--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package qemu.
The package accumulated a large list of important and security
fixes - either from upstream/stable branch or with debian
packaging.
Here's the annotated changelog (complete debdiff is below):
qemu (2.1+dfsg-8) unstable; urgency=low
[ Michael Tokarev ]
* add Built-Using control field for qemu-user-static package:
take contents of qemu-user ${shlibs:Depends} and transform it
into list of source packages with versions. (Closes: #768926)
This is a difficult one. Since qemu is building static executables
(in qemu-user-static package), it is essential to know which libs
were used to build it, to understand if the given build has security
issues present in these libraries.
After experimenting with this field in busybox package, it was easy
to add it to qemu.
However, we have a prob between x86 buildds and DAK, and this prob is
happening for several days already. The prob is that on x86 buildds,
libc is old for some reason, and when the package is build successfully
it is being rejected by DAK who "thinks" the package has been built
using non-existing version of glibc, because that old version has
already been removed from the archive. I plan to ping the builddd
team about this, the only thing needed is to update x86 buildds to
include a more recent libc.
* run remove-alternatives in qemu-system.postinst (the metapkg)
too, not only in qemu-system-XX.postinst, to handle upgrades
from wheezy (Closes: #768244)
This is handling an upgrade-from-wheezy case with left-over alternatives.
I merely forgot about this case when doing things initially. Alternatives
should be removed completely, they're not used.
* several fixes for debian/qemu-user.1 manpage. It needs more
work, but at least some easy and obvious errors are fixed now.
(Closes: #763841)
Trivial changes for qemu-user manpage.
* migration-fix-parameter-validation-on-ram-load.patch from upstream
(Closes: #769451 CVE-2014-7840)
Another security fix from upstream, from a familiar theme (loading of
migration stream).
* fix x86_64 binfmt mask to allow more values in ELF_OSABI field
(byte7). Current gcc/binfmt sometimes produces binaries with
this field set to 3 (OSABI_GNU) not 0 (OSABI_SYSV) as used to be.
Set mask to 0xfb not 0xff here, to allow 0 (traditional SYSV),
1 (HPUX), 2 (NETBSD) or 3 (GNU). This lets 2 more types than
necessary, but qemu will reject wrong types so no harm is done.
Some other binfmts ignore this field completely (with mask=0).
Maybe some day we'll have 2 different binfmt registrations for
the 2 different ABI types. (Closes: #763043)
This one is a questionable change as it registers qemu for more
executable formats than necessary. However the same is already
done with other architectures (in some cases we don't check this
ELF_OSABI byte at all, by masking it). And it actually fixes a
wide problem, in particular, almost all statically-linked x86
binaries produced by current toolchain hasn't been recognized
by the binfmt registration before this change.
* usb-host-fix-usb_host_speed_compat-tyops.patch -- fix host usb devices
attach, without this patch many USB devices does not work
There's no debian bug# for this (again, I can add one if necessary).
Trivial change from upstream fixing typos in usb device assignment
code, it resulted in essentially most usb devices being unable to
be used inside guest. The problem is important enough to warrant
a bugfix.
* qdev-monitor-fix-segmentation-fault-on-qdev_device_h.patch - trivial
patch from upstream to fix segfault in -device foo,help (Closes: #770880)
Another trivial change from upstream closes a segfault. Not hugely
important issue by itself but having in mind simplicity of fix and
the fact that users will see this prob quite often I think it is worth
to fix it too.
[ Aurelien Jarno ]
* Add tcg-mips-fix-store-softmmu-slow-path.patch from upstream to fix
TCG support on mips/mipsel hosts (Closes: #769470).
An important case -- in previous versions of qemu in debian, mips
emulation was essentially non-functional. This change from upstream
fixes it.
[ Ian Campbell ]
* Backport patch to fix unmapping of persistent grants in the Xen qdisk
backend (Closes: #770468).
This is a xen-specific problem (qemu is used by xen too), basically, xen
support was broken before this patch.
-- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +0300
Please consider unblocking this package.
Thank you!
