When starting a guest via libvirt with "virsh start --console ...",
the first second of the console output is missing. This is especially
annoying on s390x that only has a text console by default and no graphical
output - if the bios fails to boot here, the information about what went
wrong is completely lost.

One part of the problem (there is also some things to be done on the
libvirt side) is that QEMU only checks with a 1 second timer whether
the other side of the pty is already connected, so the first second of
the console output is always lost.

This likely used to work better in the past, since the code once checked
for a re-connection during write, but this has been removed in commit
f8278c7d ("char-pty: remove the check for connection on write") to avoid
some locking.

To ease the situation here at least a little bit, let's check with g_poll()
whether we could send out the data anyway, even if the connection has not
been marked as "connected" yet. The file descriptor is marked as non-blocking
anyway since commit fac6688a ("Do not hang on full PTY"), so this should
not cause any trouble if the other side is not ready for receiving yet.

With this patch applied, I can now successfully see the bios output of
a s390x guest when running it with "virsh start --console" (with a patched
version of virsh that fixes the remaining issues there, too).

Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230816210743.1319018-1-thuth@redhat.com>

The fw_cfg DMA write callback in ramfb prepares a new display surface in
QEMU; this new surface is put to use ("swapped in") upon the next display
update. At that time, the old surface (if any) is released.

If the guest triggers the fw_cfg DMA write callback at least twice between
two adjacent display updates, then the second callback (and further such
callbacks) will leak the previously prepared (but not yet swapped in)
display surface.

The issue can be shown by:

(1) starting QEMU with "-trace displaysurface_free", and

(2) running the following program in the guest UEFI shell:

> #include <Library/ShellCEntryLib.h>           // ShellAppMain()
> #include <Library/UefiBootServicesTableLib.h> // gBS
> #include <Protocol/GraphicsOutput.h>          // EFI_GRAPHICS_OUTPUT_PROTOCOL
>
> INTN
> EFIAPI
> ShellAppMain (
>   IN UINTN   Argc,
>   IN CHAR16  **Argv
>   )
> {
>   EFI_STATUS                    Status;
>   VOID                          *Interface;
>   EFI_GRAPHICS_OUTPUT_PROTOCOL  *Gop;
>   UINT32                        Mode;
>
>   Status = gBS->LocateProtocol (
>                   &gEfiGraphicsOutputProtocolGuid,
>                   NULL,
>                   &Interface
>                   );
>   if (EFI_ERROR (Status)) {
>     return 1;
>   }
>
>   Gop = Interface;
>
>   Mode = 1;
>   for ( ; ;) {
>     Status = Gop->SetMode (Gop, Mode);
>     if (EFI_ERROR (Status)) {
>       break;
>     }
>
>     Mode = 1 - Mode;
>   }
>
>   return 1;
> }

The symptom is then that:

- only one trace message appears periodically,

- the time between adjacent messages keeps increasing -- implying that
  some list structure (containing the leaked resources) keeps growing,

- the "surface" pointer is ever different.

