qemu-binfmt-conf.sh: allow overriding SUSE-specific argv[0] handling

Git-commit: 0000000000000000000000000000000000000000
References: bsc#1186256

Since abbc0ce ("qemu-binfmt-conf: use qemu-ARCH-binfmt"),
qemu-binfmt-conf.sh automatically replaces the default qemu binfmt wrapper
qemu-$ARCH with qemu-$ARCH-binfmt in order to ensure that argv[0] is
preserved; qemu-$ARCH-binfmt is a link to qemu-binfmt, which is just a
simple wrapper that mangles argv to achieve the desired result.

This is inconvenient in some situations. In particular for running
foreign-arch containers, it's useful to use the binfmt_misc "F" ("fix
binary") flag to pre-load the qemu wrapper in the kernel. That way,
foreign-arch containers can be run just like native containers, without
having to bind-mount interpreters into the container. But that's impossible
with the SUSE binfmt wrapper that needs to exec() a different (native)
executable.

As the qemu-binfmt-conf script supports the --qemu-suffix option anyway,
use it to set the "-binfmt" suffix, thus allowing admins to override the
SUSE default with the option "--qemu-suffix ''".

Signed-off-by: Martin Wilck <mwilck@suse.com>
Acked-by: Jose R Ziviani <jose.ziviani@suse.com>
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>

Makefile

@@ -87,7 +87,7 @@ x := $(shell rm -rf meson-private meson-info meson-logs)
 endif
 
 # 1. ensure config-host.mak is up-to-date
-config-host.mak: $(SRC_PATH)/configure $(SRC_PATH)/scripts/meson-buildoptions.sh $(SRC_PATH)/pc-bios $(SRC_PATH)/VERSION
+config-host.mak: $(SRC_PATH)/configure $(SRC_PATH)/scripts/meson-buildoptions.sh $(SRC_PATH)/VERSION
 	@echo config-host.mak is out-of-date, running configure
 	@if test -f meson-private/coredata.dat; then \
 	  ./config.status --skip-meson; \

block.c

@@ -5337,7 +5337,7 @@ int coroutine_fn bdrv_co_check(BlockDriverState *bs,
  * -ENOTSUP - format driver doesn't support changing the backing file
  */
 int bdrv_change_backing_file(BlockDriverState *bs, const char *backing_file,
-                             const char *backing_fmt, bool require)
+                             const char *backing_fmt, bool warn)
 {
     BlockDriver *drv = bs->drv;
     int ret;
@@ -5351,8 +5351,10 @@ int bdrv_change_backing_file(BlockDriverState *bs, const char *backing_file,
         return -EINVAL;
     }
 
-    if (require && backing_file && !backing_fmt) {
-        return -EINVAL;
+    if (warn && backing_file && !backing_fmt) {
+        warn_report("Deprecated use of backing file without explicit "
+                    "backing format, use of this image requires "
+                    "potentially unsafe format probing");
     }
 
     if (drv->bdrv_change_backing_file != NULL) {
@@ -6873,11 +6875,24 @@ void bdrv_img_create(const char *filename, const char *fmt,
             goto out;
         } else {
             if (!backing_fmt) {
-                error_setg(&local_err,
-                           "Backing file specified without backing format");
-                error_append_hint(&local_err, "Detected format of %s.",
-                                  bs->drv->format_name);
-                goto out;
+                warn_report("Deprecated use of backing file without explicit "
+                            "backing format (detected format of %s)",
+                            bs->drv->format_name);
+                if (bs->drv != &bdrv_raw) {
+                    /*
+                     * A probe of raw deserves the most attention:
+                     * leaving the backing format out of the image
+                     * will ensure bs->probed is set (ensuring we
+                     * don't accidentally commit into the backing
+                     * file), and allow more spots to warn the users
+                     * to fix their toolchain when opening this image
+                     * later.  For other images, we can safely record
+                     * the format that we probed.
+                     */
+                    backing_fmt = bs->drv->format_name;
+                    qemu_opt_set(opts, BLOCK_OPT_BACKING_FMT, backing_fmt,
+                                 NULL);
+                }
             }
             if (size == -1) {
                 /* Opened BS, have no size */
@@ -6894,9 +6909,9 @@ void bdrv_img_create(const char *filename, const char *fmt,
         }
         /* (backing_file && !(flags & BDRV_O_NO_BACKING)) */
     } else if (backing_file && !backing_fmt) {
-        error_setg(&local_err,
-                   "Backing file specified without backing format");
-        goto out;
+        warn_report("Deprecated use of unopened backing file without "
+                    "explicit backing format, use of this image requires "
+                    "potentially unsafe format probing");
     }
 
     if (size == -1) {

chardev/char-fe.c

@@ -21,6 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+#define HW_POISON_H /* avoid poison since we patch against rules it "enforces" */
 #include "qemu/osdep.h"
 #include "qemu/error-report.h"
 #include "qapi/error.h"

chardev/char-mux.c

@@ -22,6 +22,7 @@
  * THE SOFTWARE.
  */
 
+#define HW_POISON_H /* avoid poison since we patch against rules it "enforces" */
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qemu/module.h"
@@ -198,6 +199,17 @@ static void mux_chr_accept_input(Chardev *chr)
         be->chr_read(be->opaque,
                      &d->buffer[m][d->cons[m]++ & MUX_BUFFER_MASK], 1);
     }
+
+#if defined(TARGET_S390X)
+    /*
+     * We're still not able to sync producer and consumer, so let's wait a bit
+     *  and try again by then.
+     */
+    if (d->prod[m] != d->cons[m]) {
+        qemu_mod_timer(d->accept_timer, qemu_get_clock_ns(vm_clock)
+                                        + (int64_t)100000);
+    }
+#endif
 }
 
 static int mux_chr_can_read(void *opaque)
@@ -332,6 +344,10 @@ static void qemu_chr_open_mux(Chardev *chr,
     }
 
     d->focus = -1;
+#if defined(TARGET_S390X)
+    d->accept_timer = qemu_new_timer_ns(vm_clock,
+                                     (QEMUTimerCB *)mux_chr_accept_input, chr);
+#endif
     /* only default to opened state if we've realized the initial
      * set of muxes
      */

chardev/char.c

@@ -22,6 +22,7 @@
  * THE SOFTWARE.
  */
 
+#define HW_POISON_H /* avoid poison since we patch against rules it "enforces" */
 #include "qemu/osdep.h"
 #include "qemu/cutils.h"
 #include "monitor/monitor.h"

chardev/chardev-internal.h

@@ -36,6 +36,9 @@ struct MuxChardev {
     Chardev parent;
     CharBackend *backends[MAX_MUX];
     CharBackend chr;
+#if defined(TARGET_S390X)
+    QEMUTimer *accept_timer;
+#endif
     int focus;
     int mux_cnt;
     int term_got_escape;

configure

@@ -3352,7 +3352,7 @@ fi
 
 # Only build s390-ccw bios if we're on s390x and the compiler has -march=z900
 # or -march=z10 (which is the lowest architecture level that Clang supports)
-if test "$cpu" = "s390x" ; then
+if test "$cpu" = "s390x" && test "$softmmu" = yes ; then
   write_c_skeleton
   compile_prog "-march=z900" ""
   has_z900=$?
@@ -3488,7 +3488,7 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak
 if test "$modules" = "yes"; then
   # $shacmd can generate a hash started with digit, which the compiler doesn't
   # like as an symbol. So prefix it with an underscore
-  echo "CONFIG_STAMP=_$( (echo $qemu_version; echo $pkgversion; cat $0) | $shacmd - | cut -f1 -d\ )" >> $config_host_mak
+  echo "CONFIG_STAMP=_$( (echo $qemu_version; cat $0) | $shacmd - | cut -f1 -d\ )" >> $config_host_mak
   echo "CONFIG_MODULES=y" >> $config_host_mak
 fi
 if test "$module_upgrades" = "yes"; then

contrib/ivshmem-client/meson.build

@@ -1,4 +1,4 @@
 executable('ivshmem-client', files('ivshmem-client.c', 'main.c'),
            dependencies: glib,
            build_by_default: targetos == 'linux',
-           install: false)
+           install: true)

contrib/ivshmem-server/meson.build

@@ -1,4 +1,4 @@
 executable('ivshmem-server', files('ivshmem-server.c', 'main.c'),
            dependencies: [qemuutil, rt],
            build_by_default: targetos == 'linux',
-           install: false)
+           install: true)

docs/about/deprecated.rst

@@ -401,6 +401,29 @@ The ``I7200`` guest CPU relies on the nanoMIPS ISA, which is deprecated
 (the ISA has never been upstreamed to a compiler toolchain). Therefore
 this CPU is also deprecated.
 