/mjt
unblock qemu/2.1+dfsg-8
diff -Nru qemu-2.1+dfsg/debian/binfmt-update-in qemu-2.1+dfsg/debian/binfmt-update-in
--- qemu-2.1+dfsg/debian/binfmt-update-in 2014-10-06 19:43:35.000000000 +0400
+++ qemu-2.1+dfsg/debian/binfmt-update-in 2014-11-14 14:45:53.000000000 +0300
@@ -45,7 +45,11 @@
sparc64_magic='\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2b'
sparc64_mask='\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'
x86_64_magic='\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'
-x86_64_mask='\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
+# linux x86_64 ELF_OSABI(byte7) can be 0 (traditional,SYSV) or 3 (GNU/LINUX extensions)
+# binfmt registration does not allow a enum, only value&mask. So we use broader mask
+# to allow both 0 and 3 here, this also lets 1 (HPUX) and 2 (NETBSD) - 0xfb not 0xff
+# alternative is to create 2 magic/mask pairs instead of one
+x86_64_mask='\xff\xff\xff\xff\xff\xfe\xfe\xfb\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
ppc64le_magic='\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x15\x00'
ppc64le_mask='\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\x00'
diff -Nru qemu-2.1+dfsg/debian/changelog qemu-2.1+dfsg/debian/changelog
--- qemu-2.1+dfsg/debian/changelog 2014-11-03 18:58:18.000000000 +0300
+++ qemu-2.1+dfsg/debian/changelog 2014-11-27 18:32:45.000000000 +0300
@@ -1,3 +1,41 @@
+qemu (2.1+dfsg-8) unstable; urgency=low
+
+ [ Michael Tokarev ]
+ * add Built-Using control field for qemu-user-static package:
+ take contents of qemu-user ${shlibs:Depends} and transform it
+ into list of source packages with versions. (Closes: #768926)
+ * run remove-alternatives in qemu-system.postinst (the metapkg)
+ too, not only in qemu-system-XX.postinst, to handle upgrades
+ from wheezy (Closes: #768244)
+ * several fixes for debian/qemu-user.1 manpage. It needs more
+ work, but at least some easy and obvious errors are fixed now.
+ (Closes: #763841)
+ * migration-fix-parameter-validation-on-ram-load.patch from upstream
+ (Closes: #769451 CVE-2014-7840)
+ * fix x86_64 binfmt mask to allow more values in ELF_OSABI field
+ (byte7). Current gcc/binfmt sometimes produces binaries with
+ this field set to 3 (OSABI_GNU) not 0 (OSABI_SYSV) as used to be.
+ Set mask to 0xfb not 0xff here, to allow 0 (traditional SYSV),
+ 1 (HPUX), 2 (NETBSD) or 3 (GNU). This lets 2 more types than
+ necessary, but qemu will reject wrong types so no harm is done.
+ Some other binfmts ignore this field completely (with mask=0).
+ Maybe some day we'll have 2 different binfmt registrations for
+ the 2 different ABI types. (Closes: #763043)
+ * usb-host-fix-usb_host_speed_compat-tyops.patch -- fix host usb devices
+ attach, without this patch many USB devices does not work
+ * qdev-monitor-fix-segmentation-fault-on-qdev_device_h.patch - trivial
+ patch from upstream to fix segfault in -device foo,help (Closes: #770880)
+
+ [ Aurelien Jarno ]
+ * Add tcg-mips-fix-store-softmmu-slow-path.patch from upstream to fix
+ TCG support on mips/mipsel hosts (Closes: #769470).
+
+ [ Ian Campbell ]
+ * Backport patch to fix unmapping of persistent grants in the Xen qdisk
+ backend (Closes: #770468).
