Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

* Fix a possible endless loop in USB XHCI code
* Minor fixes for the new readconfig test

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmL7aT8RHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbXm6w//TzGqEkzN6VeYqCgbI5ZuCcu3uL/X7KcO
# vsljTTYeJgE3IuT4RARk4d2/K8xD/mzyxMTHP5SrbCIYSOBY4OusJN55fytX46mb
# cdy3dHWbwaT7y8J+BLpwOg7om+oDp1Q2o1JxPY39BEi5T2C6PBHveDf9XxNv2n2j
# 9kwF0la7EmhmNoUgWyvf3dVoOFS3G4BTP1ZSvjcUNRuAxGLGZ8XOhZYw5zQ4MMTF
# OrNdVPmMDyLjAxpdO5dKItvTs8l0ioSXsbrNK+w2o58U1Wmczkn3BYcel2m+J14v
# XY9jtq9qUHjTmFRCCop0LYitkDvW+mAmptFsc94Y0ulc3JQ1KNvvjBIgNKZGRCkv
# Fw7xdArifc1TMpRdgNP1Gr88LXtSPEaPsHYMRy7AHcv2Abd9zrRm7JMa45mburzp
# jhUvFYCLN2iDgd78HClDAGuRLWAEaJDLkbvxHtJxGW8m9lHHwkrUeLm6uJMrSwu6
# 880O0/ayEz0jw5yDEDC/ooTbcWKgbpZ7KPREciSLTAPsC2orBrBIjlioY1YxfAMZ
# rrP7KvGggP7yWrOn4BKUWRo7NC2WPQ69nJQCTsXij4NlKsWAaJ3EgldKDcFgungk
# DsEm+FQhcDDfeOWN03dNxRxz8bFm1/HbSHgna5C5xnbQbQMiSPYVYWPjzK6E8kKO
# NgjewJS4E7E=
# =5xZ9
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 16 Aug 2022 04:54:07 AM CDT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [undefined]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [undefined]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2022-08-16' of https://gitlab.com/thuth/qemu

:
  hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394)
  tests/qtest: misc tweaks to readconfig

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

A few small fixes:

  - properly un-parent OBJECT(cpu) when closing -user thread
  - add missing timeout to aspeed tests
  - reduce raciness of login: prompt handling for aspeed tests

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmL7XG0ACgkQ+9DbCVqe
# KkRDAAf9EfolGONaDKRaBkzdASuIadVGDr3EUDFe+Ho7cyJjnrOu8XjbOuB9Ayc4
# Vg4ccTSWYtCQdh4HhPOuCSmCoDmvCgnzze+eLS1E/PDNAMH0puPYikacpdp09Nng
# qtPqb9QfaJNy7imrtg43kXWDbUHU21YlgGIguBYCJV5EKBFlNH84iyf5wYjXjQkp
# OXpSGcSdNBJ569g1tksrBZrrSMEMMFHnpDmMxRbNnDlJ/yDKbLI8t0CXLR1hU6le
# IjKWV7ZChEYiTRn+tlVrRdiFJjqhKtOoc9VXlVG67MW9orEQwk0gYVrnhxmC+N0t
# hMcbncw8CgxS270cEqccxxYDF5Uxng==
# =9IHQ
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 16 Aug 2022 03:59:25 AM CDT
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* tag 'pull-for-7.1-fixes-160822-1' of https://github.com/stsquad/qemu

:
  tests/avocado: apply a band aid to aspeed-evb login
  tests/avocado: add timeout to the aspeed tests
  linux-user: un-parent OBJECT(cpu) when closing thread

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

The loop condition in xhci_ring_chain_length() is under control of
the guest, and additionally the code does not check for failed DMA
transfers (e.g. if reaching the end of the RAM), so the loop there
could run for a very long time or even forever. Fix it by checking
the return value of dma_memory_read() and by introducing a maximum
loop length.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/646


Message-Id: <20220804131300.96368-1-thuth@redhat.com>
Reviewed-by: Mauro Matteo Cascella <mcascell@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

The property name parameter is ignored when visiting a top
level type, but the obvious typo should be fixed to avoid
confusion. A few indentation issues were tidied up. We
can break out of the loop when finding the RNG device.
Finally, close the temp FD immediately when no longer
needed.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220809093854.168438-1-berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>

This is really a limitation of the underlying console code which
doesn't allow us to detect the login: and following "#" prompts
because it reads input line wise. By adding a small delay we ensure
that the login prompt has appeared so we don't accidentally spaff the
shell commands to a confused getty in the guest.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Acked-by: John Snow <jsnow@redhat.com>
Message-Id: <20220811151413.3350684-8-alex.bennee@linaro.org>

On some systems the test can hang. At least defining a timeout stops
it from hanging forever.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220811151413.3350684-7-alex.bennee@linaro.org>

While forcing the CPU to unrealize by hand does trigger the clean-up
code we never fully free resources because refcount never reaches
zero. This is because QOM automatically added objects without an
explicit parent to /unattached/, incrementing the refcount.

