Thumb instructions in an IT block are set up to be conditionally
executed depending on a set of condition bits encoded into the IT
bits of the CPSR/XPSR.  The architecture specifies that if the
condition bits are 0b1111 this means "always execute" (like 0b1110),
not "never execute"; we were treating it as "never execute".  (See
the ConditionHolds() pseudocode in both the A-profile and M-profile
Arm ARM.)

This is a bit of an obscure corner case, because the only legal
way to get to an 0b1111 set of condbits is to do an exception
return which sets the XPSR/CPSR up that way. An IT instruction
which encodes a condition sequence that would include an 0b1111 is
UNPREDICTABLE, and for v8A the CONSTRAINED UNPREDICTABLE choices
for such an IT insn are to NOP, UNDEF, or treat 0b1111 like 0b1110.
Add a comment noting that we take the latter option.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190617175317.27557-7-peter.maydell@linaro.org

Like most of the v7M memory mapped system registers, the systick
registers are accessible to privileged code only and user accesses
must generate a BusFault. We implement that for registers in
the NVIC proper already, but missed it for systick since we
implement it as a separate device. Correct the omission.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190617175317.27557-6-peter.maydell@linaro.org

In the various helper functions for v7M/v8M instructions, use
the _ra versions of cpu_stl_data() and friends. Otherwise we
may get wrong behaviour or an assert() due to not being able
to locate the TB if there is an exception on the memory access
or if it performs an IO operation when in icount mode.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190617175317.27557-5-peter.maydell@linaro.org

In v8M, an attempt to return from an exception which is not
active is an illegal exception return. For this purpose,
exceptions which can configurably target either Secure or
NonSecure are not considered to be active if they are
configured for the opposite security state for the one
we're trying to return from (eg attempt to return from
an NS NMI but NMI targets Secure). In the pseudocode this
is handled by IsActiveForState().

Detect this case rather than counting an active exception
possibly of the wrong security state as being sufficient.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190617175317.27557-4-peter.maydell@linaro.org

To prevent execution priority remaining negative if the guest
returns from an NMI or HardFault with a corrupted IPSR, the
v8M interrupt deactivation process forces the HardFault and NMI
to inactive based on the current raw execution priority,
even if the interrupt the guest is trying to deactivate
is something else. In the pseudocode this is done in the
Deactivate() function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190617175317.27557-3-peter.maydell@linaro.org

In preparation for supporting TCG disablement on ARM, we move most
of TCG related v7m/v8m helpers and APIs into their own file.

Note: It is easier to review this commit using the 'histogram'
      diff algorithm:

    $ git diff --diff-algorithm=histogram ...
  or
    $ git diff --histogram ...

Suggested-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190702144335.10717-2-philmd@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: updated qapi #include to match recent changes there]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Per Peter Maydell:

  Semihosting hooks either SVC or HLT instructions, and inside KVM
  both of those go to EL1, ie to the guest, and can't be trapped to
  KVM.

Let check_for_semihosting() return False when not running on TCG.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190701194942.10092-3-philmd@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

These routines are TCG specific.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190701194942.10092-2-philmd@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

ui: terminal emulation fix.

# gpg: Signature made Thu 04 Jul 2019 08:04:31 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20190704-pull-request:
  console: fix cell overflow

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Build system patches for 2019-07-02

# gpg: Signature made Wed 03 Jul 2019 12:44:28 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-build-2019-07-02-v2:
  Makefile: Reuse all's recursion machinery for clean and install
  Makefile: Rename targets for make recursion
  Makefile: Drop bogus cleaning of $(ALL_SUBDIRS)/qemu-options.def
  Makefile: Remove code to smooth transition to config.status

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

audio: pulse bugfix

# gpg: Signature made Wed 03 Jul 2019 07:55:43 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/audio-20190703-pull-request:
  fix microphone lag with PA

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

VFIO fixes 2019-07-02

 - Remove outdated comment (Fabiano Rosas)

 - Log MSI-X eventfd switch failure, fix Coverity issue (Eric Auger)

