don't build edk2

Submodule: fix failing checkout of some edk2 submodules
Add upstream patch "UnitTestFrameworkPkg: Use TianoCore mirror of subhook submodule" to edk2, so the submodule can be cloned again. Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
2024-11-08 14:53:22 +01:00 · 2024-11-08 13:57:39 +01:00 · 2024-11-07 10:23:22 +01:00 · 2024-11-07 10:23:08 +01:00 · 2024-11-07 10:22:53 +01:00 · 2024-11-07 10:22:39 +01:00
2402 changed files with 79991 additions and 61070 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -2,8 +2,3 @@
 *.h.inc         diff=c
 *.m             diff=objc
 *.py            diff=python
-*.rs            diff=rust
-*.rs.inc        diff=rust
-Cargo.lock      diff=toml merge=binary
-
-*.patch         -text -whitespace
--- a/.gitlab-ci.d/buildtest-template.yml
+++ b/.gitlab-ci.d/buildtest-template.yml
@@ -8,11 +8,8 @@
    key: "$CI_JOB_NAME"
    when: always
  before_script:
-    - source scripts/ci/gitlab-ci-section
-    - section_start setup "Pre-script setup"
    - JOBS=$(expr $(nproc) + 1)
    - cat /packages.txt
-    - section_end setup
  script:
    - export CCACHE_BASEDIR="$(pwd)"
    - export CCACHE_DIR="$CCACHE_BASEDIR/ccache"
@@ -22,7 +19,6 @@
    - mkdir build
    - cd build
    - ccache --zero-stats
-    - section_start configure "Running configure"
    - ../configure --enable-werror --disable-docs --enable-fdt=system
          ${TARGETS:+--target-list="$TARGETS"}
          $CONFIGURE_ARGS ||
@@ -31,16 +27,11 @@
      then
        pyvenv/bin/meson configure . -Dbackend_max_links="$LD_JOBS" ;
      fi || exit 1;
-    - section_end configure
-    - section_start build "Building QEMU"
    - $MAKE -j"$JOBS"
-    - section_end build
-    - section_start test "Running tests"
    - if test -n "$MAKE_CHECK_ARGS";
      then
        $MAKE -j"$JOBS" $MAKE_CHECK_ARGS ;
      fi
-    - section_end test
    - ccache --show-stats

 # We jump some hoops in common_test_job_template to avoid
@@ -63,21 +54,12 @@
  stage: test
  image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:$QEMU_CI_CONTAINER_TAG
  script:
-    - source scripts/ci/gitlab-ci-section
-    - section_start buildenv "Setting up to run tests"
    - scripts/git-submodule.sh update roms/SLOF
-    - build/pyvenv/bin/meson subprojects download $(cd build/subprojects && echo *)
+    - meson subprojects download $(cd build/subprojects && echo *)
    - cd build
    - find . -type f -exec touch {} +
    # Avoid recompiling by hiding ninja with NINJA=":"
-    # We also have to pre-cache the functional tests manually in this case
-    - if [ "x${QEMU_TEST_CACHE_DIR}" != "x" ]; then
-        $MAKE precache-functional ;
-      fi
-    - section_end buildenv
-    - section_start test "Running tests"
    - $MAKE NINJA=":" $MAKE_CHECK_ARGS
-    - section_end test

 .native_test_job_template:
  extends: .common_test_job_template
@@ -90,13 +72,12 @@
    reports:
      junit: build/meson-logs/testlog.junit.xml

-.functional_test_job_template:
+.avocado_test_job_template:
  extends: .common_test_job_template
  cache:
    key: "${CI_JOB_NAME}-cache"
    paths:
      - ${CI_PROJECT_DIR}/avocado-cache
-      - ${CI_PROJECT_DIR}/functional-cache
    policy: pull-push
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
@@ -105,7 +86,6 @@
    paths:
      - build/tests/results/latest/results.xml
      - build/tests/results/latest/test-results
-      - build/tests/functional/*/*/*.log
    reports:
      junit: build/tests/results/latest/results.xml
  before_script:
@@ -116,13 +96,11 @@
    - echo -e '[job.output.testlogs]\nstatuses = ["FAIL", "INTERRUPT"]'
           >> ~/.config/avocado/avocado.conf
    - if [ -d ${CI_PROJECT_DIR}/avocado-cache ]; then
-        du -chs ${CI_PROJECT_DIR}/*-cache ;
+        du -chs ${CI_PROJECT_DIR}/avocado-cache ;
      fi
    - export AVOCADO_ALLOW_UNTRUSTED_CODE=1
-    - export QEMU_TEST_ALLOW_UNTRUSTED_CODE=1
-    - export QEMU_TEST_CACHE_DIR=${CI_PROJECT_DIR}/functional-cache
  after_script:
    - cd build
-    - du -chs ${CI_PROJECT_DIR}/*-cache
+    - du -chs ${CI_PROJECT_DIR}/avocado-cache
  variables:
    QEMU_JOB_AVOCADO: 1
--- a/.gitlab-ci.d/buildtest.yml
+++ b/.gitlab-ci.d/buildtest.yml
@@ -22,14 +22,14 @@ check-system-alpine:
    IMAGE: alpine
    MAKE_CHECK_ARGS: check-unit check-qtest

-functional-system-alpine:
-  extends: .functional_test_job_template
+avocado-system-alpine:
+  extends: .avocado_test_job_template
  needs:
    - job: build-system-alpine
      artifacts: true
  variables:
    IMAGE: alpine
-    MAKE_CHECK_ARGS: check-avocado check-functional
+    MAKE_CHECK_ARGS: check-avocado
    AVOCADO_TAGS: arch:avr arch:loongarch64 arch:mips64 arch:mipsel

 build-system-ubuntu:
@@ -53,14 +53,14 @@ check-system-ubuntu:
    IMAGE: ubuntu2204
    MAKE_CHECK_ARGS: check

-functional-system-ubuntu:
-  extends: .functional_test_job_template
+avocado-system-ubuntu:
+  extends: .avocado_test_job_template
  needs:
    - job: build-system-ubuntu
      artifacts: true
  variables:
    IMAGE: ubuntu2204
-    MAKE_CHECK_ARGS: check-avocado check-functional
+    MAKE_CHECK_ARGS: check-avocado
    AVOCADO_TAGS: arch:alpha arch:microblazeel arch:mips64el

 build-system-debian:
@@ -85,14 +85,14 @@ check-system-debian:
    IMAGE: debian
    MAKE_CHECK_ARGS: check

-functional-system-debian:
-  extends: .functional_test_job_template
+avocado-system-debian:
+  extends: .avocado_test_job_template
  needs:
    - job: build-system-debian
      artifacts: true
  variables:
    IMAGE: debian
-    MAKE_CHECK_ARGS: check-avocado check-functional
+    MAKE_CHECK_ARGS: check-avocado
    AVOCADO_TAGS: arch:arm arch:i386 arch:riscv64 arch:sh4 arch:sparc arch:xtensa

 crash-test-debian:
@@ -115,24 +115,11 @@ build-system-fedora:
    job: amd64-fedora-container
  variables:
    IMAGE: fedora
-    CONFIGURE_ARGS: --disable-gcrypt --enable-nettle --enable-docs --enable-crypto-afalg --enable-rust
+    CONFIGURE_ARGS: --disable-gcrypt --enable-nettle --enable-docs
    TARGETS: microblaze-softmmu mips-softmmu
      xtensa-softmmu m68k-softmmu riscv32-softmmu ppc-softmmu sparc64-softmmu
    MAKE_CHECK_ARGS: check-build

-build-system-fedora-rust-nightly:
-  extends:
-    - .native_build_job_template
-    - .native_build_artifact_template
-  needs:
-    job: amd64-fedora-rust-nightly-container
-  variables:
-    IMAGE: fedora-rust-nightly
-    CONFIGURE_ARGS: --disable-docs --enable-rust --enable-strict-rust-lints
-    TARGETS: aarch64-softmmu
-    MAKE_CHECK_ARGS: check-build
-  allow_failure: true
-
 check-system-fedora:
  extends: .native_test_job_template
  needs:
@@ -142,14 +129,14 @@ check-system-fedora:
    IMAGE: fedora
    MAKE_CHECK_ARGS: check

-functional-system-fedora:
-  extends: .functional_test_job_template
+avocado-system-fedora:
+  extends: .avocado_test_job_template
  needs:
    - job: build-system-fedora
      artifacts: true
  variables:
    IMAGE: fedora
-    MAKE_CHECK_ARGS: check-avocado check-functional
+    MAKE_CHECK_ARGS: check-avocado
    AVOCADO_TAGS: arch:microblaze arch:mips arch:xtensa arch:m68k
      arch:riscv32 arch:ppc arch:sparc64

@@ -201,7 +188,6 @@ build-previous-qemu:
    # Override the default flags as we need more to grab the old version
    GIT_FETCH_EXTRA_FLAGS: --prune --quiet
  before_script:
-    - source scripts/ci/gitlab-ci-section
    - export QEMU_PREV_VERSION="$(sed 's/\([0-9.]*\)\.[0-9]*/v\1.0/' VERSION)"
    - git remote add upstream https://gitlab.com/qemu-project/qemu
    - git fetch upstream refs/tags/$QEMU_PREV_VERSION:refs/tags/$QEMU_PREV_VERSION
@@ -226,14 +212,6 @@ build-previous-qemu:
    # testing an old QEMU against new features/tests that it is not
    # compatible with.
    - cd build-previous
-    # Don't allow python-based tests to run. The
-    # vmstate-checker-script test has a race that causes it to fail
-    # sometimes. It cannot be fixed it because this job runs the test
-    # from the old QEMU version. The test will be removed on master,
-    # but this job will only see the change in the next release.
-    #
-    # TODO: remove this line after 9.2 release
-    - unset PYTHON
    # old to new
    - QTEST_QEMU_BINARY_SRC=./qemu-system-${TARGET}
          QTEST_QEMU_BINARY=../build/qemu-system-${TARGET} ./tests/qtest/migration-test
@@ -265,14 +243,14 @@ check-system-centos:
    IMAGE: centos9
    MAKE_CHECK_ARGS: check

-functional-system-centos:
-  extends: .functional_test_job_template
+avocado-system-centos:
+  extends: .avocado_test_job_template
  needs:
    - job: build-system-centos
      artifacts: true
  variables:
    IMAGE: centos9
-    MAKE_CHECK_ARGS: check-avocado check-functional
+    MAKE_CHECK_ARGS: check-avocado
    AVOCADO_TAGS: arch:ppc64 arch:or1k arch:s390x arch:x86_64 arch:rx
      arch:sh4

@@ -296,14 +274,14 @@ check-system-opensuse:
    IMAGE: opensuse-leap
    MAKE_CHECK_ARGS: check

-functional-system-opensuse:
-  extends: .functional_test_job_template
+avocado-system-opensuse:
+  extends: .avocado_test_job_template
  needs:
    - job: build-system-opensuse
      artifacts: true
  variables:
    IMAGE: opensuse-leap
-    MAKE_CHECK_ARGS: check-avocado check-functional
+    MAKE_CHECK_ARGS: check-avocado
    AVOCADO_TAGS: arch:s390x arch:x86_64 arch:aarch64

 #
@@ -324,15 +302,15 @@ build-system-flaky:
      ppc64-softmmu rx-softmmu s390x-softmmu sh4-softmmu x86_64-softmmu
    MAKE_CHECK_ARGS: check-build

-functional-system-flaky:
-  extends: .functional_test_job_template
+avocado-system-flaky:
+  extends: .avocado_test_job_template
  needs:
    - job: build-system-flaky
      artifacts: true
  allow_failure: true
  variables:
    IMAGE: debian
-    MAKE_CHECK_ARGS: check-avocado check-functional
+    MAKE_CHECK_ARGS: check-avocado
    QEMU_JOB_OPTIONAL: 1
    QEMU_TEST_FLAKY_TESTS: 1
    AVOCADO_TAGS: flaky
@@ -452,8 +430,9 @@ clang-system:
    job: amd64-fedora-container
  variables:
    IMAGE: fedora
-    CONFIGURE_ARGS: --cc=clang --cxx=clang++ --enable-ubsan
-      --extra-cflags=-fno-sanitize-recover=undefined
+    CONFIGURE_ARGS: --cc=clang --cxx=clang++
+      --extra-cflags=-fsanitize=undefined --extra-cflags=-fno-sanitize-recover=undefined
+      --extra-cflags=-fno-sanitize=function
    TARGETS: alpha-softmmu arm-softmmu m68k-softmmu mips64-softmmu s390x-softmmu
    MAKE_CHECK_ARGS: check-qtest check-tcg

@@ -464,9 +443,10 @@ clang-user:
  timeout: 70m
  variables:
    IMAGE: debian-all-test-cross
-    CONFIGURE_ARGS: --cc=clang --cxx=clang++ --disable-system --enable-ubsan
+    CONFIGURE_ARGS: --cc=clang --cxx=clang++ --disable-system
      --target-list-exclude=alpha-linux-user,microblazeel-linux-user,aarch64_be-linux-user,i386-linux-user,m68k-linux-user,mipsn32el-linux-user,xtensaeb-linux-user
-      --extra-cflags=-fno-sanitize-recover=undefined
+      --extra-cflags=-fsanitize=undefined --extra-cflags=-fno-sanitize-recover=undefined
+      --extra-cflags=-fno-sanitize=function
    MAKE_CHECK_ARGS: check-unit check-tcg

 # Set LD_JOBS=1 because this requires LTO and ld consumes a large amount of memory.
@@ -507,14 +487,14 @@ check-cfi-aarch64:
    IMAGE: fedora
    MAKE_CHECK_ARGS: check

-functional-cfi-aarch64:
-  extends: .functional_test_job_template
+avocado-cfi-aarch64:
+  extends: .avocado_test_job_template
  needs:
    - job: build-cfi-aarch64
      artifacts: true
  variables:
    IMAGE: fedora
-    MAKE_CHECK_ARGS: check-avocado check-functional
+    MAKE_CHECK_ARGS: check-avocado

 build-cfi-ppc64-s390x:
  extends:
@@ -545,14 +525,14 @@ check-cfi-ppc64-s390x:
    IMAGE: fedora
    MAKE_CHECK_ARGS: check

-functional-cfi-ppc64-s390x:
-  extends: .functional_test_job_template
+avocado-cfi-ppc64-s390x:
+  extends: .avocado_test_job_template
  needs:
    - job: build-cfi-ppc64-s390x
      artifacts: true
  variables:
    IMAGE: fedora
-    MAKE_CHECK_ARGS: check-avocado check-functional
+    MAKE_CHECK_ARGS: check-avocado

 build-cfi-x86_64:
  extends:
@@ -579,14 +559,14 @@ check-cfi-x86_64:
    IMAGE: fedora
    MAKE_CHECK_ARGS: check

-functional-cfi-x86_64:
-  extends: .functional_test_job_template
+avocado-cfi-x86_64:
+  extends: .avocado_test_job_template
  needs:
    - job: build-cfi-x86_64
      artifacts: true
  variables:
    IMAGE: fedora
-    MAKE_CHECK_ARGS: check-avocado check-functional
+    MAKE_CHECK_ARGS: check-avocado

 tsan-build:
  extends: .native_build_job_template
@@ -641,15 +621,12 @@ build-oss-fuzz:
    - CC="clang" CXX="clang++" CFLAGS="-fsanitize=address"
      ./scripts/oss-fuzz/build.sh
    - export ASAN_OPTIONS="fast_unwind_on_malloc=0"
-    - failures=0
    - for fuzzer in $(find ./build-oss-fuzz/DEST_DIR/ -executable -type f
                      | grep -v slirp); do
        grep "LLVMFuzzerTestOneInput" ${fuzzer} > /dev/null 2>&1 || continue ;
        echo Testing ${fuzzer} ... ;
-        "${fuzzer}" -runs=1 -seed=1 || { echo "FAILED:"" ${fuzzer} exit code is $?"; failures=$(($failures+1)); };
+        "${fuzzer}" -runs=1 -seed=1 || exit 1 ;
      done
-    - echo "Number of failures:"" $failures"
-    - test $failures = 0

 build-tci:
  extends: .native_build_job_template
@@ -676,6 +653,9 @@ build-tci:
    - make check-tcg

 # Check our reduced build configurations
+# requires libfdt: aarch64, arm, loongarch64, microblaze, microblazeel,
+#   or1k, ppc64, riscv32, riscv64, rx
+# fails qtest without boards: i386, x86_64
 build-without-defaults:
  extends: .native_build_job_template
  needs:
@@ -689,7 +669,11 @@ build-without-defaults:
      --disable-pie
      --disable-qom-cast-debug
      --disable-strip
-      --target-list-exclude=aarch64-softmmu,microblaze-softmmu,mips64-softmmu,mipsel-softmmu,ppc64-softmmu,sh4el-softmmu,xtensa-softmmu,x86_64-softmmu
+    TARGETS: alpha-softmmu avr-softmmu cris-softmmu hppa-softmmu m68k-softmmu
+      mips-softmmu mips64-softmmu mipsel-softmmu mips64el-softmmu
+      ppc-softmmu s390x-softmmu sh4-softmmu sh4eb-softmmu sparc-softmmu
+      sparc64-softmmu tricore-softmmu xtensa-softmmu xtensaeb-softmmu
+      hexagon-linux-user i386-linux-user s390x-linux-user
    MAKE_CHECK_ARGS: check

 build-libvhost-user:
--- a/.gitlab-ci.d/check-dco.py
+++ b/.gitlab-ci.d/check-dco.py
@@ -19,9 +19,10 @@ cwd = os.getcwd()
 reponame = os.path.basename(cwd)
 repourl = "https://gitlab.com/%s/%s.git" % (namespace, reponame)

-print(f"adding upstream git repo @ {repourl}")
 subprocess.check_call(["git", "remote", "add", "check-dco", repourl])
-subprocess.check_call(["git", "fetch", "check-dco", "master"])
+subprocess.check_call(["git", "fetch", "check-dco", "master"],
+                      stdout=subprocess.DEVNULL,
+                      stderr=subprocess.DEVNULL)

 ancestor = subprocess.check_output(["git", "merge-base",
                                    "check-dco/master", "HEAD"],
@@ -78,10 +79,7 @@ of Origin 1.1 (DCO):

 To indicate acceptance of the DCO every commit must have a tag

-  Signed-off-by: YOUR NAME <EMAIL>
-
-where "YOUR NAME" is your commonly known identity in the context
-of the community.
+  Signed-off-by: REAL NAME <EMAIL>

 This can be achieved by passing the "-s" flag to the "git commit" command.

--- a/.gitlab-ci.d/check-patch.py
+++ b/.gitlab-ci.d/check-patch.py
@@ -19,12 +19,13 @@ cwd = os.getcwd()
 reponame = os.path.basename(cwd)
 repourl = "https://gitlab.com/%s/%s.git" % (namespace, reponame)

-print(f"adding upstream git repo @ {repourl}")
 # GitLab CI environment does not give us any direct info about the
 # base for the user's branch. We thus need to figure out a common
 # ancestor between the user's branch and current git master.
 subprocess.check_call(["git", "remote", "add", "check-patch", repourl])
-subprocess.check_call(["git", "fetch", "check-patch", "master"])
+subprocess.check_call(["git", "fetch", "check-patch", "master"],
+                      stdout=subprocess.DEVNULL,
+                      stderr=subprocess.DEVNULL)

 ancestor = subprocess.check_output(["git", "merge-base",
                                    "check-patch/master", "HEAD"],
--- a/.gitlab-ci.d/cirrus.yml
+++ b/.gitlab-ci.d/cirrus.yml
@@ -46,13 +46,13 @@
  variables:
    QEMU_JOB_CIRRUS: 1

-x64-freebsd-14-build:
+x64-freebsd-13-build:
  extends: .cirrus_build_job
  variables:
-    NAME: freebsd-14
+    NAME: freebsd-13
    CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
    CIRRUS_VM_IMAGE_SELECTOR: image_family
-    CIRRUS_VM_IMAGE_NAME: freebsd-14-2
+    CIRRUS_VM_IMAGE_NAME: freebsd-13-3
    CIRRUS_VM_CPUS: 8
    CIRRUS_VM_RAM: 8G
    UPDATE_COMMAND: pkg update; pkg upgrade -y
@@ -60,16 +60,34 @@ x64-freebsd-14-build:
    CONFIGURE_ARGS: --target-list-exclude=arm-softmmu,i386-softmmu,microblaze-softmmu,mips64el-softmmu,mipsel-softmmu,mips-softmmu,ppc-softmmu,sh4eb-softmmu,xtensa-softmmu
    TEST_TARGETS: check

-aarch64-macos-build:
+aarch64-macos-13-base-build:
  extends: .cirrus_build_job
  variables:
-    NAME: macos-14
+    NAME: macos-13
    CIRRUS_VM_INSTANCE_TYPE: macos_instance
    CIRRUS_VM_IMAGE_SELECTOR: image
-    CIRRUS_VM_IMAGE_NAME: ghcr.io/cirruslabs/macos-runner:sonoma
+    CIRRUS_VM_IMAGE_NAME: ghcr.io/cirruslabs/macos-ventura-base:latest
+    CIRRUS_VM_CPUS: 12
+    CIRRUS_VM_RAM: 24G
    UPDATE_COMMAND: brew update
    INSTALL_COMMAND: brew install
    PATH_EXTRA: /opt/homebrew/ccache/libexec:/opt/homebrew/gettext/bin
    PKG_CONFIG_PATH: /opt/homebrew/curl/lib/pkgconfig:/opt/homebrew/ncurses/lib/pkgconfig:/opt/homebrew/readline/lib/pkgconfig
    CONFIGURE_ARGS: --target-list-exclude=arm-softmmu,i386-softmmu,microblazeel-softmmu,mips64-softmmu,mipsel-softmmu,mips-softmmu,ppc-softmmu,sh4-softmmu,xtensaeb-softmmu
    TEST_TARGETS: check-unit check-block check-qapi-schema check-softfloat check-qtest-x86_64
+
+aarch64-macos-14-base-build:
+  extends: .cirrus_build_job
+  variables:
+    NAME: macos-14
+    CIRRUS_VM_INSTANCE_TYPE: macos_instance
+    CIRRUS_VM_IMAGE_SELECTOR: image
+    CIRRUS_VM_IMAGE_NAME: ghcr.io/cirruslabs/macos-sonoma-base:latest
+    CIRRUS_VM_CPUS: 12
+    CIRRUS_VM_RAM: 24G
+    UPDATE_COMMAND: brew update
+    INSTALL_COMMAND: brew install
+    PATH_EXTRA: /opt/homebrew/ccache/libexec:/opt/homebrew/gettext/bin
+    PKG_CONFIG_PATH: /opt/homebrew/curl/lib/pkgconfig:/opt/homebrew/ncurses/lib/pkgconfig:/opt/homebrew/readline/lib/pkgconfig
+    TEST_TARGETS: check-unit check-block check-qapi-schema check-softfloat check-qtest-x86_64
+    QEMU_JOB_OPTIONAL: 1
--- a/.gitlab-ci.d/cirrus/freebsd-13.vars
+++ b/.gitlab-ci.d/cirrus/freebsd-13.vars
@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTO-GENERATED
 #
-#  $ lcitool variables freebsd-14 qemu
+#  $ lcitool variables freebsd-13 qemu
 #
 # https://gitlab.com/libvirt/libvirt-ci

@@ -10,7 +10,7 @@ CROSS_PKGS=''
 MAKE='/usr/local/bin/gmake'
 NINJA='/usr/local/bin/ninja'
 PACKAGING_COMMAND='pkg'
-PIP3='/usr/local/bin/pip'
-PKGS='alsa-lib bash bison bzip2 ca_root_nss capstone4 ccache cmocka ctags curl cyrus-sasl dbus diffutils dtc flex fusefs-libs3 gettext git glib gmake gnutls gsed gtk-vnc gtk3 json-c libepoxy libffi libgcrypt libjpeg-turbo libnfs libslirp libspice-server libssh libtasn1 llvm lzo2 meson mtools ncurses nettle ninja opencv pixman pkgconf png py311-numpy py311-pillow py311-pip py311-pyyaml py311-sphinx py311-sphinx_rtd_theme py311-tomli python3 rpm2cpio rust rust-bindgen-cli sdl2 sdl2_image snappy sndio socat spice-protocol tesseract usbredir virglrenderer vte3 xorriso zstd'
+PIP3='/usr/local/bin/pip-3.8'
+PKGS='alsa-lib bash bison bzip2 ca_root_nss capstone4 ccache cmocka ctags curl cyrus-sasl dbus diffutils dtc flex fusefs-libs3 gettext git glib gmake gnutls gsed gtk-vnc gtk3 json-c libepoxy libffi libgcrypt libjpeg-turbo libnfs libslirp libspice-server libssh libtasn1 llvm lzo2 meson mtools ncurses nettle ninja opencv pixman pkgconf png py311-numpy py311-pillow py311-pip py311-sphinx py311-sphinx_rtd_theme py311-tomli py311-yaml python3 rpm2cpio sdl2 sdl2_image snappy sndio socat spice-protocol tesseract usbredir virglrenderer vte3 xorriso zstd'
 PYPI_PKGS=''
 PYTHON='/usr/local/bin/python3'
--- a/.gitlab-ci.d/cirrus/macos-13.vars
+++ b/.gitlab-ci.d/cirrus/macos-13.vars
@@ -0,0 +1,16 @@
+# THIS FILE WAS AUTO-GENERATED
+#
+#  $ lcitool variables macos-13 qemu
+#
+# https://gitlab.com/libvirt/libvirt-ci
+
+CCACHE='/opt/homebrew/bin/ccache'
+CPAN_PKGS=''
+CROSS_PKGS=''
+MAKE='/opt/homebrew/bin/gmake'
+NINJA='/opt/homebrew/bin/ninja'
+PACKAGING_COMMAND='brew'
+PIP3='/opt/homebrew/bin/pip3'
+PKGS='bash bc bison bzip2 capstone ccache cmocka ctags curl dbus diffutils dtc flex gcovr gettext git glib gnu-sed gnutls gtk+3 gtk-vnc jemalloc jpeg-turbo json-c libepoxy libffi libgcrypt libiscsi libnfs libpng libslirp libssh libtasn1 libusb llvm lzo make meson mtools ncurses nettle ninja pixman pkg-config python3 rpm2cpio sdl2 sdl2_image snappy socat sparse spice-protocol swtpm tesseract usbredir vde vte3 xorriso zlib zstd'
+PYPI_PKGS='PyYAML numpy pillow sphinx sphinx-rtd-theme tomli'
+PYTHON='/opt/homebrew/bin/python3'
--- a/.gitlab-ci.d/cirrus/macos-14.vars
+++ b/.gitlab-ci.d/cirrus/macos-14.vars
@@ -11,6 +11,6 @@ MAKE='/opt/homebrew/bin/gmake'
 NINJA='/opt/homebrew/bin/ninja'
 PACKAGING_COMMAND='brew'
 PIP3='/opt/homebrew/bin/pip3'
-PKGS='bash bc bindgen bison bzip2 capstone ccache cmocka ctags curl dbus diffutils dtc flex gcovr gettext git glib gnu-sed gnutls gtk+3 gtk-vnc jemalloc jpeg-turbo json-c libcbor libepoxy libffi libgcrypt libiscsi libnfs libpng libslirp libssh libtasn1 libusb llvm lzo make meson mtools ncurses nettle ninja pixman pkg-config python3 rpm2cpio rust sdl2 sdl2_image snappy socat sparse spice-protocol swtpm tesseract usbredir vde vte3 xorriso zlib zstd'
+PKGS='bash bc bison bzip2 capstone ccache cmocka ctags curl dbus diffutils dtc flex gcovr gettext git glib gnu-sed gnutls gtk+3 gtk-vnc jemalloc jpeg-turbo json-c libepoxy libffi libgcrypt libiscsi libnfs libpng libslirp libssh libtasn1 libusb llvm lzo make meson mtools ncurses nettle ninja pixman pkg-config python3 rpm2cpio sdl2 sdl2_image snappy socat sparse spice-protocol swtpm tesseract usbredir vde vte3 xorriso zlib zstd'
 PYPI_PKGS='PyYAML numpy pillow sphinx sphinx-rtd-theme tomli'
 PYTHON='/opt/homebrew/bin/python3'
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -90,6 +90,11 @@ xtensa-debian-cross-container:
  variables:
    NAME: debian-xtensa-cross

+cris-fedora-cross-container:
+  extends: .container_job_template
+  variables:
+    NAME: fedora-cris-cross
+
 win64-fedora-cross-container:
  extends: .container_job_template
  variables:
--- a/.gitlab-ci.d/containers.yml
+++ b/.gitlab-ci.d/containers.yml
@@ -27,9 +27,3 @@ python-container:
  extends: .container_job_template
  variables:
    NAME: python
-
-amd64-fedora-rust-nightly-container:
-  extends: .container_job_template
-  variables:
-    NAME: fedora-rust-nightly
-  allow_failure: true
--- a/.gitlab-ci.d/crossbuild-template.yml
+++ b/.gitlab-ci.d/crossbuild-template.yml
@@ -9,11 +9,7 @@
    when: always
  timeout: 80m
  before_script:
-    - source scripts/ci/gitlab-ci-section
-    - section_start setup "Pre-script setup"
-    - JOBS=$(expr $(nproc) + 1)
    - cat /packages.txt
-    - section_end setup
  script:
    - export CCACHE_BASEDIR="$(pwd)"
    - export CCACHE_DIR="$CCACHE_BASEDIR/ccache"
@@ -22,30 +18,18 @@
    - mkdir build
    - cd build
    - ccache --zero-stats
-    - section_start configure "Running configure"
    - ../configure --enable-werror --disable-docs --enable-fdt=system
        --disable-user $QEMU_CONFIGURE_OPTS $EXTRA_CONFIGURE_OPTS
-        --target-list-exclude="arm-softmmu
+        --target-list-exclude="arm-softmmu cris-softmmu
          i386-softmmu microblaze-softmmu mips-softmmu mipsel-softmmu
          mips64-softmmu ppc-softmmu riscv32-softmmu sh4-softmmu
          sparc-softmmu xtensa-softmmu $CROSS_SKIP_TARGETS"
-    - section_end configure
-    - section_start build "Building QEMU"
-    - make -j"$JOBS" all check-build
-    - section_end build
-    - section_start test "Running tests"
-    - if test -n "$MAKE_CHECK_ARGS";
-      then
-        $MAKE -j"$JOBS" $MAKE_CHECK_ARGS ;
-      fi
-    - section_end test
-    - section_start installer "Building the installer"
+    - make -j$(expr $(nproc) + 1) all check-build $MAKE_CHECK_ARGS
    - if grep -q "EXESUF=.exe" config-host.mak;
      then make installer;
      version="$(git describe --match v[0-9]* 2>/dev/null || git rev-parse --short HEAD)";
      mv -v qemu-setup*.exe qemu-setup-${version}.exe;
      fi
-    - section_end installer
    - ccache --show-stats

 # Job to cross-build specific accelerators.
@@ -57,14 +41,11 @@
  extends: .base_job_template
  stage: build
  image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:$QEMU_CI_CONTAINER_TAG
-  timeout: 60m
+  timeout: 30m
  cache:
    paths:
      - ccache/
    key: "$CI_JOB_NAME"
-  before_script:
-    - source scripts/ci/gitlab-ci-section
-    - JOBS=$(expr $(nproc) + 1)
  script:
    - export CCACHE_BASEDIR="$(pwd)"
    - export CCACHE_DIR="$CCACHE_BASEDIR/ccache"
@@ -72,19 +53,9 @@
    - export PATH="$CCACHE_WRAPPERSDIR:$PATH"
    - mkdir build
    - cd build
-    - section_start configure "Running configure"
    - ../configure --enable-werror --disable-docs $QEMU_CONFIGURE_OPTS
        --disable-tools --enable-${ACCEL:-kvm} $EXTRA_CONFIGURE_OPTS
-    - section_end configure
-    - section_start build "Building QEMU"
-    - make -j"$JOBS" all check-build
-    - section_end build
-    - section_start test "Running tests"
-    - if test -n "$MAKE_CHECK_ARGS";
-      then
-        $MAKE -j"$JOBS" $MAKE_CHECK_ARGS ;
-      fi
-    - section_end test
+    - make -j$(expr $(nproc) + 1) all check-build $MAKE_CHECK_ARGS

 .cross_user_build_job:
  extends: .base_job_template
@@ -94,31 +65,18 @@
    paths:
      - ccache/
    key: "$CI_JOB_NAME"
-  before_script:
-    - source scripts/ci/gitlab-ci-section
-    - JOBS=$(expr $(nproc) + 1)
  script:
    - export CCACHE_BASEDIR="$(pwd)"
    - export CCACHE_DIR="$CCACHE_BASEDIR/ccache"
    - export CCACHE_MAXSIZE="500M"
    - mkdir build
    - cd build
-    - section_start configure "Running configure"
    - ../configure --enable-werror --disable-docs $QEMU_CONFIGURE_OPTS
        --disable-system --target-list-exclude="aarch64_be-linux-user
-          alpha-linux-user m68k-linux-user microblazeel-linux-user
+          alpha-linux-user cris-linux-user m68k-linux-user microblazeel-linux-user
          or1k-linux-user ppc-linux-user sparc-linux-user
          xtensa-linux-user $CROSS_SKIP_TARGETS"
-    - section_end configure
-    - section_start build "Building QEMU"
-    - make -j"$JOBS" all check-build
-    - section_end build
-    - section_start test "Running tests"
-    - if test -n "$MAKE_CHECK_ARGS";
-      then
-        $MAKE -j"$JOBS" $MAKE_CHECK_ARGS ;
-      fi
-    - section_end test
+    - make -j$(expr $(nproc) + 1) all check-build $MAKE_CHECK_ARGS