+
+ -- Michael Tokarev <mjt@tls.msk.ru> Thu, 27 Nov 2014 18:32:45 +0300
+
qemu (2.1+dfsg-7) unstable; urgency=high
* urgency is high due to 2 security fixes
diff -Nru qemu-2.1+dfsg/debian/control qemu-2.1+dfsg/debian/control
--- qemu-2.1+dfsg/debian/control 2014-11-03 18:08:17.000000000 +0300
+++ qemu-2.1+dfsg/debian/control 2014-11-27 18:33:12.000000000 +0300
@@ -360,6 +360,7 @@
Package: qemu-user-static
Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 mips mipsel powerpc powerpcspe ppc64 ppc64el s390x sparc sparc64 x32
+Built-Using: ${built-using}
Multi-Arch: foreign
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: binfmt-support
diff -Nru qemu-2.1+dfsg/debian/control-in qemu-2.1+dfsg/debian/control-in
--- qemu-2.1+dfsg/debian/control-in 2014-10-23 22:31:35.000000000 +0400
+++ qemu-2.1+dfsg/debian/control-in 2014-11-11 09:32:09.000000000 +0300
@@ -401,6 +401,7 @@
Package: qemu-user-static
Architecture: amd64 arm arm64 armel armhf hppa i386 ia64 mips mipsel powerpc powerpcspe ppc64 ppc64el s390x sparc sparc64 x32
+Built-Using: ${built-using}
Multi-Arch: foreign
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: binfmt-support
diff -Nru qemu-2.1+dfsg/debian/patches/migration-fix-parameter-validation-on-ram-load.patch qemu-2.1+dfsg/debian/patches/migration-fix-parameter-validation-on-ram-load.patch
--- qemu-2.1+dfsg/debian/patches/migration-fix-parameter-validation-on-ram-load.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-2.1+dfsg/debian/patches/migration-fix-parameter-validation-on-ram-load.patch 2014-11-13 22:41:35.000000000 +0300
@@ -0,0 +1,50 @@
+Subject: migration: fix parameter validation on ram load
+From: "Michael S. Tsirkin" <mst@redhat.com>
+Message-Id: <1415785203-26938-2-git-send-email-mst@redhat.com>
+Date: Wed, 12 Nov 2014 11:44:39 +0200
+Bug-Debian: http://bugs.debian.org/769451
+
+During migration, the values read from migration stream during ram load
+are not validated. Especially offset in host_from_stream_offset() and
+also the length of the writes in the callers of said function.
+
+To fix this, we need to make sure that the [offset, offset + length]
+range fits into one of the allocated memory regions.
+
+Validating addr < len should be sufficient since data seems to always be
+managed in TARGET_PAGE_SIZE chunks.
+
+Fixes: CVE-2014-7840
+
+Note: follow-up patches add extra checks on each block->host access.
+
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ arch_init.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/arch_init.c b/arch_init.c
+index 88a5ba0..593a990 100644
+--- a/arch_init.c
++++ b/arch_init.c
+@@ -1006,7 +1006,7 @@ static inline void *host_from_stream_offset(QEMUFile *f,
+ uint8_t len;
+
+ if (flags & RAM_SAVE_FLAG_CONTINUE) {
+- if (!block) {
++ if (!block || block->length <= offset) {
+ error_report("Ack, bad migration stream!");
+ return NULL;
+ }
+@@ -1019,8 +1019,9 @@ static inline void *host_from_stream_offset(QEMUFile *f,
+ id[len] = 0;
+
+ QTAILQ_FOREACH(block, &ram_list.blocks, next) {
+- if (!strncmp(id, block->idstr, sizeof(id)))
++ if (!strncmp(id, block->idstr, sizeof(id)) && block->length > offset) {
+ return memory_region_get_ram_ptr(block->mr) + offset;
++ }
+ }
+
+ error_report("Can't find block %s!", id);
diff -Nru qemu-2.1+dfsg/debian/patches/qdev-monitor-fix-segmentation-fault-on-qdev_device_h.patch qemu-2.1+dfsg/debian/patches/qdev-monitor-fix-segmentation-fault-on-qdev_device_h.patch
--- qemu-2.1+dfsg/debian/patches/qdev-monitor-fix-segmentation-fault-on-qdev_device_h.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-2.1+dfsg/debian/patches/qdev-monitor-fix-segmentation-fault-on-qdev_device_h.patch 2014-11-27 18:29:27.000000000 +0300
@@ -0,0 +1,47 @@
+From 0722eba9450cb8be9713fec1caa0772330739586 Mon Sep 17 00:00:00 2001
+From: Gonglei <arei.gonglei@huawei.com>
+Date: Tue, 16 Sep 2014 10:19:33 +0800
+Subject: qdev-monitor: fix segmentation fault on qdev_device_help()
+Bug-Debian: http://bugs.debian.org/770880
+
+Normally, qmp_device_list_properties() may return NULL when
+a device haven't special properties excpet Object and DeviceState
+properties, such as virtio-balloon-device.
+
+We just need check local_err instead of prop_list.
+
+Example:
+
+Segmentation fault (core dumped)
+
+The backtrace as below:
+
+Program received signal SIGSEGV, Segmentation fault.
