Use stl_le_p() & friends instead of casts.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20181015055333.32030-1-kraxel@redhat.com

ui: gtk fixes, support more formats in sdl2.

# gpg: Signature made Fri 12 Oct 2018 14:21:24 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20181012-pull-request:
  gtk: fix uninitialized variable
  sdl2: Support all virtio-gpu formats
  gtk: Don't vte_terminal_set_encoding() on new VTE versions
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

zoom_to_fit is never initialized to false, Coverity complains
(not sure why GCC does not).

Fixes: e8b1386e
Cc: kraxel@redhat.com
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20181003121138.22037-1-pbonzini@redhat.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

There are some 2D resource formats that can be used through virtio-gpu,
but which are not supported by SDL2 when used for a scanout; these are
all alpha-channel formats and also XBGR (RGBX in non-BE pixman).

Add these formats in the switch converting pixman to SDL format
constants so a guest cannot crash the VM by triggering the
g_assert_not_reached() with an unsupported format.
Signed-off-by: NMax Reitz <mreitz@redhat.com>
Message-id: 20181008185013.19371-1-mreitz@redhat.com

[ kraxel: also update sdl2_2d_check_format() ]
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

The function vte_terminal_set_encoding() is deprecated since VTE 0.54,
so stop calling it from that version on. This fixes a build error
because of our use of warning flags [-Werror=deprecated-declarations].

Fixes: https://bugs.launchpad.net/bugs/1794939Reported-by: NBastian Koppelmann <kbastian@mail.uni-paderborn.de>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Message-id: 20181011153039.2324-1-kwolf@redhat.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

More s390x updates:
- introduce support for vfio-ap (s390 crypto devices), including a
  Linux headers update to get the new interfaces
- the usual fixing + cleanup

# gpg: Signature made Fri 12 Oct 2018 10:54:38 BST
# gpg:                using RSA key DECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>"
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>"
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20181012:
  hw/s390x: Include the tod-qemu also for builds with --disable-tcg
  s390: doc: detailed specifications for AP virtualization
  s390x/vfio: ap: Introduce VFIO AP device
  s390x/ap: base Adjunct Processor (AP) object model
  s390x/kvm: enable AP instruction interpretation for guest
  s390x/cpumodel: Set up CPU model for AP device support
  linux-headers: update
  target/s390x/excp_helper: Remove DPRINTF() macro
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Block patches

One fix from Paolo on nvme:// driver.
One fix from Marc-Andre for iothread.

# gpg: Signature made Fri 12 Oct 2018 02:49:42 BST
# gpg:                using RSA key CA35624C6A9171C6
# gpg: Good signature from "Fam Zheng <famz@redhat.com>"
# Primary key fingerprint: 5003 7CB7 9706 0F76 F021  AD56 CA35 624C 6A91 71C6

* remotes/famz/tags/block-pull-request:
  nvme: correct locking around completion
  iothread: fix crash with invalid properties
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Migration pull 2018-10-11

With one bonus HMP fix.

# gpg: Signature made Thu 11 Oct 2018 20:23:12 BST
# gpg:                using RSA key 0516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>"
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert/tags/pull-migration-20181011a:
  migration-test: Only generate a single target architecture
  qmp, hmp: make subsystem/system-vendor identities optional
  vhost-user: Don't ask for reply on postcopy mem table set
  vhost-user: Fix userfaultfd leak
  migration: Stop postcopy fault thread before notifying
  tests/migration: Enable the migration test on s390x, too
  tests: Add migration test for aarch64
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

The device is required for running qtests, see hw/s390x/tod.c:

void s390_init_tod(void)
{
    Object *obj;

    if (kvm_enabled()) {
        obj = object_new(TYPE_KVM_S390_TOD);
    } else {
        obj = object_new(TYPE_QEMU_S390_TOD);
    }
    [...]
  }

During qtests, we're running without kvm, so TYPE_QEMU_S390_TOD is
required to avoid that QEMU aborts here.

