At the protocol level, has_variable_length only needs to be true in the
very special case of host CD-ROM drives, so that they do not need an
explicit monitor command to read the new size when a disc is loaded
in the tray.

However, at the format level has_variable_length has to be true for all
raw blockdevs and for all filters, even though in practice the length
depends on the underlying file and thus will not change except in the
case of host CD-ROM drives.

As a first step towards computing an accurate value of has_variable_length,
add the value into the BlockLimits structure and initialize the field
from the BlockDriver.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20230407153303.391121-2-pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20230411115231.90398-1-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

The corruption occurs when a BAT entry aligned to 4096 bytes is changed.

Specifically, the corruption occurs during the creation of the LOG Data
Descriptor. The incorrect behavior involves copying 4088 bytes from the
original 4096 bytes aligned offset to `tmp[8..4096]` and then copying
the new value for the first BAT entry to the beginning `tmp[0..8]`.
This results in all existing BAT entries inside the 4K region being
incorrectly moved by 8 bytes and the last entry being lost.

This bug did not cause noticeable corruption when only sequentially
writing once to an empty dynamic VHDX (e.g.
using `qemu-img convert -O vhdx -o subformat=dynamic ...`), but it
still resulted in invalid values for the (unused) Sector Bitmap BAT
entries.

Importantly, this corruption would only become noticeable after the
corrupted BAT is re-read from the file.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/727


Cc: qemu-stable@nongnu.org
Signed-off-by: Lukas Tschoke <lukts330@gmail.com>
Message-Id: <6cfb6d6b-adc5-7772-c8a5-6bae9a0ad668@gmail.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Fix Int128 function call abi for ppc32, mips o32, and _WIN64

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmQ0LAIdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8Y8Af9H3h7arUdO0KfFtpr
# UbL4KrTs5JcCJmqgnqAAdkYRCTbdXnGUO9gRFKXWY1+zqMZo7aeA8laE+qh6+6Vy
# WE8OsyPjqkSRJorLZnyX+2iNLlIee2d+KdSlYxQuNVtv/a4XdpV+dlQove2Wd2yy
# 0krswayiYxAfFV52n3Lvqv2kS0kywdhWWdUy11ndRqcYypuw9qdWF1wkpZk1v/Lv
# ZbHe9oiJ610o274ocjpKcSLJFQvaeT/+WDJ3QaqQI8mklcMhampP3kfS27DGK6FH
# O621PxgpVqpVTkOCRXJyMIWCpXabJ4YttMhDQjuAFRghzBvR5Krs2LFmTR7Fkwuo
# F9NUJg==
# =z+vz
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 10 Apr 2023 16:32:18 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-tcg-20230410' of https://gitlab.com/rth7680/qemu

:
  tcg/ppc: Fix TCG_TARGET_CALL_{ARG,RET}_I128 for ppc32
  tcg/mips: Fix TCG_TARGET_CALL_RET_I128 for o32 abi
  tcg/i386: Adjust assert in tcg_out_addi_ptr

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

For both _CALL_SYSV and _CALL_DARWIN, return is by reference,
not in 4 integer registers.  For _CALL_SYSV, argument is also
by reference.

This error resulted in

    $ ./qemu-system-i386 -nographic
    qemu-system-i386: tcg/ppc/tcg-target.c.inc:185: \
        tcg_target_call_oarg_reg: Assertion `slot >= 0 && slot <= 1' failed.

Fixes: 5427a9a7 ("tcg: Add TCG_TARGET_CALL_{RET,ARG}_I128")
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

The return is by reference, not in 4 integer registers.

This error resulted in

  qemu-system-i386: tcg/mips/tcg-target.c.inc:140: \
    tcg_target_call_oarg_reg: Assertion `slot >= 0 && slot <= 1' failed.

Fixes: 5427a9a7 ("tcg: Add TCG_TARGET_CALL_{RET,ARG}_I128")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

We can arrive here on _WIN64 because Int128 is passed by reference.
Change the assert to check that the immediate is in range,
instead of attempting to check the host ABI.

