Commit 89b516d8 ("glib: add
compatibility interface for g_get_monotonic_time()") aimed
at making qemu build with old glib versions. At least SLES11SP3,
however, contains a backport of g_get_monotonic_time() while
keeping the reported glib version at 2.22.

Let's work around this by a strategically placed #define.
Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com>
Message-id: 1427987865-433-2-git-send-email-cornelia.huck@de.ibm.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Another round of small fixes.  I am not including the
virtio-blk fix, because Wen only posted a prototype and the changes
I made were pretty large.  It definitely needs another pair of eyes
(but it is a 2.3 regression and a blocker).

# gpg: Signature made Thu Apr  2 14:59:56 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  Use $(MAKE) for recursive make
  kvm-all: Sync dirty-bitmap from kvm before kvm destroy the corresponding dirty_bitmap
  util/qemu-config: fix regression of qmp_query_command_line_options
  target-i386: clear bsp bit when designating bsp
  qga: fitering out -fstack-protector-strong
  target-i386: save 64-bit CR3 in 64-bit SMM state save area
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

On BSDs "make" is typically BSD make, while "gmake" is GNU make.
Signed-off-by: NEd Maste <emaste@freebsd.org>
Message-Id: <1427911118-21905-1-git-send-email-emaste@freebsd.org>
[Fix $(INSTALLER) too as reported by Fam Zheng. - Paolo]
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Sometimes, we destroy the dirty_bitmap in kvm_memory_slot before any sync action
occur, this bit in dirty_bitmap will be missed, and which will lead the corresponding
dirty pages to be missed in migration.

This usually happens when do migration during VM's Start-up or Reboot.
Signed-off-by: Nzhanghailiang <zhang.zhanghailiang@huawei.com>
[Use s->migration_log instead of exec.c's in_migration. - Paolo]
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Commit 49d2e648 (machine: remove qemu_machine_opts global list)
made machine options specific to machine sub-type, leaving
the qemu_machine_opts desc array empty. Sadly this is the place
qmp_query_command_line_options is looking for supported options.

As a fix for for 2.3 the machine_qemu_opts (the generic ones)
are restored only for qemu-config scope.
We need to find a better fix for 2.4.
Reported-by: NTony Krowiak <akrowiak@linux.vnet.ibm.com>
Signed-off-by: NMarcel Apfelbaum <marcel@redhat.com>
Message-Id: <1427906841-1576-1-git-send-email-marcel@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Since the BSP bit is writable on real hardware, during reset all the CPUs which
were not chosen to be the BSP should have their BSP bit cleared. This fix is
required for KVM to work correctly when it changes the BSP bit.

An additional fix is required for QEMU tcg to allow software to change the BSP
bit.
Signed-off-by: NNadav Amit <namit@cs.technion.ac.il>
Message-Id: <1427932716-11800-1-git-send-email-namit@cs.technion.ac.il>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

configure script may add -fstack-protector-strong option instead
of -fstack-protector-all, depending on availability ( see
commit 63678e17 ). Both options have to by filtered out for
qga-vss.dll, otherwise MinGW cross-compilation fails at linking
stage.
Signed-off-by: NJoseph Hindin <jhindin@daynix.com>
Message-Id: <1427906337-20805-2-git-send-email-jhindin@daynix.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

The x86_64 CR3 register is 64 bits wide, save all of them!
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

hw: Contain drive, serial, parallel, net misuse

# gpg: Signature made Thu Apr  2 14:32:00 2015 BST using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-hw-2015-04-02:
  sysbus: Make devices picking up backends unavailable with -device
  sdhci: Make device "sdhci-pci" unavailable with -device
  hw: Mark device misusing nd_table[] FIXME
  hw: Mark devices picking up char backends actively FIXME
  hw: Mark devices picking up block backends actively FIXME
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Device models aren't supposed to go on fishing expeditions for
backends.  They should expose suitable properties for the user to set.
For onboard devices, board code sets them.

