Basic idea of this script is to check the git log for URLs
to the QEMU bugtracker at launchpad.net and to figure out
whether the related bug has been marked there as "Fix released"
(i.e. closed) already. So this script can e.g. be used after
each public release of QEMU to check whether there are any
bug tickets that could be moved from "Fix committed" (or another
state if the author of the patch forgot to update the bug ticket)
to "Fix released".
Signed-off-by: NThomas Huth <thuth@redhat.com>
Message-Id: <1474486942-18754-1-git-send-email-thuth@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Segfault happens when leaving qemu with msmouse backend:

 #0  0x00007fa8526ac975 in raise () at /lib64/libc.so.6
 #1  0x00007fa8526add8a in abort () at /lib64/libc.so.6
 #2  0x0000558be78846ab in error_exit (err=16, msg=0x558be799da10 ...
 #3  0x0000558be7884717 in qemu_mutex_destroy (mutex=0x558be93be750) at ...
 #4  0x0000558be7549951 in qemu_chr_free_common (chr=0x558be93be750) at ...
 #5  0x0000558be754999c in qemu_chr_free (chr=0x558be93be750) at ...
 #6  0x0000558be7549a20 in qemu_chr_delete (chr=0x558be93be750) at ...
 #7  0x0000558be754a8ef in qemu_chr_cleanup () at qemu-char.c:4643
 #8  0x0000558be755843e in main (argc=5, argv=0x7ffe925d7118, ...

The chr was freed by msmouse close callback before chardev cleanup,
Then qemu_mutex_destroy triggered raise().

Because freeing chr is handled by qemu_chr_free_common, Remove the free from
msmouse_chr_close to avoid double free.

Fixes: c1111a24
Cc: qemu-stable@nongnu.org
Signed-off-by: NLin Ma <lma@suse.com>
Message-Id: <20160915143158.4796-1-lma@suse.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

When qemu uses iscsi devices in sg mode, iscsilun->block_size
is left at 0.  Prior to commits cf081fca and similar, when
block limits were tracked in sectors, this did not matter:
various block limits were just left at 0.  But when we started
scaling by block size, this caused SIGFPE.

Then, in a later patch, commit a5b8dd2c added an assertion to
bdrv_open_common() that request_alignment is always non-zero;
which was not true for SG mode.  Rather than relax that assertion,
we can just provide a sane value (we don't know of any SG device
with a block size smaller than qemu's default sizing of 512 bytes).

One possible solution for SG mode is to just blindly skip ALL
of iscsi_refresh_limits(), since we already short circuit so
many other things in sg mode.  But this patch takes a slightly
more conservative approach, and merely guarantees that scaling
will succeed, while still using multiples of the original size
where possible.  Resulting limits may still be zero in SG mode
(that is, we mostly only fix block_size used as a denominator
or which affect assertions, not all uses).
Reported-by: NHolger Schranz <holger@fam-schranz.de>
Signed-off-by: NEric Blake <eblake@redhat.com>
CC: qemu-stable@nongnu.org

Message-Id: <1473283640-15756-1-git-send-email-eblake@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

The parsing of KVM_SET_LAPIC's input depends on the current value of the
APIC base MSR---which indeed is stored in APICCommonState---but for historical
reasons APIC base is set through KVM_SET_SREGS together with cr8 (which is
really just the APIC TPR) and the actual "special CPU registers".

APIC base must now be set before the actual LAPIC registers, so do that
in kvm_apic_put.  It will be set again to the same value with KVM_SET_SREGS,
but that's not a big issue.

This only happens since Linux 4.8, which checks for x2apic mode in
KVM_SET_LAPIC.  However it's really a QEMU bug; until the recent
commit 78d6a05d ("x86/lapic: Load LAPIC state at post_load", 2016-09-13)
QEMU was indeed setting APIC base (via KVM_SET_SREGS) before the other
LAPIC registers.
Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Avoid further code duplication in the next patch.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Since bd6092e4 Replace qmp-commands.hx by docs/qmp-commands.txt
make install fails if building out of source-tree.

Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>
Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Message-id: 1474362094-2293-1-git-send-email-riku.voipio@linaro.org
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

x86 queue, 2016-09-19

# gpg: Signature made Mon 19 Sep 2016 19:38:05 BST
# gpg:                using RSA key 0x2807936F984DC5A6
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>"
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-pull-request:
  linux-user-i386: Fix crash on cpuid
  kvm/apic: drop debugging
  target-i386: Use struct X86XSaveArea in fpu_helper.c
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Running cpuid instructions with a simple run like:
i386-linux-user/qemu-i386 tests/tcg/sha1-i386

Results in the following assert:
 #0  0x00007ffff64246f5 in raise () from /lib64/libc.so.6
 #1  0x00007ffff64262fa in abort () from /lib64/libc.so.6
 #2  0x00007ffff7937ec5 in g_assertion_message () from /lib64/libglib-2.0.so.0
 #3  0x00007ffff7937f5a in g_assertion_message_expr () from /lib64/libglib-2.0.so.0
 #4  0x000055555561b54c in apicid_bitwidth_for_count (count=0) at /home/elmarco/src/qemu/include/hw/i386/topology.h:58
 #5  0x000055555561b58a in apicid_smt_width (nr_cores=0, nr_threads=0) at /home/elmarco/src/qemu/include/hw/i386/topology.h:67
 #6  0x000055555561b5c3 in apicid_core_offset (nr_cores=0, nr_threads=0) at /home/elmarco/src/qemu/include/hw/i386/topology.h:82
 #7  0x000055555561b5e3 in apicid_pkg_offset (nr_cores=0, nr_threads=0) at /home/elmarco/src/qemu/include/hw/i386/topology.h:89
 #8  0x000055555561dd86 in cpu_x86_cpuid (env=0x555557999550, index=4, count=3, eax=0x7fffffffcae8, ebx=0x7fffffffcaec, ecx=0x7fffffffcaf0, edx=0x7fffffffcaf4) at /home/elmarco/src/qemu/target-i386/cpu.c:2405
 #9  0x0000555555638e8e in helper_cpuid (env=0x555557999550) at /home/elmarco/src/qemu/target-i386/misc_helper.c:106
 #10 0x000055555599dc5e in static_code_gen_buffer ()
 #11 0x00005555555952f8 in cpu_tb_exec (cpu=0x5555579912d0, itb=0x7ffff4371ab0) at /home/elmarco/src/qemu/cpu-exec.c:166
 #12 0x0000555555595c8e in cpu_loop_exec_tb (cpu=0x5555579912d0, tb=0x7ffff4371ab0, last_tb=0x7fffffffd088, tb_exit=0x7fffffffd084, sc=0x7fffffffd0a0) at /home/elmarco/src/qemu/cpu-exec.c:517
 #13 0x0000555555595e50 in cpu_exec (cpu=0x5555579912d0) at /home/elmarco/src/qemu/cpu-exec.c:612
 #14 0x00005555555c065b in cpu_loop (env=0x555557999550) at /home/elmarco/src/qemu/linux-user/main.c:297
 #15 0x00005555555c25b2 in main (argc=2, argv=0x7fffffffd848, envp=0x7fffffffd860) at /home/elmarco/src/qemu/linux-user/main.c:4803

The fields are set in qemu_init_vcpu() with softmmu, but it's a stub
with linux-user.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>

commit 78d6a05d
    ("x86/lapic: Load LAPIC state at post_load")
has some debugging leftovers.

Drop them.

Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>

This avoids a double hand-full of magic numbers in the
xsave and xrstor helper functions.
Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>

QAPI patches for 2016-09-19

# gpg: Signature made Mon 19 Sep 2016 17:27:42 BST
# gpg:                using RSA key 0x3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2016-09-19:
  Replace qmp-commands.hx by docs/qmp-commands.txt
  qmp-commands.hx: fix some styling
  build-sys: remove qmp-commands-old.h
  monitor: use qmp_dispatch()
  tests: add a test to check invalid args
  qapi: check invalid arguments on no-args commands
  qapi: remove the "middle" mode
  monitor: remove mhandler.cmd_new
  monitor: implement 'qmp_query_commands' without qmp_cmds
  monitor: use qmp_find_command() (using generated qapi code)
  qapi: export the marshallers
  qmp: Hack to keep commands configuration-specific
  qapi: Support unregistering QMP commands
  monitor: register gen:false commands manually
  monitor: simplify invalid_qmp_mode()
  qapi-schema: add 'device_add'
  qapi-schema: use generated marshaller for 'qmp_capabilities'
  build-sys: define QEMU_VERSION_{MAJOR, MINOR, MICRO}
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

The only remaining function of qmp-commands.hx is to let us generate
qmp-commands.txt from it.  Replace qmp-commands.hx by qmp-commands.txt.

We intend to move the documentation into the QAPI schema and generate
qapi-commands.txt from it, but not right now.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20160912091913.15831-19-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

Merge qcrypto 2016/09/19 v2

# gpg: Signature made Mon 19 Sep 2016 16:30:52 BST
# gpg:                using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/pull-qcrypto-2016-09-19-2:
  crypto: add trace points for TLS cert verification
  crypto: support more hash algorithms for pbkdf
  crypto: increase default pbkdf2 time for luks to 2 seconds
  crypto: remove bogus /= 2 for pbkdf iterations
  crypto: use correct derived key size when timing pbkdf
  crypto: clear out buffer after timing pbkdf algorithm
  crypto: make PBKDF iterations configurable for LUKS format
  crypto: use uint64_t for pbkdf iteration count parameters
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Add some missing lines, remove superflous @ in command name, remove
trailing spaces.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20160912091913.15831-18-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Message-Id: <20160912091913.15831-17-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

Replace the old manual dispatch and validation code by the generic one
provided by qapi common code.

