Re: [PULL 10/10] hw/loongarch/virt: Fix FDT memory node address width

[Michael Tokarev]

23.05.2024 04:46, Song Gao wrote:

From: Jiaxun Yang 

Higher bits for memory nodes were omitted at qemu_fdt_setprop_cells.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Jiaxun Yang 
Reviewed-by: Song Gao 
Message-Id: <20240520-loongarch-fdt-memnode-v1-1-5ea9be939...@flygoat.com>
Signed-off-by: Song Gao 
---
  hw/loongarch/virt.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
index e3bdf085b5..3e6e93edf3 100644
--- a/hw/loongarch/virt.c
+++ b/hw/loongarch/virt.c
@@ -464,7 +464,8 @@ static void fdt_add_memory_node(MachineState *ms,
  char *nodename = g_strdup_printf("/memory@%" PRIx64, base);
  
  qemu_fdt_add_subnode(ms->fdt, nodename);

-qemu_fdt_setprop_cells(ms->fdt, nodename, "reg", 0, base, 0, size);
+qemu_fdt_setprop_cells(ms->fdt, nodename, "reg", base >> 32, base,
+   size >> 32, size);
  qemu_fdt_setprop_string(ms->fdt, nodename, "device_type", "memory");
  
  if (ms->numa_state && ms->numa_state->num_nodes) {


This commit changes exactly the same place as the previous commit,
v9.0.0-274-gb11f981452, "hw/loongarch: Fix fdt memory node wrong 'reg'".

Was it the wrong fix?

Note the previous commit isn't in any released version of qemu.  So
when picking up for any stable release, both needs to be picked up :)

Thanks,

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PULL 01/10] target/loongarch/kvm: Fix VM recovery from disk failures

[Michael Tokarev]

23.05.2024 04:46, Song Gao wrote:

vmstate does not save kvm_state_conter,
which can cause VM recovery from disk to fail.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Song Gao 
Acked-by: Peter Xu 
Message-Id: <20240508024732.3127792-1-gaos...@loongson.cn>
---
  target/loongarch/machine.c | 6 --
  1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/target/loongarch/machine.c b/target/loongarch/machine.c
index 9cd9e848d6..08a7fa5370 100644
--- a/target/loongarch/machine.c
+++ b/target/loongarch/machine.c
@@ -145,8 +145,8 @@ static const VMStateDescription vmstate_tlb = {
  /* LoongArch CPU state */
  const VMStateDescription vmstate_loongarch_cpu = {
  .name = "cpu",
-.version_id = 1,
-.minimum_version_id = 1,
+.version_id = 2,
+.minimum_version_id = 2,
  .fields = (const VMStateField[]) {
  VMSTATE_UINTTL_ARRAY(env.gpr, LoongArchCPU, 32),
  VMSTATE_UINTTL(env.pc, LoongArchCPU),
@@ -208,6 +208,8 @@ const VMStateDescription vmstate_loongarch_cpu = {
  VMSTATE_UINT64(env.CSR_DERA, LoongArchCPU),
  VMSTATE_UINT64(env.CSR_DSAVE, LoongArchCPU),
  
+VMSTATE_UINT64(kvm_state_counter, LoongArchCPU),

+
  VMSTATE_END_OF_LIST()
  },
  .subsections = (const VMStateDescription * const []) {


Should this really be part of any stable releases?
Wouldn't it break migration between, say, 8.2 with this change
and without?

Thanks,

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH v3 1/3] qemu-keymap: Free xkb allocations

[Michael Tokarev]

22.05.2024 14:35, Peter Maydell wrote:
...

This is surely a sanitizer bug. We're unconditionally about
to exit() the program here, where everything is freed, so nothing
is leaked.


https://lists.nongnu.org/archive/html/qemu-devel/2024-05/msg00658.html fwiw.

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH] hw/loongarch/virt: Fix FDT memory node address width

[Michael Tokarev]

21.05.2024 00:06, Jiaxun Yang wrpte:

Higher bits for memory nodes were omitted at qemu_fdt_setprop_cells.

Signed-off-by: Jiaxun Yang 
---
This should be stable backported, otherwise DT boot is totally broken.


Please add Cc: qemu-stable@ for changes which needs to be back-ported.
I don't read *every* patch on qemu@ list, it just so happened I noticed
this one.

Thanks,

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH v2 3/3] migration/colo: Tidy up bql_unlock() around bdrv_activate_all()

[Michael Tokarev]

16.05.2024 06:45, Li Zhijian wrote:

Make the code more tight.

Suggested-by: Michael Tokarev 
Reviewed-by: Peter Xu 
Reviewed-by: Zhang Chen 
Signed-off-by: Li Zhijian 


Signed-off-by: Michael Tokarev 

/mjt


---
V2: Collected reviewed-by tags
This change/comment suggested by "Michael Tokarev " came
a bit late at that time, let's update it together in these minor set
this time.
---
  migration/colo.c | 3 +--
  1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/migration/colo.c b/migration/colo.c
index 991806c06a..1b6d9da1c8 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -838,12 +838,11 @@ static void *colo_process_incoming_thread(void *opaque)
  /* Make sure all file formats throw away their mutable metadata */
  bql_lock();
  bdrv_activate_all(_err);
+bql_unlock();
  if (local_err) {
-bql_unlock();
  error_report_err(local_err);
  return NULL;
  }
-bql_unlock();
  
  failover_init_state();
  

Re: [PULL 00/11] Ui patches

[Michael Tokarev]

14.05.2024 16:17, marcandre.lur...@redhat.com wrote:


UI: small fixes and improvements



Bernhard Beschow (1):
   ui/sdl2: Allow host to power down screen

Dongwon Kim (7):
   ui/gtk: Draw guest frame at refresh cycle
   ui/gtk: Check if fence_fd is equal to or greater than 0
   ui/console: new dmabuf.h and dmabuf.c for QemuDmaBuf struct and
 helpers
   ui/console: Use qemu_dmabuf_get_..() helpers instead
   ui/console: Use qemu_dmabuf_set_..() helpers instead
   ui/console: Use qemu_dmabuf_new() and free() helpers instead
   ui/console: move QemuDmaBuf struct def to dmabuf.c

Sergii Zasenko (1):
   Allow UNIX socket option for VNC websocket

hikalium (2):
   ui/gtk: Add gd_motion_event trace event
   ui/gtk: Fix mouse/motion event scaling issue with GTK display backend


From this list, it looks like

  ui/gtk: Draw guest frame at refresh cycle
  ui/gtk: Check if fence_fd is equal to or greater than 0  (questionable, minor 
issue)
  ui/gtk: Fix mouse/motion event scaling issue with GTK display backend

should be picked up for stable, is it not?

Thanks,

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: CPR/liveupdate: test results using prior bug fix

[Michael Tokarev]

14.05.2024 16:54, Michael Tokarev пишет:

On 5/14/24 16:39, Michael Galaxy wrote:

Steve,

OK, so it does not look like this bugfix you wrote was included in 8.2.4 (which was released yesterday). Unfortunately, that means that anyone using 
CPR in that release will still (eventually) encounter the bug like I did.


8.2.4 is basically a "bugfix" release for 8.2.3 which I somewhat
screwed up (in a minor way), plus a few currently (at the time)
queued up changes.   8.2.3 was a big release though.


I would recommend that y'all consider cherry-picking, perhaps, the relevant 
commits for a possible 8.2.5 ?


Please Cc changes which are relevant for -stable to, well,
qemu-sta...@nongnu.org :)

Which changes needs to be picked up?

Please also note this particular change does not apply cleanly to
stable-8.2 branch due to other changes in this area between 8.2
and 9.0, in particular, in postcopy_start().  So if this is to be
picked up for stable-8.2, I need help from someone who better
understands this code to select changes to pick.

Thanks,

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: CPR/liveupdate: test results using prior bug fix

[Michael Tokarev]

On 5/14/24 16:39, Michael Galaxy wrote:

Steve,

OK, so it does not look like this bugfix you wrote was included in 8.2.4 
(which was released yesterday). Unfortunately, that means that anyone 
using CPR in that release will still (eventually) encounter the bug like 
I did.


8.2.4 is basically a "bugfix" release for 8.2.3 which I somewhat
screwed up (in a minor way), plus a few currently (at the time)
queued up changes.   8.2.3 was a big release though.

I would recommend that y'all consider cherry-picking, perhaps, the 
relevant commits for a possible 8.2.5 ?


Please Cc changes which are relevant for -stable to, well,
qemu-sta...@nongnu.org :)

Which changes needs to be picked up?

Thanks,

/mjt

[ANNOUNCE] QEMU 8.2.4 Stable released

[Michael Tokarev]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi everyone,

The QEMU v8.2.4 stable release is now available.

You can grab the tarball from our download page here:

  https://www.qemu.org/download/#source

  https://download.qemu.org/qemu-8.2.4.tar.xz
  https://download.qemu.org/qemu-8.2.4.tar.xz.sig (signature)

v8.2.4 is now tagged in the official qemu.git repository, and the
stable-8.2 branch has been updated accordingly:

  https://gitlab.com/qemu-project/qemu/-/commits/stable-8.2

There are 16 changes since the previous v8.2.3 release.

Thank you everyone who has been involved and helped with the stable series!

/mjt

Changelog (stable-8.2-hash master-hash Author Name: Commmit-Subject):

1332b8dd43 Michael Tokarev:
 Update version for 8.2.4 release
07d46408cb e88a856efd Philippe Mathieu-Daudé:
 target/sh4: Fix SUBV opcode
dc5390a0ca c365e6b070 Philippe Mathieu-Daudé:
 target/sh4: Fix ADDV opcode
7b4804c965 eb656a60fd Philippe Mathieu-Daudé:
 hw/arm/npcm7xx: Store derivative OTP fuse key in little endian
dfcbb9ef24 4b00855f0e Alexandra Diupina:
 hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields
d5cf8bed29 f2c8aeb1af Jeuk Kim:
 hw/ufs: Fix buffer overflow bug
5479d911bc a88a04906b Thomas Huth:
 .gitlab-ci.d/cirrus.yml: Shorten the runtime of the macOS and FreeBSD jobs
5b5655fdb7 dcc5c018c7 Peter Maydell:
 tests/avocado: update sunxi kernel from armbian to 6.6.16
7e5f59326d 0cbb322f70 Michael Tokarev:
 target/loongarch/cpu.c: typo fix: expection
f6abce29cc 06479dbf3d Li Zhijian:
 backends/cryptodev-builtin: Fix local_error leaks
37751067b1 4fa333e08d Eric Blake:
 nbd/server: Mark negotiation functions as coroutine_fn
cb4c222add ae6d91a7e9 Zhu Yangyang:
 nbd/server: do not poll within a coroutine context
6fee9efc2e 04f6fb897a Michael Tokarev:
 linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY
55b88e61ed 2cc637f1ea Li Zhijian:
 migration/colo: Fix bdrv_graph_rdlock_main_loop: Assertion 
`!qemu_in_coroutine()' failed.
cbae108098 10f86d1b84 Daniel Henrique Barboza:
 target/riscv/kvm: change timer regs size to u64
125b95d79e 450bd6618f Daniel Henrique Barboza:
 target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64
bbdcc89678 49c211ffca Daniel Henrique Barboza:
 target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmZCexIACgkQcBtPaxpp
PlkwiQgAinEkfIr7ShAXPx4L1GrE9S4HbuF4cZrtJqcbSB6XN7v+zSKeWW89iNhX
6/UDcP57ORtincZyhlqzj/MEoOFiUgpEz9pAlJn12QlDZDOFGOD7yISibCKSZVsL
OKPOOH7HB6/koUmKKXij2JAc73G95ZkGrsvPS/ThiQbh89R1wGuarmvO447lgLZx
a4tlGa70hmu3+GGPYRUT4W+TNMvUP/jLj3BHq6PlMSz0cpr/REAsG93h5Bq1axwL
8bDSw2HSX09wE4yp4AalT+ymnphZ7oh3kDniLn/DDjRXmlatSuLJADzK0Q0ksoWm
rPY9ZLDOYaNAd1z29V6k8z2gG1rKtA==
=iFlq
-END PGP SIGNATURE-

Re: [Stable-8.2.4 00/16] Patch Round-up for stable 8.2.4 (planned for 2024-05-10)

[Michael Tokarev]

07.05.2024 11:45, Michael Tokarev wrote:

07.05.2024 11:41, Michael Tokarev wrote:

The following patches are queued for QEMU stable v8.2.4:

   https://gitlab.com/qemu-project/qemu/-/commits/staging-8.2

The release is planned for 2024-05-12, to address a few issues
encountered with v8.2.3 release, - a bit wrong tarball with some
replication hiccups in the CDN behind download.qemu.org, and a
build failure on riscv.



*sigh*. and sure thing, there's one more hiccup: I meant to make a
release in 2 days, ie, on May-10, not May-12..  (fixed in the Subject)

There's another issue found in this series (also present in 9.0 and master
currently), --

  https://gitlab.com/qemu-project/qemu/-/issues/2321
  https://gitlab.com/qemu-project/qemu/-/issues/2334

Since the original change fixes a security issue (CVE-2024-4693),
I think it's wise now to delay 8.2.4 release for some more time.

Thanks,

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PULL 05/26] hw/remote/vfio-user: Fix config space access byte order

[Michael Tokarev]

08.05.2024 20:44, Philippe Mathieu-Daudé wrote:

From: Mattias Nissler 

PCI config space is little-endian, so on a big-endian host we need to
perform byte swaps for values as they are passed to and received from
the generic PCI config space access machinery.


Is this a material for stable?

Thanks,

/mjt


  hw/remote/vfio-user-obj.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
index d9b879e056..8dbafafb9e 100644
--- a/hw/remote/vfio-user-obj.c
+++ b/hw/remote/vfio-user-obj.c
@@ -281,7 +281,7 @@ static ssize_t vfu_object_cfg_access(vfu_ctx_t *vfu_ctx, 
char * const buf,
  while (bytes > 0) {
  len = (bytes > pci_access_width) ? pci_access_width : bytes;
  if (is_write) {
-memcpy(, ptr, len);
+val = ldn_le_p(ptr, len);
  pci_host_config_write_common(o->pci_dev, offset,
   pci_config_size(o->pci_dev),
   val, len);
@@ -289,7 +289,7 @@ static ssize_t vfu_object_cfg_access(vfu_ctx_t *vfu_ctx, 
char * const buf,
  } else {
  val = pci_host_config_read_common(o->pci_dev, offset,
pci_config_size(o->pci_dev), 
len);
-memcpy(ptr, , len);
+stn_le_p(ptr, len, val);
  trace_vfu_cfg_read(offset, val);
  }
  offset += len;


--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH v3] target/i386: Fix CPUID encoding of Fn8000001E_ECX

[Michael Tokarev]

09.05.2024 17:11, Daniel P. Berrangé wrote:

On Thu, May 09, 2024 at 04:54:16PM +0300, Michael Tokarev wrote:

03.05.2024 20:46, Babu Moger wrote:



diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 08c7de416f..46235466d7 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -81,6 +81,7 @@
   GlobalProperty pc_compat_9_0[] = {
   { TYPE_X86_CPU, "guest-phys-bits", "0" },
   { "sev-guest", "legacy-vm-type", "true" },
+{ TYPE_X86_CPU, "legacy-multi-node", "on" },
   };


Should this legacy-multi-node property be added to previous
machine types when applying to stable?  How about stable-8.2
and stable-7.2?


machine types are considered to express a fixed guest ABI
once part of a QEMU release. Given that we should not be
changing existing machine types in stable branches.


Yes, I understand this, and this is exactly why I asked.
The change in question has been Cc'ed to stable.  And I'm
trying to understand what should I do with it :)


In theory we could create new "bug fix" machine types in stable
branches. To support live migration, we would then need to also
add those same stable branch "bug fix" machine type versions in
all future QEMU versions. This is generally not worth the hassle
of exploding the number of machine types.

If you backport the patch, minus the machine type, then users
can still get the fix but they'll need to manually set the
property to enable it.


I don't think this makes big sense.  But maybe for someone who
actually hits this issue such backport will let to fix it.
Hence, again, I'm asking if it really a good idea to pick this
up for stable (any version of, - currently there are 2 active
series, 7.2, 8.2 and 9.0).

Also, the parameter has to be compatible with 9.1+ (maybe having
different default).

Thanks,

/mjt

--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH v3] target/i386: Fix CPUID encoding of Fn8000001E_ECX

[Michael Tokarev]

03.05.2024 20:46, Babu Moger wrote:

Observed the following failure while booting the SEV-SNP guest and the
guest fails to boot with the smp parameters:
"-smp 192,sockets=1,dies=12,cores=8,threads=2".

qemu-system-x86_64: sev_snp_launch_update: SNP_LAUNCH_UPDATE ret=-5 fw_error=22 
'Invalid parameter'
qemu-system-x86_64: SEV-SNP: CPUID validation failed for function 0x801e, 
index: 0x0.
provided: eax:0x, ebx: 0x0100, ecx: 0x0b00, edx: 0x
expected: eax:0x, ebx: 0x0100, ecx: 0x0300, edx: 0x
qemu-system-x86_64: SEV-SNP: failed update CPUID page

...

Cc: qemu-sta...@nongnu.org
Fixes: 31ada106d891 ("Simplify CPUID_8000_001E for AMD")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537
Reviewed-by: Zhao Liu 
Signed-off-by: Babu Moger 
---
v3:
   Rebased to the latest tree.
   Updated the pc_compat_9_0 for the new flag.



diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 08c7de416f..46235466d7 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -81,6 +81,7 @@
  GlobalProperty pc_compat_9_0[] = {
  { TYPE_X86_CPU, "guest-phys-bits", "0" },
  { "sev-guest", "legacy-vm-type", "true" },
+{ TYPE_X86_CPU, "legacy-multi-node", "on" },
  };


Should this legacy-multi-node property be added to previous
machine types when applying to stable?  How about stable-8.2
and stable-7.2?

Thanks,

/mjt

Re: [PATCH v8] virtio-pci: fix use of a released vector

[Michael Tokarev]

09.05.2024 04:43, Cindy Lu wrote:


https://gitlab.com/qemu-project/qemu/-/issues/2321
https://gitlab.com/qemu-project/qemu/-/issues/2334

So something's not right here.



I have checked the stack, seems there is a  crash while set the vector
to NO_VECTOER?

#0  kvm_virtio_pci_vq_vector_release (proxy=0x55bd979fd130,
vector=) at ../hw/virtio/virtio-pci.c:834


This is 8.2.3, not 9.0 or master.  It is this line:

static void kvm_virtio_pci_vq_vector_release(VirtIOPCIProxy *proxy,
 unsigned int vector)
{
VirtIOIRQFD *irqfd = >vector_irqfd[vector];
if (--irqfd->users == 0) {<=== this
kvm_irqchip_release_virq(kvm_state, irqfd->virq);
}
}

I wonder if we have a use-after-release issue here, which has been
uncovered by your fix..

/mjt


#1  kvm_virtio_pci_vector_release_one
(proxy=proxy@entry=0x55bd979fd130, queue_no=queue_no@entry=0) at
../hw/virtio/virtio-pci.c:965
#2  0x55bd9380c430 in virtio_pci_set_vector (vdev=0x55bd97a05500,
proxy=0x55bd979fd130, queue_no=0, old_vector=1, new_vector=65535)
 at ../hw/virtio/virtio-pci.c:1445
#3  0x55bd939c5490 in memory_region_write_accessor
(mr=0x55bd979fdc70, addr=26, value=, size=2,
shift=,
 mask=, attrs=...) at ../system/memory.c:497

I will try to reproduce and work in it

thanks
Cindy

Re: [PATCH v8] virtio-pci: fix use of a released vector

[Michael Tokarev]

15.04.2024 12:34, Michael S. Tsirkin wrote:

From: Cindy Lu 

During the booting process of the non-standard image, the behavior of the
called function in qemu is as follows:

1. vhost_net_stop() was triggered by guest image. This will call the function
virtio_pci_set_guest_notifiers() with assgin= false,
virtio_pci_set_guest_notifiers(） will release the irqfd for vector 0

2. virtio_reset() was triggered, this will set configure vector to 
VIRTIO_NO_VECTOR

3.vhost_net_start() was called (at this time, the configure vector is
still VIRTIO_NO_VECTOR) and then call virtio_pci_set_guest_notifiers() with
assgin=true, so the irqfd for vector 0 is still not "init" during this process

4. The system continues to boot and sets the vector back to 0. After that
msix_fire_vector_notifier() was triggered to unmask the vector 0 and  meet the 
crash

To fix the issue, we need to support changing the vector after 
VIRTIO_CONFIG_S_DRIVER_OK is set.


This change breaks both 9.0 and stable-8.2.3:

https://gitlab.com/qemu-project/qemu/-/issues/2321
https://gitlab.com/qemu-project/qemu/-/issues/2334

So something's not right here.

Thanks,

/mjt

...

MST: coding style and typo fixups

Fixes: f9a09ca3ea ("vhost: add support for configure interrupt")
Cc: qemu-sta...@nongnu.org
Signed-off-by: Cindy Lu 
Message-Id: <20240412062750.475180-1-l...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
  hw/virtio/virtio-pci.c | 37 +++--
  1 file changed, 35 insertions(+), 2 deletions(-)

v7->v8:
more cleanups, suggested by Philip

still untested, i just got involved to help address coding style
issues

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index cb6940fc0e..cb159fd078 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1424,6 +1424,38 @@ static int virtio_pci_add_mem_cap(VirtIOPCIProxy *proxy,
  return offset;
  }
  
+static void virtio_pci_set_vector(VirtIODevice *vdev,

+  VirtIOPCIProxy *proxy,
+  int queue_no, uint16_t old_vector,
+  uint16_t new_vector)
+{
+bool kvm_irqfd = (vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) &&
+msix_enabled(>pci_dev) && kvm_msi_via_irqfd_enabled();
+
+if (new_vector == old_vector) {
+return;
+}
+
+/*
+ * If the device uses irqfd and the vector changes after DRIVER_OK is
+ * set, we need to release the old vector and set up the new one.
+ * Otherwise just need to set the new vector on the device.
+ */
+if (kvm_irqfd && old_vector != VIRTIO_NO_VECTOR) {
+kvm_virtio_pci_vector_release_one(proxy, queue_no);
+}
+/* Set the new vector on the device. */
+if (queue_no == VIRTIO_CONFIG_IRQ_IDX) {
+vdev->config_vector = new_vector;
+} else {
+virtio_queue_set_vector(vdev, queue_no, new_vector);
+}
+/* If the new vector changed need to set it up. */
+if (kvm_irqfd && new_vector != VIRTIO_NO_VECTOR) {
+kvm_virtio_pci_vector_use_one(proxy, queue_no);
+}
+}
+
  int virtio_pci_add_shm_cap(VirtIOPCIProxy *proxy,
 uint8_t bar, uint64_t offset, uint64_t length,
 uint8_t id)
@@ -1570,7 +1602,8 @@ static void virtio_pci_common_write(void *opaque, hwaddr 
addr,
  } else {
  val = VIRTIO_NO_VECTOR;
  }
-vdev->config_vector = val;
+virtio_pci_set_vector(vdev, proxy, VIRTIO_CONFIG_IRQ_IDX,
+  vdev->config_vector, val);
  break;
  case VIRTIO_PCI_COMMON_STATUS:
  if (!(val & VIRTIO_CONFIG_S_DRIVER_OK)) {
@@ -1610,7 +1643,7 @@ static void virtio_pci_common_write(void *opaque, hwaddr 
addr,
  } else {
  val = VIRTIO_NO_VECTOR;
  }
-virtio_queue_set_vector(vdev, vdev->queue_sel, val);
+virtio_pci_set_vector(vdev, proxy, vdev->queue_sel, vector, val);
  break;
  case VIRTIO_PCI_COMMON_Q_ENABLE:
  if (val == 1) {


--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH] hw/loongarch/virt: Fix memory leak

[Michael Tokarev]

07.05.2024 05:22, Song Gao wrote:


  for (i = 1; i < nb_numa_nodes; i++) {
  MemoryRegion *nodemem = g_new(MemoryRegion, 1);
-ramName = g_strdup_printf("loongarch.node%d.ram", i);
+g_autofree char *ramName = g_strdup_printf("loongarch.node%d.ram", i);


Can't this be a fixed-size buffer on stack?

Maybe I'm old-minded, but such obviously fixed and
very small allocations on the heap hurt my eyes ;)

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [Stable-8.2.4 00/16] Patch Round-up for stable 8.2.4 (planned for 2024-05-10)

[Michael Tokarev]

07.05.2024 11:41, Michael Tokarev wrote:

The following patches are queued for QEMU stable v8.2.4:

   https://gitlab.com/qemu-project/qemu/-/commits/staging-8.2

The release is planned for 2024-05-12, to address a few issues
encountered with v8.2.3 release, - a bit wrong tarball with some
replication hiccups in the CDN behind download.qemu.org, and a
build failure on riscv.

*sigh*. and sure thing, there's one more hiccup: I meant to make a
release in 2 days, ie, on May-10, not May-12..  (fixed in the Subject)

I'm sorry about this.

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

[Stable-8.2.4 14/16] hw/arm/npcm7xx: Store derivative OTP fuse key in little endian

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Use little endian for derivative OTP fuse key.

Cc: qemu-sta...@nongnu.org
Fixes: c752bb079b ("hw/nvram: NPCM7xx OTP device model")
Suggested-by: Avi Fishman 
Signed-off-by: Philippe Mathieu-Daudé 
Message-id: 20240422125813.1403-1-phi...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
(cherry picked from commit eb656a60fd93262b1e519b3162888bf261df7f68)
Signed-off-by: Michael Tokarev 

diff --git a/hw/arm/npcm7xx.c b/hw/arm/npcm7xx.c
index 15ff21d047..8753812c37 100644
--- a/hw/arm/npcm7xx.c
+++ b/hw/arm/npcm7xx.c
@@ -24,6 +24,7 @@
 #include "hw/qdev-clock.h"
 #include "hw/qdev-properties.h"
 #include "qapi/error.h"
+#include "qemu/bswap.h"
 #include "qemu/units.h"
 #include "sysemu/sysemu.h"
 
@@ -377,7 +378,7 @@ static void npcm7xx_init_fuses(NPCM7xxState *s)
  * The initial mask of disabled modules indicates the chip derivative (e.g.
  * NPCM750 or NPCM730).
  */
-value = tswap32(nc->disabled_modules);
+value = cpu_to_le32(nc->disabled_modules);
 npcm7xx_otp_array_write(>fuse_array, , NPCM7XX_FUSE_DERIVATIVE,
 sizeof(value));
 }
-- 
2.39.2

[Stable-8.2.4 04/16] migration/colo: Fix bdrv_graph_rdlock_main_loop: Assertion `!qemu_in_coroutine()' failed.

[Michael Tokarev]

From: Li Zhijian 

bdrv_activate_all() should not be called from the coroutine context, move
it to the QEMU thread colo_process_incoming_thread() with the bql_lock
protected.

