[pve-devel] [PATCH kvm v2 1/2] update to qemu 2.6.0
Thomas Lamprecht
t.lamprecht at proxmox.com
Fri Jul 1 10:47:07 CEST 2016
Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
CC: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
Makefile | 6 +-
debian/changelog | 6 +
...-return-success-on-info-without-snapshots.patch | 4 +-
.../0011-introduce-new-vma-archive-format.patch | 14 +-
.../patches/pve/0015-backup-modify-job-api.patch | 39 +++---
.../pve/0016-backup-add-pve-monitor-commands.patch | 12 +-
.../patches/pve/0041-PVE-VNC-authentication.patch | 153 +++++++++++++--------
debian/patches/pve/0044-block-add-zeroinit.patch | 2 +-
...6-pve-cleanup-includes-all-over-the-place.patch | 132 ++++++++++++++++++
...nit-bdrv_get_block_status-got-a-new-param.patch | 30 ++++
.../pve/0048-BDRV_O_CACHE_WB-was-removed.patch | 72 ++++++++++
...up-bdrv_set_enable_write_cache-is-no-more.patch | 35 +++++
...050-fix-possible-unitialised-return-value.patch | 25 ++++
...1-net-NET_CLIENT_OPTIONS_KIND_MAX-changed.patch | 26 ++++
.../0052-vnc-refactor-to-QIOChannelSocket.patch | 88 ++++++++++++
debian/patches/series | 17 +--
debian/rules | 1 -
17 files changed, 552 insertions(+), 110 deletions(-)
create mode 100644 debian/patches/pve/0046-pve-cleanup-includes-all-over-the-place.patch
create mode 100644 debian/patches/pve/0047-zeroinit-bdrv_get_block_status-got-a-new-param.patch
create mode 100644 debian/patches/pve/0048-BDRV_O_CACHE_WB-was-removed.patch
create mode 100644 debian/patches/pve/0049-backup-bdrv_set_enable_write_cache-is-no-more.patch
create mode 100644 debian/patches/pve/0050-fix-possible-unitialised-return-value.patch
create mode 100644 debian/patches/pve/0051-net-NET_CLIENT_OPTIONS_KIND_MAX-changed.patch
create mode 100644 debian/patches/pve/0052-vnc-refactor-to-QIOChannelSocket.patch
diff --git a/Makefile b/Makefile
index 20876d7..097403d 100644
--- a/Makefile
+++ b/Makefile
@@ -1,8 +1,8 @@
RELEASE=4.2
# also update debian/changelog
-KVMVER=2.5
-KVMPKGREL=19
+KVMVER=2.6
+KVMPKGREL=1
KVMPACKAGE=pve-qemu-kvm
KVMDIR=qemu-kvm
@@ -24,7 +24,7 @@ download:
#git clone git://git.qemu-project.org/qemu.git -b stable-2.4 ${KVMDIR}
git clone git://git.qemu-project.org/qemu.git ${KVMDIR}
# see https://bugs.launchpad.net/qemu/+bug/1488363?comments=all
- cd ${KVMDIR}; git checkout v2.5.1.1; git revert --no-edit b8eb5512fd8a115f164edbbe897cdf8884920ccb
+ cd ${KVMDIR}; git checkout v2.6.0; git revert --no-edit b8eb5512fd8a115f164edbbe897cdf8884920ccb
tar czf ${KVMSRC} --exclude CVS --exclude .git --exclude .svn ${KVMDIR}
${DEBS} kvm: ${KVMSRC}
diff --git a/debian/changelog b/debian/changelog
index d4eda44..add3bc9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+pve-qemu-kvm (2.6-1) unstable; urgency=medium
+
+ * update to qemu 2.6.0
+
+ -- Proxmox Support Team <support at proxmox.com> Fri, 01 Jul 2016 10:00:31 +0200
+
pve-qemu-kvm (2.5-19) unstable; urgency=medium
* fix CVE-2016-5105: scsi: megasas: initialise local configuration data
diff --git a/debian/patches/pve/0004-qemu-img-return-success-on-info-without-snapshots.patch b/debian/patches/pve/0004-qemu-img-return-success-on-info-without-snapshots.patch
index 212fc61..7099699 100644
--- a/debian/patches/pve/0004-qemu-img-return-success-on-info-without-snapshots.patch
+++ b/debian/patches/pve/0004-qemu-img-return-success-on-info-without-snapshots.patch
@@ -1,7 +1,7 @@
From 12fbca3c45d694c89e84fb9522e9855b2b8a9952 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: Wed, 9 Dec 2015 14:18:46 +0100
-Subject: [PATCH 04/41] qemu-img: return success on info without snapshots
+Subject: [PATCH 04/54] qemu-img: return success on info without snapshots
---
qemu-img.c | 3 ++-
@@ -13,7 +13,7 @@ index 033011c..e0637f2 100644
+++ b/qemu-img.c
@@ -2112,7 +2112,8 @@ static int img_info(int argc, char **argv)
- list = collect_image_info_list(filename, fmt, chain);
+ list = collect_image_info_list(image_opts, filename, fmt, chain);
if (!list) {
- return 1;
+ // return success if snapshot does not exists
diff --git a/debian/patches/pve/0011-introduce-new-vma-archive-format.patch b/debian/patches/pve/0011-introduce-new-vma-archive-format.patch
index 3e0fab3..1c26209 100644
--- a/debian/patches/pve/0011-introduce-new-vma-archive-format.patch
+++ b/debian/patches/pve/0011-introduce-new-vma-archive-format.patch
@@ -1,7 +1,7 @@
From 04b6468a295871877b55fe792c566839e2afe29c Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar at proxmox.com>
Date: Tue, 13 Nov 2012 11:11:38 +0100
-Subject: [PATCH 11/41] introduce new vma archive format
+Subject: [PATCH 11/54] introduce new vma archive format
This is a very simple archive format, see docs/specs/vma_spec.txt
@@ -32,13 +32,13 @@ index 930ac27..6cedc40 100644
config-host.h: config-host.h-timestamp
config-host.h-timestamp: config-host.mak
-@@ -235,6 +235,7 @@ qemu-img.o: qemu-img-cmds.h
- qemu-img$(EXESUF): qemu-img.o $(block-obj-y) $(crypto-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a