+Related binaries
+----------------
+
+qemu-img backing file without format (since 5.1)
+''''''''''''''''''''''''''''''''''''''''''''''''
+
+The use of ``qemu-img create``, ``qemu-img rebase``, or ``qemu-img
+convert`` to create or modify an image that depends on a backing file
+now recommends that an explicit backing format be provided.  This is
+for safety: if QEMU probes a different format than what you thought,
+the data presented to the guest will be corrupt; similarly, presenting
+a raw image to a guest allows a potential security exploit if a future
+probe sees a non-raw image based on guest writes.
+
+To avoid the warning message, or even future refusal to create an
+unsafe image, you must pass ``-o backing_fmt=`` (or the shorthand
+``-F`` during create) to specify the intended backing format.  You may
+use ``qemu-img rebase -u`` to retroactively add a backing format to an
+existing image.  However, be aware that there are already potential
+security risks to blindly using ``qemu-img info`` to probe the format
+of an untrusted backing image, when deciding what format to add into
+an existing image.
+
 Backwards compatibility
 -----------------------
 

docs/about/removed-features.rst

@@ -670,25 +670,6 @@ backing chain should be performed with ``qemu-img rebase -u`` either
 before or after the remaining changes being performed by amend, as
 appropriate.
 
-``qemu-img`` backing file without format (removed in 6.1)
-'''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-
-The use of ``qemu-img create``, ``qemu-img rebase``, or ``qemu-img
-convert`` to create or modify an image that depends on a backing file
-now requires that an explicit backing format be provided.  This is
-for safety: if QEMU probes a different format than what you thought,
-the data presented to the guest will be corrupt; similarly, presenting
-a raw image to a guest allows a potential security exploit if a future
-probe sees a non-raw image based on guest writes.
-
-To avoid creating unsafe backing chains, you must pass ``-o
-backing_fmt=`` (or the shorthand ``-F`` during create) to specify the
-intended backing format.  You may use ``qemu-img rebase -u`` to
-retroactively add a backing format to an existing image.  However, be
-aware that there are already potential security risks to blindly using
-``qemu-img info`` to probe the format of an untrusted backing image,
-when deciding what format to add into an existing image.
-
 Block devices
 -------------
 

docs/index.rst

@@ -11,6 +11,7 @@ Welcome to QEMU's documentation!
    :maxdepth: 2
    :caption: Contents:
 
+   supported.rst
    about/index
    system/index
    user/index

hw/acpi/piix4.c

@@ -278,7 +278,7 @@ static bool piix4_vmstate_need_smbus(void *opaque, int version_id)
 static const VMStateDescription vmstate_acpi = {
     .name = "piix4_pm",
     .version_id = 3,
-    .minimum_version_id = 3,
+    .minimum_version_id = 2, /* qemu-kvm */
     .post_load = vmstate_acpi_post_load,
     .fields = (VMStateField[]) {
         VMSTATE_PCI_DEVICE(parent_obj, PIIX4PMState),

hw/block/xen-block.c

@@ -271,6 +271,9 @@ static void xen_block_realize(XenDevice *xendev, Error **errp)
 
     xen_block_set_size(blockdev);
 
+    if (!monitor_add_blk(conf->blk, blockdev->drive->id, errp)) {
+        return;
+    }
     blockdev->dataplane =
         xen_block_dataplane_create(xendev, blk, conf->logical_block_size,
                                    blockdev->props.iothread);
@@ -723,6 +726,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
     const char *mode = qdict_get_try_str(opts, "mode");
     const char *direct_io_safe = qdict_get_try_str(opts, "direct-io-safe");
     const char *discard_enable = qdict_get_try_str(opts, "discard-enable");
+    const char *suse_diskcache_disable_flush = qdict_get_try_str(opts,
+                                               "suse-diskcache-disable-flush");
     char *driver = NULL;
     char *filename = NULL;
     XenBlockDrive *drive = NULL;
@@ -803,6 +808,16 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
         }
     }
 
+    if (suse_diskcache_disable_flush) {
+        unsigned long value;
+        if (!qemu_strtoul(suse_diskcache_disable_flush, NULL, 2, &value) && !!value) {
+            QDict *cache_qdict = qdict_new();
+
+            qdict_put_bool(cache_qdict, "no-flush", true);
+            qdict_put_obj(file_layer, "cache", QOBJECT(cache_qdict));
+        }
+    }
+
     /*
      * It is necessary to turn file locking off as an emulated device
      * may have already opened the same image file.

hw/intc/exynos4210_gic.c

@@ -291,8 +291,8 @@ static void exynos4210_gic_realize(DeviceState *dev, Error **errp)
     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
     const char cpu_prefix[] = "exynos4210-gic-alias_cpu";
     const char dist_prefix[] = "exynos4210-gic-alias_dist";
-    char cpu_alias_name[sizeof(cpu_prefix) + 3];
-    char dist_alias_name[sizeof(cpu_prefix) + 3];
+    char cpu_alias_name[sizeof(cpu_prefix) + 7];
+    char dist_alias_name[sizeof(cpu_prefix) + 8];
     SysBusDevice *gicbusdev;
     uint32_t n = s->num_cpu;
     uint32_t i;

hw/smbios/smbios.c

@@ -1138,6 +1138,7 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
         struct smbios_structure_header *header;
         int size;
         struct smbios_table *table; /* legacy mode only */
+        uint8_t *dbl_nulls, *orig_end;
 
         if (!qemu_opts_validate(opts, qemu_smbios_file_opts, errp)) {
             return;
@@ -1150,11 +1151,21 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
         }
 
         /*
-         * NOTE: standard double '\0' terminator expected, per smbios spec.
-         * (except in legacy mode, where the second '\0' is implicit and
-         *  will be inserted by the BIOS).
+         * NOTE: standard double '\0' terminator expected, per smbios spec,
+         * unless the data is formatted for legacy mode, which is used by
+         * pc-i440fx-2.0 and earlier machine types. Legacy mode structures
+         * without strings have no '\0' terminators, and those with strings
+         * also don't have an additional '\0' terminator at the end of the
+         * final string '\0' terminator. The BIOS will add the '\0' terminators
+         * to comply with the smbios spec.
+         * For greater compatibility, regardless of the machine type used,
+         * either format is accepted.
          */
-        smbios_tables = g_realloc(smbios_tables, smbios_tables_len + size);
+        smbios_tables = g_realloc(smbios_tables, smbios_tables_len + size + 2);
+        orig_end = smbios_tables + smbios_tables_len + size;
+        /* add extra null bytes to end in case of legacy file data */
+        *orig_end = '\0';
+        *(orig_end + 1) = '\0';
         header = (struct smbios_structure_header *)(smbios_tables +
                                                     smbios_tables_len);
 
