Resolves: #1990
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 5058720151961d79ef3abdacea94327f2c63951a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Needed to workaround buggy EFI_MEMORY_ATTRIBUTE_PROTOCOL
usage in shim.efi.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 6f79fa5f097aa41fc96a14dfccdb0ea8d9facd6c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Want pick up edk2 commit cee7ba349c0c ("ArmVirtQemu: Allow
EFI memory attributes protocol to be disabled").  Needed to
fix issue #1990.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit c3667412582cdda42b36418bed135db96005bb85)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit ca8b0cc8e9176419960b844abb522a2298a794d6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Use PPC_FEATURE2_ISEL and PPC_FEATURE2_VEC_CRYPTO from linux headers
instead of the GNU specific PPC_FEATURE2_HAS_ISEL and
PPC_FEATURE2_HAS_VEC_CRYPTO. This fixes build with musl libc.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1861


Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Fixes: 63922f46 ("tcg/ppc: Replace HAVE_ISEL macro with a variable")
Fixes: 68f340d4 ("tcg/ppc: Enable Altivec detection")
Message-Id: <20231219105236.7059-1-ncopa@alpinelinux.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 1d513e06d96697f44de4a1b85c6ff627c443e306)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

LQ has a constraint that RTp != RA, else SIGILL.
Therefore, force the destination of INDEX_op_qemu_*_ld128 to be a
new register pair, so that it cannot overlap the input address.

This requires new support in process_op_defs and tcg_reg_alloc_op.

Cc: qemu-stable@nongnu.org
Fixes: 526cd4ec ("tcg/ppc: Support 128-bit load/store")
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240102013456.131846-1-richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit ca5bed07d0e7e0530c2cafbc134c4f74e582ac50)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

The hypervisor can deliver (virtual) LPIs to a guest by setting up a
list register to have an intid which is an LPI.  The GIC has to treat
these a little differently to standard interrupt IDs, because LPIs
have no Active state, and so the guest will only EOI them, it will
not also deactivate them.  So icv_eoir_write() must do two things:

 * if the LPI ID is not in any list register, we drop the
   priority but do not increment the EOI count
 * if the LPI ID is in a list register, we immediately deactivate
   it, regardless of the split-drop-and-deactivate control

This can be seen in the VirtualWriteEOIR0() and VirtualWriteEOIR1()
pseudocode in the GICv3 architecture specification.

Without this fix, potentially a hypervisor guest might stall because
LPIs get stuck in a bogus Active+Pending state.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Miguel Luis <miguel.luis@oracle.com>
(cherry picked from commit 82a65e3188abebb509510b391726711606aca642)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Commit 3d779aba ("vfio/common: Introduce a global VFIODevice list")
introduced a global VFIODevice list, but forgot to update the list
element field name when iterating over the new list. Change the code
to use the correct list element field.

Fixes: 3d779aba ("vfio/common: Introduce a global VFIODevice list")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2061


Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
(cherry picked from commit 9353b6da430f90e47f352dbf6dc31120c8914da6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

g_path_get_basename() is a portable utility function that has the
advantage of not modifing the string argument. It also fixes a compile
breakage with the Musl C library reported in [1].

[1] https://lore.kernel.org/all/20231212010228.2701544-1-raj.khem@gmail.com/



Reported-by: Khem Raj <raj.khem@gmail.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
(cherry picked from commit 213ae3ffda463c0503e39e0cf827511b5298c314)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

The edu_check_range function checks that start <= end1 < end2, where
end1 is the upper bound (exclusive) of the guest-supplied DMA range and
end2 is the upper bound (exclusive) of the device's allowed DMA range.
When the guest tries to transfer exactly DMA_SIZE (4096) bytes, end1
will be equal to end2, so the check fails and QEMU aborts with this
puzzling error message (newlines added for formatting):

  qemu: hardware error: EDU: DMA range
    0x0000000000040000-0x0000000000040fff out of bounds
   (0x0000000000040000-0x0000000000040fff)!

