Series comparison

-[Qemu-devel] [PULL 00/13] Block layer patches
+[PULL 0/3] Block layer patches
-The following changes since commit 47c1cc30e440860aa695358f7c2dd0b9d7b53d16:
+The following changes since commit ee59483267de29056b5b2ee2421ef3844e5c9932:
-  Update version for v3.1.0-rc2 release (2018-11-20 18:10:26 +0000)
+  Merge tag 'qemu-openbios-20230307' of https://github.com/mcayland/qemu into staging (2023-03-09 16:55:03 +0000)
 are available in the Git repository at:
-  git://repo.or.cz/qemu/kevin.git tags/for-upstream
+  https://repo.or.cz/qemu/kevin.git tags/for-upstream
-for you to fetch changes up to 924956b1efc50af7cc334b7a14f56aa213ca27ef:
+for you to fetch changes up to ecf8191314798391b1df80bcb829c0ead4f8acc9:
-  iotests: Enhance 223 to cover multiple bitmap granularities (2018-11-22 16:43:52 +0100)
+  qed: remove spurious BDRV_POLL_WHILE() (2023-03-10 15:14:46 +0100)
 ----------------------------------------------------------------
-Block layer patches:
+Block layer patches
-- block: Fix update of BDRV_O_AUTO_RDONLY in update_flags_from_options()
+- fuse: Fix fallocate(PUNCH_HOLE) to zero out the range
-- qemu-img: Fix memory leak and typo in error message
+- qed: remove spurious BDRV_POLL_WHILE()
 - nvme: Fixes for lockups and crashes
 - scsi-disk: Fix crash if underlying host file or disk returns error
 - Several qemu-iotests fixes and improvements
 ----------------------------------------------------------------
-Alberto Garcia (1):
+Hanna Czenczek (2):
-      block: Fix update of BDRV_O_AUTO_RDONLY in update_flags_from_options()
+      block/fuse: Let PUNCH_HOLE write zeroes
       iotests/308: Add test for 'write -zu'
-Daniel P. Berrangé (1):
+Stefan Hajnoczi (1):
-      iotests: fix nbd test 233 to work correctly with raw images
+      qed: remove spurious BDRV_POLL_WHILE()
-Eric Blake (2):
+ block/export/fuse.c        | 11 ++++++++++-
-      iotests: Skip 233 if certtool not installed
+ block/qed.c                |  1 -
-      iotests: Enhance 223 to cover multiple bitmap granularities
+ tests/qemu-iotests/308     | 43 +++++++++++++++++++++++++++++++++++++++++++
+ tests/qemu-iotests/308.out | 35 +++++++++++++++++++++++++++++++++++
-Igor Druzhinin (1):
+files changed, 88 insertions(+), 2 deletions(-)
       nvme: call blk_drain in NVMe reset code to avoid lockups
 Kevin Wolf (3):
       iotests: Replace time.clock() with Timeout
       iotests: Replace assertEquals() with assertEqual()
       Revert "nvme: fix oob access issue(CVE-2018-16847)"
 Logan Gunthorpe (1):
       nvme: fix bug with PCI IRQ pins on teardown
 Max Reitz (2):
       qemu-img: Fix typo
       qemu-img: Fix leak
 Paolo Bonzini (1):
       nvme: fix out-of-bounds access to the CMB
 Richard W.M. Jones (1):
       scsi-disk: Fix crash if underlying host file or disk returns error
  block.c                       |  4 +--
  hw/block/nvme.c               | 12 +++-----
  hw/scsi/scsi-disk.c           |  2 +-
  qemu-img.c                    |  3 +-
  tests/nvme-test.c             | 68 ++++++++++++++++++++++++++++++++++++-------
  tests/Makefile.include        |  2 +-
  tests/qemu-iotests/041        |  6 ++--
  tests/qemu-iotests/118        | 20 +++++--------
  tests/qemu-iotests/223        | 43 ++++++++++++++++++++++-----
  tests/qemu-iotests/223.out    | 32 +++++++++++++++-----
  tests/qemu-iotests/233        |  9 ++++--
  tests/qemu-iotests/common.tls |  3 ++
  tests/qemu-iotests/iotests.py |  2 +-
 files changed, 148 insertions(+), 58 deletions(-)

-[Qemu-devel] [PULL 01/13] iotests: Replace time.clock() with Timeout
+Deleted patch
-time.clock() is deprecated since Python 3.3. Current Python versions
-warn that the function will be removed in Python 3.8, and those warnings
-make the test case 118 fail.
-Replace it with the Timeout mechanism that is compatible with both
-Python 2 and 3, and makes the code even a little nicer.
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: John Snow <jsnow@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
----
- tests/qemu-iotests/118 | 16 ++++++----------
-file changed, 6 insertions(+), 10 deletions(-)
-diff --git a/tests/qemu-iotests/118 b/tests/qemu-iotests/118
-index XXXXXXX..XXXXXXX 100755
---- a/tests/qemu-iotests/118
-+++ b/tests/qemu-iotests/118
-@@ -XXX,XX +XXX,XX @@ class ChangeBaseClass(iotests.QMPTestCase):
-         if not self.has_real_tray:
-             return
--        timeout = time.clock() + 3
--        while not self.has_opened and time.clock() < timeout:
--            self.process_events()
--        if not self.has_opened:
--            self.fail('Timeout while waiting for the tray to open')
-+        with iotests.Timeout(3, 'Timeout while waiting for the tray to open'):
-+            while not self.has_opened:
-+                self.process_events()
-     def wait_for_close(self):
-         if not self.has_real_tray:
-             return
--        timeout = time.clock() + 3
--        while not self.has_closed and time.clock() < timeout:
--            self.process_events()
--        if not self.has_opened:
--            self.fail('Timeout while waiting for the tray to close')
-+        with iotests.Timeout(3, 'Timeout while waiting for the tray to close'):
-+            while not self.has_closed:
-+                self.process_events()
- class GeneralChangeTestsBaseClass(ChangeBaseClass):
---
-.19.1

-[Qemu-devel] [PULL 02/13] iotests: Replace assertEquals() with assertEqual()
+Deleted patch
-TestCase.assertEquals() is deprecated since Python 2.7. Recent Python
-versions print a warning when the function is called, which makes test
-cases fail.
-Replace it with the preferred spelling assertEqual().
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-Reviewed-by: John Snow <jsnow@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
----
- tests/qemu-iotests/041        | 6 +++---
- tests/qemu-iotests/118        | 4 ++--
- tests/qemu-iotests/iotests.py | 2 +-
-files changed, 6 insertions(+), 6 deletions(-)
-diff --git a/tests/qemu-iotests/041 b/tests/qemu-iotests/041
-index XXXXXXX..XXXXXXX 100755
---- a/tests/qemu-iotests/041
-+++ b/tests/qemu-iotests/041
-@@ -XXX,XX +XXX,XX @@ new_state = "1"
-             self.assert_qmp(event, 'data/id', 'drive0')
-             event = self.vm.get_qmp_event(wait=True)
--        self.assertEquals(event['event'], 'BLOCK_JOB_ERROR')
-+        self.assertEqual(event['event'], 'BLOCK_JOB_ERROR')
-         self.assert_qmp(event, 'data/device', 'drive0')
-         self.assert_qmp(event, 'data/operation', 'read')
-         result = self.vm.qmp('query-block-jobs')
-@@ -XXX,XX +XXX,XX @@ new_state = "1"
-             self.assert_qmp(event, 'data/id', 'drive0')
-             event = self.vm.get_qmp_event(wait=True)
--        self.assertEquals(event['event'], 'BLOCK_JOB_ERROR')
-+        self.assertEqual(event['event'], 'BLOCK_JOB_ERROR')
-         self.assert_qmp(event, 'data/device', 'drive0')
-         self.assert_qmp(event, 'data/operation', 'read')
-         result = self.vm.qmp('query-block-jobs')
-@@ -XXX,XX +XXX,XX @@ new_state = "1"
-         self.assert_qmp(result, 'return', {})
-         event = self.vm.event_wait(name='BLOCK_JOB_ERROR')
--        self.assertEquals(event['event'], 'BLOCK_JOB_ERROR')
-+        self.assertEqual(event['event'], 'BLOCK_JOB_ERROR')
-         self.assert_qmp(event, 'data/device', 'drive0')
-         self.assert_qmp(event, 'data/operation', 'write')
-         result = self.vm.qmp('query-block-jobs')
-diff --git a/tests/qemu-iotests/118 b/tests/qemu-iotests/118
-index XXXXXXX..XXXXXXX 100755
---- a/tests/qemu-iotests/118
-+++ b/tests/qemu-iotests/118
-@@ -XXX,XX +XXX,XX @@ class GeneralChangeTestsBaseClass(ChangeBaseClass):
-         result = self.vm.qmp('blockdev-close-tray', id=self.device_name)
-         # Should be a no-op
-         self.assert_qmp(result, 'return', {})
--        self.assertEquals(self.vm.get_qmp_events(wait=False), [])
-+        self.assertEqual(self.vm.get_qmp_events(wait=False), [])
-     def test_remove_on_closed(self):
-         if not self.has_real_tray:
-@@ -XXX,XX +XXX,XX @@ class TestChangeReadOnly(ChangeBaseClass):
-                                                        read_only_mode='retain')
-         self.assert_qmp(result, 'error/class', 'GenericError')
--        self.assertEquals(self.vm.get_qmp_events(wait=False), [])
-+        self.assertEqual(self.vm.get_qmp_events(wait=False), [])
-         result = self.vm.qmp('query-block')
-         self.assert_qmp(result, 'return[0]/inserted/ro', False)
-diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qemu-iotests/iotests.py
-+++ b/tests/qemu-iotests/iotests.py
-@@ -XXX,XX +XXX,XX @@ class QMPTestCase(unittest.TestCase):
-     def wait_ready_and_cancel(self, drive='drive0'):
-         self.wait_ready(drive=drive)
-         event = self.cancel_and_wait(drive=drive)
--        self.assertEquals(event['event'], 'BLOCK_JOB_COMPLETED')
-+        self.assertEqual(event['event'], 'BLOCK_JOB_COMPLETED')
-         self.assert_qmp(event, 'data/type', 'mirror')
-         self.assert_qmp(event, 'data/offset', event['data']['len'])
---
-.19.1

