Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging

trivial patches for 2024-10-04

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmcAEU0

Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging

trivial patches for 2024-10-04

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmcAEU0ACgkQgqpKJDse
# lHgJlhAAmDwxXcHIeNgyOxSmopgKC5VKmux1qvi3PNmM46CGYTDG3s4MIUIRPNhi
# zoLQhSdjcFNQi133WoXAWZInTwYCeEe4JbWev7bTDZxoJvZFss6P/DhmSY7tCnaf
# QU+XeNl86Iy28glZjiL9EFZi7SM9+OWVF5Dqxd2NlCNA6OlnAtHoVp3bHUqkVgr1
# Lhq+0GRsxhU9bg3eO+yGXVquuOtSMa5LjEqP6kUe6ajo1E4/+GqO9hvfaj8K35Da
# B5wa39/MnSN0alnNS8rJUJXxBp2hZt8VamntL86v4kMLQCVGR+KL5FmApZzxzM/r
# fY8Ky4b5w8U0BDXnwCcr3A2bYlurC7FhDgBJw3YCQNwbxQbbG7PfbMATD86nfZPd
# HTjDjn874reGXgdXt15+3q1zm8kDylMZxEJpRdmsB+uYFVDlNCimPcCPe1YSjVcW
# AR5/NubrigpuX8qM5tSiLhjoeAZ0vQjoapGs5zi2dQtg4MltRgi32HPIRq3ooUUg
# T2XBhDUElrwwftGQuDN6Vt5Z0EQPP6HDoFLz0VhzWvlsR5DOLjxK4oLsDmQoV34n
# 9I4wSmFzwX0Vy0QJIjL6LFec/Ky8uO7QAX5PCLcsEnZy+/q2GsSdwXCPT+SPJ1AL
# bEfqLw7U6CSv/eiGOpScCnCLENrw3GXrN31SqtOtgxDPj2lVEsU=
# =HYZX
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 04 Oct 2024 17:01:17 BST
# gpg: using RSA key 64AA2AB531D56903366BFEF982AA4A243B1E9478
# gpg: Good signature from "Michael Tokarev <mjt@debian.org>" [full]
# gpg: aka "Michael Tokarev <mjt@corpit.ru>" [full]
# gpg: aka "Michael Tokarev <mjt@tls.msk.ru>" [full]
# Primary key fingerprint: 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E
# Subkey fingerprint: 64AA 2AB5 31D5 6903 366B FEF9 82AA 4A24 3B1E 9478

* tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu: (23 commits)
MAINTAINERS: Add myself as maintainer of e500 machines
docs/devel: Mention post_load hook restrictions where we document the hook
tests/functional: Fix hash validation
hw/mips: Build fw_cfg.c once
tests/tcg/plugins: Remove remainder of the cris target
block-backend: Remove deadcode
hw/net/rocker: Remove unused rocker_fp_ports
hw/pci: Remove unused pcie_chassis_find_slot
replay: Remove unused replay_disable_events
remote: Remove unused remote_iohub_finalize
vhost: Remove unused vhost_dev_{load|save}_inflight
ui/cursor: remove cursor_get_mono_image
hw: Remove unused fw_cfg_init_io
linux-user: Remove unused handle_vm86_fault
hw/char: Remove unused serial_set_frequency
hw/net/net_rx_pkt: Remove deadcode
net: Remove deadcode
q35: Remove unused mch_mcfg_base
hw/xen: Remove deadcode
MAINTAINERS: remove gensyscalls.sh from the linux-user section
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

hw/audio/virtio-snd: Remove unnecessary "exec/tswap.h" header

We were including the "exec/tswap.h" header to get
target_words_bigendian() declaration, but since commit a276ec8e26
("hw/audio/virtio-s

hw/audio/virtio-snd: Remove unnecessary "exec/tswap.h" header

We were including the "exec/tswap.h" header to get
target_words_bigendian() declaration, but since commit a276ec8e26
("hw/audio/virtio-snd: Always use little endian audio format")
removed this method call, we don't need this header anymore.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

hw/audio/virtio-sound: fix heap buffer overflow

Currently, the guest may write to the device configuration space,
whereas the virtio sound device specification in chapter 5.14.4
clearly states that

hw/audio/virtio-sound: fix heap buffer overflow

Currently, the guest may write to the device configuration space,
whereas the virtio sound device specification in chapter 5.14.4
clearly states that the fields in the device configuration space
are driver-read-only.

Remove the set_config function from the virtio_snd class.

This also prevents a heap buffer overflow. See QEMU issue #2296.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2296
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20240901130112.8242-1-vr_qemu@t-online.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 7fc6611cad3e9627b23ce83e550b668abba6c886)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

virtio,pc,pci: features, fixes, cleanups

i286 acpi speedup by precomputing _PRT by Ricardo Ribalda
vhost_ne

Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

virtio,pc,pci: features, fixes, cleanups

i286 acpi speedup by precomputing _PRT by Ricardo Ribalda
vhost_net speedup by using MR transactions by Zuo Boqun
ich9 gained support for periodic and swsmi timer by Dominic Prinz

