c/pve-qemu-qoup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 2.9.0-rc2 build files

Browse Source
This commit is contained in:
Wolfgang Bumiller 2017-04-05 11:38:26 +02:00
parent 9525982417
commit a544966dce
107 changed files with 933 additions and 3321 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Makefile
View File

@ -1,6 +1,6 @@
# also update debian/changelog
KVMVER=2.7.1
KVMPKGREL=4
KVMVER=2.9.0
KVMPKGREL=1~rc2+5
KVMPACKAGE = pve-qemu-kvm
KVMSRC = qemu
@ -30,7 +30,6 @@ $(DEB): | submodule
rm -rf $(BUILDSRC)
mkdir $(BUILDSRC)
cp -a $(KVMSRC)/* $(BUILDSRC)/
tar -C $(BUILDSRC) -xJf efi-roms-1182.tar.xz
cp -a debian $(BUILDSRC)/debian
echo "git clone git://git.proxmox.com/git/pve-qemu-kvm.git\\ngit checkout $(GITVERSION)" > $(BUILDSRC)/debian/SOURCE
# set package version
@ -40,7 +39,7 @@ $(DEB): | submodule
.PHONY: upload
upload: $(DEBS)
tar cf - $(DEBS) | ssh repoman@repo.proxmox.com upload --produce pve --dist jessie
tar cf - ${DEBS} | ssh repoman@repo.proxmox.com upload --product pve --dist stretch
.PHONY: distclean
distclean: clean

50
debian/changelog vendored
View File

@ -1,3 +1,53 @@
pve-qemu-kvm (2.9.0-1~rc2+5) unstable; urgency=medium
* fix a crash caused by the zeroinit filter in drive-mirror
-- Proxmox Support Team <support@proxmox.com> Fri, 31 Mar 2017 09:31:38 +0200
pve-qemu-kvm (2.9.0-1~rc2+4) unstable; urgency=medium
* fix data loss when sending backups through pipes on kernel >= 4.5
-- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 16:07:52 +0200
pve-qemu-kvm (2.9.0-1~rc2+3) unstable; urgency=medium
* fix backup jobs not starting when using multiple disks
-- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 12:16:30 +0200
pve-qemu-kvm (2.9.0-1~rc2+2) unstable; urgency=medium
* build with virtfs enabled
-- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 10:57:46 +0200
pve-qemu-kvm (2.9.0-1~rc2+1) unstable; urgency=medium
* fix backup jobs not starting and an assertion on backup job cleanup
-- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 10:49:00 +0200
pve-qemu-kvm (2.9.0-1~rc2) unstable; urgency=medium
* update to qemu 2.9.0-rc2
-- Proxmox Support Team <support@proxmox.com> Wed, 29 Mar 2017 13:33:48 +0200
pve-qemu-kvm (2.7.1-501) unstable; urgency=medium
* drop bridge-utils dependency
* use ip from iproute2 over ifconfig from net-tools
-- Proxmox Support Team <support@proxmox.com> Wed, 15 Mar 2017 11:24:33 +0100
pve-qemu-kvm (2.7.1-500) unstable; urgency=medium
* version bumped for stetch upgrade
-- Proxmox Support Team <support@proxmox.com> Fri, 10 Mar 2017 14:19:59 +0100
pve-qemu-kvm (2.7.1-4) unstable; urgency=medium
* fix CVE-2017-2620: display: cirrus: out-of-bounds access issue

41
debian/control vendored
View File

@ -2,12 +2,49 @@ Source: pve-qemu-kvm
Section: admin
Priority: extra
Maintainer: Proxmox Support Team <support@proxmox.com>
Build-Depends: debhelper (>= 5), autotools-dev, libpci-dev, quilt, texinfo, texi2html, libgnutls28-dev, libsdl1.2-dev, check, libaio-dev, uuid-dev, librbd-dev (>= 0.48), libiscsi-dev (>= 1.12.0), libspice-protocol-dev (>= 0.12.5), pve-libspice-server-dev (>= 0.12.5-1), libusbredirparser-dev (>= 0.6-2), glusterfs-common (>= 3.5.2-1), libusb-1.0-0-dev (>= 1.0.17-1), xfslibs-dev, libnuma-dev, libjemalloc-dev, libjpeg-dev, libacl1-dev
Build-Depends: debhelper (>= 5),
autotools-dev,
libpci-dev,
quilt,
texinfo,
texi2html,
libgnutls28-dev,
libsdl1.2-dev,
check,
libaio-dev,
uuid-dev,
librbd-dev (>= 0.48),
libiscsi-dev (>= 1.12.0),
libspice-protocol-dev (>= 0.12.5),
pve-libspice-server-dev (>= 0.12.5-1),
libusbredirparser-dev (>= 0.6-2),
glusterfs-common (>= 3.5.2-1),
libusb-1.0-0-dev (>= 1.0.17-1),
xfslibs-dev,
libnuma-dev,
libjemalloc-dev,
libjpeg-dev,
libacl1-dev,
libcap-dev
Standards-Version: 3.7.2
Package: pve-qemu-kvm
Architecture: any
Depends: iproute2, bridge-utils, python, libsdl1.2debian, libaio1, libuuid1, ceph-common (>= 0.48), libiscsi4 (>= 1.12.0) | libiscsi7, pve-libspice-server1 (>= 0.12.5-1), ${shlibs:Depends}, ${misc:Depends}, libusbredirparser1 (>= 0.6-2), glusterfs-common (>= 3.5.2-1), libusb-1.0-0 (>= 1.0.17-1), numactl, libjemalloc1, libjpeg62-turbo
Depends: ${shlibs:Depends}, ${misc:Depends},
iproute2,
python,
libsdl1.2debian,
libaio1,
libuuid1,
ceph-common (>= 0.48),
libiscsi4 (>= 1.12.0) | libiscsi7,
pve-libspice-server1 (>= 0.12.5-1),
libusbredirparser1 (>= 0.6-2),
glusterfs-common (>= 3.5.2-1),
libusb-1.0-0 (>= 1.0.17-1),
numactl,
libjemalloc1,
libjpeg62-turbo
Conflicts: qemu, qemu-kvm, qemu-utils, kvm, pve-kvm, pve-qemu-kvm-2.6.18
Provides: qemu-utils
Replaces: pve-kvm, pve-qemu-kvm-2.6.18, qemu-utils

6
debian/kvm-ifup vendored
View File

@ -1,5 +1,5 @@
#!/bin/sh
switch=$(/sbin/ip route list | awk '/^default / { print $NF }')
/sbin/ifconfig $1 0.0.0.0 promisc up
/sbin/brctl addif ${switch} $1
switch=$(/sbin/ip route show |sed -nre 's/^default .* dev ([^ ]+).*$/\1/;T;p;q')
/sbin/ip link set "$1" up promisc on
test -d "/sys/class/net/$switch/bridge" && /sbin/ip link set "$1" master "$switch"

33
debian/patches/extra/0001-Revert-target-i386-disable-LINT0-after-reset.patch vendored
View File

@ -1,33 +0,0 @@
From 603c472d61c354c30bc898b0e9ff1914302cbca9 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 4 Jul 2016 15:02:26 +0200
Subject: [PATCH 1/3] Revert "target-i386: disable LINT0 after reset"
This reverts commit b8eb5512fd8a115f164edbbe897cdf8884920ccb.
---
hw/intc/apic_common.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
index 14ac43c..1ed0511 100644
--- a/hw/intc/apic_common.c
+++ b/hw/intc/apic_common.c
@@ -246,6 +246,15 @@ static void apic_reset_common(DeviceState *dev)
info->vapic_base_update(s);
apic_init_reset(dev);
+
+ if (bsp) {
+ /*
+ * LINT0 delivery mode on CPU #0 is set to ExtInt at initialization
+ * time typically by BIOS, so PIC interrupt can be delivered to the
+ * processor when local APIC is enabled.
+ */
+ s->lvt[APIC_LVT_LINT0] = 0x700;
+ }
}
/* This function is only used for old state version 1 and 2 */
--
2.1.4

100
debian/patches/extra/0001-cirrus-fix-patterncopy-checks.patch vendored
View File

@ -1,100 +0,0 @@
From 391a9e6fd8c6cf615f2ffe44bb85245df52cc2b6 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 9 Feb 2017 14:02:20 +0100
Subject: [PATCH 1/2] cirrus: fix patterncopy checks
The blit_region_is_unsafe checks don't work correctly for the
patterncopy source. It's a fixed-sized region, which doesn't
depend on cirrus_blt_{width,height}. So go do the check in
cirrus_bitblt_common_patterncopy instead, then tell blit_is_unsafe that
it doesn't need to verify the source. Also handle the case where we
blit from cirrus_bitbuf correctly.
This patch replaces 5858dd1801883309bdd208d72ddb81c4e9fee30c.
Security impact: I think for the most part error on the safe side this
time, refusing blits which should have been allowed.
Only exception is placing the blit source at the end of the video ram,
so cirrus_blt_srcaddr + 256 goes beyond the end of video memory. But
even in that case I'm not fully sure this actually allows read access to
host memory. To trick the commit 5858dd18 security checks one has to
pick very small cirrus_blt_{width,height} values, which in turn implies
only a fraction of the blit source will actually be used.
Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/cirrus_vga.c | 36 ++++++++++++++++++++++++++++++------
1 file changed, 30 insertions(+), 6 deletions(-)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 16f27e8..6bd13fc 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -683,14 +683,39 @@ static void cirrus_invalidate_region(CirrusVGAState * s, int off_begin,
}
}
-static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
- const uint8_t * src)
+static int cirrus_bitblt_common_patterncopy(CirrusVGAState *s, bool videosrc)
{
+ uint32_t patternsize;
uint8_t *dst;
+ uint8_t *src;
dst = s->vga.vram_ptr + s->cirrus_blt_dstaddr;
- if (blit_is_unsafe(s, false, true)) {
+ if (videosrc) {
+ switch (s->vga.get_bpp(&s->vga)) {
+ case 8:
+ patternsize = 64;
+ break;
+ case 15:
+ case 16:
+ patternsize = 128;
+ break;
+ case 24:
+ case 32:
+ default:
+ patternsize = 256;
+ break;
+ }
+ s->cirrus_blt_srcaddr &= ~(patternsize - 1);
+ if (s->cirrus_blt_srcaddr + patternsize > s->vga.vram_size) {
+ return 0;
+ }
+ src = s->vga.vram_ptr + s->cirrus_blt_srcaddr;
+ } else {
+ src = s->cirrus_bltbuf;
+ }
+
+ if (blit_is_unsafe(s, true, true)) {
return 0;
}
@@ -731,8 +756,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s)
{
- return cirrus_bitblt_common_patterncopy(s, s->vga.vram_ptr +
- (s->cirrus_blt_srcaddr & ~7));
+ return cirrus_bitblt_common_patterncopy(s, true);
}
static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
@@ -831,7 +855,7 @@ static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s)
if (s->cirrus_srccounter > 0) {
if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
- cirrus_bitblt_common_patterncopy(s, s->cirrus_bltbuf);
+ cirrus_bitblt_common_patterncopy(s, false);
the_end:
s->cirrus_srccounter = 0;
cirrus_bitblt_reset(s);
--
2.1.4

51
debian/patches/extra/0001-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch vendored
View File

@ -1,51 +0,0 @@
From b3ce5aeaacdd0cec5bab1d83ee24bae73b0dd506 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 25 Jan 2017 14:48:57 +0100
Subject: [PATCH 1/4] cirrus: handle negative pitch in
cirrus_invalidate_region()
cirrus_invalidate_region() calls memory_region_set_dirty()
on a per-line basis, always ranging from off_begin to
off_begin+bytesperline. With a negative pitch off_begin
marks the top most used address and thus we need to do an
initial shift backwards by a line for negative pitches of
backward blits, otherwise the first iteration covers the
line going from the start offset forwards instead of
backwards.
Additionally since the start address is inclusive, if we
shift by a full `bytesperline` we move to the first address
*not* included in the blit, so we only shift by one less
than bytesperline.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Message-id: 1485352137-29367-1-git-send-email-w.bumiller@proxmox.com
[ kraxel: codestyle fixes ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/cirrus_vga.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 379910d..0f05e45 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -661,9 +661,14 @@ static void cirrus_invalidate_region(CirrusVGAState * s, int off_begin,
int off_cur;
int off_cur_end;
+ if (off_pitch < 0) {
+ off_begin -= bytesperline - 1;
+ }
+
for (y = 0; y < lines; y++) {
off_cur = off_begin;
off_cur_end = (off_cur + bytesperline) & s->cirrus_addr_mask;
+ assert(off_cur_end >= off_cur);
memory_region_set_dirty(&s->vga.vram, off_cur, off_cur_end - off_cur);
off_begin += off_pitch;
}
--
2.1.4

72
debian/patches/extra/0001-display-cirrus-ignore-source-pitch-value-as-needed-i.patch vendored
View File

@ -1,72 +0,0 @@
From f5dc8e6b503fda1ed87c0f4f53c6d2c76a584872 Mon Sep 17 00:00:00 2001
From: Bruce Rogers <brogers@suse.com>
Date: Mon, 9 Jan 2017 13:35:20 -0700
Subject: [PATCH 1/5] display: cirrus: ignore source pitch value as needed in
blit_is_unsafe
Commit 4299b90 added a check which is too broad, given that the source
pitch value is not required to be initialized for solid fill operations.
This patch refines the blit_is_unsafe() check to ignore source pitch in
that case. After applying the above commit as a security patch, we
noticed the SLES 11 SP4 guest gui failed to initialize properly.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Message-id: 20170109203520.5619-1-brogers@suse.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/cirrus_vga.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index bdb092e..379910d 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -294,7 +294,7 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
return false;
}
-static bool blit_is_unsafe(struct CirrusVGAState *s)
+static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
{
/* should be the case, see cirrus_bitblt_start */
assert(s->cirrus_blt_width > 0);
@@ -308,6 +308,9 @@ static bool blit_is_unsafe(struct CirrusVGAState *s)
s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) {
return true;
}
+ if (dst_only) {
+ return false;
+ }
if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
return true;
@@ -673,7 +676,7 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
- if (blit_is_unsafe(s))
+ if (blit_is_unsafe(s, false))
return 0;
(*s->cirrus_rop) (s, dst, src,
@@ -691,7 +694,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
{
cirrus_fill_t rop_func;
- if (blit_is_unsafe(s)) {
+ if (blit_is_unsafe(s, true)) {
return 0;
}
rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
@@ -795,7 +798,7 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
{
- if (blit_is_unsafe(s))
+ if (blit_is_unsafe(s, false))
return 0;
return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
--
2.1.4

101
debian/patches/extra/0002-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch vendored
View File

@ -1,101 +0,0 @@
From cba280fe94eaed53952e2997cac1ee2bed6cfdee Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 10 Feb 2017 08:34:03 +0100
Subject: [PATCH 2/2] Revert "cirrus: allow zero source pitch in pattern fill
rops"
This reverts commit cf9c099a7694eb47ded529e1ed40ee8789f32d31.
Conflicts:
hw/display/cirrus_vga.c
---
hw/display/cirrus_vga.c | 29 +++++++++--------------------
1 file changed, 9 insertions(+), 20 deletions(-)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 6bd13fc..92e7951 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -272,6 +272,9 @@ static void cirrus_update_memory_access(CirrusVGAState *s);
static bool blit_region_is_unsafe(struct CirrusVGAState *s,
int32_t pitch, int32_t addr)
{
+ if (!pitch) {
+ return true;
+ }
if (pitch < 0) {
int64_t min = addr
+ ((int64_t)s->cirrus_blt_height - 1) * pitch
@@ -290,11 +293,8 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
return false;
}
-static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only,
- bool zero_src_pitch_ok)
+static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
{
- int32_t check_pitch;
-
/* should be the case, see cirrus_bitblt_start */
assert(s->cirrus_blt_width > 0);
assert(s->cirrus_blt_height > 0);
@@ -303,10 +303,6 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only,
return true;
}
- if (!s->cirrus_blt_dstpitch) {
- return true;
- }
-
if (blit_region_is_unsafe(s, s->cirrus_blt_dstpitch,
s->cirrus_blt_dstaddr)) {
return true;
@@ -314,14 +310,8 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only,
if (dst_only) {
return false;
}
-
- check_pitch = s->cirrus_blt_srcpitch;
- if (!zero_src_pitch_ok && !check_pitch) {
- check_pitch = s->cirrus_blt_width;
- }
-
- if (blit_region_is_unsafe(s, check_pitch,
- s->cirrus_blt_srcaddr)) {
+ if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
+ s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
return true;
}
@@ -715,9 +705,8 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState *s, bool videosrc)
src = s->cirrus_bltbuf;
}
- if (blit_is_unsafe(s, true, true)) {
+ if (blit_is_unsafe(s, true))
return 0;
- }
(*s->cirrus_rop) (s, dst, src,
s->cirrus_blt_dstpitch, 0,
@@ -734,7 +723,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
{
cirrus_fill_t rop_func;
- if (blit_is_unsafe(s, true, true)) {
+ if (blit_is_unsafe(s, true)) {
return 0;
}
rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
@@ -834,7 +823,7 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
{
- if (blit_is_unsafe(s, false, false))
+ if (blit_is_unsafe(s, false))
return 0;
return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
--
2.1.4

102
debian/patches/extra/0002-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch vendored
View File

@ -1,102 +0,0 @@
From cf9c099a7694eb47ded529e1ed40ee8789f32d31 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 24 Jan 2017 16:35:38 +0100
Subject: [PATCH 2/4] cirrus: allow zero source pitch in pattern fill rops
The rops used by cirrus_bitblt_common_patterncopy only use
the destination pitch, so the source pitch shoul allowed to
be zero and the blit with used for the range check around the
source address.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Message-id: 1485272138-23249-1-git-send-email-w.bumiller@proxmox.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/cirrus_vga.c | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 0f05e45..98f089e 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -272,9 +272,6 @@ static void cirrus_update_memory_access(CirrusVGAState *s);
static bool blit_region_is_unsafe(struct CirrusVGAState *s,
int32_t pitch, int32_t addr)
{
- if (!pitch) {
- return true;
- }
if (pitch < 0) {
int64_t min = addr
+ ((int64_t)s->cirrus_blt_height-1) * pitch;
@@ -294,8 +291,11 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
return false;
}
-static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
+static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only,
+ bool zero_src_pitch_ok)
{
+ int32_t check_pitch;
+
/* should be the case, see cirrus_bitblt_start */
assert(s->cirrus_blt_width > 0);
assert(s->cirrus_blt_height > 0);
@@ -304,6 +304,10 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
return true;
}
+ if (!s->cirrus_blt_dstpitch) {
+ return true;
+ }
+
if (blit_region_is_unsafe(s, s->cirrus_blt_dstpitch,
s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) {
return true;
@@ -311,7 +315,13 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
if (dst_only) {
return false;
}
- if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
+
+ check_pitch = s->cirrus_blt_srcpitch;
+ if (!zero_src_pitch_ok && !check_pitch) {
+ check_pitch = s->cirrus_blt_width;
+ }
+
+ if (blit_region_is_unsafe(s, check_pitch,
s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
return true;
}
@@ -681,8 +691,9 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
- if (blit_is_unsafe(s, false))
+ if (blit_is_unsafe(s, false, true)) {
return 0;
+ }
(*s->cirrus_rop) (s, dst, src,
s->cirrus_blt_dstpitch, 0,
@@ -699,7 +710,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
{
cirrus_fill_t rop_func;
- if (blit_is_unsafe(s, true)) {
+ if (blit_is_unsafe(s, true, true)) {
return 0;
}
rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
@@ -803,7 +814,7 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
{
- if (blit_is_unsafe(s, false))
+ if (blit_is_unsafe(s, false, false))
return 0;
return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
--
2.1.4

31
debian/patches/extra/0002-net-vmxnet-initialise-local-tx-descriptor.patch vendored
View File

@ -1,31 +0,0 @@
From 1313d27fc347633d0cf6fc2ff8cbe17a740dd658 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Thu, 11 Aug 2016 00:42:20 +0530
Subject: [PATCH 2/3] net: vmxnet: initialise local tx descriptor
In Vmxnet3 device emulator while processing transmit(tx) queue,
when it reaches end of packet, it calls vmxnet3_complete_packet.
In that local 'txcq_descr' object is not initialised, which could
leak host memory bytes a guest.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/net/vmxnet3.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 90f6943..92f6af9 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, int qidx, uint32_t tx_ridx)
VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, &s->txq_descr[qidx].comp_ring);
+ memset(&txcq_descr, 0, sizeof(txcq_descr));
txcq_descr.txdIdx = tx_ridx;
txcq_descr.gen = vmxnet3_ring_curr_gen(&s->txq_descr[qidx].comp_ring);
--
2.1.4

104
debian/patches/extra/0003-cirrus-fix-blit-address-mask-handling.patch vendored
View File

@ -1,104 +0,0 @@
From a173829e6ebd8b2d7f29028f106173ba067c8b8c Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 25 Jan 2017 11:09:56 +0100
Subject: [PATCH 3/4] cirrus: fix blit address mask handling
Apply the cirrus_addr_mask to cirrus_blt_dstaddr and cirrus_blt_srcaddr
right after assigning them, in cirrus_bitblt_start(), instead of having
this all over the place in the cirrus code, and missing a few places.
Reported-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1485338996-17095-1-git-send-email-kraxel@redhat.com
---
hw/display/cirrus_vga.c | 25 ++++++++++++-------------
1 file changed, 12 insertions(+), 13 deletions(-)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 98f089e..7db6409 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -309,7 +309,7 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only,
}
if (blit_region_is_unsafe(s, s->cirrus_blt_dstpitch,
- s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) {
+ s->cirrus_blt_dstaddr)) {
return true;
}
if (dst_only) {
@@ -322,7 +322,7 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only,
}
if (blit_region_is_unsafe(s, check_pitch,
- s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
+ s->cirrus_blt_srcaddr)) {
return true;
}
@@ -689,7 +689,7 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
{
uint8_t *dst;
- dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
+ dst = s->vga.vram_ptr + s->cirrus_blt_dstaddr;
if (blit_is_unsafe(s, false, true)) {
return 0;
@@ -714,7 +714,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
return 0;
}
rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
- rop_func(s, s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
+ rop_func(s, s->vga.vram_ptr + s->cirrus_blt_dstaddr,
s->cirrus_blt_dstpitch,
s->cirrus_blt_width, s->cirrus_blt_height);
cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
@@ -732,9 +732,8 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s)
{
- return cirrus_bitblt_common_patterncopy(s,
- s->vga.vram_ptr + ((s->cirrus_blt_srcaddr & ~7) &
- s->cirrus_addr_mask));
+ return cirrus_bitblt_common_patterncopy(s, s->vga.vram_ptr +
+ (s->cirrus_blt_srcaddr & ~7));
}
static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
@@ -788,10 +787,8 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
if (notify)
graphic_hw_update(s->vga.con);
- (*s->cirrus_rop) (s, s->vga.vram_ptr +
- (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
- s->vga.vram_ptr +
- (s->cirrus_blt_srcaddr & s->cirrus_addr_mask),
+ (*s->cirrus_rop) (s, s->vga.vram_ptr + s->cirrus_blt_dstaddr,
+ s->vga.vram_ptr + s->cirrus_blt_srcaddr,
s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch,
s->cirrus_blt_width, s->cirrus_blt_height);
@@ -842,8 +839,7 @@ static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s)
} else {
/* at least one scan line */
do {
- (*s->cirrus_rop)(s, s->vga.vram_ptr +
- (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
+ (*s->cirrus_rop)(s, s->vga.vram_ptr + s->cirrus_blt_dstaddr,
s->cirrus_bltbuf, 0, 0, s->cirrus_blt_width, 1);
cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, 0,
s->cirrus_blt_width, 1);
@@ -962,6 +958,9 @@ static void cirrus_bitblt_start(CirrusVGAState * s)
s->cirrus_blt_modeext = s->vga.gr[0x33];
blt_rop = s->vga.gr[0x32];
+ s->cirrus_blt_dstaddr &= s->cirrus_addr_mask;
+ s->cirrus_blt_srcaddr &= s->cirrus_addr_mask;
+
#ifdef DEBUG_BITBLT
printf("rop=0x%02x mode=0x%02x modeext=0x%02x w=%d h=%d dpitch=%d spitch=%d daddr=0x%08x saddr=0x%08x writemask=0x%02x\n",
blt_rop,
--
2.1.4

37
debian/patches/extra/0003-net-limit-allocation-in-nc_sendv_compat.patch vendored
View File

@ -1,37 +0,0 @@
From 2705772316ff905f3ed08871c602fca1c636f332 Mon Sep 17 00:00:00 2001
From: Peter Lieven <pl@kamp.de>
Date: Thu, 30 Jun 2016 11:49:40 +0200
Subject: [PATCH 3/3] net: limit allocation in nc_sendv_compat
we only need to allocate enough memory to hold the packet. This might be
less than NET_BUFSIZE. Additionally fail early if the packet is larger
than NET_BUFSIZE.
Signed-off-by: Peter Lieven <pl@kamp.de>
---
net/net.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/net.c b/net/net.c
index c94d93d..2ac46a6 100644
--- a/net/net.c
+++ b/net/net.c
@@ -690,9 +690,13 @@ static ssize_t nc_sendv_compat(NetClientState *nc, const struct iovec *iov,
buffer = iov[0].iov_base;
offset = iov[0].iov_len;
} else {
- buf = g_new(uint8_t, NET_BUFSIZE);
+ offset = iov_size(iov, iovcnt);
+ if (offset > NET_BUFSIZE) {
+ return -1;
+ }
+ buf = g_malloc(offset);
buffer = buf;
- offset = iov_to_buf(iov, iovcnt, 0, buf, NET_BUFSIZE);
+ offset = iov_to_buf(iov, iovcnt, 0, buf, offset);
}
if (flags & QEMU_NET_PACKET_FLAG_RAW && nc->info->receive_raw) {
--
2.1.4

61
debian/patches/extra/0003-sd-sdhci-check-transfer-mode-register-in-multi-block.patch vendored
View File

@ -1,61 +0,0 @@
From da4c6050712be98934918e348aa34a74be0e4e57 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Tue, 31 Jan 2017 17:54:15 +0530
Subject: [PATCH 3/8] sd: sdhci: check transfer mode register in multi block
transfer
In SDHCI device emulation the transfer mode register value
is used during multi block transfer to check if block count
register is enabled and should be updated. Transfer mode
register could be set such that, block count register would
not be updated, thus leading to an infinite loop. Add check
to avoid it.
Reported-by: Wjjzhang <wjjzhang@tencent.com>
Reported-by: Jiang Xin <jiangxin1@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/sd/sdhci.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 01fbf22..35f953a 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -486,6 +486,12 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk);
+ if (!(s->trnmod & SDHC_TRNS_MULTI)
+ || !(s->trnmod & SDHC_TRNS_BLK_CNT_EN)
+ || !s->blkcnt) {
+ return;
+ }
+
/* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
* possible stop at page boundary if initial address is not page aligned,
* allow them to work properly */
@@ -797,11 +803,6 @@ static void sdhci_data_transfer(void *opaque)
if (s->trnmod & SDHC_TRNS_DMA) {
switch (SDHC_DMA_TYPE(s->hostctl)) {
case SDHC_CTRL_SDMA:
- if ((s->trnmod & SDHC_TRNS_MULTI) &&
- (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) {
- break;
- }
-
if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
sdhci_sdma_transfer_single_block(s);
} else {
@@ -1050,7 +1051,7 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, unsigned size)
if (!(s->capareg & SDHC_CAN_DO_DMA)) {
value &= ~SDHC_TRNS_DMA;
}
- MASKED_WRITE(s->trnmod, mask, value);
+ MASKED_WRITE(s->trnmod, mask, value & 0x0037);
MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16);
/* Writing to the upper byte of CMDREG triggers SD command generation */
--
2.1.4