Fixes: 6a6d772e ("tcg: Introduce tcg_out_addi_ptr")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1581


Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Merge tag 'pull-target-arm-20230410' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm: Fix bug where we weren't initializing
            guarded bit state when combining S1/S2 attrs

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmQ0GTsZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3koqD/4t7D6v7GyuefCbp8dEPj/S
# FjA6CqkkD3QnVAgqTD/PVW9X3hJsUQaV2Nk+x0BUcvHpOdgpIY+wKIh5lUYm1Sma
# JoXHTQ8i3jndIIbQqpCbBS9KdM0CeAvAm50ohAmKy4B3HIW31mhxTXN0ORA7cedT
# nPGsbAZ1K4pTx/c0n/7uwA91PJb4mKzFJ0Catl/IUcuPRpHsxUHcd82XrSwHfuBY
# 0KG8maSzIZn4/j8wYYhD2LeRxx5SHabkOJ4negKKCYpDi+8lCoxdp7mRJYASPM61
# HWdEPQZm6GzY+c2TYVKYAGgxu+MPDImFI6znMMchBlZc4GR3sFwNbTOXEHXnC8am
# FUCI+D7mJt44bGsLMLXPUX4wOLP64PejfeNUfA8RcWjcmGF8jaD4g4Aeoz1GXnmg
# E09C3i60WmCaVAzLaVNpVpVA64uXLOaLuVl8X7zPFVr775SCOVDb1Npd/15SX3Cn
# okVCY37u0VZlrYzfHi/66qryZ7PSkontc5FHfAZAEhxQOHMiFIlBWr+PCTQ4P5wX
# wl92ro6rMteziC6dG2l0UrAtL8hp6m0EgAhw4cbtoXz4Sp+I/Ed0uCuF4lHhdnnS
# F+7lyEN4/HyxA44i9tXLzlLlfl7fuscwxm6CWwlonVAah3mteclR0iMFIO0WP7EC
# gT6omcjdhvU/uFmObRGTkA==
# =QK6z
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 10 Apr 2023 15:12:11 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20230410' of https://git.linaro.org/people/pmaydell/qemu-arm

:
  target/arm: Copy guarded bit in combine_cacheattrs
  target/arm: PTE bit GP only applies to stage1

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

The guarded bit comes from the stage1 walk.

Fixes: Coverity CID 1507929
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230407185149.3253946-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Only perform the extract of GP during the stage1 walk.

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20230407185149.3253946-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

ppc queue:

* Fix regresion with prefix instructions and pcrel addressing

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmQy9H8ACgkQUaNDx8/7
# 7KGjBg/9EUOcf3QzS9v7GCgBjvHZ0II4bIB4qboNiBhmtLIpDoBC2el7gwSZV82a
# qKrl+UMTAIs6DJQNR5Gcj69OUbAjGyaBNuC3I9lI8vzWn3aDJRTpL5WttyfnpLsO
# bVR8Q+dDzIcZA/ymDw7AQfPvyCm6yrVXOUCCZNBpGjp98240SuDoJ7p6FpKFc8fT
# 5amMllLksgJDk4cLv6xM1zQRXuCyYf9D1CS0CHAgxs+zvg9EnQcVBzIMZ9LfGAPU
# JxU9Kj/clMyZx0ADtH9PkdgvHoMWRXlTuMQmfv4dzWZfy1as9Ks3Pfzt3Z4hx7t7
# TqIiFGuJdI/fDHcKltwnLwdZ8GJwo+tXFP97VNFWtmNN1PWos9dwxrU04r0+ZxA/
# 33NTDyOMidp9bnMlcld/pyCPfo5Psht1xlHSaikxcYHt0z1Yc/TR6/u+aiz9AGnf
# FVxy1AlkY0rtKtmCozkcFtQe8yCogIfYnXe0ng3j3k45QXk03VmtiO4WLw8l0qwR
# oB5FAAaokCoINwYIfLofR7jg7ciaISI+r4KkgOtOC7eN6O42magCkSPa5FxU9+WA
# sZIq0iBpRxenv0+tDrXpV16Uy0H2N3oGOdUpUbO6wiHxhO9rj71preSr0eLhipZJ
# c3jcf4p+MyXD1RI/62TuSIYWG5RwfA8XCyA/bd1bk2cBQ8GA+S0=
# =BKGb
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 09 Apr 2023 18:23:11 BST
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-ppc-20230409' of https://github.com/legoater/qemu

:
  target/ppc: Fix temp usage in gen_op_arith_modw

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge tag 'pull_error_handle_fix_use_after_free.v1' of https://github.com/stefanberger/qemu-tpm into staging

