The only user went away five years ago with commit a9420734 ('qcow2:
Simplify image creation'). It's about time to remove it.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Reviewed-by: NMax Reitz <mreitz@redhat.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>

block/raw-posix.c:947:19: warning: unused variable 's' [-Wunused-variable]
    BDRVRawState *s = aiocb->bs->opaque;

This variable is used only when on of the following macros are defined
CONFIG_XFS, CONFIG_FALLOCATE, CONFIG_FALLOCATE_PUNCH_HOLE or
CONFIG_FALLOCATE_ZERO_RANGE. Fortunately, CONFIG_FALLOCATE_PUNCH_HOLE
and CONFIG_FALLOCATE_ZERO_RANGE could be defined only along with
CONFIG_FALLOCATE. Therefore checking for CONFIG_XFS or CONFIG_FALLOCATE
would be enough.
Signed-off-by: NDenis V. Lunev <den@openvz.org>
CC: Peter Maydell <peter.maydell@linaro.org>
CC: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Previously, qemu block driver of sheepdog used hard-coded VDI object size.
This patch enables users to handle VDI object size.

When you start qemu, you don't need to specify additional command option.

But when you create the VDI which doesn't have default object size
with qemu-img command, you specify object_size option.

If you want to create a VDI of 8MB object size,
you need to specify following command option.

 # qemu-img create -o object_size=8M sheepdog:test1 100M

In addition, when you don't specify qemu-img command option,
a default value of sheepdog cluster is used for creating VDI.

 # qemu-img create sheepdog:test2 100M
Signed-off-by: NTeruaki Ishizaki <ishizaki.teruaki@lab.ntt.co.jp>
Acked-by: NHitoshi Mitake <mitake.hitoshi@lab.ntt.co.jp>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

This implements bdrv_co_get_block_status() for VHD images. This can
significantly speed up qemu-img convert operation because only with this
function implemented sparseness can be considered. (Before, converting a
1 TB empty image took several minutes for me, now it's instantaneous.)
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Reviewed-by: NMax Reitz <mreitz@redhat.com>

If total_sectors is rounded to match the geometry, total_size needs to
be changed as well. Otherwise we end up with an image whose geometry
describes a disk larger than the image file, which doesn't end well.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Reviewed-by: NMax Reitz <mreitz@redhat.com>

This adds a test for reentering a coroutine that previously yielded to a
coroutine that has meanwhile terminated.
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

qemu_coroutine_enter() is now the only user of coroutine_swap(). Both
functions are short, so inline it.

Also, using COROUTINE_YIELD is now even more confusing because this code
is never called during qemu_coroutine_yield() any more. In fact, this
value is never read back, so we can just introduce a new COROUTINE_ENTER
which documents the purpose of the task switch better.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>

Instead of using the same function for entering and exiting coroutines,
and hoping that it doesn't add any functionality that hurts with the
parameters used for exiting, we can just directly call into the real
task switch in qemu_coroutine_switch().

This fixes a use-after-free scenario where reentering a coroutine that
has yielded still accesses the old parent coroutine (which may have
meanwhile terminated) in the part of coroutine_swap() that follows
qemu_coroutine_switch().

Cc: qemu-stable@nongnu.org
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>

Xtensa updates:

- implement do_unassigned_access callback;
- fix ML605 xtfpga FLASH size.

# gpg: Signature made Sat Mar  7 12:35:05 2015 GMT using RSA key ID F83FA044
# gpg: Good signature from "Max Filippov <max.filippov@cogentembedded.com>"
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>"

* remotes/xtensa/tags/20150307-xtensa:
  target-xtensa: xtfpga: fix ml605 flash size
  target-xtensa: implement do_unassigned_access callback
  hw/xtensa: allow reads/writes in the system I/O region
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

* remotes/qmp-unstable/queue/qmp:
  docs: add memory-hotplug.txt
  qemu-options.hx: improve -m description
  virtio-balloon: Add some trace events
  virtio-balloon: Fix balloon not working correctly when hotplug memory
  pc-dimm: add a function to calculate VM's current RAM size
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

misc spice/qxl fixes.