# gpg: Signature made Tue 02 Jul 2019 23:21:56 BST
# gpg:                using RSA key 239B9B6E3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" [full]
# gpg:                 aka "Alex Williamson <alex@shazbot.org>" [full]
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>" [full]
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>" [full]
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B  8A90 239B 9B6E 3BB0 8B22

* remotes/awilliam/tags/vfio-fixes-20190702.0:
  vfio/pci: Trace vfio_set_irq_signaling() failure in vfio_msix_vector_release()
  vfio-common.h: Remove inaccurate comment

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Python queue, 2019-07-01

* Deprecate Python 2 support (Eduardo Habkost)
* qemu/__init__.py refactor (John Snow)
* make qmp-shell work with python3 (Igor Mammedov)

# gpg: Signature made Mon 01 Jul 2019 23:28:27 BST
# gpg:                using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg:                issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/python-next-pull-request:
  Deprecate Python 2 support
  machine.py: minor delinting
  python/qemu: split QEMUMachine out from underneath __init__.py
  qmp: make qmp-shell work with python3

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

RISC-V Patches for the 4.1 Soft Freeze, Part 2 v3

This pull request contains a handful of patches that I'd like to target
for the 4.1 soft freeze.  There are a handful of new features:

* Support for the 1.11.0, the latest privileged specification.
* Support for reading and writing the PRCI registers.
* Better control over the ISA of the target machine.
* Support for the cpu-topology device tree node.

Additionally, there are a handful of bug fixes including:

* Load reservations are now broken by both store conditional and by
  scheduling, which fixes issues with parallel applications.
* Various fixes to the PMP implementation.
* Fixes to the 32-bit linux-user syscall ABI.
* Various fixes for instruction decodeing.
* A fix to the PCI device tree "bus-range" property.

This boots 32-bit and 64-bit OpenEmbedded.

Changes since v2 [riscv-for-master-4.1-sf1-v2]:

* Dropped OpenSBI.

Changes since v1 [riscv-for-master-4.1-sf1]:

* Contains a fix to the sifive_u OpenSBI integration.

# gpg: Signature made Wed 03 Jul 2019 09:39:09 BST
# gpg:                using RSA key 00CE76D1834960DFCE886DF8EF4CA1502CCBAB41
# gpg:                issuer "palmer@dabbelt.com"
# gpg: Good signature from "Palmer Dabbelt <palmer@dabbelt.com>" [unknown]
# gpg:                 aka "Palmer Dabbelt <palmer@sifive.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 00CE 76D1 8349 60DF CE88  6DF8 EF4C A150 2CCB AB41

* remotes/palmer/tags/riscv-for-master-4.1-sf1-v3: (32 commits)
  hw/riscv: Extend the kernel loading support
  hw/riscv: Add support for loading a firmware
  hw/riscv: Split out the boot functions
  riscv: sifive_u: Update the plic hart config to support multicore
  riscv: sifive_u: Do not create hard-coded phandles in DT
  disas/riscv: Fix `rdinstreth` constraint
  disas/riscv: Disassemble reserved compressed encodings as illegal
  riscv: virt: Add cpu-topology DT node.
  RISC-V: Update syscall list for 32-bit support.
  RISC-V: Clear load reservations on context switch and SC
  RISC-V: Add support for the Zicsr extension
  RISC-V: Add support for the Zifencei extension
  target/riscv: Add support for disabling/enabling Counters
  target/riscv: Remove user version information
  target/riscv: Require either I or E base extension
  qemu-deprecated.texi: Deprecate the RISC-V privledge spec 1.09.1
  target/riscv: Set privledge spec 1.11.0 as default
  target/riscv: Add the mcountinhibit CSR
  target/riscv: Add the privledge spec version 1.11.0
  target/riscv: Restructure deprecatd CPUs
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

qemu-sparc queue

# gpg: Signature made Tue 02 Jul 2019 23:14:13 BST
# gpg:                using RSA key CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg:                issuer "mark.cave-ayland@ilande.co.uk"
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full]
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C  C9C4 5BC2 C56F AE0F 321F

* remotes/mcayland/tags/qemu-sparc-20190702:
  sunhme: ensure that RX descriptor ring overflow is indicated to client driver
  sunhme: fix return values from sunhme_receive() during receive packet processing
  sunhme: flush any queued packets when HME_MAC_RXCFG_ENABLE bit is raised
  sunhme: fix incorrect constant in sunhme_can_receive()
  sunhme: add trace event for logging PCI IRQ
  sun4m: set default display type to TCX

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

vga: virtio fixes, bitbang i2c asan fix, install ati vgabios.