@@ -1169,6 +1180,19 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
                        header->type);
             return;
         }
+        for (dbl_nulls = smbios_tables + smbios_tables_len + header->length;
+             dbl_nulls + 2 <= orig_end; dbl_nulls++) {
+            if (*dbl_nulls == '\0' && *(dbl_nulls + 1) == '\0') {
+                break;
+            }
+        }
+        if (dbl_nulls + 2  < orig_end) {
+            error_setg(errp, "SMBIOS file data malformed");
+            return;
+        }
+        /* increase size by how many extra nulls were actually needed */
+        size += dbl_nulls + 2 - orig_end;
+        smbios_tables = g_realloc(smbios_tables, smbios_tables_len + size);
         set_bit(header->type, have_binfile_bitmap);
 
         if (header->type == 4) {
@@ -1189,6 +1213,17 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
          *       delete the one we don't need from smbios_set_defaults(),
          *       once we know which machine version has been requested.
          */
+        if (dbl_nulls + 2 == orig_end) {
+            /* chop off nulls to get legacy format */
+            if (header->length + 2 == size) {
+                size -= 2;
+            } else {
+                size -= 1;
+            }
+        } else {
+            /* undo conversion from legacy format to per-spec format */
+            size -= dbl_nulls + 2 - orig_end;
+        }
         if (!smbios_entries) {
             smbios_entries_len = sizeof(uint16_t);
             smbios_entries = g_malloc0(smbios_entries_len);

hw/timer/i8254_common.c

@@ -224,6 +224,12 @@ static int pit_dispatch_post_load(void *opaque, int version_id)
     return 0;
 }
 
+static bool is_qemu_kvm(void *opaque, int version_id)
+{
+    /* HACK: We ignore incoming migration from upstream qemu */
+    return version_id < 3;
+}
+
 static const VMStateDescription vmstate_pit_common = {
     .name = "i8254",
     .version_id = 3,
@@ -231,6 +237,7 @@ static const VMStateDescription vmstate_pit_common = {
     .pre_save = pit_dispatch_pre_save,
     .post_load = pit_dispatch_post_load,
     .fields = (VMStateField[]) {
+        VMSTATE_UNUSED_TEST(is_qemu_kvm, 4),
         VMSTATE_UINT32_V(channels[0].irq_disabled, PITCommonState, 3),
         VMSTATE_STRUCT_ARRAY(channels, PITCommonState, 3, 2,
                              vmstate_pit_channel, PITChannelState),

hw/usb/hcd-xhci.c

@@ -3310,7 +3310,7 @@ static void usb_xhci_init(XHCIState *xhci)
                 USB_SPEED_MASK_FULL |
                 USB_SPEED_MASK_HIGH;
             assert(i < XHCI_MAXPORTS);
-            snprintf(port->name, sizeof(port->name), "usb2 port #%d", i+1);
+            snprintf(port->name, sizeof(port->name), "usb2 port #%d", i+1 < XHCI_MAXPORTS ? i+1 : 0);
             speedmask |= port->speedmask;
         }
         if (i < xhci->numports_3) {
@@ -3324,7 +3324,7 @@ static void usb_xhci_init(XHCIState *xhci)
             port->uport = &xhci->uports[i];
             port->speedmask = USB_SPEED_MASK_SUPER;
             assert(i < XHCI_MAXPORTS);
-            snprintf(port->name, sizeof(port->name), "usb3 port #%d", i+1);
+            snprintf(port->name, sizeof(port->name), "usb3 port #%d", i+1 < XHCI_MAXPORTS ? i+1 : 0);
             speedmask |= port->speedmask;
         }
         usb_register_port(&xhci->bus, &xhci->uports[i], xhci, i,

include/qemu/module.h

@@ -73,6 +73,7 @@ bool module_load_one(const char *prefix, const char *lib_name, bool mayfail);
 void module_load_qom_one(const char *type);
 void module_load_qom_all(void);
 void module_allow_arch(const char *arch);
+bool s390x_blocklist(const char *name);
 
 /**
  * DOC: module info annotation macros

include/qemu/qht.h

@@ -104,7 +104,7 @@ bool qht_insert(struct qht *ht, void *p, uint32_t hash, void **existing);
  * Returns the corresponding pointer when a match is found.
  * Returns NULL otherwise.
  */
-void *qht_lookup_custom(const struct qht *ht, const void *userp, uint32_t hash,
+void *qht_lookup_custom(struct qht *ht, const void *userp, uint32_t hash,
                         qht_lookup_func_t func);
 
 /**
@@ -115,7 +115,7 @@ void *qht_lookup_custom(const struct qht *ht, const void *userp, uint32_t hash,
  *
  * Calls qht_lookup_custom() using @ht's default comparison function.
  */
-void *qht_lookup(const struct qht *ht, const void *userp, uint32_t hash);
+void *qht_lookup(struct qht *ht, const void *userp, uint32_t hash);
 
 /**
  * qht_remove - remove a pointer from the hash table
@@ -211,7 +211,7 @@ void qht_iter_remove(struct qht *ht, qht_iter_bool_func_t func, void *userp);
  * When done with @stats, pass the struct to qht_statistics_destroy().
  * Failing to do this will leak memory.
  */
-void qht_statistics_init(const struct qht *ht, struct qht_stats *stats);
+void qht_statistics_init(struct qht *ht, struct qht_stats *stats);
 
 /**
  * qht_statistics_destroy - Destroy a &struct qht_stats

linux-user/binfmt.c

@@ -0,0 +1,68 @@
+#include <stdio.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <libgen.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifdef __x86_64__
+#define ARCH_NAME "x86_64"
+#endif
+
+int main(int argc, char **argv, char **envp)
+{
+    char *binfmt;
+    char **new_argv;
+
+    /*
+     * Check if our file name ends with -binfmt
+     */
+    binfmt = argv[0] + strlen(argv[0]) - strlen("-binfmt");
+    if (strcmp(binfmt, "-binfmt")) {
+        fprintf(stderr, "%s: Invalid executable name\n", argv[0]);
+        exit(1);
+    }
+    if (argc < 3) {
+        fprintf(stderr, "%s: Please use me through binfmt with P flag\n",
+                argv[0]);
+        exit(1);
+    }
+
+    binfmt[0] = '\0';
+    /* Now argv[0] is the real qemu binary name */
+
+#ifdef ARCH_NAME
+    {
+        char *hostbin;
+        char *guestarch;
+        int r;
+
+        guestarch = strrchr(argv[0], '-') ;
+        if (!guestarch) {
+            goto skip;
+        }
+        guestarch++;
+        r = asprintf(&hostbin, "/emul/" ARCH_NAME "-for-%s/%s", guestarch, argv[1]);
+        if ((r > 0) && !access(hostbin, X_OK)) {
+            /*
+             * We found a host binary replacement for the non-host binary. Let's
+             * use that instead!
+             */
+            return execve(hostbin, &argv[2], envp);
+        }
+    }
+skip:
+#endif
+
+    new_argv = (char **)malloc((argc + 2) * sizeof(*new_argv));
+    if (argc > 3) {
+        memcpy(&new_argv[4], &argv[3], (argc - 3) * sizeof(*new_argv));
+    }
+    new_argv[0] = argv[0];
+    new_argv[1] = (char *)"-0";
+    new_argv[2] = argv[2];
+    new_argv[3] = argv[1];
+    new_argv[argc + 1] = NULL;
+
+    return execve(new_argv[0], new_argv, envp);
+}

linux-user/signal.c

@@ -734,6 +734,10 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig)
     trace_user_force_sig(env, target_sig, host_sig);
     gdb_signalled(env, target_sig);
 
+    if (target_sig == 6) {
+        goto no_core;
+    }
+
     /* dump core if supported by target binary format */
     if (core_dump_signal(target_sig) && (ts->bprm->core_dump != NULL)) {
         stop_all_tasks();
@@ -751,6 +755,8 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig)
             target_sig, strsignal(host_sig), "core dumped" );
     }
 
