[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [qemu-mainline bisection] complete test-amd64-i386-xl-qemuu-debianhvm-amd64



branch xen-unstable
xenbranch xen-unstable
job test-amd64-i386-xl-qemuu-debianhvm-amd64
testid debian-hvm-install

Tree: linux git://xenbits.xen.org/linux-pvops.git
Tree: linuxfirmware git://xenbits.xen.org/osstest/linux-firmware.git
Tree: qemu git://xenbits.xen.org/qemu-xen-traditional.git
Tree: qemuu git://git.qemu.org/qemu.git
Tree: xen git://xenbits.xen.org/xen.git

*** Found and reproduced problem changeset ***

  Bug is in tree:  qemuu git://git.qemu.org/qemu.git
  Bug introduced:  b04fc428356a540fdb9065fa8c3c71ee476c2031
  Bug not present: f2155a089600e80cf7bcdc814520ef3304882cc4
  Last fail repro: http://logs.test-lab.xenproject.org/osstest/logs/65229/


  commit b04fc428356a540fdb9065fa8c3c71ee476c2031
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 26 17:50:12 2015 +0000

      Update version for v2.5.0-rc2 release

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 72f75c76d84e2eefc6806dafca116860ffe847f0
  Merge: a5df350 d08e42a
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 26 16:50:59 2015 +0000

      Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

      vhost, pc: fixes for 2.5

      Minor vhost fixes.  HW version tweak for PC.
      Documentation and test updates.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

      # gpg: Signature made Thu 26 Nov 2015 16:40:25 GMT using RSA key ID 
D28D5469
      # gpg: Good signature from "Michael S. Tsirkin <mst@xxxxxxxxxx>"
      # gpg:                 aka "Michael S. Tsirkin <mst@xxxxxxxxxx>"

      * remotes/mst/tags/for_upstream:
        vhost-user-test: fix migration overlap test
        Fix memory leak on error
        Revert "vhost: send SET_VRING_ENABLE at start/stop"
        tests/vhost-user-bridge: read command line arguments
        tests/vhost-user-bridge: propose GUEST_ANNOUNCE feature
        vhost-user: clarify start and enable
        vhost-user: set link down when the char device is closed
        pc: Don't set hw_version on pc-*-2.5
        osdep: Change default value of qemu_hw_version() to "2.5+"

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit d08e42a1125d384cb53423f5810b0c7ea52dc6c9
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Thu Nov 26 15:14:02 2015 +0200

      vhost-user-test: fix migration overlap test

      During migration, source does GET_BASE, destination does SET_BASE.
      Use that as opposed to fds being configured to detect
      vhost user running on both source and destination.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit a5df35070a4c7fa8e2d9c6bd7175ee8e3e0f7641
  Merge: 317e4db df64983
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 26 16:27:26 2015 +0000

      Merge remote-tracking branch 
'remotes/armbru/tags/pull-monitor-2015-11-26' into staging

      QMP and QObject patches

      # gpg: Signature made Thu 26 Nov 2015 09:07:18 GMT using RSA key ID 
EB918653
      # gpg: Good signature from "Markus Armbruster <armbru@xxxxxxxxxx>"
      # gpg:                 aka "Markus Armbruster <armbru@xxxxxxxxxxxx>"

      * remotes/armbru/tags/pull-monitor-2015-11-26:
        qjson: Limit number of tokens in addition to total size
        qjson: surprise, allocating 6 QObjects per token is expensive
        qjson: store tokens in a GQueue
        qjson: Convert to parser to recursive descent
        qjson: replace QString in JSONLexer with GString
        qjson: Inline token_is_escape() and simplify
        qjson: Inline token_is_keyword() and simplify
        qjson: Give each of the six structural chars its own token type
        qjson: Spell out some silent assumptions
        check-qjson: Add test for JSON nesting depth limit
        qjson: Don't crash when input exceeds nesting limit
        qjson: Apply nesting limit more sanely
        monitor: Plug memory leak on QMP error

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 317e4db6e90421abeeebc78f1a3e8472a76b2e74
  Merge: fe4cf57 5120901
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 26 15:56:53 2015 +0000

      Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
staging

      Small patches, without the one that introduces -fwrapv.

      # gpg: Signature made Thu 26 Nov 2015 15:48:53 GMT using RSA key ID 
78C7AE83
      # gpg: Good signature from "Paolo Bonzini <bonzini@xxxxxxx>"
      # gpg:                 aka "Paolo Bonzini <pbonzini@xxxxxxxxxx>"

      * remotes/bonzini/tags/for-upstream:
        target-i386: kvm: Print warning when clearing mcg_cap bits
        target-i386: kvm: Use env->mcg_cap when setting up MCE
        target-i386: kvm: Abort if MCE bank count is not supported by host
        virtio-scsi: don't crash without a valid device
        target-sparc: fix 32-bit truncation in fpackfix
        exec: remove warning about mempath and hugetlbfs
        Revert "exec: silence hugetlbfs warning under qtest"
        call bdrv_drain_all() even if the vm is stopped
        MAINTAINERS: Update TCG CPU cores section

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 5120901a378501403d5454b69cf43e666fc29d5b
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Wed Nov 25 18:19:16 2015 +0100

      target-i386: kvm: Print warning when clearing mcg_cap bits

      Instead of silently clearing mcg_cap bits when the host doesn't
      support them, print a warning when doing that.

      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      [Avoid \n at end of error_report. - Paolo]
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Message-Id: <1448471956-66873-10-git-send-email-pbonzini@xxxxxxxxxx>

  commit 2590f15b13cc57487518996b32bb7626b0d80909
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Wed Nov 25 18:19:15 2015 +0100

      target-i386: kvm: Use env->mcg_cap when setting up MCE

      When setting up MCE, instead of using the MCE_*_DEF macros
      directly, just filter the existing env->mcg_cap value.

      As env->mcg_cap is already initialized as
      MCE_CAP_DEF|MCE_BANKS_DEF at target-i386/cpu.c:mce_init(), this
      doesn't change any behavior. But it will allow us to change
      mce_init() in the future, to implement different defaults
      depending on CPU model, machine-type or command-line parameters.

      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Message-Id: <1448471956-66873-9-git-send-email-pbonzini@xxxxxxxxxx>

  commit 49b69cbfcd6e32e2178d6ff7e5d60689c3f79c6e
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Wed Nov 25 18:19:14 2015 +0100

      target-i386: kvm: Abort if MCE bank count is not supported by host

      Instead of silently changing the number of banks in mcg_cap based
      on kvm_get_mce_cap_supported(), abort initialization if the host
      doesn't support MCE_BANKS_DEF banks.

      Note that MCE_BANKS_DEF was always 10 since it was introduced in
      QEMU, and Linux always returned 32 at KVM_CAP_MCE since
      KVM_CAP_MCE was introduced, so no behavior is being changed and
      the error can't be triggered by any Linux version. The point of
      the new check is to ensure we won't silently change the bank
      count if we change MCE_BANKS_DEF or make the bank count
      configurable in the future.

      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      [Avoid Yoda condition and \n at end of error_report. - Paolo]
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Message-Id: <1448471956-66873-8-git-send-email-pbonzini@xxxxxxxxxx>

  commit 3e32e8a96e6995cde3d8a13d68e31226ee83f290
  Author: Eugene (jno) Dvurechenski <jno@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Nov 26 15:45:35 2015 +0100

      virtio-scsi: don't crash without a valid device

      Make sure that we actually have a device when checking the aio
      context. Otherwise guests could trigger QEMU crashes.

      Signed-off-by: "Eugene (jno) Dvurechenski" <jno@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Message-Id: <1448549135-6582-2-git-send-email-jno@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 12a3567c4099be194b44987ac5d7d65b99bcfab7
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Nov 2 15:05:34 2015 +0100

      target-sparc: fix 32-bit truncation in fpackfix

      This is reported by Coverity.  The algorithm description at
      ftp://ftp.icm.edu.pl/packages/ggi/doc/hw/sparc/Sparc.pdf suggests
      that the 32-bit parts of rs2, after the left shift, is treated
      as a 64-bit integer.  Bits 32 and above are used to do the
      saturating truncation.

      Message-Id: <1446473134-4330-1-git-send-email-pbonzini@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit bfc2a1a1f41c2861b20e8318c0541d0823427802
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Wed Nov 25 10:52:29 2015 +0000

      exec: remove warning about mempath and hugetlbfs

      The gethugepagesize() method in exec.c printed a warning if
      the file path for "-mem-path" or "-object memory-backend-file"
      was not on a hugetlbfs filesystem. This warning is bogus, because
      QEMU functions perfectly well with the path on a regular tmpfs
      filesystem. Use of hugetlbfs vs tmpfs is a choice for the management
      application or end user to make as best fits their needs. As such it
      is inappropriate for QEMU to have an opinion on whether the user's
      choice is right or wrong in this case.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-Id: <1448448749-1332-3-git-send-email-berrange@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 2c189a4e12a37b1c7cae2a2643c378c5af8f67fc
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Wed Nov 25 10:52:28 2015 +0000

      Revert "exec: silence hugetlbfs warning under qtest"

      This reverts commit 1c7ba94a184df1eddd589d5400d879568d3e5d08.

      That commit changed QEMU initialization order from

       - object-initial, chardev, qtest, object-late

      to

       - chardev, qtest, object-initial, object-late

      This breaks chardev setups which need to rely on objects
      having been created. For example, when chardevs use TLS
      encryption in the future, they need to have tls credential
      objects created first.

      This revert, restores the ordering introduced in

        commit f08f9271bfe3f19a5eb3d7a2f48532065304d5c8
        Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
        Date:   Wed May 13 17:14:04 2015 +0100

          vl: Create (most) objects before creating chardev backends

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-Id: <1448448749-1332-2-git-send-email-berrange@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit b2780d325306dc80ec07db9c0c61e9b2ac10e559
  Author: Wen Congyang <wency@xxxxxxxxxxxxxx>
  Date:   Fri Nov 20 17:34:38 2015 +0800

      call bdrv_drain_all() even if the vm is stopped

      There are still I/O operations when the vm is stopped. For example,
      stop the vm, and do block migration. In this case, we don't drain all
      I/O operation, and may meet the following problem:

      qemu-system-x86_64: migration/block.c:731: block_save_complete: Assertion 
`block_mig_state.submitted == 0' failed.

      Signed-off-by: Wen Congyang <wency@xxxxxxxxxxxxxx>
      Message-Id: <564EE92E.4070701@xxxxxxxxxxxxxx>
      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 903a41d3415960240cb3b9f1d66f3707b27010d6
  Author: Stefano Dong (��水) <opensource.dxs@xxxxxxxxxx>
  Date:   Thu Nov 26 12:00:12 2015 +0000

      Fix memory leak on error

      hw/ppc/spapr.c: Fix memory leak on error, it was introduced in bc09e0611
      hw/acpi/memory_hotplug.c: Fix memory leak on error, it was introduced in 
34f2af3d

      Signed-off-by: Stefano Dong (��水) <opensource.dxs@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit fe4cf57da7a85fa65488448acdc22a65096e832a
  Merge: b8b0ee0 7fe4a41
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 26 10:58:10 2015 +0000

      Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20151126-1' 
into staging

      vnc: fix segfault

      # gpg: Signature made Thu 26 Nov 2015 07:37:43 GMT using RSA key ID 
D3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann <gerd@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@xxxxxxxxx>"

      * remotes/kraxel/tags/pull-vnc-20151126-1:
        vnc: fix segfault

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit b8b0ee0ea3d2789d8ee7372b9a173e7952e18087
  Merge: 7ef7ddf 44c6e00
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 26 10:24:18 2015 +0000

      Merge remote-tracking branch 
'remotes/mdroth/tags/qga-pull-2015-11-25-v2-tag' into staging

      qemu-ga patch queue for 2.5

      * include additional w32 MSI install components needed for
        guest-exec
      * fix 'make install' when compiling with --disable-tools
      * fix potential data corruption/loss when accessing files
        bi-directionally via guest-file-{read,write}
      * explicitly document how integer args for guest-file-seek map to
        SEEK_SET/SEEK_CUR/etc to avoid platform-specific differences

      v2:
      * fixed missing SoB

      # gpg: Signature made Wed 25 Nov 2015 23:58:45 GMT using RSA key ID 
F108B584
      # gpg: Good signature from "Michael Roth <flukshun@xxxxxxxxx>"
      # gpg:                 aka "Michael Roth <mdroth@xxxxxxxxxx>"
      # gpg:                 aka "Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>"

      * remotes/mdroth/tags/qga-pull-2015-11-25-v2-tag:
        qga: added another non-interactive gspawn() helper file.
        qga: Better mapping of SEEK_* in guest-file-seek
        tests: add file-write-read test
        qga: flush explicitly when needed
        qga: gspawn() console helper to Windows guest agent msi build
        makefile: fix qemu-ga make install for --disable-tools

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 449e3578107799817a81249b189f6f82aa9e787d
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Wed Nov 25 13:39:57 2015 +0200

      Revert "vhost: send SET_VRING_ENABLE at start/stop"

      This reverts commit 3a12f32229a046f4d4ab0a3a52fb01d2d5a1ab76.

      In case of live migration several queues can be enabled and not only the
      first one. So informing backend that only the first queue is enabled is
      wrong.

      Reported-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>
      Cc: Yuanhan Liu <yuanhan.liu@xxxxxxxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Yuanhan Liu <yuanhan.liu@xxxxxxxxxxxxxxx>

  commit 7ef7ddf37674f7147ef23c311cbc3c37e908c8b0
  Merge: c7933a8 9c73517
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 26 09:44:25 2015 +0000

      Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into 
staging

      # gpg: Signature made Wed 25 Nov 2015 20:25:21 GMT using RSA key ID 
AAFC390E
      # gpg: Good signature from "John Snow (John Huston) <jsnow@xxxxxxxxxx>"

      * remotes/jnsnow/tags/ide-pull-request:
        ide-test: fix timeouts
        atapi: Fix code indentation
        atapi: Account for failed and invalid operations in cd_read_sector()
        ide-test: cdrom_pio_impl fixup

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit df649835fe48f635a93316fdefe96ced7189316e
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Wed Nov 25 22:23:33 2015 +0100

      qjson: Limit number of tokens in addition to total size

      Commit 29c75dd "json-streamer: limit the maximum recursion depth and
      maximum token count" attempts to guard against excessive heap usage by
      limiting total token size (it says "token count", but that's a lie).

      Total token size is a rather imprecise predictor of heap usage: many
      small tokens use more space than few large tokens with the same input
      size, because there's a constant per-token overhead: 37 bytes on my
      system.

      Tighten this up: limit the token count to 2Mi.  Chosen to roughly
      match the 64MiB total token size limit.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1448486613-17634-13-git-send-email-armbru@xxxxxxxxxx>

  commit 9bada8971173345ceb37ed1a47b00a01a4dd48cf
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Wed Nov 25 22:23:32 2015 +0100

      qjson: surprise, allocating 6 QObjects per token is expensive

      Replace the contents of the tokens GQueue with a simple struct.  This cuts
      the amount of memory allocated by tests/check-qjson from ~500MB to ~20MB,
      and the execution time from 600ms to 80ms on my laptop.  Still a lot (some
      could be saved by using an intrusive list, such as QSIMPLEQ, instead of
      the GQueue), but the savings are already massive and the right thing to
      do would probably be to get rid of json-streamer completely.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Message-Id: <1448300659-23559-5-git-send-email-pbonzini@xxxxxxxxxx>
      [Straightforwardly rebased on my patches]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit 95385fe9ace7db156b924da6b6f5c9082b68ba68
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Wed Nov 25 22:23:31 2015 +0100

      qjson: store tokens in a GQueue

      Even though we still have the "streamer" concept, the tokens can now
      be deleted as they are read.  While doing so convert from QList to
      GQueue, since the next step will make tokens not a QObject and we
      will have to do the conversion anyway.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Message-Id: <1448300659-23559-4-git-send-email-pbonzini@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit d538b25543f4db026bb435066e2403a542522c40
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Wed Nov 25 22:23:30 2015 +0100

      qjson: Convert to parser to recursive descent

      We backtrack in parse_value(), even though JSON is LL(1) and thus can
      be parsed by straightforward recursive descent.  Do exactly that.

      Based on an almost-correct patch from Paolo Bonzini.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1448486613-17634-10-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit d2ca7c0b0d876cf0e219ae7a92252626b0913a28
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Wed Nov 25 22:23:29 2015 +0100

      qjson: replace QString in JSONLexer with GString

      JSONLexer only needs a simple resizable buffer.  json-streamer.c
      can allocate memory for each token instead of relying on reference
      counting of QStrings.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Message-Id: <1448300659-23559-2-git-send-email-pbonzini@xxxxxxxxxx>
      [Straightforwardly rebased on my patches, checkpatch made happy]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit 6b9606f68ec589def27bd2a9cea97ec63cffd581
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Wed Nov 25 22:23:28 2015 +0100

      qjson: Inline token_is_escape() and simplify

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1448486613-17634-8-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit 50e2a467f5315fa36c547fb6330659ba45f6bb83
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Wed Nov 25 22:23:27 2015 +0100

      qjson: Inline token_is_keyword() and simplify

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1448486613-17634-7-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit c54616608af442edf4cfb7397a1909c2653efba0
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Wed Nov 25 22:23:26 2015 +0100

      qjson: Give each of the six structural chars its own token type

      Simplifies things, because we always check for a specific one.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1448486613-17634-6-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit b8d3b1da3cdbb02e180618d6be346c564723015d
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Wed Nov 25 22:23:25 2015 +0100

      qjson: Spell out some silent assumptions

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1448486613-17634-5-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit f0ae0304c7a41a42b7d4a6cde450da938d3c2cc7
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Wed Nov 25 22:23:24 2015 +0100

      check-qjson: Add test for JSON nesting depth limit

      This would have prevented the regression mentioned in the previous
      commit.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1448486613-17634-4-git-send-email-armbru@xxxxxxxxxx>

  commit 0753113a26bb8c77f951b1ea91fd4f36d099c37a
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Wed Nov 25 22:23:23 2015 +0100

      qjson: Don't crash when input exceeds nesting limit

      We limit nesting depth and input size to defend against input
      triggering excessive heap or stack memory use (commit 29c75dd
      json-streamer: limit the maximum recursion depth and maximum token
      count).  However, when the nesting limit is exceeded,
      parser_context_peek_token()'s assertion fails.

      Broken in commit 65c0f1e "json-parser: don't replicate tokens at each
      level of recursion".

      To reproduce stuff 1025 open braces or brackets into QMP.

      Fix by taking the error exit instead of the normal one.

      Reported-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1448486613-17634-3-git-send-email-armbru@xxxxxxxxxx>

  commit 4f2d31fbc0bfdf41feea7d1be49f4f7ffa005534
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Wed Nov 25 22:23:22 2015 +0100

      qjson: Apply nesting limit more sanely

      The nesting limit from commit 29c75dd "json-streamer: limit the
      maximum recursion depth and maximum token count" applies separately to
      braces and brackets.  This makes no sense.  Apply it to their sum,
      because that's actually a measure of recursion depth.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1448486613-17634-2-git-send-email-armbru@xxxxxxxxxx>

  commit 3a81a10179b702e031d8f84438193d83a64b4122
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 29 12:15:09 2015 +0100

      monitor: Plug memory leak on QMP error

      Leak introduced in commit 8a4f501..710aec9, v2.4.0.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1446117309-15322-1-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Luiz Capitulino <lcapitulino@xxxxxxxxxx>

  commit 7fe4a41c262e2529dc79f77f6fe63c5309fa2fd9
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Wed Nov 25 08:04:05 2015 +0100

      vnc: fix segfault

      Commit "c7628bf vnc: only alloc server surface with clients connected"
      missed one rarely used codepath (cirrus with guest drivers using 2d
      accel) where we have to check for the server surface being present,
      to avoid qemu crashing with a NULL pointer dereference.  Add the check.

      Reported-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
      Tested-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 44c6e00c3fd85b9c496bd3e74108ace126813a59
  Author: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
  Date:   Wed Nov 25 22:02:26 2015 +0300

      qga: added another non-interactive gspawn() helper file.

      With previous commit we added gspawn-win64-helper-console.exe,
      required for gspawn() mingw implementation.
      Unfortunatly when running as a service without interactive
      desktop, gspawn() also requires another helper app.

      Added gspawn-win64-helper.exe and gspawn-win32-helper.exe
      for corresponding architectures.

      Signed-off-by: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      CC: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      * remove trailing whitespace
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 0a982b1bf3953dc8640c4d6e619fb1132ebbebc3
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Wed Nov 25 10:37:15 2015 -0700

      qga: Better mapping of SEEK_* in guest-file-seek

      Exposing OS-specific SEEK_ constants in our qapi was a mistake
      (if the host has SEEK_CUR as 1, but the guest has it as 2, then
      the semantics are unclear what should happen); if we had a time
      machine, we would instead expose only a symbolic enum.  It's too
      late to change the fact that we have an integer in qapi, but we
      can at least document what mapping we want to enforce for all
      qga clients (and luckily, it happens to be the mapping that both
      Linux and Windows use); then fix the code to match that mapping.
      It also helps us filter out unsupported SEEK_DATA and SEEK_HOLE.

      In the future, we may wish to move our QGA_SEEK_* constants into
      qga/qapi-schema.json, along with updating the schema to take an
      alternate type (either the integer, or the string value of the
      enum name) - but that's too much risk during hard freeze.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 4eaab85cb1c1ba9c575d29921df81d63c7aa35df
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Wed Nov 25 13:59:12 2015 +0100

      tests: add file-write-read test

      This test exhibits a POSIX behaviour regarding switching between write
      and read. It's undefined result if the application doesn't ensure a
      flush between the two operations (with glibc, the flush can be implicit
      when the buffer size is relatively small). The previous commit fixes
      this test.

      Related to:
      https://bugzilla.redhat.com/show_bug.cgi?id=1210246

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 895b00f62a7e86724dc7352d67c7808d37366130
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Wed Nov 25 13:59:11 2015 +0100

      qga: flush explicitly when needed

      According to the specification:
      http://pubs.opengroup.org/onlinepubs/9699919799/functions/fopen.html

      "the application shall ensure that output is not directly followed by
      input without an intervening call to fflush() or to a file positioning
      function (fseek(), fsetpos(), or rewind()), and input is not directly
      followed by output without an intervening call to a file positioning
      function, unless the input operation encounters end-of-file."

      Without this change, an fwrite() followed by an fread() may lose the
      previously written content, as shown in the following test.

      Fixes:
      https://bugzilla.redhat.com/show_bug.cgi?id=1210246

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      * don't confuse {write,read}() with f{write,read}() in
        commit msg (Laszlo)
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 9c73517ca56d6611371376bd298b4b20f3ad6140
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Tue Nov 24 14:36:11 2015 -0500

      ide-test: fix timeouts

      Use explicit timeouts instead of trying to approximate it by counting
      the cumulative duration of nsleep calls.

      In practice, the timeout if inb() dwarfed the nsleep delays, and as a
      result the real timeout value became a lot larger than 5 seconds.

      So: change the semantics from "Not sooner than 5 seconds" to "no more
      than 5 seconds" to ensure we don't hang the tester for very long.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Message-id: 1448393771-15483-2-git-send-email-jsnow@xxxxxxxxxx

  commit f2b608ab80a336b0136d35d9b49419a917656d44
  Author: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
  Date:   Thu Nov 19 15:20:37 2015 +0300

      qga: gspawn() console helper to Windows guest agent msi build

      This helper, gspawn-win64-helper-console.exe for 64-bit and
      gspawn-win32-helper-console.exe for 32-bit environment,
      is needed for gspawn() mingw implementation, used by guest-exec command.

      Without these files guest-exec command on Windows will not
      work with "file not found" diagnostic message.

      Signed-off-by: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      CC: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 68aa262ad09c81b8b1284340cc0d26b65c605df5
  Author: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Nov 23 15:48:58 2015 -0600

      makefile: fix qemu-ga make install for --disable-tools

      ab59e3e introduced a fix for `make install` on w32 that involved
      filtering out qemu-ga from $TOOLS install recipe so that we could
      append $(EXESUF) to it before attempting to install the binary
      via install-prog function.

      install-prog takes a list of binaries to install to a particular
      directory. If the list is empty it breaks. We guard against this
      by ensuring $TOOLS is not empty prior to calling.

      However, ab59e3e introduces extra filtering after this check which
      can still result on us attempting to call install-prog with an
      empty list of binaries. In particular, this occurs if we
      build with the --disable-tools configure option, which results
      in qemu-ga being the only member of $TOOLS.

      Fix this by doing a simple s/qemu-ga/qemu-ga$(EXESUF)/ pass through
      $TOOLS instead of filtering out qemu-ga to handle it seperately.

      Reported-by: Steve Ellcey <sellcey@xxxxxxxxxx>
      Cc: Stefan Weil <sw@xxxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit c7933a80bc6f3bb79c341f8fc17b4cf76622e2f3
  Merge: 1a4dab8 f77dcdb
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Nov 25 16:20:58 2015 +0000

      Merge remote-tracking branch 
'remotes/juanquintela/tags/migration/20151125' into staging

      migration/next for 20151125

      # gpg: Signature made Wed 25 Nov 2015 14:28:47 GMT using RSA key ID 
5872D723
      # gpg: Good signature from "Juan Quintela <quintela@xxxxxxxxxx>"
      # gpg:                 aka "Juan Quintela <quintela@xxxxxxxxxx>"

      * remotes/juanquintela/tags/migration/20151125:
        block-migration: limit the memory usage
        Assume madvise for (no)hugepage works

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 1a4dab849d5d06191ab5e5850f6b8bfcad8ceb47
  Merge: e85dda8 8c34d89
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Nov 25 14:47:06 2015 +0000

      Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into 
staging

      Block layer patches

      # gpg: Signature made Wed 25 Nov 2015 13:33:14 GMT using RSA key ID 
C88F2FD6
      # gpg: Good signature from "Kevin Wolf <kwolf@xxxxxxxxxx>"

      * remotes/kevin/tags/for-upstream:
        qemu-iotests: Add -nographic when starting QEMU in 119 and 120
        block/qapi: Plug memory leak on query-block error path
        raw-posix.c: Make GetBSDPath() handle caching options
        nand: fix flash erase when oob is in memory
        test-aio: Fix event notifier cleanup
        tests/Makefile: Add more dependencies for test-timed-average

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit f77dcdbc76dbf9bade9739e85e1013639e535835
  Author: Wen Congyang <wency@xxxxxxxxxxxxxx>
  Date:   Fri Nov 20 17:37:13 2015 +0800

      block-migration: limit the memory usage

      If we set migration speed in a very large value, block-migration will try 
to read
      all data to the memory. Because
          (block_mig_state.submitted + block_mig_state.read_done) * BLOCK_SIZE
      will be overflow, and it will be always less than rate limit.

      There is no need to read too many data into memory when the rate limit is 
very large.
      So limit the memory usage can fix the overflow problem.

      Signed-off-by: Wen Congyang <wency@xxxxxxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 1d7414396f926651c4d7a673eb3a10aca5246d76
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 19 15:27:48 2015 +0000

      Assume madvise for (no)hugepage works

      madvise() returns EINVAL in the case of many failures, but also
      returns it in cases where the host kernel doesn't have THP enabled.
      Postcopy only really cares that THP is off before it detects faults,
      and turns it back on afterwards; so we're going to have
      to assume that if the madvise fails then the host just doesn't do
      THP and we can carry on with the postcopy.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Tested-by: Jason J. Herne <jjherne@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 8c34d891b1594840d8394a3c9b92236c13254fd8
  Merge: 903c341 4d7f853
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Wed Nov 25 14:33:01 2015 +0100

      Merge remote-tracking branch 
'mreitz/tags/pull-block-for-kevin-2015-11-25' into queue-block

      One block patch for qemu 2.5-rc2.

      # gpg: Signature made Wed Nov 25 14:30:45 2015 CET using RSA key ID 
E838ACAD
      # gpg: Good signature from "Max Reitz <mreitz@xxxxxxxxxx>"

      * mreitz/tags/pull-block-for-kevin-2015-11-25:
        qemu-iotests: Add -nographic when starting QEMU in 119 and 120

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 4d7f853ff0054989a4f20f1f22d1ec489c669c3b
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Mon Nov 23 10:32:10 2015 +0800

      qemu-iotests: Add -nographic when starting QEMU in 119 and 120

      Otherwise, a window flashes on my desktop (built with SDL). Add this as
      other cases have it.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1448245930-15031-1-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit 903c341d5742b160e52752eb6fdc1ba9b87dc52e
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Fri Nov 20 13:53:35 2015 +0100

      block/qapi: Plug memory leak on query-block error path

      Spotted by Coverity.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 98caa5bc0083ed4fe4833addd3078b56ce2f6cfa
  Author: Programmingkid <programmingkidx@xxxxxxxxx>
  Date:   Fri Nov 20 19:17:48 2015 -0500

      raw-posix.c: Make GetBSDPath() handle caching options

      Add support for caching options that can be specified from the command
      line.

      The CD-ROM raw char device bypasses the host page cache and therefore
      has alignment requirements.  Alignment probing is necessary so only use
      the raw char device if BDRV_O_NOCACHE is set.

      This patch fixes -cdrom /dev/cdrom on Mac OS X hosts, where bdrv_read()
      used to fail due to misaligned requests during image format probing.

      Signed-off-by: John Arbuckle <programmingkidx@xxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 8e37ca6d0be8aae2887c167da783fd2d9536c962
  Author: Ricard Wanderlof <ricard.wanderlof@xxxxxxxx>
  Date:   Fri Nov 13 14:17:28 2015 +0100

      nand: fix flash erase when oob is in memory

      For the "main area on file, oob in memory" case, fix the shifts so that
      we erase the correct number of pages.

      Signed-off-by: Ricard Wanderlöf <ricardw@xxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 7595ed743914b9de1d146213dedc1e007283f723
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Mon Nov 23 13:30:23 2015 +0100

      test-aio: Fix event notifier cleanup

      One test case closed an event notifier (event_notifier_cleanup())
      without first disabling it (set_event_notifier(..., NULL)). This
      resulted in a leftover handle 0 that was added to each subsequent
      WaitForMultipleObjects() call, causing the function to fail (invalid
      handle).

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 5e41fbffa115608fe6f7159d345d6caa0019e687
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Mon Nov 23 13:28:12 2015 +0100

      tests/Makefile: Add more dependencies for test-timed-average

      'make check' failed to compile the test case for mingw because of
      undefined references. Pull in a few more dependencies so that it builds.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit e85dda8070b20dd8765d52daf64de70a9ccf395f
  Merge: 1aae36d 22037db
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Nov 25 12:09:34 2015 +0000

      Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20151125' into 
staging

      Xen 2015/11/25

      # gpg: Signature made Wed 25 Nov 2015 11:19:26 GMT using RSA key ID 
70E1AE90
      # gpg: Good signature from "Stefano Stabellini 
<stefano.stabellini@xxxxxxxxxxxxx>"

      * remotes/sstabellini/tags/xen-20151125:
        xen_disk: Remove ioreq.postsync
        xen: fix usage of xc_domain_create in domain builder

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 2b1641d0a2fc10bdbffb1c0aa9836186af008766
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Fri Nov 13 18:49:54 2015 +0100

      MAINTAINERS: Update TCG CPU cores section

      These are the people that I think have been touching it lately
      or reviewing patches.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 7cf32491eac9dc32fd8ca7933f3edc9d42f884ee
  Author: Victor Kaplansky <victork@xxxxxxxxxx>
  Date:   Tue Nov 24 12:56:00 2015 +0200

      tests/vhost-user-bridge: read command line arguments

      Now some vhost-user-bridge parameters can be passed from the
      command line:

      Usage: prog [-u ud_socket_path] [-l lhost:lport] [-r rhost:rport]
              -u path to unix doman socket. default: /tmp/vubr.sock
              -l local host and port. default: 127.0.0.1:4444
              -r remote host and port. default: 127.0.0.1:5555

      Signed-off-by: Victor Kaplansky <victork@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 85ea9da5b8d8c0b2ab77b493d5ce62599279bf33
  Author: Victor Kaplansky <victork@xxxxxxxxxx>
  Date:   Tue Nov 24 12:55:56 2015 +0200

      tests/vhost-user-bridge: propose GUEST_ANNOUNCE feature

      The backend has to know whether VIRTIO_NET_F_GUEST_ANNOUNCE was
      negotiated, so, as a hack we propose the feature by
      vhost-user-bridge during the feature negotiation.

      Signed-off-by: Victor Kaplansky <victork@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit c61f09ed855b5009f816242ce281fd01586d4646
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Mon Nov 23 12:48:52 2015 +0200

      vhost-user: clarify start and enable

      It seems that we currently have some duplication between
      started and enabled states.

      The actual reason is that enable is not documented correctly:
      what it does is connecting ring to the backend.

      This is important for MQ, because a Linux guest expects TX
      packets to be completed even if it disables some queues
      temporarily.

      Cc: Yuanhan Liu <yuanhan.liu@xxxxxxxxxxxxxxx>
      Cc: Victor Kaplansky <victork@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit d39c87d70763f2755d1d7a719817b06f0281fb01
  Author: Wen Congyang <wency@xxxxxxxxxxxxxx>
  Date:   Wed Nov 11 14:53:29 2015 +0800

      vhost-user: set link down when the char device is closed

      Signed-off-by: Wen Congyang <wency@xxxxxxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Yuanhan Liu <yuanhan.liu@xxxxxxxxxxxxxxx>

  commit 463b52f285164ec3dc0649763e06e40cea9e8a1f
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Thu Nov 12 15:29:55 2015 -0200

      pc: Don't set hw_version on pc-*-2.5

      Now that qemu_hw_version() returns a fixed "2.5+" string instead
      of QEMU_VERSION, we don't need to set hw_version on pc-*-2.5
      explicitly.

      Suggested-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit fac862ffa605f6fa41f52033b27346d26a96bea5
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Thu Nov 12 15:29:54 2015 -0200

      osdep: Change default value of qemu_hw_version() to "2.5+"

      There are two issues with qemu_hw_version() today:

      1) If a machine has hw_version set, the value returned by it is
         not very useful, because it is not the actual QEMU version.
      2) If a machine does't set hw_version, the return value of
         qemu_hw_version() is broken, because it will change when
         upgrading QEMU.

      For those reasons, using qemu_hw_version() is strongly
      discouraged, and should be used only in code that used
      QEMU_VERSION in the past and needs to keep compatibility.

      To fix (2), instead of making every machine broken by default
      unless they set hw_version, make qemu_hw_version() simply return
      "2.5+" if qemu_set_hw_version() is not called.

      Suggested-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 1aae36df4b8ed884c6ef6995e70c67fad79b49df
  Merge: 4b6eda6 1d64924
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Nov 25 11:38:03 2015 +0000

      Merge remote-tracking branch 
'remotes/armbru/tags/pull-ivshmem-2015-11-25' into staging

      ivshmem patches for 2.5

      # gpg: Signature made Wed 25 Nov 2015 09:25:38 GMT using RSA key ID 
EB918653
      # gpg: Good signature from "Markus Armbruster <armbru@xxxxxxxxxx>"
      # gpg:                 aka "Markus Armbruster <armbru@xxxxxxxxxxxx>"

      * remotes/armbru/tags/pull-ivshmem-2015-11-25:
        ivshmem: Rename property memdev to x-memdev for 2.5
        ivshmem: Mark questionable socket type test FIXME
        tests/ivshmem-test: Supply missing initializer in get_device()
        qemu-doc: Fix ivshmem usage example with shm=...
        qemu-doc: Fix ivshmem example markup

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 22037db38ccfe497bd13a94edead6657781b9b37
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Nov 25 11:54:14 2015 +0200

      xen_disk: Remove ioreq.postsync

      This code has been dead for three years (since commit 7e7b7cba1).

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
      Reviewed-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

  commit 1d649244b3695cb148dd2ae66999db0f6f9566b3
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Tue Nov 24 18:06:29 2015 +0100

      ivshmem: Rename property memdev to x-memdev for 2.5

      The device's guest interface and its QEMU user interface are
      flawed^Whotly debated.  We'll resolve that in the next development
      cycle, probably by deprecating the device in favour of a cleaned up,
      but not quite compatible revision.

      To avoid adding more baggage to the soon-to-be-deprecated interface,
      mark property "memdev" as experimental, by renaming it to "x-memdev".
      It's the only recent user interface change.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1448384789-14830-6-git-send-email-armbru@xxxxxxxxxx>
      [Update of qemu-doc.texi squashed in]
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit 2825717c02f5b1367e8e315b222888db00618170
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Tue Nov 24 18:06:28 2015 +0100

      ivshmem: Mark questionable socket type test FIXME

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit 1613094766602bdb8cae337ceecd8ab68f956197
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Tue Nov 24 18:06:27 2015 +0100

      tests/ivshmem-test: Supply missing initializer in get_device()

      If the device isn't found, the assertion uses dev without
      initialization.  Fix that.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1448384789-14830-4-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit a9282c25a5e2e860dfba5eca6d08fb2e42ee4f1a
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Tue Nov 24 18:06:26 2015 +0100

      qemu-doc: Fix ivshmem usage example with shm=...

      The example suggests you can omit "shm".  This isn't true; you must
      specify exactly one of "shm", "chardev", "memdev".  Fix it.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1448384789-14830-3-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit 50d34c4e357c41231b1106fc3f46cfd479a31e41
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Tue Nov 24 18:06:25 2015 +0100

      qemu-doc: Fix ivshmem example markup

      Use @var{foo} like we do everywhere else, not <foo>.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1448384789-14830-2-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit 73a27d9ac35e3da3a2cf0ebd0bcc2be6de19dd0a
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Tue Nov 24 14:18:00 2015 +0200

      atapi: Fix code indentation

      This was accidentally changed by commit 5f81724d

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 
93fb43522e3b8dddb6c709d568919347d9a5ba3f.1448367341.git.berto@xxxxxxxxxx
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

  commit 36be0929f53260cb9b1e2720c7c22f6b5fb5910f
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Tue Nov 24 14:17:59 2015 +0200

      atapi: Account for failed and invalid operations in cd_read_sector()

      Commit 5f81724d made PIO read requests async but didn't add the
      relevant block_acct_failed() and block_acct_invalid() calls.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 
9b87e09d61019c128139b6c999ed0c07f0674170.1448367341.git.berto@xxxxxxxxxx
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

  commit a421f3c38509ee4ce47230ec68c5c3a184efb538
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Fri Nov 20 17:53:55 2015 -0500

      ide-test: cdrom_pio_impl fixup

      Final tidying: move the interrupt wait into the loop,
      document that the status read clears the IRQ, and move
      the final interrupt check outside of the loop.

      This should be functionally equivalent to how it works
      currently, but a little less ambiguous and slightly more
      explicit about the state transitions.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Message-id: 1448060035-31973-3-git-send-email-jsnow@xxxxxxxxxx

  commit 4b6eda626fdb8bf90472c6868d502a2ac09abeeb
  Merge: d9636b6 f93c3a8
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 24 17:05:06 2015 +0000

      Merge remote-tracking branch 'remotes/lalrae/tags/mips-20151124' into 
staging

      MIPS patches 2015-11-24

      Changes:
      * Fixes for enabling/disabling 64-bit addressing

      # gpg: Signature made Tue 24 Nov 2015 14:54:35 GMT using RSA key ID 
0B29DA6B
      # gpg: Good signature from "Leon Alrae <leon.alrae@xxxxxxxxxx>"

      * remotes/lalrae/tags/mips-20151124:
        target-mips: flush QEMU TLB when disabling 64-bit addressing
        target-mips: Fix exceptions while UX=0

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit d9636b6c2b533ab43fad8c9f47633debeef94561
  Merge: 229c037 e14f0eb
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 24 14:22:37 2015 +0000

      Merge remote-tracking branch 
'remotes/pmaydell/tags/pull-target-arm-20151124' into staging

      target-arm queue:
       * fix minimum RAM check warning on xlnx-ep108
       * remove unused define from aarch64-linux-user.mak config
       * don't mask out bits [47:40] in ARMv8 LPAE descriptors
       * correct unallocated instruction checks for ldst_excl

      # gpg: Signature made Tue 24 Nov 2015 14:17:10 GMT using RSA key ID 
14360CDE
      # gpg: Good signature from "Peter Maydell <peter.maydell@xxxxxxxxxx>"
      # gpg:                 aka "Peter Maydell <pmaydell@xxxxxxxxx>"
      # gpg:                 aka "Peter Maydell 
<pmaydell@xxxxxxxxxxxxxxxxxxxxxx>"

      * remotes/pmaydell/tags/pull-target-arm-20151124:
        target-arm/translate-a64.c: Correct unallocated checks for ldst_excl
        target-arm: Don't mask out bits [47:40] in LPAE descriptors for v8
        default-configs/aarch64-linux-user.mak: Remove unused define
        xlnx-ep108: Fix minimum RAM check

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit e14f0eb12f920fd96b9f79d15cedd437648e8667
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 24 14:12:15 2015 +0000

      target-arm/translate-a64.c: Correct unallocated checks for ldst_excl

      The checks for the unallocated encodings in the ldst_excl group
      (exclusives and load-acquire/store-release) were not correct. This
      error meant that in turn we ended up with code attempting to handle
      the non-existent case of "non-exclusive load-acquire/store-release
      pair". Delete that broken and now unreachable code.

      Reported-by: Laurent Desnogues <laurent.desnogues@xxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Reviewed-by: Laurent Desnogues <laurent.desnogues@xxxxxxxxx>
      Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Reviewed-by: Sergey Fedorov <serge.fdrv@xxxxxxxxx>

  commit 6109769a8b42bd0c3d5b1601c9b35fe7ea6a603e
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 24 14:12:15 2015 +0000

      target-arm: Don't mask out bits [47:40] in LPAE descriptors for v8

      In an LPAE format descriptor in ARMv8 the address field extends
      up to bit 47, not just bit 39. Correct the masking so we don't
      give incorrect results if the output address size is greater
      than 40 bits, as it can be for AArch64.

      (Note that we don't yet support the new-in-v8 Address Size fault which
      should be generated if any translation table entry or TTBR contains
      an address with non-zero bits above the most significant bit of the
      maximum output address size.)

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Reviewed-by: Laurent Desnogues <laurent.desnogues@xxxxxxxxx>
      Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1448029971-9875-1-git-send-email-peter.maydell@xxxxxxxxxx

  commit f72c0a79f76f1b7ed1a1e0ff8be31f5df06b3269
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 24 14:12:15 2015 +0000

      default-configs/aarch64-linux-user.mak: Remove unused define

      The uses of the CONFIG_GDBSTUB_XML define were removed in commit
      b77abd95a9484c, but the define in aarch64-linux-user.mak somehow
      escaped the cull (the patchset probably crossed in the mail with
      the patches adding aarch64 support). Remove the stray define.

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Reviewed-by: Laurent Desnogues <laurent.desnogues@xxxxxxxxx>
      Message-id: 1447690178-4560-1-git-send-email-peter.maydell@xxxxxxxxxx

  commit 5b4a047fbe8ceb68ad1a78d51f0fadbe2bb12af7
  Author: Alistair Francis <alistair.francis@xxxxxxxxxx>
  Date:   Tue Nov 24 14:12:15 2015 +0000

      xlnx-ep108: Fix minimum RAM check

      The minimum RAM check logic for the Xiilnx EP108 was off by one,
      which caused a false positive. Correct the logic to only print
      warnings when the RAM is below 0x8000000.

      Signed-off-by: Alistair Francis <alistair.francis@xxxxxxxxxx>
      Message-id: 
fba8112ca7b01efd72553332b8045ecf107b7662.1448021100.git.alistair.francis@xxxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit f93c3a8d0c0c1038dbe1e957eb8ab92671137975
  Author: Leon Alrae <leon.alrae@xxxxxxxxxx>
  Date:   Thu Nov 19 19:15:35 2015 +0000

      target-mips: flush QEMU TLB when disabling 64-bit addressing

      CP0.Status.KX/SX/UX bits are responsible for enabling access to 64-bit
      Kernel/Supervisor/User Segments. If bit is cleared an access to
      corresponding segment should generate Address Error Exception.

      However, the guest may still be able to access some pages belonging to
      the disabled 64-bit segment because we forget to flush QEMU TLB.

      This patch fixes it.

      Signed-off-by: Leon Alrae <leon.alrae@xxxxxxxxxx>

  commit 7871abb94c2f4adc39f2487f6edf5e69ba872a65
  Author: James Hogan <james.hogan@xxxxxxxxxx>
  Date:   Tue Nov 17 17:13:54 2015 +0000

      target-mips: Fix exceptions while UX=0

      Commit 01f728857941 ("target-mips: Status.UX/SX/KX enable 32-bit address
      wrapping") added a new hflag MIPS_HFLAG_AWRAP, which indicates that
      64-bit addressing is disallowed in the current mode, so hflag users
      don't need to worry about the complexities of working that out, for
      example checking both MIPS_HFLAG_KSU and MIPS_HFLAG_UX.

      However when exceptions are taken outside of exception level,
      mips_cpu_do_interrupt() manipulates the env->hflags directly rather than
      using compute_hflags() to update them, and this code wasn't updated
      accordingly. As a result, when UX is cleared, MIPS_HFLAG_AWRAP is set,
      but it doesn't get cleared on entry back into kernel mode due to an
      exception. Kernel mode then cannot access the 64-bit segments resulting
      in a nested exception loop. The same applies to errors and debug
      exceptions.

      Fix by updating mips_cpu_do_interrupt() to clear the MIPS_HFLAG_WRAP
      flag when necessary, according to compute_hflags().

      Fixes: 01f728857941 ("target-mips: Status.UX/SX/KX enable 32-bit...")
      Signed-off-by: James Hogan <james.hogan@xxxxxxxxxx>
      Cc: Leon Alrae <leon.alrae@xxxxxxxxxx>
      Cc: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Leon Alrae <leon.alrae@xxxxxxxxxx>
      Signed-off-by: Leon Alrae <leon.alrae@xxxxxxxxxx>

  commit 229c0372cf3ca201c41d2bb121627e6752e776ad
  Merge: 5522a84 466138d
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 24 10:27:19 2015 +0000

      Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
into staging

      # gpg: Signature made Tue 24 Nov 2015 08:04:07 GMT using RSA key ID 
81AB73C8
      # gpg: Good signature from "Stefan Hajnoczi <stefanha@xxxxxxxxxx>"
      # gpg:                 aka "Stefan Hajnoczi <stefanha@xxxxxxxxx>"

      * remotes/stefanha/tags/block-pull-request:
        virtio-blk: Move resetting of req->mr_next to virtio_blk_handle_rw_error
        parallels: dirty BAT properly for continuous allocations

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 466138dc689b6b14f31d5d20316affb4b4efd177
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Mon Nov 23 08:41:20 2015 +0800

      virtio-blk: Move resetting of req->mr_next to virtio_blk_handle_rw_error

      "werror=report" would free the req in virtio_blk_handle_rw_error, we
      mustn't write to it in that case.

      Reported-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1448239280-15025-1-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit c9f6856ded10602147ca1d1806e7afb545430fd9
  Author: Vladimir Sementsov-Ogievskiy <vsementsov@xxxxxxxxxxxxx>
  Date:   Tue Nov 17 20:02:58 2015 +0300

      parallels: dirty BAT properly for continuous allocations

      This patch marks part of the BAT dirty properly. There is a possibility 
that
      multy-block allocation could have one block allocated on one BAT page and
      next block on the next page. The code without the patch could not save
      updated position to the file.

      Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Message-id: 1447779778-26062-1-git-send-email-den@xxxxxxxxxx
      CC: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 5522a841cab5f15ac0f8d207b320c21755a7a1a5
  Merge: 68c6128 a3567ba
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Nov 23 16:07:49 2015 +0000

      Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' 
into staging

      NUMA fix for -rc2

      # gpg: Signature made Mon 23 Nov 2015 12:45:34 GMT using RSA key ID 
984DC5A6
      # gpg: Good signature from "Eduardo Habkost <ehabkost@xxxxxxxxxx>"

      * remotes/ehabkost/tags/numa-pull-request:
        hostmem: Ignore ENOSYS while setting MPOL_DEFAULT

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 68c61282fe8a02aa3bddfa7a9c2b7ad7e6177f69
  Merge: 541abd1 644da9b
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Nov 23 13:54:41 2015 +0000

      Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20151123' into 
staging

      Last minute fix.

      # gpg: Signature made Mon 23 Nov 2015 12:17:26 GMT using RSA key ID 
4DD0279B
      # gpg: Good signature from "Richard Henderson <rth7680@xxxxxxxxx>"
      # gpg:                 aka "Richard Henderson <rth@xxxxxxxxxx>"
      # gpg:                 aka "Richard Henderson <rth@xxxxxxxxxxx>"

      * remotes/rth/tags/pull-tcg-20151123:
        tcg: Fix highwater check

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit a3567ba1e6171ef7cfad55ae549c0cd8bffb1195
  Author: Pavel Fedin <p.fedin@xxxxxxxxxxx>
  Date:   Tue Oct 27 15:51:31 2015 +0300

      hostmem: Ignore ENOSYS while setting MPOL_DEFAULT

      Currently hostmem backend fails if CONFIG_NUMA is enabled in QEMU
      (the default) but NUMA is not supported by the kernel. This makes
      it impossible to use ivshmem in such configurations.

      This patch fixes the problem by ignoring ENOSYS error if policy is set to
      MPOL_DEFAULT. This way the code behaves in the same way as if CONFIG_NUMA
      was not defined. qemu will still fail if the user specifies some other
      policy, so that the user knows it.

      Signed-off-by: Pavel Fedin <p.fedin@xxxxxxxxxxx>
      Reviewed-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 644da9b39e477caa80bab69d2847dfcb468f0d33
  Author: John Clarke <johnc@xxxxxxxxxxx>
  Date:   Thu Nov 19 10:30:50 2015 +0100

      tcg: Fix highwater check

      A simple typo in the variable to use when comparing vs the highwater mark.
      Reports are that qemu can in fact segfault occasionally due to this 
mistake.

      Signed-off-by: John Clarke <johnc@xxxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 541abd10a01da56c5f16582cd32d67114ec22a5c
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Nov 20 17:43:46 2015 +0000

      Update version for v2.5.0-rc1 release

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit f348daf3d5d2e349519764cd0c3ec3aaca113732
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Fri Nov 20 15:29:02 2015 +0100

      tests: fix cdrom_pio_impl in ide-test

      The check for the cleared BSY flag has to be performed
      before each data transfer and not just before the
      first one.

      Commit 5f81724d revealed this glitch as the BSY flag
      was not set in ATAPI PIO transfers before.

      While at it fix the descriptions and add a comment before
      the nested for loop that transfers the data.

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Message-id: 1448029742-19771-1-git-send-email-pl@xxxxxxx
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 28c3e6ee72a34d3c2c44ef508b599fa460b273bb
  Merge: 348c327 9f4aa7c
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 19 17:54:46 2015 +0000

      Merge remote-tracking branch 
'remotes/afaerber/tags/qom-devices-for-peter' into staging

      QOM infrastructure fixes and device conversions

      * Fix for properties on objects > 4 GiB
      * Performance improvements for QOM property handling
      * Assertion cleanups
      * MAINTAINERS additions

      # gpg: Signature made Thu 19 Nov 2015 14:32:16 GMT using RSA key ID 
3E7E013F
      # gpg: Good signature from "Andreas Färber <afaerber@xxxxxxx>"
      # gpg:                 aka "Andreas Färber <afaerber@xxxxxxxx>"

      * remotes/afaerber/tags/qom-devices-for-peter:
        MAINTAINERS: Add check-qom-{interface,proplist} to QOM
        qom: Clean up assertions to display values on failure
        qom: Replace object property list with GHashTable
        qom: Add a test case for complex property finalization
        net: Convert net filter code to use object property iterators
        ppc: Convert spapr code to use object property iterators
        vl: Convert machine help code to use object property iterators
        qmp: Convert QMP code to use object property iterators
        qom: Introduce ObjectPropertyIterator struct for iteration
        qdev: Change Property::offset field to ptrdiff_t type

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 348c32709fdbeb475dd072af49523cfdd75873f1
  Merge: c601a24 1c7ba94
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 19 16:26:08 2015 +0000

      Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

      vhost, pc: fixes for 2.5

      Fixes all over the place.

      This also re-enables a test we disabled in 2.5 cycle
      now that there's a way not to get a warning from it.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

      # gpg: Signature made Thu 19 Nov 2015 13:27:43 GMT using RSA key ID 
D28D5469
      # gpg: Good signature from "Michael S. Tsirkin <mst@xxxxxxxxxx>"
      # gpg:                 aka "Michael S. Tsirkin <mst@xxxxxxxxxx>"

      * remotes/mst/tags/for_upstream:
        exec: silence hugetlbfs warning under qtest
        tests: re-enable vhost-user-test
        acpi: fix buffer overrun on migration
        vhost-user: fix log size
        vhost-user: ignore qemu-only features
        specs/vhost-user: fix spec to match reality
        tests/vhost-user-bridge: implement logging of dirty pages
        i440fx: print an error message if user tries to enable iommu
        q35: Check propery to determine if iommu is set
        vhost-user: start/stop all rings
        vhost-user: print original request on error
        vhost-user-test: support VHOST_USER_SET_VRING_ENABLE
        vhost-user: update spec description
        vhost: don't send RESET_OWNER at stop
        vhost: let SET_VRING_ENABLE message depends on protocol feature

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit c601a244a49f4e0be2539cbc5ffd288727cd4e89
  Merge: 80fda8f ce8a1b5
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 19 15:56:50 2015 +0000

      Merge remote-tracking branch 
'remotes/pmaydell/tags/pull-target-arm-20151119' into staging

      target-arm queue:
       * add missing condexec updates when emulating architectural breakpoints
         and coprocessor access checks in Thumb translation (could in theory
         cause problems when these happened inside a Thumb IT block and an
         exception was taken)
       * arm_gic: correctly restore nested IRQ priority

      # gpg: Signature made Thu 19 Nov 2015 13:29:37 GMT using RSA key ID 
14360CDE
      # gpg: Good signature from "Peter Maydell <peter.maydell@xxxxxxxxxx>"
      # gpg:                 aka "Peter Maydell <pmaydell@xxxxxxxxx>"
      # gpg:                 aka "Peter Maydell 
<pmaydell@xxxxxxxxxxxxxxxxxxxxxx>"

      * remotes/pmaydell/tags/pull-target-arm-20151119:
        target-arm: Update condexec before arch BP check in AA32 translation
        target-arm: Update condexec before CP access check in AA32 translation
        hw/arm_gic: Correctly restore nested irq priority

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 80fda8f609457736ab43f0cb8027abb0e28a67f8
  Merge: 8f28030 79b3c12
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 19 15:05:06 2015 +0000

      Merge remote-tracking branch 
'remotes/juanquintela/tags/migration/20151119' into staging

      migration/next for 20151119

      # gpg: Signature made Thu 19 Nov 2015 11:17:07 GMT using RSA key ID 
5872D723
      # gpg: Good signature from "Juan Quintela <quintela@xxxxxxxxxx>"
      # gpg:                 aka "Juan Quintela <quintela@xxxxxxxxxx>"

      * remotes/juanquintela/tags/migration/20151119:
        migration: normalize locking in migration/savevm.c
        migration: implement bdrv_all_find_vmstate_bs helper
        migration: reorder processing in hmp_savevm
        snapshot: create bdrv_all_create_snapshot helper
        migration: drop find_vmstate_bs check in hmp_delvm
        snapshot: create bdrv_all_find_snapshot helper
        migration: factor our snapshottability check in load_vmstate
        snapshot: create bdrv_all_goto_snapshot helper
        snapshot: create bdrv_all_delete_snapshot helper
        snapshot: return error code from bdrv_snapshot_delete_by_id_or_name
        snapshot: create helper to test that block drivers supports snapshots
        Unneeded NULL check
        migration: Dead assignment of current_time
        Set last_sent_block

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 9f4aa7cef2214137db192b252f1d4fc1799d05c7
  Author: Andreas Färber <afaerber@xxxxxxx>
  Date:   Wed Nov 18 19:03:29 2015 +0100

      MAINTAINERS: Add check-qom-{interface,proplist} to QOM

      Add the QOM unit tests to the QOM maintenance area so that maintainers
      get CC'ed on changes and to document QOM test coverage.

      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit 8438a13543a281e3e61542cc0763bf1b05169016
  Author: Andreas Färber <afaerber@xxxxxxx>
  Date:   Mon Nov 16 17:49:20 2015 +0100

      qom: Clean up assertions to display values on failure

      Instead of using g_assert() for integer comparisons, use
      g_assert_cmpint() so that we can see the respective values.

      While at it, fix one stray indentation.

      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit b604a854e843505007c59d68112c654556102a20
  Author: Pavel Fedin <p.fedin@xxxxxxxxxxx>
  Date:   Tue Oct 13 13:37:45 2015 +0100

      qom: Replace object property list with GHashTable

      ARM GICv3 systems with large number of CPUs create lots of IRQ pins. Since
      every pin is represented as a property, number of these properties becomes
      very large. Every property add first makes sure there's no duplicates.
      Traversing the list becomes very slow, therefore QEMU initialization takes
      significant time (several seconds for e. g. 16 CPUs).

      This patch replaces list with GHashTable, making lookup very fast. The 
only
      drawback is that object_child_foreach() and 
object_child_foreach_recursive()
      cannot add or remove properties during traversal, since GHashTableIter 
does
      not have modify-safe version. However, the code seems not to modify 
objects
      via these functions.

      Signed-off-by: Pavel Fedin <p.fedin@xxxxxxxxxxx>
      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Tested-by: Pavel Fedin <p.fedin@xxxxxxxxxxx>
      [AF: Fixed object_property_del_{all,child}() issues;
           g_hash_table_contains() -> g_hash_table_lookup(), suggested by 
Daniel]
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit 1c7ba94a184df1eddd589d5400d879568d3e5d08
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Wed Nov 18 10:02:58 2015 +0100

      exec: silence hugetlbfs warning under qtest

      vhost-user-test prints a warning. A test should not need to run on
      hugetlbfs, let's silence the warning under qtest. The
      condition can't check on qtest_enabled() since vhost-user-test actually
      doesn't use qtest accel. However, qtest_driver() can be used, if
      qtest_init() is called early enough. For that reason, move chardev and
      qtest initialization early.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 421f4448cec3e42f8477499c5c584699e2cf656b
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Mon Oct 26 15:32:00 2015 +0100

      tests: re-enable vhost-user-test

      Commit 7fe34ca9c2e actually disabled vhost-user-test altogether,
      since CONFIG_VHOST_NET is a per-target config variable.

      tests/vhost-user-test is already x86/x64 softmmu specific test, in order
      to enable it correctly, kvm & vhost-net are also conditions. To check
      that, set CONFIG_VHOST_NET_TEST_$target when kvm is also enabled.

      Since "check-qtest-x86_64-y = $(check-qtest-i386-y)", avoid duplication
      when both x86 & x64 are enabled.

      Other targets than x86 aren't enabled yet, and is intentionally left as
      a future improvement, since I can't easily test those.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit d9a3b33d2c9f996537b7f1d0246dee2d0120cefb
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Thu Nov 19 15:14:07 2015 +0200

      acpi: fix buffer overrun on migration

      ich calls acpi_gpe_init with length ICH9_PMIO_GPE0_LEN so
      ICH9_PMIO_GPE0_LEN/2 bytes are allocated, but then the full
      ICH9_PMIO_GPE0_LEN bytes are migrated.

      As a quick work-around, allocate twice the memory.
      We'll probably want to tweak code to avoid
      migrating the extra ICH9_PMIO_GPE0_LEN/2 bytes,
      but that is a bit trickier to do without breaking
      migration compatibility.

      Tested-by: "Dr. David Alan Gilbert" <dgilbert@xxxxxxxxxx>
      Reported-by: "Dr. David Alan Gilbert" <dgilbert@xxxxxxxxxx>
      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit ce8a1b5449cd8c4c2831abb581d3208c3a3745a0
  Author: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
  Date:   Tue Nov 17 16:38:47 2015 +0300

      target-arm: Update condexec before arch BP check in AA32 translation

      Architectural breakpoint check could raise an exceptions, thus condexec
      bits should be updated before calling gen_helper_check_breakpoints().

      Signed-off-by: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
      Message-id: 1447767527-21268-3-git-send-email-serge.fdrv@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 43bfa4a100687af8d293fef0a197839b51400fca
  Author: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
  Date:   Tue Nov 17 16:38:46 2015 +0300

      target-arm: Update condexec before CP access check in AA32 translation

      Coprocessor access instructions are allowed inside IT block.
      gen_helper_access_check_cp_reg() can raise an exceptions thus condexec
      bits should be updated before.

      Signed-off-by: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
      Message-id: 1447767527-21268-2-git-send-email-serge.fdrv@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit a859595791e6ac5c14afe0b8a53634bf1cc21f0f
  Author: François Baldassari <francois@xxxxxxxxxx>
  Date:   Thu Nov 19 12:09:52 2015 +0000

      hw/arm_gic: Correctly restore nested irq priority


      Upon activating an interrupt, set the corresponding priority bit in the
      APR/NSAPR registers without touching the currently set bits. In the event
      of nested interrupts, the GIC will then have the information it needs to
      restore the priority of the pre-empted interrupt once the higher priority
      interrupt finishes execution.

      Signed-off-by: François Baldassari <francois@xxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 79b3c12ac5714e036a16d1a163a3517d74504f87
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Thu Nov 19 09:42:11 2015 +0300

      migration: normalize locking in migration/savevm.c

      basically all bdrv_* operations must be called under aio_context_acquire
      except ones with bdrv_all prefix.

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      CC: Juan Quintela <quintela@xxxxxxxxxx>
      CC: Kevin Wolf <kwolf@xxxxxxxxxx>
      Tested-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 7cb14481498e7acd969a76b53be0535cd90f7d53
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Thu Nov 19 09:42:10 2015 +0300

      migration: implement bdrv_all_find_vmstate_bs helper

      The patch also ensures proper locking for the operation.

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      CC: Kevin Wolf <kwolf@xxxxxxxxxx>
      Tested-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 0b46160521ab72744da94988583a45d4d45e2986
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Thu Nov 19 09:42:09 2015 +0300

      migration: reorder processing in hmp_savevm

      State deletion can be performed on running VM which reduces VM downtime
      This approach looks a bit more natural.

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Tested-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit a9085f9b5583ba7a02b412ba08f929555112c244
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Thu Nov 19 09:42:08 2015 +0300

      snapshot: create bdrv_all_create_snapshot helper

      to create snapshot for all loaded block drivers.

      The patch also ensures proper locking.

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      CC: Kevin Wolf <kwolf@xxxxxxxxxx>
      Tested-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit c6258b04f19bc690b576b089f621cb5333c533d7
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Thu Nov 19 09:42:07 2015 +0300

      migration: drop find_vmstate_bs check in hmp_delvm

      There is no much sense to do the check and write warning.

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Tested-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 723ccda1a0eecece8e70dbcdd35a603f6c41a475
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Thu Nov 19 09:42:06 2015 +0300

      snapshot: create bdrv_all_find_snapshot helper

      to check that snapshot is available for all loaded block drivers.
      The check bs != bs1 in hmp_info_snapshots is an optimization. The check
      for availability of this snapshot will return always true as the list
      of snapshots was collected from that image.

      The patch also ensures proper locking.

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      CC: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      CC: Kevin Wolf <kwolf@xxxxxxxxxx>
      Tested-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 849f96e2f71b52444516a0880fd9d12691b63d20
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Thu Nov 19 09:42:05 2015 +0300

      migration: factor our snapshottability check in load_vmstate

      We should check that all inserted and not read-only images support
      snapshotting. This could be made using already invented helper
      bdrv_all_can_snapshot().

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      CC: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      CC: Kevin Wolf <kwolf@xxxxxxxxxx>
      Tested-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 4c1cdbaad07d067f3d156687d79014ab44387e2c
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Thu Nov 19 09:42:04 2015 +0300

      snapshot: create bdrv_all_goto_snapshot helper

      to switch to snapshot on all loaded block drivers.

      The patch also ensures proper locking.

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      CC: Kevin Wolf <kwolf@xxxxxxxxxx>
      Tested-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 9b00ea376d42e543feb12d7ce5435366d01aab1b
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Thu Nov 19 09:42:03 2015 +0300

      snapshot: create bdrv_all_delete_snapshot helper

      to delete snapshots from all loaded block drivers.

      The patch also ensures proper locking.

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      CC: Kevin Wolf <kwolf@xxxxxxxxxx>
      Tested-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 25af925fffc29f2e4c05aee10c61c823c4cdf398
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Thu Nov 19 09:42:02 2015 +0300

      snapshot: return error code from bdrv_snapshot_delete_by_id_or_name

      this will make code better in the next patch

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      CC: Kevin Wolf <kwolf@xxxxxxxxxx>
      Tested-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit e9ff957ac26e0e11869a3568cfa7423ae33c51e7
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Thu Nov 19 09:42:01 2015 +0300

      snapshot: create helper to test that block drivers supports snapshots

      The patch enforces proper locking for this operation.

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      CC: Kevin Wolf <kwolf@xxxxxxxxxx>
      Tested-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 5df5416e639cd75bd85d243af41387c2418fa580
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Wed Nov 18 11:48:41 2015 +0000

      Unneeded NULL check

      The check is unneccesary, we read the value at the start of the
      thread, use it, and never change it.  The value is checked to be
      non-NULL before thread creation.

      Spotted by coverity, CID 1339211

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 95a7788b2faa81ff95675f1e46a3272a612b35de
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Wed Nov 18 11:48:40 2015 +0000

      migration: Dead assignment of current_time

      I set current_time before the postcopy test but never use it;
      (I think this was from the original version where it was time based).
      Spotted by coverity, CID 1339208

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 84e7b80a05c0c44b90533c6cd2f1db5c932ccf77
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Wed Nov 18 11:48:39 2015 +0000

      Set last_sent_block

      In a82d593b61054b3dea43 I accidentally removed the setting of
      last_sent_block,  put it back.

      Symptoms:
        Multithreaded compression only uses one thread.
        Migration is a bit less efficient since it won't use 'cont' flags.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Fixes: a82d593b61054b3dea43
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 8c4d156c187c84b574d287bd4b9ddf9a6975de7c
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Mon Nov 16 15:37:34 2015 +0000

      qom: Add a test case for complex property finalization

      Devices have some quite complex object child/link relationships
      which place some requirements on the object_property_del_all()
      function to consider that properties can be modified while
      being iterated over.

      This extends the QOM property test case to replicate the
      device like structure and expose any potential bugs in the
      object_property_del_all() function.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit 456fb0bfe0b27c54d316be7fe3b362247f732656
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Tue Oct 13 13:37:44 2015 +0100

      net: Convert net filter code to use object property iterators

      Stop directly accessing the Object::properties field data
      structure and instead use the formal object property iterator
      APIs. This insulates the code from future data structure
      changes in the Object struct.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Tested-by: Pavel Fedin <p.fedin@xxxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit 9a842f7d3ce421b39c7edbfe2c47efeac5db6c28
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Tue Oct 13 13:37:43 2015 +0100

      ppc: Convert spapr code to use object property iterators

      Stop directly accessing the Object::properties field data
      structure and instead use the formal object property iterator
      APIs. This insulates the code from future data structure
      changes in the Object struct.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Tested-by: Pavel Fedin <p.fedin@xxxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit 2465bc564d39d9b62fa21b3e84313be3b32dbc16
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Tue Oct 13 13:37:42 2015 +0100

      vl: Convert machine help code to use object property iterators

      Stop directly accessing the Object::properties field data
      structure and instead use the formal object property iterator
      APIs. This insulates the code from future data structure
      changes in the Object struct.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Tested-by: Pavel Fedin <p.fedin@xxxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit 1b30c094dcb69273b7661897c067906f81e5b967
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Tue Oct 13 13:37:41 2015 +0100

      qmp: Convert QMP code to use object property iterators

      Stop directly accessing the Object::properties field data
      structure and instead use the formal object property iterator
      APIs. This insulates the code from future data structure
      changes in the Object struct.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Tested-by: Pavel Fedin <p.fedin@xxxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit a00c94824126901168bca5b89147f9e334a49e87
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Tue Oct 13 13:37:40 2015 +0100

      qom: Introduce ObjectPropertyIterator struct for iteration

      Some users of QOM need to be able to iterate over properties
      defined against an object instance. Currently they are just
      directly using the QTAIL macros against the object properties
      data structure.

      This is bad because it exposes them to changes in the data
      structure used to store properties, as well as changes in
      functionality such as ability to register properties against
      the class.

      This provides an ObjectPropertyIterator struct which will
      insulate the callers from the particular data structure
      used to store properties. It can be used thus

        ObjectProperty *prop;
        ObjectPropertyIterator *iter;

        iter = object_property_iter_init(obj);
        while ((prop = object_property_iter_next(iter))) {
            ... do something with prop ...
        }
        object_property_iter_free(iter);

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Tested-by: Pavel Fedin <p.fedin@xxxxxxxxxxx>
      [AF: Fixed examples, style cleanups]
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit 3b6ca4022d150ad273d4cd9556c2f4873389f965
  Author: Ildar Isaev <ild@xxxxxxxx>
  Date:   Wed Mar 4 17:09:46 2015 +0300

      qdev: Change Property::offset field to ptrdiff_t type

      Property::offset field is calculated as a diff between two pointers:

        arrayprop->prop.offset = eltptr - (void *)dev;

      If offset is declared as int, this subtraction can cause type overflow,
      thus leading to failure of the subsequent assertion:

        assert(qdev_get_prop_ptr(dev, &arrayprop->prop) == eltptr);

      So ptrdiff_t should be used instead.

      Signed-off-by: Ildar Isaev <ild@xxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit 8f280309030331a912fd8924c129d8bd59e1bdc7
  Merge: 7199c89 ca4fa82
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Nov 18 17:07:24 2015 +0000

      Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into 
staging

      Block layer patches

      # gpg: Signature made Wed 18 Nov 2015 15:28:32 GMT using RSA key ID 
C88F2FD6
      # gpg: Good signature from "Kevin Wolf <kwolf@xxxxxxxxxx>"

      * remotes/kevin/tags/for-upstream:
        block: Call external_snapshot_clean after blockdev-snapshot
        blockdev: Add missing bdrv_unref() in drive-backup
        iotests: fix race in 030
        nand: fix address overflow

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 48854f57ce3e6aa4bd13368559e5c292e1c44e49
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Wed Nov 18 16:13:54 2015 +0200

      vhost-user: fix log size

      commit 2b8819c6eee517c1582983773f8555bb3f9ed645
      ("vhost-user: modify SET_LOG_BASE to pass mmap size and offset")
      passes log size in units of 4 byte chunks instead of the
      expected size in bytes.

      Fix this up.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 72018d1e1917a56d05e24aedc9f582b7c8385e19
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Tue Nov 17 16:55:17 2015 +0200

      vhost-user: ignore qemu-only features

      Some features (such as ctrl vq) are supported
      by qemu without need to communicate with the
      backend.

      Drop them from the feature mask so we set them
      unconditionally.

      Reported-by: Victor Kaplansky <vkaplans@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 7199c89d8c6bbd0eda2cadb0d3fc7149934202bf
  Merge: ab9b872 08cb175
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Nov 18 16:27:15 2015 +0000

      Merge remote-tracking branch 
'remotes/berrange/tags/qcrypto-fixes-20151118-1' into staging

      Pull qcrypto fixes 2015/11/18 v1

      # gpg: Signature made Wed 18 Nov 2015 15:44:07 GMT using RSA key ID 
15104FDF
      # gpg: Good signature from "Daniel P. Berrange <dan@xxxxxxxxxxxx>"
      # gpg:                 aka "Daniel P. Berrange <berrange@xxxxxxxxxx>"

      * remotes/berrange/tags/qcrypto-fixes-20151118-1:
        crypto: avoid passing NULL to access() syscall
        crypto: fix leaks in TLS x509 helper functions
        crypto: fix mistaken setting of Error in success code path
        crypto: fix leak of gnutls_dh_params_t data on credential unload

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 08cb175a24d642a40e41db2fef2892b0a1ab504e
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Wed Nov 18 15:42:26 2015 +0000

      crypto: avoid passing NULL to access() syscall

      The qcrypto_tls_creds_x509_sanity_check() checks whether
      certs exist by calling access(). It is valid for this
      method to be invoked with certfile==NULL though, since
      for client credentials the cert is optional. This caused
      it to call access(NULL), which happens to be harmless on
      current Linux, but should none the less be avoided.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit ca4fa82fe66076284f702adcfe7c319ebbf909ec
  Merge: 0702d3d 4ad6f3d
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Wed Nov 18 16:27:44 2015 +0100

      Merge remote-tracking branch 
'mreitz/tags/pull-block-for-kevin-2015-11-18' into queue-block

      One block patch for qemu 2.5-rc1.

      # gpg: Signature made Wed Nov 18 16:26:59 2015 CET using RSA key ID 
E838ACAD
      # gpg: Good signature from "Max Reitz <mreitz@xxxxxxxxxx>"

      * mreitz/tags/pull-block-for-kevin-2015-11-18:
        block: Call external_snapshot_clean after blockdev-snapshot

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 4ad6f3db7db154d5274274bd0079d6318367ab16
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Fri Nov 13 15:00:24 2015 +0200

      block: Call external_snapshot_clean after blockdev-snapshot

      Otherwise the AioContext will never be released.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 1447419624-21918-1-git-send-email-berto@xxxxxxxxxx
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit 0702d3d88c2059814212b83f01e14ff3bb7b0c66
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Nov 9 23:39:10 2015 +0100

      blockdev: Add missing bdrv_unref() in drive-backup

      All error paths after a successful bdrv_open() of target_bs should
      contain a bdrv_unref(target_bs). This one did not yet, so add it.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 7b35030eedc26eff82210caa2b0fff2f9d0df453
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Wed Nov 18 14:44:31 2015 +0000

      crypto: fix leaks in TLS x509 helper functions

      The test_tls_get_ipaddr() method forgot to free the returned data
      from getaddrinfo().

      The test_tls_write_cert_chain() method forgot to free the allocated
      buffer holding the certificate data after writing it out to a file.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit 6ef8cd7a4142049707b70b8278aaa9d8ee2bc5f5
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Wed Nov 18 14:42:40 2015 +0000

      crypto: fix mistaken setting of Error in success code path

      The qcrypto_tls_session_check_certificate() method was setting
      an Error even when the ACL check suceeded. This didn't affect
      the callers detection of errors because they relied on the
      function return status, but this did cause a memory leak since
      the caller would not free an Error they did not expect to be
      set.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit 61b9251a3aaa65e65c4aab3a6800e884bb3b82f9
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Wed Nov 18 14:41:35 2015 +0000

      crypto: fix leak of gnutls_dh_params_t data on credential unload

      The QCryptoTLSCredsX509 object was not free'ing the allocated
      gnutls_dh_params_t data when unloading the credentials

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit 01809194a06d8e6c51c3e69600f14355225f4855
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Wed Nov 11 15:27:36 2015 -0500

      iotests: fix race in 030

      the stop_test case tests that we can resume a block-stream
      command after it has stopped/paused due to error. We cannot
      always reliably query it before it finishes after resume, though,
      so make this a conditional.

      The important thing is that we are still testing that it has stopped,
      and that it finishes successfully after we send a resume command.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit a184e74f24f83935c8fc7cd76c06ad0717f89fdb
  Author: Rabin Vincent <rabin.vincent@xxxxxxxx>
  Date:   Tue Nov 10 14:25:47 2015 +0100

      nand: fix address overflow

      The shifts of the address mask and value shift beyond 32 bits when there
      are 5 address cycles.

      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Rabin Vincent <rabin.vincent@xxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit ab9b872ab3147faf3c04e91d525815b9139dd996
  Merge: 6b79f25 ab59e3e
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Nov 18 12:47:29 2015 +0000

      Merge remote-tracking branch 
'remotes/mdroth/tags/qga-pull-2015-11-13-v2-tag' into staging

      qemu-ga patch queue for 2.5

      * fixes for guest-exec gspawn() usage:
        - inherit default lookup path by default instead of
          explicitly defining it as being empty.
        - don't inherit default PATH when PATH/ENV are explicit

      v2:

      * added fix for w32 'make install' target
      * added version check for new g_spawn() flag

      # gpg: Signature made Tue 17 Nov 2015 22:33:03 GMT using RSA key ID 
F108B584
      # gpg: Good signature from "Michael Roth <flukshun@xxxxxxxxx>"
      # gpg:                 aka "Michael Roth <mdroth@xxxxxxxxxx>"
      # gpg:                 aka "Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>"

      * remotes/mdroth/tags/qga-pull-2015-11-13-v2-tag:
        makefile: fix w32 install target for qemu-ga
        qga: allow to lookup in PATH from the passed envp for guest-exec
        qga: fix for default env processing for guest-exec

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 6b79f253a37708f21e8d1cd2831b8d8c03f58989
  Merge: 55db5ee d66a8fa
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Nov 18 12:16:14 2015 +0000

      Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into 
staging

      # gpg: Signature made Tue 17 Nov 2015 20:06:58 GMT using RSA key ID 
AAFC390E
      # gpg: Good signature from "John Snow (John Huston) <jsnow@xxxxxxxxxx>"

      * remotes/jnsnow/tags/ide-pull-request:
        ide: enable buffered requests for PIO read requests
        ide: enable buffered requests for ATAPI devices
        ide: orphan all buffered requests on DMA cancel
        ide: add support for IDEBufferedRequest
        block: add blk_abort_aio_request
        ide/atapi: make PIO read requests async

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit ab59e3ecb2c12fafa89f7bedca7d329a078f3870
  Author: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
  Date:   Sun Nov 15 09:46:06 2015 -0600

      makefile: fix w32 install target for qemu-ga

      fafcaf1 added a 'qemu-ga' install target on w32, which can be used
      in place of the existing qemu-ga.exe target to also handle dealing
      with other components such as DLLs for VSS/fsfreeze and generating
      an MSI package if appropriate configure options are present.

      As part of that, qemu-ga$(EXESUF) was removed from $TOOLS in favor
      of this new qemu-ga target.

      The install rule however relies on a direct mapping of the $TOOLS
      entry to the actual resulting binary. In the case of w32, qemu-ga
      is not identical to qemu-ga$(EXESUF), and the install recipe fails
      to find the 'qemu-ga' binary.

      Fix this by essentially remapping 'qemu-ga' back to 'qemu-ga.exe'
      in the install recipe.

      This raises the question of whether or not qemu-ga should continue
      to live in TOOLS as opposed to its own special target, but as a
      late fix for a regression in 2.5 this commit should be safer, since
      we rely on qemu-ga's presence in $TOOLS in several places throughout
      Makefile.

      Reported-by: Stefan Weil <sw@xxxxxxxxxxx>
      Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Stefan Weil <sw@xxxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 0be40839519215988e207b86bc1638de53567588
  Author: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
  Date:   Thu Nov 12 16:36:21 2015 +0300

      qga: allow to lookup in PATH from the passed envp for guest-exec

      This was original behaviour before GLIB gspawn() rework and we rely on
      this behaviour.

      Signed-off-by: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      CC: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      * add version check (2.33.2) for G_SPAWN_SEARCH_PATH_FROM_ENVP
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 02a4d82e8c19267ad06b08389b5e914ba668450e
  Author: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
  Date:   Thu Nov 12 16:36:20 2015 +0300

      qga: fix for default env processing for guest-exec

      envp == NULL must be passed inside gspawn() if it was not passed with
      the command line. Original code inherits environment from the QGA,
      which is wrong.

      Signed-off-by: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      CC: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 55db5eeeb7aa3328515817dc4e45728580e517a0
  Merge: c27e901 33b5e8c
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 17 22:00:45 2015 +0000

      Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' 
into staging

      X86 fixes, 2015-11-17

      Two X86 fixes, hopefully in time for -rc1.

      # gpg: Signature made Tue 17 Nov 2015 19:06:53 GMT using RSA key ID 
984DC5A6
      # gpg: Good signature from "Eduardo Habkost <ehabkost@xxxxxxxxxx>"

      * remotes/ehabkost/tags/x86-pull-request:
        target-i386: Disable rdtscp on Opteron_G* CPU models
        target-i386: Fix mulx for identical target regs

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit d66a8fa83b00b3b3d631a0e28cdce8c9b5698822
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Tue Nov 17 15:06:39 2015 -0500

      ide: enable buffered requests for PIO read requests

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1447345846-15624-7-git-send-email-pl@xxxxxxx
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

  commit 02506b20b6609ed4ecb09de9900ba9f1dd20b205
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Tue Nov 17 15:06:33 2015 -0500

      ide: enable buffered requests for ATAPI devices

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1447345846-15624-6-git-send-email-pl@xxxxxxx
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

  commit 7cda62087c0baf064486f3d803184c2c3b35c04a
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Tue Nov 17 15:06:29 2015 -0500

      ide: orphan all buffered requests on DMA cancel

      If the guests canceles a DMA request we can prematurely
      invoke all callbacks of buffered requests and flag all them
      as orphaned. Ideally this avoids the need for draining all
      requests. For CDROM devices this works in 100% of all cases.

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1447345846-15624-5-git-send-email-pl@xxxxxxx
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

  commit 1d8c11d631545ee43aff16b0763aff7181b61f20
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Tue Nov 17 15:06:25 2015 -0500

      ide: add support for IDEBufferedRequest

      this patch adds a new aio readv compatible function which copies
      all data through a bounce buffer. These buffered requests can be
      flagged as orphaned which means that their original callback has
      already been invoked and the request has just not been completed
      by the backend storage. The bounce buffer guarantees that guest
      memory corruption is avoided when such a orphaned request is
      completed by the backend at a later stage.

      This trick only works for read requests as a write request completed
      at a later stage might corrupt data as there is no way to control
      if and what data has already been written to the storage.

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1447345846-15624-4-git-send-email-pl@xxxxxxx
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

  commit ca78ecfa72f311cd647b12a41d93e1ce54f18e66
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Tue Nov 17 15:06:21 2015 -0500

      block: add blk_abort_aio_request

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1447345846-15624-3-git-send-email-pl@xxxxxxx
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

  commit 5f81724d80a1492c73d329242663962139db739b
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Tue Nov 17 14:59:52 2015 -0500

      ide/atapi: make PIO read requests async

      PIO read requests on the ATAPI interface used to be sync blk requests.
      This has two significant drawbacks. First the main loop hangs util an
      I/O request is completed and secondly if the I/O request does not
      complete (e.g. due to an unresponsive storage) Qemu hangs completely.

      Note: Due to possible race conditions requests during an ongoing
      elementary transfer are still sync.

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1447345846-15624-2-git-send-email-pl@xxxxxxx
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

  commit 33b5e8c03ae7a62d320d3c5c1104fe297d5c300d
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Fri Nov 13 17:07:13 2015 -0200

      target-i386: Disable rdtscp on Opteron_G* CPU models

      KVM can't virtualize rdtscp on AMD CPUs yet, so there's no point
      in enabling it by default on AMD CPU models, as all we are
      getting are confused users because of the "host doesn't support
      requested feature" warnings.

      Disable rdtscp on Opteron_G* models, but keep compatibility on
      pc-*-2.4 and older (just in case there are people are doing funny
      stuff using AMD CPU models on Intel hosts).

      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 9ecac5dad16722ce2a8c3e88d8eeba5794990031
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Nov 17 12:41:47 2015 +0100

      target-i386: Fix mulx for identical target regs

      The Intel specification clearly indicates that the low part
      of the result is written first and the high part of the result
      is written second; thus if ModRM:reg and VEX.vvvv are identical,
      the final result should be the high part of the result.

      At present, TCG may either produce incorrect results or crash
      with --enable-checking.

      Reported-by: Toni Nedialkov <farmdve@xxxxxxxxx>
      Reported-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 7ebcfe569211f6ff5402b558b85e2ce1e1066cf6
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Tue Nov 17 13:55:48 2015 +0200

      specs/vhost-user: fix spec to match reality

      We wanted to start/stop rings on VRING_ENABLE, but that is not what QEMU
      does. Rather than tweaking code some more, with risk to stability, let's
      just document it as it is.

      We'll be  able to fix this in the future with a new protocol feature bit.

      Reported-by: Victor Kaplansky <victork@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 5c93c47338dbaa8a21a8ccc9d95dc5ade3f7fa19
  Author: Victor Kaplansky <victork@xxxxxxxxxx>
  Date:   Tue Nov 17 12:04:06 2015 +0200

      tests/vhost-user-bridge: implement logging of dirty pages

      During migration devices continue writing to the guest's memory.
      The writes has to be reported to QEMU. This change implements
      minimal support in vhost-user-bridge required for successful
      migration of a guest with virtio-net device.

      Signed-off-by: Victor Kaplansky <victork@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 8d211f622b11ac2877c344f29de284d5a842d9d7
  Author: Bandan Das <bsd@xxxxxxxxxx>
  Date:   Fri Nov 13 01:55:48 2015 -0500

      i440fx: print an error message if user tries to enable iommu

      There's no indication of any sort that i440fx doesn't support
      "iommu=on"

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Bandan Das <bsd@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Bandan Das <bsd@xxxxxxxxxx>

  commit 1f8431f42d833e8914f2d16ce4a49b7b72b90db0
  Author: Bandan Das <bsd@xxxxxxxxxx>
  Date:   Fri Nov 13 01:55:47 2015 -0500

      q35: Check propery to determine if iommu is set

      The helper function machine_iommu() isn't necesary. We can
      directly check for the property.

      Signed-off-by: Bandan Das <bsd@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Bandan Das <bsd@xxxxxxxxxx>

  commit c27e9014d56fa4880e7d741275d887c3a5949997
  Merge: 9be060f 382e173
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 17 12:34:07 2015 +0000

      Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20151116-1' 
into staging

      vnc: buffer code improvements, bugfixes.

      # gpg: Signature made Mon 16 Nov 2015 17:20:02 GMT using RSA key ID 
D3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann <gerd@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@xxxxxxxxx>"

      * remotes/kraxel/tags/pull-vnc-20151116-1:
        vnc: fix mismerge
        buffer: allow a buffer to shrink gracefully
        buffer: factor out buffer_adj_size
        buffer: factor out buffer_req_size
        vnc: recycle empty vs->output buffer
        vnc: fix local state init
        vnc: only alloc server surface with clients connected
        vnc: use vnc_{width,height} in vnc_set_area_dirty
        vnc: factor out vnc_update_server_surface
        vnc: add vnc_width+vnc_height helpers
        vnc: zap dead code
        vnc-jobs: move buffer reset, use new buffer move
        vnc: kill jobs queue buffer
        vnc: attach names to buffers
        buffer: add tracing
        buffer: add buffer_shrink
        buffer: add buffer_move
        buffer: add buffer_move_empty
        buffer: add buffer_init
        buffer: make the Buffer capacity increase in powers of two

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 9be060f5278dc0d732ebfcf2bf0a293f88b833eb
  Merge: 361cb26 10f5a72
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 17 11:33:38 2015 +0000

      Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
into staging

      # gpg: Signature made Tue 17 Nov 2015 11:13:05 GMT using RSA key ID 
81AB73C8
      # gpg: Good signature from "Stefan Hajnoczi <stefanha@xxxxxxxxxx>"
      # gpg:                 aka "Stefan Hajnoczi <stefanha@xxxxxxxxx>"

      * remotes/stefanha/tags/block-pull-request:
        virtio-blk: Fix double completion for werror=stop
        block: make 'stats-interval' an array of ints instead of a string
        aio-epoll: Fix use-after-free of node
        disas/arm: avoid clang shifting negative signed warning
        tpm: avoid clang shifting negative signed warning
        tests: Ignore recent test binaries
        docs: update bitmaps.md

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 10f5a72f70862d299ddbdf226d6dc71fa4ae34dd
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Tue Nov 17 18:20:11 2015 +0800

      virtio-blk: Fix double completion for werror=stop

      When a request R is absorbed by request M, it is appended to the
      "mr_next" queue led by M, and is completed together with the completion
      of M, in virtio_blk_rw_complete.

      During DMA restart in virtio_blk_dma_restart_bh, requests in s->rq are
      parsed and submitted again, possibly with a stale req->mr_next. It could
      be a problem if the request merging in virtio_blk_handle_request hasn't
      refreshed every mr_next pointer, in which case, virtio_blk_rw_complete
      could walk through unexpected requests following the stale pointers.

      Fix this by unsetting the pointer in virtio_blk_rw_complete. It is safe
      because this req is either completed and freed right away, or it will be
      restarted and parsed from scratch out of the vq later.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 40119effc5c36dbd0ca19ca85a5897d5b3d37d6d
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Mon Nov 16 11:28:38 2015 +0200

      block: make 'stats-interval' an array of ints instead of a string

      This is the natural JSON representation and prevents us from having to
      decode the list manually.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
0e3da8fa206f4ab534ae3ce6086e75fe84f1557e.1447665472.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 0ed39f3df2d3cf7f0fc3468b057f952a3b251ad9
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Mon Nov 16 14:32:14 2015 +0800

      aio-epoll: Fix use-after-free of node

      aio_epoll_update needs the fields in node, so delay the free.

      Reported-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1447655534-13974-1-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 02460c3b4287776062715b95c59cd8829015615d
  Author: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
  Date:   Tue Nov 10 15:57:35 2015 +0000

      disas/arm: avoid clang shifting negative signed warning

      clang 3.7.0 on x86_64 warns about the following:

        disas/arm.c:1782:17: warning: shifting a negative signed value is 
undefined [-Wshift-negative-value]
          imm |= (-1 << 7);
                  ~~ ^

      Note that this patch preserves the tab indent in this source file
      because the surrounding code still uses tabs.

      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 886ce6f8b6ede74eb04314ef62d15bcdf5df7ef1
  Author: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
  Date:   Tue Nov 10 15:57:34 2015 +0000

      tpm: avoid clang shifting negative signed warning

      clang 3.7.0 on x86_64 warns about the following:

        hw/tpm/tpm_tis.c:1000:36: warning: shifting a negative signed value is 
undefined [-Wshift-negative-value]
                  tis->loc[c].iface_id = TPM_TIS_IFACE_ID_SUPPORTED_FLAGS1_3;
                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        hw/tpm/tpm_tis.c:144:10: note: expanded from macro 
'TPM_TIS_IFACE_ID_SUPPORTED_FLAGS1_3'
           (~0 << 4)/* all of it is don't care */)
            ~~ ^

      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit a12e52a151ab48fbfe462110a36d2399713271e6
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 12 20:47:03 2015 -0700

      tests: Ignore recent test binaries

      Commits 6c6f312d and bd797fc1 added new tests (test-blockjob-txn
      and test-timed-average, respectively), but did not mark them for
      exclusion in .gitignore.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1447386423-13160-1-git-send-email-eblake@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit c4c2daa1ae9ed03c6dd78477a9b132edbce9e08c
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Tue Nov 10 18:00:17 2015 -0500

      docs: update bitmaps.md

      Include new error handling scenarios for 2.5.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-id: 1447196417-26081-1-git-send-email-jsnow@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 361cb26827ffd5f24af05b0e473ecd82d6a33bde
  Merge: c257779 513e7cd
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 17 10:20:25 2015 +0000

      Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-11-17' 
into staging

      QAPI patches

      # gpg: Signature made Tue 17 Nov 2015 08:28:24 GMT using RSA key ID 
EB918653
      # gpg: Good signature from "Markus Armbruster <armbru@xxxxxxxxxx>"
      # gpg:                 aka "Markus Armbruster <armbru@xxxxxxxxxxxx>"

      * remotes/armbru/tags/pull-qapi-2015-11-17:
        input: Document why x-input-send-event is still experimental
        qapi: Document introspection stability considerations

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 513e7cdbaeec56c77e4cf26f151d7ee79f3a6be9
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 12 11:50:43 2015 -0700

      input: Document why x-input-send-event is still experimental

      The x-input-send-event command was introduced in 2.2 with mention
      that it is experimental, but now that several releases have elapsed
      without any changes, it would be nice to document why that was done
      and should still remain experimental in 2.5.

      Meanwhile, our documentation states that we prefer 'lower-case',
      rather than 'CamelCase', for qapi enum values.  The InputButton and
      InputAxis enums violate this convention.  However, because they are
      currently used primarily for generating code that is used internally;
      and their only exposure through QMP is via the experimental
      'x-input-send-event' command, we are free to change their spelling.
      Of course, it would be nicer to delay such a change until the same
      time we promote the command to non-experimental.  Adding
      documentation will help us remember to do that rename.

      We have plans to tighten the qapi generator to flag instances of
      inconsistent use of naming conventions; if that lands first, it
      will just need to whitelist these exceptions until the time we
      settle on the final interface.

      Fix a typo in the docs for InputAxis while at it.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1447354243-31825-1-git-send-email-eblake@xxxxxxxxxx>
      Reviewed-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 39a65e2c243978a480e03cab865462d98873fc3c
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Wed Nov 11 10:50:02 2015 -0700

      qapi: Document introspection stability considerations

      We are not ready (and might never be ready) to declare
      introspection stable between releases. Clients written to
      control multiple versions of qemu, and desiring to know
      whether a particular member is supported for a given
      command, must be prepared to locate that member in spite
      of qapi changes that may affect the member's location or
      type within the overall object, even though such changes
      did not break QMP wire back-compatibility.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1447264202-19554-1-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit dc3db6adde329548771ab2addc2ef8376b2b8b32
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Mon Nov 16 18:40:18 2015 +0200

      vhost-user: start/stop all rings

      We are currently only sending VRING_ENABLE message for the first ring,
      that's wrong: we must start/stop them all.

