Series comparison

-[PULL 0/8] Block patches
+[PULL 0/1] Block patches
-The following changes since commit 013a18edbbc59cdad019100c7d03c0494642b74c:
+The following changes since commit 661c2e1ab29cd9c4d268ae3f44712e8d421c0e56:
-  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-2020051=
+  scripts/checkpatch: Fix a typo (2025-03-04 09:30:26 +0800)
 ' into staging (2020-05-14 16:17:55 +0100)
 are available in the Git repository at:
-  https://github.com/stefanha/qemu.git tags/block-pull-request
+  https://gitlab.com/stefanha/qemu.git tags/block-pull-request
-for you to fetch changes up to ba607ca8bff4d2c2062902f8355657c865ac7c29:
+for you to fetch changes up to 2ad638a3d160923ef3dbf87c73944e6e44bdc724:
-  aio-posix: disable fdmon-io_uring when GSource is used (2020-05-18 18:16:00=
+  block/qed: fix use-after-free by nullifying timer pointer after free (2025-03-06 10:19:54 +0800)
  +0100)
 ----------------------------------------------------------------
 Pull request
+QED need_check_timer use-after-free fix
 ----------------------------------------------------------------
-Philippe Mathieu-Daud=C3=A9 (6):
+Denis Rastyogin (1):
-  tests/fuzz/Makefile: Do not link code using unavailable devices
+  block/qed: fix use-after-free by nullifying timer pointer after free
   Makefile: List fuzz targets in 'make help'
   tests/fuzz: Add missing space in test description
   tests/fuzz: Remove unuseful/unused typedefs
   tests/fuzz: Extract pciconfig_fuzz_qos() method
   tests/fuzz: Extract ioport_fuzz_qtest() method
-Stefan Hajnoczi (2):
+ block/qed.c | 1 +
-  aio-posix: don't duplicate fd handler deletion in
+file changed, 1 insertion(+)
     fdmon_io_uring_destroy()
   aio-posix: disable fdmon-io_uring when GSource is used
- Makefile                          |  6 +++-
+--
- tests/qtest/fuzz/Makefile.include |  6 ++--
+.48.1
  include/block/aio.h               |  3 ++
  tests/qtest/fuzz/i440fx_fuzz.c    | 47 ++++++++++++++++++++-----------
  util/aio-posix.c                  | 13 +++++++++
  util/aio-win32.c                  |  4 +++
  util/async.c                      |  1 +
  util/fdmon-io_uring.c             | 13 +++++++--
 files changed, 69 insertions(+), 24 deletions(-)
 --=20
 .25.3

-[PULL 1/8] tests/fuzz/Makefile: Do not link code using unavailable devices
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
-Some devices availability depends on CONFIG options.
-Use these options to only link tests when requested device
-is available.
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20200514143433.18569-2-philmd@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- tests/qtest/fuzz/Makefile.include | 6 +++---
-file changed, 3 insertions(+), 3 deletions(-)
-diff --git a/tests/qtest/fuzz/Makefile.include b/tests/qtest/fuzz/Makefile.include
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qtest/fuzz/Makefile.include
-+++ b/tests/qtest/fuzz/Makefile.include
-@@ -XXX,XX +XXX,XX @@ fuzz-obj-y += tests/qtest/fuzz/fork_fuzz.o
- fuzz-obj-y += tests/qtest/fuzz/qos_fuzz.o
- # Targets
--fuzz-obj-y += tests/qtest/fuzz/i440fx_fuzz.o
--fuzz-obj-y += tests/qtest/fuzz/virtio_net_fuzz.o
--fuzz-obj-y += tests/qtest/fuzz/virtio_scsi_fuzz.o
-+fuzz-obj-$(CONFIG_PCI_I440FX) += tests/qtest/fuzz/i440fx_fuzz.o
-+fuzz-obj-$(CONFIG_VIRTIO_NET) += tests/qtest/fuzz/virtio_net_fuzz.o
-+fuzz-obj-$(CONFIG_SCSI) += tests/qtest/fuzz/virtio_scsi_fuzz.o
- FUZZ_CFLAGS += -I$(SRC_PATH)/tests -I$(SRC_PATH)/tests/qtest
---
-.25.3