Fix use-after-free in util/error.c

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEuBi5yt+QicLVzsZrda1lgCoLQhEFAmQu9xYACgkQda1lgCoL
# QhFX2ggAnZZF2KgvVSRh67X+3VdVsg+ifFc/k7kMq74UhTr4lXojPCcgSPu8PaRZ
# Mv0I+xNv9pjEU7frwi6vc9DXyhWrVTLgW4TugVBgsB75CnjvFN3lw3T9goCc1h4m
# eO7c6SMdUpyQG7ar1mqt2m0bjVz85OAsNYBiAjxfyrKzX6B/mHyru5re/8VC3Hho
# IJWGlS51IxrVq44qjB8Lh3voXiEru7dX/y86fWqAiy61pON6+A43rBDIb9JOVv8q
# QiHqXVjs9/ax9ZNRudlgJ7bAlUFp6vD9xBm6ztlABI9MCYZeibU6jPMLCBYnGiJq
# f//Sqqd4WsqnhOJOLYeMNfFMElIXEw==
# =uu4l
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 06 Apr 2023 17:45:10 BST
# gpg:                using RSA key B818B9CADF9089C2D5CEC66B75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE  C66B 75AD 6580 2A0B 4211

* tag 'pull_error_handle_fix_use_after_free.v1' of https://github.com/stefanberger/qemu-tpm

:
  util/error: Fix use-after-free errors reported by Coverity

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Fix a crash writing to 't3', which is now a constant.
Instead, write the result of the remu to 't0'.

Fixes: 7058ff52 ("target/ppc: Avoid tcg_const_* in translate.c")
Reported-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
[ clg: amend commit log s/t1/t0/ ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>

Fix use-after-free errors in the code path that called error_handle(). A
call to error_handle() will now either free the passed Error 'err' or
assign it to '*errp' if '*errp' is currently NULL. This ensures that 'err'
either has been freed or is assigned to '*errp' if this function returns.
Adjust the two callers of this function to not assign the 'err' to '*errp'
themselves, since this is now handled by error_handle().

Fixes: commit 3ffef1a5 ("error: add global &error_warn destination")
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20230406154347.4100700-1-stefanb@linux.ibm.com

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

This reverts commit 6da24341
("memory: Optimize replay of guest mapping").

This change breaks the mps3-an547 board under TCG (and
probably other TCG boards using an IOMMU), which now
assert:

$ ./build/x86/qemu-system-arm --machine mps3-an547 -serial stdio
-kernel /tmp/an547-mwe/build/test.elf
qemu-system-arm: ../../softmmu/memory.c:1903:
memory_region_register_iommu_notifier: Assertion `n->end <=
memory_region_size(mr)' failed.

This is because tcg_register_iommu_notifier() registers
an IOMMU notifier which covers the entire address space,
so the assertion added in this commit is not correct.

For the 8.0 release, just revert this commit as it is
only an optimization.

Fixes: 6da24341 ("memory: Optimize replay of guest mapping")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 917c1c552b2d1b732f9a86c6a90684c3a5e4cada.1680640587.git.mst@redhat.com

Fix race condition that can cause a crash at startup.

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmQsVJoUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroPnWgf/SRc2eAtWtLDkIhjszkfK8TVeQzzS
# wD0pobk/8MNyj+EW/wV+/HsR3U8oNvHsAnzB4+RKd7YGhPxHwDvqC+hNm5HS8u4g
# gY+LhvwirFB7RkP0dDd4yt1BX6emylyFjUpM+QxlrwuorQ5wfRaIh77ex349rnq8
# fp8Kw53VpBWscyp3S3AYlQMRN3NGPH9JdeDtWap0AHFGA+PeBR2VCOuJ3xUJF62T
# xyacGGe3JXNUcFJVKR8PMDBO1FeJgl4Y7k0idHK/mcpOPj6HYFN3EV863XdP8Foa
# mv9h2DXRuIpFJEj//0GQAVDw+F8BFofjZaPeRNAoX+oE3I4CnZhVC5uG/w==
# =Ttdf
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 04 Apr 2023 17:47:22 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu

:
  kvm: dirty-ring: Fix race with vcpu creation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

It's possible that we want to reap a dirty ring on a vcpu that is during
creation, because the vcpu is put onto list (CPU_FOREACH visible) before
initialization of the structures.  In this case:

qemu_init_vcpu
    x86_cpu_realizefn
        cpu_exec_realizefn
            cpu_list_add      <---- can be probed by CPU_FOREACH
        qemu_init_vcpu
            cpus_accel->create_vcpu_thread(cpu);
                kvm_init_vcpu
                    map kvm_dirty_gfns  <--- kvm_dirty_gfns valid

Don't try to reap dirty ring on vcpus during creation or it'll crash.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2124756