      Reported-by: Victor Kaplansky <victork@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 5421f318ecc82294ad089fd54924df787b67c971
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Mon Nov 16 13:55:53 2015 +0200

      vhost-user: print original request on error

      When we get an unexpected response, print out
      the original request.
      Helps debug protocol errors tremendously.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 87656d50181e1be475303c1b88be6df0963c5bfd
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Mon Nov 16 13:33:36 2015 +0200

      vhost-user-test: support VHOST_USER_SET_VRING_ENABLE

      vhost-user-test is broken now: it assumes
      QEMU sends RESET_OWNER, and we stopped doing that.
      Wait for ENABLE_RING with 0 instead.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit c257779e2a586043a1480bb7e96fb6bcd0129634
  Merge: bc7c6c1 ba060c5
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Nov 16 12:09:47 2015 +0000

      Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20151116' 
into staging

      seccomp branch queue

      # gpg: Signature made Mon 16 Nov 2015 08:50:28 GMT using RSA key ID 
12F8BD2F
      # gpg: Good signature from "Eduardo Otubo (Software Engineer @ 
ProfitBricks) <eduardo.otubo@xxxxxxxxxxxxxxxx>"
      # gpg: WARNING: This key is not certified with a trusted signature!
      # gpg:          There is no indication that the signature belongs to the 
owner.
      # Primary key fingerprint: 1C96 46B6 E1D1 C38A F2EC  3FDE FD0C FF5B 12F8 
BD2F

      * remotes/otubo/tags/pull-seccomp-20151116:
        seccomp: loosen library version dependency
        configure: arm/aarch64: allow enable-seccomp
        seccomp: add cacheflush to whitelist

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit a586e65bbd017ab55fe4149dd1bcba5c3a72bcd1
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Sun Nov 15 21:25:11 2015 +0200

      vhost-user: update spec description

      Clarify logging setup to make sure all clients comply in a way that is
      future-proof.  Document how rings are started/stopped.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Victor Kaplansky <victork@xxxxxxxxxx>

  commit bc7c6c1fec2e9aa1ff6f2e018ed641db1429315c
  Merge: 8337c6c 917158d
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Nov 16 10:14:33 2015 +0000

      Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into 
staging

      # gpg: Signature made Fri 13 Nov 2015 20:16:21 GMT using RSA key ID 
AAFC390E
      # gpg: Good signature from "John Snow (John Huston) <jsnow@xxxxxxxxxx>"

      * remotes/jnsnow/tags/ide-pull-request:
        qtest/ahci: use raw format when qemu-img is absent
        libqos: add qemu-img presence check
        qtest/ahci: always specify image format
        ahci/qtest: don't use tcp sockets for migration tests
        atapi: Prioritize unknown cmd error over BCL error
        atapi: add byte_count_limit helper

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 12b8cbac3c8243b3dd485aaebb82547aefa06adb
  Author: Yuanhan Liu <yuanhan.liu@xxxxxxxxxxxxxxx>
  Date:   Fri Nov 13 15:24:10 2015 +0800

      vhost: don't send RESET_OWNER at stop

      First of all, RESET_OWNER message is sent incorrectly, as it's sent
      before GET_VRING_BASE. And the reset message would let the later call
      get nothing correct.

      And, sending SET_VRING_ENABLE at stop, which has already been done,
      makes more sense than RESET_OWNER.

      Signed-off-by: Yuanhan Liu <yuanhan.liu@xxxxxxxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 923e2d98ede7404882656aeb4364c3964a95db3d
  Author: Yuanhan Liu <yuanhan.liu@xxxxxxxxxxxxxxx>
  Date:   Fri Nov 13 15:24:09 2015 +0800

      vhost: let SET_VRING_ENABLE message depends on protocol feature

      But not depend on PROTOCOL_F_MQ feature bit. So that we could use
      SET_VRING_ENABLE to sign the backend on stop, even if MQ is disabled.

      That's reasonable, since we will have one queue pair at least.

      Signed-off-by: Yuanhan Liu <yuanhan.liu@xxxxxxxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit ba060c53d585d186ff0ac6b181f4b2a867acc210
  Author: dann frazier <dann.frazier@xxxxxxxxxxxxx>
  Date:   Fri Oct 23 15:34:22 2015 -0600

      seccomp: loosen library version dependency

      Drop the libseccomp required version back to 2.1.0, restoring the ability
      to build w/ --enable-seccomp on Ubuntu 14.04.

      Commit 4cc47f8b3cc4f32586ba2f7fce1dc267da774a69 tightened the dependency
      on libseccomp from version 2.1.0 to 2.1.1. This broke building on Ubuntu
      14.04, the current Ubuntu LTS release. The commit message didn't mention
      any specific functional need for 2.1.1, just that it was the most recent
      stable version at the time. I reviewed the changes between 2.1.0 and 
2.1.1,
      but it looks like that update just contained minor fixes and cleanups - no
      obvious (to me) new interfaces or critical bug fixes.

      Signed-off-by: dann frazier <dann.frazier@xxxxxxxxxxxxx>
      Acked-by: Eduardo Otubo <eduardo.otubo@xxxxxxxxxxxxxxxx>

  commit 693e59105d2ce4d6f4c96a2373fec06a24d0e6be
  Author: Andrew Jones <drjones@xxxxxxxxxx>
  Date:   Wed Sep 30 11:59:18 2015 -0400

      configure: arm/aarch64: allow enable-seccomp

      This is a revert of ae6e8ef11e6cb, but with a bit of refactoring,
      and also specifically adding arm/aarch64, rather than all
      architectures. Currently, libseccomp code appears to also support
      mips, ppc, and s390. We could therefore allow qemu to enable
      seccomp for those platforms as well, with additional configure
      patches, given they're tested and proven to work.

      Signed-off-by: Andrew Jones <drjones@xxxxxxxxxx>
      Acked-by: Eduardo Otubo <eduardo.otubo@xxxxxxxxxxxxxxxx>

  commit 47d2067af3424c1a9b1b215dfc6b0c55ac4b3ee7
  Author: Andrew Jones <drjones@xxxxxxxxxx>
  Date:   Mon Nov 2 23:53:26 2015 +0100

      seccomp: add cacheflush to whitelist

      cacheflush is an arm-specific syscall that qemu built for arm
      uses. Add it to the whitelist, but only if we're linking with
      a recent enough libseccomp.

      Signed-off-by: Andrew Jones <drjones@xxxxxxxxxx>

  commit 917158dc3b22924922dc1f3b9d4049a4fc83d926
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Fri Nov 13 14:31:43 2015 -0500

      qtest/ahci: use raw format when qemu-img is absent

      If we don't have the qemu-img tool, use the raw format
      for tests and skip the high-sector LBA48 tests.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1447439479-16775-4-git-send-email-jsnow@xxxxxxxxxx

  commit cb11e7b2f3878575f23d49454c02d8dce35c8d35
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Fri Nov 13 14:31:42 2015 -0500

      libqos: add qemu-img presence check

      To allow tests to optionally exercise additional tests
      that require the qemu-img tool that may not be present
      in all builds.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1447439479-16775-3-git-send-email-jsnow@xxxxxxxxxx

  commit b236b61056ff0a6b69aa2a92cf5bb10a81450753
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Fri Nov 13 14:31:42 2015 -0500

      qtest/ahci: always specify image format

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1447439479-16775-2-git-send-email-jsnow@xxxxxxxxxx

  commit 6d9e7295c5ff6fdd2d7989639b836c6fdc01ac61
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Fri Nov 13 14:31:42 2015 -0500

      ahci/qtest: don't use tcp sockets for migration tests

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1447108074-20609-1-git-send-email-jsnow@xxxxxxxxxx

  commit f36aa12d2f2d5b5a877e38641183259e119e1568
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Fri Nov 13 14:31:42 2015 -0500

      atapi: Prioritize unknown cmd error over BCL error

      If we don't know about the command at all, we need to prioritize
      that failure above the zero byte-count-limit failure.

      This fixes a failure in the sparc64 NetBSD 7.0 installer bootup.

      Reported-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Tested-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Message-id: 1447095959-10046-3-git-send-email-jsnow@xxxxxxxxxx

  commit af0e00db0e389dfa33d597f917a21454643bd314
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Fri Nov 13 14:31:42 2015 -0500

      atapi: add byte_count_limit helper

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Tested-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Message-id: 1447095959-10046-2-git-send-email-jsnow@xxxxxxxxxx

  commit cdadde39a80779b52f72aedf80839cabac975e57
  Author: Roger Pau Monne <roger.pau@xxxxxxxxxx>
  Date:   Fri Nov 13 17:38:06 2015 +0000

      xen: fix usage of xc_domain_create in domain builder

      Due to the addition of HVMlite and the requirement to always provide a
      valid xc_domain_configuration_t, xc_domain_create now always takes an arch
      domain config, which can be NULL in order to mimic previous behaviour.

      Add a small stub called xen_domain_create that encapsulates the correct
      call to xc_domain_create depending on the libxc version detected.

      Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
      Acked-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
      Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

  commit 8337c6cbc37c6b2184f41bab3eaff47d5e68012a
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Nov 13 17:10:36 2015 +0000

      Update version for v2.5.0-rc0 release

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 74fcbd22d20a2fbc1a47a7b00cce5bf98fd7be5f
  Author: Guenter Roeck <linux@xxxxxxxxxxxx>
  Date:   Thu Nov 12 09:54:55 2015 -0800

      hw/misc: Add support for ADC controller in Xilinx Zynq 7000

      Add support for the Xilinx XADC core used in Zynq 7000.

      References:
      - Zynq-7000 All Programmable SoC Technical Reference Manual
      - 7 Series FPGAs and Zynq-7000 All Programmable SoC XADC
        Dual 12-Bit 1 MSPS Analog-to-Digital Converter

      Tested with Linux using QEMU machine xilinx-zynq-a9 with devicetree
      files zynq-zc702.dtb and zynq-zc706.dtb, and kernel configuration
      multi_v7_defconfig.

      Reviewed-by: Alistair Francis <alistair.francis@xxxxxxxxxx>
      Signed-off-by: Guenter Roeck <linux@xxxxxxxxxxxx>
      [ PC changes:
        * Changed macro names to match TRM where possible
        * Made programmers model macro scheme consistent
        * Dropped XADC_ZYNQ_ prefix on local macros
        * Fix ALM field width
        * Update threshold-comparison interrupts in _update_ints()
        * factored out DFIFO pushes into helper. Renamed to "push/pop"
        * Changed xadc_reg to 10 bits and added OOB check.
        * Reduced scope of MCTL reset to just stop channel coms.
        * Added dummy read data to write commands
        * Changed _ to - seperators in string names and filenames
        * Dropped ------------ in header comment
        * Catchall'ed _update_ints() in _write handler.
        * Minor whitespace changes.
        * Use ZYNQ_XADC_FIFO_DEPTH instead of ARRAY_SIZE()
      ]
      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Tested-by: Guenter Roeck <linux@xxxxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit f3bcfc5663646f74e62fe9d3d8774b8f0adda7bf
  Merge: b2df6a7 389775d
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 12 18:08:19 2015 +0000

      Merge remote-tracking branch 
'remotes/juanquintela/tags/migration/20151112' into staging

      migration/next for 20151112

      # gpg: Signature made Thu 12 Nov 2015 16:56:44 GMT using RSA key ID 
5872D723
      # gpg: Good signature from "Juan Quintela <quintela@xxxxxxxxxx>"
      # gpg:                 aka "Juan Quintela <quintela@xxxxxxxxxx>"

      * remotes/juanquintela/tags/migration/20151112:
        migration_init: Fix lock initialisation/make it explicit
        migrate-start-postcopy: Improve text
        Postcopy: Fix TP!=HP zero case
        Finish non-postcopiable iterative devices before package
        migration: Make 32bit linux compile with RDMA
        migration: print ram_addr_t as RAM_ADDR_FMT not %zx

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit b2df6a79df6343d0ed4ea05d83b3ff1d849e8d25
  Merge: cfcc7c1 aece5ed
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 12 17:22:06 2015 +0000

      Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into 
staging

      Block layer patches (rebased Stefan's pull request)

      # gpg: Signature made Thu 12 Nov 2015 15:34:16 GMT using RSA key ID 
C88F2FD6
      # gpg: Good signature from "Kevin Wolf <kwolf@xxxxxxxxxx>"

      * remotes/kevin/tags/for-upstream: (43 commits)
        block: Update copyright of the accounting code
        scsi-disk: Account for failed operations
        macio: Account for failed operations
        ide: Account for failed and invalid operations
        atapi: Account for failed and invalid operations
        xen_disk: Account for failed and invalid operations
        virtio-blk: Account for failed and invalid operations
        nvme: Account for failed and invalid operations
        iotests: Add test for the block device statistics
        block: Use QEMU_CLOCK_VIRTUAL for the accounting code in qtest mode
        qemu-io: Account for failed, invalid and flush operations
        block: New option to define the intervals for collecting I/O statistics
        block: Add average I/O queue depth to BlockDeviceTimedStats
        block: Compute minimum, maximum and average I/O latencies
        block: Allow configuring whether to account failed and invalid ops
        block: Add statistics for failed and invalid I/O operations
        block: Add idle_time_ns to BlockDeviceStats
        util: Infrastructure for computing recent averages
        block: define 'clock_type' for the accounting code
        ide: Account for write operations correctly
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 389775d1f67b2c8f44f9473b1e5363735972e389
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 12 15:38:27 2015 +0000

      migration_init: Fix lock initialisation/make it explicit

      Peter reported a lock error on MacOS after my a82d593b
      patch.

      migrate_get_current does one-time initialisation of
      a bunch of variables.
      migrate_init does reinitialisation even on a 2nd
      migrate after a cancel.

      The problem here was that I'd initialised the mutex
      in migrate_get_current, and the memset in migrate_init
      corrupted it.

      Remove the memset and replace it by explicit initialisation
      of fields that need initialising; this also turns out to be simpler
      than the old code that had to preserve some fields.

      Reported-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Fixes: a82d593b
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit a54d340b9d0902fa73ff9e5541974b9b51fb1d45
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 12 11:34:44 2015 +0000

      migrate-start-postcopy: Improve text

      Improve the text in both the qapi-schema and hmp help to point out
      you need to set the postcopy-ram capability prior to issuing
      migrate-start-postcopy.

      Also fix the text of the migrate_start_postcopy error that
      deals with capabilities.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Acked-by: Jason J. Herne <jjherne@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit cfcc7c144879ebe61ac2472216314fc1331b4450
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Thu Nov 12 11:29:49 2015 -0500

      configure: check for $cxx before use

      I broke this when adding checks for clang++.

      Reported-by: Laurent Vivier <lvivier@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1447345789-840-1-git-send-email-jsnow@xxxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit a3b6ff6d0a7a964c5c7cd5f9a0d5e42752b6347a
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Wed Nov 11 14:02:28 2015 +0000

      Postcopy: Fix TP!=HP zero case

      Where the target page size is different from the host page
      we special case it, but I messed up on the zero case check.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 1c0d249ddf3c75c3992847d0af67f79a1cfd23d2
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Wed Nov 11 14:02:27 2015 +0000

      Finish non-postcopiable iterative devices before package

      Where we have iterable, but non-postcopiable devices (e.g. htab
      or block migration), complete them before forming the 'package'
      but with the CPUs stopped.  This stops them filling up the package.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 80e60c6e1c417aa50a4fed1cb1a2f73885be3bef
  Author: Juan Quintela <quintela@xxxxxxxxxx>
  Date:   Tue Nov 10 17:43:04 2015 +0100

      migration: Make 32bit linux compile with RDMA

      Rest of the file already use that trick. 64bit offsets make no sense in
      32bit archs, but that is ram_addr_t for you.

      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>

  commit 9458ad6b445ff1e886f74ed75cf5050721f93b3e
  Author: Juan Quintela <quintela@xxxxxxxxxx>
  Date:   Tue Nov 10 17:42:05 2015 +0100

      migration: print ram_addr_t as RAM_ADDR_FMT not %zx

      Not all the wold is 64bits (yet).

      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>

  commit ed6c64489ef11d9ac5fb4b4c89d455a4f1ae8083
  Author: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
  Date:   Thu Nov 12 15:10:43 2015 +0000

      target-arm: Update PC before calling gen_helper_check_breakpoints()

      PC should be updated in the CPU state before calling check_breakpoints()
      helper. Otherwise, the helper would not see the correct PC in the CPU
      state if it is not at the start of a TB.

      Signed-off-by: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
      Message-id: 1447176222-16401-1-git-send-email-serge.fdrv@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 8f0da01d189077647adf79618acc3832f77b7918
  Merge: 17e50a7 4652f16
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 12 15:15:30 2015 +0000

      Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

      virtio, vhost: fixes for 2.5

      This fixes a performance regression with virtio 1,
      and makes device stop/start more robust for vhost-user.
      virtio devices on pcie bus now have pcie and pm
      capability, as required by the PCI Express spec.
      migration now works better with virtio 9p.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

      # gpg: Signature made Thu 12 Nov 2015 14:40:42 GMT using RSA key ID 
D28D5469
      # gpg: Good signature from "Michael S. Tsirkin <mst@xxxxxxxxxx>"
      # gpg:                 aka "Michael S. Tsirkin <mst@xxxxxxxxxx>"

      * remotes/mst/tags/for_upstream:
        virtio-9p: add savem handlers
        hw/virtio: Add PCIe capability to virtio devices
        vhost: send SET_VRING_ENABLE at start/stop
        vhost: rename RESET_DEVICE backto RESET_OWNER
        vhost-user: modify SET_LOG_BASE to pass mmap size and offset
        virtio-pci: unbreak queue_enable read
        virtio-pci: introduce pio notification capability for modern device
        virtio-pci: use zero length mmio eventfd for 1.0 notification cap when 
possible
        KVM: add support for any length io eventfd
        memory: don't try to adjust endianness for zero length eventfd
        virtio-pci: fix 1.0 virtqueue migration

      Conflicts:
        include/hw/compat.h
      [Fixed a trivial merge conflict in compat.h]
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit aece5edc96f211eec6febdafc9bbbb99315a2efd
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:18 2015 +0200

      block: Update copyright of the accounting code

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
80a2278e3ec2dafd5daab20a7cb2d6a9b83371e4.1446044838.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit d7628080f3bd074f80666561beadfdd5e2f5b0df
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:17 2015 +0200

      scsi-disk: Account for failed operations

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
0ead7b0e59c22926e033ca12725e3a31985ec46b.1446044838.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit b88b3c8b836ca55d8a4f738deed3b63c0ca84060
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:16 2015 +0200

      macio: Account for failed operations

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
ee6f4fde6a7c1071ca96d4ddd53e4934ff812fcd.1446044838.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit ecca3b397d06a957b18913ff9afc63860001cfdf
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:15 2015 +0200

      ide: Account for failed and invalid operations

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
bf4d6c9c563877e699b0bf42e7eaf8b096c4a35e.1446044838.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit ece2d05ed4adb9a9aa3ca9da0496be769dfb3a25
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:14 2015 +0200

      atapi: Account for failed and invalid operations

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
59dee4e2921b0c79d41c49b67dfb93d32db9f7f9.1446044838.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 57ee366ce9cf8d9f7a52b7b654b9db78fe887349
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:13 2015 +0200

      xen_disk: Account for failed and invalid operations

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
e0cbb96cb0e1f86c37c7ce332efdf02b57b9d365.1446044838.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 01762e03222154fef6d98087ce391aed8a157be5
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:12 2015 +0200

      virtio-blk: Account for failed and invalid operations

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
4f623ce52c9d673d35a043fc2959526b41b685c6.1446044838.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 1753f3dc177a82f8b3c5ea8d2a32737db9411dd4
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:11 2015 +0200

      nvme: Account for failed and invalid operations

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
678dc67da229759d404b44f7cc2bf5ed8bf8ad14.1446044838.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 4214face09bed08279c68a67fa1a4b01be887346
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:10 2015 +0200

      iotests: Add test for the block device statistics

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
0fb8501bbf3666b3d5d3f67fa899729c88f21baf.1446044838.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 918a17a464bac332b14a19d87106acc81e476f05
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:09 2015 +0200

      block: Use QEMU_CLOCK_VIRTUAL for the accounting code in qtest mode

      This patch switches to QEMU_CLOCK_VIRTUAL for the accounting code in
      qtest mode, and makes the latency of the operation constant. This way we
      can perform tests on the accounting code with reproducible results.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
35ed0501450fa572684e9b5e92c361ab6cce565b.1446044838.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 556c2b60714e7dae3ed0eb3488910435263dc09f
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:08 2015 +0200

      qemu-io: Account for failed, invalid and flush operations

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
78a7662a8636e55991737ece50003a2dc5a5f3e0.1446044838.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 2be5506fc85d5fef1abdb2128d446cb0b14b12bc
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:07 2015 +0200

      block: New option to define the intervals for collecting I/O statistics

      The BlockAcctStats structure contains a list of BlockAcctTimedStats.
      Each one of these collects statistics about the minimum, maximum and
      average latencies of all I/O operations in a certain interval of time.

      This patch adds a new "stats-intervals" option that allows defining
      these intervals.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
41cbcd334a61c6157f0f495cdfd21eff6c156f2a.1446044837.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 96e4dedaff9922f87e4ec351d51d3f093198382a
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:06 2015 +0200

      block: Add average I/O queue depth to BlockDeviceTimedStats

      This patch adds two new fields to BlockDeviceTimedStats that track the
      average number of pending read and write requests for a block device.

      The values are calculated for the period of time defined for that
      interval.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
fd31fef53e2714f2f30d59ed58ca2f67ec9ab926.1446044837.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 979e9b03fc8c85d3b78a14410c64cbb16d348095
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:05 2015 +0200

      block: Compute minimum, maximum and average I/O latencies

      This patch keeps track of the minimum, maximum and average latencies
      of I/O operations during a certain interval of time.

      The values are exposed in the BlockDeviceTimedStats structure.

      An option to define the intervals to collect these statistics will be
      added in a separate patch.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
c7382dc89622c64f918d09f32815827772628f8e.1446044837.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 362e9299b34b3101aaa20f20363441c9f055fa5e
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:04 2015 +0200

      block: Allow configuring whether to account failed and invalid ops

      This patch adds two options, "stats-account-invalid" and
      "stats-account-failed", that can be used to decide whether invalid and
      failed I/O operations must be used when collecting statistics for
      latency and last access time.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Message-id: 
ebc7e5966511a342cad428a392c5f5ad56b15213.1446044837.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 7ee12dafe96a86dfa96af38cea1289305e429a55
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:03 2015 +0200

      block: Add statistics for failed and invalid I/O operations

      This patch adds the block_acct_failed() and block_acct_invalid()
      functions to allow keeping track of failed and invalid I/O operations.

      The number of failed and invalid operations is exposed in
      BlockDeviceStats.

      We don't keep track of the time spent on invalid operations because
      they are cancelled immediately when they are started.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
a7256ccb883a86356b1c6c46b5a29ed5448546a5.1446044837.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit cb38fffbc968e797ae32039b1e2c47b940b30cb4
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:02 2015 +0200

      block: Add idle_time_ns to BlockDeviceStats

      This patch adds the new field 'idle_time_ns' to the BlockDeviceStats
      structure, indicating the time that has passed since the previous I/O
      operation.

      It also adds the block_acct_idle_time_ns() call, to ensure that all
      references to the clock type used for accounting are in the same
      place. This will later allow us to use a different clock for iotests.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
7d8cfcf931453e1a2443e6626e8c1edc347c7c8a.1446044837.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit bd797fc15b4290e02c219b7cd6289a33cd6cd18b
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:01 2015 +0200

      util: Infrastructure for computing recent averages

      This module computes the average of a set of values within a time
      window, keeping also track of the minimum and maximum values.

      In order to produce more accurate results it works internally by
      creating two time windows of the same period, offsetted by half of
      that period. Values are accounted on both windows and the data is
      always returned from the oldest one.

      [Add missing util/replay.o to test-timed-average dependencies to fix the
      build.
      --Stefan]

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
201b09c21bbc9c329779d2b2365ee2b9c80dceeb.1446044837.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 5519593c07c71c55b196546a00c08106bd9a100b
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:33:00 2015 +0200

      block: define 'clock_type' for the accounting code

      Its value is still QEMU_CLOCK_REALTIME, but having it in a variable will
      allow us to change its value easily in the future when running in qtest
      mode.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Message-id: 
547485eb841cf9e3b2770c96539ae9ae5996e214.1446044837.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit c618f331d314c34ff2390d2dbd3f926e513c7059
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:32:59 2015 +0200

      ide: Account for write operations correctly

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Message-id: 
2e71323c0875c2b66a8ae22229545e0c013af8d4.1446044837.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 693044ebd20ce8730aae679ff58d52aa8ec60b0a
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 17:32:58 2015 +0200

      xen_disk: Account for flush operations

      Currently both BLKIF_OP_WRITE and BLKIF_OP_FLUSH_DISKCACHE are being
      accounted as write operations.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Message-id: 
7a2a14e3ac62027aa6267a6c02abc70717be9c0a.1446044837.git.berto@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 6c6f312dd752c74c124ecfc4c34e8aaf7254c3b8
  Author: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
  Date:   Thu Nov 5 18:13:20 2015 -0500

      tests: add BlockJobTxn unit test

      The BlockJobTxn unit test verifies that both single jobs and pairs of
      jobs behave as a transaction group.  Either all jobs complete
      successfully or the group is cancelled.

      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1446765200-3054-15-git-send-email-jsnow@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit fc6c796ff2b049303473702d1ade9196d1843f5d
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Thu Nov 5 18:13:19 2015 -0500

      iotests: 124 - transactional failure test

      Use a transaction to request an incremental backup across two drives.
      Coerce one of the jobs to fail, and then re-run the transaction.

      Verify that no bitmap data was lost due to the partial transaction
      failure.

      To support the 'err-cancel' QMP argument name it's necessary for
      transaction_action() to convert underscores in Python argument names
      to hyphens for QMP argument names.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1446765200-3054-14-git-send-email-jsnow@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 94d16a640a1058653327392e08c6d39eeba1e499
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Thu Nov 5 18:13:18 2015 -0500

      block: add transactional properties

      Add both transactional properties to the QMP transactional interface,
      and add the BlockJobTxn that we create as a result of the err-cancel
      property to the BlkActionState structure.

      [split up from a patch originally by Stefan and Fam. --js]
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1446765200-3054-13-git-send-email-jsnow@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 78f51fde88d1925b5ae51ba789339baa9ff72ad1
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Thu Nov 5 18:13:17 2015 -0500

      block: Add BlockJobTxn support to backup_run

      Allow a BlockJobTxn to be passed into backup_run, which
      will allow the job to join a transactional group if present.

      Propagate this new parameter outward into new QMP helper
      functions in blockdev.c to allow transaction commands to
      pass forward their BlockJobTxn object in a forthcoming patch.

      [split up from a patch originally by Stefan and Fam. --js]
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1446765200-3054-12-git-send-email-jsnow@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit c347b2c62a53b73cf6cc31225feb125d2f20f186
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Thu Nov 5 18:13:16 2015 -0500

      block/backup: Rely on commit/abort for cleanup

      Switch over to the new .commit/.abort handlers for
      cleaning up incremental bitmaps.

      [split up from a patch originally by Stefan and Fam. --js]
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1446765200-3054-11-git-send-email-jsnow@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit c55a832fdddec2c350b585ade0476501f616608d
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Thu Nov 5 18:13:15 2015 -0500

      block: Add block job transactions

      Sometimes block jobs must execute as a transaction group.  Finishing
      jobs wait until all other jobs are ready to complete successfully.
      Failure or cancellation of one job cancels the other jobs in the group.

      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1446765200-3054-10-git-send-email-jsnow@xxxxxxxxxx
      [Rewrite the implementation which is now contained in block_job_completed.
      --Fam]
      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 94db6d2d30962cc0422a69c88c3b3e9981b33e50
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Thu Nov 5 18:13:14 2015 -0500

      blockjob: Simplify block_job_finish_sync

      With job->completed and job->ret to replace BlockFinishData.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1446765200-3054-9-git-send-email-jsnow@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit a689dbf2df74a55d43e3fc4d6aec30ed67ca998f
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Thu Nov 5 18:13:13 2015 -0500

      blockjob: Add "completed" and "ret" in BlockJob

      They are set when block_job_completed is called.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1446765200-3054-8-git-send-email-jsnow@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 57901ecb8e02f03464d5f37bb6edf82e5076812d
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Thu Nov 5 18:13:12 2015 -0500

      blockjob: Add .commit and .abort block job actions

      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1446765200-3054-7-git-send-email-jsnow@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 18930ba3d17866fff6df52ae6d2e54ce5c5ca04b
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Thu Nov 5 18:13:11 2015 -0500

      blockjob: Introduce reference count and fix reference to job->bs

      Add reference count to block job, meanwhile move the ownership of the
      reference to job->bs from the caller (which is released in two
      completion callbacks) to the block job itself. It is necessary for
      block_job_complete_sync to work, because block job shouldn't live longer
      than its bs, as asserted in bdrv_delete.

      Now block_job_complete_sync can be simplified.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1446765200-3054-6-git-send-email-jsnow@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit b976ea3cf591ac994cc17dcf0fc550c9aa9c0f5d
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Thu Nov 5 18:13:10 2015 -0500

      backup: Extract dirty bitmap handling as a separate function

      This will be reused by the coming new transactional completion code.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1446765200-3054-5-git-send-email-jsnow@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 50f43f0ff9a640b901b2657492d642e14a57bd4d
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Thu Nov 5 18:13:09 2015 -0500

      block: rename BlkTransactionState and BdrvActionOps

      These structures are misnomers, somewhat.

      (1) BlockTransactionState is not state for a transaction,
          but is rather state for a single transaction action.
          Rename it "BlkActionState" to be more accurate.

      (2) The BdrvActionOps describes operations for the BlkActionState,
          above. This name might imply a 'BdrvAction' or a 'BdrvActionState',
          which there isn't.
          Rename this to 'BlkActionOps' to match 'BlkActionState'.

      Lastly, update the surrounding in-line documentation and comments
      to reflect the current nature of how Transactions operate.

      This patch changes only comments and names, and should not affect
      behavior in any way.

      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1446765200-3054-4-git-send-email-jsnow@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 749ad5e887e85fd51d83bf4d08ed72858f937fd9
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Thu Nov 5 18:13:08 2015 -0500

      iotests: add transactional incremental backup test

      Test simple usage cases for using transactions to create
      and synchronize incremental backups.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1446765200-3054-3-git-send-email-jsnow@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit df9a681dc9ad41c9cdeb9ecc5d060ba9abd27e01
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Mon Nov 9 18:16:54 2015 +0800

      qed: Implement .bdrv_drain

      The "need_check_timer" is used to clear the "NEED_CHECK" flag in the
      image header after a grace period once metadata update has finished. In
      compliance to the bdrv_drain semantics we should make sure it remains
      deleted once .bdrv_drain is called.

      We cannot reuse qed_need_check_timer_cb because here it doesn't satisfy
      the assertion.  Do the "plug" and "flush" calls manually.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Message-id: 1447064214-29930-10-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 67da1dc5ce696c7b309b1db100da7d94292847b7
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Mon Nov 9 18:16:53 2015 +0800

      block: Introduce BlockDriver.bdrv_drain callback

      Drivers can have internal request sources that generate IO, like the
      need_check_timer in QED. Since we want quiesced periods that contain
      nested event loops in block layer, we need to have a way to disable such
      event sources.

      Block drivers must implement the "bdrv_drain" callback if it has any
      internal sources that can generate I/O activity, like a timer or a
      worker thread (even in a library) that can schedule QEMUBH in an
      asynchronous callback.

      Update the comments of bdrv_drain and bdrv_drained_begin accordingly.

      Like bdrv_requests_pending(), we should consider all the children of bs.
      Before, the while loop just works, as bdrv_requests_pending() already
      tracks its children; now we mustn't miss the callback, so recurse down
      explicitly.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Message-id: 1447064214-29930-9-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 83c98d7b924eab36a0a2c7813731dbef439a91d3
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Mon Nov 9 18:16:52 2015 +0800

      block: Drop BlockDriver.bdrv_ioctl

      Now the callback is not used any more, drop the field along with all
      implementations in block drivers, which are iscsi and raw.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Message-id: 1447064214-29930-8-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 5c5ae76acb024f05b8f021e9f1e10a0299328bdd
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Mon Nov 9 18:16:51 2015 +0800

      block: Emulate bdrv_ioctl with bdrv_aio_ioctl and track both

      Currently all drivers that support .bdrv_aio_ioctl also implement
      .bdrv_ioctl redundantly.  To track ioctl requests in block layer it is
      easier if we unify the two paths, because we'll need to run it in a
      coroutine, as required by tracked_request_begin. While we're at it, use
      .bdrv_aio_ioctl plus aio_poll() to emulate bdrv_ioctl().

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1447064214-29930-7-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 8b45f6878d291646cadc4786ae807e6a42c188b4
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Mon Nov 9 18:16:50 2015 +0800

      block: Add ioctl parameter fields to BlockRequest

      The two fields that will be used by ioctl handling code later are added
      as union, because it's used exclusively by ioctl code which dosn't need
      the four fields in the other struct of the union.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Message-id: 1447064214-29930-6-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 4bb17ab51a78c6daaaa9d6c86d1c890d24c091c4
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Mon Nov 9 18:16:49 2015 +0800

      iscsi: Emulate commands in iscsi_aio_ioctl as iscsi_ioctl

      iscsi_ioctl emulates SG_GET_VERSION_NUM and SG_GET_SCSI_ID. Now that
      bdrv_ioctl() will be emulated with .bdrv_aio_ioctl, replicate the logic
      into iscsi_aio_ioctl to make them consistent.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Message-id: 1447064214-29930-5-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit b1066c875597649be1d1d6db4712bc504b4c4c81
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Mon Nov 9 18:16:48 2015 +0800

      block: Track discard requests

      Both bdrv_discard and bdrv_aio_discard will call into bdrv_co_discard,
      so add tracked_request_begin/end calls around the loop.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Message-id: 1447064214-29930-4-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit cdb5e3155eb323380c59f19fe88e28fedd85d3d8
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Mon Nov 9 18:16:47 2015 +0800

      block: Track flush requests

      Both bdrv_flush and bdrv_aio_flush eventually call bdrv_co_flush, add
      tracked_request_begin and tracked_request_end pair in that function so
      that all flush requests are now tracked.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Message-id: 1447064214-29930-3-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit ebde595ce63369921dbbe1bd16fec0b230050d67
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Mon Nov 9 18:16:46 2015 +0800

      block: Add more types for tracked request

      We'll track more request types besides read and write, change the
      boolean field to an enum.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Message-id: 1447064214-29930-2-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 4652f1640e029e1f2433fa77ba6af285c7cd923a
  Author: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 22 19:38:42 2015 +0200

      virtio-9p: add savem handlers

      We don't support migration of mounted 9p shares. This is handled by a
      migration blocker.

      One would expect, however, to be able to migrate if the share is 
unmounted.
      Unfortunately virtio-9p-device does not register savevm handlers at all !
      Migration succeeds and leaves the guest with a dangling device...

      This patch simply registers migration handlers for virtio-9p-device. 
Whether
      migration is possible or not still depends on the migration blocker.

      Signed-off-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 1811e64c35fe1d9bce77952937a16c001dc08465
  Author: Marcel Apfelbaum <marcel@xxxxxxxxxx>
  Date:   Tue Nov 10 13:41:29 2015 +0200

      hw/virtio: Add PCIe capability to virtio devices

      The virtio devices are converted to PCI-Express
      if they are plugged into a PCI-Express bus and
      the 'modern' protocol is enabled.

      Devices plugged directly into the Root Complex as
      Integrated Endpoints remain PCI.

      Signed-off-by: Marcel Apfelbaum <marcel@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 17e50a72a3aade0eddfebc012a5d7bdd40a03573
  Merge: df1ac44 39bec4f
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 12 14:15:32 2015 +0000

      Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' 
into staging

      # gpg: Signature made Thu 12 Nov 2015 08:01:55 GMT using RSA key ID 
398D6211
      # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) 
<jasowang@xxxxxxxxxx>"
      # gpg: WARNING: This key is not certified with sufficiently trusted 
signatures!
      # gpg:          It is not certain that the signature belongs to the owner.
      # Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 
6211

      * remotes/jasowang/tags/net-pull-request:
        net: netmap: use error_setg() helpers in place of error_report()
        net: netmap: Fix compilation issue
        e1000: Introducing backward compatibility command line parameter
        e1000: Implementing various counters
        e1000: Fixing the packet address filtering procedure
        e1000: Fixing the received/transmitted octets' counters
        e1000: Fixing the received/transmitted packets' counters
        e1000: Trivial implementation of various MAC registers
        e1000: Introduced an array to control the access to the MAC registers
        e1000: Add support for migrating the entire MAC registers' array
        e1000: Cosmetic and alignment fixes
        slirp: Fix type casts and format strings in debug code

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 3a12f32229a046f4d4ab0a3a52fb01d2d5a1ab76
  Author: Yuanhan Liu <yuanhan.liu@xxxxxxxxxxxxxxx>
  Date:   Wed Nov 11 21:24:41 2015 +0800

      vhost: send SET_VRING_ENABLE at start/stop

      Send SET_VRING_ENABLE at start/stop, to give the backend
      an explicit sign of our state.

      Signed-off-by: Yuanhan Liu <yuanhan.liu@xxxxxxxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 60915dc4691768c4dc62458bb3e16c843fab091d
  Author: Yuanhan Liu <yuanhan.liu@xxxxxxxxxxxxxxx>
  Date:   Wed Nov 11 21:24:37 2015 +0800

      vhost: rename RESET_DEVICE backto RESET_OWNER

      This patch basically reverts commit d1f8b30e.

      It turned out that it breaks stuff, so revert it:
          http://lists.nongnu.org/archive/html/qemu-devel/2015-10/msg00949.html

      CC: "Michael S. Tsirkin" <mst@xxxxxxxxxx>
      Reported-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Yuanhan Liu <yuanhan.liu@xxxxxxxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 2b8819c6eee517c1582983773f8555bb3f9ed645
  Author: Victor Kaplansky <victork@xxxxxxxxxx>
  Date:   Wed Nov 11 16:26:02 2015 +0200

      vhost-user: modify SET_LOG_BASE to pass mmap size and offset

      Unlike the kernel, vhost-user application accesses log table by
      mmaping it to its user space. This change adds two new fields to
      VhostUserMsg payload: mmap_size, and mmap_offset and make QEMU to
      pass the to vhost-user application in VHOST_USER_SET_LOG_BASE
      request.

      Signed-off-by: Victor Kaplansky <victork@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 393f04d3ab40d03aa2fde0017ff7f02fc34cbd4e
  Author: Jason Wang <jasowang@xxxxxxxxxx>
  Date:   Fri Nov 6 16:02:49 2015 +0800

      virtio-pci: unbreak queue_enable read

      Guest always get zero when reading queue_enable. This violates
      spec. Fixing this by setting the queue_enable to true during any guest
      writing and setting it to zero during reset.

      Cc: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 9824d2a39d9893ef9bbe71f94efb57da265b73f6
  Author: Jason Wang <jasowang@xxxxxxxxxx>
  Date:   Fri Nov 6 16:02:48 2015 +0800

      virtio-pci: introduce pio notification capability for modern device

      We used to use mmio for notification. This could be slow on some arch
      (e.g on x86 without EPT). So this patch introduces pio bar and a pio
      notification cap for modern device. This ability is enabled through
      property "modern-pio-notify" for virtio pci devices and was disabled
      by default. Management can enable when it thinks it was needed.

      Benchmarks shows almost no obvious difference compared to legacy
      device on machines without ept. Thanks Wenli Quan <wquan@xxxxxxxxxx>
      for the benchmarking.

      Cc: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit bc85ccfdf5cc045588f665c84b5707d7364c8a6c
  Author: Jason Wang <jasowang@xxxxxxxxxx>
  Date:   Fri Nov 6 16:02:47 2015 +0800

      virtio-pci: use zero length mmio eventfd for 1.0 notification cap when 
possible

      We use data match eventfd for 1.0 notification currently. This could
      be slow since software decoding is needed for mmio exit. To speed this
      up, we can switch to use zero length mmio eventfd for 1.0 notification
      since we can examine the queue index directly from the writing
      address. KVM kernel module can utilize this by registering it to fast
      mmio bus which could be as fast as pio on ept capable machine when
      fast mmio is supported by host kernel.

      Lots of improvements were seen on a ept capable machine:

      Guest RX:(TCP)
      size/session/+throughput%/+cpu%/-+per cpu%/
      64/1/+1.6807%/[-16.2421%]/[+21.3984%]/
      64/2/+0.6091%/[-11.0187%]/[+13.0678%]/
      64/4/+0.0553%/[-5.9768%]/[+6.4155%]/
      64/8/+0.1206%/[-4.0057%]/[+4.2984%]/
      256/1/-0.0031%/[-10.1166%]/[+11.2517%]/
      256/2/-0.5058%/[-6.1656%]/+6.0317%]/
      ...

      Guest TX:(TCP)
      size/session/+throughput%/+cpu%/-+per cpu%/
      64/1/[+18.9183%]/-0.2823%/[+19.2550%]/
      64/2/[+13.5714%]/[+2.2675%]/[+11.0533%]/
      64/4/[+13.1070%]/[+2.1817%]/[+10.6920%]/
      64/8/[+13.0426%]/[+2.0887%]/[+10.7299%]/
      256/1/[+36.2761%]/+6.3434%/[+28.1471%]/
      ...
      1024/1/[+44.8873%]/+2.0811%/[+41.9335%]/
      ...
      1024/4/+0.0228%/[-2.2044%]/[+2.2774%]/
      ...
      16384/2/+0.0127%/[-5.0346%]/[+5.3148%]/
      ...
      65535/1/[+0.0062%]/[-4.1183%]/[+4.3017%]/
      65535/2/+0.0004%/[-4.2311%]/[+4.4185%]/
      65535/4/+0.0107%/[-4.6106%]/[+4.8446%]/
      65535/8/-0.0090%/[-5.5178%]/[+5.8306%]/

      Latency:(TCP_RR)
      size/session/+transaction rate%/+cpu%/-+per cpu%/
      64/1/[+6.5248%]/[-9.2882%]/[+17.4322%]/
      64/25/[+11.0854%]/[+0.8000%]/[+10.2038%]/
      64/50/[+12.1076%]/[+2.4627%]/[+9.4131%]/
      256/1/[+5.3677%]/[+10.5669%]/-4.7024%/
      256/25/[+5.6402%]/-0.8962%/[+6.5955%]/
      256/50/[+5.9685%]/[+1.7766%]/[+4.1188%]/
      4096/1/+0.2508%/[-10.4941%]/[+12.0047%]/
      4096/25/[+1.8533%]/-0.0273%/+1.8812%/
      4096/50/[+1.2156%]/-1.4134%/+2.6667%/

      Notes: data with '[]' is the one whose significance is greater than 95%.

      Thanks Wenli Quan <wquan@xxxxxxxxxx> for the benchmarking.

      Cc: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 351082238d5d45d6836ec94eabe3fe7d72b36f46
  Author: Jason Wang <jasowang@xxxxxxxxxx>
  Date:   Fri Nov 6 16:02:46 2015 +0800

      KVM: add support for any length io eventfd

      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Acked-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit b8aecea23aaccf39da54c77ef248f5fa50dcfbc1
  Author: Jason Wang <jasowang@xxxxxxxxxx>
  Date:   Fri Nov 6 16:02:45 2015 +0800

      memory: don't try to adjust endianness for zero length eventfd

      There's no need to adjust endianness for zero length eventfd since the
      data wrote was actually ignored by kernel. So skip the adjust in this
      case to fix a possible crash when trying to use wildcard mmio eventfd
      in ppc.

      Cc: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Cc: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Acked-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit a6df8adf3edbb3062f087e425564df35077e8410
  Author: Jason Wang <jasowang@xxxxxxxxxx>
  Date:   Fri Nov 6 16:02:44 2015 +0800

      virtio-pci: fix 1.0 virtqueue migration

      We don't migrate the followings fields for virtio-pci:

      uint32_t dfselect;
      uint32_t gfselect;
      uint32_t guest_features[2];
      struct {
          uint16_t num;
          bool enabled;
          uint32_t desc[2];
          uint32_t avail[2];
          uint32_t used[2];
      } vqs[VIRTIO_QUEUE_MAX];

      This will confuse driver if migrating during initialization. Solves
      this issue by:

      - introduce transport specific callbacks to load and store extra
        virtqueue states.
      - add a new subsection for virtio to migrate transport specific modern
        device state.
      - implement pci specific callbacks.
      - add a new property for virtio-pci for whether or not to migrate
        extra state.
      - compat the migration for 2.4 and elder machine types

      Cc: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit df1ac44e9f0c1b1d775c65b6e86fbcac0be77930
  Merge: fd717e7 0a9516c
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 12 13:41:44 2015 +0000

      Merge remote-tracking branch 'remotes/dgibson/tags/ppc-next-20151112' 
into staging

      ppc patch queue -2015-11-12

      Highlights:
         - A number of fixes for MacOS 9 compatibility based on the old MOL
           (Mac-On-Linux) code and a GSoC project.
         - Cleaner and more general way of handling register access from the
           monitor

      # gpg: Signature made Thu 12 Nov 2015 04:33:26 GMT using RSA key ID 
20D9B392
      # gpg: Good signature from "David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>"
      # gpg:                 aka "David Gibson (Red Hat) <dgibson@xxxxxxxxxx>"
      # gpg:                 aka "David Gibson (ozlabs.org) 
<dgibson@xxxxxxxxxx>"
      # gpg: WARNING: This key is not certified with sufficiently trusted 
signatures!
      # gpg:          It is not certain that the signature belongs to the owner.
      # Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 
B392

      * remotes/dgibson/tags/ppc-next-20151112:
        monitor/target-ppc: Define target_get_monitor_def
        cuda.c: add delay to setting of SR_INT bit
        cuda.c: fix T2 timer and enable its interrupt
        cuda.c: rename get_counter() state variable from s to ti for consistency
        cuda.c: refactor get_tb() so that the time can be passed in
        cuda.c: add defines for CUDA registers
        cuda.c: fix CUDA SR interrupt clearing
        cuda.c: implement dummy IIC access commands
        cuda.c: implement simple CUDA_GET_6805_ADDR command
        cuda.c: fix CUDA_PACKET response packet format
        cuda.c: fix CUDA ADB error packet format
        PPC: mac99: Always add USB controller
        PPC: Fix lswx bounds checks
        PPC: Allow Rc bit to be set on mtspr

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit fd717e789010012c5f0537269df19ef19d469baf
  Merge: 2048a2a 52074d0
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 12 13:11:06 2015 +0000

      Merge remote-tracking branch 
'remotes/mdroth/tags/qga-pull-2015-11-11-tag' into staging

      qemu-ga patch queue

      * fix for unintended overwriting of data on w32 using
        guest-file-open with append mode

      # gpg: Signature made Wed 11 Nov 2015 22:14:52 GMT using RSA key ID 
F108B584
      # gpg: Good signature from "Michael Roth <flukshun@xxxxxxxxx>"
      # gpg:                 aka "Michael Roth <mdroth@xxxxxxxxxx>"
      # gpg:                 aka "Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>"

      * remotes/mdroth/tags/qga-pull-2015-11-11-tag:
        qga: fix append file open modes for win32

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 2048a2a49188af7a9df065f7553021f89d8e9ec5
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Thu Nov 12 12:10:18 2015 +0100

      tests: classify some ivshmem tests as slow

      Some tests may take long to run, move them under g_test_slow()
      condition.

      The 5s timeout for the "server" test will have to be adjusted to the worst
      known time (for the records, it takes ~0.2s on my host). The "pair"
      test takes ~1.7, a quickest version could be implemented.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Message-id: 1447326618-11686-1-git-send-email-marcandre.lureau@xxxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit c459343b8552e65398a05581f7ff31a068b5b551
  Merge: 7497b8d 455b0fd
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 12 10:09:14 2015 +0000

      Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2015-11-11' 
into staging

      error: More error_setg() usage

      # gpg: Signature made Wed 11 Nov 2015 17:57:15 GMT using RSA key ID 
EB918653
      # gpg: Good signature from "Markus Armbruster <armbru@xxxxxxxxxx>"
      # gpg:                 aka "Markus Armbruster <armbru@xxxxxxxxxxxx>"

      * remotes/armbru/tags/pull-error-2015-11-11:
        error: More error_setg() usage

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 39bec4f38b028a2cff8c38f3455aef44d7b3b6c4
  Author: Vincenzo Maffione <v.maffione@xxxxxxxxx>
  Date:   Tue Nov 10 10:47:22 2015 +0100

      net: netmap: use error_setg() helpers in place of error_report()

      This update was required to align error reporting of netmap backend
      initialization to the modifications introduced by commit a30ecde.

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Vincenzo Maffione <v.maffione@xxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 54c59b4de584b3467166febb4ff84627a2f29a0e
  Author: Vincenzo Maffione <v.maffione@xxxxxxxxx>
  Date:   Tue Nov 10 10:47:21 2015 +0100

      net: netmap: Fix compilation issue

      Reorganization of struct NetClientOptions (commit e4ba22b) caused a
      compilation failure of the netmap backend. This patch fixes the issue
      by properly accessing the union field.

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Vincenzo Maffione <v.maffione@xxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit ba63ec8594a5dd412182aced07b4bf042403766a
  Author: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
  Date:   Wed Nov 11 15:52:47 2015 +0200

      e1000: Introducing backward compatibility command line parameter

      This follows the previous patches, where support for migrating the
      entire MAC registers' array, and some new MAC registers were introduced.

      This patch introduces the e1000-specific boolean parameter
      "extra_mac_registers", which is on by default. Setting it to off will
      enable migration to older versions of QEMU, but will disable the read
      and write access to the new registers, that were introduced since adding
      the ability to migrate the entire MAC array.

      Example for usage to enable backward compatibility and to disable the
      new MAC registers:

          qemu-system-x86_64 -device e1000,extra_mac_registers=off,... ...

      As mentioned above, the default value is "on".

      Signed-off-by: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Dmitry Fleytman <dmitry.fleytman@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 3b27430177498a1728b6765c70b455900f93d73a
  Author: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
  Date:   Wed Nov 11 15:52:46 2015 +0200

      e1000: Implementing various counters

      This implements the following Statistic registers (various counters)
      according to Intel's specs:

      TSCTC  GOTCL  GOTCH  GORCL  GORCH  MPRC   BPRC   RUC    ROC
      BPTC   MPTC   PTC... PRC...

      PLEASE NOTE: these registers will not be active, nor will migrate, until
      a compatibility flag will be set (in the next patch in this series).

      Signed-off-by: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Dmitry Fleytman <dmitry.fleytman@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 4aeea330f022f45d0dabff6090ecbb98755c2116
  Author: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
  Date:   Wed Nov 11 15:52:45 2015 +0200

      e1000: Fixing the packet address filtering procedure

      Previously, if promiscuous unicast was enabled, a packet was received
      straight away, even if it was a multicast or a broadcast packet. This
      patch fixes that behavior, while making the filtering procedure a bit
      more human-readable.

      Signed-off-by: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Dmitry Fleytman <dmitry.fleytman@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 45e93764711484440e56f580f233009bb3da18bc
  Author: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
  Date:   Wed Nov 11 15:52:44 2015 +0200

      e1000: Fixing the received/transmitted octets' counters

      Previously, these 64-bit registers did not stick at their maximal
      values when (and if) they reached them, as they should do, according to
      the specs.

      This patch introduces a function that takes care of such registers,
      avoiding code duplication, making the relevant parts more compatible
      with the QEMU coding style, while ensuring that in the unlikely case
      of reaching the maximal value, the counter will stick there, as it
      supposed to.

      Signed-off-by: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Dmitry Fleytman <dmitry.fleytman@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 1f67f92c4fdf59a98c2fdf67d3e78deba489a370
  Author: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
  Date:   Wed Nov 11 15:52:43 2015 +0200

      e1000: Fixing the received/transmitted packets' counters

      According to Intel's specs, these counters (as the other Statistic
      registers) stick at 0xffffffff when this maximal value is reached.
      Previously, they would reset after the max. value.

      Signed-off-by: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Dmitry Fleytman <dmitry.fleytman@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 72ea771c9711cba63686d5d3284bc6645d13f7d2
  Author: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
  Date:   Wed Nov 11 15:52:42 2015 +0200

      e1000: Trivial implementation of various MAC registers

      These registers appear in Intel's specs, but were not implemented.
      These registers are now implemented trivially, i.e. they are initiated
      with zero values, and if they are RW, they can be written or read by the
      driver, or read only if they are R (essentially retaining their zero
      values). For these registers no other procedures are performed.

      For the trivially implemented Diagnostic registers, a debug warning is
      produced on read/write attempts.

      PLEASE NOTE: these registers will not be active, nor will migrate, until
      a compatibility flag will be set (in a later patch in this series).

      The registers implemented here are:

      Transmit:
      RW: AIT

      Management:
      RW: WUC     WUS     IPAV    IP6AT*  IP4AT*  FFLT*   WUPM*   FFMT*   FFVT*

      Diagnostic:
      RW: RDFH    RDFT    RDFHS   RDFTS   RDFPC   PBM*    TDFH    TDFT    TDFHS
          TDFTS   TDFPC

      Statistic:
      RW: FCRUC
      R:  RNBC    TSCTFC  MGTPRC  MGTPDC  MGTPTC  RFC     RJC     SCC     ECOL
          LATECOL MCC     COLC    DC      TNCRS   SEC     CEXTERR RLEC    XONRXC
          XONTXC  XOFFRXC XOFFTXC

      Signed-off-by: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Dmitry Fleytman <dmitry.fleytman@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit bc0f0674f037a01f2ce0870ad6270a356a7a8347
  Author: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
  Date:   Wed Nov 11 15:52:41 2015 +0200

      e1000: Introduced an array to control the access to the MAC registers

      The array of uint8_t's which is introduced here, contains access metadata
      about the MAC registers: if a register is accessible, but partly 
implemented,
      or if a register requires a certain compatibility flag in order to be
      accessed. Currently, 6 hypothetical flags are supported (3 exist for e1000
      so far) but in the future, if more than 6 flags will be needed, the 
datatype
      of this array can simply be swapped for a larger one.

      This patch is intended to solve the following current problems:

      1) In a scenario of migration between different versions of QEMU, which
      differ by the MAC registers implemented in them, some registers need not 
to
      be active if a compatibility flag is set, in order to preserve the 
machine's
      state perfectly for the older version. Checking this for each register
      individually, would create a lot of clutter in the code.

      2) Some registers are (or may be) only partly implemented (e.g.
      placeholders that allow reading and writing, but lack other functions).
      In such cases it is better to print a debug warning on read/write 
attempts.
      As above, dealing with this functionality on a per-register level, would
      require longer and more messy code.

      Signed-off-by: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Dmitry Fleytman <dmitry.fleytman@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 9e11773417d98fd2ec961568ec2875063b95569b
  Author: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
  Date:   Wed Nov 11 15:52:40 2015 +0200

      e1000: Add support for migrating the entire MAC registers' array

      This patch makes the migration of the entire array of MAC registers
      possible during live migration. The entire array is just 128 KB long, so
      practically no penalty should be felt when transmitting it, additionally
      to the previously transmitted individual registers. The advantage here is
      eliminating the need to introduce new vmstate subsections in the future,
      when additional MAC registers will be implemented.

      Backward compatibility is preserved by introducing a e1000-specific
      boolean parameter (in a later patch), which will be on by default.
      Setting it to off would enable migration to older versions of QEMU.

      Additionally, this parameter will be used to control the access to the
      extra MAC registers in the future.

      Signed-off-by: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Dmitry Fleytman <dmitry.fleytman@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 20f3e86362758b5085aa17baa7bc109c858acf67
  Author: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
  Date:   Wed Nov 11 15:52:39 2015 +0200

      e1000: Cosmetic and alignment fixes

      This fixes some alignment and cosmetic issues. The changes are made
      in order that the following patches in this series will look like
      integral parts of the code surrounding them, while conforming to the
      coding style. Although some changes in unrelated areas are also made.

      Signed-off-by: Leonid Bloch <leonid.bloch@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Dmitry Fleytman <dmitry.fleytman@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit ecc804cac31cec6cb90feaa459503afda8b38d09
  Author: Stefan Weil <sw@xxxxxxxxxxx>
  Date:   Sat Aug 29 09:12:35 2015 +0200

      slirp: Fix type casts and format strings in debug code

      Casting pointers to long won't work on 64 bit Windows.
      It is not needed with the right format strings.

      Signed-off-by: Stefan Weil <sw@xxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 0a9516c2d6711cb6760a726952bdbbe931fd045c
  Author: Alexey Kardashevskiy <aik@xxxxxxxxx>
  Date:   Thu Nov 12 14:44:23 2015 +1100

      monitor/target-ppc: Define target_get_monitor_def

      At the moment get_monitor_def() returns only registers from statically
      defined monitor_defs array. However there is a lot of BOOK3S SPRs
      which are not in the list and cannot be printed from the monitor.

      This adds a new target platform hook - target_get_monitor_def().
      The hook is called if a register was not found in the static
      array returned by the target_monitor_defs() hook.

      The hook is only defined for POWERPC, it returns registered
      SPRs and fails on unregistered ones providing the user with information
      on what is actually supported on the running CPU. The register value is
      saved as uint64_t as it is the biggest supported register size;
      target_ulong cannot be used because of the stub - it is in a "common"
      code and cannot include "cpu.h", etc; this is also why the hook prototype
      is redefined in the stub instead of being included from some header.

      This replaces static descriptors for GPRs, FPRs, SRs with a helper which
      looks for a value in a corresponding array in the CPUPPCState.
      The immediate effect is that all 32 SRs can be printed now (instead of 
16);
      later this can be reused for VSX or TM registers.

      This replaces callbacks for MSR and XER with static descriptors in
      monitor_defs as they are stored in CPUPPCState.

      While we are here, this adds "cr" as a synonym of "ccr".

      Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit cffc331a3156870d54883bc79e4278472ffd8f1d
  Author: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
  Date:   Wed Nov 11 22:49:51 2015 +0000

      cuda.c: add delay to setting of SR_INT bit

      MacOS 9 is racy when it comes to accessing the shift register. Fix this by
      introducing a small delay between data accesses and raising the SR_INT
      interrupt bit.

      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit a53cfdcca2834ec7e61fd955c4f24ac233c4ec16
  Author: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
  Date:   Wed Nov 11 22:49:50 2015 +0000

      cuda.c: fix T2 timer and enable its interrupt

      Fix the counter loading logic and enable the T2 interrupt when the timer
      expires. Otherwise MacOS 9 hangs on boot.

      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 0174adb611a22bcfeeb123851cf4874e6d922d06
  Author: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
  Date:   Wed Nov 11 22:49:49 2015 +0000

      cuda.c: rename get_counter() state variable from s to ti for consistency

      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit eda14abbb804f8ed2cb903c99ad1852848fa2e42
  Author: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
  Date:   Wed Nov 11 22:49:48 2015 +0000

      cuda.c: refactor get_tb() so that the time can be passed in

      This is in preparation for sharing the code between timers.

      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit b5ac04103bc3b24042418df1a561096187165fd7
  Author: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
  Date:   Wed Nov 11 22:49:47 2015 +0000

      cuda.c: add defines for CUDA registers

      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit d271ae36dc1e292ae140f5bbf23e0fc1392dd325
  Author: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
  Date:   Wed Nov 11 22:49:46 2015 +0000

      cuda.c: fix CUDA SR interrupt clearing

      Make sure that we also clear the data and clock interrupts at the same 
time.

      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit ce8d3b647b5acc2bec19602d9fac87d3da11ae77
  Author: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
  Date:   Wed Nov 11 22:49:45 2015 +0000

      cuda.c: implement dummy IIC access commands

      These are used by MacOS 9 on boot. Here we return an error except for 
4-byte
      commands which write to the IIC bus in a similar manner to MOL.

      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit f1f46f74a9de7298977a3ed668e71843fa904c38
  Author: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
  Date:   Wed Nov 11 22:49:44 2015 +0000

      cuda.c: implement simple CUDA_GET_6805_ADDR command

      This simply returns an empty response with no error status as implemented 
by
      MOL to allow MacOS 9 boot to proceed further.

      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 4202e63c0432c72ba518dd882e99a794620d1665
  Author: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
  Date:   Wed Nov 11 22:49:43 2015 +0000

      cuda.c: fix CUDA_PACKET response packet format

      According to comments in MOL, the response to a CUDA_PACKET should be one 
of
      the following:

      Reply: (CUDA_PACKET, status, cmd)
      Error: (ERROR_PACKET, status, CUDA_PACKET, cmd)

      Update cuda_receive_packet() accordingly to reflect this in order to make
      MacOS 9 happy.

      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 6729aa40135bc96d69b5bf5e65a7d463ef7793e7
  Author: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
  Date:   Wed Nov 11 22:49:42 2015 +0000

      cuda.c: fix CUDA ADB error packet format

      According to MOL, ADB error packets should be of the form (type, status, 
cmd)
      rather than just (type, status). This fixes ADB device detection under 
MacOS 9.

      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 72f1f97d4927f798167855fda7881b0e22756b20
  Author: Alexander Graf <agraf@xxxxxxx>
  Date:   Wed Nov 11 22:49:41 2015 +0000

      PPC: mac99: Always add USB controller

      The mac99 machines always have a USB controller. Usually not having one 
around
      doesn't hurt quite as much, but Mac OS 9 really really wants one or it 
crashes
      on bootup.

      So always add OHCI to make it happy.

      Signed-off-by: Alexander Graf <agraf@xxxxxxx>
      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 488661ee9dd300110a6612d52fe68e2bb3539a5f
  Author: Alexander Graf <agraf@xxxxxxx>
  Date:   Wed Nov 11 22:49:40 2015 +0000

      PPC: Fix lswx bounds checks

      The lswx instruction checks whether the desired string actually fits
      into all defined registers. Unfortunately it does the calculation wrong,
      resulting in illegal instruction traps for loads that really should fit.

      Fix it up, making Mac OS happier.

      Signed-off-by: Alexander Graf <agraf@xxxxxxx>
      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 4248b336d3c1b74e343842c5b478b165d75f5ce8
  Author: Alexander Graf <agraf@xxxxxxx>
  Date:   Wed Nov 11 22:49:39 2015 +0000

      PPC: Allow Rc bit to be set on mtspr

      According to the ISA setting the Rc bit on mtspr is undefined behavior.
      Real 750 hardware simply ignores the bit and doesn't touch cr0 though.

      Unfortunately, Mac OS 9 relies on this fact and executes a few mtspr
      instructions (to set XER for example) with Rc set.

      So let's handle the bit the same way hardware does and ignore it.

      Signed-off-by: Alexander Graf <agraf@xxxxxxx>
      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 7497b8dddcaee5b5f1851434607d0de044012ebe
  Merge: 31e49ac c833d1e
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Nov 11 23:20:07 2015 +0000

      Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into 
staging

      # gpg: Signature made Wed 11 Nov 2015 17:59:33 GMT using RSA key ID 
C0DE3057
      # gpg: Good signature from "Jeffrey Cody <jcody@xxxxxxxxxx>"
      # gpg:                 aka "Jeffrey Cody <jeff@xxxxxxxxxxxxx>"
      # gpg:                 aka "Jeffrey Cody <codyprime@xxxxxxxxx>"

      * remotes/cody/tags/block-pull-request:
        gluster: allocate GlusterAIOCBs on the stack

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 31e49ac192f782d594bbd04070fe79e800b7813f
  Merge: 2869653 3c4c694
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Nov 11 18:23:08 2015 +0000

      Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20151111' into 
staging

      Hopefully last big batch of s390x patches, including:
      - bugfixes for LE host and for pci translation
      - MAINTAINERS update
      - hugetlbfs enablement (kernel patches pending)
      - boot from El Torito iso images on virtio-blk
        (boot from scsi pending)
      - cleanup in the ipl device code

      There's also a helper function for resetting busless devices in the
      qdev core in there.

      # gpg: Signature made Wed 11 Nov 2015 17:49:58 GMT using RSA key ID 
C6F02FAF
      # gpg: Good signature from "Cornelia Huck <huckc@xxxxxxxxxxxxxxxxxx>"
      # gpg:                 aka "Cornelia Huck <cornelia.huck@xxxxxxxxxx>"

      * remotes/cohuck/tags/s390x-20151111:
        s390: deprecate the non-ccw machine in 2.5
        s390x/ipl: switch error reporting to error_setg
        s390x/ipl: clean up qom definitions and turn into TYPE_DEVICE
        qdev: provide qdev_reset_all_fn()
        pc-bios/s390-ccw: rebuild image
        pc-bios/s390-ccw: El Torito 16-bit boot image size field workaround
        pc-bios/s390-ccw: El Torito s390x boot entry check
        pc-bios/s390-ccw: ISO-9660 El Torito boot implementation
        pc-bios/s390-ccw: Always adjust virtio sector count
        s390x/kvm: don't enable CMMA when hugetlbfs will be used
        s390x: switch to memory_region_allocate_system_memory
        MAINTAINERS: update virtio-ccw/s390 git tree
        MAINTAINERS: update s390 file patterns
        s390x/pci : fix up s390 pci iommu translation function
        s390x/css: sense data endianness

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 455b0fde8c38a0794743e2e7c1a40018b7bee9f6
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Nov 10 23:51:20 2015 -0700

      error: More error_setg() usage

      A few uses of error_set(ERROR_CLASS_GENERIC_ERROR) were missed in
      c6bd8c706, or have snuck in since.  Nuke them.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1447224690-9743-19-git-send-email-eblake@xxxxxxxxxx>
      Acked-by: Andreas Färber <afaerber@xxxxxxx>
      [Indentation tidied up, commit message tweaked]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 2869653f23c63c400d3791513b507e9feddbc751
  Merge: 3c07587 4d07c72
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Nov 11 16:43:19 2015 +0000

      Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into 
staging

      Block layer patches

      # gpg: Signature made Wed 11 Nov 2015 16:03:19 GMT using RSA key ID 
C88F2FD6
      # gpg: Good signature from "Kevin Wolf <kwolf@xxxxxxxxxx>"

      * remotes/kevin/tags/for-upstream: (41 commits)
        iotests: Check for quorum support in test 139
        qcow2: Fix qcow2_get_cluster_offset() for zero clusters
        iotests: Add tests for the x-blockdev-del command
        block: Add 'x-blockdev-del' QMP command
        block: Add blk_get_refcnt()
        mirror: block all operations on the target image during the job
        qemu-iotests: fix -valgrind option for check
        qemu-iotests: fix cleanup of background processes
        qemu-io: Correct error messages
        qemu-io: Check for trailing chars
        qemu-io: fix cvtnum lval types
        block: test 'blockdev-snapshot' using a file BDS as the overlay
        block: Remove inner quotation marks in iotest 085
        block: Disallow snapshots if the overlay doesn't support backing files
        throttle: Use bs->throttle_state instead of bs->io_limits_enabled
        throttle: Check for pending requests in throttle_group_unregister_bs()
        qemu-img: add check for zero-length job len
        qcow2: avoid misaligned 64bit bswap
        qemu-iotests: Test the reopening of overlay_bs in 'block-commit'
        commit: reopen overlay_bs before base
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 3c4c694c7ce2d21c0cf17a27cc60c91b6725ce48
  Author: Christian Borntraeger <borntraeger@xxxxxxxxxx>
  Date:   Fri Nov 6 13:07:25 2015 +0100

      s390: deprecate the non-ccw machine in 2.5

      The non-ccw machine for s390 (s390-virtio) is not very well maintained
      and caused several issues in the past:
      - aliases like virtio-blk did not work for s390
      - virtio refactoring failed due to long standing bugs (e.g.see
      commit cb927b8a "s390-virtio: Accommodate guests using virtqueues too 
early")
      - some features like memory hotplug will cause trouble due to virtio 
storage
        being above guest memory
      - the boot loader bios no longer seems to work. the source code of that
        loader is also no longer maintained

      2.4 changed the default to the ccw machine, let's deprecate the old
      machine for 2.5.

      Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Acked-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Message-Id: <1446811645-25565-1-git-send-email-borntraeger@xxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 8f04e88e2cd792e348eb54983ce1a485d5db4f27
  Author: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 8 12:33:28 2015 +0200

      s390x/ipl: switch error reporting to error_setg

      Now that we can report errors in the realize function, let's replace
      the fprintf's and hw_error's with error_setg.

      Signed-off-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 04fccf106e22c4b861398cf2146f5a5b5f18d01e
  Author: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 8 12:32:13 2015 +0200

      s390x/ipl: clean up qom definitions and turn into TYPE_DEVICE

      Let's move the qom definitions of the ipl device into ipl.h, replace
      "s390-ipl" by a proper type define, turn it into a TYPE_DEVICE
      and remove the unneeded class definition.

      Signed-off-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit ff8de0757fc13407c81f002e936031ddc13057e4
  Author: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Jul 21 08:32:07 2015 +0200

      qdev: provide qdev_reset_all_fn()

      For TYPE_DEVICE, the dc->reset() function is not called on system resets
      yet. Until that is changed, we have to manually register a reset handler.
      Let's provide qdev_reset_all_fn(), that can directly be used - just like
      the reset handler that is already available for qbus.

      Reviewed-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Signed-off-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 81a93ee64d78a1933998ff1b95f06b6d67db46fd
  Author: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
  Date:   Thu Nov 5 13:47:38 2015 +0100

      pc-bios/s390-ccw: rebuild image

      Contains:
        pc-bios/s390-ccw: Always adjust virtio sector count
        pc-bios/s390-ccw: ISO-9660 El Torito boot implementation
        pc-bios/s390-ccw: El Torito s390x boot entry check
        pc-bios/s390-ccw: El Torito 16-bit boot image size field workaround

      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 869648e87eeb998cc0ede230f3b7aabfdf0eb2dd
  Author: Maxim Samoylov <max7255@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Oct 12 17:50:20 2015 +0200

      pc-bios/s390-ccw: El Torito 16-bit boot image size field workaround

      Because of El Torito spec flaw boot image size needs to be verified.

      Boot catalog entry size field has 16-bit width, and specifies size
      in 512-byte units.

      Thus, boot image size cannot exceed 32M.

      We actually search for the file to get the file size.

      This is done by scanning the ISO directory tree for the ISO block number
      and reading the file size from the directory entry.

      Signed-off-by: Maxim Samoylov <max7255@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit ba21f0cca8165c5b284274edd12dc955cf4fb248
  Author: Maxim Samoylov <max7255@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Oct 12 17:50:20 2015 +0200

      pc-bios/s390-ccw: El Torito s390x boot entry check

      Boot entry is considered compatible if boot image is Linux kernel
      with matching S390 Linux magic string.

      Empty boot images with sector_count == 0 are considered broken.

      Signed-off-by: Maxim Samoylov <max7255@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 866cac91e06219f473a2900eefef0d1cf242b136
  Author: Maxim Samoylov <max7255@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Oct 12 17:50:20 2015 +0200

      pc-bios/s390-ccw: ISO-9660 El Torito boot implementation

      This patch enables boot from media formatted according to
      ISO-9660 and El Torito bootable CD specification.

      We try to boot from device as ISO-9660 media when SCSI IPL failed.

      The first boot catalog entry with bootable flag is used.

      ISO-9660 media with default 2048-bytes sector size only is supported.

      Signed-off-by: Maxim Samoylov <max7255@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 38150be860434de9d9c76cef71ff5c6b6112ee8f
  Author: Maxim Samoylov <max7255@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Oct 12 17:50:20 2015 +0200

      pc-bios/s390-ccw: Always adjust virtio sector count

      Let's always adjust the sector number to be read using the current
      virtio block size value.

      This prepares for the implementation of IPL from ISO-9660 media.

      Signed-off-by: Maxim Samoylov <max7255@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 4c292a009700755a1e6b234063ef3f2db235aaae
  Author: Dominik Dingel <dingel@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Aug 11 11:12:12 2015 +0200

      s390x/kvm: don't enable CMMA when hugetlbfs will be used

      On hugetlbfs CMMA will not be useful as every ESSA instruction will trap.
      So don't offer CMMA to guests with a hugepages backing.

      Signed-off-by: Dominik Dingel <dingel@xxxxxxxxxxxxxxxxxx>
      Acked-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit ae23a33591056d6349753766047ebc511158da9c
  Author: Dominik Dingel <dingel@xxxxxxxxxxxxxxxxxx>
  Date:   Tue May 12 13:21:30 2015 +0200

      s390x: switch to memory_region_allocate_system_memory

      By replacing memory_region_init_ram with 
memory_region_allocate_system_memory
      we gain goodies like mem-path backends. This will allow us to use 
hugetlbfs
      once the kernel supports it.

      Signed-off-by: Dominik Dingel <dingel@xxxxxxxxxxxxxxxxxx>
      Acked-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 3e9ed24b84c4acdd077904a74eaec6d95cfef928
  Author: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
  Date:   Wed Nov 4 16:08:20 2015 +0100

      MAINTAINERS: update virtio-ccw/s390 git tree

      Let's reference the git branch I actually use, and add Christian's
      git tree.

      Acked-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit c5bfb202bb3bcdc1a368e85fef336e89d6254f8c
  Author: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
  Date:   Wed Nov 4 15:59:55 2015 +0100

      MAINTAINERS: update s390 file patterns

      We were missing some files, and some files should get an additional
      entry to add the people actually looking after the code.

      Reported-by: Thomas Huth <thuth@xxxxxxxxxx>
      Acked-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit dce1b089249f52c053cf74dc3da98aea16656961
  Author: Yi Min Zhao <zyimin@xxxxxxxxxxxxxxxxxx>
  Date:   Wed Oct 28 11:30:23 2015 +0800

      s390x/pci : fix up s390 pci iommu translation function

      On s390x, each pci device has its own iommu, which is only properly
      setup in qemu once the mpcifc instruction used to register the
      translation table has been intercepted. Therefore, for a pci device that
      is not configured or has not been initialized, proper translation is
      neither required nor possible. Moreover, we may not have a host bridge
      device ready yet.

      This was exposed by a recent vfio change that triggers iommu translation
      during the initialization of the vfio pci device. Let's do an early exit
      in that case.

      Reviewed-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Reviewed-by: Jens Freimann <jfrei@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Yi Min Zhao <zyimin@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit b498484ed49ab9d1fcada3468f95dda1a5f59366
  Author: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
  Date:   Wed Nov 4 18:40:54 2015 +0100

      s390x/css: sense data endianness

      We keep the device's sense data in a byte array (following the
      architecture), but the ecws are an array of 32 bit values. If we
      just blindly copy the values, the sense data will change from
      de-facto BE data to de-facto cpu-endian data, which means we end
      up doing an incorrect conversion on LE hosts.

      Let's just explicitly convert to cpu-endianness while assembling
      the irb.

      Reported-by: Andy Lutomirski <luto@xxxxxxxxxx>
      Tested-by: Andy Lutomirski <luto@xxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Reviewed-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>

  commit 52074d0f662fc51293d4cde8077631f754784405
  Author: Kirk Allan <kallan@xxxxxxxx>
  Date:   Tue Nov 10 16:19:11 2015 -0700

      qga: fix append file open modes for win32

      For append file open modes, use FILE_APPEND_DATA for the desired access
      for writing at the end of the file.

      Version 2:
      For "a+", "ab+", and "a+b" modes use FILE_APPEND_DATA|GENERIC_READ.
      ORing in GENERIC_READ starts a read at the begining of the file.  All
      writes will append to the end fo the file.

      Added white space to maintain the alignment of the 
guest_file_open_modes[].

      Signed-off-by: Kirk Allan <kallan@xxxxxxxx>
      Cc: qemu-stable@xxxxxxxxxx
      * use FILE_GENERIC_APPEND macro, which provides same semantics as
        FILE_APPEND_DATA, but retains other flags from GENERIC_WRITE
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 4d07c720f44beafd10907cecfd5b8a57622243c1
  Merge: a9ecfa0 92e6898
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Wed Nov 11 17:02:02 2015 +0100

      Merge remote-tracking branch 
'mreitz/tags/pull-block-for-kevin-2015-11-11' into queue-block

      Block patches from 2015-10-26 until 2015-11-11.

      # gpg: Signature made Wed Nov 11 17:00:50 2015 CET using RSA key ID 
E838ACAD
      # gpg: Good signature from "Max Reitz <mreitz@xxxxxxxxxx>"

      * mreitz/tags/pull-block-for-kevin-2015-11-11:
        iotests: Check for quorum support in test 139
        qcow2: Fix qcow2_get_cluster_offset() for zero clusters
        iotests: Add tests for the x-blockdev-del command
        block: Add 'x-blockdev-del' QMP command
        block: Add blk_get_refcnt()
        mirror: block all operations on the target image during the job
        qemu-iotests: fix -valgrind option for check
        qemu-iotests: fix cleanup of background processes

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 92e68987745b0f89f04d29fe1d0c821010d58ea6
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Tue Nov 10 18:28:11 2015 +0200

      iotests: Check for quorum support in test 139

      The quorum driver is always built in, but it is disabled during
      run-time if there's no SHA256 support available (see commit e94867e).

      This patch skips the quorum test in iotest 139 in that case.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 1447172891-20410-1-git-send-email-berto@xxxxxxxxxx
      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit a99dfb45f26bface6830ee5465e57bcdbc53c6c8
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Wed Nov 4 18:16:24 2015 +0100

      qcow2: Fix qcow2_get_cluster_offset() for zero clusters

      When searching for contiguous zero clusters, we only need to check the
      cluster type. Before this patch, an increasing offset (L2E_OFFSET_MASK)
      was expected, so that the function never returned more than a single
      zero cluster in practice. This patch fixes it to actually return as many
      contiguous zero clusters as it can.

      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Message-id: 1446657384-5907-1-git-send-email-kwolf@xxxxxxxxxx
      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit 342075fd0ec9dce87139d71a81e1dbbe5ab5d021
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Mon Nov 2 16:51:56 2015 +0200

      iotests: Add tests for the x-blockdev-del command

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 
57c3b0d4d0c73ddadd19e5bded9492c359cc4568.1446475331.git.berto@xxxxxxxxxx
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit 81b936ae70e635557af9ca80922ee69146cb5f4c
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Mon Nov 2 16:51:55 2015 +0200

      block: Add 'x-blockdev-del' QMP command

      This command is still experimental, hence the name.

      This is the companion to 'blockdev-add'. It allows deleting a
      BlockBackend with its associated BlockDriverState tree, or a
      BlockDriverState that is not attached to any backend.

      In either case, the command fails if the reference count is greater
      than 1 or the BlockDriverState has any parents.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Message-id: 
6cfc148c77aca1da942b094d811bfa3fcf7ac7bb.1446475331.git.berto@xxxxxxxxxx
      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit f636ae85f3db8ffb987c79715869dba1b8217e8a
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Mon Nov 2 16:51:54 2015 +0200

      block: Add blk_get_refcnt()

      This function returns the reference count of a given BlockBackend.
      For convenience, it returns 0 if the BlockBackend pointer is NULL.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Message-id: 
dfdd8a17dbe3288842840636d2cfe5bb895abcb0.1446475331.git.berto@xxxxxxxxxx
      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit 10f3cd15dd9913f8d959fbd061e6e00c45432093
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Mon Nov 2 16:51:53 2015 +0200

      mirror: block all operations on the target image during the job

      There's nothing preventing the target image from being used by other
      operations during the 'drive-mirror' job, so we should block them all
      until the job is done.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Message-id: 
82b88fd04cde918a08a6f9a4ab85626d7fd7b502.1446475331.git.berto@xxxxxxxxxx
      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit e6c17669eb0868013d9a17050d8eb2d598f06067
  Author: Jeff Cody <jcody@xxxxxxxxxx>
  Date:   Fri Oct 30 15:25:18 2015 -0400

      qemu-iotests: fix -valgrind option for check

      Commit 934659c switched the iotests to run qemu-io from a bash subshell,
      in order to catch segfaults.  This method is incompatible with the
      current valgrind_qemu_io() bash function.

      Move the valgrind usage into the exec subshell in _qemu_io_wrapper(),
      while making sure the original return value is passed back to the
      caller.

      Update test output for tests 039, 061, and 137 as it looks for the
      specific subshell command when the process is terminated.

      Reported-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>
      Message-id: 
0066fd85d26ca641a1c25135ff2479b7985701cf.1446232490.git.jcody@xxxxxxxxxx
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit f6c8c2e055f88e8ed74ac0c185fc9fbca1e1b775
  Author: Jeff Cody <jcody@xxxxxxxxxx>
  Date:   Fri Oct 30 15:25:17 2015 -0400

      qemu-iotests: fix cleanup of background processes

      Commit 934659c switched the iotests to run qemu and qemu-nbd from a bash
      subshell, in order to catch segfaults.  Unfortunately, this means the
      process PID cannot be captured via '$!'. We stopped killing qemu and
      qemu-nbd processes, leaving a lot of orphaned, running qemu processes
      after executing iotests.

      Since the process is using exec in the subshell, the PID is the
      same as the subshell PID.

      Track these PIDs for cleanup using pidfiles in the $TEST_DIR. Only
      track the qemu PID, however, if requested - not all usage requires
      killing the process.

      Reported-by: John Snow <jsnow@xxxxxxxxxx>
      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>
      Message-id: 
9e4f958b3895b7259b98d845bb46f000ba362869.1446232490.git.jcody@xxxxxxxxxx
      [mreitz@xxxxxxxxxx: Replaced '! -z "..."' by '-n "..."']
      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit c833d1e8f5e95762336a823a35ade65a2d0fe587
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Thu Oct 1 13:04:38 2015 +0200

      gluster: allocate GlusterAIOCBs on the stack

      This is simpler now that the driver has been converted to coroutines.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit a9ecfa004f2dd83df612daac4a87dfc3a0feba28
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Thu Nov 5 18:53:04 2015 -0500

      qemu-io: Correct error messages

      Reported-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit ef5a788527b2038d742b057a415ab4d0e735e98f
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Thu Nov 5 18:53:03 2015 -0500

      qemu-io: Check for trailing chars

      Make sure there's not trailing garbage, e.g.
      "64k-whatever-i-want-here"

      Reported-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 9b0beaf3de1396a23d5c287283e6f36c4b5d4385
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Thu Nov 5 18:53:02 2015 -0500

      qemu-io: fix cvtnum lval types

      cvtnum() returns int64_t: we should not be storing this
      result inside of an int.

      In a few cases, we need an extra sprinkling of error handling
      where we expect to pass this number on towards a function that
      expects something smaller than int64_t.

      Reported-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 3fa123d05964b07f9d4d972f131cce847091926d
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Tue Nov 3 12:32:37 2015 +0200

      block: test 'blockdev-snapshot' using a file BDS as the overlay

      This test checks that it is not possible to create a snapshot if the
      requested overlay node is a BDS which does not support backing images.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit f2d7f16f948b2ecfbb039c6bd62d6c7e2d61fac4
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Tue Nov 3 12:32:36 2015 +0200

      block: Remove inner quotation marks in iotest 085

      This patch removes the inner quotation marks in all cases like this:

         cmd=" ... "${variable}" ... "

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 08b24cfe3765f4b739700778814048e7d9a045fe
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Tue Nov 3 12:32:35 2015 +0200

      block: Disallow snapshots if the overlay doesn't support backing files

      This addresses scenarios like this one:

        { 'execute': 'blockdev-add', 'arguments':
          { 'options': { 'driver': 'qcow2',
                         'node-name': 'new0',
                         'file': { 'driver': 'file',
                                   'filename': 'new.qcow2',
                                   'node-name': 'file0' } } } }

        { 'execute': 'blockdev-snapshot', 'arguments':
          { 'node': 'virtio0',
            'overlay': 'file0' } }

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit a0d64a61db602696f4f1895a890c65eda5b3b618
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Nov 4 15:15:36 2015 +0200

      throttle: Use bs->throttle_state instead of bs->io_limits_enabled

      There are two ways to check for I/O limits in a BlockDriverState:

      - bs->throttle_state: if this pointer is not NULL, it means that this
        BDS is member of a throttling group, its ThrottleTimers structure
        has been initialized and its I/O limits are ready to be applied.

      - bs->io_limits_enabled: if true it means that the throttle_state
        pointer is valid _and_ the limits are currently enabled.

      The latter is used in several places to check whether a BDS has I/O
      limits configured, but what it really checks is whether requests
      are being throttled or not. For example, io_limits_enabled can be
      temporarily set to false in cases like bdrv_read_unthrottled() without
      otherwise touching the throtting configuration of that BDS.

      This patch replaces bs->io_limits_enabled with bs->throttle_state in
      all cases where what we really want to check is the existence of I/O
      limits, not whether they are currently enabled or not.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 5ac724184c286b367525035eabf4b8bb4a386c54
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Nov 4 15:15:35 2015 +0200

      throttle: Check for pending requests in throttle_group_unregister_bs()

      throttle_group_unregister_bs() removes a BlockDriverState from its
      throttling group and destroys the timers. This means that there must
      be no pending throttled requests at that point (because it would be
      impossible to complete them), so the caller has to drain them first.

      At the moment throttle_group_unregister_bs() is only called from
      bdrv_io_limits_disable(), which already takes care of draining the
      requests, so there's nothing to worry about, but this patch makes
      this invariant explicit in the documentation and adds the relevant
      assertions.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 62547b8a1c04daf30f50e3db362ade53e22bf222
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Mon Nov 2 18:28:20 2015 -0500

      qemu-img: add check for zero-length job len

      The mirror job doesn't update its total length until
      it has already started running, so we should translate
      a zero-length job-len as meaning 0%.

      Otherwise, we may get divide-by-zero faults.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 95334230637cef9fbd199bb79a56271ec73d4732
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Mon Nov 2 18:32:06 2015 -0500

      qcow2: avoid misaligned 64bit bswap

      If we create a buffer directly on the stack by using 12 bytes, there's
      no guarantee the 64bit value we want to swap will be aligned, which
      could cause errors with undefined behavior.

      Spotted with clang -fsanitize=undefined and observed in iotests 15, 26,
      44, 115 and 121.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit bcdce5a73cb28f32b3ca3a51e8fa89879685e015
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 15:43:50 2015 +0200

      qemu-iotests: Test the reopening of overlay_bs in 'block-commit'

      The 'block-commit' command needs the overlay image of 'top' to
      be opened in read-write mode in order to update the backing file
      string. If 'top' is not the active layer or its backing file then its
      overlay needs to be reopened during the block job.

      This is a test case for that scenario.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 3db2bd5508c86a1605258bc77c9672d93b5c350e
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 28 15:43:49 2015 +0200

      commit: reopen overlay_bs before base

      'block-commit' needs write access to two different nodes of the chain:

      - 'base', because that's where the data is written to.
      - the overlay of 'top', because it needs to update the backing file
        string to point to 'base' after the operation.

      Both images have to be opened in read-write mode, and commit_start()
      takes care of reopening them if necessary.

      With the current implementation, however, when overlay_bs is reopened
      in read-write mode it has the side effect of making 'base' read-only
      again, eventually making 'block-commit' fail.

      This needs to be fixed in bdrv_reopen(), but until we get to that it
      can be worked around simply by swapping the order of base and
      overlay_bs in the reopen queue.

      In order to reproduce this bug, overlay_bs needs to be initially in
      read-only mode. That is: the 'top' parameter of 'block-commit' cannot
      be the active layer nor its immediate backing chain.

      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 89e3a2d86d31212d09ca688193ccecb92c0c77b5
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Mon Oct 26 14:27:17 2015 +0200

      block: add tests for the 'blockdev-snapshot' command

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 43de7e2de07093e47c7f25386aff280875dc3c62
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Mon Oct 26 14:27:16 2015 +0200

      block: add a 'blockdev-snapshot' QMP command

      One of the limitations of the 'blockdev-snapshot-sync' command is that
      it does not allow passing BlockdevOptions to the newly created
      snapshots, so they are always opened using the default values.

      Extending the command to allow passing options is not a practical
      solution because there is overlap between those options and some of
      the existing parameters of the command.

      This patch introduces a new 'blockdev-snapshot' command with a simpler
      interface: it just takes two references to existing block devices that
      will be used as the source and target for the snapshot.

      Since the main difference between the two commands is that one of them
      creates and opens the target image, while the other uses an already
      opened one, the bulk of the implementation is shared.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 3e8c2e57056614933fc5eb022e1d6d0f28071b44
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Mon Oct 26 14:27:15 2015 +0200

      block: support passing 'backing': '' to 'blockdev-add'

      Passing an empty string allows opening an image but not its backing
      file. This was already described in the API documentation, only the
      implementation was missing.

      This is useful for creating snapshots using images opened with
      blockdev-add, since they are not supposed to have a backing image
      before the operation.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit a911e6ae7ce47d51b519d462c1d99d53b37b0f8c
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Mon Oct 26 14:27:14 2015 +0200

      block: rename BlockdevSnapshot to BlockdevSnapshotSync

      We will introduce the 'blockdev-snapshot' command that will require
      its own struct for the parameters, so we need to rename this one in
      order to avoid name clashes.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit a39a24fbb05055d00026eb569ff3f7b868ca8785
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Mon Oct 26 14:27:13 2015 +0200

      block: check for existing device IDs in external_snapshot_prepare()

      The 'snapshot-node-name' parameter of blockdev-snapshot-sync allows
      setting the node name of the image that is going to be created.

      Before creating the image, external_snapshot_prepare() checks that the
      name is not already being used. The check is however incomplete since
      it only considers existing node names, but node names must not clash
      with device IDs either because they share the same namespace.

      If the user attempts to create a snapshot using the name of an
      existing device for the 'snapshot-node-name' parameter the operation
      will eventually fail, but only after the new image has been created.

      This patch replaces bdrv_find_node() with bdrv_lookup_bs() to extend
      the check to existing device IDs, and thus detect possible name
      clashes before the new image is created.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit adfe20303f2a897ce64b77fe579a0c7dc1e81771
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 26 21:39:19 2015 +0100

      iotests: Add test for change-related QMP commands

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit baead0abefa8e95b18e53281ac182c96b24ba0cb
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 26 21:39:18 2015 +0100

      hmp: Add read-only-mode option to change command

      Expose the new read-only-mode option of 'blockdev-change-medium' for the
      'change' HMP command.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 39ff43d9e1f42b1d829a955e546cddab87ac0626
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Wed Nov 11 04:49:44 2015 +0100

      blockdev: read-only-mode for blockdev-change-medium

      Add an option to qmp_blockdev_change_medium() which allows changing the
      read-only status of the block device whose medium is changed.

      Some drives do not have a inherently fixed read-only status; for
      instance, floppy disks can be set read-only or writable independently of
      the drive. Some users may find it useful to be able to therefore change
      the read-only status of a block device when changing the medium.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 1068674927a08cb9f535946abe2f91529b13160c
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 26 21:39:16 2015 +0100

      hmp: Use blockdev-change-medium for change command

      Use separate code paths for the two overloaded functions of the 'change'
      HMP command, and invoke the 'blockdev-change-medium' QMP command if used
      on a block device (by calling qmp_blockdev_change_medium()).

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 24fb4133001e1f54a526f0927837f30c1507169a
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Fri Nov 6 16:27:06 2015 +0100

      qmp: Introduce blockdev-change-medium

      Introduce a new QMP command 'blockdev-change-medium' which is intended
      to replace the 'change' command for block devices. The existing function
      qmp_change_blockdev() is accordingly renamed to
      qmp_blockdev_change_medium().

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit f1f57066573e832438cd87600310589fa9cee202
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 26 21:39:14 2015 +0100

      block: Inquire tray state before tray-moved events

      blk_dev_change_media_cb() is called for all potential tray movements;
      however, it is possible to request closing the tray but nothing actually
      happening (on a floppy disk drive without a medium).

      Thus, the actual tray status should be inquired before sending a
      tray-moved event (and an event should be sent whenever the status
      changed).

      Checking @load is now superfluous; it was necessary because it was
      possible to change a medium without having explicitly opened the tray
      and closed it again (or it might have been possible, at least). This is
      no longer possible, though.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit de2c6c0536c5c5ebb6e0ce7dcfd8fa9476edab52
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 26 21:39:13 2015 +0100

      blockdev: Implement change with basic operations

      Implement 'change' on block devices by calling blockdev-open-tray,
      blockdev-remove-medium, blockdev-insert-medium (a variation of that
      which does not need a node-name) and blockdev-close-tray.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 38f54bd1ee0ed0f13b7326eb79403e320c3a28d3
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 26 21:39:12 2015 +0100

      blockdev: Implement eject with basic operations

      Implement 'eject' by calling blockdev-open-tray and
      blockdev-remove-medium.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit d129988289a885e57aa8790097e2d814764571bd
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 26 21:39:11 2015 +0100

      blockdev: Add blockdev-insert-medium

      And a helper function for that, which directly takes a pointer to the
      BDS to be inserted instead of its node-name (which will be used for
      implementing 'change' using blockdev-insert-medium).

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 2814f67271bce537f29c6a7832f89fd4f1cdaa1a
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 26 21:39:10 2015 +0100

      blockdev: Add blockdev-remove-medium

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit abaaf59d245b6984644497b6745f88912c715c39
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 26 21:39:09 2015 +0100

      blockdev: Add blockdev-close-tray

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 7d8a9f71b9ec9fa295265392218efaf0771d96e0
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 26 21:39:08 2015 +0100

      blockdev: Add blockdev-open-tray

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 38cb18f5b71428fb8a3e3759ac8fa21ac70cb1b5
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 26 21:39:07 2015 +0100

      block: Add functions for inheriting a BBRS

      In order to open a BDS which inherits a BB's root state,
      blk_get_open_flags_from_root_state() is used to inquire the flags to be
      passed to bdrv_open(), and blk_apply_root_state() is used to apply the
      remaining state after the BDS has been opened.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit c69a4dd89989b483b06d765b13e41594c78d32b9
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 26 21:39:06 2015 +0100

      block: Make bdrv_states public

      When inserting a BDS tree into a BB, we will need to add the root BDS to
      this list. Since we will want to do that in the blockdev-insert-medium
      implementation in blockdev.c, we will need access to it there.