Note that it is now possible to call the following commands that used to
be disabled by compile-time conditionals:
- dump-skeys
- query-spice
- rtc-reset-reinjection
- query-gic-capabilities

Their fallback functions return an appropriate "feature disabled" error.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20160912091913.15831-16-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

Check that invalid args on commands without arguments returns an error.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20160912091913.15831-15-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

The generated marshal functions do not visit arguments from commands
that take no arguments. Thus they fail to catch invalid
members. Visit the arguments, if provided, to throw an error in case of
invalid members.

Currently, qmp_check_client_args() checks for invalid arguments and
correctly catches this case. When switching to qmp_dispatch() we want to
keep that behaviour. The commands using 'O' may have arbitrary
arguments, and must have 'gen': false in the qapi schema to skip the
generated checks.

Old/new diff:
 void qmp_marshal_stop(QDict *args, QObject **ret, Error **errp)
 {
     Error *err = NULL;
+    Visitor *v = NULL;

-    (void)args;
+    if (args) {
+        v = qmp_input_visitor_new(QOBJECT(args), true);
+        visit_start_struct(v, NULL, NULL, 0, &err);
+        if (err) {
+            goto out;
+        }
+
+        if (!err) {
+            visit_check_struct(v, &err);
+        }
+        visit_end_struct(v, NULL);
+        if (err) {
+            goto out;
+        }
+    }

     qmp_stop(&err);
+
+out:
     error_propagate(errp, err);
+    visit_free(v);
+    if (args) {
+        v = qapi_dealloc_visitor_new();
+        visit_start_struct(v, NULL, NULL, 0, NULL);
+
+        visit_end_struct(v, NULL);
+        visit_free(v);
+    }
 }

The new code closely resembles code for a command with arguments.
Differences:
- the visit of the argument and its cleanup struct don't visit any
  members (because there are none).
- the visit of the argument struct and its cleanup are conditional.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20160912091913.15831-14-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

Now that the register function is always generated, we can
remove the so-called "middle" mode from the generator script.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20160912091913.15831-13-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

This is no longer necessary now that we aren't using middle mode
anymore.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Message-Id: <20160912091913.15831-12-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

One step towards getting rid of the static qmp_cmds table.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Message-Id: <20160912091913.15831-11-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

Stop using the so-called 'middle' mode. Instead, use qmp_find_command()
from generated qapi commands registry. Update and fix the documentation
too.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20160912091913.15831-10-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

Make it possible to call marshallers manually, without going through
qmp_dispatch(). (this is currently only possible in middle-mode, but
it's also useful in general)
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20160912091913.15831-9-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

We currently define QMP commands in two places: the QAPI schema and
qmp-commands.hx.  The latter is preprocessed, the former is not.  We
use the preprocessor to suppress configuration-specific commands.  For
instance, query-spice is only available #ifdef CONFIG_SPICE.

QMP command dispatch and query-commands use the qmp-commands.hx
definition, and thus obey the #ifdeffery there.  Good, because it lets
QMP clients probe for available features more easily.

query-qmp-schema uses the QAPI schema, and thus lists the
configuration-specific commands even when they're unavailable.  Not so
good.

We're about to flip command dispatch and query-commands to the
non-middle-mode command registry, which uses the QAPI schema, so we
can ditch qmp-commands.hx.  To avoid regressing query-commands,
arrange for commands that are suppressed with the preprocessor now to
be unregistered with that registry.  This will keep them unavailable
and out of query-commands when we flip command dispatch and
query-commands to that registry, exactly as before.

This is a hack.  The proper solution is to support
configuration-specific commands in the QAPI schema.  Mark it FIXME.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Message-Id: <20160912091913.15831-8-marcandre.lureau@redhat.com>

Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20160912091913.15831-7-marcandre.lureau@redhat.com>

Since a few commands are using 'gen': false, they are not registered
automatically by the generator. Register manually instead.

This is in preparation for removal of qapi 'middle' mode generation.