Fixes, cleanups all over the place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmbhoCUPHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRptpUH/iR5AmJFpvAItqlPOvJiYDEch46C73tyrSws
# Kk/1EbGSL7mFFD5sfdSSV4Rw8CQBsmM/Dt5VDkJKsWnOLjkBQ2CYH0MYHktnrKcJ
# LlSk32HnY5p1DsXnJhgm5M7St8T3mV/oFdJCJAFgCmpx5uT8IRLrKETN8+30OaiY
# xo35xAKOAS296+xsWeVubKkMq7H4y2tdZLE/22gb8rlA8d96BJIeVLQ3y3IjeUPR
# 24q6c7zpObzGhYNZ/PzAKOn+YcVsV/lLAzKRZJTzTUPyG24BcjJTyyr/zNSYAgfk
# lLXzIZID3GThBmrCAiDZ1z6sfo3MRg2wNS/FBXtK6fPIuFxed+8=
# =ySRy
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 11 Sep 2024 14:50:29 BST
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469

* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
hw/acpi/ich9: Add periodic and swsmi timer
virtio-mem: don't warn about THP sizes on a kernel without THP support
hw/audio/virtio-sound: fix heap buffer overflow
hw/cxl: fix physical address field in get scan media results output
virtio-pci: Add lookup subregion of VirtIOPCIRegion MR
vhost_net: configure all host notifiers in a single MR transaction
tests/acpi: pc: update golden masters for DSDT
hw/i386/acpi-build: Return a pre-computed _PRT table
tests/acpi: pc: allow DSDT acpi table changes
intel_iommu: Make PASID-cache and PIOTLB type invalid in legacy mode
intel_iommu: Fix invalidation descriptor type field
virtio: rename virtio_split_packed_update_used_idx
hw/pci/pci-hmp-cmds: Avoid displaying bogus size in 'info pci'
pci: don't skip function 0 occupancy verification for devfn auto assign
hw/isa/vt82c686.c: Embed i8259 irq in device state instead of allocating
hw: Move declaration of IRQState to header and add init function
virtio: Always reset vhost devices
virtio: Allow .get_vhost() without vhost_started

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

hw/audio/virtio-sound: fix heap buffer overflow

Currently, the guest may write to the device configuration space,
whereas the virtio sound device specification in chapter 5.14.4
clearly states that

hw/audio/virtio-sound: fix heap buffer overflow

Currently, the guest may write to the device configuration space,
whereas the virtio sound device specification in chapter 5.14.4
clearly states that the fields in the device configuration space
are driver-read-only.

Remove the set_config function from the virtio_snd class.

This also prevents a heap buffer overflow. See QEMU issue #2296.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2296
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20240901130112.8242-1-vr_qemu@t-online.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

virtio: regression fixes

3 small patches to make sure we don't ship regressions.

Signed-off-by: Michael S.

Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

virtio: regression fixes

3 small patches to make sure we don't ship regressions.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmbEdw8PHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRp0dsIAKTzhmBR3IviFQVo223RgcDfthxoKejTB5tv
# EhGVUi4ddrViIIHsKFZ0pTHXnRcwHpPRokg6GrbqNhrAM6K7ptP8pkEK1DDkbGtq
# HaeceK55nNZ/wM1O5xHpRLVc2WtxmBrliDTFHGB2HjURO/kpjoHqWbE6Sn4GILc1
# EYU2T3Wn1UFgj+H4L7yF4SzmQSmyzq+7Tml6Z2GzpsatdwCoFQz2nA28piCnRMCq
# lusMo2YdE6js9JS/h+zMqgKValuCyuU7S7ZbSO2dvYQwt/hgk07BegBrdsAENNh6
# 0IWRHrojwAg+4U6ULzbrBG6/hW2A8Q5065D8Nf9Bjy4eAU7QSbU=
# =K6xx
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Aug 2024 08:59:27 PM AEST
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [undefined]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469

* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
virtio-pci: Fix the use of an uninitialized irqfd
hw/audio/virtio-snd: fix invalid param check
vhost: Add VIRTIO_NET_F_RSC_EXT to vhost feature bits

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

hw/audio/virtio-snd: fix invalid param check

Commit 9b6083465f ("virtio-snd: check for invalid param shift
operands") tries to prevent invalid parameters specified by the
guest. However, the code is

hw/audio/virtio-snd: fix invalid param check

Commit 9b6083465f ("virtio-snd: check for invalid param shift
operands") tries to prevent invalid parameters specified by the
guest. However, the code is not correct.

Change the code so that the parameters format and rate, which are
a bit numbers, are compared with the bit size of the data type.

Fixes: 9b6083465f ("virtio-snd: check for invalid param shift operands")
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20240802071805.7123-1-vr_qemu@t-online.de>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

virtio,pci,pc: features,fixes

pci: Initial support for SPDM Responders
cxl: Add support for scan media, fea

Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

virtio,pci,pc: features,fixes

pci: Initial support for SPDM Responders
cxl: Add support for scan media, feature commands, device patrol scrub
control, DDR5 ECS control, firmware updates
virtio: in-order support
virtio-net: support for SR-IOV emulation (note: known issues on s390,
might get reverted if not fixed)
smbios: memory device size is now configurable per Machine
cpu: architecture agnostic code to support vCPU Hotplug

Fixes, cleanups all over the place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmae9l8PHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRp8fYH/impBH9nViO/WK48io4mLSkl0EUL8Y/xrMvH
# zKFCKaXq8D96VTt1Z4EGKYgwG0voBKZaCEKYU/0ARGnSlSwxINQ8ROCnBWMfn2sx
# yQt08EXVMznNLtXjc6U5zCoCi6SaV85GH40No3MUFXBQt29ZSlFqO/fuHGZHYBwS
# wuVKvTjjNF4EsGt3rS4Qsv6BwZWMM+dE6yXpKWk68kR8IGp+6QGxkMbWt9uEX2Md
# VuemKVnFYw0XGCGy5K+ZkvoA2DGpEw0QxVSOMs8CI55Oc9SkTKz5fUSzXXGo1if+
# M1CTjOPJu6pMym6gy6XpFa8/QioDA/jE2vBQvfJ64TwhJDV159s=
# =k8e9
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 23 Jul 2024 10:16:31 AM AEST
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [undefined]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469

* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (61 commits)
hw/nvme: Add SPDM over DOE support
backends: Initial support for SPDM socket support
hw/pci: Add all Data Object Types defined in PCIe r6.0
tests/acpi: Add expected ACPI AML files for RISC-V
tests/qtest/bios-tables-test.c: Enable basic testing for RISC-V
tests/acpi: Add empty ACPI data files for RISC-V
tests/qtest/bios-tables-test.c: Remove the fall back path
tests/acpi: update expected DSDT blob for aarch64 and microvm
acpi/gpex: Create PCI link devices outside PCI root bridge
tests/acpi: Allow DSDT acpi table changes for aarch64
hw/riscv/virt-acpi-build.c: Update the HID of RISC-V UART
hw/riscv/virt-acpi-build.c: Add namespace devices for PLIC and APLIC
virtio-iommu: Add trace point on virtio_iommu_detach_endpoint_from_domain
hw/vfio/common: Add vfio_listener_region_del_iommu trace event
virtio-iommu: Remove the end point on detach
virtio-iommu: Free [host_]resv_ranges on unset_iommu_devices
virtio-iommu: Remove probe_done
Revert "virtio-iommu: Clear IOMMUDevice when VFIO device is unplugged"
gdbstub: Add helper function to unregister GDB register space
physmem: Add helper function to destroy CPU AddressSpace
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

virtio-snd: check for invalid param shift operands

When setting the parameters of a PCM stream, we compute the bit flag
with the format and rate values as shift operand to check if they are
set in s

virtio-snd: check for invalid param shift operands

When setting the parameters of a PCM stream, we compute the bit flag
with the format and rate values as shift operand to check if they are
set in supported_formats and supported_rates.

If the guest provides a format/rate value which when shifting 1 results
in a value bigger than the number of bits in
supported_formats/supported_rates, we must report an error.

Previously, this ended up triggering the not reached assertions later
when converting to internal QEMU values.

Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2416
Signed-off-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-Id: <virtio-snd-fuzz-2416-fix-v1-manos.pitsidianakis@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

virtio-snd: add max size bounds check in input cb

When reading input audio in the virtio-snd input callback,
virtio_snd_pcm_in_cb(), we do not check whether the iov can actually fit
the data buffer.

virtio-snd: add max size bounds check in input cb

When reading input audio in the virtio-snd input callback,
virtio_snd_pcm_in_cb(), we do not check whether the iov can actually fit
the data buffer. This is because we use the buffer->size field as a
total-so-far accumulator instead of byte-size-left like in TX buffers.

This triggers an out of bounds write if the size of the virtio queue
element is equal to virtio_snd_pcm_status, which makes the available
space for audio data zero. This commit adds a check for reaching the
maximum buffer size before attempting any writes.

Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2427
Signed-off-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-Id: <virtio-snd-fuzz-2427-fix-v1-manos.pitsidianakis@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

Merge tag 'misc-20240619' of https://github.com/philmd/qemu into staging

Misc patches queue

. Remove deprecated pc-i440fx-2.0 -> 2.3 machines (Phil)
. Always use little endian audio format in virti

Merge tag 'misc-20240619' of https://github.com/philmd/qemu into staging

Misc patches queue

. Remove deprecated pc-i440fx-2.0 -> 2.3 machines (Phil)
. Always use little endian audio format in virtio-snd (Phil)
. Avoid using Monitor in INTERRUPT_STATS_PROVIDER::print_info (Phil)
. Introduce x-query-interrupt-controllers QMP command (Phil)
. Introduce pnv_chip_foreach_cpu() to remove one CPU_FOREACH use (Cédric)
. Constify few uses of IOMMUTLBEvent (Phil)
. Wire loongson_ipi device to loongson3_virt/TCG (Jiaxun)
. Fix inclusion of tracing headers on s390x/TCG (Phil)
. Add few shortcuts missing to readline (Manos)
. Update ui/display entries in MAINTAINERS (Gerd)
. Use qemu_add_mouse_change_notifier on Cocoa (Akihiko)
. Fix Standard VGA screen blanking and cleanups (Gerd)
. Fix USB/MTP reported "free space" value (Fabio)
. Cast size_memop() returned value (Roman)

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmZyuKYACgkQ4+MsLN6t
# wN5guxAAvwJWbxQA8B4+gfiYaMK0AnM4leuCZ+8Sf+LhK32k2UkFA4NnKBkxGmO+
# 45NOEEEEv1Tukvtq1STHkYEdERJbHndpSFk2XmaYY09Ofo54vv2dXy6MD6GJriuA
# Pr9Mivzs490RSPXmxhsa8GU5IE6CO3LamgpSeH8XxPTvCbRIiB8LcKsme6utBAZv
# 9dHnEX5sXEEY2ZvArQd+eueyJfRyN4+1PpQkE9uH/wLIBqHAkHgSvFVaLo+PtA7T
# xfcFvrawRTWIU+P1lojmCMb+mOj+YS7yigpkkYQC4SFm0PEv5J5nyhr/mhhiVuSS
# tK8DNNi44F7/Z2CzEwbwk1PEnfKWtCgG2rEiR5uT6E8nmvxaOr2LfswBjLSwVDPS
# mBOnjTMLqTBPKq8E8x2di1h2cJ9PZ90zZtWzYD8Eqoq+eqz/x+8z/qP4vifzO+NB
# 7lj4IQZzLn+iktDGpjfh2RNoV9F9i9BwFGJqO2i0MzVftezJuGfe9olVOP2ErpnR
# jqB7gzgc6g4tYiOK9WchuIeB/S9dU/5qqQxWwINWX0j4cHF6Qq71LyejCTfpqpf8
# jjF65XdGHcyVm9NAnr18MTzwdu3YYWf4w2OGIHg7iGLC0hv3U+EzEEMpv2E6pelM
# iXgtqkRQm9qJaSrjfv0MUp9irjq01aIaHceFmP20QtkMP256E6c=
# =Ed8Z
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 19 Jun 2024 03:53:26 AM PDT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]