# gpg: Signature made Wed Mar  4 13:57:42 2015 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/spice/tags/pull-spice-20150304-1:
  hmp: info spice: take out webdav
  hmp: info spice: Show string channel name
  qxl: drop update_displaychangelistener call for secondary qxl devices
  vga: refactor vram_size clamping and rounding
  qxl: refactor rounding up to a nearest power of 2
  spice: fix invalid memory access to vga.vram
  qxl: document minimal video memory for new modes
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set

# gpg: Signature made Tue Mar  3 07:38:43 2015 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-usb-20150303-1:
  xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

bootdevice: bug fixes

# gpg: Signature made Tue Mar  3 05:18:39 2015 GMT using RSA key ID DDE30FBB
# gpg: Good signature from "Gonglei <arei.gonglei@huawei.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 5178 9C82 617F 2F58 8693  63B1 BA7A 65B0 DDE3 0FBB

* remotes/gonglei/tags/bootdevice-next-20150303:
  bootdevice: add check in restore_boot_order()
  bootdevice: check boot order argument validation before vm running
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

TriCore RRR1, RRR2 instructions and bugfixes

# gpg: Signature made Tue Mar  3 01:12:02 2015 GMT using RSA key ID 6B69CA14
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>"

* remotes/bkoppelmann/tags/pull-tricore-20150303:
  target-tricore: Add instructions of RRR1 opcode format, which have 0xc3 as first opcode
  target-tricore: Add instructions of RRR1 opcode format, which have 0x43 as first opcode
  target-tricore: Add instructions of RRR1 opcode format, which have 0x83 as first opcode
  target-tricore: Add instructions of RRR2 opcode format
  target-tricore: fix msub32_suov return wrong results
  target-tricore: Fix RLC_ADDI, RLC_ADDIH using wrong microcode helper
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

ML605 daughterboard has 16MB flash, not 32MB. Change board definition
accordingly.

Cc: qemu-stable@nongnu.org
Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>

Depending on access type raise either InstrPIFDataError or
LoadStorePIFDataError exception.
Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>

Ignore writes to unassigned areas of system I/O regison and return 0 for
reads. This makes drivers for unimportant unimplemented hardware blocks
happy.
Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>

This document describes how to use memory hotplug in QEMU.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NPaulo Vital <paulo.vital@profitbricks.com>

Add memory hotplug options to the command-line format. Also,
add a complete command-line example and improve description.
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NPaulo Vital <paulo.vital@profitbricks.com>

Add some trace events for easier debugging
Signed-off-by: Nzhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>

When do memory balloon, it takes the 'ram_size' as the VM's current ram size,
But 'ram_size' is the startup configured ram size, it does not take into
account the hotplugged memory.

As a result, the balloon result will be confused.
Steps to reproduce:
(1)Start VM: qemu -m size=1024,slots=4,maxmem=8G
(2)In VM: #free -m : 1024M
(3)qmp balloon 512M
(4)In VM: #free -m : 512M
(5)hotplug pc-dimm 1G
(6)In VM: #free -m : 1512M
(7)qmp balloon 256M
(8)In VM: #free -m :1256M
We expect the VM's available ram size to be 256M after 'qmp balloon 256M'
command, but VM's real available ram size is 1256M.

For "qmp balloon" is not performance critical code, we use function
'get_current_ram_size' to get VM's current ram size.
Signed-off-by: Nzhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>

The global parameter 'ram_size' does not take into account
the hotplugged memory.

In some codes, we use 'ram_size' as current VM's real RAM size,
which is not correct.

Add function 'get_current_ram_size' to calculate VM's current RAM size,
it will enumerate present memory devices and also plus ram_size.
Signed-off-by: Nzhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>

# gpg: Signature made Mon Mar  2 21:45:18 2015 GMT using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"

* remotes/stefanha/tags/tracing-pull-request:
  trace: add DTrace reserved words for .d files
  unbreak dtrace tracing due to double _ in rdma names
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Updates for QEMU 2.3-rc0:
 - Error reporting and static cleanup (Alexey Kardashevskiy)
 - Runtime mmap disable for tracing (Samuel Pitoiset)
 - Support for host directed device request (Alex Williamson)

# gpg: Signature made Mon Mar  2 18:42:50 2015 GMT using RSA key ID 3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>"
# gpg:                 aka "Alex Williamson <alex@shazbot.org>"
# gpg:                 aka "Alex Williamson <alwillia@redhat.com>"
# gpg:                 aka "Alex Williamson <alex.l.williamson@gmail.com>"

* remotes/awilliam/tags/vfio-update-20150302.0:
  vfio-pci: Enable device request notification support
  vfio: allow to disable MMAP per device with -x-mmap=off option
  vfio: Make type1 listener symbols static
  vfio: Add ioctl number to error report
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Obvious suggestion for the next spice-protocol
release: Add some way to #ifdef new stuff.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Reviewed-by: NCole Robinson <crobinso@redhat.com>

