qemu-binfmt-conf.sh: allow overriding SUSE-specific argv[0] handling

Git-commit: 0000000000000000000000000000000000000000
References: bsc#1186256

Since abbc0ce ("qemu-binfmt-conf: use qemu-ARCH-binfmt"),
qemu-binfmt-conf.sh automatically replaces the default qemu binfmt wrapper
qemu-$ARCH with qemu-$ARCH-binfmt in order to ensure that argv[0] is
preserved; qemu-$ARCH-binfmt is a link to qemu-binfmt, which is just a
simple wrapper that mangles argv to achieve the desired result.

This is inconvenient in some situations. In particular for running
foreign-arch containers, it's useful to use the binfmt_misc "F" ("fix
binary") flag to pre-load the qemu wrapper in the kernel. That way,
foreign-arch containers can be run just like native containers, without
having to bind-mount interpreters into the container. But that's impossible
with the SUSE binfmt wrapper that needs to exec() a different (native)
executable.

As the qemu-binfmt-conf script supports the --qemu-suffix option anyway,
use it to set the "-binfmt" suffix, thus allowing admins to override the
SUSE default with the option "--qemu-suffix ''".

Signed-off-by: Martin Wilck <mwilck@suse.com>
Acked-by: Jose R Ziviani <jose.ziviani@suse.com>

Makefile

@@ -87,7 +87,7 @@ x := $(shell rm -rf meson-private meson-info meson-logs)
 endif
 
 # 1. ensure config-host.mak is up-to-date
-config-host.mak: $(SRC_PATH)/configure $(SRC_PATH)/pc-bios $(SRC_PATH)/VERSION
+config-host.mak: $(SRC_PATH)/configure $(SRC_PATH)/VERSION
 	@echo config-host.mak is out-of-date, running configure
 	@if test -f meson-private/coredata.dat; then \
 	  ./config.status --skip-meson; \

chardev/char-fe.c

@@ -21,6 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+#define HW_POISON_H /* avoid poison since we patch against rules it "enforces" */
 #include "qemu/osdep.h"
 #include "qemu/error-report.h"
 #include "qapi/error.h"

chardev/char-mux.c

@@ -22,6 +22,7 @@
  * THE SOFTWARE.
  */
 
+#define HW_POISON_H /* avoid poison since we patch against rules it "enforces" */
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qemu/module.h"
@@ -197,6 +198,17 @@ static void mux_chr_accept_input(Chardev *chr)
         be->chr_read(be->opaque,
                      &d->buffer[m][d->cons[m]++ & MUX_BUFFER_MASK], 1);
     }
+
+#if defined(TARGET_S390X)
+    /*
+     * We're still not able to sync producer and consumer, so let's wait a bit
+     *  and try again by then.
+     */
+    if (d->prod[m] != d->cons[m]) {
+        qemu_mod_timer(d->accept_timer, qemu_get_clock_ns(vm_clock)
+                                        + (int64_t)100000);
+    }
+#endif
 }
 
 static int mux_chr_can_read(void *opaque)
@@ -331,6 +343,10 @@ static void qemu_chr_open_mux(Chardev *chr,
     }
 
     d->focus = -1;
+#if defined(TARGET_S390X)
+    d->accept_timer = qemu_new_timer_ns(vm_clock,
+                                     (QEMUTimerCB *)mux_chr_accept_input, chr);
+#endif
     /* only default to opened state if we've realized the initial
      * set of muxes
      */

chardev/char.c

@@ -22,6 +22,7 @@
  * THE SOFTWARE.
  */
 
+#define HW_POISON_H /* avoid poison since we patch against rules it "enforces" */
 #include "qemu/osdep.h"
 #include "qemu/cutils.h"
 #include "monitor/monitor.h"

chardev/chardev-internal.h

@@ -36,6 +36,9 @@ struct MuxChardev {
     Chardev parent;
     CharBackend *backends[MAX_MUX];
     CharBackend chr;
+#if defined(TARGET_S390X)
+    QEMUTimer *accept_timer;
+#endif
     int focus;
     int mux_cnt;
     int term_got_escape;

configure

@@ -4413,7 +4413,7 @@ fi
 
 # Only build s390-ccw bios if we're on s390x and the compiler has -march=z900
 # or -march=z10 (which is the lowest architecture level that Clang supports)
-if test "$cpu" = "s390x" ; then
+if test "$cpu" = "s390x" && test "$softmmu" = yes ; then
   write_c_skeleton
   compile_prog "-march=z900" ""
   has_z900=$?
@@ -4587,7 +4587,7 @@ echo "TARGET_DIRS=$target_list" >> $config_host_mak
 if test "$modules" = "yes"; then
   # $shacmd can generate a hash started with digit, which the compiler doesn't
   # like as an symbol. So prefix it with an underscore
-  echo "CONFIG_STAMP=_$( (echo $qemu_version; echo $pkgversion; cat $0) | $shacmd - | cut -f1 -d\ )" >> $config_host_mak
+  echo "CONFIG_STAMP=_$( (echo $qemu_version; cat $0) | $shacmd - | cut -f1 -d\ )" >> $config_host_mak
   echo "CONFIG_MODULES=y" >> $config_host_mak
 fi
 if test "$module_upgrades" = "yes"; then

contrib/ivshmem-client/meson.build

@@ -1,4 +1,4 @@
 executable('ivshmem-client', files('ivshmem-client.c', 'main.c'),
            dependencies: glib,
            build_by_default: targetos == 'linux',
-           install: false)
+           install: true)

contrib/ivshmem-server/meson.build

@@ -1,4 +1,4 @@
 executable('ivshmem-server', files('ivshmem-server.c', 'main.c'),
            dependencies: [qemuutil, rt],
            build_by_default: targetos == 'linux',
-           install: false)
+           install: true)

docs/index.rst

@@ -10,6 +10,7 @@ Welcome to QEMU's documentation!
    :maxdepth: 2
    :caption: Contents:
 