 # We can still run some tests on some of our cross build jobs. They can add this
 # template to their extends to save the build logs and test results
--- a/.gitlab-ci.d/crossbuilds.yml
+++ b/.gitlab-ci.d/crossbuilds.yml
@@ -62,11 +62,7 @@ cross-i686-tci:
    IMAGE: debian-i686-cross
    ACCEL: tcg-interpreter
    EXTRA_CONFIGURE_OPTS: --target-list=i386-softmmu,i386-linux-user,aarch64-softmmu,aarch64-linux-user,ppc-softmmu,ppc-linux-user --disable-plugins --disable-kvm
-    # Force tests to run with reduced parallelism, to see whether this
-    # reduces the flakiness of this CI job. The CI
-    # environment by default shows us 8 CPUs and so we
-    # would otherwise be using a parallelism of 9.
-    MAKE_CHECK_ARGS: check check-tcg -j2
+    MAKE_CHECK_ARGS: check check-tcg

 cross-mipsel-system:
  extends: .cross_system_build_job
--- a/.gitlab-ci.d/custom-runners/ubuntu-22.04-aarch64.yml
+++ b/.gitlab-ci.d/custom-runners/ubuntu-22.04-aarch64.yml
@@ -103,7 +103,7 @@ ubuntu-22.04-aarch64-clang:
 script:
 - mkdir build
 - cd build
- - ../configure --disable-libssh --cc=clang --cxx=clang++ --enable-ubsan
+ - ../configure --disable-libssh --cc=clang --cxx=clang++ --enable-sanitizers
   || { cat config.log meson-logs/meson-log.txt; exit 1; }
 - make --output-sync -j`nproc --ignore=40`
 - make --output-sync -j`nproc --ignore=40` check
--- a/.gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml
+++ b/.gitlab-ci.d/custom-runners/ubuntu-22.04-s390x.yml
@@ -80,7 +80,7 @@ ubuntu-22.04-s390x-clang:
 script:
 - mkdir build
 - cd build
- - ../configure --cc=clang --cxx=clang++ --enable-ubsan
+ - ../configure --cc=clang --cxx=clang++ --enable-sanitizers
   || { cat config.log meson-logs/meson-log.txt; exit 1; }
 - make --output-sync -j`nproc`
 - make --output-sync -j`nproc` check
--- a/.gitlab-ci.d/windows.yml
+++ b/.gitlab-ci.d/windows.yml
@@ -88,7 +88,6 @@ msys2-64bit:
      mingw-w64-x86_64-python
      mingw-w64-x86_64-zstd"
  - Write-Output "Running build at $(Get-Date -Format u)"
-  - $env:JOBS = $(.\msys64\usr\bin\bash -lc nproc)
  - $env:CHERE_INVOKING = 'yes'  # Preserve the current working directory
  - $env:MSYS = 'winsymlinks:native' # Enable native Windows symlink
  - $env:CCACHE_BASEDIR = "$env:CI_PROJECT_DIR"
@@ -100,7 +99,7 @@ msys2-64bit:
  - cd build
  - ..\msys64\usr\bin\bash -lc "ccache --zero-stats"
  - ..\msys64\usr\bin\bash -lc "../configure $CONFIGURE_ARGS"
-  - ..\msys64\usr\bin\bash -lc "make -j$env:JOBS"
+  - ..\msys64\usr\bin\bash -lc "make"
  - ..\msys64\usr\bin\bash -lc "make check MTESTARGS='$TEST_ARGS' || { cat meson-logs/testlog.txt; exit 1; } ;"
  - ..\msys64\usr\bin\bash -lc "ccache --show-stats"
  - Write-Output "Finished build at $(Get-Date -Format u)"
--- a/.gitmodules
+++ b/.gitmodules
@@ -30,7 +30,7 @@
 	url = https://gitlab.com/qemu-project/u-boot-sam460ex.git
 [submodule "roms/edk2"]
 	path = roms/edk2
-	url = https://gitlab.com/qemu-project/edk2.git
+	url = https://github.com/openSUSE/qemu-edk2.git
 [submodule "roms/opensbi"]
 	path = roms/opensbi
 	url = 	https://gitlab.com/qemu-project/opensbi.git
--- a/.mailmap
+++ b/.mailmap
@@ -75,8 +75,6 @@ Aleksandar Rikalo <aleksandar.rikalo@syrmia.com> <aleksandar.rikalo@rt-rk.com>
 Alexander Graf <agraf@csgraf.de> <agraf@suse.de>
 Ani Sinha <anisinha@redhat.com> <ani@anisinha.ca>
 Anthony Liguori <anthony@codemonkey.ws> Anthony Liguori <aliguori@us.ibm.com>
-Brian Cain <brian.cain@oss.qualcomm.com> <bcain@quicinc.com>
-Brian Cain <brian.cain@oss.qualcomm.com> <quic_bcain@quicinc.com>
 Christian Borntraeger <borntraeger@linux.ibm.com> <borntraeger@de.ibm.com>
 Damien Hedde <damien.hedde@dahe.fr> <damien.hedde@greensocs.com>
 Filip Bozuta <filip.bozuta@syrmia.com> <filip.bozuta@rt-rk.com.com>
--- a/1
+++ b/1
@@ -4,4 +4,3 @@ source accel/Kconfig
 source target/Kconfig
 source hw/Kconfig
 source semihosting/Kconfig
-source rust/Kconfig
--- a/Kconfig.host
+++ b/Kconfig.host
@@ -5,12 +5,6 @@
 config LINUX
    bool

-config LIBCBOR
-    bool
-
-config GNUTLS
-    bool
-
 config OPENGL
    bool

@@ -58,6 +52,3 @@ config VFIO_USER_SERVER_ALLOWED

 config HV_BALLOON_POSSIBLE
    bool
-
-config HAVE_RUST
-    bool
--- a/330
+++ b/330
@@ -132,7 +132,6 @@ F: configs/targets/mips*

 X86 general architecture support
 M: Paolo Bonzini <pbonzini@redhat.com>
-R: Zhao Liu <zhao1.liu@intel.com>
 S: Maintained
 F: configs/devices/i386-softmmu/default.mak
 F: configs/targets/i386-softmmu.mak
@@ -223,10 +222,19 @@ S: Maintained
 F: docs/system/target-avr.rst
 F: gdb-xml/avr-cpu.xml
 F: target/avr/
-F: tests/functional/test_avr_mega2560.py
+F: tests/avocado/machine_avr6.py
+
+CRIS TCG CPUs
+M: Edgar E. Iglesias <edgar.iglesias@gmail.com>
+S: Maintained
+F: target/cris/
+F: hw/cris/
+F: include/hw/cris/
+F: tests/tcg/cris/
+F: disas/cris.c

 Hexagon TCG CPUs
-M: Brian Cain <bcain@oss.qualcomm.com>
+M: Brian Cain <bcain@quicinc.com>
 S: Supported
 F: target/hexagon/
 X: target/hexagon/idef-parser/
@@ -258,7 +266,7 @@ M: Song Gao <gaosong@loongson.cn>
 S: Maintained
 F: target/loongarch/
 F: tests/tcg/loongarch64/
-F: tests/functional/test_loongarch64_virt.py
+F: tests/avocado/machine_loongarch.py

 M68K TCG CPUs
 M: Laurent Vivier <laurent@vivier.eu>
@@ -310,7 +318,6 @@ F: configs/devices/ppc*
 F: docs/system/ppc/embedded.rst
 F: docs/system/target-ppc.rst
 F: tests/tcg/ppc*/*
-F: tests/functional/test_ppc_74xx.py

 RISC-V TCG CPUs
 M: Palmer Dabbelt <palmer@dabbelt.com>
@@ -329,7 +336,6 @@ F: hw/intc/riscv*
 F: include/hw/riscv/
 F: linux-user/host/riscv32/
 F: linux-user/host/riscv64/
-F: tests/functional/test_riscv*
 F: tests/tcg/riscv64/

 RISC-V XThead* extensions
@@ -553,8 +559,6 @@ F: include/hw/xen/
 F: include/sysemu/xen.h
 F: include/sysemu/xen-mapcache.h
 F: stubs/xen-hw-stub.c
-F: docs/system/arm/xenpvh.rst
-F: docs/system/i386/xenpvh.rst

 Guest CPU Cores (NVMM)
 ----------------------
@@ -642,7 +646,6 @@ F: hw/*/allwinner-h3*
 F: include/hw/*/allwinner-h3*
 F: hw/arm/orangepi.c
 F: docs/system/arm/orangepi.rst
-F: tests/functional/test_arm_orangepi.py

 ARM PrimeCell and CMSDK devices
 M: Peter Maydell <peter.maydell@linaro.org>
@@ -704,14 +707,6 @@ F: include/hw/timer/armv7m_systick.h
 F: include/hw/misc/armv7m_ras.h
 F: tests/qtest/test-arm-mptimer.c

-B-L475E-IOT01A IoT Node
-M: Samuel Tardieu <sam@rfc1149.net>
-L: qemu-arm@nongnu.org
-S: Maintained
-F: hw/arm/b-l475e-iot01a.c
-F: hw/display/dm163.c
-F: tests/qtest/dm163-test.c
-
 Exynos
 M: Igor Mitsyanko <i.mitsyanko@gmail.com>
 M: Peter Maydell <peter.maydell@linaro.org>
@@ -719,7 +714,6 @@ L: qemu-arm@nongnu.org
 S: Odd Fixes
 F: hw/*/exynos*
 F: include/hw/*/exynos*
-F: docs/system/arm/exynos.rst

 Calxeda Highbank
 M: Rob Herring <robh@kernel.org>
@@ -738,7 +732,7 @@ S: Odd Fixes
 F: include/hw/arm/digic.h
 F: hw/*/digic*
 F: include/hw/*/digic*
-F: tests/functional/test_arm_canona1100.py
+F: tests/avocado/machine_arm_canona1100.py
 F: docs/system/arm/digic.rst

 Goldfish RTC
@@ -749,6 +743,14 @@ S: Maintained
 F: hw/rtc/goldfish_rtc.c
 F: include/hw/rtc/goldfish_rtc.h

+Gumstix
+M: Peter Maydell <peter.maydell@linaro.org>
+R: Philippe Mathieu-Daudé <philmd@linaro.org>
+L: qemu-arm@nongnu.org
+S: Odd Fixes
+F: hw/arm/gumstix.c
+F: docs/system/arm/gumstix.rst
+
 i.MX25 PDK
 M: Peter Maydell <peter.maydell@linaro.org>
 R: Jean-Christophe Dubois <jcd@tribudubois.net>
@@ -781,7 +783,7 @@ S: Maintained
 F: hw/arm/integratorcp.c
 F: hw/misc/arm_integrator_debug.c
 F: include/hw/misc/arm_integrator_debug.h
-F: tests/functional/test_arm_integratorcp.py
+F: tests/avocado/machine_arm_integratorcp.py
 F: docs/system/arm/integratorcp.rst

 MCIMX6UL EVK / i.MX6ul
@@ -794,7 +796,6 @@ F: hw/arm/fsl-imx6ul.c
 F: hw/misc/imx6ul_ccm.c
 F: include/hw/arm/fsl-imx6ul.h
 F: include/hw/misc/imx6ul_ccm.h
-F: docs/system/arm/mcimx6ul-evk.rst

 MCIMX7D SABRE / i.MX7
 M: Peter Maydell <peter.maydell@linaro.org>
@@ -808,7 +809,6 @@ F: include/hw/arm/fsl-imx7.h
 F: include/hw/misc/imx7_*.h
 F: hw/pci-host/designware.c
 F: include/hw/pci-host/designware.h
-F: docs/system/arm/mcimx7d-sabre.rst

 MPS2 / MPS3
 M: Peter Maydell <peter.maydell@linaro.org>
@@ -871,6 +871,32 @@ F: pc-bios/npcm7xx_bootrom.bin
 F: roms/vbootrom
 F: docs/system/arm/nuvoton.rst

+nSeries
+M: Peter Maydell <peter.maydell@linaro.org>
+L: qemu-arm@nongnu.org
+S: Odd Fixes
+F: hw/arm/nseries.c
+F: hw/display/blizzard.c
+F: hw/input/lm832x.c
+F: hw/input/tsc2005.c
+F: hw/misc/cbus.c
+F: hw/rtc/twl92230.c
+F: include/hw/display/blizzard.h
+F: include/hw/input/lm832x.h
+F: include/hw/input/tsc2xxx.h
+F: include/hw/misc/cbus.h
+F: tests/avocado/machine_arm_n8x0.py
+F: docs/system/arm/nseries.rst
+
+Palm
+M: Peter Maydell <peter.maydell@linaro.org>
+L: qemu-arm@nongnu.org
+S: Odd Fixes
+F: hw/arm/palm.c
+F: hw/input/tsc210x.c
+F: include/hw/input/tsc2xxx.h
+F: docs/system/arm/palm.rst
+
 Raspberry Pi
 M: Peter Maydell <peter.maydell@linaro.org>
 R: Philippe Mathieu-Daudé <philmd@linaro.org>
@@ -882,9 +908,6 @@ F: hw/*/bcm283*
 F: include/hw/arm/rasp*
 F: include/hw/*/bcm283*
 F: docs/system/arm/raspi.rst
-F: tests/functional/test_arm_raspi2.py
-F: tests/functional/test_aarch64_raspi3.py
-F: tests/functional/test_aarch64_raspi4.py

 Real View
 M: Peter Maydell <peter.maydell@linaro.org>
@@ -896,6 +919,28 @@ F: hw/intc/realview_gic.c
 F: include/hw/intc/realview_gic.h
 F: docs/system/arm/realview.rst

+PXA2XX
+M: Peter Maydell <peter.maydell@linaro.org>
+L: qemu-arm@nongnu.org
+S: Odd Fixes
+F: hw/arm/mainstone.c
+F: hw/arm/spitz.c
+F: hw/arm/tosa.c
+F: hw/arm/z2.c
+F: hw/*/pxa2xx*
+F: hw/display/tc6393xb.c
+F: hw/gpio/max7310.c
+F: hw/gpio/zaurus.c
+F: hw/input/ads7846.c
+F: hw/misc/mst_fpga.c
+F: hw/adc/max111x.c
+F: include/hw/adc/max111x.h
+F: include/hw/arm/pxa.h
+F: include/hw/arm/sharpsl.h
+F: include/hw/display/tc6393xb.h
+F: docs/system/arm/xscale.rst
+F: docs/system/arm/mainstone.rst
+
 SABRELITE / i.MX6
 M: Peter Maydell <peter.maydell@linaro.org>
 R: Jean-Christophe Dubois <jcd@tribudubois.net>
@@ -924,7 +969,7 @@ F: hw/misc/sbsa_ec.c
 F: hw/watchdog/sbsa_gwdt.c
 F: include/hw/watchdog/sbsa_gwdt.h
 F: docs/system/arm/sbsa.rst
-F: tests/functional/test_aarch64_sbsaref*.py
+F: tests/avocado/machine_aarch64_sbsaref.py

 Sharp SL-5500 (Collie) PDA
 M: Peter Maydell <peter.maydell@linaro.org>
@@ -932,10 +977,7 @@ L: qemu-arm@nongnu.org
 S: Odd Fixes
 F: hw/arm/collie.c
 F: hw/arm/strongarm*
-F: hw/gpio/zaurus.c
-F: include/hw/arm/sharpsl.h
 F: docs/system/arm/collie.rst
-F: tests/functional/test_arm_collie.py

 Stellaris
 M: Peter Maydell <peter.maydell@linaro.org>
@@ -947,19 +989,6 @@ F: include/hw/input/gamepad.h
 F: include/hw/timer/stellaris-gptm.h
 F: docs/system/arm/stellaris.rst

-STM32L4x5 SoC Family
-M: Samuel Tardieu <sam@rfc1149.net>
-L: qemu-arm@nongnu.org
-S: Maintained
-F: hw/arm/stm32l4x5_soc.c
-F: hw/char/stm32l4x5_usart.c
-F: hw/misc/stm32l4x5_exti.c
-F: hw/misc/stm32l4x5_syscfg.c
-F: hw/misc/stm32l4x5_rcc.c
-F: hw/gpio/stm32l4x5_gpio.c
-F: include/hw/*/stm32l4x5_*.h
-F: tests/qtest/stm32l4x5*
-
 STM32VLDISCOVERY
 M: Alexandre Iooss <erdnaxe@crans.org>
 L: qemu-arm@nongnu.org
@@ -974,7 +1003,6 @@ S: Maintained
 F: hw/arm/vexpress.c
 F: hw/display/sii9022.c
 F: docs/system/arm/vexpress.rst
-F: tests/functional/test_arm_vexpress.py

 Versatile PB
 M: Peter Maydell <peter.maydell@linaro.org>
@@ -993,9 +1021,7 @@ S: Maintained
 F: hw/arm/virt*
 F: include/hw/arm/virt.h
 F: docs/system/arm/virt.rst
-F: tests/functional/test_aarch64_virt.py
-F: tests/functional/test_aarch64_tuxrun.py
-F: tests/functional/test_arm_tuxrun.py
+F: tests/avocado/machine_aarch64_virt.py

 Xilinx Zynq
 M: Edgar E. Iglesias <edgar.iglesias@gmail.com>
@@ -1024,10 +1050,9 @@ F: include/hw/ssi/xilinx_spips.h
 F: hw/display/dpcd.c
 F: include/hw/display/dpcd.h
 F: docs/system/arm/xlnx-versal-virt.rst
-F: docs/system/arm/xlnx-zcu102.rst

 Xilinx Versal OSPI
-M: Francisco Iglesias <francisco.iglesias@amd.com>
+M: Francisco Iglesias <francisco.iglesias@xilinx.com>
 S: Maintained
 F: hw/ssi/xlnx-versal-ospi.c
 F: include/hw/ssi/xlnx-versal-ospi.h
@@ -1069,8 +1094,6 @@ S: Maintained
 F: hw/arm/stm32f405_soc.c
 F: hw/misc/stm32f4xx_syscfg.c
 F: hw/misc/stm32f4xx_exti.c
-F: hw/misc/stm32_rcc.c
-F: include/hw/misc/stm32_rcc.h

 Netduino 2
 M: Alistair Francis <alistair@alistair23.me>
@@ -1092,6 +1115,26 @@ L: qemu-arm@nongnu.org
 S: Maintained
 F: hw/arm/olimex-stm32-h405.c

+STM32L4x5 SoC Family
+M: Arnaud Minier <arnaud.minier@telecom-paris.fr>
+M: Inès Varhol <ines.varhol@telecom-paris.fr>
+L: qemu-arm@nongnu.org
+S: Maintained
+F: hw/arm/stm32l4x5_soc.c
+F: hw/char/stm32l4x5_usart.c
+F: hw/misc/stm32l4x5_exti.c
+F: hw/misc/stm32l4x5_syscfg.c
+F: hw/misc/stm32l4x5_rcc.c
+F: hw/gpio/stm32l4x5_gpio.c
+F: include/hw/*/stm32l4x5_*.h
+
+B-L475E-IOT01A IoT Node
+M: Arnaud Minier <arnaud.minier@telecom-paris.fr>
+M: Inès Varhol <ines.varhol@telecom-paris.fr>
+L: qemu-arm@nongnu.org
+S: Maintained
+F: hw/arm/b-l475e-iot01a.c
+
 SmartFusion2
 M: Subbaraya Sundeep <sundeep.lkml@gmail.com>
 M: Peter Maydell <peter.maydell@linaro.org>
@@ -1131,9 +1174,7 @@ F: include/hw/*/*aspeed*
 F: hw/net/ftgmac100.c
 F: include/hw/net/ftgmac100.h
 F: docs/system/arm/aspeed.rst
-F: docs/system/arm/fby35.rst
 F: tests/*/*aspeed*
-F: tests/*/*ast2700*
 F: hw/arm/fby35.c

 NRF51
@@ -1148,11 +1189,6 @@ F: include/hw/*/microbit*.h
 F: tests/qtest/microbit-test.c
 F: docs/system/arm/nrf.rst

-ARM PL011 Rust device
-M: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
-S: Maintained
-F: rust/hw/char/pl011/
-
 AVR Machines
 -------------

@@ -1173,6 +1209,14 @@ M: Philippe Mathieu-Daudé <philmd@linaro.org>
 S: Maintained
 F: hw/avr/arduino.c

+CRIS Machines
+-------------
+Axis Dev88
+M: Edgar E. Iglesias <edgar.iglesias@gmail.com>
+S: Maintained
+F: hw/cris/axis_dev88.c
+F: hw/*/etraxfs_*.c
+
 HP-PARISC Machines
 ------------------
 HP B160L, HP C3700
@@ -1199,7 +1243,6 @@ LoongArch Machines
 ------------------
 Virt
 M: Song Gao <gaosong@loongson.cn>
-M: Bibo Mao <maobibo@loongson.cn>
 R: Jiaxun Yang <jiaxun.yang@flygoat.com>
 S: Maintained
 F: docs/system/loongarch/virt.rst
@@ -1238,7 +1281,6 @@ S: Odd Fixes
 F: hw/m68k/next-*.c
 F: hw/display/next-fb.c
 F: include/hw/m68k/next-cube.h
-F: tests/functional/test_m68k_nextcube.py

 q800
 M: Laurent Vivier <laurent@vivier.eu>
@@ -1264,7 +1306,6 @@ F: include/hw/m68k/q800-glue.h
 F: include/hw/misc/djmemc.h
 F: include/hw/misc/iosb.h
 F: include/hw/audio/asc.h
-F: tests/functional/test_m68k_q800.py

 virt
 M: Laurent Vivier <laurent@vivier.eu>
@@ -1287,7 +1328,7 @@ M: Edgar E. Iglesias <edgar.iglesias@gmail.com>
 S: Maintained
 F: hw/microblaze/petalogix_s3adsp1800_mmu.c
 F: include/hw/char/xilinx_uartlite.h
-F: tests/functional/test_microblaze*.py
+F: tests/avocado/machine_microblaze.py

 petalogix_ml605
 M: Edgar E. Iglesias <edgar.iglesias@gmail.com>
@@ -1324,8 +1365,7 @@ F: hw/mips/malta.c
 F: hw/pci-host/gt64120.c
 F: include/hw/southbridge/piix.h
 F: tests/avocado/linux_ssh_mips_malta.py
-F: tests/functional/test_mips*_malta.py
-F: tests/functional/test_mips*_tuxrun.py
+F: tests/avocado/machine_mips_malta.py

 Mipssim
 R: Aleksandar Rikalo <arikalo@gmail.com>
@@ -1341,7 +1381,7 @@ S: Odd Fixes
 F: hw/mips/fuloong2e.c
 F: hw/pci-host/bonito.c
 F: include/hw/pci-host/bonito.h
-F: tests/functional/test_mips64el_fuloong2e.py
+F: tests/avocado/machine_mips_fuloong2e.py

 Loongson-3 virtual platforms
 M: Huacai Chen <chenhuacai@kernel.org>
@@ -1356,7 +1396,7 @@ F: hw/mips/loongson3_virt.c
 F: include/hw/intc/loongson_ipi_common.h
 F: include/hw/intc/loongson_ipi.h
 F: include/hw/intc/loongson_liointc.h
-F: tests/functional/test_mips64el_loongson3v.py
+F: tests/avocado/machine_mips_loongson3v.py

 Boston
 M: Paul Burton <paulburton@kernel.org>
@@ -1382,19 +1422,18 @@ PowerPC Machines
 L: qemu-ppc@nongnu.org
 S: Orphan
 F: hw/ppc/ppc405*
-F: tests/functional/test_ppc_405.py
+F: tests/avocado/ppc_405.py

 Bamboo
 L: qemu-ppc@nongnu.org
 S: Orphan
 F: hw/ppc/ppc440_bamboo.c
 F: hw/pci-host/ppc4xx_pci.c
-F: tests/functional/test_ppc_bamboo.py
+F: tests/avocado/ppc_bamboo.py

 e500
-M: Bernhard Beschow <shentey@gmail.com>
 L: qemu-ppc@nongnu.org
-S: Odd Fixes
+S: Orphan
 F: hw/ppc/e500*
 F: hw/ppc/ppce500_spin.c
 F: hw/gpio/mpc8xxx.c
@@ -1407,16 +1446,13 @@ F: pc-bios/u-boot.e500
 F: hw/intc/openpic_kvm.c
 F: include/hw/ppc/openpic_kvm.h
 F: docs/system/ppc/ppce500.rst
-F: tests/functional/test_ppc64_e500.py
-F: tests/functional/test_ppc_tuxrun.py

 mpc8544ds
-M: Bernhard Beschow <shentey@gmail.com>
 L: qemu-ppc@nongnu.org
-S: Odd Fixes
+S: Orphan
 F: hw/ppc/mpc8544ds.c
 F: hw/ppc/mpc8544_guts.c
-F: tests/functional/test_ppc_mpc8544ds.py
+F: tests/avocado/ppc_mpc8544ds.py

 New World (mac99)
 M: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
@@ -1438,7 +1474,6 @@ F: include/hw/ppc/mac_dbdma.h
 F: include/hw/pci-host/uninorth.h
 F: include/hw/input/adb*
 F: pc-bios/qemu_vga.ndrv
-F: tests/functional/test_ppc_mac.py

 Old World (g3beige)
 M: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
@@ -1454,7 +1489,6 @@ F: include/hw/intc/heathrow_pic.h
 F: include/hw/input/adb*
 F: include/hw/pci-host/grackle.h
 F: pc-bios/qemu_vga.ndrv
-F: tests/functional/test_ppc_mac.py

 PReP
 M: Hervé Poussineau <hpoussin@reactos.org>
@@ -1471,11 +1505,12 @@ F: hw/dma/i82374.c
 F: hw/rtc/m48t59-isa.c
 F: include/hw/isa/pc87312.h
 F: include/hw/rtc/m48t59.h
-F: tests/functional/test_ppc_40p.py
+F: tests/avocado/ppc_prep_40p.py

 sPAPR (pseries)
 M: Nicholas Piggin <npiggin@gmail.com>
 R: Daniel Henrique Barboza <danielhb413@gmail.com>
+R: David Gibson <david@gibson.dropbear.id.au>
 R: Harsh Prateek Bora <harshpb@linux.ibm.com>
 L: qemu-ppc@nongnu.org
 S: Odd Fixes
@@ -1494,11 +1529,11 @@ F: tests/qtest/spapr*
 F: tests/qtest/libqos/*spapr*
 F: tests/qtest/rtas*
 F: tests/qtest/libqos/rtas*
-F: tests/functional/test_ppc64_pseries.py
-F: tests/functional/test_ppc64_hv.py
-F: tests/functional/test_ppc64_tuxrun.py
+F: tests/avocado/ppc_pseries.py
+F: tests/avocado/ppc_hv_tests.py

 PowerNV (Non-Virtualized)
+M: Cédric Le Goater <clg@kaod.org>
 M: Nicholas Piggin <npiggin@gmail.com>
 R: Frédéric Barrat <fbarrat@linux.ibm.com>
 L: qemu-ppc@nongnu.org
@@ -1508,13 +1543,10 @@ F: hw/ppc/pnv*
 F: hw/intc/pnv*
 F: hw/intc/xics_pnv.c
 F: hw/pci-host/pnv*
-F: hw/ssi/pnv_spi.c
 F: include/hw/ppc/pnv*
 F: include/hw/pci-host/pnv*
-F: include/hw/ssi/pnv_spi*
 F: pc-bios/skiboot.lid
 F: tests/qtest/pnv*
-F: tests/functional/test_ppc64_powernv.py

 pca955x
 M: Glenn Miles <milesg@linux.ibm.com>
@@ -1529,7 +1561,7 @@ M: Edgar E. Iglesias <edgar.iglesias@gmail.com>
 L: qemu-ppc@nongnu.org
 S: Odd Fixes
 F: hw/ppc/virtex_ml507.c
-F: tests/functional/test_ppc_virtex_ml507.py
+F: tests/avocado/ppc_virtex_ml507.py

 sam460ex
 M: BALATON Zoltan <balaton@eik.bme.hu>
@@ -1562,10 +1594,10 @@ S: Maintained
 F: hw/ppc/amigaone.c
 F: hw/pci-host/articia.c
 F: include/hw/pci-host/articia.h
-F: tests/functional/test_ppc_amiga.py

 Virtual Open Firmware (VOF)
 M: Alexey Kardashevskiy <aik@ozlabs.ru>
+R: David Gibson <david@gibson.dropbear.id.au>
 L: qemu-ppc@nongnu.org
 S: Odd Fixes
 F: hw/ppc/spapr_vof*
@@ -1628,7 +1660,7 @@ R: Yoshinori Sato <ysato@users.sourceforge.jp>
 S: Orphan
 F: docs/system/target-rx.rst
 F: hw/rx/rx-gdbsim.c
-F: tests/functional/test_rx_gdbsim.py
+F: tests/avocado/machine_rx_gdbsim.py

 SH4 Machines
 ------------
@@ -1643,8 +1675,17 @@ F: hw/pci-host/sh_pci.c
 F: hw/timer/sh_timer.c
 F: include/hw/sh4/sh_intc.h
 F: include/hw/timer/tmu012.h
-F: tests/functional/test_sh4_r2d.py
-F: tests/functional/test_sh4_tuxrun.py
+
+Shix
+R: Yoshinori Sato <ysato@users.sourceforge.jp>
+R: Magnus Damm <magnus.damm@gmail.com>
+S: Odd Fixes
+F: hw/block/tc58128.c
+F: hw/char/sh_serial.c
+F: hw/sh4/shix.c
+F: hw/intc/sh_intc.c
+F: hw/timer/sh_timer.c
+F: include/hw/sh4/sh_intc.h

 SPARC Machines
 --------------
@@ -1662,7 +1703,6 @@ F: include/hw/nvram/sun_nvram.h
 F: include/hw/sparc/sparc32_dma.h
 F: include/hw/sparc/sun4m_iommu.h
 F: pc-bios/openbios-sparc32
-F: tests/functional/test_sparc_sun4m.py

 Sun4u
 M: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
@@ -1675,8 +1715,7 @@ F: include/hw/pci-host/sabre.h
 F: hw/pci-bridge/simba.c
 F: include/hw/pci-bridge/simba.h
 F: pc-bios/openbios-sparc64
-F: tests/functional/test_sparc64_sun4u.py
-F: tests/functional/test_sparc64_tuxrun.py
+F: tests/avocado/machine_sparc64_sun4u.py

 Sun4v
 M: Artyom Tarasenko <atar4qemu@gmail.com>
@@ -1703,7 +1742,7 @@ S: Supported
 F: hw/s390x/
 F: include/hw/s390x/
 F: configs/devices/s390x-softmmu/default.mak
-F: tests/functional/test_s390x_*
+F: tests/avocado/machine_s390_ccw_virtio.py
 T: git https://github.com/borntraeger/qemu.git s390-next
 L: qemu-s390x@nongnu.org

@@ -1766,7 +1805,7 @@ F: hw/s390x/cpu-topology.c
 F: target/s390x/kvm/stsi-topology.c
 F: docs/devel/s390-cpu-topology.rst
 F: docs/system/s390x/cpu-topology.rst
-F: tests/functional/test_s390x_topology.py
+F: tests/avocado/s390_topology.py

 X86 Machines
 ------------
@@ -1794,11 +1833,6 @@ F: hw/isa/apm.c
 F: include/hw/isa/apm.h
 F: tests/unit/test-x86-topo.c
 F: tests/qtest/test-x86-cpuid-compat.c
-F: tests/functional/test_i386_tuxrun.py
-F: tests/functional/test_mem_addr_space.py
-F: tests/functional/test_pc_cpu_hotplug_props.py
-F: tests/functional/test_x86_64_tuxrun.py
-F: tests/functional/test_x86_cpu_model_versions.py

 PC Chipset
 M: Michael S. Tsirkin <mst@redhat.com>
@@ -1843,16 +1877,6 @@ F: hw/i386/microvm.c
 F: include/hw/i386/microvm.h
 F: pc-bios/bios-microvm.bin

-nitro-enclave
-M: Alexander Graf <graf@amazon.com>
-M: Dorjoy Chowdhury <dorjoychy111@gmail.com>
-S: Maintained
-F: hw/core/eif.c
-F: hw/core/eif.h
-F: hw/i386/nitro_enclave.c
-F: include/hw/i386/nitro_enclave.h
-F: docs/system/i386/nitro-enclave.rst
-
 Machine core
 M: Eduardo Habkost <eduardo@habkost.net>
 M: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
@@ -1875,8 +1899,6 @@ F: include/hw/boards.h
 F: include/hw/core/cpu.h
 F: include/hw/cpu/cluster.h
 F: include/sysemu/numa.h
-F: tests/functional/test_cpu_queries.py
-F: tests/functional/test_empty_cpu_model.py
 F: tests/unit/test-smp-parse.c
 T: git https://gitlab.com/ehabkost/qemu.git machine-next

@@ -1898,7 +1920,6 @@ S: Maintained
 F: hw/xtensa/xtfpga.c
 F: hw/net/opencores_eth.c
 F: include/hw/xtensa/mx_pic.h
-F: tests/functional/test_xtensa_lx60.py

 Devices
 -------
@@ -1913,6 +1934,7 @@ F: tests/qtest/intel-hda-test.c
 F: tests/qtest/fuzz-sb16-test.c

 Xilinx CAN
+M: Vikram Garhwal <vikram.garhwal@amd.com>
 M: Francisco Iglesias <francisco.iglesias@amd.com>
 S: Maintained
 F: hw/net/can/xlnx-*
@@ -2043,8 +2065,8 @@ ACPI/AVOCADO/BIOSBITS
 M: Ani Sinha <anisinha@redhat.com>
 M: Michael S. Tsirkin <mst@redhat.com>
 S: Supported
-F: tests/functional/acpi-bits/*
-F: tests/functional/test_acpi_bits.py
+F: tests/avocado/acpi-bits/*
+F: tests/avocado/acpi-bits.py
 F: docs/devel/acpi-bits.rst