By checking end1 <= end2 instead, guests will be allowed to transfer
exactly 4096 bytes. It is not necessary to explicitly check for
start <= end1 because the previous two checks (within(addr, start, end2)
and end1 > addr) imply start < end1.

Fixes: b30934cb ("hw: misc, add educational driver", 2015-01-21)
Signed-off-by: Max Erenberg <merenber@uwaterloo.ca>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 2c5107e1b455d4a157124f021826ead4e04b4aea)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Testing upstream U-Boot with 'sifive_u' machine we see:

  => dhcp
  ethernet@10090000: PHY present at 0
  Could not get PHY for ethernet@10090000: addr 0
  phy_connect failed

This has been working till QEMU 8.1 but broken since QEMU 8.2.

Fixes: 1b09eeb1 ("hw/net/cadence_gem: use FIELD to describe PHYMNTNC register fields")
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Bin Meng <bmeng@tinylab.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 0c7ffc977195c1f71c8132eb5616827e589d4a0f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

error_setg() appends newline to the formatted message.
Fixes: cb94ff5f ("audio: propagate Error * out of audio_init")

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 09a36158c283f7448d1b00fdbb6634f05d27f922)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Current error message:

 qemu-system-x86_64: -chardev spice,id=foo: Parameter 'driver' expects an abstract device type

while in fact the meaning is in reverse, -chardev expects
a non-abstract device type.

Fixes: 777357d7 ("chardev: qom-ify" 2016-12-07)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
(cherry picked from commit 4ad87cd4b2254197b7ac12e3da824854e6a90f8f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

The mcycle/minstret counter's stop flag is mistakenly updated on a copy
on stack. Thus the counter increments even when the CY/IR bit in the
mcountinhibit register is set. This commit corrects its behavior.

Fixes: 3780e337 (target/riscv: Support mcycle/minstret write operation)
Signed-off-by: Xu Lu <luxu.kernel@bytedance.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 5cb0e7abe1635cb82e0033260dac2b910d142f8c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

A CAN sja1000 standard frame filter mask has been computed and applied
incorrectly for standard frames when single Acceptance Filter Mode
(MOD_AFM = 1) has been selected. The problem has not been found
by Linux kernel testing because it uses dual filter mode (MOD_AFM = 0)
and leaves falters fully open.

The problem has been noticed by Grant Ramsay when testing with Zephyr
RTOS which uses single filter mode.

Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Reported-by: Grant Ramsay <gramsay@enphaseenergy.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2028


Fixes: 733210e7 ("hw/net/can: SJA1000 chip register level emulation")
Message-ID: <20240103231426.5685-1-pisa@fel.cvut.cz>
(cherry picked from commit 25145a7d7735344a469551946fc2a7f19eb4aa3d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

The sgx_epc_get_section stub is reachable from cpu_x86_cpuid.  It
should not assert, instead it should just return true just like
the "real" sgx_epc_get_section does when SGX is disabled.

Reported-by: Vladimír Beneš <vbenes@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20220201190941.106001-1-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 219615740425d9683588207b40a365e6741691a6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Commit c2118e9e ("configure: don't try a "native" cross for linux-user",
2023-11-23) sought to avoid issues with using the native compiler with a
cross-endian or cross-bitness setup.  However, in doing so it ended up
requiring a cross compiler setup (and most likely a slow compiler setup)
even when building TCG tests that are native to the host architecture.
Always allow the host compiler in that case.

Cc: qemu-stable@nongnu.org
Fixes: c2118e9e ("configure: don't try a "native" cross for linux-user", 2023-11-23)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 007531586aa8ef6dccdadd927b89a50af62288d1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Signed-off-by: Elen Avan <elen.avan@bk.ru>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2051
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2050


Fixes: a200d53b "virtio-gpu: replace PIXMAN for region/rect test"
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 9d5b42beb6978dc6219d5dc029c9d453c6b8d503)

strerrorname_np is non-portable and breaks building with musl libc.

Use strerror(errno) instead, like we do other places.

