTR value
|
||||
- */
|
||||
- read_count = 0;
|
||||
}
|
||||
err = pdu_marshal(pdu, offset, "d", read_count);
|
||||
if (err < 0) {
|
||||
@@ -1969,23 +1966,18 @@ static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
|
||||
{
|
||||
int i, to_copy;
|
||||
ssize_t err = 0;
|
||||
- int write_count;
|
||||
- int64_t xattr_len;
|
||||
+ uint64_t write_count;
|
||||
size_t offset = 7;
|
||||
|
||||
|
||||
- xattr_len = fidp->fs.xattr.len;
|
||||
- write_count = xattr_len - off;
|
||||
- if (write_count > count) {
|
||||
- write_count = count;
|
||||
- } else if (write_count < 0) {
|
||||
- /*
|
||||
- * write beyond XATTR value len specified in
|
||||
- * xattrcreate
|
||||
- */
|
||||
+ if (fidp->fs.xattr.len < off) {
|
||||
err = -ENOSPC;
|
||||
goto out;
|
||||
}
|
||||
+ write_count = fidp->fs.xattr.len - off;
|
||||
+ if (write_count > count) {
|
||||
+ write_count = count;
|
||||
+ }
|
||||
err = pdu_marshal(pdu, offset, "d", write_count);
|
||||
if (err < 0) {
|
||||
return err;
|
||||
--
|
||||
2.1.4
|
||||
|
32
debian/patches/extra/CVE-2016-9105-9pfs-fix-memory-leak-in-v9fs_link.patch
vendored
Normal file
32
debian/patches/extra/CVE-2016-9105-9pfs-fix-memory-leak-in-v9fs_link.patch
vendored
Normal file
@ -0,0 +1,32 @@
|
||||
From 94979ec1a852871eaee150cb56f0e8cac4316e35 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Mon, 17 Oct 2016 14:13:58 +0200
|
||||
Subject: [PATCH 6/8] 9pfs: fix memory leak in v9fs_link
|
||||
|
||||
The v9fs_link() function keeps a reference on the source fid object. This
|
||||
causes a memory leak since the reference never goes down to 0. This patch
|
||||
fixes the issue.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
[groug, rephrased the changelog]
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
---
|
||||
hw/9pfs/9p.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index f5af4e3..aa2b8c0 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -2403,6 +2403,7 @@ static void v9fs_link(void *opaque)
|
||||
if (!err) {
|
||||
err = offset;
|
||||
}
|
||||
+ put_fid(pdu, oldfidp);
|
||||
out:
|
||||
put_fid(pdu, dfidp);
|
||||
out_nofid:
|
||||
--
|
||||
2.1.4
|
||||
|
33
debian/patches/extra/CVE-2016-9106-9pfs-fix-memory-leak-in-v9fs_write.patch
vendored
Normal file
33
debian/patches/extra/CVE-2016-9106-9pfs-fix-memory-leak-in-v9fs_write.patch
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
From 2c5bcb2d5f32ffcf5064d3557e44836fa70700be Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Mon, 17 Oct 2016 14:13:58 +0200
|
||||
Subject: [PATCH 7/8] 9pfs: fix memory leak in v9fs_write
|
||||
|
||||
If an error occurs when marshalling the transfer length to the guest, the
|
||||
v9fs_write() function doesn't free an IO vector, thus leading to a memory
|
||||
leak. This patch fixes the issue.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
[groug, rephrased the changelog]
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
---
|
||||
hw/9pfs/9p.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index aa2b8c0..af07846 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -2080,7 +2080,7 @@ static void v9fs_write(void *opaque)
|
||||
offset = 7;
|
||||
err = pdu_marshal(pdu, offset, "d", total);
|
||||
if (err < 0) {
|
||||
- goto out;
|
||||
+ goto out_qiov;
|
||||
}
|
||||
err += offset;
|
||||
trace_v9fs_write_return(pdu->tag, pdu->id, total, err);
|
||||
--
|
||||
2.1.4
|
||||
|
34
debian/patches/extra/CVE-2016-9776-net-mcf-check-receive-buffer-size-register-value.patch
vendored
Normal file
34
debian/patches/extra/CVE-2016-9776-net-mcf-check-receive-buffer-size-register-value.patch
vendored
Normal file
@ -0,0 +1,34 @@
|
||||
From 2a4848046ad64db5cb1c1090565a28a5cb2c518e Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Tue, 29 Nov 2016 00:38:39 +0530
|
||||
Subject: [PATCH 01/12] net: mcf: check receive buffer size register value
|
||||
|
||||
ColdFire Fast Ethernet Controller uses a receive buffer size
|
||||
register(EMRBR) to hold maximum size of all receive buffers.
|
||||
It is set by a user before any operation. If it was set to be
|
||||
zero, ColdFire emulator would go into an infinite loop while
|
||||
receiving data in mcf_fec_receive. Add check to avoid it.
|
||||
|
||||
Reported-by: Wjjzhang <wjjzhang@tencent.com>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
||||
---
|
||||
hw/net/mcf_fec.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
|
||||
index d31fea1..3d4b3b3 100644
|
||||
--- a/hw/net/mcf_fec.c
|
||||
+++ b/hw/net/mcf_fec.c
|
||||
@@ -393,7 +393,7 @@ static void mcf_fec_write(void *opaque, hwaddr addr,
|
||||
s->tx_descriptor = s->etdsr;
|
||||
break;
|
||||
case 0x188:
|
||||
- s->emrbr = value & 0x7f0;
|
||||
+ s->emrbr = value > 0 ? value & 0x7F0 : 0x7F0;
|
||||
break;
|
||||
default:
|
||||
hw_error("mcf_fec_write Bad address 0x%x\n", (int)addr);
|
||||
--
|
||||
2.1.4
|
||||
|
37
debian/patches/extra/CVE-2016-9845-virtio-gpu-fix-information-leak-in-getting-capset-in.patch
vendored
Normal file
37
debian/patches/extra/CVE-2016-9845-virtio-gpu-fix-information-leak-in-getting-capset-in.patch
vendored
Normal file
@ -0,0 +1,37 @@
|
||||
From 71ee39ea06cbcbd1971213aa1f3a9036c50b6a57 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Tue, 1 Nov 2016 02:53:11 -0700
|
||||
Subject: [PATCH 02/12] virtio-gpu: fix information leak in getting capset info
|
||||
dispatch
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
In virgl_cmd_get_capset_info dispatch function, the 'resp' hasn't
|
||||
been full initialized before writing to the guest. This will leak
|
||||
the 'resp.padding' and 'resp.hdr.padding' fieds to the guest. This
|
||||
patch fix this issue.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Message-id: 5818661e.0860240a.77264.7a56@mx.google.com
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
hw/display/virtio-gpu-3d.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
|
||||
index 758d33a..23f39de 100644
|
||||
--- a/hw/display/virtio-gpu-3d.c
|
||||
+++ b/hw/display/virtio-gpu-3d.c
|
||||
@@ -347,6 +347,7 @@ static void virgl_cmd_get_capset_info(VirtIOGPU *g,
|
||||
|
||||
VIRTIO_GPU_FILL_CMD(info);
|
||||
|
||||
+ memset(&resp, 0, sizeof(resp));
|
||||
if (info.capset_index == 0) {
|
||||
resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;
|
||||
virgl_renderer_get_cap_set(resp.capset_id,
|
||||
--
|
||||
2.1.4
|
||||
|
36
debian/patches/extra/CVE-2016-9846-virtio-gpu-fix-memory-leak-in-update_cursor_data_vir.patch
vendored
Normal file
36
debian/patches/extra/CVE-2016-9846-virtio-gpu-fix-memory-leak-in-update_cursor_data_vir.patch
vendored
Normal file
@ -0,0 +1,36 @@
|
||||
From 74a46afa58632277063ca4990cf0c954f342dd7d Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Tue, 1 Nov 2016 04:06:58 -0700
|
||||
Subject: [PATCH 03/12] virtio-gpu: fix memory leak in update_cursor_data_virgl
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
In update_cursor_data_virgl function, if the 'width'/ 'height'
|
||||
is not equal to current cursor's width/height it will return
|
||||
without free the 'data' allocated previously. This will lead
|
||||
a memory leak issue. This patch fix this issue.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Message-id: 58187760.41d71c0a.cca75.4cb9@mx.google.com
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
hw/display/virtio-gpu.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
|
||||
index 5b6d17b..41f8096 100644
|
||||
--- a/hw/display/virtio-gpu.c
|
||||
+++ b/hw/display/virtio-gpu.c
|
||||
@@ -84,6 +84,7 @@ static void update_cursor_data_virgl(VirtIOGPU *g,
|
||||
|
||||
if (width != s->current_cursor->width ||
|
||||
height != s->current_cursor->height) {
|
||||
+ free(data);
|
||||
return;
|
||||
}
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
54
debian/patches/extra/CVE-2016-9907-usbredir-free-vm_change_state_handler-in-usbredir-de.patch
vendored
Normal file
54
debian/patches/extra/CVE-2016-9907-usbredir-free-vm_change_state_handler-in-usbredir-de.patch
vendored
Normal file
@ -0,0 +1,54 @@
|
||||
From 5bbb994dd062eb3950d67db3c6189dab0df7ec9b Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Mon, 7 Nov 2016 21:57:46 -0800
|
||||
Subject: [PATCH 04/12] usbredir: free vm_change_state_handler in usbredir
|
||||
destroy dispatch
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
In usbredir destroy dispatch function, it doesn't free the vm change
|
||||
state handler once registered in usbredir_realize function. This will
|
||||
lead a memory leak issue. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Message-id: 58216976.d0236b0a.77b99.bcd6@mx.google.com
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
hw/usb/redirect.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
|
||||
index 444672a..42aeaa4 100644
|
||||
--- a/hw/usb/redirect.c
|
||||
+++ b/hw/usb/redirect.c
|
||||
@@ -132,6 +132,7 @@ struct USBRedirDevice {
|
||||
struct usbredirfilter_rule *filter_rules;
|
||||
int filter_rules_count;
|
||||
int compatible_speedmask;
|
||||
+ VMChangeStateEntry *vmstate;
|
||||
};
|
||||
|
||||
#define TYPE_USB_REDIR "usb-redir"
|
||||
@@ -1409,7 +1410,8 @@ static void usbredir_realize(USBDevice *udev, Error **errp)
|
||||
qemu_chr_add_handlers(dev->cs, usbredir_chardev_can_read,
|
||||
usbredir_chardev_read, usbredir_chardev_event, dev);
|
||||
|
||||
- qemu_add_vm_change_state_handler(usbredir_vm_state_change, dev);
|
||||
+ dev->vmstate =
|
||||
+ qemu_add_vm_change_state_handler(usbredir_vm_state_change, dev);
|
||||
}
|
||||
|
||||
static void usbredir_cleanup_device_queues(USBRedirDevice *dev)
|
||||
@@ -1446,6 +1448,7 @@ static void usbredir_handle_destroy(USBDevice *udev)
|
||||
}
|
||||
|
||||
free(dev->filter_rules);
|
||||
+ qemu_del_vm_change_state_handler(dev->vmstate);
|
||||
}
|
||||
|
||||
static int usbredir_check_filter(USBRedirDevice *dev)
|
||||
--
|
||||
2.1.4
|
||||
|
31
debian/patches/extra/CVE-2016-9908-virtio-gpu-fix-information-leak-in-capset-get-dispat.patch
vendored
Normal file
31
debian/patches/extra/CVE-2016-9908-virtio-gpu-fix-information-leak-in-capset-get-dispat.patch
vendored
Normal file
@ -0,0 +1,31 @@
|
||||
From bde803ceb42d6bddc06a1881c00acdf203214772 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Tue, 1 Nov 2016 05:37:57 -0700
|
||||
Subject: [PATCH 10/12] virtio-gpu: fix information leak in capset get dispatch
|
||||
|
||||
In virgl_cmd_get_capset function, it uses g_malloc to allocate
|
||||
a response struct to the guest. As the 'resp'struct hasn't been full
|
||||
initialized it will lead the 'resp->padding' field to the guest.
|
||||
Use g_malloc0 to avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
---
|
||||
hw/display/virtio-gpu-3d.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
|
||||
index 23f39de..d98b140 100644
|
||||
--- a/hw/display/virtio-gpu-3d.c
|
||||
+++ b/hw/display/virtio-gpu-3d.c
|
||||
@@ -371,7 +371,7 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
|
||||
|
||||
virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
|
||||
&max_size);
|
||||
- resp = g_malloc(sizeof(*resp) + max_size);
|
||||
+ resp = g_malloc0(sizeof(*resp) + max_size);
|
||||
|
||||
resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
|
||||
virgl_renderer_fill_caps(gc.capset_id,
|
||||
--
|
||||
2.1.4
|
||||
|
31
debian/patches/extra/CVE-2016-9911-usb-ehci-fix-memory-leak-in-ehci_init_transfer.patch
vendored
Normal file
31
debian/patches/extra/CVE-2016-9911-usb-ehci-fix-memory-leak-in-ehci_init_transfer.patch
vendored
Normal file
@ -0,0 +1,31 @@
|
||||
From 824f78bb0135cff4cb29e26c3de1cb4c2da35b46 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liqiang6-s@360.cn>
|
||||
Date: Tue, 8 Nov 2016 04:11:10 -0800
|
||||
Subject: [PATCH 05/12] usb: ehci: fix memory leak in ehci_init_transfer
|
||||
|
||||
In ehci_init_transfer function, if the 'cpage' is bigger than 4,
|
||||
it doesn't free the 'p->sgl' once allocated previously thus leading
|
||||
a memory leak issue. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
Message-id: 5821c0f4.091c6b0a.e0c92.e811@mx.google.com
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
hw/usb/hcd-ehci.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
|
||||
index f4ece9a..7622a3a 100644
|
||||
--- a/hw/usb/hcd-ehci.c
|
||||
+++ b/hw/usb/hcd-ehci.c
|
||||
@@ -1190,6 +1190,7 @@ static int ehci_init_transfer(EHCIPacket *p)
|
||||
while (bytes > 0) {
|
||||
if (cpage > 4) {
|
||||
fprintf(stderr, "cpage out of range (%d)\n", cpage);
|
||||
+ qemu_sglist_destroy(&p->sgl);
|
||||
return -1;
|
||||
}
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
39
debian/patches/extra/CVE-2016-9912-virtio-gpu-call-cleanup-mapping-function-in-resource.patch
vendored
Normal file
39
debian/patches/extra/CVE-2016-9912-virtio-gpu-call-cleanup-mapping-function-in-resource.patch
vendored
Normal file
@ -0,0 +1,39 @@
|
||||
From efc44f269fe72bab2c496f21809f6bef20d9c398 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liq3ea@gmail.com>
|
||||
Date: Mon, 28 Nov 2016 21:29:25 -0500
|
||||
Subject: [PATCH 11/12] virtio-gpu: call cleanup mapping function in resource
|
||||
destroy
|
||||
|
||||
If the guest destroy the resource before detach banking, the 'iov'
|
||||
and 'addrs' field in resource is not freed thus leading memory
|
||||
leak issue. This patch avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <liq3ea@gmail.com>
|
||||
---
|
||||
hw/display/virtio-gpu.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
|
||||
index 41f8096..8903dee 100644
|
||||
--- a/hw/display/virtio-gpu.c
|
||||
+++ b/hw/display/virtio-gpu.c
|
||||
@@ -28,6 +28,8 @@
|
||||
static struct virtio_gpu_simple_resource*
|
||||
virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
|
||||
|
||||
+static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res);
|
||||
+
|
||||
#ifdef CONFIG_VIRGL
|
||||
#include <virglrenderer.h>
|
||||
#define VIRGL(_g, _virgl, _simple, ...) \
|
||||
@@ -359,6 +361,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g,
|
||||
struct virtio_gpu_simple_resource *res)
|
||||
{
|
||||
pixman_image_unref(res->image);
|
||||
+ virtio_gpu_cleanup_mapping(res);
|
||||
QTAILQ_REMOVE(&g->reslist, res, next);
|
||||
g_free(res);
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
43
debian/patches/extra/CVE-2016-9913-9pfs-adjust-the-order-of-resource-cleanup-in-device-.patch
vendored
Normal file
43
debian/patches/extra/CVE-2016-9913-9pfs-adjust-the-order-of-resource-cleanup-in-device-.patch
vendored
Normal file
@ -0,0 +1,43 @@
|
||||
From 9be364d4b3bc173103bec0dc76259f40d232eb88 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liq3ea@gmail.com>
|
||||
Date: Wed, 23 Nov 2016 13:53:34 +0100
|
||||
Subject: [PATCH 06/12] 9pfs: adjust the order of resource cleanup in device
|
||||
unrealize
|
||||
|
||||
Unrealize should undo things that were set during realize in
|
||||
reverse order. So should do in the error path in realize.
|
||||
|
||||
Signed-off-by: Li Qiang <liq3ea@gmail.com>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
---
|
||||
hw/9pfs/9p.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index fc4f2cd..ced7b4c 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -3490,8 +3490,8 @@ int v9fs_device_realize_common(V9fsState *s, Error **errp)
|
||||
rc = 0;
|
||||
out:
|
||||
if (rc) {
|
||||
- g_free(s->ctx.fs_root);
|
||||
g_free(s->tag);
|
||||
+ g_free(s->ctx.fs_root);
|
||||
v9fs_path_free(&path);
|
||||
}
|
||||
return rc;
|
||||
@@ -3499,8 +3499,8 @@ out:
|
||||
|
||||
void v9fs_device_unrealize_common(V9fsState *s, Error **errp)
|
||||
{
|
||||
- g_free(s->ctx.fs_root);
|
||||
g_free(s->tag);
|
||||
+ g_free(s->ctx.fs_root);
|
||||
}
|
||||
|
||||
static void __attribute__((__constructor__)) v9fs_set_fd_limit(void)
|
||||
--
|
||||
2.1.4
|
||||
|
56
debian/patches/extra/CVE-2016-9914-9pfs-add-cleanup-operation-in-FileOperations.patch
vendored
Normal file
56
debian/patches/extra/CVE-2016-9914-9pfs-add-cleanup-operation-in-FileOperations.patch
vendored
Normal file
@ -0,0 +1,56 @@
|
||||
From f2ef9ae2a512fca1df0d56c226adc24ddf002b8b Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liq3ea@gmail.com>
|
||||
Date: Wed, 23 Nov 2016 13:53:34 +0100
|
||||
Subject: [PATCH 07/12] 9pfs: add cleanup operation in FileOperations
|
||||
|
||||
Currently, the backend of VirtFS doesn't have a cleanup
|
||||
function. This will lead resource leak issues if the backed
|
||||
driver allocates resources. This patch addresses this issue.
|
||||
|
||||
Signed-off-by: Li Qiang <liq3ea@gmail.com>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
---
|
||||
fsdev/file-op-9p.h | 1 +
|
||||
hw/9pfs/9p.c | 6 ++++++
|
||||
2 files changed, 7 insertions(+)
|
||||
|
||||
diff --git a/fsdev/file-op-9p.h b/fsdev/file-op-9p.h
|
||||
index 6db9fea..a56dc84 100644
|
||||
--- a/fsdev/file-op-9p.h
|
||||
+++ b/fsdev/file-op-9p.h
|
||||
@@ -100,6 +100,7 @@ struct FileOperations
|
||||
{
|
||||
int (*parse_opts)(QemuOpts *, struct FsDriverEntry *);
|
||||
int (*init)(struct FsContext *);
|
||||
+ void (*cleanup)(struct FsContext *);
|
||||
int (*lstat)(FsContext *, V9fsPath *, struct stat *);
|
||||
ssize_t (*readlink)(FsContext *, V9fsPath *, char *, size_t);
|
||||
int (*chmod)(FsContext *, V9fsPath *, FsCred *);
|
||||
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
|
||||
index ced7b4c..f2a90d4 100644
|
||||
--- a/hw/9pfs/9p.c
|
||||
+++ b/hw/9pfs/9p.c
|
||||
@@ -3490,6 +3490,9 @@ int v9fs_device_realize_common(V9fsState *s, Error **errp)
|
||||
rc = 0;
|
||||
out:
|
||||
if (rc) {
|
||||
+ if (s->ops->cleanup && s->ctx.private) {
|
||||
+ s->ops->cleanup(&s->ctx);
|
||||
+ }
|
||||
g_free(s->tag);
|
||||
g_free(s->ctx.fs_root);
|
||||
v9fs_path_free(&path);
|
||||
@@ -3499,6 +3502,9 @@ out:
|
||||
|
||||
void v9fs_device_unrealize_common(V9fsState *s, Error **errp)
|
||||
{
|
||||
+ if (s->ops->cleanup) {
|
||||
+ s->ops->cleanup(&s->ctx);
|
||||
+ }
|
||||
g_free(s->tag);
|
||||
g_free(s->ctx.fs_root);
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
47
debian/patches/extra/CVE-2016-9915-9pfs-add-cleanup-operation-for-handle-backend-driver.patch
vendored
Normal file
47
debian/patches/extra/CVE-2016-9915-9pfs-add-cleanup-operation-for-handle-backend-driver.patch
vendored
Normal file
@ -0,0 +1,47 @@
|
||||
From 4196726e44c437793294af15d95e53164cf9a02d Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liq3ea@gmail.com>
|
||||
Date: Wed, 23 Nov 2016 13:53:34 +0100
|
||||
Subject: [PATCH 08/12] 9pfs: add cleanup operation for handle backend driver
|
||||
|
||||
In the init operation of handle backend dirver, it allocates a
|
||||
handle_data struct and opens a mount file. We should free these
|
||||
resources when the 9pfs device is unrealized. This is what this
|
||||
patch does.
|
||||
|
||||
Signed-off-by: Li Qiang <liq3ea@gmail.com>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
---
|
||||
hw/9pfs/9p-handle.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/hw/9pfs/9p-handle.c b/hw/9pfs/9p-handle.c
|
||||
index 3d77594..1687661 100644
|
||||
--- a/hw/9pfs/9p-handle.c
|
||||
+++ b/hw/9pfs/9p-handle.c
|
||||
@@ -649,6 +649,14 @@ out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
+static void handle_cleanup(FsContext *ctx)
|
||||
+{
|
||||
+ struct handle_data *data = ctx->private;
|
||||
+
|
||||
+ close(data->mountfd);
|
||||
+ g_free(data);
|
||||
+}
|
||||
+
|
||||
static int handle_parse_opts(QemuOpts *opts, struct FsDriverEntry *fse)
|
||||
{
|
||||
const char *sec_model = qemu_opt_get(opts, "security_model");
|
||||
@@ -671,6 +679,7 @@ static int handle_parse_opts(QemuOpts *opts, struct FsDriverEntry *fse)
|
||||
FileOperations handle_ops = {
|
||||
.parse_opts = handle_parse_opts,
|
||||
.init = handle_init,
|
||||
+ .cleanup = handle_cleanup,
|
||||
.lstat = handle_lstat,
|
||||
.readlink = handle_readlink,
|
||||
.close = handle_close,
|
||||
--
|
||||
2.1.4
|
||||
|
47
debian/patches/extra/CVE-2016-9916-9pfs-add-cleanup-operation-for-proxy-backend-driver.patch
vendored
Normal file
47
debian/patches/extra/CVE-2016-9916-9pfs-add-cleanup-operation-for-proxy-backend-driver.patch
vendored
Normal file
@ -0,0 +1,47 @@
|
||||
From ae9b5c9dae96dd8d3bdf9bb6b9a0f7a2d6f532f7 Mon Sep 17 00:00:00 2001
|
||||
From: Li Qiang <liq3ea@gmail.com>
|
||||
Date: Wed, 23 Nov 2016 13:53:34 +0100
|
||||
Subject: [PATCH 09/12] 9pfs: add cleanup operation for proxy backend driver
|
||||
|
||||
In the init operation of proxy backend dirver, it allocates a
|
||||
V9fsProxy struct and some other resources. We should free these
|
||||
resources when the 9pfs device is unrealized. This is what this
|
||||
patch does.
|
||||
|
||||
Signed-off-by: Li Qiang <liq3ea@gmail.com>
|
||||
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||
Signed-off-by: Greg Kurz <groug@kaod.org>
|
||||
---
|
||||
hw/9pfs/9p-proxy.c | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c
|
||||
index f265501..336e9fe 100644
|
||||
--- a/hw/9pfs/9p-proxy.c
|
||||
+++ b/hw/9pfs/9p-proxy.c
|
||||
@@ -1179,9 +1179,22 @@ static int proxy_init(FsContext *ctx)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static void proxy_cleanup(FsContext *ctx)
|
||||
+{
|
||||
+ V9fsProxy *proxy = ctx->private;
|
||||
+
|
||||
+ g_free(proxy->out_iovec.iov_base);
|
||||
+ g_free(proxy->in_iovec.iov_base);
|
||||
+ if (ctx->export_flags & V9FS_PROXY_SOCK_NAME) {
|
||||
+ close(proxy->sockfd);
|
||||
+ }
|
||||
+ g_free(proxy);
|
||||
+}
|
||||
+
|
||||
FileOperations proxy_ops = {
|
||||
.parse_opts = proxy_parse_opts,
|
||||
.init = proxy_init,
|
||||
+ .cleanup = proxy_cleanup,
|
||||
.lstat = proxy_lstat,
|
||||
.readlink = proxy_readlink,
|
||||
.close = proxy_close,
|
||||
--
|
||||
2.1.4
|
||||
|
81
debian/patches/extra/CVE-2016-9921-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch
vendored
Normal file
81
debian/patches/extra/CVE-2016-9921-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch
vendored
Normal file
@ -0,0 +1,81 @@
|
||||
From 9ec3cbedab41f93d2fbf742f2ca6705c2d68c3e1 Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Tue, 18 Oct 2016 13:15:17 +0530
|
||||
Subject: [PATCH 12/12] display: cirrus: check vga bits per pixel(bpp) value
|
||||
|
||||
In Cirrus CLGD 54xx VGA Emulator, if cirrus graphics mode is VGA,
|
||||
'cirrus_get_bpp' returns zero(0), which could lead to a divide
|
||||
by zero error in while copying pixel data. The same could occur
|
||||
via blit pitch values. Add check to avoid it.
|
||||
|
||||
Reported-by: Huawei PSIRT <psirt@huawei.com>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Message-id: 1476776717-24807-1-git-send-email-ppandit@redhat.com
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
|
||||
Notes:
|
||||
CVE-2016-9921
|
||||
CVE-2016-9922
|
||||
|
||||
hw/display/cirrus_vga.c | 14 ++++++++++----
|
||||
1 file changed, 10 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
||||
index 3d712d5..bdb092e 100644
|
||||
--- a/hw/display/cirrus_vga.c
|
||||
+++ b/hw/display/cirrus_vga.c
|
||||
@@ -272,6 +272,9 @@ static void cirrus_update_memory_access(CirrusVGAState *s);
|
||||
static bool blit_region_is_unsafe(struct CirrusVGAState *s,
|
||||
int32_t pitch, int32_t addr)
|
||||
{
|
||||
+ if (!pitch) {
|
||||
+ return true;
|
||||
+ }
|
||||
if (pitch < 0) {
|
||||
int64_t min = addr
|
||||
+ ((int64_t)s->cirrus_blt_height-1) * pitch;
|
||||
@@ -715,7 +718,7 @@ static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s)
|
||||
s->cirrus_addr_mask));
|
||||
}
|
||||
|
||||
-static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
|
||||
+static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
|
||||
{
|
||||
int sx = 0, sy = 0;
|
||||
int dx = 0, dy = 0;
|
||||
@@ -729,6 +732,9 @@ static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
|
||||
int width, height;
|
||||
|
||||
depth = s->vga.get_bpp(&s->vga) / 8;
|
||||
+ if (!depth) {
|
||||
+ return 0;
|
||||
+ }
|
||||
s->vga.get_resolution(&s->vga, &width, &height);
|
||||
|
||||
/* extra x, y */
|
||||
@@ -783,6 +789,8 @@ static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
|
||||
cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
|
||||
s->cirrus_blt_dstpitch, s->cirrus_blt_width,
|
||||
s->cirrus_blt_height);
|
||||
+
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
|
||||
@@ -790,11 +798,9 @@ static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
|
||||
if (blit_is_unsafe(s))
|
||||
return 0;
|
||||
|
||||
- cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
|
||||
+ return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
|
||||
s->cirrus_blt_srcaddr - s->vga.start_addr,
|
||||
s->cirrus_blt_width, s->cirrus_blt_height);
|
||||
-
|
||||
- return 1;
|
||||
}
|
||||
|
||||
/***************************************
|
||||
--
|
||||
2.1.4
|
||||
|
@ -0,0 +1,52 @@
|
||||
From d775c497a84a5c4be3f15cca85ca8440dd5880a0 Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Wed, 22 Feb 2017 13:42:31 +0100
|
||||
Subject: [PATCH qemu] cirrus: add blit_is_unsafe call to
|
||||
cirrus_bitblt_cputovideo (CVE-2017-2620)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination
|
||||
and blit width, at all. Oops. Fix it.
|
||||
|
||||
Security impact: high.
|
||||
|
||||
The missing blit destination check allows to write to host memory.
|
||||
Basically same as CVE-2014-8106 for the other blit variants.