# gpg: Signature made Wed 03 Jul 2019 09:53:44 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20190703-pull-request:
  Add ati vgabios to INSTALL_BLOBS.
  hw/i2c/bitbang_i2c: Use in-place rather than malloc'd bitbang_i2c_interface struct
  virtio-gpu: check if the resource already exists in virtio_gpu_load()
  virtio-gpu: fix unmap in error path

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

MIPS queue for July 2nd, 2019

# gpg: Signature made Tue 02 Jul 2019 17:09:29 BST
# gpg:                using RSA key D4972A8967F75A65
# gpg: Good signature from "Aleksandar Markovic <amarkovic@wavecomp.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01  DD75 D497 2A89 67F7 5A65

* remotes/amarkovic/tags/mips-queue-jul-02-2019:
  target/mips: Correct helper for MSA FCLASS.<W|D> instructions
  target/mips: Unroll loops for MSA float max/min instructions
  target/mips: Correct comments in msa_helper.c
  target/mips: Correct comments in translate.c
  tcg/tests: target/mips: Correct MSA test compilation and execution order
  tcg/tests: target/mips: Amend MSA integer multiply tests
  tcg/tests: target/mips: Amend MSA fixed point multiply tests
  hw/mips: Express dependencies of the r4k platform with Kconfig
  hw/mips: Express dependencies of the Jazz machine with Kconfig
  hw/mips: Express dependencies of the MIPSsim machine with Kconfig
  hw/mips: Explicit the semi-hosting feature is always required
  tests/machine-none: Test recent MIPS cpus

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Add statx
Fix netlink with IFLA_BR_MULTI_BOOLOPT
Fix mips (EXCP_FPE, struct flock)

# gpg: Signature made Tue 02 Jul 2019 16:05:18 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-4.1-pull-request:
  linux-user: move QEMU_IFLA_BR_MULTI_BOOLOPT to the good function
  linux-user: Handle EXCP_FPE properly for MIPS
  linux-user: Introduce TARGET_HAVE_ARCH_STRUCT_FLOCK
  linux-user: Fix target_flock structure for MIPS O64 ABI
  linux-user: Add support for strace for statx() syscall
  linux-user: Add support for translation of statx() syscall

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Targets "clean" and "install" run make recursively in a for loop.
This ignores -j and -k.  Target "all" depends on SUBDIR/all to recurse
into each SUBDIR.  Behaves nicely with -j and -k.  Put that to use for
"clean" and "install": depend on SUBDIR/clean or SUBDIR/install,
respectively, and delete the loop.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20190528082308.22032-5-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

We make a few sub-directories recursively, in particular
$(TARGET_DIRS).

For goal "all", we do it the nice way: "all" has a prerequisite
subdir-T for each T in $(TARGET_DIRS), and T's recipe runs make
recursively.  Behaves nicely with -j and -k.

For other goals such as "clean" and "install", the recipe runs make
recursively in a for loop.  Ignores -j and -k.

The next commit will fix that for "clean" and "install".  This commit
prepares the ground by renaming the targets we use for "all" to
include the goal for the sub-make.  This will permit reusing them for
goals other than "all".

Targets subdir-T for T in $(TARGET_DIRS) run "make all" in T.  Rename
to T/all, and declare phony.

Targets romsubdir-R for R in $(ROMS) run "make" in pc-bios/R.  Default
goal is "all" for all R.  Rename to pc-bios/R/all, and declare phony.

The remainder are renamed just for consistency.

Target subdir-dtc runs "make libbft/libfdt.a" in dtc.  Rename to
dtc/all, and declare phony.

Target subdir-capstone runs make $(BUILD_DIR)/capstone/$(LIBCAPSTONE)
in $(SRC_PATH)/capstone.  Rename to capstone/all, and declare phony.

Target subdir-slirp runs "make" in $(SRC_PATH)/slirp.  Default goal is
all, which builds $(BUILD_DIR)/libslirp.a.  Rename to slirp/all, and
declare phony.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190528082308.22032-4-armbru@redhat.com>
[Add compatibility gunk to keep make working across the rename]

Linux terminal behavior (coming from vt100 I think) is somewhat strange
when it comes to line wraps:  When a character is printed to the last
char cell of a line the cursor does NOT jump to the next line but stays
where it is.  The line feed happens when the next character is printed.

So the valid range for the cursor position is not 0 .. width-1 but
0 .. width, where x == width represents the state where the line is
full but the cursor didn't jump to the next line yet.

The code for the 'clear from start of line' control sequence (ESC[1K)
fails to handle this corner case correctly and may call
console_clear_xy() with x == width.  That will incorrectly clear the
first char cell of the next line, or in case the cursor happens to be on
the last line overflow the cell buffer by one character (three bytes).

Add a check to the loop to fix that.

Didn't spot any other places with the same problem.  But it's easy to
miss that corner case, so also allocate one extra cell as precaution, so
in case we have simliar issues lurking elsewhere it at least wouldn't be
a buffer overflow.

v2: squashed in additional checks suggested by Christophe de Dinechin.

Reported-by: Alexander Oleinik <alxndr@bu.edu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com>
Message-id: 20190701075301.14165-1-kraxel@redhat.com

Fixes: 0cca7e7b
Reported-by: Bruce Rogers <BROGERS@suse.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20190703045212.31039-1-kraxel@redhat.com

Currently the bitbang_i2c_init() function allocates a
bitbang_i2c_interface struct which it returns.  This is unfortunate
because it means that if the function is used from a DeviceState
init method then the memory will be leaked by an "init then delete"
cycle, as used by the qmp/hmp commands that list device properties.

Since three out of four of the uses of this function are in
device init methods, switch the function to do an in-place
initialization of a struct that can be embedded in the
device state struct of the caller.

This fixes LeakSanitizer leak warnings that have appeared in the
patchew configuration (which only tries to run the sanitizers
for the x86_64-softmmu target) now that we use the bitbang-i2c
code in an x86-64 config.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190702163844.20458-1-peter.maydell@linaro.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

While loading virtio-gpu, the data can be malicious, we
should check if the resource already exists.

Signed-off-by: Li Qiang <liq3ea@163.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20190628161358.10400-1-liq3ea@163.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

We land here in case not everything we've asked for could be mapped.
So unmap only the bytes which have actually been mapped.

Also we didn't access anything, so acces_len can be 0.

Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Message-id: 20190628072357.31782-1-kraxel@redhat.com

Several people have reported to have bag microphone lag with the PA
backend. While I cannot reproduce the problem here, it seems that their
PA somehow decides to buffer the microphone input for way too long,
causing this delay. This patch sets an upper limit to the amount of
data PA should hold. This fixes the problem reliably on their side,
while having no adverse effects on mine.

Signed-off-by: Martin Schrodt <martin@schrodt.org>
Message-id: 20190615153852.99040-1-martin@schrodt.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Monitor patches for 2019-07-02

# gpg: Signature made Tue 02 Jul 2019 12:37:57 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-monitor-2019-07-02-v2:
  dump: Move HMP command handlers to dump/
  MAINTAINERS: Add Windows dump to section "Dump"
  dump: Move the code to dump/
  qapi: Split dump.json off misc.json
  qapi: Rename target.json to misc-target.json
  qapi: Split machine-target.json off target.json and misc.json
  hw/core: Collect HMP command handlers in hw/core/
  hw/core: Collect QMP command handlers in hw/core/
  hw/core: Move numa.c to hw/core/
  qapi: Split machine.json off misc.json
  MAINTAINERS: Merge sections CPU, NUMA into Machine core
  qom: Move HMP command handlers to qom/
  qom: Move QMP command handlers to qom/
  qapi: Split qom.json and qdev.json off misc.json
  hmp: Move hmp.h to include/monitor/
  Makefile: Don't add monitor/ twice to common-obj-y
  MAINTAINERS: Make section "QOM" cover qdev as well
  MAINTAINERS: new maintainers for QOM

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

On very busy networks connected via a tap interface, it is possible to overflow
the RX descriptor ring in the time between the client driver enabling the RX
MAC and finishing writing the final configuration to the NIC registers.

Ensure that we detect this condition and update the status register accordingly
to indicate an overflow has occurred (and the incoming packet dropped) in order
to prevent the client driver becoming confused.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

The current return values in sunhme_receive() when processing incoming packets
are inverted from what they should be. Make sure that we return 0 to indicate
the packet was discarded (and polling is to be disabled) and -1 to indicate
that the packet was discarded but polling for incoming data is to be continued.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

Some client drivers use this bit to pause and resume the driver so make sure
that queued packets are flushed when the MAC is disabled and then reactivated.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

Due to a copy/paste error the wrong register was being checked in order to
determine if the NIC is able to receive data.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

Commit 6807874d "sun4m: obey -vga none" changed the sun4m machines so that
they could be started without a framebuffer installed, but as no default
display type was configured the machines would start in headless mode without
an explict -vga option.

Set the default display type for all sun4m machines to TCX so that they will
start with a framebuffer if one is not specifically requested.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>

Report an error in case we fail to set a trigger action
on any VFIO_PCI_MSIX_IRQ_INDEX subindex. This might be
useful in debugging a device that is not working properly.

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reported-by: Coverity (CID 1402196)
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>

This is a left-over from "f4ec5e26 vfio: Add host side DMA window
capabilities", which added support to more than one DMA window.

Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>

ppc patch queue 2019-07-2

Here's my next pull request for qemu-4.1.  I'm not sure if this will
squeak in just before the soft freeze, or just after.  I don't think
it really matters - most of this is bugfixes anyway.  There's some
cleanups which aren't stictly bugfixes, but which I think are safe
enough improvements to go in the soft freeze.  There's no true feature
work.

Unfortunately, I wasn't able to complete a few of my standard battery
of pre-pull tests, due to some failures that appear to also be in
master.  I'm hoping that hasn't missed anything important in here.

Highlights are:
  * A number of fixe and cleanups for the XIVE implementation
  * Cleanups to the XICS interrupt controller to fit better with the new
    XIVE code
  * Numerous fixes and improvements to TCG handling of ppc vector
    instructions
  * Remove a number of unnnecessary #ifdef CONFIG_KVM guards
  * Fix some errors in the PCI hotplug paths
  * Assorted other fixes

# gpg: Signature made Tue 02 Jul 2019 07:07:15 BST
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-4.1-20190702: (49 commits)
  spapr/xive: Add proper rollback to kvmppc_xive_connect()
  ppc/xive: Fix TM_PULL_POOL_CTX special operation
  ppc/pnv: Rework cache watch model of PnvXIVE
  ppc/xive: Make the PIPR register readonly
  ppc/xive: Force the Physical CAM line value to group mode
  spapr/xive: simplify spapr_irq_init_device() to remove the emulated init
  spapr/xive: rework the mapping the KVM memory regions
  spapr_pci: Unregister listeners before destroying the IOMMU address space
  target/ppc: improve VSX_FMADD with new GEN_VSX_HELPER_VSX_MADD macro
  target/ppc: decode target register in VSX_EXTRACT_INSERT at translation time
  target/ppc: decode target register in VSX_VECTOR_LOAD_STORE_LENGTH at translation time
  target/ppc: introduce GEN_VSX_HELPER_R2_AB macro to fpu_helper.c
  target/ppc: introduce GEN_VSX_HELPER_R2 macro to fpu_helper.c
  target/ppc: introduce GEN_VSX_HELPER_R3 macro to fpu_helper.c
  target/ppc: introduce GEN_VSX_HELPER_X1 macro to fpu_helper.c
  target/ppc: introduce GEN_VSX_HELPER_X2_AB macro to fpu_helper.c
  target/ppc: introduce GEN_VSX_HELPER_X2 macro to fpu_helper.c
  target/ppc: introduce separate generator and helper for xscvqpdp
  target/ppc: introduce GEN_VSX_HELPER_X3 macro to fpu_helper.c
  target/ppc: introduce separate VSX_CMP macro for xvcmp* instructions
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Implement the following AMD command-set parallel flash functionality:
- nonuniform sector sizes;
- erase suspend/resume commands; and
- multi-sector erase.

# gpg: Signature made Tue 02 Jul 2019 01:54:33 BST
# gpg:                using RSA key E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/pflash-next-20190701: (27 commits)
  hw/block/pflash_cfi02: Reduce I/O accesses to 16-bit
  hw/block/pflash_cfi02: Document commands
  hw/block/pflash_cfi02: Use chip erase time specified in the CFI table
  hw/block/pflash_cfi02: Implement erase suspend/resume
  hw/block/pflash_cfi02: Implement multi-sector erase
  hw/block/pflash_cfi02: Fix reset command not ignored during erase
  hw/block/pflash_cfi02: Fix CFI in autoselect mode
  hw/block/pflash_cfi02: Split if() condition
  hw/block/pflash_cfi02: Extract pflash_regions_count()
  hw/block/pflash_cfi02: Implement nonuniform sector sizes
  hw/block/pflash_cfi02: Document 'Page Mode' operations are not supported
  hw/block/pflash_cfi02: Hold the PRI table offset in a variable
  hw/block/pflash_cfi02: Document the current CFI values
  hw/block/pflash_cfi02: Remove pointless local variable
  tests/pflash-cfi02: Refactor to support testing multiple configurations
  hw/block/pflash_cfi02: Fix command address comparison
  hw/block/pflash_cfi02: Unify the MemoryRegionOps
  hw/block/pflash_cfi02: Extract the pflash_data_read() function
  hw/block/pflash_cfi02: Use the ldst API in pflash_read()
  hw/block/pflash_cfi02: Use the ldst API in pflash_write()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Block patches for 4.1-rc0:
- The stream job no longer relies on a fixed base node
- The rbd block driver can now accomodate growing formats like qcow2

# gpg: Signature made Tue 02 Jul 2019 02:56:06 BST
# gpg:                using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
# gpg:                issuer "mreitz@redhat.com"
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40

* remotes/maxreitz/tags/pull-block-2019-07-02:
  block/stream: introduce a bottom node
  block/stream: refactor stream_run: drop goto
  block: include base when checking image chain for block allocation
  block/rbd: increase dynamically the image size

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# gpg: Signature made Tue 02 Jul 2019 03:21:54 BST
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  migration/colo.c: Add missed filter notify for Xen COLO.
  COLO-compare: Add colo-compare remote notify support
  COLO-compare: Make the compare_chr_send() can send notification message.
  COLO-compare: Add remote notification chardev handler frame
  COLO-compare: Add new parameter to communicate with remote colo-frame
  net/announce: Expand test for stopping self announce
  net/announce: Add HMP optional ID
  net/announce: Add optional ID
  net/announce: Add HMP optional interface list
  net/announce: Allow optional list of interfaces
  net: remove unused get_str_sep() function
  net: use g_strsplit() for parsing host address and port
  net: avoid using variable length array in net_client_init()
  net: fix assertion failure when ipv6-prefixlen is not a number
  ftgmac100: do not link to netdev
  qemu-bridge-helper: Document known shortcomings
  MAINTAINERS: Add qemu-bridge-helper.c to "Network device backends"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

QEMU_IFLA_BR_MULTI_BOOLOPT has been added to the wrong function
host_to_target_slave_data_bridge_nlattr(). Move it to
host_to_target_data_bridge_nlattr().

This fixes following error:
  Unknown QEMU_IFLA_BR type 46

Fixes: 61b463fb ("linux-user: add new netlink types")
Message-Id: <20190626150855.27446-1-laurent@vivier.eu>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>