The backtrace is as follows:
 #4  0x561af7948362 in bdrv_graph_rdlock_main_loop () at 
../block/graph-lock.c:260
 #5  0x561af7907a68 in graph_lockable_auto_lock_mainloop (x=0x7fd29810be7b) 
at /patch/to/qemu/include/block/graph-lock.h:259
 #6  0x561af79167d1 in bdrv_activate_all (errp=0x7fd29810bed0) at 
../block.c:6906
 #7  0x561af762b4af in colo_incoming_co () at ../migration/colo.c:935
 #8  0x561af7607e57 in process_incoming_migration_co (opaque=0x0) at 
../migration/migration.c:793
 #9  0x561af7adbeeb in coroutine_trampoline (i0=-106876144, i1=22042) at 
../util/coroutine-ucontext.c:175
 #10 0x7fd2a5cf21c0 in  () at /lib64/libc.so.6

Cc: qemu-sta...@nongnu.org
Cc: Fabiano Rosas 
Closes: https://gitlab.com/qemu-project/qemu/-/issues/2277
Fixes: 2b3912f135 ("block: Mark bdrv_first_blk() and bdrv_is_root_node() 
GRAPH_RDLOCK")
Signed-off-by: Li Zhijian 
Reviewed-by: Zhang Chen 
Tested-by: Zhang Chen 
Reviewed-by: Fabiano Rosas 
Link: https://lore.kernel.org/r/20240417025634.1014582-1-lizhij...@fujitsu.com
Signed-off-by: Peter Xu 
(cherry picked from commit 2cc637f1ea08d2a1b19fc5b1a30bc609f948de93)
Signed-off-by: Michael Tokarev 
(Mjt: fixup bql_lock() => qemu_mutex_lock_iothread() for 
v8.2.0-444-g195801d700c0
 "system/cpus: rename qemu_mutex_lock_iothread() to bql_lock()")

diff --git a/migration/colo.c b/migration/colo.c
index 4447e34914..8f301b7e57 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -830,6 +830,16 @@ static void *colo_process_incoming_thread(void *opaque)
 return NULL;
 }
 
+/* Make sure all file formats throw away their mutable metadata */
+qemu_mutex_lock_iothread();
+bdrv_activate_all(_err);
+if (local_err) {
+qemu_mutex_unlock_iothread();
+error_report_err(local_err);
+return NULL;
+}
+qemu_mutex_unlock_iothread();
+
 failover_init_state();
 
 mis->to_src_file = qemu_file_get_return_path(mis->from_src_file);
@@ -917,7 +927,6 @@ out:
 int coroutine_fn colo_incoming_co(void)
 {
 MigrationIncomingState *mis = migration_incoming_get_current();
-Error *local_err = NULL;
 QemuThread th;
 
 assert(qemu_mutex_iothread_locked());
@@ -926,13 +935,6 @@ int coroutine_fn colo_incoming_co(void)
 return 0;
 }
 
-/* Make sure all file formats throw away their mutable metadata */
-bdrv_activate_all(_err);
-if (local_err) {
-error_report_err(local_err);
-return -EINVAL;
-}
-
 qemu_thread_create(, "COLO incoming", colo_process_incoming_thread,
mis, QEMU_THREAD_JOINABLE);
 
-- 
2.39.2

[Stable-8.2.4 09/16] target/loongarch/cpu.c: typo fix: expection

[Michael Tokarev]

Fixes: 1590154ee437 ("target/loongarch: Fix qemu-system-loongarch64 assert 
failed with the option '-d int'")
Fixes: ef9b43bb8e2d (in stable-8.2)
Signed-off-by: Michael Tokarev 
Reviewed-by: Richard Henderson 
(cherry picked from commit 0cbb322f70e8a87e4acbffecef5ea8f9448f3513)
Signed-off-by: Michael Tokarev 

diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index 570201e616..337f04b201 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -82,7 +82,7 @@ void G_NORETURN do_raise_exception(CPULoongArchState *env,
 {
 CPUState *cs = env_cpu(env);
 
-qemu_log_mask(CPU_LOG_INT, "%s: expection: %d (%s)\n",
+qemu_log_mask(CPU_LOG_INT, "%s: exception: %d (%s)\n",
   __func__,
   exception,
   loongarch_exception_name(exception));
-- 
2.39.2

[Stable-8.2.4 13/16] hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields

[Michael Tokarev]

From: Alexandra Diupina 

The DMA descriptor structures for this device have
a set of "address extension" fields which extend the 32
bit source addresses with an extra 16 bits to give a
48 bit address:
 https://docs.amd.com/r/en-US/ug1085-zynq-ultrascale-trm/ADDR_EXT-Field

However, we misimplemented this address extension in several ways:
 * we only extracted 12 bits of the extension fields, not 16
 * we didn't shift the extension field up far enough
 * we accidentally did the shift as 32-bit arithmetic, which
   meant that we would have an overflow instead of setting
   bits [47:32] of the resulting 64-bit address

Add a type cast and use extract64() instead of extract32()
to avoid integer overflow on addition. Fix bit fields
extraction according to documentation.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Cc: qemu-sta...@nongnu.org
Fixes: d3c6369a96 ("introduce xlnx-dpdma")
Signed-off-by: Alexandra Diupina 
Message-id: 20240428181131.23801-1-adiup...@astralinux.ru
[PMM: adjusted commit message]
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
(cherry picked from commit 4b00855f0ee2e2eee8fd2500ffef27c108be6dc3)
Signed-off-by: Michael Tokarev 

diff --git a/hw/dma/xlnx_dpdma.c b/hw/dma/xlnx_dpdma.c
index dd66be5265..06e187e99c 100644
--- a/hw/dma/xlnx_dpdma.c
+++ b/hw/dma/xlnx_dpdma.c
@@ -175,24 +175,24 @@ static uint64_t 
xlnx_dpdma_desc_get_source_address(DPDMADescriptor *desc,
 
 switch (frag) {
 case 0:
-addr = desc->source_address
-+ (extract32(desc->address_extension, 16, 12) << 20);
+addr = (uint64_t)desc->source_address
++ (extract64(desc->address_extension, 16, 16) << 32);
 break;
 case 1:
-addr = desc->source_address2
-+ (extract32(desc->address_extension_23, 0, 12) << 8);
+addr = (uint64_t)desc->source_address2
++ (extract64(desc->address_extension_23, 0, 16) << 32);
 break;
 case 2:
-addr = desc->source_address3
-+ (extract32(desc->address_extension_23, 16, 12) << 20);
+addr = (uint64_t)desc->source_address3
++ (extract64(desc->address_extension_23, 16, 16) << 32);
 break;
 case 3:
-addr = desc->source_address4
-+ (extract32(desc->address_extension_45, 0, 12) << 8);
+addr = (uint64_t)desc->source_address4
++ (extract64(desc->address_extension_45, 0, 16) << 32);
 break;
 case 4:
-addr = desc->source_address5
-+ (extract32(desc->address_extension_45, 16, 12) << 20);
+addr = (uint64_t)desc->source_address5
++ (extract64(desc->address_extension_45, 16, 16) << 32);
 break;
 default:
 addr = 0;
-- 
2.39.2

[Stable-8.2.4 12/16] hw/ufs: Fix buffer overflow bug

[Michael Tokarev]

From: Jeuk Kim 

It fixes the buffer overflow vulnerability in the ufs device.
The bug was detected by sanitizers.

You can reproduce it by:

cat << EOF |\
qemu-system-x86_64 \
-display none -machine accel=qtest -m 512M -M q35 -nodefaults -drive \
file=null-co://,if=none,id=disk0 -device ufs,id=ufs_bus -device \
ufs-lu,drive=disk0,bus=ufs_bus -qtest stdio
outl 0xcf8 0x8810
outl 0xcfc 0xe000
outl 0xcf8 0x8804
outw 0xcfc 0x06
write 0xe058 0x1 0xa7
write 0xa 0x1 0x50
EOF

Resolves: #2299
Fixes: 329f16624499 ("hw/ufs: Support for Query Transfer Requests")
Reported-by: Zheyu Ma 
Signed-off-by: Jeuk Kim 
(cherry picked from commit f2c8aeb1afefcda92054c448b21fc59cdd99db30)
Signed-off-by: Michael Tokarev 

diff --git a/hw/ufs/ufs.c b/hw/ufs/ufs.c
index eccdb852a0..bac78a32bb 100644
--- a/hw/ufs/ufs.c
+++ b/hw/ufs/ufs.c
@@ -126,6 +126,10 @@ static MemTxResult ufs_dma_read_req_upiu(UfsRequest *req)
 copy_size = sizeof(UtpUpiuHeader) + UFS_TRANSACTION_SPECIFIC_FIELD_SIZE +
 data_segment_length;
 
+if (copy_size > sizeof(req->req_upiu)) {
+copy_size = sizeof(req->req_upiu);
+}
+
 ret = ufs_addr_read(u, req_upiu_base_addr, >req_upiu, copy_size);
 if (ret) {
 trace_ufs_err_dma_read_req_upiu(req->slot, req_upiu_base_addr);
@@ -225,6 +229,10 @@ static MemTxResult ufs_dma_write_rsp_upiu(UfsRequest *req)
 copy_size = rsp_upiu_byte_len;
 }
 
+if (copy_size > sizeof(req->rsp_upiu)) {
+copy_size = sizeof(req->rsp_upiu);
+}
+
 ret = ufs_addr_write(u, rsp_upiu_base_addr, >rsp_upiu, copy_size);
 if (ret) {
 trace_ufs_err_dma_write_rsp_upiu(req->slot, rsp_upiu_base_addr);
-- 
2.39.2

[Stable-8.2.4 10/16] tests/avocado: update sunxi kernel from armbian to 6.6.16

[Michael Tokarev]

From: Peter Maydell 

The Linux kernel 5.10.16 binary for sunxi has been removed from
apt.armbian.com. This means that the avocado tests for these machines
will be skipped (status CANCEL) if the old binary isn't present in
the avocado cache.

Update to 6.6.16, in the same way we did in commit e384db41d8661
when we moved to 5.10.16 in 2021.

Cc: qemu-sta...@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2284
Signed-off-by: Peter Maydell 
Reviewed-by: Strahinja Jankovic 
Reviewed-by: Niek Linnenbank 
Tested-by: Niek Linnenbank 
Message-id: 20240415151845.1564201-1-peter.mayd...@linaro.org
(cherry picked from commit dcc5c018c7e6acddf81951bcbdf1019b9ab45f56)
Signed-off-by: Michael Tokarev 

diff --git a/tests/avocado/boot_linux_console.py 
b/tests/avocado/boot_linux_console.py
index 3f0180e1f8..b132b4f8f3 100644
--- a/tests/avocado/boot_linux_console.py
+++ b/tests/avocado/boot_linux_console.py
@@ -549,12 +549,12 @@ def test_arm_cubieboard_initrd(self):
 :avocado: tags=accel:tcg
 """
 deb_url = ('https://apt.armbian.com/pool/main/l/'
-   
'linux-5.10.16-sunxi/linux-image-current-sunxi_21.02.2_armhf.deb')
-deb_hash = '9fa84beda245cabf0b4fa84cf6eaa7738ead1da0'
+   
'linux-6.6.16/linux-image-current-sunxi_24.2.1_armhf__6.6.16-Seb3e-D6b4a-P2359-Ce96bHfe66-HK01ba-V014b-B067e-R448a.deb')
+deb_hash = 'f7c3c8c5432f765445dc6e7eab02f3bbe668256b'
 deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
 kernel_path = self.extract_from_deb(deb_path,
-'/boot/vmlinuz-5.10.16-sunxi')
-dtb_path = 
'/usr/lib/linux-image-current-sunxi/sun4i-a10-cubieboard.dtb'
+
'/boot/vmlinuz-6.6.16-current-sunxi')
+dtb_path = 
'/usr/lib/linux-image-6.6.16-current-sunxi/sun4i-a10-cubieboard.dtb'
 dtb_path = self.extract_from_deb(deb_path, dtb_path)
 initrd_url = ('https://github.com/groeck/linux-build-test/raw/'
   '2eb0a73b5d5a28df3170c546ddaaa9757e1e0848/rootfs/'
@@ -593,12 +593,12 @@ def test_arm_cubieboard_sata(self):
 :avocado: tags=accel:tcg
 """
 deb_url = ('https://apt.armbian.com/pool/main/l/'
-   
'linux-5.10.16-sunxi/linux-image-current-sunxi_21.02.2_armhf.deb')
-deb_hash = '9fa84beda245cabf0b4fa84cf6eaa7738ead1da0'
+   
'linux-6.6.16/linux-image-current-sunxi_24.2.1_armhf__6.6.16-Seb3e-D6b4a-P2359-Ce96bHfe66-HK01ba-V014b-B067e-R448a.deb')
+deb_hash = 'f7c3c8c5432f765445dc6e7eab02f3bbe668256b'
 deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
 kernel_path = self.extract_from_deb(deb_path,
-'/boot/vmlinuz-5.10.16-sunxi')
-dtb_path = 
'/usr/lib/linux-image-current-sunxi/sun4i-a10-cubieboard.dtb'
+
'/boot/vmlinuz-6.6.16-current-sunxi')
+dtb_path = 
'/usr/lib/linux-image-6.6.16-current-sunxi/sun4i-a10-cubieboard.dtb'
 dtb_path = self.extract_from_deb(deb_path, dtb_path)
 rootfs_url = ('https://github.com/groeck/linux-build-test/raw/'
   '2eb0a73b5d5a28df3170c546ddaaa9757e1e0848/rootfs/'
@@ -775,13 +775,13 @@ def test_arm_bpim2u(self):
 :avocado: tags=machine:bpim2u
 :avocado: tags=accel:tcg
 """
-deb_url = ('https://apt.armbian.com/pool/main/l/linux-5.10.16-sunxi/'
-   'linux-image-current-sunxi_21.02.2_armhf.deb')
-deb_hash = '9fa84beda245cabf0b4fa84cf6eaa7738ead1da0'
+deb_url = ('https://apt.armbian.com/pool/main/l/'
+   
'linux-6.6.16/linux-image-current-sunxi_24.2.1_armhf__6.6.16-Seb3e-D6b4a-P2359-Ce96bHfe66-HK01ba-V014b-B067e-R448a.deb')
+deb_hash = 'f7c3c8c5432f765445dc6e7eab02f3bbe668256b'
 deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
 kernel_path = self.extract_from_deb(deb_path,
-'/boot/vmlinuz-5.10.16-sunxi')
-dtb_path = ('/usr/lib/linux-image-current-sunxi/'
+
'/boot/vmlinuz-6.6.16-current-sunxi')
+dtb_path = ('/usr/lib/linux-image-6.6.16-current-sunxi/'
 'sun8i-r40-bananapi-m2-ultra.dtb')
 dtb_path = self.extract_from_deb(deb_path, dtb_path)
 
@@ -802,13 +802,13 @@ def test_arm_bpim2u_initrd(self):
 :avocado: tags=accel:tcg
 :avocado: tags=machine:bpim2u
 """
-deb_url = ('https://apt.armbian.com/pool/main/l/linux-5.10.16-sunxi/'
-   'linux-image-current-sunxi_21.02.2_armhf.deb')
-deb_hash = '9fa84beda245cabf0b4fa84cf6eaa7738ead1da0'
+deb_url = ('https://apt.armbian.com/pool/main/l/'
+   
'linux-6.6.16/linux-image-current-sunxi_24.2.1_armhf__6.6.16-Seb3e-D6b4a-P2359

[Stable-8.2.4 11/16] .gitlab-ci.d/cirrus.yml: Shorten the runtime of the macOS and FreeBSD jobs

[Michael Tokarev]

From: Thomas Huth 

Cirrus-CI introduced limitations to the free CI minutes. To avoid that
we are consuming them too fast, let's drop the usual targets that are
not that important since they are either a subset of another target
(like i386 or ppc being a subset of x86_64 or ppc64 respectively), or
since there is still a similar target with the opposite endianness
(like xtensa/xtensael, microblaze/microblazeel etc.).

Message-ID: <20240429100113.53357-1-th...@redhat.com>
Signed-off-by: Thomas Huth 
(cherry picked from commit a88a04906b966ffdcda23a5a456abe10aa8c826e)
Signed-off-by: Michael Tokarev 

diff --git a/.gitlab-ci.d/cirrus.yml b/.gitlab-ci.d/cirrus.yml
index 4671f069c3..49f86fadaf 100644
--- a/.gitlab-ci.d/cirrus.yml
+++ b/.gitlab-ci.d/cirrus.yml
@@ -57,6 +57,7 @@ x64-freebsd-13-build:
 CIRRUS_VM_RAM: 8G
 UPDATE_COMMAND: pkg update; pkg upgrade -y
 INSTALL_COMMAND: pkg install -y
+CONFIGURE_ARGS: 
--target-list-exclude=arm-softmmu,i386-softmmu,microblaze-softmmu,mips64el-softmmu,mipsel-softmmu,mips-softmmu,ppc-softmmu,sh4eb-softmmu,xtensa-softmmu
 TEST_TARGETS: check
 
 aarch64-macos-13-base-build:
@@ -72,6 +73,7 @@ aarch64-macos-13-base-build:
 INSTALL_COMMAND: brew install
 PATH_EXTRA: /opt/homebrew/ccache/libexec:/opt/homebrew/gettext/bin
 PKG_CONFIG_PATH: 
/opt/homebrew/curl/lib/pkgconfig:/opt/homebrew/ncurses/lib/pkgconfig:/opt/homebrew/readline/lib/pkgconfig
+CONFIGURE_ARGS: 
--target-list-exclude=arm-softmmu,i386-softmmu,microblazeel-softmmu,mips64-softmmu,mipsel-softmmu,mips-softmmu,ppc-softmmu,sh4-softmmu,xtensaeb-softmmu
 TEST_TARGETS: check-unit check-block check-qapi-schema check-softfloat 
check-qtest-x86_64
 
 aarch64-macos-14-base-build:
-- 
2.39.2

[Stable-8.2.4 01/16] target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32

[Michael Tokarev]

From: Daniel Henrique Barboza 

KVM_REG_RISCV_FP_F regs have u32 size according to the API, but by using
kvm_riscv_reg_id() in RISCV_FP_F_REG() we're returning u64 sizes when
running with TARGET_RISCV64. The most likely reason why no one noticed
this is because we're not implementing kvm_cpu_synchronize_state() in
RISC-V yet.

Create a new helper that returns a KVM ID with u32 size and use it in
RISCV_FP_F_REG().

Reported-by: Andrew Jones 
Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Andrew Jones 
Message-ID: <20231208183835.2411523-2-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
(cherry picked from commit 49c211ffca00fdf7c0c29072c224e88527a14838)
Signed-off-by: Michael Tokarev 

diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
index c1675158fe..2eef2be86a 100644
--- a/target/riscv/kvm/kvm-cpu.c
+++ b/target/riscv/kvm/kvm-cpu.c
@@ -72,6 +72,11 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, 
uint64_t type,
 return id;
 }
 
+static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx)
+{
+return KVM_REG_RISCV | KVM_REG_SIZE_U32 | type | idx;
+}
+
 #define RISCV_CORE_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \
  KVM_REG_RISCV_CORE_REG(name))
 
@@ -81,7 +86,7 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t 
type,
 #define RISCV_TIMER_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, 
\
  KVM_REG_RISCV_TIMER_REG(name))
 
-#define RISCV_FP_F_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_F, 
idx)
+#define RISCV_FP_F_REG(idx)  kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx)
 
 #define RISCV_FP_D_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, 
idx)
 
@@ -586,7 +591,7 @@ static int kvm_riscv_get_regs_fp(CPUState *cs)
 if (riscv_has_ext(env, RVF)) {
 uint32_t reg;
 for (i = 0; i < 32; i++) {
-ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(env, i), );
+ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(i), );
 if (ret) {
 return ret;
 }
@@ -620,7 +625,7 @@ static int kvm_riscv_put_regs_fp(CPUState *cs)
 uint32_t reg;
 for (i = 0; i < 32; i++) {
 reg = env->fpr[i];
-ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(env, i), );
+ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(i), );
 if (ret) {
 return ret;
 }
-- 
2.39.2

[Stable-8.2.4 06/16] nbd/server: do not poll within a coroutine context

[Michael Tokarev]

From: Zhu Yangyang 

Coroutines are not supposed to block. Instead, they should yield.

The client performs TLS upgrade outside of an AIOContext, during
synchronous handshake; this still requires g_main_loop.  But the
server responds to TLS upgrade inside a coroutine, so a nested
g_main_loop is wrong.  Since the two callbacks no longer share more
than the setting of data.complete and data.error, it's just as easy to
use static helpers instead of trying to share a common code path.  It
is also possible to add assertions that no other code is interfering
with the eventual path to qio reaching the callback, whether or not it
required a yield or main loop.

Fixes: f95910f ("nbd: implement TLS support in the protocol negotiation")
Signed-off-by: Zhu Yangyang 
[eblake: move callbacks to their use point, add assertions]
Signed-off-by: Eric Blake 
Message-ID: <20240408160214.1200629-5-ebl...@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy 
(cherry picked from commit ae6d91a7e9b77abb029ed3fa9fad461422286942)
Signed-off-by: Michael Tokarev 

diff --git a/nbd/client.c b/nbd/client.c
index 29ffc609a4..c89c750467 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -596,13 +596,31 @@ static int nbd_request_simple_option(QIOChannel *ioc, int 
opt, bool strict,
 return 1;
 }
 
+/* Callback to learn when QIO TLS upgrade is complete */
+struct NBDTLSClientHandshakeData {
+bool complete;
+Error *error;
+GMainLoop *loop;
+};
+
+static void nbd_client_tls_handshake(QIOTask *task, void *opaque)
+{
+struct NBDTLSClientHandshakeData *data = opaque;
+
+qio_task_propagate_error(task, >error);
+data->complete = true;
+if (data->loop) {
+g_main_loop_quit(data->loop);
+}
+}
+
 static QIOChannel *nbd_receive_starttls(QIOChannel *ioc,
 QCryptoTLSCreds *tlscreds,
 const char *hostname, Error **errp)
 {
 int ret;
 QIOChannelTLS *tioc;
-struct NBDTLSHandshakeData data = { 0 };
+struct NBDTLSClientHandshakeData data = { 0 };
 
 ret = nbd_request_simple_option(ioc, NBD_OPT_STARTTLS, true, errp);
 if (ret <= 0) {
@@ -619,18 +637,20 @@ static QIOChannel *nbd_receive_starttls(QIOChannel *ioc,
 return NULL;
 }
 qio_channel_set_name(QIO_CHANNEL(tioc), "nbd-client-tls");
-data.loop = g_main_loop_new(g_main_context_default(), FALSE);
 trace_nbd_receive_starttls_tls_handshake();
 qio_channel_tls_handshake(tioc,
-  nbd_tls_handshake,
+  nbd_client_tls_handshake,
   ,
   NULL,
   NULL);
 
 if (!data.complete) {
+data.loop = g_main_loop_new(g_main_context_default(), FALSE);
 g_main_loop_run(data.loop);
+assert(data.complete);
+g_main_loop_unref(data.loop);
 }
-g_main_loop_unref(data.loop);
+
 if (data.error) {
 error_propagate(errp, data.error);
 object_unref(OBJECT(tioc));
diff --git a/nbd/common.c b/nbd/common.c
index 3247c1d618..589a748cfe 100644
--- a/nbd/common.c
+++ b/nbd/common.c
@@ -47,17 +47,6 @@ int nbd_drop(QIOChannel *ioc, size_t size, Error **errp)
 }
 
 
-void nbd_tls_handshake(QIOTask *task,
-   void *opaque)
-{
-struct NBDTLSHandshakeData *data = opaque;
-
-qio_task_propagate_error(task, >error);
-data->complete = true;
-g_main_loop_quit(data->loop);
-}
-
-
 const char *nbd_opt_lookup(uint32_t opt)
 {
 switch (opt) {
diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index dfa02f77ee..91895106a9 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -72,16 +72,6 @@ static inline int nbd_write(QIOChannel *ioc, const void 
*buffer, size_t size,
 return qio_channel_write_all(ioc, buffer, size, errp) < 0 ? -EIO : 0;
 }
 
-struct NBDTLSHandshakeData {
-GMainLoop *loop;
-bool complete;
-Error *error;
-};
-
-
-void nbd_tls_handshake(QIOTask *task,
-   void *opaque);
-
 int nbd_drop(QIOChannel *ioc, size_t size, Error **errp);
 
 #endif
diff --git a/nbd/server.c b/nbd/server.c
index 091b57119e..9fbac7d409 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -748,6 +748,23 @@ static int nbd_negotiate_handle_info(NBDClient *client, 
Error **errp)
 return rc;
 }
 
+/* Callback to learn when QIO TLS upgrade is complete */
+struct NBDTLSServerHandshakeData {
+bool complete;
+Error *error;
+Coroutine *co;
+};
+
+static void nbd_server_tls_handshake(QIOTask *task, void *opaque)
+{
+struct NBDTLSServerHandshakeData *data = opaque;
+
+qio_task_propagate_error(task, >error);
+data->complete = true;
+if (!qemu_coroutine_entered(data->co)) {
+aio_co_wake(data->co);
+}
+}
 
 /* Handle NBD_OPT_STARTTLS. Return NULL to drop connection, or else the
  * new channel for all further (now-e

[Stable-8.2.4 07/16] nbd/server: Mark negotiation functions as coroutine_fn

[Michael Tokarev]

From: Eric Blake 

nbd_negotiate() is already marked coroutine_fn.  And given the fix in
the previous patch to have nbd_negotiate_handle_starttls not create
and wait on a g_main_loop (as that would violate coroutine
constraints), it is worth marking the rest of the related static
functions reachable only during option negotiation as also being
coroutine_fn.

Suggested-by: Vladimir Sementsov-Ogievskiy 
Signed-off-by: Eric Blake 
Message-ID: <20240408160214.1200629-6-ebl...@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy 
[eblake: drop one spurious coroutine_fn marking]
Signed-off-by: Eric Blake 
(cherry picked from commit 4fa333e08dd96395a99ea8dd9e4c73a29dd23344)
Signed-off-by: Michael Tokarev 

diff --git a/nbd/server.c b/nbd/server.c
index 9fbac7d409..3d8ddfef06 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -195,8 +195,9 @@ static inline void set_be_option_rep(NBDOptionReply *rep, 
uint32_t option,
 
 /* Send a reply header, including length, but no payload.
  * Return -errno on error, 0 on success. */
-static int nbd_negotiate_send_rep_len(NBDClient *client, uint32_t type,
-  uint32_t len, Error **errp)
+static coroutine_fn int
+nbd_negotiate_send_rep_len(NBDClient *client, uint32_t type,
+   uint32_t len, Error **errp)
 {
 NBDOptionReply rep;
 
@@ -211,15 +212,15 @@ static int nbd_negotiate_send_rep_len(NBDClient *client, 
uint32_t type,
 
 /* Send a reply header with default 0 length.
  * Return -errno on error, 0 on success. */
-static int nbd_negotiate_send_rep(NBDClient *client, uint32_t type,
-  Error **errp)
+static coroutine_fn int
+nbd_negotiate_send_rep(NBDClient *client, uint32_t type, Error **errp)
 {
 return nbd_negotiate_send_rep_len(client, type, 0, errp);
 }
 
 /* Send an error reply.
  * Return -errno on error, 0 on success. */
-static int G_GNUC_PRINTF(4, 0)
+static coroutine_fn int G_GNUC_PRINTF(4, 0)
 nbd_negotiate_send_rep_verr(NBDClient *client, uint32_t type,
 Error **errp, const char *fmt, va_list va)
 {
@@ -259,7 +260,7 @@ nbd_sanitize_name(const char *name)
 
 /* Send an error reply.
  * Return -errno on error, 0 on success. */
-static int G_GNUC_PRINTF(4, 5)
+static coroutine_fn int G_GNUC_PRINTF(4, 5)
 nbd_negotiate_send_rep_err(NBDClient *client, uint32_t type,
Error **errp, const char *fmt, ...)
 {
@@ -275,7 +276,7 @@ nbd_negotiate_send_rep_err(NBDClient *client, uint32_t type,
 /* Drop remainder of the current option, and send a reply with the
  * given error type and message. Return -errno on read or write
  * failure; or 0 if connection is still live. */
-static int G_GNUC_PRINTF(4, 0)
+static coroutine_fn int G_GNUC_PRINTF(4, 0)
 nbd_opt_vdrop(NBDClient *client, uint32_t type, Error **errp,
   const char *fmt, va_list va)
 {
@@ -288,7 +289,7 @@ nbd_opt_vdrop(NBDClient *client, uint32_t type, Error 
**errp,
 return ret;
 }
 
-static int G_GNUC_PRINTF(4, 5)
+static coroutine_fn int G_GNUC_PRINTF(4, 5)
 nbd_opt_drop(NBDClient *client, uint32_t type, Error **errp,
  const char *fmt, ...)
 {
@@ -302,7 +303,7 @@ nbd_opt_drop(NBDClient *client, uint32_t type, Error **errp,
 return ret;
 }
 
-static int G_GNUC_PRINTF(3, 4)
+static coroutine_fn int G_GNUC_PRINTF(3, 4)
 nbd_opt_invalid(NBDClient *client, Error **errp, const char *fmt, ...)
 {
 int ret;
@@ -319,8 +320,9 @@ nbd_opt_invalid(NBDClient *client, Error **errp, const char 
*fmt, ...)
  * If @check_nul, require that no NUL bytes appear in buffer.
  * Return -errno on I/O error, 0 if option was completely handled by
  * sending a reply about inconsistent lengths, or 1 on success. */
-static int nbd_opt_read(NBDClient *client, void *buffer, size_t size,
-bool check_nul, Error **errp)
+static coroutine_fn int
+nbd_opt_read(NBDClient *client, void *buffer, size_t size,
+ bool check_nul, Error **errp)
 {
 if (size > client->optlen) {
 return nbd_opt_invalid(client, errp,
@@ -343,7 +345,8 @@ static int nbd_opt_read(NBDClient *client, void *buffer, 
size_t size,
 /* Drop size bytes from the unparsed payload of the current option.
  * Return -errno on I/O error, 0 if option was completely handled by
  * sending a reply about inconsistent lengths, or 1 on success. */
-static int nbd_opt_skip(NBDClient *client, size_t size, Error **errp)
+static coroutine_fn int
+nbd_opt_skip(NBDClient *client, size_t size, Error **errp)
 {
 if (size > client->optlen) {
 return nbd_opt_invalid(client, errp,
@@ -366,8 +369,9 @@ static int nbd_opt_skip(NBDClient *client, size_t size, 
Error **errp)
  * Return -errno on I/O error, 0 if option was completely handled by
  * sending a reply about inconsistent lengths, or 1 on success.
  */
-static int nbd_opt_read_name(NBDClient *client, char **name, uint32_t *length,
- Error **errp)
+stati

[Stable-8.2.4 08/16] backends/cryptodev-builtin: Fix local_error leaks

[Michael Tokarev]

From: Li Zhijian 

It seems that this error does not need to be propagated to the upper,
directly output the error to avoid the leaks

Closes: https://gitlab.com/qemu-project/qemu/-/issues/2283
Fixes: 2fda101de07 ("virtio-crypto: Support asynchronous mode")
Signed-off-by: Li Zhijian 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: zhenwei pi 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
(cherry picked from commit 06479dbf3d7d245572c4b3016e5a1d923ff04d66)
Signed-off-by: Michael Tokarev 

diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
index a514bbb310..940104ee55 100644
--- a/backends/cryptodev-builtin.c
+++ b/backends/cryptodev-builtin.c
@@ -23,6 +23,7 @@
 
 #include "qemu/osdep.h"
 #include "sysemu/cryptodev.h"
+#include "qemu/error-report.h"
 #include "qapi/error.h"
 #include "standard-headers/linux/virtio_crypto.h"
 #include "crypto/cipher.h"
@@ -396,8 +397,8 @@ static int cryptodev_builtin_create_session(
 case VIRTIO_CRYPTO_HASH_CREATE_SESSION:
 case VIRTIO_CRYPTO_MAC_CREATE_SESSION:
 default:
-error_setg(_error, "Unsupported opcode :%" PRIu32 "",
-   sess_info->op_code);
+error_report("Unsupported opcode :%" PRIu32 "",
+ sess_info->op_code);
 return -VIRTIO_CRYPTO_NOTSUPP;
 }
 
@@ -554,8 +555,8 @@ static int cryptodev_builtin_operation(
 
 if (op_info->session_id >= MAX_NUM_SESSIONS ||
   builtin->sessions[op_info->session_id] == NULL) {
-error_setg(_error, "Cannot find a valid session id: %" PRIu64 "",
-   op_info->session_id);
+error_report("Cannot find a valid session id: %" PRIu64 "",
+ op_info->session_id);
 return -VIRTIO_CRYPTO_INVSESS;
 }
 
-- 
2.39.2

[Stable-8.2.4 15/16] target/sh4: Fix ADDV opcode

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

The documentation says:

  ADDV Rm, RnRn + Rm -> Rn, overflow -> T

But QEMU implementation was:

  ADDV Rm, RnRn + Rm -> Rm, overflow -> T

Fix by filling the correct Rm register.