> 18566@1695127471.449586:displaysurface_free surface=0x7f2fcc09a7c0
> 18566@1695127471.529559:displaysurface_free surface=0x7f2fcc9dac10
> 18566@1695127471.659812:displaysurface_free surface=0x7f2fcc441dd0
> 18566@1695127471.839669:displaysurface_free surface=0x7f2fcc0363d0
> 18566@1695127472.069674:displaysurface_free surface=0x7f2fcc413a80
> 18566@1695127472.349580:displaysurface_free surface=0x7f2fcc09cd00
> 18566@1695127472.679783:displaysurface_free surface=0x7f2fcc1395f0
> 18566@1695127473.059848:displaysurface_free surface=0x7f2fcc1cae50
> 18566@1695127473.489724:displaysurface_free surface=0x7f2fcc42fc50
> 18566@1695127473.969791:displaysurface_free surface=0x7f2fcc45dcc0
> 18566@1695127474.499708:displaysurface_free surface=0x7f2fcc70b9d0
> 18566@1695127475.079769:displaysurface_free surface=0x7f2fcc82acc0
> 18566@1695127475.709941:displaysurface_free surface=0x7f2fcc369c00
> 18566@1695127476.389619:displaysurface_free surface=0x7f2fcc32b910
> 18566@1695127477.119772:displaysurface_free surface=0x7f2fcc0d5a20
> 18566@1695127477.899517:displaysurface_free surface=0x7f2fcc086c40
> 18566@1695127478.729962:displaysurface_free surface=0x7f2fccc72020
> 18566@1695127479.609839:displaysurface_free surface=0x7f2fcc185160
> 18566@1695127480.539688:displaysurface_free surface=0x7f2fcc23a7e0
> 18566@1695127481.519759:displaysurface_free surface=0x7f2fcc3ec870
> 18566@1695127482.549930:displaysurface_free surface=0x7f2fcc634960
> 18566@1695127483.629661:displaysurface_free surface=0x7f2fcc26b140
> 18566@1695127484.759987:displaysurface_free surface=0x7f2fcc321700
> 18566@1695127485.940289:displaysurface_free surface=0x7f2fccaad100

We figured this wasn't a CVE-worthy problem, as only small amounts of
memory were leaked (the framebuffer itself is mapped from guest RAM, QEMU
only allocates administrative structures), plus libvirt restricts QEMU
memory footprint anyway, thus the guest can only DoS itself.

Plug the leak, by releasing the last prepared (not yet swapped in) display
surface, if any, in the fw_cfg DMA write callback.

Regarding the "reproducer", with the fix in place, the log is flooded with
trace messages (one per fw_cfg write), *and* the trace message alternates
between just two "surface" pointer values (i.e., nothing is leaked, the
allocator flip-flops between two objects in effect).

This issue appears to date back to the introducion of ramfb (995b3017,
"hw/display: add ramfb, a simple boot framebuffer living in guest ram",
2018-06-18).

Cc: Gerd Hoffmann <kraxel@redhat.com> (maintainer:ramfb)
Cc: qemu-stable@nongnu.org
Fixes: 995b3017
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230919131955.27223-1-lersek@redhat.com>

The include list is gigantic, make it smaller.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>

The include list is large, make it smaller.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>

Traceback (most recent call last):
  File "scripts/analyze-migration.py", line 605, in <module>
    dump.read(dump_memory = args.memory)
  File "scripts/analyze-migration.py", line 542, in read
    section.read()
  File "scripts/analyze-migration.py", line 214, in read
    raise Exception("Unknown RAM flags: %x" % flags)
Exception: Unknown RAM flags: 200

See commit 77c259a4 ("multifd: Create property multifd-flush-after-each-section")

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>

dpy_get_ui_info() shouldn't be called if the underlying GPU doesn't
support it.

Before the assert() was added and the regression introduced, GTK code
used to get "zero" UI info, for ex with a simple VGA device. The assert
was added to prevent from calling when there are no console too. The
other display backend that calls dpy_get_ui_info() correctly checks that
pre-condition.

Calling dpy_set_ui_info() is "safe" in this case, it will simply return
an error that can be generally ignored.

Fixes: commit a92e7bb4 ("ui: add precondition for dpy_get_ui_info()")
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>

In all likelihood, the compiler with lto doesn't see the function being
used, from assembly macro __try1. Help it by marking the function has
being used.

Resolves:
https://gitlab.com/qemu-project/qemu/-/issues/1904



Fixes: commit d89f30b4 ("win32: wrap socket close() with an exception handler")

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>

Android uses XBGR8888 and ABGR8888 as default scanout buffer, But qemu
does not support them for qemu_pixman_to_drm_format conversion within
virtio_gpu_create_dmabuf for virtio gpu.

so, add those 2 formats into drm_format_pixman_map.

