It is currently not possible yet to use "memory-backend-memfd" on s390x
with hugepages enabled. This problem is caused by qemu_maxrampagesize()
not taking memory-backend-memfd objects into account yet, so the code
in s390_memory_init() fails to enable the huge page support there via
s390_set_max_pagesize(). Fix it by generalizing the code, so that it
looks at qemu_ram_pagesize(memdev->mr.ram_block) instead of re-trying
to get the information from the filesystem.

Suggested-by: David Hildenbrand <david@redhat.com>
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2116496


Message-Id: <20220810125720.3849835-2-thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

I2 is 16 bits, not 32.

Found by running valgrind's none/tests/s390x/traps.

Fixes: 1c268751 ("target-s390: Implement COMPARE AND TRAP")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20220817161529.597414-1-iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

Add stfle 197 (processor-activity-instrumentation extension 1) to the
gen16 default model and fence it off for 7.1 and older.

Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20220727135120.12784-1-borntraeger@linux.ibm.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>

Add 7.2 machine types for arm/i440fx/m68k/q35/s390x/spapr.

Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20220727121755.395894-1-cohuck@redhat.com>
[thuth: fixed conflict with pcmc->legacy_no_rng_seed]
Signed-off-by: Thomas Huth <thuth@redhat.com>

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Testing and doc updates:

  - move default timeout to QemuBaseTests
  - optimise migration tests to run faster
  - removed duplicate migration test
  - add some clarifying language to block options in manual

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmMF7MMACgkQ+9DbCVqe
# KkTCmgf/eyjET4BObyQEp7QsbdS295eL3If2PxSumCrypMjpmYAFJcQ9POjagExo
# wh+E8hU587BLzghgjPcsJ4fm3m21bngmAvsczmLcgOMhAaMhH5MRMR0dvHjo7l9F
# isJ1ro20fCJ2QcFNybAIu4VluwBr9oYBnZ3B7YpL9DDu8x9MmS6UCQkCJ4Y86raW
# G9IXTHwwiq3D4RiuLccPRZ/WsMZhuNVafFrgJK56GBF7jWI0d0kOar5HyS8pATNL
# hkAYBTfkrBmEhOA86vMiRmfmpVa+FqSzXkn2quWvJ8HGQ2tmIoboBbGWDExvN0/d
# pPLoAzDVPEnHAMqarC2RgSQTH0JmJQ==
# =ODg1
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 24 Aug 2022 02:17:55 AM PDT
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* tag 'pull-for-7.1-fixes-240822-3' of https://github.com/stsquad/qemu

:
  qemu-options: try and clarify preferred block semantics
  tests/qtest/migration-test: Remove duplicated test_postcopy from the test plan
  tests/migration/i386: Speed up the i386 migration test (when using TCG)
  tests/migration/aarch64: Speed up the aarch64 migration test
  tests/qtest/migration-test: Only wait for serial output where migration succeeds
  tests/avocado: push default timeout to QemuBaseTest

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Try to correct any confusion about QEMU's Byzantine disk options by
laying out the preferred "modern" options as-per:

 "<danpb> (best:  -device + -blockdev,  2nd obsolete syntax: -device +
     -drive,  3rd obsolete syntax: -drive, 4th obsolete syntax: -hdNN)"

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Cc: qemu-block@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Hanna Reitz <hreitz@redhat.com>
Cc: Thomas Huth <thuth@redhat.com>
Message-Id: <20220822165608.2980552-7-alex.bennee@linaro.org>

test_postcopy() is currently run twice - which is just a waste of resources
and time. The commit d1a27b16 that introduced the duplicate talked about
renaming the "postcopy/unix" test, but apparently it forgot to remove the
old entry. Let's do that now.

Fixes: d1a27b16 ("tests: Add postcopy tls migration test")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220819053802.296584-5-thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20220822165608.2980552-6-alex.bennee@linaro.org>

When KVM is not available, the i386 migration test also runs in a rather
slow fashion, since the guest code takes a couple of seconds to print
the "B"s on the serial console, and the migration test has to wait for
this each time. Let's increase the frequency here, too, so that the
delays in the migration tests get smaller.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220819053802.296584-4-thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220822165608.2980552-5-alex.bennee@linaro.org>

The migration tests spend a lot of time waiting for a sign of live
of the guest on the serial console. The aarch64 migration code only
outputs "B"s every couple of seconds (at least it takes more than 4
seconds between each characeter on my x86 laptop). There are a lot
of migration tests, and if each test that checks for a successful
migration waits for these characters before and after migration, the
wait time sums up to multiple minutes! Let's use a shorter delay to
speed things up.

While we're at it, also remove a superfluous masking with 0xff - we're
reading and storing bytes, so the upper bits of the register do not
matter anyway.

With these changes, the test runs twice as fast on my laptop, decreasing
the total run time from approx. 8 minutes to only 4 minutes!

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220819053802.296584-3-thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220822165608.2980552-4-alex.bennee@linaro.org>

Waiting for the serial output can take a couple of seconds - and since
we're doing a lot of migration tests, this time easily sums up to
multiple minutes. But if a test is supposed to fail, it does not make
much sense to wait for the source to be in the right state first, so
we can skip the waiting here. This way we can speed up all tests where
the migration is supposed to fail. In the gitlab-CI gprov-gcov test,
each of the migration-tests now run two minutes faster!

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220819053802.296584-2-thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20220822165608.2980552-3-alex.bennee@linaro.org>

All of the QEMU tests eventually end up derrived from this class. Move
the default timeout from LinuxTest to ensure we catch them all. We
keep the 15 minute timeout as currently some of the more heavyweight
CFI and TCG tests can overrun. We should aim to drop it down to 2
minutes which is a more reasonable target for tests to aim for but we
want to get this release out.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
[AJB: revert to 15 min timeout for v2]
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220822165608.2980552-2-alex.bennee@linaro.org>

Block layer patches

- scsi-generic: Fix I/O errors due to wrong block limits

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmME3eARHGt3b2xmQHJl
# ZGhhdC5jb20ACgkQfwmycsiPL9avDA//YIJPQDOwiaDaVPY9aqAsnHPvxv/KWwcY
# mNluOhIluRDcXaOuFRNZsL4L69oc7n1dqV1CkKgaYZOLaq0gk6Vt/RyENo5faCoq
# IkGD9PjRoa6heAD0r/xzFUCCszYs2W2xrmK9yX1R9xCtKZ+jbygCNBiDbdigBfi/
# HWL8OZYpnyVXeKmNeqvYHPnfCuCCNpIz0PkyaJ3jE/nsTefrmBHpdyLC0xa953tN
# VaTERnHQyMfFybtri2nTDQgARztRi+3ph1bFV6moxLOpwMb49hdU+2g1VZdcsedL
# XgYWXEJyBRq0KRz1qUbtXO5SRTFpsZFo9cOvWoHA5IrcEHeDpsrZzQ5RsZRoQENx
# GV4DAI3unrwsqSWk682UHHVfIFW1qV1BvueT6MsiobL2pV6+uYPHI1A9XnOzoTRg
# syUoiqvsKDcXATkszxQV+DSRWDsIHo1LS3kSokxwUDp3HhHWhvnUBUww8HkUXxlE
# 7GkMFXkjygAxBekkzIaxNgF7AnGqwrrSUESX+j2S4V5xGFoaZGSWIZIjEyyEBtjc
# YZZoVEPAK3Gg7RMfSsM0obIXZpuiS1okxfb0cm6nHP+VKBdmaa12wFaCkC0TAEzy
# IcZf7Midq/Is5O3uSlreWeFWEyaRDRWe7v4NnZ2qXFqch7Gi3QWDaCDtjnOu+78S
# X/FK3RH+E38=
# =cj4W
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 23 Aug 2022 07:02:08 AM PDT
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]

* tag 'for-upstream' of git://repo.or.cz/qemu/kevin

:
  scsi-generic: Fix emulated block limits VPD page

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Commits 01ef8185 amd 24b36e98 updated the way that the maximum
transfer length is calculated for patching block limits VPD page in an
INQUIRY response.

The same updates also need to be made for the case where the host device
does not support the block limits VPD page at all and we emulate the
whole page.

Without this fix, on host block devices a maximum transfer length of
(INT_MAX - sector_size) bytes is advertised to the guest, resulting in
I/O errors when a request that exceeds the host limits is made by the
guest. (Prior to commit 24b36e98, this code path would use the
max_transfer value from the host instead of INT_MAX, but still miss the
fix from 01ef8185 where max_transfer is also capped to max_iov
host pages, so it would be less wrong, but still wrong.)

Cc: qemu-stable@nongnu.org
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2096251


Fixes: 01ef8185
Fixes: 24b36e98
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20220822125320.48257-1-kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

target/hppa: Fix proberi instruction emulation for linux-user

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCYv+X7AAKCRD3ErUQojoP
# XyGaAQCUaZmTFIEMz7TOjPCz1ix8MaLTrQH8B/gAt3Ss9hXvKgD/ZtOItG3Iz8y0
# tHslvPvJKHlr8s5Ol9rxRPzRG7iigAo=
# =DQho
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 19 Aug 2022 07:02:20 AM PDT
# gpg:                using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg:                 aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D  25F8 3E5F 3D04 A7A2 4603
#      Subkey fingerprint: BCE9 123E 1AD2 9F07 C049  BBDE F712 B510 A23A 0F5F

* tag 'for-7.1-hppa' of https://github.com/hdeller/qemu-hppa

:
  target/hppa: Fix proberi instruction emulation for linux-user

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Fix SIGSEGV with query-stats-schema.

This allows management tools to query the statistics schemas without
worrying that some versions of QEMU will crash.

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmL/U90UHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroN93gf/Q9pye7bA436FsMujHgaspp7asI0z
# MHgs1anNSEoRrogIqw595Blyt7ILGvEe333rpDqg23W52/NVn+R0qdiTeg/lG/Zm
# zDLCT8T9CrJZEJvmRora6JPapjrsXRiXsDCkhi8ClqoEPm1X/rDCRMtxpOKJzk5E
# dZTLZcy6FVtcNroqx2BzAJiDcXlby6H92LTXmBRFK6jesst9nj4wvZLiDhsLBEte
# PdVXbxCV85OKRng55c9wyFuthkAi7UtRCYrgjPSDqCe/UnnscVPYEDQElMfmf8Ts
# DL7vQ0MZy8F9hVd851Mu57uKeYVenAETNEs/P9qfwo1ANPizqcB+ACYoBA==
# =LX7e
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 19 Aug 2022 02:11:57 AM PDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu

:
  kvm: fix segfault with query-stats-schemas and -M none

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

The proberi assembler instruction checks the read/write access rights
for the page of a given address and shall return a value of 1 if the
test succeeds and a value of 0 on failure in the target register.

But when run in linux-user mode, qemu currently simply returns the
return code of page_check_range() which returns 0 on success and -1 on
failure, which is the opposite of what proberi should return.

Fix it by checking the return code of page_check_range() and return the
expected return value.

The easiest way to reproduce the issue is by running
"/lib/ld.so.1 --version" in a chroot which fails without this patch.
At startup of ld.so the __canonicalize_funcptr_for_compare() function is
used to resolve the function address out of a function descriptor, which
fails because proberi (due to the wrong return code) seems to indicate
that the given address isn't accessible.

Signed-off-by: Helge Deller <deller@gmx.de>

This reverts commit 52f0c160.

This caused a regression in arm/aarch64.

We are hard-coding ARMCPRegInfo pointers into TranslationBlocks,
for calling into helper_{get,set}cp_reg{,64}.  So we have a race
condition between whichever cpu thread translates the code first
(encoding the pointer), and that cpu thread exiting, so that the
next execution of the TB references a freed data structure.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Some fixes pending on the ML:
* console regression fix
* dbus-vmstate error handling fix
* a build-sys fix

# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmL94mAcHG1hcmNhbmRy
# ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5eSNEACwl191H8uB1kS5sI/6
# 4TyNPtQRBebbuT14l5fFlX6DzosWeIUke3BDPNbB3hgqO0J/LWjmf0w3a1FSAOsR
# UnoUYlvAaMFG6giWd5oG+dl05WridEi/S8BJFp89cDCuziBQ5EyesWmGL/RFxU9w
# jjV9i3qMXghGNDg3KAqBHQkSDNlEQ0cmjYB7J5SIHK2+YmKinSWz9tyYlh1tBPnK
# Qghw1UVelFO+tHSnWaPXZW9t0AzbbQGrGcKryotYyx5GAWbYh5dAygtzNpBfgqGm
# dNacFS76fdKwtarf5bqA0NiRTOwUpvlkpmQ7kju/YBT2Bzr5TCrfKCSESwdUYfI9
# GPAxczHsH7yxBi0wUyNL6PpbVQ+t/x7mY0qHaVBt/Ju55be6qSgO14RyGcPcXLd/
# TmYn8YX8xLjeDUDm821rBIKeaF6IfMpSd/JIL/6rjxFAQgdpPyCU8yXWUnVghAyI
# wmndIOZNIf5OJfwd+1XgsHRXsCI4TGUodY3iyKAWN0OwlWiLrd//UeizgA7xNxOO
# tihR2nBjuAQAR9KQakGYl6g6oSPAba86eUYxPNI7JX2NExZaUGt2o9hMAY2LhfuI
# gtxMQSeOqvpqkTWlysmb4t4kAYPL8EbrYxvzbxxd92kxYSGZvoC9oRkjbd+TIRSS
# N8TsvssjlW94BihpLRN4bHmHDQ==
# =SSEL
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 17 Aug 2022 11:55:28 PM PDT
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]

* tag 'fixes-pull-request' of gitlab.com:marcandre.lureau/qemu:
  ui/console: fix qemu_console_resize() regression
  build-sys: disable vhost-user-gpu if !opengl
  dbus-vmstate: Restrict error checks to registered proxies in dbus_get_proxies

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

-M none creates a guest without a vCPU, causing the following error:

$ ./qemu-system-x86_64 -qmp stdio -M none -accel kvm
{execute:qmp_capabilities}
{"return": {}}
{execute: query-stats-schemas}
Segmentation fault (core dumped)

Fix it by not querying the vCPU stats if first_cpu is NULL.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

pc,virtio: fixes

Several bugfixes, they all look very safe to me. Revert
seed support since we aren't any closer to a proper fix.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmL9IIQPHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRpKCkH/2KjgmgG2BpeSm5WHm2ySMZ8aNactDhjc/zg
# S2iFMPRx6at4fagErT0h4hdI2SunbWz+dH8v6wdPmiIX//HNRUiZPW6vItib3aaN
# b6IxG+yWasRxFhLMZ41634vCUmnISkCsbMwJYTUMZjUV3iuEVnK8rQpIuGIkmvYK
# nt3Y3TLospn19ZrTbV00flghHnmU4WIZkyJv7T64bvvlgxITIw/02XxAI5QvhWb9
# qANmT+T9IPsZXdXOGj9W2d23Ejl9fRfvJSgRJsmxcOH24ozDUNGfia/ZDuq7J9rB
# NZ+g29j27oU5hdazOZR5e9q5SaFfaNZ3uYsU/A+lZkt/9+7G1u0=
# =soZc
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 17 Aug 2022 10:08:20 AM PDT
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu

:
  virtio-pci: don't touch pci on virtio reset
  tests: acpi: silence applesmc warning about invalid key
  hw/cxl: Correctly handle variable sized mailbox input payloads.
  hw/cxl: Fix Get LSA input payload size which should be 8 bytes.
  hw/cxl: Add stub write function for RO MemoryRegionOps entries.
  hw/cxl: Fix wrong query of target ports
  hw/cxl: Fix memory leak in error paths
  x86: disable rng seeding via setup_data
  hw/virtio: fix vhost_user_read tracepoint
  hw/virtio: handle un-configured shutdown in virtio-pci
  hw/virtio: gracefully handle unset vhost_dev vdev
  virtio-scsi: fix race in virtio_scsi_dataplane_start()

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

The display may be corrupted when changing screen colour depth in
qemu-system-ppc/MacOS since 7.0.

Do not short-cut qemu_console_resize() if the surface is backed by vga
vram. When the scanout isn't set, or it is already allocated, or opengl,
and the size is fitting, we still avoid the reallocation & replace path.

Fixes: commit cb8962c1 ("ui: do not create a surface when resizing a GL scanout")

Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220725115815.2461322-1-marcandre.lureau@redhat.com>

vhost-user-gpu uses epoxy/glflush and thus requires opengl.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220628132315.664026-1-marcandre.lureau@redhat.com>

The purpose of dbus_get_proxies to construct the proxies corresponding to the
IDs registered to dbus-vmstate.

Currenty, this function returns an error in case there is any failure
while instantiating proxy for "all" the names on dbus.

Ideally this function should error out only if it is not able to find and
validate the proxies registered to the backend otherwise any offending
process(for eg: the process purposefully may not export its Id property on
the dbus) may connect to the dbus and can lead to migration failures.

This commit ensures that dbus_get_proxies returns an error if it is not
able to find and validate the proxies of interest(the IDs registered
during the dbus-vmstate instantiation).

Signed-off-by: Priyankar Jain <priyankar.jain@nutanix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1637936117-37977-1-git-send-email-priyankar.jain@nutanix.com>

virtio level reset should not affect pci express
registers such as PM, error or link.

Fixes: 27ce0f3a ("hw/virtio: fix Power Management Control Register for PCI Express virtio devices")
Fixes: d584f1b9 ("hw/virtio: fix Link Control Register for PCI Express virtio devices")
Fixes: c2cabb34 ("hw/virtio: fix error enabling flags in Device Control register")
Cc: "Marcel Apfelbaum" <marcel@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

OSK value is irrelevant for ACPI test case.
Supply fake OSK explicitly to prevent QEMU complaining about
invalid key when it fallbacks to default_osk.

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220728133713.1369596-1-imammedo@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

A placeholder of ~0 is used to indicate variable payload size.
Whilst the checks for output payload correctly took this into
account, those for input payload did not.

This results in failure of the Set LSA command.

Fixes: 464e14ac ("hw/cxl/device: Implement basic mailbox (8.2.8.4)")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220817145759.32603-4-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Get LSA needs 4 byte offset and 4 byte length arguments.
CXL rev 2.0 Table 178.

Fixes: 3ebe676a ("hw/cxl/device: Implement get/set Label Storage Area (LSA)")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220817145759.32603-3-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

There is no checking on the availability of a write callback.
Hence QEMU crashes if a write does occur to one of these regions.

Discovered whilst chasing a Linux kernel bug that incorrectly
wrote into one of these regions.

Fixes: 6364adac ("hw/cxl/device: Implement the CAP array (8.2.8.1-2)")
Reported-by: Bobo WL <lmw.bobo@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220817145759.32603-2-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Two issues were present in this code:
1) Check on which register to look in was inverted.
2) Both branches use the _LO register.

Whilst here moved to extract32() rather than hand rolling
the field extraction as simpler and hopefully less error prone.

Fixes Coverity CID: 1488873

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220808122051.14822-3-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Use g_autofree to free the CXLFixedWindow structure if an
error occurs in configuration before we have added to
the list (via g_steal_pointer())

Fix Coverity CID: 1488872

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220808122051.14822-2-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Causes regressions when doing direct kernel boots with OVMF.

At this point in the release cycle the only sensible action
is to just disable this for 7.1 and sort it properly in the
7.2 devel cycle.

Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Eduardo Habkost <eduardo@habkost.net>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20220817083940.3174933-1-kraxel@redhat.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Eduardo Habkost <eduardo@habkost.net>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

As reads happen in the callback we were never seeing them. We only
really care about the header so move the tracepoint to when the header
is complete.

Fixes: 6ca6d8ee (hw/virtio: add vhost_user_[read|write] trace points)
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20220728135503.1060062-5-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

The assert() protecting against leakage is a little aggressive and
causes needless crashes if a device is shutdown without having been
configured. In this case no descriptors are lost because none have
been assigned.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220728135503.1060062-4-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

I've noticed asserts firing because we query the status of vdev after
a vhost connection is closed down. Rather than faulting on the NULL
indirect just quietly reply false.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220728135503.1060062-3-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

As soon as virtio_scsi_data_plane_start() attaches host notifiers the
IOThread may start virtqueue processing. There is a race between
IOThread virtqueue processing and virtio_scsi_data_plane_start() because
it only assigns s->dataplane_started after attaching host notifiers.

When a virtqueue handler function in the IOThread calls
virtio_scsi_defer_to_dataplane() it may see !s->dataplane_started and
attempt to start dataplane even though we're already in the IOThread:

  #0  0x00007f67b360857c __pthread_kill_implementation (libc.so.6 + 0xa257c)
  #1  0x00007f67b35bbd56 raise (libc.so.6 + 0x55d56)
  #2  0x00007f67b358e833 abort (libc.so.6 + 0x28833)
  #3  0x00007f67b358e75b __assert_fail_base.cold (libc.so.6 + 0x2875b)
  #4  0x00007f67b35b4cd6 __assert_fail (libc.so.6 + 0x4ecd6)
  #5  0x000055ca87fd411b memory_region_transaction_commit (qemu-kvm + 0x67511b)
  #6  0x000055ca87e17811 virtio_pci_ioeventfd_assign (qemu-kvm + 0x4b8811)
  #7  0x000055ca87e14836 virtio_bus_set_host_notifier (qemu-kvm + 0x4b5836)
  #8  0x000055ca87f8e14e virtio_scsi_set_host_notifier (qemu-kvm + 0x62f14e)
  #9  0x000055ca87f8dd62 virtio_scsi_dataplane_start (qemu-kvm + 0x62ed62)
  #10 0x000055ca87e14610 virtio_bus_start_ioeventfd (qemu-kvm + 0x4b5610)
  #11 0x000055ca87f8c29a virtio_scsi_handle_ctrl (qemu-kvm + 0x62d29a)
  #12 0x000055ca87fa5902 virtio_queue_host_notifier_read (qemu-kvm + 0x646902)
  #13 0x000055ca882c099e aio_dispatch_handler (qemu-kvm + 0x96199e)
  #14 0x000055ca882c1761 aio_poll (qemu-kvm + 0x962761)
  #15 0x000055ca880e1052 iothread_run (qemu-kvm + 0x782052)
  #16 0x000055ca882c562a qemu_thread_start (qemu-kvm + 0x96662a)

This patch assigns s->dataplane_started before attaching host notifiers
so that virtqueue handler functions that run in the IOThread before
virtio_scsi_data_plane_start() returns correctly identify that dataplane
does not need to be started. This fix is taken from the virtio-blk
dataplane code and it's worth adding a comment in virtio-blk as well to
explain why it works.

Note that s->dataplane_started does not need the AioContext lock because
it is set before attaching host notifiers and cleared after detaching
host notifiers. In other words, the IOThread always sees the value true
and the main loop thread does not modify it while the IOThread is
active.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2099541


Reported-by: Qing Wang <qinwang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20220808162134.240405-1-stefanha@redhat.com>
Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

* Fix a possible endless loop in USB XHCI code
* Minor fixes for the new readconfig test

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmL7aT8RHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbXm6w//TzGqEkzN6VeYqCgbI5ZuCcu3uL/X7KcO
# vsljTTYeJgE3IuT4RARk4d2/K8xD/mzyxMTHP5SrbCIYSOBY4OusJN55fytX46mb
# cdy3dHWbwaT7y8J+BLpwOg7om+oDp1Q2o1JxPY39BEi5T2C6PBHveDf9XxNv2n2j
# 9kwF0la7EmhmNoUgWyvf3dVoOFS3G4BTP1ZSvjcUNRuAxGLGZ8XOhZYw5zQ4MMTF
# OrNdVPmMDyLjAxpdO5dKItvTs8l0ioSXsbrNK+w2o58U1Wmczkn3BYcel2m+J14v
# XY9jtq9qUHjTmFRCCop0LYitkDvW+mAmptFsc94Y0ulc3JQ1KNvvjBIgNKZGRCkv
# Fw7xdArifc1TMpRdgNP1Gr88LXtSPEaPsHYMRy7AHcv2Abd9zrRm7JMa45mburzp
# jhUvFYCLN2iDgd78HClDAGuRLWAEaJDLkbvxHtJxGW8m9lHHwkrUeLm6uJMrSwu6
# 880O0/ayEz0jw5yDEDC/ooTbcWKgbpZ7KPREciSLTAPsC2orBrBIjlioY1YxfAMZ
# rrP7KvGggP7yWrOn4BKUWRo7NC2WPQ69nJQCTsXij4NlKsWAaJ3EgldKDcFgungk
# DsEm+FQhcDDfeOWN03dNxRxz8bFm1/HbSHgna5C5xnbQbQMiSPYVYWPjzK6E8kKO
# NgjewJS4E7E=
# =5xZ9
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 16 Aug 2022 04:54:07 AM CDT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [undefined]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [undefined]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2022-08-16' of https://gitlab.com/thuth/qemu

:
  hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394)
  tests/qtest: misc tweaks to readconfig

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

A few small fixes:

  - properly un-parent OBJECT(cpu) when closing -user thread
  - add missing timeout to aspeed tests
  - reduce raciness of login: prompt handling for aspeed tests

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmL7XG0ACgkQ+9DbCVqe
# KkRDAAf9EfolGONaDKRaBkzdASuIadVGDr3EUDFe+Ho7cyJjnrOu8XjbOuB9Ayc4
# Vg4ccTSWYtCQdh4HhPOuCSmCoDmvCgnzze+eLS1E/PDNAMH0puPYikacpdp09Nng
# qtPqb9QfaJNy7imrtg43kXWDbUHU21YlgGIguBYCJV5EKBFlNH84iyf5wYjXjQkp
# OXpSGcSdNBJ569g1tksrBZrrSMEMMFHnpDmMxRbNnDlJ/yDKbLI8t0CXLR1hU6le
# IjKWV7ZChEYiTRn+tlVrRdiFJjqhKtOoc9VXlVG67MW9orEQwk0gYVrnhxmC+N0t
# hMcbncw8CgxS270cEqccxxYDF5Uxng==
# =9IHQ
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 16 Aug 2022 03:59:25 AM CDT
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* tag 'pull-for-7.1-fixes-160822-1' of https://github.com/stsquad/qemu

:
  tests/avocado: apply a band aid to aspeed-evb login
  tests/avocado: add timeout to the aspeed tests
  linux-user: un-parent OBJECT(cpu) when closing thread

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

The loop condition in xhci_ring_chain_length() is under control of
the guest, and additionally the code does not check for failed DMA
transfers (e.g. if reaching the end of the RAM), so the loop there
could run for a very long time or even forever. Fix it by checking
the return value of dma_memory_read() and by introducing a maximum
loop length.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/646


Message-Id: <20220804131300.96368-1-thuth@redhat.com>
Reviewed-by: Mauro Matteo Cascella <mcascell@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>