+0x00005555559af1a8 in error_get_pretty (err=0x0) at util/error.c:152
+152 return err->msg;
+(gdb) bt
+ func=0x55555574a6ca <device_help_func>, opaque=0x0, abort_on_failure=0) at util/qemu-option.c:1072
+
+Signed-off-by: Gonglei <arei.gonglei@huawei.com>
+Reviewed-by: Markus Armbruster <armbru@redhat.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ qdev-monitor.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/qdev-monitor.c b/qdev-monitor.c
+index fb9ee24..5ec6606 100644
+--- a/qdev-monitor.c
++++ b/qdev-monitor.c
+@@ -206,7 +206,7 @@ int qdev_device_help(QemuOpts *opts)
+ }
+
+ prop_list = qmp_device_list_properties(driver, &local_err);
+- if (!prop_list) {
++ if (local_err) {
+ error_printf("%s\n", error_get_pretty(local_err));
+ error_free(local_err);
+ return 1;
+--
+1.7.10.4
+
diff -Nru qemu-2.1+dfsg/debian/patches/series qemu-2.1+dfsg/debian/patches/series
--- qemu-2.1+dfsg/debian/patches/series 2014-11-03 18:57:05.000000000 +0300
+++ qemu-2.1+dfsg/debian/patches/series 2014-11-27 18:31:16.000000000 +0300
@@ -23,3 +23,9 @@
block-raw-posix-Fix-disk-corruption-in-try_fiemap.patch
block-raw-posix-use-seek_hole-ahead-of-fiemap.patch
+tcg-mips-fix-store-softmmu-slow-path.patch
+# CVE-2014-7840
+migration-fix-parameter-validation-on-ram-load.patch
+usb-host-fix-usb_host_speed_compat-tyops.patch
+xen_disk-fix-unmapping-of-persistent-grants.patch
+qdev-monitor-fix-segmentation-fault-on-qdev_device_h.patch
diff -Nru qemu-2.1+dfsg/debian/patches/tcg-mips-fix-store-softmmu-slow-path.patch qemu-2.1+dfsg/debian/patches/tcg-mips-fix-store-softmmu-slow-path.patch
--- qemu-2.1+dfsg/debian/patches/tcg-mips-fix-store-softmmu-slow-path.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-2.1+dfsg/debian/patches/tcg-mips-fix-store-softmmu-slow-path.patch 2014-11-14 07:00:37.000000000 +0300
@@ -0,0 +1,35 @@
+From 0a2923f8488498000eec54871456aa64a4391da4 Mon Sep 17 00:00:00 2001
+From: Aurelien Jarno <aurelien@aurel32.net>
+Date: Mon, 27 Oct 2014 15:53:35 +0100
+Subject: tcg/mips: fix store softmmu slow path
+Bug-Debian: http://bugs.debian.org/769470
+
+Commit 9d8bf2d1 moved the softmmu slow path out of line and introduce a
+regression at the same time by always calling tcg_out_tlb_load with
+is_load=1. This makes impossible to run any significant code under
+qemu-system-mips*.
+
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: qemu-stable@nongnu.org
+Reviewed-by: Richard Henderson <rth@twiddle.net>
+Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
+---
+ tcg/mips/tcg-target.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tcg/mips/tcg-target.c b/tcg/mips/tcg-target.c
+index 9cce356..b7f4d67 100644
+--- a/tcg/mips/tcg-target.c
++++ b/tcg/mips/tcg-target.c
+@@ -1302,7 +1302,7 @@ static void tcg_out_qemu_st(TCGContext *s, const TCGArg *args, bool is_64)
+ so we can reuse that for the base. */
+ base = (TARGET_LONG_BITS == 32 ? TCG_REG_A1 : TCG_REG_A2);
+ tcg_out_tlb_load(s, base, addr_regl, addr_regh, mem_index,
+- s_bits, label_ptr, 1);
++ s_bits, label_ptr, 0);
+ tcg_out_qemu_st_direct(s, data_regl, data_regh, base, opc);
+ add_qemu_ldst_label(s, 0, opc, data_regl, data_regh, addr_regl, addr_regh,
+ mem_index, s->code_ptr, label_ptr);
+--
+2.1.3
+
diff -Nru qemu-2.1+dfsg/debian/patches/usb-host-fix-usb_host_speed_compat-tyops.patch qemu-2.1+dfsg/debian/patches/usb-host-fix-usb_host_speed_compat-tyops.patch
--- qemu-2.1+dfsg/debian/patches/usb-host-fix-usb_host_speed_compat-tyops.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-2.1+dfsg/debian/patches/usb-host-fix-usb_host_speed_compat-tyops.patch 2014-11-27 14:15:05.000000000 +0300
@@ -0,0 +1,35 @@
+From 79ae25af1569a50a0ec799901a1bb280c088f121 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 10 Nov 2014 12:14:22 +0100
+Subject: usb-host: fix usb_host_speed_compat tyops
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Gonglei <arei.gonglei@huawei.com>
+---
+ hw/usb/host-libusb.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c
+index 032a0e4..a5f9dab 100644