      This patch is not exactly elegant, but bdrv_states will be removed in
      the future anyway because we no longer need it since we have BBs.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 1c95f7e1aff8417ff6e6cc23bc2d04fbcf79d37e
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 26 21:39:05 2015 +0100

      block: Add blk_remove_bs()

      This function removes the BlockDriverState associated with the given
      BlockBackend from that BB and sets the BDS pointer in the BB to NULL.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 9f4ed6fbd264a7c097590d830dcfd93996a80acb
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Mon Oct 26 16:46:49 2015 +0200

      block: Don't call blk_bs() twice in bdrv_lookup_bs()

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 3c07587d49458341510360557c849e93e9afaf59
  Merge: d93ae5b b41d320
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Nov 11 09:34:18 2015 +0000

      Merge remote-tracking branch 'remotes/dgibson/tags/ppc-next-20151111' 
into staging

      ppc patch queue - 2015-11-11

      Highlights:
        - Updated SLOF version for "pseries machine
        - Bugfix / cleanup for KVM hash page table allocation

      # gpg: Signature made Wed 11 Nov 2015 02:30:51 GMT using RSA key ID 
20D9B392
      # gpg: Good signature from "David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>"
      # gpg:                 aka "David Gibson (Red Hat) <dgibson@xxxxxxxxxx>"
      # gpg:                 aka "David Gibson (ozlabs.org) 
<dgibson@xxxxxxxxxx>"
      # gpg: WARNING: This key is not certified with sufficiently trusted 
signatures!
      # gpg:          It is not certain that the signature belongs to the owner.
      # Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 
B392

      * remotes/dgibson/tags/ppc-next-20151111:
        spapr: Handle failure of KVM_PPC_ALLOCATE_HTAB ioctl
        ppc: Let kvmppc_reset_htab() return 0 for !CONFIG_KVM
        pseries: Update SLOF firmware image to qemu-slof-20151103
        ppc: Add/Re-introduce MMU model definitions needed by PR KVM

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit b41d320fef705289d2b73f4949731eb2e189161d
  Author: Bharata B Rao <bharata@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Nov 10 10:54:54 2015 +0530

      spapr: Handle failure of KVM_PPC_ALLOCATE_HTAB ioctl

      KVM_PPC_ALLOCATE_HTAB ioctl can return -ENOMEM for KVM guests and QEMU
      never handled this correctly. But this didn't cause any problems till
      now as KVM_PPC_ALLOCATE_HTAB ioctl returned with smaller than requested
      HTAB when enough contiguous memory wasn't available in the host.
      After the proposed kernel change: 
https://patchwork.ozlabs.org/patch/530501/,
      KVM_PPC_ALLOCATE_HTAB ioctl will not fallback to lower sized HTAB
      allocation and will fail if requested HTAB size can't be met.

      Check for such failures in QEMU and abort appropriately. This will
      prevent guest kernel from hanging/freezing during early boot by doing
      graceful exit when host is unable to allocate requested HTAB.

      Signed-off-by: Bharata B Rao <bharata@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit a3166f8f6e9d3928d0b863c7f0dac1cf24b6c004
  Author: Bharata B Rao <bharata@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Nov 10 10:54:53 2015 +0530

      ppc: Let kvmppc_reset_htab() return 0 for !CONFIG_KVM

      The !CONFIG_KVM implementation of kvmppc_reset_htab() returns -1
      by default. Change this to return 0 so that we fall back to user space
      HTAB allocation for emulated guests.

      This fixes the make check failures for ppc64 emulated target.

      Signed-off-by: Bharata B Rao <bharata@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 121048195860f0320a7e1cd5a4b86356082eb9c7
  Author: Alexey Kardashevskiy <aik@xxxxxxxxx>
  Date:   Tue Nov 3 13:20:34 2015 +1100

      pseries: Update SLOF firmware image to qemu-slof-20151103

      The changes are:
      1. supports recent binutils;
      2. 64bit BARs behind PCI bridges supported;
      3. Many fixes for USB keyboard support - keys, XHCI;
      4. virtio-vga support.

      This image was built with:
      gcc version 4.8.3 20140911 (Red Hat 4.8.3-7) (GCC)
      GNU ld version 2.23.2

      The full changelog is:
        > version: update to 20151103
        > documentation: Add a clause about signing off
        > qemu/js2x/client: Support binutils >= 2.25.1
        > Fix special keys on USB
        > Fix function keys on USB
        > pci-scan: program 64-bit mem bar range in pci-bridge bar
        > Allow to build SLOF on Little Endian host
        > usb-xhci: add keyboard support
        > usb-xhci: ready the link trb early
        > usb-xhci: scan usb high speed ports
        > usb-xhci: bulk improve event handling loop
        > usb-xhci: return on allocation failure
        > usb-xhci: add delay in shutdown path
        > usb-xhci: event trbs does not need link trb
        > usb-hid: refactor usb key reading
        > takeover: Fix header includes
        > board-js2x: Add missing file dma-function.fs
        > vga: Add support for virtio-vga
        > qemu-vga: Use MMIO BAR instead of legacy IO ports
        > slof: Change call_c() function to a proper assembler function

      Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit ba3ecda05e933acf6fff618716b6f6d2ed6a5a07
  Author: Bharata B Rao <bharata@xxxxxxxxxxxxxxxxxx>
  Date:   Fri Nov 6 13:12:59 2015 +0530

      ppc: Add/Re-introduce MMU model definitions needed by PR KVM

      Commit aa4bb5875231 (ppc: Add mmu_model defines for arch 2.03 and 2.07)
      removed the mmu_model definition POWERPC_MMU_2_06a which is needed by
      PR KVM. Reintroduce it and also add POWERPC_MMU_2_07a.

      This fixes QEMU crash (qemu: fatal: Unknown MMU model) during booting
      of PR KVM guest.

      Signed-off-by: Bharata B Rao <bharata@xxxxxxxxxxxxxxxxxx>
      Cc: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit d93ae5b69621b7ec6ecfa405ec656d5b5f5e4770
  Merge: a77067f bdd81ad
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 10 22:21:42 2015 +0000

      Merge remote-tracking branch 
'remotes/awilliam/tags/vfio-update-20151110.0' into staging

      VFIO updates 2015-11-10

       - Make Windows happy with vfio-pci devices exposed on conventional
         PCI buses on q35 by hiding PCIe capability (Alex Williamson)
       - Convert to g_new() where appropriate (Markus Armbruster)

      # gpg: Signature made Tue 10 Nov 2015 19:46:41 GMT using RSA key ID 
3BB08B22
      # gpg: Good signature from "Alex Williamson <alex.williamson@xxxxxxxxxx>"
      # gpg:                 aka "Alex Williamson <alex@xxxxxxxxxxx>"
      # gpg:                 aka "Alex Williamson <alwillia@xxxxxxxxxx>"
      # gpg:                 aka "Alex Williamson <alex.l.williamson@xxxxxxxxx>"

      * remotes/awilliam/tags/vfio-update-20151110.0:
        vfio: Use g_new() & friends where that makes obvious sense
        vfio/pci: Hide device PCIe capability on non-express buses for PCIe VMs

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit bdd81addf4033ce26e6cd180b060f63095f3ded9
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Tue Nov 10 12:11:08 2015 -0700

      vfio: Use g_new() & friends where that makes obvious sense

      g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
      for two reasons.  One, it catches multiplication overflowing size_t.
      Two, it returns T * rather than void *, which lets the compiler catch
      more type errors.

      This commit only touches allocations with size arguments of the form
      sizeof(T).  Same Coccinelle semantic patch as in commit b45c03f.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>

  commit 0282abf078c3353a178ab77a115828ce333181dd
  Author: Alex Williamson <alex.williamson@xxxxxxxxxx>
  Date:   Tue Nov 10 12:11:08 2015 -0700

      vfio/pci: Hide device PCIe capability on non-express buses for PCIe VMs

      When we have a PCIe VM, such as Q35, guests start to care more about
      valid configurations of devices relative to the VM view of the PCI
      topology.  Windows will error with a Code 10 for an assigned device if
      a PCIe capability is found for a device on a conventional bus.  We
      also have the possibility of IOMMUs, like VT-d, where the where the
      guest may be acutely aware of valid express capabilities on physical
      hardware.

      Some devices, like tg3 are adversely affected by this due to driver
      dependencies on the PCIe capability.  The only solution for such
      devices is to attach them to an express capable bus in the VM.

      Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>

  commit a77067f6ac9b17beefea506ce5f514072fe3fcf4
  Merge: a1a8858 15b3b8e
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 10 17:49:39 2015 +0000

      Merge remote-tracking branch 
'remotes/juanquintela/tags/migration/20151110' into staging

      migration/next for 20151110

      # gpg: Signature made Tue 10 Nov 2015 14:23:26 GMT using RSA key ID 
5872D723
      # gpg: Good signature from "Juan Quintela <quintela@xxxxxxxxxx>"
      # gpg:                 aka "Juan Quintela <quintela@xxxxxxxxxx>"

      * remotes/juanquintela/tags/migration/20151110: (57 commits)
        migration: qemu_savevm_state_cleanup becomes mandatory operation
        Inhibit ballooning during postcopy
        Disable mlock around incoming postcopy
        End of migration for postcopy
        Postcopy: Mark nohugepage before discard
        postcopy: Wire up loadvm_postcopy_handle_ commands
        Start up a postcopy/listener thread ready for incoming page data
        Postcopy; Handle userfault requests
        Round up RAMBlock sizes to host page sizes
        Host page!=target page: Cleanup bitmaps
        Don't iterate on precopy-only devices during postcopy
        Don't sync dirty bitmaps in postcopy
        postcopy: Check order of received target pages
        Postcopy: Use helpers to map pages during migration
        postcopy_ram.c: place_page and helpers
        Page request: Consume pages off the post-copy queue
        Page request: Process incoming page request
        Page request: Add MIG_RP_MSG_REQ_PAGES reverse command
        Postcopy: End of iteration
        Postcopy: Postcopy startup in migration thread
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 15b3b8eaae8dbcc903bb164311ea0066c77536a7
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Mon Nov 9 10:24:04 2015 +0300

      migration: qemu_savevm_state_cleanup becomes mandatory operation

      since commit
          commit 94f5a43704129ca4995aa3385303c5ae225bde42
          Author: Liang Li <liang.z.li@xxxxxxxxx>
          Date:   Mon Nov 2 15:37:00 2015 +0800

          migration: defer migration_end & blk_mig_cleanup

      when actual .cleanup callbacks calling was removed from complete 
operations.

      The patch fixes regression introduced by the commit above results in
      100% reliable assert for virtio-scsi VM with iothreads enabled during
      'virsh create-snapshot' operation:
          assert(i != mr->ioeventfd_nb);
          memory_region_del_eventfd
          virtio_pci_set_host_notifier_internal
          virtio_pci_set_host_notifier
          virtio_scsi_dataplane_start
          virtio_scsi_handle_cmd
          virtio_queue_notify_vq
          virtio_queue_host_notifier_read
          aio_dispatch

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Liang Li <liang.z.li@xxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      CC: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      CC: Juan Quintela <quintela@xxxxxxxxxx>
      CC: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 371ff5a3f04cd7d05bab49ac6e80da319026d95b
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:23 2015 +0000

      Inhibit ballooning during postcopy

      Postcopy detects accesses to pages that haven't been transferred yet
      using userfaultfd, and it causes exceptions on pages that are 'not
      present'.
      Ballooning also causes pages to be marked as 'not present' when the
      guest inflates the balloon.
      Potentially a balloon could be inflated to discard pages that are
      currently inflight during postcopy and that may be arriving at about
      the same time.

      To avoid this confusion, disable ballooning during postcopy.

      When disabled we drop balloon requests from the guest.  Since ballooning
      is generally initiated by the host, the management system should avoid
      initiating any balloon instructions to the guest during migration,
      although it's not possible to know how long it would take a guest to
      process a request made prior to the start of migration.
      Guest initiated ballooning will not know if it's really freed a page
      of host memory or not.

      Queueing the requests until after migration would be nice, but is
      non-trivial, since the set of inflate/deflate requests have to
      be compared with the state of the page to know what the final
      outcome is allowed to be.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 58b7c17e226aa4d3b943ea22c1d1309126de146b
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:22 2015 +0000

      Disable mlock around incoming postcopy

      Userfault doesn't work with mlock; mlock is designed to nail down pages
      so they don't move, userfault is designed to tell you when they're not
      there.

      munlock the pages we userfault protect before postcopy.
      mlock everything again at the end if mlock is enabled.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit e9bef235d91bff87517770c93d74eb98e5a33278
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:21 2015 +0000

      End of migration for postcopy

      Tweak the end of migration cleanup; we don't want to close stuff down
      at the end of the main stream, since the postcopy is still sending pages
      on the other thread.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit f9527107570853b6a4a0903e4b0733747d02e74a
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:20 2015 +0000

      Postcopy: Mark nohugepage before discard

      Prior to servicing userfault requests we must ensure we've not got
      huge pages in the area that might include non-transferred memory,
      since a hugepage could incorrectly mark the whole huge page as present.

      We mark the area as non-huge page (nhp) just before we perform
      discards; the discard code now tells us to discard any areas
      that haven't been sent (as well as any that are redirtied);
      any already formed transparent-huge-pages get fragmented
      by this discard process if they cotnain any discards.

      Transparent huge pages that have been entirely transferred
      and don't contain any discards are not broken by this mechanism;
      they stay as huge pages.

      By starting postcopy after a full precopy pass, many of the pages
      then stay as huge pages; this is important for maintaining performance
      after the end of the migration.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 27c6825bd3749758fb9fcad44f3759f593be8506
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:19 2015 +0000

      postcopy: Wire up loadvm_postcopy_handle_ commands

      Wire up more of the handlers for the commands on the destination side,
      in particular loadvm_postcopy_handle_run now has enough to start the
      guest running.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit c76201ab52b1dd53823cd81449d17b72224f1623
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:18 2015 +0000

      Start up a postcopy/listener thread ready for incoming page data

      The loading of a device state (during postcopy) may access guest
      memory that's still on the source machine and thus might need
      a page fill; split off a separate thread that handles the incoming
      page data so that the original incoming migration code can finish
      off the device data.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit c4faeed2313e2bf9aa3694544bd211c15e28c164
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:17 2015 +0000

      Postcopy; Handle userfault requests

      userfaultfd is a Linux syscall that gives an fd that receives a stream
      of notifications of accesses to pages registered with it and allows
      the program to acknowledge those stalls and tell the accessing
      thread to carry on.

      We convert the requests from the kernel into messages back to the
      source asking for the pages.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 4ed023ce2a39ab5812d33cf4d819def168965a7f
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:16 2015 +0000

      Round up RAMBlock sizes to host page sizes

      RAMBlocks that are not a multiple of host pages in length
      cause problems for postcopy (I've seen an ACPI table on aarch64
      be 5k in length - i.e. 5x target-page), so round RAMBlock sizes
      up to a host-page.

      This potentially breaks migration compatibility due to changes
      in RAMBlock sizes; however:
         1) x86 and s390 I think always have host=target page size
         2) When I've tried on Power the block sizes already seem aligned.
         3) I don't think there's anything else that maintains per-version
            machine-types for compatibility.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 99e314ebca8c7b3450e4beaa95117c63d8f2f393
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:15 2015 +0000

      Host page!=target page: Cleanup bitmaps

      Prior to the start of postcopy, ensure that everything that will
      be transferred later is a whole host-page in size.

      This is accomplished by discarding partially transferred host pages
      and marking any that are partially dirty as fully dirty.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 35ecd943e7ea8a29b6cc6872ad8ba620e91b4407
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:14 2015 +0000

      Don't iterate on precopy-only devices during postcopy

      During the postcopy phase we must not call the iterate method on
      precopy-only devices, since they may have done some cleanup during
      the _complete call at the end of the precopy phase.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 663e6c1df8721960c0a3bb6cd5dd047b610c3bad
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:13 2015 +0000

      Don't sync dirty bitmaps in postcopy

      Once we're in postcopy the source processors are stopped and memory
      shouldn't change any more, so there's no need to look at the dirty
      map.

      There are two notes to this:
        1) If we do resync and a page had changed then the page would get
           sent again, which the destination wouldn't allow (since it might
           have also modified the page)
        2) Before disabling this I'd seen very rare cases where a page had been
           marked dirtied although the memory contents are apparently identical

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit c53b7ddc61198c4af8290d6310592e48e3507c47
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:12 2015 +0000

      postcopy: Check order of received target pages

      Ensure that target pages received within a host page are in order.
      This shouldn't trigger, but in the cases where the sender goes
      wrong and sends stuff out of order it produces a corruption that's
      really nasty to debug.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit a71808772acbea54df8ebf3680f01884f7383198
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:11 2015 +0000

      Postcopy: Use helpers to map pages during migration

      In postcopy, the destination guest is running at the same time
      as it's receiving pages; as we receive new pages we must put
      them into the guests address space atomically to avoid a running
      CPU accessing a partially written page.

      Use the helpers in postcopy-ram.c to map these pages.

      qemu_get_buffer_in_place is used to avoid a copy out of qemu_file
      in the case that postcopy is going to do a copy anyway.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 696ed9a9b3fee2d033d7b049ba2e6568860a25d1
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:10 2015 +0000

      postcopy_ram.c: place_page and helpers

      postcopy_place_page (etc) provide a way for postcopy to place a page
      into guests memory atomically (using the copy ioctl on the ufd).

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit a82d593b61054b3dea431ef829977000d772a252
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:09 2015 +0000

      Page request: Consume pages off the post-copy queue

      When transmitting RAM pages, consume pages that have been queued by
      MIG_RPCOMM_REQPAGE commands and send them ahead of normal page scanning.

      Note:
        a) After a queued page the linear walk carries on from after the
      unqueued page; there is a reasonable chance that the destination
      was about to ask for other closeby pages anyway.

        b) We have to be careful of any assumptions that the page walking
      code makes, in particular it does some short cuts on its first linear
      walk that break as soon as we do a queued page.

        c) We have to be careful to not break up host-page size chunks, since
      this makes it harder to place the pages on the destination.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 6c595cdee116dc46b0d4d7d632a426681ae66ad9
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:08 2015 +0000

      Page request: Process incoming page request

      On receiving MIG_RPCOMM_REQ_PAGES look up the address and
      queue the page.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 1e2d90ebc54531c416a6765849308c8476d98f2d
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:07 2015 +0000

      Page request: Add MIG_RP_MSG_REQ_PAGES reverse command

      Add MIG_RP_MSG_REQ_PAGES command on Return path for the postcopy
      destination to request a page from the source.

      Two versions exist:
         MIG_RP_MSG_REQ_PAGES_ID that includes a RAMBlock name and start/len
         MIG_RP_MSG_REQ_PAGES that just has start/len for use with the same
                              RAMBlock as a previous MIG_RP_MSG_REQ_PAGES_ID

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit b10ac0c42cef8829cd1461ce20f1869231b5f41f
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:06 2015 +0000

      Postcopy: End of iteration

      The end of migration in postcopy is a bit different since some of
      the things normally done at the end of migration have already been
      done on the transition to postcopy.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 1d34e4bf6a34f12b9ca387301b863b59f14d38ed
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:05 2015 +0000

      Postcopy: Postcopy startup in migration thread

      Rework the migration thread to setup and start postcopy.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit f0a227ade4b0331c9e12fc01f8b74e2531fd496d
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:04 2015 +0000

      postcopy: ram_enable_notify to switch on userfault

      Mark the area of RAM as 'userfault'
      Start up a fault-thread to handle any userfaults we might receive
      from it (to be filled in later)

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 1caddf8a819d83027d897997c0af10c426f88633
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:03 2015 +0000

      postcopy: Incoming initialisation

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit e0b266f01dd21748c12f35e18e6f300035f2f336
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:02 2015 +0000

      migration_completion: Take current state

      Soon we'll be in either ACTIVE or POSTCOPY_ACTIVE when we
      complete migration, and we need to know which we expect to be
      in to change state safely.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit f3f491fcd6dd594ba695b7da5ecbdacb4e84b364
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:01 2015 +0000

      Postcopy: Maintain unsentmap

      Maintain an 'unsentmap' of pages that have yet to be sent.
      This is used in the following patches to discard some set of
      the pages already sent as we enter postcopy mode.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 763c906b0ee964e4b5c529a4ee171723339644cc
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:11:00 2015 +0000

      Add qemu_savevm_state_complete_postcopy

      Add qemu_savevm_state_complete_postcopy to complement
      qemu_savevm_state_complete_precopy together with a new
      save_live_complete_postcopy method on devices.

      The save_live_complete_precopy method is called on
      all devices during a precopy migration, and all non-postcopy
      devices during a postcopy migration at the transition.

      The save_live_complete_postcopy method is called at
      the end of postcopy for all postcopiable devices.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 8421b205ddb70314c0de2aa3222aed755f310f87
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:59 2015 +0000

      Avoid sending vmdescription during postcopy

      VMDescription is normally sent at the end, after all
      of the devices; however that's not the end for postcopy,
      so just don't send it when in postcopy.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 9ec055ae29df5132f61757519ab57b6b4209baa4
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:58 2015 +0000

      MIGRATION_STATUS_POSTCOPY_ACTIVE: Add new migration state

      'MIGRATION_STATUS_POSTCOPY_ACTIVE' is entered after migrate_start_postcopy

      'migration_in_postcopy' is provided for other sections to know if
      they're in postcopy.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 36f48567b82e3160bc0df87b8b4f239d55ca73e9
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:57 2015 +0000

      migration_completion: Take current state

      Soon we'll be in either ACTIVE or POSTCOPY_ACTIVE when we
      complete migration, and we need to know which we expect to be
      in to change state safely.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 4886a1bcb7d7a88da02eefb0f33327c613ac52a3
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:56 2015 +0000

      migrate_start_postcopy: Command to trigger transition to postcopy

      Once postcopy is enabled (with migrate_set_capability), the migration
      will still start on precopy mode.  To cause a transition into postcopy
      the:

        migrate_start_postcopy

      command must be issued.  Postcopy will start sometime after this
      (when it's next checked in the migration loop).

      Issuing the command before migration has started will error,
      and issuing after it has finished is ignored.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit eb59db53a4f23420f127ec7aad2a672f787df697
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:55 2015 +0000

      postcopy: OS support test

      Provide a check to see if the OS we're running on has all the bits
      needed for postcopy.

      Creates postcopy-ram.c which will get most of the other helpers we need.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit c31b098f64c5bbbc26350b9b5cf98ae2d2888de7
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:54 2015 +0000

      Modify save_live_pending for postcopy

      Modify save_live_pending to return separate postcopiable and
      non-postcopiable counts.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 11cf1d984b86b294972cd25df6286e5b2e98735d
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:53 2015 +0000

      MIG_CMD_PACKAGED: Send a packaged chunk of migration stream

      MIG_CMD_PACKAGED is a migration command that wraps a chunk of migration
      stream inside a package whose length can be determined purely by reading
      its header.  The destination guarantees that the whole MIG_CMD_PACKAGED
      is read off the stream prior to parsing the contents.

      This is used by postcopy to load device state (from the package)
      while leaving the main stream free to receive memory pages.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 093e3c429693f87fb917424c637ad8f599bd9e67
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:52 2015 +0000

      Add wrappers and handlers for sending/receiving the postcopy-ram 
migration messages.

      The state of the postcopy process is managed via a series of messages;
         * Add wrappers and handlers for sending/receiving these messages
         * Add state variable that track the current state of postcopy

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 53dd370ced9b61a8113fc1c19ac8d61ca572a29c
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:51 2015 +0000

      Add migration-capability boolean for postcopy-ram.

      The 'postcopy ram' capability allows postcopy migration of RAM;
      note that the migration starts off in precopy mode until
      postcopy mode is triggered (see the migrate_start_postcopy
      patch later in the series).

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 7b89bf279f16c093ed46845b8e6e0fb61b7ef639
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:50 2015 +0000

      Rework loadvm path for subloops

      Postcopy needs to have two migration streams loading concurrently;
      one from memory (with the device state) and the other from the fd
      with the memory transactions.

      Split the core of qemu_loadvm_state out so we can use it for both.

      Allow the inner loadvm loop to quit and cause the parent loops to
      exit as well.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 70b2047774231ba2cb672eb936e12f603fa644aa
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:49 2015 +0000

      Return path: Source handling of return path

      Open a return path, and handle messages that are received upon it.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit f6844b99ce08e836d509ec4be2fbfc5ab13ac18f
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:48 2015 +0000

      migration_is_setup_or_active

      Add 'migration_is_setup_or_active' utility function to check state.
      (It gets postcopy added to it's list later on in the series)

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 6decec931149ae50d84e2b264bf93f3676d5b3f9
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:47 2015 +0000

      Return path: Send responses from destination to source

      Add migrate_send_rp_message to send a message from destination to source 
along the return path.
        (It uses a mutex to let it be called from multiple threads)
      Add migrate_send_rp_shut to send a 'shut' message to indicate
        the destination is finished with the RP.
      Add migrate_send_rp_ack to send a 'PONG' message in response to a PING
        Use it in the MSG_RP_PING handler

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 2e37701efdba7bb89f7159eff055bb71dbb9f02f
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:46 2015 +0000

      Return path: Control commands

      Add two src->dest commands:
         * OPEN_RETURN_PATH - To request that the destination open the return 
path
         * PING - Request an acknowledge from the destination

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit c76ca1888f49b4155a9de5a915dc9f814800c817
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:45 2015 +0000

      Migration commands

      Create QEMU_VM_COMMAND section type for sending commands from
      source to destination.  These commands are not intended to convey
      guest state but to control the migration process.

      For use in postcopy.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 3e4097b564386b1fd1b62f2cd20e056d4b3403da
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:44 2015 +0000

      Return path: socket_writev_buffer: Block even on non-blocking fd's

      The destination sets the fd to non-blocking on incoming migrations;
      this also affects the return path from the destination, and thus we
      need to make sure we can safely write to the return path.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit a1a88589dc982f9f8b6c717c2ac98dd71dd4353d
  Merge: a8b4f95 577bf80
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 10 13:55:07 2015 +0000

      Merge remote-tracking branch 
'remotes/pmaydell/tags/pull-target-arm-20151110' into staging

      target-arm queue:
       * fix bugs in gdb singlestep handling and breakpoints
       * minor code cleanup in arm_gic
       * clean up error messages in hw/arm/virt
       * fix highbank kernel booting by adding a board-setup blob

      # gpg: Signature made Tue 10 Nov 2015 13:43:52 GMT using RSA key ID 
14360CDE
      # gpg: Good signature from "Peter Maydell <peter.maydell@xxxxxxxxxx>"
      # gpg:                 aka "Peter Maydell <pmaydell@xxxxxxxxx>"
      # gpg:                 aka "Peter Maydell 
<pmaydell@xxxxxxxxxxxxxxxxxxxxxx>"

      * remotes/pmaydell/tags/pull-target-arm-20151110:
        target-arm: Clean up DISAS_UPDATE usage in AArch32 translation code
        hw/arm/virt: error_report cleanups
        arm: highbank: Implement PSCI and dummy monitor
        arm: highbank: Defeature CPU override
        arm: boot: Add secure_board_setup flag
        hw/intc/arm_gic: Remove the definition of NUM_CPU
        target-arm: Fix gdb singlestep handling in arm_debug_excp_handler()

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit adc468e9b9ad866cd95b1e567291f9dcc1f49f1c
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:43 2015 +0000

      Return path: Open a return path on QEMUFile for sockets

      Postcopy needs a method to send messages from the destination back to
      the source, this is the 'return path'.

      Wire it up for 'socket' QEMUFile's.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit c1fcf220c95b17f1a05adb799824d2c352ff9281
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:42 2015 +0000

      Add Linux userfaultfd.h header

      Postcopy uses the userfaultfd.h feature in the Linux kernel; include
      the header.

      (In early versions of the patch series we had this, and then we dropped
      this by only including it if the kernel headers defined the syscall
      number; however 1842bdfd added the syscall definition to our
      headers, which means we can't tell if the kernel has it or not)

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit a3e06c3d13b77a2534894dcebbc6ac08568dbe73
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:41 2015 +0000

      Rename save_live_complete to save_live_complete_precopy

      In postcopy we're going to need to perform the complete phase
      for postcopiable devices at a different point, start out by
      renaming all of the 'complete's to make the difference obvious.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit aefeb18bde45fa629e3055a7bb6637a7dcad8c36
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:40 2015 +0000

      migrate_init: Call from savevm

      Suspend to file is very much like a migrate, and it makes life
      easier if we have the Migration state available, so initialise it
      in the savevm.c code for suspending.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewd-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit a776aa15a7e3e08964c6c537314b9590dde27b4d
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:39 2015 +0000

      ram_load: Factor out host_from_stream_offset call and check

      The main RAM load loop has a call to host_from_stream_offset for
      each page type that actually loads data with the same test;
      factor it out before the switch.

      The host = NULL is to silence a bogus gcc warning of
      an unitialised in the RAM_SAVE_COMPRESS_PAGE case, it
      doesn't seem to realise that host is always initialised by the if at
      the top in the cases the switch takes.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 4f2e425267327719ee71ba6f191f7d66507a6c02
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:38 2015 +0000

      ram_debug_dump_bitmap: Dump a migration bitmap as text

      Useful for debugging the migration bitmap and other bitmaps
      of the same format (including the sentmap in postcopy).

      The bitmap is printed to stderr.
      Lines that are all the expected value are excluded so the output
      can be quite compact for many bitmaps.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit ebf811500bc8dffa906ebd4c52b96f7620d7bf8e
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:37 2015 +0000

      Add QEMU_MADV_NOHUGEPAGE

      Add QEMU_MADV_NOHUGEPAGE as an OS-independent version of
      MADV_NOHUGEPAGE.

      We include sys/mman.h before making the test to ensure
      that we pick up the system defines.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit a800cd5c38ba4ac20fe9ca68a6dee408f2d5b11f
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:36 2015 +0000

      Add wrapper for setting blocking status on a QEMUFile

      Add a wrapper to change the blocking status on a QEMUFile
      rather than having to use qemu_set_block(qemu_get_fd(f));
      it seems best to avoid exposing the fd since not all QEMUFile's
      really have one.  With this wrapper we could move the implementation
      down to be different on different transports.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 9504fb510c87c3dd6fe2e9a25e84c1426672f226
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:35 2015 +0000

      Add qemu_get_buffer_in_place to avoid copies some of the time

      qemu_get_buffer always copies the data it reads to a users buffer,
      however in many cases the file buffer inside qemu_file could be given
      back to the caller, avoiding the copy.  This isn't always possible
      depending on the size and alignment of the data.

      Thus 'qemu_get_buffer_in_place' either copies the data to a supplied
      buffer or updates a pointer to the internal buffer if convenient.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 42e2aa56372291d35345fcec85d5da2004c8b57c
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:34 2015 +0000

      Rename mis->file to from_src_file

      'file' becomes confusing when you have flows in each direction;
      rename to make it clear.
      This leaves just the main forward direction ms->file, which is used
      in a lot of places and is probably not worth renaming given the churn.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit e3dd74934f2d2c8c67083995928ff68e8c1d0030
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:33 2015 +0000

      qemu_ram_block_by_name

      Add a function to find a RAMBlock by name; use it in two
      of the places that already open code that loop; we've
      got another use later in postcopy.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 422148d3e56c3c9a07c0cf36c1e0a0b76f09c357
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:32 2015 +0000

      qemu_ram_block_from_host

      Postcopy sends RAMBlock names and offsets over the wire (since it can't
      rely on the order of ramaddr being the same), and it starts out with
      HVA fault addresses from the kernel.

      qemu_ram_block_from_host translates a HVA into a RAMBlock, an offset
      in the RAMBlock and the global ram_addr_t value.

      Rewrite qemu_ram_addr_from_host to use qemu_ram_block_from_host.

      Provide qemu_ram_get_idstr since its the actual name text sent on the
      wire.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 87f50caa30ae7449c5875ff3171cff4d8648569a
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:31 2015 +0000

      Move page_size_init earlier

      The HOST_PAGE_ALIGN macros don't work until the page size variables
      have been set up; later in postcopy I use those macros in the RAM
      code, and it can be triggered using -object.

      Fix this by initialising page_size_init() earlier - it's currently
      initialised inside the accelerators, move it up into vl.c.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 172dfd4faf2b64720db8a2dad7048056f2b81d75
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:30 2015 +0000

      Move configuration section writing

      The vmstate_configuration is currently written
      in 'qemu_savevm_state_begin', move it to
      'qemu_savevm_state_header' since it's got a hard
      requirement that it must be the 1st thing after
      the header.
      (In postcopy some 'command' sections get sent
      early before the saving of the main sections
      and hence before qemu_savevm_state_begin).

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 038629a699240326928665ea97e6e11059bbc007
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:29 2015 +0000

      Provide runtime Target page information

      The migration code generally is built target-independent, however
      there are a few places where knowing the target page size would
      avoid artificially moving stuff into migration/ram.c.

      Provide 'qemu_target_page_bits()' that returns TARGET_PAGE_BITS
      to other bits of code so that they can stay target-independent.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 2bfdd1c8a6ac22ee1f9209c247509ff0cadd2a52
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Nov 5 18:10:28 2015 +0000

      Add postcopy documentation

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 577bf808958d06497928c639efaa473bf8c5e099
  Author: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
  Date:   Tue Nov 10 13:37:33 2015 +0000

      target-arm: Clean up DISAS_UPDATE usage in AArch32 translation code

      AArch32 translation code does not distinguish between DISAS_UPDATE and
      DISAS_JUMP. Thus, we cannot use any of them without first updating PC in
      CPU state. Furthermore, it is too complicated to update PC in CPU state
      before PC gets updated in disas context. So it is hardly possible to
      correctly end TB early if is is not likely to be executed before calling
      disas_*_insn(), e.g. just after calling breakpoint check helper.

      Modify DISAS_UPDATE and DISAS_JUMP usage in AArch32 translation and
      apply to them the same semantic as AArch64 translation does:
       - DISAS_UPDATE: update PC in CPU state when finishing translation
       - DISAS_JUMP:   preserve current PC value in CPU state when finishing
                       translation

      This patch fixes a bug in AArch32 breakpoint handling: when
      check_breakpoints helper does not generate an exception, ending the TB
      early with DISAS_UPDATE couldn't update PC in CPU state and execution
      hangs.

      Signed-off-by: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
      Message-id: 1447097859-586-1-git-send-email-serge.fdrv@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit faa811f6de44d58180f5d235787678dcdd4b2e9d
  Author: Andrew Jones <drjones@xxxxxxxxxx>
  Date:   Tue Nov 10 13:37:33 2015 +0000

      hw/arm/virt: error_report cleanups

      Signed-off-by: Andrew Jones <drjones@xxxxxxxxxx>
      Reviewed-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-id: 1446909925-12201-1-git-send-email-drjones@xxxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 40340e5f221935723bffbca305f3090e8866c818
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Tue Nov 10 13:37:33 2015 +0000

      arm: highbank: Implement PSCI and dummy monitor

      Firstly, enable monitor mode and PSCI, both of which are features of
      this board.

      In addition to PSCI, this board also uses SMC for cache maintenance
      ops. This means we need a secure monitor to catch these and nop them.
      Use the ARM boot board-setup feature to implement this. The SMC trap
      implements the needed nop while all other traps will pen the CPU.

      As a KVM CPU cannot run in secure mode, do not do the board-setup if
      not running TCG. Report a warning explaining the limitation in this
      case.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Message-id: 
0fd0d12f0fa666c86616c89447861a70dbe27312.1447007690.git.crosthwaite.peter@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit dca6eeed8c2a1c131d161139428dd18a35e58b03
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Tue Nov 10 13:37:33 2015 +0000

      arm: highbank: Defeature CPU override

      This board should not support CPU model override. This allows for
      easier patching of the board with being able to rely on the CPU
      type being correct.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Message-id: 
471a61e049c7ca6e82f5ef6668889a1d518c7e00.1447007690.git.crosthwaite.peter@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit baf6b6815ba9ae8255eefd1ddf15216d53da34b5
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Tue Nov 10 13:37:33 2015 +0000

      arm: boot: Add secure_board_setup flag

      Add a flag that when set, will cause the primary CPU to start in secure
      mode, even if the overall boot is non-secure. This is useful for when
      there is a board-setup blob that needs to run from secure mode, but
      device and secondary CPU init should still be done as-normal for a non-
      secure boot.

      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Message-id: 
d1170774d5446d715fced7739edfc61a5be931f9.1447007690.git.crosthwaite.peter@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit b95690c9beaffd95edf91eb67829dc1e0a81e666
  Author: Wei Huang <wei@xxxxxxxxxx>
  Date:   Tue Nov 10 13:37:33 2015 +0000

      hw/intc/arm_gic: Remove the definition of NUM_CPU

      arm_gic.c retrieves CPU number using either NUM_CPU(s) or s->num_cpu.
      Such mixed-uses make source code inconsistent. This patch removes
      NUM_CPU(s), which was defined for MPCore tweak long ago, and instead
      favors s->num_cpu. The source is more consistent after this small tweak.

      Reviewed-by: Andreas Färber <afaerber@xxxxxxx>
      Signed-off-by: Wei Huang <wei@xxxxxxxxxx>
      Reviewed-by: Michael Tokarev <mjt@xxxxxxxxxx>
      Message-id: 1446744293-32365-1-git-send-email-wei@xxxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 5c629f4ff4dc9ae79cc732f59a8df15ede796ff7
  Author: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
  Date:   Tue Nov 10 13:37:32 2015 +0000

      target-arm: Fix gdb singlestep handling in arm_debug_excp_handler()

      Do not raise a CPU exception if no CPU breakpoint has fired, since
      singlestep is also done by generating a debug internal exception. This
      fixes a bug with singlestepping in gdbstub.

      Signed-off-by: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
      Message-id: 1446726361-18328-1-git-send-email-serge.fdrv@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit a8b4f9585a0bf5186fca793ce2c5d754cd8ec49a
  Merge: ce27861 f545504
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 10 09:39:24 2015 +0000

      Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-11-10' 
into staging

      QAPI patches

      # gpg: Signature made Tue 10 Nov 2015 07:12:25 GMT using RSA key ID 
EB918653
      # gpg: Good signature from "Markus Armbruster <armbru@xxxxxxxxxx>"
      # gpg:                 aka "Markus Armbruster <armbru@xxxxxxxxxxxx>"

      * remotes/armbru/tags/pull-qapi-2015-11-10:
        qapi-introspect: Document lack of sorting
        qapi: Provide nicer array names in introspection
        qapi: More tests of input arrays
        qapi: Test failure in middle of array parse
        qapi: More tests of alternate output
        qapi: Simplify error cleanup in test-qmp-*
        qapi: Simplify non-error testing in test-qmp-*
        qapi: Plug leaks in test-qmp-*
        qapi: Share test_init code in test-qmp-input*
        qobject: Protect against use-after-free in qobject_decref()
        qapi: Strengthen test of TestStructList
        qapi: Use generated TestStruct machinery in tests

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit f5455044201747fd72531f5e8c1b1e9c56573d9c
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 5 23:35:36 2015 -0700

      qapi-introspect: Document lack of sorting

      qapi-code-gen.txt already claims that types, commands, and
      events share a common namespace; set this in stone by further
      documenting that our introspection output will never have
      collisions with the same name tied to more than one meta-type.

      Our largest QMP enum currently has 125 values, our largest
      object type has 27 members, and the mean for each is less than
      10.  These sizes are small enough that the per-element overhead
      of O(log n) binary searching probably outweighs the speed
      possible with direct O(n) linear searching (a better algorithm
      with more overhead will only beat a leaner naive algorithm only
      as you scale to larger input sizes).

      Arguably, the overall SchemaInfo array could be sorted by name;
      there, we currently have 531 entities, large enough for a binary
      search to be faster than linear.  However, remember that we have
      mutually-recursive types, which means there is no topological
      ordering that will allow clients to learn all information about
      that type in a single linear pass; thus clients will want to do
      random access over the data, and they will probably read the
      introspection output into a hashtable for O(1) lookup rather
      than O(log n) binary searching, at which point, pre-sorting our
      introspection output doesn't help the client.

      It doesn't help that sorting can be subjective if you introduce
      locales into the mix (I'm not experienced enough with Python
      to know for sure, but at least it looks like it defaults to
      sorting in the C locale even when run under a different locale).
      And while our current introspection output is deterministic
      (because we visit entities in a sorted order), we may want
      to change that order in the future (such as using OrderedDict
      to stick to .json declaration order).

      For these reasons, we simply document that clients should not
      rely on any particular order of items in introspection output.
      And since it is now a documented part of the contract, we have
      the freedom to later rearrange output if needed, without
      worrying about breaking well-written clients.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1446791754-23823-13-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit ce5fcb472d512455a8d13fae4c04ecf8eb00573b
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 5 23:35:35 2015 -0700

      qapi: Provide nicer array names in introspection

      For the sake of humans reading introspection output, it is nice
      to have the name of implicit array types be recognizable as
      arrays of the underlying type.  However, while this patch allows
      humans to skip from a command with return type "[123]" straight
      to the definition of type "123" without having to first inspect
      type "[123]", document that this shortcut should not be taken by
      client apps.

      This makes the resulting introspection string slightly larger by
      default (just over 200 bytes), but it's in the noise (less than
      0.3% of the overall 70k size of 'query-qmp-capabilities').

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1446791754-23823-12-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 2533377c7b0c686d1510ed6499cedf938607e805
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 5 23:35:34 2015 -0700

      qapi: More tests of input arrays

      Our testsuite had no coverage of empty arrays, nor of what
      happens when the input does not match the expected type.
      Useful to have, especially if we start changing the visitor
      contracts.

      I did not think it worth duplicating these additions to
      test-qmp-input-strict; since all strict mode does is add
      the ability to reject JSON input that has more keys than
      what the visitor expects, yet the additions in this patch
      error out earlier than that point regardless of whether
      strict mode was requested.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1446791754-23823-11-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit dd5ee2c2d3e3a17647ddd9bfa97935b8cb5dfa40
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 5 23:35:33 2015 -0700

      qapi: Test failure in middle of array parse

      Our generated list visitors have the same problem as has been
      mentioned elsewhere (see commit 2f52e20): they allocate data
      even on failure. An upcoming patch will correct things to
      provide saner guarantees, but first we need to expose the
      behavior in the testsuite to ensure we aren't introducing any
      memory usage bugs.

      There are more test cases throughout the test-qmp-input-* tests
      that already deal with partial allocation; a later commit will
      clean up all visit_type_FOO(), without marking all of the tests
      with FIXME at this time.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1446791754-23823-10-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 12fafd7cedad51854c468ea0496a6542b3222b29
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 5 23:35:32 2015 -0700

      qapi: More tests of alternate output

      The testsuite was only covering that we could output the 'int'
      branch of an alternate (no additional allocation/cleanup required).
      Add a test of the 'str' branch, to make sure that things still
      work even when a branch involves allocation.

      Update to modern style of g_new0() over g_malloc0() while
      touching it.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1446791754-23823-9-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit a12a5a1a0132527afe87c079e4aae4aad372bd94
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 5 23:35:31 2015 -0700

      qapi: Simplify error cleanup in test-qmp-*

      We have several tests that perform multiple sub-actions that are
      expected to fail.  Asserting that an error occurred, then clearing
      it up to prepare for the next action, turned into enough
      boilerplate that it was sometimes forgotten (for example, a number
      of tests added to test-qmp-input-visitor.c in d88f5fd leaked err).
      Worse, if an error is not reset to NULL, we risk invalidating
      later use of that error (passing a non-NULL err into a function
      is generally a bad idea).  Encapsulate the boilerplate into a
      single helper function error_free_or_abort(), and consistently
      use it.

      The new function is added into error.c for use everywhere,
      although it is anticipated that testsuites will be the main
      client.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit ce278618b088afd10b91a05311eaeb6401bb5004
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Nov 9 15:14:09 2015 +0000

      configure: Don't disable optimization for non-fortify builds

      Commit b553a0428014636bc inadvertently disabled optimization
      for all non-fortify builds. Fix this bug so we only do an
      unoptimized build if we want debug.

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Message-id: 1447082049-25099-1-git-send-email-peter.maydell@xxxxxxxxxx

  commit d17008bc2914d62fd0af6a8f313604ae9f9a102c
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Nov 9 14:56:31 2015 +0000

      hw/timer/hpet.c: Avoid signed integer overflow which results in bugs on 
OSX

      Signed integer overflow in C is undefined behaviour, and the compiler
      is at liberty to assume it can never happen and optimize accordingly.
      In particular, the subtractions in hpet_time_after() and 
hpet_time_after64()
      were causing OSX clang to optimize the code such that it was prone to
      hangs and complaints about the main loop stalling (presumably because
      we were spending all our time trying to service very high frequency
      HPET timer callbacks). The clang sanitizer confirms the UB:

      hw/timer/hpet.c:119:26: runtime error: signed integer overflow: 
-2146967296 - 2147003978 cannot be represented in type 'int'

      Fix this by doing the subtraction as an unsigned operation and then
      converting to signed for the comparison.

      Reported-by: Aaron Elkins <threcius@xxxxxxxxx>
      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Message-id: 1447080991-24995-1-git-send-email-peter.maydell@xxxxxxxxxx

  commit 3f66f764ee25f10d3e1144ebc057a949421b7728
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 5 23:35:30 2015 -0700

      qapi: Simplify non-error testing in test-qmp-*

      By using &error_abort, we can avoid a local err variable in
      situations where we expect success.  It also has the nice
      effect that if the test breaks, the error message from
      error_abort tends to be nicer than that of g_assert().

      This patch has an additional bonus of fixing several call sites that
      were passing &err to two different functions without checking it in
      between.  In general that is unsafe practice; because if the first
      function sets an error, the second function could abort() if it tries to
      set a different error. We got away with it because we were asserting
      that err was NULL through the entire chain, but switching to
      &error_abort avoids the questionable practice up front.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1446791754-23823-7-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit b18f1141d0afa00de11a8e079f4f5305c9e36893
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 5 23:35:29 2015 -0700

      qapi: Plug leaks in test-qmp-*

      Make valgrind happy with the current state of the tests, so that
      it is easier to see if future patches introduce new memory problems
      without being drowned in noise.  Many of the leaks were due to
      calling a second init without tearing down the data from an earlier
      visit.  But since teardown is already idempotent, and we already
      register teardown as part of input_visitor_test_add(), it is nicer
      to just make init() safe to call multiple times than it is to have
      to make all tests call teardown.

      Another common leak was forgetting to clean up an error object,
      after testing that an error was raised.

      Another leak was in test_visitor_in_struct_nested(), failing to
      clean the base member of UserDefTwo.  Cleaning that up left
      check_and_free_str() as dead code (since using the qapi_free_*
      takes care of recursion, and we don't want double frees).

      A final leak was in test_visitor_out_any(), which was reassigning
      the qobj local variable to a subset of the overall structure
      needing freeing; it did not result in a use-after-free, but
      was not cleaning up all the qdict.

      test-qmp-event and test-qmp-commands were already clean.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1446791754-23823-6-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 0920a17199d23b3def3a60fa1fbbdeadcdda452d
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 5 23:35:28 2015 -0700

      qapi: Share test_init code in test-qmp-input*

      Rather than duplicate the body of two functions just to
      decide between qobject_from_jsonv() and qobject_from_json(),
      exploit the fact that qobject_from_jsonv() intentionally
      takes 'va_list *' instead of the more common 'va_list', and
      that qobject_from_json() just calls qobject_from_jsonv(,NULL).
      For each file, our two existing init functions then become
      thin wrappers around a new internal function, and future
      updates to initialization don't have to be duplicated.

      Suggested-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1446791754-23823-5-git-send-email-eblake@xxxxxxxxxx>
      [Two old comment typos fixed]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit cc9f60d4a2a4bf2578a9309a18f1c4602c9f5ce7
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 5 23:35:27 2015 -0700

      qobject: Protect against use-after-free in qobject_decref()

      Adding an assertion to qobject_decref() will ensure that a
      programming error causing use-after-free will result in
      immediate failure (provided no other thread has started
      using the memory) instead of silently attempting to wrap
      refcnt around and leaving the problem to potentially bite
      later at a harder point to diagnose.

      Suggested-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1446791754-23823-4-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit bd20588d19e9ff0e94b2d4ca3b5d6b3b3d6a1274
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 5 23:35:26 2015 -0700

      qapi: Strengthen test of TestStructList

      Make each list element different, to ensure that order is
      preserved, and use the generated free function instead of
      hand-rolling our own to ensure (under valgrind) that the
      list is properly cleaned.

      Suggested-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1446791754-23823-3-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 748053c97b11039f657525fd7d57a39806d8083e
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Thu Nov 5 23:35:25 2015 -0700

      qapi: Use generated TestStruct machinery in tests

      Commit d88f5fd and friends first introduced the various test-qmp-*
      tests in 2011, with duplicated hand-rolled TestStruct machinery,
      to make sure the qapi visitor interface was tested.  Later, commit
      4f193e3 in 2013 added a .json file for further testing use by the
      files, but without consolidating any of the existing hand-rolled
      visitors.  And with four copies, subtle differences have crept in,
      between the tests themselves (mainly whitespace differences, but
      also a question of whether to use NULL or "TestStruct" when
      calling visit_start_struct()) and from what the generator produces
      (the hand-rolled versions did not cater to partially-allocated
      objects, because they did not have a deallocation usage).

      Of course, just because the visitor interface is tested does not
      mean it is a sane interface; and future patches will be changing
      some of the visitor contracts.  Rather than having to duplicate
      the cleanup work in each copy of the TestStruct visitor, and keep
      each hand-rolled copy in sync with what the generator supplies, we
      might as well just test what the generator should give us in the
      first place.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1446791754-23823-2-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 9d5c1dc117d1ad881bbc76f6990ee1f9e9f8ef7f
  Merge: b3a9e57 84aa014
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Nov 9 11:20:51 2015 +0000

      Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
into staging

      # gpg: Signature made Mon 09 Nov 2015 10:08:17 GMT using RSA key ID 
81AB73C8
      # gpg: Good signature from "Stefan Hajnoczi <stefanha@xxxxxxxxxx>"
      # gpg:                 aka "Stefan Hajnoczi <stefanha@xxxxxxxxx>"

      * remotes/stefanha/tags/block-pull-request:
        blockdev: acquire AioContext in hmp_commit()
        monitor: add missed aio_context_acquire into vm_completion call
        aio: Introduce aio-epoll.c
        aio: Introduce aio_context_setup
        aio: Introduce aio_external_disabled
        dataplane: support non-contigious s/g
        dataplane: simplify indirect descriptor read

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 84aa0140dd4f04f5d993f0db14c40da8d3de2706
  Author: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
  Date:   Wed Nov 4 20:27:23 2015 +0300

      blockdev: acquire AioContext in hmp_commit()

      This one slipped through.  Although we acquire AioContext when
      committing all devices we don't for just a single device.

      AioContext must be acquired before calling bdrv_*() functions to
      synchronize access with other threads that may be using the AioContext.

      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 6bf1faa84877514971a20bb180b0ae5270bee571
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Wed Nov 4 20:19:42 2015 +0300

      monitor: add missed aio_context_acquire into vm_completion call

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      CC: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      CC: Kevin Wolf <kwolf@xxxxxxxxxx>
      CC: Luiz Capitulino <lcapitulino@xxxxxxxxxx>
      CC: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit fbe3fc5cb3cd9f9064e98c549684e821c353fe41
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 30 12:06:29 2015 +0800

      aio: Introduce aio-epoll.c

      To minimize code duplication, epoll is hooked into aio-posix's
      aio_poll() instead of rolling its own. This approach also has both
      compile-time and run-time switchability.

      1) When QEMU starts with a small number of fds in the event loop, ppoll
      is used.

      2) When QEMU starts with a big number of fds, or when more devices are
      hot plugged, epoll kicks in when the number of fds hits the threshold.

      3) Some fds may not support epoll, such as tty based stdio. In this
      case, it falls back to ppoll.

      A rough benchmark with scsi-disk on virtio-scsi dataplane (epoll gets
      enabled from 64 onward). Numbers are in MB/s.

      ===============================================
                   |     master     |     epoll
                   |                |
      scsi disks # | read    randrw | read    randrw
      -------------|----------------|----------------
      1            | 86      36     | 92      45
      8            | 87      43     | 86      41
      64           | 71      32     | 70      38
      128          | 48      24     | 58      31
      256          | 37      19     | 57      28
      ===============================================

      To comply with aio_{disable,enable}_external, we always use ppoll when
      aio_external_disabled() is true.

      [Removed #ifdef CONFIG_EPOLL around AioContext epollfd field declaration
      since the field is also referenced outside CONFIG_EPOLL code.
      --Stefan]

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1446177989-6702-4-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 37fcee5d1154b7a03c13582e128bcc31ad43e954
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 30 12:06:28 2015 +0800

      aio: Introduce aio_context_setup

      This is the place to initialize platform specific bits of AioContext.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1446177989-6702-3-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 5ceb9e39284b69d2e1b01da3cb1894ad4b2b4606
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 30 12:06:27 2015 +0800

      aio: Introduce aio_external_disabled

      This allows AioContext users to check the enable/disable state of
      external clients.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1446177989-6702-2-git-send-email-famz@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 8347c53243b58ad5e4d623d2403853404e9043a1
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Wed Oct 28 17:48:04 2015 +0200

      dataplane: support non-contigious s/g

      bring_map currently fails if one of the entries it's mapping is
      contigious in GPA but not HVA address space.  Introduce a mapped_len
      parameter so it can handle this, returning the actual mapped length.

      This will still fail if there's no space left in the sg, but luckily max
      queue size in use is currently 256, while max sg size is 1024, so we
      should be OK even is all entries happen to cross a single DIMM boundary.

      Won't work well with very small DIMM sizes, unfortunately:
      e.g. this will fail with 4K DIMMs where a single
      request might span a large number of DIMMs.

      Let's hope these are uncommon - at least we are not breaking things.

      Reported-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reported-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Message-id: 1446047243-3221-2-git-send-email-mst@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 572ec519ed6fe68f10ec65963527536c2322eab0
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Wed Oct 28 17:48:02 2015 +0200

      dataplane: simplify indirect descriptor read

      Use address_space_read to make sure we handle the case of an indirect
      descriptor crossing DIMM boundary correctly.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Tested-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Message-id: 1446047243-3221-1-git-send-email-mst@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit b3a9e57d92dff7dd5822f322e4eb49af9e1b70b8
  Merge: c4a7bf5 0c47242
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Sat Nov 7 21:41:33 2015 +0000

      Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' 
into staging

      target-i386: tcg: Handle clflushopt/clwb/pcommit instructions

      A small update to TCG code so it can handle the new
      clflushopt/clwb/pcommit instructions.

      # gpg: Signature made Sat 07 Nov 2015 14:50:54 GMT using RSA key ID 
984DC5A6
      # gpg: Good signature from "Eduardo Habkost <ehabkost@xxxxxxxxxx>"

      * remotes/ehabkost/tags/x86-pull-request:
        target-i386: Add clflushopt/clwb/pcommit to TCG_7_0_EBX_FEATURES
        target-i386: tcg: Check right CPUID bits for clflushopt/pcommit
        target-i386: tcg: Accept clwb instruction

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit c4a7bf54e588ff2de9fba0898b686156251b2063
  Merge: 4b59f39 dca6257
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Sat Nov 7 19:55:15 2015 +0000

      Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into 
staging

      # gpg: Signature made Fri 06 Nov 2015 20:01:44 GMT using RSA key ID 
AAFC390E
      # gpg: Good signature from "John Snow (John Huston) <jsnow@xxxxxxxxxx>"

      * remotes/jnsnow/tags/ide-pull-request:
        arm: allwinner-a10: Add SATA
        ahci: Add allwinner AHCI
        ahci: split realize and init
        ahci: Add some MMIO debug printfs
        ide: remove hardcoded 2GiB transactional limit

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit dca625768a7da9377cd5886cc03854229c1e18a1
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Fri Nov 6 14:09:01 2015 -0500

      arm: allwinner-a10: Add SATA

      Add the Allwinner A10 AHCI controller module to the SoC.

      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 
69d6962f2d14a218bd07e9ac4ccd1947737cc30f.1445917756.git.crosthwaite.peter@xxxxxxxxx
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

  commit 377e2145392e5787d35e58d643bd3de4838006b4
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Fri Nov 6 14:09:01 2015 -0500

      ahci: Add allwinner AHCI

      Add a Sysbus AHCI subclass for the Allwinner AHCI. It has a few extra
      vendor specific registers which are used for phy and power init.

      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 
833b5b05ed5ade38bf69656679b0a7575e79492b.1445917756.git.crosthwaite.peter@xxxxxxxxx
      [resolved patch context on pull --js]
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

  commit 0487eea48ecc6e525d6e626d94da54e203089a95
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Fri Nov 6 14:09:00 2015 -0500

      ahci: split realize and init

      Do the init level tasks asap and the realize later (mainly when
      num_ports is available). This allows sub-class realize routines
      to work with the device post-init.

      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 
1a7c7b2b32e5ccf49373a5065da5ece89730d3ac.1445917756.git.crosthwaite.peter@xxxxxxxxx
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

  commit 802742670df73773c0dbaa251c63e4561cc794a1
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Fri Nov 6 14:09:00 2015 -0500

      ahci: Add some MMIO debug printfs

      These are useful for bringup of AHCI.

      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 
517ba413dce7deb4ab17c0cc1e8bbdaaace2a0db.1445917756.git.crosthwaite.peter@xxxxxxxxx
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>

  commit 9fbf0fa81fca8f527669dd4fa72662d66e7d6329
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Fri Nov 6 14:09:00 2015 -0500

      ide: remove hardcoded 2GiB transactional limit

      Not that you can request a >2GiB transaction, but that's why checking
      for it makes no sense anymore.

      With the newer 'limit' parameter to prepare_buf, we no longer need a
      static limit. The maximum limit is still 2GiB, but the limit parameter
      is set to the current transaction size, which cannot surpass 32MiB
      (512 * 65536). If the PRDT surpasses the transactional size, then,
      we'll just carry out the normative underflow handling pathways instead
      of needing an extra, strange pathway that worries about hitting some
      logistical cap for the largest sglist we can support -- we'll never
      even attempt to build one that big anymore.

      Reported-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Acked-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Message-id: 1445902682-20051-1-git-send-email-jsnow@xxxxxxxxxx

  commit 0c47242b519a224279f13c685aa6e79347f97b85
  Author: Xiao Guangrong <guangrong.xiao@xxxxxxxxxxxxxxx>
  Date:   Thu Oct 29 15:31:39 2015 +0800

      target-i386: Add clflushopt/clwb/pcommit to TCG_7_0_EBX_FEATURES

      Now these instructions are handled by TCG and can be added to the
      TCG_7_0_EBX_FEATURES macro.

      Signed-off-by: Xiao Guangrong <guangrong.xiao@xxxxxxxxxxxxxxx>
      Reviewed-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 891bc821a3ee462b09b1ec436f2891f00ab1f85b
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Wed Nov 4 19:24:46 2015 -0200

      target-i386: tcg: Check right CPUID bits for clflushopt/pcommit

      Detect the clflushopt and pcommit instructions and check their
      corresponding feature flags, instead of checking CPUID_SSE and
      CPUID_CLFLUSH.

      Reviewed-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 5e1fac2dba7780e0cb2c022d4b39586af70bea0d
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Wed Nov 4 19:24:45 2015 -0200

      target-i386: tcg: Accept clwb instruction

      Accept the clwb instruction (66 0F AE /6) if its corresponding feature
      flag is enabled on CPUID[7].

      Reviewed-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 4b59f39bc9a03afcc74b2fa28da7c3189fca507c
  Merge: 9319738 bd54a9f
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Nov 6 12:50:24 2015 +0000

      Merge remote-tracking branch 
'remotes/mjt/tags/pull-trivial-patches-2015-11-06' into staging

      trivial patches for 2015-11-06

      # gpg: Signature made Fri 06 Nov 2015 12:42:43 GMT using RSA key ID 
A4C3D7DB
      # gpg: Good signature from "Michael Tokarev <mjt@xxxxxxxxxx>"
      # gpg:                 aka "Michael Tokarev <mjt@xxxxxxxxx>"
      # gpg:                 aka "Michael Tokarev <mjt@xxxxxxxxxx>"

      * remotes/mjt/tags/pull-trivial-patches-2015-11-06: (24 commits)
        tap-bsd: use user-specified tap device if it already exists
        qemu-sockets: do not test path with access() before unlinking
        taget-ppc: Fix read access to IBAT registers higher than IBAT3
        exec: avoid unnecessary cacheline bounce on ram_list.mru_block
        target-alpha: fix uninitialized variable
        ivshmem-server: fix possible OVERRUN
        pci-assign: do not test path with access() before opening
        qom/object: fix 2 comment typos
        configure: remove help string for 'vnc-tls' option
        usb: Use g_new() & friends where that makes obvious sense
        qxl: Use g_new() & friends where that makes obvious sense
        ui: Use g_new() & friends where that makes obvious sense
        bt: fix use of uninitialized variable seqlen
        hw/dma/pxa2xx: Remove superfluous memset
        linux-user/syscall: Replace g_malloc0 + memcpy with g_memdup
        tests/i44fx-test: No need for zeroing memory before memset
        hw/input/tsc210x: Remove superfluous memset
        xen: fix invalid assertion
        tests: ignore test-qga
        fix bad indentation in pcie_cap_slot_write_config()
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit bd54a9f9435c85de190a82019faef16c5ecf8e46
  Author: Ed Maste <emaste@xxxxxxxxxxx>
  Date:   Fri Oct 23 11:53:55 2015 -0400

      tap-bsd: use user-specified tap device if it already exists

      Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
      Signed-off-by: Ed Maste <emaste@xxxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit a2f31f180499593b5edb8ac5ab8ac1b92f0abcd4
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Wed Nov 4 14:48:47 2015 +0100

      qemu-sockets: do not test path with access() before unlinking

      Using access() is a time-of-check/time-of-use race condition.  It is
      okay to use them to provide better error messages, but that is pretty
      much it.

      This is not one such case; on the other hand, access() *will* skip
      unlink() for a non-existent path, so ignore ENOENT return values from
      the unlink() system call.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 3ede8f699645f4ca7cdbc40d8139e5a0275b4805
  Author: Julio Guerra <julio@xxxxxxxxxx>
  Date:   Wed Oct 14 19:43:19 2015 +0200

      taget-ppc: Fix read access to IBAT registers higher than IBAT3

      Fix the index used to read the IBAT's vector which results in IBAT0..3 
instead
      of IBAT4..N.

      The bug appeared by saving/restoring contexts including IBATs values.

      Signed-off-by: Julio Guerra <julio@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 68851b98e5bf6d397498b74f1776801274ab8d48
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Thu Oct 22 13:51:30 2015 +0200

      exec: avoid unnecessary cacheline bounce on ram_list.mru_block

      Whenever the MRU cache hits for the list of RAM blocks, qemu_get_ram_block
      does an unnecessary write that causes a processor cache line to bounce
      from one core to another.  This causes a performance hit.

      Reported-by: Emilio G. Cota <cota@xxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 74de807f794ac5201b2b3c38ddadeef84a676a97
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Oct 19 16:08:38 2015 +0200

      target-alpha: fix uninitialized variable

      I am not sure why the compiler does not catch it.  There is no
      semantic change since gen_excp returns EXIT_NORETURN, but the
      old code is wrong.

      Reported by Coverity.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 258133bda9a6f22ba436ef9b63b7c086cc80190b
  Author: Gonglei <arei.gonglei@xxxxxxxxxx>
  Date:   Mon Nov 2 09:13:48 2015 +0800

      ivshmem-server: fix possible OVERRUN

      >>>     CID 1337991:  Memory - illegal accesses  (OVERRUN)
      >>>     Decrementing "i". The value of "i" is now 65534.
      218         while (i--) {
      219             event_notifier_cleanup(&peer->vectors[i]);
      220         }

      Signed-off-by: Gonglei <arei.gonglei@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 6268520d7df9b3f183bb4397218c9287441bc04f
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Nov 2 15:17:37 2015 +0100

      pci-assign: do not test path with access() before opening

      Using access() is a time-of-check/time-of-use race condition.  It is
      okay to use them to provide better error messages, but that is pretty
      much it.

      In this case we can get the same error from fopen(), so just use
      strerror and errno there---which actually improves the error
      message most of the time.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit b30d80546421c6ea919096b596887f496c80af0a
  Author: Cao jin <caoj.fnst@xxxxxxxxxxxxxx>
  Date:   Tue Nov 3 10:36:42 2015 +0800

      qom/object: fix 2 comment typos

      Also change the misleading definition of macro OBJECT_CLASS_CHECK

      Signed-off-by: Cao jin <caoj.fnst@xxxxxxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 9f503153c78a23bcd44409cea64442c4ecd82ea5
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Tue Nov 3 11:34:31 2015 +0000

      configure: remove help string for 'vnc-tls' option

      The '--enable-vnc-tls' option to configure was removed in

        commit 3e305e4a4752f70c0b5c3cf5b43ec957881714f7
        Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
        Date:   Thu Aug 6 14:39:32 2015 +0100

          ui: convert VNC server to use QCryptoTLSSession

      This removes the corresponding help string.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 98f343395e937fa1db3a28dfb4f303f97cfddd6c
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 29 16:55:22 2015 +0100

      usb: Use g_new() & friends where that makes obvious sense

      g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
      for two reasons.  One, it catches multiplication overflowing size_t.
      Two, it returns T * rather than void *, which lets the compiler catch
      more type errors.

      This commit only touches allocations with size arguments of the form
      sizeof(T).  Same Coccinelle semantic patch as in commit b45c03f.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 9de68637dff05a18d0eafcff2737e551b70bc490
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 29 16:55:21 2015 +0100

      qxl: Use g_new() & friends where that makes obvious sense

      g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
      for two reasons.  One, it catches multiplication overflowing size_t.
      Two, it returns T * rather than void *, which lets the compiler catch
      more type errors.

      This commit only touches allocations with size arguments of the form
      sizeof(T).  Same Coccinelle semantic patch as in commit b45c03f.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit fedf0d35aafc4f1f1e5f6dbc80cb23ae1ae49f0b
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Tue Nov 3 17:12:03 2015 +0100

      ui: Use g_new() & friends where that makes obvious sense

      g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
      for two reasons.  One, it catches multiplication overflowing size_t.
      Two, it returns T * rather than void *, which lets the compiler catch
      more type errors.

      This commit only touches allocations with size arguments of the form
      sizeof(T).  Same Coccinelle semantic patch as in commit b45c03f.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 374ec0669a1aa3affac7850a16c6cad18221c439
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Oct 19 16:08:40 2015 +0200

      bt: fix use of uninitialized variable seqlen

      sdp_svc_match, sdp_attr_match and sdp_svc_attr_match read the last
      argument.  The only sensible way to change the code is to make that last
      argument "len" instead of "seqlen" which is the length of a subsequence
      in the previous "if" branch.

      To make the structure of the code clearer, use "else" instead of
      "else if".

      Reported by Coverity.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 1a13b27273cdc4f6fd18bc1e83950d47c6b5928b
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Fri Oct 9 17:56:35 2015 +0200

      hw/dma/pxa2xx: Remove superfluous memset

      g_malloc0 already clears the memory, so no need for
      the additional memset here. And while we're at it,
      also convert the g_malloc0 to the preferred g_new0.

      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit e9d49d518d5d2b0411ee2625e46662a6065a909c
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Fri Oct 9 17:56:38 2015 +0200

      linux-user/syscall: Replace g_malloc0 + memcpy with g_memdup

      No need to use g_malloc0 to zero the memory if we memcpy to
      the whole buffer afterwards anyway. Actually, there is even
      a function which combines both steps, g_memdup, so let's use
      this function here instead.

      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 112317867d573bb053d431f098060cf996d9b2e8
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Fri Oct 9 17:56:37 2015 +0200

      tests/i44fx-test: No need for zeroing memory before memset

      Change a g_malloc0 into g_malloc since the following
      memset fills the whole buffer anyway.

      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Reviewed-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit a6c6d827605e416f0e127a325ee1efc9cf16afa5
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Fri Oct 9 17:56:36 2015 +0200

      hw/input/tsc210x: Remove superfluous memset

      g_malloc0 already clears the memory, so no need for additional
      memsets here. And while we're at it, let's also remove the
      superfluous typecasts for the return values of g_malloc0
      and use the type-safe g_new0 instead.

      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 2c21ec3d1818cb0395b5a9b73128e6920d44def7
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Oct 19 16:08:39 2015 +0200

      xen: fix invalid assertion

      Asserting "true" is not that useful.

      Reported by Coverity.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Acked-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 3cd01b6ed8a1ae472f09cbcc47b7cba4d732f94c
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Oct 20 13:41:33 2015 -0600

      tests: ignore test-qga

      Commit 62c39b30 added a new test, but did not mark it for
      exclusion in .gitignore.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 6ba9fe86957c3c8febf74c2495d901ac4061a673
  Author: Cao jin <caoj.fnst@xxxxxxxxxxxxxx>
  Date:   Sun Oct 25 16:23:28 2015 +0800

      fix bad indentation in pcie_cap_slot_write_config()

      bad indentation conflicts with CODING_STYLE doc

      Signed-off-by: Cao jin <caoj.fnst@xxxxxxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 53d47be25a0c8bde5aa5b53625bc810f91c6271f
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 14:27:31 2015 -0600

      maint: Ignore ivshmem binaries

      Commit a75eb03b added ivshmem-client and ivshmem-server binaries,
      but did not mark them for exclusion in .gitignore.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit b21de19992cefdfef68217e50a8365ee5e535e10
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Thu Oct 15 10:54:15 2015 +0200

      hw/display/tcx: Remove superfluous OBJECT() typecasts

      The tcx_initfn() function is already supplied with an
      Object *obj pointer, so there is no need to cast the
      state pointer back to an Object pointer all over the
      place. And while we're at it, also remove the superfluous
      "return;" statement in this function.

      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Reviewed-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Acked-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 5accecb3a6b49d8ca79684179610583e9c7c1bf5
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Tue Oct 13 09:38:50 2015 +0200

      gdbstub: Fix buffer overflows in gdb_handle_packet()

      Some places in gdb_handle_packet() can get an arbitrary length (most
      times directly from the client) and either didn't check it at all or
      checked against the wrong value, potentially causing buffer overflows.

      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 3c15d3a45045de82c744c49ff471d4c7ba405187
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Mon Oct 12 12:54:57 2015 +0200

      hw/acpi/aml-build: remove useless glib version check

      2.22 is the minimum version required

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 9319738080faeb09876ce2017fcaea4937c475ee
  Merge: 3aa88b3 ee31299
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Nov 6 11:31:40 2015 +0000

      Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream-replay' 
into staging

      So here it is, let's see what happens.

      # gpg: Signature made Fri 06 Nov 2015 09:30:34 GMT using RSA key ID 
78C7AE83
      # gpg: Good signature from "Paolo Bonzini <bonzini@xxxxxxx>"
      # gpg:                 aka "Paolo Bonzini <pbonzini@xxxxxxxxxx>"

      * remotes/bonzini/tags/for-upstream-replay:
        replay: recording of the user input
        replay: command line options
        replay: replay blockers for devices
        replay: initialization and deinitialization
        replay: ptimer
        bottom halves: introduce bh call function
        replay: checkpoints
        icount: improve counting for record/replay
        replay: shutdown event
        replay: recording and replaying clock ticks
        replay: asynchronous events infrastructure
        replay: interrupts and exceptions
        cpu: replay instructions sequence
        cpu-exec: allow temporary disabling icount
        replay: introduce icount event
        replay: introduce mutex to protect the replay log
        replay: internal functions for replay log
        replay: global variables and function stubs

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 3aa88b31290c7cbbbae344efdece659194b95c70
  Author: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
  Date:   Mon Nov 2 14:06:23 2015 +0000

      configure: add missing --disable-modules option

      According to ./configure all options should have both --enable-foo and
      --disable-foo:

        # Always add --enable-foo and --disable-foo command line args.
        # Distributions want to ensure that several features are compiled in, 
and it
        # is impossible without a --enable-foo that exits if a feature is not 
found.

      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-id: 1446473183-24250-1-git-send-email-stefanha@xxxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 574418132355bae50e829eb7890c8ea5dcb53fd8
  Merge: 496c1b1 f7fda28
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Nov 6 10:10:15 2015 +0000

      Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' 
into staging

      X86 queue, 2015-11-05

      # gpg: Signature made Thu 05 Nov 2015 19:35:31 GMT using RSA key ID 
984DC5A6
      # gpg: Good signature from "Eduardo Habkost <ehabkost@xxxxxxxxxx>"

      * remotes/ehabkost/tags/x86-pull-request:
        target-i386: Enable clflushopt/clwb/pcommit instructions
        target-i386: Remove POPCNT from qemu64 and qemu32 CPU models
        target-i386: Remove ABM from qemu64 CPU model
        target-i386: Remove SSE4a from qemu64 CPU model
        target-i386: Set "check=off" by default on pc-*-2.4 and older

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit ee312992a323530ea2cda8680f3a34746c72db8f
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:25:24 2015 +0300

      replay: recording of the user input

      This records user input (keyboard and mouse events) in record mode and 
replays
      these input events in replay mode.

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162524.8676.11696.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>

  commit 4c27b859722089e0270fd4f41b4b3c63b6647439
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:25:18 2015 +0300

      replay: command line options

      This patch introduces command line options for enabling recording or 
replaying
      virtual machine behavior. These options are added to icount command line
      parameter. They include 'rr' which switches between record and replay
      and 'rrfile' for specifying the filename for replay log.

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162518.8676.70792.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>

  commit 0194749ac4131e1bed8e166c5d5cf541678ef204
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:25:13 2015 +0300

      replay: replay blockers for devices

      Some devices are not supported by record/replay subsystem.
      This patch introduces replay blocker which denies starting record/replay
      if such devices are included into the configuration.

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162512.8676.11367.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>

  commit 7615936ebf4e60c4565268a30df2356c841526f8
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:25:07 2015 +0300

      replay: initialization and deinitialization

      This patch introduces the functions for enabling the record/replay and for
      freeing the resources when simulator closes.

      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162507.8676.90232.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>

  commit 8a354bd935a800dd2d98ac8f30707e2912c80ae6
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:24:56 2015 +0300

      replay: ptimer

      This patch adds deterministic replay for hardware periodic countdown 
timers.
      ptimer uses bottom halves layer to execute such an asynchronous callback.
      We put this callback into the replay queue instead of bottom halves one.
      When checkpoint is met by main loop thread, the replay queue is processed
      and callback is executed. Binding callback moment to one of the 
checkpoints
      makes it deterministic.

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162456.8676.83366.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>

  commit df281b80b9ecba65d85795aa738c29e5b94d5ef1
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:24:50 2015 +0300

      bottom halves: introduce bh call function

      This patch introduces aio_bh_call function. It is used to execute
      bottom halves as callbacks without adding them to the queue.

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162450.8676.56980.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>

  commit 8bd7f71d794b93ce027b856f5b79a98f4f82e44c
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:24:44 2015 +0300

      replay: checkpoints

      This patch introduces checkpoints that synchronize cpu thread and 
iothread.
      When checkpoint is met in the code all asynchronous events from the queue
      are executed.

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162444.8676.52916.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>

  commit efab87cf79077a9624f675fc5fc8f034eaedfe4d
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:24:39 2015 +0300

      icount: improve counting for record/replay

      icount_warp_rt function is called by qemu_clock_warp and as
      callback of icount_warp timer. This patch adds call to qemu_clock_warp
      into main_loop_wait function, because icount warp may be missed
      in record/replay mode, when CPU is sleeping.
      This patch also disables of calling this function by timer, because
      it is not needed after making modifications of main_loop_wait.

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162439.8676.38290.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>

  commit b60c48a7019614902f2debe4d4181ec8cfa60e0d
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:24:33 2015 +0300

      replay: shutdown event

      This patch records and replays simulator shutdown event.

      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162433.8676.32262.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>

  commit 8eda206e09089914006bfbdd71467d5246c06e4a
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:24:28 2015 +0300

      replay: recording and replaying clock ticks

      Clock ticks are considered as the sources of non-deterministic data for
      virtual machine. This patch implements saving the clock values when they
      are acquired (virtual, host clock).
      When replaying the execution corresponding values are read from log and
      transfered to the module, which wants to read the values.
      Such a design required the clock polling to be synchronized. Sometimes
      it is not true - e.g. when timeouts for timer lists are checked. In this 
case
      we use a cached value of the clock, passing it to the client code.

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162427.8676.36558.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>

  commit c0c071d05279ec1429352200affc5c70bb4e5980
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:24:22 2015 +0300

      replay: asynchronous events infrastructure

      This patch adds module for saving and replaying asynchronous events.
      These events include network packets, keyboard and mouse input,
      USB packets, thread pool and bottom halves callbacks.
      All events are stored in the queue to be processed at synchronization 
points
      such as beginning of TB execution, or checkpoint in the iothread.

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162422.8676.88696.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

      Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>

  commit 6f0609697f3670bf755a91477487507a8ffee471
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:24:16 2015 +0300

      replay: interrupts and exceptions

      This patch includes modifications of common cpu files. All interrupts and
      exceptions occured during recording are written into the replay log.
      These events allow correct replaying the execution by kicking cpu thread
      when one of these events is found in the log.

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162416.8676.57647.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit f7fda280948a5e74aeb076ef346b991ecb173c56
  Author: Xiao Guangrong <guangrong.xiao@xxxxxxxxxxxxxxx>
  Date:   Thu Oct 29 15:31:39 2015 +0800

      target-i386: Enable clflushopt/clwb/pcommit instructions

      These instructions are used by NVDIMM drivers and the specification is
      located at:
      
https://software.intel.com/sites/default/files/managed/0d/53/319433-022.pdf

      There instructions are available on Skylake Server.

      Signed-off-by: Xiao Guangrong <guangrong.xiao@xxxxxxxxxxxxxxx>
      Reviewed-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 6aa91e4a0237ddcebb85e3a95e166f3b3cfa42ae
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Tue Nov 3 17:24:18 2015 -0200

      target-i386: Remove POPCNT from qemu64 and qemu32 CPU models

      POPCNT is not available on Penryn and older and on Opteron_G2 and older,
      and we want to make the default CPU runnable in most hosts, so it won't
      be enabled by default in KVM mode.

      We should eventually have all features supported by TCG enabled by
      default in TCG mode, but as we don't have a good mechanism today to
      ensure we have different defaults in KVM and TCG mode, disable POPCNT in
      the qemu64 and qemu32 CPU models entirely.

      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 711956722c6764336f8b78a2106e57c55f02f36d
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Tue Nov 3 17:24:18 2015 -0200

      target-i386: Remove ABM from qemu64 CPU model

      ABM is not available on Sandy Bridge and older, and we want to make the
      default CPU runnable in most hosts, so it won't be enabled by default in
      KVM mode.

      We should eventually have all features supported by TCG enabled by
      default in TCG mode, but as we don't have a good mechanism today to
      ensure we have different defaults in KVM and TCG mode, disable ABM in
      the qemu64 CPU model entirely.

      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 0909ad24b2769368716c85f79fbb995dbb7041a9
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Tue Nov 3 17:17:33 2015 -0200

      target-i386: Remove SSE4a from qemu64 CPU model

      SSE4a is not available in any Intel CPU, and we want to make the default
      CPU runnable in most hosts, so it doesn't make sense to enable it by
      default in KVM mode.

      We should eventually have all features supported by TCG enabled by
      default in TCG mode, but as we don't have a good mechanism today to
      ensure we have different defaults in KVM and TCG mode, disable SSE4a in
      the qemu64 CPU model entirely.

      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 3e68482224129c3ddc061af7c9d438b882ecfdd1
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Tue Nov 3 17:18:50 2015 -0200

      target-i386: Set "check=off" by default on pc-*-2.4 and older

      The default CPU model (qemu64) have some issues today: it enables some
      features (ABM and SSE4a) that are not present in many host CPUs. That
      means many hosts (but not all of them) had those features silently
      disabled in the default configuration in QEMU 2.4 and older.

      With the new "check=on" default, this causes warnings to be printed in
      the default configuration, because of the lack of SSE4A on all Intel
      hosts, and the lack of ABM on Sandy Bridge and older hosts:

        $ qemu-system-x86_64 -machine pc,accel=kvm
        warning: host doesn't support requested feature: 
CPUID.80000001H:ECX.abm [bit 5]
        warning: host doesn't support requested feature: 
CPUID.80000001H:ECX.sse4a [bit 6]

      Those issues will be fixed in pc-*-2.5 and newer. But as we can't change
      the guest ABI in pc-*-2.4, disable "check" mode by default in pc-*-2.4
      and older so we don't print spurious warnings.

      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 382e1737d3467b76e8ade34b96afaae91509002e
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Thu Nov 5 10:12:18 2015 +0100

      vnc: fix mismerge

      Commit "4d77b1f vnc: fix bug: vnc server can't start when 'to' is
      specified" was rebased incorrectly, fix it.

      Reported-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Yang Hongyang <hongyang.yang@xxxxxxxxxxxx>
      Message-id: 1446714738-22400-1-git-send-email-kraxel@xxxxxxxxxx

  commit 496c1b19facc7b850fa0c09899fcc07a0702fbfd
  Merge: 8835b9d e01dd3d
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 5 14:31:24 2015 +0000

      Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
staging

      * Guest ABI fixes for PC machines (hw_version)
      * Fixes for recent Perl
      * John Snow's configure fixes
      * file-backed RAM improvements (Igor, Pavel)
      * -Werror=clobbered fixes (Stefan)
      * Kill -d ioport
      * Fix qemu-system-s390x
      * Performance improvement for kvmclock migration

      # gpg: Signature made Thu 05 Nov 2015 13:42:27 GMT using RSA key ID 
78C7AE83
      # gpg: Good signature from "Paolo Bonzini <bonzini@xxxxxxx>"
      # gpg:                 aka "Paolo Bonzini <pbonzini@xxxxxxxxxx>"

      * remotes/bonzini/tags/for-upstream:
        iscsi: Translate scsi sense into error code
        Revert "Introduce cpu_clean_all_dirty"
        kvmclock: add a new function to update env->tsc.
        configure: disable FORTIFY_SOURCE under clang
        backends/hostmem-file: Allow to specify full pathname for backing file
        configure: disallow ccache during compile tests
        cpu-exec: Fix compiler warning (-Werror=clobbered)
        memory: call begin, log_start and commit when registering a new listener
        megasas: Use qemu_hw_version() instead of QEMU_VERSION
        osdep: Rename qemu_{get, set}_version() to qemu_{, set_}hw_version()
        pc: Set hw_version on all machine classes
        qemu-log: remove -d ioport
        ioport: do not use CPU_LOG_IOPORT
        target-i386: fix pcmpxstrx equal-ordered (strstr) mode
        scripts/text2pod.pl: Escape left brace
        file_ram_alloc: propagate error to caller instead of terminating QEMU

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit e01dd3da5cf9aa90ae844d3b86c2c2762066edac
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Thu Nov 5 13:00:09 2015 +0800

      iscsi: Translate scsi sense into error code

      Previously we return -EIO blindly when anything goes wrong. Add a helper
      function to parse sense fields and try to make the return code more
      meaningful.

      This also fixes the default werror configuration (enospc) when we're
      using qcow2 on an iscsi lun. The old -EIO not being treated as out of
      space error failed to trigger vm stop.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Message-Id: <1446699609-11376-1-git-send-email-famz@xxxxxxxxxx>
      [libiscsi 1.9 compatibility - Paolo]
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 8b42704441865611a5ee241ac9fc5cabc47a079b
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:24:05 2015 +0300

      cpu: replay instructions sequence

      This patch adds calls to replay functions into the icount setup block.
      In record mode number of executed instructions is written to the log.
      In replay mode number of istructions to execute is taken from the replay 
log.
      When replayed instructions counter is expired qemu_notify_event()
      function is called to wake up the iothread.

      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162405.8676.31890.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 56c0269a9ec105d3848d9f900b5e38e6b35e2478
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:23:59 2015 +0300

      cpu-exec: allow temporary disabling icount

      This patch is required for deterministic replay to generate an exception
      by trying executing an instruction without changing icount.
      It adds new flag to TB for disabling icount while translating it.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162359.8676.77011.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 26bc60ac82f88d14e65be5387eb4a136edf94f1b
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:23:54 2015 +0300

      replay: introduce icount event

      This patch adds icount event to the replay subsystem. This event 
corresponds
      to execution of several instructions and used to synchronize input events
      in the replay phase.

      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162354.8676.31351.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit c16861ef1b7b27803b4c068ef778ba0f80fba1c2
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:23:48 2015 +0300

      replay: introduce mutex to protect the replay log

      This mutex will protect read/write operations for replay log.
      Using mutex is necessary because most of the events consist of
      several fields stored in the log. The mutex will help to avoid races.

      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162348.8676.8628.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit c92079f45fec0bc6a2757aa3783dd9b0604089ba
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:23:43 2015 +0300

      replay: internal functions for replay log

      This patch adds functions to perform read and write operations
      with replay log.

      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162342.8676.29445.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit d73abd6dcc105fb5cacc34716046fca63132a264
  Author: Pavel Dovgalyuk <Pavel.Dovgaluk@xxxxxxxxx>
  Date:   Thu Sep 17 19:23:37 2015 +0300

      replay: global variables and function stubs

      This patch adds global variables, defines, function declarations,
      and function stubs for deterministic VM replay used by external modules.

      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

      Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Message-Id: <20150917162337.8676.41538.stgit@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 8835b9df3bddf332c883c861d6a1defc12c4ebe9
  Merge: 6c5f30c fb68777
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 5 10:52:35 2015 +0000

      Merge remote-tracking branch 
'remotes/mdroth/tags/qga-pull-2015-11-04-tag' into staging

      qemu-ga patch queue

      * fix file handle cleanup on w32
      * use non-blocking mode for file handles on w32 to avoid
        hangs on guest-file-read/guest-file-write to pipes

      # gpg: Signature made Wed 04 Nov 2015 19:36:16 GMT using RSA key ID 
F108B584
      # gpg: Good signature from "Michael Roth <flukshun@xxxxxxxxx>"
      # gpg:                 aka "Michael Roth <mdroth@xxxxxxxxxx>"
      # gpg:                 aka "Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>"

      * remotes/mdroth/tags/qga-pull-2015-11-04-tag:
        qga: set file descriptor in qmp_guest_file_open non-blocking on Win32
        qga: fixed CloseHandle in qmp_guest_file_open
        qga: drop hand-made guest_file_toggle_flags helper

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 6388acc853b7862761d3c2864be99033e8b62dcc
  Author: Liang Li <liang.z.li@xxxxxxxxx>
  Date:   Thu Nov 5 11:51:04 2015 +0800

      Revert "Introduce cpu_clean_all_dirty"

      This reverts commit de9d61e83d43be9069e6646fa9d57a3f47779d28.

      Now 'cpu_clean_all_dirty' is useless, we can revert the related code.

      Conflicts:
        include/sysemu/kvm.h

      Signed-off-by: Liang Li <liang.z.li@xxxxxxxxx>
      Message-Id: <1446695464-27116-3-git-send-email-liang.z.li@xxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 0fd7e098db30e302d27920487f0afec33be8982a
  Author: Liang Li <liang.z.li@xxxxxxxxx>
  Date:   Thu Nov 5 11:51:03 2015 +0800

      kvmclock: add a new function to update env->tsc.

      The commit 317b0a6d8 fixed an issue which caused by the outdated
      env->tsc value, but the fix lead to 'cpu_synchronize_all_states()'
      called twice during live migration. The 'cpu_synchronize_all_states()'
      takes about 130us for a VM which has 4 vcpus, it's a bit expensive.

      Synchronize the whole CPU context just for updating env->tsc is too
      wasting, this patch use a new function to update the env->tsc.
      Comparing to 'cpu_synchronize_all_states()', it only takes about 20us.

      Signed-off-by: Liang Li <liang.z.li@xxxxxxxxx>
      Message-Id: <1446695464-27116-2-git-send-email-liang.z.li@xxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit b553a0428014636bce4951098e97c60dc18a83ed
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Tue Nov 3 15:43:42 2015 -0500

      configure: disable FORTIFY_SOURCE under clang

      Some versions of clang may have difficulty compiling glibc headers when
      -D_FORTIFY_SOURCE is used. For example, Clang++ 3.5.0-9.fc22 cannot
      compile glibc's stdio headers when -D_FORTIFY_SOURCE=2 is used. This
      manifests currently as build failures with clang and any arm target.

      According to LLVM dev Richard Smith, clang does not target or support
      FORTIFY_SOURCE + glibc, and it should not be relied on.
      "It's still an unsupported combination, and while it might compile, some
      of the checks are unlikely to work because they require a frontend
      inliner to be useful"

      See: http://lists.llvm.org/pipermail/cfe-dev/2015-November/045846.html

      Conclusion: disable fortify-source if we appear to be using clang instead
      of testing for compile success or failure, which may be incidental or not
      indicative of proper support of the feature.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-Id: <1446583422-10153-1-git-send-email-jsnow@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 6c5f30cad290c745f910481d0e890b3f4fad1f00
  Merge: 2b5a79f 96e5c9b
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Nov 5 10:10:57 2015 +0000

      Merge remote-tracking branch 
'remotes/juanquintela/tags/migration/20151104' into staging

      migration/next for 20151104

      # gpg: Signature made Wed 04 Nov 2015 12:45:19 GMT using RSA key ID 
5872D723
      # gpg: Good signature from "Juan Quintela <quintela@xxxxxxxxxx>"
      # gpg:                 aka "Juan Quintela <quintela@xxxxxxxxxx>"

      * remotes/juanquintela/tags/migration/20151104:
        migration: fix analyze-migration.py script
        migration: code clean up
        migration: rename cancel to cleanup in SaveVMHandles
        migration: rename qemu_savevm_state_cancel
        migration: defer migration_end & blk_mig_cleanup

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit f14c3d85b003d8614144ae67a26157667c1e1245
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Fri Oct 30 12:10:14 2015 +0100

      buffer: allow a buffer to shrink gracefully

      the idea behind this patch is to allow the buffer to shrink, but
      make this a seldom operation. The buffers average size is measured
      exponentionally smoothed with am alpha of 1/128.

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-20-git-send-email-kraxel@xxxxxxxxxx

  commit 4ec5ba151ff3f2ac8dc44dabd058eca5846654a6
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Fri Oct 30 12:10:13 2015 +0100

      buffer: factor out buffer_adj_size

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-19-git-send-email-kraxel@xxxxxxxxxx

  commit fd95243372f7657c2d24aed269e3be01bed1b87c
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Fri Oct 30 12:10:12 2015 +0100

      buffer: factor out buffer_req_size

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-18-git-send-email-kraxel@xxxxxxxxxx

  commit c3d6899c5e67dfd7ff195eccc10541f3b7e141a7
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Fri Oct 30 12:10:11 2015 +0100

      vnc: recycle empty vs->output buffer

      If the vs->output buffer is empty it will be dropped
      by the next qio_buffer_move_empty in vnc_jobs_consume_buffer
      anyway. So reuse the allocated buffer from this buffer
      in the worker thread where we otherwise would start with
      an empty (unallocated buffer).

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-17-git-send-email-kraxel@xxxxxxxxxx

      [ added a comment describing the non-obvious optimization ]

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 2e0c90af0a33451498d333d72c06e5429c7cd168
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:10:10 2015 +0100

      vnc: fix local state init

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-16-git-send-email-kraxel@xxxxxxxxxx

  commit c7628bff4138ce906a3620d12e0820c1cf6c140d
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:10:09 2015 +0100

      vnc: only alloc server surface with clients connected

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-15-git-send-email-kraxel@xxxxxxxxxx

  commit f7b3d68c95bc4f8915a3d084360aa07c7f4e4717
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:10:08 2015 +0100

      vnc: use vnc_{width,height} in vnc_set_area_dirty

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-14-git-send-email-kraxel@xxxxxxxxxx

  commit 453f842bc4cab49f10c267cff9ad3cf657265d49
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:10:07 2015 +0100

      vnc: factor out vnc_update_server_surface

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-13-git-send-email-kraxel@xxxxxxxxxx

  commit d05959c2e111858bb83c40ae5d8b8c10964b7bb0
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:10:06 2015 +0100

      vnc: add vnc_width+vnc_height helpers

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-12-git-send-email-kraxel@xxxxxxxxxx

  commit e081aae5ae01f5ff695ba9fee4e622053d8e4bfe
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:10:05 2015 +0100

      vnc: zap dead code

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-11-git-send-email-kraxel@xxxxxxxxxx

  commit d90340115a3569caa72063775ff927f4dc353551
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:10:04 2015 +0100

      vnc-jobs: move buffer reset, use new buffer move

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-10-git-send-email-kraxel@xxxxxxxxxx

  commit 8305f917c1bc86b1ead0fa9197b5443a4bd611f3
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:10:03 2015 +0100

      vnc: kill jobs queue buffer

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-9-git-send-email-kraxel@xxxxxxxxxx

  commit 543b95801f98ab2cb7413c39779fd5b7f363ce3d
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:10:02 2015 +0100

      vnc: attach names to buffers

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-8-git-send-email-kraxel@xxxxxxxxxx

  commit d2b90718d25ed6dc8a2bb7f06504e6500dcc7bae
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:10:01 2015 +0100

      buffer: add tracing

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-7-git-send-email-kraxel@xxxxxxxxxx

  commit 1ff36b5d4d00a4e3633eb960bf2be562f5e47dbf
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:10:00 2015 +0100

      buffer: add buffer_shrink

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-6-git-send-email-kraxel@xxxxxxxxxx

  commit 830a9583206a051c240b74c3f688a015dc5d2967
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:09:59 2015 +0100

      buffer: add buffer_move

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-5-git-send-email-kraxel@xxxxxxxxxx

  commit 4d1eb5fdb141c9100eb82e1dc7d4547fb1decd8b
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:09:58 2015 +0100

      buffer: add buffer_move_empty

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-4-git-send-email-kraxel@xxxxxxxxxx

  commit 810082d15c244b8b29470d3bb1c6b11fc9a40c25
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 30 12:09:57 2015 +0100

      buffer: add buffer_init

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1446203414-4013-3-git-send-email-kraxel@xxxxxxxxxx

  commit 5c10dbb7b577370e86ff459973b06d530c3777cf
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Fri Oct 30 12:09:56 2015 +0100

      buffer: make the Buffer capacity increase in powers of two

      This makes sure the number of reallocs is in O(log N).