 ACPI/HEST/GHES
@@ -2081,7 +2103,6 @@ S: Odd Fixes
 F: hw/net/
 F: include/hw/net/
 F: tests/qtest/virtio-net-test.c
-F: tests/functional/test_info_usernet.py
 F: docs/virtio-net-failover.rst
 T: git https://github.com/jasowang/qemu.git net

@@ -2217,7 +2238,6 @@ F: net/vhost-user.c
 F: include/hw/virtio/
 F: docs/devel/virtio*
 F: docs/devel/migration/virtio.rst
-F: tests/functional/test_virtio_version.py

 virtio-balloon
 M: Michael S. Tsirkin <mst@redhat.com>
@@ -2228,7 +2248,6 @@ F: hw/virtio/virtio-balloon*.c
 F: include/hw/virtio/virtio-balloon.h
 F: system/balloon.c
 F: include/sysemu/balloon.h
-F: tests/qtest/virtio-balloon-test.c

 virtio-9p
 M: Greg Kurz <groug@kaod.org>
@@ -2237,12 +2256,20 @@ S: Maintained
 W: https://wiki.qemu.org/Documentation/9p
 F: hw/9pfs/
 X: hw/9pfs/xen-9p*
+X: hw/9pfs/9p-proxy*
 F: fsdev/
+X: fsdev/virtfs-proxy-helper.c
 F: tests/qtest/virtio-9p-test.c
 F: tests/qtest/libqos/virtio-9p*
 T: git https://gitlab.com/gkurz/qemu.git 9p-next
 T: git https://github.com/cschoenebeck/qemu.git 9p.next

+virtio-9p-proxy
+F: hw/9pfs/9p-proxy*
+F: fsdev/virtfs-proxy-helper.c
+F: docs/tools/virtfs-proxy-helper.rst
+S: Obsolete
+
 virtio-blk
 M: Stefan Hajnoczi <stefanha@redhat.com>
 L: qemu-block@nongnu.org
@@ -2313,16 +2340,6 @@ F: include/sysemu/rng*.h
 F: backends/rng*.c
 F: tests/qtest/virtio-rng-test.c

-virtio-nsm
-M: Alexander Graf <graf@amazon.com>
-M: Dorjoy Chowdhury <dorjoychy111@gmail.com>
-S: Maintained
-F: hw/virtio/cbor-helpers.c
-F: hw/virtio/virtio-nsm.c
-F: hw/virtio/virtio-nsm-pci.c
-F: include/hw/virtio/cbor-helpers.h
-F: include/hw/virtio/virtio-nsm.h
-
 vhost-user-stubs
 M: Alex Bennée <alex.bennee@linaro.org>
 S: Maintained
@@ -2471,7 +2488,7 @@ R: Sriram Yagnaraman <sriram.yagnaraman@ericsson.com>
 S: Maintained
 F: docs/system/devices/igb.rst
 F: hw/net/igb*
-F: tests/functional/test_netdev_ethtool.py
+F: tests/avocado/netdev-ethtool.py
 F: tests/qtest/igb-test.c
 F: tests/qtest/libqos/igb.c

@@ -2642,12 +2659,12 @@ F: tests/qtest/fw_cfg-test.c
 T: git https://github.com/philmd/qemu.git fw_cfg-next

 XIVE
+M: Cédric Le Goater <clg@kaod.org>
 R: Frédéric Barrat <fbarrat@linux.ibm.com>
 L: qemu-ppc@nongnu.org
 S: Odd Fixes
 F: hw/*/*xive*
 F: include/hw/*/*xive*
-F: tests/qtest/*xive*
 F: docs/*/*xive*

 Renesas peripherals
@@ -2672,7 +2689,7 @@ F: include/hw/rx/

 CAN bus subsystem and hardware
 M: Pavel Pisa <pisa@cmp.felk.cvut.cz>
-M: Francisco Iglesias <francisco.iglesias@amd.com>
+M: Vikram Garhwal <fnu.vikram@xilinx.com>
 S: Maintained
 W: https://canbus.pages.fel.cvut.cz/
 F: net/can/*
@@ -2954,7 +2971,6 @@ S: Supported
 F: include/qemu/option.h
 F: tests/unit/test-keyval.c
 F: tests/unit/test-qemu-opts.c
-F: tests/functional/test_version.py
 F: util/keyval.c
 F: util/qemu-option.c

@@ -3016,7 +3032,6 @@ F: gdb-xml/
 F: tests/tcg/multiarch/gdbstub/*
 F: scripts/feature_to_c.py
 F: scripts/probe-gdb-support.py
-T: git https://gitlab.com/stsquad/qemu gdbstub/next

 Memory API
 M: Paolo Bonzini <pbonzini@redhat.com>
@@ -3097,13 +3112,11 @@ F: qapi/run-state.json
 Read, Copy, Update (RCU)
 M: Paolo Bonzini <pbonzini@redhat.com>
 S: Maintained
-F: docs/devel/lockcnt.rst
-F: docs/devel/rcu.rst
+F: docs/devel/lockcnt.txt
+F: docs/devel/rcu.txt
 F: include/qemu/rcu*.h
-F: include/qemu/lockcnt.h
 F: tests/unit/rcutorture.c
 F: tests/unit/test-rcu-*.c
-F: util/lockcnt.c
 F: util/rcu.c

 Human Monitor (HMP)
@@ -3161,6 +3174,7 @@ F: qapi/cryptodev.json
 Python library
 M: John Snow <jsnow@redhat.com>
 M: Cleber Rosa <crosa@redhat.com>
+R: Beraldo Leal <bleal@redhat.com>
 S: Maintained
 F: python/
 T: git https://gitlab.com/jsnow/qemu.git python
@@ -3298,7 +3312,7 @@ F: tests/qtest/qmp-cmd-test.c
 T: git https://repo.or.cz/qemu/armbru.git qapi-next

 qtest
-M: Fabiano Rosas <farosas@suse.de>
+M: Thomas Huth <thuth@redhat.com>
 M: Laurent Vivier <lvivier@redhat.com>
 R: Paolo Bonzini <pbonzini@redhat.com>
 S: Maintained
@@ -3316,7 +3330,7 @@ M: Alexander Bulekov <alxndr@bu.edu>
 R: Paolo Bonzini <pbonzini@redhat.com>
 R: Bandan Das <bsd@redhat.com>
 R: Stefan Hajnoczi <stefanha@redhat.com>
-R: Fabiano Rosas <farosas@suse.de>
+R: Thomas Huth <thuth@redhat.com>
 R: Darren Kenny <darren.kenny@oracle.com> 
 R: Qiuhao Li <Qiuhao.Li@outlook.com>
 S: Maintained
@@ -3334,17 +3348,6 @@ F: hw/core/register.c
 F: include/hw/register.h
 F: include/hw/registerfields.h

-Rust
-M: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
-S: Maintained
-F: rust/qemu-api
-F: rust/qemu-api-macros
-F: rust/rustfmt.toml
-
-Rust-related patches CC here
-L: qemu-rust@nongnu.org
-F: rust/
-
 SLIRP
 M: Samuel Thibault <samuel.thibault@ens-lyon.org>
 S: Maintained
@@ -3566,7 +3569,7 @@ F: include/migration/failover.h
 F: docs/COLO-FT.txt

 COLO Proxy
-M: Zhang Chen <zhangckid@gmail.com>
+M: Zhang Chen <chen.zhang@intel.com>
 M: Li Zhijian <lizhijian@fujitsu.com>
 S: Supported
 F: docs/colo-proxy.txt
@@ -3669,7 +3672,6 @@ VT-d Emulation
 M: Michael S. Tsirkin <mst@redhat.com>
 R: Jason Wang <jasowang@redhat.com>
 R: Yi Liu <yi.l.liu@intel.com>
-R: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com>
 S: Supported
 F: hw/i386/intel_iommu.c
 F: hw/i386/intel_iommu_internal.h
@@ -3733,6 +3735,7 @@ F: configs/targets/*linux-user.mak
 F: scripts/qemu-binfmt-conf.sh
 F: scripts/update-syscalltbl.sh
 F: scripts/update-mips-syscall-args.sh
+F: scripts/gensyscalls.sh

 Tiny Code Generator (TCG)
 -------------------------
@@ -3744,7 +3747,6 @@ F: include/tcg/

 TCG Plugins
 M: Alex Bennée <alex.bennee@linaro.org>
-T: git https://gitlab.com/stsquad/qemu plugins/next
 R: Alexandre Iooss <erdnaxe@crans.org>
 R: Mahmoud Mandour <ma.mandourr@gmail.com>
 R: Pierrick Bouvier <pierrick.bouvier@linaro.org>
@@ -3752,9 +3754,8 @@ S: Maintained
 F: docs/devel/tcg-plugins.rst
 F: plugins/
 F: tests/tcg/plugins/
-F: tests/functional/test_aarch64_tcg_plugins.py
+F: tests/avocado/tcg_plugins.py
 F: contrib/plugins/
-F: scripts/qemu-plugin-symbols.py

 AArch64 TCG target
 M: Richard Henderson <richard.henderson@linaro.org>
@@ -3937,7 +3938,6 @@ M: Stefan Hajnoczi <stefanha@redhat.com>
 L: qemu-block@nongnu.org
 S: Supported
 F: block/blkverify.c
-F: docs/devel/blkverify.rst

 bochs
 M: Stefan Hajnoczi <stefanha@redhat.com>
@@ -4015,7 +4015,6 @@ M: Hanna Reitz <hreitz@redhat.com>
 L: qemu-block@nongnu.org
 S: Supported
 F: block/blkdebug.c
-F: docs/devel/blkdebug.rst

 vpc
 M: Kevin Wolf <kwolf@redhat.com>
@@ -4119,10 +4118,10 @@ Build and test automation
 -------------------------
 Build and test automation, general continuous integration
 M: Alex Bennée <alex.bennee@linaro.org>
-T: git https://gitlab.com/stsquad/qemu testing/next
 M: Philippe Mathieu-Daudé <philmd@linaro.org>
 M: Thomas Huth <thuth@redhat.com>
 R: Wainer dos Santos Moschetta <wainersm@redhat.com>
+R: Beraldo Leal <bleal@redhat.com>
 S: Maintained
 F: .github/workflows/lockdown.yml
 F: .gitlab-ci.yml
@@ -4133,7 +4132,7 @@ F: scripts/ci/
 F: tests/docker/
 F: tests/vm/
 F: tests/lcitool/
-F: tests/functional/test_*_tuxrun.py
+F: tests/avocado/tuxrun_baselines.py
 F: scripts/archive-source.sh
 F: docs/devel/testing.rst
 W: https://gitlab.com/qemu-project/qemu/pipelines
@@ -4147,11 +4146,6 @@ F: .gitlab-ci.d/cirrus/freebsd*
 F: tests/vm/freebsd
 W: https://cirrus-ci.com/github/qemu/qemu

-Functional testing framework
-M: Thomas Huth <thuth@redhat.com>
-R: Philippe Mathieu-Daudé <philmd@linaro.org>
-F: tests/functional/qemu_test/
-
 Windows Hosted Continuous Integration
 M: Yonggang Luo <luoyonggang@gmail.com>
 S: Maintained
@@ -4168,6 +4162,7 @@ W: https://trello.com/b/6Qi1pxVn/avocado-qemu
 R: Cleber Rosa <crosa@redhat.com>
 R: Philippe Mathieu-Daudé <philmd@linaro.org>
 R: Wainer dos Santos Moschetta <wainersm@redhat.com>
+R: Beraldo Leal <bleal@redhat.com>
 S: Odd Fixes
 F: tests/avocado/

@@ -4201,6 +4196,7 @@ Meson
 M: Paolo Bonzini <pbonzini@redhat.com>
 R: Marc-André Lureau <marcandre.lureau@redhat.com>
 R: Daniel P. Berrange <berrange@redhat.com>
+R: Thomas Huth <thuth@redhat.com>
 R: Philippe Mathieu-Daudé <philmd@linaro.org>
 S: Maintained
 F: meson.build
@@ -4247,16 +4243,6 @@ F: docs/sphinx/
 F: docs/_templates/
 F: docs/devel/docs.rst

-Rust build system integration
-M: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
-L: qemu-rust@nongnu.org
-S: Maintained
-F: scripts/rust/
-F: rust/.gitignore
-F: rust/Kconfig
-F: rust/meson.build
-F: rust/wrapper.h
-
 Miscellaneous
 -------------
 Performance Tools and Tests
--- a/16
+++ b/16
@@ -187,6 +187,11 @@ SUBDIR_RULES=$(foreach t, all clean distclean, $(addsuffix /$(t), $(SUBDIRS)))
 $(SUBDIR_RULES):
 	$(call quiet-command,$(MAKE) $(SUBDIR_MAKEFLAGS) -C $(dir $@) V="$(V)" TARGET_DIR="$(dir $@)" $(notdir $@),)

+ifneq ($(filter contrib/plugins, $(SUBDIRS)),)
+.PHONY: plugins
+plugins: contrib/plugins/all
+endif
+
 .PHONY: recurse-all recurse-clean
 recurse-all: $(addsuffix /all, $(SUBDIRS))
 recurse-clean: $(addsuffix /clean, $(SUBDIRS))
@@ -207,10 +212,10 @@ clean: recurse-clean

 VERSION = $(shell cat $(SRC_PATH)/VERSION)

-dist: qemu-$(VERSION).tar.xz
+dist: qemu-$(VERSION).tar.bz2

-qemu-%.tar.xz:
-	$(SRC_PATH)/scripts/make-release "$(SRC_PATH)" "$(patsubst qemu-%.tar.xz,%,$@)"
+qemu-%.tar.bz2:
+	$(SRC_PATH)/scripts/make-release "$(SRC_PATH)" "$(patsubst qemu-%.tar.bz2,%,$@)"

 distclean: clean recurse-distclean
 	-$(quiet-@)test -f build.ninja && $(NINJA) $(NINJAFLAGS) -t clean -g || :
@@ -302,6 +307,11 @@ help:
 	$(call print-help,cscope,Generate cscope index)
 	$(call print-help,sparse,Run sparse on the QEMU source)
 	@echo  ''
+ifneq ($(filter contrib/plugins, $(SUBDIRS)),)
+	@echo  'Plugin targets:'
+	$(call print-help,plugins,Build the example TCG plugins)
+	@echo  ''
+endif
 	@echo  'Cleaning targets:'
 	$(call print-help,clean,Remove most generated files but keep the config)
 	$(call print-help,distclean,Remove all generated files)
--- a/2
+++ b/2
@@ -1 +1 @@
-9.2.3
+9.1.1
--- a/accel/accel-blocker.c
+++ b/accel/accel-blocker.c
@@ -25,7 +25,6 @@
 */

 #include "qemu/osdep.h"
-#include "qemu/lockcnt.h"
 #include "qemu/thread.h"
 #include "qemu/main-loop.h"
 #include "hw/core/cpu.h"
--- a/accel/accel-system.c
+++ b/accel/accel-system.c
@@ -73,17 +73,19 @@ void accel_system_init_ops_interfaces(AccelClass *ac)
    g_assert(ac_name != NULL);

    ops_name = g_strdup_printf("%s" ACCEL_OPS_SUFFIX, ac_name);
+    ops = ACCEL_OPS_CLASS(module_object_class_by_name(ops_name));
    oc = module_object_class_by_name(ops_name);
    if (!oc) {
        error_report("fatal: could not load module for type '%s'", ops_name);
        exit(1);
    }
    g_free(ops_name);
+    ops = ACCEL_OPS_CLASS(oc);
    /*
     * all accelerators need to define ops, providing at least a mandatory
     * non-NULL create_vcpu_thread operation.
     */
-    ops = ACCEL_OPS_CLASS(oc);
+    g_assert(ops != NULL);
    if (ops->ops_init) {
        ops->ops_init(ops);
    }
--- a/accel/hvf/hvf-accel-ops.c
+++ b/accel/hvf/hvf-accel-ops.c
@@ -53,7 +53,6 @@
 #include "exec/address-spaces.h"
 #include "exec/exec-all.h"
 #include "gdbstub/enums.h"
-#include "hw/boards.h"
 #include "sysemu/cpus.h"
 #include "sysemu/hvf.h"
 #include "sysemu/hvf_int.h"
@@ -62,6 +61,10 @@

 HVFState *hvf_state;

+#ifdef __aarch64__
+#define HV_VM_DEFAULT NULL
+#endif
+
 /* Memory slots */

 hvf_slot *hvf_find_overlap_slot(uint64_t start, uint64_t size)
@@ -320,17 +323,8 @@ static int hvf_accel_init(MachineState *ms)
    int x;
    hv_return_t ret;
    HVFState *s;
-    int pa_range = 36;
-    MachineClass *mc = MACHINE_GET_CLASS(ms);

-    if (mc->hvf_get_physical_address_range) {
-        pa_range = mc->hvf_get_physical_address_range(ms);
-        if (pa_range < 0) {
-            return -EINVAL;
-        }
-    }
-
-    ret = hvf_arch_vm_create(ms, (uint32_t)pa_range);
+    ret = hv_vm_create(HV_VM_DEFAULT);
    assert_hvf_ok(ret);

    s = g_new0(HVFState, 1);
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -69,11 +69,6 @@
 #define KVM_GUESTDBG_BLOCKIRQ 0
 #endif

-/* Default num of memslots to be allocated when VM starts */
-#define  KVM_MEMSLOTS_NR_ALLOC_DEFAULT                      16
-/* Default max allowed memslots if kernel reported nothing */
-#define  KVM_MEMSLOTS_NR_MAX_DEFAULT                        32
-
 struct KVMParkedVcpu {
    unsigned long vcpu_id;
    int kvm_fd;
@@ -170,62 +165,11 @@ void kvm_resample_fd_notify(int gsi)
    }
 }

-/**
- * kvm_slots_grow(): Grow the slots[] array in the KVMMemoryListener
- *
- * @kml: The KVMMemoryListener* to grow the slots[] array
- * @nr_slots_new: The new size of slots[] array
- *
- * Returns: True if the array grows larger, false otherwise.
- */
-static bool kvm_slots_grow(KVMMemoryListener *kml, unsigned int nr_slots_new)
-{
-    unsigned int i, cur = kml->nr_slots_allocated;
-    KVMSlot *slots;
-
-    if (nr_slots_new > kvm_state->nr_slots_max) {
-        nr_slots_new = kvm_state->nr_slots_max;
-    }
-
-    if (cur >= nr_slots_new) {
-        /* Big enough, no need to grow, or we reached max */
-        return false;
-    }
-
-    if (cur == 0) {
-        slots = g_new0(KVMSlot, nr_slots_new);
-    } else {
-        assert(kml->slots);
-        slots = g_renew(KVMSlot, kml->slots, nr_slots_new);
-        /*
-         * g_renew() doesn't initialize extended buffers, however kvm
-         * memslots require fields to be zero-initialized. E.g. pointers,
-         * memory_size field, etc.
-         */
-        memset(&slots[cur], 0x0, sizeof(slots[0]) * (nr_slots_new - cur));
-    }
-
-    for (i = cur; i < nr_slots_new; i++) {
-        slots[i].slot = i;
-    }
-
-    kml->slots = slots;
-    kml->nr_slots_allocated = nr_slots_new;
-    trace_kvm_slots_grow(cur, nr_slots_new);
-
-    return true;
-}
-
-static bool kvm_slots_double(KVMMemoryListener *kml)
-{
-    return kvm_slots_grow(kml, kml->nr_slots_allocated * 2);
-}
-
 unsigned int kvm_get_max_memslots(void)
 {
    KVMState *s = KVM_STATE(current_accel());

-    return s->nr_slots_max;
+    return s->nr_slots;
 }

 unsigned int kvm_get_free_memslots(void)
@@ -239,36 +183,25 @@ unsigned int kvm_get_free_memslots(void)
        if (!s->as[i].ml) {
            continue;
        }
-        used_slots = MAX(used_slots, s->as[i].ml->nr_slots_used);
+        used_slots = MAX(used_slots, s->as[i].ml->nr_used_slots);
    }
    kvm_slots_unlock();

-    return s->nr_slots_max - used_slots;
+    return s->nr_slots - used_slots;
 }

 /* Called with KVMMemoryListener.slots_lock held */
 static KVMSlot *kvm_get_free_slot(KVMMemoryListener *kml)
 {
-    unsigned int n;
+    KVMState *s = kvm_state;
    int i;

-    for (i = 0; i < kml->nr_slots_allocated; i++) {
+    for (i = 0; i < s->nr_slots; i++) {
        if (kml->slots[i].memory_size == 0) {
            return &kml->slots[i];
        }
    }

-    /*
-     * If no free slots, try to grow first by doubling.  Cache the old size
-     * here to avoid another round of search: if the grow succeeded, it
-     * means slots[] now must have the existing "n" slots occupied,
-     * followed by one or more free slots starting from slots[n].
-     */
-    n = kml->nr_slots_allocated;
-    if (kvm_slots_double(kml)) {
-        return &kml->slots[n];
-    }
-
    return NULL;
 }

@@ -289,9 +222,10 @@ static KVMSlot *kvm_lookup_matching_slot(KVMMemoryListener *kml,
                                         hwaddr start_addr,
                                         hwaddr size)
 {
+    KVMState *s = kvm_state;
    int i;

-    for (i = 0; i < kml->nr_slots_allocated; i++) {
+    for (i = 0; i < s->nr_slots; i++) {
        KVMSlot *mem = &kml->slots[i];

        if (start_addr == mem->start_addr && size == mem->memory_size) {
@@ -333,7 +267,7 @@ int kvm_physical_memory_addr_from_host(KVMState *s, void *ram,
    int i, ret = 0;

    kvm_slots_lock();
-    for (i = 0; i < kml->nr_slots_allocated; i++) {
+    for (i = 0; i < s->nr_slots; i++) {
        KVMSlot *mem = &kml->slots[i];

        if (ram >= mem->ram && ram < mem->ram + mem->memory_size) {
@@ -437,16 +371,6 @@ int kvm_unpark_vcpu(KVMState *s, unsigned long vcpu_id)
    return kvm_fd;
 }

-static void kvm_reset_parked_vcpus(void *param)
-{
-    KVMState *s = param;
-    struct KVMParkedVcpu *cpu;
-
-    QLIST_FOREACH(cpu, &s->kvm_parked_vcpus, node) {
-        kvm_arch_reset_parked_vcpu(cpu->vcpu_id, cpu->kvm_fd);
-    }
-}
-
 int kvm_create_vcpu(CPUState *cpu)
 {
    unsigned long vcpu_id = kvm_arch_vcpu_id(cpu);
@@ -490,7 +414,7 @@ int kvm_create_and_park_vcpu(CPUState *cpu)
 static int do_kvm_destroy_vcpu(CPUState *cpu)
 {
    KVMState *s = kvm_state;
-    int mmap_size;
+    long mmap_size;
    int ret = 0;

    trace_kvm_destroy_vcpu(cpu->cpu_index, kvm_arch_vcpu_id(cpu));
@@ -535,7 +459,7 @@ void kvm_destroy_vcpu(CPUState *cpu)
 int kvm_init_vcpu(CPUState *cpu, Error **errp)
 {
    KVMState *s = kvm_state;
-    int mmap_size;
+    long mmap_size;
    int ret;

    trace_kvm_init_vcpu(cpu->cpu_index, kvm_arch_vcpu_id(cpu));
@@ -1147,7 +1071,7 @@ static int kvm_physical_log_clear(KVMMemoryListener *kml,

    kvm_slots_lock();

-    for (i = 0; i < kml->nr_slots_allocated; i++) {
+    for (i = 0; i < s->nr_slots; i++) {
        mem = &kml->slots[i];
        /* Discard slots that are empty or do not overlap the section */
        if (!mem->memory_size ||
@@ -1526,7 +1450,7 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
            }
            start_addr += slot_size;
            size -= slot_size;
-            kml->nr_slots_used--;
+            kml->nr_used_slots--;
        } while (size);
        return;
    }
@@ -1565,7 +1489,7 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
        ram_start_offset += slot_size;
        ram += slot_size;
        size -= slot_size;
-        kml->nr_slots_used++;
+        kml->nr_used_slots++;
    } while (size);
 }

@@ -1601,7 +1525,11 @@ static void *kvm_dirty_ring_reaper_thread(void *data)
        r->reaper_iteration++;
    }

-    g_assert_not_reached();
+    trace_kvm_dirty_ring_reaper("exit");
+
+    rcu_unregister_thread();
+
+    return NULL;
 }

 static void kvm_dirty_ring_reaper_init(KVMState *s)
@@ -1791,8 +1719,12 @@ static void kvm_log_sync_global(MemoryListener *l, bool last_stage)
    /* Flush all kernel dirty addresses into KVMSlot dirty bitmap */
    kvm_dirty_ring_flush();

+    /*
+     * TODO: make this faster when nr_slots is big while there are
+     * only a few used slots (small VMs).
+     */
    kvm_slots_lock();
-    for (i = 0; i < kml->nr_slots_allocated; i++) {
+    for (i = 0; i < s->nr_slots; i++) {
        mem = &kml->slots[i];
        if (mem->memory_size && mem->flags & KVM_MEM_LOG_DIRTY_PAGES) {
            kvm_slot_sync_dirty_pages(mem);
@@ -1907,9 +1839,12 @@ void kvm_memory_listener_register(KVMState *s, KVMMemoryListener *kml,
 {
    int i;

+    kml->slots = g_new0(KVMSlot, s->nr_slots);
    kml->as_id = as_id;

-    kvm_slots_grow(kml, KVM_MEMSLOTS_NR_ALLOC_DEFAULT);
+    for (i = 0; i < s->nr_slots; i++) {
+        kml->slots[i].slot = i;
+    }

    QSIMPLEQ_INIT(&kml->transaction_add);
    QSIMPLEQ_INIT(&kml->transaction_del);
@@ -2450,64 +2385,171 @@ uint32_t kvm_dirty_ring_size(void)
    return kvm_state->kvm_dirty_ring_size;
 }

-static int do_kvm_create_vm(MachineState *ms, int type)
+static int kvm_init(MachineState *ms)
 {
+    MachineClass *mc = MACHINE_GET_CLASS(ms);
+    static const char upgrade_note[] =
+        "Please upgrade to at least kernel 2.6.29 or recent kvm-kmod\n"
+        "(see http://sourceforge.net/projects/kvm).\n";
+    const struct {
+        const char *name;
+        int num;
+    } num_cpus[] = {
+        { "SMP",          ms->smp.cpus },
+        { "hotpluggable", ms->smp.max_cpus },
+        { /* end of list */ }
+    }, *nc = num_cpus;
+    int soft_vcpus_limit, hard_vcpus_limit;
    KVMState *s;
+    const KVMCapabilityInfo *missing_cap;
    int ret;
+    int type;
+    uint64_t dirty_log_manual_caps;
+
+    qemu_mutex_init(&kml_slots_lock);

    s = KVM_STATE(ms->accelerator);

-    do {
-        ret = kvm_ioctl(s, KVM_CREATE_VM, type);
-    } while (ret == -EINTR);
+    /*
+     * On systems where the kernel can support different base page
+     * sizes, host page size may be different from TARGET_PAGE_SIZE,
+     * even with KVM.  TARGET_PAGE_SIZE is assumed to be the minimum
+     * page size for the system though.
+     */
+    assert(TARGET_PAGE_SIZE <= qemu_real_host_page_size());

-    if (ret < 0) {
-        error_report("ioctl(KVM_CREATE_VM) failed: %s", strerror(-ret));
+    s->sigmask_len = 8;
+    accel_blocker_init();

-#ifdef TARGET_S390X
-        if (ret == -EINVAL) {
-            error_printf("Host kernel setup problem detected."
-                         " Please verify:\n");
-            error_printf("- for kernels supporting the"
-                        " switch_amode or user_mode parameters, whether");
-            error_printf(" user space is running in primary address space\n");
-            error_printf("- for kernels supporting the vm.allocate_pgste"
-                         " sysctl, whether it is enabled\n");
-        }
-#elif defined(TARGET_PPC)
-        if (ret == -EINVAL) {
-            error_printf("PPC KVM module is not loaded. Try modprobe kvm_%s.\n",
-                         (type == 2) ? "pr" : "hv");
-        }
+#ifdef TARGET_KVM_HAVE_GUEST_DEBUG
+    QTAILQ_INIT(&s->kvm_sw_breakpoints);
 #endif
+    QLIST_INIT(&s->kvm_parked_vcpus);
+    s->fd = qemu_open_old(s->device ?: "/dev/kvm", O_RDWR);
+    if (s->fd == -1) {
+        fprintf(stderr, "Could not access KVM kernel module: %m\n");
+        ret = -errno;
+        goto err;
    }

-    return ret;
-}
+    ret = kvm_ioctl(s, KVM_GET_API_VERSION, 0);
+    if (ret < KVM_API_VERSION) {
+        if (ret >= 0) {
+            ret = -EINVAL;
+        }
+        fprintf(stderr, "kvm version too old\n");
+        goto err;
+    }

-static int find_kvm_machine_type(MachineState *ms)
-{
-    MachineClass *mc = MACHINE_GET_CLASS(ms);
-    int type;
+    if (ret > KVM_API_VERSION) {
+        ret = -EINVAL;
+        fprintf(stderr, "kvm version not supported\n");
+        goto err;
+    }
+
+    kvm_supported_memory_attributes = kvm_check_extension(s, KVM_CAP_MEMORY_ATTRIBUTES);
+    kvm_guest_memfd_supported =
+        kvm_check_extension(s, KVM_CAP_GUEST_MEMFD) &&
+        kvm_check_extension(s, KVM_CAP_USER_MEMORY2) &&
+        (kvm_supported_memory_attributes & KVM_MEMORY_ATTRIBUTE_PRIVATE);
+
+    kvm_immediate_exit = kvm_check_extension(s, KVM_CAP_IMMEDIATE_EXIT);
+    s->nr_slots = kvm_check_extension(s, KVM_CAP_NR_MEMSLOTS);
+
+    /* If unspecified, use the default value */
+    if (!s->nr_slots) {
+        s->nr_slots = 32;
+    }
+
+    s->nr_as = kvm_check_extension(s, KVM_CAP_MULTI_ADDRESS_SPACE);
+    if (s->nr_as <= 1) {
+        s->nr_as = 1;
+    }
+    s->as = g_new0(struct KVMAs, s->nr_as);

    if (object_property_find(OBJECT(current_machine), "kvm-type")) {
-        g_autofree char *kvm_type;
-        kvm_type = object_property_get_str(OBJECT(current_machine),
-                                           "kvm-type",
-                                           &error_abort);
+        g_autofree char *kvm_type = object_property_get_str(OBJECT(current_machine),
+                                                            "kvm-type",
+                                                            &error_abort);
        type = mc->kvm_type(ms, kvm_type);
    } else if (mc->kvm_type) {
        type = mc->kvm_type(ms, NULL);
    } else {
        type = kvm_arch_get_default_type(ms);
    }
-    return type;
-}

-static int kvm_setup_dirty_ring(KVMState *s)
-{
-    uint64_t dirty_log_manual_caps;
-    int ret;
+    if (type < 0) {
+        ret = -EINVAL;
+        goto err;
+    }
+
+    do {
+        ret = kvm_ioctl(s, KVM_CREATE_VM, type);
+    } while (ret == -EINTR);
+
+    if (ret < 0) {
+        fprintf(stderr, "ioctl(KVM_CREATE_VM) failed: %d %s\n", -ret,
+                strerror(-ret));
+
+#ifdef TARGET_S390X
+        if (ret == -EINVAL) {
+            fprintf(stderr,
+                    "Host kernel setup problem detected. Please verify:\n");
+            fprintf(stderr, "- for kernels supporting the switch_amode or"
+                    " user_mode parameters, whether\n");
+            fprintf(stderr,
+                    "  user space is running in primary address space\n");
+            fprintf(stderr,
+                    "- for kernels supporting the vm.allocate_pgste sysctl, "
+                    "whether it is enabled\n");
+        }
+#elif defined(TARGET_PPC)
+        if (ret == -EINVAL) {
+            fprintf(stderr,
+                    "PPC KVM module is not loaded. Try modprobe kvm_%s.\n",
+                    (type == 2) ? "pr" : "hv");
+        }
+#endif
+        goto err;
+    }
+
+    s->vmfd = ret;
+
+    /* check the vcpu limits */
+    soft_vcpus_limit = kvm_recommended_vcpus(s);
+    hard_vcpus_limit = kvm_max_vcpus(s);
+
+    while (nc->name) {
+        if (nc->num > soft_vcpus_limit) {
+            warn_report("Number of %s cpus requested (%d) exceeds "
+                        "the recommended cpus supported by KVM (%d)",
+                        nc->name, nc->num, soft_vcpus_limit);
+
+            if (nc->num > hard_vcpus_limit) {
+                fprintf(stderr, "Number of %s cpus requested (%d) exceeds "
+                        "the maximum cpus supported by KVM (%d)\n",
+                        nc->name, nc->num, hard_vcpus_limit);
+                exit(1);
+            }
+        }
+        nc++;
+    }
+
+    missing_cap = kvm_check_extension_list(s, kvm_required_capabilites);
+    if (!missing_cap) {
+        missing_cap =
+            kvm_check_extension_list(s, kvm_arch_required_capabilities);
+    }
+    if (missing_cap) {
+        ret = -EINVAL;
+        fprintf(stderr, "kvm does not support %s\n%s",
+                missing_cap->name, upgrade_note);
+        goto err;
+    }
+
+    s->coalesced_mmio = kvm_check_extension(s, KVM_CAP_COALESCED_MMIO);
+    s->coalesced_pio = s->coalesced_mmio &&
+                       kvm_check_extension(s, KVM_CAP_COALESCED_PIO);

    /*
     * Enable KVM dirty ring if supported, otherwise fall back to
@@ -2515,7 +2557,7 @@ static int kvm_setup_dirty_ring(KVMState *s)
     */
    ret = kvm_dirty_ring_init(s);
    if (ret < 0) {
-        return ret;
+        goto err;
    }