+--- a/hw/usb/host-libusb.c
++++ b/hw/usb/host-libusb.c
+@@ -749,13 +749,13 @@ static void usb_host_speed_compat(USBHostDevice *s)
+
+ udev->speedmask = (1 << udev->speed);
+ if (udev->speed == USB_SPEED_SUPER && compat_high) {
+- udev->speedmask |= USB_SPEED_HIGH;
++ udev->speedmask |= USB_SPEED_MASK_HIGH;
+ }
+ if (udev->speed == USB_SPEED_SUPER && compat_full) {
+- udev->speedmask |= USB_SPEED_FULL;
++ udev->speedmask |= USB_SPEED_MASK_FULL;
+ }
+ if (udev->speed == USB_SPEED_HIGH && compat_full) {
+- udev->speedmask |= USB_SPEED_FULL;
++ udev->speedmask |= USB_SPEED_MASK_FULL;
+ }
+ }
+
+--
+1.7.10.4
+
diff -Nru qemu-2.1+dfsg/debian/patches/xen_disk-fix-unmapping-of-persistent-grants.patch qemu-2.1+dfsg/debian/patches/xen_disk-fix-unmapping-of-persistent-grants.patch
--- qemu-2.1+dfsg/debian/patches/xen_disk-fix-unmapping-of-persistent-grants.patch 1970-01-01 03:00:00.000000000 +0300
+++ qemu-2.1+dfsg/debian/patches/xen_disk-fix-unmapping-of-persistent-grants.patch 2014-11-27 18:04:41.000000000 +0300
@@ -0,0 +1,174 @@
+From 2f01dfacb56bc7a0d4639adc9dff9aae131e6216 Mon Sep 17 00:00:00 2001
+From: Roger Pau Monne <roger.pau@citrix.com>
+Date: Thu, 13 Nov 2014 18:42:09 +0100
+Subject: xen_disk: fix unmapping of persistent grants
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Bug-Debian: http://bugs.debian.org/770468
+
+This patch fixes two issues with persistent grants and the disk PV backend
+(Qdisk):
+
+ - Keep track of memory regions where persistent grants have been mapped
+ since we need to unmap them as a whole. It is not possible to unmap a
+ single grant if it has been batch-mapped. A new check has also been added
+ to make sure persistent grants are only used if the whole mapped region
+ can be persistently mapped in the batch_maps case.
+ - Unmap persistent grants before switching to the closed state, so the
+ frontend can also free them.
+
+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
+Reported-by: George Dunlap <george.dunlap@eu.citrix.com>
+Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Cc: Kevin Wolf <kwolf@redhat.com>
+Cc: Stefan Hajnoczi <stefanha@redhat.com>
+Cc: George Dunlap <george.dunlap@eu.citrix.com>
+Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+---
+ hw/block/xen_disk.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 66 insertions(+), 6 deletions(-)
+
+diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
+index 231e9a7..21842a0 100644
+--- a/hw/block/xen_disk.c
++++ b/hw/block/xen_disk.c
+@@ -59,6 +59,13 @@ struct PersistentGrant {
+
+ typedef struct PersistentGrant PersistentGrant;
+
++struct PersistentRegion {
++ void *addr;
++ int num;
++};
++
++typedef struct PersistentRegion PersistentRegion;
++
+ struct ioreq {
+ blkif_request_t req;
+ int16_t status;
+@@ -118,6 +125,7 @@ struct XenBlkDev {
+ gboolean feature_discard;
+ gboolean feature_persistent;
+ GTree *persistent_gnts;
++ GSList *persistent_regions;
+ unsigned int persistent_gnt_count;
+ unsigned int max_grants;
+
+@@ -177,6 +185,23 @@ static void destroy_grant(gpointer pgnt)
+ g_free(grant);
+ }
+
++static void remove_persistent_region(gpointer data, gpointer dev)
++{
++ PersistentRegion *region = data;
++ struct XenBlkDev *blkdev = dev;
++ XenGnttab gnt = blkdev->xendev.gnttabdev;
++
++ if (xc_gnttab_munmap(gnt, region->addr, region->num) != 0) {
++ xen_be_printf(&blkdev->xendev, 0,
++ "xc_gnttab_munmap region %p failed: %s\n",
++ region->addr, strerror(errno));
++ }
++ xen_be_printf(&blkdev->xendev, 3,
++ "unmapped grant region %p with %d pages\n",
++ region->addr, region->num);
++ g_free(region);
++}
++
+ static struct ioreq *ioreq_start(struct XenBlkDev *blkdev)
+ {
+ struct ioreq *ioreq = NULL;
+@@ -343,6 +368,7 @@ static int ioreq_map(struct ioreq *ioreq)
+ void *page[BLKIF_MAX_SEGMENTS_PER_REQUEST];
+ int i, j, new_maps = 0;
+ PersistentGrant *grant;
++ PersistentRegion *region;
+ /* domids and refs variables will contain the information necessary
+ * to map the grants that are needed to fulfill this request.