Add tests provided by Paul Cercueil.

Cc: qemu-sta...@nongnu.org
Fixes: ad8d25a11f ("target-sh4: implement addv and subv using TCG")
Reported-by: Paul Cercueil 
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2317
Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Message-Id: <20240430163125.77430-2-phi...@linaro.org>
(cherry picked from commit c365e6b0705788866a65e7b8206bd4c5332595cd)
Signed-off-by: Michael Tokarev 

diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index 5aa10d3946..d8dcfc3a20 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -715,7 +715,7 @@ static void _decode_opc(DisasContext * ctx)
 tcg_gen_xor_i32(t2, REG(B7_4), REG(B11_8));
 tcg_gen_andc_i32(cpu_sr_t, t1, t2);
 tcg_gen_shri_i32(cpu_sr_t, cpu_sr_t, 31);
-tcg_gen_mov_i32(REG(B7_4), t0);
+tcg_gen_mov_i32(REG(B11_8), t0);
 }
 return;
 case 0x2009: /* and Rm,Rn */
diff --git a/tests/tcg/sh4/Makefile.target b/tests/tcg/sh4/Makefile.target
index c3d7fa86e3..39751c41b2 100644
--- a/tests/tcg/sh4/Makefile.target
+++ b/tests/tcg/sh4/Makefile.target
@@ -20,3 +20,6 @@ TESTS += test-macl
 
 test-macw: CFLAGS += -O -g
 TESTS += test-macw
+
+test-addv: CFLAGS += -O -g
+TESTS += test-addv
diff --git a/tests/tcg/sh4/test-addv.c b/tests/tcg/sh4/test-addv.c
new file mode 100644
index 00..ca87fe746a
--- /dev/null
+++ b/tests/tcg/sh4/test-addv.c
@@ -0,0 +1,27 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+
+#include 
+#include 
+#include 
+
+static void addv(const int a, const int b, const int res, const int carry)
+{
+int o = a, c;
+
+asm volatile("addv %2,%0\n"
+ "movt %1\n"
+ : "+r"(o), "=r"(c) : "r"(b) : );
+
+if (c != carry || o != res) {
+printf("ADDV %d, %d = %d/%d [T = %d/%d]\n", a, b, o, res, c, carry);
+abort();
+}
+}
+
+int main(void)
+{
+addv(INT_MAX, 1, INT_MIN, 1);
+addv(INT_MAX - 1, 1, INT_MAX, 0);
+
+return 0;
+}
-- 
2.39.2

[Stable-8.2.4 05/16] linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY

[Michael Tokarev]

This setsockopt accepts zero-lengh optlen (current qemu implementation
does not allow this).  Also, there's no need to make a copy of the key,
it is enough to use lock_user() (which accepts zero length already).

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2197
Fixes: f312fc "linux-user: Add support for setsockopt() option SOL_ALG"
Signed-off-by: Michael Tokarev 
Message-Id: <20240331100737.2724186-2-...@tls.msk.ru>
Signed-off-by: Richard Henderson 
(cherry picked from commit 04f6fb897a5aeb3e356a7b889869c9962f9c16c7)
Signed-off-by: Michael Tokarev 

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 11c75e3b4e..2b1a3ee094 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2277,18 +2277,13 @@ static abi_long do_setsockopt(int sockfd, int level, 
int optname,
 switch (optname) {
 case ALG_SET_KEY:
 {
-char *alg_key = g_malloc(optlen);
-
+char *alg_key = lock_user(VERIFY_READ, optval_addr, optlen, 1);
 if (!alg_key) {
-return -TARGET_ENOMEM;
-}
-if (copy_from_user(alg_key, optval_addr, optlen)) {
-g_free(alg_key);
 return -TARGET_EFAULT;
 }
 ret = get_errno(setsockopt(sockfd, level, optname,
alg_key, optlen));
-g_free(alg_key);
+unlock_user(alg_key, optval_addr, optlen);
 break;
 }
 case ALG_SET_AEAD_AUTHSIZE:
-- 
2.39.2

[Stable-8.2.4 16/16] target/sh4: Fix SUBV opcode

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

The documentation says:

  SUBV Rm, RnRn - Rm -> Rn, underflow -> T

The overflow / underflow can be calculated as:

  T = ((Rn ^ Rm) & (Result ^ Rn)) >> 31

However we were using the incorrect:

  T = ((Rn ^ Rm) & (Result ^ Rm)) >> 31

Fix by using the Rn register instead of Rm.

Add tests provided by Paul Cercueil.

Cc: qemu-sta...@nongnu.org
Fixes: ad8d25a11f ("target-sh4: implement addv and subv using TCG")
Reported-by: Paul Cercueil 
Suggested-by: Paul Cercueil 
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2318
Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Yoshinori Sato 
Message-Id: <20240430163125.77430-3-phi...@linaro.org>
(cherry picked from commit e88a856efd1d3c3ffa8e53da4831eff8da290808)
Signed-off-by: Michael Tokarev 

diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index d8dcfc3a20..5c0a4cce7a 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -934,7 +934,7 @@ static void _decode_opc(DisasContext * ctx)
 t0 = tcg_temp_new();
 tcg_gen_sub_i32(t0, REG(B11_8), REG(B7_4));
 t1 = tcg_temp_new();
-tcg_gen_xor_i32(t1, t0, REG(B7_4));
+tcg_gen_xor_i32(t1, t0, REG(B11_8));
 t2 = tcg_temp_new();
 tcg_gen_xor_i32(t2, REG(B11_8), REG(B7_4));
 tcg_gen_and_i32(t1, t1, t2);
diff --git a/tests/tcg/sh4/Makefile.target b/tests/tcg/sh4/Makefile.target
index 39751c41b2..a523a0d2c8 100644
--- a/tests/tcg/sh4/Makefile.target
+++ b/tests/tcg/sh4/Makefile.target
@@ -23,3 +23,6 @@ TESTS += test-macw
 
 test-addv: CFLAGS += -O -g
 TESTS += test-addv
+
+test-subv: CFLAGS += -O -g
+TESTS += test-subv
diff --git a/tests/tcg/sh4/test-subv.c b/tests/tcg/sh4/test-subv.c
new file mode 100644
index 00..a3c2db96e4
--- /dev/null
+++ b/tests/tcg/sh4/test-subv.c
@@ -0,0 +1,30 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+
+#include 
+#include 
+#include 
+
+static void subv(const int a, const int b, const int res, const int carry)
+{
+int o = a, c;
+
+asm volatile("subv %2,%0\n"
+ "movt %1\n"
+ : "+r"(o), "=r"(c) : "r"(b) : );
+
+if (c != carry || o != res) {
+printf("SUBV %d, %d = %d/%d [T = %d/%d]\n", a, b, o, res, c, carry);
+abort();
+}
+}
+
+int main(void)
+{
+subv(INT_MIN, 1, INT_MAX, 1);
+subv(INT_MAX, -1, INT_MIN, 1);
+subv(INT_MAX, 1, INT_MAX - 1, 0);
+subv(0, 1, -1, 0);
+subv(-1, -1, 0, 0);
+
+return 0;
+}
-- 
2.39.2

[Stable-8.2.4 00/16] Patch Round-up for stable 8.2.4 (planned for 2024-05-12)

[Michael Tokarev]

The following patches are queued for QEMU stable v8.2.4:

  https://gitlab.com/qemu-project/qemu/-/commits/staging-8.2

The release is planned for 2024-05-12, to address a few issues
encountered with v8.2.3 release, - a bit wrong tarball with some
replication hiccups in the CDN behind download.qemu.org, and a
build failure on riscv. The planning page:

  https://wiki.qemu.org/Planning/8.2

Please respond here or CC qemu-sta...@nongnu.org on any additional patches
you think should (or shouldn't) be included in the release.

The changes which are staging for inclusion, with the original commit hash
from master branch, are given below the bottom line.

Thanks!

/mjt

--
01 49c211ffca00 Daniel Henrique Barboza:
   target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32
02 450bd6618fda Daniel Henrique Barboza:
   target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64
03 10f86d1b8450 Daniel Henrique Barboza:
   target/riscv/kvm: change timer regs size to u64
04 2cc637f1ea08 Li Zhijian:
   migration/colo: Fix bdrv_graph_rdlock_main_loop: Assertion 
   `!qemu_in_coroutine()' failed.
05 04f6fb897a5a Michael Tokarev:
   linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY
06 ae6d91a7e9b7 Zhu Yangyang:
   nbd/server: do not poll within a coroutine context
07 4fa333e08dd9 Eric Blake:
   nbd/server: Mark negotiation functions as coroutine_fn
08 06479dbf3d7d Li Zhijian:
   backends/cryptodev-builtin: Fix local_error leaks
09 0cbb322f70e8 Michael Tokarev:
   target/loongarch/cpu.c: typo fix: expection
10 dcc5c018c7e6 Peter Maydell:
   tests/avocado: update sunxi kernel from armbian to 6.6.16
11 a88a04906b96 Thomas Huth:
   .gitlab-ci.d/cirrus.yml: Shorten the runtime of the macOS and FreeBSD jobs
12 f2c8aeb1afef Jeuk Kim:
   hw/ufs: Fix buffer overflow bug
13 4b00855f0ee2 Alexandra Diupina:
   hw/dmax/xlnx_dpdma: fix handling of address_extension descriptor fields
14 eb656a60fd93 Philippe Mathieu-Daudé:
   hw/arm/npcm7xx: Store derivative OTP fuse key in little endian
15 c365e6b07057 Philippe Mathieu-Daudé:
   target/sh4: Fix ADDV opcode
16 e88a856efd1d Philippe Mathieu-Daudé:
   target/sh4: Fix SUBV opcode

[Stable-8.2.4 03/16] target/riscv/kvm: change timer regs size to u64

[Michael Tokarev]

From: Daniel Henrique Barboza 

KVM_REG_RISCV_TIMER regs are always u64 according to the KVM API, but at
this moment we'll return u32 regs if we're running a RISCV32 target.

Use the kvm_riscv_reg_id_u64() helper in RISCV_TIMER_REG() to fix it.

Reported-by: Andrew Jones 
Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Andrew Jones 
Message-ID: <20231208183835.2411523-4-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
(cherry picked from commit 10f86d1b845087d14b58d65dd2a6e3411d1b6529)
Signed-off-by: Michael Tokarev 

diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
index 82ed4455a5..ddbe820e10 100644
--- a/target/riscv/kvm/kvm-cpu.c
+++ b/target/riscv/kvm/kvm-cpu.c
@@ -88,7 +88,7 @@ static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t 
idx)
 #define RISCV_CSR_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_CSR, \
  KVM_REG_RISCV_CSR_REG(name))
 
-#define RISCV_TIMER_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, 
\
+#define RISCV_TIMER_REG(name)  kvm_riscv_reg_id_u64(KVM_REG_RISCV_TIMER, \
  KVM_REG_RISCV_TIMER_REG(name))
 
 #define RISCV_FP_F_REG(idx)  kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx)
@@ -111,17 +111,17 @@ static uint64_t kvm_riscv_reg_id_u64(uint64_t type, 
uint64_t idx)
 } \
 } while (0)
 
-#define KVM_RISCV_GET_TIMER(cs, env, name, reg) \
+#define KVM_RISCV_GET_TIMER(cs, name, reg) \
 do { \
-int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(env, name), ); \
+int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(name), ); \
 if (ret) { \
 abort(); \
 } \
 } while (0)
 
-#define KVM_RISCV_SET_TIMER(cs, env, name, reg) \
+#define KVM_RISCV_SET_TIMER(cs, name, reg) \
 do { \
-int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(env, name), ); \
+int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(name), ); \
 if (ret) { \
 abort(); \
 } \
@@ -649,10 +649,10 @@ static void kvm_riscv_get_regs_timer(CPUState *cs)
 return;
 }
 
-KVM_RISCV_GET_TIMER(cs, env, time, env->kvm_timer_time);
-KVM_RISCV_GET_TIMER(cs, env, compare, env->kvm_timer_compare);
-KVM_RISCV_GET_TIMER(cs, env, state, env->kvm_timer_state);
-KVM_RISCV_GET_TIMER(cs, env, frequency, env->kvm_timer_frequency);
+KVM_RISCV_GET_TIMER(cs, time, env->kvm_timer_time);
+KVM_RISCV_GET_TIMER(cs, compare, env->kvm_timer_compare);
+KVM_RISCV_GET_TIMER(cs, state, env->kvm_timer_state);
+KVM_RISCV_GET_TIMER(cs, frequency, env->kvm_timer_frequency);
 
 env->kvm_timer_dirty = true;
 }
@@ -666,8 +666,8 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
 return;
 }
 
-KVM_RISCV_SET_TIMER(cs, env, time, env->kvm_timer_time);
-KVM_RISCV_SET_TIMER(cs, env, compare, env->kvm_timer_compare);
+KVM_RISCV_SET_TIMER(cs, time, env->kvm_timer_time);
+KVM_RISCV_SET_TIMER(cs, compare, env->kvm_timer_compare);
 
 /*
  * To set register of RISCV_TIMER_REG(state) will occur a error from KVM
@@ -676,7 +676,7 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
  * TODO If KVM changes, adapt here.
  */
 if (env->kvm_timer_state) {
-KVM_RISCV_SET_TIMER(cs, env, state, env->kvm_timer_state);
+KVM_RISCV_SET_TIMER(cs, state, env->kvm_timer_state);
 }
 
 /*
@@ -685,7 +685,7 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
  * during the migration.
  */
 if (migration_is_running(migrate_get_current()->state)) {
-KVM_RISCV_GET_TIMER(cs, env, frequency, reg);
+KVM_RISCV_GET_TIMER(cs, frequency, reg);
 if (reg != env->kvm_timer_frequency) {
 error_report("Dst Hosts timer frequency != Src Hosts");
 }
-- 
2.39.2

[Stable-8.2.4 02/16] target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64

[Michael Tokarev]

From: Daniel Henrique Barboza 

KVM_REG_RISCV_FP_D regs are always u64 size. Using kvm_riscv_reg_id() in
RISCV_FP_D_REG() ends up encoding the wrong size if we're running with
TARGET_RISCV32.

Create a new helper that returns a KVM ID with u64 size and use it with
RISCV_FP_D_REG().

Reported-by: Andrew Jones 
Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Andrew Jones 
Message-ID: <20231208183835.2411523-3-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis 
(cherry picked from commit 450bd6618fda3d2e2ab02b2fce1c79efd5b66084)
Signed-off-by: Michael Tokarev 

diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
index 2eef2be86a..82ed4455a5 100644
--- a/target/riscv/kvm/kvm-cpu.c
+++ b/target/riscv/kvm/kvm-cpu.c
@@ -77,6 +77,11 @@ static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t 
idx)
 return KVM_REG_RISCV | KVM_REG_SIZE_U32 | type | idx;
 }
 
+static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx)
+{
+return KVM_REG_RISCV | KVM_REG_SIZE_U64 | type | idx;
+}
+
 #define RISCV_CORE_REG(env, name)  kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \
  KVM_REG_RISCV_CORE_REG(name))
 
@@ -88,7 +93,7 @@ static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t 
idx)
 
 #define RISCV_FP_F_REG(idx)  kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx)
 
-#define RISCV_FP_D_REG(env, idx)  kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, 
idx)
+#define RISCV_FP_D_REG(idx)  kvm_riscv_reg_id_u64(KVM_REG_RISCV_FP_D, idx)
 
 #define KVM_RISCV_GET_CSR(cs, env, csr, reg) \
 do { \
@@ -579,7 +584,7 @@ static int kvm_riscv_get_regs_fp(CPUState *cs)
 if (riscv_has_ext(env, RVD)) {
 uint64_t reg;
 for (i = 0; i < 32; i++) {
-ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(env, i), );
+ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(i), );
 if (ret) {
 return ret;
 }
@@ -613,7 +618,7 @@ static int kvm_riscv_put_regs_fp(CPUState *cs)
 uint64_t reg;
 for (i = 0; i < 32; i++) {
 reg = env->fpr[i];
-ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(env, i), );
+ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(i), );
 if (ret) {
 return ret;
 }
-- 
2.39.2

Re: [PULL 00/12] qemu-sparc queue 20240506

[Michael Tokarev]

06.05.2024 14:44, Mark Cave-Ayland wrote:


Mark Cave-Ayland (1):
   hw/sparc64: set iommu_platform=on for virtio devices attached to the 
sun4u machine

Richard Henderson (7):
   linux-user/sparc: Add more hwcap bits for sparc64
   target/sparc: Fix FEXPAND
   target/sparc: Fix FMUL8x16
   target/sparc: Fix FMUL8x16A{U,L}
   target/sparc: Fix FMULD8*X16
   target/sparc: Fix FPMERGE
   target/sparc: Split out do_ms16b


Should these "Fix" changes go to stable?


Thomas Huth (4):
   target/sparc/cpu: Rename the CPU models with a "+" in their names
   target/sparc/cpu: Avoid spaces by default in the CPU names
   docs/system/target-sparc: Improve the Sparc documentation
   docs/about: Deprecate the old "UltraSparc" CPU names that contain a "+"

Thanks,

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH for-9.0 v3 0/4] target/sh4: Fix mac.[lw]

[Michael Tokarev]

06.05.2024 15:38, Yoshinori Sato wrote:
[...]

Does this mean you changed it like this?
I think this is fine.


Yes, the main part is exactly like this, and there's no questions here.
My question was more about was the testsuite changes which comes with
the same patch, and parts of the Makefile there, which requires other
patches too, at least to apply more or less cleanly.

Thanks,

/mjt


index 7db3468b01..f3bf0fc50a 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -844,9 +844,9 @@ static void _decode_opc(DisasContext * ctx)
{
TCGv arg0, arg1;
arg0 = tcg_temp_new();
-tcg_gen_qemu_ld_i32(arg0, REG(B7_4), ctx->memidx, MO_TESL);
+tcg_gen_qemu_ld_i32(arg0, REG(B7_4), ctx->memidx, MO_TESW);
arg1 = tcg_temp_new();
-tcg_gen_qemu_ld_i32(arg1, REG(B11_8), ctx->memidx, MO_TESL);
+tcg_gen_qemu_ld_i32(arg1, REG(B11_8), ctx->memidx, MO_TESW);
  gen_helper_macw(cpu_env, arg0, arg1);
tcg_temp_free(arg1);
tcg_temp_free(arg0);



--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH] qemu-keymap: Free xkb allocations

[Michael Tokarev]

01.05.2024 10:55, Akihiko Odaki wrote:

This fixes LeakSanitizer complaints with xkbcommon 1.6.0.

Signed-off-by: Akihiko Odaki 
---
  qemu-keymap.c | 3 +++
  1 file changed, 3 insertions(+)

diff --git a/qemu-keymap.c b/qemu-keymap.c
index 8c80f7a4ed65..7a9f38cf9863 100644
--- a/qemu-keymap.c
+++ b/qemu-keymap.c
@@ -237,6 +237,9 @@ int main(int argc, char *argv[])
  xkb_state_unref(state);
  state = NULL;
  
+xkb_keymap_unref(map);

+xkb_context_unref(ctx);
+


I'd avoid freeing any resources in main() entirely,
since it's much cheaper to free whole process by the
kernel at exit time than to mess with each chunk of
allocated memory.  Dunno how useful it is to "fix"
these.

/mjt


  /* add quirks */
  fprintf(outfile,
  "\n"

---
base-commit: c25df57ae8f9fe1c72eee2dab37d76d904ac382e
change-id: 20240501-xkb-258483ccc5d8

Best regards,


--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH] Fixes: Indentation using TABs and improve formatting

[Michael Tokarev]

04.05.2024 21:58, Tanmay wrote:

Hi,

I have attached a patch file that fixes indentation and formatting for some files as listed in https://gitlab.com/qemu-project/qemu/-/issues/373 
.


it is sort of good you posted this patch to stable@.  It has absolutely nothing 
to do
with stable, but it serves as a an example of things which should - in my 
opinion -
not be done at all.  We had another similar change, 55339361276a "sh4: Coding 
style:
Remove tabs", which makes all further changes (fixes) in this area basically
non-back-portable to previous stable series.

FWIW,

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH for-9.0 v3 0/4] target/sh4: Fix mac.[lw]

[Michael Tokarev]

06.04.2024 08:37, Richard Henderson wrote:

Zack's recent patches, tidied a little bit, and with
test cases added.


These fixes ended up in stable-8.2, but not in stable-7.2.
This is because in 7.2, the context is a bit different.

Later, a couple other fixes in this area come from Philippe
(Fix ADDV & SUBV opcodes) which are easy to pick up but it
wants changes in tests/tcg/sh4/Makefile.target introduced
in this patchset.

b0f2f2976b "target/sh4: mac.w: memory accesses are 16-bit words"
also needs 03a0d87e8d "target/sh4: Use MO_ALIGN where required",
but this one, while simple, is a big one and doesn't apply to
7.2 directly in many places in target/sh4/translate.c, in parts
due to bebd5cb300 "target/sh4: Drop tcg_temp_free" (but can be
easily tweaked manually).

Or I can hand-apply b0f2f2976b (s/MO_TESL/MO_TESW) without
03a0d87e8d (add MO_ALIGN).

Does picking up this stuff for 7.2 make sense?

(Cc'ing Cole for general stable-7.2 feedback on redhat side).

Thanks,

/mjt


Richard Henderson (1):
   target/sh4: Merge mach and macl into a union

Zack Buhman (3):
   target/sh4: mac.w: memory accesses are 16-bit words
   target/sh4: Fix mac.l with saturation enabled
   target/sh4: Fix mac.w with saturation enabled

  target/sh4/cpu.h  | 14 ++--
  target/sh4/helper.h   |  4 +--
  target/sh4/op_helper.c| 51 +++---
  target/sh4/translate.c|  4 +--
  tests/tcg/sh4/test-macl.c | 67 +++
  tests/tcg/sh4/test-macw.c | 61 +++
  tests/tcg/sh4/Makefile.target |  8 +
  7 files changed, 182 insertions(+), 27 deletions(-)
  create mode 100644 tests/tcg/sh4/test-macl.c
  create mode 100644 tests/tcg/sh4/test-macw.c



--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

[PATCH v2] Re-enable riscv64-debian-cross-container (debian riscv64 is finally usable again!)

[Michael Tokarev]

Revert "gitlab-ci: Disable the riscv64-debian-cross-container by default"
This reverts commit f51f90c65ed7706c3c4f7a889ce3d6b7ab75ef6a.

riscv64 in debian has been non-functioning for almost a year, after the
architecture has been promoted to release architecture and all binary
packages started to be re-built, making the port not multi-arch-co-installable
for a long time (in debian, multi-arch packages must be of the same version,
but when a package is rebuilt on one architecture it gets a version bump too).
Later on, debiah had a long time64_t transition which made sid unusable for
quite some time too.  Both such events happens in debian very rarely (like,
once in 10 years or so - for example, previous big transition like that was
libc5 => libc6 transition).  Now both of these are finished (where qemu is
concerned anyway).

Hopefully debian unstable wont be very unstable.  At the very least it is
better to have sporadic CI failures here than no riscv64 coverage at all.

Signed-off-by: Michael Tokarev 
---
v2: drop a TODO comment which turned out to be confused, replacing it
 with the description why debian riscv64 were unusable.

 .gitlab-ci.d/container-cross.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
index e3103940a0..dbffed3f21 100644
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -77,7 +77,6 @@ riscv64-debian-cross-container:
   allow_failure: true
   variables:
 NAME: debian-riscv64-cross
-QEMU_JOB_OPTIONAL: 1
 
 s390x-debian-cross-container:
   extends: .container_job_template
-- 
2.39.2

Re: [PATCH] Re-enable riscv64-debian-cross-container (debian riscv64 is finally usable again!)

[Michael Tokarev]

02.05.2024 23:41, Richard Henderson wrote:

On 5/2/24 13:08, Michael Tokarev wrote:

This thing works now with sid/unstable, this is what this patch is about.


It worked when first introduced, then failed, then worked...
Sid is too unstable for our usage as a gating test.


unstable can be unstable at times.  Generally it works, and can fail
during short periods.

riscv64 didn't work since it got promoted to release arch last year, due
to non-working multiarch because many riscv64 packages in debian had
different version numbers compared to other architectures (due to rebuilds
of binaries).  Later on whole sid was broken by a large time64 transition
and a lot of breakages in this area.  This is now being completed and
is migrated to testing, which is finally available for riscv64 too as
a release arch.

I wouldn't switch to testing just yet, because at this point, unstable
will usually be more stable, or, rather, it will be broken for much
shorter periods of time than testing, due to migration delays.

It will take some more time for debian testing to become more or less
stable in this context.  But lack of riscv testing already cost me a
*stable* release which failed to *build* (8.2.3 fails to build on
riscv64).  So I think it is more important to run this job on sid
than not to run it at all.

Thanks,

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH] Re-enable riscv64-debian-cross-container (debian riscv64 is finally usable again!)

[Michael Tokarev]

02.05.2024 23:05, Richard Henderson wrote:

On 5/2/24 12:40, Michael Tokarev wrote:

Revert "gitlab-ci: Disable the riscv64-debian-cross-container by default"
This reverts commit f51f90c65ed7706c3c4f7a889ce3d6b7ab75ef6a.

Hopefully it wont be very unstable.

Since riscv64 is now a release architecture in debian, we can try switching
to debian testing instead of debian sid.  Also, debian-ports part of the
archive isn't needed anymore.


So... please update debian-riscv64-cross.docker.


debian-riscv64-cross.docker is generated by lcitool.
It looks like lcitool has to be updated for this.


Signed-off-by: Michael Tokarev 
---
  .gitlab-ci.d/container-cross.yml | 1 -
  1 file changed, 1 deletion(-)

diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
index e3103940a0..dbffed3f21 100644
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -77,7 +77,6 @@ riscv64-debian-cross-container:
    allow_failure: true
    variables:
  NAME: debian-riscv64-cross
-    QEMU_JOB_OPTIONAL: 1


But you can't do this until the above is done.


I don't see a reason why not.  Adding debian-ports archive does nothing
and doesn't hurt either.

Switching to testing is a different matter.

This thing works now with sid/unstable, this is what this patch is about.

Thanks,

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH] Re-enable riscv64-debian-cross-container (debian riscv64 is finally usable again!)

[Michael Tokarev]

https://gitlab.com/mjt0k/qemu/-/jobs/6768635797  fwiw.

/mjt
--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

[PATCH] Re-enable riscv64-debian-cross-container (debian riscv64 is finally usable again!)

[Michael Tokarev]

Revert "gitlab-ci: Disable the riscv64-debian-cross-container by default"
This reverts commit f51f90c65ed7706c3c4f7a889ce3d6b7ab75ef6a.

