Commit 0be6bfac ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:

  * It is the responsibility of the device deinit code to free the
  * @_arrayfield memory.

Commit a75f336b added:

  DEFINE_PROP_ARRAY("keycodes", StellarisGamepad, num_buttons,
                    keycodes, qdev_prop_uint32, uint32_t),

but forgot to free the 'keycodes' array. Do it in the instance_finalize
handler.

Fixes: a75f336b ("hw/input/stellaris_input: Convert to qdev")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-7-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Commit 0be6bfac ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:

  * It is the responsibility of the device deinit code to free the
  * @_arrayfield memory.

Commit 9e4aa1fa added:

  DEFINE_PROP_ARRAY("pg0-lock",
                    XlnxVersalEFuseCtrl, extra_pg0_lock_n16,
                    extra_pg0_lock_spec, qdev_prop_uint16, uint16_t),

but forgot to free the 'extra_pg0_lock_spec' array. Do it in the
instance_finalize() handler.

Cc: qemu-stable@nongnu.org
Fixes: 9e4aa1fa ("hw/nvram: Xilinx Versal eFuse device") # v6.2.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-6-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Commit 0be6bfac ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:

  * It is the responsibility of the device deinit code to free the
  * @_arrayfield memory.

Commit 68fbcc34 added:

  DEFINE_PROP_ARRAY("read-only", XlnxEFuse, ro_bits_cnt, ro_bits,
                    qdev_prop_uint32, uint32_t),

but forgot to free the 'ro_bits' array. Do it in the instance_finalize
handler.

Cc: qemu-stable@nongnu.org
Fixes: 68fbcc34 ("hw/nvram: Introduce Xilinx eFuse QOM") # v6.2.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-5-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Commit 0be6bfac ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:

  * It is the responsibility of the device deinit code to free the
  * @_arrayfield memory.

Commit 4fb013af added:

  DEFINE_PROP_ARRAY("oscclk", MPS2SCC, num_oscclk, oscclk_reset,
                    qdev_prop_uint32, uint32_t),

but forgot to free the 'oscclk_reset' array. Do it in the
instance_finalize() handler.

Cc: qemu-stable@nongnu.org
Fixes: 4fb013af ("hw/misc/mps2-scc: Support configurable number of OSCCLK values") # v6.0.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-4-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Commit 0be6bfac ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:

  * It is the responsibility of the device deinit code to free the
  * @_arrayfield memory.

Commit 8077b8e5 added:

  DEFINE_PROP_ARRAY("reserved-regions", VirtIOIOMMUPCI,
                    vdev.nb_reserved_regions, vdev.reserved_regions,
                    qdev_prop_reserved_region, ReservedRegion),

but forgot to free the 'vdev.reserved_regions' array. Do it in the
instance_finalize() handler.

Cc: qemu-stable@nongnu.org
Fixes: 8077b8e5 ("virtio-iommu-pci: Add array of Interval properties") # v5.1.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20231121174051.63038-3-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

The VirtioPCIDeviceTypeInfo structure, added in commit a4ee4c8b
("virtio: Helper for registering virtio device types") got extended
in commit 8ea90ee6 ("virtio: add class_size") with the @class_size
field. Do similarly with the @instance_finalize field.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-2-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Per https://docs.xilinx.com/r/en-US/ug1085-zynq-ultrascale-trm/Message-Format



  Message Format

  The same message format is used for RXFIFO, TXFIFO, and TXHPB.
  Each message includes four words (16 bytes). Software must read
  and write all four words regardless of the actual number of data
  bytes and valid fields in the message.

There is no mention in this reference manual about what the
hardware does when not all four words are read. To fix the
reported underflow behavior, I choose to fill the 4 frame data
registers when the first register (ID) is accessed, which is how
I expect hardware would do.

Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com>
Reviewed-by: Vikram Garhwal <vikram.garhwal@amd.com>
Message-id: 20231124183325.95392-3-philmd@linaro.org
Fixes: 98e5d7a2 ("hw/net/can: Introduce Xilinx ZynqMP CAN controller")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1427


Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com>
Reviewed-by: Vikram Garhwal <vikram.garhwal@amd.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

Per https://docs.xilinx.com/r/en-US/ug1085-zynq-ultrascale-trm/Message-Format



  Message Format

  The same message format is used for RXFIFO, TXFIFO, and TXHPB.
  Each message includes four words (16 bytes). Software must read
  and write all four words regardless of the actual number of data
  bytes and valid fields in the message.