+   supported.rst
    about/index
    system/index
    user/index

hw/acpi/piix4.c

@@ -278,7 +278,7 @@ static bool piix4_vmstate_need_smbus(void *opaque, int version_id)
 static const VMStateDescription vmstate_acpi = {
     .name = "piix4_pm",
     .version_id = 3,
-    .minimum_version_id = 3,
+    .minimum_version_id = 2, /* qemu-kvm */
     .post_load = vmstate_acpi_post_load,
     .fields = (VMStateField[]) {
         VMSTATE_PCI_DEVICE(parent_obj, PIIX4PMState),

hw/block/xen-block.c

@@ -271,6 +271,9 @@ static void xen_block_realize(XenDevice *xendev, Error **errp)
 
     xen_block_set_size(blockdev);
 
+    if (!monitor_add_blk(conf->blk, blockdev->drive->id, errp)) {
+        return;
+    }
     blockdev->dataplane =
         xen_block_dataplane_create(xendev, blk, conf->logical_block_size,
                                    blockdev->props.iothread);
@@ -723,6 +726,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
     const char *mode = qdict_get_try_str(opts, "mode");
     const char *direct_io_safe = qdict_get_try_str(opts, "direct-io-safe");
     const char *discard_enable = qdict_get_try_str(opts, "discard-enable");
+    const char *suse_diskcache_disable_flush = qdict_get_try_str(opts,
+                                               "suse-diskcache-disable-flush");
     char *driver = NULL;
     char *filename = NULL;
     XenBlockDrive *drive = NULL;
@@ -803,6 +808,16 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
         }
     }
 
+    if (suse_diskcache_disable_flush) {
+        unsigned long value;
+        if (!qemu_strtoul(suse_diskcache_disable_flush, NULL, 2, &value) && !!value) {
+            QDict *cache_qdict = qdict_new();
+
+            qdict_put_bool(cache_qdict, "no-flush", true);
+            qdict_put_obj(file_layer, "cache", QOBJECT(cache_qdict));
+        }
+    }
+
     /*
      * It is necessary to turn file locking off as an emulated device
      * may have already opened the same image file.

hw/intc/exynos4210_gic.c

@@ -291,8 +291,8 @@ static void exynos4210_gic_realize(DeviceState *dev, Error **errp)
     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
     const char cpu_prefix[] = "exynos4210-gic-alias_cpu";
     const char dist_prefix[] = "exynos4210-gic-alias_dist";
-    char cpu_alias_name[sizeof(cpu_prefix) + 3];
-    char dist_alias_name[sizeof(cpu_prefix) + 3];
+    char cpu_alias_name[sizeof(cpu_prefix) + 7];
+    char dist_alias_name[sizeof(cpu_prefix) + 8];
     SysBusDevice *gicbusdev;
     uint32_t n = s->num_cpu;
     uint32_t i;

hw/net/vmxnet3.c

@@ -1441,6 +1441,7 @@ static void vmxnet3_activate_device(VMXNET3State *s)
     vmxnet3_setup_rx_filtering(s);
     /* Cache fields from shared memory */
     s->mtu = VMXNET3_READ_DRV_SHARED32(d, s->drv_shmem, devRead.misc.mtu);
+    assert(VMXNET3_MIN_MTU <= s->mtu && s->mtu < VMXNET3_MAX_MTU);
     VMW_CFPRN("MTU is %u", s->mtu);
 
     s->max_rx_frags =
@@ -1486,6 +1487,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
         /* Read rings memory locations for TX queues */
         pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.txRingBasePA);
         size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.txRingSize);
+        if (size > VMXNET3_TX_RING_MAX_SIZE) {
+            size = VMXNET3_TX_RING_MAX_SIZE;
+        }
 
         vmxnet3_ring_init(d, &s->txq_descr[i].tx_ring, pa, size,
                           sizeof(struct Vmxnet3_TxDesc), false);
@@ -1496,6 +1500,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
         /* TXC ring */
         pa = VMXNET3_READ_TX_QUEUE_DESCR64(d, qdescr_pa, conf.compRingBasePA);
         size = VMXNET3_READ_TX_QUEUE_DESCR32(d, qdescr_pa, conf.compRingSize);
+        if (size > VMXNET3_TC_RING_MAX_SIZE) {
+            size = VMXNET3_TC_RING_MAX_SIZE;
+        }
         vmxnet3_ring_init(d, &s->txq_descr[i].comp_ring, pa, size,
                           sizeof(struct Vmxnet3_TxCompDesc), true);
         VMXNET3_RING_DUMP(VMW_CFPRN, "TXC", i, &s->txq_descr[i].comp_ring);
@@ -1537,6 +1544,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
             /* RX rings */
             pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.rxRingBasePA[j]);
             size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.rxRingSize[j]);
+            if (size > VMXNET3_RX_RING_MAX_SIZE) {
+                size = VMXNET3_RX_RING_MAX_SIZE;
+            }
             vmxnet3_ring_init(d, &s->rxq_descr[i].rx_ring[j], pa, size,
                               sizeof(struct Vmxnet3_RxDesc), false);
             VMW_CFPRN("RX queue %d:%d: Base: %" PRIx64 ", Size: %d",
@@ -1546,6 +1556,9 @@ static void vmxnet3_activate_device(VMXNET3State *s)
         /* RXC ring */
         pa = VMXNET3_READ_RX_QUEUE_DESCR64(d, qd_pa, conf.compRingBasePA);
         size = VMXNET3_READ_RX_QUEUE_DESCR32(d, qd_pa, conf.compRingSize);
+        if (size > VMXNET3_RC_RING_MAX_SIZE) {
+            size = VMXNET3_RC_RING_MAX_SIZE;
+        }
         vmxnet3_ring_init(d, &s->rxq_descr[i].comp_ring, pa, size,
                           sizeof(struct Vmxnet3_RxCompDesc), true);
         VMW_CFPRN("RXC queue %d: Base: %" PRIx64 ", Size: %d", i, pa, size);

hw/smbios/smbios.c

@@ -1138,6 +1138,7 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
         struct smbios_structure_header *header;
         int size;
         struct smbios_table *table; /* legacy mode only */
+        uint8_t *dbl_nulls, *orig_end;
 
         if (!qemu_opts_validate(opts, qemu_smbios_file_opts, errp)) {
             return;
@@ -1150,11 +1151,21 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
         }
 