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Message-id: 1487679663-3264-1-git-send-email-kraxel@redhat.com
|
||||
---
|
||||
hw/display/cirrus_vga.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
||||
index 1deb520..b9e7cb1 100644
|
||||
--- a/hw/display/cirrus_vga.c
|
||||
+++ b/hw/display/cirrus_vga.c
|
||||
@@ -900,6 +900,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
|
||||
{
|
||||
int w;
|
||||
|
||||
+ if (blit_is_unsafe(s, true)) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC;
|
||||
s->cirrus_srcptr = &s->cirrus_bltbuf[0];
|
||||
s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
|
||||
@@ -925,6 +929,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
|
||||
}
|
||||
s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height;
|
||||
}
|
||||
+
|
||||
+ /* the blit_is_unsafe call above should catch this */
|
||||
+ assert(s->cirrus_blt_srcpitch <= CIRRUS_BLTBUFSIZE);
|
||||
+
|
||||
s->cirrus_srcptr = s->cirrus_bltbuf;
|
||||
s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
|
||||
cirrus_update_memory_access(s);
|
||||
--
|
||||
2.1.4
|
||||
|
133
debian/patches/extra/x86-lapic-Load-LAPIC-state-at-post_load.patch
vendored
Normal file
133
debian/patches/extra/x86-lapic-Load-LAPIC-state-at-post_load.patch
vendored
Normal file
@ -0,0 +1,133 @@
|
||||
From 385c66564aad5fbbe303e0d2ee5e8ffd9c10bc23 Mon Sep 17 00:00:00 2001
|
||||
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
|
||||
Date: Mon, 12 Sep 2016 18:18:35 +0100
|
||||
Subject: [PATCH 04/36] x86/lapic: Load LAPIC state at post_load
|
||||
|
||||
Load the LAPIC state during post_load (rather than when the CPU
|
||||
starts).
|
||||
|
||||
This allows an interrupt to be delivered from the ioapic to
|
||||
the lapic prior to cpu loading, in particular the RTC that starts
|
||||
ticking as soon as we load it's state.
|
||||
|
||||
Fixes a case where Windows hangs after migration due to RTC interrupts
|
||||
disappearing.
|
||||
|
||||
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
||||
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
hw/i386/kvm/apic.c | 26 ++++++++++++++++++++++++--
|
||||
include/sysemu/kvm.h | 1 -
|
||||
target-i386/kvm.c | 17 -----------------
|
||||
3 files changed, 24 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
|
||||
index 2bd0de8..feb0002 100644
|
||||
--- a/hw/i386/kvm/apic.c
|
||||
+++ b/hw/i386/kvm/apic.c
|
||||
@@ -28,9 +28,8 @@ static inline uint32_t kvm_apic_get_reg(struct kvm_lapic_state *kapic,
|
||||
return *((uint32_t *)(kapic->regs + (reg_id << 4)));
|
||||
}
|
||||
|
||||
-void kvm_put_apic_state(DeviceState *dev, struct kvm_lapic_state *kapic)
|
||||
+static void kvm_put_apic_state(APICCommonState *s, struct kvm_lapic_state *kapic)
|
||||
{
|
||||
- APICCommonState *s = APIC_COMMON(dev);
|
||||
int i;
|
||||
|
||||
memset(kapic, 0, sizeof(*kapic));
|
||||
@@ -125,6 +124,26 @@ static void kvm_apic_vapic_base_update(APICCommonState *s)
|
||||
}
|
||||
}
|
||||
|
||||
+static void kvm_apic_put(void *data)
|
||||
+{
|
||||
+ APICCommonState *s = data;
|
||||
+ struct kvm_lapic_state kapic;
|
||||
+ int ret;
|
||||
+
|
||||
+ kvm_put_apic_state(s, &kapic);
|
||||
+
|
||||
+ ret = kvm_vcpu_ioctl(CPU(s->cpu), KVM_SET_LAPIC, &kapic);
|
||||
+ if (ret < 0) {
|
||||
+ fprintf(stderr, "KVM_SET_LAPIC failed: %s\n", strerror(ret));
|
||||
+ abort();
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void kvm_apic_post_load(APICCommonState *s)
|
||||
+{
|
||||
+ run_on_cpu(CPU(s->cpu), kvm_apic_put, s);
|
||||
+}
|
||||
+
|
||||
static void do_inject_external_nmi(void *data)
|
||||
{
|
||||
APICCommonState *s = data;
|
||||
@@ -178,6 +197,8 @@ static void kvm_apic_reset(APICCommonState *s)
|
||||
{
|
||||
/* Not used by KVM, which uses the CPU mp_state instead. */
|
||||
s->wait_for_sipi = 0;
|
||||
+
|
||||
+ run_on_cpu(CPU(s->cpu), kvm_apic_put, s);
|
||||
}
|
||||
|
||||
static void kvm_apic_realize(DeviceState *dev, Error **errp)
|
||||
@@ -206,6 +227,7 @@ static void kvm_apic_class_init(ObjectClass *klass, void *data)
|
||||
k->set_base = kvm_apic_set_base;
|
||||
k->set_tpr = kvm_apic_set_tpr;
|
||||
k->get_tpr = kvm_apic_get_tpr;
|
||||
+ k->post_load = kvm_apic_post_load;
|
||||
k->enable_tpr_reporting = kvm_apic_enable_tpr_reporting;
|
||||
k->vapic_base_update = kvm_apic_vapic_base_update;
|
||||
k->external_nmi = kvm_apic_external_nmi;
|
||||
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
|
||||
index c9c2436..ae5d81b 100644
|
||||
--- a/include/sysemu/kvm.h
|
||||
+++ b/include/sysemu/kvm.h
|
||||
@@ -372,7 +372,6 @@ int kvm_irqchip_send_msi(KVMState *s, MSIMessage msg);
|
||||
|
||||
void kvm_irqchip_add_irq_route(KVMState *s, int gsi, int irqchip, int pin);
|
||||
|
||||
-void kvm_put_apic_state(DeviceState *d, struct kvm_lapic_state *kapic);
|
||||
void kvm_get_apic_state(DeviceState *d, struct kvm_lapic_state *kapic);
|
||||
|
||||
struct kvm_guest_debug;
|
||||
diff --git a/target-i386/kvm.c b/target-i386/kvm.c
|
||||
index d1a25c5..f1ad805 100644
|
||||
--- a/target-i386/kvm.c
|
||||
+++ b/target-i386/kvm.c
|
||||
@@ -2416,19 +2416,6 @@ static int kvm_get_apic(X86CPU *cpu)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static int kvm_put_apic(X86CPU *cpu)
|
||||
-{
|
||||
- DeviceState *apic = cpu->apic_state;
|
||||
- struct kvm_lapic_state kapic;
|
||||
-
|
||||
- if (apic && kvm_irqchip_in_kernel()) {
|
||||
- kvm_put_apic_state(apic, &kapic);
|
||||
-
|
||||
- return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_LAPIC, &kapic);
|
||||
- }
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
static int kvm_put_vcpu_events(X86CPU *cpu, int level)
|
||||
{
|
||||
CPUState *cs = CPU(cpu);
|
||||
@@ -2670,10 +2657,6 @@ int kvm_arch_put_registers(CPUState *cpu, int level)
|
||||
if (ret < 0) {
|
||||
return ret;
|
||||
}
|
||||
- ret = kvm_put_apic(x86_cpu);
|
||||
- if (ret < 0) {
|
||||
- return ret;
|
||||
- }
|
||||
}
|
||||
|
||||
ret = kvm_put_tscdeadline_msr(x86_cpu);
|
||||
--
|
||||
2.1.4
|
||||
|
48
debian/patches/pve/0001-fr-ca-keymap-corrections.patch
vendored
Normal file
48
debian/patches/pve/0001-fr-ca-keymap-corrections.patch
vendored
Normal file
@ -0,0 +1,48 @@
|
||||
From 109c1a773ac37b2dc3d9781ce203a804d3e77651 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 14:15:49 +0100
|
||||
Subject: [PATCH 01/47] fr-ca keymap corrections
|
||||
|
||||
---
|
||||
pc-bios/keymaps/fr-ca | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/pc-bios/keymaps/fr-ca b/pc-bios/keymaps/fr-ca
|
||||
index b645208..9291240 100644
|
||||
--- a/pc-bios/keymaps/fr-ca
|
||||
+++ b/pc-bios/keymaps/fr-ca
|
||||
@@ -14,22 +14,31 @@ bar 0x29 shift
|
||||
twosuperior 0x9 altgr
|
||||
threesuperior 0xa altgr
|
||||
onequarter 0xb altgr
|
||||
+minus 0x0c
|
||||
onehalf 0xc altgr
|
||||
+equal 0xd
|
||||
threequarters 0xd altgr
|
||||
section 0x18 altgr
|
||||
paragraph 0x19 altgr
|
||||
bracketleft 0x1a altgr
|
||||
bracketright 0x1b altgr
|
||||
+semicolon 0x27
|
||||
+colon 0x27 shift
|
||||
asciitilde 0x27 altgr
|
||||
braceleft 0x28 altgr
|
||||
+numbersign 0x29
|
||||
braceright 0x2b altgr
|
||||
less 0x2b
|
||||
greater 0x2b shift
|
||||
guillemotleft 0x56
|
||||
guillemotright 0x56 shift
|
||||
degree 0x56 altgr
|
||||
+comma 0x33
|
||||
mu 0x32 altgr
|
||||
+apostrophe 0x33 shift
|
||||
+period 0x34 shift
|
||||
eacute 0x35
|
||||
+Eacute 0x35 shift
|
||||
dead_acute 0x35 altgr
|
||||
dead_grave 0x28
|
||||
dead_circumflex 0x1a
|
||||
--
|
||||
2.1.4
|
||||
|
28
debian/patches/pve/0002-Adjust-network-script-path-to-etc-kvm.patch
vendored
Normal file
28
debian/patches/pve/0002-Adjust-network-script-path-to-etc-kvm.patch
vendored
Normal file
@ -0,0 +1,28 @@
|
||||
From 1dfa1a8df7b065e15639d078c0f137f2dec7c3fa Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 14:16:49 +0100
|
||||
Subject: [PATCH 02/47] Adjust network script path to /etc/kvm/
|
||||
|
||||
---
|
||||
include/net/net.h | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/include/net/net.h b/include/net/net.h
|
||||
index e8d9e9e..375e81d 100644
|
||||
--- a/include/net/net.h
|
||||
+++ b/include/net/net.h
|
||||
@@ -216,8 +216,9 @@ void qmp_netdev_add(QDict *qdict, QObject **ret, Error **errp);
|
||||
int net_hub_id_for_client(NetClientState *nc, int *id);
|
||||
NetClientState *net_hub_port_find(int hub_id);
|
||||
|
||||
-#define DEFAULT_NETWORK_SCRIPT "/etc/qemu-ifup"
|
||||
-#define DEFAULT_NETWORK_DOWN_SCRIPT "/etc/qemu-ifdown"
|
||||
+#define DEFAULT_NETWORK_SCRIPT "/etc/kvm/kvm-ifup"
|
||||
+#define DEFAULT_NETWORK_DOWN_SCRIPT "/etc/kvm/kvm-ifdown"
|
||||
+
|
||||
#define DEFAULT_BRIDGE_HELPER CONFIG_QEMU_HELPERDIR "/qemu-bridge-helper"
|
||||
#define DEFAULT_BRIDGE_INTERFACE "br0"
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
65
debian/patches/pve/0003-vnc-altgr-emulation.patch
vendored
Normal file
65
debian/patches/pve/0003-vnc-altgr-emulation.patch
vendored
Normal file
@ -0,0 +1,65 @@
|
||||
From cf2ef62fc7d4ff7e64eed5a01e499c91b62121b9 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 14:17:38 +0100
|
||||
Subject: [PATCH 03/47] vnc: altgr emulation
|
||||
|
||||
---
|
||||
ui/vnc.c | 26 +++++++++++++++++++++++++-
|
||||
1 file changed, 25 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ui/vnc.c b/ui/vnc.c
|
||||
index 76a3273..b9f36b5 100644
|
||||
--- a/ui/vnc.c
|
||||
+++ b/ui/vnc.c
|
||||
@@ -1733,6 +1733,10 @@ static void kbd_leds(void *opaque, int ledstate)
|
||||
|
||||
static void do_key_event(VncState *vs, int down, int keycode, int sym)
|
||||
{
|
||||
+ int mods = keycode & 0xf00;
|
||||
+
|
||||
+ keycode &= SCANCODE_KEYMASK;
|
||||
+
|
||||
/* QEMU console switch */
|
||||
switch(keycode) {
|
||||
case 0x2a: /* Left Shift */
|
||||
@@ -1813,8 +1817,27 @@ static void do_key_event(VncState *vs, int down, int keycode, int sym)
|
||||
}
|
||||
|
||||
if (qemu_console_is_graphic(NULL)) {
|
||||
+
|
||||
+ /* our java vnc client never sends ALTGR, so we create
|
||||
+ an artificial up/down event */
|
||||
+
|
||||
+ int emul_altgr = (mods & SCANCODE_ALTGR) &&
|
||||
+ !vs->modifiers_state[0xb8];
|
||||
+
|
||||
+ if (emul_altgr) {
|
||||
+ reset_keys(vs);
|
||||
+ qemu_input_event_send_key_number(vs->vd->dcl.con, 0xb8, true);
|
||||
+ qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
|
||||
+ }
|
||||
+
|
||||
qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
|
||||
qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
|
||||
+
|
||||
+ if (emul_altgr) {
|
||||
+ qemu_input_event_send_key_number(vs->vd->dcl.con, 0xb8, false);
|
||||
+ qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
|
||||
+ }
|
||||
+
|
||||
} else {
|
||||
bool numlock = vs->modifiers_state[0x45];
|
||||
bool control = (vs->modifiers_state[0x1d] ||
|
||||
@@ -1954,7 +1977,8 @@ static void key_event(VncState *vs, int down, uint32_t sym)
|
||||
lsym = lsym - 'A' + 'a';
|
||||
}
|
||||
|
||||
- keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
|
||||
+ keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF);
|
||||
+
|
||||
trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
|
||||
do_key_event(vs, down, keycode, sym);
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
26
debian/patches/pve/0004-qemu-img-return-success-on-info-without-snapshots.patch
vendored
Normal file
26
debian/patches/pve/0004-qemu-img-return-success-on-info-without-snapshots.patch
vendored
Normal file
@ -0,0 +1,26 @@
|
||||
From baf469b28e3f1bfd5b03e449ffcd8f41c80a5387 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 14:18:46 +0100
|
||||
Subject: [PATCH 04/47] qemu-img: return success on info without snapshots
|
||||
|
||||
---
|
||||
qemu-img.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/qemu-img.c b/qemu-img.c
|
||||
index f204d041..99be68f 100644
|
||||
--- a/qemu-img.c
|
||||
+++ b/qemu-img.c
|
||||
@@ -2389,7 +2389,8 @@ static int img_info(int argc, char **argv)
|
||||
|
||||
list = collect_image_info_list(image_opts, filename, fmt, chain);
|
||||
if (!list) {
|
||||
- return 1;
|
||||
+ // return success if snapshot does not exists
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
switch (output_format) {
|
||||
--
|
||||
2.1.4
|
||||
|
27
debian/patches/pve/0005-use-kvm-by-default.patch
vendored
Normal file
27
debian/patches/pve/0005-use-kvm-by-default.patch
vendored
Normal file
@ -0,0 +1,27 @@
|
||||
From c5405c552945f19b36ecc748a2a0e0ec14dff31e Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 14:27:05 +0100
|
||||
Subject: [PATCH 05/47] use kvm by default
|
||||
|
||||
---
|
||||
accel.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/accel.c b/accel.c
|
||||
index 403eb5e..dd2ebea 100644
|
||||
--- a/accel.c
|
||||
+++ b/accel.c
|
||||
@@ -88,8 +88,8 @@ void configure_accelerator(MachineState *ms)
|
||||
|
||||
p = qemu_opt_get(qemu_get_machine_opts(), "accel");
|
||||
if (p == NULL) {
|
||||
- /* Use the default "accelerator", tcg */
|
||||
- p = "tcg";
|
||||
+ /* Use the default "accelerator", kvm */
|
||||
+ p = "kvm";
|
||||
}
|
||||
|
||||
while (!accel_initialised && *p != '\0') {
|
||||
--
|
||||
2.1.4
|
||||
|
169
debian/patches/pve/0006-virtio-balloon-fix-query.patch
vendored
Normal file
169
debian/patches/pve/0006-virtio-balloon-fix-query.patch
vendored
Normal file
@ -0,0 +1,169 @@
|
||||
From 132444451193736847c68d91f74c09cb76a16e6a Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 14:27:49 +0100
|
||||
Subject: [PATCH 06/47] virtio-balloon: fix query
|
||||
|
||||
Actually provide memory information via the query-balloon
|
||||
command.
|
||||
---
|
||||
hmp.c | 30 +++++++++++++++++++++++++++++-
|
||||
hw/virtio/virtio-balloon.c | 33 +++++++++++++++++++++++++++++++--
|
||||
qapi-schema.json | 23 +++++++++++++++++++++--
|
||||
qmp-commands.hx | 13 +++++++++++++
|
||||
4 files changed, 94 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/hmp.c b/hmp.c
|
||||
index bb45f7f..3b0dd81 100644
|
||||
--- a/hmp.c
|
||||
+++ b/hmp.c
|
||||
@@ -704,7 +704,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict)
|
||||
return;
|
||||
}
|
||||
|
||||
- monitor_printf(mon, "balloon: actual=%" PRId64 "\n", info->actual >> 20);
|
||||
+ monitor_printf(mon, "balloon: actual=%" PRId64, info->actual >> 20);
|
||||
+ monitor_printf(mon, " max_mem=%" PRId64, info->max_mem >> 20);
|
||||
+ if (info->has_total_mem) {
|
||||
+ monitor_printf(mon, " total_mem=%" PRId64, info->total_mem >> 20);
|
||||
+ }
|
||||
+ if (info->has_free_mem) {
|
||||
+ monitor_printf(mon, " free_mem=%" PRId64, info->free_mem >> 20);
|
||||
+ }
|
||||
+
|
||||
+ if (info->has_mem_swapped_in) {
|
||||
+ monitor_printf(mon, " mem_swapped_in=%" PRId64, info->mem_swapped_in);
|
||||
+ }
|
||||
+ if (info->has_mem_swapped_out) {
|
||||
+ monitor_printf(mon, " mem_swapped_out=%" PRId64, info->mem_swapped_out);
|
||||
+ }
|
||||
+ if (info->has_major_page_faults) {
|
||||
+ monitor_printf(mon, " major_page_faults=%" PRId64,
|
||||
+ info->major_page_faults);
|
||||
+ }
|
||||
+ if (info->has_minor_page_faults) {
|
||||
+ monitor_printf(mon, " minor_page_faults=%" PRId64,
|
||||
+ info->minor_page_faults);
|
||||
+ }
|
||||
+ if (info->has_last_update) {
|
||||
+ monitor_printf(mon, " last_update=%" PRId64,
|
||||
+ info->last_update);
|
||||
+ }
|
||||
+
|
||||
+ monitor_printf(mon, "\n");
|
||||
|
||||
qapi_free_BalloonInfo(info);
|
||||
}
|
||||
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
|
||||
index ad4189a..b3a17f4 100644
|
||||
--- a/hw/virtio/virtio-balloon.c
|
||||
+++ b/hw/virtio/virtio-balloon.c
|
||||
@@ -376,8 +376,37 @@ static uint64_t virtio_balloon_get_features(VirtIODevice *vdev, uint64_t f,
|
||||
static void virtio_balloon_stat(void *opaque, BalloonInfo *info)
|
||||
{
|
||||
VirtIOBalloon *dev = opaque;
|
||||
- info->actual = get_current_ram_size() - ((uint64_t) dev->actual <<
|
||||
- VIRTIO_BALLOON_PFN_SHIFT);
|
||||
+ ram_addr_t ram_size = get_current_ram_size();
|
||||
+ info->actual = ram_size - ((uint64_t) dev->actual <<
|
||||
+ VIRTIO_BALLOON_PFN_SHIFT);
|
||||
+
|
||||
+ info->max_mem = ram_size;
|
||||
+
|
||||
+ if (!(balloon_stats_enabled(dev) && balloon_stats_supported(dev) &&
|
||||
+ dev->stats_last_update)) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ info->last_update = dev->stats_last_update;
|
||||
+ info->has_last_update = true;
|
||||
+
|
||||
+ info->mem_swapped_in = dev->stats[VIRTIO_BALLOON_S_SWAP_IN];
|
||||
+ info->has_mem_swapped_in = info->mem_swapped_in >= 0 ? true : false;
|
||||
+
|
||||
+ info->mem_swapped_out = dev->stats[VIRTIO_BALLOON_S_SWAP_OUT];
|
||||
+ info->has_mem_swapped_out = info->mem_swapped_out >= 0 ? true : false;
|
||||
+
|
||||
+ info->major_page_faults = dev->stats[VIRTIO_BALLOON_S_MAJFLT];
|
||||
+ info->has_major_page_faults = info->major_page_faults >= 0 ? true : false;
|
||||
+
|
||||
+ info->minor_page_faults = dev->stats[VIRTIO_BALLOON_S_MINFLT];
|
||||
+ info->has_minor_page_faults = info->minor_page_faults >= 0 ? true : false;
|
||||
+
|
||||
+ info->free_mem = dev->stats[VIRTIO_BALLOON_S_MEMFREE];
|
||||
+ info->has_free_mem = info->free_mem >= 0 ? true : false;
|
||||
+
|
||||
+ info->total_mem = dev->stats[VIRTIO_BALLOON_S_MEMTOT];
|
||||
+ info->has_total_mem = info->total_mem >= 0 ? true : false;
|
||||
}
|
||||
|
||||
static void virtio_balloon_to_target(void *opaque, ram_addr_t target)
|
||||
diff --git a/qapi-schema.json b/qapi-schema.json
|
||||
index 5658723..4bf7222 100644
|
||||
--- a/qapi-schema.json
|
||||
+++ b/qapi-schema.json
|
||||
@@ -1278,10 +1278,29 @@
|
||||
#
|
||||
# @actual: the number of bytes the balloon currently contains
|
||||
#
|
||||
-# Since: 0.14.0
|
||||
+# @last_update: #optional time when stats got updated from guest
|
||||
+#
|
||||
+# @mem_swapped_in: #optional number of pages swapped in within the guest
|
||||
+#
|
||||
+# @mem_swapped_out: #optional number of pages swapped out within the guest
|
||||
+#
|
||||
+# @major_page_faults: #optional number of major page faults within the guest
|
||||
#
|
||||
+# @minor_page_faults: #optional number of minor page faults within the guest
|
||||
+#
|
||||
+# @free_mem: #optional amount of memory (in bytes) free in the guest
|
||||
+#
|
||||
+# @total_mem: #optional amount of memory (in bytes) visible to the guest
|
||||
+#
|
||||
+# @max_mem: amount of memory (in bytes) assigned to the guest
|
||||
+#
|
||||
+# Since: 0.14.0
|
||||
##
|
||||
-{ 'struct': 'BalloonInfo', 'data': {'actual': 'int' } }
|
||||
+{ 'struct': 'BalloonInfo',
|
||||
+ 'data': {'actual': 'int', '*last_update': 'int', '*mem_swapped_in': 'int',
|
||||
+ '*mem_swapped_out': 'int', '*major_page_faults': 'int',
|
||||
+ '*minor_page_faults': 'int', '*free_mem': 'int',
|
||||
+ '*total_mem': 'int', 'max_mem': 'int' } }
|
||||
|
||||
##
|
||||
# @query-balloon:
|
||||
diff --git a/qmp-commands.hx b/qmp-commands.hx
|
||||
index 6866264..6de28d4 100644
|
||||
--- a/qmp-commands.hx
|
||||
+++ b/qmp-commands.hx
|
||||
@@ -3854,6 +3854,13 @@ Make an asynchronous request for balloon info. When the request completes a
|
||||
json-object will be returned containing the following data:
|
||||
|
||||
- "actual": current balloon value in bytes (json-int)
|
||||
+- "mem_swapped_in": Amount of memory swapped in bytes (json-int, optional)
|
||||
+- "mem_swapped_out": Amount of memory swapped out in bytes (json-int, optional)
|
||||
+- "major_page_faults": Number of major faults (json-int, optional)
|
||||
+- "minor_page_faults": Number of minor faults (json-int, optional)
|
||||
+- "free_mem": Total amount of free and unused memory in
|
||||
+ bytes (json-int, optional)
|
||||
+- "total_mem": Total amount of available memory in bytes (json-int, optional)
|
||||
|
||||
Example:
|
||||
|
||||
@@ -3861,6 +3868,12 @@ Example:
|
||||
<- {
|
||||
"return":{
|
||||
"actual":1073741824,
|
||||
+ "mem_swapped_in":0,
|
||||
+ "mem_swapped_out":0,
|
||||
+ "major_page_faults":142,
|
||||
+ "minor_page_faults":239245,
|
||||
+ "free_mem":1014185984,
|
||||
+ "total_mem":1044668416
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
28
debian/patches/pve/0007-set-the-CPU-model-to-kvm64-32-instead-of-qemu64-32.patch
vendored
Normal file
28
debian/patches/pve/0007-set-the-CPU-model-to-kvm64-32-instead-of-qemu64-32.patch
vendored
Normal file
@ -0,0 +1,28 @@
|
||||
From 118ca6343a48aaab7d1a8f252fb36008c823e551 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 14:30:21 +0100
|
||||
Subject: [PATCH 07/47] set the CPU model to kvm64/32 instead of qemu64/32
|
||||
|
||||
---
|
||||
hw/i386/pc.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
|
||||
index 022dd1b..ba8a5a1 100644
|
||||
--- a/hw/i386/pc.c
|
||||
+++ b/hw/i386/pc.c
|
||||
@@ -1160,9 +1160,9 @@ void pc_cpus_init(PCMachineState *pcms)
|
||||
/* init CPUs */
|
||||
if (machine->cpu_model == NULL) {
|
||||
#ifdef TARGET_X86_64
|
||||
- machine->cpu_model = "qemu64";
|
||||
+ machine->cpu_model = "kvm64";
|
||||
#else
|
||||
- machine->cpu_model = "qemu32";
|
||||
+ machine->cpu_model = "kvm32";
|
||||
#endif
|
||||
}
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
52
debian/patches/pve/0008-qapi-modify-query-machines.patch
vendored
Normal file
52
debian/patches/pve/0008-qapi-modify-query-machines.patch
vendored
Normal file
@ -0,0 +1,52 @@
|
||||
From dc5b92fbb2d405fd86228409b1f25c0bb2d6d973 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 14:31:18 +0100
|
||||
Subject: [PATCH 08/47] qapi: modify query machines
|
||||
|
||||
provide '*is-current' in MachineInfo struct
|
||||
---
|
||||
qapi-schema.json | 4 +++-
|
||||
vl.c | 5 +++++
|
||||
2 files changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/qapi-schema.json b/qapi-schema.json
|
||||
index 4bf7222..63507f5 100644
|
||||
--- a/qapi-schema.json
|
||||
+++ b/qapi-schema.json
|
||||
@@ -3027,6 +3027,8 @@
|
||||
#
|
||||
# @default: #optional whether the machine is default
|
||||
#
|
||||
+# @current: #optional whether this machine is currently used
|
||||
+#
|
||||
# @cpu-max: maximum number of CPUs supported by the machine type
|
||||
# (since 1.5.0)
|
||||
#
|
||||
@@ -3036,7 +3038,7 @@
|
||||
##
|
||||
{ 'struct': 'MachineInfo',
|
||||
'data': { 'name': 'str', '*alias': 'str',
|
||||
- '*is-default': 'bool', 'cpu-max': 'int',
|
||||
+ '*is-default': 'bool', '*is-current': 'bool', 'cpu-max': 'int',
|
||||
'hotpluggable-cpus': 'bool'} }
|
||||
|
||||
##
|
||||
diff --git a/vl.c b/vl.c
|
||||
index 6a218ce..b226e0b 100644
|
||||
--- a/vl.c
|
||||
+++ b/vl.c
|
||||
@@ -1509,6 +1509,11 @@ MachineInfoList *qmp_query_machines(Error **errp)
|
||||
info->cpu_max = !mc->max_cpus ? 1 : mc->max_cpus;
|
||||
info->hotpluggable_cpus = !!mc->query_hotpluggable_cpus;
|
||||
|
||||
+ if (strcmp(mc->name, MACHINE_GET_CLASS(current_machine)->name) == 0) {
|
||||
+ info->has_is_current = true;
|
||||
+ info->is_current = true;
|
||||
+ }
|
||||
+
|
||||
entry = g_malloc0(sizeof(*entry));
|
||||
entry->value = info;
|
||||
entry->next = mach_list;
|
||||
--
|
||||
2.1.4
|
||||
|
49
debian/patches/pve/0009-qapi-modify-spice-query.patch
vendored
Normal file
49
debian/patches/pve/0009-qapi-modify-spice-query.patch
vendored
Normal file
@ -0,0 +1,49 @@
|
||||
From c09467afaf37989942076b45f6ffa7bb8ebde2ca Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 14:32:11 +0100
|
||||
Subject: [PATCH 09/47] qapi: modify spice query
|
||||
|
||||
Provide the last ticket in the SpiceInfo struct optionally.
|
||||
---
|
||||
qapi-schema.json | 3 +++
|
||||
ui/spice-core.c | 5 +++++
|
||||
2 files changed, 8 insertions(+)
|
||||
|
||||
diff --git a/qapi-schema.json b/qapi-schema.json
|
||||
index 63507f5..518c2ea 100644
|
||||
--- a/qapi-schema.json
|
||||
+++ b/qapi-schema.json
|
||||
@@ -1253,11 +1253,14 @@
|
||||
#
|
||||
# @channels: a list of @SpiceChannel for each active spice channel
|
||||
#
|
||||
+# @ticket: #optional The last ticket set with set_password
|
||||
+#
|
||||
# Since: 0.14.0
|
||||
##
|
||||
{ 'struct': 'SpiceInfo',
|
||||
'data': {'enabled': 'bool', 'migrated': 'bool', '*host': 'str', '*port': 'int',
|
||||
'*tls-port': 'int', '*auth': 'str', '*compiled-version': 'str',
|
||||
+ '*ticket': 'str',
|
||||
'mouse-mode': 'SpiceQueryMouseMode', '*channels': ['SpiceChannel']} }
|
||||
|
||||
##
|
||||
diff --git a/ui/spice-core.c b/ui/spice-core.c
|
||||
index da05054..acf5a73 100644
|
||||
--- a/ui/spice-core.c
|
||||
+++ b/ui/spice-core.c
|
||||
@@ -543,6 +543,11 @@ SpiceInfo *qmp_query_spice(Error **errp)
|
||||
micro = SPICE_SERVER_VERSION & 0xff;
|
||||
info->compiled_version = g_strdup_printf("%d.%d.%d", major, minor, micro);
|
||||
|
||||
+ if (auth_passwd) {
|
||||
+ info->has_ticket = true;
|
||||
+ info->ticket = g_strdup(auth_passwd);
|
||||
+ }
|
||||
+
|
||||
if (port) {
|
||||
info->has_port = true;
|
||||
info->port = port;
|
||||
--
|
||||
2.1.4
|
||||
|
59
debian/patches/pve/0010-ui-spice-default-to-pve-certs-unless-otherwise-speci.patch
vendored
Normal file
59
debian/patches/pve/0010-ui-spice-default-to-pve-certs-unless-otherwise-speci.patch
vendored
Normal file
@ -0,0 +1,59 @@
|
||||
From 78cc6a38bfa2c986ff75a322d750a548bf2291b9 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 14:33:34 +0100
|
||||
Subject: [PATCH 10/47] ui/spice: default to pve certs unless otherwise
|
||||
specified
|
||||
|
||||
---
|
||||
ui/spice-core.c | 15 +++++++++------
|
||||
1 file changed, 9 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/ui/spice-core.c b/ui/spice-core.c
|
||||
index acf5a73..4f1cf45 100644
|
||||
--- a/ui/spice-core.c
|
||||
+++ b/ui/spice-core.c
|
||||
@@ -676,32 +676,35 @@ void qemu_spice_init(void)
|
||||
|
||||
if (tls_port) {
|
||||
x509_dir = qemu_opt_get(opts, "x509-dir");
|
||||
- if (!x509_dir) {
|
||||
- x509_dir = ".";
|
||||
- }
|
||||
|
||||
str = qemu_opt_get(opts, "x509-key-file");
|
||||
if (str) {
|
||||
x509_key_file = g_strdup(str);
|
||||
- } else {
|
||||
+ } else if (x509_dir) {
|
||||
x509_key_file = g_strdup_printf("%s/%s", x509_dir,
|
||||
X509_SERVER_KEY_FILE);
|
||||
+ } else {
|
||||
+ x509_key_file = g_strdup("/etc/pve/local/pve-ssl.key");
|
||||
}
|
||||
|
||||
str = qemu_opt_get(opts, "x509-cert-file");
|
||||
if (str) {
|
||||
x509_cert_file = g_strdup(str);
|
||||
- } else {
|
||||
+ } else if (x509_dir) {
|
||||
x509_cert_file = g_strdup_printf("%s/%s", x509_dir,
|
||||
X509_SERVER_CERT_FILE);
|
||||
+ } else {
|
||||
+ x509_cert_file = g_strdup("/etc/pve/local/pve-ssl.pem");
|
||||
}
|
||||
|
||||
str = qemu_opt_get(opts, "x509-cacert-file");
|
||||
if (str) {
|
||||
x509_cacert_file = g_strdup(str);
|
||||
- } else {
|
||||
+ } else if (x509_dir) {
|
||||
x509_cacert_file = g_strdup_printf("%s/%s", x509_dir,
|
||||
X509_CA_CERT_FILE);
|
||||
+ } else {
|
||||
+ x509_cacert_file = g_strdup("/etc/pve/pve-root-ca.pem");
|
||||
}
|
||||
|
||||
x509_key_password = qemu_opt_get(opts, "x509-key-password");
|
||||
--
|
||||
2.1.4
|
||||
|
2479
debian/patches/pve/0011-introduce-new-vma-archive-format.patch
vendored
Normal file
2479
debian/patches/pve/0011-introduce-new-vma-archive-format.patch
vendored
Normal file
File diff suppressed because it is too large
Load Diff
321
debian/patches/pve/0012-vma-add-verify-command.patch
vendored
Normal file
321
debian/patches/pve/0012-vma-add-verify-command.patch
vendored
Normal file
@ -0,0 +1,321 @@
|
||||
From 144e613eeca6a3383b981f9ca8b82c4a354b36c2 Mon Sep 17 00:00:00 2001
|
||||
From: Dietmar Maurer <dietmar@proxmox.com>
|
||||
Date: Mon, 11 Mar 2013 07:07:46 +0100
|
||||
Subject: [PATCH 12/47] vma: add verify command
|
||||
|
||||
Users wants to verify the archive after backup.
|
||||
|
||||
Examples:
|
||||
|
||||
# vma verify -v test.vma
|
||||
|
||||
# lzop -d -c test.vma.lzo |vma verify -
|
||||
|
||||
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
|
||||
---
|
||||
vma-reader.c | 121 ++++++++++++++++++++++++++++++++++++++++++++---------------
|
||||
vma.c | 55 +++++++++++++++++++++++++++
|
||||
vma.h | 1 +
|
||||
3 files changed, 147 insertions(+), 30 deletions(-)
|
||||
|
||||
diff --git a/vma-reader.c b/vma-reader.c
|
||||
index 51dd8fe..2aafb26 100644
|
||||
--- a/vma-reader.c
|
||||
+++ b/vma-reader.c
|
||||
@@ -45,6 +45,8 @@ struct VmaReader {
|
||||
time_t start_time;
|
||||
int64_t cluster_count;
|
||||
int64_t clusters_read;
|
||||
+ int64_t zero_cluster_data;
|
||||
+ int64_t partial_zero_cluster_data;
|
||||
int clusters_read_per;
|
||||
};
|
||||
|
||||
@@ -425,6 +427,27 @@ VmaDeviceInfo *vma_reader_get_device_info(VmaReader *vmar, guint8 dev_id)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+static void allocate_rstate(VmaReader *vmar, guint8 dev_id,
|
||||
+ BlockDriverState *bs, bool write_zeroes)
|
||||
+{
|
||||
+ assert(vmar);
|
||||
+ assert(dev_id);
|
||||
+
|
||||
+ vmar->rstate[dev_id].bs = bs;
|
||||
+ vmar->rstate[dev_id].write_zeroes = write_zeroes;
|
||||
+
|
||||
+ int64_t size = vmar->devinfo[dev_id].size;
|
||||
+
|
||||
+ int64_t bitmap_size = (size/BDRV_SECTOR_SIZE) +
|
||||
+ (VMA_CLUSTER_SIZE/BDRV_SECTOR_SIZE) * BITS_PER_LONG - 1;
|
||||
+ bitmap_size /= (VMA_CLUSTER_SIZE/BDRV_SECTOR_SIZE) * BITS_PER_LONG;
|
||||
+
|
||||
+ vmar->rstate[dev_id].bitmap_size = bitmap_size;
|
||||
+ vmar->rstate[dev_id].bitmap = g_new0(unsigned long, bitmap_size);
|
||||
+
|
||||
+ vmar->cluster_count += size/VMA_CLUSTER_SIZE;
|
||||
+}
|
||||
+
|
||||
int vma_reader_register_bs(VmaReader *vmar, guint8 dev_id, BlockDriverState *bs,
|
||||
bool write_zeroes, Error **errp)
|
||||
{
|
||||
@@ -447,17 +470,7 @@ int vma_reader_register_bs(VmaReader *vmar, guint8 dev_id, BlockDriverState *bs,
|
||||
return -1;
|
||||
}
|
||||
|
||||
- vmar->rstate[dev_id].bs = bs;
|
||||
- vmar->rstate[dev_id].write_zeroes = write_zeroes;
|
||||
-
|
||||
- int64_t bitmap_size = (size/BDRV_SECTOR_SIZE) +
|
||||
- (VMA_CLUSTER_SIZE/BDRV_SECTOR_SIZE) * BITS_PER_LONG - 1;
|
||||
- bitmap_size /= (VMA_CLUSTER_SIZE/BDRV_SECTOR_SIZE) * BITS_PER_LONG;
|
||||
-
|
||||
- vmar->rstate[dev_id].bitmap_size = bitmap_size;
|
||||
- vmar->rstate[dev_id].bitmap = g_new0(unsigned long, bitmap_size);
|
||||
-
|
||||
- vmar->cluster_count += size/VMA_CLUSTER_SIZE;
|
||||
+ allocate_rstate(vmar, dev_id, bs, write_zeroes);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -524,9 +537,10 @@ static int restore_write_data(VmaReader *vmar, guint8 dev_id,
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
static int restore_extent(VmaReader *vmar, unsigned char *buf,
|
||||
int extent_size, int vmstate_fd,
|
||||
- bool verbose, Error **errp)
|
||||
+ bool verbose, bool verify, Error **errp)
|
||||
{
|
||||
assert(vmar);
|
||||
assert(buf);
|
||||
@@ -551,7 +565,7 @@ static int restore_extent(VmaReader *vmar, unsigned char *buf,
|
||||
|
||||
if (dev_id != vmar->vmstate_stream) {
|
||||
bs = rstate->bs;
|
||||
- if (!bs) {
|
||||
+ if (!verify && !bs) {
|
||||
error_setg(errp, "got wrong dev id %d", dev_id);
|
||||
return -1;
|
||||
}
|
||||
@@ -607,10 +621,13 @@ static int restore_extent(VmaReader *vmar, unsigned char *buf,
|
||||
return -1;
|
||||
}
|
||||
|
||||
- int nb_sectors = end_sector - sector_num;
|
||||
- if (restore_write_data(vmar, dev_id, bs, vmstate_fd, buf + start,
|
||||
- sector_num, nb_sectors, errp) < 0) {
|
||||
- return -1;
|
||||
+ if (!verify) {
|
||||
+ int nb_sectors = end_sector - sector_num;
|
||||
+ if (restore_write_data(vmar, dev_id, bs, vmstate_fd,
|
||||
+ buf + start, sector_num, nb_sectors,
|
||||
+ errp) < 0) {
|
||||
+ return -1;
|
||||
+ }
|
||||
}
|
||||
|
||||
start += VMA_CLUSTER_SIZE;
|
||||
@@ -640,26 +657,37 @@ static int restore_extent(VmaReader *vmar, unsigned char *buf,
|
||||
return -1;
|
||||
}
|
||||
|
||||
- int nb_sectors = end_sector - sector_num;
|
||||
- if (restore_write_data(vmar, dev_id, bs, vmstate_fd,
|
||||
- buf + start, sector_num,
|
||||
- nb_sectors, errp) < 0) {
|
||||
- return -1;
|
||||
+ if (!verify) {
|
||||
+ int nb_sectors = end_sector - sector_num;
|
||||
+ if (restore_write_data(vmar, dev_id, bs, vmstate_fd,
|
||||
+ buf + start, sector_num,
|
||||
+ nb_sectors, errp) < 0) {
|
||||
+ return -1;
|
||||
+ }
|
||||
}
|
||||
|
||||
start += VMA_BLOCK_SIZE;
|
||||
|
||||
} else {
|
||||
|
||||
- if (rstate->write_zeroes && (end_sector > sector_num)) {
|
||||
+
|
||||
+ if (end_sector > sector_num) {
|
||||
/* Todo: use bdrv_co_write_zeroes (but that need to
|
||||
* be run inside coroutine?)
|
||||
*/
|
||||
int nb_sectors = end_sector - sector_num;
|
||||
- if (restore_write_data(vmar, dev_id, bs, vmstate_fd,
|
||||
- zero_vma_block, sector_num,
|
||||
- nb_sectors, errp) < 0) {
|
||||
- return -1;
|
||||
+ int zero_size = BDRV_SECTOR_SIZE*nb_sectors;
|
||||
+ vmar->zero_cluster_data += zero_size;
|
||||
+ if (mask != 0) {
|
||||
+ vmar->partial_zero_cluster_data += zero_size;
|
||||
+ }
|
||||
+
|
||||
+ if (rstate->write_zeroes && !verify) {
|
||||
+ if (restore_write_data(vmar, dev_id, bs, vmstate_fd,
|
||||
+ zero_vma_block, sector_num,
|
||||
+ nb_sectors, errp) < 0) {
|
||||
+ return -1;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -677,8 +705,9 @@ static int restore_extent(VmaReader *vmar, unsigned char *buf,
|
||||
return 0;
|
||||
}
|
||||
|
||||
-int vma_reader_restore(VmaReader *vmar, int vmstate_fd, bool verbose,
|
||||
- Error **errp)
|
||||
+static int vma_reader_restore_full(VmaReader *vmar, int vmstate_fd,
|
||||
+ bool verbose, bool verify,
|
||||
+ Error **errp)
|
||||
{
|
||||
assert(vmar);
|
||||
assert(vmar->head_data);
|
||||
@@ -745,7 +774,7 @@ int vma_reader_restore(VmaReader *vmar, int vmstate_fd, bool verbose,
|
||||
}
|
||||
|
||||
if (restore_extent(vmar, buf, extent_size, vmstate_fd, verbose,
|
||||
- errp) < 0) {
|
||||
+ verify, errp) < 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -792,6 +821,38 @@ int vma_reader_restore(VmaReader *vmar, int vmstate_fd, bool verbose,
|
||||
}
|
||||
}
|
||||
|
||||
+ if (verbose) {
|
||||
+ printf("total bytes read %zd, sparse bytes %zd (%.3g%%)\n",
|
||||
+ vmar->clusters_read*VMA_CLUSTER_SIZE,
|
||||
+ vmar->zero_cluster_data,
|
||||
+ (double)(100.0*vmar->zero_cluster_data)/
|
||||
+ (vmar->clusters_read*VMA_CLUSTER_SIZE));
|
||||
+
|
||||
+ int64_t datasize = vmar->clusters_read*VMA_CLUSTER_SIZE-vmar->zero_cluster_data;
|
||||
+ if (datasize) { // this does not make sense for empty files
|
||||
+ printf("space reduction due to 4K zero blocks %.3g%%\n",
|
||||
+ (double)(100.0*vmar->partial_zero_cluster_data) / datasize);
|
||||
+ }
|
||||
+ }
|
||||
return ret;
|
||||
}
|
||||
|
||||
+int vma_reader_restore(VmaReader *vmar, int vmstate_fd, bool verbose,
|
||||
+ Error **errp)
|
||||
+{
|
||||
+ return vma_reader_restore_full(vmar, vmstate_fd, verbose, false, errp);
|
||||
+}
|
||||
+
|
||||
+int vma_reader_verify(VmaReader *vmar, bool verbose, Error **errp)
|
||||
+{
|
||||
+ guint8 dev_id;
|
||||
+
|
||||
+ for (dev_id = 1; dev_id < 255; dev_id++) {
|
||||
+ if (vma_reader_get_device_info(vmar, dev_id)) {
|
||||
+ allocate_rstate(vmar, dev_id, NULL, false);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return vma_reader_restore_full(vmar, -1, verbose, true, errp);
|
||||
+}
|
||||
+
|
||||
diff --git a/vma.c b/vma.c
|
||||
index 8014090..d55874a 100644
|
||||
--- a/vma.c
|
||||
+++ b/vma.c
|
||||
@@ -28,6 +28,7 @@ static void help(void)
|
||||
"vma list <filename>\n"
|
||||
"vma create <filename> [-c config] <archive> pathname ...\n"
|
||||
"vma extract <filename> [-r <fifo>] <targetdir>\n"
|
||||
+ "vma verify <filename> [-v]\n"
|
||||
;
|
||||
|
||||
printf("%s", help_msg);
|
||||
@@ -332,6 +333,58 @@ static int extract_content(int argc, char **argv)
|
||||
return ret;
|
||||
}
|
||||
|
||||
+static int verify_content(int argc, char **argv)
|
||||
+{
|
||||
+ int c, ret = 0;
|
||||
+ int verbose = 0;
|
||||
+ const char *filename;
|
||||
+
|
||||
+ for (;;) {
|
||||
+ c = getopt(argc, argv, "hv");
|
||||
+ if (c == -1) {
|
||||
+ break;
|
||||
+ }
|
||||
+ switch (c) {
|
||||
+ case '?':
|
||||
+ case 'h':
|
||||
+ help();
|
||||
+ break;
|
||||
+ case 'v':
|
||||
+ verbose = 1;
|
||||
+ break;
|
||||
+ default:
|
||||
+ help();
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /* Get the filename */
|
||||
+ if ((optind + 1) != argc) {
|
||||
+ help();
|
||||
+ }
|
||||
+ filename = argv[optind++];
|
||||
+
|
||||
+ Error *errp = NULL;
|
||||
+ VmaReader *vmar = vma_reader_create(filename, &errp);
|
||||
+
|
||||
+ if (!vmar) {
|
||||
+ g_error("%s", error_get_pretty(errp));
|
||||
+ }
|
||||
+
|
||||
+ if (verbose) {
|
||||
+ print_content(vmar);
|
||||
+ }
|
||||
+
|
||||
+ if (vma_reader_verify(vmar, verbose, &errp) < 0) {
|
||||
+ g_error("verify failed - %s", error_get_pretty(errp));
|
||||
+ }
|
||||
+
|
||||
+ vma_reader_destroy(vmar);
|
||||
+
|
||||
+ bdrv_close_all();
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
typedef struct BackupJob {
|
||||
BlockDriverState *bs;
|
||||
int64_t len;
|
||||
@@ -578,6 +631,8 @@ int main(int argc, char **argv)
|
||||
return create_archive(argc, argv);
|
||||
} else if (!strcmp(cmdname, "extract")) {
|
||||
return extract_content(argc, argv);
|
||||
+ } else if (!strcmp(cmdname, "verify")) {
|
||||
+ return verify_content(argc, argv);
|
||||
}
|
||||
|
||||
help();
|
||||
diff --git a/vma.h b/vma.h
|
||||
index 6625eb9..9bb6ea4 100644
|
||||
--- a/vma.h
|
||||
+++ b/vma.h
|
||||
@@ -142,5 +142,6 @@ int vma_reader_register_bs(VmaReader *vmar, guint8 dev_id,
|
||||
Error **errp);
|
||||
int vma_reader_restore(VmaReader *vmar, int vmstate_fd, bool verbose,
|
||||
Error **errp);
|
||||
+int vma_reader_verify(VmaReader *vmar, bool verbose, Error **errp);
|
||||
|
||||
#endif /* BACKUP_VMA_H */
|
||||
--
|
||||
2.1.4
|
||||
|
101
debian/patches/pve/0013-vma-add-config-command-to-dump-the-config.patch
vendored
Normal file
101
debian/patches/pve/0013-vma-add-config-command-to-dump-the-config.patch
vendored
Normal file
@ -0,0 +1,101 @@
|
||||
From 48896281bebc5c69760f4e47625e4db81e3a9004 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 14:46:49 +0100
|
||||
Subject: [PATCH 13/47] vma: add 'config' command to dump the config
|
||||
|
||||
---
|
||||
vma.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 64 insertions(+)
|
||||
|
||||
diff --git a/vma.c b/vma.c
|
||||
index d55874a..79bdd00 100644
|
||||
--- a/vma.c
|
||||
+++ b/vma.c
|
||||
@@ -26,6 +26,7 @@ static void help(void)
|
||||
"usage: vma command [command options]\n"
|
||||
"\n"
|
||||
"vma list <filename>\n"
|
||||
+ "vma config <filename> [-c config]\n"
|
||||
"vma create <filename> [-c config] <archive> pathname ...\n"
|
||||
"vma extract <filename> [-r <fifo>] <targetdir>\n"
|
||||
"vma verify <filename> [-v]\n"
|
||||
@@ -604,6 +605,67 @@ static int create_archive(int argc, char **argv)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int dump_config(int argc, char **argv)
|
||||
+{
|
||||
+ int c, ret = 0;
|
||||
+ const char *filename;
|
||||
+ const char *config_name = "qemu-server.conf";
|
||||
+
|
||||
+ for (;;) {
|
||||
+ c = getopt(argc, argv, "hc:");
|
||||
+ if (c == -1) {
|
||||
+ break;
|
||||
+ }
|
||||
+ switch (c) {
|
||||
+ case '?':
|
||||
+ case 'h':
|
||||
+ help();
|
||||
+ break;
|
||||
+ case 'c':
|
||||
+ config_name = optarg;
|
||||
+ break;
|
||||
+ default:
|
||||
+ help();
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /* Get the filename */
|
||||
+ if ((optind + 1) != argc) {
|
||||
+ help();
|
||||
+ }
|
||||
+ filename = argv[optind++];
|
||||
+
|
||||
+ Error *errp = NULL;
|
||||
+ VmaReader *vmar = vma_reader_create(filename, &errp);
|
||||
+
|
||||
+ if (!vmar) {
|
||||
+ g_error("%s", error_get_pretty(errp));
|
||||
+ }
|
||||
+
|
||||
+ int found = 0;
|
||||
+ GList *l = vma_reader_get_config_data(vmar);
|
||||
+ while (l && l->data) {
|
||||
+ VmaConfigData *cdata = (VmaConfigData *)l->data;
|
||||
+ l = g_list_next(l);
|
||||
+ if (strcmp(cdata->name, config_name) == 0) {
|
||||
+ found = 1;
|
||||
+ fwrite(cdata->data, cdata->len, 1, stdout);
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ vma_reader_destroy(vmar);
|
||||
+
|
||||
+ bdrv_close_all();
|
||||
+
|
||||
+ if (!found) {
|
||||
+ fprintf(stderr, "unable to find configuration data '%s'\n", config_name);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
const char *cmdname;
|
||||
@@ -633,6 +695,8 @@ int main(int argc, char **argv)
|
||||
return extract_content(argc, argv);
|
||||
} else if (!strcmp(cmdname, "verify")) {
|
||||
return verify_content(argc, argv);
|
||||
+ } else if (!strcmp(cmdname, "config")) {
|
||||
+ return dump_config(argc, argv);
|
||||
}
|
||||
|
||||
help();
|
||||
--
|
||||
2.1.4
|
||||
|
236
debian/patches/pve/0014-backup-modify-job-api.patch
vendored
Normal file
236
debian/patches/pve/0014-backup-modify-job-api.patch
vendored
Normal file
@ -0,0 +1,236 @@
|
||||
From 1078c0f6acc1bfba04b7d5cdfdeb02b161b5f7c4 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 15:04:57 +0100
|
||||
Subject: [PATCH 14/47] backup: modify job api
|
||||
|
||||
Introduces a BackupDump function callback and a pause_count
|
||||
for backup_start. For a dump-backup the target parameter
|
||||
can now be NULL so access to target needs to be guarded now.
|
||||
---
|
||||
block/backup.c | 82 +++++++++++++++++++++++++++++++----------------
|
||||
blockdev.c | 6 ++--
|
||||
include/block/block_int.h | 5 +++
|
||||
3 files changed, 63 insertions(+), 30 deletions(-)
|
||||
|
||||
diff --git a/block/backup.c b/block/backup.c
|
||||
index 2c05323..f3c0ba3 100644
|
||||
--- a/block/backup.c
|
||||
+++ b/block/backup.c
|
||||
@@ -41,6 +41,7 @@ typedef struct BackupBlockJob {
|
||||
BdrvDirtyBitmap *sync_bitmap;
|
||||
MirrorSyncMode sync_mode;
|
||||
RateLimit limit;
|
||||
+ BackupDumpFunc *dump_cb;
|
||||
BlockdevOnError on_source_error;
|
||||
BlockdevOnError on_target_error;
|
||||
CoRwlock flush_rwlock;
|
||||
@@ -149,12 +150,23 @@ static int coroutine_fn backup_do_cow(BackupBlockJob *job,
|
||||
goto out;
|
||||
}
|
||||
|
||||
+ int64_t start_sec = start * sectors_per_cluster;
|
||||
if (buffer_is_zero(iov.iov_base, iov.iov_len)) {
|
||||
- ret = blk_co_pwrite_zeroes(job->target, start * job->cluster_size,
|
||||
- bounce_qiov.size, BDRV_REQ_MAY_UNMAP);
|
||||
+ if (job->dump_cb) {
|
||||
+ ret = job->dump_cb(job->common.opaque, job->target, start_sec, n, NULL);
|
||||
+ }
|
||||
+ if (job->target) {
|
||||
+ ret = blk_co_pwrite_zeroes(job->target, start * job->cluster_size,
|
||||
+ bounce_qiov.size, BDRV_REQ_MAY_UNMAP);
|
||||
+ }
|
||||
} else {
|
||||
- ret = blk_co_pwritev(job->target, start * job->cluster_size,
|
||||
- bounce_qiov.size, &bounce_qiov, 0);
|
||||
+ if (job->dump_cb) {
|
||||
+ ret = job->dump_cb(job->common.opaque, job->target, start_sec, n, bounce_buffer);
|
||||
+ }
|
||||
+ if (job->target) {
|
||||
+ ret = blk_co_pwritev(job->target, start * job->cluster_size,
|
||||
+ bounce_qiov.size, &bounce_qiov, 0);
|
||||
+ }
|
||||
}
|
||||
if (ret < 0) {
|
||||
trace_backup_do_cow_write_fail(job, start, ret);
|
||||
@@ -268,9 +280,11 @@ static BlockErrorAction backup_error_action(BackupBlockJob *job,
|
||||
if (read) {
|
||||
return block_job_error_action(&job->common, job->on_source_error,
|
||||
true, error);
|
||||
- } else {
|
||||
+ } else if (job->target) {
|
||||
return block_job_error_action(&job->common, job->on_target_error,
|
||||
false, error);
|
||||
+ } else {
|
||||
+ return BLOCK_ERROR_ACTION_REPORT;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -393,6 +407,7 @@ static void coroutine_fn backup_run(void *opaque)
|
||||
|
||||
job->done_bitmap = bitmap_new(end);
|
||||
|
||||
+
|
||||
job->before_write.notify = backup_before_write_notify;
|
||||
bdrv_add_before_write_notifier(bs, &job->before_write);
|
||||
|
||||
@@ -467,7 +482,9 @@ static void coroutine_fn backup_run(void *opaque)
|
||||
qemu_co_rwlock_unlock(&job->flush_rwlock);
|
||||
g_free(job->done_bitmap);
|
||||
|
||||
- bdrv_op_unblock_all(blk_bs(target), job->common.blocker);
|
||||
+ if (target) {
|
||||
+ bdrv_op_unblock_all(blk_bs(target), job->common.blocker);
|
||||
+ }
|
||||
|
||||
data = g_malloc(sizeof(*data));
|
||||
data->ret = ret;
|
||||
@@ -479,7 +496,9 @@ void backup_start(const char *job_id, BlockDriverState *bs,
|
||||
MirrorSyncMode sync_mode, BdrvDirtyBitmap *sync_bitmap,
|
||||
BlockdevOnError on_source_error,
|
||||
BlockdevOnError on_target_error,
|
||||
+ BackupDumpFunc *dump_cb,
|
||||
BlockCompletionFunc *cb, void *opaque,
|
||||
+ int pause_count,
|
||||
BlockJobTxn *txn, Error **errp)
|
||||
{
|
||||
int64_t len;
|
||||
@@ -488,7 +507,7 @@ void backup_start(const char *job_id, BlockDriverState *bs,
|
||||
int ret;
|
||||
|
||||
assert(bs);
|
||||
- assert(target);
|
||||
+ assert(target || dump_cb);
|
||||
|
||||
if (bs == target) {
|
||||
error_setg(errp, "Source and target cannot be the same");
|
||||
@@ -501,7 +520,7 @@ void backup_start(const char *job_id, BlockDriverState *bs,
|
||||
return;
|
||||
}
|
||||
|
||||
- if (!bdrv_is_inserted(target)) {
|
||||
+ if (target && !bdrv_is_inserted(target)) {
|
||||
error_setg(errp, "Device is not inserted: %s",
|
||||
bdrv_get_device_name(target));
|
||||
return;
|
||||
@@ -511,7 +530,7 @@ void backup_start(const char *job_id, BlockDriverState *bs,
|
||||
return;
|
||||
}
|
||||
|
||||
- if (bdrv_op_is_blocked(target, BLOCK_OP_TYPE_BACKUP_TARGET, errp)) {
|
||||
+ if (target && bdrv_op_is_blocked(target, BLOCK_OP_TYPE_BACKUP_TARGET, errp)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -547,34 +566,43 @@ void backup_start(const char *job_id, BlockDriverState *bs,
|
||||
goto error;
|
||||
}
|
||||
|
||||
- job->target = blk_new();
|
||||
- blk_insert_bs(job->target, target);
|
||||
+ if (target) {
|
||||
+ job->target = blk_new();
|
||||
+ blk_insert_bs(job->target, target);
|
||||
+ }
|
||||
|
||||
+ job->dump_cb = dump_cb;
|
||||
job->on_source_error = on_source_error;
|
||||
job->on_target_error = on_target_error;
|
||||
job->sync_mode = sync_mode;
|
||||
job->sync_bitmap = sync_mode == MIRROR_SYNC_MODE_INCREMENTAL ?