Reported-by: Xiaohui Li <xiaohli@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <1d14deb6684bcb7de1c9633c5bd21113988cc698.1676563222.git.huangy81@chinatelecom.cn>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Revert "linux-user/arm: Take more care allocating commpage"
accel/tcg: Fix jump cache set in cpu_exec_loop
accel/tcg: Fix initialization of CF_PCREL in tcg_cflags
tcg/sparc64: Disable direct jumps from goto_tb

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmQsRwAdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8QqQf6AnUwdkp0zEUevshL
# gPlns3u5RZIv/i5L1VIkYrLbaFQtwD17CfBACB2MxZI6lbPK4jT++FlDiWJ1ak7i
# 4p9Q5KOAbjAxQgQXy51NbEzg5AoIYP5HEg2cnjfEg0PltRVTn0bdbBVbCG/erDXa
# NfEOPtHSU+6B8jRjp0MRvFv4Y4CJ3nQ7eZ6TMI3oGOk44DOs22Fn330E8wT2vpt4
# ayJNDN8F0FZ5wGZdJIAsMSgauaGJwY/ZG1KX8TGQb7nsRn5lbpEgoOUCd0WUGdx6
# 3YsoELaZoHZhAlvVNjbOMBp3fZSH2owb08By9vU7ZMjPOnsjZQz6TuxR6NNl+04G
# tPi44Q==
# =+m7M
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 04 Apr 2023 16:49:20 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-tcg-20230404' of https://gitlab.com/rth7680/qemu

:
  tcg/sparc64: Disable direct linking for goto_tb
  accel/tcg: Fix jump cache set in cpu_exec_loop
  accel/tcg: Fix overwrite problems of tcg_cflags
  Revert "linux-user/arm: Take more care allocating commpage"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Final test and misc fixes:

  - add basic coverage analysis script
  - gdbstub only build one of libgdb_user/softmmu
  - don't break BSD gdb by advertising AUXV feature
  - add MAINTAINERS section for policy docs
  - update hexagon toolchain
  - explicitly invoke iotests with python for BSDs benefit
  - use system python on NetBSD
  - add some tests for the new KVM Xen guest support

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmQsOscACgkQ+9DbCVqe
# KkSm6Af/X+vvzdlmXgGt3uw2odqV6KMfXEkds5lHZIIqQhsLvV0mrkTcIKTswWhL
# JRC7jiPmn5hfwvgDy5WfcczGzELSqfBgqHsm9zqVcboTGgJfr2eMtoUlMCQi6lFR
# InomhTb+VzPxuUx82oryufm7bsopG8C+HVr3ZtHNFI3usIrLlscZstkiYMueGUCb
# PJ60mykfd7hegaTgwKNbUXqZ+Oy/u4W7UPWBkrR7xJzW623t7S5EWV2ZNbdJgKO6
# utY3VGikir/OcnNKy7NuXp2t3K+5KALFZW3Jbav8hVLy5biMGYUF8886B0FL2m+n
# E44J67crEYNJMamtzYJ+FdkGEMrS5Q==
# =yCka
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 04 Apr 2023 15:57:11 BST
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* tag 'pull-for-8.0-040423-2' of https://gitlab.com/stsquad/qemu

:
  tests/avocado: Test Xen guest support under KVM
  gitlab: fix typo
  tests/vm: use the default system python for NetBSD
  tests/qemu-iotests: explicitly invoke 'check' via 'python'
  Use hexagon toolchain version 16.0.0
  metadata: add .git-blame-ignore-revs
  MAINTAINERS: add a section for policy documents
  gdbstub: don't report auxv feature unless on Linux
  gdbstub: Only build libgdb_user.fa / libgdb_softmmu.fa if necessary
  scripts/coverage: initial coverage comparison script

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

nbd patches for 2023-04-04

- Eric Blake: use TCP_NODELAY in nbd server, as followup to corking

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmQsIuAACgkQp6FrSiUn
# Q2o/Vwf/UMxOlxHEEQsS5lkG6qbkL47GUxfxsXfd0yvU+ihFALrKEZrOlzYDZWKj
# hww8Uqlh9lCjnTO8ekYl2eetNmDwMsV6mcCaiJ0aYZNAI87l4ekFy0Jfx58D36vv
# j9HSELr09KjodoCISLDAwJCgs/GyQKmO+FzqvovbJH8nU0h24VEYgI6b5PHmII8U
# LN0cm9xLO46KCTlWz7Y4Rt047rFVkh++n7l/nNjviJGm63BO2H9BCd3heea4uhdy
# +7MR1Tb9VuMGe0PWews/SdZKwtCzClTCgmZw8MrrSs/39Qw2EZYXA9X64Qs97oKg
# GbajABGVSrJSFkGTMhIFK9xgLZjaKQ==
# =KZJ+
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 04 Apr 2023 14:15:12 BST
# gpg:                using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg:                 aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2  F3AA A7A1 6B4A 2527 436A