-[PULL 2/8] Makefile: List fuzz targets in 'make help'
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
-List softmmu fuzz targets in 'make help' output:
-  $ make help
-  ...
-  Architecture specific targets:
-  aarch64-softmmu/all            - Build for aarch64-softmmu
-  aarch64-softmmu/fuzz           - Build fuzzer for aarch64-softmmu
-  alpha-softmmu/all              - Build for alpha-softmmu
-  alpha-softmmu/fuzz             - Build fuzzer for alpha-softmmu
-  arm-softmmu/all                - Build for arm-softmmu
-  arm-softmmu/fuzz               - Build fuzzer for arm-softmmu
-  ...
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20200514143433.18569-3-philmd@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- Makefile | 6 +++++-
-file changed, 5 insertions(+), 1 deletion(-)
-diff --git a/Makefile b/Makefile
-index XXXXXXX..XXXXXXX 100644
---- a/Makefile
-+++ b/Makefile
-@@ -XXX,XX +XXX,XX @@ endif
-     @$(if $(TARGET_DIRS), \
-         echo 'Architecture specific targets:'; \
-         $(foreach t, $(TARGET_DIRS), \
--        $(call print-help-run,$(t)/all,Build for $(t));) \
-+        $(call print-help-run,$(t)/all,Build for $(t)); \
-+        $(if $(CONFIG_FUZZ), \
-+            $(if $(findstring softmmu,$(t)), \
-+                $(call print-help-run,$(t)/fuzz,Build fuzzer for $(t)); \
-+        ))) \
-         echo '')
-     @$(if $(TOOLS), \
-         echo 'Tools targets:'; \
---
-.25.3

-[PULL 3/8] tests/fuzz: Add missing space in test description
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20200514143433.18569-4-philmd@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- tests/qtest/fuzz/i440fx_fuzz.c | 6 +++---
-file changed, 3 insertions(+), 3 deletions(-)
-diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qtest/fuzz/i440fx_fuzz.c
-+++ b/tests/qtest/fuzz/i440fx_fuzz.c
-@@ -XXX,XX +XXX,XX @@ static void register_pci_fuzz_targets(void)
-     /* Uses simple qtest commands and reboots to reset state */
-     fuzz_add_target(&(FuzzTarget){
-                 .name = "i440fx-qtest-reboot-fuzz",
--                .description = "Fuzz the i440fx using raw qtest commands and"
-+                .description = "Fuzz the i440fx using raw qtest commands and "
-                                "rebooting after each run",
-                 .get_init_cmdline = i440fx_argv,
-                 .fuzz = i440fx_fuzz_qtest});
-@@ -XXX,XX +XXX,XX @@ static void register_pci_fuzz_targets(void)
-     /* Uses libqos and forks to prevent state leakage */
-     fuzz_add_qos_target(&(FuzzTarget){
-                 .name = "i440fx-qos-fork-fuzz",
--                .description = "Fuzz the i440fx using raw qtest commands and"
-+                .description = "Fuzz the i440fx using raw qtest commands and "
-                                "rebooting after each run",
-                 .pre_vm_init = &fork_init,
-                 .fuzz = i440fx_fuzz_qos_fork,},
-@@ -XXX,XX +XXX,XX @@ static void register_pci_fuzz_targets(void)
-      */
-     fuzz_add_qos_target(&(FuzzTarget){
-                 .name = "i440fx-qos-noreset-fuzz",
--                .description = "Fuzz the i440fx using raw qtest commands and"
-+                .description = "Fuzz the i440fx using raw qtest commands and "
-                                "rebooting after each run",
-                 .fuzz = i440fx_fuzz_qos,},
-                 "i440FX-pcihost",
---
-.25.3

-[PULL 4/8] tests/fuzz: Remove unuseful/unused typedefs
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
-These typedefs are not used. Use a simple structure,
-remote the typedefs.
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20200514143433.18569-5-philmd@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- tests/qtest/fuzz/i440fx_fuzz.c | 10 ++++------
-file changed, 4 insertions(+), 6 deletions(-)
-diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qtest/fuzz/i440fx_fuzz.c
-+++ b/tests/qtest/fuzz/i440fx_fuzz.c
-@@ -XXX,XX +XXX,XX @@ static void i440fx_fuzz_qtest(QTestState *s,
-      * loop over the Data, breaking it up into actions. each action has an
-      * opcode, address offset and value
-      */
--    typedef struct QTestFuzzAction {
-+    struct {
-         uint8_t opcode;
-         uint8_t addr;
-         uint32_t value;
--    } QTestFuzzAction;
--    QTestFuzzAction a;
-+    } a;
-     while (Size >= sizeof(a)) {
-         /* make a copy of the action so we can normalize the values in-place */
-@@ -XXX,XX +XXX,XX @@ static void i440fx_fuzz_qos(QTestState *s,
-      * Same as i440fx_fuzz_qtest, but using QOS. devfn is incorporated into the
-      * value written over Port IO
-      */
--    typedef struct QOSFuzzAction {
-+    struct {
-         uint8_t opcode;
-         uint8_t offset;
-         int devfn;
-         uint32_t value;
--    } QOSFuzzAction;
-+    } a;
-     static QPCIBus *bus;
-     if (!bus) {
-         bus = qpci_new_pc(s, fuzz_qos_alloc);
-     }
--    QOSFuzzAction a;
-     while (Size >= sizeof(a)) {
-         memcpy(&a, Data, sizeof(a));
-         switch (a.opcode % ACTION_MAX) {
---
-.25.3