- qemu-nbd$(EXESUF): qemu-nbd.o $(block-obj-y) $(crypto-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a
- qemu-io$(EXESUF): qemu-io.o $(block-obj-y) $(crypto-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a
-+vma$(EXESUF): vma.o vma-reader.o $(block-obj-y) $(crypto-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a
+@@ -237,6 +237,7 @@ qemu-img.o: qemu-img-cmds.h
+ qemu-img$(EXESUF): qemu-img.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a
+ qemu-nbd$(EXESUF): qemu-nbd.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a
+ qemu-io$(EXESUF): qemu-io.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a
++vma$(EXESUF): vma.o vma-reader.o $(block-obj-y) $(crypto-obj-y) $(io-obj-y) $(qom-obj-y) libqemuutil.a libqemustub.a
- qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o
+ qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o libqemuutil.a libqemustub.a
diff --git a/Makefile.objs b/Makefile.objs
index 77be052..97d2bcc 100644
diff --git a/debian/patches/pve/0015-backup-modify-job-api.patch b/debian/patches/pve/0015-backup-modify-job-api.patch
index a4730f4..a1face2 100644
--- a/debian/patches/pve/0015-backup-modify-job-api.patch
+++ b/debian/patches/pve/0015-backup-modify-job-api.patch
@@ -1,16 +1,16 @@
From 2ec6f9ec8443f3389c74e8e21353d01e516c4f46 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: Wed, 9 Dec 2015 15:04:57 +0100
-Subject: [PATCH 15/41] backup: modify job api
+Subject: [PATCH 15/54] backup: modify job api
Introduces a BackupDump function callback and a pause_count
for backup_start. For a dump-backup the target parameter
can now be NULL so access to target needs to be guarded now.
---
- block/backup.c | 57 +++++++++++++++++++++++++++++++----------------
+ block/backup.c | 56 +++++++++++++++++++++++++++++++++--------------
blockdev.c | 6 ++---
include/block/block_int.h | 5 +++++
- 3 files changed, 46 insertions(+), 22 deletions(-)
+ 3 files changed, 47 insertions(+), 20 deletions(-)
diff --git a/block/backup.c b/block/backup.c
index 705bb77..7ac6b29 100644
@@ -28,10 +28,10 @@ index 705bb77..7ac6b29 100644
goto out;
}
-+ int64_t start_sec = start * BACKUP_SECTORS_PER_CLUSTER;
++ int64_t start_sec = start * sectors_per_cluster;
if (buffer_is_zero(iov.iov_base, iov.iov_len)) {
- ret = bdrv_co_write_zeroes(job->target,
-- start * BACKUP_SECTORS_PER_CLUSTER,
+- start * sectors_per_cluster,
- n, BDRV_REQ_MAY_UNMAP);
+ if (job->dump_cb) {
+ ret = job->dump_cb(job->common.opaque, job->target, start_sec, n, NULL);
@@ -41,7 +41,7 @@ index 705bb77..7ac6b29 100644
+ }
} else {
- ret = bdrv_co_writev(job->target,
-- start * BACKUP_SECTORS_PER_CLUSTER, n,
+- start * sectors_per_cluster, n,
- &bounce_qiov);
+ if (job->dump_cb) {
+ ret = job->dump_cb(job->common.opaque, job->target, start_sec, n, bounce_buffer);
@@ -74,11 +74,10 @@ index 705bb77..7ac6b29 100644
}
}
-@@ -396,10 +406,12 @@ static void coroutine_fn backup_run(void *opaque)
+@@ -404,9 +414,12 @@ static void coroutine_fn backup_run(void *opaque)
- job->bitmap = hbitmap_alloc(end, 0);
+ job->done_bitmap = bitmap_new(end);
-- bdrv_set_enable_write_cache(target, true);
- if (target->blk) {
- blk_set_on_error(target->blk, on_target_error, on_target_error);
- blk_iostatus_enable(target->blk);
@@ -91,9 +90,9 @@ index 705bb77..7ac6b29 100644
}
bdrv_add_before_write_notifier(bs, &before_write);
-@@ -477,10 +489,12 @@ static void coroutine_fn backup_run(void *opaque)
+@@ -484,10 +497,12 @@ static void coroutine_fn backup_run(void *opaque)
qemu_co_rwlock_unlock(&job->flush_rwlock);
- hbitmap_free(job->bitmap);
+ g_free(job->done_bitmap);
- if (target->blk) {
- blk_iostatus_disable(target->blk);
@@ -107,7 +106,7 @@ index 705bb77..7ac6b29 100644
data = g_malloc(sizeof(*data));
data->ret = ret;
-@@ -492,13 +506,15 @@ void backup_start(BlockDriverState *bs, BlockDriverState *target,
+@@ -499,7 +514,9 @@ void backup_start(BlockDriverState *bs, BlockDriverState *target,
BdrvDirtyBitmap *sync_bitmap,
BlockdevOnError on_source_error,
BlockdevOnError on_target_error,
@@ -117,6 +116,8 @@ index 705bb77..7ac6b29 100644
BlockJobTxn *txn, Error **errp)
{
int64_t len;
+@@ -507,7 +524,7 @@ void backup_start(BlockDriverState *bs, BlockDriverState *target,
+ int ret;
assert(bs);
- assert(target);
@@ -142,21 +143,21 @@ index 705bb77..7ac6b29 100644
return;
}
-@@ -565,14 +581,17 @@ void backup_start(BlockDriverState *bs, BlockDriverState *target,
+@@ -574,6 +591,10 @@ void backup_start(BlockDriverState *bs, BlockDriverState *target,
goto error;
}
-- bdrv_op_block_all(target, job->common.blocker);
+ if (target)
+ bdrv_op_block_all(target, job->common.blocker);
-
++
+ job->dump_cb = dump_cb;
job->on_source_error = on_source_error;
job->on_target_error = on_target_error;
job->target = target;
- job->sync_mode = sync_mode;
- job->sync_bitmap = sync_mode == MIRROR_SYNC_MODE_INCREMENTAL ?