Instead of manually triggering unrealization just unparent the object
and let the device machinery deal with that for us.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/866


Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220811151413.3350684-2-alex.bennee@linaro.org>

Loongarch docs update

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmL4/I8dHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/kCQf9HTiK6VSrbJXdOLQi
# iGfXwZTcRDxG4brzj+GQ2/nuag2Dg9McADUxs1/3zlb965+CuQdfqtjSzgfxCjzX
# iVvHq3wtCoOQZ5/T+XrFCaew0djkT6N/hBsa33oORXg5o5mAzCIFObuTMnusvjTu
# VPXWe65fxTv3dsHZgjWekRZLu8Bn/anLypJxHzzFbXL3+RTKJ5u6GGVMn0DEcvEq
# ooHYhETBEXmdKCbj2QpRmG1sldiKSMEcBQ6OXPM6ehOgWoucR00/LyKi1ucQq5JP
# gJIEhV4iCKfPHykoTiBcMlz8zqphcn6GgU71Ekv1GGmYxBWBLAj3tfmX4yiFh33p
# x25afA==
# =gfY0
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 14 Aug 2022 08:45:51 AM CDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* tag 'pull-la-20220814' of https://gitlab.com/rth7680/qemu

:
  docs/system/loongarch: Update the LoongArch document

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

1. Add some information about how to boot the LoongArch virt
machine by uefi bios and linux kernel and how to access the
source code or binary file.
2. Move the explanation of LoongArch system emulation in the
target/loongarch/README to docs/system/loongarch/loongson3.rst

Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20220812091957.3338126-1-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Merge tag 'pull-target-arm-20220812' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * Don't report Statistical Profiling Extension in ID registers
 * virt ACPI tables: Present the GICR structure properly for GICv4
 * Fix some typos in documentation
 * tests/unit: fix a -Wformat-truncation warning
 * cutils: Add missing dyld(3) include on macOS

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmL2PP4ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3qLKD/964d9vRe9b1Upv5mTxM7+y
# JxgwvsgVe7HeWBTOIIHsP7y1F+5MduiDDf2BC5XBiwtkVNSeJB1J1QQWkas6baVr
# DiRPiP/D6gG3B9naujCWsI5QbnSlONeunE0R+gYfNK6J/Odidzu6DtNa4PZJ1tcP
# vmZA5eLSAjaCIVmzQYF/Ae7nSoFz/sVR+li+tLSb/ynC+3H+rCry4TrQ7HgGyhjO
# nz4hIOtiYdAqp6hklMeLl6yAPMwZrxCtq51LE+Oj90uh7xt3gs0d29Zlbdc/vQFw
# dSZM/Cm0X+TMV6HHjpKrHnoUH+o+yv/O1q7VFccC4UpLSj7jbB8o/fbCASsBV+Jg
# /Y87G9WjtS6EO5SEqnDTSw5cAEKAqpgzQe8HhEGFa3MymuzkrnBagj59TNa5t4hV
# +maoR2vRb8hnhYDtFsWDPbfhFSCP3MSHki6sP7IMFNQsaUxFDNu2mRn0TOtSx0NB
# n5a/JOby7AeYI5JWyAwQ2T5Hxgh8EeBrPsXDxyy1jA+t67nrlrqdYwyLL5564jU4
# ESuMnuRTWjUnXaF9yhKbe6g1QdVV3OAC6jikzMuYLEHmKC/1MUJT1W4MECzjx1FM
# b0tQ2Q+0mfSfm5YrJqbAIdDg3Cie88pvl/i0POtFBiwoOhPRH6QBzd/b6q6B6zw6
# MPV6QAwBfdQYxJId93shTQ==
# =/sV7
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 12 Aug 2022 04:43:58 AM PDT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]

* tag 'pull-target-arm-20220812' of https://git.linaro.org/people/pmaydell/qemu-arm

:
  cutils: Add missing dyld(3) include on macOS
  hw/arm/virt-acpi-build: Present the GICR structure properly for GICv4
  tests/unit: fix a -Wformat-truncation warning
  Fix some typos in documentation (most of them found by codespell)
  target/arm: Don't report Statistical Profiling Extension in ID registers

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Pull request linux-user 20220812

