[PULL 00/18] Misc patches for 2022-07-12

[PULL 00/18] Misc patches for 2022-07-12

[Paolo Bonzini]

The following changes since commit 180c2f24d5e8eada41e012a3899d29bb695aae06:

  Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging (2022-07-06 10:41:34 +0530)

are available in the Git repository at:

  https://gitlab.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to 9fb6d8a9b2fc0e150b56a0ff4341494dcd8360b8:

  meson: place default firmware path under .../share (2022-07-12 14:46:58 +0200)

----------------------------------------------------------------
* fuzzing fixes (Alexander)
* fix cross compilation CFLAGS and compiler choice
* do not specify -bios option for tests/vm
* miscellaneous fixes
* preparation for pre-install tree in the build directory (Akihiko)

----------------------------------------------------------------
Akihiko Odaki (2):
      build: Do not depend on pc-bios for config-host.mak
      qga: Relocate a path emitted in the help text

Alexander Bulekov (2):
      build: improve -fsanitize-coverage-allowlist check
      fuzz: only use generic-fuzz targets on oss-fuzz

Marc-André Lureau (1):
      audio/dbus: fix building

Mauro Matteo Cascella (1):
      scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)

Miaoqian Lin (1):
      accel: kvm: Fix memory leak in find_stats_descriptors

Paolo Bonzini (11):
      tests/vm: do not specify -bios option
      pc-bios/optionrom: use -m16 unconditionally
      configure, pc-bios/optionrom: pass cross CFLAGS correctly
      configure, pc-bios/s390-ccw: pass cross CFLAGS correctly
      configure, pc-bios/vof: pass cross CFLAGS correctly
      configure: allow more host/target combos to use the host compiler
      configure: write EXTRA_CFLAGS for all sub-Makefiles
      tests/tcg: compile system emulation tests as freestanding
      configure: pass whole target name to probe_target_compiler
      build: try both native and cross compilers
      meson: place default firmware path under .../share

 Makefile                               |   2 +-
 accel/kvm/kvm-all.c                    |   1 +
 audio/meson.build                      |   2 +-
 configure                              | 201 ++++++++++++++++++++-------------
 hw/scsi/lsi53c895a.c                   |   3 +-
 meson.build                            |   5 +-
 meson_options.txt                      |   2 +-
 pc-bios/optionrom/Makefile             |  15 +--
 pc-bios/optionrom/code16gcc.h          |   3 -
 pc-bios/s390-ccw/Makefile              |  20 ++--
 pc-bios/s390-ccw/netboot.mak           |   6 +-
 pc-bios/vof/Makefile                   |   8 +-
 qga/main.c                             |   6 +-
 scripts/meson-buildoptions.sh          |   2 +-
 scripts/oss-fuzz/build.sh              |   4 +-
 tests/tcg/Makefile.target              |   1 +
 tests/tcg/aarch64/system/pauth-3.c     |   2 +-
 tests/tcg/aarch64/system/semiconsole.c |   2 +-
 tests/tcg/aarch64/system/semiheap.c    |   2 +-
 tests/tcg/multiarch/system/memory.c    |   2 +-
 tests/vm/fedora                        |   1 -
 tests/vm/freebsd                       |   1 -
 tests/vm/netbsd                        |   1 -
 tests/vm/openbsd                       |   1 -
 24 files changed, 163 insertions(+), 130 deletions(-)
 delete mode 100644 pc-bios/optionrom/code16gcc.h
-- 
2.36.1

[PULL 01/18] tests/vm: do not specify -bios option

[Paolo Bonzini]

When running from the build tree, the executable is able to find
the BIOS on its own; when running from the source tree, a firmware
blob should already be installed and there is no guarantee that
the one in the source tree works with the QEMU that is being used for
the installation.

Just remove the -bios option, since it is unnecessary and in fact
there are other x86 VM tests that do not bother specifying it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 tests/vm/fedora  | 1 -
 tests/vm/freebsd | 1 -
 tests/vm/netbsd  | 1 -
 tests/vm/openbsd | 1 -
 4 files changed, 4 deletions(-)

diff --git a/tests/vm/fedora b/tests/vm/fedora
index 92b78d6e2c..12eca919a0 100755
--- a/tests/vm/fedora
+++ b/tests/vm/fedora
@@ -79,7 +79,6 @@ class FedoraVM(basevm.BaseVM):
         self.exec_qemu_img("create", "-f", "qcow2", img_tmp, self.size)
         self.print_step("Booting installer")
         self.boot(img_tmp, extra_args = [
-            "-bios", "pc-bios/bios-256k.bin",
             "-machine", "graphics=off",
             "-device", "VGA",
             "-cdrom", iso
diff --git a/tests/vm/freebsd b/tests/vm/freebsd
index 805db759d6..cd1fabde52 100755
--- a/tests/vm/freebsd
+++ b/tests/vm/freebsd
@@ -95,7 +95,6 @@ class FreeBSDVM(basevm.BaseVM):
 