Signed-off-by: Ken Xue <Ken.Xue@amd.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230914013151.805363-1-Ken.Xue@amd.com>

qemu_graphic_console_is_multihead() declares the graphical console "c" a
"multihead" console if there are two different graphical consoles in the
system that (a) both reference "c->device", and (b) have different
"c->head" numbers. In effect, if at least two graphical consoles exist
that are different heads of the same device that underlies "c". In fact,
"c" may be one of these two graphical consoles, or "c" may differ from
both of those consoles (in case "c->device" has at least three heads).

The loop currently uses this awkward "two different consoles" approach
because the function used not to have access to "c", only to "c->device",
which didn't allow for fetching (and comparing) "c->head". But, we've
changed that in the last patch; we now pass all of "c" to
qemu_graphic_console_is_multihead().

Thus, look for the *first* (and possibly *only*) graphical console, if
any, that refers to the same "device" as "c", but by a different "head"
number.

Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com> (odd fixer:Graphics)
Cc: Gerd Hoffmann <kraxel@redhat.com> (odd fixer:Graphics)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230913144959.41891-5-lersek@redhat.com>

According to Marc-André's and Gerd's descriptions, the "device" and
"head" members of QemuGraphicConsole are exposed as QOM properties for two
purposes:

(1) Introspection (e.g., "qom-get" monitor command).

(2) A VNC server can display a specific device + head. This lets us run a
    multihead configuration by using multiple VNC servers (one for each
    head).

    Further, we can link input devices to device + head, so input events
    are routed to different devices dependent on where they are coming
    from. Which is most useful for tablet devices in a VNC multihead
    setup, each head has its own tablet device then. This does requires
    manual guest-side configuration, for establishing the same tablet <->
    head relationship.

However, neither goal seems to justify the complicated QOM property lookup
that's internal to qemu_console_is_multihead().

Rework qemu_console_is_multihead() with plain old C language field
accesses.

Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com> (odd fixer:Graphics)
Cc: Gerd Hoffmann <kraxel@redhat.com> (odd fixer:Graphics)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230913144959.41891-4-lersek@redhat.com>

qemu_console_is_multihead() declares the console "c" a "multihead" console
if there are two different consoles in the system that (a) both reference
"c->device", and (b) have different "c->head" numbers. In effect, if at
least two consoles exist that are different heads of the same device that
underlies "c".

Commit 58d58708 ("ui/console: move graphic fields to
QemuGraphicConsole", 2023-09-04) pushed the "device" and "head" members
from the QemuConsole base class down to the QemuGraphicConsole subclass,
adjusting the referring QOM properties accordingly as well. As a result,
the "device" property lookup in qemu_console_is_multihead() now crashes,
in case the candidate console being investigated for criterion (a) is not
a QemuGraphicConsole instance:

> Unexpected error in object_property_find_err() at qom/object.c:1314:
> qemu: Property 'qemu-fixed-text-console.device' not found
> Aborted (core dumped)

This is effectively an unchecked downcast. Make it checked: only consider
such console candidates that are themselves QemuGraphicConsole instances.

Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com> (odd fixer:Graphics)
Cc: Gerd Hoffmann <kraxel@redhat.com> (odd fixer:Graphics)
Fixes: 58d58708
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230913144959.41891-3-lersek@redhat.com>

qemu_console_is_multihead() is only called from within "ui/console.c";
make it static.

Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com> (odd fixer:Graphics)
Cc: Gerd Hoffmann <kraxel@redhat.com> (odd fixer:Graphics)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230913144959.41891-2-lersek@redhat.com>

Although an input is routed depending on the console,
qemu_input_is_absolute() had no mechanism to specify the console.

Accept QemuConsole as an argument for qemu_input_is_absolute, and let
the display know the absolute/relative state for a particular console.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230921082936.28100-1-akihiko.odaki@daynix.com>

Migration Pull request (20231002)

In this migration pull request:

- Refactor repeated call of yank_unregister_instance (tejus)
- More migraton-test changes

Please, apply.