50
debian/patches/extra/0004-cirrus-fix-oob-access-issue-CVE-2017-2615.patch vendored
View File

@ -1,50 +0,0 @@
From e3ff618899e53791fdff5dbd3f8fa889a2ed7b1d Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Wed, 1 Feb 2017 09:35:01 +0100
Subject: [PATCH 4/4] cirrus: fix oob access issue (CVE-2017-2615)
When doing bitblt copy in backward mode, we should minus the
blt width first just like the adding in the forward mode. This
can avoid the oob access of the front of vga's vram.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
Message-id: 5887254f.863a240a.2c122.5500@mx.google.com
{ kraxel: with backward blits (negative pitch) addr is the topmost
address, so check it as-is against vram size ]
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/cirrus_vga.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 7db6409..16f27e8 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -274,10 +274,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
{
if (pitch < 0) {
int64_t min = addr
- + ((int64_t)s->cirrus_blt_height-1) * pitch;
- int32_t max = addr
- + s->cirrus_blt_width;
- if (min < 0 || max > s->vga.vram_size) {
+ + ((int64_t)s->cirrus_blt_height - 1) * pitch
+ - s->cirrus_blt_width;
+ if (min < -1 || addr >= s->vga.vram_size) {
return true;
}
} else {
--
2.1.4

42
debian/patches/extra/0004-sd-sdhci-block-count-enable-not-relevant-in-single-b.patch vendored
View File

@ -1,42 +0,0 @@
From b9bc05a3a687f9993c5c2a8890b53ab9e8dbc96c Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Tue, 31 Jan 2017 17:54:16 +0530
Subject: [PATCH 4/8] sd: sdhci: block count enable not relevant in single
block transfer
In SDHCI device emulation the 'Block count enable' bit
of the Transfer Mode register is only relevant in multi block
transfers. We need not check it in single block transfers.
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/sd/sdhci.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 35f953a..85cac42 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -570,7 +570,6 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
}
/* single block SDMA transfer */
-
static void sdhci_sdma_transfer_single_block(SDHCIState *s)
{
int n;
@@ -589,10 +588,7 @@ static void sdhci_sdma_transfer_single_block(SDHCIState *s)
sdbus_write_data(&s->sdbus, s->fifo_buffer[n]);
}
}
-
- if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
- s->blkcnt--;
- }
+ s->blkcnt--;
sdhci_end_transfer(s);
}
--
2.1.4

44
debian/patches/extra/CVE-2016-10028-display-virtio-gpu-3d-check-virgl-capabilities-max_s.patch vendored
View File

@ -1,44 +0,0 @@
From b891912de9c0ef615955fccc043915eb36ce3c02 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed, 14 Dec 2016 12:31:56 +0530
Subject: [PATCH 2/8] display: virtio-gpu-3d: check virgl capabilities max_size
Virtio GPU device while processing 'VIRTIO_GPU_CMD_GET_CAPSET'
command, retrieves the maximum capabilities size to fill in the
response object. It continues to fill in capabilities even if
retrieved 'max_size' is zero(0), thus resulting in OOB access.
Add check to avoid it.
Reported-by: Zhenhao Hong <zhenhaohong@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20161214070156.23368-1-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
Notes:
CVE-2016-10028
hw/display/virtio-gpu-3d.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
index d98b140..cdd03a4 100644
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -371,8 +371,12 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
&max_size);
- resp = g_malloc0(sizeof(*resp) + max_size);
+ if (!max_size) {
+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
+ return;
+ }
+ resp = g_malloc0(sizeof(*resp) + max_size);
resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
virgl_renderer_fill_caps(gc.capset_id,
gc.capset_version,
--
2.1.4

50
debian/patches/extra/CVE-2016-10155-watchdog-6300esb-add-exit-function.patch vendored
View File

@ -1,50 +0,0 @@
From a8341ea109259c17ad18b02597e5e03e99db60ae Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Mon, 28 Nov 2016 17:49:04 -0800
Subject: [PATCH 1/8] watchdog: 6300esb: add exit function
When the Intel 6300ESB watchdog is hot unplug. The timer allocated
in realize isn't freed thus leaking memory leak. This patch avoid
this through adding the exit function.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
Notes:
CVE-2016-10155
hw/watchdog/wdt_i6300esb.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
index a83d951..49b3cd1 100644
--- a/hw/watchdog/wdt_i6300esb.c
+++ b/hw/watchdog/wdt_i6300esb.c
@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
/* qemu_register_coalesced_mmio (addr, 0x10); ? */
}
+static void i6300esb_exit(PCIDevice *dev)
+{
+ I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
+
+ timer_del(d->timer);
+ timer_free(d->timer);
+}
+
static WatchdogTimerModel model = {
.wdt_name = "i6300esb",
.wdt_description = "Intel 6300ESB",
@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
k->config_read = i6300esb_config_read;
k->config_write = i6300esb_config_write;
k->realize = i6300esb_realize;
+ k->exit = i6300esb_exit;
k->vendor_id = PCI_VENDOR_ID_INTEL;
k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
k->class_id = PCI_CLASS_SYSTEM_OTHER;
--
2.1.4

63
debian/patches/extra/CVE-2016-7156-scsi-pvscsi-avoid-infinite-loop-while-building-SG-li.patch vendored
View File

@ -1,63 +0,0 @@
From a8ceb006190b9072b0b9866ec5a07bd6de4eca6d Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Tue, 6 Sep 2016 23:23:17 +0530
Subject: [PATCH 5/6] scsi: pvscsi: avoid infinite loop while building SG list
In PVSCSI paravirtual SCSI bus, pvscsi_convert_sglist can take a very
long time or go into an infinite loop due to two different bugs:
1) the request descriptor data length is defined to be 64 bit. While
building SG list from a request descriptor, it gets truncated to 32bit
in routine 'pvscsi_convert_sglist'. This could lead to an infinite loop
situation for large 'dataLen' values, when data_length is cast to uint32_t
and chunk_size becomes always zero. Fix this by removing the incorrect
cast.
2) pvscsi_get_next_sg_elem can be called arbitrarily many times if the
element has a zero length. Get out of the loop early when this happens,
by introducing an upper limit on the number of SG list elements.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/scsi/vmw_pvscsi.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
index 22f872c..e43e0a4 100644
--- a/hw/scsi/vmw_pvscsi.c
+++ b/hw/scsi/vmw_pvscsi.c
@@ -40,6 +40,8 @@
#define PVSCSI_MAX_DEVS (64)
#define PVSCSI_MSIX_NUM_VECTORS (1)
+#define PVSCSI_MAX_SG_ELEM 2048
+
#define PVSCSI_MAX_CMD_DATA_WORDS \
(sizeof(PVSCSICmdDescSetupRings)/sizeof(uint32_t))
@@ -629,17 +631,16 @@ pvscsi_queue_pending_descriptor(PVSCSIState *s, SCSIDevice **d,
static void
pvscsi_convert_sglist(PVSCSIRequest *r)
{
- int chunk_size;
+ uint32_t chunk_size, elmcnt = 0;
uint64_t data_length = r->req.dataLen;
PVSCSISGState sg = r->sg;
- while (data_length) {
- while (!sg.resid) {
+ while (data_length && elmcnt < PVSCSI_MAX_SG_ELEM) {
+ while (!sg.resid && elmcnt++ < PVSCSI_MAX_SG_ELEM) {
pvscsi_get_next_sg_elem(&sg);
trace_pvscsi_convert_sglist(r->req.context, r->sg.dataAddr,
r->sg.resid);
}
- assert(data_length > 0);
- chunk_size = MIN((unsigned) data_length, sg.resid);
+ chunk_size = MIN(data_length, sg.resid);
if (chunk_size) {
qemu_sglist_add(&r->sgl, sg.dataAddr, chunk_size);
}
--
2.1.4

35
debian/patches/extra/CVE-2016-7161-hw-net-Fix-a-heap-overflow-in-xlnx.xps-ethernetlite.patch vendored
View File

@ -1,35 +0,0 @@
From b5cfb53ba6a976d0d478eb438a5ada3b719e8d59 Mon Sep 17 00:00:00 2001
From: chaojianhu <chaojianhu@hotmail.com>
Date: Tue, 9 Aug 2016 11:52:54 +0800
Subject: [PATCH 2/5] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite
The .receive callback of xlnx.xps-ethernetlite doesn't check the length
of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowed. All versions of qemu with xlnx.xps-ethernetlite
will be affected.
Reported-by: chaojianhu <chaojianhu@hotmail.com>
Signed-off-by: chaojianhu <chaojianhu@hotmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/xilinx_ethlite.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/net/xilinx_ethlite.c b/hw/net/xilinx_ethlite.c
index bc846e7..12b7419 100644
--- a/hw/net/xilinx_ethlite.c
+++ b/hw/net/xilinx_ethlite.c
@@ -197,6 +197,10 @@ static ssize_t eth_rx(NetClientState *nc, const uint8_t *buf, size_t size)
}
D(qemu_log("%s %zd rxbase=%x\n", __func__, size, rxbase));
+ if (size > (R_MAX - R_RX_BUF0 - rxbase) * 4) {
+ D(qemu_log("ethlite packet is too big, size=%x\n", size));
+ return -1;
+ }
memcpy(&s->regs[rxbase + R_RX_BUF0], buf, size);
s->regs[rxbase + R_RX_CTRL0] |= CTRL_S;
--
2.1.4

45
debian/patches/extra/CVE-2016-7170-vmsvga-correct-bitmap-and-pixmap-size-checks.patch vendored
View File

@ -1,45 +0,0 @@
From 167d97a3def77ee2dbf6e908b0ecbfe2103977db Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 8 Sep 2016 18:15:54 +0530
Subject: [PATCH] vmsvga: correct bitmap and pixmap size checks
When processing svga command DEFINE_CURSOR in vmsvga_fifo_run,
the computed BITMAP and PIXMAP size are checked against the
'cursor.mask[]' and 'cursor.image[]' array sizes in bytes.
Correct these checks to avoid OOB memory access.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1473338754-15430-1-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/vmware_vga.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
index e51a05e..6599cf0 100644
--- a/hw/display/vmware_vga.c
+++ b/hw/display/vmware_vga.c
@@ -676,11 +676,13 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
cursor.bpp = vmsvga_fifo_read(s);
args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
- if (cursor.width > 256 ||
- cursor.height > 256 ||
- cursor.bpp > 32 ||
- SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
- SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
+ if (cursor.width > 256
+ || cursor.height > 256
+ || cursor.bpp > 32
+ || SVGA_BITMAP_SIZE(x, y)
+ > sizeof(cursor.mask) / sizeof(cursor.mask[0])
+ || SVGA_PIXMAP_SIZE(x, y, cursor.bpp)
+ > sizeof(cursor.image) / sizeof(cursor.image[0])) {
goto badcmd;
}
--
2.1.4

38
debian/patches/extra/CVE-2016-7422-virtio-add-check-for-descriptor-s-mapped-address.patch vendored
View File

@ -1,38 +0,0 @@
From 1723b5e7962eb077353bab0772ca8114774b6c60 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Mon, 19 Sep 2016 23:55:45 +0530
Subject: [PATCH 4/7] virtio: add check for descriptor's mapped address
virtio back end uses set of buffers to facilitate I/O operations.
If its size is too large, 'cpu_physical_memory_map' could return
a null address. This would result in a null dereference while
un-mapping descriptors. Add check to avoid it.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
hw/virtio/virtio.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 74c085c..eabe573 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -473,6 +473,11 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, hwaddr *addr, struct iove
}
iov[num_sg].iov_base = cpu_physical_memory_map(pa, &len, is_write);
+ if (!iov[num_sg].iov_base) {
+ error_report("virtio: bogus descriptor or out of resources");
+ exit(1);
+ }
+
iov[num_sg].iov_len = len;
addr[num_sg] = pa;
--
2.1.4

32
debian/patches/extra/CVE-2016-7466-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch vendored
View File

@ -1,32 +0,0 @@
From b53dd4495ced2432a0b652ea895e651d07336f7e Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Tue, 13 Sep 2016 03:20:03 -0700
Subject: [PATCH] usb:xhci:fix memory leak in usb_xhci_exit
If the xhci uses msix, it doesn't free the corresponding
memory, thus leading a memory leak. This patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 57d7d2e0.d4301c0a.d13e9.9a55@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-xhci.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 37c1493..726435c 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -3715,8 +3715,7 @@ static void usb_xhci_exit(PCIDevice *dev)
/* destroy msix memory region */
if (dev->msix_table && dev->msix_pba
&& dev->msix_entry_used) {
- memory_region_del_subregion(&xhci->mem, &dev->msix_table_mmio);
- memory_region_del_subregion(&xhci->mem, &dev->msix_pba_mmio);
+ msix_uninit(dev, &xhci->mem, &xhci->mem);
}
usb_bus_release(&xhci->bus);
--
2.1.4

48
debian/patches/extra/CVE-2016-7907-net-imx-limit-buffer-descriptor-count.patch vendored
View File

@ -1,48 +0,0 @@
From 3798522afcf58abbce6de67446fcae7a34ae919d Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 22 Sep 2016 16:01:38 +0530
Subject: [PATCH 5/7] net: imx: limit buffer descriptor count
i.MX Fast Ethernet Controller uses buffer descriptors to manage
data flow to/fro receive & transmit queues. While transmitting
packets, it could continue to read buffer descriptors if a buffer
descriptor has length of zero and has crafted values in bd.flags.
Set an upper limit to number of buffer descriptors.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/net/imx_fec.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 1c415ab..1d74827 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -220,6 +220,8 @@ static const VMStateDescription vmstate_imx_eth = {
#define PHY_INT_PARFAULT (1 << 2)
#define PHY_INT_AUTONEG_PAGE (1 << 1)
+#define IMX_MAX_DESC 1024
+
static void imx_eth_update(IMXFECState *s);
/*
@@ -402,12 +404,12 @@ static void imx_eth_update(IMXFECState *s)
static void imx_fec_do_tx(IMXFECState *s)
{
- int frame_size = 0;
+ int frame_size = 0, descnt = 0;
uint8_t frame[ENET_MAX_FRAME_SIZE];
uint8_t *ptr = frame;
uint32_t addr = s->tx_descriptor;
- while (1) {
+ while (descnt++ < IMX_MAX_DESC) {
IMXFECBufDesc bd;
int len;
--
2.1.4

52
debian/patches/extra/CVE-2016-7908-net-mcf-limit-buffer-descriptor-count.patch vendored
View File

@ -1,52 +0,0 @@
From 94087c0cbe014b4a60d96930d7cb43d54a05c701 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 22 Sep 2016 16:02:37 +0530
Subject: [PATCH 6/7] net: mcf: limit buffer descriptor count
ColdFire Fast Ethernet Controller uses buffer descriptors to manage
data flow to/fro receive & transmit queues. While transmitting
packets, it could continue to read buffer descriptors if a buffer
descriptor has length of zero and has crafted values in bd.flags.
Set upper limit to number of buffer descriptors.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/mcf_fec.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
index 0ee8ad9..d31fea1 100644
--- a/hw/net/mcf_fec.c
+++ b/hw/net/mcf_fec.c
@@ -23,6 +23,7 @@ do { printf("mcf_fec: " fmt , ## __VA_ARGS__); } while (0)
#define DPRINTF(fmt, ...) do {} while(0)
#endif
+#define FEC_MAX_DESC 1024
#define FEC_MAX_FRAME_SIZE 2032
typedef struct {
@@ -149,7 +150,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
uint32_t addr;
mcf_fec_bd bd;
int frame_size;
- int len;
+ int len, descnt = 0;
uint8_t frame[FEC_MAX_FRAME_SIZE];
uint8_t *ptr;
@@ -157,7 +158,7 @@ static void mcf_fec_do_tx(mcf_fec_state *s)
ptr = frame;
frame_size = 0;
addr = s->tx_descriptor;
- while (1) {
+ while (descnt++ < FEC_MAX_DESC) {
mcf_fec_read_bd(&bd, addr);
DPRINTF("tx_bd %x flags %04x len %d data %08x\n",
addr, bd.flags, bd.length, bd.data);
--
2.1.4

36
debian/patches/extra/CVE-2016-7909-net-pcnet-check-rx-tx-descriptor-ring-length.patch vendored
View File

@ -1,36 +0,0 @@
From ed825b783750cbe88aa67bbe83cf662082828efa Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Fri, 30 Sep 2016 00:27:33 +0530
Subject: [PATCH 7/7] net: pcnet: check rx/tx descriptor ring length
The AMD PC-Net II emulator has set of control and status(CSR)
registers. Of these, CSR76 and CSR78 hold receive and transmit
descriptor ring length respectively. This ring length could range
from 1 to 65535. Setting ring length to zero leads to an infinite
loop in pcnet_rdra_addr. Add check to avoid it.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/net/pcnet.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
index 198a01f..3078de8 100644
--- a/hw/net/pcnet.c
+++ b/hw/net/pcnet.c
@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
case 47: /* POLLINT */
case 72:
case 74:
+ break;
case 76: /* RCVRL */
case 78: /* XMTRL */
+ val = (val > 0) ? val : 512;
+ break;
case 112:
if (CSR_STOP(s) || CSR_SPND(s))
break;
--
2.1.4

30
debian/patches/extra/CVE-2016-7994-virtio-gpu-fix-memory-leak-in-virtio_gpu_resource_cr.patch vendored
View File

@ -1,30 +0,0 @@
From 594fa98211f92ab07ee6d6b6a9eda93a416a1f57 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Sun, 18 Sep 2016 19:07:11 -0700
Subject: [PATCH 1/2] virtio-gpu: fix memory leak in
virtio_gpu_resource_create_2d
In virtio gpu resource create dispatch, if the pixman format is zero
it doesn't free the resource object allocated previously. Thus leading
a host memory leak issue. This patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
---
hw/display/virtio-gpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index 7fe6ed8..5b6d17b 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -333,6 +333,7 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g,
qemu_log_mask(LOG_GUEST_ERROR,
"%s: host couldn't handle guest format %d\n",
__func__, c2d.format);
+ g_free(res);
cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
return;
}
--
2.1.4

32
debian/patches/extra/CVE-2016-7995-usb-ehci-fix-memory-leak-in-ehci_process_itd.patch vendored
View File

@ -1,32 +0,0 @@
From 91a16e6e51a4e046d59379fc83b9dfc1e860e9c7 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Sat, 8 Oct 2016 11:58:03 +0300
Subject: [PATCH 2/2] usb: ehci: fix memory leak in ehci_process_itd
While processing isochronous transfer descriptors(iTD), if the page
select(PG) field value is out of bands it will return. In this
situation the ehci's sg list is not freed thus leading to a memory
leak issue. This patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
---
hw/usb/hcd-ehci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index b093db7..f4ece9a 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci,
if (off + len > 4096) {
/* transfer crosses page border */
if (pg == 6) {
+ qemu_sglist_destroy(&ehci->isgl);
return -1; /* avoid page pg + 1 */
}
ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
--
2.1.4

69
debian/patches/extra/CVE-2016-8576-xhci-limit-the-number-of-link-trbs-we-are-willing-to.patch vendored
View File

@ -1,69 +0,0 @@
From b5ef1754de94247de307044b19e6bc3fa0ad5ba8 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 10 Oct 2016 12:46:22 +0200
Subject: [PATCH 2/4] xhci: limit the number of link trbs we are willing to
process
Needed to avoid we run in circles forever in case the guest builds
an endless loop with link trbs.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Tested-by: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1476096382-7981-1-git-send-email-kraxel@redhat.com
---
hw/usb/hcd-xhci.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 281a2a5..8a9a31a 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -54,6 +54,8 @@
* to the specs when it gets them */
#define ER_FULL_HACK
+#define TRB_LINK_LIMIT 4
+
#define LEN_CAP 0x40
#define LEN_OPER (0x400 + 0x10 * MAXPORTS)
#define LEN_RUNTIME ((MAXINTRS + 1) * 0x20)
@@ -1000,6 +1002,7 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
dma_addr_t *addr)
{
PCIDevice *pci_dev = PCI_DEVICE(xhci);
+ uint32_t link_cnt = 0;
while (1) {
TRBType type;
@@ -1026,6 +1029,9 @@ static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
ring->dequeue += TRB_SIZE;
return type;
} else {
+ if (++link_cnt > TRB_LINK_LIMIT) {
+ return 0;
+ }
ring->dequeue = xhci_mask64(trb->parameter);
if (trb->control & TRB_LK_TC) {
ring->ccs = !ring->ccs;
@@ -1043,6 +1049,7 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
bool ccs = ring->ccs;
/* hack to bundle together the two/three TDs that make a setup transfer */
bool control_td_set = 0;
+ uint32_t link_cnt = 0;
while (1) {
TRBType type;
@@ -1058,6 +1065,9 @@ static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
type = TRB_TYPE(trb);
if (type == TR_LINK) {
+ if (++link_cnt > TRB_LINK_LIMIT) {
+ return -length;
+ }
dequeue = xhci_mask64(trb.parameter);
if (trb.control & TRB_LK_TC) {
ccs = !ccs;
--
2.1.4

39
debian/patches/extra/CVE-2016-8577-9pfs-fix-potential-host-memory-leak-in-v9fs_read.patch vendored
View File

@ -1,39 +0,0 @@
From 8794fc68736fda80d7191f100c03c960a5ef1224 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Tue, 11 Oct 2016 09:27:45 +0200
Subject: [PATCH 3/4] 9pfs: fix potential host memory leak in v9fs_read
In 9pfs read dispatch function, it doesn't free two QEMUIOVector
object thus causing potential memory leak. This patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Greg Kurz <groug@kaod.org>
---
hw/9pfs/9p.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index dfe293d..54e18a2 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1812,14 +1812,15 @@ static void v9fs_read(void *opaque)
if (len < 0) {
/* IO error return the error */
err = len;
- goto out;
+ goto out_free_iovec;
}
} while (count < max_count && len > 0);
err = pdu_marshal(pdu, offset, "d", count);
if (err < 0) {
- goto out;
+ goto out_free_iovec;
}
err += offset + count;
+out_free_iovec:
qemu_iovec_destroy(&qiov);
qemu_iovec_destroy(&qiov_full);
} else if (fidp->fid_type == P9_FID_XATTR) {
--
2.1.4

58
debian/patches/extra/CVE-2016-8578-9pfs-allocate-space-for-guest-originated-empty-strin.patch vendored
View File

@ -1,58 +0,0 @@
From 630abd0c70f272b36361348e9ee7d6a71577b72f Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Tue, 11 Oct 2016 09:27:45 +0200
Subject: [PATCH 4/4] 9pfs: allocate space for guest originated empty strings
If a guest sends an empty string paramater to any 9P operation, the current
code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }.
This is unfortunate because it can cause NULL pointer dereference to happen
at various locations in the 9pfs code. And we don't want to check str->data
everywhere we pass it to strcmp() or any other function which expects a
dereferenceable pointer.
This patch enforces the allocation of genuine C empty strings instead, so
callers don't have to bother.
Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if
the returned string is empty. It now uses v9fs_string_size() since
name.data cannot be NULL anymore.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
[groug, rewritten title and changelog,
fix empty string check in v9fs_xattrwalk()]
Signed-off-by: Greg Kurz <groug@kaod.org>
---
fsdev/9p-iov-marshal.c | 2 +-
hw/9pfs/9p.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
index 663cad5..1d16f8d 100644
--- a/fsdev/9p-iov-marshal.c
+++ b/fsdev/9p-iov-marshal.c
@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset,
str->data = g_malloc(str->size + 1);
copied = v9fs_unpack(str->data, out_sg, out_num, offset,
str->size);
- if (copied > 0) {
+ if (copied >= 0) {
str->data[str->size] = 0;
} else {
v9fs_string_free(str);
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 54e18a2..75ba5f1 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3161,7 +3161,7 @@ static void v9fs_xattrwalk(void *opaque)
goto out;
}
v9fs_path_copy(&xattr_fidp->path, &file_fidp->path);
- if (name.data == NULL) {
+ if (!v9fs_string_size(&name)) {
/*
* listxattr request. Get the size first
*/
--
2.1.4

34
debian/patches/extra/CVE-2016-8668-net-rocker-set-limit-to-DMA-buffer-size.patch vendored
View File

@ -1,34 +0,0 @@
From 0d3ac427e34f12b1a33646d47ef3dc390a9b569d Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed, 12 Oct 2016 14:40:55 +0530
Subject: [PATCH 1/2] net: rocker: set limit to DMA buffer size
Rocker network switch emulator has test registers to help debug
DMA operations. While testing host DMA access, a buffer address
is written to register 'TEST_DMA_ADDR' and its size is written to
register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT
test, if DMA buffer size was greater than 'INT_MAX', it leads to
an invalid buffer access. Limit the DMA buffer size to avoid it.
Reported-by: Huawei PSIRT <psirt@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/net/rocker/rocker.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
index 30f2ce4..e9d215a 100644
--- a/hw/net/rocker/rocker.c
+++ b/hw/net/rocker/rocker.c
@@ -860,7 +860,7 @@ static void rocker_io_writel(void *opaque, hwaddr addr, uint32_t val)
rocker_msix_irq(r, val);
break;
case ROCKER_TEST_DMA_SIZE:
- r->test_dma_size = val;
+ r->test_dma_size = val & 0xFFFF;
break;
case ROCKER_TEST_DMA_ADDR + 4:
r->test_dma_addr = ((uint64_t)val) << 32 | r->lower32;
--
2.1.4

35
debian/patches/extra/CVE-2016-8669-char-serial-check-divider-value-against-baud-base.patch vendored
View File

@ -1,35 +0,0 @@
From 7e0ebfd13e55a706396197437f375692bbf75d15 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed, 12 Oct 2016 11:28:08 +0530
Subject: [PATCH 2/2] char: serial: check divider value against baud base
16550A UART device uses an oscillator to generate frequencies
(baud base), which decide communication speed. This speed could
be changed by dividing it by a divider. If the divider is
greater than the baud base, speed is set to zero, leading to a
divide by zero error. Add check to avoid it.
Reported-by: Huawei PSIRT <psirt@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/char/serial.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/char/serial.c b/hw/char/serial.c
index 3442f47..eec72b7 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s)
int speed, parity, data_bits, stop_bits, frame_size;
QEMUSerialSetParams ssp;
- if (s->divider == 0)
+ if (s->divider == 0 || s->divider > s->baudbase) {
return;
+ }
/* Start bit. */
frame_size = 1;
--
2.1.4

39
debian/patches/extra/CVE-2016-8909-audio-intel-hda-check-stream-entry-count-during-tran.patch vendored
View File

@ -1,39 +0,0 @@
From ad0e6e88e0432aa1e6c75f52a6b3b4bf463e2563 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 20 Oct 2016 13:10:24 +0530
Subject: [PATCH 1/8] audio: intel-hda: check stream entry count during
transfer
Intel HDA emulator uses stream of buffers during DMA data
transfers. Each entry has buffer length and buffer pointer
position, which are used to derive bytes to 'copy'. If this
length and buffer pointer were to be same, 'copy' could be
set to zero(0), leading to an infinite loop. Add check to
avoid it.
Reported-by: Huawei PSIRT <psirt@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1476949224-6865-1-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/audio/intel-hda.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
index cd95340..537face 100644
--- a/hw/audio/intel-hda.c
+++ b/hw/audio/intel-hda.c
@@ -416,7 +416,8 @@ static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
}
left = len;
- while (left > 0) {
+ s = st->bentries;
+ while (left > 0 && s-- > 0) {
copy = left;
if (copy > st->bsize - st->lpib)
copy = st->bsize - st->lpib;
--
2.1.4