If the iothread lock isn't taken by the main thread, the RCU callbacks
might run concurrently with the main thread.  QEMU's not ready for that.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Tested-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Tested-by: NGonglei <arei.gonglei@huawei.com>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

- more config options
- bootdevice, iscsi, virtio-scsi fixes
- build system patches for MinGW and config-devices.mak
- qemu_mutex_lock_iothread deadlock fixes
- another tiny patch from the record/replay series

# gpg: Signature made Mon Mar  2 09:59:14 2015 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  cpus: be more paranoid in avoiding deadlocks
  cpus: fix deadlock and segfault in qemu_mutex_lock_iothread
  virtio-scsi: Allocate op blocker reason before blocking
  Makefile.target: binary depends on config-devices
  Makefile: don't silence mak file test with V=1
  Makefile: fix up parallel building under MSYS+MinGW
  iscsi: Handle write protected case in reopen
  Give ivshmem its own config option
  Create specific config option for "platform-bus"
  Add specific config options for PCI-E bridges
  bootdevice: fix segment fault when booting guest with '-kernel' and '-initrd'
  timer: replace time() with QEMU_CLOCK_HOST
  virtio-scsi-dataplane: Call blk_set_aio_context within BQL
  block: Forbid bdrv_set_aio_context outside BQL
  scsi: give device a parent before setting properties
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

At the moment, when the XHCI driver in edk2
(MdeModulePkg/Bus/Pci/XhciDxe/XhciDxe.inf) runs on QEMU, with the options

  -device nec-usb-xhci -device usb-kbd

it crashes with:

  ASSERT MdeModulePkg/Bus/Pci/XhciDxe/XhciSched.c(1759):
  TrsRing != ((void*) 0)

The crash hits in the following edk2 call sequence (all files under
MdeModulePkg/Bus/):

UsbEnumerateNewDev()                         [Usb/UsbBusDxe/UsbEnumer.c]
  UsbBuildDescTable()                        [Usb/UsbBusDxe/UsbDesc.c]
    UsbGetDevDesc()                          [Usb/UsbBusDxe/UsbDesc.c]
      UsbCtrlGetDesc(USB_REQ_GET_DESCRIPTOR) [Usb/UsbBusDxe/UsbDesc.c]
        UsbCtrlRequest()                     [Usb/UsbBusDxe/UsbDesc.c]
          UsbHcControlTransfer()             [Usb/UsbBusDxe/UsbUtility.c]
            XhcControlTransfer()             [Pci/XhciDxe/Xhci.c]
              XhcCreateUrb()                 [Pci/XhciDxe/XhciSched.c]
                XhcCreateTransferTrb()       [Pci/XhciDxe/XhciSched.c]
              XhcExecTransfer()              [Pci/XhciDxe/XhciSched.c]
                XhcCheckUrbResult()          [Pci/XhciDxe/XhciSched.c]
                  //
                  // look for TRB_TYPE_DATA_STAGE event [1]
                  //
              //
              // Store a copy of the device descriptor, as the hub device
              // needs this info to configure endpoint. [2]
              //
  UsbSetConfig()                             [Usb/UsbBusDxe/UsbDesc.c]
    UsbCtrlRequest(USB_REQ_SET_CONFIG)       [Usb/UsbBusDxe/UsbDesc.c]
      UsbHcControlTransfer()                 [Usb/UsbBusDxe/UsbUtility.c]
        XhcControlTransfer()                 [Pci/XhciDxe/Xhci.c]
          XhcSetConfigCmd()                  [Pci/XhciDxe/XhciSched.c]
            XhcInitializeEndpointContext()   [Pci/XhciDxe/XhciSched.c]
              //
              // allocate transfer ring for the endpoint [3]
              //

USBKeyboardDriverBindingStart()              [Usb/UsbKbDxe/EfiKey.c]
  UsbIoAsyncInterruptTransfer()              [Usb/UsbBusDxe/UsbBus.c]
    UsbHcAsyncInterruptTransfer()            [Usb/UsbBusDxe/UsbUtility.c]
      XhcAsyncInterruptTransfer()            [Pci/XhciDxe/Xhci.c]
        XhcCreateUrb()                       [Pci/XhciDxe/Xhci.c]
          XhcCreateTransferTrb()             [Pci/XhciDxe/XhciSched.c]
            XhcSyncTrsRing()                 [Pci/XhciDxe/XhciSched.c]
              ASSERT (TrsRing != NULL) [4]

UsbEnumerateNewDev() in the USB bus driver issues a GET_DESCRIPTOR
request, in order to determine the number of configurations that the
endpoint supports. The requests consists of three stages (three TRBs),
setup, data, and status. The length of the response is determined in [1],
namely from the transfer event that the host controller generates in
response to the request's middle stage (ie. the data stage).

