Merge tag 'pull-ppc-for-9.2-2-20241127' of https://gitlab.com/npiggin/qemu into staging

* Assorted small ppc fixes

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEETkN92lZhb0MpsKeVZ7MCdqhiHK4FAmdF/gUACgkQZ7MCdqhi
# HK55/xAAw1AXhd+B9JODn6bpDzIvG1yZN81X7xm5WtVQwb9GgBlacBMgVRZQvulX
# 0TH0GBe2/+NkIgr/8c2j2NN3VwME86w56R7E9XFStwh9Q+80vJNT898023gAeN7k
# qiy+XBroUBkJJhuJOYXMCsgg7j0eTaCdVJxqytKBtr4vQnxRfkgKLeHKyMSF0uNu
# geRg76V3elleDNIhSood8GJ/O+Boom9Dvrsj7FwxIfTRnT8d1cwUV599fOJMYW/A
# EOquM54eREhCymVOMTx3gpJAMQXMGJ9LKR6AuIWEu1t4J9KJD27I5a56ASjz8BcO
# RH6DeqDVSauv25NqWKk4388xYTzd1zTScG4X7qdLcoLwy+wjyB90mvbLFmpuNjrG
# bR5BALRF0OtJ2SQ+DHM8h0OPQANl33c0YCU5GHMsFMiAkPJPaZWib1VrzeU8JzjW
# nUbKPE6htYh6Ee6dyGq/E1SP7QgmJTavZ/aY8j5e5iyJBWEZuS80TZ8FYv6ETFp7
# 5SHpRcvREZs4GO8vWwh8yNuepvQ5O6iK79kQUjcdREvRjT419m50cfJwyMxhG16r
# IeNkny7YtfX7s90s8zhw3WQECmBpfKqvzXtFZPORdge2MJSHFmYpnip9uLp1r1pU
# 1BUe1m1vubqd6/2JLw0FLIIqjuEv9VLDh4HI6ehG/7G7gwnwlRc=
# =Acg2
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 26 Nov 2024 16:57:41 GMT
# gpg:                using RSA key 4E437DDA56616F4329B0A79567B30276A8621CAE
# gpg: Good signature from "Nicholas Piggin <npiggin@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4E43 7DDA 5661 6F43 29B0  A795 67B3 0276 A862 1CAE

* tag 'pull-ppc-for-9.2-2-20241127' of https://gitlab.com/npiggin/qemu:
  hw/ppc/pegasos2: Fix IRQ routing from pci.0
  ppc/spapr: fix drc index mismatch for partially enabled vcpus
  ppc/pnv: Add xscom- prefix to pervasive-control region name
  target/ppc: Fix THREAD_SIBLING_FOREACH for multi-socket
  ppc/pnv: Fix direct controls quiesce
  target/ppc: Fix non-maskable interrupt while halted

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge tag 'pull-target-arm-20241126' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * target/arm/tcg/cpu32.c: swap ATCM and BTCM register names
 * docs/system/arm: Fix broken links and missing feature names

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmdF/vUZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3m4VD/95q5242ldAFCDj3pftP7tZ
# DCdY+AZZiUc+2puCjUlxCaKyXkTr4ifwUe79RStbatW80JxGJbJHeRK1VA4dNlPD
# trl+6fN5gS6VpvIpkfS92qH8VDF2XfygPIjisCUf7MIsJCgLa9XEJ8lQvHcxgT2v
# VSYholfKrU5bsS5UIuMC+cNjTaLLgwEW0RSqvo0/ZTnOZgfLJk6PD938WV6kbHoA
# 6qbwLgoKoSaZDxmnKAxqMMsnMPAnYE4mSSQsawwa92f5zj7p6Pz9FjDBGRuBnBan
# JeSyW9C7X555BT5YxluEqicsOK+xGg58y3QrQuDRwXHUO3gCMBMS+CGapNPhA7rN
# sTIILk2JsGuer4w6Gz/xOIr/nyqufejJd91AVrfC782UXqfi1Gb/xYfsLOz4xSr5
# TzvXMmD/u0yna5OLc6S+eFY5+qWvuIUwty4OTBPN/txd+pzDnsdISMaqXfDl0Czj
# idUVN+xEVBhKvHCFcFt15iwSMgoQ62Vyh5EWyZ5kaeC/w5L6rt+B/Es3XBnx2XSi
# CTU6FQHPrgqbbjF9PIOPq8lavbXTKZ/KsXhCCQ02zh9wLG9JH9nnGLWB7uEIDd8N
# yrd5qp47FooJYisZcfI9SmAU7tcYHbaNmFmGTA2b9UPJW8SvNmzSdhKV/nPFV9JK
# MwJwXffOhI8kXobUrJo03A==
# =yUs5
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 26 Nov 2024 17:01:41 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20241126' of https://git.linaro.org/people/pmaydell/qemu-arm:
  docs/system/arm/aspeed: add missing model supermicrox11spi-bmc
  docs/system/arm/fby35: update link to product page
  docs/system/arm/: add FEAT_DoubleLock
  docs/system/arm/: add FEAT_MTE_ASYNC
  target/arm/tcg/: fix typo in FEAT name
  docs/system/arm/emulation: add FEAT_SSBS2
  docs/system/arm/emulation: fix typo in feature name
  docs/system/arm/emulation: mention armv9
  target/arm/tcg/cpu32.c: swap ATCM and BTCM register names

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/ppc/pegasos2: Fix IRQ routing from pci.0

The MV64361 has two PCI buses one of which is used for AGP on
PegasosII. So far we only emulated the PCI bus on pci.1 but some
graphics cards are only recognised by some guests when connected to
pci.0 corresponding to the AGP port. So far the interrupts were not
routed from pci.0 so this patch fixes that allowing the use of both
PCI buses. On real board only INTA and INTB are connected for AGP but
to avoid surprises we connect all 4 PCI interrupt lines so pci.0 can
be used for all PCI cards as well.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>

ppc/spapr: fix drc index mismatch for partially enabled vcpus

In case when vcpus are explicitly enabled/disabled in a non-consecutive
order within a libvirt xml, it results in a drc index mismatch during
vcpu hotplug later because the existing logic uses vcpu id to derive the
corresponding drc index which is not correct. Use env->core_index to
derive a vcpu's drc index as appropriate to fix this issue.

For ex, for the given libvirt xml config:
  <vcpus>
    <vcpu id='0' enabled='yes' hotpluggable='no'/>
    <vcpu id='1' enabled='yes' hotpluggable='yes'/>
    <vcpu id='2' enabled='no' hotpluggable='yes'/>
    <vcpu id='3' enabled='yes' hotpluggable='yes'/>
    <vcpu id='4' enabled='no' hotpluggable='yes'/>
    <vcpu id='5' enabled='yes' hotpluggable='yes'/>
    <vcpu id='6' enabled='no' hotpluggable='yes'/>
    <vcpu id='7' enabled='no' hotpluggable='yes'/>
  </vcpus>

We see below error on guest console with "virsh setvcpus <domain> 5" :

pseries-hotplug-cpu: CPU with drc index 10000002 already exists

This patch fixes the issue by using correct drc index for explicitly
enabled vcpus during init.

Reported-by: Anushree Mathur <anushree.mathur@linux.vnet.ibm.com>
Tested-by: Anushree Mathur <anushree.mathur@linux.vnet.ibm.com>
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>

ppc/pnv: Add xscom- prefix to pervasive-control region name

By convention, xscom regions get a xscom- prefix.

Fixes: 1adf24708bf7 ("hw/ppc: Add pnv nest pervasive common chiplet model")
Reviewed-by: Glenn Miles <milesg@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>

target/ppc: Fix THREAD_SIBLING_FOREACH for multi-socket

The THREAD_SIBLING_FOREACH macro wasn't excluding threads from other
chips. Add chip_index field to the thread state and add a check for the
new field in the macro.

Fixes: b769d4c8f4c6 ("target/ppc: Add initial flags and helpers for SMT support")
Signed-off-by: Glenn Miles <milesg@linux.ibm.com>
[npiggin: set chip_index for spapr too]
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>

ppc/pnv: Fix direct controls quiesce

powernv CPUs have a set of control registers that can stop, start, and
do other things to control a thread's execution.

Using this interface to stop a thread puts it into a particular state
that can be queried, and is distinguishable from other things that might
stop the CPU (e.g., going idle, or being debugged via gdb, or stopped by
the monitor).

Add a new flag that can speficially distinguish this state where it is
stopped with control registers. This solves some hangs when rebooting
powernv machines when skiboot is modified to allow QEMU to use the CPU
control facility (that uses controls to bring all secondaries to a known
state).

Fixes: c8891955086 ("ppc/pnv: Implement POWER10 PC xscom registers for direct controls")
Reviewed-by: Glenn Miles <milesg@linux.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>

target/ppc: Fix non-maskable interrupt while halted

The ppc (pnv and spapr) NMI injection code does not go through the
asynchronous interrupt path and set a bit in env->pending_interrupts
and raise an interrupt request that the cpu_exec() loop can see.
Instead it injects the exception directly into registers.