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmL2LIUSHGxhdXJlbnRA
# dml2aWVyLmV1AAoJEPMMOL0/L748L8QP/iHtv9fsHZe7ANCMd2UjpPo5CZTJxMEa
# T8muaNasIJPoZbQR5WJRsCT8j5lNriWYA/xEBYGYlzvn/ZBK+NnUlBYrRFUX3LwQ
# Oim9gBYReW7nkv2m1Vr5mYXeC1bth4GMqycHSjwJtosYJsp/oTpcQE22/iG3MFBW
# azu+yM/QV7yuoi6EFyuUq5hefQE139W333x01c3qsekVY4cr4Bc81cpsQhWw/4Y4
# e32byrT39vtBvRlC/CuikZXyMqbD+nK+hESkJ9oqI73raC4PaCg10WNHMr1m/pw1
# ITPeH6iphVmyOckidHsbBLDkC4FQEVNo9R4j13Nk2gqU3VyLk73Say2GGvXrUEBJ
# a50XvV897N1M8ZiRUifYnNgawtO7sIOuQViofQtCcIfal9h2AV5Zjnm/5tJXGpnB
# F0U7hi5bootHtJFMLCBOWLhWVT7SNrzi1ijCFs2irj6grSyvJ9LU7yRHj0pOVC43
# WopdzPuxBWye8jRo2YgDQx5BZkBtlmWJgfbhYL3QVFX5wp8vqAgdXl0dXqdid5RN
# 5RCdBj9HAFwEUqL8n4LVI0EbrjI/IQlVwhZmBjQx3lBh4o08d7AUGUSQnZHDcy3C
# W6dTkfqPleqdOw5xS9Rw3rHJPHcuGWQNA4MMyvztbMivU/TYN7fwBdXouI9KeeBk
# wfYTi+n/bkeR
# =4v8b
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 12 Aug 2022 03:33:41 AM PDT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [undefined]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [undefined]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* tag 'linux-user-for-7.1-pull-request' of https://gitlab.com/laurent_vivier/qemu

:
  linux-user/aarch64: Reset target data on MADV_DONTNEED

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Commit 06680b15 moved qemu_*_exec_dir() to cutils but forgot
to move the macOS dyld(3) include, resulting in the following
error (when building with Homebrew GCC on macOS Monterey 12.4):

  [313/1197] Compiling C object libqemuutil.a.p/util_cutils.c.o
  FAILED: libqemuutil.a.p/util_cutils.c.o
  ../../util/cutils.c:1039:13: error: implicit declaration of function '_NSGetExecutablePath' [-Werror=implicit-function-declaration]
   1039 |         if (_NSGetExecutablePath(fpath, &len) == 0) {
        |             ^~~~~~~~~~~~~~~~~~~~
  ../../util/cutils.c:1039:13: error: nested extern declaration of '_NSGetExecutablePath' [-Werror=nested-externs]

Fix by moving the include line to cutils.

Fixes: 06680b15 ("include: move qemu_*_exec_dir() to cutils")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220809222046.30812-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

With the introduction of the new TCG GICv4, build_madt() is badly broken
as we do not present any GIC Redistributor structure in MADT for GICv4
guests, so that they have no idea about where the Redistributor
register frames are. This fixes a Linux guest crash at boot time with
ACPI enabled and '-machine gic-version=4'.

While at it, let's convert the remaining hard coded gic_version into
enumeration VIRT_GIC_VERSION_2 for consistency.

Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Message-id: 20220812022018.1069-1-yuzenghui@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

../tests/test-qobject-input-visitor.c: In function ‘test_visitor_in_list’:
../tests/test-qobject-input-visitor.c:454:49: warning: ‘%d’ directive output may be truncated writing between 1 and 10 bytes into a region of size 6 [-Wformat-truncation=]
  454 |         snprintf(string, sizeof(string), "string%d", i);
      |                                                 ^~
../tests/test-qobject-input-visitor.c:454:42: note: directive argument in the range [0, 2147483606]
  454 |         snprintf(string, sizeof(string), "string%d", i);
      |                                          ^~~~~~~~~~
../tests/test-qobject-input-visitor.c:454:9: note: ‘snprintf’ output between 8 and 17 bytes into a destination of size 12
  454 |         snprintf(string, sizeof(string), "string%d", i);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rather than trying to be clever, since this is called 3 times during
tests, let's simply use g_strdup_printf().

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20220810121513.1356081-1-marcandre.lureau@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: fixed commit message typos]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Message-id: 20220812075642.1200578-1-sw@weilnetz.de
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

The newly added neoverse-n1 CPU has ID register values which indicate
the presence of the Statistical Profiling Extension, because the real
hardware has this feature.  QEMU's TCG emulation does not yet
implement SPE, though (not even as a minimal stub implementation), so
guests will crash if they try to use it because the SPE system
registers don't exist.

Force ID_AA64DFR0_EL1.PMSVer to 0 in CPU realize for TCG, so that
we don't advertise to the guest a feature that doesn't exist.

(We could alternatively do this by editing the value that
aarch64_neoverse_n1_initfn() sets for this ID register, but
suppressing the field in realize means we won't re-introduce this bug
when we add other CPUs that have SPE in hardware, such as the
Neoverse-V1.)

An example of a non-booting guest is current mainline Linux (5.19),
when booting in EL2 on the virt board (ie with -machine
virtualization=on).

Reported-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Zenghui Yu <yuzenghui@huawei.com>
Message-id: 20220811131127.947334-1-peter.maydell@linaro.org

aarch64 stores MTE tags in target_date, and they should be reset by
MADV_DONTNEED.

Signed-off-by: Vitaly Buka <vitalybuka@google.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220711220028.2467290-1-vitalybuka@google.com>
[lv: fix code style issues]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>

Pull request linux-user 20220810

fix compat with glibc >= 2.36 sys/mount.h

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmLz4coSHGxhdXJlbnRA
# dml2aWVyLmV1AAoJEPMMOL0/L7487vMP/RjW8WI+0SliCfLPUcRvymeu9Feyzlit
# fj/s1sONL3TDZYWV2AhIM5mKYPPWDh7z8aNnIgOc5pnIMOw9MDX33ynTWvh0ZhPb
# EMSRqPDUFDaC4JMnlw3rSZpUj5PdZjDrlK4RGLqS+vPjd+xo5fETcYTA+zEovLJ3
# RfNk0QVvfYX5V0aLDlNBQQSxWb+Sq4Nlp00oUAwGsIZ3+GHBr83+4NQ0/oUIDq3F
# 6SpZ4tsZpPvIDNZihP7yNQVWFiIiCIEY6naYDSKxDgKb1HP/6pYxFFn2pmXSrD21
# ew9FxHzGNrqwlTxRbgjxNHvG33Y03NygNrXxI5sp00r6KnXXd05pIAtOLhJUjREY
# ErdJgNFDBeCujBmmNE5zD/dnaUoPdsSjGljPXiyjsMPSAHe2uEkmT6P0ZMGXTeTT
# eHbfTKQXs7cFhMtYPGDrKwREYKnEZz+zqfgx0+BWfShVSZr+tMpeXZ4TCgYNO2Ur
# s2budJJy3fkbz809l4weIHhF7iuPAzEbCV4TY+t/wm0W/nJnQ4WSy5bXGfqH+Pk5
# e20nUhiiuvXGo5CwefSKWQ2Fz9RHOZ1LszI8rZkVbYdfAxcWs3oG/1jDNgTcZLXu
# RJq0uMj+JPW3DPk61qRW5jp0UFwOCaanOf1jVNvlSXF/tu0ufeII6gyUElwpEUOt
# DDXrqodv7ZkX
# =G/l+
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 10 Aug 2022 09:50:18 AM PDT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [undefined]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [undefined]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* tag 'linux-user-for-7.1-pull-request' of https://gitlab.com/laurent_vivier/qemu

:
  linux-user: fix compat with glibc >= 2.36 sys/mount.h

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

The latest glibc 2.36 has extended sys/mount.h so that it
defines the FSCONFIG_* enum constants. These are historically
defined in linux/mount.h, and thus if you include both headers
the compiler complains:

In file included from /usr/include/linux/fs.h:19,
                 from ../linux-user/syscall.c:98:
/usr/include/linux/mount.h:95:6: error: redeclaration of 'enum fsconfig_command'
   95 | enum fsconfig_command {
      |      ^~~~~~~~~~~~~~~~
In file included from ../linux-user/syscall.c:31:
/usr/include/sys/mount.h:189:6: note: originally defined here
  189 | enum fsconfig_command
      |      ^~~~~~~~~~~~~~~~
/usr/include/linux/mount.h:96:9: error: redeclaration of enumerator 'FSCONFIG_SET_FLAG'
   96 |         FSCONFIG_SET_FLAG       = 0,    /* Set parameter, supplying no value */
      |         ^~~~~~~~~~~~~~~~~
/usr/include/sys/mount.h:191:3: note: previous definition of 'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command'
  191 |   FSCONFIG_SET_FLAG       = 0,    /* Set parameter, supplying no value */
      |   ^~~~~~~~~~~~~~~~~
...snip...

QEMU doesn't include linux/mount.h, but it does use
linux/fs.h and thus gets linux/mount.h indirectly.

glibc acknowledges this problem but does not appear to
be intending to fix it in the forseeable future, simply
documenting it as a known incompatibility with no
workaround:

  https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
  https://sourceware.org/glibc/wiki/Synchronizing_Headers



To address this requires either removing use of sys/mount.h
or linux/fs.h, despite QEMU needing declarations from
both.