Note that qmp_init_marshal() function isn't run yet, so the commands
aren't actually registered, until module_call_init(MODULE_INIT_QAPI) is
added in a later patch.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Message-Id: <20160912091913.15831-6-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

handle_qmp_command() will switch to use qmp_dispatch().  It won't have a
pointer to the marshaller function anymore, but only the name of the
command to invoke. Simplify invalid_qmp_mode() so it can just be called
with the command name.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Message-Id: <20160912091913.15831-5-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

Even though device_add is not fully qapi'fied, we may add it to the json
schema with 'gen': false, so registration and documentation can be
generated.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Message-Id: <20160912091913.15831-4-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

qapi'fy the 'qmp_capabilities' command, makes the command visible in
query-qmp-schema.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NEric Blake <eblake@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Message-Id: <20160912091913.15831-3-marcandre.lureau@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

There are better chances to find what went wrong at build time than a
later assert in qmp_query_version
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20160912091913.15831-2-marcandre.lureau@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>

It is very useful to know about TLS cert verification
status when debugging, so add a trace point for it.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Currently pbkdf is only supported with SHA1 and SHA256. Expand
this to support all algorithms known to QEMU.
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

cryptsetup recently increased the default pbkdf2 time to 2 seconds
to partially mitigate improvements in hardware performance wrt
brute-forcing the pbkdf algorithm. This updates QEMU defaults to
match.
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

When calculating iterations for pbkdf of the key slot
data, we had a /= 2, which was copied from identical
code in cryptsetup. It was always unclear & undocumented
why cryptsetup had this division and it was recently
removed there, too.
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Currently when timing the pbkdf algorithm a fixed key
size of 32 bytes is used. This results in inaccurate
timings for certain hashes depending on their digest
size. For example when using sha1 with aes-256, this
causes us to measure time for the master key digest
doing 2 sha1 operations per iteration, instead of 1.

Instead we should pass in the desired key size to the
timing routine that matches the key size that will be
used for real later.
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The 'out' buffer will hold a key derived from master
password, so it is best practice to clear this buffer
when no longer required.

At this time, the code isn't worrying about locking
buffers into RAM to prevent swapping sensitive data
to disk.
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

As protection against bruteforcing passphrases, the PBKDF
algorithm is tuned by counting the number of iterations
needed to produce 1 second of running time. If the machine
that the image will be used on is much faster than the
machine where the image is created, it can be desirable
to raise the number of iterations. This change adds a new
'iter-time' property that allows the user to choose the
iteration wallclock time.
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The qcrypto_pbkdf_count_iters method uses a 64 bit int
but then checks its value against INT32_MAX before
returning it. This bounds check is premature, because
the calling code may well scale the iteration count
by some value. It is thus better to return a 64-bit
integer and let the caller do range checking.

For consistency the qcrypto_pbkdf method is also changed
to accept a 64bit int, though this is somewhat academic
since nettle is limited to taking an 'int' while gcrypt
is limited to taking a 'long int'.
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

This pull request contains:
- a fix for a regression introduced in 2.7
- basic functional testing for virtio-9p
- some code cleanups for 9pfs

# gpg: Signature made Mon 19 Sep 2016 10:40:17 BST
# gpg:                using DSA key 0x02FC3AEB0101DBC2
# gpg: Good signature from "Greg Kurz <groug@kaod.org>"
# gpg:                 aka "Greg Kurz <groug@free.fr>"
# gpg:                 aka "Greg Kurz <gkurz@fr.ibm.com>"
# gpg:                 aka "Greg Kurz <gkurz@linux.vnet.ibm.com>"
# gpg:                 aka "Gregory Kurz (Groug) <groug@free.fr>"
# gpg:                 aka "Gregory Kurz (Cimai Technology) <gkurz@cimai.com>"
# gpg:                 aka "Gregory Kurz (Meiosys Technology) <gkurz@meiosys.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 2BD4 3B44 535E C0A7 9894  DBA2 02FC 3AEB 0101 DBC2

* remotes/gkurz/tags/for-upstream:
  9pfs: fix potential segfault during walk
  tests: virtio-9p: add basic configuration test
  tests: virtio-9p: introduce start/stop functions
  9pfs: introduce v9fs_path_sprintf() helper
  9pfs: drop useless v9fs_string_null() function
  9pfs: drop duplicate line in proxy backend
  9pfs: drop unused fmt strings in the proxy backend
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Couple of s390x patches:
- fixup for the cpu model patches
- support for virtio 1.1 READ_STATUS command
- update MAINTAINERS file pattern

# gpg: Signature made Mon 19 Sep 2016 10:11:06 BST
# gpg:                using RSA key 0xDECF6B93C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20160919:
  QMP: fixup typos and whitespace damage
  virtio-ccw: set revision 2 as maximal revision number
  virtio-ccw: respond to READ_STATUS command
  MAINTAINERS: update s390 machine file patterns
  s390x/kvm: disable cpu model for the 2.7 machine
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>