diff --git a/debian/patches/extra/0006-virtio-gpu-fix-v2-migration.patch b/debian/patches/extra/0006-virtio-gpu-fix-v2-migration.patch new file mode 100644 index 0000000..132baed --- /dev/null +++ b/debian/patches/extra/0006-virtio-gpu-fix-v2-migration.patch @@ -0,0 +1,98 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Thu, 16 May 2024 12:40:22 +0400 +Subject: [PATCH] virtio-gpu: fix v2 migration +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Commit dfcf74fa ("virtio-gpu: fix scanout migration post-load") broke +forward/backward version migration. Versioning of nested VMSD structures +is not straightforward, as the wire format doesn't have nested +structures versions. Introduce x-scanout-vmstate-version and a field +test to save/load appropriately according to the machine version. + +Fixes: dfcf74fa ("virtio-gpu: fix scanout migration post-load") +Signed-off-by: Marc-André Lureau +Signed-off-by: Peter Xu +--- + hw/core/machine.c | 1 + + hw/display/virtio-gpu.c | 24 ++++++++++++++++-------- + include/hw/virtio/virtio-gpu.h | 1 + + 3 files changed, 18 insertions(+), 8 deletions(-) + +diff --git a/hw/core/machine.c b/hw/core/machine.c +index 37ede0e7d4..d33a37a6f6 100644 +--- a/hw/core/machine.c ++++ b/hw/core/machine.c +@@ -37,6 +37,7 @@ GlobalProperty hw_compat_8_2[] = { + { "migration", "zero-page-detection", "legacy"}, + { TYPE_VIRTIO_IOMMU_PCI, "granule", "4k" }, + { TYPE_VIRTIO_IOMMU_PCI, "aw-bits", "64" }, ++ { "virtio-gpu-device", "x-scanout-vmstate-version", "1" }, + }; + const size_t hw_compat_8_2_len = G_N_ELEMENTS(hw_compat_8_2); + +diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c +index ae831b6b3e..85323daf99 100644 +--- a/hw/display/virtio-gpu.c ++++ b/hw/display/virtio-gpu.c +@@ -1166,10 +1166,17 @@ static void virtio_gpu_cursor_bh(void *opaque) + virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq); + } + ++static bool scanout_vmstate_after_v2(void *opaque, int version) ++{ ++ struct VirtIOGPUBase *base = container_of(opaque, VirtIOGPUBase, scanout); ++ struct VirtIOGPU *gpu = container_of(base, VirtIOGPU, parent_obj); ++ ++ return gpu->scanout_vmstate_version >= 2; ++} ++ + static const VMStateDescription vmstate_virtio_gpu_scanout = { + .name = "virtio-gpu-one-scanout", +- .version_id = 2, +- .minimum_version_id = 1, ++ .version_id = 1, + .fields = (const VMStateField[]) { + VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout), + VMSTATE_UINT32(width, struct virtio_gpu_scanout), +@@ -1181,12 +1188,12 @@ static const VMStateDescription vmstate_virtio_gpu_scanout = { + VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout), + VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout), + VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout), +- VMSTATE_UINT32_V(fb.format, struct virtio_gpu_scanout, 2), +- VMSTATE_UINT32_V(fb.bytes_pp, struct virtio_gpu_scanout, 2), +- VMSTATE_UINT32_V(fb.width, struct virtio_gpu_scanout, 2), +- VMSTATE_UINT32_V(fb.height, struct virtio_gpu_scanout, 2), +- VMSTATE_UINT32_V(fb.stride, struct virtio_gpu_scanout, 2), +- VMSTATE_UINT32_V(fb.offset, struct virtio_gpu_scanout, 2), ++ VMSTATE_UINT32_TEST(fb.format, struct virtio_gpu_scanout, scanout_vmstate_after_v2), ++ VMSTATE_UINT32_TEST(fb.bytes_pp, struct virtio_gpu_scanout, scanout_vmstate_after_v2), ++ VMSTATE_UINT32_TEST(fb.width, struct virtio_gpu_scanout, scanout_vmstate_after_v2), ++ VMSTATE_UINT32_TEST(fb.height, struct virtio_gpu_scanout, scanout_vmstate_after_v2), ++ VMSTATE_UINT32_TEST(fb.stride, struct virtio_gpu_scanout, scanout_vmstate_after_v2), ++ VMSTATE_UINT32_TEST(fb.offset, struct virtio_gpu_scanout, scanout_vmstate_after_v2), + VMSTATE_END_OF_LIST() + }, + }; +@@ -1659,6 +1666,7 @@ static Property