Fixes: 8046f374 ("s390x/tod: factor out TOD into separate device")
Signed-off-by: NThomas Huth <thuth@redhat.com>
Message-Id: <1539264723-741-1-git-send-email-thuth@redhat.com>
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Signed-off-by: NCornelia Huck <cohuck@redhat.com>

This patch provides documentation describing the AP architecture and
design concepts behind the virtualization of AP devices. It also
includes an example of how to configure AP devices for exclusive
use of KVM guests.
Signed-off-by: NTony Krowiak <akrowiak@linux.ibm.com>
Reviewed-by: NPierre Morel <pmorel@linux.ibm.com>
Tested-by: NPierre Morel <pmorel@linux.ibm.com>
Tested-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20181010170309.12045-7-akrowiak@linux.ibm.com>
Signed-off-by: NCornelia Huck <cohuck@redhat.com>

Introduces a VFIO based AP device. The device is defined via
the QEMU command line by specifying:

    -device vfio-ap,sysfsdev=<path-to-mediated-matrix-device>

There may be only one vfio-ap device configured for a guest.

The mediated matrix device is created by the VFIO AP device
driver by writing a UUID to a sysfs attribute file (see
docs/vfio-ap.txt). The mediated matrix device will be named
after the UUID. Symbolic links to the $uuid are created in
many places, so the path to the mediated matrix device $uuid
can be specified in any of the following ways:

/sys/devices/vfio_ap/matrix/$uuid
/sys/devices/vfio_ap/matrix/mdev_supported_types/vfio_ap-passthrough/devices/$uuid
/sys/bus/mdev/devices/$uuid
/sys/bus/mdev/drivers/vfio_mdev/$uuid

When the vfio-ap device is realized, it acquires and opens the
VFIO iommu group to which the mediated matrix device is
bound. This causes a VFIO group notification event to be
signaled. The vfio_ap device driver's group notification
handler will get called at which time the device driver
will configure the the AP devices to which the guest will
be granted access.
Signed-off-by: NTony Krowiak <akrowiak@linux.ibm.com>
Tested-by: NPierre Morel <pmorel@linux.ibm.com>
Acked-by: NHalil Pasic <pasic@linux.ibm.com>
Tested-by: NPierre Morel <pmorel@linux.ibm.com>
Tested-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20181010170309.12045-6-akrowiak@linux.ibm.com>
Reviewed-by: NThomas Huth <thuth@redhat.com>
[CH: added missing g_free and device category]
Signed-off-by: NCornelia Huck <cohuck@redhat.com>

Introduces the base object model for virtualizing AP devices.
Signed-off-by: NTony Krowiak <akrowiak@linux.ibm.com>
Tested-by: NPierre Morel <pmorel@linux.ibm.com>
Acked-by: NDavid Hildenbrand <david@redhat.com>
Reviewed-by: NThomas Huth <thuth@redhat.com>
Reviewed-by: NHalil Pasic <pasic@linux.ibm.com>
Tested-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20181010170309.12045-5-akrowiak@linux.ibm.com>
Signed-off-by: NCornelia Huck <cohuck@redhat.com>

Let's use the KVM_SET_DEVICE_ATTR ioctl to enable hardware
interpretation of AP instructions executed on the guest.
If the S390_FEAT_AP feature is switched on for the guest,
AP instructions must be interpreted by default; otherwise,
they will be intercepted.

This attribute setting may be overridden by a device. For example,
a device may want to provide AP instructions to the guest (i.e.,
S390_FEAT_AP turned on), but it may want to emulate them. In this
case, the AP instructions executed on the guest must be
intercepted; so when the device is realized, it must disable
interpretation.
Signed-off-by: NTony Krowiak <akrowiak@linux.ibm.com>
Tested-by: NPierre Morel <pmorel@linux.ibm.com>
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Reviewed-by: NThomas Huth <thuth@redhat.com>
Reviewed-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Acked-by: NHalil Pasic <pasic@linux.ibm.com>
Tested-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20181010170309.12045-4-akrowiak@linux.ibm.com>
Signed-off-by: NCornelia Huck <cohuck@redhat.com>

A new CPU model feature and two new CPU model facilities are
introduced to support AP devices for a KVM guest.

CPU model features:

1. The S390_FEAT_AP CPU model feature indicates whether AP
   instructions are available to the guest. This feature will
   be enabled only if the AP instructions are available on the
   linux host as determined by the availability of the
   KVM_S390_VM_CRYPTO_ENABLE_APIE VM attribute which is exposed
   by KVM only if the AP instructions are available on the
   host.

   This feature must be turned on from userspace to execute AP
   instructions on the KVM guest. The QEMU command line to turn
   this feature on looks something like this:

	qemu-system-s390x ... -cpu xxx,ap=on ...