- sync_bitmap : NULL;
+@@ -600,6 +621,7 @@ void backup_start(BlockDriverState *bs, BlockDriverState *target,
+ }
+
+ bdrv_op_block_all(target, job->common.blocker);
+ job->common.pause_count = pause_count;
job->common.len = len;
job->common.co = qemu_coroutine_create(backup_run);
@@ -208,7 +209,7 @@ index 4012e36..f4b6ecd 100644
+ int pause_count,
BlockJobTxn *txn, Error **errp);
- void blk_set_bs(BlockBackend *blk, BlockDriverState *bs);
+ void hmp_drive_add_node(Monitor *mon, const char *optstr);
--
2.1.4
diff --git a/debian/patches/pve/0016-backup-add-pve-monitor-commands.patch b/debian/patches/pve/0016-backup-add-pve-monitor-commands.patch
index 7105e63..cfc93fa 100644
--- a/debian/patches/pve/0016-backup-add-pve-monitor-commands.patch
+++ b/debian/patches/pve/0016-backup-add-pve-monitor-commands.patch
@@ -17,15 +17,15 @@ diff --git a/blockdev.c b/blockdev.c
index 1796eaf..a346c55 100644
--- a/blockdev.c
+++ b/blockdev.c
-@@ -49,6 +49,7 @@
- #include "qmp-commands.h"
- #include "trace.h"
+@@ -52,6 +52,7 @@
#include "sysemu/arch_init.h"
+ #include "qemu/cutils.h"
+ #include "qemu/help_option.h"
+#include "vma.h"
- static const char *const if_name[IF_COUNT] = {
- [IF_NONE] = "none",
-@@ -2875,6 +2876,443 @@ static void block_job_cb(void *opaque, int ret)
+ static QTAILQ_HEAD(, BlockDriverState) monitor_bdrv_states =
+ QTAILQ_HEAD_INITIALIZER(monitor_bdrv_states);
+@@ -2986,6 +2987,443 @@ static void block_job_cb(void *opaque, int ret)
}
}
diff --git a/debian/patches/pve/0041-PVE-VNC-authentication.patch b/debian/patches/pve/0041-PVE-VNC-authentication.patch
index 2277467..1bf8b46 100644
--- a/debian/patches/pve/0041-PVE-VNC-authentication.patch
+++ b/debian/patches/pve/0041-PVE-VNC-authentication.patch
@@ -1,21 +1,21 @@
From 19a3e72ea86fb723d7facba1f07d7ae99520e461 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: Mon, 11 Jan 2016 10:40:31 +0100
-Subject: [PATCH 41/41] PVE VNC authentication
+Subject: [PATCH 41/54] PVE VNC authentication
---
- crypto/tlscreds.c | 32 +++++++++
+ crypto/tlscreds.c | 47 +++++++++++
crypto/tlscredspriv.h | 2 +
crypto/tlscredsx509.c | 13 ++--
crypto/tlssession.c | 1 +
include/crypto/tlscreds.h | 1 +
include/ui/console.h | 1 +
qemu-options.hx | 3 +
- ui/vnc-auth-vencrypt.c | 173 +++++++++++++++++++++++++++++++++++++++-------
- ui/vnc.c | 140 ++++++++++++++++++++++++++++++++++++-
- ui/vnc.h | 4 ++
+ ui/vnc-auth-vencrypt.c | 194 ++++++++++++++++++++++++++++++++++++++--------
+ ui/vnc.c | 140 ++++++++++++++++++++++++++++++++-
+ ui/vnc.h | 4 +
vl.c | 9 +++
- 11 files changed, 344 insertions(+), 35 deletions(-)
+ 11 files changed, 375 insertions(+), 40 deletions(-)
diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c
index e7d9c1c..27e5c78 100644
@@ -55,23 +55,33 @@ index e7d9c1c..27e5c78 100644
qcrypto_tls_creds_prop_set_dir(Object *obj,
const char *value,
Error **errp G_GNUC_UNUSED)
-@@ -203,11 +230,16 @@ qcrypto_tls_creds_init(Object *obj)
+@@ -225,6 +252,26 @@ qcrypto_tls_creds_init(Object *obj)
QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj);
creds->verifyPeer = true;
+ creds->pve = false;
-
- object_property_add_bool(obj, "verify-peer",
- qcrypto_tls_creds_prop_get_verify,
- qcrypto_tls_creds_prop_set_verify,
- NULL);
++
++ object_property_add_bool(obj, "verify-peer",
++ qcrypto_tls_creds_prop_get_verify,
++ qcrypto_tls_creds_prop_set_verify,
++ NULL);
+ object_property_add_bool(obj, "pve",
+ qcrypto_tls_creds_prop_get_pve,
+ qcrypto_tls_creds_prop_set_pve,
+ NULL);
- object_property_add_str(obj, "dir",
- qcrypto_tls_creds_prop_get_dir,
- qcrypto_tls_creds_prop_set_dir,
++ object_property_add_str(obj, "dir",
++ qcrypto_tls_creds_prop_get_dir,
++ qcrypto_tls_creds_prop_set_dir,
++ NULL);
++ object_property_add_enum(obj, "endpoint",
++ "QCryptoTLSCredsEndpoint",
++ QCryptoTLSCredsEndpoint_lookup,
++ qcrypto_tls_creds_prop_get_endpoint,
++ qcrypto_tls_creds_prop_set_endpoint,
++ NULL);
+ }
+
+
diff --git a/crypto/tlscredspriv.h b/crypto/tlscredspriv.h
index 9222be4..3a34279 100644
--- a/crypto/tlscredspriv.h
@@ -137,10 +147,10 @@ diff --git a/crypto/tlssession.c b/crypto/tlssession.c
index 3735529..a7ed50a 100644
--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
-@@ -21,6 +21,7 @@