* tag 'misc-20240619' of https://github.com/philmd/qemu: (74 commits)
exec: Make the MemOp enum cast explicit
ui+display: rename is_buffer_shared() -> surface_is_allocated()
ui+display: rename is_placeholder() -> surface_is_placeholder()
stdvga: fix screen blanking
ui/cocoa: Use qemu_add_mouse_change_notifier
MAINTAINERS: drop spice+ui maintainership
MAINTAINERS: drop virtio-gpu maintainership
util/readline: Add C-u shortcut
util/readline: Add C-n, C-p shortcuts
util/readline: Fix lints for readline_handle_byte
target/s390x: Use s390_skeys_get|set() helper
hw/s390x: Introduce s390_skeys_get|set() helpers
hw/mips/loongson3_virt: Wire up loongson_ipi device
hw/intc/loongson_ipi: Replace ipi_getcpu with cpu_by_arch_id
hw/intc/loongson_ipi: Provide per core MMIO address spaces
hw/intc: Remove loongarch_ipi.c
hw/usb/dev-mtp: Correctly report free space
hw/usb: Remove unused 'host.h' header
hw/i386/iommu: Constify IOMMUTLBEvent in vtd_page_walk_hook prototype
memory: Constify IOMMUTLBEvent in memory_region_notify_iommu()
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

hw/audio/virtio-snd: Always use little endian audio format

The VIRTIO Sound Device conforms with the Virtio spec v1.2,
thus only use little endianness.

Remove the suspicious target_words_bigendian(

hw/audio/virtio-snd: Always use little endian audio format

The VIRTIO Sound Device conforms with the Virtio spec v1.2,
thus only use little endianness.

Remove the suspicious target_words_bigendian() noticed during
code review.

Cc: qemu-stable@nongnu.org
Fixes: eb9ad377bb ("virtio-sound: handle control messages and streams")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20240422211830.25606-1-philmd@linaro.org>

show more ...

Merge tag 'hw-misc-20240508' of https://github.com/philmd/qemu into staging

Misc HW patches

- Few more g_memdup() replaced by safer g_memdup2() wrapper (Phil)
- Endianness access fixed in vfio-user

Merge tag 'hw-misc-20240508' of https://github.com/philmd/qemu into staging

Misc HW patches

- Few more g_memdup() replaced by safer g_memdup2() wrapper (Phil)
- Endianness access fixed in vfio-user config space (Mattias)
- Replace qemu_mutex_lock() -> QEMU_LOCK_GUARD in system/physmem (Phil)
- Per-AddressSpace bounce buffering (Mattias)
- Allow to compile x86 PC machines without Floppy Controller (Thomas)
- Cleanups around i386 "isa-bios" memory regions (Bernhard)
- Remove unused usb rndis_config_parameter structure (David)
- Migrate missing clock in STM32L4x5 GPIOs (Inès)
- Deprecate PPC 'ref405ep' machine and 405 CPUs (Cédric)
- Memory leak fixed in Loongarch Virt machine (Song Gao)
- hw/loongarch/ code moved around (Paolo & Bibo Mao)
- Emulate S3 suspend in loongson3_virt machine (Jiaxun)
- Implement IOCSR address space in Loongson IPI (Jiaxun)
- Use QEMU header path relative to include/ directory (Phil)

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmY7+NgACgkQ4+MsLN6t
# wN4QdhAAnPGMoIGubXiZjrEmCuDU117Hm//g3wFdirn6pSr3XFWk+LGHurpgWzwf
# 6AG2ERE6ouEqbZmhfnkLA9/3cSuS/6YgCDxfQ/2Z5N7hy5+GaG60paIk2iw4wJc+
# z+3EBBNp1MKP7etP/f7XvBbempOGHSENvH83ZEKTXln6oYe/HQWBoTChV/W6Uczv
# Txf45DJ6QPPQl7cBYqtLpg9Nmc4g6d3M5t5YWzkBrecvXiBlKdZnEsI5CBtmXM8D
# h7+wIyNMl0Nc3DgQWN1SsARFDUyHG4bE4K6MS2KkGLkfFF84o8rRtEPV0RvsT+g6
# 0VkhZqLf+Gdq2w1IxCt1k5VCx8HK25+zWZypXlXY1o1dbfssqqbvXEh+3sws67eJ
# 4Hn+8QIXZBsl/zUxBbw5/CVYTHmy4Aosc1TItvDsCPnlicfV2phKSxADlL/WJCCU
# IQBwDMtxNwYM/QMP3bRIN0xNNSpB0+kOzfkRf1hVQmxH+ObqIvvIA+RbI6NhjM3L
# qXw5o0+FltLg7kPGk4Fo/rlhfnydRAE/swrwYd3WRp0sKjDe0lV3r7Bu+FZ4imdB
# 4u24FJK8ygcQOKiyHEX9cEkKruYAXeFmI3WglimYe5Po2LvIonsRLiqX97CGhgDX
# UM9Oo0Sr/0NnV7FnOW75OijNa2PE7pLVgWDjM3Xefmltqui7F/M=
# =uOIs
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 09 May 2024 12:12:40 AM CEST
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]