This can lead to cpu_exec() missing that the thread has work to do,
if a NMI is injected while it was idle.

Fix this by clearing halted when injecting the interrupt. Probably
NMI injection should be reworked to use the interrupt request interface,
but this seems to work as a minimal fix.

Fixes: 3431648272d3 ("spapr: Add support for new NMI interface")
Reviewed-by: Glenn Miles <milesg@linux.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>

docs/system/arm/aspeed: add missing model supermicrox11spi-bmc

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Message-id: 20241122225049.1617774-13-pierrick.bouvier@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

docs/system/arm/fby35: update link to product page

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20241122225049.1617774-8-pierrick.bouvier@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

docs/system/arm/: add FEAT_DoubleLock

We already implement FEAT_DoubleLock (see commit f94a6df5dd6a7) when
the ID registers call for it.  This feature is actually one that must
*not* be implemented in v9.0, but since our documentation lists
everything we can emulate, we should include FEAT_DoubleLock in the
list.

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-id: 20241122225049.1617774-7-pierrick.bouvier@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: expand commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

docs/system/arm/: add FEAT_MTE_ASYNC

We already implement FEAT_MTE_ASYNC; we just forgot to list it
in the documentation.

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20241122225049.1617774-6-pierrick.bouvier@linaro.org
[PMM: expand commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm/tcg/: fix typo in FEAT name

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20241122225049.1617774-5-pierrick.bouvier@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

docs/system/arm/emulation: add FEAT_SSBS2

We implemented this at the same times as FEAT_SSBS, but forgot
to list it in the documentation.

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20241122225049.1617774-4-pierrick.bouvier@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: improve commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

docs/system/arm/emulation: fix typo in feature name

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20241122225049.1617774-3-pierrick.bouvier@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

docs/system/arm/emulation: mention armv9

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20241122225049.1617774-2-pierrick.bouvier@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

target/arm/tcg/cpu32.c: swap ATCM and BTCM register names

According to Cortex-R5 r1p2 manual, register with opcode2=0 is
BTCM and with opcode2=1 is ATCM, - exactly the opposite from how
qemu labels them.  Just swap the labels to avoid confusion, -
both registers are implemented as always-zero.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20241121171602.3273252-1-mjt@tls.msk.ru
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEIV1G9IJGaJ7HfzVi7wSWWzmNYhEFAmdFRyQACgkQ7wSWWzmN
# YhFU1Qf/T9bBOCrbQqbZSG7eKk8QuH35zcgNU7FzFTrGeVCc1bUMNYhiioqAFmE+
# h5h/3vmkmt+01vaTuimTRumI2SJnFFwggveJDWf+ICSl9MRtCXB5+w0n71vJ6gUO
# njm36pIl+aMkZIrsDc7lLewVouZkF8mAKP7mn9x53s5lX/HbXZSdPJmrkdUXtNT5
# d3nXlUkNhEWKL9dKIQ9dWYmj3l+tLfuYPiR8a+kKFMEwHlGBuFbNoVN03v5VvFyf
# Dmy1P1ZFApP0SsR4SiccXg7C8AslBC6wc7Bhd0aiKpGBnlt20mE9EJSVyrU8yP1p
# UTKzzB0QHN7Nnd6AcFRhWvo9C74mGg==
# =qP+q
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 26 Nov 2024 03:57:24 GMT
# gpg:                using RSA key 215D46F48246689EC77F3562EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* tag 'net-pull-request' of https://github.com/jasowang/qemu:
  virtio-net: Add queues before loading them

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge tag 'migration-20241125-pull-request' of https://gitlab.com/peterx/qemu into staging

Migration pull for 9.2-rc2

- Fabiano's patch to remove double vmstate cleanup in postcopy
- Peter's patch to whitelist pipes in fd migration URIs

# -----BEGIN PGP SIGNATURE-----
#
# iIgEABYKADAWIQS5GE3CDMRX2s990ak7X8zN86vXBgUCZ0TqmRIccGV0ZXJ4QHJl
# ZGhhdC5jb20ACgkQO1/MzfOr1waJ7AD8Cb8tHkjFG25Q3ufRrkj3d05oVZDRU4lx
# 6bgku9xbUQ0A/1ruu96sy89q9t9facPHn+y/0xmmpBJMB5EJ1Jxunm0M
# =2Ctw
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 25 Nov 2024 21:22:33 GMT
# gpg:                using EDDSA key B9184DC20CC457DACF7DD1A93B5FCCCDF3ABD706
# gpg:                issuer "peterx@redhat.com"
# gpg: Good signature from "Peter Xu <xzpeter@gmail.com>" [marginal]
# gpg:                 aka "Peter Xu <peterx@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B918 4DC2 0CC4 57DA CF7D  D1A9 3B5F CCCD F3AB D706

* tag 'migration-20241125-pull-request' of https://gitlab.com/peterx/qemu:
  migration: Fix extra cleanup at postcopy listen
  migration: Allow pipes to keep working for fd migrations

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge tag 'pull-9.2-rc2-updates-251124-1' of https://gitlab.com/stsquad/qemu into staging

testing, docs and plugin updates for rc2

  - cleanup leftover avocado bits from functional test
  - ensure we keep functional logs for tests
  - improve test console handling to detect prompts
  - remove hacking timer.sleep() usage in functional tests
  - convert Aarch64 tuxrun tests to functional test
  - update Aarch64 tuxrun images to avoid corrupt blk I/O ops
  - auto-generate the TCG plugin API symbols to avoid missing them
  - fix rust pl011 model handling of DeviceID regs
  - update docs to refer to "commonly known identity"
  - convert aspeed tests to functional framework and remove hacky sleeps

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmdEZXEACgkQ+9DbCVqe
# KkRdMAf+JoSdKn3ck/eji270bZ2Y3evgDuP/qOZlcBtUJJ7+bUvhEOnBMApwKRD8
# u63hz7M4LIV5k3mezlEADf+oEpZ2FR3nIDM0dTY2CXYZm6av+0dNV0qFhXwjkslk
# aqJLiJYgNl3wsyn/ftYNLiBhCid0sOGMvEOFZI6ELBh5KH8eiNdyrsaD0GSmpwZi
# BsZUi8TOKy6EBeWnco/FLBV8ZVZUHuHNBl84jUY/8g7cxGMJfK8KoqMJ5XYoiQoJ
# 1dYDqFmoP24iQRks6K6beFRdS/CBet36Nhsv7We/gf17Msw5uFo7Cho+touRCMrK
# AmVKFdOX/OqJAHqlEKquYAD7bPjpaA==
# =Xa/M
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 25 Nov 2024 11:54:25 GMT
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* tag 'pull-9.2-rc2-updates-251124-1' of https://gitlab.com/stsquad/qemu: (28 commits)
  tests/functional: Remove sleep workarounds from Aspeed tests
  tests/functional: Convert Aspeed arm SDK tests
  tests/functional: Convert Aspeed aarch64 SDK tests
  docs: explicitly permit a "commonly known identity" with SoB
  rust/pl011: Fix range checks for device ID accesses
  plugins: eradicate qemu-plugins.symbols static file
  plugins: detect qemu plugin API symbols from header
  plugins: add missing export for qemu_plugin_num_vcpus
  tests/functional: update the aarch64 tuxrun tests
  tests/functional: Convert the Avocado aarch64 tuxrun tests
  tests/functional: avoid accessing log_filename on earlier failures
  tests/functional: add a QMP backdoor for debugging stalled tests
  tests/functional: remove time.sleep usage from tuxrun tests
  tests/functional: rewrite console handling to be bytewise
  tests/functional: require non-NULL success_message for console wait
  tests/functional: don't try to wait for the empty string
  tests/functional: logs details of console interaction operations
  tests/functional: enable debug logging for QEMUMachine
  tests/functional: honour requested test VM name in QEMUMachine
  tests/functional: put QEMUMachine logs in testcase log directory
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

virtio-net: Add queues before loading them

Call virtio_net_set_multiqueue() to add queues before loading their
states. Otherwise the loaded queues will not have handlers and elements
in them will not be processed.

Cc: qemu-stable@nongnu.org
Fixes: 8c49756825da ("virtio-net: Add only one queue pair when realizing")
Reported-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>

migration: Fix extra cleanup at postcopy listen

After fixing the loadvm cleanup race the qemu_loadvm_state_cleanup()
is now being called twice in the postcopy listen thread.

Fixes: 4ce5622908 ("migration/multifd: Fix rb->receivedmap cleanup race")
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20241125191128.9120-1-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>

migration: Allow pipes to keep working for fd migrations

Libvirt may still use pipes for old file migrations in fd: URI form,
especially when loading old images dumped from Libvirt's compression
algorithms.

In that case, Libvirt needs to compress / uncompress the images on its own
over the migration binary stream, and pipes are passed over to QEMU for
outgoing / incoming migrations in "fd:" URIs.