-[Qemu-devel] [PULL 03/13] iotests: Skip 233 if certtool not installed
+Deleted patch
-From: Eric Blake <eblake@redhat.com>
-The use of TLS while building qemu is optional. While the
-'certtool' binary should be available on every platform that
-supports building against TLS, that does not imply that the
-developer has installed it.  Make the test gracefully skip
-in that case.
-Reported-by: Kevin Wolf <kwolf@redhat.com>
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Reviewed-by: John Snow <jsnow@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- tests/qemu-iotests/common.tls | 3 +++
-file changed, 3 insertions(+)
-diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qemu-iotests/common.tls
-+++ b/tests/qemu-iotests/common.tls
-@@ -XXX,XX +XXX,XX @@ tls_x509_cleanup()
- tls_x509_init()
- {
-+    (certtool --help) >/dev/null 2>&1 || \
-+    _notrun "certtool utility not found, skipping test"
-+
-     mkdir -p "${tls_dir}"
-     # use a fixed key so we don't waste system entropy on
---
-.19.1

-[Qemu-devel] [PULL 04/13] qemu-img: Fix typo
+Deleted patch
-From: Max Reitz <mreitz@redhat.com>
-Fixes: d402b6a21a825a5c07aac9251990860723d49f5d
-Reported-by: Kevin Wolf <kwolf@redhat.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Max Reitz <mreitz@redhat.com>
-Reviewed-by: John Snow <jsnow@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- qemu-img.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/qemu-img.c b/qemu-img.c
-index XXXXXXX..XXXXXXX 100644
---- a/qemu-img.c
-+++ b/qemu-img.c
-@@ -XXX,XX +XXX,XX @@ static int print_block_option_help(const char *filename, const char *fmt)
-             return 1;
-         }
-         if (!proto_drv->create_opts) {
--            error_report("Protocal driver '%s' does not support image creation",
-+            error_report("Protocol driver '%s' does not support image creation",
-                          proto_drv->format_name);
-             return 1;
-         }
---
-.19.1

-[Qemu-devel] [PULL 05/13] qemu-img: Fix leak
+Deleted patch
-From: Max Reitz <mreitz@redhat.com>
-create_opts was leaked here.  This is not too bad since the process is
-about to exit anyway, but relying on that does not make the code nicer
-to read.
-Fixes: d402b6a21a825a5c07aac9251990860723d49f5d
-Reported-by: Kevin Wolf <kwolf@redhat.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Max Reitz <mreitz@redhat.com>
-Reviewed-by: John Snow <jsnow@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- qemu-img.c | 1 +
-file changed, 1 insertion(+)
-diff --git a/qemu-img.c b/qemu-img.c
-index XXXXXXX..XXXXXXX 100644
---- a/qemu-img.c
-+++ b/qemu-img.c
-@@ -XXX,XX +XXX,XX @@ static int print_block_option_help(const char *filename, const char *fmt)
-         if (!proto_drv->create_opts) {
-             error_report("Protocol driver '%s' does not support image creation",
-                          proto_drv->format_name);
-+            qemu_opts_free(create_opts);
-             return 1;
-         }
-         create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
---
-.19.1

-[Qemu-devel] [PULL 06/13] scsi-disk: Fix crash if underlying host file or disk returns error
+Deleted patch
-From: "Richard W.M. Jones" <rjones@redhat.com>
-Commit 40dce4ee6 "scsi-disk: fix rerror/werror=ignore" introduced a
-bug which causes qemu to crash with the assertion error below if the
-host file or disk returns an error:
-  qemu-system-x86_64: hw/scsi/scsi-bus.c:1374: scsi_req_complete:
-  Assertion `req->status == -1' failed.
-Kevin Wolf suggested this fix:
-  < kwolf> Hm, should the final return false; in that patch
-           actually be a return true?
-  < kwolf> Because I think he didn't intend to change anything
-           except BLOCK_ERROR_ACTION_IGNORE
-Buglink: https://bugs.launchpad.net/qemu/+bug/1804323
-Fixes: 40dce4ee61c68395f6d463fae792f61b7c003bce
-Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- hw/scsi/scsi-disk.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/scsi/scsi-disk.c
-+++ b/hw/scsi/scsi-disk.c
-@@ -XXX,XX +XXX,XX @@ static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
-     if (action == BLOCK_ERROR_ACTION_STOP) {
-         scsi_req_retry(&r->req);
-     }
--    return false;
-+    return true;
- }
- static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
---
-.19.1

-[Qemu-devel] [PULL 07/13] block: Fix update of BDRV_O_AUTO_RDONLY in update_flags_from_options()
+Deleted patch
-From: Alberto Garcia <berto@igalia.com>
-Commit e35bdc123a4ace9f4d3fcca added the auto-read-only option and the
-code to update its corresponding flag in update_flags_from_options(),
-but forgot to clear the flag if auto-read-only is false.
-Signed-off-by: Alberto Garcia <berto@igalia.com>
-Reported-by: Max Reitz <mreitz@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- block.c | 4 +---
-file changed, 1 insertion(+), 3 deletions(-)
-diff --git a/block.c b/block.c
-index XXXXXXX..XXXXXXX 100644
---- a/block.c
-+++ b/block.c
-@@ -XXX,XX +XXX,XX @@ static int bdrv_open_flags(BlockDriverState *bs, int flags)
- static void update_flags_from_options(int *flags, QemuOpts *opts)
- {
--    *flags &= ~BDRV_O_CACHE_MASK;
-+    *flags &= ~(BDRV_O_CACHE_MASK | BDRV_O_RDWR | BDRV_O_AUTO_RDONLY);
-     assert(qemu_opt_find(opts, BDRV_OPT_CACHE_NO_FLUSH));
-     if (qemu_opt_get_bool_del(opts, BDRV_OPT_CACHE_NO_FLUSH, false)) {
-@@ -XXX,XX +XXX,XX @@ static void update_flags_from_options(int *flags, QemuOpts *opts)
-         *flags |= BDRV_O_NOCACHE;
-     }
--    *flags &= ~BDRV_O_RDWR;
--
-     assert(qemu_opt_find(opts, BDRV_OPT_READ_ONLY));
-     if (!qemu_opt_get_bool_del(opts, BDRV_OPT_READ_ONLY, false)) {
-         *flags |= BDRV_O_RDWR;
---
-.19.1