There is no mention in this reference manual about what the
hardware does when not all four words are written. To fix the
reported underflow behavior when DATA2 register is written,
I choose to fill the data with the previous content of the
ID / DLC / DATA1 registers, which is how I expect hardware
would do.

Note there is no hardware flag raised under such condition.

Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com>
Reviewed-by: Vikram Garhwal <vikram.garhwal@amd.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231124183325.95392-2-philmd@linaro.org
Fixes: 98e5d7a2 ("hw/net/can: Introduce Xilinx ZynqMP CAN controller")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1425


Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com>
Reviewed-by: Vikram Garhwal <vikram.garhwal@amd.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

In commit edac4d8a back in 2015 when we added support for
the virtual timer offset CNTVOFF_EL2, we didn't correctly update
the timer-recalculation code that figures out when the timer
interrupt is next going to change state. We got it wrong in
two ways:
 * for the 0->1 transition, we didn't notice that gt->cval + offset
   can overflow a uint64_t
 * for the 1->0 transition, we didn't notice that the transition
   might now happen before the count rolls over, if offset > count

In the former case, we end up trying to set the next interrupt
for a time in the past, which results in QEMU hanging as the
timer fires continuously.

In the latter case, we would fail to update the interrupt
status when we are supposed to.

Fix the calculations in both cases.

The test case is Alex Bennée's from the bug report, and tests
the 0->1 transition overflow case.

Fixes: edac4d8a ("target-arm: Add CNTVOFF_EL2")
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/60


Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231120173506.3729884-1-peter.maydell@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

The syndrome register value always has an IL field at bit 25, which
is 0 for a trap on a 16 bit instruction, and 1 for a trap on a 32
bit instruction (or for exceptions which aren't traps on a known
instruction, like PC alignment faults). This means that our
syn_*() functions should always either take an is_16bit argument to
determine whether to set the IL bit, or else unconditionally set it.

We missed setting the IL bit for the syndrome for three kinds of trap:
 * an SVE access exception
 * a pointer authentication check failure
 * a BTI (branch target identification) check failure

All of these traps are AArch64 only, and so the instruction causing
the trap is always 64 bit. This means we can unconditionally set
the IL bit in the syn_*() function.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231120150121.3458408-1-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

various random fixes for 8.2

  - replace fedora-i386 cross compiler with debian
  - update cirrus MacOS image to Ventura
  - merge debian-native and debian-amd64 docker images
  - fix compile of plugins on Windows mingw cross
  - add some doc notes on semihosting READC
  - add some doc notes on gdbstub
  - skip loading debug symbols if we have failed
  - enable arm-softmmu TCG tests
  - don't attempt to use native cross builds for linux-user
  - clean up registers gdb test case (ppc64/s390x)

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmVfXowACgkQ+9DbCVqe
# KkQY6Af5AVjPG2aHmixvhTjxEx5dXAH3cGYsWbny3EByT2RijaTBBK/A4OB7RTVV
# fr11kGpCkJDk4JPoUz4yTuw6Q+7WBmB0tJJ5wcGyC9cyCjI/PttSTJUC7hiikifw
# dg1IVrJZX0ahOpUiDXAtDbeHK1/i95mDRtot40mnyv5HHYHlJKohKsUVtiQEWMeq
# 0/X/M5Zq8oJ6wCkbw1nsCqkWpZa7eh4YcB9cGNf87dd0ZJ9M93CbjdSQlsugF2gB
# pH+5ZGOj+L/zkbEKoaWJNwYzF4G6hJeLpqP2rLMqRfA5MM43wdd0dJ6gK0ylKeuR
# Bo7jC1oEOcuLibZY40OhlOwLTMWiDg==
# =ME/l
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 23 Nov 2023 09:15:40 EST
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* tag 'pull-for-8.2-fixes-231123-1' of https://gitlab.com/stsquad/qemu

:
  tests/tcg: finesse the registers check for "hidden" regs
  configure: don't try a "native" cross for linux-user
  tests/tcg: enable semiconsole test for Arm
  tests/tcg: enable arm softmmu tests
  testing: move arm system tests into their own folder
  hw/core: skip loading debug on all failures
  docs/system: clarify limits of using gdbstub in system emulation
  docs/emulation: expand warning about semihosting
  tests/tcg: fixup Aarch64 semiconsole test
  target/nios2: Deprecate the Nios II architecture
  plugins: fix win plugin tests on cross compile
  tests/docker: merge debian-native with debian-amd64
  .gitlab-ci.d/cirrus: Upgrade macOS to 13 (Ventura)
  tests/docker: replace fedora-i386 with debian-i686

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

The reason the ppc64 and s390x test where failing was because gdb
hides them although they are still accessible via regnum. We can
re-arrange the test a little bit and include these two arches in our
test.