- #include "crypto/tlssession.h"
+@@ -23,6 +23,7 @@
#include "crypto/tlscredsanon.h"
#include "crypto/tlscredsx509.h"
+ #include "qapi/error.h"
+#include "crypto/tlscredspriv.h"
#include "qemu/acl.h"
#include "trace.h"
@@ -187,9 +197,9 @@ diff --git a/ui/vnc-auth-vencrypt.c b/ui/vnc-auth-vencrypt.c
index 44ac2fa..480a1ee 100644
--- a/ui/vnc-auth-vencrypt.c
+++ b/ui/vnc-auth-vencrypt.c
-@@ -26,6 +26,107 @@
-
+@@ -28,6 +28,107 @@
#include "vnc.h"
+ #include "qapi/error.h"
#include "qemu/main-loop.h"
+#include "qemu/sockets.h"
+
@@ -313,7 +323,7 @@ index 44ac2fa..480a1ee 100644
case VNC_AUTH_VENCRYPT_TLSVNC:
case VNC_AUTH_VENCRYPT_X509VNC:
VNC_DEBUG("Start TLS auth VNC\n");
-@@ -118,39 +230,47 @@ static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len
+@@ -87,44 +199,63 @@ static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len
{
int auth = read_u32(data, 0);
@@ -325,21 +335,14 @@ index 44ac2fa..480a1ee 100644
vnc_client_error(vs);
} else {
- Error *err = NULL;
+- QIOChannelTLS *tls;
- VNC_DEBUG("Accepting auth %d, setting up TLS for handshake\n", auth);
- vnc_write_u8(vs, 1); /* Accept auth */
- vnc_flush(vs);
-
-- vs->tls = qcrypto_tls_session_new(vs->vd->tlscreds,
-- NULL,
-- vs->vd->tlsaclname,
-- QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
-- &err);
-- if (!vs->tls) {
-- VNC_DEBUG("Failed to setup TLS %s\n",
-- error_get_pretty(err));
-- error_free(err);
-- vnc_client_error(vs);
-- return 0;
+-
+- if (vs->ioc_tag) {
+- g_source_remove(vs->ioc_tag);
+- vs->ioc_tag = 0;
+ if (auth == VNC_AUTH_VENCRYPT_PLAIN) {
+ vs->subauth = auth;
+ start_auth_vencrypt_subauth(vs);
@@ -347,45 +350,73 @@ index 44ac2fa..480a1ee 100644
+ else
+ {
+ Error *err = NULL;
++ QIOChannelTLS *tls;
+ VNC_DEBUG("Accepting auth %d, setting up TLS for handshake\n", auth);
+ vnc_write_u8(vs, 1); /* Accept auth */
+ vnc_flush(vs);
-+
-+ vs->tls = qcrypto_tls_session_new(vs->vd->tlscreds,
-+ NULL,
-+ vs->vd->tlsaclname,
-+ QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
-+ &err);
-+ if (!vs->tls) {
-+ VNC_DEBUG("Failed to setup TLS %s\n",
-+ error_get_pretty(err));
+
+- tls = qio_channel_tls_new_server(
+- vs->ioc,
+- vs->vd->tlscreds,
+- vs->vd->tlsaclname,
+- &err);
+- if (!tls) {
+- VNC_DEBUG("Failed to setup TLS %s\n", error_get_pretty(err));
+- error_free(err);
+- vnc_client_error(vs);
+- return 0;
+- }
++ if (vs->ioc_tag) {
++ g_source_remove(vs->ioc_tag);
++ vs->ioc_tag = 0;
++ }
+
+- VNC_DEBUG("Start TLS VeNCrypt handshake process\n");
+- object_unref(OBJECT(vs->ioc));
+- vs->ioc = QIO_CHANNEL(tls);
+- vs->tls = qio_channel_tls_get_session(tls);
++ tls = qio_channel_tls_new_server(
++ vs->ioc,
++ vs->vd->tlscreds,
++ vs->vd->tlsaclname,
++ &err);
++ if (!tls) {
++ VNC_DEBUG("Failed to setup TLS %s\n", error_get_pretty(err));
+ error_free(err);
+ vnc_client_error(vs);
+ return 0;
++ vs->tls = qcrypto_tls_session_new(vs->vd->tlscreds,
++ NULL,
++ vs->vd->tlsaclname,
++ QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
++ &err);
++ if (!vs->tls) {
++ VNC_DEBUG("Failed to setup TLS %s\n",
++ error_get_pretty(err));
++ error_free(err);
++ vnc_client_error(vs);
++ return 0;
++ }
+ }
-- qcrypto_tls_session_set_callbacks(vs->tls,
-- vnc_tls_push,
-- vnc_tls_pull,
-- vs);
-+ qcrypto_tls_session_set_callbacks(vs->tls,
-+ vnc_tls_push,
-+ vnc_tls_pull,
-+ vs);
-
-- VNC_DEBUG("Start TLS VeNCrypt handshake process\n");
-- if (vnc_start_vencrypt_handshake(vs) < 0) {
-- VNC_DEBUG("Failed to start TLS handshake\n");
-- return 0;
+- qio_channel_tls_handshake(tls,
+- vnc_tls_handshake_done,
+- vs,
+- NULL);
+ VNC_DEBUG("Start TLS VeNCrypt handshake process\n");
-+ if (vnc_start_vencrypt_handshake(vs) < 0) {
-+ VNC_DEBUG("Failed to start TLS handshake\n");
-+ return 0;
-+ }
- }
++ object_unref(OBJECT(vs->ioc));
++ vs->ioc = QIO_CHANNEL(tls);
++ vs->tls = qio_channel_tls_get_session(tls);
++
++ qio_channel_tls_handshake(tls,
++ vnc_tls_handshake_done,
++ vs,
++ NULL);
++ }
}
return 0;
-@@ -165,10 +285,11 @@ static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len
+ }
+@@ -138,10 +269,11 @@ static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len
vnc_flush(vs);
vnc_client_error(vs);
} else {
@@ -610,7 +641,7 @@ index 2863f58..1c4fee2 100644