Hopefully it wont be very unstable.

Since riscv64 is now a release architecture in debian, we can try switching
to debian testing instead of debian sid.  Also, debian-ports part of the
archive isn't needed anymore.

Signed-off-by: Michael Tokarev 
---
 .gitlab-ci.d/container-cross.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
index e3103940a0..dbffed3f21 100644
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -77,7 +77,6 @@ riscv64-debian-cross-container:
   allow_failure: true
   variables:
 NAME: debian-riscv64-cross
-QEMU_JOB_OPTIONAL: 1
 
 s390x-debian-cross-container:
   extends: .container_job_template
-- 
2.39.2

[PULL v2 6/9] backends/cryptodev-builtin: Fix local_error leaks

[Michael Tokarev]

From: Li Zhijian 

It seems that this error does not need to be propagated to the upper,
directly output the error to avoid the leaks

Closes: https://gitlab.com/qemu-project/qemu/-/issues/2283
Fixes: 2fda101de07 ("virtio-crypto: Support asynchronous mode")
Signed-off-by: Li Zhijian 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: zhenwei pi 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 backends/cryptodev-builtin.c | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
index a514bbb310..940104ee55 100644
--- a/backends/cryptodev-builtin.c
+++ b/backends/cryptodev-builtin.c
@@ -23,6 +23,7 @@
 
 #include "qemu/osdep.h"
 #include "sysemu/cryptodev.h"
+#include "qemu/error-report.h"
 #include "qapi/error.h"
 #include "standard-headers/linux/virtio_crypto.h"
 #include "crypto/cipher.h"
@@ -396,8 +397,8 @@ static int cryptodev_builtin_create_session(
 case VIRTIO_CRYPTO_HASH_CREATE_SESSION:
 case VIRTIO_CRYPTO_MAC_CREATE_SESSION:
 default:
-error_setg(_error, "Unsupported opcode :%" PRIu32 "",
-   sess_info->op_code);
+error_report("Unsupported opcode :%" PRIu32 "",
+ sess_info->op_code);
 return -VIRTIO_CRYPTO_NOTSUPP;
 }
 
@@ -554,8 +555,8 @@ static int cryptodev_builtin_operation(
 
 if (op_info->session_id >= MAX_NUM_SESSIONS ||
   builtin->sessions[op_info->session_id] == NULL) {
-error_setg(_error, "Cannot find a valid session id: %" PRIu64 "",
-   op_info->session_id);
+error_report("Cannot find a valid session id: %" PRIu64 "",
+ op_info->session_id);
 return -VIRTIO_CRYPTO_INVSESS;
 }
 
-- 
2.39.2

[PULL v2 0/9] Trivial patches for 2024-04-29

[Michael Tokarev]

The following changes since commit fd87be1dada5672f877e03c2ca8504458292c479:

  Merge tag 'accel-20240426' of https://github.com/philmd/qemu into staging 
(2024-04-26 15:28:13 -0700)

are available in the Git repository at:

  https://gitlab.com/mjt0k/qemu.git tags/pull-trivial-patches

for you to fetch changes up to ce1992d45c875c29a9018b7ac2fa9bad6587c711:

  checkpatch.pl: forbid strerrorname_np() (2024-04-29 15:26:56 +0300)


trivial patches for 2024-04-29

v2: fix author of "backends/cryptodev-builtin: Fix local_error leaks"
(which should be catched now by checkpatch.pl additions in this series)
Only patch 6 is being resent.

Daniel Henrique Barboza (2):
  target/riscv/kvm: remove sneaky strerrorname_np() instance
  checkpatch.pl: forbid strerrorname_np()

Li Zhijian (1):
  backends/cryptodev-builtin: Fix local_error leaks

Michael Tokarev (1):
  target/loongarch/cpu.c: typo fix: expection

Philippe Mathieu-Daudé (2):
  scripts/checkpatch: Avoid author email mangled by qemu-*@nongnu.org
  scripts/checkpatch: Do not use mailmap

Thomas Huth (3):
  target/i386/cpu: Remove "x86" prefix from the CPU list
  target/s390x/cpu_models: Rework the output of "-cpu help"
  target/ppc/cpu_init: Remove "PowerPC" prefix from the CPU list

 backends/cryptodev-builtin.c |  9 +
 scripts/checkpatch.pl| 11 +++
 target/i386/cpu.c|  2 +-
 target/loongarch/cpu.c   |  2 +-
 target/ppc/cpu_init.c|  9 +
 target/riscv/kvm/kvm-cpu.c   |  4 ++--
 target/s390x/cpu_models.c|  9 +
 7 files changed, 26 insertions(+), 20 deletions(-)

Re: [PULL 1/1] hw/ufs: Fix buffer overflow bug

[Michael Tokarev]

29.04.2024 06:25, Jeuk Kim wrote:

From: Jeuk Kim 

It fixes the buffer overflow vulnerability in the ufs device.
The bug was detected by sanitizers.


...

Resolves: #2299
Fixes: 329f16624499 ("hw/ufs: Support for Query Transfer Requests")
Reported-by: Zheyu Ma 
Signed-off-by: Jeuk Kim 


Cc: qemu-stable@ for 8.2 and 9.0 series.

Please do not forget to Cc qemu-stable@ for relevant changes.

Thanks,

/mjt

[PULL 6/9] backends/cryptodev-builtin: Fix local_error leaks

[Michael Tokarev]

From: Li Zhijian via 

It seems that this error does not need to be propagated to the upper,
directly output the error to avoid the leaks

Closes: https://gitlab.com/qemu-project/qemu/-/issues/2283
Fixes: 2fda101de07 ("virtio-crypto: Support asynchronous mode")
Signed-off-by: Li Zhijian 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: zhenwei pi 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 backends/cryptodev-builtin.c | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
index a514bbb310..940104ee55 100644
--- a/backends/cryptodev-builtin.c
+++ b/backends/cryptodev-builtin.c
@@ -23,6 +23,7 @@
 
 #include "qemu/osdep.h"
 #include "sysemu/cryptodev.h"
+#include "qemu/error-report.h"
 #include "qapi/error.h"
 #include "standard-headers/linux/virtio_crypto.h"
 #include "crypto/cipher.h"
@@ -396,8 +397,8 @@ static int cryptodev_builtin_create_session(
 case VIRTIO_CRYPTO_HASH_CREATE_SESSION:
 case VIRTIO_CRYPTO_MAC_CREATE_SESSION:
 default:
-error_setg(_error, "Unsupported opcode :%" PRIu32 "",
-   sess_info->op_code);
+error_report("Unsupported opcode :%" PRIu32 "",
+ sess_info->op_code);
 return -VIRTIO_CRYPTO_NOTSUPP;
 }
 
@@ -554,8 +555,8 @@ static int cryptodev_builtin_operation(
 
 if (op_info->session_id >= MAX_NUM_SESSIONS ||
   builtin->sessions[op_info->session_id] == NULL) {
-error_setg(_error, "Cannot find a valid session id: %" PRIu64 "",
-   op_info->session_id);
+error_report("Cannot find a valid session id: %" PRIu64 "",
+ op_info->session_id);
 return -VIRTIO_CRYPTO_INVSESS;
 }
 
-- 
2.39.2

[PULL 4/9] scripts/checkpatch: Avoid author email mangled by qemu-*@nongnu.org

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Commit f5177798d8 ("scripts: report on author emails
that are mangled by the mailing list") added a check
for qemu-devel@ list, extend the regexp to cover more
such qemu-trivial@, qemu-block@ and qemu-ppc@.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 scripts/checkpatch.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 7026895074..12e9028b10 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -1573,7 +1573,7 @@ sub process {
$is_patch = 1;
}
 
-   if ($line =~ /^(Author|From): .* via 
.*/) {
+   if ($line =~ /^(Author|From): .* via 
.*/) {
ERROR("Author email address is mangled by the mailing 
list\n" . $herecurr);
}
 
-- 
2.39.2

[PULL 0/9] Trivial patches for 2024-04-29

[Michael Tokarev]

The following changes since commit fd87be1dada5672f877e03c2ca8504458292c479:

  Merge tag 'accel-20240426' of https://github.com/philmd/qemu into staging 
(2024-04-26 15:28:13 -0700)

are available in the Git repository at:

  https://gitlab.com/mjt0k/qemu.git tags/pull-trivial-patches

for you to fetch changes up to d2f20c25281908a07bcb8c3dea8292abf68e5c8b:

  checkpatch.pl: forbid strerrorname_np() (2024-04-29 09:37:26 +0300)


trivial patches for 2024-04-29


Daniel Henrique Barboza (2):
  target/riscv/kvm: remove sneaky strerrorname_np() instance
  checkpatch.pl: forbid strerrorname_np()

Li Zhijian via (1):
  backends/cryptodev-builtin: Fix local_error leaks

Michael Tokarev (1):
  target/loongarch/cpu.c: typo fix: expection

Philippe Mathieu-Daudé (2):
  scripts/checkpatch: Avoid author email mangled by qemu-*@nongnu.org
  scripts/checkpatch: Do not use mailmap

Thomas Huth (3):
  target/i386/cpu: Remove "x86" prefix from the CPU list
  target/s390x/cpu_models: Rework the output of "-cpu help"
  target/ppc/cpu_init: Remove "PowerPC" prefix from the CPU list

 backends/cryptodev-builtin.c |  9 +
 scripts/checkpatch.pl| 11 +++
 target/i386/cpu.c|  2 +-
 target/loongarch/cpu.c   |  2 +-
 target/ppc/cpu_init.c|  9 +
 target/riscv/kvm/kvm-cpu.c   |  4 ++--
 target/s390x/cpu_models.c|  9 +
 7 files changed, 26 insertions(+), 20 deletions(-)

[PULL 2/9] target/s390x/cpu_models: Rework the output of "-cpu help"

[Michael Tokarev]

From: Thomas Huth 

Printing an "s390x" in front of each CPU name is not helpful at all:
It is confusing for the users since they don't know whether they
have to specify these letters for the "-cpu" parameter, too, and
it also takes some precious space in the dense output of the CPU
entries. Let's simply remove this now!

While we're at it, use two spaces at the beginning of the lines for
the indentation of the entries, and add a "Available CPUs" in the
very first line, like most other target architectures are doing it
for their "-cpu help" output already.

Signed-off-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 target/s390x/cpu_models.c | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 8ed3bb6a27..58c58f05a0 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -355,9 +355,9 @@ static void s390_print_cpu_model_list_entry(gpointer data, 
gpointer user_data)
 /* strip off the -s390x-cpu */
 g_strrstr(name, "-" TYPE_S390_CPU)[0] = 0;
 if (details->len) {
-qemu_printf("s390 %-15s %-35s (%s)\n", name, scc->desc, details->str);
+qemu_printf("  %-15s %-35s (%s)\n", name, scc->desc, details->str);
 } else {
-qemu_printf("s390 %-15s %-35s\n", name, scc->desc);
+qemu_printf("  %-15s %-35s\n", name, scc->desc);
 }
 g_free(name);
 }
@@ -402,6 +402,7 @@ void s390_cpu_list(void)
 S390Feat feat;
 GSList *list;
 
+qemu_printf("Available CPUs:\n");
 list = object_class_get_list(TYPE_S390_CPU, false);
 list = g_slist_sort(list, s390_cpu_list_compare);
 g_slist_foreach(list, s390_print_cpu_model_list_entry, NULL);
@@ -411,14 +412,14 @@ void s390_cpu_list(void)
 for (feat = 0; feat < S390_FEAT_MAX; feat++) {
 const S390FeatDef *def = s390_feat_def(feat);
 
-qemu_printf("%-20s %s\n", def->name, def->desc);
+qemu_printf("  %-20s %s\n", def->name, def->desc);
 }
 
 qemu_printf("\nRecognized feature groups:\n");
 for (group = 0; group < S390_FEAT_GROUP_MAX; group++) {
 const S390FeatGroupDef *def = s390_feat_group_def(group);
 
-qemu_printf("%-20s %s\n", def->name, def->desc);
+qemu_printf("  %-20s %s\n", def->name, def->desc);
 }
 }
 
-- 
2.39.2

[PULL 9/9] checkpatch.pl: forbid strerrorname_np()

[Michael Tokarev]

From: Daniel Henrique Barboza 

Commit d424db2354 removed an instance of strerrorname_np() because it
was breaking building with musl libc. A recent RISC-V patch ended up
re-introducing it again by accident.

Put this function in the baddies list in checkpatch.pl to avoid this
situation again. This is what it will look like next time:

 $ ./scripts/checkpatch.pl 0001-temp-test.patch
 ERROR: use strerror() instead of strerrorname_np()
 #22: FILE: target/riscv/kvm/kvm-cpu.c:1058:
 + strerrorname_np(errno));

 total: 1 errors, 0 warnings, 10 lines checked

Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 scripts/checkpatch.pl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 76a0b79266..ff373a7083 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -3078,6 +3078,9 @@ sub process {
if ($line =~ /\b(g_)?assert\(0\)/) {
ERROR("use g_assert_not_reached() instead of 
assert(0)\n" . $herecurr);
}
+   if ($line =~ /\bstrerrorname_np\(/) {
+   ERROR("use strerror() instead of strerrorname_np()\n" . 
$herecurr);
+   }
my $non_exit_glib_asserts = qr{g_assert_cmpstr|
g_assert_cmpint|
g_assert_cmpuint|
-- 
2.39.2

[PULL 5/9] scripts/checkpatch: Do not use mailmap

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

The .mailmap file fixes mistake we already did.
Do not use it when running checkpatch.pl, otherwise
we might commit the very same mistakes.

Reported-by: Peter Maydell 
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 scripts/checkpatch.pl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 12e9028b10..76a0b79266 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -435,8 +435,8 @@ if ($chk_branch) {
my @patches;
my %git_commits = ();
my $HASH;
-   open($HASH, "-|", "git", "log", "--reverse", "--no-merges", 
"--format=%H %s", $ARGV[0]) ||
-   die "$P: git log --reverse --no-merges --format='%H %s' 
$ARGV[0] failed - $!\n";
+   open($HASH, "-|", "git", "log", "--reverse", "--no-merges", 
"--no-mailmap", "--format=%H %s", $ARGV[0]) ||
+   die "$P: git log --reverse --no-merges --no-mailmap 
--format='%H %s' $ARGV[0] failed - $!\n";
 
for my $line (<$HASH>) {
$line =~ /^([0-9a-fA-F]{40,40}) (.*)$/;
@@ -460,7 +460,7 @@ if ($chk_branch) {
  "-c", "diff.renamelimit=0",
  "-c", "diff.renames=True",
  "-c", "diff.algorithm=histogram",
- "show",
+ "show", "--no-mailmap",
  "--patch-with-stat", $hash) ||
die "$P: git show $hash - $!\n";
while (<$FILE>) {
-- 
2.39.2

[PULL 1/9] target/i386/cpu: Remove "x86" prefix from the CPU list

[Michael Tokarev]

From: Thomas Huth 

Printing an "x86" in front of each CPU name is not helpful at all:
It is confusing for the users since they don't know whether they
have to specify these letters for the "-cpu" parameter, too, and
it also takes some precious space in the dense output of the CPU
entries. Let's simply remove this now and use two spaces at the
beginning of the lines for the indentation of the entries instead,
like most other target architectures are doing it for their CPU help
output already.

Signed-off-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 target/i386/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index fa1ea3735d..aa3b2d8391 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5708,7 +5708,7 @@ static void x86_cpu_list_entry(gpointer data, gpointer 
user_data)
 desc = g_strdup_printf("%s (deprecated)", olddesc);
 }
 
-qemu_printf("x86 %-20s  %s\n", name, desc);
+qemu_printf("  %-20s  %s\n", name, desc);
 }
 
 /* list available CPU models and flags */
-- 
2.39.2

[PULL 8/9] target/riscv/kvm: remove sneaky strerrorname_np() instance

[Michael Tokarev]

From: Daniel Henrique Barboza 

Commit d424db2354 excluded some strerrorname_np() instances because they
break musl libc builds. Another instance happened to slip by via commit
d4ff3da8f4.

Remove it before it causes trouble again.

Fixes: d4ff3da8f4 (target/riscv/kvm: initialize 'vlenb' via get-reg-list)
Signed-off-by: Daniel Henrique Barboza 
Reviewed-by: Thomas Huth 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 target/riscv/kvm/kvm-cpu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
index 49d2f3ad58..eaa36121c7 100644
--- a/target/riscv/kvm/kvm-cpu.c
+++ b/target/riscv/kvm/kvm-cpu.c
@@ -1054,8 +1054,8 @@ static void kvm_riscv_read_vlenb(RISCVCPU *cpu, 
KVMScratchCPU *kvmcpu,
 
 ret = ioctl(kvmcpu->cpufd, KVM_GET_ONE_REG, );
 if (ret != 0) {
-error_report("Unable to read vlenb register, error code: %s",
- strerrorname_np(errno));
+error_report("Unable to read vlenb register, error code: %d",
+ errno);
 exit(EXIT_FAILURE);
 }
 
-- 
2.39.2

[PULL 3/9] target/ppc/cpu_init: Remove "PowerPC" prefix from the CPU list

[Michael Tokarev]

From: Thomas Huth 

Printing a "PowerPC" in front of each CPU name is not helpful at all:
It is confusing for the users since they don't know whether they
have to specify these letters for the "-cpu" parameter, too, and
it also takes some precious space in the dense output of the CPU
entries. Let's simply remove this now and use two spaces at the
beginning of the lines for the indentation of the entries instead,
and add a "Available CPUs" in the very first line, like most other
target architectures are doing it for their CPU help output already.

Signed-off-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 target/ppc/cpu_init.c | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 6d82f24c87..c11a69fd90 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -7063,7 +7063,7 @@ static void ppc_cpu_list_entry(gpointer data, gpointer 
user_data)
 }
 
 name = cpu_model_from_type(typename);
-qemu_printf("PowerPC %-16s PVR %08x\n", name, pcc->pvr);
+qemu_printf("  %-16s PVR %08x\n", name, pcc->pvr);
 for (i = 0; ppc_cpu_aliases[i].alias != NULL; i++) {
 PowerPCCPUAlias *alias = _cpu_aliases[i];
 ObjectClass *alias_oc = ppc_cpu_class_by_name(alias->model);
@@ -7076,10 +7076,10 @@ static void ppc_cpu_list_entry(gpointer data, gpointer 
user_data)
  * avoid printing the wrong alias here and use "preferred" instead
  */
 if (strcmp(alias->alias, family->desc) == 0) {
-qemu_printf("PowerPC %-16s (alias for preferred %s CPU)\n",
+qemu_printf("  %-16s (alias for preferred %s CPU)\n",
 alias->alias, family->desc);
 } else {
-qemu_printf("PowerPC %-16s (alias for %s)\n",
+qemu_printf("  %-16s (alias for %s)\n",
 alias->alias, name);
 }
 }
@@ -7090,6 +7090,7 @@ void ppc_cpu_list(void)
 {
 GSList *list;
 
+qemu_printf("Available CPUs:\n");
 list = object_class_get_list(TYPE_POWERPC_CPU, false);
 list = g_slist_sort(list, ppc_cpu_list_compare);
 g_slist_foreach(list, ppc_cpu_list_entry, NULL);
@@ -7097,7 +7098,7 @@ void ppc_cpu_list(void)
 
 #ifdef CONFIG_KVM
 qemu_printf("\n");
-qemu_printf("PowerPC %s\n", "host");
+qemu_printf("  %s\n", "host");
 #endif
 }
 
-- 
2.39.2

[PULL 7/9] target/loongarch/cpu.c: typo fix: expection

[Michael Tokarev]

Fixes: 1590154ee437 ("target/loongarch: Fix qemu-system-loongarch64 assert 
failed with the option '-d int'")
Signed-off-by: Michael Tokarev 
Reviewed-by: Richard Henderson 
---
 target/loongarch/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index bac84dca7a..1ebba043f4 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -92,7 +92,7 @@ void G_NORETURN do_raise_exception(CPULoongArchState *env,
 {
 CPUState *cs = env_cpu(env);
 
-qemu_log_mask(CPU_LOG_INT, "%s: expection: %d (%s)\n",
+qemu_log_mask(CPU_LOG_INT, "%s: exception: %d (%s)\n",
   __func__,
   exception,
   loongarch_exception_name(exception));
-- 
2.39.2

Re: [PATCH v2] migration/colo: Fix bdrv_graph_rdlock_main_loop: Assertion `!qemu_in_coroutine()' failed.

[Michael Tokarev]

17.04.2024 05:56, Li Zhijian via wrote:

--- a/migration/colo.c
+++ b/migration/colo.c
@@ -835,6 +835,16 @@ static void *colo_process_incoming_thread(void *opaque)
  return NULL;
  }
  
+/* Make sure all file formats throw away their mutable metadata */

+bql_lock();
+bdrv_activate_all(_err);
+if (local_err) {
+bql_unlock();
+error_report_err(local_err);
+return NULL;
+}
+bql_unlock();

FWIW, this can be simplified as follows:

   bql_lock();
   bdrv_activate_all(_err);
   bql_unlock();
   if (local_err) {
error_report_err(local_err);
return NULL;
   }

(I know it is already too late)

/mjt

--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH v2] migration/colo: Fix bdrv_graph_rdlock_main_loop: Assertion `!qemu_in_coroutine()' failed.

[Michael Tokarev]

17.04.2024 05:56, Li Zhijian via wrote:

bdrv_activate_all() should not be called from the coroutine context, move
it to the QEMU thread colo_process_incoming_thread() with the bql_lock
protected.

The backtrace is as follows:
  #4  0x561af7948362 in bdrv_graph_rdlock_main_loop () at 
../block/graph-lock.c:260
  #5  0x561af7907a68 in graph_lockable_auto_lock_mainloop 
(x=0x7fd29810be7b) at /patch/to/qemu/include/block/graph-lock.h:259
  #6  0x561af79167d1 in bdrv_activate_all (errp=0x7fd29810bed0) at 
../block.c:6906
  #7  0x561af762b4af in colo_incoming_co () at ../migration/colo.c:935
  #8  0x561af7607e57 in process_incoming_migration_co (opaque=0x0) at 
../migration/migration.c:793
  #9  0x561af7adbeeb in coroutine_trampoline (i0=-106876144, i1=22042) at 
../util/coroutine-ucontext.c:175
  #10 0x7fd2a5cf21c0 in  () at /lib64/libc.so.6

CC: Fabiano Rosas 
Closes: https://gitlab.com/qemu-project/qemu/-/issues/2277
Fixes: 2b3912f135 ("block: Mark bdrv_first_blk() and bdrv_is_root_node() 
GRAPH_RDLOCK")
Signed-off-by: Li Zhijian 


Commit 2b3912f135 is in 8.2 (v8.1.0-1575-g2b3912f135).  Is this fix supposed to 
go
to stable-8.2 series?  The prob here is that in 8.2, there's no bql_lock/unlock.
I guess it should use qemu_mutex_lock_iothread() instead, for before
195801d700c008 "system/cpus: rename qemu_mutex_lock_iothread() to bql_lock()".

Thanks,

/mjt


diff --git a/migration/colo.c b/migration/colo.c
index 84632a603e..5600a43d78 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -835,6 +835,16 @@ static void *colo_process_incoming_thread(void *opaque)
  return NULL;
  }
  
+/* Make sure all file formats throw away their mutable metadata */

+bql_lock();
+bdrv_activate_all(_err);
+if (local_err) {
+bql_unlock();
+error_report_err(local_err);
+return NULL;
+}
+bql_unlock();
+
  failover_init_state();
  
  mis->to_src_file = qemu_file_get_return_path(mis->from_src_file);

@@ -922,7 +932,6 @@ out:
  int coroutine_fn colo_incoming_co(void)
  {
  MigrationIncomingState *mis = migration_incoming_get_current();
-Error *local_err = NULL;
  QemuThread th;
  
  assert(bql_locked());

@@ -931,13 +940,6 @@ int coroutine_fn colo_incoming_co(void)
  return 0;
  }
  
-/* Make sure all file formats throw away their mutable metadata */

-bdrv_activate_all(_err);
-if (local_err) {
-error_report_err(local_err);
-return -EINVAL;
-}
-
  qemu_thread_create(, "COLO incoming", colo_process_incoming_thread,
 mis, QEMU_THREAD_JOINABLE);
  


--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH v2 1/1] target/riscv/kvm: fix timebase-frequency when using KVM acceleration

[Michael Tokarev]

27.04.2024 18:17, Andrew Jones :

I wrote instructions [2] for how to cross-compile without a full 
environment/container once. It might be better for quick, local testing.

[2] 
https://lore.kernel.org/qemu-riscv/20230726120706.335340-2-ajo...@ventanamicro.com/


I just extracted a few packages from debian riscv64 (like libglib & deps)
in a separate dir and pointed various tools (pkgconf, gcc -I, gcc -L) to
that dir.



49c211ffca00fdf7c is also needed.  So it's 3 so far, still not compile-
tested.  Anything else?


Those 3, the first of the series [1], are good. Not sure why it's still not 
compiling.


Yes, I picked up these 3 I mentioned, in addition to the problematic one
which is part of 8.2.3.  Once I had the build environment, I tried compiling
it, and it builds fine.  I wrote it is not compile-TESTED, not as it fails
to compile.

Also, I tried to build qemu on a real riscv64 hardware (on a debian porterbox),
-- it built fine (with the 3 mentioned changes applied) and is now running
tests, but it looks like it will be fine too.


[1] https://lists.gnu.org/archive/html/qemu-devel/2023-12/msg01132.html


So yes, I'm picking these additional 3 from this set, - the ones which
I already mentioned.

Thanks,

/mjt


--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH v2 1/1] target/riscv/kvm: fix timebase-frequency when using KVM acceleration

[Michael Tokarev]

27.04.2024 09:59, Michael Tokarev wrote:

27.04.2024 09:23, Andrew Jones wrote:

...

It's possible to cross-compile qemu, so it'd be good to add that to the CI for 
riscv until we can add native compiling.


Yes, definitely.  Qemu is already being cross-compiled on all "other"
architectures during CI.  But it is also being *run*, not just compiled.
And this is what's broken on riscv64 for almost a year now, and this
job has been disabled.  Instead, the *run* part of this job needs to
be disabled, but *build* part should be kept.


Aha. I was wrong. And I was there before too, for sure, - just forgot
about it. In order to be cross-compiled, the cross-build environment
needs to have target -dev libraries, not only the cross-compiler.
And this is where debian riscv64 port is failing.

So no, it is not currently possible to cross-compile qemu at least
on debian without building whole cross-environment with all libraries
and other necessary stuff.

I'll try to use debian riscv64 porterbox to at least verify the new
set of patches we'll pick here to fix this breakage, at least compiles
on riscv64 :)


10f86d1b845087d1 isn't sufficient, since it relies on 450bd6618fda3d
"target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64".  In the same series
there also was 49c211ffca00fdf7c "target/riscv/kvm: change KVM_REG_RISCV_FP_F
to u32" - is it also needed?


49c211ffca00fdf7c is also needed.  So it's 3 so far, still not compile-
tested.  Anything else?

/mjt

Re: [PATCH v2 1/1] target/riscv/kvm: fix timebase-frequency when using KVM acceleration

[Michael Tokarev]

27.04.2024 09:23, Andrew Jones wrote:

On April 27, 2024 1:44:42 AM GMT+02:00, Michael Tokarev  wrote:

14.03.2024 09:15, Yong-Xuan Wang:

The timebase-frequency of guest OS should be the same with host
machine. The timebase-frequency value in DTS should be got from
hypervisor when using KVM acceleration.


This change ended up in stable-8.2 (v8.2.3).  Interestingly, this thing
compiled not even once, or else it would be obvious it fails to compile.
Somehow I was too used to CI, forgetting that we don't have riscv *host*
in CI (and I don't have one locally either).  So 8.2.3 is broken on
riscv64 *host*.


It's possible to cross-compile qemu, so it'd be good to add that to the CI for 
riscv until we can add native compiling.


Yes, definitely.  Qemu is already being cross-compiled on all "other"
architectures during CI.  But it is also being *run*, not just compiled.
And this is what's broken on riscv64 for almost a year now, and this
job has been disabled.  Instead, the *run* part of this job needs to
be disabled, but *build* part should be kept.


In 8.2, KVM_RISCV_GET_TIMER macro accepts 4 arguments, because it does
not have 10f86d1b845087d1 "target/riscv/kvm: change timer regs size to u64".

What do you think, should I revert this change for stable-8.2, or pick
10f86d1b845087d1 too, or change this commit (fix timebase-frequency) to
provide the missing argument for this macro?


Changing the timer regs to u64 is an rv32 fix, so it's reasonable to also pick 
it up. I suggest we keep this patch one way or another, though.


Okay, so I need help choosing which patches to pick.

10f86d1b845087d1 isn't sufficient, since it relies on 450bd6618fda3d
"target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64".  In the same series
there also was 49c211ffca00fdf7c "target/riscv/kvm: change KVM_REG_RISCV_FP_F
to u32" - is it also needed?