-[Qemu-devel] [PULL 13/13] iotests: Enhance 223 to cover multiple bitmap granularities
+[PULL 1/3] block/fuse: Let PUNCH_HOLE write zeroes
-From: Eric Blake <eblake@redhat.com>
+From: Hanna Czenczek <hreitz@redhat.com>
-Testing granularity at the same size as the cluster isn't quite
+fallocate(2) says about PUNCH_HOLE: "After a successful call, subsequent
-as fun as what happens when it is larger or smaller.  This
+reads from this range will return zeros."  As it is, PUNCH_HOLE is
-enhancement also shows that qemu's nbd server can serve the
+implemented as a call to blk_pdiscard(), which does not guarantee this.
 same disk over multiple exports simultaneously.
-Signed-off-by: Eric Blake <eblake@redhat.com>
+We must call blk_pwrite_zeroes() instead.  The difference to ZERO_RANGE
-Tested-by: John Snow <jsnow@redhat.com>
+is that we pass the `BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK` flags to
-Reviewed-by: John Snow <jsnow@redhat.com>
+the call -- the storage is supposed to be unmapped, and a slow fallback
 by actually writing zeroes as data is not allowed.
 Closes: https://gitlab.com/qemu-project/qemu/-/issues/1507
 Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
 Message-Id: <20230227104725.33511-2-hreitz@redhat.com>
 Reviewed-by: Kevin Wolf <kwolf@redhat.com>
 Signed-off-by: Kevin Wolf <kwolf@redhat.com>
 ---
- tests/qemu-iotests/223     | 43 +++++++++++++++++++++++++++++++-------
+ block/export/fuse.c | 11 ++++++++++-
- tests/qemu-iotests/223.out | 32 +++++++++++++++++++++-------
+file changed, 10 insertions(+), 1 deletion(-)
 files changed, 60 insertions(+), 15 deletions(-)
-diff --git a/tests/qemu-iotests/223 b/tests/qemu-iotests/223
+diff --git a/block/export/fuse.c b/block/export/fuse.c
-index XXXXXXX..XXXXXXX 100755
+index XXXXXXX..XXXXXXX 100644
---- a/tests/qemu-iotests/223
+--- a/block/export/fuse.c
-+++ b/tests/qemu-iotests/223
++++ b/block/export/fuse.c
-@@ -XXX,XX +XXX,XX @@ run_qemu()
+@@ -XXX,XX +XXX,XX @@ static void fuse_fallocate(fuse_req_t req, fuse_ino_t inode, int mode,
- }
+         do {
+             int size = MIN(length, BDRV_REQUEST_MAX_BYTES);
- echo
--echo "=== Create partially sparse image, then add dirty bitmap ==="
+-            ret = blk_pdiscard(exp->common.blk, offset, size);
-+echo "=== Create partially sparse image, then add dirty bitmaps ==="
++            ret = blk_pwrite_zeroes(exp->common.blk, offset, size,
- echo
++                                    BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK);
++            if (ret == -ENOTSUP) {
--_make_test_img 4M
++                /*
-+# Two bitmaps, to contrast granularity issues
++                 * fallocate() specifies to return EOPNOTSUPP for unsupported
-+_make_test_img -o cluster_size=4k 4M
++                 * operations
- $QEMU_IO -c 'w -P 0x11 1M 2M' "$TEST_IMG" | _filter_qemu_io
++                 */
- run_qemu <<EOF
++                ret = -EOPNOTSUPP;
- { "execute": "qmp_capabilities" }
++            }
@@ -XXX,XX +XXX,XX @@ run_qemu <<EOF
    "arguments": {
      "node": "n",
      "name": "b",
 -    "persistent": true
 +    "persistent": true,
 +    "granularity": 65536
 +  }
 +}
 +{ "execute": "block-dirty-bitmap-add",
 +  "arguments": {
 +    "node": "n",
 +    "name": "b2",
 +    "persistent": true,
 +    "granularity": 512
    }
  }
  { "execute": "quit" }
@@ -XXX,XX +XXX,XX @@ echo
  echo "=== Write part of the file under active bitmap ==="
  echo
 -$QEMU_IO -c 'w -P 0x22 2M 2M' "$TEST_IMG" | _filter_qemu_io
 +$QEMU_IO -c 'w -P 0x22 512 512' -c 'w -P 0x33 2M 2M' "$TEST_IMG" \
 +    | _filter_qemu_io
  echo
 -echo "=== End dirty bitmap, and start serving image over NBD ==="
 +echo "=== End dirty bitmaps, and start serving image over NBD ==="
  echo
  _launch_qemu 2> >(_filter_nbd)
@@ -XXX,XX +XXX,XX @@ _send_qemu_cmd $QEMU_HANDLE '{"execute":"blockdev-add",
      "file":{"driver":"file", "filename":"'"$TEST_IMG"'"}}}' "return"
  _send_qemu_cmd $QEMU_HANDLE '{"execute":"x-block-dirty-bitmap-disable",
    "arguments":{"node":"n", "name":"b"}}' "return"
 +_send_qemu_cmd $QEMU_HANDLE '{"execute":"x-block-dirty-bitmap-disable",
 +  "arguments":{"node":"n", "name":"b2"}}' "return"
  _send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-start",
    "arguments":{"addr":{"type":"unix",
      "data":{"path":"'"$TEST_DIR/nbd"'"}}}}' "return"
@@ -XXX,XX +XXX,XX @@ _send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-add",
    "arguments":{"device":"n"}}' "return"
  _send_qemu_cmd $QEMU_HANDLE '{"execute":"x-nbd-server-add-bitmap",
    "arguments":{"name":"n", "bitmap":"b"}}' "return"
 +_send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-add",
 +  "arguments":{"device":"n", "name":"n2"}}' "return"
 +_send_qemu_cmd $QEMU_HANDLE '{"execute":"x-nbd-server-add-bitmap",
 +  "arguments":{"name":"n2", "bitmap":"b2"}}' "return"
  echo
 -echo "=== Contrast normal status with dirty-bitmap status ==="
 +echo "=== Contrast normal status to large granularity dirty-bitmap ==="
  echo
  QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
  IMG="driver=nbd,export=n,server.type=unix,server.path=$TEST_DIR/nbd"
 -$QEMU_IO -r -c 'r -P 0 0 1m' -c 'r -P 0x11 1m 1m' \
 -  -c 'r -P 0x22 2m 2m' --image-opts "$IMG" | _filter_qemu_io
 +$QEMU_IO -r -c 'r -P 0x22 512 512' -c 'r -P 0 512k 512k' -c 'r -P 0x11 1m 1m' \
 +  -c 'r -P 0x33 2m 2m' --image-opts "$IMG" | _filter_qemu_io
  $QEMU_IMG map --output=json --image-opts \
    "$IMG" | _filter_qemu_img_map
  $QEMU_IMG map --output=json --image-opts \
    "$IMG,x-dirty-bitmap=qemu:dirty-bitmap:b" | _filter_qemu_img_map
 +echo
 +echo "=== Contrast to small granularity dirty-bitmap ==="
 +echo
 +
-+IMG="driver=nbd,export=n2,server.type=unix,server.path=$TEST_DIR/nbd"
+             offset += size;
-+$QEMU_IMG map --output=json --image-opts \
+             length -= size;
-+  "$IMG,x-dirty-bitmap=qemu:dirty-bitmap:b2" | _filter_qemu_img_map
+         } while (ret == 0 && length > 0);
 +
  echo
  echo "=== End NBD server ==="
  echo
  _send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-remove",
    "arguments":{"name":"n"}}' "return"
 +_send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-remove",
 +  "arguments":{"name":"n2"}}' "return"
  _send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-stop"}' "return"
  _send_qemu_cmd $QEMU_HANDLE '{"execute":"quit"}' "return"
 diff --git a/tests/qemu-iotests/223.out b/tests/qemu-iotests/223.out
 index XXXXXXX..XXXXXXX 100644
 --- a/tests/qemu-iotests/223.out
 +++ b/tests/qemu-iotests/223.out
@@ -XXX,XX +XXX,XX @@
  QA output created by 223
 -=== Create partially sparse image, then add dirty bitmap ===
 +=== Create partially sparse image, then add dirty bitmaps ===
  Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=4194304
  wrote 2097152/2097152 bytes at offset 1048576
@@ -XXX,XX +XXX,XX @@ QMP_VERSION
  {"return": {}}
  {"return": {}}
  {"return": {}}
 +{"return": {}}
  {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false}}
  === Write part of the file under active bitmap ===
 +wrote 512/512 bytes at offset 512
 +512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
  wrote 2097152/2097152 bytes at offset 2097152
 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 -=== End dirty bitmap, and start serving image over NBD ===
 +=== End dirty bitmaps, and start serving image over NBD ===
  {"return": {}}
  {"return": {}}
@@ -XXX,XX +XXX,XX @@ wrote 2097152/2097152 bytes at offset 2097152
  {"return": {}}
  {"return": {}}
  {"return": {}}
 +{"return": {}}
 +{"return": {}}
 +{"return": {}}
 -=== Contrast normal status with dirty-bitmap status ===
 +=== Contrast normal status to large granularity dirty-bitmap ===
 -read 1048576/1048576 bytes at offset 0
 -1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 +read 512/512 bytes at offset 512
 +512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 +read 524288/524288 bytes at offset 524288
 +512 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
  read 1048576/1048576 bytes at offset 1048576
 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
  read 2097152/2097152 bytes at offset 2097152
 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 -[{ "start": 0, "length": 1048576, "depth": 0, "zero": true, "data": false},
 +[{ "start": 0, "length": 4096, "depth": 0, "zero": false, "data": true},
 +{ "start": 4096, "length": 1044480, "depth": 0, "zero": true, "data": false},
  { "start": 1048576, "length": 3145728, "depth": 0, "zero": false, "data": true}]
 -[{ "start": 0, "length": 2097152, "depth": 0, "zero": false, "data": true},
 +[{ "start": 0, "length": 65536, "depth": 0, "zero": false, "data": false},
 +{ "start": 65536, "length": 2031616, "depth": 0, "zero": false, "data": true},
 +{ "start": 2097152, "length": 2097152, "depth": 0, "zero": false, "data": false}]
 +
 +=== Contrast to small granularity dirty-bitmap ===
 +
 +[{ "start": 0, "length": 512, "depth": 0, "zero": false, "data": true},
 +{ "start": 512, "length": 512, "depth": 0, "zero": false, "data": false},
 +{ "start": 1024, "length": 2096128, "depth": 0, "zero": false, "data": true},
  { "start": 2097152, "length": 2097152, "depth": 0, "zero": false, "data": false}]
  === End NBD server ===
@@ -XXX,XX +XXX,XX @@ read 2097152/2097152 bytes at offset 2097152
  {"return": {}}
  {"return": {}}
  {"return": {}}
 +{"return": {}}
  *** done
 --
-.19.1
+.39.2