char challenge[VNC_AUTH_CHALLENGE_SIZE];
+ int username_len;
+ int password_len;
- QCryptoTLSSession *tls;
+ QCryptoTLSSession *tls; /* Borrowed pointer from channel, don't free */
#ifdef CONFIG_VNC_SASL
VncStateSASL sasl;
@@ -578,4 +580,6 @@ int vnc_zrle_send_framebuffer_update(VncState *vs, int x, int y, int w, int h);
diff --git a/debian/patches/pve/0044-block-add-zeroinit.patch b/debian/patches/pve/0044-block-add-zeroinit.patch
index 03fc92a..f7e085a 100644
--- a/debian/patches/pve/0044-block-add-zeroinit.patch
+++ b/debian/patches/pve/0044-block-add-zeroinit.patch
@@ -18,7 +18,7 @@ index 58ef2ef..5bb55b0 100644
block-obj-$(CONFIG_VHDX) += vhdx.o vhdx-endian.o vhdx-log.o
block-obj-y += quorum.o
+block-obj-y += zeroinit.o
- block-obj-y += parallels.o blkdebug.o blkverify.o
+ block-obj-y += parallels.o blkdebug.o blkverify.o blkreplay.o
block-obj-y += block-backend.o snapshot.o qapi.o
block-obj-$(CONFIG_WIN32) += raw-win32.o win32-aio.o
diff --git a/block/zeroinit.c b/block/zeroinit.c
diff --git a/debian/patches/pve/0046-pve-cleanup-includes-all-over-the-place.patch b/debian/patches/pve/0046-pve-cleanup-includes-all-over-the-place.patch
new file mode 100644
index 0000000..4b50936
--- /dev/null
+++ b/debian/patches/pve/0046-pve-cleanup-includes-all-over-the-place.patch
@@ -0,0 +1,132 @@
+From c54b002d8148671f756ce813be7d37e62132bd7e Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht at proxmox.com>
+Date: Wed, 6 Apr 2016 13:28:16 +0200
+Subject: [PATCH 46/52] pve: cleanup includes all over the place
+
+QEMU wants to get a cleaner include system, adapt to it.
+---
+ block/zeroinit.c | 3 +++
+ savevm-async.c | 4 ++++
+ vma-reader.c | 11 +----------
+ vma-writer.c | 12 +++---------
+ vma.c | 9 +--------
+ 5 files changed, 12 insertions(+), 27 deletions(-)
+
+diff --git a/block/zeroinit.c b/block/zeroinit.c
+index 04a9bd0..eb77657 100644
+--- a/block/zeroinit.c
++++ b/block/zeroinit.c
+@@ -8,9 +8,12 @@
+ * See the COPYING file in the top-level directory.
+ */
+
++#include "qemu/osdep.h"
++#include "qapi/error.h"
+ #include "block/block_int.h"
+ #include "qapi/qmp/qdict.h"
+ #include "qapi/qmp/qstring.h"
++#include "qemu/cutils.h"
+
+ typedef struct {
+ bool has_zero_init;
+diff --git a/savevm-async.c b/savevm-async.c
+index bb4372c..4d73e66 100644
+--- a/savevm-async.c
++++ b/savevm-async.c
+@@ -1,3 +1,4 @@
++#include "qemu/osdep.h"
+ #include "qemu-common.h"
+ #include "qapi/qmp/qerror.h"
+ #include "qemu/error-report.h"
+@@ -13,6 +14,9 @@
+ #include "qemu/timer.h"
+ #include "sysemu/block-backend.h"
+ #include "qapi/qmp/qstring.h"
++#include "qemu/rcu.h"
++#include "qemu/thread.h"
++#include "qemu/cutils.h"
+
+ /* #define DEBUG_SAVEVM_STATE */
+
+diff --git a/vma-reader.c b/vma-reader.c
+index 5d0d3ea..cb58360 100644
+--- a/vma-reader.c
++++ b/vma-reader.c
+@@ -11,14 +11,7 @@
+ *
+ */
+
+-#include <stdio.h>
+-#include <errno.h>
+-#include <unistd.h>
+-#include <stdio.h>
+-#include <string.h>
+-#include <sys/types.h>
+-#include <sys/stat.h>
+-#include <fcntl.h>
++#include "qemu/osdep.h"
+ #include <glib.h>
+ #include <uuid/uuid.h>
+
+@@ -28,8 +21,6 @@
+ #include "vma.h"
+ #include "block/block.h"
+
+-#define BITS_PER_LONG (sizeof(unsigned long) * CHAR_BIT)
+-
+ static unsigned char zero_vma_block[VMA_BLOCK_SIZE];
+
+ typedef struct VmaRestoreState {
+diff --git a/vma-writer.c b/vma-writer.c
+index 3cde204..e96fb55 100644
+--- a/vma-writer.c
++++ b/vma-writer.c
+@@ -11,22 +11,16 @@
+ *
+ */
+
+-#include <stdio.h>
+-#include <errno.h>
+-#include <unistd.h>
+-#include <stdio.h>
+-#include <string.h>
+-#include <sys/types.h>
+-#include <sys/stat.h>
+-#include <fcntl.h>
++#include "qemu/osdep.h"
+ #include <glib.h>
+ #include <uuid/uuid.h>
+
+-#include "qemu-common.h"
+ #include "vma.h"
+ #include "block/block.h"
+ #include "monitor/monitor.h"
+ #include "qemu/main-loop.h"
++#include "qemu/coroutine.h"
++#include "qemu/cutils.h"
+
+ #define DEBUG_VMA 0
+
+diff --git a/vma.c b/vma.c
+index 46ae14b..c3db633 100644
+--- a/vma.c
++++ b/vma.c
+@@ -11,14 +11,7 @@
+ *
+ */
+
+-#include <stdio.h>
+-#include <errno.h>
+-#include <unistd.h>
+-#include <stdio.h>
+-#include <string.h>
+-#include <sys/types.h>
+-#include <sys/stat.h>
+-#include <fcntl.h>