Cc: qemu-stable@nongnu.org
Fixes: commit 082e9e4a (target/riscv/kvm: improve 'init_multiext_cfg' error msg)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2041
Buglink: https://gitlab.alpinelinux.org/alpine/aports/-/issues/15541


Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit d424db235434b8356c6b2d9420b846c7ddcc83ea)

We have a few test cases that include tests for corner case aspects of
internal snapshots, but nothing that tests that they actually function
as snapshots or that involves deleting a snapshot. Add a test for this
kind of basic internal snapshot functionality.

The error cases include a regression test for the crash we just fixed
with snapshot operations on inactive images.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20231201142520.32255-4-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit bb6e2511eb48539b7dcbcb5f47772e156b9c45d1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Currently, the conflict between -incoming and -loadvm is only detected
when loading the snapshot fails because the image is still inactive for
the incoming migration. This results in a suboptimal error message:

$ ./qemu-system-x86_64 -hda /tmp/test.qcow2 -loadvm foo -incoming defer
qemu-system-x86_64: Device 'ide0-hd0' is writable but does not support snapshots

Catch the situation already in qemu_validate_options() to improve the
message:

$ ./qemu-system-x86_64 -hda /tmp/test.qcow2 -loadvm foo -incoming defer
qemu-system-x86_64: 'incoming' and 'loadvm' options are mutually exclusive

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20231201142520.32255-3-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 5a7f21efaf99c60614fe1967be1c0f9aa46c526e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

bdrv_is_read_only() only checks if the node is configured to be
read-only eventually, but even if it returns false, writing to the node
may not be permitted at the moment (because it's inactive).

bdrv_is_writable() checks that the node can be written to right now, and
this is what the snapshot operations really need.

Change bdrv_can_snapshot() to use bdrv_is_writable() to fix crashes like
the following:

$ ./qemu-system-x86_64 -hda /tmp/test.qcow2 -loadvm foo -incoming defer
qemu-system-x86_64: ../block/io.c:1990: int bdrv_co_write_req_prepare(BdrvChild *, int64_t, int64_t, BdrvTrackedRequest *, int): Assertion `!(bs->open_flags & BDRV_O_INACTIVE)' failed.

The resulting error message after this patch isn't perfect yet, but at
least it doesn't crash any more:

$ ./qemu-system-x86_64 -hda /tmp/test.qcow2 -loadvm foo -incoming defer
qemu-system-x86_64: Device 'ide0-hd0' is writable but does not support snapshots

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20231201142520.32255-2-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit d3007d348adaaf04ee8b099a475282034a662414)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

target/i386: Fix 32-bit wrapping of pc/eip computation (#2022)
tcg: Reduce serial context atomicity earlier (#2034)

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmV41IEdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+0DwgApqX4Ntaz1/eIbEmr
# sWTGlG7sQX28JrYm+Bd4MgtlE2+i06Vs3q1ZHThuZs9S6tQf8bcm1q1m0qZ486jk
# hgQqSMPAOJv1U+QhTRy1kW3l8UmZkw9YddfV5FjBHeuRWglVeSxDtqkc4fUffthb
# 82KvYIqo836HsYOOWtJqSuWVi60+q1RqYg+WZuygUmprf8Y+72Zu7ojjrizHoUNQ
# wTjGR8Jsf22ZrFi+B0MXL78oumMLTnjxCv1426+P+0zVclJAJZxS/7K+VhD4cG1q
# FG2zAphly+vuB248XSyzYxM8vgCVNAkLoUb2AAw1pdQpUzNaAEoTcAXIR7PJDord
# wZnmvw==
# =Fsyn
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 12 Dec 2023 16:45:37 EST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-tcg-20231212' of https://gitlab.com/rth7680/qemu

:
  tcg: Reduce serial context atomicity earlier
  target/i386: Fix 32-bit wrapping of pc/eip computation

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Reduce atomicity while emitting opcodes, instead of later
during code generation.  This ensures that any helper called
also sees the reduced atomicity requirement.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2034


Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231212193542.149117-1-richard.henderson@linaro.org>

In 32-bit mode, pc = eip + cs_base is also 32-bit, and must wrap.
Failure to do so results in incorrect memory exceptions to the guest.
Before 732d5487, this was implicitly done via truncation to
target_ulong but only in qemu-system-i386, not qemu-system-x86_64.

