From 650c8272f694506bce9ae7914868bf9260a018e2 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Tue, 14 Feb 2023 10:25:18 -0500 Subject: [PATCH 1/8] Handle missing libblkio on fedora < 37 Signed-off-by: Cole Robinson --- qemu.spec | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/qemu.spec b/qemu.spec index a051a0a..d2ee4d3 100644 --- a/qemu.spec +++ b/qemu.spec @@ -114,6 +114,11 @@ %global have_dbus_display 0 %endif +%global have_libblkio 0 +%if 0%{?fedora} >= 37 +%global have_libblkio 1 +%endif + %global have_sdl_image %{defined fedora} %global have_fdt 1 %global have_opengl 1 @@ -163,7 +168,11 @@ %global qemudocdir %{_docdir}/%{name} %define evr %{epoch}:%{version}-%{release} +%if %{have_libblkio} %define requires_block_blkio Requires: %{name}-block-blkio = %{evr} +%else +%define requires_block_blkio %{nil} +%endif %define requires_block_curl Requires: %{name}-block-curl = %{evr} %define requires_block_dmg Requires: %{name}-block-dmg = %{evr} %if %{have_block_gluster} @@ -404,7 +413,9 @@ BuildRequires: pkgconfig(gbm) BuildRequires: perl-Test-Harness BuildRequires: libslirp-devel BuildRequires: libbpf-devel >= 1.0.0 +%if %{have_libblkio} BuildRequires: libblkio-devel +%endif # Fedora specific @@ -611,6 +622,7 @@ Install this package if you want access to the avocado_qemu tests, or qemu-iotests. +%if %{have_libblkio} %package block-blkio Summary: QEMU blkio block driver Requires: %{name}-common%{?_isa} = %{epoch}:%{version}-%{release} @@ -619,6 +631,7 @@ This package provides the additional blkio block driver for QEMU. Install this package if you want to access disks over vhost-user-blk, vdpa-blk, and other transports using the libblkio library. +%endif %package block-curl @@ -1606,7 +1619,9 @@ run_configure \ %ifarch %{ix86} x86_64 --enable-avx2 \ %endif +%if %{have_libblkio} --enable-blkio \ +%endif --enable-bpf \ --enable-cap-ng \ --enable-capstone \ @@ -2221,8 +2236,10 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %{testsdir} %{_libdir}/%{name}/accel-qtest-*.so +%if %{have_libblkio} %files block-blkio %{_libdir}/%{name}/block-blkio.so +%endif %files block-curl %{_libdir}/%{name}/block-curl.so %files block-iscsi From fb1517ca3f5287a9d23c219b06f2abce6a51230a Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Mon, 27 Feb 2023 11:47:44 +0000 Subject: [PATCH 2/8] Fix virtio-blk-pci detect-zeroes=unmap (RHBZ#2173357) --- ...sgx_epc_get_section-stub-is-reachabl.patch | 7 ++- ...sts-Disable-pci_virtio_vga-for-ppc64.patch | 6 +-- ...er-add-more-compat-ioctl-definitions.patch | 8 ++-- ...r-fix-compat-with-glibc-2.36-sys-mou.patch | 12 ++--- ...-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch | 45 +++++++++++++++++++ qemu.spec | 9 +++- 6 files changed, 70 insertions(+), 17 deletions(-) rename 0001-tests-Disable-pci_virtio_vga-for-ppc64.patch => 0002-tests-Disable-pci_virtio_vga-for-ppc64.patch (90%) create mode 100644 0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch diff --git a/0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch b/0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch index cc5ada9..92a74eb 100644 --- a/0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch +++ b/0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch @@ -1,10 +1,10 @@ +From e54512fe75f85640c0c73e53e6f8bd0b9d193529 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 1 Feb 2022 20:09:37 +0100 -Subject: [PATCH] target/i386: the sgx_epc_get_section stub is reachable +Subject: [PATCH 1/5] target/i386: the sgx_epc_get_section stub is reachable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Content-type: text/plain The sgx_epc_get_section stub is reachable from cpu_x86_cpuid. It should not assert, instead it should just return true just like @@ -28,3 +28,6 @@ index 26833eb233..16b1dfd90b 100644 - g_assert_not_reached(); + return true; } +-- +2.37.3 + diff --git a/0001-tests-Disable-pci_virtio_vga-for-ppc64.patch b/0002-tests-Disable-pci_virtio_vga-for-ppc64.patch similarity index 90% rename from 0001-tests-Disable-pci_virtio_vga-for-ppc64.patch rename to 0002-tests-Disable-pci_virtio_vga-for-ppc64.patch index 26d8ed7..2172c4d 100644 --- a/0001-tests-Disable-pci_virtio_vga-for-ppc64.patch +++ b/0002-tests-Disable-pci_virtio_vga-for-ppc64.patch @@ -1,7 +1,7 @@ -From f6d5fd60f54fb9dcdc3733154637a3a214f5d5af Mon Sep 17 00:00:00 2001 +From 2f0a0afbf915d36c39c5cfac1e31c6edc7f47bef Mon Sep 17 00:00:00 2001 From: "Eduardo Lima (Etrunko)" Date: Thu, 1 Sep 2022 12:43:49 -0300 -Subject: [PATCH] tests: Disable pci_virtio_vga for ppc64 +Subject: [PATCH 2/5] tests: Disable pci_virtio_vga for ppc64 starting QEMU: exec ./qemu-system-ppc64 -qtest unix:/tmp/qtest-2378197.sock -qtest-log /dev/null -chardev socket,path=/tmp/qtest-2378197.qmp,id=char0 -mon chardev=char0,mode=control -display none -vga none -device virtio-vga -accel qtest stderr: @@ -28,5 +28,5 @@ index ace3bb28e0..628dad4cf2 100644 } -- -2.37.2 +2.37.3 diff --git a/0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch b/0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch index e263067..7a7ec1c 100644 --- a/0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch +++ b/0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch @@ -1,7 +1,7 @@ -From ebff02a43374c1138d4f8b2c07d2088a3921c288 Mon Sep 17 00:00:00 2001 +From 5c1d2f920c14d6e8f4ac7abc62714eadaa60f228 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 10 Jan 2023 12:37:14 -0500 -Subject: [PATCH 1/2] Revert "linux-user: add more compat ioctl definitions" +Subject: [PATCH 3/5] Revert "linux-user: add more compat ioctl definitions" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -27,7 +27,7 @@ Signed-off-by: Daniel P. Berrangé 1 file changed, 25 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 1f8c10f8ef..9c1e9555e1 100644 +index 24b25759be..10af5e0d8e 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -111,31 +111,6 @@ @@ -63,5 +63,5 @@ index 1f8c10f8ef..9c1e9555e1 100644 #include #endif -- -2.38.1 +2.37.3 diff --git a/0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch b/0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch index 08f5180..43b10c7 100644 --- a/0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch +++ b/0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch @@ -1,7 +1,7 @@ -From f0f11a1435802b5c8ee8337a7b0c0f337d8f9936 Mon Sep 17 00:00:00 2001 +From b40cf0a490c28d5b79e05382d061983b92a7b2b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 10 Jan 2023 12:37:25 -0500 -Subject: [PATCH 2/2] Revert "linux-user: fix compat with glibc >= 2.36 +Subject: [PATCH 4/5] Revert "linux-user: fix compat with glibc >= 2.36 sys/mount.h" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -29,7 +29,7 @@ Signed-off-by: Daniel P. Berrangé 2 files changed, 20 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c -index 9c1e9555e1..f2b7634f5e 100644 +index 10af5e0d8e..d974c76b60 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -95,25 +95,7 @@ @@ -59,10 +59,10 @@ index 9c1e9555e1..f2b7634f5e 100644 #if defined(CONFIG_FIEMAP) #include diff --git a/meson.build b/meson.build -index 175517eafd..32fed7ea6e 100644 +index 5c6b5a1c75..3172b01089 100644 --- a/meson.build +++ b/meson.build -@@ -2039,8 +2039,6 @@ config_host_data.set('HAVE_OPTRESET', +@@ -2032,8 +2032,6 @@ config_host_data.set('HAVE_OPTRESET', cc.has_header_symbol('getopt.h', 'optreset')) config_host_data.set('HAVE_IPPROTO_MPTCP', cc.has_header_symbol('netinet/in.h', 'IPPROTO_MPTCP')) @@ -72,5 +72,5 @@ index 175517eafd..32fed7ea6e 100644 # has_member config_host_data.set('HAVE_SIGEV_NOTIFY_THREAD_ID', -- -2.38.1 +2.37.3 diff --git a/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch b/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch new file mode 100644 index 0000000..989e7eb --- /dev/null +++ b/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch @@ -0,0 +1,45 @@ +From db788c896eb1378ebc1f20dcc4954616a7631919 Mon Sep 17 00:00:00 2001 +From: Stefan Hajnoczi +Date: Tue, 7 Feb 2023 15:37:16 -0500 +Subject: [PATCH 5/5] block: fix detect-zeroes= with BDRV_REQ_REGISTERED_BUF + +When a write request is converted into a write zeroes request by the +detect-zeroes= feature, it is no longer associated with an I/O buffer. +The BDRV_REQ_REGISTERED_BUF flag doesn't make sense without an I/O +buffer and must be cleared because bdrv_co_do_pwrite_zeroes() fails with +-EINVAL when it's set. + +Fiona Ebner bisected and diagnosed this QEMU 7.2 +regression where writes containing zeroes to a blockdev with +discard=unmap,detect-zeroes=unmap fail. + +Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1404 +Fixes: e8b6535533be ("block: add BDRV_REQ_REGISTERED_BUF request flag") +Tested-by: Fiona Ebner +Cc: qemu-stable@nongnu.org +Reviewed-by: Eric Blake +Reviewed-by: Hanna Czenczek +Signed-off-by: Stefan Hajnoczi +Message-Id: <20230207203719.242926-2-stefanha@redhat.com> +(cherry picked from commit 3c5867156eb81c7c71611d078b2c5c2c863f884a) +--- + block/io.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/block/io.c b/block/io.c +index b9424024f9..bbaa0d1b2d 100644 +--- a/block/io.c ++++ b/block/io.c +@@ -2087,6 +2087,9 @@ static int coroutine_fn bdrv_aligned_pwritev(BdrvChild *child, + if (bs->detect_zeroes == BLOCKDEV_DETECT_ZEROES_OPTIONS_UNMAP) { + flags |= BDRV_REQ_MAY_UNMAP; + } ++ ++ /* Can't use optimization hint with bufferless zero write */ ++ flags &= ~BDRV_REQ_REGISTERED_BUF; + } + + if (ret < 0) { +-- +2.37.3 + diff --git a/qemu.spec b/qemu.spec index d2ee4d3..7e1924e 100644 --- a/qemu.spec +++ b/qemu.spec @@ -321,7 +321,7 @@ Obsoletes: %{name}-system-unicore32-core <= %{epoch}:%{version}-%{release} %endif # To prevent rpmdev-bumpspec breakage -%global baserelease 6 +%global baserelease 7 Summary: QEMU is a FAST! processor emulator Name: qemu @@ -346,10 +346,12 @@ Source36: README.tests # Fix SGX assert Patch: 0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch -Patch: 0001-tests-Disable-pci_virtio_vga-for-ppc64.patch +Patch: 0002-tests-Disable-pci_virtio_vga-for-ppc64.patch # Fix compat with kernel-headers >= 6.1 Patch: 0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch Patch: 0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch +# Fix virtio-blk-pci detect-zeroes=unmap (RHBZ#2173357) +Patch: 0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch BuildRequires: meson >= %{meson_version} BuildRequires: zlib-devel @@ -2779,6 +2781,9 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %changelog +* Mon Feb 27 2023 Richard W.M. Jones - 7.2.0-7 +- Fix virtio-blk-pci detect-zeroes=unmap (RHBZ#2173357) + * Tue Jan 31 2023 Stefan Hajnoczi - 7.2.0-6 - Enable libblkio From d8ea841ee85896ba6f3acf5123816c76c32103f9 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Mon, 27 Feb 2023 16:09:52 +0000 Subject: [PATCH 3/8] Fix build with glib2 2.75.3 (RHBZ#2173639) --- ...sgx_epc_get_section-stub-is-reachabl.patch | 2 +- ...sts-Disable-pci_virtio_vga-for-ppc64.patch | 2 +- ...er-add-more-compat-ioctl-definitions.patch | 2 +- ...r-fix-compat-with-glibc-2.36-sys-mou.patch | 2 +- ...-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch | 2 +- ...te-fix-bad-GTree-usage-use-after-fre.patch | 43 +++++++++++++++++++ qemu.spec | 6 +++ 7 files changed, 54 insertions(+), 5 deletions(-) create mode 100644 0006-PATCH-test-vmstate-fix-bad-GTree-usage-use-after-fre.patch diff --git a/0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch b/0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch index 92a74eb..3f0bae7 100644 --- a/0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch +++ b/0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch @@ -1,7 +1,7 @@ From e54512fe75f85640c0c73e53e6f8bd0b9d193529 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 1 Feb 2022 20:09:37 +0100 -Subject: [PATCH 1/5] target/i386: the sgx_epc_get_section stub is reachable +Subject: [PATCH 1/6] target/i386: the sgx_epc_get_section stub is reachable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0002-tests-Disable-pci_virtio_vga-for-ppc64.patch b/0002-tests-Disable-pci_virtio_vga-for-ppc64.patch index 2172c4d..c940f0d 100644 --- a/0002-tests-Disable-pci_virtio_vga-for-ppc64.patch +++ b/0002-tests-Disable-pci_virtio_vga-for-ppc64.patch @@ -1,7 +1,7 @@ From 2f0a0afbf915d36c39c5cfac1e31c6edc7f47bef Mon Sep 17 00:00:00 2001 From: "Eduardo Lima (Etrunko)" Date: Thu, 1 Sep 2022 12:43:49 -0300 -Subject: [PATCH 2/5] tests: Disable pci_virtio_vga for ppc64 +Subject: [PATCH 2/6] tests: Disable pci_virtio_vga for ppc64 starting QEMU: exec ./qemu-system-ppc64 -qtest unix:/tmp/qtest-2378197.sock -qtest-log /dev/null -chardev socket,path=/tmp/qtest-2378197.qmp,id=char0 -mon chardev=char0,mode=control -display none -vga none -device virtio-vga -accel qtest stderr: diff --git a/0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch b/0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch index 7a7ec1c..e0c2b92 100644 --- a/0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch +++ b/0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch @@ -1,7 +1,7 @@ From 5c1d2f920c14d6e8f4ac7abc62714eadaa60f228 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 10 Jan 2023 12:37:14 -0500 -Subject: [PATCH 3/5] Revert "linux-user: add more compat ioctl definitions" +Subject: [PATCH 3/6] Revert "linux-user: add more compat ioctl definitions" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch b/0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch index 43b10c7..b872587 100644 --- a/0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch +++ b/0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch @@ -1,7 +1,7 @@ From b40cf0a490c28d5b79e05382d061983b92a7b2b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 10 Jan 2023 12:37:25 -0500 -Subject: [PATCH 4/5] Revert "linux-user: fix compat with glibc >= 2.36 +Subject: [PATCH 4/6] Revert "linux-user: fix compat with glibc >= 2.36 sys/mount.h" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 diff --git a/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch b/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch index 989e7eb..54ea7bd 100644 --- a/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch +++ b/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch @@ -1,7 +1,7 @@ From db788c896eb1378ebc1f20dcc4954616a7631919 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Tue, 7 Feb 2023 15:37:16 -0500 -Subject: [PATCH 5/5] block: fix detect-zeroes= with BDRV_REQ_REGISTERED_BUF +Subject: [PATCH 5/6] block: fix detect-zeroes= with BDRV_REQ_REGISTERED_BUF When a write request is converted into a write zeroes request by the detect-zeroes= feature, it is no longer associated with an I/O buffer. diff --git a/0006-PATCH-test-vmstate-fix-bad-GTree-usage-use-after-fre.patch b/0006-PATCH-test-vmstate-fix-bad-GTree-usage-use-after-fre.patch new file mode 100644 index 0000000..f4ff87f --- /dev/null +++ b/0006-PATCH-test-vmstate-fix-bad-GTree-usage-use-after-fre.patch @@ -0,0 +1,43 @@ +From 930def8769940600dd7dd587ec2accd4a8b6e1f8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Mon, 27 Feb 2023 16:02:51 +0000 +Subject: [PATCH 6/6] [PATCH] test-vmstate: fix bad GTree usage, use-after-free +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +According to g_tree_foreach() documentation: +"The tree may not be modified while iterating over it (you can't +add/remove items)." + +Fixes: 9a85e4b8f6 ("migration: Support gtree migration") +Cc: Eric Auger +Signed-off-by: Marc-André Lureau +--- + tests/unit/test-vmstate.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/tests/unit/test-vmstate.c b/tests/unit/test-vmstate.c +index 541bb4f63e..36b253eb67 100644 +--- a/tests/unit/test-vmstate.c ++++ b/tests/unit/test-vmstate.c +@@ -1074,7 +1074,6 @@ static gboolean diff_tree(gpointer key, gpointer value, gpointer data) + struct match_node_data d = {tp->tree2, key, value}; + + g_tree_foreach(tp->tree2, tp->match_node, &d); +- g_tree_remove(tp->tree1, key); + return false; + } + +@@ -1084,7 +1083,7 @@ static void compare_trees(GTree *tree1, GTree *tree2, + struct tree_cmp_data tp = {tree1, tree2, function}; + + g_tree_foreach(tree1, diff_tree, &tp); +- assert(g_tree_nnodes(tree1) == 0); ++ g_tree_destroy(g_tree_ref(tree1)); + assert(g_tree_nnodes(tree2) == 0); + } + +-- +2.37.3 + diff --git a/qemu.spec b/qemu.spec index 7e1924e..2ed7574 100644 --- a/qemu.spec +++ b/qemu.spec @@ -352,6 +352,11 @@ Patch: 0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch Patch: 0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch # Fix virtio-blk-pci detect-zeroes=unmap (RHBZ#2173357) Patch: 0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch +# Fix build with glib2 2.75.3 +# https://bugzilla.redhat.com/show_bug.cgi?id=2173639 +# https://gitlab.com/qemu-project/qemu/-/issues/1518 +# Patch is NOT UPSTREAM. +Patch: 0006-PATCH-test-vmstate-fix-bad-GTree-usage-use-after-fre.patch BuildRequires: meson >= %{meson_version} BuildRequires: zlib-devel @@ -2783,6 +2788,7 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %changelog * Mon Feb 27 2023 Richard W.M. Jones - 7.2.0-7 - Fix virtio-blk-pci detect-zeroes=unmap (RHBZ#2173357) +- Fix build with glib2 2.75.3 (RHBZ#2173639) * Tue Jan 31 2023 Stefan Hajnoczi - 7.2.0-6 - Enable libblkio From f48e9e218ccd66c593e9eabf5db70e65b265c294 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Mon, 27 Feb 2023 17:43:05 +0000 Subject: [PATCH 4/8] Fix rtl8139-test Patch sent upstream 2023-02-27. --- ...sgx_epc_get_section-stub-is-reachabl.patch | 2 +- ...sts-Disable-pci_virtio_vga-for-ppc64.patch | 2 +- ...er-add-more-compat-ioctl-definitions.patch | 2 +- ...r-fix-compat-with-glibc-2.36-sys-mou.patch | 2 +- ...-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch | 2 +- ...te-fix-bad-GTree-usage-use-after-fre.patch | 2 +- ...-version-is-printed-before-other-mes.patch | 42 +++++++++++++++++++ qemu.spec | 2 + 8 files changed, 50 insertions(+), 6 deletions(-) create mode 100644 0007-tests-Ensure-TAP-version-is-printed-before-other-mes.patch diff --git a/0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch b/0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch index 3f0bae7..5245b0f 100644 --- a/0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch +++ b/0001-target-i386-the-sgx_epc_get_section-stub-is-reachabl.patch @@ -1,7 +1,7 @@ From e54512fe75f85640c0c73e53e6f8bd0b9d193529 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 1 Feb 2022 20:09:37 +0100 -Subject: [PATCH 1/6] target/i386: the sgx_epc_get_section stub is reachable +Subject: [PATCH 1/7] target/i386: the sgx_epc_get_section stub is reachable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0002-tests-Disable-pci_virtio_vga-for-ppc64.patch b/0002-tests-Disable-pci_virtio_vga-for-ppc64.patch index c940f0d..48c4203 100644 --- a/0002-tests-Disable-pci_virtio_vga-for-ppc64.patch +++ b/0002-tests-Disable-pci_virtio_vga-for-ppc64.patch @@ -1,7 +1,7 @@ From 2f0a0afbf915d36c39c5cfac1e31c6edc7f47bef Mon Sep 17 00:00:00 2001 From: "Eduardo Lima (Etrunko)" Date: Thu, 1 Sep 2022 12:43:49 -0300 -Subject: [PATCH 2/6] tests: Disable pci_virtio_vga for ppc64 +Subject: [PATCH 2/7] tests: Disable pci_virtio_vga for ppc64 starting QEMU: exec ./qemu-system-ppc64 -qtest unix:/tmp/qtest-2378197.sock -qtest-log /dev/null -chardev socket,path=/tmp/qtest-2378197.qmp,id=char0 -mon chardev=char0,mode=control -display none -vga none -device virtio-vga -accel qtest stderr: diff --git a/0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch b/0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch index e0c2b92..f69907e 100644 --- a/0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch +++ b/0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch @@ -1,7 +1,7 @@ From 5c1d2f920c14d6e8f4ac7abc62714eadaa60f228 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 10 Jan 2023 12:37:14 -0500 -Subject: [PATCH 3/6] Revert "linux-user: add more compat ioctl definitions" +Subject: [PATCH 3/7] Revert "linux-user: add more compat ioctl definitions" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch b/0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch index b872587..6487990 100644 --- a/0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch +++ b/0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch @@ -1,7 +1,7 @@ From b40cf0a490c28d5b79e05382d061983b92a7b2b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 10 Jan 2023 12:37:25 -0500 -Subject: [PATCH 4/6] Revert "linux-user: fix compat with glibc >= 2.36 +Subject: [PATCH 4/7] Revert "linux-user: fix compat with glibc >= 2.36 sys/mount.h" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 diff --git a/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch b/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch index 54ea7bd..419a284 100644 --- a/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch +++ b/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch @@ -1,7 +1,7 @@ From db788c896eb1378ebc1f20dcc4954616a7631919 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Tue, 7 Feb 2023 15:37:16 -0500 -Subject: [PATCH 5/6] block: fix detect-zeroes= with BDRV_REQ_REGISTERED_BUF +Subject: [PATCH 5/7] block: fix detect-zeroes= with BDRV_REQ_REGISTERED_BUF When a write request is converted into a write zeroes request by the detect-zeroes= feature, it is no longer associated with an I/O buffer. diff --git a/0006-PATCH-test-vmstate-fix-bad-GTree-usage-use-after-fre.patch b/0006-PATCH-test-vmstate-fix-bad-GTree-usage-use-after-fre.patch index f4ff87f..7ad17be 100644 --- a/0006-PATCH-test-vmstate-fix-bad-GTree-usage-use-after-fre.patch +++ b/0006-PATCH-test-vmstate-fix-bad-GTree-usage-use-after-fre.patch @@ -1,7 +1,7 @@ From 930def8769940600dd7dd587ec2accd4a8b6e1f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 27 Feb 2023 16:02:51 +0000 -Subject: [PATCH 6/6] [PATCH] test-vmstate: fix bad GTree usage, use-after-free +Subject: [PATCH 6/7] [PATCH] test-vmstate: fix bad GTree usage, use-after-free MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0007-tests-Ensure-TAP-version-is-printed-before-other-mes.patch b/0007-tests-Ensure-TAP-version-is-printed-before-other-mes.patch new file mode 100644 index 0000000..c142e77 --- /dev/null +++ b/0007-tests-Ensure-TAP-version-is-printed-before-other-mes.patch @@ -0,0 +1,42 @@ +From 4021e0a116b568c312b864dfc27dfeed3317538a Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Mon, 27 Feb 2023 17:37:10 +0000 +Subject: [PATCH 7/7] tests: Ensure TAP version is printed before other + messages + +These two tests were failing with this error: + + stderr: + TAP parsing error: version number must be on the first line + [...] + Unknown TAP version. The first line MUST be `TAP version `. Assuming version 12. + +This can be fixed by ensuring we always call g_test_init first in the +body of main. + +Thanks: Daniel Berrange, for diagnosing the problem +Signed-off-by: Richard W.M. Jones +--- + tests/qtest/rtl8139-test.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/tests/qtest/rtl8139-test.c b/tests/qtest/rtl8139-test.c +index 8fa3313cc3..90bb616974 100644 +--- a/tests/qtest/rtl8139-test.c ++++ b/tests/qtest/rtl8139-test.c +@@ -196,9 +196,10 @@ int main(int argc, char **argv) + { + int ret; + +- qtest_start("-device rtl8139"); +- + g_test_init(&argc, &argv, NULL); ++ ++ qtest_start("-device rtl8139"); ++ + qtest_add_func("/rtl8139/nop", nop); + qtest_add_func("/rtl8139/timer", test_init); + +-- +2.37.3 + diff --git a/qemu.spec b/qemu.spec index 2ed7574..4a135ad 100644 --- a/qemu.spec +++ b/qemu.spec @@ -357,6 +357,8 @@ Patch: 0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch # https://gitlab.com/qemu-project/qemu/-/issues/1518 # Patch is NOT UPSTREAM. Patch: 0006-PATCH-test-vmstate-fix-bad-GTree-usage-use-after-fre.patch +# Fix one of the tests. Sent upstream 2023-02-27. +Patch: 0007-tests-Ensure-TAP-version-is-printed-before-other-mes.patch BuildRequires: meson >= %{meson_version} BuildRequires: zlib-devel From 0ef68abd71ff6a65cf1e9dbb1c57653b048f8328 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Mon, 27 Feb 2023 19:55:33 +0000 Subject: [PATCH 5/8] Disable the tests on i686 --- qemu.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/qemu.spec b/qemu.spec index 4a135ad..c55e6c4 100644 --- a/qemu.spec +++ b/qemu.spec @@ -2011,8 +2011,10 @@ rm -rf %{static_buildroot} pushd %{qemu_kvm_build} echo "Testing %{name}-build" +# i686: we propose to drop qemu, for now just disable the tests, see: +# https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/C2U5RBADZB2ZUMR74PLNV73C3AIPSLWH/ # 2022-06: ppc64le random qtest segfaults with no discernable pattern -%ifnarch %{power64} +%ifnarch %{ix86} %{power64} %make_build check %endif @@ -2791,6 +2793,7 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ * Mon Feb 27 2023 Richard W.M. Jones - 7.2.0-7 - Fix virtio-blk-pci detect-zeroes=unmap (RHBZ#2173357) - Fix build with glib2 2.75.3 (RHBZ#2173639) +- Disable the tests on i686 * Tue Jan 31 2023 Stefan Hajnoczi - 7.2.0-6 - Enable libblkio From bd635cd85ed29e7de235c309953bef4dbd0ef38a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 2 Mar 2023 17:50:22 +0000 Subject: [PATCH 6/8] Re-enable tests on i686. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The broken GNUTLS ABI has been fixed https://bugzilla.redhat.com/show_bug.cgi?id=2174758 https://src.fedoraproject.org/rpms/gnutls/pull-request/78 Signed-off-by: Daniel P. Berrangé --- qemu.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/qemu.spec b/qemu.spec index c55e6c4..218aee5 100644 --- a/qemu.spec +++ b/qemu.spec @@ -2011,10 +2011,8 @@ rm -rf %{static_buildroot} pushd %{qemu_kvm_build} echo "Testing %{name}-build" -# i686: we propose to drop qemu, for now just disable the tests, see: -# https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/C2U5RBADZB2ZUMR74PLNV73C3AIPSLWH/ # 2022-06: ppc64le random qtest segfaults with no discernable pattern -%ifnarch %{ix86} %{power64} +%ifnarch %{power64} %make_build check %endif From 9ac0d50669035442fdce692c492c04ee77f9c4d6 Mon Sep 17 00:00:00 2001 From: "Eduardo Lima (Etrunko)" Date: Wed, 19 Apr 2023 11:12:17 -0300 Subject: [PATCH 7/8] qemu-7.2.1-1 - Update to QEMU upstream release 7.2.1 --- ...-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch | 45 ------------------- qemu.spec | 9 ++-- sources | 2 +- 3 files changed, 6 insertions(+), 50 deletions(-) delete mode 100644 0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch diff --git a/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch b/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch deleted file mode 100644 index 419a284..0000000 --- a/0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch +++ /dev/null @@ -1,45 +0,0 @@ -From db788c896eb1378ebc1f20dcc4954616a7631919 Mon Sep 17 00:00:00 2001 -From: Stefan Hajnoczi -Date: Tue, 7 Feb 2023 15:37:16 -0500 -Subject: [PATCH 5/7] block: fix detect-zeroes= with BDRV_REQ_REGISTERED_BUF - -When a write request is converted into a write zeroes request by the -detect-zeroes= feature, it is no longer associated with an I/O buffer. -The BDRV_REQ_REGISTERED_BUF flag doesn't make sense without an I/O -buffer and must be cleared because bdrv_co_do_pwrite_zeroes() fails with --EINVAL when it's set. - -Fiona Ebner bisected and diagnosed this QEMU 7.2 -regression where writes containing zeroes to a blockdev with -discard=unmap,detect-zeroes=unmap fail. - -Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1404 -Fixes: e8b6535533be ("block: add BDRV_REQ_REGISTERED_BUF request flag") -Tested-by: Fiona Ebner -Cc: qemu-stable@nongnu.org -Reviewed-by: Eric Blake -Reviewed-by: Hanna Czenczek -Signed-off-by: Stefan Hajnoczi -Message-Id: <20230207203719.242926-2-stefanha@redhat.com> -(cherry picked from commit 3c5867156eb81c7c71611d078b2c5c2c863f884a) ---- - block/io.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/block/io.c b/block/io.c -index b9424024f9..bbaa0d1b2d 100644 ---- a/block/io.c -+++ b/block/io.c -@@ -2087,6 +2087,9 @@ static int coroutine_fn bdrv_aligned_pwritev(BdrvChild *child, - if (bs->detect_zeroes == BLOCKDEV_DETECT_ZEROES_OPTIONS_UNMAP) { - flags |= BDRV_REQ_MAY_UNMAP; - } -+ -+ /* Can't use optimization hint with bufferless zero write */ -+ flags &= ~BDRV_REQ_REGISTERED_BUF; - } - - if (ret < 0) { --- -2.37.3 - diff --git a/qemu.spec b/qemu.spec index 218aee5..ee9747e 100644 --- a/qemu.spec +++ b/qemu.spec @@ -321,11 +321,11 @@ Obsoletes: %{name}-system-unicore32-core <= %{epoch}:%{version}-%{release} %endif # To prevent rpmdev-bumpspec breakage -%global baserelease 7 +%global baserelease 1 Summary: QEMU is a FAST! processor emulator Name: qemu -Version: 7.2.0 +Version: 7.2.1 Release: %{baserelease}%{?rcrel}%{?dist} Epoch: 2 License: GPLv2 and BSD and MIT and CC-BY @@ -350,8 +350,6 @@ Patch: 0002-tests-Disable-pci_virtio_vga-for-ppc64.patch # Fix compat with kernel-headers >= 6.1 Patch: 0003-Revert-linux-user-add-more-compat-ioctl-definitions.patch Patch: 0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch -# Fix virtio-blk-pci detect-zeroes=unmap (RHBZ#2173357) -Patch: 0005-block-fix-detect-zeroes-with-BDRV_REQ_REGISTERED_BUF.patch # Fix build with glib2 2.75.3 # https://bugzilla.redhat.com/show_bug.cgi?id=2173639 # https://gitlab.com/qemu-project/qemu/-/issues/1518 @@ -2788,6 +2786,9 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %changelog +* Wed Apr 19 2023 Eduardo Lima (Etrunko) - 7.2.1-1 +- Rebase to qemu 7.2.1 + * Mon Feb 27 2023 Richard W.M. Jones - 7.2.0-7 - Fix virtio-blk-pci detect-zeroes=unmap (RHBZ#2173357) - Fix build with glib2 2.75.3 (RHBZ#2173639) diff --git a/sources b/sources index c45f059..c94b8cd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (qemu-7.2.0.tar.xz) = f3cfa00da739ba819a218d7e6e95c77fb79a8e0f487b024ddd281602e785249b81144595e3f8c746c32a4f5c4d1a88c6aebae3c162603edfbb50ae3722d7ed13 +SHA512 (qemu-7.2.1.tar.xz) = e286dc66c923a5df77eb02d69235d048e80a7cced638fae52fbed385b4c3cd736cfea66bb3c9843bebf0a33e81ea141fc015e0bd82108df304f148ce59d9ae8a From b07b5baf931dc5fc2be5ff25dee49cd7ca246f0c Mon Sep 17 00:00:00 2001 From: Mauro Matteo Cascella Date: Fri, 21 Apr 2023 18:09:41 +0200 Subject: [PATCH 8/8] qga/win32: Fix local privilege escalation issue (CVE-2023-0664) Signed-off-by: Mauro Matteo Cascella --- ...qga-win32-local-privilege-escalation.patch | 129 ++++++++++++++++++ qemu.spec | 7 +- 2 files changed, 135 insertions(+), 1 deletion(-) create mode 100644 0008-qga-win32-local-privilege-escalation.patch diff --git a/0008-qga-win32-local-privilege-escalation.patch b/0008-qga-win32-local-privilege-escalation.patch new file mode 100644 index 0000000..9359cc8 --- /dev/null +++ b/0008-qga-win32-local-privilege-escalation.patch @@ -0,0 +1,129 @@ +From 0575c4d5cb7520850359aeff62e11e80e5b65c55 Mon Sep 17 00:00:00 2001 +From: Konstantin Kostiuk +Date: Fri, 3 Mar 2023 21:20:08 +0200 +Subject: [PATCH] qga/win32: Use rundll for VSS installation + +The custom action uses cmd.exe to run VSS Service installation +and removal which causes an interactive command shell to spawn. +This shell can be used to execute any commands as a SYSTEM user. +Even if call qemu-ga.exe directly the interactive command shell +will be spawned as qemu-ga.exe is a console application and used +by users from the console as well as a service. + +As VSS Service runs from DLL which contains the installer and +uninstaller code, it can be run directly by rundll32.exe without +any interactive command shell. + +Add specific entry points for rundll which is just a wrapper +for COMRegister/COMUnregister functions with proper arguments. + +resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423 +fixes: CVE-2023-0664 (part 2 of 2) + +Signed-off-by: Konstantin Kostiuk +Reviewed-by: Yan Vugenfirer +Reported-by: Brian Wiltse +--- + qga/installer/qemu-ga.wxs | 10 +++++----- + qga/vss-win32/install.cpp | 9 +++++++++ + qga/vss-win32/qga-vss.def | 2 ++ + 3 files changed, 16 insertions(+), 5 deletions(-) + +diff --git a/qga/installer/qemu-ga.wxs b/qga/installer/qemu-ga.wxs +index 813d1c6ca6..de006c8785 100644 +--- a/qga/installer/qemu-ga.wxs ++++ b/qga/installer/qemu-ga.wxs +@@ -115,22 +115,22 @@ + + + +- ++ + + + + + + +diff --git a/qga/vss-win32/install.cpp b/qga/vss-win32/install.cpp +index b57508fbe0..68662a6dfc 100644 +--- a/qga/vss-win32/install.cpp ++++ b/qga/vss-win32/install.cpp +@@ -357,6 +357,15 @@ out: + return hr; + } + ++STDAPI_(void) CALLBACK DLLCOMRegister(HWND, HINSTANCE, LPSTR, int) ++{ ++ COMRegister(); ++} ++ ++STDAPI_(void) CALLBACK DLLCOMUnregister(HWND, HINSTANCE, LPSTR, int) ++{ ++ COMUnregister(); ++} + + static BOOL CreateRegistryKey(LPCTSTR key, LPCTSTR value, LPCTSTR data) + { +diff --git a/qga/vss-win32/qga-vss.def b/qga/vss-win32/qga-vss.def +index 927782c31b..ee97a81427 100644 +--- a/qga/vss-win32/qga-vss.def ++++ b/qga/vss-win32/qga-vss.def +@@ -1,6 +1,8 @@ + LIBRARY "QGA-PROVIDER.DLL" + + EXPORTS ++ DLLCOMRegister ++ DLLCOMUnregister + COMRegister PRIVATE + COMUnregister PRIVATE + DllCanUnloadNow PRIVATE + +From e7e43c4e11390aba32cb42421c68790c10501232 Mon Sep 17 00:00:00 2001 +From: Konstantin Kostiuk +Date: Fri, 3 Mar 2023 21:20:07 +0200 +Subject: [PATCH] qga/win32: Remove change action from MSI installer + +Remove the 'change' button from "Programs and Features" because it does +not checks if a user is an admin or not. The installer has no components +to choose from and always installs everything. So the 'change' button is +not obviously needed but can create a security issue. + +resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423 +fixes: CVE-2023-0664 (part 1 of 2) + +Signed-off-by: Konstantin Kostiuk +Reviewed-by: Yan Vugenfirer +Reported-by: Brian Wiltse +--- + qga/installer/qemu-ga.wxs | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/qga/installer/qemu-ga.wxs b/qga/installer/qemu-ga.wxs +index de006c8785..949ba07fd2 100644 +--- a/qga/installer/qemu-ga.wxs ++++ b/qga/installer/qemu-ga.wxs +@@ -31,6 +31,7 @@ + /> + + ++ + diff --git a/qemu.spec b/qemu.spec index ee9747e..9f42638 100644 --- a/qemu.spec +++ b/qemu.spec @@ -321,7 +321,7 @@ Obsoletes: %{name}-system-unicore32-core <= %{epoch}:%{version}-%{release} %endif # To prevent rpmdev-bumpspec breakage -%global baserelease 1 +%global baserelease 2 Summary: QEMU is a FAST! processor emulator Name: qemu @@ -357,6 +357,8 @@ Patch: 0004-Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch Patch: 0006-PATCH-test-vmstate-fix-bad-GTree-usage-use-after-fre.patch # Fix one of the tests. Sent upstream 2023-02-27. Patch: 0007-tests-Ensure-TAP-version-is-printed-before-other-mes.patch +# qga/win32: Fix local privilege escalation issue (CVE-2023-0664) +Patch: 0008-qga-win32-local-privilege-escalation.patch BuildRequires: meson >= %{meson_version} BuildRequires: zlib-devel @@ -2786,6 +2788,9 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %changelog +* Fri Apr 21 2023 Mauro Matteo Cascella - 2:7.2.1-2 +- qga/win32: Fix local privilege escalation issue (CVE-2023-0664) (rhbz#2175700) + * Wed Apr 19 2023 Eduardo Lima (Etrunko) - 7.2.1-1 - Rebase to qemu 7.2.1