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Message-id: 1446203414-4013-2-git-send-email-kraxel@xxxxxxxxxx

      [ rebased to util/buffer.c ]

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 2b5a79f1d961f07332cf77f38cdf9dc2fc7e2b64
  Merge: 79cf9fa 5dfdae8
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Nov 4 18:20:31 2015 +0000

      Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2015-11-03' 
into staging

      vl.c: Error message rework

      # gpg: Signature made Tue 03 Nov 2015 08:40:50 GMT using RSA key ID 
EB918653
      # gpg: Good signature from "Markus Armbruster <armbru@xxxxxxxxxx>"
      # gpg:                 aka "Markus Armbruster <armbru@xxxxxxxxxxxx>"

      * remotes/armbru/tags/pull-error-2015-11-03:
        vl.c: Use "%s support is disabled" error messages consistently
        vl.c: Improve warnings on use of deprecated options
        vl.c: Touch up error messages
        vl.c: Remove unnecessary uppercase in error messages
        vl.c: Use "warning:" prefix consistently on warnings
        vl.c: Remove periods and exclamation points from error messages
        vl.c: Replace fprintf(stderr) with error_report()

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 8d31d6b65a7448582c7bd320fd1b8cfc6cca2720
  Author: Pavel Fedin <p.fedin@xxxxxxxxxxx>
  Date:   Wed Oct 28 12:54:07 2015 +0300

      backends/hostmem-file: Allow to specify full pathname for backing file

      This allows to explicitly specify file name to use with the backend. This
      is important when using it together with ivshmem in order to make it 
backed
      by hugetlbfs. By default filename is autogenerated using mkstemp(), and 
the
      file is unlink()ed after creation, effectively making it anonymous. This 
is
      not very useful with ivshmem because it ends up in a memory which cannot 
be
      accessed by something else.

      Distinction between directory and file name is done by stat() check. If an
      existing directory is given, the code keeps old behavior. Otherwise it
      creates or opens a file with the given pathname.

      Signed-off-by: Pavel Fedin <p.fedin@xxxxxxxxxxx>
      Tested-by: Igor Skalkin <i.skalkin@xxxxxxxxxxx>
      Message-Id: <004301d11166$9672fe30$c358fa90$@samsung.com>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 5e4dfd3d4e87e0464d599ecef06aa8fe78420a9b
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Wed Oct 28 13:56:40 2015 -0400

      configure: disallow ccache during compile tests

      If the user is using ccache during the configuration step,
      it may interfere with some of the configuration tests,
      particularly the "Is ccache interfering with macro analysis" step,
      which is a bit of a poetic problem.

      1) Disallow ccache from reading from the cache during configure,
         but don't disable it entirely to allow us to see if it causes other
         problems.

      2) Force off CCACHE_CPP2 during the ccache test to get a deterministic
         answer over whether or not we need to enable that feature later.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-Id: <1446055000-29150-1-git-send-email-jsnow@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 0448f5f8b816923b198ab6c32286fd1f3b2f3e45
  Author: Stefan Weil <sw@xxxxxxxxxxx>
  Date:   Sat Sep 26 13:23:26 2015 +0200

      cpu-exec: Fix compiler warning (-Werror=clobbered)

      Reloading of local variables after sigsetjmp is only needed for some
      buggy compilers.

      The code which should reload these variables causes compiler warnings
      with gcc 4.7 when compiler optimizations are enabled:

      cpu-exec.c:204:15: error:
       variable â??cpuâ?? might be clobbered by â??longjmpâ?? or â??vforkâ?? 
[-Werror=clobbered]
      cpu-exec.c:207:15: error:
       variable â??ccâ?? might be clobbered by â??longjmpâ?? or â??vforkâ?? 
[-Werror=clobbered]
      cpu-exec.c:202:28: error:
       argument â??envâ?? might be clobbered by â??longjmpâ?? or â??vforkâ?? 
[-Werror=clobbered]

      Now this code is only used for compilers which need it
      (and gcc 4.5.x, x > 0 which does not need it but won't give warnings).

      There were bug reports for clang and gcc 4.5.0, while gcc 4.5.1
      was reported to work fine without the reload code. For clang it
      is not clear which versions are affected, so simply keep the status quo
      for all clang compilations. This can be improved later.

      Signed-off-by: Stefan Weil <sw@xxxxxxxxxxx>
      Message-Id: <1443266606-21400-1-git-send-email-sw@xxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 680a4783dc13f1059c03d11da58193d76c19ead6
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Nov 2 09:23:52 2015 +0100

      memory: call begin, log_start and commit when registering a new listener

      This ensures that cpu_reload_memory_map() is called as soon as
      tcg_cpu_address_space_init() is called, and before cpu->memory_dispatch
      is used.  qemu-system-s390x never changes the address spaces after
      tcg_cpu_address_space_init() is called, and thus tcg_commit() is never
      called.  This causes a SIGSEGV.

      Because memory_map_init() will now call mem_commit(), we have to
      initialize io_mem_* before address_space_memory and friends.

      Reported-by: Philipp Kern <pkern@xxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Fixes: 0a1c71cec63e95f9b8d0dc96d049d2daa00c5210
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 69fbd0ea25d1f45ab2c8b0d3f431e83063f977f2
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Fri Oct 30 17:36:09 2015 -0200

      megasas: Use qemu_hw_version() instead of QEMU_VERSION

      Guest visible data shouldn't change with a simple QEMU upgrade, so use
      qemu_hw_version() to ensure it won't change (as long as the machine
      class being used has hw_version set).

      Cc: Hannes Reinecke <hare@xxxxxxx>
      Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Cc: qemu-block@xxxxxxxxxx
      Reviewed-by: Hannes Reinecke <hare@xxxxxxxx>
      Acked-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Message-Id: <1446233769-7892-4-git-send-email-ehabkost@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 35c2c8dc8c0899882a8e0d349d93bd657772f1e7
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Fri Oct 30 17:36:08 2015 -0200

      osdep: Rename qemu_{get, set}_version() to qemu_{, set_}hw_version()

      This makes the purpose of the function clearer: it is not about the
      version of QEMU that's running, but the version string exposed in the
      emulated hardware.

      Cc: Andrzej Zaborowski <balrogg@xxxxxxxxx>
      Cc: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Cc: John Snow <jsnow@xxxxxxxxxx>
      Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Message-Id: <1446233769-7892-3-git-send-email-ehabkost@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit de796d93f59d363409dfd9e186ccd64a21f92204
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Fri Oct 30 17:36:07 2015 -0200

      pc: Set hw_version on all machine classes

      In 2012, QEMU had a bug where it exposed QEMU version information to the
      guest, meaning a QEMU upgrade would expose different hardware to the
      guest OS even if the same machine-type is being used.

      The bug was fixed by commit 93bfef4c6e4b23caea9d51e1099d06433d8835a4, on
      all machines up to pc-1.0. But we kept introducing the same bug on all
      newer machines since then. That means we are breaking guest ABI every
      time QEMU was upgraded.

      Fix this by setting the hw_version on all PC machines, making sure the
      hardware won't change when upgrading QEMU.

      Note that QEMU_VERSION was "1.0" in QEMU 1.0, but starting on QEMU
      1.1.0, it started following the "x.y.0" pattern. We have to follow it,
      to make sure we use the right QEMU_VERSION string from each QEMU
      release.

      The 2.5 machine classes could have hw_version unset, because the default
      value for qemu_get_version() is QEMU_VERSION. But I decided to set it
      explicitly to QEMU_VERSION so we don't forget to update it to "2.5.0"
      after we release 2.5.0 and create a 2.6 machine class.

      Reported-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Reviewed-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Message-Id: <1446233769-7892-2-git-send-email-ehabkost@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit ddcc8e9d51c415a7b7b2983c3552408d9a50be6e
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Fri Oct 16 15:09:01 2015 +0200

      qemu-log: remove -d ioport

      It was disabled at compile-time, and is now replaced by tracepoints.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 6f94b7d97f7e0e486a70fb06b703442e2c04a29a
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Fri Oct 16 15:08:34 2015 +0200

      ioport: do not use CPU_LOG_IOPORT

      These messages are disabled by default; a perfect usecase for tracepoints,
      which in fact already exist.  Add the missing information to them and
      stop using qemu_log_mask.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 54c54f8b56047d3c2420e1ae06a6a8890c220ac4
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Oct 12 11:50:27 2015 +0200

      target-i386: fix pcmpxstrx equal-ordered (strstr) mode

      In this mode, referring an invalid element of the source forces the
      result to false (table 4-7, last column) but referring an invalid
      element of the destination forces the result to true, so the outer
      loop should still be run even if some elements of the destination
      will be invalid.  They will be avoided in the inner loop, which
      correctly bounds "i" to validd, but they will still contribute to a
      positive outcome of the search.

      This fixes tst_strstr in glibc 2.17.

      Reported-by: Florian Weimer <fweimer@xxxxxxxxxx>
      Cc: Richard Henderson <rth@xxxxxxxxxxx>
      Cc: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit fb68777312887000cd0367d72621fdd67cc4a0a0
  Author: Olga Krishtal <okrishtal@xxxxxxxxxxxxx>
  Date:   Wed Oct 28 18:13:57 2015 +0300

      qga: set file descriptor in qmp_guest_file_open non-blocking on Win32

      Set fd non-blocking to avoid common use cases (like reading from a
      named pipe) from hanging the agent. This was missed in the original
      code.

      The patch introduces qemu_set_handle_nonoblocking, the local analog
      of qemu_set_nonblock for HANDLES.
      The usage of handles in qemu_set_non/block is impossible, because for
      win32 there is a difference between file discriptors and file handles,
      and all file ops are made via Win32 api.

      Signed-off-by: Olga Krishtal <okrishtal@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      CC: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      CC: Stefan Weil <sw@xxxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit c87d0964ef7534d50a4c729a6ae20045b3a0cd34
  Author: Olga Krishtal <okrishtal@xxxxxxxxxxxxx>
  Date:   Wed Oct 28 18:13:56 2015 +0300

      qga: fixed CloseHandle in qmp_guest_file_open

      CloseHandle use HANDLE as an argument, but not *HANDLE

      Signed-off-by: Olga Krishtal <okrishtal@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Stefan Weil <sw@xxxxxxxxxxx>
      CC: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 125053965b05b31427ff5c75dc3b87acaa8d0505
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Wed Oct 28 18:13:55 2015 +0300

      qga: drop hand-made guest_file_toggle_flags helper

      We'd better use generic qemu_set_nonblock directly.

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      CC: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 96e5c9bc77acef8b7b56cbe23a8a2611feff9e34
  Author: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
  Date:   Sat Sep 5 20:51:48 2015 +0100

      migration: fix analyze-migration.py script

      Commit 61964 "Add configuration section" broke the analyze-migration.py 
script
      which terminates due to the unrecognised section. Fix the script by 
parsing
      the contents of the configuration section directly into a new
      ConfigurationSection object (although nothing is done with it yet).

      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>al3
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>al3

  commit 6ad2a215e7170350430adfda02eb8ef47c1acd8e
  Author: Liang Li <liang.z.li@xxxxxxxxx>
  Date:   Mon Nov 2 15:37:03 2015 +0800

      migration: code clean up

      Just clean up code, no behavior change.

      Signed-off-by: Liang Li <liang.z.li@xxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>al3
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>al3
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>al3

  commit d1a8548c10bf6d24160ec2aafa4881a3f50a8373
  Author: Liang Li <liang.z.li@xxxxxxxxx>
  Date:   Mon Nov 2 15:37:02 2015 +0800

      migration: rename cancel to cleanup in SaveVMHandles

      'cleanup' seems more appropriate than 'cancel'.

      Signed-off-by: Liang Li <liang.z.li@xxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>al3
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>al3
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>al3

  commit ea7415fac677c5c1599214ee226ab4a3a438fdd6
  Author: Liang Li <liang.z.li@xxxxxxxxx>
  Date:   Mon Nov 2 15:37:01 2015 +0800

      migration: rename qemu_savevm_state_cancel

      The function qemu_savevm_state_cancel is called after the migration
      in migration_thread, it seems strange to 'cancel' it after completion,
      rename it to qemu_savevm_state_cleanup looks better.

      Signed-off-by: Liang Li <liang.z.li@xxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>al3
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>al3
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>al3

  commit 94f5a43704129ca4995aa3385303c5ae225bde42
  Author: Liang Li <liang.z.li@xxxxxxxxx>
  Date:   Mon Nov 2 15:37:00 2015 +0800

      migration: defer migration_end & blk_mig_cleanup

      Because of the patch 3ea3b7fa9af067982f34b of kvm, which introduces a
      lazy collapsing of small sptes into large sptes mechanism, now
      migration_end() is a time consuming operation because it calls
      memroy_global_dirty_log_stop(), which will trigger the dropping of small
      sptes operation and takes about dozens of milliseconds, so call
      migration_end() before all the vmsate data has already been transferred
      to the destination will prolong VM downtime. This operation should be
      deferred after all the data has been transferred to the destination.

      blk_mig_cleanup() can be deferred too.

      For a VM with 8G RAM, this patch can reduce the VM downtime about 30 ms.

      Signed-off-by: Liang Li <liang.z.li@xxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>al3
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>al3
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>al3

  commit 79cf9fad341e6e7bd6b55395b71d5c5727d7f5b0
  Merge: 19bb546 5d9c175
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 3 14:54:40 2015 +0000

      Merge remote-tracking branch 
'remotes/pmaydell/tags/pull-target-arm-20151103' into staging

      target-arm queue:
       * code cleanup to use symbolic constants for register bank numbers
       * fix direct booting of modern Linux kernels on xilinx_zynq by setting
         SCLR values to what the kernel expects firmware to have done
       * implement SYSRESETREQ for ARMv7M CPU (stellaris boards)
       * update MAINTAINERS to mention new qemu-arm mailing list
       * clean up display of PSTATE in AArch64 debug logs
       * report Secure/Nonsecure status in CPU debug logs
       * fix a missing _CCA attribute in ACPI tables
       * add support for GICv3 to ACPI tables

      # gpg: Signature made Tue 03 Nov 2015 13:58:46 GMT using RSA key ID 
14360CDE
      # gpg: Good signature from "Peter Maydell <peter.maydell@xxxxxxxxxx>"
      # gpg:                 aka "Peter Maydell <pmaydell@xxxxxxxxx>"
      # gpg:                 aka "Peter Maydell 
<pmaydell@xxxxxxxxxxxxxxxxxxxxxx>"

      * remotes/pmaydell/tags/pull-target-arm-20151103:
        ARM: ACPI: Fix MPIDR value in ACPI table
        hw/arm/virt-acpi-build: Add GICC ACPI subtable for GICv3
        hw/arm/virt-acpi-build: _CCA attribute is compulsory
        target-arm: Report S/NS status in the CPU debug logs
        target-arm: Bring AArch64 debug CPU display of PSTATE into line with 
AArch32
        MAINTAINERS: Add new qemu-arm mailing list to ARM related entries
        arm: stellaris: exit on external reset request
        armv7-m: Implement SYSRESETREQ
        armv7-m: Return DeviceState* from armv7m_init()
        arm: xilinx_zynq: Add linux pre-boot
        arm: boot: Add board specific setup code API
        arm: boot: Adjust indentation of FIXUP comments
        target-arm: Add and use symbolic names for register banks

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 19bb5467135df4b234af2c93bf6c50284158d6ca
  Merge: 130d0bc a9be4e7
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 3 14:09:59 2015 +0000

      Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20151103-1' 
into staging

      usb: two bugfixes for ehci & usb-host.

      # gpg: Signature made Tue 03 Nov 2015 10:57:28 GMT using RSA key ID 
D3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann <gerd@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@xxxxxxxxx>"

      * remotes/kraxel/tags/pull-usb-20151103-1:
        usb-host: fix usb3ep0quirk test
        ehci: clear suspend bit on detach

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 5d9c1756140d680e66e5b45005a1fb7078b74ee1
  Author: Shannon Zhao <shannon.zhao@xxxxxxxxxx>
  Date:   Tue Nov 3 13:49:42 2015 +0000

      ARM: ACPI: Fix MPIDR value in ACPI table

      Use mp_affinity of ARMCPU as the CPU MPIDR instead of the CPU index.

      Signed-off-by: Shannon Zhao <shannon.zhao@xxxxxxxxxx>
      Message-id: 1446285001-7316-1-git-send-email-zhaoshenglong@xxxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit f2fbfacec024d1e78c10fc8498f3126557c21ed8
  Author: Shannon Zhao <shannon.zhao@xxxxxxxxxx>
  Date:   Tue Nov 3 13:49:42 2015 +0000

      hw/arm/virt-acpi-build: Add GICC ACPI subtable for GICv3

      When booting VM with GICv3, the kernel needs GICC ACPI subtable to
      initialize the CPUs, e.g. MPIDR information. This adds GICC ACPI
      subtable for GICv3, but set GICC base address only when gic_version == 2
      since it donesn't need GICC base address for GICv3.

      Signed-off-by: Shannon Zhao <shannon.zhao@xxxxxxxxxx>
      Message-id: 1446131773-5018-1-git-send-email-shannon.zhao@xxxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit bc64b96c984abfe84f43562ca7480bb4f2af0613
  Author: Graeme Gregory <graeme.gregory@xxxxxxxxxx>
  Date:   Tue Nov 3 13:49:42 2015 +0000

      hw/arm/virt-acpi-build: _CCA attribute is compulsory

      According to ACPI specification 6.2.17 _CCA (Cache Coherency Attribute)
      this attribute is compulsory on ARM systems. Add this attribute to
      the PCI host bridges as required.

      Without this the kernel will produce the error
      [Firmware Bug]: PCI device 0000:00:00.0 fail to setup DMA.

      Signed-off-by: Graeme Gregory <graeme.gregory@xxxxxxxxxx>
      Message-id: 1446460786-13663-1-git-send-email-graeme.gregory@xxxxxxxxxx
      Reviewed-by: Shannon Zhao <shannon.zhao@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 06e5cf7acd1f94ab7c1cd6945974a1f039672940
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 3 13:49:42 2015 +0000

      target-arm: Report S/NS status in the CPU debug logs

      If this CPU supports EL3, enhance the printing of the current
      CPU mode in debug logging to distinguish S from NS modes as
      appropriate.

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Reviewed-by: Alex Bennée <alex.bennee@xxxxxxxxxx>
      Message-id: 1445883178-576-3-git-send-email-peter.maydell@xxxxxxxxxx

  commit 08b8e0f527930208a548b424d2ab3103bf3c8c02
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 3 13:49:42 2015 +0000

      target-arm: Bring AArch64 debug CPU display of PSTATE into line with 
AArch32

      The AArch64 debug CPU display of PSTATE as "PSTATE=200003c5 (flags --C-)"
      on the end of the same line as the last of the general purpose registers
      is unnecessarily different from the AArch32 display of PSR as
      "PSR=200001d3 --C- A svc32" on its own line. Update the AArch64
      code to put PSTATE in its own line and in the same format, including
      printing the exception level (mode).

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Reviewed-by: Alex Bennée <alex.bennee@xxxxxxxxxx>
      Message-id: 1445883178-576-2-git-send-email-peter.maydell@xxxxxxxxxx

  commit b4f2bd1ce89f3a324fd047c65573897b39d5aaf8
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 3 13:49:42 2015 +0000

      MAINTAINERS: Add new qemu-arm mailing list to ARM related entries

      We now have a qemu-arm mailing list for ARM patches and discussion,
      so add an L: entry for it to the various ARM related entries in
      MAINTAINERS.

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Reviewed-by: Alistair Francis <alistair.francis@xxxxxxxxxx>
      Reviewed-by: Shannon Zhao <shannon.zhao@xxxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Message-id: 1446129661-5239-1-git-send-email-peter.maydell@xxxxxxxxxx

  commit d69ffb5b48701d8f33cdfa2570a4ea1d5eb9de4d
  Author: Michael Davidsaver <mdavidsaver@xxxxxxxxx>
  Date:   Tue Nov 3 13:49:41 2015 +0000

      arm: stellaris: exit on external reset request

      Add GPIO in for the stellaris board which calls
      qemu_system_reset_request() on reset request.

      Signed-off-by: Michael Davidsaver <mdavidsaver@xxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit e192becdc7b05276a41ebef9fe11e6c30ddb91e3
  Author: Michael Davidsaver <mdavidsaver@xxxxxxxxx>
  Date:   Tue Nov 3 13:49:41 2015 +0000

      armv7-m: Implement SYSRESETREQ

      Implement the SYSRESETREQ bit of the AIRCR register
      for armv7-m (ie. cortex-m3) to trigger a GPIO out.

      Signed-off-by: Michael Davidsaver <mdavidsaver@xxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 20c59c38927902a8e2c67da7d9a24b5222a31cb7
  Author: Michael Davidsaver <mdavidsaver@xxxxxxxxx>
  Date:   Tue Nov 3 13:49:41 2015 +0000

      armv7-m: Return DeviceState* from armv7m_init()

      Change armv7m_init to return the DeviceState* for the NVIC.
      This allows access to all GPIO blocks, not just the IRQ inputs.
      Move qdev_get_gpio_in() calls out of armv7m_init() into
      board code for stellaris and stm32f205 boards.

      Signed-off-by: Michael Davidsaver <mdavidsaver@xxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit c3a9a689c6ff07ba2e00bafc68626fad84587794
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Tue Nov 3 13:49:41 2015 +0000

      arm: xilinx_zynq: Add linux pre-boot

      Add a Linux-specific pre-boot routine that matches the device-
      specific bootloaders behaviour. This is needed for modern Linux that
      expects the ARM PLL in SLCR to be a more even value (not 26).

      Cc: Alistair Francis <alistair.francis@xxxxxxxxxx>
      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Message-id: 
9a9025ea65572586b50dca4e5819032e3c436d64.1446182614.git.crosthwaite.peter@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 10b8ec73e610e017ac2fbaf486fce21eec7061b2
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Tue Nov 3 13:49:41 2015 +0000

      arm: boot: Add board specific setup code API

      Add an API for boards to inject their own preboot software (or
      firmware) sequence.

      The software then returns to the bootloader via the link register. This
      allows boards to do their own little bits of firmware setup without
      needed to replace the bootloader completely (which is the requirement
      for existing firmware support).

      The blob is loaded by a callback if and only if doing a linux boot
      (similar to the existing write_secondary support).

      Rewrite the comment for the primary boot blob.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Message-id: 
070295644c6ac84696d743913296e8cfefb48c15.1446182614.git.crosthwaite.peter@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 84e59397797ff2040439058b689adbfef608b879
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Tue Nov 3 13:49:41 2015 +0000

      arm: boot: Adjust indentation of FIXUP comments

      These comments start immediately after the current longest name in the
      list. Tab them out to the next tab stop to give a little breathing room
      and prepare for FIXUP_BOARD_SETUP which will require more indent.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Message-id: 
b9b9bb8f1c307c1ef8a3f26ff1f34fabb34b332e.1446182614.git.crosthwaite.peter@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 99a99c1fc8e9bfec1656ac5916c53977a93d3581
  Author: Soren Brinkmann <soren.brinkmann@xxxxxxxxxx>
  Date:   Tue Nov 3 13:49:41 2015 +0000

      target-arm: Add and use symbolic names for register banks

      Add BANK_<cpumode> #defines to index banked registers.

      Suggested-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Soren Brinkmann <soren.brinkmann@xxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit a9be4e7c48c4892c836bda1be4d550bb1a6732bd
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 23 14:27:10 2015 +0200

      usb-host: fix usb3ep0quirk test

      usb->speed is the usb speed the device is actually running on in the
      qemu emulation (i.e. from the guests point of view).  So when plugging
      usb3 devices into ehci hostadapter this is HIGH not SUPER.

      To figure whenever the host talks to the device with superspeed we
      have to check speedmask instead and see whenever the superspeed bit
      is set there.

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Message-id: 1445603230-11840-1-git-send-email-kraxel@xxxxxxxxxx

  commit cbf82fa01e6fd4ecb234b235b10ffce548154a95
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Wed Oct 21 09:44:22 2015 +0200

      ehci: clear suspend bit on detach

      When a device is detached, clear the suspend bit (PORTSC_SUSPEND)
      in the port status register.

      The specs are not *that* clear what is supposed to happen in case
      a suspended device is unplugged.  But the enable bit (PORTSC_PED)
      is cleared, and the specs mention setting suspend with enable being
      unset is undefined behavior.  So clearing them both looks reasonable,
      and it actually fixes the reported bug.

      https://bugzilla.redhat.com/show_bug.cgi?id=1268879

      Cc: Hans de Goede <hdegoede@xxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Hans de Goede <hdegoede@xxxxxxxxxx>
      Message-id: 1445413462-18004-1-git-send-email-kraxel@xxxxxxxxxx

  commit 130d0bc6594d0cc6591d00312841891b3c187b07
  Merge: 3d861a0 4d77b1f
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Nov 3 10:20:04 2015 +0000

      Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20151103-1' 
into staging

      ui: fixes for vnc, opengl and curses.

      # gpg: Signature made Tue 03 Nov 2015 09:53:24 GMT using RSA key ID 
D3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann <gerd@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@xxxxxxxxx>"

      * remotes/kraxel/tags/pull-ui-20151103-1:
        vnc: fix bug: vnc server can't start when 'to' is specified
        vnc: allow fall back to RAW encoding
        ui/opengl: Reduce build required libraries for opengl
        ui/curses: Fix pageup/pagedown on -curses
        ui/curses: Support line graphics chars on -curses mode
        ui/curses: Fix monitor color with -curses when 256 colors

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 4d77b1f23877b579b94421d0cab2bebc79f4e171
  Author: Yang Hongyang <hongyang.yang@xxxxxxxxxxxx>
  Date:   Tue Oct 27 14:10:52 2015 +0800

      vnc: fix bug: vnc server can't start when 'to' is specified

      commit e0d03b8ceb52 converted VNC startup to use SocketAddress,
      the interface socket_listen don't have a port_offset param, so
      we need to add the port offset (5900) to both 'port' and 'to' opts.
      currently only 'port' is added by offset.
      This patch add the port offset to 'to' opts.

      Signed-off-by: Yang Hongyang <hongyang.yang@xxxxxxxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-id: 1445926252-14830-1-git-send-email-hongyang.yang@xxxxxxxxxxxx
      Cc: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Cc: Eric Blake <eblake@xxxxxxxxxx>
      Cc: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit de3f7de7f4e257ce44cdabb90f5f17ee99624557
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Thu Aug 27 14:46:25 2015 +0200

      vnc: allow fall back to RAW encoding

      I have observed that depending on the contents and the encoding it happens
      that sending data as RAW sometimes would take less space than the encoded 
data.
      This is especially the case for small updates or areas with high color 
images.
      If sending RAW encoded data is beneficial allow a fall back to RAW 
encoding
      for the framebuffer update.

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit fb719563676f8958141a5c984e876a9a1b18f48b
  Author: OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Oct 27 02:45:48 2015 +0900

      ui/opengl: Reduce build required libraries for opengl

      We now use epoxy to load opengl libraries. This means we don't need to
      link opengl libraries directly if interfaces handled by epoxy. With
      this, we just need epoxy headers and epoxy's *.so to build.

      Tested with epoxy-1.3.1.

      - sdl2/gtk/console egl stuff doesn't require other than epoxy
      - milkymist-tmu2 glx stuff doesn't require other than epoxy

      (lm32 test is limited, because can't find mmone-bios.bin, so just test
      to load libGL with "./lm32-softmmu/qemu-system-lm32 -M 
milkymist,accel=qtest")

      Signed-off-by: OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>

      [ lm32 tested by kraxel ]

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit e72df72a558cc189bb8681df8059b3a8cff281fc
  Author: OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Oct 19 21:24:07 2015 +0900

      ui/curses: Fix pageup/pagedown on -curses

      Current KEY_NPAGE/KEY_PPAGE handling is broken on -curses. Those uses
      "GREY", but "KEY_MASK" masked out "GREY".

      To fix, we have to use correct mask value - SCANCODE_KEYMASK.

      Then, this adds support of "shift + pageup/pagedown". With this,
      -curses mode can use scroll-up/down as usual like other display modes.

      Signed-off-by: OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit e2368dc9684ae5cec2f0558be4803901a0b58b7b
  Author: OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Oct 19 21:23:46 2015 +0900

      ui/curses: Support line graphics chars on -curses mode

      This converts vga code to curses code in console_write_bh().

      With this changes, we can see line graphics (for example, dialog uses)
      correctly.

      Signed-off-by: OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 615220ddaf23db4c5686053257c568b46967e4b5
  Author: OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Oct 19 21:23:10 2015 +0900

      ui/curses: Fix monitor color with -curses when 256 colors

      If TERM=xterm-256color, COLOR_PAIRS==256 and monitor passes chtype
      like 0x74xx. Then, the code uses uninitialized color pair. As result,
      monitor uses black for both of fg and bg color, i.e. terminal is
      filled by black.

      To fix, this initialize above than 64 with default color 
(fg=white,bg=black).

      FIXME: on 256 color, curses may be possible better vga color emulation.

      Signed-off-by: OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 5dfdae814307f7580d56ab4505288224751e0801
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Fri Oct 30 13:08:02 2015 -0200

      vl.c: Use "%s support is disabled" error messages consistently

      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Message-Id: <1446217682-24421-12-git-send-email-ehabkost@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 515cb8ef27874822c64bc81ccde9bd7227383137
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Fri Oct 30 13:08:00 2015 -0200

      vl.c: Improve warnings on use of deprecated options

      Simplify warnings about deprecated options by rewriting them as
      "warning: ignoring deprecated option".

      Reword -no-kvm-pit-reinjection deprecation warning.

      Suggested-by: Andrew Jones <drjones@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Message-Id: <1446217682-24421-10-git-send-email-ehabkost@xxxxxxxxxx>
      [Squashed in
      Message-Id: <1446217682-24421-11-git-send-email-ehabkost@xxxxxxxxxx>
      and updated commit message]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 4cd70f34afa817cfc891f6c64fd7e277ba561784
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Fri Oct 30 13:07:56 2015 -0200

      vl.c: Touch up error messages

      Several small improvements:

      * Use "cannot" instead of "can not"
      * Use 'quotes' instead of `quotes'
      * Change "fail to parse" error message to "failed to parse"

      Suggested-by: Eric Blake <eblake@xxxxxxxxxx>
      Suggested-by: Andrew Jones <drjones@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Message-Id: <1446217682-24421-6-git-send-email-ehabkost@xxxxxxxxxx>
      [Squashed in
      Message-Id: <1446217682-24421-7-git-send-email-ehabkost@xxxxxxxxxx>
      Message-Id: <1446217682-24421-9-git-send-email-ehabkost@xxxxxxxxxx>
      and updated commit message]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 3e5153732e96d870b3272e662234d664c15e3815
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Fri Oct 30 13:07:58 2015 -0200

      vl.c: Remove unnecessary uppercase in error messages

      Suggested-by: Andrew Jones <drjones@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Message-Id: <1446217682-24421-8-git-send-email-ehabkost@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit eb177ec1843476f278a63d936b0f73f456a86024
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Fri Oct 30 13:07:55 2015 -0200

      vl.c: Use "warning:" prefix consistently on warnings

      Suggested-by: Andrew Jones <drjones@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Message-Id: <1446217682-24421-5-git-send-email-ehabkost@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 8afb900030b93122a40ef4a636d02ba888bdce12
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Fri Oct 30 13:07:54 2015 -0200

      vl.c: Remove periods and exclamation points from error messages

      Except for removing periods and exclamation points, no other changes
      were made to the error messages (yet).

      Suggested-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Message-Id: <1446217682-24421-4-git-send-email-ehabkost@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit f61eddcb2bb5cbbdd1d911b7e937db9affc29028
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Fri Oct 30 13:07:52 2015 -0200

      vl.c: Replace fprintf(stderr) with error_report()

      Straightforward replacement, except for qemu_kill_report(), which
      printed a common part of its error message first, then the applicable
      special part.  Print each complete message with a single
      error_report() instead.

      Multi-line messages were replaced by error_report() followed by
      error_printf().

      The following changes were made to the error messages:

      * The "invalid date format" message was reworded to better fit
        the new error_report()+error_printf() pattern.
      * On the remaining messages, only the trailing newlines, "qemu:" and
        "error:" message prefixes were removed.

      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Message-Id: <1446217682-24421-2-git-send-email-ehabkost@xxxxxxxxxx>
      [Squashed in
      Message-Id: <1446217682-24421-3-git-send-email-ehabkost@xxxxxxxxxx>
      and updated commit message]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit aa5ccadcca3e6018ebd9d2e8b0a0604f7cb0cd59
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Tue Oct 20 15:38:46 2015 +0800

      scripts/text2pod.pl: Escape left brace

      Latest perl now deprecates "{" literal in regex and print warnings like
      "unescaped left brace in regex is deprecated".  Add escapes to keep it
      happy.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>

      Message-Id: <1445326726-16031-1-git-send-email-famz@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit cc57501dee37376d0a2fbc5921e0f3a9ed4b117d
  Author: Igor Mammedov <imammedo@xxxxxxxxxx>
  Date:   Mon Oct 19 19:11:11 2015 +0200

      file_ram_alloc: propagate error to caller instead of terminating QEMU

      QEMU shouldn't exits from file_ram_alloc() if -mem-prealloc option is 
specified
      and "object_add memory-backend-file,..." fails allocation during memory 
hotplug.

      Propagate error to a caller and let it decide what to do with allocation 
failure.
      That leaves QEMU alive if it can't create backend during hotplug time and
      kills QEMU at startup time if backends or initial memory were 
misconfigured/
      too large.

      Signed-off-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Message-Id: <1445274671-17704-1-git-send-email-imammedo@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 3d861a01093f8eedfac9889746ccafcfd32039b7
  Merge: 24f4a0f 32bc687
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Nov 2 11:11:39 2015 +0000

      Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-11-02' 
into staging

      QAPI patches

      # gpg: Signature made Mon 02 Nov 2015 09:07:23 GMT using RSA key ID 
EB918653
      # gpg: Good signature from "Markus Armbruster <armbru@xxxxxxxxxx>"
      # gpg:                 aka "Markus Armbruster <armbru@xxxxxxxxxxxx>"

      * remotes/armbru/tags/pull-qapi-2015-11-02: (25 commits)
        qapi: Simplify gen_struct_field()
        qapi: Reserve 'u' member name
        qapi: Finish converting to new qapi union layout
        tpm: Convert to new qapi union layout
        memory: Convert to new qapi union layout
        input: Convert to new qapi union layout
        char: Convert to new qapi union layout
        net: Convert to new qapi union layout
        sockets: Convert to new qapi union layout
        block: Convert to new qapi union layout
        tests: Convert to new qapi union layout
        qapi-visit: Convert to new qapi union layout
        qapi: Start converting to new qapi union layout
        qapi-visit: Remove redundant functions for flat union base
        qapi: Unbox base members
        qapi: Prefer typesafe upcasts to qapi base classes
        qapi-types: Refactor base fields output
        qapi-visit: Split off visit_type_FOO_fields forward decl
        vnc: Hoist allocation of VncBasicInfo to callers
        qapi: Reserve 'q_*' and 'has_*' member names
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 32bc6879beea0b0cac6196cb15a71d206401e96d
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:35:03 2015 -0600

      qapi: Simplify gen_struct_field()

      Rather than having all callers pass a name, type, and optional
      flag, have them instead pass a QAPISchemaObjectTypeMember which
      already has all that information.

      No change to generated code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-25-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 5e59baf90a72cd25d38a3134edc029f4f022da74
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:35:02 2015 -0600

      qapi: Reserve 'u' member name

      Now that we have separated union tag values from colliding with
      non-variant C names, by naming the union 'u', we should reserve
      this name for our use.  Note that we want to forbid 'u' even in
      a struct with no variants, because it is possible for a future
      qemu release to extend QMP in a backwards-compatible manner while
      converting from a struct to a flat union.  Fortunately, no
      existing clients were using this member name.  If we ever find
      the need for QMP to have a member 'u', we could at that time
      relax things, perhaps by having c_name() munge the QMP member to
      'q_u'.

      Note that we cannot forbid 'u' everywhere (by adding the
      rejection code to check_name()), because the existing QKeyCode
      enum already uses it; therefore we only reserve it as a struct
      type member name.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-24-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit e4ba22b31943ab02373359555bd7bcd66442632f
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:35:01 2015 -0600

      qapi: Finish converting to new qapi union layout

      We have two issues with our qapi union layout:
      1) Even though the QMP wire format spells the tag 'type', the
      C code spells it 'kind', requiring some hacks in the generator.
      2) The C struct uses an anonymous union, which places all tag
      values in the same namespace as all non-variant members. This
      leads to spurious collisions if a tag value matches a non-variant
      member's name.

      This patch is the back end for a series that converts to a
      saner qapi union layout.  Now that all clients have been
      converted to use 'type' and 'obj->u.value', we can drop the
      temporary parallel support for 'kind' and 'obj->value'.

      Given a simple union qapi type:

      { 'union':'Foo', 'data': { 'a':'int', 'b':'bool' } }

      this is the overall effect, when compared to the state before
      this series of patches:

      | struct Foo {
      |-    FooKind kind;
      |-    union { /* union tag is @kind */
      |+    FooKind type;
      |+    union { /* union tag is @type */
      |         void *data;
      |         int64_t a;
      |         bool b;
      |-    };
      |+    } u;
      | };

      The testsuite still contains some examples of artificial restrictions
      (see flat-union-clash-type.json, for example) that are no longer
      technically necessary, now that there is no longer a collision between
      enum tag values and non-variant member names; but fixing this will be
      done in later patches, in part because some further changes are required
      to keep QAPISchema*.check() from asserting.  Also, a later patch will
      add a reservation for the member name 'u' to avoid a collision between a
      user's non-variant names and our internal choice of C union name.

      Note, however, that we do not rename the generated enum, which
      is still 'FooKind'.  A further patch could generate implicit
      enums as 'FooType', but while the generator already reserved
      the '*Kind' namespace (commit 4dc2e69), there are already QMP
      constructs with '*Type' naming, which means changing our
      reservation namespace would have lots of churn to C code to
      deal with a forced name change.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-23-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit ce21131a0b9e556bb73bf65eacdc07ccb21f78a9
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:35:00 2015 -0600

      tpm: Convert to new qapi union layout

      We have two issues with our qapi union layout:
      1) Even though the QMP wire format spells the tag 'type', the
      C code spells it 'kind', requiring some hacks in the generator.
      2) The C struct uses an anonymous union, which places all tag
      values in the same namespace as all non-variant members. This
      leads to spurious collisions if a tag value matches a non-variant
      member's name.

      Make the conversion to the new layout for TPM-related code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-22-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked slightly]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 1fd5d4fea4ba686705fd377c7cffc0f0c9f83f93
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:59 2015 -0600

      memory: Convert to new qapi union layout

      We have two issues with our qapi union layout:
      1) Even though the QMP wire format spells the tag 'type', the
      C code spells it 'kind', requiring some hacks in the generator.
      2) The C struct uses an anonymous union, which places all tag
      values in the same namespace as all non-variant members. This
      leads to spurious collisions if a tag value matches a non-variant
      member's name.

      Make the conversion to the new layout for memory-related code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-21-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked slightly]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 568c73a4783cd981e9aa6de4f15dcda7829643ad
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:58 2015 -0600

      input: Convert to new qapi union layout

      We have two issues with our qapi union layout:
      1) Even though the QMP wire format spells the tag 'type', the
      C code spells it 'kind', requiring some hacks in the generator.
      2) The C struct uses an anonymous union, which places all tag
      values in the same namespace as all non-variant members. This
      leads to spurious collisions if a tag value matches a non-variant
      member's name.

      Make the conversion to the new layout for input-related code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-20-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked slightly]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 130257dc443574a9da91dc293665be2cfc40245a
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:57 2015 -0600

      char: Convert to new qapi union layout

      We have two issues with our qapi union layout:
      1) Even though the QMP wire format spells the tag 'type', the
      C code spells it 'kind', requiring some hacks in the generator.
      2) The C struct uses an anonymous union, which places all tag
      values in the same namespace as all non-variant members. This
      leads to spurious collisions if a tag value matches a non-variant
      member's name.

      Make the conversion to the new layout for character-related
      code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-19-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked slightly]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 8d0bcba8370a4e8606dee602393a14d0c48e8bfc
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:56 2015 -0600

      net: Convert to new qapi union layout

      We have two issues with our qapi union layout:
      1) Even though the QMP wire format spells the tag 'type', the
      C code spells it 'kind', requiring some hacks in the generator.
      2) The C struct uses an anonymous union, which places all tag
      values in the same namespace as all non-variant members. This
      leads to spurious collisions if a tag value matches a non-variant
      member's name.

      Make the conversion to the new layout for net-related code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-18-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked slightly]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 2d32addae70987521578d8bb27c6b3f52cdcbdcb
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:55 2015 -0600

      sockets: Convert to new qapi union layout

      We have two issues with our qapi union layout:
      1) Even though the QMP wire format spells the tag 'type', the
      C code spells it 'kind', requiring some hacks in the generator.
      2) The C struct uses an anonymous union, which places all tag
      values in the same namespace as all non-variant members. This
      leads to spurious collisions if a tag value matches a non-variant
      member's name.

      Make the conversion to the new layout for socket-related code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-17-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked slightly]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 6a8f9661dc3c088ed0d2f5b41d940190407cbdc5
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:54 2015 -0600

      block: Convert to new qapi union layout

      We have two issues with our qapi union layout:
      1) Even though the QMP wire format spells the tag 'type', the
      C code spells it 'kind', requiring some hacks in the generator.
      2) The C struct uses an anonymous union, which places all tag
      values in the same namespace as all non-variant members. This
      leads to spurious collisions if a tag value matches a non-variant
      member's name.

      Make the conversion to the new layout for block-related code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-16-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked slightly]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit c363acef772647f66becdbf46dd54e70e67f3cc9
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:53 2015 -0600

      tests: Convert to new qapi union layout

      We have two issues with our qapi union layout:
      1) Even though the QMP wire format spells the tag 'type', the
      C code spells it 'kind', requiring some hacks in the generator.
      2) The C struct uses an anonymous union, which places all tag
      values in the same namespace as all non-variant members. This
      leads to spurious collisions if a tag value matches a non-variant
      member's name.

      Make the conversion to the new layout for testsuite code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-15-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked slightly]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 150d0564a4c626642897c748f7906260a13c14e1
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:52 2015 -0600

      qapi-visit: Convert to new qapi union layout

      We have two issues with our qapi union layout:
      1) Even though the QMP wire format spells the tag 'type', the
      C code spells it 'kind', requiring some hacks in the generator.
      2) The C struct uses an anonymous union, which places all tag
      values in the same namespace as all non-variant members. This
      leads to spurious collisions if a tag value matches a non-variant
      member's name.

      Make the conversion to the new layout for qapi-visit.py.

      Generated code changes look like:

      |@@ -4912,16 +4912,16 @@ void visit_type_MemoryDeviceInfo(Visitor
      |     if (!*obj) {
      |         goto out_obj;
      |     }
      |-    visit_type_MemoryDeviceInfoKind(v, &(*obj)->kind, "type", &err);
      |+    visit_type_MemoryDeviceInfoKind(v, &(*obj)->type, "type", &err);
      |     if (err) {
      |         goto out_obj;
      |     }
      |-    if (!visit_start_union(v, !!(*obj)->data, &err) || err) {
      |+    if (!visit_start_union(v, !!(*obj)->u.data, &err) || err) {
      |         goto out_obj;
      |     }
      |-    switch ((*obj)->kind) {
      |+    switch ((*obj)->type) {
      |     case MEMORY_DEVICE_INFO_KIND_DIMM:
      |-        visit_type_PCDIMMDeviceInfo(v, &(*obj)->dimm, "data", &err);
      |+        visit_type_PCDIMMDeviceInfo(v, &(*obj)->u.dimm, "data", &err);
      |         break;
      |     default:
      |         abort();
      |@@ -4930,7 +4930,7 @@ out_obj:
      |     error_propagate(errp, err);
      |     err = NULL;
      |     if (*obj) {
      |-        visit_end_union(v, !!(*obj)->data, &err);
      |+        visit_end_union(v, !!(*obj)->u.data, &err);
      |     }
      |     error_propagate(errp, err);
      |     err = NULL;

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-14-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked slightly]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit f51d8fab44b231aa299d8de24cfdf9ba41ef4a21
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:51 2015 -0600

      qapi: Start converting to new qapi union layout

      We have two issues with our qapi union layout:
      1) Even though the QMP wire format spells the tag 'type', the
      C code spells it 'kind', requiring some hacks in the generator.
      2) The C struct uses an anonymous union, which places all tag
      values in the same namespace as all non-variant members. This
      leads to spurious collisions if a tag value matches a non-variant
      member's name.

      This patch is the front end for a series that converts to a
      saner qapi union layout.  By the end of the series, we will no
      longer have the type/kind mismatch, and all tag values will be
      under a named union, which requires clients to access
      'obj->u.value' instead of 'obj->value'.  But since the
      conversion touches a number of files, it is easiest if we
      temporarily support BOTH layouts simultaneously.

      Given a simple union qapi type:

      { 'union':'Foo', 'data': { 'a':'int', 'b':'bool' } }

      make the following changes in generated qapi-types.h:

      | struct Foo {
      |-    FooKind kind;
      |-    union { /* union tag is @kind */
      |+    union {
      |+        FooKind kind;
      |+        FooKind type;
      |+    };
      |+    union { /* union tag is @type */
      |         void *data;
      |         int64_t a;
      |         bool b;
      |+        union { /* union tag is @type */
      |+            void *data;
      |+            int64_t a;
      |+            bool b;
      |+        } u;
      |     };
      | };

      Flat unions do not need the anonymous union for the tag member,
      as we already fixed that to use the member name instead of 'kind'
      back in commit 0f61af3e.

      One additional change is needed in qapi.py: check_union() now
      needs to check for collisions with 'type' in addition to those
      with 'kind'.

      Later, when the conversions are complete, we will remove the
      duplication hacks, and also drop the check_union() restrictions.

      Note, however, that we do not rename the generated enum, which
      is still 'FooKind'.  A further patch could generate implicit
      enums as 'FooType', but while the generator already reserved
      the '*Kind' namespace (commit 4dc2e69), there are already QMP
      constructs with '*Type' naming, which means changing our
      reservation namespace would have lots of churn to C code to
      deal with a forced name change.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-13-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked slightly]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 5c5e51a05b567fd48fb155d94ca6f7679dd0d478
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:50 2015 -0600

      qapi-visit: Remove redundant functions for flat union base

      The code for visiting the base class of a child struct created
      visit_type_Base_fields() which covers all fields of Base; while
      the code for visiting the base class of a flat union created
      visit_type_Union_fields() covering all fields of the base
      except the discriminator.  But since the base class includes
      the discriminator of a flat union, we can just visit the entire
      base, without needing a separate visit of the discriminator.
      Not only is consistently visiting all fields easier to
      understand, it lets us share code.

      The generated code in qapi-visit.c loses several now-unused
      visit_type_UNION_fields(), along with changes like:

      |@@ -1654,11 +1557,7 @@ void visit_type_BlockdevOptions(Visitor
      |     if (!*obj) {
      |         goto out_obj;
      |     }
      |-    visit_type_BlockdevOptions_fields(v, obj, &err);
      |-    if (err) {
      |-        goto out_obj;
      |-    }
      |-    visit_type_BlockdevDriver(v, &(*obj)->driver, "driver", &err);
      |+    visit_type_BlockdevOptionsBase_fields(v, (BlockdevOptionsBase 
**)obj, &err);
      |     if (err) {
      |         goto out_obj;
      |     }

      and forward declarations where needed.  Note that the cast of obj
      to BASE ** is necessary to call visit_type_BASE_fields() (and we
      can't use our upcast wrappers, because those work on pointers while
      we have a pointer-to-pointer).

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-12-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit ddf21908961073199f3d186204da4810f2ea150b
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:49 2015 -0600

      qapi: Unbox base members

      Rather than storing a base class as a pointer to a box, just
      store the fields of that base class in the same order, so that
      a child struct can be directly cast to its parent.  This gives
      less malloc overhead, less pointer dereferencing, and even less
      generated code.  Compare to the earlier commit 1e6c1616a "qapi:
      Generate a nicer struct for flat unions" (although that patch
      had fewer places to change, as less of qemu was directly using
      qapi structs for flat unions).  It also allows us to turn on
      automatic type-safe wrappers for upcasting to the base class
      of a struct.

      Changes to the generated code look like this in qapi-types.h:

      | struct SpiceChannel {
      |-    SpiceBasicInfo *base;
      |+    /* Members inherited from SpiceBasicInfo: */
      |+    char *host;
      |+    char *port;
      |+    NetworkAddressFamily family;
      |+    /* Own members: */
      |     int64_t connection_id;

      as well as additional upcast functions like qapi_SpiceChannel_base().
      Meanwhile, changes to qapi-visit.c look like:

      | static void visit_type_SpiceChannel_fields(Visitor *v, SpiceChannel 
**obj, Error **errp)
      | {
      |     Error *err = NULL;
      |
      |-    visit_type_implicit_SpiceBasicInfo(v, &(*obj)->base, &err);
      |+    visit_type_SpiceBasicInfo_fields(v, (SpiceBasicInfo **)obj, &err);
      |     if (err) {

      (the cast is necessary, since our upcast wrappers only deal with a
      single pointer, not pointer-to-pointer); plus the wholesale
      elimination of some now-unused visit_type_implicit_FOO() functions.

      Without boxing, the corner case of one empty struct having
      another empty struct as its base type now requires inserting a
      dummy member (previously, the 'Base *base' member sufficed).

      And now that we no longer consume a 'base' member in the generated
      C struct, we can delete the former negative struct-base-clash-base
      test.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-11-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked slightly]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 30594fe1cd4355626e73b80645428105d0df3cf6
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:48 2015 -0600

      qapi: Prefer typesafe upcasts to qapi base classes

      A previous patch (commit 1e6c1616) made it possible to
      directly cast from a qapi flat union type to its base type.
      However, it requires the use of a C cast, which turns off
      compiler type-safety checks.  Fortunately, no such casts
      exist, just yet.

      Regardless, add inline type-safe wrappers named
      qapi_FOO_base() for any union type FOO that has a base,
      which can be used for a safer upcast, and enhance the
      testsuite to cover the new functionality.

      A future patch will extend the upcast support to structs,
      where such conversions do exist already.

      Note that C makes const-correct upcasts annoying because
      it lacks overloads; these functions cast away const so that
      they can accept user pointers whether const or not, and the
      result in turn can be assigned to normal or const pointers.
      Alternatively, this could have been done with macros, but
      type-safe macros are hairy, and not worthwhile here.

      This patch just adds upcasts.  None of our code needed to
      downcast from a base qapi class to a child.  Also, in the
      case of grandchildren (such as BlockdevOptionsQcow2), the
      caller will need to call two functions to get to the inner
      base (although it wouldn't be too hard to generate a
      qapi_FOO_base_base() if desired).  If a user changes qapi
      to alter the base class hierarchy, such as going from
      'A -> C' to 'A -> B -> C', it will change the type of
      'qapi_C_base()', and the compiler will point out the places
      that are affected by the new base.

      One alternative was proposed, but was deemed too ugly to use
      in practice: the generators could output redundant
      information using anonymous types:
      | struct Child {
      |     union {
      |         struct {
      |             Type1 parent_member1;
      |             Type2 parent_member2;
      |         };
      |         Parent base;
      |     };
      | };
      With that ugly proposal, for a given qapi type, obj->member
      and obj->base.member would refer to the same storage; allowing
      convenience in working with members without needing 'base.'
      allowing typesafe upcast without needing a C cast by accessing
      '&obj->base', and allowing downcasts from the parent back to
      the child possible through container_of(obj, Child, base).

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-10-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit f87ab7f9bd956250c48b5c6e9b607b537fd21543
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:47 2015 -0600

      qapi-types: Refactor base fields output

      Move code from gen_union() into gen_struct_fields() in order for
      a later patch to share code when enumerating inherited fields
      for struct types.

      No change to generated code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-9-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit d02cf37766ba3cf918d7085aa7848c9dc05fd11a
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:46 2015 -0600

      qapi-visit: Split off visit_type_FOO_fields forward decl

      We generate a static visit_type_FOO_fields() for every type
      FOO.  However, sometimes we need a forward declaration. Split
      the code to generate the forward declaration out of
      gen_visit_implicit_struct() into a new gen_visit_fields_decl(),
      and also prepare for a forward declaration to be emitted
      during gen_visit_struct(), so that a future patch can switch
      from using visit_type_FOO_implicit() to the simpler
      visit_type_FOO_fields() as part of unboxing the base class
      of a struct.

      No change to generated code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-8-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 98481bfcd661daa3c160cc87a297b0e60a307788
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:45 2015 -0600

      vnc: Hoist allocation of VncBasicInfo to callers

      A future qapi patch will rework generated structs with a base
      class to be unboxed.  In preparation for that, change the code
      that allocates then populates an info struct to instead merely
      populate the fields of an info field passed in as a parameter
      (renaming vnc_basic_info_get* to vnc_init_basic_info*). Add
      rudimentary Error handling at the lowest levels for cases
      where the old code returned NULL; but rather than plumb Error
      all the way through the stack, the callers drop the error and
      return NULL as before.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-7-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 9fb081e0b98409556d023c7193eeb68947cd1211
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:44 2015 -0600

      qapi: Reserve 'q_*' and 'has_*' member names

      c_name() produces names starting with 'q_' when protecting a
      dictionary member name that would fail to directly compile, but
      in doing so can cause clashes with any member name already
      beginning with 'q-' or 'q_'.  Likewise, we create a C name 'has_'
      for any optional member that can clash with any member name
      beginning with 'has-' or 'has_'.

      Technically, rather than blindly reserving the namespace,
      we could try to complain about user names only when an actual
      collision occurs, or even teach c_name() how to munge names
      to avoid collisions.  But it is not trivial, especially when
      collisions can occur across multiple types (such as via
      inheritance or flat unions).  Besides, no existing .json
      files are trying to use these names.  So it's easier to just
      outright forbid the potential for collision.  We can always
      relax things in the future if a real need arises for QMP to
      express member names that have been forbidden here.

      'has_' only has to be reserved for struct/union member names,
      while 'q_' is reserved everywhere (matching the fact that
      only members can be optional, while we use c_name() for munging
      both members and entities).  Note that we could relax 'q_'
      restrictions on entities independently from member names; for
      example, c_name('qmp_' + 'unix') would result in a different
      function name than our current 'qmp_' + c_name('unix').

      Update and add tests to cover the new error messages.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-6-git-send-email-eblake@xxxxxxxxxx>
      [Consistently pass protect=False to c_name(); commit message tweaked
      slightly]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 255960dd374d4497d6ea537305f1b0d8a3433789
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:43 2015 -0600

      qapi: Reserve '*List' type names for list types

      Type names ending in 'List' can clash with qapi list types in
      generated C.  We don't currently use such names. It is easier to
      outlaw them now than to worry about how to resolve such a clash
      in the future. For precedence, see commit 4dc2e69, which did the
      same for names ending in 'Kind' versus implicit enum types for
      qapi unions.

      Update the testsuite to match.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-5-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit f9e6102b48f21e464a847a858a456c521e7a83e5
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:42 2015 -0600

      qapi: More robust conditions for when labels are needed

      We were using regular expressions to see if ret included
      any earlier text that emitted a 'goto out;' line, to decide
      whether we needed to output an 'out:' label.  But this is
      fragile, if the ret text can possibly combine more than one
      generated function body, where the first function used a
      goto but the second does not.  Change the code to just check
      for the known conditions which cause an error check to be
      needed.  Besides, it's slightly more efficient to use plain
      checks than regular expression searching.

      No change to generated code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-4-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 8712fa5333ad348da20034b717dd814219d1ec11
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:41 2015 -0600

      qapi: More idiomatic string operations

      Rather than slicing the end of a string, we can use python's
      endswith().  And rather than creating a set of characters,
      we can search for a character within a string.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-3-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 1976708321f21ed51d0a374db6b28a6cd1bd5d66
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 26 16:34:40 2015 -0600

      tests/qapi-schema: Test for reserved names, empty struct

      Add some testsuite coverage to ensure future patches are on
      the right track:

      Our current C representation of qapi arrays is done by appending
      'List' to the element name; but we are not preventing the
      creation of an object type with the same name.  Add
      reserved-type-list.json to test this.  Then rename
      enum-union-clash.json to reserved-type-kind.json to cover the
      reservation that we DO detect, and shorten it to match the fact
      that the name is reserved even if there is no clash.

      We are failing to detect a collision between a dictionary member
      and the implicit 'has_*' flag for another optional member. The
      easiest fix would be for a future patch to reserve the entire
      "has[-_]" namespace for member names (the collision is also
      possible for branch names within flat unions, but only as long as
      branch names can collide with (non-variant) members; however,
      since future patches are about to remove that, it is not worth
      testing here). Add reserved-member-has.json to test this.

      A similar collision exists between a dictionary member where
      c_name() munges what might otherwise be a reserved name to start
      with 'q_', and another member explicitly starts with "q[-_]".
      Again, the easiest solution for a future patch will be reserving
      the entire namespace, but here for commands as well as members.
      Add reserved-member-q.json and reserved-command-q.json to test
      this; separate tests since arguably our munging of command 'unix'
      to 'qmp_q_unix()' could be done without a q_, which is different
      than the munging of a member 'unix' to 'foo.q_unix'.

      Finally, our testsuite does not have any compilation coverage
      of struct inheritance with empty qapi structs.  Update
      qapi-schema-test.json to test this.

      Note that there is currently no technical reason to forbid type
      name patterns from member names, or member name patterns from
      types, since the two are not in the same namespace in C and
      won't collide; but it's not worth adding positive tests of these
      corner cases at this time, especially while there is other churn
      pending in patches that rearrange which collisions actually
      happen.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1445898903-12082-2-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked slightly]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 2ea1793bd90f04c34fbb75a1b84d71cb5b1f9c08
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Thu Oct 22 11:25:43 2015 +0100

      qapi-schema: mark InetSocketAddress as mandatory again

      Revert the qapi-schema.json change done in:

        commit 0983f5e6af76d5df8c6346cbdfff9d8305fb6da0
        Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
        Date:   Tue Sep 1 14:46:50 2015 +0100

          sockets: allow port to be NULL when listening on IP address

      Switching "port" from mandatory to optional causes the QAPI
      code generator to add a 'has_port' field to the InetSocketAddress
      struct. No code that created InetSocketAddress objects was updated
      to set 'has_port = true', which caused the non-NULL port strings
      to be silently dropped when copying InetSocketAddress objects.

      Reported-by: Knut Omang <knuto@xxxxxxxxxx>
      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-Id: <1445509543-30679-1-git-send-email-berrange@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 24f4a0f5c969e9077e341402881c1d929d37150b
  Merge: 3a958f5 2a080ce
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 30 21:59:48 2015 +0000

      Merge remote-tracking branch 'remotes/rth/tags/pull-tile-20151030' into 
staging

      Prefetch in y2 pipe

      # gpg: Signature made Fri 30 Oct 2015 20:40:02 GMT using RSA key ID 
4DD0279B
      # gpg: Good signature from "Richard Henderson <rth7680@xxxxxxxxx>"
      # gpg:                 aka "Richard Henderson <rth@xxxxxxxxxx>"
      # gpg:                 aka "Richard Henderson <rth@xxxxxxxxxxx>"

      * remotes/rth/tags/pull-tile-20151030:
        target-tilegx: Implement prefetch instructions in pipe y2

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 3a958f559ecd0511583d27b10011fa7f3cf79b63
  Merge: e79ea9e 37a639a
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 30 19:47:47 2015 +0000

      Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
into staging

      # gpg: Signature made Thu 29 Oct 2015 18:09:16 GMT using RSA key ID 
81AB73C8
      # gpg: Good signature from "Stefan Hajnoczi <stefanha@xxxxxxxxxx>"
      # gpg:                 aka "Stefan Hajnoczi <stefanha@xxxxxxxxx>"

      * remotes/stefanha/tags/block-pull-request:
        block: Consider all child nodes in bdrv_requests_pending()
        target-arm: xlnx-zynqmp: Add sdhci support.
        sdhci: Split sdhci.h for public and internal device usage
        sd.h: Move sd.h to include/hw/sd/
        virtio: sync the dataplane vring state to the virtqueue before 
virtio_save
        gdb command: qemu handlers
        virtio-blk: switch off scsi-passthrough by default
        ppc/spapr: add 2.4 compat props
        s390x: include HW_COMPAT_* props
        qemu-gdb: add $qemu_coroutine_sp and $qemu_coroutine_pc
        qemu-gdb: extract parts of "qemu coroutine" implementation
        qemu-gdb: allow using glibc_pointer_guard() on core dumps

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit e79ea9e4240971b43494184d68a7f5a67d07e74b
  Merge: fdf9276 60270f8
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 30 16:30:25 2015 +0000

      Merge remote-tracking branch 'remotes/lalrae/tags/mips-20151030' into 
staging

      MIPS patches 2015-10-30

      Changes:
      * R6 CPU can be woken up by non-enabled interrupts
      * PC fix in KVM
      * Coprocessor 0 XContext calculation fix
      * various MIPS R6 updates

      # gpg: Signature made Fri 30 Oct 2015 14:51:56 GMT using RSA key ID 
0B29DA6B
      # gpg: Good signature from "Leon Alrae <leon.alrae@xxxxxxxxxx>"

      * remotes/lalrae/tags/mips-20151030:
        target-mips: fix updating XContext on mmu exception
        target-mips: add SIGRIE instruction
        target-mips: Set Config5.XNP for R6 cores
        target-mips: add PC, XNP reg numbers to RDHWR
        hw/mips_malta: Fix KVM PC initialisation
        target-mips: Add enum for BREAK32
        target-mips: update writing to CP0.Status.KX/SX/UX in MIPS Release R6
        target-mips: implement the CPU wake-up on non-enabled interrupts in R6
        target-mips: move the test for enabled interrupts to a separate function

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 60270f85cc93d2d34e45b7679c374b1d771f0eeb
  Author: Yongbok Kim <yongbok.kim@xxxxxxxxxx>
  Date:   Thu Oct 29 17:17:52 2015 +0000

      target-mips: fix updating XContext on mmu exception

      Correct updating XContext.Region field on mmu exceptions.
      If Config3.CTXTC = 0 then the R field of XContext has to be updated
      with the value of bits 63..62 of the virtual address upon a TLB
      exception.
      Also fixed the below line which overs 80 characters.

      Signed-off-by: Yongbok Kim <yongbok.kim@xxxxxxxxxx>
      Reviewed-by: James Hogan <james.hogan@xxxxxxxxxx>
      Reviewed-by: Leon Alrae <leon.alrae@xxxxxxxxxx>
      Signed-off-by: Leon Alrae <leon.alrae@xxxxxxxxxx>

  commit bb238210bb096534b68dab15a87c6ff0bef43672
  Author: Yongbok Kim <yongbok.kim@xxxxxxxxxx>
  Date:   Thu Oct 29 15:18:38 2015 +0000

      target-mips: add SIGRIE instruction

      Add SIGRIE (Signal Reserved Instruction Exception) for both MIPS and
      microMIPS.
      The instruction allows to use the 16-bit code field for software use.
      This instruction is introduced by and required as of Release 6.

      Signed-off-by: Yongbok Kim <yongbok.kim@xxxxxxxxxx>
      Reviewed-by: Leon Alrae <leon.alrae@xxxxxxxxxx>
      Signed-off-by: Leon Alrae <leon.alrae@xxxxxxxxxx>

  commit 35ac9e342e008e3d47ef18d33a6977fdb99de9cd
  Author: Yongbok Kim <yongbok.kim@xxxxxxxxxx>
  Date:   Mon Oct 5 14:45:45 2015 +0100

      target-mips: Set Config5.XNP for R6 cores

      Set Config5.XNP for R6 cores to indicate the extended LL/SC family
      of instructions NOT present.

      Signed-off-by: Yongbok Kim <yongbok.kim@xxxxxxxxxx>
      Reviewed-by: Leon Alrae <leon.alrae@xxxxxxxxxx>
      Signed-off-by: Leon Alrae <leon.alrae@xxxxxxxxxx>

  commit b00c72180c36510bf9b124e190bd520e3b7e1358
  Author: Yongbok Kim <yongbok.kim@xxxxxxxxxx>
  Date:   Thu Oct 29 15:18:39 2015 +0000

      target-mips: add PC, XNP reg numbers to RDHWR

      Add Performance Counter (4) and XNP (5) register numbers to RDHWR.
      Add check_hwrena() to simplify access control checkings.
      Add RDHWR support to microMIPS R6.

      Signed-off-by: Yongbok Kim <yongbok.kim@xxxxxxxxxx>
      Reviewed-by: Leon Alrae <leon.alrae@xxxxxxxxxx>
      Signed-off-by: Leon Alrae <leon.alrae@xxxxxxxxxx>

  commit ca2f6bbbce32b7e1ba4fdaf54165ab0dee47a3a5
  Author: James Hogan <james.hogan@xxxxxxxxxx>
  Date:   Mon Oct 12 17:54:39 2015 +0100

      hw/mips_malta: Fix KVM PC initialisation

      Commit 71c199c81d29 ("mips_malta: provide ememsize env variable to
      kernels") changed the meaning of loaderparams.ram_size to be the whole
      of RAM rather than just the low part below where the boot code is placed
      for KVM, but it didn't update the PC initialisation for KVM to use
      ram_low_size. Fix that now.

      Fixes: 71c199c81d29 ("mips_malta: provide ememsize env variable to 
kernels")
      Signed-off-by: James Hogan <james.hogan@xxxxxxxxxx>
      Cc: Paul Burton <paul.burton@xxxxxxxxxx>
      Cc: Leon Alrae <leon.alrae@xxxxxxxxxx>
      Cc: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Leon Alrae <leon.alrae@xxxxxxxxxx>
      Signed-off-by: Leon Alrae <leon.alrae@xxxxxxxxxx>

  commit fdf927621a99711bf1a81712bce054794f2d44c3
  Merge: 7bc8e0c 7f1e7b2
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 30 09:41:14 2015 +0000

      Merge remote-tracking branch 
'remotes/armbru/tags/pull-monitor-2015-10-30' into staging

      QMP and QObject patches

      # gpg: Signature made Fri 30 Oct 2015 08:06:26 GMT using RSA key ID 
EB918653
      # gpg: Good signature from "Markus Armbruster <armbru@xxxxxxxxxx>"
      # gpg:                 aka "Markus Armbruster <armbru@xxxxxxxxxxxx>"

      * remotes/armbru/tags/pull-monitor-2015-10-30:
        docs: Document QMP event rate limiting
        monitor: Throttle event VSERPORT_CHANGE separately by "id"
        monitor: Turn monitor_qapi_event_state[] into a hash table
        glib: add compatibility interface for g_hash_table_add()
        monitor: Split MonitorQAPIEventConf off MonitorQAPIEventState
        monitor: Switch from timer_new() to timer_new_ns()
        monitor: Simplify event throttling
        monitor: Reduce casting of QAPI event QDict
        qstring: Make conversion from QObject * accept null
        qlist: Make conversion from QObject * accept null
        qfloat qint: Make conversion from QObject * accept null
        qdict: Make conversion from QObject * accept null
        qbool: Make conversion from QObject * accept null
        qobject: Drop QObject_HEAD

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 7f1e7b23d57408c86d350b3544673fdcd6be55c0
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 15 17:08:36 2015 +0200

      docs: Document QMP event rate limiting

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1444921716-9511-8-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit 7de0be6573afc9dcfb6aa0ded167ad6a8730f727
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 15 17:08:35 2015 +0200

      monitor: Throttle event VSERPORT_CHANGE separately by "id"

      VSERPORT_CHANGE is emitted when the guest opens or closes a
      virtio-serial port.  The event's member "id" identifies the port.

      When several events arrive quickly, throttling drops all but the last
      of them.  Because of that, a QMP client must assume that *any* port
      may have changed state when it receives a VSERPORT_CHANGE event and
      throttling may have happened.

      Make the event more useful by throttling it for each port separately.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444921716-9511-7-git-send-email-armbru@xxxxxxxxxx>

  commit a24712af54259dd744a49447658521325f10a721
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 15 17:08:34 2015 +0200

      monitor: Turn monitor_qapi_event_state[] into a hash table

      In preparation of finer grained throttling.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444921716-9511-6-git-send-email-armbru@xxxxxxxxxx>

  commit 8681dffa91a0d5767b7c1eb3d5c2acbf7f7dd7ba
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Tue Oct 27 15:44:00 2015 +0100

      glib: add compatibility interface for g_hash_table_add()

      The next commit will use it.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit 37a639a7fbc5c6b065c80e7e2de78d22af735496
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Wed Oct 28 11:46:51 2015 +0100

      block: Consider all child nodes in bdrv_requests_pending()

      The function manually recursed into bs->file and bs->backing to check
      whether there were any requests pending, but it ignored other children.

      There's no need to special case file and backing here, so just replace
      these two explicit recursions by a loop recursing for all child nodes.

      Reported-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Message-id: 1446029211-27148-1-git-send-email-kwolf@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 33108e9f3388b07b7daa4e46d476ff89ce7dbec5
  Author: Sai Pavan Boddu <sai.pavan.boddu@xxxxxxxxxx>
  Date:   Thu Oct 8 18:51:03 2015 +0530

      target-arm: xlnx-zynqmp: Add sdhci support.

      Add two SYSBUS_SDHCI devices for xlnx-zynqmp

      Signed-off-by: Sai Pavan Boddu <saipava@xxxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 637d23beb607765033067c5cb08e0d66afaf8f4c
  Author: Sai Pavan Boddu <sai.pavan.boddu@xxxxxxxxxx>
  Date:   Thu Oct 8 18:51:02 2015 +0530

      sdhci: Split sdhci.h for public and internal device usage

      Split sdhci.h into pubilc version (i.e include/hw/sd/sdhci.h) and
      internal version (i.e hw/sd/sdhci-interna.h) based on register
      declarations and object declaration.

      Signed-off-by: Sai Pavan Boddu <saipava@xxxxxxxxxx>
      Reviewed-by: Alistair Francis <alistair.francis@xxxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit e3382ef0ea2724f5f09271a608e8f68ede5d844d
  Author: Sai Pavan Boddu <sai.pavan.boddu@xxxxxxxxxx>
  Date:   Thu Oct 8 18:51:01 2015 +0530

      sd.h: Move sd.h to include/hw/sd/

      Create a sd directory under include/hw/ and move sd.h to
      include/hw/sd/

      Signed-off-by: Sai Pavan Boddu <saipava@xxxxxxxxxx>
      Reviewed-by: Alistair Francis <alistair.francis@xxxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 10a06fd65f667a972848ebbbcac11bdba931b544
  Author: Pavel Butsykin <pbutsykin@xxxxxxxxxxxxx>
  Date:   Mon Oct 26 14:42:57 2015 +0300

      virtio: sync the dataplane vring state to the virtqueue before virtio_save

      When creating snapshot with the dataplane enabled, the snapshot file gets
      not the actual state of virtqueue, because the current state is stored in
      VirtIOBlockDataPlane. Therefore, before saving snapshot need to sync
      the dataplane vring state to the virtqueue. The dataplane will resume its
      work at the next notify virtqueue.

      When snapshot loads with loadvm we get a message:
      VQ 0 size 0x80 Guest index 0x15f5 inconsistent with Host index 0x0:
          delta 0x15f5
      error while loading state for instance 0x0 of device
          '0000:00:08.0/virtio-blk'
      Error -1 while loading VM state

      to reproduce the error I used the following hmp commands:
      savevm snap1
      loadvm snap1

      qemu parameters:
      --enable-kvm -smp 4 -m 1024 -drive 
file=/var/lib/libvirt/images/centos6.4.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,aio=native
 -device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x8,drive=drive-virtio-disk0,id=virtio-disk0
 -set device.virtio-disk0.x-data-plane=on

      Signed-off-by: Pavel Butsykin <pbutsykin@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Message-id: 1445859777-2982-1-git-send-email-den@xxxxxxxxxx
      CC: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      CC: "Michael S. Tsirkin" <mst@xxxxxxxxxx>
      CC: Kevin Wolf <kwolf@xxxxxxxxxx>
      CC: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit c900ef86c5e30e1adec0f79350edc3f30ebee285
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Tue Oct 27 13:09:45 2015 +0000

      gdb command: qemu handlers

      A new gdb commands are added:

        qemu handlers

           That dumps an AioContext list (by default qemu_aio_context)
           possibly including a backtrace for cases it knows about
           (with the verbose option).  Intended to help find why something
           is hanging waiting for IO.

        Use 'qemu handlers --verbose iohandler_ctx'  to find out why
      your incoming migration is stuck.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Message-id: 1445951385-11924-1-git-send-email-dgilbert@xxxxxxxxxx

      V2:
        Merge into one command with optional handlers arg, and only do
          backtrace in verbose mode

       (gdb) qemu handlers
       ----
       {pfd = {fd = 6, events = 25, revents = 0}, io_read = 0x55869656ffd0
       <event_notifier_dummy_cb>, io_write = 0x0, deleted = 0, opaque =
       0x558698c4ce08, node = {le_next = 0x0, le_prev = 0x558698c4cdc0}}

       (gdb) qemu handlers iohandler_ctx
       ----
       {pfd = {fd = 9, events = 25, revents = 0}, io_read = 0x558696581380
       <fd_coroutine_enter>, io_write = 0x0, deleted = 0, opaque =
       0x558698dc99d0, node = {le_next = 0x558698c4cca0, le_prev =
       0x558698c4c1d0}}
       ----
       {pfd = {fd = 4, events = 25, revents = 0}, io_read = 0x55869657b330
       <sigfd_handler>, io_write = 0x0, deleted = 0, opaque = 0x4, node =
       {le_next = 0x558698c4c260, le_prev = 0x558699f72508}}
       ----
       {pfd = {fd = 5, events = 25, revents = 0}, io_read = 0x55869656ffd0
       <event_notifier_dummy_cb>, io_write = 0x0, deleted = 0, opaque =
       0x558698c4c218, node = {le_next = 0x0, le_prev = 0x558698c4ccc8}}
       ----
       (gdb) qemu handlers --verbose iohandler_ctx
       ----
       {pfd = {fd = 9, events = 25, revents = 0}, io_read = 0x558696581380
       <fd_coroutine_enter>, io_write = 0x0, deleted = 0, opaque =
       0x558698dc99d0, node = {le_next = 0x558698c4cca0, le_prev =
       0x558698c4c1d0}}
       #0  0x0000558696581820 in qemu_coroutine_switch
       (from_=from_@entry=0x558698cb3cf0, to_=to_@entry=0x7f421c37eac8,
       action=action@entry=COROUTINE_YIELD) at
       /home/dgilbert/git/qemu/coroutine-ucontext.c:177
       #1  0x0000558696580c00 in qemu_coroutine_yield () at
       /home/dgilbert/git/qemu/qemu-coroutine.c:145
       #2  0x00005586965814f5 in yield_until_fd_readable (fd=9) at
       /home/dgilbert/git/qemu/qemu-coroutine-io.c:90
       #3  0x0000558696523937 in socket_get_buffer (opaque=0x55869a3dc620,
       buf=0x558698c505a0 "", pos=<optimized out>, size=32768) at
       /home/dgilbert/git/qemu/migration/qemu-file-unix.c:101
       #4  0x0000558696521fac in qemu_fill_buffer (f=0x558698c50570) at
       /home/dgilbert/git/qemu/migration/qemu-file.c:227
       #5  0x0000558696522989 in qemu_peek_byte (f=0x558698c50570, offset=0)
           at /home/dgilbert/git/qemu/migration/qemu-file.c:507
       #6  0x0000558696522bf4 in qemu_get_be32 (f=0x558698c50570) at
       /home/dgilbert/git/qemu/migration/qemu-file.c:520
       #7  0x0000558696522bf4 in qemu_get_be32 (f=f@entry=0x558698c50570)
           at /home/dgilbert/git/qemu/migration/qemu-file.c:604
       #8  0x0000558696347e5c in qemu_loadvm_state (f=f@entry=0x558698c50570)
           at /home/dgilbert/git/qemu/migration/savevm.c:1821
       #9  0x000055869651de8c in process_incoming_migration_co
       (opaque=0x558698c50570)
           at /home/dgilbert/git/qemu/migration/migration.c:336
       #10 0x000055869658188a in coroutine_trampoline (i0=<optimized out>,
       i1=<optimized out>)
           at /home/dgilbert/git/qemu/coroutine-ucontext.c:80
       #11 0x00007f420f05df10 in __start_context () at /lib64/libc.so.6
       #12 0x00007ffc40815f50 in  ()
       #13 0x0000000000000000 in  ()

        ----
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit ed65fd1a2750d24290354cc7ea49caec7c13e30b
  Author: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
  Date:   Fri Oct 16 12:25:54 2015 +0200

      virtio-blk: switch off scsi-passthrough by default

      Devices that are compliant with virtio-1 do not support scsi
      passthrough any more (and it has not been a recommended setup
      anyway for quite some time). To avoid having to switch it off
      explicitly in newer qemus that turn on virtio-1 by default, let's
      switch the default to scsi=false for 2.5.

      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Message-id: 1444991154-79217-4-git-send-email-cornelia.huck@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 80fd50f96b8dc46e185f61d9b6438a6414507076
  Author: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
  Date:   Fri Oct 16 12:25:53 2015 +0200

      ppc/spapr: add 2.4 compat props

      HW_COMPAT_2_4 will become non-empty: prepare for it.

      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Message-id: 1444991154-79217-3-git-send-email-cornelia.huck@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 54d8ec84fa444ed7c05e03f96895ba69a2b2e5bc
  Author: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
  Date:   Fri Oct 16 12:25:52 2015 +0200

      s390x: include HW_COMPAT_* props

      We want to inherit generic hw compat as well.

      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Acked-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Message-id: 1444991154-79217-2-git-send-email-cornelia.huck@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit a201b0ff28d9fa0f965450c1ba7191eca69f9fd5
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Oct 12 10:02:54 2015 +0200

      qemu-gdb: add $qemu_coroutine_sp and $qemu_coroutine_pc

      These can be useful to manually get a stack trace of a coroutine inside
      a core dump.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Message-id: 1444636974-19950-4-git-send-email-pbonzini@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 80ab31b257ba3aaa98ce6f1e36592aa20c5366c1
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Oct 12 10:02:53 2015 +0200

      qemu-gdb: extract parts of "qemu coroutine" implementation

      Provide useful Python functions to reach and decipher a jmpbuf.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Message-id: 1444636974-19950-3-git-send-email-pbonzini@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 1138f24645e9e1e2d55d280caab4e2539dfcdb49
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Oct 12 10:02:52 2015 +0200

      qemu-gdb: allow using glibc_pointer_guard() on core dumps

      get_fs_base() cannot be run on a core dump, because it uses the arch_prctl
      system call.  The fs base is the value that is returned by pthread_self(),
      and it would be nice to just glean it from the "info threads" output:

      * 1    Thread 0x7f16a3fff700 (LWP 33642) pthread_cond_wait@@GLIBC_2.3.2 ()
                    ^^^^^^^^^^^^^^

      but unfortunately the gdb API does not provide that.  Instead, we can
      look for the "arg" argument of the start_thread function if glibc debug
      information are available.  If not, fall back to the old mechanism.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Message-id: 1444636974-19950-2-git-send-email-pbonzini@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit dbd8af9824d0ddc4400f859c2af77543461cba0d
  Author: Yongbok Kim <yongbok.kim@xxxxxxxxxx>
  Date:   Fri Oct 2 17:50:50 2015 +0100

      target-mips: Add enum for BREAK32

      Add enum for BREAK32

      Signed-off-by: Yongbok Kim <yongbok.kim@xxxxxxxxxx>
      Reviewed-by: Leon Alrae <leon.alrae@xxxxxxxxxx>
      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Signed-off-by: Leon Alrae <leon.alrae@xxxxxxxxxx>

  commit 2dcf7908d9e0274c08911400beb7ed14276bb170
  Author: Leon Alrae <leon.alrae@xxxxxxxxxx>
  Date:   Mon Sep 14 13:51:31 2015 +0100

      target-mips: update writing to CP0.Status.KX/SX/UX in MIPS Release R6

      Implement the relationship between CP0.Status.KX, SX and UX. It should not
      be possible to set UX bit if SX is 0, the same applies for setting SX if
      KX is 0.

      Signed-off-by: Leon Alrae <leon.alrae@xxxxxxxxxx>

  commit 7540a43a1d9de71fa7a53ccd2bb24a04e2aace41
  Author: Leon Alrae <leon.alrae@xxxxxxxxxx>
  Date:   Mon Sep 14 13:58:24 2015 +0100

      target-mips: implement the CPU wake-up on non-enabled interrupts in R6

      In Release 6, the behaviour of WAIT has been modified to make it a
      requirement that a processor that has disabled operation as a result of
      executing a WAIT will resume operation on arrival of an interrupt even if
      interrupts are not enabled.

      Signed-off-by: Leon Alrae <leon.alrae@xxxxxxxxxx>

  commit 71ca034a0dee69f77c8ac6ea7d21e5b6a0b0d836
  Author: Leon Alrae <leon.alrae@xxxxxxxxxx>
  Date:   Mon Sep 14 13:58:23 2015 +0100

      target-mips: move the test for enabled interrupts to a separate function

      Signed-off-by: Leon Alrae <leon.alrae@xxxxxxxxxx>

  commit b9b03ab0d47e8cfc0015255c531db41d0b1a1f91
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 15 17:08:33 2015 +0200

      monitor: Split MonitorQAPIEventConf off MonitorQAPIEventState

      In preparation of turning monitor_qapi_event_state[] into a hash table
      for finer grained throttling.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444921716-9511-5-git-send-email-armbru@xxxxxxxxxx>

  commit 1824c41a62c1bbb79d32f97037ca579212b8c134
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 15 17:08:32 2015 +0200

      monitor: Switch from timer_new() to timer_new_ns()

      We don't actually care for the scale, so we can just as well use the
      simpler interface.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1444921716-9511-4-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit 93f8f982fedfc9ee9cf5fc8983c3b25efe828967
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 15 17:08:31 2015 +0200

      monitor: Simplify event throttling

      The event throttling state machine is hard to understand.  I'm not
      sure it's entirely correct.  Rewrite it in a more straightforward
      manner:

      State 1: No event sent recently (less than evconf->rate ns ago)

          Invariant: evstate->timer is not pending, evstate->qdict is null

          On event: send event, arm timer, goto state 2

      State 2: Event sent recently, no additional event being delayed

          Invariant: evstate->timer is pending, evstate->qdict is null

          On event: store it in evstate->qdict, goto state 3

          On timer: goto state 1

      State 3: Event sent recently, additional event being delayed

          Invariant: evstate->timer is pending, evstate->qdict is non-null

          On event: store it in evstate->qdict, goto state 3

          On timer: send evstate->qdict, clear evstate->qdict,
                    arm timer, goto state 2

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1444921716-9511-3-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit 688b4b7de755f4dd01ec516975ae01590cf9f438
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 15 17:08:30 2015 +0200

      monitor: Reduce casting of QAPI event QDict

      Make the variables holding the event QDict instead of QObject.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444921716-9511-2-git-send-email-armbru@xxxxxxxxxx>

  commit 7f0278435df1fa845b3bd9556942f89296d4246b
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 15 16:15:37 2015 +0200

      qstring: Make conversion from QObject * accept null

      qobject_to_qstring() crashes on null, which is a trap for the unwary.
      Return null instead, and simplify a few callers.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1444918537-18107-7-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Luiz Capitulino <lcapitulino@xxxxxxxxxx>

  commit 2d6421a90047a83f6722832405fe09571040ea5b
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 15 16:15:36 2015 +0200

      qlist: Make conversion from QObject * accept null

      qobject_to_qlist() crashes on null, which is a trap for the unwary.
      Return null instead.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1444918537-18107-6-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Luiz Capitulino <lcapitulino@xxxxxxxxxx>

  commit fcf73f66a67f5e58c18216f8c8651e38cf4d90af
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 15 16:15:35 2015 +0200

      qfloat qint: Make conversion from QObject * accept null

      qobject_to_qfloat() and qobject_to_qint() crash on null, which is a
      trap for the unwary.  Return null instead, and simplify a few callers.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1444918537-18107-5-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Luiz Capitulino <lcapitulino@xxxxxxxxxx>

  commit 89cad9f3ec6b30d7550fb5704475fc9c3393a066
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 15 16:15:34 2015 +0200

      qdict: Make conversion from QObject * accept null

      qobject_to_qdict() crashes on null, which is a trap for the unwary.
      Return null instead, and simplify a few callers.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1444918537-18107-4-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Luiz Capitulino <lcapitulino@xxxxxxxxxx>

  commit 14b6160099f0caf5dc9d62e637b007bc5d719a96
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 15 16:15:33 2015 +0200

      qbool: Make conversion from QObject * accept null

      qobject_to_qbool() crashes on null, which is a trap for the unwary.
      Return null instead, and simplify a few callers.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1444918537-18107-3-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Luiz Capitulino <lcapitulino@xxxxxxxxxx>

  commit c7c462123cfc3b62d325fd75be9c595b055797db
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 15 16:15:32 2015 +0200

      qobject: Drop QObject_HEAD

      QObject_HEAD is a macro expanding into the common part of structs that
      are sub-types of QObject.  It's always been just QObject base, and
      unlikely to change.  Drop the macro, because the code is clearer with
      out it.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1444918537-18107-2-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Luiz Capitulino <lcapitulino@xxxxxxxxxx>

  commit 7bc8e0c967a4ef77657174d28af775691e18b4ce
  Merge: 331c5e2 3f1e147
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Oct 29 09:49:52 2015 +0000

      Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

      virtio, pc, memory: fixes+features for 2.5

      New features:
          This enables hotplug for multifunction devices.
          Patches are very small, so I think it's OK to merge
          at this stage.

          There's also some new infrastructure for vhost-user testing
          not enabled yet so it's harmless to merge.

      I've reverted the "gap between DIMMs" workaround, as it seems too risky, 
and
      applied my own patch in virtio, but not in dataplane code.  This means 
that
      dataplane is broken for some complex DIMM configurations for now.  
Waiting for
      Stefan to review the dataplane fix.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

      # gpg: Signature made Thu 29 Oct 2015 09:36:16 GMT using RSA key ID 
D28D5469
      # gpg: Good signature from "Michael S. Tsirkin <mst@xxxxxxxxxx>"
      # gpg:                 aka "Michael S. Tsirkin <mst@xxxxxxxxxx>"

      * remotes/mst/tags/for_upstream:
        enable multi-function hot-add
        remove function during multi-function hot-add
        tests/vhost-user-bridge: add vhost-user bridge application
        Revert "memhp: extend address auto assignment to support gaps"
        Revert "pc: memhp: force gaps between DIMM's GPA"
        virtio: drop virtqueue_map_sg
        virtio-scsi: convert to virtqueue_map
        virtio-serial: convert to virtio_map
        virtio-blk: convert to virtqueue_map
        virtio: switch to virtio_map
        virtio: introduce virtio_map
        mmap-alloc: fix error handling
        pc: memhp: do not emit inserting event for coldplugged DIMMs
        vhost-user-test: fix up rhel6 build
        vhost-user: cleanup msg size math
        vhost-user: cleanup struct size math

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 3f1e1478db2d67098d98f2c3acf5a4946b7fb643
  Author: Cao jin <caoj.fnst@xxxxxxxxxxxxxx>
  Date:   Wed Oct 28 14:20:31 2015 +0800

      enable multi-function hot-add

      Enable PCIe device multi-function hot-add, just ensure function 0 is added
      last, then driver will get the notification to scan the slot.

      Signed-off-by: Cao jin <caoj.fnst@xxxxxxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 0d1c7d88ad909c5b2bd86211a9fe8abf5c74993b
  Author: Cao jin <caoj.fnst@xxxxxxxxxxxxxx>
  Date:   Wed Oct 28 14:20:30 2015 +0800

      remove function during multi-function hot-add

      In case user want to cancel the hot-add operation, should roll back,
      device_del the added function that still don`t work.

      Signed-off-by: Cao jin <caoj.fnst@xxxxxxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 3595e2eb0a233a881789fcc71f5b1072e5aaf669
  Author: Victor Kaplansky <victork@xxxxxxxxxx>
  Date:   Wed Oct 28 14:53:07 2015 +0200

      tests/vhost-user-bridge: add vhost-user bridge application

      The test existing in QEMU for vhost-user feature is good for
      testing the management protocol, but does not allow actual
      traffic. This patch proposes Vhost-User Bridge application, which
      can serve the QEMU community as a comprehensive test by running
      real internet traffic by means of vhost-user interface.

      Essentially the Vhost-User Bridge is a very basic vhost-user
      backend for QEMU. It runs as a standalone user-level process.
      For packet processing Vhost-User Bridge uses an additional QEMU
      instance with a backend configured by "-net socket" as a shared
      VLAN.  This way another QEMU virtual machine can effectively
      serve as a shared bus by means of UDP communication.

      For a more simple setup, the another QEMU instance running the
      SLiRP backend can be the same QEMU instance running vhost-user
      client.

      This Vhost-User Bridge implementation is very preliminary.  It is
      missing many features. I has been studying vhost-user protocol
      internals, so I've written vhost-user-bridge bit by bit as I
      progressed through the protocol.  Most probably its internal
      architecture will change significantly.

      To run Vhost-User Bridge application:

      1. Build vhost-user-bridge with a regular procedure. This will
      create a vhost-user-bridge executable under tests directory:

          $ configure; make tests/vhost-user-bridge

      2. Ensure the machine has hugepages enabled in kernel with
      command line like:

          default_hugepagesz=2M hugepagesz=2M hugepages=2048

      3. Run Vhost-User Bridge with:

          $ tests/vhost-user-bridge

      The above will run vhost-user server listening for connections
      on UNIX domain socket /tmp/vubr.sock, and will try to connect
      by UDP to VLAN bridge to localhost:5555, while listening on
      localhost:4444

      Run qemu with a virtio-net backed by vhost-user:

          $ qemu \
              -enable-kvm -m 512 -smp 2 \
              -object 
memory-backend-file,id=mem,size=512M,mem-path=/dev/hugepages,share=on \
              -numa node,memdev=mem -mem-prealloc \
              -chardev socket,id=char0,path=/tmp/vubr.sock \
              -netdev type=vhost-user,id=mynet1,chardev=char0,vhostforce \
              -device virtio-net-pci,netdev=mynet1 \
              -net none \
              -net socket,vlan=0,udp=localhost:4444,localaddr=localhost:5555 \
              -net user,vlan=0 \
              disk.img

      vhost-user-bridge was tested very lightly: it's able to bringup a
      linux on client VM with the virtio-net driver, and execute transmits
      and receives to the internet. I tested with "wget redhat.com",
      "dig redhat.com".

      PS. I've consulted DPDK's code for vhost-user during Vhost-User
      Bridge implementation.

      Signed-off-by: Victor Kaplansky <victork@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit d6a9b0b89d27e0a688f37c1732d4dec40613669e
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Wed Oct 28 18:55:06 2015 +0200

      Revert "memhp: extend address auto assignment to support gaps"

      This reverts commit df0acded19ec4b826aa095cfc19d341bd66fafd3.

      There's no point to it now that the only user has been reverted.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 340065e5a11a515382c8b1112424c97e86ad2a3f
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Wed Oct 28 18:54:05 2015 +0200

      Revert "pc: memhp: force gaps between DIMM's GPA"

      This reverts commit aa8580cddf011e8cedcf87f7a0fdea7549fc4704.

      As described in
      http://article.gmane.org/gmane.comp.emulators.qemu/371432
      that commit causes linux guests to crash on memory hot-unplug.