-[Qemu-devel] [PULL 08/13] iotests: fix nbd test 233 to work correctly with raw images
+[PULL 2/3] iotests/308: Add test for 'write -zu'
-From: Daniel P. Berrangé <berrange@redhat.com>
+From: Hanna Czenczek <hreitz@redhat.com>
-The first qemu-io command must honour the $IMGFMT that is set rather
+Try writing zeroes to a FUSE export while allowing the area to be
-than hardcoding qcow2. The qemu-nbd commands should also set $IMGFMT
+unmapped; block/file-posix.c generally implements writing zeroes with
-to avoid the insecure format probe warning.
+BDRV_REQ_MAY_UNMAP ('write -zu') by calling fallocate(PUNCH_HOLE).  This
 used to lead to a blk_pdiscard() in the FUSE export, which may or may
 not lead to the area being zeroed.  HEAD^ fixed this to use
 blk_pwrite_zeroes() instead (again with BDRV_REQ_MAY_UNMAP), so verify
 that running `qemu-io 'write -zu'` on a FUSE exports always results in
 zeroes being written.
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20230227104725.33511-3-hreitz@redhat.com>
 Reviewed-by: Kevin Wolf <kwolf@redhat.com>
 Signed-off-by: Kevin Wolf <kwolf@redhat.com>
 ---
- tests/qemu-iotests/233 | 9 ++++++---
+ tests/qemu-iotests/308     | 43 ++++++++++++++++++++++++++++++++++++++
-file changed, 6 insertions(+), 3 deletions(-)
+ tests/qemu-iotests/308.out | 35 +++++++++++++++++++++++++++++++
 files changed, 78 insertions(+)
-diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233
+diff --git a/tests/qemu-iotests/308 b/tests/qemu-iotests/308
 index XXXXXXX..XXXXXXX 100755
---- a/tests/qemu-iotests/233
+--- a/tests/qemu-iotests/308
-+++ b/tests/qemu-iotests/233
++++ b/tests/qemu-iotests/308
-@@ -XXX,XX +XXX,XX @@ $QEMU_IO -c 'w -P 0x11 1m 1m' "$TEST_IMG" | _filter_qemu_io
+@@ -XXX,XX +XXX,XX @@ echo
+ echo '=== Compare copy with original ==='
- echo
- echo "== check TLS client to plain server fails =="
+ $QEMU_IMG compare -f raw -F $IMGFMT "$COPIED_IMG" "$TEST_IMG"
--nbd_server_start_tcp_socket "$TEST_IMG"
++_cleanup_test_img
-+nbd_server_start_tcp_socket -f $IMGFMT "$TEST_IMG"
++
++echo
- $QEMU_IMG info --image-opts \
++echo '=== Writing zeroes while unmapping ==='
-     --object tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0 \
++# Regression test for https://gitlab.com/qemu-project/qemu/-/issues/1507
-@@ -XXX,XX +XXX,XX @@ nbd_server_stop
++_make_test_img 64M
- echo
++$QEMU_IO -c 'write -s /dev/urandom 0 64M' "$TEST_IMG" | _filter_qemu_io
- echo "== check plain client to TLS server fails =="
++
++_launch_qemu
--nbd_server_start_tcp_socket --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes --tls-creds tls0 "$TEST_IMG"
++_send_qemu_cmd $QEMU_HANDLE \
-+nbd_server_start_tcp_socket \
++    "{'execute': 'qmp_capabilities'}" \
-+    --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \
++    'return'
-+    --tls-creds tls0 \
++
-+    -f $IMGFMT "$TEST_IMG"
++_send_qemu_cmd $QEMU_HANDLE \
++    "{'execute': 'blockdev-add',
- $QEMU_IMG info nbd://localhost:$nbd_tcp_port 2>&1 | sed "s/$nbd_tcp_port/PORT/g"
++      'arguments': {
++          'driver': '$IMGFMT',
-@@ -XXX,XX +XXX,XX @@ $QEMU_IO -c 'r -P 0x11 1m 1m' -c 'w -P 0x22 1m 1m' --image-opts \
++          'node-name': 'node-format',
-     driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
++          'file': {
->&1 | _filter_qemu_io
++              'driver': 'file',
++              'filename': '$TEST_IMG'
--$QEMU_IO -f qcow2 -r -U -c 'r -P 0x22 1m 1m' "$TEST_IMG" | _filter_qemu_io
++          }
-+$QEMU_IO -f $IMGFMT -r -U -c 'r -P 0x22 1m 1m' "$TEST_IMG" | _filter_qemu_io
++      } }" \
 +    'return'
 +
 +fuse_export_add 'export' "'mountpoint': '$EXT_MP', 'writable': true"
 +
 +# Try writing zeroes by unmapping
 +$QEMU_IO -f raw -c 'write -zu 0 64M' "$EXT_MP" | _filter_qemu_io
 +
 +# Check the result
 +$QEMU_IO -f raw -c 'read -P 0 0 64M' "$EXT_MP" | _filter_qemu_io
 +
 +_send_qemu_cmd $QEMU_HANDLE \
 +    "{'execute': 'quit'}" \
 +    'return'
 +
 +wait=yes _cleanup_qemu
 +
 +# Check the original image
 +$QEMU_IO -c 'read -P 0 0 64M' "$TEST_IMG" | _filter_qemu_io
 +
 +_cleanup_test_img
  # success, all done
  echo "*** done"
+diff --git a/tests/qemu-iotests/308.out b/tests/qemu-iotests/308.out
+index XXXXXXX..XXXXXXX 100644
+--- a/tests/qemu-iotests/308.out
++++ b/tests/qemu-iotests/308.out
+@@ -XXX,XX +XXX,XX @@ OK: Post-truncate image size is as expected
+ === Compare copy with original ===
+ Images are identical.
++
++=== Writing zeroes while unmapping ===
++Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
++wrote 67108864/67108864 bytes at offset 0
++64 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
++{'execute': 'qmp_capabilities'}
++{"return": {}}
++{'execute': 'blockdev-add',
++      'arguments': {
++          'driver': 'IMGFMT',
++          'node-name': 'node-format',
++          'file': {
++              'driver': 'file',
++              'filename': 'TEST_DIR/t.IMGFMT'
++          }
++      } }
++{"return": {}}
++{'execute': 'block-export-add',
++          'arguments': {
++              'type': 'fuse',
++              'id': 'export',
++              'node-name': 'node-format',
++              'mountpoint': 'TEST_DIR/t.IMGFMT.fuse', 'writable': true
++          } }
++{"return": {}}
++wrote 67108864/67108864 bytes at offset 0
++64 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
++read 67108864/67108864 bytes at offset 0
++64 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
++{'execute': 'quit'}
++{"return": {}}
++{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}}
++{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "BLOCK_EXPORT_DELETED", "data": {"id": "export"}}
++read 67108864/67108864 bytes at offset 0
++64 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+ *** done
 --
-.19.1
+.39.2

-[Qemu-devel] [PULL 09/13] nvme: call blk_drain in NVMe reset code to avoid lockups
+Deleted patch
-From: Igor Druzhinin <igor.druzhinin@citrix.com>
-When blk_flush called in NVMe reset path S/C queues are already freed
-which means that re-entering AIO handling loop having some IO requests
-unfinished will lockup or crash as their SG structures being potentially
-reused. Call blk_drain before freeing the queues to avoid this nasty
-scenario.
-Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- hw/block/nvme.c | 2 ++
-file changed, 2 insertions(+)
-diff --git a/hw/block/nvme.c b/hw/block/nvme.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/block/nvme.c
-+++ b/hw/block/nvme.c
-@@ -XXX,XX +XXX,XX @@ static void nvme_clear_ctrl(NvmeCtrl *n)
- {
-     int i;
-+    blk_drain(n->conf.blk);
-+
-     for (i = 0; i < n->num_queues; i++) {
-         if (n->sq[i] != NULL) {
-             nvme_free_sq(n->sq[i], n);
---
-.19.1

-[Qemu-devel] [PULL 10/13] nvme: fix out-of-bounds access to the CMB
+Deleted patch
-From: Paolo Bonzini <pbonzini@redhat.com>
-Because the CMB BAR has a min_access_size of 2, if you read the last
-byte it will try to memcpy *2* bytes from n->cmbuf, causing an off-by-one
-error.  This is CVE-2018-16847.
-Another way to fix this might be to register the CMB as a RAM memory
-region, which would also be more efficient.  However, that might be a
-change for big-endian machines; I didn't think this through and I don't
-know how real hardware works.  Add a basic testcase for the CMB in case
-somebody does this change later on.
-Cc: Keith Busch <keith.busch@intel.com>
-Cc: qemu-block@nongnu.org
-Reported-by: Li Qiang <liq3ea@gmail.com>
-Reviewed-by: Li Qiang <liq3ea@gmail.com>
-Tested-by: Li Qiang <liq3ea@gmail.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- hw/block/nvme.c        |  2 +-
- tests/nvme-test.c      | 68 +++++++++++++++++++++++++++++++++++-------
- tests/Makefile.include |  2 +-
-files changed, 60 insertions(+), 12 deletions(-)
-diff --git a/hw/block/nvme.c b/hw/block/nvme.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/block/nvme.c
-+++ b/hw/block/nvme.c
-@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps nvme_cmb_ops = {
-     .write = nvme_cmb_write,
-     .endianness = DEVICE_LITTLE_ENDIAN,
-     .impl = {
--        .min_access_size = 2,
-+        .min_access_size = 1,
-         .max_access_size = 8,
-     },
- };
-diff --git a/tests/nvme-test.c b/tests/nvme-test.c
-index XXXXXXX..XXXXXXX 100644
---- a/tests/nvme-test.c
-+++ b/tests/nvme-test.c
-@@ -XXX,XX +XXX,XX @@
-  */
- #include "qemu/osdep.h"
-+#include "qemu/units.h"
- #include "libqtest.h"
-+#include "libqos/libqos-pc.h"
-+
-+static QOSState *qnvme_start(const char *extra_opts)
-+{
-+    QOSState *qs;
-+    const char *arch = qtest_get_arch();
-+    const char *cmd = "-drive id=drv0,if=none,file=null-co://,format=raw "
-+                      "-device nvme,addr=0x4.0,serial=foo,drive=drv0 %s";
-+
-+    if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
-+        qs = qtest_pc_boot(cmd, extra_opts ? : "");
-+        global_qtest = qs->qts;
-+        return qs;
-+    }
-+
-+    g_printerr("nvme tests are only available on x86\n");
-+    exit(EXIT_FAILURE);
-+}
-+
-+static void qnvme_stop(QOSState *qs)
-+{
-+    qtest_shutdown(qs);
-+}
--/* Tests only initialization so far. TODO: Replace with functional tests */
- static void nop(void)
- {
-+    QOSState *qs;
-+
-+    qs = qnvme_start(NULL);
-+    qnvme_stop(qs);
- }
--int main(int argc, char **argv)
-+static void nvmetest_cmb_test(void)
- {
--    int ret;
-+    const int cmb_bar_size = 2 * MiB;
-+    QOSState *qs;
-+    QPCIDevice *pdev;
-+    QPCIBar bar;
--    g_test_init(&argc, &argv, NULL);
--    qtest_add_func("/nvme/nop", nop);
-+    qs = qnvme_start("-global nvme.cmb_size_mb=2");
-+    pdev = qpci_device_find(qs->pcibus, QPCI_DEVFN(4,0));
-+    g_assert(pdev != NULL);
-+
-+    qpci_device_enable(pdev);
-+    bar = qpci_iomap(pdev, 2, NULL);
-+
-+    qpci_io_writel(pdev, bar, 0, 0xccbbaa99);
-+    g_assert_cmpint(qpci_io_readb(pdev, bar, 0), ==, 0x99);
-+    g_assert_cmpint(qpci_io_readw(pdev, bar, 0), ==, 0xaa99);
-+
-+    /* Test partially out-of-bounds accesses.  */
-+    qpci_io_writel(pdev, bar, cmb_bar_size - 1, 0x44332211);
-+    g_assert_cmpint(qpci_io_readb(pdev, bar, cmb_bar_size - 1), ==, 0x11);
-+    g_assert_cmpint(qpci_io_readw(pdev, bar, cmb_bar_size - 1), !=, 0x2211);
-+    g_assert_cmpint(qpci_io_readl(pdev, bar, cmb_bar_size - 1), !=, 0x44332211);
-+    g_free(pdev);
--    qtest_start("-drive id=drv0,if=none,file=null-co://,format=raw "
--                "-device nvme,drive=drv0,serial=foo");
--    ret = g_test_run();
-+    qnvme_stop(qs);
-+}
--    qtest_end();
-+int main(int argc, char **argv)
-+{
-+    g_test_init(&argc, &argv, NULL);
-+    qtest_add_func("/nvme/nop", nop);
-+    qtest_add_func("/nvme/cmb_test", nvmetest_cmb_test);
--    return ret;
-+    return g_test_run();
- }
-diff --git a/tests/Makefile.include b/tests/Makefile.include
-index XXXXXXX..XXXXXXX 100644
---- a/tests/Makefile.include
-+++ b/tests/Makefile.include
-@@ -XXX,XX +XXX,XX @@ tests/test-hmp$(EXESUF): tests/test-hmp.o
- tests/machine-none-test$(EXESUF): tests/machine-none-test.o
- tests/drive_del-test$(EXESUF): tests/drive_del-test.o $(libqos-virtio-obj-y)
- tests/qdev-monitor-test$(EXESUF): tests/qdev-monitor-test.o $(libqos-pc-obj-y)
--tests/nvme-test$(EXESUF): tests/nvme-test.o
-+tests/nvme-test$(EXESUF): tests/nvme-test.o $(libqos-pc-obj-y)
- tests/pvpanic-test$(EXESUF): tests/pvpanic-test.o
- tests/i82801b11-test$(EXESUF): tests/i82801b11-test.o
- tests/ac97-test$(EXESUF): tests/ac97-test.o
---
-.19.1