+no_core:
+
     /* The proper exit code for dying from an uncaught signal is
      * -<signal>.  The kernel doesn't allow exit() or _exit() to pass
      * a negative value.  To get the proper exit code we need to

linux-user/syscall.c

@@ -5699,8 +5699,21 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
     ie = ioctl_entries;
     for(;;) {
         if (ie->target_cmd == 0) {
+            int i;
             qemu_log_mask(
-                LOG_UNIMP, "Unsupported ioctl: cmd=0x%04lx\n", (long)cmd);
+                LOG_UNIMP, "Unsupported ioctl: cmd=0x%04lx (%x)\n", (unsigned long)cmd,
+                     (unsigned int)(cmd & (TARGET_IOC_SIZEMASK << TARGET_IOC_SIZESHIFT))
+                      >> TARGET_IOC_SIZESHIFT);
+            for (i = 0; ioctl_entries[i].target_cmd; i++) {
+                if ((ioctl_entries[i].target_cmd & ~(TARGET_IOC_SIZEMASK
+                    << TARGET_IOC_SIZESHIFT)) == (cmd & ~(TARGET_IOC_SIZEMASK <<
+                    TARGET_IOC_SIZESHIFT)))
+                    qemu_log_mask(
+                        LOG_UNIMP, "%p\t->\t%s (%x)\n", (void *)(unsigned long)
+                             ioctl_entries[i].host_cmd, ioctl_entries[i].name,
+                             (ioctl_entries[i].target_cmd & (TARGET_IOC_SIZEMASK
+                             << TARGET_IOC_SIZESHIFT)) >> TARGET_IOC_SIZESHIFT);
+            }
             return -TARGET_ENOSYS;
         }
         if (ie->target_cmd == cmd)
@@ -5731,6 +5744,13 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
         arg_type++;
         target_size = thunk_type_size(arg_type, 0);
         switch(ie->access) {
+        /*
+         *  FIXME: actually the direction given in the ioctl should be
+         * correct so we can assume the communication is uni-directional.
+         * The alsa developers did not like this concept though and
+         * declared ioctls IOC_R and IOC_W even though they were IOC_RW.
+         */
+/*
         case IOC_R:
             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
             if (!is_error(ret)) {
@@ -5749,6 +5769,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
             unlock_user(argptr, arg, 0);
             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
             break;
+*/
         default:
         case IOC_RW:
             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
@@ -7850,6 +7871,27 @@ static int open_self_stat(void *cpu_env, int fd)
     return 0;
 }
 
+#if defined(TARGET_ARM)
+static int open_cpuinfo(void *cpu_env, int fd)
+{
+    dprintf(fd,
+"Processor       : ARMv7 Processor rev 5 (v7l)\n"
+"BogoMIPS        : 799.53\n"
+"Features        : swp half thumb fastmult vfp edsp thumbee neon vfpv3\n"
+"CPU implementer : 0x41\n"
+"CPU architecture: 7\n"
+"CPU variant     : 0x2\n"
+"CPU part        : 0xc08\n"
+"CPU revision    : 5\n"
+"\n"
+"Hardware        : Genesi Efika MX (Smarttop)\n"
+"Revision        : 51030\n"
+"Serial          : 0000000000000000\n");
+
+    return 0;
+}
+#endif
+
 static int open_self_auxv(void *cpu_env, int fd)
 {
     CPUState *cpu = env_cpu((CPUArchState *)cpu_env);
@@ -8004,6 +8046,9 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags,
 #if defined(TARGET_SPARC) || defined(TARGET_HPPA)
         { "/proc/cpuinfo", open_cpuinfo, is_proc },
 #endif
+#if defined(TARGET_ARM)
+        { "cpuinfo", open_cpuinfo, is_proc_myself },
+#endif
 #if defined(TARGET_M68K)
         { "/proc/hardware", open_hardware, is_proc },
 #endif
@@ -8301,10 +8346,10 @@ _syscall2(int, pivot_root, const char *, new_root, const char *, put_old)
  * of syscall results, can be performed.
  * All errnos that do_syscall() returns must be -TARGET_<errcode>.
  */
-static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
-                            abi_long arg2, abi_long arg3, abi_long arg4,
-                            abi_long arg5, abi_long arg6, abi_long arg7,
-                            abi_long arg8)
+static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1,
+                            abi_ulong arg2, abi_ulong arg3, abi_ulong arg4,
+                            abi_ulong arg5, abi_ulong arg6, abi_ulong arg7,
+                            abi_ulong arg8)
 {
     CPUState *cpu = env_cpu(cpu_env);
     abi_long ret;
@@ -8656,8 +8701,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
         return ret;
 #endif
 #ifdef TARGET_NR_lseek
-    case TARGET_NR_lseek:
-        return get_errno(lseek(arg1, arg2, arg3));
+    case TARGET_NR_lseek: {
+        off_t off = arg2;
+        if (arg3 != SEEK_SET) {
+            off = (abi_long)arg2;
+        }
+        return get_errno(lseek(arg1, off, arg3));
+    }
 #endif
 #if defined(TARGET_NR_getxpid) && defined(TARGET_ALPHA)
     /* Alpha specific */
@@ -9527,6 +9577,9 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
         {
             struct timeval tv;
             struct timezone tz;
+            if (copy_from_user_timeval(&tv, arg1)) {
+                return -TARGET_EFAULT;
+            }
 
             ret = get_errno(gettimeofday(&tv, &tz));
             if (!is_error(ret)) {
@@ -10759,7 +10812,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
              */
             ret = -TARGET_EINVAL;
             if (cpu_isar_feature(aa64_sve, env_archcpu(cpu_env))
-                && arg2 >= 0 && arg2 <= 512 * 16 && !(arg2 & 15)) {
+                && arg2 <= 512 * 16 && !(arg2 & 15)) {
                 CPUARMState *env = cpu_env;
                 ARMCPU *cpu = env_archcpu(env);
                 uint32_t vq, old_vq;
@@ -13128,10 +13181,10 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
     return ret;
 }
 
-abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
-                    abi_long arg2, abi_long arg3, abi_long arg4,
-                    abi_long arg5, abi_long arg6, abi_long arg7,
-                    abi_long arg8)
+abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
+                    abi_ulong arg2, abi_ulong arg3, abi_ulong arg4,
+                    abi_ulong arg5, abi_ulong arg6, abi_ulong arg7,
+                    abi_ulong arg8)
 {
     CPUState *cpu = env_cpu(cpu_env);
     abi_long ret;

linux-user/user-internals.h

@@ -60,10 +60,10 @@ int info_is_fdpic(struct image_info *info);
 
 void target_set_brk(abi_ulong new_brk);
 void syscall_init(void);
-abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
-                    abi_long arg2, abi_long arg3, abi_long arg4,
-                    abi_long arg5, abi_long arg6, abi_long arg7,
-                    abi_long arg8);
+abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
+                    abi_ulong arg2, abi_ulong arg3, abi_ulong arg4,
+                    abi_ulong arg5, abi_ulong arg6, abi_ulong arg7,
+                    abi_ulong arg8);
 extern __thread CPUState *thread_cpu;
 void cpu_loop(CPUArchState *env);
 const char *target_strerror(int err);

meson.build

@@ -3048,6 +3048,11 @@ endforeach
 
 # Other build targets
 
+if 'CONFIG_LINUX_USER' in config_target
+    executable('qemu-binfmt', files('linux-user/binfmt.c'),
+               install: true)
+endif
+
 if 'CONFIG_PLUGIN' in config_host
   install_headers('include/qemu/qemu-plugin.h')
 endif

migration/savevm.c

@@ -2943,7 +2943,7 @@ void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live,
          * So call bdrv_inactivate_all (release locks) here to let the other
          * side of the migration take control of the images.
          */
-        if (live && !saved_vm_running) {
+        if (!saved_vm_running) {
             ret = bdrv_inactivate_all();
             if (ret) {
                 error_setg(errp, "%s: bdrv_inactivate_all() failed (%d)",

pc-bios/s390-ccw/netboot.mak

@@ -54,6 +54,7 @@ LIBNETOBJS := args.o dhcp.o dns.o icmpv6.o ipv6.o tcp.o udp.o bootp.o \
 	      dhcpv6.o ethernet.o ipv4.o ndp.o tftp.o pxelinux.o
 LIBNETCFLAGS = $(QEMU_CFLAGS) $(CFLAGS) $(LIBC_INC) $(LIBNET_INC) \
 	       -DDHCPARCH=0x1F -MMD -MP -MT $@ -MF $(@:%.o=%.d)
+LIBNETCFLAGS +=  -Wno-address-of-packed-member
 