|
||||
sync_bitmap : NULL;
|
||||
|
||||
- /* If there is no backing file on the target, we cannot rely on COW if our
|
||||
- * backup cluster size is smaller than the target cluster size. Even for
|
||||
- * targets with a backing file, try to avoid COW if possible. */
|
||||
- ret = bdrv_get_info(target, &bdi);
|
||||
- if (ret < 0 && !target->backing) {
|
||||
- error_setg_errno(errp, -ret,
|
||||
- "Couldn't determine the cluster size of the target image, "
|
||||
- "which has no backing file");
|
||||
- error_append_hint(errp,
|
||||
- "Aborting, since this may create an unusable destination image\n");
|
||||
- goto error;
|
||||
- } else if (ret < 0 && target->backing) {
|
||||
- /* Not fatal; just trudge on ahead. */
|
||||
- job->cluster_size = BACKUP_CLUSTER_SIZE_DEFAULT;
|
||||
+ if (target) {
|
||||
+ /* If there is no backing file on the target, we cannot rely on COW if our
|
||||
+ * backup cluster size is smaller than the target cluster size. Even for
|
||||
+ * targets with a backing file, try to avoid COW if possible. */
|
||||
+ ret = bdrv_get_info(target, &bdi);
|
||||
+ if (ret < 0 && !target->backing) {
|
||||
+ error_setg_errno(errp, -ret,
|
||||
+ "Couldn't determine the cluster size of the target image, "
|
||||
+ "which has no backing file");
|
||||
+ error_append_hint(errp,
|
||||
+ "Aborting, since this may create an unusable destination image\n");
|
||||
+ goto error;
|
||||
+ } else if (ret < 0 && target->backing) {
|
||||
+ /* Not fatal; just trudge on ahead. */
|
||||
+ job->cluster_size = BACKUP_CLUSTER_SIZE_DEFAULT;
|
||||
+ } else {
|
||||
+ job->cluster_size = MAX(BACKUP_CLUSTER_SIZE_DEFAULT, bdi.cluster_size);
|
||||
+ }
|
||||
+
|
||||
+ bdrv_op_block_all(target, job->common.blocker);
|
||||
} else {
|
||||
- job->cluster_size = MAX(BACKUP_CLUSTER_SIZE_DEFAULT, bdi.cluster_size);
|
||||
+ job->cluster_size = BACKUP_CLUSTER_SIZE_DEFAULT;
|
||||
}
|
||||
|
||||
- bdrv_op_block_all(target, job->common.blocker);
|
||||
+ job->common.pause_count = pause_count;
|
||||
job->common.len = len;
|
||||
job->common.co = qemu_coroutine_create(backup_run, job);
|
||||
block_job_txn_add_job(txn, &job->common);
|
||||
diff --git a/blockdev.c b/blockdev.c
|
||||
index 2161400..5e3707d 100644
|
||||
--- a/blockdev.c
|
||||
+++ b/blockdev.c
|
||||
@@ -3277,8 +3277,8 @@ static void do_drive_backup(const char *job_id, const char *device,
|
||||
}
|
||||
|
||||
backup_start(job_id, bs, target_bs, speed, sync, bmap,
|
||||
- on_source_error, on_target_error,
|
||||
- block_job_cb, bs, txn, &local_err);
|
||||
+ on_source_error, on_target_error, NULL,
|
||||
+ block_job_cb, bs, 0, txn, &local_err);
|
||||
bdrv_unref(target_bs);
|
||||
if (local_err != NULL) {
|
||||
error_propagate(errp, local_err);
|
||||
@@ -3371,7 +3371,7 @@ void do_blockdev_backup(const char *job_id, const char *device,
|
||||
}
|
||||
}
|
||||
backup_start(job_id, bs, target_bs, speed, sync, NULL, on_source_error,
|
||||
- on_target_error, block_job_cb, bs, txn, &local_err);
|
||||
+ on_target_error, NULL, block_job_cb, bs, 0, txn, &local_err);
|
||||
if (local_err != NULL) {
|
||||
error_propagate(errp, local_err);
|
||||
}
|
||||
diff --git a/include/block/block_int.h b/include/block/block_int.h
|
||||
index 1e939de..db4650e 100644
|
||||
--- a/include/block/block_int.h
|
||||
+++ b/include/block/block_int.h
|
||||
@@ -59,6 +59,9 @@
|
||||
|
||||
#define BLOCK_PROBE_BUF_SIZE 512
|
||||
|
||||
+typedef int BackupDumpFunc(void *opaque, BlockDriverState *bs,
|
||||
+ int64_t sector_num, int n_sectors, unsigned char *buf);
|
||||
+
|
||||
enum BdrvTrackedRequestType {
|
||||
BDRV_TRACKED_READ,
|
||||
BDRV_TRACKED_WRITE,
|
||||
@@ -767,7 +770,9 @@ void backup_start(const char *job_id, BlockDriverState *bs,
|
||||
MirrorSyncMode sync_mode, BdrvDirtyBitmap *sync_bitmap,
|
||||
BlockdevOnError on_source_error,
|
||||
BlockdevOnError on_target_error,
|
||||
+ BackupDumpFunc *dump_cb,
|
||||
BlockCompletionFunc *cb, void *opaque,
|
||||
+ int pause_count,
|
||||
BlockJobTxn *txn, Error **errp);
|
||||
|
||||
void hmp_drive_add_node(Monitor *mon, const char *optstr);
|
||||
--
|
||||
2.1.4
|
||||
|
797
debian/patches/pve/0015-backup-add-pve-monitor-commands.patch
vendored
Normal file
797
debian/patches/pve/0015-backup-add-pve-monitor-commands.patch
vendored
Normal file
@ -0,0 +1,797 @@
|
||||
From 798846b48b31d8231a3af5858285845d932d1d6b Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 15:20:56 +0100
|
||||
Subject: [PATCH 15/47] backup: add pve monitor commands
|
||||
|
||||
---
|
||||
blockdev.c | 439 ++++++++++++++++++++++++++++++++++++++++++++++
|
||||
blockjob.c | 3 +-
|
||||
hmp-commands-info.hx | 13 ++
|
||||
hmp-commands.hx | 29 +++
|
||||
hmp.c | 61 +++++++
|
||||
hmp.h | 3 +
|
||||
include/block/block_int.h | 2 +-
|
||||
qapi-schema.json | 89 ++++++++++
|
||||
qmp-commands.hx | 18 ++
|
||||
9 files changed, 655 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/blockdev.c b/blockdev.c
|
||||
index 5e3707d..5417bb0 100644
|
||||
--- a/blockdev.c
|
||||
+++ b/blockdev.c
|
||||
@@ -52,6 +52,7 @@
|
||||
#include "sysemu/arch_init.h"
|
||||
#include "qemu/cutils.h"
|
||||
#include "qemu/help_option.h"
|
||||
+#include "vma.h"
|
||||
|
||||
static QTAILQ_HEAD(, BlockDriverState) monitor_bdrv_states =
|
||||
QTAILQ_HEAD_INITIALIZER(monitor_bdrv_states);
|
||||
@@ -2976,6 +2977,444 @@ static void block_job_cb(void *opaque, int ret)
|
||||
}
|
||||
}
|
||||
|
||||
+/* PVE backup related function */
|
||||
+
|
||||
+static struct PVEBackupState {
|
||||
+ Error *error;
|
||||
+ bool cancel;
|
||||
+ uuid_t uuid;
|
||||
+ char uuid_str[37];
|
||||
+ int64_t speed;
|
||||
+ time_t start_time;
|
||||
+ time_t end_time;
|
||||
+ char *backup_file;
|
||||
+ VmaWriter *vmaw;
|
||||
+ GList *di_list;
|
||||
+ size_t total;
|
||||
+ size_t transferred;
|
||||
+ size_t zero_bytes;
|
||||
+} backup_state;
|
||||
+
|
||||
+typedef struct PVEBackupDevInfo {
|
||||
+ BlockDriverState *bs;
|
||||
+ size_t size;
|
||||
+ uint8_t dev_id;
|
||||
+ //bool started;
|
||||
+ bool completed;
|
||||
+} PVEBackupDevInfo;
|
||||
+
|
||||
+static void pvebackup_run_next_job(void);
|
||||
+
|
||||
+static int pvebackup_dump_cb(void *opaque, BlockBackend *target,
|
||||
+ int64_t sector_num, int n_sectors,
|
||||
+ unsigned char *buf)
|
||||
+{
|
||||
+ PVEBackupDevInfo *di = opaque;
|
||||
+
|
||||
+ if (sector_num & 0x7f) {
|
||||
+ if (!backup_state.error) {
|
||||
+ error_setg(&backup_state.error,
|
||||
+ "got unaligned write inside backup dump "
|
||||
+ "callback (sector %ld)", sector_num);
|
||||
+ }
|
||||
+ return -1; // not aligned to cluster size
|
||||
+ }
|
||||
+
|
||||
+ int64_t cluster_num = sector_num >> 7;
|
||||
+ int size = n_sectors * BDRV_SECTOR_SIZE;
|
||||
+
|
||||
+ int ret = -1;
|
||||
+
|
||||
+ if (backup_state.vmaw) {
|
||||
+ size_t zero_bytes = 0;
|
||||
+ ret = vma_writer_write(backup_state.vmaw, di->dev_id, cluster_num,
|
||||
+ buf, &zero_bytes);
|
||||
+ backup_state.zero_bytes += zero_bytes;
|
||||
+ } else {
|
||||
+ ret = size;
|
||||
+ if (!buf) {
|
||||
+ backup_state.zero_bytes += size;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ backup_state.transferred += size;
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static void pvebackup_cleanup(void)
|
||||
+{
|
||||
+ backup_state.end_time = time(NULL);
|
||||
+
|
||||
+ if (backup_state.vmaw) {
|
||||
+ Error *local_err = NULL;
|
||||
+ vma_writer_close(backup_state.vmaw, &local_err);
|
||||
+ error_propagate(&backup_state.error, local_err);
|
||||
+ backup_state.vmaw = NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (backup_state.di_list) {
|
||||
+ GList *l = backup_state.di_list;
|
||||
+ while (l) {
|
||||
+ PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
|
||||
+ l = g_list_next(l);
|
||||
+ g_free(di);
|
||||
+ }
|
||||
+ g_list_free(backup_state.di_list);
|
||||
+ backup_state.di_list = NULL;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void pvebackup_complete_cb(void *opaque, int ret)
|
||||
+{
|
||||
+ PVEBackupDevInfo *di = opaque;
|
||||
+
|
||||
+ assert(backup_state.vmaw);
|
||||
+
|
||||
+ di->completed = true;
|
||||
+
|
||||
+ if (ret < 0 && !backup_state.error) {
|
||||
+ error_setg(&backup_state.error, "job failed with err %d - %s",
|
||||
+ ret, strerror(-ret));
|
||||
+ }
|
||||
+
|
||||
+ BlockDriverState *bs = di->bs;
|
||||
+
|
||||
+ di->bs = NULL;
|
||||
+
|
||||
+ vma_writer_close_stream(backup_state.vmaw, di->dev_id);
|
||||
+
|
||||
+ block_job_cb(bs, ret);
|
||||
+
|
||||
+ if (!backup_state.cancel) {
|
||||
+ pvebackup_run_next_job();
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void pvebackup_cancel(void *opaque)
|
||||
+{
|
||||
+ backup_state.cancel = true;
|
||||
+
|
||||
+ if (!backup_state.error) {
|
||||
+ error_setg(&backup_state.error, "backup cancelled");
|
||||
+ }
|
||||
+
|
||||
+ /* drain all i/o (awake jobs waiting for aio) */
|
||||
+ bdrv_drain_all();
|
||||
+
|
||||
+ GList *l = backup_state.di_list;
|
||||
+ while (l) {
|
||||
+ PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
|
||||
+ l = g_list_next(l);
|
||||
+ if (!di->completed && di->bs) {
|
||||
+ BlockJob *job = di->bs->job;
|
||||
+ if (job) {
|
||||
+ if (!di->completed) {
|
||||
+ block_job_cancel_sync(job);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ pvebackup_cleanup();
|
||||
+}
|
||||
+
|
||||
+void qmp_backup_cancel(Error **errp)
|
||||
+{
|
||||
+ Coroutine *co = qemu_coroutine_create(pvebackup_cancel, NULL);
|
||||
+ qemu_coroutine_enter(co);
|
||||
+
|
||||
+ while (backup_state.vmaw) {
|
||||
+ /* vma writer use main aio context */
|
||||
+ aio_poll(qemu_get_aio_context(), true);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+bool block_job_should_pause(BlockJob *job);
|
||||
+static void pvebackup_run_next_job(void)
|
||||
+{
|
||||
+ GList *l = backup_state.di_list;
|
||||
+ while (l) {
|
||||
+ PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
|
||||
+ l = g_list_next(l);
|
||||
+ if (!di->completed && di->bs && di->bs->job) {
|
||||
+ BlockJob *job = di->bs->job;
|
||||
+ if (block_job_should_pause(job)) {
|
||||
+ bool cancel = backup_state.error || backup_state.cancel;
|
||||
+ if (cancel) {
|
||||
+ block_job_cancel(job);
|
||||
+ } else {
|
||||
+ block_job_resume(job);
|
||||
+ }
|
||||
+ }
|
||||
+ return;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ pvebackup_cleanup();
|
||||
+}
|
||||
+
|
||||
+UuidInfo *qmp_backup(const char *backup_file, bool has_format,
|
||||
+ BackupFormat format,
|
||||
+ bool has_config_file, const char *config_file,
|
||||
+ bool has_devlist, const char *devlist,
|
||||
+ bool has_speed, int64_t speed, Error **errp)
|
||||
+{
|
||||
+ BlockBackend *blk;
|
||||
+ BlockDriverState *bs = NULL;
|
||||
+ Error *local_err = NULL;
|
||||
+ uuid_t uuid;
|
||||
+ VmaWriter *vmaw = NULL;
|
||||
+ gchar **devs = NULL;
|
||||
+ GList *di_list = NULL;
|
||||
+ GList *l;
|
||||
+ UuidInfo *uuid_info;
|
||||
+
|
||||
+ if (backup_state.di_list) {
|
||||
+ error_set(errp, ERROR_CLASS_GENERIC_ERROR,
|
||||
+ "previous backup not finished");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ /* Todo: try to auto-detect format based on file name */
|
||||
+ format = has_format ? format : BACKUP_FORMAT_VMA;
|
||||
+
|
||||
+ if (format != BACKUP_FORMAT_VMA) {
|
||||
+ error_set(errp, ERROR_CLASS_GENERIC_ERROR, "unknown backup format");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (has_devlist) {
|
||||
+ devs = g_strsplit_set(devlist, ",;:", -1);
|
||||
+
|
||||
+ gchar **d = devs;
|
||||
+ while (d && *d) {
|
||||
+ blk = blk_by_name(*d);
|
||||
+ if (blk) {
|
||||
+ bs = blk_bs(blk);
|
||||
+ if (bdrv_is_read_only(bs)) {
|
||||
+ error_setg(errp, "Node '%s' is read only", *d);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (!bdrv_is_inserted(bs)) {
|
||||
+ error_setg(errp, QERR_DEVICE_HAS_NO_MEDIUM, *d);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ PVEBackupDevInfo *di = g_new0(PVEBackupDevInfo, 1);
|
||||
+ di->bs = bs;
|
||||
+ di_list = g_list_append(di_list, di);
|
||||
+ } else {
|
||||
+ error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
|
||||
+ "Device '%s' not found", *d);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ d++;
|
||||
+ }
|
||||
+
|
||||
+ } else {
|
||||
+ BdrvNextIterator it;
|
||||
+
|
||||
+ bs = NULL;
|
||||
+ for (bs = bdrv_first(&it); bs; bs = bdrv_next(&it)) {
|
||||
+ if (!bdrv_is_inserted(bs) || bdrv_is_read_only(bs)) {
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ PVEBackupDevInfo *di = g_new0(PVEBackupDevInfo, 1);
|
||||
+ di->bs = bs;
|
||||
+ di_list = g_list_append(di_list, di);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (!di_list) {
|
||||
+ error_set(errp, ERROR_CLASS_GENERIC_ERROR, "empty device list");
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ size_t total = 0;
|
||||
+
|
||||
+ l = di_list;
|
||||
+ while (l) {
|
||||
+ PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
|
||||
+ l = g_list_next(l);
|
||||
+ if (bdrv_op_is_blocked(di->bs, BLOCK_OP_TYPE_BACKUP_SOURCE, errp)) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ ssize_t size = bdrv_getlength(di->bs);
|
||||
+ if (size < 0) {
|
||||
+ error_setg_errno(errp, -di->size, "bdrv_getlength failed");
|
||||
+ goto err;
|
||||
+ }
|
||||
+ di->size = size;
|
||||
+ total += size;
|
||||
+ }
|
||||
+
|
||||
+ uuid_generate(uuid);
|
||||
+
|
||||
+ vmaw = vma_writer_create(backup_file, uuid, &local_err);
|
||||
+ if (!vmaw) {
|
||||
+ if (local_err) {
|
||||
+ error_propagate(errp, local_err);
|
||||
+ }
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ /* register all devices for vma writer */
|
||||
+ l = di_list;
|
||||
+ while (l) {
|
||||
+ PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
|
||||
+ l = g_list_next(l);
|
||||
+
|
||||
+ const char *devname = bdrv_get_device_name(di->bs);
|
||||
+ di->dev_id = vma_writer_register_stream(vmaw, devname, di->size);
|
||||
+ if (di->dev_id <= 0) {
|
||||
+ error_set(errp, ERROR_CLASS_GENERIC_ERROR,
|
||||
+ "register_stream failed");
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /* add configuration file to archive */
|
||||
+ if (has_config_file) {
|
||||
+ char *cdata = NULL;
|
||||
+ gsize clen = 0;
|
||||
+ GError *err = NULL;
|
||||
+ if (!g_file_get_contents(config_file, &cdata, &clen, &err)) {
|
||||
+ error_setg(errp, "unable to read file '%s'", config_file);
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ const char *basename = g_path_get_basename(config_file);
|
||||
+ if (vma_writer_add_config(vmaw, basename, cdata, clen) != 0) {
|
||||
+ error_setg(errp, "unable to add config data to vma archive");
|
||||
+ g_free(cdata);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ g_free(cdata);
|
||||
+ }
|
||||
+
|
||||
+ /* initialize global backup_state now */
|
||||
+
|
||||
+ backup_state.cancel = false;
|
||||
+
|
||||
+ if (backup_state.error) {
|
||||
+ error_free(backup_state.error);
|
||||
+ backup_state.error = NULL;
|
||||
+ }
|
||||
+
|
||||
+ backup_state.speed = (has_speed && speed > 0) ? speed : 0;
|
||||
+
|
||||
+ backup_state.start_time = time(NULL);
|
||||
+ backup_state.end_time = 0;
|
||||
+
|
||||
+ if (backup_state.backup_file) {
|
||||
+ g_free(backup_state.backup_file);
|
||||
+ }
|
||||
+ backup_state.backup_file = g_strdup(backup_file);
|
||||
+
|
||||
+ backup_state.vmaw = vmaw;
|
||||
+
|
||||
+ uuid_copy(backup_state.uuid, uuid);
|
||||
+ uuid_unparse_lower(uuid, backup_state.uuid_str);
|
||||
+
|
||||
+ backup_state.di_list = di_list;
|
||||
+
|
||||
+ backup_state.total = total;
|
||||
+ backup_state.transferred = 0;
|
||||
+ backup_state.zero_bytes = 0;
|
||||
+
|
||||
+ /* start all jobs (paused state) */
|
||||
+ l = di_list;
|
||||
+ while (l) {
|
||||
+ PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
|
||||
+ l = g_list_next(l);
|
||||
+
|
||||
+ backup_start(NULL, di->bs, NULL, speed, MIRROR_SYNC_MODE_FULL, NULL,
|
||||
+ BLOCKDEV_ON_ERROR_REPORT, BLOCKDEV_ON_ERROR_REPORT,
|
||||
+ pvebackup_dump_cb, pvebackup_complete_cb, di,
|
||||
+ 1, NULL, &local_err);
|
||||
+ if (local_err != NULL) {
|
||||
+ error_setg(&backup_state.error, "backup_job_create failed");
|
||||
+ pvebackup_cancel(NULL);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (!backup_state.error) {
|
||||
+ pvebackup_run_next_job(); // run one job
|
||||
+ }
|
||||
+
|
||||
+ uuid_info = g_malloc0(sizeof(*uuid_info));
|
||||
+ uuid_info->UUID = g_strdup(backup_state.uuid_str);
|
||||
+ return uuid_info;
|
||||
+
|
||||
+err:
|
||||
+
|
||||
+ l = di_list;
|
||||
+ while (l) {
|
||||
+ g_free(l->data);
|
||||
+ l = g_list_next(l);
|
||||
+ }
|
||||
+ g_list_free(di_list);
|
||||
+
|
||||
+ if (devs) {
|
||||
+ g_strfreev(devs);
|
||||
+ }
|
||||
+
|
||||
+ if (vmaw) {
|
||||
+ Error *err = NULL;
|
||||
+ vma_writer_close(vmaw, &err);
|
||||
+ unlink(backup_file);
|
||||
+ }
|
||||
+
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+BackupStatus *qmp_query_backup(Error **errp)
|
||||
+{
|
||||
+ BackupStatus *info = g_malloc0(sizeof(*info));
|
||||
+
|
||||
+ if (!backup_state.start_time) {
|
||||
+ /* not started, return {} */
|
||||
+ return info;
|
||||
+ }
|
||||
+
|
||||
+ info->has_status = true;
|
||||
+ info->has_start_time = true;
|
||||
+ info->start_time = backup_state.start_time;
|
||||
+
|
||||
+ if (backup_state.backup_file) {
|
||||
+ info->has_backup_file = true;
|
||||
+ info->backup_file = g_strdup(backup_state.backup_file);
|
||||
+ }
|
||||
+
|
||||
+ info->has_uuid = true;
|
||||
+ info->uuid = g_strdup(backup_state.uuid_str);
|
||||
+
|
||||
+ if (backup_state.end_time) {
|
||||
+ if (backup_state.error) {
|
||||
+ info->status = g_strdup("error");
|
||||
+ info->has_errmsg = true;
|
||||
+ info->errmsg = g_strdup(error_get_pretty(backup_state.error));
|
||||
+ } else {
|
||||
+ info->status = g_strdup("done");
|
||||
+ }
|
||||
+ info->has_end_time = true;
|
||||
+ info->end_time = backup_state.end_time;
|
||||
+ } else {
|
||||
+ info->status = g_strdup("active");
|
||||
+ }
|
||||
+
|
||||
+ info->has_total = true;
|
||||
+ info->total = backup_state.total;
|
||||
+ info->has_zero_bytes = true;
|
||||
+ info->zero_bytes = backup_state.zero_bytes;
|
||||
+ info->has_transferred = true;
|
||||
+ info->transferred = backup_state.transferred;
|
||||
+
|
||||
+ return info;
|
||||
+}
|
||||
+
|
||||
void qmp_block_stream(bool has_job_id, const char *job_id, const char *device,
|
||||
bool has_base, const char *base,
|
||||
bool has_backing_file, const char *backing_file,
|
||||
diff --git a/blockjob.c b/blockjob.c
|
||||
index a5ba3be..a550458 100644
|
||||
--- a/blockjob.c
|
||||
+++ b/blockjob.c
|
||||
@@ -331,7 +331,8 @@ void block_job_pause(BlockJob *job)
|
||||
job->pause_count++;
|
||||
}
|
||||
|
||||
-static bool block_job_should_pause(BlockJob *job)
|
||||
+bool block_job_should_pause(BlockJob *job);
|
||||
+bool block_job_should_pause(BlockJob *job)
|
||||
{
|
||||
return job->pause_count > 0;
|
||||
}
|
||||
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
|
||||
index 74446c6..7616fe2 100644
|
||||
--- a/hmp-commands-info.hx
|
||||
+++ b/hmp-commands-info.hx
|
||||
@@ -502,6 +502,19 @@ STEXI
|
||||
Show CPU statistics.
|
||||
ETEXI
|
||||
|
||||
+ {
|
||||
+ .name = "backup",
|
||||
+ .args_type = "",
|
||||
+ .params = "",
|
||||
+ .help = "show backup status",
|
||||
+ .mhandler.cmd = hmp_info_backup,
|
||||
+ },
|
||||
+
|
||||
+STEXI
|
||||
+@item info backup
|
||||
+show backup status
|
||||
+ETEXI
|
||||
+
|
||||
#if defined(CONFIG_SLIRP)
|
||||
{
|
||||
.name = "usernet",
|
||||
diff --git a/hmp-commands.hx b/hmp-commands.hx
|
||||
index 848efee..8f2f3e0 100644
|
||||
--- a/hmp-commands.hx
|
||||
+++ b/hmp-commands.hx
|
||||
@@ -87,6 +87,35 @@ STEXI
|
||||
Copy data from a backing file into a block device.
|
||||
ETEXI
|
||||
|
||||
+ {
|
||||
+ .name = "backup",
|
||||
+ .args_type = "backupfile:s,speed:o?,devlist:s?",
|
||||
+ .params = "backupfile [speed [devlist]]",
|
||||
+ .help = "create a VM Backup.",
|
||||
+ .mhandler.cmd = hmp_backup,
|
||||
+ },
|
||||
+
|
||||
+STEXI
|
||||
+@item backup
|
||||
+@findex backup
|
||||
+Create a VM backup.
|
||||
+ETEXI
|
||||
+
|
||||
+ {
|
||||
+ .name = "backup_cancel",
|
||||
+ .args_type = "",
|
||||
+ .params = "",
|
||||
+ .help = "cancel the current VM backup",
|
||||
+ .mhandler.cmd = hmp_backup_cancel,
|
||||
+ },
|
||||
+
|
||||
+STEXI
|
||||
+@item backup_cancel
|
||||
+@findex backup_cancel
|
||||
+Cancel the current VM backup.
|
||||
+
|
||||
+ETEXI
|
||||
+
|
||||
{
|
||||
.name = "block_job_set_speed",
|
||||
.args_type = "device:B,speed:o",
|
||||
diff --git a/hmp.c b/hmp.c
|
||||
index 3b0dd81..95da164 100644
|
||||
--- a/hmp.c
|
||||
+++ b/hmp.c
|
||||
@@ -149,6 +149,44 @@ void hmp_info_mice(Monitor *mon, const QDict *qdict)
|
||||
qapi_free_MouseInfoList(mice_list);
|
||||
}
|
||||
|
||||
+void hmp_info_backup(Monitor *mon, const QDict *qdict)
|
||||
+{
|
||||
+ BackupStatus *info;
|
||||
+
|
||||
+ info = qmp_query_backup(NULL);
|
||||
+ if (info->has_status) {
|
||||
+ if (info->has_errmsg) {
|
||||
+ monitor_printf(mon, "Backup status: %s - %s\n",
|
||||
+ info->status, info->errmsg);
|
||||
+ } else {
|
||||
+ monitor_printf(mon, "Backup status: %s\n", info->status);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (info->has_backup_file) {
|
||||
+ monitor_printf(mon, "Start time: %s", ctime(&info->start_time));
|
||||
+ if (info->end_time) {
|
||||
+ monitor_printf(mon, "End time: %s", ctime(&info->end_time));
|
||||
+ }
|
||||
+
|
||||
+ int per = (info->has_total && info->total &&
|
||||
+ info->has_transferred && info->transferred) ?
|
||||
+ (info->transferred * 100)/info->total : 0;
|
||||
+ int zero_per = (info->has_total && info->total &&
|
||||
+ info->has_zero_bytes && info->zero_bytes) ?
|
||||
+ (info->zero_bytes * 100)/info->total : 0;
|
||||
+ monitor_printf(mon, "Backup file: %s\n", info->backup_file);
|
||||
+ monitor_printf(mon, "Backup uuid: %s\n", info->uuid);
|
||||
+ monitor_printf(mon, "Total size: %zd\n", info->total);
|
||||
+ monitor_printf(mon, "Transferred bytes: %zd (%d%%)\n",
|
||||
+ info->transferred, per);
|
||||
+ monitor_printf(mon, "Zero bytes: %zd (%d%%)\n",
|
||||
+ info->zero_bytes, zero_per);
|
||||
+ }
|
||||
+
|
||||
+ qapi_free_BackupStatus(info);
|
||||
+}
|
||||
+
|
||||
void hmp_info_migrate(Monitor *mon, const QDict *qdict)
|
||||
{
|
||||
MigrationInfo *info;
|
||||
@@ -1493,6 +1531,29 @@ void hmp_block_stream(Monitor *mon, const QDict *qdict)
|
||||
hmp_handle_error(mon, &error);
|
||||
}
|
||||
|
||||
+void hmp_backup_cancel(Monitor *mon, const QDict *qdict)
|
||||
+{
|
||||
+ Error *error = NULL;
|
||||
+
|
||||
+ qmp_backup_cancel(&error);
|
||||
+
|
||||
+ hmp_handle_error(mon, &error);
|
||||
+}
|
||||
+
|
||||
+void hmp_backup(Monitor *mon, const QDict *qdict)
|
||||
+{
|
||||
+ Error *error = NULL;
|
||||
+
|
||||
+ const char *backup_file = qdict_get_str(qdict, "backupfile");
|
||||
+ const char *devlist = qdict_get_try_str(qdict, "devlist");
|
||||
+ int64_t speed = qdict_get_try_int(qdict, "speed", 0);
|
||||
+
|
||||
+ qmp_backup(backup_file, true, BACKUP_FORMAT_VMA, false, NULL, !!devlist,
|
||||
+ devlist, qdict_haskey(qdict, "speed"), speed, &error);
|
||||
+
|
||||
+ hmp_handle_error(mon, &error);
|
||||
+}
|
||||
+
|
||||
void hmp_block_job_set_speed(Monitor *mon, const QDict *qdict)
|
||||
{
|
||||
Error *error = NULL;
|
||||
diff --git a/hmp.h b/hmp.h
|
||||
index 0876ec0..9a4c1f6 100644
|
||||
--- a/hmp.h
|
||||
+++ b/hmp.h
|
||||
@@ -30,6 +30,7 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict);
|
||||
void hmp_info_migrate_capabilities(Monitor *mon, const QDict *qdict);
|
||||
void hmp_info_migrate_parameters(Monitor *mon, const QDict *qdict);
|
||||
void hmp_info_migrate_cache_size(Monitor *mon, const QDict *qdict);
|
||||
+void hmp_info_backup(Monitor *mon, const QDict *qdict);
|
||||
void hmp_info_cpus(Monitor *mon, const QDict *qdict);
|
||||
void hmp_info_block(Monitor *mon, const QDict *qdict);
|
||||
void hmp_info_blockstats(Monitor *mon, const QDict *qdict);
|
||||
@@ -76,6 +77,8 @@ void hmp_eject(Monitor *mon, const QDict *qdict);
|
||||
void hmp_change(Monitor *mon, const QDict *qdict);
|
||||
void hmp_block_set_io_throttle(Monitor *mon, const QDict *qdict);
|
||||
void hmp_block_stream(Monitor *mon, const QDict *qdict);
|
||||
+void hmp_backup(Monitor *mon, const QDict *qdict);
|
||||
+void hmp_backup_cancel(Monitor *mon, const QDict *qdict);
|
||||
void hmp_block_job_set_speed(Monitor *mon, const QDict *qdict);
|
||||
void hmp_block_job_cancel(Monitor *mon, const QDict *qdict);
|
||||
void hmp_block_job_pause(Monitor *mon, const QDict *qdict);
|
||||
diff --git a/include/block/block_int.h b/include/block/block_int.h
|
||||
index db4650e..0f79b51 100644
|
||||
--- a/include/block/block_int.h
|
||||
+++ b/include/block/block_int.h
|
||||
@@ -59,7 +59,7 @@
|
||||
|
||||
#define BLOCK_PROBE_BUF_SIZE 512
|
||||
|
||||
-typedef int BackupDumpFunc(void *opaque, BlockDriverState *bs,
|
||||
+typedef int BackupDumpFunc(void *opaque, BlockBackend *be,
|
||||
int64_t sector_num, int n_sectors, unsigned char *buf);
|
||||
|
||||
enum BdrvTrackedRequestType {
|
||||
diff --git a/qapi-schema.json b/qapi-schema.json
|
||||
index 518c2ea..89d9ea6 100644
|
||||
--- a/qapi-schema.json
|
||||
+++ b/qapi-schema.json
|
||||
@@ -356,6 +356,95 @@
|
||||
##
|
||||
{ 'command': 'query-events', 'returns': ['EventInfo'] }
|
||||
|
||||
+# @BackupStatus:
|
||||
+#
|
||||
+# Detailed backup status.
|
||||
+#
|
||||
+# @status: #optional string describing the current backup status.
|
||||
+# This can be 'active', 'done', 'error'. If this field is not
|
||||
+# returned, no backup process has been initiated
|
||||
+#
|
||||
+# @errmsg: #optional error message (only returned if status is 'error')
|
||||
+#
|
||||
+# @total: #optional total amount of bytes involved in the backup process
|
||||
+#
|
||||
+# @transferred: #optional amount of bytes already backed up.
|
||||
+#
|
||||
+# @zero-bytes: #optional amount of 'zero' bytes detected.
|
||||
+#
|
||||
+# @start-time: #optional time (epoch) when backup job started.
|
||||
+#
|
||||
+# @end-time: #optional time (epoch) when backup job finished.
|
||||
+#
|
||||
+# @backupfile: #optional backup file name
|
||||
+#
|
||||
+# @uuid: #optional uuid for this backup job
|
||||
+#
|
||||
+##
|
||||
+{ 'struct': 'BackupStatus',
|
||||
+ 'data': {'*status': 'str', '*errmsg': 'str', '*total': 'int',
|
||||
+ '*transferred': 'int', '*zero-bytes': 'int',
|
||||
+ '*start-time': 'int', '*end-time': 'int',
|
||||
+ '*backup-file': 'str', '*uuid': 'str' } }
|
||||
+
|
||||
+##
|
||||
+# @BackupFormat
|
||||
+#
|
||||
+# An enumeration of supported backup formats.
|
||||
+#
|
||||
+# @vma: Proxmox vma backup format
|
||||
+##
|
||||
+{ 'enum': 'BackupFormat',
|
||||
+ 'data': [ 'vma' ] }
|
||||
+
|
||||
+##
|
||||
+# @backup:
|
||||
+#
|
||||
+# Starts a VM backup.
|
||||
+#
|
||||
+# @backup-file: the backup file name
|
||||
+#
|
||||
+# @format: format of the backup file
|
||||
+#
|
||||
+# @config-filename: #optional name of a configuration file to include into
|
||||
+# the backup archive.
|
||||
+#
|
||||
+# @speed: #optional the maximum speed, in bytes per second
|
||||
+#
|
||||
+# @devlist: #optional list of block device names (separated by ',', ';'
|
||||
+# or ':'). By default the backup includes all writable block devices.
|
||||
+#
|
||||
+# Returns: the uuid of the backup job
|
||||
+#
|
||||
+##
|
||||
+{ 'command': 'backup', 'data': { 'backup-file': 'str',
|
||||
+ '*format': 'BackupFormat',
|
||||
+ '*config-file': 'str',
|
||||
+ '*devlist': 'str', '*speed': 'int' },
|
||||
+ 'returns': 'UuidInfo' }
|
||||
+
|
||||
+##
|
||||
+# @query-backup
|
||||
+#
|
||||
+# Returns information about current/last backup task.
|
||||
+#
|
||||
+# Returns: @BackupStatus
|
||||
+#
|
||||
+##
|
||||
+{ 'command': 'query-backup', 'returns': 'BackupStatus' }
|
||||
+
|
||||
+##
|
||||
+# @backup-cancel
|
||||
+#
|
||||
+# Cancel the current executing backup process.
|
||||
+#
|
||||
+# Returns: nothing on success
|
||||
+#
|
||||
+# Notes: This command succeeds even if there is no backup process running.