For future such use case, it should be suggested to use mapped-ram when
saving such VM image.  However there can still be old images that was
compressed in such way, so libvirt needs to be able to load those images,
uncompress them and use the same pipe mechanism to pass that over to QEMU.

It means, even if new file migrations can be gradually moved over to
mapped-ram (after Libvirt start supporting it), Libvirt still needs the
uncompressor for the old images to be able to load like before.

Meanwhile since Libvirt currently exposes the compression capability to
guest images, it may needs its own lifecycle management to move that over
to mapped-ram, maybe can be done after mapped-ram saved the image, however
Dan and PeterK raised concern on temporary double disk space consumption.
I suppose for now the easiest is to enable pipes for both sides of "fd:"
migrations, until all things figured out from Libvirt side on how to move
on.

And for "channels" QMP interface support on "migrate" / "migrate-incoming"
commands, we'll also need to move away from pipe.  But let's leave that for
later too.

So far, still allow pipes to happen like before on both save/load sides,
just like we would allow sockets to pass.

Cc: qemu-stable <qemu-stable@nongnu.org>
Cc: Fabiano Rosas <farosas@suse.de>
Cc: Peter Krempa <pkrempa@redhat.com>
Cc: Daniel P. Berrangé <berrange@redhat.com>
Fixes: c55deb860c ("migration: Deprecate fd: for file migration")
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20241120160132.3659735-1-peterx@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>

Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging

Block layer patches

- Fix qmp_device_add() to not throw non-scalar options away (fixes
  iothread-vq-mapping being silently ignored in device_add)
- Fix qdev property crash with integer PCI addresses and JSON -device
- iotests: Fix mypy failure
- parallels: Avoid potential integer overflow
- ssh: libssh broke with non-blocking sessions, use a blocking one for now
- Fix crash in migration_is_running()

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmdES74RHGt3b2xmQHJl
# ZGhhdC5jb20ACgkQfwmycsiPL9abFQ//fGmBl3Jp99GWB1R0y49/hPhfj0166UGj
# zeEmhdy+k6gKywyhVy0Fj0xLztDTb/2bGflrwtDDxYA0PBLel461QSeJUzwDsn9h
# ZGLyFrosXgIPADP55RF1wJ6c+m13MX4jVy80Neh2jemhinMazjj3ADb4RdCf0B4M
# XoYOy96goDFPlzZNvr08dlaDvJaD5QmPYX8nK7TaZqZOSYvdSRWMuB+QQCPj+qEf
# UfpBo3beNsxedNu/1wKS1Nc6FVX7VHKoMzhDLAvxkYMBKcCg9l5lEAGrgp61O+79
# nYZmPtEG5RHsMNBCZtk8zZMIHPg2Ydxpj3jOV3eA0rF4Twk/fPrOOfBEUHT6PapX
# tCS1UJtgyQA2GTULiax3vKV4yBSpmUzbhjddNwBkW7uG1md67d17nqbjkEhHVxZL
# yMuauFRCx5onzE0TSgTYEMAmAgD9oawuGUqBiNCOqJlTbGZwJ9l7jtwP4Bl1gskk
# pWzL/PLP8MkVf50dcP0QBPNHn85/oZOwv5yNr2Z893qNQhh/0xqCEFwqSq2SJOkg
# vKd/bAusgmicoh1XD0o0+mv2ewZor/JghrU83YDPKWM1MmOwePZ8wRTx9pJtZWvq
# Pnc71397zppHIw7aIWKYDoyQ3aeaoTM/oY2Q5Y7et6c/FvGW5JtFjsPCGbgm9mw+
# +6JA51ujtYU=
# =oLdE
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 25 Nov 2024 10:04:46 GMT
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
  ssh: Do not switch session to non-blocking mode
  vl: use qmp_device_add() in qemu_create_cli_devices()
  qdev-monitor: avoid QemuOpts in QMP device_add
  tests/avocado/hotplug_blk: Fix addr in device_add command
  qdev: Fix set_pci_devfn() to visit option only once
  python: silence pylint raising-non-exception error
  python: disable too-many-positional-arguments warning
  iotests: correct resultclass type in ReproducibleTestRunner
  iotests: reflow ReproducibleTestRunner arguments
  parallels: fix possible int overflow

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEIV1G9IJGaJ7HfzVi7wSWWzmNYhEFAmdEEtgACgkQ7wSWWzmN
# YhH5qAgAlKdcx/gFt4EBXtjVq/qbPluEGOQxvcRYLlN90rPLHPgCjAoT5ly3fIv1
# 4kCgcVZyG8SdGu1n0TzTTS9kg5tL7weQ9xEWwF0oyyuZABgAB7w/wpC8MHSkJFOn
# 2Tv+2Iab0dJ+e1pw71OMpE/YR5X2xq5vopsSHRtnyGWfRPGswJFwka+f8FS5DSiq
# 2CeNxADgTkPxJgDmOrNSsAPz8Rns77FAZdvDMqFjx1Lrqm8kPv9jzwOMO+a/2LpC
# t6OkpFzGjiiskPjSnSn/tzo4TfWYoABjJaI7b3vEqmNEJSTAaxltZNtSXZucctEt
# 1ihnFdjr/wPwGK/5Wu+qGnfDbFNxBw==
# =W4y1
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 25 Nov 2024 06:02:00 GMT
# gpg:                using RSA key 215D46F48246689EC77F3562EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* tag 'net-pull-request' of https://github.com/jasowang/qemu:
  virtio-net: Copy received header to buffer
  virtio-net: Initialize hash reporting values
  virtio-net: Fix hash reporting when the queue changes
  virtio-net: Do not check for the queue before RSS
  virtio-net: Fix size check in dhclient workaround
  net: checksum: Convert data to void *

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tests/functional: Remove sleep workarounds from Aspeed tests

These were introduced in the avocado tests to workaround read issues
when interacting with console. They are no longer necessary and we can
use the expected "login:" string or the command prompt now. Drop the
last use of exec_command.

Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20241122090322.1934697-4-clg@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

tests/functional: Convert Aspeed arm SDK tests

Drop the SSH connection which was introduced in the avocado tests to
workaround read issues when interacting with console.

EXTRA_BOOTARGS was introduced to reduce the console output at Linux
boot time. This didn't have the desired effect as we still had issues
when trying to match patterns on the console and we had to use the ssh
connection as a workaround.

While at it, remove the U-Boot EXTRA_BOOTARGS variable which has
become useless.

Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20241122090322.1934697-3-clg@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

tests/functional: Convert Aspeed aarch64 SDK tests

Drop the SSH connection which was introduced in the avocado tests to
workaround read issues when interacting with console.

Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20241122090322.1934697-2-clg@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

docs: explicitly permit a "commonly known identity" with SoB

The docs for submitting a patch describe using your "Real Name" with
the Signed-off-by line. Although somewhat ambiguous, this has often
been interpreted to mean someone's legal name.

In recent times, there's been a general push back[1] against the notion
that use of Signed-off-by in a project automatically requires / implies
the use of legal ("real") names and greater awareness of the downsides.

Full discussion of the problems of such policies is beyond the scope of
this commit message, but at a high level they are liable to marginalize,
disadvantage, and potentially result in harm, to contributors.

TL;DR: there are compelling reasons for a person to choose distinct
identities in different contexts & a decision to override that choice
should not be taken lightly.

A number of key projects have responded to the issues raised by making
it clear that a contributor is free to determine the identity used in
SoB lines:

 * Linux has clarified[2] that they merely expect use of the
   contributor's "known identity", removing the previous explicit
   rejection of pseudonyms.

 * CNCF has clarified[3] that the real name is simply the identity
   the contributor chooses to use in the context of the community
   and does not have to be a legal name, nor birth name, nor appear
   on any government ID.

Since we have no intention of ever routinely checking any form of ID
documents for contributors[4], realistically we have no way of knowing
anything about the name they are using, except through chance, or
through the contributor volunteering the information. IOW, we almost
certainly already have people using pseudonyms for contributions.

This proposes to accept that reality and eliminate unnecessary friction,
by following Linux & the CNCF in merely asking that a contributors'
commonly known identity, of their choosing, be used with the SoB line.

[1] Raised in many contexts at many times, but a decent overall summary
    can be read at https://drewdevault.com/2023/10/31/On-real-names.html
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d4563201f33a022fc0353033d9dfeb1606a88330
[3] https://github.com/cncf/foundation/blob/659fd32c86dc/dco-guidelines.md
[4] Excluding the rare GPG key signing parties for regular maintainers

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20241021190939.1482466-1-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-40-alex.bennee@linaro.org>

rust/pl011: Fix range checks for device ID accesses

The peripheral and PrimeCell identification registers of pl011 are located at
offset 0xFE0 - 0xFFC. To check if a read falls to such registers, the C
implementation checks if the offset-shifted-by-2 (not the offset itself) is in
the range 0x3F8 - 0x3FF.

Use the same check in the Rust implementation.