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEGJn/jt6/WMzuA0uC9IfvGFhy1yMFAmUatX4ACgkQ9IfvGFhy
# 1yMlbQ/+Kp7m1Mr5LUM/8mvh9LZTVvWauBHch1pdvpCsJO+Grdtv6MtZL5UKT2ue
# xYksZvf/rT4bdt2H1lSsG1o2GOcIf4qyWICgYNDo8peaxm1IrvgAbimaWHWLeORX
# sBxKcBBuTac55vmEKzbPSbwGCGGTU/11UGXQ4ruGN3Hwbd2JZHAK6GxGIzANToZc
# JtwBr/31SxJ2YndNLaPMEnD3cHbRbD2UyODeTt1KI5LdTGgXHoB6PgCk2AMQP1Ko
# LlaPLsrEKC06h2CJ27BB36CNVEGMN2iFa3aKz1FC85Oj2ckatspAFw78t9guj6eM
# MYxn0ipSsjjWjMsc3zEDxi7JrA///5bp1e6e7WdLpOaMBPpV4xuvVvA6Aku2es7D
# fMPOMdftBp6rrXp8edBMTs1sOHdE1k8ZsyJ90m96ckjfLX39TPAiJRm4pWD2UuP5
# Wjr+/IU+LEp/KCqimMj0kYMRz4rM3PP8hOakPZLiRR5ZG6sgbHZK44iPXB/Udz/g
# TCZ87siIpI8YHb3WCaO5CvbdjPrszg1j9v7RimtDeGLDR/hNokkQ1EEeszDTGpgt
# xst4S4wVmex2jYyi53woH4V1p8anP7iqa8elPehAaYPobp47pmBV53ZaSwibqzPN
# TmO7P9rfyQGCiXXZRvrAQJa+gmAkQlSEI7mSssV77pU+1gdEj9c=
# =hD/8
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 02 Oct 2023 08:20:14 EDT
# gpg:                using RSA key 1899FF8EDEBF58CCEE034B82F487EF185872D723
# gpg: Good signature from "Juan Quintela <quintela@redhat.com>" [full]
# gpg:                 aka "Juan Quintela <quintela@trasno.org>" [full]
# Primary key fingerprint: 1899 FF8E DEBF 58CC EE03  4B82 F487 EF18 5872 D723

* tag 'migration-20231002-pull-request' of https://gitlab.com/juan.quintela/qemu

:
  migration/rdma: Simplify the function that saves a page
  migration: Remove unused qemu_file_credit_transfer()
  migration/rdma: Don't use imaginary transfers
  migration/rdma: Remove QEMUFile parameter when not used
  migration/RDMA: It is accounting for zero/normal pages in two places
  migration: Don't abuse qemu_file transferred for RDMA
  migration: Use qemu_file_transferred_noflush() for block migration.
  migration: Refactor repeated call of yank_unregister_instance
  migration-test: simplify shmem_opts handling
  migration-test: dirtylimit checks for x86_64 arch before
  migration-test: Add bootfile_create/delete() functions
  migration-test: bootpath is the same for all tests and for all archs
  migration-test: Create kvm_opts