-[PULL 5/8] tests/fuzz: Extract pciconfig_fuzz_qos() method
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
-Extract the generic pciconfig_fuzz_qos() method from
-i440fx_fuzz_qos(). This will help to write tests not
-specific to the i440FX controller.
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20200514143433.18569-6-philmd@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- tests/qtest/fuzz/i440fx_fuzz.c | 20 ++++++++++++++------
-file changed, 14 insertions(+), 6 deletions(-)
-diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qtest/fuzz/i440fx_fuzz.c
-+++ b/tests/qtest/fuzz/i440fx_fuzz.c
-@@ -XXX,XX +XXX,XX @@ static void i440fx_fuzz_qtest(QTestState *s,
-     flush_events(s);
- }
--static void i440fx_fuzz_qos(QTestState *s,
-+static void pciconfig_fuzz_qos(QTestState *s, QPCIBus *bus,
-         const unsigned char *Data, size_t Size) {
-     /*
-      * Same as i440fx_fuzz_qtest, but using QOS. devfn is incorporated into the
-@@ -XXX,XX +XXX,XX @@ static void i440fx_fuzz_qos(QTestState *s,
-         uint32_t value;
-     } a;
--    static QPCIBus *bus;
--    if (!bus) {
--        bus = qpci_new_pc(s, fuzz_qos_alloc);
--    }
--
-     while (Size >= sizeof(a)) {
-         memcpy(&a, Data, sizeof(a));
-         switch (a.opcode % ACTION_MAX) {
-@@ -XXX,XX +XXX,XX @@ static void i440fx_fuzz_qos(QTestState *s,
-     flush_events(s);
- }
-+static void i440fx_fuzz_qos(QTestState *s,
-+                            const unsigned char *Data,
-+                            size_t Size)
-+{
-+    static QPCIBus *bus;
-+
-+    if (!bus) {
-+        bus = qpci_new_pc(s, fuzz_qos_alloc);
-+    }
-+
-+    pciconfig_fuzz_qos(s, bus, Data, Size);
-+}
-+
- static void i440fx_fuzz_qos_fork(QTestState *s,
-         const unsigned char *Data, size_t Size) {
-     if (fork() == 0) {
---
-.25.3

-[PULL 6/8] tests/fuzz: Extract ioport_fuzz_qtest() method
+Deleted patch
-From: Philippe Mathieu-Daudé <philmd@redhat.com>
-Extract generic ioport_fuzz_qtest() method from
-i440fx_fuzz_qtest(). This will help to write tests
-not specific to the i440FX controller.
-Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20200514143433.18569-7-philmd@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- tests/qtest/fuzz/i440fx_fuzz.c | 11 +++++++++--
-file changed, 9 insertions(+), 2 deletions(-)
-diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c
-index XXXXXXX..XXXXXXX 100644
---- a/tests/qtest/fuzz/i440fx_fuzz.c
-+++ b/tests/qtest/fuzz/i440fx_fuzz.c
-@@ -XXX,XX +XXX,XX @@ enum action_id {
-     ACTION_MAX
- };
--static void i440fx_fuzz_qtest(QTestState *s,
-+static void ioport_fuzz_qtest(QTestState *s,
-         const unsigned char *Data, size_t Size) {
-     /*
-      * loop over the Data, breaking it up into actions. each action has an
-@@ -XXX,XX +XXX,XX @@ static void i440fx_fuzz_qtest(QTestState *s,
-     flush_events(s);
- }
-+static void i440fx_fuzz_qtest(QTestState *s,
-+                              const unsigned char *Data,
-+                              size_t Size)
-+{
-+    ioport_fuzz_qtest(s, Data, Size);
-+}
-+
- static void pciconfig_fuzz_qos(QTestState *s, QPCIBus *bus,
-         const unsigned char *Data, size_t Size) {
-     /*
--     * Same as i440fx_fuzz_qtest, but using QOS. devfn is incorporated into the
-+     * Same as ioport_fuzz_qtest, but using QOS. devfn is incorporated into the
-      * value written over Port IO
-      */
-     struct {
---
-.25.3