   This feature will be supported for zEC12 and newer CPU models.
   The feature will not be supported for older models because
   there are few older systems on which to test and the older
   crypto cards will be going out of service in the relatively
   near future.

CPU model facilities:

1. The S390_FEAT_AP_QUERY_CONFIG_INFO feature indicates whether the
   AP Query Configuration Information (QCI) facility is available
   to the guest as determined by whether the facility is available
   on the host. This feature will be exposed by KVM only if the
   QCI facility is installed on the host.

2. The S390_FEAT_AP_FACILITY_TEST feature indicates whether the AP
   Facility Test (APFT) facility is available to the guest as
   determined by whether the facility is available on the host.
   This feature will be exposed by KVM only if APFT is installed
   on the host.
Signed-off-by: NTony Krowiak <akrowiak@linux.ibm.com>
Tested-by: NPierre Morel <pmorel@linux.ibm.com>
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Reviewed-by: NHalil Pasic <pasic@linux.ibm.com>
Reviewed-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Tested-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20181010170309.12045-3-akrowiak@linux.ibm.com>
Signed-off-by: NCornelia Huck <cohuck@redhat.com>

Update to kvm/next commit dd5bd0a65ff6 ("Merge tag 'kvm-s390-next-4.20-1'
of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD")
Signed-off-by: NCornelia Huck <cohuck@redhat.com>

Debug macros that are disabled by default should be avoided (since the
code bit-rots quite easily). Thus turn these debug prints into proper
qemu_log_mask(CPU_LOG_xxx, ...) statements instead. The DPRINTF statements
in do_[ext|io|mchk]_interrupt can even be removed completely since we can
log the information in a central place, s390_cpu_do_interrupt, instead.
Signed-off-by: NThomas Huth <thuth@redhat.com>
Message-Id: <1538751601-7433-1-git-send-email-thuth@redhat.com>
Reviewed-by: NDavid Hildenbrand <david@redhat.com>
Signed-off-by: NCornelia Huck <cohuck@redhat.com>

nvme_poll_queues is already protected by q->lock, and
AIO callbacks are invoked outside the AioContext lock.
So remove the acquire/release pair in nvme_handle_event.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Message-Id: <20180814062739.19640-1-pbonzini@redhat.com>
Signed-off-by: NFam Zheng <famz@redhat.com>

-object iothread,id=foo,? will crash qemu:

qemu-system-x86_64:qemu-thread-posix.c:128: qemu_cond_destroy: Assertion `cond->initialized' failed.

Use thread_id != -1 to check if iothread_complete() finished
successfully and the mutex/cond have been initialized.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180821100716.13803-1-marcandre.lureau@redhat.com>
Signed-off-by: NFam Zheng <famz@redhat.com>

Several changes:
- We only allow generate header "inside" the tree.  Why?  Because we
  need to connit the result, so it makes no sense to generate them on
  the build dir.
- We only generate a single target each time.  Getting all the
  cross-compilers correctly is an impossible task.  So know you do:
     make -C tests/migration $target (native)
     make CROSS_PREFIX=foo- -C tests/migratiion $target (cross)
  And you are done.

- If we are building out of tree, we have no data about if we are
  cross-compile or whatever.  So instead of guess what is happening,
  just do what I pointed on previous point.
Signed-off-by: NJuan Quintela <quintela@redhat.com>
Message-Id: <20180913132313.11370-1-quintela@redhat.com>
Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>

According to PCI specification, subsystem id and subsystem vendor id
are present only in type 0 and type 2 headers (at different offsets),
but not in type 1 headers.

Thus we should make this data optional in struct PciDeviceId and skip
reporting them via HMP if the information is not available.

Additional (wrong information) about PCI bridges (Type1 devices) has been
added in 5383a705 and fortunately not released. This patch fixes that
problem. The problem was spotted by Markus.
Signed-off-by: NDenis V. Lunev <den@openvz.org>
CC: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
CC: Eric Blake <eblake@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
Message-Id: <20181002135538.12113-1-den@openvz.org>
Reported-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>

According to documentation, NEED_REPLY_MASK should not be set
for VHOST_USER_SET_MEM_TABLE request in postcopy mode.
This restriction was mistakenly applied to 'reply_supported'
variable, which is local and used only for non-postcopy case.