++#include "qemu/osdep.h"
+ #include <glib.h>
+
+ #include "vma.h"
+--
+2.1.4
+
diff --git a/debian/patches/pve/0047-zeroinit-bdrv_get_block_status-got-a-new-param.patch b/debian/patches/pve/0047-zeroinit-bdrv_get_block_status-got-a-new-param.patch
new file mode 100644
index 0000000..1d46d93
--- /dev/null
+++ b/debian/patches/pve/0047-zeroinit-bdrv_get_block_status-got-a-new-param.patch
@@ -0,0 +1,30 @@
+From e6be17e4378f4aa0860baa316ff90e10d0b70a68 Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht at proxmox.com>
+Date: Wed, 6 Apr 2016 14:15:58 +0200
+Subject: [PATCH 47/52] zeroinit: bdrv_get_block_status got a new param
+
+see: 67a0fd2a9bca204d2b39f910a97c7137636a0715
+---
+ block/zeroinit.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/block/zeroinit.c b/block/zeroinit.c
+index eb77657..ad52847 100644
+--- a/block/zeroinit.c
++++ b/block/zeroinit.c
+@@ -160,9 +160,10 @@ static int zeroinit_has_zero_init(BlockDriverState *bs)
+
+ static int64_t coroutine_fn zeroinit_co_get_block_status(BlockDriverState *bs,
+ int64_t sector_num,
+- int nb_sectors, int *pnum)
++ int nb_sectors, int *pnum,
++ BlockDriverState **file)
+ {
+- return bdrv_get_block_status(bs->file->bs, sector_num, nb_sectors, pnum);
++ return bdrv_get_block_status(bs->file->bs, sector_num, nb_sectors, pnum, file);
+ }
+
+ static coroutine_fn BlockAIOCB *zeroinit_aio_discard(BlockDriverState *bs,
+--
+2.1.4
+
diff --git a/debian/patches/pve/0048-BDRV_O_CACHE_WB-was-removed.patch b/debian/patches/pve/0048-BDRV_O_CACHE_WB-was-removed.patch
new file mode 100644
index 0000000..9ec94f4
--- /dev/null
+++ b/debian/patches/pve/0048-BDRV_O_CACHE_WB-was-removed.patch
@@ -0,0 +1,72 @@
+From 0bc6e4793ea10faf24f86ab92c2239d9c9b15b08 Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht at proxmox.com>
+Date: Wed, 6 Apr 2016 14:24:28 +0200
+Subject: [PATCH 48/52] BDRV_O_CACHE_WB was removed
+
+see: 61de4c680846167e01d7ba42bf787f8d1d80bf5e
+---
+ blockdev.c | 2 +-
+ savevm-async.c | 4 ++--
+ vma.c | 4 ++--
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/blockdev.c b/blockdev.c
+index 24e0ed5..7c8d212 100644
+--- a/blockdev.c
++++ b/blockdev.c
+@@ -3362,7 +3362,7 @@ UuidInfo *qmp_backup(const char *backup_file, bool has_format,
+ const char *devname = bdrv_get_device_name(di->bs);
+ snprintf(di->targetfile, PATH_MAX, "%s/%s.raw", backup_dir, devname);
+
+- int flags = BDRV_O_RDWR|BDRV_O_CACHE_WB;
++ int flags = BDRV_O_RDWR;
+ bdrv_img_create(di->targetfile, "raw", NULL, NULL, NULL,
+ di->size, flags, &local_err, false);
+ if (local_err) {
+diff --git a/savevm-async.c b/savevm-async.c
+index 4d73e66..2c41b17 100644
+--- a/savevm-async.c
++++ b/savevm-async.c
+@@ -253,7 +253,7 @@ void qmp_savevm_start(bool has_statefile, const char *statefile, Error **errp)
+ {
+ Error *local_err = NULL;
+
+- int bdrv_oflags = BDRV_O_CACHE_WB | BDRV_O_RDWR;
++ int bdrv_oflags = BDRV_O_RDWR;
+ int ret;
+
+ if (snap_state.state != SAVE_STATE_DONE) {
+@@ -485,7 +485,7 @@ int load_state_from_blockdev(const char *filename)
+ int ret;
+
+ bs = bdrv_new();
+- ret = bdrv_open(&bs, filename, NULL, NULL, BDRV_O_CACHE_WB, &local_err);
++ ret = bdrv_open(&bs, filename, NULL, NULL, 0, &local_err);
+ error_setg(&blocker, "block device is in use by load state");
+ bdrv_op_block_all(bs, blocker);
+
+diff --git a/vma.c b/vma.c
+index c3db633..c1407d3 100644
+--- a/vma.c
++++ b/vma.c
+@@ -277,7 +277,7 @@ static int extract_content(int argc, char **argv)
+ } else if (di) {
+ char *devfn = NULL;
+ const char *format = NULL;
+- int flags = BDRV_O_RDWR|BDRV_O_CACHE_WB;
++ int flags = BDRV_O_RDWR;
+ bool write_zero = true;
+
+ if (readmap) {
+@@ -558,7 +558,7 @@ static int create_archive(int argc, char **argv)
+ Error *errp = NULL;
+ BlockDriverState *bs = bdrv_new();
+
+- res = bdrv_open(&bs, path, NULL, NULL, BDRV_O_CACHE_WB, &errp);
++ res = bdrv_open(&bs, path, NULL, NULL, 0, &errp);
+ if (res < 0) {
+ unlink(archivename);
+ g_error("bdrv_open '%s' failed - %s", path, error_get_pretty(errp));
+--
+2.1.4
+
diff --git a/debian/patches/pve/0049-backup-bdrv_set_enable_write_cache-is-no-more.patch b/debian/patches/pve/0049-backup-bdrv_set_enable_write_cache-is-no-more.patch
new file mode 100644
index 0000000..93906ca