-[Qemu-devel] [PULL 11/13] Revert "nvme: fix oob access issue(CVE-2018-16847)"
+[PULL 3/3] qed: remove spurious BDRV_POLL_WHILE()
-This reverts commit 5e3c0220d7e4f0361c4d36c697a8842f2b583402.
+From: Stefan Hajnoczi <stefanha@redhat.com>
 We have a better fix commited for this now.
+This looks like a copy-paste or merge error. BDRV_POLL_WHILE() is
+already called above. It's not needed in the qemu_in_coroutine() case.
+Fixes: 9fb4dfc570ce ("qed: make bdrv_qed_do_open a coroutine_fn")
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20230309163134.398707-1-stefanha@redhat.com>
+Reviewed-by: Kevin Wolf <kwolf@redhat.com>
 Signed-off-by: Kevin Wolf <kwolf@redhat.com>
 ---
- hw/block/nvme.c | 7 -------
+ block/qed.c | 1 -
-file changed, 7 deletions(-)
+file changed, 1 deletion(-)
-diff --git a/hw/block/nvme.c b/hw/block/nvme.c
+diff --git a/block/qed.c b/block/qed.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/block/nvme.c
+--- a/block/qed.c
-+++ b/hw/block/nvme.c
++++ b/block/qed.c
-@@ -XXX,XX +XXX,XX @@ static void nvme_cmb_write(void *opaque, hwaddr addr, uint64_t data,
+@@ -XXX,XX +XXX,XX @@ static int bdrv_qed_open(BlockDriverState *bs, QDict *options, int flags,
-     unsigned size)
+         qemu_coroutine_enter(qemu_coroutine_create(bdrv_qed_open_entry, &qoc));
- {
+         BDRV_POLL_WHILE(bs, qoc.ret == -EINPROGRESS);
-     NvmeCtrl *n = (NvmeCtrl *)opaque;
+     }
--
+-    BDRV_POLL_WHILE(bs, qoc.ret == -EINPROGRESS);
--    if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
+     return qoc.ret;
 -        return;
 -    }
      memcpy(&n->cmbuf[addr], &data, size);
  }
-@@ -XXX,XX +XXX,XX @@ static uint64_t nvme_cmb_read(void *opaque, hwaddr addr, unsigned size)
-     uint64_t val;
-     NvmeCtrl *n = (NvmeCtrl *)opaque;
--    if (addr + size > NVME_CMBSZ_GETSIZE(n->bar.cmbsz)) {
--        return 0;
--    }
-     memcpy(&val, &n->cmbuf[addr], size);
-     return val;
- }
 --
-.19.1
+.39.2

-[Qemu-devel] [PULL 12/13] nvme: fix bug with PCI IRQ pins on teardown
+Deleted patch
-From: Logan Gunthorpe <logang@deltatee.com>
-When the submission and completion queues are being torn down
-the IRQ will be asserted for the completion queue when the
-submsission queue is deleted. Then when the completion queue
-is deleted it stays asserted. Thus, on systems that do
-not use MSI, no further interrupts can be triggered on the host.
-Linux sees this as a long delay when unbinding the nvme device.
-Eventually the interrupt timeout occurs and it continues.
-To fix this we ensure we deassert the IRQ for a CQ when it is
-deleted.
-Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- hw/block/nvme.c | 1 +
-file changed, 1 insertion(+)
-diff --git a/hw/block/nvme.c b/hw/block/nvme.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/block/nvme.c
-+++ b/hw/block/nvme.c
-@@ -XXX,XX +XXX,XX @@ static uint16_t nvme_del_cq(NvmeCtrl *n, NvmeCmd *cmd)
-         trace_nvme_err_invalid_del_cq_notempty(qid);
-         return NVME_INVALID_QUEUE_DEL;
-     }
-+    nvme_irq_deassert(n, cq);
-     trace_nvme_del_cq(qid);
-     nvme_free_cq(cq, n);
-     return NVME_SUCCESS;
---
-.19.1

The following changes since commit 47c1cc30e440860aa695358f7c2dd0b9d7b53d16:

Update version for v3.1.0-rc2 release (2018-11-20 18:10:26 +0000)

are available in the Git repository at:

git://repo.or.cz/qemu/kevin.git tags/for-upstream

for you to fetch changes up to 924956b1efc50af7cc334b7a14f56aa213ca27ef:

iotests: Enhance 223 to cover multiple bitmap granularities (2018-11-22 16:43:52 +0100)

----------------------------------------------------------------
Block layer patches:

- block: Fix update of BDRV_O_AUTO_RDONLY in update_flags_from_options()
- qemu-img: Fix memory leak and typo in error message
- nvme: Fixes for lockups and crashes
- scsi-disk: Fix crash if underlying host file or disk returns error
- Several qemu-iotests fixes and improvements

----------------------------------------------------------------
Alberto Garcia (1):
      block: Fix update of BDRV_O_AUTO_RDONLY in update_flags_from_options()

Daniel P. Berrangé (1):
      iotests: fix nbd test 233 to work correctly with raw images

Eric Blake (2):
      iotests: Skip 233 if certtool not installed
      iotests: Enhance 223 to cover multiple bitmap granularities

Igor Druzhinin (1):
      nvme: call blk_drain in NVMe reset code to avoid lockups

Kevin Wolf (3):
      iotests: Replace time.clock() with Timeout
      iotests: Replace assertEquals() with assertEqual()
      Revert "nvme: fix oob access issue(CVE-2018-16847)"

Logan Gunthorpe (1):
      nvme: fix bug with PCI IRQ pins on teardown

Max Reitz (2):
      qemu-img: Fix typo
      qemu-img: Fix leak

Paolo Bonzini (1):
      nvme: fix out-of-bounds access to the CMB

Richard W.M. Jones (1):
      scsi-disk: Fix crash if underlying host file or disk returns error

time.clock() is deprecated since Python 3.3. Current Python versions
warn that the function will be removed in Python 3.8, and those warnings
make the test case 118 fail.

Replace it with the Timeout mechanism that is compatible with both
Python 2 and 3, and makes the code even a little nicer.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 tests/qemu-iotests/118 | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/tests/qemu-iotests/118 b/tests/qemu-iotests/118
index XXXXXXX..XXXXXXX 100755
--- a/tests/qemu-iotests/118
+++ b/tests/qemu-iotests/118
@@ -XXX,XX +XXX,XX @@ class ChangeBaseClass(iotests.QMPTestCase):
         if not self.has_real_tray:
             return
 
-        timeout = time.clock() + 3
-        while not self.has_opened and time.clock() < timeout:
-            self.process_events()
-        if not self.has_opened:
-            self.fail('Timeout while waiting for the tray to open')
+        with iotests.Timeout(3, 'Timeout while waiting for the tray to open'):
+            while not self.has_opened:
+                self.process_events()
 
     def wait_for_close(self):
         if not self.has_real_tray:
             return
 
-        timeout = time.clock() + 3
-        while not self.has_closed and time.clock() < timeout:
-            self.process_events()
-        if not self.has_opened:
-            self.fail('Timeout while waiting for the tray to close')
+        with iotests.Timeout(3, 'Timeout while waiting for the tray to close'):
+            while not self.has_closed:
+                self.process_events()
 
 class GeneralChangeTestsBaseClass(ChangeBaseClass):
 
-- 
2.19.1

TestCase.assertEquals() is deprecated since Python 2.7. Recent Python
versions print a warning when the function is called, which makes test
cases fail.

Replace it with the preferred spelling assertEqual().

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 tests/qemu-iotests/041        | 6 +++---
 tests/qemu-iotests/118        | 4 ++--
 tests/qemu-iotests/iotests.py | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/tests/qemu-iotests/041 b/tests/qemu-iotests/041
index XXXXXXX..XXXXXXX 100755
--- a/tests/qemu-iotests/041
+++ b/tests/qemu-iotests/041
@@ -XXX,XX +XXX,XX @@ new_state = "1"
             self.assert_qmp(event, 'data/id', 'drive0')
             event = self.vm.get_qmp_event(wait=True)
 
-        self.assertEquals(event['event'], 'BLOCK_JOB_ERROR')
+        self.assertEqual(event['event'], 'BLOCK_JOB_ERROR')
         self.assert_qmp(event, 'data/device', 'drive0')
         self.assert_qmp(event, 'data/operation', 'read')
         result = self.vm.qmp('query-block-jobs')
@@ -XXX,XX +XXX,XX @@ new_state = "1"
             self.assert_qmp(event, 'data/id', 'drive0')
             event = self.vm.get_qmp_event(wait=True)
 