30
debian/patches/extra/CVE-2016-9101-net-eepro100-fix-memory-leak-in-device-uninit.patch vendored
View File

@ -1,30 +0,0 @@
From 1fab838b55ee7cc199b105d80de4a80f336231b3 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Sat, 8 Oct 2016 05:07:25 -0700
Subject: [PATCH 3/8] net: eepro100: fix memory leak in device uninit
The exit dispatch of eepro100 network card device doesn't free
the 's->vmstate' field which was allocated in device realize thus
leading a host memory leak. This patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/eepro100.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
index bab4dbf..4bf71f2 100644
--- a/hw/net/eepro100.c
+++ b/hw/net/eepro100.c
@@ -1843,6 +1843,7 @@ static void pci_nic_uninit(PCIDevice *pci_dev)
EEPRO100State *s = DO_UPCAST(EEPRO100State, dev, pci_dev);
vmstate_unregister(&pci_dev->qdev, s->vmstate, s);
+ g_free(s->vmstate);
eeprom93xx_free(&pci_dev->qdev, s->eeprom);
qemu_del_nic(s->nic);
}
--
2.1.4

34
debian/patches/extra/CVE-2016-9102-9pfs-fix-memory-leak-in-v9fs_xattrcreate.patch vendored
View File

@ -1,34 +0,0 @@
From f132108afabf074403afadf822ad2d2275d115cd Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Mon, 17 Oct 2016 14:13:58 +0200
Subject: [PATCH 5/8] 9pfs: fix memory leak in v9fs_xattrcreate
The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
situation that this field has been allocated previously. Every time, it
will be allocated directly. This leads to a host memory leak issue if
the client sends another Txattrcreate message with the same fid number
before the fid from the previous time got clunked.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Greg Kurz <groug@kaod.org>
[groug, updated the changelog to indicate how the leak can occur]
Signed-off-by: Greg Kurz <groug@kaod.org>
---
hw/9pfs/9p.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 3becdd0..f5af4e3 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3269,6 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
xattr_fidp->fs.xattr.flags = flags;
v9fs_string_init(&xattr_fidp->fs.xattr.name);
v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
+ g_free(xattr_fidp->fs.xattr.value);
xattr_fidp->fs.xattr.value = g_malloc0(size);
err = offset;
put_fid(pdu, file_fidp);
--
2.1.4

32
debian/patches/extra/CVE-2016-9103-9pfs-fix-information-leak-in-xattr-read.patch vendored
View File

@ -1,32 +0,0 @@
From 644566ea6fe2896b6b171797cfe6e7219939d968 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Mon, 17 Oct 2016 14:13:58 +0200
Subject: [PATCH 4/8] 9pfs: fix information leak in xattr read
9pfs uses g_malloc() to allocate the xattr memory space, if the guest
reads this memory before writing to it, this will leak host heap memory
to the guest. This patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
---
hw/9pfs/9p.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 75ba5f1..3becdd0 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3269,7 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
xattr_fidp->fs.xattr.flags = flags;
v9fs_string_init(&xattr_fidp->fs.xattr.name);
v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
- xattr_fidp->fs.xattr.value = g_malloc(size);
+ xattr_fidp->fs.xattr.value = g_malloc0(size);
err = offset;
put_fid(pdu, file_fidp);
out_nofid:
--
2.1.4

92
debian/patches/extra/CVE-2016-9104-9pfs-fix-integer-overflow-issue-in-xattr-read-write.patch vendored
View File

@ -1,92 +0,0 @@
From 86a37b0a0ed8f32db819782ca4a367712ece1453 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Tue, 1 Nov 2016 12:00:40 +0100
Subject: [PATCH 8/8] 9pfs: fix integer overflow issue in xattr read/write
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The v9fs_xattr_read() and v9fs_xattr_write() are passed a guest
originated offset: they must ensure this offset does not go beyond
the size of the extended attribute that was set in v9fs_xattrcreate().
Unfortunately, the current code implement these checks with unsafe
calculations on 32 and 64 bit values, which may allow a malicious
guest to cause OOB access anyway.
Fix this by comparing the offset and the xattr size, which are
both uint64_t, before trying to compute the effective number of bytes
to read or write.
Suggested-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-By: Guido Günther <agx@sigxcpu.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
---
hw/9pfs/9p.c | 32 ++++++++++++--------------------
1 file changed, 12 insertions(+), 20 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index af07846..fc4f2cd 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1628,20 +1628,17 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
{
ssize_t err;
size_t offset = 7;
- int read_count;
- int64_t xattr_len;
+ uint64_t read_count;
V9fsVirtioState *v = container_of(s, V9fsVirtioState, state);
VirtQueueElement *elem = v->elems[pdu->idx];
- xattr_len = fidp->fs.xattr.len;
- read_count = xattr_len - off;
+ if (fidp->fs.xattr.len < off) {
+ read_count = 0;
+ } else {
+ read_count = fidp->fs.xattr.len - off;
+ }
if (read_count > max_count) {
read_count = max_count;
- } else if (read_count < 0) {
- /*
- * read beyond XATTR value
- */
- read_count = 0;
}
err = pdu_marshal(pdu, offset, "d", read_count);
if (err < 0) {
@@ -1969,23 +1966,18 @@ static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,
{
int i, to_copy;
ssize_t err = 0;
- int write_count;
- int64_t xattr_len;
+ uint64_t write_count;
size_t offset = 7;
- xattr_len = fidp->fs.xattr.len;
- write_count = xattr_len - off;
- if (write_count > count) {
- write_count = count;
- } else if (write_count < 0) {
- /*
- * write beyond XATTR value len specified in
- * xattrcreate
- */
+ if (fidp->fs.xattr.len < off) {
err = -ENOSPC;
goto out;
}
+ write_count = fidp->fs.xattr.len - off;
+ if (write_count > count) {
+ write_count = count;
+ }
err = pdu_marshal(pdu, offset, "d", write_count);
if (err < 0) {
return err;
--
2.1.4

32
debian/patches/extra/CVE-2016-9105-9pfs-fix-memory-leak-in-v9fs_link.patch vendored
View File

@ -1,32 +0,0 @@
From 94979ec1a852871eaee150cb56f0e8cac4316e35 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Mon, 17 Oct 2016 14:13:58 +0200
Subject: [PATCH 6/8] 9pfs: fix memory leak in v9fs_link
The v9fs_link() function keeps a reference on the source fid object. This
causes a memory leak since the reference never goes down to 0. This patch
fixes the issue.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Greg Kurz <groug@kaod.org>
[groug, rephrased the changelog]
Signed-off-by: Greg Kurz <groug@kaod.org>
---
hw/9pfs/9p.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index f5af4e3..aa2b8c0 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -2403,6 +2403,7 @@ static void v9fs_link(void *opaque)
if (!err) {
err = offset;
}
+ put_fid(pdu, oldfidp);
out:
put_fid(pdu, dfidp);
out_nofid:
--
2.1.4

33
debian/patches/extra/CVE-2016-9106-9pfs-fix-memory-leak-in-v9fs_write.patch vendored
View File

@ -1,33 +0,0 @@
From 2c5bcb2d5f32ffcf5064d3557e44836fa70700be Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Mon, 17 Oct 2016 14:13:58 +0200
Subject: [PATCH 7/8] 9pfs: fix memory leak in v9fs_write
If an error occurs when marshalling the transfer length to the guest, the
v9fs_write() function doesn't free an IO vector, thus leading to a memory
leak. This patch fixes the issue.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Greg Kurz <groug@kaod.org>
[groug, rephrased the changelog]
Signed-off-by: Greg Kurz <groug@kaod.org>
---
hw/9pfs/9p.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index aa2b8c0..af07846 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -2080,7 +2080,7 @@ static void v9fs_write(void *opaque)
offset = 7;
err = pdu_marshal(pdu, offset, "d", total);
if (err < 0) {
- goto out;
+ goto out_qiov;
}
err += offset;
trace_v9fs_write_return(pdu->tag, pdu->id, total, err);
--
2.1.4

34
debian/patches/extra/CVE-2016-9776-net-mcf-check-receive-buffer-size-register-value.patch vendored
View File

@ -1,34 +0,0 @@
From 2a4848046ad64db5cb1c1090565a28a5cb2c518e Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Tue, 29 Nov 2016 00:38:39 +0530
Subject: [PATCH 01/12] net: mcf: check receive buffer size register value
ColdFire Fast Ethernet Controller uses a receive buffer size
register(EMRBR) to hold maximum size of all receive buffers.
It is set by a user before any operation. If it was set to be
zero, ColdFire emulator would go into an infinite loop while
receiving data in mcf_fec_receive. Add check to avoid it.
Reported-by: Wjjzhang <wjjzhang@tencent.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/mcf_fec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
index d31fea1..3d4b3b3 100644
--- a/hw/net/mcf_fec.c
+++ b/hw/net/mcf_fec.c
@@ -393,7 +393,7 @@ static void mcf_fec_write(void *opaque, hwaddr addr,
s->tx_descriptor = s->etdsr;
break;
case 0x188:
- s->emrbr = value & 0x7f0;
+ s->emrbr = value > 0 ? value & 0x7F0 : 0x7F0;
break;
default:
hw_error("mcf_fec_write Bad address 0x%x\n", (int)addr);
--
2.1.4

37
debian/patches/extra/CVE-2016-9845-virtio-gpu-fix-information-leak-in-getting-capset-in.patch vendored
View File

@ -1,37 +0,0 @@
From 71ee39ea06cbcbd1971213aa1f3a9036c50b6a57 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Tue, 1 Nov 2016 02:53:11 -0700
Subject: [PATCH 02/12] virtio-gpu: fix information leak in getting capset info
dispatch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In virgl_cmd_get_capset_info dispatch function, the 'resp' hasn't
been full initialized before writing to the guest. This will leak
the 'resp.padding' and 'resp.hdr.padding' fieds to the guest. This
patch fix this issue.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 5818661e.0860240a.77264.7a56@mx.google.com
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/virtio-gpu-3d.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
index 758d33a..23f39de 100644
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -347,6 +347,7 @@ static void virgl_cmd_get_capset_info(VirtIOGPU *g,
VIRTIO_GPU_FILL_CMD(info);
+ memset(&resp, 0, sizeof(resp));
if (info.capset_index == 0) {
resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;
virgl_renderer_get_cap_set(resp.capset_id,
--
2.1.4

36
debian/patches/extra/CVE-2016-9846-virtio-gpu-fix-memory-leak-in-update_cursor_data_vir.patch vendored
View File

@ -1,36 +0,0 @@
From 74a46afa58632277063ca4990cf0c954f342dd7d Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Tue, 1 Nov 2016 04:06:58 -0700
Subject: [PATCH 03/12] virtio-gpu: fix memory leak in update_cursor_data_virgl
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In update_cursor_data_virgl function, if the 'width'/ 'height'
is not equal to current cursor's width/height it will return
without free the 'data' allocated previously. This will lead
a memory leak issue. This patch fix this issue.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 58187760.41d71c0a.cca75.4cb9@mx.google.com
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/virtio-gpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index 5b6d17b..41f8096 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -84,6 +84,7 @@ static void update_cursor_data_virgl(VirtIOGPU *g,
if (width != s->current_cursor->width ||
height != s->current_cursor->height) {
+ free(data);
return;
}
--
2.1.4

54
debian/patches/extra/CVE-2016-9907-usbredir-free-vm_change_state_handler-in-usbredir-de.patch vendored
View File

@ -1,54 +0,0 @@
From 5bbb994dd062eb3950d67db3c6189dab0df7ec9b Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Mon, 7 Nov 2016 21:57:46 -0800
Subject: [PATCH 04/12] usbredir: free vm_change_state_handler in usbredir
destroy dispatch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In usbredir destroy dispatch function, it doesn't free the vm change
state handler once registered in usbredir_realize function. This will
lead a memory leak issue. This patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 58216976.d0236b0a.77b99.bcd6@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/redirect.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 444672a..42aeaa4 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -132,6 +132,7 @@ struct USBRedirDevice {
struct usbredirfilter_rule *filter_rules;
int filter_rules_count;
int compatible_speedmask;
+ VMChangeStateEntry *vmstate;
};
#define TYPE_USB_REDIR "usb-redir"
@@ -1409,7 +1410,8 @@ static void usbredir_realize(USBDevice *udev, Error **errp)
qemu_chr_add_handlers(dev->cs, usbredir_chardev_can_read,
usbredir_chardev_read, usbredir_chardev_event, dev);
- qemu_add_vm_change_state_handler(usbredir_vm_state_change, dev);
+ dev->vmstate =
+ qemu_add_vm_change_state_handler(usbredir_vm_state_change, dev);
}
static void usbredir_cleanup_device_queues(USBRedirDevice *dev)
@@ -1446,6 +1448,7 @@ static void usbredir_handle_destroy(USBDevice *udev)
}
free(dev->filter_rules);
+ qemu_del_vm_change_state_handler(dev->vmstate);
}
static int usbredir_check_filter(USBRedirDevice *dev)
--
2.1.4

31
debian/patches/extra/CVE-2016-9908-virtio-gpu-fix-information-leak-in-capset-get-dispat.patch vendored
View File

@ -1,31 +0,0 @@
From bde803ceb42d6bddc06a1881c00acdf203214772 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Tue, 1 Nov 2016 05:37:57 -0700
Subject: [PATCH 10/12] virtio-gpu: fix information leak in capset get dispatch
In virgl_cmd_get_capset function, it uses g_malloc to allocate
a response struct to the guest. As the 'resp'struct hasn't been full
initialized it will lead the 'resp->padding' field to the guest.
Use g_malloc0 to avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
---
hw/display/virtio-gpu-3d.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
index 23f39de..d98b140 100644
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -371,7 +371,7 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
&max_size);
- resp = g_malloc(sizeof(*resp) + max_size);
+ resp = g_malloc0(sizeof(*resp) + max_size);
resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
virgl_renderer_fill_caps(gc.capset_id,
--
2.1.4

31
debian/patches/extra/CVE-2016-9911-usb-ehci-fix-memory-leak-in-ehci_init_transfer.patch vendored
View File

@ -1,31 +0,0 @@
From 824f78bb0135cff4cb29e26c3de1cb4c2da35b46 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Tue, 8 Nov 2016 04:11:10 -0800
Subject: [PATCH 05/12] usb: ehci: fix memory leak in ehci_init_transfer
In ehci_init_transfer function, if the 'cpage' is bigger than 4,
it doesn't free the 'p->sgl' once allocated previously thus leading
a memory leak issue. This patch avoid this.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-id: 5821c0f4.091c6b0a.e0c92.e811@mx.google.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-ehci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index f4ece9a..7622a3a 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1190,6 +1190,7 @@ static int ehci_init_transfer(EHCIPacket *p)
while (bytes > 0) {
if (cpage > 4) {
fprintf(stderr, "cpage out of range (%d)\n", cpage);
+ qemu_sglist_destroy(&p->sgl);
return -1;
}
--
2.1.4

39
debian/patches/extra/CVE-2016-9912-virtio-gpu-call-cleanup-mapping-function-in-resource.patch vendored
View File

@ -1,39 +0,0 @@
From efc44f269fe72bab2c496f21809f6bef20d9c398 Mon Sep 17 00:00:00 2001
From: Li Qiang <liq3ea@gmail.com>
Date: Mon, 28 Nov 2016 21:29:25 -0500
Subject: [PATCH 11/12] virtio-gpu: call cleanup mapping function in resource
destroy
If the guest destroy the resource before detach banking, the 'iov'
and 'addrs' field in resource is not freed thus leading memory
leak issue. This patch avoid this.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
---
hw/display/virtio-gpu.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index 41f8096..8903dee 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -28,6 +28,8 @@
static struct virtio_gpu_simple_resource*
virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
+static void virtio_gpu_cleanup_mapping(struct virtio_gpu_simple_resource *res);
+
#ifdef CONFIG_VIRGL
#include <virglrenderer.h>
#define VIRGL(_g, _virgl, _simple, ...) \
@@ -359,6 +361,7 @@ static void virtio_gpu_resource_destroy(VirtIOGPU *g,
struct virtio_gpu_simple_resource *res)
{
pixman_image_unref(res->image);
+ virtio_gpu_cleanup_mapping(res);
QTAILQ_REMOVE(&g->reslist, res, next);
g_free(res);
}
--
2.1.4

43
debian/patches/extra/CVE-2016-9913-9pfs-adjust-the-order-of-resource-cleanup-in-device-.patch vendored
View File

@ -1,43 +0,0 @@
From 9be364d4b3bc173103bec0dc76259f40d232eb88 Mon Sep 17 00:00:00 2001
From: Li Qiang <liq3ea@gmail.com>
Date: Wed, 23 Nov 2016 13:53:34 +0100
Subject: [PATCH 06/12] 9pfs: adjust the order of resource cleanup in device
unrealize
Unrealize should undo things that were set during realize in
reverse order. So should do in the error path in realize.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
---
hw/9pfs/9p.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index fc4f2cd..ced7b4c 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3490,8 +3490,8 @@ int v9fs_device_realize_common(V9fsState *s, Error **errp)
rc = 0;
out:
if (rc) {
- g_free(s->ctx.fs_root);
g_free(s->tag);
+ g_free(s->ctx.fs_root);
v9fs_path_free(&path);
}
return rc;
@@ -3499,8 +3499,8 @@ out:
void v9fs_device_unrealize_common(V9fsState *s, Error **errp)
{
- g_free(s->ctx.fs_root);
g_free(s->tag);
+ g_free(s->ctx.fs_root);
}
static void __attribute__((__constructor__)) v9fs_set_fd_limit(void)
--
2.1.4

56
debian/patches/extra/CVE-2016-9914-9pfs-add-cleanup-operation-in-FileOperations.patch vendored
View File

@ -1,56 +0,0 @@
From f2ef9ae2a512fca1df0d56c226adc24ddf002b8b Mon Sep 17 00:00:00 2001
From: Li Qiang <liq3ea@gmail.com>
Date: Wed, 23 Nov 2016 13:53:34 +0100
Subject: [PATCH 07/12] 9pfs: add cleanup operation in FileOperations
Currently, the backend of VirtFS doesn't have a cleanup
function. This will lead resource leak issues if the backed
driver allocates resources. This patch addresses this issue.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
---
fsdev/file-op-9p.h | 1 +
hw/9pfs/9p.c | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/fsdev/file-op-9p.h b/fsdev/file-op-9p.h
index 6db9fea..a56dc84 100644
--- a/fsdev/file-op-9p.h
+++ b/fsdev/file-op-9p.h
@@ -100,6 +100,7 @@ struct FileOperations
{
int (*parse_opts)(QemuOpts *, struct FsDriverEntry *);
int (*init)(struct FsContext *);
+ void (*cleanup)(struct FsContext *);
int (*lstat)(FsContext *, V9fsPath *, struct stat *);
ssize_t (*readlink)(FsContext *, V9fsPath *, char *, size_t);
int (*chmod)(FsContext *, V9fsPath *, FsCred *);
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index ced7b4c..f2a90d4 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3490,6 +3490,9 @@ int v9fs_device_realize_common(V9fsState *s, Error **errp)
rc = 0;
out:
if (rc) {
+ if (s->ops->cleanup && s->ctx.private) {
+ s->ops->cleanup(&s->ctx);
+ }
g_free(s->tag);
g_free(s->ctx.fs_root);
v9fs_path_free(&path);
@@ -3499,6 +3502,9 @@ out:
void v9fs_device_unrealize_common(V9fsState *s, Error **errp)
{
+ if (s->ops->cleanup) {
+ s->ops->cleanup(&s->ctx);
+ }
g_free(s->tag);
g_free(s->ctx.fs_root);
}
--
2.1.4

47
debian/patches/extra/CVE-2016-9915-9pfs-add-cleanup-operation-for-handle-backend-driver.patch vendored
View File

@ -1,47 +0,0 @@
From 4196726e44c437793294af15d95e53164cf9a02d Mon Sep 17 00:00:00 2001
From: Li Qiang <liq3ea@gmail.com>
Date: Wed, 23 Nov 2016 13:53:34 +0100
Subject: [PATCH 08/12] 9pfs: add cleanup operation for handle backend driver
In the init operation of handle backend dirver, it allocates a
handle_data struct and opens a mount file. We should free these
resources when the 9pfs device is unrealized. This is what this
patch does.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
---
hw/9pfs/9p-handle.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/hw/9pfs/9p-handle.c b/hw/9pfs/9p-handle.c
index 3d77594..1687661 100644
--- a/hw/9pfs/9p-handle.c
+++ b/hw/9pfs/9p-handle.c
@@ -649,6 +649,14 @@ out:
return ret;
}
+static void handle_cleanup(FsContext *ctx)
+{
+ struct handle_data *data = ctx->private;
+
+ close(data->mountfd);
+ g_free(data);
+}
+
static int handle_parse_opts(QemuOpts *opts, struct FsDriverEntry *fse)
{
const char *sec_model = qemu_opt_get(opts, "security_model");
@@ -671,6 +679,7 @@ static int handle_parse_opts(QemuOpts *opts, struct FsDriverEntry *fse)
FileOperations handle_ops = {
.parse_opts = handle_parse_opts,
.init = handle_init,
+ .cleanup = handle_cleanup,
.lstat = handle_lstat,
.readlink = handle_readlink,
.close = handle_close,
--
2.1.4

47
debian/patches/extra/CVE-2016-9916-9pfs-add-cleanup-operation-for-proxy-backend-driver.patch vendored
View File

@ -1,47 +0,0 @@
From ae9b5c9dae96dd8d3bdf9bb6b9a0f7a2d6f532f7 Mon Sep 17 00:00:00 2001
From: Li Qiang <liq3ea@gmail.com>
Date: Wed, 23 Nov 2016 13:53:34 +0100
Subject: [PATCH 09/12] 9pfs: add cleanup operation for proxy backend driver
In the init operation of proxy backend dirver, it allocates a
V9fsProxy struct and some other resources. We should free these
resources when the 9pfs device is unrealized. This is what this
patch does.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
---
hw/9pfs/9p-proxy.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c
index f265501..336e9fe 100644
--- a/hw/9pfs/9p-proxy.c
+++ b/hw/9pfs/9p-proxy.c
@@ -1179,9 +1179,22 @@ static int proxy_init(FsContext *ctx)
return 0;
}
+static void proxy_cleanup(FsContext *ctx)
+{
+ V9fsProxy *proxy = ctx->private;
+
+ g_free(proxy->out_iovec.iov_base);
+ g_free(proxy->in_iovec.iov_base);
+ if (ctx->export_flags & V9FS_PROXY_SOCK_NAME) {
+ close(proxy->sockfd);
+ }
+ g_free(proxy);
+}
+
FileOperations proxy_ops = {
.parse_opts = proxy_parse_opts,
.init = proxy_init,
+ .cleanup = proxy_cleanup,
.lstat = proxy_lstat,
.readlink = proxy_readlink,
.close = proxy_close,
--
2.1.4

81
debian/patches/extra/CVE-2016-9921-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch vendored
View File

@ -1,81 +0,0 @@
From 9ec3cbedab41f93d2fbf742f2ca6705c2d68c3e1 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Tue, 18 Oct 2016 13:15:17 +0530
Subject: [PATCH 12/12] display: cirrus: check vga bits per pixel(bpp) value
In Cirrus CLGD 54xx VGA Emulator, if cirrus graphics mode is VGA,
'cirrus_get_bpp' returns zero(0), which could lead to a divide
by zero error in while copying pixel data. The same could occur
via blit pitch values. Add check to avoid it.
Reported-by: Huawei PSIRT <psirt@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1476776717-24807-1-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
Notes:
CVE-2016-9921
CVE-2016-9922
hw/display/cirrus_vga.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 3d712d5..bdb092e 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -272,6 +272,9 @@ static void cirrus_update_memory_access(CirrusVGAState *s);
static bool blit_region_is_unsafe(struct CirrusVGAState *s,
int32_t pitch, int32_t addr)
{
+ if (!pitch) {
+ return true;
+ }
if (pitch < 0) {
int64_t min = addr
+ ((int64_t)s->cirrus_blt_height-1) * pitch;
@@ -715,7 +718,7 @@ static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s)
s->cirrus_addr_mask));
}
-static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
+static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
{
int sx = 0, sy = 0;
int dx = 0, dy = 0;
@@ -729,6 +732,9 @@ static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
int width, height;
depth = s->vga.get_bpp(&s->vga) / 8;
+ if (!depth) {
+ return 0;
+ }
s->vga.get_resolution(&s->vga, &width, &height);
/* extra x, y */
@@ -783,6 +789,8 @@ static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
s->cirrus_blt_dstpitch, s->cirrus_blt_width,
s->cirrus_blt_height);
+
+ return 1;
}
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
@@ -790,11 +798,9 @@ static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
if (blit_is_unsafe(s))
return 0;
- cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
+ return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
s->cirrus_blt_srcaddr - s->vga.start_addr,
s->cirrus_blt_width, s->cirrus_blt_height);
-
- return 1;
}
/***************************************
--
2.1.4

52
debian/patches/extra/CVE-2017-2620_cirrus_add_blit_is_unsafe_call_to_cirrus_bitblt_cputovideo.patch vendored
View File

@ -1,52 +0,0 @@
From d775c497a84a5c4be3f15cca85ca8440dd5880a0 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 22 Feb 2017 13:42:31 +0100
Subject: [PATCH qemu] cirrus: add blit_is_unsafe call to
cirrus_bitblt_cputovideo (CVE-2017-2620)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination
and blit width, at all. Oops. Fix it.
Security impact: high.
The missing blit destination check allows to write to host memory.
Basically same as CVE-2014-8106 for the other blit variants.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1487679663-3264-1-git-send-email-kraxel@redhat.com
---
hw/display/cirrus_vga.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 1deb520..b9e7cb1 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -900,6 +900,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
{
int w;
+ if (blit_is_unsafe(s, true)) {
+ return 0;
+ }
+
s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC;
s->cirrus_srcptr = &s->cirrus_bltbuf[0];
s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
@@ -925,6 +929,10 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
}
s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height;
}
+
+ /* the blit_is_unsafe call above should catch this */
+ assert(s->cirrus_blt_srcpitch <= CIRRUS_BLTBUFSIZE);
+
s->cirrus_srcptr = s->cirrus_bltbuf;
s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
cirrus_update_memory_access(s);
--
2.1.4

133
debian/patches/extra/x86-lapic-Load-LAPIC-state-at-post_load.patch vendored
View File

@ -1,133 +0,0 @@
From 385c66564aad5fbbe303e0d2ee5e8ffd9c10bc23 Mon Sep 17 00:00:00 2001
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Date: Mon, 12 Sep 2016 18:18:35 +0100
Subject: [PATCH 04/36] x86/lapic: Load LAPIC state at post_load
Load the LAPIC state during post_load (rather than when the CPU
starts).
This allows an interrupt to be delivered from the ioapic to
the lapic prior to cpu loading, in particular the RTC that starts
ticking as soon as we load it's state.
Fixes a case where Windows hangs after migration due to RTC interrupts
disappearing.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/kvm/apic.c | 26 ++++++++++++++++++++++++--
include/sysemu/kvm.h | 1 -
target-i386/kvm.c | 17 -----------------
3 files changed, 24 insertions(+), 20 deletions(-)
diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
index 2bd0de8..feb0002 100644
--- a/hw/i386/kvm/apic.c
+++ b/hw/i386/kvm/apic.c
@@ -28,9 +28,8 @@ static inline uint32_t kvm_apic_get_reg(struct kvm_lapic_state *kapic,
return *((uint32_t *)(kapic->regs + (reg_id << 4)));
}
-void kvm_put_apic_state(DeviceState *dev, struct kvm_lapic_state *kapic)
+static void kvm_put_apic_state(APICCommonState *s, struct kvm_lapic_state *kapic)
{
- APICCommonState *s = APIC_COMMON(dev);
int i;
memset(kapic, 0, sizeof(*kapic));
@@ -125,6 +124,26 @@ static void kvm_apic_vapic_base_update(APICCommonState *s)
}
}
+static void kvm_apic_put(void *data)
+{
+ APICCommonState *s = data;
+ struct kvm_lapic_state kapic;
+ int ret;
+
+ kvm_put_apic_state(s, &kapic);
+
+ ret = kvm_vcpu_ioctl(CPU(s->cpu), KVM_SET_LAPIC, &kapic);
+ if (ret < 0) {
+ fprintf(stderr, "KVM_SET_LAPIC failed: %s\n", strerror(ret));
+ abort();
+ }
+}
+
+static void kvm_apic_post_load(APICCommonState *s)
+{
+ run_on_cpu(CPU(s->cpu), kvm_apic_put, s);
+}
+
static void do_inject_external_nmi(void *data)
{
APICCommonState *s = data;
@@ -178,6 +197,8 @@ static void kvm_apic_reset(APICCommonState *s)
{
/* Not used by KVM, which uses the CPU mp_state instead. */
s->wait_for_sipi = 0;
+
+ run_on_cpu(CPU(s->cpu), kvm_apic_put, s);
}
static void kvm_apic_realize(DeviceState *dev, Error **errp)
@@ -206,6 +227,7 @@ static void kvm_apic_class_init(ObjectClass *klass, void *data)
k->set_base = kvm_apic_set_base;
k->set_tpr = kvm_apic_set_tpr;
k->get_tpr = kvm_apic_get_tpr;
+ k->post_load = kvm_apic_post_load;
k->enable_tpr_reporting = kvm_apic_enable_tpr_reporting;
k->vapic_base_update = kvm_apic_vapic_base_update;
k->external_nmi = kvm_apic_external_nmi;
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index c9c2436..ae5d81b 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -372,7 +372,6 @@ int kvm_irqchip_send_msi(KVMState *s, MSIMessage msg);
void kvm_irqchip_add_irq_route(KVMState *s, int gsi, int irqchip, int pin);
-void kvm_put_apic_state(DeviceState *d, struct kvm_lapic_state *kapic);
void kvm_get_apic_state(DeviceState *d, struct kvm_lapic_state *kapic);
struct kvm_guest_debug;
diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index d1a25c5..f1ad805 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -2416,19 +2416,6 @@ static int kvm_get_apic(X86CPU *cpu)
return 0;
}
-static int kvm_put_apic(X86CPU *cpu)
-{
- DeviceState *apic = cpu->apic_state;
- struct kvm_lapic_state kapic;
-
- if (apic && kvm_irqchip_in_kernel()) {
- kvm_put_apic_state(apic, &kapic);
-
- return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_LAPIC, &kapic);
- }
- return 0;
-}
-
static int kvm_put_vcpu_events(X86CPU *cpu, int level)
{
CPUState *cs = CPU(cpu);
@@ -2670,10 +2657,6 @@ int kvm_arch_put_registers(CPUState *cpu, int level)
if (ret < 0) {
return ret;
}
- ret = kvm_put_apic(x86_cpu);
- if (ret < 0) {
- return ret;
- }
}
ret = kvm_put_tscdeadline_msr(x86_cpu);
--
2.1.4

4
debian/patches/pve/0001-fr-ca-keymap-corrections.patch vendored
View File

@ -1,7 +1,7 @@
From 109c1a773ac37b2dc3d9781ce203a804d3e77651 Mon Sep 17 00:00:00 2001
From 45b6688a45611bb5818e1b6aa7313c91797aa003 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 14:15:49 +0100
Subject: [PATCH 01/47] fr-ca keymap corrections
Subject: [PATCH 01/48] fr-ca keymap corrections
---
pc-bios/keymaps/fr-ca | 9 +++++++++

8
debian/patches/pve/0002-Adjust-network-script-path-to-etc-kvm.patch vendored
View File

@ -1,17 +1,17 @@
From 1dfa1a8df7b065e15639d078c0f137f2dec7c3fa Mon Sep 17 00:00:00 2001
From 392fb50a1c43b47acffb1073a458703da93dfdd8 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 14:16:49 +0100
Subject: [PATCH 02/47] Adjust network script path to /etc/kvm/
Subject: [PATCH 02/48] Adjust network script path to /etc/kvm/
---
include/net/net.h | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/include/net/net.h b/include/net/net.h
index e8d9e9e..375e81d 100644
index 99b28d5..40c39f0 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -216,8 +216,9 @@ void qmp_netdev_add(QDict *qdict, QObject **ret, Error **errp);
@@ -214,8 +214,9 @@ void qmp_netdev_add(QDict *qdict, QObject **ret, Error **errp);
int net_hub_id_for_client(NetClientState *nc, int *id);
NetClientState *net_hub_port_find(int hub_id);

12
debian/patches/pve/0003-vnc-altgr-emulation.patch vendored
View File

@ -1,17 +1,17 @@
From cf2ef62fc7d4ff7e64eed5a01e499c91b62121b9 Mon Sep 17 00:00:00 2001
From f3e33fe70da6f9361bd940d2b029d293a71408ca Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 14:17:38 +0100
Subject: [PATCH 03/47] vnc: altgr emulation
Subject: [PATCH 03/48] vnc: altgr emulation
---
ui/vnc.c | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/ui/vnc.c b/ui/vnc.c
index 76a3273..b9f36b5 100644
index 821acdd..29575f8 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -1733,6 +1733,10 @@ static void kbd_leds(void *opaque, int ledstate)
@@ -1625,6 +1625,10 @@ static void kbd_leds(void *opaque, int ledstate)
static void do_key_event(VncState *vs, int down, int keycode, int sym)
{
@ -22,7 +22,7 @@ index 76a3273..b9f36b5 100644
/* QEMU console switch */
switch(keycode) {
case 0x2a: /* Left Shift */
@@ -1813,8 +1817,27 @@ static void do_key_event(VncState *vs, int down, int keycode, int sym)
@@ -1705,8 +1709,27 @@ static void do_key_event(VncState *vs, int down, int keycode, int sym)
}
if (qemu_console_is_graphic(NULL)) {
@ -50,7 +50,7 @@ index 76a3273..b9f36b5 100644
} else {
bool numlock = vs->modifiers_state[0x45];
bool control = (vs->modifiers_state[0x1d] ||
@@ -1954,7 +1977,8 @@ static void key_event(VncState *vs, int down, uint32_t sym)
@@ -1846,7 +1869,8 @@ static void key_event(VncState *vs, int down, uint32_t sym)
lsym = lsym - 'A' + 'a';
}

8
debian/patches/pve/0004-qemu-img-return-success-on-info-without-snapshots.patch vendored
View File

@ -1,17 +1,17 @@
From baf469b28e3f1bfd5b03e449ffcd8f41c80a5387 Mon Sep 17 00:00:00 2001
From adea2808e62d32a9b22bbe3d16c84c92289983a8 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 14:18:46 +0100
Subject: [PATCH 04/47] qemu-img: return success on info without snapshots
Subject: [PATCH 04/48] qemu-img: return success on info without snapshots
---
qemu-img.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/qemu-img.c b/qemu-img.c
index f204d041..99be68f 100644
index b220cf7..4f7f458 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -2389,7 +2389,8 @@ static int img_info(int argc, char **argv)
@@ -2596,7 +2596,8 @@ static int img_info(int argc, char **argv)
list = collect_image_info_list(image_opts, filename, fmt, chain);
if (!list) {

8
debian/patches/pve/0005-use-kvm-by-default.patch vendored
View File

@ -1,17 +1,17 @@
From c5405c552945f19b36ecc748a2a0e0ec14dff31e Mon Sep 17 00:00:00 2001
From bd3aa97864804b5b37421f199b9fe64e3b16b52c Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 14:27:05 +0100
Subject: [PATCH 05/47] use kvm by default
Subject: [PATCH 05/48] use kvm by default
---
accel.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/accel.c b/accel.c
index 403eb5e..dd2ebea 100644
index 664bb88..ddb23a3 100644
--- a/accel.c
+++ b/accel.c
@@ -88,8 +88,8 @@ void configure_accelerator(MachineState *ms)
@@ -87,8 +87,8 @@ void configure_accelerator(MachineState *ms)
p = qemu_opt_get(qemu_get_machine_opts(), "accel");
if (p == NULL) {

64
debian/patches/pve/0006-virtio-balloon-fix-query.patch vendored
View File

@ -1,7 +1,7 @@
From 132444451193736847c68d91f74c09cb76a16e6a Mon Sep 17 00:00:00 2001
From 5921bc0360f6964a5bb5355c2707c806425f4734 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 14:27:49 +0100
Subject: [PATCH 06/47] virtio-balloon: fix query
Subject: [PATCH 06/48] virtio-balloon: fix query
Actually provide memory information via the query-balloon
command.
@ -9,14 +9,13 @@ command.
hmp.c | 30 +++++++++++++++++++++++++++++-
hw/virtio/virtio-balloon.c | 33 +++++++++++++++++++++++++++++++--
qapi-schema.json | 23 +++++++++++++++++++++--
qmp-commands.hx | 13 +++++++++++++
4 files changed, 94 insertions(+), 5 deletions(-)
3 files changed, 81 insertions(+), 5 deletions(-)
diff --git a/hmp.c b/hmp.c
index bb45f7f..3b0dd81 100644
index edb8970..904542d 100644
--- a/hmp.c
+++ b/hmp.c
@@ -704,7 +704,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict)
@@ -723,7 +723,35 @@ void hmp_info_balloon(Monitor *mon, const QDict *qdict)
return;
}
@ -54,10 +53,10 @@ index bb45f7f..3b0dd81 100644
qapi_free_BalloonInfo(info);
}
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index ad4189a..b3a17f4 100644
index a705e0e..158e13e 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -376,8 +376,37 @@ static uint64_t virtio_balloon_get_features(VirtIODevice *vdev, uint64_t f,
@@ -379,8 +379,37 @@ static uint64_t virtio_balloon_get_features(VirtIODevice *vdev, uint64_t f,
static void virtio_balloon_stat(void *opaque, BalloonInfo *info)
{
VirtIOBalloon *dev = opaque;
@ -98,27 +97,27 @@ index ad4189a..b3a17f4 100644
static void virtio_balloon_to_target(void *opaque, ram_addr_t target)
diff --git a/qapi-schema.json b/qapi-schema.json
index 5658723..4bf7222 100644
index b921994..e7a8117 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -1278,10 +1278,29 @@
@@ -1900,10 +1900,29 @@
#
# @actual: the number of bytes the balloon currently contains
#
-# Since: 0.14.0
+# @last_update: #optional time when stats got updated from guest
+# @last_update: time when stats got updated from guest
+#
+# @mem_swapped_in: #optional number of pages swapped in within the guest
+# @mem_swapped_in: number of pages swapped in within the guest
+#
+# @mem_swapped_out: #optional number of pages swapped out within the guest
+# @mem_swapped_out: number of pages swapped out within the guest
+#
+# @major_page_faults: #optional number of major page faults within the guest
+# @major_page_faults: number of major page faults within the guest
#
+# @minor_page_faults: #optional number of minor page faults within the guest
+# @minor_page_faults: number of minor page faults within the guest
+#
+# @free_mem: #optional amount of memory (in bytes) free in the guest
+# @free_mem: amount of memory (in bytes) free in the guest
+#
+# @total_mem: #optional amount of memory (in bytes) visible to the guest
+# @total_mem: amount of memory (in bytes) visible to the guest
+#
+# @max_mem: amount of memory (in bytes) assigned to the guest
+#
@ -133,37 +132,6 @@ index 5658723..4bf7222 100644
##
# @query-balloon:
diff --git a/qmp-commands.hx b/qmp-commands.hx
index 6866264..6de28d4 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -3854,6 +3854,13 @@ Make an asynchronous request for balloon info. When the request completes a
json-object will be returned containing the following data:
- "actual": current balloon value in bytes (json-int)
+- "mem_swapped_in": Amount of memory swapped in bytes (json-int, optional)
+- "mem_swapped_out": Amount of memory swapped out in bytes (json-int, optional)
+- "major_page_faults": Number of major faults (json-int, optional)
+- "minor_page_faults": Number of minor faults (json-int, optional)
+- "free_mem": Total amount of free and unused memory in
+ bytes (json-int, optional)
+- "total_mem": Total amount of available memory in bytes (json-int, optional)
Example:
@@ -3861,6 +3868,12 @@ Example:
<- {
"return":{
"actual":1073741824,
+ "mem_swapped_in":0,
+ "mem_swapped_out":0,
+ "major_page_faults":142,
+ "minor_page_faults":239245,
+ "free_mem":1014185984,
+ "total_mem":1044668416
}
}
--
2.1.4

8
debian/patches/pve/0007-set-the-CPU-model-to-kvm64-32-instead-of-qemu64-32.patch vendored
View File

@ -1,17 +1,17 @@
From 118ca6343a48aaab7d1a8f252fb36008c823e551 Mon Sep 17 00:00:00 2001
From bc04d6e5e09d517a9c8833fd407a655be3cf21fe Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 14:30:21 +0100
Subject: [PATCH 07/47] set the CPU model to kvm64/32 instead of qemu64/32
Subject: [PATCH 07/48] set the CPU model to kvm64/32 instead of qemu64/32
---
hw/i386/pc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 022dd1b..ba8a5a1 100644
index d24388e..81e91a4 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1160,9 +1160,9 @@ void pc_cpus_init(PCMachineState *pcms)
@@ -1151,9 +1151,9 @@ void pc_cpus_init(PCMachineState *pcms)
/* init CPUs */
if (machine->cpu_model == NULL) {
#ifdef TARGET_X86_64

20
debian/patches/pve/0008-qapi-modify-query-machines.patch vendored
View File

@ -1,7 +1,7 @@
From dc5b92fbb2d405fd86228409b1f25c0bb2d6d973 Mon Sep 17 00:00:00 2001
From e453e9a98f7f0c2a213fe5bee04ece37ce10e625 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 14:31:18 +0100
Subject: [PATCH 08/47] qapi: modify query machines
Subject: [PATCH 08/48] qapi: modify query machines
provide '*is-current' in MachineInfo struct
---
@ -10,19 +10,19 @@ provide '*is-current' in MachineInfo struct
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/qapi-schema.json b/qapi-schema.json
index 4bf7222..63507f5 100644
index e7a8117..2c40928 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -3027,6 +3027,8 @@
@@ -4245,6 +4245,8 @@
#
# @default: #optional whether the machine is default
# @is-default: whether the machine is default
#
+# @current: #optional whether this machine is currently used
+# @is-current: whether this machine is currently used
+#
# @cpu-max: maximum number of CPUs supported by the machine type
# (since 1.5.0)
#
@@ -3036,7 +3038,7 @@
@@ -4254,7 +4256,7 @@
##
{ 'struct': 'MachineInfo',
'data': { 'name': 'str', '*alias': 'str',
@ -32,12 +32,12 @@ index 4bf7222..63507f5 100644
##
diff --git a/vl.c b/vl.c
index 6a218ce..b226e0b 100644
index 0b4ed52..868c489 100644
--- a/vl.c
+++ b/vl.c
@@ -1509,6 +1509,11 @@ MachineInfoList *qmp_query_machines(Error **errp)
@@ -1518,6 +1518,11 @@ MachineInfoList *qmp_query_machines(Error **errp)
info->cpu_max = !mc->max_cpus ? 1 : mc->max_cpus;
info->hotpluggable_cpus = !!mc->query_hotpluggable_cpus;
info->hotpluggable_cpus = mc->has_hotpluggable_cpus;
+ if (strcmp(mc->name, MACHINE_GET_CLASS(current_machine)->name) == 0) {
+ info->has_is_current = true;

14
debian/patches/pve/0009-qapi-modify-spice-query.patch vendored
View File

@ -1,7 +1,7 @@
From c09467afaf37989942076b45f6ffa7bb8ebde2ca Mon Sep 17 00:00:00 2001
From c51f39a5741210b7df2ac212a8ced14ef950d415 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 14:32:11 +0100
Subject: [PATCH 09/47] qapi: modify spice query
Subject: [PATCH 09/48] qapi: modify spice query
Provide the last ticket in the SpiceInfo struct optionally.
---
@ -10,14 +10,14 @@ Provide the last ticket in the SpiceInfo struct optionally.
2 files changed, 8 insertions(+)
diff --git a/qapi-schema.json b/qapi-schema.json
index 63507f5..518c2ea 100644
index 2c40928..ca534cc 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -1253,11 +1253,14 @@
@@ -1841,11 +1841,14 @@
#
# @channels: a list of @SpiceChannel for each active spice channel
#
+# @ticket: #optional The last ticket set with set_password
+# @ticket: The last ticket set with set_password
+#
# Since: 0.14.0
##
@ -29,10 +29,10 @@ index 63507f5..518c2ea 100644
##
diff --git a/ui/spice-core.c b/ui/spice-core.c
index da05054..acf5a73 100644
index 804abc5..4a41731 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -543,6 +543,11 @@ SpiceInfo *qmp_query_spice(Error **errp)
@@ -552,6 +552,11 @@ SpiceInfo *qmp_query_spice(Error **errp)
micro = SPICE_SERVER_VERSION & 0xff;
info->compiled_version = g_strdup_printf("%d.%d.%d", major, minor, micro);

8
debian/patches/pve/0010-ui-spice-default-to-pve-certs-unless-otherwise-speci.patch vendored
View File

@ -1,7 +1,7 @@
From 78cc6a38bfa2c986ff75a322d750a548bf2291b9 Mon Sep 17 00:00:00 2001
From 1434b9fad738e852f789cd8b951f2f4e1e08d3e5 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 14:33:34 +0100
Subject: [PATCH 10/47] ui/spice: default to pve certs unless otherwise
Subject: [PATCH 10/48] ui/spice: default to pve certs unless otherwise
specified
---
@ -9,10 +9,10 @@ Subject: [PATCH 10/47] ui/spice: default to pve certs unless otherwise
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/ui/spice-core.c b/ui/spice-core.c
index acf5a73..4f1cf45 100644
index 4a41731..af1dc8c 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -676,32 +676,35 @@ void qemu_spice_init(void)
@@ -685,32 +685,35 @@ void qemu_spice_init(void)
if (tls_port) {
x509_dir = qemu_opt_get(opts, "x509-dir");

35
debian/patches/pve/0011-introduce-new-vma-archive-format.patch vendored
View File

@ -1,7 +1,7 @@
From 183d526538782e8c3644db303846cf0a70595009 Mon Sep 17 00:00:00 2001
From c1338b34ccac2c5e6d7d1aca3ca3e3457a3f744c Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 13 Nov 2012 11:11:38 +0100
Subject: [PATCH 11/47] introduce new vma archive format
Subject: [PATCH 11/48] introduce new vma archive format
This is a very simple archive format, see docs/specs/vma_spec.txt
@ -11,19 +11,19 @@ Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
Makefile.objs | 1 +
vma-reader.c | 797 +++++++++++++++++++++++++++++++++++++++++++++++++++++
vma-writer.c | 870 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
vma.c | 585 +++++++++++++++++++++++++++++++++++++++
vma.c | 586 +++++++++++++++++++++++++++++++++++++++
vma.h | 146 ++++++++++
6 files changed, 2401 insertions(+), 1 deletion(-)
6 files changed, 2402 insertions(+), 1 deletion(-)
create mode 100644 vma-reader.c
create mode 100644 vma-writer.c
create mode 100644 vma.c
create mode 100644 vma.h
diff --git a/Makefile b/Makefile
index 50b4b3a..d92d905 100644
index 6c359b2..edbc8b5 100644
--- a/Makefile
+++ b/Makefile
@@ -165,7 +165,7 @@ ifneq ($(wildcard config-host.mak),)
@@ -284,7 +284,7 @@ ifneq ($(wildcard config-host.mak),)
include $(SRC_PATH)/tests/Makefile.include
endif
@ -32,22 +32,22 @@ index 50b4b3a..d92d905 100644
qemu-version.h: FORCE
$(call quiet-command, \
@@ -256,6 +256,7 @@ qemu-img.o: qemu-img-cmds.h
qemu-img$(EXESUF): qemu-img.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a
qemu-nbd$(EXESUF): qemu-nbd.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a
qemu-io$(EXESUF): qemu-io.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a
+vma$(EXESUF): vma.o vma-reader.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a
@@ -377,6 +377,7 @@ qemu-img.o: qemu-img-cmds.h
qemu-img$(EXESUF): qemu-img.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
qemu-nbd$(EXESUF): qemu-nbd.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
qemu-io$(EXESUF): qemu-io.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
+vma$(EXESUF): vma.o vma-reader.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) $(COMMON_LDADDS)
qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o libqemuutil.a libqemustub.a
qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o $(COMMON_LDADDS)
diff --git a/Makefile.objs b/Makefile.objs
index 6d5ddcf..845edd0 100644
index 6167e7b..9b12ee6 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -15,6 +15,7 @@ block-obj-$(CONFIG_POSIX) += aio-posix.o
block-obj-$(CONFIG_WIN32) += aio-win32.o
@@ -14,6 +14,7 @@ block-obj-y += block.o blockjob.o
block-obj-y += block/
block-obj-y += qemu-io-cmds.o
block-obj-$(CONFIG_REPLICATION) += replication.o
+block-obj-y += vma-writer.o
block-obj-m = block/
@ -1733,10 +1733,10 @@ index 0000000..b0cf529
+}
diff --git a/vma.c b/vma.c
new file mode 100644
index 0000000..8014090
index 0000000..8732bfa
--- /dev/null
+++ b/vma.c
@@ -0,0 +1,585 @@
@@ -0,0 +1,586 @@
+/*
+ * VMA: Virtual Machine Archive
+ *
@ -1757,6 +1757,7 @@ index 0000000..8014090
+#include "qemu-common.h"
+#include "qemu/error-report.h"
+#include "qemu/main-loop.h"
+#include "qapi/qmp/qstring.h"
+#include "sysemu/char.h" /* qstring_from_str */
+
+static void help(void)

12
debian/patches/pve/0012-vma-add-verify-command.patch vendored
View File

@ -1,7 +1,7 @@
From 144e613eeca6a3383b981f9ca8b82c4a354b36c2 Mon Sep 17 00:00:00 2001
From f6a9d9269a4f07eb7b2161884dde52a65f58c9f6 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 11 Mar 2013 07:07:46 +0100
Subject: [PATCH 12/47] vma: add verify command
Subject: [PATCH 12/48] vma: add verify command
Users wants to verify the archive after backup.
@ -226,10 +226,10 @@ index 51dd8fe..2aafb26 100644
+}
+
diff --git a/vma.c b/vma.c
index 8014090..d55874a 100644
index 8732bfa..ab7b766 100644
--- a/vma.c
+++ b/vma.c
@@ -28,6 +28,7 @@ static void help(void)
@@ -29,6 +29,7 @@ static void help(void)
"vma list <filename>\n"
"vma create <filename> [-c config] <archive> pathname ...\n"
"vma extract <filename> [-r <fifo>] <targetdir>\n"
@ -237,7 +237,7 @@ index 8014090..d55874a 100644
;
printf("%s", help_msg);
@@ -332,6 +333,58 @@ static int extract_content(int argc, char **argv)
@@ -333,6 +334,58 @@ static int extract_content(int argc, char **argv)
return ret;
}
@ -296,7 +296,7 @@ index 8014090..d55874a 100644
typedef struct BackupJob {
BlockDriverState *bs;
int64_t len;
@@ -578,6 +631,8 @@ int main(int argc, char **argv)
@@ -579,6 +632,8 @@ int main(int argc, char **argv)
return create_archive(argc, argv);
} else if (!strcmp(cmdname, "extract")) {
return extract_content(argc, argv);

12
debian/patches/pve/0013-vma-add-config-command-to-dump-the-config.patch vendored
View File

@ -1,17 +1,17 @@
From 48896281bebc5c69760f4e47625e4db81e3a9004 Mon Sep 17 00:00:00 2001
From cfc9d20b832a3db40b4e61fa6af0fbcda911ec2e Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 14:46:49 +0100
Subject: [PATCH 13/47] vma: add 'config' command to dump the config
Subject: [PATCH 13/48] vma: add 'config' command to dump the config
---
vma.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 64 insertions(+)
diff --git a/vma.c b/vma.c
index d55874a..79bdd00 100644
index ab7b766..8925407 100644
--- a/vma.c
+++ b/vma.c
@@ -26,6 +26,7 @@ static void help(void)
@@ -27,6 +27,7 @@ static void help(void)
"usage: vma command [command options]\n"
"\n"
"vma list <filename>\n"
@ -19,7 +19,7 @@ index d55874a..79bdd00 100644
"vma create <filename> [-c config] <archive> pathname ...\n"
"vma extract <filename> [-r <fifo>] <targetdir>\n"
"vma verify <filename> [-v]\n"
@@ -604,6 +605,67 @@ static int create_archive(int argc, char **argv)
@@ -605,6 +606,67 @@ static int create_archive(int argc, char **argv)
return 0;
}
@ -87,7 +87,7 @@ index d55874a..79bdd00 100644
int main(int argc, char **argv)
{
const char *cmdname;
@@ -633,6 +695,8 @@ int main(int argc, char **argv)
@@ -634,6 +696,8 @@ int main(int argc, char **argv)
return extract_content(argc, argv);
} else if (!strcmp(cmdname, "verify")) {
return verify_content(argc, argv);

200
debian/patches/pve/0014-backup-modify-job-api.patch vendored
View File

@ -1,22 +1,23 @@
From 1078c0f6acc1bfba04b7d5cdfdeb02b161b5f7c4 Mon Sep 17 00:00:00 2001
From c46139b295f9edffd43a12e7f029fce4f9b2ea46 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 15:04:57 +0100
Subject: [PATCH 14/47] backup: modify job api
Subject: [PATCH 14/48] backup: modify job api
Introduces a BackupDump function callback and a pause_count
for backup_start. For a dump-backup the target parameter
can now be NULL so access to target needs to be guarded now.
---
block/backup.c | 82 +++++++++++++++++++++++++++++++----------------
blockdev.c | 6 ++--
include/block/block_int.h | 5 +++
3 files changed, 63 insertions(+), 30 deletions(-)
block/backup.c | 118 +++++++++++++++++++++++++++++-----------------
block/replication.c | 3 +-
blockdev.c | 4 +-
include/block/block_int.h | 5 ++
4 files changed, 83 insertions(+), 47 deletions(-)
diff --git a/block/backup.c b/block/backup.c
index 2c05323..f3c0ba3 100644
index a4fb288..fe4ce7f 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -41,6 +41,7 @@ typedef struct BackupBlockJob {
@@ -36,6 +36,7 @@ typedef struct BackupBlockJob {
BdrvDirtyBitmap *sync_bitmap;
MirrorSyncMode sync_mode;
RateLimit limit;
@ -24,7 +25,7 @@ index 2c05323..f3c0ba3 100644
BlockdevOnError on_source_error;
BlockdevOnError on_target_error;
CoRwlock flush_rwlock;
@@ -149,12 +150,23 @@ static int coroutine_fn backup_do_cow(BackupBlockJob *job,
@@ -145,13 +146,24 @@ static int coroutine_fn backup_do_cow(BackupBlockJob *job,
goto out;
}
@ -41,18 +42,29 @@ index 2c05323..f3c0ba3 100644
+ }
} else {
- ret = blk_co_pwritev(job->target, start * job->cluster_size,
- bounce_qiov.size, &bounce_qiov, 0);
- bounce_qiov.size, &bounce_qiov,
- job->compress ? BDRV_REQ_WRITE_COMPRESSED : 0);
+ if (job->dump_cb) {
+ ret = job->dump_cb(job->common.opaque, job->target, start_sec, n, bounce_buffer);
+ }
+ if (job->target) {
+ ret = blk_co_pwritev(job->target, start * job->cluster_size,
+ bounce_qiov.size, &bounce_qiov, 0);
+ bounce_qiov.size, &bounce_qiov,
+ job->compress ? BDRV_REQ_WRITE_COMPRESSED : 0);
+ }
}
if (ret < 0) {
trace_backup_do_cow_write_fail(job, start, ret);
@@ -268,9 +280,11 @@ static BlockErrorAction backup_error_action(BackupBlockJob *job,
@@ -246,6 +258,8 @@ static void backup_abort(BlockJob *job)
static void backup_clean(BlockJob *job)
{
BackupBlockJob *s = container_of(job, BackupBlockJob, common);
+ if (!s->target)
+ return;
assert(s->target);
blk_unref(s->target);
s->target = NULL;
@@ -330,9 +344,11 @@ static BlockErrorAction backup_error_action(BackupBlockJob *job,
if (read) {
return block_job_error_action(&job->common, job->on_source_error,
true, error);
@ -65,7 +77,7 @@ index 2c05323..f3c0ba3 100644
}
}
@@ -393,6 +407,7 @@ static void coroutine_fn backup_run(void *opaque)
@@ -453,6 +469,7 @@ static void coroutine_fn backup_run(void *opaque)
job->done_bitmap = bitmap_new(end);
@ -73,28 +85,17 @@ index 2c05323..f3c0ba3 100644
job->before_write.notify = backup_before_write_notify;
bdrv_add_before_write_notifier(bs, &job->before_write);
@@ -467,7 +482,9 @@ static void coroutine_fn backup_run(void *opaque)
qemu_co_rwlock_unlock(&job->flush_rwlock);
g_free(job->done_bitmap);
- bdrv_op_unblock_all(blk_bs(target), job->common.blocker);
+ if (target) {
+ bdrv_op_unblock_all(blk_bs(target), job->common.blocker);
+ }
data = g_malloc(sizeof(*data));
data->ret = ret;
@@ -479,7 +496,9 @@ void backup_start(const char *job_id, BlockDriverState *bs,
MirrorSyncMode sync_mode, BdrvDirtyBitmap *sync_bitmap,
@@ -557,7 +574,9 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
int creation_flags,
+ BackupDumpFunc *dump_cb,
BlockCompletionFunc *cb, void *opaque,
+ int pause_count,
BlockJobTxn *txn, Error **errp)
{
int64_t len;
@@ -488,7 +507,7 @@ void backup_start(const char *job_id, BlockDriverState *bs,
@@ -566,7 +585,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
int ret;
assert(bs);
@ -103,47 +104,75 @@ index 2c05323..f3c0ba3 100644
if (bs == target) {
error_setg(errp, "Source and target cannot be the same");
@@ -501,7 +520,7 @@ void backup_start(const char *job_id, BlockDriverState *bs,
return;
@@ -579,13 +598,13 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
return NULL;
}
- if (!bdrv_is_inserted(target)) {
+ if (target && !bdrv_is_inserted(target)) {
error_setg(errp, "Device is not inserted: %s",
bdrv_get_device_name(target));
return;
@@ -511,7 +530,7 @@ void backup_start(const char *job_id, BlockDriverState *bs,
return;
return NULL;
}
- if (compress && target->drv->bdrv_co_pwritev_compressed == NULL) {
+ if (target && compress && target->drv->bdrv_co_pwritev_compressed == NULL) {
error_setg(errp, "Compression is not supported for this drive %s",
bdrv_get_device_name(target));
return NULL;
@@ -595,7 +614,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
return NULL;
}
- if (bdrv_op_is_blocked(target, BLOCK_OP_TYPE_BACKUP_TARGET, errp)) {
+ if (target && bdrv_op_is_blocked(target, BLOCK_OP_TYPE_BACKUP_TARGET, errp)) {
return;
return NULL;
}
@@ -547,34 +566,43 @@ void backup_start(const char *job_id, BlockDriverState *bs,
@@ -635,15 +654,18 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
goto error;
}
- job->target = blk_new();
- blk_insert_bs(job->target, target);
- /* The target must match the source in size, so no resize here either */
- job->target = blk_new(BLK_PERM_WRITE,
- BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE |
- BLK_PERM_WRITE_UNCHANGED | BLK_PERM_GRAPH_MOD);
- ret = blk_insert_bs(job->target, target, errp);
- if (ret < 0) {
- goto error;
+ if (target) {
+ job->target = blk_new();
+ blk_insert_bs(job->target, target);
+ }
+ /* The target must match the source in size, so no resize here either */
+ job->target = blk_new(BLK_PERM_WRITE,
+ BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE |
+ BLK_PERM_WRITE_UNCHANGED | BLK_PERM_GRAPH_MOD);
+ ret = blk_insert_bs(job->target, target, errp);
+ if (ret < 0) {
+ goto error;
+ }
}
+ job->dump_cb = dump_cb;
job->on_source_error = on_source_error;
job->on_target_error = on_target_error;
job->sync_mode = sync_mode;
job->sync_bitmap = sync_mode == MIRROR_SYNC_MODE_INCREMENTAL ?
@@ -651,36 +673,44 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
sync_bitmap : NULL;
job->compress = compress;
- /* If there is no backing file on the target, we cannot rely on COW if our
- * backup cluster size is smaller than the target cluster size. Even for
- * targets with a backing file, try to avoid COW if possible. */
- ret = bdrv_get_info(target, &bdi);
- if (ret < 0 && !target->backing) {
- if (ret == -ENOTSUP && !target->backing) {
- /* Cluster size is not defined */
- error_report("WARNING: The target block device doesn't provide "
- "information about the block size and it doesn't have a "
- "backing file. The default block size of %u bytes is "
- "used. If the actual block size of the target exceeds "
- "this default, the backup may be unusable",
- BACKUP_CLUSTER_SIZE_DEFAULT);
- job->cluster_size = BACKUP_CLUSTER_SIZE_DEFAULT;
- } else if (ret < 0 && !target->backing) {
- error_setg_errno(errp, -ret,
- "Couldn't determine the cluster size of the target image, "
- "which has no backing file");
@ -158,7 +187,16 @@ index 2c05323..f3c0ba3 100644
+ * backup cluster size is smaller than the target cluster size. Even for
+ * targets with a backing file, try to avoid COW if possible. */
+ ret = bdrv_get_info(target, &bdi);
+ if (ret < 0 && !target->backing) {
+ if (ret == -ENOTSUP && !target->backing) {
+ /* Cluster size is not defined */
+ error_report("WARNING: The target block device doesn't provide "
+ "information about the block size and it doesn't have a "
+ "backing file. The default block size of %u bytes is "
+ "used. If the actual block size of the target exceeds "
+ "this default, the backup may be unusable",
+ BACKUP_CLUSTER_SIZE_DEFAULT);
+ job->cluster_size = BACKUP_CLUSTER_SIZE_DEFAULT;
+ } else if (ret < 0 && !target->backing) {
+ error_setg_errno(errp, -ret,
+ "Couldn't determine the cluster size of the target image, "
+ "which has no backing file");
@ -169,46 +207,64 @@ index 2c05323..f3c0ba3 100644
+ /* Not fatal; just trudge on ahead. */
+ job->cluster_size = BACKUP_CLUSTER_SIZE_DEFAULT;
+ } else {
+ job->cluster_size = MAX(BACKUP_CLUSTER_SIZE_DEFAULT, bdi.cluster_size);
+ job->cluster_size = BACKUP_CLUSTER_SIZE_DEFAULT;
+ }
+
+ bdrv_op_block_all(target, job->common.blocker);
} else {
- job->cluster_size = MAX(BACKUP_CLUSTER_SIZE_DEFAULT, bdi.cluster_size);
+ job->cluster_size = BACKUP_CLUSTER_SIZE_DEFAULT;
}
- bdrv_op_block_all(target, job->common.blocker);
+ job->common.pause_count = pause_count;
- /* Required permissions are already taken with target's blk_new() */
- block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL,
- &error_abort);
+ if (target) {
+ /* Required permissions are already taken with target's blk_new() */
+ block_job_add_bdrv(&job->common, "target", target, 0, BLK_PERM_ALL,
+ &error_abort);
+ } else {
+ job->common.pause_count = pause_count;
+ }
job->common.len = len;
job->common.co = qemu_coroutine_create(backup_run, job);
block_job_txn_add_job(txn, &job->common);
diff --git a/block/replication.c b/block/replication.c
index bf3c395..60c6524 100644
--- a/block/replication.c
+++ b/block/replication.c
@@ -531,7 +531,8 @@ static void replication_start(ReplicationState *rs, ReplicationMode mode,
0, MIRROR_SYNC_MODE_NONE, NULL, false,
BLOCKDEV_ON_ERROR_REPORT,
BLOCKDEV_ON_ERROR_REPORT, BLOCK_JOB_INTERNAL,
- backup_job_completed, bs, NULL, &local_err);
+ NULL,
+ backup_job_completed, bs, 0, NULL, &local_err);
if (local_err) {
error_propagate(errp, local_err);
backup_job_cleanup(bs);
diff --git a/blockdev.c b/blockdev.c
index 2161400..5e3707d 100644
index 040c152..bb3fc5b 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3277,8 +3277,8 @@ static void do_drive_backup(const char *job_id, const char *device,
}
backup_start(job_id, bs, target_bs, speed, sync, bmap,
- on_source_error, on_target_error,
- block_job_cb, bs, txn, &local_err);
+ on_source_error, on_target_error, NULL,
+ block_job_cb, bs, 0, txn, &local_err);
@@ -3273,7 +3273,7 @@ static BlockJob *do_drive_backup(DriveBackup *backup, BlockJobTxn *txn,
job = backup_job_create(backup->job_id, bs, target_bs, backup->speed,
backup->sync, bmap, backup->compress,
backup->on_source_error, backup->on_target_error,
- BLOCK_JOB_DEFAULT, NULL, NULL, txn, &local_err);
+ BLOCK_JOB_DEFAULT, NULL, NULL, NULL, 0, txn, &local_err);
bdrv_unref(target_bs);
if (local_err != NULL) {
error_propagate(errp, local_err);
@@ -3371,7 +3371,7 @@ void do_blockdev_backup(const char *job_id, const char *device,
}
}
backup_start(job_id, bs, target_bs, speed, sync, NULL, on_source_error,
- on_target_error, block_job_cb, bs, txn, &local_err);
+ on_target_error, NULL, block_job_cb, bs, 0, txn, &local_err);
@@ -3352,7 +3352,7 @@ BlockJob *do_blockdev_backup(BlockdevBackup *backup, BlockJobTxn *txn,
job = backup_job_create(backup->job_id, bs, target_bs, backup->speed,
backup->sync, NULL, backup->compress,
backup->on_source_error, backup->on_target_error,
- BLOCK_JOB_DEFAULT, NULL, NULL, txn, &local_err);
+ BLOCK_JOB_DEFAULT, NULL, NULL, NULL, 0, txn, &local_err);
if (local_err != NULL) {
error_propagate(errp, local_err);
}
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 1e939de..db4650e 100644
index 59400bd..ec65581 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -59,6 +59,9 @@
@ -221,14 +277,14 @@ index 1e939de..db4650e 100644
enum BdrvTrackedRequestType {
BDRV_TRACKED_READ,
BDRV_TRACKED_WRITE,
@@ -767,7 +770,9 @@ void backup_start(const char *job_id, BlockDriverState *bs,
MirrorSyncMode sync_mode, BdrvDirtyBitmap *sync_bitmap,
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
+ BackupDumpFunc *dump_cb,
BlockCompletionFunc *cb, void *opaque,
+ int pause_count,
BlockJobTxn *txn, Error **errp);
@@ -877,7 +880,9 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
int creation_flags,
+ BackupDumpFunc *dump_cb,
BlockCompletionFunc *cb, void *opaque,
+ int pause_count,
BlockJobTxn *txn, Error **errp);
void hmp_drive_add_node(Monitor *mon, const char *optstr);
--

197
debian/patches/pve/0015-backup-add-pve-monitor-commands.patch vendored
View File

@ -1,36 +1,68 @@
From 798846b48b31d8231a3af5858285845d932d1d6b Mon Sep 17 00:00:00 2001
From d48092bb9901112b3356aa8d461c45ffb4ec2b9a Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 15:20:56 +0100
Subject: [PATCH 15/47] backup: add pve monitor commands
Subject: [PATCH 15/48] backup: add pve monitor commands
---
blockdev.c | 439 ++++++++++++++++++++++++++++++++++++++++++++++
blockjob.c | 3 +-
blockdev.c | 465 ++++++++++++++++++++++++++++++++++++++++++++++
blockjob.c | 11 +-
hmp-commands-info.hx | 13 ++
hmp-commands.hx | 29 +++
hmp.c | 61 +++++++
hmp.c | 61 ++++++
hmp.h | 3 +
include/block/block_int.h | 2 +-
qapi-schema.json | 89 ++++++++++
qmp-commands.hx | 18 ++
9 files changed, 655 insertions(+), 2 deletions(-)
qapi-schema.json | 90 +++++++++
8 files changed, 668 insertions(+), 6 deletions(-)
diff --git a/blockdev.c b/blockdev.c
index 5e3707d..5417bb0 100644
index bb3fc5b..3e5c9ce 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -52,6 +52,7 @@
#include "sysemu/arch_init.h"
@@ -35,6 +35,7 @@
#include "sysemu/blockdev.h"
#include "hw/block/block.h"
#include "block/blockjob.h"
+#include "block/blockjob_int.h"
#include "block/throttle-groups.h"
#include "monitor/monitor.h"
#include "qemu/error-report.h"
@@ -53,6 +54,7 @@
#include "qemu/cutils.h"
#include "qemu/help_option.h"
#include "qemu/throttle-options.h"
+#include "vma.h"
static QTAILQ_HEAD(, BlockDriverState) monitor_bdrv_states =
QTAILQ_HEAD_INITIALIZER(monitor_bdrv_states);
@@ -2976,6 +2977,444 @@ static void block_job_cb(void *opaque, int ret)
}
@@ -2956,6 +2958,469 @@ out:
aio_context_release(aio_context);
}
+void block_job_event_cancelled(BlockJob *job);
+void block_job_event_completed(BlockJob *job, const char *msg);
+static void block_job_cb(void *opaque, int ret)
+{
+ /* Note that this function may be executed from another AioContext besides
+ * the QEMU main loop. If you need to access anything that assumes the
+ * QEMU global mutex, use a BH or introduce a mutex.
+ */
+
+ BlockDriverState *bs = opaque;
+ const char *msg = NULL;
+
+ assert(bs->job);
+
+ if (ret < 0) {
+ msg = strerror(-ret);
+ }
+
+ if (block_job_is_cancelled(bs->job)) {
+ block_job_event_cancelled(bs->job);
+ } else {
+ block_job_event_completed(bs->job, msg);
+ }
+}
+
+/* PVE backup related function */
+
+static struct PVEBackupState {
@ -384,10 +416,10 @@ index 5e3707d..5417bb0 100644
+ PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
+ l = g_list_next(l);
+
+ backup_start(NULL, di->bs, NULL, speed, MIRROR_SYNC_MODE_FULL, NULL,
+ BLOCKDEV_ON_ERROR_REPORT, BLOCKDEV_ON_ERROR_REPORT,
+ pvebackup_dump_cb, pvebackup_complete_cb, di,
+ 1, NULL, &local_err);
+ backup_job_create(NULL, di->bs, NULL, speed, MIRROR_SYNC_MODE_FULL, NULL,
+ BLOCKDEV_ON_ERROR_REPORT, BLOCKDEV_ON_ERROR_REPORT,
+ pvebackup_dump_cb, pvebackup_complete_cb, di,
+ 1, NULL, &local_err);
+ if (local_err != NULL) {
+ error_setg(&backup_state.error, "backup_job_create failed");
+ pvebackup_cancel(NULL);
@ -471,13 +503,24 @@ index 5e3707d..5417bb0 100644
+
void qmp_block_stream(bool has_job_id, const char *job_id, const char *device,
bool has_base, const char *base,
bool has_backing_file, const char *backing_file,
bool has_base_node, const char *base_node,
diff --git a/blockjob.c b/blockjob.c
index a5ba3be..a550458 100644
index 9b619f385..54bd34a 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -331,7 +331,8 @@ void block_job_pause(BlockJob *job)
job->pause_count++;
@@ -37,8 +37,8 @@
#include "qemu/timer.h"
#include "qapi-event.h"
-static void block_job_event_cancelled(BlockJob *job);
-static void block_job_event_completed(BlockJob *job, const char *msg);
+void block_job_event_cancelled(BlockJob *job);
+void block_job_event_completed(BlockJob *job, const char *msg);
/* Transactional group of block jobs */
struct BlockJobTxn {
@@ -473,7 +473,8 @@ void block_job_user_pause(BlockJob *job)
block_job_pause(job);
}
-static bool block_job_should_pause(BlockJob *job)
@ -486,11 +529,29 @@ index a5ba3be..a550458 100644
{
return job->pause_count > 0;
}
@@ -687,7 +688,7 @@ static void block_job_iostatus_set_err(BlockJob *job, int error)
}
}
-static void block_job_event_cancelled(BlockJob *job)
+void block_job_event_cancelled(BlockJob *job)
{
if (block_job_is_internal(job)) {
return;
@@ -701,7 +702,7 @@ static void block_job_event_cancelled(BlockJob *job)
&error_abort);
}
-static void block_job_event_completed(BlockJob *job, const char *msg)
+void block_job_event_completed(BlockJob *job, const char *msg)
{
if (block_job_is_internal(job)) {
return;
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
index 74446c6..7616fe2 100644
index a53f105..1a18380 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
@@ -502,6 +502,19 @@ STEXI
@@ -487,6 +487,19 @@ STEXI
Show CPU statistics.
ETEXI
@ -499,7 +560,7 @@ index 74446c6..7616fe2 100644
+ .args_type = "",
+ .params = "",
+ .help = "show backup status",
+ .mhandler.cmd = hmp_info_backup,
+ .cmd = hmp_info_backup,
+ },
+
+STEXI
@ -511,7 +572,7 @@ index 74446c6..7616fe2 100644
{
.name = "usernet",
diff --git a/hmp-commands.hx b/hmp-commands.hx
index 848efee..8f2f3e0 100644
index 8819281..aea39d0 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -87,6 +87,35 @@ STEXI
@ -523,7 +584,7 @@ index 848efee..8f2f3e0 100644
+ .args_type = "backupfile:s,speed:o?,devlist:s?",
+ .params = "backupfile [speed [devlist]]",
+ .help = "create a VM Backup.",
+ .mhandler.cmd = hmp_backup,
+ .cmd = hmp_backup,
+ },
+
+STEXI
@ -537,7 +598,7 @@ index 848efee..8f2f3e0 100644
+ .args_type = "",
+ .params = "",
+ .help = "cancel the current VM backup",
+ .mhandler.cmd = hmp_backup_cancel,
+ .cmd = hmp_backup_cancel,
+ },
+
+STEXI
@ -551,10 +612,10 @@ index 848efee..8f2f3e0 100644
.name = "block_job_set_speed",
.args_type = "device:B,speed:o",
diff --git a/hmp.c b/hmp.c
index 3b0dd81..95da164 100644
index 904542d..c685ba5 100644
--- a/hmp.c
+++ b/hmp.c
@@ -149,6 +149,44 @@ void hmp_info_mice(Monitor *mon, const QDict *qdict)
@@ -151,6 +151,44 @@ void hmp_info_mice(Monitor *mon, const QDict *qdict)
qapi_free_MouseInfoList(mice_list);
}
@ -599,7 +660,7 @@ index 3b0dd81..95da164 100644
void hmp_info_migrate(Monitor *mon, const QDict *qdict)
{
MigrationInfo *info;
@@ -1493,6 +1531,29 @@ void hmp_block_stream(Monitor *mon, const QDict *qdict)
@@ -1613,6 +1651,29 @@ void hmp_block_stream(Monitor *mon, const QDict *qdict)
hmp_handle_error(mon, &error);
}
@ -630,7 +691,7 @@ index 3b0dd81..95da164 100644
{
Error *error = NULL;
diff --git a/hmp.h b/hmp.h
index 0876ec0..9a4c1f6 100644
index 799fd37..17a65b2 100644
--- a/hmp.h
+++ b/hmp.h
@@ -30,6 +30,7 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict);
@ -641,7 +702,7 @@ index 0876ec0..9a4c1f6 100644
void hmp_info_cpus(Monitor *mon, const QDict *qdict);
void hmp_info_block(Monitor *mon, const QDict *qdict);
void hmp_info_blockstats(Monitor *mon, const QDict *qdict);
@@ -76,6 +77,8 @@ void hmp_eject(Monitor *mon, const QDict *qdict);
@@ -79,6 +80,8 @@ void hmp_eject(Monitor *mon, const QDict *qdict);
void hmp_change(Monitor *mon, const QDict *qdict);
void hmp_block_set_io_throttle(Monitor *mon, const QDict *qdict);
void hmp_block_stream(Monitor *mon, const QDict *qdict);
@ -651,7 +712,7 @@ index 0876ec0..9a4c1f6 100644
void hmp_block_job_cancel(Monitor *mon, const QDict *qdict);
void hmp_block_job_pause(Monitor *mon, const QDict *qdict);
diff --git a/include/block/block_int.h b/include/block/block_int.h
index db4650e..0f79b51 100644
index ec65581..278da16 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -59,7 +59,7 @@
@ -664,36 +725,36 @@ index db4650e..0f79b51 100644
enum BdrvTrackedRequestType {
diff --git a/qapi-schema.json b/qapi-schema.json
index 518c2ea..89d9ea6 100644
index ca534cc..059cbfc 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -356,6 +356,95 @@
##
@@ -570,6 +570,96 @@
{ 'command': 'query-events', 'returns': ['EventInfo'] }
##
+# @BackupStatus:
+#
+# Detailed backup status.
+#
+# @status: #optional string describing the current backup status.
+# @status: string describing the current backup status.
+# This can be 'active', 'done', 'error'. If this field is not
+# returned, no backup process has been initiated
+#
+# @errmsg: #optional error message (only returned if status is 'error')
+# @errmsg: error message (only returned if status is 'error')
+#
+# @total: #optional total amount of bytes involved in the backup process
+# @total: total amount of bytes involved in the backup process
+#
+# @transferred: #optional amount of bytes already backed up.
+# @transferred: amount of bytes already backed up.
+#
+# @zero-bytes: #optional amount of 'zero' bytes detected.
+# @zero-bytes: amount of 'zero' bytes detected.
+#
+# @start-time: #optional time (epoch) when backup job started.
+# @start-time: time (epoch) when backup job started.
+#
+# @end-time: #optional time (epoch) when backup job finished.
+# @end-time: time (epoch) when backup job finished.
+#
+# @backupfile: #optional backup file name
+# @backup-file: backup file name
+#
+# @uuid: #optional uuid for this backup job
+# @uuid: uuid for this backup job
+#
+##
+{ 'struct': 'BackupStatus',
@ -703,7 +764,7 @@ index 518c2ea..89d9ea6 100644
+ '*backup-file': 'str', '*uuid': 'str' } }
+
+##
+# @BackupFormat
+# @BackupFormat:
+#
+# An enumeration of supported backup formats.
+#
@ -721,12 +782,12 @@ index 518c2ea..89d9ea6 100644
+#
+# @format: format of the backup file
+#
+# @config-filename: #optional name of a configuration file to include into
+# @config-file: a configuration file to include into
+# the backup archive.
+#
+# @speed: #optional the maximum speed, in bytes per second
+# @speed: the maximum speed, in bytes per second
+#
+# @devlist: #optional list of block device names (separated by ',', ';'
+# @devlist: list of block device names (separated by ',', ';'
+# or ':'). By default the backup includes all writable block devices.
+#
+# Returns: the uuid of the backup job
@ -739,7 +800,7 @@ index 518c2ea..89d9ea6 100644
+ 'returns': 'UuidInfo' }
+
+##
+# @query-backup
+# @query-backup:
+#
+# Returns information about current/last backup task.
+#
@ -749,7 +810,7 @@ index 518c2ea..89d9ea6 100644
+{ 'command': 'query-backup', 'returns': 'BackupStatus' }
+
+##
+# @backup-cancel
+# @backup-cancel:
+#
+# Cancel the current executing backup process.
+#
@ -760,38 +821,10 @@ index 518c2ea..89d9ea6 100644
+##
+{ 'command': 'backup-cancel' }
+
##
# @MigrationStats
+##
# @MigrationStats:
#
diff --git a/qmp-commands.hx b/qmp-commands.hx
index 6de28d4..a8e8522 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -1314,6 +1314,24 @@ Example:
EQMP
{
+ .name = "backup",
+ .args_type = "backup-file:s,format:s?,config-file:F?,speed:o?,devlist:s?",
+ .mhandler.cmd_new = qmp_marshal_backup,
+ },
+
+ {
+ .name = "backup-cancel",
+ .args_type = "",
+ .mhandler.cmd_new = qmp_marshal_backup_cancel,
+ },
+
+ {
+ .name = "query-backup",
+ .args_type = "",
+ .mhandler.cmd_new = qmp_marshal_query_backup,
+ },
+
+ {
.name = "block-job-set-speed",
.args_type = "device:B,speed:o",
.mhandler.cmd_new = qmp_marshal_block_job_set_speed,
# Detailed migration status.
--
2.1.4