-[PULL 7/8] aio-posix: don't duplicate fd handler deletion in fdmon_io_uring_destroy()
+Deleted patch
-The io_uring file descriptor monitoring implementation has an internal
-list of fd handlers that are pending submission to io_uring.
-fdmon_io_uring_destroy() deletes all fd handlers on the list.
-Don't delete fd handlers directly in fdmon_io_uring_destroy() for two
-reasons:
-. This duplicates the aio-posix.c AioHandler deletion code and could
-   become outdated if the struct changes.
-. Only handlers with the FDMON_IO_URING_REMOVE flag set are safe to
-   remove. If the flag is not set then something still has a pointer to
-   the fd handler. Let aio-posix.c and its user worry about that. In
-   practice this isn't an issue because fdmon_io_uring_destroy() is only
-   called when shutting down so all users have removed their fd
-   handlers, but the next patch will need this!
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Tested-by: Oleksandr Natalenko <oleksandr@redhat.com>
-Message-id: 20200511183630.279750-2-stefanha@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- util/aio-posix.c      |  1 +
- util/fdmon-io_uring.c | 13 ++++++++++---
-files changed, 11 insertions(+), 3 deletions(-)
-diff --git a/util/aio-posix.c b/util/aio-posix.c
-index XXXXXXX..XXXXXXX 100644
---- a/util/aio-posix.c
-+++ b/util/aio-posix.c
-@@ -XXX,XX +XXX,XX @@ void aio_context_destroy(AioContext *ctx)
- {
-     fdmon_io_uring_destroy(ctx);
-     fdmon_epoll_disable(ctx);
-+    aio_free_deleted_handlers(ctx);
- }
- void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns,
-diff --git a/util/fdmon-io_uring.c b/util/fdmon-io_uring.c
-index XXXXXXX..XXXXXXX 100644
---- a/util/fdmon-io_uring.c
-+++ b/util/fdmon-io_uring.c
-@@ -XXX,XX +XXX,XX @@ void fdmon_io_uring_destroy(AioContext *ctx)
-         io_uring_queue_exit(&ctx->fdmon_io_uring);
--        /* No need to submit these anymore, just free them. */
-+        /* Move handlers due to be removed onto the deleted list */
-         while ((node = QSLIST_FIRST_RCU(&ctx->submit_list))) {
-+            unsigned flags = atomic_fetch_and(&node->flags,
-+                    ~(FDMON_IO_URING_PENDING |
-+                      FDMON_IO_URING_ADD |
-+                      FDMON_IO_URING_REMOVE));
-+
-+            if (flags & FDMON_IO_URING_REMOVE) {
-+                QLIST_INSERT_HEAD_RCU(&ctx->deleted_aio_handlers, node, node_deleted);
-+            }
-+
-             QSLIST_REMOVE_HEAD_RCU(&ctx->submit_list, node_submitted);
--            QLIST_REMOVE(node, node);
--            g_free(node);
-         }
-         ctx->fdmon_ops = &fdmon_poll_ops;
---
-.25.3