To fix this, we must add conditional zero-extensions.
Since we have to test for 32 vs 64-bit anyway, note that cs_base
is always zero in 64-bit mode.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2022


Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20231212172510.103305-1-richard.henderson@linaro.org>

I noticed the code blocks where not rendering properly so thought I'd
better fix things up. So:

  - Use better title for the machine type
  - Explain why Xen is a little different
  - Add a proper anchor to the tpm-device link
  - add newline so code block properly renders
  - add some indentation to make continuation clearer

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20231207130623.360473-1-alex.bennee@linaro.org>

The AioContext must be unlocked before calling blk_co_unref(), because
it takes the AioContext lock internally in blk_unref_bh(), which is
scheduled in the main thread. If we don't unlock, the AioContext is
locked twice and nested event loops such as in bdrv_graph_wrlock() will
deadlock.

Cc:  <qemu-stable@nongnu.org>
Fixes: https://issues.redhat.com/browse/RHEL-15965


Fixes: 0c7d204f
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20231208124352.30295-1-kwolf@redhat.com>

Fix for building with Xen 4.18

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmV4M4AUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroOPgwgAhRYBI8Q7FO4LWZTi+ubYXfS1ZEVC
# uy5eiyQNlymmAFFqutXLokvN1qsGhRlSeX5/uo5Tn6vWjkXPLlGikrecWHFSPmLS
# 0s+4NOOfrM6gMm5CCqMzjQuogr4+xxiw/g+rxhWGhNqlL1jVG1+I6AU5EobMNlDA
# gqd33OL509xkLVN6pCcmFwBInDHQl63YwOwVIR3cd2cfUW28M8DzGd9KULWJkZva
# I51COEwo0EpLNC2ile7pnA8+8F79WBMgUdrhBzl/a8RHv7AvxAPQB/0TsZQknFo0
# PS3Y+yXdn2CT3KInu+QeW3kHkVoAdK06/cSOqIbEKuKgnZjEz0qFHq4K3A==
# =SKW6
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 12 Dec 2023 05:18:40 EST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu

:
  xen: fix condition for skipping virtio-mmio defines
  meson, xen: fix condition for enabling the Xen accelerator

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

GUEST_VIRTIO_MMIO_* was added in Xen 4.17, so only define them
for CONFIG_XEN_CTRL_INTERFACE_VERSIONs up to 4.16.

Reported-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

A misspelled condition in xen_native.h is hiding a bug in the enablement of
Xen for qemu-system-aarch64.  The bug becomes apparent when building for
Xen 4.18.

While the i386 emulator provides the xenpv machine type for multiple architectures,
and therefore can be compiled with Xen enabled even when the host is Arm, the
opposite is not true: qemu-system-aarch64 can only be compiled with Xen support
enabled when the host is Arm.

Expand the computation of accelerator_targets['CONFIG_XEN'] similar to what is
already there for KVM.

Cc: Stefano Stabellini <stefano.stabellini@amd.com>
Cc: Richard W.M. Jones <rjones@redhat.com>
Cc: Daniel P. Berrangé <berrange@redhat.com>
Reported-by: Michael Young <m.a.young@durham.ac.uk>
Fixes: 0c8ab1cd ("xen_arm: Create virtio-mmio devices during initialization", 2023-08-30)
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Commit 7191f24c ("accel/kvm/kvm-all: Handle register access errors")
added error checking for KVM_SET_SREGS/KVM_SET_SREGS2. In doing so, it
exposed a long-running bug in current KVM support for SEV-ES where the
kernel assumes that MSR_EFER_LMA will be set explicitly by the guest
kernel, in which case EFER write traps would result in KVM eventually
seeing MSR_EFER_LMA get set and recording it in such a way that it would
be subsequently visible when accessing it via KVM_GET_SREGS/etc.