    /*
@@ -2550,138 +2592,6 @@ static int kvm_setup_dirty_ring(KVMState *s)
        }
    }

-    return 0;
-}
-
-static int kvm_init(MachineState *ms)
-{
-    MachineClass *mc = MACHINE_GET_CLASS(ms);
-    static const char upgrade_note[] =
-        "Please upgrade to at least kernel 2.6.29 or recent kvm-kmod\n"
-        "(see http://sourceforge.net/projects/kvm).\n";
-    const struct {
-        const char *name;
-        int num;
-    } num_cpus[] = {
-        { "SMP",          ms->smp.cpus },
-        { "hotpluggable", ms->smp.max_cpus },
-        { /* end of list */ }
-    }, *nc = num_cpus;
-    int soft_vcpus_limit, hard_vcpus_limit;
-    KVMState *s;
-    const KVMCapabilityInfo *missing_cap;
-    int ret;
-    int type;
-
-    qemu_mutex_init(&kml_slots_lock);
-
-    s = KVM_STATE(ms->accelerator);
-
-    /*
-     * On systems where the kernel can support different base page
-     * sizes, host page size may be different from TARGET_PAGE_SIZE,
-     * even with KVM.  TARGET_PAGE_SIZE is assumed to be the minimum
-     * page size for the system though.
-     */
-    assert(TARGET_PAGE_SIZE <= qemu_real_host_page_size());
-
-    s->sigmask_len = 8;
-    accel_blocker_init();
-
-#ifdef TARGET_KVM_HAVE_GUEST_DEBUG
-    QTAILQ_INIT(&s->kvm_sw_breakpoints);
-#endif
-    QLIST_INIT(&s->kvm_parked_vcpus);
-    s->fd = qemu_open_old(s->device ?: "/dev/kvm", O_RDWR);
-    if (s->fd == -1) {
-        error_report("Could not access KVM kernel module: %m");
-        ret = -errno;
-        goto err;
-    }
-
-    ret = kvm_ioctl(s, KVM_GET_API_VERSION, 0);
-    if (ret < KVM_API_VERSION) {
-        if (ret >= 0) {
-            ret = -EINVAL;
-        }
-        error_report("kvm version too old");
-        goto err;
-    }
-
-    if (ret > KVM_API_VERSION) {
-        ret = -EINVAL;
-        error_report("kvm version not supported");
-        goto err;
-    }
-
-    kvm_immediate_exit = kvm_check_extension(s, KVM_CAP_IMMEDIATE_EXIT);
-    s->nr_slots_max = kvm_check_extension(s, KVM_CAP_NR_MEMSLOTS);
-
-    /* If unspecified, use the default value */
-    if (!s->nr_slots_max) {
-        s->nr_slots_max = KVM_MEMSLOTS_NR_MAX_DEFAULT;
-    }
-
-    type = find_kvm_machine_type(ms);
-    if (type < 0) {
-        ret = -EINVAL;
-        goto err;
-    }
-
-    ret = do_kvm_create_vm(ms, type);
-    if (ret < 0) {
-        goto err;
-    }
-
-    s->vmfd = ret;
-
-    s->nr_as = kvm_vm_check_extension(s, KVM_CAP_MULTI_ADDRESS_SPACE);
-    if (s->nr_as <= 1) {
-        s->nr_as = 1;
-    }
-    s->as = g_new0(struct KVMAs, s->nr_as);
-
-    /* check the vcpu limits */
-    soft_vcpus_limit = kvm_recommended_vcpus(s);
-    hard_vcpus_limit = kvm_max_vcpus(s);
-
-    while (nc->name) {
-        if (nc->num > soft_vcpus_limit) {
-            warn_report("Number of %s cpus requested (%d) exceeds "
-                        "the recommended cpus supported by KVM (%d)",
-                        nc->name, nc->num, soft_vcpus_limit);
-
-            if (nc->num > hard_vcpus_limit) {
-                error_report("Number of %s cpus requested (%d) exceeds "
-                             "the maximum cpus supported by KVM (%d)",
-                             nc->name, nc->num, hard_vcpus_limit);
-                exit(1);
-            }
-        }
-        nc++;
-    }
-
-    missing_cap = kvm_check_extension_list(s, kvm_required_capabilites);
-    if (!missing_cap) {
-        missing_cap =
-            kvm_check_extension_list(s, kvm_arch_required_capabilities);
-    }
-    if (missing_cap) {
-        ret = -EINVAL;
-        error_report("kvm does not support %s", missing_cap->name);
-        error_printf("%s", upgrade_note);
-        goto err;
-    }
-
-    s->coalesced_mmio = kvm_check_extension(s, KVM_CAP_COALESCED_MMIO);
-    s->coalesced_pio = s->coalesced_mmio &&
-                       kvm_check_extension(s, KVM_CAP_COALESCED_PIO);
-
-    ret = kvm_setup_dirty_ring(s);
-    if (ret < 0) {
-        goto err;
-    }
-
 #ifdef KVM_CAP_VCPU_EVENTS
    s->vcpu_events = kvm_check_extension(s, KVM_CAP_VCPU_EVENTS);
 #endif
@@ -2727,18 +2637,11 @@ static int kvm_init(MachineState *ms)
        goto err;
    }

-    kvm_supported_memory_attributes = kvm_vm_check_extension(s, KVM_CAP_MEMORY_ATTRIBUTES);
-    kvm_guest_memfd_supported =
-        kvm_check_extension(s, KVM_CAP_GUEST_MEMFD) &&
-        kvm_check_extension(s, KVM_CAP_USER_MEMORY2) &&
-        (kvm_supported_memory_attributes & KVM_MEMORY_ATTRIBUTE_PRIVATE);
-
    if (s->kernel_irqchip_split == ON_OFF_AUTO_AUTO) {
        s->kernel_irqchip_split = mc->default_kernel_irqchip_split ? ON_OFF_AUTO_ON : ON_OFF_AUTO_OFF;
    }

    qemu_register_reset(kvm_unpoison_all, NULL);
-    qemu_register_reset(kvm_reset_parked_vcpus, s);

    if (s->kernel_irqchip_allowed) {
        kvm_irqchip_create(s);
@@ -2863,15 +2766,9 @@ void kvm_flush_coalesced_mmio_buffer(void)
 static void do_kvm_cpu_synchronize_state(CPUState *cpu, run_on_cpu_data arg)
 {
    if (!cpu->vcpu_dirty && !kvm_state->guest_state_protected) {
-        Error *err = NULL;
-        int ret = kvm_arch_get_registers(cpu, &err);
+        int ret = kvm_arch_get_registers(cpu);
        if (ret) {
-            if (err) {
-                error_reportf_err(err, "Failed to synchronize CPU state: ");
-            } else {
-                error_report("Failed to get registers: %s", strerror(-ret));
-            }
-
+            error_report("Failed to get registers: %s", strerror(-ret));
            cpu_dump_state(cpu, stderr, CPU_DUMP_CODE);
            vm_stop(RUN_STATE_INTERNAL_ERROR);
        }
@@ -2889,15 +2786,9 @@ void kvm_cpu_synchronize_state(CPUState *cpu)

 static void do_kvm_cpu_synchronize_post_reset(CPUState *cpu, run_on_cpu_data arg)
 {
-    Error *err = NULL;
-    int ret = kvm_arch_put_registers(cpu, KVM_PUT_RESET_STATE, &err);
+    int ret = kvm_arch_put_registers(cpu, KVM_PUT_RESET_STATE);
    if (ret) {
-        if (err) {
-            error_reportf_err(err, "Restoring resisters after reset: ");
-        } else {
-            error_report("Failed to put registers after reset: %s",
-                         strerror(-ret));
-        }
+        error_report("Failed to put registers after reset: %s", strerror(-ret));
        cpu_dump_state(cpu, stderr, CPU_DUMP_CODE);
        vm_stop(RUN_STATE_INTERNAL_ERROR);
    }
@@ -2912,15 +2803,9 @@ void kvm_cpu_synchronize_post_reset(CPUState *cpu)

 static void do_kvm_cpu_synchronize_post_init(CPUState *cpu, run_on_cpu_data arg)
 {
-    Error *err = NULL;
-    int ret = kvm_arch_put_registers(cpu, KVM_PUT_FULL_STATE, &err);
+    int ret = kvm_arch_put_registers(cpu, KVM_PUT_FULL_STATE);
    if (ret) {
-        if (err) {
-            error_reportf_err(err, "Putting registers after init: ");
-        } else {
-            error_report("Failed to put registers after init: %s",
-                         strerror(-ret));
-        }
+        error_report("Failed to put registers after init: %s", strerror(-ret));
        exit(1);
    }

@@ -3110,15 +2995,10 @@ int kvm_cpu_exec(CPUState *cpu)
        MemTxAttrs attrs;

        if (cpu->vcpu_dirty) {
-            Error *err = NULL;
-            ret = kvm_arch_put_registers(cpu, KVM_PUT_RUNTIME_STATE, &err);
+            ret = kvm_arch_put_registers(cpu, KVM_PUT_RUNTIME_STATE);
            if (ret) {
-                if (err) {
-                    error_reportf_err(err, "Putting registers after init: ");
-                } else {
-                    error_report("Failed to put registers after init: %s",
-                                 strerror(-ret));
-                }
+                error_report("Failed to put registers after init: %s",
+                             strerror(-ret));
                ret = -1;
                break;
            }
@@ -3290,7 +3170,7 @@ int kvm_cpu_exec(CPUState *cpu)
    return ret;
 }

-int kvm_ioctl(KVMState *s, unsigned long type, ...)
+int kvm_ioctl(KVMState *s, int type, ...)
 {
    int ret;
    void *arg;
@@ -3308,7 +3188,7 @@ int kvm_ioctl(KVMState *s, unsigned long type, ...)
    return ret;
 }

-int kvm_vm_ioctl(KVMState *s, unsigned long type, ...)
+int kvm_vm_ioctl(KVMState *s, int type, ...)
 {
    int ret;
    void *arg;
@@ -3328,7 +3208,7 @@ int kvm_vm_ioctl(KVMState *s, unsigned long type, ...)
    return ret;
 }

-int kvm_vcpu_ioctl(CPUState *cpu, unsigned long type, ...)
+int kvm_vcpu_ioctl(CPUState *cpu, int type, ...)
 {
    int ret;
    void *arg;
@@ -3348,7 +3228,7 @@ int kvm_vcpu_ioctl(CPUState *cpu, unsigned long type, ...)
    return ret;
 }

-int kvm_device_ioctl(int fd, unsigned long type, ...)
+int kvm_device_ioctl(int fd, int type, ...)
 {
    int ret;
    void *arg;
--- a/accel/kvm/trace-events
+++ b/accel/kvm/trace-events
@@ -1,11 +1,11 @@
 # See docs/devel/tracing.rst for syntax documentation.

 # kvm-all.c
-kvm_ioctl(unsigned long type, void *arg) "type 0x%lx, arg %p"
-kvm_vm_ioctl(unsigned long type, void *arg) "type 0x%lx, arg %p"
-kvm_vcpu_ioctl(int cpu_index, unsigned long type, void *arg) "cpu_index %d, type 0x%lx, arg %p"
+kvm_ioctl(int type, void *arg) "type 0x%x, arg %p"
+kvm_vm_ioctl(int type, void *arg) "type 0x%x, arg %p"
+kvm_vcpu_ioctl(int cpu_index, int type, void *arg) "cpu_index %d, type 0x%x, arg %p"
 kvm_run_exit(int cpu_index, uint32_t reason) "cpu_index %d, reason %d"
-kvm_device_ioctl(int fd, unsigned long type, void *arg) "dev fd %d, type 0x%lx, arg %p"
+kvm_device_ioctl(int fd, int type, void *arg) "dev fd %d, type 0x%x, arg %p"
 kvm_failed_reg_get(uint64_t id, const char *msg) "Warning: Unable to retrieve ONEREG %" PRIu64 " from KVM: %s"
 kvm_failed_reg_set(uint64_t id, const char *msg) "Warning: Unable to set ONEREG %" PRIu64 " to KVM: %s"
 kvm_init_vcpu(int cpu_index, unsigned long arch_cpu_id) "index: %d id: %lu"
@@ -36,4 +36,3 @@ kvm_io_window_exit(void) ""
 kvm_run_exit_system_event(int cpu_index, uint32_t event_type) "cpu_index %d, system_even_type %"PRIu32
 kvm_convert_memory(uint64_t start, uint64_t size, const char *msg) "start 0x%" PRIx64 " size 0x%" PRIx64 " %s"
 kvm_memory_fault(uint64_t start, uint64_t size, uint64_t flags) "start 0x%" PRIx64 " size 0x%" PRIx64 " flags 0x%" PRIx64
-kvm_slots_grow(unsigned int old, unsigned int new) "%u -> %u"
--- a/accel/tcg/atomic_common.c.inc
+++ b/accel/tcg/atomic_common.c.inc
@@ -14,20 +14,9 @@
 */

 static void atomic_trace_rmw_post(CPUArchState *env, uint64_t addr,
-                                  uint64_t read_value_low,
-                                  uint64_t read_value_high,
-                                  uint64_t write_value_low,
-                                  uint64_t write_value_high,
                                  MemOpIdx oi)
 {
-    if (cpu_plugin_mem_cbs_enabled(env_cpu(env))) {
-        qemu_plugin_vcpu_mem_cb(env_cpu(env), addr,
-                                read_value_low, read_value_high,
-                                oi, QEMU_PLUGIN_MEM_R);
-        qemu_plugin_vcpu_mem_cb(env_cpu(env), addr,
-                                write_value_low, write_value_high,
-                                oi, QEMU_PLUGIN_MEM_W);
-    }
+    qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_RW);
 }

 /*
--- a/accel/tcg/atomic_template.h
+++ b/accel/tcg/atomic_template.h
@@ -53,14 +53,6 @@
 # error unsupported data size
 #endif

-#if DATA_SIZE == 16
-# define VALUE_LOW(val) int128_getlo(val)
-# define VALUE_HIGH(val) int128_gethi(val)
-#else
-# define VALUE_LOW(val) val
-# define VALUE_HIGH(val) 0
-#endif
-
 #if DATA_SIZE >= 4
 # define ABI_TYPE  DATA_TYPE
 #else
@@ -91,12 +83,7 @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, abi_ptr addr,
    ret = qatomic_cmpxchg__nocheck(haddr, cmpv, newv);
 #endif
    ATOMIC_MMU_CLEANUP;
-    atomic_trace_rmw_post(env, addr,
-                          VALUE_LOW(ret),
-                          VALUE_HIGH(ret),
-                          VALUE_LOW(newv),
-                          VALUE_HIGH(newv),
-                          oi);
+    atomic_trace_rmw_post(env, addr, oi);
    return ret;
 }

@@ -110,12 +97,7 @@ ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, abi_ptr addr, ABI_TYPE val,

    ret = qatomic_xchg__nocheck(haddr, val);
    ATOMIC_MMU_CLEANUP;
-    atomic_trace_rmw_post(env, addr,
-                          VALUE_LOW(ret),
-                          VALUE_HIGH(ret),
-                          VALUE_LOW(val),
-                          VALUE_HIGH(val),
-                          oi);
+    atomic_trace_rmw_post(env, addr, oi);
    return ret;
 }

@@ -127,12 +109,7 @@ ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, abi_ptr addr,            \
    haddr = atomic_mmu_lookup(env_cpu(env), addr, oi, DATA_SIZE, retaddr);   \
    ret = qatomic_##X(haddr, val);                                  \
    ATOMIC_MMU_CLEANUP;                                             \
-    atomic_trace_rmw_post(env, addr,                                \
-                          VALUE_LOW(ret),                           \
-                          VALUE_HIGH(ret),                          \
-                          VALUE_LOW(val),                           \
-                          VALUE_HIGH(val),                          \
-                          oi);                                      \
+    atomic_trace_rmw_post(env, addr, oi);                           \
    return ret;                                                     \
 }

@@ -168,12 +145,7 @@ ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, abi_ptr addr,            \
        cmp = qatomic_cmpxchg__nocheck(haddr, old, new);            \
    } while (cmp != old);                                           \
    ATOMIC_MMU_CLEANUP;                                             \
-    atomic_trace_rmw_post(env, addr,                                \
-                          VALUE_LOW(old),                           \
-                          VALUE_HIGH(old),                          \
-                          VALUE_LOW(xval),                          \
-                          VALUE_HIGH(xval),                         \
-                          oi);                                      \
+    atomic_trace_rmw_post(env, addr, oi);                           \
    return RET;                                                     \
 }

@@ -216,12 +188,7 @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, abi_ptr addr,
    ret = qatomic_cmpxchg__nocheck(haddr, BSWAP(cmpv), BSWAP(newv));
 #endif
    ATOMIC_MMU_CLEANUP;
-    atomic_trace_rmw_post(env, addr,
-                          VALUE_LOW(ret),
-                          VALUE_HIGH(ret),
-                          VALUE_LOW(newv),
-                          VALUE_HIGH(newv),
-                          oi);
+    atomic_trace_rmw_post(env, addr, oi);
    return BSWAP(ret);
 }

@@ -235,12 +202,7 @@ ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, abi_ptr addr, ABI_TYPE val,

    ret = qatomic_xchg__nocheck(haddr, BSWAP(val));
    ATOMIC_MMU_CLEANUP;
-    atomic_trace_rmw_post(env, addr,
-                          VALUE_LOW(ret),
-                          VALUE_HIGH(ret),
-                          VALUE_LOW(val),
-                          VALUE_HIGH(val),
-                          oi);
+    atomic_trace_rmw_post(env, addr, oi);
    return BSWAP(ret);
 }

@@ -252,12 +214,7 @@ ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, abi_ptr addr,            \
    haddr = atomic_mmu_lookup(env_cpu(env), addr, oi, DATA_SIZE, retaddr);   \
    ret = qatomic_##X(haddr, BSWAP(val));                           \
    ATOMIC_MMU_CLEANUP;                                             \
-    atomic_trace_rmw_post(env, addr,                                \
-                          VALUE_LOW(ret),                           \
-                          VALUE_HIGH(ret),                          \
-                          VALUE_LOW(val),                           \
-                          VALUE_HIGH(val),                          \
-                          oi);                                      \
+    atomic_trace_rmw_post(env, addr, oi);                           \
    return BSWAP(ret);                                              \
 }

@@ -290,12 +247,7 @@ ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, abi_ptr addr,            \
        ldn = qatomic_cmpxchg__nocheck(haddr, ldo, BSWAP(new));     \
    } while (ldo != ldn);                                           \
    ATOMIC_MMU_CLEANUP;                                             \
-    atomic_trace_rmw_post(env, addr,                                \
-                          VALUE_LOW(old),                           \
-                          VALUE_HIGH(old),                          \
-                          VALUE_LOW(xval),                          \
-                          VALUE_HIGH(xval),                         \
-                          oi);                                      \
+    atomic_trace_rmw_post(env, addr, oi);                           \
    return RET;                                                     \
 }

@@ -329,5 +281,3 @@ GEN_ATOMIC_HELPER_FN(add_fetch, ADD, DATA_TYPE, new)
 #undef SUFFIX
 #undef DATA_SIZE
 #undef SHIFT
-#undef VALUE_LOW
-#undef VALUE_HIGH
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1221,35 +1221,22 @@ void tlb_set_page(CPUState *cpu, vaddr addr,
 }

 /*
- * Note: tlb_fill_align() can trigger a resize of the TLB.
- * This means that all of the caller's prior references to the TLB table
- * (e.g. CPUTLBEntry pointers) must be discarded and looked up again
- * (e.g. via tlb_entry()).
+ * Note: tlb_fill() can trigger a resize of the TLB. This means that all of the
+ * caller's prior references to the TLB table (e.g. CPUTLBEntry pointers) must
+ * be discarded and looked up again (e.g. via tlb_entry()).
 */
-static bool tlb_fill_align(CPUState *cpu, vaddr addr, MMUAccessType type,
-                           int mmu_idx, MemOp memop, int size,
-                           bool probe, uintptr_t ra)
+static void tlb_fill(CPUState *cpu, vaddr addr, int size,
+                     MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
 {
-    const TCGCPUOps *ops = cpu->cc->tcg_ops;
-    CPUTLBEntryFull full;
+    bool ok;

-    if (ops->tlb_fill_align) {
-        if (ops->tlb_fill_align(cpu, &full, addr, type, mmu_idx,
-                                memop, size, probe, ra)) {
-            tlb_set_page_full(cpu, mmu_idx, addr, &full);
-            return true;
-        }
-    } else {
-        /* Legacy behaviour is alignment before paging. */
-        if (addr & ((1u << memop_alignment_bits(memop)) - 1)) {
-            ops->do_unaligned_access(cpu, addr, type, mmu_idx, ra);
-        }
-        if (ops->tlb_fill(cpu, addr, size, type, mmu_idx, probe, ra)) {
-            return true;
-        }
-    }
-    assert(probe);
-    return false;
+    /*
+     * This is not a probe, so only valid return is success; failure
+     * should result in exception + longjmp to the cpu loop.
+     */
+    ok = cpu->cc->tcg_ops->tlb_fill(cpu, addr, size,
+                                    access_type, mmu_idx, false, retaddr);
+    assert(ok);
 }

 static inline void cpu_unaligned_access(CPUState *cpu, vaddr addr,
@@ -1364,22 +1351,22 @@ static int probe_access_internal(CPUState *cpu, vaddr addr,

    if (!tlb_hit_page(tlb_addr, page_addr)) {
        if (!victim_tlb_hit(cpu, mmu_idx, index, access_type, page_addr)) {
-            if (!tlb_fill_align(cpu, addr, access_type, mmu_idx,
-                                0, fault_size, nonfault, retaddr)) {
+            if (!cpu->cc->tcg_ops->tlb_fill(cpu, addr, fault_size, access_type,
+                                            mmu_idx, nonfault, retaddr)) {
                /* Non-faulting page table read failed.  */
                *phost = NULL;
                *pfull = NULL;
                return TLB_INVALID_MASK;
            }

-            /* TLB resize via tlb_fill_align may have moved the entry.  */
+            /* TLB resize via tlb_fill may have moved the entry.  */
            index = tlb_index(cpu, mmu_idx, addr);
            entry = tlb_entry(cpu, mmu_idx, addr);

            /*
             * With PAGE_WRITE_INV, we set TLB_INVALID_MASK immediately,
-             * to force the next access through tlb_fill_align.  We've just
-             * called tlb_fill_align, so we know that this entry *is* valid.
+             * to force the next access through tlb_fill.  We've just
+             * called tlb_fill, so we know that this entry *is* valid.
             */
            flags &= ~TLB_INVALID_MASK;
        }
@@ -1620,17 +1607,16 @@ typedef struct MMULookupLocals {
 * mmu_lookup1: translate one page
 * @cpu: generic cpu state
 * @data: lookup parameters
- * @memop: memory operation for the access, or 0
 * @mmu_idx: virtual address context
 * @access_type: load/store/code
 * @ra: return address into tcg generated code, or 0
 *
 * Resolve the translation for the one page at @data.addr, filling in
 * the rest of @data with the results.  If the translation fails,
- * tlb_fill_align will longjmp out.  Return true if the softmmu tlb for
+ * tlb_fill will longjmp out.  Return true if the softmmu tlb for
 * @mmu_idx may have resized.
 */
-static bool mmu_lookup1(CPUState *cpu, MMULookupPageData *data, MemOp memop,
+static bool mmu_lookup1(CPUState *cpu, MMULookupPageData *data,
                        int mmu_idx, MMUAccessType access_type, uintptr_t ra)
 {
    vaddr addr = data->addr;
@@ -1645,8 +1631,7 @@ static bool mmu_lookup1(CPUState *cpu, MMULookupPageData *data, MemOp memop,
    if (!tlb_hit(tlb_addr, addr)) {
        if (!victim_tlb_hit(cpu, mmu_idx, index, access_type,
                            addr & TARGET_PAGE_MASK)) {
-            tlb_fill_align(cpu, addr, access_type, mmu_idx,
-                           memop, data->size, false, ra);
+            tlb_fill(cpu, addr, data->size, access_type, mmu_idx, ra);
            maybe_resized = true;
            index = tlb_index(cpu, mmu_idx, addr);
            entry = tlb_entry(cpu, mmu_idx, addr);
@@ -1658,25 +1643,6 @@ static bool mmu_lookup1(CPUState *cpu, MMULookupPageData *data, MemOp memop,
    flags = tlb_addr & (TLB_FLAGS_MASK & ~TLB_FORCE_SLOW);
    flags |= full->slow_flags[access_type];

-    if (likely(!maybe_resized)) {
-        /* Alignment has not been checked by tlb_fill_align. */
-        int a_bits = memop_alignment_bits(memop);
-
-        /*
-         * This alignment check differs from the one above, in that this is
-         * based on the atomicity of the operation. The intended use case is
-         * the ARM memory type field of each PTE, where access to pages with
-         * Device memory type require alignment.
-         */
-        if (unlikely(flags & TLB_CHECK_ALIGNED)) {
-            int at_bits = memop_atomicity_bits(memop);
-            a_bits = MAX(a_bits, at_bits);
-        }
-        if (unlikely(addr & ((1 << a_bits) - 1))) {
-            cpu_unaligned_access(cpu, addr, access_type, mmu_idx, ra);
-        }
-    }
-
    data->full = full;
    data->flags = flags;
    /* Compute haddr speculatively; depending on flags it might be invalid. */
@@ -1733,6 +1699,7 @@ static void mmu_watch_or_dirty(CPUState *cpu, MMULookupPageData *data,
 static bool mmu_lookup(CPUState *cpu, vaddr addr, MemOpIdx oi,
                       uintptr_t ra, MMUAccessType type, MMULookupLocals *l)
 {
+    unsigned a_bits;
    bool crosspage;
    int flags;

@@ -1741,6 +1708,12 @@ static bool mmu_lookup(CPUState *cpu, vaddr addr, MemOpIdx oi,

    tcg_debug_assert(l->mmu_idx < NB_MMU_MODES);

+    /* Handle CPU specific unaligned behaviour */
+    a_bits = get_alignment_bits(l->memop);
+    if (addr & ((1 << a_bits) - 1)) {
+        cpu_unaligned_access(cpu, addr, type, l->mmu_idx, ra);
+    }
+
    l->page[0].addr = addr;
    l->page[0].size = memop_size(l->memop);
    l->page[1].addr = (addr + l->page[0].size - 1) & TARGET_PAGE_MASK;
@@ -1748,7 +1721,7 @@ static bool mmu_lookup(CPUState *cpu, vaddr addr, MemOpIdx oi,
    crosspage = (addr ^ l->page[1].addr) & TARGET_PAGE_MASK;

    if (likely(!crosspage)) {
-        mmu_lookup1(cpu, &l->page[0], l->memop, l->mmu_idx, type, ra);
+        mmu_lookup1(cpu, &l->page[0], l->mmu_idx, type, ra);

        flags = l->page[0].flags;
        if (unlikely(flags & (TLB_WATCHPOINT | TLB_NOTDIRTY))) {
@@ -1767,8 +1740,8 @@ static bool mmu_lookup(CPUState *cpu, vaddr addr, MemOpIdx oi,
         * Lookup both pages, recognizing exceptions from either.  If the
         * second lookup potentially resized, refresh first CPUTLBEntryFull.
         */
-        mmu_lookup1(cpu, &l->page[0], l->memop, l->mmu_idx, type, ra);
-        if (mmu_lookup1(cpu, &l->page[1], 0, l->mmu_idx, type, ra)) {
+        mmu_lookup1(cpu, &l->page[0], l->mmu_idx, type, ra);
+        if (mmu_lookup1(cpu, &l->page[1], l->mmu_idx, type, ra)) {
            uintptr_t index = tlb_index(cpu, l->mmu_idx, addr);
            l->page[0].full = &cpu->neg.tlb.d[l->mmu_idx].fulltlb[index];
        }
@@ -1787,6 +1760,31 @@ static bool mmu_lookup(CPUState *cpu, vaddr addr, MemOpIdx oi,
        tcg_debug_assert((flags & TLB_BSWAP) == 0);
    }

+    /*
+     * This alignment check differs from the one above, in that this is
+     * based on the atomicity of the operation. The intended use case is
+     * the ARM memory type field of each PTE, where access to pages with
+     * Device memory type require alignment.
+     */
+    if (unlikely(flags & TLB_CHECK_ALIGNED)) {
+        MemOp size = l->memop & MO_SIZE;
+
+        switch (l->memop & MO_ATOM_MASK) {
+        case MO_ATOM_NONE:
+            size = MO_8;
+            break;
+        case MO_ATOM_IFALIGN_PAIR:
+        case MO_ATOM_WITHIN16_PAIR:
+            size = size ? size - 1 : 0;
+            break;
+        default:
+            break;
+        }
+        if (addr & ((1 << size) - 1)) {
+            cpu_unaligned_access(cpu, addr, type, l->mmu_idx, ra);
+        }
+    }
+
    return crosspage;
 }

@@ -1799,18 +1797,34 @@ static void *atomic_mmu_lookup(CPUState *cpu, vaddr addr, MemOpIdx oi,
 {
    uintptr_t mmu_idx = get_mmuidx(oi);
    MemOp mop = get_memop(oi);
+    int a_bits = get_alignment_bits(mop);
    uintptr_t index;
    CPUTLBEntry *tlbe;
    vaddr tlb_addr;
    void *hostaddr;
    CPUTLBEntryFull *full;
-    bool did_tlb_fill = false;

    tcg_debug_assert(mmu_idx < NB_MMU_MODES);

    /* Adjust the given return address.  */
    retaddr -= GETPC_ADJ;

+    /* Enforce guest required alignment.  */
+    if (unlikely(a_bits > 0 && (addr & ((1 << a_bits) - 1)))) {
+        /* ??? Maybe indicate atomic op to cpu_unaligned_access */
+        cpu_unaligned_access(cpu, addr, MMU_DATA_STORE,
+                             mmu_idx, retaddr);
+    }
+
+    /* Enforce qemu required alignment.  */
+    if (unlikely(addr & (size - 1))) {
+        /* We get here if guest alignment was not requested,
+           or was not enforced by cpu_unaligned_access above.
+           We might widen the access and emulate, but for now
+           mark an exception and exit the cpu loop.  */
+        goto stop_the_world;
+    }
+
    index = tlb_index(cpu, mmu_idx, addr);
    tlbe = tlb_entry(cpu, mmu_idx, addr);

@@ -1819,9 +1833,8 @@ static void *atomic_mmu_lookup(CPUState *cpu, vaddr addr, MemOpIdx oi,
    if (!tlb_hit(tlb_addr, addr)) {
        if (!victim_tlb_hit(cpu, mmu_idx, index, MMU_DATA_STORE,
                            addr & TARGET_PAGE_MASK)) {
-            tlb_fill_align(cpu, addr, MMU_DATA_STORE, mmu_idx,
-                           mop, size, false, retaddr);
-            did_tlb_fill = true;
+            tlb_fill(cpu, addr, size,
+                     MMU_DATA_STORE, mmu_idx, retaddr);
            index = tlb_index(cpu, mmu_idx, addr);
            tlbe = tlb_entry(cpu, mmu_idx, addr);
        }
@@ -1835,32 +1848,15 @@ static void *atomic_mmu_lookup(CPUState *cpu, vaddr addr, MemOpIdx oi,
     * but addr_read will only be -1 if PAGE_READ was unset.
     */
    if (unlikely(tlbe->addr_read == -1)) {
-        tlb_fill_align(cpu, addr, MMU_DATA_LOAD, mmu_idx,
-                       0, size, false, retaddr);
+        tlb_fill(cpu, addr, size, MMU_DATA_LOAD, mmu_idx, retaddr);
        /*
         * Since we don't support reads and writes to different
         * addresses, and we do have the proper page loaded for
-         * write, this shouldn't ever return.
-         */
-        g_assert_not_reached();
-    }
-
-    /* Enforce guest required alignment, if not handled by tlb_fill_align. */
-    if (!did_tlb_fill && (addr & ((1 << memop_alignment_bits(mop)) - 1))) {
-        cpu_unaligned_access(cpu, addr, MMU_DATA_STORE, mmu_idx, retaddr);
-    }
-
-    /* Enforce qemu required alignment.  */
-    if (unlikely(addr & (size - 1))) {
-        /*
-         * We get here if guest alignment was not requested, or was not
-         * enforced by cpu_unaligned_access or tlb_fill_align above.
-         * We might widen the access and emulate, but for now
-         * mark an exception and exit the cpu loop.
+         * write, this shouldn't ever return.  But just in case,
+         * handle via stop-the-world.
         */
        goto stop_the_world;
    }
-
    /* Collect tlb flags for read. */
    tlb_addr |= tlbe->addr_read;

--- a/accel/tcg/icount-common.c
+++ b/accel/tcg/icount-common.c
@@ -36,6 +36,7 @@
 #include "sysemu/runstate.h"
 #include "hw/core/cpu.h"
 #include "sysemu/cpu-timers.h"
+#include "sysemu/cpu-throttle.h"
 #include "sysemu/cpu-timers-internal.h"

 /*
--- a/accel/tcg/ldst_atomicity.c.inc
+++ b/accel/tcg/ldst_atomicity.c.inc
@@ -168,7 +168,6 @@ static uint64_t load_atomic8_or_exit(CPUState *cpu, uintptr_t ra, void *pv)
 #endif

    /* Ultimate fallback: re-execute in serial context. */
-    trace_load_atom8_or_exit_fallback(ra);
    cpu_loop_exit_atomic(cpu, ra);
 }

@@ -213,7 +212,6 @@ static Int128 load_atomic16_or_exit(CPUState *cpu, uintptr_t ra, void *pv)
    }

    /* Ultimate fallback: re-execute in serial context. */
-    trace_load_atom16_or_exit_fallback(ra);
    cpu_loop_exit_atomic(cpu, ra);
 }