This fixes the timeout of the following avocado tests:

  * tests/avocado/boot_linux_console.py:BootLinuxConsole.test_arm_virt
  * tests/avocado/replay_kernel.py:ReplayKernelNormal.test_arm_virt
  * tests/avocado/replay_kernel.py:ReplayKernelNormal.test_arm_vexpressa9

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Junjie Mao <junjie.mao@hotmail.com>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <SY0P300MB102644C4AC34A3AAD75DC4D5955C2@SY0P300MB1026.AUSP300.PROD.OUTLOOK.COM>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-39-alex.bennee@linaro.org>

plugins: eradicate qemu-plugins.symbols static file

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20241112212622.3590693-4-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-38-alex.bennee@linaro.org>

plugins: detect qemu plugin API symbols from header

Instead of using a static file (error prone and hard to keep in sync),
we generate it using a script.

Note: if a symbol is not exported, we'll now notice it when linking for
Windows/MacOS platforms.

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20241112212622.3590693-3-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-37-alex.bennee@linaro.org>

plugins: add missing export for qemu_plugin_num_vcpus

Fixes: 4a448b148ca ("plugins: add qemu_plugin_num_vcpus function")
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20241112212622.3590693-2-pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-36-alex.bennee@linaro.org>

tests/functional: update the aarch64 tuxrun tests

Now there are new up to date images available we should update to them.
With the new rootfs the blk I/O errors also go away on arm64be.

Cc: Anders Roxell <anders.roxell@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-22-alex.bennee@linaro.org>

tests/functional: Convert the Avocado aarch64 tuxrun tests

Move the tests to a new file so that they can be run via
qemu-system-aarch64 in the functional framework.

Since these were the last tests in tests/avocado/tuxrun_baselines.py,
we can now remove that file, too.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-20-alex.bennee@linaro.org>

tests/functional: avoid accessing log_filename on earlier failures

If a failure occurs early in the QemuBaseTest constructor, the
'log_filename' object atttribute may not exist yet. This happens
most notably if the QEMU_TEST_QEMU_BINARY is not set. We can't
initialize 'log_filename' earlier as we use the binary to identify
the architecture which is then used to build the path in which the
logs are stored.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-19-berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-19-alex.bennee@linaro.org>

tests/functional: add a QMP backdoor for debugging stalled tests

Support the QEMU_TEST_QMP_BACKDOOR=backdoor.sock env variable as a
way to get a QMP backdoor for debugging a stalled QEMU test. Most
typically this would be used if running the tests directly:

 $ QEMU_TEST_QMP_BACKDOOR=backdoor.sock \
   QEMU_TEST_QEMU_BINARY=./build/qemu-system-arm \
   PYTHONPATH=./python \
   ./tests/functional/test_arm_tuxrun.py

And then, when the test stalls, in a second shell run:

 $ ./scripts/qmp/qmp-shell backdoor.sock

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-18-berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-18-alex.bennee@linaro.org>

tests/functional: remove time.sleep usage from tuxrun tests

The tuxrun tests send a series of strings to the guest to login
and then run commands. Since we have been unable to match on
console output that isn't followed by a newline, the test used
many time.sleep() statements to pretend to synchronize with
the guest.

This has proved to be unreliable for the aarch64be instance of
the tuxrun tests, with the test often hanging. The hang is a
very subtle timing problem, and it is suspected that some
(otherwise apparently harmless) I/O error messages could be
resulting in full FIFO buffers, stalling interaction with
the guest.

With the newly rewritten console interaction able to match
strings that don't have a following newline, the tux run
tests can now match directly on the login prompt, and/or
shell PS1 prompt.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2689
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-17-berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-17-alex.bennee@linaro.org>

tests/functional: rewrite console handling to be bytewise

The console interaction that waits for predicted strings uses
readline(), and thus is only capable of waiting for strings
that are followed by a newline.

This is inconvenient when needing to match on some things,
particularly login prompts, or shell prompts, causing tests
to use time.sleep(...) instead, which is unreliable.

Switch to reading the console 1 byte at a time, comparing
against the success/failure messages until we see a match,
regardless of whether a newline is encountered.

The success/failure comparisons are done with the python bytes
type, rather than strings, to avoid the problem of needing to
decode partially received multibyte utf8 characters.

Heavily inspired by a patch proposed by Cédric, but written
again to work in bytes, rather than strings.

Co-developed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-16-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-16-alex.bennee@linaro.org>

tests/functional: require non-NULL success_message for console wait

When waiting for expected output, the 'success_message' is a mandatory
parameter, with 'failure_message' defaulting to None.

The code has logic which indicates it was trying to cope with
'success_message' being None and 'failure_message' being non-None but
it does not appear able to actually do anything useful. The check for
'success_message is None' will break out of the loop before any check
for 'failure_message' has been performed.

IOW, for practcal purposes 'success_message' must be non-None unless
'send_string' is set. Assert this expectation and simplify the loop
logic.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-15-berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-15-alex.bennee@linaro.org>

tests/functional: don't try to wait for the empty string

Telling exec_command_wand_wait_for_pattern to wait for the empty
string does not make any conceptual sense, as a check for empty
string will always succeed. It makes even less sense when followed
by a call to wait_for_console_pattern() with a real match.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-14-berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-14-alex.bennee@linaro.org>

tests/functional: logs details of console interaction operations

When functional tests go wrong, it will often be related to the console
interaction wait state. By logging the messages that we're looking for,
and data we're about to be sending, it'll be easier to diagnose where
tests are getting stuck.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-13-berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-13-alex.bennee@linaro.org>

tests/functional: enable debug logging for QEMUMachine

Set the 'qemu.machine' logger to 'DEBUG' level, to ensure we see log
messages related to the QEMUMachine class. Most importantly this
ensures we capture the full QEMU command line args for instances we
spawn.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-12-berrange@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20241121165806.476008-12-alex.bennee@linaro.org>

tests/functional: honour requested test VM name in QEMUMachine

The functional test case class is going to the trouble of passing
around a machine name, but then fails to give this QEMUMachine. As
a result, QEMUMachine will create a completely random name. Since
log file names match the machine name, this results in log files
accumulating over time.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-11-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-11-alex.bennee@linaro.org>

tests/functional: put QEMUMachine logs in testcase log directory

We are not passing the 'log_dir' parameter to QEMUMachine, so the
QEMU stdout/err logs are being placed in a temp directory and thus
deleted after execution. This makes them inaccessible as gitlab
CI artifacts.

Pass the testcase log directory path into QEMUMachine to make the
logs persistent.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-10-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-10-alex.bennee@linaro.org>

tests/functional: honour self.workdir in ACPI bits tests

The ACPI bits test sets up its own private temporary directory into it
creates scratch files. This is justified by a suggestion that we need
to be able to preserve the scratch files. We have the ability to
preserve the scratch dir with our functional harness, so there's no
reason to diverge from standard practice in file placement.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-9-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-9-alex.bennee@linaro.org>

tests/functional: remove comments talking about avocado

The first comment is still relevant but should talk about our own test
harness instead. The second comment adds no value over reading the code
and can be removed.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-8-berrange@redhat.com>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-8-alex.bennee@linaro.org>

tests/functional: remove obsolete reference to avocado bug

Historical bugs in avocado related to zstd support are not relevant to
the code now that it uses QEMU's native test harness.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-7-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-7-alex.bennee@linaro.org>

tests/functional: remove leftover :avocado: tags

These tags are not honoured under the new functional test harness.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-6-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-6-alex.bennee@linaro.org>

tests/functional: remove todo wrt avocado.utils.wait_for

We're not using avocado anymore, so while the TODO item is still
relevant, suggesting use of avocado.utils is not.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-5-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-5-alex.bennee@linaro.org>

tests/functional: remove "AVOCADO" from env variable name

This env variable is a debugging flag to save screendumps in the
mips64el malta tests.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-4-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-4-alex.bennee@linaro.org>

tests/functional: automatically clean up scratch files after tests

The build/tests/functional subdirectories are consuming huge amounts
of disk space.

Split the location for scratch files into a 'scratch' sub-directory,
separate from log files, and delete it upon completion of each test.
The new env variable QEMU_TEST_KEEP_SCRATCH can be set to preserve
this scratch dir for debugging access if required.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-3-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-3-alex.bennee@linaro.org>

tests/functional: fix mips64el test to honour workdir

The missing directory separator resulted in the kernel file being
created 1 level higher than expected.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-2-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-2-alex.bennee@linaro.org>

ssh: Do not switch session to non-blocking mode

The libssh does not handle non-blocking mode in SFTP correctly. The
driver code already changes the mode to blocking for the SFTP
initialization, but for some reason changes to non-blocking mode.
This used to work accidentally until libssh in 0.11 branch merged
the patch to avoid infinite looping in case of network errors:

https://gitlab.com/libssh/libssh-mirror/-/merge_requests/498

Since then, the ssh driver in qemu fails to read files over SFTP
as the first SFTP messages exchanged after switching the session
to non-blocking mode return SSH_AGAIN, but that message is lost
int the SFTP internals and interpretted as SSH_ERROR, which is
returned to the caller:

https://gitlab.com/libssh/libssh-mirror/-/issues/280

This is indeed an issue in libssh that we should address in the
long term, but it will require more work on the internals. For
now, the SFTP is not supported in non-blocking mode.