      The original problem it's trying to solve has now
      been addressed within virtio.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 3945ecf1ec4f6e6aa28d0c396a7f5d983c6810d8
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Tue Oct 27 10:22:59 2015 +0200

      virtio: drop virtqueue_map_sg

      Deprecated in favor of virtqueue_map.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>

  commit 4ada5331895551570846e12e7eb00e06616f9152
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Tue Oct 27 10:22:13 2015 +0200

      virtio-scsi: convert to virtqueue_map

      Note: virtqueue_map already validates input
      so virtio-scsi does not have to.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>

  commit bff712dc223f685c684f9caf960e6460e84a96f0
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Tue Oct 27 10:19:43 2015 +0200

      virtio-serial: convert to virtio_map

      This also fixes a minor bug:
      -                virtqueue_map_sg(port->elem.out_sg, port->elem.out_addr,
      -                                 port->elem.out_num, 1);
      is wrong: out_sg is not written so should not be marked dirty.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>

  commit 3d8db153b4b4e12b6d11590ccd318fff0eafd688
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Tue Oct 27 10:18:24 2015 +0200

      virtio-blk: convert to virtqueue_map

      Drop deprecated use of virtqueue_map_sg.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>

  commit 13972ac5e263a7319609253edac5754129489132
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Tue Oct 27 10:09:16 2015 +0200

      virtio: switch to virtio_map

      Drop use of the deprecated virtio_map_sg in virtio core.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>

  commit 8059feee004111534c4c0652e2f0715e9b4e0754
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Tue Oct 27 10:01:44 2015 +0200

      virtio: introduce virtio_map

      virtio_map_sg currently fails if one of the entries it's mapping is
      contigious in GPA but not HVA address space.  Introduce virtio_map which
      handles this by splitting sg entries.

      This new API generally turns out to be a good idea since it's harder to
      misuse: at least in one case the existing one was used incorrectly.

      This will still fail if there's no space left in the sg, but luckily max
      queue size in use is currently 256, while max sg size is 1024, so we
      should be OK even is all entries happen to cross a single DIMM boundary.

      Won't work well with very small DIMM sizes, unfortunately:
      e.g. this will fail with 4K DIMMs where a single
      request might span a large number of DIMMs.

      Let's hope these are uncommon - at least we are not breaking things.

      Note: virtio-scsi calls virtio_map_sg on data loaded from network, and
      validates input, asserting on failure.  Copy the validating code here -
      it will be dropped from virtio-scsi in a follow-up patch.

      Reported-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>

  commit 9d4ec9370a36f8a564e1ba05519328c0bd60da13
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Sun Oct 25 17:07:45 2015 +0200

      mmap-alloc: fix error handling

      Existing callers are checking for MAP_FAILED,
      so we should return that on error.

      Reported-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 4828b10bda6a74a22a7695303e0648157d0e3ea4
  Author: Igor Mammedov <imammedo@xxxxxxxxxx>
  Date:   Fri Oct 23 14:55:26 2015 +0200

      pc: memhp: do not emit inserting event for coldplugged DIMMs

      currently acpi_memory_plug_cb() sets is_inserting for
      cold- and hot-plugged DIMMs as result ASL MHPD.MSCN()
      method issues device check even for every coldplugged
      DIMM. There isn't much harm in it but if we try to
      unplug such DIMM, OSPM will issue device check
      intstead of device eject event. So OSPM won't eject
      memory module as expected and it will try to eject it
      only when another memory device is hot-(un)plugged.

      As a fix do not set 'is_inserting' event and do not
      issue SCI for cold-plugged DIMMs as they are
      enumerated and activated by OSPM during guest's boot.

      Signed-off-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 12ebf6908333a86775ef18f12ea283601fd1d2df
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Thu Oct 22 22:28:37 2015 +0300

      vhost-user-test: fix up rhel6 build

      Build on RHEL6 fails:
      https://gcc.gnu.org/bugzilla/show_bug.cgi?id=42875

      Apparently unnamed unions couldn't use C99  named field initializers.
      Let's just name the payload union field.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 7fc0246c0792767b732c0989e8eba24bea185feb
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Thu Oct 22 22:33:39 2015 +0300

      vhost-user: cleanup msg size math

      We are sending msg fields, use sizeof on these
      and not on local variables which happen to
      have a matching type.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 86abad0fedc44554adde5e189cf7edfa5b1c948e
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Thu Oct 22 22:31:28 2015 +0300

      vhost-user: cleanup struct size math

      We are using local msg structures everywhere, use them
      for sizeof as well.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 331c5e2091009f170554fed4ef884aeea871e4bb
  Merge: 496fedd 522a0d4
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Oct 28 20:10:22 2015 +0000

      Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20151028' into 
staging

      Breakpoint fixes

      # gpg: Signature made Wed 28 Oct 2015 17:58:52 GMT using RSA key ID 
4DD0279B
      # gpg: Good signature from "Richard Henderson <rth7680@xxxxxxxxx>"
      # gpg:                 aka "Richard Henderson <rth@xxxxxxxxxx>"
      # gpg:                 aka "Richard Henderson <rth@xxxxxxxxxxx>"

      * remotes/rth/tags/pull-tcg-20151028:
        target-*: Advance pc after recognizing a breakpoint

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 522a0d4e3c0d397ffb45ec400d8cbd426dad9d17
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Oct 13 22:07:49 2015 +0000

      target-*: Advance pc after recognizing a breakpoint

      Some targets already had this within their logic, but make sure
      it's present for all targets.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 496fedddce9a575111df4f912fb9e361037531ed
  Merge: 739680d 15e4134
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Oct 28 15:08:36 2015 +0000

      Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' 
into staging

      target-i386: finally enable "check" mode by default

      # gpg: Signature made Wed 28 Oct 2015 14:13:10 GMT using RSA key ID 
984DC5A6
      # gpg: Good signature from "Eduardo Habkost <ehabkost@xxxxxxxxxx>"

      * remotes/ehabkost/tags/x86-pull-request:
        target-i386: Enable "check" mode by default
        target-i386: Don't left shift negative constant

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 739680da59de8531a280e9360aae756b6134a3ec
  Merge: c012e1b 637016c
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Oct 28 14:02:27 2015 +0000

      Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' 
into staging

      Update OpenBIOS images

      # gpg: Signature made Wed 28 Oct 2015 00:02:46 GMT using RSA key ID 
AE0F321F
      # gpg: Good signature from "Mark Cave-Ayland 
<mark.cave-ayland@xxxxxxxxxxxx>"

      * remotes/mcayland/tags/qemu-openbios-signed:
        Update OpenBIOS images

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 637016c2603d15d01957eb57f64387262e3ba830
  Author: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
  Date:   Wed Oct 28 00:01:28 2015 +0000

      Update OpenBIOS images

      Update OpenBIOS images to SVN r1353 built from submodule.

      Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>

  commit 15e41345906d29a319cc9cdf566347bf79134d24
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Wed Aug 26 13:25:44 2015 -0300

      target-i386: Enable "check" mode by default

      Current default behavior of QEMU is to silently disable features that
      are not supported by the host when a CPU model is requested in the
      command-line. This means that in addition to risking breaking guest ABI
      by default, we are silent about it.

      I would like to enable "enforce" by default, but this can easily break
      existing production systems because of the way libvirt makes assumptions
      about CPU models today (this will change in the future, once QEMU
      provide a proper interface for checking if a CPU model is runnable).

      But there's no reason we should be silent about it. So, change
      target-i386 to enable "check" mode by default so at least we have some
      warning printed to stderr (and hopefully logged somewhere) when QEMU
      disables a feature that is not supported by the host system.

      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 712b4243c761cb6ab6a4367a160fd2a42e2d4b76
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Tue Sep 29 17:34:23 2015 -0300

      target-i386: Don't left shift negative constant

      Left shift of negative values is undefined behavior. Detected by clang:
        qemu/target-i386/translate.c:2423:26: runtime error:
          left shift of negative value -8

      This changes the code to reverse the sign after the left shift.

      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit c012e1b7ad066f462ba1c3322fcb43cd8295eaff
  Merge: 7e038b9 9b53926
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 27 16:17:55 2015 +0000

      Merge remote-tracking branch 
'remotes/pmaydell/tags/pull-target-arm-20151027-1' into staging

      target-arm queue:
       * more EL2 preparation: handling for stage 2 translations
       * standardize debug macros in i.MX devices
       * improve error message in a corner case for virt board
       * disable live migration of KVM GIC if the kernel can't handle it
       * add SPSR_(ABT|UND|IRQ|FIQ) registers
       * handle non-executable page-straddling Thumb instructions
       * fix a "no 64-bit EL2" assumption in arm_excp_unmasked()

      # gpg: Signature made Tue 27 Oct 2015 16:03:31 GMT using RSA key ID 
14360CDE
      # gpg: Good signature from "Peter Maydell <peter.maydell@xxxxxxxxxx>"
      # gpg:                 aka "Peter Maydell <pmaydell@xxxxxxxxx>"
      # gpg:                 aka "Peter Maydell 
<pmaydell@xxxxxxxxxxxxxxxxxxxxxx>"

      * remotes/pmaydell/tags/pull-target-arm-20151027-1: (27 commits)
        target-arm: Add support for S1 + S2 MMU translations
        target-arm: Route S2 MMU faults to EL2
        target-arm: Add S2 translation to 32bit S1 PTWs
        target-arm: Add S2 translation to 64bit S1 PTWs
        target-arm: Add ARMMMUFaultInfo
        target-arm: Avoid inline for get_phys_addr
        target-arm: Add support for S2 page-table protection bits
        target-arm: Add computation of starting level for S2 PTW
        target-arm: lpae: Rename granule_sz to stride
        target-arm: lpae: Replace tsz with computed inputsize
        target-arm: Add support for AArch32 S2 negative t0sz
        target-arm: lpae: Move declaration of t0sz and t1sz
        target-arm: lpae: Make t0sz and t1sz signed integers
        target-arm: Add HPFAR_EL2
        i.MX: Standardize i.MX GPT debug
        i.MX: Standardize i.MX EPIT debug
        i.MX: Standardize i.MX FEC debug
        i.MX: Standardize i.MX CCM debug
        i.MX: Standardize i.MX AVIC debug
        i.MX: Standardize i.MX I2C debug
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 9b539263faa5c1b7fce2551092b5c7b6eea92081
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:02:07 2015 +0100

      target-arm: Add support for S1 + S2 MMU translations

      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-15-git-send-email-edgar.iglesias@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit d759a457a144844bff259aafda093b24e92c116d
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:02:06 2015 +0100

      target-arm: Route S2 MMU faults to EL2

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-14-git-send-email-edgar.iglesias@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit a614e69854a2e601716ee44dfe15c09b8b88f620
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:02:05 2015 +0100

      target-arm: Add S2 translation to 32bit S1 PTWs

      Add support for applying S2 translation to 32bit S1
      page-table walks.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-13-git-send-email-edgar.iglesias@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 37785977627295162bff58b1f8777d94e20f4c5b
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:02:04 2015 +0100

      target-arm: Add S2 translation to 64bit S1 PTWs

      Add support for applying S2 translation to 64bit S1
      page-table walks.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-12-git-send-email-edgar.iglesias@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit e14b5a23d8c83304559f31397f95d22ada60a19a
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:02:03 2015 +0100

      target-arm: Add ARMMMUFaultInfo

      Introduce ARMMMUFaultInfo to propagate MMU Fault information
      across the MMU translation code path. This is in preparation for
      adding Stage-2 translation.

      No functional changes.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-11-git-send-email-edgar.iglesias@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit af51f566ec7106d5e834476e78681a7b354f3c7c
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:02:02 2015 +0100

      target-arm: Avoid inline for get_phys_addr

      Avoid inline for get_phys_addr() to prepare for future recursive use.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-10-git-send-email-edgar.iglesias@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 6ab1a5ee1c9d328cacf78805439ed4d3d132decd
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:02:01 2015 +0100

      target-arm: Add support for S2 page-table protection bits

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-9-git-send-email-edgar.iglesias@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 1853d5a9dcac910322c6cc5b2fddec45fd052d25
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:02:00 2015 +0100

      target-arm: Add computation of starting level for S2 PTW

      The starting level for S2 pagetable walks is computed
      differently from the S1 starting level. Implement the S2
      variant.

      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-8-git-send-email-edgar.iglesias@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 973a5434825c076995218868b5b3047e5de400c6
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:01:59 2015 +0100

      target-arm: lpae: Rename granule_sz to stride

      Rename granule_sz to stride to better match the reference manuals.

      No functional change.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-7-git-send-email-edgar.iglesias@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 4ca6a051758edf625a17dfc4ce4ab72edabac170
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:01:58 2015 +0100

      target-arm: lpae: Replace tsz with computed inputsize

      Remove the tsz variable and introduce inputsize.
      This simplifies the code a little and makes it easier to
      compare with the reference manuals.

      No functional change.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-6-git-send-email-edgar.iglesias@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 4ee38098010240e0b390061fdd0151ff62d80279
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:01:57 2015 +0100

      target-arm: Add support for AArch32 S2 negative t0sz

      Add support for AArch32 S2 negative t0sz. In preparation for
      using 40bit IPAs on AArch32.

      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-5-git-send-email-edgar.iglesias@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 1f4c8c18a5b6f4fad13e13b7e3828124c6c8f34d
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:01:56 2015 +0100

      target-arm: lpae: Move declaration of t0sz and t1sz

      Move declaration of t0sz and t1sz to the top of the function
      avoiding a mix of code and variable declarations.

      No functional change.

      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-4-git-send-email-edgar.iglesias@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 5c31a10d16c595d6a59e3e7fc1808c3b1d03e02f
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:01:55 2015 +0100

      target-arm: lpae: Make t0sz and t1sz signed integers

      Make t0sz and t1sz signed integers to match tsz and to make
      it easier to implement support for AArch32 negative t0sz.
      t1sz is changed for consistensy.

      No functional change.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-3-git-send-email-edgar.iglesias@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 59e055307392fdf99b86c8cbcd33a7e261dcbdb1
  Author: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
  Date:   Mon Oct 26 14:01:54 2015 +0100

      target-arm: Add HPFAR_EL2

      Reviewed-by: Alex Bennée <alex.bennee@xxxxxxxxxx>
      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Message-id: 1445864527-14520-2-git-send-email-edgar.iglesias@xxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 054535262fce994b942039b0a7c4c484c8026c5e
  Author: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
  Date:   Sun Oct 25 15:16:26 2015 +0100

      i.MX: Standardize i.MX GPT debug

      The goal is to have debug code always compiled during build.

      We standardize all debug output on the following format:

      [QOM_TYPE_NAME]reporting_function: debug message

      We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output
      is following the same format as the above debug.

      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
      Message-id: 
b7ce7e98a051479453744aded122789531d80a44.1445781957.git.jcd@xxxxxxxxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 4929f6563c704dbd057524b38ee519b3a7c8dfe1
  Author: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
  Date:   Sun Oct 25 15:16:24 2015 +0100

      i.MX: Standardize i.MX EPIT debug

      The goal is to have debug code always compiled during build.

      We standardize all debug output on the following format:

      [QOM_TYPE_NAME]reporting_function: debug message

      We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output
      is following the same format as the above debug.

      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
      Message-id: 
5bbad71517ca728d8865f7b9f998baa0df022794.1445781957.git.jcd@xxxxxxxxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit b72d8d257c187532194f2fca504afb568cd2a3bf
  Author: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
  Date:   Sun Oct 25 15:16:21 2015 +0100

      i.MX: Standardize i.MX FEC debug

      The goal is to have debug code always compiled during build.

      We standardize all debug output on the following format:

      [QOM_TYPE_NAME]reporting_function: debug message

      The qemu_log_mask() output is following the same format as the
      above debug.

      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
      Message-id: 
57e565982db94fb433c32dfa17608888464d21de.1445781957.git.jcd@xxxxxxxxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 4a6aa0af8593ee135ef37867ae00109650b95638
  Author: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
  Date:   Sun Oct 25 15:16:19 2015 +0100

      i.MX: Standardize i.MX CCM debug

      The goal is to have debug code always compiled during build.

      We standardize all debug output on the following format:

      [QOM_TYPE_NAME]reporting_function: debug message

      The qemu_log_mask() output is following the same format as the
      above debug.

      Adding some missing qemu_log_mask call for bad registers.

      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
      Message-id: 
293e08f31cbb4df84d58f693243e61e770c73b3a.1445781957.git.jcd@xxxxxxxxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit f50ed7853ad658407382dfe1da29f3c88d604592
  Author: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
  Date:   Sun Oct 25 15:16:17 2015 +0100

      i.MX: Standardize i.MX AVIC debug

      The goal is to have debug code always compiled during build.

      We standardize all debug output on the following format:

      [QOM_TYPE_NAME]reporting_function: debug message

      We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output
      is following the same format as the above debug.

      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
      Message-id: 
29885ffea2577eaf2288c1d17fd87ee951748b49.1445781957.git.jcd@xxxxxxxxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 3afcbb01bc1227bc3a3bade1804c449daf74b262
  Author: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
  Date:   Sun Oct 25 15:16:14 2015 +0100

      i.MX: Standardize i.MX I2C debug

      The goal is to have debug code always compiled during build.

      We standardize all debug output on the following format:

      [QOM_TYPE_NAME]reporting_function: debug message

      The qemu_log_mask() output is following the same format as
      the above debug.

      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
      Message-id: 
328acfe6fc09a5afdbfbfd5220e0869fd5082660.1445781957.git.jcd@xxxxxxxxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 564111257468bb772ad0b374dbbb0c969a554cfd
  Author: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
  Date:   Sun Oct 25 15:16:11 2015 +0100

      i.MX: Standardize i.MX GPIO debug

      The goal is to have debug code always compiled during build.

      We standardize all debug output on the following format:

      [QOM_TYPE_NAME]reporting_function: debug message

      The qemu_log_mask() outputis following the same format as
      the above debug.

      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
      Message-id: 
4f2007adcf0f579864bb4dd8a825824e0e9098b8.1445781957.git.jcd@xxxxxxxxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 8ccce77c04a23a1451b6e149930e66b6eef75926
  Author: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
  Date:   Sun Oct 25 15:16:06 2015 +0100

      i.MX: Standardize i.MX serial debug.

      The goal is to have debug code always compiled during build.

      We standardize all debug output on the following format:

      [QOM_TYPE_NAME]reporting_function: debug message

      We also replace IPRINTF with qemu_log_mask(). The qemu_log_mask() output
      is following the same format as the above debug.

      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
      Message-id: 
47b8759b251d356c633faf7ea34f897f340aea4e.1445781957.git.jcd@xxxxxxxxxxxxxxx
      [PMM: Drop attempt to print the ram_addr of a memory region in
       one DPRINTF, which (a) was using the wrong format string so
       didn't build on 32-bit and (b) was incorrectly looking at a
       private field of a MemoryRegion struct]
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 4b280b726a329a97db03323d8d03ed554f7872b8
  Author: Andrew Jones <drjones@xxxxxxxxxx>
  Date:   Tue Oct 27 12:00:50 2015 +0000

      hw/arm/virt: don't use a15memmap directly

      We should always go through VirtBoardInfo when we need the memmap.
      To avoid using a15memmap directly, in this case, we need to defer
      the max-cpus check from class init time to instance init time. In
      class init we now use MAX_CPUMASK_BITS for max_cpus initialization,
      which is the maximum QEMU supports, and also, incidentally, the
      maximum KVM/gicv3 currently supports. Also, a nice side-effect of
      delaying the max-cpus check is that we now get more appropriate
      error messages for gicv2 machines that try to configure more than
      123 cpus. Before this patch it would complain that the requested
      number of cpus was greater than 123, but for gicv2 configs, it
      should complain that the number is greater than 8.

      Signed-off-by: Andrew Jones <drjones@xxxxxxxxxx>
      Message-id: 1445189728-860-3-git-send-email-drjones@xxxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 24182fbc19cbc7c387bb350a72e6b55f63ea1747
  Author: Pavel Fedin <p.fedin@xxxxxxxxxxx>
  Date:   Tue Oct 27 12:00:50 2015 +0000

      arm_gic_kvm: Disable live migration if not supported

      Currently, if the kernel does not have live migration API, the migration
      will still be attempted, but vGIC save/restore functions will just not do
      anything. This will result in a broken machine state.

      This patch fixes the problem by adding migration blocker if kernel API is
      not supported.

      Signed-off-by: Pavel Fedin <p.fedin@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit b876452507d0b719cff0b478efafb34ac41db683
  Author: Soren Brinkmann <soren.brinkmann@xxxxxxxxxx>
  Date:   Tue Oct 27 12:00:50 2015 +0000

      target-arm: Add support for SPSR_(ABT|UND|IRQ|FIQ)

      Signed-off-by: Soren Brinkmann <soren.brinkmann@xxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 541ebcd401ee47f3c1a3ce503ef5466b75e9d20a
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 27 12:00:50 2015 +0000

      target-arm/translate.c: Handle non-executable page-straddling Thumb insns

      When the memory we're trying to translate code from is not executable we 
have
      to turn this into a guest fault. In order to report the correct PC for 
this
      fault, and to make sure it is not reported until after any other possible
      faults for instructions earlier in execution, we must terminate TBs at
      the end of a page, in case the next instruction is in a non-executable 
page.
      This is simple for T16, A32 and A64 instructions, which are always aligned
      to their size. However T32 instructions may be 32-bits but only 
16-aligned,
      so they can straddle a page boundary.

      Correct the condition that checks whether the next instruction will touch
      the following page, to ensure that if we're 2 bytes before the boundary
      and this insn is T32 then we end the TB.

      Reported-by: Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>
      Reviewed-by: Laurent Desnogues <laurent.desnogues@xxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 7cd6de3bb1ca55dfa8f53fb9894803eb33f497b3
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 27 12:00:50 2015 +0000

      target-arm: Fix "no 64-bit EL2" assumption in arm_excp_unmasked()

      The code in arm_excp_unmasked() suppresses the ability of PSTATE.AIF
      to mask exceptions from a lower EL targeting EL2 or EL3 if the
      CPU is 64-bit. This is correct for a target of EL3, but not correct
      for targeting EL2. Further, we go to some effort to calculate
      scr and hcr values which are not used at all for the 64-bit CPU
      case.

      Rearrange the code to correctly implement the 64-bit CPU logic
      and keep the hcr/scr calculations in the 32-bit CPU codepath.

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Message-id: 1444327729-4120-1-git-send-email-peter.maydell@xxxxxxxxxx
      Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Tested-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>

  commit 7e038b94e74e1c2d1b3598e2e4b0b5c8b79a7278
  Merge: 9666248 a3e8a3f
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 27 10:10:46 2015 +0000

      Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' 
into staging

      # gpg: Signature made Tue 27 Oct 2015 05:47:28 GMT using RSA key ID 
398D6211
      # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) 
<jasowang@xxxxxxxxxx>"
      # gpg: WARNING: This key is not certified with sufficiently trusted 
signatures!
      # gpg:          It is not certain that the signature belongs to the owner.
      # Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 
6211

      * remotes/jasowang/tags/net-pull-request:
        net: free the string returned by object_get_canonical_path_component
        net: make iov_to_buf take right size argument in nc_sendv_compat()
        net: Remove duplicate data from query-rx-filter on multiqueue net 
devices
        vmxnet3: Do not fill stats if device is inactive
        options: Add documentation for filter-dump
        net/dump: Provide the dumping facility as a net-filter
        net/dump: Separate the NetClientState from the DumpState
        net/dump: Rework net-dump init functions
        net/dump: Add support for receive_iov function
        net: cadence_gem: Set initial MAC address

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit a3e8a3f382363d5fd452cfc15f90a688d70023d9
  Author: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
  Date:   Tue Oct 20 09:51:26 2015 +0800

      net: free the string returned by object_get_canonical_path_component

      The value returned from object_get_canonical_path_component
      must be freed.

      Signed-off-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Cc: Jason Wang <jasowang@xxxxxxxxxx>
      Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit edc981443d5bd23e01639c2fbba4fbc2dc30204f
  Author: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
  Date:   Tue Oct 20 09:51:25 2015 +0800

      net: make iov_to_buf take right size argument in nc_sendv_compat()

      We want "buf, sizeof(buf)" here.  sizeof(buffer) is the size of a
      pointer, which is wrong.
      Thanks to Paolo for pointing it out.

      Signed-off-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Cc: Jason Wang <jasowang@xxxxxxxxxx>
      Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 5320c2caf43cc76748a1ffa0fdcaa9eb501d3fcd
  Author: Vladislav Yasevich <vyasevic@xxxxxxxxxx>
  Date:   Mon Oct 19 09:04:38 2015 -0400

      net: Remove duplicate data from query-rx-filter on multiqueue net devices

      When responding to a query-rx-filter command on a multiqueue
      netdev, qemu reports the data for each queue.  The data, however,
      is not per-queue, but per device and the same data is reported
      multiple times.  This causes confusion and may also cause extra
      unnecessary processing when looking at the data.

      Commit 638fb14169 (net: Make qmp_query_rx_filter() with name argument
      more obvious) partially addresses this issue, by limiting the output
      when the name is specified.  However, when the name is not specified,
      the issue still persists.

      Signed-off-by: Vladislav Yasevich <vyasevic@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit eedeeeffd419ab149e0b0ad5fc4b7cf5e1db6274
  Author: Shmulik Ladkani <shmulik.ladkani@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 15 13:54:30 2015 +0300

      vmxnet3: Do not fill stats if device is inactive

      Guest OS may issue VMXNET3_CMD_GET_STATS even before device was
      activated (for example in linux, after insmod but prior net-dev open).

      Accessing shared descriptors prior device activation is illegal as the
      VMXNET3State structures have not been fully initialized.

      As a result, guest memory gets corrupted and may lead to guest OS
      crashes.

      Fix, by not filling the stats descriptors if device is inactive.

      Reported-by: Leonid Shatz <leonid.shatz@xxxxxxxxxxxxxxxxxx>
      Acked-by: Dmitry Fleytman <dmitry@xxxxxxxxxx>
      Signed-off-by: Dana Rubin <dana.rubin@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Shmulik Ladkani <shmulik.ladkani@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit d3e0c032f52f4fb855f9bd2892ebd175a9d975a1
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Tue Oct 13 12:40:02 2015 +0200

      options: Add documentation for filter-dump

      Add a short description for the filter-dump command line options.

      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 9d3e12e881bc97bc32ac75d146b5347136f29ca1
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Tue Oct 13 12:40:01 2015 +0200

      net/dump: Provide the dumping facility as a net-filter

      Use the net-filter infrastructure to provide the dumping
      functions for netdev devices, too.

      Reviewed-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 75310e3486ab205d870560b75bbcaba72acb26d7
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Tue Oct 13 12:40:00 2015 +0200

      net/dump: Separate the NetClientState from the DumpState

      With the upcoming dumping-via-netfilter patch, the DumpState
      should not be related to NetClientState anymore, so move the
      related information to a new struct called DumpNetClient.

      Reviewed-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 7bc3074c27bb1eae7c8ccacd920ba55454381786
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Tue Oct 13 12:39:59 2015 +0200

      net/dump: Rework net-dump init functions

      Move the creation of the dump client from net_dump_init() into
      net_init_dump(), so we can later use the former function for
      dump via netfilter, too. Also rename net_dump_init() to
      net_dump_state_init() to make it easier distinguishable from
      net_init_dump().

      Reviewed-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 43192fcc1ac0a61cf9e20a9034eae8d1e91f35c8
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Tue Oct 13 12:39:58 2015 +0200

      net/dump: Add support for receive_iov function

      Adding a proper receive_iov function to the net dump module.
      This will make it easier to support the dump filter feature for
      the -netdev option in later patches.

      Reviewed-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit afb4c51fad8cf86104803fc17457b96e86172b98
  Author: Sebastian Huber <sebastian.huber@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Oct 12 10:25:01 2015 +0200

      net: cadence_gem: Set initial MAC address

      Set initial MAC address to the one specified by the command line.

      Signed-off-by: Sebastian Huber <sebastian.huber@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Jason Wang <jasowang@xxxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 9666248a85fd889bfb6118f769e9c73039b998ed
  Merge: 251d7e6 b1ecd51
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Oct 26 13:13:38 2015 +0000

      Merge remote-tracking branch 'remotes/sstabellini/tags/xen-2015-10-26' 
into staging

      Xen 2015-10-26

      # gpg: Signature made Mon 26 Oct 2015 11:32:50 GMT using RSA key ID 
70E1AE90
      # gpg: Good signature from "Stefano Stabellini 
<stefano.stabellini@xxxxxxxxxxxxx>"

      * remotes/sstabellini/tags/xen-2015-10-26:
        xen-platform: Replace assert() with appropriate error reporting
        xen_platform: switch to realize
        Qemu/Xen: Fix early freeing MSIX MMIO memory region

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit b1ecd51bdbb0fc0a7026662b03e7e7df9d129ca0
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Wed Oct 21 13:46:50 2015 -0200

      xen-platform: Replace assert() with appropriate error reporting

      Commit dbb7405d8caad0814ceddd568cb49f163a847561 made it possible to
      trigger an assert using "-device xen-platform". Replace it with
      appropriate error reporting.

      Before:

        $ qemu-system-x86_64 -device xen-platform
        qemu-system-x86_64: hw/i386/xen/xen_platform.c:391: 
xen_platform_initfn: Assertion `xen_enabled()' failed.
        Aborted (core dumped)
        $

      After:

        $ qemu-system-x86_64 -device xen-platform
        qemu-system-x86_64: -device xen-platform: xen-platform device requires 
the Xen accelerator
        $

      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Reviewed-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
      Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

  commit 4098d49db549e20a2d87ca3cced28ace6e5864bf
  Author: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
  Date:   Wed Oct 21 13:46:49 2015 -0200

      xen_platform: switch to realize

      Use realize to initialize the xen_platform device

      Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 251d7e60148599be685c6f9f3921aee38dccef5c
  Merge: af25e72 7d4f4bd
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Oct 26 11:32:20 2015 +0000

      Merge remote-tracking branch 'remotes/elmarco/tags/ivshmem-pull-request' 
into staging

      ivshmem series

      # gpg: Signature made Mon 26 Oct 2015 09:27:46 GMT using RSA key ID 
75969CE5
      # gpg: Good signature from "Marc-André Lureau 
<marcandre.lureau@xxxxxxxxxx>"
      # gpg:                 aka "Marc-André Lureau 
<marcandre.lureau@xxxxxxxxx>"
      # gpg: WARNING: This key is not certified with sufficiently trusted 
signatures!
      # gpg:          It is not certain that the signature belongs to the owner.
      # Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 
9CE5

      * remotes/elmarco/tags/ivshmem-pull-request: (51 commits)
        doc: document ivshmem & hugepages
        ivshmem: use little-endian int64_t for the protocol
        ivshmem: use kvm irqfd for msi notifications
        ivshmem: rename MSI eventfd_table
        ivshmem: remove EventfdEntry.vector
        ivshmem: add hostmem backend
        ivshmem: use qemu_strtosz()
        ivshmem: do not keep shm_fd open
        tests: add ivshmem qtest
        qtest: add qtest_add_abrt_handler()
        msix: implement pba write (but read-only)
        contrib: remove unnecessary strdup()
        ivshmem: add check on protocol version in QEMU
        docs: update ivshmem device spec
        ivshmem-server: fix hugetlbfs support
        ivshmem-server: use a uint16 for client ID
        ivshmem-client: check the number of vectors
        contrib: add ivshmem client and server
        util: const event_notifier_get_fd() argument
        ivshmem: reset mask on device reset
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 4e494de66800747446e73b5ec0189ad7f4690908
  Author: Lan Tianyu <tianyu.lan@xxxxxxxxx>
  Date:   Sun Oct 11 23:19:24 2015 +0800

      Qemu/Xen: Fix early freeing MSIX MMIO memory region

      msix->mmio is added to XenPCIPassthroughState's object as property.
      object_finalize_child_property is called for XenPCIPassthroughState's
      object, which calls object_property_del_all, which is going to try to
      delete msix->mmio. object_finalize_child_property() will access
      msix->mmio's obj. But the whole msix struct has already been freed
      by xen_pt_msix_delete. This will cause segment fault when msix->mmio
      has been overwritten.

      This patch is to fix the issue.

      Signed-off-by: Lan Tianyu <tianyu.lan@xxxxxxxxx>
      Reviewed-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
      Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

  commit 7d4f4bdaf785dfe9fc41b06f85cc9aaf1b1474ee
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Wed Oct 7 16:31:47 2015 +0200

      doc: document ivshmem & hugepages

      Document and give some examples of hugepages support with ivshmem device
      and server.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit f7a199b2b4486242271f769bb4bc2638c0413274
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Thu Sep 24 12:55:01 2015 +0200

      ivshmem: use little-endian int64_t for the protocol

      The current ivshmem protocol uses 'long' for integers. But the
      sizeof(long) depends on the host and the endianess is not defined, which
      may cause portability troubles.

      Instead, switch to using little-endian int64_t. This breaks the
      protocol, except on x64 little-endian host where this change
      should be compatible.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 660c97eef6f8f416c5dc24d3798e29f9f9f698fb
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Thu Jul 9 15:50:13 2015 +0200

      ivshmem: use kvm irqfd for msi notifications

      Use irqfd for improving context switch when notifying the guest.
      If the host doesn't support kvm irqfd, regular msi notifications are
      still supported.

      Note: the ivshmem implementation doesn't allow switching between MSI and
      IO interrupts, this patch doesn't either.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 0f57350e5c2ee0c6fe979f4d4b6d4e1de0c26e46
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Mon Jul 27 12:59:19 2015 +0200

      ivshmem: rename MSI eventfd_table

      The array is used to have vector specific data, so use a more
      descriptive name.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit d160f3f7911bb1f99235ae211269c8f4422f2079
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Jul 24 18:52:19 2015 +0200

      ivshmem: remove EventfdEntry.vector

      No need to store an extra int for the vector number when it can be
      computed easily by looking at the position in the array.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit d9453c93fea0c9c67f9c63bfa79a87631317d746
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 30 00:10:16 2015 +0200

      ivshmem: add hostmem backend

      Instead of handling allocation, teach ivshmem to use a memory backend.
      This allows to use hugetlbfs backed memory now.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 2c04752cc8e37b15be4643570b49abb3128a8a46
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 30 00:06:03 2015 +0200

      ivshmem: use qemu_strtosz()

      Use the common qemu utility function to parse the memory size.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit f689d2811a36894618087e1e2cc3ade78e758e94
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 30 00:04:19 2015 +0200

      ivshmem: do not keep shm_fd open

      Remove shm_fd from device state, closing it as early as possible to avoid 
leaks.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit ddef6a0d68f641ca89466c697d191d07b7e6718c
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Wed Apr 2 16:57:48 2014 +0200

      tests: add ivshmem qtest

      Adds 4 ivshmemtests:
      - single qemu instance and basic IO
      - pair of instances, check memory sharing
      - pair of instances with server, and MSIX
      - hot plug/unplug

      A temporary shm is created as well as a directory to place server
      socket, both should be clear on exit and abort.

      Cc: Cam Macdonell <cam@xxxxxxxxxxxxxx>
      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit 063c23d909a8d6c9f251347514e34835e0510294
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Jun 19 18:45:14 2015 +0200

      qtest: add qtest_add_abrt_handler()

      Allow a test to add abort handlers, use GHook for all handlers.

      There is currently no way to remove a handler, but it could be
      later added if needed.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 43b11a91dd861a946b231b89b7542856ade23d1b
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Jun 26 14:25:29 2015 +0200

      msix: implement pba write (but read-only)

      qpci_msix_pending() writes on pba region, causing qemu to SEGV:

        Program received signal SIGSEGV, Segmentation fault.
        [Switching to Thread 0x7ffff7fba8c0 (LWP 25882)]
        0x0000000000000000 in ?? ()
        (gdb) bt
        #0  0x0000000000000000 in  ()
        #1  0x00005555556556c5 in memory_region_oldmmio_write_accessor 
(mr=0x5555579f3f80, addr=0, value=0x7fffffffbf68, size=4, shift=0, 
mask=4294967295, attrs=...) at /home/elmarco/src/qemu/memory.c:434
        #2  0x00005555556558e1 in access_with_adjusted_size (addr=0, 
value=0x7fffffffbf68, size=4, access_size_min=1, access_size_max=4, 
access=0x55555565563e <memory_region_oldmmio_write_accessor>, 
mr=0x5555579f3f80, attrs=...) at /home/elmarco/src/qemu/memory.c:506
        #3  0x00005555556581eb in memory_region_dispatch_write 
(mr=0x5555579f3f80, addr=0, data=0, size=4, attrs=...) at 
/home/elmarco/src/qemu/memory.c:1176
        #4  0x000055555560b6f9 in address_space_rw (as=0x555555eff4e0 
<address_space_memory>, addr=3759147008, attrs=..., buf=0x7fffffffc1b0 "", 
len=4, is_write=true) at /home/elmarco/src/qemu/exec.c:2439
        #5  0x000055555560baa2 in cpu_physical_memory_rw (addr=3759147008, 
buf=0x7fffffffc1b0 "", len=4, is_write=1) at /home/elmarco/src/qemu/exec.c:2534
        #6  0x000055555564c005 in cpu_physical_memory_write (addr=3759147008, 
buf=0x7fffffffc1b0, len=4) at 
/home/elmarco/src/qemu/include/exec/cpu-common.h:80
        #7  0x000055555564cd9c in qtest_process_command (chr=0x55555642b890, 
words=0x5555578de4b0) at /home/elmarco/src/qemu/qtest.c:378
        #8  0x000055555564db77 in qtest_process_inbuf (chr=0x55555642b890, 
inbuf=0x55555641b340) at /home/elmarco/src/qemu/qtest.c:569
        #9  0x000055555564dc07 in qtest_read (opaque=0x55555642b890, 
buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", size=22) at 
/home/elmarco/src/qemu/qtest.c:581
        #10 0x000055555574ce3e in qemu_chr_be_write (s=0x55555642b890, 
buf=0x7fffffffc2e0 "writel 0xe0100800 0x0\n", len=22) at qemu-char.c:306
        #11 0x0000555555751263 in tcp_chr_read (chan=0x55555642bcf0, 
cond=G_IO_IN, opaque=0x55555642b890) at qemu-char.c:2876
        #12 0x00007ffff64c9a8a in g_main_context_dispatch 
(context=0x55555641c400) at gmain.c:3122

      (without this patch, this can be reproduced with the ivshmem qtest)

      Implement an empty mmio write to avoid the crash.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 45b00c44ceffeac8143fb8857a12677234114f2b
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Wed Jun 24 13:33:32 2015 +0200

      contrib: remove unnecessary strdup()

      getopt() optarg points to argv memory, no need to dup those values,
      fixes small leaks detected by clang-analyzer.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@xxxxxxxxxxxxx>

  commit 5105b1d8c2d1ad4a25b8806e86c0f012936b2eed
  Author: David Marchand <david.marchand@xxxxxxxxx>
  Date:   Tue Jun 16 17:43:34 2015 +0200

      ivshmem: add check on protocol version in QEMU

      Send a protocol version as the first message from server, clients must
      close communication if they don't support this protocol version.  Older
      QEMUs should be fine with this change in the protocol since they
      overrides their own vm_id on reception of an id associated to no
      eventfd.

      Signed-off-by: David Marchand <david.marchand@xxxxxxxxx>
      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      [use fifo_update_and_get()]
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 8c4ef202b901d25b88efc55398d4a76dfb2594de
  Author: David Marchand <david.marchand@xxxxxxxxx>
  Date:   Mon Sep 8 11:17:49 2014 +0200

      docs: update ivshmem device spec

      Add some notes on the parts needed to use ivshmem devices: more 
specifically,
      explain the purpose of an ivshmem server and the basic concept to use the
      ivshmem devices in guests.
      Move some parts of the documentation and re-organise it.

      Signed-off-by: David Marchand <david.marchand@xxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit 1e21feb6280222a230fda1d87318ab58adde188f
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Mon Jun 29 19:53:15 2015 +0200

      ivshmem-server: fix hugetlbfs support

      As pointed out on the ML by Andrew Jones, glibc no longer permits
      creating POSIX shm on hugetlbfs directly. When given a hugetlbfs path,
      create a shareable file there.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@xxxxxxxxxxxxx>

  commit 022cffe31360750b405d368e343f3ca5febc0d0a
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 23 17:09:59 2015 +0200

      ivshmem-server: use a uint16 for client ID

      In practice, the number of VM is limited to MAXUINT16 in ivshmem, so use
      the same limit on the server (removes a theorical infinite loop)

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 95204aa951ceb28eb6d4ce43bce09a58cbad83d8
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 23 16:41:58 2015 +0200

      ivshmem-client: check the number of vectors

      Check the number of vectors received from the server, to avoid
      out of bound array access.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit a75eb03b9fca3af291ec2c433ddda06121ae927d
  Author: David Marchand <david.marchand@xxxxxxxxx>
  Date:   Mon Sep 8 11:17:48 2014 +0200

      contrib: add ivshmem client and server

      When using ivshmem devices, notifications between guests can be sent as
      interrupts using a ivshmem-server (typical use described in 
documentation).
      The client is provided as a debug tool.

      Signed-off-by: Olivier Matz <olivier.matz@xxxxxxxxx>
      Signed-off-by: David Marchand <david.marchand@xxxxxxxxx>
      [fix a valgrind warning, option and server_close() segvs, extra server
      headers includes, getopt() return type, out-of-tree build, use qemu
      event_notifier instead of eventfd, fix x86/osx warnings - Marc-André]
      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit 12f0b68c82356e4dd24f2f0d370b21eb17f1f42e
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Oct 13 12:12:16 2015 +0200

      util: const event_notifier_get_fd() argument

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit 972ad21553fd46738eea91f0085c7bc32cf68d86
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 23 14:13:08 2015 +0200

      ivshmem: reset mask on device reset

      The interrupt mask is a state value, it should be reset, like the
      interrupt status.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 1ee57de444ac7dd0cdb091fec318ba056ed173fd
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 23 14:07:11 2015 +0200

      ivshmem: error on too many eventfd received

      The number of eventfd that can be handled per peer is limited by the
      number of vectors. Return an error when receiving too many of them.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit f456179fae249a420dce38a02ad7e2efc6be37cf
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 23 13:38:46 2015 +0200

      ivshmem: replace 'guest' for 'peer' appropriately

      The terms 'guest' and 'peer' are used sometime interchangeably which may
      be confusing. Instead, use 'peer' for the remote instances of ivshmem
      clients, and 'guest' for the local VM.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit f64a078d45a4c1d1da074d1c306a5a4994dcda89
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 23 12:57:16 2015 +0200

      ivshmem: fix pci_ivshmem_exit()

      Free all objects owned by the device, making sure the device is free,
      fixing hot-unplug.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit d383537d01c1f23d783955963e234d11fce8ec02
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 23 13:01:40 2015 +0200

      ivshmem: add device description

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 945001a1af36eafd093b6b1582f5282932cd3d87
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 23 12:55:41 2015 +0200

      ivshmem: check shm isn't already initialized

      The server should not change the shm, and this isn't handled by qemu and
      we should should verify this in qemu.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 86d471bfa4262fa983c0214ace7336843e2181a2
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 23 12:53:42 2015 +0200

      ivshmem: shmfd can be 0

      0 is a valid fd value, so change conditions and set -1 value early

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 1f8552df2c7935a4cf883bda22acbe2adbf7d579
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Thu Jun 18 14:05:46 2015 +0200

      ivshmem: migrate with VMStateDescription

      load_state_old() is used to keep compatibility with version 0.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit e309366337d636689730f6484e388e46db7b5654
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Thu Jun 18 16:10:33 2015 +0200

      ivshmem: use common is_power_of_2()

      The common version correctly checks for 0 value case.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 6f8a16d55daac5657ccbcf953140685048e15ace
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Jun 19 12:21:46 2015 +0200

      ivshmem: use common return

      Both if branches return, move this out to common end.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 9a2f0e64aeb4c7891244785e88b2b0cfa1d61742
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Jun 19 12:19:55 2015 +0200

      ivshmem: simplify a bit the code

      Use some more explicit variables to simplify the code.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit ffa99afd6e4d354cdfae44cc43a2ca7ef056eb35
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 23 13:34:09 2015 +0200

      ivshmem: print error on invalid peer id

      The server shouldn't send invalid peer id, so print an error if it's the
      case.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 36617792b45b5d46d574af4f6ebb3f35c77d1e69
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Thu Jun 18 14:39:49 2015 +0200

      ivshmem: improve error handling

      The test whether the chardev is an AF_UNIX socket rejects
      "-chardev socket,id=chr0,path=/tmp/foo,server,nowait -device
      ivshmem,chardev=chr0", but fails to explain why.

      Use an explicit error on why a chardev may be rejected.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit f59bb37898d6ff44cdf68bfbadaf3bd260ae465e
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Thu Jun 18 15:04:13 2015 +0200

      ivshmem: improve debug messages

      Some misc improvements to ivshmem debug.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 95c8425cc3a316c998a7e306799ec6d29811bc32
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Jun 19 12:17:26 2015 +0200

      ivshmem: remove max_peer field

      max_peer isn't really useful, it tracks the maximum received VM id, but
      that quickly matches nb_peers, the size of the peers array. Since VM
      come and go, there might be sparse peers so it doesn't help much in
      general to have this value around.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 95e7c8a0f690f9a0c8b70fd1a4de60bd944371b8
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Thu Jun 25 13:49:09 2015 +0200

      ivshmem: initialize max_peer to -1

      There is no peer when device is initialized, do not let doorbell for
      inexisting peer 0.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit d8a5da075a919f7b42f2182cc55f5d3e7e60b264
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Thu Jun 18 15:00:52 2015 +0200

      ivshmem: remove useless ivshmem_update_irq() val argument

      val isn't used in ivshmem_update_irq() function.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 81e507f0bc584f417cb671e88da3f049cb4defb1
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Sep 15 17:23:07 2015 +0200

      ivshmem: allocate eventfds in resize_peers()

      It simplifies a bit the code to allocate the array when setting the
      number of peers instead of lazily when receiving the first vector.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 1300b2733a297f9a59deb4eebbd437a5833f3f41
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Sep 15 17:21:37 2015 +0200

      ivshmem: simplify around increase_dynamic_storage()

      Set the number of peers and array allocation in a single place. Rename
      to better reflect the function content.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 61ea2d8648d32b8e84da62f142dc08fa9ee5b7b9
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Sep 15 16:55:10 2015 +0200

      ivshmem: limit maximum number of peers to G_MAXUINT16

      Limit the maximum number of peers to MAXUINT16. This is more realistic
      and better matches the limit of the doorbell register.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 03977ad552874f6598a8f0ef3089e6846ba01a2b
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Mon Jun 22 12:55:16 2015 +0200

      ivshmem: remove last exit(1)

      Failing to create a chardev shouldn't be fatal.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit d58d7e848ec6d5bcd19634212d58dec5f1efbdb8
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Thu Jun 18 14:59:28 2015 +0200

      ivshmem: more qdev conversion

      Use the latest qemu device modeling API, in particular, convert to
      realize to fix the error handling; right now a botched device_add
      ivhsmem command kills the VM.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 49b2951f8416b356001d7b32625da0c555f0d1ce
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Thu Jun 18 16:17:48 2015 +0200

      ivshmem: remove useless doorbell field

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 9113e3f394e0a8569713b7aa9ece3e37cb9b61e8
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Thu Jun 18 16:24:33 2015 +0200

      ivshmem: remove superflous ivshmem_attr field

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit dee2151e7260a65c27495e9cbfc1931d9c9083d9
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Mon Jun 22 12:38:34 2015 +0200

      ivshmem: remove unnecessary dup()

      qemu_chr_fe_get_msgfd() transfers ownership, there is no need to dup the
      fd.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 0f14fd71c170278b35b46d8ae214473680905606
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 23 17:56:37 2015 +0200

      ivshmem: factor out the incoming fifo handling

      Make a new function fifo_update_and_get() that can be reused by other
      functions (in next commits).

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 951dada665041e8199e8c572d2981773fa2f0d8c
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Tue Jun 23 17:53:46 2015 +0200

      ivshmem: fix number of bytes to push to fifo

      If the fifo has 0 bytes, and the read is of size 1, the call to
      fifo8_push_all() will copy off boundary data.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit b8ab854b27e9b88d9b85b4c572049b29cb96de43
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Jun 19 13:00:32 2015 +0200

      ivhsmem: read do not accept more than sizeof(long)

      ivshmem_read() only reads sizeof(long) from the input buffer.  Accepting
      more could lead to fifo8 abort() on 32bit systems if fifo is not empty.

      A following patch will change the protocol to 64-bit little-endian
      instead.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit c246a62f26e5afa8285b21e641b33456f1e69c99
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Thu Jun 18 14:05:13 2015 +0200

      msix: add VMSTATE_MSIX_TEST

      ivshmem is going to use MSIX state conditionally.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit 1ad78ea51aad7978638299a27004049935c2d913
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Mon Jun 22 18:20:18 2015 +0200

      char: add qemu_chr_free()

      If a chardev is allowed to be created outside of QMP, then it must be
      also possible to free it. This is useful for ivshmem that creates
      chardev anonymously and must be able to free them.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Acked-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>

  commit bbfc2efefe9779f85dfe2713aec1568b1ba871ad
  Author: Andreas Färber <afaerber@xxxxxxx>
  Date:   Sun Oct 11 00:18:32 2015 +0200

      tests: Add ivshmem qtest

      Note that it launches two instances, as sharing memory is the purpose of
      ivshmem.

      Cc: Cam Macdonell <cam@xxxxxxxxxxxxxx>
      Cc: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>
      [ Remove Nahanni codename, add test to pci set - Marc-André ]
      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit dd054be35fa355a6ebeab58618d7ff662247a9f6
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Mon Oct 12 15:25:55 2015 +0200

      config: enable ivshmem on POSIX

      ivshmem doesn't actually require kvm, so enable it when POSIX is
      enabled. (it is required however when ioeventfd is enabled)

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit af25e7277d3e95a3ea31023f31d8097ab5e2ac84
  Merge: bc79082 c07bc2c
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 23 18:14:42 2015 +0100

      Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into 
staging

      Block layer patches

      # gpg: Signature made Fri 23 Oct 2015 17:59:56 BST using RSA key ID 
C88F2FD6
      # gpg: Good signature from "Kevin Wolf <kwolf@xxxxxxxxxx>"

      * remotes/kevin/tags/for-upstream: (37 commits)
        tests: Add test case for aio_disable_external
        block: Add "drained begin/end" for internal snapshot
        block: Add "drained begin/end" for transactional blockdev-backup
        block: Add "drained begin/end" for transactional backup
        block: Add "drained begin/end" for transactional external snapshot
        block: Introduce "drained begin/end" API
        aio: introduce aio_{disable,enable}_external
        dataplane: Mark host notifiers' client type as "external"
        nbd: Mark fd handlers client type as "external"
        aio: Add "is_external" flag for event handlers
        throttle: Remove throttle_group_lock/unlock()
        blockdev: Allow more options for BB-less BDS tree
        blockdev: Pull out blockdev option extraction
        blockdev: Do not create BDS for empty drive
        block: Prepare for NULL BDS
        block: Add blk_insert_bs()
        block: Prepare remaining BB functions for NULL BDS
        block: Fail requests to empty BlockBackend
        block: Make some BB functions fall back to BBRS
        block: Add BlockBackendRootState
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit c07bc2c1658fffeee08eb46402b2f66d55b07586
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 23 11:08:14 2015 +0800

      tests: Add test case for aio_disable_external

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 507306cc8ee7981894a96c380f42d80e2674cb04
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 23 11:08:13 2015 +0800

      block: Add "drained begin/end" for internal snapshot

      This ensures the atomicity of the transaction by avoiding processing of
      external requests such as those from ioeventfd.

      state->bs is assigned right after bdrv_drained_begin. Because it was
      used as the flag for deletion or not in abort, now we need a separate
      flag - InternalSnapshotState.created.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit ff52bf36a3a6c63b7528fbe64e9ed9976b221e68
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 23 11:08:12 2015 +0800

      block: Add "drained begin/end" for transactional blockdev-backup

      Similar to the previous patch, make sure that external events are not
      dispatched during transaction operations.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 1fdd4b7be3655d39c3594bc215eb1df5ce225c7d
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 23 11:08:11 2015 +0800

      block: Add "drained begin/end" for transactional backup

      This ensures the atomicity of the transaction by avoiding processing of
      external requests such as those from ioeventfd.

      Move the assignment to state->bs up right after bdrv_drained_begin, so
      that we can use it in the clean callback. The abort callback will still
      check bs->job and state->job, so it's OK.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit da763e83012c066ebe3effbaa8e7e7c8f78b0fbf
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 23 11:08:10 2015 +0800

      block: Add "drained begin/end" for transactional external snapshot

      This ensures the atomicity of the transaction by avoiding processing of
      external requests such as those from ioeventfd.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 51288d7917e5c5b088985aaa7ff3592561fbc2ba
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 23 11:08:09 2015 +0800

      block: Introduce "drained begin/end" API

      The semantics is that after bdrv_drained_begin(bs), bs will not get new 
external
      requests until the matching bdrv_drained_end(bs).

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit c1e1e5fa8f25f9061b076a05045a6d4950d1a891
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 23 11:08:08 2015 +0800

      aio: introduce aio_{disable,enable}_external

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 3a1e8074d74ad2acbcedf28d35aebedc3573f19e
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 23 11:08:07 2015 +0800

      dataplane: Mark host notifiers' client type as "external"

      They will be excluded by type in the nested event loops in block layer,
      so that unwanted events won't be processed there.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 172cc129a5ae58d36feb51f97fd67e2161ae5cc6
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 23 11:08:06 2015 +0800

      nbd: Mark fd handlers client type as "external"

      So we could distinguish it from internal used fds, thus avoid handling
      unwanted events in nested aio polls.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit dca21ef23ba48f6f1428c59f295a857e5dc203c8
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 23 11:08:05 2015 +0800

      aio: Add "is_external" flag for event handlers

      All callers pass in false, and the real external ones will switch to
      true in coming patches.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit d87d01e16a0e59a6af9634162cf0ded142b43e0d
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Wed Oct 21 21:36:05 2015 +0300

      throttle: Remove throttle_group_lock/unlock()

      The group throttling code was always meant to handle its locking
      internally. However, bdrv_swap() was touching the ThrottleGroup
      structure directly and therefore needed an API for that.

      Now that bdrv_swap() no longer exists there's no need for the
      throttle_group_lock() API anymore.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit bd745e238bb9432f40c875b6b4ad96a3d90e16a0
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:32 2015 +0200

      blockdev: Allow more options for BB-less BDS tree

      Most of the options which blockdev_init() parses for both the
      BlockBackend and the root BDS are valid for just the root BDS as well
      (e.g. read-only). This patch allows specifying these options even if not
      creating a BlockBackend.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit fbf8175eac92cca541efb1ac4a202fba941b78df
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:31 2015 +0200

      blockdev: Pull out blockdev option extraction

      Extract some of the blockdev option extraction code from blockdev_init()
      into its own function. This simplifies blockdev_init() and will allow
      reusing the code in a different function added in a follow-up patch.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 5ec18f8c83583b7e22ed4dd360cd937da801ca40
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:30 2015 +0200

      blockdev: Do not create BDS for empty drive

      Do not use "rudimentary" BDSs for empty drives any longer (for
      freshly created drives).

      After a follow-up patch, empty drives will generally use a NULL BDS, not
      only the freshly created drives.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 5433c24f0f9306c82ad9bcc2b2b586e5f0ed8fa5
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:29 2015 +0200

      block: Prepare for NULL BDS

      blk_bs() will not necessarily return a non-NULL value any more (unless
      blk_is_available() is true or it can be assumed to otherwise, e.g.
      because it is called immediately after a successful blk_new_with_bs() or
      blk_new_open()).

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 0c3c36d651922ebe9244e68e6d9ed14cdfcac9fd
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:28 2015 +0200

      block: Add blk_insert_bs()

      This function associates the given BlockDriverState with the given
      BlockBackend.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit a46fc9c95012f3d7ed2b29b59f042246d62a08d7
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:27 2015 +0200

      block: Prepare remaining BB functions for NULL BDS

      There are several BlockBackend functions which, in theory, cannot fail.
      This patch makes them cope with the BlockDriverState pointer being NULL
      by making them fall back to some default action like ignoring the value
      in setters and returning the default in getters.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit c09ba36c9ab62e3043041e429205f57ffbe3ba8b
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:26 2015 +0200

      block: Fail requests to empty BlockBackend

      If there is no BlockDriverState in a BlockBackend or if the tray of the
      guest device is open, fail all requests (where that is possible) with
      -ENOMEDIUM.

      The reason the status of the guest device is taken into account is
      because once the guest device's tray is opened, any request on the same
      BlockBackend as the guest uses should fail. If the BDS tree is supposed
      to be usable even after ejecting it from the guest, a different
      BlockBackend must be used.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 061959e8da5af59343e2c75d55c40f366d0164f9
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:25 2015 +0200

      block: Make some BB functions fall back to BBRS

      If there is no BDS tree attached to a BlockBackend, functions that can
      do so should fall back to the BlockBackendRootState structure.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 281d22d86ca26bf356284719e44c4bc66b716415
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:24 2015 +0200

      block: Add BlockBackendRootState

      This structure will store some of the state of the root BDS if the BDS
      tree is removed, so that state can be restored once a new BDS tree is
      inserted.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 973f2ddf7b48c27aa8642047796cca3bec0b48d8
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:23 2015 +0200

      block/throttle-groups: Make incref/decref public

      Throttle groups are not necessarily referenced by BDSs alone; a later
      patch will essentially allow BBs to reference them, too. Make the
      ref/unref functions public so that reference can be properly accounted
      for.

      Their interface is slightly adjusted in that they return and take a
      ThrottleState pointer, respectively, instead of a ThrottleGroup pointer.
      Functionally, they are equivalent, but since ThrottleGroup is not meant
      to be used outside of block/throttle-groups.c, ThrottleState is easier
      to handle.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 373340b26caa1572cf0f155131569dfc527aa133
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:22 2015 +0200

      block: Move I/O status and error actions into BB

      These options are only relevant for the user of a whole BDS tree (like a
      guest device or a block job) and should thus be moved into the
      BlockBackend.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 7f0e9da6f134c5303be51333696e1ff54697f3e0
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:21 2015 +0200

      block: Move BlockAcctStats into BlockBackend

      As the comment above bdrv_get_stats() says, BlockAcctStats is something
      which belongs to the device instead of each BlockDriverState. This patch
      therefore moves it into the BlockBackend.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 53d8f9d8fbf85f04d423958248f8c2fbe1ece192
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:20 2015 +0200

      block: Remove wr_highest_sector from BlockAcctStats

      BlockAcctStats contains statistics about the data transferred from and
      to the device; wr_highest_sector does not fit in with the rest.

      Furthermore, those statistics are supposed to be specific for a certain
      device and not necessarily for a BDS (see the comment above
      bdrv_get_stats()); on the other hand, wr_highest_sector may be a rather
      important information to know for each BDS. When BlockAcctStats is
      finally removed from the BDS, we will want to keep wr_highest_sector in
      the BDS.

      Finally, wr_highest_sector is renamed to wr_highest_offset and given the
      appropriate meaning. Externally, it is represented as an offset so there
      is no point in doing something different internally. Its definition is
      changed to match that in qapi/block-core.json which is "the offset after
      the greatest byte written to". Doing so should not cause any harm since
      if external programs tried to calculate the volume usage by
      (wr_highest_offset + 512) / volume_size, after this patch they will just
      assume the volume to be full slightly earlier than before.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 68e9ec017bb00b96633d48b5bf039a37daa3bc21
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:19 2015 +0200

      block: Move guest_block_size into BlockBackend

      guest_block_size is a guest device property so it should be moved into
      the interface between block layer and guest devices, which is the
      BlockBackend.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 4981bdec0d9b3ddd3e1474de5aa9918f120b54f7
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:18 2015 +0200

      block: Fix BB AIOCB AioContext without BDS

      Fix the BlockBackend's AIOCB AioContext for aborting AIO in case there
      is no BDS. If there is no implementation of AIOCBInfo::get_aio_context()
      the AioContext is derived from the BDS the AIOCB belongs to. If that BDS
      is NULL (because it has been removed from the BB) this will not work.

      This patch makes blk_get_aio_context() fall back to the main loop
      context if the BDS pointer is NULL and implements
      AIOCBInfo::get_aio_context() (blk_aiocb_get_aio_context()) which invokes
      blk_get_aio_context().

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 7d3467d903c0fa663fbe3f1002e7c624a210b634
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:17 2015 +0200

      hw/usb-storage: Check whether BB is inserted

      Only call bdrv_add_key() on the BlockDriverState if it is not NULL.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 2e1280e8ff95b3145bc6262accc9d447718e5318
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:16 2015 +0200

      hw/block/fdc: Implement tray status

      The tray of an FDD is open iff there is no medium inserted (there are
      only two states for an FDD: "medium inserted" or "no medium inserted").

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit b4d02820d95e025e57d82144f7b2ccd677ac2418
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:15 2015 +0200

      block: Invoke change media CB before NULLing drv

      In order to handle host device passthrough, some guest device models
      may call blk_is_inserted() to check whether the medium is inserted on
      the host, when checking the guest tray status.

      This tray status is inquired by blk_dev_change_media_cb(); because
      bdrv_is_inserted() (invoked by blk_is_inserted()) always returns false
      for BDS with drv set to NULL, blk_dev_change_media_cb() should therefore
      be called before drv is set to NULL.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 1354c473789a91ba603d40bdf2521e3221c0a69f
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:14 2015 +0200

      block/raw_bsd: Drop raw_is_inserted()

      With the new automatically-recursive implementation of
      bdrv_is_inserted() checking by default whether all the children of a BDS
      are inserted, we can drop raw's own implementation.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 28d7a78996ae73e681d0e061a4be446ed2240c97
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:13 2015 +0200

      block: Make bdrv_is_inserted() recursive

      If bdrv_is_inserted() is called on the top level BDS, it should make
      sure all nodes in the BDS tree are actually inserted.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit db0284f86a31ec66d138f0f7794321c306af969e
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:12 2015 +0200

      block: Add blk_is_available()

      blk_is_available() returns true iff the BDS is inserted (which means
      blk_bs() is not NULL and bdrv_is_inserted() returns true) and if the
      tray of the guest device is closed.

      blk_is_inserted() is changed to return true only if blk_bs() is not
      NULL.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit e031f750483377a5e5de4c92af68dfa68e4d0aae
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:11 2015 +0200

      block: Make bdrv_is_inserted() return a bool

      Make bdrv_is_inserted(), blk_is_inserted(), and the callback
      BlockDriver.bdrv_is_inserted() return a bool.

      Suggested-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 8e9e653038db97bfd343c3fb217b7bf4da765a89
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:10 2015 +0200

      iotests: Only create BB if necessary

      Tests 071 and 081 test giving references in blockdev-add. It is not
      necessary to create a BlockBackend here, so omit it.

      While at it, fix up some blockdev-add invocations in the vicinity
      (s/raw/$IMGFMT/ in 081, drop the format BDS for blkverify's raw child in
      071).

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit be4b67bc7d99da26b7878f7f45370f50a3bd4af5
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:09 2015 +0200

      blockdev: Allow creation of BDS trees without BB

      If the "id" field is missing from the options given to blockdev-add,
      just omit the BlockBackend and create the BlockDriverState tree alone.

      However, if "id" is missing, "node-name" must be specified; otherwise,
      the BDS tree would no longer be accessible.

      Many BDS options which are not parsed by bdrv_open() (like caching)
      cannot be specified for these BB-less BDS trees yet. A future patch will
      remove this limitation.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit d44f928a54497188c25357840a3224925d1b527b
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:08 2015 +0200

      block: Set BDRV_O_INCOMING in bdrv_fill_options()

      This flag should not be set for the root BDS only, but for any BDS that
      is being created while incoming migration is pending, so setting it is
      moved from blockdev_init() to bdrv_fill_options().

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit f709623b3d30096c629f6a368670c9cf668da83f
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Mon Oct 19 17:53:07 2015 +0200

      block: Remove host floppy support

      It has been deprecated as of 2.3, so we can now remove it.

      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit bc79082e4cd12c1241fa03b0abceacf45f537740
  Merge: 1e700f4 31bfa2a
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 23 16:35:43 2015 +0100

      Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' 
into staging

      X86 queue, 2015-10-23

      # gpg: Signature made Fri 23 Oct 2015 16:30:58 BST using RSA key ID 
984DC5A6
      # gpg: Good signature from "Eduardo Habkost <ehabkost@xxxxxxxxxx>"

      * remotes/ehabkost/tags/x86-pull-request:
        vl: trivial: minor tweaks to a max-cpu error msg
        target-i386: Use 1UL for bit shift
        target-i386: Add DE to TCG_FEATURES
        target-i386: Ensure always-1 bits on DR6 can't be cleared
        target-i386: Check CR4[DE] for processing DR4/DR5
        target-i386: Handle I/O breakpoints
        target-i386: Optimize setting dr[0-3]
        target-i386: Move hw_*breakpoint_* functions
        target-i386: Ensure bit 10 on DR7 is never cleared
        target-i386: Re-introduce optimal breakpoint removal
        target-i386: Introduce cpu_x86_update_dr7
        target-i386: Disable cache info passthrough by default
        target-i386: allow any alignment for SMBASE

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 31bfa2a40004204aee503c6417fbafb5d17e0a51
  Author: Andrew Jones <drjones@xxxxxxxxxx>
  Date:   Sun Oct 18 19:35:27 2015 +0200

      vl: trivial: minor tweaks to a max-cpu error msg

      Signed-off-by: Andrew Jones <drjones@xxxxxxxxxx>

  commit 72370dc1149d7c90d2c2218e0d0658bee23a5bf7
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Tue Sep 29 17:34:22 2015 -0300

      target-i386: Use 1UL for bit shift

      Fix undefined behavior detected by clang runtime check:

        qemu/target-i386/cpu.c:1494:15: runtime error:
          left shift of 1 by 31 places cannot be represented in type 'int'

      While doing that, add extra parenthesis for clarity.

      Reported-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit b6c5a6f021f485fc36bca678b2c867e9b6783924
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Wed Oct 7 16:39:43 2015 -0300

      target-i386: Add DE to TCG_FEATURES

      Now DE is supported by TCG so it can be enabled in CPUID bits.

      Reviewed-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 462f8ed1f1eac189ef50d9586eae8af90dbe426f
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Wed Oct 7 17:19:18 2015 -0300

      target-i386: Ensure always-1 bits on DR6 can't be cleared

      Bits 4-11 and 16-31 on DR6 are documented as always 1, so ensure they
      can't be cleared by software.

      Reviewed-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit d0052339236072bbf08c1d600c0906126b1ab258
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Sep 15 11:45:13 2015 -0700

      target-i386: Check CR4[DE] for processing DR4/DR5

      Introduce helper_get_dr so that we don't have to put CR4[DE]
      into the scarce HFLAGS resource.  At the same time, rename
      helper_movl_drN_T0 to helper_set_dr and set the helper flags.

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 5223a9423c5fb9e32b0c3eaaa2c0bf8c5cfd6866
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Mon Oct 19 15:14:35 2015 -0200

      target-i386: Handle I/O breakpoints

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 7525b55051277717329cf64a9e1d5cff840d6f38
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Sep 15 11:45:11 2015 -0700

      target-i386: Optimize setting dr[0-3]

      If the debug register is not enabled, we need
      do nothing besides update the register.

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 696ad9e4b27a49a9706010d00b31b17fe1f0d569
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Sep 15 11:45:10 2015 -0700

      target-i386: Move hw_*breakpoint_* functions

      They're only used from bpt_helper.c now.

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 9055330ffbf5ca85f024c29874799d9c8bd17aa9
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Thu Oct 8 17:10:27 2015 -0300

      target-i386: Ensure bit 10 on DR7 is never cleared

      Bit 10 of DR7 is documented as always set to 1, so ensure that's
      always the case.

      Reviewed-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 36eb6e096729f9aade3a6af7dbe4d0a990335d7e
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Sep 15 11:45:09 2015 -0700

      target-i386: Re-introduce optimal breakpoint removal

      Before the last patch, we had an efficient loop that disabled
      local breakpoints on task switch.  Re-add that, but in a more
      general way that handles changes to the global enable bits too.

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 93d00d0fbe4711061834730fb70525d167b6f908
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Sep 15 11:45:08 2015 -0700

      target-i386: Introduce cpu_x86_update_dr7

      This moves the last of the iteration over breakpoints into
      the bpt_helper.c file.  This also allows us to make several
      breakpoint functions static.

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit e265e3e48049fbece9eaf536aa00ca41aa3c54d0
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Wed Sep 2 11:19:11 2015 -0300

      target-i386: Disable cache info passthrough by default

      The host cache information may not make sense for the guest if the VM
      CPU topology doesn't match the host CPU topology. To make sure we won't
      expose broken cache information to the guest, disable cache info
      passthrough by default, and add a new "host-cache-info" property that
      can be used to enable the old behavior for users that really need it.

      Cc: Benoît Canet <benoit@xxxxxxxxxxx>
      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit dd75d4fcb4a82c34d4f466e7fc166162b71ff740
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Oct 12 18:25:40 2015 +0200

      target-i386: allow any alignment for SMBASE

      Processors up to the Pentium (says Bochs---I do not have old enough
      manuals) require a 32KiB alignment for the SMBASE, but newer processors
      do not need that, and Tiano Core will use non-aligned SMBASE values.

      Reported-by: Michael D Kinney <michael.d.kinney@xxxxxxxxx>
      Cc: Laszlo Ersek <lersek@xxxxxxxxxx>
      Cc: Jordan Justen <jordan.l.justen@xxxxxxxxx>
      Cc: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Reviewed-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 1e700f4c6cddaf29ce1d205f0f8e8b9255481930
  Merge: 147482a b3e9e58
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 23 15:55:50 2015 +0100

      Merge remote-tracking branch 
'remotes/mdroth/tags/qga-pull-2015-10-23-tag' into staging

      qemu-ga patch queue

      * unbreak qga-test unit test on travis-ci systems by not assuming a
        disk-based filesystem must be present

      # gpg: Signature made Fri 23 Oct 2015 15:01:47 BST using RSA key ID 
F108B584
      # gpg: Good signature from "Michael Roth <flukshun@xxxxxxxxx>"
      # gpg:                 aka "Michael Roth <mdroth@xxxxxxxxxx>"
      # gpg:                 aka "Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>"

      * remotes/mdroth/tags/qga-pull-2015-10-23-tag:
        tests: test-qga, loosen assumptions about host filesystems

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit b3e9e584fcef49be8ca0c355d11030f0bf6231b0
  Author: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Oct 20 11:17:36 2015 -0500

      tests: test-qga, loosen assumptions about host filesystems

      QGA skips pseudo-filesystems when querying filesystems via
      guest-get-fsinfo. On some hosts, such as travis-ci which uses
      containers with simfs filesystems, QGA might not report *any*
      filesystems. Our test case assumes there would be at least one,
      leading to false error messages in these situations.

      Instead, sanity-check values iff we get at least one filesystem.

      Cc: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Cc: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 147482ae35b896808af68c0051ad86d3aae12979
  Merge: 431429a 659f7f6
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 23 13:09:09 2015 +0100

      Merge remote-tracking branch 'remotes/dgibson/tags/ppc-next-20151023' 
into staging

      ppc patch queue - 2015-10-23

      sPAPR highlights:
        * Allow VFIO devices on the spapr-pci-host-bridge
        * Allow virtio VGA
        * Safer handling of HTAB allocation
        * ibm,pa-features device tree property

      non-sPAPR highlights:
        * Categorization of many ppc specific devices in help output
        * Tweaks to MMU type constants

      # gpg: Signature made Fri 23 Oct 2015 07:27:56 BST using RSA key ID 
20D9B392
      # gpg: Good signature from "David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>"
      # gpg:                 aka "David Gibson (Red Hat) <dgibson@xxxxxxxxxx>"
      # gpg:                 aka "David Gibson (ozlabs.org) 
<dgibson@xxxxxxxxxx>"
      # gpg: WARNING: This key is not certified with sufficiently trusted 
signatures!
      # gpg:          It is not certain that the signature belongs to the owner.
      # Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 
B392

      * remotes/dgibson/tags/ppc-next-20151023: (21 commits)
        prep: do not use CPU_LOG_IOPORT, convert to tracepoints
        openpic: add to misc category
        macio-nvram: add to misc category
        macio: add to bridge category
        uninorth: add to bridge category
        macio-ide: add to storage category
        cuda: add to bridge category
        grackle: add to bridge category
        escc: add to input category
        cmd646: add to storage category
        adb: add to input category
        ppc/spapr: Add "ibm,pa-features" property to the device-tree
        ppc: Add mmu_model defines for arch 2.03 and 2.07
        hw/scsi/spapr_vscsi: Remove superfluous memset
        spapr_pci: Allow VFIO devices to work on the normal PCI host bridge
        spapr_iommu: Provide a function to switch a TCE table to allowing VFIO
        spapr_iommu: Rename vfio_accel parameter
        spapr_pci: Allow PCI host bridge DMA window to be configured
        spapr: Add "slb-size" property to CPU device tree nodes
        spapr: Abort when HTAB of requested size isn't allocated
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 431429a5b802fccf2701c37f580307c6979f4c3e
  Merge: dfbe064 9024603
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 23 12:09:02 2015 +0100

      Merge remote-tracking branch 
'remotes/berrange/tags/qcrypto-fixes-pull-20151022-2' into staging

      Merge qcrypto-fixes 2015/10/22

      # gpg: Signature made Thu 22 Oct 2015 19:03:45 BST using RSA key ID 
15104FDF
      # gpg: Good signature from "Daniel P. Berrange <dan@xxxxxxxxxxxx>"
      # gpg:                 aka "Daniel P. Berrange <berrange@xxxxxxxxxx>"

      * remotes/berrange/tags/qcrypto-fixes-pull-20151022-2:
        configure: avoid polluting global CFLAGS with tasn1 flags
        crypto: add sanity checking of plaintext/ciphertext length
        crypto: don't let builtin aes crash if no IV is provided
        crypto: allow use of nettle/gcrypt to be selected explicitly

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit dfbe0642ef8e643e7e41956c8ca97f1acc9464a9
  Merge: 6a6739d 7f4a930
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 23 10:24:08 2015 +0100

      Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

      vhost: build fix

      Fix build breakages when using older gcc.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

      # gpg: Signature made Thu 22 Oct 2015 20:36:07 BST using RSA key ID 
D28D5469
      # gpg: Good signature from "Michael S. Tsirkin <mst@xxxxxxxxxx>"
      # gpg:                 aka "Michael S. Tsirkin <mst@xxxxxxxxxx>"

      * remotes/mst/tags/for_upstream:
        vhost-user: fix up rhel6 build

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 659f7f65561e78d720986d61f3112c54a97b2b96
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Fri Oct 16 15:16:11 2015 +0200

      prep: do not use CPU_LOG_IOPORT, convert to tracepoints

      These messages are disabled by default; a perfect usecase for tracepoints.
      Convert them over.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 29f8dd66e89d59f66105af9065c10e21f85cc653
  Author: Laurent Vivier <laurent@xxxxxxxxx>
  Date:   Sat Sep 26 18:22:12 2015 +0200

      openpic: add to misc category

      openpic is a programmable interrupt controller, so
      add it to the misc category.

      Signed-off-by: Laurent Vivier <laurent@xxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 175fe9e7c886263258602262c341c472bc64be42
  Author: Laurent Vivier <laurent@xxxxxxxxx>
  Date:   Sat Sep 26 18:22:11 2015 +0200

      macio-nvram: add to misc category

      The macio nvram is a non volatile RAM, so add it
      the misc category.

      Signed-off-by: Laurent Vivier <laurent@xxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit f9f2a9f26f74b4572c51e74be7fd97fa34c920d3
  Author: Laurent Vivier <laurent@xxxxxxxxx>
  Date:   Sat Sep 26 18:22:10 2015 +0200

      macio: add to bridge category

      macio is a bridge between the PCI bus and the Mac nvram,
      IDE controller and PIC, so add it to the bridge category.

      Signed-off-by: Laurent Vivier <laurent@xxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 1d16f86a433a323691dcfd0f71acdc7592c114fc
  Author: Laurent Vivier <laurent@xxxxxxxxx>
  Date:   Sat Sep 26 18:22:09 2015 +0200

      uninorth: add to bridge category

      Uninorth is the mac99 PCI host controller, so add
      it to the bridge category.

      Signed-off-by: Laurent Vivier <laurent@xxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 3469d9bce86d2e387777addb25ed8b80b7e9d2a1
  Author: Laurent Vivier <laurent@xxxxxxxxx>
  Date:   Sat Sep 26 18:22:08 2015 +0200

      macio-ide: add to storage category

      macio-ide is an IDE controller, so add it
      to the storage category.

      Signed-off-by: Laurent Vivier <laurent@xxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 599d7326c35d323c0a2cf18ebf65c613979e7f65
  Author: Laurent Vivier <laurent@xxxxxxxxx>
  Date:   Sat Sep 26 18:22:07 2015 +0200

      cuda: add to bridge category

      Cuda is a bridge between PowerMac system bus and the ADB controller,
      real-time clock, pram and the power management unit.

      So add it to the bridge category.

      Signed-off-by: Laurent Vivier <laurent@xxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit e16244355f8d5efc94df965b1f6a5a0b6c50a2f2
  Author: Laurent Vivier <laurent@xxxxxxxxx>
  Date:   Sat Sep 26 18:22:06 2015 +0200

      grackle: add to bridge category

      Grackle is the PCI host controller of oldworld powermac,
      so add it to the bridge category.

      Signed-off-by: Laurent Vivier <laurent@xxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit f8d4c07c7807d0f7be02f42d2ee849d2eea4141e
  Author: Laurent Vivier <laurent@xxxxxxxxx>
  Date:   Sat Sep 26 18:22:05 2015 +0200

      escc: add to input category

      ESCC is a serial port controller, so add it
      to the input category.

      Signed-off-by: Laurent Vivier <laurent@xxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 74623e7369b175fa324421f4c0047d06da3baafc
  Author: Laurent Vivier <laurent@xxxxxxxxx>
  Date:   Sat Sep 26 18:22:04 2015 +0200

      cmd646: add to storage category

      cmd646 is an IDE controller, so add it to the
      storage category.

      Signed-off-by: Laurent Vivier <laurent@xxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 32f3a8992ea28a194678832eec1e1ffc09cbb7b1
  Author: Laurent Vivier <laurent@xxxxxxxxx>
  Date:   Sat Sep 26 18:22:03 2015 +0200

      adb: add to input category

      The Apple Desktop Bus is used to connect a keyboard and a mouse,
      so add it to the input category.

      Signed-off-by: Laurent Vivier <laurent@xxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 90da0d5a703839c8db9f37355107955df043b654
  Author: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 22 18:30:59 2015 +1100

      ppc/spapr: Add "ibm,pa-features" property to the device-tree

      LoPAPR defines a "ibm,pa-features" per-CPU device tree property which
      describes extended features of the Processor Architecture.

      This adds the property to the device tree. At the moment this is the
      copy of what pHyp advertises except "I=1 (cache inhibited) Large Pages"
      which is enabled for TCG and disabled when running under HV KVM host
      with 4K system page size.

      Signed-off-by: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>
      [aik: rebased, changed commit log, moved ci_large_pages initialization,
      renamed pa_features arrays]
      Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit aa4bb58752310e7906683a2ac99566222c1e7228
  Author: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 22 18:30:58 2015 +1100

      ppc: Add mmu_model defines for arch 2.03 and 2.07

      This removes unused POWERPC_MMU_2_06a/POWERPC_MMU_2_06d.

      This replaces POWERPC_MMU_64B with POWERPC_MMU_2_03 for POWER5+ to be
      more explicit about the version of the PowerISA supported.

      This defines POWERPC_MMU_2_07 and uses it for the POWER8 CPU family.
      This will not have an immediate effect now but it will in the following
      patch.

      This should cause no behavioural change.

      Signed-off-by: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>
      [aik: rebased, changed commit log]
      Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit a23dec105c0faed7b9cba5d07d92df63a04dbb2e
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Thu Oct 8 21:35:13 2015 +0200

      hw/scsi/spapr_vscsi: Remove superfluous memset

      g_malloc0 already clears the memory, so no need for
      the additional memset here.

      Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Cc: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Cc: Alexander Graf <agraf@xxxxxxx>
      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 185181f8835b1b68409ac4381688eafdca0172cc
  Author: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
  Date:   Thu Sep 24 10:34:23 2015 +1000

      spapr_pci: Allow VFIO devices to work on the normal PCI host bridge

      The core VFIO infrastructure more or less allows VFIO devices to work
      on any normal guest PCI host bridge (PHB) without extra logic.
      However, the "spapr-pci-host-bridge" device (as opposed to the special
      "spapr-pci-vfio-host-bridge" device) breaks this by using a partially
      KVM accelerated implementation of the guest kernel IOMMU which won't
      work with VFIO devices, without additional kernel support.

      This patch allows VFIO devices to work on the spapr-pci-host-bridge,
      by having it switch off KVM TCE acceleration when a VFIO device is
      added to the PHB (either on startup, or by hotplug).

      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Reviewed-by: Laurent Vivier <lvivier@xxxxxxxxxx>

  commit c10325d6f9af84444120d8a6d1d59f41a282ae1b
  Author: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 1 10:46:10 2015 +1000

      spapr_iommu: Provide a function to switch a TCE table to allowing VFIO

      Because of the way non-VFIO guest IOMMU operations are KVM accelerated, 
not
      all TCE tables (guest IOMMU contexts) can support VFIO devices.  
Currently,
      this is decided at creation time.

      To support hotplug of VFIO devices, we need to allow a TCE table which
      previously didn't allow VFIO devices to be switched so that it can.  This
      patch adds an spapr_tce_set_need_vfio() function to do this, by
      reallocating the table in userspace if necessary.

      Currently this doesn't allow the KVM acceleration to be re-enabled if all
      the VFIO devices are removed.  That's an optimization for another time.

      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Laurent Vivier <lvivier@xxxxxxxxxx>

  commit 6a81dd172cd5d03fce593741629cb4c78fff10cb
  Author: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
  Date:   Wed Sep 30 13:42:55 2015 +1000

      spapr_iommu: Rename vfio_accel parameter

      The vfio_accel parameter used when creating a new TCE table (guest IOMMU
      context) has a confusing name.  What it really means is whether we need 
the
      TCE table created to be able to support VFIO devices.

      VFIO is relevant, because when available we use in-kernel acceleration of
      the TCE table, but that may not work with VFIO devices because updates to
      the table are handled in kernel, bypass qemu and so don't hit qemu's
      infrastructure for keeping the VFIO host IOMMU state in sync with the 
guest
      IOMMU state.

      Rename the parameter to "need_vfio" throughout.  This is a cosmetic 
change,
      with no impact on the logic.

      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Laurent Vivier <lvivier@xxxxxxxxxx>

  commit f93caaac36ec3b030184055596cb56f64d0de988
  Author: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
  Date:   Thu Sep 24 09:56:44 2015 +1000

      spapr_pci: Allow PCI host bridge DMA window to be configured

      At present the PCI host bridge (PHB) for the pseries machine type has a
      fixed DMA window from 0..1GB (in PCI address space) which is mapped to 
real
      memory via the PAPR paravirtualized IOMMU.

      For better support of VFIO devices, we're going to want to allow for
      different configurations of the DMA window.

      Eventually we'll want to allow the guest itself to reconfigure the window
      via the PAPR dynamic DMA window interface, but as a preliminary this patch
      allows the user to reconfigure the window with new properties on the PHB
      device.

      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Reviewed-by: Laurent Vivier <lvivier@xxxxxxxxxx>

  commit fd5da5c47264a57c7d01507eaf50bf3d288ba8a4
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Thu Oct 1 15:30:07 2015 +0200

      spapr: Add "slb-size" property to CPU device tree nodes

      According to a commit message in the Linux kernel (see here
      
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b60c31d85a2a
      for example), the name of the property that carries the information
      about the number of SLB entries should be called "slb-size", and
      not "ibm,slb-size". The Linux kernel can deal with both names, but
      to be on the safe side we should support the official name, too.

      [Now that LoPAPR is public, the relevant requirement can be found in
      section C.6.1.8 --dwg]

      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 7735fedaf490cf9213cd8d487272b69a4987c851
  Author: Bharata B Rao <bharata@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Sep 24 13:52:48 2015 +0530

      spapr: Abort when HTAB of requested size isn't allocated

      Terminate the guest when HTAB of requested size isn't allocated by
      the host.

      When memory hotplug is attempted on a guest that has booted with
      less than requested HTAB size, the guest kernel will not be able
      to gracefully fail the hotplug request. This patch will ensure that
      we never end up in a situation where memory hotplug fails due to
      less than requested HTAB size.

      Signed-off-by: Bharata B Rao <bharata@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit b817772a2521defba513b64b1d08238f24c50657
  Author: Bharata B Rao <bharata@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Sep 24 13:52:47 2015 +0530

      spapr: Allocate HTAB from machine init

      Allocate HTAB from ppc_spapr_init() so that we can abort the guest
      if requested HTAB size is't allocated by the host. However retain the
      htab reset call in spapr_reset_htab() so that HTAB gets reset (and
      not allocated) during machine reset.

      Signed-off-by: Bharata B Rao <bharata@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>

  commit 7f4a930e64b9e69cd340395a7e4f0494aef4fcdd
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Thu Oct 22 22:28:37 2015 +0300

      vhost-user: fix up rhel6 build

      Build on RHEL6 fails:
      https://gcc.gnu.org/bugzilla/show_bug.cgi?id=42875

      Apparently unnamed unions couldn't use C99  named field initializers.
      Let's just name the payload union field.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 90246037760a2a1d64da67782200b690de24cc49
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Mon Sep 21 17:25:34 2015 +0100

      configure: avoid polluting global CFLAGS with tasn1 flags

      The previous commit

        commit 9a2fd4347c40321f5cbb4ab4220e759fcbf87d03
        Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
        Date:   Mon Apr 13 14:01:39 2015 +0100

          crypto: add sanity checking of TLS x509 credentials

      defined new variables $TEST_LIBS and $TEST_CFLAGS and
      used them in tests/Makefile to augment $LIBS and $CFLAGS.

      Unfortunately this overlooks the fact that tests/Makefile
      is not executed via recursive-make, it is just pulled into
      the top level Makefile via an include statement. So rather
      than just augmenting the compiler/linker flags for tests
      it polluted the global flags.

      This is thought to be behind a reported failure when
      building the pixman module as a sub-module, since global
      $CFLAGS are passed down to configure in pixman.

      This change removes the $TEST_LIBS and $TEST_CFLAGS
      replacing them with $TASN1_LIBS and $TASN1_CFLAGS,
      setting only against specific objects/executables
      that need them.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit 3a661f1eabf7e8db66e28489884d9b54aacb94ea
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Fri Oct 16 16:35:06 2015 +0100

      crypto: add sanity checking of plaintext/ciphertext length

      When encrypting/decrypting data, the plaintext/ciphertext
      buffers are required to be a multiple of the cipher block
      size. If this is not done, nettle will abort and gcrypt
      will report an error. To get consistent behaviour add
      explicit checks upfront for the buffer sizes.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit eb2a770b178b9040c3fc04ee31dc38d1775db09a
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Fri Oct 16 13:23:13 2015 +0100

      crypto: don't let builtin aes crash if no IV is provided

      If no IV is provided, then use a default IV of all-zeros
      instead of crashing. This gives parity with gcrypt and
      nettle backends.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit 91bfcdb01d4869aa8f4cb67007827de63b8c2217
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Fri Oct 16 16:36:53 2015 +0100

      crypto: allow use of nettle/gcrypt to be selected explicitly

      Currently the choice of whether to use nettle or gcrypt is
      made based on what gnutls is linked to. There are times
      when it is desirable to be able to force build against a
      specific library. For example, if testing changes to QEMU's
      crypto code all 3 possible backends need to be checked
      regardless of what the local gnutls uses.

      It is also desirable to be able to enable nettle/gcrypt
      for cipher/hash algorithms, without enabling gnutls
      for TLS support.

      This gives two new configure flags, which allow the
      following possibilities

      Automatically determine nettle vs gcrypt from what
      gnutls links to (recommended to minimize number of
      crypto libraries linked to)

       ./configure

      Automatically determine nettle vs gcrypt based on
      which is installed

       ./configure --disable-gnutls

      Force use of nettle

       ./configure --enable-nettle

      Force use of gcrypt

       ./configure --enable-gcrypt

      Force use of built-in AES & crippled-DES

       ./configure --disable-nettle --disable-gcrypt

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit 2a080ce26682f35517b0e20f4ad10559e9270b5d
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Tue Oct 20 23:19:02 2015 +0800

      target-tilegx: Implement prefetch instructions in pipe y2

      Originally, tilegx qemu only implement prefetch instructions in pipe x1,
      did not implement them in pipe y2.

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 6a6739de510706e1d337180d12be74ebbd0c7666
  Merge: b803894 89a82cd
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Oct 22 18:01:53 2015 +0100

      Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20151021' into 
staging

      Collected tcg backend patches

      # gpg: Signature made Wed 21 Oct 2015 22:34:28 BST using RSA key ID 
4DD0279B
      # gpg: Good signature from "Richard Henderson <rth7680@xxxxxxxxx>"
      # gpg:                 aka "Richard Henderson <rth@xxxxxxxxxx>"
      # gpg:                 aka "Richard Henderson <rth@xxxxxxxxxxx>"

      * remotes/rth/tags/pull-tcg-20151021:
        cpu-exec: Add "nochain" debug flag
        tcg/mips: Support r6 SEL{NE, EQ}Z instead of MOVN/MOVZ
        tcg/mips: Support r6 multiply/divide encodings
        tcg/mips: Support r6 JR encoding
        tcg/mips: Add use_mips32r6_instructions definition
        disas/mips: Add R6 jr/jr.hb to disassembler
        tcg-opc.h: Simplify insn_start def
        tcg/ppc: Prefer mask over andi.
        tcg/ppc: Revise goto_tb implementation
        tcg/ppc: Adjust exit_tb for change in prologue placement

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit b803894e2c4d744ccc113ca6cbe6654ec80c1dc6
  Merge: ca3e40e 0960be7
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Oct 22 17:33:54 2015 +0100

      Merge remote-tracking branch 'remotes/afaerber/tags/qom-cpu-for-peter' 
into staging

      QOM CPUState and X86CPU

      * Adoption of CPUClass::disas_set_info() hook

      # gpg: Signature made Thu 22 Oct 2015 17:11:24 BST using RSA key ID 
3E7E013F
      # gpg: Good signature from "Andreas Färber <afaerber@xxxxxxx>"
      # gpg:                 aka "Andreas Färber <afaerber@xxxxxxxx>"

      * remotes/afaerber/tags/qom-cpu-for-peter:
        disas: QOMify alpha specific disas setup
        disas: QOMify mips specific disas setup
        disas: QOMify sh4 specific disas setup
        disas: QOMify lm32 specific disas setup
        disas: QOMify sparc specific disas setup
        disas: QOMify m68k specific disas setup
        disas: QOMify moxie specific disas setup
        disas: QOMify s390x specific disas setup

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 0960be7cffa7b30189f2f0f76b1ac3c8115660f3
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Sat Jul 11 19:00:05 2015 -0700

      disas: QOMify alpha specific disas setup

      Move the target_disas() alpha specifics to the CPUClass::disas_set_info()
      hook and delete the #ifdef specific code in disas.c.

      This also makes monitor_disas() consistent with target_disas(), as
      monitor_disas() was missing a set of the BFD (This was an omission from
      commit b9bec751c8c8b08d8055da32306eb105db03031b).

      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Acked-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit 63a946c7e3b081d56e617bf264fcb2881a982848
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Sat Jul 11 19:00:04 2015 -0700

      disas: QOMify mips specific disas setup

      Move the target_disas() mips specifics to the CPUClass::disas_set_info()
      hook and delete the #ifdef specific code in disas.c.

      Cc: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Acked-by: Leon Alrae <leon.alrae@xxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit d49dd523e459a4c001a0c87a438fd2fa1f5b4bae
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Sat Jul 11 19:00:03 2015 -0700

      disas: QOMify sh4 specific disas setup

      Move the target_disas() sh4 specifics to the CPUClass::disas_set_info()
      hook and delete the #ifdef specific code in disas.c.

      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Acked-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit 20984673e68ebd069222512c876b846ff2425cc0
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Sat Jul 11 19:00:02 2015 -0700

      disas: QOMify lm32 specific disas setup

      Move the target_disas() lm32 specifics to the CPUClass::disas_set_info()
      hook and delete the #ifdef specific code in disas.c.

      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Acked-by: Michael Walle <michael@xxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit df0900eb89a0672a3f924b7e8d20163dee2383db
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Sat Jul 11 19:00:01 2015 -0700

      disas: QOMify sparc specific disas setup

      Move the target_disas() sparc specifics to the QOM disas_set_info hook
      and delete the #ifdef specific code in disas.c.

      Cc: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit 4f669905d95bbb6296338f9e86ffcdd8eae453d2
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Sat Jul 11 19:00:00 2015 -0700

      disas: QOMify m68k specific disas setup

      Move the target_disas() m68k specifics to the CPUClass::disas_set_info()
      hook and delete the #ifdef specific code in disas.c.

      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Reviewed-by: Laurent Vivier <laurent@xxxxxxxxx>
      Reviewed-by: Greg Ungerer <gerg@xxxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit 9f87a4cacd397e82e80c9512627ce5e190dfa971
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Sat Jul 11 18:59:59 2015 -0700

      disas: QOMify moxie specific disas setup

      Move the target_disas() moxie specifics to the CPUClass::disas_set_info()
      hook and delete the #ifdef specific code in disas.c.

      Cc: Anthony Green <green@xxxxxxxxxxxxxx>
      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit dbad6b74b3de6ce839bd870657b6bcc192e3b74a
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Sat Jul 11 18:59:58 2015 -0700

      disas: QOMify s390x specific disas setup

      Move the target_disas() s390 specifics to the CPUClass::disas_set_info()
      hook and delete the #ifdef specific code in disas.c.

      Cc: Alexander Graf <agraf@xxxxxxx>
      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Acked-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Andreas Färber <afaerber@xxxxxxx>

  commit ca3e40e233e87f7b29442311736a82da01c0df7b
  Merge: c1bd899 3c23402
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Oct 22 12:41:44 2015 +0100

      Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

      vhost, pc, virtio features, fixes, cleanups

      New features:
          VT-d support for devices behind a bridge
          vhost-user migration support

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

      # gpg: Signature made Thu 22 Oct 2015 12:39:19 BST using RSA key ID 
D28D5469
      # gpg: Good signature from "Michael S. Tsirkin <mst@xxxxxxxxxx>"
      # gpg:                 aka "Michael S. Tsirkin <mst@xxxxxxxxxx>"

      * remotes/mst/tags/for_upstream: (37 commits)
        hw/isa/lpc_ich9: inject the SMI on the VCPU that is writing to APM_CNT
        i386: keep cpu_model field in MachineState uptodate
        vhost: set the correct queue index in case of migration with multiqueue
        piix: fix resource leak reported by Coverity
        seccomp: add memfd_create to whitelist
        vhost-user-test: check ownership during migration
        vhost-user-test: add live-migration test
        vhost-user-test: learn to tweak various qemu arguments
        vhost-user-test: wrap server in TestServer struct
        vhost-user-test: remove useless static check
        vhost-user-test: move wait_for_fds() out
        vhost: add migration block if memfd failed
        vhost-user: use an enum helper for features mask
        vhost user: add rarp sending after live migration for legacy guest
        vhost user: add support of live migration
        net: add trace_vhost_user_event
        vhost-user: document migration log
        vhost: use a function for each call
        vhost-user: add a migration blocker
        vhost-user: send log shm fd along with log_base
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 3c23402d4032f69af44a87fdb8019ad3229a4f31
  Author: Laszlo Ersek <lersek@xxxxxxxxxx>
  Date:   Tue Oct 20 20:14:00 2015 +0200

      hw/isa/lpc_ich9: inject the SMI on the VCPU that is writing to APM_CNT

      Commit 4d00636e97b7 ("ich9: Add the lpc chip", Nov 14 2012) added the
      ich9_apm_ctrl_changed() ioport write callback function such that it would
      inject the SMI, in response to a write to the APM_CNT register, on the
      first CPU, invariably.

      Since this register is used by guest code to trigger an SMI synchronously,
      the interrupt should be injected on the VCPU that is performing the write.

      apm_ioport_writeb() is the .write callback of the "apm_ops"
      MemoryRegionOps [hw/isa/apm.c]; it is parametrized to call
      ich9_apm_ctrl_changed() by ich9_lpc_init() [hw/isa/lpc_ich9.c], via
      apm_init(). Therefore this change affects no other board.

      ich9_generate_smi() is an unrelated function that is called by the TCO
      watchdog; a watchdog is likely in its right to (asynchronously) inject
      interrupts on the first CPU only.

      This patch allows the combined edk2/OVMF SMM driver stack to work with
      multiple VCPUs on TCG, using both qemu-system-i386 and qemu-system-x86_64.

      Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Cc: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Cc: Jordan Justen <jordan.l.justen@xxxxxxxxx>
      Cc: Michael Kinney <michael.d.kinney@xxxxxxxxx>
      Cc: "Michael S. Tsirkin" <mst@xxxxxxxxxx>
      Signed-off-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 4884b7bfe962e659c0e20c1d0de6f307d58f09be
  Author: Zhu Guihua <zhugh.fnst@xxxxxxxxxxxxxx>
  Date:   Thu Oct 15 11:12:12 2015 +0800

      i386: keep cpu_model field in MachineState uptodate

      Update cpu_model in MachineState for i386, so that the field can be used
      for cpu hotplug, instead of using a static variable.

      This patch is rebased on the latest master.

      Signed-off-by: Zhu Guihua <zhugh.fnst@xxxxxxxxxxxxxx>
      Reviewed-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Marcel Apfelbaum <marcel@xxxxxxxxxx>
      Acked-by: Andreas Färber <afaerber@xxxxxxx>

  commit 25a2a920dddcf72896d94b37b6048a8147bc3198
  Author: Thibaut Collet <thibaut.collet@xxxxxxxxx>
  Date:   Mon Oct 19 14:59:27 2015 +0200

      vhost: set the correct queue index in case of migration with multiqueue

      When a live migration is started the log address to mark dirty pages is 
provided
      to the vhost backend through the vhost_dev_set_log function.
      This function is called for each queue pairs but the queue index is 
wrongly set:
      always set to the first queue pair. Then vhost backend lost descriptor 
addresses
      of the queue pairs greater than 1 and behaviour of the vhost backend is
      unpredictable.

      The queue index is computed by taking account of the vq_index (to 
retrieve the
      queue pair index) and calling the vhost_get_vq_index method of the 
backend.

      Signed-off-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>
      Cc: qemu-stable@xxxxxxxxxx
      Acked-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit e3fce97cf500c61f23df8e0245e08625fc375295
  Author: zhanghailiang <zhang.zhanghailiang@xxxxxxxxxx>
  Date:   Mon Sep 14 18:40:10 2015 +0800

      piix: fix resource leak reported by Coverity

      config_fd should be closed before return, or there will
      be a resource leak error.

      Signed-off-by: zhanghailiang <zhang.zhanghailiang@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit f8d82b8eb81d3ea29325b4046fafa8ed41e32449
  Author: Eduardo Otubo <eduardo.otubo@xxxxxxxxxxxxxxxx>
  Date:   Fri Oct 9 17:17:41 2015 +0200

      seccomp: add memfd_create to whitelist

      This is used by memfd code.

      Signed-off-by: Eduardo Otubo <eduardo.otubo@xxxxxxxxxxxxxxxx>
      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 1d9edff78fa0b294d6084df76da89e20ee93fdab
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:40 2015 +0200

      vhost-user-test: check ownership during migration

      Check that backend source and destination do not have simultaneous
      ownership during migration.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit b181974724e106c62e4d0ecbe085df09b8a482bb
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:39 2015 +0200

      vhost-user-test: add live-migration test

      This test checks that the log fd is given to the migration source, and
      mark dirty pages during migration.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 704b216887ef4a6c0fe981206bd6d43f3b6863cd
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:38 2015 +0200

      vhost-user-test: learn to tweak various qemu arguments

      Add a new macro to make the qemu command line with other
      values of memory size, and specific chardev id.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit ae31fb5491493c82fface26f7902da7130b70575
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:37 2015 +0200

      vhost-user-test: wrap server in TestServer struct

      In the coming patches, a test will use several servers
      simultaneously. Wrap the server in a struct, out of the global scope.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 82755ff202e96ad9bc74c1268481f96e50907ae1
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:36 2015 +0200

      vhost-user-test: remove useless static check

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit cf72b57f894dd47c32750cf51de1d195a19c5e48
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:35 2015 +0200

      vhost-user-test: move wait_for_fds() out

      This function is a precondition for most vhost-user tests.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 31190ed781a81d2de65cea405e4cb3441ab929fc
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:34 2015 +0200

      vhost: add migration block if memfd failed

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit de1372d466fb4a7bed13f64f50bff14aaa4a5931
  Author: Thibaut Collet <thibaut.collet@xxxxxxxxx>
  Date:   Fri Oct 9 17:17:33 2015 +0200

      vhost-user: use an enum helper for features mask

      The VHOST_USER_PROTOCOL_FEATURE_MASK will be automatically updated when
      adding new features to the enum.

      Signed-off-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>
      [Adapted from mailing list discussion - Marc-André]
      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 3e866365e1eb6bcfa2d01c21debb05b9e47a47f7
  Author: Thibaut Collet <thibaut.collet@xxxxxxxxx>
  Date:   Fri Oct 9 17:17:32 2015 +0200

      vhost user: add rarp sending after live migration for legacy guest

      A new vhost user message is added to allow QEMU to ask to vhost user 
backend to
      broadcast a fake RARP after live migration for guest without 
GUEST_ANNOUNCE
      capability.

      This new message is sent only if the backend supports the new
      VHOST_USER_PROTOCOL_F_RARP protocol feature.
      The payload of this new message is the MAC address of the guest (not 
known by
      the backend). The MAC address is copied in the first 6 bytes of a u64 to 
avoid
      to create a new payload message type.

      This new message has no equivalent ioctl so a new callback is added in the
      userOps structure to send the request.

      Upon reception of this new message the vhost user backend must generate 
and
      broadcast a fake RARP request to notify the migration is terminated.

      Signed-off-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>
      [Rebased and fixed checkpatch errors - Marc-André]
      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit f6f56291de879827766d17b172465d4377ad2c11
  Author: Thibaut Collet <thibaut.collet@xxxxxxxxx>
  Date:   Fri Oct 9 17:17:31 2015 +0200

      vhost user: add support of live migration

      Some vhost user backends are able to support live migration.
      To provide this service the following features must be added:
      1. Add the VIRTIO_NET_F_GUEST_ANNOUNCE capability to vhost-net when netdev
         backend is vhost-user.
      2. Provide a nop receive callback to vhost-user.
         This callback is called by:
          *  qemu_announce_self after a migration to send fake RARP to avoid 
network
             outage for peers talking to the migrated guest.
               - For guest with GUEST_ANNOUNCE capabilities, guest already 
sends GARP
                 when the bit VIRTIO_NET_S_ANNOUNCE is set.
                 => These packets must be discarded.
               - For guest without GUEST_ANNOUNCE capabilities, migration 
termination
                 is notified when the guest sends packets.
                 => These packets can be discarded.
          * virtio_net_tx_bh with a dummy boot to send fake bootp/dhcp request.
            BIOS guest manages virtio driver to send 4 bootp/dhcp request in 
case of
            dummy boot.
            => These packets must be discarded.

      Signed-off-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 69b32a6ce4e1a6096a496996fcda833eb54e81b9
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:30 2015 +0200

      net: add trace_vhost_user_event

      Replace error_report() and use tracing instead. It's not an error to get
      a connection or a disconnection, so silence this and trace it instead.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit c62b91e5804e7d2b1e8e253fc4031b4ea67a11f7
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:29 2015 +0200

      vhost-user: document migration log

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 21e704256dea24baf93b169f5d7b0e7fe684bd15
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:28 2015 +0200

      vhost: use a function for each call

      Replace the generic vhost_call() by specific functions for each
      function call to help with type safety and changing arguments.

      While doing this, I found that "unsigned long long" and "uint64_t" were
      used interchangeably and causing compilation warnings, using uint64_t
      instead, as the vhost & protocol specifies.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      [Fix enum usage and MQ - Thibaut Collet]
      Signed-off-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit d2fc4402cb152d3e526f736d7d53dbd050ef8794
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:27 2015 +0200

      vhost-user: add a migration blocker

      If VHOST_USER_PROTOCOL_F_LOG_SHMFD is not announced, block vhost-user
      migration. The blocker is removed in vhost_dev_cleanup().

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 9a78a5dd272a190d262b5ba5d4721ab93d48c564
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:26 2015 +0200

      vhost-user: send log shm fd along with log_base

      Send the shm for the dirty pages logging if the backend supports
      VHOST_USER_PROTOCOL_F_LOG_SHMFD. Wait for a reply to make sure
      the old log is no longer used.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 15324404f68cde561d0eeee3d18a7b203f57f095
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:25 2015 +0200

      vhost: alloc shareable log

      If the backend is requires it, allocate shareable memory.

      vhost_log_get() now uses 2 globals "vhost_log" and "vhost_log_shm", that
      way there is a common non-shareable log and a common shareable one.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 1be0ac2109fbaca6e730ac578f0564507d173e2d
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:24 2015 +0200

      vhost-user: add vhost_user_requires_shm_log()

      Check if the backend has VHOST_USER_PROTOCOL_F_LOG_SHMFD feature and
      require a shared log.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit c2bea314f6a2870b847c79e2e11263c5f9334db7
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:23 2015 +0200

      vhost: add vhost_set_log_base op

      Split VHOST_SET_LOG_BASE call in a seperate function callback, so that
      type safety works and more arguments can be added in the next patches.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 636f4dddfe48ccabaf5198bba440354d6a268d62
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:22 2015 +0200

      vhost: document log resizing

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 35f9b6ef3acc9d0546c395a566b04e63ca84e302
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:21 2015 +0200

      util: add fallback for qemu_memfd_alloc()

      Add an open/unlink/mmap fallback for system that do not support
      memfd (only available since 3.17, ~1y ago).

      This patch may require additional SELinux policies to work for enforced
      systems, but should fail gracefully in this case.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit d3592199ba3db504c6585115b9531b4cf7c50a0d
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:20 2015 +0200

      util: add memfd helpers

      Add qemu_memfd_alloc/free() helpers.

      The function helps to allocate and seal shared memory.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit f04cf9239addd12d6be9e7ff137262755e3680d3
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:19 2015 +0200

      util: add linux-only memfd fallback

      Implement memfd_create() fallback if not available in system libc.
      memfd_create() is still not included in glibc today, atlhough it's been
      available since Linux 3.17 in Oct 2014.

      memfd has numerous advantages over traditional shm/mmap for ipc memory
      sharing with fd handler, which we are going to make use of for
      vhost-user logging memory in following patches.

      The next patches are going to introduce helpers to use best practices of
      memfd usage and provide some compatibility fallback. memfd.c is thus
      temporarily useless and eventually empty if memfd_create() is provided
      by the system.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit e2792004580e42b86345d141493b1f12ba358fd8
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:18 2015 +0200

      build-sys: split util-obj- on multi-lines

      Make it easier to add new unrelated units with shorter lines.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 1842bdfdbac2ec46f2934d8914c874db83dd1344
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:17 2015 +0200

      linux-headers: add unistd.h

      New syscalls are not yet widely distributed. Add them to qemu
      linux-headers include directory. Update based on v4.3-rc3 kernel headers.

      Exclude mips for now, which is more problematic due to extra header
      inclusion and probably unnecessary here.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 751bcc3981d80594a3943166401af15b76781a5b
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 9 17:17:16 2015 +0200

      configure: probe for memfd

      Check if memfd_create() is part of system libc.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 22de58fe152d68b248bc14efd7affe72286079e5
  Author: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
  Date:   Thu Sep 17 18:42:57 2015 +0200

      virtio: add some migration doc

      Try to cover the basics of virtio migration.

      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Reviewed-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit aebf81680bf49c5953d7ae9ebb7b98c0f4dad8f3
  Author: Igor Mammedov <imammedo@xxxxxxxxxx>
  Date:   Tue Oct 6 10:37:29 2015 +0200

      vhost: fail backend intialization early

      Don't initialize vhost backend if memslots number exceeds the supported
      limit. This prevents failures down the road when backend
      is actually started.

      [MST: rewrite commit log]

      Signed-off-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 3fad87881e55aaff659408dcf25fa204f89a7896
  Author: Igor Mammedov <imammedo@xxxxxxxxxx>
  Date:   Tue Oct 6 10:37:28 2015 +0200

      pc-dimm: add vhost slots limit check before commiting to hotplug

      it allows safely cancel memory hotplug if vhost backend
      doesn't support necessary amount of memory slots and prevents
      QEMU crashing in vhost due to hitting vhost limit on amount
      of supported memory ranges.

      Signed-off-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 2ce68e4cf5be9b5176a3c3c372948d6340724d2d
  Author: Igor Mammedov <imammedo@xxxxxxxxxx>
  Date:   Tue Oct 6 10:37:27 2015 +0200

      vhost: add vhost_has_free_slot() interface

      it will allow for other parts of QEMU check if it's safe
      to map memory region during hotplug/runtime.
      That way hotplug path will have a chance to cancel
      hotplug operation instead of crashing in vhost_commit().

      Signed-off-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit c1bd8997438f1b556acfeab1d52245ff7cc680c0
  Merge: 8bfaa25 19b7bec
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Oct 21 21:21:29 2015 +0100

      Merge remote-tracking branch 'remotes/xtensa/tags/20151021-xtensa' into 
staging

      Xtensa updates:

      - fix register window overflow with l32e/s32e instructions;
      - make MMU events logging dependent on CPU_LOG_MMU;
      - attach FLASH to system I/O region on XTFPGA boards;
      - implement depbits and l32nb instructions.

      # gpg: Signature made Wed 21 Oct 2015 19:34:02 BST using RSA key ID 
F83FA044
      # gpg: Good signature from "Max Filippov 
<max.filippov@xxxxxxxxxxxxxxxxxx>"
      # gpg:                 aka "Max Filippov <jcmvbkbc@xxxxxxxxx>"

      * remotes/xtensa/tags/20151021-xtensa:
        target-xtensa: implement S32NB
        target-xtensa: implement depbits instruction
        target-xtensa: xtfpga: attach FLASH to system IO
        target-xtensa: use CPU_LOG_MMU for MMU event logging
        target-xtensa: add window overflow check to L32E/S32E

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 19b7bec4a37b081ed326293148fd793f04896b59
  Author: Max Filippov <jcmvbkbc@xxxxxxxxx>
  Date:   Sun Jul 19 09:49:00 2015 +0300

      target-xtensa: implement S32NB

      S32NB provides the same functionality as S32I with two exceptions.
      First, when its operation leaves the processor, the external transaction
      is marked Non-Bufferable. Second, it may not be used to write to
      Instruction RAM.
      In QEMU S32NB is equivalent to S32I.

      Signed-off-by: Max Filippov <jcmvbkbc@xxxxxxxxx>

  commit 5eeb40c5b1f00c4ee4fcf2f33087697d7ba6f5f6
  Author: Max Filippov <jcmvbkbc@xxxxxxxxx>
  Date:   Sun Jul 12 02:10:17 2015 +0300

      target-xtensa: implement depbits instruction

      This option provides an instruction for depositing a bit field from the
      least significant position of one register to an arbitrary position in
      another register.

      Signed-off-by: Max Filippov <jcmvbkbc@xxxxxxxxx>

  commit 68931a4082812f56657b39168e815c48f0ab0a8c
  Author: Max Filippov <jcmvbkbc@xxxxxxxxx>
  Date:   Sun Sep 27 18:21:19 2015 +0300

      target-xtensa: xtfpga: attach FLASH to system IO

      XTFPGA FLASH is tied to XTFPGA system IO block. It's not very important
      for systems with MMU where system IO block is visible at single
      location, but it's important for noMMU systems, where system IO block is
      accessible through two separate physical address ranges.

      Map XTFPGA FLASH to system IO block and fix offsets used for mapping.
      Create and initialize FLASH device with series of qdev_prop_set_* as
      that's the preferred interface now. Keep initialization in a separate
      function.

      Signed-off-by: Max Filippov <jcmvbkbc@xxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>

  commit 5577e57b078a118595071241aba6dac8725a7640
  Author: Max Filippov <jcmvbkbc@xxxxxxxxx>
  Date:   Mon Sep 21 20:37:07 2015 +0300

      target-xtensa: use CPU_LOG_MMU for MMU event logging

      Signed-off-by: Max Filippov <jcmvbkbc@xxxxxxxxx>

  commit f822b7e497fa6a662094b491f86441015f363362
  Author: Max Filippov <jcmvbkbc@xxxxxxxxx>
  Date:   Sun Jul 19 10:02:37 2015 +0300

      target-xtensa: add window overflow check to L32E/S32E

      Despite L32E and S32E primary use is for window underflow and overflow
      exception handlers they are just normal instructions, and thus need to
      check for window overflow.

      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Max Filippov <jcmvbkbc@xxxxxxxxx>

  commit 8bfaa25fce2c22060a17501980943538801056de
  Merge: 426c0df 1cd4e0f
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Wed Oct 21 15:07:42 2015 +0100

      Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20151021-v2' into 
staging

      More s390x patches. The first ones are fixes: A regression, missed
      compat and a missed part of the SIMD support. The others contain
      optimizations and cleanup.

      # gpg: Signature made Wed 21 Oct 2015 11:24:48 BST using RSA key ID 
C6F02FAF
      # gpg: Good signature from "Cornelia Huck <huckc@xxxxxxxxxxxxxxxxxx>"
      # gpg:                 aka "Cornelia Huck <cornelia.huck@xxxxxxxxxx>"

      * remotes/cohuck/tags/s390x-20151021-v2:
        s390x/cmma: clean up cmma reset
        s390x: reset crypto only on clear reset and QEMU reset
        s390x: machine reset function with new ipl cpu handling
        s390x/ipl: we always have an ipl device
        s390x: unify device reset during subsystem_reset()
        s390x: flagify mcic values
        s390x/kvm: Fix vector validity bit in device machine checks
        s390x/virtio-ccw: fix 2.4 virtio compat
        util/qemu-config: fix missing machine command line options

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 1cd4e0f6f0a6b1978a5868b41d4faae2071dc4ee
  Author: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Jul 21 11:11:11 2015 +0200

      s390x/cmma: clean up cmma reset

      The cmma reset is per VM, so we don't need a cpu object. We can
      directly make use of kvm_state, as it is already available when
      the reset is called. By moving the cmma reset in our machine reset
      function, we can avoid a manual reset handler.

      Acked-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Reviewed-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Signed-off-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 4ab729207fe1464b19c6bec609cd545ab717174a
  Author: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
  Date:   Wed Sep 30 13:48:45 2015 +0200

      s390x: reset crypto only on clear reset and QEMU reset

      Initializing VM crypto in initial cpu reset has multiple problems

      1. We call the exact same function #VCPU times, although one time is 
enough
      2. On SIGP initial cpu reset, we exchange the wrapping key while
         other VCPUs are running. Bad!
      3. It is simply wrong. According to the Pop, a reset happens only during a
         clear reset.

      So, we have to reset the keys
      - on modified clear reset
      - on load clear (QEMU reset - via machine reset)
      - on qemu start (via machine reset)

      Reviewed-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Signed-off-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit db3b2566e0fb45e2901b6f9b842d91db6963915d
  Author: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Jul 21 13:47:32 2015 +0200

      s390x: machine reset function with new ipl cpu handling

      Current implementation depends on the order of resets getting triggered.

      If a cpu reset is triggered after the ipl device reset, the CPU is 
stopped and
      the VM will not run. In fact, that hinders us from converting the ipl 
device
      into a TYPE_DEVICE. Let's change that by manually configuring the ipl cpu
      during a system reset, so we have full control and can demangle that code.

      Also remove the superflous cpu parameter from s390_update_iplstate on the 
way.

      Acked-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Reviewed-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Signed-off-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit feacc6c2c8fff037f67a89402b29923251833425
  Author: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Jun 25 09:55:55 2015 +0200

      s390x/ipl: we always have an ipl device

      Both s390 machines unconditionally create an ipl device, so no need to
      handle the missing case.

      Now we can also change s390_ipl_update_diag308() to return void.

      Reviewed-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Acked-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Signed-off-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 09c7f58ca9613ccfb1ca13031d0ff3b1794bd782
  Author: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Jul 21 10:58:38 2015 +0200

      s390x: unify device reset during subsystem_reset()

      We have to manually reset several devices that are not on a bus: Let's
      collect them in an array.

      Reviewed-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Acked-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Signed-off-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 052bd52fa978d3f04bc476137ad6e1b9a697f9bd
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Wed Oct 14 12:11:27 2015 +0300

      net: don't set native endianness

      commit 5be7d9f1b1452613b95c6ba70b8d7ad3d0797991
          vhost-net: tell tap backend about the vnet endianness
      makes vhost net always try to set LE - even if that matches the
      native endian-ness.

      This makes it fail on older kernels on x86 without TUNSETVNETLE support.

      To fix, make qemu_set_vnet_le/qemu_set_vnet_be skip the
      ioctl if it matches the host endian-ness.

      Reported-by: Marcel Apfelbaum <marcel@xxxxxxxxxx>
      Cc: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Marcel Apfelbaum <marcel@xxxxxxxxxx>

  commit 794e8f301a17953efa78ab7538019ec43c59e82a
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Thu Sep 24 14:41:17 2015 +0300

      exec: factor out duplicate mmap code

      Anonymous and file-backed RAM allocation are now almost exactly the same.

      Reduce code duplication by moving RAM mmap code out of oslib-posix.c and
      exec.c.

      Reported-by: Marc-André Lureau <mlureau@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Acked-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

      Tested-by: Thibaut Collet <thibaut.collet@xxxxxxxxx>

  commit 426c0df9e3e6e64c7ea489092c57088ca4d227d0
  Merge: ee9dfed 88c5f20
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 20 16:51:43 2015 +0100

      Merge remote-tracking branch 
'remotes/berrange/tags/io-channel-3-for-upstream' into staging

      Merge io-channels-3 partial branch

      # gpg: Signature made Tue 20 Oct 2015 16:36:10 BST using RSA key ID 
15104FDF
      # gpg: Good signature from "Daniel P. Berrange <dan@xxxxxxxxxxxx>"
      # gpg:                 aka "Daniel P. Berrange <berrange@xxxxxxxxxx>"

      * remotes/berrange/tags/io-channel-3-for-upstream:
        util: pull Buffer code out of VNC module
        coroutine: move into libqemuutil.a library
        osdep: add qemu_fork() wrapper for safely handling signals
        ui: convert VNC startup code to use SocketAddress
        sockets: allow port to be NULL when listening on IP address
        sockets: move qapi_copy_SocketAddress into qemu-sockets.c
        sockets: add helpers for creating SocketAddress from a socket

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit b080364aedfc294c53c4c4af255efcf007b35d9d
  Author: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
  Date:   Thu Oct 8 15:05:46 2015 +0200

      s390x: flagify mcic values

      Instead of using magic values when building the machine check
      interruption code, add some defines as by chapter 11-14 in the PoP.

      This should make it easier to catch problems like the missing vector
      register validity bit ("s390x/kvm: Fix vector validity bit in device
      machine checks"), and less hassle should we want to generate machine
      checks beyond the channel reports we currently support.

      Acked-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 2ab75df38e34fe9bc271b5115ab52114e6e63a89
  Author: Christian Borntraeger <borntraeger@xxxxxxxxxx>
  Date:   Wed Oct 7 10:29:42 2015 +0200

      s390x/kvm: Fix vector validity bit in device machine checks

      Device hotplugs trigger a crw machine check. All machine checks
      have validity bits for certain register types. With vector support
      we also have to claim that vector registers are valid.
      This is a band-aid suitable for stable. Long term we should
      create the full  mcic value dynamically depending on the active
      features in the kernel interrupt handler.

      Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Reviewed-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 085b0b055b189e8846ca3108e6774e3b9e60c1ce
  Author: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
  Date:   Thu Oct 8 15:11:34 2015 +0200

      s390x/virtio-ccw: fix 2.4 virtio compat

      Commit 542571d5 ("virtio-ccw: enable virtio-1") missed some virtio
      devices for the 2.4 compat handling. Add them.

      Fixes: 542571d5 ("virtio-ccw: enable virtio-1")
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Reviewed-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>

  commit 5bcfa0c543b42a560673cafd3b5225900ef617e1
  Author: Tony Krowiak <akrowiak@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Oct 12 11:36:21 2015 -0400

      util/qemu-config: fix missing machine command line options

      Commit 0a7cf217 ("util/qemu-config: fix regression of
      qmp_query_command_line_options") aimed to restore parsing of global
      machine options, but missed two: "aes-key-wrap" and
      "dea-key-wrap" (which were present in the initial version of that
      patch). Let's add them to the machine_opts again.

      Fixes: 0a7cf217 ("util/qemu-config: fix regression of
                        qmp_query_command_line_options")
      CC: Marcel Apfelbaum <marcel@xxxxxxxxxx>
      CC: qemu-stable@xxxxxxxxxx
      Signed-off-by: Tony Krowiak <akrowiak@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Marcel Apfelbaum <marcel@xxxxxxxxxx>
      Tested-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Message-Id: 
<1444664181-28023-1-git-send-email-akrowiak@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>

  commit 88c5f205fa4c095db4c50eb7ad72816140206819
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Tue Mar 3 17:13:42 2015 +0000

      util: pull Buffer code out of VNC module

      The Buffer code in the VNC server is useful for the IO channel
      code, so pull it out into a shared module, QIOBuffer.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit 10817bf09d5f8cb22711fb0ee8d8da49f6f05f89
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Tue Sep 1 14:48:02 2015 +0100

      coroutine: move into libqemuutil.a library

      The coroutine files are currently referenced by the block-obj-y
      variable. The coroutine functionality though is already used by
      more than just the block code. eg migration code uses coroutine
      yield. In the future the I/O channel code will also use the
      coroutine yield functionality. Since the coroutine code is nicely
      self-contained it can be easily built as part of the libqemuutil.a
      library, making it widely available.

      The headers are also moved into include/qemu, instead of the
      include/block directory, since they are now part of the util
      codebase, and the impl was never in the block/ directory
      either.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit 57cb38b3833c5215131b983f181b26d6ba9b8d35
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Fri Aug 28 14:40:01 2015 +0100

      osdep: add qemu_fork() wrapper for safely handling signals

      When using regular fork() the child process of course inherits
      all the parents' signal handlers. If the child then proceeds
      to close() any open file descriptors, it may break some of those
      registered signal handlers. The child generally does not want to
      ever run any of the signal handlers that the parent may have
      installed in the short time before it exec's. The parent may also
      have blocked various signals which the child process will want
      enabled.

      This introduces a wrapper qemu_fork() that takes care to sanitize
      signal handling across fork. Before forking it blocks all signals
      in the parent thread. After fork returns, the parent unblocks the
      signals and carries on as usual. The child, however, resets all the
      signal handlers back to their defaults before it unblocks signals.
      The child process can now exec the binary in a "clean" signal
      environment.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit e0d03b8ceb52e390b8b0a5db1762a8435dd8a44e
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Fri Aug 14 18:56:44 2015 +0100

      ui: convert VNC startup code to use SocketAddress

      The VNC code is currently using QemuOpts to configure the
      sockets connections / listeners it needs. Convert it to
      use SocketAddress to bring it in line with modern QAPI
      based code elsewhere in QEMU.

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit 0983f5e6af76d5df8c6346cbdfff9d8305fb6da0
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Tue Sep 1 14:46:50 2015 +0100

      sockets: allow port to be NULL when listening on IP address

      If the port in the SocketAddress struct is NULL, it can allow
      the kernel to automatically select a free port. This is useful
      in particular in unit tests to avoid a race trying to find a
      free port to run a test case on.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit 2a8e21c7c8dcb7d235cfd256be36b7e8f9f3fcb3
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Fri Aug 14 18:18:41 2015 +0100

      sockets: move qapi_copy_SocketAddress into qemu-sockets.c

      The qapi_copy_SocketAddress method is going to be useful
      in more places than just qemu-char.c, so move it into
      the qemu-sockets.c file to allow its reuse.

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit 17c55decec2a516cf7f290ec8a5f4f207531e8b4
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Fri May 1 17:36:20 2015 +0100

      sockets: add helpers for creating SocketAddress from a socket

      Add two helper methods that, given a socket file descriptor,
      can return a populated SocketAddress struct containing either
      the local or remote address information.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>

  commit ee9dfed242610ecb91418270fd46b875ed56e201
  Merge: b38c049 d9460a7
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 20 12:56:45 2015 +0100

      Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-20151020-1' 
into staging

      virtio-input: ignore events until the guest driver is ready

      # gpg: Signature made Tue 20 Oct 2015 08:10:00 BST using RSA key ID 
D3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann <gerd@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@xxxxxxxxx>"

      * remotes/kraxel/tags/pull-input-20151020-1:
        virtio-input: ignore events until the guest driver is ready

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit b38c0494c141e2d7dabb3ecbf380305b74f9e330
  Merge: df81978 5829b09
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 20 12:17:53 2015 +0100

      Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20151020-1' 
into staging

      vga: enable virtio-vga for pseries, vmsvga cursor checks.

      # gpg: Signature made Tue 20 Oct 2015 08:27:44 BST using RSA key ID 
D3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann <gerd@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@xxxxxxxxx>"

      * remotes/kraxel/tags/pull-vga-20151020-1:
        vmsvga: more cursor checks
        ppc/spapr: Allow VIRTIO_VGA

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit df8197836844275ef805c9031008eb3b20a89b83
  Merge: c14e42d 2cc06a8
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 20 11:45:23 2015 +0100

      Merge remote-tracking branch 'remotes/kraxel/tags/pull-fw_cfg-20151020-1' 
into staging

      fw_cfg: add dma interface, add strings via cmdline.

      # gpg: Signature made Tue 20 Oct 2015 07:07:34 BST using RSA key ID 
D3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann <gerd@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@xxxxxxxxx>"

      * remotes/kraxel/tags/pull-fw_cfg-20151020-1:
        fw_cfg: Define a static signature to be returned on DMA port reads
        Enable fw_cfg DMA interface for x86
        Enable fw_cfg DMA interface for ARM
        Implement fw_cfg DMA interface
        fw_cfg DMA interface documentation
        fw_cfg: document fw_cfg_modify_iXX() update functions
        fw_cfg: insert string blobs via qemu cmdline

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit c14e42d7a4495ecbad7bf8b3d603272e3a8992a1
  Merge: f52dd72 37bc43f
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 20 10:52:56 2015 +0100

      Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20151020-1' 
into staging

      usb: misc small tweaks.

      # gpg: Signature made Tue 20 Oct 2015 08:24:09 BST using RSA key ID 
D3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann <gerd@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@xxxxxxxxx>"

      * remotes/kraxel/tags/pull-usb-20151020-1:
        usb-audio: increate default buffer size
        usb: print device id in "info usb" monitor command
        usb-host: add wakeup call for iso xfers

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit f52dd72dc1a679529e13e51a7b57e787455f92f0
  Merge: 26c7be8 e853ea1
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 20 09:04:20 2015 +0100

      Merge remote-tracking branch 
'remotes/mdroth/tags/qga-pull-2015-10-14-v4-tag' into staging

      qemu-ga patch queue

      * add unit tests for qemu-ga
      * add guest-exec support for posix/w32 guests
      * added 'qemu-ga' target for w32. this allows us to do full MSI build,
        without overloading 'qemu-ga.exe' target with uneeded dependencies.
      * number of s/g_new/g_malloc/ conversions for qga

      v2:
      * commit message and qapi documentation spelling fixes
      * rename 'inp-data' guest-exec param to 'input-data'

      v3:
      * fix OSX build errors for test-qga by using PRId64
        format in place of glib's, and dropping use of G_SPAWN_DEFAULT
        macro for glib 2.22 compat
      * fix win32 build warnings for 32-bit builds by avoid int casts
        of process HANDLEs

      v4:
      * assert connect_qga() doesn't fail
      * only enable test-qga for linux hosts
      * allow get-memory-block-info* to fail if memory blocks aren't exposed in
        sysfs

      # gpg: Signature made Tue 20 Oct 2015 00:33:43 BST using RSA key ID 
F108B584
      # gpg: Good signature from "Michael Roth <flukshun@xxxxxxxxx>"
      # gpg:                 aka "Michael Roth <mdroth@xxxxxxxxxx>"
      # gpg:                 aka "Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>"

      * remotes/mdroth/tags/qga-pull-2015-10-14-v4-tag:
        qga: fix uninitialized value warning for win32
        qga: guest-exec simple stdin/stdout/stderr redirection
        qga: handle G_IO_STATUS_AGAIN in ga_channel_write_all()
        qga: handle possible SIGPIPE in guest-file-write
        qga: guest exec functionality
        qga: drop guest_file_init helper and replace it with static initializers
        tests: add a local test for guest agent
        qga: guest-get-memory-blocks shouldn't fail for unexposed memory blocks
        glib-compat: add 2.38/2.40/2.46 asserts
        qtest: add a few fd-level qmp helpers
        qga: do not override configuration verbosity
        qga: add QGA_CONF environment variable
        qga: Use g_new() & friends where that makes obvious sense
        build: qemu-ga: add 'qemu-ga' build target for w32

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 5829b097204189c56dd1fb62c7f827360394bb39
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Tue Sep 29 09:58:05 2015 +0200

      vmsvga: more cursor checks

      Check the cursor size more carefully.  Also switch to unsigned while
      being at it, so they can't be negative.

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit b798c1905705e6ab44279d8a9ae41e500756eb1c
  Author: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>
  Date:   Tue Sep 15 15:51:29 2015 +1000

      ppc/spapr: Allow VIRTIO_VGA

      It works fine with the Linux driver out of the box

      Signed-off-by: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 37bc43f7fbfb38003550b327002e59d21b80a3e4
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Tue Oct 6 15:31:56 2015 +0200

      usb-audio: increate default buffer size

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 974826f0ab1efc96cd2f61337ee75bda5cde1c77
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Tue Oct 6 15:31:21 2015 +0200

      usb: print device id in "info usb" monitor command

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit e206ddfb57e2595cc43ad3667b3becc6bd2ef62d
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Jul 17 09:12:57 2015 +0200

      usb-host: add wakeup call for iso xfers

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit d9460a7557672af9c4d9d4f153200d1075ed5a78
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 16 13:33:07 2015 +0200

      virtio-input: ignore events until the guest driver is ready

      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit e853ea1cc68716c3d9c22d04578020c6dd743306
  Author: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
  Date:   Sat Oct 17 10:31:16 2015 -0500

      qga: fix uninitialized value warning for win32

      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit a1853dca74362551ec1434b2e15acfcdd53caa99
  Author: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
  Date:   Tue Oct 13 18:41:23 2015 +0300

      qga: guest-exec simple stdin/stdout/stderr redirection

      Implemented with base64-encoded strings in qga json protocol.
      Glib portable GIOChannel is used for data I/O.

      Optinal stdin parameter of guest-exec command is now used as
      stdin content for spawned subprocess.

      If capture-output bool flag is specified, guest-exec redirects out/err
      file descriptiors internally to pipes and collects subprocess
      output.

      Guest-exe-status is modified to return this collected data to requestor
      in base64 encoding.

      Signed-off-by: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      * switch from 'struct GuestIOExecData' to 'GuestIOExecData'
      * s/TRUE/true/g, s/FALSE/false/g for gboolean return values
      * s/inp_data/input_data/
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit f74df9bfce6d133fc64d6b878327849ed2b89b4b
  Author: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
  Date:   Tue Oct 13 18:41:22 2015 +0300

      qga: handle G_IO_STATUS_AGAIN in ga_channel_write_all()

      glib may return G_IO_STATUS_AGAIN which is actually not an error.
      Also fixed a bug when on incomplete write buf pointer was not adjusted.

      Signed-off-by: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reviewed-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 4005b4732e40d3d583510db89ee204b834022d20
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Tue Oct 13 18:41:21 2015 +0300

      qga: handle possible SIGPIPE in guest-file-write

      qemu-ga should not exit on guest-file-write to pipe without read end
      but proper error code should be returned. The behavior of the
      spawned process should be default thus SIGPIPE processing should be
      reset to default after fork() but before exec().

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Signed-off-by: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
      Reviewed-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit d697e30cfff29a6a72e3197a218294ba52e7f0c6
  Author: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
  Date:   Tue Oct 13 18:41:20 2015 +0300

      qga: guest exec functionality

      Guest-exec rewritten in platform-independent style with glib spawn.

      Child process is spawn asynchronously and exit status can later
      be picked up by guest-exec-status command.

      stdin/stdout/stderr of the child now is redirected to /dev/null
      Later we will add ability to specify stdin in guest-exec command
      and to get collected stdout/stderr with guest-exec-status.

      Signed-off-by: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      CC: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      * use g_new0 in place of g_malloc for GuestExec struct
      * commit msg spelling fixes
      * s/inp-data/input-data
      * document capture-input mode as false by default
      * use GetProcessId() for pids on w32 instead of casting HANDLE
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit b4fe97c8230c34ebd407a9f23894b9c614807540
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Tue Oct 13 18:41:19 2015 +0300

      qga: drop guest_file_init helper and replace it with static initializers

      This just makes code shorter and better.

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Signed-off-by: Yuri Pudgorodskiy <yur@xxxxxxxxxxxxx>
      Reviewed-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 62c39b307b3a946f9df4f11396bfeced120c040f
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 2 14:58:18 2015 +0200

      tests: add a local test for guest agent

      Add some local guest agent tests, as it is better than nothing, only
      when CONFIG_POSIX (using unix sockets).

      With the QGA_TEST_SIDE_EFFECTING environment variable, it will include
      tests with side effects, such as freezing/thawing the FS or changing the
      time.

      (a better test would involve a managed VM (or container), but it might
      be better to leave that off to autotest/avocado)

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      * use mkdtemp() in placeof g_mkdtemp() for glib 2.22 compat
      * drop redundant/conflicting compat defines for
        g_assert_{true,false}, since glib-compat has them now.
      * build fixes for OSX: use PRId64 instead of glib formats, drop
        g_spawn_default usage for glib compat
      * assert connect_qga() doesn't fail
      * only enable test-qga for linux hosts
      * allow get-memory-block-info* to fail
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit f693fe6ef402bdcf89b3979bf004c4c5bf646724
  Author: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Oct 19 16:38:25 2015 -0500

      qga: guest-get-memory-blocks shouldn't fail for unexposed memory blocks

      Some guests don't expose memory blocks via sysfs at all. This
      shouldn't be a failure, instead just return an empty list. For
      other access failures we still report an error.

      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 8a0b5421a09ab9b9567300c554d3e169f28fc09d
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 2 14:58:17 2015 +0200

      glib-compat: add 2.38/2.40/2.46 asserts

      Those are mostly useful for writing tests.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Claudio Fontana <claudio.fontana@xxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit dc47995e525c386f893b6e023da6b819f9975ece
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 2 14:58:16 2015 +0200

      qtest: add a few fd-level qmp helpers

      Add a few functions to interact with qmp via a simple fd.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 6eaeae37a5fdd0a1ef88ed9ab4b807669ffc0e2d
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 2 14:58:15 2015 +0200

      qga: do not override configuration verbosity

      Move the default verbosity settings before loading the configuration
      file, or it will overwrite it. Found thanks to writing qga tests :)

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 8e34bf364ae518503642d28bdd43661090ae21bd
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Oct 2 14:58:14 2015 +0200

      qga: add QGA_CONF environment variable

      Having a environment variable allows to override default configuration
      path, useful for testing. Note that this can't easily be an argument,
      since loading config is done before parsing the arguments.

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit f3a06403b82c7f036564e4caf18b52ce6885fcfb
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Mon Sep 14 13:50:44 2015 +0200

      qga: Use g_new() & friends where that makes obvious sense

      g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
      for two reasons.  One, it catches multiplication overflowing size_t.
      Two, it returns T * rather than void *, which lets the compiler catch
      more type errors.

      This commit only touches allocations with size arguments of the form
      sizeof(T).  Same Coccinelle semantic patch as in commit b45c03f.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit fafcaf1d7434bd3a44a5cd6a98594b3ec12d83de
  Author: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Sep 7 18:47:05 2015 -0500

      build: qemu-ga: add 'qemu-ga' build target for w32

      Currently POSIX builds rely on 'qemu-ga' target to do qga-only
      distributable build. On w32, as with most standalone binary targets,
      we rely on 'qemu-ga.exe' target.

      Unlike with POSIX, qemu-ga for w32 has a number of related targets
      such as VSS DLL and MSI package. We can do the full distributable
      qga-only build on w32 with:

        make qemu-ga.exe

      or:

        make msi

      To make that work, we tie VSS dependencies onto qemu-ga.exe.
      However, in reality the DLL isn't part of the binary, so we use a
      filter to pull them out of the LINK recipe, which attempts to link
      against prereqs for binary targets. Additionally, it could be argued
      that VSS is a separate distributable, and shouldn't be implied by
      qemu-ga.exe binary target.

      To avoid this, we can tie the VSS dependencies only to the 'msi'
      target, but that would make it impossible to do a qga-only build of
      the w32 distributable without building the 'msi' package, which was
      supported in the past.

      An alternative approach is to add a new target to build the whole
      distributable. w32 allows us to use the same build target we use
      on POSIX, 'qemu-ga', since the current binary-only target on w32
      is 'qemu-ga.exe'.

      To further simplify the build, we also make 'qemu-ga' build the MSI
      package if the appropriate ./configure options are set, making the
      full qga-only build the same on both POSIX and w32: `make qemu-ga`

      Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Cc: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>

  commit 89a82cd4b6a90fe117fa715e2abe51d5c607560c
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Wed Sep 16 15:33:53 2015 -0700

      cpu-exec: Add "nochain" debug flag

      Respect it to avoid linking TBs together.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 137d63902faf4960081856db9242cbaf234a23af
  Author: James Hogan <james.hogan@xxxxxxxxxx>
  Date:   Fri Oct 2 13:24:17 2015 +0100

      tcg/mips: Support r6 SEL{NE, EQ}Z instead of MOVN/MOVZ

      Extend MIPS movcond implementation to support the SELNEZ/SELEQZ
      instructions introduced in MIPS r6 (where MOVN/MOVZ have been removed).

      Whereas the "MOVN/MOVZ rd, rs, rt" instructions have the following
      semantics:
       rd = [!]rt ? rs : rd

      The "SELNEZ/SELEQZ rd, rs, rt" instructions are slightly different:
       rd = [!]rt ? rs : 0

      First we ensure that if one of the movcond input values is zero that it
      comes last (we can swap the input arguments if we invert the condition).
      This is so that it can exactly match one of the SELNEZ/SELEQZ
      instructions and avoid the need to emit the other one.

      Otherwise we emit the opposite instruction first into a temporary
      register, and OR that into the result:
       SELNEZ/SELEQZ  TMP1, v2, c1
       SELEQZ/SELNEZ  ret, v1, c1
       OR             ret, ret, TMP1

      Which does the following:
       ret = cond ? v1 : v2

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Signed-off-by: James Hogan <james.hogan@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Message-Id: <1443788657-14537-7-git-send-email-james.hogan@xxxxxxxxxx>

  commit bc6d0c22b09a72897d9db4482076f89e7de97400
  Author: James Hogan <james.hogan@xxxxxxxxxx>
  Date:   Fri Oct 2 13:24:16 2015 +0100

      tcg/mips: Support r6 multiply/divide encodings

      MIPSr6 adds several new integer multiply, divide, and modulo
      instructions, and removes several pre-r6 encodings, along with the HI/LO
      registers which were the implicit operands of some of those
      instructions. Update TCG to use the new instructions when built for r6.

      The new instructions actually map much more directly to the TCG ops, as
      they only provide a single 32-bit half of the result and in a normal
      general purpose register instead of HI or LO.

      The mulu2_i32 and muls2_i32 operations are no longer appropriate for r6,
      so they are removed from the TCG opcode table. This is because they
      would need to emit two separate host instructions anyway (for the high
      and low half of the result), which TCG can arrange automatically for us
      in the absense of mulu2_i32/muls2_i32 by splitting it into mul_i32 and
      mul*h_i32 TCG ops.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Signed-off-by: James Hogan <james.hogan@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Message-Id: <1443788657-14537-6-git-send-email-james.hogan@xxxxxxxxxx>

  commit 6e0d096989be52c2b945fc83a9bd15d887bbdb47
  Author: James Hogan <james.hogan@xxxxxxxxxx>
  Date:   Fri Oct 2 13:24:15 2015 +0100

      tcg/mips: Support r6 JR encoding

      MIPSr6 encodes JR as JALR with zero as the link register, and the pre-r6
      JR encoding is removed. Update TCG to use the new encoding when built
      for r6.

      We still use the old encoding for pre-r6, so as not to confuse return
      prediction stack hardware which may detect only particular encodings of
      the return instruction.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Signed-off-by: James Hogan <james.hogan@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Message-Id: <1443788657-14537-5-git-send-email-james.hogan@xxxxxxxxxx>

  commit ce14bd4d469f3a14f6cbfceb6360aee066a60d72
  Author: James Hogan <james.hogan@xxxxxxxxxx>
  Date:   Fri Oct 2 13:24:14 2015 +0100

      tcg/mips: Add use_mips32r6_instructions definition

      Add definition use_mips32r6_instructions to the MIPS TCG backend which
      is constant 1 when built for MIPS release 6. This will be used to decide
      between pre-R6 and R6 instruction encodings.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Signed-off-by: James Hogan <james.hogan@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Message-Id: <1443788657-14537-4-git-send-email-james.hogan@xxxxxxxxxx>

  commit d76f36535099b5d3d880c5e3ac1d411420c8a086
  Author: James Hogan <james.hogan@xxxxxxxxxx>
  Date:   Fri Oct 2 13:24:13 2015 +0100

      disas/mips: Add R6 jr/jr.hb to disassembler

      MIPS r6 encodes jr as jalr zero, and jr.hb as jalr.hb zero, so add these
      encodings to the MIPS disassembly table.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Leon Alrae <leon.alrae@xxxxxxxxxx>
      Signed-off-by: James Hogan <james.hogan@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Message-Id: <1443788657-14537-3-git-send-email-james.hogan@xxxxxxxxxx>

  commit c0e40dbdcc291c85faa289a53be60b7b1b7c7598
  Author: James Hogan <james.hogan@xxxxxxxxxx>
  Date:   Fri Oct 2 13:24:12 2015 +0100

      tcg-opc.h: Simplify insn_start def

      We already have a TLADDR_ARGS definition, so rearrange the order
      slightly and use it in the definition of insn_start, instead of
      having an #ifdef.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Signed-off-by: James Hogan <james.hogan@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Message-Id: <1443788657-14537-2-git-send-email-james.hogan@xxxxxxxxxx>

  commit 1e1df962e325e18a5188c4814cd1a10215a48f79
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Fri Oct 2 22:41:01 2015 +0000

      tcg/ppc: Prefer mask over andi.

      Prefer the instruction that isn't required to modify cr0.

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 5bfd75a35c11dd3aa61c73d0d2cd88137c31519c
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Fri Oct 2 22:25:28 2015 +0000

      tcg/ppc: Revise goto_tb implementation

      Restrict the size of code_gen_buffer to 2GB on ppc64, which
      lets us assert that everything is reachable with addis+addi
      from tb_ret_addr.  This lets us use a max of 4 insns for goto_tb
      instead of 7.

      Emit the indirect branch portion of goto_tb up front, which
      means we only have to update two insns to update any link.
      With a 64-bit store, we can update the link atomically, which
      may be required in future.

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 70f897bdc4ce4101ec008317d43090f532bfb07d
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Fri Oct 2 21:09:54 2015 +0000

      tcg/ppc: Adjust exit_tb for change in prologue placement

      Changing the prologue to the beginning of the code_gen_buffer
      changes the direction of the "return" branch.  Need to change
      the logic to match.

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 2cc06a8843ace3d03464032eb3c74bc6e2b07579
  Author: Kevin O'Connor <kevin@xxxxxxxxxxxx>
  Date:   Thu Oct 8 17:02:58 2015 +0200

      fw_cfg: Define a static signature to be returned on DMA port reads

      Return a static signature ("QEMU CFG") if the guest does a read to the
      DMA address io register.

      Signed-off-by: Kevin O'Connor <kevin@xxxxxxxxxxxx>
      Reviewed-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit c886fc4c20ff8456b2f788a1404dd321b8b59243
  Author: Marc Marí <markmb@xxxxxxxxxx>
  Date:   Thu Oct 8 17:02:57 2015 +0200

      Enable fw_cfg DMA interface for x86

      Enable the fw_cfg DMA interface for all the x86 platforms.

      Based on Gerd Hoffman's initial implementation.

      Signed-off-by: Marc Marí <markmb@xxxxxxxxxx>
      Reviewed-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 0b341a85ca873cfc4faddbf9012c4c5da1b675bc
  Author: Marc Marí <markmb@xxxxxxxxxx>
  Date:   Thu Oct 8 17:02:56 2015 +0200

      Enable fw_cfg DMA interface for ARM

      Enable the fw_cfg DMA interface for the ARM virt machine.

      Based on Gerd Hoffman's initial implementation.

      Signed-off-by: Marc Marí <markmb@xxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Reviewed-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit a4c0d1deb785611c96a455f65ec032976b00b36f
  Author: Marc Marí <markmb@xxxxxxxxxx>
  Date:   Thu Oct 8 17:02:55 2015 +0200

      Implement fw_cfg DMA interface

      Based on the specifications on docs/specs/fw_cfg.txt

      This interface is an addon. The old interface can still be used as usual.

      Based on Gerd Hoffman's initial implementation.

      Signed-off-by: Marc Marí <markmb@xxxxxxxxxx>
      Reviewed-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit c9eae1d4b93695d98fa5306a28b7fb7acc34ae67
  Author: Marc Marí <markmb@xxxxxxxxxx>
  Date:   Thu Oct 8 17:02:54 2015 +0200

      fw_cfg DMA interface documentation

      Add fw_cfg DMA interface specification in the documentation.

      Based on Gerd Hoffman's initial implementation.

      Signed-off-by: Marc Marí <markmb@xxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Reviewed-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 57c3d238a5ff7e7ad7aba098b5d55d8d89c2a6a1
  Author: Gabriel L. Somlo <somlo@xxxxxxx>
  Date:   Thu Oct 8 17:02:53 2015 +0200

      fw_cfg: document fw_cfg_modify_iXX() update functions

      Document the behavior of fw_cfg_modify_iXX() for leak-less updating
      of integer-type blobs.

      Currently only fw_cfg_modify_i16() is coded, but 32- and 64-bit versions
      may be added later if necessary..

      Signed-off-by: Gabriel Somlo <somlo@xxxxxxx>
      Reviewed-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 6407d76eb4e5b5dd4af8613cef0162f31ff739ed
  Author: Gabriel L. Somlo <somlo@xxxxxxx>
  Date:   Tue Sep 29 12:29:01 2015 -0400

      fw_cfg: insert string blobs via qemu cmdline

      Allow users to provide custom fw_cfg blobs with ascii string
      payloads specified directly on the qemu command line.

      Suggested-by: Jordan Justen <jordan.l.justen@xxxxxxxxx>
      Suggested-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Signed-off-by: Gabriel Somlo <somlo@xxxxxxx>
      Message-id: 1443544141-26568-1-git-send-email-somlo@xxxxxxx
      Reviewd-by: Laszlo Ersek <lersek@xxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 26c7be842637ee65a79cd77f96a99c23ddcd90ad
  Merge: 526d580 dbb7405
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Oct 19 12:13:27 2015 +0100

      Merge remote-tracking branch 'remotes/sstabellini/tags/2015-10-19-tag' 
into staging

      Xen 2015-10-19

      # gpg: Signature made Mon 19 Oct 2015 11:24:05 BST using RSA key ID 
70E1AE90
      # gpg: Good signature from "Stefano Stabellini 
<stefano.stabellini@xxxxxxxxxxxxx>"

      * remotes/sstabellini/tags/2015-10-19-tag:
        xen-platform: Ensure xen is enabled when initializing
        pc: Require xen when initializing xenfv machine

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit dbb7405d8caad0814ceddd568cb49f163a847561
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Mon Sep 28 17:01:24 2015 -0300

      xen-platform: Ensure xen is enabled when initializing

      The xen-platform code crashes on reset if the xen backend is not
      initialized, because it calls xc_hvm_set_mem_type(). Ensure xen-platform
      won't be created without initializing the xen backend.

      The assert can't be triggered by the user because the device is not
      hotpluggable, and the only code creating it (at pc_xen_hvm_init())
      already checks xen_enabled().

      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Reviewed-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
      Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

  commit a88ae0d44b6b5830b752641b2198735272f13eaf
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Mon Sep 28 17:01:23 2015 -0300

      pc: Require xen when initializing xenfv machine

      Without this check, the xen-platform device will crash on reset
      if using the accel option with anything other than xen (e.g.
      "-machine xenfv,accel=kvm").

      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Reviewed-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
      Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

  commit 526d5809a0714edc7f19196f14ec2e607dbd9753
  Merge: aedc880 1c4a55d
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Oct 19 10:52:39 2015 +0100

      Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
staging

      * KVM page size fix for PPC
      * Support for Linux 4.4's new Hyper-V features
      * Eliminate g_slice from areas I maintain
      * checkpatch fix
      * Peter's cpu_reload_memory_map() cleanups
      * More changes to MAINTAINERS
      * Require Python 2.6
      * chardev creation fixes
      * PCI requester id for ARM KVM
      * cleanups and doc fixes
      * Allow customization of the Hyper-V vendor id

      # gpg: Signature made Mon 19 Oct 2015 09:13:10 BST using RSA key ID 
78C7AE83
      # gpg: Good signature from "Paolo Bonzini <bonzini@xxxxxxx>"
      # gpg:                 aka "Paolo Bonzini <pbonzini@xxxxxxxxxx>"

      * remotes/bonzini/tags/for-upstream: (49 commits)
        kvm: Allow the Hyper-V vendor ID to be specified
        kvm: Move x86-specific functions into target-i386/kvm.c
        kvm: Pass PCI device pointer to MSI routing functions
        hw/pci: Introduce pci_requester_id()
        kvm: Make KVM_CAP_SIGNAL_MSI globally available
        doc/rcu: fix g_free_rcu() usage example
        qemu-char: cleanup after completed conversion to cd->create
        qemu-char: convert ringbuf backend to data-driven creation
        qemu-char: convert vc backend to data-driven creation
        qemu-char: convert spice backend to data-driven creation
        qemu-char: convert console backend to data-driven creation
        qemu-char: convert stdio backend to data-driven creation
        qemu-char: convert testdev backend to data-driven creation
        qemu-char: convert braille backend to data-driven creation
        qemu-char: convert msmouse backend to data-driven creation
        qemu-char: convert mux backend to data-driven creation
        qemu-char: convert null backend to data-driven creation
        qemu-char: convert pty backend to data-driven creation
        qemu-char: convert UDP backend to data-driven creation
        qemu-char: convert socket backend to data-driven creation
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit aedc8806172dd1ae904f04169ee3b19fce1d7893
  Merge: 40fe17b 8307c29
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Oct 19 10:06:56 2015 +0100

      Merge remote-tracking branch 'remotes/kraxel/tags/pull-audio-20151019-1' 
into staging

      Remove macros IO_READ_PROTO and IO_WRITE_PROTO

      # gpg: Signature made Mon 19 Oct 2015 09:19:21 BST using RSA key ID 
D3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann <gerd@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@xxxxxxxxx>"

      * remotes/kraxel/tags/pull-audio-20151019-1:
        Remove macros IO_READ_PROTO and IO_WRITE_PROTO

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 1c4a55dbed9a47fde9294f7de6c8bb060d874c88
  Author: Alex Williamson <alex.williamson@xxxxxxxxxx>
  Date:   Fri Oct 16 09:38:22 2015 -0600

      kvm: Allow the Hyper-V vendor ID to be specified

      According to Microsoft documentation, the signature in the standard
      hypervisor CPUID leaf at 0x40000000 identifies the Vendor ID and is
      for reporting and diagnostic purposes only.  We can therefore allow
      the user to change it to whatever they want, within the 12 character
      limit.  Add a new hv-vendor-id option to the -cpu flag to allow
      for this, ex:

       -cpu host,hv_time,hv-vendor-id=KeenlyKVM

      Link: http://msdn.microsoft.com/library/windows/hardware/hh975392
      Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>
      Message-Id: <20151016153356.28104.48612.stgit@xxxxxxxxxx>
      [Adjust error message to match the property name, use error_report. - 
Paolo]
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 28143b409f698210d85165ca518235ac7e7c5ac5
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Thu Oct 15 20:30:20 2015 +0200

      kvm: Move x86-specific functions into target-i386/kvm.c

      The functions for checking xcrs, xsave and pit_state2 are
      only used on x86, so they should reside in target-i386/kvm.c.

      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Message-Id: <1444933820-6968-1-git-send-email-thuth@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit dc9f06ca81e6e16d062ec382701142a3a2ab3f7d
  Author: Pavel Fedin <p.fedin@xxxxxxxxxxx>
  Date:   Thu Oct 15 16:44:52 2015 +0300

      kvm: Pass PCI device pointer to MSI routing functions

      In-kernel ITS emulation on ARM64 will require to supply requester IDs.
      These IDs can now be retrieved from the device pointer using new
      pci_requester_id() function.

      This patch adds pci_dev pointer to KVM GSI routing functions and makes
      callers passing it.

      x86 architecture does not use requester IDs, but hw/i386/kvm/pci-assign.c
      also made passing PCI device pointer instead of NULL for consistency with
      the rest of the code.

      Signed-off-by: Pavel Fedin <p.fedin@xxxxxxxxxxx>
      Message-Id: 
<ce081423ba2394a4efc30f30708fca07656bc500.1444916432.git.p.fedin@xxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit a05f686ff39c373384772b01f1b7fc71e7eb2500
  Author: Pavel Fedin <p.fedin@xxxxxxxxxxx>
  Date:   Thu Oct 15 16:44:51 2015 +0300

      hw/pci: Introduce pci_requester_id()

      For GICv3 ITS implementation we are going to use requester IDs in KVM IRQ
      routing code. This patch introduces reusable convenient way to obtain this
      ID from the device pointer. The new function is now used in some places,
      where the same calculation was used.

      MemTxAttrs.stream_id also renamed to requester_id in order to better
      reflect semantics of the field.

      Signed-off-by: Pavel Fedin <p.fedin@xxxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Acked-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Message-Id: 
<5814bcb03a297f198e796b13ed9c35059c52f89b.1444916432.git.p.fedin@xxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 50bf31b9379cf88c4fe92ec477fdc56f89d1af94
  Author: Pavel Fedin <p.fedin@xxxxxxxxxxx>
  Date:   Thu Oct 15 16:44:50 2015 +0300

      kvm: Make KVM_CAP_SIGNAL_MSI globally available

      This capability is useful to determine whether we can use KVM ITS
      emulation on ARM

      Signed-off-by: Pavel Fedin <p.fedin@xxxxxxxxxxx>
      Message-Id: 
<ff4ccb09b837d37defd639b885526949a25276de.1444916432.git.p.fedin@xxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 9bda456e419273199221625894003bf9307d8451
  Author: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
  Date:   Wed Oct 14 18:46:44 2015 +0300

      doc/rcu: fix g_free_rcu() usage example

      The first argument of g_free_rcu() is a pointer to a structure.  But
      foo_reclaim is used as a function name in the previous example along
      with &foo as a pointer to the structure being reclaimed.  Make the
      example consistent with the previous one.

      Signed-off-by: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
      Message-Id: <1444837604-13712-1-git-send-email-serge.fdrv@xxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 1c3af0f4f04bd6e6729783a48bb51ca1eb5c3baf
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Oct 12 09:51:41 2015 +0200

      qemu-char: cleanup after completed conversion to cd->create

      All backends now return errors through Error*, so the "Failed to
      create chardev" placeholder error can only be reached if the backend
      is not available (and only from the chardev-add QMP command; instead,
      the -chardev command line option fails earlier).

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 479f09a130f774b0275134b5c44081ea71fe00b3
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:51:14 2015 +0200

      qemu-char: convert ringbuf backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit fa19d02539a56ac20d03b2eef775be7ffcdd695a
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:49:06 2015 +0200

      qemu-char: convert vc backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 68145e178ac200a27b5f0ab342da80cf60ddd576
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:45:47 2015 +0200

      qemu-char: convert spice backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 122e5ed4412cadce2d44a5f636e4d1bfc67c534b
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:42:04 2015 +0200

      qemu-char: convert console backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 8c84b25d975870bbed2e089fe61e037c58a69854
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:40:28 2015 +0200

      qemu-char: convert stdio backend to data-driven creation

      The backend now always returns errors via the Error* argument.
      This avoids a double error message.  Before:

          qemu-system-x86_64: -chardev stdio,id=base: cannot use stdio with 
-daemonize
          qemu-system-x86_64: -chardev stdio,id=base: Failed to create chardev

      After:

          qemu-system-x86_64: -chardev stdio,id=base: cannot use stdio with 
-daemonize

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 0498790173e462ac3a7e4e0f3608704b8382dd10
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:33:42 2015 +0200

      qemu-char: convert testdev backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit e47666b8d1f0a7043d53671587058b3ce539b09d
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:31:26 2015 +0200

      qemu-char: convert braille backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 96d885b93b47243d2fc6ee826abaa8c0017282c9
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:29:15 2015 +0200

      qemu-char: convert msmouse backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 3c0e5a4a845c9e2823c9060631eeefebabc2f093
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:27:24 2015 +0200

      qemu-char: convert mux backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 0d64992b5dfe099b170a0b19922833cc82745620
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:24:29 2015 +0200

      qemu-char: convert null backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit c2e75a432b907562cf93772b7d058d1ec8a8f8f1
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:23:42 2015 +0200

      qemu-char: convert pty backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit e79b80daa252ffb4bc5c84c836714eb45ab3bb68
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:17:20 2015 +0200

      qemu-char: convert UDP backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit dbba8d1be3db5a52cfe200f219fbf8840d75cb14
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:15:53 2015 +0200

      qemu-char: convert socket backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 20cbe7a27980ef7e2ecd307cd210fc23b3f0762e
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:14:07 2015 +0200

      qemu-char: convert pipe backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 38bfb1a63d05d000f128ea740442955070d9ff57
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Oct 12 09:49:28 2015 +0200

      qemu-char: convert parallel backend to data-driven creation

      Conversion to Error * brings better error messages; before:

          qemu-system-x86_64: -chardev id=serial,backend=parallel,path=vl.c: 
Failed to create chardev

      After:

          qemu-system-x86_64: -chardev id=serial,backend=parallel,path=vl.c: 
not a parallel port: Inappropriate ioctl for device

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 8307c294a355bbf3c5352e00877365b0cda66d52
  Author: Nutan Shinde <nutanshinde1992@xxxxxxxxx>
  Date:   Wed Oct 7 22:02:54 2015 +0530

      Remove macros IO_READ_PROTO and IO_WRITE_PROTO

      Signed-off-by: Nutan Shinde <nutanshinde1992@xxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 40fe17bea478793fc9106a630fa3610dad51f939
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 16 17:19:35 2015 +0100

      hw/ide/ahci.c: Fix shift left into sign bit

      Avoid undefined behaviour from shifting left into the sign bit:

      hw/ide/ahci.c:551:36: runtime error: left shift of 255 by 24 places 
cannot be represented in type 'int'

      (Unfortunately C's promotion rules mean that in the expression
      "some_uint8_t_variable << 24" the LHS gets promoted to signed
      int before shifting.)

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>

  commit 7df953bd456da45f761064974820ab5c3fd7b2aa
  Author: Knut Omang <knut.omang@xxxxxxxxxx>
  Date:   Sun Oct 4 15:48:50 2015 +0200

      intel_iommu: Add support for translation for devices behind bridges

      - Use a hash table indexed on bus pointers to store information about 
buses
        instead of using the bus numbers.
        Bus pointers are stored in a new VTDBus struct together with the vector
        of device address space pointers indexed by devfn.
      - The bus number is still used for lookup for selective SID based 
invalidate,
        in which case the bus number is lazily resolved from the bus hash table 
and
        cached in a separate index.

      Signed-off-by: Knut Omang <knut.omang@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit c737c7a608f4cd2c06e6600303845c4b469822c5
  Merge: 6d57410 6b826af
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Sat Oct 17 22:14:52 2015 +0100

      Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into 
staging

      Block layer patches

      # gpg: Signature made Fri 16 Oct 2015 14:36:50 BST using RSA key ID 
C88F2FD6
      # gpg: Good signature from "Kevin Wolf <kwolf@xxxxxxxxxx>"

      * remotes/kevin/tags/for-upstream: (29 commits)
        blkdebug: Don't confuse image as backing file
        qcow2: Remove forward declaration of QCowAIOCB
        qemu-nbd: always compile in --aio=MODE option
        blockdev: always compile in -drive aio= parsing
        raw-posix: warn about BDRV_O_NATIVE_AIO if libaio is unavailable
        block: auto-generated node-names
        util - add automated ID generation utility
        blkverify: Fix BDS leak in .bdrv_open error path
        block: Allow bdrv_unref_child(bs, NULL)
        block: Remove bdrv_swap()
        block: Add and use bdrv_replace_in_backing_chain()
        blockjob: Store device name at job creation
        block: Implement bdrv_append() without bdrv_swap()
        block: Introduce parents list
        block-backend: Add blk_set_bs()
        block/io: Make bdrv_requests_pending() public
        block: Split bdrv_move_feature_fields()
        block: Manage backing file references in bdrv_set_backing_hd()
        block: Convert bs->backing_hd to BdrvChild
        block: Remove bdrv_open_image()
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 6d57410a79d51d92673c54f26624b44f27fa6214
  Merge: 9c1f5bb 5d98bf8
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Sat Oct 17 12:31:33 2015 +0100

      Merge remote-tracking branch 
'remotes/pmaydell/tags/pull-target-arm-20151016' into staging

      target-arm queue:
       * break TBs after ISB instructions
       * more support code for future implementation of EL2 and 64-bit EL3
       * tell guest if KVM is enabled in SMBIOS version string
       * implement OSLAR/OSLSR system registers
       * provide better help text for Sharp PDA machine names
       * rename imx25_pdk to imx25-pdk (since it has never been released
         with the underscore-version name)
       * fix MMIO writes in zynq_slcr
       * implement MDCR_EL2
       * virt: allow the guest to configure PCI BARs with zero PCI addresses
       * fix breakpoint handling code

      # gpg: Signature made Fri 16 Oct 2015 14:56:15 BST using RSA key ID 
14360CDE
      # gpg: Good signature from "Peter Maydell <peter.maydell@xxxxxxxxxx>"
      # gpg:                 aka "Peter Maydell <pmaydell@xxxxxxxxx>"
      # gpg:                 aka "Peter Maydell 
<pmaydell@xxxxxxxxxxxxxxxxxxxxxx>"

      * remotes/pmaydell/tags/pull-target-arm-20151016:
        target-arm: Fix CPU breakpoint handling
        target-arm: Fix GDB breakpoint handling
        target-arm: implement arm_debug_target_el()
        hw/arm/virt: Allow zero address for PCI IO space
        target-arm: Add MDCR_EL2
        misc: zynq_slcr: Fix MMIO writes
        arm: imx25-pdk: Fix machine name
        target-arm: Provide model numbers for Sharp PDAs
        target-arm: Implement AArch64 OSLAR/OSLSR_EL1 sysregs
        hw/arm/virt: smbios: inform guest of kvm
        target-arm: Avoid calling arm_el_is_aa64() function for unimplemented EL
        target-arm: Break the TB after ISB to execute self-modified code 
correctly
        target-arm: Add missing 'static' attribute

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 9c1f5bbc739f3278353becf94839551afed0fdbd
  Merge: 61f7901 468a895
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 16 19:11:59 2015 +0100

      Merge remote-tracking branch 'remotes/pmaydell/tags/pull-cocoa-20151016' 
into staging

      cocoa queue:
       * fixes for compiler warnings
       * fix mouse cursor flickering

      # gpg: Signature made Fri 16 Oct 2015 11:09:46 BST using RSA key ID 
14360CDE
      # gpg: Good signature from "Peter Maydell <peter.maydell@xxxxxxxxxx>"
      # gpg:                 aka "Peter Maydell <pmaydell@xxxxxxxxx>"
      # gpg:                 aka "Peter Maydell 
<pmaydell@xxxxxxxxxxxxxxxxxxxxxx>"

      * remotes/pmaydell/tags/pull-cocoa-20151016:
        ui/cocoa.m: blinky mouse cursor fix
        ui/cocoa.m: addRemovableDevicesMenuItems() warning fix
        ui/cocoa.m: eliminate normalWindow warning

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 61f7901bb8a7f2f2503b5b025c4c33dbeac9cf5b
  Merge: e95bdb4 99df528
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 16 17:13:05 2015 +0100

      Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-10-15' 
into staging

      QAPI patches

      # gpg: Signature made Thu 15 Oct 2015 07:40:46 BST using RSA key ID 
EB918653
      # gpg: Good signature from "Markus Armbruster <armbru@xxxxxxxxxx>"
      # gpg:                 aka "Markus Armbruster <armbru@xxxxxxxxxxxx>"

      * remotes/armbru/tags/pull-qapi-2015-10-15:
        qapi: Track location that created an implicit type
        qapi: Create simple union type member earlier
        qapi: Lazy creation of array types
        qapi: Don't use info as witness of implicit object type
        qapi: Drop redundant args-member-array test
        qapi: Drop redundant flat-union-reverse-define test
        qapi: Drop redundant returns-int test
        qapi: Move empty-enum to compile-time test
        qapi: Drop redundant alternate-good test
        qapi: Prepare for errors during check()
        qapi: Use predicate callback to determine visit filtering
        qapi: Fix regression with '-netdev help'

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit e95bdb4341c36ee158ff9dda4ade3f94405c69ce
  Merge: c49d341 60be634
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 16 15:47:59 2015 +0100

      Merge remote-tracking branch 
'remotes/juanquintela/tags/migration/20151015' into staging

      migration/next for 20151015

      # gpg: Signature made Thu 15 Oct 2015 07:25:27 BST using RSA key ID 
5872D723
      # gpg: Good signature from "Juan Quintela <quintela@xxxxxxxxxx>"
      # gpg:                 aka "Juan Quintela <quintela@xxxxxxxxxx>"

      * remotes/juanquintela/tags/migration/20151015:
        migration: fix deadlock
        migration: announce VM's new home just before VM is runnable
        Migration: Generate the completed event only when we complete

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 5d98bf8f38c17a348ab6e8af196088cd4953acd0
  Author: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
  Date:   Tue Oct 13 12:56:28 2015 +0300

      target-arm: Fix CPU breakpoint handling

      A QEMU breakpoint match is not definitely an architectural breakpoint
      match. If an exception is generated unconditionally during translation,
      it is hardly possible to ignore it in the debug exception handler.

      Generate a call to a helper to check CPU breakpoints and raise an
      exception only if any breakpoint matches architecturally.

      Signed-off-by: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit e63a2d4d9ed73e33a0b7483085808048be8bbcb1
  Author: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
  Date:   Tue Oct 13 12:56:27 2015 +0300

      target-arm: Fix GDB breakpoint handling

      GDB breakpoints have higher priority so they have to be checked first.
      Should GDB breakpoint match, just return from the debug exception
      handler.

      Signed-off-by: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 6b826af7b010ed1963b1e7bfb5c389dcdbaff222
  Author: Fam Zheng <famz@xxxxxxxxxx>
  Date:   Fri Oct 16 18:46:04 2015 +0800

      blkdebug: Don't confuse image as backing file

      The word "backing file" nowadays refers to the backing_hd in the
      external snapshot sense (i.e. bs->backing_hd), instead of the file sense
      (bs->file). Correct the comment to use the right term.

      Signed-off-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit e394621fbda0d9f69df2c9eab73ad5a5189805bb
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Fri Jul 10 22:19:23 2015 +0200

      qcow2: Remove forward declaration of QCowAIOCB

      This struct doesn't exist any more since commit 3fc48d09 in August 2011,
      it's about time to remove its forward declaration.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit bb628e1af8b8b5ecf6420e50123cb696ee18b09f
  Author: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
  Date:   Thu Jul 23 13:48:36 2015 +0100

      qemu-nbd: always compile in --aio=MODE option

      The --aio=MODE option enables Linux AIO or Windows overlapped I/O.

      The #ifdef CONFIG_LINUX_AIO was a layering violation that also prevented
      Windows overlapped I/O from being used.

      Now that raw-posix.c prints an error when Linux AIO has not been
      compiled in, we can unconditionally compile the option into qemu-nbd.

      After this patch qemu-nbd --aio=native works on Windows.

      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 04d71322c1cf6f527f15397c76bc088ebda7c18b
  Author: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
  Date:   Thu Jul 23 13:48:35 2015 +0100

      blockdev: always compile in -drive aio= parsing

      CONFIG_LINUX_AIO is an implementation detail of raw-posix.c.  Don't
      mention CONFIG_LINUX_AIO in blockdev.c.  Let block drivers decide what
      to do with BDRV_O_NATIVE_AIO.  They may print an error if it is
      unsupported.

      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 1501ecc1d89231164b4aecddd0219ed4395b693a
  Author: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
  Date:   Thu Jul 23 13:48:34 2015 +0100

      raw-posix: warn about BDRV_O_NATIVE_AIO if libaio is unavailable

      raw-posix.c silently ignores BDRV_O_NATIVE_AIO if libaio is unavailable.
      It is confusing when aio=native performance is identical to aio=threads
      because the binary was accidentally built without libaio.

      Print a deprecation warning if -drive aio=native is used with a binary
      that does not support libaio.  There are probably users using aio=native
      who would be inconvenienced if QEMU suddenly refused to start their
      guests.  In the future this will become an error.

      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 15489c769b9a4b3bec5b5848af2960689d7b4bd8
  Author: Jeff Cody <jcody@xxxxxxxxxx>
  Date:   Mon Oct 12 19:36:50 2015 -0400

      block: auto-generated node-names

      If a node-name is not specified, automatically generate the node-name.

      Generated node-names will use the "block" sub-system identifier.

      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit a0f1913637e6cd711aa721233b75eb2ec84d017b
  Author: Jeff Cody <jcody@xxxxxxxxxx>
  Date:   Mon Oct 12 19:36:49 2015 -0400

      util - add automated ID generation utility

      Multiple sub-systems in QEMU may find it useful to generate IDs
      for objects that a user may reference via QMP or HMP.  This patch
      presents a standardized way to do it, so that automatic ID generation
      follows the same rules.

      This patch enforces the following rules when generating an ID:

      1.) Guarantee no collisions with a user-specified ID
      2.) Identify the sub-system the ID belongs to
      3.) Guarantee of uniqueness
      4.) Spoiling predictability, to avoid creating an assumption
          of object ordering and parsing (i.e., we don't want users to think
          they can guess the next ID based on prior behavior).

      The scheme for this is as follows (no spaces):

                      # subsys D RR
      Reserved char --|    |   | |
      Subsystem String ----|   | |
      Unique number (64-bit) --| |
      Two-digit random number ---|

      For example, a generated node-name for the block sub-system may look
      like this:

          #block076

      The caller of id_generate() is responsible for freeing the generated
      node name string with g_free().

      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 7e39d3a2dd34a84900e10b4ea1567f3b352659af
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Tue Oct 13 14:15:53 2015 +0200

      blkverify: Fix BDS leak in .bdrv_open error path

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>

  commit 779020cbdc67011026c10fb620f701bfc6b85547
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Tue Oct 13 14:09:44 2015 +0200

      block: Allow bdrv_unref_child(bs, NULL)

      bdrv_unref() can be called with a NULL argument and doesn't do anything
      then. Make bdrv_unref_child() consistent with it.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>

  commit 8e419aefa07ca8e640f8db50b450378e84d60a11
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Wed Sep 16 16:18:38 2015 +0200

      block: Remove bdrv_swap()

      bdrv_swap() is unused now. Remove it and all functions that have
      no other users than bdrv_swap(). In particular, this removes the
      .bdrv_rebind callbacks from block drivers.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 3f09bfbc7bee812a44838f4c8b254007a9b86cab
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Tue Sep 15 11:58:23 2015 +0200

      block: Add and use bdrv_replace_in_backing_chain()

      This cleans up the mess we left behind in the mirror code after the
      previous patch. Instead of using bdrv_swap(), just change pointers.

      The interface change of the mirror job that callers must consider is
      that after job completion, their local BDS pointers still point to the
      same node now. qemu-img must change its code accordingly (which makes it
      easier to understand); the other callers stays unchanged because after
      completion they don't do anything with the BDS, but just with the job,
      and the job is still owned by the source BDS.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 8ccb9569a976056c9594bb720ba33d84827648d9
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Wed Sep 16 13:34:54 2015 +0200

      blockjob: Store device name at job creation

      Some block jobs change the block device graph on completion. This means
      that the device that owns the job and originally was addressed with its
      device name may no longer be what the corresponding BlockBackend points
      to.

      Previously, the effects of bdrv_swap() ensured that the job was (at
      least partially) transferred to the target image. Events that contain
      the device name could still use bdrv_get_device_name(job->bs) and get
      the same result.

      After removing bdrv_swap(), this won't work any more. Instead, save the
      device name at job creation and use that copy for QMP events and
      anything else identifying the job.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit dd62f1ca433ea60b06590884642ad2c8f8e539f2
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Thu Jun 18 14:09:57 2015 +0200

      block: Implement bdrv_append() without bdrv_swap()

      Remember all parent nodes and just change the pointers there instead of
      swapping the contents of the BlockDriverState.

      Handling of snapshot=on must be moved further down in bdrv_open()
      because *pbs (which is the bs pointer in the BlockBackend) must already
      be set before bdrv_append() is called. Otherwise bdrv_append() changes
      the BB's pointer to the temporary snapshot, but bdrv_open() overwrites
      it with the read-only original image.

      We also need to be careful to update callers as the interface changes
      (becomes less insane): Previously, the meaning of the two parameters was
      inverted when bdrv_append() returns. Now any BDS pointers keep pointing
      to the same node.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit d42a8a935b8b2d567331fffa13a70918352668bb
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Thu Sep 17 13:18:23 2015 +0200

      block: Introduce parents list

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit a2d6190048d01c7012ab4fd6a2558f435b7b2fe8
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Thu Sep 17 13:01:50 2015 +0200

      block-backend: Add blk_set_bs()

      It allows changing the BlockDriverState that a BlockBackend points to.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 439db28cf9d4c29c9a97040bc8e08f047ba7e0af
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Wed Sep 16 16:08:17 2015 +0200

      block/io: Make bdrv_requests_pending() public

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 063dd40e110eba7fffff09850ea9116b8dee2ae6
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Thu Sep 17 12:33:26 2015 +0200

      block: Split bdrv_move_feature_fields()

      After bdrv_swap(), some fields must be moved back to their original BDS
      to compensate for the effects that a swap of the contents of the objects
      has while keeping the old addresses. Other fields must be moved back
      because they should logically be moved and must stay on top

      When replacing bdrv_swap() with operations changing the pointers in the
      parents, we only need the latter and must avoid swapping the former.
      Split the function accordingly.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 5db15a57697063b9062a015dbc6d5d38211f2df1
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Mon Sep 14 15:33:33 2015 +0200

      block: Manage backing file references in bdrv_set_backing_hd()

      This simplifies the code somewhat, especially when dropping whole
      backing file subchains.

      The exception is the mirroring code that does adventurous things with
      bdrv_swap() and in order to keep it working, I had to duplicate most of
      bdrv_set_backing_hd() locally. We'll get rid again of this ugliness
      shortly.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 760e006384ecd5b8b8b1b91b5c85ff8fdcb3a21f
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Wed Jun 17 14:55:21 2015 +0200

      block: Convert bs->backing_hd to BdrvChild

      This is the final step in converting all of the BlockDriverState
      pointers that block drivers use to BdrvChild.

      After this patch, bs->children contains the full list of child nodes
      that are referenced by a given BDS, and these children are only
      referenced through BdrvChild, so that updating the pointer in there is
      enough for changing edges in the graph.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit b26e90f56ad3a494ee6337d2075f4dc55b62b3c6
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Tue Jun 16 16:23:54 2015 +0200

      block: Remove bdrv_open_image()

      It is unused now.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 9a4f4c31563b96a075f3deae83e72c726e0c84f8
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Tue Jun 16 14:19:22 2015 +0200

      block: Convert bs->file to BdrvChild

      This patch removes the temporary duplication between bs->file and
      bs->file_child by converting everything to BdrvChild.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 0bd6e91a7e00129764afb9bed83ae5519e18a111
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Tue Jun 16 11:29:22 2015 +0200

      quorum: Convert to BdrvChild

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 3e586be0b2b772394d6ed68c5b5a6da5cbbfe08b
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Tue Jun 16 11:13:47 2015 +0200

      blkverify: Convert s->test_file to BdrvChild

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 24bc15d1f6429dac0de47348b4b302855360c492
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Mon Jun 15 13:50:20 2015 +0200

      vmdk: Use BdrvChild instead of BDS for references to extents

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 1fdd69330872ef91d92482472eef79350d2f379b
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Mon Jun 15 14:11:51 2015 +0200

      block: Introduce BDS.file_child

      Store the BdrvChild for bs->file. At this point, bs->file_child->bs just
      duplicates the bs->file pointer. Later, it will completely replace it.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 68e517a8d7d89298235913a514af70364e559b78
  Author: Jeff Cody <jcody@xxxxxxxxxx>
  Date:   Mon Oct 12 20:18:07 2015 -0400

      block: qemu-iotests - fix vmdk test 059.out

      In commit fe646693acc13ac48b98435d14149ab04dc597bc, the option
      printout format changed.

      This updates the VMDK test 059.out to the correct output.

      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit a910523a244c10d6c458e1415f35a92c3b11387f
  Author: Kashyap Chamarthy <kchamart@xxxxxxxxxx>
  Date:   Fri Oct 2 14:12:34 2015 +0200

      qmp-commands.hx: Update the supported 'transaction' operations

      Although the canonical source of reference for QMP commands is
      qapi-schema.json, for consistency's sake, update qmp-commands.hx to
      state the list of supported transactionable operations, namely:

          drive-backup
          blockdev-backup
          blockdev-snapshot-internal-sync
          abort
          block-dirty-bitmap-add
          block-dirty-bitmap-clear

      Also update the possible values for the "type" action array.

      Signed-off-by: Kashyap Chamarthy <kchamart@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 317438e6dba5d7bb44bd867c10993c54b927992b
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Thu Sep 17 17:33:06 2015 +0300

      throttle: test that snapshots move the throttling configuration

      If a snapshot is performed on a device that has I/O limits they should
      be moved to the target image (the new active layer).

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit efd0fbbcf5d28b18fc629681e3bc8bee1bfadd9a
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Mon Sep 28 17:23:00 2015 +0300

      iotests: disable core dumps in test 061

      Commit 934659c460 disabled the supression of segmentation faults in
      bash tests. The new output of test 061, however, assumes that a core
      dump will be produced if a program aborts. This is not necessarily the
      case because core dumps can be disabled using ulimit.

      Since we cannot guarantee that abort() will produce a core dump, we
      should use SIGKILL instead (that does not produce any) and update the
      test output accordingly.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 81669b8b81eb450d7b89ee5fdd57bdb73d87022d
  Author: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
  Date:   Mon Sep 14 13:53:48 2015 +0300

      target-arm: implement arm_debug_target_el()

      Implement debug exception routing according to ARM ARM D2.3.1 Pseudocode
      description of routing debug exceptions.

      Signed-off-by: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 74de8c356844080fcabc3a44b08b9d22feda691f
  Author: Alexander Gordeev <agordeev@xxxxxxxxxx>
  Date:   Fri Oct 16 11:14:54 2015 +0100

      hw/arm/virt: Allow zero address for PCI IO space

      Currently PCI IO address 0 is not allowed even though
      the IO space starts from 0. This update makes  PCI IO
      address 0 usable.

      CC: Peter Maydell <peter.maydell@xxxxxxxxxx>
      CC: Andrew Jones <drjones@xxxxxxxxxx>
      Signed-off-by: Alexander Gordeev <agordeev@xxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 14cc7b54372995a6ba72c7719372e4f710fc9b5a
  Author: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
  Date:   Fri Oct 16 11:14:54 2015 +0100

      target-arm: Add MDCR_EL2

      Add the MDCR_EL2 register. We don't implement any of
      the debug-related traps this register controls yet, so
      currently it simply reads back as written.

      Signed-off-by: Sergey Fedorov <serge.fdrv@xxxxxxxxx>
      Message-id: 1444383794-16767-1-git-send-email-serge.fdrv@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      [PMM: tweaked commit message; moved non-dummy definition from
      debug_cp_reginfo to el2_cp_reginfo.]
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit c209b0537203c58a051e5d837320335cea23e494
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Fri Oct 16 11:14:53 2015 +0100

      misc: zynq_slcr: Fix MMIO writes

      The /4 for offset calculation in MMIO writes was happening twice giving
      wrong write offsets. Fix.

      While touching the code, change the if-else to be a short returning if
      and convert the debug message to a GUEST_ERROR, which is more accurate
      for this condition.

      Cc: qemu-stable@xxxxxxxxxx
      Cc: Guenter Roeck <linux@xxxxxxxxxxxx>
      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Reviewed-by: Alistair Francis <alistair.francis@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit b64d64de1a5b88de88146e3ad36e7b09b97837eb
  Author: Peter Crosthwaite <crosthwaitepeter@xxxxxxxxx>
  Date:   Fri Oct 16 11:14:53 2015 +0100

      arm: imx25-pdk: Fix machine name

      ARM uses dashes instead of underscores for machine names. Fix imx25_pdk
      which has not seen a release yet (so there is no legacy yet).

      Cc: Jean-Christophe Dubois <jcd@xxxxxxxxxxxxxxx>
      Signed-off-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Message-id: 1444445785-3648-1-git-send-email-crosthwaite.peter@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      [PMM: Added change to tests/ds1338-test.c to use new machine name]
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit ad1e8db894fa055ffa9447a5d86520ef1cbac6e9
  Author: Ryo ONODERA <ryo_on@xxxxxxxxxxxx>
  Date:   Fri Oct 16 11:14:53 2015 +0100

      target-arm: Provide model numbers for Sharp PDAs

      * For Collie, Akita, Spitz, Borzoi, Terrier and Tosa PDAs, provide
        model numbers and manufacturer (Sharp) information.

      Signed-off-by: Ryo ONODERA <ryo_on@xxxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 1424ca8d4320427c3e93722b65e19077969808a2
  Author: Davorin Mista <davorin.mista@xxxxxxxxxx>
  Date:   Fri Oct 16 11:14:53 2015 +0100

      target-arm: Implement AArch64 OSLAR/OSLSR_EL1 sysregs

      Added oslar_write function to OSLAR_EL1 sysreg, using a status variable
      in ARMCPUState.cp15 struct (oslsr_el1). This variable is also linked
      to the newly added read-only OSLSR_EL1 register.

      Linux reads from this register during its suspend/resume procedure.

      Signed-off-by: Davorin Mista <davorin.mista@xxxxxxxxxx>
      [PMM: folded a long line and tweaked a comment]
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit bab27ea2e3855b6495a743f19b9d28cb013443ea
  Author: Andrew Jones <drjones@xxxxxxxxxx>
  Date:   Fri Oct 16 11:14:53 2015 +0100

      hw/arm/virt: smbios: inform guest of kvm

      ARM/AArch64 KVM guests don't have any way to identify
      themselves as KVM guests (x86 guests use a CPUID leaf). Now, we
      could discuss all sorts of reasons why guests shouldn't need to
      know that, but then there's always some case where it'd be
      nice... Anyway, now that we have SMBIOS tables in ARM guests,
      it's easy for the guest to know that it's a QEMU instance. This
      patch takes that one step further, also identifying KVM, when
      appropriate. Again, we could debate why generally nothing
      should care whether it's of type QEMU or QEMU/KVM, but again,
      sometimes it's nice to know...

      Signed-off-by: Andrew Jones <drjones@xxxxxxxxxx>
      Reviewed-by: Wei Huang <wei@xxxxxxxxxx>
      Message-id: 1443017892-15567-1-git-send-email-drjones@xxxxxxxxxx
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 2cde031f5a34996bab32571a26b1a6bcf3e5b5d9
  Author: Sergey Sorokin <afarallax@xxxxxxxxx>
  Date:   Fri Oct 16 11:14:52 2015 +0100

      target-arm: Avoid calling arm_el_is_aa64() function for unimplemented EL

      It is incorrect to call arm_el_is_aa64() function for unimplemented EL.
      This patch fixes several attempts to do so.

      Signed-off-by: Sergey Sorokin <afarallax@xxxxxxxxx>
      [PMM: Reworked several of the comments to be more verbose.]
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 6df99dec9e81838423d723996e96236693fa31fe
  Author: Sergey Sorokin <afarallax@xxxxxxxxx>
  Date:   Fri Oct 16 11:14:52 2015 +0100

      target-arm: Break the TB after ISB to execute self-modified code correctly

      If any store instruction writes the code inside the same TB
      after this store insn, the execution of the TB must be stopped
      to execute new code correctly.
      As described in ARMv8 manual D3.4.6 self-modifying code must do an
      IC invalidation to be valid, and an ISB after it. So it's enough to end
      the TB after ISB instruction on the code translation.
      Also this TB break is necessary to take any pending interrupts immediately
      after an ISB (as required by ARMv8 ARM D1.14.4).

      Signed-off-by: Sergey Sorokin <afarallax@xxxxxxxxx>
      [PMM: tweaked commit message and comments slightly]
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 82c39f6a8898b028515eddcdbc4ae50959d0af5d
  Author: Stefan Weil <sw@xxxxxxxxxxx>
  Date:   Fri Oct 16 11:14:52 2015 +0100

      target-arm: Add missing 'static' attribute

      Signed-off-by: Stefan Weil <sw@xxxxxxxxxxx>
      Message-id: 1443213733-9807-1-git-send-email-sw@xxxxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 468a895bce1492cf83bb8be0d995ccdfcf4f2785
  Author: John Arbuckle <programmingkidx@xxxxxxxxx>
  Date:   Tue Oct 13 21:51:18 2015 +0100

      ui/cocoa.m: blinky mouse cursor fix

      The mouse cursor can become blinky when being moved a lot. This patch 
fixes that
      problem by issuing the redraw sooner.

      Signed-off-by: John Arbuckle <programmingkidx@xxxxxxxxx>
      Message-id: AAA87DD7-EC20-4F4B-B71E-C38461D9FCBA@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit a7940ec0af4be5d35f65890fe0c722efc5489298
  Author: John Arbuckle <programmingkidx@xxxxxxxxx>
  Date:   Tue Oct 13 21:51:18 2015 +0100

      ui/cocoa.m: addRemovableDevicesMenuItems() warning fix

      Eliminate this warning associated with the addRemovableDevicesMenuItems()
      function:

      ui/cocoa.m:1344:13: warning: function declaration isn't a prototype
      [-Wstrict-prototypes]
       static void addRemovableDevicesMenuItems()
                   ^
      ui/cocoa.m: In function 'addRemovableDevicesMenuItems':
      ui/cocoa.m:1344:13: warning: old-style function definition 
[-Wold-style-definition]

      Signed-off-by: John Arbuckle <programmingkidx@xxxxxxxxx>
      Message-id: 7B365FC2-072B-4E8D-A1D9-922C2D691A83@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 99df5289d8c7ebf373c3570d8fba3f3a73360281
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 12 22:22:32 2015 -0600

      qapi: Track location that created an implicit type

      A future patch will move some error checking from the parser
      to the various QAPISchema*.check() methods, which run only
      after parsing completes.  It will thus be possible to create
      a python instance representing an implicit QAPI type that
      parses fine but will fail validation during check().  Since
      all errors have to have an associated 'info' location, we
      need a location to be associated with those implicit types.
      The intuitive info to use is the location of the enclosing
      entity that caused the creation of the implicit type.