-        self.assertEquals(event['event'], 'BLOCK_JOB_ERROR')
+        self.assertEqual(event['event'], 'BLOCK_JOB_ERROR')
         self.assert_qmp(event, 'data/device', 'drive0')
         self.assert_qmp(event, 'data/operation', 'read')
         result = self.vm.qmp('query-block-jobs')
@@ -XXX,XX +XXX,XX @@ new_state = "1"
         self.assert_qmp(result, 'return', {})
 
         event = self.vm.event_wait(name='BLOCK_JOB_ERROR')
-        self.assertEquals(event['event'], 'BLOCK_JOB_ERROR')
+        self.assertEqual(event['event'], 'BLOCK_JOB_ERROR')
         self.assert_qmp(event, 'data/device', 'drive0')
         self.assert_qmp(event, 'data/operation', 'write')
         result = self.vm.qmp('query-block-jobs')
diff --git a/tests/qemu-iotests/118 b/tests/qemu-iotests/118
index XXXXXXX..XXXXXXX 100755
--- a/tests/qemu-iotests/118
+++ b/tests/qemu-iotests/118
@@ -XXX,XX +XXX,XX @@ class GeneralChangeTestsBaseClass(ChangeBaseClass):
         result = self.vm.qmp('blockdev-close-tray', id=self.device_name)
         # Should be a no-op
         self.assert_qmp(result, 'return', {})
-        self.assertEquals(self.vm.get_qmp_events(wait=False), [])
+        self.assertEqual(self.vm.get_qmp_events(wait=False), [])
 
     def test_remove_on_closed(self):
         if not self.has_real_tray:
@@ -XXX,XX +XXX,XX @@ class TestChangeReadOnly(ChangeBaseClass):
                                                        read_only_mode='retain')
         self.assert_qmp(result, 'error/class', 'GenericError')
 
-        self.assertEquals(self.vm.get_qmp_events(wait=False), [])
+        self.assertEqual(self.vm.get_qmp_events(wait=False), [])
 
         result = self.vm.qmp('query-block')
         self.assert_qmp(result, 'return[0]/inserted/ro', False)
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index XXXXXXX..XXXXXXX 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -XXX,XX +XXX,XX @@ class QMPTestCase(unittest.TestCase):
     def wait_ready_and_cancel(self, drive='drive0'):
         self.wait_ready(drive=drive)
         event = self.cancel_and_wait(drive=drive)
-        self.assertEquals(event['event'], 'BLOCK_JOB_COMPLETED')
+        self.assertEqual(event['event'], 'BLOCK_JOB_COMPLETED')
         self.assert_qmp(event, 'data/type', 'mirror')
         self.assert_qmp(event, 'data/offset', event['data']['len'])
 
-- 
2.19.1

From: Eric Blake <eblake@redhat.com>

The use of TLS while building qemu is optional. While the
'certtool' binary should be available on every platform that
supports building against TLS, that does not imply that the
developer has installed it.  Make the test gracefully skip
in that case.

Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 tests/qemu-iotests/common.tls | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls
index XXXXXXX..XXXXXXX 100644
--- a/tests/qemu-iotests/common.tls
+++ b/tests/qemu-iotests/common.tls
@@ -XXX,XX +XXX,XX @@ tls_x509_cleanup()
 
 tls_x509_init()
 {
+    (certtool --help) >/dev/null 2>&1 || \
+	_notrun "certtool utility not found, skipping test"
+
     mkdir -p "${tls_dir}"
 
     # use a fixed key so we don't waste system entropy on
-- 
2.19.1

From: Max Reitz <mreitz@redhat.com>

create_opts was leaked here.  This is not too bad since the process is
about to exit anyway, but relying on that does not make the code nicer
to read.

Fixes: d402b6a21a825a5c07aac9251990860723d49f5d
Reported-by: Kevin Wolf <kwolf@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 qemu-img.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/qemu-img.c b/qemu-img.c
index XXXXXXX..XXXXXXX 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -XXX,XX +XXX,XX @@ static int print_block_option_help(const char *filename, const char *fmt)
         if (!proto_drv->create_opts) {
             error_report("Protocol driver '%s' does not support image creation",
                          proto_drv->format_name);
+            qemu_opts_free(create_opts);
             return 1;
         }
         create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
-- 
2.19.1

From: "Richard W.M. Jones" <rjones@redhat.com>

Commit 40dce4ee6 "scsi-disk: fix rerror/werror=ignore" introduced a
bug which causes qemu to crash with the assertion error below if the
host file or disk returns an error:

qemu-system-x86_64: hw/scsi/scsi-bus.c:1374: scsi_req_complete:
  Assertion `req->status == -1' failed.

Kevin Wolf suggested this fix:

< kwolf> Hm, should the final return false; in that patch
           actually be a return true?
  < kwolf> Because I think he didn't intend to change anything
           except BLOCK_ERROR_ACTION_IGNORE

Buglink: https://bugs.launchpad.net/qemu/+bug/1804323
Fixes: 40dce4ee61c68395f6d463fae792f61b7c003bce
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 hw/scsi/scsi-disk.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -XXX,XX +XXX,XX @@ static bool scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
     if (action == BLOCK_ERROR_ACTION_STOP) {
         scsi_req_retry(&r->req);
     }
-    return false;
+    return true;
 }
 
 static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
-- 
2.19.1

From: Alberto Garcia <berto@igalia.com>

Commit e35bdc123a4ace9f4d3fcca added the auto-read-only option and the
code to update its corresponding flag in update_flags_from_options(),
but forgot to clear the flag if auto-read-only is false.

Signed-off-by: Alberto Garcia <berto@igalia.com>
Reported-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/block.c b/block.c
index XXXXXXX..XXXXXXX 100644
--- a/block.c
+++ b/block.c
@@ -XXX,XX +XXX,XX @@ static int bdrv_open_flags(BlockDriverState *bs, int flags)
 
 static void update_flags_from_options(int *flags, QemuOpts *opts)
 {
-    *flags &= ~BDRV_O_CACHE_MASK;
+    *flags &= ~(BDRV_O_CACHE_MASK | BDRV_O_RDWR | BDRV_O_AUTO_RDONLY);
 
     assert(qemu_opt_find(opts, BDRV_OPT_CACHE_NO_FLUSH));
     if (qemu_opt_get_bool_del(opts, BDRV_OPT_CACHE_NO_FLUSH, false)) {
@@ -XXX,XX +XXX,XX @@ static void update_flags_from_options(int *flags, QemuOpts *opts)
         *flags |= BDRV_O_NOCACHE;
     }
 
-    *flags &= ~BDRV_O_RDWR;
-
     assert(qemu_opt_find(opts, BDRV_OPT_READ_ONLY));
     if (!qemu_opt_get_bool_del(opts, BDRV_OPT_READ_ONLY, false)) {
         *flags |= BDRV_O_RDWR;
-- 
2.19.1

From: Daniel P. Berrangé <berrange@redhat.com>

The first qemu-io command must honour the $IMGFMT that is set rather
than hardcoding qcow2. The qemu-nbd commands should also set $IMGFMT
to avoid the insecure format probe warning.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 tests/qemu-iotests/233 | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233
index XXXXXXX..XXXXXXX 100755
--- a/tests/qemu-iotests/233
+++ b/tests/qemu-iotests/233
@@ -XXX,XX +XXX,XX @@ $QEMU_IO -c 'w -P 0x11 1m 1m' "$TEST_IMG" | _filter_qemu_io
 
 echo
 echo "== check TLS client to plain server fails =="
-nbd_server_start_tcp_socket "$TEST_IMG"
+nbd_server_start_tcp_socket -f $IMGFMT "$TEST_IMG"
 
 $QEMU_IMG info --image-opts \
     --object tls-creds-x509,dir=${tls_dir}/client1,endpoint=client,id=tls0 \
@@ -XXX,XX +XXX,XX @@ nbd_server_stop
 echo
 echo "== check plain client to TLS server fails =="
 
-nbd_server_start_tcp_socket --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes --tls-creds tls0 "$TEST_IMG"
+nbd_server_start_tcp_socket \
+    --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \
+    --tls-creds tls0 \
+    -f $IMGFMT "$TEST_IMG"
 
 $QEMU_IMG info nbd://localhost:$nbd_tcp_port 2>&1 | sed "s/$nbd_tcp_port/PORT/g"
 
@@ -XXX,XX +XXX,XX @@ $QEMU_IO -c 'r -P 0x11 1m 1m' -c 'w -P 0x22 1m 1m' --image-opts \
     driver=nbd,host=$nbd_tcp_addr,port=$nbd_tcp_port,tls-creds=tls0 \
     2>&1 | _filter_qemu_io
 
-$QEMU_IO -f qcow2 -r -U -c 'r -P 0x22 1m 1m' "$TEST_IMG" | _filter_qemu_io
+$QEMU_IO -f $IMGFMT -r -U -c 'r -P 0x22 1m 1m' "$TEST_IMG" | _filter_qemu_io
 
 # success, all done
 echo "*** done"
-- 
2.19.1

From: Paolo Bonzini <pbonzini@redhat.com>

Because the CMB BAR has a min_access_size of 2, if you read the last
byte it will try to memcpy *2* bytes from n->cmbuf, causing an off-by-one
error.  This is CVE-2018-16847.

Another way to fix this might be to register the CMB as a RAM memory
region, which would also be more efficient.  However, that might be a
change for big-endian machines; I didn't think this through and I don't
know how real hardware works.  Add a basic testcase for the CMB in case
somebody does this change later on.

Cc: Keith Busch <keith.busch@intel.com>
Cc: qemu-block@nongnu.org
Reported-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Tested-by: Li Qiang <liq3ea@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 hw/block/nvme.c        |  2 +-
 tests/nvme-test.c      | 68 +++++++++++++++++++++++++++++++++++-------
 tests/Makefile.include |  2 +-
 3 files changed, 60 insertions(+), 12 deletions(-)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -XXX,XX +XXX,XX @@ static const MemoryRegionOps nvme_cmb_ops = {
     .write = nvme_cmb_write,
     .endianness = DEVICE_LITTLE_ENDIAN,
     .impl = {
-        .min_access_size = 2,
+        .min_access_size = 1,
         .max_access_size = 8,
     },
 };
diff --git a/tests/nvme-test.c b/tests/nvme-test.c
index XXXXXXX..XXXXXXX 100644
--- a/tests/nvme-test.c
+++ b/tests/nvme-test.c
@@ -XXX,XX +XXX,XX @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/units.h"
 #include "libqtest.h"
+#include "libqos/libqos-pc.h"
+
+static QOSState *qnvme_start(const char *extra_opts)
+{
+    QOSState *qs;
+    const char *arch = qtest_get_arch();
+    const char *cmd = "-drive id=drv0,if=none,file=null-co://,format=raw "
+                      "-device nvme,addr=0x4.0,serial=foo,drive=drv0 %s";
+
+    if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
+        qs = qtest_pc_boot(cmd, extra_opts ? : "");
+        global_qtest = qs->qts;
+        return qs;
+    }
+
+    g_printerr("nvme tests are only available on x86\n");
+    exit(EXIT_FAILURE);
+}
+
+static void qnvme_stop(QOSState *qs)
+{
+    qtest_shutdown(qs);
+}
 