CC: Dr. David Alan Gilbert <dgilbert@redhat.com>
Fixes: 9bb38019 ("vhost+postcopy: Send address back to qemu")
Signed-off-by: NIlya Maximets <i.maximets@samsung.com>
Message-Id: <20181002140947.4107-1-i.maximets@samsung.com>
Reviewed-by: NMaxime Coquelin <maxime.coquelin@redhat.com>
Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>

'fd' received from the vhost side is never freed.
Also, everything (including 'postcopy_listen' state) should be
cleaned up on vhost cleanup.

Fixes: 46343570 ("vhost+postcopy: Wire up POSTCOPY_END notify")
Fixes: f82c1116 ("vhost+postcopy: Register shared ufd with postcopy")
Cc: qemu-stable@nongnu.org
Signed-off-by: NIlya Maximets <i.maximets@samsung.com>
Message-Id: <20181008160536.6332-3-i.maximets@samsung.com>
Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: NMaxime Coquelin <maxime.coquelin@redhat.com>
Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>

POSTCOPY_NOTIFY_INBOUND_END handlers will remove userfault fds
from the postcopy_remote_fds array which could be still in
use by the fault thread. Let's stop the thread before
notification to avoid possible accessing wrong memory.

Fixes: 46343570 ("vhost+postcopy: Wire up POSTCOPY_END notify")
Cc: qemu-stable@nongnu.org
Signed-off-by: NIlya Maximets <i.maximets@samsung.com>
Message-Id: <20181008160536.6332-2-i.maximets@samsung.com>
Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: NMaxime Coquelin <maxime.coquelin@redhat.com>
Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>

We can re-use the s390-ccw bios code to implement a small firmware
for a s390x guest which prints out the "A" and "B" characters and
modifies the memory, as required for the migration test.

[quintela: Converted the compile script to Makefile rules]
Signed-off-by: NJuan Quintela <quintela@redhat.com>
Signed-off-by: NThomas Huth <thuth@redhat.com>
Message-Id: <1539078677-25396-1-git-send-email-thuth@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
  Fixed up Makefile since the aarch patch sneaked in first

This patch adds migration test support for aarch64. The test code, which
implements the same functionality as x86, is booted as a kernel in qemu.
Here are the design choices we make for aarch64:

 * We choose this -kernel approach because aarch64 QEMU doesn't provide a
   built-in fw like x86 does. So instead of relying on a boot loader, we
   use -kernel approach for aarch64.
 * The serial output is sent to PL011 directly.
 * The physical memory base for mach-virt machine is 0x40000000. We change
   the start_address and end_address for aarch64.

In addition to providing the binary, this patch also includes the source
code and the build script in tests/migration/aarch64. So users can change
the source and/or re-compile the binary as they wish.
Reviewed-by: NJuan Quintela <quintela@redhat.com>
Reviewed-by: NAndrew Jones <drjones@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: NWei Huang <wei@redhat.com>
Message-Id: <1538669326-28135-1-git-send-email-wei@redhat.com>
Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>

Miscellaneous patches for 2018-10-10

# gpg: Signature made Wed 10 Oct 2018 07:03:10 BST
# gpg:                using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-misc-2018-10-10:
  ivshmem: Fix unplug of device "ivshmem-plain"
  libqtest: Inline g_assert_no_errno()
  tests: Restore check-qdict unit test
  qapi/misc.json: Remove superfluous words in CpuModelExpansionType
  tests/check-qjson: fix a leak
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Commit 2aece63c "hostmem: detect host backend memory is being used
properly" fixed "ivshmem-plain" to reject memory backends that are
already in use, and to block their deletion while in use.  Two bugs
escaped review:

* New ivshmem_plain_exit() fails to call ivshmem_exit().  This breaks
  unplug.  Reproducer: migration after unplug still fails with
  "Migration is disabled when using feature 'peer mode' in device
  'ivshmem'".

* It failed to update legacy "ivshmem".  Harmless, because it creates
  the memory backend itself, and nothing else should use it.

Fix by moving the two host_memory_backend_set_mapped() calls into
ivshmem_common_realize() and ivshmem_exit(), guarded by s->hostmem.

Fixes: 2aece63cSigned-off-by: NMarkus Armbruster <armbru@redhat.com>
Message-Id: <20180926163709.22876-1-armbru@redhat.com>
Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>

Macro g_assert_no_errno() intrudes into GLib's namespace.  It's also
pretty pointless.  Inline.