If the length of the answer is correct (a full GET_DESCRIPTOR request
takes 18 bytes), then the XHCI driver that underlies the USB bus driver
"snoops" (caches) the descriptor data for later [2].

Later, the USB bus driver sends a SET_CONFIG request. The underlying XHCI
driver allocates a transfer ring for the endpoint, relying on the data
snooped and cached in step [2].

Finally, the USB keyboard driver submits an asynchronous interrupt
transfer to manage the keyboard. As part of this it asserts [4] that the
ring has been allocated in step [3].

And this ASSERT() fires. The root cause can be found in the way QEMU
handles the initial GET_DESCRIPTOR request.

Again, that request consists of three stages (TRBs, Transfer Request
Blocks), "setup", "data", and "status". The XhcCreateTransferTrb()
function sets the IOC ("Interrupt on Completion") flag in each of these
TRBs.

According to the XHCI specification, the host controller shall generate a
Transfer Event in response to *each* individual TRB of the request that
had the IOC flag set. This means that QEMU should queue three events:
setup, data, and status, for edk2's XHCI driver.

However, QEMU only generates two events:
- one for the setup (ie. 1st) stage,
- another for the status (ie. 3rd) stage.

No event is generated for the middle (ie. data) stage. The loop in QEMU's
xhci_xfer_report() function runs three times, but due to the "reported"
variable, only the first and the last TRBs elicit events, the middle (data
stage) results in no event queued.

As a consequence:
- When handling the GET_DESCRIPTOR request, XhcCheckUrbResult() in [1]
  does not update the response length from zero.

- XhcControlTransfer() thinks that the response is invalid (it has zero
  length payload instead of 18 bytes), hence [2] is not reached; the
  device descriptor is not stashed for later, and the number of possible
  configurations is left at zero.

- When handling the SET_CONFIG request, (NumConfigurations == 0) from
  above prevents the allocation of the endpoint's transfer ring.

- When the keyboard driver tries to use the endpoint, the ASSERT() blows
  up.

The solution is to correct the emulation in QEMU, and to generate a
transfer event whenever IOC is set in a TRB.

The patch replaces

  !reported && (IOC || foo)    == !reported && IOC ||
                                  !reported && foo

with

  IOC || (!reported && foo)    == IOC ||
                                  !reported && foo

which only changes how

  reported && IOC

is handled. (Namely, it now generates an event.)

Tested with edk2 built for "qemu-system-aarch64 -M virt" (ie.
"ArmVirtualizationQemu.dsc", aka "AAVMF"), and guest Linux.
Signed-off-by: NLaszlo Ersek <lersek@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Useful for debugging.

https://bugzilla.redhat.com/show_bug.cgi?id=822418Signed-off-by: NCole Robinson <crobinso@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Commit 3dcadce5 added three
update_displaychangelistener call sites:

Two for primary qxl cards, when entering/leaving vga mode, which are
correct.

One for secondary qxl cards, which is wrong because we don't register
a displaychangelistener in the first place for secondary cards.

Remove it.
Reported-by: NBrad Campbell <lists2009@fnarfbargle.com>
Tested-by: NBrad Campbell <lists2009@fnarfbargle.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Make the code a bit more obvious.

We don't have min/max, so a general helper for clamp probably isn't
acceptable either.
Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

We already have pow2floor, mirror it and use instead of a function with
similar results (same in used domain), to clarify our intent.
Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

vga_common_init() doesn't allow more than 256 MiB vram size and silently
shrinks any larger value.  qxl_dirty_surfaces() used the unshrinked size
via qxl->shadow_rom.surface0_area_size when accessing the memory, which
resulted in segfault.

Add a workaround for this case and an assert if it happens again.