However, guest kernels currently rely on MSR_EFER_LMA getting set
automatically when MSR_EFER_LME is set and paging is enabled via
CR0_PG_MASK. As a result, the EFER write traps don't actually expose the
MSR_EFER_LMA bit, even though it is set internally, and when QEMU
subsequently tries to pass this EFER value back to KVM via
KVM_SET_SREGS* it will fail various sanity checks and return -EINVAL,
which is now considered fatal due to the aforementioned QEMU commit.

This can be addressed by inferring the MSR_EFER_LMA bit being set when
paging is enabled and MSR_EFER_LME is set, and synthesizing it to ensure
the expected bits are all present in subsequent handling on the host
side.

Ultimately, this handling will be implemented in the host kernel, but to
avoid breaking QEMU's SEV-ES support when using older host kernels, the
same handling can be done in QEMU just after fetching the register
values via KVM_GET_SREGS*. Implement that here.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Akihiko Odaki <akihiko.odaki@daynix.com>
Cc: Philippe Mathieu-Daudé <philmd@linaro.org>
Cc: Lara Lazier <laramglazier@gmail.com>
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Maxim Levitsky <mlevitsk@redhat.com>
Cc:  <kvm@vger.kernel.org>
Fixes: 7191f24c ("accel/kvm/kvm-all: Handle register access errors")
Signed-off-by: Michael Roth <michael.roth@amd.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20231206155821.1194551-1-michael.roth@amd.com>

ufs fixes for 8.2

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEUBfYMVl8eKPZB+73EuIgTA5dtgIFAmVurjcACgkQEuIgTA5d
# tgLWVBAAkzus4nN2+Z0H23VUmeBPCLPFXRSkK8mOWC3ymbX3kiy/IjgM7Ept6QWA
# btssTf3YEeDtycgbrb5GZ4kEfKThDN7bbGRHvCW5bjwkyLQN1Ys2K61CTRX0VhSi
# U4HDE3gCm+LpO28BuV/1KunlSH4TWjt76AB6YG5PuyzSH+AbC8yY7m+VSJTmCw1k
# cZv0TQ+9lqWc4C6ziETV8UqhhltBmd/57P3xFDKhYNl0EtzxnKGSZ2szzWqE7guY
# DsmTlfB5bnkYPE51xxTcJnRj907utNrIfa2kbu9wXU/GuPuEf9QkDo1Dt3t1Z0Zm
# OZPkloXC2eNufVcGYVJa2PylRjwFlg01IuhYmlhsgerg5LZz2RIyrWM61JTONF2J
# 6EvO89e2S3XpBbnl2ugf2rMIdW1tlLSWhnLZD+jZzOu+V2TeLm6/onHWCVQ02sLr
# ddDVpf2djvUsmRvcBBYlI40FcC9Wt828Spm+wkRsGHC+VbAg2al6jRNXyJ2LWeiS
# wGsAwRV6XhQz996uMOWTA7jEsAawHUFgYCsH4bgiqiWEn+FblufY2iicRxY4ZsJA
# GXpvxGoUHWE8e0XjXG1BnRFo2Q5ns9SRl5gx5X7rcmIKUGGCh3ZI72zfeVgCjm7b
# 5/CV/YzKuCRWJCYcORguli1GVuPO01FJrBloTJc0OSaDAtZL2Mg=
# =o2kr
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Dec 2023 23:59:35 EST
# gpg:                using RSA key 5017D831597C78A3D907EEF712E2204C0E5DB602
# gpg: Good signature from "Jeuk Kim <jeuk20.kim@samsung.com>" [unknown]
# gpg:                 aka "Jeuk Kim <jeuk20.kim@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 5017 D831 597C 78A3 D907  EEF7 12E2 204C 0E5D B602

* tag 'pull-ufs-20231205' of https://gitlab.com/jeuk20.kim/qemu

:
  hw/ufs: avoid generating the same ID string for different LU devices

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

QEMU would not start when trying to create two UFS host controllers and
a UFS logical unit for each with the following options:

-device ufs,id=bus0 \
-device ufs-lu,drive=drive1,bus=bus0,lun=0 \
-device ufs,id=bus1 \
-device ufs-lu,drive=drive2,bus=bus1,lun=0 \

This is because the same ID string ("0:0:0/scsi-disk") is generated
for both UFS logical units.