         /*
-         * NOTE: standard double '\0' terminator expected, per smbios spec.
-         * (except in legacy mode, where the second '\0' is implicit and
-         *  will be inserted by the BIOS).
+         * NOTE: standard double '\0' terminator expected, per smbios spec,
+         * unless the data is formatted for legacy mode, which is used by
+         * pc-i440fx-2.0 and earlier machine types. Legacy mode structures
+         * without strings have no '\0' terminators, and those with strings
+         * also don't have an additional '\0' terminator at the end of the
+         * final string '\0' terminator. The BIOS will add the '\0' terminators
+         * to comply with the smbios spec.
+         * For greater compatibility, regardless of the machine type used,
+         * either format is accepted.
          */
-        smbios_tables = g_realloc(smbios_tables, smbios_tables_len + size);
+        smbios_tables = g_realloc(smbios_tables, smbios_tables_len + size + 2);
+        orig_end = smbios_tables + smbios_tables_len + size;
+        /* add extra null bytes to end in case of legacy file data */
+        *orig_end = '\0';
+        *(orig_end + 1) = '\0';
         header = (struct smbios_structure_header *)(smbios_tables +
                                                     smbios_tables_len);
 
@@ -1169,6 +1180,19 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
                        header->type);
             return;
         }
+        for (dbl_nulls = smbios_tables + smbios_tables_len + header->length;
+             dbl_nulls + 2 <= orig_end; dbl_nulls++) {
+            if (*dbl_nulls == '\0' && *(dbl_nulls + 1) == '\0') {
+                break;
+            }
+        }
+        if (dbl_nulls + 2  < orig_end) {
+            error_setg(errp, "SMBIOS file data malformed");
+            return;
+        }
+        /* increase size by how many extra nulls were actually needed */
+        size += dbl_nulls + 2 - orig_end;
+        smbios_tables = g_realloc(smbios_tables, smbios_tables_len + size);
         set_bit(header->type, have_binfile_bitmap);
 
         if (header->type == 4) {
@@ -1189,6 +1213,17 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
          *       delete the one we don't need from smbios_set_defaults(),
          *       once we know which machine version has been requested.
          */
+        if (dbl_nulls + 2 == orig_end) {
+            /* chop off nulls to get legacy format */
+            if (header->length + 2 == size) {
+                size -= 2;
+            } else {
+                size -= 1;
+            }
+        } else {
+            /* undo conversion from legacy format to per-spec format */
+            size -= dbl_nulls + 2 - orig_end;
+        }
         if (!smbios_entries) {
             smbios_entries_len = sizeof(uint16_t);
             smbios_entries = g_malloc0(smbios_entries_len);

hw/timer/i8254_common.c

@@ -224,6 +224,12 @@ static int pit_dispatch_post_load(void *opaque, int version_id)
     return 0;
 }
 
+static bool is_qemu_kvm(void *opaque, int version_id)
+{
+    /* HACK: We ignore incoming migration from upstream qemu */
+    return version_id < 3;
+}
+
 static const VMStateDescription vmstate_pit_common = {
     .name = "i8254",
     .version_id = 3,
@@ -231,6 +237,7 @@ static const VMStateDescription vmstate_pit_common = {
     .pre_save = pit_dispatch_pre_save,
     .post_load = pit_dispatch_post_load,
     .fields = (VMStateField[]) {
+        VMSTATE_UNUSED_TEST(is_qemu_kvm, 4),
         VMSTATE_UINT32_V(channels[0].irq_disabled, PITCommonState, 3),
         VMSTATE_STRUCT_ARRAY(channels, PITCommonState, 3, 2,
                              vmstate_pit_channel, PITChannelState),

hw/usb/hcd-xhci.c

@@ -3310,7 +3310,7 @@ static void usb_xhci_init(XHCIState *xhci)
                 USB_SPEED_MASK_FULL |
                 USB_SPEED_MASK_HIGH;
             assert(i < XHCI_MAXPORTS);
-            snprintf(port->name, sizeof(port->name), "usb2 port #%d", i+1);
+            snprintf(port->name, sizeof(port->name), "usb2 port #%d", i+1 < XHCI_MAXPORTS ? i+1 : 0);
             speedmask |= port->speedmask;
         }
         if (i < xhci->numports_3) {
@@ -3324,7 +3324,7 @@ static void usb_xhci_init(XHCIState *xhci)
             port->uport = &xhci->uports[i];
             port->speedmask = USB_SPEED_MASK_SUPER;
             assert(i < XHCI_MAXPORTS);
-            snprintf(port->name, sizeof(port->name), "usb3 port #%d", i+1);
+            snprintf(port->name, sizeof(port->name), "usb3 port #%d", i+1 < XHCI_MAXPORTS ? i+1 : 0);
             speedmask |= port->speedmask;
         }
         usb_register_port(&xhci->bus, &xhci->uports[i], xhci, i,

include/qemu/qht.h

@@ -104,7 +104,7 @@ bool qht_insert(struct qht *ht, void *p, uint32_t hash, void **existing);
  * Returns the corresponding pointer when a match is found.
  * Returns NULL otherwise.
  */
-void *qht_lookup_custom(const struct qht *ht, const void *userp, uint32_t hash,
+void *qht_lookup_custom(struct qht *ht, const void *userp, uint32_t hash,
                         qht_lookup_func_t func);
 
 /**
@@ -115,7 +115,7 @@ void *qht_lookup_custom(const struct qht *ht, const void *userp, uint32_t hash,
  *
  * Calls qht_lookup_custom() using @ht's default comparison function.
  */
-void *qht_lookup(const struct qht *ht, const void *userp, uint32_t hash);
+void *qht_lookup(struct qht *ht, const void *userp, uint32_t hash);
 
 /**
  * qht_remove - remove a pointer from the hash table
@@ -211,7 +211,7 @@ void qht_iter_remove(struct qht *ht, qht_iter_bool_func_t func, void *userp);
  * When done with @stats, pass the struct to qht_statistics_destroy().
  * Failing to do this will leak memory.
  */
-void qht_statistics_init(const struct qht *ht, struct qht_stats *stats);
+void qht_statistics_init(struct qht *ht, struct qht_stats *stats);
 