This patch removes linux/fs.h, meaning we have to define
various FS_IOC constants that are now unavailable.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20220802164134.1851910-1-berrange@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Merge tag 'trivial-branch-for-7.1-pull-request' of https://gitlab.com/laurent_vivier/qemu into staging

Pull request trivial branch 20220809

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmLykYgSHGxhdXJlbnRA
# dml2aWVyLmV1AAoJEPMMOL0/L74881MP/1UL3bfp1/tzxeN5wvT0mAdrKcj8obPE
# 5BB0QPD48NL8JqWq9HLLhX2vmAi2ibhPptpJkn+kXsqj8OW4Qp1JyWggZgD7O3mz
# S2OjVcpWrClhugoGhRUBm6G6kPsYjIBU0dLAINsyL6ETBZpIdkU/axLUJ6b2Wrm0
# eIQm6xNkGRhFAuya7MOX5ObzNylix2t1+QLxJMbA3XOCwl9PQRh7Wb/0oRhFMWZ9
# xCjraG9Jv1IxG28gGxMbUa2Ic7VTcVs+X+iu98AP7P3HBe/I31aXAmAf47MbMirk
# NJEYI9nDLZJyQmLgmBmyrQ+FIidDVhG7FURzIYeOoREv+xotQt6CTBNLKOcc4ccO
# YRy05JeUNeCJ015r8MZdiTwAwsbY0XPMijgqngqaWCw1BJO/luCdvUX6D4ehC5aZ
# zJPr7jJdqyhIZJjvPawoJSRsvWU495BCtyORtnU1T3uunEEu9vHLQKEy8gWtyitJ
# 7R6E/Mj4IzB9T0Kvz2acGBtxmtTshonjXaYgb11QRI5SWEUUhDNN64839opDPAW8
# PSmRZwfwkhIUlb9eRIEPMFScEEbQVgU+dAngSZva9un9ED2adPMreWHQrinMxQM4
# jtGAfG3RMQUh7b3VBlS87y0N+b2FSIrL9x0ujcozwuh0JMeiWxx+9AUq4dH8m2HU
# YZb3LXjm8i/P
# =o5gT
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 09 Aug 2022 09:55:36 AM PDT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [undefined]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [undefined]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* tag 'trivial-branch-for-7.1-pull-request' of https://gitlab.com/laurent_vivier/qemu

:
  xlnx_dp: drop unsupported AUXCommand in xlnx_dp_aux_set_command
  contrib/vhost-user-blk: Clean up deallocation of VuVirtqElement

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Merge tag 'pull-target-arm-20220809' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * icount: Take iothread lock when running QEMU timers

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmLyTy0ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3o2MEACpdpgpJd+OObHRSLZqQJbL
# 83X/aSSnBIFTeV1IlGC6sHbARffcKsEDQ/ktpmwvrABAJwEzTfaddSQADwlUefLJ
# 1L6Co1MpcOXnYZUIeaWAmN0POKKExB3gjrF19d9Dz9zHvm8Vu0CH/c/3iHsCVfd0
# +v00Pudd11ePWFn+BL6xjDN31OfZexqHVDbhKxoTAjj5BK0AJJAObBQUrp28UrbE
# 1qfg+BZMo/fPPLxRelmGIQLLr8UPEIyNoWZKRcuarJHbqhxqcPe1qIezMHPhMpzn
# vSzjiaYJVOxqj1gzj0Z+J7MSd0jNXVDQn0p7A0nEg7vT4mMt8+hhAuYqW0qAFCmQ
# 1rxiiGGKp5fmK7K+WfraaXqqXqi2P1078moVyg1rGdL5wYfZHyQoldDDNQwHoJkz
# DG6da5hiZjQn1nmL3OyyS0peyLzIE7DmFLP6xw+Op5Hrx/alVBrhpN1qPMzd7wG0
# TmrG//BtIIF5EiZw8oZqrvjcL//lzPvtM1EYmw/jTraV+KSO5anl2vjEi+VN5ngr
# zXPfvgupVoSqr/nCtitp+H71yogOWYp/FkE2xBgIS8qW4bQycPpX+qoi/0I1upTw
# 5FZYTTh6t5IBF8emc/1jQDUi8VlcT7Nz7Kma8fCdHI11xm8m5JI0+hfVkHEs2HQV
# lB+1HhMoJJ3pCzqJiWeINA==
# =xyyN
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 09 Aug 2022 05:12:29 AM PDT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]

* tag 'pull-target-arm-20220809' of https://git.linaro.org/people/pmaydell/qemu-arm