         self.print_step("Booting installer")
         self.boot(img_tmp, extra_args = [
-            "-bios", "pc-bios/bios-256k.bin",
             "-machine", "graphics=off",
             "-device", "VGA",
             "-cdrom", iso
diff --git a/tests/vm/netbsd b/tests/vm/netbsd
index 45aa9a7fda..aa883ec23c 100755
--- a/tests/vm/netbsd
+++ b/tests/vm/netbsd
@@ -86,7 +86,6 @@ class NetBSDVM(basevm.BaseVM):
 
         self.print_step("Booting installer")
         self.boot(img_tmp, extra_args = [
-            "-bios", "pc-bios/bios-256k.bin",
             "-machine", "graphics=off",
             "-cdrom", iso
         ])
diff --git a/tests/vm/openbsd b/tests/vm/openbsd
index 13c8254214..6f1b6f5b98 100755
--- a/tests/vm/openbsd
+++ b/tests/vm/openbsd
@@ -82,7 +82,6 @@ class OpenBSDVM(basevm.BaseVM):
 
         self.print_step("Booting installer")
         self.boot(img_tmp, extra_args = [
-            "-bios", "pc-bios/bios-256k.bin",
             "-machine", "graphics=off",
             "-device", "VGA",
             "-cdrom", iso
-- 
2.36.1

[PULL 02/18] scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)

[Paolo Bonzini]

From: Mauro Matteo Cascella <mcascell@redhat.com>

Set current_req->req to NULL to prevent reusing a free'd buffer in case of
repeated SCSI cancel requests. Thanks to Thomas Huth for suggesting the patch.

Fixes: CVE-2022-0216
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220705200543.2366809-1-mcascell@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 hw/scsi/lsi53c895a.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
index c8773f73f7..99ea42d49b 100644
--- a/hw/scsi/lsi53c895a.c
+++ b/hw/scsi/lsi53c895a.c
@@ -1028,8 +1028,9 @@ static void lsi_do_msgout(LSIState *s)
         case 0x0d:
             /* The ABORT TAG message clears the current I/O process only. */
             trace_lsi_do_msgout_abort(current_tag);
-            if (current_req) {
+            if (current_req && current_req->req) {
                 scsi_req_cancel(current_req->req);
+                current_req->req = NULL;
             }
             lsi_disconnect(s);
             break;
-- 
2.36.1

[PULL 03/18] pc-bios/optionrom: use -m16 unconditionally

[Paolo Bonzini]

Remove support for .code16gcc, all supported platforms have -m16.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 pc-bios/optionrom/Makefile    | 15 +--------------
 pc-bios/optionrom/code16gcc.h |  3 ---
 2 files changed, 1 insertion(+), 17 deletions(-)
 delete mode 100644 pc-bios/optionrom/code16gcc.h

diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile
index f639915b4f..ea89ce9d59 100644
--- a/pc-bios/optionrom/Makefile
+++ b/pc-bios/optionrom/Makefile
@@ -11,7 +11,7 @@ CFLAGS = -O2 -g
 quiet-command = $(if $(V),$1,$(if $(2),@printf "  %-7s %s\n" $2 $3 && $1, @$1))
 cc-option = $(if $(shell $(CC) $1 -c -o /dev/null -xc /dev/null >/dev/null 2>&1 && echo OK), $1, $2)
 
-override CFLAGS += -march=i486 -Wall
+override CFLAGS += -march=i486 -Wall -m16
 
 # If -fcf-protection is enabled in flags or compiler defaults that will
 # conflict with -march=i486
@@ -24,21 +24,8 @@ override CFLAGS += $(filter -W%, $(QEMU_CFLAGS))
 override CFLAGS += $(call cc-option, -fno-pie)
 override CFLAGS += -ffreestanding -I$(TOPSRC_DIR)/include
 override CFLAGS += $(call cc-option, -fno-stack-protector)
-override CFLAGS += $(call cc-option, -m16)
 override CFLAGS += $(call cc-option, -Wno-array-bounds)
 