 /**
  * qht_statistics_destroy - Destroy a &struct qht_stats

linux-user/binfmt.c

@@ -0,0 +1,68 @@
+#include <stdio.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <libgen.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifdef __x86_64__
+#define ARCH_NAME "x86_64"
+#endif
+
+int main(int argc, char **argv, char **envp)
+{
+    char *binfmt;
+    char **new_argv;
+
+    /*
+     * Check if our file name ends with -binfmt
+     */
+    binfmt = argv[0] + strlen(argv[0]) - strlen("-binfmt");
+    if (strcmp(binfmt, "-binfmt")) {
+        fprintf(stderr, "%s: Invalid executable name\n", argv[0]);
+        exit(1);
+    }
+    if (argc < 3) {
+        fprintf(stderr, "%s: Please use me through binfmt with P flag\n",
+                argv[0]);
+        exit(1);
+    }
+
+    binfmt[0] = '\0';
+    /* Now argv[0] is the real qemu binary name */
+
+#ifdef ARCH_NAME
+    {
+        char *hostbin;
+        char *guestarch;
+        int r;
+
+        guestarch = strrchr(argv[0], '-') ;
+        if (!guestarch) {
+            goto skip;
+        }
+        guestarch++;
+        r = asprintf(&hostbin, "/emul/" ARCH_NAME "-for-%s/%s", guestarch, argv[1]);
+        if ((r > 0) && !access(hostbin, X_OK)) {
+            /*
+             * We found a host binary replacement for the non-host binary. Let's
+             * use that instead!
+             */
+            return execve(hostbin, &argv[2], envp);
+        }
+    }
+skip:
+#endif
+
+    new_argv = (char **)malloc((argc + 2) * sizeof(*new_argv));
+    if (argc > 3) {
+        memcpy(&new_argv[4], &argv[3], (argc - 3) * sizeof(*new_argv));
+    }
+    new_argv[0] = argv[0];
+    new_argv[1] = (char *)"-0";
+    new_argv[2] = argv[2];
+    new_argv[3] = argv[1];
+    new_argv[argc + 1] = NULL;
+
+    return execve(new_argv[0], new_argv, envp);
+}

linux-user/qemu.h

@@ -231,10 +231,10 @@ abi_long memcpy_to_target(abi_ulong dest, const void *src,
 void target_set_brk(abi_ulong new_brk);
 abi_long do_brk(abi_ulong new_brk);
 void syscall_init(void);
-abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
-                    abi_long arg2, abi_long arg3, abi_long arg4,
-                    abi_long arg5, abi_long arg6, abi_long arg7,
-                    abi_long arg8);
+abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
+                    abi_ulong arg2, abi_ulong arg3, abi_ulong arg4,
+                    abi_ulong arg5, abi_ulong arg6, abi_ulong arg7,
+                    abi_ulong arg8);
 extern __thread CPUState *thread_cpu;
 void cpu_loop(CPUArchState *env);
 const char *target_strerror(int err);

linux-user/signal.c

@@ -677,6 +677,10 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig)
     trace_user_force_sig(env, target_sig, host_sig);
     gdb_signalled(env, target_sig);
 
+    if (target_sig == 6) {
+        goto no_core;
+    }
+
     /* dump core if supported by target binary format */
     if (core_dump_signal(target_sig) && (ts->bprm->core_dump != NULL)) {
         stop_all_tasks();
@@ -694,6 +698,8 @@ static void QEMU_NORETURN dump_core_and_abort(int target_sig)
             target_sig, strsignal(host_sig), "core dumped" );
     }
 
+no_core:
+
     /* The proper exit code for dying from an uncaught signal is
      * -<signal>.  The kernel doesn't allow exit() or _exit() to pass
      * a negative value.  To get the proper exit code we need to

linux-user/syscall.c

@@ -5688,8 +5688,21 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
     ie = ioctl_entries;
     for(;;) {
         if (ie->target_cmd == 0) {
+            int i;
             qemu_log_mask(
-                LOG_UNIMP, "Unsupported ioctl: cmd=0x%04lx\n", (long)cmd);
+                LOG_UNIMP, "Unsupported ioctl: cmd=0x%04lx (%x)\n", (unsigned long)cmd,
+                     (unsigned int)(cmd & (TARGET_IOC_SIZEMASK << TARGET_IOC_SIZESHIFT))
+                      >> TARGET_IOC_SIZESHIFT);
+            for (i = 0; ioctl_entries[i].target_cmd; i++) {
+                if ((ioctl_entries[i].target_cmd & ~(TARGET_IOC_SIZEMASK
+                    << TARGET_IOC_SIZESHIFT)) == (cmd & ~(TARGET_IOC_SIZEMASK <<
+                    TARGET_IOC_SIZESHIFT)))
+                    qemu_log_mask(
+                        LOG_UNIMP, "%p\t->\t%s (%x)\n", (void *)(unsigned long)
+                             ioctl_entries[i].host_cmd, ioctl_entries[i].name,
+                             (ioctl_entries[i].target_cmd & (TARGET_IOC_SIZEMASK
+                             << TARGET_IOC_SIZESHIFT)) >> TARGET_IOC_SIZESHIFT);
+            }
             return -TARGET_ENOSYS;
         }
         if (ie->target_cmd == cmd)
@@ -5720,6 +5733,13 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
         arg_type++;
         target_size = thunk_type_size(arg_type, 0);
         switch(ie->access) {
+        /*
+         *  FIXME: actually the direction given in the ioctl should be
+         * correct so we can assume the communication is uni-directional.
+         * The alsa developers did not like this concept though and
+         * declared ioctls IOC_R and IOC_W even though they were IOC_RW.
+         */
+/*
         case IOC_R:
             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
             if (!is_error(ret)) {
@@ -5738,6 +5758,7 @@ static abi_long do_ioctl(int fd, int cmd, abi_long arg)
             unlock_user(argptr, arg, 0);
             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
             break;
+*/
         default:
         case IOC_RW:
             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
@@ -7839,6 +7860,27 @@ static int open_self_stat(void *cpu_env, int fd)
     return 0;
 }
 