* tag 'pull-nbd-2023-04-04' of https://repo.or.cz/qemu/ericb

:
  nbd/server: Request TCP_NODELAY

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Something is wrong with this code, and also wrong with gdb on the
sparc systems to which I have access, so I cannot debug it either.
Disable for now, so the release is not broken.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Assign pc and use store_release to assign tb.

Fixes: 2dd5b7a1 ("accel/tcg: Move jmp-cache `CF_PCREL` checks to caller")
Reported-by: Weiwei Li <liweiwei@iscas.ac.cn>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

CPUs often set CF_PCREL in tcg_cflags before qemu_init_vcpu(), in which
tcg_cflags will be overwrited by tcg_cpu_init_cflags().

Fixes: 4be79026 ("accel/tcg: Replace `TARGET_TB_PCREL` with `CF_PCREL`")
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
Message-Id: <20230331150609.114401-6-liweiwei@iscas.ac.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Exercise guests with a few different modes for interrupt delivery. In
particular we want to cover:

 • Xen event channel delivery via GSI to the I/O APIC
 • Xen event channel delivery via GSI to the i8259 PIC
 • MSIs routed to PIRQ event channels
 • GSIs routed to PIRQ event channels

As well as some variants of normal non-Xen stuff like MSI to vAPIC and
PCI INTx going to the I/O APIC and PIC, which ought to still work even
in Xen mode.

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230403134920.2132362-12-alex.bennee@linaro.org>

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230403134920.2132362-11-alex.bennee@linaro.org>

Currently our NetBSD VM recipe requests instal of the python37 package
and explicitly tells QEMU to use that version of python. Since the
NetBSD base ISO was updated to version 9.3 though, the default system
python version is 3.9 which is sufficiently new for QEMU to rely on.
Rather than requesting an older python, just test against the default
system python which is what most users will have.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230329124601.822209-1-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230403134920.2132362-10-alex.bennee@linaro.org>

The 'check' script will use "#!/usr/bin/env python3" by default
to locate python, but this doesn't work in distros which lack a
bare 'python3' binary like NetBSD.

We need to explicitly invoke 'check' by referring to the 'python'
variable in meson, which resolves to the detected python binary
that QEMU intends to use.

This fixes a regression introduced by

  commit 51ab5f8b
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Wed Mar 15 17:43:23 2023 +0000

    iotests: register each I/O test separately with meson

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230329124539.822022-1-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230403134920.2132362-9-alex.bennee@linaro.org>

Signed-off-by: Marco Liebel <quic_mliebel@quicinc.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Message-Id: <20230329142108.1199509-1-quic_mliebel@quicinc.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230403134920.2132362-8-alex.bennee@linaro.org>

Someone mentioned this on IRC so I thought I would try it out with a
few commits that are pure code style fixes.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230403134920.2132362-7-alex.bennee@linaro.org>

We don't update these often but now at least we have a few like minded
individuals keeping reviewers eye out for changes.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230403134920.2132362-5-alex.bennee@linaro.org>

The later handler if conditionally compiled only for Linux but we
forgot to ensure we don't advertise it lest we confuse our BSD
brethren.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Fixes: 51c623b0 ("gdbstub: add support to Xfer:auxv:read: packet")
Reported-by: Warner Losh <imp@bsdimp.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Warner Losh <imp@bsdimp.com>
Tested-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230403134920.2132362-4-alex.bennee@linaro.org>

It is pointless to build libgdb_user.fa in a system-only build
(or libgdb_softmmu.fa in a user-only build). Besides, in some
restricted build configurations, some APIs might be restricted /
not available. Example in a KVM-only builds where TCG is disabled:

  $ ninja qemu-system-x86_64
  [99/2187] Compiling C object gdbstub/libgdb_user.fa.p/user.c.o
  FAILED: gdbstub/libgdb_user.fa.p/user.c.o
  ../../gdbstub/user.c: In function ‘gdb_breakpoint_insert’:
  ../../gdbstub/user.c:438:19: error: implicit declaration of function ‘cpu_breakpoint_insert’; did you mean ‘gdb_breakpoint_insert’? [-Werror=implicit-function-declaration]
    438 |             err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
        |                   ^~~~~~~~~~~~~~~~~~~~~
        |                   gdb_breakpoint_insert
  ../../gdbstub/user.c:438:19: error: nested extern declaration of ‘cpu_breakpoint_insert’ [-Werror=nested-externs]
  ../../gdbstub/user.c: In function ‘gdb_breakpoint_remove’:
  ../../gdbstub/user.c:459:19: error: implicit declaration of function ‘cpu_breakpoint_remove’; did you mean ‘gdb_breakpoint_remove’? [-Werror=implicit-function-declaration]
    459 |             err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
        |                   ^~~~~~~~~~~~~~~~~~~~~
        |                   gdb_breakpoint_remove
  ../../gdbstub/user.c:459:19: error: nested extern declaration of ‘cpu_breakpoint_remove’ [-Werror=nested-externs]
  cc1: all warnings being treated as errors
  ninja: build stopped: subcommand failed.

Fixes: 61b2e136 ("gdbstub: only compile gdbstub twice for whole build")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230329161852.84992-1-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230403134920.2132362-3-alex.bennee@linaro.org>

This reverts commit 4f5c67f8.

This exposes bugs in target_mmap et al with respect to overflow
with the final page of the guest address space.  To be fixed in
the next development cycle.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

This is a very rough and ready first pass at comparing gcovr's json
output between two different runs. At the moment it will give you a
file level diff between two runs but hopefully it wont be too hard to
extend to give better insight.

After generating the coverage results you run with something like:

  ./scripts/coverage/compare_gcov_json.py \
    -a ./builds/gcov.config1/coverage.json \
    -b ./builds/gcov.config2/coverage.json

My hope is we can use this to remove some redundancy from testing as
well as evaluate if new tests are actually providing additional
coverage or just burning our precious CI time.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Kautuk Consul <kconsul@linux.vnet.ibm.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230403134920.2132362-2-alex.bennee@linaro.org>

Nagle's algorithm adds latency in order to reduce network packet
overhead on small packets.  But when we are already using corking to
merge smaller packets into transactional requests, the extra delay
from TCP defaults just gets in the way (see recent commit bd2cd4a4).

For reference, qemu as an NBD client already requests TCP_NODELAY (see
nbd_connect() in nbd/client-connection.c); as does libnbd as a client
[1], and nbdkit as a server [2].  Furthermore, the NBD spec recommends
the use of TCP_NODELAY [3].

[1] https://gitlab.com/nbdkit/libnbd/-/blob/a48a1142/generator/states-connect.c#L39
[2] https://gitlab.com/nbdkit/nbdkit/-/blob/45b72f5b/server/sockets.c#L430
[3] https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md#protocol-phases



CC: Florian Westphal <fw@strlen.de>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20230404004047.142086-1-eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

pull-loongarch-20230404

# -----BEGIN PGP SIGNATURE-----
#
# iLMEAAEIAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCZCwLXQAKCRBAov/yOSY+
# 3zwUA/9d2ddHxGEBTMyF45bzc9JxRF6HoILAwMLsmPWqspPgKdGuviMVewJLt5m8
# V75/BC6Sn9rhdkXALvZMRV6WQ2A16pByUaQtMYAXVsIoV8Mrpvm4GwJD1E0/cy5Q
# TwDTzpDfys9WsTVj0QlCPjp0JW+KA7Y6ArMUUCdCz41L2r7mPA==
# =ovw7
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 04 Apr 2023 12:34:53 BST
# gpg:                using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF
# gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C  6C2C 40A2 FFF2 3926 3EDF

* tag 'pull-loongarch-20230404' of https://gitlab.com/gaosong/qemu

:
  target/loongarch: Enables plugins to get instruction codes
  hw/loongarch/virt: Fix virt_to_phys_addr function

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

I'm leaving Red Hat next week, so clean up the maintainer entries.

'virtiofs' is just the device code now, so is pretty small, and
Stefan is still a maintainer there.

'migration' still has Juan.

For 'HMP' I'll swing that over to my personal email.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: Dr. David Alan Gilbert <dave@treblig.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20230330095524.37691-1-dgilbert@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: tanhongze <tanhongze@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230330124600.1523026-1-tanhongze@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>

The virt addr should mask TARGET_PHYS_ADDR_SPACE_BITS to
get the phys addr, and this is used by loading kernel elf.

Signed-off-by: Tianrui Zhao <zhaotianrui@loongson.cn>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230327112313.3042829-1-zhaotianrui@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>