85
debian/patches/pve/0016-backup-vma-add-dir-format.patch vendored
View File

@ -1,21 +1,21 @@
From 210be0fc498989e7b029de90b9d2599fdcc343d3 Mon Sep 17 00:00:00 2001
From 99a526d92531d64ff0c31a83d0d55f38651a32a5 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 15:21:54 +0100
Subject: [PATCH 16/47] backup: vma: add dir format
Subject: [PATCH 16/48] backup: vma: add dir format
---
blockdev.c | 124 +++++++++++++++++++++++++++++++++++++++++--------------
blockdev.c | 137 ++++++++++++++++++++++++++++++++++++++++---------------
hmp-commands.hx | 8 ++--
hmp.c | 4 +-
qapi-schema.json | 2 +-
vma.c | 2 +-
5 files changed, 103 insertions(+), 37 deletions(-)
5 files changed, 111 insertions(+), 42 deletions(-)
diff --git a/blockdev.c b/blockdev.c
index 5417bb0..d8b1db8 100644
index 3e5c9ce..af1b9d4 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3001,6 +3001,8 @@ typedef struct PVEBackupDevInfo {
@@ -3007,6 +3007,8 @@ typedef struct PVEBackupDevInfo {
uint8_t dev_id;
//bool started;
bool completed;
@ -24,7 +24,7 @@ index 5417bb0..d8b1db8 100644
} PVEBackupDevInfo;
static void pvebackup_run_next_job(void);
@@ -3069,8 +3071,6 @@ static void pvebackup_complete_cb(void *opaque, int ret)
@@ -3075,8 +3077,6 @@ static void pvebackup_complete_cb(void *opaque, int ret)
{
PVEBackupDevInfo *di = opaque;
@ -33,7 +33,7 @@ index 5417bb0..d8b1db8 100644
di->completed = true;
if (ret < 0 && !backup_state.error) {
@@ -3081,8 +3081,11 @@ static void pvebackup_complete_cb(void *opaque, int ret)
@@ -3087,8 +3087,11 @@ static void pvebackup_complete_cb(void *opaque, int ret)
BlockDriverState *bs = di->bs;
di->bs = NULL;
@ -46,7 +46,7 @@ index 5417bb0..d8b1db8 100644
block_job_cb(bs, ret);
@@ -3162,6 +3165,7 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
@@ -3168,6 +3171,7 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
{
BlockBackend *blk;
BlockDriverState *bs = NULL;
@ -54,7 +54,15 @@ index 5417bb0..d8b1db8 100644
Error *local_err = NULL;
uuid_t uuid;
VmaWriter *vmaw = NULL;
@@ -3179,11 +3183,6 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
@@ -3175,6 +3179,7 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
GList *di_list = NULL;
GList *l;
UuidInfo *uuid_info;
+ BlockJob *job;
if (backup_state.di_list) {
error_set(errp, ERROR_CLASS_GENERIC_ERROR,
@@ -3185,11 +3190,6 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
/* Todo: try to auto-detect format based on file name */
format = has_format ? format : BACKUP_FORMAT_VMA;
@ -66,7 +74,7 @@ index 5417bb0..d8b1db8 100644
if (has_devlist) {
devs = g_strsplit_set(devlist, ",;:", -1);
@@ -3252,27 +3251,62 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
@@ -3258,27 +3258,62 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
uuid_generate(uuid);
@ -145,7 +153,7 @@ index 5417bb0..d8b1db8 100644
}
/* add configuration file to archive */
@@ -3285,12 +3319,27 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
@@ -3291,12 +3326,27 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
goto err;
}
@ -178,16 +186,37 @@ index 5417bb0..d8b1db8 100644
g_free(cdata);
}
@@ -3330,7 +3379,7 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
@@ -3335,15 +3385,16 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
while (l) {
PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
l = g_list_next(l);
-
- backup_job_create(NULL, di->bs, NULL, speed, MIRROR_SYNC_MODE_FULL, NULL,
- BLOCKDEV_ON_ERROR_REPORT, BLOCKDEV_ON_ERROR_REPORT,
- pvebackup_dump_cb, pvebackup_complete_cb, di,
- 1, NULL, &local_err);
- if (local_err != NULL) {
+ job = backup_job_create(NULL, di->bs, di->target, speed, MIRROR_SYNC_MODE_FULL, NULL,
+ false, BLOCKDEV_ON_ERROR_REPORT, BLOCKDEV_ON_ERROR_REPORT,
+ BLOCK_JOB_DEFAULT,
+ pvebackup_dump_cb, pvebackup_complete_cb, di,
+ 1, NULL, &local_err);
+ if (!job || local_err != NULL) {
error_setg(&backup_state.error, "backup_job_create failed");
pvebackup_cancel(NULL);
}
+ block_job_start(job);
}
- backup_start(NULL, di->bs, NULL, speed, MIRROR_SYNC_MODE_FULL, NULL,
+ backup_start(NULL, di->bs, di->target, speed, MIRROR_SYNC_MODE_FULL, NULL,
BLOCKDEV_ON_ERROR_REPORT, BLOCKDEV_ON_ERROR_REPORT,
pvebackup_dump_cb, pvebackup_complete_cb, di,
1, NULL, &local_err);
@@ -3352,8 +3401,17 @@ err:
if (!backup_state.error) {
@@ -3352,14 +3403,24 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
uuid_info = g_malloc0(sizeof(*uuid_info));
uuid_info->UUID = g_strdup(backup_state.uuid_str);
+
return uuid_info;
err:
l = di_list;
while (l) {
@ -206,7 +235,7 @@ index 5417bb0..d8b1db8 100644
}
g_list_free(di_list);
@@ -3367,6 +3425,10 @@ err:
@@ -3373,6 +3434,10 @@ err:
unlink(backup_file);
}
@ -218,7 +247,7 @@ index 5417bb0..d8b1db8 100644
}
diff --git a/hmp-commands.hx b/hmp-commands.hx
index 8f2f3e0..0e20ef9 100644
index aea39d0..7288203 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -89,9 +89,11 @@ ETEXI
@ -233,14 +262,14 @@ index 8f2f3e0..0e20ef9 100644
+ .help = "create a VM Backup."
+ "\n\t\t\t Use -d to dump data into a directory instead"
+ "\n\t\t\t of using VMA format.",
.mhandler.cmd = hmp_backup,
.cmd = hmp_backup,
},
diff --git a/hmp.c b/hmp.c
index 95da164..c23cf2f 100644
index c685ba5..465d7fa 100644
--- a/hmp.c
+++ b/hmp.c
@@ -1544,11 +1544,13 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
@@ -1664,11 +1664,13 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
{
Error *error = NULL;
@ -256,10 +285,10 @@ index 95da164..c23cf2f 100644
hmp_handle_error(mon, &error);
diff --git a/qapi-schema.json b/qapi-schema.json
index 89d9ea6..147137d 100644
index 059cbfc..1127f2c 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -395,7 +395,7 @@
@@ -609,7 +609,7 @@
# @vma: Proxmox vma backup format
##
{ 'enum': 'BackupFormat',
@ -269,10 +298,10 @@ index 89d9ea6..147137d 100644
##
# @backup:
diff --git a/vma.c b/vma.c
index 79bdd00..c88a4358 100644
index 8925407..1ffaced 100644
--- a/vma.c
+++ b/vma.c
@@ -263,7 +263,7 @@ static int extract_content(int argc, char **argv)
@@ -264,7 +264,7 @@ static int extract_content(int argc, char **argv)
g_free(statefn);
} else if (di) {
char *devfn = NULL;

14
debian/patches/pve/0017-backup-do-not-return-errors-in-dump-callback.patch vendored
View File

@ -1,17 +1,17 @@
From 8a10cce2efa3d8906617939a5c644c9cb7104ef6 Mon Sep 17 00:00:00 2001
From f859377de12e2faa46046b266ce4418c138e61ab Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 15:22:19 +0100
Subject: [PATCH 17/47] backup: do not return errors in dump callback
Subject: [PATCH 17/48] backup: do not return errors in dump callback
---
blockdev.c | 26 ++++++++++++++++++++------
1 file changed, 20 insertions(+), 6 deletions(-)
diff --git a/blockdev.c b/blockdev.c
index d8b1db8..fb71cdc 100644
index af1b9d4..4b073d4 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3013,6 +3013,11 @@ static int pvebackup_dump_cb(void *opaque, BlockBackend *target,
@@ -3019,6 +3019,11 @@ static int pvebackup_dump_cb(void *opaque, BlockBackend *target,
{
PVEBackupDevInfo *di = opaque;
@ -23,7 +23,7 @@ index d8b1db8..fb71cdc 100644
if (sector_num & 0x7f) {
if (!backup_state.error) {
error_setg(&backup_state.error,
@@ -3023,7 +3028,6 @@ static int pvebackup_dump_cb(void *opaque, BlockBackend *target,
@@ -3029,7 +3034,6 @@ static int pvebackup_dump_cb(void *opaque, BlockBackend *target,
}
int64_t cluster_num = sector_num >> 7;
@ -31,7 +31,7 @@ index d8b1db8..fb71cdc 100644
int ret = -1;
@@ -3031,17 +3035,27 @@ static int pvebackup_dump_cb(void *opaque, BlockBackend *target,
@@ -3037,17 +3041,27 @@ static int pvebackup_dump_cb(void *opaque, BlockBackend *target,
size_t zero_bytes = 0;
ret = vma_writer_write(backup_state.vmaw, di->dev_id, cluster_num,
buf, &zero_bytes);
@ -63,7 +63,7 @@ index d8b1db8..fb71cdc 100644
}
static void pvebackup_cleanup(void)
@@ -3113,7 +3127,7 @@ static void pvebackup_cancel(void *opaque)
@@ -3119,7 +3133,7 @@ static void pvebackup_cancel(void *opaque)
BlockJob *job = di->bs->job;
if (job) {
if (!di->completed) {

8
debian/patches/pve/0018-backup-vma-correctly-propagate-error.patch vendored
View File

@ -1,7 +1,7 @@
From c31ba8ff9485b7648ca45952b9e7ccd74c50ac40 Mon Sep 17 00:00:00 2001
From 17b2fc7ed399325558b891e13e104214568fd154 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 15:39:36 +0100
Subject: [PATCH 18/47] backup: vma: correctly propagate error
Subject: [PATCH 18/48] backup: vma: correctly propagate error
---
blockdev.c | 2 +-
@ -10,10 +10,10 @@ Subject: [PATCH 18/47] backup: vma: correctly propagate error
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/blockdev.c b/blockdev.c
index fb71cdc..2e51913 100644
index 4b073d4..6253ef1 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3037,7 +3037,7 @@ static int pvebackup_dump_cb(void *opaque, BlockBackend *target,
@@ -3043,7 +3043,7 @@ static int pvebackup_dump_cb(void *opaque, BlockBackend *target,
buf, &zero_bytes);
if (ret < 0) {
if (!backup_state.error) {

16
debian/patches/pve/0019-backup-vma-remove-async-queue.patch vendored
View File

@ -1,7 +1,7 @@
From fb3d52b336cd8404055bf0b3b8d825c6f5247fef Mon Sep 17 00:00:00 2001
From bf0b444a62df49c016eb47f0299e5656d830234e Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 15:40:00 +0100
Subject: [PATCH 19/47] backup: vma: remove async queue
Subject: [PATCH 19/48] backup: vma: remove async queue
---
blockdev.c | 6 ++
@ -9,10 +9,10 @@ Subject: [PATCH 19/47] backup: vma: remove async queue
2 files changed, 38 insertions(+), 147 deletions(-)
diff --git a/blockdev.c b/blockdev.c
index 2e51913..1491c2d 100644
index 6253ef1..ef159b0 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3116,6 +3116,11 @@ static void pvebackup_cancel(void *opaque)
@@ -3122,6 +3122,11 @@ static void pvebackup_cancel(void *opaque)
error_setg(&backup_state.error, "backup cancelled");
}
@ -24,7 +24,7 @@ index 2e51913..1491c2d 100644
/* drain all i/o (awake jobs waiting for aio) */
bdrv_drain_all();
@@ -3128,6 +3133,7 @@ static void pvebackup_cancel(void *opaque)
@@ -3134,6 +3139,7 @@ static void pvebackup_cancel(void *opaque)
if (job) {
if (!di->completed) {
block_job_cancel_sync(job);
@ -33,7 +33,7 @@ index 2e51913..1491c2d 100644
}
}
diff --git a/vma-writer.c b/vma-writer.c
index 689e988..6d3119d 100644
index 689e988..ec8da53 100644
--- a/vma-writer.c
+++ b/vma-writer.c
@@ -28,14 +28,8 @@
@ -104,9 +104,9 @@ index 689e988..6d3119d 100644
- DPRINTF("vma_co_write starting %zd\n", bytes);
-
while (done < bytes) {
+ aio_set_fd_handler(qemu_get_aio_context(), vmaw->fd, false, NULL, vma_co_continue_write, vmaw);
+ aio_set_fd_handler(qemu_get_aio_context(), vmaw->fd, false, NULL, vma_co_continue_write, NULL, vmaw);
+ qemu_coroutine_yield();
+ aio_set_fd_handler(qemu_get_aio_context(), vmaw->fd, false, NULL, NULL, NULL);
+ aio_set_fd_handler(qemu_get_aio_context(), vmaw->fd, false, NULL, NULL, NULL, NULL);
+ if (vmaw->status < 0) {
+ DPRINTF("vma_queue_write detected canceled backup\n");
+ done = -1;

12
debian/patches/pve/0020-backup-vma-run-flush-inside-coroutine.patch vendored
View File

@ -1,7 +1,7 @@
From 3e0869f3ef3fc5537d90d22cde89f1384b164e70 Mon Sep 17 00:00:00 2001
From c0b66c21bb4d4cc1f02d4259d62dd8d6d413fd7f Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 15:40:42 +0100
Subject: [PATCH 20/47] backup: vma: run flush inside coroutine
Subject: [PATCH 20/48] backup: vma: run flush inside coroutine
---
blockdev.c | 10 +++++++++-
@ -9,10 +9,10 @@ Subject: [PATCH 20/47] backup: vma: run flush inside coroutine
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/blockdev.c b/blockdev.c
index 1491c2d..f3c0c58 100644
index ef159b0..a9a900e 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3081,6 +3081,13 @@ static void pvebackup_cleanup(void)
@@ -3087,6 +3087,13 @@ static void pvebackup_cleanup(void)
}
}
@ -26,7 +26,7 @@ index 1491c2d..f3c0c58 100644
static void pvebackup_complete_cb(void *opaque, int ret)
{
PVEBackupDevInfo *di = opaque;
@@ -3098,7 +3105,8 @@ static void pvebackup_complete_cb(void *opaque, int ret)
@@ -3104,7 +3111,8 @@ static void pvebackup_complete_cb(void *opaque, int ret)
di->target = NULL;
if (backup_state.vmaw) {
@ -37,7 +37,7 @@ index 1491c2d..f3c0c58 100644
block_job_cb(bs, ret);
diff --git a/vma-writer.c b/vma-writer.c
index 6d3119d..79b7fd4 100644
index ec8da53..216577a 100644
--- a/vma-writer.c
+++ b/vma-writer.c
@@ -700,6 +700,10 @@ int vma_writer_close(VmaWriter *vmaw, Error **errp)

10
debian/patches/pve/0021-backup-do-not-use-bdrv_drain_all.patch vendored
View File

@ -1,17 +1,17 @@
From e7cf613192638f5ac24629961c4010a3b3575ad6 Mon Sep 17 00:00:00 2001
From 4de872af5f176bbcc0d2f19b9fd30a7cefbddd9a Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 15:41:13 +0100
Subject: [PATCH 21/47] backup: do not use bdrv_drain_all
Subject: [PATCH 21/48] backup: do not use bdrv_drain_all
---
blockdev.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/blockdev.c b/blockdev.c
index f3c0c58..2371cf3 100644
index a9a900e..36b4083 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3129,9 +3129,6 @@ static void pvebackup_cancel(void *opaque)
@@ -3135,9 +3135,6 @@ static void pvebackup_cancel(void *opaque)
vma_writer_set_error(backup_state.vmaw, "backup cancelled");
}
@ -21,7 +21,7 @@ index f3c0c58..2371cf3 100644
GList *l = backup_state.di_list;
while (l) {
PVEBackupDevInfo *di = (PVEBackupDevInfo *)l->data;
@@ -3140,8 +3137,7 @@ static void pvebackup_cancel(void *opaque)
@@ -3146,8 +3143,7 @@ static void pvebackup_cancel(void *opaque)
BlockJob *job = di->bs->job;
if (job) {
if (!di->completed) {

190
debian/patches/pve/0022-internal-snapshot-async.patch vendored
View File

@ -1,7 +1,7 @@
From ddfc29076293a794f0d9cc74c0c822c144e7ecbc Mon Sep 17 00:00:00 2001
From ab6904d8e0f3a976ade19e8b5f99270738ed6518 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 16:04:32 +0100
Subject: [PATCH 22/47] internal snapshot async
Subject: [PATCH 22/48] internal snapshot async
---
Makefile.objs | 1 +
@ -13,32 +13,31 @@ Subject: [PATCH 22/47] internal snapshot async
include/block/block.h | 1 +
include/sysemu/sysemu.h | 5 +-
migration/savevm.c | 12 +-
qapi-schema.json | 46 +++++
qapi-schema.json | 68 +++++++
qemu-options.hx | 13 ++
qmp-commands.hx | 30 +++
savevm-async.c | 526 ++++++++++++++++++++++++++++++++++++++++++++++++
savevm-async.c | 525 ++++++++++++++++++++++++++++++++++++++++++++++++
vl.c | 8 +
14 files changed, 743 insertions(+), 8 deletions(-)
13 files changed, 734 insertions(+), 8 deletions(-)
create mode 100644 savevm-async.c
diff --git a/Makefile.objs b/Makefile.objs
index 845edd0..7d9d2d7 100644
index 9b12ee6..f5f8dba 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -53,6 +53,7 @@ common-obj-$(CONFIG_LINUX) += fsdev/
@@ -51,6 +51,7 @@ common-obj-$(CONFIG_LINUX) += fsdev/
common-obj-y += migration/
common-obj-y += qemu-char.o #aio.o
common-obj-y += page_cache.o
common-obj-y += page_cache.o #aio.o
+common-obj-y += savevm-async.o
common-obj-$(CONFIG_SPICE) += spice-qemu-char.o
diff --git a/block.c b/block.c
index 30d64e6..95c1d32 100644
index 6e906ec..5563a4f 100644
--- a/block.c
+++ b/block.c
@@ -2288,7 +2288,7 @@ void bdrv_replace_in_backing_chain(BlockDriverState *old, BlockDriverState *new)
bdrv_unref(old);
@@ -3045,7 +3045,7 @@ out:
bdrv_unref(bs_new);
}
-static void bdrv_delete(BlockDriverState *bs)
@ -47,10 +46,10 @@ index 30d64e6..95c1d32 100644
assert(!bs->job);
assert(bdrv_op_blocker_is_empty(bs));
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
index 7616fe2..3046f9d 100644
index 1a18380..3b5a0f9 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
@@ -588,6 +588,19 @@ Show current migration xbzrle cache size.
@@ -573,6 +573,19 @@ Show current migration xbzrle cache size.
ETEXI
{
@ -58,7 +57,7 @@ index 7616fe2..3046f9d 100644
+ .args_type = "",
+ .params = "",
+ .help = "show savevm status",
+ .mhandler.cmd = hmp_info_savevm,
+ .cmd = hmp_info_savevm,
+ },
+
+STEXI
@ -71,10 +70,10 @@ index 7616fe2..3046f9d 100644
.args_type = "",
.params = "",
diff --git a/hmp-commands.hx b/hmp-commands.hx
index 0e20ef9..4d735cb 100644
index 7288203..a2867b5 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1791,3 +1791,35 @@ ETEXI
@@ -1808,3 +1808,35 @@ ETEXI
STEXI
@end table
ETEXI
@ -84,7 +83,7 @@ index 0e20ef9..4d735cb 100644
+ .args_type = "statefile:s?",
+ .params = "[statefile]",
+ .help = "Prepare for snapshot and halt VM. Save VM state to statefile.",
+ .mhandler.cmd = hmp_savevm_start,
+ .cmd = hmp_savevm_start,
+ },
+
+ {
@ -92,7 +91,7 @@ index 0e20ef9..4d735cb 100644
+ .args_type = "device:s,name:s",
+ .params = "device name",
+ .help = "Create internal snapshot.",
+ .mhandler.cmd = hmp_snapshot_drive,
+ .cmd = hmp_snapshot_drive,
+ },
+
+ {
@ -100,7 +99,7 @@ index 0e20ef9..4d735cb 100644
+ .args_type = "device:s,name:s",
+ .params = "device name",
+ .help = "Delete internal snapshot.",
+ .mhandler.cmd = hmp_delete_drive_snapshot,
+ .cmd = hmp_delete_drive_snapshot,
+ },
+
+ {
@ -108,13 +107,13 @@ index 0e20ef9..4d735cb 100644
+ .args_type = "",
+ .params = "",
+ .help = "Resume VM after snaphot.",
+ .mhandler.cmd = hmp_savevm_end,
+ .cmd = hmp_savevm_end,
+ },
diff --git a/hmp.c b/hmp.c
index c23cf2f..030fd97 100644
index 465d7fa..aaf0de1 100644
--- a/hmp.c
+++ b/hmp.c
@@ -2117,6 +2117,63 @@ void hmp_info_memory_devices(Monitor *mon, const QDict *qdict)
@@ -2270,6 +2270,63 @@ void hmp_info_memory_devices(Monitor *mon, const QDict *qdict)
qapi_free_MemoryDeviceInfoList(info_list);
}
@ -179,7 +178,7 @@ index c23cf2f..030fd97 100644
{
IOThreadInfoList *info_list = qmp_query_iothreads(NULL);
diff --git a/hmp.h b/hmp.h
index 9a4c1f6..b74ddbf 100644
index 17a65b2..8c1b484 100644
--- a/hmp.h
+++ b/hmp.h
@@ -26,6 +26,7 @@ void hmp_info_status(Monitor *mon, const QDict *qdict);
@ -190,7 +189,7 @@ index 9a4c1f6..b74ddbf 100644
void hmp_info_migrate(Monitor *mon, const QDict *qdict);
void hmp_info_migrate_capabilities(Monitor *mon, const QDict *qdict);
void hmp_info_migrate_parameters(Monitor *mon, const QDict *qdict);
@@ -92,6 +93,10 @@ void hmp_netdev_add(Monitor *mon, const QDict *qdict);
@@ -95,6 +96,10 @@ void hmp_netdev_add(Monitor *mon, const QDict *qdict);
void hmp_netdev_del(Monitor *mon, const QDict *qdict);
void hmp_getfd(Monitor *mon, const QDict *qdict);
void hmp_closefd(Monitor *mon, const QDict *qdict);
@ -202,30 +201,30 @@ index 9a4c1f6..b74ddbf 100644
void hmp_screendump(Monitor *mon, const QDict *qdict);
void hmp_nbd_server_start(Monitor *mon, const QDict *qdict);
diff --git a/include/block/block.h b/include/block/block.h
index acddf3b..0f70a9d 100644
index 5149260..b29c69d 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -256,6 +256,7 @@ BlockDriverState *bdrv_find_backing_image(BlockDriverState *bs,
@@ -295,6 +295,7 @@ BlockDriverState *bdrv_find_backing_image(BlockDriverState *bs,
int bdrv_get_backing_file_depth(BlockDriverState *bs);
void bdrv_refresh_filename(BlockDriverState *bs);
int bdrv_truncate(BlockDriverState *bs, int64_t offset);
int bdrv_truncate(BdrvChild *child, int64_t offset);
+void bdrv_delete(BlockDriverState *bs);
int64_t bdrv_nb_sectors(BlockDriverState *bs);
int64_t bdrv_getlength(BlockDriverState *bs);
int64_t bdrv_get_allocated_file_size(BlockDriverState *bs);
diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index ee7c760..4875441 100644
index 576c7ce..74623de 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -79,6 +79,7 @@ void qemu_remove_machine_init_done_notifier(Notifier *notify);
@@ -78,6 +78,7 @@ void qemu_remove_machine_init_done_notifier(Notifier *notify);
void hmp_savevm(Monitor *mon, const QDict *qdict);
int save_vmstate(Monitor *mon, const char *name);
int load_vmstate(const char *name);
+int load_state_from_blockdev(const char *filename);
void hmp_delvm(Monitor *mon, const QDict *qdict);
void hmp_info_snapshots(Monitor *mon, const QDict *qdict);
@@ -106,13 +107,13 @@ enum qemu_vm_cmd {
@@ -105,13 +106,13 @@ enum qemu_vm_cmd {
#define MAX_VM_CMD_PACKAGED_SIZE (1ul << 24)
bool qemu_savevm_state_blocked(Error **errp);
@ -242,10 +241,10 @@ index ee7c760..4875441 100644
uint64_t *res_non_postcopiable,
uint64_t *res_postcopiable);
diff --git a/migration/savevm.c b/migration/savevm.c
index 33a2911..b1bdfb6 100644
index 3b19a4a..feb0dc6 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -879,11 +879,11 @@ void qemu_savevm_state_header(QEMUFile *f)
@@ -970,11 +970,11 @@ void qemu_savevm_state_header(QEMUFile *f)
}
@ -259,7 +258,7 @@ index 33a2911..b1bdfb6 100644
trace_savevm_state_begin();
QTAILQ_FOREACH(se, &savevm_state.handlers, entry) {
@@ -911,6 +911,7 @@ void qemu_savevm_state_begin(QEMUFile *f,
@@ -1002,6 +1002,7 @@ void qemu_savevm_state_begin(QEMUFile *f,
break;
}
}
@ -267,7 +266,7 @@ index 33a2911..b1bdfb6 100644
}
/*
@@ -1014,7 +1015,7 @@ void qemu_savevm_state_complete_postcopy(QEMUFile *f)
@@ -1105,7 +1106,7 @@ void qemu_savevm_state_complete_postcopy(QEMUFile *f)
qemu_fflush(f);
}
@ -276,7 +275,7 @@ index 33a2911..b1bdfb6 100644
{
QJSON *vmdesc;
int vmdesc_len;
@@ -1048,12 +1049,12 @@ void qemu_savevm_state_complete_precopy(QEMUFile *f, bool iterable_only)
@@ -1139,12 +1140,12 @@ void qemu_savevm_state_complete_precopy(QEMUFile *f, bool iterable_only)
save_section_footer(f, se);
if (ret < 0) {
qemu_file_set_error(f, ret);
@ -291,7 +290,7 @@ index 33a2911..b1bdfb6 100644
}
vmdesc = qjson_new();
@@ -1100,6 +1101,7 @@ void qemu_savevm_state_complete_precopy(QEMUFile *f, bool iterable_only)
@@ -1191,6 +1192,7 @@ void qemu_savevm_state_complete_precopy(QEMUFile *f, bool iterable_only)
qjson_destroy(vmdesc);
qemu_fflush(f);
@ -300,29 +299,28 @@ index 33a2911..b1bdfb6 100644
/* Give an estimate of the amount left to be transferred,
diff --git a/qapi-schema.json b/qapi-schema.json
index 147137d..0c0faf7 100644
index 1127f2c..c33ebb3 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -594,6 +594,42 @@
'*cpu-throttle-percentage': 'int',
@@ -813,6 +813,40 @@
'*error-desc': 'str'} }
+
+# @SaveVMInfo
##
+# @SaveVMInfo:
+#
+# Information about current migration process.
+#
+# @status: #optional string describing the current savevm status.
+# @status: string describing the current savevm status.
+# This can be 'active', 'completed', 'failed'.
+# If this field is not returned, no savevm process
+# has been initiated
+#
+# @error: #optional string containing error message is status is failed.
+# @error: string containing error message is status is failed.
+#
+# @total-time: #optional total amount of milliseconds since savevm started.
+# @total-time: total amount of milliseconds since savevm started.
+# If savevm has ended, it returns the total save time
+#
+# @bytes: #optional total amount of data transfered
+# @bytes: total amount of data transfered
+#
+# Since: 1.3
+##
@ -331,7 +329,7 @@ index 147137d..0c0faf7 100644
+ '*total-time': 'int', '*bytes': 'int'} }
+
+##
+# @query-savevm
+# @query-savevm:
+#
+# Returns information about current savevm process.
+#
@ -342,34 +340,58 @@ index 147137d..0c0faf7 100644
+{ 'command': 'query-savevm', 'returns': 'SaveVMInfo' }
+
+##
+
##
# @query-migrate
# @query-migrate:
#
@@ -3286,8 +3322,18 @@
# Returns information about current migration process. If migration
@@ -4828,9 +4862,43 @@
#
# Since: 1.2.0
##
+
{ 'command': 'query-target', 'returns': 'TargetInfo' }
##
+# @savevm-start:
+#
+# Prepare for snapshot and halt VM. Save VM state to statefile.
+#
+##
+{ 'command': 'savevm-start', 'data': { '*statefile': 'str' } }
+
+##
+# @snapshot-drive:
+#
+# Create an internal drive snapshot.
+#
+##
+{ 'command': 'snapshot-drive', 'data': { 'device': 'str', 'name': 'str' } }
+
+##
+# @delete-drive-snapshot:
+#
+# Delete a drive snapshot.
+#
+##
+{ 'command': 'delete-drive-snapshot', 'data': { 'device': 'str', 'name': 'str' } }
+
+##
+# @savevm-end:
+#
+# Resume VM after a snapshot.
+#
+##
+{ 'command': 'savevm-end' }
+
+
##
+##
# @QKeyCode:
#
# An enumeration of key name.
diff --git a/qemu-options.hx b/qemu-options.hx
index a71aaf8..37fad3b 100644
index 99af8ed..10f0e81 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3302,6 +3302,19 @@ STEXI
@@ -3396,6 +3396,19 @@ STEXI
Start right away with a saved state (@code{loadvm} in monitor)
ETEXI
@ -389,53 +411,12 @@ index a71aaf8..37fad3b 100644
#ifndef _WIN32
DEF("daemonize", 0, QEMU_OPTION_daemonize, \
"-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL)
diff --git a/qmp-commands.hx b/qmp-commands.hx
index a8e8522..6342cd2 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -4904,6 +4904,36 @@ Example:
EQMP
{
+ .name = "savevm-start",
+ .args_type = "statefile:s?",
+ .mhandler.cmd_new = qmp_marshal_savevm_start,
+ },
+
+ {
+ .name = "snapshot-drive",
+ .args_type = "device:s,name:s",
+ .mhandler.cmd_new = qmp_marshal_snapshot_drive,
+ },
+
+ {
+ .name = "delete-drive-snapshot",
+ .args_type = "device:s,name:s",
+ .mhandler.cmd_new = qmp_marshal_delete_drive_snapshot,
+ },
+
+ {
+ .name = "savevm-end",
+ .args_type = "",
+ .mhandler.cmd_new = qmp_marshal_savevm_end,
+ },
+
+ {
+ .name = "query-savevm",
+ .args_type = "",
+ .mhandler.cmd_new = qmp_marshal_query_savevm,
+ },
+
+ {
.name = "query-rocker",
.args_type = "name:s",
.mhandler.cmd_new = qmp_marshal_query_rocker,
diff --git a/savevm-async.c b/savevm-async.c
new file mode 100644
index 0000000..ae7ea84
index 0000000..9704a41
--- /dev/null
+++ b/savevm-async.c
@@ -0,0 +1,526 @@
@@ -0,0 +1,525 @@
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qapi/qmp/qerror.h"
@ -691,7 +672,7 @@ index 0000000..ae7ea84
+ BlockDriver *drv = NULL;
+ Error *local_err = NULL;
+
+ int bdrv_oflags = BDRV_O_RDWR;
+ int bdrv_oflags = BDRV_O_RDWR | BDRV_O_RESIZE;
+ int ret;
+
+ if (snap_state.state != SAVE_STATE_DONE) {
@ -942,7 +923,6 @@ index 0000000..ae7ea84
+ }
+
+ qemu_system_reset(VMRESET_SILENT);
+ migration_incoming_state_new(f);
+ ret = qemu_loadvm_state(f);
+
+ qemu_fclose(f);
@ -963,10 +943,10 @@ index 0000000..ae7ea84
+ return ret;
+}
diff --git a/vl.c b/vl.c
index b226e0b..c01b1b5 100644
index 868c489..19afd47 100644
--- a/vl.c
+++ b/vl.c
@@ -2962,6 +2962,7 @@ int main(int argc, char **argv, char **envp)
@@ -2960,6 +2960,7 @@ int main(int argc, char **argv, char **envp)
int optind;
const char *optarg;
const char *loadvm = NULL;
@ -974,7 +954,7 @@ index b226e0b..c01b1b5 100644
MachineClass *machine_class;
const char *cpu_model;
const char *vga_model = NULL;
@@ -3603,6 +3604,9 @@ int main(int argc, char **argv, char **envp)
@@ -3631,6 +3632,9 @@ int main(int argc, char **argv, char **envp)
case QEMU_OPTION_loadvm:
loadvm = optarg;
break;
@ -984,7 +964,7 @@ index b226e0b..c01b1b5 100644
case QEMU_OPTION_full_screen:
full_screen = 1;
break;
@@ -4597,6 +4601,10 @@ int main(int argc, char **argv, char **envp)
@@ -4689,6 +4693,10 @@ int main(int argc, char **argv, char **envp)
if (load_vmstate(loadvm) < 0) {
autostart = 0;
}