At one call site, its redundancy is now obvious.  Delete it there.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Message-Id: <20180926122933.3858-1-armbru@redhat.com>
Reviewed-by: NLaurent Vivier <lvivier@redhat.com>
Reviewed-by: NThomas Huth <thuth@redhat.com>

Commit 0bcc8e5b accidentally dropped check-qdict from the list of
unit tests (again, see commit 4429532b).  Put it back, and fix up
the test.
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Message-Id: <20180926122309.30631-1-armbru@redhat.com>
Reviewed-by: NThomas Huth <thuth@redhat.com>

Remove repetition of 'independent of'.  While at it, s/QMU/QEMU in
@CpuDefinitionInfo.
Signed-off-by: NKashyap Chamarthy <kchamart@redhat.com>
Message-Id: <20181003104605.8477-1-kchamart@redhat.com>
Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
[Commit message updated as requested by Kashyap]
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

Spotted by ASAN:
=================================================================
==11893==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 1120 byte(s) in 28 object(s) allocated from:
    #0 0x7fd0515b0c48 in malloc (/lib64/libasan.so.5+0xeec48)
    #1 0x7fd050ffa3c5 in g_malloc (/lib64/libglib-2.0.so.0+0x523c5)
    #2 0x559e708b56a4 in qstring_from_str /home/elmarco/src/qq/qobject/qstring.c:66
    #3 0x559e708b4fe0 in qstring_new /home/elmarco/src/qq/qobject/qstring.c:23
    #4 0x559e708bda7d in parse_string /home/elmarco/src/qq/qobject/json-parser.c:143
    #5 0x559e708c1009 in parse_literal /home/elmarco/src/qq/qobject/json-parser.c:484
    #6 0x559e708c1627 in parse_value /home/elmarco/src/qq/qobject/json-parser.c:547
    #7 0x559e708c1c67 in json_parser_parse /home/elmarco/src/qq/qobject/json-parser.c:573
    #8 0x559e708bc0ff in json_message_process_token /home/elmarco/src/qq/qobject/json-streamer.c:92
    #9 0x559e708d1655 in json_lexer_feed_char /home/elmarco/src/qq/qobject/json-lexer.c:292
    #10 0x559e708d1fe1 in json_lexer_feed /home/elmarco/src/qq/qobject/json-lexer.c:339
    #11 0x559e708bc856 in json_message_parser_feed /home/elmarco/src/qq/qobject/json-streamer.c:121
    #12 0x559e708b8b4b in qobject_from_jsonv /home/elmarco/src/qq/qobject/qjson.c:69
    #13 0x559e708b8d02 in qobject_from_json /home/elmarco/src/qq/qobject/qjson.c:83
    #14 0x559e708a74ae in from_json_str /home/elmarco/src/qq/tests/check-qjson.c:30
    #15 0x559e708a9f83 in utf8_string /home/elmarco/src/qq/tests/check-qjson.c:781
    #16 0x7fd05101bc49 in test_case_run gtestutils.c:2255
    #17 0x7fd05101bc49 in g_test_run_suite_internal gtestutils.c:2339
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180901211917.10372-1-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

linux-user should always enable AFP, otherwise our emulated binary
might crash once it tries to make use of additional floating-point
registers or instructions.

Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Alex Bennée <alex.bennee@linaro.org>
Fixes: db050415 ("s390x/tcg: check for AFP-register, BFP and DFP data exceptions")
Reported-by: NAlex Bennée <alex.bennee@linaro.org>
Signed-off-by: NDavid Hildenbrand <david@redhat.com>
Reviewed-by: NThomas Huth <thuth@redhat.com>
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Reviewed-by: NAlex Bennée <alex.bennee@linaro.org>
Tested-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NCornelia Huck <cohuck@redhat.com>
Tested-by: NCornelia Huck <cohuck@redhat.com>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

target-arm queue:
 * target/arm: fix error in a code comment
 * virt: Suppress external aborts on virt-2.10 and earlier
 * target/arm: Correct condition for v8M callee stack push
 * target/arm: Don't read r4 from v8M exception stackframe twice
 * target/arm: Support SVE in system emulation mode
 * target/arm: Implement v8M hardware stack limit checking
 * hw/display/bcm2835_fb: Silence Coverity warning about multiply overflow

# gpg: Signature made Mon 08 Oct 2018 14:58:53 BST
# gpg:                using RSA key 3C2525ED14360CDE
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>"
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>"
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>"
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20181008: (33 commits)
  hw/display/bcm2835_fb: Silence Coverity warning about multiply overflow
  target/arm: Add v8M stack checks for MSR to SP_NS
  target/arm: Add v8M stack checks for VLDM/VSTM
  target/arm: Add v8M stack checks for Thumb push/pop
  target/arm: Add v8M stack checks for T32 load/store single
  target/arm: Add v8M stack checks for Thumb2 LDM/STM
  target/arm: Add v8M stack checks for LDRD/STRD (imm)
  target/arm: Add v8M stack limit checks on NS function calls
  target/arm: Add v8M stack checks on exception entry
  target/arm: Add some comments in Thumb decode
  target/arm: Add v8M stack checks on ADD/SUB/MOV of SP
  target/arm: Move v7m_using_psp() to internals.h
  target/arm: Define new EXCP type for v8M stack overflows
  target/arm: Define new TBFLAG for v8M stack checking
  target/arm: Pass TCGMemOpIdx to sve memory helpers
  target/arm: Rewrite vector gather first-fault loads
  target/arm: Rewrite vector gather stores
  target/arm: Rewrite vector gather loads
  target/arm: Split contiguous stores for endianness
  target/arm: Split contiguous loads for endianness
  ...
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Coverity complains (CID 1395628) that the multiply in the calculation
of the framebuffer base is performed as 32x32 but then used in a
context that takes a 64-bit hwaddr. This can't actually ever
overflow the 32-bit result, because of the constraints placed on
the s->config values in bcm2835_fb_validate_config(). But we
can placate Coverity anyway, by explicitly casting one of the
inputs to a hwaddr, so the whole expression is calculated with
64-bit arithmetic.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
Message-id: 20181005133012.26490-1-peter.maydell@linaro.org

Updating the NS stack pointer via MSR to SP_NS should include
a check whether the new SP value is below the stack limit.
No other kinds of update to the various stack pointer and
limit registers via MSR should perform a check.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Message-id: 20181002163556.10279-14-peter.maydell@linaro.org

Add the v8M stack checks for the VLDM/VSTM
(aka VPUSH/VPOP) instructions. This code is currently
unreachable because we haven't yet implemented M profile
floating point support, but since the change is simple,
we add it now because otherwise we're likely to forget to
do it later.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Message-id: 20181002163556.10279-13-peter.maydell@linaro.org

Add v8M stack checks for the 16-bit Thumb push/pop
encodings: STMDB, STMFD, LDM, LDMIA, LDMFD.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Message-id: 20181002163556.10279-12-peter.maydell@linaro.org

Add v8M stack checks for the instructions in the T32
"load/store single" encoding class: these are the
"immediate pre-indexed" and "immediate, post-indexed"
LDR and STR instructions.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Message-id: 20181002163556.10279-11-peter.maydell@linaro.org

Add the v8M stack checks for:
 * LDM (T2 encoding)
 * STM (T2 encoding)

This includes the 32-bit encodings of the instructions listed
in v8M ARM ARM rule R_YVWT as
 * LDM, LDMIA, LDMFD
 * LDMDB, LDMEA
 * POP (multiple registers)
 * PUSH (muliple registers)
 * STM, STMIA, STMEA
 * STMDB, STMFD

We perform the stack limit before doing any other part
of the load or store.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Message-id: 20181002163556.10279-10-peter.maydell@linaro.org

Add the v8M stack checks for:
 * LDRD (immediate)
 * STRD (immediate)

Loads and stores are more complicated than ADD/SUB/MOV, because we
must ensure that memory accesses below the stack limit are not
performed, so we can't simply do the check when we actually update
SP.

For these instructions, if the stack limit check triggers
we must not:
 * perform any memory access below the SP limit
 * update PC, SP or the load/store base register
but it is IMPDEF whether we:
 * perform any accesses above or equal to the SP limit
 * update destination registers for loads

For QEMU we choose to always check the limit before doing any other
part of the load or store, so we won't update any registers or
perform any memory accesses.

It is UNKNOWN whether the limit check triggers for a load or store
where the initial SP value is below the limit and one of the stores
would be below the limit, but the writeback moves SP to above the
limit.  For QEMU we choose to trigger the check in this situation.

Note that limit checks happen only for loads and stores which update
SP via writeback; they do not happen for loads and stores which
simply use SP as a base register.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Message-id: 20181002163556.10279-9-peter.maydell@linaro.org