To fix this issue, prepend the parent pci device's path to make
the ID string unique.
("0000:00:03.0/0:0:0/scsi-disk" and "0000:00:04.0/0:0:0/scsi-disk")

Resolves: #2018
Fixes: 096434fe ("hw/ufs: Modify lu.c to share codes with SCSI subsystem")
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Reviewed-by: Jeuk Kim <jeuk20.kim@samsung.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20231204150543.48252-1-akinobu.mita@gmail.com>
Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com>

Misc fixes for 8.2

- memory: Avoid unaligned accesses (Patrick)
- target/riscv: Fix variable shadowing (Daniel)
- tests/avocado: Update URL, skip flaky test (Alex, Phil)

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmVt7w4ACgkQ4+MsLN6t
# wN7AzA/+N1ec1I2IC0LYT8ThBCyV/92o+1FH5KaIxiVN5Ty3cACnGAac8IJ1K2tC
# 5WG8Dxg4rq+bM16lUq9ME7k82Y3PoxLoRQa8fuClFKdHMXU2sgY4OwTx2606cO4B
# 0H4gR+i3XgrgIDo8qRezWX0JSd1Srrz9QPlcq6kJfDtRq7DU0329aOobkyzuUJPb
# DJD9YPu9y0KokBCBuVlt5ypNSM9xJGRtznFt1sFfNyPgNOnie3s+fYpPn26UigcY
# 8OY/PMS5hapDw/s/gFKWQb/nCTSRnJKZ5dODOjHXK8HvTbYHedw8C4apXyjSXwBI
# fBerNEKJHwD/1QkFhbNCIwsidH72BWeHljrelbZlsUfXU1VcCqNiXV8d2R9ak3xt
# lrW7UcytC1+PqhmIVEXAOA4cwJcq6Hs9IcZ9G9aMvcmlhY3Fv0UKMoRYgsGTULeP
# ySQF3FDSc6dldsfBdwqHGHlwL12EYmpN2sIhEc5aQ9y5Mmuj2FBOYHUbPpyoVLpw
# e45n9Epc43GUVCMj3lZNjWKd+87nGjwKOM3rpBlcaSG3JRkLUe8o5APxeYzePZfO
# 2IOWcGnrUixsvWbNY+6JF98n5hQK7Va3h/e1YbS1K2OZ013LT1SNiZ1LOrl9KiXf
# agY6HMukKbCpJAqpXnMbgWdxCb7GdtjVaWKIVEgejeZTVdH4f8Y=
# =r21r
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Dec 2023 10:23:58 EST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* tag 'misc-fixes-20231204' of https://github.com/philmd/qemu

:
  tests/avocado: mark ReplayKernelNormal.test_mips64el_malta as flaky
  tests/avocado: Update yamon-bin-02.22.zip URL
  target/riscv/kvm: fix shadowing in kvm_riscv_(get|put)_regs_csr
  system/memory: use ldn_he_p/stn_he_p

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Merge tag 'pull-target-arm-20231204-1' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * Turn off SME if SVE is turned off (this combination doesn't
   currently work and QEMU will assert if you try it)