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

-Wshadow=local patches patches for 2023-09-29

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmUWhnsSHGFybWJydUBy
# ZWRoYXQuY29tAAoJEDhwtADrkYZTDBkP/2E8cyH+fn7yehNAZT8fjBuDBaj0x3wf
# Bs4++bMEZpgfA/11le/Mm+N9BFDtoGj4dnDwQ0yN6bcKcfmNvxh+M+lNaRO+xvXA
# qs/kJtFYkJYuEj1wgKK2XXd4YcD/S4Qap+FSuUBv8KE/oeALkB1fEpvMcwtJtQqc
# 7POQEqYNQfUe+MX/wKZ+qditbbrFRwX69dAd8+nGTbFestXd2uFA5I5kv3ebxELg
# VjTBgQdp7s82iTvoXpTtmQ6A9ba13zmelxmsAMLlAihkbffMwbtbrkQ7qIIUOW1o
# I4WPxhIXXyZbB48qARUq5G3GQuh+7dRArcpYWaFel2a6cjm2Z6NmWJeRAr0cIaWV
# P5B79k7DO551YsBZn+ubH0U+qwMLw+zq2apQ+SeH/loE0pP/c2OBOPtaVI46D0Dh
# 2kgaSuTIy9AByAHoYBxKnxy4TVwPKzk8hdzCQdiRSO7KJdMqMsV+/w1eR4oH9dsf
# CAvJXVzLicFMMABA/4O99K+1yjIOQpwmiqAjc+gV6FdhwllSH3yQDiK4RMWNAwRu
# bRQHBCk143t7cM3ts09T+5QxkWB3U0iGMJ4rpn43yjH5xwlWmpTlztvd7XlXwyTR
# 8j2Z+8qxe992HmVk34rKdkGnu0qz4AhJBgAEEk2e0oepZvjfigqodQwEMCQsse5t
# cH51HzTDuen/
# =XVKC
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 29 Sep 2023 04:10:35 EDT
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* tag 'pull-shadow-2023-09-29' of https://repo.or.cz/qemu/armbru

: (56 commits)
  disas/m68k: clean up local variable shadowing
  hw/nvme: Clean up local variable shadowing in nvme_ns_init()
  softmmu/device_tree: Fixup local variables shadowing
  target/riscv: vector_helper: Fixup local variables shadowing
  target/riscv: cpu: Fixup local variables shadowing
  hw/riscv: opentitan: Fixup local variables shadowing
  qemu-nbd: changes towards enabling -Wshadow=local
  seccomp: avoid shadowing of 'action' variable
  crypto: remove shadowed 'ret' variable
  intel_iommu: Fix shadow local variables on "size"
  aspeed/timer: Clean up local variable shadowing
  aspeed/i3c: Rename variable shadowing a local
  aspeed: Clean up local variable shadowing
  aspeed/i2c: Clean up local variable shadowing
  hw/arm/smmuv3-internal.h: Don't use locals in statement macros
  hw/arm/smmuv3.c: Avoid shadowing variable
  hw/misc/arm_sysctl.c: Avoid shadowing local variable
  hw/intc/arm_gicv3_its: Avoid shadowing variable in do_process_its_cmd()
  hw/acpi: changes towards enabling -Wshadow=local
  test-throttle: don't shadow 'index' variable in do_test_accounting()
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

- Add FTOU, CRCN, FTOHP, and HPTOF insns

# -----BEGIN PGP SIGNATURE-----
#
# iQJTBAABCgA9FiEEbmNqfoPy3Qz6bm43CtLGOWtpyhQFAmUWb2sfHGtiYXN0aWFu
# QG1haWwudW5pLXBhZGVyYm9ybi5kZQAKCRAK0sY5a2nKFPn0D/0S+Zth2okyfe6H
# YdoFB49PWlcafIvZHr1TDswp3LvSDnrjHLJfEW1Gx3mtDkw+/7uid0eMTQ8sDlxJ
# t7spJdZDZ5dkm+9K5MzGkW0zo0jDY6kbS1A3HJRPcpJJJk4zBBL1K4KC1FBUD6IK
# 7n41f5vExgWhIhOgZmT9WTMbBfh73/+Cu8h6M9RAI1VI0O6N5jOETpKTBFsPOx+A
# Kd429cB1c9QeAj0iEXdMn2/Xg2cAII86jrOcYkLYltxir/r6Cia9hfp/F6OXpcZI
# QqKzn11djvbCCL7m9OXhuI3ZP+TIcX7QOabSstfghHlNG1qs/RkXwIRqKHsfRXNG
# nywBTjwIDSiZ4cbZVJ6OjXxbU9OBRkmDgh+SYEVMlFi4E+t3WeTMC8gxUsjfITpK
# JXFoduN2P0yKRjkWQ2OSQ7xX4StFPikXBH1eC8RNnW4IY00wMiJ0tM/0+j+qJLLM
# Ft/bceIZhnGs+axN0jF1EtR03uLZ0kmy3YqsH/KnBnufrag3ytpC/kAtl9Scd6m+
# N4pAT9cfgxqXv/yXAKGupoNPwPGvvSKV6XQTJt2Hn7PBadHWlvlBkgYqGIejpHDM
# x9EghA8o4q5rTu9zTqBv36bOHJEDbJhmq5dYqJTS/q1ORjnWQQsLxv+6XGN3wrbb
# OuexPdD8fH3mWrjeJJ3KDKojOYyGyg==
# =gUyL
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 29 Sep 2023 02:32:11 EDT
# gpg:                using RSA key 6E636A7E83F2DD0CFA6E6E370AD2C6396B69CA14
# gpg:                issuer "kbastian@mail.uni-paderborn.de"
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6E63 6A7E 83F2 DD0C FA6E  6E37 0AD2 C639 6B69 CA14