Fixes: https://gitlab.com/libssh/libssh-mirror/-/issues/280
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Message-ID: <20241113125526.2495731-1-rjones@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

vl: use qmp_device_add() in qemu_create_cli_devices()

qemu_create_cli_devices() should use qmp_device_add() to match the
behavior of the QMP monitor. A comment explained that libvirt changes
implementing strict CLI syntax were needed.

Peter Krempa <pkrempa@redhat.com> has confirmed that modern libvirt uses
the same JSON for -device (CLI) and device_add (QMP). Go ahead and use
qmp_device_add().

Cc: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20240827192751.948633-3-stefanha@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qdev-monitor: avoid QemuOpts in QMP device_add

The QMP device_add monitor command converts the QDict arguments to
QemuOpts and then back again to QDict. This process only supports scalar
types. Device properties like virtio-blk-pci's iothread-vq-mapping (an
array of objects) are silently dropped by qemu_opts_from_qdict() during
the QemuOpts conversion even though QAPI is capable of validating them.
As a result, hotplugging virtio-blk-pci devices with the
iothread-vq-mapping property does not work as expected (the property is
ignored).

Get rid of the QemuOpts conversion in qmp_device_add() and call
qdev_device_add_from_qdict() with from_json=true. Using the QMP
command's QDict arguments directly allows non-scalar properties.

The HMP is also adjusted since qmp_device_add()'s now expects properly
typed JSON arguments and cannot be used from HMP anymore. Move the code
that was previously in qmp_device_add() (with QemuOpts conversion and
from_json=false) into hmp_device_add() so that its behavior is
unchanged.

This patch changes the behavior of QMP device_add but not HMP
device_add. QMP clients that sent incorrectly typed device_add QMP
commands no longer work. This is a breaking change but clients should be
using the correct types already. See the netdev_add QAPIfication in
commit db2a380c8457 for similar reasoning and object-add in commit
9151e59a8b6e. Unlike those commits, we continue to rely on 'gen': false
for the time being.

Markus helped me figure this out and even provided a draft patch. The
code ended up very close to what he suggested.

Suggested-by: Markus Armbruster <armbru@redhat.com>
Cc: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20240827192751.948633-2-stefanha@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

tests/avocado/hotplug_blk: Fix addr in device_add command

pci_devfn properties accept both integer and string values, but
integer 1 and string '1' have different meanings: The integer value
means device 0, function 1 whereas the string value '1' is short for
'1.0' and means device 1, function 0.

This test wants the string version so that the device actually becomes
visible for the guest. device_add hides the problem because it goes
through QemuOpts, which turns all properties into strings - this is a
QEMU bug that we want to fix, but that cancelled out the bug in this
test.

Fix the test first so that device_add can be fixed afterwards.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20241122224042.149258-1-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

qdev: Fix set_pci_devfn() to visit option only once

pci_devfn properties accept either a string or an integer as input. To
implement this, set_pci_devfn() first tries to visit the option as a
string, and if that fails, it visits it as an integer instead. While the
QemuOpts visitor happens to accept this, it is invalid according to the
visitor interface. QObject input visitors run into an assertion failure
when this is done.

QObject input visitors are used with the JSON syntax version of -device
on the command line:

$ ./qemu-system-x86_64 -enable-kvm -M q35 -device pcie-pci-bridge,id=pci.1,bus=pcie.0 -blockdev null-co,node-name=disk -device '{ "driver": "virtio-blk-pci", "drive": "disk", "id": "virtio-disk0", "bus": "pci.1", "addr": 1 }'
qemu-system-x86_64: ../qapi/qobject-input-visitor.c:143: QObject *qobject_input_try_get_object(QObjectInputVisitor *, const char *, _Bool): Assertion `removed' failed.

The proper way to accept both strings and integers is using the
alternate mechanism, which tells us the type of the input before it's
visited. With this information, we can directly visit it as the right
type.

This fixes set_pci_devfn() by using the alternate mechanism.

Cc: qemu-stable@nongnu.org
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20241119120353.57812-1-kwolf@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

python: silence pylint raising-non-exception error

As of (at least) pylint 3.3.1, this code trips pylint up into believing
we are raising something other than an Exception. We are not: the first
two values may indeed be "None", but the last and final value must by
definition be a SystemExit exception.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20241101173700.965776-5-jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

python: disable too-many-positional-arguments warning

Newest versions of pylint complain about specifically positional
arguments in addition to too many in general. We already disable the
general case, so silence this new warning too.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20241101173700.965776-4-jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

iotests: correct resultclass type in ReproducibleTestRunner

I have a vague memory that I suggested this base class to Vladimir and
said "Maybe someday it will break, and I'll just fix it then." Guess
that's today.

Fixes various mypy errors in the "make check-tox" python test for at
least Python3.8; seemingly requires a fairly modern mypy and/or Python
base version to trigger.

Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20241101173700.965776-3-jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

iotests: reflow ReproducibleTestRunner arguments

Trivial reflow to let the type names breathe.

(I need to add a longer type name.)

Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20241101173700.965776-2-jsnow@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

parallels: fix possible int overflow

The sum "cluster_index + count" may overflow uint32_t.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Message-ID: <20241106080521.219255-2-frolov@swemel.ru>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

virtio-net: Copy received header to buffer

receive_header() used to cast the const qualifier of the pointer to the
received packet away to modify the header. Avoid this by copying the
received header to buffer.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>

virtio-net: Initialize hash reporting values

The specification says hash_report should be set to
VIRTIO_NET_HASH_REPORT_NONE if VIRTIO_NET_F_HASH_REPORT is negotiated
but not configured with VIRTIO_NET_CTRL_MQ_RSS_CONFIG. However,
virtio_net_receive_rcu() instead wrote out the content of the extra_hdr
variable, which is not uninitialized in such a case.

Fix this by zeroing the extra_hdr.

Fixes: e22f0603fb2f ("virtio-net: reference implementation of hash report")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>

virtio-net: Fix hash reporting when the queue changes

virtio_net_process_rss() fills the values used for hash reporting, but
the values used to be thrown away with a recursive function call if
the queue changes after RSS. Avoid the function call to keep the values.

Fixes: a4c960eedcd2 ("virtio-net: Do not write hashes to peer buffer")
Buglink: https://issues.redhat.com/browse/RHEL-59572
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>

virtio-net: Do not check for the queue before RSS

virtio_net_can_receive() checks if the queue is ready, but RSS will
change the queue to use so, strictly speaking, we may still be able to
receive the packet even if the queue initially provided is not ready.
Perform RSS before virtio_net_can_receive() to cover such a case.

Fixes: 4474e37a5b3a ("virtio-net: implement RX RSS processing")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>

virtio-net: Fix size check in dhclient workaround

work_around_broken_dhclient() accesses IP and UDP headers to detect
relevant packets and to calculate checksums, but it didn't check if
the packet has size sufficient to accommodate them, causing out-of-bound
access hazards. Fix this by correcting the size requirement.

Fixes: 1d41b0c1ec66 ("Work around dhclient brokenness")
Cc: qemu-stable@nongnu.org
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>

net: checksum: Convert data to void *

Convert the data parameter of net_checksum_calculate() to void * to
save unnecessary casts for callers.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>

Merge tag 'pull-lu-20241122' of https://gitlab.com/rth7680/qemu into staging

linux-user: Fix strace output for s390x mmap()
linux-user: Print tid not pid with strace

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmdA59IdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+YfAf9E41MJqZhhtWIHJW7
# z+mDw3Yr4Lgvmu2q3PmvOfM9YfvT3HFCh4gQRDaZbd3zy3c73S1/xSwBF2MQhElf
# Ml5mEUXtZGrK6Z/hq0QfS2mOGdwsydy+OpEtaw7YhVCMxMapnMi8rvSKe5XRpy/2
# vragLVvJxISS6TnnJ/5RcnmajRLzgGIj7Ej4lbCyViOKhDPXMCr77+jOPHSxUt4R
# PQMPzUPJG8Y7j+YR4fQng6700XaqIu8hcn7o0RSghdWEvF+fPaJZDlF32V+yD2Jj
# sAvtRsiwLM54rycMJUrQ274IYPIhxyxlgWT0mIIb9fXYdYTHcpZ+ggQ/mSKg+8QQ
# 9tmsRg==
# =pR93
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 22 Nov 2024 20:21:38 GMT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-lu-20241122' of https://gitlab.com/rth7680/qemu:
  linux-user: Fix strace output for s390x mmap()
  linux-user: Print tid not pid with strace

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

linux-user: Fix strace output for s390x mmap()

print_mmap() assumes that mmap() receives arguments via memory if
mmap2() is present. s390x (as opposed to s390) does not fit this
pattern: it does not have mmap2(), but mmap() still receives arguments
via memory.

Fix by sharing the detection logic between syscall.c and strace.c.