* tag 'hw-misc-20240508' of https://github.com/philmd/qemu: (28 commits)
misc: Use QEMU header path relative to include/ directory
hw/intc/loongson_ipi: Implement IOCSR address space for MIPS
hw/intc/loongarch_ipi: Rename as loongson_ipi
hw/intc/loongarch_ipi: Remove pointless MAX_CPU check
hw/mips/loongson3_virt: Emulate suspend function
hw/loongarch: Rename LoongArchMachineState with LoongArchVirtMachineState
hw/loongarch: Rename LOONGARCH_MACHINE with LOONGARCH_VIRT_MACHINE
hw/loongarch/virt: Fix memory leak
hw/loongarch: move memory map to boot.c
hw/ppc: Deprecate 'ref405ep' machine and 405 CPUs
hw/gpio: Handle clock migration in STM32L4x5 gpios
hw/usb/dev-network: Remove unused struct 'rndis_config_parameter'
hw/i386/x86: Extract x86_isa_bios_init() from x86_bios_rom_init()
hw/i386/x86: Don't leak "pc.bios" memory region
hw/i386/x86: Don't leak "isa-bios" memory regions
hw/i386: Have x86_bios_rom_init() take X86MachineState rather than MachineState
hw/i386/x86: Eliminate two if statements in x86_bios_rom_init()
hw/i386: Add the possibility to use i440fx and isapc without FDC
hw/i386/Kconfig: Allow to compile Q35 without FDC_ISA
hw/i386/pc: Allow to compile without CONFIG_FDC_ISA
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

misc: Use QEMU header path relative to include/ directory

QEMU headers are relative to the include/ directory,
not to the project root directory. Remove "include/".

See also:
https://www.qemu.org/d

misc: Use QEMU header path relative to include/ directory

QEMU headers are relative to the include/ directory,
not to the project root directory. Remove "include/".

See also:
https://www.qemu.org/docs/master/devel/style.html#include-directives

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20240507142737.95735-1-philmd@linaro.org>

show more ...

Merge tag 'accel-20240426' of https://github.com/philmd/qemu into staging

Accelerators patches

A lot of trivial cleanups and simplifications (moving methods around,
adding/removing #include stateme

Merge tag 'accel-20240426' of https://github.com/philmd/qemu into staging

Accelerators patches

A lot of trivial cleanups and simplifications (moving methods around,
adding/removing #include statements). Most notable changes:

- Rename NEED_CPU_H -> COMPILING_PER_TARGET
- Rename few template headers using the '.h.inc' suffix
- Extract some definitions / declarations into their own header:
- accel/tcg/user-retaddr.h (helper_retaddr)
- include/exec/abi_ptr.h (abi_ptr)
- include/exec/breakpoint.h (CPUBreakpoint, CPUWatchpoint)
- include/exec/mmu-access-type.h (MMUAccessType)
- include/user/tswap-target.h (tswapl, bswaptls)

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmYsAuEACgkQ4+MsLN6t
# wN78Rg//V9UoE0U9Lh6Sd2WpcSAYP9D1CBa+iGXhrmel0utER1sQLu022nvcLdHc
# XtCgtX3H0yECF8dPX02rVp8IbSlOv3c8N/a6BxD79cRGqgXBYR/dEUqfXqeLJn3l
# a58YU3i7sLNQ0l7VnwTiBnI0lw170/xJl2B2mcR1SvWuH3dr5vTeIXNureu36ORo
# rc0oqWHbw1Pyyn8ADE2kPyFCOiwPwvcOvAk8dXGfib+mNCwNVV+ZUtAPi711VD8d
# 9VW2gu2sXwnWdpROrSugSw+aPVF4UjltL9qJEl5bxoqWFmlET1Zn2NpKvsocUXmh
# CMQQS2Tr4LpaaVQJGxx0yUe0B65X5+gCkIhsMOubED7GRyTCjrkOPm6exz3ge6WV
# YmIboggFAk3OjAzLs7yZVkWsTK1Y3+3eX0u7AWPUsUu7rCT/Toc6QxDS7eT2hJfq
# UDXI355PGbImgiArQa+OsT7v1Le4/iQa+TfN4fdUDpxEdfaxhnijWh+E91CEp+w/
# Mq7db9Z1aMnhFKIKdkPYyfwB74yXQrmYchJ0QojZjbzqNGwkt9VeC7O9RcYjEaHM
# hMIexwccxexqGH22wn8vPd6ZVKtiLaG4AXO0v6Dn2YJ7/zb/ntcI6lRZqdBAHKNK
# MzkjTRRRR0wAfu8Lk8CaNNEqUP4Po43fbYymo6AZhIR8NqfApL0=
# =ifBx
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 26 Apr 2024 12:39:13 PM PDT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]