--- /dev/null
+++ b/debian/patches/pve/0049-backup-bdrv_set_enable_write_cache-is-no-more.patch
@@ -0,0 +1,35 @@
+From a639701d3f528aea313d0062b9ae863f2660f546 Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht at proxmox.com>
+Date: Wed, 6 Apr 2016 16:43:38 +0200
+Subject: [PATCH 49/52] backup: bdrv_set_enable_write_cache is no more
+
+see: 09cf9db1bcd60d9889b774925ba7058286d35412
+
+this reverts a hunk of our commit: backup: modify job api
+---
+ block/backup.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/block/backup.c b/block/backup.c
+index 8801b47..8baaf36 100644
+--- a/block/backup.c
++++ b/block/backup.c
+@@ -414,12 +414,9 @@ static void coroutine_fn backup_run(void *opaque)
+
+ job->done_bitmap = bitmap_new(end);
+
+- if (target) {
+- bdrv_set_enable_write_cache(target, true);
+- if (target->blk) {
+- blk_set_on_error(target->blk, on_target_error, on_target_error);
+- blk_iostatus_enable(target->blk);
+- }
++ if (target->blk) {
++ blk_set_on_error(target->blk, on_target_error, on_target_error);
++ blk_iostatus_enable(target->blk);
+ }
+
+ bdrv_add_before_write_notifier(bs, &before_write);
+--
+2.1.4
+
diff --git a/debian/patches/pve/0050-fix-possible-unitialised-return-value.patch b/debian/patches/pve/0050-fix-possible-unitialised-return-value.patch
new file mode 100644
index 0000000..6e806d1
--- /dev/null
+++ b/debian/patches/pve/0050-fix-possible-unitialised-return-value.patch
@@ -0,0 +1,25 @@
+From 407b9a72c0dd952476bb77c0d133b83c3dfcfb15 Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht at proxmox.com>
+Date: Wed, 6 Apr 2016 16:45:15 +0200
+Subject: [PATCH 50/52] fix possible unitialised return value
+
+---
+ migration/savevm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/migration/savevm.c b/migration/savevm.c
+index 959944d..a797d96 100644
+--- a/migration/savevm.c
++++ b/migration/savevm.c
+@@ -1037,7 +1037,7 @@ int qemu_savevm_state_complete_precopy(QEMUFile *f, bool iterable_only)
+ QJSON *vmdesc;
+ int vmdesc_len;
+ SaveStateEntry *se;
+- int ret;
++ int ret = -1;
+ bool in_postcopy = migration_in_postcopy(migrate_get_current());
+
+ trace_savevm_state_complete_precopy();
+--
+2.1.4
+
diff --git a/debian/patches/pve/0051-net-NET_CLIENT_OPTIONS_KIND_MAX-changed.patch b/debian/patches/pve/0051-net-NET_CLIENT_OPTIONS_KIND_MAX-changed.patch
new file mode 100644
index 0000000..a1e5410
--- /dev/null
+++ b/debian/patches/pve/0051-net-NET_CLIENT_OPTIONS_KIND_MAX-changed.patch
@@ -0,0 +1,26 @@
+From 3019628843fecf84f01353f26b618cf74e23b93b Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht at proxmox.com>
+Date: Wed, 6 Apr 2016 16:46:11 +0200
+Subject: [PATCH 51/52] net: NET_CLIENT_OPTIONS_KIND_MAX changed
+
+s/NET_CLIENT_OPTIONS_KIND_MAX/NET_CLIENT_OPTIONS_KIND__MAX/
+---
+ net/net.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/net.c b/net/net.c
+index 8580cc0..369d587 100644
+--- a/net/net.c
++++ b/net/net.c
+@@ -1333,7 +1333,7 @@ int64_t qmp_get_link_status(const char *name, Error **errp)
+ bool ret;
+
+ queues = qemu_find_net_clients_except(name, ncs,
+- NET_CLIENT_OPTIONS_KIND_MAX,
++ NET_CLIENT_OPTIONS_KIND__MAX,
+ MAX_QUEUE_NUM);
+
+ if (queues == 0) {
+--
+2.1.4
+
diff --git a/debian/patches/pve/0052-vnc-refactor-to-QIOChannelSocket.patch b/debian/patches/pve/0052-vnc-refactor-to-QIOChannelSocket.patch
new file mode 100644
index 0000000..65903a3
--- /dev/null
+++ b/debian/patches/pve/0052-vnc-refactor-to-QIOChannelSocket.patch
@@ -0,0 +1,88 @@
+From ff4737549236e6b122d36ef5893058c69795a57f Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht at proxmox.com>
+Date: Wed, 6 Apr 2016 16:47:54 +0200
+Subject: [PATCH 52/52] vnc: refactor to QIOChannelSocket
+
+Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
+---
+ ui/vnc-auth-vencrypt.c | 31 ++++++++++++++++---------------
+ 1 file changed, 16 insertions(+), 15 deletions(-)
+
+diff --git a/ui/vnc-auth-vencrypt.c b/ui/vnc-auth-vencrypt.c
+index d11f1df..01aa1de 100644
+--- a/ui/vnc-auth-vencrypt.c
++++ b/ui/vnc-auth-vencrypt.c
+@@ -28,27 +28,23 @@
+ #include "vnc.h"
+ #include "qapi/error.h"
+ #include "qemu/main-loop.h"
+-#include "qemu/sockets.h"
++#include "io/channel-socket.h"
+
+ static int protocol_client_auth_plain(VncState *vs, uint8_t *data, size_t len)