-ifeq ($(filter -m16, $(CFLAGS)),)
-# Attempt to work around compilers that lack -m16 (GCC <= 4.8, clang <= ??)
-# On GCC we add -fno-toplevel-reorder to keep the order of asm blocks with
-# respect to the rest of the code.  clang does not have -fno-toplevel-reorder,
-# but it places all asm blocks at the beginning and we're relying on it for
-# the option ROM header.  So just force clang not to use the integrated
-# assembler, which doesn't support .code16gcc.
-override CFLAGS += $(call cc-option, -fno-toplevel-reorder)
-override CFLAGS += $(call cc-option, -no-integrated-as)
-override CFLAGS += -m32 -include $(SRC_DIR)/code16gcc.h
-endif
-
 Wa = -Wa,
 override ASFLAGS += -32
 override CFLAGS += $(call cc-option, $(Wa)-32)
diff --git a/pc-bios/optionrom/code16gcc.h b/pc-bios/optionrom/code16gcc.h
deleted file mode 100644
index 9c8d25d508..0000000000
--- a/pc-bios/optionrom/code16gcc.h
+++ /dev/null
@@ -1,3 +0,0 @@
-asm(
-".code16gcc\n"
-);
-- 
2.36.1

[PULL 04/18] configure, pc-bios/optionrom: pass cross CFLAGS correctly

[Paolo Bonzini]

The optionrom build is disregarding the flags passed to the configure
script via --cross-cflags-i386.  Pass it down and add it to the Makefile.

This will make it possible to get the -m32 flag from $target_cflags to
force a 32-bit build on 64-bit hosts, instead of supplying manually the
arcane -Wa,-32 and linker emulation options.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure                  | 32 ++++++++++++++++++--------------
 pc-bios/optionrom/Makefile |  2 +-
 2 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/configure b/configure
index 76728b31f7..3d00b361d7 100755
--- a/configure
+++ b/configure
@@ -2057,19 +2057,22 @@ probe_target_compiler() {
   compute_target_variable $1 target_objcopy objcopy
   compute_target_variable $1 target_ranlib ranlib
   compute_target_variable $1 target_strip strip
-  if test "$1" = $cpu; then
-    : ${target_cc:=$cc}
-    : ${target_ccas:=$ccas}
-    : ${target_as:=$as}
-    : ${target_ld:=$ld}
-    : ${target_ar:=$ar}
-    : ${target_as:=$as}
-    : ${target_ld:=$ld}
-    : ${target_nm:=$nm}
-    : ${target_objcopy:=$objcopy}
-    : ${target_ranlib:=$ranlib}
-    : ${target_strip:=$strip}
-  fi
+  case "$1:$cpu" in
+    i386:x86_64 | \
+    "$cpu:$cpu")
+      : ${target_cc:=$cc}
+      : ${target_ccas:=$ccas}
+      : ${target_as:=$as}
+      : ${target_ld:=$ld}
+      : ${target_ar:=$ar}
+      : ${target_as:=$as}
+      : ${target_ld:=$ld}
+      : ${target_nm:=$nm}
+      : ${target_objcopy:=$objcopy}
+      : ${target_ranlib:=$ranlib}
+      : ${target_strip:=$strip}
+      ;;
+  esac
   if test -n "$target_cc"; then
     case $1 in
       i386|x86_64)
@@ -2238,7 +2241,7 @@ done
 
 # Mac OS X ships with a broken assembler
 roms=
-probe_target_compilers i386 x86_64
+probe_target_compiler i386
 if test -n "$target_cc" &&
         test "$targetos" != "darwin" && test "$targetos" != "sunos" && \
         test "$targetos" != "haiku" && test "$softmmu" = yes ; then
@@ -2257,6 +2260,7 @@ if test -n "$target_cc" &&
         echo "# Automatically generated by configure - do not modify" > $config_mak
         echo "TOPSRC_DIR=$source_path" >> $config_mak
         echo "LD_I386_EMULATION=$ld_i386_emulation" >> $config_mak
+        echo "EXTRA_CFLAGS=$target_cflags" >> $config_mak
         write_target_makefile >> $config_mak
     fi
 fi
diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile
index ea89ce9d59..e90ca2e1c6 100644
--- a/pc-bios/optionrom/Makefile
+++ b/pc-bios/optionrom/Makefile
@@ -11,7 +11,7 @@ CFLAGS = -O2 -g
 quiet-command = $(if $(V),$1,$(if $(2),@printf "  %-7s %s\n" $2 $3 && $1, @$1))
 cc-option = $(if $(shell $(CC) $1 -c -o /dev/null -xc /dev/null >/dev/null 2>&1 && echo OK), $1, $2)
 
-override CFLAGS += -march=i486 -Wall -m16
+override CFLAGS += -march=i486 -Wall $(EXTRA_CFLAGS) -m16
 