|
||||
+#
|
||||
+##
|
||||
+{ 'command': 'backup-cancel' }
|
||||
+
|
||||
##
|
||||
# @MigrationStats
|
||||
#
|
||||
diff --git a/qmp-commands.hx b/qmp-commands.hx
|
||||
index 6de28d4..a8e8522 100644
|
||||
--- a/qmp-commands.hx
|
||||
+++ b/qmp-commands.hx
|
||||
@@ -1314,6 +1314,24 @@ Example:
|
||||
EQMP
|
||||
|
||||
{
|
||||
+ .name = "backup",
|
||||
+ .args_type = "backup-file:s,format:s?,config-file:F?,speed:o?,devlist:s?",
|
||||
+ .mhandler.cmd_new = qmp_marshal_backup,
|
||||
+ },
|
||||
+
|
||||
+ {
|
||||
+ .name = "backup-cancel",
|
||||
+ .args_type = "",
|
||||
+ .mhandler.cmd_new = qmp_marshal_backup_cancel,
|
||||
+ },
|
||||
+
|
||||
+ {
|
||||
+ .name = "query-backup",
|
||||
+ .args_type = "",
|
||||
+ .mhandler.cmd_new = qmp_marshal_query_backup,
|
||||
+ },
|
||||
+
|
||||
+ {
|
||||
.name = "block-job-set-speed",
|
||||
.args_type = "device:B,speed:o",
|
||||
.mhandler.cmd_new = qmp_marshal_block_job_set_speed,
|
||||
--
|
||||
2.1.4
|
||||
|
286
debian/patches/pve/0016-backup-vma-add-dir-format.patch
vendored
Normal file
286
debian/patches/pve/0016-backup-vma-add-dir-format.patch
vendored
Normal file
@ -0,0 +1,286 @@
|
||||
From 210be0fc498989e7b029de90b9d2599fdcc343d3 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 15:21:54 +0100
|
||||
Subject: [PATCH 16/47] backup: vma: add dir format
|
||||
|
||||
---
|
||||
blockdev.c | 124 +++++++++++++++++++++++++++++++++++++++++--------------
|
||||
hmp-commands.hx | 8 ++--
|
||||
hmp.c | 4 +-
|
||||
qapi-schema.json | 2 +-
|
||||
vma.c | 2 +-
|
||||
5 files changed, 103 insertions(+), 37 deletions(-)
|
||||
|
||||
diff --git a/blockdev.c b/blockdev.c
|
||||
index 5417bb0..d8b1db8 100644
|
||||
--- a/blockdev.c
|
||||
+++ b/blockdev.c
|
||||
@@ -3001,6 +3001,8 @@ typedef struct PVEBackupDevInfo {
|
||||
uint8_t dev_id;
|
||||
//bool started;
|
||||
bool completed;
|
||||
+ char targetfile[PATH_MAX];
|
||||
+ BlockDriverState *target;
|
||||
} PVEBackupDevInfo;
|
||||
|
||||
static void pvebackup_run_next_job(void);
|
||||
@@ -3069,8 +3071,6 @@ static void pvebackup_complete_cb(void *opaque, int ret)
|
||||
{
|
||||
PVEBackupDevInfo *di = opaque;
|
||||
|
||||
- assert(backup_state.vmaw);
|
||||
-
|
||||
di->completed = true;
|
||||
|
||||
if (ret < 0 && !backup_state.error) {
|
||||
@@ -3081,8 +3081,11 @@ static void pvebackup_complete_cb(void *opaque, int ret)
|
||||
BlockDriverState *bs = di->bs;
|
||||
|
||||
di->bs = NULL;
|
||||
+ di->target = NULL;
|
||||
|
||||
- vma_writer_close_stream(backup_state.vmaw, di->dev_id);
|
||||
+ if (backup_state.vmaw) {
|
||||
+ vma_writer_close_stream(backup_state.vmaw, di->dev_id);
|
||||
+ }
|
||||
|
||||
block_job_cb(bs, ret);
|
||||
|
||||
@@ -3162,6 +3165,7 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
|
||||
{
|
||||
BlockBackend *blk;
|
||||
BlockDriverState *bs = NULL;
|
||||
+ const char *backup_dir = NULL;
|
||||
Error *local_err = NULL;
|
||||
uuid_t uuid;
|
||||
VmaWriter *vmaw = NULL;
|
||||
@@ -3179,11 +3183,6 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
|
||||
/* Todo: try to auto-detect format based on file name */
|
||||
format = has_format ? format : BACKUP_FORMAT_VMA;
|
||||
|
||||
- if (format != BACKUP_FORMAT_VMA) {
|
||||
- error_set(errp, ERROR_CLASS_GENERIC_ERROR, "unknown backup format");
|
||||
- return NULL;
|
||||
- }
|
||||
-
|
||||
if (has_devlist) {
|
||||
devs = g_strsplit_set(devlist, ",;:", -1);
|
||||
|
||||
@@ -3252,27 +3251,62 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
|
||||
|
||||
uuid_generate(uuid);
|
||||
|
||||
- vmaw = vma_writer_create(backup_file, uuid, &local_err);
|
||||
- if (!vmaw) {
|
||||
- if (local_err) {
|
||||
- error_propagate(errp, local_err);
|
||||
+ if (format == BACKUP_FORMAT_VMA) {
|
||||
+ vmaw = vma_writer_create(backup_file, uuid, &local_err);
|
||||
+ if (!vmaw) {
|
||||
+ if (local_err) {
|
||||
+ error_propagate(errp, local_err);
|
||||
+ }
|
||||
+ goto err;
|
||||
}
|
||||
- goto err;
|
||||
- }
|
||||
|
||||
- /* register all devices for vma writer */
|
||||
- l = di_list;
|
||||
- while (l) {
|
||||
- PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
|
||||
- l = g_list_next(l);
|
||||
+ /* register all devices for vma writer */
|
||||
+ l = di_list;
|
||||
+ while (l) {
|
||||
+ PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
|
||||
+ l = g_list_next(l);
|
||||
|
||||
- const char *devname = bdrv_get_device_name(di->bs);
|
||||
- di->dev_id = vma_writer_register_stream(vmaw, devname, di->size);
|
||||
- if (di->dev_id <= 0) {
|
||||
- error_set(errp, ERROR_CLASS_GENERIC_ERROR,
|
||||
- "register_stream failed");
|
||||
+ const char *devname = bdrv_get_device_name(di->bs);
|
||||
+ di->dev_id = vma_writer_register_stream(vmaw, devname, di->size);
|
||||
+ if (di->dev_id <= 0) {
|
||||
+ error_set(errp, ERROR_CLASS_GENERIC_ERROR,
|
||||
+ "register_stream failed");
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
+ } else if (format == BACKUP_FORMAT_DIR) {
|
||||
+ if (mkdir(backup_file, 0640) != 0) {
|
||||
+ error_setg_errno(errp, errno, "can't create directory '%s'\n",
|
||||
+ backup_file);
|
||||
goto err;
|
||||
}
|
||||
+ backup_dir = backup_file;
|
||||
+
|
||||
+ l = di_list;
|
||||
+ while (l) {
|
||||
+ PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
|
||||
+ l = g_list_next(l);
|
||||
+
|
||||
+ const char *devname = bdrv_get_device_name(di->bs);
|
||||
+ snprintf(di->targetfile, PATH_MAX, "%s/%s.raw", backup_dir, devname);
|
||||
+
|
||||
+ int flags = BDRV_O_RDWR;
|
||||
+ bdrv_img_create(di->targetfile, "raw", NULL, NULL, NULL,
|
||||
+ di->size, flags, &local_err, false);
|
||||
+ if (local_err) {
|
||||
+ error_propagate(errp, local_err);
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ di->target = bdrv_open(di->targetfile, NULL, NULL, flags, &local_err);
|
||||
+ if (!di->target) {
|
||||
+ error_propagate(errp, local_err);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
+ } else {
|
||||
+ error_set(errp, ERROR_CLASS_GENERIC_ERROR, "unknown backup format");
|
||||
+ goto err;
|
||||
}
|
||||
|
||||
/* add configuration file to archive */
|
||||
@@ -3285,12 +3319,27 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
|
||||
goto err;
|
||||
}
|
||||
|
||||
- const char *basename = g_path_get_basename(config_file);
|
||||
- if (vma_writer_add_config(vmaw, basename, cdata, clen) != 0) {
|
||||
- error_setg(errp, "unable to add config data to vma archive");
|
||||
- g_free(cdata);
|
||||
- goto err;
|
||||
+ char *basename = g_path_get_basename(config_file);
|
||||
+
|
||||
+ if (format == BACKUP_FORMAT_VMA) {
|
||||
+ if (vma_writer_add_config(vmaw, basename, cdata, clen) != 0) {
|
||||
+ error_setg(errp, "unable to add config data to vma archive");
|
||||
+ g_free(cdata);
|
||||
+ g_free(basename);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ } else if (format == BACKUP_FORMAT_DIR) {
|
||||
+ char config_path[PATH_MAX];
|
||||
+ snprintf(config_path, PATH_MAX, "%s/%s", backup_dir, basename);
|
||||
+ if (!g_file_set_contents(config_path, cdata, clen, &err)) {
|
||||
+ error_setg(errp, "unable to write config file '%s'", config_path);
|
||||
+ g_free(cdata);
|
||||
+ g_free(basename);
|
||||
+ goto err;
|
||||
+ }
|
||||
}
|
||||
+
|
||||
+ g_free(basename);
|
||||
g_free(cdata);
|
||||
}
|
||||
|
||||
@@ -3330,7 +3379,7 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
|
||||
PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
|
||||
l = g_list_next(l);
|
||||
|
||||
- backup_start(NULL, di->bs, NULL, speed, MIRROR_SYNC_MODE_FULL, NULL,
|
||||
+ backup_start(NULL, di->bs, di->target, speed, MIRROR_SYNC_MODE_FULL, NULL,
|
||||
BLOCKDEV_ON_ERROR_REPORT, BLOCKDEV_ON_ERROR_REPORT,
|
||||
pvebackup_dump_cb, pvebackup_complete_cb, di,
|
||||
1, NULL, &local_err);
|
||||
@@ -3352,8 +3401,17 @@ err:
|
||||
|
||||
l = di_list;
|
||||
while (l) {
|
||||
- g_free(l->data);
|
||||
+ PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
|
||||
l = g_list_next(l);
|
||||
+
|
||||
+ if (di->target) {
|
||||
+ bdrv_unref(di->target);
|
||||
+ }
|
||||
+
|
||||
+ if (di->targetfile[0]) {
|
||||
+ unlink(di->targetfile);
|
||||
+ }
|
||||
+ g_free(di);
|
||||
}
|
||||
g_list_free(di_list);
|
||||
|
||||
@@ -3367,6 +3425,10 @@ err:
|
||||
unlink(backup_file);
|
||||
}
|
||||
|
||||
+ if (backup_dir) {
|
||||
+ rmdir(backup_dir);
|
||||
+ }
|
||||
+
|
||||
return NULL;
|
||||
}
|
||||
|
||||
diff --git a/hmp-commands.hx b/hmp-commands.hx
|
||||
index 8f2f3e0..0e20ef9 100644
|
||||
--- a/hmp-commands.hx
|
||||
+++ b/hmp-commands.hx
|
||||
@@ -89,9 +89,11 @@ ETEXI
|
||||
|
||||
{
|
||||
.name = "backup",
|
||||
- .args_type = "backupfile:s,speed:o?,devlist:s?",
|
||||
- .params = "backupfile [speed [devlist]]",
|
||||
- .help = "create a VM Backup.",
|
||||
+ .args_type = "directory:-d,backupfile:s,speed:o?,devlist:s?",
|
||||
+ .params = "[-d] backupfile [speed [devlist]]",
|
||||
+ .help = "create a VM Backup."
|
||||
+ "\n\t\t\t Use -d to dump data into a directory instead"
|
||||
+ "\n\t\t\t of using VMA format.",
|
||||
.mhandler.cmd = hmp_backup,
|
||||
},
|
||||
|
||||
diff --git a/hmp.c b/hmp.c
|
||||
index 95da164..c23cf2f 100644
|
||||
--- a/hmp.c
|
||||
+++ b/hmp.c
|
||||
@@ -1544,11 +1544,13 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
|
||||
{
|
||||
Error *error = NULL;
|
||||
|
||||
+ int dir = qdict_get_try_bool(qdict, "directory", 0);
|
||||
const char *backup_file = qdict_get_str(qdict, "backupfile");
|
||||
const char *devlist = qdict_get_try_str(qdict, "devlist");
|
||||
int64_t speed = qdict_get_try_int(qdict, "speed", 0);
|
||||
|
||||
- qmp_backup(backup_file, true, BACKUP_FORMAT_VMA, false, NULL, !!devlist,
|
||||
+ qmp_backup(backup_file, true, dir ? BACKUP_FORMAT_DIR : BACKUP_FORMAT_VMA,
|
||||
+ false, NULL, !!devlist,
|
||||
devlist, qdict_haskey(qdict, "speed"), speed, &error);
|
||||
|
||||
hmp_handle_error(mon, &error);
|
||||
diff --git a/qapi-schema.json b/qapi-schema.json
|
||||
index 89d9ea6..147137d 100644
|
||||
--- a/qapi-schema.json
|
||||
+++ b/qapi-schema.json
|
||||
@@ -395,7 +395,7 @@
|
||||
# @vma: Proxmox vma backup format
|
||||
##
|
||||
{ 'enum': 'BackupFormat',
|
||||
- 'data': [ 'vma' ] }
|
||||
+ 'data': [ 'vma', 'dir' ] }
|
||||
|
||||
##
|
||||
# @backup:
|
||||
diff --git a/vma.c b/vma.c
|
||||
index 79bdd00..c88a4358 100644
|
||||
--- a/vma.c
|
||||
+++ b/vma.c
|
||||
@@ -263,7 +263,7 @@ static int extract_content(int argc, char **argv)
|
||||
g_free(statefn);
|
||||
} else if (di) {
|
||||
char *devfn = NULL;
|
||||
- int flags = BDRV_O_RDWR|BDRV_O_CACHE_WB;
|
||||
+ int flags = BDRV_O_RDWR;
|
||||
bool write_zero = true;
|
||||
|
||||
if (readmap) {
|
||||
--
|
||||
2.1.4
|
||||
|
77
debian/patches/pve/0017-backup-do-not-return-errors-in-dump-callback.patch
vendored
Normal file
77
debian/patches/pve/0017-backup-do-not-return-errors-in-dump-callback.patch
vendored
Normal file
@ -0,0 +1,77 @@
|
||||
From 8a10cce2efa3d8906617939a5c644c9cb7104ef6 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 15:22:19 +0100
|
||||
Subject: [PATCH 17/47] backup: do not return errors in dump callback
|
||||
|
||||
---
|
||||
blockdev.c | 26 ++++++++++++++++++++------
|
||||
1 file changed, 20 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/blockdev.c b/blockdev.c
|
||||
index d8b1db8..fb71cdc 100644
|
||||
--- a/blockdev.c
|
||||
+++ b/blockdev.c
|
||||
@@ -3013,6 +3013,11 @@ static int pvebackup_dump_cb(void *opaque, BlockBackend *target,
|
||||
{
|
||||
PVEBackupDevInfo *di = opaque;
|
||||
|
||||
+ int size = n_sectors * BDRV_SECTOR_SIZE;
|
||||
+ if (backup_state.cancel) {
|
||||
+ return size; // return success
|
||||
+ }
|
||||
+
|
||||
if (sector_num & 0x7f) {
|
||||
if (!backup_state.error) {
|
||||
error_setg(&backup_state.error,
|
||||
@@ -3023,7 +3028,6 @@ static int pvebackup_dump_cb(void *opaque, BlockBackend *target,
|
||||
}
|
||||
|
||||
int64_t cluster_num = sector_num >> 7;
|
||||
- int size = n_sectors * BDRV_SECTOR_SIZE;
|
||||
|
||||
int ret = -1;
|
||||
|
||||
@@ -3031,17 +3035,27 @@ static int pvebackup_dump_cb(void *opaque, BlockBackend *target,
|
||||
size_t zero_bytes = 0;
|
||||
ret = vma_writer_write(backup_state.vmaw, di->dev_id, cluster_num,
|
||||
buf, &zero_bytes);
|
||||
- backup_state.zero_bytes += zero_bytes;
|
||||
+ if (ret < 0) {
|
||||
+ if (!backup_state.error) {
|
||||
+ error_setg(&backup_state.error, "vma_writer_write error %d", ret);
|
||||
+ }
|
||||
+ if (di->bs && di->bs->job) {
|
||||
+ block_job_cancel(di->bs->job);
|
||||
+ }
|
||||
+ } else {
|
||||
+ backup_state.zero_bytes += zero_bytes;
|
||||
+ backup_state.transferred += size;
|
||||
+ }
|
||||
} else {
|
||||
- ret = size;
|
||||
if (!buf) {
|
||||
backup_state.zero_bytes += size;
|
||||
}
|
||||
+ backup_state.transferred += size;
|
||||
}
|
||||
|
||||
- backup_state.transferred += size;
|
||||
+ // Note: always return success, because we want that writes succeed anyways.
|
||||
|
||||
- return ret;
|
||||
+ return size;
|
||||
}
|
||||
|
||||
static void pvebackup_cleanup(void)
|
||||
@@ -3113,7 +3127,7 @@ static void pvebackup_cancel(void *opaque)
|
||||
BlockJob *job = di->bs->job;
|
||||
if (job) {
|
||||
if (!di->completed) {
|
||||
- block_job_cancel_sync(job);
|
||||
+ block_job_cancel_sync(job);
|
||||
}
|
||||
}
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
57
debian/patches/pve/0018-backup-vma-correctly-propagate-error.patch
vendored
Normal file
57
debian/patches/pve/0018-backup-vma-correctly-propagate-error.patch
vendored
Normal file
@ -0,0 +1,57 @@
|
||||
From c31ba8ff9485b7648ca45952b9e7ccd74c50ac40 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 15:39:36 +0100
|
||||
Subject: [PATCH 18/47] backup: vma: correctly propagate error
|
||||
|
||||
---
|
||||
blockdev.c | 2 +-
|
||||
vma-writer.c | 7 +++++++
|
||||
vma.h | 1 +
|
||||
3 files changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/blockdev.c b/blockdev.c
|
||||
index fb71cdc..2e51913 100644
|
||||
--- a/blockdev.c
|
||||
+++ b/blockdev.c
|
||||
@@ -3037,7 +3037,7 @@ static int pvebackup_dump_cb(void *opaque, BlockBackend *target,
|
||||
buf, &zero_bytes);
|
||||
if (ret < 0) {
|
||||
if (!backup_state.error) {
|
||||
- error_setg(&backup_state.error, "vma_writer_write error %d", ret);
|
||||
+ vma_writer_error_propagate(backup_state.vmaw, &backup_state.error);
|
||||
}
|
||||
if (di->bs && di->bs->job) {
|
||||
block_job_cancel(di->bs->job);
|
||||
diff --git a/vma-writer.c b/vma-writer.c
|
||||
index b0cf529..689e988 100644
|
||||
--- a/vma-writer.c
|
||||
+++ b/vma-writer.c
|
||||
@@ -792,6 +792,13 @@ vma_writer_write(VmaWriter *vmaw, uint8_t dev_id, int64_t cluster_num,
|
||||
return transferred;
|
||||
}
|
||||
|
||||
+void vma_writer_error_propagate(VmaWriter *vmaw, Error **errp)
|
||||
+{
|
||||
+ if (vmaw->status < 0 && *errp == NULL) {
|
||||
+ error_setg(errp, "%s", vmaw->errmsg);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
int vma_writer_close(VmaWriter *vmaw, Error **errp)
|
||||
{
|
||||
g_assert(vmaw != NULL);
|
||||
diff --git a/vma.h b/vma.h
|
||||
index 9bb6ea4..98377e4 100644
|
||||
--- a/vma.h
|
||||
+++ b/vma.h
|
||||
@@ -116,6 +116,7 @@ typedef struct VmaDeviceInfo {
|
||||
|
||||
VmaWriter *vma_writer_create(const char *filename, uuid_t uuid, Error **errp);
|
||||
int vma_writer_close(VmaWriter *vmaw, Error **errp);
|
||||
+void vma_writer_error_propagate(VmaWriter *vmaw, Error **errp);
|
||||
void vma_writer_destroy(VmaWriter *vmaw);
|
||||
int vma_writer_add_config(VmaWriter *vmaw, const char *name, gpointer data,
|
||||
size_t len);
|
||||
--
|
||||
2.1.4
|
||||
|
317
debian/patches/pve/0019-backup-vma-remove-async-queue.patch
vendored
Normal file
317
debian/patches/pve/0019-backup-vma-remove-async-queue.patch
vendored
Normal file
@ -0,0 +1,317 @@
|
||||
From fb3d52b336cd8404055bf0b3b8d825c6f5247fef Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 15:40:00 +0100
|
||||
Subject: [PATCH 19/47] backup: vma: remove async queue
|
||||
|
||||
---
|
||||
blockdev.c | 6 ++
|
||||
vma-writer.c | 179 +++++++++++------------------------------------------------
|
||||
2 files changed, 38 insertions(+), 147 deletions(-)
|
||||
|
||||
diff --git a/blockdev.c b/blockdev.c
|
||||
index 2e51913..1491c2d 100644
|
||||
--- a/blockdev.c
|
||||
+++ b/blockdev.c
|
||||
@@ -3116,6 +3116,11 @@ static void pvebackup_cancel(void *opaque)
|
||||
error_setg(&backup_state.error, "backup cancelled");
|
||||
}
|
||||
|
||||
+ if (backup_state.vmaw) {
|
||||
+ /* make sure vma writer does not block anymore */
|
||||
+ vma_writer_set_error(backup_state.vmaw, "backup cancelled");
|
||||
+ }
|
||||
+
|
||||
/* drain all i/o (awake jobs waiting for aio) */
|
||||
bdrv_drain_all();
|
||||
|
||||
@@ -3128,6 +3133,7 @@ static void pvebackup_cancel(void *opaque)
|
||||
if (job) {
|
||||
if (!di->completed) {
|
||||
block_job_cancel_sync(job);
|
||||
+ bdrv_drain_all(); /* drain all i/o (awake jobs waiting for aio) */
|
||||
}
|
||||
}
|
||||
}
|
||||
diff --git a/vma-writer.c b/vma-writer.c
|
||||
index 689e988..6d3119d 100644
|
||||
--- a/vma-writer.c
|
||||
+++ b/vma-writer.c
|
||||
@@ -28,14 +28,8 @@
|
||||
do { if (DEBUG_VMA) { printf("vma: " fmt, ## __VA_ARGS__); } } while (0)
|
||||
|
||||
#define WRITE_BUFFERS 5
|
||||
-
|
||||
-typedef struct VmaAIOCB VmaAIOCB;
|
||||
-struct VmaAIOCB {
|
||||
- unsigned char buffer[VMA_MAX_EXTENT_SIZE];
|
||||
- VmaWriter *vmaw;
|
||||
- size_t bytes;
|
||||
- Coroutine *co;
|
||||
-};
|
||||
+#define HEADER_CLUSTERS 8
|
||||
+#define HEADERBUF_SIZE (VMA_CLUSTER_SIZE*HEADER_CLUSTERS)
|
||||
|
||||
struct VmaWriter {
|
||||
int fd;
|
||||
@@ -47,16 +41,14 @@ struct VmaWriter {
|
||||
bool closed;
|
||||
|
||||
/* we always write extents */
|
||||
- unsigned char outbuf[VMA_MAX_EXTENT_SIZE];
|
||||
+ unsigned char *outbuf;
|
||||
int outbuf_pos; /* in bytes */
|
||||
int outbuf_count; /* in VMA_BLOCKS */
|
||||
uint64_t outbuf_block_info[VMA_BLOCKS_PER_EXTENT];
|
||||
|
||||
- VmaAIOCB *aiocbs[WRITE_BUFFERS];
|
||||
- CoQueue wqueue;
|
||||
+ unsigned char *headerbuf;
|
||||
|
||||
GChecksum *md5csum;
|
||||
- CoMutex writer_lock;
|
||||
CoMutex flush_lock;
|
||||
Coroutine *co_writer;
|
||||
|
||||
@@ -217,38 +209,39 @@ static void vma_co_continue_write(void *opaque)
|
||||
}
|
||||
|
||||
static ssize_t coroutine_fn
|
||||
-vma_co_write(VmaWriter *vmaw, const void *buf, size_t bytes)
|
||||
+vma_queue_write(VmaWriter *vmaw, const void *buf, size_t bytes)
|
||||
{
|
||||
- size_t done = 0;
|
||||
- ssize_t ret;
|
||||
+ DPRINTF("vma_queue_write enter %zd\n", bytes);
|
||||
|
||||
- /* atomic writes (we cannot interleave writes) */
|
||||
- qemu_co_mutex_lock(&vmaw->writer_lock);
|
||||
+ assert(vmaw);
|
||||
+ assert(buf);
|
||||
+ assert(bytes <= VMA_MAX_EXTENT_SIZE);
|
||||
|
||||
- DPRINTF("vma_co_write enter %zd\n", bytes);
|
||||
+ size_t done = 0;
|
||||
+ ssize_t ret;
|
||||
|
||||
assert(vmaw->co_writer == NULL);
|
||||
|
||||
vmaw->co_writer = qemu_coroutine_self();
|
||||
|
||||
- aio_set_fd_handler(qemu_get_aio_context(), vmaw->fd, false, NULL, vma_co_continue_write, vmaw);
|
||||
-
|
||||
- DPRINTF("vma_co_write wait until writable\n");
|
||||
- qemu_coroutine_yield();
|
||||
- DPRINTF("vma_co_write starting %zd\n", bytes);
|
||||
-
|
||||
while (done < bytes) {
|
||||
+ aio_set_fd_handler(qemu_get_aio_context(), vmaw->fd, false, NULL, vma_co_continue_write, vmaw);
|
||||
+ qemu_coroutine_yield();
|
||||
+ aio_set_fd_handler(qemu_get_aio_context(), vmaw->fd, false, NULL, NULL, NULL);
|
||||
+ if (vmaw->status < 0) {
|
||||
+ DPRINTF("vma_queue_write detected canceled backup\n");
|
||||
+ done = -1;
|
||||
+ break;
|
||||
+ }
|
||||
ret = write(vmaw->fd, buf + done, bytes - done);
|
||||
if (ret > 0) {
|
||||
done += ret;
|
||||
- DPRINTF("vma_co_write written %zd %zd\n", done, ret);
|
||||
+ DPRINTF("vma_queue_write written %zd %zd\n", done, ret);
|
||||
} else if (ret < 0) {
|
||||
if (errno == EAGAIN || errno == EWOULDBLOCK) {
|
||||
- DPRINTF("vma_co_write yield %zd\n", done);
|
||||
- qemu_coroutine_yield();
|
||||
- DPRINTF("vma_co_write restart %zd\n", done);
|
||||
- } else {
|
||||
- vma_writer_set_error(vmaw, "vma_co_write write error - %s",
|
||||
+ /* try again */
|
||||
+ } else {
|
||||
+ vma_writer_set_error(vmaw, "vma_queue_write: write error - %s",
|
||||
g_strerror(errno));
|
||||
done = -1; /* always return failure for partial writes */
|
||||
break;
|
||||
@@ -258,102 +251,9 @@ vma_co_write(VmaWriter *vmaw, const void *buf, size_t bytes)
|
||||
}
|
||||
}
|
||||
|
||||
- aio_set_fd_handler(qemu_get_aio_context(), vmaw->fd, false, NULL, NULL, NULL);
|
||||
-
|
||||
vmaw->co_writer = NULL;
|
||||
-
|
||||
- qemu_co_mutex_unlock(&vmaw->writer_lock);
|
||||
-
|
||||
- DPRINTF("vma_co_write leave %zd\n", done);
|
||||
- return done;
|
||||
-}
|
||||
-
|
||||
-static void coroutine_fn vma_co_writer_task(void *opaque)
|
||||
-{
|
||||
- VmaAIOCB *cb = opaque;
|
||||
-
|
||||
- DPRINTF("vma_co_writer_task start\n");
|
||||
-
|
||||
- int64_t done = vma_co_write(cb->vmaw, cb->buffer, cb->bytes);
|
||||
- DPRINTF("vma_co_writer_task write done %zd\n", done);
|
||||
-
|
||||
- if (done != cb->bytes) {
|
||||
- DPRINTF("vma_co_writer_task failed write %zd %zd", cb->bytes, done);
|
||||
- vma_writer_set_error(cb->vmaw, "vma_co_writer_task failed write %zd",
|
||||
- done);
|
||||
- }
|
||||
-
|
||||
- cb->bytes = 0;
|
||||
-
|
||||
- qemu_co_queue_next(&cb->vmaw->wqueue);
|
||||
-
|
||||
- DPRINTF("vma_co_writer_task end\n");
|
||||
-}
|
||||
-
|
||||
-static void coroutine_fn vma_queue_flush(VmaWriter *vmaw)
|
||||
-{
|
||||
- DPRINTF("vma_queue_flush enter\n");
|
||||
-
|
||||
- assert(vmaw);
|
||||
-
|
||||
- while (1) {
|
||||
- int i;
|
||||
- VmaAIOCB *cb = NULL;
|
||||
- for (i = 0; i < WRITE_BUFFERS; i++) {
|
||||
- if (vmaw->aiocbs[i]->bytes) {
|
||||
- cb = vmaw->aiocbs[i];
|
||||
- DPRINTF("FOUND USED AIO BUFFER %d %zd\n", i,
|
||||
- vmaw->aiocbs[i]->bytes);
|
||||
- break;
|
||||
- }
|
||||
- }
|
||||
- if (!cb) {
|
||||
- break;
|
||||
- }
|
||||
- qemu_co_queue_wait(&vmaw->wqueue);
|
||||
- }
|
||||
-
|
||||
- DPRINTF("vma_queue_flush leave\n");
|
||||
-}
|
||||
-
|
||||
-/**
|
||||
- * NOTE: pipe buffer size in only 4096 bytes on linux (see 'ulimit -a')
|
||||
- * So we need to create a coroutione to allow 'parallel' execution.
|
||||
- */
|
||||
-static ssize_t coroutine_fn
|
||||
-vma_queue_write(VmaWriter *vmaw, const void *buf, size_t bytes)
|
||||
-{
|
||||
- DPRINTF("vma_queue_write enter %zd\n", bytes);
|
||||
-
|
||||
- assert(vmaw);
|
||||
- assert(buf);
|
||||
- assert(bytes <= VMA_MAX_EXTENT_SIZE);
|
||||
-
|
||||
- VmaAIOCB *cb = NULL;
|
||||
- while (!cb) {
|
||||
- int i;
|
||||
- for (i = 0; i < WRITE_BUFFERS; i++) {
|
||||
- if (!vmaw->aiocbs[i]->bytes) {
|
||||
- cb = vmaw->aiocbs[i];
|
||||
- break;
|
||||
- }
|
||||
- }
|
||||
- if (!cb) {
|
||||
- qemu_co_queue_wait(&vmaw->wqueue);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- memcpy(cb->buffer, buf, bytes);
|
||||
- cb->bytes = bytes;
|
||||
- cb->vmaw = vmaw;
|
||||
-
|
||||
- DPRINTF("vma_queue_write start %zd\n", bytes);
|
||||
- cb->co = qemu_coroutine_create(vma_co_writer_task);
|
||||
- qemu_coroutine_enter(cb->co, cb);
|
||||
-
|
||||
- DPRINTF("vma_queue_write leave\n");
|
||||
-
|
||||
- return bytes;
|
||||
+
|
||||
+ return (done == bytes) ? bytes : -1;
|
||||
}
|
||||
|
||||
VmaWriter *vma_writer_create(const char *filename, uuid_t uuid, Error **errp)
|
||||
@@ -420,20 +320,16 @@ VmaWriter *vma_writer_create(const char *filename, uuid_t uuid, Error **errp)
|
||||
}
|
||||
|
||||
/* we use O_DIRECT, so we need to align IO buffers */
|
||||
- int i;
|
||||
- for (i = 0; i < WRITE_BUFFERS; i++) {
|
||||
- vmaw->aiocbs[i] = qemu_memalign(512, sizeof(VmaAIOCB));
|
||||
- memset(vmaw->aiocbs[i], 0, sizeof(VmaAIOCB));
|
||||
- }
|
||||
+
|
||||
+ vmaw->outbuf = qemu_memalign(512, VMA_MAX_EXTENT_SIZE);
|
||||
+ vmaw->headerbuf = qemu_memalign(512, HEADERBUF_SIZE);
|
||||
|
||||
vmaw->outbuf_count = 0;
|
||||
vmaw->outbuf_pos = VMA_EXTENT_HEADER_SIZE;
|
||||
|
||||
vmaw->header_blob_table_pos = 1; /* start at pos 1 */
|
||||
|
||||
- qemu_co_mutex_init(&vmaw->writer_lock);
|
||||
qemu_co_mutex_init(&vmaw->flush_lock);
|
||||
- qemu_co_queue_init(&vmaw->wqueue);
|
||||
|
||||
uuid_copy(vmaw->uuid, uuid);
|
||||
|
||||
@@ -460,8 +356,7 @@ err:
|
||||
static int coroutine_fn vma_write_header(VmaWriter *vmaw)
|
||||
{
|
||||
assert(vmaw);
|
||||
- int header_clusters = 8;
|
||||
- char buf[65536*header_clusters];
|
||||
+ unsigned char *buf = vmaw->headerbuf;
|
||||
VmaHeader *head = (VmaHeader *)buf;
|
||||
|
||||
int i;
|
||||
@@ -472,7 +367,7 @@ static int coroutine_fn vma_write_header(VmaWriter *vmaw)
|
||||
return vmaw->status;
|
||||
}
|
||||
|
||||
- memset(buf, 0, sizeof(buf));
|
||||
+ memset(buf, 0, HEADERBUF_SIZE);
|
||||
|
||||
head->magic = VMA_MAGIC;
|
||||
head->version = GUINT32_TO_BE(1); /* v1 */
|
||||
@@ -507,7 +402,7 @@ static int coroutine_fn vma_write_header(VmaWriter *vmaw)
|
||||
uint32_t header_size = sizeof(VmaHeader) + vmaw->header_blob_table_size;
|
||||
head->header_size = GUINT32_TO_BE(header_size);
|
||||
|
||||
- if (header_size > sizeof(buf)) {
|
||||
+ if (header_size > HEADERBUF_SIZE) {
|
||||
return -1; /* just to be sure */
|
||||
}
|
||||
|
||||
@@ -805,13 +700,7 @@ int vma_writer_close(VmaWriter *vmaw, Error **errp)
|
||||
|
||||
int i;
|
||||
|
||||
- vma_queue_flush(vmaw);
|
||||
-
|
||||
- /* this should not happen - just to be sure */
|
||||
- while (!qemu_co_queue_empty(&vmaw->wqueue)) {
|
||||
- DPRINTF("vma_writer_close wait\n");
|
||||
- co_aio_sleep_ns(qemu_get_aio_context(), QEMU_CLOCK_REALTIME, 1000000);
|
||||
- }
|
||||
+ assert(vmaw->co_writer == NULL);
|
||||
|
||||
if (vmaw->cmd) {
|
||||
if (pclose(vmaw->cmd) < 0) {
|
||||
@@ -869,9 +758,5 @@ void vma_writer_destroy(VmaWriter *vmaw)
|
||||
g_checksum_free(vmaw->md5csum);
|
||||
}
|
||||
|
||||
- for (i = 0; i < WRITE_BUFFERS; i++) {
|
||||
- free(vmaw->aiocbs[i]);
|
||||
- }
|
||||
-
|
||||
g_free(vmaw);
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
56
debian/patches/pve/0020-backup-vma-run-flush-inside-coroutine.patch
vendored
Normal file
56
debian/patches/pve/0020-backup-vma-run-flush-inside-coroutine.patch
vendored
Normal file
@ -0,0 +1,56 @@
|
||||
From 3e0869f3ef3fc5537d90d22cde89f1384b164e70 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 15:40:42 +0100
|
||||
Subject: [PATCH 20/47] backup: vma: run flush inside coroutine
|
||||
|
||||
---
|
||||
blockdev.c | 10 +++++++++-
|
||||
vma-writer.c | 4 ++++
|
||||
2 files changed, 13 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/blockdev.c b/blockdev.c
|
||||
index 1491c2d..f3c0c58 100644
|
||||
--- a/blockdev.c
|
||||
+++ b/blockdev.c
|
||||
@@ -3081,6 +3081,13 @@ static void pvebackup_cleanup(void)
|
||||
}
|
||||
}
|
||||
|
||||
+static void coroutine_fn backup_close_vma_stream(void *opaque)
|
||||
+{
|
||||
+ PVEBackupDevInfo *di = opaque;
|
||||
+
|
||||
+ vma_writer_close_stream(backup_state.vmaw, di->dev_id);
|
||||
+}
|
||||
+
|
||||
static void pvebackup_complete_cb(void *opaque, int ret)
|
||||
{
|
||||
PVEBackupDevInfo *di = opaque;
|
||||
@@ -3098,7 +3105,8 @@ static void pvebackup_complete_cb(void *opaque, int ret)
|
||||
di->target = NULL;
|
||||
|
||||
if (backup_state.vmaw) {
|
||||
- vma_writer_close_stream(backup_state.vmaw, di->dev_id);
|
||||
+ Coroutine *co = qemu_coroutine_create(backup_close_vma_stream, di);
|
||||
+ qemu_coroutine_enter(co);
|
||||
}
|
||||
|
||||
block_job_cb(bs, ret);
|
||||
diff --git a/vma-writer.c b/vma-writer.c
|
||||
index 6d3119d..79b7fd4 100644
|
||||
--- a/vma-writer.c
|
||||
+++ b/vma-writer.c
|
||||
@@ -700,6 +700,10 @@ int vma_writer_close(VmaWriter *vmaw, Error **errp)
|
||||
|
||||
int i;
|
||||
|
||||
+ while (vmaw->co_writer) {
|
||||
+ aio_poll(qemu_get_aio_context(), true);
|
||||
+ }
|
||||
+
|
||||
assert(vmaw->co_writer == NULL);
|
||||
|
||||
if (vmaw->cmd) {
|
||||
--
|
||||
2.1.4
|
||||
|
36
debian/patches/pve/0021-backup-do-not-use-bdrv_drain_all.patch
vendored
Normal file
36
debian/patches/pve/0021-backup-do-not-use-bdrv_drain_all.patch
vendored
Normal file
@ -0,0 +1,36 @@
|
||||
From e7cf613192638f5ac24629961c4010a3b3575ad6 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 15:41:13 +0100
|
||||
Subject: [PATCH 21/47] backup: do not use bdrv_drain_all
|
||||
|
||||
---
|
||||
blockdev.c | 6 +-----
|
||||
1 file changed, 1 insertion(+), 5 deletions(-)
|
||||
|
||||
diff --git a/blockdev.c b/blockdev.c
|
||||
index f3c0c58..2371cf3 100644
|
||||
--- a/blockdev.c
|
||||
+++ b/blockdev.c
|
||||
@@ -3129,9 +3129,6 @@ static void pvebackup_cancel(void *opaque)
|
||||
vma_writer_set_error(backup_state.vmaw, "backup cancelled");
|
||||
}
|
||||
|
||||
- /* drain all i/o (awake jobs waiting for aio) */
|
||||
- bdrv_drain_all();
|
||||
-
|
||||
GList *l = backup_state.di_list;
|
||||
while (l) {
|
||||
PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
|
||||
@@ -3140,8 +3137,7 @@ static void pvebackup_cancel(void *opaque)
|
||||
BlockJob *job = di->bs->job;
|
||||
if (job) {
|
||||
if (!di->completed) {
|
||||
- block_job_cancel_sync(job);
|
||||
- bdrv_drain_all(); /* drain all i/o (awake jobs waiting for aio) */
|
||||
+ block_job_cancel_sync(job);
|
||||
}
|
||||
}
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
1000
debian/patches/pve/0022-internal-snapshot-async.patch
vendored
Normal file
1000
debian/patches/pve/0022-internal-snapshot-async.patch
vendored
Normal file
File diff suppressed because it is too large
Load Diff
256
debian/patches/pve/0023-backup-vma-allow-empty-backups.patch
vendored
Normal file
256
debian/patches/pve/0023-backup-vma-allow-empty-backups.patch
vendored
Normal file
@ -0,0 +1,256 @@
|
||||
From e9b9fd9156a6631998ec4b4254fe2e91859b340a Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 16:31:51 +0100
|
||||
Subject: [PATCH 23/47] backup: vma: allow empty backups
|
||||
|
||||
---
|
||||
vma-reader.c | 29 ++++++++++++-------------
|
||||
vma-writer.c | 30 ++++++++++++++++----------
|
||||
vma.c | 70 ++++++++++++++++++++++++++++++++++++------------------------
|
||||
vma.h | 1 +
|
||||
4 files changed, 76 insertions(+), 54 deletions(-)
|
||||
|
||||
diff --git a/vma-reader.c b/vma-reader.c
|
||||
index 2aafb26..78f1de9 100644
|
||||
--- a/vma-reader.c
|
||||
+++ b/vma-reader.c
|
||||
@@ -326,11 +326,6 @@ static int vma_reader_read_head(VmaReader *vmar, Error **errp)
|
||||
}
|
||||
}
|
||||
|
||||
- if (!count) {
|
||||
- error_setg(errp, "vma does not contain data");
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
for (i = 0; i < VMA_MAX_CONFIGS; i++) {
|
||||
uint32_t name_ptr = GUINT32_FROM_BE(h->config_names[i]);
|
||||
uint32_t data_ptr = GUINT32_FROM_BE(h->config_data[i]);
|
||||
@@ -822,16 +817,20 @@ static int vma_reader_restore_full(VmaReader *vmar, int vmstate_fd,
|
||||
}
|
||||
|
||||
if (verbose) {
|
||||
- printf("total bytes read %zd, sparse bytes %zd (%.3g%%)\n",
|
||||
- vmar->clusters_read*VMA_CLUSTER_SIZE,
|
||||
- vmar->zero_cluster_data,
|
||||
- (double)(100.0*vmar->zero_cluster_data)/
|
||||
- (vmar->clusters_read*VMA_CLUSTER_SIZE));
|
||||
-
|
||||
- int64_t datasize = vmar->clusters_read*VMA_CLUSTER_SIZE-vmar->zero_cluster_data;
|
||||
- if (datasize) { // this does not make sense for empty files
|
||||
- printf("space reduction due to 4K zero blocks %.3g%%\n",
|
||||
- (double)(100.0*vmar->partial_zero_cluster_data) / datasize);
|
||||
+ if (vmar->clusters_read) {
|
||||
+ printf("total bytes read %zd, sparse bytes %zd (%.3g%%)\n",
|
||||
+ vmar->clusters_read*VMA_CLUSTER_SIZE,
|
||||
+ vmar->zero_cluster_data,
|
||||
+ (double)(100.0*vmar->zero_cluster_data)/
|
||||
+ (vmar->clusters_read*VMA_CLUSTER_SIZE));
|
||||
+
|
||||
+ int64_t datasize = vmar->clusters_read*VMA_CLUSTER_SIZE-vmar->zero_cluster_data;
|
||||
+ if (datasize) { // this does not make sense for empty files
|
||||
+ printf("space reduction due to 4K zero blocks %.3g%%\n",
|
||||
+ (double)(100.0*vmar->partial_zero_cluster_data) / datasize);
|
||||
+ }
|
||||
+ } else {
|
||||
+ printf("vma archive contains no image data\n");
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
diff --git a/vma-writer.c b/vma-writer.c
|
||||
index 79b7fd4..0d26fc6 100644
|
||||
--- a/vma-writer.c
|
||||
+++ b/vma-writer.c
|
||||
@@ -252,7 +252,7 @@ vma_queue_write(VmaWriter *vmaw, const void *buf, size_t bytes)
|
||||
}
|
||||
|
||||
vmaw->co_writer = NULL;
|
||||
-
|
||||
+
|
||||
return (done == bytes) ? bytes : -1;
|
||||
}
|
||||
|
||||
@@ -376,10 +376,6 @@ static int coroutine_fn vma_write_header(VmaWriter *vmaw)
|
||||
time_t ctime = time(NULL);
|
||||
head->ctime = GUINT64_TO_BE(ctime);
|
||||
|
||||
- if (!vmaw->stream_count) {
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
for (i = 0; i < VMA_MAX_CONFIGS; i++) {
|
||||
head->config_names[i] = GUINT32_TO_BE(vmaw->config_names[i]);
|
||||
head->config_data[i] = GUINT32_TO_BE(vmaw->config_data[i]);
|
||||
@@ -496,6 +492,23 @@ static int vma_count_open_streams(VmaWriter *vmaw)
|
||||
return open_drives;
|
||||
}
|
||||
|
||||
+
|
||||
+/**
|
||||
+ * You need to call this if the vma archive does not contain
|
||||
+ * any data stream.
|
||||
+ */
|
||||
+int coroutine_fn
|
||||
+vma_writer_flush_output(VmaWriter *vmaw)
|
||||
+{
|
||||
+ qemu_co_mutex_lock(&vmaw->flush_lock);
|
||||
+ int ret = vma_writer_flush(vmaw);
|
||||
+ qemu_co_mutex_unlock(&vmaw->flush_lock);
|
||||
+ if (ret < 0) {
|
||||
+ vma_writer_set_error(vmaw, "vma_writer_flush_header failed");
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
/**
|
||||
* all jobs should call this when there is no more data
|
||||
* Returns: number of remaining stream (0 ==> finished)
|
||||
@@ -523,12 +536,7 @@ vma_writer_close_stream(VmaWriter *vmaw, uint8_t dev_id)
|
||||
|
||||
if (open_drives <= 0) {
|
||||
DPRINTF("vma_writer_set_status all drives completed\n");
|
||||
- qemu_co_mutex_lock(&vmaw->flush_lock);
|
||||
- int ret = vma_writer_flush(vmaw);
|
||||
- qemu_co_mutex_unlock(&vmaw->flush_lock);
|
||||
- if (ret < 0) {
|
||||
- vma_writer_set_error(vmaw, "vma_writer_close_stream: flush failed");
|
||||
- }
|
||||
+ vma_writer_flush_output(vmaw);
|
||||
}
|
||||
|
||||
return open_drives;
|
||||
diff --git a/vma.c b/vma.c
|
||||
index c88a4358..08e4725 100644
|
||||
--- a/vma.c
|
||||
+++ b/vma.c
|
||||
@@ -27,7 +27,7 @@ static void help(void)
|
||||
"\n"
|
||||
"vma list <filename>\n"
|
||||
"vma config <filename> [-c config]\n"
|
||||
- "vma create <filename> [-c config] <archive> pathname ...\n"
|
||||
+ "vma create <filename> [-c config] pathname ...\n"
|
||||
"vma extract <filename> [-r <fifo>] <targetdir>\n"
|
||||
"vma verify <filename> [-v]\n"
|
||||
;
|
||||
@@ -395,6 +395,18 @@ typedef struct BackupJob {
|
||||
|
||||
#define BACKUP_SECTORS_PER_CLUSTER (VMA_CLUSTER_SIZE / BDRV_SECTOR_SIZE)
|
||||
|
||||
+static void coroutine_fn backup_run_empty(void *opaque)
|
||||
+{
|
||||
+ VmaWriter *vmaw = (VmaWriter *)opaque;
|
||||
+
|
||||
+ vma_writer_flush_output(vmaw);
|
||||
+
|
||||
+ Error *err = NULL;
|
||||
+ if (vma_writer_close(vmaw, &err) != 0) {
|
||||
+ g_warning("vma_writer_close failed %s", error_get_pretty(err));
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
static void coroutine_fn backup_run(void *opaque)
|
||||
{
|
||||
BackupJob *job = (BackupJob *)opaque;
|
||||
@@ -468,8 +480,8 @@ static int create_archive(int argc, char **argv)
|
||||
}
|
||||
|
||||
|
||||
- /* make sure we have archive name and at least one path */
|
||||
- if ((optind + 2) > argc) {
|
||||
+ /* make sure we an archive name */
|
||||
+ if ((optind + 1) > argc) {
|
||||
help();
|
||||
}
|
||||
|
||||
@@ -504,11 +516,11 @@ static int create_archive(int argc, char **argv)
|
||||
l = g_list_next(l);
|
||||
}
|
||||
|
||||
- int ind = 0;
|
||||
+ int devcount = 0;
|
||||
while (optind < argc) {
|
||||
const char *path = argv[optind++];
|
||||
char *devname = NULL;
|
||||
- path = extract_devname(path, &devname, ind++);
|
||||
+ path = extract_devname(path, &devname, devcount++);
|
||||
|
||||
Error *errp = NULL;
|
||||
BlockDriverState *bs;
|
||||
@@ -539,37 +551,39 @@ static int create_archive(int argc, char **argv)
|
||||
int percent = 0;
|
||||
int last_percent = -1;
|
||||
|
||||
- while (1) {
|
||||
- main_loop_wait(false);
|
||||
- vma_writer_get_status(vmaw, &vmastat);
|
||||
+ if (devcount) {
|
||||
+ while (1) {
|
||||
+ main_loop_wait(false);
|
||||
+ vma_writer_get_status(vmaw, &vmastat);
|
||||
+
|
||||
+ if (verbose) {
|
||||
|
||||
- if (verbose) {
|
||||
+ uint64_t total = 0;
|
||||
+ uint64_t transferred = 0;
|
||||
+ uint64_t zero_bytes = 0;
|
||||
|
||||
- uint64_t total = 0;
|
||||
- uint64_t transferred = 0;
|
||||
- uint64_t zero_bytes = 0;
|
||||
+ int i;
|
||||
+ for (i = 0; i < 256; i++) {
|
||||
+ if (vmastat.stream_info[i].size) {
|
||||
+ total += vmastat.stream_info[i].size;
|
||||
+ transferred += vmastat.stream_info[i].transferred;
|
||||
+ zero_bytes += vmastat.stream_info[i].zero_bytes;
|
||||
+ }
|
||||
+ }
|
||||
+ percent = (transferred*100)/total;
|
||||
+ if (percent != last_percent) {
|
||||
+ fprintf(stderr, "progress %d%% %zd/%zd %zd\n", percent,
|
||||
+ transferred, total, zero_bytes);
|
||||
+ fflush(stderr);
|
||||
|
||||
- int i;
|
||||
- for (i = 0; i < 256; i++) {
|
||||
- if (vmastat.stream_info[i].size) {
|
||||
- total += vmastat.stream_info[i].size;
|
||||
- transferred += vmastat.stream_info[i].transferred;
|
||||
- zero_bytes += vmastat.stream_info[i].zero_bytes;
|
||||
+ last_percent = percent;
|
||||
}
|
||||
}
|
||||
- percent = (transferred*100)/total;
|
||||
- if (percent != last_percent) {
|
||||
- fprintf(stderr, "progress %d%% %zd/%zd %zd\n", percent,
|
||||
- transferred, total, zero_bytes);
|
||||
- fflush(stderr);
|
||||
|
||||
- last_percent = percent;
|
||||
+ if (vmastat.closed) {
|
||||
+ break;
|
||||
}
|
||||
}
|
||||
-
|
||||
- if (vmastat.closed) {
|
||||
- break;
|
||||
- }
|
||||
} else {
|
||||
Coroutine *co = qemu_coroutine_create(backup_run_empty, vmaw);
|
||||
qemu_coroutine_enter(co);
|
||||
diff --git a/vma.h b/vma.h
|
||||
index 98377e4..365ceb2 100644
|
||||
--- a/vma.h
|
||||
+++ b/vma.h
|
||||
@@ -128,6 +128,7 @@ int64_t coroutine_fn vma_writer_write(VmaWriter *vmaw, uint8_t dev_id,
|
||||
size_t *zero_bytes);
|
||||
|
||||
int coroutine_fn vma_writer_close_stream(VmaWriter *vmaw, uint8_t dev_id);
|
||||
+int coroutine_fn vma_writer_flush_output(VmaWriter *vmaw);
|
||||
|
||||
int vma_writer_get_status(VmaWriter *vmaw, VmaStatus *status);
|
||||
void vma_writer_set_error(VmaWriter *vmaw, const char *fmt, ...);
|
||||
--
|
||||
2.1.4
|
||||
|
126
debian/patches/pve/0024-qmp-add-get_link_status.patch
vendored
Normal file
126
debian/patches/pve/0024-qmp-add-get_link_status.patch
vendored
Normal file
@ -0,0 +1,126 @@
|
||||
From e933992419bd8da2689a527ae95000891e687a2d Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 16:34:41 +0100
|
||||
Subject: [PATCH 24/47] qmp: add get_link_status
|
||||
|
||||
---
|
||||
net/net.c | 27 +++++++++++++++++++++++++++
|
||||
qapi-schema.json | 15 +++++++++++++++
|
||||
qmp-commands.hx | 23 +++++++++++++++++++++++
|
||||
scripts/qapi.py | 2 ++
|
||||
4 files changed, 67 insertions(+)
|
||||
|
||||
diff --git a/net/net.c b/net/net.c
|
||||
index 19b4d9e..5f890b7 100644
|
||||
--- a/net/net.c
|
||||
+++ b/net/net.c
|
||||
@@ -1362,6 +1362,33 @@ void hmp_info_network(Monitor *mon, const QDict *qdict)
|
||||
}
|
||||
}
|
||||
|
||||
+int64_t qmp_get_link_status(const char *name, Error **errp)
|
||||
+{
|
||||
+ NetClientState *ncs[MAX_QUEUE_NUM];
|
||||
+ NetClientState *nc;
|
||||
+ int queues;
|
||||
+ bool ret;
|
||||
+
|
||||
+ queues = qemu_find_net_clients_except(name, ncs,
|
||||
+ NET_CLIENT_DRIVER__MAX,
|
||||
+ MAX_QUEUE_NUM);
|
||||
+
|
||||
+ if (queues == 0) {
|
||||
+ error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
|
||||
+ "Device '%s' not found", name);
|
||||
+ return (int64_t) -1;
|
||||
+ }
|
||||
+
|
||||
+ nc = ncs[0];
|
||||
+ ret = ncs[0]->link_down;
|
||||
+
|
||||
+ if (nc->peer->info->type == NET_CLIENT_DRIVER_NIC) {
|
||||
+ ret = ncs[0]->peer->link_down;
|
||||
+ }
|
||||
+
|
||||
+ return (int64_t) ret ? 0 : 1;
|
||||
+}
|
||||
+
|
||||
void qmp_set_link(const char *name, bool up, Error **errp)
|
||||
{
|
||||
NetClientState *ncs[MAX_QUEUE_NUM];
|
||||
diff --git a/qapi-schema.json b/qapi-schema.json
|
||||
index 0c0faf7..d75e932 100644
|
||||
--- a/qapi-schema.json
|
||||
+++ b/qapi-schema.json
|
||||
@@ -1786,6 +1786,21 @@
|
||||
{ 'command': 'set_link', 'data': {'name': 'str', 'up': 'bool'} }
|
||||
|
||||
##
|
||||
+# @get_link_status
|
||||
+#
|
||||
+# Get the current link state of the nics or nic.
|
||||
+#
|
||||
+# @name: name of the nic you get the state of
|
||||
+#
|
||||
+# Return: If link is up 1
|
||||
+# If link is down 0
|
||||
+# If an error occure an empty string.
|
||||
+#
|
||||
+# Notes: this is an Proxmox VE extension and not offical part of Qemu.
|
||||
+##
|
||||
+{ 'command': 'get_link_status', 'data': {'name': 'str'}, 'returns': 'int'}
|
||||
+
|
||||
+##
|
||||
# @balloon:
|
||||
#
|
||||
# Request the balloon driver to change its balloon size.
|
||||
diff --git a/qmp-commands.hx b/qmp-commands.hx
|
||||
index 6342cd2..a84932a 100644
|
||||
--- a/qmp-commands.hx
|
||||
+++ b/qmp-commands.hx
|
||||
@@ -1883,6 +1883,29 @@ Example:
|
||||
EQMP
|
||||
|
||||
{
|
||||
+ .name = "get_link_status",
|
||||
+ .args_type = "name:s",
|
||||
+ .mhandler.cmd_new = qmp_marshal_get_link_status,
|
||||
+ },
|
||||
+
|
||||
+SQMP
|
||||
+get_link_status
|
||||
+--------
|
||||
+
|
||||
+Get the link status of a network adapter.
|
||||
+
|
||||
+Arguments:
|
||||
+
|
||||
+- "name": network device name (json-string)
|
||||
+
|
||||
+Example:
|
||||
+
|
||||
+-> { "execute": "get_link_status", "arguments": { "name": "e1000.0" } }
|
||||
+<- { "return": {1} }
|
||||
+
|
||||
+EQMP
|
||||
+
|
||||
+ {
|
||||
.name = "getfd",
|
||||
.args_type = "fdname:s",
|
||||
.params = "getfd name",
|
||||
diff --git a/scripts/qapi.py b/scripts/qapi.py
|
||||
index 21bc32f..f900659 100644
|
||||
--- a/scripts/qapi.py
|
||||
+++ b/scripts/qapi.py
|
||||
@@ -39,6 +39,8 @@ builtin_types = {
|
||||
|
||||
# Whitelist of commands allowed to return a non-dictionary
|
||||
returns_whitelist = [
|
||||
+ 'get_link_status',
|
||||
+
|
||||
# From QMP:
|
||||
'human-monitor-command',
|
||||
'qom-get',
|
||||
--
|
||||
2.1.4
|
||||
|
26
debian/patches/pve/0025-smm_available-false.patch
vendored
Normal file
26
debian/patches/pve/0025-smm_available-false.patch
vendored
Normal file
@ -0,0 +1,26 @@
|
||||
From e1682387e4bed2357e1030933481ab63f648249b Mon Sep 17 00:00:00 2001
|
||||
From: Alexandre Derumier <aderumier@odiso.com>
|
||||
Date: Tue, 29 Sep 2015 15:37:44 +0200
|
||||
Subject: [PATCH 25/47] smm_available = false
|
||||
|
||||
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
|
||||
---
|
||||
hw/i386/pc.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
|
||||
index ba8a5a1..9c206fc 100644
|
||||
--- a/hw/i386/pc.c
|
||||
+++ b/hw/i386/pc.c
|
||||
@@ -2084,7 +2084,7 @@ bool pc_machine_is_smm_enabled(PCMachineState *pcms)
|
||||
if (tcg_enabled() || qtest_enabled()) {
|
||||
smm_available = true;
|
||||
} else if (kvm_enabled()) {
|
||||
- smm_available = kvm_has_smm();
|
||||
+ smm_available = false;
|
||||
}
|
||||
|
||||
if (smm_available) {
|
||||
--
|
||||
2.1.4
|
||||
|
27
debian/patches/pve/0026-use-whitespace-between-VERSION-and-PKGVERSION.patch
vendored
Normal file
27
debian/patches/pve/0026-use-whitespace-between-VERSION-and-PKGVERSION.patch
vendored
Normal file
@ -0,0 +1,27 @@
|
||||
From 017016151cb8f9a364f0b0006603772620966d5a Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 16:50:05 +0100
|
||||
Subject: [PATCH 26/47] use whitespace between VERSION and PKGVERSION
|
||||
|
||||
Our kvm version parser expects a white space or comma after
|
||||
the version string, see PVE::QemuServer::kvm_user_version()
|
||||
---
|
||||
vl.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/vl.c b/vl.c
|
||||
index c01b1b5..0b5a721 100644
|
||||
--- a/vl.c
|
||||
+++ b/vl.c
|
||||
@@ -1920,7 +1920,7 @@ static void main_loop(void)
|
||||
|
||||
static void version(void)
|
||||
{
|
||||
- printf("QEMU emulator version " QEMU_VERSION QEMU_PKGVERSION ", "
|
||||
+ printf("QEMU emulator version " QEMU_VERSION " " QEMU_PKGVERSION ", "
|
||||
QEMU_COPYRIGHT "\n");
|
||||
}
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
158
debian/patches/pve/0027-vma-add-firewall.patch
vendored
Normal file
158
debian/patches/pve/0027-vma-add-firewall.patch
vendored
Normal file
@ -0,0 +1,158 @@
|
||||
From 3400a70a51015f119c12d3600943baae97aabb0f Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 9 Dec 2015 16:51:23 +0100
|
||||
Subject: [PATCH 27/47] vma: add firewall
|
||||
|
||||
---
|
||||
blockdev.c | 78 ++++++++++++++++++++++++++++++++++----------------------
|
||||
hmp.c | 2 +-
|
||||
qapi-schema.json | 1 +
|
||||
qmp-commands.hx | 2 +-
|
||||
4 files changed, 51 insertions(+), 32 deletions(-)
|
||||
|
||||
diff --git a/blockdev.c b/blockdev.c
|
||||
index 2371cf3..bbb1502 100644
|
||||
--- a/blockdev.c
|
||||
+++ b/blockdev.c
|
||||
@@ -3157,6 +3157,44 @@ void qmp_backup_cancel(Error **errp)
|
||||
}
|
||||
}
|
||||
|
||||
+static int config_to_vma(const char *file, BackupFormat format,
|
||||
+ const char *backup_dir, VmaWriter *vmaw,
|
||||
+ Error **errp)
|
||||
+{
|
||||
+ char *cdata = NULL;
|
||||
+ gsize clen = 0;
|
||||
+ GError *err = NULL;
|
||||
+ if (!g_file_get_contents(file, &cdata, &clen, &err)) {
|
||||
+ error_setg(errp, "unable to read file '%s'", file);
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ char *basename = g_path_get_basename(file);
|
||||
+
|
||||
+ if (format == BACKUP_FORMAT_VMA) {
|
||||
+ if (vma_writer_add_config(vmaw, basename, cdata, clen) != 0) {
|
||||
+ error_setg(errp, "unable to add %s config data to vma archive", file);
|
||||
+ g_free(cdata);
|
||||
+ g_free(basename);
|
||||
+ return 1;
|
||||
+ }
|
||||
+ } else if (format == BACKUP_FORMAT_DIR) {
|
||||
+ char config_path[PATH_MAX];
|
||||
+ snprintf(config_path, PATH_MAX, "%s/%s", backup_dir, basename);
|
||||
+ if (!g_file_set_contents(config_path, cdata, clen, &err)) {
|
||||
+ error_setg(errp, "unable to write config file '%s'", config_path);
|
||||
+ g_free(cdata);
|
||||
+ g_free(basename);
|
||||
+ return 1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ g_free(basename);
|
||||
+ g_free(cdata);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
bool block_job_should_pause(BlockJob *job);
|
||||
static void pvebackup_run_next_job(void)
|
||||
{
|
||||
@@ -3184,6 +3222,7 @@ static void pvebackup_run_next_job(void)
|
||||
UuidInfo *qmp_backup(const char *backup_file, bool has_format,
|
||||
BackupFormat format,
|
||||
bool has_config_file, const char *config_file,
|
||||
+ bool has_firewall_file, const char *firewall_file,
|
||||
bool has_devlist, const char *devlist,
|
||||
bool has_speed, int64_t speed, Error **errp)
|
||||
{
|
||||
@@ -3335,38 +3374,17 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
|
||||
|
||||
/* add configuration file to archive */
|
||||
if (has_config_file) {
|
||||
- char *cdata = NULL;
|
||||
- gsize clen = 0;
|
||||
- GError *err = NULL;
|
||||
- if (!g_file_get_contents(config_file, &cdata, &clen, &err)) {
|
||||
- error_setg(errp, "unable to read file '%s'", config_file);
|
||||
- goto err;
|
||||
- }
|
||||
-
|
||||
- char *basename = g_path_get_basename(config_file);
|
||||
-
|
||||
- if (format == BACKUP_FORMAT_VMA) {
|
||||
- if (vma_writer_add_config(vmaw, basename, cdata, clen) != 0) {
|
||||
- error_setg(errp, "unable to add config data to vma archive");
|
||||
- g_free(cdata);
|
||||
- g_free(basename);
|
||||
- goto err;
|
||||
- }
|
||||
- } else if (format == BACKUP_FORMAT_DIR) {
|
||||
- char config_path[PATH_MAX];
|
||||
- snprintf(config_path, PATH_MAX, "%s/%s", backup_dir, basename);
|
||||
- if (!g_file_set_contents(config_path, cdata, clen, &err)) {
|
||||
- error_setg(errp, "unable to write config file '%s'", config_path);
|
||||
- g_free(cdata);
|
||||
- g_free(basename);
|
||||
- goto err;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- g_free(basename);
|
||||
- g_free(cdata);
|
||||
+ if(config_to_vma(config_file, format, backup_dir, vmaw, errp) != 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
}
|
||||
|
||||
+ /* add firewall file to archive */
|
||||
+ if (has_firewall_file) {
|
||||
+ if(config_to_vma(firewall_file, format, backup_dir, vmaw, errp) != 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
/* initialize global backup_state now */
|
||||
|
||||
backup_state.cancel = false;
|
||||
diff --git a/hmp.c b/hmp.c
|
||||
index 030fd97..5c5e8ed 100644
|
||||
--- a/hmp.c
|
||||
+++ b/hmp.c
|
||||
@@ -1550,7 +1550,7 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
|
||||
int64_t speed = qdict_get_try_int(qdict, "speed", 0);
|
||||
|
||||
qmp_backup(backup_file, true, dir ? BACKUP_FORMAT_DIR : BACKUP_FORMAT_VMA,
|
||||
- false, NULL, !!devlist,
|
||||
+ false, NULL, false, NULL, !!devlist,
|
||||
devlist, qdict_haskey(qdict, "speed"), speed, &error);
|
||||
|
||||
hmp_handle_error(mon, &error);
|
||||
diff --git a/qapi-schema.json b/qapi-schema.json
|
||||
index d75e932..7bb0ee0 100644
|
||||
--- a/qapi-schema.json
|
||||
+++ b/qapi-schema.json
|
||||
@@ -420,6 +420,7 @@
|
||||
{ 'command': 'backup', 'data': { 'backup-file': 'str',
|
||||
'*format': 'BackupFormat',
|
||||
'*config-file': 'str',
|
||||
+ '*firewall-file': 'str',
|
||||
'*devlist': 'str', '*speed': 'int' },
|
||||
'returns': 'UuidInfo' }
|
||||
|
||||
diff --git a/qmp-commands.hx b/qmp-commands.hx
|
||||
index a84932a..94cfac2 100644
|
||||
--- a/qmp-commands.hx
|
||||
+++ b/qmp-commands.hx
|
||||
@@ -1315,7 +1315,7 @@ EQMP
|
||||
|
||||
{
|
||||
.name = "backup",
|
||||
- .args_type = "backup-file:s,format:s?,config-file:F?,speed:o?,devlist:s?",
|
||||
+ .args_type = "backup-file:s,format:s?,config-file:F?,firewall-file:F?,speed:o?,devlist:s?",
|
||||
.mhandler.cmd_new = qmp_marshal_backup,
|
||||
},
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
101
debian/patches/pve/0028-savevm-async-migration-and-bdrv_open-update.patch
vendored
Normal file
101
debian/patches/pve/0028-savevm-async-migration-and-bdrv_open-update.patch
vendored
Normal file
@ -0,0 +1,101 @@
|
||||
From d5ef7dd4d2b53e4868289dca3770724cb9597ec5 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Thu, 10 Dec 2015 15:14:00 +0100
|
||||
Subject: [PATCH 28/47] savevm-async: migration and bdrv_open update
|
||||
|
||||
---
|
||||
savevm-async.c | 25 ++++++++++++-------------
|
||||
1 file changed, 12 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/savevm-async.c b/savevm-async.c
|
||||
index ae7ea84..7979435 100644
|
||||
--- a/savevm-async.c
|
||||
+++ b/savevm-async.c
|
||||
@@ -154,10 +154,10 @@ static int block_state_close(void *opaque)
|
||||
return bdrv_flush(snap_state.bs);
|
||||
}
|
||||
|
||||
-static int block_state_put_buffer(void *opaque, const uint8_t *buf,
|
||||
- int64_t pos, int size)
|
||||
+static ssize_t block_state_put_buffer(void *opaque, const uint8_t *buf,