+ {
+- const char *err = NULL;
++ Error *err = NULL;
+ char username[256];
+ char passwd[512];
+
+- char clientip[256];
+- clientip[0] = 0;
+- struct sockaddr_in client;
+- socklen_t addrlen = sizeof(client);
+- if (getpeername(vs->csock, &client, &addrlen) == 0) {
+- inet_ntop(client.sin_family, &client.sin_addr,
+- clientip, sizeof(clientip));
++ SocketAddress *clientip = qio_channel_socket_get_remote_address(vs->sioc, &err);
++ if (err) {
++ goto err;
+ }
+
+ if ((len != (vs->username_len + vs->password_len)) ||
+ (vs->username_len >= (sizeof(username)-1)) ||
+ (vs->password_len >= (sizeof(passwd)-1)) ) {
+- err = "Got unexpected data length";
++ error_setg(&err, "Got unexpected data length");
+ goto err;
+ }
+
+@@ -59,26 +55,31 @@ static int protocol_client_auth_plain(VncState *vs, uint8_t *data, size_t len)
+
+ VNC_DEBUG("AUTH PLAIN username: %s pw: %s\n", username, passwd);
+
+- if (pve_auth_verify(clientip, username, passwd) == 0) {
++ if (pve_auth_verify(clientip->u.inet.data->host, username, passwd) == 0) {
+ vnc_write_u32(vs, 0); /* Accept auth completion */
+ start_client_init(vs);
++ qapi_free_SocketAddress(clientip);
+ return 0;
+ }
+
+- err = "Authentication failed";
++ error_setg(&err, "Authentication failed");
+ err:
+ if (err) {
+- VNC_DEBUG("AUTH PLAIN ERROR: %s\n", err);
++ const char *err_msg = error_get_pretty(err);
++ VNC_DEBUG("AUTH PLAIN ERROR: %s\n", err_msg);
+ vnc_write_u32(vs, 1); /* Reject auth */
+ if (vs->minor >= 8) {
+- int elen = strlen(err);
++ int elen = strlen(err_msg);
+ vnc_write_u32(vs, elen);
+- vnc_write(vs, err, elen);
++ vnc_write(vs, err_msg, elen);
+ }
++ error_free(err);
+ }
+ vnc_flush(vs);
+ vnc_client_error(vs);
+
++ qapi_free_SocketAddress(clientip);
++
+ return 0;
+
+ }
+--
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 10e5d46..c401792 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -43,22 +43,19 @@ pve/0042-vma-writer-don-t-bail-out-on-zero-length-files.patch
pve/0043-vma-better-driver-guessing-for-bdrv_open.patch
pve/0044-block-add-zeroinit.patch
pve/0045-vma-add-format-option-to-device-mapping.patch
-extra/0001-vnc-clear-vs-tlscreds-after-unparenting-it.patch
-extra/CVE-2016-2198-ehci-null-pointer.patch
-extra/CVE-2016-2391-usb-ohci-avoid-multiple-eof-timers.patch
-extra/0001-rng-remove-the-unused-request-cancellation-code.patch
-extra/0002-rng-move-request-queue-from-RngEgd-to-RngBackend.patch
-extra/0003-rng-move-request-queue-cleanup-from-RngEgd-to-RngBac.patch
-extra/CVE-2016-2858-0004-rng-add-request-queue-support-to-rng-random.patch
-extra/0005-virtio-rng-ask-for-more-data-if-queue-is-not-fully-d.patch
-extra/0001-target-i386-do-not-read-write-MSR_TSC_AUX-from-KVM-i.patch
+pve/0046-pve-cleanup-includes-all-over-the-place.patch
+pve/0047-zeroinit-bdrv_get_block_status-got-a-new-param.patch
+pve/0048-BDRV_O_CACHE_WB-was-removed.patch
+pve/0049-backup-bdrv_set_enable_write_cache-is-no-more.patch
+pve/0050-fix-possible-unitialised-return-value.patch
+pve/0051-net-NET_CLIENT_OPTIONS_KIND_MAX-changed.patch
+pve/0052-vnc-refactor-to-QIOChannelSocket.patch
extra/0001-i386-kvmvapic-initialise-imm32-variable.patch
extra/0001-vga-add-sr_vbe-register-set.patch
extra/CVE-2016-4952-scsi-pvscsi-check-command-descriptor-ring-buffer-siz.patch
extra/CVE-2016-5105-scsi-megasas-initialise-local-configuration-data-buf.patch
extra/CVE-2016-5106-scsi-megasas-use-appropriate-property-buffer-size.patch
extra/CVE-2016-5107-scsi-megasas-check-read_queue_head-index-value.patch
-extra/CVE-2016-5126-block-iscsi-avoid-potential-overflow-of-acb-task-cdb.patch
extra/0004-vmsvga-move-fifo-sanity-checks-to-vmsvga_fifo_length.patch
extra/0005-vmsvga-add-more-fifo-checks.patch
extra/0006-vmsvga-shadow-fifo-registers.patch
diff --git a/debian/rules b/debian/rules
index 4431d18..66038de 100755
--- a/debian/rules
+++ b/debian/rules
@@ -92,7 +92,6 @@ install: build
# remove ppc files
rm $(destdir)/usr/share/kvm/*.dtb
rm $(destdir)/usr/share/kvm/ppc_rom.bin
- rm $(destdir)/usr/share/kvm/s390-zipl.rom
rm $(destdir)/usr/share/kvm/s390-ccw.img
rm $(destdir)/usr/share/kvm/slof.bin
rm $(destdir)/usr/share/kvm/spapr-rtas.bin
--
2.1.4
More information about the pve-devel
mailing list