 %.o : $(SLOF_DIR)/lib/libnet/%.c
 	$(call quiet-command,$(CC) $(LIBNETCFLAGS) -c -o $@ $<,"CC","$(TARGET_DIR)$@")

qemu-bridge-helper.c

@@ -124,7 +124,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
         }
 
         if (strcmp(cmd, "deny") == 0) {
-            acl_rule = g_malloc(sizeof(*acl_rule));
+            acl_rule = calloc(1, sizeof(*acl_rule));
+            if (!acl_rule) {
+                fclose(f);
+                errno = ENOMEM;
+                return -1;
+            }
             if (strcmp(arg, "all") == 0) {
                 acl_rule->type = ACL_DENY_ALL;
             } else {
@@ -133,7 +138,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
             }
             QSIMPLEQ_INSERT_TAIL(acl_list, acl_rule, entry);
         } else if (strcmp(cmd, "allow") == 0) {
-            acl_rule = g_malloc(sizeof(*acl_rule));
+            acl_rule = calloc(1, sizeof(*acl_rule));
+            if (!acl_rule) {
+                fclose(f);
+                errno = ENOMEM;
+                return -1;
+            }
             if (strcmp(arg, "all") == 0) {
                 acl_rule->type = ACL_ALLOW_ALL;
             } else {
@@ -438,6 +448,18 @@ int main(int argc, char **argv)
         goto cleanup;
     }
 
+#ifndef CONFIG_LIBCAP
+    /*
+     * avoid sending the fd as root user if running suid to not fool
+     * peer credentials to daemons that dont expect that
+     */
+    if (setuid(getuid()) < 0) {
+        fprintf(stderr, "Failed to drop privileges.\n");
+        ret = EXIT_FAILURE;
+        goto cleanup;
+    }
+#endif
+
     /* write fd to the domain socket */
     if (send_fd(unixfd, fd) == -1) {
         fprintf(stderr, "failed to write fd to unix socket: %s\n",
@@ -459,7 +481,7 @@ cleanup:
     }
     while ((acl_rule = QSIMPLEQ_FIRST(&acl_list)) != NULL) {
         QSIMPLEQ_REMOVE_HEAD(&acl_list, entry);
-        g_free(acl_rule);
+        free(acl_rule);
     }
 
     return ret;

qemu-img.c

@@ -2553,10 +2553,8 @@ static int img_convert(int argc, char **argv)
 
     if (out_baseimg_param) {
         if (!qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT)) {
-            error_report("Use of backing file requires explicit "
-                         "backing format");
-            ret = -1;
-            goto out;
+            warn_report("Deprecated use of backing file without explicit "
+                        "backing format");
         }
     }
 
@@ -3822,9 +3820,6 @@ static int img_rebase(int argc, char **argv)
     if (ret == -ENOSPC) {
         error_report("Could not change the backing file to '%s': No "
                      "space left in the file header", out_baseimg);
-    } else if (ret == -EINVAL && out_baseimg && !out_basefmt) {
-        error_report("Could not change the backing file to '%s': backing "
-                     "format must be specified", out_baseimg);
     } else if (ret < 0) {
         error_report("Could not change the backing file to '%s': %s",
             out_baseimg, strerror(-ret));

qom/object.c

@@ -237,6 +237,12 @@ static bool type_is_ancestor(TypeImpl *type, TypeImpl *target_type)
             return true;
         }
 
+
+        if (type->parent && !strcmp(type->parent, "chardev-spiceport")) {
+            if (!type->parent_type && !type_get_by_name(type->parent)) {
+                return false;
+            }
+        }
         type = type_get_parent(type);
     }
 

roms/Makefile

@@ -52,6 +52,12 @@ SEABIOS_EXTRAVERSION="-prebuilt.qemu.org"
 #
 EDK2_EFIROM = edk2/BaseTools/Source/C/bin/EfiRom
 
+# NB: Certain SUSE qemu subpackages use date information, but we want
+#  reproducible builds, so we use a pre-determined timestamp, rather
+#  than the current timestamp to acheive consistent results build to
+#  build.
+PACKAGING_TIMESTAMP = $(shell date -r ../VERSION +%s)
+
 default help:
 	@echo "nothing is build by default"
 	@echo "available build targets:"
@@ -104,7 +110,7 @@ build-seabios-config-%: config.%
 
 .PHONY: sgabios skiboot qboot
 sgabios:
-	$(MAKE) -C sgabios
+	$(MAKE) -C sgabios PACKAGING_TIMESTAMP=$(PACKAGING_TIMESTAMP)
 	cp sgabios/sgabios.bin ../pc-bios
 
 
@@ -123,11 +129,13 @@ efi-rom-%: build-pxe-roms build-efi-roms edk2-basetools
 
 build-pxe-roms:
 	$(MAKE) -C ipxe/src CONFIG=qemu \
+		PACKAGING_TIMESTAMP=$(PACKAGING_TIMESTAMP) \
 		CROSS_COMPILE=$(x86_64_cross_prefix) \
 		$(patsubst %,bin/%.rom,$(pxerom_targets))
 
 build-efi-roms: build-pxe-roms
 	$(MAKE) -C ipxe/src CONFIG=qemu \
+		PACKAGING_TIMESTAMP=$(PACKAGING_TIMESTAMP) \
 		CROSS_COMPILE=$(x86_64_cross_prefix) \
 		$(patsubst %,bin-x86_64-efi/%.efidrv,$(pxerom_targets))
 
@@ -143,15 +151,15 @@ build-efi-roms: build-pxe-roms
 #    efirom
 #
 edk2-basetools:
-	cd edk2/BaseTools && git submodule update --init --force \
-		Source/C/BrotliCompress/brotli
 	$(MAKE) -C edk2/BaseTools \
 		PYTHON_COMMAND=$${EDK2_PYTHON_COMMAND:-python3} \
 		EXTRA_OPTFLAGS='$(EDK2_BASETOOLS_OPTFLAGS)' \
 		EXTRA_LDFLAGS='$(EDK2_BASETOOLS_LDFLAGS)'
 
 slof:
-	$(MAKE) -C SLOF CROSS=$(powerpc64_cross_prefix) qemu
+	$(MAKE) -C SLOF CROSS=$(powerpc64_cross_prefix) \
+		PACKAGING_TIMESTAMP=$(PACKAGING_TIMESTAMP) \
+		qemu
 	cp SLOF/boot_rom.bin ../pc-bios/slof.bin
 
 u-boot.e500:
@@ -191,7 +199,7 @@ MESON = meson
 NINJA = ninja
 qboot:
 	mkdir -p qboot/build
-	$(MESON) setup $(if $(wildcard qboot/build/meson-private),--wipe,) qboot qboot/build
+	$(MESON) setup --cross-file qboot/cross.ini $(if $(wildcard qboot/build/meson-private),--wipe,) qboot qboot/build
 	$(NINJA) -C qboot/build
 	cp qboot/build/bios.bin ../pc-bios/qboot.rom
 