|
||||
+ int64_t pos, size_t size)
|
||||
{
|
||||
- int ret;
|
||||
+ ssize_t ret;
|
||||
|
||||
assert(pos == snap_state.bs_pos);
|
||||
|
||||
@@ -201,12 +201,13 @@ static void process_savevm_co(void *opaque)
|
||||
}
|
||||
|
||||
while (snap_state.state == SAVE_STATE_ACTIVE) {
|
||||
- uint64_t pending_size;
|
||||
+ uint64_t pending_size, pend_post, pend_nonpost;
|
||||
|
||||
- pending_size = qemu_savevm_state_pending(snap_state.file, 0);
|
||||
+ qemu_savevm_state_pending(snap_state.file, 0, &pend_nonpost, &pend_post);
|
||||
+ pending_size = pend_post + pend_nonpost;
|
||||
|
||||
if (pending_size) {
|
||||
- ret = qemu_savevm_state_iterate(snap_state.file);
|
||||
+ ret = qemu_savevm_state_iterate(snap_state.file, false);
|
||||
if (ret < 0) {
|
||||
save_snapshot_error("qemu_savevm_state_iterate error %d", ret);
|
||||
break;
|
||||
@@ -217,7 +218,7 @@ static void process_savevm_co(void *opaque)
|
||||
if (store_and_stop())
|
||||
break;
|
||||
DPRINTF("savevm inerate finished\n");
|
||||
- qemu_savevm_state_complete_precopy(snap_state.file);
|
||||
+ qemu_savevm_state_complete_precopy(snap_state.file, false);
|
||||
DPRINTF("save complete\n");
|
||||
save_snapshot_completed();
|
||||
break;
|
||||
@@ -250,7 +251,6 @@ static const QEMUFileOps block_file_ops = {
|
||||
|
||||
void qmp_savevm_start(bool has_statefile, const char *statefile, Error **errp)
|
||||
{
|
||||
- BlockDriver *drv = NULL;
|
||||
Error *local_err = NULL;
|
||||
|
||||
int bdrv_oflags = BDRV_O_RDWR;
|
||||
@@ -289,7 +289,7 @@ void qmp_savevm_start(bool has_statefile, const char *statefile, Error **errp)
|
||||
QDict *options = NULL;
|
||||
options = qdict_new();
|
||||
qdict_put(options, "driver", qstring_from_str("raw"));
|
||||
- ret = bdrv_open(&snap_state.bs, statefile, NULL, options, bdrv_oflags, drv, &local_err);
|
||||
+ ret = bdrv_open(&snap_state.bs, statefile, NULL, options, bdrv_oflags, &local_err);
|
||||
if (ret < 0) {
|
||||
error_set(errp, ERROR_CLASS_GENERIC_ERROR, "failed to open '%s'", statefile);
|
||||
goto restart;
|
||||
@@ -454,8 +454,8 @@ void qmp_delete_drive_snapshot(const char *device, const char *name,
|
||||
}
|
||||
}
|
||||
|
||||
-static int loadstate_get_buffer(void *opaque, uint8_t *buf, int64_t pos,
|
||||
- int size)
|
||||
+static ssize_t loadstate_get_buffer(void *opaque, uint8_t *buf, int64_t pos,
|
||||
+ size_t size)
|
||||
{
|
||||
BlockDriverState *bs = (BlockDriverState *)opaque;
|
||||
int64_t maxlen = bdrv_getlength(bs);
|
||||
@@ -478,7 +478,6 @@ static const QEMUFileOps loadstate_file_ops = {
|
||||
int load_state_from_blockdev(const char *filename)
|
||||
{
|
||||
BlockDriverState *bs = NULL;
|
||||
- BlockDriver *drv = NULL;
|
||||
Error *local_err = NULL;
|
||||
Error *blocker = NULL;
|
||||
|
||||
@@ -486,7 +485,7 @@ int load_state_from_blockdev(const char *filename)
|
||||
int ret;
|
||||
|
||||
bs = bdrv_new();
|
||||
- ret = bdrv_open(&bs, filename, NULL, NULL, 0, drv, &local_err);
|
||||
+ ret = bdrv_open(&bs, filename, NULL, NULL, 0, &local_err);
|
||||
error_setg(&blocker, "block device is in use by load state");
|
||||
bdrv_op_block_all(bs, blocker);
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
28
debian/patches/pve/0029-vnc-make-x509-imply-tls-again.patch
vendored
Normal file
28
debian/patches/pve/0029-vnc-make-x509-imply-tls-again.patch
vendored
Normal file
@ -0,0 +1,28 @@
|
||||
From d42052d75321a1af75b039f8e31127b98485ec93 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Tue, 12 Jan 2016 09:09:49 +0100
|
||||
Subject: [PATCH 29/47] vnc: make x509 imply tls again
|
||||
|
||||
---
|
||||
ui/vnc.c | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/ui/vnc.c b/ui/vnc.c
|
||||
index b9f36b5..acbe3bd 100644
|
||||
--- a/ui/vnc.c
|
||||
+++ b/ui/vnc.c
|
||||
@@ -3729,9 +3729,8 @@ void vnc_display_open(const char *id, Error **errp)
|
||||
const char *path;
|
||||
bool tls = false, x509 = false, x509verify = false;
|
||||
tls = qemu_opt_get_bool(opts, "tls", false);
|
||||
- if (tls) {
|
||||
- path = qemu_opt_get(opts, "x509");
|
||||
-
|
||||
+ path = qemu_opt_get(opts, "x509");
|
||||
+ if (tls || path) {
|
||||
if (path) {
|
||||
x509 = true;
|
||||
} else {
|
||||
--
|
||||
2.1.4
|
||||
|
683
debian/patches/pve/0030-PVE-VNC-authentication.patch
vendored
Normal file
683
debian/patches/pve/0030-PVE-VNC-authentication.patch
vendored
Normal file
@ -0,0 +1,683 @@
|
||||
From 51dd4df80640e1671de73c014c6273b154df920a Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Mon, 11 Jan 2016 10:40:31 +0100
|
||||
Subject: [PATCH 30/47] PVE VNC authentication
|
||||
|
||||
---
|
||||
crypto/tlscreds.c | 47 +++++++++++
|
||||
crypto/tlscredspriv.h | 2 +
|
||||
crypto/tlscredsx509.c | 13 ++--
|
||||
crypto/tlssession.c | 1 +
|
||||
include/crypto/tlscreds.h | 1 +
|
||||
include/ui/console.h | 1 +
|
||||
qemu-options.hx | 3 +
|
||||
ui/vnc-auth-vencrypt.c | 194 ++++++++++++++++++++++++++++++++++++++--------
|
||||
ui/vnc.c | 140 ++++++++++++++++++++++++++++++++-
|
||||
ui/vnc.h | 4 +
|
||||
vl.c | 9 +++
|
||||
11 files changed, 375 insertions(+), 40 deletions(-)
|
||||
|
||||
diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c
|
||||
index a896553..e9ae13c 100644
|
||||
--- a/crypto/tlscreds.c
|
||||
+++ b/crypto/tlscreds.c
|
||||
@@ -158,6 +158,33 @@ qcrypto_tls_creds_prop_get_verify(Object *obj,
|
||||
|
||||
|
||||
static void
|
||||
+qcrypto_tls_creds_prop_set_pve(Object *obj,
|
||||
+ bool value,
|
||||
+ Error **errp G_GNUC_UNUSED)
|
||||
+{
|
||||
+ QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
||||
+
|
||||
+ creds->pve = value;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static bool
|
||||
+qcrypto_tls_creds_prop_get_pve(Object *obj,
|
||||
+ Error **errp G_GNUC_UNUSED)
|
||||
+{
|
||||
+ QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
||||
+
|
||||
+ return creds->pve;
|
||||
+}
|
||||
+
|
||||
+bool qcrypto_tls_creds_is_pve(QCryptoTLSCreds *creds)
|
||||
+{
|
||||
+ Error *errp = NULL;
|
||||
+ return qcrypto_tls_creds_prop_get_pve((Object*)creds, &errp);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static void
|
||||
qcrypto_tls_creds_prop_set_dir(Object *obj,
|
||||
const char *value,
|
||||
Error **errp G_GNUC_UNUSED)
|
||||
@@ -250,6 +277,26 @@ qcrypto_tls_creds_init(Object *obj)
|
||||
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
|
||||
|
||||
creds->verifyPeer = true;
|
||||
+ creds->pve = false;
|
||||
+
|
||||
+ object_property_add_bool(obj, "verify-peer",
|
||||
+ qcrypto_tls_creds_prop_get_verify,
|
||||
+ qcrypto_tls_creds_prop_set_verify,
|
||||
+ NULL);
|
||||
+ object_property_add_bool(obj, "pve",
|
||||
+ qcrypto_tls_creds_prop_get_pve,
|
||||
+ qcrypto_tls_creds_prop_set_pve,
|
||||
+ NULL);
|
||||
+ object_property_add_str(obj, "dir",
|
||||
+ qcrypto_tls_creds_prop_get_dir,
|
||||
+ qcrypto_tls_creds_prop_set_dir,
|
||||
+ NULL);
|
||||
+ object_property_add_enum(obj, "endpoint",
|
||||
+ "QCryptoTLSCredsEndpoint",
|
||||
+ QCryptoTLSCredsEndpoint_lookup,
|
||||
+ qcrypto_tls_creds_prop_get_endpoint,
|
||||
+ qcrypto_tls_creds_prop_set_endpoint,
|
||||
+ NULL);
|
||||
}
|
||||
|
||||
|
||||
diff --git a/crypto/tlscredspriv.h b/crypto/tlscredspriv.h
|
||||
index 13e9b6c..0356acc 100644
|
||||
--- a/crypto/tlscredspriv.h
|
||||
+++ b/crypto/tlscredspriv.h
|
||||
@@ -36,6 +36,8 @@ int qcrypto_tls_creds_get_dh_params_file(QCryptoTLSCreds *creds,
|
||||
gnutls_dh_params_t *dh_params,
|
||||
Error **errp);
|
||||
|
||||
+bool qcrypto_tls_creds_is_pve(QCryptoTLSCreds *creds);
|
||||
+
|
||||
#endif
|
||||
|
||||
#endif /* QCRYPTO_TLSCREDSPRIV_H */
|
||||
diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c
|
||||
index 520d34d..1ba971c 100644
|
||||
--- a/crypto/tlscredsx509.c
|
||||
+++ b/crypto/tlscredsx509.c
|
||||
@@ -555,22 +555,23 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds,
|
||||
*key = NULL, *dhparams = NULL;
|
||||
int ret;
|
||||
int rv = -1;
|
||||
+ bool pve = qcrypto_tls_creds_is_pve(&creds->parent_obj);
|
||||
|
||||
trace_qcrypto_tls_creds_x509_load(creds,
|
||||
creds->parent_obj.dir ? creds->parent_obj.dir : "<nodir>");
|
||||
|
||||
if (creds->parent_obj.endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
|
||||
if (qcrypto_tls_creds_get_path(&creds->parent_obj,
|
||||
- QCRYPTO_TLS_CREDS_X509_CA_CERT,
|
||||
+ pve ? "pve-root-ca.pem" : QCRYPTO_TLS_CREDS_X509_CA_CERT,
|
||||
true, &cacert, errp) < 0 ||
|
||||
qcrypto_tls_creds_get_path(&creds->parent_obj,
|
||||
QCRYPTO_TLS_CREDS_X509_CA_CRL,
|
||||
false, &cacrl, errp) < 0 ||
|
||||
qcrypto_tls_creds_get_path(&creds->parent_obj,
|
||||
- QCRYPTO_TLS_CREDS_X509_SERVER_CERT,
|
||||
+ pve ? "local/pve-ssl.pem" : QCRYPTO_TLS_CREDS_X509_SERVER_CERT,
|
||||
true, &cert, errp) < 0 ||
|
||||
qcrypto_tls_creds_get_path(&creds->parent_obj,
|
||||
- QCRYPTO_TLS_CREDS_X509_SERVER_KEY,
|
||||
+ pve ? "local/pve-ssl.key" : QCRYPTO_TLS_CREDS_X509_SERVER_KEY,
|
||||
true, &key, errp) < 0 ||
|
||||
qcrypto_tls_creds_get_path(&creds->parent_obj,
|
||||
QCRYPTO_TLS_CREDS_DH_PARAMS,
|
||||
@@ -579,13 +580,13 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds,
|
||||
}
|
||||
} else {
|
||||
if (qcrypto_tls_creds_get_path(&creds->parent_obj,
|
||||
- QCRYPTO_TLS_CREDS_X509_CA_CERT,
|
||||
+ pve ? "pve-root-ca.pem" : QCRYPTO_TLS_CREDS_X509_CA_CERT,
|
||||
true, &cacert, errp) < 0 ||
|
||||
qcrypto_tls_creds_get_path(&creds->parent_obj,
|
||||
- QCRYPTO_TLS_CREDS_X509_CLIENT_CERT,
|
||||
+ pve ? "local/pve-ssl.pem" : QCRYPTO_TLS_CREDS_X509_CLIENT_CERT,
|
||||
false, &cert, errp) < 0 ||
|
||||
qcrypto_tls_creds_get_path(&creds->parent_obj,
|
||||
- QCRYPTO_TLS_CREDS_X509_CLIENT_KEY,
|
||||
+ pve ? "local/pve-ssl.key" : QCRYPTO_TLS_CREDS_X509_CLIENT_KEY,
|
||||
false, &key, errp) < 0) {
|
||||
goto cleanup;
|
||||
}
|
||||
diff --git a/crypto/tlssession.c b/crypto/tlssession.c
|
||||
index 2de42c6..768466a 100644
|
||||
--- a/crypto/tlssession.c
|
||||
+++ b/crypto/tlssession.c
|
||||
@@ -23,6 +23,7 @@
|
||||
#include "crypto/tlscredsanon.h"
|
||||
#include "crypto/tlscredsx509.h"
|
||||
#include "qapi/error.h"
|
||||
+#include "crypto/tlscredspriv.h"
|
||||
#include "qemu/acl.h"
|
||||
#include "trace.h"
|
||||
|
||||
diff --git a/include/crypto/tlscreds.h b/include/crypto/tlscreds.h
|
||||
index ad47d88..f86d379 100644
|
||||
--- a/include/crypto/tlscreds.h
|
||||
+++ b/include/crypto/tlscreds.h
|
||||
@@ -55,6 +55,7 @@ struct QCryptoTLSCreds {
|
||||
#endif
|
||||
bool verifyPeer;
|
||||
char *priority;
|
||||
+ bool pve;
|
||||
};
|
||||
|
||||
|
||||
diff --git a/include/ui/console.h b/include/ui/console.h
|
||||
index 2703a3a..db6dd22 100644
|
||||
--- a/include/ui/console.h
|
||||
+++ b/include/ui/console.h
|
||||
@@ -456,6 +456,7 @@ static inline void cocoa_display_init(DisplayState *ds, int full_screen)
|
||||
#endif
|
||||
|
||||
/* vnc.c */
|
||||
+void pve_auth_setup(int vmid);
|
||||
void vnc_display_init(const char *id);
|
||||
void vnc_display_open(const char *id, Error **errp);
|
||||
void vnc_display_add_client(const char *id, int csock, bool skipauth);
|
||||
diff --git a/qemu-options.hx b/qemu-options.hx
|
||||
index 37fad3b..f943ae6 100644
|
||||
--- a/qemu-options.hx
|
||||
+++ b/qemu-options.hx
|
||||
@@ -473,6 +473,9 @@ STEXI
|
||||
@table @option
|
||||
ETEXI
|
||||
|
||||
+DEF("id", HAS_ARG, QEMU_OPTION_id,
|
||||
+ "-id n set the VMID\n", QEMU_ARCH_ALL)
|
||||
+
|
||||
DEF("fda", HAS_ARG, QEMU_OPTION_fda,
|
||||
"-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL)
|
||||
DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL)
|
||||
diff --git a/ui/vnc-auth-vencrypt.c b/ui/vnc-auth-vencrypt.c
|
||||
index 11c8c9a..d11f1df 100644
|
||||
--- a/ui/vnc-auth-vencrypt.c
|
||||
+++ b/ui/vnc-auth-vencrypt.c
|
||||
@@ -28,6 +28,107 @@
|
||||
#include "vnc.h"
|
||||
#include "qapi/error.h"
|
||||
#include "qemu/main-loop.h"
|
||||
+#include "qemu/sockets.h"
|
||||
+
|
||||
+static int protocol_client_auth_plain(VncState *vs, uint8_t *data, size_t len)
|
||||
+{
|
||||
+ const char *err = NULL;
|
||||
+ char username[256];
|
||||
+ char passwd[512];
|
||||
+
|
||||
+ char clientip[256];
|
||||
+ clientip[0] = 0;
|
||||
+ struct sockaddr_in client;
|
||||
+ socklen_t addrlen = sizeof(client);
|
||||
+ if (getpeername(vs->csock, &client, &addrlen) == 0) {
|
||||
+ inet_ntop(client.sin_family, &client.sin_addr,
|
||||
+ clientip, sizeof(clientip));
|
||||
+ }
|
||||
+
|
||||
+ if ((len != (vs->username_len + vs->password_len)) ||
|
||||
+ (vs->username_len >= (sizeof(username)-1)) ||
|
||||
+ (vs->password_len >= (sizeof(passwd)-1)) ) {
|
||||
+ err = "Got unexpected data length";
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ strncpy(username, (char *)data, vs->username_len);
|
||||
+ username[vs->username_len] = 0;
|
||||
+ strncpy(passwd, (char *)data + vs->username_len, vs->password_len);
|
||||
+ passwd[vs->password_len] = 0;
|
||||
+
|
||||
+ VNC_DEBUG("AUTH PLAIN username: %s pw: %s\n", username, passwd);
|
||||
+
|
||||
+ if (pve_auth_verify(clientip, username, passwd) == 0) {
|
||||
+ vnc_write_u32(vs, 0); /* Accept auth completion */
|
||||
+ start_client_init(vs);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ err = "Authentication failed";
|
||||
+err:
|
||||
+ if (err) {
|
||||
+ VNC_DEBUG("AUTH PLAIN ERROR: %s\n", err);
|
||||
+ vnc_write_u32(vs, 1); /* Reject auth */
|
||||
+ if (vs->minor >= 8) {
|
||||
+ int elen = strlen(err);
|
||||
+ vnc_write_u32(vs, elen);
|
||||
+ vnc_write(vs, err, elen);
|
||||
+ }
|
||||
+ }
|
||||
+ vnc_flush(vs);
|
||||
+ vnc_client_error(vs);
|
||||
+
|
||||
+ return 0;
|
||||
+
|
||||
+}
|
||||
+
|
||||
+static int protocol_client_auth_plain_start(VncState *vs, uint8_t *data, size_t len)
|
||||
+{
|
||||
+ uint32_t ulen = read_u32(data, 0);
|
||||
+ uint32_t pwlen = read_u32(data, 4);
|
||||
+ const char *err = NULL;
|
||||
+
|
||||
+ VNC_DEBUG("AUTH PLAIN START %u %u\n", ulen, pwlen);
|
||||
+
|
||||
+ if (!ulen) {
|
||||
+ err = "No User name.";
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (ulen >= 255) {
|
||||
+ err = "User name too long.";
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (!pwlen) {
|
||||
+ err = "Password too short";
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (pwlen >= 511) {
|
||||
+ err = "Password too long.";
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ vs->username_len = ulen;
|
||||
+ vs->password_len = pwlen;
|
||||
+
|
||||
+ vnc_read_when(vs, protocol_client_auth_plain, ulen + pwlen);
|
||||
+
|
||||
+ return 0;
|
||||
+err:
|
||||
+ if (err) {
|
||||
+ VNC_DEBUG("AUTH PLAIN ERROR: %s\n", err);
|
||||
+ vnc_write_u32(vs, 1); /* Reject auth */
|
||||
+ if (vs->minor >= 8) {
|
||||
+ int elen = strlen(err);
|
||||
+ vnc_write_u32(vs, elen);
|
||||
+ vnc_write(vs, err, elen);
|
||||
+ }
|
||||
+ }
|
||||
+ vnc_flush(vs);
|
||||
+ vnc_client_error(vs);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
|
||||
static void start_auth_vencrypt_subauth(VncState *vs)
|
||||
{
|
||||
@@ -39,6 +140,17 @@ static void start_auth_vencrypt_subauth(VncState *vs)
|
||||
start_client_init(vs);
|
||||
break;
|
||||
|
||||
+ case VNC_AUTH_VENCRYPT_TLSPLAIN:
|
||||
+ case VNC_AUTH_VENCRYPT_X509PLAIN:
|
||||
+ VNC_DEBUG("Start TLS auth PLAIN\n");
|
||||
+ vnc_read_when(vs, protocol_client_auth_plain_start, 8);
|
||||
+ break;
|
||||
+
|
||||
+ case VNC_AUTH_VENCRYPT_PLAIN:
|
||||
+ VNC_DEBUG("Start auth PLAIN\n");
|
||||
+ vnc_read_when(vs, protocol_client_auth_plain_start, 8);
|
||||
+ break;
|
||||
+
|
||||
case VNC_AUTH_VENCRYPT_TLSVNC:
|
||||
case VNC_AUTH_VENCRYPT_X509VNC:
|
||||
VNC_DEBUG("Start TLS auth VNC\n");
|
||||
@@ -87,44 +199,63 @@ static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len
|
||||
{
|
||||
int auth = read_u32(data, 0);
|
||||
|
||||
- if (auth != vs->subauth) {
|
||||
+ if (auth != vs->subauth && auth != VNC_AUTH_VENCRYPT_PLAIN) {
|
||||
VNC_DEBUG("Rejecting auth %d\n", auth);
|
||||
vnc_write_u8(vs, 0); /* Reject auth */
|
||||
vnc_flush(vs);
|
||||
vnc_client_error(vs);
|
||||
} else {
|
||||
- Error *err = NULL;
|
||||
- QIOChannelTLS *tls;
|
||||
- VNC_DEBUG("Accepting auth %d, setting up TLS for handshake\n", auth);
|
||||
- vnc_write_u8(vs, 1); /* Accept auth */
|
||||
- vnc_flush(vs);
|
||||
-
|
||||
- if (vs->ioc_tag) {
|
||||
- g_source_remove(vs->ioc_tag);
|
||||
- vs->ioc_tag = 0;
|
||||
+ if (auth == VNC_AUTH_VENCRYPT_PLAIN) {
|
||||
+ vs->subauth = auth;
|
||||
+ start_auth_vencrypt_subauth(vs);
|
||||
}
|
||||
+ else
|
||||
+ {
|
||||
+ Error *err = NULL;
|
||||
+ QIOChannelTLS *tls;
|
||||
+ VNC_DEBUG("Accepting auth %d, setting up TLS for handshake\n", auth);
|
||||
+ vnc_write_u8(vs, 1); /* Accept auth */
|
||||
+ vnc_flush(vs);
|
||||
|
||||
- tls = qio_channel_tls_new_server(
|
||||
- vs->ioc,
|
||||
- vs->vd->tlscreds,
|
||||
- vs->vd->tlsaclname,
|
||||
- &err);
|
||||
- if (!tls) {
|
||||
- VNC_DEBUG("Failed to setup TLS %s\n", error_get_pretty(err));
|
||||
- error_free(err);
|
||||
- vnc_client_error(vs);
|
||||
- return 0;
|
||||
- }
|
||||
+ if (vs->ioc_tag) {
|
||||
+ g_source_remove(vs->ioc_tag);
|
||||
+ vs->ioc_tag = 0;
|
||||
+ }
|
||||
|
||||
- VNC_DEBUG("Start TLS VeNCrypt handshake process\n");
|
||||
- object_unref(OBJECT(vs->ioc));
|
||||
- vs->ioc = QIO_CHANNEL(tls);
|
||||
- vs->tls = qio_channel_tls_get_session(tls);
|
||||
+ tls = qio_channel_tls_new_server(
|
||||
+ vs->ioc,
|
||||
+ vs->vd->tlscreds,
|
||||
+ vs->vd->tlsaclname,
|
||||
+ &err);
|
||||
+ if (!tls) {
|
||||
+ VNC_DEBUG("Failed to setup TLS %s\n", error_get_pretty(err));
|
||||
+ error_free(err);
|
||||
+ vnc_client_error(vs);
|
||||
+ return 0;
|
||||
+ vs->tls = qcrypto_tls_session_new(vs->vd->tlscreds,
|
||||
+ NULL,
|
||||
+ vs->vd->tlsaclname,
|
||||
+ QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
|
||||
+ &err);
|
||||
+ if (!vs->tls) {
|
||||
+ VNC_DEBUG("Failed to setup TLS %s\n",
|
||||
+ error_get_pretty(err));
|
||||
+ error_free(err);
|
||||
+ vnc_client_error(vs);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
- qio_channel_tls_handshake(tls,
|
||||
- vnc_tls_handshake_done,
|
||||
- vs,
|
||||
- NULL);
|
||||
+ VNC_DEBUG("Start TLS VeNCrypt handshake process\n");
|
||||
+ object_unref(OBJECT(vs->ioc));
|
||||
+ vs->ioc = QIO_CHANNEL(tls);
|
||||
+ vs->tls = qio_channel_tls_get_session(tls);
|
||||
+
|
||||
+ qio_channel_tls_handshake(tls,
|
||||
+ vnc_tls_handshake_done,
|
||||
+ vs,
|
||||
+ NULL);
|
||||
+ }
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@@ -138,10 +269,11 @@ static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len
|
||||
vnc_flush(vs);
|
||||
vnc_client_error(vs);
|
||||
} else {
|
||||
- VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
|
||||
+ VNC_DEBUG("Sending allowed auths %d %d\n", vs->subauth, VNC_AUTH_VENCRYPT_PLAIN);
|
||||
vnc_write_u8(vs, 0); /* Accept version */
|
||||
- vnc_write_u8(vs, 1); /* Number of sub-auths */
|
||||
+ vnc_write_u8(vs, 2); /* Number of sub-auths */
|
||||
vnc_write_u32(vs, vs->subauth); /* The supported auth */
|
||||
+ vnc_write_u32(vs, VNC_AUTH_VENCRYPT_PLAIN); /* Alternative supported auth */
|
||||
vnc_flush(vs);
|
||||
vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
|
||||
}
|
||||
diff --git a/ui/vnc.c b/ui/vnc.c
|
||||
index acbe3bd..2a18a20 100644
|
||||
--- a/ui/vnc.c
|
||||
+++ b/ui/vnc.c
|
||||
@@ -55,6 +55,125 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
|
||||
#include "vnc_keysym.h"
|
||||
#include "crypto/cipher.h"
|
||||
|
||||
+static int pve_vmid = 0;
|
||||
+
|
||||
+void pve_auth_setup(int vmid) {
|
||||
+ pve_vmid = vmid;
|
||||
+}
|
||||
+
|
||||
+static char *
|
||||
+urlencode(char *buf, const char *value)
|
||||
+{
|
||||
+ static const char *hexchar = "0123456789abcdef";
|
||||
+ char *p = buf;
|
||||
+ int i;
|
||||
+ int l = strlen(value);
|
||||
+ for (i = 0; i < l; i++) {
|
||||
+ char c = value[i];
|
||||
+ if (('a' <= c && c <= 'z') ||
|
||||
+ ('A' <= c && c <= 'Z') ||
|
||||
+ ('0' <= c && c <= '9')) {
|
||||
+ *p++ = c;
|
||||
+ } else if (c == 32) {
|
||||
+ *p++ = '+';
|
||||
+ } else {
|
||||
+ *p++ = '%';
|
||||
+ *p++ = hexchar[c >> 4];
|
||||
+ *p++ = hexchar[c & 15];
|
||||
+ }
|
||||
+ }
|
||||
+ *p = 0;
|
||||
+
|
||||
+ return p;
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+pve_auth_verify(const char *clientip, const char *username, const char *passwd)
|
||||
+{
|
||||
+ struct sockaddr_in server;
|
||||
+
|
||||
+ int sfd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
+ if (sfd == -1) {
|
||||
+ perror("pve_auth_verify: socket failed");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ struct hostent *he;
|
||||
+ if ((he = gethostbyname("localhost")) == NULL) {
|
||||
+ fprintf(stderr, "pve_auth_verify: error resolving hostname\n");
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ memcpy(&server.sin_addr, he->h_addr_list[0], he->h_length);
|
||||
+ server.sin_family = AF_INET;
|
||||
+ server.sin_port = htons(85);
|
||||
+
|
||||
+ if (connect(sfd, (struct sockaddr *)&server, sizeof(server))) {
|
||||
+ perror("pve_auth_verify: error connecting to server");
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ char buf[8192];
|
||||
+ char form[8192];
|
||||
+
|
||||
+ char *p = form;
|
||||
+ p = urlencode(p, "username");
|
||||
+ *p++ = '=';
|
||||
+ p = urlencode(p, username);
|
||||
+
|
||||
+ *p++ = '&';
|
||||
+ p = urlencode(p, "password");
|
||||
+ *p++ = '=';
|
||||
+ p = urlencode(p, passwd);
|
||||
+
|
||||
+ *p++ = '&';
|
||||
+ p = urlencode(p, "path");
|
||||
+ *p++ = '=';
|
||||
+ char authpath[256];
|
||||
+ sprintf(authpath, "/vms/%d", pve_vmid);
|
||||
+ p = urlencode(p, authpath);
|
||||
+
|
||||
+ *p++ = '&';
|
||||
+ p = urlencode(p, "privs");
|
||||
+ *p++ = '=';
|
||||
+ p = urlencode(p, "VM.Console");
|
||||
+
|
||||
+ sprintf(buf, "POST /api2/json/access/ticket HTTP/1.1\n"
|
||||
+ "Host: localhost:85\n"
|
||||
+ "Connection: close\n"
|
||||
+ "PVEClientIP: %s\n"
|
||||
+ "Content-Type: application/x-www-form-urlencoded\n"
|
||||
+ "Content-Length: %zd\n\n%s\n", clientip, strlen(form), form);
|
||||
+ ssize_t len = strlen(buf);
|
||||
+ ssize_t sb = send(sfd, buf, len, 0);
|
||||
+ if (sb < 0) {
|
||||
+ perror("pve_auth_verify: send failed");
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (sb != len) {
|
||||
+ fprintf(stderr, "pve_auth_verify: partial send error\n");
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ len = recv(sfd, buf, sizeof(buf) - 1, 0);
|
||||
+ if (len < 0) {
|
||||
+ perror("pve_auth_verify: recv failed");
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ buf[len] = 0;
|
||||
+
|
||||
+ //printf("DATA:%s\n", buf);
|
||||
+
|
||||
+ shutdown(sfd, SHUT_RDWR);
|
||||
+
|
||||
+ return strncmp(buf, "HTTP/1.1 200 OK", 15);
|
||||
+
|
||||
+err:
|
||||
+ shutdown(sfd, SHUT_RDWR);
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
static QTAILQ_HEAD(, VncDisplay) vnc_displays =
|
||||
QTAILQ_HEAD_INITIALIZER(vnc_displays);
|
||||
|
||||
@@ -3413,11 +3532,17 @@ vnc_display_setup_auth(VncDisplay *vs,
|
||||
if (object_dynamic_cast(OBJECT(vs->tlscreds),
|
||||
TYPE_QCRYPTO_TLS_CREDS_X509)) {
|
||||
VNC_DEBUG("Initializing VNC server with x509 password auth\n");
|
||||
- vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
|
||||
+ if (vs->tlscreds->pve)
|
||||
+ vs->subauth = VNC_AUTH_VENCRYPT_X509PLAIN;
|
||||
+ else
|
||||
+ vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
|
||||
} else if (object_dynamic_cast(OBJECT(vs->tlscreds),
|
||||
TYPE_QCRYPTO_TLS_CREDS_ANON)) {
|
||||
VNC_DEBUG("Initializing VNC server with TLS password auth\n");
|
||||
- vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
|
||||
+ if (vs->tlscreds->pve)
|
||||
+ vs->subauth = VNC_AUTH_VENCRYPT_TLSPLAIN;
|
||||
+ else
|
||||
+ vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
|
||||
} else {
|
||||
error_setg(errp,
|
||||
"Unsupported TLS cred type %s",
|
||||
@@ -3508,6 +3633,7 @@ vnc_display_create_creds(bool x509,
|
||||
bool x509verify,
|
||||
const char *dir,
|
||||
const char *id,
|
||||
+ bool pve,
|
||||
Error **errp)
|
||||
{
|
||||
gchar *credsid = g_strdup_printf("tlsvnc%s", id);
|
||||
@@ -3523,6 +3649,7 @@ vnc_display_create_creds(bool x509,
|
||||
"endpoint", "server",
|
||||
"dir", dir,
|
||||
"verify-peer", x509verify ? "yes" : "no",
|
||||
+ "pve", pve ? "yes" : "no",
|
||||
NULL);
|
||||
} else {
|
||||
creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
|
||||
@@ -3530,6 +3657,7 @@ vnc_display_create_creds(bool x509,
|
||||
credsid,
|
||||
&err,
|
||||
"endpoint", "server",
|
||||
+ "pve", pve ? "yes" : "no",
|
||||
NULL);
|
||||
}
|
||||
|
||||
@@ -3727,12 +3855,17 @@ void vnc_display_open(const char *id, Error **errp)
|
||||
}
|
||||
} else {
|
||||
const char *path;
|
||||
- bool tls = false, x509 = false, x509verify = false;
|
||||
+ bool tls = false, x509 = false, x509verify = false, pve = false;
|
||||
tls = qemu_opt_get_bool(opts, "tls", false);
|
||||
path = qemu_opt_get(opts, "x509");
|
||||
if (tls || path) {
|
||||
if (path) {
|
||||
x509 = true;
|
||||
+ if (!strcmp(path, "on")) {
|
||||
+ /* magic to default to /etc/pve */
|
||||
+ path = "/etc/pve";
|
||||
+ pve = true;
|
||||
+ }
|
||||
} else {
|
||||
path = qemu_opt_get(opts, "x509verify");
|
||||
if (path) {
|
||||
@@ -3744,6 +3877,7 @@ void vnc_display_open(const char *id, Error **errp)
|
||||
x509verify,
|
||||
path,
|
||||
vs->id,
|
||||
+ pve,
|
||||
errp);
|
||||
if (!vs->tlscreds) {
|
||||
goto fail;
|
||||
diff --git a/ui/vnc.h b/ui/vnc.h
|
||||
index ab5f244..2fde9d3 100644
|
||||
--- a/ui/vnc.h
|
||||
+++ b/ui/vnc.h
|
||||
@@ -282,6 +282,8 @@ struct VncState
|
||||
int auth;
|
||||
int subauth; /* Used by VeNCrypt */
|
||||
char challenge[VNC_AUTH_CHALLENGE_SIZE];
|
||||
+ int username_len;
|
||||
+ int password_len;
|
||||
QCryptoTLSSession *tls; /* Borrowed pointer from channel, don't free */
|
||||
#ifdef CONFIG_VNC_SASL
|
||||
VncStateSASL sasl;
|
||||
@@ -577,4 +579,6 @@ int vnc_zrle_send_framebuffer_update(VncState *vs, int x, int y, int w, int h);
|
||||
int vnc_zywrle_send_framebuffer_update(VncState *vs, int x, int y, int w, int h);
|
||||
void vnc_zrle_clear(VncState *vs);
|
||||
|
||||
+int pve_auth_verify(const char *clientip, const char *username, const char *passwd);
|
||||
+
|
||||
#endif /* QEMU_VNC_H */
|
||||
diff --git a/vl.c b/vl.c
|
||||
index 0b5a721..4742300 100644
|
||||
--- a/vl.c
|
||||
+++ b/vl.c
|
||||
@@ -2950,6 +2950,7 @@ static int global_init_func(void *opaque, QemuOpts *opts, Error **errp)
|
||||
int main(int argc, char **argv, char **envp)
|
||||
{
|
||||
int i;
|
||||
+ long int vm_id_long = 0;
|
||||
int snapshot, linux_boot;
|
||||
const char *initrd_filename;
|
||||
const char *kernel_filename, *kernel_cmdline;
|
||||
@@ -3722,6 +3723,14 @@ int main(int argc, char **argv, char **envp)
|
||||
exit(1);
|
||||
}
|
||||
break;
|
||||
+ case QEMU_OPTION_id:
|
||||
+ vm_id_long = strtol(optarg, (char **) &optarg, 10);
|
||||
+ if (*optarg != 0 || vm_id_long < 100 || vm_id_long > INT_MAX) {
|
||||
+ fprintf(stderr, "Invalid ID\n");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ pve_auth_setup(vm_id_long);
|
||||
+ break;
|
||||
case QEMU_OPTION_vnc:
|
||||
vnc_parse(optarg, &error_fatal);
|
||||
break;
|
||||
--
|
||||
2.1.4
|
||||
|
24
debian/patches/pve/0031-vma-writer-don-t-bail-out-on-zero-length-files.patch
vendored
Normal file
24
debian/patches/pve/0031-vma-writer-don-t-bail-out-on-zero-length-files.patch
vendored
Normal file
@ -0,0 +1,24 @@
|
||||
From e4958531f423dd635053559d05e8c86c208ceb02 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Mon, 8 Feb 2016 08:23:34 +0100
|
||||
Subject: [PATCH 31/47] vma-writer: don't bail out on zero-length files
|
||||
|
||||
---
|
||||
vma-writer.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/vma-writer.c b/vma-writer.c
|
||||
index 0d26fc6..a378762 100644
|
||||
--- a/vma-writer.c
|
||||
+++ b/vma-writer.c
|
||||
@@ -130,7 +130,6 @@ int vma_writer_add_config(VmaWriter *vmaw, const char *name, gpointer data,
|
||||
assert(vmaw->config_count < VMA_MAX_CONFIGS);
|
||||
assert(name);
|
||||
assert(data);
|
||||
- assert(len);
|
||||
|
||||
gchar *basename = g_path_get_basename(name);
|
||||
uint32_t name_ptr = allocate_header_string(vmaw, basename);
|
||||
--
|
||||
2.1.4
|
||||
|
42
debian/patches/pve/0032-vma-better-driver-guessing-for-bdrv_open.patch
vendored
Normal file
42
debian/patches/pve/0032-vma-better-driver-guessing-for-bdrv_open.patch
vendored
Normal file
@ -0,0 +1,42 @@
|
||||
From 2dc69ead56b7ecd60eb513ab5b6c9978e06070ef Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Tue, 23 Feb 2016 15:48:41 +0100
|
||||
Subject: [PATCH 32/47] vma: better driver guessing for bdrv_open
|
||||
|
||||
Only use 'raw' when the file actually ends with .raw and
|
||||
no protocol has been specified. With protocol pass the
|
||||
BDRV_O_PROTOCOL flag to tell bdrv_fill_options() to take it
|
||||
into account.