@@ -521,7 +519,6 @@ static uint64_t load_atom_8(CPUState *cpu, uintptr_t ra,
        if (HAVE_al8) {
            return load_atom_extract_al8x2(pv);
        }
-        trace_load_atom8_fallback(memop, ra);
        cpu_loop_exit_atomic(cpu, ra);
    default:
        g_assert_not_reached();
@@ -566,7 +563,6 @@ static Int128 load_atom_16(CPUState *cpu, uintptr_t ra,
        break;
    case MO_64:
        if (!HAVE_al8) {
-            trace_load_atom16_fallback(memop, ra);
            cpu_loop_exit_atomic(cpu, ra);
        }
        a = load_atomic8(pv);
@@ -574,7 +570,6 @@ static Int128 load_atom_16(CPUState *cpu, uintptr_t ra,
        break;
    case -MO_64:
        if (!HAVE_al8) {
-            trace_load_atom16_fallback(memop, ra);
            cpu_loop_exit_atomic(cpu, ra);
        }
        a = load_atom_extract_al8x2(pv);
@@ -902,7 +897,6 @@ static void store_atom_2(CPUState *cpu, uintptr_t ra,
        g_assert_not_reached();
    }

-    trace_store_atom2_fallback(memop, ra);
    cpu_loop_exit_atomic(cpu, ra);
 }

@@ -967,7 +961,6 @@ static void store_atom_4(CPUState *cpu, uintptr_t ra,
                return;
            }
        }
-        trace_store_atom4_fallback(memop, ra);
        cpu_loop_exit_atomic(cpu, ra);
    default:
        g_assert_not_reached();
@@ -1036,7 +1029,6 @@ static void store_atom_8(CPUState *cpu, uintptr_t ra,
    default:
        g_assert_not_reached();
    }
-    trace_store_atom8_fallback(memop, ra);
    cpu_loop_exit_atomic(cpu, ra);
 }

@@ -1115,6 +1107,5 @@ static void store_atom_16(CPUState *cpu, uintptr_t ra,
    default:
        g_assert_not_reached();
    }
-    trace_store_atom16_fallback(memop, ra);
    cpu_loop_exit_atomic(cpu, ra);
 }
--- a/accel/tcg/ldst_common.c.inc
+++ b/accel/tcg/ldst_common.c.inc
@@ -123,15 +123,10 @@ void helper_st_i128(CPUArchState *env, uint64_t addr, Int128 val, MemOpIdx oi)
 * Load helpers for cpu_ldst.h
 */

-static void plugin_load_cb(CPUArchState *env, abi_ptr addr,
-                           uint64_t value_low,
-                           uint64_t value_high,
-                           MemOpIdx oi)
+static void plugin_load_cb(CPUArchState *env, abi_ptr addr, MemOpIdx oi)
 {
    if (cpu_plugin_mem_cbs_enabled(env_cpu(env))) {
-        qemu_plugin_vcpu_mem_cb(env_cpu(env), addr,
-                                value_low, value_high,
-                                oi, QEMU_PLUGIN_MEM_R);
+        qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_R);
    }
 }

@@ -141,7 +136,7 @@ uint8_t cpu_ldb_mmu(CPUArchState *env, abi_ptr addr, MemOpIdx oi, uintptr_t ra)

    tcg_debug_assert((get_memop(oi) & MO_SIZE) == MO_UB);
    ret = do_ld1_mmu(env_cpu(env), addr, oi, ra, MMU_DATA_LOAD);
-    plugin_load_cb(env, addr, ret, 0, oi);
+    plugin_load_cb(env, addr, oi);
    return ret;
 }

@@ -152,7 +147,7 @@ uint16_t cpu_ldw_mmu(CPUArchState *env, abi_ptr addr,

    tcg_debug_assert((get_memop(oi) & MO_SIZE) == MO_16);
    ret = do_ld2_mmu(env_cpu(env), addr, oi, ra, MMU_DATA_LOAD);
-    plugin_load_cb(env, addr, ret, 0, oi);
+    plugin_load_cb(env, addr, oi);
    return ret;
 }

@@ -163,7 +158,7 @@ uint32_t cpu_ldl_mmu(CPUArchState *env, abi_ptr addr,

    tcg_debug_assert((get_memop(oi) & MO_SIZE) == MO_32);
    ret = do_ld4_mmu(env_cpu(env), addr, oi, ra, MMU_DATA_LOAD);
-    plugin_load_cb(env, addr, ret, 0, oi);
+    plugin_load_cb(env, addr, oi);
    return ret;
 }

@@ -174,7 +169,7 @@ uint64_t cpu_ldq_mmu(CPUArchState *env, abi_ptr addr,

    tcg_debug_assert((get_memop(oi) & MO_SIZE) == MO_64);
    ret = do_ld8_mmu(env_cpu(env), addr, oi, ra, MMU_DATA_LOAD);
-    plugin_load_cb(env, addr, ret, 0, oi);
+    plugin_load_cb(env, addr, oi);
    return ret;
 }

@@ -185,7 +180,7 @@ Int128 cpu_ld16_mmu(CPUArchState *env, abi_ptr addr,

    tcg_debug_assert((get_memop(oi) & MO_SIZE) == MO_128);
    ret = do_ld16_mmu(env_cpu(env), addr, oi, ra);
-    plugin_load_cb(env, addr, int128_getlo(ret), int128_gethi(ret), oi);
+    plugin_load_cb(env, addr, oi);
    return ret;
 }

@@ -193,15 +188,10 @@ Int128 cpu_ld16_mmu(CPUArchState *env, abi_ptr addr,
 * Store helpers for cpu_ldst.h
 */

-static void plugin_store_cb(CPUArchState *env, abi_ptr addr,
-                            uint64_t value_low,
-                            uint64_t value_high,
-                            MemOpIdx oi)
+static void plugin_store_cb(CPUArchState *env, abi_ptr addr, MemOpIdx oi)
 {
    if (cpu_plugin_mem_cbs_enabled(env_cpu(env))) {
-        qemu_plugin_vcpu_mem_cb(env_cpu(env), addr,
-                                value_low, value_high,
-                                oi, QEMU_PLUGIN_MEM_W);
+        qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, oi, QEMU_PLUGIN_MEM_W);
    }
 }

@@ -209,7 +199,7 @@ void cpu_stb_mmu(CPUArchState *env, abi_ptr addr, uint8_t val,
                 MemOpIdx oi, uintptr_t retaddr)
 {
    helper_stb_mmu(env, addr, val, oi, retaddr);
-    plugin_store_cb(env, addr, val, 0, oi);
+    plugin_store_cb(env, addr, oi);
 }

 void cpu_stw_mmu(CPUArchState *env, abi_ptr addr, uint16_t val,
@@ -217,7 +207,7 @@ void cpu_stw_mmu(CPUArchState *env, abi_ptr addr, uint16_t val,
 {
    tcg_debug_assert((get_memop(oi) & MO_SIZE) == MO_16);
    do_st2_mmu(env_cpu(env), addr, val, oi, retaddr);
-    plugin_store_cb(env, addr, val, 0, oi);
+    plugin_store_cb(env, addr, oi);
 }

 void cpu_stl_mmu(CPUArchState *env, abi_ptr addr, uint32_t val,
@@ -225,7 +215,7 @@ void cpu_stl_mmu(CPUArchState *env, abi_ptr addr, uint32_t val,
 {
    tcg_debug_assert((get_memop(oi) & MO_SIZE) == MO_32);
    do_st4_mmu(env_cpu(env), addr, val, oi, retaddr);
-    plugin_store_cb(env, addr, val, 0, oi);
+    plugin_store_cb(env, addr, oi);
 }

 void cpu_stq_mmu(CPUArchState *env, abi_ptr addr, uint64_t val,
@@ -233,7 +223,7 @@ void cpu_stq_mmu(CPUArchState *env, abi_ptr addr, uint64_t val,
 {
    tcg_debug_assert((get_memop(oi) & MO_SIZE) == MO_64);
    do_st8_mmu(env_cpu(env), addr, val, oi, retaddr);
-    plugin_store_cb(env, addr, val, 0, oi);
+    plugin_store_cb(env, addr, oi);
 }

 void cpu_st16_mmu(CPUArchState *env, abi_ptr addr, Int128 val,
@@ -241,7 +231,7 @@ void cpu_st16_mmu(CPUArchState *env, abi_ptr addr, Int128 val,
 {
    tcg_debug_assert((get_memop(oi) & MO_SIZE) == MO_128);
    do_st16_mmu(env_cpu(env), addr, val, oi, retaddr);
-    plugin_store_cb(env, addr, int128_getlo(val), int128_gethi(val), oi);
+    plugin_store_cb(env, addr, oi);
 }

 /*
--- a/accel/tcg/plugin-gen.c
+++ b/accel/tcg/plugin-gen.c
@@ -251,6 +251,7 @@ static void inject_mem_cb(struct qemu_plugin_dyn_cb *cb,
        break;
    default:
        g_assert_not_reached();
+        break;
    }
 }

@@ -275,7 +276,7 @@ static void plugin_gen_inject(struct qemu_plugin_tb *plugin_tb)
     * that might be live within the existing opcode stream.
     * The simplest solution is to release them all and create new.
     */
-    tcg_temp_ebb_reset_freed(tcg_ctx);
+    memset(tcg_ctx->free_temps, 0, sizeof(tcg_ctx->free_temps));

    QTAILQ_FOREACH_SAFE(op, &tcg_ctx->ops, link, next) {
        switch (op->opc) {
@@ -467,8 +468,4 @@ void plugin_gen_tb_end(CPUState *cpu, size_t num_insns)

    /* inject the instrumentation at the appropriate places */
    plugin_gen_inject(ptb);
-
-    /* reset plugin translation state (plugin_tb is reused between blocks) */
-    tcg_ctx->plugin_db = NULL;
-    tcg_ctx->plugin_insn = NULL;
 }
--- a/accel/tcg/tcg-accel-ops-rr.c
+++ b/accel/tcg/tcg-accel-ops-rr.c
@@ -302,7 +302,9 @@ static void *rr_cpu_thread_fn(void *arg)
        rr_deal_with_unplugged_cpus();
    }

-    g_assert_not_reached();
+    rcu_remove_force_rcu_notifier(&force_rcu);
+    rcu_unregister_thread();
+    return NULL;
 }

 void rr_start_vcpu_thread(CPUState *cpu)
--- a/accel/tcg/trace-events
+++ b/accel/tcg/trace-events
@@ -12,15 +12,3 @@ memory_notdirty_set_dirty(uint64_t vaddr) "0x%" PRIx64

 # translate-all.c
 translate_block(void *tb, uintptr_t pc, const void *tb_code) "tb:%p, pc:0x%"PRIxPTR", tb_code:%p"
-
-# ldst_atomicity
-load_atom2_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR""
-load_atom4_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR""
-load_atom8_or_exit_fallback(uintptr_t ra) "ra:0x%"PRIxPTR""
-load_atom8_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR""
-load_atom16_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR""
-load_atom16_or_exit_fallback(uintptr_t ra) "ra:0x%"PRIxPTR""
-store_atom2_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR""
-store_atom4_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR""
-store_atom8_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR""
-store_atom16_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR""
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -129,6 +129,7 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns,
    db->is_jmp = DISAS_NEXT;
    db->num_insns = 0;
    db->max_insns = *max_insns;
+    db->singlestep_enabled = cflags & CF_SINGLE_STEP;
    db->insn_start = NULL;
    db->fake_insn = false;
    db->host_addr[0] = host_pc;
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -29,7 +29,7 @@
 #include "exec/page-protection.h"
 #include "exec/helper-proto.h"
 #include "qemu/atomic128.h"
-#include "trace.h"
+#include "trace/trace-root.h"
 #include "tcg/tcg-ldst.h"
 #include "internal-common.h"
 #include "internal-target.h"
@@ -485,6 +485,11 @@ static bool pageflags_set_clear(target_ulong start, target_ulong last,
    return inval_tb;
 }

+/*
+ * Modify the flags of a page and invalidate the code if necessary.
+ * The flag PAGE_WRITE_ORG is positioned automatically depending
+ * on PAGE_WRITE.  The mmap_lock should already be held.
+ */
 void page_set_flags(target_ulong start, target_ulong last, int flags)
 {
    bool reset = false;
@@ -800,7 +805,7 @@ static int probe_access_internal(CPUArchState *env, vaddr addr,
    if (guest_addr_valid_untagged(addr)) {
        int page_flags = page_get_flags(addr);
        if (page_flags & acc_flag) {
-            if (access_type != MMU_INST_FETCH
+            if ((acc_flag == PAGE_READ || acc_flag == PAGE_WRITE)
                && cpu_plugin_mem_cbs_enabled(env_cpu(env))) {
                return TLB_MMIO;
            }
@@ -954,7 +959,7 @@ void page_reset_target_data(target_ulong start, target_ulong last) { }
 static void *cpu_mmu_lookup(CPUState *cpu, vaddr addr,
                            MemOp mop, uintptr_t ra, MMUAccessType type)
 {
-    int a_bits = memop_alignment_bits(mop);
+    int a_bits = get_alignment_bits(mop);
    void *ret;

    /* Enforce guest required alignment.  */
@@ -1236,7 +1241,7 @@ static void *atomic_mmu_lookup(CPUState *cpu, vaddr addr, MemOpIdx oi,
                               int size, uintptr_t retaddr)
 {
    MemOp mop = get_memop(oi);
-    int a_bits = memop_alignment_bits(mop);
+    int a_bits = get_alignment_bits(mop);
    void *ret;

    /* Enforce guest required alignment.  */
--- a/audio/pwaudio.c
+++ b/audio/pwaudio.c
@@ -769,15 +769,13 @@ qpw_audio_init(Audiodev *dev, Error **errp)
    pw->core = pw_context_connect(pw->context, NULL, 0);
    if (pw->core == NULL) {
        pw_thread_loop_unlock(pw->thread_loop);
-        error_setg_errno(errp, errno, "Failed to connect to PipeWire instance");
-        goto fail;
+        goto fail_error;
    }

    if (pw_core_add_listener(pw->core, &pw->core_listener,
                             &core_events, pw) < 0) {
        pw_thread_loop_unlock(pw->thread_loop);
-        error_setg(errp, "Failed to add PipeWire listener");
-        goto fail;
+        goto fail_error;
    }
    if (wait_resync(pw) < 0) {
        pw_thread_loop_unlock(pw->thread_loop);
@@ -787,6 +785,8 @@ qpw_audio_init(Audiodev *dev, Error **errp)

    return g_steal_pointer(&pw);

+fail_error:
+    error_setg(errp, "Failed to initialize PW context");
 fail:
    if (pw->thread_loop) {
        pw_thread_loop_stop(pw->thread_loop);
--- a/backends/cryptodev-builtin.c
+++ b/backends/cryptodev-builtin.c
@@ -64,11 +64,11 @@ static void cryptodev_builtin_init_akcipher(CryptoDevBackend *backend)
 {
    QCryptoAkCipherOptions opts;

-    opts.alg = QCRYPTO_AK_CIPHER_ALGO_RSA;
-    opts.u.rsa.padding_alg = QCRYPTO_RSA_PADDING_ALGO_RAW;
+    opts.alg = QCRYPTO_AKCIPHER_ALG_RSA;
+    opts.u.rsa.padding_alg = QCRYPTO_RSA_PADDING_ALG_RAW;
    if (qcrypto_akcipher_supports(&opts)) {
        backend->conf.crypto_services |=
-                     (1u << QCRYPTODEV_BACKEND_SERVICE_TYPE_AKCIPHER);
+                     (1u << QCRYPTODEV_BACKEND_SERVICE_AKCIPHER);
        backend->conf.akcipher_algo = 1u << VIRTIO_CRYPTO_AKCIPHER_RSA;
    }
 }
@@ -93,9 +93,9 @@ static void cryptodev_builtin_init(
    backend->conf.peers.ccs[0] = cc;

    backend->conf.crypto_services =
-                         1u << QCRYPTODEV_BACKEND_SERVICE_TYPE_CIPHER |
-                         1u << QCRYPTODEV_BACKEND_SERVICE_TYPE_HASH |
-                         1u << QCRYPTODEV_BACKEND_SERVICE_TYPE_MAC;
+                         1u << QCRYPTODEV_BACKEND_SERVICE_CIPHER |
+                         1u << QCRYPTODEV_BACKEND_SERVICE_HASH |
+                         1u << QCRYPTODEV_BACKEND_SERVICE_MAC;
    backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC;
    backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;
    /*
@@ -138,18 +138,18 @@ cryptodev_builtin_get_aes_algo(uint32_t key_len, int mode, Error **errp)
    int algo;

    if (key_len == AES_KEYSIZE_128) {
-        algo = QCRYPTO_CIPHER_ALGO_AES_128;
+        algo = QCRYPTO_CIPHER_ALG_AES_128;
    } else if (key_len == AES_KEYSIZE_192) {
-        algo = QCRYPTO_CIPHER_ALGO_AES_192;
+        algo = QCRYPTO_CIPHER_ALG_AES_192;
    } else if (key_len == AES_KEYSIZE_256) { /* equals AES_KEYSIZE_128_XTS */
        if (mode == QCRYPTO_CIPHER_MODE_XTS) {
-            algo = QCRYPTO_CIPHER_ALGO_AES_128;
+            algo = QCRYPTO_CIPHER_ALG_AES_128;
        } else {
-            algo = QCRYPTO_CIPHER_ALGO_AES_256;
+            algo = QCRYPTO_CIPHER_ALG_AES_256;
        }
    } else if (key_len == AES_KEYSIZE_256_XTS) {
        if (mode == QCRYPTO_CIPHER_MODE_XTS) {
-            algo = QCRYPTO_CIPHER_ALGO_AES_256;
+            algo = QCRYPTO_CIPHER_ALG_AES_256;
        } else {
            goto err;
        }
@@ -169,16 +169,16 @@ static int cryptodev_builtin_get_rsa_hash_algo(
 {
    switch (virtio_rsa_hash) {
    case VIRTIO_CRYPTO_RSA_MD5:
-        return QCRYPTO_HASH_ALGO_MD5;
+        return QCRYPTO_HASH_ALG_MD5;

    case VIRTIO_CRYPTO_RSA_SHA1:
-        return QCRYPTO_HASH_ALGO_SHA1;
+        return QCRYPTO_HASH_ALG_SHA1;

    case VIRTIO_CRYPTO_RSA_SHA256:
-        return QCRYPTO_HASH_ALGO_SHA256;
+        return QCRYPTO_HASH_ALG_SHA256;

    case VIRTIO_CRYPTO_RSA_SHA512:
-        return QCRYPTO_HASH_ALGO_SHA512;
+        return QCRYPTO_HASH_ALG_SHA512;

    default:
        error_setg(errp, "Unsupported rsa hash algo: %d", virtio_rsa_hash);
@@ -200,12 +200,12 @@ static int cryptodev_builtin_set_rsa_options(
            return -1;
        }
        opt->hash_alg = hash_alg;
-        opt->padding_alg = QCRYPTO_RSA_PADDING_ALGO_PKCS1;
+        opt->padding_alg = QCRYPTO_RSA_PADDING_ALG_PKCS1;
        return 0;
    }

    if (virtio_padding_algo == VIRTIO_CRYPTO_RSA_RAW_PADDING) {
-        opt->padding_alg = QCRYPTO_RSA_PADDING_ALGO_RAW;
+        opt->padding_alg = QCRYPTO_RSA_PADDING_ALG_RAW;
        return 0;
    }

@@ -271,15 +271,15 @@ static int cryptodev_builtin_create_cipher_session(
        break;
    case VIRTIO_CRYPTO_CIPHER_3DES_ECB:
        mode = QCRYPTO_CIPHER_MODE_ECB;
-        algo = QCRYPTO_CIPHER_ALGO_3DES;
+        algo = QCRYPTO_CIPHER_ALG_3DES;
        break;
    case VIRTIO_CRYPTO_CIPHER_3DES_CBC:
        mode = QCRYPTO_CIPHER_MODE_CBC;
-        algo = QCRYPTO_CIPHER_ALGO_3DES;
+        algo = QCRYPTO_CIPHER_ALG_3DES;
        break;
    case VIRTIO_CRYPTO_CIPHER_3DES_CTR:
        mode = QCRYPTO_CIPHER_MODE_CTR;
-        algo = QCRYPTO_CIPHER_ALGO_3DES;
+        algo = QCRYPTO_CIPHER_ALG_3DES;
        break;
    default:
        error_setg(errp, "Unsupported cipher alg :%u",
@@ -318,7 +318,7 @@ static int cryptodev_builtin_create_akcipher_session(

    switch (sess_info->algo) {
    case VIRTIO_CRYPTO_AKCIPHER_RSA:
-        opts.alg = QCRYPTO_AK_CIPHER_ALGO_RSA;
+        opts.alg = QCRYPTO_AKCIPHER_ALG_RSA;
        if (cryptodev_builtin_set_rsa_options(sess_info->u.rsa.padding_algo,
            sess_info->u.rsa.hash_algo, &opts.u.rsa, errp) != 0) {
            return -1;
@@ -334,11 +334,11 @@ static int cryptodev_builtin_create_akcipher_session(

    switch (sess_info->keytype) {
    case VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC:
-        type = QCRYPTO_AK_CIPHER_KEY_TYPE_PUBLIC;
+        type = QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC;
        break;

    case VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE:
-        type = QCRYPTO_AK_CIPHER_KEY_TYPE_PRIVATE;
+        type = QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE;
        break;

    default:
@@ -549,7 +549,7 @@ static int cryptodev_builtin_operation(
    CryptoDevBackendBuiltinSession *sess;
    CryptoDevBackendSymOpInfo *sym_op_info;
    CryptoDevBackendAsymOpInfo *asym_op_info;
-    QCryptodevBackendAlgoType algtype = op_info->algtype;
+    QCryptodevBackendAlgType algtype = op_info->algtype;
    int status = -VIRTIO_CRYPTO_ERR;
    Error *local_error = NULL;

@@ -561,11 +561,11 @@ static int cryptodev_builtin_operation(
    }

    sess = builtin->sessions[op_info->session_id];
-    if (algtype == QCRYPTODEV_BACKEND_ALGO_TYPE_SYM) {
+    if (algtype == QCRYPTODEV_BACKEND_ALG_SYM) {
        sym_op_info = op_info->u.sym_op_info;
        status = cryptodev_builtin_sym_operation(sess, sym_op_info,
                                                 &local_error);
-    } else if (algtype == QCRYPTODEV_BACKEND_ALGO_TYPE_ASYM) {
+    } else if (algtype == QCRYPTODEV_BACKEND_ALG_ASYM) {
        asym_op_info = op_info->u.asym_op_info;
        status = cryptodev_builtin_asym_operation(sess, op_info->op_code,
                                                  asym_op_info, &local_error);
--- a/backends/cryptodev-lkcf.c
+++ b/backends/cryptodev-lkcf.c
@@ -133,20 +133,20 @@ static int cryptodev_lkcf_set_op_desc(QCryptoAkCipherOptions *opts,
                                      Error **errp)
 {
    QCryptoAkCipherOptionsRSA *rsa_opt;
-    if (opts->alg != QCRYPTO_AK_CIPHER_ALGO_RSA) {
+    if (opts->alg != QCRYPTO_AKCIPHER_ALG_RSA) {
        error_setg(errp, "Unsupported alg: %u", opts->alg);
        return -1;
    }

    rsa_opt = &opts->u.rsa;
-    if (rsa_opt->padding_alg == QCRYPTO_RSA_PADDING_ALGO_PKCS1) {
+    if (rsa_opt->padding_alg == QCRYPTO_RSA_PADDING_ALG_PKCS1) {
        snprintf(key_desc, desc_len, "enc=%s hash=%s",
-                 QCryptoRSAPaddingAlgo_str(rsa_opt->padding_alg),
-                 QCryptoHashAlgo_str(rsa_opt->hash_alg));
+                 QCryptoRSAPaddingAlgorithm_str(rsa_opt->padding_alg),
+                 QCryptoHashAlgorithm_str(rsa_opt->hash_alg));

    } else {
        snprintf(key_desc, desc_len, "enc=%s",
-                 QCryptoRSAPaddingAlgo_str(rsa_opt->padding_alg));
+                 QCryptoRSAPaddingAlgorithm_str(rsa_opt->padding_alg));
    }
    return 0;
 }
@@ -157,23 +157,23 @@ static int cryptodev_lkcf_set_rsa_opt(int virtio_padding_alg,
                                      Error **errp)
 {
    if (virtio_padding_alg == VIRTIO_CRYPTO_RSA_PKCS1_PADDING) {
-        opt->padding_alg = QCRYPTO_RSA_PADDING_ALGO_PKCS1;
+        opt->padding_alg = QCRYPTO_RSA_PADDING_ALG_PKCS1;

        switch (virtio_hash_alg) {
        case VIRTIO_CRYPTO_RSA_MD5:
-            opt->hash_alg = QCRYPTO_HASH_ALGO_MD5;
+            opt->hash_alg = QCRYPTO_HASH_ALG_MD5;
            break;

        case VIRTIO_CRYPTO_RSA_SHA1:
-            opt->hash_alg = QCRYPTO_HASH_ALGO_SHA1;
+            opt->hash_alg = QCRYPTO_HASH_ALG_SHA1;
            break;

        case VIRTIO_CRYPTO_RSA_SHA256:
-            opt->hash_alg = QCRYPTO_HASH_ALGO_SHA256;
+            opt->hash_alg = QCRYPTO_HASH_ALG_SHA256;
            break;

        case VIRTIO_CRYPTO_RSA_SHA512:
-            opt->hash_alg = QCRYPTO_HASH_ALGO_SHA512;
+            opt->hash_alg = QCRYPTO_HASH_ALG_SHA512;
            break;

        default:
@@ -184,7 +184,7 @@ static int cryptodev_lkcf_set_rsa_opt(int virtio_padding_alg,
    }

    if (virtio_padding_alg == VIRTIO_CRYPTO_RSA_RAW_PADDING) {
-        opt->padding_alg = QCRYPTO_RSA_PADDING_ALGO_RAW;
+        opt->padding_alg = QCRYPTO_RSA_PADDING_ALG_RAW;
        return 0;
    }

@@ -230,7 +230,7 @@ static void cryptodev_lkcf_init(CryptoDevBackend *backend, Error **errp)
    backend->conf.peers.ccs[0] = cc;

    backend->conf.crypto_services =
-        1u << QCRYPTODEV_BACKEND_SERVICE_TYPE_AKCIPHER;
+        1u << QCRYPTODEV_BACKEND_SERVICE_AKCIPHER;
    backend->conf.akcipher_algo = 1u << VIRTIO_CRYPTO_AKCIPHER_RSA;
    lkcf->running = true;

@@ -322,7 +322,7 @@ static void cryptodev_lkcf_execute_task(CryptoDevLKCFTask *task)
     * 2. generally, public key related compution is fast, just compute it with
     * thread-pool.
     */
-    if (session->keytype == QCRYPTO_AK_CIPHER_KEY_TYPE_PRIVATE) {
+    if (session->keytype == QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE) {
        if (qcrypto_akcipher_export_p8info(&session->akcipher_opts,
                                           session->key, session->keylen,
                                           &p8info, &p8info_len,
@@ -474,7 +474,7 @@ static int cryptodev_lkcf_operation(
    CryptoDevBackendLKCF *lkcf =
        CRYPTODEV_BACKEND_LKCF(backend);
    CryptoDevBackendLKCFSession *sess;
-    QCryptodevBackendAlgoType algtype = op_info->algtype;
+    QCryptodevBackendAlgType algtype = op_info->algtype;
    CryptoDevLKCFTask *task;

    if (op_info->session_id >= MAX_SESSIONS ||
@@ -485,7 +485,7 @@ static int cryptodev_lkcf_operation(
    }

    sess = lkcf->sess[op_info->session_id];
-    if (algtype != QCRYPTODEV_BACKEND_ALGO_TYPE_ASYM) {
+    if (algtype != QCRYPTODEV_BACKEND_ALG_ASYM) {
        error_report("algtype not supported: %u", algtype);
        return -VIRTIO_CRYPTO_NOTSUPP;
    }
@@ -518,7 +518,7 @@ static int cryptodev_lkcf_create_asym_session(

    switch (sess_info->algo) {
    case VIRTIO_CRYPTO_AKCIPHER_RSA:
-        sess->akcipher_opts.alg = QCRYPTO_AK_CIPHER_ALGO_RSA;
+        sess->akcipher_opts.alg = QCRYPTO_AKCIPHER_ALG_RSA;
        if (cryptodev_lkcf_set_rsa_opt(
            sess_info->u.rsa.padding_algo, sess_info->u.rsa.hash_algo,
            &sess->akcipher_opts.u.rsa, &local_error) != 0) {
@@ -534,11 +534,11 @@ static int cryptodev_lkcf_create_asym_session(

    switch (sess_info->keytype) {
    case VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PUBLIC:
-        sess->keytype = QCRYPTO_AK_CIPHER_KEY_TYPE_PUBLIC;
+        sess->keytype = QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC;
        break;

    case VIRTIO_CRYPTO_AKCIPHER_KEY_TYPE_PRIVATE:
-        sess->keytype = QCRYPTO_AK_CIPHER_KEY_TYPE_PRIVATE;
+        sess->keytype = QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE;
        break;

    default:
--- a/backends/cryptodev-vhost-user.c
+++ b/backends/cryptodev-vhost-user.c
@@ -221,9 +221,9 @@ static void cryptodev_vhost_user_init(
                     cryptodev_vhost_user_event, NULL, s, NULL, true);

    backend->conf.crypto_services =
-                         1u << QCRYPTODEV_BACKEND_SERVICE_TYPE_CIPHER |
-                         1u << QCRYPTODEV_BACKEND_SERVICE_TYPE_HASH |
-                         1u << QCRYPTODEV_BACKEND_SERVICE_TYPE_MAC;
+                         1u << QCRYPTODEV_BACKEND_SERVICE_CIPHER |
+                         1u << QCRYPTODEV_BACKEND_SERVICE_HASH |
+                         1u << QCRYPTODEV_BACKEND_SERVICE_MAC;
    backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC;
    backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;

@@ -281,7 +281,8 @@ static int cryptodev_vhost_user_create_session(
        break;

    default:
-        error_report("Unsupported opcode :%" PRIu32 "", sess_info->op_code);
+        error_setg(&local_error, "Unsupported opcode :%" PRIu32 "",
+                   sess_info->op_code);
        return -VIRTIO_CRYPTO_NOTSUPP;
    }

--- a/backends/cryptodev-vhost.c
+++ b/backends/cryptodev-vhost.c
@@ -53,7 +53,7 @@ cryptodev_vhost_init(
    CryptoDevBackendVhost *crypto;
    Error *local_err = NULL;

-    crypto = g_new0(CryptoDevBackendVhost, 1);
+    crypto = g_new(CryptoDevBackendVhost, 1);
    crypto->dev.max_queues = 1;
    crypto->dev.nvqs = 1;
    crypto->dev.vqs = crypto->vqs;
--- a/backends/cryptodev.c
+++ b/backends/cryptodev.c
@@ -74,7 +74,7 @@ static int qmp_query_cryptodev_foreach(Object *obj, void *data)

    backend = CRYPTODEV_BACKEND(obj);
    services = backend->conf.crypto_services;
-    for (i = 0; i < QCRYPTODEV_BACKEND_SERVICE_TYPE__MAX; i++) {
+    for (i = 0; i < QCRYPTODEV_BACKEND_SERVICE__MAX; i++) {
        if (services & (1 << i)) {
            QAPI_LIST_PREPEND(info->service, i);
        }
@@ -185,10 +185,10 @@ static int cryptodev_backend_operation(
 static int cryptodev_backend_account(CryptoDevBackend *backend,
                 CryptoDevBackendOpInfo *op_info)
 {
-    enum QCryptodevBackendAlgoType algtype = op_info->algtype;
+    enum QCryptodevBackendAlgType algtype = op_info->algtype;
    int len;

-    if (algtype == QCRYPTODEV_BACKEND_ALGO_TYPE_ASYM) {
+    if (algtype == QCRYPTODEV_BACKEND_ALG_ASYM) {
        CryptoDevBackendAsymOpInfo *asym_op_info = op_info->u.asym_op_info;
        len = asym_op_info->src_len;

@@ -212,7 +212,7 @@ static int cryptodev_backend_account(CryptoDevBackend *backend,
        default:
            return -VIRTIO_CRYPTO_NOTSUPP;
        }
-    } else if (algtype == QCRYPTODEV_BACKEND_ALGO_TYPE_SYM) {
+    } else if (algtype == QCRYPTODEV_BACKEND_ALG_SYM) {
        CryptoDevBackendSymOpInfo *sym_op_info = op_info->u.sym_op_info;
        len = sym_op_info->src_len;

@@ -424,11 +424,11 @@ cryptodev_backend_complete(UserCreatable *uc, Error **errp)
    }

    services = backend->conf.crypto_services;
-    if (services & (1 << QCRYPTODEV_BACKEND_SERVICE_TYPE_CIPHER)) {
+    if (services & (1 << QCRYPTODEV_BACKEND_SERVICE_CIPHER)) {
        backend->sym_stat = g_new0(CryptodevBackendSymStat, 1);
    }

-    if (services & (1 << QCRYPTODEV_BACKEND_SERVICE_TYPE_AKCIPHER)) {
+    if (services & (1 << QCRYPTODEV_BACKEND_SERVICE_AKCIPHER)) {
        backend->asym_stat = g_new0(CryptodevBackendAsymStat, 1);
    }
 }
--- a/backends/hostmem-memfd.c
+++ b/backends/hostmem-memfd.c
@@ -18,6 +18,8 @@
 #include "qapi/error.h"
 #include "qom/object.h"

+#define TYPE_MEMORY_BACKEND_MEMFD "memory-backend-memfd"
+
 OBJECT_DECLARE_SIMPLE_TYPE(HostMemoryBackendMemfd, MEMORY_BACKEND_MEMFD)