virtio_gpu_properties[] = { + DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags, + VIRTIO_GPU_FLAG_BLOB_ENABLED, false), + DEFINE_PROP_SIZE("hostmem", VirtIOGPU, parent_obj.conf.hostmem, 0), ++ DEFINE_PROP_UINT8("x-scanout-vmstate-version", VirtIOGPU, scanout_vmstate_version, 2), + DEFINE_PROP_END_OF_LIST(), + }; + +diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h +index ed44cdad6b..842315d51d 100644 +--- a/include/hw/virtio/virtio-gpu.h ++++ b/include/hw/virtio/virtio-gpu.h +@@ -177,6 +177,7 @@ typedef struct VGPUDMABuf { + struct VirtIOGPU { + VirtIOGPUBase parent_obj; + ++ uint8_t scanout_vmstate_version; + uint64_t conf_max_hostmem; + + VirtQueue *ctrl_vq; diff --git a/debian/patches/extra/0007-hw-pflash-fix-block-write-start.patch b/debian/patches/extra/0007-hw-pflash-fix-block-write-start.patch new file mode 100644 index 0000000..b53570b --- /dev/null +++ b/debian/patches/extra/0007-hw-pflash-fix-block-write-start.patch @@ -0,0 +1,59 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Thu, 16 May 2024 10:46:34 +0200 +Subject: [PATCH] hw/pflash: fix block write start +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Move the pflash_blk_write_start() call. We need the offset of the +first data write, not the offset for the setup (number-of-bytes) +write. Without this fix u-boot can do block writes to the first +flash block only. + +While being at it drop a leftover FIXME. + +Cc: qemu-stable@nongnu.org +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2343 +Fixes: fcc79f2e0955 ("hw/pflash: implement update buffer for block writes") +Signed-off-by: Gerd Hoffmann +Reviewed-by: Philippe Mathieu-Daudé +(picked up from https://lists.nongnu.org/archive/html/qemu-stable/2024-05/msg00091.html) +Signed-off-by: Fiona Ebner +--- + hw/block/pflash_cfi01.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c +index 1bda8424b9..c8f1cf5a87 100644 +--- a/hw/block/pflash_cfi01.c ++++ b/hw/block/pflash_cfi01.c +@@ -518,10 +518,6 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset, + break; + case 0xe8: /* Write to buffer */ + trace_pflash_write(pfl->name, "write to buffer"); +- /* FIXME should save @offset, @width for case 1+ */ +- qemu_log_mask(LOG_UNIMP, +- "%s: Write to buffer emulation is flawed\n", +- __func__); + pfl->status |= 0x80; /* Ready! */ + break; + case 0xf0: /* Probe for AMD flash */ +@@ -574,7 +570,6 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset, + } + pfl->counter = value; + pfl->wcycle++; +- pflash_blk_write_start(pfl, offset); + break; + case 0x60: + if (cmd == 0xd0) { +@@ -605,6 +600,9 @@ static void pflash_write(PFlashCFI01 *pfl, hwaddr offset, + switch (pfl->cmd) { + case 0xe8: /* Block write */ + /* FIXME check @offset, @width */ ++ if (pfl->blk_offset == -1 && pfl->counter) { ++ pflash_blk_write_start(pfl, offset); ++ } + if (!pfl->ro && (pfl->blk_offset != -1)) { + pflash_data_write(pfl, offset, value, width, be); + } else { diff --git a/debian/patches/extra/0008-target-i386-fix-operand-size-for-DATA16-REX.W-POPCNT.patch b/debian/patches/extra/0008-target-i386-fix-operand-size-for-DATA16-REX.W-POPCNT.patch new file mode 100644 index 0000000..d10cbbc --- /dev/null +++ b/debian/patches/extra/0008-target-i386-fix-operand-size-for-DATA16-REX.W-POPCNT.patch @@ -0,0 +1,51 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Thu, 9 May 2024 12:38:10 +0200 +Subject: [PATCH] target/i386: fix operand size for DATA16 REX.W POPCNT + +According to the manual, 32-bit vs 64-bit is governed by REX.W +and REX ignores the 0x66 prefix. This can be confirmed with this +program: + + #include + int main() + { + int x = 0x12340000; + int y; + asm("popcntl %1, %0" : "=r" (y) : "r" (x)); printf("%x\n", y); + asm("mov $-1, %0; .byte 0x66; popcntl %1, %0" : "+r" (y) : "r" (x)); printf("%x\n", y); + asm("mov $-1, %0; .byte 0x66; popcntq %q1, %q0" : "+r" (y) : "r" (x)); printf("%x\n", y); + } + +which prints 5/ffff0000/5 on real hardware and 5/ffff0000/ffff0000 +on QEMU. + +Cc: qemu-stable@nongnu.org +Reviewed-by: Zhao Liu +Reviewed-by: Richard Henderson +Signed-off-by: Paolo Bonzini +(cherry picked from commit 41c685dc59bb611096f3bb6a663cfa82e4cba97b) +[FE: keep mo_64_32 helper which still has other users in 9.0.0] +Signed-off-by: Fiona Ebner +--- + target/i386/tcg/translate.