diff --git a/.gitignore b/.gitignore
index 1ac9888..a119815 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,3 +23,4 @@ qemu-kvm-0.13.0-25fdf4a.tar.gz
/qemu-1.5.1.tar.bz2
/qemu-1.5.2.tar.bz2
/qemu-1.6.0.tar.bz2
+/qemu-1.6.1.tar.bz2
diff --git a/0001-Fix-migration-from-qemu-kvm.patch b/0001-Fix-migration-from-qemu-kvm.patch
new file mode 100644
index 0000000..a263329
--- /dev/null
+++ b/0001-Fix-migration-from-qemu-kvm.patch
@@ -0,0 +1,212 @@
+From 2196426a9b081cb99f4bdefb854aaa206bdd0392 Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Fri, 16 Aug 2013 12:14:51 -0400
+Subject: [PATCH] Fix migration from qemu-kvm
+
+Details are in the code comments for each change. Just lumped this together
+to ease patch maintenance.
+
+Everything except the video memory bits can likely be dropped by Fedora 21
+time frame. Need to figure out if there's anything to upstream for the
+video memory bits.
+---
+ hw/acpi/piix4.c | 8 ++++++-
+ hw/display/qxl.c | 9 ++++----
+ hw/i386/pc_piix.c | 61 +++++++++++++++++++++++++++++++++++++++++++++----
+ hw/timer/i8254_common.c | 7 +++++-
+ 4 files changed, 74 insertions(+), 11 deletions(-)
+
+diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
+index 3aaf18c..6fbe57c 100644
+--- a/hw/acpi/piix4.c
++++ b/hw/acpi/piix4.c
+@@ -289,7 +289,13 @@ static int acpi_load_old(QEMUFile *f, void *opaque, int version_id)
+ static const VMStateDescription vmstate_acpi = {
+ .name = "piix4_pm",
+ .version_id = 3,
+- .minimum_version_id = 3,
++ /*
++ * qemu-kvm 1.2 uses qemu.git version 3 format, but advertised as 2.
++ * This allows incoming migration from qemu-kvm, but breaks incoming
++ * migration from qemu < 1.3.
++ */
++ //minimum_version_id = 3,
++ .minimum_version_id = 2,
+ .minimum_version_id_old = 1,
+ .load_state_old = acpi_load_old,
+ .post_load = vmstate_acpi_post_load,
+diff --git a/hw/display/qxl.c b/hw/display/qxl.c
+index c537057..7ef3eff 100644
+--- a/hw/display/qxl.c
++++ b/hw/display/qxl.c
+@@ -307,16 +307,14 @@ static inline uint32_t msb_mask(uint32_t val)
+ return mask;
+ }
+
+-static ram_addr_t qxl_rom_size(void)
++static void check_qxl_rom_size(PCIQXLDevice *d)
+ {
+ uint32_t required_rom_size = sizeof(QXLRom) + sizeof(QXLModes) +
+ sizeof(qxl_modes);
+- uint32_t rom_size = 8192; /* two pages */
+
+ required_rom_size = MAX(required_rom_size, TARGET_PAGE_SIZE);
+ required_rom_size = msb_mask(required_rom_size * 2 - 1);
+- assert(required_rom_size <= rom_size);
+- return rom_size;
++ assert(required_rom_size <= d->rom_size);
+ }
+
+ static void init_qxl_rom(PCIQXLDevice *d)
+@@ -1981,7 +1979,7 @@ static int qxl_init_common(PCIQXLDevice *qxl)
+ pci_set_byte(&config[PCI_REVISION_ID], pci_device_rev);
+ pci_set_byte(&config[PCI_INTERRUPT_PIN], 1);
+
+- qxl->rom_size = qxl_rom_size();
++ check_qxl_rom_size(qxl);
+ memory_region_init_ram(&qxl->rom_bar, OBJECT(qxl), "qxl.vrom",
+ qxl->rom_size);
+ vmstate_register_ram(&qxl->rom_bar, &qxl->pci.qdev);
+@@ -2309,6 +2307,7 @@ static Property qxl_properties[] = {
+ DEFINE_PROP_UINT32("vram64_size_mb", PCIQXLDevice, vram_size_mb, -1),
+ DEFINE_PROP_UINT32("vgamem_mb", PCIQXLDevice, vgamem_size_mb, 16),
+ DEFINE_PROP_INT32("surfaces", PCIQXLDevice, ssd.num_surfaces, 1024),
++ DEFINE_PROP_UINT32("rom_size", PCIQXLDevice, rom_size, 8192),
+ DEFINE_PROP_END_OF_LIST(),
+ };
+
+diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
+index 3df2ff9..28216ee 100644
+--- a/hw/i386/pc_piix.c
++++ b/hw/i386/pc_piix.c
+@@ -377,6 +377,24 @@ static QEMUMachine pc_i440fx_machine_v1_4 = {
+ DEFAULT_MACHINE_OPTIONS,
+ };
+
++/*
++ * Commit 038c1879a00153b14bce113315b693e8c2944fa9 changed the qxl rom
++ * size to 8192, which fixes incoming migration from qemu 1.0. However
++ * from qemu 1.2 and 1.3 had rom size 16384, so incoming migration
++ * from those versions is now broken.
++ *
++ * Add a rom_size compat property. 1.2 and 1.3 get 16384, everything
++ * else is 8192.
++ *
++ * This isn't actually fool proof, since rom_size can be dependent on
++ * the version of spice qemu is built against:
++ *
++ * https://lists.gnu.org/archive/html/qemu-devel/2013-02/msg03154.html
++ *
++ * However these sizes match what native Fedora packages get, so it's
++ * good enough for now.
++ */
++
+ #define PC_COMPAT_1_3 \
+ PC_COMPAT_1_4, \
+ {\
+@@ -395,8 +413,17 @@ static QEMUMachine pc_i440fx_machine_v1_4 = {
+ .driver = "e1000",\
+ .property = "autonegotiation",\
+ .value = "off",\
++ },{ \
++ .driver = "qxl", \
++ .property = "rom_size", \
++ .value = stringify(16384), \
++ },{\
++ .driver = "qxl-vga", \
++ .property = "rom_size", \
++ .value = stringify(16384), \
+ }
+
++
+ static QEMUMachine pc_machine_v1_3 = {
+ .name = "pc-1.3",
+ .desc = "Standard PC",
+@@ -409,6 +436,19 @@ static QEMUMachine pc_machine_v1_3 = {
+ DEFAULT_MACHINE_OPTIONS,
+ };
+
++
++/*
++ * https://lists.gnu.org/archive/html/qemu-devel/2013-01/msg02540.html
++ *
++ * qemu-kvm defaulted to vgamem=16MB since at least 0.15, while qemu used
++ * 8MB. For qemu 1.2, the default was changed to 16MB for all devices
++ * except cirrus.
++ *
++ * Make sure cirrus uses 16MB for <= pc-1.2 (the qemu-kvm merge),
++ * and 16MB always for all others. This will break incoming qemu
++ * migration for qemu < 1.3.
++ */
++
+ #define PC_COMPAT_1_2 \
+ PC_COMPAT_1_3,\
+ {\
+@@ -432,6 +472,10 @@ static QEMUMachine pc_machine_v1_3 = {
+ .property = "revision",\
+ .value = stringify(3),\
+ },{\
++ .driver = "cirrus-vga",\
++ .property = "vgamem_mb",\
++ .value = stringify(16),\
++ },{\
+ .driver = "VGA",\
+ .property = "mmio",\
+ .value = "off",\
+@@ -462,25 +506,34 @@ static QEMUMachine pc_machine_v1_2 = {
+ },{\
+ .driver = "VGA",\
+ .property = "vgamem_mb",\
+- .value = stringify(8),\
++ .value = stringify(16),\
+ },{\
+ .driver = "vmware-svga",\
+ .property = "vgamem_mb",\
+- .value = stringify(8),\
++ .value = stringify(16),\
+ },{\
+ .driver = "qxl-vga",\
+ .property = "vgamem_mb",\
+- .value = stringify(8),\
++ .value = stringify(16),\
+ },{\
+ .driver = "qxl",\
+ .property = "vgamem_mb",\
+- .value = stringify(8),\
++ .value = stringify(16),\
+ },{\
+ .driver = "virtio-blk-pci",\
+ .property = "config-wce",\
+ .value = "off",\
++ },{ \
++ .driver = "qxl", \
++ .property = "rom_size", \
++ .value = stringify(8192), \
++ },{\
++ .driver = "qxl-vga", \
++ .property = "rom_size", \
++ .value = stringify(8192), \
+ }
+
++
+ static QEMUMachine pc_machine_v1_1 = {
+ .name = "pc-1.1",
+ .desc = "Standard PC",
+diff --git a/hw/timer/i8254_common.c b/hw/timer/i8254_common.c
+index 4e5bf0b..cbc00a0 100644
+--- a/hw/timer/i8254_common.c
++++ b/hw/timer/i8254_common.c
+@@ -267,7 +267,12 @@ static const VMStateDescription vmstate_pit_common = {
+ .pre_save = pit_dispatch_pre_save,
+ .post_load = pit_dispatch_post_load,
+ .fields = (VMStateField[]) {
+- VMSTATE_UINT32_V(channels[0].irq_disabled, PITCommonState, 3),
++ /* qemu-kvm version_id=2 had 'flags' here which is equivalent
++ * This fixes incoming migration from qemu-kvm 1.0, but breaks
++ * incoming migration from qemu < 1.1
++ */
++ //VMSTATE_UINT32_V(channels[0].irq_disabled, PITCommonState, 3),
++ VMSTATE_UINT32(channels[0].irq_disabled, PITCommonState),
+ VMSTATE_STRUCT_ARRAY(channels, PITCommonState, 3, 2,
+ vmstate_pit_channel, PITChannelState),
+ VMSTATE_INT64(channels[0].next_transition_time,
diff --git a/0001-block-ensure-bdrv_drain_all-works-during-bdrv_delete.patch b/0001-block-ensure-bdrv_drain_all-works-during-bdrv_delete.patch
deleted file mode 100644
index 7268607..0000000
--- a/0001-block-ensure-bdrv_drain_all-works-during-bdrv_delete.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 670599a08c052f6ef841743731a8f06d4b50ec99 Mon Sep 17 00:00:00 2001
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Thu, 27 Jun 2013 15:32:26 +0200
-Subject: [PATCH] block: ensure bdrv_drain_all() works during bdrv_delete()
-
-In bdrv_delete() make sure to call bdrv_make_anon() *after* bdrv_close()
-so that the device is still seen by bdrv_drain_all() when iterating
-bdrv_states.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-(cherry picked from commit e1b5c52e04d04bb93546c6e37e8884889d047cb1)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- block.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/block.c b/block.c
-index 01b66d8..d5ce8d3 100644
---- a/block.c
-+++ b/block.c
-@@ -1606,11 +1606,11 @@ void bdrv_delete(BlockDriverState *bs)
- assert(!bs->job);
- assert(!bs->in_use);
-
-+ bdrv_close(bs);
-+
- /* remove from list, if necessary */
- bdrv_make_anon(bs);
-
-- bdrv_close(bs);
--
- g_free(bs);
- }
-
diff --git a/0002-gdbstub-Fix-gdb_register_coprocessor-register-counti.patch b/0002-gdbstub-Fix-gdb_register_coprocessor-register-counti.patch
deleted file mode 100644
index 46cb0d9..0000000
--- a/0002-gdbstub-Fix-gdb_register_coprocessor-register-counti.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From c0c080c5d1ce6c236ba8ab5db3a17043c665d0f6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>
-Date: Mon, 12 Aug 2013 18:09:47 +0200
-Subject: [PATCH] gdbstub: Fix gdb_register_coprocessor() register counting
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Commit a0e372f0c49ac01faeaeb73a6e8f50e8ac615f34 reorganized the register
-counting for GDB. While it seems correct not to let the total number of
-registers skyrocket in an SMP scenario through a static variable, the
-distinction between total register count and 'g' packet register count
-(last_reg vs. num_g_regs) got lost among the way.
-
-Fix this by introducing CPUState::gdb_num_g_regs and using that in
-gdb_handle_packet().
-
-Reported-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-Cc: qemu-stable@nongnu.org (stable-1.6)
-Tested-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-Tested-by: Max Filippov <jcmvbkbc@gmail.com>
-Tested-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Andreas Färber <afaerber@suse.de>
-(cherry picked from commit 35143f0164e6933a85c7c2b8a89a040d881a9151)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- gdbstub.c | 6 ++++--
- include/qom/cpu.h | 2 ++
- qom/cpu.c | 2 +-
- 3 files changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/gdbstub.c b/gdbstub.c
-index 1af25a6..9d067d6 100644
---- a/gdbstub.c
-+++ b/gdbstub.c
-@@ -621,6 +621,8 @@ void gdb_register_coprocessor(CPUState *cpu,
- if (g_pos != s->base_reg) {
- fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
- "Expected %d got %d\n", xml, g_pos, s->base_reg);
-+ } else {
-+ cpu->gdb_num_g_regs = cpu->gdb_num_regs;
- }
- }
- }
-@@ -902,7 +904,7 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
- case 'g':
- cpu_synchronize_state(s->g_cpu);
- len = 0;
-- for (addr = 0; addr < s->g_cpu->gdb_num_regs; addr++) {
-+ for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
- reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
- len += reg_size;
- }
-@@ -914,7 +916,7 @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
- registers = mem_buf;
- len = strlen(p) / 2;
- hextomem((uint8_t *)registers, p, len);
-- for (addr = 0; addr < s->g_cpu->gdb_num_regs && len > 0; addr++) {
-+ for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
- reg_size = gdb_write_register(s->g_cpu, registers, addr);
- len -= reg_size;
- registers += reg_size;
-diff --git a/include/qom/cpu.h b/include/qom/cpu.h
-index 0d6e95c..3e49936 100644
---- a/include/qom/cpu.h
-+++ b/include/qom/cpu.h
-@@ -152,6 +152,7 @@ struct kvm_run;
- * @current_tb: Currently executing TB.
- * @gdb_regs: Additional GDB registers.
- * @gdb_num_regs: Number of total registers accessible to GDB.
-+ * @gdb_num_g_regs: Number of registers in GDB 'g' packets.
- * @next_cpu: Next CPU sharing TB cache.
- * @kvm_fd: vCPU file descriptor for KVM.
- *
-@@ -188,6 +189,7 @@ struct CPUState {
- struct TranslationBlock *current_tb;
- struct GDBRegisterState *gdb_regs;
- int gdb_num_regs;
-+ int gdb_num_g_regs;
- CPUState *next_cpu;
-
- int kvm_fd;
-diff --git a/qom/cpu.c b/qom/cpu.c
-index aa95108..e71e57b 100644
---- a/qom/cpu.c
-+++ b/qom/cpu.c
-@@ -240,7 +240,7 @@ static void cpu_common_initfn(Object *obj)
- CPUState *cpu = CPU(obj);
- CPUClass *cc = CPU_GET_CLASS(obj);
-
-- cpu->gdb_num_regs = cc->gdb_num_core_regs;
-+ cpu->gdb_num_regs = cpu->gdb_num_g_regs = cc->gdb_num_core_regs;
- }
-
- static int64_t cpu_common_get_arch_id(CPUState *cpu)
diff --git a/0002-isapc-disable-kvmvapic.patch b/0002-isapc-disable-kvmvapic.patch
new file mode 100644
index 0000000..4adf992
--- /dev/null
+++ b/0002-isapc-disable-kvmvapic.patch
@@ -0,0 +1,36 @@
+From 85a924af30f31a4f701ee6f18d84dd27aa02f47b Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 13 Aug 2013 00:02:18 +0200
+Subject: [PATCH] isapc: disable kvmvapic
+
+vapic requires the VAPIC ROM to be mapped into RAM. This is not
+possible without PAM hardware. This fixes a segmentation fault
+running with -M isapc.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+
+(crobinso: s/kvmvapic/vapic/g)
+
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+---
+ hw/i386/pc_piix.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
+index 28216ee..2f2cb4d 100644
+--- a/hw/i386/pc_piix.c
++++ b/hw/i386/pc_piix.c
+@@ -795,7 +795,11 @@ static QEMUMachine isapc_machine = {
+ .init = pc_init_isa,
+ .max_cpus = 1,
+ .compat_props = (GlobalProperty[]) {
+- { /* end of list */ }
++ {
++ .driver = "apic-common",
++ .property = "vapic",
++ .value = "off",
++ },
+ },
+ DEFAULT_MACHINE_OPTIONS,
+ };
diff --git a/0003-pci-do-not-export-pci_bus_reset.patch b/0003-pci-do-not-export-pci_bus_reset.patch
new file mode 100644
index 0000000..21c6cef
--- /dev/null
+++ b/0003-pci-do-not-export-pci_bus_reset.patch
@@ -0,0 +1,72 @@
+From 07873f45017c04994496d8dc3f7acb60358bba49 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 2 May 2013 11:38:37 +0200
+Subject: [PATCH] pci: do not export pci_bus_reset
+
+qbus_reset_all can be used instead. There is no semantic change
+because pcibus_reset returns 1 and takes care of the device
+tree traversal.
+
+This will be necessary once the traversal is done always in
+qbus_reset_all *before* invoking pcibus_reset itself.
+
+Tested-by: Claudio Bley <cbley@av-test.de>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/pci/pci.c | 8 ++------
+ hw/pci/pci_bridge.c | 2 +-
+ include/hw/pci/pci.h | 1 -
+ 3 files changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/hw/pci/pci.c b/hw/pci/pci.c
+index 4c004f5..0389375 100644
+--- a/hw/pci/pci.c
++++ b/hw/pci/pci.c
+@@ -210,8 +210,9 @@ void pci_device_reset(PCIDevice *dev)
+ * Trigger pci bus reset under a given bus.
+ * To be called on RST# assert.
+ */
+-void pci_bus_reset(PCIBus *bus)
++static int pcibus_reset(BusState *qbus)
+ {
++ PCIBus *bus = DO_UPCAST(PCIBus, qbus, qbus);
+ int i;
+
+ for (i = 0; i < bus->nirq; i++) {
+@@ -222,11 +223,6 @@ void pci_bus_reset(PCIBus *bus)
+ pci_device_reset(bus->devices[i]);
+ }
+ }
+-}
+-
+-static int pcibus_reset(BusState *qbus)
+-{
+- pci_bus_reset(DO_UPCAST(PCIBus, qbus, qbus));
+
+ /* topology traverse is done by pci_bus_reset().
+ Tell qbus/qdev walker not to traverse the tree */
+diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c
+index a90671d..5d0e5ff 100644
+--- a/hw/pci/pci_bridge.c
++++ b/hw/pci/pci_bridge.c
+@@ -268,7 +268,7 @@ void pci_bridge_write_config(PCIDevice *d,
+ newctl = pci_get_word(d->config + PCI_BRIDGE_CONTROL);
+ if (~oldctl & newctl & PCI_BRIDGE_CTL_BUS_RESET) {
+ /* Trigger hot reset on 0->1 transition. */
+- pci_bus_reset(&s->sec_bus);
++ qbus_reset_all(&s->sec_bus.qbus);
+ }
+ }
+
+diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
+index ccec2ba..32f1419 100644
+--- a/include/hw/pci/pci.h
++++ b/include/hw/pci/pci.h
+@@ -376,7 +376,6 @@ void pci_bus_fire_intx_routing_notifier(PCIBus *bus);
+ void pci_device_set_intx_routing_notifier(PCIDevice *dev,
+ PCIINTxRoutingNotifier notifier);
+ void pci_device_reset(PCIDevice *dev);
+-void pci_bus_reset(PCIBus *bus);
+
+ PCIDevice *pci_nic_init(NICInfo *nd, PCIBus *rootbus,
+ const char *default_model,
diff --git a/0003-target-ppc-fix-bit-extraction-for-FPBF-and-FPL.patch b/0003-target-ppc-fix-bit-extraction-for-FPBF-and-FPL.patch
deleted file mode 100644
index faf651b..0000000
--- a/0003-target-ppc-fix-bit-extraction-for-FPBF-and-FPL.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 52f99b02e5ff1004fb3b41846d2c34f190127456 Mon Sep 17 00:00:00 2001
-From: Aurelien Jarno <aurelien@aurel32.net>
-Date: Thu, 15 Aug 2013 13:32:38 +0200
-Subject: [PATCH] target-ppc: fix bit extraction for FPBF and FPL
-
-Bit extraction for the FP BF and L field of the MTFSFI and MTFSF
-instructions is wrong and doesn't match the reference manual (which
-explain the bit number in big endian format). It has been broken in
-commit 7d08d85645def18eac2a9d672c1868a35e0bcf79.
-
-This patch fixes this, which in turn fixes the problem reported by
-Khem Raj about the floor() function of libm.
-
-Reported-by: Khem Raj <raj.khem@gmail.com>
-Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
-CC: qemu-stable@nongnu.org (1.6)
-Signed-off-by: Alexander Graf <agraf@suse.de>
-(cherry picked from commit 779f659021d1754117bce1aab9370dc22f37ae07)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- target-ppc/translate.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/target-ppc/translate.c b/target-ppc/translate.c
-index f07d70d..41f4048 100644
---- a/target-ppc/translate.c
-+++ b/target-ppc/translate.c
-@@ -428,9 +428,9 @@ EXTRACT_HELPER(CRM, 12, 8);
- EXTRACT_HELPER(SR, 16, 4);
-
- /* mtfsf/mtfsfi */
--EXTRACT_HELPER(FPBF, 19, 3);
-+EXTRACT_HELPER(FPBF, 23, 3);
- EXTRACT_HELPER(FPIMM, 12, 4);
--EXTRACT_HELPER(FPL, 21, 1);
-+EXTRACT_HELPER(FPL, 25, 1);
- EXTRACT_HELPER(FPFLM, 17, 8);
- EXTRACT_HELPER(FPW, 16, 1);
-
diff --git a/0004-qdev-allow-both-pre-and-post-order-vists-in-qdev-wal.patch b/0004-qdev-allow-both-pre-and-post-order-vists-in-qdev-wal.patch
new file mode 100644
index 0000000..8580f62
--- /dev/null
+++ b/0004-qdev-allow-both-pre-and-post-order-vists-in-qdev-wal.patch
@@ -0,0 +1,141 @@
+From cf09bc533d82f2b16d1e9f4888c1afd977ca256d Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 2 May 2013 11:38:38 +0200
+Subject: [PATCH] qdev: allow both pre- and post-order vists in qdev walking
+ functions
+
+Resetting should be done in post-order, not pre-order. However,
+qdev_walk_children and qbus_walk_children do not allow this. Fix
+it by adding two extra arguments to the functions.
+
+Tested-by: Claudio Bley <cbley@av-test.de>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/core/qdev.c | 45 +++++++++++++++++++++++++++++++++------------
+ include/hw/qdev-core.h | 13 +++++++++----
+ 2 files changed, 42 insertions(+), 16 deletions(-)
+
+diff --git a/hw/core/qdev.c b/hw/core/qdev.c
+index 9190a7e..842804f 100644
+--- a/hw/core/qdev.c
++++ b/hw/core/qdev.c
+@@ -240,12 +240,12 @@ static int qbus_reset_one(BusState *bus, void *opaque)
+
+ void qdev_reset_all(DeviceState *dev)
+ {
+- qdev_walk_children(dev, qdev_reset_one, qbus_reset_one, NULL);
++ qdev_walk_children(dev, qdev_reset_one, qbus_reset_one, NULL, NULL, NULL);
+ }
+
+ void qbus_reset_all(BusState *bus)
+ {
+- qbus_walk_children(bus, qdev_reset_one, qbus_reset_one, NULL);
++ qbus_walk_children(bus, qdev_reset_one, qbus_reset_one, NULL, NULL, NULL);
+ }
+
+ void qbus_reset_all_fn(void *opaque)
+@@ -343,49 +343,70 @@ BusState *qdev_get_child_bus(DeviceState *dev, const char *name)
+ return NULL;
+ }
+
+-int qbus_walk_children(BusState *bus, qdev_walkerfn *devfn,
+- qbus_walkerfn *busfn, void *opaque)
++int qbus_walk_children(BusState *bus,
++ qdev_walkerfn *pre_devfn, qbus_walkerfn *pre_busfn,
++ qdev_walkerfn *post_devfn, qbus_walkerfn *post_busfn,
++ void *opaque)
+ {
+ BusChild *kid;
+ int err;
+
+- if (busfn) {
+- err = busfn(bus, opaque);
++ if (pre_busfn) {
++ err = pre_busfn(bus, opaque);
+ if (err) {
+ return err;
+ }
+ }
+
+ QTAILQ_FOREACH(kid, &bus->children, sibling) {
+- err = qdev_walk_children(kid->child, devfn, busfn, opaque);
++ err = qdev_walk_children(kid->child,
++ pre_devfn, pre_busfn,
++ post_devfn, post_busfn, opaque);
+ if (err < 0) {
+ return err;
+ }
+ }
+
++ if (post_busfn) {
++ err = post_busfn(bus, opaque);
++ if (err) {
++ return err;
++ }
++ }
++
+ return 0;
+ }
+
+-int qdev_walk_children(DeviceState *dev, qdev_walkerfn *devfn,
+- qbus_walkerfn *busfn, void *opaque)
++int qdev_walk_children(DeviceState *dev,
++ qdev_walkerfn *pre_devfn, qbus_walkerfn *pre_busfn,
++ qdev_walkerfn *post_devfn, qbus_walkerfn *post_busfn,
++ void *opaque)
+ {
+ BusState *bus;
+ int err;
+
+- if (devfn) {
+- err = devfn(dev, opaque);
++ if (pre_devfn) {
++ err = pre_devfn(dev, opaque);
+ if (err) {
+ return err;
+ }
+ }
+
+ QLIST_FOREACH(bus, &dev->child_bus, sibling) {
+- err = qbus_walk_children(bus, devfn, busfn, opaque);
++ err = qbus_walk_children(bus, pre_devfn, pre_busfn,
++ post_devfn, post_busfn, opaque);
+ if (err < 0) {
+ return err;
+ }
+ }
+
++ if (post_devfn) {
++ err = post_devfn(dev, opaque);
++ if (err) {
++ return err;
++ }
++ }
++
+ return 0;
+ }
+
+diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
+index 46972f4..c6c9b14 100644
+--- a/include/hw/qdev-core.h
++++ b/include/hw/qdev-core.h
+@@ -270,10 +270,15 @@ BusState *qbus_create(const char *typename, DeviceState *parent, const char *nam
+ /* Returns > 0 if either devfn or busfn skip walk somewhere in cursion,
+ * < 0 if either devfn or busfn terminate walk somewhere in cursion,
+ * 0 otherwise. */
+-int qbus_walk_children(BusState *bus, qdev_walkerfn *devfn,
+- qbus_walkerfn *busfn, void *opaque);
+-int qdev_walk_children(DeviceState *dev, qdev_walkerfn *devfn,
+- qbus_walkerfn *busfn, void *opaque);
++int qbus_walk_children(BusState *bus,
++ qdev_walkerfn *pre_devfn, qbus_walkerfn *pre_busfn,
++ qdev_walkerfn *post_devfn, qbus_walkerfn *post_busfn,
++ void *opaque);
++int qdev_walk_children(DeviceState *dev,
++ qdev_walkerfn *pre_devfn, qbus_walkerfn *pre_busfn,
++ qdev_walkerfn *post_devfn, qbus_walkerfn *post_busfn,
++ void *opaque);
++
+ void qdev_reset_all(DeviceState *dev);
+
+ /**
diff --git a/0004-rdma-silly-ipv6-bugfix.patch b/0004-rdma-silly-ipv6-bugfix.patch
deleted file mode 100644
index 6ee6865..0000000
--- a/0004-rdma-silly-ipv6-bugfix.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 260790645e95891cb264c2d657648f43401ac915 Mon Sep 17 00:00:00 2001
-From: "Michael R. Hines" <mrhines@us.ibm.com>
-Date: Sun, 18 Aug 2013 22:27:08 -0400
-Subject: [PATCH] rdma: silly ipv6 bugfix
-
-My bad - but it's very important for us to warn the user that
-IPv6 is broken on RoCE in linux right now, until linux releases
-a fixed version.
-
-Signed-off-by: Michael R. Hines <mrhines@us.ibm.com>
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-(cherry picked from commit c89aa2f1851b08c3efa8a1070c0a6b9a36e1227f)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- migration-rdma.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/migration-rdma.c b/migration-rdma.c
-index 3d1266f..f5e75d6 100644
---- a/migration-rdma.c
-+++ b/migration-rdma.c
-@@ -920,9 +920,11 @@ static int qemu_rdma_resolve_host(RDMAContext *rdma, Error **errp)
- ret = rdma_resolve_addr(rdma->cm_id, NULL, e->ai_dst_addr,
- RDMA_RESOLVE_TIMEOUT_MS);
- if (!ret) {
-- ret = qemu_rdma_broken_ipv6_kernel(errp, rdma->cm_id->verbs);
-- if (ret) {
-- continue;
-+ if (e->ai_family == AF_INET6) {
-+ ret = qemu_rdma_broken_ipv6_kernel(errp, rdma->cm_id->verbs);
-+ if (ret) {
-+ continue;
-+ }
- }
- goto route;
- }
diff --git a/0005-qdev-switch-reset-to-post-order.patch b/0005-qdev-switch-reset-to-post-order.patch
new file mode 100644
index 0000000..2f533e5
--- /dev/null
+++ b/0005-qdev-switch-reset-to-post-order.patch
@@ -0,0 +1,143 @@
+From 41a2077cea8ce006dbef885bcb0778af05a0b159 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 2 May 2013 11:38:39 +0200
+Subject: [PATCH] qdev: switch reset to post-order
+
+Post-order is the only sensible direction for the reset signals.
+For example, suppose pre-order is used and the parent has some data
+structures that cache children state (for example a list of active
+requests). When the reset method is invoked on the parent, these caches
+could be in any state.
+
+If post-order is used, on the other hand, these will be in a known state
+when the reset method is invoked on the parent.
+
+This change means that it is no longer possible to block the visit of
+the devices, so the callback is changed to return void. This is not
+a problem, because PCI was returning 1 exactly in order to achieve the
+same ordering that this patch implements.
+
+PCI can then rely on the qdev core having sent a "reset signal"
+(whatever that means) to the device, and only do the PCI-specific
+initialization with the new function pci_do_device_reset, extracted
+from pci_device_reset. There is no change in the operation of FLR,
+which used and still uses pci_device_reset.
+
+Tested-by: Claudio Bley <cbley@av-test.de>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/core/qdev.c | 6 +++---
+ hw/pci/pci.c | 31 ++++++++++++++++---------------
+ include/hw/qdev-core.h | 2 +-
+ 3 files changed, 20 insertions(+), 19 deletions(-)
+
+diff --git a/hw/core/qdev.c b/hw/core/qdev.c
+index 842804f..87d7e1e 100644
+--- a/hw/core/qdev.c
++++ b/hw/core/qdev.c
+@@ -233,19 +233,19 @@ static int qbus_reset_one(BusState *bus, void *opaque)
+ {
+ BusClass *bc = BUS_GET_CLASS(bus);
+ if (bc->reset) {
+- return bc->reset(bus);
++ bc->reset(bus);
+ }
+ return 0;
+ }
+
+ void qdev_reset_all(DeviceState *dev)
+ {
+- qdev_walk_children(dev, qdev_reset_one, qbus_reset_one, NULL, NULL, NULL);
++ qdev_walk_children(dev, NULL, NULL, qdev_reset_one, qbus_reset_one, NULL);
+ }
+
+ void qbus_reset_all(BusState *bus)
+ {
+- qbus_walk_children(bus, qdev_reset_one, qbus_reset_one, NULL, NULL, NULL);
++ qbus_walk_children(bus, NULL, NULL, qdev_reset_one, qbus_reset_one, NULL);
+ }
+
+ void qbus_reset_all_fn(void *opaque)
+diff --git a/hw/pci/pci.c b/hw/pci/pci.c
+index 0389375..bbca696 100644
+--- a/hw/pci/pci.c
++++ b/hw/pci/pci.c
+@@ -46,7 +46,7 @@
+ static void pcibus_dev_print(Monitor *mon, DeviceState *dev, int indent);
+ static char *pcibus_get_dev_path(DeviceState *dev);
+ static char *pcibus_get_fw_dev_path(DeviceState *dev);
+-static int pcibus_reset(BusState *qbus);
++static void pcibus_reset(BusState *qbus);
+
+ static Property pci_props[] = {
+ DEFINE_PROP_PCI_DEVFN("addr", PCIDevice, devfn, -1),
+@@ -165,16 +165,10 @@ void pci_device_deassert_intx(PCIDevice *dev)
+ }
+ }
+
+-/*
+- * This function is called on #RST and FLR.
+- * FLR if PCI_EXP_DEVCTL_BCR_FLR is set
+- */
+-void pci_device_reset(PCIDevice *dev)
++static void pci_do_device_reset(PCIDevice *dev)
+ {
+ int r;
+
+- qdev_reset_all(&dev->qdev);
+-
+ dev->irq_state = 0;
+ pci_update_irq_status(dev);
+ pci_device_deassert_intx(dev);
+@@ -207,10 +201,21 @@ void pci_device_reset(PCIDevice *dev)
+ }
+
+ /*
++ * This function is called on #RST and FLR.
++ * FLR if PCI_EXP_DEVCTL_BCR_FLR is set
++ */
++void pci_device_reset(PCIDevice *dev)
++{
++ qdev_reset_all(&dev->qdev);
++ pci_do_device_reset(dev);
++}
++
++/*
+ * Trigger pci bus reset under a given bus.
+- * To be called on RST# assert.
++ * Called via qbus_reset_all on RST# assert, after the devices
++ * have been reset qdev_reset_all-ed already.
+ */
+-static int pcibus_reset(BusState *qbus)
++static void pcibus_reset(BusState *qbus)
+ {
+ PCIBus *bus = DO_UPCAST(PCIBus, qbus, qbus);
+ int i;
+@@ -220,13 +225,9 @@ static int pcibus_reset(BusState *qbus)
+ }
+ for (i = 0; i < ARRAY_SIZE(bus->devices); ++i) {
+ if (bus->devices[i]) {
+- pci_device_reset(bus->devices[i]);
++ pci_do_device_reset(bus->devices[i]);
+ }
+ }
+-
+- /* topology traverse is done by pci_bus_reset().
+- Tell qbus/qdev walker not to traverse the tree */
+- return 1;
+ }
+
+ static void pci_host_bus_register(PCIBus *bus, DeviceState *parent)
+diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
+index c6c9b14..89dcbad 100644
+--- a/include/hw/qdev-core.h
++++ b/include/hw/qdev-core.h
+@@ -174,7 +174,7 @@ struct BusClass {
+ * bindings can be found at http://playground.sun.com/1275/bindings/.
+ */
+ char *(*get_fw_dev_path)(DeviceState *dev);
+- int (*reset)(BusState *bus);
++ void (*reset)(BusState *bus);
+ /* maximum devices allowed on the bus, 0: no limit. */
+ int max_dev;
+ };
diff --git a/0005-scripts-qapi.py-Avoid-syntax-not-supported-by-Python.patch b/0005-scripts-qapi.py-Avoid-syntax-not-supported-by-Python.patch
deleted file mode 100644
index 292328e..0000000
--- a/0005-scripts-qapi.py-Avoid-syntax-not-supported-by-Python.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From d6dcfd69f8b2aa2cad79486bbadef7d51f7f4e7d Mon Sep 17 00:00:00 2001
-From: Peter Maydell <peter.maydell@linaro.org>
-Date: Tue, 20 Aug 2013 15:50:15 +0100
-Subject: [PATCH] scripts/qapi.py: Avoid syntax not supported by Python 2.4
-
-The Python "except Foo as x" syntax was only introduced in
-Python 2.6, but we aim to support Python 2.4 and later.
-Use the old-style "except Foo, x" syntax instead, thus
-fixing configure/compile on systems with older Python.
-
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
-(cherry picked from commit 21e0043bada1a24ae2ba6cd0051e104c0cbf9634)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- scripts/qapi.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/scripts/qapi.py b/scripts/qapi.py
-index 0ebea94..1069310 100644
---- a/scripts/qapi.py
-+++ b/scripts/qapi.py
-@@ -161,7 +161,7 @@ class QAPISchema:
- def parse_schema(fp):
- try:
- schema = QAPISchema(fp)
-- except QAPISchemaError as e:
-+ except QAPISchemaError, e:
- print >>sys.stderr, e
- exit(1)
-
diff --git a/0006-usb-dev-hid-Modified-usb-tablet-category-from-Misc-t.patch b/0006-usb-dev-hid-Modified-usb-tablet-category-from-Misc-t.patch
deleted file mode 100644
index ed4a84b..0000000
--- a/0006-usb-dev-hid-Modified-usb-tablet-category-from-Misc-t.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 11b0ab70a58e3e6c06dc1fd1ea318b1c5806d955 Mon Sep 17 00:00:00 2001
-From: Marcel Apfelbaum <marcel.a@redhat.com>
-Date: Thu, 22 Aug 2013 20:11:36 +0300
-Subject: [PATCH] usb/dev-hid: Modified usb-tablet category from Misc to Input
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-usb-tablet device was wrongly assigned to Misc category
-
-Reported-by: Markus Armbruster <armbru@redhat.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Marcel Apfelbaum <marcel.a@redhat.com>
-Reviewed-by: Andreas Färber <afaerber@suse.de>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit 31efd2e883018b4c079ad082105bc161fbb3fef8)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/usb/dev-hid.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/usb/dev-hid.c b/hw/usb/dev-hid.c
-index 66c6331..5956720 100644
---- a/hw/usb/dev-hid.c
-+++ b/hw/usb/dev-hid.c
-@@ -658,7 +658,7 @@ static void usb_tablet_class_initfn(ObjectClass *klass, void *data)
- uc->product_desc = "QEMU USB Tablet";
- dc->vmsd = &vmstate_usb_ptr;
- dc->props = usb_tablet_properties;
-- set_bit(DEVICE_CATEGORY_MISC, dc->categories);
-+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
- }
-
- static const TypeInfo usb_tablet_info = {
diff --git a/0006-virtio-bus-remove-vdev-field.patch b/0006-virtio-bus-remove-vdev-field.patch
new file mode 100644
index 0000000..617326f
--- /dev/null
+++ b/0006-virtio-bus-remove-vdev-field.patch
@@ -0,0 +1,251 @@
+From ed35f9edcc420b4f8c1f909bc7cfb002a54f437b Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 20 Sep 2013 16:57:50 +0200
+Subject: [PATCH] virtio-bus: remove vdev field
+
+The vdev field is complicated to synchronize. Just access the
+BusState's list of children.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/virtio/virtio-bus.c | 67 ++++++++++++++++++++++++------------------
+ hw/virtio/virtio-mmio.c | 9 +++---
+ hw/virtio/virtio-pci.c | 2 +-
+ include/hw/virtio/virtio-bus.h | 16 +++++++---
+ 4 files changed, 57 insertions(+), 37 deletions(-)
+
+diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c
+index 6849a01..669ce38 100644
+--- a/hw/virtio/virtio-bus.c
++++ b/hw/virtio/virtio-bus.c
+@@ -46,8 +46,6 @@ int virtio_bus_plug_device(VirtIODevice *vdev)
+ VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);
+ DPRINTF("%s: plug device.\n", qbus->name);
+
+- bus->vdev = vdev;
+-
+ if (klass->device_plugged != NULL) {
+ klass->device_plugged(qbus->parent);
+ }
+@@ -58,75 +56,84 @@ int virtio_bus_plug_device(VirtIODevice *vdev)
+ /* Reset the virtio_bus */
+ void virtio_bus_reset(VirtioBusState *bus)
+ {
++ VirtIODevice *vdev = virtio_bus_get_device(bus);
++
+ DPRINTF("%s: reset device.\n", qbus->name);
+- if (bus->vdev != NULL) {
+- virtio_reset(bus->vdev);
++ if (vdev != NULL) {
++ virtio_reset(vdev);
+ }
+ }
+
+ /* Destroy the VirtIODevice */
+ void virtio_bus_destroy_device(VirtioBusState *bus)
+ {
+- DeviceState *qdev;
+ BusState *qbus = BUS(bus);
+ VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);
++ VirtIODevice *vdev = virtio_bus_get_device(bus);
++
+ DPRINTF("%s: remove device.\n", qbus->name);
+
+- if (bus->vdev != NULL) {
++ if (vdev != NULL) {
+ if (klass->device_unplug != NULL) {
+ klass->device_unplug(qbus->parent);
+ }
+- qdev = DEVICE(bus->vdev);
+- qdev_free(qdev);
+- bus->vdev = NULL;
++ qdev_free(DEVICE(vdev));
+ }
+ }
+
+ /* Get the device id of the plugged device. */
+ uint16_t virtio_bus_get_vdev_id(VirtioBusState *bus)
+ {
+- assert(bus->vdev != NULL);
+- return bus->vdev->device_id;
++ VirtIODevice *vdev = virtio_bus_get_device(bus);
++ assert(vdev != NULL);
++ return vdev->device_id;
+ }
+
+ /* Get the config_len field of the plugged device. */
+ size_t virtio_bus_get_vdev_config_len(VirtioBusState *bus)
+ {
+- assert(bus->vdev != NULL);
+- return bus->vdev->config_len;
++ VirtIODevice *vdev = virtio_bus_get_device(bus);
++ assert(vdev != NULL);
++ return vdev->config_len;
+ }
+
+ /* Get the features of the plugged device. */
+ uint32_t virtio_bus_get_vdev_features(VirtioBusState *bus,
+ uint32_t requested_features)
+ {
++ VirtIODevice *vdev = virtio_bus_get_device(bus);
+ VirtioDeviceClass *k;
+- assert(bus->vdev != NULL);
+- k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
++
++ assert(vdev != NULL);
++ k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ assert(k->get_features != NULL);
+- return k->get_features(bus->vdev, requested_features);
++ return k->get_features(vdev, requested_features);
+ }
+
+ /* Set the features of the plugged device. */
+ void virtio_bus_set_vdev_features(VirtioBusState *bus,
+ uint32_t requested_features)
+ {
++ VirtIODevice *vdev = virtio_bus_get_device(bus);
+ VirtioDeviceClass *k;
+- assert(bus->vdev != NULL);
+- k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
++
++ assert(vdev != NULL);
++ k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ if (k->set_features != NULL) {
+- k->set_features(bus->vdev, requested_features);
++ k->set_features(vdev, requested_features);
+ }
+ }
+
+ /* Get bad features of the plugged device. */
+ uint32_t virtio_bus_get_vdev_bad_features(VirtioBusState *bus)
+ {
++ VirtIODevice *vdev = virtio_bus_get_device(bus);
+ VirtioDeviceClass *k;
+- assert(bus->vdev != NULL);
+- k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
++
++ assert(vdev != NULL);
++ k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ if (k->bad_features != NULL) {
+- return k->bad_features(bus->vdev);
++ return k->bad_features(vdev);
+ } else {
+ return 0;
+ }
+@@ -135,22 +142,26 @@ uint32_t virtio_bus_get_vdev_bad_features(VirtioBusState *bus)
+ /* Get config of the plugged device. */
+ void virtio_bus_get_vdev_config(VirtioBusState *bus, uint8_t *config)
+ {
++ VirtIODevice *vdev = virtio_bus_get_device(bus);
+ VirtioDeviceClass *k;
+- assert(bus->vdev != NULL);
+- k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
++
++ assert(vdev != NULL);
++ k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ if (k->get_config != NULL) {
+- k->get_config(bus->vdev, config);
++ k->get_config(vdev, config);
+ }
+ }
+
+ /* Set config of the plugged device. */
+ void virtio_bus_set_vdev_config(VirtioBusState *bus, uint8_t *config)
+ {
++ VirtIODevice *vdev = virtio_bus_get_device(bus);
+ VirtioDeviceClass *k;
+- assert(bus->vdev != NULL);
+- k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
++
++ assert(vdev != NULL);
++ k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ if (k->set_config != NULL) {
+- k->set_config(bus->vdev, config);
++ k->set_config(vdev, config);
+ }
+ }
+
+diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c
+index 4bd2953..8f7b764 100644
+--- a/hw/virtio/virtio-mmio.c
++++ b/hw/virtio/virtio-mmio.c
+@@ -94,7 +94,7 @@ static void virtio_mmio_bus_new(VirtioBusState *bus, VirtIOMMIOProxy *dev);
+ static uint64_t virtio_mmio_read(void *opaque, hwaddr offset, unsigned size)
+ {
+ VirtIOMMIOProxy *proxy = (VirtIOMMIOProxy *)opaque;
+- VirtIODevice *vdev = proxy->bus.vdev;
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+
+ DPRINTF("virtio_mmio_read offset 0x%x\n", (int)offset);
+
+@@ -184,7 +184,7 @@ static void virtio_mmio_write(void *opaque, hwaddr offset, uint64_t value,
+ unsigned size)
+ {
+ VirtIOMMIOProxy *proxy = (VirtIOMMIOProxy *)opaque;
+- VirtIODevice *vdev = proxy->bus.vdev;
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+
+ DPRINTF("virtio_mmio_write offset 0x%x value 0x%" PRIx64 "\n",
+ (int)offset, value);
+@@ -297,12 +297,13 @@ static const MemoryRegionOps virtio_mem_ops = {
+ static void virtio_mmio_update_irq(DeviceState *opaque, uint16_t vector)
+ {
+ VirtIOMMIOProxy *proxy = VIRTIO_MMIO(opaque);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ int level;
+
+- if (!proxy->bus.vdev) {
++ if (!vdev) {
+ return;
+ }
+- level = (proxy->bus.vdev->isr != 0);
++ level = (vdev->isr != 0);
+ DPRINTF("virtio_mmio setting IRQ %d\n", level);
+ qemu_set_irq(proxy->irq, level);
+ }
+diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
+index 41b96ce..55617a6 100644
+--- a/hw/virtio/virtio-pci.c
++++ b/hw/virtio/virtio-pci.c
+@@ -942,7 +942,7 @@ static void virtio_pci_device_plugged(DeviceState *d)
+ uint8_t *config;
+ uint32_t size;
+
+- proxy->vdev = bus->vdev;
++ proxy->vdev = virtio_bus_get_device(bus);
+
+ config = proxy->pci_dev.config;
+ if (proxy->class_code) {
+diff --git a/include/hw/virtio/virtio-bus.h b/include/hw/virtio/virtio-bus.h
+index 9217f85..ba0f86a 100644
+--- a/include/hw/virtio/virtio-bus.h
++++ b/include/hw/virtio/virtio-bus.h
+@@ -72,10 +72,6 @@ typedef struct VirtioBusClass {
+
+ struct VirtioBusState {
+ BusState parent_obj;
+- /*
+- * Only one VirtIODevice can be plugged on the bus.
+- */
+- VirtIODevice *vdev;
+ };
+
+ int virtio_bus_plug_device(VirtIODevice *vdev);
+@@ -98,4 +94,16 @@ void virtio_bus_get_vdev_config(VirtioBusState *bus, uint8_t *config);
+ /* Set config of the plugged device. */
+ void virtio_bus_set_vdev_config(VirtioBusState *bus, uint8_t *config);
+
++static inline VirtIODevice *virtio_bus_get_device(VirtioBusState *bus)
++{
++ BusState *qbus = &bus->parent_obj;
++ BusChild *kid = QTAILQ_FIRST(&qbus->children);
++ DeviceState *qdev = kid ? kid->child : NULL;
++
++ /* This is used on the data path, the cast is guaranteed
++ * to succeed by the qdev machinery.
++ */
++ return (VirtIODevice *)qdev;
++}
++
+ #endif /* VIRTIO_BUS_H */
diff --git a/0007-scsi-Fix-scsi_bus_legacy_add_drive-scsi-generic-with.patch b/0007-scsi-Fix-scsi_bus_legacy_add_drive-scsi-generic-with.patch
deleted file mode 100644
index 868951b..0000000
--- a/0007-scsi-Fix-scsi_bus_legacy_add_drive-scsi-generic-with.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 964e0d4ec52ea7400ccc69de69b05ac913bbfff8 Mon Sep 17 00:00:00 2001
-From: Markus Armbruster <armbru@redhat.com>
-Date: Fri, 23 Aug 2013 18:01:58 +0200
-Subject: [PATCH] scsi: Fix scsi_bus_legacy_add_drive() scsi-generic with
- serial
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-scsi_bus_legacy_add_drive() creates either a scsi-disk or a
-scsi-generic device. It sets property "serial" to argument serial
-unless null. Crashes with scsi-generic, because it doesn't have such
-the property.
-
-Only usb_msd_initfn_storage() passes non-null serial. Reproducer:
-
- $ qemu-system-x86_64 -nodefaults -display none -S -usb \
- -drive if=none,file=/dev/sg1,id=usb-drv0 \
- -device usb-storage,id=usb-msd0,drive=usb-drv0,serial=123
- qemu-system-x86_64: -device usb-storage,id=usb-msd0,drive=usb-drv0,serial=123: Property '.serial' not found
- Aborted (core dumped)
-
-Fix by handling exactly like "removable": set the property only when
-it exists.
-
-Cc: qemu-stable@nongnu.org
-Reviewed-by: Andreas Färber <afaerber@suse.de>
-Signed-off-by: Markus Armbruster <armbru@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit c24e7517ee4a98e90eee5f0f07708a1fa12326b3)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/scsi/scsi-bus.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
-index fbf9173..8fe4f4c 100644
---- a/hw/scsi/scsi-bus.c
-+++ b/hw/scsi/scsi-bus.c
-@@ -224,7 +224,7 @@ SCSIDevice *scsi_bus_legacy_add_drive(SCSIBus *bus, BlockDriverState *bdrv,
- if (object_property_find(OBJECT(dev), "removable", NULL)) {
- qdev_prop_set_bit(dev, "removable", removable);
- }
-- if (serial) {
-+ if (serial && object_property_find(OBJECT(dev), "serial", NULL)) {
- qdev_prop_set_string(dev, "serial", serial);
- }
- if (qdev_prop_set_drive(dev, "drive", bdrv) < 0) {
diff --git a/0007-virtio-pci-remove-vdev-field.patch b/0007-virtio-pci-remove-vdev-field.patch
new file mode 100644
index 0000000..f8000e7
--- /dev/null
+++ b/0007-virtio-pci-remove-vdev-field.patch
@@ -0,0 +1,447 @@
+From 1d388b4fda2c4c9d00dc6ae91aaf35eb9fc04c26 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 20 Sep 2013 16:57:51 +0200
+Subject: [PATCH] virtio-pci: remove vdev field
+
+The vdev field is complicated to synchronize. Just access the
+BusState's list of children.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/s390x/virtio-ccw.h | 1 -
+ hw/virtio/virtio-pci.c | 107 +++++++++++++++++++++++++++++--------------------
+ hw/virtio/virtio-pci.h | 1 -
+ 3 files changed, 63 insertions(+), 46 deletions(-)
+
+diff --git a/hw/s390x/virtio-ccw.h b/hw/s390x/virtio-ccw.h
+index 96d6f5d..00932c7 100644
+--- a/hw/s390x/virtio-ccw.h
++++ b/hw/s390x/virtio-ccw.h
+@@ -77,7 +77,6 @@ typedef struct VirtIOCCWDeviceClass {
+ struct VirtioCcwDevice {
+ DeviceState parent_obj;
+ SubchDev *sch;
+- VirtIODevice *vdev;
+ char *bus_id;
+ uint32_t host_features[VIRTIO_CCW_FEATURE_SIZE];
+ VirtioBusState bus;
+diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
+index 55617a6..6fd6d6d 100644
+--- a/hw/virtio/virtio-pci.c
++++ b/hw/virtio/virtio-pci.c
+@@ -112,31 +112,39 @@ static inline VirtIOPCIProxy *to_virtio_pci_proxy_fast(DeviceState *d)
+ static void virtio_pci_notify(DeviceState *d, uint16_t vector)
+ {
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy_fast(d);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
++
+ if (msix_enabled(&proxy->pci_dev))
+ msix_notify(&proxy->pci_dev, vector);
+ else
+- qemu_set_irq(proxy->pci_dev.irq[0], proxy->vdev->isr & 1);
++ qemu_set_irq(proxy->pci_dev.irq[0], vdev->isr & 1);
+ }
+
+ static void virtio_pci_save_config(DeviceState *d, QEMUFile *f)
+ {
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
++
+ pci_device_save(&proxy->pci_dev, f);
+ msix_save(&proxy->pci_dev, f);
+ if (msix_present(&proxy->pci_dev))
+- qemu_put_be16(f, proxy->vdev->config_vector);
++ qemu_put_be16(f, vdev->config_vector);
+ }
+
+ static void virtio_pci_save_queue(DeviceState *d, int n, QEMUFile *f)
+ {
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
++
+ if (msix_present(&proxy->pci_dev))
+- qemu_put_be16(f, virtio_queue_vector(proxy->vdev, n));
++ qemu_put_be16(f, virtio_queue_vector(vdev, n));
+ }
+
+ static int virtio_pci_load_config(DeviceState *d, QEMUFile *f)
+ {
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
++
+ int ret;
+ ret = pci_device_load(&proxy->pci_dev, f);
+ if (ret) {
+@@ -145,12 +153,12 @@ static int virtio_pci_load_config(DeviceState *d, QEMUFile *f)
+ msix_unuse_all_vectors(&proxy->pci_dev);
+ msix_load(&proxy->pci_dev, f);
+ if (msix_present(&proxy->pci_dev)) {
+- qemu_get_be16s(f, &proxy->vdev->config_vector);
++ qemu_get_be16s(f, &vdev->config_vector);
+ } else {
+- proxy->vdev->config_vector = VIRTIO_NO_VECTOR;
++ vdev->config_vector = VIRTIO_NO_VECTOR;
+ }
+- if (proxy->vdev->config_vector != VIRTIO_NO_VECTOR) {
+- return msix_vector_use(&proxy->pci_dev, proxy->vdev->config_vector);
++ if (vdev->config_vector != VIRTIO_NO_VECTOR) {
++ return msix_vector_use(&proxy->pci_dev, vdev->config_vector);
+ }
+ return 0;
+ }
+@@ -158,13 +166,15 @@ static int virtio_pci_load_config(DeviceState *d, QEMUFile *f)
+ static int virtio_pci_load_queue(DeviceState *d, int n, QEMUFile *f)
+ {
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
++
+ uint16_t vector;
+ if (msix_present(&proxy->pci_dev)) {
+ qemu_get_be16s(f, &vector);
+ } else {
+ vector = VIRTIO_NO_VECTOR;
+ }
+- virtio_queue_set_vector(proxy->vdev, n, vector);
++ virtio_queue_set_vector(vdev, n, vector);
+ if (vector != VIRTIO_NO_VECTOR) {
+ return msix_vector_use(&proxy->pci_dev, vector);
+ }
+@@ -174,7 +184,8 @@ static int virtio_pci_load_queue(DeviceState *d, int n, QEMUFile *f)
+ static int virtio_pci_set_host_notifier_internal(VirtIOPCIProxy *proxy,
+ int n, bool assign, bool set_handler)
+ {
+- VirtQueue *vq = virtio_get_queue(proxy->vdev, n);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
++ VirtQueue *vq = virtio_get_queue(vdev, n);
+ EventNotifier *notifier = virtio_queue_get_host_notifier(vq);
+ int r = 0;
+
+@@ -199,6 +210,7 @@ static int virtio_pci_set_host_notifier_internal(VirtIOPCIProxy *proxy,
+
+ static void virtio_pci_start_ioeventfd(VirtIOPCIProxy *proxy)
+ {
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ int n, r;
+
+ if (!(proxy->flags & VIRTIO_PCI_FLAG_USE_IOEVENTFD) ||
+@@ -208,7 +220,7 @@ static void virtio_pci_start_ioeventfd(VirtIOPCIProxy *proxy)
+ }
+
+ for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
+- if (!virtio_queue_get_num(proxy->vdev, n)) {
++ if (!virtio_queue_get_num(vdev, n)) {
+ continue;
+ }
+
+@@ -222,7 +234,7 @@ static void virtio_pci_start_ioeventfd(VirtIOPCIProxy *proxy)
+
+ assign_error:
+ while (--n >= 0) {
+- if (!virtio_queue_get_num(proxy->vdev, n)) {
++ if (!virtio_queue_get_num(vdev, n)) {
+ continue;
+ }
+
+@@ -235,6 +247,7 @@ assign_error:
+
+ static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy)
+ {
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ int r;
+ int n;
+
+@@ -243,7 +256,7 @@ static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy)
+ }
+
+ for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
+- if (!virtio_queue_get_num(proxy->vdev, n)) {
++ if (!virtio_queue_get_num(vdev, n)) {
+ continue;
+ }
+
+@@ -256,7 +269,7 @@ static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy)
+ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
+ {
+ VirtIOPCIProxy *proxy = opaque;
+- VirtIODevice *vdev = proxy->vdev;
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ hwaddr pa;
+
+ switch (addr) {
+@@ -271,7 +284,7 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
+ pa = (hwaddr)val << VIRTIO_PCI_QUEUE_ADDR_SHIFT;
+ if (pa == 0) {
+ virtio_pci_stop_ioeventfd(proxy);
+- virtio_reset(proxy->vdev);
++ virtio_reset(vdev);
+ msix_unuse_all_vectors(&proxy->pci_dev);
+ }
+ else
+@@ -298,7 +311,7 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
+ }
+
+ if (vdev->status == 0) {
+- virtio_reset(proxy->vdev);
++ virtio_reset(vdev);
+ msix_unuse_all_vectors(&proxy->pci_dev);
+ }
+
+@@ -334,7 +347,7 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
+
+ static uint32_t virtio_ioport_read(VirtIOPCIProxy *proxy, uint32_t addr)
+ {
+- VirtIODevice *vdev = proxy->vdev;
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ uint32_t ret = 0xFFFFFFFF;
+
+ switch (addr) {
+@@ -380,6 +393,7 @@ static uint64_t virtio_pci_config_read(void *opaque, hwaddr addr,
+ unsigned size)
+ {
+ VirtIOPCIProxy *proxy = opaque;
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
+ uint64_t val = 0;
+ if (addr < config) {
+@@ -389,16 +403,16 @@ static uint64_t virtio_pci_config_read(void *opaque, hwaddr addr,
+
+ switch (size) {
+ case 1:
+- val = virtio_config_readb(proxy->vdev, addr);
++ val = virtio_config_readb(vdev, addr);
+ break;
+ case 2:
+- val = virtio_config_readw(proxy->vdev, addr);
++ val = virtio_config_readw(vdev, addr);
+ if (virtio_is_big_endian()) {
+ val = bswap16(val);
+ }
+ break;
+ case 4:
+- val = virtio_config_readl(proxy->vdev, addr);
++ val = virtio_config_readl(vdev, addr);
+ if (virtio_is_big_endian()) {
+ val = bswap32(val);
+ }
+@@ -412,6 +426,7 @@ static void virtio_pci_config_write(void *opaque, hwaddr addr,
+ {
+ VirtIOPCIProxy *proxy = opaque;
+ uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ if (addr < config) {
+ virtio_ioport_write(proxy, addr, val);
+ return;
+@@ -423,19 +438,19 @@ static void virtio_pci_config_write(void *opaque, hwaddr addr,
+ */
+ switch (size) {
+ case 1:
+- virtio_config_writeb(proxy->vdev, addr, val);
++ virtio_config_writeb(vdev, addr, val);
+ break;
+ case 2:
+ if (virtio_is_big_endian()) {
+ val = bswap16(val);
+ }
+- virtio_config_writew(proxy->vdev, addr, val);
++ virtio_config_writew(vdev, addr, val);
+ break;
+ case 4:
+ if (virtio_is_big_endian()) {
+ val = bswap32(val);
+ }
+- virtio_config_writel(proxy->vdev, addr, val);
++ virtio_config_writel(vdev, addr, val);
+ break;
+ }
+ }
+@@ -454,6 +469,7 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address,
+ uint32_t val, int len)
+ {
+ VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+
+ pci_default_write_config(pci_dev, address, val, len);
+
+@@ -461,8 +477,7 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address,
+ !(pci_dev->config[PCI_COMMAND] & PCI_COMMAND_MASTER) &&
+ !(proxy->flags & VIRTIO_PCI_FLAG_BUS_MASTER_BUG)) {
+ virtio_pci_stop_ioeventfd(proxy);
+- virtio_set_status(proxy->vdev,
+- proxy->vdev->status & ~VIRTIO_CONFIG_S_DRIVER_OK);
++ virtio_set_status(vdev, vdev->status & ~VIRTIO_CONFIG_S_DRIVER_OK);
+ }
+ }
+
+@@ -505,7 +520,8 @@ static int kvm_virtio_pci_irqfd_use(VirtIOPCIProxy *proxy,
+ unsigned int vector)
+ {
+ VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
+- VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
++ VirtQueue *vq = virtio_get_queue(vdev, queue_no);
+ EventNotifier *n = virtio_queue_get_guest_notifier(vq);
+ int ret;
+ ret = kvm_irqchip_add_irqfd_notifier(kvm_state, n, irqfd->virq);
+@@ -516,7 +532,8 @@ static void kvm_virtio_pci_irqfd_release(VirtIOPCIProxy *proxy,
+ unsigned int queue_no,
+ unsigned int vector)
+ {
+- VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
++ VirtQueue *vq = virtio_get_queue(vdev, queue_no);
+ EventNotifier *n = virtio_queue_get_guest_notifier(vq);
+ VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
+ int ret;
+@@ -528,7 +545,7 @@ static void kvm_virtio_pci_irqfd_release(VirtIOPCIProxy *proxy,
+ static int kvm_virtio_pci_vector_use(VirtIOPCIProxy *proxy, int nvqs)
+ {
+ PCIDevice *dev = &proxy->pci_dev;
+- VirtIODevice *vdev = proxy->vdev;
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ unsigned int vector;
+ int ret, queue_no;
+@@ -577,7 +594,7 @@ undo:
+ static void kvm_virtio_pci_vector_release(VirtIOPCIProxy *proxy, int nvqs)
+ {
+ PCIDevice *dev = &proxy->pci_dev;
+- VirtIODevice *vdev = proxy->vdev;
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ unsigned int vector;
+ int queue_no;
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+@@ -605,8 +622,9 @@ static int virtio_pci_vq_vector_unmask(VirtIOPCIProxy *proxy,
+ unsigned int vector,
+ MSIMessage msg)
+ {
+- VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(proxy->vdev);
+- VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
++ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
++ VirtQueue *vq = virtio_get_queue(vdev, queue_no);
+ EventNotifier *n = virtio_queue_get_guest_notifier(vq);
+ VirtIOIRQFD *irqfd;
+ int ret = 0;
+@@ -625,10 +643,10 @@ static int virtio_pci_vq_vector_unmask(VirtIOPCIProxy *proxy,
+ * Otherwise, set it up now.
+ */
+ if (k->guest_notifier_mask) {
+- k->guest_notifier_mask(proxy->vdev, queue_no, false);
++ k->guest_notifier_mask(vdev, queue_no, false);
+ /* Test after unmasking to avoid losing events. */
+ if (k->guest_notifier_pending &&
+- k->guest_notifier_pending(proxy->vdev, queue_no)) {
++ k->guest_notifier_pending(vdev, queue_no)) {
+ event_notifier_set(n);
+ }
+ } else {
+@@ -641,13 +659,14 @@ static void virtio_pci_vq_vector_mask(VirtIOPCIProxy *proxy,
+ unsigned int queue_no,
+ unsigned int vector)
+ {
+- VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(proxy->vdev);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
++ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+
+ /* If guest supports masking, keep irqfd but mask it.
+ * Otherwise, clean it up now.
+ */
+ if (k->guest_notifier_mask) {
+- k->guest_notifier_mask(proxy->vdev, queue_no, true);
++ k->guest_notifier_mask(vdev, queue_no, true);
+ } else {
+ kvm_virtio_pci_irqfd_release(proxy, queue_no, vector);
+ }
+@@ -657,7 +676,7 @@ static int virtio_pci_vector_unmask(PCIDevice *dev, unsigned vector,
+ MSIMessage msg)
+ {
+ VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev);
+- VirtIODevice *vdev = proxy->vdev;
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ int ret, queue_no;
+
+ for (queue_no = 0; queue_no < proxy->nvqs_with_notifiers; queue_no++) {
+@@ -687,7 +706,7 @@ undo:
+ static void virtio_pci_vector_mask(PCIDevice *dev, unsigned vector)
+ {
+ VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev);
+- VirtIODevice *vdev = proxy->vdev;
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ int queue_no;
+
+ for (queue_no = 0; queue_no < proxy->nvqs_with_notifiers; queue_no++) {
+@@ -706,7 +725,7 @@ static void virtio_pci_vector_poll(PCIDevice *dev,
+ unsigned int vector_end)
+ {
+ VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev);
+- VirtIODevice *vdev = proxy->vdev;
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ int queue_no;
+ unsigned int vector;
+@@ -738,8 +757,9 @@ static int virtio_pci_set_guest_notifier(DeviceState *d, int n, bool assign,
+ bool with_irqfd)
+ {
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+- VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(proxy->vdev);
+- VirtQueue *vq = virtio_get_queue(proxy->vdev, n);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
++ VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);
++ VirtQueue *vq = virtio_get_queue(vdev, n);
+ EventNotifier *notifier = virtio_queue_get_guest_notifier(vq);
+
+ if (assign) {
+@@ -754,7 +774,7 @@ static int virtio_pci_set_guest_notifier(DeviceState *d, int n, bool assign,
+ }
+
+ if (!msix_enabled(&proxy->pci_dev) && vdc->guest_notifier_mask) {
+- vdc->guest_notifier_mask(proxy->vdev, n, !assign);
++ vdc->guest_notifier_mask(vdev, n, !assign);
+ }
+
+ return 0;
+@@ -769,7 +789,7 @@ static bool virtio_pci_query_guest_notifiers(DeviceState *d)
+ static int virtio_pci_set_guest_notifiers(DeviceState *d, int nvqs, bool assign)
+ {
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+- VirtIODevice *vdev = proxy->vdev;
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+ int r, n;
+ bool with_irqfd = msix_enabled(&proxy->pci_dev) &&
+@@ -863,11 +883,12 @@ static int virtio_pci_set_host_notifier(DeviceState *d, int n, bool assign)
+ static void virtio_pci_vmstate_change(DeviceState *d, bool running)
+ {
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
++ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
+
+ if (running) {
+ /* Try to find out if the guest has bus master disabled, but is
+ in ready state. Then we have a buggy guest OS. */
+- if ((proxy->vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
++ if ((vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
+ !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
+ proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
+ }
+@@ -942,8 +963,6 @@ static void virtio_pci_device_plugged(DeviceState *d)
+ uint8_t *config;
+ uint32_t size;
+
+- proxy->vdev = virtio_bus_get_device(bus);
+-
+ config = proxy->pci_dev.config;
+ if (proxy->class_code) {
+ pci_config_set_class(config, proxy->class_code);
+diff --git a/hw/virtio/virtio-pci.h b/hw/virtio/virtio-pci.h
+index 917bcc5..dc332ae 100644
+--- a/hw/virtio/virtio-pci.h
++++ b/hw/virtio/virtio-pci.h
+@@ -82,7 +82,6 @@ typedef struct VirtioPCIClass {
+
+ struct VirtIOPCIProxy {
+ PCIDevice pci_dev;
+- VirtIODevice *vdev;
+ MemoryRegion bar;
+ uint32_t flags;
+ uint32_t class_code;
diff --git a/0008-pc-fix-regression-for-64-bit-PCI-memory.patch b/0008-pc-fix-regression-for-64-bit-PCI-memory.patch
deleted file mode 100644
index c2a1152..0000000
--- a/0008-pc-fix-regression-for-64-bit-PCI-memory.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From a73c74f63aa8f977ece88c97280a03ea9b1ca395 Mon Sep 17 00:00:00 2001
-From: "Michael S. Tsirkin" <mst@redhat.com>
-Date: Tue, 27 Aug 2013 08:37:26 +0300
-Subject: [PATCH] pc: fix regression for 64 bit PCI memory
-
-commit 398489018183d613306ab022653552247d93919f
- pc: limit 64 bit hole to 2G by default
-introduced a way for management to control
-the window allocated to the 64 bit PCI hole.
-
-This is useful, but existing management tools do not know how to set
-this property. As a result, e.g. specifying a large ivshmem device with
-size > 4G is broken by default. For example this configuration no
-longer works:
-
--device ivshmem,size=4294967296,chardev=cfoo
--chardev socket,path=/tmp/sock,id=cfoo,server,nowait
-
-Fix this by detecting that hole size was not specified
-and defaulting to the backwards-compatible value of 1 << 62.
-
-Cc: qemu-stable@nongnu.org
-Cc: Igor Mammedov <imammedo@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 1466cef32dd5e7ef3c6477e96d85d92302ad02e3)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/pci-host/piix.c | 9 ++++++---
- hw/pci-host/q35.c | 8 +++++---
- include/hw/i386/pc.h | 11 ++++++++++-
- 3 files changed, 21 insertions(+), 7 deletions(-)
-
-diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
-index dc1718f..221d82b 100644
---- a/hw/pci-host/piix.c
-+++ b/hw/pci-host/piix.c
-@@ -320,6 +320,7 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state,
- PCII440FXState *f;
- unsigned i;
- I440FXState *i440fx;
-+ uint64_t pci_hole64_size;
-
- dev = qdev_create(NULL, TYPE_I440FX_PCI_HOST_BRIDGE);
- s = PCI_HOST_BRIDGE(dev);
-@@ -351,13 +352,15 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state,
- pci_hole_start, pci_hole_size);
- memory_region_add_subregion(f->system_memory, pci_hole_start, &f->pci_hole);
-
-+ pci_hole64_size = pci_host_get_hole64_size(i440fx->pci_hole64_size);
-+
- pc_init_pci64_hole(&i440fx->pci_info, 0x100000000ULL + above_4g_mem_size,
-- i440fx->pci_hole64_size);
-+ pci_hole64_size);
- memory_region_init_alias(&f->pci_hole_64bit, OBJECT(d), "pci-hole64",
- f->pci_address_space,
- i440fx->pci_info.w64.begin,
-- i440fx->pci_hole64_size);
-- if (i440fx->pci_hole64_size) {
-+ pci_hole64_size);
-+ if (pci_hole64_size) {
- memory_region_add_subregion(f->system_memory,
- i440fx->pci_info.w64.begin,
- &f->pci_hole_64bit);
-diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
-index 12314d8..4febd24 100644
---- a/hw/pci-host/q35.c
-+++ b/hw/pci-host/q35.c
-@@ -320,6 +320,7 @@ static int mch_init(PCIDevice *d)
- {
- int i;
- MCHPCIState *mch = MCH_PCI_DEVICE(d);
-+ uint64_t pci_hole64_size;
-
- /* setup pci memory regions */
- memory_region_init_alias(&mch->pci_hole, OBJECT(mch), "pci-hole",
-@@ -329,13 +330,14 @@ static int mch_init(PCIDevice *d)
- memory_region_add_subregion(mch->system_memory, mch->below_4g_mem_size,
- &mch->pci_hole);
-
-+ pci_hole64_size = pci_host_get_hole64_size(mch->pci_hole64_size);
- pc_init_pci64_hole(&mch->pci_info, 0x100000000ULL + mch->above_4g_mem_size,
-- mch->pci_hole64_size);
-+ pci_hole64_size);
- memory_region_init_alias(&mch->pci_hole_64bit, OBJECT(mch), "pci-hole64",
- mch->pci_address_space,
- mch->pci_info.w64.begin,
-- mch->pci_hole64_size);
-- if (mch->pci_hole64_size) {
-+ pci_hole64_size);
-+ if (pci_hole64_size) {
- memory_region_add_subregion(mch->system_memory,
- mch->pci_info.w64.begin,
- &mch->pci_hole_64bit);
-diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
-index f79d478..475ba9e 100644
---- a/include/hw/i386/pc.h
-+++ b/include/hw/i386/pc.h
-@@ -106,7 +106,16 @@ PcGuestInfo *pc_guest_info_init(ram_addr_t below_4g_mem_size,
- #define PCI_HOST_PROP_PCI_HOLE64_START "pci-hole64-start"
- #define PCI_HOST_PROP_PCI_HOLE64_END "pci-hole64-end"
- #define PCI_HOST_PROP_PCI_HOLE64_SIZE "pci-hole64-size"
--#define DEFAULT_PCI_HOLE64_SIZE (1ULL << 31)
-+#define DEFAULT_PCI_HOLE64_SIZE (~0x0ULL)
-+
-+static inline uint64_t pci_host_get_hole64_size(uint64_t pci_hole64_size)
-+{
-+ if (pci_hole64_size == DEFAULT_PCI_HOLE64_SIZE) {
-+ return 1ULL << 62;
-+ } else {
-+ return pci_hole64_size;
-+ }
-+}
-
- void pc_init_pci64_hole(PcPciInfo *pci_info, uint64_t pci_hole64_start,
- uint64_t pci_hole64_size);
diff --git a/0008-virtio-ccw-remove-vdev-field.patch b/0008-virtio-ccw-remove-vdev-field.patch
new file mode 100644
index 0000000..d0c8d62
--- /dev/null
+++ b/0008-virtio-ccw-remove-vdev-field.patch
@@ -0,0 +1,293 @@
+From a9b1f1aeba8167ae90aecea9b8ca223faf33ae90 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 20 Sep 2013 16:57:52 +0200
+Subject: [PATCH] virtio-ccw: remove vdev field
+
+The vdev field is complicated to synchronize. Just access the
+BusState's list of children.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/s390x/virtio-ccw.c | 80 ++++++++++++++++++++++++++++-----------------------
+ 1 file changed, 44 insertions(+), 36 deletions(-)
+
+diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
+index 8835bd4..0fc7387 100644
+--- a/hw/s390x/virtio-ccw.c
++++ b/hw/s390x/virtio-ccw.c
+@@ -56,9 +56,10 @@ static const TypeInfo virtual_css_bus_info = {
+ VirtIODevice *virtio_ccw_get_vdev(SubchDev *sch)
+ {
+ VirtIODevice *vdev = NULL;
++ VirtioCcwDevice *dev = sch->driver_data;
+
+- if (sch->driver_data) {
+- vdev = ((VirtioCcwDevice *)sch->driver_data)->vdev;
++ if (dev) {
++ vdev = virtio_bus_get_device(&dev->bus);
+ }
+ return vdev;
+ }
+@@ -66,7 +67,8 @@ VirtIODevice *virtio_ccw_get_vdev(SubchDev *sch)
+ static int virtio_ccw_set_guest2host_notifier(VirtioCcwDevice *dev, int n,
+ bool assign, bool set_handler)
+ {
+- VirtQueue *vq = virtio_get_queue(dev->vdev, n);
++ VirtIODevice *vdev = virtio_bus_get_device(&dev->bus);
++ VirtQueue *vq = virtio_get_queue(vdev, n);
+ EventNotifier *notifier = virtio_queue_get_host_notifier(vq);
+ int r = 0;
+ SubchDev *sch = dev->sch;
+@@ -96,6 +98,7 @@ static int virtio_ccw_set_guest2host_notifier(VirtioCcwDevice *dev, int n,
+
+ static void virtio_ccw_start_ioeventfd(VirtioCcwDevice *dev)
+ {
++ VirtIODevice *vdev;
+ int n, r;
+
+ if (!(dev->flags & VIRTIO_CCW_FLAG_USE_IOEVENTFD) ||
+@@ -103,8 +106,9 @@ static void virtio_ccw_start_ioeventfd(VirtioCcwDevice *dev)
+ dev->ioeventfd_started) {
+ return;
+ }
++ vdev = virtio_bus_get_device(&dev->bus);
+ for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
+- if (!virtio_queue_get_num(dev->vdev, n)) {
++ if (!virtio_queue_get_num(vdev, n)) {
+ continue;
+ }
+ r = virtio_ccw_set_guest2host_notifier(dev, n, true, true);
+@@ -117,7 +121,7 @@ static void virtio_ccw_start_ioeventfd(VirtioCcwDevice *dev)
+
+ assign_error:
+ while (--n >= 0) {
+- if (!virtio_queue_get_num(dev->vdev, n)) {
++ if (!virtio_queue_get_num(vdev, n)) {
+ continue;
+ }
+ r = virtio_ccw_set_guest2host_notifier(dev, n, false, false);
+@@ -131,13 +135,15 @@ static void virtio_ccw_start_ioeventfd(VirtioCcwDevice *dev)
+
+ static void virtio_ccw_stop_ioeventfd(VirtioCcwDevice *dev)
+ {
++ VirtIODevice *vdev;
+ int n, r;
+
+ if (!dev->ioeventfd_started) {
+ return;
+ }
++ vdev = virtio_bus_get_device(&dev->bus);
+ for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
+- if (!virtio_queue_get_num(dev->vdev, n)) {
++ if (!virtio_queue_get_num(vdev, n)) {
+ continue;
+ }
+ r = virtio_ccw_set_guest2host_notifier(dev, n, false, false);
+@@ -188,7 +194,7 @@ typedef struct VirtioFeatDesc {
+ static int virtio_ccw_set_vqs(SubchDev *sch, uint64_t addr, uint32_t align,
+ uint16_t index, uint16_t num)
+ {
+- VirtioCcwDevice *dev = sch->driver_data;
++ VirtIODevice *vdev = virtio_ccw_get_vdev(sch);
+
+ if (index > VIRTIO_PCI_QUEUE_MAX) {
+ return -EINVAL;
+@@ -199,23 +205,23 @@ static int virtio_ccw_set_vqs(SubchDev *sch, uint64_t addr, uint32_t align,
+ return -EINVAL;
+ }
+
+- if (!dev) {
++ if (!vdev) {
+ return -EINVAL;
+ }
+
+- virtio_queue_set_addr(dev->vdev, index, addr);
++ virtio_queue_set_addr(vdev, index, addr);
+ if (!addr) {
+- virtio_queue_set_vector(dev->vdev, index, 0);
++ virtio_queue_set_vector(vdev, index, 0);
+ } else {
+ /* Fail if we don't have a big enough queue. */
+ /* TODO: Add interface to handle vring.num changing */
+- if (virtio_queue_get_num(dev->vdev, index) > num) {
++ if (virtio_queue_get_num(vdev, index) > num) {
+ return -EINVAL;
+ }
+- virtio_queue_set_vector(dev->vdev, index, index);
++ virtio_queue_set_vector(vdev, index, index);
+ }
+ /* tell notify handler in case of config change */
+- dev->vdev->config_vector = VIRTIO_PCI_QUEUE_MAX;
++ vdev->config_vector = VIRTIO_PCI_QUEUE_MAX;
+ return 0;
+ }
+
+@@ -229,6 +235,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
+ hwaddr indicators;
+ VqConfigBlock vq_config;
+ VirtioCcwDevice *dev = sch->driver_data;
++ VirtIODevice *vdev = virtio_bus_get_device(&dev->bus);
+ bool check_len;
+ int len;
+ hwaddr hw_len;
+@@ -271,7 +278,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
+ break;
+ case CCW_CMD_VDEV_RESET:
+ virtio_ccw_stop_ioeventfd(dev);
+- virtio_reset(dev->vdev);
++ virtio_reset(vdev);
+ ret = 0;
+ break;
+ case CCW_CMD_READ_FEAT:
+@@ -318,7 +325,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
+ features.features = ldl_le_phys(ccw.cda);
+ if (features.index < ARRAY_SIZE(dev->host_features)) {
+ virtio_bus_set_vdev_features(&dev->bus, features.features);
+- dev->vdev->guest_features = features.features;
++ vdev->guest_features = features.features;
+ } else {
+ /*
+ * If the guest supports more feature bits, assert that it
+@@ -336,30 +343,30 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
+ break;
+ case CCW_CMD_READ_CONF:
+ if (check_len) {
+- if (ccw.count > dev->vdev->config_len) {
++ if (ccw.count > vdev->config_len) {
+ ret = -EINVAL;
+ break;
+ }
+ }
+- len = MIN(ccw.count, dev->vdev->config_len);
++ len = MIN(ccw.count, vdev->config_len);
+ if (!ccw.cda) {
+ ret = -EFAULT;
+ } else {
+- virtio_bus_get_vdev_config(&dev->bus, dev->vdev->config);
++ virtio_bus_get_vdev_config(&dev->bus, vdev->config);
+ /* XXX config space endianness */
+- cpu_physical_memory_write(ccw.cda, dev->vdev->config, len);
++ cpu_physical_memory_write(ccw.cda, vdev->config, len);
+ sch->curr_status.scsw.count = ccw.count - len;
+ ret = 0;
+ }
+ break;
+ case CCW_CMD_WRITE_CONF:
+ if (check_len) {
+- if (ccw.count > dev->vdev->config_len) {
++ if (ccw.count > vdev->config_len) {
+ ret = -EINVAL;
+ break;
+ }
+ }
+- len = MIN(ccw.count, dev->vdev->config_len);
++ len = MIN(ccw.count, vdev->config_len);
+ hw_len = len;
+ if (!ccw.cda) {
+ ret = -EFAULT;
+@@ -370,9 +377,9 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
+ } else {
+ len = hw_len;
+ /* XXX config space endianness */
+- memcpy(dev->vdev->config, config, len);
++ memcpy(vdev->config, config, len);
+ cpu_physical_memory_unmap(config, hw_len, 0, hw_len);
+- virtio_bus_set_vdev_config(&dev->bus, dev->vdev->config);
++ virtio_bus_set_vdev_config(&dev->bus, vdev->config);
+ sch->curr_status.scsw.count = ccw.count - len;
+ ret = 0;
+ }
+@@ -396,9 +403,9 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
+ if (!(status & VIRTIO_CONFIG_S_DRIVER_OK)) {
+ virtio_ccw_stop_ioeventfd(dev);
+ }
+- virtio_set_status(dev->vdev, status);
+- if (dev->vdev->status == 0) {
+- virtio_reset(dev->vdev);
++ virtio_set_status(vdev, status);
++ if (vdev->status == 0) {
++ virtio_reset(vdev);
+ }
+ if (status & VIRTIO_CONFIG_S_DRIVER_OK) {
+ virtio_ccw_start_ioeventfd(dev);
+@@ -462,7 +469,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
+ ret = -EFAULT;
+ } else {
+ vq_config.index = lduw_phys(ccw.cda);
+- vq_config.num_max = virtio_queue_get_num(dev->vdev,
++ vq_config.num_max = virtio_queue_get_num(vdev,
+ vq_config.index);
+ stw_phys(ccw.cda + sizeof(vq_config.index), vq_config.num_max);
+ sch->curr_status.scsw.count = ccw.count - sizeof(vq_config);
+@@ -494,7 +501,6 @@ static int virtio_ccw_device_init(VirtioCcwDevice *dev, VirtIODevice *vdev)
+ sch->driver_data = dev;
+ dev->sch = sch;
+
+- dev->vdev = vdev;
+ dev->indicators = 0;
+
+ /* Initialize subchannel structure. */
+@@ -607,7 +613,7 @@ static int virtio_ccw_device_init(VirtioCcwDevice *dev, VirtIODevice *vdev)
+ memset(&sch->id, 0, sizeof(SenseId));
+ sch->id.reserved = 0xff;
+ sch->id.cu_type = VIRTIO_CCW_CU_TYPE;
+- sch->id.cu_model = dev->vdev->device_id;
++ sch->id.cu_model = vdev->device_id;
+
+ /* Only the first 32 feature bits are used. */
+ dev->host_features[0] = virtio_bus_get_vdev_features(&dev->bus,
+@@ -891,9 +897,10 @@ static unsigned virtio_ccw_get_features(DeviceState *d)
+ static void virtio_ccw_reset(DeviceState *d)
+ {
+ VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d);
++ VirtIODevice *vdev = virtio_bus_get_device(&dev->bus);
+
+ virtio_ccw_stop_ioeventfd(dev);
+- virtio_reset(dev->vdev);
++ virtio_reset(vdev);
+ css_reset_sch(dev->sch);
+ dev->indicators = 0;
+ dev->indicators2 = 0;
+@@ -933,9 +940,10 @@ static int virtio_ccw_set_host_notifier(DeviceState *d, int n, bool assign)
+ static int virtio_ccw_set_guest_notifier(VirtioCcwDevice *dev, int n,
+ bool assign, bool with_irqfd)
+ {
+- VirtQueue *vq = virtio_get_queue(dev->vdev, n);
++ VirtIODevice *vdev = virtio_bus_get_device(&dev->bus);
++ VirtQueue *vq = virtio_get_queue(vdev, n);
+ EventNotifier *notifier = virtio_queue_get_guest_notifier(vq);
+- VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(dev->vdev);
++ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
+
+ if (assign) {
+ int r = event_notifier_init(notifier, 0);
+@@ -951,16 +959,16 @@ static int virtio_ccw_set_guest_notifier(VirtioCcwDevice *dev, int n,
+ * land in qemu (and only the irq fd) in this code.
+ */
+ if (k->guest_notifier_mask) {
+- k->guest_notifier_mask(dev->vdev, n, false);
++ k->guest_notifier_mask(vdev, n, false);
+ }
+ /* get lost events and re-inject */
+ if (k->guest_notifier_pending &&
+- k->guest_notifier_pending(dev->vdev, n)) {
++ k->guest_notifier_pending(vdev, n)) {
+ event_notifier_set(notifier);
+ }
+ } else {
+ if (k->guest_notifier_mask) {
+- k->guest_notifier_mask(dev->vdev, n, true);
++ k->guest_notifier_mask(vdev, n, true);
+ }
+ virtio_queue_set_guest_notifier_fd_handler(vq, false, with_irqfd);
+ event_notifier_cleanup(notifier);
+@@ -972,7 +980,7 @@ static int virtio_ccw_set_guest_notifiers(DeviceState *d, int nvqs,
+ bool assigned)
+ {
+ VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d);
+- VirtIODevice *vdev = dev->vdev;
++ VirtIODevice *vdev = virtio_bus_get_device(&dev->bus);
+ int r, n;
+
+ for (n = 0; n < nvqs; n++) {
diff --git a/0009-pseries-Fix-stalls-on-hypervisor-virtual-console.patch b/0009-pseries-Fix-stalls-on-hypervisor-virtual-console.patch
deleted file mode 100644
index 28878e7..0000000
--- a/0009-pseries-Fix-stalls-on-hypervisor-virtual-console.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 3fe494efc5eb107c4c90e96df3e6131f9960f4b9 Mon Sep 17 00:00:00 2001
-From: Anton Blanchard <anton@samba.org>
-Date: Tue, 13 Aug 2013 14:10:04 +1000
-Subject: [PATCH] pseries: Fix stalls on hypervisor virtual console
-
-A number of users are reporting stalls when using the pseries
-hypervisor virtual console.
-
-A simple test case is to paste 15 or 17 characters at a time
-into the console. Pasting 15 characters at a time works fine
-but pasting 17 characters hangs for a random amount of time.
-Other activity (network, qemu monitor etc) unblocks it.
-
-If qemu-char tries to send more than 16 characters at once,
-vty_can_receive returns false. At this point we have to
-wait for the guest to consume that output. Everything is good
-so far.
-
-The problem occurs when the the guest does consume the output.
-We need to signal back to the qemu-char layer that we are
-ready for more input. Without this we block until something
-else kicks us (eg network activity).
-
-Signed-off-by: Anton Blanchard <anton@samba.org>
-Signed-off-by: Alexander Graf <agraf@suse.de>
-(cherry picked from commit 7770b6f78a2d655e03852a5de238f5926c92be6a)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/char/spapr_vty.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/hw/char/spapr_vty.c b/hw/char/spapr_vty.c
-index a799721..9c2aef8 100644
---- a/hw/char/spapr_vty.c
-+++ b/hw/char/spapr_vty.c
-@@ -47,6 +47,8 @@ static int vty_getchars(VIOsPAPRDevice *sdev, uint8_t *buf, int max)
- buf[n++] = dev->buf[dev->out++ % VTERM_BUFSIZE];
- }
-
-+ qemu_chr_accept_input(dev->chardev);
-+
- return n;
- }
-
diff --git a/0009-virtio-bus-cleanup-plug-unplug-interface.patch b/0009-virtio-bus-cleanup-plug-unplug-interface.patch
new file mode 100644
index 0000000..b8a91f4
--- /dev/null
+++ b/0009-virtio-bus-cleanup-plug-unplug-interface.patch
@@ -0,0 +1,148 @@
+From fe02fcc2b929e6a678ec783cb80890b79b7dca78 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 20 Sep 2013 16:57:53 +0200
+Subject: [PATCH] virtio-bus: cleanup plug/unplug interface
+
+Right now we have these pairs:
+
+- virtio_bus_plug_device/virtio_bus_destroy_device. The first
+ takes a VirtIODevice, the second takes a VirtioBusState
+
+- device_plugged/device_unplug callbacks in the VirtioBusClass
+ (here it's just the naming that is inconsistent)
+
+- virtio_bus_destroy_device is not called by anyone (and since
+ it calls qdev_free, it would be called by the proxies---but
+ then the callback is useless since the proxies can do whatever
+ they want before calling virtio_bus_destroy_device)
+
+And there is a k->init but no k->exit, hence virtio_device_exit is
+overwritten by subclasses (except virtio-9p). This cleans it up by:
+
+- renaming the device_unplug callback to device_unplugged
+
+- renaming virtio_bus_plug_device to virtio_bus_device_plugged,
+ matching the callback name
+
+- renaming virtio_bus_destroy_device to virtio_bus_device_unplugged,
+ removing the qdev_free, making it take a VirtIODevice and calling it
+ from virtio_device_exit
+
+- adding a k->exit callback
+
+virtio_device_exit is still overwritten, the next patches will fix that.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/virtio/virtio-bus.c | 18 +++++++++---------
+ hw/virtio/virtio.c | 7 ++++++-
+ include/hw/virtio/virtio-bus.h | 6 +++---
+ include/hw/virtio/virtio.h | 1 +
+ 4 files changed, 19 insertions(+), 13 deletions(-)
+
+diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c
+index 669ce38..7aed6a4 100644
+--- a/hw/virtio/virtio-bus.c
++++ b/hw/virtio/virtio-bus.c
+@@ -37,8 +37,8 @@ do { printf("virtio_bus: " fmt , ## __VA_ARGS__); } while (0)
+ #define DPRINTF(fmt, ...) do { } while (0)
+ #endif
+
+-/* Plug the VirtIODevice */
+-int virtio_bus_plug_device(VirtIODevice *vdev)
++/* A VirtIODevice is being plugged */
++int virtio_bus_device_plugged(VirtIODevice *vdev)
+ {
+ DeviceState *qdev = DEVICE(vdev);
+ BusState *qbus = BUS(qdev_get_parent_bus(qdev));
+@@ -64,20 +64,20 @@ void virtio_bus_reset(VirtioBusState *bus)
+ }
+ }
+
+-/* Destroy the VirtIODevice */
+-void virtio_bus_destroy_device(VirtioBusState *bus)
++/* A VirtIODevice is being unplugged */
++void virtio_bus_device_unplugged(VirtIODevice *vdev)
+ {
+- BusState *qbus = BUS(bus);
++ DeviceState *qdev = DEVICE(vdev);
++ BusState *qbus = BUS(qdev_get_parent_bus(qdev));
++ VirtioBusState *bus = VIRTIO_BUS(qbus);
+ VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);
+- VirtIODevice *vdev = virtio_bus_get_device(bus);
+
+ DPRINTF("%s: remove device.\n", qbus->name);
+
+ if (vdev != NULL) {
+- if (klass->device_unplug != NULL) {
+- klass->device_unplug(qbus->parent);
++ if (klass->device_unplugged != NULL) {
++ klass->device_unplugged(qbus->parent);
+ }
+- qdev_free(DEVICE(vdev));
+ }
+ }
+
+diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
+index 2f1e73b..965b2c0 100644
+--- a/hw/virtio/virtio.c
++++ b/hw/virtio/virtio.c
+@@ -1158,14 +1158,19 @@ static int virtio_device_init(DeviceState *qdev)
+ if (k->init(vdev) < 0) {
+ return -1;
+ }
+- virtio_bus_plug_device(vdev);
++ virtio_bus_device_plugged(vdev);
+ return 0;
+ }
+
+ static int virtio_device_exit(DeviceState *qdev)
+ {
+ VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
++ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(qdev);
+
++ virtio_bus_device_unplugged(vdev);
++ if (k->exit) {
++ k->exit(vdev);
++ }
+ if (vdev->bus_name) {
+ g_free(vdev->bus_name);
+ vdev->bus_name = NULL;
+diff --git a/include/hw/virtio/virtio-bus.h b/include/hw/virtio/virtio-bus.h
+index ba0f86a..0756545 100644
+--- a/include/hw/virtio/virtio-bus.h
++++ b/include/hw/virtio/virtio-bus.h
+@@ -61,7 +61,7 @@ typedef struct VirtioBusClass {
+ * transport independent exit function.
+ * This is called by virtio-bus just before the device is unplugged.
+ */
+- void (*device_unplug)(DeviceState *d);
++ void (*device_unplugged)(DeviceState *d);
+ /*
+ * Does the transport have variable vring alignment?
+ * (ie can it ever call virtio_queue_set_align()?)
+@@ -74,9 +74,9 @@ struct VirtioBusState {
+ BusState parent_obj;
+ };
+
+-int virtio_bus_plug_device(VirtIODevice *vdev);
++int virtio_bus_device_plugged(VirtIODevice *vdev);
+ void virtio_bus_reset(VirtioBusState *bus);
+-void virtio_bus_destroy_device(VirtioBusState *bus);
++void virtio_bus_device_unplugged(VirtIODevice *bus);
+ /* Get the device id of the plugged device. */
+ uint16_t virtio_bus_get_vdev_id(VirtioBusState *bus);
+ /* Get the config_len field of the plugged device. */
+diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
+index a90522d..59756c2 100644
+--- a/include/hw/virtio/virtio.h
++++ b/include/hw/virtio/virtio.h
+@@ -127,6 +127,7 @@ typedef struct VirtioDeviceClass {
+ /* This is what a VirtioDevice must implement */
+ DeviceClass parent;
+ int (*init)(VirtIODevice *vdev);
++ void (*exit)(VirtIODevice *vdev);
+ uint32_t (*get_features)(VirtIODevice *vdev, uint32_t requested_features);
+ uint32_t (*bad_features)(VirtIODevice *vdev);
+ void (*set_features)(VirtIODevice *vdev, uint32_t val);
diff --git a/0010-virtio-blk-switch-exit-callback-to-VirtioDeviceClass.patch b/0010-virtio-blk-switch-exit-callback-to-VirtioDeviceClass.patch
new file mode 100644
index 0000000..57c2353
--- /dev/null
+++ b/0010-virtio-blk-switch-exit-callback-to-VirtioDeviceClass.patch
@@ -0,0 +1,53 @@
+From aa75555e6fb5cae0e495cb5f7d9f3511ad5ac6ce Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 20 Sep 2013 16:57:54 +0200
+Subject: [PATCH] virtio-blk: switch exit callback to VirtioDeviceClass
+
+This ensures hot-unplug is handled properly by the proxy.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/block/virtio-blk.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
+index 49a23c3..aa37cc9 100644
+--- a/hw/block/virtio-blk.c
++++ b/hw/block/virtio-blk.c
+@@ -729,20 +729,18 @@ static int virtio_blk_device_init(VirtIODevice *vdev)
+ return 0;
+ }
+
+-static int virtio_blk_device_exit(DeviceState *dev)
++static void virtio_blk_device_exit(VirtIODevice *vdev)
+ {
+- VirtIODevice *vdev = VIRTIO_DEVICE(dev);
+- VirtIOBlock *s = VIRTIO_BLK(dev);
++ VirtIOBlock *s = VIRTIO_BLK(vdev);
+ #ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+ remove_migration_state_change_notifier(&s->migration_state_notifier);
+ virtio_blk_data_plane_destroy(s->dataplane);
+ s->dataplane = NULL;
+ #endif
+ qemu_del_vm_change_state_handler(s->change);
+- unregister_savevm(dev, "virtio-blk", s);
++ unregister_savevm(DEVICE(vdev), "virtio-blk", s);
+ blockdev_mark_auto_del(s->bs);
+ virtio_cleanup(vdev);
+- return 0;
+ }
+
+ static Property virtio_blk_properties[] = {
+@@ -754,10 +752,10 @@ static void virtio_blk_class_init(ObjectClass *klass, void *data)
+ {
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+- dc->exit = virtio_blk_device_exit;
+ dc->props = virtio_blk_properties;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ vdc->init = virtio_blk_device_init;
++ vdc->exit = virtio_blk_device_exit;
+ vdc->get_config = virtio_blk_update_config;
+ vdc->set_config = virtio_blk_set_config;
+ vdc->get_features = virtio_blk_get_features;
diff --git a/0010-virtio-virtqueue_get_avail_bytes-fix-desc_pa-when-lo.patch b/0010-virtio-virtqueue_get_avail_bytes-fix-desc_pa-when-lo.patch
deleted file mode 100644
index ed450ab..0000000
--- a/0010-virtio-virtqueue_get_avail_bytes-fix-desc_pa-when-lo.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 358bb0daa1ce332a18cc996fcd078a3989f77d36 Mon Sep 17 00:00:00 2001
-From: yinyin <yin.yin@cs2c.com.cn>
-Date: Thu, 22 Aug 2013 14:47:16 +0800
-Subject: [PATCH] virtio: virtqueue_get_avail_bytes: fix desc_pa when loop over
- the indirect descriptor table
-
-virtqueue_get_avail_bytes: when found a indirect desc, we need loop over it.
- /* loop over the indirect descriptor table */
- indirect = 1;
- max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
- num_bufs = i = 0;
- desc_pa = vring_desc_addr(desc_pa, i);
-But, It init i to 0, then use i to update desc_pa. so we will always get:
-desc_pa = vring_desc_addr(desc_pa, 0);
-the last two line should swap.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Yin Yin <yin.yin@cs2c.com.cn>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 1ae2757c6c4525c9b42f408c86818f843bad7418)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/virtio/virtio.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
-index f03c45d..2f1e73b 100644
---- a/hw/virtio/virtio.c
-+++ b/hw/virtio/virtio.c
-@@ -377,8 +377,8 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes,
- /* loop over the indirect descriptor table */
- indirect = 1;
- max = vring_desc_len(desc_pa, i) / sizeof(VRingDesc);
-- num_bufs = i = 0;
- desc_pa = vring_desc_addr(desc_pa, i);
-+ num_bufs = i = 0;
- }
-
- do {
diff --git a/0011-virtio-serial-switch-exit-callback-to-VirtioDeviceCl.patch b/0011-virtio-serial-switch-exit-callback-to-VirtioDeviceCl.patch
new file mode 100644
index 0000000..86e48e4
--- /dev/null
+++ b/0011-virtio-serial-switch-exit-callback-to-VirtioDeviceCl.patch
@@ -0,0 +1,53 @@
+From 811b51426d9e7819e6498d4dad0d6ac744a8e5d0 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 20 Sep 2013 16:57:55 +0200
+Subject: [PATCH] virtio-serial: switch exit callback to VirtioDeviceClass
+
+This ensures hot-unplug is handled properly by the proxy.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/char/virtio-serial-bus.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
+index da417c7..57dd070 100644
+--- a/hw/char/virtio-serial-bus.c
++++ b/hw/char/virtio-serial-bus.c
+@@ -987,12 +987,11 @@ static const TypeInfo virtio_serial_port_type_info = {
+ .class_init = virtio_serial_port_class_init,
+ };
+
+-static int virtio_serial_device_exit(DeviceState *dev)
++static void virtio_serial_device_exit(VirtIODevice *vdev)
+ {
+- VirtIOSerial *vser = VIRTIO_SERIAL(dev);
+- VirtIODevice *vdev = VIRTIO_DEVICE(dev);
++ VirtIOSerial *vser = VIRTIO_SERIAL(vdev);
+
+- unregister_savevm(dev, "virtio-console", vser);
++ unregister_savevm(DEVICE(vdev), "virtio-console", vser);
+
+ g_free(vser->ivqs);
+ g_free(vser->ovqs);
+@@ -1004,7 +1003,6 @@ static int virtio_serial_device_exit(DeviceState *dev)
+ g_free(vser->post_load);
+ }
+ virtio_cleanup(vdev);
+- return 0;
+ }
+
+ static Property virtio_serial_properties[] = {
+@@ -1016,10 +1014,10 @@ static void virtio_serial_class_init(ObjectClass *klass, void *data)
+ {
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+- dc->exit = virtio_serial_device_exit;
+ dc->props = virtio_serial_properties;
+ set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+ vdc->init = virtio_serial_device_init;
++ vdc->exit = virtio_serial_device_exit;
+ vdc->get_features = get_features;
+ vdc->get_config = get_config;
+ vdc->set_config = set_config;
diff --git a/0011-xhci-fix-endpoint-interval-calculation.patch b/0011-xhci-fix-endpoint-interval-calculation.patch
deleted file mode 100644
index f408884..0000000
--- a/0011-xhci-fix-endpoint-interval-calculation.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From c0a5eb81b43e56569cfdb9c86fd78930b2765b96 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Wed, 28 Aug 2013 11:39:02 +0200
-Subject: [PATCH] xhci: fix endpoint interval calculation
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit ca7162782a293f525633e5816470498dd86a51cf)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/usb/hcd-xhci.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
-index 58c88b8..3c0ba8e 100644
---- a/hw/usb/hcd-xhci.c
-+++ b/hw/usb/hcd-xhci.c
-@@ -1257,7 +1257,7 @@ static void xhci_init_epctx(XHCIEPContext *epctx,
- epctx->ring.ccs = ctx[2] & 1;
- }
-
-- epctx->interval = 1 << (ctx[0] >> 16) & 0xff;
-+ epctx->interval = 1 << ((ctx[0] >> 16) & 0xff);
- }
-
- static TRBCCode xhci_enable_ep(XHCIState *xhci, unsigned int slotid,
diff --git a/0012-Revert-usb-hub-report-status-changes-only-once.patch b/0012-Revert-usb-hub-report-status-changes-only-once.patch
deleted file mode 100644
index 04842a9..0000000
--- a/0012-Revert-usb-hub-report-status-changes-only-once.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From c09a4634d945df5d7e1fbc394646e78d7d713c67 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 27 Aug 2013 17:00:04 +0200
-Subject: [PATCH] Revert "usb-hub: report status changes only once"
-
-This reverts commit a309ee6e0a256f690760abfba44fceaa52a7c2f3.
-
-This isn't in line with the usb specification and adds regressions,
-win7 fails to drive the usb hub for example.
-
-Was added because it "solved" the issue of hubs interacting badly
-with the xhci host controller. Now with the root cause being fixed
-in xhci (commit <FIXME>) we can revert this one.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit bdebd6ee81f4d849aa8541c289203e3992450db0)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/usb/dev-hub.c | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/hw/usb/dev-hub.c b/hw/usb/dev-hub.c
-index e865a98..4188a3c 100644
---- a/hw/usb/dev-hub.c
-+++ b/hw/usb/dev-hub.c
-@@ -33,7 +33,6 @@ typedef struct USBHubPort {
- USBPort port;
- uint16_t wPortStatus;
- uint16_t wPortChange;
-- uint16_t wPortChange_reported;
- } USBHubPort;
-
- typedef struct USBHubState {
-@@ -468,11 +467,8 @@ static void usb_hub_handle_data(USBDevice *dev, USBPacket *p)
- status = 0;
- for(i = 0; i < NUM_PORTS; i++) {
- port = &s->ports[i];
-- if (port->wPortChange &&
-- port->wPortChange_reported != port->wPortChange) {
-+ if (port->wPortChange)
- status |= (1 << (i + 1));
-- }
-- port->wPortChange_reported = port->wPortChange;
- }
- if (status != 0) {
- for(i = 0; i < n; i++) {
diff --git a/0012-virtio-net-switch-exit-callback-to-VirtioDeviceClass.patch b/0012-virtio-net-switch-exit-callback-to-VirtioDeviceClass.patch
new file mode 100644
index 0000000..4bd6ede
--- /dev/null
+++ b/0012-virtio-net-switch-exit-callback-to-VirtioDeviceClass.patch
@@ -0,0 +1,58 @@
+From 1582699fb9f748f9f91b015ef311f93bf5a95f5d Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 20 Sep 2013 16:57:56 +0200
+Subject: [PATCH] virtio-net: switch exit callback to VirtioDeviceClass
+
+This ensures hot-unplug is handled properly by the proxy.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/net/virtio-net.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index aa1880c..46a4d8c 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -1568,16 +1568,15 @@ static int virtio_net_device_init(VirtIODevice *vdev)
+ return 0;
+ }
+
+-static int virtio_net_device_exit(DeviceState *qdev)
++static void virtio_net_device_exit(VirtIODevice *vdev)
+ {
+- VirtIONet *n = VIRTIO_NET(qdev);
+- VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
++ VirtIONet *n = VIRTIO_NET(vdev);
+ int i;
+
+ /* This will stop vhost backend if appropriate. */
+ virtio_net_set_status(vdev, 0);
+
+- unregister_savevm(qdev, "virtio-net", n);
++ unregister_savevm(DEVICE(vdev), "virtio-net", n);
+
+ if (n->netclient_name) {
+ g_free(n->netclient_name);
+@@ -1608,8 +1607,6 @@ static int virtio_net_device_exit(DeviceState *qdev)
+ g_free(n->vqs);
+ qemu_del_nic(n->nic);
+ virtio_cleanup(vdev);
+-
+- return 0;
+ }
+
+ static void virtio_net_instance_init(Object *obj)
+@@ -1636,10 +1633,10 @@ static void virtio_net_class_init(ObjectClass *klass, void *data)
+ {
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+- dc->exit = virtio_net_device_exit;
+ dc->props = virtio_net_properties;
+ set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+ vdc->init = virtio_net_device_init;
++ vdc->exit = virtio_net_device_exit;
+ vdc->get_config = virtio_net_get_config;
+ vdc->set_config = virtio_net_set_config;
+ vdc->get_features = virtio_net_get_features;
diff --git a/0013-block-expect-errors-from-bdrv_co_is_allocated.patch b/0013-block-expect-errors-from-bdrv_co_is_allocated.patch
deleted file mode 100644
index 85d0820..0000000
--- a/0013-block-expect-errors-from-bdrv_co_is_allocated.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-From da4e203efa76f2d2ee0a17670c241881963d033d Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Wed, 4 Sep 2013 19:00:25 +0200
-Subject: [PATCH] block: expect errors from bdrv_co_is_allocated
-
-Some bdrv_is_allocated callers do not expect errors, but the fallback
-in qcow2.c might make other callers trip on assertion failures or
-infinite loops.
-
-Fix the callers to always look for errors.
-
-Cc: qemu-stable@nongnu.org
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-(cherry picked from commit d663640c04f2aab810915c556390211d75457704)
-
-Conflicts:
-
- block/cow.c
-
-*modified to avoid dependency on upstream's e641c1e8
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- block.c | 7 +++++--
- block/cow.c | 6 +++++-
- block/qcow2.c | 4 +---
- block/stream.c | 2 +-
- qemu-img.c | 16 ++++++++++++++--
- qemu-io-cmds.c | 4 ++++
- 6 files changed, 30 insertions(+), 9 deletions(-)
-
-diff --git a/block.c b/block.c
-index d5ce8d3..8ce8b91 100644
---- a/block.c
-+++ b/block.c
-@@ -1803,8 +1803,11 @@ int bdrv_commit(BlockDriverState *bs)
- buf = g_malloc(COMMIT_BUF_SECTORS * BDRV_SECTOR_SIZE);
-
- for (sector = 0; sector < total_sectors; sector += n) {
-- if (bdrv_is_allocated(bs, sector, COMMIT_BUF_SECTORS, &n)) {
--
-+ ret = bdrv_is_allocated(bs, sector, COMMIT_BUF_SECTORS, &n);
-+ if (ret < 0) {
-+ goto ro_cleanup;
-+ }
-+ if (ret) {
- if (bdrv_read(bs, sector, buf, n) != 0) {
- ret = -EIO;
- goto ro_cleanup;
-diff --git a/block/cow.c b/block/cow.c
-index 1cc2e89..e1b73d6 100644
---- a/block/cow.c
-+++ b/block/cow.c
-@@ -189,7 +189,11 @@ static int coroutine_fn cow_read(BlockDriverState *bs, int64_t sector_num,
- int ret, n;
-
- while (nb_sectors > 0) {
-- if (bdrv_co_is_allocated(bs, sector_num, nb_sectors, &n)) {
-+ ret = bdrv_co_is_allocated(bs, sector_num, nb_sectors, &n);
-+ if (ret < 0) {
-+ return ret;
-+ }
-+ if (ret) {
- ret = bdrv_pread(bs->file,
- s->cow_sectors_offset + sector_num * 512,
- buf, n * 512);
-diff --git a/block/qcow2.c b/block/qcow2.c
-index 3376901..7f7282e 100644
---- a/block/qcow2.c
-+++ b/block/qcow2.c
-@@ -648,13 +648,11 @@ static int coroutine_fn qcow2_co_is_allocated(BlockDriverState *bs,
- int ret;
-
- *pnum = nb_sectors;
-- /* FIXME We can get errors here, but the bdrv_co_is_allocated interface
-- * can't pass them on today */
- qemu_co_mutex_lock(&s->lock);
- ret = qcow2_get_cluster_offset(bs, sector_num << 9, pnum, &cluster_offset);
- qemu_co_mutex_unlock(&s->lock);
- if (ret < 0) {
-- *pnum = 0;
-+ return ret;
- }
-
- return (cluster_offset != 0) || (ret == QCOW2_CLUSTER_ZERO);
-diff --git a/block/stream.c b/block/stream.c
-index 7fe9e48..4e8d177 100644
---- a/block/stream.c
-+++ b/block/stream.c
-@@ -120,7 +120,7 @@ wait:
- if (ret == 1) {
- /* Allocated in the top, no need to copy. */
- copy = false;
-- } else {
-+ } else if (ret >= 0) {
- /* Copy if allocated in the intermediate images. Limit to the
- * known-unallocated area [sector_num, sector_num+n). */
- ret = bdrv_co_is_allocated_above(bs->backing_hd, base,
-diff --git a/qemu-img.c b/qemu-img.c
-index b9a848d..b01998b 100644
---- a/qemu-img.c
-+++ b/qemu-img.c
-@@ -1485,8 +1485,15 @@ static int img_convert(int argc, char **argv)
- are present in both the output's and input's base images (no
- need to copy them). */
- if (out_baseimg) {
-- if (!bdrv_is_allocated(bs[bs_i], sector_num - bs_offset,
-- n, &n1)) {
-+ ret = bdrv_is_allocated(bs[bs_i], sector_num - bs_offset,
-+ n, &n1);
-+ if (ret < 0) {
-+ error_report("error while reading metadata for sector "
-+ "%" PRId64 ": %s",
-+ sector_num - bs_offset, strerror(-ret));
-+ goto out;
-+ }
-+ if (!ret) {
- sector_num += n1;
- continue;
- }
-@@ -2076,6 +2083,11 @@ static int img_rebase(int argc, char **argv)
-
- /* If the cluster is allocated, we don't need to take action */
- ret = bdrv_is_allocated(bs, sector, n, &n);
-+ if (ret < 0) {
-+ error_report("error while reading image metadata: %s",
-+ strerror(-ret));
-+ goto out;
-+ }
- if (ret) {
- continue;
- }
-diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
-index ffbcf31..ffe48ad 100644
---- a/qemu-io-cmds.c
-+++ b/qemu-io-cmds.c
-@@ -1829,6 +1829,10 @@ static int alloc_f(BlockDriverState *bs, int argc, char **argv)
- sector_num = offset >> 9;
- while (remaining) {
- ret = bdrv_is_allocated(bs, sector_num, remaining, &num);
-+ if (ret < 0) {
-+ printf("is_allocated failed: %s\n", strerror(-ret));
-+ return 0;
-+ }
- sector_num += num;
- remaining -= num;
- if (ret) {
diff --git a/0013-virtio-scsi-switch-exit-callback-to-VirtioDeviceClas.patch b/0013-virtio-scsi-switch-exit-callback-to-VirtioDeviceClas.patch
new file mode 100644
index 0000000..e654a87
--- /dev/null
+++ b/0013-virtio-scsi-switch-exit-callback-to-VirtioDeviceClas.patch
@@ -0,0 +1,112 @@
+From df750f462929ba85a61dbdd6a4020cb4b2ee68d0 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 20 Sep 2013 16:57:57 +0200
+Subject: [PATCH] virtio-scsi: switch exit callback to VirtioDeviceClass
+
+This ensures hot-unplug is handled properly by the proxy.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/scsi/vhost-scsi.c | 11 +++++------
+ hw/scsi/virtio-scsi.c | 15 +++++++--------
+ include/hw/virtio/virtio-scsi.h | 2 +-
+ 3 files changed, 13 insertions(+), 15 deletions(-)
+
+diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c
+index 9e770fb..5e3cc61 100644
+--- a/hw/scsi/vhost-scsi.c
++++ b/hw/scsi/vhost-scsi.c
+@@ -240,11 +240,10 @@ static int vhost_scsi_init(VirtIODevice *vdev)
+ return 0;
+ }
+
+-static int vhost_scsi_exit(DeviceState *qdev)
++static void vhost_scsi_exit(VirtIODevice *vdev)
+ {
+- VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
+- VHostSCSI *s = VHOST_SCSI(qdev);
+- VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(qdev);
++ VHostSCSI *s = VHOST_SCSI(vdev);
++ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev);
+
+ migrate_del_blocker(s->migration_blocker);
+ error_free(s->migration_blocker);
+@@ -253,7 +252,7 @@ static int vhost_scsi_exit(DeviceState *qdev)
+ vhost_scsi_set_status(vdev, 0);
+
+ g_free(s->dev.vqs);
+- return virtio_scsi_common_exit(vs);
++ virtio_scsi_common_exit(vs);
+ }
+
+ static Property vhost_scsi_properties[] = {
+@@ -265,10 +264,10 @@ static void vhost_scsi_class_init(ObjectClass *klass, void *data)
+ {
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+- dc->exit = vhost_scsi_exit;
+ dc->props = vhost_scsi_properties;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ vdc->init = vhost_scsi_init;
++ vdc->exit = vhost_scsi_exit;
+ vdc->get_features = vhost_scsi_get_features;
+ vdc->set_config = vhost_scsi_set_config;
+ vdc->set_status = vhost_scsi_set_status;
+diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
+index 05da56b..5545993 100644
+--- a/hw/scsi/virtio-scsi.c
++++ b/hw/scsi/virtio-scsi.c
+@@ -643,22 +643,21 @@ static int virtio_scsi_device_init(VirtIODevice *vdev)
+ return 0;
+ }
+
+-int virtio_scsi_common_exit(VirtIOSCSICommon *vs)
++void virtio_scsi_common_exit(VirtIOSCSICommon *vs)
+ {
+ VirtIODevice *vdev = VIRTIO_DEVICE(vs);
+
+ g_free(vs->cmd_vqs);
+ virtio_cleanup(vdev);
+- return 0;
+ }
+
+-static int virtio_scsi_device_exit(DeviceState *qdev)
++static void virtio_scsi_device_exit(VirtIODevice *vdev)
+ {
+- VirtIOSCSI *s = VIRTIO_SCSI(qdev);
+- VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(qdev);
++ VirtIOSCSI *s = VIRTIO_SCSI(vdev);
++ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev);
+
+- unregister_savevm(qdev, "virtio-scsi", s);
+- return virtio_scsi_common_exit(vs);
++ unregister_savevm(DEVICE(vdev), "virtio-scsi", s);
++ virtio_scsi_common_exit(vs);
+ }
+
+ static Property virtio_scsi_properties[] = {
+@@ -679,10 +678,10 @@ static void virtio_scsi_class_init(ObjectClass *klass, void *data)
+ {
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+- dc->exit = virtio_scsi_device_exit;
+ dc->props = virtio_scsi_properties;
+ set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+ vdc->init = virtio_scsi_device_init;
++ vdc->exit = virtio_scsi_device_exit;
+ vdc->set_config = virtio_scsi_set_config;
+ vdc->get_features = virtio_scsi_get_features;
+ vdc->reset = virtio_scsi_reset;
+diff --git a/include/hw/virtio/virtio-scsi.h b/include/hw/virtio/virtio-scsi.h
+index 9a98540..206c61d 100644
+--- a/include/hw/virtio/virtio-scsi.h
++++ b/include/hw/virtio/virtio-scsi.h
+@@ -187,6 +187,6 @@ typedef struct {
+ VIRTIO_SCSI_F_CHANGE, true)
+
+ int virtio_scsi_common_init(VirtIOSCSICommon *vs);
+-int virtio_scsi_common_exit(VirtIOSCSICommon *vs);
++void virtio_scsi_common_exit(VirtIOSCSICommon *vs);
+
+ #endif /* _QEMU_VIRTIO_SCSI_H */
diff --git a/0014-target-i386-fix-disassembly-with-PAE-1-PG-0.patch b/0014-target-i386-fix-disassembly-with-PAE-1-PG-0.patch
deleted file mode 100644
index 1cbc2cd..0000000
--- a/0014-target-i386-fix-disassembly-with-PAE-1-PG-0.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From f9fd82ee939d6ee5bff126b125020021e18ce330 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 30 Aug 2013 11:58:45 +0200
-Subject: [PATCH] target-i386: fix disassembly with PAE=1, PG=0
-
-CR4.PAE=1 will not enable paging if CR0.PG=0, but the "if" chain
-in x86_cpu_get_phys_page_debug says otherwise. Check CR0.PG
-before everything else.
-
-Fixes "-d in_asm" for a code section at the beginning of OVMF.
-
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Richard Henderson <rth@twiddle.net>
-Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
-(cherry picked from commit f2f8560c7a5303065a2a3207ec475dfb3a622a0e)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- target-i386/helper.c | 34 ++++++++++++++++------------------
- 1 file changed, 16 insertions(+), 18 deletions(-)
-
-diff --git a/target-i386/helper.c b/target-i386/helper.c
-index bf3e2ac..7f74e5d 100644
---- a/target-i386/helper.c
-+++ b/target-i386/helper.c
-@@ -894,7 +894,10 @@ hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
- uint32_t page_offset;
- int page_size;
-
-- if (env->cr[4] & CR4_PAE_MASK) {
-+ if (!(env->cr[0] & CR0_PG_MASK)) {
-+ pte = addr & env->a20_mask;
-+ page_size = 4096;
-+ } else if (env->cr[4] & CR4_PAE_MASK) {
- target_ulong pdpe_addr;
- uint64_t pde, pdpe;
-
-@@ -952,26 +955,21 @@ hwaddr x86_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
- } else {
- uint32_t pde;
-
-- if (!(env->cr[0] & CR0_PG_MASK)) {
-- pte = addr;
-- page_size = 4096;
-+ /* page directory entry */
-+ pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & 0xffc)) & env->a20_mask;
-+ pde = ldl_phys(pde_addr);
-+ if (!(pde & PG_PRESENT_MASK))
-+ return -1;
-+ if ((pde & PG_PSE_MASK) && (env->cr[4] & CR4_PSE_MASK)) {
-+ pte = pde & ~0x003ff000; /* align to 4MB */
-+ page_size = 4096 * 1024;
- } else {
- /* page directory entry */
-- pde_addr = ((env->cr[3] & ~0xfff) + ((addr >> 20) & 0xffc)) & env->a20_mask;
-- pde = ldl_phys(pde_addr);
-- if (!(pde & PG_PRESENT_MASK))
-+ pte_addr = ((pde & ~0xfff) + ((addr >> 10) & 0xffc)) & env->a20_mask;
-+ pte = ldl_phys(pte_addr);
-+ if (!(pte & PG_PRESENT_MASK))
- return -1;
-- if ((pde & PG_PSE_MASK) && (env->cr[4] & CR4_PSE_MASK)) {
-- pte = pde & ~0x003ff000; /* align to 4MB */
-- page_size = 4096 * 1024;
-- } else {
-- /* page directory entry */
-- pte_addr = ((pde & ~0xfff) + ((addr >> 10) & 0xffc)) & env->a20_mask;
-- pte = ldl_phys(pte_addr);
-- if (!(pte & PG_PRESENT_MASK))
-- return -1;
-- page_size = 4096;
-- }
-+ page_size = 4096;
- }
- pte = pte & env->a20_mask;
- }
diff --git a/0014-virtio-balloon-switch-exit-callback-to-VirtioDeviceC.patch b/0014-virtio-balloon-switch-exit-callback-to-VirtioDeviceC.patch
new file mode 100644
index 0000000..5c921d1
--- /dev/null
+++ b/0014-virtio-balloon-switch-exit-callback-to-VirtioDeviceC.patch
@@ -0,0 +1,49 @@
+From d42ac36363ef9e3d3963c2c31fa7122492dbaf0e Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 20 Sep 2013 16:57:58 +0200
+Subject: [PATCH] virtio-balloon: switch exit callback to VirtioDeviceClass
+
+This ensures hot-unplug is handled properly by the proxy.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/virtio/virtio-balloon.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
+index aac7f83..c23facb 100644
+--- a/hw/virtio/virtio-balloon.c
++++ b/hw/virtio/virtio-balloon.c
+@@ -370,16 +370,14 @@ static int virtio_balloon_device_init(VirtIODevice *vdev)
+ return 0;
+ }
+
+-static int virtio_balloon_device_exit(DeviceState *qdev)
++static void virtio_balloon_device_exit(VirtIODevice *vdev)
+ {
+- VirtIOBalloon *s = VIRTIO_BALLOON(qdev);
+- VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
++ VirtIOBalloon *s = VIRTIO_BALLOON(vdev);
+
+ balloon_stats_destroy_timer(s);
+ qemu_remove_balloon_handler(s);
+- unregister_savevm(qdev, "virtio-balloon", s);
++ unregister_savevm(DEVICE(vdev), "virtio-balloon", s);
+ virtio_cleanup(vdev);
+- return 0;
+ }
+
+ static Property virtio_balloon_properties[] = {
+@@ -390,10 +388,10 @@ static void virtio_balloon_class_init(ObjectClass *klass, void *data)
+ {
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+- dc->exit = virtio_balloon_device_exit;
+ dc->props = virtio_balloon_properties;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+ vdc->init = virtio_balloon_device_init;
++ vdc->exit = virtio_balloon_device_exit;
+ vdc->get_config = virtio_balloon_get_config;
+ vdc->set_config = virtio_balloon_set_config;
+ vdc->get_features = virtio_balloon_get_features;
diff --git a/0015-adlib-sort-offsets-in-portio-registration.patch b/0015-adlib-sort-offsets-in-portio-registration.patch
deleted file mode 100644
index a7b6816..0000000
--- a/0015-adlib-sort-offsets-in-portio-registration.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 2ffbe03e8bc8f330581e31537190949a9aba80c3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Herv=C3=A9=20Poussineau?= <hpoussin@reactos.org>
-Date: Wed, 14 Aug 2013 11:49:04 +0200
-Subject: [PATCH] adlib: sort offsets in portio registration
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This fixes the following assert when -device adlib is used:
-ioport.c:240: portio_list_add: Assertion `pio->offset >= off_last' failed.
-
-Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-(cherry picked from commit 2b21fb57af305f17841d79e7e2e02ad1aec3f5ca)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/audio/adlib.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/audio/adlib.c b/hw/audio/adlib.c
-index 0421d47..db4a953 100644
---- a/hw/audio/adlib.c
-+++ b/hw/audio/adlib.c
-@@ -284,9 +284,9 @@ static void Adlib_fini (AdlibState *s)
- }
-
- static MemoryRegionPortio adlib_portio_list[] = {
-- { 0x388, 4, 1, .read = adlib_read, .write = adlib_write, },
- { 0, 4, 1, .read = adlib_read, .write = adlib_write, },
- { 0, 2, 1, .read = adlib_read, .write = adlib_write, },
-+ { 0x388, 4, 1, .read = adlib_read, .write = adlib_write, },
- PORTIO_END_OF_LIST(),
- };
-
diff --git a/0015-virtio-rng-switch-exit-callback-to-VirtioDeviceClass.patch b/0015-virtio-rng-switch-exit-callback-to-VirtioDeviceClass.patch
new file mode 100644
index 0000000..6c54e1b
--- /dev/null
+++ b/0015-virtio-rng-switch-exit-callback-to-VirtioDeviceClass.patch
@@ -0,0 +1,49 @@
+From 2bb10b85ffa655f91a4777da4f7a5534ee4c266c Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 20 Sep 2013 16:57:59 +0200
+Subject: [PATCH] virtio-rng: switch exit callback to VirtioDeviceClass
+
+This ensures hot-unplug is handled properly by the proxy.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/virtio/virtio-rng.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/hw/virtio/virtio-rng.c b/hw/virtio/virtio-rng.c
+index bac8421..6895146 100644
+--- a/hw/virtio/virtio-rng.c
++++ b/hw/virtio/virtio-rng.c
+@@ -184,16 +184,14 @@ static int virtio_rng_device_init(VirtIODevice *vdev)
+ return 0;
+ }
+
+-static int virtio_rng_device_exit(DeviceState *qdev)
++static void virtio_rng_device_exit(VirtIODevice *vdev)
+ {
+- VirtIORNG *vrng = VIRTIO_RNG(qdev);
+- VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
++ VirtIORNG *vrng = VIRTIO_RNG(vdev);
+
+ qemu_del_timer(vrng->rate_limit_timer);
+ qemu_free_timer(vrng->rate_limit_timer);
+- unregister_savevm(qdev, "virtio-rng", vrng);
++ unregister_savevm(DEVICE(vdev), "virtio-rng", vrng);
+ virtio_cleanup(vdev);
+- return 0;
+ }
+
+ static Property virtio_rng_properties[] = {
+@@ -205,10 +203,10 @@ static void virtio_rng_class_init(ObjectClass *klass, void *data)
+ {
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
+- dc->exit = virtio_rng_device_exit;
+ dc->props = virtio_rng_properties;
+ set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+ vdc->init = virtio_rng_device_init;
++ vdc->exit = virtio_rng_device_exit;
+ vdc->get_features = get_features;
+ }
+
diff --git a/0016-exec-fix-writing-to-MMIO-area-with-non-power-of-two-.patch b/0016-exec-fix-writing-to-MMIO-area-with-non-power-of-two-.patch
deleted file mode 100644
index 4e60171..0000000
--- a/0016-exec-fix-writing-to-MMIO-area-with-non-power-of-two-.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 9fab8e1fe15014a4bd147eeedd2491bcfbba4e59 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Mon, 29 Jul 2013 14:27:39 +0200
-Subject: [PATCH] exec: fix writing to MMIO area with non-power-of-two length
-
-The problem is introduced by commit 2332616 (exec: Support 64-bit
-operations in address_space_rw, 2013-07-08). Before that commit,
-memory_access_size would only return 1/2/4.
-
-Since alignment is already handled above, reduce l to the largest
-power of two that is smaller than l.
-
-Cc: qemu-stable@nongnu.org
-Reported-by: Oleksii Shevchuk <alxchk@gmail.com>
-Tested-by: Oleksii Shevchuk <alxchk@gmail.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 098178f2749a63fbbb1a626dcc7d939d5cb2bde7)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- exec.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/exec.c b/exec.c
-index 3ca9381..394f7e2 100644
---- a/exec.c
-+++ b/exec.c
-@@ -1928,6 +1928,9 @@ static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
- if (l > access_size_max) {
- l = access_size_max;
- }
-+ if (l & (l - 1)) {
-+ l = 1 << (qemu_fls(l) - 1);
-+ }
-
- return l;
- }
diff --git a/0016-virtio-pci-add-device_unplugged-callback.patch b/0016-virtio-pci-add-device_unplugged-callback.patch
new file mode 100644
index 0000000..e96fc3b
--- /dev/null
+++ b/0016-virtio-pci-add-device_unplugged-callback.patch
@@ -0,0 +1,59 @@
+From cb2282d55ee34d04a67d74111d69ab098f765680 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 20 Sep 2013 16:58:00 +0200
+Subject: [PATCH] virtio-pci: add device_unplugged callback
+
+This fixes a crash in hot-unplug of virtio-pci devices behind a PCIe
+switch. The crash happens because the ioeventfd is still set whent the
+child is destroyed (destruction happens in postorder). Then the proxy
+tries to unset to ioeventfd, but the virtqueue structure that holds the
+EventNotifier has been trashed in the meanwhile. kvm_set_ioeventfd_pio
+does not expect failure and aborts.
+
+The fix is simply to move parts of uninitialization to a new
+device_unplugged callback, which is called before the child is destroyed.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/virtio/virtio-pci.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
+index 6fd6d6d..242ec3e 100644
+--- a/hw/virtio/virtio-pci.c
++++ b/hw/virtio/virtio-pci.c
+@@ -1000,6 +1000,15 @@ static void virtio_pci_device_plugged(DeviceState *d)
+ proxy->host_features);
+ }
+
++static void virtio_pci_device_unplugged(DeviceState *d)
++{
++ PCIDevice *pci_dev = PCI_DEVICE(d);
++ VirtIOPCIProxy *proxy = VIRTIO_PCI(d);
++
++ virtio_pci_stop_ioeventfd(proxy);
++ msix_uninit_exclusive_bar(pci_dev);
++}
++
+ static int virtio_pci_init(PCIDevice *pci_dev)
+ {
+ VirtIOPCIProxy *dev = VIRTIO_PCI(pci_dev);
+@@ -1014,9 +1023,7 @@ static int virtio_pci_init(PCIDevice *pci_dev)
+ static void virtio_pci_exit(PCIDevice *pci_dev)
+ {
+ VirtIOPCIProxy *proxy = VIRTIO_PCI(pci_dev);
+- virtio_pci_stop_ioeventfd(proxy);
+ memory_region_destroy(&proxy->bar);
+- msix_uninit_exclusive_bar(pci_dev);
+ }
+
+ static void virtio_pci_reset(DeviceState *qdev)
+@@ -1550,6 +1557,7 @@ static void virtio_pci_bus_class_init(ObjectClass *klass, void *data)
+ k->set_guest_notifiers = virtio_pci_set_guest_notifiers;
+ k->vmstate_change = virtio_pci_vmstate_change;
+ k->device_plugged = virtio_pci_device_plugged;
++ k->device_unplugged = virtio_pci_device_unplugged;
+ }
+
+ static const TypeInfo virtio_pci_bus_info = {
diff --git a/0017-virtio_pci-fix-level-interrupts-with-irqfd.patch b/0017-virtio_pci-fix-level-interrupts-with-irqfd.patch
deleted file mode 100644
index 33e4853..0000000
--- a/0017-virtio_pci-fix-level-interrupts-with-irqfd.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 1cd7138d492304a76f3b8ae89fc61e05b18205a7 Mon Sep 17 00:00:00 2001
-From: "Michael S. Tsirkin" <mst@redhat.com>
-Date: Sun, 1 Sep 2013 11:03:45 +0300
-Subject: [PATCH] virtio_pci: fix level interrupts with irqfd
-
-commit 62c96360ae7f2c7a8b029277fbb7cb082fdef7fd
- virtio-pci: fix level interrupts
-only helps systems without irqfd: on systems with irqfd support we
-passed in flag requesting irqfd even when msix is disabled.
-
-As a result, for level interrupts we didn't install an fd handler so
-unmasking an fd had no effect.
-
-Fix this up.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 23fe2b3f9e7df8da53ac1bc32c6875254911d7f4)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/virtio/virtio-pci.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
-index d37037e..41b96ce 100644
---- a/hw/virtio/virtio-pci.c
-+++ b/hw/virtio/virtio-pci.c
-@@ -799,8 +799,7 @@ static int virtio_pci_set_guest_notifiers(DeviceState *d, int nvqs, bool assign)
- break;
- }
-
-- r = virtio_pci_set_guest_notifier(d, n, assign,
-- kvm_msi_via_irqfd_enabled());
-+ r = virtio_pci_set_guest_notifier(d, n, assign, with_irqfd);
- if (r < 0) {
- goto assign_error;
- }
diff --git a/0018-exec-always-use-MADV_DONTFORK.patch b/0018-exec-always-use-MADV_DONTFORK.patch
deleted file mode 100644
index 95df5f7..0000000
--- a/0018-exec-always-use-MADV_DONTFORK.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 57ea2d21ae1863fd4002b2aea8ea8db8e206d464 Mon Sep 17 00:00:00 2001
-From: Andrea Arcangeli <aarcange@redhat.com>
-Date: Thu, 25 Jul 2013 12:11:15 +0200
-Subject: [PATCH] exec: always use MADV_DONTFORK
-
-MADV_DONTFORK prevents fork to fail with -ENOMEM if the default
-overcommit heuristics decides there's too much anonymous virtual
-memory allocated. If the KVM secondary MMU is synchronized with MMU
-notifiers or not, doesn't make a difference in that regard.
-
-Secondly it's always more efficient to avoid copying the guest
-physical address space in the fork child (so we avoid to mark all the
-guest memory readonly in the parent and so we skip the establishment
-and teardown of lots of pagetables in the child).
-
-In the common case we can ignore the error if MADV_DONTFORK is not
-available. Leave a second invocation that errors out in the KVM path
-if MMU notifiers are missing and KVM is enabled, to abort in such
-case.
-
-Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
-Tested-By: Benoit Canet <benoit@irqsave.net>
-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Gleb Natapov <gleb@redhat.com>
-(cherry picked from commit 3e469dbfe413c25d48321c3a19ddfae0727dc6e5)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- exec.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/exec.c b/exec.c
-index 394f7e2..2ea8f04 100644
---- a/exec.c
-+++ b/exec.c
-@@ -1172,6 +1172,7 @@ ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
-
- qemu_ram_setup_dump(new_block->host, size);
- qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
-+ qemu_madvise(new_block->host, size, QEMU_MADV_DONTFORK);
-
- if (kvm_enabled())
- kvm_setup_guest_memory(new_block->host, size);
diff --git a/0019-xhci-reset-port-when-disabling-slot.patch b/0019-xhci-reset-port-when-disabling-slot.patch
deleted file mode 100644
index a269bda..0000000
--- a/0019-xhci-reset-port-when-disabling-slot.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 9dbfbb89b204e098f283aca310e4d6f6651d88f4 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Wed, 28 Aug 2013 11:47:09 +0200
-Subject: [PATCH] xhci: reset port when disabling slot
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit 5c67dd7b4884979a2613a4702ac1ab68b0e6a16e)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/usb/hcd-xhci.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
-index 3c0ba8e..a6f55a1 100644
---- a/hw/usb/hcd-xhci.c
-+++ b/hw/usb/hcd-xhci.c
-@@ -2076,6 +2076,7 @@ static TRBCCode xhci_disable_slot(XHCIState *xhci, unsigned int slotid)
-
- xhci->slots[slotid-1].enabled = 0;
- xhci->slots[slotid-1].addressed = 0;
-+ xhci->slots[slotid-1].uport = NULL;
- return CC_SUCCESS;
- }
-
diff --git a/0020-usb-parallelize-usb3-streams.patch b/0020-usb-parallelize-usb3-streams.patch
deleted file mode 100644
index b1b63f4..0000000
--- a/0020-usb-parallelize-usb3-streams.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 96b14d0db19b2b80ab3dc35d522671da82101e72 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 27 Aug 2013 15:25:24 +0200
-Subject: [PATCH] usb: parallelize usb3 streams
-
-usb3 bulk endpoints with streams are implicitly pipelined now,
-so the requests will actually be processed in parallel. Also
-allow them to complete out-of-order.
-
-Fixes stalls in the uas driver.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit c96c41ed0d38d68a6c8b6f84751afebafeae31be)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/usb/core.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/hw/usb/core.c b/hw/usb/core.c
-index 05948ca..31960c2 100644
---- a/hw/usb/core.c
-+++ b/hw/usb/core.c
-@@ -403,7 +403,7 @@ void usb_handle_packet(USBDevice *dev, USBPacket *p)
- p->ep->halted = false;
- }
-
-- if (QTAILQ_EMPTY(&p->ep->queue) || p->ep->pipeline) {
-+ if (QTAILQ_EMPTY(&p->ep->queue) || p->ep->pipeline || p->stream) {
- usb_process_one(p);
- if (p->status == USB_RET_ASYNC) {
- /* hcd drivers cannot handle async for isoc */
-@@ -420,7 +420,8 @@ void usb_handle_packet(USBDevice *dev, USBPacket *p)
- * When pipelining is enabled usb-devices must always return async,
- * otherwise packets can complete out of order!
- */
-- assert(!p->ep->pipeline || QTAILQ_EMPTY(&p->ep->queue));
-+ assert(p->stream || !p->ep->pipeline ||
-+ QTAILQ_EMPTY(&p->ep->queue));
- if (p->status != USB_RET_NAK) {
- usb_packet_set_state(p, USB_PACKET_COMPLETE);
- }
-@@ -434,7 +435,7 @@ void usb_packet_complete_one(USBDevice *dev, USBPacket *p)
- {
- USBEndpoint *ep = p->ep;
-
-- assert(QTAILQ_FIRST(&ep->queue) == p);
-+ assert(p->stream || QTAILQ_FIRST(&ep->queue) == p);
- assert(p->status != USB_RET_ASYNC && p->status != USB_RET_NAK);
-
- if (p->status != USB_RET_SUCCESS ||
diff --git a/0021-w32-Fix-access-to-host-devices-regression.patch b/0021-w32-Fix-access-to-host-devices-regression.patch
deleted file mode 100644
index 9a0efb8..0000000
--- a/0021-w32-Fix-access-to-host-devices-regression.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From e8601a4e3102321d054ce3d641c03ebcd0519357 Mon Sep 17 00:00:00 2001
-From: Stefan Weil <sw@weilnetz.de>
-Date: Sun, 1 Sep 2013 22:59:25 +0200
-Subject: [PATCH] w32: Fix access to host devices (regression)
-
-QEMU failed to open host devices like \\.\PhysicalDrive0 (first hard disk)
-since some time (commit 8a79380b8ef1b02d2abd705dd026a18863b09020?).
-
-Those devices use hdev_open which did not use the latest API for options.
-This resulted in a fatal runtime error:
-
- Block protocol 'host_device' doesn't support the option 'filename'
-
-Duplicate code from raw_open to fix this.
-
-Cc: qemu-stable@nongnu.org
-Reported-by: David Brenner <david.brenner3@gmail.com>
-Signed-off-by: Stefan Weil <sw@weilnetz.de>
-Reviewed-by: Kevin Wolf <kwolf@redhat.com>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-(cherry picked from commit 68dc036488dfea170627a55e6ee3dfd7f2c2063e)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- block/raw-win32.c | 36 +++++++++++++++++++++++++++++-------
- 1 file changed, 29 insertions(+), 7 deletions(-)
-
-diff --git a/block/raw-win32.c b/block/raw-win32.c
-index 9b5b2af..d2d2d9f 100644
---- a/block/raw-win32.c
-+++ b/block/raw-win32.c
-@@ -535,13 +535,29 @@ static int hdev_open(BlockDriverState *bs, QDict *options, int flags)
- {
- BDRVRawState *s = bs->opaque;
- int access_flags, create_flags;
-+ int ret = 0;
- DWORD overlapped;
- char device_name[64];
-- const char *filename = qdict_get_str(options, "filename");
-+
-+ Error *local_err = NULL;
-+ const char *filename;
-+
-+ QemuOpts *opts = qemu_opts_create_nofail(&raw_runtime_opts);
-+ qemu_opts_absorb_qdict(opts, options, &local_err);
-+ if (error_is_set(&local_err)) {
-+ qerror_report_err(local_err);
-+ error_free(local_err);
-+ ret = -EINVAL;
-+ goto done;
-+ }
-+
-+ filename = qemu_opt_get(opts, "filename");
-
- if (strstart(filename, "/dev/cdrom", NULL)) {
-- if (find_cdrom(device_name, sizeof(device_name)) < 0)
-- return -ENOENT;
-+ if (find_cdrom(device_name, sizeof(device_name)) < 0) {
-+ ret = -ENOENT;
-+ goto done;
-+ }
- filename = device_name;
- } else {
- /* transform drive letters into device name */
-@@ -564,11 +580,17 @@ static int hdev_open(BlockDriverState *bs, QDict *options, int flags)
- if (s->hfile == INVALID_HANDLE_VALUE) {
- int err = GetLastError();
-
-- if (err == ERROR_ACCESS_DENIED)
-- return -EACCES;
-- return -1;
-+ if (err == ERROR_ACCESS_DENIED) {
-+ ret = -EACCES;
-+ } else {
-+ ret = -1;
-+ }
-+ goto done;
- }
-- return 0;
-+
-+done:
-+ qemu_opts_del(opts);
-+ return ret;
- }
-
- static BlockDriver bdrv_host_device = {
diff --git a/0022-memory-Provide-separate-handling-of-unassigned-io-po.patch b/0022-memory-Provide-separate-handling-of-unassigned-io-po.patch
deleted file mode 100644
index ff5c789..0000000
--- a/0022-memory-Provide-separate-handling-of-unassigned-io-po.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 7ab1044eb1ac2cbc7e65769edf44ced92b85b038 Mon Sep 17 00:00:00 2001
-From: Jan Kiszka <jan.kiszka@siemens.com>
-Date: Mon, 2 Sep 2013 18:43:30 +0200
-Subject: [PATCH] memory: Provide separate handling of unassigned io ports
- accesses
-
-Accesses to unassigned io ports shall return -1 on read and be ignored
-on write. Ensure these properties via dedicated ops, decoupling us from
-the memory core's handling of unassigned accesses.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 3bb28b7208b349e7a1b326e3c6ef9efac1d462bf)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- exec.c | 3 ++-
- include/exec/ioport.h | 4 ++++
- ioport.c | 16 ++++++++++++++++
- 3 files changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/exec.c b/exec.c
-index 2ea8f04..08eecb3 100644
---- a/exec.c
-+++ b/exec.c
-@@ -1821,7 +1821,8 @@ static void memory_map_init(void)
- address_space_init(&address_space_memory, system_memory, "memory");
-
- system_io = g_malloc(sizeof(*system_io));
-- memory_region_init(system_io, NULL, "io", 65536);
-+ memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
-+ 65536);
- address_space_init(&address_space_io, system_io, "I/O");
-
- memory_listener_register(&core_memory_listener, &address_space_memory);
-diff --git a/include/exec/ioport.h b/include/exec/ioport.h
-index bdd4e96..b3848be 100644
---- a/include/exec/ioport.h
-+++ b/include/exec/ioport.h
-@@ -45,6 +45,10 @@ typedef struct MemoryRegionPortio {
-
- #define PORTIO_END_OF_LIST() { }
-
-+#ifndef CONFIG_USER_ONLY
-+extern const MemoryRegionOps unassigned_io_ops;
-+#endif
-+
- void cpu_outb(pio_addr_t addr, uint8_t val);
- void cpu_outw(pio_addr_t addr, uint16_t val);
- void cpu_outl(pio_addr_t addr, uint32_t val);
-diff --git a/ioport.c b/ioport.c
-index 79b7f1a..707cce8 100644
---- a/ioport.c
-+++ b/ioport.c
-@@ -44,6 +44,22 @@ typedef struct MemoryRegionPortioList {
- MemoryRegionPortio ports[];
- } MemoryRegionPortioList;
-
-+static uint64_t unassigned_io_read(void *opaque, hwaddr addr, unsigned size)
-+{
-+ return -1ULL;
-+}
-+
-+static void unassigned_io_write(void *opaque, hwaddr addr, uint64_t val,
-+ unsigned size)
-+{
-+}
-+
-+const MemoryRegionOps unassigned_io_ops = {
-+ .read = unassigned_io_read,
-+ .write = unassigned_io_write,
-+ .endianness = DEVICE_NATIVE_ENDIAN,
-+};
-+
- void cpu_outb(pio_addr_t addr, uint8_t val)
- {
- LOG_IOPORT("outb: %04"FMT_pioaddr" %02"PRIx8"\n", addr, val);
diff --git a/0023-Revert-memory-Return-1-again-on-reads-from-unsigned-.patch b/0023-Revert-memory-Return-1-again-on-reads-from-unsigned-.patch
deleted file mode 100644
index 3086e82..0000000
--- a/0023-Revert-memory-Return-1-again-on-reads-from-unsigned-.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 2a93d3dd32386c3522cfa2ee60c9e06a298d1f52 Mon Sep 17 00:00:00 2001
-From: Jan Kiszka <jan.kiszka@siemens.com>
-Date: Mon, 2 Sep 2013 18:43:31 +0200
-Subject: [PATCH] Revert "memory: Return -1 again on reads from unsigned
- regions"
-
-This reverts commit 9b8c69243585a32d14b9bb9fcd52c37b0b5a1b71.
-
-The commit was wrong: We only return -1 on invalid accesses, not on
-valid but unbacked ones. This broke various corner cases.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 68a7439a150d6b4da99082ab454b9328b151bc25)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- memory.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/memory.c b/memory.c
-index 886f838..5a10fd0 100644
---- a/memory.c
-+++ b/memory.c
-@@ -872,7 +872,7 @@ static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
- if (current_cpu != NULL) {
- cpu_unassigned_access(current_cpu, addr, false, false, 0, size);
- }
-- return -1ULL;
-+ return 0;
- }
-
- static void unassigned_mem_write(void *opaque, hwaddr addr,
diff --git a/0024-exec-check-offset_within_address_space-for-register-.patch b/0024-exec-check-offset_within_address_space-for-register-.patch
deleted file mode 100644
index 590c09b..0000000
--- a/0024-exec-check-offset_within_address_space-for-register-.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 1110014801d368388bca2ed7c28aa695560c4991 Mon Sep 17 00:00:00 2001
-From: Hu Tao <hutao@cn.fujitsu.com>
-Date: Thu, 29 Aug 2013 18:21:16 +0800
-Subject: [PATCH] exec: check offset_within_address_space for register subpage
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If offset_within_address_space falls in a page, then we register a
-subpage. So check offset_within_address_space rather than
-offset_within_region.
-
-Cc: qemu-stable@nongnu.org
-Cc: Paolo Bonzini <pbonzini@redhat.com>
-Cc: Richard Henderson <rth@twiddle.net>
-Cc: "Andreas Färber" <afaerber@suse.de>
-Cc: Peter Maydell <peter.maydell@linaro.org>
-Cc: Blue Swirl <blauwirbel@gmail.com>
-Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 88266249701032211c1d7449460d063fbc01bf12)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- exec.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/exec.c b/exec.c
-index 08eecb3..f6674e5 100644
---- a/exec.c
-+++ b/exec.c
-@@ -869,7 +869,7 @@ static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
- now = remain;
- if (int128_lt(remain.size, page_size)) {
- register_subpage(d, &now);
-- } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
-+ } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
- now.size = page_size;
- register_subpage(d, &now);
- } else {
diff --git a/0025-ne2000-mark-I-O-as-LITTLE_ENDIAN.patch b/0025-ne2000-mark-I-O-as-LITTLE_ENDIAN.patch
deleted file mode 100644
index b96e6e5..0000000
--- a/0025-ne2000-mark-I-O-as-LITTLE_ENDIAN.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From a1991d05d37ac9054d772b32d8fac70bc31be81a Mon Sep 17 00:00:00 2001
-From: Aurelien Jarno <aurelien@aurel32.net>
-Date: Mon, 2 Sep 2013 13:10:34 +0200
-Subject: [PATCH] ne2000: mark I/O as LITTLE_ENDIAN
-
-Now that the memory subsystem is propagating the endianness correctly,
-the ne2000 device should have its I/O ports marked as LITTLE_ENDIAN, as
-PCI devices are little endian.
-
-This makes the ne2000 NIC to work again on PowerPC.
-
-Cc: qemu-stable@nongnu.org
-Cc: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-(cherry picked from commit 45d883dcf208160e2db308d1b368beb74f37dc7e)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/net/ne2000.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
-index 31afd28..c961258 100644
---- a/hw/net/ne2000.c
-+++ b/hw/net/ne2000.c
-@@ -693,7 +693,7 @@ static void ne2000_write(void *opaque, hwaddr addr,
- static const MemoryRegionOps ne2000_ops = {
- .read = ne2000_read,
- .write = ne2000_write,
-- .endianness = DEVICE_NATIVE_ENDIAN,
-+ .endianness = DEVICE_LITTLE_ENDIAN,
- };
-
- /***********************************************************/
diff --git a/0026-ehci-save-device-pointer-in-EHCIState.patch b/0026-ehci-save-device-pointer-in-EHCIState.patch
deleted file mode 100644
index 81eae5c..0000000
--- a/0026-ehci-save-device-pointer-in-EHCIState.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From b6d163fdd8131285a01fe46e6afdba727e4df9ca Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Mon, 9 Sep 2013 10:18:17 +0200
-Subject: [PATCH] ehci: save device pointer in EHCIState
-
-We'll need a pointer to the actual pci/sysbus device,
-stick a pointer to it into the EHCIState struct.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1005495
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit adbecc89731cf3e0ae656d50ea9fa58c589c4bdc)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/usb/hcd-ehci.c | 7 +++----
- hw/usb/hcd-ehci.h | 1 +
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
-index 010a0d0..e9fb20c 100644
---- a/hw/usb/hcd-ehci.c
-+++ b/hw/usb/hcd-ehci.c
-@@ -1241,13 +1241,11 @@ static int ehci_init_transfer(EHCIPacket *p)
- {
- uint32_t cpage, offset, bytes, plen;
- dma_addr_t page;
-- USBBus *bus = &p->queue->ehci->bus;
-- BusState *qbus = BUS(bus);
-
- cpage = get_field(p->qtd.token, QTD_TOKEN_CPAGE);
- bytes = get_field(p->qtd.token, QTD_TOKEN_TBYTES);
- offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK;
-- qemu_sglist_init(&p->sgl, qbus->parent, 5, p->queue->ehci->as);
-+ qemu_sglist_init(&p->sgl, p->queue->ehci->device, 5, p->queue->ehci->as);
-
- while (bytes > 0) {
- if (cpage > 4) {
-@@ -1486,7 +1484,7 @@ static int ehci_process_itd(EHCIState *ehci,
- return -1;
- }
-
-- qemu_sglist_init(&ehci->isgl, DEVICE(ehci), 2, ehci->as);
-+ qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as);
- if (off + len > 4096) {
- /* transfer crosses page border */
- uint32_t len2 = off + len - 4096;
-@@ -2529,6 +2527,7 @@ void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp)
-
- s->frame_timer = qemu_new_timer_ns(vm_clock, ehci_frame_timer, s);
- s->async_bh = qemu_bh_new(ehci_frame_timer, s);
-+ s->device = dev;
-
- qemu_register_reset(ehci_reset, s);
- qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s);
-diff --git a/hw/usb/hcd-ehci.h b/hw/usb/hcd-ehci.h
-index 15a28e8..065c9fa 100644
---- a/hw/usb/hcd-ehci.h
-+++ b/hw/usb/hcd-ehci.h
-@@ -255,6 +255,7 @@ typedef QTAILQ_HEAD(EHCIQueueHead, EHCIQueue) EHCIQueueHead;
-
- struct EHCIState {
- USBBus bus;
-+ DeviceState *device;
- qemu_irq irq;
- MemoryRegion mem;
- AddressSpace *as;
diff --git a/0027-qxl-fix-local-renderer.patch b/0027-qxl-fix-local-renderer.patch
deleted file mode 100644
index fb9eeaf..0000000
--- a/0027-qxl-fix-local-renderer.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From dc0973b5883df7d822b285119691ade8c84dda9c Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 5 Sep 2013 21:57:19 +0200
-Subject: [PATCH] qxl: fix local renderer
-
-The local spice renderer assumes the primary surface is located at the
-start of the "ram" bar. This used to be a requirement in qxl hardware
-revision 1. In revision 2+ this is relaxed. Nevertheless guest drivers
-continued to use the traditional location, for historical and backward
-compatibility reasons. The qxl kms driver doesn't though as it depends
-on qxl revision 4+ anyway.
-
-Result is that local rendering is hosed for recent linux guests, you'll
-get pixel garbage with non-spice ui (gtk, sdl, vnc) and when doing
-screendumps. Fix that by doing a proper mapping of the guest-specified
-memory location.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=948717
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit c58c7b959b93b864a27fd6b3646ee1465ab8832b)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/display/qxl-render.c | 15 ++++++++++-----
- 1 file changed, 10 insertions(+), 5 deletions(-)
-
-diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
-index 269b1a7..d34b0c4 100644
---- a/hw/display/qxl-render.c
-+++ b/hw/display/qxl-render.c
-@@ -31,10 +31,6 @@ static void qxl_blit(PCIQXLDevice *qxl, QXLRect *rect)
- if (is_buffer_shared(surface)) {
- return;
- }
-- if (!qxl->guest_primary.data) {
-- trace_qxl_render_blit_guest_primary_initialized();
-- qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram);
-- }
- trace_qxl_render_blit(qxl->guest_primary.qxl_stride,
- rect->left, rect->right, rect->top, rect->bottom);
- src = qxl->guest_primary.data;
-@@ -104,7 +100,12 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
-
- if (qxl->guest_primary.resized) {
- qxl->guest_primary.resized = 0;
-- qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram);
-+ qxl->guest_primary.data = qxl_phys2virt(qxl,
-+ qxl->guest_primary.surface.mem,
-+ MEMSLOT_GROUP_GUEST);
-+ if (!qxl->guest_primary.data) {
-+ return;
-+ }
- qxl_set_rect_to_surface(qxl, &qxl->dirty[0]);
- qxl->num_dirty_rects = 1;
- trace_qxl_render_guest_primary_resized(
-@@ -128,6 +129,10 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
- }
- dpy_gfx_replace_surface(vga->con, surface);
- }
-+
-+ if (!qxl->guest_primary.data) {
-+ return;
-+ }
- for (i = 0; i < qxl->num_dirty_rects; i++) {
- if (qemu_spice_rect_is_empty(qxl->dirty+i)) {
- break;
diff --git a/0028-pc-Initializing-ram_memory-under-Xen.patch b/0028-pc-Initializing-ram_memory-under-Xen.patch
deleted file mode 100644
index 4d8c0b7..0000000
--- a/0028-pc-Initializing-ram_memory-under-Xen.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 755ec4ca0f92188458ad7ca549a75161cbdcf6ff Mon Sep 17 00:00:00 2001
-From: Anthony PERARD <anthony.perard@citrix.com>
-Date: Mon, 9 Sep 2013 16:15:52 +0000
-Subject: [PATCH] pc: Initializing ram_memory under Xen.
-
-Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
-Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
-Acked-by: Michael S. Tsirkin <mst@redhat.com>
-CC: qemu-stable@nongnu.org
-(cherry picked from commit 04d7bad8a4fb23e6d9af9d06ce3ddc28a251d94d)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/i386/pc_piix.c | 2 +-
- include/hw/xen/xen.h | 4 +---
- xen-all.c | 7 ++++---
- xen-stub.c | 2 +-
- 4 files changed, 7 insertions(+), 8 deletions(-)
-
-diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
-index 6e1e654..3df2ff9 100644
---- a/hw/i386/pc_piix.c
-+++ b/hw/i386/pc_piix.c
-@@ -93,7 +93,7 @@ static void pc_init1(MemoryRegion *system_memory,
- FWCfgState *fw_cfg = NULL;
- PcGuestInfo *guest_info;
-
-- if (xen_enabled() && xen_hvm_init() != 0) {
-+ if (xen_enabled() && xen_hvm_init(&ram_memory) != 0) {
- fprintf(stderr, "xen hardware virtual machine initialisation failed\n");
- exit(1);
- }
-diff --git a/include/hw/xen/xen.h b/include/hw/xen/xen.h
-index 6d42dd1..e1f88bf 100644
---- a/include/hw/xen/xen.h
-+++ b/include/hw/xen/xen.h
-@@ -37,17 +37,15 @@ void xen_cmos_set_s3_resume(void *opaque, int irq, int level);
- qemu_irq *xen_interrupt_controller_init(void);
-
- int xen_init(void);
--int xen_hvm_init(void);
-+int xen_hvm_init(MemoryRegion **ram_memory);
- void xenstore_store_pv_console_info(int i, struct CharDriverState *chr);
-
- #if defined(NEED_CPU_H) && !defined(CONFIG_USER_ONLY)
--struct MemoryRegion;
- void xen_ram_alloc(ram_addr_t ram_addr, ram_addr_t size,
- struct MemoryRegion *mr);
- void xen_modified_memory(ram_addr_t start, ram_addr_t length);
- #endif
-
--struct MemoryRegion;
- void xen_register_framebuffer(struct MemoryRegion *mr);
-
- #if defined(CONFIG_XEN) && CONFIG_XEN_CTRL_INTERFACE_VERSION < 400
-diff --git a/xen-all.c b/xen-all.c
-index 21246e0..e1d0694 100644
---- a/xen-all.c
-+++ b/xen-all.c
-@@ -154,7 +154,7 @@ qemu_irq *xen_interrupt_controller_init(void)
-
- /* Memory Ops */
-
--static void xen_ram_init(ram_addr_t ram_size)
-+static void xen_ram_init(ram_addr_t ram_size, MemoryRegion **ram_memory_p)
- {
- MemoryRegion *sysmem = get_system_memory();
- ram_addr_t below_4g_mem_size, above_4g_mem_size = 0;
-@@ -168,6 +168,7 @@ static void xen_ram_init(ram_addr_t ram_size)
- block_len += HVM_BELOW_4G_MMIO_LENGTH;
- }
- memory_region_init_ram(&ram_memory, NULL, "xen.ram", block_len);
-+ *ram_memory_p = &ram_memory;
- vmstate_register_ram_global(&ram_memory);
-
- if (ram_size >= HVM_BELOW_4G_RAM_END) {
-@@ -1059,7 +1060,7 @@ static void xen_read_physmap(XenIOState *state)
- free(entries);
- }
-
--int xen_hvm_init(void)
-+int xen_hvm_init(MemoryRegion **ram_memory)
- {
- int i, rc;
- unsigned long ioreq_pfn;
-@@ -1134,7 +1135,7 @@ int xen_hvm_init(void)
-
- /* Init RAM management */
- xen_map_cache_init(xen_phys_offset_to_gaddr, state);
-- xen_ram_init(ram_size);
-+ xen_ram_init(ram_size, ram_memory);
-
- qemu_add_vm_change_state_handler(xen_hvm_change_state_handler, state);
-
-diff --git a/xen-stub.c b/xen-stub.c
-index 47c8e73..ad189a6 100644
---- a/xen-stub.c
-+++ b/xen-stub.c
-@@ -64,7 +64,7 @@ void xen_modified_memory(ram_addr_t start, ram_addr_t length)
- {
- }
-
--int xen_hvm_init(void)
-+int xen_hvm_init(MemoryRegion **ram_memory)
- {
- return 0;
- }
diff --git a/0029-pc_q35-Initialize-Xen.patch b/0029-pc_q35-Initialize-Xen.patch
deleted file mode 100644
index 23eb4e4..0000000
--- a/0029-pc_q35-Initialize-Xen.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 41900b0857df9bd33e465a6c72d7a3072dc448f4 Mon Sep 17 00:00:00 2001
-From: Anthony PERARD <anthony.perard@citrix.com>
-Date: Mon, 9 Sep 2013 16:15:53 +0000
-Subject: [PATCH] pc_q35: Initialize Xen.
-
-Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
-Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
-Acked-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit 254c12825f93f405658ca3366cd34f8a8ad23511)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/i386/pc_q35.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
-index 10e770e..dd13130 100644
---- a/hw/i386/pc_q35.c
-+++ b/hw/i386/pc_q35.c
-@@ -81,6 +81,11 @@ static void pc_q35_init(QEMUMachineInitArgs *args)
- DeviceState *icc_bridge;
- PcGuestInfo *guest_info;
-
-+ if (xen_enabled() && xen_hvm_init(&ram_memory) != 0) {
-+ fprintf(stderr, "xen hardware virtual machine initialisation failed\n");
-+ exit(1);
-+ }
-+
- icc_bridge = qdev_create(NULL, TYPE_ICC_BRIDGE);
- object_property_add_child(qdev_get_machine(), "icc-bridge",
- OBJECT(icc_bridge), NULL);
diff --git a/0030-qapi-types.py-Fix-enum-struct-sizes-on-i686.patch b/0030-qapi-types.py-Fix-enum-struct-sizes-on-i686.patch
deleted file mode 100644
index 17578b2..0000000
--- a/0030-qapi-types.py-Fix-enum-struct-sizes-on-i686.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 8b4b3a71fd35d67c5c30652a120c0a59dfab7182 Mon Sep 17 00:00:00 2001
-From: Cole Robinson <crobinso@redhat.com>
-Date: Sat, 31 Aug 2013 18:36:17 -0400
-Subject: [PATCH] qapi-types.py: Fix enum struct sizes on i686
-
-Unlike other list types, enum wasn't adding any padding, which caused
-a mismatch between the generated struct size and GenericList struct
-size. More details in a678e26cbe89f7a27cbce794c2c2784571ee9d21
-
-This crashed qemu if calling qmp query-tpm-types for example, which
-upsets libvirt capabilities probing. Reproducer on i686:
-
-(sleep 5; printf '{"execute":"qmp_capabilities"}\n{"execute":"query-tpm-types"}\n') | ./i386-softmmu/qemu-system-i386 -S -nodefaults -nographic -M none -qmp stdio
-
-https://bugs.launchpad.net/qemu/+bug/1219207
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Tested-by: Richard W.M. Jones <rjones@redhat.com>
-Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
-(cherry picked from commit 02dc4bf5684d3fb46786fab2ecff98214b1df9fe)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- scripts/qapi-types.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/scripts/qapi-types.py b/scripts/qapi-types.py
-index 5ee46ea..5d31b06 100644
---- a/scripts/qapi-types.py
-+++ b/scripts/qapi-types.py
-@@ -51,7 +51,10 @@ def generate_fwd_enum_struct(name, members):
- return mcgen('''
- typedef struct %(name)sList
- {
-- %(name)s value;
-+ union {
-+ %(name)s value;
-+ uint64_t padding;
-+ };
- struct %(name)sList *next;
- } %(name)sList;
- ''',
diff --git a/0031-pcnet-pci-mark-I-O-and-MMIO-as-LITTLE_ENDIAN.patch b/0031-pcnet-pci-mark-I-O-and-MMIO-as-LITTLE_ENDIAN.patch
deleted file mode 100644
index 4e57504..0000000
--- a/0031-pcnet-pci-mark-I-O-and-MMIO-as-LITTLE_ENDIAN.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 76f698948781a148d336ff9032159f6c7c9eccd2 Mon Sep 17 00:00:00 2001
-From: Aurelien Jarno <aurelien@aurel32.net>
-Date: Wed, 28 Aug 2013 14:17:39 +0200
-Subject: [PATCH] pcnet-pci: mark I/O and MMIO as LITTLE_ENDIAN
-
-Now that the memory subsystem is propagating the endianness correctly,
-the pcnet-pci device should have its I/O ports and MMIO memory marked
-as LITTLE_ENDIAN, as PCI devices are little endian.
-
-This makes the pcnet-pci NIC to work again on big endian MIPS Malta
-(default NIC).
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-(cherry picked from commit a26405b350c0d31d5ef53f3b459aeb6eaaf50db0)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/net/pcnet-pci.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/hw/net/pcnet-pci.c b/hw/net/pcnet-pci.c
-index 2c2301c..23fc33c 100644
---- a/hw/net/pcnet-pci.c
-+++ b/hw/net/pcnet-pci.c
-@@ -134,7 +134,7 @@ static void pcnet_ioport_write(void *opaque, hwaddr addr,
- static const MemoryRegionOps pcnet_io_ops = {
- .read = pcnet_ioport_read,
- .write = pcnet_ioport_write,
-- .endianness = DEVICE_NATIVE_ENDIAN,
-+ .endianness = DEVICE_LITTLE_ENDIAN,
- };
-
- static void pcnet_mmio_writeb(void *opaque, hwaddr addr, uint32_t val)
-@@ -256,7 +256,7 @@ static const MemoryRegionOps pcnet_mmio_ops = {
- .read = { pcnet_mmio_readb, pcnet_mmio_readw, pcnet_mmio_readl },
- .write = { pcnet_mmio_writeb, pcnet_mmio_writew, pcnet_mmio_writel },
- },
-- .endianness = DEVICE_NATIVE_ENDIAN,
-+ .endianness = DEVICE_LITTLE_ENDIAN,
- };
-
- static void pci_physical_memory_write(void *dma_opaque, hwaddr addr,
diff --git a/0032-chardev-fix-pty_chr_timer.patch b/0032-chardev-fix-pty_chr_timer.patch
deleted file mode 100644
index d318063..0000000
--- a/0032-chardev-fix-pty_chr_timer.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 4b5b4721464495fe76fe6e2e033cbb61dce78eef Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 22 Aug 2013 11:43:58 +0200
-Subject: [PATCH] chardev: fix pty_chr_timer
-
-pty_chr_timer first calls pty_chr_update_read_handler(), then clears
-timer_tag (because it is a one-shot timer). This is the wrong order
-though. pty_chr_update_read_handler might re-arm time timer, and the
-new timer_tag gets overwitten in that case.
-
-This leads to crashes when unplugging a pty chardev: pty_chr_close
-thinks no timer is running -> timer isn't canceled -> pty_chr_timer gets
-called with stale CharDevState -> BOOM.
-
-This patch fixes the ordering.
-Kill the pointless goto while being at it.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=994414
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit b0d768c35e08d2057b63e8e77e7a513c447199fa)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- qemu-char.c | 12 ++++--------
- 1 file changed, 4 insertions(+), 8 deletions(-)
-
-diff --git a/qemu-char.c b/qemu-char.c
-index 1be1cf6..1621fbd 100644
---- a/qemu-char.c
-+++ b/qemu-char.c
-@@ -1026,15 +1026,11 @@ static gboolean pty_chr_timer(gpointer opaque)
- struct CharDriverState *chr = opaque;
- PtyCharDriver *s = chr->opaque;
-
-- if (s->connected) {
-- goto out;
-- }
--
-- /* Next poll ... */
-- pty_chr_update_read_handler(chr);
--
--out:
- s->timer_tag = 0;
-+ if (!s->connected) {
-+ /* Next poll ... */
-+ pty_chr_update_read_handler(chr);
-+ }
- return FALSE;
- }
-
diff --git a/0033-kvmvapic-Catch-invalid-ROM-size.patch b/0033-kvmvapic-Catch-invalid-ROM-size.patch
deleted file mode 100644
index 88f4018..0000000
--- a/0033-kvmvapic-Catch-invalid-ROM-size.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 50b31e80525d03ef406a8c9f55ff2ae1655a3b66 Mon Sep 17 00:00:00 2001
-From: Jan Kiszka <jan.kiszka@siemens.com>
-Date: Tue, 3 Sep 2013 18:08:50 +0200
-Subject: [PATCH] kvmvapic: Catch invalid ROM size
-
-If not caught early, a zero-length ROM will cause a NULL-pointer access
-later on in patch_hypercalls when allocating a zero-length ROM copy and
-trying to read from it.
-
-CC: qemu-stable@nongnu.org
-Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 18e5eec4db96a00907eb588a2b803401637c7f67)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/i386/kvmvapic.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
-index 15beb80..7ac0fe1 100644
---- a/hw/i386/kvmvapic.c
-+++ b/hw/i386/kvmvapic.c
-@@ -578,7 +578,7 @@ static int patch_hypercalls(VAPICROMState *s)
- * enable write access to the option ROM so that variables can be updated by
- * the guest.
- */
--static void vapic_map_rom_writable(VAPICROMState *s)
-+static int vapic_map_rom_writable(VAPICROMState *s)
- {
- hwaddr rom_paddr = s->rom_state_paddr & ROM_BLOCK_MASK;
- MemoryRegionSection section;
-@@ -599,6 +599,9 @@ static void vapic_map_rom_writable(VAPICROMState *s)
- /* read ROM size from RAM region */
- ram = memory_region_get_ram_ptr(section.mr);
- rom_size = ram[rom_paddr + 2] * ROM_BLOCK_SIZE;
-+ if (rom_size == 0) {
-+ return -1;
-+ }
- s->rom_size = rom_size;
-
- /* We need to round to avoid creating subpages
-@@ -612,11 +615,15 @@ static void vapic_map_rom_writable(VAPICROMState *s)
- memory_region_add_subregion_overlap(as, rom_paddr, &s->rom, 1000);
- s->rom_mapped_writable = true;
- memory_region_unref(section.mr);
-+
-+ return 0;
- }
-
- static int vapic_prepare(VAPICROMState *s)
- {
-- vapic_map_rom_writable(s);
-+ if (vapic_map_rom_writable(s) < 0) {
-+ return -1;
-+ }
-
- if (patch_hypercalls(s) < 0) {
- return -1;
diff --git a/0034-kvmvapic-Enter-inactive-state-on-hardware-reset.patch b/0034-kvmvapic-Enter-inactive-state-on-hardware-reset.patch
deleted file mode 100644
index 0ebb354..0000000
--- a/0034-kvmvapic-Enter-inactive-state-on-hardware-reset.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 7ea8a3c12aa49efc8f503a019dd764f8a0add2cb Mon Sep 17 00:00:00 2001
-From: Jan Kiszka <jan.kiszka@siemens.com>
-Date: Tue, 3 Sep 2013 18:08:51 +0200
-Subject: [PATCH] kvmvapic: Enter inactive state on hardware reset
-
-ROM layout may change after reset of devices are hotplugged, so we have
-to pick up the physical address again when the ROM is initialized. This
-is best achieved by resetting the state to INACTIVE.
-
-CC: qemu-stable@nongnu.org
-Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit c056bc3f3464cfae1c94b7dd633d3ec13b13b655)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/i386/kvmvapic.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
-index 7ac0fe1..f2e335d 100644
---- a/hw/i386/kvmvapic.c
-+++ b/hw/i386/kvmvapic.c
-@@ -510,9 +510,7 @@ static void vapic_reset(DeviceState *dev)
- {
- VAPICROMState *s = VAPIC(dev);
-
-- if (s->state == VAPIC_ACTIVE) {
-- s->state = VAPIC_STANDBY;
-- }
-+ s->state = VAPIC_INACTIVE;
- vapic_enable_tpr_reporting(false);
- }
-
diff --git a/0035-kvmvapic-Clear-also-physical-ROM-address-when-enteri.patch b/0035-kvmvapic-Clear-also-physical-ROM-address-when-enteri.patch
deleted file mode 100644
index a0d029f..0000000
--- a/0035-kvmvapic-Clear-also-physical-ROM-address-when-enteri.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 5d2de77798cacf1dadf6a4211972473e057cc6e5 Mon Sep 17 00:00:00 2001
-From: Jan Kiszka <jan.kiszka@siemens.com>
-Date: Tue, 3 Sep 2013 18:08:52 +0200
-Subject: [PATCH] kvmvapic: Clear also physical ROM address when entering
- INACTIVE state
-
-To avoid misinterpreting INACTIVE after migration as old qemu-kvm's
-STANDBY, also clear rom_state_paddr when going back to this state.
-
-CC: qemu-stable@nongnu.org
-Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(cherry picked from commit 4357930b8a7d2fcff2d8121ec518117428a781e7)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/i386/kvmvapic.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
-index f2e335d..cf6c714 100644
---- a/hw/i386/kvmvapic.c
-+++ b/hw/i386/kvmvapic.c
-@@ -511,6 +511,7 @@ static void vapic_reset(DeviceState *dev)
- VAPICROMState *s = VAPIC(dev);
-
- s->state = VAPIC_INACTIVE;
-+ s->rom_state_paddr = 0;
- vapic_enable_tpr_reporting(false);
- }
-
-@@ -664,6 +665,7 @@ static void vapic_write(void *opaque, hwaddr addr, uint64_t data,
- }
- if (vapic_prepare(s) < 0) {
- s->state = VAPIC_INACTIVE;
-+ s->rom_state_paddr = 0;
- break;
- }
- break;
diff --git a/0036-tci-Fix-qemu-alpha-on-32-bit-hosts-wrong-assertions.patch b/0036-tci-Fix-qemu-alpha-on-32-bit-hosts-wrong-assertions.patch
deleted file mode 100644
index f458952..0000000
--- a/0036-tci-Fix-qemu-alpha-on-32-bit-hosts-wrong-assertions.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From 5c20c1ffe791ca29840fd9607ea034ea24ad7bdd Mon Sep 17 00:00:00 2001
-From: Stefan Weil <sw@weilnetz.de>
-Date: Thu, 12 Sep 2013 20:17:50 +0200
-Subject: [PATCH] tci: Fix qemu-alpha on 32 bit hosts (wrong assertions)
-
-Debian busybox-static for alpha has a load address of 0x0000000120000000
-which is mapped to 0x0000000020000000 for 32 bit hosts.
-
-qemu-alpha uses the TCG opcodes qemu_ld32, qemu_ld64, qemu_st32 and
-qemu_st64 which all raise the assertion (taddr == host_addr).
-
-Remove all assertions of this type because they are either wrong or
-unnecessary (when sizeof(tcg_target_ulong) >= sizeof(target_ulong)).
-
-Cc: qemu-stable <qemu-stable@nongnu.org>
-Signed-off-by: Stefan Weil <sw@weilnetz.de>
-Reviewed-by: Richard Henderson <rth@twiddle.net>
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-(cherry picked from commit 07ac4dc5db22a31e47b149abdbc5ea99013cf4de)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- tci.c | 12 ------------
- 1 file changed, 12 deletions(-)
-
-diff --git a/tci.c b/tci.c
-index c742c8d..af58576 100644
---- a/tci.c
-+++ b/tci.c
-@@ -1085,7 +1085,6 @@ tcg_target_ulong tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
- tmp8 = helper_ldb_mmu(env, taddr, tci_read_i(&tb_ptr));
- #else
- host_addr = (tcg_target_ulong)taddr;
-- assert(taddr == host_addr);
- tmp8 = *(uint8_t *)(host_addr + GUEST_BASE);
- #endif
- tci_write_reg8(t0, tmp8);
-@@ -1097,7 +1096,6 @@ tcg_target_ulong tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
- tmp8 = helper_ldb_mmu(env, taddr, tci_read_i(&tb_ptr));
- #else
- host_addr = (tcg_target_ulong)taddr;
-- assert(taddr == host_addr);
- tmp8 = *(uint8_t *)(host_addr + GUEST_BASE);
- #endif
- tci_write_reg8s(t0, tmp8);
-@@ -1109,7 +1107,6 @@ tcg_target_ulong tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
- tmp16 = helper_ldw_mmu(env, taddr, tci_read_i(&tb_ptr));
- #else
- host_addr = (tcg_target_ulong)taddr;
-- assert(taddr == host_addr);
- tmp16 = tswap16(*(uint16_t *)(host_addr + GUEST_BASE));
- #endif
- tci_write_reg16(t0, tmp16);
-@@ -1121,7 +1118,6 @@ tcg_target_ulong tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
- tmp16 = helper_ldw_mmu(env, taddr, tci_read_i(&tb_ptr));
- #else
- host_addr = (tcg_target_ulong)taddr;
-- assert(taddr == host_addr);
- tmp16 = tswap16(*(uint16_t *)(host_addr + GUEST_BASE));
- #endif
- tci_write_reg16s(t0, tmp16);
-@@ -1134,7 +1130,6 @@ tcg_target_ulong tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
- tmp32 = helper_ldl_mmu(env, taddr, tci_read_i(&tb_ptr));
- #else
- host_addr = (tcg_target_ulong)taddr;
-- assert(taddr == host_addr);
- tmp32 = tswap32(*(uint32_t *)(host_addr + GUEST_BASE));
- #endif
- tci_write_reg32(t0, tmp32);
-@@ -1146,7 +1141,6 @@ tcg_target_ulong tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
- tmp32 = helper_ldl_mmu(env, taddr, tci_read_i(&tb_ptr));
- #else
- host_addr = (tcg_target_ulong)taddr;
-- assert(taddr == host_addr);
- tmp32 = tswap32(*(uint32_t *)(host_addr + GUEST_BASE));
- #endif
- tci_write_reg32s(t0, tmp32);
-@@ -1159,7 +1153,6 @@ tcg_target_ulong tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
- tmp32 = helper_ldl_mmu(env, taddr, tci_read_i(&tb_ptr));
- #else
- host_addr = (tcg_target_ulong)taddr;
-- assert(taddr == host_addr);
- tmp32 = tswap32(*(uint32_t *)(host_addr + GUEST_BASE));
- #endif
- tci_write_reg32(t0, tmp32);
-@@ -1174,7 +1167,6 @@ tcg_target_ulong tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
- tmp64 = helper_ldq_mmu(env, taddr, tci_read_i(&tb_ptr));
- #else
- host_addr = (tcg_target_ulong)taddr;
-- assert(taddr == host_addr);
- tmp64 = tswap64(*(uint64_t *)(host_addr + GUEST_BASE));
- #endif
- tci_write_reg(t0, tmp64);
-@@ -1190,7 +1182,6 @@ tcg_target_ulong tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
- helper_stb_mmu(env, taddr, t0, t2);
- #else
- host_addr = (tcg_target_ulong)taddr;
-- assert(taddr == host_addr);
- *(uint8_t *)(host_addr + GUEST_BASE) = t0;
- #endif
- break;
-@@ -1202,7 +1193,6 @@ tcg_target_ulong tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
- helper_stw_mmu(env, taddr, t0, t2);
- #else
- host_addr = (tcg_target_ulong)taddr;
-- assert(taddr == host_addr);
- *(uint16_t *)(host_addr + GUEST_BASE) = tswap16(t0);
- #endif
- break;
-@@ -1214,7 +1204,6 @@ tcg_target_ulong tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
- helper_stl_mmu(env, taddr, t0, t2);
- #else
- host_addr = (tcg_target_ulong)taddr;
-- assert(taddr == host_addr);
- *(uint32_t *)(host_addr + GUEST_BASE) = tswap32(t0);
- #endif
- break;
-@@ -1226,7 +1215,6 @@ tcg_target_ulong tcg_qemu_tb_exec(CPUArchState *env, uint8_t *tb_ptr)
- helper_stq_mmu(env, taddr, tmp64, t2);
- #else
- host_addr = (tcg_target_ulong)taddr;
-- assert(taddr == host_addr);
- *(uint64_t *)(host_addr + GUEST_BASE) = tswap64(tmp64);
- #endif
- break;
diff --git a/0037-blockdev-do-not-default-cache.no-flush-to-true.patch b/0037-blockdev-do-not-default-cache.no-flush-to-true.patch
deleted file mode 100644
index c7fb6c9..0000000
--- a/0037-blockdev-do-not-default-cache.no-flush-to-true.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From aeab582580fa057dbe646fc3277570af6a8d5ce8 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Thu, 19 Sep 2013 18:48:53 +0200
-Subject: [PATCH] blockdev: do not default cache.no-flush to true
-
-That's why all my VMs were so fast lately. :)
-
-This changed in 1.6.0 by mistake in patch 29c4e2b (blockdev: Split up
-'cache' option, 2013-07-18).
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-(cherry picked from commit 1df6fa4bc6754a170cf511a78e2e6fef84eb5228)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- blockdev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/blockdev.c b/blockdev.c
-index bc7016a..097932c 100644
---- a/blockdev.c
-+++ b/blockdev.c
-@@ -460,7 +460,7 @@ static DriveInfo *blockdev_init(QemuOpts *all_opts,
- if (qemu_opt_get_bool(opts, "cache.direct", false)) {
- bdrv_flags |= BDRV_O_NOCACHE;
- }
-- if (qemu_opt_get_bool(opts, "cache.no-flush", true)) {
-+ if (qemu_opt_get_bool(opts, "cache.no-flush", false)) {
- bdrv_flags |= BDRV_O_NO_FLUSH;
- }
-
diff --git a/0038-virtio-blk-do-not-relay-a-previous-driver-s-WCE-conf.patch b/0038-virtio-blk-do-not-relay-a-previous-driver-s-WCE-conf.patch
deleted file mode 100644
index 8e85b74..0000000
--- a/0038-virtio-blk-do-not-relay-a-previous-driver-s-WCE-conf.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From c8adc0db7e76e804692372a06ca02cc5a80b67d5 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 20 Sep 2013 17:31:55 +0200
-Subject: [PATCH] virtio-blk: do not relay a previous driver's WCE
- configuration to the current
-
-The following sequence happens:
-- the SeaBIOS virtio-blk driver does not support the WCE feature, which
-causes QEMU to disable writeback caching
-
-- the Linux virtio-blk driver resets the device, finds WCE is available
-but writeback caching is disabled; tells block layer to not send cache
-flush commands
-
-- the Linux virtio-blk driver sets the DRIVER_OK bit, which causes
-writeback caching to be re-enabled, but the Linux virtio-blk driver does
-not know of this side effect and cache flushes remain disabled
-
-The bug is at the third step. If the guest does know about CONFIG_WCE,
-QEMU should ignore the WCE feature's state. The guest will control the
-cache mode solely using configuration space. This change makes Linux
-do flushes correctly, but Linux will keep SeaBIOS's writethrough mode.
-
-Hence, whenever the guest is reset, the cache mode of the disk should
-be reset to whatever was specified in the "-drive" option. With this
-change, the Linux virtio-blk driver finds that writeback caching is
-enabled, and tells the block layer to send cache flush commands
-appropriately.
-
-Reported-by: Rusty Russell <rusty@au1.ibm.com
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-(cherry picked from commit ef5bc96268ceec64769617dc53b0ac3a20ff351c)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/block/virtio-blk.c | 24 ++++++++++++++++++++++--
- include/hw/virtio/virtio-blk.h | 1 +
- 2 files changed, 23 insertions(+), 2 deletions(-)
-
-diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
-index e2f55cc..49a23c3 100644
---- a/hw/block/virtio-blk.c
-+++ b/hw/block/virtio-blk.c
-@@ -460,9 +460,9 @@ static void virtio_blk_dma_restart_cb(void *opaque, int running,
-
- static void virtio_blk_reset(VirtIODevice *vdev)
- {
--#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
- VirtIOBlock *s = VIRTIO_BLK(vdev);
-
-+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
- if (s->dataplane) {
- virtio_blk_data_plane_stop(s->dataplane);
- }
-@@ -473,6 +473,7 @@ static void virtio_blk_reset(VirtIODevice *vdev)
- * are per-device request lists.
- */
- bdrv_drain_all();
-+ bdrv_set_enable_write_cache(s->bs, s->original_wce);
- }
-
- /* coalesce internal state, copy to pci i/o region 0
-@@ -564,7 +565,25 @@ static void virtio_blk_set_status(VirtIODevice *vdev, uint8_t status)
- }
-
- features = vdev->guest_features;
-- bdrv_set_enable_write_cache(s->bs, !!(features & (1 << VIRTIO_BLK_F_WCE)));
-+
-+ /* A guest that supports VIRTIO_BLK_F_CONFIG_WCE must be able to send
-+ * cache flushes. Thus, the "auto writethrough" behavior is never
-+ * necessary for guests that support the VIRTIO_BLK_F_CONFIG_WCE feature.
-+ * Leaving it enabled would break the following sequence:
-+ *
-+ * Guest started with "-drive cache=writethrough"
-+ * Guest sets status to 0
-+ * Guest sets DRIVER bit in status field
-+ * Guest reads host features (WCE=0, CONFIG_WCE=1)
-+ * Guest writes guest features (WCE=0, CONFIG_WCE=1)
-+ * Guest writes 1 to the WCE configuration field (writeback mode)
-+ * Guest sets DRIVER_OK bit in status field
-+ *
-+ * s->bs would erroneously be placed in writethrough mode.
-+ */
-+ if (!(features & (1 << VIRTIO_BLK_F_CONFIG_WCE))) {
-+ bdrv_set_enable_write_cache(s->bs, !!(features & (1 << VIRTIO_BLK_F_WCE)));
-+ }
- }
-
- static void virtio_blk_save(QEMUFile *f, void *opaque)
-@@ -674,6 +693,7 @@ static int virtio_blk_device_init(VirtIODevice *vdev)
- }
-
- blkconf_serial(&blk->conf, &blk->serial);
-+ s->original_wce = bdrv_enable_write_cache(blk->conf.bs);
- if (blkconf_geometry(&blk->conf, NULL, 65535, 255, 255) < 0) {
- return -1;
- }
-diff --git a/include/hw/virtio/virtio-blk.h b/include/hw/virtio/virtio-blk.h
-index b87cf49..41885da 100644
---- a/include/hw/virtio/virtio-blk.h
-+++ b/include/hw/virtio/virtio-blk.h
-@@ -123,6 +123,7 @@ typedef struct VirtIOBlock {
- BlockConf *conf;
- VirtIOBlkConf blk;
- unsigned short sector_mask;
-+ bool original_wce;
- VMChangeStateEntry *change;
- #ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
- Notifier migration_state_notifier;
diff --git a/0039-xhci-emulate-intr-endpoint-intervals-correctly.patch b/0039-xhci-emulate-intr-endpoint-intervals-correctly.patch
deleted file mode 100644
index 9474f47..0000000
--- a/0039-xhci-emulate-intr-endpoint-intervals-correctly.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-From dc6fbaa8322ca53f46d9a6cc7e2f82de5362ea83 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Wed, 28 Aug 2013 11:38:44 +0200
-Subject: [PATCH] xhci: emulate intr endpoint intervals correctly
-
-Respect the interval for interrupt endpoints, so we don't finish
-transfers as fast as possible but at the rate configured by the guest.
-
-Fixes guest deadlocks triggered by interrupt storms.
-
-Cc:
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit 4d7a81c06f5f17e019a2d3a18300500bd64f6f40)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/usb/hcd-xhci.c | 44 +++++++++++++++++++++++++++++++++++++-------
- 1 file changed, 37 insertions(+), 7 deletions(-)
-
-diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
-index a6f55a1..8010a6d 100644
---- a/hw/usb/hcd-xhci.c
-+++ b/hw/usb/hcd-xhci.c
-@@ -355,6 +355,7 @@ typedef struct XHCITransfer {
- unsigned int streamid;
- bool in_xfer;
- bool iso_xfer;
-+ bool timed_xfer;
-
- unsigned int trb_count;
- unsigned int trb_alloced;
-@@ -1803,6 +1804,7 @@ static int xhci_fire_ctl_transfer(XHCIState *xhci, XHCITransfer *xfer)
-
- xfer->in_xfer = bmRequestType & USB_DIR_IN;
- xfer->iso_xfer = false;
-+ xfer->timed_xfer = false;
-
- if (xhci_setup_packet(xfer) < 0) {
- return -1;
-@@ -1818,6 +1820,17 @@ static int xhci_fire_ctl_transfer(XHCIState *xhci, XHCITransfer *xfer)
- return 0;
- }
-
-+static void xhci_calc_intr_kick(XHCIState *xhci, XHCITransfer *xfer,
-+ XHCIEPContext *epctx, uint64_t mfindex)
-+{
-+ uint64_t asap = ((mfindex + epctx->interval - 1) &
-+ ~(epctx->interval-1));
-+ uint64_t kick = epctx->mfindex_last + epctx->interval;
-+
-+ assert(epctx->interval != 0);
-+ xfer->mfindex_kick = MAX(asap, kick);
-+}
-+
- static void xhci_calc_iso_kick(XHCIState *xhci, XHCITransfer *xfer,
- XHCIEPContext *epctx, uint64_t mfindex)
- {
-@@ -1840,8 +1853,8 @@ static void xhci_calc_iso_kick(XHCIState *xhci, XHCITransfer *xfer,
- }
- }
-
--static void xhci_check_iso_kick(XHCIState *xhci, XHCITransfer *xfer,
-- XHCIEPContext *epctx, uint64_t mfindex)
-+static void xhci_check_intr_iso_kick(XHCIState *xhci, XHCITransfer *xfer,
-+ XHCIEPContext *epctx, uint64_t mfindex)
- {
- if (xfer->mfindex_kick > mfindex) {
- qemu_mod_timer(epctx->kick_timer, qemu_get_clock_ns(vm_clock) +
-@@ -1866,18 +1879,30 @@ static int xhci_submit(XHCIState *xhci, XHCITransfer *xfer, XHCIEPContext *epctx
- switch(epctx->type) {
- case ET_INTR_OUT:
- case ET_INTR_IN:
-+ xfer->pkts = 0;
-+ xfer->iso_xfer = false;
-+ xfer->timed_xfer = true;
-+ mfindex = xhci_mfindex_get(xhci);
-+ xhci_calc_intr_kick(xhci, xfer, epctx, mfindex);
-+ xhci_check_intr_iso_kick(xhci, xfer, epctx, mfindex);
-+ if (xfer->running_retry) {
-+ return -1;
-+ }
-+ break;
- case ET_BULK_OUT:
- case ET_BULK_IN:
- xfer->pkts = 0;
- xfer->iso_xfer = false;
-+ xfer->timed_xfer = false;
- break;
- case ET_ISO_OUT:
- case ET_ISO_IN:
- xfer->pkts = 1;
- xfer->iso_xfer = true;
-+ xfer->timed_xfer = true;
- mfindex = xhci_mfindex_get(xhci);
- xhci_calc_iso_kick(xhci, xfer, epctx, mfindex);
-- xhci_check_iso_kick(xhci, xfer, epctx, mfindex);
-+ xhci_check_intr_iso_kick(xhci, xfer, epctx, mfindex);
- if (xfer->running_retry) {
- return -1;
- }
-@@ -1938,13 +1963,18 @@ static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid,
-
- trace_usb_xhci_xfer_retry(xfer);
- assert(xfer->running_retry);
-- if (xfer->iso_xfer) {
-- /* retry delayed iso transfer */
-+ if (xfer->timed_xfer) {
-+ /* time to kick the transfer? */
- mfindex = xhci_mfindex_get(xhci);
-- xhci_check_iso_kick(xhci, xfer, epctx, mfindex);
-+ xhci_check_intr_iso_kick(xhci, xfer, epctx, mfindex);
- if (xfer->running_retry) {
- return;
- }
-+ xfer->timed_xfer = 0;
-+ xfer->running_retry = 1;
-+ }
-+ if (xfer->iso_xfer) {
-+ /* retry iso transfer */
- if (xhci_setup_packet(xfer) < 0) {
- return;
- }
-@@ -2030,7 +2060,7 @@ static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid,
- epctx->next_xfer = (epctx->next_xfer + 1) % TD_QUEUE;
- ep = xfer->packet.ep;
- } else {
-- if (!xfer->iso_xfer) {
-+ if (!xfer->timed_xfer) {
- fprintf(stderr, "xhci: error firing data transfer\n");
- }
- }
diff --git a/0040-iov-avoid-orig_len-may-be-used-unitialized-warning.patch b/0040-iov-avoid-orig_len-may-be-used-unitialized-warning.patch
deleted file mode 100644
index c8f386c..0000000
--- a/0040-iov-avoid-orig_len-may-be-used-unitialized-warning.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b314120afdbab3d29885f47fc83bc55f43765968 Mon Sep 17 00:00:00 2001
-From: Michael Tokarev <mjt@tls.msk.ru>
-Date: Sat, 14 Sep 2013 13:11:36 +0400
-Subject: [PATCH] iov: avoid "orig_len may be used unitialized" warning
-
-Signed-off-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
-Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-(cherry picked from commit 2be178a475289286db80de5ddd7830e67e112bdd)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- util/iov.c | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/util/iov.c b/util/iov.c
-index f705586..bb46c04 100644
---- a/util/iov.c
-+++ b/util/iov.c
-@@ -181,13 +181,11 @@ ssize_t iov_send_recv(int sockfd, struct iovec *iov, unsigned iov_cnt,
- assert(iov[niov].iov_len > tail);
- orig_len = iov[niov].iov_len;
- iov[niov++].iov_len = tail;
-- }
--
-- ret = do_send_recv(sockfd, iov, niov, do_send);
--
-- /* Undo the changes above before checking for errors */
-- if (tail) {
-+ ret = do_send_recv(sockfd, iov, niov, do_send);
-+ /* Undo the changes above before checking for errors */
- iov[niov-1].iov_len = orig_len;
-+ } else {
-+ ret = do_send_recv(sockfd, iov, niov, do_send);
- }
- if (offset) {
- iov[0].iov_base -= offset;
diff --git a/0041-tap-Use-numbered-tap-tun-devices-on-all-BSD-OS-s.patch b/0041-tap-Use-numbered-tap-tun-devices-on-all-BSD-OS-s.patch
deleted file mode 100644
index 67f0fe3..0000000
--- a/0041-tap-Use-numbered-tap-tun-devices-on-all-BSD-OS-s.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 6bbb9d8100c90deb4843bfa3cf36e75b843c495b Mon Sep 17 00:00:00 2001
-From: Brad Smith <brad@comstyle.com>
-Date: Sat, 3 Aug 2013 22:20:41 -0400
-Subject: [PATCH] tap: Use numbered tap/tun devices on all *BSD OS's
-
-The following patch simplifies the *BSD tap/tun code and makes use of numbered
-tap/tun interfaces on all *BSD OS's. NetBSD has a patch in their pkgsrc tree
-to make use of this feature and DragonFly also supports this as well.
-
-Signed-off-by: Brad Smith <brad@comstyle.com>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-(cherry picked from commit aa4f082f7526d39dac8e2ca64d192d858014ee10)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- net/tap-bsd.c | 11 -----------
- 1 file changed, 11 deletions(-)
-
-diff --git a/net/tap-bsd.c b/net/tap-bsd.c
-index f61d580..90f8a02 100644
---- a/net/tap-bsd.c
-+++ b/net/tap-bsd.c
-@@ -44,8 +44,6 @@ int tap_open(char *ifname, int ifname_size, int *vnet_hdr,
- struct stat s;
- #endif
-
--#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || \
-- defined(__OpenBSD__) || defined(__APPLE__)
- /* if no ifname is given, always start the search from tap0/tun0. */
- int i;
- char dname[100];
-@@ -76,15 +74,6 @@ int tap_open(char *ifname, int ifname_size, int *vnet_hdr,
- dname, strerror(errno));
- return -1;
- }
--#else
-- TFR(fd = open("/dev/tap", O_RDWR));
-- if (fd < 0) {
-- fprintf(stderr,
-- "warning: could not open /dev/tap: no virtual network emulation: %s\n",
-- strerror(errno));
-- return -1;
-- }
--#endif
-
- #ifdef TAPGIFNAME
- if (ioctl(fd, TAPGIFNAME, (void *)&ifr) < 0) {
diff --git a/0042-rbd-avoid-qemu_rbd_snap_list-memory-leaks.patch b/0042-rbd-avoid-qemu_rbd_snap_list-memory-leaks.patch
deleted file mode 100644
index ebbe492..0000000
--- a/0042-rbd-avoid-qemu_rbd_snap_list-memory-leaks.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From fc06b430942e84a2a69e2a80a6d5b376a8064020 Mon Sep 17 00:00:00 2001
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Wed, 25 Sep 2013 16:00:48 +0200
-Subject: [PATCH] rbd: avoid qemu_rbd_snap_list() memory leaks
-
-When there are no snapshots qemu_rbd_snap_list() returns 0 and the
-snapshot table pointer is NULL. Don't forget to free the snaps buffer
-we allocated for librbd rbd_snap_list().
-
-When the function succeeds don't forget to free the snaps buffer after
-calling rbd_snap_list_end().
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit 9e6337d0818650362149b734d53edf9489f3acaa)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- block/rbd.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/block/rbd.c b/block/rbd.c
-index cb71751..7e7c735 100644
---- a/block/rbd.c
-+++ b/block/rbd.c
-@@ -934,7 +934,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,
- do {
- snaps = g_malloc(sizeof(*snaps) * max_snaps);
- snap_count = rbd_snap_list(s->image, snaps, &max_snaps);
-- if (snap_count < 0) {
-+ if (snap_count <= 0) {
- g_free(snaps);
- }
- } while (snap_count == -ERANGE);
-@@ -958,6 +958,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,
- sn_info->vm_clock_nsec = 0;
- }
- rbd_snap_list_end(snaps);
-+ g_free(snaps);
-
- done:
- *psn_tab = sn_tab;
diff --git a/0043-vmdk-fix-cluster-size-check-for-flat-extents.patch b/0043-vmdk-fix-cluster-size-check-for-flat-extents.patch
deleted file mode 100644
index b8bac4c..0000000
--- a/0043-vmdk-fix-cluster-size-check-for-flat-extents.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 61fbeb6e81f648d25c2d3ba5f0d663d54abed1c1 Mon Sep 17 00:00:00 2001
-From: Fam Zheng <famz@redhat.com>
-Date: Mon, 23 Sep 2013 17:18:29 +0800
-Subject: [PATCH] vmdk: fix cluster size check for flat extents
-
-We use the extent size as cluster size for flat extents (where no L1/L2
-table is allocated so it's safe) reuse sector calculating code with
-sparse extents.
-
-Don't pass in the cluster size for adding flat extent, just set it to
-sectors later, then the cluster size checking will not fail.
-
-The cluster_sectors is changed to int64_t to allow big flat extent.
-
-Without this, flat extent opening is broken:
-
- # qemu-img create -f vmdk -o subformat=monolithicFlat /tmp/a.vmdk 100G
- Formatting '/tmp/a.vmdk', fmt=vmdk size=107374182400 compat6=off subformat='monolithicFlat' zeroed_grain=off
- # qemu-img info /tmp/a.vmdk
- image: /tmp/a.vmdk
- file format: raw
- virtual size: 0 (0 bytes)
- disk size: 4.0K
-
-Signed-off-by: Fam Zheng <famz@redhat.com>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit 301c7d38a0c359b91526391d13617386f3d9bb29)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- block/vmdk.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/block/vmdk.c b/block/vmdk.c
-index 346bb5c..258a24f 100644
---- a/block/vmdk.c
-+++ b/block/vmdk.c
-@@ -105,7 +105,7 @@ typedef struct VmdkExtent {
- uint32_t l2_cache_offsets[L2_CACHE_SIZE];
- uint32_t l2_cache_counts[L2_CACHE_SIZE];
-
-- unsigned int cluster_sectors;
-+ int64_t cluster_sectors;
- } VmdkExtent;
-
- typedef struct BDRVVmdkState {
-@@ -416,7 +416,7 @@ static int vmdk_add_extent(BlockDriverState *bs,
- extent->l1_size = l1_size;
- extent->l1_entry_sectors = l2_size * cluster_sectors;
- extent->l2_size = l2_size;
-- extent->cluster_sectors = cluster_sectors;
-+ extent->cluster_sectors = flat ? sectors : cluster_sectors;
-
- if (s->num_extents > 1) {
- extent->end_sector = (*(extent - 1)).end_sector + extent->sectors;
-@@ -736,7 +736,7 @@ static int vmdk_parse_extents(const char *desc, BlockDriverState *bs,
- VmdkExtent *extent;
-
- ret = vmdk_add_extent(bs, extent_file, true, sectors,
-- 0, 0, 0, 0, sectors, &extent);
-+ 0, 0, 0, 0, 0, &extent);
- if (ret < 0) {
- return ret;
- }
diff --git a/0044-piix4-disable-io-on-reset.patch b/0044-piix4-disable-io-on-reset.patch
deleted file mode 100644
index e37b62b..0000000
--- a/0044-piix4-disable-io-on-reset.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From ae00a27feab0ca12d2a802cfae9ee65ba3d43602 Mon Sep 17 00:00:00 2001
-From: "Michael S. Tsirkin" <mst@redhat.com>
-Date: Wed, 11 Sep 2013 13:33:31 +0300
-Subject: [PATCH] piix4: disable io on reset
-
-io base register at 0x40 is cleared on reset,
-but io is not disabled until some other event
-happens to call pm_io_space_update.
-
-Invoke pm_io_space_update directly to make this
-consistent.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-(cherry picked from commit c046e8c4a26c902ca1b4f5bdf668a2da6bc75f54)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/acpi/piix4.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
-index c885690..3aaf18c 100644
---- a/hw/acpi/piix4.c
-+++ b/hw/acpi/piix4.c
-@@ -380,6 +380,7 @@ static void piix4_reset(void *opaque)
- /* Mark SMM as already inited (until KVM supports SMM). */
- pci_conf[0x5B] = 0x02;
- }
-+ pm_io_space_update(s);
- piix4_update_hotplug(s);
- }
-
diff --git a/0045-coroutine-add-.-configure-disable-coroutine-pool.patch b/0045-coroutine-add-.-configure-disable-coroutine-pool.patch
deleted file mode 100644
index 2c416fd..0000000
--- a/0045-coroutine-add-.-configure-disable-coroutine-pool.patch
+++ /dev/null
@@ -1,163 +0,0 @@
-From ba20326a937421c50a775907dc9ac726bb9a9b50 Mon Sep 17 00:00:00 2001
-From: Stefan Hajnoczi <stefanha@redhat.com>
-Date: Wed, 11 Sep 2013 16:42:35 +0200
-Subject: [PATCH] coroutine: add ./configure --disable-coroutine-pool
-
-The 'gthread' coroutine backend was written before the freelist (aka
-pool) existed in qemu-coroutine.c.
-
-This means that every thread is expected to exit when its coroutine
-terminates. It is not possible to reuse threads from a pool.
-
-This patch automatically disables the pool when 'gthread' is used. This
-allows the 'gthread' backend to work again (for example,
-tests/test-coroutine completes successfully instead of hanging).
-
-I considered implementing thread reuse but I don't want quirks like CPU
-affinity differences due to coroutine threads being recycled. The
-'gthread' backend is a reference backend and it's therefore okay to skip
-the pool optimization.
-
-Note this patch also makes it easy to toggle the pool for benchmarking
-purposes:
-
- ./configure --with-coroutine-backend=ucontext \
- --disable-coroutine-pool
-
-Reported-by: Gabriel Kerneis <gabriel@kerneis.info>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Gabriel Kerneis <gabriel@kerneis.info>
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-(cherry picked from commit 70c60c089fdc6bf8a79324e492c13e8c08d55942)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- configure | 24 ++++++++++++++++++++++++
- qemu-coroutine.c | 34 +++++++++++++++++++---------------
- 2 files changed, 43 insertions(+), 15 deletions(-)
-
-diff --git a/configure b/configure
-index 18fa608..4cf672d 100755
---- a/configure
-+++ b/configure
-@@ -235,6 +235,7 @@ guest_agent=""
- want_tools="yes"
- libiscsi=""
- coroutine=""
-+coroutine_pool=""
- seccomp=""
- glusterfs=""
- glusterfs_discard="no"
-@@ -871,6 +872,10 @@ for opt do
- ;;
- --with-coroutine=*) coroutine="$optarg"
- ;;
-+ --disable-coroutine-pool) coroutine_pool="no"
-+ ;;
-+ --enable-coroutine-pool) coroutine_pool="yes"
-+ ;;
- --disable-docs) docs="no"
- ;;
- --enable-docs) docs="yes"
-@@ -1152,6 +1157,8 @@ echo " --disable-seccomp disable seccomp support"
- echo " --enable-seccomp enables seccomp support"
- echo " --with-coroutine=BACKEND coroutine backend. Supported options:"
- echo " gthread, ucontext, sigaltstack, windows"
-+echo " --disable-coroutine-pool disable coroutine freelist (worse performance)"
-+echo " --enable-coroutine-pool enable coroutine freelist (better performance)"
- echo " --enable-glusterfs enable GlusterFS backend"
- echo " --disable-glusterfs disable GlusterFS backend"
- echo " --enable-gcov enable test coverage analysis with gcov"
-@@ -3240,6 +3247,17 @@ else
- esac
- fi
-
-+if test "$coroutine_pool" = ""; then
-+ if test "$coroutine" = "gthread"; then
-+ coroutine_pool=no
-+ else
-+ coroutine_pool=yes
-+ fi
-+fi
-+if test "$coroutine" = "gthread" -a "$coroutine_pool" = "yes"; then
-+ error_exit "'gthread' coroutine backend does not support pool (use --disable-coroutine-pool)"
-+fi
-+
- ##########################################
- # check if we have open_by_handle_at
-
-@@ -3605,6 +3623,7 @@ echo "libiscsi support $libiscsi"
- echo "build guest agent $guest_agent"
- echo "seccomp support $seccomp"
- echo "coroutine backend $coroutine"
-+echo "coroutine pool $coroutine_pool"
- echo "GlusterFS support $glusterfs"
- echo "virtio-blk-data-plane $virtio_blk_data_plane"
- echo "gcov $gcov_tool"
-@@ -3954,6 +3973,11 @@ if test "$rbd" = "yes" ; then
- fi
-
- echo "CONFIG_COROUTINE_BACKEND=$coroutine" >> $config_host_mak
-+if test "$coroutine_pool" = "yes" ; then
-+ echo "CONFIG_COROUTINE_POOL=1" >> $config_host_mak
-+else
-+ echo "CONFIG_COROUTINE_POOL=0" >> $config_host_mak
-+fi
-
- if test "$open_by_handle_at" = "yes" ; then
- echo "CONFIG_OPEN_BY_HANDLE=y" >> $config_host_mak
-diff --git a/qemu-coroutine.c b/qemu-coroutine.c
-index 423430d..4708521 100644
---- a/qemu-coroutine.c
-+++ b/qemu-coroutine.c
-@@ -30,15 +30,17 @@ static unsigned int pool_size;
-
- Coroutine *qemu_coroutine_create(CoroutineEntry *entry)
- {
-- Coroutine *co;
--
-- qemu_mutex_lock(&pool_lock);
-- co = QSLIST_FIRST(&pool);
-- if (co) {
-- QSLIST_REMOVE_HEAD(&pool, pool_next);
-- pool_size--;
-+ Coroutine *co = NULL;
-+
-+ if (CONFIG_COROUTINE_POOL) {
-+ qemu_mutex_lock(&pool_lock);
-+ co = QSLIST_FIRST(&pool);
-+ if (co) {
-+ QSLIST_REMOVE_HEAD(&pool, pool_next);
-+ pool_size--;
-+ }
-+ qemu_mutex_unlock(&pool_lock);
- }
-- qemu_mutex_unlock(&pool_lock);
-
- if (!co) {
- co = qemu_coroutine_new();
-@@ -51,15 +53,17 @@ Coroutine *qemu_coroutine_create(CoroutineEntry *entry)
-
- static void coroutine_delete(Coroutine *co)
- {
-- qemu_mutex_lock(&pool_lock);
-- if (pool_size < POOL_MAX_SIZE) {
-- QSLIST_INSERT_HEAD(&pool, co, pool_next);
-- co->caller = NULL;
-- pool_size++;
-+ if (CONFIG_COROUTINE_POOL) {
-+ qemu_mutex_lock(&pool_lock);
-+ if (pool_size < POOL_MAX_SIZE) {
-+ QSLIST_INSERT_HEAD(&pool, co, pool_next);
-+ co->caller = NULL;
-+ pool_size++;
-+ qemu_mutex_unlock(&pool_lock);
-+ return;
-+ }
- qemu_mutex_unlock(&pool_lock);
-- return;
- }
-- qemu_mutex_unlock(&pool_lock);
-
- qemu_coroutine_delete(co);
- }
diff --git a/0046-qemu-Adjust-qemu-wakeup.patch b/0046-qemu-Adjust-qemu-wakeup.patch
deleted file mode 100644
index 973119b..0000000
--- a/0046-qemu-Adjust-qemu-wakeup.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From bc05a488b49f903e404323b76ca9b675318393fc Mon Sep 17 00:00:00 2001
-From: "Liu, Jinsong" <jinsong.liu@intel.com>
-Date: Wed, 25 Sep 2013 16:38:29 +0000
-Subject: [PATCH] qemu: Adjust qemu wakeup
-
-Currently Xen hvm s3 has a bug coming from the difference between
-qemu-traditioanl and qemu-xen. For qemu-traditional, the way to
-resume from hvm s3 is via 'xl trigger' command. However, for
-qemu-xen, the way to resume from hvm s3 inherited from standard
-qemu, i.e. via QMP, and it doesn't work under Xen.
-
-The root cause is, for qemu-xen, 'xl trigger' command didn't reset
-devices, while QMP didn't unpause hvm domain though they did qemu
-system reset.
-
-We have two qemu patches and one xl patch to fix Xen hvm s3 bug.
-This patch is the qemu patch 1. It adjusts qemu wakeup so that
-Xen s3 resume logic (which will be implemented at qemu patch 2)
-will be notified after qemu system reset.
-
-Signed-off-by: Liu Jinsong <jinsong.liu@intel.com>
-Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
-(cherry picked from commit 4bc78a877252d772b983810a7d2c0be00e9be70e)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/acpi/core.c | 3 ++-
- include/sysemu/sysemu.h | 4 +++-
- vl.c | 15 +++++++--------
- 3 files changed, 12 insertions(+), 10 deletions(-)
-
-diff --git a/hw/acpi/core.c b/hw/acpi/core.c
-index b07feda..769cfdb 100644
---- a/hw/acpi/core.c
-+++ b/hw/acpi/core.c
-@@ -324,12 +324,13 @@ static void acpi_notify_wakeup(Notifier *notifier, void *data)
- (ACPI_BITMASK_WAKE_STATUS | ACPI_BITMASK_TIMER_STATUS);
- break;
- case QEMU_WAKEUP_REASON_OTHER:
-- default:
- /* ACPI_BITMASK_WAKE_STATUS should be set on resume.
- Pretend that resume was caused by power button */
- ar->pm1.evt.sts |=
- (ACPI_BITMASK_WAKE_STATUS | ACPI_BITMASK_POWER_BUTTON_STATUS);
- break;
-+ default:
-+ break;
- }
- }
-
-diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
-index d7a77b6..1a77c99 100644
---- a/include/sysemu/sysemu.h
-+++ b/include/sysemu/sysemu.h
-@@ -39,9 +39,11 @@ int vm_stop(RunState state);
- int vm_stop_force_state(RunState state);
-
- typedef enum WakeupReason {
-- QEMU_WAKEUP_REASON_OTHER = 0,
-+ /* Always keep QEMU_WAKEUP_REASON_NONE = 0 */
-+ QEMU_WAKEUP_REASON_NONE = 0,
- QEMU_WAKEUP_REASON_RTC,
- QEMU_WAKEUP_REASON_PMTIMER,
-+ QEMU_WAKEUP_REASON_OTHER,
- } WakeupReason;
-
- void qemu_system_reset_request(void);
-diff --git a/vl.c b/vl.c
-index f422a1c..2160933 100644
---- a/vl.c
-+++ b/vl.c
-@@ -1792,14 +1792,14 @@ static pid_t shutdown_pid;
- static int powerdown_requested;
- static int debug_requested;
- static int suspend_requested;
--static int wakeup_requested;
-+static WakeupReason wakeup_reason;
- static NotifierList powerdown_notifiers =
- NOTIFIER_LIST_INITIALIZER(powerdown_notifiers);
- static NotifierList suspend_notifiers =
- NOTIFIER_LIST_INITIALIZER(suspend_notifiers);
- static NotifierList wakeup_notifiers =
- NOTIFIER_LIST_INITIALIZER(wakeup_notifiers);
--static uint32_t wakeup_reason_mask = ~0;
-+static uint32_t wakeup_reason_mask = ~(1 << QEMU_WAKEUP_REASON_NONE);
- static RunState vmstop_requested = RUN_STATE_MAX;
-
- int qemu_shutdown_requested_get(void)
-@@ -1849,11 +1849,9 @@ static int qemu_suspend_requested(void)
- return r;
- }
-
--static int qemu_wakeup_requested(void)
-+static WakeupReason qemu_wakeup_requested(void)
- {
-- int r = wakeup_requested;
-- wakeup_requested = 0;
-- return r;
-+ return wakeup_reason;
- }
-
- static int qemu_powerdown_requested(void)
-@@ -1970,8 +1968,7 @@ void qemu_system_wakeup_request(WakeupReason reason)
- return;
- }
- runstate_set(RUN_STATE_RUNNING);
-- notifier_list_notify(&wakeup_notifiers, &reason);
-- wakeup_requested = 1;
-+ wakeup_reason = reason;
- qemu_notify_event();
- }
-
-@@ -2063,6 +2060,8 @@ static bool main_loop_should_exit(void)
- pause_all_vcpus();
- cpu_synchronize_all_states();
- qemu_system_reset(VMRESET_SILENT);
-+ notifier_list_notify(&wakeup_notifiers, &wakeup_reason);
-+ wakeup_reason = QEMU_WAKEUP_REASON_NONE;
- resume_all_vcpus();
- monitor_protocol_event(QEVENT_WAKEUP, NULL);
- }
diff --git a/0047-qemu-Add-qemu-xen-logic-for-Xen-HVM-S3-resume.patch b/0047-qemu-Add-qemu-xen-logic-for-Xen-HVM-S3-resume.patch
deleted file mode 100644
index f6e06a5..0000000
--- a/0047-qemu-Add-qemu-xen-logic-for-Xen-HVM-S3-resume.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 1b5f7709411a412ec8ce21004a47f51ab6c3f3ad Mon Sep 17 00:00:00 2001
-From: "Liu, Jinsong" <jinsong.liu@intel.com>
-Date: Wed, 25 Sep 2013 16:40:23 +0000
-Subject: [PATCH] qemu: Add qemu xen logic for Xen HVM S3 resume
-
-This patch is qemu patch 2 to fix Xen HVM S3 bug, adding qemu
-xen logic. When qemu wakeup, qemu xen logic is notified and
-hypercall to xen hypervisor to unpause domain.
-
-Signed-off-by: Liu Jinsong <jinsong.liu@intel.com>
-Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
-Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
-(cherry picked from commit 11addd0ab9371af2b6ec028c7fe4e4c4992252fc)
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- xen-all.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/xen-all.c b/xen-all.c
-index e1d0694..7894ac6 100644
---- a/xen-all.c
-+++ b/xen-all.c
-@@ -98,6 +98,7 @@ typedef struct XenIOState {
-
- Notifier exit;
- Notifier suspend;
-+ Notifier wakeup;
- } XenIOState;
-
- /* Xen specific function for piix pci */
-@@ -1060,6 +1061,11 @@ static void xen_read_physmap(XenIOState *state)
- free(entries);
- }
-
-+static void xen_wakeup_notifier(Notifier *notifier, void *data)
-+{
-+ xc_set_hvm_param(xen_xc, xen_domid, HVM_PARAM_ACPI_S_STATE, 0);
-+}
-+
- int xen_hvm_init(MemoryRegion **ram_memory)
- {
- int i, rc;
-@@ -1089,6 +1095,9 @@ int xen_hvm_init(MemoryRegion **ram_memory)
- state->suspend.notify = xen_suspend_notifier;
- qemu_register_suspend_notifier(&state->suspend);
-
-+ state->wakeup.notify = xen_wakeup_notifier;
-+ qemu_register_wakeup_notifier(&state->wakeup);
-+
- xc_get_hvm_param(xen_xc, xen_domid, HVM_PARAM_IOREQ_PFN, &ioreq_pfn);
- DPRINTF("shared page at pfn %lx\n", ioreq_pfn);
- state->shared_page = xc_map_foreign_range(xen_xc, xen_domid, XC_PAGE_SIZE,
diff --git a/0048-scsi-Allocate-SCSITargetReq-r-buf-dynamically.patch b/0048-scsi-Allocate-SCSITargetReq-r-buf-dynamically.patch
deleted file mode 100644
index d921981..0000000
--- a/0048-scsi-Allocate-SCSITargetReq-r-buf-dynamically.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-From fdcbe7d587a64dec0db0d3c9a3b230c39efbfeef Mon Sep 17 00:00:00 2001
-From: Asias He <asias@redhat.com>
-Date: Fri, 13 Sep 2013 14:56:55 +0800
-Subject: [PATCH] scsi: Allocate SCSITargetReq r->buf dynamically
-
-BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1007330
-Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=6282465
-
-This is the backport of the following commit. The patch is not
-sent public since it is a embargoed bug.
-
- r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
- most. If more than 256 luns are specified by user, we have buffer
- overflow in scsi_target_emulate_report_luns.
-
- To fix, we allocate the buffer dynamically.
-
- Signed-off-by: Asias He <asias@redhat.com>
-
-Signed-off-by: Asias He <asias@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
-*s/&r->buf/r->buf/ due to type change
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- hw/scsi/scsi-bus.c | 44 +++++++++++++++++++++++++++++++++-----------
- include/hw/scsi/scsi.h | 2 ++
- 2 files changed, 35 insertions(+), 11 deletions(-)
-
-diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
-index 8fe4f4c..ad26c25 100644
---- a/hw/scsi/scsi-bus.c
-+++ b/hw/scsi/scsi-bus.c
-@@ -11,6 +11,8 @@ static char *scsibus_get_dev_path(DeviceState *dev);
- static char *scsibus_get_fw_dev_path(DeviceState *dev);
- static int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf);
- static void scsi_req_dequeue(SCSIRequest *req);
-+static uint8_t *scsi_target_alloc_buf(SCSIRequest *req, size_t len);
-+static void scsi_target_free_buf(SCSIRequest *req);
-
- static Property scsi_props[] = {
- DEFINE_PROP_UINT32("channel", SCSIDevice, channel, 0),
-@@ -317,7 +319,8 @@ typedef struct SCSITargetReq SCSITargetReq;
- struct SCSITargetReq {
- SCSIRequest req;
- int len;
-- uint8_t buf[2056];
-+ uint8_t *buf;
-+ int buf_len;
- };
-
- static void store_lun(uint8_t *outbuf, int lun)
-@@ -361,14 +364,12 @@ static bool scsi_target_emulate_report_luns(SCSITargetReq *r)
- if (!found_lun0) {
- n += 8;
- }
-- len = MIN(n + 8, r->req.cmd.xfer & ~7);
-- if (len > sizeof(r->buf)) {
-- /* TODO: > 256 LUNs? */
-- return false;
-- }
-
-+ scsi_target_alloc_buf(&r->req, n + 8);
-+
-+ len = MIN(n + 8, r->req.cmd.xfer & ~7);
- memset(r->buf, 0, len);
-- stl_be_p(&r->buf, n);
-+ stl_be_p(r->buf, n);
- i = found_lun0 ? 8 : 16;
- QTAILQ_FOREACH(kid, &r->req.bus->qbus.children, sibling) {
- DeviceState *qdev = kid->child;
-@@ -387,6 +388,9 @@ static bool scsi_target_emulate_report_luns(SCSITargetReq *r)
- static bool scsi_target_emulate_inquiry(SCSITargetReq *r)
- {
- assert(r->req.dev->lun != r->req.lun);
-+
-+ scsi_target_alloc_buf(&r->req, SCSI_INQUIRY_LEN);
-+
- if (r->req.cmd.buf[1] & 0x2) {
- /* Command support data - optional, not implemented */
- return false;
-@@ -411,7 +415,7 @@ static bool scsi_target_emulate_inquiry(SCSITargetReq *r)
- return false;
- }
- /* done with EVPD */
-- assert(r->len < sizeof(r->buf));
-+ assert(r->len < r->buf_len);
- r->len = MIN(r->req.cmd.xfer, r->len);
- return true;
- }
-@@ -455,8 +459,8 @@ static int32_t scsi_target_send_command(SCSIRequest *req, uint8_t *buf)
- }
- break;
- case REQUEST_SENSE:
-- r->len = scsi_device_get_sense(r->req.dev, r->buf,
-- MIN(req->cmd.xfer, sizeof r->buf),
-+ scsi_target_alloc_buf(&r->req, SCSI_SENSE_LEN);
-+ r->len = scsi_device_get_sense(r->req.dev, r->buf, r->buf_len,
- (req->cmd.buf[1] & 1) == 0);
- if (r->req.dev->sense_is_ua) {
- scsi_device_unit_attention_reported(req->dev);
-@@ -501,11 +505,29 @@ static uint8_t *scsi_target_get_buf(SCSIRequest *req)
- return r->buf;
- }
-
-+static uint8_t *scsi_target_alloc_buf(SCSIRequest *req, size_t len)
-+{
-+ SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
-+
-+ r->buf = g_malloc(len);
-+ r->buf_len = len;
-+
-+ return r->buf;
-+}
-+
-+static void scsi_target_free_buf(SCSIRequest *req)
-+{
-+ SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);
-+
-+ g_free(r->buf);
-+}
-+
- static const struct SCSIReqOps reqops_target_command = {
- .size = sizeof(SCSITargetReq),
- .send_command = scsi_target_send_command,
- .read_data = scsi_target_read_data,
- .get_buf = scsi_target_get_buf,
-+ .free_req = scsi_target_free_buf,
- };
-
-
-@@ -1365,7 +1387,7 @@ int scsi_build_sense(uint8_t *in_buf, int in_len,
- buf[7] = 10;
- buf[12] = sense.asc;
- buf[13] = sense.ascq;
-- return MIN(len, 18);
-+ return MIN(len, SCSI_SENSE_LEN);
- } else {
- /* Return descriptor format sense buffer */
- buf[0] = 0x72;
-diff --git a/include/hw/scsi/scsi.h b/include/hw/scsi/scsi.h
-index 8786531..18cb694 100644
---- a/include/hw/scsi/scsi.h
-+++ b/include/hw/scsi/scsi.h
-@@ -9,6 +9,8 @@
- #define MAX_SCSI_DEVS 255
-
- #define SCSI_CMD_BUF_SIZE 16
-+#define SCSI_SENSE_LEN 18
-+#define SCSI_INQUIRY_LEN 36
-
- typedef struct SCSIBus SCSIBus;
- typedef struct SCSIBusInfo SCSIBusInfo;
diff --git a/0049-Update-VERSION-for-1.6.1-release.patch b/0049-Update-VERSION-for-1.6.1-release.patch
deleted file mode 100644
index 30bfee2..0000000
--- a/0049-Update-VERSION-for-1.6.1-release.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-From 62ecc3a0e3c77a4944c92a02dd7fae2ab1f2290d Mon Sep 17 00:00:00 2001
-From: Michael Roth <mdroth@linux.vnet.ibm.com>
-Date: Fri, 4 Oct 2013 10:21:43 -0500
-Subject: [PATCH] Update VERSION for 1.6.1 release
-
-Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
----
- VERSION | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/VERSION b/VERSION
-index dc1e644..9c6d629 100644
---- a/VERSION
-+++ b/VERSION
-@@ -1 +1 @@
--1.6.0
-+1.6.1
diff --git a/0101-Fix-migration-from-qemu-kvm.patch b/0101-Fix-migration-from-qemu-kvm.patch
deleted file mode 100644
index a263329..0000000
--- a/0101-Fix-migration-from-qemu-kvm.patch
+++ /dev/null
@@ -1,212 +0,0 @@
-From 2196426a9b081cb99f4bdefb854aaa206bdd0392 Mon Sep 17 00:00:00 2001
-From: Cole Robinson <crobinso@redhat.com>
-Date: Fri, 16 Aug 2013 12:14:51 -0400
-Subject: [PATCH] Fix migration from qemu-kvm
-
-Details are in the code comments for each change. Just lumped this together
-to ease patch maintenance.
-
-Everything except the video memory bits can likely be dropped by Fedora 21
-time frame. Need to figure out if there's anything to upstream for the
-video memory bits.
----
- hw/acpi/piix4.c | 8 ++++++-
- hw/display/qxl.c | 9 ++++----
- hw/i386/pc_piix.c | 61 +++++++++++++++++++++++++++++++++++++++++++++----
- hw/timer/i8254_common.c | 7 +++++-
- 4 files changed, 74 insertions(+), 11 deletions(-)
-
-diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
-index 3aaf18c..6fbe57c 100644
---- a/hw/acpi/piix4.c
-+++ b/hw/acpi/piix4.c
-@@ -289,7 +289,13 @@ static int acpi_load_old(QEMUFile *f, void *opaque, int version_id)
- static const VMStateDescription vmstate_acpi = {
- .name = "piix4_pm",
- .version_id = 3,
-- .minimum_version_id = 3,
-+ /*
-+ * qemu-kvm 1.2 uses qemu.git version 3 format, but advertised as 2.
-+ * This allows incoming migration from qemu-kvm, but breaks incoming
-+ * migration from qemu < 1.3.
-+ */
-+ //minimum_version_id = 3,
-+ .minimum_version_id = 2,
- .minimum_version_id_old = 1,
- .load_state_old = acpi_load_old,
- .post_load = vmstate_acpi_post_load,
-diff --git a/hw/display/qxl.c b/hw/display/qxl.c
-index c537057..7ef3eff 100644
---- a/hw/display/qxl.c
-+++ b/hw/display/qxl.c
-@@ -307,16 +307,14 @@ static inline uint32_t msb_mask(uint32_t val)
- return mask;
- }
-
--static ram_addr_t qxl_rom_size(void)
-+static void check_qxl_rom_size(PCIQXLDevice *d)
- {
- uint32_t required_rom_size = sizeof(QXLRom) + sizeof(QXLModes) +
- sizeof(qxl_modes);
-- uint32_t rom_size = 8192; /* two pages */
-
- required_rom_size = MAX(required_rom_size, TARGET_PAGE_SIZE);
- required_rom_size = msb_mask(required_rom_size * 2 - 1);
-- assert(required_rom_size <= rom_size);
-- return rom_size;
-+ assert(required_rom_size <= d->rom_size);
- }
-
- static void init_qxl_rom(PCIQXLDevice *d)
-@@ -1981,7 +1979,7 @@ static int qxl_init_common(PCIQXLDevice *qxl)
- pci_set_byte(&config[PCI_REVISION_ID], pci_device_rev);
- pci_set_byte(&config[PCI_INTERRUPT_PIN], 1);
-
-- qxl->rom_size = qxl_rom_size();
-+ check_qxl_rom_size(qxl);
- memory_region_init_ram(&qxl->rom_bar, OBJECT(qxl), "qxl.vrom",
- qxl->rom_size);
- vmstate_register_ram(&qxl->rom_bar, &qxl->pci.qdev);
-@@ -2309,6 +2307,7 @@ static Property qxl_properties[] = {
- DEFINE_PROP_UINT32("vram64_size_mb", PCIQXLDevice, vram_size_mb, -1),
- DEFINE_PROP_UINT32("vgamem_mb", PCIQXLDevice, vgamem_size_mb, 16),
- DEFINE_PROP_INT32("surfaces", PCIQXLDevice, ssd.num_surfaces, 1024),
-+ DEFINE_PROP_UINT32("rom_size", PCIQXLDevice, rom_size, 8192),
- DEFINE_PROP_END_OF_LIST(),
- };
-
-diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
-index 3df2ff9..28216ee 100644
---- a/hw/i386/pc_piix.c
-+++ b/hw/i386/pc_piix.c
-@@ -377,6 +377,24 @@ static QEMUMachine pc_i440fx_machine_v1_4 = {
- DEFAULT_MACHINE_OPTIONS,
- };
-
-+/*
-+ * Commit 038c1879a00153b14bce113315b693e8c2944fa9 changed the qxl rom
-+ * size to 8192, which fixes incoming migration from qemu 1.0. However
-+ * from qemu 1.2 and 1.3 had rom size 16384, so incoming migration
-+ * from those versions is now broken.
-+ *
-+ * Add a rom_size compat property. 1.2 and 1.3 get 16384, everything
-+ * else is 8192.
-+ *
-+ * This isn't actually fool proof, since rom_size can be dependent on
-+ * the version of spice qemu is built against:
-+ *
-+ * https://lists.gnu.org/archive/html/qemu-devel/2013-02/msg03154.html
-+ *
-+ * However these sizes match what native Fedora packages get, so it's
-+ * good enough for now.
-+ */
-+
- #define PC_COMPAT_1_3 \
- PC_COMPAT_1_4, \
- {\
-@@ -395,8 +413,17 @@ static QEMUMachine pc_i440fx_machine_v1_4 = {
- .driver = "e1000",\
- .property = "autonegotiation",\
- .value = "off",\
-+ },{ \
-+ .driver = "qxl", \
-+ .property = "rom_size", \
-+ .value = stringify(16384), \
-+ },{\
-+ .driver = "qxl-vga", \
-+ .property = "rom_size", \
-+ .value = stringify(16384), \
- }
-
-+
- static QEMUMachine pc_machine_v1_3 = {
- .name = "pc-1.3",
- .desc = "Standard PC",
-@@ -409,6 +436,19 @@ static QEMUMachine pc_machine_v1_3 = {
- DEFAULT_MACHINE_OPTIONS,
- };
-
-+
-+/*
-+ * https://lists.gnu.org/archive/html/qemu-devel/2013-01/msg02540.html
-+ *
-+ * qemu-kvm defaulted to vgamem=16MB since at least 0.15, while qemu used
-+ * 8MB. For qemu 1.2, the default was changed to 16MB for all devices
-+ * except cirrus.
-+ *
-+ * Make sure cirrus uses 16MB for <= pc-1.2 (the qemu-kvm merge),
-+ * and 16MB always for all others. This will break incoming qemu
-+ * migration for qemu < 1.3.
-+ */
-+
- #define PC_COMPAT_1_2 \
- PC_COMPAT_1_3,\
- {\
-@@ -432,6 +472,10 @@ static QEMUMachine pc_machine_v1_3 = {
- .property = "revision",\
- .value = stringify(3),\
- },{\
-+ .driver = "cirrus-vga",\
-+ .property = "vgamem_mb",\
-+ .value = stringify(16),\
-+ },{\
- .driver = "VGA",\
- .property = "mmio",\
- .value = "off",\
-@@ -462,25 +506,34 @@ static QEMUMachine pc_machine_v1_2 = {
- },{\
- .driver = "VGA",\
- .property = "vgamem_mb",\
-- .value = stringify(8),\
-+ .value = stringify(16),\
- },{\
- .driver = "vmware-svga",\
- .property = "vgamem_mb",\
-- .value = stringify(8),\
-+ .value = stringify(16),\
- },{\
- .driver = "qxl-vga",\
- .property = "vgamem_mb",\
-- .value = stringify(8),\
-+ .value = stringify(16),\
- },{\
- .driver = "qxl",\
- .property = "vgamem_mb",\
-- .value = stringify(8),\
-+ .value = stringify(16),\
- },{\
- .driver = "virtio-blk-pci",\
- .property = "config-wce",\
- .value = "off",\
-+ },{ \
-+ .driver = "qxl", \
-+ .property = "rom_size", \
-+ .value = stringify(8192), \
-+ },{\
-+ .driver = "qxl-vga", \
-+ .property = "rom_size", \
-+ .value = stringify(8192), \
- }
-
-+
- static QEMUMachine pc_machine_v1_1 = {
- .name = "pc-1.1",
- .desc = "Standard PC",
-diff --git a/hw/timer/i8254_common.c b/hw/timer/i8254_common.c
-index 4e5bf0b..cbc00a0 100644
---- a/hw/timer/i8254_common.c
-+++ b/hw/timer/i8254_common.c
-@@ -267,7 +267,12 @@ static const VMStateDescription vmstate_pit_common = {
- .pre_save = pit_dispatch_pre_save,
- .post_load = pit_dispatch_post_load,
- .fields = (VMStateField[]) {
-- VMSTATE_UINT32_V(channels[0].irq_disabled, PITCommonState, 3),
-+ /* qemu-kvm version_id=2 had 'flags' here which is equivalent
-+ * This fixes incoming migration from qemu-kvm 1.0, but breaks
-+ * incoming migration from qemu < 1.1
-+ */
-+ //VMSTATE_UINT32_V(channels[0].irq_disabled, PITCommonState, 3),
-+ VMSTATE_UINT32(channels[0].irq_disabled, PITCommonState),
- VMSTATE_STRUCT_ARRAY(channels, PITCommonState, 3, 2,
- vmstate_pit_channel, PITChannelState),
- VMSTATE_INT64(channels[0].next_transition_time,
diff --git a/0101-qcow2-Pass-discard-type-to-qcow2_discard_clusters.patch b/0101-qcow2-Pass-discard-type-to-qcow2_discard_clusters.patch
new file mode 100644
index 0000000..b31f925
--- /dev/null
+++ b/0101-qcow2-Pass-discard-type-to-qcow2_discard_clusters.patch
@@ -0,0 +1,81 @@
+From 411a7e4ad457f7f3c9f1d02ef9f726ce13a35f08 Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Fri, 6 Sep 2013 12:32:25 +0200
+Subject: [PATCH] qcow2: Pass discard type to qcow2_discard_clusters()
+
+The function will be used internally instead of only being called for
+guest discard requests.
+
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+---
+ block/qcow2-cluster.c | 8 ++++----
+ block/qcow2.c | 2 +-
+ block/qcow2.h | 2 +-
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
+index cca76d4..8c3185d 100644
+--- a/block/qcow2-cluster.c
++++ b/block/qcow2-cluster.c
+@@ -1317,7 +1317,7 @@ int qcow2_decompress_cluster(BlockDriverState *bs, uint64_t cluster_offset)
+ * clusters.
+ */
+ static int discard_single_l2(BlockDriverState *bs, uint64_t offset,
+- unsigned int nb_clusters)
++ unsigned int nb_clusters, enum qcow2_discard_type type)
+ {
+ BDRVQcowState *s = bs->opaque;
+ uint64_t *l2_table;
+@@ -1346,7 +1346,7 @@ static int discard_single_l2(BlockDriverState *bs, uint64_t offset,
+ l2_table[l2_index + i] = cpu_to_be64(0);
+
+ /* Then decrease the refcount */
+- qcow2_free_any_clusters(bs, old_offset, 1, QCOW2_DISCARD_REQUEST);
++ qcow2_free_any_clusters(bs, old_offset, 1, type);
+ }
+
+ ret = qcow2_cache_put(bs, s->l2_table_cache, (void**) &l2_table);
+@@ -1358,7 +1358,7 @@ static int discard_single_l2(BlockDriverState *bs, uint64_t offset,
+ }
+
+ int qcow2_discard_clusters(BlockDriverState *bs, uint64_t offset,
+- int nb_sectors)
++ int nb_sectors, enum qcow2_discard_type type)
+ {
+ BDRVQcowState *s = bs->opaque;
+ uint64_t end_offset;
+@@ -1381,7 +1381,7 @@ int qcow2_discard_clusters(BlockDriverState *bs, uint64_t offset,
+
+ /* Each L2 table is handled by its own loop iteration */
+ while (nb_clusters > 0) {
+- ret = discard_single_l2(bs, offset, nb_clusters);
++ ret = discard_single_l2(bs, offset, nb_clusters, type);
+ if (ret < 0) {
+ goto fail;
+ }
+diff --git a/block/qcow2.c b/block/qcow2.c
+index 7f7282e..16e45a0 100644
+--- a/block/qcow2.c
++++ b/block/qcow2.c
+@@ -1506,7 +1506,7 @@ static coroutine_fn int qcow2_co_discard(BlockDriverState *bs,
+
+ qemu_co_mutex_lock(&s->lock);
+ ret = qcow2_discard_clusters(bs, sector_num << BDRV_SECTOR_BITS,
+- nb_sectors);
++ nb_sectors, QCOW2_DISCARD_REQUEST);
+ qemu_co_mutex_unlock(&s->lock);
+ return ret;
+ }
+diff --git a/block/qcow2.h b/block/qcow2.h
+index dba9771..52cf193 100644
+--- a/block/qcow2.h
++++ b/block/qcow2.h
+@@ -405,7 +405,7 @@ uint64_t qcow2_alloc_compressed_cluster_offset(BlockDriverState *bs,
+
+ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m);
+ int qcow2_discard_clusters(BlockDriverState *bs, uint64_t offset,
+- int nb_sectors);
++ int nb_sectors, enum qcow2_discard_type type);
+ int qcow2_zero_clusters(BlockDriverState *bs, uint64_t offset, int nb_sectors);
+
+ /* qcow2-snapshot.c functions */
diff --git a/0102-isapc-disable-kvmvapic.patch b/0102-isapc-disable-kvmvapic.patch
deleted file mode 100644
index 4adf992..0000000
--- a/0102-isapc-disable-kvmvapic.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 85a924af30f31a4f701ee6f18d84dd27aa02f47b Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Tue, 13 Aug 2013 00:02:18 +0200
-Subject: [PATCH] isapc: disable kvmvapic
-
-vapic requires the VAPIC ROM to be mapped into RAM. This is not
-possible without PAM hardware. This fixes a segmentation fault
-running with -M isapc.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-
-(crobinso: s/kvmvapic/vapic/g)
-
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- hw/i386/pc_piix.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
-index 28216ee..2f2cb4d 100644
---- a/hw/i386/pc_piix.c
-+++ b/hw/i386/pc_piix.c
-@@ -795,7 +795,11 @@ static QEMUMachine isapc_machine = {
- .init = pc_init_isa,
- .max_cpus = 1,
- .compat_props = (GlobalProperty[]) {
-- { /* end of list */ }
-+ {
-+ .driver = "apic-common",
-+ .property = "vapic",
-+ .value = "off",
-+ },
- },
- DEFAULT_MACHINE_OPTIONS,
- };
diff --git a/0102-qcow2-Discard-VM-state-in-active-L1-after-creating-s.patch b/0102-qcow2-Discard-VM-state-in-active-L1-after-creating-s.patch
new file mode 100644
index 0000000..cb0e92c
--- /dev/null
+++ b/0102-qcow2-Discard-VM-state-in-active-L1-after-creating-s.patch
@@ -0,0 +1,73 @@
+From 16d78f7cd9e1455ebb0599706ba5badfa3ee4fdc Mon Sep 17 00:00:00 2001
+From: Kevin Wolf <kwolf@redhat.com>
+Date: Fri, 6 Sep 2013 12:32:26 +0200
+Subject: [PATCH] qcow2: Discard VM state in active L1 after creating snapshot
+
+During savevm, the VM state is written to the active L1 of the image and
+then a snapshot is taken. After that, the VM state isn't needed any more
+in the active L1 and should be discarded. This is implemented by this
+patch.
+
+The impact of not discarding the VM state is that a snapshot can never
+become smaller than any previous snapshot (because it would be padded
+with old VM state), and more importantly that future savevm operations
+cause unnecessary COWs (with associated flushes), which makes subsequent
+snapshots much slower.
+
+Signed-off-by: Kevin Wolf <kwolf@redhat.com>
+---
+ block/qcow2-snapshot.c | 7 +++++++
+ block/qcow2.c | 5 -----
+ block/qcow2.h | 5 +++++
+ 3 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
+index 0caac90..ae33b45 100644
+--- a/block/qcow2-snapshot.c
++++ b/block/qcow2-snapshot.c
+@@ -401,6 +401,13 @@ int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info)
+
+ g_free(old_snapshot_list);
+
++ /* The VM state isn't needed any more in the active L1 table; in fact, it
++ * hurts by causing expensive COW for the next snapshot. */
++ qcow2_discard_clusters(bs, qcow2_vm_state_offset(s),
++ align_offset(sn->vm_state_size, s->cluster_size)
++ >> BDRV_SECTOR_BITS,
++ QCOW2_DISCARD_NEVER);
++
+ #ifdef DEBUG_ALLOC
+ {
+ BdrvCheckResult result = {0};
+diff --git a/block/qcow2.c b/block/qcow2.c
+index 16e45a0..f63c2cb 100644
+--- a/block/qcow2.c
++++ b/block/qcow2.c
+@@ -1666,11 +1666,6 @@ static coroutine_fn int qcow2_co_flush_to_os(BlockDriverState *bs)
+ return 0;
+ }
+
+-static int64_t qcow2_vm_state_offset(BDRVQcowState *s)
+-{
+- return (int64_t)s->l1_vm_state_index << (s->cluster_bits + s->l2_bits);
+-}
+-
+ static int qcow2_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
+ {
+ BDRVQcowState *s = bs->opaque;
+diff --git a/block/qcow2.h b/block/qcow2.h
+index 52cf193..da61d18 100644
+--- a/block/qcow2.h
++++ b/block/qcow2.h
+@@ -324,6 +324,11 @@ static inline int64_t align_offset(int64_t offset, int n)
+ return offset;
+ }
+
++static inline int64_t qcow2_vm_state_offset(BDRVQcowState *s)
++{
++ return (int64_t)s->l1_vm_state_index << (s->cluster_bits + s->l2_bits);
++}
++
+ static inline int qcow2_get_cluster_type(uint64_t l2_entry)
+ {
+ if (l2_entry & QCOW_OFLAG_COMPRESSED) {
diff --git a/0103-hw-9pfs-Fix-errno-value-for-xattr-functions.patch b/0103-hw-9pfs-Fix-errno-value-for-xattr-functions.patch
new file mode 100644
index 0000000..cd7b42f
--- /dev/null
+++ b/0103-hw-9pfs-Fix-errno-value-for-xattr-functions.patch
@@ -0,0 +1,68 @@
+From 6f7e1d2bddb5a0a1c65f6f02467460d6edbcc901 Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Tue, 1 Oct 2013 12:28:17 +0100
+Subject: [PATCH] hw/9pfs: Fix errno value for xattr functions
+
+If there is no operation driver for the xattr type the
+functions return '-1' and set errno to '-EOPNOTSUPP'.
+When the calling code sets 'ret = -errno' this turns
+into a large positive number.
+
+In Linux 3.11, the kernel has switched to using 9p
+version 9p2000.L, instead of 9p2000.u, which enables
+support for xattr operations. This on its own is harmless,
+but for another change which makes it request the xattr
+with a name 'security.capability'.
+
+The result is that the guest sees a succesful return
+of 95 bytes of data, instead of a failure with errno
+set to 95. Since the kernel expects a maximum of 20
+bytes for an xattr return this gets translated to the
+unexpected errno ERANGE.
+
+This all means that when running a binary off a 9p fs
+in 3.11 kernels you get a fun result of:
+
+ # ./date
+ sh: ./date: Numerical result out of range
+
+The only workaround is to pass 'version=9p2000.u' when
+mounting the 9p fs in the guest, to disable all use of
+xattrs.
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+---
+ hw/9pfs/virtio-9p-xattr.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/hw/9pfs/virtio-9p-xattr.c b/hw/9pfs/virtio-9p-xattr.c
+index 90ae565..3fae557 100644
+--- a/hw/9pfs/virtio-9p-xattr.c
++++ b/hw/9pfs/virtio-9p-xattr.c
+@@ -36,7 +36,7 @@ ssize_t v9fs_get_xattr(FsContext *ctx, const char *path,
+ if (xops) {
+ return xops->getxattr(ctx, path, name, value, size);
+ }
+- errno = -EOPNOTSUPP;
++ errno = EOPNOTSUPP;
+ return -1;
+ }
+
+@@ -123,7 +123,7 @@ int v9fs_set_xattr(FsContext *ctx, const char *path, const char *name,
+ if (xops) {
+ return xops->setxattr(ctx, path, name, value, size, flags);
+ }
+- errno = -EOPNOTSUPP;
++ errno = EOPNOTSUPP;
+ return -1;
+
+ }
+@@ -135,7 +135,7 @@ int v9fs_remove_xattr(FsContext *ctx,
+ if (xops) {
+ return xops->removexattr(ctx, path, name);
+ }
+- errno = -EOPNOTSUPP;
++ errno = EOPNOTSUPP;
+ return -1;
+
+ }
diff --git a/0103-pci-do-not-export-pci_bus_reset.patch b/0103-pci-do-not-export-pci_bus_reset.patch
deleted file mode 100644
index 21c6cef..0000000
--- a/0103-pci-do-not-export-pci_bus_reset.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 07873f45017c04994496d8dc3f7acb60358bba49 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Thu, 2 May 2013 11:38:37 +0200
-Subject: [PATCH] pci: do not export pci_bus_reset
-
-qbus_reset_all can be used instead. There is no semantic change
-because pcibus_reset returns 1 and takes care of the device
-tree traversal.
-
-This will be necessary once the traversal is done always in
-qbus_reset_all *before* invoking pcibus_reset itself.
-
-Tested-by: Claudio Bley <cbley@av-test.de>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/pci/pci.c | 8 ++------
- hw/pci/pci_bridge.c | 2 +-
- include/hw/pci/pci.h | 1 -
- 3 files changed, 3 insertions(+), 8 deletions(-)
-
-diff --git a/hw/pci/pci.c b/hw/pci/pci.c
-index 4c004f5..0389375 100644
---- a/hw/pci/pci.c
-+++ b/hw/pci/pci.c
-@@ -210,8 +210,9 @@ void pci_device_reset(PCIDevice *dev)
- * Trigger pci bus reset under a given bus.
- * To be called on RST# assert.
- */
--void pci_bus_reset(PCIBus *bus)
-+static int pcibus_reset(BusState *qbus)
- {
-+ PCIBus *bus = DO_UPCAST(PCIBus, qbus, qbus);
- int i;
-
- for (i = 0; i < bus->nirq; i++) {
-@@ -222,11 +223,6 @@ void pci_bus_reset(PCIBus *bus)
- pci_device_reset(bus->devices[i]);
- }
- }
--}
--
--static int pcibus_reset(BusState *qbus)
--{
-- pci_bus_reset(DO_UPCAST(PCIBus, qbus, qbus));
-
- /* topology traverse is done by pci_bus_reset().
- Tell qbus/qdev walker not to traverse the tree */
-diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c
-index a90671d..5d0e5ff 100644
---- a/hw/pci/pci_bridge.c
-+++ b/hw/pci/pci_bridge.c
-@@ -268,7 +268,7 @@ void pci_bridge_write_config(PCIDevice *d,
- newctl = pci_get_word(d->config + PCI_BRIDGE_CONTROL);
- if (~oldctl & newctl & PCI_BRIDGE_CTL_BUS_RESET) {
- /* Trigger hot reset on 0->1 transition. */
-- pci_bus_reset(&s->sec_bus);
-+ qbus_reset_all(&s->sec_bus.qbus);
- }
- }
-
-diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
-index ccec2ba..32f1419 100644
---- a/include/hw/pci/pci.h
-+++ b/include/hw/pci/pci.h
-@@ -376,7 +376,6 @@ void pci_bus_fire_intx_routing_notifier(PCIBus *bus);
- void pci_device_set_intx_routing_notifier(PCIDevice *dev,
- PCIINTxRoutingNotifier notifier);
- void pci_device_reset(PCIDevice *dev);
--void pci_bus_reset(PCIBus *bus);
-
- PCIDevice *pci_nic_init(NICInfo *nd, PCIBus *rootbus,
- const char *default_model,
diff --git a/0104-Fix-pc-migration-from-qemu-1.5.patch b/0104-Fix-pc-migration-from-qemu-1.5.patch
new file mode 100644
index 0000000..022b66c
--- /dev/null
+++ b/0104-Fix-pc-migration-from-qemu-1.5.patch
@@ -0,0 +1,203 @@
+From 042c76790b1168766332b1aafa4429c265d35ed0 Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Mon, 7 Oct 2013 16:32:24 -0400
+Subject: [PATCH] Fix pc migration from qemu <= 1.5
+
+The following commit introduced a migration incompatibility:
+
+commit 568f0690fd9aa4d39d84b04c1a5dbb53a915c3fe
+Author: David Gibson <david@gibson.dropbear.id.au>
+Date: Thu Jun 6 18:48:49 2013 +1000
+
+ pci: Replace pci_find_domain() with more general pci_root_bus_path()
+
+The issue is that i440fx savevm idstr went from 0000:00:00.0/I440FX to
+0000:00.0/I440FX. Unfortunately we are stuck with the breakage for
+1.6 machine types.
+
+Add a compat property to maintain the busted idstr for the 1.6 machine
+types, but revert to the old style format for 1.7+, and <= 1.5.
+
+Tested with migration from qemu 1.5, qemu 1.6, and qemu.git.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+---
+ hw/i386/pc_piix.c | 11 +++++++++++
+ hw/i386/pc_q35.c | 11 +++++++++++
+ hw/pci-host/piix.c | 9 ++++++++-
+ hw/pci-host/q35.c | 10 ++++++++--
+ include/hw/i386/pc.h | 20 ++++++++++++++++++++
+ include/hw/pci-host/q35.h | 1 +
+ 6 files changed, 59 insertions(+), 3 deletions(-)
+
+diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
+index 2f2cb4d..10866f5 100644
+--- a/hw/i386/pc_piix.c
++++ b/hw/i386/pc_piix.c
+@@ -341,6 +341,13 @@ static void pc_xen_hvm_init(QEMUMachineInitArgs *args)
+ }
+ #endif
+
++#define PC_I440FX_MACHINE_OPTIONS \
++ PC_DEFAULT_MACHINE_OPTIONS, \
++ .desc = "Standard PC (i440FX + PIIX, 1996)", \
++ .hot_add_cpu = pc_hot_add_cpu
++
++#define PC_I440FX_1_6_MACHINE_OPTIONS PC_I440FX_MACHINE_OPTIONS
++
+ static QEMUMachine pc_i440fx_machine_v1_6 = {
+ .name = "pc-i440fx-1.6",
+ .alias = "pc",
+@@ -349,6 +356,10 @@ static QEMUMachine pc_i440fx_machine_v1_6 = {
+ .hot_add_cpu = pc_hot_add_cpu,
+ .max_cpus = 255,
+ .is_default = 1,
++ .compat_props = (GlobalProperty[]) {
++ PC_COMPAT_1_6,
++ { /* end of list */ }
++ },
+ DEFAULT_MACHINE_OPTIONS,
+ };
+
+diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
+index dd13130..4998ed3 100644
+--- a/hw/i386/pc_q35.c
++++ b/hw/i386/pc_q35.c
+@@ -243,6 +243,13 @@ static void pc_q35_init_1_4(QEMUMachineInitArgs *args)
+ pc_q35_init(args);
+ }
+
++#define PC_Q35_MACHINE_OPTIONS \
++ PC_DEFAULT_MACHINE_OPTIONS, \
++ .desc = "Standard PC (Q35 + ICH9, 2009)", \
++ .hot_add_cpu = pc_hot_add_cpu
++
++#define PC_Q35_1_6_MACHINE_OPTIONS PC_Q35_MACHINE_OPTIONS
++
+ static QEMUMachine pc_q35_machine_v1_6 = {
+ .name = "pc-q35-1.6",
+ .alias = "q35",
+@@ -250,6 +257,10 @@ static QEMUMachine pc_q35_machine_v1_6 = {
+ .init = pc_q35_init_1_6,
+ .hot_add_cpu = pc_hot_add_cpu,
+ .max_cpus = 255,
++ .compat_props = (GlobalProperty[]) {
++ PC_COMPAT_1_6,
++ { /* end of list */ }
++ },
+ DEFAULT_MACHINE_OPTIONS,
+ };
+
+diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
+index 221d82b..967f949 100644
+--- a/hw/pci-host/piix.c
++++ b/hw/pci-host/piix.c
+@@ -48,6 +48,7 @@ typedef struct I440FXState {
+ PCIHostState parent_obj;
+ PcPciInfo pci_info;
+ uint64_t pci_hole64_size;
++ uint32_t short_root_bus;
+ } I440FXState;
+
+ #define PIIX_NUM_PIC_IRQS 16 /* i8259 * 2 */
+@@ -706,13 +707,19 @@ static const TypeInfo i440fx_info = {
+ static const char *i440fx_pcihost_root_bus_path(PCIHostState *host_bridge,
+ PCIBus *rootbus)
+ {
++ I440FXState *s = I440FX_PCI_HOST_BRIDGE(host_bridge);
++
+ /* For backwards compat with old device paths */
+- return "0000";
++ if (s->short_root_bus) {
++ return "0000";
++ }
++ return "0000:00";
+ }
+
+ static Property i440fx_props[] = {
+ DEFINE_PROP_SIZE(PCI_HOST_PROP_PCI_HOLE64_SIZE, I440FXState,
+ pci_hole64_size, DEFAULT_PCI_HOLE64_SIZE),
++ DEFINE_PROP_UINT32("short_root_bus", I440FXState, short_root_bus, 0),
+ DEFINE_PROP_END_OF_LIST(),
+ };
+
+diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
+index 4febd24..f762053 100644
+--- a/hw/pci-host/q35.c
++++ b/hw/pci-host/q35.c
+@@ -61,8 +61,13 @@ static void q35_host_realize(DeviceState *dev, Error **errp)
+ static const char *q35_host_root_bus_path(PCIHostState *host_bridge,
+ PCIBus *rootbus)
+ {
+- /* For backwards compat with old device paths */
+- return "0000";
++ Q35PCIHost *s = Q35_HOST_DEVICE(host_bridge);
++
++ /* For backwards compat with old device paths */
++ if (s->mch.short_root_bus) {
++ return "0000";
++ }
++ return "0000:00";
+ }
+
+ static void q35_host_get_pci_hole_start(Object *obj, Visitor *v,
+@@ -108,6 +113,7 @@ static Property mch_props[] = {
+ MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT),
+ DEFINE_PROP_SIZE(PCI_HOST_PROP_PCI_HOLE64_SIZE, Q35PCIHost,
+ mch.pci_hole64_size, DEFAULT_PCI_HOLE64_SIZE),
++ DEFINE_PROP_UINT32("short_root_bus", Q35PCIHost, mch.short_root_bus, 0),
+ DEFINE_PROP_END_OF_LIST(),
+ };
+
+diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
+index 475ba9e..6e2b839 100644
+--- a/include/hw/i386/pc.h
++++ b/include/hw/i386/pc.h
+@@ -225,7 +225,19 @@ void pvpanic_init(ISABus *bus);
+
+ int e820_add_entry(uint64_t, uint64_t, uint32_t);
+
++#define PC_COMPAT_1_6 \
++ {\
++ .driver = "i440FX-pcihost",\
++ .property = "short_root_bus",\
++ .value = stringify(1),\
++ },{\
++ .driver = "q35-pcihost",\
++ .property = "short_root_bus",\
++ .value = stringify(1),\
++ }
++
+ #define PC_COMPAT_1_5 \
++ PC_COMPAT_1_6, \
+ {\
+ .driver = "Conroe-" TYPE_X86_CPU,\
+ .property = "model",\
+@@ -258,6 +270,14 @@ int e820_add_entry(uint64_t, uint64_t, uint32_t);
+ .driver = TYPE_X86_CPU,\
+ .property = "pmu",\
+ .value = "on",\
++ },{\
++ .driver = "i440FX-pcihost",\
++ .property = "short_root_bus",\
++ .value = stringify(0),\
++ },{\
++ .driver = "q35-pcihost",\
++ .property = "short_root_bus",\
++ .value = stringify(0),\
+ }
+
+ #define PC_COMPAT_1_4 \
+diff --git a/include/hw/pci-host/q35.h b/include/hw/pci-host/q35.h
+index 6eb7ab6..95a3cc2 100644
+--- a/include/hw/pci-host/q35.h
++++ b/include/hw/pci-host/q35.h
+@@ -61,6 +61,7 @@ typedef struct MCHPCIState {
+ ram_addr_t above_4g_mem_size;
+ uint64_t pci_hole64_size;
+ PcGuestInfo *guest_info;
++ uint32_t short_root_bus;
+ } MCHPCIState;
+
+ typedef struct Q35PCIHost {
diff --git a/0104-qdev-allow-both-pre-and-post-order-vists-in-qdev-wal.patch b/0104-qdev-allow-both-pre-and-post-order-vists-in-qdev-wal.patch
deleted file mode 100644
index 8580f62..0000000
--- a/0104-qdev-allow-both-pre-and-post-order-vists-in-qdev-wal.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-From cf09bc533d82f2b16d1e9f4888c1afd977ca256d Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Thu, 2 May 2013 11:38:38 +0200
-Subject: [PATCH] qdev: allow both pre- and post-order vists in qdev walking
- functions
-
-Resetting should be done in post-order, not pre-order. However,
-qdev_walk_children and qbus_walk_children do not allow this. Fix
-it by adding two extra arguments to the functions.
-
-Tested-by: Claudio Bley <cbley@av-test.de>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/core/qdev.c | 45 +++++++++++++++++++++++++++++++++------------
- include/hw/qdev-core.h | 13 +++++++++----
- 2 files changed, 42 insertions(+), 16 deletions(-)
-
-diff --git a/hw/core/qdev.c b/hw/core/qdev.c
-index 9190a7e..842804f 100644
---- a/hw/core/qdev.c
-+++ b/hw/core/qdev.c
-@@ -240,12 +240,12 @@ static int qbus_reset_one(BusState *bus, void *opaque)
-
- void qdev_reset_all(DeviceState *dev)
- {
-- qdev_walk_children(dev, qdev_reset_one, qbus_reset_one, NULL);
-+ qdev_walk_children(dev, qdev_reset_one, qbus_reset_one, NULL, NULL, NULL);
- }
-
- void qbus_reset_all(BusState *bus)
- {
-- qbus_walk_children(bus, qdev_reset_one, qbus_reset_one, NULL);
-+ qbus_walk_children(bus, qdev_reset_one, qbus_reset_one, NULL, NULL, NULL);
- }
-
- void qbus_reset_all_fn(void *opaque)
-@@ -343,49 +343,70 @@ BusState *qdev_get_child_bus(DeviceState *dev, const char *name)
- return NULL;
- }
-
--int qbus_walk_children(BusState *bus, qdev_walkerfn *devfn,
-- qbus_walkerfn *busfn, void *opaque)
-+int qbus_walk_children(BusState *bus,
-+ qdev_walkerfn *pre_devfn, qbus_walkerfn *pre_busfn,
-+ qdev_walkerfn *post_devfn, qbus_walkerfn *post_busfn,
-+ void *opaque)
- {
- BusChild *kid;
- int err;
-
-- if (busfn) {
-- err = busfn(bus, opaque);
-+ if (pre_busfn) {
-+ err = pre_busfn(bus, opaque);
- if (err) {
- return err;
- }
- }
-
- QTAILQ_FOREACH(kid, &bus->children, sibling) {
-- err = qdev_walk_children(kid->child, devfn, busfn, opaque);
-+ err = qdev_walk_children(kid->child,
-+ pre_devfn, pre_busfn,
-+ post_devfn, post_busfn, opaque);
- if (err < 0) {
- return err;
- }
- }
-
-+ if (post_busfn) {
-+ err = post_busfn(bus, opaque);
-+ if (err) {
-+ return err;
-+ }
-+ }
-+
- return 0;
- }
-
--int qdev_walk_children(DeviceState *dev, qdev_walkerfn *devfn,
-- qbus_walkerfn *busfn, void *opaque)
-+int qdev_walk_children(DeviceState *dev,
-+ qdev_walkerfn *pre_devfn, qbus_walkerfn *pre_busfn,
-+ qdev_walkerfn *post_devfn, qbus_walkerfn *post_busfn,
-+ void *opaque)
- {
- BusState *bus;
- int err;
-
-- if (devfn) {
-- err = devfn(dev, opaque);
-+ if (pre_devfn) {
-+ err = pre_devfn(dev, opaque);
- if (err) {
- return err;
- }
- }
-
- QLIST_FOREACH(bus, &dev->child_bus, sibling) {
-- err = qbus_walk_children(bus, devfn, busfn, opaque);
-+ err = qbus_walk_children(bus, pre_devfn, pre_busfn,
-+ post_devfn, post_busfn, opaque);
- if (err < 0) {
- return err;
- }
- }
-
-+ if (post_devfn) {
-+ err = post_devfn(dev, opaque);
-+ if (err) {
-+ return err;
-+ }
-+ }
-+
- return 0;
- }
-
-diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
-index 46972f4..c6c9b14 100644
---- a/include/hw/qdev-core.h
-+++ b/include/hw/qdev-core.h
-@@ -270,10 +270,15 @@ BusState *qbus_create(const char *typename, DeviceState *parent, const char *nam
- /* Returns > 0 if either devfn or busfn skip walk somewhere in cursion,
- * < 0 if either devfn or busfn terminate walk somewhere in cursion,
- * 0 otherwise. */
--int qbus_walk_children(BusState *bus, qdev_walkerfn *devfn,
-- qbus_walkerfn *busfn, void *opaque);
--int qdev_walk_children(DeviceState *dev, qdev_walkerfn *devfn,
-- qbus_walkerfn *busfn, void *opaque);
-+int qbus_walk_children(BusState *bus,
-+ qdev_walkerfn *pre_devfn, qbus_walkerfn *pre_busfn,
-+ qdev_walkerfn *post_devfn, qbus_walkerfn *post_busfn,
-+ void *opaque);
-+int qdev_walk_children(DeviceState *dev,
-+ qdev_walkerfn *pre_devfn, qbus_walkerfn *pre_busfn,
-+ qdev_walkerfn *post_devfn, qbus_walkerfn *post_busfn,
-+ void *opaque);
-+
- void qdev_reset_all(DeviceState *dev);
-
- /**
diff --git a/0105-audio-honor-QEMU_AUDIO_TIMER_PERIOD-instead-of-wakin.patch b/0105-audio-honor-QEMU_AUDIO_TIMER_PERIOD-instead-of-wakin.patch
new file mode 100644
index 0000000..30cfa3d
--- /dev/null
+++ b/0105-audio-honor-QEMU_AUDIO_TIMER_PERIOD-instead-of-wakin.patch
@@ -0,0 +1,42 @@
+From 6b7ac46a461482c06c5ccdf54815e94205bc7d95 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Wed, 9 Oct 2013 21:33:44 +0200
+Subject: [PATCH] audio: honor QEMU_AUDIO_TIMER_PERIOD instead of waking up
+ every *nano* second
+
+Now that we no longer have MIN_REARM_TIMER_NS a bug in the audio subsys has
+clearly shown it self by trying to make a timer fire every nano second.
+
+Note we have a similar problem in 1.6, 1.5 and older but there
+MIN_REARM_TIMER_NS limits the wakeups caused by audio being active to
+4000 times / second. This still causes a host cpu load of 50 % for simply
+playing audio, where as with this patch git master is at 13%, so we should
+backport this to 1.5 and 1.6 too.
+
+Note this will not apply to 1.5 and 1.6 as is.
+
+Cc: qemu-stable@nongnu.org
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+(cherry picked from commit b4350deed67b95651896ddb60cf9f765093a4848)
+
+Conflicts:
+ audio/audio.c
+---
+ audio/audio.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/audio/audio.c b/audio/audio.c
+index 02bb886..f9b3e95 100644
+--- a/audio/audio.c
++++ b/audio/audio.c
+@@ -1124,7 +1124,8 @@ static int audio_is_timer_needed (void)
+ static void audio_reset_timer (AudioState *s)
+ {
+ if (audio_is_timer_needed ()) {
+- qemu_mod_timer (s->ts, qemu_get_clock_ns (vm_clock) + 1);
++ qemu_mod_timer (s->ts,
++ qemu_get_clock_ns (vm_clock) + conf.period.ticks);
+ }
+ else {
+ qemu_del_timer (s->ts);
diff --git a/0105-qdev-switch-reset-to-post-order.patch b/0105-qdev-switch-reset-to-post-order.patch
deleted file mode 100644
index 2f533e5..0000000
--- a/0105-qdev-switch-reset-to-post-order.patch
+++ /dev/null
@@ -1,143 +0,0 @@
-From 41a2077cea8ce006dbef885bcb0778af05a0b159 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Thu, 2 May 2013 11:38:39 +0200
-Subject: [PATCH] qdev: switch reset to post-order
-
-Post-order is the only sensible direction for the reset signals.
-For example, suppose pre-order is used and the parent has some data
-structures that cache children state (for example a list of active
-requests). When the reset method is invoked on the parent, these caches
-could be in any state.
-
-If post-order is used, on the other hand, these will be in a known state
-when the reset method is invoked on the parent.
-
-This change means that it is no longer possible to block the visit of
-the devices, so the callback is changed to return void. This is not
-a problem, because PCI was returning 1 exactly in order to achieve the
-same ordering that this patch implements.
-
-PCI can then rely on the qdev core having sent a "reset signal"
-(whatever that means) to the device, and only do the PCI-specific
-initialization with the new function pci_do_device_reset, extracted
-from pci_device_reset. There is no change in the operation of FLR,
-which used and still uses pci_device_reset.
-
-Tested-by: Claudio Bley <cbley@av-test.de>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/core/qdev.c | 6 +++---
- hw/pci/pci.c | 31 ++++++++++++++++---------------
- include/hw/qdev-core.h | 2 +-
- 3 files changed, 20 insertions(+), 19 deletions(-)
-
-diff --git a/hw/core/qdev.c b/hw/core/qdev.c
-index 842804f..87d7e1e 100644
---- a/hw/core/qdev.c
-+++ b/hw/core/qdev.c
-@@ -233,19 +233,19 @@ static int qbus_reset_one(BusState *bus, void *opaque)
- {
- BusClass *bc = BUS_GET_CLASS(bus);
- if (bc->reset) {
-- return bc->reset(bus);
-+ bc->reset(bus);
- }
- return 0;
- }
-
- void qdev_reset_all(DeviceState *dev)
- {
-- qdev_walk_children(dev, qdev_reset_one, qbus_reset_one, NULL, NULL, NULL);
-+ qdev_walk_children(dev, NULL, NULL, qdev_reset_one, qbus_reset_one, NULL);
- }
-
- void qbus_reset_all(BusState *bus)
- {
-- qbus_walk_children(bus, qdev_reset_one, qbus_reset_one, NULL, NULL, NULL);
-+ qbus_walk_children(bus, NULL, NULL, qdev_reset_one, qbus_reset_one, NULL);
- }
-
- void qbus_reset_all_fn(void *opaque)
-diff --git a/hw/pci/pci.c b/hw/pci/pci.c
-index 0389375..bbca696 100644
---- a/hw/pci/pci.c
-+++ b/hw/pci/pci.c
-@@ -46,7 +46,7 @@
- static void pcibus_dev_print(Monitor *mon, DeviceState *dev, int indent);
- static char *pcibus_get_dev_path(DeviceState *dev);
- static char *pcibus_get_fw_dev_path(DeviceState *dev);
--static int pcibus_reset(BusState *qbus);
-+static void pcibus_reset(BusState *qbus);
-
- static Property pci_props[] = {
- DEFINE_PROP_PCI_DEVFN("addr", PCIDevice, devfn, -1),
-@@ -165,16 +165,10 @@ void pci_device_deassert_intx(PCIDevice *dev)
- }
- }
-
--/*
-- * This function is called on #RST and FLR.
-- * FLR if PCI_EXP_DEVCTL_BCR_FLR is set
-- */
--void pci_device_reset(PCIDevice *dev)
-+static void pci_do_device_reset(PCIDevice *dev)
- {
- int r;
-
-- qdev_reset_all(&dev->qdev);
--
- dev->irq_state = 0;
- pci_update_irq_status(dev);
- pci_device_deassert_intx(dev);
-@@ -207,10 +201,21 @@ void pci_device_reset(PCIDevice *dev)
- }
-
- /*
-+ * This function is called on #RST and FLR.
-+ * FLR if PCI_EXP_DEVCTL_BCR_FLR is set
-+ */
-+void pci_device_reset(PCIDevice *dev)
-+{
-+ qdev_reset_all(&dev->qdev);
-+ pci_do_device_reset(dev);
-+}
-+
-+/*
- * Trigger pci bus reset under a given bus.
-- * To be called on RST# assert.
-+ * Called via qbus_reset_all on RST# assert, after the devices
-+ * have been reset qdev_reset_all-ed already.
- */
--static int pcibus_reset(BusState *qbus)
-+static void pcibus_reset(BusState *qbus)
- {
- PCIBus *bus = DO_UPCAST(PCIBus, qbus, qbus);
- int i;
-@@ -220,13 +225,9 @@ static int pcibus_reset(BusState *qbus)
- }
- for (i = 0; i < ARRAY_SIZE(bus->devices); ++i) {
- if (bus->devices[i]) {
-- pci_device_reset(bus->devices[i]);
-+ pci_do_device_reset(bus->devices[i]);
- }
- }
--
-- /* topology traverse is done by pci_bus_reset().
-- Tell qbus/qdev walker not to traverse the tree */
-- return 1;
- }
-
- static void pci_host_bus_register(PCIBus *bus, DeviceState *parent)
-diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
-index c6c9b14..89dcbad 100644
---- a/include/hw/qdev-core.h
-+++ b/include/hw/qdev-core.h
-@@ -174,7 +174,7 @@ struct BusClass {
- * bindings can be found at http://playground.sun.com/1275/bindings/.
- */
- char *(*get_fw_dev_path)(DeviceState *dev);
-- int (*reset)(BusState *bus);
-+ void (*reset)(BusState *bus);
- /* maximum devices allowed on the bus, 0: no limit. */
- int max_dev;
- };
diff --git a/0106-virtio-bus-remove-vdev-field.patch b/0106-virtio-bus-remove-vdev-field.patch
deleted file mode 100644
index 617326f..0000000
--- a/0106-virtio-bus-remove-vdev-field.patch
+++ /dev/null
@@ -1,251 +0,0 @@
-From ed35f9edcc420b4f8c1f909bc7cfb002a54f437b Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 20 Sep 2013 16:57:50 +0200
-Subject: [PATCH] virtio-bus: remove vdev field
-
-The vdev field is complicated to synchronize. Just access the
-BusState's list of children.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/virtio/virtio-bus.c | 67 ++++++++++++++++++++++++------------------
- hw/virtio/virtio-mmio.c | 9 +++---
- hw/virtio/virtio-pci.c | 2 +-
- include/hw/virtio/virtio-bus.h | 16 +++++++---
- 4 files changed, 57 insertions(+), 37 deletions(-)
-
-diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c
-index 6849a01..669ce38 100644
---- a/hw/virtio/virtio-bus.c
-+++ b/hw/virtio/virtio-bus.c
-@@ -46,8 +46,6 @@ int virtio_bus_plug_device(VirtIODevice *vdev)
- VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);
- DPRINTF("%s: plug device.\n", qbus->name);
-
-- bus->vdev = vdev;
--
- if (klass->device_plugged != NULL) {
- klass->device_plugged(qbus->parent);
- }
-@@ -58,75 +56,84 @@ int virtio_bus_plug_device(VirtIODevice *vdev)
- /* Reset the virtio_bus */
- void virtio_bus_reset(VirtioBusState *bus)
- {
-+ VirtIODevice *vdev = virtio_bus_get_device(bus);
-+
- DPRINTF("%s: reset device.\n", qbus->name);
-- if (bus->vdev != NULL) {
-- virtio_reset(bus->vdev);
-+ if (vdev != NULL) {
-+ virtio_reset(vdev);
- }
- }
-
- /* Destroy the VirtIODevice */
- void virtio_bus_destroy_device(VirtioBusState *bus)
- {
-- DeviceState *qdev;
- BusState *qbus = BUS(bus);
- VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);
-+ VirtIODevice *vdev = virtio_bus_get_device(bus);
-+
- DPRINTF("%s: remove device.\n", qbus->name);
-
-- if (bus->vdev != NULL) {
-+ if (vdev != NULL) {
- if (klass->device_unplug != NULL) {
- klass->device_unplug(qbus->parent);
- }
-- qdev = DEVICE(bus->vdev);
-- qdev_free(qdev);
-- bus->vdev = NULL;
-+ qdev_free(DEVICE(vdev));
- }
- }
-
- /* Get the device id of the plugged device. */
- uint16_t virtio_bus_get_vdev_id(VirtioBusState *bus)
- {
-- assert(bus->vdev != NULL);
-- return bus->vdev->device_id;
-+ VirtIODevice *vdev = virtio_bus_get_device(bus);
-+ assert(vdev != NULL);
-+ return vdev->device_id;
- }
-
- /* Get the config_len field of the plugged device. */
- size_t virtio_bus_get_vdev_config_len(VirtioBusState *bus)
- {
-- assert(bus->vdev != NULL);
-- return bus->vdev->config_len;
-+ VirtIODevice *vdev = virtio_bus_get_device(bus);
-+ assert(vdev != NULL);
-+ return vdev->config_len;
- }
-
- /* Get the features of the plugged device. */
- uint32_t virtio_bus_get_vdev_features(VirtioBusState *bus,
- uint32_t requested_features)
- {
-+ VirtIODevice *vdev = virtio_bus_get_device(bus);
- VirtioDeviceClass *k;
-- assert(bus->vdev != NULL);
-- k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
-+
-+ assert(vdev != NULL);
-+ k = VIRTIO_DEVICE_GET_CLASS(vdev);
- assert(k->get_features != NULL);
-- return k->get_features(bus->vdev, requested_features);
-+ return k->get_features(vdev, requested_features);
- }
-
- /* Set the features of the plugged device. */
- void virtio_bus_set_vdev_features(VirtioBusState *bus,
- uint32_t requested_features)
- {
-+ VirtIODevice *vdev = virtio_bus_get_device(bus);
- VirtioDeviceClass *k;
-- assert(bus->vdev != NULL);
-- k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
-+
-+ assert(vdev != NULL);
-+ k = VIRTIO_DEVICE_GET_CLASS(vdev);
- if (k->set_features != NULL) {
-- k->set_features(bus->vdev, requested_features);
-+ k->set_features(vdev, requested_features);
- }
- }
-
- /* Get bad features of the plugged device. */
- uint32_t virtio_bus_get_vdev_bad_features(VirtioBusState *bus)
- {
-+ VirtIODevice *vdev = virtio_bus_get_device(bus);
- VirtioDeviceClass *k;
-- assert(bus->vdev != NULL);
-- k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
-+
-+ assert(vdev != NULL);
-+ k = VIRTIO_DEVICE_GET_CLASS(vdev);
- if (k->bad_features != NULL) {
-- return k->bad_features(bus->vdev);
-+ return k->bad_features(vdev);
- } else {
- return 0;
- }
-@@ -135,22 +142,26 @@ uint32_t virtio_bus_get_vdev_bad_features(VirtioBusState *bus)
- /* Get config of the plugged device. */
- void virtio_bus_get_vdev_config(VirtioBusState *bus, uint8_t *config)
- {
-+ VirtIODevice *vdev = virtio_bus_get_device(bus);
- VirtioDeviceClass *k;
-- assert(bus->vdev != NULL);
-- k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
-+
-+ assert(vdev != NULL);
-+ k = VIRTIO_DEVICE_GET_CLASS(vdev);
- if (k->get_config != NULL) {
-- k->get_config(bus->vdev, config);
-+ k->get_config(vdev, config);
- }
- }
-
- /* Set config of the plugged device. */
- void virtio_bus_set_vdev_config(VirtioBusState *bus, uint8_t *config)
- {
-+ VirtIODevice *vdev = virtio_bus_get_device(bus);
- VirtioDeviceClass *k;
-- assert(bus->vdev != NULL);
-- k = VIRTIO_DEVICE_GET_CLASS(bus->vdev);
-+
-+ assert(vdev != NULL);
-+ k = VIRTIO_DEVICE_GET_CLASS(vdev);
- if (k->set_config != NULL) {
-- k->set_config(bus->vdev, config);
-+ k->set_config(vdev, config);
- }
- }
-
-diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c
-index 4bd2953..8f7b764 100644
---- a/hw/virtio/virtio-mmio.c
-+++ b/hw/virtio/virtio-mmio.c
-@@ -94,7 +94,7 @@ static void virtio_mmio_bus_new(VirtioBusState *bus, VirtIOMMIOProxy *dev);
- static uint64_t virtio_mmio_read(void *opaque, hwaddr offset, unsigned size)
- {
- VirtIOMMIOProxy *proxy = (VirtIOMMIOProxy *)opaque;
-- VirtIODevice *vdev = proxy->bus.vdev;
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-
- DPRINTF("virtio_mmio_read offset 0x%x\n", (int)offset);
-
-@@ -184,7 +184,7 @@ static void virtio_mmio_write(void *opaque, hwaddr offset, uint64_t value,
- unsigned size)
- {
- VirtIOMMIOProxy *proxy = (VirtIOMMIOProxy *)opaque;
-- VirtIODevice *vdev = proxy->bus.vdev;
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-
- DPRINTF("virtio_mmio_write offset 0x%x value 0x%" PRIx64 "\n",
- (int)offset, value);
-@@ -297,12 +297,13 @@ static const MemoryRegionOps virtio_mem_ops = {
- static void virtio_mmio_update_irq(DeviceState *opaque, uint16_t vector)
- {
- VirtIOMMIOProxy *proxy = VIRTIO_MMIO(opaque);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- int level;
-
-- if (!proxy->bus.vdev) {
-+ if (!vdev) {
- return;
- }
-- level = (proxy->bus.vdev->isr != 0);
-+ level = (vdev->isr != 0);
- DPRINTF("virtio_mmio setting IRQ %d\n", level);
- qemu_set_irq(proxy->irq, level);
- }
-diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
-index 41b96ce..55617a6 100644
---- a/hw/virtio/virtio-pci.c
-+++ b/hw/virtio/virtio-pci.c
-@@ -942,7 +942,7 @@ static void virtio_pci_device_plugged(DeviceState *d)
- uint8_t *config;
- uint32_t size;
-
-- proxy->vdev = bus->vdev;
-+ proxy->vdev = virtio_bus_get_device(bus);
-
- config = proxy->pci_dev.config;
- if (proxy->class_code) {
-diff --git a/include/hw/virtio/virtio-bus.h b/include/hw/virtio/virtio-bus.h
-index 9217f85..ba0f86a 100644
---- a/include/hw/virtio/virtio-bus.h
-+++ b/include/hw/virtio/virtio-bus.h
-@@ -72,10 +72,6 @@ typedef struct VirtioBusClass {
-
- struct VirtioBusState {
- BusState parent_obj;
-- /*
-- * Only one VirtIODevice can be plugged on the bus.
-- */
-- VirtIODevice *vdev;
- };
-
- int virtio_bus_plug_device(VirtIODevice *vdev);
-@@ -98,4 +94,16 @@ void virtio_bus_get_vdev_config(VirtioBusState *bus, uint8_t *config);
- /* Set config of the plugged device. */
- void virtio_bus_set_vdev_config(VirtioBusState *bus, uint8_t *config);
-
-+static inline VirtIODevice *virtio_bus_get_device(VirtioBusState *bus)
-+{
-+ BusState *qbus = &bus->parent_obj;
-+ BusChild *kid = QTAILQ_FIRST(&qbus->children);
-+ DeviceState *qdev = kid ? kid->child : NULL;
-+
-+ /* This is used on the data path, the cast is guaranteed
-+ * to succeed by the qdev machinery.
-+ */
-+ return (VirtIODevice *)qdev;
-+}
-+
- #endif /* VIRTIO_BUS_H */
diff --git a/0107-virtio-pci-remove-vdev-field.patch b/0107-virtio-pci-remove-vdev-field.patch
deleted file mode 100644
index f8000e7..0000000
--- a/0107-virtio-pci-remove-vdev-field.patch
+++ /dev/null
@@ -1,447 +0,0 @@
-From 1d388b4fda2c4c9d00dc6ae91aaf35eb9fc04c26 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 20 Sep 2013 16:57:51 +0200
-Subject: [PATCH] virtio-pci: remove vdev field
-
-The vdev field is complicated to synchronize. Just access the
-BusState's list of children.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/s390x/virtio-ccw.h | 1 -
- hw/virtio/virtio-pci.c | 107 +++++++++++++++++++++++++++++--------------------
- hw/virtio/virtio-pci.h | 1 -
- 3 files changed, 63 insertions(+), 46 deletions(-)
-
-diff --git a/hw/s390x/virtio-ccw.h b/hw/s390x/virtio-ccw.h
-index 96d6f5d..00932c7 100644
---- a/hw/s390x/virtio-ccw.h
-+++ b/hw/s390x/virtio-ccw.h
-@@ -77,7 +77,6 @@ typedef struct VirtIOCCWDeviceClass {
- struct VirtioCcwDevice {
- DeviceState parent_obj;
- SubchDev *sch;
-- VirtIODevice *vdev;
- char *bus_id;
- uint32_t host_features[VIRTIO_CCW_FEATURE_SIZE];
- VirtioBusState bus;
-diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
-index 55617a6..6fd6d6d 100644
---- a/hw/virtio/virtio-pci.c
-+++ b/hw/virtio/virtio-pci.c
-@@ -112,31 +112,39 @@ static inline VirtIOPCIProxy *to_virtio_pci_proxy_fast(DeviceState *d)
- static void virtio_pci_notify(DeviceState *d, uint16_t vector)
- {
- VirtIOPCIProxy *proxy = to_virtio_pci_proxy_fast(d);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-+
- if (msix_enabled(&proxy->pci_dev))
- msix_notify(&proxy->pci_dev, vector);
- else
-- qemu_set_irq(proxy->pci_dev.irq[0], proxy->vdev->isr & 1);
-+ qemu_set_irq(proxy->pci_dev.irq[0], vdev->isr & 1);
- }
-
- static void virtio_pci_save_config(DeviceState *d, QEMUFile *f)
- {
- VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-+
- pci_device_save(&proxy->pci_dev, f);
- msix_save(&proxy->pci_dev, f);
- if (msix_present(&proxy->pci_dev))
-- qemu_put_be16(f, proxy->vdev->config_vector);
-+ qemu_put_be16(f, vdev->config_vector);
- }
-
- static void virtio_pci_save_queue(DeviceState *d, int n, QEMUFile *f)
- {
- VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-+
- if (msix_present(&proxy->pci_dev))
-- qemu_put_be16(f, virtio_queue_vector(proxy->vdev, n));
-+ qemu_put_be16(f, virtio_queue_vector(vdev, n));
- }
-
- static int virtio_pci_load_config(DeviceState *d, QEMUFile *f)
- {
- VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-+
- int ret;
- ret = pci_device_load(&proxy->pci_dev, f);
- if (ret) {
-@@ -145,12 +153,12 @@ static int virtio_pci_load_config(DeviceState *d, QEMUFile *f)
- msix_unuse_all_vectors(&proxy->pci_dev);
- msix_load(&proxy->pci_dev, f);
- if (msix_present(&proxy->pci_dev)) {
-- qemu_get_be16s(f, &proxy->vdev->config_vector);
-+ qemu_get_be16s(f, &vdev->config_vector);
- } else {
-- proxy->vdev->config_vector = VIRTIO_NO_VECTOR;
-+ vdev->config_vector = VIRTIO_NO_VECTOR;
- }
-- if (proxy->vdev->config_vector != VIRTIO_NO_VECTOR) {
-- return msix_vector_use(&proxy->pci_dev, proxy->vdev->config_vector);
-+ if (vdev->config_vector != VIRTIO_NO_VECTOR) {
-+ return msix_vector_use(&proxy->pci_dev, vdev->config_vector);
- }
- return 0;
- }
-@@ -158,13 +166,15 @@ static int virtio_pci_load_config(DeviceState *d, QEMUFile *f)
- static int virtio_pci_load_queue(DeviceState *d, int n, QEMUFile *f)
- {
- VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-+
- uint16_t vector;
- if (msix_present(&proxy->pci_dev)) {
- qemu_get_be16s(f, &vector);
- } else {
- vector = VIRTIO_NO_VECTOR;
- }
-- virtio_queue_set_vector(proxy->vdev, n, vector);
-+ virtio_queue_set_vector(vdev, n, vector);
- if (vector != VIRTIO_NO_VECTOR) {
- return msix_vector_use(&proxy->pci_dev, vector);
- }
-@@ -174,7 +184,8 @@ static int virtio_pci_load_queue(DeviceState *d, int n, QEMUFile *f)
- static int virtio_pci_set_host_notifier_internal(VirtIOPCIProxy *proxy,
- int n, bool assign, bool set_handler)
- {
-- VirtQueue *vq = virtio_get_queue(proxy->vdev, n);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-+ VirtQueue *vq = virtio_get_queue(vdev, n);
- EventNotifier *notifier = virtio_queue_get_host_notifier(vq);
- int r = 0;
-
-@@ -199,6 +210,7 @@ static int virtio_pci_set_host_notifier_internal(VirtIOPCIProxy *proxy,
-
- static void virtio_pci_start_ioeventfd(VirtIOPCIProxy *proxy)
- {
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- int n, r;
-
- if (!(proxy->flags & VIRTIO_PCI_FLAG_USE_IOEVENTFD) ||
-@@ -208,7 +220,7 @@ static void virtio_pci_start_ioeventfd(VirtIOPCIProxy *proxy)
- }
-
- for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
-- if (!virtio_queue_get_num(proxy->vdev, n)) {
-+ if (!virtio_queue_get_num(vdev, n)) {
- continue;
- }
-
-@@ -222,7 +234,7 @@ static void virtio_pci_start_ioeventfd(VirtIOPCIProxy *proxy)
-
- assign_error:
- while (--n >= 0) {
-- if (!virtio_queue_get_num(proxy->vdev, n)) {
-+ if (!virtio_queue_get_num(vdev, n)) {
- continue;
- }
-
-@@ -235,6 +247,7 @@ assign_error:
-
- static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy)
- {
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- int r;
- int n;
-
-@@ -243,7 +256,7 @@ static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy)
- }
-
- for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
-- if (!virtio_queue_get_num(proxy->vdev, n)) {
-+ if (!virtio_queue_get_num(vdev, n)) {
- continue;
- }
-
-@@ -256,7 +269,7 @@ static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy)
- static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
- {
- VirtIOPCIProxy *proxy = opaque;
-- VirtIODevice *vdev = proxy->vdev;
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- hwaddr pa;
-
- switch (addr) {
-@@ -271,7 +284,7 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
- pa = (hwaddr)val << VIRTIO_PCI_QUEUE_ADDR_SHIFT;
- if (pa == 0) {
- virtio_pci_stop_ioeventfd(proxy);
-- virtio_reset(proxy->vdev);
-+ virtio_reset(vdev);
- msix_unuse_all_vectors(&proxy->pci_dev);
- }
- else
-@@ -298,7 +311,7 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
- }
-
- if (vdev->status == 0) {
-- virtio_reset(proxy->vdev);
-+ virtio_reset(vdev);
- msix_unuse_all_vectors(&proxy->pci_dev);
- }
-
-@@ -334,7 +347,7 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val)
-
- static uint32_t virtio_ioport_read(VirtIOPCIProxy *proxy, uint32_t addr)
- {
-- VirtIODevice *vdev = proxy->vdev;
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- uint32_t ret = 0xFFFFFFFF;
-
- switch (addr) {
-@@ -380,6 +393,7 @@ static uint64_t virtio_pci_config_read(void *opaque, hwaddr addr,
- unsigned size)
- {
- VirtIOPCIProxy *proxy = opaque;
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
- uint64_t val = 0;
- if (addr < config) {
-@@ -389,16 +403,16 @@ static uint64_t virtio_pci_config_read(void *opaque, hwaddr addr,
-
- switch (size) {
- case 1:
-- val = virtio_config_readb(proxy->vdev, addr);
-+ val = virtio_config_readb(vdev, addr);
- break;
- case 2:
-- val = virtio_config_readw(proxy->vdev, addr);
-+ val = virtio_config_readw(vdev, addr);
- if (virtio_is_big_endian()) {
- val = bswap16(val);
- }
- break;
- case 4:
-- val = virtio_config_readl(proxy->vdev, addr);
-+ val = virtio_config_readl(vdev, addr);
- if (virtio_is_big_endian()) {
- val = bswap32(val);
- }
-@@ -412,6 +426,7 @@ static void virtio_pci_config_write(void *opaque, hwaddr addr,
- {
- VirtIOPCIProxy *proxy = opaque;
- uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- if (addr < config) {
- virtio_ioport_write(proxy, addr, val);
- return;
-@@ -423,19 +438,19 @@ static void virtio_pci_config_write(void *opaque, hwaddr addr,
- */
- switch (size) {
- case 1:
-- virtio_config_writeb(proxy->vdev, addr, val);
-+ virtio_config_writeb(vdev, addr, val);
- break;
- case 2:
- if (virtio_is_big_endian()) {
- val = bswap16(val);
- }
-- virtio_config_writew(proxy->vdev, addr, val);
-+ virtio_config_writew(vdev, addr, val);
- break;
- case 4:
- if (virtio_is_big_endian()) {
- val = bswap32(val);
- }
-- virtio_config_writel(proxy->vdev, addr, val);
-+ virtio_config_writel(vdev, addr, val);
- break;
- }
- }
-@@ -454,6 +469,7 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address,
- uint32_t val, int len)
- {
- VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-
- pci_default_write_config(pci_dev, address, val, len);
-
-@@ -461,8 +477,7 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address,
- !(pci_dev->config[PCI_COMMAND] & PCI_COMMAND_MASTER) &&
- !(proxy->flags & VIRTIO_PCI_FLAG_BUS_MASTER_BUG)) {
- virtio_pci_stop_ioeventfd(proxy);
-- virtio_set_status(proxy->vdev,
-- proxy->vdev->status & ~VIRTIO_CONFIG_S_DRIVER_OK);
-+ virtio_set_status(vdev, vdev->status & ~VIRTIO_CONFIG_S_DRIVER_OK);
- }
- }
-
-@@ -505,7 +520,8 @@ static int kvm_virtio_pci_irqfd_use(VirtIOPCIProxy *proxy,
- unsigned int vector)
- {
- VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
-- VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-+ VirtQueue *vq = virtio_get_queue(vdev, queue_no);
- EventNotifier *n = virtio_queue_get_guest_notifier(vq);
- int ret;
- ret = kvm_irqchip_add_irqfd_notifier(kvm_state, n, irqfd->virq);
-@@ -516,7 +532,8 @@ static void kvm_virtio_pci_irqfd_release(VirtIOPCIProxy *proxy,
- unsigned int queue_no,
- unsigned int vector)
- {
-- VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-+ VirtQueue *vq = virtio_get_queue(vdev, queue_no);
- EventNotifier *n = virtio_queue_get_guest_notifier(vq);
- VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector];
- int ret;
-@@ -528,7 +545,7 @@ static void kvm_virtio_pci_irqfd_release(VirtIOPCIProxy *proxy,
- static int kvm_virtio_pci_vector_use(VirtIOPCIProxy *proxy, int nvqs)
- {
- PCIDevice *dev = &proxy->pci_dev;
-- VirtIODevice *vdev = proxy->vdev;
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
- unsigned int vector;
- int ret, queue_no;
-@@ -577,7 +594,7 @@ undo:
- static void kvm_virtio_pci_vector_release(VirtIOPCIProxy *proxy, int nvqs)
- {
- PCIDevice *dev = &proxy->pci_dev;
-- VirtIODevice *vdev = proxy->vdev;
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- unsigned int vector;
- int queue_no;
- VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
-@@ -605,8 +622,9 @@ static int virtio_pci_vq_vector_unmask(VirtIOPCIProxy *proxy,
- unsigned int vector,
- MSIMessage msg)
- {
-- VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(proxy->vdev);
-- VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
-+ VirtQueue *vq = virtio_get_queue(vdev, queue_no);
- EventNotifier *n = virtio_queue_get_guest_notifier(vq);
- VirtIOIRQFD *irqfd;
- int ret = 0;
-@@ -625,10 +643,10 @@ static int virtio_pci_vq_vector_unmask(VirtIOPCIProxy *proxy,
- * Otherwise, set it up now.
- */
- if (k->guest_notifier_mask) {
-- k->guest_notifier_mask(proxy->vdev, queue_no, false);
-+ k->guest_notifier_mask(vdev, queue_no, false);
- /* Test after unmasking to avoid losing events. */
- if (k->guest_notifier_pending &&
-- k->guest_notifier_pending(proxy->vdev, queue_no)) {
-+ k->guest_notifier_pending(vdev, queue_no)) {
- event_notifier_set(n);
- }
- } else {
-@@ -641,13 +659,14 @@ static void virtio_pci_vq_vector_mask(VirtIOPCIProxy *proxy,
- unsigned int queue_no,
- unsigned int vector)
- {
-- VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(proxy->vdev);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
-
- /* If guest supports masking, keep irqfd but mask it.
- * Otherwise, clean it up now.
- */
- if (k->guest_notifier_mask) {
-- k->guest_notifier_mask(proxy->vdev, queue_no, true);
-+ k->guest_notifier_mask(vdev, queue_no, true);
- } else {
- kvm_virtio_pci_irqfd_release(proxy, queue_no, vector);
- }
-@@ -657,7 +676,7 @@ static int virtio_pci_vector_unmask(PCIDevice *dev, unsigned vector,
- MSIMessage msg)
- {
- VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev);
-- VirtIODevice *vdev = proxy->vdev;
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- int ret, queue_no;
-
- for (queue_no = 0; queue_no < proxy->nvqs_with_notifiers; queue_no++) {
-@@ -687,7 +706,7 @@ undo:
- static void virtio_pci_vector_mask(PCIDevice *dev, unsigned vector)
- {
- VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev);
-- VirtIODevice *vdev = proxy->vdev;
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- int queue_no;
-
- for (queue_no = 0; queue_no < proxy->nvqs_with_notifiers; queue_no++) {
-@@ -706,7 +725,7 @@ static void virtio_pci_vector_poll(PCIDevice *dev,
- unsigned int vector_end)
- {
- VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev);
-- VirtIODevice *vdev = proxy->vdev;
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
- int queue_no;
- unsigned int vector;
-@@ -738,8 +757,9 @@ static int virtio_pci_set_guest_notifier(DeviceState *d, int n, bool assign,
- bool with_irqfd)
- {
- VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
-- VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(proxy->vdev);
-- VirtQueue *vq = virtio_get_queue(proxy->vdev, n);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);
-+ VirtQueue *vq = virtio_get_queue(vdev, n);
- EventNotifier *notifier = virtio_queue_get_guest_notifier(vq);
-
- if (assign) {
-@@ -754,7 +774,7 @@ static int virtio_pci_set_guest_notifier(DeviceState *d, int n, bool assign,
- }
-
- if (!msix_enabled(&proxy->pci_dev) && vdc->guest_notifier_mask) {
-- vdc->guest_notifier_mask(proxy->vdev, n, !assign);
-+ vdc->guest_notifier_mask(vdev, n, !assign);
- }
-
- return 0;
-@@ -769,7 +789,7 @@ static bool virtio_pci_query_guest_notifiers(DeviceState *d)
- static int virtio_pci_set_guest_notifiers(DeviceState *d, int nvqs, bool assign)
- {
- VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
-- VirtIODevice *vdev = proxy->vdev;
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
- VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
- int r, n;
- bool with_irqfd = msix_enabled(&proxy->pci_dev) &&
-@@ -863,11 +883,12 @@ static int virtio_pci_set_host_notifier(DeviceState *d, int n, bool assign)
- static void virtio_pci_vmstate_change(DeviceState *d, bool running)
- {
- VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
-+ VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
-
- if (running) {
- /* Try to find out if the guest has bus master disabled, but is
- in ready state. Then we have a buggy guest OS. */
-- if ((proxy->vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
-+ if ((vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
- !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
- proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG;
- }
-@@ -942,8 +963,6 @@ static void virtio_pci_device_plugged(DeviceState *d)
- uint8_t *config;
- uint32_t size;
-
-- proxy->vdev = virtio_bus_get_device(bus);
--
- config = proxy->pci_dev.config;
- if (proxy->class_code) {
- pci_config_set_class(config, proxy->class_code);
-diff --git a/hw/virtio/virtio-pci.h b/hw/virtio/virtio-pci.h
-index 917bcc5..dc332ae 100644
---- a/hw/virtio/virtio-pci.h
-+++ b/hw/virtio/virtio-pci.h
-@@ -82,7 +82,6 @@ typedef struct VirtioPCIClass {
-
- struct VirtIOPCIProxy {
- PCIDevice pci_dev;
-- VirtIODevice *vdev;
- MemoryRegion bar;
- uint32_t flags;
- uint32_t class_code;
diff --git a/0108-virtio-ccw-remove-vdev-field.patch b/0108-virtio-ccw-remove-vdev-field.patch
deleted file mode 100644
index d0c8d62..0000000
--- a/0108-virtio-ccw-remove-vdev-field.patch
+++ /dev/null
@@ -1,293 +0,0 @@
-From a9b1f1aeba8167ae90aecea9b8ca223faf33ae90 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 20 Sep 2013 16:57:52 +0200
-Subject: [PATCH] virtio-ccw: remove vdev field
-
-The vdev field is complicated to synchronize. Just access the
-BusState's list of children.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/s390x/virtio-ccw.c | 80 ++++++++++++++++++++++++++++-----------------------
- 1 file changed, 44 insertions(+), 36 deletions(-)
-
-diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
-index 8835bd4..0fc7387 100644
---- a/hw/s390x/virtio-ccw.c
-+++ b/hw/s390x/virtio-ccw.c
-@@ -56,9 +56,10 @@ static const TypeInfo virtual_css_bus_info = {
- VirtIODevice *virtio_ccw_get_vdev(SubchDev *sch)
- {
- VirtIODevice *vdev = NULL;
-+ VirtioCcwDevice *dev = sch->driver_data;
-
-- if (sch->driver_data) {
-- vdev = ((VirtioCcwDevice *)sch->driver_data)->vdev;
-+ if (dev) {
-+ vdev = virtio_bus_get_device(&dev->bus);
- }
- return vdev;
- }
-@@ -66,7 +67,8 @@ VirtIODevice *virtio_ccw_get_vdev(SubchDev *sch)
- static int virtio_ccw_set_guest2host_notifier(VirtioCcwDevice *dev, int n,
- bool assign, bool set_handler)
- {
-- VirtQueue *vq = virtio_get_queue(dev->vdev, n);
-+ VirtIODevice *vdev = virtio_bus_get_device(&dev->bus);
-+ VirtQueue *vq = virtio_get_queue(vdev, n);
- EventNotifier *notifier = virtio_queue_get_host_notifier(vq);
- int r = 0;
- SubchDev *sch = dev->sch;
-@@ -96,6 +98,7 @@ static int virtio_ccw_set_guest2host_notifier(VirtioCcwDevice *dev, int n,
-
- static void virtio_ccw_start_ioeventfd(VirtioCcwDevice *dev)
- {
-+ VirtIODevice *vdev;
- int n, r;
-
- if (!(dev->flags & VIRTIO_CCW_FLAG_USE_IOEVENTFD) ||
-@@ -103,8 +106,9 @@ static void virtio_ccw_start_ioeventfd(VirtioCcwDevice *dev)
- dev->ioeventfd_started) {
- return;
- }
-+ vdev = virtio_bus_get_device(&dev->bus);
- for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
-- if (!virtio_queue_get_num(dev->vdev, n)) {
-+ if (!virtio_queue_get_num(vdev, n)) {
- continue;
- }
- r = virtio_ccw_set_guest2host_notifier(dev, n, true, true);
-@@ -117,7 +121,7 @@ static void virtio_ccw_start_ioeventfd(VirtioCcwDevice *dev)
-
- assign_error:
- while (--n >= 0) {
-- if (!virtio_queue_get_num(dev->vdev, n)) {
-+ if (!virtio_queue_get_num(vdev, n)) {
- continue;
- }
- r = virtio_ccw_set_guest2host_notifier(dev, n, false, false);
-@@ -131,13 +135,15 @@ static void virtio_ccw_start_ioeventfd(VirtioCcwDevice *dev)
-
- static void virtio_ccw_stop_ioeventfd(VirtioCcwDevice *dev)
- {
-+ VirtIODevice *vdev;
- int n, r;
-
- if (!dev->ioeventfd_started) {
- return;
- }
-+ vdev = virtio_bus_get_device(&dev->bus);
- for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) {
-- if (!virtio_queue_get_num(dev->vdev, n)) {
-+ if (!virtio_queue_get_num(vdev, n)) {
- continue;
- }
- r = virtio_ccw_set_guest2host_notifier(dev, n, false, false);
-@@ -188,7 +194,7 @@ typedef struct VirtioFeatDesc {
- static int virtio_ccw_set_vqs(SubchDev *sch, uint64_t addr, uint32_t align,
- uint16_t index, uint16_t num)
- {
-- VirtioCcwDevice *dev = sch->driver_data;
-+ VirtIODevice *vdev = virtio_ccw_get_vdev(sch);
-
- if (index > VIRTIO_PCI_QUEUE_MAX) {
- return -EINVAL;
-@@ -199,23 +205,23 @@ static int virtio_ccw_set_vqs(SubchDev *sch, uint64_t addr, uint32_t align,
- return -EINVAL;
- }
-
-- if (!dev) {
-+ if (!vdev) {
- return -EINVAL;
- }
-
-- virtio_queue_set_addr(dev->vdev, index, addr);
-+ virtio_queue_set_addr(vdev, index, addr);
- if (!addr) {
-- virtio_queue_set_vector(dev->vdev, index, 0);
-+ virtio_queue_set_vector(vdev, index, 0);
- } else {
- /* Fail if we don't have a big enough queue. */
- /* TODO: Add interface to handle vring.num changing */
-- if (virtio_queue_get_num(dev->vdev, index) > num) {
-+ if (virtio_queue_get_num(vdev, index) > num) {
- return -EINVAL;
- }
-- virtio_queue_set_vector(dev->vdev, index, index);
-+ virtio_queue_set_vector(vdev, index, index);
- }
- /* tell notify handler in case of config change */
-- dev->vdev->config_vector = VIRTIO_PCI_QUEUE_MAX;
-+ vdev->config_vector = VIRTIO_PCI_QUEUE_MAX;
- return 0;
- }
-
-@@ -229,6 +235,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
- hwaddr indicators;
- VqConfigBlock vq_config;
- VirtioCcwDevice *dev = sch->driver_data;
-+ VirtIODevice *vdev = virtio_bus_get_device(&dev->bus);
- bool check_len;
- int len;
- hwaddr hw_len;
-@@ -271,7 +278,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
- break;
- case CCW_CMD_VDEV_RESET:
- virtio_ccw_stop_ioeventfd(dev);
-- virtio_reset(dev->vdev);
-+ virtio_reset(vdev);
- ret = 0;
- break;
- case CCW_CMD_READ_FEAT:
-@@ -318,7 +325,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
- features.features = ldl_le_phys(ccw.cda);
- if (features.index < ARRAY_SIZE(dev->host_features)) {
- virtio_bus_set_vdev_features(&dev->bus, features.features);
-- dev->vdev->guest_features = features.features;
-+ vdev->guest_features = features.features;
- } else {
- /*
- * If the guest supports more feature bits, assert that it
-@@ -336,30 +343,30 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
- break;
- case CCW_CMD_READ_CONF:
- if (check_len) {
-- if (ccw.count > dev->vdev->config_len) {
-+ if (ccw.count > vdev->config_len) {
- ret = -EINVAL;
- break;
- }
- }
-- len = MIN(ccw.count, dev->vdev->config_len);
-+ len = MIN(ccw.count, vdev->config_len);
- if (!ccw.cda) {
- ret = -EFAULT;
- } else {
-- virtio_bus_get_vdev_config(&dev->bus, dev->vdev->config);
-+ virtio_bus_get_vdev_config(&dev->bus, vdev->config);
- /* XXX config space endianness */
-- cpu_physical_memory_write(ccw.cda, dev->vdev->config, len);
-+ cpu_physical_memory_write(ccw.cda, vdev->config, len);
- sch->curr_status.scsw.count = ccw.count - len;
- ret = 0;
- }
- break;
- case CCW_CMD_WRITE_CONF:
- if (check_len) {
-- if (ccw.count > dev->vdev->config_len) {
-+ if (ccw.count > vdev->config_len) {
- ret = -EINVAL;
- break;
- }
- }
-- len = MIN(ccw.count, dev->vdev->config_len);
-+ len = MIN(ccw.count, vdev->config_len);
- hw_len = len;
- if (!ccw.cda) {
- ret = -EFAULT;
-@@ -370,9 +377,9 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
- } else {
- len = hw_len;
- /* XXX config space endianness */
-- memcpy(dev->vdev->config, config, len);
-+ memcpy(vdev->config, config, len);
- cpu_physical_memory_unmap(config, hw_len, 0, hw_len);
-- virtio_bus_set_vdev_config(&dev->bus, dev->vdev->config);
-+ virtio_bus_set_vdev_config(&dev->bus, vdev->config);
- sch->curr_status.scsw.count = ccw.count - len;
- ret = 0;
- }
-@@ -396,9 +403,9 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
- if (!(status & VIRTIO_CONFIG_S_DRIVER_OK)) {
- virtio_ccw_stop_ioeventfd(dev);
- }
-- virtio_set_status(dev->vdev, status);
-- if (dev->vdev->status == 0) {
-- virtio_reset(dev->vdev);
-+ virtio_set_status(vdev, status);
-+ if (vdev->status == 0) {
-+ virtio_reset(vdev);
- }
- if (status & VIRTIO_CONFIG_S_DRIVER_OK) {
- virtio_ccw_start_ioeventfd(dev);
-@@ -462,7 +469,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
- ret = -EFAULT;
- } else {
- vq_config.index = lduw_phys(ccw.cda);
-- vq_config.num_max = virtio_queue_get_num(dev->vdev,
-+ vq_config.num_max = virtio_queue_get_num(vdev,
- vq_config.index);
- stw_phys(ccw.cda + sizeof(vq_config.index), vq_config.num_max);
- sch->curr_status.scsw.count = ccw.count - sizeof(vq_config);
-@@ -494,7 +501,6 @@ static int virtio_ccw_device_init(VirtioCcwDevice *dev, VirtIODevice *vdev)
- sch->driver_data = dev;
- dev->sch = sch;
-
-- dev->vdev = vdev;
- dev->indicators = 0;
-
- /* Initialize subchannel structure. */
-@@ -607,7 +613,7 @@ static int virtio_ccw_device_init(VirtioCcwDevice *dev, VirtIODevice *vdev)
- memset(&sch->id, 0, sizeof(SenseId));
- sch->id.reserved = 0xff;
- sch->id.cu_type = VIRTIO_CCW_CU_TYPE;
-- sch->id.cu_model = dev->vdev->device_id;
-+ sch->id.cu_model = vdev->device_id;
-
- /* Only the first 32 feature bits are used. */
- dev->host_features[0] = virtio_bus_get_vdev_features(&dev->bus,
-@@ -891,9 +897,10 @@ static unsigned virtio_ccw_get_features(DeviceState *d)
- static void virtio_ccw_reset(DeviceState *d)
- {
- VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d);
-+ VirtIODevice *vdev = virtio_bus_get_device(&dev->bus);
-
- virtio_ccw_stop_ioeventfd(dev);
-- virtio_reset(dev->vdev);
-+ virtio_reset(vdev);
- css_reset_sch(dev->sch);
- dev->indicators = 0;
- dev->indicators2 = 0;
-@@ -933,9 +940,10 @@ static int virtio_ccw_set_host_notifier(DeviceState *d, int n, bool assign)
- static int virtio_ccw_set_guest_notifier(VirtioCcwDevice *dev, int n,
- bool assign, bool with_irqfd)
- {
-- VirtQueue *vq = virtio_get_queue(dev->vdev, n);
-+ VirtIODevice *vdev = virtio_bus_get_device(&dev->bus);
-+ VirtQueue *vq = virtio_get_queue(vdev, n);
- EventNotifier *notifier = virtio_queue_get_guest_notifier(vq);
-- VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(dev->vdev);
-+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);
-
- if (assign) {
- int r = event_notifier_init(notifier, 0);
-@@ -951,16 +959,16 @@ static int virtio_ccw_set_guest_notifier(VirtioCcwDevice *dev, int n,
- * land in qemu (and only the irq fd) in this code.
- */
- if (k->guest_notifier_mask) {
-- k->guest_notifier_mask(dev->vdev, n, false);
-+ k->guest_notifier_mask(vdev, n, false);
- }
- /* get lost events and re-inject */
- if (k->guest_notifier_pending &&
-- k->guest_notifier_pending(dev->vdev, n)) {
-+ k->guest_notifier_pending(vdev, n)) {
- event_notifier_set(notifier);
- }
- } else {
- if (k->guest_notifier_mask) {
-- k->guest_notifier_mask(dev->vdev, n, true);
-+ k->guest_notifier_mask(vdev, n, true);
- }
- virtio_queue_set_guest_notifier_fd_handler(vq, false, with_irqfd);
- event_notifier_cleanup(notifier);
-@@ -972,7 +980,7 @@ static int virtio_ccw_set_guest_notifiers(DeviceState *d, int nvqs,
- bool assigned)
- {
- VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d);
-- VirtIODevice *vdev = dev->vdev;
-+ VirtIODevice *vdev = virtio_bus_get_device(&dev->bus);
- int r, n;
-
- for (n = 0; n < nvqs; n++) {
diff --git a/0109-virtio-bus-cleanup-plug-unplug-interface.patch b/0109-virtio-bus-cleanup-plug-unplug-interface.patch
deleted file mode 100644
index b8a91f4..0000000
--- a/0109-virtio-bus-cleanup-plug-unplug-interface.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-From fe02fcc2b929e6a678ec783cb80890b79b7dca78 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 20 Sep 2013 16:57:53 +0200
-Subject: [PATCH] virtio-bus: cleanup plug/unplug interface
-
-Right now we have these pairs:
-
-- virtio_bus_plug_device/virtio_bus_destroy_device. The first
- takes a VirtIODevice, the second takes a VirtioBusState
-
-- device_plugged/device_unplug callbacks in the VirtioBusClass
- (here it's just the naming that is inconsistent)
-
-- virtio_bus_destroy_device is not called by anyone (and since
- it calls qdev_free, it would be called by the proxies---but
- then the callback is useless since the proxies can do whatever
- they want before calling virtio_bus_destroy_device)
-
-And there is a k->init but no k->exit, hence virtio_device_exit is
-overwritten by subclasses (except virtio-9p). This cleans it up by:
-
-- renaming the device_unplug callback to device_unplugged
-
-- renaming virtio_bus_plug_device to virtio_bus_device_plugged,
- matching the callback name
-
-- renaming virtio_bus_destroy_device to virtio_bus_device_unplugged,
- removing the qdev_free, making it take a VirtIODevice and calling it
- from virtio_device_exit
-
-- adding a k->exit callback
-
-virtio_device_exit is still overwritten, the next patches will fix that.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/virtio/virtio-bus.c | 18 +++++++++---------
- hw/virtio/virtio.c | 7 ++++++-
- include/hw/virtio/virtio-bus.h | 6 +++---
- include/hw/virtio/virtio.h | 1 +
- 4 files changed, 19 insertions(+), 13 deletions(-)
-
-diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c
-index 669ce38..7aed6a4 100644
---- a/hw/virtio/virtio-bus.c
-+++ b/hw/virtio/virtio-bus.c
-@@ -37,8 +37,8 @@ do { printf("virtio_bus: " fmt , ## __VA_ARGS__); } while (0)
- #define DPRINTF(fmt, ...) do { } while (0)
- #endif
-
--/* Plug the VirtIODevice */
--int virtio_bus_plug_device(VirtIODevice *vdev)
-+/* A VirtIODevice is being plugged */
-+int virtio_bus_device_plugged(VirtIODevice *vdev)
- {
- DeviceState *qdev = DEVICE(vdev);
- BusState *qbus = BUS(qdev_get_parent_bus(qdev));
-@@ -64,20 +64,20 @@ void virtio_bus_reset(VirtioBusState *bus)
- }
- }
-
--/* Destroy the VirtIODevice */
--void virtio_bus_destroy_device(VirtioBusState *bus)
-+/* A VirtIODevice is being unplugged */
-+void virtio_bus_device_unplugged(VirtIODevice *vdev)
- {
-- BusState *qbus = BUS(bus);
-+ DeviceState *qdev = DEVICE(vdev);
-+ BusState *qbus = BUS(qdev_get_parent_bus(qdev));
-+ VirtioBusState *bus = VIRTIO_BUS(qbus);
- VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);
-- VirtIODevice *vdev = virtio_bus_get_device(bus);
-
- DPRINTF("%s: remove device.\n", qbus->name);
-
- if (vdev != NULL) {
-- if (klass->device_unplug != NULL) {
-- klass->device_unplug(qbus->parent);
-+ if (klass->device_unplugged != NULL) {
-+ klass->device_unplugged(qbus->parent);
- }
-- qdev_free(DEVICE(vdev));
- }
- }
-
-diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
-index 2f1e73b..965b2c0 100644
---- a/hw/virtio/virtio.c
-+++ b/hw/virtio/virtio.c
-@@ -1158,14 +1158,19 @@ static int virtio_device_init(DeviceState *qdev)
- if (k->init(vdev) < 0) {
- return -1;
- }
-- virtio_bus_plug_device(vdev);
-+ virtio_bus_device_plugged(vdev);
- return 0;
- }
-
- static int virtio_device_exit(DeviceState *qdev)
- {
- VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
-+ VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(qdev);
-
-+ virtio_bus_device_unplugged(vdev);
-+ if (k->exit) {
-+ k->exit(vdev);
-+ }
- if (vdev->bus_name) {
- g_free(vdev->bus_name);
- vdev->bus_name = NULL;
-diff --git a/include/hw/virtio/virtio-bus.h b/include/hw/virtio/virtio-bus.h
-index ba0f86a..0756545 100644
---- a/include/hw/virtio/virtio-bus.h
-+++ b/include/hw/virtio/virtio-bus.h
-@@ -61,7 +61,7 @@ typedef struct VirtioBusClass {
- * transport independent exit function.
- * This is called by virtio-bus just before the device is unplugged.
- */
-- void (*device_unplug)(DeviceState *d);
-+ void (*device_unplugged)(DeviceState *d);
- /*
- * Does the transport have variable vring alignment?
- * (ie can it ever call virtio_queue_set_align()?)
-@@ -74,9 +74,9 @@ struct VirtioBusState {
- BusState parent_obj;
- };
-
--int virtio_bus_plug_device(VirtIODevice *vdev);
-+int virtio_bus_device_plugged(VirtIODevice *vdev);
- void virtio_bus_reset(VirtioBusState *bus);
--void virtio_bus_destroy_device(VirtioBusState *bus);
-+void virtio_bus_device_unplugged(VirtIODevice *bus);
- /* Get the device id of the plugged device. */
- uint16_t virtio_bus_get_vdev_id(VirtioBusState *bus);
- /* Get the config_len field of the plugged device. */
-diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
-index a90522d..59756c2 100644
---- a/include/hw/virtio/virtio.h
-+++ b/include/hw/virtio/virtio.h
-@@ -127,6 +127,7 @@ typedef struct VirtioDeviceClass {
- /* This is what a VirtioDevice must implement */
- DeviceClass parent;
- int (*init)(VirtIODevice *vdev);
-+ void (*exit)(VirtIODevice *vdev);
- uint32_t (*get_features)(VirtIODevice *vdev, uint32_t requested_features);
- uint32_t (*bad_features)(VirtIODevice *vdev);
- void (*set_features)(VirtIODevice *vdev, uint32_t val);
diff --git a/0110-virtio-blk-switch-exit-callback-to-VirtioDeviceClass.patch b/0110-virtio-blk-switch-exit-callback-to-VirtioDeviceClass.patch
deleted file mode 100644
index 57c2353..0000000
--- a/0110-virtio-blk-switch-exit-callback-to-VirtioDeviceClass.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From aa75555e6fb5cae0e495cb5f7d9f3511ad5ac6ce Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 20 Sep 2013 16:57:54 +0200
-Subject: [PATCH] virtio-blk: switch exit callback to VirtioDeviceClass
-
-This ensures hot-unplug is handled properly by the proxy.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/block/virtio-blk.c | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
-index 49a23c3..aa37cc9 100644
---- a/hw/block/virtio-blk.c
-+++ b/hw/block/virtio-blk.c
-@@ -729,20 +729,18 @@ static int virtio_blk_device_init(VirtIODevice *vdev)
- return 0;
- }
-
--static int virtio_blk_device_exit(DeviceState *dev)
-+static void virtio_blk_device_exit(VirtIODevice *vdev)
- {
-- VirtIODevice *vdev = VIRTIO_DEVICE(dev);
-- VirtIOBlock *s = VIRTIO_BLK(dev);
-+ VirtIOBlock *s = VIRTIO_BLK(vdev);
- #ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
- remove_migration_state_change_notifier(&s->migration_state_notifier);
- virtio_blk_data_plane_destroy(s->dataplane);
- s->dataplane = NULL;
- #endif
- qemu_del_vm_change_state_handler(s->change);
-- unregister_savevm(dev, "virtio-blk", s);
-+ unregister_savevm(DEVICE(vdev), "virtio-blk", s);
- blockdev_mark_auto_del(s->bs);
- virtio_cleanup(vdev);
-- return 0;
- }
-
- static Property virtio_blk_properties[] = {
-@@ -754,10 +752,10 @@ static void virtio_blk_class_init(ObjectClass *klass, void *data)
- {
- DeviceClass *dc = DEVICE_CLASS(klass);
- VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
-- dc->exit = virtio_blk_device_exit;
- dc->props = virtio_blk_properties;
- set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
- vdc->init = virtio_blk_device_init;
-+ vdc->exit = virtio_blk_device_exit;
- vdc->get_config = virtio_blk_update_config;
- vdc->set_config = virtio_blk_set_config;
- vdc->get_features = virtio_blk_get_features;
diff --git a/0111-virtio-serial-switch-exit-callback-to-VirtioDeviceCl.patch b/0111-virtio-serial-switch-exit-callback-to-VirtioDeviceCl.patch
deleted file mode 100644
index 86e48e4..0000000
--- a/0111-virtio-serial-switch-exit-callback-to-VirtioDeviceCl.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 811b51426d9e7819e6498d4dad0d6ac744a8e5d0 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 20 Sep 2013 16:57:55 +0200
-Subject: [PATCH] virtio-serial: switch exit callback to VirtioDeviceClass
-
-This ensures hot-unplug is handled properly by the proxy.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/char/virtio-serial-bus.c | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
-index da417c7..57dd070 100644
---- a/hw/char/virtio-serial-bus.c
-+++ b/hw/char/virtio-serial-bus.c
-@@ -987,12 +987,11 @@ static const TypeInfo virtio_serial_port_type_info = {
- .class_init = virtio_serial_port_class_init,
- };
-
--static int virtio_serial_device_exit(DeviceState *dev)
-+static void virtio_serial_device_exit(VirtIODevice *vdev)
- {
-- VirtIOSerial *vser = VIRTIO_SERIAL(dev);
-- VirtIODevice *vdev = VIRTIO_DEVICE(dev);
-+ VirtIOSerial *vser = VIRTIO_SERIAL(vdev);
-
-- unregister_savevm(dev, "virtio-console", vser);
-+ unregister_savevm(DEVICE(vdev), "virtio-console", vser);
-
- g_free(vser->ivqs);
- g_free(vser->ovqs);
-@@ -1004,7 +1003,6 @@ static int virtio_serial_device_exit(DeviceState *dev)
- g_free(vser->post_load);
- }
- virtio_cleanup(vdev);
-- return 0;
- }
-
- static Property virtio_serial_properties[] = {
-@@ -1016,10 +1014,10 @@ static void virtio_serial_class_init(ObjectClass *klass, void *data)
- {
- DeviceClass *dc = DEVICE_CLASS(klass);
- VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
-- dc->exit = virtio_serial_device_exit;
- dc->props = virtio_serial_properties;
- set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
- vdc->init = virtio_serial_device_init;
-+ vdc->exit = virtio_serial_device_exit;
- vdc->get_features = get_features;
- vdc->get_config = get_config;
- vdc->set_config = set_config;
diff --git a/0112-virtio-net-switch-exit-callback-to-VirtioDeviceClass.patch b/0112-virtio-net-switch-exit-callback-to-VirtioDeviceClass.patch
deleted file mode 100644
index 4bd6ede..0000000
--- a/0112-virtio-net-switch-exit-callback-to-VirtioDeviceClass.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 1582699fb9f748f9f91b015ef311f93bf5a95f5d Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 20 Sep 2013 16:57:56 +0200
-Subject: [PATCH] virtio-net: switch exit callback to VirtioDeviceClass
-
-This ensures hot-unplug is handled properly by the proxy.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/net/virtio-net.c | 11 ++++-------
- 1 file changed, 4 insertions(+), 7 deletions(-)
-
-diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
-index aa1880c..46a4d8c 100644
---- a/hw/net/virtio-net.c
-+++ b/hw/net/virtio-net.c
-@@ -1568,16 +1568,15 @@ static int virtio_net_device_init(VirtIODevice *vdev)
- return 0;
- }
-
--static int virtio_net_device_exit(DeviceState *qdev)
-+static void virtio_net_device_exit(VirtIODevice *vdev)
- {
-- VirtIONet *n = VIRTIO_NET(qdev);
-- VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
-+ VirtIONet *n = VIRTIO_NET(vdev);
- int i;
-
- /* This will stop vhost backend if appropriate. */
- virtio_net_set_status(vdev, 0);
-
-- unregister_savevm(qdev, "virtio-net", n);
-+ unregister_savevm(DEVICE(vdev), "virtio-net", n);
-
- if (n->netclient_name) {
- g_free(n->netclient_name);
-@@ -1608,8 +1607,6 @@ static int virtio_net_device_exit(DeviceState *qdev)
- g_free(n->vqs);
- qemu_del_nic(n->nic);
- virtio_cleanup(vdev);
--
-- return 0;
- }
-
- static void virtio_net_instance_init(Object *obj)
-@@ -1636,10 +1633,10 @@ static void virtio_net_class_init(ObjectClass *klass, void *data)
- {
- DeviceClass *dc = DEVICE_CLASS(klass);
- VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
-- dc->exit = virtio_net_device_exit;
- dc->props = virtio_net_properties;
- set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
- vdc->init = virtio_net_device_init;
-+ vdc->exit = virtio_net_device_exit;
- vdc->get_config = virtio_net_get_config;
- vdc->set_config = virtio_net_set_config;
- vdc->get_features = virtio_net_get_features;
diff --git a/0113-virtio-scsi-switch-exit-callback-to-VirtioDeviceClas.patch b/0113-virtio-scsi-switch-exit-callback-to-VirtioDeviceClas.patch
deleted file mode 100644
index e654a87..0000000
--- a/0113-virtio-scsi-switch-exit-callback-to-VirtioDeviceClas.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From df750f462929ba85a61dbdd6a4020cb4b2ee68d0 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 20 Sep 2013 16:57:57 +0200
-Subject: [PATCH] virtio-scsi: switch exit callback to VirtioDeviceClass
-
-This ensures hot-unplug is handled properly by the proxy.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/scsi/vhost-scsi.c | 11 +++++------
- hw/scsi/virtio-scsi.c | 15 +++++++--------
- include/hw/virtio/virtio-scsi.h | 2 +-
- 3 files changed, 13 insertions(+), 15 deletions(-)
-
-diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c
-index 9e770fb..5e3cc61 100644
---- a/hw/scsi/vhost-scsi.c
-+++ b/hw/scsi/vhost-scsi.c
-@@ -240,11 +240,10 @@ static int vhost_scsi_init(VirtIODevice *vdev)
- return 0;
- }
-
--static int vhost_scsi_exit(DeviceState *qdev)
-+static void vhost_scsi_exit(VirtIODevice *vdev)
- {
-- VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
-- VHostSCSI *s = VHOST_SCSI(qdev);
-- VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(qdev);
-+ VHostSCSI *s = VHOST_SCSI(vdev);
-+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev);
-
- migrate_del_blocker(s->migration_blocker);
- error_free(s->migration_blocker);
-@@ -253,7 +252,7 @@ static int vhost_scsi_exit(DeviceState *qdev)
- vhost_scsi_set_status(vdev, 0);
-
- g_free(s->dev.vqs);
-- return virtio_scsi_common_exit(vs);
-+ virtio_scsi_common_exit(vs);
- }
-
- static Property vhost_scsi_properties[] = {
-@@ -265,10 +264,10 @@ static void vhost_scsi_class_init(ObjectClass *klass, void *data)
- {
- DeviceClass *dc = DEVICE_CLASS(klass);
- VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
-- dc->exit = vhost_scsi_exit;
- dc->props = vhost_scsi_properties;
- set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
- vdc->init = vhost_scsi_init;
-+ vdc->exit = vhost_scsi_exit;
- vdc->get_features = vhost_scsi_get_features;
- vdc->set_config = vhost_scsi_set_config;
- vdc->set_status = vhost_scsi_set_status;
-diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
-index 05da56b..5545993 100644
---- a/hw/scsi/virtio-scsi.c
-+++ b/hw/scsi/virtio-scsi.c
-@@ -643,22 +643,21 @@ static int virtio_scsi_device_init(VirtIODevice *vdev)
- return 0;
- }
-
--int virtio_scsi_common_exit(VirtIOSCSICommon *vs)
-+void virtio_scsi_common_exit(VirtIOSCSICommon *vs)
- {
- VirtIODevice *vdev = VIRTIO_DEVICE(vs);
-
- g_free(vs->cmd_vqs);
- virtio_cleanup(vdev);
-- return 0;
- }
-
--static int virtio_scsi_device_exit(DeviceState *qdev)
-+static void virtio_scsi_device_exit(VirtIODevice *vdev)
- {
-- VirtIOSCSI *s = VIRTIO_SCSI(qdev);
-- VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(qdev);
-+ VirtIOSCSI *s = VIRTIO_SCSI(vdev);
-+ VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev);
-
-- unregister_savevm(qdev, "virtio-scsi", s);
-- return virtio_scsi_common_exit(vs);
-+ unregister_savevm(DEVICE(vdev), "virtio-scsi", s);
-+ virtio_scsi_common_exit(vs);
- }
-
- static Property virtio_scsi_properties[] = {
-@@ -679,10 +678,10 @@ static void virtio_scsi_class_init(ObjectClass *klass, void *data)
- {
- DeviceClass *dc = DEVICE_CLASS(klass);
- VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
-- dc->exit = virtio_scsi_device_exit;
- dc->props = virtio_scsi_properties;
- set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
- vdc->init = virtio_scsi_device_init;
-+ vdc->exit = virtio_scsi_device_exit;
- vdc->set_config = virtio_scsi_set_config;
- vdc->get_features = virtio_scsi_get_features;
- vdc->reset = virtio_scsi_reset;
-diff --git a/include/hw/virtio/virtio-scsi.h b/include/hw/virtio/virtio-scsi.h
-index 9a98540..206c61d 100644
---- a/include/hw/virtio/virtio-scsi.h
-+++ b/include/hw/virtio/virtio-scsi.h
-@@ -187,6 +187,6 @@ typedef struct {
- VIRTIO_SCSI_F_CHANGE, true)
-
- int virtio_scsi_common_init(VirtIOSCSICommon *vs);
--int virtio_scsi_common_exit(VirtIOSCSICommon *vs);
-+void virtio_scsi_common_exit(VirtIOSCSICommon *vs);
-
- #endif /* _QEMU_VIRTIO_SCSI_H */
diff --git a/0114-virtio-balloon-switch-exit-callback-to-VirtioDeviceC.patch b/0114-virtio-balloon-switch-exit-callback-to-VirtioDeviceC.patch
deleted file mode 100644
index 5c921d1..0000000
--- a/0114-virtio-balloon-switch-exit-callback-to-VirtioDeviceC.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From d42ac36363ef9e3d3963c2c31fa7122492dbaf0e Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 20 Sep 2013 16:57:58 +0200
-Subject: [PATCH] virtio-balloon: switch exit callback to VirtioDeviceClass
-
-This ensures hot-unplug is handled properly by the proxy.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/virtio/virtio-balloon.c | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
-index aac7f83..c23facb 100644
---- a/hw/virtio/virtio-balloon.c
-+++ b/hw/virtio/virtio-balloon.c
-@@ -370,16 +370,14 @@ static int virtio_balloon_device_init(VirtIODevice *vdev)
- return 0;
- }
-
--static int virtio_balloon_device_exit(DeviceState *qdev)
-+static void virtio_balloon_device_exit(VirtIODevice *vdev)
- {
-- VirtIOBalloon *s = VIRTIO_BALLOON(qdev);
-- VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
-+ VirtIOBalloon *s = VIRTIO_BALLOON(vdev);
-
- balloon_stats_destroy_timer(s);
- qemu_remove_balloon_handler(s);
-- unregister_savevm(qdev, "virtio-balloon", s);
-+ unregister_savevm(DEVICE(vdev), "virtio-balloon", s);
- virtio_cleanup(vdev);
-- return 0;
- }
-
- static Property virtio_balloon_properties[] = {
-@@ -390,10 +388,10 @@ static void virtio_balloon_class_init(ObjectClass *klass, void *data)
- {
- DeviceClass *dc = DEVICE_CLASS(klass);
- VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
-- dc->exit = virtio_balloon_device_exit;
- dc->props = virtio_balloon_properties;
- set_bit(DEVICE_CATEGORY_MISC, dc->categories);
- vdc->init = virtio_balloon_device_init;
-+ vdc->exit = virtio_balloon_device_exit;
- vdc->get_config = virtio_balloon_get_config;
- vdc->set_config = virtio_balloon_set_config;
- vdc->get_features = virtio_balloon_get_features;
diff --git a/0115-virtio-rng-switch-exit-callback-to-VirtioDeviceClass.patch b/0115-virtio-rng-switch-exit-callback-to-VirtioDeviceClass.patch
deleted file mode 100644
index 6c54e1b..0000000
--- a/0115-virtio-rng-switch-exit-callback-to-VirtioDeviceClass.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 2bb10b85ffa655f91a4777da4f7a5534ee4c266c Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 20 Sep 2013 16:57:59 +0200
-Subject: [PATCH] virtio-rng: switch exit callback to VirtioDeviceClass
-
-This ensures hot-unplug is handled properly by the proxy.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/virtio/virtio-rng.c | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/hw/virtio/virtio-rng.c b/hw/virtio/virtio-rng.c
-index bac8421..6895146 100644
---- a/hw/virtio/virtio-rng.c
-+++ b/hw/virtio/virtio-rng.c
-@@ -184,16 +184,14 @@ static int virtio_rng_device_init(VirtIODevice *vdev)
- return 0;
- }
-
--static int virtio_rng_device_exit(DeviceState *qdev)
-+static void virtio_rng_device_exit(VirtIODevice *vdev)
- {
-- VirtIORNG *vrng = VIRTIO_RNG(qdev);
-- VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
-+ VirtIORNG *vrng = VIRTIO_RNG(vdev);
-
- qemu_del_timer(vrng->rate_limit_timer);
- qemu_free_timer(vrng->rate_limit_timer);
-- unregister_savevm(qdev, "virtio-rng", vrng);
-+ unregister_savevm(DEVICE(vdev), "virtio-rng", vrng);
- virtio_cleanup(vdev);
-- return 0;
- }
-
- static Property virtio_rng_properties[] = {
-@@ -205,10 +203,10 @@ static void virtio_rng_class_init(ObjectClass *klass, void *data)
- {
- DeviceClass *dc = DEVICE_CLASS(klass);
- VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
-- dc->exit = virtio_rng_device_exit;
- dc->props = virtio_rng_properties;
- set_bit(DEVICE_CATEGORY_MISC, dc->categories);
- vdc->init = virtio_rng_device_init;
-+ vdc->exit = virtio_rng_device_exit;
- vdc->get_features = get_features;
- }
-
diff --git a/0116-virtio-pci-add-device_unplugged-callback.patch b/0116-virtio-pci-add-device_unplugged-callback.patch
deleted file mode 100644
index e96fc3b..0000000
--- a/0116-virtio-pci-add-device_unplugged-callback.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From cb2282d55ee34d04a67d74111d69ab098f765680 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Fri, 20 Sep 2013 16:58:00 +0200
-Subject: [PATCH] virtio-pci: add device_unplugged callback
-
-This fixes a crash in hot-unplug of virtio-pci devices behind a PCIe
-switch. The crash happens because the ioeventfd is still set whent the
-child is destroyed (destruction happens in postorder). Then the proxy
-tries to unset to ioeventfd, but the virtqueue structure that holds the
-EventNotifier has been trashed in the meanwhile. kvm_set_ioeventfd_pio
-does not expect failure and aborts.
-
-The fix is simply to move parts of uninitialization to a new
-device_unplugged callback, which is called before the child is destroyed.
-
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/virtio/virtio-pci.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
-index 6fd6d6d..242ec3e 100644
---- a/hw/virtio/virtio-pci.c
-+++ b/hw/virtio/virtio-pci.c
-@@ -1000,6 +1000,15 @@ static void virtio_pci_device_plugged(DeviceState *d)
- proxy->host_features);
- }
-
-+static void virtio_pci_device_unplugged(DeviceState *d)
-+{
-+ PCIDevice *pci_dev = PCI_DEVICE(d);
-+ VirtIOPCIProxy *proxy = VIRTIO_PCI(d);
-+
-+ virtio_pci_stop_ioeventfd(proxy);
-+ msix_uninit_exclusive_bar(pci_dev);
-+}
-+
- static int virtio_pci_init(PCIDevice *pci_dev)
- {
- VirtIOPCIProxy *dev = VIRTIO_PCI(pci_dev);
-@@ -1014,9 +1023,7 @@ static int virtio_pci_init(PCIDevice *pci_dev)
- static void virtio_pci_exit(PCIDevice *pci_dev)
- {
- VirtIOPCIProxy *proxy = VIRTIO_PCI(pci_dev);
-- virtio_pci_stop_ioeventfd(proxy);
- memory_region_destroy(&proxy->bar);
-- msix_uninit_exclusive_bar(pci_dev);
- }
-
- static void virtio_pci_reset(DeviceState *qdev)
-@@ -1550,6 +1557,7 @@ static void virtio_pci_bus_class_init(ObjectClass *klass, void *data)
- k->set_guest_notifiers = virtio_pci_set_guest_notifiers;
- k->vmstate_change = virtio_pci_vmstate_change;
- k->device_plugged = virtio_pci_device_plugged;
-+ k->device_unplugged = virtio_pci_device_unplugged;
- }
-
- static const TypeInfo virtio_pci_bus_info = {
diff --git a/0201-qcow2-Pass-discard-type-to-qcow2_discard_clusters.patch b/0201-qcow2-Pass-discard-type-to-qcow2_discard_clusters.patch
deleted file mode 100644
index b31f925..0000000
--- a/0201-qcow2-Pass-discard-type-to-qcow2_discard_clusters.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 411a7e4ad457f7f3c9f1d02ef9f726ce13a35f08 Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Fri, 6 Sep 2013 12:32:25 +0200
-Subject: [PATCH] qcow2: Pass discard type to qcow2_discard_clusters()
-
-The function will be used internally instead of only being called for
-guest discard requests.
-
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- block/qcow2-cluster.c | 8 ++++----
- block/qcow2.c | 2 +-
- block/qcow2.h | 2 +-
- 3 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
-index cca76d4..8c3185d 100644
---- a/block/qcow2-cluster.c
-+++ b/block/qcow2-cluster.c
-@@ -1317,7 +1317,7 @@ int qcow2_decompress_cluster(BlockDriverState *bs, uint64_t cluster_offset)
- * clusters.
- */
- static int discard_single_l2(BlockDriverState *bs, uint64_t offset,
-- unsigned int nb_clusters)
-+ unsigned int nb_clusters, enum qcow2_discard_type type)
- {
- BDRVQcowState *s = bs->opaque;
- uint64_t *l2_table;
-@@ -1346,7 +1346,7 @@ static int discard_single_l2(BlockDriverState *bs, uint64_t offset,
- l2_table[l2_index + i] = cpu_to_be64(0);
-
- /* Then decrease the refcount */
-- qcow2_free_any_clusters(bs, old_offset, 1, QCOW2_DISCARD_REQUEST);
-+ qcow2_free_any_clusters(bs, old_offset, 1, type);
- }
-
- ret = qcow2_cache_put(bs, s->l2_table_cache, (void**) &l2_table);
-@@ -1358,7 +1358,7 @@ static int discard_single_l2(BlockDriverState *bs, uint64_t offset,
- }
-
- int qcow2_discard_clusters(BlockDriverState *bs, uint64_t offset,
-- int nb_sectors)
-+ int nb_sectors, enum qcow2_discard_type type)
- {
- BDRVQcowState *s = bs->opaque;
- uint64_t end_offset;
-@@ -1381,7 +1381,7 @@ int qcow2_discard_clusters(BlockDriverState *bs, uint64_t offset,
-
- /* Each L2 table is handled by its own loop iteration */
- while (nb_clusters > 0) {
-- ret = discard_single_l2(bs, offset, nb_clusters);
-+ ret = discard_single_l2(bs, offset, nb_clusters, type);
- if (ret < 0) {
- goto fail;
- }
-diff --git a/block/qcow2.c b/block/qcow2.c
-index 7f7282e..16e45a0 100644
---- a/block/qcow2.c
-+++ b/block/qcow2.c
-@@ -1506,7 +1506,7 @@ static coroutine_fn int qcow2_co_discard(BlockDriverState *bs,
-
- qemu_co_mutex_lock(&s->lock);
- ret = qcow2_discard_clusters(bs, sector_num << BDRV_SECTOR_BITS,
-- nb_sectors);
-+ nb_sectors, QCOW2_DISCARD_REQUEST);
- qemu_co_mutex_unlock(&s->lock);
- return ret;
- }
-diff --git a/block/qcow2.h b/block/qcow2.h
-index dba9771..52cf193 100644
---- a/block/qcow2.h
-+++ b/block/qcow2.h
-@@ -405,7 +405,7 @@ uint64_t qcow2_alloc_compressed_cluster_offset(BlockDriverState *bs,
-
- int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m);
- int qcow2_discard_clusters(BlockDriverState *bs, uint64_t offset,
-- int nb_sectors);
-+ int nb_sectors, enum qcow2_discard_type type);
- int qcow2_zero_clusters(BlockDriverState *bs, uint64_t offset, int nb_sectors);
-
- /* qcow2-snapshot.c functions */
diff --git a/0202-qcow2-Discard-VM-state-in-active-L1-after-creating-s.patch b/0202-qcow2-Discard-VM-state-in-active-L1-after-creating-s.patch
deleted file mode 100644
index cb0e92c..0000000
--- a/0202-qcow2-Discard-VM-state-in-active-L1-after-creating-s.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 16d78f7cd9e1455ebb0599706ba5badfa3ee4fdc Mon Sep 17 00:00:00 2001
-From: Kevin Wolf <kwolf@redhat.com>
-Date: Fri, 6 Sep 2013 12:32:26 +0200
-Subject: [PATCH] qcow2: Discard VM state in active L1 after creating snapshot
-
-During savevm, the VM state is written to the active L1 of the image and
-then a snapshot is taken. After that, the VM state isn't needed any more
-in the active L1 and should be discarded. This is implemented by this
-patch.
-
-The impact of not discarding the VM state is that a snapshot can never
-become smaller than any previous snapshot (because it would be padded
-with old VM state), and more importantly that future savevm operations
-cause unnecessary COWs (with associated flushes), which makes subsequent
-snapshots much slower.
-
-Signed-off-by: Kevin Wolf <kwolf@redhat.com>
----
- block/qcow2-snapshot.c | 7 +++++++
- block/qcow2.c | 5 -----
- block/qcow2.h | 5 +++++
- 3 files changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
-index 0caac90..ae33b45 100644
---- a/block/qcow2-snapshot.c
-+++ b/block/qcow2-snapshot.c
-@@ -401,6 +401,13 @@ int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info)
-
- g_free(old_snapshot_list);
-
-+ /* The VM state isn't needed any more in the active L1 table; in fact, it
-+ * hurts by causing expensive COW for the next snapshot. */
-+ qcow2_discard_clusters(bs, qcow2_vm_state_offset(s),
-+ align_offset(sn->vm_state_size, s->cluster_size)
-+ >> BDRV_SECTOR_BITS,
-+ QCOW2_DISCARD_NEVER);
-+
- #ifdef DEBUG_ALLOC
- {
- BdrvCheckResult result = {0};
-diff --git a/block/qcow2.c b/block/qcow2.c
-index 16e45a0..f63c2cb 100644
---- a/block/qcow2.c
-+++ b/block/qcow2.c
-@@ -1666,11 +1666,6 @@ static coroutine_fn int qcow2_co_flush_to_os(BlockDriverState *bs)
- return 0;
- }
-
--static int64_t qcow2_vm_state_offset(BDRVQcowState *s)
--{
-- return (int64_t)s->l1_vm_state_index << (s->cluster_bits + s->l2_bits);
--}
--
- static int qcow2_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
- {
- BDRVQcowState *s = bs->opaque;
-diff --git a/block/qcow2.h b/block/qcow2.h
-index 52cf193..da61d18 100644
---- a/block/qcow2.h
-+++ b/block/qcow2.h
-@@ -324,6 +324,11 @@ static inline int64_t align_offset(int64_t offset, int n)
- return offset;
- }
-
-+static inline int64_t qcow2_vm_state_offset(BDRVQcowState *s)
-+{
-+ return (int64_t)s->l1_vm_state_index << (s->cluster_bits + s->l2_bits);
-+}
-+
- static inline int qcow2_get_cluster_type(uint64_t l2_entry)
- {
- if (l2_entry & QCOW_OFLAG_COMPRESSED) {
diff --git a/0203-hw-9pfs-Fix-errno-value-for-xattr-functions.patch b/0203-hw-9pfs-Fix-errno-value-for-xattr-functions.patch
deleted file mode 100644
index cd7b42f..0000000
--- a/0203-hw-9pfs-Fix-errno-value-for-xattr-functions.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 6f7e1d2bddb5a0a1c65f6f02467460d6edbcc901 Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange@redhat.com>
-Date: Tue, 1 Oct 2013 12:28:17 +0100
-Subject: [PATCH] hw/9pfs: Fix errno value for xattr functions
-
-If there is no operation driver for the xattr type the
-functions return '-1' and set errno to '-EOPNOTSUPP'.
-When the calling code sets 'ret = -errno' this turns
-into a large positive number.
-
-In Linux 3.11, the kernel has switched to using 9p
-version 9p2000.L, instead of 9p2000.u, which enables
-support for xattr operations. This on its own is harmless,
-but for another change which makes it request the xattr
-with a name 'security.capability'.
-
-The result is that the guest sees a succesful return
-of 95 bytes of data, instead of a failure with errno
-set to 95. Since the kernel expects a maximum of 20
-bytes for an xattr return this gets translated to the
-unexpected errno ERANGE.
-
-This all means that when running a binary off a 9p fs
-in 3.11 kernels you get a fun result of:
-
- # ./date
- sh: ./date: Numerical result out of range
-
-The only workaround is to pass 'version=9p2000.u' when
-mounting the 9p fs in the guest, to disable all use of
-xattrs.
-
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
----
- hw/9pfs/virtio-9p-xattr.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/hw/9pfs/virtio-9p-xattr.c b/hw/9pfs/virtio-9p-xattr.c
-index 90ae565..3fae557 100644
---- a/hw/9pfs/virtio-9p-xattr.c
-+++ b/hw/9pfs/virtio-9p-xattr.c
-@@ -36,7 +36,7 @@ ssize_t v9fs_get_xattr(FsContext *ctx, const char *path,
- if (xops) {
- return xops->getxattr(ctx, path, name, value, size);
- }
-- errno = -EOPNOTSUPP;
-+ errno = EOPNOTSUPP;
- return -1;
- }
-
-@@ -123,7 +123,7 @@ int v9fs_set_xattr(FsContext *ctx, const char *path, const char *name,
- if (xops) {
- return xops->setxattr(ctx, path, name, value, size, flags);
- }
-- errno = -EOPNOTSUPP;
-+ errno = EOPNOTSUPP;
- return -1;
-
- }
-@@ -135,7 +135,7 @@ int v9fs_remove_xattr(FsContext *ctx,
- if (xops) {
- return xops->removexattr(ctx, path, name);
- }
-- errno = -EOPNOTSUPP;
-+ errno = EOPNOTSUPP;
- return -1;
-
- }
diff --git a/0204-Fix-pc-migration-from-qemu-1.5.patch b/0204-Fix-pc-migration-from-qemu-1.5.patch
deleted file mode 100644
index ee21194..0000000
--- a/0204-Fix-pc-migration-from-qemu-1.5.patch
+++ /dev/null
@@ -1,202 +0,0 @@
-From 16f89cbf7737626a0ab24a5b0fd7ce4ab940f5a2 Mon Sep 17 00:00:00 2001
-From: Cole Robinson <crobinso@redhat.com>
-Date: Mon, 7 Oct 2013 16:32:24 -0400
-Subject: [PATCH] Fix pc migration from qemu <= 1.5
-
-The following commit introduced a migration incompatibility:
-
-commit 568f0690fd9aa4d39d84b04c1a5dbb53a915c3fe
-Author: David Gibson <david@gibson.dropbear.id.au>
-Date: Thu Jun 6 18:48:49 2013 +1000
-
- pci: Replace pci_find_domain() with more general pci_root_bus_path()
-
-The issue is that i440fx savevm idstr went from 0000:00:00.0/I440FX to
-0000:00.0/I440FX. Unfortunately we are stuck with the breakage for
-1.6 machine types.
-
-Add a compat property to maintain the busted idstr for the 1.6 machine
-types, but revert to the old style format for 1.7+, and <= 1.5.
-
-Tested with migration from qemu 1.5, qemu 1.6, and qemu.git.
-
-Cc: qemu-stable@nongnu.org
----
- hw/i386/pc_piix.c | 11 +++++++++++
- hw/i386/pc_q35.c | 11 +++++++++++
- hw/pci-host/piix.c | 9 ++++++++-
- hw/pci-host/q35.c | 10 ++++++++--
- include/hw/i386/pc.h | 20 ++++++++++++++++++++
- include/hw/pci-host/q35.h | 1 +
- 6 files changed, 59 insertions(+), 3 deletions(-)
-
-diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
-index 2f2cb4d..10866f5 100644
---- a/hw/i386/pc_piix.c
-+++ b/hw/i386/pc_piix.c
-@@ -341,6 +341,13 @@ static void pc_xen_hvm_init(QEMUMachineInitArgs *args)
- }
- #endif
-
-+#define PC_I440FX_MACHINE_OPTIONS \
-+ PC_DEFAULT_MACHINE_OPTIONS, \
-+ .desc = "Standard PC (i440FX + PIIX, 1996)", \
-+ .hot_add_cpu = pc_hot_add_cpu
-+
-+#define PC_I440FX_1_6_MACHINE_OPTIONS PC_I440FX_MACHINE_OPTIONS
-+
- static QEMUMachine pc_i440fx_machine_v1_6 = {
- .name = "pc-i440fx-1.6",
- .alias = "pc",
-@@ -349,6 +356,10 @@ static QEMUMachine pc_i440fx_machine_v1_6 = {
- .hot_add_cpu = pc_hot_add_cpu,
- .max_cpus = 255,
- .is_default = 1,
-+ .compat_props = (GlobalProperty[]) {
-+ PC_COMPAT_1_6,
-+ { /* end of list */ }
-+ },
- DEFAULT_MACHINE_OPTIONS,
- };
-
-diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
-index dd13130..4998ed3 100644
---- a/hw/i386/pc_q35.c
-+++ b/hw/i386/pc_q35.c
-@@ -243,6 +243,13 @@ static void pc_q35_init_1_4(QEMUMachineInitArgs *args)
- pc_q35_init(args);
- }
-
-+#define PC_Q35_MACHINE_OPTIONS \
-+ PC_DEFAULT_MACHINE_OPTIONS, \
-+ .desc = "Standard PC (Q35 + ICH9, 2009)", \
-+ .hot_add_cpu = pc_hot_add_cpu
-+
-+#define PC_Q35_1_6_MACHINE_OPTIONS PC_Q35_MACHINE_OPTIONS
-+
- static QEMUMachine pc_q35_machine_v1_6 = {
- .name = "pc-q35-1.6",
- .alias = "q35",
-@@ -250,6 +257,10 @@ static QEMUMachine pc_q35_machine_v1_6 = {
- .init = pc_q35_init_1_6,
- .hot_add_cpu = pc_hot_add_cpu,
- .max_cpus = 255,
-+ .compat_props = (GlobalProperty[]) {
-+ PC_COMPAT_1_6,
-+ { /* end of list */ }
-+ },
- DEFAULT_MACHINE_OPTIONS,
- };
-
-diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
-index 221d82b..967f949 100644
---- a/hw/pci-host/piix.c
-+++ b/hw/pci-host/piix.c
-@@ -48,6 +48,7 @@ typedef struct I440FXState {
- PCIHostState parent_obj;
- PcPciInfo pci_info;
- uint64_t pci_hole64_size;
-+ uint32_t short_root_bus;
- } I440FXState;
-
- #define PIIX_NUM_PIC_IRQS 16 /* i8259 * 2 */
-@@ -706,13 +707,19 @@ static const TypeInfo i440fx_info = {
- static const char *i440fx_pcihost_root_bus_path(PCIHostState *host_bridge,
- PCIBus *rootbus)
- {
-+ I440FXState *s = I440FX_PCI_HOST_BRIDGE(host_bridge);
-+
- /* For backwards compat with old device paths */
-- return "0000";
-+ if (s->short_root_bus) {
-+ return "0000";
-+ }
-+ return "0000:00";
- }
-
- static Property i440fx_props[] = {
- DEFINE_PROP_SIZE(PCI_HOST_PROP_PCI_HOLE64_SIZE, I440FXState,
- pci_hole64_size, DEFAULT_PCI_HOLE64_SIZE),
-+ DEFINE_PROP_UINT32("short_root_bus", I440FXState, short_root_bus, 0),
- DEFINE_PROP_END_OF_LIST(),
- };
-
-diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
-index 4febd24..f762053 100644
---- a/hw/pci-host/q35.c
-+++ b/hw/pci-host/q35.c
-@@ -61,8 +61,13 @@ static void q35_host_realize(DeviceState *dev, Error **errp)
- static const char *q35_host_root_bus_path(PCIHostState *host_bridge,
- PCIBus *rootbus)
- {
-- /* For backwards compat with old device paths */
-- return "0000";
-+ Q35PCIHost *s = Q35_HOST_DEVICE(host_bridge);
-+
-+ /* For backwards compat with old device paths */
-+ if (s->mch.short_root_bus) {
-+ return "0000";
-+ }
-+ return "0000:00";
- }
-
- static void q35_host_get_pci_hole_start(Object *obj, Visitor *v,
-@@ -108,6 +113,7 @@ static Property mch_props[] = {
- MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT),
- DEFINE_PROP_SIZE(PCI_HOST_PROP_PCI_HOLE64_SIZE, Q35PCIHost,
- mch.pci_hole64_size, DEFAULT_PCI_HOLE64_SIZE),
-+ DEFINE_PROP_UINT32("short_root_bus", Q35PCIHost, mch.short_root_bus, 0),
- DEFINE_PROP_END_OF_LIST(),
- };
-
-diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
-index 475ba9e..a0bbdd9 100644
---- a/include/hw/i386/pc.h
-+++ b/include/hw/i386/pc.h
-@@ -225,7 +225,19 @@ void pvpanic_init(ISABus *bus);
-
- int e820_add_entry(uint64_t, uint64_t, uint32_t);
-
-+#define PC_COMPAT_1_6 \
-+ {\
-+ .driver = "i440FX-pcihost",\
-+ .property = "short_root_bus",\
-+ .value = stringify(1),\
-+ },{\
-+ .driver = "mch",\
-+ .property = "short_root_bus",\
-+ .value = stringify(1),\
-+ }
-+
- #define PC_COMPAT_1_5 \
-+ PC_COMPAT_1_6, \
- {\
- .driver = "Conroe-" TYPE_X86_CPU,\
- .property = "model",\
-@@ -258,6 +270,14 @@ int e820_add_entry(uint64_t, uint64_t, uint32_t);
- .driver = TYPE_X86_CPU,\
- .property = "pmu",\
- .value = "on",\
-+ },{\
-+ .driver = "i440FX-pcihost",\
-+ .property = "short_root_bus",\
-+ .value = stringify(0),\
-+ },{\
-+ .driver = "mch",\
-+ .property = "short_root_bus",\
-+ .value = stringify(0),\
- }
-
- #define PC_COMPAT_1_4 \
-diff --git a/include/hw/pci-host/q35.h b/include/hw/pci-host/q35.h
-index 6eb7ab6..95a3cc2 100644
---- a/include/hw/pci-host/q35.h
-+++ b/include/hw/pci-host/q35.h
-@@ -61,6 +61,7 @@ typedef struct MCHPCIState {
- ram_addr_t above_4g_mem_size;
- uint64_t pci_hole64_size;
- PcGuestInfo *guest_info;
-+ uint32_t short_root_bus;
- } MCHPCIState;
-
- typedef struct Q35PCIHost {
diff --git a/ksmtuned b/ksmtuned
index c96507c..7bc5743 100644
--- a/ksmtuned
+++ b/ksmtuned
@@ -71,10 +71,10 @@ KSMCTL () {
committed_memory () {
# calculate how much memory is committed to running qemu processes
local pidlist
- pidlist=$(pgrep -d ' ' -- '^qemu(-kvm|:.{1,11})$')
+ pidlist=$(pgrep -d ' ' -- '^qemu(-(kvm|system-.+)|:.{1,11})$')
if [ -n "$pidlist" ]; then
ps -p "$pidlist" -o rsz=
- fi | awk '{ sum += $1 }; END { print sum }'
+ fi | awk '{ sum += $1 }; END { print 0+sum }'
}
free_memory () {
diff --git a/qemu.spec b/qemu.spec
index 0560b00..18937f1 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -138,8 +138,8 @@
Summary: QEMU is a FAST! processor emulator
Name: qemu
-Version: 1.6.0
-Release: 10%{?dist}
+Version: 1.6.1
+Release: 1%{?dist}
Epoch: 2
License: GPLv2+ and LGPLv2+ and BSD
Group: Development/Tools
@@ -180,91 +180,42 @@ Source12: bridge.conf
# qemu-kvm back compat wrapper
Source13: qemu-kvm.sh
-# Rebase to pending 1.6.1 stable
-Patch0001: 0001-block-ensure-bdrv_drain_all-works-during-bdrv_delete.patch
-Patch0002: 0002-gdbstub-Fix-gdb_register_coprocessor-register-counti.patch
-Patch0003: 0003-target-ppc-fix-bit-extraction-for-FPBF-and-FPL.patch
-Patch0004: 0004-rdma-silly-ipv6-bugfix.patch
-Patch0005: 0005-scripts-qapi.py-Avoid-syntax-not-supported-by-Python.patch
-Patch0006: 0006-usb-dev-hid-Modified-usb-tablet-category-from-Misc-t.patch
-Patch0007: 0007-scsi-Fix-scsi_bus_legacy_add_drive-scsi-generic-with.patch
-Patch0008: 0008-pc-fix-regression-for-64-bit-PCI-memory.patch
-Patch0009: 0009-pseries-Fix-stalls-on-hypervisor-virtual-console.patch
-Patch0010: 0010-virtio-virtqueue_get_avail_bytes-fix-desc_pa-when-lo.patch
-Patch0011: 0011-xhci-fix-endpoint-interval-calculation.patch
-Patch0012: 0012-Revert-usb-hub-report-status-changes-only-once.patch
-Patch0013: 0013-block-expect-errors-from-bdrv_co_is_allocated.patch
-Patch0014: 0014-target-i386-fix-disassembly-with-PAE-1-PG-0.patch
-Patch0015: 0015-adlib-sort-offsets-in-portio-registration.patch
-Patch0016: 0016-exec-fix-writing-to-MMIO-area-with-non-power-of-two-.patch
-Patch0017: 0017-virtio_pci-fix-level-interrupts-with-irqfd.patch
-Patch0018: 0018-exec-always-use-MADV_DONTFORK.patch
-Patch0019: 0019-xhci-reset-port-when-disabling-slot.patch
-Patch0020: 0020-usb-parallelize-usb3-streams.patch
-Patch0021: 0021-w32-Fix-access-to-host-devices-regression.patch
-Patch0022: 0022-memory-Provide-separate-handling-of-unassigned-io-po.patch
-Patch0023: 0023-Revert-memory-Return-1-again-on-reads-from-unsigned-.patch
-Patch0024: 0024-exec-check-offset_within_address_space-for-register-.patch
-Patch0025: 0025-ne2000-mark-I-O-as-LITTLE_ENDIAN.patch
-Patch0026: 0026-ehci-save-device-pointer-in-EHCIState.patch
-Patch0027: 0027-qxl-fix-local-renderer.patch
-Patch0028: 0028-pc-Initializing-ram_memory-under-Xen.patch
-Patch0029: 0029-pc_q35-Initialize-Xen.patch
-Patch0030: 0030-qapi-types.py-Fix-enum-struct-sizes-on-i686.patch
-Patch0031: 0031-pcnet-pci-mark-I-O-and-MMIO-as-LITTLE_ENDIAN.patch
-Patch0032: 0032-chardev-fix-pty_chr_timer.patch
-Patch0033: 0033-kvmvapic-Catch-invalid-ROM-size.patch
-Patch0034: 0034-kvmvapic-Enter-inactive-state-on-hardware-reset.patch
-Patch0035: 0035-kvmvapic-Clear-also-physical-ROM-address-when-enteri.patch
-Patch0036: 0036-tci-Fix-qemu-alpha-on-32-bit-hosts-wrong-assertions.patch
-Patch0037: 0037-blockdev-do-not-default-cache.no-flush-to-true.patch
-Patch0038: 0038-virtio-blk-do-not-relay-a-previous-driver-s-WCE-conf.patch
-Patch0039: 0039-xhci-emulate-intr-endpoint-intervals-correctly.patch
-Patch0040: 0040-iov-avoid-orig_len-may-be-used-unitialized-warning.patch
-Patch0041: 0041-tap-Use-numbered-tap-tun-devices-on-all-BSD-OS-s.patch
-Patch0042: 0042-rbd-avoid-qemu_rbd_snap_list-memory-leaks.patch
-Patch0043: 0043-vmdk-fix-cluster-size-check-for-flat-extents.patch
-Patch0044: 0044-piix4-disable-io-on-reset.patch
-Patch0045: 0045-coroutine-add-.-configure-disable-coroutine-pool.patch
-Patch0046: 0046-qemu-Adjust-qemu-wakeup.patch
-Patch0047: 0047-qemu-Add-qemu-xen-logic-for-Xen-HVM-S3-resume.patch
-Patch0048: 0048-scsi-Allocate-SCSITargetReq-r-buf-dynamically.patch
-Patch0049: 0049-Update-VERSION-for-1.6.1-release.patch
-
# qemu-kvm migration compat (not for upstream, drop by Fedora 21?)
-Patch0101: 0101-Fix-migration-from-qemu-kvm.patch
+Patch0001: 0001-Fix-migration-from-qemu-kvm.patch
# Fix crash with -M isapc -cpu Haswell (bz #986790)
-Patch0102: 0102-isapc-disable-kvmvapic.patch
+Patch0002: 0002-isapc-disable-kvmvapic.patch
# Fix crash in lsi_soft_reset (bz #1000947)
# Patches posted upstream
-Patch0103: 0103-pci-do-not-export-pci_bus_reset.patch
-Patch0104: 0104-qdev-allow-both-pre-and-post-order-vists-in-qdev-wal.patch
-Patch0105: 0105-qdev-switch-reset-to-post-order.patch
+Patch0003: 0003-pci-do-not-export-pci_bus_reset.patch
+Patch0004: 0004-qdev-allow-both-pre-and-post-order-vists-in-qdev-wal.patch
+Patch0005: 0005-qdev-switch-reset-to-post-order.patch
# CVE-2013-4377: Fix crash when unplugging virtio devices (bz #1012633,
# bz #1012641)
# Patches posted upstream
-Patch0106: 0106-virtio-bus-remove-vdev-field.patch
-Patch0107: 0107-virtio-pci-remove-vdev-field.patch
-Patch0108: 0108-virtio-ccw-remove-vdev-field.patch
-Patch0109: 0109-virtio-bus-cleanup-plug-unplug-interface.patch
-Patch0110: 0110-virtio-blk-switch-exit-callback-to-VirtioDeviceClass.patch
-Patch0111: 0111-virtio-serial-switch-exit-callback-to-VirtioDeviceCl.patch
-Patch0112: 0112-virtio-net-switch-exit-callback-to-VirtioDeviceClass.patch
-Patch0113: 0113-virtio-scsi-switch-exit-callback-to-VirtioDeviceClas.patch
-Patch0114: 0114-virtio-balloon-switch-exit-callback-to-VirtioDeviceC.patch
-Patch0115: 0115-virtio-rng-switch-exit-callback-to-VirtioDeviceClass.patch
-Patch0116: 0116-virtio-pci-add-device_unplugged-callback.patch
+Patch0006: 0006-virtio-bus-remove-vdev-field.patch
+Patch0007: 0007-virtio-pci-remove-vdev-field.patch
+Patch0008: 0008-virtio-ccw-remove-vdev-field.patch
+Patch0009: 0009-virtio-bus-cleanup-plug-unplug-interface.patch
+Patch0010: 0010-virtio-blk-switch-exit-callback-to-VirtioDeviceClass.patch
+Patch0011: 0011-virtio-serial-switch-exit-callback-to-VirtioDeviceCl.patch
+Patch0012: 0012-virtio-net-switch-exit-callback-to-VirtioDeviceClass.patch
+Patch0013: 0013-virtio-scsi-switch-exit-callback-to-VirtioDeviceClas.patch
+Patch0014: 0014-virtio-balloon-switch-exit-callback-to-VirtioDeviceC.patch
+Patch0015: 0015-virtio-rng-switch-exit-callback-to-VirtioDeviceClass.patch
+Patch0016: 0016-virtio-pci-add-device_unplugged-callback.patch
# Fix 'new snapshot' slowness after the first snap (bz #988436)
# Patches queued for upstream
-Patch0201: 0201-qcow2-Pass-discard-type-to-qcow2_discard_clusters.patch
-Patch0202: 0202-qcow2-Discard-VM-state-in-active-L1-after-creating-s.patch
+Patch0101: 0101-qcow2-Pass-discard-type-to-qcow2_discard_clusters.patch
+Patch0102: 0102-qcow2-Discard-VM-state-in-active-L1-after-creating-s.patch
# Fix 9pfs xattrs on kernel 3.11 (bz #1013676)
# Patch posted upstream
-Patch0203: 0203-hw-9pfs-Fix-errno-value-for-xattr-functions.patch
+Patch0103: 0103-hw-9pfs-Fix-errno-value-for-xattr-functions.patch
# Fix migration from qemu <= 1.5
# Patch posted upstream
-Patch0204: 0204-Fix-pc-migration-from-qemu-1.5.patch
+Patch0104: 0104-Fix-pc-migration-from-qemu-1.5.patch
+# Reduce CPU usage when audio is playing (bz #1017644)
+Patch0105: 0105-audio-honor-QEMU_AUDIO_TIMER_PERIOD-instead-of-wakin.patch
BuildRequires: SDL-devel
BuildRequires: zlib-devel
@@ -777,12 +728,18 @@ CAC emulation development files.
%prep
%setup -q
-# Rebase to pending 1.6.1 stable
+# qemu-kvm migration compat (not for upstream, drop by Fedora 21?)
%patch0001 -p1
+# Fix crash with -M isapc -cpu Haswell (bz #986790)
%patch0002 -p1
+# Fix crash in lsi_soft_reset (bz #1000947)
+# Patches posted upstream
%patch0003 -p1
%patch0004 -p1
%patch0005 -p1
+# CVE-2013-4377: Fix crash when unplugging virtio devices (bz #1012633,
+# bz #1012641)
+# Patches posted upstream
%patch0006 -p1
%patch0007 -p1
%patch0008 -p1
@@ -794,74 +751,19 @@ CAC emulation development files.
%patch0014 -p1
%patch0015 -p1
%patch0016 -p1
-%patch0017 -p1
-%patch0018 -p1
-%patch0019 -p1
-%patch0020 -p1
-%patch0021 -p1
-%patch0022 -p1
-%patch0023 -p1
-%patch0024 -p1
-%patch0025 -p1
-%patch0026 -p1
-%patch0027 -p1
-%patch0028 -p1
-%patch0029 -p1
-%patch0030 -p1
-%patch0031 -p1
-%patch0032 -p1
-%patch0033 -p1
-%patch0034 -p1
-%patch0035 -p1
-%patch0036 -p1
-%patch0037 -p1
-%patch0038 -p1
-%patch0039 -p1
-%patch0040 -p1
-%patch0041 -p1
-%patch0042 -p1
-%patch0043 -p1
-%patch0044 -p1
-%patch0045 -p1
-%patch0046 -p1
-%patch0047 -p1
-%patch0048 -p1
-%patch0049 -p1
-
-# qemu-kvm migration compat (not for upstream, drop by Fedora 21?)
-%patch0101 -p1
-# Fix crash with -M isapc -cpu Haswell (bz #986790)
-%patch0102 -p1
-# Fix crash in lsi_soft_reset (bz #1000947)
-# Patches posted upstream
-%patch0103 -p1
-%patch0104 -p1
-%patch0105 -p1
-# CVE-2013-4377: Fix crash when unplugging virtio devices (bz #1012633,
-# bz #1012641)
-# Patches posted upstream
-%patch0106 -p1
-%patch0107 -p1
-%patch0108 -p1
-%patch0109 -p1
-%patch0110 -p1
-%patch0111 -p1
-%patch0112 -p1
-%patch0113 -p1
-%patch0114 -p1
-%patch0115 -p1
-%patch0116 -p1
# Fix 'new snapshot' slowness after the first snap (bz #988436)
# Patches queued for upstream
-%patch0201 -p1
-%patch0202 -p1
+%patch0101 -p1
+%patch0102 -p1
# Fix 9pfs xattrs on kernel 3.11 (bz #1013676)
# Patch posted upstream
-%patch0203 -p1
+%patch0103 -p1
# Fix migration from qemu <= 1.5
# Patch posted upstream
-%patch0204 -p1
+%patch0104 -p1
+# Reduce CPU usage when audio is playing (bz #1017644)
+%patch0105 -p1
%build
@@ -1127,7 +1029,6 @@ install -m 0644 %{SOURCE11} $RPM_BUILD_ROOT%{_udevdir}
# Install rules to use the bridge helper with libvirt's virbr0
install -m 0644 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/qemu
-chmod u+s $RPM_BUILD_ROOT%{_libexecdir}/qemu-bridge-helper
find $RPM_BUILD_ROOT -name '*.la' -or -name '*.a' | xargs rm -f
find $RPM_BUILD_ROOT -name "libcacard.so*" -exec chmod +x \{\} \;
@@ -1243,7 +1144,7 @@ getent passwd qemu >/dev/null || \
%{_mandir}/man1/qemu.1*
%{_mandir}/man1/virtfs-proxy-helper.1*
%{_bindir}/virtfs-proxy-helper
-%{_libexecdir}/qemu-bridge-helper
+%attr(4755, root, root) %{_libexecdir}/qemu-bridge-helper
%config(noreplace) %{_sysconfdir}/sasl2/qemu.conf
%dir %{_sysconfdir}/qemu
%config(noreplace) %{_sysconfdir}/qemu/bridge.conf
@@ -1570,6 +1471,13 @@ getent passwd qemu >/dev/null || \
%endif
%changelog
+* Tue Nov 05 2013 Cole Robinson <crobinso@redhat.com> - 2:1.6.1-1
+- Reduce CPU usage when audio is playing (bz #1017644)
+- Base on qemu 1.6.1 tarball
+- ksmtuned: Fix matching qemu w/o set_process_name (bz #1012604)
+- ksmtuned: Fix committed_memory when no qemu running (bz #1012610)
+- Make sure bridge helper is setuid (bz #1017660)
+
* Wed Oct 09 2013 Cole Robinson <crobinso@redhat.com> - 2:1.6.0-10
- Fix migration from qemu <= 1.5
diff --git a/sources b/sources
index 4936b74..06f99b4 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-f3f39308472d629aca57a255a0c91ba9 qemu-1.6.0.tar.bz2
+3a897d722457c5a895cd6ac79a28fda0 qemu-1.6.1.tar.bz2