--- a/backends/hostmem.c
+++ b/backends/hostmem.c
@@ -178,7 +178,7 @@ static void host_memory_backend_set_merge(Object *obj, bool value, Error **errp)
        return;
    }

-    if (host_memory_backend_mr_inited(backend) &&
+    if (!host_memory_backend_mr_inited(backend) &&
        value != backend->merge) {
        void *ptr = memory_region_get_ram_ptr(&backend->mr);
        uint64_t sz = memory_region_size(&backend->mr);
--- a/backends/tpm/tpm_emulator.c
+++ b/backends/tpm/tpm_emulator.c
@@ -72,7 +72,7 @@ struct TPMEmulator {
    CharBackend ctrl_chr;
    QIOChannel *data_ioc;
    TPMVersion tpm_version;
-    uint32_t caps; /* capabilities of the TPM */
+    ptm_cap caps; /* capabilities of the TPM */
    uint8_t cur_locty_number; /* last set locality */
    Error *migration_blocker;

@@ -123,14 +123,12 @@ static const char *tpm_emulator_strerror(uint32_t tpm_result)
 }

 static int tpm_emulator_ctrlcmd(TPMEmulator *tpm, unsigned long cmd, void *msg,
-                                size_t msg_len_in, size_t msg_len_out_err,
-                                size_t msg_len_out_total)
+                                size_t msg_len_in, size_t msg_len_out)
 {
    CharBackend *dev = &tpm->ctrl_chr;
    uint32_t cmd_no = cpu_to_be32(cmd);
    ssize_t n = sizeof(uint32_t) + msg_len_in;
    uint8_t *buf = NULL;
-    ptm_res res;

    WITH_QEMU_LOCK_GUARD(&tpm->mutex) {
        buf = g_alloca(n);
@@ -142,25 +140,8 @@ static int tpm_emulator_ctrlcmd(TPMEmulator *tpm, unsigned long cmd, void *msg,
            return -1;
        }

-        if (msg_len_out_total > 0) {
-            assert(msg_len_out_total >= msg_len_out_err);
-
-            n = qemu_chr_fe_read_all(dev, (uint8_t *)msg, msg_len_out_err);
-            if (n <= 0) {
-                return -1;
-            }
-            if (msg_len_out_err == msg_len_out_total) {
-                return 0;
-            }
-            /* result error code is always in the first 4 bytes */
-            assert(sizeof(res) <= msg_len_out_err);
-            memcpy(&res, msg, sizeof(res));
-            if (res) {
-                return 0;
-            }
-
-            n = qemu_chr_fe_read_all(dev, (uint8_t *)msg + msg_len_out_err,
-                                     msg_len_out_total - msg_len_out_err);
+        if (msg_len_out != 0) {
+            n = qemu_chr_fe_read_all(dev, msg, msg_len_out);
            if (n <= 0) {
                return -1;
            }
@@ -223,8 +204,7 @@ static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number,
    memset(&loc, 0, sizeof(loc));
    loc.u.req.loc = locty_number;
    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_SET_LOCALITY, &loc,
-                             sizeof(loc), sizeof(loc.u.resp.tpm_result),
-                             sizeof(loc)) < 0) {
+                             sizeof(loc), sizeof(loc)) < 0) {
        error_setg(errp, "tpm-emulator: could not set locality : %s",
                   strerror(errno));
        return -1;
@@ -259,16 +239,13 @@ static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd,

 static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)
 {
-    ptm_cap_n cap_n;
-
-    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_GET_CAPABILITY, &cap_n, 0,
-                             sizeof(cap_n.u.resp.tpm_result),
-                             sizeof(cap_n)) < 0) {
+    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_GET_CAPABILITY,
+                             &tpm_emu->caps, 0, sizeof(tpm_emu->caps)) < 0) {
        error_report("tpm-emulator: probing failed : %s", strerror(errno));
        return -1;
    }

-    tpm_emu->caps = be32_to_cpu(cap_n.u.resp.caps);
+    tpm_emu->caps = be64_to_cpu(tpm_emu->caps);

    trace_tpm_emulator_probe_caps(tpm_emu->caps);

@@ -277,7 +254,7 @@ static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu)

 static int tpm_emulator_check_caps(TPMEmulator *tpm_emu)
 {
-    uint32_t caps = 0;
+    ptm_cap caps = 0;
    const char *tpm = NULL;

    /* check for min. required capabilities */
@@ -313,8 +290,7 @@ static int tpm_emulator_stop_tpm(TPMBackend *tb)
    TPMEmulator *tpm_emu = TPM_EMULATOR(tb);
    ptm_res res;

-    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_STOP, &res, 0,
-                             sizeof(ptm_res), sizeof(res)) < 0) {
+    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_STOP, &res, 0, sizeof(res)) < 0) {
        error_report("tpm-emulator: Could not stop TPM: %s",
                     strerror(errno));
        return -1;
@@ -341,9 +317,8 @@ static int tpm_emulator_lock_storage(TPMEmulator *tpm_emu)

    /* give failing side 300 * 10ms time to release lock */
    pls.u.req.retries = cpu_to_be32(300);
-    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_LOCK_STORAGE, &pls, sizeof(pls.u.req),
-                             sizeof(pls.u.resp.tpm_result),
-                             sizeof(pls.u.resp)) < 0) {
+    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_LOCK_STORAGE, &pls,
+                             sizeof(pls.u.req), sizeof(pls.u.resp)) < 0) {
        error_report("tpm-emulator: Could not lock storage within 3 seconds: "
                     "%s", strerror(errno));
        return -1;
@@ -374,8 +349,7 @@ static int tpm_emulator_set_buffer_size(TPMBackend *tb,
    psbs.u.req.buffersize = cpu_to_be32(wanted_size);

    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_SET_BUFFERSIZE, &psbs,
-                             sizeof(psbs.u.req), sizeof(psbs.u.resp.tpm_result),
-                             sizeof(psbs.u.resp)) < 0) {
+                             sizeof(psbs.u.req), sizeof(psbs.u.resp)) < 0) {
        error_report("tpm-emulator: Could not set buffer size: %s",
                     strerror(errno));
        return -1;
@@ -422,7 +396,6 @@ static int tpm_emulator_startup_tpm_resume(TPMBackend *tb, size_t buffersize,
    }

    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_INIT, &init, sizeof(init),
-                             sizeof(init.u.resp.tpm_result),
                             sizeof(init)) < 0) {
        error_report("tpm-emulator: could not send INIT: %s",
                     strerror(errno));
@@ -464,9 +437,8 @@ static bool tpm_emulator_get_tpm_established_flag(TPMBackend *tb)
        return tpm_emu->established_flag;
    }

-    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_GET_TPMESTABLISHED, &est, 0,
-                             sizeof(est) /* always returns resp.bit */,
-                             sizeof(est)) < 0) {
+    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_GET_TPMESTABLISHED, &est,
+                             0, sizeof(est)) < 0) {
        error_report("tpm-emulator: Could not get the TPM established flag: %s",
                     strerror(errno));
        return false;
@@ -494,7 +466,6 @@ static int tpm_emulator_reset_tpm_established_flag(TPMBackend *tb,
    reset_est.u.req.loc = tpm_emu->cur_locty_number;
    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_RESET_TPMESTABLISHED,
                             &reset_est, sizeof(reset_est),
-                             sizeof(reset_est.u.resp.tpm_result),
                             sizeof(reset_est)) < 0) {
        error_report("tpm-emulator: Could not reset the establishment bit: %s",
                     strerror(errno));
@@ -526,7 +497,7 @@ static void tpm_emulator_cancel_cmd(TPMBackend *tb)

    /* FIXME: make the function non-blocking, or it may block a VCPU */
    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_CANCEL_TPM_CMD, &res, 0,
-                             sizeof(ptm_res), sizeof(res)) < 0) {
+                             sizeof(res)) < 0) {
        error_report("tpm-emulator: Could not cancel command: %s",
                     strerror(errno));
    } else if (res != 0) {
@@ -556,8 +527,8 @@ static size_t tpm_emulator_get_buffer_size(TPMBackend *tb)
 static int tpm_emulator_block_migration(TPMEmulator *tpm_emu)
 {
    Error *err = NULL;
-    uint32_t caps = PTM_CAP_GET_STATEBLOB | PTM_CAP_SET_STATEBLOB |
-                    PTM_CAP_STOP;
+    ptm_cap caps = PTM_CAP_GET_STATEBLOB | PTM_CAP_SET_STATEBLOB |
+                   PTM_CAP_STOP;

    if (!TPM_EMULATOR_IMPLEMENTS_ALL_CAPS(tpm_emu, caps)) {
        error_setg(&tpm_emu->migration_blocker,
@@ -586,7 +557,7 @@ static int tpm_emulator_prepare_data_fd(TPMEmulator *tpm_emu)
    qemu_chr_fe_set_msgfds(&tpm_emu->ctrl_chr, fds + 1, 1);

    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_SET_DATAFD, &res, 0,
-                             sizeof(ptm_res), sizeof(res)) < 0 || res != 0) {
+                             sizeof(res)) < 0 || res != 0) {
        error_report("tpm-emulator: Failed to send CMD_SET_DATAFD: %s",
                     strerror(errno));
        goto err_exit;
@@ -733,8 +704,6 @@ static int tpm_emulator_get_state_blob(TPMEmulator *tpm_emu,

    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_GET_STATEBLOB,
                             &pgs, sizeof(pgs.u.req),
-                             /* always returns up to resp.data */
-                             offsetof(ptm_getstate, u.resp.data),
                             offsetof(ptm_getstate, u.resp.data)) < 0) {
        error_report("tpm-emulator: could not get state blob type %d : %s",
                     type, strerror(errno));
@@ -837,7 +806,7 @@ static int tpm_emulator_set_state_blob(TPMEmulator *tpm_emu,

    /* write the header only */
    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_SET_STATEBLOB, &pss,
-                             offsetof(ptm_setstate, u.req.data), 0, 0) < 0) {
+                             offsetof(ptm_setstate, u.req.data), 0) < 0) {
        error_report("tpm-emulator: could not set state blob type %d : %s",
                     type, strerror(errno));
        return -1;
@@ -1021,8 +990,7 @@ static void tpm_emulator_shutdown(TPMEmulator *tpm_emu)
        return;
    }

-    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_SHUTDOWN, &res, 0,
-                             sizeof(ptm_res), sizeof(res)) < 0) {
+    if (tpm_emulator_ctrlcmd(tpm_emu, CMD_SHUTDOWN, &res, 0, sizeof(res)) < 0) {
        error_report("tpm-emulator: Could not cleanly shutdown the TPM: %s",
                     strerror(errno));
    } else if (res != 0) {
--- a/backends/tpm/tpm_ioctl.h
+++ b/backends/tpm/tpm_ioctl.h
@@ -29,16 +29,6 @@

 typedef uint32_t ptm_res;

-/* PTM_GET_CAPABILITY: Get supported capabilities (ioctl's) */
-struct ptm_cap_n {
-    union {
-        struct {
-            ptm_res tpm_result; /* will always be TPM_SUCCESS (0) */
-            uint32_t caps;
-        } resp; /* response */
-    } u;
-};
-
 /* PTM_GET_TPMESTABLISHED: get the establishment bit */
 struct ptm_est {
    union {
@@ -252,8 +242,7 @@ struct ptm_lockstorage {
    } u;
 };

-typedef uint64_t ptm_cap; /* CUSE-only; use ptm_cap_n otherwise */
-typedef struct ptm_cap_n ptm_cap_n;
+typedef uint64_t ptm_cap;
 typedef struct ptm_est ptm_est;
 typedef struct ptm_reset_est ptm_reset_est;
 typedef struct ptm_loc ptm_loc;
--- a/backends/tpm/trace-events
+++ b/backends/tpm/trace-events
@@ -16,7 +16,7 @@ tpm_util_show_buffer_content(const char *buf) "%s"
 # tpm_emulator.c
 tpm_emulator_set_locality(uint8_t locty) "setting locality to %d"
 tpm_emulator_handle_request(void) "processing TPM command"
-tpm_emulator_probe_caps(uint32_t caps) "capabilities: 0x%x"
+tpm_emulator_probe_caps(uint64_t caps) "capabilities: 0x%"PRIx64
 tpm_emulator_set_buffer_size(uint32_t buffersize, uint32_t minsize, uint32_t maxsize) "buffer size: %u, min: %u, max: %u"
 tpm_emulator_startup_tpm_resume(bool is_resume, size_t buffersize) "is_resume: %d, buffer size: %zu"
 tpm_emulator_get_tpm_established_flag(uint8_t flag) "got established flag: %d"
--- a/block.c
+++ b/block.c
@@ -6352,7 +6352,7 @@ XDbgBlockGraph *bdrv_get_xdbg_block_graph(Error **errp)
        if (!*name) {
            name = allocated_name = blk_get_attached_dev_id(blk);
        }
-        xdbg_graph_add_node(gr, blk, XDBG_BLOCK_GRAPH_NODE_TYPE_BLOCK_BACKEND,
+        xdbg_graph_add_node(gr, blk, X_DBG_BLOCK_GRAPH_NODE_TYPE_BLOCK_BACKEND,
                           name);
        g_free(allocated_name);
        if (blk_root(blk)) {
@@ -6365,7 +6365,7 @@ XDbgBlockGraph *bdrv_get_xdbg_block_graph(Error **errp)
             job = block_job_next_locked(job)) {
            GSList *el;

-            xdbg_graph_add_node(gr, job, XDBG_BLOCK_GRAPH_NODE_TYPE_BLOCK_JOB,
+            xdbg_graph_add_node(gr, job, X_DBG_BLOCK_GRAPH_NODE_TYPE_BLOCK_JOB,
                                job->job.id);
            for (el = job->nodes; el; el = el->next) {
                xdbg_graph_add_edge(gr, job, (BdrvChild *)el->data);
@@ -6374,7 +6374,7 @@ XDbgBlockGraph *bdrv_get_xdbg_block_graph(Error **errp)
    }

    QTAILQ_FOREACH(bs, &graph_bdrv_states, node_list) {
-        xdbg_graph_add_node(gr, bs, XDBG_BLOCK_GRAPH_NODE_TYPE_BLOCK_DRIVER,
+        xdbg_graph_add_node(gr, bs, X_DBG_BLOCK_GRAPH_NODE_TYPE_BLOCK_DRIVER,
                           bs->node_name);
        QLIST_FOREACH(child, &bs->children, next) {
            xdbg_graph_add_edge(gr, bs, child);
@@ -6868,33 +6868,12 @@ int bdrv_activate(BlockDriverState *bs, Error **errp)
            return ret;
        }

-        /*
-         * bdrv_invalidate_cache() calls bdrv_co_invalidate_cache(),
-         * which for qcow2 results in a partial clearing of the
-         * BDRVQcow2State structure. Before that structure has been
-         * completely repopulated, qcow2_do_open() will yield to wait
-         * for I/O while reading the qcow header, which allows a
-         * concurrent QMP query-block command to be dispatched on the
-         * same context. As a result of query-block,
-         * qcow2_get_specific_info() is executed and sees the partial
-         * BDRVQcow2State, leading to an assert. Block the query-info
-         * operation during this window. Note this needs to be done at
-         * this level because the invalidation functions run in
-         * coroutines and the op_block code is GS.
-         */
-        Error *blocker = NULL;
-        error_setg(&blocker, "invalidating cached metadata");
-        bdrv_op_block(bs, BLOCK_OP_TYPE_INFO, blocker);
-
        ret = bdrv_invalidate_cache(bs, errp);
        if (ret < 0) {
            bs->open_flags |= BDRV_O_INACTIVE;
            return ret;
        }

-        bdrv_op_unblock(bs, BLOCK_OP_TYPE_INFO, blocker);
-        g_free(blocker);
-
        FOR_EACH_DIRTY_BITMAP(bs, bm) {
            bdrv_dirty_bitmap_skip_store(bm, false);
        }
--- a/block/aio_task.c
+++ b/block/aio_task.c
@@ -119,3 +119,8 @@ int aio_task_pool_status(AioTaskPool *pool)

    return pool->status;
 }
+
+bool aio_task_pool_empty(AioTaskPool *pool)
+{
+    return pool->busy_tasks == 0;
+}
--- a/block/backup.c
+++ b/block/backup.c
@@ -458,7 +458,7 @@ BlockJob *backup_job_create(const char *job_id, BlockDriverState *bs,
    }

    cbw = bdrv_cbw_append(bs, target, filter_node_name, discard_source,
-                          perf->min_cluster_size, &bcs, errp);
+                          &bcs, errp);
    if (!cbw) {
        goto error;
    }
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -853,6 +853,15 @@ BlockBackendPublic *blk_get_public(BlockBackend *blk)
    return &blk->public;
 }

+/*
+ * Returns a BlockBackend given the associated @public fields.
+ */
+BlockBackend *blk_by_public(BlockBackendPublic *public)
+{
+    GLOBAL_STATE_CODE();
+    return container_of(public, BlockBackend, public);
+}
+
 /*
 * Disassociates the currently associated BlockDriverState from @blk.
 */
@@ -1019,34 +1028,22 @@ DeviceState *blk_get_attached_dev(BlockBackend *blk)
    return blk->dev;
 }

-static char *blk_get_attached_dev_id_or_path(BlockBackend *blk, bool want_id)
+/* Return the qdev ID, or if no ID is assigned the QOM path, of the block
+ * device attached to the BlockBackend. */
+char *blk_get_attached_dev_id(BlockBackend *blk)
 {
    DeviceState *dev = blk->dev;
    IO_CODE();

    if (!dev) {
        return g_strdup("");
-    } else if (want_id && dev->id) {
+    } else if (dev->id) {
        return g_strdup(dev->id);
    }

    return object_get_canonical_path(OBJECT(dev)) ?: g_strdup("");
 }

-/*
- * Return the qdev ID, or if no ID is assigned the QOM path, of the block
- * device attached to the BlockBackend.
- */
-char *blk_get_attached_dev_id(BlockBackend *blk)
-{
-    return blk_get_attached_dev_id_or_path(blk, true);
-}
-
-static char *blk_get_attached_dev_path(BlockBackend *blk)
-{
-    return blk_get_attached_dev_id_or_path(blk, false);
-}
-
 /*
 * Return the BlockBackend which has the device model @dev attached if it
 * exists, else null.
@@ -1217,6 +1214,12 @@ BlockDeviceIoStatus blk_iostatus(const BlockBackend *blk)
    return blk->iostatus;
 }

+void blk_iostatus_disable(BlockBackend *blk)
+{
+    GLOBAL_STATE_CODE();
+    blk->iostatus_enabled = false;
+}
+
 void blk_iostatus_reset(BlockBackend *blk)
 {
    GLOBAL_STATE_CODE();
@@ -2134,10 +2137,9 @@ static void send_qmp_error_event(BlockBackend *blk,
 {
    IoOperationType optype;
    BlockDriverState *bs = blk_bs(blk);
-    g_autofree char *path = blk_get_attached_dev_path(blk);

    optype = is_read ? IO_OPERATION_TYPE_READ : IO_OPERATION_TYPE_WRITE;
-    qapi_event_send_block_io_error(path, blk_name(blk),
+    qapi_event_send_block_io_error(blk_name(blk),
                                   bs ? bdrv_get_node_name(bs) : NULL, optype,
                                   action, blk_iostatus_is_enabled(blk),
                                   error == ENOSPC, strerror(error));
@@ -2226,6 +2228,28 @@ void blk_set_enable_write_cache(BlockBackend *blk, bool wce)
    blk->enable_write_cache = wce;
 }

+void blk_activate(BlockBackend *blk, Error **errp)
+{
+    BlockDriverState *bs = blk_bs(blk);
+    GLOBAL_STATE_CODE();
+
+    if (!bs) {
+        error_setg(errp, "Device '%s' has no medium", blk->name);
+        return;
+    }
+
+    /*
+     * Migration code can call this function in coroutine context, so leave
+     * coroutine context if necessary.
+     */
+    if (qemu_in_coroutine()) {
+        bdrv_co_activate(bs, errp);
+    } else {
+        GRAPH_RDLOCK_GUARD_MAINLOOP();
+        bdrv_activate(bs, errp);
+    }
+}
+
 bool coroutine_fn blk_co_is_inserted(BlockBackend *blk)
 {
    BlockDriverState *bs = blk_bs(blk);
@@ -2356,6 +2380,36 @@ bool blk_op_is_blocked(BlockBackend *blk, BlockOpType op, Error **errp)
    return bdrv_op_is_blocked(bs, op, errp);
 }

+void blk_op_unblock(BlockBackend *blk, BlockOpType op, Error *reason)
+{
+    BlockDriverState *bs = blk_bs(blk);
+    GLOBAL_STATE_CODE();
+
+    if (bs) {
+        bdrv_op_unblock(bs, op, reason);
+    }
+}
+
+void blk_op_block_all(BlockBackend *blk, Error *reason)
+{
+    BlockDriverState *bs = blk_bs(blk);
+    GLOBAL_STATE_CODE();
+
+    if (bs) {
+        bdrv_op_block_all(bs, reason);
+    }
+}
+
+void blk_op_unblock_all(BlockBackend *blk, Error *reason)
+{
+    BlockDriverState *bs = blk_bs(blk);
+    GLOBAL_STATE_CODE();
+
+    if (bs) {
+        bdrv_op_unblock_all(bs, reason);
+    }
+}
+
 /**
 * Return BB's current AioContext.  Note that this context may change
 * concurrently at any time, with one exception: If the BB has a root node
@@ -2510,6 +2564,12 @@ void blk_add_remove_bs_notifier(BlockBackend *blk, Notifier *notify)
    notifier_list_add(&blk->remove_bs_notifiers, notify);
 }

+void blk_add_insert_bs_notifier(BlockBackend *blk, Notifier *notify)
+{
+    GLOBAL_STATE_CODE();
+    notifier_list_add(&blk->insert_bs_notifiers, notify);
+}
+
 BlockAcctStats *blk_get_stats(BlockBackend *blk)
 {
    IO_CODE();
--- a/block/block-copy.c
+++ b/block/block-copy.c
@@ -310,7 +310,6 @@ void block_copy_set_copy_opts(BlockCopyState *s, bool use_copy_range,
 }

 static int64_t block_copy_calculate_cluster_size(BlockDriverState *target,
-                                                 int64_t min_cluster_size,
                                                 Error **errp)
 {
    int ret;
@@ -320,9 +319,6 @@ static int64_t block_copy_calculate_cluster_size(BlockDriverState *target,
    GLOBAL_STATE_CODE();
    GRAPH_RDLOCK_GUARD_MAINLOOP();

-    min_cluster_size = MAX(min_cluster_size,
-                           (int64_t)BLOCK_COPY_CLUSTER_SIZE_DEFAULT);
-
    target_does_cow = bdrv_backing_chain_next(target);

    /*
@@ -333,13 +329,13 @@ static int64_t block_copy_calculate_cluster_size(BlockDriverState *target,
    ret = bdrv_get_info(target, &bdi);
    if (ret == -ENOTSUP && !target_does_cow) {
        /* Cluster size is not defined */
-        warn_report("The target block device doesn't provide information about "
-                    "the block size and it doesn't have a backing file. The "
-                    "(default) block size of %" PRIi64 " bytes is used. If the "
-                    "actual block size of the target exceeds this value, the "
-                    "backup may be unusable",
-                    min_cluster_size);
-        return min_cluster_size;
+        warn_report("The target block device doesn't provide "
+                    "information about the block size and it doesn't have a "
+                    "backing file. The default block size of %u bytes is "
+                    "used. If the actual block size of the target exceeds "
+                    "this default, the backup may be unusable",
+                    BLOCK_COPY_CLUSTER_SIZE_DEFAULT);
+        return BLOCK_COPY_CLUSTER_SIZE_DEFAULT;
    } else if (ret < 0 && !target_does_cow) {
        error_setg_errno(errp, -ret,
            "Couldn't determine the cluster size of the target image, "
@@ -349,17 +345,16 @@ static int64_t block_copy_calculate_cluster_size(BlockDriverState *target,
        return ret;
    } else if (ret < 0 && target_does_cow) {
        /* Not fatal; just trudge on ahead. */
-        return min_cluster_size;
+        return BLOCK_COPY_CLUSTER_SIZE_DEFAULT;
    }

-    return MAX(min_cluster_size, bdi.cluster_size);
+    return MAX(BLOCK_COPY_CLUSTER_SIZE_DEFAULT, bdi.cluster_size);
 }

 BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,
                                     BlockDriverState *copy_bitmap_bs,
                                     const BdrvDirtyBitmap *bitmap,
                                     bool discard_source,
-                                     uint64_t min_cluster_size,
                                     Error **errp)
 {
    ERRP_GUARD();
@@ -370,18 +365,7 @@ BlockCopyState *block_copy_state_new(BdrvChild *source, BdrvChild *target,

    GLOBAL_STATE_CODE();

-    if (min_cluster_size > INT64_MAX) {
-        error_setg(errp, "min-cluster-size too large: %" PRIu64 " > %" PRIi64,
-                   min_cluster_size, INT64_MAX);
-        return NULL;
-    } else if (min_cluster_size && !is_power_of_2(min_cluster_size)) {
-        error_setg(errp, "min-cluster-size needs to be a power of 2");
-        return NULL;
-    }
-
-    cluster_size = block_copy_calculate_cluster_size(target->bs,
-                                                     (int64_t)min_cluster_size,
-                                                     errp);
+    cluster_size = block_copy_calculate_cluster_size(target->bs, errp);
    if (cluster_size < 0) {
        return NULL;
    }
@@ -584,7 +568,7 @@ static coroutine_fn int block_copy_task_entry(AioTask *task)
    BlockCopyState *s = t->s;
    bool error_is_read = false;
    BlockCopyMethod method = t->method;
-    int ret = -1;
+    int ret;

    WITH_GRAPH_RDLOCK_GUARD() {
        ret = block_copy_do_copy(s, t->req.offset, t->req.bytes, &method,
--- a/block/copy-before-write.c
+++ b/block/copy-before-write.c
@@ -418,7 +418,6 @@ static BlockdevOptions *cbw_parse_options(QDict *options, Error **errp)
    qdict_extract_subqdict(options, NULL, "bitmap");
    qdict_del(options, "on-cbw-error");
    qdict_del(options, "cbw-timeout");
-    qdict_del(options, "min-cluster-size");

 out:
    visit_free(v);
@@ -478,10 +477,8 @@ static int cbw_open(BlockDriverState *bs, QDict *options, int flags,
             bs->file->bs->supported_zero_flags);

    s->discard_source = flags & BDRV_O_CBW_DISCARD_SOURCE;
-
    s->bcs = block_copy_state_new(bs->file, s->target, bs, bitmap,
-                                  flags & BDRV_O_CBW_DISCARD_SOURCE,
-                                  opts->min_cluster_size, errp);
+                                  flags & BDRV_O_CBW_DISCARD_SOURCE, errp);
    if (!s->bcs) {
        error_prepend(errp, "Cannot create block-copy-state: ");
        return -EINVAL;
@@ -549,7 +546,6 @@ BlockDriverState *bdrv_cbw_append(BlockDriverState *source,
                                  BlockDriverState *target,
                                  const char *filter_node_name,
                                  bool discard_source,
-                                  uint64_t min_cluster_size,
                                  BlockCopyState **bcs,
                                  Error **errp)
 {
@@ -569,14 +565,6 @@ BlockDriverState *bdrv_cbw_append(BlockDriverState *source,
    qdict_put_str(opts, "file", bdrv_get_node_name(source));
    qdict_put_str(opts, "target", bdrv_get_node_name(target));

-    if (min_cluster_size > INT64_MAX) {
-        error_setg(errp, "min-cluster-size too large: %" PRIu64 " > %" PRIi64,
-                   min_cluster_size, INT64_MAX);
-        qobject_unref(opts);
-        return NULL;
-    }
-    qdict_put_int(opts, "min-cluster-size", (int64_t)min_cluster_size);
-
    top = bdrv_insert_node(source, opts, flags, errp);
    if (!top) {
        return NULL;
--- a/block/copy-before-write.h
+++ b/block/copy-before-write.h
@@ -40,7 +40,6 @@ BlockDriverState *bdrv_cbw_append(BlockDriverState *source,
                                  BlockDriverState *target,
                                  const char *filter_node_name,
                                  bool discard_source,
-                                  uint64_t min_cluster_size,
                                  BlockCopyState **bcs,
                                  Error **errp);
 void bdrv_cbw_drop(BlockDriverState *bs);
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -682,7 +682,7 @@ err:
 static int block_crypto_probe_luks(const uint8_t *buf,
                                   int buf_size,
                                   const char *filename) {
-    return block_crypto_probe_generic(QCRYPTO_BLOCK_FORMAT_LUKS,
+    return block_crypto_probe_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
                                      buf, buf_size, filename);
 }

@@ -691,7 +691,7 @@ static int block_crypto_open_luks(BlockDriverState *bs,
                                  int flags,
                                  Error **errp)
 {
-    return block_crypto_open_generic(QCRYPTO_BLOCK_FORMAT_LUKS,
+    return block_crypto_open_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
                                     &block_crypto_runtime_opts_luks,
                                     bs, options, flags, errp);
 }
@@ -724,7 +724,7 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp)
    }

    create_opts = (QCryptoBlockCreateOptions) {
-        .format = QCRYPTO_BLOCK_FORMAT_LUKS,
+        .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
        .u.luks = *qapi_BlockdevCreateOptionsLUKS_base(luks_opts),
    };

@@ -889,7 +889,7 @@ block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp)
    if (!info) {
        return NULL;
    }
-    assert(info->format == QCRYPTO_BLOCK_FORMAT_LUKS);
+    assert(info->format == Q_CRYPTO_BLOCK_FORMAT_LUKS);

    spec_info = g_new(ImageInfoSpecific, 1);
    spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS;
@@ -1002,7 +1002,7 @@ coroutine_fn block_crypto_co_amend_luks(BlockDriverState *bs,
    QCryptoBlockAmendOptions amend_opts;

    amend_opts = (QCryptoBlockAmendOptions) {
-        .format = QCRYPTO_BLOCK_FORMAT_LUKS,
+        .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
        .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks),
    };
    return block_crypto_amend_options_generic_luks(bs, &amend_opts,
--- a/block/export/vduse-blk.c
+++ b/block/export/vduse-blk.c
@@ -273,6 +273,7 @@ static int vduse_blk_exp_create(BlockExport *exp, BlockExportOptions *opts,
    uint64_t logical_block_size = VIRTIO_BLK_SECTOR_SIZE;
    uint16_t num_queues = VDUSE_DEFAULT_NUM_QUEUE;
    uint16_t queue_size = VDUSE_DEFAULT_QUEUE_SIZE;
+    Error *local_err = NULL;
    struct virtio_blk_config config = { 0 };
    uint64_t features;
    int i, ret;
@@ -296,8 +297,10 @@ static int vduse_blk_exp_create(BlockExport *exp, BlockExportOptions *opts,

    if (vblk_opts->has_logical_block_size) {
        logical_block_size = vblk_opts->logical_block_size;
-        if (!check_block_size("logical-block-size", logical_block_size,
-                              errp)) {
+        check_block_size(exp->id, "logical-block-size", logical_block_size,
+                         &local_err);
+        if (local_err) {
+            error_propagate(errp, local_err);
            return -EINVAL;
        }
    }
--- a/block/export/vhost-user-blk-server.c
+++ b/block/export/vhost-user-blk-server.c
@@ -319,6 +319,7 @@ static int vu_blk_exp_create(BlockExport *exp, BlockExportOptions *opts,
 {
    VuBlkExport *vexp = container_of(exp, VuBlkExport, export);
    BlockExportOptionsVhostUserBlk *vu_opts = &opts->u.vhost_user_blk;
+    Error *local_err = NULL;
    uint64_t logical_block_size;
    uint16_t num_queues = VHOST_USER_BLK_NUM_QUEUES_DEFAULT;

@@ -329,7 +330,10 @@ static int vu_blk_exp_create(BlockExport *exp, BlockExportOptions *opts,
    } else {
        logical_block_size = VIRTIO_BLK_SECTOR_SIZE;
    }
-    if (!check_block_size("logical-block-size", logical_block_size, errp)) {
+    check_block_size(exp->id, "logical-block-size", logical_block_size,
+                     &local_err);
+    if (local_err) {
+        error_propagate(errp, local_err);
        return -EINVAL;
    }

--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -1401,7 +1401,7 @@ static void raw_refresh_zoned_limits(BlockDriverState *bs, struct stat *st,
                                     Error **errp)
 {
    BDRVRawState *s = bs->opaque;
-    BlockZoneModel zoned = BLK_Z_NONE;
+    BlockZoneModel zoned;
    int ret;

    ret = get_sysfs_zoned_model(st, &zoned);
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -514,6 +514,7 @@ static int qemu_gluster_parse_json(BlockdevOptionsGluster *gconf,
    SocketAddressList **tail;
    QDict *backing_options = NULL;
    Error *local_err = NULL;
+    char *str = NULL;
    const char *ptr;
    int i, type, num_servers;

@@ -546,8 +547,7 @@ static int qemu_gluster_parse_json(BlockdevOptionsGluster *gconf,
    tail = &gconf->server;

    for (i = 0; i < num_servers; i++) {
-        g_autofree char *str = g_strdup_printf(GLUSTER_OPT_SERVER_PATTERN"%d.",
-                                               i);
+        str = g_strdup_printf(GLUSTER_OPT_SERVER_PATTERN"%d.", i);
        qdict_extract_subqdict(options, &backing_options, str);