18
debian/patches/pve/0023-backup-vma-allow-empty-backups.patch vendored
View File

@ -1,7 +1,7 @@
From e9b9fd9156a6631998ec4b4254fe2e91859b340a Mon Sep 17 00:00:00 2001
From b5ac1badd1810f87aae5091f44bee54e3c45e979 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 16:31:51 +0100
Subject: [PATCH 23/47] backup: vma: allow empty backups
Subject: [PATCH 23/48] backup: vma: allow empty backups
---
vma-reader.c | 29 ++++++++++++-------------
@ -58,7 +58,7 @@ index 2aafb26..78f1de9 100644
}
return ret;
diff --git a/vma-writer.c b/vma-writer.c
index 79b7fd4..0d26fc6 100644
index 216577a..0dd668b 100644
--- a/vma-writer.c
+++ b/vma-writer.c
@@ -252,7 +252,7 @@ vma_queue_write(VmaWriter *vmaw, const void *buf, size_t bytes)
@ -120,10 +120,10 @@ index 79b7fd4..0d26fc6 100644
return open_drives;
diff --git a/vma.c b/vma.c
index c88a4358..08e4725 100644
index 1ffaced..c7c0538 100644
--- a/vma.c
+++ b/vma.c
@@ -27,7 +27,7 @@ static void help(void)
@@ -28,7 +28,7 @@ static void help(void)
"\n"
"vma list <filename>\n"
"vma config <filename> [-c config]\n"
@ -132,7 +132,7 @@ index c88a4358..08e4725 100644
"vma extract <filename> [-r <fifo>] <targetdir>\n"
"vma verify <filename> [-v]\n"
;
@@ -395,6 +395,18 @@ typedef struct BackupJob {
@@ -396,6 +396,18 @@ typedef struct BackupJob {
#define BACKUP_SECTORS_PER_CLUSTER (VMA_CLUSTER_SIZE / BDRV_SECTOR_SIZE)
@ -151,7 +151,7 @@ index c88a4358..08e4725 100644
static void coroutine_fn backup_run(void *opaque)
{
BackupJob *job = (BackupJob *)opaque;
@@ -468,8 +480,8 @@ static int create_archive(int argc, char **argv)
@@ -469,8 +481,8 @@ static int create_archive(int argc, char **argv)
}
@ -162,7 +162,7 @@ index c88a4358..08e4725 100644
help();
}
@@ -504,11 +516,11 @@ static int create_archive(int argc, char **argv)
@@ -505,11 +517,11 @@ static int create_archive(int argc, char **argv)
l = g_list_next(l);
}
@ -176,7 +176,7 @@ index c88a4358..08e4725 100644
Error *errp = NULL;
BlockDriverState *bs;
@@ -539,37 +551,39 @@ static int create_archive(int argc, char **argv)
@@ -540,37 +552,39 @@ static int create_archive(int argc, char **argv)
int percent = 0;
int last_percent = -1;

75
debian/patches/pve/0024-qmp-add-get_link_status.patch vendored
View File

@ -1,20 +1,18 @@
From e933992419bd8da2689a527ae95000891e687a2d Mon Sep 17 00:00:00 2001
From 759fdd7b7ea2f90a463d4bc766f9c53053498c58 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 16:34:41 +0100
Subject: [PATCH 24/47] qmp: add get_link_status
Subject: [PATCH 24/48] qmp: add get_link_status
---
net/net.c | 27 +++++++++++++++++++++++++++
qapi-schema.json | 15 +++++++++++++++
qmp-commands.hx | 23 +++++++++++++++++++++++
scripts/qapi.py | 2 ++
4 files changed, 67 insertions(+)
qapi-schema.json | 16 ++++++++++++++++
2 files changed, 43 insertions(+)
diff --git a/net/net.c b/net/net.c
index 19b4d9e..5f890b7 100644
index 0ac3b9e..7410c1e 100644
--- a/net/net.c
+++ b/net/net.c
@@ -1362,6 +1362,33 @@ void hmp_info_network(Monitor *mon, const QDict *qdict)
@@ -1373,6 +1373,33 @@ void hmp_info_network(Monitor *mon, const QDict *qdict)
}
}
@ -49,14 +47,22 @@ index 19b4d9e..5f890b7 100644
{
NetClientState *ncs[MAX_QUEUE_NUM];
diff --git a/qapi-schema.json b/qapi-schema.json
index 0c0faf7..d75e932 100644
index c33ebb3..79bfd97 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -1786,6 +1786,21 @@
@@ -56,6 +56,7 @@
{ 'pragma': {
# Commands allowed to return a non-dictionary:
'returns-whitelist': [
+ 'get_link_status',
'human-monitor-command',
'qom-get',
'query-migrate-cache-size',
@@ -2627,6 +2628,21 @@
{ 'command': 'set_link', 'data': {'name': 'str', 'up': 'bool'} }
##
+# @get_link_status
+# @get_link_status:
+#
+# Get the current link state of the nics or nic.
+#
@ -74,53 +80,6 @@ index 0c0faf7..d75e932 100644
# @balloon:
#
# Request the balloon driver to change its balloon size.
diff --git a/qmp-commands.hx b/qmp-commands.hx
index 6342cd2..a84932a 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -1883,6 +1883,29 @@ Example:
EQMP
{
+ .name = "get_link_status",
+ .args_type = "name:s",
+ .mhandler.cmd_new = qmp_marshal_get_link_status,
+ },
+
+SQMP
+get_link_status
+--------
+
+Get the link status of a network adapter.
+
+Arguments:
+
+- "name": network device name (json-string)
+
+Example:
+
+-> { "execute": "get_link_status", "arguments": { "name": "e1000.0" } }
+<- { "return": {1} }
+
+EQMP
+
+ {
.name = "getfd",
.args_type = "fdname:s",
.params = "getfd name",
diff --git a/scripts/qapi.py b/scripts/qapi.py
index 21bc32f..f900659 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -39,6 +39,8 @@ builtin_types = {
# Whitelist of commands allowed to return a non-dictionary
returns_whitelist = [
+ 'get_link_status',
+
# From QMP:
'human-monitor-command',
'qom-get',
--
2.1.4

8
debian/patches/pve/0025-smm_available-false.patch vendored
View File

@ -1,7 +1,7 @@
From e1682387e4bed2357e1030933481ab63f648249b Mon Sep 17 00:00:00 2001
From 8a8c61f58cfde89540c885bc3b0f7e7e9d820782 Mon Sep 17 00:00:00 2001
From: Alexandre Derumier <aderumier@odiso.com>
Date: Tue, 29 Sep 2015 15:37:44 +0200
Subject: [PATCH 25/47] smm_available = false
Subject: [PATCH 25/48] smm_available = false
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
@ -9,10 +9,10 @@ Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index ba8a5a1..9c206fc 100644
index 81e91a4..4161a45 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -2084,7 +2084,7 @@ bool pc_machine_is_smm_enabled(PCMachineState *pcms)
@@ -2123,7 +2123,7 @@ bool pc_machine_is_smm_enabled(PCMachineState *pcms)
if (tcg_enabled() || qtest_enabled()) {
smm_available = true;
} else if (kvm_enabled()) {

12
debian/patches/pve/0026-use-whitespace-between-VERSION-and-PKGVERSION.patch vendored
View File

@ -1,7 +1,7 @@
From 017016151cb8f9a364f0b0006603772620966d5a Mon Sep 17 00:00:00 2001
From 7329980dbe0b2c40a7262c4ea4946dfb23c189c6 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 16:50:05 +0100
Subject: [PATCH 26/47] use whitespace between VERSION and PKGVERSION
Subject: [PATCH 26/48] use whitespace between VERSION and PKGVERSION
Our kvm version parser expects a white space or comma after
the version string, see PVE::QemuServer::kvm_user_version()
@ -10,15 +10,15 @@ the version string, see PVE::QemuServer::kvm_user_version()
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/vl.c b/vl.c
index c01b1b5..0b5a721 100644
index 19afd47..d0780a4 100644
--- a/vl.c
+++ b/vl.c
@@ -1920,7 +1920,7 @@ static void main_loop(void)
@@ -1909,7 +1909,7 @@ static void main_loop(void)
static void version(void)
{
- printf("QEMU emulator version " QEMU_VERSION QEMU_PKGVERSION ", "
+ printf("QEMU emulator version " QEMU_VERSION " " QEMU_PKGVERSION ", "
- printf("QEMU emulator version " QEMU_VERSION QEMU_PKGVERSION "\n"
+ printf("QEMU emulator version " QEMU_VERSION " " QEMU_PKGVERSION "\n"
QEMU_COPYRIGHT "\n");
}

36
debian/patches/pve/0027-vma-add-firewall.patch vendored
View File

@ -1,20 +1,19 @@
From 3400a70a51015f119c12d3600943baae97aabb0f Mon Sep 17 00:00:00 2001
From 4e55ff68ec7aef1e2ea602890495cd862dd1161c Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 9 Dec 2015 16:51:23 +0100
Subject: [PATCH 27/47] vma: add firewall
Subject: [PATCH 27/48] vma: add firewall
---
blockdev.c | 78 ++++++++++++++++++++++++++++++++++----------------------
hmp.c | 2 +-
qapi-schema.json | 1 +
qmp-commands.hx | 2 +-
4 files changed, 51 insertions(+), 32 deletions(-)
3 files changed, 50 insertions(+), 31 deletions(-)
diff --git a/blockdev.c b/blockdev.c
index 2371cf3..bbb1502 100644
index 36b4083..3b82339 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3157,6 +3157,44 @@ void qmp_backup_cancel(Error **errp)
@@ -3163,6 +3163,44 @@ void qmp_backup_cancel(Error **errp)
}
}
@ -59,7 +58,7 @@ index 2371cf3..bbb1502 100644
bool block_job_should_pause(BlockJob *job);
static void pvebackup_run_next_job(void)
{
@@ -3184,6 +3222,7 @@ static void pvebackup_run_next_job(void)
@@ -3190,6 +3228,7 @@ static void pvebackup_run_next_job(void)
UuidInfo *qmp_backup(const char *backup_file, bool has_format,
BackupFormat format,
bool has_config_file, const char *config_file,
@ -67,7 +66,7 @@ index 2371cf3..bbb1502 100644
bool has_devlist, const char *devlist,
bool has_speed, int64_t speed, Error **errp)
{
@@ -3335,38 +3374,17 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
@@ -3342,38 +3381,17 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
/* add configuration file to archive */
if (has_config_file) {
@ -116,10 +115,10 @@ index 2371cf3..bbb1502 100644
backup_state.cancel = false;
diff --git a/hmp.c b/hmp.c
index 030fd97..5c5e8ed 100644
index aaf0de1..12f1f46 100644
--- a/hmp.c
+++ b/hmp.c
@@ -1550,7 +1550,7 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
@@ -1670,7 +1670,7 @@ void hmp_backup(Monitor *mon, const QDict *qdict)
int64_t speed = qdict_get_try_int(qdict, "speed", 0);
qmp_backup(backup_file, true, dir ? BACKUP_FORMAT_DIR : BACKUP_FORMAT_VMA,
@ -129,10 +128,10 @@ index 030fd97..5c5e8ed 100644
hmp_handle_error(mon, &error);
diff --git a/qapi-schema.json b/qapi-schema.json
index d75e932..7bb0ee0 100644
index 79bfd97..6334018 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -420,6 +420,7 @@
@@ -635,6 +635,7 @@
{ 'command': 'backup', 'data': { 'backup-file': 'str',
'*format': 'BackupFormat',
'*config-file': 'str',
@ -140,19 +139,6 @@ index d75e932..7bb0ee0 100644
'*devlist': 'str', '*speed': 'int' },
'returns': 'UuidInfo' }
diff --git a/qmp-commands.hx b/qmp-commands.hx
index a84932a..94cfac2 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -1315,7 +1315,7 @@ EQMP
{
.name = "backup",
- .args_type = "backup-file:s,format:s?,config-file:F?,speed:o?,devlist:s?",
+ .args_type = "backup-file:s,format:s?,config-file:F?,firewall-file:F?,speed:o?,devlist:s?",
.mhandler.cmd_new = qmp_marshal_backup,
},
--
2.1.4

8
debian/patches/pve/0028-savevm-async-migration-and-bdrv_open-update.patch vendored
View File

@ -1,14 +1,14 @@
From d5ef7dd4d2b53e4868289dca3770724cb9597ec5 Mon Sep 17 00:00:00 2001
From 54847dbb3050d9ec9dd786d572d9c1dff0757d4d Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Thu, 10 Dec 2015 15:14:00 +0100
Subject: [PATCH 28/47] savevm-async: migration and bdrv_open update
Subject: [PATCH 28/48] savevm-async: migration and bdrv_open update
---
savevm-async.c | 25 ++++++++++++-------------
1 file changed, 12 insertions(+), 13 deletions(-)
diff --git a/savevm-async.c b/savevm-async.c
index ae7ea84..7979435 100644
index 9704a41..6ac03af 100644
--- a/savevm-async.c
+++ b/savevm-async.c
@@ -154,10 +154,10 @@ static int block_state_close(void *opaque)
@ -58,7 +58,7 @@ index ae7ea84..7979435 100644
- BlockDriver *drv = NULL;
Error *local_err = NULL;
int bdrv_oflags = BDRV_O_RDWR;
int bdrv_oflags = BDRV_O_RDWR | BDRV_O_RESIZE;
@@ -289,7 +289,7 @@ void qmp_savevm_start(bool has_statefile, const char *statefile, Error **errp)
QDict *options = NULL;
options = qdict_new();

8
debian/patches/pve/0029-vnc-make-x509-imply-tls-again.patch vendored
View File

@ -1,17 +1,17 @@
From d42052d75321a1af75b039f8e31127b98485ec93 Mon Sep 17 00:00:00 2001
From 4e0a43ec969bcdf5d3bb01892bc75346e47676d6 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 12 Jan 2016 09:09:49 +0100
Subject: [PATCH 29/47] vnc: make x509 imply tls again
Subject: [PATCH 29/48] vnc: make x509 imply tls again
---
ui/vnc.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/ui/vnc.c b/ui/vnc.c
index b9f36b5..acbe3bd 100644
index 29575f8..039b3ed 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -3729,9 +3729,8 @@ void vnc_display_open(const char *id, Error **errp)
@@ -3878,9 +3878,8 @@ void vnc_display_open(const char *id, Error **errp)
const char *path;
bool tls = false, x509 = false, x509verify = false;
tls = qemu_opt_get_bool(opts, "tls", false);

91
debian/patches/pve/0030-PVE-VNC-authentication.patch vendored
View File

@ -1,21 +1,21 @@
From 51dd4df80640e1671de73c014c6273b154df920a Mon Sep 17 00:00:00 2001
From d55b3d4bca482ded41c0c1489626e426007e786c Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 11 Jan 2016 10:40:31 +0100
Subject: [PATCH 30/47] PVE VNC authentication
Subject: [PATCH 30/48] PVE VNC authentication
---
crypto/tlscreds.c | 47 +++++++++++
crypto/tlscredspriv.h | 2 +
crypto/tlscredsx509.c | 13 ++--
crypto/tlscredsx509.c | 13 +--
crypto/tlssession.c | 1 +
include/crypto/tlscreds.h | 1 +
include/ui/console.h | 1 +
qemu-options.hx | 3 +
ui/vnc-auth-vencrypt.c | 194 ++++++++++++++++++++++++++++++++++++++--------
ui/vnc-auth-vencrypt.c | 196 ++++++++++++++++++++++++++++++++++++++--------
ui/vnc.c | 140 ++++++++++++++++++++++++++++++++-
ui/vnc.h | 4 +
vl.c | 9 +++
11 files changed, 375 insertions(+), 40 deletions(-)
11 files changed, 376 insertions(+), 41 deletions(-)
diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c
index a896553..e9ae13c 100644
@ -96,7 +96,7 @@ index 13e9b6c..0356acc 100644
#endif /* QCRYPTO_TLSCREDSPRIV_H */
diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c
index 520d34d..1ba971c 100644
index 50eb54f..09f7364 100644
--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@@ -555,22 +555,23 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds,
@ -144,7 +144,7 @@ index 520d34d..1ba971c 100644
goto cleanup;
}
diff --git a/crypto/tlssession.c b/crypto/tlssession.c
index 2de42c6..768466a 100644
index 96a02de..c453e29 100644
--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
@@ -23,6 +23,7 @@
@ -168,10 +168,10 @@ index ad47d88..f86d379 100644
diff --git a/include/ui/console.h b/include/ui/console.h
index 2703a3a..db6dd22 100644
index d759338..69f010e 100644
--- a/include/ui/console.h
+++ b/include/ui/console.h
@@ -456,6 +456,7 @@ static inline void cocoa_display_init(DisplayState *ds, int full_screen)
@@ -462,6 +462,7 @@ static inline void cocoa_display_init(DisplayState *ds, int full_screen)
#endif
/* vnc.c */
@ -180,10 +180,10 @@ index 2703a3a..db6dd22 100644
void vnc_display_open(const char *id, Error **errp);
void vnc_display_add_client(const char *id, int csock, bool skipauth);
diff --git a/qemu-options.hx b/qemu-options.hx
index 37fad3b..f943ae6 100644
index 10f0e81..fbd1a1c 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -473,6 +473,9 @@ STEXI
@@ -513,6 +513,9 @@ STEXI
@table @option
ETEXI
@ -194,7 +194,7 @@ index 37fad3b..f943ae6 100644
"-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL)
DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL)
diff --git a/ui/vnc-auth-vencrypt.c b/ui/vnc-auth-vencrypt.c
index 11c8c9a..d11f1df 100644
index ffaab57..de1c194 100644
--- a/ui/vnc-auth-vencrypt.c
+++ b/ui/vnc-auth-vencrypt.c
@@ -28,6 +28,107 @@
@ -323,7 +323,7 @@ index 11c8c9a..d11f1df 100644
case VNC_AUTH_VENCRYPT_TLSVNC:
case VNC_AUTH_VENCRYPT_X509VNC:
VNC_DEBUG("Start TLS auth VNC\n");
@@ -87,44 +199,63 @@ static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len
@@ -88,45 +200,64 @@ static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len
{
int auth = read_u32(data, 0);
@ -371,6 +371,7 @@ index 11c8c9a..d11f1df 100644
+ vs->ioc_tag = 0;
+ }
- qio_channel_set_name(QIO_CHANNEL(tls), "vnc-server-tls");
- VNC_DEBUG("Start TLS VeNCrypt handshake process\n");
- object_unref(OBJECT(vs->ioc));
- vs->ioc = QIO_CHANNEL(tls);
@ -398,6 +399,7 @@ index 11c8c9a..d11f1df 100644
+ return 0;
+ }
+ }
+ qio_channel_set_name(QIO_CHANNEL(tls), "vnc-server-tls");
- qio_channel_tls_handshake(tls,
- vnc_tls_handshake_done,
@ -416,7 +418,7 @@ index 11c8c9a..d11f1df 100644
}
return 0;
}
@@ -138,10 +269,11 @@ static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len
@@ -140,10 +271,11 @@ static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len
vnc_flush(vs);
vnc_client_error(vs);
} else {
@ -431,10 +433,10 @@ index 11c8c9a..d11f1df 100644
vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
}
diff --git a/ui/vnc.c b/ui/vnc.c
index acbe3bd..2a18a20 100644
index 039b3ed..a34ba08 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -55,6 +55,125 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
@@ -56,6 +56,125 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
#include "vnc_keysym.h"
#include "crypto/cipher.h"
@ -560,27 +562,26 @@ index acbe3bd..2a18a20 100644
static QTAILQ_HEAD(, VncDisplay) vnc_displays =
QTAILQ_HEAD_INITIALIZER(vnc_displays);
@@ -3413,11 +3532,17 @@ vnc_display_setup_auth(VncDisplay *vs,
if (object_dynamic_cast(OBJECT(vs->tlscreds),
TYPE_QCRYPTO_TLS_CREDS_X509)) {
@@ -3350,10 +3469,16 @@ vnc_display_setup_auth(int *auth,
if (password) {
if (is_x509) {
VNC_DEBUG("Initializing VNC server with x509 password auth\n");
- vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
+ if (vs->tlscreds->pve)
+ vs->subauth = VNC_AUTH_VENCRYPT_X509PLAIN;
- *subauth = VNC_AUTH_VENCRYPT_X509VNC;
+ if (tlscreds->pve)
+ *subauth = VNC_AUTH_VENCRYPT_X509PLAIN;
+ else
+ vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
} else if (object_dynamic_cast(OBJECT(vs->tlscreds),
TYPE_QCRYPTO_TLS_CREDS_ANON)) {
VNC_DEBUG("Initializing VNC server with TLS password auth\n");
- vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
+ if (vs->tlscreds->pve)
+ vs->subauth = VNC_AUTH_VENCRYPT_TLSPLAIN;
+ else
+ vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
+ *subauth = VNC_AUTH_VENCRYPT_X509VNC;
} else {
error_setg(errp,
"Unsupported TLS cred type %s",
@@ -3508,6 +3633,7 @@ vnc_display_create_creds(bool x509,
VNC_DEBUG("Initializing VNC server with TLS password auth\n");
- *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
+ if (tlscreds->pve)
+ *subauth = VNC_AUTH_VENCRYPT_TLSPLAIN;
+ else
+ *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
}
} else if (sasl) {
@@ -3387,6 +3512,7 @@ vnc_display_create_creds(bool x509,
bool x509verify,
const char *dir,
const char *id,
@ -588,7 +589,7 @@ index acbe3bd..2a18a20 100644
Error **errp)
{
gchar *credsid = g_strdup_printf("tlsvnc%s", id);
@@ -3523,6 +3649,7 @@ vnc_display_create_creds(bool x509,
@@ -3402,6 +3528,7 @@ vnc_display_create_creds(bool x509,
"endpoint", "server",
"dir", dir,
"verify-peer", x509verify ? "yes" : "no",
@ -596,7 +597,7 @@ index acbe3bd..2a18a20 100644
NULL);
} else {
creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
@@ -3530,6 +3657,7 @@ vnc_display_create_creds(bool x509,
@@ -3409,6 +3536,7 @@ vnc_display_create_creds(bool x509,
credsid,
&err,
"endpoint", "server",
@ -604,7 +605,7 @@ index acbe3bd..2a18a20 100644
NULL);
}
@@ -3727,12 +3855,17 @@ void vnc_display_open(const char *id, Error **errp)
@@ -3876,12 +4004,17 @@ void vnc_display_open(const char *id, Error **errp)
}
} else {
const char *path;
@ -623,19 +624,19 @@ index acbe3bd..2a18a20 100644
} else {
path = qemu_opt_get(opts, "x509verify");
if (path) {
@@ -3744,6 +3877,7 @@ void vnc_display_open(const char *id, Error **errp)
@@ -3893,6 +4026,7 @@ void vnc_display_open(const char *id, Error **errp)
x509verify,
path,
vs->id,
vd->id,
+ pve,
errp);
if (!vs->tlscreds) {
if (!vd->tlscreds) {
goto fail;
diff --git a/ui/vnc.h b/ui/vnc.h
index ab5f244..2fde9d3 100644
index 694cf32..78d622a 100644
--- a/ui/vnc.h
+++ b/ui/vnc.h
@@ -282,6 +282,8 @@ struct VncState
@@ -284,6 +284,8 @@ struct VncState
int auth;
int subauth; /* Used by VeNCrypt */
char challenge[VNC_AUTH_CHALLENGE_SIZE];
@ -652,10 +653,10 @@ index ab5f244..2fde9d3 100644
+
#endif /* QEMU_VNC_H */
diff --git a/vl.c b/vl.c
index 0b5a721..4742300 100644
index d0780a4..2496b06 100644
--- a/vl.c
+++ b/vl.c
@@ -2950,6 +2950,7 @@ static int global_init_func(void *opaque, QemuOpts *opts, Error **errp)
@@ -2947,6 +2947,7 @@ static int qemu_read_default_config_file(void)
int main(int argc, char **argv, char **envp)
{
int i;
@ -663,7 +664,7 @@ index 0b5a721..4742300 100644
int snapshot, linux_boot;
const char *initrd_filename;
const char *kernel_filename, *kernel_cmdline;
@@ -3722,6 +3723,14 @@ int main(int argc, char **argv, char **envp)
@@ -3774,6 +3775,14 @@ int main(int argc, char **argv, char **envp)
exit(1);
}
break;