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmVt3wQZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3vrmD/9zu48IxCdHFSshMRmXz6kI
# tMvTrsMSOGXfuQqCbvLn3CUP/La50Yt/T1C2TKzVII1W8zpw8wEEvraCBjexzUzK
# Jcjw0dPSIllQOHBkoUGsgqA0+UkhfIwH0po10rxm1L+ZP3DfISVdyDV9oxCNfEO0
# pGXI1eAN9GIQtJtUj3kZE+RUoamJfoSjlm5XVeX3T+utEU7yf1461L1/qaylYOrW
# wao72ffbuf41jRJwnVmMFoIPrwueYtEeuKl/EgYU4YPxkSQEo34u6d9fz2Irt6/Y
# utO2SffhhmlxQaFhgPX3hvAsfapMt/p2Jy6oUpThOjN75adCq+g1CYj7lzEfIX16
# kb2CY8zQ8NboJtgnkiQAA062myURnk/kmulv0OF6Hh0jHSuLzuMMLcCfBJgq4H6s
# mnBCJfetwRgwqcSl1JTfrMm4wYOLmSrmOcM5JjYwY2YYjnFXI+XB1MdKm0h8cROG
# nFu5TZtNnxgzqBgoh1140AYN851Y1dshczZIHb1/YuNpBIl+ZUO4v5sRT3KBSzb+
# G21570neBv8QcfDSgrLesrjNBDREfkaWEu9BM85461uTjbCLG8RUpn+Jd4VtpkNe
# YVzomhuM9CI5CmYdrTMJ74gnZUtAT9Q3FTcfGL8G4KiSIe85BTw+gEy4PhLXD6FT
# 68fP1M+s8/hsuXCJYbvmAA==
# =K/u0
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Dec 2023 09:15:32 EST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20231204-1' of https://git.linaro.org/people/pmaydell/qemu-arm

:
  target/arm: Disable SME if SVE is disabled

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

* Fix wording in iotest 149
* Fix whitespace issues in sh4 code (ignore checkpatch.pl warnings here)
* Make sure to check return values in qtests

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmVt4PwRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbWhYxAAm6ww++qfCh5uLrKjXrv/ZS+b+8UVMT+p
# wOBNBz0RDpDahAwesxLABAg9b+fabLTx9OpOyQRgmM/ofCoW/Oi7xzCEwv9JPJX0
# Kr7x5AMCTc2hPydxsMenWYZXLZXcc0HSkB+4yN5FTeOl8YPoRetegsGbiirGpod1
# QyD/oLMZzBxqteF/m0a4gxEuwi3qgRVIOkdk8zeSBMAl6EUazsKR8sTrdCrkupHl
# ddMKjRH4Gr2sXoZ8L/mr4T5FodVxAF1pcZnVyPYDlVgNK/V0IWDcbmFFNr0rXxCM
# CZz7gIOZkpm/MXpVE9UEg++ZOQ16gDUNpvQRyNPgIn0vbiuF5kcXmUpstJWHDico
# O98wgH6im3iC7xyaMTOq3pjSb9RNP4cmIw77EKJyS93RDAgiCX0ozN3zEkxsvZYu
# hQadBd3TSUP6jxz2SWQ6irCwkElfozCc1cPfUyW0rFXjLqWei0UirWDdyN5dL8vk
# pkupZG5p3jiiZs1hm+TQ4W1CPVZFTAW+LcI7V/Na3EBKQvrjYDlHMQdx0NaJh5e3
# xn84bvTnuYfT/I63z9zqIbMwPQ5t+lJaR9ohkn9Q4tTEnHuMV9svON5rsRc3YE6p
# XrR02G9zu4kVAKs51DFNWC9SLgviW+LB2DCe+e2CrqwPjiz+MeOVGEEre7/nnj/q
# clP7u3MyX5A=
# =rU6S
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Dec 2023 09:23:56 EST
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2023-12-04' of https://gitlab.com/thuth/qemu

:
  tests/qtest: check the return value
  sh4: Coding style: Remove tabs
  tests/qemu-iotests/149: Use more inclusive language in this test

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

I missed this when going through the recent failure logs. I can run
the test 30 times without failure locally but it seems to hang pretty
reliably on GitLab's CI infra-structure.

Cc: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20231201201027.2689404-1-alex.bennee@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>