We have to bump the vga memory limit too, because 256 MiB wouldn't have
allowed 8k (it requires more than 128 MiB).
1024 MiB doesn't work, but 512 MiB seems fine.
Proposed-by: NGerd Hoffmann <kraxel@redhat.com>
Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

The alternative to removing existing comments.
Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

qemu_boot_set() can't fail in restore_boot_order(),
then simply assert it doesn't fail, by passing
&error_abort if boot_set_handler set.
Suggested-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NGonglei <arei.gonglei@huawei.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>

Either 'once' option or 'order' option can take effect for -boot at
the same time, that is say initial startup processing can check only
one. And pc.c's set_boot_dev() fails when its boot order argument
is invalid. This patch provide a solution fix this problem:

 1. If "once" is given, register reset handler to restore boot order.

 2. Pass the normal boot order to machine creation.  Should fail when
   the normal boot order is invalid.

 3. If "once" is given, set it with qemu_boot_set().  Fails when the
   once boot order is invalid.

 4. Start the machine.

 5. On reset, the reset handler calls qemu_boot_set() to restore boot
   order.  Should never fail.
Suggested-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NGonglei <arei.gonglei@huawei.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>

QemuOpts: Convert various setters to Error

# gpg: Signature made Thu Feb 26 13:56:43 2015 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"

* remotes/armbru/tags/pull-error-2015-02-26:
  qtest: Use qemu_opt_set() instead of qemu_opts_parse()
  pc: Use qemu_opt_set() instead of qemu_opts_parse()
  qemu-sockets: Simplify setting numeric and boolean options
  block: Simplify setting numeric options
  qemu-img: Suppress unhelpful extra errors in convert, amend
  QemuOpts: Propagate errors through opts_parse()
  QemuOpts: Propagate errors through opts_do_parse()
  QemuOpts: Drop qemu_opt_set(), rename qemu_opt_set_err(), fix use
  block: Suppress unhelpful extra errors in bdrv_img_create()
  qemu-img: Suppress unhelpful extra errors in convert, resize
  QemuOpts: Convert qemu_opts_set() to Error, fix its use
  QemuOpts: Convert qemu_opt_set_number() to Error, fix its use
  QemuOpts: Convert qemu_opt_set_bool() to Error, fix its use
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Add helpers helper_addsur_h/_ssov which adds one halfword and subtracts one
halfword, rounds / and saturates each half word independently.

Add microcode helper functions:
    * gen_maddsu_h/sus_h: multiply two halfwords left justified and add to the
                          first one word and subtract from the second one word
                          / and saturate each resulting word independetly.
    * gen_maddsum_h/sums_h: multiply two halfwords in q-format left justified
                            and add to the first one word and subtract from
                            the second one word / and saturate each resulting
                            word independetly.
    * gen_maddsur32_h/32s_h: multiply two halfwords in q-format left justified
                             and add to the first one word and subtract from
                             the second one word, round both results / and
                             saturate each resulting word independetly.
Signed-off-by: NBastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: NRichard Henderson <rth@twiddle.net>

Add helpers:
    * madd64_q_ssov: multiply two 32 bit q-format number, add them with a
                     64 bit q-format number and saturate.
    * madd32_q_add_ssov: add two 64 bit q-format numbers and return a 32 bit
                         result.
    * maddr_q_ssov: multiplay two 32 bit q-format numbers, add a 32 bit
                    q-format number and saturate.
    * maddr_q: multiplay two 32 bit q-format numbers and add a 32 bit
               q-format number.

Note: madd instructions in the q format can behave strange, e.g.
0x1 + (0x80000000 * 0x80000000) << 1 for 32 bit signed values does not cause an
overflow on the guest, because all intermediate results should be handled as if
they are indefinitely precise. We handle this by inverting the overflow bit for
all cases: a + (0x80000000 * 0x80000000) << 1.
Signed-off-by: NBastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: NRichard Henderson <rth@twiddle.net>

Add helpers:
    * add64_ssov: adds two 64 bit values and saturates the result.
    * addr_h/_ssov: adds two halfwords with two words in q-format with rounding
                    / and saturates each result independetly.

Add microcode generator:
    * gen_add64_d: adds two 64 bit values.
    * gen_addsub64_h: adds/subtracts one halfwords with a word and adds/
                      subtracts another halftword with another word.
    * gen_madd_h/s_h: multiply four halfwords, add each result left justfied
                      to two word values / and saturate each result.
    * gen_maddm_h/s_h: multiply four halfwords, add each result left justfied
                       to two words values in q-format / and saturate each
                       result.
    * gen_maddr32/64_h/s_h: multiply four halfwords, add each result left
                            justfied to two halftwords/words values in q-format
                            / and saturate each result.
Signed-off-by: NBastian Koppelmann <kbastian@mail.uni-paderborn.de>
Reviewed-by: NRichard Henderson <rth@twiddle.net>