:
  icount: Take iothread lock when running QEMU timers

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

# -----BEGIN PGP SIGNATURE-----
# Version: GnuPG v1
#
# iQEcBAABAgAGBQJi8iLAAAoJEO8Ells5jWIRrdMIAI1T5lgOhv2DfHXA6bElokIx
# 10NQ0dG5IBhO6l56p6Um95+tMDMfYBDjc8YOI1qv3L1PZOXdeHjs2ldUg8f0cmFP
# asvY1EJJW4SlCI0hk/Jb6oXf8BoVnNEnMmNGg8qRmVyEw2sFYkNhhA9dXH+537GN
# K0ZFOmfsYpn3EzKyqooln8XLT9lPsXX9LC1Oh0Jz1YmRn6y8/rngR1DWAEyr6MnL
# 5iGIyv5VEdeU1sQJRrH9DyCCGLlILCCUa2yo1RkV+Ac/qPdKWfkyE6K6kUelzGbp
# qqP9+rDpF3LwokqAI+8tJCwc6WqLL3Y/Ddb1J6gzydh8WcszjlXPjcBn8FeKXzk=
# =hAhp
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 09 Aug 2022 02:02:56 AM PDT
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* tag 'net-pull-request' of https://github.com/jasowang/qemu

:
  hw/net/rocker: Avoid undefined shifts with more than 31 ports

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

The function icount_prepare_for_run() is called with the iothread
unlocked, but it can call icount_notify_aio_contexts() which will
run qemu timer handlers. Those are supposed to be run only with
the iothread lock held, so take the lock while we do that.

Since icount mode runs everything on a single thread anyway,
not holding the lock is likely mostly not going to introduce
races, but it can cause us to trip over assertions that we
do hold the lock, such as the one reported in issue 1130.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1130


Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Message-id: 20220801164527.3134765-1-peter.maydell@linaro.org

In rocker_port_phys_link_status() and rocker_port_phys_enable_read()
we construct a 64-bit value with one bit per front-panel port.
However we accidentally do the shift as 32-bit arithmetic, which
means that if there are more than 31 front-panel ports this is
undefined behaviour.

Fix the problem by ensuring we use 64-bit arithmetic for the whole
calculation. (We won't ever shift off the 64-bit value because
ROCKER_FP_PORTS_MAX is 62.)

Resolves: Coverity CID 1487121, 1487160
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>

loongarch: fix emulation of fcsr register

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmLxy0UdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV91ZggAjgUGqrFRZFR72C5m
# cNkgB6f5rzc6hgnqwstsQpvKOXKu8WH9+6xJHoQKau1NY2KNdLnt1itpThL3K2+c
# nh0E/w/DrTiaq4NsbWu3SrkTSGW+zcdhljQff6gyyLZyLQAY34Ej2hBhKfva3sRZ
# Y/Lm8euq6d559LWvN/Nyo11RBPdSq+KPtfGcGdOynY+OBFsDmXDTjdjGDFHQESh2
# +WnXcjlXq46vLOuZ6LLiNIHRbvFdfjcr5pqKKlESedA+wikgxP+ZeoIx+7HxlZe3
# CpYTzbmhoz5n3seRRAl5CouxGsEfL7plUn3BS+InabthE+qE6xvgvS9vcd1YMkg1
# eoKefQ==
# =Sk/5
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 08 Aug 2022 07:49:41 PM PDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* tag 'pull-la-20220808' of https://gitlab.com/rth7680/qemu

:
  target/loongarch: Remove cpu_fcsr0

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

All of the fpu operations are defined with TCG_CALL_NO_WG, but they
all modify FCSR0.  The most efficient way to fix this is to remove
cpu_fcsr0, and instead use explicit load and store operations for the
two instructions that manipulate that value.

Acked-by: Qi Hu <huqi@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Reported-by: Feiyang Chen <chenfeiyang@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

MIPS/SPARC patches queue

- target/mips: Handle lock_user failure in UHI_plog semihosting (Peter Maydell)
- hw/mips/malta: Turn off x86 specific features of PIIX4 PM (Igor Mammedov)
- hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses (Peter Maydell)