* tag 'accel-20240426' of https://github.com/philmd/qemu: (38 commits)
plugins: Include missing 'qemu/bitmap.h' header
hw/core: Avoid including the full 'hw/core/cpu.h' in 'tcg-cpu-ops.h'
exec: Move CPUTLBEntry helpers to cputlb.c
exec: Restrict inclusion of 'user/guest-base.h'
exec: Rename 'exec/user/guest-base.h' as 'user/guest-base.h'
exec: Restrict 'cpu_ldst.h' to TCG accelerator
exec: Restrict TCG specific declarations of 'cputlb.h'
exec: Declare CPUBreakpoint/CPUWatchpoint type in 'breakpoint.h' header
exec: Declare MMUAccessType type in 'mmu-access-type.h' header
exec: Declare abi_ptr type in its own 'abi_ptr.h' header
exec/user: Do not include 'cpu.h' in 'abitypes.h'
exec: Move [b]tswapl() declarations to 'exec/user/tswap-target.h'
exec: Declare target_words_bigendian() in 'exec/tswap.h'
exec/cpu-all: Remove unused tswapls() definitions
exec/cpu-all: Remove unused 'qemu/thread.h' header
exec/cpu-all: Reduce 'qemu/rcu.h' header inclusion
accel/hvf: Use accel-specific per-vcpu @dirty field
accel/nvmm: Use accel-specific per-vcpu @dirty field
accel/whpx: Use accel-specific per-vcpu @dirty field
accel/tcg: Rename helper-head.h -> helper-head.h.inc
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

exec: Declare target_words_bigendian() in 'exec/tswap.h'

We usually check target endianess before swapping values,
so target_words_bigendian() declaration makes sense in
"exec/tswap.h" with the targ

exec: Declare target_words_bigendian() in 'exec/tswap.h'

We usually check target endianess before swapping values,
so target_words_bigendian() declaration makes sense in
"exec/tswap.h" with the target swapping helpers.

Remove "hw/core/cpu.h" when it was only included to get
the target_words_bigendian() declaration.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Message-Id: <20231212123401.37493-16-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

Merge tag 'hw-misc-20240410' of https://github.com/philmd/qemu into staging

Misc HW patch queue

- Fix CXL Fixed Memory Window interleave-granularity typo
- Fix for DMA re-entrancy abuse with VirtIO

Merge tag 'hw-misc-20240410' of https://github.com/philmd/qemu into staging

Misc HW patch queue

- Fix CXL Fixed Memory Window interleave-granularity typo
- Fix for DMA re-entrancy abuse with VirtIO devices (CVE-2024-3446)
- Fix out-of-bound access in NAND block buffer
- Fix memory leak in AppleSMC reset() handler
- Avoid VirtIO crypto backends abort o invalid session ID
- Fix overflow in LAN9118 MIL TX FIFO
- Fix overflow when abusing SDHCI TRNMOD register (CVE-2024-3447)
- Fix overrun in short fragmented packet SCTP checksum (CVE-2024-3567)
- Remove unused assignment in virtio-snd model (Coverity 1542933 & 1542934)

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmYWV94ACgkQ4+MsLN6t
# wN4+ew/+PqDmL4S8xXGQPi6Q8fxAogbwo1mPptDO2y8ChEjtc9LI5HOLu90EYz7A
# s62SPDsh3gx8vOthrJVEk0LqCbw4N3s5dFdmHNrnjXCsKQFifgucQ+yZy8ipy34N
# wWHSJ9nipBQLvkK23iCxkbl3cTyr44Rlweae/TZR4/FjFCEe3N555LQU0fruEqRo
# AHW1RjYhGvOfL9knLWzIQqW2QjcCnKky3bJhwHh3crfWE69nvVJTkbSF6oUxWSG0
# RzSToK3nN5tmvUlyvbTBE9u0K9JkOcbtMQiAgj39nR9xpsaUZZa0zSWOmliYIuBC
# kWuUY0/nAQk6gxHBKyu8q09ACBbzeCp+lVPOYXdxax8QMeURSa9fB1qY7JmI5QAZ
# bg0ypD2pvbxhidU5TWpw7araAYyBOJrEYjnOkhXB4oa01ZWu2d0uNhGWo83h3Wjy
# ahKrNDoVIQIdh8QkYy/ZqDwhCMoNM+pQcfUzsYxkqZC/JiiM/qxm87pTHQ/x2yQA
# l0MLzljGv90/dklokrqeg4REwMqfwzc74PUbKdCk43saemmatslK3ktu3xAzUlQW
# 2xmZQTnKwXDf+U3YnYryDddow2LsU7qlu8dlDGNd0WIrE5LRCCXzhv8la66O0jVE
# qMOHpBPkwMlACBwiXuxV6ucelk4vy+XvabeQUsizm0m+PR7TwJY=
# =9phd
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 10 Apr 2024 10:11:58 BST
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE

* tag 'hw-misc-20240410' of https://github.com/philmd/qemu:
hw/audio/virtio-snd: Remove unused assignment
hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()
hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set
hw/net/lan9118: Fix overflow in MIL TX FIFO
hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition
backends/cryptodev: Do not abort for invalid session ID
hw/misc/applesmc: Fix memory leak in reset() handler
hw/misc/applesmc: Do not call DeviceReset from DeviceRealize
hw/block/nand: Fix out-of-bound access in NAND block buffer
hw/block/nand: Have blk_load() take unsigned offset and return boolean
hw/block/nand: Factor nand_load_iolen() method out
qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo
hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs
hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs
hw/display/virtio-gpu: Protect from DMA re-entrancy bugs
hw/virtio: Introduce virtio_bh_new_guarded() helper

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

hw/audio/virtio-snd: Remove unused assignment

Coverity reported:

>>> CID 1542933: Code maintainability issues (UNUSED_VALUE)
>>> CID 1542934: Code maintainability issues (UNUSED_VAL

hw/audio/virtio-snd: Remove unused assignment

Coverity reported:

>>> CID 1542933: Code maintainability issues (UNUSED_VALUE)
>>> CID 1542934: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value "NULL" to "stream" here, but that stored
value is overwritten before it can be used.