-/* Tests only initialization so far. TODO: Replace with functional tests */
 static void nop(void)
 {
+    QOSState *qs;
+
+    qs = qnvme_start(NULL);
+    qnvme_stop(qs);
 }
 
-int main(int argc, char **argv)
+static void nvmetest_cmb_test(void)
 {
-    int ret;
+    const int cmb_bar_size = 2 * MiB;
+    QOSState *qs;
+    QPCIDevice *pdev;
+    QPCIBar bar;
 
-    g_test_init(&argc, &argv, NULL);
-    qtest_add_func("/nvme/nop", nop);
+    qs = qnvme_start("-global nvme.cmb_size_mb=2");
+    pdev = qpci_device_find(qs->pcibus, QPCI_DEVFN(4,0));
+    g_assert(pdev != NULL);
+
+    qpci_device_enable(pdev);
+    bar = qpci_iomap(pdev, 2, NULL);
+
+    qpci_io_writel(pdev, bar, 0, 0xccbbaa99);
+    g_assert_cmpint(qpci_io_readb(pdev, bar, 0), ==, 0x99);
+    g_assert_cmpint(qpci_io_readw(pdev, bar, 0), ==, 0xaa99);
+
+    /* Test partially out-of-bounds accesses.  */
+    qpci_io_writel(pdev, bar, cmb_bar_size - 1, 0x44332211);
+    g_assert_cmpint(qpci_io_readb(pdev, bar, cmb_bar_size - 1), ==, 0x11);
+    g_assert_cmpint(qpci_io_readw(pdev, bar, cmb_bar_size - 1), !=, 0x2211);
+    g_assert_cmpint(qpci_io_readl(pdev, bar, cmb_bar_size - 1), !=, 0x44332211);
+    g_free(pdev);
 
-    qtest_start("-drive id=drv0,if=none,file=null-co://,format=raw "
-                "-device nvme,drive=drv0,serial=foo");
-    ret = g_test_run();
+    qnvme_stop(qs);
+}
 
-    qtest_end();
+int main(int argc, char **argv)
+{
+    g_test_init(&argc, &argv, NULL);
+    qtest_add_func("/nvme/nop", nop);
+    qtest_add_func("/nvme/cmb_test", nvmetest_cmb_test);
 
-    return ret;
+    return g_test_run();
 }
diff --git a/tests/Makefile.include b/tests/Makefile.include
index XXXXXXX..XXXXXXX 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -XXX,XX +XXX,XX @@ tests/test-hmp$(EXESUF): tests/test-hmp.o
 tests/machine-none-test$(EXESUF): tests/machine-none-test.o
 tests/drive_del-test$(EXESUF): tests/drive_del-test.o $(libqos-virtio-obj-y)
 tests/qdev-monitor-test$(EXESUF): tests/qdev-monitor-test.o $(libqos-pc-obj-y)
-tests/nvme-test$(EXESUF): tests/nvme-test.o
+tests/nvme-test$(EXESUF): tests/nvme-test.o $(libqos-pc-obj-y)
 tests/pvpanic-test$(EXESUF): tests/pvpanic-test.o
 tests/i82801b11-test$(EXESUF): tests/i82801b11-test.o
 tests/ac97-test$(EXESUF): tests/ac97-test.o
-- 
2.19.1

From: Logan Gunthorpe <logang@deltatee.com>

When the submission and completion queues are being torn down
the IRQ will be asserted for the completion queue when the
submsission queue is deleted. Then when the completion queue
is deleted it stays asserted. Thus, on systems that do
not use MSI, no further interrupts can be triggered on the host.

Linux sees this as a long delay when unbinding the nvme device.
Eventually the interrupt timeout occurs and it continues.

To fix this we ensure we deassert the IRQ for a CQ when it is
deleted.

Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 hw/block/nvme.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -XXX,XX +XXX,XX @@ static uint16_t nvme_del_cq(NvmeCtrl *n, NvmeCmd *cmd)
         trace_nvme_err_invalid_del_cq_notempty(qid);
         return NVME_INVALID_QUEUE_DEL;
     }
+    nvme_irq_deassert(n, cq);
     trace_nvme_del_cq(qid);
     nvme_free_cq(cq, n);
     return NVME_SUCCESS;
-- 
2.19.1

From: Eric Blake <eblake@redhat.com>

Testing granularity at the same size as the cluster isn't quite
as fun as what happens when it is larger or smaller.  This
enhancement also shows that qemu's nbd server can serve the
same disk over multiple exports simultaneously.

Signed-off-by: Eric Blake <eblake@redhat.com>
Tested-by: John Snow <jsnow@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 tests/qemu-iotests/223     | 43 +++++++++++++++++++++++++++++++-------
 tests/qemu-iotests/223.out | 32 +++++++++++++++++++++-------
 2 files changed, 60 insertions(+), 15 deletions(-)

diff --git a/tests/qemu-iotests/223 b/tests/qemu-iotests/223
index XXXXXXX..XXXXXXX 100755
--- a/tests/qemu-iotests/223
+++ b/tests/qemu-iotests/223
@@ -XXX,XX +XXX,XX @@ run_qemu()
 }
 
 echo
-echo "=== Create partially sparse image, then add dirty bitmap ==="
+echo "=== Create partially sparse image, then add dirty bitmaps ==="
 echo
 
-_make_test_img 4M
+# Two bitmaps, to contrast granularity issues
+_make_test_img -o cluster_size=4k 4M
 $QEMU_IO -c 'w -P 0x11 1M 2M' "$TEST_IMG" | _filter_qemu_io
 run_qemu <<EOF
 { "execute": "qmp_capabilities" }
@@ -XXX,XX +XXX,XX @@ run_qemu <<EOF
   "arguments": {
     "node": "n",
     "name": "b",
-    "persistent": true
+    "persistent": true,
+    "granularity": 65536
+  }
+}
+{ "execute": "block-dirty-bitmap-add",
+  "arguments": {
+    "node": "n",
+    "name": "b2",
+    "persistent": true,
+    "granularity": 512
   }
 }
 { "execute": "quit" }
@@ -XXX,XX +XXX,XX @@ echo
 echo "=== Write part of the file under active bitmap ==="
 echo
 
-$QEMU_IO -c 'w -P 0x22 2M 2M' "$TEST_IMG" | _filter_qemu_io
+$QEMU_IO -c 'w -P 0x22 512 512' -c 'w -P 0x33 2M 2M' "$TEST_IMG" \
+    | _filter_qemu_io
 
 echo
-echo "=== End dirty bitmap, and start serving image over NBD ==="
+echo "=== End dirty bitmaps, and start serving image over NBD ==="
 echo
 
 _launch_qemu 2> >(_filter_nbd)
@@ -XXX,XX +XXX,XX @@ _send_qemu_cmd $QEMU_HANDLE '{"execute":"blockdev-add",
     "file":{"driver":"file", "filename":"'"$TEST_IMG"'"}}}' "return"
 _send_qemu_cmd $QEMU_HANDLE '{"execute":"x-block-dirty-bitmap-disable",
   "arguments":{"node":"n", "name":"b"}}' "return"
+_send_qemu_cmd $QEMU_HANDLE '{"execute":"x-block-dirty-bitmap-disable",
+  "arguments":{"node":"n", "name":"b2"}}' "return"
 _send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-start",
   "arguments":{"addr":{"type":"unix",
     "data":{"path":"'"$TEST_DIR/nbd"'"}}}}' "return"
@@ -XXX,XX +XXX,XX @@ _send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-add",
   "arguments":{"device":"n"}}' "return"
 _send_qemu_cmd $QEMU_HANDLE '{"execute":"x-nbd-server-add-bitmap",
   "arguments":{"name":"n", "bitmap":"b"}}' "return"
+_send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-add",
+  "arguments":{"device":"n", "name":"n2"}}' "return"
+_send_qemu_cmd $QEMU_HANDLE '{"execute":"x-nbd-server-add-bitmap",
+  "arguments":{"name":"n2", "bitmap":"b2"}}' "return"
 
 echo
-echo "=== Contrast normal status with dirty-bitmap status ==="
+echo "=== Contrast normal status to large granularity dirty-bitmap ==="
 echo
 
 QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT
 IMG="driver=nbd,export=n,server.type=unix,server.path=$TEST_DIR/nbd"
-$QEMU_IO -r -c 'r -P 0 0 1m' -c 'r -P 0x11 1m 1m' \
-  -c 'r -P 0x22 2m 2m' --image-opts "$IMG" | _filter_qemu_io
+$QEMU_IO -r -c 'r -P 0x22 512 512' -c 'r -P 0 512k 512k' -c 'r -P 0x11 1m 1m' \
+  -c 'r -P 0x33 2m 2m' --image-opts "$IMG" | _filter_qemu_io
 $QEMU_IMG map --output=json --image-opts \
   "$IMG" | _filter_qemu_img_map
 $QEMU_IMG map --output=json --image-opts \
   "$IMG,x-dirty-bitmap=qemu:dirty-bitmap:b" | _filter_qemu_img_map
 
+echo
+echo "=== Contrast to small granularity dirty-bitmap ==="
+echo
+
+IMG="driver=nbd,export=n2,server.type=unix,server.path=$TEST_DIR/nbd"
+$QEMU_IMG map --output=json --image-opts \
+  "$IMG,x-dirty-bitmap=qemu:dirty-bitmap:b2" | _filter_qemu_img_map
+
 echo
 echo "=== End NBD server ==="
 echo
 
 _send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-remove",
   "arguments":{"name":"n"}}' "return"
+_send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-remove",
+  "arguments":{"name":"n2"}}' "return"
 _send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-stop"}' "return"
 _send_qemu_cmd $QEMU_HANDLE '{"execute":"quit"}' "return"
 
diff --git a/tests/qemu-iotests/223.out b/tests/qemu-iotests/223.out
index XXXXXXX..XXXXXXX 100644
--- a/tests/qemu-iotests/223.out
+++ b/tests/qemu-iotests/223.out
@@ -XXX,XX +XXX,XX @@
 QA output created by 223
 