Cc: qemu-stable@nongnu.org
Fixes: d971040c2d16 ("linux-user: Fix strace output for old_mmap")
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-ID: <20241120212717.246186-1-iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

linux-user: Print tid not pid with strace

This aligns with strace, and is very useful when tracing multi-threaded
programs. The result is the same in single-threaded programs.

Signed-off-by: J. Neuschäfer <j.neuschaefer@gmx.net>
Message-Id: 20241024-strace-v1-1-56c4161431cd@gmx.net
[rth: Use TaskState.ts_tid via get_task_state()]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Update version for v9.2.0-rc1 release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* target/i386: fix warning on macOS
* target/i386: fix coverity barfing on vmport and smp cache support
* scsi: fix off by one

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmc9LakUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroN1xgf9EuVeHhPtmqTdBElmbCv5wT2Fj5+i
# bWReQRHY6Q99QIte2ztBLyM9Slh5ak7QX9uMAbMLK+G9cq8gS8IqfoMeE6DAMtCK
# PnhFJphkBuxymqIUjd/miJlIUxt2+sePzqdP05UVC9jCPAi6BxuuYOqfSW6z/Ql4
# ffqox3Wwgh1b9cm2a5YzSaT5plYbY7Zw7Tba4HDS1UmLGkAOL9o99t3ctGSRKIYE
# J2Al5bw5PQUn2rPk/bhiZ0vOYpXkm26WDlbdq6iNFCcxTBRC1J6rcS7aHsV2POET
# LuKkIBXLu2Q8WrDU8ifXwjSUbrJA0wmvSaJsRQmzVm87+kODNJ5BHemiNg==
# =eJuY
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 20 Nov 2024 00:30:33 GMT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  scsi: fix allocation for s390x loadparm
  hw/core/machine-smp: Fix error message parameter
  hw/core/machine-smp: Initialize caches_bitmap before reading
  hvf: remove unused but set variable
  hw/i386/pc: Remove vmport value assertion

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge tag 'pull-aspeed-20241119' of https://github.com/legoater/qemu into staging

aspeed queue:

* Restructured the "Boot options" section in the aspeed documentation

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmc8140ACgkQUaNDx8/7
# 7KHcNA//ZGDHZxeeATYDuvTx2o/gYsQKe2F3NFnaR9zSFTDe5yeA49e0SwOeqUN9
# /jHEL5X/6tXWiw+Od0vGbBbbKDuyZf5aMtMYLjObSaD0tAMl5m7NFcP8CjP7Wfrr
# Y/BdbbDZd3PIo8RnqALE02YGqLcjroyVtIw4mD/S1zN/nl30tV61M9fqzx9de4jo
# qMrrixDC+URqOQ2qOn8nfeHLxCirTSbI/yxoBJEyfjeRfFVdLV2P219pQBaY68mD
# zq0ioSNKgXS0Cuj4Ksy0YcXP3NRRU7mTc8G+D1hTAJg5wd27WDlrnA7Q0JvNvASJ
# LiGGrif2QqrgIGr8qJ7C2sqYAQ2gToBa+KGWE491F+Dx3mFeB+naSxhEwvRezhV6
# Qrt5aODiGhc2BICG74UJITms5W1TmwLfmc7uK8WyoKxJWidD/OZINiM4lpjBUTvV
# B5mWpDSq05h98EYnsYeSrHstWw7s8JSxA5mzG4u7pasvao8sioX8IOFvpFIt53pv
# 8D+mcBA+vSc4KbuxWvTnw/0iuBRDGw39JrFr31BvJr9kKJ++VGFmsk7RSGmlKTJ/
# o/CspDP7MM8NWH9Kp/bkJC8MW5njaP4QCtni/z8ka4ivnHg1C2TUmw9uDkoU28Z2
# e/hWp1ru51rm47UerJMeooqqtc3ACXYm1TCDKK0kFWaDVOnzD98=
# =cCyK
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 19 Nov 2024 18:23:09 GMT
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg:                 aka "Cédric Le Goater <clg@kaod.org>" [full]
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-aspeed-20241119' of https://github.com/legoater/qemu:
  docs: aspeed: Reorganize the "Boot options" section

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

scsi: fix allocation for s390x loadparm

Coverity reports a possible buffer overrun due to a non-NUL-terminated
string in scsi_property_set_loadparm().  While things are not so easy,
because qdev_prop_sanitize_s390x_loadparm is designed to operate on a
buffer that is not NUL-terminated, in this case the string *does* have
to be NUL-terminated because it is read by scsi_property_get_loadparm
and s390_build_iplb.

Reviewed-by: jrossi@linux.ibm.com
Cc: thuth@redhat.com
Fixes: 429442e52d9 ("hw: Add "loadparm" property to scsi disk devices for booting on s390x", 2024-11-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

docs: aspeed: Reorganize the "Boot options" section

Add subsubsections for possible boot methods and introduce a new
section on eMMC boot support for the ast2600-evb and rainier-emmc
machines, boot partitions assumptions and limitations.

Acked-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Jan Luebbe <jlu@pengutronix.de>
Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Signed-off-by: Cédric Le Goater <clg@redhat.com>

hw/core/machine-smp: Fix error message parameter

In the loop checking smp cache support, the error message should report
the current cache level and type.

Fix the parameter of error_setg() to ensure it reports the correct cache
level and type.

Resolves: Coverity CID 1565391
Fixes: f35c0221fef8 ("hw/core: Check smp cache topology support for machine")
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/20241110150901.130647-3-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

hw/core/machine-smp: Initialize caches_bitmap before reading

The caches_bitmap is defined in machine_parse_smp_cache(), but it was
not initialized.

Initialize caches_bitmap by clearing all its bits to zero.

Resolves: Coverity CID 1565389
Fixes: 4e88e7e3403d ("qapi/qom: Define cache enumeration and properties for machine")
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/20241110150901.130647-2-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

hvf: remove unused but set variable

fixes associated warning when building on MacOS.

Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Link: https://lore.kernel.org/r/20241023182922.1040964-1-pierrick.bouvier@linaro.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

hw/i386/pc: Remove vmport value assertion

There is no need for this assertion here, as we only use vmport value
for equality/inequality checks. This was originally prompted by the
following Coverity report:
 >>> CID 1559533:  Integer handling issues (CONSTANT_EXPRESSION_RESULT)
 >>> "pcms->vmport >= 0" is always true regardless of the values of
 >>> its operands. This occurs as the logical first operand of "&&".

Signed-off-by: Kamil Szczęk <kamil@szczek.dev>
Reported-By: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/ZwF9ZexNs1h-uC0MrbkgGtMtdyLinROjVSmMNVzNftjGVWgOiuzdD1dSXEtzNH7OHbBFY6GVDYVFIDBgc3lhGqCOb7kaNZolSBkVyl3rNr4=@szczek.dev
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Merge tag 'pull-target-arm-20241119' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * hw/timer/exynos4210_mct: fix possible int overflow
 * hw/net/rocker/rocker_of_dpa.c: Remove superfluous error check
 * hw/intc/openpic: Avoid taking address of out-of-bounds array index
 * hw/watchdog/cmsdk_apb_watchdog: Fix INTEN issues
 * arm/ptw: Honour WXN/UWXN and SIF in short-format descriptors
 * hw/intc/loongarch_extioi: Use set_bit32() and clear_bit32() to avoid UB
 * system/dma-helpers.c: Move trace events to system/trace-events
 * target/arm/hvf: Add trace.h header
 * trace: Don't include trace-root.h in control.c or control-target.c

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmc8nrwZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3n2nEACc4N7TI2QFbuqa1k4G+C5y
# 1bpWVnkPjeqnTGUyYshtl/ByZi+IH4RDFqlCJxUYgfSvfD74+u78haXcx/ukZL/x
# zNbNu/hjP0v6nQF+upzRcQip5PIBjkbIUJSC3ga90HbsNWv8rvTjVSwQmstQ2b8J
# 9mCNA2ri+NVJ4+kBL5xRSzDqxdu/7sC/eooYfcETlVXcnvL/oMWoF//iThvkaBve
# LyySM+PS1Ni4oApx6LY9VpLzabtaCXh5R4yDMsFW0WucKZf58lm9Z1yU2wdPjuwj
# uauHBbQnJy03LazprIyVNXlaT7SI2Qr+7CV4lAco66DoBsaIP16+Kby1XILbY8qo
# JjJmuNQ8DA9c7F9bPqagZ0PLVRy9Wj0UiXKuqaTHrnnKzbgBprPCApR8bj0XPISs
# xv6qsSrd4u9joSCkrD3XEC9ddzdWMi1xN1Hfw+lkuHOvnWKJJ7O3hortuupGhpeq
# h90VBQ8Gb9S15BlLPfSmSmiO+XjRWU53CcZasQew5bFBIMEha1sPnwz01/KrSZqG
# sN/nBBuVUhT6YjRY/7k7tqT1ATigXrEZPtRgCjap7W+zIILWaO9QUb2y2LlJfofp
# febu0L++xw1JvtHnNin1vImmM5rgCMLMLx3QQ5Kq9jc5ytKnZwzJarLV4LbqIpuv
# h1QzI2SJQXsL2zfBem/0yg==
# =lqA0
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 19 Nov 2024 14:20:44 GMT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20241119' of https://git.linaro.org/people/pmaydell/qemu-arm:
  trace: Don't include trace-root.h in control.c or control-target.c
  target/arm/hvf: Add trace.h header
  system/dma-helpers.c: Move trace events to system/trace-events
  hw/intc/loongarch_extioi: Use set_bit32() and clear_bit32() for s->isr
  hw/intc/arm_gicv3: Use bitops.h uint32_t bit array functions
  bitops.h: Define bit operations on 'uint32_t' arrays
  arm/ptw: Honour WXN/UWXN and SIF in short-format descriptors
  arm/ptw: Make get_S1prot accept decoded AP
  tests/qtest/cmsdk-apb-watchdog-test: Test INTEN as counter enable
  tests/qtest/cmsdk-apb-watchdog-test: Don't abort on assertion failure
  tests/qtest/cmsdk-apb-watchdog-test: Parameterize tests
  hw/watchdog/cmsdk_apb_watchdog: Fix INTEN issues
  hw/intc/openpic: Avoid taking address of out-of-bounds array index
  hw/net/rocker/rocker_of_dpa.c: Remove superfluous error check
  hw/timer/exynos4210_mct: fix possible int overflow

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

trace: Don't include trace-root.h in control.c or control-target.c

The trace-root.h file has the definitions of trace events for
the top-level trace-events file (i.e. for those events which are
used in source files in the root of the source tree). There's
no particular need for trace/control.c or trace/control-target.c
to include this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20241108162909.4080314-4-peter.maydell@linaro.org

target/arm/hvf: Add trace.h header

The documentation for trace events says that every subdirectory which
has trace events should have a trace.h header, whose only content is
an include of the trace/trace-<subdir>.h file.

When we added the trace events in target/arm/hvf/ we forgot to create
this file and instead hvf.c directly includes
trace/trace-target_arm_hvf.h.

Create the standard trace.h file to bring this into line with the
convention.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20241108162909.4080314-3-peter.maydell@linaro.org

system/dma-helpers.c: Move trace events to system/trace-events

The dma-helpers.c file is in the system/ subdirectory, but it
defines its trace events in the root trace-events file. Move
them to the system/trace-events file where they more naturally
belong.

Fixes: 800d4deda0 ("softmmu: move more files to softmmu/")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20241108162909.4080314-2-peter.maydell@linaro.org

hw/intc/loongarch_extioi: Use set_bit32() and clear_bit32() for s->isr

In extioi_setirq() we try to operate on a bit array stored as an
array of uint32_t using the set_bit() and clear_bit() functions
by casting the pointer to 'unsigned long *'.
This has two problems:
 * the alignment of 'uint32_t' is less than that of 'unsigned long'
   so we pass an insufficiently aligned pointer, which is
   undefined behaviour
 * on big-endian hosts the 64-bit 'unsigned long' will have
   its two halves the wrong way around, and we will produce
   incorrect results

The undefined behaviour is shown by the clang undefined-behaviour
sanitizer when running the loongarch64-virt functional test:

/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/include/qemu/bitops.h:41:5: runtime error: store to misaligned address 0x555559745d9c for type 'unsigned long', which requires 8 byte alignment
0x555559745d9c: note: pointer points here
  ff ff ff ff 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
              ^
    #0 0x555556fb81c4 in set_bit /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/include/qemu/bitops.h:41:9
    #1 0x555556fb81c4 in extioi_setirq /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/clang/../../hw/intc/loongarch_extioi.c:65:9
    #2 0x555556fb6e90 in pch_pic_irq_handler /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/clang/../../hw/intc/loongarch_pch_pic.c:75:5
    #3 0x555556710265 in serial_ioport_write /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/clang/../../hw/char/serial.c

Fix these problems by using set_bit32() and clear_bit32(),
which work with bit arrays stored as an array of uint32_t.

Cc: qemu-stable@nongnu.org
Fixes: cbff2db1e92f8759 ("hw/intc: Add LoongArch extioi interrupt controller(EIOINTC)")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Message-id: 20241108135514.4006953-4-peter.maydell@linaro.org

hw/intc/arm_gicv3: Use bitops.h uint32_t bit array functions

Now we have official uint32_t bit array functions in bitops.h, use
them instead of the hand-rolled local versions.

We retain gic_bmp_replace_bit() because bitops doesn't provide that
specific functionality.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20241108135514.4006953-3-peter.maydell@linaro.org

bitops.h: Define bit operations on 'uint32_t' arrays

Currently bitops.h defines a set of operations that work on
arbitrary-length bit arrays.  However (largely because they
originally came from the Linux kernel) the bit array storage is an
array of 'unsigned long'.  This is OK for the kernel and even for
parts of QEMU where we don't really care about the underlying storage
format, but it is not good for devices, where we often want to expose
the storage to the guest and so need a type that is not
variably-sized between host OSes.

We already have a workaround for this in the GICv3 model:
arm_gicv3_common.h defines equivalents of the bit operations that
work on uint32_t.  It turns out that we should also be using
something similar in hw/intc/loongarch_extioi.c, which currently
casts a pointer to a uint32_t array to 'unsigned long *' in
extio_setirq(), which is both undefined behaviour and not correct on
a big-endian host.

Define equivalents of the set_bit() function family which work
with a uint32_t array.

(Cc stable because we're about to provide a bugfix to
loongarch_extioi which will depend on this commit.)

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20241108135514.4006953-2-peter.maydell@linaro.org

arm/ptw: Honour WXN/UWXN and SIF in short-format descriptors

Currently the handling of page protection in the short-format
descriptor is open-coded. This means that we forgot to update
it to handle some newer architectural features, including:
 * handling of SCTLR.{UWXN,WXN}
 * handling of SCR.SIF

Make the short-format descriptor code call the same get_S1prot()
that we already use for the LPAE descriptor format. This makes
the code simpler and means it now correctly honours the WXN/UWXN
and SIF bits.

Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Message-id: 20241118152537.45277-1-paskripkin@gmail.com
[PMM: fixed a couple of checkpatch nits, tweaked commit message]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

arm/ptw: Make get_S1prot accept decoded AP

AP in armv7 short descriptor mode has 3 bits and also domain, which
makes it incompatible with other arm schemas.

To make it possible to share get_S1prot between armv8, armv7 long
format, armv7 short format and armv6 it's easier to make caller
decode AP.

Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Message-id: 20241118152526.45185-1-paskripkin@gmail.com
[PMM: fixed checkpatch nit]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tests/qtest/cmsdk-apb-watchdog-test: Test INTEN as counter enable

The following tests focus on making sure the counter is not running
out of reset and the proper use of INTEN as the counter enable. As
described in:

https://developer.arm.com/documentation/ddi0479/d/apb-components/apb-watchdog/programmers-model

The new tests have to target an MPS2 machine because the original
machine used by the test (stellaris) has a variation of the
cmsdk_apb_watchdog that locks INTEN when it is programmed to 1. The
stellaris machine also does not reproduce the problem of the counter
running out of cold reset due to the way the clocks are initialized.

Signed-off-by: Roque Arcudia Hernandez <roqueh@google.com>
Reviewed-by: Stephen Longfield <slongfield@google.com>
Message-id: 20241115160328.1650269-6-roqueh@google.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tests/qtest/cmsdk-apb-watchdog-test: Don't abort on assertion failure

Currently the watchdog test has a behavior in which the first test
assertion that fails will make the test abort making it impossible to
see the result of other tests:

 # ERROR:../tests/qtest/cmsdk-apb-watchdog-test.c:87:test_watchdog:
 assertion failed ...
 Bail out!
 Aborted

Changing the behavior in order to let the test finish other tests and
report the ones that pass and fail:

 # ERROR:../tests/qtest/cmsdk-apb-watchdog-test.c:101:test_watchdog:
 assertion failed ...
 not ok 1 /arm/cmsdk-apb-watchdog/watchdog

Signed-off-by: Roque Arcudia Hernandez <roqueh@google.com>
Message-id: 20241115160328.1650269-5-roqueh@google.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

tests/qtest/cmsdk-apb-watchdog-test: Parameterize tests

Currently the CMSDK APB watchdog tests target an specialized version
of the device (luminaris using the lm3s811evb machine) that prevents
the development of tests for the more generic device documented in:

https://developer.arm.com/documentation/ddi0479/d/apb-components/apb-watchdog/programmers-model

This patch allows the execution of the watchdog tests in an MPS2
machine (when applicable) which uses the generic version of the CMSDK
APB watchdog.

Finally the rules for compiling the test have to change because it is
possible not to have CONFIG_STELLARIS (required for the lm3s811evb
machine) while still having CONFIG_CMSDK_APB_WATCHDOG and the test
will fail. Due to the addition of the MPS2 machine CONFIG_MPS2
becomes also a dependency for the test compilation.