Please tell me the set of things I need for stable-8.2 here.  I'd
love to makes 8.2.4 release really soon, to fix this breakage.

Also, right now I don't know how to even compile-test it.  So meanwhile I'll
try to fix that and push this change to qemu master (to re-enable riscv64
CI job but only build part of it).  I don't have riscv hardware handy :)

Thanks,

/mjt

Re: [PATCH v2 1/1] target/riscv/kvm: fix timebase-frequency when using KVM acceleration

[Michael Tokarev]

14.03.2024 09:15, Yong-Xuan Wang:

The timebase-frequency of guest OS should be the same with host
machine. The timebase-frequency value in DTS should be got from
hypervisor when using KVM acceleration.


This change ended up in stable-8.2 (v8.2.3).  Interestingly, this thing
compiled not even once, or else it would be obvious it fails to compile.
Somehow I was too used to CI, forgetting that we don't have riscv *host*
in CI (and I don't have one locally either).  So 8.2.3 is broken on
riscv64 *host*.

In 8.2, KVM_RISCV_GET_TIMER macro accepts 4 arguments, because it does
not have 10f86d1b845087d1 "target/riscv/kvm: change timer regs size to u64".

What do you think, should I revert this change for stable-8.2, or pick
10f86d1b845087d1 too, or change this commit (fix timebase-frequency) to
provide the missing argument for this macro?

Thanks,

/mjt



Reviewed-by: Andrew Jones 
Signed-off-by: Yong-Xuan Wang 

---
Changelog
v2:
- update the function definition
- restructure if-else statement
---
  hw/riscv/virt.c  | 2 ++
  target/riscv/kvm/kvm-cpu.c   | 9 +
  target/riscv/kvm/kvm_riscv.h | 1 +
  3 files changed, 12 insertions(+)

diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index a094af97c32a..533b17799581 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -711,6 +711,8 @@ static void create_fdt_sockets(RISCVVirtState *s, const 
MemMapEntry *memmap,
  
  qemu_fdt_add_subnode(ms->fdt, "/cpus");

  qemu_fdt_setprop_cell(ms->fdt, "/cpus", "timebase-frequency",
+  kvm_enabled() ?
+  kvm_riscv_get_timebase_frequency(first_cpu) :
RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ);
  qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#size-cells", 0x0);
  qemu_fdt_setprop_cell(ms->fdt, "/cpus", "#address-cells", 0x1);
diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
index c7afdb1e81b7..bbb115eaa867 100644
--- a/target/riscv/kvm/kvm-cpu.c
+++ b/target/riscv/kvm/kvm-cpu.c
@@ -739,6 +739,15 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
  env->kvm_timer_dirty = false;
  }
  
+uint64_t kvm_riscv_get_timebase_frequency(CPUState *cs)

+{
+uint64_t reg;
+
+KVM_RISCV_GET_TIMER(cs, frequency, reg);
+
+return reg;
+}
+
  static int kvm_riscv_get_regs_vector(CPUState *cs)
  {
  RISCVCPU *cpu = RISCV_CPU(cs);
diff --git a/target/riscv/kvm/kvm_riscv.h b/target/riscv/kvm/kvm_riscv.h
index 4bd98fddc776..58518988681d 100644
--- a/target/riscv/kvm/kvm_riscv.h
+++ b/target/riscv/kvm/kvm_riscv.h
@@ -28,5 +28,6 @@ void kvm_riscv_aia_create(MachineState *machine, uint64_t 
group_shift,
  void riscv_kvm_aplic_request(void *opaque, int irq, int level);
  int kvm_riscv_sync_mpstate_to_kvm(RISCVCPU *cpu, int state);
  void riscv_kvm_cpu_finalize_features(RISCVCPU *cpu, Error **errp);
+uint64_t kvm_riscv_get_timebase_frequency(CPUState *cs);
  
  #endif


--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [ANNOUNCE] QEMU 8.2.3 Stable released

[Michael Tokarev]

24.04.2024 20:39, Michael Tokarev wrote:

Hi everyone,

The QEMU v8.2.3 stable release is now available.

You can grab the tarball from our download page here:

   https://www.qemu.org/download/#source

   https://download.qemu.org/qemu-8.2.3.tar.xz
   https://download.qemu.org/qemu-8.2.3.tar.xz.sig (signature)


There was an error when 8.2.3 tarball has been generated yesterday,
the initial tarball included subprojects/dtc/ directory with dtc
sources by mistake.  It now has been re-uploaded without this
directory (only dtc.wrap is needed in there).  Sorry for any
possible inconvenience.

/mjt

--
GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 
ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 
8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

Re: [PATCH v2 0/2] riscv,kvm: remove another strerrorname_np()

[Michael Tokarev]

24.04.2024 23:24, Daniel Henrique Barboza wrote:

Hi,

In this new version a small change suggested by Phil was made in patch
2. No other changes made.


Applied to trivial-patches tree.


Note: checkpatch.pl is nagging quite a bit about the checkpatch.pl change
this time, claiming that I'm adding a line > 90 chars when in reality the
line has 80 chars:

ERROR: line over 90 characters
#39: FILE: scripts/checkpatch.pl:3082:
+   ERROR("use strerror() instead of strerrorname_np()\n" . 
$herecurr);

total: 1 errors, 0 warnings, 9 lines checked

I supposed it's counting each TAB as more than one char. Let me know if
I need to care about this error and I'll send a v3.


checkpatch complaining about checkpatch change is nice.
Nope, it is the style used here, all other tests are
like this too, but worse.

/mjt

[PATCH] target/loongarch/cpu.c: typo fix: expection

[Michael Tokarev]

Fixes: 1590154ee437 ("target/loongarch: Fix qemu-system-loongarch64 assert 
failed with the option '-d int'")
Signed-off-by: Michael Tokarev 
---
 target/loongarch/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index 203a349055..294bdbfa93 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -92,7 +92,7 @@ void G_NORETURN do_raise_exception(CPULoongArchState *env,
 {
 CPUState *cs = env_cpu(env);
 
-qemu_log_mask(CPU_LOG_INT, "%s: expection: %d (%s)\n",
+qemu_log_mask(CPU_LOG_INT, "%s: exception: %d (%s)\n",
   __func__,
   exception,
   loongarch_exception_name(exception));
-- 
2.39.2

[ANNOUNCE] QEMU 8.2.3 Stable released

[Michael Tokarev]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi everyone,

The QEMU v8.2.3 stable release is now available.

You can grab the tarball from our download page here:

  https://www.qemu.org/download/#source

  https://download.qemu.org/qemu-8.2.3.tar.xz
  https://download.qemu.org/qemu-8.2.3.tar.xz.sig (signature)

v8.2.3 is now tagged in the official qemu.git repository, and the
stable-8.2 branch has been updated accordingly:

  https://gitlab.com/qemu-project/qemu/-/commits/stable-8.2

There are 116 changes since the previous v8.2.2 release.

Thank you everyone who has been involved and helped with the stable series!

/mjt

Changelog (stable-8.2-hash master-hash Author Name: Commmit-Subject):

8216663a5c Michael Tokarev:
 Update version for 8.2.3 release
51da750063 c4f91d7b7b Harsh Prateek Bora:
 ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS.
c513ee1b91 2df5c1f5b0 Harsh Prateek Bora:
 ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.
1a78b89bcf 6e4aceba20 BALATON Zoltan:
 hw/pci-host/ppc440_pcix: Do not expose a bridge device on PCI bus
dd784cb65d f33274265a BALATON Zoltan:
 hw/isa/vt82c686: Keep track of PIRQ/PINT pins separately
fcbb086ae5 2ce6cff94d Cindy Lu:
 virtio-pci: fix use of a released vector
6e29509abc 4ef1f559f2 Richard Henderson:
 linux-user/x86_64: Handle the vsyscall page in open_self_maps_{2,4}
e2dfadfd07 dcb0a1ac03 Philippe Mathieu-Daudé:
 hw/audio/virtio-snd: Remove unused assignment
1cfe45956e 83ddb3dbba Philippe Mathieu-Daudé:
 hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()
35a67d2aa8 9e4b27ca6b Philippe Mathieu-Daudé:
 hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set
9666bd2b79 ad766d603f Philippe Mathieu-Daudé:
 hw/net/lan9118: Fix overflow in MIL TX FIFO
4e6240e184 a45223467e Philippe Mathieu-Daudé:
 hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition
516bdbc234 eaf2bd2953 Philippe Mathieu-Daudé:
 backends/cryptodev: Do not abort for invalid session ID
1c5005c450 fc09ff2979 Philippe Mathieu-Daudé:
 hw/misc/applesmc: Fix memory leak in reset() handler
6e7e387b79 d39fdfff34 Philippe Mathieu-Daudé:
 hw/block/nand: Fix out-of-bound access in NAND block buffer
ab995895ad 2e3e09b368 Philippe Mathieu-Daudé:
 hw/block/nand: Have blk_load() take unsigned offset and return boolean
15b41461ea 7a86544f28 Philippe Mathieu-Daudé:
 hw/block/nand: Factor nand_load_iolen() method out
5d53ff200b aa88f99c87 Yuquan Wang:
 qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo
4f01537ced f4729ec39a Philippe Mathieu-Daudé:
 hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs
fbeb0a160c b4295bff25 Philippe Mathieu-Daudé:
 hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs
1b2a52712b ba28e0ff4d Philippe Mathieu-Daudé:
 hw/display/virtio-gpu: Protect from DMA re-entrancy bugs
eb546a3f49 ec0504b989 Philippe Mathieu-Daudé:
 hw/virtio: Introduce virtio_bh_new_guarded() helper
390da29ce5 5888357942 Keith Packard:
 target/m68k: Map FPU exceptions to FPSR register
0764b8a8e3 b754cb2dcd Zack Buhman:
 target/sh4: add missing CHECK_NOT_DELAY_SLOT
733511728a 7227c0cd50 Zack Buhman:
 target/sh4: Fix mac.w with saturation enabled
77e03229ca c97e8977dc Zack Buhman:
 target/sh4: Fix mac.l with saturation enabled
7fc1bcb65f 7d95db5e78 Richard Henderson:
 target/sh4: Merge mach and macl into a union
be88ed87a6 b0f2f2976b Zack Buhman:
 target/sh4: mac.w: memory accesses are 16-bit words
c02844b8e8 f0907ff4ca Richard Henderson:
 linux-user: Fix waitid return of siginfo_t and rusage
196601e759 e25fe886b8 Richard Henderson:
 tcg/optimize: Do not attempt to constant fold neg_vec
20cd0c8655 731655f87f Manos Pitsidianakis:
 virtio-snd: rewrite invalid tx/rx message handling
627aa460ba a45f09935c Zheyu Ma:
 virtio-snd: Enhance error handling for invalid transfers
cd461c8445 6ae72f609a lyx634449800:
 vdpa-dev: Fix the issue of device status not updating when configuration 
interruption is triggered
b57b102a81 2d9a31b3c2 Wafer:
 hw/virtio: Fix packed virtqueue flush used_idx
f7a1ff69ba 19b254e86a Peter Maydell:
 target/arm: Use correct SecuritySpace for AArch64 AT ops at EL3
6983d1657d 7afbdada7e Wei Wang:
 migration/postcopy: ensure preempt channel is ready before loading states
46f03be3ed bbdf902366 Zheyu Ma:
 block/virtio-blk: Fix memory leak from virtio_blk_zone_report
9c2b8194ac 4c54f5bc8e Yajun Wu:
 hw/net/virtio-net: fix qemu set used ring flag even vhost started
e961fa43e9 fbe5ac5671 Peter Maydell:
 target/arm: take HSTR traps of cp15 accesses to EL2, not EL1
2702763548 44e25fbc19 Peter Maydell:
 hw/intc/arm_gicv3: ICC_HPPIR* return SPURIOUS if int group is disabled
2befb8a9c7 1d2f2b35bc Michael Tokarev:
 gitlab-ci/cirrus: switch from 'master' to 'latest'
3168476965 d0ad271a76 Avihai Horon:
 migration/postcopy: Ensure postcopy_start() sets errp if it fails
35fface50f 4a3aa11e1f Richard Henderson:
 target/hppa: Clear psw_n for BE on use_nullify_skip path
3cdfd68e4e 2911e9b95f Richard Henderson:
 tcg/optimize

[ANNOUNCE] QEMU 7.2.11 Stable released

[Michael Tokarev]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi everyone,

The QEMU v7.2.11 stable release is now available.

You can grab the tarball from our download page here:

  https://www.qemu.org/download/#source

  https://download.qemu.org/qemu-7.2.11.tar.xz
  https://download.qemu.org/qemu-7.2.11.tar.xz.sig (signature)

v7.2.11 is now tagged in the official qemu.git repository, and the
stable-7.2 branch has been updated accordingly:

  https://gitlab.com/qemu-project/qemu/-/commits/stable-7.2

There are 59 changes since the previous v7.2.10 release.

Thank you everyone who has been involved and helped with the stable series!

/mjt

Changelog (stable-7.2-hash master-hash Author Name: Commmit-Subject):

c6fe0f315c Michael Tokarev:
 Update version for 7.2.11 release
ab4a60c1b7 c4f91d7b7b Harsh Prateek Bora:
 ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS.
3f481e3305 2df5c1f5b0 Harsh Prateek Bora:
 ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.
4741ae6b8e b754cb2dcd Zack Buhman:
 target/sh4: add missing CHECK_NOT_DELAY_SLOT
2429cb7a9f 9e4b27ca6b Philippe Mathieu-Daudé:
 hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set
f3130798d4 a45223467e Philippe Mathieu-Daudé:
 hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition
cd7beea4a4 ad766d603f Philippe Mathieu-Daudé:
 hw/net/lan9118: Fix overflow in MIL TX FIFO
734314d8ce eaf2bd2953 Philippe Mathieu-Daudé:
 backends/cryptodev: Do not abort for invalid session ID
9b7bc39890 fc09ff2979 Philippe Mathieu-Daudé:
 hw/misc/applesmc: Fix memory leak in reset() handler
8394be7faa d39fdfff34 Philippe Mathieu-Daudé:
 hw/block/nand: Fix out-of-bound access in NAND block buffer
9ca7801c6a 2e3e09b368 Philippe Mathieu-Daudé:
 hw/block/nand: Have blk_load() take unsigned offset and return boolean
caeb4489b7 7a86544f28 Philippe Mathieu-Daudé:
 hw/block/nand: Factor nand_load_iolen() method out
d5c41e4491 aa88f99c87 Yuquan Wang:
 qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo
7aaf5f7778 f4729ec39a Philippe Mathieu-Daudé:
 hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs
e7c2df3fd7 b4295bff25 Philippe Mathieu-Daudé:
 hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs
6d37a30815 ba28e0ff4d Philippe Mathieu-Daudé:
 hw/display/virtio-gpu: Protect from DMA re-entrancy bugs
e070e5e674 ec0504b989 Philippe Mathieu-Daudé:
 hw/virtio: Introduce virtio_bh_new_guarded() helper
d6e7ec1f8e f0907ff4ca Richard Henderson:
 linux-user: Fix waitid return of siginfo_t and rusage
b198998b7f e25fe886b8 Richard Henderson:
 tcg/optimize: Do not attempt to constant fold neg_vec
fd01f5a847 2d9a31b3c2 Wafer:
 hw/virtio: Fix packed virtqueue flush used_idx
227d9450b5 4c54f5bc8e Yajun Wu:
 hw/net/virtio-net: fix qemu set used ring flag even vhost started
393b7ab067 44e25fbc19 Peter Maydell:
 hw/intc/arm_gicv3: ICC_HPPIR* return SPURIOUS if int group is disabled
eebb7fb506 1d2f2b35bc Michael Tokarev:
 gitlab-ci/cirrus: switch from 'master' to 'latest'
6fca92c9d1 4a3aa11e1f Richard Henderson:
 target/hppa: Clear psw_n for BE on use_nullify_skip path
162c54b7c1 2911e9b95f Richard Henderson:
 tcg/optimize: Fix sign_mask for logical right-shift
493b1cc785 1c188fc8cb Akihiko Odaki:
 virtio-net: Fix vhost virtqueue notifiers for RSS
70b0e142e6 a158c63b3b Yao Xingtao:
 monitor/hmp-cmds-target: Append a space in error message in gpa2hva()
2e1645ac6a 7c7a9f578e Lorenz Brun:
 hw/scsi/scsi-generic: Fix io_timeout property not applying
610db167da 1590154ee4 Song Gao:
 target/loongarch: Fix qemu-system-loongarch64 assert failed with the option 
'-d int'
e9e41446c2 7fd226b047 Tao Su:
 target/i386: Revert monitor_puts() in do_inject_x86_mce()
a6fc9a234b 2cc68629a6 Paolo Bonzini:
 target/i386: fix direction of "32-bit MMU" test
ad003650d5 90f641531c Paolo Bonzini:
 target/i386: use separate MMU indexes for 32-bit accesses
6332f3c12f 5f97afe254 Paolo Bonzini:
 target/i386: introduce function to query MMU indices
e4b23890b3 55f7c6a5f2 Peter Maydell:
 tests: Raise timeouts for bufferiszero and crypto-tlscredsx509
9405029750 63b18312d1 Kevin Wolf:
 tests/unit: Bump test-replication timeout to 60 seconds
4f048b771d e1b363e328 Thomas Huth:
 tests/unit: Bump test-crypto-block test timeout to 5 minutes
dcb9a64d22 c45f8f1aef Thomas Huth:
 tests/unit: Bump test-aio-multithread test timeout to 2 minutes
e1e9d74f57 2e128776dc Cédric Le Goater:
 migration: Skip only empty block devices
04b3d34d5c 74e2845c5f Jonathan Cameron:
 hmat acpi: Fix out of bounds access due to missing use of indirection
309051ac40 6081b4243c Akihiko Odaki:
 pcie_sriov: Validate NumVFs
3f7892be24 91bb64a8d2 Akihiko Odaki:
 hw/nvme: Use pcie_sriov_num_vfs()
e00b062da7 31180dbdca Akihiko Odaki:
 pcie: Introduce pcie_sriov_num_vfs
0b7ccfd1d2 fa905f65c5 Klaus Jensen:
 hw/nvme: add machine compatibility parameter to enable msix exclusive bar
6a5d6849d1 ee7bda4d38 Klaus Jensen:
 hw/nvme: generalize the mbar size helper
424e6209e5 4f0a4a3d58 Minw

Re: [PATCH] Fix incorrect disassembly format for certain RISC-V instructions

[Michael Tokarev]

03.04.2024 12:14, Simeon Krastnikov wrote:

* The immediate argument to lui/auipc should be an integer in the interval
  [0x0, 0xf]; e.g., 'auipc 0xf' and not 'auipc -1'
* The floating-point rounding mode is the last operand to the function,
   not the first; e.g., 'fcvt.w.s a0, fa0, rtz' and not 'fcvt.w.s rtz,
a0, fa0'. Note that fcvt.d.w[u] and fcvt.w[u].d are unaffected by the
rounding mode and hence it is omitted from their disassembly.
* When aq and rl are both present, they are not separated by a '.';
   e.g., 'lr.d.aqrl' and not 'lr.d.aq.rl'.

Based on the following assembly reference:
https://github.com/riscv-non-isa/riscv-asm-manual/blob/master/riscv-asm.md


Can someone from the riscv team review this?

This change isn't "trivial enough" for qemu-trivial, it should be picked up
by the riscv team.  At the very least, it touches too many instructions.

Thanks,

/mjt

Re: [PATCH] backends/cryptodev-builtin: Fix local_error leaks

[Michael Tokarev]

22.04.2024 11:53, Li Zhijian via wrote:

It seems that this error does not need to be propagated to the upper,
directly output the error to avoid the leaks

Closes: https://gitlab.com/qemu-project/qemu/-/issues/2283
Signed-off-by: Li Zhijian 


Applied to trivial-patches tree, with s/Closes/Resolves/ and
with addition of "Fixes:" suggested by zhenwei pi.

Thanks,

/mjt

[PATCH 25/27] qemu-img: implement short --help, remove global help() function

[Michael Tokarev]

now once all individual subcommands has --help support, remove
the large unreadable help() thing and replace it with small
global --help, which refers to individual command --help for
more info.

While at it, also line-wrap list of formats after 75 chars.

Since missing_argument() and unrecognized_option() are now unused,
remove them.

Signed-off-by: Michael Tokarev 
Reviewed-by: Daniel P. Berrangé 
---
 qemu-img.c | 172 -
 1 file changed, 39 insertions(+), 133 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 3721cf070b..39dfaa5144 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -94,11 +94,6 @@ typedef enum OutputFormat {
 /* Default to cache=writeback as data integrity is not important for qemu-img 
*/
 #define BDRV_DEFAULT_CACHE "writeback"
 
-static void format_print(void *opaque, const char *name)
-{
-printf(" %s", name);
-}
-
 static G_NORETURN
 void tryhelp(const char *argv0)
 {
@@ -118,18 +113,6 @@ void error_exit(const char *argv0, const char *fmt, ...)
 tryhelp(argv0);
 }
 
-static G_NORETURN
-void missing_argument(const char *option)
-{
-error_exit("qemu-img", "missing argument for option '%s'", option);
-}
-
-static G_NORETURN
-void unrecognized_option(const char *option)
-{
-error_exit("qemu-img", "unrecognized option '%s'", option);
-}
-
 /*
  * Print --help output for a command and exit.
  * syntax and description are multi-line with trailing EOL
@@ -167,114 +150,6 @@ static OutputFormat parse_output_format(const char 
*argv0, const char *arg)
 }
 }
 
-/* Please keep in synch with docs/tools/qemu-img.rst */
-static G_NORETURN
-void help(void)
-{
-const char *help_msg =
-   QEMU_IMG_VERSION
-   "usage: qemu-img [standard options] command [command options]\n"
-   "QEMU disk image utility\n"
-   "\n"
-   "'-h', '--help'   display this help and exit\n"
-   "'-V', '--version'output version information and exit\n"
-   "'-T', '--trace'  
[[enable=]][,events=][,file=]\n"
-   " specify tracing options\n"
-   "\n"
-   "Command syntax:\n"
-#define DEF(option, callback, arg_string)\
-   "  " arg_string "\n"
-#include "qemu-img-cmds.h"
-#undef DEF
-   "\n"
-   "Command parameters:\n"
-   "  'filename' is a disk image filename\n"
-   "  'objectdef' is a QEMU user creatable object definition. See the 
qemu(1)\n"
-   "manual page for a description of the object properties. The 
most common\n"
-   "object type is a 'secret', which is used to supply passwords 
and/or\n"
-   "encryption keys.\n"
-   "  'fmt' is the disk image format. It is guessed automatically in 
most cases\n"
-   "  'cache' is the cache mode used to write the output disk image, 
the valid\n"
-   "options are: 'none', 'writeback' (default, except for 
convert), 'writethrough',\n"
-   "'directsync' and 'unsafe' (default for convert)\n"
-   "  'src_cache' is the cache mode used to read input disk images, 
the valid\n"
-   "options are the same as for the 'cache' option\n"
-   "  'size' is the disk image size in bytes. Optional suffixes\n"
-   "'k' or 'K' (kilobyte, 1024), 'M' (megabyte, 1024k), 'G' 
(gigabyte, 1024M),\n"
-   "'T' (terabyte, 1024G), 'P' (petabyte, 1024T) and 'E' (exabyte, 
1024P)  are\n"
-   "supported. 'b' is ignored.\n"
-   "  'output_filename' is the destination disk image filename\n"
-   "  'output_fmt' is the destination format\n"
-   "  'options' is a comma separated list of format specific options 
in a\n"
-   "name=value format. Use -o help for an overview of the options 
supported by\n"
-   "the used format\n"
-   "  'snapshot_param' is param used for internal snapshot, format\n"
-   "is 'snapshot.id=[ID],snapshot.name=[NAME]', or\n"
-   "'[ID_OR_NAME]'\n"
-   "  '-c' indicates that target image must be compressed (qcow format 
only)\n"
-   "  '-u' allows unsafe backing chains. For rebasing, it is assumed 
that old and\n"
-   "   new backing file match exactly. The image doesn't need a 
working\n"
-   "   backing file before rebasing in this case (useful for 
renaming the\n"
-   "   backing file). For image creation, allow creating w

[PATCH 23/27] qemu-img: dd: refresh options/--help

[Michael Tokarev]

Add missing long options and --help output.

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 39 +--
 1 file changed, 29 insertions(+), 10 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 7c20a5772d..b3e521bc09 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -5504,31 +5504,48 @@ static int img_dd(const img_cmd_t *ccmd, int argc, char 
**argv)
 const struct option long_options[] = {
 { "help", no_argument, 0, 'h'},
 { "object", required_argument, 0, OPTION_OBJECT},
+{ "format", required_argument, 0, 'f'},
+{ "output-format", required_argument, 0, 'O'},
 { "image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
 { "force-share", no_argument, 0, 'U'},
 { 0, 0, 0, 0 }
 };
 
-while ((c = getopt_long(argc, argv, ":hf:O:U", long_options, NULL))) {
+while ((c = getopt_long(argc, argv, "hf:O:U", long_options, NULL))) {
 if (c == EOF) {
 break;
 }
 switch (c) {
+case 'h':
+cmd_help(ccmd,
+"[-f FMT|--image-opts] [-O OUTPUT_FMT] [-U]\n"
+"[bs=BLOCK_SIZE] [count=BLOCKS] if=INPUT of=OUTPUT\n"
+,
+"  -f, --format FMT\n"
+" specify format for INPUT explicitly\n"
+"  --image-opts\n"
+" indicates that INPUT is a complete image specification\n"
+" instead of a file name (incompatible with --format)\n"
+"  -O, --output-format OUTPUT_FMT\n"
+" format of the OUTPUT (default raw)\n"
+"  -U, --force-share\n"
+" open images in shared mode for concurrent access\n"
+"  bs=BLOCK_SIZE[kKMGTP]\n"
+" size of I/O block (default 512)\n"
+"  count=COUNT\n"
+" number of blocks to convert (default whole INPUT)\n"
+"  if=INPUT\n"
+" input file name (or image specification with --image-opts)\n"
+"  of=OUTPUT\n"
+" output file name to create\n"
+);
+break;
 case 'O':
 out_fmt = optarg;
 break;
 case 'f':
 fmt = optarg;
 break;
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
-case 'h':
-help();
-break;
 case 'U':
 force_share = true;
 break;
@@ -5538,6 +,8 @@ static int img_dd(const img_cmd_t *ccmd, int argc, char 
**argv)
 case OPTION_IMAGE_OPTS:
 image_opts = true;
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 
-- 
2.39.2

[PATCH 27/27] qemu-img: extend cvtnum() and use it in more places

[Michael Tokarev]

cvtnum() expects input string to specify some sort of size
(optionally with KMG... suffix).  However, there are a lot
of other number conversions in there (using qemu_strtol ),
also, not all conversions which use cvtnum, actually expects
size, - like dd count=nn.

Add bool issize argument to cvtnum() to specify if it should
treat the argument as a size or something else, - this changes
conversion routine in use and error text.

Use the new cvtnum() in more places (like where strtol were used),
since it never return negative number in successful conversion.
When it makes sense, also specify upper or lower bounds at the
same time.  This simplifies option processing in multiple places,
removing the need of local temporary variables and longer error
reporting code.

While at it, fix errors, like depth in measure must be >= 1,
while the previous code allowed it to be 0.

In a few places, change unsigned variables (like of type size_t)
to be signed instead, - to avoid the need of temporary conversion
variable.  All these variables are okay to be signed, we never
assign <0 value to them except of the cases of conversion error,
where we return immediately.

While at it, remove allowed size suffixes from the error message
as it makes no sense most of the time (should be in help instead).