6
debian/patches/pve/0031-vma-writer-don-t-bail-out-on-zero-length-files.patch vendored
View File

@ -1,14 +1,14 @@
From e4958531f423dd635053559d05e8c86c208ceb02 Mon Sep 17 00:00:00 2001
From c1210916b52651aaa5d27e69fce78dd57818eab1 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 8 Feb 2016 08:23:34 +0100
Subject: [PATCH 31/47] vma-writer: don't bail out on zero-length files
Subject: [PATCH 31/48] vma-writer: don't bail out on zero-length files
---
vma-writer.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/vma-writer.c b/vma-writer.c
index 0d26fc6..a378762 100644
index 0dd668b..70dcca0 100644
--- a/vma-writer.c
+++ b/vma-writer.c
@@ -130,7 +130,6 @@ int vma_writer_add_config(VmaWriter *vmaw, const char *name, gpointer data,

8
debian/patches/pve/0032-vma-better-driver-guessing-for-bdrv_open.patch vendored
View File

@ -1,7 +1,7 @@
From 2dc69ead56b7ecd60eb513ab5b6c9978e06070ef Mon Sep 17 00:00:00 2001
From 0cf02f586f50e0bc1b25f0ecf76207b2510d77df Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 23 Feb 2016 15:48:41 +0100
Subject: [PATCH 32/47] vma: better driver guessing for bdrv_open
Subject: [PATCH 32/48] vma: better driver guessing for bdrv_open
Only use 'raw' when the file actually ends with .raw and
no protocol has been specified. With protocol pass the
@ -12,10 +12,10 @@ into account.
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/vma.c b/vma.c
index 08e4725..8a27704 100644
index c7c0538..4903568 100644
--- a/vma.c
+++ b/vma.c
@@ -293,7 +293,20 @@ static int extract_content(int argc, char **argv)
@@ -294,7 +294,20 @@ static int extract_content(int argc, char **argv)
}
BlockDriverState *bs = bdrv_new();

29
debian/patches/pve/0033-block-add-the-zeroinit-block-driver-filter.patch vendored
View File

@ -1,32 +1,32 @@
From 6f6f38d2ef8f22a12f72e4d60f8a1fa978ac569a Mon Sep 17 00:00:00 2001
From 35facc3a3549baf4cccaef27afa9c35a25abe91c Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Thu, 17 Mar 2016 11:33:37 +0100
Subject: [PATCH 33/47] block: add the zeroinit block driver filter
Subject: [PATCH 33/48] block: add the zeroinit block driver filter
---
block/Makefile.objs | 1 +
block/zeroinit.c | 220 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 221 insertions(+)
block/zeroinit.c | 219 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 220 insertions(+)
create mode 100644 block/zeroinit.c
diff --git a/block/Makefile.objs b/block/Makefile.objs
index 2593a2f..930ca33 100644
index de96f8e..8cdac08 100644
--- a/block/Makefile.objs
+++ b/block/Makefile.objs
@@ -4,6 +4,7 @@ block-obj-y += qed.o qed-gencb.o qed-l2-cache.o qed-table.o qed-cluster.o
block-obj-y += qed-check.o
block-obj-$(CONFIG_VHDX) += vhdx.o vhdx-endian.o vhdx-log.o
block-obj-y += vhdx.o vhdx-endian.o vhdx-log.o
block-obj-y += quorum.o
+block-obj-y += zeroinit.o
block-obj-y += parallels.o blkdebug.o blkverify.o blkreplay.o
block-obj-y += block-backend.o snapshot.o qapi.o
block-obj-$(CONFIG_WIN32) += raw-win32.o win32-aio.o
block-obj-$(CONFIG_WIN32) += file-win32.o win32-aio.o
diff --git a/block/zeroinit.c b/block/zeroinit.c
new file mode 100644
index 0000000..c56a446
index 0000000..0a8c7f9
--- /dev/null
+++ b/block/zeroinit.c
@@ -0,0 +1,220 @@
@@ -0,0 +1,219 @@
+/*
+ * Filter to fake a zero-initialized block device.
+ *
@ -195,16 +195,15 @@ index 0000000..c56a446
+ return bdrv_get_block_status(bs->file->bs, sector_num, nb_sectors, pnum, file);
+}
+
+static coroutine_fn BlockAIOCB *zeroinit_aio_pdiscard(BlockDriverState *bs,
+ int64_t offset, int count,
+ BlockCompletionFunc *cb, void *opaque)
+static int coroutine_fn zeroinit_co_pdiscard(BlockDriverState *bs,
+ int64_t offset, int count)
+{
+ return bdrv_aio_pdiscard(bs->file->bs, offset, count, cb, opaque);
+ return bdrv_co_pdiscard(bs->file->bs, offset, count);
+}
+
+static int zeroinit_truncate(BlockDriverState *bs, int64_t offset)
+{
+ return bdrv_truncate(bs->file->bs, offset);
+ return bdrv_truncate(bs->file, offset);
+}
+
+static int zeroinit_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
@ -235,7 +234,7 @@ index 0000000..c56a446
+
+ .bdrv_co_get_block_status = zeroinit_co_get_block_status,
+
+ .bdrv_aio_pdiscard = zeroinit_aio_pdiscard,
+ .bdrv_co_pdiscard = zeroinit_co_pdiscard,
+
+ .bdrv_truncate = zeroinit_truncate,
+ .bdrv_get_info = zeroinit_get_info,

18
debian/patches/pve/0034-vma-add-format-option-to-device-mapping.patch vendored
View File

@ -1,7 +1,7 @@
From 10ae69c411df788752628c8950bf9e76c8cf6af1 Mon Sep 17 00:00:00 2001
From a61194439318c95dfcb7df973ac961c12937dbcd Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 12 Apr 2016 13:49:44 +0200
Subject: [PATCH 34/47] vma: add format option to device mapping
Subject: [PATCH 34/48] vma: add format option to device mapping
The BDRV_O_PROTOCOL option breaks non-raw protocol devices,
so we instead now allow the format to be explicitly
@ -15,10 +15,10 @@ silence the warnings by passing the drive mapping.
1 file changed, 27 insertions(+), 7 deletions(-)
diff --git a/vma.c b/vma.c
index 8a27704..c8ad6c0 100644
index 4903568..f71e5a5 100644
--- a/vma.c
+++ b/vma.c
@@ -130,6 +130,7 @@ static int list_content(int argc, char **argv)
@@ -131,6 +131,7 @@ static int list_content(int argc, char **argv)
typedef struct RestoreMap {
char *devname;
char *path;
@ -26,7 +26,7 @@ index 8a27704..c8ad6c0 100644
bool write_zero;
} RestoreMap;
@@ -217,13 +218,24 @@ static int extract_content(int argc, char **argv)
@@ -218,13 +219,24 @@ static int extract_content(int argc, char **argv)
}
}
@ -53,7 +53,7 @@ index 8a27704..c8ad6c0 100644
write_zero = true;
} else {
g_error("read map failed - parse error ('%s')", inbuf);
@@ -239,6 +251,7 @@ static int extract_content(int argc, char **argv)
@@ -240,6 +252,7 @@ static int extract_content(int argc, char **argv)
RestoreMap *map = g_new0(RestoreMap, 1);
map->devname = g_strdup(devname);
map->path = g_strdup(path);
@ -61,7 +61,7 @@ index 8a27704..c8ad6c0 100644
map->write_zero = write_zero;
g_hash_table_insert(devmap, map->devname, map);
@@ -263,6 +276,7 @@ static int extract_content(int argc, char **argv)
@@ -264,6 +277,7 @@ static int extract_content(int argc, char **argv)
g_free(statefn);
} else if (di) {
char *devfn = NULL;
@ -69,7 +69,7 @@ index 8a27704..c8ad6c0 100644
int flags = BDRV_O_RDWR;
bool write_zero = true;
@@ -273,6 +287,7 @@ static int extract_content(int argc, char **argv)
@@ -274,6 +288,7 @@ static int extract_content(int argc, char **argv)
g_error("no device name mapping for %s", di->devname);
}
devfn = map->path;
@ -77,7 +77,7 @@ index 8a27704..c8ad6c0 100644
write_zero = map->write_zero;
} else {
devfn = g_strdup_printf("%s/tmp-disk-%s.raw",
@@ -295,15 +310,20 @@ static int extract_content(int argc, char **argv)
@@ -296,15 +311,20 @@ static int extract_content(int argc, char **argv)
BlockDriverState *bs = bdrv_new();
size_t devlen = strlen(devfn);

8
debian/patches/pve/0035-fix-possible-unitialised-return-value.patch vendored
View File

@ -1,17 +1,17 @@
From 927da5e2426aac5bef37c97604740deddedbda41 Mon Sep 17 00:00:00 2001
From 6db418de8e775dd2f3699033699777498f4e2afd Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Wed, 6 Apr 2016 16:45:15 +0200
Subject: [PATCH 35/47] fix possible unitialised return value
Subject: [PATCH 35/48] fix possible unitialised return value
---
migration/savevm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/migration/savevm.c b/migration/savevm.c
index b1bdfb6..cebba77 100644
index feb0dc6..d2615f4 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -1020,7 +1020,7 @@ int qemu_savevm_state_complete_precopy(QEMUFile *f, bool iterable_only)
@@ -1111,7 +1111,7 @@ int qemu_savevm_state_complete_precopy(QEMUFile *f, bool iterable_only)
QJSON *vmdesc;
int vmdesc_len;
SaveStateEntry *se;

6
debian/patches/pve/0036-vnc-refactor-to-QIOChannelSocket.patch vendored
View File

@ -1,14 +1,14 @@
From e6af4497017e37cb31f7cbd80137f41ce297d702 Mon Sep 17 00:00:00 2001
From f9fec937bcc33ff1edb11b53107486a35b23f2a8 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Wed, 6 Apr 2016 16:47:54 +0200
Subject: [PATCH 36/47] vnc: refactor to QIOChannelSocket
Subject: [PATCH 36/48] vnc: refactor to QIOChannelSocket
---
ui/vnc-auth-vencrypt.c | 31 ++++++++++++++++---------------
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/ui/vnc-auth-vencrypt.c b/ui/vnc-auth-vencrypt.c
index d11f1df..a529520 100644
index de1c194..594ca73 100644
--- a/ui/vnc-auth-vencrypt.c
+++ b/ui/vnc-auth-vencrypt.c
@@ -28,27 +28,23 @@

18
debian/patches/pve/0037-vma-use-BlockBackend-on-extract.patch vendored
View File

@ -1,7 +1,7 @@
From 0d4b69786584eec1386183b259c22f7cae6df69d Mon Sep 17 00:00:00 2001
From d63b3c58bce32b976231923f5e186ebd55259c98 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Fri, 1 Jul 2016 15:47:29 +0200
Subject: [PATCH 37/47] vma: use BlockBackend on extract
Subject: [PATCH 37/48] vma: use BlockBackend on extract
As we else rely on bdrv_close_all() do clean up, which was rewritten
in ca9bd24cf1d53775169ba9adc17e265554d1afed and fails on "dangling"
@ -16,18 +16,18 @@ and dump_config(), both do not have a BDS so no need to change here.
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/vma.c b/vma.c
index c8ad6c0..a2ddd32 100644
index f71e5a5..ad51090 100644
--- a/vma.c
+++ b/vma.c
@@ -19,6 +19,7 @@
#include "qemu/error-report.h"
@@ -20,6 +20,7 @@
#include "qemu/main-loop.h"
#include "qapi/qmp/qstring.h"
#include "sysemu/char.h" /* qstring_from_str */
+#include "sysemu/block-backend.h"
static void help(void)
{
@@ -263,6 +264,8 @@ static int extract_content(int argc, char **argv)
@@ -264,6 +265,8 @@ static int extract_content(int argc, char **argv)
int vmstate_fd = -1;
guint8 vmstate_stream = 0;
@ -36,7 +36,7 @@ index c8ad6c0..a2ddd32 100644
for (i = 1; i < 255; i++) {
VmaDeviceInfo *di = vma_reader_get_device_info(vmar, i);
if (di && (strcmp(di->devname, "vmstate") == 0)) {
@@ -307,8 +310,6 @@ static int extract_content(int argc, char **argv)
@@ -308,8 +311,6 @@ static int extract_content(int argc, char **argv)
write_zero = false;
}
@ -45,7 +45,7 @@ index c8ad6c0..a2ddd32 100644
size_t devlen = strlen(devfn);
QDict *options = NULL;
if (format) {
@@ -326,10 +327,14 @@ static int extract_content(int argc, char **argv)
@@ -327,10 +328,14 @@ static int extract_content(int argc, char **argv)
qdict_put(options, "driver", qstring_from_str("raw"));
}
@ -61,7 +61,7 @@ index c8ad6c0..a2ddd32 100644
if (vma_reader_register_bs(vmar, i, bs, write_zero, &errp) < 0) {
g_error("%s", error_get_pretty(errp));
}
@@ -362,6 +367,8 @@ static int extract_content(int argc, char **argv)
@@ -363,6 +368,8 @@ static int extract_content(int argc, char **argv)
vma_reader_destroy(vmar);

18
debian/patches/pve/0038-vma-byte-based-write-calls.patch vendored
View File

@ -1,7 +1,7 @@
From 1209cadf111aaf73b53e568f78104340b4ffb0bd Mon Sep 17 00:00:00 2001
From a004ee9295029201e8fc3b8fe4acf7f85674527c Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 9 Sep 2016 14:51:28 +0200
Subject: [PATCH 38/47] vma: byte based write calls
Subject: [PATCH 38/48] vma: byte based write calls
---
vma-reader.c | 42 +++++++++++++++++++++---------------------
@ -148,10 +148,10 @@ index 78f1de9..2000889 100644
return -1;
}
diff --git a/vma.c b/vma.c
index a2ddd32..ff974bd 100644
index ad51090..aafdc2d 100644
--- a/vma.c
+++ b/vma.c
@@ -333,9 +333,7 @@ static int extract_content(int argc, char **argv)
@@ -334,9 +334,7 @@ static int extract_content(int argc, char **argv)
error_get_pretty(errp));
}
@ -162,7 +162,7 @@ index a2ddd32..ff974bd 100644
g_error("%s", error_get_pretty(errp));
}
@@ -427,7 +425,7 @@ static int verify_content(int argc, char **argv)
@@ -428,7 +426,7 @@ static int verify_content(int argc, char **argv)
}
typedef struct BackupJob {
@ -171,7 +171,7 @@ index a2ddd32..ff974bd 100644
int64_t len;
VmaWriter *vmaw;
uint8_t dev_id;
@@ -456,7 +454,7 @@ static void coroutine_fn backup_run(void *opaque)
@@ -457,7 +455,7 @@ static void coroutine_fn backup_run(void *opaque)
int64_t start, end;
int ret = 0;
@ -180,7 +180,7 @@ index a2ddd32..ff974bd 100644
start = 0;
end = DIV_ROUND_UP(job->len / BDRV_SECTOR_SIZE,
@@ -467,8 +465,8 @@ static void coroutine_fn backup_run(void *opaque)
@@ -468,8 +466,8 @@ static void coroutine_fn backup_run(void *opaque)
iov.iov_len = VMA_CLUSTER_SIZE;
qemu_iovec_init_external(&qiov, &iov, 1);
@ -191,7 +191,7 @@ index a2ddd32..ff974bd 100644
if (ret < 0) {
vma_writer_set_error(job->vmaw, "read error", -1);
goto out;
@@ -563,14 +561,14 @@ static int create_archive(int argc, char **argv)
@@ -564,14 +562,14 @@ static int create_archive(int argc, char **argv)
path = extract_devname(path, &devname, devcount++);
Error *errp = NULL;
@ -210,7 +210,7 @@ index a2ddd32..ff974bd 100644
int dev_id = vma_writer_register_stream(vmaw, devname, size);
if (dev_id <= 0) {
unlink(archivename);
@@ -579,7 +577,7 @@ static int create_archive(int argc, char **argv)
@@ -580,7 +578,7 @@ static int create_archive(int argc, char **argv)
BackupJob *job = g_new0(BackupJob, 1);
job->len = size;

8
debian/patches/pve/0039-rbd-disable-rbd_cache_writethrough_until_flush-with-.patch vendored
View File

@ -1,7 +1,7 @@
From 8aaa1a8108aabdca93d866eeaa9308deae81cd70 Mon Sep 17 00:00:00 2001
From 0dd047c39e7821c8e31f9133be12bc9be61c045c Mon Sep 17 00:00:00 2001
From: Alexandre Derumier <aderumier@odiso.com>
Date: Tue, 26 Jul 2016 16:51:00 +0200
Subject: [PATCH 39/47] rbd: disable rbd_cache_writethrough_until_flush with
Subject: [PATCH 39/48] rbd: disable rbd_cache_writethrough_until_flush with
cache=unsafe
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
@ -10,10 +10,10 @@ Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
1 file changed, 4 insertions(+)
diff --git a/block/rbd.c b/block/rbd.c
index 5cefdbb..b0bb516 100644
index 498322b..e9c02c6 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -552,6 +552,10 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
@@ -616,6 +616,10 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
rados_conf_set(s->cluster, "rbd_cache", "true");
}

14
debian/patches/pve/0040-enable-cache-unsafe-for-vma-extract_content-and-qmp_.patch vendored
View File

@ -1,7 +1,7 @@
From 383a94de8f4f887a95b8089b2f0141321d94f5fe Mon Sep 17 00:00:00 2001
From 5a587bc1cfc30faa8506b5c2925b767b4c3d7b56 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 1 Aug 2016 10:52:46 +0200
Subject: [PATCH 40/47] enable cache=unsafe for vma extract_content and
Subject: [PATCH 40/48] enable cache=unsafe for vma extract_content and
qmp_savevm_start
We don't send any flush here, so we need to open with cache=unsafe.
@ -13,23 +13,23 @@ Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/savevm-async.c b/savevm-async.c
index 7979435..76cd8fa 100644
index 6ac03af..46c1be7 100644
--- a/savevm-async.c
+++ b/savevm-async.c
@@ -253,7 +253,7 @@ void qmp_savevm_start(bool has_statefile, const char *statefile, Error **errp)
{
Error *local_err = NULL;
- int bdrv_oflags = BDRV_O_RDWR;
+ int bdrv_oflags = BDRV_O_RDWR | BDRV_O_NO_FLUSH;
- int bdrv_oflags = BDRV_O_RDWR | BDRV_O_RESIZE;
+ int bdrv_oflags = BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_NO_FLUSH;
int ret;
if (snap_state.state != SAVE_STATE_DONE) {
diff --git a/vma.c b/vma.c
index ff974bd..a8fa4ff 100644
index aafdc2d..4f55799 100644
--- a/vma.c
+++ b/vma.c
@@ -280,7 +280,7 @@ static int extract_content(int argc, char **argv)
@@ -281,7 +281,7 @@ static int extract_content(int argc, char **argv)
} else if (di) {
char *devfn = NULL;
const char *format = NULL;

10
debian/patches/pve/0041-savevm-async-updates.patch vendored
View File

@ -1,14 +1,14 @@
From 9ea20572325cbc6df31293b863ccb8d2ae0e1dbd Mon Sep 17 00:00:00 2001
From d7b0ad8cf8ef0aad35b0549128003dbb49b8386d Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 9 Sep 2016 15:21:19 +0200
Subject: [PATCH 41/47] savevm-async updates
Subject: [PATCH 41/48] savevm-async updates
---
savevm-async.c | 79 +++++++++++++++++++++++++++++-----------------------------
1 file changed, 39 insertions(+), 40 deletions(-)
diff --git a/savevm-async.c b/savevm-async.c
index 76cd8fa..8c76137 100644
index 46c1be7..2f4766c 100644
--- a/savevm-async.c
+++ b/savevm-async.c
@@ -20,6 +20,8 @@
@ -106,7 +106,7 @@ index 76cd8fa..8c76137 100644
@@ -254,7 +257,6 @@ void qmp_savevm_start(bool has_statefile, const char *statefile, Error **errp)
Error *local_err = NULL;
int bdrv_oflags = BDRV_O_RDWR | BDRV_O_NO_FLUSH;
int bdrv_oflags = BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_NO_FLUSH;
- int ret;
if (snap_state.state != SAVE_STATE_DONE) {
@ -196,7 +196,7 @@ index 76cd8fa..8c76137 100644
goto the_end;
}
@@ -516,10 +515,10 @@ int load_state_from_blockdev(const char *filename)
@@ -515,10 +514,10 @@ int load_state_from_blockdev(const char *filename)
ret = 0;
the_end:

6
debian/patches/pve/0042-qmp_snapshot_drive-add-aiocontext.patch vendored
View File

@ -1,7 +1,7 @@
From 704d008790dbccfd38aa55463c9e8bd873d08a3d Mon Sep 17 00:00:00 2001
From 4fb6191acb1fdff8170a26ba9acd835c9eaf8218 Mon Sep 17 00:00:00 2001
From: Alexandre Derumier <aderumier@odiso.com>
Date: Tue, 13 Sep 2016 01:57:56 +0200
Subject: [PATCH 42/47] qmp_snapshot_drive: add aiocontext
Subject: [PATCH 42/48] qmp_snapshot_drive: add aiocontext
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
@ -9,7 +9,7 @@ Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/savevm-async.c b/savevm-async.c
index 8c76137..99ba132 100644
index 2f4766c..5913a90 100644
--- a/savevm-async.c
+++ b/savevm-async.c
@@ -345,6 +345,7 @@ void qmp_snapshot_drive(const char *device, const char *name, Error **errp)

8
debian/patches/pve/0043-vma-sizes-passed-to-blk_co_preadv-should-be-bytes-no.patch vendored
View File

@ -1,17 +1,17 @@
From ed8e3b7faeb3a36e1105aac4813cd9876735bd81 Mon Sep 17 00:00:00 2001
From 220fb93343dc6c05989c903873d8ed68943848ef Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 21 Oct 2016 09:09:26 +0200
Subject: [PATCH 43/47] vma: sizes passed to blk_co_preadv should be bytes now
Subject: [PATCH 43/48] vma: sizes passed to blk_co_preadv should be bytes now
---
vma.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/vma.c b/vma.c
index a8fa4ff..752a21b 100644
index 4f55799..0491542 100644
--- a/vma.c
+++ b/vma.c
@@ -465,8 +465,8 @@ static void coroutine_fn backup_run(void *opaque)
@@ -466,8 +466,8 @@ static void coroutine_fn backup_run(void *opaque)
iov.iov_len = VMA_CLUSTER_SIZE;
qemu_iovec_init_external(&qiov, &iov, 1);

31
debian/patches/pve/0044-glusterfs-daemonize.patch vendored
View File

@ -1,31 +0,0 @@
From a7613eb93e702d5de5b40d17c4d4e95e8e5a010d Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 24 Oct 2016 09:32:36 +0200
Subject: [PATCH 44/47] glusterfs: daemonize
---
block/gluster.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/block/gluster.c b/block/gluster.c
index 01b479f..6dcf926 100644
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -341,9 +341,11 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
}
}
- ret = glfs_set_logging(glfs, "-", gconf->debug_level);
- if (ret < 0) {
- goto out;
+ if (!is_daemonized()) {
+ ret = glfs_set_logging(glfs, "-", gconf->debug_level);
+ if (ret < 0) {
+ goto out;
+ }
}
ret = glfs_init(glfs);
--
2.1.4

52
debian/patches/pve/0044-glusterfs-no-default-logfile-if-daemonized.patch vendored Normal file
View File

@ -0,0 +1,52 @@
From cb89d816594f141bad45536886900cbf33ba09bd Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 24 Oct 2016 09:32:36 +0200
Subject: [PATCH 44/48] glusterfs: no default logfile if daemonized
---
block/gluster.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/block/gluster.c b/block/gluster.c
index a577dae..e712dc7 100644
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -33,7 +33,7 @@
#define GLUSTER_DEBUG_DEFAULT 4
#define GLUSTER_DEBUG_MAX 9
#define GLUSTER_OPT_LOGFILE "logfile"
-#define GLUSTER_LOGFILE_DEFAULT "-" /* handled in libgfapi as /dev/stderr */
+#define GLUSTER_LOGFILE_DEFAULT NULL
#define GERR_INDEX_HINT "hint: check in 'server' array index '%d'\n"
@@ -398,6 +398,7 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
int old_errno;
SocketAddressFlatList *server;
unsigned long long port;
+ const char *logfile;
glfs = glfs_find_preopened(gconf->volume);
if (glfs) {
@@ -433,9 +434,15 @@ static struct glfs *qemu_gluster_glfs_init(BlockdevOptionsGluster *gconf,
}
}
- ret = glfs_set_logging(glfs, gconf->logfile, gconf->debug);
- if (ret < 0) {
- goto out;
+ logfile = gconf->logfile;
+ if (!logfile && !is_daemonized()) {
+ logfile = "-";
+ }
+ if (logfile) {
+ ret = glfs_set_logging(glfs, logfile, gconf->debug);
+ if (ret < 0) {
+ goto out;
+ }
}
ret = glfs_init(glfs);
--
2.1.4

6
debian/patches/pve/0045-qmp_delete_drive_snapshot-add-aiocontext.patch vendored
View File

@ -1,7 +1,7 @@
From 41cd2dcf03fe0187221a8d005f423cc091d76dfc Mon Sep 17 00:00:00 2001
From 58d620cb1d511be7a6521e76a6cd54ebbbbae2b7 Mon Sep 17 00:00:00 2001
From: Alexandre Derumier <aderumier@odiso.com>
Date: Mon, 7 Nov 2016 11:47:50 +0100
Subject: [PATCH 45/47] qmp_delete_drive_snapshot : add aiocontext
Subject: [PATCH 45/48] qmp_delete_drive_snapshot : add aiocontext
this fix snapshot delete of qcow2 with iothread enabled
@ -11,7 +11,7 @@ Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/savevm-async.c b/savevm-async.c
index 99ba132..660b25b 100644
index 5913a90..3adf89f 100644
--- a/savevm-async.c
+++ b/savevm-async.c
@@ -427,6 +427,7 @@ void qmp_delete_drive_snapshot(const char *device, const char *name,

Some files were not shown because too many files have changed in this diff Show More