A number of sysbus devices pick up block backends in their init() /
instance_init() methods with drive_get_next() instead: sl-nand,
milkymist-memcard, pl181, generic-sdhci.

Likewise, a number of sysbus devices pick up character backends in
their init() / realize() methods with qemu_char_get_next_serial():
cadence_uart, digic-uart, etraxfs,serial, lm32-juart, lm32-uart,
milkymist-uart, pl011, stm32f2xx-usart, xlnx.xps-uartlite.

All these mistakes are already marked FIXME.  See the commit that
added these FIXMEs for a more detailed explanation of what's wrong.

Fortunately, only machines ppce500 and pseries-* support -device with
sysbus devices, and none of the devices above is supported with these
machines.

Set cannot_instantiate_with_device_add_yet to preserve our luck.

Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Antony Pavlov <antonynpavlov@gmail.com>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

Device models aren't supposed to go on fishing expeditions for
backends.  They should expose suitable properties for the user to set.
For onboard devices, board code sets them.

"sdhci-pci" picks up its block backend in its realize() method with
drive_get_next() instead.  Already marked FIXME.  See the commit that
added the FIXME for a more detailed explanation of what's wrong.

We can't fix this in time for the release, but since the device is new
in 2.3, we can set cannot_instantiate_with_device_add_yet to disable
it before this mistake becomes ABI, and we have to support command
lines like

    $ qemu -drive if=sd -drive if=sd,file=sd.img -device sdhci-pci -device sdhci-pci

forever.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

NICs defined with -net nic are for board initialization to wire up.
Board code examines nd_table[] to find them, and creates devices with
their qdev NIC properties set accordingly.

Except "allwinner-a10" goes on a fishing expedition for NIC
configuration instead of exposing the usual NIC properties for board
code to set: it uses nd_table[0] in its instance_init() method.

Picking up the first -net nic option's configuration that way works
when the device is created by board code.  But it's inappropriate for
-device and device_add.  Not only is it inconsistent with how the
other block device models work (they get their configuration from
properties "mac", "vlan", "netdev"), it breaks when nd_table[0] has
been picked up by the board or a previous -device / device_add
already.

Example:

    $ qemu-system-arm -S -M cubieboard -device allwinner-a10
    qemu-system-arm: -device allwinner-a10: Property 'allwinner-emac.netdev' can't take value 'hub0port0', it's in use
    Aborted (core dumped)

It also breaks in other entertaining ways:

    $ qemu-system-arm -M highbank -device allwinner-a10
    qemu-system-arm: -device allwinner-a10: Unsupported NIC model: xgmac
    $ qemu-system-arm -M highbank -net nic,model=allwinner-emac -device allwinner-a10
    qemu-system-arm: Unsupported NIC model: allwinner-emac

Mark the mistake with a FIXME comment.

Cc: Li Guang <lig.fnst@cn.fujitsu.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

Character devices defined with -serial and -parallel are for board
initialization to wire up.  Board code examines serial_hds[] and
parallel_hds[] to find them, and creates devices with their qdev
chardev properties set accordingly.

Except a few devices go on a fishing expedition for a suitable backend
instead of exposing a chardev property for board code to set: they use
serial_hds[] (often via qemu_char_get_next_serial()) or parallel_hds[]
in their realize() or init() method to connect to a backend.

Picking up backends that way works when the devices are created by
board code.  But it's inappropriate for -device or device_add.  Not
only is it inconsistent with how the other characrer device models
work (they connect to a backend explicitly identified by a "chardev"
property), it breaks when the backend has been picked up by the board
or a previous -device / device_add already.

Example:

    $ qemu-system-ppc64 -M bamboo -S -device i82378 -device pc87312 -device pc87312
    qemu-system-ppc64: -device pc87312: Property 'isa-parallel.chardev' can't take value 'parallel0', it's in use

Mark them with suitable FIXME comments.