-=== Create partially sparse image, then add dirty bitmap ===
+=== Create partially sparse image, then add dirty bitmaps ===
 
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=4194304
 wrote 2097152/2097152 bytes at offset 1048576
@@ -XXX,XX +XXX,XX @@ QMP_VERSION
 {"return": {}}
 {"return": {}}
 {"return": {}}
+{"return": {}}
 {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false}}
 
 
 === Write part of the file under active bitmap ===
 
+wrote 512/512 bytes at offset 512
+512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 wrote 2097152/2097152 bytes at offset 2097152
 2 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 
-=== End dirty bitmap, and start serving image over NBD ===
+=== End dirty bitmaps, and start serving image over NBD ===
 
 {"return": {}}
 {"return": {}}
@@ -XXX,XX +XXX,XX @@ wrote 2097152/2097152 bytes at offset 2097152
 {"return": {}}
 {"return": {}}
 {"return": {}}
+{"return": {}}
+{"return": {}}
+{"return": {}}
 
-=== Contrast normal status with dirty-bitmap status ===
+=== Contrast normal status to large granularity dirty-bitmap ===
 
-read 1048576/1048576 bytes at offset 0
-1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+read 512/512 bytes at offset 512
+512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+read 524288/524288 bytes at offset 524288
+512 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 read 1048576/1048576 bytes at offset 1048576
 1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 read 2097152/2097152 bytes at offset 2097152
 2 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-[{ "start": 0, "length": 1048576, "depth": 0, "zero": true, "data": false},
+[{ "start": 0, "length": 4096, "depth": 0, "zero": false, "data": true},
+{ "start": 4096, "length": 1044480, "depth": 0, "zero": true, "data": false},
 { "start": 1048576, "length": 3145728, "depth": 0, "zero": false, "data": true}]
-[{ "start": 0, "length": 2097152, "depth": 0, "zero": false, "data": true},
+[{ "start": 0, "length": 65536, "depth": 0, "zero": false, "data": false},
+{ "start": 65536, "length": 2031616, "depth": 0, "zero": false, "data": true},
+{ "start": 2097152, "length": 2097152, "depth": 0, "zero": false, "data": false}]
+
+=== Contrast to small granularity dirty-bitmap ===
+
+[{ "start": 0, "length": 512, "depth": 0, "zero": false, "data": true},
+{ "start": 512, "length": 512, "depth": 0, "zero": false, "data": false},
+{ "start": 1024, "length": 2096128, "depth": 0, "zero": false, "data": true},
 { "start": 2097152, "length": 2097152, "depth": 0, "zero": false, "data": false}]
 
 === End NBD server ===
@@ -XXX,XX +XXX,XX @@ read 2097152/2097152 bytes at offset 2097152
 {"return": {}}
 {"return": {}}
 {"return": {}}
+{"return": {}}
 *** done
-- 
2.19.1

The following changes since commit ee59483267de29056b5b2ee2421ef3844e5c9932:

Merge tag 'qemu-openbios-20230307' of https://github.com/mcayland/qemu into staging (2023-03-09 16:55:03 +0000)

are available in the Git repository at:

https://repo.or.cz/qemu/kevin.git tags/for-upstream

for you to fetch changes up to ecf8191314798391b1df80bcb829c0ead4f8acc9:

qed: remove spurious BDRV_POLL_WHILE() (2023-03-10 15:14:46 +0100)

----------------------------------------------------------------
Block layer patches

- fuse: Fix fallocate(PUNCH_HOLE) to zero out the range
- qed: remove spurious BDRV_POLL_WHILE()

----------------------------------------------------------------
Hanna Czenczek (2):
      block/fuse: Let PUNCH_HOLE write zeroes
      iotests/308: Add test for 'write -zu'

Stefan Hajnoczi (1):
      qed: remove spurious BDRV_POLL_WHILE()

block/export/fuse.c        | 11 ++++++++++-
 block/qed.c                |  1 -
 tests/qemu-iotests/308     | 43 +++++++++++++++++++++++++++++++++++++++++++
 tests/qemu-iotests/308.out | 35 +++++++++++++++++++++++++++++++++++
 4 files changed, 88 insertions(+), 2 deletions(-)

From: Hanna Czenczek <hreitz@redhat.com>

fallocate(2) says about PUNCH_HOLE: "After a successful call, subsequent
reads from this range will return zeros."  As it is, PUNCH_HOLE is
implemented as a call to blk_pdiscard(), which does not guarantee this.

We must call blk_pwrite_zeroes() instead.  The difference to ZERO_RANGE
is that we pass the `BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK` flags to
the call -- the storage is supposed to be unmapped, and a slow fallback
by actually writing zeroes as data is not allowed.

Closes: https://gitlab.com/qemu-project/qemu/-/issues/1507
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
Message-Id: <20230227104725.33511-2-hreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block/export/fuse.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/block/export/fuse.c b/block/export/fuse.c
index XXXXXXX..XXXXXXX 100644
--- a/block/export/fuse.c
+++ b/block/export/fuse.c
@@ -XXX,XX +XXX,XX @@ static void fuse_fallocate(fuse_req_t req, fuse_ino_t inode, int mode,
         do {
             int size = MIN(length, BDRV_REQUEST_MAX_BYTES);
 
-            ret = blk_pdiscard(exp->common.blk, offset, size);
+            ret = blk_pwrite_zeroes(exp->common.blk, offset, size,
+                                    BDRV_REQ_MAY_UNMAP | BDRV_REQ_NO_FALLBACK);
+            if (ret == -ENOTSUP) {
+                /*
+                 * fallocate() specifies to return EOPNOTSUPP for unsupported
+                 * operations
+                 */
+                ret = -EOPNOTSUPP;
+            }
+
             offset += size;
             length -= size;
         } while (ret == 0 && length > 0);
-- 
2.39.2

From: Hanna Czenczek <hreitz@redhat.com>

Try writing zeroes to a FUSE export while allowing the area to be
unmapped; block/file-posix.c generally implements writing zeroes with
BDRV_REQ_MAY_UNMAP ('write -zu') by calling fallocate(PUNCH_HOLE).  This
used to lead to a blk_pdiscard() in the FUSE export, which may or may
not lead to the area being zeroed.  HEAD^ fixed this to use
blk_pwrite_zeroes() instead (again with BDRV_REQ_MAY_UNMAP), so verify
that running `qemu-io 'write -zu'` on a FUSE exports always results in
zeroes being written.

Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
Message-Id: <20230227104725.33511-3-hreitz@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 tests/qemu-iotests/308     | 43 ++++++++++++++++++++++++++++++++++++++
 tests/qemu-iotests/308.out | 35 +++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+)

diff --git a/tests/qemu-iotests/308 b/tests/qemu-iotests/308
index XXXXXXX..XXXXXXX 100755
--- a/tests/qemu-iotests/308
+++ b/tests/qemu-iotests/308
@@ -XXX,XX +XXX,XX @@ echo
 echo '=== Compare copy with original ==='
 
 $QEMU_IMG compare -f raw -F $IMGFMT "$COPIED_IMG" "$TEST_IMG"
+_cleanup_test_img
+
+echo
+echo '=== Writing zeroes while unmapping ==='
+# Regression test for https://gitlab.com/qemu-project/qemu/-/issues/1507
+_make_test_img 64M
+$QEMU_IO -c 'write -s /dev/urandom 0 64M' "$TEST_IMG" | _filter_qemu_io
+
+_launch_qemu
+_send_qemu_cmd $QEMU_HANDLE \
+    "{'execute': 'qmp_capabilities'}" \
+    'return'
+
+_send_qemu_cmd $QEMU_HANDLE \
+    "{'execute': 'blockdev-add',
+      'arguments': {
+          'driver': '$IMGFMT',
+          'node-name': 'node-format',
+          'file': {
+              'driver': 'file',
+              'filename': '$TEST_IMG'
+          }
+      } }" \
+    'return'
+
+fuse_export_add 'export' "'mountpoint': '$EXT_MP', 'writable': true"
+
+# Try writing zeroes by unmapping
+$QEMU_IO -f raw -c 'write -zu 0 64M' "$EXT_MP" | _filter_qemu_io
+
+# Check the result
+$QEMU_IO -f raw -c 'read -P 0 0 64M' "$EXT_MP" | _filter_qemu_io
+
+_send_qemu_cmd $QEMU_HANDLE \
+    "{'execute': 'quit'}" \
+    'return'
+
+wait=yes _cleanup_qemu
+
+# Check the original image
+$QEMU_IO -c 'read -P 0 0 64M' "$TEST_IMG" | _filter_qemu_io
+
+_cleanup_test_img
 
 # success, all done
 echo "*** done"
diff --git a/tests/qemu-iotests/308.out b/tests/qemu-iotests/308.out
index XXXXXXX..XXXXXXX 100644
--- a/tests/qemu-iotests/308.out
+++ b/tests/qemu-iotests/308.out
@@ -XXX,XX +XXX,XX @@ OK: Post-truncate image size is as expected
 
 === Compare copy with original ===
 Images are identical.
+
+=== Writing zeroes while unmapping ===
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
+wrote 67108864/67108864 bytes at offset 0
+64 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+{'execute': 'qmp_capabilities'}
+{"return": {}}
+{'execute': 'blockdev-add',
+      'arguments': {
+          'driver': 'IMGFMT',
+          'node-name': 'node-format',
+          'file': {
+              'driver': 'file',
+              'filename': 'TEST_DIR/t.IMGFMT'
+          }
+      } }
+{"return": {}}
+{'execute': 'block-export-add',
+          'arguments': {
+              'type': 'fuse',
+              'id': 'export',
+              'node-name': 'node-format',
+              'mountpoint': 'TEST_DIR/t.IMGFMT.fuse', 'writable': true
+          } }
+{"return": {}}
+wrote 67108864/67108864 bytes at offset 0
+64 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+read 67108864/67108864 bytes at offset 0
+64 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+{'execute': 'quit'}
+{"return": {}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "BLOCK_EXPORT_DELETED", "data": {"id": "export"}}
+read 67108864/67108864 bytes at offset 0
+64 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 *** done
-- 
2.39.2