We also need to be a bit more careful handling remote-registers as the
format isn't easily parsed with pure white space separation. Once we
fold types like "long long" and "long double" into a single word we
can now assert all registers are either listed or elided.

Cc: Ilya Leoshkevich <iii@linux.ibm.com>
Cc:  <qemu-s390x@nongnu.org>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Daniel Henrique Barboza <danielhb413@gmail.com>
Cc:  <qemu-ppc@nongnu.org>
Cc: Luis Machado <luis.machado@arm.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231121153606.542101-1-alex.bennee@linaro.org>

As 32 bit x86 become rarer we are starting to run into problems with
search paths. Although we switched to a Debian container we still
favour the native CC on a Bookworm host. As a result we have a broken
cross compile setup which then fails to build with:

    BUILD   i386-linux-user guest-tests
  In file included from /usr/include/linux/stat.h:5,
                   from /usr/include/bits/statx.h:31,
                   from /usr/include/sys/stat.h:465,
                   from /home/alex/lsrc/qemu.git/tests/tcg/multiarch/linux/linux-test.c:28:
  /usr/include/linux/types.h:5:10: fatal error: asm/types.h: No such file or directory
      5 | #include <asm/types.h>
        |          ^~~~~~~~~~~~~
  compilation terminated.
  make[1]: *** [Makefile:119: linux-test] Error 1
  make: *** [/home/alex/lsrc/qemu.git/tests/Makefile.include:50: build-tcg-tests-i386-linux-user] Error 2

This is likely to affect more and more linux-user builds so wrap the
whole check in a test for softmmu targets (aka bare metal) which don't
worry about such header niceties. This allows us to keep using the
host compiler for softmmu tests and the roms.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231120150833.2552739-14-alex.bennee@linaro.org>

This still remains a MANUAL test due to blocking issues.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231120150833.2552739-13-alex.bennee@linaro.org>

To make it easier to test 32 bit Arm softmmu issues implement a basic
boot.S so we can build the multiarch tests. Currently CHECK_UNALIGNED
is disabled as I haven't got the right magic set for it to work.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231120150833.2552739-12-alex.bennee@linaro.org>

Prepare for expanding the arm system tests by cleaning up the test
directory.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231120150833.2552739-11-alex.bennee@linaro.org>

ELF_LOAD_FAILED is one of many negative return codes we can have. Lets
treat any positive size_t as a success for loading.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231120150833.2552739-10-alex.bennee@linaro.org>

It seems some users will try and use the gdbstub to debug userspace
inside a system emulation. While possible clarify the limitations of
this approach and direct the users to a less head scratching way of
debugging user-space.

Clarifies: https://gitlab.com/qemu-project/qemu/-/issues/1274


Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231120150833.2552739-9-alex.bennee@linaro.org>

A surprising feature of calls like SYS_READC is this can cause QEMU to
indefinitely block as there is no handling for EOF.

Clarifies: https://gitlab.com/qemu-project/qemu/-/issues/1963


Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231120150833.2552739-8-alex.bennee@linaro.org>

We need to ensure we squash the serial port if we want to hand craft
our muxed input. As a bonus emit the example with a V=1 build to make
it easier for people to figure out.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231120150833.2552739-7-alex.bennee@linaro.org>

See commit 9ba1caf5 ("MAINTAINERS: Mark the Nios II CPU as orphan"),
last contribution from Chris was in 2012 [1] and Marek in 2018 [2].

[1] https://lore.kernel.org/qemu-devel/1352607539-10455-2-git-send-email-crwulff@gmail.com/
[2] https://lore.kernel.org/qemu-devel/805fc7b5-03f0-56d4-abfd-ed010d4fa769@denx.de/



Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Marek Vasut <marex@denx.de>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20231117070250.32932-1-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231120150833.2552739-6-alex.bennee@linaro.org>

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1972



Cross compile gcc is more picky about argument order than msys. Changed
the meson command to take the (now renamed) libqemu_plugin_api.a as a
lib, rather than an object. This puts it in the right place on both
native and cross compile gcc commands

Reenable plugins on crossbuilds

Signed-off-by: Greg Manning <gmanning@rapitasystems.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20231109124326.21106-2-gmanning@rapitasystems.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231120150833.2552739-5-alex.bennee@linaro.org>

debian-native isn't really needed and suffers from the problem of
tracking a distros dependencies rather than the projects. With a
little surgery we can make the debian-amd64 container architecture
neutral and allow people to use it to build a native QEMU.

Rename it so it follows the same non-arch pattern of the other distro
containers.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231120150833.2552739-4-alex.bennee@linaro.org>

macOS 14 "Sonoma" was released on September 2023 [1].

According to QEMU's support policy, we stop supporting the
previous major release two years after the the new major
release has been published. Replace the macOS 12 (Monterey)
testing by macOS 13 (Ventura, released on October 2022, [2]).

Refresh the generated files by running:

  $ make lcitool-refresh

[1] https://www.apple.com/newsroom/2023/09/macos-sonoma-is-available-today/
[2] https://www.apple.com/newsroom/2022/10/macos-ventura-is-now-available/



Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20231108162022.76189-1-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231120150833.2552739-3-alex.bennee@linaro.org>

Fedora is gradually killing off i386 packages in its repos, via a
death-by-1000-cuts process. Thus Debian looks like a better long
term bet for i686 build testing. It has the added advantage that
we can generate it via lcitool too.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20231107164109.1449014-1-berrange@redhat.com>
[AJB: tweak commit msg, set correct prefix]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231120150833.2552739-2-alex.bennee@linaro.org>

Fourth RISC-V PR for 8.2

This is a few bug fixes for the 8.2 release

* Add Zicboz block size to hwprobe
* Creat the virt machine FDT before machine init is complete
* Don't verify ISA compatibility for zicntr and zihpm
* Fix SiFive E CLINT clock frequency
* Fix invalid exception on MMU translation stage
* Fix mxr bit behavior

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmVdk4sACgkQr3yVEwxT
# gBP6gQ/+NzdRT8Wx/9ynnKs0XwXBwOjQTHDcxCIKLWYrM26c3M+4XEU6IBdg2X1T
# qRv9Xal/pXqvAz8tIunF1fNd0Syom4UezcjvLjzipWwS32+D9KEKhKz89aoQc2SQ
# lnTBYz6lSUNppp3wj68gNAyPpht+5zVwYZDsjeZCRlAS00dcl26Xde8kt9tJW7zy
# tPBvHtJP9AVc+HJdClytEZ79G+EHN5Y4ScoJsVinXSBZs9lIQD+nPmFbxopre6kg
# +RUk56eATIlVMISD5pCYyCr3jTebMqVIFY9xtQxb4R09aLYN6+k13NfsJeIcQgaF
# MbhAGE0WbXEhKyHe4BuVtyz2k+zYtoh6YSE2Czub2pzPAfpKKWiu4Odi7vHlYejw
# Nksn3N7LR3FbhrDst71+EQ28vUuEYfECEFICjzHb+DhxlPxHW9WC4f8ciTUpT57O
# HPWYN7zn5Yw97nGBVuITVO7DfcQcw8MS8HcFEelkeDOephiDKr327SWTL+lp5+P5
# fm7PM4Z92GRvT3Voj4mebVxC62CGqehDotWRvXCvc87m4DfLsmpt0nNeX9q18zw+
# phEZ5Q8AMmEnRzpmoXEzzcDWyJIO6huJFad0imTR6MqvXYxsJYIr+wURDB6POelP
# SfMqdX9cTu8xJ7Hw4gJT9ZgcTlKsTq5LNpGZ/kLPXS6/y7fgC5Y=
# =QK14
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 22 Nov 2023 00:37:15 EST
# gpg:                using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65  9296 AF7C 9513 0C53 8013

* tag 'pull-riscv-to-apply-20231122' of https://github.com/alistair23/qemu

:
  target/riscv/cpu_helper.c: Fix mxr bit behavior
  target/riscv/cpu_helper.c: Invalid exception on MMU translation stage
  riscv: Fix SiFive E CLINT clock frequency
  target/riscv: don't verify ISA compatibility for zicntr and zihpm
  hw/riscv/virt.c: do create_fdt() earlier, add finalize_fdt()
  linux-user/riscv: Add Zicboz block size to hwprobe

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

SeaBIOS-hppa v13

Please pull an update of SeaBIOS-hppa to v13 to fix
a system reboot crash in qemu-system-hppa as reported in
https://gitlab.com/qemu-project/qemu/-/issues/1991

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZV0uiQAKCRD3ErUQojoP
# X/UEAP4vVLO/21SwO8/UpmImQPGTpoGUxA2DWYHBfjmyVGEoqwEA1sfhqpdahDJ0
# FLSculh9fFG7vWOMCZo2Xnur+X9ahgQ=
# =FaBT
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 21 Nov 2023 17:26:17 EST
# gpg:                using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg:                 aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D  25F8 3E5F 3D04 A7A2 4603
#      Subkey fingerprint: BCE9 123E 1AD2 9F07 C049  BBDE F712 B510 A23A 0F5F

* tag 'seabios-hppa-v13-pull-request' of https://github.com/hdeller/qemu-hppa

:
  target/hppa: Update SeaBIOS-hppa to version 13

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

According to RISCV Specification sect 9.5 on two stage translation when
V=1 the vsstatus(mstatus in QEMU's terms) field MXR, which makes
execute-only pages readable, only overrides VS-stage page protection.
Setting MXR at HS-level(mstatus_hs), however, overrides both VS-stage
and G-stage execute-only permissions.

The hypervisor extension changes the behavior of MXR\MPV\MPRV bits.
Due to RISCV Specification sect. 9.4.1 when MPRV=1, explicit memory
accesses are translated and protected, and endianness is applied, as
though the current virtualization mode were set to MPV and the current
nominal privilege mode were set to MPP. vsstatus.MXR makes readable
those pages marked executable at the VS translation stage.

Fixes: 36a18664 ("target/riscv: Implement second stage MMU")

Signed-off-by: Ivan Klokov <ivan.klokov@syntacore.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20231121071757.7178-3-ivan.klokov@syntacore.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>

According to RISCV privileged spec sect. 5.3.2 Virtual Address Translation Process
access-fault exceptions may raise only after PMA/PMP check. Current implementation
generates an access-fault for mbare mode even if there were no PMA/PMP errors.
This patch removes the erroneous MMU mode check and generates an access-fault
exception based on the pmp_violation flag only.

Fixes: 1448689c ("target/riscv: Allow specifying MMU stage")

Signed-off-by: Ivan Klokov <ivan.klokov@syntacore.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20231121071757.7178-2-ivan.klokov@syntacore.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>

If you check the manual of SiFive E310 (https://cdn.sparkfun.com/assets/7/f/0/2/7/fe310-g002-manual-v19p05.pdf),
you can see in Figure 1 that the CLINT is connected to the real time clock, which also feeds the AON peripheral (they share the same clock).
In page 43, the docs also say that the timer registers of the CLINT count ticks from the rtcclk.

I am currently playing with bare metal applications both in QEMU and a physical SiFive E310 board and
I confirm that the CLINT clock in the physical board runs at 32.768 kHz.
In QEMU, the same app produces a completely different outcome, as sometimes a new CLINT interrupt is triggered before finishing other tasks.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1978



Signed-off-by: Rom\ufffd\ufffdn C\ufffd\ufffdrdenas <rcardenas.rod@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20231117082840.55705-1-rcardenas.rod@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>

The extensions zicntr and zihpm were officially added in the privilege
instruction set specification 1.12. However, QEMU has been implemented
them long before it and thus they are forced to be on during the cpu
initialization to ensure compatibility (see riscv_cpu_init).
riscv_cpu_disable_priv_spec_isa_exts was not updated when the above
behavior was introduced, resulting in these extensions to be disabled
after all.

Signed-off-by: Clément Chigot <chigot@adacore.com>
Fixes: c0040993 ("target/riscv: add zicntr extension flag for TCG")
Fixes: 08241216 ("target/riscv: add zihpm extension flag for TCG")
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20231114123913.536194-1-chigot@adacore.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>

Commit 49554856 fixed a problem, where TPM devices were not appearing
in the FDT, by delaying the FDT creation up until virt_machine_done().
This create a side effect (see gitlab #1925) - devices that need access
to the '/chosen' FDT node during realize() stopped working because, at
that point, we don't have a FDT.

This happens because our FDT creation is monolithic, but it doesn't need
to be. We can add the needed FDT components for realize() time and, at
the same time, do another FDT round where we account for dynamic sysbus
devices.  In other words, the problem fixed by 49554856 could also be
fixed by postponing only create_fdt_sockets() and its dependencies,
leaving everything else from create_fdt() to be done during init().

Split the FDT creation in two parts:

- create_fdt(), now moved back to virt_machine_init(), will create FDT
  nodes that doesn't depend on additional (dynamic) devices from the
  sysbus;

- a new finalize_fdt() step is added, where create_fdt_sockets() and
  friends is executed, accounting for the dynamic sysbus devices that
  were added during realize().

This will make both use cases happy: TPM devices are still working as
intended, and devices such as 'guest-loader' have a FDT to work on
during realize().

Fixes: 49554856 ("riscv: Generate devicetree only after machine initialization is complete")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1925


Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20231110172559.73209-1-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>

Support for probing the Zicboz block size landed in Linux 6.6, which was
released a few weeks ago.  This provides the user-configured block size
when Zicboz is enabled.

Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20231110173716.24423-1-palmer@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>

SeaBIOS-hppa version 13 fixes a system reboot crash as reported
in https://gitlab.com/qemu-project/qemu/-/issues/1991



Signed-off-by: Helge Deller <deller@gmx.de>

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

linux-user: Fix loaddr computation for some elf files

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmVc0wUdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV97FQf+LHUf8Np5uiPwmu0f
# SUVlfxccp1KjQE2pppQ16TReNV/GsJd1u4VvInhDZSMrwceCmi1T8q3n75Vff5h0
# mUaCsNKCBVOgmvjtQ+9gOCEtPNYTpEBZyfs6I4iX4+mpkDSMON28CDakILHRSAG/
# NwFs3I8E773dERR6tJmvBjAKr0a7QYMHHbXFkGN0QSaCo3YVuqMgZj1+5oGGUMun
# 8f1HSRDvtAtKQgCmzsP9FEjpS4/T2ElppS0vvy063gD60Vkg9h8gyT/eFkQQMiHq
# SKo1nvhuCd/xMW67RIdm6fyvgkiDvNBV5/ae8Zqdlk7TGDQP24/V3gWtTEHyQWu6
# QteijA==
# =ryU1
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 21 Nov 2023 10:55:49 EST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-lu-20231121' of https://gitlab.com/rth7680/qemu

:
  linux-user: Fix loaddr computation for some elf files

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

This reverts commit c4d74ab2.

The reverse debugging test is sometimes still failing. See:
 https://gitlab.com/qemu-project/qemu/-/issues/1992



Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20231121100842.677363-1-thuth@redhat.com>

Xen fixes for 8.2-rc1

 • Disable default serial when xen-console is used
 • Fix Coverity warning in xen-block

# -----BEGIN PGP SIGNATURE-----
#
# iQJIBAABCAAyFiEEvgfZ/VSAmrLEsP9fY3Ys2mfi81kFAmVcmrAUHGR3bXcyQGlu
# ZnJhZGVhZC5vcmcACgkQY3Ys2mfi81njqg/8DFr03kVfwRujIZXDROoq40vjgdOF
# MoGgowDNapliXiecVcHzdvFXgRxwr9bhpX5eDEtfgROoH8mbPPd4YZJHdPNM0Yc3
# 0hoSWrIYocsYRAIoozXrtsNw8ep2vSEPNv5+CIVYkkie/mLs02cy43q09cJDzABx
# DvmSfC5o5JCs/x3qPLM6ydhnTaUipuPt1wnG9xaJLWgm/U9pK6Ba9w1eNGn8EE7m
# ekzpv9lYfCd/KbPogtXAEd7nkCOi/lKQVJmU7auXFi8FKwZNoKOYl3cTVln/EFmT
# az3qLSHgOZwElNQEYn0mBa/RgAQ2K9X7n12TgxG30VSUmajxJnl/eKy4ISyaAmwY
# vNVhdsXQICqM4OYaD2j8RiXX5YNtIC+MBb7nlUN7invKXE9ZylHbXvOstkUCjQ34
# x9CMVIibPoWk7XGUX+r7KUSwSQnpelVbqBWltkmgNjYuUIShDT6r5cOrYdM2orii
# UYOqPJqchbEDNoGwJK45EOSn8Ss5geAWuM7dFL0AuwZAbcKAqGG6vihPnDJyhnWA
# EPv2/5h2Vi24fqeWz3W+hckm8LXrc2Ow8A0rY3WAz7CvmBTgYCPx4d4kdTU6Gysn
# i8DRoKMhZS9WvHPPxY1v8+ysG1UCCNFe4qH0Wgv+ubSbr5GaK2igWIBQ5bXnuYL8
# R4Ef5pPLpa2jiF4=
# =cWon
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 21 Nov 2023 06:55:28 EST
# gpg:                using RSA key BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359
# gpg:                issuer "dwmw2@infradead.org"
# gpg: Good signature from "David Woodhouse <dwmw2@infradead.org>" [unknown]
# gpg:                 aka "David Woodhouse <dwmw2@exim.org>" [unknown]
# gpg:                 aka "David Woodhouse <david@woodhou.se>" [unknown]
# gpg:                 aka "David Woodhouse <dwmw2@kernel.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: BE07 D9FD 5480 9AB2 C4B0  FF5F 6376 2CDA 67E2 F359

* tag 'pull-xenfv-20231121' of git://git.infradead.org/users/dwmw2/qemu

:
  hw/xen: clean up xen_block_find_free_vdev() to avoid Coverity false positive
  vl: disable default serial when xen-console is enabled

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Block layer patches

- Fix graph lock related deadlocks with the stream job
- ahci: Fix legacy software reset
- ide/via: Fix switch between compatibility and native mode

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmVcmYoRHGt3b2xmQHJl
# ZGhhdC5jb20ACgkQfwmycsiPL9YDzw/7BD6wZpyCsDbFu9Jbt0L894tYQls7otnR
# yeAIaZVqSkDcMK8VBD/xAjV8UgX194oKPi42CDgS73avd0cSHLIM5cNgGkwCrMWS
# ry5uuOP6EWVMPPR/129cpH8uGvkl+qwCQf5gB13/8NvMbeN2mHOTC6WW+VA20vb0
# V0DJXhYszVzXa3L1a/m6f4Jwj54tTeZ56JcBblL3wi/soklb45gsnPJaHeGb3rzK
# yjPkw+kpVXTVbpacobGmzmjlD3Yqk69NexP2kyU1w2lqPnemYPH+9sa+7RxMspkj
# InQvqq6TFtMOrC/65/527p2ENRUOxn7Xwsa1+Hnar2i3BoyGugWE8GPxJDBxAWW4
# INJtpxIpiA7Scd26VBCNVstVe5EuyxkP97T85cgNUMgeE58y3i51i6eHd4GUIR7v
# PNc5TsSbnVV8sQ7RsXka4hRyjndIPRB0CBePydDoBz6zaGmcVU6ep0Oppah9gVu9
# CU0dBz2jV0r1dFhU1eZkCbd1ufdR93R/iD3gBD4vj1xSL3l+9OE/FKdrVE66uElL
# iAsHp3cimkPuWAx/jZaeAC7BDI0XS6s1TimddqJx90f2mZjkq8cmVp+HoVNP0jRQ
# VP6AIQy6is+P4QtDSekgXVJE8K95ngBzsr+ittR8jF4q67QzHVjLmJ9ZBXyrowlz
# gtZTy2WPxbM=
# =8dXj
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 21 Nov 2023 06:50:34 EST
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* tag 'for-upstream' of https://repo.or.cz/qemu/kevin

:
  hw/ide/via: implement legacy/native mode switching
  ide/via: don't attempt to set default BAR addresses
  ide/pci: introduce pci_ide_update_mode() function
  ide/ioport: move ide_portio_list[] and ide_portio_list2[] definitions to IDE core
  iotests: Test two stream jobs in a single iothread
  stream: Fix AioContext locking during bdrv_graph_wrlock()
  block: Fix deadlocks in bdrv_graph_wrunlock()
  block: Fix bdrv_graph_wrlock() call in blk_remove_bs()
  hw/ide/ahci: fix legacy software reset

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

The file offset of the load segment is not relevant to the
low address, only the beginning of the virtual address page.

Cc: qemu-stable@nongnu.org
Fixes: a93934fe ("elf: take phdr offset into account when calculating the program load address")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1952


Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>