Signed-off-by: Michael Tokarev 
Reviewed-by: Daniel P. Berrangé 
---
 qemu-img.c | 111 +
 tests/qemu-iotests/049.out |   9 +--
 2 files changed, 40 insertions(+), 80 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 694647f6ff..dbbf3495e8 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -399,18 +399,16 @@ static int add_old_style_options(const char *fmt, 
QemuOpts *opts,
 return 0;
 }
 
-static int64_t cvtnum_full(const char *name, const char *value, int64_t min,
-   int64_t max)
+static int64_t cvtnum_full(const char *name, const char *value,
+   bool issize, int64_t min, int64_t max)
 {
 int err;
 uint64_t res;
 
-err = qemu_strtosz(value, NULL, );
+err = issize ? qemu_strtosz(value, NULL, ) :
+   qemu_strtou64(value, NULL, 0, );
 if (err < 0 && err != -ERANGE) {
-error_report("Invalid %s specified. You may use "
- "k, M, G, T, P or E suffixes for", name);
-error_report("kilobytes, megabytes, gigabytes, terabytes, "
- "petabytes and exabytes.");
+error_report("Invalid %s specified: '%s'.", name, value);
 return err;
 }
 if (err == -ERANGE || res > max || res < min) {
@@ -421,9 +419,9 @@ static int64_t cvtnum_full(const char *name, const char 
*value, int64_t min,
 return res;
 }
 
-static int64_t cvtnum(const char *name, const char *value)
+static int64_t cvtnum(const char *name, const char *value, bool issize)
 {
-return cvtnum_full(name, value, 0, INT64_MAX);
+return cvtnum_full(name, value, issize, 0, INT64_MAX);
 }
 
 static int img_create(const img_cmd_t *ccmd, int argc, char **argv)
@@ -527,7 +525,7 @@ static int img_create(const img_cmd_t *ccmd, int argc, char 
**argv)
 
 /* Get image size, if specified */
 if (optind < argc) {
-img_size = cvtnum("image size", argv[optind++]);
+img_size = cvtnum("image size", argv[optind++], true);
 if (img_size < 0) {
 goto fail;
 }
@@ -989,7 +987,7 @@ static int img_commit(const img_cmd_t *ccmd, int argc, char 
**argv)
 quiet = true;
 break;
 case 'r':
-rate_limit = cvtnum("rate limit", optarg);
+rate_limit = cvtnum("rate limit", optarg, true);
 if (rate_limit < 0) {
 return 1;
 }
@@ -2414,7 +2412,7 @@ static int img_convert(const img_cmd_t *ccmd, int argc, 
char **argv)
 {
 int64_t sval;
 
-sval = cvtnum("buffer size for sparse output", optarg);
+sval = cvtnum("buffer size for sparse output", optarg, true);
 if (sval < 0) {
 goto fail_getopt;
 } else if (!QEMU_IS_ALIGNED(sval, BDRV_SECTOR_SIZE) ||
@@ -2446,10 +2444,9 @@ static int img_convert(const img_cmd_t *ccmd, int argc, 
char **argv)
 skip_create = true;
 break;
 case 'm':
-if (qemu_strtol(optarg, NULL, 0, _coroutines) ||
-s.num_coroutines < 1 || s.num_coroutines > MAX_COROUTINES) {
-error_report("Invalid number of coroutines. Allowed number of"
- " coroutines is between 1 and %d", 
MAX_COROUTINES);
+s.num_coroutines = cvtnum_full("number of coroutines", optarg,
+   false, 1, MAX_COROUTINES);
+if (s.num_coroutines < 0) {
  

[PATCH 24/27] qemu-img: measure: refresh options/--help

[Michael Tokarev]

Add missing long options and --help output.

Also add -s short option for --size (and remove OPTION_SIZE).

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 53 -
 1 file changed, 40 insertions(+), 13 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index b3e521bc09..3721cf070b 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -71,7 +71,6 @@ enum {
 OPTION_FLUSH_INTERVAL = 261,
 OPTION_NO_DRAIN = 262,
 OPTION_TARGET_IMAGE_OPTS = 263,
-OPTION_SIZE = 264,
 OPTION_PREALLOCATION = 265,
 OPTION_SHRINK = 266,
 OPTION_SALVAGE = 267,
@@ -5748,15 +5747,6 @@ static void 
dump_json_block_measure_info(BlockMeasureInfo *info)
 
 static int img_measure(const img_cmd_t *ccmd, int argc, char **argv)
 {
-static const struct option long_options[] = {
-{"help", no_argument, 0, 'h'},
-{"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
-{"object", required_argument, 0, OPTION_OBJECT},
-{"output", required_argument, 0, OPTION_OUTPUT},
-{"size", required_argument, 0, OPTION_SIZE},
-{"force-share", no_argument, 0, 'U'},
-{0, 0, 0, 0}
-};
 OutputFormat output_format = OFORMAT_HUMAN;
 BlockBackend *in_blk = NULL;
 BlockDriver *drv;
@@ -5777,12 +5767,47 @@ static int img_measure(const img_cmd_t *ccmd, int argc, 
char **argv)
 int ret = 1;
 int c;
 
+static const struct option long_options[] = {
+{"help", no_argument, 0, 'h'},
+{"target-format", required_argument, 0, 'O'},
+{"format", required_argument, 0, 'f'},
+{"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
+{"options", required_argument, 0, 'o'},
+{"snapshot", required_argument, 0, 'l'},
+{"object", required_argument, 0, OPTION_OBJECT},
+{"output", required_argument, 0, OPTION_OUTPUT},
+{"size", required_argument, 0, 's'},
+{"force-share", no_argument, 0, 'U'},
+{0, 0, 0, 0}
+};
+
 while ((c = getopt_long(argc, argv, "hf:O:o:l:U",
 long_options, NULL)) != -1) {
 switch (c) {
-case '?':
 case 'h':
-help();
+cmd_help(ccmd,
+"[-f FMT|--image-opts] [-o OPTIONS] [-O OUTPUT_FMT]\n"
+"   [--output OFMT] [--object OBJDEF] [-l SNAPSHOT_PARAM]\n"
+"   (--size SIZE | FILENAME)\n"
+,
+"  -O, --target-format FMT\n"
+" desired target/output image format (default raw)\n"
+"  -s, --size SIZE\n"
+" measure file size for given image size\n"
+"  FILENAME\n"
+" measure file size required to convert from FILENAME\n"
+"  -f, --format\n"
+" specify format of FILENAME explicitly\n"
+"  --image-opts\n"
+" indicates that FILENAME is a complete image specification\n"
+" instead of a file name (incompatible with --format)\n"
+"  -l, --snapshot SNAPSHOT\n"
+" use this snapshot in FILENAME as source\n"
+"  --output human|json\n"
+" output format\n"
+"  -U, --force-share\n"
+" open images in shared mode for concurrent access\n"
+);
 break;
 case 'f':
 fmt = optarg;
@@ -5820,12 +5845,14 @@ static int img_measure(const img_cmd_t *ccmd, int argc, 
char **argv)
 case OPTION_OUTPUT:
 output_format = parse_output_format(argv[0], optarg);
 break;
-case OPTION_SIZE:
+case 's':
 img_size = cvtnum("image size", optarg);
 if (img_size < 0) {
 goto out;
 }
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 
-- 
2.39.2

[PATCH 26/27] qemu-img: inline list of supported commands, remove qemu-img-cmds.h include

[Michael Tokarev]

also add short description to each command and use it in --help

Signed-off-by: Michael Tokarev 
Reviewed-by: Daniel P. Berrangé 
---
 qemu-img.c | 40 ++--
 1 file changed, 34 insertions(+), 6 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 39dfaa5144..694647f6ff 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -61,6 +61,7 @@
 typedef struct img_cmd_t {
 const char *name;
 int (*handler)(const struct img_cmd_t *ccmd, int argc, char **argv);
+const char *description;
 } img_cmd_t;
 
 enum {
@@ -127,6 +128,7 @@ void cmd_help(const img_cmd_t *ccmd,
 {
 printf(
 "Usage:\n"
+"%s.  Usage:\n"
 "\n"
 "  %s %s %s"
 "\n"
@@ -134,7 +136,7 @@ void cmd_help(const img_cmd_t *ccmd,
 "  -h, --help\n"
 " print this help and exit\n"
 "%s\n",
-   "qemu-img", ccmd->name,
+   ccmd->description, "qemu-img", ccmd->name,
syntax, arguments);
 exit(EXIT_SUCCESS);
 }
@@ -5828,10 +5830,36 @@ out:
 }
 
 static const img_cmd_t img_cmds[] = {
-#define DEF(option, callback, arg_string)\
-{ option, callback },
-#include "qemu-img-cmds.h"
-#undef DEF
+{ "amend", img_amend,
+  "Update format-specific options of the image" },
+{ "bench", img_bench,
+  "Run simple image benchmark" },
+{ "bitmap", img_bitmap,
+  "Perform modifications of the persistent bitmap in the image" },
+{ "check", img_check,
+  "Check basic image integrity" },
+{ "commit", img_commit,
+  "Commit image to its backing file" },
+{ "compare", img_compare,
+  "Check if two images have the same contents" },
+{ "convert", img_convert,
+  "Copy one image to another with optional format conversion" },
+{ "create", img_create,
+  "Create and format new image file" },
+{ "dd", img_dd,
+  "Copy input to output with optional format conversion" },
+{ "info", img_info,
+  "Display information about image" },
+{ "map", img_map,
+  "Dump image metadata" },
+{ "measure", img_measure,
+  "Calculate file size requred for a new image" },
+{ "rebase", img_rebase,
+  "Change backing file of the image" },
+{ "resize", img_resize,
+  "Resize the image to the new size" },
+{ "snapshot", img_snapshot,
+  "List or manipulate snapshots within image" },
 { NULL, NULL, },
 };
 
@@ -5896,7 +5924,7 @@ QEMU_IMG_VERSION
 "\n"
 "Recognized commands (run qemu-img COMMAND --help for command-specific 
help):\n\n");
 for (cmd = img_cmds; cmd->name != NULL; cmd++) {
-printf("  %s\n", cmd->name);
+printf("  %s - %s\n", cmd->name, cmd->description);
 }
 printf("\nSupported image formats:\n");
 c = 99; /* force a newline */
-- 
2.39.2

[PATCH 01/27] qemu-img: measure: convert img_size to signed, simplify handling

[Michael Tokarev]

qemu_opt_set_number() expects signed int64_t.

Use int64_t instead of uint64_t for img_size, use -1 as "unset"
value instead of UINT64_MAX, and do not require temporary sval
for conversion from string.

Signed-off-by: Michael Tokarev 
Reviewed-by: Daniel P. Berrangé 
---
 qemu-img.c | 19 +++
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 7668f86769..6e7ac2048f 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -5364,7 +5364,7 @@ static int img_measure(int argc, char **argv)
 QemuOpts *sn_opts = NULL;
 QemuOptsList *create_opts = NULL;
 bool image_opts = false;
-uint64_t img_size = UINT64_MAX;
+int64_t img_size = -1;
 BlockMeasureInfo *info = NULL;
 Error *local_err = NULL;
 int ret = 1;
@@ -5422,16 +5422,11 @@ static int img_measure(int argc, char **argv)
 }
 break;
 case OPTION_SIZE:
-{
-int64_t sval;
-
-sval = cvtnum("image size", optarg);
-if (sval < 0) {
+img_size = cvtnum("image size", optarg);
+if (img_size < 0) {
 goto out;
 }
-img_size = (uint64_t)sval;
-}
-break;
+break;
 }
 }
 
@@ -5446,11 +5441,11 @@ static int img_measure(int argc, char **argv)
 error_report("--image-opts, -f, and -l require a filename argument.");
 goto out;
 }
-if (filename && img_size != UINT64_MAX) {
+if (filename && img_size != -1) {
 error_report("--size N cannot be used together with a filename.");
 goto out;
 }
-if (!filename && img_size == UINT64_MAX) {
+if (!filename && img_size == -1) {
 error_report("Either --size N or one filename must be specified.");
 goto out;
 }
@@ -5498,7 +5493,7 @@ static int img_measure(int argc, char **argv)
 goto out;
 }
 }
-if (img_size != UINT64_MAX) {
+if (img_size != -1) {
 qemu_opt_set_number(opts, BLOCK_OPT_SIZE, img_size, _abort);
 }
 
-- 
2.39.2

[PATCH 17/27] qemu-img: rebase: refresh options/--help

[Michael Tokarev]

Add missing long options and --help output.

Options added:
 --format, --cache - for the image in question
 --backing, --backing-format, --backing-cache, --backing-unsafe -
   for the new backing file
(was eg CACHE vs SRC_CACHE, which is unclear).

Probably should rename local variables.

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 55 +-
 1 file changed, 46 insertions(+), 9 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 62f9ce4069..47dfa137c1 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3793,26 +3793,61 @@ static int img_rebase(const img_cmd_t *ccmd, int argc, 
char **argv)
 for(;;) {
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
+{"quiet", no_argument, 0, 'q'},
+{"progress", no_argument, 0, 'p'},
 {"object", required_argument, 0, OPTION_OBJECT},
 {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
 {"force-share", no_argument, 0, 'U'},
+{"format", required_argument, 0, 'f'},
+{"cache", required_argument, 0, 't'},
 {"compress", no_argument, 0, 'c'},
+{"backing", required_argument, 0, 'b'},
+{"backing-format", required_argument, 0, 'F'},
+{"backing-cache", required_argument, 0, 'T'},
+{"backing-unsafe", no_argument, 0, 'u'},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":hf:F:b:upt:T:qUc",
+c = getopt_long(argc, argv, "hf:F:b:upt:T:qUc",
 long_options, NULL);
 if (c == -1) {
 break;
 }
-switch(c) {
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
+switch (c) {
 case 'h':
-help();
+cmd_help(ccmd,
+"[-f FMT | --image-opts] [-t CACHE] [-q] [-U] [-p]\n"
+"[-b BACKING_FILENAME [-F BACKING_FMT] [-T BACKING_CACHE]] [-u]\n"
+"[--object OBJDEF] [-c] FILENAME\n"
+"Rebases FILENAME on top of BACKING_FILENAME or no backing file\n"
+,
+"  -q, --quiet\n"
+" quiet operation\n"
+"  -p, --progress\n"
+" show progress indicator\n"
+"  -f, --format FMT\n"
+" specify FILENAME format explicitly\n"
+"  --image-opts\n"
+" indicates that FILENAME is a complete image specification\n"
+" instead of a file name (incompatible with --format)\n"
+"  -t, --cache CACHE\n"
+" cache mode for FILENAME (" BDRV_DEFAULT_CACHE ")\n"
+"  -b, --backing BACKING_FILENAME|\"\"\n"
+" rebase onto this file (or no backing file)\n"
+"  -F, --backing-format BACKING_FMT\n"
+" specify format for BACKING_FILENAME\n"
+"  -T, --backing-cache CACHE\n"
+" BACKING_FILENAME cache mode (" BDRV_DEFAULT_CACHE ")\n"
+"  -u, --backing-unsafe\n"
+" do not fail if BACKING_FILENAME can not be read\n"
+"  -c, --compress\n"
+" compress image (when image supports this)\n"
+"  -U, --force-share\n"
+" open image in shared mode for concurrent access\n"
+"  --object OBJDEF\n"
+" QEMU user-creatable object (eg encryption key)\n"
+"  FILENAME\n"
+" image file name (or specification with --image-opts)\n"
+);
 return 0;
 case 'f':
 fmt = optarg;
@@ -3850,6 +3885,8 @@ static int img_rebase(const img_cmd_t *ccmd, int argc, 
char **argv)
 case 'c':
 compress = true;
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 
-- 
2.39.2

[PATCH 12/27] qemu-img: info: refresh options/--help

[Michael Tokarev]

Add missing long options and --help output.
Also add -b short option for --backing-chain, and remove
now-unused OPTION_BACKING_CHAIN.

While at it, remove unused option_index variable.

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 40 +++-
 1 file changed, 27 insertions(+), 13 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 0a32d890e3..34c4cd86de 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -65,7 +65,6 @@ typedef struct img_cmd_t {
 
 enum {
 OPTION_OUTPUT = 256,
-OPTION_BACKING_CHAIN = 257,
 OPTION_OBJECT = 258,
 OPTION_IMAGE_OPTS = 259,
 OPTION_PATTERN = 260,
@@ -3220,31 +3219,44 @@ static int img_info(const img_cmd_t *ccmd, int argc, 
char **argv)
 
 fmt = NULL;
 for(;;) {
-int option_index = 0;
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
 {"format", required_argument, 0, 'f'},
 {"output", required_argument, 0, OPTION_OUTPUT},
-{"backing-chain", no_argument, 0, OPTION_BACKING_CHAIN},
+{"backing-chain", no_argument, 0, 'b'},
 {"object", required_argument, 0, OPTION_OBJECT},
 {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
 {"force-share", no_argument, 0, 'U'},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":f:hU",
-long_options, _index);
+c = getopt_long(argc, argv, "f:hbU",
+long_options, NULL);
 if (c == -1) {
 break;
 }
 switch(c) {
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
 case 'h':
-help();
+cmd_help(ccmd,
+"[-f FMT | --image-opts] [-b] [-U] [--object OBJDEF]\n"
+"[--output human|json] FILENAME\n"
+,
+"  -f, --format FMT\n"
+" specify FILENAME image format explicitly\n"
+"  --image-opts\n"
+" indicates that FILENAME is a complete image specification\n"
+" instead of a file name (incompatible with --format)\n"
+"  -b, --backing-chain\n"
+" display information about backing chaing\n"
+"  (in case the image is stacked\n"
+"  -U, --force-share\n"
+" open image in shared mode for concurrent access\n"
+"  --object OBJDEF\n"
+" QEMU user-creatable object (eg encryption key)\n"
+"  --output human|json\n"
+" specify output format name (default human)\n"
+"  FILENAME\n"
+" image file name (or specification with --image-opts)\n"
+);
 break;
 case 'f':
 fmt = optarg;
@@ -3255,7 +3267,7 @@ static int img_info(const img_cmd_t *ccmd, int argc, char 
**argv)
 case OPTION_OUTPUT:
 output_format = parse_output_format(argv[0], optarg);
 break;
-case OPTION_BACKING_CHAIN:
+case 'b':
 chain = true;
 break;
 case OPTION_OBJECT:
@@ -3264,6 +3276,8 @@ static int img_info(const img_cmd_t *ccmd, int argc, char 
**argv)
 case OPTION_IMAGE_OPTS:
 image_opts = true;
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 if (optind != argc - 1) {
-- 
2.39.2

[PATCH 19/27] qemu-img: resize: refresh options/--help

[Michael Tokarev]

Add missing long options and --help output.

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 38 +-
 1 file changed, 29 insertions(+), 9 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index da10fafffc..688c01722c 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -4324,27 +4324,45 @@ static int img_resize(const img_cmd_t *ccmd, int argc, 
char **argv)
 for(;;) {
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
+{"quiet", no_argument, 0, 'q'},
 {"object", required_argument, 0, OPTION_OBJECT},
+{"format", required_argument, 0, 'f'},
 {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
 {"preallocation", required_argument, 0, OPTION_PREALLOCATION},
 {"shrink", no_argument, 0, OPTION_SHRINK},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, "-:f:hq",
+c = getopt_long(argc, argv, "-f:hq",
 long_options, NULL);
 if (c == -1) {
 break;
 }
 switch(c) {
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
 case 'h':
-help();
-break;
+cmd_help(ccmd,
+"[-f FMT | --image-opts] [--preallocation PREALLOC] [--shrink]\n"
+"[--object OBJECTDEF] [-q] FILENAME [+-]SIZE[bkKMGTPE]\n"
+,
+"  -q, --quiet\n"
+" quiet operation\n"
+"  -f, --format FMT\n"
+" specify FILENAME format explicitly\n"
+"  --image-opts\n"
+" indicates that FILENAME is a complete image specification\n"
+"   instead of a file name (incompatible with --format)\n"
+"  --shrink\n"
+" allow operation when new size is smaller than original\n"
+"  --preallocation PREALLOC\n"
+" specify preallocation type for the new areas\n"
+"  --object OBJDEF\n"
+" QEMU user-creatable object (eg encryption key)\n"
+"  FILENAME\n"
+" image file (specification) to resize\n"
+"  [+-]SIZE[bkKMGTPE]\n"
+" new image size or amount by which to shrink/grow,\n"
+" with optional suffix (1024-based multiplies)\n"
+);
+return 0;
 case 'f':
 fmt = optarg;
 break;
@@ -4386,6 +4404,8 @@ static int img_resize(const img_cmd_t *ccmd, int argc, 
char **argv)
 error_exit(argv[0], "Extra argument(s) in command line");
 }
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 if (!filename && optind < argc) {
-- 
2.39.2

[PATCH 14/27] qemu-img: snapshot: allow specifying -f fmt

[Michael Tokarev]

For consistency with other commands, and since it already
accepts --image-opts, allow specifying -f fmt too.

Signed-off-by: Michael Tokarev 
Reviewed-by: Daniel P. Berrangé 
---
 docs/tools/qemu-img.rst | 2 +-
 qemu-img-cmds.hx| 4 ++--
 qemu-img.c  | 9 ++---
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/docs/tools/qemu-img.rst b/docs/tools/qemu-img.rst
index 3653adb963..9b628c4da5 100644
--- a/docs/tools/qemu-img.rst
+++ b/docs/tools/qemu-img.rst
@@ -663,7 +663,7 @@ Command description:
   bitmap support, or 0 if bitmaps are supported but there is nothing
   to copy.
 
-.. option:: snapshot [--object OBJECTDEF] [--image-opts] [-U] [-q] [-l | -a 
SNAPSHOT | -c SNAPSHOT | -d SNAPSHOT] FILENAME
+.. option:: snapshot [--object OBJECTDEF] [-f FMT | --image-opts] [-U] [-q] 
[-l | -a SNAPSHOT | -c SNAPSHOT | -d SNAPSHOT] FILENAME
 
   List, apply, create or delete snapshots in image *FILENAME*.
 
diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
index c9dd70a892..2c5a8a28f9 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -84,9 +84,9 @@ SRST
 ERST
 
 DEF("snapshot", img_snapshot,
-"snapshot [--object objectdef] [--image-opts] [-U] [-q] [-l | -a snapshot 
| -c snapshot | -d snapshot] filename")
+"snapshot [--object objectdef] [-f fmt | --image-opts] [-U] [-q] [-l | -a 
snapshot | -c snapshot | -d snapshot] filename")
 SRST
-.. option:: snapshot [--object OBJECTDEF] [--image-opts] [-U] [-q] [-l | -a 
SNAPSHOT | -c SNAPSHOT | -d SNAPSHOT] FILENAME
+.. option:: snapshot [--object OBJECTDEF] [-f FMT | --image-opts] [-U] [-q] 
[-l | -a SNAPSHOT | -c SNAPSHOT | -d SNAPSHOT] FILENAME
 ERST
 
 DEF("rebase", img_rebase,
diff --git a/qemu-img.c b/qemu-img.c
index 84e2e53fb7..8adc324496 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3595,7 +3595,7 @@ static int img_snapshot(const img_cmd_t *ccmd, int argc, 
char **argv)
 BlockBackend *blk;
 BlockDriverState *bs;
 QEMUSnapshotInfo sn;
-char *filename, *snapshot_name = NULL;
+char *filename, *fmt = NULL, *snapshot_name = NULL;
 int c, ret = 0, bdrv_oflags;
 int action = 0;
 bool quiet = false;
@@ -3614,7 +3614,7 @@ static int img_snapshot(const img_cmd_t *ccmd, int argc, 
char **argv)
 {"force-share", no_argument, 0, 'U'},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":la:c:d:hqU",
+c = getopt_long(argc, argv, ":la:c:d:f:hqU",
 long_options, NULL);
 if (c == -1) {
 break;
@@ -3629,6 +3629,9 @@ static int img_snapshot(const img_cmd_t *ccmd, int argc, 
char **argv)
 case 'h':
 help();
 return 0;
+case 'f':
+fmt = optarg;
+break;
 case 'l':
 if (action) {
 error_exit(argv[0], "Cannot mix '-l', '-a', '-c', '-d'");
@@ -3682,7 +3685,7 @@ static int img_snapshot(const img_cmd_t *ccmd, int argc, 
char **argv)
 filename = argv[optind++];
 
 /* Open the image */
-blk = img_open(image_opts, filename, NULL, bdrv_oflags, false, quiet,
+blk = img_open(image_opts, filename, fmt, bdrv_oflags, false, quiet,
force_share);
 if (!blk) {
 return 1;
-- 
2.39.2

[PATCH 21/27] qemu-img: bench: refresh options/--help

[Michael Tokarev]

Add missing long options and --help output.

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 64 +-
 1 file changed, 54 insertions(+), 10 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 76000c485c..fff537df26 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -4849,28 +4849,70 @@ static int img_bench(const img_cmd_t *ccmd, int argc, 
char **argv)
 for (;;) {
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
-{"flush-interval", required_argument, 0, OPTION_FLUSH_INTERVAL},
+{"format", required_argument, 0, 'f'},
 {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
+{"cache", required_argument, 0, 't'},
+{"count", required_argument, 0, 'c'},
+{"depth", required_argument, 0, 'd'},
+{"offset", required_argument, 0, 'o'},
+{"buffer-size", required_argument, 0, 's'},
+{"step-size", required_argument, 0, 'S'},
+{"aio", required_argument, 0, 'i'},
+{"native", no_argument, 0, 'n'},
+{"write", no_argument, 0, 'w'},
 {"pattern", required_argument, 0, OPTION_PATTERN},
+{"flush-interval", required_argument, 0, OPTION_FLUSH_INTERVAL},
 {"no-drain", no_argument, 0, OPTION_NO_DRAIN},
 {"force-share", no_argument, 0, 'U'},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":hc:d:f:ni:o:qs:S:t:wU", long_options,
-NULL);
+c = getopt_long(argc, argv, "hc:d:f:ni:o:qs:S:t:wU",
+long_options, NULL);
 if (c == -1) {
 break;
 }
 
 switch (c) {
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
 case 'h':
-help();
+cmd_help(ccmd,
+"[-f FMT | --image-opts] [-t CACHE] [-c COUNT] [-d DEPTH]\n"
+"[-o OFFSET] [-s BUFFER_SIZE] [-S STEP_SIZE] [-i AIO] [-n]\n"
+"[-w [--pattern PATTERN] [--flush-interval INTERVAL [--no-drain]]]\n"
+,
+"  -q, --quiet\n"
+" quiet operations\n"
+"  -f, --format FMT\n"
+" specify FILENAME format explicitly\n"
+"  --image-opts\n"
+" indicates that FILENAME is a complete image specification\n"
+" instead of a file name (incompatible with --format)\n"
+"  -t, --cache CACHE\n"
+" cache mode for FILENAME (" BDRV_DEFAULT_CACHE ")\n"
+"  -c, --count COUNT\n"
+" number of I/O requests to perform\n"
+"  -s, --buffer-size BUFFER_SIZE\n"
+" size of each I/O request\n"
+"  -d, --depth DEPTH\n"
+" number of requests to perform in parallel\n"
+"  -o, --offset OFFSET\n"
+" start first request at this OFFSET\n"
+"  -S, --step-size STEP_SIZE\n"
+" each next request offset increment\n"
+"  -i, --aio AIO\n"
+" async-io backend (threads, native, io_uring)\n"
+"  -n, --native\n"
+" use native AIO backend if possible\n"
+"  -w, --write\n"
+" perform write test (default is read)\n"
+"  --pattern PATTERN\n"
+" write this pattern byte instead of zero\n"
+"  --flush-interval FLUSH_INTERVAL\n"
+" issue flush after this number of requests\n"
+"  --no-drain\n"
+" do not wait when flushing pending requests\n"
+"  -U, --force-share\n"
+" open images in shared mode for concurrent access\n"
+);
 break;
 case 'c':
 {
@@ -4987,6 +5029,8 @@ static int img_bench(const img_cmd_t *ccmd, int argc, 
char **argv)
 case OPTION_IMAGE_OPTS:
 image_opts = true;
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 
-- 
2.39.2

[PATCH 13/27] qemu-img: map: refresh options/--help

[Michael Tokarev]

Add missing long options and --help output.

While at it, remove unused option_index variable.

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 34 --
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 34c4cd86de..84e2e53fb7 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3454,7 +3454,6 @@ static int img_map(const img_cmd_t *ccmd, int argc, char 
**argv)
 
 fmt = NULL;
 for (;;) {
-int option_index = 0;
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
 {"format", required_argument, 0, 'f'},
@@ -3466,20 +3465,33 @@ static int img_map(const img_cmd_t *ccmd, int argc, 
char **argv)
 {"max-length", required_argument, 0, 'l'},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":f:s:l:hU",
-long_options, _index);
+c = getopt_long(argc, argv, "f:s:l:hU",
+long_options, NULL);
 if (c == -1) {
 break;
 }
 switch (c) {
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
 case 'h':
-help();
+cmd_help(ccmd,
+"[-f FMT | --image-opts] [--object OBJDEF] [--output human|json]\n"
+"[--start-offset OFFSET] [--max-length LENGTH] [-U] FILENAME\n"
+,
+"  -f, --format FMT\n"
+" specify FILENAME image format explicitly\n"
+"  --image-opts\n"
+" indicates that FILENAME is a complete image specification\n"
+" instead of a file name (incompatible with --format)\n"
+"  --start-offset OFFSET\n"
+"  --max-length LENGTH\n"
+"  --output human|json\n"
+" specify output format name (default human)\n"
+"  -U, --force-share\n"
+" open image in shared mode for concurrent access\n"
+"  --object OBJDEF\n"
+" QEMU user-creatable object (eg encryption key)\n"
+"  FILENAME\n"
+" image file name (or specification with --image-opts)\n"
+);
 break;
 case 'f':
 fmt = optarg;
@@ -3508,6 +3520,8 @@ static int img_map(const img_cmd_t *ccmd, int argc, char 
**argv)
 case OPTION_IMAGE_OPTS:
 image_opts = true;
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 if (optind != argc - 1) {
-- 
2.39.2

[PATCH v3 00/27] qemu-img: refersh options and --help handling, cleanups

[Michael Tokarev]

Quite big patchset trying to implement normal, readable qemu-img --help
(and qemu-img COMMAND --help) output with readable descriptions, and
adding many long options in the process.

In the end I stopped using qemu-img-opts.hx in qemu-img.c, perhaps
this can be avoided, with only list of commands and their desrciptions
kept there, but I don't see big advantage here.  The same list should
be included in docs/tools/qemu-img.rst, - this is not done now.

Also each command syntax isn't reflected in the doc for now, because
I want to give good names for options first, - and there, we've quite
some inconsistences and questions.  For example, measure --output=OFMT
-O OFMT, - this is priceless :)  I've no idea why we have this ugly
--output=json thing, why not have --json? ;)  I gave the desired
format long name --target-format to avoid clash with --output.

For rebase, src vs tgt probably should be renamed in local variables
too, and I'm not even sure I've got the caches right. For caches,
the thing is inconsistent across commands.

For compare, I used --a-format/--b-format (for -f/-F), - this can
be made --souce-format and --target-format, to compare source (file1)
with target (file2).

For bitmap, things are scary, I'm not sure what -b SRC_FILENAME
really means, - for now I gave it --source option, but this does
not make it more clear, suggestions welcome.

There are many other inconsistencies, I can't fix them all in one go.

Changes since v2:

 - added Dan's R-Bs
 - refined couple cvtnum conversions
 - dropped "stop printing error twice in a few places"

Michael Tokarev (27):
  qemu-img: measure: convert img_size to signed, simplify handling
  qemu-img: create: convert img_size to signed, simplify handling
  qemu-img: global option processing and error printing
  qemu-img: pass current cmd info into command handlers
  qemu-img: create: refresh options/--help
  qemu-img: factor out parse_output_format() and use it in the code
  qemu-img: check: refresh options/--help
  qemu-img: simplify --repair error message
  qemu-img: commit: refresh options/--help
  qemu-img: compare: refresh options/--help
  qemu-img: convert: refresh options/--help
  qemu-img: info: refresh options/--help
  qemu-img: map: refresh options/--help
  qemu-img: snapshot: allow specifying -f fmt
  qemu-img: snapshot: make -l (list) the default, simplify option
handling
  qemu-img: snapshot: refresh options/--help
  qemu-img: rebase: refresh options/--help
  qemu-img: resize: do not always eat last argument
  qemu-img: resize: refresh options/--help
  qemu-img: amend: refresh options/--help
  qemu-img: bench: refresh options/--help
  qemu-img: bitmap: refresh options/--help
  qemu-img: dd: refresh options/--help
  qemu-img: measure: refresh options/--help
  qemu-img: implement short --help, remove global help() function
  qemu-img: inline list of supported commands, remove qemu-img-cmds.h
include
  qemu-img: extend cvtnum() and use it in more places

 docs/tools/qemu-img.rst|4 +-
 qemu-img-cmds.hx   |4 +-
 qemu-img.c | 1311 ++--
 tests/qemu-iotests/049.out |9 +-
 4 files changed, 821 insertions(+), 507 deletions(-)

-- 
2.39.2

[PATCH 22/27] qemu-img: bitmap: refresh options/--help

[Michael Tokarev]

Add missing long options and --help output.

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 40 
 1 file changed, 32 insertions(+), 8 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index fff537df26..7c20a5772d 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -5170,20 +5170,42 @@ static int img_bitmap(const img_cmd_t *ccmd, int argc, 
char **argv)
 {"source-format", required_argument, 0, 'F'},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":b:f:F:g:h", long_options, NULL);
+c = getopt_long(argc, argv, "b:f:F:g:h",
+long_options, NULL);
 if (c == -1) {
 break;
 }
 
 switch (c) {
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
 case 'h':
-help();
+cmd_help(ccmd,
+"( --merge SOURCE | --add | --remove | --clear |\n"
+"--enable | --disable ).. [-f FMT | --image-opts]\n"
+"[ -b SRC_FILENAME [-F SOURCE_FMT]] [-g SIZE[KMGTPE]] [--object 
OBJDEF]\n"
+"FILENAME BITMAP\n"
+,
+"  -f, --format FMT\n"
+" specify FILENAME format explicitly\n"
+"  --image-opts\n"
+" indicates that FILENAME is a complete image specification\n"
+" instead of a file name (incompatible with --format)\n"
+"  --add\n"
+" creates BITMAP, enables to record future edits\n"
+"   -g, --granularity SIZE[KMGTPE]\n"
+" sets non-default bitmap granularity for --add to this size\n"
+"  --remove\n"
+" removes BITMAP\n"
+"  --clear\n"
+" clears BITMAP\n"
+"  --enable, --disable\n"
+" starts and stops recording future edits to BITMAP\n"
+"  --merge SRC_FILENAME\n"
+" merges contents of SRC_FILENAME bitmap into BITMAP\n"
+"   -b, --source-file SRC_FILENAME\n"
+" select alternative source file for --merge\n"
+"   -F, --source-format SRC_FMT\n"
+" specify format for SRC_FILENAME explicitly\n"
+);
 break;
 case 'b':
 src_filename = optarg;
@@ -5239,6 +5261,8 @@ static int img_bitmap(const img_cmd_t *ccmd, int argc, 
char **argv)
 case OPTION_IMAGE_OPTS:
 image_opts = true;
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 
-- 
2.39.2

[PATCH 18/27] qemu-img: resize: do not always eat last argument

[Michael Tokarev]

'qemu-img resize --help' does not work, since it wants more
arguments.  Also -size is only recognized as a very last
argument, but it is common for tools to handle other options
after positional arguments too.

Tell getopt_long() to return non-options together with options,
and process filename and size in the loop, and check if there's
an argument right after filename which looks like -N (number),
and treat it as size (decrement).  This way we can handle --help,
and we can also have options after filename and size, and `--'
will be handled fine too.

The only case which is not handled right is when there's an option
between filename and size, and size is given as decrement, - in
this case -size will be treated as option, not as size.

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 41 +++--
 1 file changed, 27 insertions(+), 14 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 47dfa137c1..da10fafffc 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -4297,7 +4297,7 @@ static int img_resize(const img_cmd_t *ccmd, int argc, 
char **argv)
 {
 Error *err = NULL;
 int c, ret, relative;
-const char *filename, *fmt, *size;
+const char *filename = NULL, *fmt = NULL, *size = NULL;
 int64_t n, total_size, current_size;
 bool quiet = false;
 BlockBackend *blk = NULL;
@@ -4320,17 +4320,7 @@ static int img_resize(const img_cmd_t *ccmd, int argc, 
char **argv)
 bool image_opts = false;
 bool shrink = false;
 
-/* Remove size from argv manually so that negative numbers are not treated
- * as options by getopt. */
-if (argc < 3) {
-error_exit(argv[0], "Not enough arguments");
-return 1;
-}
-
-size = argv[--argc];
-
 /* Parse getopt arguments */
-fmt = NULL;
 for(;;) {
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
@@ -4340,7 +4330,7 @@ static int img_resize(const img_cmd_t *ccmd, int argc, 
char **argv)
 {"shrink", no_argument, 0, OPTION_SHRINK},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":f:hq",
+c = getopt_long(argc, argv, "-:f:hq",
 long_options, NULL);
 if (c == -1) {
 break;
@@ -4378,12 +4368,35 @@ static int img_resize(const img_cmd_t *ccmd, int argc, 
char **argv)
 case OPTION_SHRINK:
 shrink = true;
 break;
+case 1: /* a non-optional argument */
+if (!filename) {
+filename = optarg;
+/* see if we have -size (number) next to filename */
+if (optind < argc) {
+size = argv[optind];
+if (size[0] == '-' && size[1] >= '0' && size[1] <= '9') {
+++optind;
+} else {
+size = NULL;
+}
+}
+} else if (!size) {
+size = optarg;
+} else {
+error_exit(argv[0], "Extra argument(s) in command line");
+}
+break;
 }
 }
-if (optind != argc - 1) {
+if (!filename && optind < argc) {
+filename = argv[optind++];
+}
+if (!size && optind < argc) {
+size = argv[optind++];
+}
+if (!filename || !size || optind < argc) {
 error_exit(argv[0], "Expecting image file name and size");
 }
-filename = argv[optind++];
 
 /* Choose grow, shrink, or absolute resize mode */
 switch (size[0]) {
-- 
2.39.2

[PATCH 20/27] qemu-img: amend: refresh options/--help

[Michael Tokarev]

Add missing long options and --help output.

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 34 ++
 1 file changed, 26 insertions(+), 8 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 688c01722c..76000c485c 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -4559,26 +4559,42 @@ static int img_amend(const img_cmd_t *ccmd, int argc, 
char **argv)
 for (;;) {
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
+{"quiet", no_argument, 0, 'q'},
+{"progress", no_argument, 0, 'p'},
 {"object", required_argument, 0, OPTION_OBJECT},
+{"format", required_argument, 0, 'f'},
+{"cache", required_argument, 0, 't'},
+{"options", required_argument, 0, 'o'},
 {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
 {"force", no_argument, 0, OPTION_FORCE},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":ho:f:t:pq",
+c = getopt_long(argc, argv, "ho:f:t:pq",
 long_options, NULL);
 if (c == -1) {
 break;
 }
 
 switch (c) {
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
 case 'h':
-help();
+cmd_help(ccmd,
+"[-f FMT | --image-opts] [t CACHE] [--force] [-p] [-q]\n"
+"[--object OBJDEF -o OPTIONS FILENAME\n"
+,
+"  -q, --quiet\n"
+" quiet operation\n"
+"  -p, --progres\n"
+" show progress\n"
+"  -f, --format FMT\n"
+" specify FILENAME format explicitly\n"
+"  --image-opts\n"
+" indicates that FILENAME is a complete image specification\n"
+"   instead of a file name (incompatible with --format)\n"
+"  -t, --cache CACHE\n"
+" cache mode for FILENAME (" BDRV_DEFAULT_CACHE ")\n"
+"  --force\n"
+" allow certain unsafe operations\n"
+);
 break;
 case 'o':
 if (accumulate_options(, optarg) < 0) {
@@ -4607,6 +4623,8 @@ static int img_amend(const img_cmd_t *ccmd, int argc, 
char **argv)
 case OPTION_FORCE:
 force = true;
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 
-- 
2.39.2

[PATCH 16/27] qemu-img: snapshot: refresh options/--help

[Michael Tokarev]

Add missing long options and --help output.

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 45 -
 1 file changed, 36 insertions(+), 9 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 967f6343de..62f9ce4069 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3609,26 +3609,51 @@ static int img_snapshot(const img_cmd_t *ccmd, int 
argc, char **argv)
 for(;;) {
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
+{"quiet", no_argument, 0, 'q'},
 {"object", required_argument, 0, OPTION_OBJECT},
+{"format", required_argument, 0, 'f'},
 {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
 {"force-share", no_argument, 0, 'U'},
+{"list", no_argument, 0, SNAPSHOT_LIST},
+{"apply", no_argument, 0, SNAPSHOT_APPLY},
+{"create", no_argument, 0, SNAPSHOT_CREATE},
+{"delete", no_argument, 0, SNAPSHOT_DELETE},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":la:c:d:f:hqU",
+c = getopt_long(argc, argv, "la:c:d:f:hqU",
 long_options, NULL);
 if (c == -1) {
 break;
 }
 switch(c) {
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
 case 'h':
-help();
-return 0;
+cmd_help(ccmd,
+"[-f FMT | --image-opts] [-l | -a|-c|-d SNAPSHOT]\n"
+"[-U] [--object OBJDEF] FILENAME\n"
+,
+"  -q, --quiet\n"
+"  quiet operations\n"
+"  -f, --format FMT\n"
+"  specify FILENAME format explicitly\n"
+"  --image-opts\n"
+"  indicates that FILENAME is a complete image specification\n"
+"   instead of a file name (incompatible with --format)\n"
+"  -U, --force-share\n"
+"  open image in shared mode for concurrent access\n"
+"  --object OBJDEF\n"
+"  QEMU user-creatable object (eg encryption key)\n"
+"  Operation, one of:\n"
+"-l, --list\n"
+"   list snapshots in FILENAME (the default)\n"
+"-c, --create SNAPSHOT\n"
+"   create named snapshot\n"
+"-a, --apply SNAPSHOT\n"
+"   apply named snapshot to the base\n"
+"-d, --delete SNAPSHOT\n"
+"   delete named snapshot\n"
+"  FILENAME - image file name (or specification with --image-opts)\n"
+);
+break;
 case 'f':
 fmt = optarg;
 break;
@@ -3655,6 +3680,8 @@ static int img_snapshot(const img_cmd_t *ccmd, int argc, 
char **argv)
 case OPTION_IMAGE_OPTS:
 image_opts = true;
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 
-- 
2.39.2

[PATCH 07/27] qemu-img: check: refresh options/--help

[Michael Tokarev]

Add missing long options and --help output.

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 38 ++
 1 file changed, 30 insertions(+), 8 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 08536553c7..1bd88fcf63 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -805,7 +805,9 @@ static int img_check(const img_cmd_t *ccmd, int argc, char 
**argv)
 int option_index = 0;
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
+{"quiet", no_argument, 0, 'q'},
 {"format", required_argument, 0, 'f'},
+{"cache", required_argument, 0, 'T'},
 {"repair", required_argument, 0, 'r'},
 {"output", required_argument, 0, OPTION_OUTPUT},
 {"object", required_argument, 0, OPTION_OBJECT},
@@ -813,20 +815,38 @@ static int img_check(const img_cmd_t *ccmd, int argc, 
char **argv)
 {"force-share", no_argument, 0, 'U'},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":hf:r:T:qU",
+c = getopt_long(argc, argv, "hf:r:T:qU",
 long_options, _index);
 if (c == -1) {
 break;
 }
 switch(c) {
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
 case 'h':
-help();
+cmd_help(ccmd,
+"[-f FMT | --image-opts] [-T CACHE_MODE] [-r] [-u]\n"
+"[--output human|json] [--object OBJDEF] FILENAME\n"
+,
+"  -q, --quiet\n"
+" quiet operations\n"
+"  -f, --format FMT\n"
+" specifies format of the image explicitly\n"
+"  --image-opts\n"
+" indicates that FILENAME is a complete image specification\n"
+" instead of a file name (incompatible with --format)\n"
+"  -T, --cache CACHE_MODE\n"
+" image cache mode (" BDRV_DEFAULT_CACHE ")\n"
+"  -U, --force-share\n"
+" open image in shared mode for concurrent access\n"
+"  --output human|json\n"
+" output format\n"
+"  -r, --repair leaks|all\n"
+" repair particular aspect of the image\n"
+" (image will be open in read-write mode, incompatible with 
--force-share)\n"
+"  --object OBJDEF\n"
+" QEMU user-creatable object (eg encryption key)\n"
+"  FILENAME\n"
+" the image file (or image specification) to operate on\n"
+);
 break;
 case 'f':
 fmt = optarg;
@@ -861,6 +881,8 @@ static int img_check(const img_cmd_t *ccmd, int argc, char 
**argv)
 case OPTION_IMAGE_OPTS:
 image_opts = true;
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 if (optind != argc - 1) {
-- 
2.39.2

[PATCH 05/27] qemu-img: create: refresh options/--help

[Michael Tokarev]

Create helper function cmd_help() to display command-specific
help text, and use it to print --help for 'create' subcommand.

Add missing long options (eg --format) in img_create().

Remove usage of missing_argument()/unrecognized_option() in
img_create().

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 69 +++---
 1 file changed, 61 insertions(+), 8 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index e8234104e5..7ed5e6d1a8 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -132,6 +132,32 @@ void unrecognized_option(const char *option)
 error_exit("qemu-img", "unrecognized option '%s'", option);
 }
 
+/*
+ * Print --help output for a command and exit.
+ * syntax and description are multi-line with trailing EOL
+ * (to allow easy extending of the text)
+ * syntax has each subsequent line indented by 8 chars.
+ * desrciption is indented by 2 chars for argument on each own line,
+ * and with 5 chars for argument description (like -h arg below).
+ */
+static G_NORETURN
+void cmd_help(const img_cmd_t *ccmd,
+  const char *syntax, const char *arguments)
+{
+printf(
+"Usage:\n"
+"\n"
+"  %s %s %s"
+"\n"
+"Arguments:\n"
+"  -h, --help\n"
+" print this help and exit\n"
+"%s\n",
+   "qemu-img", ccmd->name,
+   syntax, arguments);
+exit(EXIT_SUCCESS);
+}
+
 /* Please keep in synch with docs/tools/qemu-img.rst */
 static G_NORETURN
 void help(void)
@@ -530,23 +556,48 @@ static int img_create(const img_cmd_t *ccmd, int argc, 
char **argv)
 for(;;) {
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
+{"quiet", no_argument, 0, 'q'},
 {"object", required_argument, 0, OPTION_OBJECT},
+{"format", required_argument, 0, 'f'},
+{"backing", required_argument, 0, 'b'},
+{"backing-format", required_argument, 0, 'F'},
+{"backing-unsafe", no_argument, 0, 'u'},
+{"options", required_argument, 0, 'o'},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":F:b:f:ho:qu",
+c = getopt_long(argc, argv, "F:b:f:ho:qu",
 long_options, NULL);
 if (c == -1) {
 break;
 }
 switch(c) {
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
 case 'h':
-help();
+cmd_help(ccmd,
+"[-f FMT] [-o FMT_OPTS] [-b BACKING_FILENAME [-F BACKING_FMT]]\n"
+"[--object OBJDEF] [-u] FILENAME [SIZE[bkKMGTPE]]\n"
+,
+"  -q, --quiet\n"
+" quiet operations\n"
+"  -f, --format FMT\n"
+" specifies format of the new image, default is raw\n"
+"  -o, --options FMT_OPTS\n"
+" format-specific options ('-o list' for list)\n"
+"  -b, --backing BACKING_FILENAME\n"
+" stack new image on top of BACKING_FILENAME\n"
+" (for formats which support stacking)\n"
+"  -F, --backing-format BACKING_FMT\n"
+" specify format of BACKING_FILENAME\n"
+"  -u, --backing-unsafe\n"
+" do not fail if BACKING_FMT can not be read\n"
+"  --object OBJDEF\n"
+" QEMU user-creatable object (eg encryption key)\n"
+"  FILENAME\n"
+" image file to create.  It will be overridden if exists\n"
+"  SIZE\n"
+" image size with optional suffix (multiplies in 1024)\n"
+" SIZE is required unless BACKING_IMG is specified,\n"
+" in which case it will be the same as size of BACKING_IMG\n"
+);
 break;
 case 'F':
 base_fmt = optarg;
@@ -571,6 +622,8 @@ static int img_create(const img_cmd_t *ccmd, int argc, char 
**argv)
 case OPTION_OBJECT:
 user_creatable_process_cmdline(optarg);
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 
-- 
2.39.2

[PATCH 11/27] qemu-img: convert: refresh options/--help

[Michael Tokarev]

Add missing long options and --help output.

convert uses -B for --backing, - why not -b?

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 90 --
 1 file changed, 81 insertions(+), 9 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index ea66bfa195..0a32d890e3 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -2404,30 +2404,100 @@ static int img_convert(const img_cmd_t *ccmd, int 
argc, char **argv)
 for(;;) {
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
+{"quiet", no_argument, 0, 'q'},
 {"object", required_argument, 0, OPTION_OBJECT},
 {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
+{"source-image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
+{"source-format", required_argument, 0, 'f'},
+{"source-cache", required_argument, 0, 'T'},
+{"snapshot", required_argument, 0, 'l'},
+{"sparse-size", required_argument, 0, 'S'},
+{"output-format", required_argument, 0, 'O'},
+{"options", required_argument, 0, 'o'},
+{"output-cache", required_argument, 0, 't'},
+{"backing", required_argument, 0, 'B'},
+{"backing-format", required_argument, 0, 'F'},
 {"force-share", no_argument, 0, 'U'},
 {"target-image-opts", no_argument, 0, OPTION_TARGET_IMAGE_OPTS},
 {"salvage", no_argument, 0, OPTION_SALVAGE},
 {"target-is-zero", no_argument, 0, OPTION_TARGET_IS_ZERO},
 {"bitmaps", no_argument, 0, OPTION_BITMAPS},
 {"skip-broken-bitmaps", no_argument, 0, OPTION_SKIP_BROKEN},
+{"rate", required_argument, 0, 'r'},
+{"parallel", required_argument, 0, 'm'},
+{"oob-writes", no_argument, 0, 'W'},
+{"copy-range-offloading", no_argument, 0, 'C'},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":hf:O:B:CcF:o:l:S:pt:T:qnm:WUr:",
+c = getopt_long(argc, argv, "hf:O:B:CcF:o:l:S:pt:T:qnm:WUr:",
 long_options, NULL);
 if (c == -1) {
 break;
 }
-switch(c) {
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
+switch (c) {
 case 'h':
-help();
+cmd_help(ccmd,
+"[-f SRC_FMT|--image-opts] [-T SRC_CACHE] [--bitmaps 
[--skip-broken-bitmaps]]\n"
+"[-o TGT_OPTS|--target-image-opts] [-t TGT_CACHE] [-n]\n"
+"[-B BACKING_FILENAME [-F BACKING_FMT]]\n"
+"SRC_FILENAME [SRC_FILENAME2 [...]] TGT_FILENAME\n"
+,
+"  -q, --quiet\n"
+" quiet operations\n"
+"  -p, --progress\n"
+" show operation progress\n"
+"  -f, --source-format SRC_FMT\n"
+" specify SRC_FILENAME source image format explicitly\n"
+"  --source-image-opts\n"
+" indicates that SRC_FILENAME is a complete image specification\n"
+" instead of a file name (incompatible with --source-format)\n"
+"  -l, --source-snapshot SNAPSHOT_PARAMS\n"
+" specify source snapshot parameters\n"
+"  -T, --source-cache SRC_CACHE\n"
+" source image(s) cache mode (" BDRV_DEFAULT_CACHE ")\n"
+"  -O, --target-format TGT_FMT\n"
+" specify TGT_FILENAME image format (default is raw)\n"
+"  --target-image-opts\n"
+" indicates that TGT_FILENAME is a complete image specification\n"
+" instead of a file name (incompatible with --output-format)\n"
+"  -o, --target-options TGT_OPTS\n"
+" TARGET_FMT-specific options\n"
+"  -c, --compress\n"
+" create compressed output image (qcow and qcow2 format only)\n"
+"  -t, --target-cache TGT_CACHE\n"
+" cache mode when opening output image (unsafe)\n"
+"  -B, --backing BACKING_FILENAME\n"
+" create output to be a CoW on top of BACKING_FILENAME\n"
+"  -F, --backing-format BACKING_FMT\n"
+" specify BACKING_FILENAME image format explicitly\n"
+"  -n, --no-create\n"
+" omit target volume creation (eg on rbd)\n"
+"  --target-is-zero\n"
+"  -S, --sparse-size SPARSE_SIZE\n"
+" XXX todo\n"
+"  --bitmaps\n"
+" also copy any persistent bitmaps present in source\n"
+"  --skip-broken-bitmaps\n"
+" ski

[PATCH 08/27] qemu-img: simplify --repair error message

[Michael Tokarev]

Signed-off-by: Michael Tokarev 
Reviewed-by: Daniel P. Berrangé 
---
 qemu-img.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 1bd88fcf63..9157a6b45d 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -859,8 +859,9 @@ static int img_check(const img_cmd_t *ccmd, int argc, char 
**argv)
 } else if (!strcmp(optarg, "all")) {
 fix = BDRV_FIX_LEAKS | BDRV_FIX_ERRORS;
 } else {
-error_exit(argv[0], "Unknown option value for -r "
-   "(expecting 'leaks' or 'all'): %s", optarg);
+error_exit(argv[0],
+   "--repair (-r) expects 'leaks' or 'all' not '%s'",
+   optarg);
 }
 break;
 case OPTION_OUTPUT:
-- 
2.39.2

[PATCH 06/27] qemu-img: factor out parse_output_format() and use it in the code

[Michael Tokarev]

Use common code and simplify error message

Signed-off-by: Michael Tokarev 
Reviewed-by: Daniel P. Berrangé 
---
 qemu-img.c | 63 --
 1 file changed, 18 insertions(+), 45 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 7ed5e6d1a8..08536553c7 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -158,6 +158,17 @@ void cmd_help(const img_cmd_t *ccmd,
 exit(EXIT_SUCCESS);
 }
 
+static OutputFormat parse_output_format(const char *argv0, const char *arg)
+{
+if (!strcmp(arg, "json")) {
+return OFORMAT_JSON;
+} else if (!strcmp(arg, "human")) {
+return OFORMAT_HUMAN;
+} else {
+error_exit(argv0, "--output expects 'human' or 'json' not '%s'", arg);
+}
+}
+
 /* Please keep in synch with docs/tools/qemu-img.rst */
 static G_NORETURN
 void help(void)
@@ -776,7 +787,7 @@ static int img_check(const img_cmd_t *ccmd, int argc, char 
**argv)
 {
 int c, ret;
 OutputFormat output_format = OFORMAT_HUMAN;
-const char *filename, *fmt, *output, *cache;
+const char *filename, *fmt, *cache;
 BlockBackend *blk;
 BlockDriverState *bs;
 int fix = 0;
@@ -788,7 +799,6 @@ static int img_check(const img_cmd_t *ccmd, int argc, char 
**argv)
 bool force_share = false;
 
 fmt = NULL;
-output = NULL;
 cache = BDRV_DEFAULT_CACHE;
 
 for(;;) {
@@ -834,7 +844,7 @@ static int img_check(const img_cmd_t *ccmd, int argc, char 
**argv)
 }
 break;
 case OPTION_OUTPUT:
-output = optarg;
+output_format = parse_output_format(argv[0], optarg);
 break;
 case 'T':
 cache = optarg;
@@ -858,15 +868,6 @@ static int img_check(const img_cmd_t *ccmd, int argc, char 
**argv)
 }
 filename = argv[optind++];
 
-if (output && !strcmp(output, "json")) {
-output_format = OFORMAT_JSON;
-} else if (output && !strcmp(output, "human")) {
-output_format = OFORMAT_HUMAN;
-} else if (output) {
-error_report("--output must be used with human or json as argument.");
-return 1;
-}
-
 ret = bdrv_parse_cache_mode(cache, , );
 if (ret < 0) {
 error_report("Invalid source cache option: %s", cache);
@@ -3060,13 +3061,12 @@ static int img_info(const img_cmd_t *ccmd, int argc, 
char **argv)
 int c;
 OutputFormat output_format = OFORMAT_HUMAN;
 bool chain = false;
-const char *filename, *fmt, *output;
+const char *filename, *fmt;
 BlockGraphInfoList *list;
 bool image_opts = false;
 bool force_share = false;
 
 fmt = NULL;
-output = NULL;
 for(;;) {
 int option_index = 0;
 static const struct option long_options[] = {
@@ -3101,7 +3101,7 @@ static int img_info(const img_cmd_t *ccmd, int argc, char 
**argv)
 force_share = true;
 break;
 case OPTION_OUTPUT:
-output = optarg;
+output_format = parse_output_format(argv[0], optarg);
 break;
 case OPTION_BACKING_CHAIN:
 chain = true;
@@ -3119,15 +3119,6 @@ static int img_info(const img_cmd_t *ccmd, int argc, 
char **argv)
 }
 filename = argv[optind++];
 
-if (output && !strcmp(output, "json")) {
-output_format = OFORMAT_JSON;
-} else if (output && !strcmp(output, "human")) {
-output_format = OFORMAT_HUMAN;
-} else if (output) {
-error_report("--output must be used with human or json as argument.");
-return 1;
-}
-
 list = collect_image_info_list(image_opts, filename, fmt, chain,
force_share);
 if (!list) {
@@ -3286,7 +3277,7 @@ static int img_map(const img_cmd_t *ccmd, int argc, char 
**argv)
 OutputFormat output_format = OFORMAT_HUMAN;
 BlockBackend *blk;
 BlockDriverState *bs;
-const char *filename, *fmt, *output;
+const char *filename, *fmt;
 int64_t length;
 MapEntry curr = { .length = 0 }, next;
 int ret = 0;
@@ -3296,7 +3287,6 @@ static int img_map(const img_cmd_t *ccmd, int argc, char 
**argv)
 int64_t max_length = -1;
 
 fmt = NULL;
-output = NULL;
 for (;;) {
 int option_index = 0;
 static const struct option long_options[] = {
@@ -3332,7 +3322,7 @@ static int img_map(const img_cmd_t *ccmd, int argc, char 
**argv)
 force_share = true;
 break;
 case OPTION_OUTPUT:
-output = optarg;
+output_format = parse_output_format(argv[0], optarg);
 break;
 case 's':
 start_offset = cvtnum("start offset", optarg);
@@ -3359,15 +3349,6 @@ static int img_map(const img_cmd_t *ccmd, int argc, char 
**argv)
 }
 filename = argv[optind];
 
-if (output && !strcmp(output, "json&qu

[PATCH 15/27] qemu-img: snapshot: make -l (list) the default, simplify option handling

[Michael Tokarev]

When no -l/-a/-c/-d specified, assume -l (list).

Use the same values for SNAPSHOT_LIST/etc constants as the
option chars (lacd), this makes it possible to simplify
option handling a lot, combining cases for 4 options into
one.

Also remove bdrv_oflags handling (only list can use RO mode).

Signed-off-by: Michael Tokarev 
Reviewed-by: Daniel P. Berrangé 
---
 docs/tools/qemu-img.rst |  2 +-
 qemu-img.c  | 52 ++---
 2 files changed, 19 insertions(+), 35 deletions(-)

diff --git a/docs/tools/qemu-img.rst b/docs/tools/qemu-img.rst
index 9b628c4da5..df184d15b9 100644
--- a/docs/tools/qemu-img.rst
+++ b/docs/tools/qemu-img.rst
@@ -256,7 +256,7 @@ Parameters to snapshot subcommand:
 
 .. option:: -l
 
-  Lists all snapshots in the given image
+  Lists all snapshots in the given image (default action)
 
 Command description:
 
diff --git a/qemu-img.c b/qemu-img.c
index 8adc324496..967f6343de 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3585,10 +3585,11 @@ out:
 return ret < 0;
 }
 
-#define SNAPSHOT_LIST   1
-#define SNAPSHOT_CREATE 2
-#define SNAPSHOT_APPLY  3
-#define SNAPSHOT_DELETE 4
+/* the same as options */
+#define SNAPSHOT_LIST   'l'
+#define SNAPSHOT_CREATE 'c'
+#define SNAPSHOT_APPLY  'a'
+#define SNAPSHOT_DELETE 'd'
 
 static int img_snapshot(const img_cmd_t *ccmd, int argc, char **argv)
 {
@@ -3596,7 +3597,7 @@ static int img_snapshot(const img_cmd_t *ccmd, int argc, 
char **argv)
 BlockDriverState *bs;
 QEMUSnapshotInfo sn;
 char *filename, *fmt = NULL, *snapshot_name = NULL;
-int c, ret = 0, bdrv_oflags;
+int c, ret = 0;
 int action = 0;
 bool quiet = false;
 Error *err = NULL;
@@ -3604,7 +3605,6 @@ static int img_snapshot(const img_cmd_t *ccmd, int argc, 
char **argv)
 bool force_share = false;
 int64_t rt;
 
-bdrv_oflags = BDRV_O_RDWR;
 /* Parse commandline parameters */
 for(;;) {
 static const struct option long_options[] = {
@@ -3632,36 +3632,15 @@ static int img_snapshot(const img_cmd_t *ccmd, int 
argc, char **argv)
 case 'f':
 fmt = optarg;
 break;
-case 'l':
-if (action) {
-error_exit(argv[0], "Cannot mix '-l', '-a', '-c', '-d'");
-return 0;
-}
-action = SNAPSHOT_LIST;
-bdrv_oflags &= ~BDRV_O_RDWR; /* no need for RW */
-break;
-case 'a':
+case SNAPSHOT_LIST:
+case SNAPSHOT_APPLY:
+case SNAPSHOT_CREATE:
+case SNAPSHOT_DELETE:
 if (action) {
 error_exit(argv[0], "Cannot mix '-l', '-a', '-c', '-d'");
 return 0;
 }
-action = SNAPSHOT_APPLY;
-snapshot_name = optarg;
-break;
-case 'c':
-if (action) {
-error_exit(argv[0], "Cannot mix '-l', '-a', '-c', '-d'");
-return 0;
-}
-action = SNAPSHOT_CREATE;
-snapshot_name = optarg;
-break;
-case 'd':
-if (action) {
-error_exit(argv[0], "Cannot mix '-l', '-a', '-c', '-d'");
-return 0;
-}
-action = SNAPSHOT_DELETE;
+action = c;
 snapshot_name = optarg;
 break;
 case 'q':
@@ -3684,9 +3663,14 @@ static int img_snapshot(const img_cmd_t *ccmd, int argc, 
char **argv)
 }
 filename = argv[optind++];
 
+if (!action) {
+action = SNAPSHOT_LIST;
+}
+
 /* Open the image */
-blk = img_open(image_opts, filename, fmt, bdrv_oflags, false, quiet,
-   force_share);
+blk = img_open(image_opts, filename, fmt,
+   action == SNAPSHOT_LIST ? 0 : BDRV_O_RDWR,
+   false, quiet, force_share);
 if (!blk) {
 return 1;
 }
-- 
2.39.2

[PATCH 09/27] qemu-img: commit: refresh options/--help

[Michael Tokarev]

Add missing long options and --help output.

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 44 
 1 file changed, 36 insertions(+), 8 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 9157a6b45d..7a111bce72 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1048,24 +1048,50 @@ static int img_commit(const img_cmd_t *ccmd, int argc, 
char **argv)
 for(;;) {
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
+{"quiet", no_argument, 0, 'q'},
 {"object", required_argument, 0, OPTION_OBJECT},
+{"format", required_argument, 0, 'f'},
 {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
+{"cache", required_argument, 0, 't'},
+{"drop", no_argument, 0, 'd'},
+{"base", required_argument, 0, 'b'},
+{"progress", no_argument, 0, 'p'},
+{"rate", required_argument, 0, 'r'},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":f:ht:b:dpqr:",
+c = getopt_long(argc, argv, "f:ht:b:dpqr:",
 long_options, NULL);
 if (c == -1) {
 break;
 }
 switch(c) {
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
 case 'h':
-help();
+cmd_help(ccmd,
+"[-f FMT | --image-opts] [-t CACHE_MODE] [-b BASE_IMG] [-d]\n"
+"[-r RATE] [--object OBJDEF] FILENAME\n"
+,
+"  -q, --quiet\n"
+" quiet operations\n"
+"  -p, --progress\n"
+" show operation progress\n"
+"  -f, --format FMT\n"
+" specify FILENAME image format explicitly\n"
+"  --image-opts\n"
+" indicates that FILENAME is a complete image specification\n"
+" instead of a file name (incompatible with --format)\n"
+"  -t, --cache CACHE_MODE image cache mode (" BDRV_DEFAULT_CACHE ")\n"
+"  -d, --drop\n"
+" skip emptying FILENAME on completion\n"
+"  -b, --base BASE_IMG\n"
+" image in the backing chain to which to commit changes\n"
+" instead of the previous one (implies --drop)\n"
+"  -r, --rate RATE\n"
+" I/O rate limit\n"
+"  --object OBJDEF\n"
+" QEMU user-creatable object (eg encryption key)\n"
+"  FILENAME\n"
+" name of the image file to operate on\n"
+);
 break;
 case 'f':
 fmt = optarg;
@@ -1099,6 +1125,8 @@ static int img_commit(const img_cmd_t *ccmd, int argc, 
char **argv)
 case OPTION_IMAGE_OPTS:
 image_opts = true;
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 
-- 
2.39.2

[PATCH 03/27] qemu-img: global option processing and error printing

[Michael Tokarev]

In order to correctly print executable name in various
error messages, pass argv[0] to error_exit() function.
This way, error messages will refer to actual executable
name, which may be different from 'qemu-img'.

For subcommands, pass original command name from the
qemu-img argv[0], plus the subcommand name, as its own
argv[0] element, so error messages can be more useful.
Also don't require at least 3 options on the command
line: it makes no sense with options before subcommand.

Introduce tryhelp() function which just prints

 try 'command-name --help' for more info

and exits.  When tryhelp() is called from within a subcommand
handler, the message will look like:

 try 'command-name subcommand --help' for more info

qemu-img uses getopt_long() with ':' as the first char in
optstring parameter, which means it doesn't print error
messages but return ':' or '?' instead, and qemu-img uses
unrecognized_option() or missing_argument() function to
print error messages.  But it doesn't quite work:

 $ ./qemu-img -xx
 qemu-img: unrecognized option './qemu-img'

so the aim is to let getopt_long() to print regular error
messages instead (removing ':' prefix from optstring) and
remove handling of '?' and ':' "options" entirely.  With
concatenated argv[0] and the subcommand, it all finally
does the right thing in all cases.  This will be done in
subsequent changes command by command, with main() done
last.

unrecognized_option() and missing_argument() functions
prototypes aren't changed by this patch, since they're
called from many places and will be removed a few patches
later.  Only artifical "qemu-img" argv0 is provided in
there for now.

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 80 +-
 1 file changed, 43 insertions(+), 37 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index fe22986931..130188e287 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -101,8 +101,15 @@ static void format_print(void *opaque, const char *name)
 printf(" %s", name);
 }
 
-static G_NORETURN G_GNUC_PRINTF(1, 2)
-void error_exit(const char *fmt, ...)
+static G_NORETURN
+void tryhelp(const char *argv0)
+{
+error_printf("Try '%s --help' for more info\n", argv0);
+exit(EXIT_FAILURE);
+}
+
+static G_NORETURN G_GNUC_PRINTF(2, 3)
+void error_exit(const char *argv0, const char *fmt, ...)
 {
 va_list ap;
 
@@ -110,20 +117,19 @@ void error_exit(const char *fmt, ...)
 error_vreport(fmt, ap);
 va_end(ap);
 
-error_printf("Try 'qemu-img --help' for more information\n");
-exit(EXIT_FAILURE);
+tryhelp(argv0);
 }
 
 static G_NORETURN
 void missing_argument(const char *option)
 {
-error_exit("missing argument for option '%s'", option);
+error_exit("qemu-img", "missing argument for option '%s'", option);
 }
 
 static G_NORETURN
 void unrecognized_option(const char *option)
 {
-error_exit("unrecognized option '%s'", option);
+error_exit("qemu-img", "unrecognized option '%s'", option);
 }
 
 /* Please keep in synch with docs/tools/qemu-img.rst */
@@ -576,7 +582,7 @@ static int img_create(int argc, char **argv)
 }
 
 if (optind >= argc) {
-error_exit("Expecting image file name");
+error_exit(argv[0], "Expecting image file name");
 }
 optind++;
 
@@ -588,7 +594,7 @@ static int img_create(int argc, char **argv)
 }
 }
 if (optind != argc) {
-error_exit("Unexpected argument: %s", argv[optind]);
+error_exit(argv[0], "Unexpected argument: %s", argv[optind]);
 }
 
 bdrv_img_create(filename, fmt, base_filename, base_fmt,
@@ -770,7 +776,7 @@ static int img_check(int argc, char **argv)
 } else if (!strcmp(optarg, "all")) {
 fix = BDRV_FIX_LEAKS | BDRV_FIX_ERRORS;
 } else {
-error_exit("Unknown option value for -r "
+error_exit(argv[0], "Unknown option value for -r "
"(expecting 'leaks' or 'all'): %s", optarg);
 }
 break;
@@ -795,7 +801,7 @@ static int img_check(int argc, char **argv)
 }
 }
 if (optind != argc - 1) {
-error_exit("Expecting one image file name");
+error_exit(argv[0], "Expecting one image file name");
 }
 filename = argv[optind++];
 
@@ -1025,7 +1031,7 @@ static int img_commit(int argc, char **argv)
 }
 
 if (optind != argc - 1) {
-error_exit("Expecting one image file name");
+error_exit(argv[0], "Expecting one image file name");
 }
 filename = argv[optind++];
 
@@ -1446,7 +1452,7 @@ static int img_compare(int argc, char **argv)
 
 
 if (optind != argc - 2) {
-error_exit("Expecting two image file names");
+error_exit(argv[0]

[PATCH 04/27] qemu-img: pass current cmd info into command handlers

[Michael Tokarev]

This info will be used to generate --help output.

Signed-off-by: Michael Tokarev 
Reviewed-by: Daniel P. Berrangé 
---
 qemu-img.c | 34 +-
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 130188e287..e8234104e5 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -60,7 +60,7 @@
 
 typedef struct img_cmd_t {
 const char *name;
-int (*handler)(int argc, char **argv);
+int (*handler)(const struct img_cmd_t *ccmd, int argc, char **argv);
 } img_cmd_t;
 
 enum {
@@ -514,7 +514,7 @@ static int64_t cvtnum(const char *name, const char *value)
 return cvtnum_full(name, value, 0, INT64_MAX);
 }
 
-static int img_create(int argc, char **argv)
+static int img_create(const img_cmd_t *ccmd, int argc, char **argv)
 {
 int c;
 int64_t img_size = -1;
@@ -719,7 +719,7 @@ static int collect_image_check(BlockDriverState *bs,
  *  3 - Check completed, image has leaked clusters, but is good otherwise
  * 63 - Checks are not supported by the image format
  */
-static int img_check(int argc, char **argv)
+static int img_check(const img_cmd_t *ccmd, int argc, char **argv)
 {
 int c, ret;
 OutputFormat output_format = OFORMAT_HUMAN;
@@ -951,7 +951,7 @@ static void run_block_job(BlockJob *job, Error **errp)
 }
 }
 
-static int img_commit(int argc, char **argv)
+static int img_commit(const img_cmd_t *ccmd, int argc, char **argv)
 {
 int c, ret, flags;
 const char *filename, *fmt, *cache, *base;
@@ -1358,7 +1358,7 @@ static int check_empty_sectors(BlockBackend *blk, int64_t 
offset,
  * 1 - Images differ
  * >1 - Error occurred
  */
-static int img_compare(int argc, char **argv)
+static int img_compare(const img_cmd_t *ccmd, int argc, char **argv)
 {
 const char *fmt1 = NULL, *fmt2 = NULL, *cache, *filename1, *filename2;
 BlockBackend *blk1, *blk2;
@@ -2234,7 +2234,7 @@ static void set_rate_limit(BlockBackend *blk, int64_t 
rate_limit)
 blk_set_io_limits(blk, );
 }
 
-static int img_convert(int argc, char **argv)
+static int img_convert(const img_cmd_t *ccmd, int argc, char **argv)
 {
 int c, bs_i, flags, src_flags = BDRV_O_NO_SHARE;
 const char *fmt = NULL, *out_fmt = NULL, *cache = "unsafe",
@@ -3002,7 +3002,7 @@ err:
 return NULL;
 }
 
-static int img_info(int argc, char **argv)
+static int img_info(const img_cmd_t *ccmd, int argc, char **argv)
 {
 int c;
 OutputFormat output_format = OFORMAT_HUMAN;
@@ -3227,7 +3227,7 @@ static inline bool entry_mergeable(const MapEntry *curr, 
const MapEntry *next)
 return true;
 }
 
-static int img_map(int argc, char **argv)
+static int img_map(const img_cmd_t *ccmd, int argc, char **argv)
 {
 int c;
 OutputFormat output_format = OFORMAT_HUMAN;
@@ -3376,7 +3376,7 @@ out:
 #define SNAPSHOT_APPLY  3
 #define SNAPSHOT_DELETE 4
 
-static int img_snapshot(int argc, char **argv)
+static int img_snapshot(const img_cmd_t *ccmd, int argc, char **argv)
 {
 BlockBackend *blk;
 BlockDriverState *bs;
@@ -3534,7 +3534,7 @@ static int img_snapshot(int argc, char **argv)
 return 0;
 }
 
-static int img_rebase(int argc, char **argv)
+static int img_rebase(const img_cmd_t *ccmd, int argc, char **argv)
 {
 BlockBackend *blk = NULL, *blk_old_backing = NULL, *blk_new_backing = NULL;
 uint8_t *buf_old = NULL;
@@ -4028,7 +4028,7 @@ out:
 return 0;
 }
 
-static int img_resize(int argc, char **argv)
+static int img_resize(const img_cmd_t *ccmd, int argc, char **argv)
 {
 Error *err = NULL;
 int c, ret, relative;
@@ -4241,7 +4241,7 @@ static int print_amend_option_help(const char *format)
 return 0;
 }
 
-static int img_amend(int argc, char **argv)
+static int img_amend(const img_cmd_t *ccmd, int argc, char **argv)
 {
 Error *err = NULL;
 int c, ret = 0;
@@ -4505,7 +4505,7 @@ static void bench_cb(void *opaque, int ret)
 }
 }
 
-static int img_bench(int argc, char **argv)
+static int img_bench(const img_cmd_t *ccmd, int argc, char **argv)
 {
 int c, ret = 0;
 const char *fmt = NULL, *filename;
@@ -4775,7 +4775,7 @@ typedef struct ImgBitmapAction {
 QSIMPLEQ_ENTRY(ImgBitmapAction) next;
 } ImgBitmapAction;
 
-static int img_bitmap(int argc, char **argv)
+static int img_bitmap(const img_cmd_t *ccmd, int argc, char **argv)
 {
 Error *err = NULL;
 int c, ret = 1;
@@ -5075,7 +5075,7 @@ static int img_dd_skip(const char *arg,
 return 0;
 }
 
-static int img_dd(int argc, char **argv)
+static int img_dd(const img_cmd_t *ccmd, int argc, char **argv)
 {
 int ret = 0;
 char *arg = NULL;
@@ -5343,7 +5343,7 @@ static void dump_json_block_measure_info(BlockMeasureInfo 
*info)
 g_string_free(str, true);
 }
 
-static int img_measure(int argc, char **argv)
+static int img_measure(const img_cmd_t *ccmd, int argc, char **argv)
 {
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
@@ -5610,7 +5610,7 @@ int main(int argc, char **argv)

[PATCH 10/27] qemu-img: compare: refresh options/--help

[Michael Tokarev]

Signed-off-by: Michael Tokarev 
---
 qemu-img.c | 45 +
 1 file changed, 37 insertions(+), 8 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 7a111bce72..ea66bfa195 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1488,25 +1488,52 @@ static int img_compare(const img_cmd_t *ccmd, int argc, 
char **argv)
 for (;;) {
 static const struct option long_options[] = {
 {"help", no_argument, 0, 'h'},
+{"quiet", no_argument, 0, 'q'},
 {"object", required_argument, 0, OPTION_OBJECT},
+{"cache", required_argument, 0, 'T'},
 {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
+{"a-format", required_argument, 0, 'f'},
+{"left-format", required_argument, 0, 'f'},
+{"b-format", required_argument, 0, 'F'},
+{"right-format", required_argument, 0, 'F'},
 {"force-share", no_argument, 0, 'U'},
+{"strict", no_argument, 0, 's'},
+{"progress", no_argument, 0, 'p'},
 {0, 0, 0, 0}
 };
-c = getopt_long(argc, argv, ":hf:F:T:pqsU",
+c = getopt_long(argc, argv, "hf:F:T:pqsU",
 long_options, NULL);
 if (c == -1) {
 break;
 }
 switch (c) {
-case ':':
-missing_argument(argv[optind - 1]);
-break;
-case '?':
-unrecognized_option(argv[optind - 1]);
-break;
 case 'h':
-help();
+cmd_help(ccmd,
+"[--image-opts | [-f FMT] [-F FMT]] [-s]\n"
+"[-T CACHE] [-U] [--object OBJDEF] FILENAME1 FILENAME2\n"
+,
+"  -q, --quiet\n"
+" quiet operation\n"
+"  -p, --progress\n"
+" show operation progress\n"
+"  -f, --a-format FMT\n"
+" specify FILENAME1 image format explicitly\n"
+"  -F, --b-format FMT\n"
+" specify FILENAME2 image format explicitly\n"
+"  --image-opts\n"
+" indicates that FILENAMEs are complete image specifications\n"
+" instead of file names (incompatible with --a-format and --b-format)\n"
+"  -s, --strict\n"
+" strict mode, also check if sizes are equal\n"
+"  -T, --cache CACHE_MODE\n"
+" images caching mode (" BDRV_DEFAULT_CACHE ")\n"
+"  -U, --force-share\n"
+" open images in shared mode for concurrent access\n"
+"  --object OBJDEF\n"
+" QEMU user-creatable object (eg encryption key)\n"
+"  FILENAME1, FILENAME2\n"
+" image files (or specifications) to compare\n"
+);
 break;
 case 'f':
 fmt1 = optarg;
@@ -1547,6 +1574,8 @@ static int img_compare(const img_cmd_t *ccmd, int argc, 
char **argv)
 case OPTION_IMAGE_OPTS:
 image_opts = true;
 break;
+default:
+tryhelp(argv[0]);
 }
 }
 
-- 
2.39.2

[PATCH 02/27] qemu-img: create: convert img_size to signed, simplify handling

[Michael Tokarev]

Initializing an unsigned as -1, or using temporary
sval for conversion is awkward.  Since we don't allow
other "negative" values anyway, use signed value and
pass it to bdrv_img_create() (where it is properly
converted to unsigned), simplifying code.

Signed-off-by: Michael Tokarev 
Reviewed-by: Daniel P. Berrangé 
---
 qemu-img.c | 9 +++--
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 6e7ac2048f..fe22986931 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -511,7 +511,7 @@ static int64_t cvtnum(const char *name, const char *value)
 static int img_create(int argc, char **argv)
 {
 int c;
-uint64_t img_size = -1;
+int64_t img_size = -1;
 const char *fmt = "raw";
 const char *base_fmt = NULL;
 const char *filename;
@@ -582,13 +582,10 @@ static int img_create(int argc, char **argv)
 
 /* Get image size, if specified */
 if (optind < argc) {
-int64_t sval;
-
-sval = cvtnum("image size", argv[optind++]);
-if (sval < 0) {
+img_size = cvtnum("image size", argv[optind++]);
+if (img_size < 0) {
 goto fail;
 }
-img_size = (uint64_t)sval;
 }
 if (optind != argc) {
 error_exit("Unexpected argument: %s", argv[optind]);
-- 
2.39.2

Re: [PATCH 0/3] Remove useless architecture prefix from the CPU list

[Michael Tokarev]

20.04.2024 08:46, Thomas Huth:

Printing an architecture prefix in front of each CPU name is not helpful
at all: It is confusing for the users since they don't know whether they
have to specify these letters for the "-cpu" parameter, too, and it also
takes some precious space in the dense output of the CPU entries. Let's
simply remove those now.

Thomas Huth (3):
   target/i386/cpu: Remove "x86" prefix from the CPU list
   target/s390x/cpu_models: Rework the output of "-cpu help"
   target/ppc/cpu_init: Remove "PowerPC" prefix from the CPU list


Reviewed-by: Michael Tokarev 

I'll pick it up for trivial-patches after 9.0 is out.

This also reminded me about https://gitlab.com/qemu-project/qemu/-/issues/2141

/mjt

[Stable-7.2.11 45/59] hw/display/virtio-gpu: Protect from DMA re-entrancy bugs

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Replace qemu_bh_new_guarded() by virtio_bh_new_guarded()
so the bus and device use the same guard. Otherwise the
DMA-reentrancy protection can be bypassed:

  $ cat << EOF | qemu-system-i386 -display none -nodefaults \
  -machine q35,accel=qtest \
  -m 512M \
  -device virtio-gpu \
  -qtest stdio
  outl 0xcf8 0x8820
  outl 0xcfc 0xe0004000
  outl 0xcf8 0x8804
  outw 0xcfc 0x06
  write 0xe0004030 0x4 0x024000e0
  write 0xe0004028 0x1 0xff
  write 0xe0004020 0x4 0x9300
  write 0xe000401c 0x1 0x01
  write 0x101 0x1 0x04
  write 0x103 0x1 0x1c
  write 0x9301c8 0x1 0x18
  write 0x105 0x1 0x1c
  write 0x107 0x1 0x1c
  write 0x109 0x1 0x1c
  write 0x10b 0x1 0x00
  write 0x10d 0x1 0x00
  write 0x10f 0x1 0x00
  write 0x111 0x1 0x00
  write 0x113 0x1 0x00
  write 0x115 0x1 0x00
  write 0x117 0x1 0x00
  write 0x119 0x1 0x00
  write 0x11b 0x1 0x00
  write 0x11d 0x1 0x00
  write 0x11f 0x1 0x00
  write 0x121 0x1 0x00
  write 0x123 0x1 0x00
  write 0x125 0x1 0x00
  write 0x127 0x1 0x00
  write 0x129 0x1 0x00
  write 0x12b 0x1 0x00
  write 0x12d 0x1 0x00
  write 0x12f 0x1 0x00
  write 0x131 0x1 0x00
  write 0x133 0x1 0x00
  write 0x135 0x1 0x00
  write 0x137 0x1 0x00
  write 0x139 0x1 0x00
  write 0xe0007003 0x1 0x00
  EOF
  ...
  =
  ==276099==ERROR: AddressSanitizer: heap-use-after-free on address 
0x60d11178
  at pc 0x562cc3b736c7 bp 0x7ffed49dee60 sp 0x7ffed49dee58
  READ of size 8 at 0x60d11178 thread T0
  #0 0x562cc3b736c6 in virtio_gpu_ctrl_response 
hw/display/virtio-gpu.c:180:42
  #1 0x562cc3b7c40b in virtio_gpu_ctrl_response_nodata 
hw/display/virtio-gpu.c:192:5
  #2 0x562cc3b7c40b in virtio_gpu_simple_process_cmd 
hw/display/virtio-gpu.c:1015:13
  #3 0x562cc3b82873 in virtio_gpu_process_cmdq 
hw/display/virtio-gpu.c:1050:9
  #4 0x562cc4a85514 in aio_bh_call util/async.c:169:5
  #5 0x562cc4a85c52 in aio_bh_poll util/async.c:216:13
  #6 0x562cc4a1a79b in aio_dispatch util/aio-posix.c:423:5
  #7 0x562cc4a8a2da in aio_ctx_dispatch util/async.c:358:5
  #8 0x7f36840547a8 in g_main_context_dispatch 
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x547a8)
  #9 0x562cc4a8b753 in glib_pollfds_poll util/main-loop.c:290:9
  #10 0x562cc4a8b753 in os_host_main_loop_wait util/main-loop.c:313:5
  #11 0x562cc4a8b753 in main_loop_wait util/main-loop.c:592:11
  #12 0x562cc3938186 in qemu_main_loop system/runstate.c:782:9
  #13 0x562cc43b7af5 in qemu_default_main system/main.c:37:14
  #14 0x7f3683a6c189 in __libc_start_call_main 
csu/../sysdeps/nptl/libc_start_call_main.h:58:16
  #15 0x7f3683a6c244 in __libc_start_main csu/../csu/libc-start.c:381:3
  #16 0x562cc2a58ac0 in _start (qemu-system-i386+0x231bac0)

  0x60d11178 is located 56 bytes inside of 136-byte region 
[0x60d11140,0x60d111c8)
  freed by thread T0 here:
  #0 0x562cc2adb662 in __interceptor_free (qemu-system-i386+0x239e662)
  #1 0x562cc3b86b21 in virtio_gpu_reset hw/display/virtio-gpu.c:1524:9
  #2 0x562cc416e20e in virtio_reset hw/virtio/virtio.c:2145:9
  #3 0x562cc37c5644 in virtio_pci_reset hw/virtio/virtio-pci.c:2249:5
  #4 0x562cc4233758 in memory_region_write_accessor system/memory.c:497:5
  #5 0x562cc4232eea in access_with_adjusted_size system/memory.c:573:18

  previously allocated by thread T0 here:
  #0 0x562cc2adb90e in malloc (qemu-system-i386+0x239e90e)
  #1 0x7f368405a678 in g_malloc 
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5a678)
  #2 0x562cc4163ffc in virtqueue_split_pop hw/virtio/virtio.c:1612:12
  #3 0x562cc4163ffc in virtqueue_pop hw/virtio/virtio.c:1783:16
  #4 0x562cc3b91a95 in virtio_gpu_handle_ctrl 
hw/display/virtio-gpu.c:1112:15
  #5 0x562cc4a85514 in aio_bh_call util/async.c:169:5
  #6 0x562cc4a85c52 in aio_bh_poll util/async.c:216:13
  #7 0x562cc4a1a79b in aio_dispatch util/aio-posix.c:423:5

  SUMMARY: AddressSanitizer: heap-use-after-free hw/display/virtio-gpu.c:180:42 
in virtio_gpu_ctrl_response

With this change, the same reproducer triggers:

  qemu-system-i386: warning: Blocked re-entrant IO on MemoryRegion: 
virtio-pci-common-virtio-gpu at addr: 0x6

Fixes: CVE-2024-3446
Cc: qemu-sta...@nongnu.org
Reported-by: Alexander Bulekov 
Reported-by: Yongkang Jia 
Reported-by: Xiao Lei 
Reported-by: Yiming Tao 
Buglink: https://bugs.launchpad.net/qemu/+bug/1888606
Reviewed-by: Gerd Hoffmann 
Acked-by: Michael S. Tsirkin 
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Michael S. Tsirkin 
Message-Id: <20240409105537.18308-3-phi...@linaro.org>
(cherry picked from commit ba28e0ff4d95b56dc334aac2730ab3651ffc3132)
Signed-off-by: Michael Tokarev 
(Mjt: context fixup in hw/display/virtio-gpu.c:virtio_gpu_device_realize()
 due to missing v8.1.0-rc2-69-ga41e2d97f92b