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmLxjkMACgkQ4+MsLN6t
# wN4DhQ/+L/lcVmz/hoIDsjyqMBpBYMYEftlytyuXUDqp9+1CGQpXXzf6cmXwiMK5
# DDP/q0PR508tevljDuc7A01ThkN5Vx8FcEpCaD54AjZ5n0BxSLl0Yw9Leftq8doD
# Nk0YonVEY1tNXYV/KGWsiA7Xhkm3pL66Jzc0fyotNhzsI/dGxTVO9vLTgLl4/Hxv
# iMj0AxPIOrKEsom61k6QKLgE5ZC3yIPZb+6upSwrQfx6oMtIac5NofEjNCuR0Uy5
# PgM6ZJKAM376JlP4hdJ91K04Wg8ql+ze/x2jpjbR0S3QRz4TbH57hJ00nNRLxDep
# 5hHE7FIg6xf7sJv8ukwLK31zOiT46Azkr1wG97mZ7NyxxT7VTXtKgje6IENLGCgy
# sCMWIEnrOh03seMShaCRqPcguYUR+XaMc+Hpv9XCu3ZvniI2CUpmVlm8M0t3hqVK
# XCMwSsXJZ2w4522lUAJio2a10dsHJDg8U81n1KozTRUEZ8QBVlkqNLAIsROKl1Fr
# LMsv9408nQLkAhYCBeZArw8ayITLTPqlE/S7fiLwwa6e8lPpkMyz/RlN16QsCSHr
# zQO0iwY4kldn7QekKPTMQE73sW5ziBIOe7P6F5jtexbeaY0vJ5ph8Kfrq6hUVuqN
# ieQVSi4psz43fpIjNodTk0nnsqAJXZ/7vy0sS38DvwQjBZojWIk=
# =RIZd
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 08 Aug 2022 03:29:23 PM PDT
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]

* tag 'mips-20220809' of https://github.com/philmd/qemu

:
  hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses
  hw/mips/malta: turn off x86 specific features of PIIX4_PM
  target/mips: Handle lock_user() failure in UHI_plog semihosting call

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

In real hardware, the APB and AHB PNP data tables can be accessed
with byte and halfword reads as well as word reads.  Our
implementation currently only handles word reads.  Add support for
the 8 and 16 bit accesses.  Note that we only need to handle aligned
accesses -- unaligned accesses should continue to trap, as happens on
hardware.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1132


Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Frederic Konrad <fkonrad@amd.com>
Message-Id: <20220802131925.3380923-1-peter.maydell@linaro.org>
Tested-by: Tomasz Martyniak <gitlab.com/tom4r>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

QEMU crashes trying to save VMSTATE when only MIPS target are compiled in
  $ qemu-system-mips -monitor stdio
  (qemu) migrate "exec:gzip -c > STATEFILE.gz"
  Segmentation fault (core dumped)

It happens due to PIIX4_PM trying to parse hotplug vmstate structures
which are valid only for x86 and not for MIPS (as it requires ACPI
tables support which is not existent for ithe later)

Issue was probably exposed by trying to cleanup/compile out unused
ACPI bits from MIPS target (but forgetting about migration bits).

Disable compiled out features using compat properties as the least
risky way to deal with issue.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/995


Reviewed-by: Ani Sinha <ani@anisinha.ca>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20220728115034.1327988-1-imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Coverity notes that we forgot to check the error return from
lock_user() in one place in the handling of the UHI_plog semihosting
call.  Add the missing error handling.

report_fault() is rather brutal in that it will call abort(), but
this is the same error-handling used in the rest of this file.

Resolves: Coverity CID 1490684
Fixes: ea421060 ("target/mips: Avoid qemu_semihosting_log_out for UHI_plog")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220719191737.384744-1-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

* Fix and tests for -readconfig
* Fixes for changeable block size

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmLxB6wUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroMbgQgAmj38xh/KurUvjAwlki9OF+jIXem/
# r7eHtc6wG/dGN7CyL+EK08c2GfPIphhii3JGfLT3P/xHvHRVgYow2AELNvYSG85M
# SBQGfDsHLoKvY6Wni3AolECvtGycXkd30RtrzqdTT8iZyIhTTsikEG2hSgE+Z6Yy
# 9XGPHN9puTkkD5HYnDV1+T4+yc28F8UTVob3fv9b7LMH7mSYz7UN5Tw4zB7DjOL1
# JNTuYqW9JN1X1vIYKxYw9Y5Jb3qNjnl8y6if8bPuvrLRw94sd0ax23yEQHwtgcUj
# cYGcvZ2/X0SQg4AHTsqGJCuffKNDfHhmmA7w0Xb2DEvBvoveYOaDp3dKZQ==
# =L9FI
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 08 Aug 2022 05:55:08 AM PDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu

:
  tests/qtest: add scenario for -readconfig handling
  vl: remove dead code in parse_memory_options()
  vl: fix [memory] section with -readconfig
  scsi-disk: ensure block size is non-zero and changes limited to bits 8-15
  scsi-disk: fix overflow when block size is not a multiple of BDRV_SECTOR_SIZE

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

* Fix booting in the s390-ccw bios when physical and logical block sizes differ
* Fix the replay-linux avocado test
* Relax a time constraint in iotest 264