        /* create opts info from runtime_type_opts list */
@@ -658,6 +658,8 @@ static int qemu_gluster_parse_json(BlockdevOptionsGluster *gconf,

        qobject_unref(backing_options);
        backing_options = NULL;
+        g_free(str);
+        str = NULL;
    }

    return 0;
@@ -666,6 +668,7 @@ out:
    error_propagate(errp, local_err);
    qapi_free_SocketAddress(gsconf);
    qemu_opts_del(opts);
+    g_free(str);
    qobject_unref(backing_options);
    errno = EINVAL;
    return -errno;
@@ -806,8 +809,6 @@ static int qemu_gluster_open(BlockDriverState *bs,  QDict *options,
        goto out;
    }

-    warn_report_once("'gluster' is deprecated");
-
    filename = qemu_opt_get(opts, GLUSTER_OPT_FILENAME);

    s->debug = qemu_opt_get_number(opts, GLUSTER_OPT_DEBUG,
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -349,7 +349,7 @@ static void coroutine_fn mirror_co_read(void *opaque)
    MirrorOp *op = opaque;
    MirrorBlockJob *s = op->s;
    int nb_chunks;
-    int ret = -1;
+    uint64_t ret;
    uint64_t max_bytes;

    max_bytes = s->granularity * s->max_iov;
@@ -565,7 +565,7 @@ static void coroutine_fn GRAPH_UNLOCKED mirror_iteration(MirrorBlockJob *s)

    bitmap_set(s->in_flight_bitmap, offset / s->granularity, nb_chunks);
    while (nb_chunks > 0 && offset < s->bdev_length) {
-        int ret = -1;
+        int ret;
        int64_t io_bytes;
        int64_t io_bytes_acct;
        MirrorMethod mirror_method = MIRROR_METHOD_COPY;
@@ -841,7 +841,7 @@ static int coroutine_fn GRAPH_UNLOCKED mirror_dirty_init(MirrorBlockJob *s)
    int64_t offset;
    BlockDriverState *bs;
    BlockDriverState *target_bs = blk_bs(s->target);
-    int ret = -1;
+    int ret;
    int64_t count;

    bdrv_graph_co_rdlock();
@@ -931,7 +931,7 @@ static int coroutine_fn mirror_run(Job *job, Error **errp)
    MirrorBDSOpaque *mirror_top_opaque = s->mirror_top_bs->opaque;
    BlockDriverState *target_bs = blk_bs(s->target);
    bool need_drain = true;
-    BlockDeviceIoStatus iostatus = BLOCK_DEVICE_IO_STATUS__MAX;
+    BlockDeviceIoStatus iostatus;
    int64_t length;
    int64_t target_length;
    BlockDriverInfo bdi;
--- a/block/parallels-ext.c
+++ b/block/parallels-ext.c
@@ -206,7 +206,7 @@ parallels_parse_format_extension(BlockDriverState *bs, uint8_t *ext_cluster,
        goto fail;
    }

-    ret = qcrypto_hash_bytes(QCRYPTO_HASH_ALGO_MD5, (char *)pos, remaining,
+    ret = qcrypto_hash_bytes(QCRYPTO_HASH_ALG_MD5, (char *)pos, remaining,
                             &hash, &hash_len, errp);
    if (ret < 0) {
        goto fail;
--- a/block/parallels.c
+++ b/block/parallels.c
@@ -184,11 +184,11 @@ static int mark_used(BlockDriverState *bs, unsigned long *bitmap,
    BDRVParallelsState *s = bs->opaque;
    uint32_t cluster_index = host_cluster_index(s, off);
    unsigned long next_used;
-    if ((uint64_t)cluster_index + count > bitmap_size) {
+    if (cluster_index + count > bitmap_size) {
        return -E2BIG;
    }
    next_used = find_next_bit(bitmap, bitmap_size, cluster_index);
-    if (next_used < (uint64_t)cluster_index + count) {
+    if (next_used < cluster_index + count) {
        return -EBUSY;
    }
    bitmap_set(bitmap, cluster_index, count);
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -831,7 +831,7 @@ qcow_co_create(BlockdevCreateOptions *opts, Error **errp)
    }

    if (qcow_opts->encrypt &&
-        qcow_opts->encrypt->format != QCRYPTO_BLOCK_FORMAT_QCOW)
+        qcow_opts->encrypt->format != Q_CRYPTO_BLOCK_FORMAT_QCOW)
    {
        error_setg(errp, "Unsupported encryption format");
        return -EINVAL;
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -2848,6 +2848,7 @@ qcow2_co_invalidate_cache(BlockDriverState *bs, Error **errp)
    BdrvChild *data_file;
    int flags = s->flags;
    QCryptoBlock *crypto = NULL;
+    Error *blocker = NULL;
    QDict *options;
    int ret;

@@ -2859,6 +2860,17 @@ qcow2_co_invalidate_cache(BlockDriverState *bs, Error **errp)
    crypto = s->crypto;
    s->crypto = NULL;

+    /*
+     * When qcow2_do_open() below reads the qcow header, it yields to
+     * wait for the I/O which allows a concurrent QMP query-block
+     * command to be dispatched on the same context before
+     * BDRVQcow2State has been completely repopulated. Block the
+     * query-info operation during this window to avoid having
+     * qcow2_get_specific_info() access bogus values.
+     */
+    error_setg(&blocker, "invalidating cached metadata");
+    bdrv_op_block(bs, BLOCK_OP_TYPE_INFO, blocker);
+
    /*
     * Do not reopen s->data_file (i.e., have qcow2_do_close() not close it,
     * and then prevent qcow2_do_open() from opening it), because this function
@@ -2878,6 +2890,8 @@ qcow2_co_invalidate_cache(BlockDriverState *bs, Error **errp)
    qemu_co_mutex_lock(&s->lock);
    ret = qcow2_do_open(bs, options, flags, false, errp);
    qemu_co_mutex_unlock(&s->lock);
+    bdrv_op_unblock(bs, BLOCK_OP_TYPE_INFO, blocker);
+    g_free(blocker);
    qobject_unref(options);
    if (ret < 0) {
        error_prepend(errp, "Could not reopen qcow2 layer: ");
@@ -3214,10 +3228,10 @@ qcow2_set_up_encryption(BlockDriverState *bs,
    int fmt, ret;

    switch (cryptoopts->format) {
-    case QCRYPTO_BLOCK_FORMAT_LUKS:
+    case Q_CRYPTO_BLOCK_FORMAT_LUKS:
        fmt = QCOW_CRYPT_LUKS;
        break;
-    case QCRYPTO_BLOCK_FORMAT_QCOW:
+    case Q_CRYPTO_BLOCK_FORMAT_QCOW:
        fmt = QCOW_CRYPT_AES;
        break;
    default:
@@ -5305,17 +5319,17 @@ qcow2_get_specific_info(BlockDriverState *bs, Error **errp)
    } else {
        /* if this assertion fails, this probably means a new version was
         * added without having it covered here */
-        g_assert_not_reached();
+        assert(false);
    }

    if (encrypt_info) {
        ImageInfoSpecificQCow2Encryption *qencrypt =
            g_new(ImageInfoSpecificQCow2Encryption, 1);
        switch (encrypt_info->format) {
-        case QCRYPTO_BLOCK_FORMAT_QCOW:
+        case Q_CRYPTO_BLOCK_FORMAT_QCOW:
            qencrypt->format = BLOCKDEV_QCOW2_ENCRYPTION_FORMAT_AES;
            break;
-        case QCRYPTO_BLOCK_FORMAT_LUKS:
+        case Q_CRYPTO_BLOCK_FORMAT_LUKS:
            qencrypt->format = BLOCKDEV_QCOW2_ENCRYPTION_FORMAT_LUKS;
            qencrypt->u.luks = encrypt_info->u.luks;
            break;
@@ -5954,7 +5968,7 @@ static int coroutine_fn qcow2_co_amend(BlockDriverState *bs,
            return -EOPNOTSUPP;
        }

-        if (qopts->encrypt->format != QCRYPTO_BLOCK_FORMAT_LUKS) {
+        if (qopts->encrypt->format != Q_CRYPTO_BLOCK_FORMAT_LUKS) {
            error_setg(errp,
                       "Amend can't be used to change the qcow2 encryption format");
            return -EOPNOTSUPP;
--- a/block/qed.c
+++ b/block/qed.c
@@ -353,7 +353,6 @@ static void bdrv_qed_detach_aio_context(BlockDriverState *bs)

    qed_cancel_need_check_timer(s);
    timer_free(s->need_check_timer);
-    s->need_check_timer = NULL;
 }

 static void bdrv_qed_attach_aio_context(BlockDriverState *bs,
--- a/block/quorum.c
+++ b/block/quorum.c
@@ -393,7 +393,7 @@ static int quorum_compute_hash(QuorumAIOCB *acb, int i, QuorumVoteValue *hash)
    /* XXX - would be nice if we could pass in the Error **
     * and propagate that back, but this quorum code is
     * restricted to just errno values currently */
-    if (qcrypto_hash_bytesv(QCRYPTO_HASH_ALGO_SHA256,
+    if (qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA256,
                            qiov->iov, qiov->niov,
                            &data, &len,
                            NULL) < 0) {
@@ -1308,7 +1308,7 @@ static BlockDriver bdrv_quorum = {

 static void bdrv_quorum_init(void)
 {
-    if (!qcrypto_hash_supports(QCRYPTO_HASH_ALGO_SHA256)) {
+    if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA256)) {
        /* SHA256 hash support is required for quorum device */
        return;
    }
--- a/block/raw-format.c
+++ b/block/raw-format.c
@@ -111,7 +111,7 @@ raw_apply_options(BlockDriverState *bs, BDRVRawState *s, uint64_t offset,
    if (offset > real_size) {
        error_setg(errp, "Offset (%" PRIu64 ") cannot be greater than "
                   "size of the containing file (%" PRId64 ")",
-                   offset, real_size);
+                   s->offset, real_size);
        return -EINVAL;
    }

@@ -119,7 +119,7 @@ raw_apply_options(BlockDriverState *bs, BDRVRawState *s, uint64_t offset,
        error_setg(errp, "The sum of offset (%" PRIu64 ") and size "
                   "(%" PRIu64 ") has to be smaller or equal to the "
                   " actual size of the containing file (%" PRId64 ")",
-                   offset, size, real_size);
+                   s->offset, s->size, real_size);
        return -EINVAL;
    }

--- a/block/rbd.c
+++ b/block/rbd.c
@@ -367,11 +367,11 @@ static int qemu_rbd_convert_luks_create_options(

    if (luks_opts->has_cipher_alg) {
        switch (luks_opts->cipher_alg) {
-            case QCRYPTO_CIPHER_ALGO_AES_128: {
+            case QCRYPTO_CIPHER_ALG_AES_128: {
                *alg = RBD_ENCRYPTION_ALGORITHM_AES128;
                break;
            }
-            case QCRYPTO_CIPHER_ALGO_AES_256: {
+            case QCRYPTO_CIPHER_ALG_AES_256: {
                *alg = RBD_ENCRYPTION_ALGORITHM_AES256;
                break;
            }
--- a/block/snapshot.c
+++ b/block/snapshot.c
@@ -296,7 +296,6 @@ int bdrv_snapshot_goto(BlockDriverState *bs,
        bdrv_graph_wrunlock();

        ret = bdrv_snapshot_goto(fallback_bs, snapshot_id, errp);
-        memset(bs->opaque, 0, drv->instance_size);
        open_ret = drv->bdrv_open(bs, options, bs->open_flags, &local_err);
        qobject_unref(options);
        if (open_ret < 0) {
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -364,7 +364,7 @@ static unsigned hex2decimal(char ch)
        return 10 + (ch - 'A');
    }

-    return UINT_MAX;
+    return -1;
 }

 /* Compare the binary fingerprint (hash of host key) with the
@@ -376,15 +376,13 @@ static int compare_fingerprint(const unsigned char *fingerprint, size_t len,
    unsigned c;

    while (len > 0) {
-        unsigned c0, c1;
        while (*host_key_check == ':')
            host_key_check++;
-        c0 = hex2decimal(host_key_check[0]);
-        c1 = hex2decimal(host_key_check[1]);
-        if (c0 > 0xf || c1 > 0xf) {
+        if (!qemu_isxdigit(host_key_check[0]) ||
+            !qemu_isxdigit(host_key_check[1]))
            return 1;
-        }
-        c = c0 * 16 + c1;
+        c = hex2decimal(host_key_check[0]) * 16 +
+            hex2decimal(host_key_check[1]);
        if (c - *fingerprint != 0)
            return c - *fingerprint;
        fingerprint++;
@@ -476,6 +474,7 @@ static int check_host_key(BDRVSSHState *s, SshHostKeyCheck *hkc, Error **errp)
                                       errp);
        }
        g_assert_not_reached();
+        break;
    case SSH_HOST_KEY_CHECK_MODE_KNOWN_HOSTS:
        return check_host_key_knownhosts(s, errp);
    default:
@@ -866,6 +865,9 @@ static int ssh_open(BlockDriverState *bs, QDict *options, int bdrv_flags,
        goto err;
    }

+    /* Go non-blocking. */
+    ssh_set_blocking(s->session, 0);
+
    if (s->attrs->type == SSH_FILEXFER_TYPE_REGULAR) {
        bs->supported_truncate_flags = BDRV_REQ_ZERO_WRITE;
    }
--- a/block/stream.c
+++ b/block/stream.c
@@ -155,8 +155,8 @@ static void stream_clean(Job *job)
 static int coroutine_fn stream_run(Job *job, Error **errp)
 {
    StreamBlockJob *s = container_of(job, StreamBlockJob, common.job);
-    BlockDriverState *unfiltered_bs = NULL;
-    int64_t len = -1;
+    BlockDriverState *unfiltered_bs;
+    int64_t len;
    int64_t offset = 0;
    int error = 0;
    int64_t n = 0; /* bytes */
@@ -177,7 +177,7 @@ static int coroutine_fn stream_run(Job *job, Error **errp)

    for ( ; offset < len; offset += n) {
        bool copy;
-        int ret = -1;
+        int ret;

        /* Note that even when no rate limit is applied we need to yield
         * with no pending I/O here so that bdrv_drain_all() returns.
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -3,12 +3,10 @@
 *
 * Copyright (c) 2009, 2012 Stefan Weil
 *
- * SPDX-License-Identifier: GPL-2.0-or-later
- *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 2 of the License, or
- * (at your option) any later version.
+ * (at your option) version 3 or any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -87,7 +85,7 @@
 /* Command line option for static images. */
 #define BLOCK_OPT_STATIC "static"

-#define SECTOR_SIZE 512ULL
+#define SECTOR_SIZE 512
 #define DEFAULT_CLUSTER_SIZE 1048576
 /* Note: can't use 1 * MiB, because it's passed to stringify() */

@@ -442,7 +440,7 @@ static int vdi_open(BlockDriverState *bs, QDict *options, int flags,
        goto fail;
    } else if (header.sector_size != SECTOR_SIZE) {
        error_setg(errp, "unsupported VDI image (sector size %" PRIu32
-                   " is not %llu)", header.sector_size, SECTOR_SIZE);
+                   " is not %u)", header.sector_size, SECTOR_SIZE);
        ret = -ENOTSUP;
        goto fail;
    } else if (header.block_size != DEFAULT_CLUSTER_SIZE) {
--- a/blockdev.c
+++ b/blockdev.c
@@ -2655,9 +2655,6 @@ static BlockJob *do_backup_common(BackupCommon *backup,
        if (backup->x_perf->has_max_chunk) {
            perf.max_chunk = backup->x_perf->max_chunk;
        }
-        if (backup->x_perf->has_min_cluster_size) {
-            perf.min_cluster_size = backup->x_perf->min_cluster_size;
-        }
    }

    if ((backup->sync == MIRROR_SYNC_MODE_BITMAP) ||
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -60,7 +60,6 @@ uintptr_t qemu_host_page_size;
 intptr_t qemu_host_page_mask;

 static bool opt_one_insn_per_tb;
-static unsigned long opt_tb_size;
 uintptr_t guest_base;
 bool have_guest_base;
 /*
@@ -170,7 +169,6 @@ static void usage(void)
           "                  (use '-d help' for a list of log items)\n"
           "-D logfile        write logs to 'logfile' (default stderr)\n"
           "-one-insn-per-tb  run with one guest instruction per emulated TB\n"
-           "-tb-size size     TCG translation block cache size\n"
           "-strace           log system calls\n"
           "-trace            [[enable=]<pattern>][,events=<file>][,file=<file>]\n"
           "                  specify tracing options\n"
@@ -389,11 +387,6 @@ int main(int argc, char **argv)
            seed_optarg = optarg;
        } else if (!strcmp(r, "one-insn-per-tb")) {
            opt_one_insn_per_tb = true;
-        } else if (!strcmp(r, "tb-size")) {
-            r = argv[optind++];
-            if (qemu_strtoul(r, NULL, 0, &opt_tb_size)) {
-                usage();
-            }
        } else if (!strcmp(r, "strace")) {
            do_strace = 1;
        } else if (!strcmp(r, "trace")) {
@@ -459,8 +452,6 @@ int main(int argc, char **argv)
        accel_init_interfaces(ac);
        object_property_set_bool(OBJECT(accel), "one-insn-per-tb",
                                 opt_one_insn_per_tb, &error_abort);
-        object_property_set_int(OBJECT(accel), "tb-size",
-                                opt_tb_size, &error_abort);
        ac->init_machine(NULL);
    }

@@ -610,7 +601,6 @@ int main(int argc, char **argv)
    init_task_state(ts);
    ts->info = info;
    ts->bprm = &bprm;
-    ts->ts_tid = qemu_get_thread_id();
    cpu->opaque = ts;

    target_set_brk(info->brk);
--- a/bsd-user/riscv/signal.c
+++ b/bsd-user/riscv/signal.c
@@ -1,170 +0,0 @@
-/*
- *  RISC-V signal definitions
- *
- *  Copyright (c) 2019 Mark Corbin
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "qemu/osdep.h"
-
-#include "qemu.h"
-
-/*
- * Compare with sendsig() in riscv/riscv/exec_machdep.c
- * Assumes that target stack frame memory is locked.
- */
-abi_long
-set_sigtramp_args(CPURISCVState *regs, int sig, struct target_sigframe *frame,
-    abi_ulong frame_addr, struct target_sigaction *ka)
-{
-    /*
-     * Arguments to signal handler:
-     *  a0 (10) = signal number
-     *  a1 (11) = siginfo pointer
-     *  a2 (12) = ucontext pointer
-     *  pc      = signal pointer handler
-     *  sp (2)  = sigframe pointer
-     *  ra (1)  = sigtramp at base of user stack
-     */
-
-     regs->gpr[xA0] = sig;
-     regs->gpr[xA1] = frame_addr +
-         offsetof(struct target_sigframe, sf_si);
-     regs->gpr[xA2] = frame_addr +
-         offsetof(struct target_sigframe, sf_uc);
-     regs->pc = ka->_sa_handler;
-     regs->gpr[xSP] = frame_addr;
-     regs->gpr[xRA] = TARGET_PS_STRINGS - TARGET_SZSIGCODE;
-     return 0;
-}
-
-/*
- * Compare to riscv/riscv/exec_machdep.c sendsig()
- * Assumes that the memory is locked if frame points to user memory.
- */
-abi_long setup_sigframe_arch(CPURISCVState *env, abi_ulong frame_addr,
-                             struct target_sigframe *frame, int flags)
-{
-    target_mcontext_t *mcp = &frame->sf_uc.uc_mcontext;
-
-    get_mcontext(env, mcp, flags);
-    return 0;
-}
-
-/*
- * Compare with get_mcontext() in riscv/riscv/machdep.c
- * Assumes that the memory is locked if mcp points to user memory.
- */
-abi_long get_mcontext(CPURISCVState *regs, target_mcontext_t *mcp,
-        int flags)
-{
-
-    mcp->mc_gpregs.gp_t[0] = tswap64(regs->gpr[5]);
-    mcp->mc_gpregs.gp_t[1] = tswap64(regs->gpr[6]);
-    mcp->mc_gpregs.gp_t[2] = tswap64(regs->gpr[7]);
-    mcp->mc_gpregs.gp_t[3] = tswap64(regs->gpr[28]);
-    mcp->mc_gpregs.gp_t[4] = tswap64(regs->gpr[29]);
-    mcp->mc_gpregs.gp_t[5] = tswap64(regs->gpr[30]);
-    mcp->mc_gpregs.gp_t[6] = tswap64(regs->gpr[31]);
-
-    mcp->mc_gpregs.gp_s[0] = tswap64(regs->gpr[8]);
-    mcp->mc_gpregs.gp_s[1] = tswap64(regs->gpr[9]);
-    mcp->mc_gpregs.gp_s[2] = tswap64(regs->gpr[18]);
-    mcp->mc_gpregs.gp_s[3] = tswap64(regs->gpr[19]);
-    mcp->mc_gpregs.gp_s[4] = tswap64(regs->gpr[20]);
-    mcp->mc_gpregs.gp_s[5] = tswap64(regs->gpr[21]);
-    mcp->mc_gpregs.gp_s[6] = tswap64(regs->gpr[22]);
-    mcp->mc_gpregs.gp_s[7] = tswap64(regs->gpr[23]);
-    mcp->mc_gpregs.gp_s[8] = tswap64(regs->gpr[24]);
-    mcp->mc_gpregs.gp_s[9] = tswap64(regs->gpr[25]);
-    mcp->mc_gpregs.gp_s[10] = tswap64(regs->gpr[26]);
-    mcp->mc_gpregs.gp_s[11] = tswap64(regs->gpr[27]);
-
-    mcp->mc_gpregs.gp_a[0] = tswap64(regs->gpr[10]);
-    mcp->mc_gpregs.gp_a[1] = tswap64(regs->gpr[11]);
-    mcp->mc_gpregs.gp_a[2] = tswap64(regs->gpr[12]);
-    mcp->mc_gpregs.gp_a[3] = tswap64(regs->gpr[13]);
-    mcp->mc_gpregs.gp_a[4] = tswap64(regs->gpr[14]);
-    mcp->mc_gpregs.gp_a[5] = tswap64(regs->gpr[15]);
-    mcp->mc_gpregs.gp_a[6] = tswap64(regs->gpr[16]);
-    mcp->mc_gpregs.gp_a[7] = tswap64(regs->gpr[17]);
-
-    if (flags & TARGET_MC_GET_CLEAR_RET) {
-        mcp->mc_gpregs.gp_a[0] = 0; /* a0 */
-        mcp->mc_gpregs.gp_a[1] = 0; /* a1 */
-        mcp->mc_gpregs.gp_t[0] = 0; /* clear syscall error */
-    }
-
-    mcp->mc_gpregs.gp_ra = tswap64(regs->gpr[1]);
-    mcp->mc_gpregs.gp_sp = tswap64(regs->gpr[2]);
-    mcp->mc_gpregs.gp_gp = tswap64(regs->gpr[3]);
-    mcp->mc_gpregs.gp_tp = tswap64(regs->gpr[4]);
-    mcp->mc_gpregs.gp_sepc = tswap64(regs->pc);
-
-    return 0;
-}
-
-/* Compare with set_mcontext() in riscv/riscv/exec_machdep.c */
-abi_long set_mcontext(CPURISCVState *regs, target_mcontext_t *mcp,
-        int srflag)
-{
-
-    regs->gpr[5] = tswap64(mcp->mc_gpregs.gp_t[0]);
-    regs->gpr[6] = tswap64(mcp->mc_gpregs.gp_t[1]);
-    regs->gpr[7] = tswap64(mcp->mc_gpregs.gp_t[2]);
-    regs->gpr[28] = tswap64(mcp->mc_gpregs.gp_t[3]);
-    regs->gpr[29] = tswap64(mcp->mc_gpregs.gp_t[4]);
-    regs->gpr[30] = tswap64(mcp->mc_gpregs.gp_t[5]);
-    regs->gpr[31] = tswap64(mcp->mc_gpregs.gp_t[6]);
-
-    regs->gpr[8] = tswap64(mcp->mc_gpregs.gp_s[0]);
-    regs->gpr[9] = tswap64(mcp->mc_gpregs.gp_s[1]);
-    regs->gpr[18] = tswap64(mcp->mc_gpregs.gp_s[2]);
-    regs->gpr[19] = tswap64(mcp->mc_gpregs.gp_s[3]);
-    regs->gpr[20] = tswap64(mcp->mc_gpregs.gp_s[4]);
-    regs->gpr[21] = tswap64(mcp->mc_gpregs.gp_s[5]);
-    regs->gpr[22] = tswap64(mcp->mc_gpregs.gp_s[6]);
-    regs->gpr[23] = tswap64(mcp->mc_gpregs.gp_s[7]);
-    regs->gpr[24] = tswap64(mcp->mc_gpregs.gp_s[8]);
-    regs->gpr[25] = tswap64(mcp->mc_gpregs.gp_s[9]);
-    regs->gpr[26] = tswap64(mcp->mc_gpregs.gp_s[10]);
-    regs->gpr[27] = tswap64(mcp->mc_gpregs.gp_s[11]);
-
-    regs->gpr[10] = tswap64(mcp->mc_gpregs.gp_a[0]);
-    regs->gpr[11] = tswap64(mcp->mc_gpregs.gp_a[1]);
-    regs->gpr[12] = tswap64(mcp->mc_gpregs.gp_a[2]);
-    regs->gpr[13] = tswap64(mcp->mc_gpregs.gp_a[3]);
-    regs->gpr[14] = tswap64(mcp->mc_gpregs.gp_a[4]);
-    regs->gpr[15] = tswap64(mcp->mc_gpregs.gp_a[5]);
-    regs->gpr[16] = tswap64(mcp->mc_gpregs.gp_a[6]);
-    regs->gpr[17] = tswap64(mcp->mc_gpregs.gp_a[7]);
-
-
-    regs->gpr[1] = tswap64(mcp->mc_gpregs.gp_ra);
-    regs->gpr[2] = tswap64(mcp->mc_gpregs.gp_sp);
-    regs->gpr[3] = tswap64(mcp->mc_gpregs.gp_gp);
-    regs->gpr[4] = tswap64(mcp->mc_gpregs.gp_tp);
-    regs->pc = tswap64(mcp->mc_gpregs.gp_sepc);
-
-    return 0;
-}
-
-/* Compare with sys_sigreturn() in riscv/riscv/machdep.c */
-abi_long get_ucontext_sigreturn(CPURISCVState *regs,
-                        abi_ulong target_sf, abi_ulong *target_uc)
-{
-
-    *target_uc = target_sf;
-    return 0;
-}
--- a/bsd-user/riscv/target.h
+++ b/bsd-user/riscv/target.h
@@ -1,20 +0,0 @@
-/*
- * Riscv64 general target stuff that's common to all aarch details
- *
- * Copyright (c) 2022 M. Warner Losh <imp@bsdimp.com>
- *
- * SPDX-License-Identifier: GPL-2.0-or-later
- */
-
-#ifndef TARGET_H
-#define TARGET_H
-
-/*
- * riscv64 ABI does not 'lump' the registers for 64-bit args.
- */
-static inline bool regpairs_aligned(void *cpu_env)
-{
-    return false;
-}
-
-#endif /* TARGET_H */
--- a/bsd-user/riscv/target_arch.h
+++ b/bsd-user/riscv/target_arch.h
@@ -1,27 +0,0 @@
-/*
- * RISC-V specific prototypes
- *
- * Copyright (c) 2019 Mark Corbin <mark.corbin@embecsom.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef TARGET_ARCH_H
-#define TARGET_ARCH_H
-
-#include "qemu.h"
-
-void target_cpu_set_tls(CPURISCVState *env, target_ulong newtls);
-
-#endif /* TARGET_ARCH_H */
--- a/bsd-user/riscv/target_arch_cpu.c
+++ b/bsd-user/riscv/target_arch_cpu.c
@@ -1,29 +0,0 @@
-/*
- *  RISC-V CPU related code
- *
- *  Copyright (c) 2019 Mark Corbin
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#include "qemu/osdep.h"
-
-#include "target_arch.h"
-
-#define TP_OFFSET       16
-
-/* Compare with cpu_set_user_tls() in riscv/riscv/vm_machdep.c */
-void target_cpu_set_tls(CPURISCVState *env, target_ulong newtls)
-{
-    env->gpr[xTP] = newtls + TP_OFFSET;
-}
--- a/bsd-user/riscv/target_arch_cpu.h
+++ b/bsd-user/riscv/target_arch_cpu.h
@@ -1,148 +0,0 @@
-/*
- *  RISC-V CPU init and loop
- *
- *  Copyright (c) 2019 Mark Corbin
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef TARGET_ARCH_CPU_H
-#define TARGET_ARCH_CPU_H
-
-#include "target_arch.h"
-#include "signal-common.h"
-
-#define TARGET_DEFAULT_CPU_MODEL "max"
-
-static inline void target_cpu_init(CPURISCVState *env,
-        struct target_pt_regs *regs)
-{
-    int i;
-
-    for (i = 1; i < 32; i++) {
-        env->gpr[i] = regs->regs[i];
-    }
-
-    env->pc = regs->sepc;
-}
-
-static inline void target_cpu_loop(CPURISCVState *env)
-{
-    CPUState *cs = env_cpu(env);
-    int trapnr;
-    abi_long ret;
-    unsigned int syscall_num;
-    int32_t signo, code;
-
-    for (;;) {
-        cpu_exec_start(cs);
-        trapnr = cpu_exec(cs);
-        cpu_exec_end(cs);
-        process_queued_cpu_work(cs);
-
-        signo = 0;
-
-        switch (trapnr) {
-        case EXCP_INTERRUPT:
-            /* just indicate that signals should be handled asap */
-            break;
-        case EXCP_ATOMIC:
-            cpu_exec_step_atomic(cs);
-            break;
-        case RISCV_EXCP_U_ECALL:
-            syscall_num = env->gpr[xT0];
-            env->pc += TARGET_INSN_SIZE;
-            /* Compare to cpu_fetch_syscall_args() in riscv/riscv/trap.c */
-            if (TARGET_FREEBSD_NR___syscall == syscall_num ||
-                TARGET_FREEBSD_NR_syscall == syscall_num) {
-                ret = do_freebsd_syscall(env,
-                                         env->gpr[xA0],
-                                         env->gpr[xA1],
-                                         env->gpr[xA2],
-                                         env->gpr[xA3],
-                                         env->gpr[xA4],
-                                         env->gpr[xA5],
-                                         env->gpr[xA6],
-                                         env->gpr[xA7],
-                                         0);
-            } else {
-                ret = do_freebsd_syscall(env,
-                                         syscall_num,
-                                         env->gpr[xA0],
-                                         env->gpr[xA1],
-                                         env->gpr[xA2],
-                                         env->gpr[xA3],
-                                         env->gpr[xA4],
-                                         env->gpr[xA5],
-                                         env->gpr[xA6],
-                                         env->gpr[xA7]
-                    );
-            }
-
-            /*
-             * Compare to cpu_set_syscall_retval() in
-             * riscv/riscv/vm_machdep.c
-             */
-            if (ret >= 0) {
-                env->gpr[xA0] = ret;
-                env->gpr[xT0] = 0;
-            } else if (ret == -TARGET_ERESTART) {
-                env->pc -= TARGET_INSN_SIZE;
-            } else if (ret != -TARGET_EJUSTRETURN) {
-                env->gpr[xA0] = -ret;
-                env->gpr[xT0] = 1;
-            }
-            break;
-        case RISCV_EXCP_ILLEGAL_INST:
-            signo = TARGET_SIGILL;
-            code = TARGET_ILL_ILLOPC;
-            break;
-        case RISCV_EXCP_BREAKPOINT:
-            signo = TARGET_SIGTRAP;
-            code = TARGET_TRAP_BRKPT;
-            break;
-        case EXCP_DEBUG:
-            signo = TARGET_SIGTRAP;
-            code = TARGET_TRAP_BRKPT;
-            break;
-        default:
-            fprintf(stderr, "qemu: unhandled CPU exception "
-                "0x%x - aborting\n", trapnr);
-            cpu_dump_state(cs, stderr, 0);
-            abort();
-        }
-
-        if (signo) {
-            force_sig_fault(signo, code, env->pc);
-        }
-
-        process_pending_signals(env);
-    }
-}
-
-static inline void target_cpu_clone_regs(CPURISCVState *env, target_ulong newsp)
-{
-    if (newsp) {
-        env->gpr[xSP] = newsp;
-    }
-
-    env->gpr[xA0] = 0;
-    env->gpr[xT0] = 0;
-}
-
-static inline void target_cpu_reset(CPUArchState *env)
-{
-}
-
-#endif /* TARGET_ARCH_CPU_H */
--- a/bsd-user/riscv/target_arch_elf.h
+++ b/bsd-user/riscv/target_arch_elf.h
@@ -1,42 +0,0 @@
-/*
- *  RISC-V ELF definitions
- *
- *  Copyright (c) 2019 Mark Corbin
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef TARGET_ARCH_ELF_H
-#define TARGET_ARCH_ELF_H
-
-#define elf_check_arch(x) ((x) == EM_RISCV)
-#define ELF_START_MMAP 0x80000000
-#define ELF_ET_DYN_LOAD_ADDR    0x100000
-#define ELF_CLASS   ELFCLASS64
-
-#define ELF_DATA    ELFDATA2LSB
-#define ELF_ARCH    EM_RISCV
-
-#define ELF_HWCAP get_elf_hwcap()
-static uint32_t get_elf_hwcap(void)
-{
-    RISCVCPU *cpu = RISCV_CPU(thread_cpu);
-
-    return cpu->env.misa_ext_mask;
-}
-
-#define USE_ELF_CORE_DUMP
-#define ELF_EXEC_PAGESIZE        4096
-
-#endif /* TARGET_ARCH_ELF_H */
--- a/bsd-user/riscv/target_arch_reg.h
+++ b/bsd-user/riscv/target_arch_reg.h
@@ -1,88 +0,0 @@
-/*
- *  RISC-V register structures
- *
- *  Copyright (c) 2019 Mark Corbin
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef TARGET_ARCH_REG_H
-#define TARGET_ARCH_REG_H
-
-/* Compare with riscv/include/reg.h */
-typedef struct target_reg {
-    uint64_t ra;            /* return address */
-    uint64_t sp;            /* stack pointer */
-    uint64_t gp;            /* global pointer */
-    uint64_t tp;            /* thread pointer */
-    uint64_t t[7];          /* temporaries */
-    uint64_t s[12];         /* saved registers */
-    uint64_t a[8];          /* function arguments */
-    uint64_t sepc;          /* exception program counter */
-    uint64_t sstatus;       /* status register */
-} target_reg_t;
-
-typedef struct target_fpreg {
-    uint64_t        fp_x[32][2];    /* Floating point registers */
-    uint64_t        fp_fcsr;        /* Floating point control reg */
-} target_fpreg_t;
-
-#define tswapreg(ptr)   tswapal(ptr)
-
-/* Compare with struct trapframe in riscv/include/frame.h */
-static inline void target_copy_regs(target_reg_t *regs,
-                                    const CPURISCVState *env)
-{
-
-    regs->ra = tswapreg(env->gpr[1]);
-    regs->sp = tswapreg(env->gpr[2]);
-    regs->gp = tswapreg(env->gpr[3]);
-    regs->tp = tswapreg(env->gpr[4]);
-
-    regs->t[0] = tswapreg(env->gpr[5]);
-    regs->t[1] = tswapreg(env->gpr[6]);
-    regs->t[2] = tswapreg(env->gpr[7]);
-    regs->t[3] = tswapreg(env->gpr[28]);
-    regs->t[4] = tswapreg(env->gpr[29]);
-    regs->t[5] = tswapreg(env->gpr[30]);
-    regs->t[6] = tswapreg(env->gpr[31]);
-
-    regs->s[0] = tswapreg(env->gpr[8]);
-    regs->s[1] = tswapreg(env->gpr[9]);
-    regs->s[2] = tswapreg(env->gpr[18]);
-    regs->s[3] = tswapreg(env->gpr[19]);
-    regs->s[4] = tswapreg(env->gpr[20]);
-    regs->s[5] = tswapreg(env->gpr[21]);
-    regs->s[6] = tswapreg(env->gpr[22]);
-    regs->s[7] = tswapreg(env->gpr[23]);
-    regs->s[8] = tswapreg(env->gpr[24]);
-    regs->s[9] = tswapreg(env->gpr[25]);
-    regs->s[10] = tswapreg(env->gpr[26]);
-    regs->s[11] = tswapreg(env->gpr[27]);
-
-    regs->a[0] = tswapreg(env->gpr[10]);
-    regs->a[1] = tswapreg(env->gpr[11]);
-    regs->a[2] = tswapreg(env->gpr[12]);
-    regs->a[3] = tswapreg(env->gpr[13]);
-    regs->a[4] = tswapreg(env->gpr[14]);
-    regs->a[5] = tswapreg(env->gpr[15]);
-    regs->a[6] = tswapreg(env->gpr[16]);
-    regs->a[7] = tswapreg(env->gpr[17]);
-
-    regs->sepc = tswapreg(env->pc);
-}
-
-#undef tswapreg
-
-#endif /* TARGET_ARCH_REG_H */
--- a/bsd-user/riscv/target_arch_signal.h
+++ b/bsd-user/riscv/target_arch_signal.h
@@ -1,75 +0,0 @@
-/*
- *  RISC-V signal definitions
- *
- *  Copyright (c) 2019 Mark Corbin
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef TARGET_ARCH_SIGNAL_H
-#define TARGET_ARCH_SIGNAL_H
-
-#include "cpu.h"
-
-
-#define TARGET_INSN_SIZE     4  /* riscv instruction size */
-
-/* Size of the signal trampoline code placed on the stack. */
-#define TARGET_SZSIGCODE    ((abi_ulong)(7 * TARGET_INSN_SIZE))
-
-/* Compare with riscv/include/_limits.h */
-#define TARGET_MINSIGSTKSZ  (1024 * 4)
-#define TARGET_SIGSTKSZ     (TARGET_MINSIGSTKSZ + 32768)
-
-struct target_gpregs {
-    uint64_t    gp_ra;
-    uint64_t    gp_sp;
-    uint64_t    gp_gp;
-    uint64_t    gp_tp;
-    uint64_t    gp_t[7];
-    uint64_t    gp_s[12];
-    uint64_t    gp_a[8];
-    uint64_t    gp_sepc;
-    uint64_t    gp_sstatus;
-};
-
-struct target_fpregs {
-    uint64_t        fp_x[32][2];
-    uint64_t        fp_fcsr;
-    uint32_t        fp_flags;
-    uint32_t        pad;
-};
-
-typedef struct target_mcontext {
-    struct target_gpregs   mc_gpregs;
-    struct target_fpregs   mc_fpregs;
-    uint32_t               mc_flags;
-#define TARGET_MC_FP_VALID 0x01
-    uint32_t               mc_pad;
-    uint64_t               mc_spare[8];
-} target_mcontext_t;
-
-#define TARGET_MCONTEXT_SIZE 864
-#define TARGET_UCONTEXT_SIZE 936
-
-#include "target_os_ucontext.h"
-
-struct target_sigframe {
-    target_ucontext_t   sf_uc; /* = *sf_uncontext */
-    target_siginfo_t    sf_si; /* = *sf_siginfo (SA_SIGINFO case)*/
-};
-
-#define TARGET_SIGSTACK_ALIGN 16
-
-#endif /* TARGET_ARCH_SIGNAL_H */
--- a/bsd-user/riscv/target_arch_sigtramp.h
+++ b/bsd-user/riscv/target_arch_sigtramp.h
@@ -1,41 +0,0 @@
-/*
- * RISC-V sigcode
- *
- * Copyright (c) 2019 Mark Corbin
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef TARGET_ARCH_SIGTRAMP_H
-#define TARGET_ARCH_SIGTRAMP_H
-
-/* Compare with sigcode() in riscv/riscv/locore.S */
-static inline abi_long setup_sigtramp(abi_ulong offset, unsigned sigf_uc,
-        unsigned sys_sigreturn)
-{
-    uint32_t sys_exit = TARGET_FREEBSD_NR_exit;
-
-    uint32_t sigtramp_code[] = {
-    /*1*/ const_le32(0x00010513),                        /*mv a0, sp*/
-    /*2*/ const_le32(0x00050513 + (sigf_uc << 20)),      /*addi a0,a0,sigf_uc*/
-    /*3*/ const_le32(0x00000293 + (sys_sigreturn << 20)),/*li t0,sys_sigreturn*/
-    /*4*/ const_le32(0x00000073),                        /*ecall*/
-    /*5*/ const_le32(0x00000293 + (sys_exit << 20)),     /*li t0,sys_exit*/
-    /*6*/ const_le32(0x00000073),                        /*ecall*/
-    /*7*/ const_le32(0xFF1FF06F)                         /*b -16*/
-    };
-
-    return memcpy_to_target(offset, sigtramp_code, TARGET_SZSIGCODE);
-}
-#endif /* TARGET_ARCH_SIGTRAMP_H */
--- a/bsd-user/riscv/target_arch_sysarch.h
+++ b/bsd-user/riscv/target_arch_sysarch.h
@@ -1,41 +0,0 @@
-/*
- *  RISC-V sysarch() system call emulation
- *
- *  Copyright (c) 2019 Mark Corbin
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef TARGET_ARCH_SYSARCH_H
-#define TARGET_ARCH_SYSARCH_H
-
-#include "target_syscall.h"
-#include "target_arch.h"
-
-static inline abi_long do_freebsd_arch_sysarch(CPURISCVState *env, int op,
-        abi_ulong parms)
-{
-
-    return -TARGET_EOPNOTSUPP;
-}
-
-static inline void do_freebsd_arch_print_sysarch(
-        const struct syscallname *name, abi_long arg1, abi_long arg2,
-        abi_long arg3, abi_long arg4, abi_long arg5, abi_long arg6)
-{
-
-    gemu_log("UNKNOWN OP: %d, " TARGET_ABI_FMT_lx ")", (int)arg1, arg2);
-}
-
-#endif /* TARGET_ARCH_SYSARCH_H */
--- a/bsd-user/riscv/target_arch_thread.h
+++ b/bsd-user/riscv/target_arch_thread.h
@@ -1,47 +0,0 @@
-/*
- *  RISC-V thread support
- *
- *  Copyright (c) 2019 Mark Corbin
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef TARGET_ARCH_THREAD_H
-#define TARGET_ARCH_THREAD_H
-
-/* Compare with cpu_set_upcall() in riscv/riscv/vm_machdep.c */
-static inline void target_thread_set_upcall(CPURISCVState *regs,
-    abi_ulong entry, abi_ulong arg, abi_ulong stack_base,
-    abi_ulong stack_size)
-{
-    abi_ulong sp;
-
-    sp = ROUND_DOWN(stack_base + stack_size, 16);
-
-    regs->gpr[xSP] = sp;
-    regs->pc = entry;
-    regs->gpr[xA0] = arg;
-}
-
-/* Compare with exec_setregs() in riscv/riscv/machdep.c */
-static inline void target_thread_init(struct target_pt_regs *regs,
-    struct image_info *infop)
-{
-    regs->sepc = infop->entry;
-    regs->regs[xRA] = infop->entry;
-    regs->regs[xA0] = infop->start_stack;
-    regs->regs[xSP] = ROUND_DOWN(infop->start_stack, 16);
-}
-
-#endif /* TARGET_ARCH_THREAD_H */
--- a/bsd-user/riscv/target_arch_vmparam.h
+++ b/bsd-user/riscv/target_arch_vmparam.h
@@ -1,53 +0,0 @@
-/*
- *  RISC-V VM parameters definitions
- *
- *  Copyright (c) 2019 Mark Corbin
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef TARGET_ARCH_VMPARAM_H
-#define TARGET_ARCH_VMPARAM_H
-
-#include "cpu.h"
-
-/* Compare with riscv/include/vmparam.h */
-#define TARGET_MAXTSIZ      (1 * GiB)           /* max text size */
-#define TARGET_DFLDSIZ      (128 * MiB)         /* initial data size limit */
-#define TARGET_MAXDSIZ      (1 * GiB)           /* max data size */
-#define TARGET_DFLSSIZ      (128 * MiB)         /* initial stack size limit */
-#define TARGET_MAXSSIZ      (1 * GiB)           /* max stack size */
-#define TARGET_SGROWSIZ     (128 * KiB)         /* amount to grow stack */
-
-#define TARGET_VM_MINUSER_ADDRESS   (0x0000000000000000UL)
-#define TARGET_VM_MAXUSER_ADDRESS   (0x0000004000000000UL)
-
-#define TARGET_USRSTACK (TARGET_VM_MAXUSER_ADDRESS - TARGET_PAGE_SIZE)
-
-static inline abi_ulong get_sp_from_cpustate(CPURISCVState *state)
-{
-    return state->gpr[xSP];
-}
-
-static inline void set_second_rval(CPURISCVState *state, abi_ulong retval2)
-{
-    state->gpr[xA1] = retval2;
-}
-
-static inline abi_ulong get_second_rval(CPURISCVState *state)
-{
-    return state->gpr[xA1];
-}
-
-#endif /* TARGET_ARCH_VMPARAM_H */
--- a/bsd-user/riscv/target_syscall.h
+++ b/bsd-user/riscv/target_syscall.h
@@ -1,38 +0,0 @@
-/*
- *  RISC-V system call definitions
- *
- *  Copyright (c) Mark Corbin
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef BSD_USER_RISCV_TARGET_SYSCALL_H
-#define BSD_USER_RISCV_TARGET_SYSCALL_H
-
-/*
- * struct target_pt_regs defines the way the registers are stored on the stack
- * during a system call.
- */
-
-struct target_pt_regs {
-    abi_ulong regs[32];
-    abi_ulong sepc;
-};
-
-#define UNAME_MACHINE "riscv64"
-
-#define TARGET_HW_MACHINE       "riscv"
-#define TARGET_HW_MACHINE_ARCH  UNAME_MACHINE
-
-#endif /* BSD_USER_RISCV_TARGET_SYSCALL_H */
--- a/bsd-user/x86_64/target_arch_thread.h
+++ b/bsd-user/x86_64/target_arch_thread.h
@@ -31,7 +31,7 @@ static inline void target_thread_init(struct target_pt_regs *regs,
    struct image_info *infop)
 {
    regs->rax = 0;
-    regs->rsp = ((infop->start_stack - 8) & ~0xfUL) + 8;
+    regs->rsp = infop->start_stack;
    regs->rip = infop->entry;
    regs->rdi = infop->start_stack;
 }
--- a/chardev/char-fe.c
+++ b/chardev/char-fe.c
@@ -192,15 +192,22 @@ bool qemu_chr_fe_backend_open(CharBackend *be)