Simply remove the unused assignments.

Resolves: Coverity CID 1542933
Resolves: Coverity CID 1542934
Fixes: 731655f87f ("virtio-snd: rewrite invalid tx/rx message handling")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-Id: <20240410053712.34747-1-philmd@linaro.org>

show more ...

Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

virtio,pc,pci: bugfixes

Tiny fixes: important but mostly obvious ones. Revert VDPA network sim
for this re

Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

virtio,pc,pci: bugfixes

Tiny fixes: important but mostly obvious ones. Revert VDPA network sim
for this release as there are questions around it's maintainatiblity.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmYU7qcPHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRpn/cIAJBWRN67BS5ysdHjK0Hmw1zumbLpK+85wlAv
# dTfmJmUnIV6Ft5yaFFXCpxVH0/lh/vhG2ra5+lu53mX+GMtwjdqk4Sufvo4TukXu
# uweHUqlb4pdL37Yf7Q9N6kSX4Ay3ITEC7N18IvlBU8be5gRhidejMWlKq/gW/1rk
# +mnWeD5Qxs91Lh2pxShcnsRah0D4UY47dNu3VnglC9wYb4fupukGgj0qOnqYDF2K
# tG9Us0grU/qF1FgqWwbrlhOUO1Ntlp4uYn4JNOFhswAFDPm2XXIJRIPUhoYEi9G2
# HhxGSpDjJm8I9BBbllDnQVpIbBFxoG/EiQRT64Nt+rw+Tq01sPA=
# =AZIl
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 09 Apr 2024 08:30:47 BST
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469

* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
qdev-monitor: fix error message in find_device_state()
vhost-user-blk: simplify and fix vhost_user_blk_handle_config_change
vdpa-dev: Fix the issue of device status not updating when configuration interruption is triggered
hw/virtio: Fix packed virtqueue flush used_idx
virtio-snd: rewrite invalid tx/rx message handling
virtio-snd: Enhance error handling for invalid transfers
Revert "hw/virtio: Add support for VDPA network simulation devices"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

virtio-snd: rewrite invalid tx/rx message handling

The current handling of invalid virtqueue elements inside the TX/RX virt
queue handlers is wrong.

They are added in a per-stream invalid queue to

virtio-snd: rewrite invalid tx/rx message handling

The current handling of invalid virtqueue elements inside the TX/RX virt
queue handlers is wrong.

They are added in a per-stream invalid queue to be processed after the
handler is done examining each message, but the invalid message might
not be specifying any stream_id; which means it's invalid to add it to
any stream->invalid queue since stream could be NULL at this point.

This commit moves the invalid queue to the VirtIOSound struct which
guarantees there will always be a valid temporary place to store them
inside the tx/rx handlers. The queue will be emptied before the handler
returns, so the queue must be empty at any other point of the device's
lifetime.

Signed-off-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-Id: <virtio-snd-rewrite-invalid-tx-rx-message-handling-v1.manos.pitsidianakis@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

virtio-snd: Enhance error handling for invalid transfers

This patch improves error handling in virtio_snd_handle_tx_xfer()
and virtio_snd_handle_rx_xfer() in the VirtIO sound driver. Previously,
'go

virtio-snd: Enhance error handling for invalid transfers

This patch improves error handling in virtio_snd_handle_tx_xfer()
and virtio_snd_handle_rx_xfer() in the VirtIO sound driver. Previously,
'goto' statements were used for error paths, leading to unnecessary
processing and potential null pointer dereferences. Now, 'continue' is
used to skip the rest of the current loop iteration for errors such as
message size discrepancies or null streams, reducing crash risks.

ASAN log illustrating the issue addressed:

ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000b4
#0 0x57cea39967b8 in qemu_mutex_lock_impl qemu/util/qemu-thread-posix.c:92:5
#1 0x57cea128c462 in qemu_mutex_lock qemu/include/qemu/thread.h:122:5
#2 0x57cea128d72f in qemu_lockable_lock qemu/include/qemu/lockable.h:95:5
#3 0x57cea128c294 in qemu_lockable_auto_lock qemu/include/qemu/lockable.h:105:5
#4 0x57cea1285eb2 in virtio_snd_handle_rx_xfer qemu/hw/audio/virtio-snd.c:1026:9
#5 0x57cea2caebbc in virtio_queue_notify_vq qemu/hw/virtio/virtio.c:2268:9
#6 0x57cea2cae412 in virtio_queue_host_notifier_read qemu/hw/virtio/virtio.c:3671:9
#7 0x57cea39822f1 in aio_dispatch_handler qemu/util/aio-posix.c:372:9
#8 0x57cea3979385 in aio_dispatch_handlers qemu/util/aio-posix.c:414:20
#9 0x57cea3978eb1 in aio_dispatch qemu/util/aio-posix.c:424:5
#10 0x57cea3a1eede in aio_ctx_dispatch qemu/util/async.c:360:5

Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-Id: <20240322110827.568412-1-zheyuma97@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

virtio,pc,pci: features, cleanups, fixes

more memslots support in libvhost-user
support PCIe Gen5/Gen6 link

Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

virtio,pc,pci: features, cleanups, fixes

more memslots support in libvhost-user
support PCIe Gen5/Gen6 link speeds in pcie
more traces in vdpa
network simulation devices support in vdpa
SMBIOS type 9 descriptor implementation
Bump max_cpus to 4096 vcpus in q35
aw-bits and granule options in VIRTIO-IOMMU
Support report NUMA nodes for device memory using GI in acpi
Beginning of shutdown event support in pvpanic

fixes, cleanups all over the place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmXw0TMPHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRp8x4H+gLMoGwaGAX7gDGPgn2Ix4j/3kO77ZJ9X9k/
# 1KqZu/9eMS1j2Ei+vZqf05w7qRjxxhwDq3ilEXF/+UFqgAehLqpRRB8j5inqvzYt
# +jv0DbL11PBp/oFjWcytm5CbiVsvq8KlqCF29VNzc162XdtcduUOWagL96y8lJfZ
# uPrOoyeR7SMH9lp3LLLHWgu+9W4nOS03RroZ6Umj40y5B7yR0Rrppz8lMw5AoQtr
# 0gMRnFhYXeiW6CXdz+Tzcr7XfvkkYDi/j7ibiNSURLBfOpZa6Y8+kJGKxz5H1K1G
# 6ZY4PBcOpQzl+NMrktPHogczgJgOK10t+1i/R3bGZYw2Qn/93Eg=
# =C0UU
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 12 Mar 2024 22:03:31 GMT
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469

* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (68 commits)
docs/specs/pvpanic: document shutdown event
hw/cxl: Fix missing reserved data in CXL Device DVSEC
hmat acpi: Fix out of bounds access due to missing use of indirection
hmat acpi: Do not add Memory Proximity Domain Attributes Structure targetting non existent memory.
qemu-options.hx: Document the virtio-iommu-pci aw-bits option
hw/arm/virt: Set virtio-iommu aw-bits default value to 48
hw/i386/q35: Set virtio-iommu aw-bits default value to 39
virtio-iommu: Add an option to define the input range width
virtio-iommu: Trace domain range limits as unsigned int
qemu-options.hx: Document the virtio-iommu-pci granule option
virtio-iommu: Change the default granule to the host page size
virtio-iommu: Add a granule property
hw/i386/acpi-build: Add support for SRAT Generic Initiator structures
hw/acpi: Implement the SRAT GI affinity structure
qom: new object to associate device to NUMA node
hw/i386/pc: Inline pc_cmos_init() into pc_cmos_init_late() and remove it
hw/i386/pc: Set "normal" boot device order in pc_basic_device_init()
hw/i386/pc: Avoid one use of the current_machine global
hw/i386/pc: Remove "rtc_state" link again
Revert "hw/i386/pc: Confine system flash handling to pc_sysfw"
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
# hw/core/machine.c

show more ...

hw/audio/virtio-sound: return correct command response size

The payload size returned by command VIRTIO_SND_R_PCM_INFO is
wrong. The code in process_cmd() assumes that all commands
return only a vir

hw/audio/virtio-sound: return correct command response size

The payload size returned by command VIRTIO_SND_R_PCM_INFO is
wrong. The code in process_cmd() assumes that all commands
return only a virtio_snd_hdr payload, but some commands like
VIRTIO_SND_R_PCM_INFO may return an additional payload.

Add a zero initialized payload_size variable to struct
virtio_snd_ctrl_command to allow for additional payloads.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20240218083351.8524-1-vr_qemu@t-online.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

show more ...

Merge tag 'pull-20231230' of https://gitlab.com/rth7680/qemu into staging

Mark VMStateField and VMStateDescription arrays const.

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXA

Merge tag 'pull-20231230' of https://gitlab.com/rth7680/qemu into staging

Mark VMStateField and VMStateDescription arrays const.

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmWPOFsdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8cCQgAnQjy3Ic1i225AElh
# 0Ph3Aiw6WT9pECLoKmyroxHbTGuaEJoIXeaOhMAnowCTBLoKRR3/Ooq0DGOW+l/Z
# f5PwWSkjkb+OcS+dj/kgQBu58/Gk5G8ogksqKQvci8k2okhjHmITSQDu0dtwzDZr
# jVGh3gmGoat73jQyD/nAwgWFawlLkklOMR/yvnFX7EJIBepRVbkMPayoKlB+6W07
# 1kqhSwoI0vQCjhJ3Q7Q0GC4rrHK3KUq7o/25yvICf4EgPKfsaym1wAjDhdKToixl
# 9T+ALZG8SiZZkBlb6l3QZ7pqtqavxYtPdZ2Gx/nMu0RRu4G33d5AVGHRrXj9qttW
# 5mL7ZQ==
# =uQ4C
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 29 Dec 2023 21:21:31 GMT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F

* tag 'pull-20231230' of https://gitlab.com/rth7680/qemu: (71 commits)
docs: Constify VMstate in examples
tests/unit/test-vmstate: Constify VMState
util/fifo8: Constify VMState
replay: Constify VMState
system: Constify VMState
migration: Constify VMState
cpu-target: Constify VMState
backends: Constify VMState
audio: Constify VMState
hw/misc/macio: Constify VMState
hw/watchdog: Constify VMState
hw/virtio: Constify VMState
hw/vfio: Constify VMState
hw/usb: Constify VMState
hw/tpm: Constify VMState
hw/timer: Constify VMState
hw/ssi: Constify VMState
hw/sparc: Constify VMState
hw/sensor: Constify VMState
hw/sd: Constify VMState
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

hw/audio: Constify VMState

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20231221031652.119827-24-richard.henderson@linaro.org>