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmLwmJsRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbUuaw//XGlKYzjKHEsmSGGuwSEF/iW7BvHf8lAn
# X2loC7Fd1WzEoq1EX/s5jd/4+ZUVxDP4F2wO9Hzhi7GpEfd/Cr5cu3TPwWCGjQT8
# g6UFVPPzHeVU68GxQX6ufBAPk7Lc9S57GHZ9n4tzcN7Jvp63zAXEFXe4lVLnAmzJ
# ykDz1Ir1bCDEl1AIbVp1umpIAh4MkbY1XfZeXWRkbGtQolH1y/F6sZWw3i72G30b
# JOM1pmu89KjnxWPoz1J142jOx53/XpSSlrqpFeqieykbU59rilBTIwi+k7K0KMOd
# 0DbrPDuU0EQ7JRkWzAlTT/IfNPbQB5gOjw6zFr+0L5S+3LcPM/p8XszNk4j3XQWt
# Bps3HDU13LDQpydRyZajY4iCQl6tzBDVXCoY+LUgrYjkP6OM5UpbakZgXJWNw9Nu
# Juu3kQ7imtLtMlKZQGSvhsy6gyUXjVlZxTZFspTQsMoOp/BDZdIwG+mKxk786hgr
# 32RxingXv6SWFYS+zrKsRJePtleLJr/RcySZFHNboJt9RIGf6W/IdROEjgZeYLce
# QDnlfi6AbwnP37nWmah5Iu2PeoZwDgr3jL81otdWlU8bc7G+gjwrnN/E77y3jJvH
# Auhj9YBNttQH6O8L4juMaD9+8/KtO47FfVfXojmPoicEB9NeWLChlUovVz47LC/U
# olsgxmuoDac=
# =JZmF
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 07 Aug 2022 10:01:15 PM PDT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [undefined]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [undefined]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2022-08-08' of https://gitlab.com/thuth/qemu

:
  tests/qemu-iotests/264: Allow up to 5s for the BLOCK_JOB_CANCEL event to arrive
  tests/avocado: fix replay-linux test
  pc-bios/s390-ccw: Update the s390-ccw.img with the block size fix
  pc-bios/s390-ccw: Fix booting with logical block size < physical block size

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

This test of -readconfig validates the last three regressions we
have fixed with -readconfig:

 * Interpretation of memory size units as MiB not bytes
 * Allow use of [spice]
 * Allow use of [object]

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220805115529.124544-2-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

mem_str will never be an empty string, because qemu_opt_get_size() fails
if it encounters one:

   $ ./qemu-system-x86_64 -m size=
   qemu-system-x86_64: -m size=: Parameter size expects a non-negative number below 2^64
   Optional suffix k, M, G, T, P or E means kilo-, mega-, giga-, tera-, peta-
   and exabytes, respectively.

Suggested-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

The -M memory.* options do not have magic applied to them like the -m
option, namely no "M" (for mebibytes) is tacked at the end of a suffixless
value for "-M memory.size".

This magic is performed by parse_memory_options, and we have to do it for
both "-m" and the [memory] section of a config file.  Storing [memory]
sections directly to machine_opts_dict changed the meaning of

    [memory]
      size = "1024"

in a -readconfig file from 1024MiB to 8KiB (1024 Bytes rounded up to
8KiB silently).  To avoid this, the [memory] section has to be changed
back to QemuOpts (combining [memory] and "-m" will work fine thanks to
.merge_lists being true).

Change parse_memory_options() so that, similar to the older function
set_memory_options(), it operates after command line parsing is done;
and also call it where set_memory_options() used to be.

Note, the parsing code uses exit(1) instead of exit(EXIT_FAILURE) to
match neighboring code.

Reported-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Fixes: ce9d03fb ("machine: add mem compound property", 2022-05-12)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

In xlnx_dp_aux_set_command, when the command leads to the default
branch, xlxn-dp will abort and then crash.

This patch removes this abort and drops this operation.

Fixes: 58ac482a ("introduce xlnx-dp")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/411


Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
Suggested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Frederic Konrad <fkonrad@amd.com>
Message-Id: <20220808080116.2184881-1-cyruscyliu@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>

We allocate VuVirtqElement with g_malloc() in
virtqueue_alloc_element(), but free it with free() in
vhost-user-blk.c.  Harmless, but use g_free() anyway.

One of the calls is guarded by a "not null" condition.  Useless,
because it cannot be null (it's dereferenced right before), and even
it it could be, free() and g_free() do the right thing.  Drop the
conditional.

Fixes: Coverity CID 1490290
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20220630085219.1305519-1-armbru@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>

It is possible to hit the assertTrue(delta_t < 2.0) on very loaded
systems. Increase the value to 5.0 to ease the situation a little bit.

Message-Id: <20220802123101.430757-1-thuth@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Signed-off-by: Thomas Huth <thuth@redhat.com>