Signed-off-by: Roque Arcudia Hernandez <roqueh@google.com>
Reviewed-by: Stephen Longfield <slongfield@google.com>
Message-id: 20241115160328.1650269-4-roqueh@google.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/watchdog/cmsdk_apb_watchdog: Fix INTEN issues

Current watchdog is free running out of reset, this combined with the
fact that current implementation also ensures the counter is running
when programing WDOGLOAD creates issues when the firmware defer the
programing of WDOGCONTROL.INTEN much later after WDOGLOAD. Arm
Programmer's Model documentation states that INTEN is also the
counter enable:

> INTEN
>
> Enable the interrupt event, WDOGINT. Set HIGH to enable the counter
> and the interrupt, or LOW to disable the counter and interrupt.
> Reloads the counter from the value in WDOGLOAD when the interrupt
> is enabled, after previously being disabled.

Source of the time of writing:

https://developer.arm.com/documentation/ddi0479/d/apb-components/apb-watchdog/programmers-model

Signed-off-by: Roque Arcudia Hernandez <roqueh@google.com>
Reviewed-by: Stephen Longfield <slongfield@google.com>
Reviewed-by: Joe Komlodi <komlodi@google.com>
Message-id: 20241115160328.1650269-3-roqueh@google.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/intc/openpic: Avoid taking address of out-of-bounds array index

The clang sanitizer complains about the code in the EOI handling
of openpic_cpu_write_internal():

UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1 ./build/clang/qemu-system-ppc -M mac99,graphics=off -display none -kernel day15/invaders.elf
../../hw/intc/openpic.c:1034:16: runtime error: index -1 out of bounds for type 'IRQSource[264]' (aka 'struct IRQSource[264]')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../hw/intc/openpic.c:1034:16 in

This is because we do
  src = &opp->src[n_IRQ];
when n_IRQ may be -1.  This is in practice harmless because if n_IRQ
is -1 then we don't do anything with the src pointer, but it is
undefined behaviour. (This has been present since this device
was first added to QEMU.)

Rearrange the code so we only do the array index when n_IRQ is not -1.

Cc: qemu-stable@nongnu.org
Fixes: e9df014c0b ("Implement embedded IRQ controller for PowerPC 6xx/740 & 75")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-id: 20241105180205.3074071-1-peter.maydell@linaro.org

hw/net/rocker/rocker_of_dpa.c: Remove superfluous error check

of_dpa_cmd_add_acl_ip() is called from a single place, and despite the
fact that it always returns ROCKER_OK, its return value is still checked
by the caller.

Change of_dpa_cmd_add_acl_ip() to return void and remove the superfluous
check from of_dpa_cmd_add_acl().

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2471
Signed-off-by: Rodrigo Dias Correa <r@drigo.nl>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Message-id: 20241114075051.404284-1-r@drigo.nl
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

hw/timer/exynos4210_mct: fix possible int overflow

The product "icnto * s->tcntb" may overflow uint32_t.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Message-id: 20241106083801.219578-2-frolov@swemel.ru
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge tag 'pull-9.2-rc-updates-181124-1' of https://gitlab.com/stsquad/qemu into staging

Misc fixes for 9.2

  - fix remaining gdbstub test cases to exit cleanly
  - update MAINTAINERS with qemu-rust mailing list details
  - re-factor virtio-gpu and fix coverity warnings

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmc7aQwACgkQ+9DbCVqe
# KkQufwf/XN5dcHxddhUHCLQUNA/5STiO5P10vHOGpknqwT/ZKADAbY8gQsoJovSp
# qxczZPFpHlnGkf+AV3wrj2IcFUWlvlhgTw5njsMTOSSjK0jtI2MZrNn2v+6hmelg
# y8ACB+LHkj34Ood9y5H6augCiKsMC7ad2mpXEMQgcZzpp4KlAutu8nbsYpYlAF40
# 1d2Wdtkrt++jPHQGgp0pPqAxq5WyvR3uSdidUFGfmpAqkCRs0ExosqEgj/ODzdHF
# WrvLy9ISdCjZk+5XOxfadmz1vJ31QcZ6pcmkZRXJAJR4p7EST5BTfS10IBNIipgs
# C25TuT+IH9+It0n/Sohf3NlxTnbTDw==
# =TYAI
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 18 Nov 2024 16:19:24 GMT
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* tag 'pull-9.2-rc-updates-181124-1' of https://gitlab.com/stsquad/qemu:
  hw/display: check frame buffer can hold blob
  hw/display: factor out the scanout blob to fb conversion
  MAINTAINERS: CC rust/ patches to qemu-rust list
  tests/tcg: Stop using exit() in the gdbstub testcases

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge tag 'pull-nbd-2024-11-18' of https://repo.or.cz/qemu/ericb into staging

NBD patches for 2024-11-18

- Eric Blake: Silence qemu-nbd on harmless client port probes

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmc7lg0ACgkQp6FrSiUn
# Q2qamgf/QJXHzF5koncXvpOC58QXthe1EQlTNqTv9lSz7GNif7UXtkv9RBMMqNEP
# 7MDY2L9LzlvMdTqXx6dndQot2YG+PSpqLFQxdjf7J3YUK5N6dQ/w4lCVI+tfVfYF
# DcYva7TBTfSWMByVdqYhnXc1nAn6liJfaaONf80y3wHObUu8T7qkMY/cb5njpjmT
# YPKyIJO7DX+ZNY5EZkFGntAxPge368nIrBsViYqst8kNWjtr8o2Rzc7fqa6sbBtw
# 47tiBDP6usBJb2kapOrpmC5zqHlbb56AbrIsTJ4Ge/iUOKrODtmCC4d7WWGSM3DC
# udaL74DOMgoMfVGjjaX9KW6Wv3/HFw==
# =DnNy
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 18 Nov 2024 19:31:25 GMT
# gpg:                using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg:                 aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg:                 aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2  F3AA A7A1 6B4A 2527 436A

* tag 'pull-nbd-2024-11-18' of https://repo.or.cz/qemu/ericb:
  nbd-server: Silence server warnings on port probes

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Merge tag 'pull-request-2024-11-18' of https://gitlab.com/thuth/qemu into staging

* Fixes & doc updates for the new "boot order" s390x bios feature
* Provide a "loadparm" property for scsi-hd & scsi-cd devices on s390x
  (required for the "boot order" feature)
* Fix the floating-point multiply-and-add NaN rules on s390x
* Raise timeout on cross-accel build jobs to 60m

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmc7ercRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbVjyg//ZuhSDCj+oBSU6vwM7Lwh3CS6GwZvGECU
# h60V3tizKypiRNtTJRXHoWcx95brXmoZgI+QQhDEXe3fFLkOEKT6AIlDhrKZRUsd
# rpLPr6O8TVKO+rSE7JVJAP3X1tpOOQDxnq83uWBv53b0S+Da0VwDRtI9gcugRMmh
# d58P8Q1bV344fQdcrebejstpSUG7RxSA4Plj2uSQx4mSHT7cy/hN+vA34Ha7reE3
# tcN9yfQq3Rmfvt0MV5I9Umd6JXEoDlEAwjSNsWRsCzo69jBZwiMtXSH8LyLtwRTp
# C919G/MIRuhvImF74dStLVCr82sNq54YR1NP6CGcmqPH76FOH8Mx3vmx9Cxj9ckA
# 6NI6SvIg++bW2O1efG2apz8p5fjbDzYXSAbHnaWTcEu3gPgH4PQ5QXoyKaDymvWV
# JIh5/gXEy+twEXgIBsdWQ44A9E06lL/tNfKnqGdXK4ZYF2JIrI+Lq7AKBee7tebP
# +72I4PljHLSHQ3GxdkoOeJ8ahu70IBdSz2/VEIwOWK1wIf5C5WFNBerLJyDmkyx8
# xIvIm0vlRLwPcuOC711nlaMaKqTNT+8W4DIqIY6fHs2Jy0psMdgey1uHQxYEj9Kh
# fg7CvalK8n3MkGAwTqAvRJIwMFe0a4Ss6c6CaemSaYa38ud/pCNnv+IT+Eqr+mjq
# 6y5PZWNrZi0=
# =UaDH
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 18 Nov 2024 17:34:47 GMT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2024-11-18' of https://gitlab.com/thuth/qemu:
  .gitlab-ci.d: Raise timeout on cross-accel build jobs to 60m
  pc-bios: Update the s390 bios images with the recent fixes
  pc-bios/s390-ccw: Re-initialize receive queue index before each boot attempt
  pc-bios/s390x: Initialize machine loadparm before probing IPL devices
  pc-bios/s390x: Initialize cdrom type to false for each IPL device
  hw: Add "loadparm" property to scsi disk devices for booting on s390x
  hw/s390x: Restrict "loadparm" property to devices that can be used for booting
  docs/system/bootindex: Make it clear that s390x can also boot from virtio-net
  docs/system/s390x/bootdevices: Update loadparm documentation
  tests/tcg/s390x: Add the floating-point multiply-and-add test
  target/s390x: Fix the floating-point multiply-and-add NaN rules
  hw/usb: Use __attribute__((packed)) vs __packed

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>