roms/edk2-funcs.sh

@@ -116,7 +116,15 @@ qemu_edk2_get_cross_prefix()
     # force soft-float cross-compiler on Debian
     printf 'arm-linux-gnueabi-'
   else
-    printf '%s-linux-gnu-\n' "$gcc_arch"
+    if [ "$emulation_target" == arm ]; then
+      printf '%s-suse-linux-gnueabi-\n' "$gcc_arch"
+    else
+      if [ "$gcc_arch" == i686 ]; then
+        printf '%s-suse-linux-\n' "i586"
+      else
+        printf '%s-suse-linux-\n' "$gcc_arch"
+      fi
+    fi
   fi
 }
 

scripts/analyze-migration.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 #
 #  Migration Stream Analyzer
 #

scripts/qemu-binfmt-conf.sh

@@ -185,6 +185,7 @@ Usage: qemu-binfmt-conf.sh [--qemu-path PATH][--debian][--systemd CPU]
        --help:          display this usage
        --qemu-path:     set path to qemu interpreter ($QEMU_PATH)
        --qemu-suffix:   add a suffix to the default interpreter name
+                        (default: "-binfmt")
        --debian:        don't write into /proc,
                         instead generate update-binfmts templates
        --systemd:       don't write into /proc,
@@ -275,7 +276,7 @@ qemu_generate_register() {
         flags="${flags}P"
     fi
 
-    echo ":qemu-$cpu:M::$magic:$mask:$qemu:$flags"
+    echo ":qemu-$cpu:M::$magic:$mask:$qemu:P$flags"
 }
 
 qemu_register_interpreter() {
@@ -334,13 +335,13 @@ BINFMT_SET=qemu_register_interpreter
 SYSTEMDDIR="/etc/binfmt.d"
 DEBIANDIR="/usr/share/binfmts"
 
-QEMU_PATH=/usr/local/bin
+QEMU_PATH=/usr/bin
 CREDENTIAL=no
 PERSISTENT=no
 PRESERVE_ARG0=no
-QEMU_SUFFIX=""
+QEMU_SUFFIX="-binfmt"
 
-options=$(getopt -o ds:Q:S:e:hc:p:g: -l debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent:,preserve-argv0: -- "$@")
+options=$(getopt -o ds:Q:S:e:hc:p:g:F: -l debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent:,preserve-argv0: -- "$@")
 eval set -- "$options"
 
 while true ; do

scripts/vmstate-static-checker.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 #
 # Compares vmstate information stored in JSON format, obtained from
 # the -dump-vmstate QEMU command.

softmmu/physmem.c

@@ -2064,11 +2064,13 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
         return NULL;
     }
 
+#ifndef TARGET_PPC
     if (kvm_enabled() && !kvm_has_sync_mmu()) {
         error_setg(errp,
                    "host lacks kvm mmu notifiers, -mem-path unsupported");
         return NULL;
     }
+#endif
 
     size = HOST_PAGE_ALIGN(size);
     file_size = get_file_size(fd);

softmmu/vl.c

@@ -40,6 +40,7 @@
 #include "sysemu/reset.h"
 #include "sysemu/runstate.h"
 #include "sysemu/runstate-action.h"
+#include <sys/resource.h>
 #include "sysemu/seccomp.h"
 #include "sysemu/tcg.h"
 #include "sysemu/xen.h"
@@ -2772,6 +2773,17 @@ void qemu_init(int argc, char **argv, char **envp)
     MachineClass *machine_class;
     bool userconfig = true;
     FILE *vmstate_dump_file = NULL;
+    struct rlimit rlimit_as;
+
+    /*
+     * Try to raise the soft address space limit.
+     * Default on SLES 11 SP2 is 80% of physical+swap memory.
+     */
+    getrlimit(RLIMIT_AS, &rlimit_as);
+    if (rlimit_as.rlim_cur < rlimit_as.rlim_max) {
+        rlimit_as.rlim_cur = rlimit_as.rlim_max;
+        setrlimit(RLIMIT_AS, &rlimit_as);
+    }
 
     qemu_add_opts(&qemu_drive_opts);
     qemu_add_drive_opts(&qemu_legacy_drive_opts);

target/i386/tcg/helper-tcg.h

@@ -26,7 +26,7 @@
 #define TARGET_MAX_INSN_SIZE 16
 
 #if defined(TARGET_X86_64)
-# define TCG_PHYS_ADDR_BITS 40
+# define TCG_PHYS_ADDR_BITS 42
 #else
 # define TCG_PHYS_ADDR_BITS 36
 #endif

tests/qemu-iotests/040

@@ -915,8 +915,8 @@ class TestCommitWithOverriddenBacking(iotests.QMPTestCase):
     def setUp(self):
         qemu_img('create', '-f', iotests.imgfmt, self.img_base_a, '1M')
         qemu_img('create', '-f', iotests.imgfmt, self.img_base_b, '1M')
-        qemu_img('create', '-f', iotests.imgfmt, '-b', self.img_base_a,
-                 '-F', iotests.imgfmt, self.img_top)
+        qemu_img('create', '-f', iotests.imgfmt, '-b', self.img_base_a, \
+                 self.img_top)
 
         self.vm = iotests.VM()
         self.vm.launch()

tests/qemu-iotests/041

@@ -1295,10 +1295,8 @@ class TestReplaces(iotests.QMPTestCase):
 class TestFilters(iotests.QMPTestCase):
     def setUp(self):
         qemu_img('create', '-f', iotests.imgfmt, backing_img, '1M')
-        qemu_img('create', '-f', iotests.imgfmt, '-b', backing_img,
-                 '-F', iotests.imgfmt, test_img)
-        qemu_img('create', '-f', iotests.imgfmt, '-b', backing_img,
-                 '-F', iotests.imgfmt, target_img)
+        qemu_img('create', '-f', iotests.imgfmt, '-b', backing_img, test_img)
+        qemu_img('create', '-f', iotests.imgfmt, '-b', backing_img, target_img)
 
         qemu_io('-c', 'write -P 1 0 512k', backing_img)
         qemu_io('-c', 'write -P 2 512k 512k', test_img)

tests/qemu-iotests/114

@@ -44,16 +44,16 @@ _supported_os Linux
 # qcow2.py does not work too well with external data files
 _unsupported_imgopts data_file
 
-# Older qemu-img could set up backing file without backing format; modern
-# qemu can't but we can use qcow2.py to simulate older files.
+# Intentionally specify backing file without backing format; demonstrate
+# the difference in warning messages when backing file could be probed.
+# Note that only a non-raw probe result will affect the resulting image.
 truncate -s $((64 * 1024 * 1024)) "$TEST_IMG.orig"
-_make_test_img -b "$TEST_IMG.orig" -F raw 64M
-$PYTHON qcow2.py "$TEST_IMG" del-header-ext 0xE2792ACA
+_make_test_img -b "$TEST_IMG.orig" 64M
 
 TEST_IMG="$TEST_IMG.base" _make_test_img 64M
 $QEMU_IMG convert -O qcow2 -B "$TEST_IMG.orig" "$TEST_IMG.orig" "$TEST_IMG"
-_make_test_img -b "$TEST_IMG.base" -F $IMGFMT 64M
-_make_test_img -u -b "$TEST_IMG.base" -F $IMGFMT 64M
+_make_test_img -b "$TEST_IMG.base" 64M
+_make_test_img -u -b "$TEST_IMG.base" 64M
 
 # Set an invalid backing file format
 $PYTHON qcow2.py "$TEST_IMG" add-header-ext 0xE2792ACA "foo"
@@ -64,9 +64,9 @@ _img_info
 $QEMU_IO -c "open $TEST_IMG" -c "read 0 4k" 2>&1 | _filter_qemu_io | _filter_testdir
 $QEMU_IO -c "open -o backing.driver=$IMGFMT $TEST_IMG" -c "read 0 4k" | _filter_qemu_io
 
-# Rebase the image, to show that backing format is required.
-($QEMU_IMG rebase -u -b "$TEST_IMG.base" "$TEST_IMG" 2>&1 && echo "unexpected pass") | _filter_testdir
-$QEMU_IMG rebase -u -b "$TEST_IMG.base" -F $IMGFMT "$TEST_IMG"
+# Rebase the image, to show that omitting backing format triggers a warning,
+# but probing now lets us use the backing file.
+$QEMU_IMG rebase -u -b "$TEST_IMG.base" "$TEST_IMG"
 $QEMU_IO -c "open $TEST_IMG" -c "read 0 4k" 2>&1 | _filter_qemu_io | _filter_testdir
 
 # success, all done

tests/qemu-iotests/114.out

@@ -1,9 +1,12 @@
 QA output created by 114
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 backing_file=TEST_DIR/t.IMGFMT.orig backing_fmt=raw
+qemu-img: warning: Deprecated use of backing file without explicit backing format (detected format of raw)
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 backing_file=TEST_DIR/t.IMGFMT.orig
 Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=67108864
-qemu-img: Use of backing file requires explicit backing format
-Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 backing_file=TEST_DIR/t.IMGFMT.base backing_fmt=IMGFMT
+qemu-img: warning: Deprecated use of backing file without explicit backing format
+qemu-img: warning: Deprecated use of backing file without explicit backing format (detected format of IMGFMT)
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 backing_file=TEST_DIR/t.IMGFMT.base backing_fmt=IMGFMT
+qemu-img: warning: Deprecated use of unopened backing file without explicit backing format, use of this image requires potentially unsafe format probing
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 backing_file=TEST_DIR/t.IMGFMT.base
 image: TEST_DIR/t.IMGFMT
 file format: IMGFMT
 virtual size: 64 MiB (67108864 bytes)
@@ -14,7 +17,7 @@ qemu-io: can't open device TEST_DIR/t.qcow2: Could not open backing file: Unknow
 no file open, try 'help open'
 read 4096/4096 bytes at offset 0
 4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-qemu-img: Could not change the backing file to 'TEST_DIR/t.qcow2.base': backing format must be specified
+qemu-img: warning: Deprecated use of backing file without explicit backing format, use of this image requires potentially unsafe format probing
 read 4096/4096 bytes at offset 0
 4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 *** done

tests/qemu-iotests/130

@@ -64,7 +64,8 @@ echo
 _launch_qemu -drive id=testdisk,file="$TEST_IMG",backing.file.filename="$TEST_IMG.base"
 _send_qemu_cmd $QEMU_HANDLE "commit testdisk" "(qemu)"
 _send_qemu_cmd $QEMU_HANDLE '' '(qemu)'
-_cleanup_qemu
+_send_qemu_cmd $QEMU_HANDLE 'quit' ''
+wait=1 _cleanup_qemu
 _img_info | _filter_img_info
 
 # Make sure that if there was a backing file that was just overridden on the
@@ -73,7 +74,8 @@ _make_test_img -F raw -b "$TEST_IMG.orig" 64M
 _launch_qemu -drive id=testdisk,file="$TEST_IMG",backing.file.filename="$TEST_IMG.base",backing.driver=$IMGFMT
 _send_qemu_cmd $QEMU_HANDLE "commit testdisk" "(qemu)"
 _send_qemu_cmd $QEMU_HANDLE '' '(qemu)'
-_cleanup_qemu
+_send_qemu_cmd $QEMU_HANDLE 'quit' ''
+wait=1 _cleanup_qemu
 _img_info | _filter_img_info
 
 echo

tests/qemu-iotests/130.out

@@ -11,6 +11,7 @@ virtual size: 64 MiB (67108864 bytes)
 QEMU X.Y.Z monitor - type 'help' for more information
 (qemu) commit testdisk
 (qemu) 
+(qemu) quit
 image: TEST_DIR/t.IMGFMT
 file format: IMGFMT
 virtual size: 64 MiB (67108864 bytes)
@@ -18,6 +19,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 backing_file=TEST_DIR/t
 QEMU X.Y.Z monitor - type 'help' for more information
 (qemu) commit testdisk
 (qemu) 
+(qemu) quit
 image: TEST_DIR/t.IMGFMT
 file format: IMGFMT
 virtual size: 64 MiB (67108864 bytes)

tests/qemu-iotests/153

@@ -202,7 +202,8 @@ _send_qemu_cmd $QEMU_HANDLE \
     'return'
 _run_cmd $QEMU_IMG commit -b "${TEST_IMG}.b" "${TEST_IMG}.c"
 
-_cleanup_qemu
+_send_qemu_cmd $QEMU_HANDLE "{ 'execute': 'quit' }" ''
+wait=1 _cleanup_qemu
 
 _launch_qemu
 
@@ -254,7 +255,8 @@ _send_qemu_cmd $QEMU_HANDLE \
 
 _run_cmd $QEMU_IO "${TEST_IMG}" -c 'write 0 512'
 
-_cleanup_qemu
+_send_qemu_cmd $QEMU_HANDLE "{ 'execute': 'quit' }" ''
+wait=1 _cleanup_qemu
 
 echo
 echo "== Detecting -U and force-share conflicts =="

tests/qemu-iotests/153.out

@@ -424,6 +424,8 @@ Is another process using the image [TEST_DIR/t.qcow2]?
 _qemu_img_wrapper commit -b TEST_DIR/t.qcow2.b TEST_DIR/t.qcow2.c
 { 'execute': 'qmp_capabilities' }
 {"return": {}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}}
+{"return": {}}
 Adding drive
 { 'execute': 'human-monitor-command',
        'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } }
@@ -463,6 +465,8 @@ Closing the other
 {"return": ""}
 
 _qemu_io_wrapper TEST_DIR/t.qcow2 -c write 0 512
+{"return": {}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}}
 
 == Detecting -U and force-share conflicts ==
 

tests/qemu-iotests/162.out

@@ -1,7 +1,7 @@
 QA output created by 162
 
 === NBD ===
-qemu-img: Could not open 'json:{"driver": "nbd", "host": -1}': address resolution failed for -1:10809: Name or service not known
+qemu-img: Could not open 'json:{"driver": "nbd", "host": 42}': Failed to connect socket: Network is unreachable
 image: nbd://localhost:PORT
 image: nbd+unix://?socket=42
 

tests/qemu-iotests/301

@@ -3,7 +3,7 @@
 #
 # Test qcow backing file warnings
 #
-# Copyright (C) 2020-2021 Red Hat, Inc.
+# Copyright (C) 2020 Red Hat, Inc.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -46,6 +46,7 @@ echo "== qcow backed by qcow =="
 
 TEST_IMG="$TEST_IMG.base" _make_test_img $size
 _make_test_img -b "$TEST_IMG.base" $size
+_img_info
 _make_test_img -b "$TEST_IMG.base" -F $IMGFMT $size
 _img_info
 
@@ -70,6 +71,7 @@ echo "== qcow backed by raw =="
 rm "$TEST_IMG.base"
 truncate --size=$size "$TEST_IMG.base"
 _make_test_img -b "$TEST_IMG.base" $size
+_img_info
 _make_test_img -b "$TEST_IMG.base" -F raw $size
 _img_info
 

tests/qemu-iotests/301.out

@@ -2,7 +2,13 @@ QA output created by 301
 
 == qcow backed by qcow ==
 Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=33554432
-qemu-img: TEST_DIR/t.IMGFMT: Backing file specified without backing format
+qemu-img: warning: Deprecated use of backing file without explicit backing format (detected format of IMGFMT)
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=33554432 backing_file=TEST_DIR/t.IMGFMT.base backing_fmt=IMGFMT
+image: TEST_DIR/t.IMGFMT
+file format: IMGFMT
+virtual size: 32 MiB (33554432 bytes)
+cluster_size: 512
+backing file: TEST_DIR/t.IMGFMT.base
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=33554432 backing_file=TEST_DIR/t.IMGFMT.base backing_fmt=IMGFMT
 image: TEST_DIR/t.IMGFMT
 file format: IMGFMT
@@ -30,7 +36,13 @@ cluster_size: 512
 backing file: TEST_DIR/t.IMGFMT.base
 
 == qcow backed by raw ==
-qemu-img: TEST_DIR/t.IMGFMT: Backing file specified without backing format
+qemu-img: warning: Deprecated use of backing file without explicit backing format (detected format of raw)
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=33554432 backing_file=TEST_DIR/t.IMGFMT.base
+image: TEST_DIR/t.IMGFMT
+file format: IMGFMT
+virtual size: 32 MiB (33554432 bytes)
+cluster_size: 512
+backing file: TEST_DIR/t.IMGFMT.base
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=33554432 backing_file=TEST_DIR/t.IMGFMT.base backing_fmt=raw
 image: TEST_DIR/t.IMGFMT
 file format: IMGFMT

tests/qemu-iotests/common.config

@@ -24,6 +24,7 @@ PATH=".:$PATH"
 HOSTOS=$(uname -s)
 arch=$(uname -m)
 [[ "$arch" =~ "ppc64" ]] && qemu_arch=ppc64 || qemu_arch="$arch"
+[[ "$arch" = "i686" ]] && qemu_arch=i386
 
 # make sure we have a standard umask
 umask 022

tests/qemu-iotests/common.qemu

@@ -85,7 +85,7 @@ _timed_wait_for()
     timeout=yes
 
     QEMU_STATUS[$h]=0
-    read_timeout="-t ${QEMU_COMM_TIMEOUT}"
+    read_timeout="-t $((${QEMU_COMM_TIMEOUT}*3))"
     if [ -n "${GDB_OPTIONS}" ]; then
         read_timeout=
     fi

tests/uefi-test-tools/Makefile

@@ -99,7 +99,6 @@ Build/bios-tables-test.%.efi: build-edk2-tools
 	+./build.sh $(edk2_dir) BiosTablesTest $* $@
 
 build-edk2-tools:
-	cd $(edk2_dir)/BaseTools && git submodule update --init --force
 	$(MAKE) -C $(edk2_dir)/BaseTools \
 		PYTHON_COMMAND=$${EDK2_PYTHON_COMMAND:-python3} \
 		EXTRA_OPTFLAGS='$(EDK2_BASETOOLS_OPTFLAGS)' \

tests/unit/test-char.c

@@ -1,3 +1,4 @@
+#define HW_POISON_H /* avoid poison since we patch against rules it "enforces" */
 #include "qemu/osdep.h"
 #include <glib/gstdio.h>
 

util/module.c

@@ -119,6 +119,35 @@ static const QemuModinfo module_info_stub[] = { {
 static const QemuModinfo *module_info = module_info_stub;
 static const char *module_arch;
 
+bool s390x_blocklist(const char *name)
+{
+    const char *blocklist[] = {
+        "hw-display-qxl",
+        "hw-display-virtio-vga",
+        "hw-display-virtio-vga-gl",
+        "hw-usb-host",
+        "hw-usb-redirect",
+        "hw-usb-smartcard"
+    };
+
+    const size_t len = sizeof(blocklist) / sizeof(blocklist[0]);
+
+    if (strcmp(module_arch, "x86_64") == 0 ||
+        strcmp(module_arch, "i386") == 0 ||
+        strcmp(module_arch, "arm") == 0 ||
+        strcmp(module_arch, "aarch64") == 0) {
+        return false;
+    }
+
+    for (size_t i = 0; i < len; i++) {
+        if (strcmp(blocklist[i], name) == 0) {
+            return true;
+        }
+    }
+
+    return false;
+}
+
 void module_init_info(const QemuModinfo *info)
 {
     module_info = info;
@@ -131,6 +160,10 @@ void module_allow_arch(const char *arch)
 
 static bool module_check_arch(const QemuModinfo *modinfo)
 {
+    if (modinfo->name && s390x_blocklist(modinfo->name)) {
+        return false;
+    }
+
     if (modinfo->arch) {
         if (!module_arch) {
             /* no arch set -> ignore all */

util/qht.c

@@ -485,10 +485,10 @@ bool qht_reset_size(struct qht *ht, size_t n_elems)
 }
 
 static inline
-void *qht_do_lookup(const struct qht_bucket *head, qht_lookup_func_t func,
+void *qht_do_lookup(struct qht_bucket *head, qht_lookup_func_t func,
                     const void *userp, uint32_t hash)
 {
-    const struct qht_bucket *b = head;
+    struct qht_bucket *b = head;
     int i;
 
     do {
@@ -512,7 +512,7 @@ void *qht_do_lookup(const struct qht_bucket *head, qht_lookup_func_t func,
 }
 
 static __attribute__((noinline))
-void *qht_lookup__slowpath(const struct qht_bucket *b, qht_lookup_func_t func,
+void *qht_lookup__slowpath(struct qht_bucket *b, qht_lookup_func_t func,
                            const void *userp, uint32_t hash)
 {
     unsigned int version;
@@ -525,10 +525,10 @@ void *qht_lookup__slowpath(const struct qht_bucket *b, qht_lookup_func_t func,
     return ret;
 }
 
-void *qht_lookup_custom(const struct qht *ht, const void *userp, uint32_t hash,
+void *qht_lookup_custom(struct qht *ht, const void *userp, uint32_t hash,
                         qht_lookup_func_t func)
 {
-    const struct qht_bucket *b;
+    struct qht_bucket *b;
     const struct qht_map *map;
     unsigned int version;
     void *ret;
@@ -548,7 +548,7 @@ void *qht_lookup_custom(const struct qht *ht, const void *userp, uint32_t hash,
     return qht_lookup__slowpath(b, func, userp, hash);
 }
 
-void *qht_lookup(const struct qht *ht, const void *userp, uint32_t hash)
+void *qht_lookup(struct qht *ht, const void *userp, uint32_t hash)
 {
     return qht_lookup_custom(ht, userp, hash, ht->cmp);
 }
@@ -901,9 +901,9 @@ bool qht_resize(struct qht *ht, size_t n_elems)
 }
 
 /* pass @stats to qht_statistics_destroy() when done */
-void qht_statistics_init(const struct qht *ht, struct qht_stats *stats)
+void qht_statistics_init(struct qht *ht, struct qht_stats *stats)
 {
-    const struct qht_map *map;
+    struct qht_map *map;
     int i;
 
     map = qatomic_rcu_read(&ht->map);
@@ -920,8 +920,8 @@ void qht_statistics_init(const struct qht *ht, struct qht_stats *stats)
     stats->head_buckets = map->n_buckets;
 
     for (i = 0; i < map->n_buckets; i++) {
-        const struct qht_bucket *head = &map->buckets[i];
-        const struct qht_bucket *b;
+        struct qht_bucket *head = &map->buckets[i];
+        struct qht_bucket *b;
         unsigned int version;
         size_t buckets;
         size_t entries;

util/thread-pool.c

@@ -306,7 +306,12 @@ static void thread_pool_init_one(ThreadPool *pool, AioContext *ctx)
     qemu_mutex_init(&pool->lock);
     qemu_cond_init(&pool->worker_stopped);
     qemu_sem_init(&pool->sem, 0);
-    pool->max_threads = 64;
+    if (sizeof(pool) == 4) {
+        /* 32bit systems run out of virtual memory quickly */
+        pool->max_threads = 4;
+    } else {
+        pool->max_threads = 64;
+    }
     pool->new_thread_bh = aio_bh_new(ctx, spawn_thread_bh_fn, pool);
 
     QLIST_INIT(&pool->head);