+ *
+@@ -421,7 +447,22 @@ static int ioreq_map(struct ioreq *ioreq)
+ }
+ }
+ }
+- if (ioreq->blkdev->feature_persistent) {
++ if (ioreq->blkdev->feature_persistent && new_maps != 0 &&
++ (!batch_maps || (ioreq->blkdev->persistent_gnt_count + new_maps <=
++ ioreq->blkdev->max_grants))) {
++ /*
++ * If we are using persistent grants and batch mappings only
++ * add the new maps to the list of persistent grants if the whole
++ * area can be persistently mapped.
++ */
++ if (batch_maps) {
++ region = g_malloc0(sizeof(*region));
++ region->addr = ioreq->pages;
++ region->num = new_maps;
++ ioreq->blkdev->persistent_regions = g_slist_append(
++ ioreq->blkdev->persistent_regions,
++ region);
++ }
+ while ((ioreq->blkdev->persistent_gnt_count < ioreq->blkdev->max_grants)
+ && new_maps) {
+ /* Go through the list of newly mapped grants and add as many
+@@ -447,6 +488,7 @@ static int ioreq_map(struct ioreq *ioreq)
+ grant);
+ ioreq->blkdev->persistent_gnt_count++;
+ }
++ assert(!batch_maps || new_maps == 0);
+ }
+ for (i = 0; i < ioreq->v.niov; i++) {
+ ioreq->v.iov[i].iov_base += (uintptr_t)page[i];
+@@ -971,7 +1013,10 @@ static int blk_connect(struct XenDevice *xendev)
+ blkdev->max_grants = max_requests * BLKIF_MAX_SEGMENTS_PER_REQUEST;
+ blkdev->persistent_gnts = g_tree_new_full((GCompareDataFunc)int_cmp,
+ NULL, NULL,
++ batch_maps ?
++ (GDestroyNotify)g_free :
+ (GDestroyNotify)destroy_grant);
++ blkdev->persistent_regions = NULL;
+ blkdev->persistent_gnt_count = 0;
+ }
+
+@@ -1000,6 +1045,26 @@ static void blk_disconnect(struct XenDevice *xendev)
+ blkdev->cnt_map--;
+ blkdev->sring = NULL;
+ }
++
++ /*
++ * Unmap persistent grants before switching to the closed state
++ * so the frontend can free them.
++ *
++ * In the !batch_maps case g_tree_destroy will take care of unmapping
++ * the grant, but in the batch_maps case we need to iterate over every
++ * region in persistent_regions and unmap it.