+#if defined(TARGET_ARM)
+static int open_cpuinfo(void *cpu_env, int fd)
+{
+    dprintf(fd,
+"Processor       : ARMv7 Processor rev 5 (v7l)\n"
+"BogoMIPS        : 799.53\n"
+"Features        : swp half thumb fastmult vfp edsp thumbee neon vfpv3\n"
+"CPU implementer : 0x41\n"
+"CPU architecture: 7\n"
+"CPU variant     : 0x2\n"
+"CPU part        : 0xc08\n"
+"CPU revision    : 5\n"
+"\n"
+"Hardware        : Genesi Efika MX (Smarttop)\n"
+"Revision        : 51030\n"
+"Serial          : 0000000000000000\n");
+
+    return 0;
+}
+#endif
+
 static int open_self_auxv(void *cpu_env, int fd)
 {
     CPUState *cpu = env_cpu((CPUArchState *)cpu_env);
@@ -7993,6 +8035,9 @@ static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags,
 #if defined(TARGET_SPARC) || defined(TARGET_HPPA)
         { "/proc/cpuinfo", open_cpuinfo, is_proc },
 #endif
+#if defined(TARGET_ARM)
+        { "cpuinfo", open_cpuinfo, is_proc_myself },
+#endif
 #if defined(TARGET_M68K)
         { "/proc/hardware", open_hardware, is_proc },
 #endif
@@ -8137,10 +8182,10 @@ _syscall2(int, pivot_root, const char *, new_root, const char *, put_old)
  * of syscall results, can be performed.
  * All errnos that do_syscall() returns must be -TARGET_<errcode>.
  */
-static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
-                            abi_long arg2, abi_long arg3, abi_long arg4,
-                            abi_long arg5, abi_long arg6, abi_long arg7,
-                            abi_long arg8)
+static abi_long do_syscall1(void *cpu_env, int num, abi_ulong arg1,
+                            abi_ulong arg2, abi_ulong arg3, abi_ulong arg4,
+                            abi_ulong arg5, abi_ulong arg6, abi_ulong arg7,
+                            abi_ulong arg8)
 {
     CPUState *cpu = env_cpu(cpu_env);
     abi_long ret;
@@ -8492,8 +8537,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
         return ret;
 #endif
 #ifdef TARGET_NR_lseek
-    case TARGET_NR_lseek:
-        return get_errno(lseek(arg1, arg2, arg3));
+    case TARGET_NR_lseek: {
+        off_t off = arg2;
+        if (arg3 != SEEK_SET) {
+            off = (abi_long)arg2;
+        }
+        return get_errno(lseek(arg1, off, arg3));
+    }
 #endif
 #if defined(TARGET_NR_getxpid) && defined(TARGET_ALPHA)
     /* Alpha specific */
@@ -9363,6 +9413,9 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
         {
             struct timeval tv;
             struct timezone tz;
+            if (copy_from_user_timeval(&tv, arg1)) {
+                return -TARGET_EFAULT;
+            }
 
             ret = get_errno(gettimeofday(&tv, &tz));
             if (!is_error(ret)) {
@@ -10746,7 +10799,7 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
              */
             ret = -TARGET_EINVAL;
             if (cpu_isar_feature(aa64_sve, env_archcpu(cpu_env))
-                && arg2 >= 0 && arg2 <= 512 * 16 && !(arg2 & 15)) {
+                && arg2 <= 512 * 16 && !(arg2 & 15)) {
                 CPUARMState *env = cpu_env;
                 ARMCPU *cpu = env_archcpu(env);
                 uint32_t vq, old_vq;
@@ -13115,10 +13168,10 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
     return ret;
 }
 
-abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
-                    abi_long arg2, abi_long arg3, abi_long arg4,
-                    abi_long arg5, abi_long arg6, abi_long arg7,
-                    abi_long arg8)
+abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
+                    abi_ulong arg2, abi_ulong arg3, abi_ulong arg4,
+                    abi_ulong arg5, abi_ulong arg6, abi_ulong arg7,
+                    abi_ulong arg8)
 {
     CPUState *cpu = env_cpu(cpu_env);
     abi_long ret;

meson.build

@@ -2717,6 +2717,11 @@ endforeach
 
 # Other build targets
 
+if 'CONFIG_LINUX_USER' in config_target
+    executable('qemu-binfmt', files('linux-user/binfmt.c'),
+               install: true)
+endif
+
 if 'CONFIG_PLUGIN' in config_host
   install_headers('include/qemu/qemu-plugin.h')
 endif

migration/savevm.c

@@ -2941,7 +2941,7 @@ void qmp_xen_save_devices_state(const char *filename, bool has_live, bool live,
          * So call bdrv_inactivate_all (release locks) here to let the other
          * side of the migration take control of the images.
          */
-        if (live && !saved_vm_running) {
+        if (!saved_vm_running) {
             ret = bdrv_inactivate_all();
             if (ret) {
                 error_setg(errp, "%s: bdrv_inactivate_all() failed (%d)",

pc-bios/s390-ccw/netboot.mak

@@ -54,6 +54,7 @@ LIBNETOBJS := args.o dhcp.o dns.o icmpv6.o ipv6.o tcp.o udp.o bootp.o \
 	      dhcpv6.o ethernet.o ipv4.o ndp.o tftp.o pxelinux.o
 LIBNETCFLAGS = $(QEMU_CFLAGS) $(CFLAGS) $(LIBC_INC) $(LIBNET_INC) \
 	       -DDHCPARCH=0x1F -MMD -MP -MT $@ -MF $(@:%.o=%.d)
+LIBNETCFLAGS +=  -Wno-address-of-packed-member
 
 %.o : $(SLOF_DIR)/lib/libnet/%.c
 	$(call quiet-command,$(CC) $(LIBNETCFLAGS) -c -o $@ $<,"CC","$(TARGET_DIR)$@")

qemu-bridge-helper.c

@@ -124,7 +124,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
         }
 
         if (strcmp(cmd, "deny") == 0) {
-            acl_rule = g_malloc(sizeof(*acl_rule));
+            acl_rule = calloc(1, sizeof(*acl_rule));
+            if (!acl_rule) {
+                fclose(f);
+                errno = ENOMEM;
+                return -1;
+            }
             if (strcmp(arg, "all") == 0) {
                 acl_rule->type = ACL_DENY_ALL;
             } else {
@@ -133,7 +138,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
             }
             QSIMPLEQ_INSERT_TAIL(acl_list, acl_rule, entry);
         } else if (strcmp(cmd, "allow") == 0) {
-            acl_rule = g_malloc(sizeof(*acl_rule));
+            acl_rule = calloc(1, sizeof(*acl_rule));
+            if (!acl_rule) {
+                fclose(f);
+                errno = ENOMEM;
+                return -1;
+            }
             if (strcmp(arg, "all") == 0) {
                 acl_rule->type = ACL_ALLOW_ALL;
             } else {
@@ -438,6 +448,18 @@ int main(int argc, char **argv)
         goto cleanup;
     }
 