Cc: Li Guang <lig.fnst@cn.fujitsu.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: Antony Pavlov <antonynpavlov@gmail.com>
Cc: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: Michael Walle <michael@walle.cc>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: "Andreas Färber" <andreas.faerber@web.de>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

Drives defined with if!=none are for board initialization to wire up.
Board code calls drive_get() or similar to find them, and creates
devices with their qdev drive properties set accordingly.

Except a few devices go on a fishing expedition for a suitable backend
instead of exposing a drive property for board code to set: they call
driver_get() or drive_get_next() in their realize() or init() method
to implicitly connect to the "next" backend with a certain interface
type.

Picking up backends that way works when the devices are created by
board code.  But it's inappropriate for -device or device_add.  Not
only is this inconsistent with how the other block device models work
(they connect to a backend explicitly identified by a "drive"
property), it breaks when the "next" backend has been picked up by the
board already.

Example:

    $ qemu-system-arm -S -M connex -pflash flash.img -device ssi-sd
    Aborted (core dumped)

Mark them with suitable FIXME comments.

Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: "Andreas Färber" <andreas.faerber@web.de>
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

Commits 6e05a12f and db25a158 both attempt to fix the
same "failed to free memory containing flash filename" bug,
with the effect that when they were both applied we ended
up freeing the memory twice. Delete the spurious extra free.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NStefan Weil <sw@weilnetz.de>
Message-id: 1427968334-14527-1-git-send-email-peter.maydell@linaro.org

As 4de9a883(hw/arm/virt: Fix memory leak reported by Coverity)
and 6e05a12f(arm: fix memory leak) both handle the memory leak
reported by Coverity, this cause qemu corruption due to
double free.
Signed-off-by: NShannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: NShannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: NStefan Weil <sw@weilnetz.de>
Message-id: 1427944026-8968-1-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

target-arm:
 * Fix broken migration on AArch64 KVM
 * Fix minor memory leaks in virt, vexpress, highbank
 * Honour requested filename when loading highbank rom image

# gpg: Signature made Wed Apr  1 18:06:09 2015 BST using RSA key ID 14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"

* remotes/pmaydell/tags/pull-target-arm-20150401:
  target-arm: kvm64 fix save/restore of SPSR regs
  target-arm: kvm64 sync FP register state
  hw/intc: arm_gic_kvm.c restore config first
  target-arm: kvm: save/restore mp state
  target-arm: Store SPSR_EL1 state in banked_spsr[1] (SPSR_svc)
  hw/arm/virt: Fix memory leak reported by Coverity
  hw/arm/vexpress: Fix memory leak reported by Coverity
  hw/arm/highbank: Fix resource leak and wrong image loading
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

The current code was negatively indexing the cpu state array and not
synchronizing banked spsr register state with the current mode's spsr
state, causing occasional failures with migration.

Some munging is done to take care of the aarch64 mapping and also to
ensure the most current value of the spsr is updated to the banked
registers (relevant for KVM<->TCG migration).
Signed-off-by: NAlex Bennée <alex.bennee@linaro.org>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

For migration to work we need to sync all of the register state. This is
especially noticeable when GCC starts using FP registers as spill
registers even with integer programs.
Signed-off-by: NAlex Bennée <alex.bennee@linaro.org>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

As there is logic to deal with the difference between edge and level
triggered interrupts in the kernel we must ensure it knows the
configuration of the IRQs before we restore the pending state.
Signed-off-by: NAlex Bennée <alex.bennee@linaro.org>
Acked-by: NChristoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

This adds the saving and restore of the current Multi-Processing state
of the machine. While the KVM_GET/SET_MP_STATE API exposes a number of
potential states for x86 we only use two for ARM. Either the process is
running or not. We then save this state into the cpu_powered TCG state
to avoid changing the serialisation format.
Signed-off-by: NAlex Bennée <alex.bennee@linaro.org>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

The AArch64 SPSR_EL1 register is architecturally mandated to
be mapped to the AArch32 SPSR_svc register. This means its
state should live in QEMU's env->banked_spsr[1] field.
Correct the various places in the code that incorrectly
put it in banked_spsr[0].
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

As the conditional statement had to be split anyway, we can also
add a better error report message.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Message-id: 1426877982-3603-1-git-send-email-sw@weilnetz.de
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

As the conditional statement had to be split anyway, we can also
add a better error report message.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Message-id: 1426877963-3556-1-git-send-email-sw@weilnetz.de
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Coverity reports a resource leak for sysboot_filename which is allocated
by qemu_find_file.

In addition, that name is used to get the size of the image, but a
different image name was used to load it.

In addition, instead of passing the maximum allowed image size the actual
image size was passed to load_image_targphys.

Fix all three issues.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Message-id: 1426326781-2488-1-git-send-email-sw@weilnetz.de
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

vnc: fix websocket security issues (cve-2015-1779).

# gpg: Signature made Wed Apr  1 16:14:34 2015 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-cve-2015-1779-20150401-2:
  CVE-2015-1779: limit size of HTTP headers from websockets clients
  CVE-2015-1779: incrementally decode websocket frames
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

The VNC server websockets decoder will read and buffer data from
websockets clients until it sees the end of the HTTP headers,
as indicated by \r\n\r\n. In theory this allows a malicious to
trick QEMU into consuming an arbitrary amount of RAM. In practice,
because QEMU runs g_strstr_len() across the buffered header data,
it will spend increasingly long burning CPU time searching for
the substring match and less & less time reading data. So while
this does cause arbitrary memory growth, the bigger problem is
that QEMU will be burning 100% of available CPU time.

A novnc websockets client typically sends headers of around
512 bytes in length. As such it is reasonable to place a 4096
byte limit on the amount of data buffered while searching for
the end of HTTP headers.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

The logic for decoding websocket frames wants to fully
decode the frame header and payload, before allowing the
VNC server to see any of the payload data. There is no
size limit on websocket payloads, so this allows a
malicious network client to consume 2^64 bytes in memory
in QEMU. It can trigger this denial of service before
the VNC server even performs any authentication.

The fix is to decode the header, and then incrementally
decode the payload data as it is needed. With this fix
the websocket decoder will allow at most 4k of data to
be buffered before decoding and processing payload.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

[ kraxel: fix frequent spurious disconnects, suggested by Peter Maydell ]

  @@ -361,7 +361,7 @@ int vncws_decode_frame_payload(Buffer *input,
  -        *payload_size = input->offset;
  +        *payload_size = *payload_remain;

[ kraxel: fix 32bit build ]

  @@ -306,7 +306,7 @@ struct VncState
  -    uint64_t ws_payload_remain;
  +    size_t ws_payload_remain;
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Fix for object_del of in-use memory, pvpanic
regression, PPC regression and bogus error message with
Oxygen theme.

# gpg: Signature made Wed Apr  1 09:08:20 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  Revert "exec: Respect as_tranlsate_internal length clamp"
  rcu: do not create thread in pthread_atfork callback
  pc: acpi: fix pvpanic regression
  hostmem: Prevent removing an in-use memory backend
  qom: Add can_be_deleted callback to UserCreatableClass
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

This reverts commit c3c1bb99.
It causes problems with boards that declare memory regions shorter
than the registers they contain.
Reported-by: NZoltan Balaton <balaton@eik.bme.hu>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

If QEMU forks after the CPU threads have been created, qemu_mutex_lock_iothread
will not be able to do qemu_cpu_kick_thread.  There is no solution other than
assuming that forks after the CPU threads have been created will end up in an
exec.  Forks before the CPU threads have been created (such as -daemonize)
have to call rcu_after_fork manually.

Notably, the oxygen theme for GTK+ forks and shows a "No such process" error
without this patch.

This patch can be reverted once the iothread loses the "kick the TCG thread"
magic.