++ */
++ if (blkdev->feature_persistent) {
++ g_tree_destroy(blkdev->persistent_gnts);
++ assert(batch_maps || blkdev->persistent_gnt_count == 0);
++ if (batch_maps) {
++ blkdev->persistent_gnt_count = 0;
++ g_slist_foreach(blkdev->persistent_regions,
++ (GFunc)remove_persistent_region, blkdev);
++ g_slist_free(blkdev->persistent_regions);
++ }
++ blkdev->feature_persistent = false;
++ }
+ }
+
+ static int blk_free(struct XenDevice *xendev)
+@@ -1011,11 +1076,6 @@ static int blk_free(struct XenDevice *xendev)
+ blk_disconnect(xendev);
+ }
+
+- /* Free persistent grants */
+- if (blkdev->feature_persistent) {
+- g_tree_destroy(blkdev->persistent_gnts);
+- }
+-
+ while (!QLIST_EMPTY(&blkdev->freelist)) {
+ ioreq = QLIST_FIRST(&blkdev->freelist);
+ QLIST_REMOVE(ioreq, list);
+--
+1.7.10.4
+
diff -Nru qemu-2.1+dfsg/debian/qemu-user.1 qemu-2.1+dfsg/debian/qemu-user.1
--- qemu-2.1+dfsg/debian/qemu-user.1 2014-04-05 14:04:18.000000000 +0400
+++ qemu-2.1+dfsg/debian/qemu-user.1 2014-11-11 10:17:38.000000000 +0300
@@ -1,9 +1,8 @@
-.\" $Id: qemu-user.1 234 2007-02-07 22:57:18Z guillem $
.TH qemu\-user 1 2007-02-08 "0.9.0" Debian
.SH NAME
qemu\-user \- QEMU User Emulator
.SH SYNOPSIS
-.B qemu\-user
+.BI qemu\- user
.RI [ options ]
.I program
.RI [ program-arguments... ]
@@ -21,7 +20,7 @@
Wait gdb connection to port 1234.
.TP
.BR \-L " \fI<path>\fP"
-Set the elf interpreter prefix (default=\fI/usr/gnemul/qemu\-arm\fP).
+Set the elf interpreter prefix (default=\fI/etc/qemu\-binfmt/%M\fP).
.TP
.BR \-s " \fI<size>\fP"
Set the stack size in bytes (default=\fI524288\fP).
@@ -32,7 +31,7 @@
.BR \-p " \fI<pagesize>\fP"
Set the host page size to 'pagesize'.
.SH SEE ALSO
-.BR qemu (1),
-.BR qemu\-img (1).
+.BR qemu-system (1)
+(in qemu-system-common package).
.SH AUTHOR
This manual page was written by Guillem Jover <guillem@debian.org>.
diff -Nru qemu-2.1+dfsg/debian/rules qemu-2.1+dfsg/debian/rules
--- qemu-2.1+dfsg/debian/rules 2014-10-06 11:08:13.000000000 +0400
+++ qemu-2.1+dfsg/debian/rules 2014-11-14 06:59:00.000000000 +0300
@@ -146,7 +146,8 @@
binary: install
define inst-system
-# remove alternatives for jessie+1
+# remove alternatives handling for jessie+1
+# remove alternatives in system-$1 for testing->jessie upgrade path
sed 's/@ARCH@/${sysarch_$1}/' debian/qemu-system-alternatives.in > debian/qemu-system-$1.postinst.debhelper
mkdir -p debian/qemu-system-$1/usr/share/man/man1 debian/qemu-system-$1/usr/bin
for t in ${sysarch_$1}; do \
@@ -174,6 +175,9 @@
# qemu-system subpackages
mv debian/tmp/usr/share/man/man1/qemu.1 debian/tmp/usr/share/man/man1/qemu-system.1
$(foreach s,${systems},$(call inst-system,$s))
+# remove alternatives handling for jessie+1
+# remove alternatives in qemu-system (metapkg) for wheezy->jessie upgrade path
+ sed 's/@ARCH@/${system_targets}/' debian/qemu-system-alternatives.in > debian/qemu-system.postinst.debhelper
ifeq ($(DEB_HOST_ARCH_OS),linux)
@@ -264,6 +268,18 @@
dh_fixperms ${ai}
dh_installdeb ${ai}
dh_shlibdeps ${ai}
+ifeq ($(enable_linux_user),enable)
+# after shlibdeps finished, grab ${shlibs:Depends} from -user package
+# and transform it into Built-Using field for -user-static.
+# See also dpkg-query bug #588505
+ if [ -f debian/qemu-user.substvars ]; then \
+ pkgs=$$(sed -n -e's/([^)]*)//g' -e's/,//g' -e's/^shlibs:Depends=//p' debian/qemu-user.substvars); \
+ srcs=; for p in $$pkgs; do \
+ srcs="$$srcs $$(dpkg-query -f '$${source:Package} (= $${source:Version}),' -W $$p)"; \
+ done ; \
+ echo "built-using=$$srcs" >> debian/qemu-user-static.substvars ; \
+ fi
+endif
dh_gencontrol ${ai}
dh_md5sums ${ai}
dh_builddeb ${ai}
--- End Message ---