* tag 'pull-tricore-20230929' of https://github.com/bkoppelmann/qemu

:
  target/tricore: Change effective address (ea) to target_ulong
  target/tricore: Remove CSFRs from cpu.h
  tests/tcg: Reset result register after each test
  hw/tricore: Log failing test in testdevice
  tests/tcg/tricore: Extended and non-extened regs now match
  target/tricore: Fix FTOUZ being ISA v1.3.1 up
  target/tricore: Replace cpu_*_code with translator_*
  target/tricore: Swap src and dst reg for RCRR_INSERT
  target/tricore: Fix RCPW/RRPW_INSERT insns for width = 0
  target/tricore: Implement hptof insn
  target/tricore: Implement ftohp insn
  target/tricore: Clarify special case for FTOUZ insn
  target/tricore: Implement FTOU insn
  target/tricore: Correctly handle FPU RM from PSW
  target/tricore: Implement CRCN insn
  tests/tcg/tricore: Bump cpu to tc37x

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

accel/tcg: Always require can_do_io, for #1866

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmUV1sgdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/8UAgAjFSrUvW5cGTiaow7
# cTvvoFnQzVCM7gFbC2T9W29Hrv0s3tqJHSdUFftzzMXB1atylwb85XN5wegC98zk
# 7+OzrUvTN2fRHVTnWdUg2Tgj+pR/Sw+9HVy851c3B/e3oFegqAIQaNK5w9N3ZpWd
# gpGN8Lau6dEdte8ckMTzG0Sw4LryZyvcgz9+vDv+YX03JaiSMqziHoJGwHfjqr9Q
# FOI1f4gQw+Y2ct6Xop1vVILH2I26US40Y2DvEMEDuZpTkTN0L2V8ipz+tWgGuCMa
# 7HRySJAw5HiDdtAV9/H5dfGJVgjsgwuWoYm+viJtJKJ+X350a5YI77hkbglPxQu+
# Q+dCVA==
# =lQYd
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 28 Sep 2023 15:40:56 EDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-tcg-20230928' of https://gitlab.com/rth7680/qemu

:
  accel/tcg: Always require can_do_io
  accel/tcg: Always set CF_LAST_IO with CF_NOIRQ
  accel/tcg: Improve setting of can_do_io at start of TB
  accel/tcg: Track current value of can_do_io in the TB
  accel/tcg: Hoist CF_MEMI_ONLY check outside translation loop
  accel/tcg: Avoid load of icount_decr if unused