+#ifndef CONFIG_LIBCAP
+    /*
+     * avoid sending the fd as root user if running suid to not fool
+     * peer credentials to daemons that dont expect that
+     */
+    if (setuid(getuid()) < 0) {
+        fprintf(stderr, "Failed to drop privileges.\n");
+        ret = EXIT_FAILURE;
+        goto cleanup;
+    }
+#endif
+
     /* write fd to the domain socket */
     if (send_fd(unixfd, fd) == -1) {
         fprintf(stderr, "failed to write fd to unix socket: %s\n",
@@ -459,7 +481,7 @@ cleanup:
     }
     while ((acl_rule = QSIMPLEQ_FIRST(&acl_list)) != NULL) {
         QSIMPLEQ_REMOVE_HEAD(&acl_list, entry);
-        g_free(acl_rule);
+        free(acl_rule);
     }
 
     return ret;

qom/object.c

@@ -237,6 +237,12 @@ static bool type_is_ancestor(TypeImpl *type, TypeImpl *target_type)
             return true;
         }
 
+
+        if (type->parent && !strcmp(type->parent, "chardev-spiceport")) {
+            if (!type->parent_type && !type_get_by_name(type->parent)) {
+                return false;
+            }
+        }
         type = type_get_parent(type);
     }
 

roms/Makefile

@@ -52,6 +52,12 @@ SEABIOS_EXTRAVERSION="-prebuilt.qemu.org"
 #
 EDK2_EFIROM = edk2/BaseTools/Source/C/bin/EfiRom
 
+# NB: Certain SUSE qemu subpackages use date information, but we want
+#  reproducible builds, so we use a pre-determined timestamp, rather
+#  than the current timestamp to acheive consistent results build to
+#  build.
+PACKAGING_TIMESTAMP = $(shell date -r ../VERSION +%s)
+
 default help:
 	@echo "nothing is build by default"
 	@echo "available build targets:"
@@ -104,7 +110,7 @@ build-seabios-config-%: config.%
 
 .PHONY: sgabios skiboot qboot
 sgabios:
-	$(MAKE) -C sgabios
+	$(MAKE) -C sgabios PACKAGING_TIMESTAMP=$(PACKAGING_TIMESTAMP)
 	cp sgabios/sgabios.bin ../pc-bios
 
 
@@ -123,11 +129,13 @@ efi-rom-%: build-pxe-roms build-efi-roms edk2-basetools
 
 build-pxe-roms:
 	$(MAKE) -C ipxe/src CONFIG=qemu \
+		PACKAGING_TIMESTAMP=$(PACKAGING_TIMESTAMP) \
 		CROSS_COMPILE=$(x86_64_cross_prefix) \
 		$(patsubst %,bin/%.rom,$(pxerom_targets))
 
 build-efi-roms: build-pxe-roms
 	$(MAKE) -C ipxe/src CONFIG=qemu \
+		PACKAGING_TIMESTAMP=$(PACKAGING_TIMESTAMP) \
 		CROSS_COMPILE=$(x86_64_cross_prefix) \
 		$(patsubst %,bin-x86_64-efi/%.efidrv,$(pxerom_targets))
 
@@ -143,14 +151,15 @@ build-efi-roms: build-pxe-roms
 #    efirom
 #
 edk2-basetools:
-	cd edk2/BaseTools && git submodule update --init --force
 	$(MAKE) -C edk2/BaseTools \
 		PYTHON_COMMAND=$${EDK2_PYTHON_COMMAND:-python3} \
 		EXTRA_OPTFLAGS='$(EDK2_BASETOOLS_OPTFLAGS)' \
 		EXTRA_LDFLAGS='$(EDK2_BASETOOLS_LDFLAGS)'
 
 slof:
-	$(MAKE) -C SLOF CROSS=$(powerpc64_cross_prefix) qemu
+	$(MAKE) -C SLOF CROSS=$(powerpc64_cross_prefix) \
+		PACKAGING_TIMESTAMP=$(PACKAGING_TIMESTAMP) \
+		qemu
 	cp SLOF/boot_rom.bin ../pc-bios/slof.bin
 
 u-boot.e500:
@@ -190,7 +199,7 @@ MESON = meson
 NINJA = ninja
 qboot:
 	mkdir -p qboot/build
-	$(MESON) setup $(if $(wildcard qboot/build/meson-private),--wipe,) qboot qboot/build
+	$(MESON) setup --cross-file qboot/cross.ini $(if $(wildcard qboot/build/meson-private),--wipe,) qboot qboot/build
 	$(NINJA) -C qboot/build
 	cp qboot/build/bios.bin ../pc-bios/qboot.rom
 

roms/edk2-funcs.sh

@@ -116,7 +116,15 @@ qemu_edk2_get_cross_prefix()
     # force soft-float cross-compiler on Debian
     printf 'arm-linux-gnueabi-'
   else
-    printf '%s-linux-gnu-\n' "$gcc_arch"
+    if [ "$emulation_target" == arm ]; then
+      printf '%s-suse-linux-gnueabi-\n' "$gcc_arch"
+    else
+      if [ "$gcc_arch" == i686 ]; then
+        printf '%s-suse-linux-\n' "i586"
+      else
+        printf '%s-suse-linux-\n' "$gcc_arch"
+      fi
+    fi
   fi
 }
 

scripts/analyze-migration.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 #
 #  Migration Stream Analyzer
 #

scripts/qemu-binfmt-conf.sh

@@ -185,6 +185,7 @@ Usage: qemu-binfmt-conf.sh [--qemu-path PATH][--debian][--systemd CPU]
        --help:          display this usage
        --qemu-path:     set path to qemu interpreter ($QEMU_PATH)
        --qemu-suffix:   add a suffix to the default interpreter name
+                        (default: "-binfmt")
        --debian:        don't write into /proc,
                         instead generate update-binfmts templates
        --systemd:       don't write into /proc,
@@ -275,7 +276,7 @@ qemu_generate_register() {
         flags="${flags}P"
     fi
 