User-mode emulation does not use the iothread, so it can also call
rcu_after_fork.

Reported by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Tested by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Commit cd61cb2e  pc: acpi-build: generate pvpanic device description dynamically

introduced regression changing pvpanic device HID from
QEMU0001 to QEMU0002.
Fix AML generated code so that pvpanic device
would keep its original HID. i.e. QEMU0001
Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
Reported-by: NGal Hammer <ghammer@redhat.com>
Message-Id: <1427717907-25027-1-git-send-email-imammedo@redhat.com>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

showing a memory device whose memdev is removed leads an assert:

(qemu) object_add memory-backend-ram,id=ram0,size=128M
(qemu) device_add pc-dimm,id=d0,memdev=ram0
(qemu) object_del ram0
(qemu) info memory-devices
**
ERROR:qom/object.c:1274:object_get_canonical_path_component:\
                            assertion failed: (obj->parent != NULL)
Aborted

The patch prevents removing an in-use mem backend and error out.
Signed-off-by: NLin Ma <lma@suse.com>
Message-Id: <1427704589-7688-3-git-send-email-lma@suse.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

If backends implement the can_be_deleted and it returns false,
Then the qmp_object_del won't delete the given backends.
Signed-off-by: NLin Ma <lma@suse.com>
Message-Id: <1427704589-7688-2-git-send-email-lma@suse.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

QOM infrastructure fixes and device conversions

* Fix for adding alias properties with [*]

# gpg: Signature made Tue Mar 31 11:59:00 2015 BST using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qom-devices-for-peter:
  qom: Fix object_property_add_alias() with [*]
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Commit 80742642 (qom: Add description field in ObjectProperty struct)
introduced property descriptions and copied them for alias properties.

Instead of using the caller-supplied property name, use the returned
property name for setting the description. This avoids an Error when
setting a property description for a property with literal "[*]" that
doesn't exist due to automatic property naming in object_property_add().
Reviewed-by: NGonglei <arei.gonglei@huawei.com>
Acked-by: NPaolo Bonzini <pbonzini@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: qemu-stable@nongnu.org (v2.2+)
Signed-off-by: NAndreas Färber <afaerber@suse.de>

QTest cleanups

* Change fw_cfg-test and i440fx-test GTester paths
* Extend libqtest API as necessary

# gpg: Signature made Mon Mar 30 18:29:39 2015 BST using RSA key ID 3E7E013F
# gpg: Good signature from "Andreas Färber <afaerber@suse.de>"
# gpg:                 aka "Andreas Färber <afaerber@suse.com>"

* remotes/afaerber/tags/qtest-for-2.3:
  i440fx-test: Fix test paths to include architecture
  qtest: Add qtest_add() wrapper macro
  qtest: Add qtest_add_data_func() wrapper function
  fw_cfg-test: Fix test path to include architecture
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

TriCore bugfixes

# gpg: Signature made Mon Mar 30 12:40:50 2015 BST using RSA key ID 6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"

* remotes/bkoppelmann/tags/pull-tricore-20150330:
  target-tricore: fix CACHEA/I_POSTINC/PREINC using data register..
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

s390x fixes:
- virtqueue index issues in virtio-ccw
- cleanup and sign extension fix for the ipl device

# gpg: Signature made Mon Mar 30 08:52:54 2015 BST using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"

* remotes/cohuck/tags/s390x-20150330:
  s390x/ipl: avoid sign extension
  s390x: do not include ram_addr.h
  virtio-ccw: range check in READ_VQ_CONF
  virtio-ccw: fix range check for SET_VQ
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Replace g_test_add_func() with new qtest_add_func() and g_test_add()
macro with qtest_add() macro. This effectively changes GTester paths:

  /i440fx/foo -> /x86_64/i440fx/foo etc.

Cc: qemu-stable@nongnu.org
Reviewed-by: NJohn Snow <jsnow@redhat.com>
Signed-off-by: NAndreas Färber <afaerber@suse.de>