nbd: backport nbd fix from qemu upstream

-nbd: Fix regression with multiple meta contexts

Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>

nbd-Fix-regression-with-multiple-meta-contexts.patch

@@ -0,0 +1,60 @@
+From 32c6cb39cbadd6fc2026ff6311fcf58549f71d49 Mon Sep 17 00:00:00 2001
+From: Pan Nengyuan <pannengyuan@huawei.com>
+Date: Wed, 15 Apr 2020 14:29:04 +0800
+Subject: [PATCH] nbd: Fix regression with multiple meta contexts
+
+Detected by a hang in the libnbd testsuite.  If a client requests
+multiple meta contexts (both base:allocation and qemu:dirty-bitmap:x)
+at the same time, our attempt to silence a false-positive warning
+about a potential uninitialized variable introduced botched logic: we
+were short-circuiting the second context, and never sending the
+NBD_REPLY_FLAG_DONE.  Combining two 'if' into one 'if/else' in
+bdf200a55 was wrong (I'm a bit embarrassed that such a change was my
+initial suggestion after the v1 patch, then I did not review the v2
+patch that actually got committed). Revert that, and instead silence
+the false positive warning by replacing 'return ret' with 'return 0'
+(the value it always has at that point in the code, even though it
+eluded the deduction abilities of the robot that reported the false
+positive).
+
+Fixes: bdf200a5535
+Signed-off-by: Eric Blake <eblake@redhat.com>
+Message-Id: <20200206173832.130004-1-eblake@redhat.com>
+Reviewed-by: Laurent Vivier <laurent@vivier.eu>
+(cherry picked from commit 73e064ccf09d908febc83761addcc6e76feabf78)
+---
+ nbd/server.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/nbd/server.c b/nbd/server.c
+index aefb07d..3630352 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -2304,15 +2304,22 @@ static coroutine_fn int nbd_handle_request(NBDClient *client,
+                                                !client->export_meta.bitmap,
+                                                NBD_META_ID_BASE_ALLOCATION,
+                                                errp);
+-            } else {                     /* client->export_meta.bitmap */
++                if (ret < 0) {
++                    return ret;
++                }
++            } 
++            if (client->export_meta.bitmap) {
+                 ret = nbd_co_send_bitmap(client, request->handle,
+                                          client->exp->export_bitmap,
+                                          request->from, request->len,
+                                          dont_fragment,
+                                          true, NBD_META_ID_DIRTY_BITMAP, errp);
++                if (ret < 0) {
++                    return ret;
++                }
+             }
+ 
+-            return ret;
++            return 0;
+         } else {
+             return nbd_send_generic_reply(client, request->handle, -EINVAL,
+                                           "CMD_BLOCK_STATUS not negotiated",
+-- 
+1.8.3.1
+

qemu.spec

@@ -64,6 +64,7 @@ Patch0051: pcie-Compat-with-devices-which-do-not-support-Link-W.patch
 Patch0052: aio-wait-delegate-polling-of-main-AioContext-if-BQL-not-held.patch
 Patch0053: async-use-explicit-memory-barriers.patch
 Patch0054: Fix-use-afte-free-in-ip_reass-CVE-2020-1983.patch
+Patch0055: nbd-Fix-regression-with-multiple-meta-contexts.patch
 
 BuildRequires: flex
 BuildRequires: bison
@@ -399,6 +400,9 @@ getent passwd qemu >/dev/null || \
 %endif
 
 %changelog
+* Fri Apr 24 2020 backport nbd fix from qemu upstream
+- nbd: Fix regression with multiple meta contexts
+
 * Fri Apr 24 2020 Huawei Technologies Co., Ltd. <fangying1@huawei.com>
 - Fix use-afte-free in ip_reass() (CVE-2020-1983)