qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 3a2d50: block: Fix locking in media change mo


From: Niklas Cassel
Subject: [Qemu-commits] [qemu/qemu] 3a2d50: block: Fix locking in media change monitor commands
Date: Thu, 09 Nov 2023 06:38:40 -0800

  Branch: refs/heads/staging-8.1
  Home:   https://github.com/qemu/qemu
  Commit: 3a2d501916dd392af400a6748fc5efb8baef05f2
      
https://github.com/qemu/qemu/commit/3a2d501916dd392af400a6748fc5efb8baef05f2
  Author: Kevin Wolf <kwolf@redhat.com>
  Date:   2023-11-01 (Wed, 01 Nov 2023)

  Changed paths:
    M block/qapi-sysemu.c

  Log Message:
  -----------
  block: Fix locking in media change monitor commands

blk_insert_bs() requires that the caller holds the AioContext lock for
the node to be inserted. Since commit c066e808e11, neglecting to do so
causes a crash when the child has to be moved to a different AioContext
to attach it to the BlockBackend.

This fixes qmp_blockdev_insert_anon_medium(), which is called for the
QMP commands 'blockdev-insert-medium' and 'blockdev-change-medium', to
correctly take the lock.

Cc: qemu-stable@nongnu.org
Fixes: https://issues.redhat.com/browse/RHEL-3922
Fixes: c066e808e11a5c181b625537b6c78e0de27a4801
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20231013153302.39234-2-kwolf@redhat.com>
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit fed824501501518b1ad3dc08a39f8f855508190d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: de18cbdaf21ae64c6b776e16bcc62f63b46a9661
      
https://github.com/qemu/qemu/commit/de18cbdaf21ae64c6b776e16bcc62f63b46a9661
  Author: Akihiko Odaki <akihiko.odaki@daynix.com>
  Date:   2023-11-01 (Wed, 01 Nov 2023)

  Changed paths:
    M tests/tcg/Makefile.target
    M tests/tcg/aarch64/Makefile.target
    M tests/tcg/arm/Makefile.target
    M tests/tcg/cris/Makefile.target
    M tests/tcg/hexagon/Makefile.target
    M tests/tcg/i386/Makefile.target
    M tests/tcg/minilib/Makefile.target
    M tests/tcg/mips/Makefile.target
    M tests/tcg/mips/hello-mips.c

  Log Message:
  -----------
  tests/tcg: Add -fno-stack-protector

A build of GCC 13.2 will have stack protector enabled by default if it
was configured with --enable-default-ssp option. For such a compiler,
it is necessary to explicitly disable stack protector when linking
without standard libraries.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20230731091042.139159-3-akihiko.odaki@daynix.com>
[AJB: fix comment string typo]
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231029145033.592566-3-alex.bennee@linaro.org>
(cherry picked from commit 580731dcc87eb27a2b0dc20ec331f1ce51864c97)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: bd8d9c618a1921355c94adb6ab07de8540f02f6e
      
https://github.com/qemu/qemu/commit/bd8d9c618a1921355c94adb6ab07de8540f02f6e
  Author: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
  Date:   2023-11-01 (Wed, 01 Nov 2023)

  Changed paths:
    M qemu-img.c

  Log Message:
  -----------
  qemu-img: rebase: stop when reaching EOF of old backing file

In case when we're rebasing within one backing chain, and when target image
is larger than old backing file, bdrv_is_allocated_above() ends up setting
*pnum = 0.  As a result, target offset isn't getting incremented, and we
get stuck in an infinite for loop.  Let's detect this case and proceed
further down the loop body, as the offsets beyond the old backing size need
to be explicitly zeroed.

Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
Message-ID: <20230919165804.439110-2-andrey.drobyshev@virtuozzo.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 8b097fd6b06ec295faefd4f30f96f8709abc9605)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: b7867c82624547763a187d284ed7ab3a5516a57f
      
https://github.com/qemu/qemu/commit/b7867c82624547763a187d284ed7ab3a5516a57f
  Author: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
  Date:   2023-11-01 (Wed, 01 Nov 2023)

  Changed paths:
    M tests/qemu-iotests/024
    M tests/qemu-iotests/024.out

  Log Message:
  -----------
  qemu-iotests: 024: add rebasing test case for overlay_size > backing_size

Before previous commit, rebase was getting infitely stuck in case of
rebasing within the same backing chain and when overlay_size > backing_size.
Let's add this case to the rebasing test 024 to make sure it doesn't
break again.

Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
Message-ID: <20230919165804.439110-3-andrey.drobyshev@virtuozzo.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 827171c3180533f4ad0bc338ea166f401bb5d348)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: baf28675da28b6713d99b2a4d8ab6ffde1a70cb1
      
https://github.com/qemu/qemu/commit/baf28675da28b6713d99b2a4d8ab6ffde1a70cb1
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M target/arm/tcg/translate-sve.c
    M tests/tcg/aarch64/Makefile.target
    A tests/tcg/aarch64/sve-str.c

  Log Message:
  -----------
  target/arm: Fix SVE STR increment

The previous change missed updating one of the increments and
one of the MemOps.  Add a test case for all vector lengths.

Cc: qemu-stable@nongnu.org
Fixes: e6dd5e782be ("target/arm: Use tcg_gen_qemu_{ld, st}_i128 in gen_sve_{ld, 
st}r")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231031143215.29764-1-richard.henderson@linaro.org
[PMM: fixed checkpatch nit]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit b11293c212c2927fcea1befc50dabec9baba4fcc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: context fix in tests/tcg/aarch64/Makefile.target)
Tested-by: Alex Bennée <alex.bennee@linaro.org>


  Commit: 155856d890296f2ce3de0af67d1631ebfc9c060c
      
https://github.com/qemu/qemu/commit/155856d890296f2ce3de0af67d1631ebfc9c060c
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M target/arm/internals.h
    M target/arm/ptw.c

  Log Message:
  -----------
  target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk

In a two-stage translation, the result of the BTI guarded bit should
be the guarded bit from the first stage of translation, as there is
no BTI guard information in stage two.  Our code tried to do this,
but got it wrong, because we currently have two fields where the GP
bit information might live (ARMCacheAttrs::guarded and
CPUTLBEntryFull::extra::arm::guarded), and we were storing the GP bit
in the latter during the stage 1 walk but trying to copy the former
in combine_cacheattrs().

Remove the duplicated storage, and always use the field in
CPUTLBEntryFull; correctly propagate the stage 1 value to the output
in get_phys_addr_twostage().

Note for stable backports: in v8.0 and earlier the field is named
result->f.guarded, not result->f.extra.arm.guarded.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1950
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231031173723.26582-1-peter.maydell@linaro.org
(cherry picked from commit 4c09abeae8704970ff03bf2196973f6bf08ab6f9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: replace f.extra.arm.guarded -> f.guarded due to v8.1.0-1179-ga81fef4b64)


  Commit: 6ede082daf431c4a7bc03f07f7f4436fe6097b42
      
https://github.com/qemu/qemu/commit/6ede082daf431c4a7bc03f07f7f4436fe6097b42
  Author: Cédric Le Goater <clg@redhat.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M block/parallels-ext.c
    M block/vdi.c
    M hw/core/qdev-properties-system.c
    M hw/hyperv/vmbus.c
    M include/qemu/uuid.h
    M migration/savevm.c
    M tests/unit/test-uuid.c
    M util/uuid.c

  Log Message:
  -----------
  util/uuid: Add UUID_STR_LEN definition

qemu_uuid_unparse() includes a trailing NUL when writing the uuid
string and the buffer size should be UUID_FMT_LEN + 1 bytes. Add a
define for this size and use it where required.

Cc: Fam Zheng <fam@euphon.net>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: "Denis V. Lunev" <den@openvz.org>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
(cherry picked from commit 721da0396cfa0a4859cefb57e32cc79d19d80f54)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 47c408b80e2eb6b970df27970778a626229a6afb
      
https://github.com/qemu/qemu/commit/47c408b80e2eb6b970df27970778a626229a6afb
  Author: Cédric Le Goater <clg@redhat.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M hw/vfio/pci.c

  Log Message:
  -----------
  vfio/pci: Fix buffer overrun when writing the VF token

qemu_uuid_unparse() includes a trailing NUL when writing the uuid
string and the buffer size should be UUID_FMT_LEN + 1 bytes. Use the
recently added UUID_STR_LEN which defines the correct size.

Fixes: CID 1522913
Fixes: 2dca1b37a760 ("vfio/pci: add support for VF token")
Cc: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: "Denis V. Lunev" <den@openvz.org>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
(cherry picked from commit f8d6f3b16c37bd516a026e92a31dade5d761d3a6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 5f0083a95d86e97f98e68c92e6e3aa06ce7e6c7f
      
https://github.com/qemu/qemu/commit/5f0083a95d86e97f98e68c92e6e3aa06ce7e6c7f
  Author: Cédric Le Goater <clg@redhat.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M include/qemu/uuid.h

  Log Message:
  -----------
  util/uuid: Remove UUID_FMT_LEN

Dangerous and now unused.