|
||||
---
|
||||
vma.c | 15 ++++++++++++++-
|
||||
1 file changed, 14 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/vma.c b/vma.c
|
||||
index 08e4725..8a27704 100644
|
||||
--- a/vma.c
|
||||
+++ b/vma.c
|
||||
@@ -293,7 +293,20 @@ static int extract_content(int argc, char **argv)
|
||||
}
|
||||
|
||||
BlockDriverState *bs = bdrv_new();
|
||||
- if (errp || bdrv_open(&bs, devfn, NULL, NULL, flags, &errp)) {
|
||||
+
|
||||
+ size_t devlen = strlen(devfn);
|
||||
+ bool protocol = path_has_protocol(devfn);
|
||||
+ QDict *options = NULL;
|
||||
+ if (devlen > 4 && strcmp(devfn+devlen-4, ".raw") == 0 && !protocol) {
|
||||
+ /* explicit raw format */
|
||||
+ options = qdict_new();
|
||||
+ qdict_put(options, "driver", qstring_from_str("raw"));
|
||||
+ } else if (protocol) {
|
||||
+ /* tell bdrv_open to honor the protocol */
|
||||
+ flags |= BDRV_O_PROTOCOL;
|
||||
+ }
|
||||
+
|
||||
+ if (errp || bdrv_open(&bs, devfn, NULL, options, flags, &errp)) {
|
||||
g_error("can't open file %s - %s", devfn,
|
||||
error_get_pretty(errp));
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
252
debian/patches/pve/0033-block-add-the-zeroinit-block-driver-filter.patch
vendored
Normal file
252
debian/patches/pve/0033-block-add-the-zeroinit-block-driver-filter.patch
vendored
Normal file
@ -0,0 +1,252 @@
|
||||
From 6f6f38d2ef8f22a12f72e4d60f8a1fa978ac569a Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Thu, 17 Mar 2016 11:33:37 +0100
|
||||
Subject: [PATCH 33/47] block: add the zeroinit block driver filter
|
||||
|
||||
---
|
||||
block/Makefile.objs | 1 +
|
||||
block/zeroinit.c | 220 ++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 221 insertions(+)
|
||||
create mode 100644 block/zeroinit.c
|
||||
|
||||
diff --git a/block/Makefile.objs b/block/Makefile.objs
|
||||
index 2593a2f..930ca33 100644
|
||||
--- a/block/Makefile.objs
|
||||
+++ b/block/Makefile.objs
|
||||
@@ -4,6 +4,7 @@ block-obj-y += qed.o qed-gencb.o qed-l2-cache.o qed-table.o qed-cluster.o
|
||||
block-obj-y += qed-check.o
|
||||
block-obj-$(CONFIG_VHDX) += vhdx.o vhdx-endian.o vhdx-log.o
|
||||
block-obj-y += quorum.o
|
||||
+block-obj-y += zeroinit.o
|
||||
block-obj-y += parallels.o blkdebug.o blkverify.o blkreplay.o
|
||||
block-obj-y += block-backend.o snapshot.o qapi.o
|
||||
block-obj-$(CONFIG_WIN32) += raw-win32.o win32-aio.o
|
||||
diff --git a/block/zeroinit.c b/block/zeroinit.c
|
||||
new file mode 100644
|
||||
index 0000000..c56a446
|
||||
--- /dev/null
|
||||
+++ b/block/zeroinit.c
|
||||
@@ -0,0 +1,220 @@
|
||||
+/*
|
||||
+ * Filter to fake a zero-initialized block device.
|
||||
+ *
|
||||
+ * Copyright (c) 2016 Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
+ * Copyright (c) 2016 Proxmox Server Solutions GmbH
|
||||
+ *
|
||||
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
|
||||
+ * See the COPYING file in the top-level directory.
|
||||
+ */
|
||||
+
|
||||
+#include "qemu/osdep.h"
|
||||
+#include "qapi/error.h"
|
||||
+#include "block/block_int.h"
|
||||
+#include "qapi/qmp/qdict.h"
|
||||
+#include "qapi/qmp/qstring.h"
|
||||
+#include "qemu/cutils.h"
|
||||
+
|
||||
+typedef struct {
|
||||
+ bool has_zero_init;
|
||||
+ int64_t extents;
|
||||
+} BDRVZeroinitState;
|
||||
+
|
||||
+/* Valid blkverify filenames look like blkverify:path/to/raw_image:path/to/image */
|
||||
+static void zeroinit_parse_filename(const char *filename, QDict *options,
|
||||
+ Error **errp)
|
||||
+{
|
||||
+ QString *raw_path;
|
||||
+
|
||||
+ /* Parse the blkverify: prefix */
|
||||
+ if (!strstart(filename, "zeroinit:", &filename)) {
|
||||
+ /* There was no prefix; therefore, all options have to be already
|
||||
+ present in the QDict (except for the filename) */
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ raw_path = qstring_from_str(filename);
|
||||
+ qdict_put(options, "x-next", raw_path);
|
||||
+}
|
||||
+
|
||||
+static QemuOptsList runtime_opts = {
|
||||
+ .name = "zeroinit",
|
||||
+ .head = QTAILQ_HEAD_INITIALIZER(runtime_opts.head),
|
||||
+ .desc = {
|
||||
+ {
|
||||
+ .name = "x-next",
|
||||
+ .type = QEMU_OPT_STRING,
|
||||
+ .help = "[internal use only, will be removed]",
|
||||
+ },
|
||||
+ {
|
||||
+ .name = "x-zeroinit",
|
||||
+ .type = QEMU_OPT_BOOL,
|
||||
+ .help = "set has_initialized_zero flag",
|
||||
+ },
|
||||
+ { /* end of list */ }
|
||||
+ },
|
||||
+};
|
||||
+
|
||||
+static int zeroinit_open(BlockDriverState *bs, QDict *options, int flags,
|
||||
+ Error **errp)
|
||||
+{
|
||||
+ BDRVZeroinitState *s = bs->opaque;
|
||||
+ QemuOpts *opts;
|
||||
+ Error *local_err = NULL;
|
||||
+ int ret;
|
||||
+
|
||||
+ s->extents = 0;
|
||||
+
|
||||
+ opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort);
|
||||
+ qemu_opts_absorb_qdict(opts, options, &local_err);
|
||||
+ if (local_err) {
|
||||
+ error_propagate(errp, local_err);
|
||||
+ ret = -EINVAL;
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ /* Open the raw file */
|
||||
+ bs->file = bdrv_open_child(qemu_opt_get(opts, "x-next"), options, "next",
|
||||
+ bs, &child_file, false, &local_err);
|
||||
+ if (local_err) {
|
||||
+ ret = -EINVAL;
|
||||
+ error_propagate(errp, local_err);
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ /* set the options */
|
||||
+ s->has_zero_init = qemu_opt_get_bool(opts, "x-zeroinit", true);
|
||||
+
|
||||
+ ret = 0;
|
||||
+fail:
|
||||
+ if (ret < 0) {
|
||||
+ bdrv_unref_child(bs, bs->file);
|
||||
+ }
|
||||
+ qemu_opts_del(opts);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static void zeroinit_close(BlockDriverState *bs)
|
||||
+{
|
||||
+ BDRVZeroinitState *s = bs->opaque;
|
||||
+ (void)s;
|
||||
+}
|
||||
+
|
||||
+static int64_t zeroinit_getlength(BlockDriverState *bs)
|
||||
+{
|
||||
+ return bdrv_getlength(bs->file->bs);
|
||||
+}
|
||||
+
|
||||
+static BlockAIOCB *zeroinit_aio_readv(BlockDriverState *bs,
|
||||
+ int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
|
||||
+ BlockCompletionFunc *cb, void *opaque)
|
||||
+{
|
||||
+ return bdrv_aio_readv(bs->file, sector_num, qiov, nb_sectors,
|
||||
+ cb, opaque);
|
||||
+}
|
||||
+
|
||||
+static int coroutine_fn zeroinit_co_pwrite_zeroes(BlockDriverState *bs, int64_t offset,
|
||||
+ int count, BdrvRequestFlags flags)
|
||||
+{
|
||||
+ BDRVZeroinitState *s = bs->opaque;
|
||||
+ if (offset >= s->extents)
|
||||
+ return 0;
|
||||
+ return bdrv_pwrite_zeroes(bs->file, offset, count, flags);
|
||||
+}
|
||||
+
|
||||
+static BlockAIOCB *zeroinit_aio_writev(BlockDriverState *bs,
|
||||
+ int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
|
||||
+ BlockCompletionFunc *cb, void *opaque)
|
||||
+{
|
||||
+ BDRVZeroinitState *s = bs->opaque;
|
||||
+ int64_t extents = (sector_num << BDRV_SECTOR_BITS) + ((nb_sectors + 1) << BDRV_SECTOR_BITS);
|
||||
+ if (extents > s->extents)
|
||||
+ s->extents = extents;
|
||||
+ return bdrv_aio_writev(bs->file, sector_num, qiov, nb_sectors,
|
||||
+ cb, opaque);
|
||||
+}
|
||||
+
|
||||
+static BlockAIOCB *zeroinit_aio_flush(BlockDriverState *bs,
|
||||
+ BlockCompletionFunc *cb,
|
||||
+ void *opaque)
|
||||
+{
|
||||
+ return bdrv_aio_flush(bs->file->bs, cb, opaque);
|
||||
+}
|
||||
+
|
||||
+static bool zeroinit_recurse_is_first_non_filter(BlockDriverState *bs,
|
||||
+ BlockDriverState *candidate)
|
||||
+{
|
||||
+ return bdrv_recurse_is_first_non_filter(bs->file->bs, candidate);
|
||||
+}
|
||||
+
|
||||
+static coroutine_fn int zeroinit_co_flush(BlockDriverState *bs)
|
||||
+{
|
||||
+ return bdrv_co_flush(bs->file->bs);
|
||||
+}
|
||||
+
|
||||
+static int zeroinit_has_zero_init(BlockDriverState *bs)
|
||||
+{
|
||||
+ BDRVZeroinitState *s = bs->opaque;
|
||||
+ return s->has_zero_init;
|
||||
+}
|
||||
+
|
||||
+static int64_t coroutine_fn zeroinit_co_get_block_status(BlockDriverState *bs,
|
||||
+ int64_t sector_num,
|
||||
+ int nb_sectors, int *pnum,
|
||||
+ BlockDriverState **file)
|
||||
+{
|
||||
+ return bdrv_get_block_status(bs->file->bs, sector_num, nb_sectors, pnum, file);
|
||||
+}
|
||||
+
|
||||
+static coroutine_fn BlockAIOCB *zeroinit_aio_pdiscard(BlockDriverState *bs,
|
||||
+ int64_t offset, int count,
|
||||
+ BlockCompletionFunc *cb, void *opaque)
|
||||
+{
|
||||
+ return bdrv_aio_pdiscard(bs->file->bs, offset, count, cb, opaque);
|
||||
+}
|
||||
+
|
||||
+static int zeroinit_truncate(BlockDriverState *bs, int64_t offset)
|
||||
+{
|
||||
+ return bdrv_truncate(bs->file->bs, offset);
|
||||
+}
|
||||
+
|
||||
+static int zeroinit_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
|
||||
+{
|
||||
+ return bdrv_get_info(bs->file->bs, bdi);
|
||||
+}
|
||||
+
|
||||
+static BlockDriver bdrv_zeroinit = {
|
||||
+ .format_name = "zeroinit",
|
||||
+ .protocol_name = "zeroinit",
|
||||
+ .instance_size = sizeof(BDRVZeroinitState),
|
||||
+
|
||||
+ .bdrv_parse_filename = zeroinit_parse_filename,
|
||||
+ .bdrv_file_open = zeroinit_open,
|
||||
+ .bdrv_close = zeroinit_close,
|
||||
+ .bdrv_getlength = zeroinit_getlength,
|
||||
+ .bdrv_co_flush_to_disk = zeroinit_co_flush,
|
||||
+
|
||||
+ .bdrv_co_pwrite_zeroes = zeroinit_co_pwrite_zeroes,
|
||||
+ .bdrv_aio_writev = zeroinit_aio_writev,
|
||||
+ .bdrv_aio_readv = zeroinit_aio_readv,
|
||||
+ .bdrv_aio_flush = zeroinit_aio_flush,
|
||||
+
|
||||
+ .is_filter = true,
|
||||
+ .bdrv_recurse_is_first_non_filter = zeroinit_recurse_is_first_non_filter,
|
||||
+
|
||||
+ .bdrv_has_zero_init = zeroinit_has_zero_init,
|
||||
+
|
||||
+ .bdrv_co_get_block_status = zeroinit_co_get_block_status,
|
||||
+
|
||||
+ .bdrv_aio_pdiscard = zeroinit_aio_pdiscard,
|
||||
+
|
||||
+ .bdrv_truncate = zeroinit_truncate,
|
||||
+ .bdrv_get_info = zeroinit_get_info,
|
||||
+};
|
||||
+
|
||||
+static void bdrv_zeroinit_init(void)
|
||||
+{
|
||||
+ bdrv_register(&bdrv_zeroinit);
|
||||
+}
|
||||
+
|
||||
+block_init(bdrv_zeroinit_init);
|
||||
--
|
||||
2.1.4
|
||||
|
108
debian/patches/pve/0034-vma-add-format-option-to-device-mapping.patch
vendored
Normal file
108
debian/patches/pve/0034-vma-add-format-option-to-device-mapping.patch
vendored
Normal file
@ -0,0 +1,108 @@
|
||||
From 10ae69c411df788752628c8950bf9e76c8cf6af1 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Tue, 12 Apr 2016 13:49:44 +0200
|
||||
Subject: [PATCH 34/47] vma: add format option to device mapping
|
||||
|
||||
The BDRV_O_PROTOCOL option breaks non-raw protocol devices,
|
||||
so we instead now allow the format to be explicitly
|
||||
specified from the outside.
|
||||
|
||||
In other words we now too deprecate the automatic guessing
|
||||
of raw formats, just like qemu already does, and have to
|
||||
silence the warnings by passing the drive mapping.
|
||||
---
|
||||
vma.c | 34 +++++++++++++++++++++++++++-------
|
||||
1 file changed, 27 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/vma.c b/vma.c
|
||||
index 8a27704..c8ad6c0 100644
|
||||
--- a/vma.c
|
||||
+++ b/vma.c
|
||||
@@ -130,6 +130,7 @@ static int list_content(int argc, char **argv)
|
||||
typedef struct RestoreMap {
|
||||
char *devname;
|
||||
char *path;
|
||||
+ char *format;
|
||||
bool write_zero;
|
||||
} RestoreMap;
|
||||
|
||||
@@ -217,13 +218,24 @@ static int extract_content(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
+ char *format = NULL;
|
||||
+ if (strncmp(line, "format=", sizeof("format=")-1) == 0) {
|
||||
+ format = line + sizeof("format=")-1;
|
||||
+ char *colon = strchr(format, ':');
|
||||
+ if (!colon) {
|
||||
+ g_error("read map failed - found only a format ('%s')", inbuf);
|
||||
+ }
|
||||
+ format = g_strndup(format, colon - format);
|
||||
+ line = colon+1;
|
||||
+ }
|
||||
+
|
||||
const char *path;
|
||||
bool write_zero;
|
||||
if (line[0] == '0' && line[1] == ':') {
|
||||
- path = inbuf + 2;
|
||||
+ path = line + 2;
|
||||
write_zero = false;
|
||||
} else if (line[0] == '1' && line[1] == ':') {
|
||||
- path = inbuf + 2;
|
||||
+ path = line + 2;
|
||||
write_zero = true;
|
||||
} else {
|
||||
g_error("read map failed - parse error ('%s')", inbuf);
|
||||
@@ -239,6 +251,7 @@ static int extract_content(int argc, char **argv)
|
||||
RestoreMap *map = g_new0(RestoreMap, 1);
|
||||
map->devname = g_strdup(devname);
|
||||
map->path = g_strdup(path);
|
||||
+ map->format = format;
|
||||
map->write_zero = write_zero;
|
||||
|
||||
g_hash_table_insert(devmap, map->devname, map);
|
||||
@@ -263,6 +276,7 @@ static int extract_content(int argc, char **argv)
|
||||
g_free(statefn);
|
||||
} else if (di) {
|
||||
char *devfn = NULL;
|
||||
+ const char *format = NULL;
|
||||
int flags = BDRV_O_RDWR;
|
||||
bool write_zero = true;
|
||||
|
||||
@@ -273,6 +287,7 @@ static int extract_content(int argc, char **argv)
|
||||
g_error("no device name mapping for %s", di->devname);
|
||||
}
|
||||
devfn = map->path;
|
||||
+ format = map->format;
|
||||
write_zero = map->write_zero;
|
||||
} else {
|
||||
devfn = g_strdup_printf("%s/tmp-disk-%s.raw",
|
||||
@@ -295,15 +310,20 @@ static int extract_content(int argc, char **argv)
|
||||
BlockDriverState *bs = bdrv_new();
|
||||
|
||||
size_t devlen = strlen(devfn);
|
||||
- bool protocol = path_has_protocol(devfn);
|
||||
QDict *options = NULL;
|
||||
- if (devlen > 4 && strcmp(devfn+devlen-4, ".raw") == 0 && !protocol) {
|
||||
+ if (format) {
|
||||
+ /* explicit format from commandline */
|
||||
+ options = qdict_new();
|
||||
+ qdict_put(options, "driver", qstring_from_str(format));
|
||||
+ } else if ((devlen > 4 && strcmp(devfn+devlen-4, ".raw") == 0) ||
|
||||
+ strncmp(devfn, "/dev/", 5) == 0)
|
||||
+ {
|
||||
+ /* This part is now deprecated for PVE as well (just as qemu
|
||||
+ * deprecated not specifying an explicit raw format, too.
|
||||
+ */
|
||||
/* explicit raw format */
|
||||
options = qdict_new();
|
||||
qdict_put(options, "driver", qstring_from_str("raw"));
|
||||
- } else if (protocol) {
|
||||
- /* tell bdrv_open to honor the protocol */
|
||||
- flags |= BDRV_O_PROTOCOL;
|
||||
}
|
||||
|
||||
if (errp || bdrv_open(&bs, devfn, NULL, options, flags, &errp)) {
|
||||
--
|
||||
2.1.4
|
||||
|
25
debian/patches/pve/0035-fix-possible-unitialised-return-value.patch
vendored
Normal file
25
debian/patches/pve/0035-fix-possible-unitialised-return-value.patch
vendored
Normal file
@ -0,0 +1,25 @@
|
||||
From 927da5e2426aac5bef37c97604740deddedbda41 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||
Date: Wed, 6 Apr 2016 16:45:15 +0200
|
||||
Subject: [PATCH 35/47] fix possible unitialised return value
|
||||
|
||||
---
|
||||
migration/savevm.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/migration/savevm.c b/migration/savevm.c
|
||||
index b1bdfb6..cebba77 100644
|
||||
--- a/migration/savevm.c
|
||||
+++ b/migration/savevm.c
|
||||
@@ -1020,7 +1020,7 @@ int qemu_savevm_state_complete_precopy(QEMUFile *f, bool iterable_only)
|
||||
QJSON *vmdesc;
|
||||
int vmdesc_len;
|
||||
SaveStateEntry *se;
|
||||
- int ret;
|
||||
+ int ret = -1;
|
||||
bool in_postcopy = migration_in_postcopy(migrate_get_current());
|
||||
|
||||
trace_savevm_state_complete_precopy();
|
||||
--
|
||||
2.1.4
|
||||
|
87
debian/patches/pve/0036-vnc-refactor-to-QIOChannelSocket.patch
vendored
Normal file
87
debian/patches/pve/0036-vnc-refactor-to-QIOChannelSocket.patch
vendored
Normal file
@ -0,0 +1,87 @@
|
||||
From e6af4497017e37cb31f7cbd80137f41ce297d702 Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||
Date: Wed, 6 Apr 2016 16:47:54 +0200
|
||||
Subject: [PATCH 36/47] vnc: refactor to QIOChannelSocket
|
||||
|
||||
---
|
||||
ui/vnc-auth-vencrypt.c | 31 ++++++++++++++++---------------
|
||||
1 file changed, 16 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/ui/vnc-auth-vencrypt.c b/ui/vnc-auth-vencrypt.c
|
||||
index d11f1df..a529520 100644
|
||||
--- a/ui/vnc-auth-vencrypt.c
|
||||
+++ b/ui/vnc-auth-vencrypt.c
|
||||
@@ -28,27 +28,23 @@
|
||||
#include "vnc.h"
|
||||
#include "qapi/error.h"
|
||||
#include "qemu/main-loop.h"
|
||||
-#include "qemu/sockets.h"
|
||||
+#include "io/channel-socket.h"
|
||||
|
||||
static int protocol_client_auth_plain(VncState *vs, uint8_t *data, size_t len)
|
||||
{
|
||||
- const char *err = NULL;
|
||||
+ Error *err = NULL;
|
||||
char username[256];
|
||||
char passwd[512];
|
||||
|
||||
- char clientip[256];
|
||||
- clientip[0] = 0;
|
||||
- struct sockaddr_in client;
|
||||
- socklen_t addrlen = sizeof(client);
|
||||
- if (getpeername(vs->csock, &client, &addrlen) == 0) {
|
||||
- inet_ntop(client.sin_family, &client.sin_addr,
|
||||
- clientip, sizeof(clientip));
|
||||
+ SocketAddress *clientip = qio_channel_socket_get_remote_address(vs->sioc, &err);
|
||||
+ if (err) {
|
||||
+ goto err;
|
||||
}
|
||||
|
||||
if ((len != (vs->username_len + vs->password_len)) ||
|
||||
(vs->username_len >= (sizeof(username)-1)) ||
|
||||
(vs->password_len >= (sizeof(passwd)-1)) ) {
|
||||
- err = "Got unexpected data length";
|
||||
+ error_setg(&err, "Got unexpected data length");
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -59,26 +55,31 @@ static int protocol_client_auth_plain(VncState *vs, uint8_t *data, size_t len)
|
||||
|
||||
VNC_DEBUG("AUTH PLAIN username: %s pw: %s\n", username, passwd);
|
||||
|
||||
- if (pve_auth_verify(clientip, username, passwd) == 0) {
|
||||
+ if (pve_auth_verify(clientip->u.inet.data->host, username, passwd) == 0) {
|
||||
vnc_write_u32(vs, 0); /* Accept auth completion */
|
||||
start_client_init(vs);
|
||||
+ qapi_free_SocketAddress(clientip);
|
||||
return 0;
|
||||
}
|
||||
|
||||
- err = "Authentication failed";
|
||||
+ error_setg(&err, "Authentication failed");
|
||||
err:
|
||||
if (err) {
|
||||
- VNC_DEBUG("AUTH PLAIN ERROR: %s\n", err);
|
||||
+ const char *err_msg = error_get_pretty(err);
|
||||
+ VNC_DEBUG("AUTH PLAIN ERROR: %s\n", err_msg);
|
||||
vnc_write_u32(vs, 1); /* Reject auth */
|
||||
if (vs->minor >= 8) {
|
||||
- int elen = strlen(err);
|
||||
+ int elen = strlen(err_msg);
|
||||
vnc_write_u32(vs, elen);
|
||||
- vnc_write(vs, err, elen);
|
||||
+ vnc_write(vs, err_msg, elen);
|
||||
}
|
||||
+ error_free(err);
|
||||
}
|
||||
vnc_flush(vs);
|
||||
vnc_client_error(vs);
|
||||
|
||||
+ qapi_free_SocketAddress(clientip);
|
||||
+
|
||||
return 0;
|
||||
|
||||
}
|
||||
--
|
||||
2.1.4
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user