      Note that we do not anticipate builtin types being used in
      an error message (as they are not part of the user's QAPI
      input, the user can't cause a semantic error in their
      behavior), so we exempt those types from requiring info, by
      setting a flag to track the completion of _def_predefineds(),
      and tracking that flag in _def_entity().

      No change to the generated code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444710158-8723-13-git-send-email-eblake@xxxxxxxxxx>
      [Missing QAPISchemaArrayType.is_implicit() supplied]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 46292ba75c515baf733df18644052b2ce9492728
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 12 22:22:29 2015 -0600

      qapi: Create simple union type member earlier

      For simple unions, we were creating the implicit 'type' tag
      member during the QAPISchemaObjectTypeVariants constructor.
      This is different from every other implicit QAPISchemaEntity
      object, which get created by QAPISchema methods.  Hoist the
      creation to the caller (renaming _make_tag_enum() to
      _make_implicit_tag()), and pass the entity rather than the
      string name, so that we have the nice property that no
      entities are created as a side effect within a different
      entity.  A later patch will then have an easier time of
      associating location info with each entity creation.

      No change to generated code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444710158-8723-10-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 9f08c8ec73878122ad4b061ed334f0437afaaa32
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 12 22:22:28 2015 -0600

      qapi: Lazy creation of array types

      Commit ac88219a had several TODO markers about whether we needed
      to automatically create the corresponding array type alongside
      any other type.  It turns out that most of the time, we don't!

      There are a few exceptions: 1) We have a few situations where we
      use an array type in internal code but do not expose that type
      through QMP; fix it by declaring a dummy type that forces the
      generator to see that we want to use the array type.

      2) The builtin arrays (such as intList for QAPI ['int']) must
      always be generated, because of the way our QAPI_TYPES_BUILTIN
      compile guard works: we have situations (at the very least
      tests/test-qmp-output-visitor.c) that include both top-level
      "qapi-types.h" (via "error.h") and a secondary
      "test-qapi-types.h". If we were to only emit the builtin types
      when used locally, then the first .h file would not include all
      types, but the second .h does not declare anything at all because
      the first .h set QAPI_TYPES_BUILTIN, and we would end up with
      compilation error due to things like unknown type 'int8List'.

      Actually, we may need to revisit how we do type guards, and
      change from a single QAPI_TYPES_BUILTIN over to a different
      usage pattern that does one #ifdef per qapi type - right now,
      the only types that are declared multiple times between two qapi
      .json files for inclusion by a single .c file happen to be the
      builtin arrays.  But now that we have QAPI 'include' statements,
      it is logical to assume that we will soon reach a point where
      we want to reuse non-builtin types (yes, I'm thinking about what
      it will take to add introspection to QGA, where we will want to
      reuse the SchemaInfo type and friends).  One #ifdef per type
      will help ensure that generating the same qapi type into more
      than one qapi-types.h won't cause collisions when both are
      included in the same .c file; but we also have to solve how to
      avoid creating duplicate qapi-types.c entry points.  So that
      is a problem left for another day.

      Generated code for qapi-types and qapi-visit is drastically
      reduced; less than a third of the arrays that were blindly
      created were actually needed (a quick grep shows we dropped
      from 219 to 69 *List types), and the .o files lost more than
      30% of their bulk.  [For best results, diff the generated
      files with 'git diff --patience --no-index pre post'.]

      Interestingly, the introspection output is unchanged - this is
      because we already cull all types that are not indirectly
      reachable from a command or event, so introspection was already
      using only a subset of array types.  The subset of types
      introspected is now a much larger percentage of the overall set
      of array types emitted in qapi-types.h (since the larger set
      shrunk), but still not 100% (evidence that the array types
      emitted for our new Dummy structs, and the new struct itself,
      don't affect QMP).

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444710158-8723-9-git-send-email-eblake@xxxxxxxxxx>
      [Moved array info tracking to a later patch]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 49823c4b4304a3e4aa5d67e089946b12d6a52d64
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 12 22:22:27 2015 -0600

      qapi: Don't use info as witness of implicit object type

      A future patch will enable error reporting from the various
      QAPISchema*.check() methods.  But to report an error related
      to an implicit type, we'll need to associate a location with
      the type (the same location as the top-level entity that is
      causing the creation of the implicit type), and once we do
      that, keying off of whether foo.info exists is no longer a
      viable way to determine if foo is an implicit type.

      Instead, add an is_implicit() method to QAPISchemaEntity, and use it.
      It can be overridden later for ObjectType and EnumType, when implicit
      instances of those classes gain info.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444710158-8723-8-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 849ab13c1657b51b89693282ddd42ca1f6255354
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Oct 13 12:26:47 2015 -0600

      qapi: Drop redundant args-member-array test

      qapi-schema-test already ensures that we can correctly compile
      an array of enums (__org.qemu_x-command), an array of builtins
      (UserDefNativeListUnion), and an array of structs (again
      __org.qemu_x-command).  That means args-member-array is not
      adding any additional parse-only test coverage, so drop it.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444760807-11307-1-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 70478cef837e86b1cff08073153081ce480e0e6c
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 12 22:22:26 2015 -0600

      qapi: Drop redundant flat-union-reverse-define test

      As of commit 8c3f8e77, we test compilation of forward references
      for a struct base type (UserDefOne), flat union base type
      (UserDefUnionBase), and flat union branch type
      (UserDefFlatUnion2). The only remaining forward reference being
      tested for parsing in flat-union-reverse-define was a forward
      enum declaration.  Once we make sure that always compiles,
      the smaller parse-only test is redundant and can be deleted.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444710158-8723-7-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit cae95eae6270c1ea28a9ba8eee75c441b1015f68
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 12 22:22:25 2015 -0600

      qapi: Drop redundant returns-int test

      qapi-schema-test was already testing that we could have a
      command returning int, but burned a command name in the whitelist.
      Merge the redundant positive test returns-int, and pick a name
      that reduces the whitelist size.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444710158-8723-6-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 625b251c69d983959efaeadeee12405b1a66d331
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 12 22:22:24 2015 -0600

      qapi: Move empty-enum to compile-time test

      Rather than just asserting that we can parse an empty enum,
      let's also make sure we can compile it, by including it in
      qapi-schema-test.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444710158-8723-5-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit baabb84c5b27115b979d864cb2af4d63b823983f
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 12 22:22:23 2015 -0600

      qapi: Drop redundant alternate-good test

      The alternate-good.json test was already covered by
      qapi-schema-test.json.  As future commits will be tweaking
      how alternates are laid out, removing the duplicate test now
      reduces churn.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444710158-8723-4-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 7618b91ff80ec42b84b29be24d8ef53ddb377110
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 12 22:22:22 2015 -0600

      qapi: Prepare for errors during check()

      The next few patches will start migrating error checking from
      ad hoc parse methods into the QAPISchema*.check() methods.  But
      for an error message to display, we first have to fix the
      overall 'try' to catch those errors.  We also want to enable a
      few more assertions, such as making sure every attempt to
      raise a semantic error is passed a valid location info, or that
      various preconditions hold.

      The general approach for moving error checking will then be to
      relax an assertion into an if that raises an exception if the
      condition does not hold, and removing the counterpart ad hoc
      check done during the parse phase.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444710158-8723-3-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 25a0d9c977c2f5db914b0a1619759fd77d97b016
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Mon Oct 12 22:22:21 2015 -0600

      qapi: Use predicate callback to determine visit filtering

      Previously, qapi-types and qapi-visit filtered out implicit
      objects during visit_object_type() by using 'info' (works since
      implicit objects do not [yet] have associated info); meanwhile
      qapi-introspect filtered out all schema types on the first pass
      by returning a python type from visit_begin(), which was then
      used at a distance in QAPISchema.visit() to do the filtering.

      Rather than keeping these ad hoc approaches, add a new visitor
      callback visit_needed() which returns False to skip a given
      entity, and which defaults to True unless overridden.  Use the
      new mechanism to simplify all three filtering visitors.

      No change to the generated code.

      Suggested-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444710158-8723-2-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit d08ac81a459258ce20b3184fa9325c6c1350ac9e
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Wed Oct 14 16:30:25 2015 -0600

      qapi: Fix regression with '-netdev help'

      Commit e36c714e causes 'qemu -netdev help' to dump core, because the
      call to visit_end_union() is no longer conditional on whether *obj was
      allocated.

      Reported by Marc-André Lureau <marcandre.lureau@xxxxxxxxx>
      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1444861825-19256-1-git-send-email-eblake@xxxxxxxxxx>
      [Commit message tweaked to say 'help' instead of '?']
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 60be6340796e66b5ac8aac2d98dde5c79336a89c
  Author: Denis V. Lunev <den@xxxxxxxxxx>
  Date:   Mon Sep 28 14:41:58 2015 +0300

      migration: fix deadlock

      Release qemu global mutex before call synchronize_rcu().
      synchronize_rcu() waiting for all readers to finish their critical
      sections. There is at least one critical section in which we try
      to get QGM (critical section is in address_space_rw() and
      prepare_mmio_access() is trying to aquire QGM).

      Both functions (migration_end() and migration_bitmap_extend())
      are called from main thread which is holding QGM.

      Thus there is a race condition that ends up with deadlock:
      main thread     working thread
      Lock QGA                |
      |             Call KVM_EXIT_IO handler
      |                       |
      |        Open rcu reader's critical section
      Migration cleanup bh    |
      |                       |
      synchronize_rcu() is    |
      waiting for readers     |
      |            prepare_mmio_access() is waiting for QGM
        \                   /
               deadlock

      The patch changes bitmap freeing from direct g_free after synchronize_rcu
      to free inside call_rcu.

      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      Reported-by: Igor Redko <redkoi@xxxxxxxxxxxxx>
      Tested-by: Igor Redko <redkoi@xxxxxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

      CC: Anna Melekhova <annam@xxxxxxxxxxxxx>
      CC: Juan Quintela <quintela@xxxxxxxxxx>
      CC: Amit Shah <amit.shah@xxxxxxxxxx>
      CC: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      CC: Wen Congyang <wency@xxxxxxxxxxxxxx>

  commit 92e3762237475407fe03e1ccac6e30612ab96caf
  Author: Amit Shah <amit.shah@xxxxxxxxxx>
  Date:   Wed Oct 14 17:37:19 2015 +0530

      migration: announce VM's new home just before VM is runnable

      We were announcing the dest host's IP as our new IP a bit too soon -- if
      there were errors detected after this announcement was done, the
      migration is failed and the VM could continue running on the src host --
      causing problems later.

      Move around the qemu_announce_self() call so it's done just before the
      VM is runnable.

      Signed-off-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit ed1f3e0090069dcb9458aa9e450df12bf8eba0b0
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Tue Oct 13 12:21:27 2015 +0100

      Migration: Generate the completed event only when we complete

      The current migration-completed event is generated a bit too early,
      which means that an eager libvirt that's ready to go as soon
      as it sees the event ends up racing with the actual end of migration.

      This corresponds to RH bug:
      https://bugzilla.redhat.com/show_bug.cgi?id=1271145

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      xSigned-off-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 6511d39679f296162a90e71685651717a29e78e5
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:08:05 2015 +0200

      qemu-char: convert serial backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit fd5b036c5c6dc715bd06769a0023c6e1de2dadb4
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 15:06:02 2015 +0200

      qemu-char: convert file backend to data-driven creation

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 4ca172817a8c6df0145c16d80abdf04d53a56d92
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 14:55:59 2015 +0200

      qemu-char: add create to register_char_driver

      Having creation as a member of the CharDriver struct removes the need
      to export functions for qemu-char.c's usage.  After the conversion,
      chardev backends implemented outside qemu-char.c will not need a stub
      creation function anymore.

      Ultimately all drivers will be converted.  For now, support the case
      where cd->create == NULL.

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit d809ab9521ace32a806cdf86ee7df40e1bf88443
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Oct 12 09:46:23 2015 +0200

      qemu-char: cleanup HAVE_CHARDEV_*

      Move the #ifdef up into qmp_chardev_add, and avoid duplicating
      the code that reports unavailable backends.  Split HAVE_CHARDEV_TTY
      into HAVE_CHARDEV_SERIAL and HAVE_CHARDEV_PTY.

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit eaeba65304d9666309f246849adf1eff217b9868
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 14:54:05 2015 +0200

      qemu-char: cleanup qmp_chardev_add

      Use the usual idioms for error propagation.

      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit a1dbc05a6f73e63ccfdd538c1825d44aa6347d8f
  Author: John Arbuckle <programmingkidx@xxxxxxxxx>
  Date:   Tue Oct 13 21:51:18 2015 +0100

      ui/cocoa.m: eliminate normalWindow warning

      Eliminate this warning associated with the setting of the normalWindow's 
title:

      ui/cocoa.m: In function '-[QemuCocoaAppController init]':
      ui/cocoa.m:888:9: warning: format not a string literal and no format 
arguments
       [-Wformat-security]
               [normalWindow setTitle:[NSString stringWithFormat:@"QEMU"]];

      Signed-off-by: John Arbuckle <programmingkidx@xxxxxxxxx>
      Message-id: 57057D6E-C108-4AE1-8370-E7E6855B2F2C@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 0a3c190098e1cb3daaa946cba6663467d1f4e857
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Mon Oct 12 18:41:19 2015 +0100

      README: fill out some useful quickstart information

      The README file is usually the first thing consulted when a user
      or developer obtains a copy of the QEMU source. The current QEMU
      README is lacking immediately useful information and so not very
      friendly for first time encounters. It either redirects users to
      qemu-doc.html (which does not exist until they've actually
      compiled QEMU), or the website (which assumes the user has
      convenient internet access at time of reading).

      This fills out the README file as simple quick-start guide on
      the topics of building source, submitting patches, licensing
      and how to contact the QEMU community. It does not intend to be
      comprehensive, instead referring people to an appropriate web
      page to obtain more detailed information. The intent is to give
      users quick guidance to get them going in the right direction.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Message-Id: <1444671679-17674-1-git-send-email-berrange@xxxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit c49d3411faae8ffaab8f7e5db47405a008411c10
  Merge: 5451316 18bdbc3
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 13 10:42:06 2015 +0100

      Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-10-12' 
into staging

      QAPI patches

      # gpg: Signature made Mon 12 Oct 2015 18:56:35 BST using RSA key ID 
EB918653
      # gpg: Good signature from "Markus Armbruster <armbru@xxxxxxxxxx>"
      # gpg:                 aka "Markus Armbruster <armbru@xxxxxxxxxxxx>"

      * remotes/armbru/tags/pull-qapi-2015-10-12:
        qapi: Simplify gen_visit_fields() error handling
        qapi: Share gen_visit_fields()
        qapi: Share gen_err_check()
        qapi: Consistent generated code: minimize push_indent() usage
        qapi: Consistent generated code: prefer common indentation
        qapi: Consistent generated code: prefer common labels
        qapi: Consistent generated code: prefer visitor 'v'
        qapi: Consistent generated code: prefer error 'err'
        qapi: Reuse code for flat union base validation
        qapi: Test use of 'number' within alternates
        qapi: Add tests for empty unions
        qapi: Avoid assertion failure on union 'type' collision
        qapi: Test for various name collisions
        qapi: Clean up qapi.py per pep8
        qapi: Invoke exception superclass initializer
        qapi: Improve 'include' error message
        qapi: Sort qapi-schema tests
        MAINTAINERS: Specify QAPI include and test files
        MAINTAINERS: Specify QObject include and test files
        docs: Move files from docs/qmp/ to docs/

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 18bdbc3ac8b477e160d56aa6ecd6942495ce44d0
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:15 2015 -0600

      qapi: Simplify gen_visit_fields() error handling

      Since we have consolidated all generated code to use 'err' as
      the name of the local variable for error detection, we can
      simplify the decision on whether to skip error detection (useful
      for deallocation paths) to be a boolean.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-18-git-send-email-eblake@xxxxxxxxxx>
      [Change to gen_visit_fields() simplified]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 82ca8e469666b169ccf818a0e36136aee97d7db0
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:14 2015 -0600

      qapi: Share gen_visit_fields()

      Consolidate the code between visit, command marshalling, and
      event generation that iterates over the members of a struct.
      It reduces code duplication in the generator, so that a future
      patch can reduce the size of generated code while touching only
      one instead of three locations.

      There are no changes to the generated marshal code.

      The visitor code becomes slightly more verbose, but remains
      semantically equivalent, and is actually easier to read as
      it follows a more common idiom:

      |     visit_optional(v, &(*obj)->has_device, "device", &err);
      |-    if (!err && (*obj)->has_device) {
      |-        visit_type_str(v, &(*obj)->device, "device", &err);
      |-    }
      |     if (err) {
      |         goto out;
      |     }
      |+    if ((*obj)->has_device) {
      |+        visit_type_str(v, &(*obj)->device, "device", &err);
      |+        if (err) {
      |+            goto out;
      |+        }
      |+    }

      The event code becomes slightly more verbose, but this is
      arguably a bug fix: although the visitors are not well
      documented, use of an optional member should not be attempted
      unless guarded by a prior call to visit_optional().  Works only
      because the output qmp visitor has a no-op visit_optional():

      |+    visit_optional(v, &has_offset, "offset", &err);
      |+    if (err) {
      |+        goto out;
      |+    }
      |     if (has_offset) {
      |         visit_type_int(v, &offset, "offset", &err);

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-17-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 1f35334489a43800df4d20cd91362a87cee39a29
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:13 2015 -0600

      qapi: Share gen_err_check()

      qapi-commands has a nice helper gen_err_check(), but did not
      use it everywhere. In fact, using it in more places makes it
      easier to reduce the lines of code used for generating error
      checks.  This in turn will make it easier for later patches
      to consolidate another common pattern among the generators.

      The generated code has fewer blank lines in qapi-event.c functions,
      but has no semantic difference.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-16-git-send-email-eblake@xxxxxxxxxx>
      [Drop another blank line for symmetry]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 05372f708a8cb3556e4d67458de79417dadf241f
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:12 2015 -0600

      qapi: Consistent generated code: minimize push_indent() usage

      We had some pointless differences in the generated code for visit,
      command marshalling, and events; unifying them makes it easier for
      future patches to consolidate to common helper functions.
      This is one patch of a series to clean up these differences.

      This patch reduces the number of push_indent()/pop_indent() pairs
      so that generated code is typically already at its natural output
      indentation in the python files.  It is easier to reason about
      generated code if the reader does not have to track how much
      spacing will be inserted alongside the code, and moreso when all
      of the generators use the same patterns (qapi-type and qapi-event
      were already using in-place indentation).

      Arguably, the resulting python may be a bit harder to read with C
      code at the same indentation as python; on the other hand, not
      having to think about push_indent() is a win, and most decent
      editors provide syntax highlighting that makes it easier to
      visually distinguish python code from string literals that will
      become C code.

      There is no change to the generated output.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-15-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit e36c714e6aad7c9266132350833e2f263f6d8874
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:11 2015 -0600

      qapi: Consistent generated code: prefer common indentation

      We had some pointless differences in the generated code for visit,
      command marshalling, and events; unifying them makes it easier for
      future patches to consolidate to common helper functions.
      This is one patch of a series to clean up these differences.

      This patch adjusts gen_visit_union() to use the same indentation
      as other functions, namely, by jumping early to the error label
      if the object was not set rather than placing the rest of the
      body inside an if for when it is set.

      No change in semantics to the generated code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-14-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit f782399cb4fa3fc4182cb046817f65a6db92ab07
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:10 2015 -0600

      qapi: Consistent generated code: prefer common labels

      We had some pointless differences in the generated code for visit,
      command marshalling, and events; unifying them makes it easier for
      future patches to consolidate to common helper functions.
      This is one patch of a series to clean up these differences.

      This patch names the goto labels 'out' (not 'clean') and 'out_obj'
      (not 'out_end').  Additionally, the generator was inconsistent on
      whether labels had a leading space [our HACKING is silent; while
      emacs 'gnu' style adds the space to avoid littering column 1].
      For minimal churn, prefer no leading space; this also matches
      the style that is more prevalent in current qemu.git.

      No change in semantics to the generated code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-13-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit f8b7f1a8eafa9f565ebecfe409e8741d38cd786b
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:09 2015 -0600

      qapi: Consistent generated code: prefer visitor 'v'

      We had some pointless differences in the generated code for visit,
      command marshalling, and events; unifying them makes it easier for
      future patches to consolidate to common helper functions.
      This is one patch of a series to clean up these differences.

      This patch names the local visitor variable 'v' rather than 'm'.
      Related objects, such as 'QapiDeallocVisitor', are also named by
      their initials instead of an unrelated leading m.

      No change in semantics to the generated code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-12-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 2a0f50e8d973b01eda4c63bac4a5c79ea0f584ef
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:08 2015 -0600

      qapi: Consistent generated code: prefer error 'err'

      We had some pointless differences in the generated code for visit,
      command marshalling, and events; unifying them makes it easier for
      future patches to consolidate to common helper functions.
      This is one patch of a series to clean up these differences.

      This patch consistently names the local error variable 'err' rather
      than 'local_err'.

      No change in semantics to the generated code.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-11-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 376863ef4895ae709aadb6f26365a5973310ef09
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:07 2015 -0600

      qapi: Reuse code for flat union base validation

      Rather than open-code the check for a valid base type, we
      should reuse the common functionality. This allows for
      consistent error messages, and also makes it easier for a
      later patch to turn on support for inline anonymous base
      structures.

      Test flat-union-inline is updated to test only one feature
      (anonymous branch dictionaries), which can be implemented
      independently (test flat-union-bad-base already covers the
      idea of an anonymous base dictionary).

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-10-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 9c51b4412959c5331a8a931d848c4b755b5bb36a
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:06 2015 -0600

      qapi: Test use of 'number' within alternates

      Add some testsuite exposure for use of a 'number' as part of
      an alternate.  The current state of the tree has a few bugs
      exposed by this: our input parser depends on the ordering of
      how the qapi schema declared the alternate, and the parser
      does not accept integers for a 'number' in an alternate even
      though it does for numbers outside of an alternate.

      Mixing 'int' and 'number' in the same alternate is unusual,
      since both are supplied by json-numbers, but there does not
      seem to be a technical reason to forbid it given that our
      json lexer distinguishes between json-numbers that can be
      represented as an int vs. those that cannot.

      Improve the existing test_visitor_in_alternate() to match the
      style of the new test_visitor_in_alternate_number(), and to
      ensure full coverage of all possible qtype parsing.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-9-git-send-email-eblake@xxxxxxxxxx>
      [Eric's follow-up fixes squashed in]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 8d25dd101f759425456b8005b3180062689d71e7
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:05 2015 -0600

      qapi: Add tests for empty unions

      The documentation claims that alternates are useful for
      allowing two or more types, although nothing enforces this.
      Meanwhile, it is silent on whether empty unions are allowed.
      In practice, the generated code will compile, in part because
      we have a 'void *data' branch; but attempting to visit such a
      type will cause an abort().  While there's no technical reason
      that a degenerate union could not be made to work, it's harder
      to justify the time spent in chasing known (the current
      abort() during visit) and unknown corner cases, than it would
      be to just outlaw them.  A future patch will probably take the
      approach of forbidding them; in the meantime, we can at least
      add testsuite coverage to make it obvious where things stand.

      In addition to adding tests to expose the problems, we also
      need to adjust existing tests that are meant to test something
      else, but which could fail for the wrong reason if we reject
      degenerate alternates/unions.

      Note that empty structs are explicitly supported (for example,
      right now they are the only way to specify that one branch of a
      flat union adds no additional members), and empty enums are
      covered by the testsuite as working (even if they do not seem
      to have much use).

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-8-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 7b2a5c2f9a52c4a08630fa741052f03fe5d3cc8a
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:04 2015 -0600

      qapi: Avoid assertion failure on union 'type' collision

      The previous commit added two tests that triggered an assertion
      failure. It's fairly straightforward to avoid the failure by
      just outright forbidding the collision between a union's tag
      values and its discriminator name (including the implicit name
      'kind' supplied for simple unions [*]).  Ultimately, we'd like
      to move the collision detection into QAPISchema*.check(), but
      for now it is easier just to enhance the existing checks.

      [*] Of course, down the road, we have plans to rename the simple
      union tag name to 'type' to match the QMP wire name, but the
      idea of the collision will still be present even then.

      Technically, we could avoid the collision by naming the C union
      members representing each enum value as '_case_value' rather
      than 'value'; but until we have an actual qapi client (and not
      just our testsuite) that has a legitimate reason to match a
      case label to the name of a QMP key and needs the name munging
      to satisfy the compiler, it's easier to just reject the qapi
      as invalid.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-7-git-send-email-eblake@xxxxxxxxxx>
      [Polished a few comments]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit d220fbcd1db2097de5ff3037e85317fcb5433e4e
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:03 2015 -0600

      qapi: Test for various name collisions

      Expose some weaknesses in the generator: we don't always forbid
      the generation of structs that contain multiple members that map
      to the same C or QMP name.  This has already been marked FIXME in
      qapi.py in commit d90675f, but having more tests will make sure
      future patches produce desired behavior; and updating existing
      patches to better document things doesn't hurt, either.  Some of
      these collisions are already caught in the old-style parser
      checks, but ultimately we want all collisions to be caught in the
      new-style QAPISchema*.check() methods.

      This patch focuses on C struct members, and does not consider
      collisions between commands and events (affecting C function
      names), or even collisions between generated C type names with
      user type names (for things like automatic FOOList struct
      representing array types or FOOKind for an implicit enum).

      There are two types of struct collisions we want to catch:
       1) Collision between two keys in a JSON object. qapi.py prevents
          that within a single struct (see test duplicate-key), but it is
          possible to have collisions between a type's members and its
          base type's members (existing tests struct-base-clash,
          struct-base-clash-deep), and its flat union variant members
          (renamed test flat-union-clash-member).
       2) Collision between two members of the C struct that is generated
          for a given QAPI type:
          a) Multiple QAPI names map to the same C name (new test
             args-name-clash)
          b) A QAPI name maps to a C name that is used for another purpose
             (new tests flat-union-clash-branch, struct-base-clash-base,
             union-clash-data). We already fixed some such cases in commit
             0f61af3e and 1e6c1616, but more remain.
          c) Two C names generated for other purposes clash
             (updated test alternate-clash, new test union-clash-branches,
             union-clash-type, flat-union-clash-type)

      Ultimately, if we need to have a flat union where a tag value
      clashes with a base member name, we could change the generator to
      name the union (using 'foo.u.value' rather than 'foo.value') or
      otherwise munge the C name corresponding to tag values.  But
      unless such a need arises, it will probably be easier to just
      forbid these collisions.

      Some of these negative tests will be deleted later, and positive
      tests added to qapi-schema-test.json in their place, when the
      generator code is reworked to avoid particular code generation
      collisions in class 2).

      [Note that viewing this patch with git rename detection enabled
      may see some confusion due to renaming some tests while adding
      others, but where the content is similar enough that git picks
      the wrong pre- and post-patch files to associate]

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-6-git-send-email-eblake@xxxxxxxxxx>
      [Improve commit message and comments a bit, drop an unrelated test]
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 437db2549be383e52acad6cd4bf2862e98fdfc93
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:02 2015 -0600

      qapi: Clean up qapi.py per pep8

      Silence pep8, and make pylint a bit happier.  Just style cleanups,
      plus killing a useless comment in camel_to_upper(); no semantic
      changes.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-5-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 59b00542659c8947f9d4e8c28d2d528ab3ab61a5
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:01 2015 -0600

      qapi: Invoke exception superclass initializer

      pylint recommends that every exception class should explicitly
      invoke the superclass __init__, even though things seem to work
      fine without it.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-4-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 7408fb67c0f9403f6e40aecf97cf798fc14e2cd8
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:21:00 2015 -0600

      qapi: Improve 'include' error message

      Use of '"...%s" % include' to print non-strings can lead to
      ugly messages, such as this (if the .json change is applied
      without the qapi.py change):
       Expected a file name (string), got: OrderedDict()

      Better is to just omit the actual non-string value in the
      message.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-3-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit 1ffe818a395cb883746f3baf8d9a0b6988375e8b
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 29 16:20:59 2015 -0600

      qapi: Sort qapi-schema tests

      Recent changes to qapi have provided quite a bit of churn in
      the makefile, because we are inconsistent on what order test
      names appear in, and on whether to re-wrap the list of tests or
      just add arbitrary line lengths.  Writing the list in a sorted
      fashion, one test per line, will make future patches easier
      to see what tests are being added or removed by a patch.

      Although it is tempting to use $(wildcard qapi-schema/*.json)
      for a more compact listing, such an approach would risk picking
      up leftover garbage .json files in the directory; so keeping
      the list explicit is safer for ensuring reproducible tarballs
      and test results.

      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443565276-4535-2-git-send-email-eblake@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit ac4abb9aeb734f36eb90b149b9eed0cc8fdb2872
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Sep 24 18:11:57 2015 +0200

      MAINTAINERS: Specify QAPI include and test files

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1443111117-29831-4-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Luiz Capitulino <lcapitulino@xxxxxxxxxx>

  commit 7735d2b50477b171446b38efd2d8866d3c966162
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Sep 24 18:11:56 2015 +0200

      MAINTAINERS: Specify QObject include and test files

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1443111117-29831-3-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Luiz Capitulino <lcapitulino@xxxxxxxxxx>

  commit 9b89b6a2872f1473ef82acdcb64c901982e0ef88
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Sep 24 18:11:55 2015 +0200

      docs: Move files from docs/qmp/ to docs/

      Giving QMP its own subdirectory in docs/ is hardly worthwhile when we
      have just four files, and one of them isn't even in the subdirectory.
      Move the files from docs/qmp/ to docs/, renaming docs/qmp/README to
      docs/qmp-intro.

      Update MAINTAINERS.  The new pattern also captures the fourth file
      docs/writing-qmp-commands.txt.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1443111117-29831-2-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Luiz Capitulino <lcapitulino@xxxxxxxxxx>

  commit b77e7c8e99f9ac726c4eaa2fc3461fd886017dc0
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Oct 12 15:35:16 2015 +0200

      qemu-sockets: fix conversion of ipv4/ipv6 JSON to QemuOpts

      The QemuOpts-based code treats "option not set" and "option set
      to false" the same way for the ipv4 and ipv6 options, because it
      is meant to handle only the ",ipv4" and ",ipv6" substrings in
      hand-crafted option parsers.

      When converting InetSocketAddress to QemuOpts, however, it is
      necessary to handle all three cases (not set, set to true, set
      to false).  Currently we are not handling all cases correctly.
      The rules are:

      * if none or both options are absent, leave things as is

      * if the single present option is Y, the other should be N.
      This can be implemented by leaving things as is, or by setting
      the other option to N as done in this patch.

      * if the single present option is N, the other should be Y.
      This is handled by the "else if" branch of this patch.

      This ensures that the ipv4 option has an effect on Windows,
      where creating the socket with PF_UNSPEC makes an ipv6
      socket.  With this patch, ",ipv4" will result in a PF_INET
      socket instead.

      Reported-by: Sair, Umair <Umair_Sair@xxxxxxxxxx>
      Tested-by: Sair, Umair <Umair_Sair@xxxxxxxxxx>
      Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 5ea530491fe9ac56f75bc1833cc3fd7722b24efd
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 22 11:49:41 2015 +0200

      MAINTAINERS: Add more devices to realview board

      Cc: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 062710000dbd9db81277156d9bdebd96b70cd1d2
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 22 11:45:00 2015 +0200

      MAINTAINERS: Add maintainer for ARM PrimeCell and integrated devices

      Cc: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 9b31bff02153cf86d4413c6289794175662f7c5c
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 22 11:42:50 2015 +0200

      MAINTAINERS: Add more pxa2xx files and boards

      Cc: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Cc: Andrzej Zaborowski <balrogg@xxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit c92451c2af29784c76527cc5484c33b4ce069d38
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 22 11:36:48 2015 +0200

      MAINTAINERS: Add more Xen files

      Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx?
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 566dd236e1e0bfe9d9bce326547f883d677cf30a
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 22 11:38:02 2015 +0200

      MAINTAINERS: add two devices to the e500 section

      Cc: Alexander Graf <agraf@xxxxxxx>
      Cc: Scott Wood <scottwood@xxxxxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 3e5385fcf536fc4238eb87de55af8dd99089cad4
  Author: Andy Whitcroft <apw@xxxxxxxxxxxxx>
  Date:   Thu Oct 8 10:05:24 2015 +0200

      checkpatch: port fix from kernel "## is not a valid modifier"

      checkpatch currently loops on fpu/softfloat.c
      Turns out this is fixed in the Linux version of checkpatch.

      So this is a port of Andy Whitcrofts fix from Linux,
      Original commit was commit 89a883530fe7 ("checkpatch: ## is not a
      valid modifier")

      As suggested by Peter Maydell for the QEMU version we drop the last "|"
      as there seems to be no need for that. (FWIW, the kernel discusion about
      that dried out:
      http://www.spinics.net/lists/kernel/msg1944421.html
      )

      Cc: Andy Whitcroft <apw@xxxxxxxxxxxxx>
      Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Message-Id: <1444291524-66569-1-git-send-email-borntraeger@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit b232c7857aa36d144205134c725114541630b1c2
  Author: Alexey Kardashevskiy <aik@xxxxxxxxx>
  Date:   Tue Oct 6 14:30:57 2015 +1100

      kvm-all: Align to qemu_real_host_page_size in kvm_set_phys_mem

      As the comment in kvm_set_phys_mem() says, KVM works in page size chunks.
      However it uses hardcoded TARGET_PAGE_SIZE which is 4K on most platforms
      while actual host may use different page size, for example, PPC64 hosts
      use 64K system pages.

      This replaces static TARGET_PAGE_SIZE with run-time calculated
      qemu_real_host_page_size.

      Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxxxx>
      Message-Id: <1444102257-17405-1-git-send-email-aik@xxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 88401cbc5b5730986fd5040425f5015a9cce9080
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Aug 11 10:52:46 2015 +0200

      exec: remove non-TCG stuff from exec-all.h header.

      The header is included from basically everywhere, thanks to cpu.h.
      It should be moved to the (TCG only) files that actually need it.
      As a start, remove non-TCG stuff.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 46eb8f98f2ce402e384d60ddd15020720994c7ca
  Author: Andrey Smetanin <asmetanin@xxxxxxxxxxxxx>
  Date:   Wed Sep 16 12:59:44 2015 +0300

      target-i386/kvm: Hyper-V HV_X64_MSR_VP_RUNTIME support

      HV_X64_MSR_VP_RUNTIME msr used by guest to get
      "the time the virtual processor consumes running guest code,
      and the time the associated logical processor spends running
      hypervisor code on behalf of that guest."

      Calculation of that time is performed by task_cputime_adjusted()
      for vcpu task by KVM side.

      Signed-off-by: Andrey Smetanin <asmetanin@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      CC: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      CC: Richard Henderson <rth@xxxxxxxxxxx>
      CC: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      CC: "Andreas Färber" <afaerber@xxxxxxx>
      CC: Marcelo Tosatti <mtosatti@xxxxxxxxxx>
      Message-Id: <1442397584-16698-4-git-send-email-den@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 8c145d7ca9b4267d2ec1eabe801c6b2aee636f1f
  Author: Andrey Smetanin <asmetanin@xxxxxxxxxxxxx>
  Date:   Wed Sep 16 12:59:43 2015 +0300

      target-i386/kvm: set Hyper-V features cpuid bit 
HV_X64_MSR_VP_INDEX_AVAILABLE

      Hyper-V features bit HV_X64_MSR_VP_INDEX_AVAILABLE value is
      based on cpu option "hv-vpindex" and kernel support of
      HV_X64_MSR_VP_INDEX.

      Signed-off-by: Andrey Smetanin <asmetanin@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      CC: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      CC: Richard Henderson <rth@xxxxxxxxxxx>
      CC: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      CC: "Andreas Färber" <afaerber@xxxxxxx>
      CC: Marcelo Tosatti <mtosatti@xxxxxxxxxx>
      Message-Id: <1442397584-16698-3-git-send-email-den@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 744b8a9440fa2bd78ae64861667337439e25a6dc
  Author: Andrey Smetanin <asmetanin@xxxxxxxxxxxxx>
  Date:   Wed Sep 16 12:59:42 2015 +0300

      target-i386/kvm: Hyper-V HV_X64_MSR_RESET support

      HV_X64_MSR_RESET msr is used by Hyper-V based Windows guest
      to reset guest VM by hypervisor. This msr is stateless so
      no migration/fetch/update is required.

      This code checks cpu option "hv-reset" and support by
      kernel. If both conditions are met appropriate Hyper-V features
      cpuid bit is set.

      Signed-off-by: Andrey Smetanin <asmetanin@xxxxxxxxxxxxx>
      Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
      CC: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      CC: Richard Henderson <rth@xxxxxxxxxxx>
      CC: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      CC: "Andreas Färber" <afaerber@xxxxxxx>
      CC: Marcelo Tosatti <mtosatti@xxxxxxxxxx>
      Message-Id: <1442397584-16698-2-git-send-email-den@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 3a824b1552d68b708c161a900e2956a78d4ea466
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Fri Oct 2 18:19:58 2015 +0200

      linux-headers: update from kvm/next

      linux-headers/linux/vhost.h is currently out of sync with Linux.  Do
      not touch it in this update.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 5b906129524d564d61760d04586d6c2301457ead
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Oct 5 14:45:55 2015 +0200

      checkpatch: allow open braces on typedef lines

      The style here seems to be split according to the maintainer, but
      traditionally open braces were placed on typedef lines.

      Suggested-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 32857f4d5e165329c03d66000d666975d85f882a
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Oct 1 15:29:50 2015 +0100

      exec.c: Collect AddressSpace related fields into a CPUAddressSpace struct

      Gather up all the fields currently in CPUState which deal with the CPU's
      AddressSpace into a separate CPUAddressSpace struct. This paves the way
      for allowing the CPU to know about more than one AddressSpace.

      The rearrangement also allows us to make the MemoryListener a directly
      embedded object in the CPUAddressSpace (it could not be embedded in
      CPUState because 'struct MemoryListener' isn't defined for the user-only
      builds). This allows us to resolve the FIXME in tcg_commit() by going
      directly from the MemoryListener to the CPUAddressSpace.

      This patch extracts the actual update of the cached dispatch pointer
      from cpu_reload_memory_map() (which is renamed accordingly to
      cpu_reloading_memory_map() as it is only responsible for breaking
      cpu-exec.c's RCU critical section now). This lets us keep the definition
      of the CPUAddressSpace struct private to exec.c.

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Message-Id: <1443709790-25180-4-git-send-email-peter.maydell@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 53f8a5e9e2633a4a3b6918c36aec725aa80f2887
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Oct 1 15:29:49 2015 +0100

      cpu-exec-common.c: Clarify comment about cpu_reload_memory_map()'s RCU 
operations

      The reason for cpu_reload_memory_map()'s RCU operations is not
      so much because the guest could make the critical section very
      long, but that it could have a critical section within which
      it made an arbitrary number of changes to the memory map and
      thus accumulate an unbounded amount of memory data structures
      awaiting reclamation. Clarify the comment to make this clearer.

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Message-Id: <1443709790-25180-3-git-send-email-peter.maydell@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 0a1c71cec63e95f9b8d0dc96d049d2daa00c5210
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Oct 1 15:29:48 2015 +0100

      exec.c: Don't call cpu_reload_memory_map() from cpu_exec_init()

      Currently we call cpu_reload_memory_map() from cpu_exec_init(),
      but this is not necessary:
       * KVM doesn't use the data structures maintained by
         cpu_reload_memory_map() (the TLB and cpu->memory_dispatch)
       * for TCG, we will call this function via tcg_commit() either
         as soon as tcg_cpu_address_space_init() registers the listener,
         or when the first MemoryRegion is added to the AddressSpace
         if the AS is empty when we register the listener

      The unnecessary call is awkward for adding support for multiple
      address spaces per CPU, so drop it.

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxx>
      Message-Id: <1443709790-25180-2-git-send-email-peter.maydell@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit fec21036ff516d20721abc01ae7be99ae5bb0c7b
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Fri Sep 4 21:53:03 2015 +0200

      configure: Require Python 2.6

      RHEL-6 and SLES-11 provide Python 2.6.  It'll also work on OS X back
      to 10.6.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1441396383-17304-1-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 8ef2eb8d2cad7400236d6b2c152bdb5506761b4d
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Wed Sep 30 19:21:10 2015 +0200

      megasas: fix megasas_get_sata_addr

      There are two bugs here.  First, the 16-bit id loses the high 8 bits
      when shifted left by 24.  Second, the address must be combined with
      an "or" or we just get zero.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 633dccb458c4eaa40107cd7026737d804f90b6c0
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Thu Oct 1 12:59:01 2015 +0200

      scsi: switch from g_slice allocator to malloc

      Simplify memory allocation by sticking with a single API.  GSlice
      is not that fast anyway (tcmalloc/jemalloc are better).

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 1729404c62e1adae501feeaaf61b87262d52ae1b
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Thu Oct 1 12:59:08 2015 +0200

      nbd: switch from g_slice allocator to malloc

      Simplify memory allocation by sticking with a single API.  GSlice
      is not that fast anyway (tcmalloc/jemalloc are better).

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 5451316ed07b758a187dedf21047bed8f843f7f1
  Merge: 0bf224d 9201bb9
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Oct 12 15:52:54 2015 +0100

      Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' 
into staging

      Pull request

      v2:
       * Fix virtio 16lx -> HWADDR_PRIx format specifier [Peter]

      # gpg: Signature made Mon 12 Oct 2015 11:19:06 BST using RSA key ID 
81AB73C8
      # gpg: Good signature from "Stefan Hajnoczi <stefanha@xxxxxxxxxx>"
      # gpg:                 aka "Stefan Hajnoczi <stefanha@xxxxxxxxx>"

      * remotes/stefanha/tags/block-pull-request:
        sdhci.c: Limit the maximum block size
        block: switch from g_slice allocator to malloc
        virtio dataplane: adapt dataplane for virtio Version 1
        virtio-blk: use blk_io_plug/unplug for Linux AIO batching
        sdhci: Pass drive parameter to sdhci-pci via qdev property

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 0bf224d5da41967a775b328234cda2d19f303908
  Merge: 7684922 89b1273
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Oct 12 14:29:29 2015 +0100

      Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' 
into staging

      # gpg: Signature made Mon 12 Oct 2015 08:56:47 BST using RSA key ID 
398D6211
      # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) 
<jasowang@xxxxxxxxxx>"
      # gpg: WARNING: This key is not certified with sufficiently trusted 
signatures!
      # gpg:          It is not certain that the signature belongs to the owner.
      # Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 
6211

      * remotes/jasowang/tags/net-pull-request:
        tests: add test cases for netfilter object
        netfilter: add a netbuffer filter
        net/queue: export qemu_net_queue_append_iov
        netfilter: print filter info associate with the netdev
        netfilter: add an API to pass the packet to next filter
        net/queue: introduce NetQueueDeliverFunc
        net: merge qemu_deliver_packet and qemu_deliver_packet_iov
        netfilter: hook packets before net queue send
        init/cleanup of netfilter object
        vl.c: init delayed object after net_init_clients
        vmxnet3: Add support for VMXNET3_CMD_GET_ADAPTIVE_RING_INFO command
        e1000: use alias for default model
        vmxnet3: Support reading IMR registers on bar0
        net/vmxnet3: Refine l2 header validation

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 9201bb9a8c7cd3ba2382b7db5b2e40f603e61528
  Author: Alistair Francis <alistair.francis@xxxxxxxxxx>
  Date:   Tue Oct 6 10:40:41 2015 -0700

      sdhci.c: Limit the maximum block size

      It is possible for the guest to set an invalid block
      size which is larger then the fifo_buffer[] array. This
      could cause a buffer overflow.

      To avoid this limit the maximum size of the blksize variable.

      Signed-off-by: Alistair Francis <alistair.francis@xxxxxxxxxx>
      Reported-by: Intel Security ATR <secure@xxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Message-id: 
abe4c51f513290bbb85d1ee271cb1a3d463d7561.1444067470.git.alistair.francis@xxxxxxxxxx
      Suggested-by: Igor Mitsyanko <i.mitsyanko@xxxxxxxxx>
      Reported-by: Intel Security ATR <secure@xxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit c84b31926f018af6fea2ab37a1fc47060b4bcfa1
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Thu Oct 1 13:04:39 2015 +0200

      block: switch from g_slice allocator to malloc

      Simplify memory allocation by sticking with a single API.  GSlice
      is not that fast anyway (tcmalloc/jemalloc are better).

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit a9718ef0005d6910097788936dc40c0204713729
  Author: Pierre Morel <pmorel@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Sep 7 13:33:56 2015 +0200

      virtio dataplane: adapt dataplane for virtio Version 1

      Let dataplane allocate different region for the desc/avail/used
      ring regions.
      Take VIRTIO_RING_F_EVENT_IDX into account to increase the used/avail
      rings accordingly.

      [Fix 32-bit builds by changing 16lx format specifier to HWADDR_PRIx.
      --Stefan]

      Signed-off-by: Pierre Morel <pmorel@xxxxxxxxxxxxxxxxxx>
      Tested-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Message-id: 1441625636-23773-1-git-send-email-pmorel@xxxxxxxxxxxxxxxxxx
      (changed __virtio16 into uint16_t,
       map descriptor table and available ring read-only)
      Signed-off-by: Greg Kurz <gkurz@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 768492239014cb5e6161f1be80a9c8043c4530c2
  Merge: c9003eb 33fe968
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Mon Oct 12 11:07:38 2015 +0100

      Merge remote-tracking branch 
'remotes/armbru/tags/pull-monitor-2015-10-09' into staging

      Fix device introspection regressions

      # gpg: Signature made Fri 09 Oct 2015 14:43:41 BST using RSA key ID 
EB918653
      # gpg: Good signature from "Markus Armbruster <armbru@xxxxxxxxxx>"
      # gpg:                 aka "Markus Armbruster <armbru@xxxxxxxxxxxx>"

      * remotes/armbru/tags/pull-monitor-2015-10-09:
        Revert "qdev: Use qdev_get_device_class() for -device <type>,help"
        qdev: Protect device-list-properties against broken devices
        qmp: Fix device-list-properties not to crash for abstract device
        device-introspect-test: New, covering device introspection
        libqtest: New hmp() & friends
        libqtest: Clean up unused QTestState member sigact_old
        tests: Fix how qom-test is run
        macio: move DBDMA_init from instance_init to realize
        hw: do not pass NULL to memory_region_init from instance_init
        memory: allow destroying a non-empty MemoryRegion
        virtio-input: Fix device introspection on non-Linux hosts
        update-linux-headers: Rename SW_MAX to SW_MAX_

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit fc73548e444ae3239f6cef44a5200b5d2c3e85d1
  Author: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
  Date:   Mon Jul 20 16:54:16 2015 +0100

      virtio-blk: use blk_io_plug/unplug for Linux AIO batching

      The raw-posix block driver implements Linux AIO batching so multiple
      requests can be submitted with a single io_submit(2) system call.
      Batching is currently only used by virtio-scsi and
      virtio-blk-data-plane.

      Enable batching for regular virtio-blk so the number of io_submit(2)
      system calls is reduced for workloads with queue depth > 1.

      In 4KB random read performance tests with queue depth 32, the CPU
      utilization on the host is reduced by 9.4%.  The fio job is as follows:

        [global]
        bs=4k
        ioengine=libaio
        iodepth=32
        direct=1
        sync=0
        time_based=1
        runtime=30
        clocksource=gettimeofday
        ramp_time=5

        [job1]
        rw=randread
        filename=/dev/vdb
        size=4096M
        write_bw_log=fio
        write_iops_log=fio
        write_lat_log=fio
        log_avg_msec=1000

      This benchmark was run on an raw image on LVM.  The disk was an SSD
      drive and -drive cache=none,aio=native was used.

      Tested-by: Pradeep Surisetty <psuriset@xxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>

  commit 5ec911c30ff4337d4185e29e82a254349f5a22da
  Author: Kevin O'Connor <kevin@xxxxxxxxxxxx>
  Date:   Mon Aug 17 15:20:33 2015 -0400

      sdhci: Pass drive parameter to sdhci-pci via qdev property

      Commit 19109131 disabled the sdhci-pci support because it used
      drive_get_next().  This patch reenables sdhci-pci and changes it to
      pass the drive via a qdev property - for example:
       -device sdhci-pci,drive=drive0 -drive id=drive0,if=sd,file=myimage

      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Kevin O'Connor <kevin@xxxxxxxxxxxx>
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 89b1273742f45c30927df203532fca0d9a3e1af7
  Author: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
  Date:   Wed Oct 7 11:52:22 2015 +0800

      tests: add test cases for netfilter object

      Using qtest qmp interface to implement following cases:
      1) add/remove netfilter
      2) add a netfilter then delete the netdev
      3) add/remove more than one netfilters
      4) add more than one netfilters and then delete the netdev

      Signed-off-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 7dbb11c84f25e20301b47a77102db00d68a2c4a4
  Author: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
  Date:   Wed Oct 7 11:52:21 2015 +0800

      netfilter: add a netbuffer filter

      This filter is to buffer/release packets. Can be used when using
      MicroCheckpointing or other Remus like VM FT solutions.
      You can also use it to crudely simulate network delay.  Doesn't
      actually delay individual packets, but batches them together, which is
      a delay of sorts.

      Usage:
       -netdev tap,id=bn0
       -object filter-buffer,id=f0,netdev=bn0,queue=rx,interval=1000

      NOTE:
       Interval is in microseconds, it can't be omitted currently, and can't be 
0.

      Signed-off-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Reviewed-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit b68c7f76926dee3f234ccee88f3167b640d9318e
  Author: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
  Date:   Wed Oct 7 11:52:20 2015 +0800

      net/queue: export qemu_net_queue_append_iov

      This will be used by buffer filter implementation later to
      queue packets.

      Signed-off-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit a4960f52e7f402a4b7402ace204283de7b9d4879
  Author: Yang Hongyang <burnef@xxxxxxxxx>
  Date:   Wed Oct 7 11:52:19 2015 +0800

      netfilter: print filter info associate with the netdev

      When execute "info network", print filter info also.
      add a info_str member to NetFilterState, store specific filters
      info.

      Signed-off-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 7ef7bc8586fb0d41742a896b532c7afa2bbb7f84
  Author: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
  Date:   Wed Oct 7 11:52:18 2015 +0800

      netfilter: add an API to pass the packet to next filter

      add an API qemu_netfilter_pass_to_next() to pass the packet
      to next filter.

      Signed-off-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 3e033a46a7e39ea31e15f1b53402df990977115a
  Author: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
  Date:   Wed Oct 7 11:52:17 2015 +0800

      net/queue: introduce NetQueueDeliverFunc

      net/queue.c has logic to send/queue/flush packets but a
      qemu_deliver_packet_iov() call is hardcoded. Abstract this
      func so that we can use our own deliver function in netfilter.

      Signed-off-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Cc: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit fefe2a78abde932e0f340b21bded2c86def1d242
  Author: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
  Date:   Wed Oct 7 11:52:16 2015 +0800

      net: merge qemu_deliver_packet and qemu_deliver_packet_iov

      qemu_deliver_packet_iov already have the compat delivery, we
      can drop qemu_deliver_packet.

      Signed-off-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit e64c770d1fa859bd8ee583d339b085fe345ac02b
  Author: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
  Date:   Wed Oct 7 11:52:15 2015 +0800

      netfilter: hook packets before net queue send

      Capture packets that will be sent.

      Signed-off-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit fdccce4596218e49ca4d0f5d4b3f0c453bd99ba0
  Author: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
  Date:   Wed Oct 7 11:52:14 2015 +0800

      init/cleanup of netfilter object

      Add a netfilter object based on QOM.

      A netfilter is attached to a netdev, captures all network packets
      that pass through the netdev. When we delete the netdev, we also
      delete the netfilter object attached to it, because if the netdev is
      removed, the filter which attached to it is useless.

      Signed-off-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Reviewed-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 9abce56d7b319b0c78b487720d128706272e0a0c
  Author: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
  Date:   Wed Oct 7 11:52:13 2015 +0800

      vl.c: init delayed object after net_init_clients

      Init delayed object after net_init_clients, because netfilters need
      to be initialized after net clients initialized.

      Signed-off-by: Yang Hongyang <yanghy@xxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit d62241eb6da9bd2517f07b3219ba4208b90b4e0d
  Author: Shmulik Ladkani <shmulik.ladkani@xxxxxxxxxxxxxxxxxx>
  Date:   Fri Sep 18 08:55:04 2015 +0300

      vmxnet3: Add support for VMXNET3_CMD_GET_ADAPTIVE_RING_INFO command

      Some drivers (e.g. vmware-tools) issue the 
VMXNET3_CMD_GET_ADAPTIVE_RING_INFO
      command.

      Currently, due to lack of support, a bogus value (-1) is returned.

      Support this command, returning the "adaptive-ring disabled" flag.

      Signed-off-by: Shmulik Ladkani <shmulik.ladkani@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit 8304402033e8dbe8e379017d51ed1dd8344f1dce
  Author: Jason Wang <jasowang@xxxxxxxxxx>
  Date:   Mon Sep 28 13:37:26 2015 +0800

      e1000: use alias for default model

      Instead of duplicating the "e1000-82540em" device model as "e1000",
      make the latter an alias for the former.

      Cc: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx
      Reviewed-by: Markus Armbruster <armbru@xxxxxxxxxx>

  commit c6048f849c7e3f009786df76206e895a69de032c
  Author: Shmulik Ladkani <shmulik.ladkani@xxxxxxxxxxxxxxxxxx>
  Date:   Mon Sep 21 17:09:02 2015 +0300

      vmxnet3: Support reading IMR registers on bar0

      Instead of asserting, return the actual IMR register value.
      This is aligned with what's returned on ESXi.

      Signed-off-by: Shmulik Ladkani <shmulik.ladkani@xxxxxxxxxxxxxxxxxx>
      Tested-by: Dana Rubin <dana.rubin@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit a7278b36fcab9af469563bd7b9dadebe2ae25e48
  Author: Dana Rubin <dana.rubin@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Aug 18 12:45:55 2015 +0300

      net/vmxnet3: Refine l2 header validation

      Validation of l2 header length assumed minimal packet size as
      eth_header + 2 * vlan_header regardless of the actual protocol.

      This caused crash for valid non-IP packets shorter than 22 bytes, as
      'tx_pkt->packet_type' hasn't been assigned for such packets, and
      'vmxnet3_on_tx_done_update_stats()' expects it to be properly set.

      Refine header length validation in 'vmxnet_tx_pkt_parse_headers'.
      Check its return value during packet processing flow.

      As a side effect, in case IPv4 and IPv6 header validation failure,
      corrupt packets will be dropped.

      Signed-off-by: Dana Rubin <dana.rubin@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Shmulik Ladkani <shmulik.ladkani@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>

  commit c9003eb4662f44c61be9c8d7d5c9d4a02d58b560
  Merge: b37686f 925a040
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 9 17:30:03 2015 +0100

      Merge remote-tracking branch 'remotes/kraxel/tags/pull-virgl-20151008-1' 
into staging

      virtio-gpu: add 3d rendering support using virgl, misc fixes.
      ui/gtk: add opengl context and scanout support (for virtio-gpu).

      # gpg: Signature made Thu 08 Oct 2015 10:35:39 BST using RSA key ID 
D3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann <gerd@xxxxxxxxxx>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@xxxxxxxxx>"

      * remotes/kraxel/tags/pull-virgl-20151008-1:
        gtk/opengl: add opengl context and scanout support (GtkGLArea)
        gtk/opengl: add opengl context and scanout support (egl)
        opengl: add egl-context.[ch] helpers
        virtio-gpu: add cursor update tracepoint
        virtio-gpu: add 3d mode and virgl rendering support.
        virtio-gpu: update headers for virgl/3d
        virtio-gpu: change licence from GPLv2 to GPLv2+
        virtio-gpu: move iov free to virtio_gpu_cleanup_mapping_iov
        ui/console: add opengl context and scanout support interfaces.
        sdl2: stop flickering
        shaders: initialize vertexes once

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 33fe96833015cf15f4c0aa5bf8d34f60526e0732
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 1 10:59:59 2015 +0200

      Revert "qdev: Use qdev_get_device_class() for -device <type>,help"

      This reverts commit 31bed5509dfcbdfc293154ce81086a4dbd7a80b6.

      The reverted commit changed qdev_device_help() to reject abstract
      devices and devices that have cannot_instantiate_with_device_add_yet
      set, to fix crash bugs like -device x86_64-cpu,help.

      Rejecting abstract devices makes sense: they're purely internal, and
      the implementation of the help feature can't cope with them.

      Rejecting non-pluggable devices makes less sense: even though you
      can't use them with -device, the help may still be useful elsewhere,
      for instance with -global.  This is a regression: -device FOO,help
      used to help even for FOO that aren't pluggable.

      The previous two commits fixed the crash bug at a lower layer, so
      reverting this one is now safe.  Fixes the -device FOO,help
      regression, except for the broken devices marked
      cannot_even_create_with_object_new_yet.  For those, the error message
      is improved.

      Example of a device where the regression is fixed:

          $ qemu-system-x86_64 -device PIIX4_PM,help
          PIIX4_PM.command_serr_enable=bool (on/off)
          PIIX4_PM.multifunction=bool (on/off)
          PIIX4_PM.rombar=uint32
          PIIX4_PM.romfile=str
          PIIX4_PM.addr=int32 (Slot and optional function number, example: 06.0 
or 06)
          PIIX4_PM.memory-hotplug-support=bool
          PIIX4_PM.acpi-pci-hotplug-with-bridge-support=bool
          PIIX4_PM.s4_val=uint8
          PIIX4_PM.disable_s4=uint8
          PIIX4_PM.disable_s3=uint8
          PIIX4_PM.smb_io_base=uint32

      Example of a device where it isn't fixed:

          $ qemu-system-x86_64 -device host-x86_64-cpu,help
          Can't list properties of device 'host-x86_64-cpu'

      Both failed with "Parameter 'driver' expects pluggable device type"
      before.

      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Message-Id: <1443689999-12182-11-git-send-email-armbru@xxxxxxxxxx>

  commit 4c315c27661502a0813b129e41c0bf640c34a8d6
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 1 10:59:58 2015 +0200

      qdev: Protect device-list-properties against broken devices

      Several devices don't survive object_unref(object_new(T)): they crash
      or hang during cleanup, or they leave dangling pointers behind.

      This breaks at least device-list-properties, because
      qmp_device_list_properties() needs to create a device to find its
      properties.  Broken in commit f4eb32b "qmp: show QOM properties in
      device-list-properties", v2.1.  Example reproducer:

          $ qemu-system-aarch64 -nodefaults -display none -machine none -S -qmp 
stdio
          {"QMP": {"version": {"qemu": {"micro": 50, "minor": 4, "major": 2}, 
"package": ""}, "capabilities": []}}
          { "execute": "qmp_capabilities" }
          {"return": {}}
          { "execute": "device-list-properties", "arguments": { "typename": 
"pxa2xx-pcmcia" } }
          qemu-system-aarch64: /home/armbru/work/qemu/memory.c:1307: 
memory_region_finalize: Assertion `((&mr->subregions)->tqh_first == ((void 
*)0))' failed.
          Aborted (core dumped)
          [Exit 134 (SIGABRT)]

      Unfortunately, I can't fix the problems in these devices right now.
      Instead, add DeviceClass member cannot_destroy_with_object_finalize_yet
      to mark them:

      * Hang during cleanup (didn't debug, so I can't say why):
        "realview_pci", "versatile_pci".

      * Dangling pointer in cpus: most CPUs, plus "allwinner-a10", "digic",
        "fsl,imx25", "fsl,imx31", "xlnx,zynqmp", because they create such
        CPUs

      * Assert kvm_enabled(): "host-x86_64-cpu", host-i386-cpu",
        "host-powerpc64-cpu", "host-embedded-powerpc-cpu",
        "host-powerpc-cpu" (the powerpc ones can't currently reach the
        assertion, because the CPUs are only registered when KVM is enabled,
        but the assertion is arguably in the wrong place all the same)

      Make qmp_device_list_properties() fail cleanly when the device is so
      marked.  This improves device-list-properties from "crashes, hangs or
      leaves dangling pointers behind" to "fails".  Not a complete fix, just
      a better-than-nothing work-around.  In the above reproducer,
      device-list-properties now fails with "Can't list properties of device
      'pxa2xx-pcmcia'".

      This also protects -device FOO,help, which uses the same machinery
      since commit ef52358 "qdev-monitor: include QOM properties in -device
      FOO, help output", v2.2.  Example reproducer:

          $ qemu-system-aarch64 -machine none -device pxa2xx-pcmcia,help

      Before:

          qemu-system-aarch64: .../memory.c:1307: memory_region_finalize: 
Assertion `((&mr->subregions)->tqh_first == ((void *)0))' failed.

      After:

          Can't list properties of device 'pxa2xx-pcmcia'

      Cc: "Andreas Färber" <afaerber@xxxxxxx>
      Cc: "Edgar E. Iglesias" <edgar.iglesias@xxxxxxxxx>
      Cc: Alexander Graf <agraf@xxxxxxx>
      Cc: Anthony Green <green@xxxxxxxxxxxxxx>
      Cc: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Cc: Bastian Koppelmann <kbastian@xxxxxxxxxxxxxxxxxxxxx>
      Cc: Blue Swirl <blauwirbel@xxxxxxxxx>
      Cc: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Cc: Guan Xuetao <gxt@xxxxxxxxxxxxxxx>
      Cc: Jia Liu <proljc@xxxxxxxxx>
      Cc: Leon Alrae <leon.alrae@xxxxxxxxxx>
      Cc: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxx>
      Cc: Max Filippov <jcmvbkbc@xxxxxxxxx>
      Cc: Michael Walle <michael@xxxxxxxx>
      Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Cc: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Cc: Richard Henderson <rth@xxxxxxxxxxx>
      Cc: qemu-ppc@xxxxxxxxxx
      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Message-Id: <1443689999-12182-10-git-send-email-armbru@xxxxxxxxxx>

  commit edb1523d90415cb79f60f83b4028ef3820d15612
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 1 10:59:57 2015 +0200

      qmp: Fix device-list-properties not to crash for abstract device

      Broken in commit f4eb32b "qmp: show QOM properties in
      device-list-properties", v2.1.

      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Andreas Färber <afaerber@xxxxxxx>
      Message-Id: <1443689999-12182-9-git-send-email-armbru@xxxxxxxxxx>

  commit 2d1abb850fd15fd6eb75a92290be5f93b2772ec5
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 1 10:59:56 2015 +0200

      device-introspect-test: New, covering device introspection

      The test doesn't check that the output makes any sense, only that QEMU
      survives.  Useful since we've had an astounding number of crash bugs
      around there.

      In fact, we have a bunch of them right now: a few devices crash or
      hang, and some leave dangling pointers behind.  The test skips testing
      the broken parts.  The next commits will fix them up, and drop the
      skipping.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443689999-12182-8-git-send-email-armbru@xxxxxxxxxx>

  commit 5fb48d9673b76fc53507a0e717a12968e57d846e
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 1 10:59:55 2015 +0200

      libqtest: New hmp() & friends

      New convenience function hmp() to facilitate use of
      human-monitor-command in tests.  Use it to simplify its existing uses.

      To blend into existing libqtest code, also add qtest_hmpv() and
      qtest_hmp().  That, and the egregiously verbose GTK-Doc comment format
      make this patch look bigger than it is.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Message-Id: <1443689999-12182-7-git-send-email-armbru@xxxxxxxxxx>

  commit 82b15c7bdbda6207d1fee2ec824432e64af3ecb4
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 1 10:59:54 2015 +0200

      libqtest: Clean up unused QTestState member sigact_old

      Unused since commit d766825.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Message-Id: <1443689999-12182-6-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>

  commit e253c287153c6f3ce4177686ac12c196f9bd8292
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 1 10:59:53 2015 +0200

      tests: Fix how qom-test is run

      We want to run qom-test for every architecture, without having to
      manually add it to every architecture's list of tests.  Commit 3687d53
      accomplished this by adding it to every architecture's list
      automatically.

      However, some architectures inherit their tests from others, like this:

          check-qtest-x86_64-y = $(check-qtest-i386-y)
          check-qtest-microblazeel-y = $(check-qtest-microblaze-y)
          check-qtest-xtensaeb-y = $(check-qtest-xtensa-y)

      For such architectures, we ended up running the (slow!) test twice.
      Commit 2b8419c attempted to avoid this by adding the test only when
      it's not already present.  Works only as long as we consider adding
      the test to the architectures on the left hand side *after* the ones
      on the right hand side: x86_64 after i386, microblazeel after
      microblaze, xtensaeb after xtensa.

      Turns out we consider them in $(SYSEMU_TARGET_LIST) order.  Defined as

          SYSEMU_TARGET_LIST := $(subst -softmmu.mak,,$(notdir \
             $(wildcard $(SRC_PATH)/default-configs/*-softmmu.mak)))

      On my machine, this results in the oder xtensa, x86_64, microblazeel,
      microblaze, i386.  Consequently, qom-test runs twice for microblazeel
      and x86_64.

      Replace this complex and flawed machinery with a much simpler one: add
      generic tests (currently just qom-test) to check-qtest-generic-y
      instead of check-qtest-$(target)-y for every target, then run
      $(check-qtest-generic-y) for every target.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Andreas Färber <afaerber@xxxxxxx>
      Message-Id: <1443689999-12182-5-git-send-email-armbru@xxxxxxxxxx>

  commit c7104402353bf32ac1d3a276e3619a20e910506b
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Thu Oct 1 10:59:52 2015 +0200

      macio: move DBDMA_init from instance_init to realize

      DBDMA_init is not idempotent, and calling it from instance_init
      breaks a simple object_new/object_unref pair.  Work around this,
      pending qdev-ification of DBDMA, by moving the call to realize.

      Reported-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1443689999-12182-4-git-send-email-armbru@xxxxxxxxxx>

  commit 81e0ab48dda611e9571dc2e166840205a4208567
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Thu Oct 1 10:59:51 2015 +0200

      hw: do not pass NULL to memory_region_init from instance_init

      This causes the region to outlive the object, because it attaches the
      region to /machine.  This is not nice for the "realize" method, but
      much worse for "instance_init" because it can cause dangling pointers
      after a simple object_new/object_unref pair.

      Reported-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Tested-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1443689999-12182-3-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>

  commit 2e2b8eb70fdb7dfbec39f3a19b20f9a73f2f813e
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Thu Oct 1 10:59:50 2015 +0200

      memory: allow destroying a non-empty MemoryRegion

      This is legal; the MemoryRegion will simply unreference all the
      existing subregions and possibly bring them down with it as well.
      However, it requires a bit of care to avoid an infinite loop.
      Finalizing a memory region cannot trigger an address space update,
      but memory_region_del_subregion errs on the side of caution and
      might trigger a spurious update: avoid that by resetting mr->enabled
      first.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1443689999-12182-2-git-send-email-armbru@xxxxxxxxxx>

  commit c6047e9621f77a65993bcda8f58b676996e24bb5
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 8 18:11:40 2015 +0200

      virtio-input: Fix device introspection on non-Linux hosts

      When CONFIG_LINUX is off, devices "virtio-keyboard-device",
      "virtio-mouse-device", "virtio-tablet-device" and
      "virtio-input-host-device" aren't compiled in, yet
      "virtio-keyboard-pci", "virtio-mouse-pci", "virtio-tablet-pci" and
      "virtio-input-host-pci" still are.  Attempts to introspect them crash,
      e.g.

          $ qemu-system-x86_64 -device virtio-tablet-pci,help
          **
          ERROR:/work/armbru/qemu/qom/object.c:333:object_initialize_with_type: 
assertion failed: (type != NULL)

      Broken in commit 710e2d9 and commit 006a5ed.

      Fix by compiling the "virtio-FOO-pci" exactly when compiling the
      "virtio-FOO-device": compile "virtio-keyboard-device",
      "virtio-mouse-device", "virtio-tablet-device" regardless of
      CONFIG_LINUX, and compile "virtio-input-host-pci" only for
      CONFIG_LINUX.

      Reported-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Message-Id: <1444320700-26260-3-git-send-email-armbru@xxxxxxxxxx>

  commit ac98fa849e834f48e5a64cf4b22218ba4047e142
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Thu Oct 8 18:11:39 2015 +0200

      update-linux-headers: Rename SW_MAX to SW_MAX_

      The next commit will compile hw/input/virtio-input.c and
      hw/input/virtio-input-hid.c even when CONFIG_LINUX is off.  These
      files include both "include/standard-headers/linux/input.h" and
      <windows.h> then.  Doesn't work, because both define SW_MAX.  We don't
      actually use it.  Patch input.h to define SW_MAX_ instead.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1444320700-26260-2-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit b37686f7e84b22cfaf7fd01ac5133f2617cc3027
  Merge: 8be6e62 98cf48f
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 9 12:18:13 2015 +0100

      Merge remote-tracking branch 'remotes/stefanha/tags/tracing-pull-request' 
into staging

      # gpg: Signature made Fri 09 Oct 2015 10:15:13 BST using RSA key ID 
81AB73C8
      # gpg: Good signature from "Stefan Hajnoczi <stefanha@xxxxxxxxxx>"
      # gpg:                 aka "Stefan Hajnoczi <stefanha@xxxxxxxxx>"

      * remotes/stefanha/tags/tracing-pull-request:
        trace: remove malloc tracing
        docs: update the usage example of "dtrace" backend in tracing.txt

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 8be6e623a28497d1dcd10547a573c9143ece525c
  Merge: 1d27b91 deb847b
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 9 10:45:09 2015 +0100

      Merge remote-tracking branch 
'remotes/mjt/tags/pull-trivial-patches-2015-10-08' into staging

      trivial patches for 2015-10-08

      # gpg: Signature made Thu 08 Oct 2015 17:51:05 BST using RSA key ID 
A4C3D7DB
      # gpg: Good signature from "Michael Tokarev <mjt@xxxxxxxxxx>"
      # gpg:                 aka "Michael Tokarev <mjt@xxxxxxxxx>"
      # gpg:                 aka "Michael Tokarev <mjt@xxxxxxxxxx>"

      * remotes/mjt/tags/pull-trivial-patches-2015-10-08:
        tests: Unique test path for /string-visitor/output
        linux-user: Remove type casts to union type
        linux-user: Use g_new() & friends where that makes obvious sense
        rocker: Use g_new() & friends where that makes obvious sense
        .travis.yml: Run make check for all targets, not just some
        hw: char: Remove unnecessary variable
        hw: timer: Remove unnecessary variable
        qapi: add missing @
        MAINTAINERS: Add NSIS file for W32, W64 hosts
        target-ppc: Remove unnecessary variable
        target-microblaze: Remove unnecessary variable
        s/cpu_get_real_ticks/cpu_get_host_ticks/
        pc: check for underflow in load_linux
        pci-assign: do not include sys/io.h
        block/ssh: remove dead code
        imx_serial: Generate interrupt on tx empty if enabled
        sdhci: Change debug prints to compile unconditionally
        sdhci: use PRIx64 for uint64_t type
        Add .dir-locals.el file to configure emacs coding style

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 98cf48f60aa4999f5b2808569a193a401a390e6a
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Wed Sep 16 17:38:44 2015 +0200

      trace: remove malloc tracing

      The malloc vtable is not supported anymore in glib, because it broke
      when constructors called g_malloc.  Remove tracing of g_malloc,
      g_realloc and g_free calls.

      Note that, for systemtap users, glib also provides tracepoints
      glib.mem_alloc, glib.mem_free, glib.mem_realloc, glib.slice_alloc
      and glib.slice_free.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Message-id: 1442417924-25831-1-git-send-email-pbonzini@xxxxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 2e4ccbbc64b212c4d1c7008ca58e141d6a984494
  Author: Lin Ma <lma@xxxxxxxx>
  Date:   Fri Sep 11 14:58:50 2015 +0800

      docs: update the usage example of "dtrace" backend in tracing.txt

      The usage example of dtrace is quite ancient, We have tracetool.py with
      different parameters instead of the original tracetool shell script for
      a long time, So update the old information.

      Signed-off-by: Lin Ma <lma@xxxxxxxx>
      Message-id: 1441954730-17341-1-git-send-email-lma@xxxxxxxx
      Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit deb847bfba7ee0ab8151842f5e9cb12d4daad3a3
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Mon Oct 5 12:04:20 2015 +0100

      tests: Unique test path for /string-visitor/output

      Newer GLib's want unique test paths, and thus moan at dupes.
      (Seen on Fedora 23 which has glib 2.46)

      Uniquify the paths.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit d1c002b6ae2dc81d97bbe23fe65e1960abdba9a4
  Author: Stefan Weil <sw@xxxxxxxxxxx>
  Date:   Sun Feb 8 15:40:58 2015 +0100

      linux-user: Remove type casts to union type

      Casting to a union type is a gcc (and clang) extension. Other compilers
      might not support it. This is not a problem today, but the type casts
      can be removed easily. Smatch now no longer complains like before:

      linux-user/syscall.c:3190:18: warning: cast to non-scalar
      linux-user/syscall.c:7348:44: warning: cast to non-scalar

      Cc: Riku Voipio <riku.voipio@xxxxxx>
      Signed-off-by: Stefan Weil <sw@xxxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit c78d65e8a7d87badf46eda3a0b41330f5d239132
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Mon Sep 14 13:53:03 2015 +0200

      linux-user: Use g_new() & friends where that makes obvious sense

      g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
      for two reasons.  One, it catches multiplication overflowing size_t.
      Two, it returns T * rather than void *, which lets the compiler catch
      more type errors.

      This commit only touches allocations with size arguments of the form
      sizeof(T).  Same Coccinelle semantic patch as in commit b45c03f.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Stefan Weil <sw@xxxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 778358d0a8f74a76488daea3c1b6fb327d8135b4
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Mon Sep 14 13:52:23 2015 +0200

      rocker: Use g_new() & friends where that makes obvious sense

      g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
      for two reasons.  One, it catches multiplication overflowing size_t.
      Two, it returns T * rather than void *, which lets the compiler catch
      more type errors.

      This commit only touches allocations with size arguments of the form
      sizeof(T).  Same Coccinelle semantic patchas in commit b45c03f.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Acked-by: Jiri Pirko <jiri@xxxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Jiri Pirko <jiri@xxxxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit cb157af23833ca0762125f34b3fe73cfdbac297e
  Author: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
  Date:   Wed Sep 23 15:27:12 2015 +1000

      .travis.yml: Run make check for all targets, not just some

      ed173cb ".travis.yml: remove "make check" from main matrix" stopped 
running
      make check for all the Travis build targets for various reasons.  It
      continued to run make check on one Travis build, which builds for a big
      list of all (? nearly all) our supported softmmu targets.

      Unfortunately, due to a spacing / quoting error it only actually builds 
for
      the alpha, arm, aarch64 and cris targets.  Specifically, the list of
      targets is split over several lines.  Even with YAML folding, this will
      leave spaces in the list, meaning $TARGETS won't have the value we need.

      I had a look at the YAML spec and I couldn't quickly see a way of 
splitting
      the list so that it doesn't end up with spaces, so this patch fixes the
      problem by putting the whole list on one huge line.

      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 65cb2a14cacbc08c754f3cb41436fe6ece46593a
  Author: Shraddha Barke <shraddha.6596@xxxxxxxxx>
  Date:   Fri Sep 25 20:06:02 2015 +0530

      hw: char: Remove unnecessary variable

      Compress lines and remove the variable.

      Signed-off-by: Shraddha Barke <shraddha.6596@xxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit bf5f78efed26054c2ce71e6f4c30ece13bf06e87
  Author: Shraddha Barke <shraddha.6596@xxxxxxxxx>
  Date:   Fri Sep 25 20:06:03 2015 +0530

      hw: timer: Remove unnecessary variable

      Compress lines and remove the variable.

      Signed-off-by: Shraddha Barke <shraddha.6596@xxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit f169f8fbca3999fe59f37a86822f305f7292949d
  Author: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
  Date:   Fri Sep 25 16:03:30 2015 +0200

      qapi: add missing @

      Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 885bdc95b165dc2b63bdc756be4919e948b9d27b
  Author: Stefan Weil <sw@xxxxxxxxxxx>
  Date:   Fri Sep 25 22:25:32 2015 +0200

      MAINTAINERS: Add NSIS file for W32, W64 hosts

      The NSIS installer configuration is maintained by me.

      Signed-off-by: Stefan Weil <sw@xxxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit f9b8e7f63acf9418238444aec654aba249a334ba
  Author: Shraddha Barke <shraddha.6596@xxxxxxxxx>
  Date:   Fri Sep 25 14:07:58 2015 +0530

      target-ppc: Remove unnecessary variable

      Compress lines and remove the variable.

      Signed-off-by: Shraddha Barke <shraddha.6596@xxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 738c8b01ba4d020ee42c72e83a6aa3d9408a2530
  Author: Shraddha Barke <shraddha.6596@xxxxxxxxx>
  Date:   Fri Sep 25 14:07:56 2015 +0530

      target-microblaze: Remove unnecessary variable

      Compress lines and remove the variable.

      Signed-off-by: Shraddha Barke <shraddha.6596@xxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 4a7428c5a7e82f4dde3646e4a8cc8e54f3257e2a
  Author: Christopher Covington <cov@xxxxxxxxxxxxxx>
  Date:   Fri Sep 25 10:42:21 2015 -0400

      s/cpu_get_real_ticks/cpu_get_host_ticks/

      This should help clarify the purpose of the function that returns
      the host system's CPU cycle count.

      Signed-off-by: Christopher Covington <cov@xxxxxxxxxxxxxx>
      Acked-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      ppc portion
      Acked-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit ec5fd402645fd4f03d89dcd5840b0e8542549e82
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Sep 14 12:07:22 2015 +0200

      pc: check for underflow in load_linux

      If (setup_size+1)*512 is small enough, kernel_size -= setup_size can 
allocate
      a huge amount of memory.  Avoid that.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 16033ba577059c5675e4c786234c46027380c29b
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 15 10:47:36 2015 +0200

      pci-assign: do not include sys/io.h

      This file does not exist on bionic libc and the functions it defines
      are in fact not used by pci-assign.c.  Remove it.

      Reported-by: Houcheng Lin <houcheng@xxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit eab2ac9d3c1675a58989000c2647aa33e440906a
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Sep 14 13:12:34 2015 +0200

      block/ssh: remove dead code

      The "err" label cannot be reached with qp != NULL.  Remove the free-ing
      of qp and avoid future regressions by removing the initializer.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      ACKed-by: Richard W.M. Jones <rjones@xxxxxxxxxx>
      Reviewed-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit dc1442204a2235b1ad0c4bdceb3580c97f71f1b5
  Author: Guenter Roeck <linux@xxxxxxxxxxxx>
  Date:   Thu Aug 20 08:52:35 2015 -0700

      imx_serial: Generate interrupt on tx empty if enabled

      Generate an interrupt if the tx buffer is empty and the tx empty interrupt
      is enabled. This fixes a problem seen when running a Linux image since
      Linux commit 55c3cb1358e ("serial: imx: remove unneeded 
imx_transmit_buffer()
      from imx_start_tx()"). Linux now waits for the tx empty interrupt before
      starting to send data, causing transmit stalls until there is an interrupt
      for another reason.

      Signed-off-by: Guenter Roeck <linux@xxxxxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 7af0fc994e85c0ff16eda6d7e328427b02a01008
  Author: Sai Pavan Boddu <sai.pavan.boddu@xxxxxxxxxx>
  Date:   Mon Sep 7 23:36:41 2015 +0530

      sdhci: Change debug prints to compile unconditionally

      Conditional compilation hides few type mismatch warnings, fix it to
      compile unconditionally.

      Signed-off-by: Sai Pavan Boddu <saipava@xxxxxxxxxx>
      Suggested-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit be9c5ddeabb73e9dee2d6922c03ffee4e1f4c8ec
  Author: Sai Pavan Boddu <sai.pavan.boddu@xxxxxxxxxx>
  Date:   Mon Sep 7 23:36:40 2015 +0530

      sdhci: use PRIx64 for uint64_t type

      Fix compile time warnings, because of type mismatch for unsigned long
      long type.

      Signed-off-by: Sai Pavan Boddu <saipava@xxxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 91288a58a550be4dc80628456d5e1d2e91424827
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Thu Jun 4 14:30:07 2015 +0100

      Add .dir-locals.el file to configure emacs coding style

      Some default emacs setups indent by 2 spaces and uses tabs
      which is counter to the QEMU coding style rules. Adding a
      .dir-locals.el file in the top level of the GIT repo will
      inform emacs about the QEMU coding style, and so assist
      contributors in avoiding common style mistakes before
      they submit patches.

      Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
      Reviewed-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>

  commit 1d27b91723c252d9a97151dc1959cfd89c5816cb
  Merge: 31c9bd1 508ce5e
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Oct 8 16:50:34 2015 +0100

      Merge remote-tracking branch 
'remotes/awilliam/tags/vfio-update-20151007.0' into staging

      VFIO updates 2015-10-07

       - Change platform device IRQ setup sequence for compatibility
         with upcoming IRQ forwarding (Eric Auger)
       - Extensions to support vfio-pci devices on spapr-pci-host-bridge
         (David Gibson) [clang problem patch dropped]

      # gpg: Signature made Wed 07 Oct 2015 16:30:52 BST using RSA key ID 
3BB08B22
      # gpg: Good signature from "Alex Williamson <alex.williamson@xxxxxxxxxx>"
      # gpg:                 aka "Alex Williamson <alex@xxxxxxxxxxx>"
      # gpg:                 aka "Alex Williamson <alwillia@xxxxxxxxxx>"
      # gpg:                 aka "Alex Williamson <alex.l.williamson@xxxxxxxxx>"

      * remotes/awilliam/tags/vfio-update-20151007.0:
        vfio: Allow hotplug of containers onto existing guest IOMMU mappings
        memory: Allow replay of IOMMU mapping notifications
        vfio: Record host IOMMU's available IO page sizes
        vfio: Check guest IOVA ranges against host IOMMU capabilities
        vfio: Generalize vfio_listener_region_add failure path
        vfio: Remove unneeded union from VFIOContainer
        hw/vfio/platform: do not set resamplefd for edge-sensitive IRQS
        hw/vfio/platform: change interrupt/unmask fields into pointer
        hw/vfio/platform: irqfd setup sequence update

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 31c9bd164ddb653915b9029ba0edd40cd57530d9
  Merge: ca4e4b8 126d89e
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Oct 8 15:33:56 2015 +0100

      Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20151007' into 
staging

      Do away with TB retranslation

      # gpg: Signature made Wed 07 Oct 2015 10:42:08 BST using RSA key ID 
4DD0279B
      # gpg: Good signature from "Richard Henderson <rth7680@xxxxxxxxx>"
      # gpg:                 aka "Richard Henderson <rth@xxxxxxxxxx>"
      # gpg:                 aka "Richard Henderson <rth@xxxxxxxxxxx>"

      * remotes/rth/tags/pull-tcg-20151007: (26 commits)
        tcg: Adjust CODE_GEN_AVG_BLOCK_SIZE
        tcg: Check for overflow via highwater mark
        tcg: Allocate a guard page after code_gen_buffer
        tcg: Emit prologue to the beginning of code_gen_buffer
        tcg: Remove tcg_gen_code_search_pc
        tcg: Remove gen_intermediate_code_pc
        tcg: Save insn data and use it in cpu_restore_state_from_tb
        tcg: Pass data argument to restore_state_to_opc
        tcg: Add TCG_MAX_INSNS
        target-*: Drop cpu_gen_code define
        tcg: Merge cpu_gen_code into tb_gen_code
        target-sparc: Add npc state to insn_start
        target-sparc: Remove gen_opc_jump_pc
        target-sparc: Split out gen_branch_n
        target-sparc: Tidy gen_branch_a interface
        target-cris: Mirror gen_opc_pc into insn_start
        target-sh4: Add flags state to insn_start
        target-s390x: Add cc_op state to insn_start
        target-mips: Add delayed branch state to insn_start
        target-i386: Add cc_op state to insn_start
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit ca4e4b82848982311a40d0937c1de9db1108fdb0
  Merge: fb6345f fec7daa
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Oct 8 13:37:04 2015 +0100

      Merge remote-tracking branch 'remotes/rth/tags/pull-tile-20151007' into 
staging

      Collected patches

      # gpg: Signature made Wed 07 Oct 2015 10:30:17 BST using RSA key ID 
4DD0279B
      # gpg: Good signature from "Richard Henderson <rth7680@xxxxxxxxx>"
      # gpg:                 aka "Richard Henderson <rth@xxxxxxxxxx>"
      # gpg:                 aka "Richard Henderson <rth@xxxxxxxxxxx>"

      * remotes/rth/tags/pull-tile-20151007:
        target-tilegx: Support iret instruction and related special registers
        target-tilegx: Use TILEGX_EXCP_OPCODE_UNKNOWN and 
TILEGX_EXCP_OPCODE_UNIMPLEMENTED correctly
        target-tilegx: Implement v2mults instruction
        target-tilegx: Implement v?int_* instructions.
        target-tilegx: Implement v2sh* instructions
        target-tilegx: Handle nofault prefetch instructions
        target-tilegx: Fix a typo for mnemonic about "ld_add"
        target-tilegx: Use TILEGX_EXCP_SIGNAL instead of TILEGX_EXCP_SEGV
        target-tilegx: Decode ill pseudo-instructions
        linux-user/tilegx: Implement tilegx signal features
        linux-user/syscall_defs.h: Sync the latest si_code from Linux kernel
        target-tilegx: Let x1 pipe process bpt instruction only
        target-tilegx: Implement complex multiply instructions
        target-tilegx: Implement table index instructions
        target-tilegx: Implement crc instructions
        target-tilegx: Implement v1multu instruction
        target-tilegx: Implement v*add and v*sub instructions
        target-tilegx: Implement v*shl, v*shru, and v*shrs instructions
        target-tilegx: Tidy simd_helper.c

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit fb6345f452ba7cefb395389abb17d0af0e42c54b
  Merge: eed2df6 32532f2
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Oct 8 11:28:17 2015 +0100

      Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' 
into staging

      NUMA queue, 2015-10-06

      # gpg: Signature made Tue 06 Oct 2015 20:53:42 BST using RSA key ID 
984DC5A6
      # gpg: Good signature from "Eduardo Habkost <ehabkost@xxxxxxxxxx>"

      * remotes/ehabkost/tags/numa-pull-request:
        pc-dimm: Fail realization for invalid nodes in non-NUMA config

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 925a04000231ad865770ba227876ba518ac3e479
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Tue May 26 12:26:21 2015 +0200

      gtk/opengl: add opengl context and scanout support (GtkGLArea)

      This allows virtio-gpu to render in 3d mode.
      Uses native opengl support which is present
      in gtk versions 3.16 and newer.

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 4782aeb79fbcb70bb96b52f6d9bc7cadb3cf7d58
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri May 8 11:30:51 2015 +0200

      gtk/opengl: add opengl context and scanout support (egl)

      This allows virtio-gpu to render in 3d mode.
      Uses egl, for gtk versions 3.14 and older.

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit 6c18744d0f99138cb19cd9d1241d7b11c478a944
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Wed Apr 29 10:08:04 2015 +0200

      opengl: add egl-context.[ch] helpers

      Add helper functions to manage opengl contexts using egl.

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit e9c1b459f28fb4dce52dd5afa6a1ad7fb00ee5e2
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Oct 2 08:30:27 2015 +0200

      virtio-gpu: add cursor update tracepoint

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit 9d9e152136bdaa75ea98e5c2105f2a7127e369eb
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Jul 11 12:51:43 2014 +0200

      virtio-gpu: add 3d mode and virgl rendering support.

      Add virglrenderer library detection.  Add 3d mode to virtio-gpu,
      wire up virglrenderer library.  When in 3d mode render using the
      new context management and texture scanout callbacks.

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit bc79e96442283471c92c8ea7ae15563274f7b0cb
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri May 22 15:38:33 2015 +0200

      virtio-gpu: update headers for virgl/3d

      Sync with linux kernel headers with virgl/3d patches applied.

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit 2e2521452e28399dbc6fecec56d5bbb29f9b6796
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Wed Sep 16 09:15:15 2015 +0200

      virtio-gpu: change licence from GPLv2 to GPLv2+

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>

  commit 7f3be0f20ff8d976ab982cc06026cac0600f1fb6
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Tue Sep 15 09:23:14 2015 +0200

      virtio-gpu: move iov free to virtio_gpu_cleanup_mapping_iov

      For symmetry reasons: virtio_gpu_create_mapping_iov() allocates it so
      virtio_gpu_cleanup_mapping_iov() should free it, otherwise it's easy to
      miss a free() needed and leak memory.

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit 06020b950c0a6a73cbee0527af846b05679c937a
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Jul 11 13:56:51 2014 +0200

      ui/console: add opengl context and scanout support interfaces.

      Add callbacks for opengl context management and scanout texture
      configuration to DisplayChangeListenerOps.

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit 136a8d9d444560f71fca89f27475cfeaffa19cf3
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Jun 12 12:16:02 2015 +0200

      sdl2: stop flickering

      Optimizing updates by copying the dirty rectangle
      only do not work because of double-buffering.

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit c046d8284474a0f7763dea849433bde37a69023d
  Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
  Date:   Fri Jul 10 14:40:01 2015 +0200

      shaders: initialize vertexes once

      Create a buffer for the vertex data and place vertexes
      there at initialization time.  Then just use the buffer
      for each texture blit.

      Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>

  commit 126d89e8cdfa3be15d51f76906eaccbcd0023f98
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Sat Sep 26 09:23:42 2015 -0700

      tcg: Adjust CODE_GEN_AVG_BLOCK_SIZE

      At present, the "average" guestimate of TB size is way too small, leading
      to many unused entries in the pre-allocated TB array.  For a guest with 
1GB
      ram, we're currently allocating 256MB for the array.

      Survey arm, alpha, aarch64, ppc, sparc, i686, x86_64 guests running on
      x86_64 and ppc64 hosts and select a new average.  The size of the array
      drops to 81MB with no more flushing than before.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit b125f9dc7bd68cd4c57189db4da83b0620b28a72
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Sep 22 13:01:15 2015 -0700

      tcg: Check for overflow via highwater mark

      We currently pre-compute an worst case code size for any TB, which
      works out to be 122kB.  Since the average TB size is near 1kB, this
      wastes quite a lot of storage.

      Instead, check for overflow in between generating code for each opcode.
      The overhead of the check isn't measurable and wastage is minimized.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit f293709c6af7a65a9bcec09cdba7a60183657a3e
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Sat Sep 19 12:03:15 2015 -0700

      tcg: Allocate a guard page after code_gen_buffer

      This will catch any overflow of the buffer.

      Add a native win32 alternative for alloc_code_gen_buffer;
      remove the malloc alternative.

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 8163b74938d8b7d12e70597c4553dd0dc49443d5
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Fri Sep 18 23:43:05 2015 -0700

      tcg: Emit prologue to the beginning of code_gen_buffer

      By putting the prologue at the end, we risk overwriting the
      prologue should our estimate of maximum TB size.  Given the
      two different placements of the call to tcg_prologue_init,
      move the high water mark computation into tcg_prologue_init.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 04fe64000162c45d8974da9ca4d266f8d0e67eb7
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Sep 1 20:07:48 2015 -0700

      tcg: Remove tcg_gen_code_search_pc

      It's no longer used, so tidy up everything reached by it.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 4e5e1215156662b2b153255c49d4640d82c5568b
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Sep 1 20:01:40 2015 -0700

      tcg: Remove gen_intermediate_code_pc

      It is no longer used, so tidy up everything reached by it.
      This includes the gen_opc_* arrays, the search_pc parameter
      and the inline gen_intermediate_code_internal functions.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit fca8a500d519a56abeaedf8073167a61d3c6b9c4
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Sep 1 19:11:45 2015 -0700

      tcg: Save insn data and use it in cpu_restore_state_from_tb

      We can now restore state without retranslation.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit bad729e272387de7dbfa3ec4319036552fc6c107
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Sep 1 15:51:12 2015 -0700

      tcg: Pass data argument to restore_state_to_opc

      The gen_opc_* arrays are already redundant with the data stored in
      the insn_start arguments.  Transition restore_state_to_opc to use
      data from the latter.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 190ce7fbc79fd0883a6170d7f30da59d366e6830
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Mon Aug 31 14:34:41 2015 -0700

      tcg: Add TCG_MAX_INSNS

      Adjust all translators to respect it.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit dc03246cc377268db63abc8c5663ef571aec2eea
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Thu Aug 27 18:18:09 2015 -0700

      target-*: Drop cpu_gen_code define

      This symbol no longer exists.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit fec88f64bda27846add83e924c8f4def9d94e068
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Thu Aug 27 18:17:40 2015 -0700

      tcg: Merge cpu_gen_code into tb_gen_code

      As it's only caller, this tidies things a bit.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit a3d5ad761cafc669e25f4185e63d8d758a989135
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Mon Aug 31 13:30:52 2015 -0700

      target-sparc: Add npc state to insn_start

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 6c42444f9a53b6af39d46008cb9f650b11e96cb9
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Mon Aug 31 13:24:44 2015 -0700

      target-sparc: Remove gen_opc_jump_pc

      Since jump_pc[1] is always npc + 4, we can infer after incrementing
      that jump_pc[1] == pc + 4.  Because of that, we can encode the branch
      destination into a single word, and store that in npc.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 2bf2e019ed0a6349220620240c0ba807846793b9
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Mon Aug 31 13:01:47 2015 -0700

      target-sparc: Split out gen_branch_n

      Unify three copies of this code from different
      branch types.  Fix the case when npc == DYNAMIC_PC,
      i.e. a branch within a delay slot.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit bfa31b765798139804ce9e5e35c7e142d233df31
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Mon Aug 31 12:44:16 2015 -0700

      target-sparc: Tidy gen_branch_a interface

      We always pass pc2 == dc->npc and r_cond == cpu_cond,
      and always set is_br afterward.  Infer all of that.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit bd03c791a6ed1bb7aec17df15cfeea649362e8fd
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Sun Aug 30 09:35:14 2015 -0700

      target-cris: Mirror gen_opc_pc into insn_start

      This perhaps isn't ideal in terms of (ab)using the "pc" field
      to encode both pc and ppc + delay branch state, as one has to
      be aware of this when examining opcode dumps.