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c +index 76a42c679c..b60f3bd642 100644 +--- a/target/i386/tcg/translate.c ++++ b/target/i386/tcg/translate.c +@@ -6799,12 +6799,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) + modrm = x86_ldub_code(env, s); + reg = ((modrm >> 3) & 7) | REX_R(s); + +- if (s->prefix & PREFIX_DATA) { +- ot = MO_16; +- } else { +- ot = mo_64_32(dflag); +- } +- ++ ot = dflag; + gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0); + gen_extu(ot, s->T0); + tcg_gen_mov_tl(cpu_cc_src, s->T0); diff --git a/debian/patches/extra/0009-target-i386-rdpkru-wrpkru-are-no-prefix-instructions.patch b/debian/patches/extra/0009-target-i386-rdpkru-wrpkru-are-no-prefix-instructions.patch new file mode 100644 index 0000000..eb42f84 --- /dev/null +++ b/debian/patches/extra/0009-target-i386-rdpkru-wrpkru-are-no-prefix-instructions.patch @@ -0,0 +1,40 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Thu, 9 May 2024 15:55:47 +0200 +Subject: [PATCH] target/i386: rdpkru/wrpkru are no-prefix instructions + +Reject 0x66/0xf3/0xf2 in front of them. + +Cc: qemu-stable@nongnu.org +Reviewed-by: Richard Henderson +Signed-off-by: Paolo Bonzini +(cherry picked from commit 40a3ec7b5ffde500789d016660a171057d6b467c) +Signed-off-by: Fiona Ebner +--- + target/i386/tcg/translate.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c +index b60f3bd642..3e949fe964 100644 +--- a/target/i386/tcg/translate.c ++++ b/target/i386/tcg/translate.c +@@ -6083,7 +6083,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) + gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1); + break; + case 0xee: /* rdpkru */ +- if (prefixes & PREFIX_LOCK) { ++ if (s->prefix & (PREFIX_LOCK | PREFIX_DATA ++ | PREFIX_REPZ | PREFIX_REPNZ)) { + goto illegal_op; + } + tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]); +@@ -6091,7 +6092,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu) + tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], s->tmp1_i64); + break; + case 0xef: /* wrpkru */ +- if (prefixes & PREFIX_LOCK) { ++ if (s->prefix & (PREFIX_LOCK | PREFIX_DATA ++ | PREFIX_REPZ | PREFIX_REPNZ)) { + goto illegal_op; + } + tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX], diff --git a/debian/patches/extra/0010-target-i386-fix-feature-dependency-for-WAITPKG.patch b/debian/patches/extra/0010-target-i386-fix-feature-dependency-for-WAITPKG.patch new file mode 100644 index 0000000..ed1d6d7 --- /dev/null +++ b/debian/patches/extra/0010-target-i386-fix-feature-dependency-for-WAITPKG.patch @@ -0,0 +1,33 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Wed, 8 May 2024 11:10:54 +0200 +Subject: [PATCH] target/i386: fix feature dependency for WAITPKG + +The VMX feature bit depends on general availability of WAITPKG, +not the other way round. + +Fixes: 33cc88261c3 ("target/i386: add support for VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE", 2023-08-28) +Cc: qemu-stable@nongnu.org +Reviewed-by: Zhao Liu +Signed-off-by: Paolo Bonzini +(cherry picked from commit fe01af5d47d4cf7fdf90c54d43f784e5068c8d72) +Signed-off-by: Fiona Ebner +--- + target/i386/cpu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 33760a2ee1..e693f8ca9a 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1550,8 +1550,8 @@ static FeatureDep feature_dependencies[] = { + .to = { FEAT_SVM, ~0ull }, + }, + { +- .from = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE }, +- .to = { FEAT_7_0_ECX, CPUID_7_0_ECX_WAITPKG }, ++ .from = { FEAT_7_0_ECX, CPUID_7_0_ECX_WAITPKG }, ++ .to = { FEAT_VMX_SECONDARY_CTLS, VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE }, + }, + }; + diff --git a/debian/patches/extra/0011-Revert-virtio-pci-fix-use-of-a-released-vector.patch b/debian/patches/extra/0011-Revert-virtio-pci-fix-use-of-a-released-vector.patch new file mode 100644 index 0000000..2826b9b --- /dev/null +++ b/debian/patches/extra/0011-Revert-virtio-pci-fix-use-of-a-released-vector.patch @@ -0,0 +1,87 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Fiona Ebner +Date: Thu, 16 May 2024 12:59:52 +0200 +Subject: [PATCH] Revert "virtio-pci: fix use of a released vector" + +This reverts commit 2ce6cff94df2650c460f809e5ad263f1d22507c0. + +The fix causes some issues: +https://gitlab.com/qemu-project/qemu/-/issues/2321 +https://gitlab.com/qemu-project/qemu/-/issues/2334 + +The CVE fixed by commit 2ce6cff94d ("virtio-pci: fix use of a released +vector") is CVE-2024-4693 [0] and allows a malicious guest that +controls the boot process in the guest to crash its QEMU process. + +The issues sound worse than the CVE, so revert until there is a proper +fix. + +[0]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4693 + +Signed-off-by: Fiona Ebner +--- + hw/virtio/virtio-pci.c | 37 ++----------------------------------- + 1 file changed, 2 insertions(+), 35 deletions(-) + +diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c +index cb159fd078..cb6940fc0e 100644 +--- a/hw/virtio/virtio-pci.c ++++ b/hw/virtio/virtio-pci.c +@@ -1424,38 +1424,6 @@ static int virtio_pci_add_mem_cap(VirtIOPCIProxy *proxy, + return offset; + } + +-static void virtio_pci_set_vector(VirtIODevice *vdev, +- VirtIOPCIProxy *proxy, +- int queue_no, uint16_t old_vector, +- uint16_t new_vector) +-{ +- bool kvm_irqfd = (vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) && +- msix_enabled(&proxy->pci_dev) && kvm_msi_via_irqfd_enabled(); +- +- if (new_vector == old_vector) { +- return; +- } +- +- /* +- * If the device uses irqfd and the vector changes after DRIVER_OK is +- * set, we need to release the old vector and set up the new one. +- * Otherwise just need to set the new vector on the device. +- */ +- if (kvm_irqfd && old_vector != VIRTIO_NO_VECTOR) { +- kvm_virtio_pci_vector_release_one(proxy, queue_no); +- } +- /* Set the new vector on the device. */ +- if (queue_no == VIRTIO_CONFIG_IRQ_IDX) { +- vdev->config_vector = new_vector; +- } else { +- virtio_queue_set_vector(vdev, queue_no, new_vector); +- } +- /* If the new vector changed need to set it up. */ +- if (kvm_irqfd && new_vector != VIRTIO_NO_VECTOR) { +- kvm_virtio_pci_vector_use_one(proxy, queue_no); +- } +-} +- + int virtio_pci_add_shm_cap(VirtIOPCIProxy *proxy, + uint8_t bar, uint64_t offset, uint64_t length, + uint8_t id) +@@ -1602,8 +1570,7 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr, + } else { + val = VIRTIO_NO_VECTOR; + } +- virtio_pci_set_vector(vdev, proxy, VIRTIO_CONFIG_IRQ_IDX, +- vdev->config_vector, val); ++ vdev->config_vector = val; + break; + case VIRTIO_PCI_COMMON_STATUS: + if (!(val & VIRTIO_CONFIG_S_DRIVER_OK)) { +@@ -1643,7 +1610,7 @@ static void virtio_pci_common_write(void *opaque, hwaddr addr, + } else { + val = VIRTIO_NO_VECTOR; + } +- virtio_pci_set_vector(vdev, proxy, vdev->queue_sel, vector, val); ++ virtio_queue_set_vector(vdev, vdev->queue_sel, val); + break; + case VIRTIO_PCI_COMMON_Q_ENABLE: + if (val == 1) { diff --git a/debian/patches/extra/0012-hw-core-machine-move-compatibility-flags-for-VirtIO-.patch b/debian/patches/extra/0012-hw-core-machine-move-compatibility-flags-for-VirtIO-.patch new file mode 100644 index 0000000..afe7d5a --- /dev/null +++ b/debian/patches/extra/0012-hw-core-machine-move-compatibility-flags-for-VirtIO-.patch @@ -0,0 +1,57 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Fiona Ebner +Date: Thu, 16 May 2024 15:21:07 +0200 +Subject: [PATCH] hw/core/machine: move compatibility flags for VirtIO-net USO + to machine 8.1 + +Migration from an 8.2 or 9.0 binary to an 8.1 binary with machine +version 8.1 can fail with: + +> kvm: Features 0x1c0010130afffa7 unsupported. Allowed features: 0x10179bfffe7 +> kvm: Failed to load virtio-net:virtio +> kvm: error while loading state for instance 0x0 of device '0000:00:12.0/virtio-net' +> kvm: load of migration failed: Operation not permitted + +The series + +53da8b5a99 virtio-net: Add support for USO features +9da1684954 virtio-net: Add USO flags to vhost support. +f03e0cf63b tap: Add check for USO features +2ab0ec3121 tap: Add USO support to tap device. + +only landed in QEMU 8.2, so the compatibility flags should be part of +machine version 8.1. + +Moving the flags unfortunately breaks forward migration with machine +version 8.1 from a binary without this patch to a binary with this +patch when the feature is enabled by the guest. + +Fixes: 53da8b5a99 ("virtio-net: Add support for USO features") +Signed-off-by: Fiona Ebner +--- + hw/core/machine.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/hw/core/machine.c b/hw/core/machine.c +index d33a37a6f6..4273de16a0 100644 +--- a/hw/core/machine.c ++++ b/hw/core/machine.c +@@ -46,15 +46,15 @@ GlobalProperty hw_compat_8_1[] = { + { "ramfb", "x-migrate", "off" }, + { "vfio-pci-nohotplug", "x-ramfb-migrate", "off" }, + { "igb", "x-pcie-flr-init", "off" }, ++ { TYPE_VIRTIO_NET, "host_uso", "off"}, ++ { TYPE_VIRTIO_NET, "guest_uso4", "off"}, ++ { TYPE_VIRTIO_NET, "guest_uso6", "off"}, + }; + const size_t hw_compat_8_1_len = G_N_ELEMENTS(hw_compat_8_1); + + GlobalProperty hw_compat_8_0[] = { + { "migration", "multifd-flush-after-each-section", "on"}, + { TYPE_PCI_DEVICE, "x-pcie-ari-nextfn-1", "on" }, +- { TYPE_VIRTIO_NET, "host_uso", "off"}, +- { TYPE_VIRTIO_NET, "guest_uso4", "off"}, +- { TYPE_VIRTIO_NET, "guest_uso6", "off"}, + }; + const size_t hw_compat_8_0_len = G_N_ELEMENTS(hw_compat_8_0); + diff --git a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch index 0b7c435..a7630d2 100644 --- a/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch +++ b/debian/patches/pve/0024-PVE-Compat-4.0-used-balloon-qemu-4-0-config-size-fal.patch @@ -26,10 +26,10 @@ Signed-off-by: Thomas Lamprecht 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/core/machine.c b/hw/core/machine.c -index 37ede0e7d4..513e49bab1 100644 +index 4273de16a0..83f1fc0293 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c -@@ -161,7 +161,8 @@ GlobalProperty hw_compat_4_0[] = { +@@ -162,7 +162,8 @@ GlobalProperty hw_compat_4_0[] = { { "virtio-vga", "edid", "false" }, { "virtio-gpu-device", "edid", "false" }, { "virtio-device", "use-started", "false" }, diff --git a/debian/patches/series b/debian/patches/series index b97881e..6352df7 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,6 +3,13 @@ extra/0002-scsi-megasas-Internal-cdbs-have-16-byte-length.patch extra/0003-ide-avoid-potential-deadlock-when-draining-during-tr.patch extra/0004-Revert-x86-acpi-workaround-Windows-not-handling-name.patch extra/0005-block-copy-before-write-use-uint64_t-for-timeout-in-.patch +extra/0006-virtio-gpu-fix-v2-migration.patch +extra/0007-hw-pflash-fix-block-write-start.patch +extra/0008-target-i386-fix-operand-size-for-DATA16-REX.W-POPCNT.patch +extra/0009-target-i386-rdpkru-wrpkru-are-no-prefix-instructions.patch +extra/0010-target-i386-fix-feature-dependency-for-WAITPKG.patch +extra/0011-Revert-virtio-pci-fix-use-of-a-released-vector.patch +extra/0012-hw-core-machine-move-compatibility-flags-for-VirtIO-.patch bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch