public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Matthias Maier" <tamiko@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/
Date: Sun, 12 Nov 2017 20:22:29 +0000 (UTC)	[thread overview]
Message-ID: <1510518111.71ba961e21b1493ae7b335a6e2fa5a6669baf64c.tamiko@gentoo> (raw)

commit:     71ba961e21b1493ae7b335a6e2fa5a6669baf64c
Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 12 20:01:23 2017 +0000
Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>
CommitDate: Sun Nov 12 20:21:51 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71ba961e

app-emulation/qemu: drop obsolete patches

Package-Manager: Portage-2.3.8, Repoman-2.3.4

 .../qemu/files/qemu-2.9.0-CVE-2017-10664.patch     |  47 -----
 .../qemu/files/qemu-2.9.0-CVE-2017-10806.patch     |  50 ------
 .../qemu/files/qemu-2.9.0-CVE-2017-11334.patch     |  40 -----
 .../qemu/files/qemu-2.9.0-CVE-2017-11434.patch     |  29 ---
 .../qemu/files/qemu-2.9.0-CVE-2017-7493.patch      | 174 ------------------
 .../qemu/files/qemu-2.9.0-CVE-2017-8112.patch      |  22 ---
 .../qemu/files/qemu-2.9.0-CVE-2017-8309.patch      |  22 ---
 .../qemu/files/qemu-2.9.0-CVE-2017-8379.patch      |  76 --------
 .../qemu/files/qemu-2.9.0-CVE-2017-8380.patch      |  34 ----
 .../qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch    | 122 -------------
 .../qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch    | 114 ------------
 .../qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch    |  80 ---------
 .../qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch    | 197 ---------------------
 13 files changed, 1007 deletions(-)

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
deleted file mode 100644
index 7db06929cf2..00000000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10664.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 041e32b8d9d076980b4e35317c0339e57ab888f1 Mon Sep 17 00:00:00 2001
-From: Max Reitz <mreitz@redhat.com>
-Date: Sun, 11 Jun 2017 14:37:14 +0200
-Subject: [PATCH] qemu-nbd: Ignore SIGPIPE
-
-qemu proper has done so for 13 years
-(8a7ddc38a60648257dc0645ab4a05b33d6040063), qemu-img and qemu-io have
-done so for four years (526eda14a68d5b3596be715505289b541288ef2a).
-Ignoring this signal is especially important in qemu-nbd because
-otherwise a client can easily take down the qemu-nbd server by dropping
-the connection when the server wants to send something, for example:
-
-$ qemu-nbd -x foo -f raw -t null-co:// &
-[1] 12726
-$ qemu-io -c quit nbd://localhost/bar
-can't open device nbd://localhost/bar: No export with name 'bar' available
-[1]  + 12726 broken pipe  qemu-nbd -x foo -f raw -t null-co://
-
-In this case, the client sends an NBD_OPT_ABORT and closes the
-connection (because it is not required to wait for a reply), but the
-server replies with an NBD_REP_ACK (because it is required to reply).
-
-Signed-off-by: Max Reitz <mreitz@redhat.com>
-Message-Id: <20170611123714.31292-1-mreitz@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- qemu-nbd.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index 9464a0461c..4dd3fd4732 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -581,6 +581,10 @@ int main(int argc, char **argv)
-     sa_sigterm.sa_handler = termsig_handler;
-     sigaction(SIGTERM, &sa_sigterm, NULL);
- 
-+#ifdef CONFIG_POSIX
-+    signal(SIGPIPE, SIG_IGN);
-+#endif
-+
-     module_call_init(MODULE_INIT_TRACE);
-     qcrypto_init(&error_fatal);
- 
--- 
-2.13.0
-

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
deleted file mode 100644
index 0074f5f8c77..00000000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From bd4a683505b27adc1ac809f71e918e58573d851d Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 9 May 2017 13:01:28 +0200
-Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Don't reinvent a broken wheel, just use the hexdump function we have.
-
-Impact: low, broken code doesn't run unless you have debug logging
-enabled.
-
-Reported-by: 李强 <liqiang6-s@360.cn>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Message-id: 20170509110128.27261-1-kraxel@redhat.com
----
- hw/usb/redirect.c | 13 +------------
- 1 file changed, 1 insertion(+), 12 deletions(-)
-
-diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
-index b001a27f05..ad5ef783a6 100644
---- a/hw/usb/redirect.c
-+++ b/hw/usb/redirect.c
-@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
- static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
-     const uint8_t *data, int len)
- {
--    int i, j, n;
--
-     if (dev->debug < usbredirparser_debug_data) {
-         return;
-     }
--
--    for (i = 0; i < len; i += j) {
--        char buf[128];
--
--        n = sprintf(buf, "%s", desc);
--        for (j = 0; j < 8 && i + j < len; j++) {
--            n += sprintf(buf + n, " %02X", data[i + j]);
--        }
--        error_report("%s", buf);
--    }
-+    qemu_hexdump((char *)data, stderr, desc, len);
- }
- 
- /*
--- 
-2.13.0
-

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
deleted file mode 100644
index bfe4c7d89f2..00000000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11334.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-[Qemu-devel] [PULL 21/41] exec: use qemu_ram_ptr_length to access guest 
-From: Prasad J Pandit <address@hidden>
-
-When accessing guest's ram block during DMA operation, use
-'qemu_ram_ptr_length' to get ram block pointer. It ensures
-that DMA operation of given length is possible; And avoids
-any OOB memory access situations.
-
-Reported-by: Alex <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
-Message-Id: <address@hidden>
-Signed-off-by: Paolo Bonzini <address@hidden>
----
- exec.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/exec.c b/exec.c
-index a083ff8..ad103ce 100644
---- a/exec.c
-+++ b/exec.c
-@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
-             }
-         } else {
-             /* RAM case */
--            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
-+            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
-             memcpy(ptr, buf, l);
-             invalidate_and_set_dirty(mr, addr1, l);
-         }
-@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
-             }
-         } else {
-             /* RAM case */
--            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
-+            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
-             memcpy(buf, ptr, l);
-         }
- 
--- 
-1.8.3.1

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
deleted file mode 100644
index 5d32067c7a0..00000000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-11434.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-[Qemu-devel] [PATCH] slirp: check len against dhcp options array end
-From: Prasad J Pandit <address@hidden>
-
-While parsing dhcp options string in 'dhcp_decode', if an options'
-length 'len' appeared towards the end of 'bp_vend' array, ensuing
-read could lead to an OOB memory access issue. Add check to avoid it.
-
-Reported-by: Reno Robert <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- slirp/bootp.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/slirp/bootp.c b/slirp/bootp.c
-index 5a4646c..5dd1a41 100644
---- a/slirp/bootp.c
-+++ b/slirp/bootp.c
-@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
-             if (p >= p_end)
-                 break;
-             len = *p++;
-+            if (p + len > p_end) {
-+                break;
-+            }
-             DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
- 
-             switch(tag) {
--- 
-2.9.4

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
deleted file mode 100644
index 346e7713f74..00000000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001
-From: Greg Kurz <groug@kaod.org>
-Date: Fri, 5 May 2017 14:48:08 +0200
-Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
-
-When using the mapped-file security mode, we shouldn't let the client mess
-with the metadata. The current code already tries to hide the metadata dir
-from the client by skipping it in local_readdir(). But the client can still
-access or modify it through several other operations. This can be used to
-escalate privileges in the guest.
-
-Affected backend operations are:
-- local_mknod()
-- local_mkdir()
-- local_open2()
-- local_symlink()
-- local_link()
-- local_unlinkat()
-- local_renameat()
-- local_rename()
-- local_name_to_path()
-
-Other operations are safe because they are only passed a fid path, which
-is computed internally in local_name_to_path().
-
-This patch converts all the functions listed above to fail and return
-EINVAL when being passed the name of the metadata dir. This may look
-like a poor choice for errno, but there's no such thing as an illegal
-path name on Linux and I could not think of anything better.
-
-This fixes CVE-2017-7493.
-
-Reported-by: Leo Gaspard <leo@gaspard.io>
-Signed-off-by: Greg Kurz <groug@kaod.org>
-Reviewed-by: Eric Blake <eblake@redhat.com>
----
- hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 56 insertions(+), 2 deletions(-)
-
-diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
-index f3ebca4f7a..a2486566af 100644
---- a/hw/9pfs/9p-local.c
-+++ b/hw/9pfs/9p-local.c
-@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
-     return telldir(fs->dir.stream);
- }
- 
-+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name)
-+{
-+    return !strcmp(name, VIRTFS_META_DIR);
-+}
-+
- static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs)
- {
-     struct dirent *entry;
-@@ -465,8 +470,8 @@ again:
-     if (ctx->export_flags & V9FS_SM_MAPPED) {
-         entry->d_type = DT_UNKNOWN;
-     } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
--        if (!strcmp(entry->d_name, VIRTFS_META_DIR)) {
--            /* skp the meta data directory */
-+        if (local_is_mapped_file_metadata(ctx, entry->d_name)) {
-+            /* skip the meta data directory */
-             goto again;
-         }
-         entry->d_type = DT_UNKNOWN;
-@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     /*
-      * Mark all the open to not follow symlinks
-      */
-@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
-     int ret = -1;
-     int odirfd, ndirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     odirfd = local_opendir_nofollow(ctx, odirpath);
-     if (odirfd == -1) {
-         goto out;
-@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path,
- static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
-                               const char *name, V9fsPath *target)
- {
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     if (dir_path) {
-         v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
-     } else if (strcmp(name, "/")) {
-@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir,
-     int ret;
-     int odirfd, ndirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        (local_is_mapped_file_metadata(ctx, old_name) ||
-+         local_is_mapped_file_metadata(ctx, new_name))) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     odirfd = local_opendir_nofollow(ctx, olddir->data);
-     if (odirfd == -1) {
-         return -1;
-@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
-     int ret;
-     int dirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(ctx, dir->data);
-     if (dirfd == -1) {
-         return -1;
--- 
-2.13.0
-

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch
deleted file mode 100644
index 31fb69bf897..00000000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-CVE-2017-8112
-
-https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html
----
- hw/scsi/vmw_pvscsi.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
-index 7557546..4a106da 100644
---- a/hw/scsi/vmw_pvscsi.c
-+++ b/hw/scsi/vmw_pvscsi.c
-@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
-     uint32_t len_log2;
-     uint32_t ring_size;
- 
--    if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
-+    if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
-         return -1;
-     }
-     ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
--- 
-2.9.3

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch
deleted file mode 100644
index 4f7f870210c..00000000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-bug #616870
-
-https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
----
- audio/audio.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/audio/audio.c b/audio/audio.c
-index c8898d8422..beafed209b 100644
---- a/audio/audio.c
-+++ b/audio/audio.c
-@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
-                     sw = sw1;
-                 }
-                 QLIST_REMOVE (cap, entries);
-+                g_free (cap->hw.mix_buf);
-+                g_free (cap->buf);
-                 g_free (cap);
-             }
-             return;
--- 
-2.9.3

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch
deleted file mode 100644
index 0a34dae671c..00000000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-bug #616872
-
-https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html
----
- ui/input.c | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/ui/input.c b/ui/input.c
-index ed88cda6d6..fb1f404095 100644
---- a/ui/input.c
-+++ b/ui/input.c
-@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue =
-     QTAILQ_HEAD_INITIALIZER(kbd_queue);
- static QEMUTimer *kbd_timer;
- static uint32_t kbd_default_delay_ms = 10;
-+static uint32_t queue_count;
-+static uint32_t queue_limit = 1024;
- 
- QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev,
-                                                    QemuInputHandler *handler)
-@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque)
-             break;
-         }
-         QTAILQ_REMOVE(queue, item, node);
-+        queue_count--;
-         g_free(item);
-     }
- }
-@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue,
-     item->delay_ms = delay_ms;
-     item->timer = timer;
-     QTAILQ_INSERT_TAIL(queue, item, node);
-+    queue_count++;
- 
-     if (start_timer) {
-         timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
-@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue,
-     item->src = src;
-     item->evt = evt;
-     QTAILQ_INSERT_TAIL(queue, item, node);
-+    queue_count++;
- }
- 
- static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
-@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
- 
-     item->type = QEMU_INPUT_QUEUE_SYNC;
-     QTAILQ_INSERT_TAIL(queue, item, node);
-+    queue_count++;
- }
- 
- void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt)
-@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down)
-         qemu_input_event_send(src, evt);
-         qemu_input_event_sync();
-         qapi_free_InputEvent(evt);
--    } else {
-+    } else if (queue_count < queue_limit) {
-         qemu_input_queue_event(&kbd_queue, src, evt);
-         qemu_input_queue_sync(&kbd_queue);
-     }
-@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms)
-         kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process,
-                                  &kbd_queue);
-     }
--    qemu_input_queue_delay(&kbd_queue, kbd_timer,
--                           delay_ms ? delay_ms : kbd_default_delay_ms);
-+    if (queue_count < queue_limit) {
-+        qemu_input_queue_delay(&kbd_queue, kbd_timer,
-+                               delay_ms ? delay_ms : kbd_default_delay_ms);
-+    }
- }
- 
- InputEvent *qemu_input_event_new_btn(InputButton btn, bool down)
--- 
-2.9.3

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch
deleted file mode 100644
index 08911dd0bfb..00000000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-bug #616874
-
-https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html
----
- hw/scsi/megasas.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
-index 84b8caf..804122a 100644
---- a/hw/scsi/megasas.c
-+++ b/hw/scsi/megasas.c
-@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
-     case MFI_SEQ:
-         trace_megasas_mmio_writel("MFI_SEQ", val);
-         /* Magic sequence to start ADP reset */
--        if (adp_reset_seq[s->adp_reset] == val) {
--            s->adp_reset++;
-+        if (adp_reset_seq[s->adp_reset++] == val) {
-+            if (s->adp_reset == 6) {
-+                s->adp_reset = 0;
-+                s->diag = MFI_DIAG_WRITE_ENABLE;
-+            }
-         } else {
-             s->adp_reset = 0;
-             s->diag = 0;
-         }
--        if (s->adp_reset == 6) {
--            s->diag = MFI_DIAG_WRITE_ENABLE;
--        }
-         break;
-     case MFI_DIAG:
-         trace_megasas_mmio_writel("MFI_DIAG", val);
--- 
-2.9.3

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
deleted file mode 100644
index 01c81d10ec0..00000000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-1.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-From 87e459a810d7b1ec1638085b5a80ea3d9b43119a Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Thu, 1 Jun 2017 17:26:14 +0200
-Subject: [PATCH] megasas: always store SCSIRequest* into MegasasCmd
-
-This ensures that the request is unref'ed properly, and avoids a
-segmentation fault in the new qtest testcase that is added.
-This is CVE-2017-9503.
-
-Reported-by: Zhangyanyu <zyy4013@stu.ouc.edu.cn>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/scsi/megasas.c    | 31 ++++++++++++++++---------------
- 2 files changed, 51 insertions(+), 15 deletions(-)
-
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
-index 135662df31..734fdaef90 100644
---- a/hw/scsi/megasas.c
-+++ b/hw/scsi/megasas.c
-@@ -609,6 +609,9 @@ static void megasas_reset_frames(MegasasState *s)
- static void megasas_abort_command(MegasasCmd *cmd)
- {
-     /* Never abort internal commands.  */
-+    if (cmd->dcmd_opcode != -1) {
-+        return;
-+    }
-     if (cmd->req != NULL) {
-         scsi_req_cancel(cmd->req);
-     }
-@@ -1017,7 +1020,6 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
-     uint64_t pd_size;
-     uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
-     uint8_t cmdbuf[6];
--    SCSIRequest *req;
-     size_t len, resid;
- 
-     if (!cmd->iov_buf) {
-@@ -1026,8 +1028,8 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
-         info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
-         info->vpd_page83[0] = 0x7f;
-         megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
--        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
--        if (!req) {
-+        cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
-+        if (!cmd->req) {
-             trace_megasas_dcmd_req_alloc_failed(cmd->index,
-                                                 "PD get info std inquiry");
-             g_free(cmd->iov_buf);
-@@ -1036,26 +1038,26 @@ static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
-         }
-         trace_megasas_dcmd_internal_submit(cmd->index,
-                                            "PD get info std inquiry", lun);
--        len = scsi_req_enqueue(req);
-+        len = scsi_req_enqueue(cmd->req);
-         if (len > 0) {
-             cmd->iov_size = len;
--            scsi_req_continue(req);
-+            scsi_req_continue(cmd->req);
-         }
-         return MFI_STAT_INVALID_STATUS;
-     } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
-         megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
--        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
--        if (!req) {
-+        cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
-+        if (!cmd->req) {
-             trace_megasas_dcmd_req_alloc_failed(cmd->index,
-                                                 "PD get info vpd inquiry");
-             return MFI_STAT_FLASH_ALLOC_FAIL;
-         }
-         trace_megasas_dcmd_internal_submit(cmd->index,
-                                            "PD get info vpd inquiry", lun);
--        len = scsi_req_enqueue(req);
-+        len = scsi_req_enqueue(cmd->req);
-         if (len > 0) {
-             cmd->iov_size = len;
--            scsi_req_continue(req);
-+            scsi_req_continue(cmd->req);
-         }
-         return MFI_STAT_INVALID_STATUS;
-     }
-@@ -1217,7 +1219,6 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
-     struct mfi_ld_info *info = cmd->iov_buf;
-     size_t dcmd_size = sizeof(struct mfi_ld_info);
-     uint8_t cdb[6];
--    SCSIRequest *req;
-     ssize_t len, resid;
-     uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
-     uint64_t ld_size;
-@@ -1226,8 +1227,8 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
-         cmd->iov_buf = g_malloc0(dcmd_size);
-         info = cmd->iov_buf;
-         megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
--        req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
--        if (!req) {
-+        cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
-+        if (!cmd->req) {
-             trace_megasas_dcmd_req_alloc_failed(cmd->index,
-                                                 "LD get info vpd inquiry");
-             g_free(cmd->iov_buf);
-@@ -1236,10 +1237,10 @@ static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
-         }
-         trace_megasas_dcmd_internal_submit(cmd->index,
-                                            "LD get info vpd inquiry", lun);
--        len = scsi_req_enqueue(req);
-+        len = scsi_req_enqueue(cmd->req);
-         if (len > 0) {
-             cmd->iov_size = len;
--            scsi_req_continue(req);
-+            scsi_req_continue(cmd->req);
-         }
-         return MFI_STAT_INVALID_STATUS;
-     }
-@@ -1851,7 +1852,7 @@ static void megasas_command_complete(SCSIRequest *req, uint32_t status,
-         return;
-     }
- 
--    if (cmd->req == NULL) {
-+    if (cmd->dcmd_opcode != -1) {
-         /*
-          * Internal command complete
-          */

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
deleted file mode 100644
index 74725a92736..00000000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9503-2.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From 5104fac8539eaf155fc6de93e164be43e1e62242 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Thu, 1 Jun 2017 17:18:23 +0200
-Subject: [PATCH] megasas: do not read DCMD opcode more than once from frame
-
-Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd
-
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/scsi/megasas.c | 25 +++++++++++--------------
- 1 file changed, 11 insertions(+), 14 deletions(-)
-
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
-index c353118882..a3f75c1650 100644
---- a/hw/scsi/megasas.c
-+++ b/hw/scsi/megasas.c
-@@ -63,6 +63,7 @@ typedef struct MegasasCmd {
- 
-     hwaddr pa;
-     hwaddr pa_size;
-+    uint32_t dcmd_opcode;
-     union mfi_frame *frame;
-     SCSIRequest *req;
-     QEMUSGList qsg;
-@@ -513,6 +514,7 @@ static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
-         cmd->context &= (uint64_t)0xFFFFFFFF;
-     }
-     cmd->count = count;
-+    cmd->dcmd_opcode = -1;
-     s->busy++;
- 
-     if (s->consumer_pa) {
-@@ -1562,22 +1564,21 @@ static const struct dcmd_cmd_tbl_t {
- 
- static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
- {
--    int opcode;
-     int retval = 0;
-     size_t len;
-     const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
- 
--    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
--    trace_megasas_handle_dcmd(cmd->index, opcode);
-+    cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
-+    trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode);
-     if (megasas_map_dcmd(s, cmd) < 0) {
-         return MFI_STAT_MEMORY_NOT_AVAILABLE;
-     }
--    while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
-+    while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) {
-         cmdptr++;
-     }
-     len = cmd->iov_size;
-     if (cmdptr->opcode == -1) {
--        trace_megasas_dcmd_unhandled(cmd->index, opcode, len);
-+        trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len);
-         retval = megasas_dcmd_dummy(s, cmd);
-     } else {
-         trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
-@@ -1592,13 +1593,11 @@ static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
- static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
-                                         SCSIRequest *req)
- {
--    int opcode;
-     int retval = MFI_STAT_OK;
-     int lun = req->lun;
- 
--    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
--    trace_megasas_dcmd_internal_finish(cmd->index, opcode, lun);
--    switch (opcode) {
-+    trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun);
-+    switch (cmd->dcmd_opcode) {
-     case MFI_DCMD_PD_GET_INFO:
-         retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
-         break;
-@@ -1606,7 +1605,7 @@ static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
-         retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
-         break;
-     default:
--        trace_megasas_dcmd_internal_invalid(cmd->index, opcode);
-+        trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode);
-         retval = MFI_STAT_INVALID_DCMD;
-         break;
-     }
-@@ -1827,7 +1826,6 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
- {
-     MegasasCmd *cmd = req->hba_private;
-     uint8_t *buf;
--    uint32_t opcode;
- 
-     trace_megasas_io_complete(cmd->index, len);
- 
-@@ -1837,8 +1835,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
-     }
- 
-     buf = scsi_req_get_buf(req);
--    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
--    if (opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
-+    if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
-         struct mfi_pd_info *info = cmd->iov_buf;
- 
-         if (info->inquiry_data[0] == 0x7f) {
-@@ -1849,7 +1846,7 @@ static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
-             memcpy(info->vpd_page83, buf, len);
-         }
-         scsi_req_continue(req);
--    } else if (opcode == MFI_DCMD_LD_GET_INFO) {
-+    } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) {
-         struct mfi_ld_info *info = cmd->iov_buf;
- 
-         if (cmd->iov_buf) {
--- 
-2.13.0
-

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
deleted file mode 100644
index 9d77193b1f6..00000000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-1.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Fri, 26 May 2017 22:04:21 -0500
-Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation
-
-If a non-NBD client connects to qemu-nbd, we would end up with
-a SIGSEGV in nbd_client_put() because we were trying to
-unregister the client's association to the export, even though
-we skipped inserting the client into that list.  Easy trigger
-in two terminals:
-
-$ qemu-nbd -p 30001 --format=raw file
-$ nmap 127.0.0.1 -p 30001
-
-nmap claims that it thinks it connected to a pago-services1
-server (which probably means nmap could be updated to learn the
-NBD protocol and give a more accurate diagnosis of the open
-port - but that's not our problem), then terminates immediately,
-so our call to nbd_negotiate() fails.  The fix is to reorder
-nbd_co_client_start() to ensure that all initialization occurs
-before we ever try talking to a client in nbd_negotiate(), so
-that the teardown sequence on negotiation failure doesn't fault
-while dereferencing a half-initialized object.
-
-While debugging this, I also noticed that nbd_update_server_watch()
-called by nbd_client_closed() was still adding a channel to accept
-the next client, even when the state was no longer RUNNING.  That
-is fixed by making nbd_can_accept() pay attention to the current
-state.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
-
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-Id: <20170527030421.28366-1-eblake@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- nbd/server.c | 8 +++-----
- qemu-nbd.c   | 2 +-
- 2 files changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/nbd/server.c b/nbd/server.c
-index ee59e5d234..49b55f6ede 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
- 
-     if (exp) {
-         nbd_export_get(exp);
-+        QTAILQ_INSERT_TAIL(&exp->clients, client, next);
-     }
-+    qemu_co_mutex_init(&client->send_lock);
-+
-     if (nbd_negotiate(data)) {
-         client_close(client);
-         goto out;
-     }
--    qemu_co_mutex_init(&client->send_lock);
--
--    if (exp) {
--        QTAILQ_INSERT_TAIL(&exp->clients, client, next);
--    }
- 
-     nbd_client_receive_next_request(client);
- 
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index f60842fd86..651f85ecc1 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -325,7 +325,7 @@ out:
- 
- static int nbd_can_accept(void)
- {
--    return nb_fds < shared;
-+    return state == RUNNING && nb_fds < shared;
- }
- 
- static void nbd_export_closed(NBDExport *exp)
--- 
-2.13.0
-

diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
deleted file mode 100644
index e6934b379a2..00000000000
--- a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-9524-2.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Thu, 8 Jun 2017 17:26:17 -0500
-Subject: [PATCH] nbd: Fix regression on resiliency to port scan
-
-Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
-server would not quit, regardless of how many probe connections
-came and went, until a connection actually negotiated).  But we
-broke that in commit ee7d7aa when removing the return value to
-nbd_client_new(), although that patch also introduced a bug causing
-an assertion failure on a client that fails negotiation.  We then
-made it worse during refactoring in commit 1a6245a (a segfault
-before we could even assert); the (masked) assertion was cleaned
-up in d3780c2 (still in 2.6), and just recently we finally fixed
-the segfault ("nbd: Fully intialize client in case of failed
-negotiation").  But that still means that ever since we added
-TLS support to qemu-nbd, we have been vulnerable to an ill-timed
-port-scan being able to cause a denial of service by taking down
-qemu-nbd before a real client has a chance to connect.
-
-Since negotiation is now handled asynchronously via coroutines,
-we no longer have a synchronous point of return by re-adding a
-return value to nbd_client_new().  So this patch instead wires
-things up to pass the negotiation status through the close_fn
-callback function.
-
-Simple test across two terminals:
-$ qemu-nbd -f raw -p 30001 file
-$ nmap 127.0.0.1 -p 30001 && \
-  qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
-
-Note that this patch does not change what constitutes successful
-negotiation (thus, a client must enter transmission phase before
-that client can be considered as a reason to terminate the server
-when the connection ends).  Perhaps we may want to tweak things
-in a later patch to also treat a client that uses NBD_OPT_ABORT
-as being a 'successful' negotiation (the client correctly talked
-the NBD protocol, and informed us it was not going to use our
-export after all), but that's a discussion for another day.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
-
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-Id: <20170608222617.20376-1-eblake@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- blockdev-nbd.c      |  6 +++++-
- include/block/nbd.h |  2 +-
- nbd/server.c        | 24 +++++++++++++++---------
- qemu-nbd.c          |  4 ++--
- 4 files changed, 23 insertions(+), 13 deletions(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index dd0860f4a6..28f551a7b0 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -27,6 +27,10 @@ typedef struct NBDServerData {
- 
- static NBDServerData *nbd_server;
- 
-+static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
-+{
-+    nbd_client_put(client);
-+}
- 
- static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
-                            gpointer opaque)
-@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
-     qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
-     nbd_client_new(NULL, cioc,
-                    nbd_server->tlscreds, NULL,
--                   nbd_client_put);
-+                   nbd_blockdev_client_closed);
-     object_unref(OBJECT(cioc));
-     return TRUE;
- }
-diff --git a/include/block/nbd.h b/include/block/nbd.h
-index 416257abca..8fa5ce51f3 100644
---- a/include/block/nbd.h
-+++ b/include/block/nbd.h
-@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp,
-                     QIOChannelSocket *sioc,
-                     QCryptoTLSCreds *tlscreds,
-                     const char *tlsaclname,
--                    void (*close)(NBDClient *));
-+                    void (*close_fn)(NBDClient *, bool));
- void nbd_client_get(NBDClient *client);
- void nbd_client_put(NBDClient *client);
- 
-diff --git a/nbd/server.c b/nbd/server.c
-index 49b55f6ede..f2b1aa47ce 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
- 
- struct NBDClient {
-     int refcount;
--    void (*close)(NBDClient *client);
-+    void (*close_fn)(NBDClient *client, bool negotiated);
- 
-     bool no_zeroes;
-     NBDExport *exp;
-@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client)
-     }
- }
- 
--static void client_close(NBDClient *client)
-+static void client_close(NBDClient *client, bool negotiated)
- {
-     if (client->closing) {
-         return;
-@@ -793,8 +793,8 @@ static void client_close(NBDClient *client)
-                          NULL);
- 
-     /* Also tell the client, so that they release their reference.  */
--    if (client->close) {
--        client->close(client);
-+    if (client->close_fn) {
-+        client->close_fn(client, negotiated);
-     }
- }
- 
-@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp)
- 
-     nbd_export_get(exp);
-     QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {
--        client_close(client);
-+        client_close(client, true);
-     }
-     nbd_export_set_name(exp, NULL);
-     nbd_export_set_description(exp, NULL);
-@@ -1337,7 +1337,7 @@ done:
- 
- out:
-     nbd_request_put(req);
--    client_close(client);
-+    client_close(client, true);
-     nbd_client_put(client);
- }
- 
-@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
-     qemu_co_mutex_init(&client->send_lock);
- 
-     if (nbd_negotiate(data)) {
--        client_close(client);
-+        client_close(client, false);
-         goto out;
-     }
- 
-@@ -1373,11 +1373,17 @@ out:
-     g_free(data);
- }
- 
-+/*
-+ * Create a new client listener on the given export @exp, using the
-+ * given channel @sioc.  Begin servicing it in a coroutine.  When the
-+ * connection closes, call @close_fn with an indication of whether the
-+ * client completed negotiation.
-+ */
- void nbd_client_new(NBDExport *exp,
-                     QIOChannelSocket *sioc,
-                     QCryptoTLSCreds *tlscreds,
-                     const char *tlsaclname,
--                    void (*close_fn)(NBDClient *))
-+                    void (*close_fn)(NBDClient *, bool))
- {
-     NBDClient *client;
-     NBDClientNewData *data = g_new(NBDClientNewData, 1);
-@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp,
-     object_ref(OBJECT(client->sioc));
-     client->ioc = QIO_CHANNEL(sioc);
-     object_ref(OBJECT(client->ioc));
--    client->close = close_fn;
-+    client->close_fn = close_fn;
- 
-     data->client = client;
-     data->co = qemu_coroutine_create(nbd_co_client_start, data);
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index 651f85ecc1..9464a0461c 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp)
- 
- static void nbd_update_server_watch(void);
- 
--static void nbd_client_closed(NBDClient *client)
-+static void nbd_client_closed(NBDClient *client, bool negotiated)
- {
-     nb_fds--;
--    if (nb_fds == 0 && !persistent && state == RUNNING) {
-+    if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {
-         state = TERMINATE;
-     }
-     nbd_update_server_watch();
--- 
-2.13.0
-


             reply	other threads:[~2017-11-12 20:22 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-12 20:22 Matthias Maier [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-08-20  8:01 [gentoo-commits] repo/gentoo:master commit in: app-emulation/qemu/files/ Joonas Niilola
2023-11-20 20:20 Ulrich Müller
2023-10-22 16:33 Joonas Niilola
2023-02-22 11:32 Sam James
2022-01-12  8:38 Matthias Maier
2022-01-10 21:02 John Helmert III
2022-01-06 19:08 John Helmert III
2021-06-16 20:59 Sergei Trofimovich
2021-03-14 18:53 Conrad Kostecki
2020-09-21 21:48 Conrad Kostecki
2020-07-06 18:40 Sergei Trofimovich
2020-04-18 21:31 Sergei Trofimovich
2019-05-20 16:27 Matthias Maier
2018-03-30  2:54 Aaron Bauman
2018-03-27 15:44 Matthias Maier
2017-12-06 12:42 Michael Palimaka
2017-07-26 19:37 Matthias Maier
2017-07-26 17:15 Matthias Maier
2016-09-05  5:30 Matthias Maier
2016-08-15 20:36 Luca Barbato

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1510518111.71ba961e21b1493ae7b335a6e2fa5a6669baf64c.tamiko@gentoo \
    --to=tamiko@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox