Change ordering to avoid adding forward declarations in
following patches.  Fix comment code style while being
at it.  No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20220830063827.813053-2-kraxel@redhat.com>

An abort happens in ohci_frame_boundary() when ohci->done is 0 [1].

``` c
static void ohci_frame_boundary(void *opaque)
{
    // ...
    if (ohci->done_count == 0 && !(ohci->intr_status & OHCI_INTR_WD)) {
        if (!ohci->done)
            abort(); <----------------------------------------- [1]
```

This was reported in https://bugs.launchpad.net/qemu/+bug/1911216/,
https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg03613.html, and
https://gitlab.com/qemu-project/qemu/-/issues/545

. I can still reproduce it with
the latest QEMU.

This happends due to crafted ED with putting ISO_TD at physical address 0.

Suppose ed->head & OHCI_DPTR_MASK is 0 [2], and we memset 0 to the phyiscal
memory from 0 to sizeof(ohci_iso_td). Then, starting_frame [3] and frame_count
[4] are both 0. As we can control the value of ohci->frame_number (0 to 0x1f,
suppose 1), we then control the value of relative_frame_number to be 1 [6]. The
control flow goes to [7] where ohci->done is 0. Have returned from
ohci_service_iso_td(), ohci_frame_boundary() will abort() [1].

``` c
static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed)
{
    // ...
    addr = ed->head & OHCI_DPTR_MASK; // <--------------------- [2]

    if (ohci_read_iso_td(ohci, addr, &iso_td)) {   // <-------- [3]
        // ...

    starting_frame = OHCI_BM(iso_td.flags, TD_SF); // <-------- [4]
    frame_count = OHCI_BM(iso_td.flags, TD_FC);    // <-------- [5]
    relative_frame_number = USUB(ohci->frame_number, starting_frame);
                                                   // <-------- [6]
    if (relative_frame_number < 0) {
        return 1;
    } else if (relative_frame_number > frame_count) {
        // ...
        ohci->done = addr;                         // <-------- [7]
        // ...
    }
```

As only (afaik) a guest root user can manipulate ED, TD and the physical memory,
this assertion failure is not a security bug.

The idea to fix this issue is to drop ohci_service_iso_td() if ed->head &
OHCI_DPTR_MASK is 0, which is similar to the drop operation for
ohci_service_ed_list() when head is 0. Probably, a similar issue is in
ohci_service_td(). I drop ohci_service_td() if ed->head & OHCI_DPTR_MASK is 0.

Fixes: 7bfe5777 ("OHCI USB isochronous transfers support (Arnon Gilboa)")
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/545
Buglink: https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg03613.html
Buglink: https://bugs.launchpad.net/qemu/+bug/1911216


Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <20220826051557.119570-1-cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

If a guest sets up bad descriptors, it could force QEMU to access
non-existing memory regions. Thus we should check the return value
of dma_memory_read/write() to make sure that these errors don't go
unnoticed.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220817160016.49752-1-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

The png_destroy_write_struct() function frees all memory used by
libpng. Don't use the glib auto cleanup mechanism to free the
memory allocated by libpng again. For the pixman image, use only the
auto cleanup mechanism and remove the qemu_pixman_image_unref()
function call to prevent another double free.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1210


Fixes: 9a0a119a ("Added parameter to take screenshot with screendump as PNG")
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20220919061956.30929-1-vr_qemu@t-online.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

In order to reset the guest agent, we send CLOSED & OPENED events.

They are correctly received by the guest kernel. However, they might not
be noticed by the guest agent process, as the IO task (poll() for
example) might be wake up after both CLOSED & OPENED have been
processed.

Wait until the guest agent is disconnected to re-open our side.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220912102455.111765-6-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Not only we have to reset the vdagent clipboards serial state, but also
the current QEMU clipboards info serial (the value is currently used by
qemu_clipboard_check_serial, only used by -display dbus).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220912102455.111765-5-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

The guest agent doesn't know what is the current serial state. Reset the
serial value whenever a new agent connection is established.

Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=2124446



Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220912102455.111765-4-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

The incoming grab event should have a higher serial.
See also "vdagent: introduce VD_AGENT_CAP_CLIPBOARD_GRAB_SERIAL":
https://gitlab.freedesktop.org/spice/spice-protocol/-/commit/045a6978d6dbbf7046affc5c321fa8177c8cce56



This is only a relevant fix for the -display dbus, only user of that
function.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220912102455.111765-3-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

This helps debugging clipboard serial sync issues.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220912102455.111765-2-marcandre.lureau@redhat.com>

[ kraxel: code style fix ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

As ui/cocoa does no longer override main(), ui/gtk and ui/sdl
can be enabled even ui/cocoa is enabled.

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20220819132756.74641-4-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

This reverts commit 47281859.

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20220819132756.74641-3-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

This work is based on:
https://patchew.org/QEMU/20220317125534.38706-1-philippe.mathieu.daude@gmail.com/



Simplify the initialization dance by running qemu_init() in the main
thread before the Cocoa event loop starts. The secondary thread only
runs only qemu_main_loop() and qemu_cleanup().

This fixes a case where addRemovableDevicesMenuItems() calls
qmp_query_block() while expecting the main thread to still hold
the BQL.

Overriding the code after calling qemu_init() is done by dynamically
replacing a function pointer variable, qemu_main when initializing
ui/cocoa, which unifies the static implementation of main() for
builds with ui/cocoa and ones without ui/cocoa.

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20220819132756.74641-2-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Define a QEMU special key constant for the tab key and add an entry for
it in the qcode_to_keysym table. This allows tab completion to work again
in the SDL monitor virtual console, which has been broken ever since the
migration from SDL1 to SDL2.

Signed-off-by: Cal Peake <cp@absolutedigital.net>
Message-Id: <7054816e-99c-7e2-6737-7cf98cc56e2@absolutedigital.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Merge tag 'edgar/xilinx-next-2022-09-21.for-upstream' of https://github.com/edgarigl/qemu into staging

Xilinx queue

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEErET+3BT38evtv0FRKcWWeA9ryoMFAmMraeQACgkQKcWWeA9r
# yoOUUwgAz/GPBURkdzYcFbOa4VEBrCaJxCu2WvyBdj6kjEgw/ZmdXbDHfeKTr2Rl
# 8mo7UWugfj1KTMqo5Tmte6+3EeNcuB9qA/flKj7wfKwLX1S0V6EFNGJn8sdNe+1r
# c6fYm0bUBk9FKauUT4t3U1Zl9SGJ2Pwa8JvztVgBvvZG6G+J0bkVmw2mMXb3jaaV
# skzmBuvDT0G8JkxWnpEXwznrPSHSjivqawVlBfjC5JmCjZ16bz05okju+cckfzTJ
# 0VF7/27MWfVCpMtWjRSA6p+3gwLziz7xOhPe9excSVsDyAs4WdcuI+/42/MBBUIn
# rlg7pNIslI9r8eP5Jyk6LcSmBsPDMA==
# =GZsl
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 21 Sep 2022 15:45:40 EDT
# gpg:                using RSA key AC44FEDC14F7F1EBEDBF415129C596780F6BCA83
# gpg: Good signature from "Edgar E. Iglesias (Xilinx key) <edgar.iglesias@xilinx.com>" [unknown]
# gpg:                 aka "Edgar E. Iglesias <edgar.iglesias@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: AC44 FEDC 14F7 F1EB EDBF  4151 29C5 9678 0F6B CA83

* tag 'edgar/xilinx-next-2022-09-21.for-upstream' of https://github.com/edgarigl/qemu

:
  hw/microblaze: pass random seed to fdt

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Hexagon update
    remove unused encodings
    add fmin/fmax tests for signed zero

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEENjXHiM5iuR/UxZq0ewJE+xLeRCIFAmMou7IACgkQewJE+xLe
# RCIYbQgAgjFujecgbbCJfBPVMmpTXNOgk+Jt3w+jfg7/WJRZuhxAU3xB2qpismUH
# 5MntMlFHAGOjlPXfg6U5AZFSw3RhlanH/RChHpVKuL6peOXFImIfEqdyVXHXfCuu
# FlpQFGwJ3Rs50UJhd7lVdlx0I7lup4E4X77hFvFcZQP6aNrt6Ic1Zq5eXhEq9k2A
# NnXol1R416JRT/senujYVvcTpgYVHlQCS+4dJEzKUqvFlTdo7lnAbPdjO8MPrz7B
# 0NgPUGjGZJ70Dcqvd1n8HePIU1YyKTlHJNaWyTlAmw4MECyHyAJnd64jEMNECDb5
# 0BrpHcY1HCt1Rh4QratemTfJglAJlA==
# =UUyr
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 19 Sep 2022 14:57:54 EDT
# gpg:                using RSA key 3635C788CE62B91FD4C59AB47B0244FB12DE4422
# gpg: Good signature from "Taylor Simpson (Rock on) <tsimpson@quicinc.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 3635 C788 CE62 B91F D4C5  9AB4 7B02 44FB 12DE 4422

* tag 'pull-hex-20220919' of https://github.com/quic/qemu

:
  Hexagon (tests/tcg/hexagon): add fmin/fmax tests for signed zero
  Hexagon (target/hexagon) remove unused encodings

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to
initialize early. Set this using the usual guest random number
generation function. This FDT node is part of the DT specification.

Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>

m68k pull request 20220921

- several fixes for SR
- implement TAS
- feature cleanup

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmMrMx0SHGxhdXJlbnRA
# dml2aWVyLmV1AAoJEPMMOL0/L748UB0P/1w5w+ogpcWVp9uBPE9m6lTT8sTricWD
# oGMIEG0kgpS3xTp7pZ/WeCp38IShFBfBcz5aypvR5nS/1aclyJnzGsCqyWdBe9c4
# jJJY5r7JKP2aKcolGNilNyd20ldOiaxZGe6yFLJDWi2spFbRx3iiRJ4/2NXF5Xi8
# TlHKdlDGlNLFiFNtBXMMwqvL77qJ8LH/aE4cAr8JTOb1VszKXrFxqEqxoUucRirB
# u0LbM+DP3u2xXjTGLMLlMcKf9X2BXwuWBSAXslB8xWmRlX+B6fMudBFglTgbu0Cc
# bpoBBqY4s3QYPb21i89osYevJAJSdrtEzkKus3xAI08ACSffb9k9m/naVJJDSSNC
# HZeKVbAd7I0Xw2xzzO5yQB+7rdfgoL1miE1rs936WKHi0WWHZpdJqzl/3G3ZPhRz
# NmqczF9rRR9B9SabXx5lWlhK+Ys/W7PzY+R4gc6ose0wF4T70qmVF3EoioP1c5Y8
# 6OonMpRu6L5sW5KM3IUmkBo3KcnLezlxtebfaDyaKC9tB0qg4aM14ikL36nsLFbh
# 2nGExYSyMJ6U4tqpxyQxijMMSQG20vyVIup6cUsrSD+rGmbSuWZWJwsTmaAw2W6k
# 6HtDgtFk40ZB1WttYupQBa/LgjshGLl28jyLI9nNEdFYb4H1JAallEERF/tb6AUD
# WEiu8vcUMYEp
# =IAMt
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 21 Sep 2022 11:51:57 EDT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* tag 'm68k-for-7.2-pull-request' of https://github.com/vivier/qemu-m68k

:
  target/m68k: always call gen_exit_tb() after writes to SR
  target/m68k: rename M68K_FEATURE_M68000 to M68K_FEATURE_M68K
  target/m68k: Perform writback before modifying SR
  target/m68k: Fix MACSR to CCR
  target/m68k: Implement atomic test-and-set

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

ppc patch queue for 2022-09-20:

This queue contains a implementation of PowerISA 3.1B hash insns, ppc
TCG insns cleanups and fixes, and miscellaneus fixes in the spapr and
pnv_phb models.

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYyoWlAAKCRA82cqW3gMx
# ZDYhAP0eQMeA4NS3hiw7WMcAVg0pei3ZJL9oEh1UE3+MfK7MhQEA0q8qExWnQJAA
# a0hfnFH9pLjI+v0f/FbFK6QJBpu/bg8=
# =qT+H
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Sep 2022 15:37:56 EDT
# gpg:                using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164
# gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 17EB FF99 23D0 1800 AF28  3819 3CD9 CA96 DE03 3164

* tag 'pull-ppc-20220920' of https://gitlab.com/danielhb/qemu

:
  hw/ppc/spapr: Fix code style problems reported by checkpatch
  hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure
  hw/ppc: spapr: Use qemu_vfree() to free spapr->htab
  target/ppc: Clear fpstatus flags on helpers missing it
  target/ppc: Zero second doubleword of VSR registers for FPR insns
  target/ppc: Set OV32 when OV is set
  target/ppc: Zero second doubleword for VSX madd instructions
  target/ppc: Set result to QNaN for DENBCD when VXCVI occurs
  target/ppc: Zero second doubleword in DFP instructions
  target/ppc: Remove unused xer_* macros
  target/ppc: Remove extra space from s128 field in ppc_vsr_t
  target/ppc: Merge fsqrt and fsqrts helpers
  target/ppc: Move fsqrts to decodetree
  target/ppc: Move fsqrt to decodetree
  target/ppc: Implement hashstp and hashchkp
  target/ppc: Implement hashst and hashchk
  target/ppc: Add HASHKEYR and HASHPKEYR SPRs

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Testing and CI changes:

  - reduce number of targets for cross_user_build
  - update avocado xlnx_versal test with new binaries
  - add explicit timeouts to a number of avocado TCG tests
  - reduce default timeout to 120s
  - update lcitool to support cross-amd64
  - flatten a number of docker cross containers
  - clean up stale qemu/debian10 dependencies
  - remove obsolete Fedora VM test
  - add configure workaround for meson --disable-pie bug
  - disable --static-pie for aarch64 gitlab runner
  - update aarch32/aarch64 jobs to 22.04
  - deprecate 32 bit big-endian MIPS as a host
  - remove FROM qemu/ support from docker.py
  - remove Debian base images now everything is flat

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmMp8Q8ACgkQ+9DbCVqe
# KkQmlwf/awT+jOmAW7TjlQnUTgHJ2hyOo7EViY/nmRkPOCT3ZG32pWFHBorHPX7s
# BeqZzpzCvhzaIfObnjIssx13C5QId5XjJGuTgMAnSsGhzTrp7VUJc1/bBfHcD9L2
# dJJduG+bfAkh95heBkry5EhFt2ZMui5yv9DjEH44hUUc9nwKtIQGts3H3fnVqzvv
# rzLZ7c2lhdLpAxHjmjSiiD8H59lJ+DpoziaobW4D7teGgecnyGVvJ9m1YH4Rc+kM
# gpLTOGMhADkQlysf5e5cvxXSJbP7YpXYrsr9X+DfEy5PMt2L3y4Yv0wiAz9ClYvm
# obD4wMQS5echYvb77qS1G8A0VMEPqA==
# =3oYu
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Sep 2022 12:57:51 EDT
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* tag 'pull-testing-next-200922-2' of https://github.com/stsquad/qemu

: (30 commits)
  tests/docker: remove the Debian base images
  tests/docker: remove FROM qemu/ support from docker.py
  tests/docker: update and flatten debian-toolchain
  tests/docker: update and flatten debian-hexagon-cross
  tests/docker: update and flatten debian-loongarch-cross
  tests/docker: update and flatten debian-amd64-cross
  tests/lcitool: bump to latest version
  tests/docker: update and flatten debian-all-test-cross
  tests/docker: flatten debian-riscv64-test-cross
  Deprecate 32 bit big-endian MIPS
  gitlab-ci: update aarch32/aarch64 custom runner jobs
  gitlab-ci/custom-runners: Disable -static-pie for ubuntu-20.04-aarch64
  configure: explicitly set cflags for --disable-pie
  tests/vm: Remove obsolete Fedora VM test
  tests/docker: remove amd64 qemu/debian10 dependency
  tests/docker: remove tricore qemu/debian10 dependency
  tests/docker: flatten debian-powerpc-test-cross
  tests/docker: update and flatten debian-sparc64-cross
  tests/docker: update and flatten debian-sh4-cross
  tests/docker: update and flatten debian-mips64-cross
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Any write to SR can change the security state so always call gen_exit_tb() when
this occurs. In particular MacOS makes use of andiw/oriw in a few places to
handle the switch between user and supervisor mode.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220917112515.83905-5-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>

The M68K_FEATURE_M68000 feature is misleading in that its name suggests the feature
is defined just for Motorola 68000 CPUs, whilst in fact it is defined for all
Motorola 680X0 CPUs.

In order to avoid confusion with the other M68K_FEATURE_M680X0 constants which
define the features available for specific Motorola CPU models, rename
M68K_FEATURE_M68000 to M68K_FEATURE_M68K and add comments to clarify its usage.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220917112515.83905-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>

Writes to SR may change security state, which may involve
a swap of %ssp with %usp as reflected in %a7.  Finish the
writeback of %sp@+ before swapping stack pointers.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1206


Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220913142818.7802-3-richard.henderson@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>

First, we were writing to the entire SR register, instead
of only the flags portion.  Second, we were not clearing C
as per the documentation (X was cleared via the 0xf mask).

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220913142818.7802-2-richard.henderson@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>

This is slightly more complicated than cas,
because tas is allowed on data registers.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220829051746.227094-1-richard.henderson@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>

* Skip tests if the corresponding feature is missing
* Update NetBSD VM test to version 9.3
* Update the FreeBSD CI to version 13.1
* Some small fixes for the qtests
* Update wordings in the QEMU guest-agent

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmMpvqURHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbXtaQ//ap4P8Gdg7HyShflpHj3+Z+UC/THtcCAD
# F5Oj/E89wYJZJvWpjELLUf+218O+zbcKkv6z25AHo37JRSLQMzsD21RpDYcu8qnN
# Xk77KrOLFaVRRo6e3FAi5I+uWsm1h/9jJfC/sFrzfKGnWcW5pTzXUkbvWT3LZo/q
# d0wJCMn/+h0j6kqhjm8mhFCsGsSaUKFCMzm/6rsWxVsMsVnlTyYhg/IzhocKrkVD
# 9ZWz+jAv+h4F0CLl/SeRvZFq4LEGZoP3KHWrDAgEO9i1yC+tNpGDFyV/hJXwapcm
# jYGaPPgS2dLToMXf5uubfmyptircQKqdpC2Hl8UwgUS6OgwA2YRCxad8rrrdBezq
# 2Nb8KissVB8ySL1Asf00gxioJNwLKrY+4NIeDVxAQ56f1/9kd0w0ylrweR492V/p
# z3Yrs3uqqALR1jWfB7/Rh4EN2R0oe6bnlfb8bB6lzPKynXQicZLeoOnNPbkOQMw8
# HgjKVFT130ydXJKMJkgEQmi4JUGoaKqSKCmlSaHz9TAobwNiVBXaH0cyuX5QEuoX
# WgZosiF5nBzdbhkC2IPcQYHzIIkelfx9j9mKE0PNfUSkFgMiywcI5TfqabPWGeaA
# rxYPU4EZmbgCZPlBVdPFwog/BXap2EIo9+xtINM0COQDoy+Q/l5Z3keHhpjayBBS
# qWc6CRSmhLs=
# =sHK+
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Sep 2022 09:22:45 EDT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2022-09-20' of https://gitlab.com/thuth/qemu

:
  qga: Replace 'blacklist' and 'whitelist' in the guest agent sources
  qga: Replace 'blacklist' command line and config file options by 'block-rpcs'
  gitlab-ci: Update the FreeBSD 13 job from 13.0 to 13.1
  tests: sb16 has both pc and q35 tests
  tests: Only run intel-hda-tests if machine type is compiled in
  bios-tables-test: Only run test for machine types compiled in
  bios-tables-test: Sort all x86_64 tests by machine type
  bios-tables-test: Make oem-fields tests be consistent
  meson-build: Enable CONFIG_REPLICATION only when replication is set
  tests: Fix error strings
  qtest/fuzz-lsi53c895a-test: set guest RAM to 2G
  tests/qtest: npcm7xx-emc-test: Skip checking MAC
  .gitlab-ci.d/windows.yml: Drop the sed processing in the 64-bit build
  tests/vm: update NetBSD to 9.3
  tests: mark io-command test as skipped if socat is missing

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

* add help option for -audio and -audiodev
* another missing memory barrier for dirty pages
* target/i386: Raise #GP on unaligned m128 accesses
* coverity fixes + improvements to components
* add MMX and 3DNow! tests
* SSE4a fixes
* target/i386: TCG translation cleanups
* update qboot submodule

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmMocZcUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroNV7Qf+NEoB8R0ug+ClMRe1Qqt8FXEd0eXE
# nT19q4rOWfmW4/L+wI6gpxhbxrxOuLwoZ8YvD8c6rQAdexMoHoeTvA1PAca4zZTo
# ISmW3bXsoHN2uGLPz4CKhjKBLCANtDkh3EWCwRFkLSRCLSRDhKPrG1Ue3fOgQ6GO
# riROcxbyYzvU/4uefSW+xG/Im9gftNF6occZZ59LrK7Xd8kwlb+E+EdsmzFw5f8O
# Q9irVQ8pX9ZM4BK2KiT16nZ0uSRwJqSJKbLI670nUEsj1jQCIgU3srgZHjAIvoir
# yivDs6oktgS/HkPD5CQoTX+fVDgEDM1TTF6P8r7uJopPXpzz+AHswfSJmg==
# =RVCS
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 19 Sep 2022 09:41:43 EDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu

: (21 commits)
  qboot: update to latest submodule
  build: remove extra parentheses causing missing rebuilds
  target/i386: introduce insn_get_addr
  target/i386: REPZ and REPNZ are mutually exclusive
  target/i386: fix INSERTQ implementation
  target/i386: correctly mask SSE4a bit indices in register operands
  audio: add help option for -audio and -audiodev
  tests/tcg: remove old SSE tests
  tests/tcg: refine MMX support in SSE tests
  tests/tcg: i386: add MMX and 3DNow! tests
  tests/tcg: i386: fix typos in 3DNow! instructions
  tests: unit: add NULL-pointer check
  tests: test-qga: close socket on failure to connect
  tests: unit: simplify test-visitor-serialization list tests
  smbios: sanitize type from external type before checking have_fields_bitmap
  coverity: put NUBus under m68k component
  coverity: add new RISC-V component
  spapr_pci: fix leak in spapr_phb_vfio_get_loc_code
  kvm: fix memory leak on failure to read stats descriptors
  target/i386: Raise #GP on unaligned m128 accesses when required.
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

v2: fix compile error.

# -----BEGIN PGP SIGNATURE-----
#
# iLMEAAEIAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCYymK3wAKCRBAov/yOSY+
# 31trA/oDy6CHaPvT9mwKOM/ScYcwCf+dEtFGkqpsjcPlEB7GLJ9moJxp1xlm+Htw
# KA0MlA4QrI6MWd9udEbnoB7aRScG/ugzWHDPGocg+qjqiZvmHpE9ShdxYeDVJaLk
# 6hN9dkom+ANWeZ7T4gmdQreK/lwjUAqkiPSjw1HhvSHr3kAeDA==
# =uUxe
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Sep 2022 05:41:51 EDT
# gpg:                using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF
# gpg: Can't check signature: No public key

* tag 'pull-loongarch-20220920' of https://gitlab.com/gaosong/qemu

:
  hw/loongarch: Improve acpi dsdt table
  hw/loongarch: Support memory hotplug
  hw/loongarch: Fix acpi ged irq number in dsdt table
  hw/loongarch: Add RAMFB to dynamic_sysbus_devices list
  hw/loongarch: Add hotplug handler for machine
  hw/loongarch: Add platform bus support
  hw/loongarch: Add interrupt information to FDT table
  hw/loongarch: Support fw_cfg dma function
  hw/loongarch: Remove vga device when loongarch init

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

We no longer use these in any of our images. Clean-up the remaining
comments and documentation that reference them and remove from the
build.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220914155950.804707-31-alex.bennee@linaro.org>

We want to migrate from docker.py to building our images directly with
docker/podman. Before we get there we need to make sure we don't
re-introduce our layered builds so bug out if we see FROM qemu/ in a
Dockerfile.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220914155950.804707-30-alex.bennee@linaro.org>

Update to the latest stable Debian. While we are at it flatten into a
single dockerfile as we do not need anything from the base image to
build the toolchain. This is used to build both the nios and
microblaze toolchains.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220914155950.804707-29-alex.bennee@linaro.org>

Update to the latest stable Debian. While we are at it flatten into a
single dockerfile as we do not some of the extraneous packages from
the base image to build the toolchain.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220914155950.804707-28-alex.bennee@linaro.org>

Update to the latest stable Debian. While we are at it flatten into a
single dockerfile. We really don't need the rest of the stuff from the
QEMU base image just to compile test images. In this case it is a
binary distribution of the toolchain anyway.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220914155950.804707-27-alex.bennee@linaro.org>

Now lcitool has support for building a x86_64 cross image we can use
it for this.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220914155950.804707-26-alex.bennee@linaro.org>

We need this to be able to cleanly build the x86 cross images. There
are a few minor updates triggered by lcitool-refresh including adding
"libslirp" to the freebsd vars and opensuse-leap which will help when
we finally drop the slirp submodule from QEMU.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220914155950.804707-25-alex.bennee@linaro.org>

Update to the latest stable Debian. While we are at it flatten into a
single dockerfile. We also need to ensure we install clang as it is
used for those builds as well.

It would be nice to port this to lcitool but for now this will do.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220914155950.804707-24-alex.bennee@linaro.org>

Flatten into a single dockerfile and update to match the rest of the
test cross compile dockerfiles.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220914155950.804707-23-alex.bennee@linaro.org>

It's becoming harder to maintain a cross-compiler to test this host
architecture as the old stable Debian 10 ("Buster") moved into LTS
which supports fewer architectures. For now:

  - mark it's deprecation in the docs
  - downgrade the containers to build TCG tests only
  - drop the cross builds from our CI

Users with an appropriate toolchain and user-space can still take
their chances building it.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Huacai Chen <chenhuacai@kernel.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220914155950.804707-22-alex.bennee@linaro.org>

The custom runner is now using 22.04 so we can drop our hacks to deal
with broken libssh and glusterfs. The provisioning scripts will be
updated in a separate commit.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220914155950.804707-21-alex.bennee@linaro.org>

The project has reached the magic size at which we see

/usr/aarch64-linux-gnu/lib/libc.a(init-first.o): in function `__libc_init_first':
(.text+0x10): relocation truncated to fit: R_AARCH64_LD64_GOTPAGE_LO15 against \
symbol `__environ' defined in .bss section in /usr/aarch64-linux-gnu/lib/libc.a(environ.o)
/usr/bin/ld: (.text+0x10): warning: too many GOT entries for -fpic, please recompile with -fPIC

The bug has been reported upstream, but in the meantime there is
nothing we can do except build a non-pie executable.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220823210329.1969895-1-richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220914155950.804707-20-alex.bennee@linaro.org>

This is working around current limitation of Meson's handling of
--disable-pie.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220914155950.804707-19-alex.bennee@linaro.org>