 bool qemu_chr_fe_init(CharBackend *b, Chardev *s, Error **errp)
 {
-    unsigned int tag = 0;
+    int tag = 0;

    if (s) {
        if (CHARDEV_IS_MUX(s)) {
            MuxChardev *d = MUX_CHARDEV(s);

-            if (!mux_chr_attach_frontend(d, b, &tag, errp)) {
+            if (d->mux_cnt >= MAX_MUX) {
+                error_setg(errp,
+                           "too many uses of multiplexed chardev '%s'"
+                           " (maximum is " stringify(MAX_MUX) ")",
+                           s->label);
                return false;
            }
+
+            d->backends[d->mux_cnt] = b;
+            tag = d->mux_cnt++;
        } else if (s->be) {
            error_setg(errp, "chardev '%s' is already in use", s->label);
            return false;
@@ -226,7 +233,7 @@ void qemu_chr_fe_deinit(CharBackend *b, bool del)
        }
        if (CHARDEV_IS_MUX(b->chr)) {
            MuxChardev *d = MUX_CHARDEV(b->chr);
-            mux_chr_detach_frontend(d, b->tag);
+            d->backends[b->tag] = NULL;
        }
        if (del) {
            Object *obj = OBJECT(b->chr);
--- a/chardev/char-mux.c
+++ b/chardev/char-mux.c
@@ -27,7 +27,6 @@
 #include "qapi/error.h"
 #include "qemu/module.h"
 #include "qemu/option.h"
-#include "qemu/bitops.h"
 #include "chardev/char.h"
 #include "sysemu/block-backend.h"
 #include "qapi/qapi-commands-control.h"
@@ -75,11 +74,11 @@ static int mux_chr_write(Chardev *chr, const uint8_t *buf, int len)
                 * qemu_chr_fe_write and background I/O callbacks */
                qemu_chr_fe_write_all(&d->chr,
                                      (uint8_t *)buf1, strlen(buf1));
-                d->linestart = false;
+                d->linestart = 0;
            }
            ret += qemu_chr_fe_write(&d->chr, buf + i, 1);
            if (buf[i] == '\n') {
-                d->linestart = true;
+                d->linestart = 1;
            }
        }
    }
@@ -126,8 +125,7 @@ static void mux_print_help(Chardev *chr)
    }
 }

-static void mux_chr_send_event(MuxChardev *d, unsigned int mux_nr,
-                               QEMUChrEvent event)
+static void mux_chr_send_event(MuxChardev *d, int mux_nr, QEMUChrEvent event)
 {
    CharBackend *be = d->backends[mux_nr];

@@ -148,7 +146,7 @@ static void mux_chr_be_event(Chardev *chr, QEMUChrEvent event)
 static int mux_proc_byte(Chardev *chr, MuxChardev *d, int ch)
 {
    if (d->term_got_escape) {
-        d->term_got_escape = false;
+        d->term_got_escape = 0;
        if (ch == term_escape_char) {
            goto send_char;
        }
@@ -170,26 +168,19 @@ static int mux_proc_byte(Chardev *chr, MuxChardev *d, int ch)
        case 'b':
            qemu_chr_be_event(chr, CHR_EVENT_BREAK);
            break;
-        case 'c': {
-            unsigned int bit;
-
-            /* Handler registered with first fe */
-            assert(d->mux_bitset != 0);
+        case 'c':
+            assert(d->mux_cnt > 0); /* handler registered with first fe */
            /* Switch to the next registered device */
-            bit = find_next_bit(&d->mux_bitset, MAX_MUX, d->focus + 1);
-            if (bit >= MAX_MUX) {
-                bit = find_next_bit(&d->mux_bitset, MAX_MUX, 0);
-            }
-            mux_set_focus(chr, bit);
+            mux_set_focus(chr, (d->focus + 1) % d->mux_cnt);
            break;
-        } case 't':
+        case 't':
            d->timestamps = !d->timestamps;
            d->timestamps_start = -1;
-            d->linestart = false;
+            d->linestart = 0;
            break;
        }
    } else if (ch == term_escape_char) {
-        d->term_got_escape = true;
+        d->term_got_escape = 1;
    } else {
    send_char:
        return 1;
@@ -263,16 +254,15 @@ static void mux_chr_read(void *opaque, const uint8_t *buf, int size)
 void mux_chr_send_all_event(Chardev *chr, QEMUChrEvent event)
 {
    MuxChardev *d = MUX_CHARDEV(chr);
-    int bit;
+    int i;

    if (!muxes_opened) {
        return;
    }

    /* Send the event to all registered listeners */
-    bit = -1;
-    while ((bit = find_next_bit(&d->mux_bitset, MAX_MUX, bit + 1)) < MAX_MUX) {
-        mux_chr_send_event(d, bit, event);
+    for (i = 0; i < d->mux_cnt; i++) {
+        mux_chr_send_event(d, i, event);
    }
 }

@@ -297,15 +287,14 @@ static GSource *mux_chr_add_watch(Chardev *s, GIOCondition cond)
 static void char_mux_finalize(Object *obj)
 {
    MuxChardev *d = MUX_CHARDEV(obj);
-    int bit;
+    int i;

-    bit = -1;
-    while ((bit = find_next_bit(&d->mux_bitset, MAX_MUX, bit + 1)) < MAX_MUX) {
-        CharBackend *be = d->backends[bit];
-        be->chr = NULL;
-        d->backends[bit] = NULL;
+    for (i = 0; i < d->mux_cnt; i++) {
+        CharBackend *be = d->backends[i];
+        if (be) {
+            be->chr = NULL;
+        }
    }
-    d->mux_bitset = 0;
    qemu_chr_fe_deinit(&d->chr, false);
 }

@@ -323,46 +312,12 @@ static void mux_chr_update_read_handlers(Chardev *chr)
                                  chr->gcontext, true, false);
 }

-bool mux_chr_attach_frontend(MuxChardev *d, CharBackend *b,
-                             unsigned int *tag, Error **errp)
-{
-    unsigned int bit;
-
-    QEMU_BUILD_BUG_ON(MAX_MUX > (sizeof(d->mux_bitset) * BITS_PER_BYTE));
-
-    bit = find_next_zero_bit(&d->mux_bitset, MAX_MUX, 0);
-    if (bit >= MAX_MUX) {
-        error_setg(errp,
-                   "too many uses of multiplexed chardev '%s'"
-                   " (maximum is " stringify(MAX_MUX) ")",
-                   d->parent.label);
-        return false;
-    }
-
-    d->mux_bitset |= (1ul << bit);
-    d->backends[bit] = b;
-    *tag = bit;
-
-    return true;
-}
-
-bool mux_chr_detach_frontend(MuxChardev *d, unsigned int tag)
-{
-    if (!(d->mux_bitset & (1ul << tag))) {
-        return false;
-    }
-
-    d->mux_bitset &= ~(1ul << tag);
-    d->backends[tag] = NULL;
-
-    return true;
-}
-
-void mux_set_focus(Chardev *chr, unsigned int focus)
+void mux_set_focus(Chardev *chr, int focus)
 {
    MuxChardev *d = MUX_CHARDEV(chr);

-    assert(d->mux_bitset & (1ul << focus));
+    assert(focus >= 0);
+    assert(focus < d->mux_cnt);

    if (d->focus != -1) {
        mux_chr_send_event(d, d->focus, CHR_EVENT_MUX_OUT);
--- a/chardev/char-pty.c
+++ b/chardev/char-pty.c
@@ -29,7 +29,6 @@
 #include "qemu/sockets.h"
 #include "qemu/error-report.h"
 #include "qemu/module.h"
-#include "qemu/option.h"
 #include "qemu/qemu-print.h"

 #include "chardev/char-io.h"
@@ -42,7 +41,6 @@ struct PtyChardev {

    int connected;
    GSource *timer_src;
-    char *path;
 };
 typedef struct PtyChardev PtyChardev;

@@ -206,12 +204,6 @@ static void char_pty_finalize(Object *obj)
    Chardev *chr = CHARDEV(obj);
    PtyChardev *s = PTY_CHARDEV(obj);

-    /* unlink symlink */
-    if (s->path) {
-        unlink(s->path);
-        g_free(s->path);
-    }
-
    pty_chr_state(chr, 0);
    object_unref(OBJECT(s->ioc));
    pty_chr_timer_cancel(s);
@@ -338,7 +330,6 @@ static void char_pty_open(Chardev *chr,
    int master_fd, slave_fd;
    char pty_name[PATH_MAX];
    char *name;
-    char *path = backend->u.pty.data->path;

    master_fd = qemu_openpty_raw(&slave_fd, pty_name);
    if (master_fd < 0) {
@@ -363,36 +354,12 @@ static void char_pty_open(Chardev *chr,
    g_free(name);
    s->timer_src = NULL;
    *be_opened = false;
-
-    /* create symbolic link */
-    if (path) {
-        int res = symlink(pty_name, path);
-
-        if (res != 0) {
-            error_setg_errno(errp, errno, "Failed to create PTY symlink");
-        } else {
-            s->path = g_strdup(path);
-        }
-    }
-}
-
-static void char_pty_parse(QemuOpts *opts, ChardevBackend *backend,
-                           Error **errp)
-{
-    const char *path = qemu_opt_get(opts, "path");
-    ChardevPty *pty;
-
-    backend->type = CHARDEV_BACKEND_KIND_PTY;
-    pty = backend->u.pty.data = g_new0(ChardevPty, 1);
-    qemu_chr_parse_common(opts, qapi_ChardevPty_base(pty));
-    pty->path = g_strdup(path);
 }

 static void char_pty_class_init(ObjectClass *oc, void *data)
 {
    ChardevClass *cc = CHARDEV_CLASS(oc);

-    cc->parse = char_pty_parse;
    cc->open = char_pty_open;
    cc->chr_write = char_pty_chr_write;
    cc->chr_update_read_handler = pty_chr_update_read_handler;
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -74,7 +74,7 @@ static void qemu_chr_socket_restart_timer(Chardev *chr)
    assert(!s->reconnect_timer);
    name = g_strdup_printf("chardev-socket-reconnect-%s", chr->label);
    s->reconnect_timer = qemu_chr_timeout_add_ms(chr,
-                                                 s->reconnect_time_ms,
+                                                 s->reconnect_time * 1000,
                                                 socket_reconnect_timeout,
                                                 chr);
    g_source_set_name(s->reconnect_timer, name);
@@ -481,7 +481,7 @@ static void tcp_chr_disconnect_locked(Chardev *chr)
    if (emit_close) {
        qemu_chr_be_event(chr, CHR_EVENT_CLOSED);
    }
-    if (s->reconnect_time_ms && !s->reconnect_timer) {
+    if (s->reconnect_time && !s->reconnect_timer) {
        qemu_chr_socket_restart_timer(chr);
    }
 }
@@ -1080,9 +1080,9 @@ static int tcp_chr_wait_connected(Chardev *chr, Error **errp)
        } else {
            Error *err = NULL;
            if (tcp_chr_connect_client_sync(chr, &err) < 0) {
-                if (s->reconnect_time_ms) {
+                if (s->reconnect_time) {
                    error_free(err);
-                    g_usleep(s->reconnect_time_ms * 1000ULL);
+                    g_usleep(s->reconnect_time * 1000ULL * 1000ULL);
                } else {
                    error_propagate(errp, err);
                    return -1;
@@ -1267,13 +1267,13 @@ skip_listen:


 static int qmp_chardev_open_socket_client(Chardev *chr,
-                                          int64_t reconnect_ms,
+                                          int64_t reconnect,
                                          Error **errp)
 {
    SocketChardev *s = SOCKET_CHARDEV(chr);

-    if (reconnect_ms > 0) {
-        s->reconnect_time_ms = reconnect_ms;
+    if (reconnect > 0) {
+        s->reconnect_time = reconnect;
        tcp_chr_connect_client_async(chr);
        return 0;
    } else {
@@ -1354,12 +1354,6 @@ static bool qmp_chardev_validate_socket(ChardevSocket *sock,
        }
    }

-    if (sock->has_reconnect_ms && sock->has_reconnect) {
-        error_setg(errp,
-            "'reconnect' and 'reconnect-ms' are mutually exclusive");
-        return false;
-    }
-
    return true;
 }

@@ -1377,7 +1371,7 @@ static void qmp_chardev_open_socket(Chardev *chr,
    bool is_tn3270      = sock->has_tn3270  ? sock->tn3270  : false;
    bool is_waitconnect = sock->has_wait    ? sock->wait    : false;
    bool is_websock     = sock->has_websocket ? sock->websocket : false;
-    int64_t reconnect_ms = 0;
+    int64_t reconnect   = sock->has_reconnect ? sock->reconnect : 0;
    SocketAddress *addr;

    s->is_listen = is_listen;
@@ -1449,13 +1443,7 @@ static void qmp_chardev_open_socket(Chardev *chr,
            return;
        }
    } else {
-        if (sock->has_reconnect) {
-            reconnect_ms = sock->reconnect * 1000ULL;
-        } else if (sock->has_reconnect_ms) {
-            reconnect_ms = sock->reconnect_ms;
-        }
-
-        if (qmp_chardev_open_socket_client(chr, reconnect_ms, errp) < 0) {
+        if (qmp_chardev_open_socket_client(chr, reconnect, errp) < 0) {
            return;
        }
    }
@@ -1521,9 +1509,6 @@ static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
    sock->wait = qemu_opt_get_bool(opts, "wait", true);
    sock->has_reconnect = qemu_opt_find(opts, "reconnect");
    sock->reconnect = qemu_opt_get_number(opts, "reconnect", 0);
-    sock->has_reconnect_ms = qemu_opt_find(opts, "reconnect-ms");
-    sock->reconnect_ms = qemu_opt_get_number(opts, "reconnect-ms", 0);
-
    sock->tls_creds = g_strdup(qemu_opt_get(opts, "tls-creds"));
    sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz"));

--- a/chardev/char.c
+++ b/chardev/char.c
@@ -334,7 +334,7 @@ static bool qemu_chr_is_busy(Chardev *s)
 {
    if (CHARDEV_IS_MUX(s)) {
        MuxChardev *d = MUX_CHARDEV(s);
-        return d->mux_bitset != 0;
+        return d->mux_cnt >= 0;
    } else {
        return s->be != NULL;
    }
@@ -429,11 +429,6 @@ QemuOpts *qemu_chr_parse_compat(const char *label, const char *filename,
        qemu_opt_set(opts, "path", p, &error_abort);
        return opts;
    }
-    if (strstart(filename, "pty:", &p)) {
-        qemu_opt_set(opts, "backend", "pty", &error_abort);
-        qemu_opt_set(opts, "path", p, &error_abort);
-        return opts;
-    }
    if (strstart(filename, "tcp:", &p) ||
        strstart(filename, "telnet:", &p) ||
        strstart(filename, "tn3270:", &p) ||
@@ -634,8 +629,8 @@ static void qemu_chardev_set_replay(Chardev *chr, Error **errp)
    }
 }

-static Chardev *do_qemu_chr_new_from_opts(QemuOpts *opts, GMainContext *context,
-                                          bool replay, Error **errp)
+static Chardev *__qemu_chr_new_from_opts(QemuOpts *opts, GMainContext *context,
+                                         bool replay, Error **errp)
 {
    const ChardevClass *cc;
    Chardev *base = NULL, *chr = NULL;
@@ -713,12 +708,12 @@ Chardev *qemu_chr_new_from_opts(QemuOpts *opts, GMainContext *context,
                                Error **errp)
 {
    /* XXX: should this really not record/replay? */
-    return do_qemu_chr_new_from_opts(opts, context, false, errp);
+    return __qemu_chr_new_from_opts(opts, context, false, errp);
 }

-static Chardev *qemu_chr_new_from_name(const char *label, const char *filename,
-                                       bool permit_mux_mon,
-                                       GMainContext *context, bool replay)
+static Chardev *__qemu_chr_new(const char *label, const char *filename,
+                               bool permit_mux_mon, GMainContext *context,
+                               bool replay)
 {
    const char *p;
    Chardev *chr;
@@ -727,7 +722,7 @@ static Chardev *qemu_chr_new_from_name(const char *label, const char *filename,

    if (strstart(filename, "chardev:", &p)) {
        chr = qemu_chr_find(p);
-        if (replay && chr) {
+        if (replay) {
            qemu_chardev_set_replay(chr, &err);
            if (err) {
                error_report_err(err);
@@ -741,7 +736,7 @@ static Chardev *qemu_chr_new_from_name(const char *label, const char *filename,
    if (!opts)
        return NULL;

-    chr = do_qemu_chr_new_from_opts(opts, context, replay, &err);
+    chr = __qemu_chr_new_from_opts(opts, context, replay, &err);
    if (!chr) {
        error_report_err(err);
        goto out;
@@ -766,8 +761,7 @@ out:
 Chardev *qemu_chr_new_noreplay(const char *label, const char *filename,
                               bool permit_mux_mon, GMainContext *context)
 {
-    return qemu_chr_new_from_name(label, filename, permit_mux_mon, context,
-                                  false);
+    return __qemu_chr_new(label, filename, permit_mux_mon, context, false);
 }

 static Chardev *qemu_chr_new_permit_mux_mon(const char *label,
@@ -775,8 +769,7 @@ static Chardev *qemu_chr_new_permit_mux_mon(const char *label,
                                          bool permit_mux_mon,
                                          GMainContext *context)
 {
-    return qemu_chr_new_from_name(label, filename, permit_mux_mon, context,
-                                  true);
+    return __qemu_chr_new(label, filename, permit_mux_mon, context, true);
 }

 Chardev *qemu_chr_new(const char *label, const char *filename,
@@ -896,9 +889,6 @@ QemuOptsList qemu_chardev_opts = {
        },{
            .name = "reconnect",
            .type = QEMU_OPT_NUMBER,
-        },{
-            .name = "reconnect-ms",
-            .type = QEMU_OPT_NUMBER,
        },{
            .name = "telnet",
            .type = QEMU_OPT_BOOL,
--- a/chardev/chardev-internal.h
+++ b/chardev/chardev-internal.h
@@ -37,22 +37,23 @@ struct MuxChardev {
    Chardev parent;
    CharBackend *backends[MAX_MUX];
    CharBackend chr;
-    unsigned long mux_bitset;
 #if defined(TARGET_S390X)
    QEMUTimer *accept_timer;
 #endif
    int focus;
-    bool term_got_escape;
+    int mux_cnt;
+    int term_got_escape;
+    int max_size;
    /* Intermediate input buffer catches escape sequences even if the
       currently active device is not accepting any input - but only until it
       is full as well. */
    unsigned char buffer[MAX_MUX][MUX_BUFFER_SIZE];
-    unsigned int prod[MAX_MUX];
-    unsigned int cons[MAX_MUX];
+    int prod[MAX_MUX];
+    int cons[MAX_MUX];
    int timestamps;

    /* Protected by the Chardev chr_write_lock.  */
-    bool linestart;
+    int linestart;
    int64_t timestamps_start;
 };
 typedef struct MuxChardev MuxChardev;
@@ -62,10 +63,7 @@ DECLARE_INSTANCE_CHECKER(MuxChardev, MUX_CHARDEV,
 #define CHARDEV_IS_MUX(chr)                             \
    object_dynamic_cast(OBJECT(chr), TYPE_CHARDEV_MUX)

-bool mux_chr_attach_frontend(MuxChardev *d, CharBackend *b,
-                             unsigned int *tag, Error **errp);
-bool mux_chr_detach_frontend(MuxChardev *d, unsigned int tag);
-void mux_set_focus(Chardev *chr, unsigned int focus);
+void mux_set_focus(Chardev *chr, int focus);
 void mux_chr_send_all_event(Chardev *chr, QEMUChrEvent event);

 Object *get_chardevs_root(void);
--- a/configs/devices/arm-softmmu/default.mak
+++ b/configs/devices/arm-softmmu/default.mak
@@ -18,7 +18,9 @@
 # CONFIG_MUSICPAL=n
 # CONFIG_MPS3R=n
 # CONFIG_MUSCA=n
+# CONFIG_CHEETAH=n
 # CONFIG_SX1=n
+# CONFIG_NSERIES=n
 # CONFIG_STELLARIS=n
 # CONFIG_STM32VLDISCOVERY=n
 # CONFIG_B_L475E_IOT01A=n
@@ -26,6 +28,11 @@
 # CONFIG_VERSATILE=n
 # CONFIG_VEXPRESS=n
 # CONFIG_ZYNQ=n
+# CONFIG_MAINSTONE=n
+# CONFIG_GUMSTIX=n
+# CONFIG_SPITZ=n
+# CONFIG_TOSA=n
+# CONFIG_Z2=n
 # CONFIG_NPCM7XX=n
 # CONFIG_COLLIE=n
 # CONFIG_ASPEED_SOC=n
--- a/configs/devices/cris-softmmu/default.mak
+++ b/configs/devices/cris-softmmu/default.mak
@@ -0,0 +1,4 @@
+# Default configuration for cris-softmmu
+
+# Boards are selected by default, uncomment to keep out of the build.
+# CONFIG_AXIS=n
--- a/configs/devices/i386-softmmu/default.mak
+++ b/configs/devices/i386-softmmu/default.mak
@@ -29,4 +29,3 @@
 # CONFIG_I440FX=n
 # CONFIG_Q35=n
 # CONFIG_MICROVM=n
-# CONFIG_NITRO_ENCLAVE=n
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .2.3
 .1.1