Re: [Qemu-devel] [PATCH 00/79] Patch Round-up for stable 2.9.1, freeze on 2017-09-04

[Peter Maydell]

On 29 August 2017 at 01:13, Michael Roth  wrote:
> Hi everyone,
>
> The following new patches are queued for QEMU stable v2.9.1:
>
>   https://github.com/mdroth/qemu/commits/stable-2.9-staging
>
> The release is planned for 2017-09-07:
>
>   http://wiki.qemu.org/Planning/2.9
>
> Please respond here or CC qemu-sta...@nongnu.org on any patches you
> think should be included in the release.
>
> Testing/feedback is greatly appreciated.

If it's not too late for this stable release, you might consider
3e4d91b94ce400326fae0850578d9e9f30a71adb
(which just hit master).

This is a pretty long-standing bug, so it's not the end of
the world if it doesn't get in, but it does fix a bug which
was causing real-world FreeBSD AArch64 guest binaries to segfault:
https://bugs.launchpad.net/qemu/+bug/1711316
https://bugs.launchpad.net/qemu/+bug/1713066

thanks
-- PMM

Re: [Qemu-devel] [PATCH 00/79] Patch Round-up for stable 2.9.1, freeze on 2017-09-04

[Michael Roth]

Quoting Michael Roth (2017-08-31 13:00:00)
> Quoting Michael Roth (2017-08-28 19:13:35)
> > Hi everyone,
> > 
> > The following new patches are queued for QEMU stable v2.9.1:
> > 
> >   
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_mdroth_qemu_commits_stable-2D2.9-2Dstaging=DwIFaQ=jf_iaSHvJObTbx-siA1ZOg=sThPI1c0u5x-3sg5Nw8wNqjg_5Z5xLzfPGC18E94zn8=hoyg_NnavbPJKZEF_zct-EdpBD-Nb3rhYLms_7k54A4=dc2xpZH9f2d88cyYQblkq-w_a99BSN8i6ypQkAYf5Pw=
> >  
> 
> Thank you for the recommendations. Branch updated with the following
> additional patches:
> 
>  s390-ccw: Fix alignment for CCW1
>  vnc: Set default kbd delay to 10ms
>  qemu-nbd: Ignore SIGPIPE
>  usb-redir: fix stack overflow in usbredir_log_data
>  megasas: do not read SCSI req parameters more than once from frame
>  megasas: do not read command more than once from frame
>  megasas: do not read DCMD opcode more than once from frame
>  megasas: do not read iovec count more than once from frame
>  megasas: do not read sense length more than once from frame
>  9pfs: local: forbid client access to metadata (CVE-2017-7493)
>  scsi: avoid an off-by-one error in megasas_mmio_write
>  audio: release capture buffers
>  vmw_pvscsi: check message ring page count at initialisation
>  hw/ppc/spapr_iommu: Fix crash when removing the "spapr-tce-table" device
>  hw/ppc/spapr_rtc: Mark the RTC device with user_creatable = false
>  qdev: Replace cannot_instantiate_with_device_add_yet with !user_creatable
>  fix qemu-system-unicore32 crashing when calling without -kernel
>  hw/s390x/ipl: Fix crash with virtio-scsi-pci device
>  slirp: fix clearing ifq_so from pending packets
>  slirp: tftp, copy sockaddr_size
>  monitor: Check whether TCG is enabled before running the "info jit" code
>  target-s390x: Mask the SIGP order_code to 8bit.
> 

Branch updated with the following additional patches:

  exec: Add lock parameter to qemu_ram_ptr_length
  xen/mapcache: store dma information in revmapcache entries for debugging
  exec: use qemu_ram_ptr_length to access guest ram
  xhci: only update dequeue ptr on completed transfers
  vl.c/exit: pause cpus before closing block devices
  PPC: E500: update u-boot to match shipped binary

> 

Re: [Qemu-devel] [PATCH 00/79] Patch Round-up for stable 2.9.1, freeze on 2017-09-04

[Michael Roth]

Quoting Michael Roth (2017-08-28 19:13:35)
> Hi everyone,
> 
> The following new patches are queued for QEMU stable v2.9.1:
> 
>   https://github.com/mdroth/qemu/commits/stable-2.9-staging

Thank you for the recommendations. Branch updated with the following
additional patches:

 s390-ccw: Fix alignment for CCW1
 vnc: Set default kbd delay to 10ms
 qemu-nbd: Ignore SIGPIPE
 usb-redir: fix stack overflow in usbredir_log_data
 megasas: do not read SCSI req parameters more than once from frame
 megasas: do not read command more than once from frame
 megasas: do not read DCMD opcode more than once from frame
 megasas: do not read iovec count more than once from frame
 megasas: do not read sense length more than once from frame
 9pfs: local: forbid client access to metadata (CVE-2017-7493)
 scsi: avoid an off-by-one error in megasas_mmio_write
 audio: release capture buffers
 vmw_pvscsi: check message ring page count at initialisation
 hw/ppc/spapr_iommu: Fix crash when removing the "spapr-tce-table" device
 hw/ppc/spapr_rtc: Mark the RTC device with user_creatable = false
 qdev: Replace cannot_instantiate_with_device_add_yet with !user_creatable
 fix qemu-system-unicore32 crashing when calling without -kernel
 hw/s390x/ipl: Fix crash with virtio-scsi-pci device
 slirp: fix clearing ifq_so from pending packets
 slirp: tftp, copy sockaddr_size
 monitor: Check whether TCG is enabled before running the "info jit" code
 target-s390x: Mask the SIGP order_code to 8bit.

Re: [Qemu-devel] [PATCH 00/79] Patch Round-up for stable 2.9.1, freeze on 2017-09-04

[Michael Roth]

Quoting Peter Maydell (2017-08-31 12:07:08)
> On 31 August 2017 at 17:42, Michael Roth  wrote:
> > Quoting Thomas Huth (2017-08-28 21:18:20)
> >> Not sure, but maybe the following patch should be included, too, since
> >> there were some bogus files in the old version of the U-Boot sources:
> >>
> >> 73663d71ef2bab201475d58e - PPC: E500: Update u-boot to v2017.07
> >
> > Do you have more background on any issues caused by these bogus files?
> > As it stands I think I would opt not to update unless there are specific
> > user-visible bugs we're trying to address which warrant the risk of any
> > regressions which might get pulled in in the process.
> 
> These are the relevant threads:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.gnu.org_archive_html_qemu-2Ddiscuss_2017-2D07_msg5.html=DwIBaQ=jf_iaSHvJObTbx-siA1ZOg=sThPI1c0u5x-3sg5Nw8wNqjg_5Z5xLzfPGC18E94zn8=QzqXTgvEiqKKSlIJgVfNCEiYXPQ5oVFxHFdUcgtf_L8=4BVFXlpHawdLmHljZCHMSNEVaj8JzUuNJw6HgKZzvn0=
>  
> and
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.gnu.org_archive_html_qemu-2Ddevel_2017-2D07_msg02956.html=DwIBaQ=jf_iaSHvJObTbx-siA1ZOg=sThPI1c0u5x-3sg5Nw8wNqjg_5Z5xLzfPGC18E94zn8=QzqXTgvEiqKKSlIJgVfNCEiYXPQ5oVFxHFdUcgtf_L8=iO72EaulRM4jy_9QBnIcqH5K_hIWtAmBOMqy6QORs2M=
>  
> 
> The summary is
> (1) one of the u-boot source files which is distributed as part
> of the QEMU tarball has a comment which makes it a bit unclear
> whether it's something that's redistributable (the source file
> isn't actually used in the u-boot target we care about)
> (2) the u-boot binary blob we were shipping doesn't correspond
> to the sources we were shipping
> 
> and we fixed those in master by updating the blob and the
> submodule to the most recent u-boot.
> 
> I guess the low-risk fix for the stable branch would be to
> update the u-boot submodule to 79c884d7e4 as suggested in
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.gnu.org_archive_html_qemu-2Ddevel_2017-2D07_msg03174.html=DwIBaQ=jf_iaSHvJObTbx-siA1ZOg=sThPI1c0u5x-3sg5Nw8wNqjg_5Z5xLzfPGC18E94zn8=QzqXTgvEiqKKSlIJgVfNCEiYXPQ5oVFxHFdUcgtf_L8=WY3VTHQGDP63Rw7hykVtVSbAqb8db-of8rkUG3hrlUg=
>  
> which would bring the distributed sources into line with
> the binary blob in stable, so no need to change the
> blob we're distributing. I think it makes sense to do that
> for stable.

Thanks for the background/suggestion, I think I'll take this
approach.

> 
> thanks
> -- PMM
> 

Re: [Qemu-devel] [PATCH 00/79] Patch Round-up for stable 2.9.1, freeze on 2017-09-04

[Peter Maydell]

On 31 August 2017 at 17:42, Michael Roth  wrote:
> Quoting Thomas Huth (2017-08-28 21:18:20)
>> Not sure, but maybe the following patch should be included, too, since
>> there were some bogus files in the old version of the U-Boot sources:
>>
>> 73663d71ef2bab201475d58e - PPC: E500: Update u-boot to v2017.07
>
> Do you have more background on any issues caused by these bogus files?
> As it stands I think I would opt not to update unless there are specific
> user-visible bugs we're trying to address which warrant the risk of any
> regressions which might get pulled in in the process.

These are the relevant threads:
https://lists.gnu.org/archive/html/qemu-discuss/2017-07/msg5.html
and
https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg02956.html

The summary is
(1) one of the u-boot source files which is distributed as part
of the QEMU tarball has a comment which makes it a bit unclear
whether it's something that's redistributable (the source file
isn't actually used in the u-boot target we care about)
(2) the u-boot binary blob we were shipping doesn't correspond
to the sources we were shipping

and we fixed those in master by updating the blob and the
submodule to the most recent u-boot.

I guess the low-risk fix for the stable branch would be to
update the u-boot submodule to 79c884d7e4 as suggested in
https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03174.html
which would bring the distributed sources into line with
the binary blob in stable, so no need to change the
blob we're distributing. I think it makes sense to do that
for stable.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 00/79] Patch Round-up for stable 2.9.1, freeze on 2017-09-04

[Michael Roth]

Quoting Thomas Huth (2017-08-28 21:18:20)
> On 29.08.2017 02:13, Michael Roth wrote:
> > Hi everyone,
> > 
> > The following new patches are queued for QEMU stable v2.9.1:
> > 
> >   
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_mdroth_qemu_commits_stable-2D2.9-2Dstaging=DwIDaQ=jf_iaSHvJObTbx-siA1ZOg=sThPI1c0u5x-3sg5Nw8wNqjg_5Z5xLzfPGC18E94zn8=Id5ItcTzhCqn35tC8JynLtLuRcfupmsTlJGwTYEDdIg=fqHIfooeKQPNEWX7AqyC93OMzAs-U-UwZ6Yu0trfn0Y=
> >  
> > 
> > The release is planned for 2017-09-07:
> > 
> >   
> > https://urldefense.proofpoint.com/v2/url?u=http-3A__wiki.qemu.org_Planning_2.9=DwIDaQ=jf_iaSHvJObTbx-siA1ZOg=sThPI1c0u5x-3sg5Nw8wNqjg_5Z5xLzfPGC18E94zn8=Id5ItcTzhCqn35tC8JynLtLuRcfupmsTlJGwTYEDdIg=RVxHUyHJDN1hk2AsMfiZmguXpEhz0pFHGijG75NIReY=
> >  
> > 
> > Please respond here or CC qemu-sta...@nongnu.org on any patches you
> > think should be included in the release.
> 
> I'd like to suggest the following patches:
> 
> 601b9a9008c5a612d76073bb - target-s390x: Mask the SIGP order_code ...
> b7da97eef74bf834be244de0 - monitor: Check whether TCG is enabled ...
> 17eb587aeb492fe68f8130b0 - slirp: tftp, copy sockaddr_size
> 99efaa2696caaf6182958e27 - hw/s390x/ipl: Fix crash with ...
> 36bed541ca886da735bef1e8 - fix qemu-system-unicore32 crashing ...
> b190f477e29c7cd03a8fee49 - qemu-system-tricore: segfault when ...
> 8ff9dd7ba24c7a788611 - hw/ppc/spapr_rtc: Mark the RTC device ...
> 1f98e55385d11da1dc0de644 - hw/ppc/spapr_iommu: Fix crash when ...
> 
> Not sure, but maybe the following patch should be included, too, since
> there were some bogus files in the old version of the U-Boot sources:
> 
> 73663d71ef2bab201475d58e - PPC: E500: Update u-boot to v2017.07

Do you have more background on any issues caused by these bogus files?
As it stands I think I would opt not to update unless there are specific
user-visible bugs we're trying to address which warrant the risk of any
regressions which might get pulled in in the process.

> 
>  Thomas
> 

Re: [Qemu-devel] [PATCH 00/79] Patch Round-up for stable 2.9.1, freeze on 2017-09-04

[Peter Maydell]

On 29 August 2017 at 01:13, Michael Roth  wrote:
> Hi everyone,
>
> The following new patches are queued for QEMU stable v2.9.1:
>
>   https://github.com/mdroth/qemu/commits/stable-2.9-staging
>
> The release is planned for 2017-09-07:
>
>   http://wiki.qemu.org/Planning/2.9
>
> Please respond here or CC qemu-sta...@nongnu.org on any patches you
> think should be included in the release.

I would suggest also commit 1201d308519f1e915866d7583d5136d03cc1d384
("slirp: fix clearing ifq_so from pending packets") which I've
just applied to master, as it fixes a use-after-free if the
guest sends suitable bogus packets and the VM is using slirp
networking.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 00/79] Patch Round-up for stable 2.9.1, freeze on 2017-09-04

[Cole Robinson]

On 08/28/2017 08:13 PM, Michael Roth wrote:
> Hi everyone,
> 
> The following new patches are queued for QEMU stable v2.9.1:
> 
>   https://github.com/mdroth/qemu/commits/stable-2.9-staging
> 
> The release is planned for 2017-09-07:
> 
>   http://wiki.qemu.org/Planning/2.9
> 
> Please respond here or CC qemu-sta...@nongnu.org on any patches you
> think should be included in the release.
> 

Here's extra patches we are carrying for Fedora 26:

Applying: vmw_pvscsi: check message ring page count at initialisation
Applying: audio: release capture buffers
Applying: scsi: avoid an off-by-one error in megasas_mmio_write
Applying: 9pfs: local: forbid client access to metadata (CVE-2017-7493)
Applying: megasas: do not read sense length more than once from frame
Applying: megasas: do not read iovec count more than once from frame
Applying: megasas: do not read DCMD opcode more than once from frame
Applying: megasas: do not read command more than once from frame
Applying: megasas: do not read SCSI req parameters more than once from frame
Applying: megasas: always store SCSIRequest* into MegasasCmd
Applying: usb-redir: fix stack overflow in usbredir_log_data
Applying: qemu-nbd: Ignore SIGPIPE
Applying: vnc: Set default kbd delay to 10ms


The last one was part of agraf's input fixes, not sure if it's strictly
required to fix the root issue but when all 3 patches were applied it fixed
fedora's automated QA system.

The rest of the patches are for CVEs but not sure about the severity

Thanks,
Cole

Re: [Qemu-devel] [PATCH 00/79] Patch Round-up for stable 2.9.1, freeze on 2017-09-04

[Cornelia Huck]

On Tue, 29 Aug 2017 04:18:20 +0200
Thomas Huth  wrote:

> On 29.08.2017 02:13, Michael Roth wrote:
> > Hi everyone,
> > 
> > The following new patches are queued for QEMU stable v2.9.1:
> > 
> >   https://github.com/mdroth/qemu/commits/stable-2.9-staging
> > 
> > The release is planned for 2017-09-07:
> > 
> >   http://wiki.qemu.org/Planning/2.9
> > 
> > Please respond here or CC qemu-sta...@nongnu.org on any patches you
> > think should be included in the release.  
> 
> I'd like to suggest the following patches:
> 
> 601b9a9008c5a612d76073bb - target-s390x: Mask the SIGP order_code ...

> 99efaa2696caaf6182958e27 - hw/s390x/ipl: Fix crash with ...

Agreed on the s390x patches.

Re: [Qemu-devel] [PATCH 00/79] Patch Round-up for stable 2.9.1, freeze on 2017-09-04

[Thomas Huth]

On 29.08.2017 02:13, Michael Roth wrote:
> Hi everyone,
> 
> The following new patches are queued for QEMU stable v2.9.1:
> 
>   https://github.com/mdroth/qemu/commits/stable-2.9-staging
> 
> The release is planned for 2017-09-07:
> 
>   http://wiki.qemu.org/Planning/2.9
> 
> Please respond here or CC qemu-sta...@nongnu.org on any patches you
> think should be included in the release.

I'd like to suggest the following patches:

601b9a9008c5a612d76073bb - target-s390x: Mask the SIGP order_code ...
b7da97eef74bf834be244de0 - monitor: Check whether TCG is enabled ...
17eb587aeb492fe68f8130b0 - slirp: tftp, copy sockaddr_size
99efaa2696caaf6182958e27 - hw/s390x/ipl: Fix crash with ...
36bed541ca886da735bef1e8 - fix qemu-system-unicore32 crashing ...
b190f477e29c7cd03a8fee49 - qemu-system-tricore: segfault when ...
8ff9dd7ba24c7a788611 - hw/ppc/spapr_rtc: Mark the RTC device ...
1f98e55385d11da1dc0de644 - hw/ppc/spapr_iommu: Fix crash when ...

Not sure, but maybe the following patch should be included, too, since
there were some bogus files in the old version of the U-Boot sources:

73663d71ef2bab201475d58e - PPC: E500: Update u-boot to v2017.07

 Thomas

Re: [Qemu-devel] [PATCH 00/79] Patch Round-up for stable 2.9.1, freeze on 2017-09-04

[Michael Roth]

Quoting Michael Roth (2017-08-28 19:13:35)
> Hi everyone,
> 
> The following new patches are queued for QEMU stable v2.9.1:
> 
>   
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_mdroth_qemu_commits_stable-2D2.9-2Dstaging=DwIFaQ=jf_iaSHvJObTbx-siA1ZOg=sThPI1c0u5x-3sg5Nw8wNqjg_5Z5xLzfPGC18E94zn8=Mw1bU8iEiV5THnZe_RluoHefJMDFgKus3DOUY40AbVA=wB11-59-V11-yisUGoowZ4UvmSBfZNqhjDdEk9QwqAk=
>  
> 
> The release is planned for 2017-09-07:
> 
>   
> https://urldefense.proofpoint.com/v2/url?u=http-3A__wiki.qemu.org_Planning_2.9=DwIFaQ=jf_iaSHvJObTbx-siA1ZOg=sThPI1c0u5x-3sg5Nw8wNqjg_5Z5xLzfPGC18E94zn8=Mw1bU8iEiV5THnZe_RluoHefJMDFgKus3DOUY40AbVA=aKWE0XkaM9D2OJvn5Etwst9lR3FUDED9C_m5ue7HB6w=
>  

Sorry for this. I've sent some other emails to see if this behavior
continued from my SMTP relay, and it seems to have been some sort of
temporary issue. The original URLs were (assuming I don't get bit by
this again):

  https://github.com/mdroth/qemu/commits/stable-2.9-staging

and

  http://wiki.qemu.org/Planning/2.9

> 
> Please respond here or CC qemu-sta...@nongnu.org on any patches you
> think should be included in the release.
> 
> Testing/feedback is greatly appreciated.
> 
> Thanks!
> 
> 
> Alberto Garcia (1):
>   stream: fix crash in stream_start() when block_job_create() fails
> 
> Aleksandr Bezzubikov (1):
>   hw/i386: allow SHPC for Q35 machine
> 
> Alexander Graf (2):
>   hid: Reset kbd modifiers on reset
>   input: Decrement queue count on kbd delay
> 
> Anton Nefedov (1):
>   qemu-img: wait for convert coroutines to complete
> 
> Bruce Rogers (2):
>   ACPI: don't call acpi_pcihp_device_plug_cb on xen
>   9pfs: local: remove: use correct path component
> 
> Daniel P. Berrange (1):
>   migration: setup bi-directional I/O channel for exec: protocol
> 
> Eduardo Habkost (1):
>   pc: Use "min-[x]level" on compat_props
> 
> Eric Blake (16):
>   dirty-bitmap: Report BlockDirtyInfo.count in bytes, as documented
>   coccinelle: Add script to remove useless QObject casts
>   qobject: Drop useless QObject casts
>   qobject: Add helper macros for common scalar insertions
>   s390x: Drop useless casts
>   qobject: Use simpler QDict/QList scalar insertion macros
>   blkdebug: Sanity check block layer guarantees
>   blkdebug: Refactor error injection
>   blkdebug: Add pass-through write_zero and discard support
>   blkdebug: Simplify override logic
>   blkdebug: Add ability to override unmap geometries
>   tests: Add coverage for recent block geometry fixes
>   block: Simplify BDRV_BLOCK_RAW recursion
>   block: Guarantee that *file is set on bdrv_get_block_status()
>   nbd: Fully initialize client in case of failed negotiation
>   nbd: Fix regression on resiliency to port scan
> 
> Fam Zheng (2):
>   block: Reuse bs as backing hd for drive-backup sync=none
>   virtio-scsi: Unset hotplug handler when unrealize
> 
> Gerd Hoffmann (1):
>   input: limit kbd queue depth
> 
> Greg Kurz (7):
>   9pfs: local: fix unlink of alien files in mapped-file mode
>   virtio: allow broken device to notify guest
>   target/ppc: pass const string to kvmppc_is_mem_backend_page_size_ok()
>   target/ppc: fix memory leak in kvmppc_is_mem_backend_page_size_ok()
>   spapr: fix memory leak in spapr_memory_pre_plug()
>   spapr: fix memory leak in spapr_core_pre_plug()
>   9pfs: local: fix fchmodat_nofollow() limitations
> 
> Halil Pasic (1):
>   s390x/css: catch section mismatch on load
> 
> Herongguang (Stephen) (1):
>   pci: deassert intx when pci device unrealize
> 
> Hervé Poussineau (1):
>   vvfat: fix qemu-img map and qemu-img convert
> 
> Jason Wang (2):
>   virtio-scsi: finalize IOMMU support
>   virtio-net: fix offload ctrl endian
> 
> Jeff Cody (1):
>   block/nfs: fix mutex assertion in nfs_file_close()
> 
> John Snow (1):
>   blockdev: use drained_begin/end for qmp_block_resize
> 
> Kevin Wolf (6):
>   mirror: Drop permissions on s->target on completion
>   commit: Fix use after free in completion
>   commit: Fix completion with extra reference
>   commit: Add NULL check for overlay_bs
>   qemu-iotests: Test automatic commit job cancel on hot unplug
>   block: Skip implicit nodes in query-block/blockstats
> 
> Ladi Prosek (1):
>   virtio-serial-bus: Unset hotplug handler when unrealize
> 
> Laurent Vivier (3):
>   spapr: add pre_plug function for memory
>   spapr: fix migration to pseries machine < 2.8
>   cpu: don't allow negative core id
> 
> Markus Armbruster (1):
>   replication: Make --disable-replication compile again
> 
> Max Filippov (3):
>   target/xtensa: fix mapping direction in read/write simcalls
>   target/xtensa: fix return value of read/write simcalls
>   target/xtensa: handle unknown registers in gdbstub
> 
> Max Reitz (11):

[Qemu-devel] [PATCH 00/79] Patch Round-up for stable 2.9.1, freeze on 2017-09-04

[Michael Roth]

Hi everyone,

The following new patches are queued for QEMU stable v2.9.1:

  https://github.com/mdroth/qemu/commits/stable-2.9-staging

The release is planned for 2017-09-07:

  http://wiki.qemu.org/Planning/2.9

Please respond here or CC qemu-sta...@nongnu.org on any patches you
think should be included in the release.

Testing/feedback is greatly appreciated.

Thanks!


Alberto Garcia (1):
  stream: fix crash in stream_start() when block_job_create() fails

Aleksandr Bezzubikov (1):
  hw/i386: allow SHPC for Q35 machine

Alexander Graf (2):
  hid: Reset kbd modifiers on reset
  input: Decrement queue count on kbd delay

Anton Nefedov (1):
  qemu-img: wait for convert coroutines to complete

Bruce Rogers (2):
  ACPI: don't call acpi_pcihp_device_plug_cb on xen
  9pfs: local: remove: use correct path component

Daniel P. Berrange (1):
  migration: setup bi-directional I/O channel for exec: protocol

Eduardo Habkost (1):
  pc: Use "min-[x]level" on compat_props

Eric Blake (16):
  dirty-bitmap: Report BlockDirtyInfo.count in bytes, as documented
  coccinelle: Add script to remove useless QObject casts
  qobject: Drop useless QObject casts
  qobject: Add helper macros for common scalar insertions
  s390x: Drop useless casts
  qobject: Use simpler QDict/QList scalar insertion macros
  blkdebug: Sanity check block layer guarantees
  blkdebug: Refactor error injection
  blkdebug: Add pass-through write_zero and discard support
  blkdebug: Simplify override logic
  blkdebug: Add ability to override unmap geometries
  tests: Add coverage for recent block geometry fixes
  block: Simplify BDRV_BLOCK_RAW recursion
  block: Guarantee that *file is set on bdrv_get_block_status()
  nbd: Fully initialize client in case of failed negotiation
  nbd: Fix regression on resiliency to port scan

Fam Zheng (2):
  block: Reuse bs as backing hd for drive-backup sync=none
  virtio-scsi: Unset hotplug handler when unrealize

Gerd Hoffmann (1):
  input: limit kbd queue depth

Greg Kurz (7):
  9pfs: local: fix unlink of alien files in mapped-file mode
  virtio: allow broken device to notify guest
  target/ppc: pass const string to kvmppc_is_mem_backend_page_size_ok()
  target/ppc: fix memory leak in kvmppc_is_mem_backend_page_size_ok()
  spapr: fix memory leak in spapr_memory_pre_plug()
  spapr: fix memory leak in spapr_core_pre_plug()
  9pfs: local: fix fchmodat_nofollow() limitations

Halil Pasic (1):
  s390x/css: catch section mismatch on load

Herongguang (Stephen) (1):
  pci: deassert intx when pci device unrealize

Hervé Poussineau (1):
  vvfat: fix qemu-img map and qemu-img convert

Jason Wang (2):
  virtio-scsi: finalize IOMMU support
  virtio-net: fix offload ctrl endian

Jeff Cody (1):
  block/nfs: fix mutex assertion in nfs_file_close()

John Snow (1):
  blockdev: use drained_begin/end for qmp_block_resize

Kevin Wolf (6):
  mirror: Drop permissions on s->target on completion
  commit: Fix use after free in completion
  commit: Fix completion with extra reference
  commit: Add NULL check for overlay_bs
  qemu-iotests: Test automatic commit job cancel on hot unplug
  block: Skip implicit nodes in query-block/blockstats

Ladi Prosek (1):
  virtio-serial-bus: Unset hotplug handler when unrealize

Laurent Vivier (3):
  spapr: add pre_plug function for memory
  spapr: fix migration to pseries machine < 2.8
  cpu: don't allow negative core id

Markus Armbruster (1):
  replication: Make --disable-replication compile again

Max Filippov (3):
  target/xtensa: fix mapping direction in read/write simcalls
  target/xtensa: fix return value of read/write simcalls
  target/xtensa: handle unknown registers in gdbstub

Max Reitz (11):
  qemu-img/convert: Always set ret < 0 on error
  qemu-img/convert: Use @opts for one thing only
  qemu-img/convert: Move bs_n > 1 && -B check down
  block: An empty filename counts as no filename
  iotests/051: Add test for empty filename
  block: Do not unref bs->file on error in BD's open
  block/vhdx: Make vhdx_create() always set errp
  block: Add errp to b{lk,drv}_truncate()
  blkdebug: Catch bs->exact_filename overflow
  blkverify: Catch bs->exact_filename overflow
  block: Do not strcmp() with NULL uri->scheme

Michael Roth (2):
  tests: check-qom-proplist: add checks for cmdline-created objects
  monitor: fix object_del for command-line-created objects

Paolo Bonzini (5):
  curl: strengthen assertion in curl_clean_state
  curl: never invoke callbacks with s->mutex held
  curl: avoid recursive locking of BDRVCURLState mutex
  linuxboot_dma: compile for i486
  nbd: fix NBD over TLS

Sameeh Jubran (2):
  qga-win: Enable 'can-offline' field in