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Pull request

- Mads Ynddal's improvements to simpletrace.py

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmUVgyAACgkQnKSrs4Gr
# c8jxkAf/TVtEZTPDvQMz7PNEsAdGLREwYKrsUXHtqOrINbVL1slrJ1qYmygeJltq
# 37CAcxBzvnaH7y2jF8JPKWK3sO3x1fc2ocA72BZt3kuim5T7MojJgFfAN/PdwRHf
# q1a+lYJHKOi0BV4yWPmPHnCSXOohHbJfRBxwZgwFEZMbWdlkAm6m+JFUqn+Vd5ee
# 4vEBxrNMY28H02OeoFNBQPCLRHrkeH4EVj+DP5TAk1H1ehoZeH45UoUsopEfD51z
# IyiXxzumtgpCMyC/jXS5BY6VStW7lDLoDscflMQ/l7ITEtm7Hj2fnPcp/aRKoEUk
# p1JuoSm8YrwnwMokFsQCbkYWkBWieQ==
# =rrnI
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 28 Sep 2023 09:44:00 EDT
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [ultimate]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [ultimate]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* tag 'tracing-pull-request' of https://gitlab.com/stefanha/qemu

:
  scripts/analyse-locks-simpletrace.py: changed iteritems() to items()
  MAINTAINERS: add maintainer of simpletrace.py
  simpletrace: added simplified Analyzer2 class
  simpletrace: move event processing to Analyzer class
  simpletrace: move logic of process into internal function
  simpletrace: refactor to separate responsibilities
  simpletrace: made Analyzer into context-manager
  simpletrace: define exception and add handling
  simpletrace: improved error handling on struct unpack
  simpletrace: update code for Python 3.11
  simpletrace: changed naming of edict and idtoname to improve readability
  simpletrace: improve parsing of sys.argv; fix files never closed.
  simpletrace: annotate magic constants from QEMU code
  simpletrace: add __all__ to define public interface

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

When we sent a page through QEMUFile hooks (RDMA) there are three
posiblities:
- We are not using RDMA. return RAM_SAVE_CONTROL_DELAYED and
  control_save_page() returns false to let anything else to proceed.
- There is one error but we are using RDMA.  Then we return a negative
  value, control_save_page() needs to return true.
- Everything goes well and RDMA start the sent of the page
  asynchronously.  It returns RAM_SAVE_CONTROL_DELAYED and we need to
  return 1 for ram_save_page_legacy.

Clear?

I know, I know, the interface is as bad as it gets.  I think that now
it is a bit clearer, but this needs to be done some other way.

Reviewed-by: Leonardo Bras <leobras@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20230515195709.63843-16-quintela@redhat.com>

After this change, nothing abuses QEMUFile to account for data
transferrefd during migration.

Reviewed-by: Leonardo Bras <leobras@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20230515195709.63843-15-quintela@redhat.com>

RDMA protocol is completely asynchronous, so in qemu_rdma_save_page()
they "invent" that a byte has been transferred.  And then they call
qemu_file_credit_transfer() and ram_transferred_add() with that byte.
Just remove that calls as nothing has been sent.

Reviewed-by: Leonardo Bras <leobras@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20230515195709.63843-14-quintela@redhat.com>

Reviewed-by: Leonardo Bras <leobras@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20230515195709.63843-13-quintela@redhat.com>

Remove the one in control_save_page().

Reviewed-by: Leonardo Bras <leobras@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20230515195709.63843-12-quintela@redhat.com>

Just create a variable for it, the same way that multifd does.  This
way it is safe to use for other thread, etc, etc.

Reviewed-by: Leonardo Bras <leobras@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20230515195709.63843-11-quintela@redhat.com>

We only care about the amount of bytes transferred.  Flushing is done
by the system somewhere else.

Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <20230530183941.7223-4-quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

In the function qmp_migrate(), yank_unregister_instance() gets called
twice which isn't required. Hence, refactoring it so that it gets called
during the local_error cleanup.

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Tejus GK <tejus.gk@nutanix.com>
Message-ID: <20230621130940.178659-3-tejus.gk@nutanix.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

Reviewed-by: Peter Xu <peterx@redhat.com>
Message-ID: <20230608224943.3877-4-quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

So no need to assert we are in x86_64.
Once there, refactor the function to remove useless variables.

Reviewed-by: Peter Xu <peterx@redhat.com>
Message-ID: <20230608224943.3877-11-quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

The bootsector code is read only from the guest (otherwise we are
going to have problems with it being read from both source and
destination).

Create a single copy for all the tests.

Reviewed-by: Peter Xu <peterx@redhat.com>
Message-ID: <20230608224943.3877-10-quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

So just make it a global variable.

Reviewed-by: Peter Xu <peterx@redhat.com>
Message-ID: <20230608224943.3877-9-quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

So arch_dirty_ring option becomes one option like the others.

Reviewed-by: Peter Xu <peterx@redhat.com>
Message-ID: <20230608224943.3877-8-quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

Fix following warnings

.../disas/m68k.c: In function ‘print_insn_arg’:
.../disas/m68k.c:1635:13: warning: declaration of ‘val’ shadows a previous local [-Wshadow=compatible-local]
 1635 |         int val = fetch_arg (buffer, place, 5, info);
      |             ^~~
.../disas/m68k.c:1093:7: note: shadowed declaration is here
 1093 |   int val = 0;
      |       ^~~

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-ID: <20230925084455.395150-1-laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

Fix local variable shadowing in nvme_ns_init().

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Message-ID: <20230925-fix-local-shadowing-v1-1-3a1172132377@samsung.com>
Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

Local variables shadowing other local variables or parameters make the
code needlessly hard to understand.  Bugs love to hide in such code.
Evidence: "[PATCH v3 1/7] migration/rdma: Fix save_page method to fail
on polling error".

This patch removes the local variable shadowing. Tested by adding:

    --extra-cflags='-Wshadow=local -Wno-error=shadow=local -Wno-error=shadow=compatible-local'

To configure

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20230925043023.71448-5-alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

Local variables shadowing other local variables or parameters make the
code needlessly hard to understand.  Bugs love to hide in such code.
Evidence: "[PATCH v3 1/7] migration/rdma: Fix save_page method to fail
on polling error".

This patch removes the local variable shadowing. Tested by adding:

    --extra-cflags='-Wshadow=local -Wno-error=shadow=local -Wno-error=shadow=compatible-local'

To configure

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20230925043023.71448-4-alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

Local variables shadowing other local variables or parameters make the
code needlessly hard to understand.  Bugs love to hide in such code.
Evidence: "[PATCH v3 1/7] migration/rdma: Fix save_page method to fail
on polling error".

This patch removes the local variable shadowing. Tested by adding:

    --extra-cflags='-Wshadow=local -Wno-error=shadow=local -Wno-error=shadow=compatible-local'

To configure

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20230925043023.71448-3-alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

Local variables shadowing other local variables or parameters make the
code needlessly hard to understand.  Bugs love to hide in such code.
Evidence: "[PATCH v3 1/7] migration/rdma: Fix save_page method to fail
on polling error".

This patch removes the local variable shadowing. Tested by adding:

    --extra-cflags='-Wshadow=local -Wno-error=shadow=local -Wno-error=shadow=compatible-local'

To configure

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20230925043023.71448-2-alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

Address all compiler complaints from -Wshadow in qemu-nbd.  Several
instances of 'int ret' became shadows when commit 4fbec260 added 'ret'
at a higher scope in main.  More interesting was the 'void *ret'
capturing the result of a pthread; where we were conceptually doing
'(void*)(intptr_t)EXIT_FAILURE != NULL' which just feels wrong (even
though it happens to compile correctly), so it was worth a better
cleanup.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <20230922205019.2755352-2-eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

This is confusing as one 'action' variable is used for storing
a SCMP_ enum value, while the other 'action' variable is used
for storing a SECCOMP_ enum value.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20230922160644.438631-3-berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>

Both instances of 'ret' are used to store a gnutls API return code.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20230922160644.438631-2-berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>