-    echo ":qemu-$cpu:M::$magic:$mask:$qemu:$flags"
+    echo ":qemu-$cpu:M::$magic:$mask:$qemu:P$flags"
 }
 
 qemu_register_interpreter() {
@@ -334,11 +335,11 @@ BINFMT_SET=qemu_register_interpreter
 SYSTEMDDIR="/etc/binfmt.d"
 DEBIANDIR="/usr/share/binfmts"
 
-QEMU_PATH=/usr/local/bin
+QEMU_PATH=/usr/bin
 CREDENTIAL=no
 PERSISTENT=no
 PRESERVE_ARG0=no
-QEMU_SUFFIX=""
+QEMU_SUFFIX="-binfmt"
 
 options=$(getopt -o ds:Q:S:e:hc:p:g: -l debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent:,preserve-argv0: -- "$@")
 eval set -- "$options"

scripts/vmstate-static-checker.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/python3
 #
 # Compares vmstate information stored in JSON format, obtained from
 # the -dump-vmstate QEMU command.

softmmu/physmem.c

@@ -2059,11 +2059,13 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
         return NULL;
     }
 
+#ifndef TARGET_PPC
     if (kvm_enabled() && !kvm_has_sync_mmu()) {
         error_setg(errp,
                    "host lacks kvm mmu notifiers, -mem-path unsupported");
         return NULL;
     }
+#endif
 
     size = HOST_PAGE_ALIGN(size);
     file_size = get_file_size(fd);

softmmu/vl.c

@@ -40,6 +40,7 @@
 #include "sysemu/reset.h"
 #include "sysemu/runstate.h"
 #include "sysemu/runstate-action.h"
+#include <sys/resource.h>
 #include "sysemu/seccomp.h"
 #include "sysemu/tcg.h"
 #include "sysemu/xen.h"
@@ -2729,6 +2730,17 @@ void qemu_init(int argc, char **argv, char **envp)
     MachineClass *machine_class;
     bool userconfig = true;
     FILE *vmstate_dump_file = NULL;
+    struct rlimit rlimit_as;
+
+    /*
+     * Try to raise the soft address space limit.
+     * Default on SLES 11 SP2 is 80% of physical+swap memory.
+     */
+    getrlimit(RLIMIT_AS, &rlimit_as);
+    if (rlimit_as.rlim_cur < rlimit_as.rlim_max) {
+        rlimit_as.rlim_cur = rlimit_as.rlim_max;
+        setrlimit(RLIMIT_AS, &rlimit_as);
+    }
 
     qemu_add_opts(&qemu_drive_opts);
     qemu_add_drive_opts(&qemu_legacy_drive_opts);

target/i386/tcg/helper-tcg.h

@@ -26,7 +26,7 @@
 #define TARGET_MAX_INSN_SIZE 16
 
 #if defined(TARGET_X86_64)
-# define TCG_PHYS_ADDR_BITS 40
+# define TCG_PHYS_ADDR_BITS 42
 #else
 # define TCG_PHYS_ADDR_BITS 36
 #endif

tests/qemu-iotests/130

@@ -64,7 +64,8 @@ echo
 _launch_qemu -drive id=testdisk,file="$TEST_IMG",backing.file.filename="$TEST_IMG.base"
 _send_qemu_cmd $QEMU_HANDLE "commit testdisk" "(qemu)"
 _send_qemu_cmd $QEMU_HANDLE '' '(qemu)'
-_cleanup_qemu
+_send_qemu_cmd $QEMU_HANDLE 'quit' ''
+wait=1 _cleanup_qemu
 _img_info | _filter_img_info
 
 # Make sure that if there was a backing file that was just overridden on the
@@ -73,7 +74,8 @@ _make_test_img -F raw -b "$TEST_IMG.orig" 64M
 _launch_qemu -drive id=testdisk,file="$TEST_IMG",backing.file.filename="$TEST_IMG.base",backing.driver=$IMGFMT
 _send_qemu_cmd $QEMU_HANDLE "commit testdisk" "(qemu)"
 _send_qemu_cmd $QEMU_HANDLE '' '(qemu)'
-_cleanup_qemu
+_send_qemu_cmd $QEMU_HANDLE 'quit' ''
+wait=1 _cleanup_qemu
 _img_info | _filter_img_info
 
 echo

tests/qemu-iotests/130.out

@@ -11,6 +11,7 @@ virtual size: 64 MiB (67108864 bytes)
 QEMU X.Y.Z monitor - type 'help' for more information
 (qemu) commit testdisk
 (qemu) 
+(qemu) quit
 image: TEST_DIR/t.IMGFMT
 file format: IMGFMT
 virtual size: 64 MiB (67108864 bytes)
@@ -18,6 +19,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 backing_file=TEST_DIR/t
 QEMU X.Y.Z monitor - type 'help' for more information
 (qemu) commit testdisk
 (qemu) 
+(qemu) quit
 image: TEST_DIR/t.IMGFMT
 file format: IMGFMT
 virtual size: 64 MiB (67108864 bytes)

tests/qemu-iotests/153

@@ -202,7 +202,8 @@ _send_qemu_cmd $QEMU_HANDLE \
     'return'
 _run_cmd $QEMU_IMG commit -b "${TEST_IMG}.b" "${TEST_IMG}.c"
 
-_cleanup_qemu
+_send_qemu_cmd $QEMU_HANDLE "{ 'execute': 'quit' }" ''
+wait=1 _cleanup_qemu
 
 _launch_qemu
 
@@ -254,7 +255,8 @@ _send_qemu_cmd $QEMU_HANDLE \
 
 _run_cmd $QEMU_IO "${TEST_IMG}" -c 'write 0 512'
 
-_cleanup_qemu
+_send_qemu_cmd $QEMU_HANDLE "{ 'execute': 'quit' }" ''
+wait=1 _cleanup_qemu
 
 echo
 echo "== Detecting -U and force-share conflicts =="

tests/qemu-iotests/153.out

@@ -424,6 +424,8 @@ Is another process using the image [TEST_DIR/t.qcow2]?
 _qemu_img_wrapper commit -b TEST_DIR/t.qcow2.b TEST_DIR/t.qcow2.c
 { 'execute': 'qmp_capabilities' }
 {"return": {}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}}
+{"return": {}}
 Adding drive
 { 'execute': 'human-monitor-command',
        'arguments': { 'command-line': 'drive_add 0 if=none,id=d0,file=TEST_DIR/t.IMGFMT' } }
@@ -463,6 +465,8 @@ Closing the other
 {"return": ""}
 