      But it preserves existing logic, which will be good for bisection,
      and it certainly does save storage space.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 07f3c16ced2b869228d58683c1dea06e3e1c9aa5
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Sun Aug 30 09:28:52 2015 -0700

      target-sh4: Add flags state to insn_start

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit a3fd522048f6728d8259e14596c9632c7c67305a
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Sun Aug 30 09:26:10 2015 -0700

      target-s390x: Add cc_op state to insn_start

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit c20d594e45bc8c4b21be1a7637cba0f279f72879
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Sun Aug 30 09:25:36 2015 -0700

      target-mips: Add delayed branch state to insn_start

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 2066d09516ba34d0d180fdea451436d9babb3308
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Sun Aug 30 09:24:58 2015 -0700

      target-i386: Add cc_op state to insn_start

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 52e971d9ff67e340ac2a86bd67e14bd31c7991e0
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Sun Aug 30 09:22:06 2015 -0700

      target-arm: Add condexec state to insn_start

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 9aef40ed1f6e2bd794bbb3ba8c8b773e506334c9
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Sun Aug 30 09:21:33 2015 -0700

      tcg: Allow extra data to be attached to insn_start

      With an eye toward having this data replace the gen_opc_* arrays
      that each target collects in order to enable restore_state_from_tb.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit b933066ae03d924a92b2616b4a24e7d91cd5b841
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Thu Sep 17 15:58:10 2015 -0700

      target-*: Introduce and use cpu_breakpoint_test

      Reduce the boilerplate required for each target.  At the same time,
      move the test for breakpoint after calling tcg_gen_insn_start.

      Note that arm and aarch64 do not use cpu_breakpoint_test, but still
      move the inline test down after tcg_gen_insn_start.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 959082fc4a93a016a6b697e1e0c2b373d8a3a373
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Thu Sep 17 14:25:46 2015 -0700

      target-*: Increment num_insns immediately after tcg_gen_insn_start

      This does tidy the icount test common to all targets.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 667b8e29c5b1d8c5b4e6ad5f780ca60914eb6e96
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Sat Aug 29 12:59:29 2015 -0700

      target-*: Unconditionally emit tcg_gen_insn_start

      While we're at it, emit the opcode adjacent to where we currently
      record data for search_pc.  This puts gen_io_start et al on the
      "correct" side of the marker.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 765b842adec4c5a359e69ca08785553599f71496
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Sat Aug 29 12:37:33 2015 -0700

      tcg: Rename debug_insn_start to insn_start

      With an eye toward making it mandatory.

      Reviewed-by: Aurelien Jarno <aurelien@xxxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit fec7daab3d63b7b2ca61581fffc40142b22b2bd5
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Sun Oct 4 17:41:14 2015 +0800

      target-tilegx: Support iret instruction and related special registers

      EX_CONTEXT_0_0 is used for jumping address, and EX_CONTEXT_0_1 is for
      INTERRUPT_CRITICAL_SECTION, which should only be 0 or 1 in user mode, or
      it will cause target SIGILL (and the patch doesn't support system mode).

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 77b3adc0012153e629b48b710ad19a8b544bb507
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Sun Oct 4 13:34:33 2015 +0800

      target-tilegx: Use TILEGX_EXCP_OPCODE_UNKNOWN and 
TILEGX_EXCP_OPCODE_UNIMPLEMENTED correctly

      For some cases, they are for TILEGX_EXCP_OPCODE_UNKNOWN, not for
      TILEGX_EXCP_OPCODE_UNIMPLEMENTED.

      Also for some cases, they are for TILEGX_EXCP_OPCODE_UNIMPLEMENTED, not
      for TILEGX_EXCP_OPCODE_UNKNOWN.

      When analyzing issues, the correct printing information is necessary,
      e.g. grep UIMP in gcc testsuite output log for finding qemu tilegx
      umimplementation issues, grep UNKNOWN for finding unknown instructions.

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit a419e22d703667211521d4257df294047c13eca3
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Sun Oct 4 19:01:27 2015 +0800

      target-tilegx: Implement v2mults instruction

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Message-Id: <1443956491-26850-3-git-send-email-gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit aaf893a6ad6c7c0a986638ba599000e13f9f4182
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Sun Oct 4 19:01:26 2015 +0800

      target-tilegx: Implement v?int_* instructions.

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Message-Id: <1443956491-26850-2-git-send-email-gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 78affcb798516dcb5d44a7ed598d79dcd42cd988
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Sun Oct 4 19:01:25 2015 +0800

      target-tilegx: Implement v2sh* instructions

      It is just according to v1sh* instructions implementation.

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Message-Id: <1443956491-26850-1-git-send-email-gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 133b84c819166a6da1425a007cf44d7a96d507a4
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Thu Oct 1 12:32:52 2015 +1000

      target-tilegx: Handle nofault prefetch instructions

      These are mapped onto some of the normal load instructions, when the
      destination is the zero register.  Other load insns do fault even
      when targeting the zero register.

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 95df61e6238c79c2dc14f2bffa76abb2bd3acba7
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Wed Sep 30 05:38:40 2015 +0800

      target-tilegx: Fix a typo for mnemonic about "ld_add"

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Message-Id: <1443562720-3008-1-git-send-email-gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit a0577d2aa9bd42d5d584fa03649a166ba45c2f3d
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Sun Sep 27 14:26:04 2015 -0700

      target-tilegx: Use TILEGX_EXCP_SIGNAL instead of TILEGX_EXCP_SEGV

      Consolidate signal handling under a single exception.

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit dd8070d865ad1b32876931f812a80645f97112ff
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Sat Sep 26 13:00:35 2015 +0800

      target-tilegx: Decode ill pseudo-instructions

      Notice raise and bpt, decoding the constants embedded in the
      nop addil instruction in the x0 slot.

      [rth: Generalize TILEGX_EXCP_OPCODE_ILL to TILEGX_EXCP_SIGNAL.
      Drop validation of signal values.]

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Message-Id: <1443243635-4886-1-git-send-email-gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit bf0f60a61b92f4f9ddf09a3cf4fc41796fa42aed
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Sun Sep 27 08:10:18 2015 +0800

      linux-user/tilegx: Implement tilegx signal features

      [rth: Remove the spreg[EX1] handling, as it's irrelevant to user-mode.]

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Message-Id: <1443312618-13641-1-git-send-email-gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit de2fdd56b11f4207e6614ee2f56039ef240399f1
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Sat Sep 26 12:10:05 2015 +0800

      linux-user/syscall_defs.h: Sync the latest si_code from Linux kernel

      They content several new macro members, also contents TARGET_N*.

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Message-Id: <1443240605-2924-1-git-send-email-gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit f723287944c30f1bf230f08b4fb03d6d11a16504
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Sat Sep 26 07:42:54 2015 +0800

      target-tilegx: Let x1 pipe process bpt instruction only

      According to the related document, bpt can be only in x1 pipe.

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Message-Id: <1443224574-2718-1-git-send-email-gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 9ff5b57c219f38f025b95ebf4b593b5d4e828b53
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Wed Sep 23 10:43:48 2015 -0700

      target-tilegx: Implement complex multiply instructions

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 0b4232f10895e863b1759a93ba0d0a1b3380dc31
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Wed Sep 23 10:19:44 2015 -0700

      target-tilegx: Implement table index instructions

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit ba1fc78f65fdea9d4b14d6449514c1351ad64fa4
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Wed Sep 23 10:12:16 2015 -0700

      target-tilegx: Implement crc instructions

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 38c949ffe7497b1d833bca5f70b22c87df9bd567
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Tue Sep 22 06:26:54 2015 +0800

      target-tilegx: Implement v1multu instruction

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Reviewed-by: Richard Henderson <rth@xxxxxxxxxxx>
      Message-Id: <1442874414-3578-1-git-send-email-gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit c6876d7e1c3ff04a9b9f751f6260bf427ab8cf1a
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Tue Sep 22 06:18:38 2015 +0800

      target-tilegx: Implement v*add and v*sub instructions

      [rth: Implement everything inline; handle v1addi and v2addi as well.]

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Message-Id: <1442873918-3394-1-git-send-email-gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 0ab0a3d768a4f6ab6747b6fd936c5cf70b5069c2
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Tue Sep 22 05:47:35 2015 +0800

      target-tilegx: Implement v*shl, v*shru, and v*shrs instructions

      v2sh* are implemented with helper functions; v4sh* are implmeneted
      with inline code.

      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Message-Id: <1442872055-2836-1-git-send-email-gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 055130107683c3b199c1848a25e5e2c568230cbf
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Mon Sep 21 17:27:11 2015 -0700

      target-tilegx: Tidy simd_helper.c

      Using the V1 macro when we want to replicate a byte across
      the 8 elements of the word.  Using deposit and extract for
      manipulating specific elements.

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>

  commit 32532f215c49f005aaef942adfae34cbcc5fa678
  Author: Bharata B Rao <bharata@xxxxxxxxxxxxxxxxxx>
  Date:   Fri Jul 17 18:19:40 2015 +0530

      pc-dimm: Fail realization for invalid nodes in non-NUMA config

      pc_dimm_realize() validates the NUMA node to which memory hotplug is
      being performed only in case of NUMA configuration. Include a check to
      fail for invalid nodes in case of non-NUMA configuration too.

      Signed-off-by: Bharata B Rao <bharata@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit eed2df678574f7f17947180a01127a8ba673a226
  Merge: 5fdb467 d9f090e
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 6 16:32:16 2015 +0100

      Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20151006' 
into staging

      s390: fixes

      Some fixes all over the place:
      - ccw bios and gcc 5.1 (avoid floating point ops)
      - properly print vector registers
      - sclp and sclp-event-facility no longer hang on 
object_unref(object_new(T))
      - better name for io_subsystem_reset

      One feature
      - the gdb server now exposes several virtualization specific register

      # gpg: Signature made Tue 06 Oct 2015 11:20:24 BST using RSA key ID 
B5A61C7C
      # gpg: Good signature from "Christian Borntraeger (IBM) 
<borntraeger@xxxxxxxxxx>"

      * remotes/borntraeger/tags/s390x-20151006:
        s390x: rename io_subsystem_reset -> subsystem_reset
        s390x/info registers: print vector registers properly
        s390x: set missing parent for hotplug and quiesce events
        s390x/gdb: expose virtualization specific registers
        pc-bios/s390-ccw: avoid floating point operations

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 5fdb4671b08e0d1631447e81348b2b50a6b85bf7
  Merge: 006d5c7 dfeb867
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 6 13:42:33 2015 +0100

      Merge remote-tracking branch 'remotes/ehabkost/tags/x86-pull-request' 
into staging

      X86 queue, 2015-10-05

      # gpg: Signature made Mon 05 Oct 2015 17:04:38 BST using RSA key ID 
984DC5A6
      # gpg: Good signature from "Eduardo Habkost <ehabkost@xxxxxxxxxx>"

      * remotes/ehabkost/tags/x86-pull-request:
        icc_bus: drop the unused files
        cpu/apic: drop icc bus/bridge
        x86: use new method to correct reset sequence
        apic: move APIC's MMIO region mapping into APIC
        Correctly re-init EFER state during INIT IPI
        target-i386: add ABM to Haswell* and Broadwell* CPU models
        target-i386: get/put MSR_TSC_AUX across reset and migration
        target-i386: Make check_hw_breakpoints static
        target-i386: Move breakpoint related functions to new file
        target-i386: Convert kvm_default_*features to property/value pairs
        vl: Add another sanity check to smp_parse() function
        cpu: Introduce X86CPUTopoInfo structure for argument simplification

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 006d5c741bbfcdbedeb59e14527fe58d45c9c76b
  Merge: 7fe34ca ec6b69c
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Oct 6 12:09:56 2015 +0100

      Merge remote-tracking branch 'remotes/jnsnow/tags/ide-pull-request' into 
staging

      # gpg: Signature made Mon 05 Oct 2015 17:01:11 BST using RSA key ID 
AAFC390E
      # gpg: Good signature from "John Snow (John Huston) <jsnow@xxxxxxxxxx>"

      * remotes/jnsnow/tags/ide-pull-request:
        qtest/ide-test: ppc64be correction for ATAPI tests
        MAINTAINERS: Small IDE/FDC touchup
        qtest/ahci: fix redundant assertion

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 7fe34ca9c2e99560dc65395d599a6920624b127d
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Tue Oct 6 10:17:55 2015 +0100

      tests: vhost-user: disable unless CONFIG_VHOST_NET

      vhost-user depends on vhost-net. We should probably fix that.
      For now, let's disable the test otherwise.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 508ce5eb00070809f0d19917a1b2960dfcf5a64b
  Author: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
  Date:   Wed Sep 30 12:13:56 2015 +1000

      vfio: Allow hotplug of containers onto existing guest IOMMU mappings

      At present the memory listener used by vfio to keep host IOMMU mappings
      in sync with the guest memory image assumes that if a guest IOMMU
      appears, then it has no existing mappings.

      This may not be true if a VFIO device is hotplugged onto a guest bus
      which didn't previously include a VFIO device, and which has existing
      guest IOMMU mappings.

      Therefore, use the memory_region_register_iommu_notifier_replay()
      function in order to fix this case, replaying existing guest IOMMU
      mappings, bringing the host IOMMU into sync with the guest IOMMU.

      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>

  commit a788f227ef7bd2912fcaacdfe13d13ece2998149
  Author: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
  Date:   Wed Sep 30 12:13:55 2015 +1000

      memory: Allow replay of IOMMU mapping notifications

      When we have guest visible IOMMUs, we allow notifiers to be registered
      which will be informed of all changes to IOMMU mappings.  This is used by
      vfio to keep the host IOMMU mappings in sync with guest IOMMU mappings.

      However, unlike with a memory region listener, an iommu notifier won't be
      told about any mappings which already exist in the (guest) IOMMU at the
      time it is registered.  This can cause problems if hotplugging a VFIO
      device onto a guest bus which had existing guest IOMMU mappings, but 
didn't
      previously have an VFIO devices (and hence no host IOMMU mappings).

      This adds a memory_region_iommu_replay() function to handle this case.  It
      replays any existing mappings in an IOMMU memory region to a specified
      notifier.  Because the IOMMU memory region doesn't internally remember the
      granularity of the guest IOMMU it has a small hack where the caller must
      specify a granularity at which to replay mappings.

      If there are finer mappings in the guest IOMMU these will be reported in
      the iotlb structures passed to the notifier which it must handle (probably
      causing it to flag an error).  This isn't new - the VFIO iommu notifier
      must already handle notifications about guest IOMMU mappings too short
      for it to represent in the host IOMMU.

      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Laurent Vivier <lvivier@xxxxxxxxxx>
      Acked-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>

  commit 7a140a57c69293a2f19b045f40953a87879e8c76
  Author: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
  Date:   Wed Sep 30 12:13:54 2015 +1000

      vfio: Record host IOMMU's available IO page sizes

      Depending on the host IOMMU type we determine and record the available 
page
      sizes for IOMMU translation.  We'll need this for other validation in
      future patches.

      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Reviewed-by: Laurent Vivier <lvivier@xxxxxxxxxx>
      Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>

  commit 3898aad323475cf19127d9fc0846954d591d8e11
  Author: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
  Date:   Wed Sep 30 12:13:53 2015 +1000

      vfio: Check guest IOVA ranges against host IOMMU capabilities

      The current vfio core code assumes that the host IOMMU is capable of
      mapping any IOVA the guest wants to use to where we need.  However, real
      IOMMUs generally only support translating a certain range of IOVAs (the
      "DMA window") not a full 64-bit address space.

      The common x86 IOMMUs support a wide enough range that guests are very
      unlikely to go beyond it in practice, however the IOMMU used on IBM Power
      machines - in the default configuration - supports only a much more 
limited
      IOVA range, usually 0..2GiB.

      If the guest attempts to set up an IOVA range that the host IOMMU can't
      map, qemu won't report an error until it actually attempts to map a bad
      IOVA.  If guest RAM is being mapped directly into the IOMMU (i.e. no guest
      visible IOMMU) then this will show up very quickly.  If there is a guest
      visible IOMMU, however, the problem might not show up until much later 
when
      the guest actually attempt to DMA with an IOVA the host can't handle.

      This patch adds a test so that we will detect earlier if the guest is
      attempting to use IOVA ranges that the host IOMMU won't be able to deal
      with.

      For now, we assume that "Type1" (x86) IOMMUs can support any IOVA, this is
      incorrect, but no worse than what we have already.  We can't do better for
      now because the Type1 kernel interface doesn't tell us what IOVA range the
      IOMMU actually supports.

      For the Power "sPAPR TCE" IOMMU, however, we can retrieve the supported
      IOVA range and validate guest IOVA ranges against it, and this patch does
      so.

      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Laurent Vivier <lvivier@xxxxxxxxxx>
      Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>

  commit ac6dc3894fbb6775245565229953879a0263d27f
  Author: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
  Date:   Wed Sep 30 12:13:52 2015 +1000

      vfio: Generalize vfio_listener_region_add failure path

      If a DMA mapping operation fails in vfio_listener_region_add() it
      checks to see if we've already completed initial setup of the
      container.  If so it reports an error so the setup code can fail
      gracefully, otherwise throws a hw_error().

      There are other potential failure cases in vfio_listener_region_add()
      which could benefit from the same logic, so move it to its own
      fail: block.  Later patches can use this to extend other failure cases
      to fail as gracefully as possible under the circumstances.

      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
      Reviewed-by: Laurent Vivier <lvivier@xxxxxxxxxx>
      Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>

  commit ee0bf0e59bb1c07c0196142f2ecfd88f7f8b194e
  Author: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
  Date:   Wed Sep 30 12:13:51 2015 +1000

      vfio: Remove unneeded union from VFIOContainer

      Currently the VFIOContainer iommu_data field contains a union with
      different information for different host iommu types.  However:
         * It only actually contains information for the x86-like "Type1" iommu
         * Because we have a common listener the Type1 fields are actually used
      on all IOMMU types, including the SPAPR TCE type as well

      In fact we now have a general structure for the listener which is unlikely
      to ever need per-iommu-type information, so this patch removes the union.

      In a similar way we can unify the setup of the vfio memory listener in
      vfio_connect_container() that is currently split across a switch on iommu
      type, but is effectively the same in both cases.

      The iommu_data.release pointer was only needed as a cleanup function
      which would handle potentially different data in the union.  With the
      union gone, it too can be removed.

      Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Laurent Vivier <lvivier@xxxxxxxxxx>
      Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>

  commit a5b39cd3f647eaaaef5b648beda5cb2f387418c0
  Author: Eric Auger <eric.auger@xxxxxxxxxx>
  Date:   Mon Oct 5 12:30:12 2015 -0600

      hw/vfio/platform: do not set resamplefd for edge-sensitive IRQS

      In irqfd mode, current code attempts to set a resamplefd whatever
      the type of the IRQ. For an edge-sensitive IRQ this attempt fails
      and as a consequence, the whole irqfd setup fails and we fall back
      to the slow mode. This patch bypasses the resamplefd setting for
      non level-sentive IRQs.

      Signed-off-by: Eric Auger <eric.auger@xxxxxxxxxx>
      Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>

  commit a22313deca720e038ebc5805cf451b3a685d29ce
  Author: Eric Auger <eric.auger@xxxxxxxxxx>
  Date:   Mon Oct 5 12:30:12 2015 -0600

      hw/vfio/platform: change interrupt/unmask fields into pointer

      unmask EventNotifier might not be initialized in case of edge
      sensitive irq. Using EventNotifier pointers make life simpler to
      handle the edge-sensitive irqfd setup.

      Signed-off-by: Eric Auger <eric.auger@xxxxxxxxxx>
      Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>

  commit 58892b447f0ffcd0967bc6f1bcb40df288ebeebc
  Author: Eric Auger <eric.auger@xxxxxxxxxx>
  Date:   Mon Oct 5 12:30:12 2015 -0600

      hw/vfio/platform: irqfd setup sequence update

      With current implementation, eventfd VFIO signaling is first set up and
      then irqfd is setup, if supported and allowed.

      This start sequence causes several issues with IRQ forwarding setup
      which, if supported, is transparently attempted on irqfd setup:
      IRQ forwarding setup is likely to fail if the IRQ is detected as under
      injection into the guest (active at irqchip level or VFIO masked).

      This currently always happens because the current sequence explicitly
      VFIO-masks the IRQ before setting irqfd.

      Even if that masking were removed, we couldn't prevent the case where
      the IRQ is under injection into the guest.

      So the simpler solution is to remove this 2-step startup and directly
      attempt irqfd setup. This is what this patch does.

      Also in case the eventfd setup fails, there is no reason to go farther:
      let's abort.

      Signed-off-by: Eric Auger <eric.auger@xxxxxxxxxx>
      Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx>

  commit ec6b69ca0305ab3a3e0461aecb6f190c59a765df
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Mon Oct 5 12:00:56 2015 -0400

      qtest/ide-test: ppc64be correction for ATAPI tests

      the 16bit ide data register is LE by definition.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Message-id: 1443461938-30039-1-git-send-email-jsnow@xxxxxxxxxx

  commit aee50319873da4ed1c1d6901260c37d6236c74b5
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Mon Oct 5 12:00:56 2015 -0400

      MAINTAINERS: Small IDE/FDC touchup

      libqos/ahci and tests/fdc-test are under my purview also,
      include them in the appropriate stanzas.

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1443117055-29240-1-git-send-email-jsnow@xxxxxxxxxx

  commit 3d937150dce20cb95cbaae99b6fd48dca4261f32
  Author: John Snow <jsnow@xxxxxxxxxx>
  Date:   Mon Oct 5 12:00:55 2015 -0400

      qtest/ahci: fix redundant assertion

      Fixes https://bugs.launchpad.net/qemu/+bug/1497711

      (!ncq || (ncq && lba48)) is the same as
      (!ncq || lba48).

      The intention is simply: "If a command is NCQ,
      it must also be LBA48."

      Signed-off-by: John Snow <jsnow@xxxxxxxxxx>
      Message-id: 1442868929-17777-1-git-send-email-jsnow@xxxxxxxxxx

  commit dfeb8679db358e1f8e0ee4dd84f903d71f000378
  Author: Zhu Guihua <zhugh.fnst@xxxxxxxxxxxxxx>
  Date:   Wed Sep 16 17:19:15 2015 +0800

      icc_bus: drop the unused files

      ICC bus impl has been droped, so all icc related files are not useful
      any more; delete them.

      Signed-off-by: Zhu Guihua <zhugh.fnst@xxxxxxxxxxxxxx>
      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 46232aaacb66733d3e16dcbd0d26c32ec388801d
  Author: Chen Fan <chen.fan.fnst@xxxxxxxxxxxxxx>
  Date:   Wed Sep 16 17:19:14 2015 +0800

      cpu/apic: drop icc bus/bridge

      After CPU hotplug has been converted to BUS-less hot-plug infrastructure,
      the only function ICC bus performs is to propagate reset to LAPICs. 
However
      LAPIC could be reset by registering its reset handler after all device are
      initialized.
      Do so and drop ~30LOC of not needed anymore ICCBus related code.

      Signed-off-by: Chen Fan <chen.fan.fnst@xxxxxxxxxxxxxx>
      Signed-off-by: Zhu Guihua <zhugh.fnst@xxxxxxxxxxxxxx>
      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit ae50c55a09b8a90205972518d8129447000ae188
  Author: Zhu Guihua <zhugh.fnst@xxxxxxxxxxxxxx>
  Date:   Wed Sep 16 17:19:13 2015 +0800

      x86: use new method to correct reset sequence

      During reset some devices (such as hpet, rtc) might send IRQ to APIC
      which changes APIC's state from default one it's supposed to have
      at machine startup time.
      Fix this by resetting APIC after devices have been reset to cancel
      any changes that qemu_devices_reset() might have done to its state.

      Signed-off-by: Zhu Guihua <zhugh.fnst@xxxxxxxxxxxxxx>
      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 8d42d2d32b508484106f1c600f5cdd5496bc867e
  Author: Chen Fan <chen.fan.fnst@xxxxxxxxxxxxxx>
  Date:   Wed Sep 16 17:19:11 2015 +0800

      apic: move APIC's MMIO region mapping into APIC

      When ICC bus/bridge is removed, APIC MMIO will be left
      unmapped since it was mapped into system's address space
      indirectly by ICC bridge.
      Fix it by moving mapping into APIC code, so it would be
      possible to remove ICC bus/bridge code later.

      Signed-off-by: Chen Fan <chen.fan.fnst@xxxxxxxxxxxxxx>
      Signed-off-by: Zhu Guihua <zhugh.fnst@xxxxxxxxxxxxxx>
      Reviewed-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 2188cc52cb363433751f72b991d8fb05fc60e39d
  Author: Bill Paul <wpaul@xxxxxxxxxxxxx>
  Date:   Wed Sep 30 15:33:29 2015 -0700

      Correctly re-init EFER state during INIT IPI

      When doing a re-initialization of a CPU core, the default state is to 
_not_
      have 64-bit long mode enabled. This means the LME (long mode enable) and 
LMA
      (long mode active) bits in the EFER model-specific register should be 
cleared.

      However, the EFER state is part of the CPU environment which is
      preserved by do_cpu_init(), so if EFER.LME and EFER.LMA were set at the
      time an INIT IPI was received, they will remain set after the init 
completes.

      This is contrary to what the Intel architecture manual describes and what
      happens on real hardware, and it leaves the CPU in a weird state that the
      guest can't clear.

      To fix this, the 'efer' member of the CPUX86State structure has been moved
      to an area outside the region preserved by do_cpu_init(), so that it can
      be properly re-initialized by x86_cpu_reset().

      Signed-off-by: Bill Paul <wpaul@xxxxxxxxxxxxx>
      CC: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      CC: Richard Henderson <rth@xxxxxxxxxxx>
      CC: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit becb66673ec30cb604926d247ab9449a60ad8b11
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Sep 28 14:00:18 2015 +0200

      target-i386: add ABM to Haswell* and Broadwell* CPU models

      ABM is only implemented as a single instruction set by AMD; all AMD
      processors support both instructions or neither. Intel considers POPCNT
      as part of SSE4.2, and LZCNT as part of BMI1, but Intel also uses AMD's
      ABM flag to indicate support for both POPCNT and LZCNT.  It has to be
      added to Haswell and Broadwell because Haswell, by adding LZCNT, has
      completed the ABM.

      Tested with "qemu-kvm -cpu Haswell-noTSX,enforce" (and also with older
      machine types) on an Haswell-EP machine.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit c9b8f6b6210847b4381c5b2ee172b1c7eb9985d6
  Author: Amit Shah <amit.shah@xxxxxxxxxx>
  Date:   Wed Sep 23 11:57:33 2015 +0530

      target-i386: get/put MSR_TSC_AUX across reset and migration

      There's one report of migration breaking due to missing MSR_TSC_AUX
      save/restore.  Fix this by adding a new subsection that saves the state
      of this MSR.

      https://bugzilla.redhat.com/show_bug.cgi?id=1261797

      Reported-by: Xiaoqing Wei <xwei@xxxxxxxxxx>
      Signed-off-by: Amit Shah <amit.shah@xxxxxxxxxx>
      CC: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      CC: Juan Quintela <quintela@xxxxxxxxxx>
      CC: "Dr. David Alan Gilbert" <dgilbert@xxxxxxxxxx>
      CC: Marcelo Tosatti <mtosatti@xxxxxxxxxx>
      CC: Richard Henderson <rth@xxxxxxxxxxx>
      CC: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Reviewed-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit dd941cdcfec536aad6a310a153778142ed9f3e92
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Sep 15 11:45:07 2015 -0700

      target-i386: Make check_hw_breakpoints static

      The function is now only used from within a single file.

      Reviewed-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit ba4b5c65a98ea91dc3b13e42dd9404808c999dda
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue Sep 15 11:45:06 2015 -0700

      target-i386: Move breakpoint related functions to new file

      Reviewed-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit 5114e8422201190c3e2e1a4d77e38ad70cf001d2
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Fri Sep 11 12:40:27 2015 -0300

      target-i386: Convert kvm_default_*features to property/value pairs

      Convert the kvm_default_features and kvm_default_unset_features arrays
      into a simple list of property/value pairs that will be applied to
      X86CPU objects when using KVM.

      Acked-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit a32ef3bfc12c8d0588f43f74dcc5280885bbdb30
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Wed Jul 22 15:59:50 2015 +0200

      vl: Add another sanity check to smp_parse() function

      The code in smp_parse already checks the topology information for
      sockets * cores * threads < cpus and bails out with an error in
      that case. However, it is still possible to supply a bad configuration
      the other way round, e.g. with:

       qemu-system-xxx -smp 4,sockets=1,cores=4,threads=2

      QEMU then still starts the guest, with topology configuration that
      is rather incomprehensible and likely not what the user wanted.
      So let's add another check to refuse such wrong configurations.

      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Reviewed-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Acked-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Acked-by: Bastian Koppelmann <kbastian@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit ed256144cd6f0ca2ff59fc3fc8dca547506f433b
  Author: Chen Fan <chen.fan.fnst@xxxxxxxxxxxxxx>
  Date:   Fri Aug 21 17:34:45 2015 +0800

      cpu: Introduce X86CPUTopoInfo structure for argument simplification

      In order to simplify arguments of function, introduce a new struct
      named X86CPUTopoInfo.

      Signed-off-by: Chen Fan <chen.fan.fnst@xxxxxxxxxxxxxx>
      Signed-off-by: Zhu Guihua <zhugh.fnst@xxxxxxxxxxxxxx>
      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>

  commit c0b520dfb8890294a9f8879f4759172900585995
  Merge: 945507d 6fdac09
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 2 16:59:21 2015 +0100

      Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

      virtio,pc features, fixes

      New features:
          guest RAM buffer overrun mitigation
          RAM physical address gaps for memory hotplug
          (except refactoring which got some review comments)

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

      # gpg: Signature made Fri 02 Oct 2015 15:04:56 BST using RSA key ID 
D28D5469
      # gpg: Good signature from "Michael S. Tsirkin <mst@xxxxxxxxxx>"
      # gpg:                 aka "Michael S. Tsirkin <mst@xxxxxxxxxx>"

      * remotes/mst/tags/for_upstream:
        vhost-user-test: fix predictable filename on tmpfs
        vhost-user-test: use tmpfs by default
        pc: memhp: force gaps between DIMM's GPA
        memhp: extend address auto assignment to support gaps
        vhost-user: unit test for new messages
        vhost-user-test: do not reinvent glib-compat.h
        virtio: Notice when the system doesn't support MSIx at all
        pc: Add a comment explaining why pc_compat_2_4() doesn't exist
        exec: allocate PROT_NONE pages on top of RAM
        oslib: allocate PROT_NONE pages on top of RAM
        oslib: rework anonimous RAM allocation
        virtio-net: correctly drop truncated packets
        virtio: introduce virtqueue_discard()
        virtio: introduce virtqueue_unmap_sg()

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 945507d6bcde334f42b00cae134b4d47301d1821
  Merge: 37dd86a 86abac0
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 2 16:04:25 2015 +0100

      Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20151002' 
into staging

      First set of Linux-user que patches for 2.5

      # gpg: Signature made Fri 02 Oct 2015 13:38:00 BST using RSA key ID 
DE3C9BC0
      # gpg: Good signature from "Riku Voipio <riku.voipio@xxxxxx>"
      # gpg:                 aka "Riku Voipio <riku.voipio@xxxxxxxxxx>"

      * remotes/riku/tags/pull-linux-user-20151002:
        linux-user: assert that target_mprotect cannot fail
        linux-user/signal.c: Use setup_rt_frame() instead of setup_frame() for 
target openrisc
        linux-user/syscall.c: Add EAGAIN to host_to_target_errno_table for
        linux-user: add name_to_handle_at/open_by_handle_at
        linux-user: Return target error number in do_fork()
        linux-user: fix cmsg conversion in case of multiple headers
        linux-user: remove MAX_ARG_PAGES limit
        linux-user: remove unused image_info members
        linux-user: Treat --foo options the same as -foo
        linux-user: use EXIT_SUCCESS and EXIT_FAILURE
        linux-user: Add proper error messages for bad options
        linux-user: Add -help
        linux-user: Exit 0 when -h is used

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 6fdac09370530be0cc6fe9e8d425c0670ba994b1
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Thu Oct 1 15:50:52 2015 +0300

      vhost-user-test: fix predictable filename on tmpfs

      vhost-user-test uses getpid to create a unique filename. This name is
      predictable, and a security problem.  Instead, use a tmp directory
      created by mkdtemp, which is a suggested best practice.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit 1b7e1e3b463a6e5c117498b192cb07603c04b668
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Wed Sep 30 18:01:21 2015 +0300

      vhost-user-test: use tmpfs by default

      Most people don't run make check by default, so they skip vhost-user
      unit tests.  Solve this by using tmpfs instead, unless hugetlbfs is
      specified (using an environment variable).

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit aa8580cddf011e8cedcf87f7a0fdea7549fc4704
  Author: Igor Mammedov <imammedo@xxxxxxxxxx>
  Date:   Tue Sep 29 16:53:29 2015 +0200

      pc: memhp: force gaps between DIMM's GPA

      mapping DIMMs non contiguously allows to workaround
      virtio bug reported earlier:
      http://lists.nongnu.org/archive/html/qemu-devel/2015-08/msg00522.html
      in this case guest kernel doesn't allocate buffers
      that can cross DIMM boundary keeping each buffer
      local to a DIMM.

      Suggested-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Acked-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit df0acded19ec4b826aa095cfc19d341bd66fafd3
  Author: Igor Mammedov <imammedo@xxxxxxxxxx>
  Date:   Tue Sep 29 16:53:28 2015 +0200

      memhp: extend address auto assignment to support gaps

      setting gap to TRUE will make sparse DIMM
      address auto allocation, leaving gaps between
      a new DIMM address and preceeding existing DIMM.

      Signed-off-by: Igor Mammedov <imammedo@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 8a9b6b37dabf00388e8069a2f5c0f659626693b3
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Thu Sep 24 18:22:01 2015 +0200

      vhost-user: unit test for new messages

      Data is empty for now, but do make sure master
      sets the new feature bit flag.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit ca06d9cc6691e23b6d02e07b44ea549aeac60151
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Tue Sep 29 14:12:03 2015 +0200

      vhost-user-test: do not reinvent glib-compat.h

      glib-compat.h has the gunk to support both old-style and new-style
      gthread functions.  Use it instead of reinventing it.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
      Tested-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>

  commit 37dd86a44cc4298f58ac370e0190b069469b6d25
  Merge: ff770b0 73ba05d
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 2 14:47:10 2015 +0100

      Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into 
staging

      Block layer patches

      # gpg: Signature made Fri 02 Oct 2015 12:49:13 BST using RSA key ID 
C88F2FD6
      # gpg: Good signature from "Kevin Wolf <kwolf@xxxxxxxxxx>"

      * remotes/kevin/tags/for-upstream:
        block/raw-posix: Open file descriptor O_RDWR to work around glibc 
posix_fallocate emulation issue.
        block: disable I/O limits at the beginning of bdrv_close()
        iotests: Fix test 128 for password-less sudo
        tests: Fix test 049 fallout from improved HMP error messages
        raw-win32: Fix write request error handling

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 73ba05d936e82fe01b2b2cf987bf3aecb4792af5
  Author: Richard W.M. Jones <rjones@xxxxxxxxxx>
  Date:   Tue Sep 29 16:54:10 2015 +0100

      block/raw-posix: Open file descriptor O_RDWR to work around glibc 
posix_fallocate emulation issue.

        https://bugzilla.redhat.com/show_bug.cgi?id=1265196

      The following command fails on an NFS mountpoint:

        $ qemu-img create -f qcow2 -o preallocation=falloc disk.img 262144
        Formatting 'disk.img', fmt=qcow2 size=262144 encryption=off 
cluster_size=65536 preallocation='falloc' lazy_refcounts=off
        qemu-img: disk.img: Could not preallocate data for the new file: Bad 
file descriptor

      The reason turns out to be because NFS doesn't support the
      posix_fallocate call.  glibc emulates it instead.  However glibc's
      emulation involves using the pread(2) syscall.  The pread syscall
      fails with EBADF if the file descriptor is opened without the read
      open-flag (ie. open (..., O_WRONLY)).

      I contacted glibc upstream about this, and their response is here:

        https://bugzilla.redhat.com/show_bug.cgi?id=1265196#c9

      There are two possible fixes: Use Linux fallocate directly, or (this
      fix) work around the problem in qemu by opening the file with O_RDWR
      instead of O_WRONLY.

      Signed-off-by: Richard W.M. Jones <rjones@xxxxxxxxxx>
      BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1265196
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 99b7e7756780cec03fe5175db0f53b2fffa9426b
  Author: Alberto Garcia <berto@xxxxxxxxxx>
  Date:   Fri Sep 25 16:41:44 2015 +0300

      block: disable I/O limits at the beginning of bdrv_close()

      Disabling I/O limits from a BDS also drains all pending throttled
      requests, so it should be done at the beginning of bdrv_close() with
      the rest of the bdrv_drain() calls before the BlockDriver is closed.

      Signed-off-by: Alberto Garcia <berto@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit bb3c801df7ed454b663312326bc29c8b9c2e4de6
  Author: Max Reitz <mreitz@xxxxxxxxxx>
  Date:   Fri Sep 25 19:19:24 2015 +0200

      iotests: Fix test 128 for password-less sudo

      As of 934659c460d46c948cf348822fda1d38556ed9a4, $QEMU_IO is generally no
      longer a program name, and therefore "sudo -n $QEMU_IO" will no longer
      work.

      Fix this by copying the qemu-io invocation function from common.config,
      making it use $sudo for invoking $QEMU_IO_PROG, and then use that
      function instead of $QEMU_IO.

      Reported-by: Fam Zheng <famz@xxxxxxxxxx>
      Signed-off-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 552bb52c4bf199ae9c038570187749b93c91310a
  Author: Eric Blake <eblake@xxxxxxxxxx>
  Date:   Tue Sep 22 17:15:52 2015 -0600

      tests: Fix test 049 fallout from improved HMP error messages

      Commit 50b7b000 improved HMP error messages, but forgot to update
      qemu-iotests to match.

      Reported-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Signed-off-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
      Reviewed-by: Alberto Garcia <berto@xxxxxxxxxx>
      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>

  commit 5d555030ba10ef3be12cd75a121a7cd5f6ef9bd2
  Author: Kevin Wolf <kwolf@xxxxxxxxxx>
  Date:   Wed Sep 23 14:58:21 2015 +0200

      raw-win32: Fix write request error handling

      aio_worker() wrote the return code to the wrong variable.

      Signed-off-by: Kevin Wolf <kwolf@xxxxxxxxxx>
      Tested-by: Guangmu Zhu <guangmuzhu@xxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>

  commit d9f090ec7794d433b8f222ae8c8f95601369a4a5
  Author: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 1 10:49:47 2015 +0200

      s390x: rename io_subsystem_reset -> subsystem_reset

      According to the Pop:
      "Subsystem reset operates only on those elements in the configuration
      which are not CPUs".

      As this is what we actually do, let's simply rename the function.

      Acked-by: Cornelia Huck <cornelia.huck@xxxxxxxxxx>
      Signed-off-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jens Freimann <jfrei@xxxxxxxxxxxxxxxxxx>
      Message-Id: <1443689387-34473-6-git-send-email-jfrei@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>

  commit a6085fab3b6b9f0f9d636170b7d7bd31172b5038
  Author: Christian Borntraeger <borntraeger@xxxxxxxxxx>
  Date:   Thu Oct 1 10:49:46 2015 +0200

      s390x/info registers: print vector registers properly

      We want

      F12=0000000000000000 F13=0000000000000000 F14=0000000000000000 
F15=0000000000000000
      V00=00000000000000000000000000000000 V01=00000000000000000000000000000000

      instead of
      F12=0000000000000000 F13=0000000000000000 F14=0000000000000000 
F15=0000000000000000
      V00=00000000000000000000000000000000
      V01=00000000000000000000000000000000 V02=00000000000000000000000000000000

      Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Signed-off-by: Jens Freimann <jfrei@xxxxxxxxxxxxxxxxxx>
      Message-Id: <1443689387-34473-5-git-send-email-jfrei@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>

  commit 7059384c7e27d68c502d8636eb711873a9a6a597
  Author: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 1 10:49:45 2015 +0200

      s390x: set missing parent for hotplug and quiesce events

      Existing code missed to set a parent for the quiesce and hotplug event.
      While this didn't matter in practise, new introspection APIs basically now
      do an object_unref(object_new(T)), which loops forever.

      When trying to remove the event facility bus, the code tries to
      unparent all childs on the bus, so they are properly deleted and 
therefore removed.
      As object_unparent() on these child devices doesn't work, as there is no 
parent,
      we loop forever.

      Let's fix this by adding the event facility as a parent. Also switch from
      object_initialize to object_new, so the only valid reference is in fact 
the
      parent property. This makes it more obvious when the device (state) is 
actually
      gone (and how the reference counting works).

      Signed-off-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jens Freimann <jfrei@xxxxxxxxxxxxxxxxxx>
      Message-Id: <1443689387-34473-4-git-send-email-jfrei@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>

  commit 8a641ff60f38799a10ed44a7c5bddd386bc169ed
  Author: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 1 10:49:44 2015 +0200

      s390x/gdb: expose virtualization specific registers

      Let's expose some virtual/fake registers as virtualization specific
      registers.

      Signed-off-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jens Freimann <jfrei@xxxxxxxxxxxxxxxxxx>
      Message-Id: <1443689387-34473-3-git-send-email-jfrei@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>

  commit af3c15fee54e841d859d003b90a88042daf6cd7a
  Author: Christian Borntraeger <borntraeger@xxxxxxxxxx>
  Date:   Thu Oct 1 10:49:43 2015 +0200

      pc-bios/s390-ccw: avoid floating point operations

      Some gcc versions (e.g. Fedora 22 gcc 5.1.1) seem to use floating
      point registers for spilling and filling of general purpose registers.
      As the BIOS does not activate the AFP register setting of CR0 this can
      cause data exception program checks.
      Disallow floating point in the BIOS as a simple solution.

      Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
      Reviewed-by: David Hildenbrand <dahi@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Jens Freimann <jfrei@xxxxxxxxxxxxxxxxxx>
      Message-Id: <1443689387-34473-2-git-send-email-jfrei@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>

  commit ff770b07f34d28b79013a83989bd6c85f8f16b2f
  Merge: 5250ced 5279efe
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Oct 2 11:01:18 2015 +0100

      Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into 
staging

      # gpg: Signature made Thu 01 Oct 2015 20:02:33 BST using RSA key ID 
C0DE3057
      # gpg: Good signature from "Jeffrey Cody <jcody@xxxxxxxxxx>"
      # gpg:                 aka "Jeffrey Cody <jeff@xxxxxxxxxxxxx>"
      # gpg:                 aka "Jeffrey Cody <codyprime@xxxxxxxxx>"

      * remotes/cody/tags/block-pull-request:
        block: mirror - fix full sync mode when target does not support zero 
init

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 5250ced83173c9534b4a2723b7a50b67b7c7a6ee
  Author: Alistair Francis <alistair.francis@xxxxxxxxxx>
  Date:   Thu Jul 23 08:13:56 2015 -0700

      target-microblaze: Set the PC in reset instead of realize

      Set the Microblaze CPU PC in the reset instead of setting it
      in the realize. This is required as the PC is zeroed in the
      reset function and causes problems in some situations.

      Signed-off-by: Alistair Francis <alistair.francis@xxxxxxxxxx>
      Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>

  commit c8667283a070d810f7917d69ea84209475c6e75e
  Author: Stefan Weil <sw@xxxxxxxxxxx>
  Date:   Fri Sep 25 22:45:53 2015 +0200

      disas/cris: Fix typo in comment

      Signed-off-by: Stefan Weil <sw@xxxxxxxxxxx>
      Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>
      Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxxxxx>

  commit 5279efebcf8f8fbf2ed2feed63cdb9d375c7cd07
  Author: Jeff Cody <jcody@xxxxxxxxxx>
  Date:   Thu Oct 1 00:06:37 2015 -0400

      block: mirror - fix full sync mode when target does not support zero init

      During mirror, if the target device does not support zero init, a
      mirror may result in a corrupted image for sync="full" mode.

      This is due to how the initial dirty bitmap is set up prior to copying
      data - we did not mark sectors as dirty that are unallocated.  This
      means those unallocated sectors are skipped over on the target, and for
      a device without zero init, invalid data may reside in those holes.

      If both of the following conditions are true, then we will explicitly
      mark all sectors as dirty:

          1.) sync = "full"
          2.) bdrv_has_zero_init(target) == false

      If the target does support zero init, but a target image is passed in
      with data already present (i.e. an "existing" image), it is assumed the
      data present in the existing image is valid data for those sectors.

      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Message-id: 
91ed4bc5bda7e2b09eb508b07c83f4071fe0b3c9.1443705220.git.jcody@xxxxxxxxxx
      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>

  commit 0d583647a7fc73f621eeb64ed703556c4bbebfcc
  Author: Richard Henderson <rth@xxxxxxxxxxx>
  Date:   Tue May 19 13:29:51 2015 -0700

      virtio: Notice when the system doesn't support MSIx at all

      And do not issue an error_report in that case.

      Signed-off-by: Richard Henderson <rth@xxxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 798595075bf51c7e3125d260a19d860b9aa63e69
  Author: Eduardo Habkost <ehabkost@xxxxxxxxxx>
  Date:   Mon Sep 28 15:07:21 2015 -0300

      pc: Add a comment explaining why pc_compat_2_4() doesn't exist

      pc_compat_2_4() doesn't exist, and we shouldn't create one. Add a
      comment explaining why the function doesn't exist and why pc_compat_*()
      functions are deprecated.

      Signed-off-by: Eduardo Habkost <ehabkost@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 8561c9244ddf1122dfe7ccac9b23f506062f1499
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Thu Sep 10 16:41:17 2015 +0300

      exec: allocate PROT_NONE pages on top of RAM

      This inserts a read and write protected page between RAM and QEMU
      memory, for file-backend RAM.
      This makes it harder to exploit QEMU bugs resulting from buffer
      overflows in devices using variants of cpu_physical_memory_map,
      dma_memory_map etc.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Acked-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 9fac18f03a9040b67ec38e14d3e1ed34db9c7e06
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Thu Sep 10 16:41:17 2015 +0300

      oslib: allocate PROT_NONE pages on top of RAM

      This inserts a read and write protected page between RAM and QEMU
      memory. This makes it harder to exploit QEMU bugs resulting from buffer
      overflows in devices using variants of cpu_physical_memory_map,
      dma_memory_map etc.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Acked-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit c2dfc5ba3fb3a1b7278c99bfd3bf350202169434
  Author: Michael S. Tsirkin <mst@xxxxxxxxxx>
  Date:   Thu Sep 10 16:36:51 2015 +0300

      oslib: rework anonimous RAM allocation

      At the moment we first allocate RAM, sometimes more than necessary for
      alignment reasons.  We then free the extra RAM.

      Rework this to avoid the temporary allocation: reserve the
      range by mapping it with PROT_NONE, then use just the
      necessary range with MAP_FIXED.

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Acked-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 0cf33fb6b49a19de32859e2cdc6021334f448fb3
  Author: Jason Wang <jasowang@xxxxxxxxxx>
  Date:   Fri Sep 25 13:21:30 2015 +0800

      virtio-net: correctly drop truncated packets

      When packet is truncated during receiving, we drop the packets but
      neither discard the descriptor nor add and signal used
      descriptor. This will lead several issues:

      - sg mappings are leaked
      - rx will be stalled if a lots of packets were truncated

      In order to be consistent with vhost, fix by discarding the descriptor
      in this case.

      Cc: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit 29b9f5efd78ae0f9cc02dd169b6e80d2c404bade
  Author: Jason Wang <jasowang@xxxxxxxxxx>
  Date:   Fri Sep 25 13:21:29 2015 +0800

      virtio: introduce virtqueue_discard()

      This patch introduces virtqueue_discard() to discard a descriptor and
      unmap the sgs. This will be used by the patch that will discard
      descriptor when packet is truncated.

      Cc: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit ce317461573bac12b10d67699b4ddf1f97cf066c
  Author: Jason Wang <jasowang@xxxxxxxxxx>
  Date:   Fri Sep 25 13:21:28 2015 +0800

      virtio: introduce virtqueue_unmap_sg()

      Factor out sg unmapping logic. This will be reused by the patch that
      can discard descriptor.

      Cc: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Cc: Andrew James <andrew.james@xxxxxxx>
      Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx>
      Reviewed-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

  commit fa500928ad9da6dd570918e3dfca13c029af07a8
  Merge: b2312c6 dc32562
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Thu Oct 1 10:49:38 2015 +0100

      Merge remote-tracking branch 
'remotes/juanquintela/tags/migration/20150930' into staging

      migration/next for 20150930

      # gpg: Signature made Wed 30 Sep 2015 09:24:02 BST using RSA key ID 
5872D723
      # gpg: Good signature from "Juan Quintela <quintela@xxxxxxxxxx>"
      # gpg:                 aka "Juan Quintela <quintela@xxxxxxxxxx>"

      * remotes/juanquintela/tags/migration/20150930:
        migration: Disambiguate MAX_THROTTLE
        qmp/hmp: Add throttle ratio to query-migrate and info migrate
        migration: Dynamic cpu throttling for auto-converge
        migration: Parameters for auto-converge cpu throttling
        cpu: Provide vcpu throttling interface
        migration: yet more possible state transitions

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 86abac06c142d20772b3f2e04c9bf02b7936a0b3
  Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
  Date:   Mon Sep 14 12:31:44 2015 +0200

      linux-user: assert that target_mprotect cannot fail

      All error conditions that target_mprotect checks are also checked
      by target_mmap.  EACCESS cannot happen because we are just removing
      PROT_WRITE.  ENOMEM should not happen because we are modifying a
      whole VMA (and we have bigger problems anyway if it happens).

      Fixes a Coverity false positive, where Coverity complains about
      target_mprotect's return value being passed to tb_invalidate_phys_range.

      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Signed-off-by: Riku Voipio <riku.voipio@xxxxxxxxxx>

  commit d0924a26d8f37ab95fdef99f6850b93e9af3ffb2
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Sat Sep 12 23:32:30 2015 +0800

      linux-user/signal.c: Use setup_rt_frame() instead of setup_frame() for 
target openrisc

      qemu has already considered about some targets may have no traditional
      signals. And openrisc's setup_frame() is dummy, but it can be supported
      by setup_rt_frame().

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Riku Voipio <riku.voipio@xxxxxxxxxx>

  commit dc3256272cf70b2152279b013a8abb16e0f6fe96
  Author: Jason J. Herne <jjherne@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Sep 8 13:12:37 2015 -0400

      migration: Disambiguate MAX_THROTTLE

      Migration has a define for MAX_THROTTLE. Update comment to clarify that 
this is
      used for throttling transfer speed. Hopefully this will prevent it from 
being
      confused with a guest cpu throttling entity.

      Signed-off-by: Jason J. Herne <jjherne@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 4782893e099cde24c0b10a48d0412eea575ddcb3
  Author: Jason J. Herne <jjherne@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Sep 8 13:12:36 2015 -0400

      qmp/hmp: Add throttle ratio to query-migrate and info migrate

      Report throttle percentage in info migrate and query-migrate responses 
when
      cpu throttling is active.

      Signed-off-by: Jason J. Herne <jjherne@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 070afca258f973c704dcadf2769aa1ca921209a1
  Author: Jason J. Herne <jjherne@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Sep 8 13:12:35 2015 -0400

      migration: Dynamic cpu throttling for auto-converge

      Remove traditional auto-converge static 30ms throttling code and replace 
it
      with a dynamic throttling algorithm.

      Additionally, be more aggressive when deciding when to start throttling.
      Previously we waited until four unproductive memory passes. Now we begin
      throttling after only two unproductive memory passes. Four seemed quite
      arbitrary and only waiting for two passes allows us to complete the 
migration
      faster.

      Signed-off-by: Jason J. Herne <jjherne@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Matthew Rosato <mjrosato@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 1626fee3bdbb295d5e8aff800f7621357bb376d6
  Author: Jason J. Herne <jjherne@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Sep 8 13:12:34 2015 -0400

      migration: Parameters for auto-converge cpu throttling

      Add migration parameters to allow the user to adjust the parameters
      that control cpu throttling when auto-converge is in effect. The added
      parameters are as follows:

      x-cpu-throttle-initial : Initial percantage of time guest cpus are 
throttled
      when migration auto-converge is activated.

      x-cpu-throttle-increment: throttle percantage increase each time
      auto-converge detects that migration is not making progress.

      Signed-off-by: Jason J. Herne <jjherne@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 2adcc85d407c1ab985f5abed808c78dbb84f4773
  Author: Jason J. Herne <jjherne@xxxxxxxxxxxxxxxxxx>
  Date:   Tue Sep 8 13:12:33 2015 -0400

      cpu: Provide vcpu throttling interface

      Provide a method to throttle guest cpu execution. CPUState is augmented 
with
      timeout controls and throttle start/stop functions. To throttle the guest 
cpu
      the caller simply has to call the throttle set function and provide a 
percentage
      of throttle time.

      Signed-off-by: Jason J. Herne <jjherne@xxxxxxxxxxxxxxxxxx>
      Reviewed-by: Matthew Rosato <mjrosato@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit 2a6e6e59dfdeb0b98e744eb8f110a236f26a3ea4
  Author: Juan Quintela <quintela@xxxxxxxxxx>
  Date:   Tue Jul 28 15:28:28 2015 +0200

      migration: yet more possible state transitions

      On destination, we move from INMIGRATE to FINISH_MIGRATE.  Add that to
      the list of allowed states.

      Signed-off-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>

  commit b2312c680084ea18cd55fa7093397cad2224ec14
  Merge: 6996a00 b9e6092
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Tue Sep 29 12:41:19 2015 +0100

      Merge remote-tracking branch 
'remotes/amit-migration/tags/for-juan-201509' into staging

      Migration queue

      # gpg: Signature made Tue 29 Sep 2015 07:13:55 BST using RSA key ID 
854083B6
      # gpg: Good signature from "Amit Shah <amit@xxxxxxxxxxxx>"
      # gpg:                 aka "Amit Shah <amit@xxxxxxxxxx>"
      # gpg:                 aka "Amit Shah <amitshah@xxxxxxx>"

      * remotes/amit-migration/tags/for-juan-201509:
        ram_find_and_save_block: Split out the finding
        Move dirty page search state into separate structure
        migration: Use g_new() & friends where that makes obvious sense
        migration: qemu-file more size_t'ifying
        migration: size_t'ify some of qemu-file
        Init page sizes in qtest
        Split out end of migration code from migration_thread
        migration/ram.c: Use RAMBlock rather than MemoryRegion
        vmstate: Remove redefinition of VMSTATE_UINT32_ARRAY

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit b9e6092814735853cc1149e2e68245b09f621306
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Wed Sep 23 15:27:11 2015 +0100

      ram_find_and_save_block: Split out the finding

      Split out the finding of the dirty page and all the wrap detection
      into a separate function since it was getting a bit hairy.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Message-Id: <1443018431-11170-3-git-send-email-dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>

      [Fix comment -- Amit]
      Signed-off-by: Amit Shah <amit.shah@xxxxxxxxxx>

  commit b8fb8cb748497aa070304eec27b03edd3b05373d
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Wed Sep 23 15:27:10 2015 +0100

      Move dirty page search state into separate structure

      Pull the search state for one iteration of the dirty page
      search into a structure.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Message-Id: <1443018431-11170-2-git-send-email-dgilbert@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Amit Shah <amit.shah@xxxxxxxxxx>

  commit 97f3ad35517e0d02c0149637d1bb10713c52b057
  Author: Markus Armbruster <armbru@xxxxxxxxxx>
  Date:   Mon Sep 14 13:51:31 2015 +0200

      migration: Use g_new() & friends where that makes obvious sense

      g_new(T, n) is neater than g_malloc(sizeof(T) * n).  It's also safer,
      for two reasons.  One, it catches multiplication overflowing size_t.
      Two, it returns T * rather than void *, which lets the compiler catch
      more type errors.

      This commit only touches allocations with size arguments of the form
      sizeof(T).  Same Coccinelle semantic patch as in commit b45c03f.

      Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
      Message-Id: <1442231491-23352-1-git-send-email-armbru@xxxxxxxxxx>
      Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
      Reviewed-by: zhanghailiang <zhang.zhanghailiang@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Amit Shah <amit.shah@xxxxxxxxxx>

  commit 56f3835ff1e70df97f843f4a27abdff6b4a2ae77
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Aug 13 11:51:34 2015 +0100

      migration: qemu-file more size_t'ifying

      This time convert the external functions:
        qemu_get_buffer, qemu_peek_buffer
        qemu_put_buffer and qemu_put_buffer_async

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Message-Id: <1439463094-5394-6-git-send-email-dgilbert@xxxxxxxxxx>
      Reviewed-by: zhanghailiang <zhang.zhanghailiang@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Amit Shah <amit.shah@xxxxxxxxxx>

  commit a202a4c001fd35b50d99abcc329bc9e666eb8eed
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Aug 13 11:51:33 2015 +0100

      migration: size_t'ify some of qemu-file

      This is a start on using size_t more in qemu-file and friends;
      it fixes up QEMUFilePutBufferFunc and QEMUFileGetBufferFunc
      to take size_t lengths and return ssize_t return values (like read(2))
      and fixes up all the different implementations of them.

      Note that I've not yet followed this deeply into bdrv_ implementations.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Message-Id: <1439463094-5394-5-git-send-email-dgilbert@xxxxxxxxxx>
      Reviewed-by: zhanghailiang <zhang.zhanghailiang@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Amit Shah <amit.shah@xxxxxxxxxx>

  commit c50766f5a99ef7bf6c9a86cd07341c389faf7ae6
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Aug 13 11:51:32 2015 +0100

      Init page sizes in qtest

      One of my patches used a loop that was based on host page size;
      it dies in qtest since qtest hadn't bothered init'ing it.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Reviewed-by: Juan Quintela <quintela@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Message-Id: <1439463094-5394-4-git-send-email-dgilbert@xxxxxxxxxx>
      Signed-off-by: Amit Shah <amit.shah@xxxxxxxxxx>

  commit 09f6c85e39ee9e57bd245adbe6f400d387061707
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Aug 13 11:51:31 2015 +0100

      Split out end of migration code from migration_thread

      The code that gets run at the end of the migration process
      is getting large, and I'm about to add more for postcopy.
      Split it into a separate function.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Message-Id: <1439463094-5394-3-git-send-email-dgilbert@xxxxxxxxxx>
      Reviewed-by: zhanghailiang <zhang.zhanghailiang@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Amit Shah <amit.shah@xxxxxxxxxx>

  commit 2f68e39956b7504f6669671fd95b70859afc340d
  Author: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
  Date:   Thu Aug 13 11:51:30 2015 +0100

      migration/ram.c: Use RAMBlock rather than MemoryRegion

      RAM migration mainly works on RAMBlocks but in a few places
      uses data from MemoryRegions to access the same information that's
      already held in RAMBlocks; clean it up just to avoid the
      MemoryRegion use.

      Signed-off-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
      Message-Id: <1439463094-5394-2-git-send-email-dgilbert@xxxxxxxxxx>
      Acked-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Amit Shah <amit.shah@xxxxxxxxxx>

  commit eb5c936e81e2e292ceefec9b6628862599f71c17
  Author: Soren Brinkmann <soren.brinkmann@xxxxxxxxxx>
  Date:   Thu Aug 13 23:16:27 2015 -0700

      vmstate: Remove redefinition of VMSTATE_UINT32_ARRAY

      The macro is defined twice in identical ways.

      Signed-off-by: Soren Brinkmann <soren.brinkmann@xxxxxxxxxx>
      Message-Id: <1439532987-16335-1-git-send-email-soren.brinkmann@xxxxxxxxxx>
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Reviewed-by: Amit Shah <amit.shah@xxxxxxxxxx>
      Signed-off-by: Amit Shah <amit.shah@xxxxxxxxxx>

  commit 08703b9f7bcd7ca2152d51a4c8893d26f1dc28de
  Author: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
  Date:   Mon Sep 7 10:35:06 2015 +0800

      linux-user/syscall.c: Add EAGAIN to host_to_target_errno_table for

      Under Alpha host, EAGAIN is redefined to 35, so it need be remapped too.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Chen Gang <gang.chen.5i5j@xxxxxxxxx>
      Signed-off-by: Riku Voipio <riku.voipio@xxxxxxxxxx>

  commit 0f0426f343886fb5c9f137c2830f35cc2dae7327
  Author: Laurent Vivier <laurent@xxxxxxxxx>
  Date:   Tue Sep 1 22:27:33 2015 +0200

      linux-user: add name_to_handle_at/open_by_handle_at

      This patch allows to run example given by open_by_handle_at(2):

            The following shell session demonstrates the use of these two 
programs:

                 $ echo 'Can you please think about it?' > cecilia.txt
                 $ ./t_name_to_handle_at cecilia.txt > fh
                 $ ./t_open_by_handle_at < fh
                 open_by_handle_at: Operation not permitted
                 $ sudo ./t_open_by_handle_at < fh      # Need CAP_SYS_ADMIN
                 Read 31 bytes
                 $ rm cecilia.txt

             Now  we delete and (quickly) re-create the file so that it has the 
same
             content and (by chance) the  same  inode.[...]

                 $ stat --printf="%i\n" cecilia.txt     # Display inode number
                 4072121
                 $ rm cecilia.txt
                 $ echo 'Can you please think about it?' > cecilia.txt
                 $ stat --printf="%i\n" cecilia.txt     # Check inode number
                 4072121
                 $ sudo ./t_open_by_handle_at < fh
                 open_by_handle_at: Stale NFS file handle

      See the man page for source code.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Laurent Vivier <laurent@xxxxxxxxx>
      Signed-off-by: Riku Voipio <riku.voipio@xxxxxxxxxx>

  commit 93b4eff80af9822e4b726dcf21ee61538e088695
  Author: Timothy E Baldwin <T.E.Baldwin99@xxxxxxxxxxxxxxxxxxx>
  Date:   Mon Aug 31 00:26:21 2015 +0100

      linux-user: Return target error number in do_fork()

      Whilst calls to do_fork() are wrapped in get_errno() this does not
      translate return values.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Timothy Edward Baldwin <T.E.Baldwin99@xxxxxxxxxxxxxxxxxxx>
      Signed-off-by: Riku Voipio <riku.voipio@xxxxxxxxxx>

  commit ee1045877a7e226945c7cec2bda80039bd2d0c8e
  Author: Jonathan Neuschäfer <j.neuschaefer@xxxxxxx>
  Date:   Thu Sep 3 07:27:26 2015 +0200

      linux-user: fix cmsg conversion in case of multiple headers

      Currently, __target_cmsg_nxthdr compares a pointer derived from
      target_cmsg against the msg_control field of target_msgh (through
      subtraction).  This failed for me when emulating i386 code under x86_64,
      because pointers in the host address space and pointers in the guest
      address space were not the same.  This patch passes the initial value of
      target_cmsg into __target_cmsg_nxthdr.

      I found and fixed two more related bugs:
      - __target_cmsg_nxthdr now returns the new cmsg pointer instead of the
        old one.
      - tgt_space (in host_to_target_cmsg) doesn't count "sizeof (struct
        target_cmsghdr)" twice anymore.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@xxxxxxx>
      Signed-off-by: Riku Voipio <riku.voipio@xxxxxxxxxx>

  commit 59baae9a626396a3a05840279084c4bf2beb8f40
  Author: Stefan Brüns <stefan.bruens@xxxxxxxxxxxxxx>
  Date:   Wed Sep 2 03:38:53 2015 +0200

      linux-user: remove MAX_ARG_PAGES limit

      Instead of creating a temporary copy for the whole environment and
      the arguments, directly copy everything to the target stack.

      For this to work, we have to change the order of stack creation and
      copying the arguments.

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Stefan Brüns <stefan.bruens@xxxxxxxxxxxxxx>
      Signed-off-by: Riku Voipio <riku.voipio@xxxxxxxxxx>

  commit 84646ee25b68321624ef4768011e91064e4bd440
  Author: Stefan Brüns <stefan.bruens@xxxxxxxxxxxxxx>
  Date:   Wed Sep 2 03:38:52 2015 +0200

      linux-user: remove unused image_info members

      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Stefan Brüns <stefan.bruens@xxxxxxxxxxxxxx>
      Signed-off-by: Riku Voipio <riku.voipio@xxxxxxxxxx>

  commit ba02577cadbe5b53db791522310c977f9960f81f
  Author: Meador Inge <meadori@xxxxxxxxxxxxxxxx>
  Date:   Mon Jul 6 11:03:41 2015 -0700

      linux-user: Treat --foo options the same as -foo

      The system mode binaries provide a similar alias
      and it makes common options like --version and --help
      work as expected.

      Signed-off-by: Meador Inge <meadori@xxxxxxxxxxxxxxxx>
      Signed-off-by: Riku Voipio <riku.voipio@xxxxxxxxxx>

  commit 4d1275c24d5d64d22ec4a30ce1b6a0db3ba9a25a
  Author: Riku Voipio <riku.voipio@xxxxxxxxxx>
  Date:   Mon Sep 28 16:12:16 2015 +0300

      linux-user: use EXIT_SUCCESS and EXIT_FAILURE

      As suggested by Laurent, use EXIT_SUCCESS and EXIT_FAILURE from
      stdlib.h instead of numeric values.

      Cc: Laurent Vivier <laurent@xxxxxxxxx>
      Signed-off-by: Riku Voipio <riku.voipio@xxxxxxxxxx>

  commit 138940bf08df1d8e9b862ad019a0d7d451e2413a
  Author: Meador Inge <meadori@xxxxxxxxxxxxxxxx>
  Date:   Mon Jul 6 11:03:40 2015 -0700

      linux-user: Add proper error messages for bad options

      This patch adds better support for diagnosing option
      parser errors.  The previous implementation just printed
      the usage text and exited when a bad option or argument
      was found.  This made it very difficult to determine why
      the usage was being displayed and it was doubly confusing
      for cases like '--help' (it wasn't clear that --help was
      actually an error).

      Signed-off-by: Meador Inge <meadori@xxxxxxxxxxxxxxxx>
      Signed-off-by: Riku Voipio <riku.voipio@xxxxxxxxxx>

  commit daaf8c8eb7135386134bc7075b9cf4dd57107c43
  Author: Meador Inge <meadori@xxxxxxxxxxxxxxxx>
  Date:   Mon Jul 6 11:03:39 2015 -0700

      linux-user: Add -help

      This option is already available on the system mode
      binaries.  It would be better if long options were
      supported (i.e. --help), but this is okay for now.

      Signed-off-by: Meador Inge <meadori@xxxxxxxxxxxxxxxx>
      Signed-off-by: Riku Voipio <riku.voipio@xxxxxxxxxx>

  commit d03f9c320234d2e49ad8b2f4abd049a497afa2be
  Author: Meador Inge <meadori@xxxxxxxxxxxxxxxx>
  Date:   Mon Jul 6 11:03:38 2015 -0700

      linux-user: Exit 0 when -h is used

      Signed-off-by: Meador Inge <meadori@xxxxxxxxxxxxxxxx>
      Signed-off-by: Riku Voipio <riku.voipio@xxxxxxxxxx>

  commit 6996a002d845be0166e155c016448014a6fbfe05
  Merge: 9e07142 365d7f3
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Sep 25 23:20:06 2015 +0100

      Merge remote-tracking branch 
'remotes/pmaydell/tags/pull-cocoa-20150925-1' into staging

      cocoa queue:
       * fix stuck-key bug if keys were down when QEMU lost focus
       * prompt the user whether they really meant to quit
       * remove the 'open image file' dialog box we used to display
         if the user started QEMU without arguments

      # gpg: Signature made Fri 25 Sep 2015 23:17:19 BST using RSA key ID 
14360CDE
      # gpg: Good signature from "Peter Maydell <peter.maydell@xxxxxxxxxx>"
      # gpg:                 aka "Peter Maydell <pmaydell@xxxxxxxxx>"
      # gpg:                 aka "Peter Maydell 
<pmaydell@xxxxxxxxxxxxxxxxxxxxxx>"

      * remotes/pmaydell/tags/pull-cocoa-20150925-1:
        ui/cocoa.m: remove open dialog code
        ui/cocoa.m: prevent stuck key situation
        ui/cocoa.m: verify with user before quitting QEMU

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 365d7f3c7aacc789ead96b8eeb5ba5b0a8d93d48
  Author: John Arbuckle <programmingkidx@xxxxxxxxx>
  Date:   Fri Sep 25 23:14:00 2015 +0100

      ui/cocoa.m: remove open dialog code

      Removes the open dialog code that runs when no arguments are supplied 
with QEMU.
      Not everyone needs a hard drive or cdrom to boot their target. A user 
might only
      need to use their target's bios to do work. With that said, this patch 
removes
      the unneeded open dialog code.

      Signed-off-by: John Arbuckle <programmingkidx@xxxxxxxxx>
      Message-id: 33856864-321C-4367-9170-FB0BF81E789B@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 3b178b7130ecf4005cd73d0c40e964c9d0d31a48
  Author: John Arbuckle <programmingkidx@xxxxxxxxx>
  Date:   Fri Sep 25 23:14:00 2015 +0100

      ui/cocoa.m: prevent stuck key situation

      When the user puts QEMU in the background while holding
      down a key, QEMU will not receive the keyup event when
      the user lets go of the key. When the user goes back to
      QEMU, QEMU will think the key is still down causing
      stuck key symptoms. This patch fixes this problem by
      releasing all down keys when QEMU goes into the
      background.

      Signed-off-by: John Arbuckle <programmingkidx@xxxxxxxxx>
      Message-id: 7A3FA6EE-84C8-4422-A786-C899B7229D32@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit d9bc14f63e880010ba72b3a0169ff8ef52275a63
  Author: John Arbuckle <programmingkidx@xxxxxxxxx>
  Date:   Fri Sep 25 23:13:59 2015 +0100

      ui/cocoa.m: verify with user before quitting QEMU

      This patch prevents the user from accidentally quitting QEMU by pushing
      Command-Q or by pushing the close button on the main window. When
      the user does one of these two things, a dialog box appears verifying
      with the user if he or she wants to quit QEMU.

      Signed-off-by: John Arbuckle <programmingkidx@xxxxxxxxx>
      Message-id: 29169A74-0347-47F5-934F-A5AD24C225CA@xxxxxxxxx
      Reviewed-by: Peter Maydell <peter.maydell@xxxxxxxxxx>
      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 9e071429e649346c14b2dc76902f84f8352d2333
  Merge: 8bfbbb4 8e9620a
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Sep 25 21:52:30 2015 +0100

      Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
staging

      * First batch of MAINTAINERS updates
      * IOAPIC fixes (to pass kvm-unit-tests with -machine kernel_irqchip=off)
      * NBD API upgrades from Daniel
      * strtosz fixes from Marc-André
      * improved support for readonly=on on scsi-generic devices
      * new "info ioapic" and "info lapic" monitor commands
      * Peter Crosthwaite's ELF_MACHINE cleanups
      * docs patches from Thomas and Daniel

      # gpg: Signature made Fri 25 Sep 2015 11:20:52 BST using RSA key ID 
78C7AE83
      # gpg: Good signature from "Paolo Bonzini <bonzini@xxxxxxx>"
      # gpg:                 aka "Paolo Bonzini <pbonzini@xxxxxxxxxx>"

      * remotes/bonzini/tags/for-upstream: (52 commits)
        doc: Refresh URLs in the qemu-tech documentation
        docs: describe the QEMU build system structure / design
        typedef: add typedef for QemuOpts
        i386: interrupt poll processing
        i386: partial revert of interrupt poll fix
        ppc: Rename ELF_MACHINE to be PPC specific
        i386: Rename ELF_MACHINE to be x86 specific
        alpha: Remove ELF_MACHINE from cpu.h
        mips: Remove ELF_MACHINE from cpu.h
        sparc: Remove ELF_MACHINE from cpu.h
        s390: Remove ELF_MACHINE from cpu.h
        sh4: Remove ELF_MACHINE from cpu.h
        xtensa: Remove ELF_MACHINE from cpu.h
        tricore: Remove ELF_MACHINE from cpu.h
        or32: Remove ELF_MACHINE from cpu.h
        lm32: Remove ELF_MACHINE from cpu.h
        unicore: Remove ELF_MACHINE from cpu.h
        moxie: Remove ELF_MACHINE from cpu.h
        cris: Remove ELF_MACHINE from cpu.h
        m68k: Remove ELF_MACHINE from cpu.h
        ...

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 8bfbbb4bcb6e06aaf4a3e2264f53c8c44ed4c655
  Merge: 54b3762 9d146b2
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Sep 25 21:11:12 2015 +0100

      Merge remote-tracking branch 
'remotes/awilliam/tags/vfio-update-20150925.0' into staging

      VFIO updates 2015-09-25

       - Remove use of g_malloc0_n for glib2.22 compat

      # gpg: Signature made Fri 25 Sep 2015 17:58:04 BST using RSA key ID 
3BB08B22
      # gpg: Good signature from "Alex Williamson <alex.williamson@xxxxxxxxxx>"
      # gpg:                 aka "Alex Williamson <alex@xxxxxxxxxxx>"
      # gpg:                 aka "Alex Williamson <alwillia@xxxxxxxxxx>"
      # gpg:                 aka "Alex Williamson <alex.l.williamson@xxxxxxxxx>"

      * remotes/awilliam/tags/vfio-update-20150925.0:
        vfio/pci: Remove use of g_malloc0_n() from quirks

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 54b376230c795d9f63490fa2e951cb786f7b1e12
  Merge: 690b286 e6fd57e
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Sep 25 19:01:46 2015 +0100

      Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into 
staging

      # gpg: Signature made Fri 25 Sep 2015 16:47:31 BST using RSA key ID 
C0DE3057
      # gpg: Good signature from "Jeffrey Cody <jcody@xxxxxxxxxx>"
      # gpg:                 aka "Jeffrey Cody <jeff@xxxxxxxxxxxxx>"
      # gpg:                 aka "Jeffrey Cody <codyprime@xxxxxxxxx>"

      * remotes/cody/tags/block-pull-request:
        sheepdog: refine discard support
        sheepdog: use per AIOCB dirty indexes for non overlapping requests
        Backup: don't do copy-on-read in before_write_notifier
        block: Introduce a new API bdrv_co_no_copy_on_readv()
        sheepdog: add reopen support
        block/nfs: cache allocated filesize for read-only files
        block/nfs: fix calculation of allocated file size

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit 690b286fefa806f130dfc1931b5ba0b4dd2fb415
  Merge: cdf9818 ab60b74
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Sep 25 18:03:19 2015 +0100

      Merge remote-tracking branch 
'remotes/vivier-misc/tags/pull-muldiv64-20150925' into staging

      Remove muldiv64() by using period instead of frequency

      # gpg: Signature made Fri 25 Sep 2015 14:54:37 BST using RSA key ID 
3F2FBE3C
      # gpg: Good signature from "Laurent Vivier <lvivier@xxxxxxxxxx>"
      # gpg:                 aka "Laurent Vivier <laurent@xxxxxxxxx>"
      # gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@xxxxxxxxxx>"
      # gpg: WARNING: This key is not certified with a trusted signature!
      # gpg:          There is no indication that the signature belongs to the 
owner.
      # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F 
BE3C

      * remotes/vivier-misc/tags/pull-muldiv64-20150925:
        net: remove muldiv64()
        bt: remove muldiv64()
        hpet: remove muldiv64()
        arm: clarify the use of muldiv64()
        openrisc: remove muldiv64()
        mips: remove muldiv64()
        pcnet: remove muldiv64()
        rtl8139: remove muldiv64()
        i6300esb: remove muldiv64()

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit cdf98182420e3bec62e2fd957eb8a17761161c0f
  Merge: 8a47d57 f178bc6
  Author: Peter Maydell <peter.maydell@xxxxxxxxxx>
  Date:   Fri Sep 25 16:40:05 2015 +0100

      Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

      virtio,pc features, fixes

      New features:
          vhost-user multiqueue support
          virtio-ccw virtio 1 support

      Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>

      # gpg: Signature made Fri 25 Sep 2015 07:40:35 BST using RSA key ID 
D28D5469
      # gpg: Good signature from "Michael S. Tsirkin <mst@xxxxxxxxxx>"
      # gpg:                 aka "Michael S. Tsirkin <mst@xxxxxxxxxx>"

      * remotes/mst/tags/for_upstream:
        MAINTAINERS: add more devices to the PCI section
        MAINTAINERS: add more devices to the PC section
        vhost-user: add a new message to disable/enable a specific virt queue.
        vhost-user: add multiple queue support
        vhost: introduce vhost_backend_get_vq_index method
        vhost-user: add VHOST_USER_GET_QUEUE_NUM message
        vhost: rename VHOST_RESET_OWNER to VHOST_RESET_DEVICE
        vhost-user: add protocol feature negotiation
        vhost-user: use VHOST_USER_XXX macro for switch statement
        virtio-ccw: enable virtio-1
        virtio-ccw: feature bits > 31 handling
        virtio-ccw: support ring size changes
        virtio: ring sizes vs. reset
        pc: Introduce pc-*-2.5 machine classes
        q35: Move options common to all classes to pc_i440fx_machine_options()
        q35: Move options common to all classes to pc_q35_machine_options()
        virtio-net: unbreak self announcement and guest offloads after migration
        virtio: right size for virtio_queue_get_avail_size

      Signed-off-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit e6fd57ea297ec3aad32b24090c5d3757a99df3fe
  Author: Hitoshi Mitake <mitake.hitoshi@xxxxxxxxxxxxx>
  Date:   Tue Sep 1 12:03:10 2015 +0900

      sheepdog: refine discard support

      This patch refines discard support of the sheepdog driver. The
      existing discard mechanism was implemented on SD_OP_DISCARD_OBJ, which
      was introduced before fine grained reference counting on newer
      sheepdog. It doesn't care about relations of snapshots and clones and
      discards objects unconditionally.

      With this patch, the driver just updates an inode object for updating
      reference. Removing the object is done in sheep process side.

      Cc: Teruaki Ishizaki <ishizaki.teruaki@xxxxxxxxxxxxx>
      Cc: Vasiliy Tolstov <v.tolstov@xxxxxxxxx>
      Cc: Jeff Cody <jcody@xxxxxxxxxx>
      Signed-off-by: Hitoshi Mitake <mitake.hitoshi@xxxxxxxxxxxxx>
      Tested-by: Vasiliy Tolstov <v.tolstov@xxxxxxxxx>
      Message-id: 1441076590-8015-3-git-send-email-mitake.hitoshi@xxxxxxxxxxxxx
      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>

  commit 498f21405a286f718a0767c791b7d2db19f4e5bd
  Author: Hitoshi Mitake <mitake.hitoshi@xxxxxxxxxxxxx>
  Date:   Tue Sep 1 12:03:09 2015 +0900

      sheepdog: use per AIOCB dirty indexes for non overlapping requests

      In the commit 96b14ff85acf, requests for overlapping areas are
      serialized. However, it cannot handle a case of non overlapping
      requests. In such a case, min_dirty_data_idx and max_dirty_data_idx
      can be overwritten by the requests and invalid inode update can
      happen e.g. a case like create(1, 2) and create(3, 4) are issued in
      parallel.

      This patch lets SheepdogAIOCB have dirty data indexes instead of
      BDRVSheepdogState for avoiding the above situation.

      This patch also does trivial renaming for better description:
      overwrapping -> overlapping

      Cc: Teruaki Ishizaki <ishizaki.teruaki@xxxxxxxxxxxxx>
      Cc: Vasiliy Tolstov <v.tolstov@xxxxxxxxx>
      Cc: Jeff Cody <jcody@xxxxxxxxxx>
      Signed-off-by: Hitoshi Mitake <mitake.hitoshi@xxxxxxxxxxxxx>
      Tested-by: Vasiliy Tolstov <v.tolstov@xxxxxxxxx>
      Message-id: 1441076590-8015-2-git-send-email-mitake.hitoshi@xxxxxxxxxxxxx
      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>

  commit ab60b7485cece312ad9c21327ee678f0f9898fb5
  Author: Laurent Vivier <lvivier@xxxxxxxxxx>
  Date:   Tue Aug 25 17:24:39 2015 +0200

      net: remove muldiv64()

      muldiv64() is used to convert nanoseconds to microseconds.

          x = muldiv64(qemu_clock_get_ns(..), 1000000, get_ticks_per_sec());

      As  get_ticks_per_sec() is 10^9, it can be replaced by:

          x = qemu_clock_get_us(..);

      Signed-off-by: Laurent Vivier <lvivier@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit fdfea124f9e12232f99d9f235267ca1eeeb23469
  Author: Laurent Vivier <lvivier@xxxxxxxxxx>
  Date:   Tue Aug 25 17:19:57 2015 +0200

      bt: remove muldiv64()

      Originally, timers were ticks based, and it made sense to
      add ticks to current time to know when to trigger an alarm.

      But since commit:

      7447545 change all other clock references to use nanosecond resolution 
accessors

      All timers use nanoseconds and we need to convert ticks to nanoseconds.

      As get_ticks_per_sec() is 10^9,

          a = muldiv64(b, get_ticks_per_sec(), 100);
          y = muldiv64(x, get_ticks_per_sec(), 1000000);

      can be converted to

          a = b * 10000000;
          y = x * 1000;

      Signed-off-by: Laurent Vivier <lvivier@xxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 0a4f9240f5b8b1bfe2d5c5c2748545bc23771bb4
  Author: Laurent Vivier <lvivier@xxxxxxxxxx>
  Date:   Tue Aug 25 17:13:01 2015 +0200

      hpet: remove muldiv64()

      hpet defines a clock period in femtoseconds but
      then converts it to nanoseconds to use the internal
      timers.

      We can define the period in nanoseconds and use it
      directly, this allows to remove muldiv64().

      We only need to convert the period to femtoseconds
      to put it in internal hpet capability register.

      Signed-off-by: Laurent Vivier <lvivier@xxxxxxxxxx>
      Reviewed-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 352c98e502893dee405d0bd8301264fca3b79179
  Author: Laurent Vivier <lvivier@xxxxxxxxxx>
  Date:   Tue Aug 25 17:09:36 2015 +0200

      arm: clarify the use of muldiv64()

      muldiv64() is used to convert microseconds into CPU ticks.

      But it is not clear and not commented. This patch uses macro
      to clearly identify what is used: time, CPU frequency and ticks.
      For an elapsed time and a given frequency, we compute how many ticks
       we have.

      Signed-off-by: Laurent Vivier <lvivier@xxxxxxxxxx>
      Reviewed-by: Peter Crosthwaite <crosthwaite.peter@xxxxxxxxx>
      Acked-by: Peter Maydell <peter.maydell@xxxxxxxxxx>

  commit ccaf1749239aa33c5a5b755972232ffe1c0cf946
  Author: Laurent Vivier <lvivier@xxxxxxxxxx>
  Date:   Tue Aug 25 17:17:15 2015 +0200

      openrisc: remove muldiv64()

      Originally, timers were ticks based, and it made sense to
      add ticks to current time to know when to trigger an alarm.

      But since commit:

      7447545 change all other clock references to use nanosecond resolution 
accessors

      All timers use nanoseconds and we need to convert ticks to nanoseconds, by
      doing something like:

          y = muldiv64(x, get_ticks_per_sec(), TIMER_FREQ)

      where x is the number of device ticks and y the number of system ticks.

      y is used as nanoseconds in timer functions,
      it works because 1 tick is 1 nanosecond.
      (get_ticks_per_sec() is 10^9)

      But as openrisc timer frequency is 20 MHz, we can also do:

          y = x * 50; /* 20 MHz period is 50 ns */

      Signed-off-by: Laurent Vivier <lvivier@xxxxxxxxxx>

  commit 683dca6bd5057a87d9376475b0c7e30d56d8e532
  Author: Laurent Vivier <lvivier@xxxxxxxxxx>
  Date:   Tue Aug 25 16:16:21 2015 +0200

      mips: remove muldiv64()

      Originally, timers were ticks based, and it made sense to
      add ticks to current time to know when to trigger an alarm.

      But since commit:

      7447545 change all other clock references to use nanosecond resolution 
accessors

      All timers use nanoseconds and we need to convert ticks to nanoseconds, by
      doing something like:

          y = muldiv64(x, get_ticks_per_sec(), TIMER_FREQ)

      where x is the number of device ticks and y the number of system ticks.

      y is used as nanoseconds in timer functions,
      it works because 1 tick is 1 nanosecond.
      (get_ticks_per_sec() is 10^9)

      But as MIPS timer frequency is 100 MHz, we can also do:

          y = x * 10; /* 100 MHz period is 10 ns */

      Signed-off-by: Laurent Vivier <lvivier@xxxxxxxxxx>
      Reviewed-by: Leon Alrae <leon.alrae@xxxxxxxxxx>

  commit c6acbe861f1ed4203f4864baf756686064ba561f
  Author: Laurent Vivier <lvivier@xxxxxxxxxx>
  Date:   Mon Aug 24 19:29:45 2015 +0200

      pcnet: remove muldiv64()

      Originally, timers were ticks based, and it made sense to
      add ticks to current time to know when to trigger an alarm.

      But since commit:

      7447545 change all other clock references to use nanosecond resolution 
accessors

      All timers use nanoseconds and we need to convert ticks to nanoseconds, by
      doing something like:

          y = muldiv64(x, get_ticks_per_sec(), PCI_FREQUENCY)

      where x is the number of device ticks and y the number of system ticks.

      y is used as nanoseconds in timer functions,
      it works because 1 tick is 1 nanosecond.
      (get_ticks_per_sec() is 10^9)

      But as PCI frequency is 33 MHz, we can also do:

          y = x * 30; /* 33 MHz PCI period is 30 ns */

      Which is much more simple.

      This implies a 33.333333 MHz PCI frequency,
      but this is correct.

      Signed-off-by: Laurent Vivier <lvivier@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 37b9ab92f7f8295c61daa4a8893eb8fb1add63e2
  Author: Laurent Vivier <lvivier@xxxxxxxxxx>
  Date:   Mon Aug 24 19:29:45 2015 +0200

      rtl8139: remove muldiv64()

      Originally, timers were ticks based, and it made sense to
      add ticks to current time to know when to trigger an alarm.

      But since commit:

      7447545 change all other clock references to use nanosecond resolution 
accessors

      All timers use nanoseconds and we need to convert ticks to nanoseconds, by
      doing something like:

          y = muldiv64(x, get_ticks_per_sec(), PCI_FREQUENCY)

      where x is the number of device ticks and y the number of system ticks.

      y is used as nanoseconds in timer functions,
      it works because 1 tick is 1 nanosecond.
      (get_ticks_per_sec() is 10^9)

      But as PCI frequency is 33 MHz, we can also do:

          y = x * 30; /* 33 MHz PCI period is 30 ns */

      Which is much more simple.

      This implies a 33.333333 MHz PCI frequency,
      but this is correct.

      Signed-off-by: Laurent Vivier <lvivier@xxxxxxxxxx>
      Reviewed-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>

  commit 9491e9bc019a365dfa9780f462984a0d052f4c0d
  Author: Laurent Vivier <lvivier@xxxxxxxxxx>
  Date:   Mon Aug 24 19:29:45 2015 +0200

      i6300esb: remove muldiv64()

      Originally, timers were ticks based, and it made sense to
      add ticks to current time to know when to trigger an alarm.

      But since commit:

      7447545 change all other clock references to use nanosecond resolution 
accessors

      All timers use nanoseconds and we need to convert ticks to nanoseconds, by
      doing something like:

          y = muldiv64(x, get_ticks_per_sec(), PCI_FREQUENCY)

      where x is the number of device ticks and y the number of system ticks.

      y is used as nanoseconds in timer functions,
      it works because 1 tick is 1 nanosecond.
      (get_ticks_per_sec() is 10^9)

      But as PCI frequency is 33 MHz, we can also do:

          y = x * 30; /* 33 MHz PCI period is 30 ns */

      Which is much more simple.

      This implies a 33.333333 MHz PCI frequency,
      but this is correct.

      Signed-off-by: Laurent Vivier <lvivier@xxxxxxxxxx>

  commit 06c3916b35a1cf6db548450a0cfb96983c33c82f
  Author: Wen Congyang <wency@xxxxxxxxxxxxxx>
  Date:   Tue Sep 8 11:28:33 2015 +0800

      Backup: don't do copy-on-read in before_write_notifier

      We will copy data in before_write_notifier to do backup.
      It is a nested I/O request, so we cannot do copy-on-read.

      The steps to reproduce it:
      1. -drive copy-on-read=on,...  // qemu option
      2. drive_backup -f disk0 /path_to_backup.img // monitor command

      Signed-off-by: Wen Congyang <wency@xxxxxxxxxxxxxx>
      Tested-by: Jeff Cody <jcody@xxxxxxxxxx>
      Message-id: 1441682913-14320-3-git-send-email-wency@xxxxxxxxxxxxxx
      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>

  commit 9568b511c9f91c3d21ea3e83426d4ee7168c98bb
  Author: Wen Congyang <wency@xxxxxxxxxxxxxx>
  Date:   Tue Sep 8 11:28:32 2015 +0800

      block: Introduce a new API bdrv_co_no_copy_on_readv()

      In some cases, we need to disable copy-on-read, and just
      read the data.

      Signed-off-by: Wen Congyang <wency@xxxxxxxxxxxxxx>
      Message-id: 1441682913-14320-2-git-send-email-wency@xxxxxxxxxxxxxx
      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>

  commit 4da65c80921139f3e0ff63f5ea20c5d9c778364f
  Author: Liu Yuan <liuyuan@xxxxxxxxxxxxxxxxxxxx>
  Date:   Fri Aug 28 10:53:58 2015 +0800

      sheepdog: add reopen support

      With reopen supported, block-commit (and offline commit) is now supported 
for
      image files whose base image uses the Sheepdog protocol driver.

      Cc: qemu-devel@xxxxxxxxxx
      Cc: Jeff Cody <jcody@xxxxxxxxxx>
      Cc: Kevin Wolf <kwolf@xxxxxxxxxx>
      Cc: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
      Signed-off-by: Liu Yuan <liuyuan@xxxxxxxxxxxxxxxxxxxx>
      Message-id: 1440730438-24676-1-git-send-email-namei.unix@xxxxxxxxx
      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>

  commit 18a8056e0bc744e5dd2bb5cb998423b607d99f19
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Thu Aug 27 12:30:41 2015 +0200

      block/nfs: cache allocated filesize for read-only files

      If the file is readonly its not expected to grow so
      save the blocking call to nfs_fstat_async and use
      the value saved at connection time. Also important
      the monitor (and thus the main loop) will not hang
      if block device info is queried and the NFS share
      is unresponsive.

      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Message-id: 1440671441-7978-1-git-send-email-pl@xxxxxxx
      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>

  commit 055c6f912c8d3cd9a901972ae432c47e5872f71a
  Author: Peter Lieven <pl@xxxxxxx>
  Date:   Thu Aug 20 12:46:47 2015 +0200

      block/nfs: fix calculation of allocated file size

      st.st_blocks is always counted in 512 byte units. Do not
      use st.st_blksize as multiplicator which may be larger.

      Cc: qemu-stable@xxxxxxxxxx
      Signed-off-by: Peter Lieven <pl@xxxxxxx>
      Reviewed-by: Max Reitz <mreitz@xxxxxxxxxx>
      Reviewed-by: Jeff Cody <jcody@xxxxxxxxxx>
      Message-id: 1440067607-14547-1-git-send-email-pl@xxxxxxx
      Signed-off-by: Jeff Cody <jcody@xxxxxxxxxx>

  commit 8e9620a683925daf9900c2ac5f2dfa14b6439932
  Author: Thomas Huth <thuth@xxxxxxxxxx>
  Date:   Fri Sep 25 11:38:36 2015 +0200

      doc: Refresh URLs in the qemu-tech documentation

      The TwoOStwo and Willows page seem to have disappeared completely,
      and also some of the other links were not pointing to the right
      locations anymore.

      Signed-off-by: Thomas Huth <thuth@xxxxxxxxxx>
      Message-Id: <1443173916-8895-1-git-send-email-thuth@xxxxxxxxxx>
      Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

  commit 717171bd2025f732d7fcf43efc08f1551953a0e3
  Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
  Date:   Thu Sep 24 14:41:38 2015 +0100

      docs: describe the QEMU build system structure / design

      Developers who are new to QEMU, or have a background familiarity
      with GNU autotools, can have trouble getting their head around the
      home-grown QEMU build system. This document attempts to explain
      the structure / design of the configure script and the various
      Makefile pieces that live across the source tree.

      Signed-off-by: Dan