Cc: Fam Zheng <fam@euphon.net>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: "Denis V. Lunev" <den@openvz.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
(cherry picked from commit 4ef9d97b1a37b8cfd152cc3ac5f9576e406868b1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 3321ec125f06b116c4baf9da7568b7c69fa34813
      
https://github.com/qemu/qemu/commit/3321ec125f06b116c4baf9da7568b7c69fa34813
  Author: David Woodhouse <dwmw@amazon.co.uk>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M target/i386/kvm/xen-emu.c

  Log Message:
  -----------
  i386/xen: Don't advertise XENFEAT_supervisor_mode_kernel

This confuses lscpu into thinking it's running in PVH mode.

Cc: qemu-stable@nongnu.org
Fixes: bedcc139248 ("i386/xen: implement HYPERVISOR_xen_version")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit e969f992c6562222e245dd8557f5b132a11ec29c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 91d789a891a45ea92f5d385f64db2d8d644a077b
      
https://github.com/qemu/qemu/commit/91d789a891a45ea92f5d385f64db2d8d644a077b
  Author: David Woodhouse <dwmw@amazon.co.uk>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M target/i386/kvm/xen-emu.c

  Log Message:
  -----------
  i386/xen: fix per-vCPU upcall vector for Xen emulation

The per-vCPU upcall vector support had three problems. Firstly it was
using the wrong hypercall argument and would always return -EFAULT when
the guest tried to set it up. Secondly it was using the wrong ioctl() to
pass the vector to the kernel and thus the *kernel* would always return
-EINVAL. Finally, even when delivering the event directly from userspace
with an MSI, it put the destination CPU ID into the wrong bits of the
MSI address.

Linux doesn't (yet) use this mode so it went without decent testing
for a while.

Cc: qemu-stable@nongnu.org
Fixes: 105b47fdf2d0 ("i386/xen: implement HVMOP_set_evtchn_upcall_vector")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit e7dbb62ff19ce55548c785d76e814e7b144e6217)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 5450203719f64907e0498eddabae15eadd4aee07
      
https://github.com/qemu/qemu/commit/5450203719f64907e0498eddabae15eadd4aee07
  Author: David Woodhouse <dwmw@amazon.co.uk>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M hw/i386/kvm/xen_evtchn.c
    M include/sysemu/kvm_xen.h
    M target/i386/kvm/xen-emu.c

  Log Message:
  -----------
  hw/xen: select kernel mode for per-vCPU event channel upcall vector

A guest which has configured the per-vCPU upcall vector may set the
HVM_PARAM_CALLBACK_IRQ param to fairly much anything other than zero.

For example, Linux v6.0+ after commit b1c3497e604 ("x86/xen: Add support
for HVMOP_set_evtchn_upcall_vector") will just do this after setting the
vector:

       /* Trick toolstack to think we are enlightened. */
       if (!cpu)
               rc = xen_set_callback_via(1);

That's explicitly setting the delivery to GSI#1, but it's supposed to be
overridden by the per-vCPU vector setting. This mostly works in Qemu
*except* for the logic to enable the in-kernel handling of event channels,
which falsely determines that the kernel cannot accelerate GSI delivery
in this case.

Add a kvm_xen_has_vcpu_callback_vector() to report whether vCPU#0 has
the vector set, and use that in xen_evtchn_set_callback_param() to
enable the kernel acceleration features even when the param *appears*
to be set to target a GSI.

Preserve the Xen behaviour that when HVM_PARAM_CALLBACK_IRQ is set to
*zero* the event channel delivery is disabled completely. (Which is
what that bizarre guest behaviour is working round in the first place.)

Cc: qemu-stable@nongnu.org
Fixes: 91cce756179 ("hw/xen: Add xen_evtchn device for event channel emulation")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit 18e83f28bf39ffd2784aeb2e4e229096a86d349b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 0f2dd05b9f9ae554312832e7c3b1eb9b88738fca
      
https://github.com/qemu/qemu/commit/0f2dd05b9f9ae554312832e7c3b1eb9b88738fca
  Author: David Woodhouse <dwmw@amazon.co.uk>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M hw/i386/kvm/xen_gnttab.c

  Log Message:
  -----------
  hw/xen: don't clear map_track[] in xen_gnttab_reset()

The refcounts actually correspond to 'active_ref' structures stored in a
GHashTable per "user" on the backend side (mostly, per XenDevice).

If we zero map_track[] on reset, then when the backend drivers get torn
down and release their mapping we hit the assert(s->map_track[ref] != 0)
in gnt_unref().

So leave them in place. Each backend driver will disconnect and reconnect
as the guest comes back up again and reconnects, and it all works out OK
in the end as the old refs get dropped.

Cc: qemu-stable@nongnu.org
Fixes: de26b2619789 ("hw/xen: Implement soft reset for emulated gnttab")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit 3de75ed352411899dbc9222e82fe164890c77e78)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: b644416ec6d171a5befda4faf7c7ac90cf413a0c
      
https://github.com/qemu/qemu/commit/b644416ec6d171a5befda4faf7c7ac90cf413a0c
  Author: David Woodhouse <dwmw@amazon.co.uk>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M hw/i386/kvm/xen_xenstore.c

  Log Message:
  -----------
  hw/xen: fix XenStore watch delivery to guest

When fire_watch_cb() found the response buffer empty, it would call
deliver_watch() to generate the XS_WATCH_EVENT message in the response
buffer and send an event channel notification to the guest… without
actually *copying* the response buffer into the ring. So there was
nothing for the guest to see. The pending response didn't actually get
processed into the ring until the guest next triggered some activity
from its side.

Add the missing call to put_rsp().

It might have been slightly nicer to call xen_xenstore_event() here,
which would *almost* have worked. Except for the fact that it calls
xen_be_evtchn_pending() to check that it really does have an event
pending (and clear the eventfd for next time). And under Xen it's
defined that setting that fd to O_NONBLOCK isn't guaranteed to work,
so the emu implementation follows suit.

This fixes Xen device hot-unplug.

Cc: qemu-stable@nongnu.org
Fixes: 0254c4d19df ("hw/xen: Add xenstore wire implementation and 
implementation stubs")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit 4a5780f52095f1daf23618dc6198a2a1665ea505)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 30a4cc2723c67f4c99633e9695835ddb6fcdbfe0
      
https://github.com/qemu/qemu/commit/30a4cc2723c67f4c99633e9695835ddb6fcdbfe0
  Author: David Woodhouse <dwmw@amazon.co.uk>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M hw/i386/kvm/xen_evtchn.c

  Log Message:
  -----------
  hw/xen: take iothread mutex in xen_evtchn_reset_op()

The xen_evtchn_soft_reset() function requires the iothread mutex, but is
also called for the EVTCHNOP_reset hypercall. Ensure the mutex is taken
in that case.

Cc: qemu-stable@nongnu.org
Fixes: a15b10978fe6 ("hw/xen: Implement EVTCHNOP_reset")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit debc995e883b05c2fd02fb797a61ab1328e5bae2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 287303495cbf7b554d193da7d76b226f2de86b59
      
https://github.com/qemu/qemu/commit/287303495cbf7b554d193da7d76b226f2de86b59
  Author: David Woodhouse <dwmw@amazon.co.uk>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M hw/block/xen-block.c

  Log Message:
  -----------
  hw/xen: use correct default protocol for xen-block on x86

Even on x86_64 the default protocol is the x86-32 one if the guest doesn't
specifically ask for x86-64.

Cc: qemu-stable@nongnu.org
Fixes: b6af8926fb85 ("xen: add implementations of xen-block connect and 
disconnect functions...")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit a1c1082908dde4867b1ac55f546bea0c17d52318)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: a89c8b96a8f6116e6b4325cca74f563868f25c58
      
https://github.com/qemu/qemu/commit/a89c8b96a8f6116e6b4325cca74f563868f25c58
  Author: Marc-André Lureau <marcandre.lureau@redhat.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M hw/display/virtio-gpu.c

  Log Message:
  -----------
  virtio-gpu: block migration of VMs with blob=true

"blob" resources don't have an associated pixman image:

#0  pixman_image_get_stride (image=0x0) at ../pixman/pixman-image.c:921
#1  0x0000562327c25236 in virtio_gpu_save (f=0x56232bb13b00, 
opaque=0x56232b555a60, size=0, field=0x5623289ab6c8 <__compound_literal.3+104>, 
vmdesc=0x56232ab59fe0) at ../hw/display/virtio-gpu.c:1225

Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=2236353

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit 9c549ab6895a43ad0cb33e684e11cdb0b5400897)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 1f560fa2761e023ae19f5c178e2ecfc0df74e54d
      
https://github.com/qemu/qemu/commit/1f560fa2761e023ae19f5c178e2ecfc0df74e54d
  Author: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M block/nvme.c

  Log Message:
  -----------
  block/nvme: nvme_process_completion() fix bound for cid

NVMeQueuePair::reqs has length NVME_NUM_REQS, which less than
NVME_QUEUE_SIZE by 1.

Fixes: 1086e95da17050 ("block/nvme: switch to a NVMeRequest freelist")
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Maksim Davydov <davydov-max@yandex-team.ru>
Message-id: 20231017125941.810461-5-vsementsov@yandex-team.ru
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit cc8fb0c3ae3c950eb40e969607e17ff16a7519ac)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: fe8eb3187c35189a3bde8775696468c84a89e96f
      
https://github.com/qemu/qemu/commit/fe8eb3187c35189a3bde8775696468c84a89e96f
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M target/arm/tcg/a64.decode
    M target/arm/tcg/translate.h

  Log Message:
  -----------
  target/arm: Fix A64 LDRA immediate decode

In commit be23a049 in the conversion to decodetree we broke the
decoding of the immediate value in the LDRA instruction.  This should
be a 10 bit signed value that is scaled by 8, but in the conversion
we incorrectly ended up scaling it only by 2.  Fix the scaling
factor.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1970
Fixes: be23a049 ("target/arm: Convert load (pointer auth) insns to decodetree")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231106113445.1163063-1-peter.maydell@linaro.org
(cherry picked from commit 5722fc471296d5f042df4b005a851cc8008df0c9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: cc9f53b3ec140b07328e38167dc44f37f63b7781
      
https://github.com/qemu/qemu/commit/cc9f53b3ec140b07328e38167dc44f37f63b7781
  Author: Jean-Louis Dupond <jean-louis@dupond.be>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M block/qcow2-cluster.c
    M qapi/block-core.json
    M qemu-options.hx

  Log Message:
  -----------
  qcow2: keep reference on zeroize with discard-no-unref enabled

When the discard-no-unref flag is enabled, we keep the reference for
normal discard requests.
But when a discard is executed on a snapshot/qcow2 image with backing,
the discards are saved as zero clusters in the snapshot image.

When committing the snapshot to the backing file, not
discard_in_l2_slice is called but zero_in_l2_slice. Which did not had
any logic to keep the reference when discard-no-unref is enabled.

Therefor we add logic in the zero_in_l2_slice call to keep the reference
on commit.

Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1621
Signed-off-by: Jean-Louis Dupond <jean-louis@dupond.be>
Message-Id: <20231003125236.216473-2-jean-louis@dupond.be>
[hreitz: Made the documentation change more verbose, as discussed
         on-list]
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
(cherry picked from commit b2b109041ecd1095384f5be5bb9badd13c1cf286)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: a753815aa8b2ce9d72a7494c940485b5d885ba98
      
https://github.com/qemu/qemu/commit/a753815aa8b2ce9d72a7494c940485b5d885ba98
  Author: Sam Li <faithilikerun@gmail.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M block/file-posix.c

  Log Message:
  -----------
  block/file-posix: fix update_zones_wp() caller

When the zoned request fail, it needs to update only the wp of
the target zones for not disrupting the in-flight writes on
these other zones. The wp is updated successfully after the
request completes.

Fixed the callers with right offset and nr_zones.

Signed-off-by: Sam Li <faithilikerun@gmail.com>
Message-Id: <20230825040556.4217-1-faithilikerun@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
[hreitz: Rebased and fixed comment spelling]
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
(cherry picked from commit 10b9e0802a074c991e1ce485631d75641d0b0f9e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: bcc9879c1c83c930c656f57e5444e1adc18c206f
      
https://github.com/qemu/qemu/commit/bcc9879c1c83c930c656f57e5444e1adc18c206f
  Author: Naohiro Aota <nao.aota@gmail.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M block/file-posix.c

  Log Message:
  -----------
  file-posix: fix over-writing of returning zone_append offset

raw_co_zone_append() sets "s->offset" where "BDRVRawState *s". This pointer
is used later at raw_co_prw() to save the block address where the data is
written.

When multiple IOs are on-going at the same time, a later IO's
raw_co_zone_append() call over-writes a former IO's offset address before
raw_co_prw() completes. As a result, the former zone append IO returns the
initial value (= the start address of the writing zone), instead of the
proper address.

Fix the issue by passing the offset pointer to raw_co_prw() instead of
passing it through s->offset. Also, remove "offset" from BDRVRawState as
there is no usage anymore.

Fixes: 4751d09adcc3 ("block: introduce zone append write for zoned devices")
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Message-Id: <20231030073853.2601162-1-naohiro.aota@wdc.com>
Reviewed-by: Sam Li <faithilikerun@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
(cherry picked from commit ad4feaca61d76fecad784e6d5e7bae40d0411c46)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: e301a77abb4a51aac4ea58c148f7ec1f47fc1c35
      
https://github.com/qemu/qemu/commit/e301a77abb4a51aac4ea58c148f7ec1f47fc1c35
  Author: BALATON Zoltan <balaton@eik.bme.hu>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M hw/display/ati.c
    M hw/display/ati_2d.c
    M hw/display/ati_int.h

  Log Message:
  -----------
  ati-vga: Implement fallback for pixman routines

Pixman routines can fail if no implementation is available and it will
become optional soon so add fallbacks when pixman does not work.

Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: 
<ed0fba3f74e48143f02228b83bf8796ca49f3e7d.1698871239.git.balaton@eik.bme.hu>
(cherry picked from commit 08730ee0cc01c3fceb907a93436d15170a7556c4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 30d90aebcd505cd0f0bcaa20e4ff488af778d11f
      
https://github.com/qemu/qemu/commit/30d90aebcd505cd0f0bcaa20e4ff488af778d11f
  Author: Marc-André Lureau <marcandre.lureau@redhat.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M ui/gtk.c

  Log Message:
  -----------
  ui/gtk: force realization of drawing area

Fixes the GL context creation from a widget that isn't yet realized (in
a hidden tab for example).

Resolves:
https://gitlab.com/qemu-project/qemu/-/issues/1727

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Antonio Caggiano <quic_acaggian@quicinc.com>
Message-Id: <20231017111642.1155545-1-marcandre.lureau@redhat.com>
(cherry picked from commit 565f85a9c293818a91a3d3414311303de7e00cec)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 801b7e43905b180d1012ce394e7af9eb2eb7b826
      
https://github.com/qemu/qemu/commit/801b7e43905b180d1012ce394e7af9eb2eb7b826
  Author: Dongwon Kim <dongwon.kim@intel.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M ui/gtk-egl.c

  Log Message:
  -----------
  ui/gtk-egl: apply scale factor when calculating window's dimension

Scale factor needs to be applied when calculating width/height of the
GTK windows.

Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20231012222643.13996-1-dongwon.kim@intel.com>
(cherry picked from commit 47fd6ab1e334962890bc3e8d2e32857f6594e1c1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 0c8eec2b52c171141014da1c7dac284818fb953c
      
https://github.com/qemu/qemu/commit/0c8eec2b52c171141014da1c7dac284818fb953c
  Author: Antonio Caggiano <quic_acaggian@quicinc.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M ui/gtk-egl.c

  Log Message:
  -----------
  ui/gtk-egl: Check EGLSurface before doing scanout

The first time gd_egl_scanout_texture() is called, there's a possibility
that the GTK drawing area might not be realized yet, in which case its
associated GdkWindow is NULL. This means gd_egl_init() was also skipped
and the EGLContext and EGLSurface stored in the VirtualGfxConsole are
not valid yet.

Continuing with the scanout in this conditions would result in hitting
an assert in libepoxy: "Couldn't find current GLX or EGL context".

A possible workaround is to just ignore the scanout request, giving the
the GTK drawing area some time to finish its realization. At that point,
the gd_egl_init() will succeed and the EGLContext and EGLSurface stored
in the VirtualGfxConsole will be valid.

Signed-off-by: Antonio Caggiano <quic_acaggian@quicinc.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20231016123215.2699269-1-quic_acaggian@quicinc.com>
(cherry picked from commit 6f189a08c1b0085808af1bfbf4567f0da193ecc1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: cb5785ab5c837855b609bd8665cec95d74247bf9
      
https://github.com/qemu/qemu/commit/cb5785ab5c837855b609bd8665cec95d74247bf9
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M target/mips/tcg/msa.decode

  Log Message:
  -----------
  target/mips: Fix MSA BZ/BNZ opcodes displacement

The PC offset is *signed*.

Cc: qemu-stable@nongnu.org
Reported-by: Sergey Evlashev <vectorchiefrocks@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1624
Fixes: c7a9ef7517 ("target/mips: Introduce decode tree bindings for MSA ASE")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230914085807.12241-1-philmd@linaro.org>
(cherry picked from commit 04591b3ddd9a96b9298a1dd437a6464ab55e62ee)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 1ac17ad42fe80fd4e8875c0780eefa2cbf7346d4
      
https://github.com/qemu/qemu/commit/1ac17ad42fe80fd4e8875c0780eefa2cbf7346d4
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M target/mips/tcg/tx79.decode

  Log Message:
  -----------
  target/mips: Fix TX79 LQ/SQ opcodes

The base register address offset is *signed*.

Cc: qemu-stable@nongnu.org
Fixes: aaaa82a9f9 ("target/mips/tx79: Introduce LQ opcode (Load Quadword)")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230914090447.12557-1-philmd@linaro.org>
(cherry picked from commit 18f86aecd6a1bea0f78af14587a684ad966d8d3a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: c9a13ed94c206d75d7522d90c7608f6f0fd9339d
      
https://github.com/qemu/qemu/commit/c9a13ed94c206d75d7522d90c7608f6f0fd9339d
  Author: Fiona Ebner <f.ebner@proxmox.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M hw/ide/core.c

  Log Message:
  -----------
  hw/ide: reset: cancel async DMA operation before resetting state

If there is a pending DMA operation during ide_bus_reset(), the fact
that the IDEState is already reset before the operation is canceled
can be problematic. In particular, ide_dma_cb() might be called and
then use the reset IDEState which contains the signature after the
reset. When used to construct the IO operation this leads to
ide_get_sector() returning 0 and nsector being 1. This is particularly
bad, because a write command will thus destroy the first sector which
often contains a partition table or similar.

Traces showing the unsolicited write happening with IDEState
0x5595af6949d0 being used after reset:

> ahci_port_write ahci(0x5595af6923f0)[0]: port write [reg:PxSCTL] @ 0x2c: 
> 0x00000300
> ahci_reset_port ahci(0x5595af6923f0)[0]: reset port
> ide_reset IDEstate 0x5595af6949d0
> ide_reset IDEstate 0x5595af694da8
> ide_bus_reset_aio aio_cancel
> dma_aio_cancel dbs=0x7f64600089a0
> dma_blk_cb dbs=0x7f64600089a0 ret=0
> dma_complete dbs=0x7f64600089a0 ret=0 cb=0x5595acd40b30
> ahci_populate_sglist ahci(0x5595af6923f0)[0]
> ahci_dma_prepare_buf ahci(0x5595af6923f0)[0]: prepare buf limit=512 
> prepared=512
> ide_dma_cb IDEState 0x5595af6949d0; sector_num=0 n=1 cmd=DMA WRITE
> dma_blk_io dbs=0x7f6420802010 bs=0x5595ae2c6c30 offset=0 to_dev=1
> dma_blk_cb dbs=0x7f6420802010 ret=0

> (gdb) p *qiov
> $11 = {iov = 0x7f647c76d840, niov = 1, {{nalloc = 1, local_iov = {iov_base = 
> 0x0,
>       iov_len = 512}}, {__pad = 
> "\001\000\000\000\000\000\000\000\000\000\000",
>       size = 512}}}
> (gdb) bt
> #0  blk_aio_pwritev (blk=0x5595ae2c6c30, offset=0, qiov=0x7f6420802070, 
> flags=0,
>     cb=0x5595ace6f0b0 <dma_blk_cb>, opaque=0x7f6420802010)
>     at ../block/block-backend.c:1682
> #1  0x00005595ace6f185 in dma_blk_cb (opaque=0x7f6420802010, ret=<optimized 
> out>)
>     at ../softmmu/dma-helpers.c:179
> #2  0x00005595ace6f778 in dma_blk_io (ctx=0x5595ae0609f0,
>     sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
>     io_func=io_func@entry=0x5595ace6ee30 <dma_blk_write_io_func>,
>     io_func_opaque=io_func_opaque@entry=0x5595ae2c6c30,
>     cb=0x5595acd40b30 <ide_dma_cb>, opaque=0x5595af6949d0,
>     dir=DMA_DIRECTION_TO_DEVICE) at ../softmmu/dma-helpers.c:244
> #3  0x00005595ace6f90a in dma_blk_write (blk=0x5595ae2c6c30,
>     sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
>     cb=cb@entry=0x5595acd40b30 <ide_dma_cb>, 
> opaque=opaque@entry=0x5595af6949d0)
>     at ../softmmu/dma-helpers.c:280
> #4  0x00005595acd40e18 in ide_dma_cb (opaque=0x5595af6949d0, ret=<optimized 
> out>)
>     at ../hw/ide/core.c:953
> #5  0x00005595ace6f319 in dma_complete (ret=0, dbs=0x7f64600089a0)
>     at ../softmmu/dma-helpers.c:107
> #6  dma_blk_cb (opaque=0x7f64600089a0, ret=0) at ../softmmu/dma-helpers.c:127
> #7  0x00005595ad12227d in blk_aio_complete (acb=0x7f6460005b10)
>     at ../block/block-backend.c:1527
> #8  blk_aio_complete (acb=0x7f6460005b10) at ../block/block-backend.c:1524
> #9  blk_aio_write_entry (opaque=0x7f6460005b10) at 
> ../block/block-backend.c:1594
> #10 0x00005595ad258cfb in coroutine_trampoline (i0=<optimized out>,
>     i1=<optimized out>) at ../util/coroutine-ucontext.c:177

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: simon.rowe@nutanix.com
Message-ID: <20230906130922.142845-1-f.ebner@proxmox.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 7d7512019fc40c577e2bdd61f114f31a9eb84a8e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 9debdddffae29618c217846500af817cac06620a
      
https://github.com/qemu/qemu/commit/9debdddffae29618c217846500af817cac06620a
  Author: Fiona Ebner <f.ebner@proxmox.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M tests/qtest/ahci-test.c

  Log Message:
  -----------
  tests/qtest: ahci-test: add test exposing reset issue with pending callback

Before commit "hw/ide: reset: cancel async DMA operation before
resetting state", this test would fail, because a reset with a
pending write operation would lead to an unsolicited write to the
first sector of the disk.

The test writes a pattern to the beginning of the disk and verifies
that it is still intact after a reset with a pending operation. It
also checks that the pending operation actually completes correctly.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Message-ID: <20230906130922.142845-2-f.ebner@proxmox.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit cc610857bbd3551f4b86ae2299336b5d9aa0db2b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 133e2c686ef6a8956558a2891ed54e0de52ec946
      
https://github.com/qemu/qemu/commit/133e2c686ef6a8956558a2891ed54e0de52ec946
  Author: Ilya Leoshkevich <iii@linux.ibm.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M target/s390x/tcg/translate.c

  Log Message:
  -----------
  target/s390x: Fix CLC corrupting cc_src

CLC updates cc_src before accessing the second operand; if the latter
is inaccessible, the former ends up containing a bogus value.

Fix by reading cc_src into a temporary first.

Fixes: 4f7403d52b1c ("target-s390: Convert CLC")
Closes: https://gitlab.com/qemu-project/qemu/-/issues/1865
Cc: qemu-stable@nongnu.org
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-ID: <20231106093605.1349201-2-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit aba2ec341c6d20c8dc3e6ecf87fa7c1a71e30c1e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 98de9d81a7f028c7823d575da37e2223eb59adb5
      
https://github.com/qemu/qemu/commit/98de9d81a7f028c7823d575da37e2223eb59adb5
  Author: Ilya Leoshkevich <iii@linux.ibm.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M tests/tcg/s390x/Makefile.target
    A tests/tcg/s390x/clc.c

  Log Message:
  -----------
  tests/tcg/s390x: Test CLC with inaccessible second operand

Add a small test to prevent regressions.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20231106093605.1349201-3-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 43fecbe7a53fe8e5a6aff0d6471b1cc624e26b51)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 35902965b4f888832ad9a70c6b4ed85169c2a121
      
https://github.com/qemu/qemu/commit/35902965b4f888832ad9a70c6b4ed85169c2a121
  Author: Ilya Leoshkevich <iii@linux.ibm.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M target/s390x/tcg/insn-data.h.inc
    M target/s390x/tcg/translate.c

  Log Message:
  -----------
  target/s390x: Fix LAALG not updating cc_src

LAALG uses op_laa() and wout_addu64(). The latter expects cc_src to be
set, but the former does not do it. This can lead to assertion failures
if something sets cc_src to neither 0 nor 1 before.

Fix by introducing op_laa_addu64(), which sets cc_src, and using it for
LAALG.

Fixes: 4dba4d6fef61 ("target/s390x: Use atomic operations for LOAD AND OP")
Cc: qemu-stable@nongnu.org
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20231106093605.1349201-4-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit bea402482a8c94389638cbd3d7fe3963fb317f4c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: f065475fe99d8bb90dd2c729157e1f15a07d6043
      
https://github.com/qemu/qemu/commit/f065475fe99d8bb90dd2c729157e1f15a07d6043
  Author: Ilya Leoshkevich <iii@linux.ibm.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M tests/tcg/s390x/Makefile.target
    A tests/tcg/s390x/laalg.c

  Log Message:
  -----------
  tests/tcg/s390x: Test LAALG with negative cc_src

Add a small test to prevent regressions.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20231106093605.1349201-5-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit ebc14107f1f3ac1db13132cd28cf94adcd38e5d7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: 1c42c001089148befdb5481697efef9edf455541
      
https://github.com/qemu/qemu/commit/1c42c001089148befdb5481697efef9edf455541
  Author: Niklas Cassel <niklas.cassel@wdc.com>
  Date:   2023-11-09 (Thu, 09 Nov 2023)

  Changed paths:
    M hw/ide/ahci.c

  Log Message:
  -----------
  hw/ide/ahci: trigger either error IRQ or regular IRQ, not both

According to AHCI 1.3.1, 5.3.8.1 RegFIS:Entry, if ERR_STAT is set,
we jump to state ERR:FatalTaskfile, which will raise a TFES IRQ
unconditionally, regardless if the I bit is set in the FIS or not.

Thus, we should never raise a normal IRQ after having sent an error
IRQ.

NOTE: for QEMU platforms that use SeaBIOS, this patch depends on QEMU
commit 784155cdcb02 ("seabios: update submodule to git snapshot"), and
QEMU commit 14f5a7bae4cb ("seabios: update binaries to git snapshot"),
which update SeaBIOS to a version that contains SeaBIOS commit 1281e340
("ahci: handle TFES irq correctly").

Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Message-ID: <20231011131220.1992064-1-nks@flawful.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit b523a3d54f3d031a54cd0931cc5d855608e63140)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


Compare: https://github.com/qemu/qemu/compare/b938418f0d75...1c42c0010891



reply via email to

[Prev in Thread] Current Thread [Next in Thread]