-[PULL 8/8] aio-posix: disable fdmon-io_uring when GSource is used
+[PULL 1/1] block/qed: fix use-after-free by nullifying timer pointer after free
-The glib event loop does not call fdmon_io_uring_wait() so fd handlers
+From: Denis Rastyogin <gerben@altlinux.org>
 waiting to be submitted build up in the list. There is no benefit is
 using io_uring when the glib GSource is being used, so disable it
 instead of implementing a more complex fix.
-This fixes a memory leak where AioHandlers would build up and increasing
+This error was discovered by fuzzing qemu-img.
 amounts of CPU time were spent iterating them in aio_pending(). The
 symptom is that guests become slow when QEMU is built with io_uring
 support.
-Buglink: https://bugs.launchpad.net/qemu/+bug/1877716
+In the QED block driver, the need_check_timer timer is freed in
-Fixes: 73fd282e7b6dd4e4ea1c3bbb3d302c8db51e4ccf ("aio-posix: add io_uring fd monitoring implementation")
+bdrv_qed_detach_aio_context, but the pointer to the timer is not
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+set to NULL. This can lead to a use-after-free scenario
-Tested-by: Oleksandr Natalenko <oleksandr@redhat.com>
+in bdrv_qed_drain_begin().
-Message-id: 20200511183630.279750-3-stefanha@redhat.com
 The need_check_timer pointer is set to NULL after freeing the timer.
 Which helps catch this condition when checking in bdrv_qed_drain_begin().
 Closes: https://gitlab.com/qemu-project/qemu/-/issues/2852
 Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
 Message-ID: <20250304083927.37681-1-gerben@altlinux.org>
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- include/block/aio.h |  3 +++
+ block/qed.c | 1 +
- util/aio-posix.c    | 12 ++++++++++++
+file changed, 1 insertion(+)
  util/aio-win32.c    |  4 ++++
  util/async.c        |  1 +
 files changed, 20 insertions(+)
-diff --git a/include/block/aio.h b/include/block/aio.h
+diff --git a/block/qed.c b/block/qed.c
 index XXXXXXX..XXXXXXX 100644
---- a/include/block/aio.h
+--- a/block/qed.c
-+++ b/include/block/aio.h
++++ b/block/qed.c
-@@ -XXX,XX +XXX,XX @@ void aio_context_setup(AioContext *ctx);
+@@ -XXX,XX +XXX,XX @@ static void bdrv_qed_detach_aio_context(BlockDriverState *bs)
-  */
- void aio_context_destroy(AioContext *ctx);
+     qed_cancel_need_check_timer(s);
+     timer_free(s->need_check_timer);
-+/* Used internally, do not call outside AioContext code */
++    s->need_check_timer = NULL;
 +void aio_context_use_g_source(AioContext *ctx);
 +
  /**
   * aio_context_set_poll_params:
   * @ctx: the aio context
 diff --git a/util/aio-posix.c b/util/aio-posix.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/aio-posix.c
 +++ b/util/aio-posix.c
@@ -XXX,XX +XXX,XX @@ void aio_context_destroy(AioContext *ctx)
      aio_free_deleted_handlers(ctx);
  }
-+void aio_context_use_g_source(AioContext *ctx)
+ static void bdrv_qed_attach_aio_context(BlockDriverState *bs,
 +{
 +    /*
 +     * Disable io_uring when the glib main loop is used because it doesn't
 +     * support mixed glib/aio_poll() usage. It relies on aio_poll() being
 +     * called regularly so that changes to the monitored file descriptors are
 +     * submitted, otherwise a list of pending fd handlers builds up.
 +     */
 +    fdmon_io_uring_destroy(ctx);
 +    aio_free_deleted_handlers(ctx);
 +}
 +
  void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns,
                                   int64_t grow, int64_t shrink, Error **errp)
  {
 diff --git a/util/aio-win32.c b/util/aio-win32.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/aio-win32.c
 +++ b/util/aio-win32.c
@@ -XXX,XX +XXX,XX @@ void aio_context_destroy(AioContext *ctx)
  {
  }
 +void aio_context_use_g_source(AioContext *ctx)
 +{
 +}
 +
  void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns,
                                   int64_t grow, int64_t shrink, Error **errp)
  {
 diff --git a/util/async.c b/util/async.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/async.c
 +++ b/util/async.c
@@ -XXX,XX +XXX,XX @@ static GSourceFuncs aio_source_funcs = {
  GSource *aio_get_g_source(AioContext *ctx)
  {
 +    aio_context_use_g_source(ctx);
      g_source_ref(&ctx->source);
      return &ctx->source;
  }
 --
-.25.3
+.48.1

The following changes since commit 013a18edbbc59cdad019100c7d03c0494642b74c:

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-2020051=
4' into staging (2020-05-14 16:17:55 +0100)

are available in the Git repository at:

https://github.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to ba607ca8bff4d2c2062902f8355657c865ac7c29:

aio-posix: disable fdmon-io_uring when GSource is used (2020-05-18 18:16:00=
 +0100)

----------------------------------------------------------------
Pull request

----------------------------------------------------------------

Philippe Mathieu-Daud=C3=A9 (6):
  tests/fuzz/Makefile: Do not link code using unavailable devices
  Makefile: List fuzz targets in 'make help'
  tests/fuzz: Add missing space in test description
  tests/fuzz: Remove unuseful/unused typedefs
  tests/fuzz: Extract pciconfig_fuzz_qos() method
  tests/fuzz: Extract ioport_fuzz_qtest() method

Stefan Hajnoczi (2):
  aio-posix: don't duplicate fd handler deletion in
    fdmon_io_uring_destroy()
  aio-posix: disable fdmon-io_uring when GSource is used

--=20
2.25.3