 _qemu_io_wrapper TEST_DIR/t.qcow2 -c write 0 512
+{"return": {}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": "SHUTDOWN", "data": {"guest": false, "reason": "host-qmp-quit"}}
 
 == Detecting -U and force-share conflicts ==
 

tests/qemu-iotests/162.out

@@ -1,7 +1,7 @@
 QA output created by 162
 
 === NBD ===
-qemu-img: Could not open 'json:{"driver": "nbd", "host": -1}': address resolution failed for -1:10809: Name or service not known
+qemu-img: Could not open 'json:{"driver": "nbd", "host": 42}': Failed to connect socket: Network is unreachable
 image: nbd://localhost:PORT
 image: nbd+unix://?socket=42
 

tests/qemu-iotests/common.config

@@ -24,6 +24,7 @@ PATH=".:$PATH"
 HOSTOS=$(uname -s)
 arch=$(uname -m)
 [[ "$arch" =~ "ppc64" ]] && qemu_arch=ppc64 || qemu_arch="$arch"
+[[ "$arch" = "i686" ]] && qemu_arch=i386
 
 # make sure we have a standard umask
 umask 022

tests/qemu-iotests/common.qemu

@@ -85,7 +85,7 @@ _timed_wait_for()
     timeout=yes
 
     QEMU_STATUS[$h]=0
-    while IFS= read -t ${QEMU_COMM_TIMEOUT} resp <&${QEMU_OUT[$h]}
+    while IFS= read -t $((${QEMU_COMM_TIMEOUT}*3)) resp <&${QEMU_OUT[$h]}
     do
         if [ -n "$capture_events" ]; then
             capture=0

tests/uefi-test-tools/Makefile

@@ -99,7 +99,6 @@ Build/bios-tables-test.%.efi: build-edk2-tools
 	+./build.sh $(edk2_dir) BiosTablesTest $* $@
 
 build-edk2-tools:
-	cd $(edk2_dir)/BaseTools && git submodule update --init --force
 	$(MAKE) -C $(edk2_dir)/BaseTools \
 		PYTHON_COMMAND=$${EDK2_PYTHON_COMMAND:-python3} \
 		EXTRA_OPTFLAGS='$(EDK2_BASETOOLS_OPTFLAGS)' \

tests/unit/test-char.c

@@ -1,3 +1,4 @@
+#define HW_POISON_H /* avoid poison since we patch against rules it "enforces" */
 #include "qemu/osdep.h"
 #include <glib/gstdio.h>
 

util/qht.c

@@ -485,10 +485,10 @@ bool qht_reset_size(struct qht *ht, size_t n_elems)
 }
 
 static inline
-void *qht_do_lookup(const struct qht_bucket *head, qht_lookup_func_t func,
+void *qht_do_lookup(struct qht_bucket *head, qht_lookup_func_t func,
                     const void *userp, uint32_t hash)
 {
-    const struct qht_bucket *b = head;
+    struct qht_bucket *b = head;
     int i;
 
     do {
@@ -512,7 +512,7 @@ void *qht_do_lookup(const struct qht_bucket *head, qht_lookup_func_t func,
 }
 
 static __attribute__((noinline))
-void *qht_lookup__slowpath(const struct qht_bucket *b, qht_lookup_func_t func,
+void *qht_lookup__slowpath(struct qht_bucket *b, qht_lookup_func_t func,
                            const void *userp, uint32_t hash)
 {
     unsigned int version;
@@ -525,10 +525,10 @@ void *qht_lookup__slowpath(const struct qht_bucket *b, qht_lookup_func_t func,
     return ret;
 }
 
-void *qht_lookup_custom(const struct qht *ht, const void *userp, uint32_t hash,
+void *qht_lookup_custom(struct qht *ht, const void *userp, uint32_t hash,
                         qht_lookup_func_t func)
 {
-    const struct qht_bucket *b;
+    struct qht_bucket *b;
     const struct qht_map *map;
     unsigned int version;
     void *ret;
@@ -548,7 +548,7 @@ void *qht_lookup_custom(const struct qht *ht, const void *userp, uint32_t hash,
     return qht_lookup__slowpath(b, func, userp, hash);
 }
 
-void *qht_lookup(const struct qht *ht, const void *userp, uint32_t hash)
+void *qht_lookup(struct qht *ht, const void *userp, uint32_t hash)
 {
     return qht_lookup_custom(ht, userp, hash, ht->cmp);
 }
@@ -901,9 +901,9 @@ bool qht_resize(struct qht *ht, size_t n_elems)
 }
 
 /* pass @stats to qht_statistics_destroy() when done */
-void qht_statistics_init(const struct qht *ht, struct qht_stats *stats)
+void qht_statistics_init(struct qht *ht, struct qht_stats *stats)
 {
-    const struct qht_map *map;
+    struct qht_map *map;
     int i;
 
     map = qatomic_rcu_read(&ht->map);
@@ -920,8 +920,8 @@ void qht_statistics_init(const struct qht *ht, struct qht_stats *stats)
     stats->head_buckets = map->n_buckets;
 
     for (i = 0; i < map->n_buckets; i++) {
-        const struct qht_bucket *head = &map->buckets[i];
-        const struct qht_bucket *b;
+        struct qht_bucket *head = &map->buckets[i];
+        struct qht_bucket *b;
         unsigned int version;
         size_t buckets;
         size_t entries;

util/thread-pool.c

@@ -306,7 +306,12 @@ static void thread_pool_init_one(ThreadPool *pool, AioContext *ctx)
     qemu_mutex_init(&pool->lock);
     qemu_cond_init(&pool->worker_stopped);
     qemu_sem_init(&pool->sem, 0);
-    pool->max_threads = 64;
+    if (sizeof(pool) == 4) {
+        /* 32bit systems run out of virtual memory quickly */
+        pool->max_threads = 4;
+    } else {
+        pool->max_threads = 64;
+    }
     pool->new_thread_bh = aio_bh_new(ctx, spawn_thread_bh_fn, pool);
 
     QLIST_INIT(&pool->head);