 # If -fcf-protection is enabled in flags or compiler defaults that will
 # conflict with -march=i486
-- 
2.36.1

[PULL 05/18] configure, pc-bios/s390-ccw: pass cross CFLAGS correctly

[Paolo Bonzini]

QEMU_CFLAGS is not available in pc-bios/s390-ccw/netboot.mak, but the Makefile
needs to access the flags passed to the configure script for the s390x
cross compiler.  Fix everything and rename QEMU_CFLAGS to EXTRA_CFLAGS for
consistency with tests/tcg.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure                    |  1 +
 pc-bios/s390-ccw/Makefile    | 20 ++++++++++----------
 pc-bios/s390-ccw/netboot.mak |  6 +++---
 3 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/configure b/configure
index 3d00b361d7..bf9282e2a1 100755
--- a/configure
+++ b/configure
@@ -2290,6 +2290,7 @@ if test -n "$target_cc" && test "$softmmu" = yes; then
     config_mak=pc-bios/s390-ccw/config-host.mak
     echo "# Automatically generated by configure - do not modify" > $config_mak
     echo "SRC_PATH=$source_path/pc-bios/s390-ccw" >> $config_mak
+    echo "EXTRA_CFLAGS=$target_cflags" >> $config_mak
     write_target_makefile >> $config_mak
     # SLOF is required for building the s390-ccw firmware on s390x,
     # since it is using the libnet code from SLOF for network booting.
diff --git a/pc-bios/s390-ccw/Makefile b/pc-bios/s390-ccw/Makefile
index 6eb713bf37..26ad40f94e 100644
--- a/pc-bios/s390-ccw/Makefile
+++ b/pc-bios/s390-ccw/Makefile
@@ -18,11 +18,11 @@ $(call set-vpath, $(SRC_PATH))
 QEMU_DGFLAGS = -MMD -MP -MT $@ -MF $(@D)/$(*F).d
 
 %.o: %.c
-	$(call quiet-command,$(CC) $(QEMU_CFLAGS) $(QEMU_DGFLAGS) $(CFLAGS) \
+	$(call quiet-command,$(CC) $(EXTRA_CFLAGS) $(QEMU_DGFLAGS) $(CFLAGS) \
 	       -c -o $@ $<,"CC","$(TARGET_DIR)$@")
 
 %.o: %.S
-	$(call quiet-command,$(CCAS) $(QEMU_CFLAGS) $(QEMU_DGFLAGS) $(CFLAGS) \
+	$(call quiet-command,$(CCAS) $(EXTRA_CFLAGS) $(QEMU_DGFLAGS) $(CFLAGS) \
 	       -c -o $@ $<,"CCAS","$(TARGET_DIR)$@")
 
 .PHONY : all clean build-all
@@ -30,14 +30,14 @@ QEMU_DGFLAGS = -MMD -MP -MT $@ -MF $(@D)/$(*F).d
 OBJECTS = start.o main.o bootmap.o jump2ipl.o sclp.o menu.o \
 	  virtio.o virtio-scsi.o virtio-blkdev.o libc.o cio.o dasd-ipl.o
 
-QEMU_CFLAGS := -Wall $(filter -W%, $(QEMU_CFLAGS))
-QEMU_CFLAGS += $(call cc-option,-Werror $(QEMU_CFLAGS),-Wno-stringop-overflow)
-QEMU_CFLAGS += -ffreestanding -fno-delete-null-pointer-checks -fno-common -fPIE
-QEMU_CFLAGS += -fwrapv -fno-strict-aliasing -fno-asynchronous-unwind-tables
-QEMU_CFLAGS += $(call cc-option, $(QEMU_CFLAGS), -fno-stack-protector)
-QEMU_CFLAGS += -msoft-float
-QEMU_CFLAGS += $(call cc-option, $(QEMU_CFLAGS),-march=z900,-march=z10)
-QEMU_CFLAGS += -std=gnu99
+EXTRA_CFLAGS := $(EXTRA_CFLAGS) -Wall
+EXTRA_CFLAGS += $(call cc-option,-Werror $(EXTRA_CFLAGS),-Wno-stringop-overflow)
+EXTRA_CFLAGS += -ffreestanding -fno-delete-null-pointer-checks -fno-common -fPIE
+EXTRA_CFLAGS += -fwrapv -fno-strict-aliasing -fno-asynchronous-unwind-tables
+EXTRA_CFLAGS += $(call cc-option, $(EXTRA_CFLAGS), -fno-stack-protector)
+EXTRA_CFLAGS += -msoft-float
+EXTRA_CFLAGS += $(call cc-option, $(EXTRA_CFLAGS),-march=z900,-march=z10)
+EXTRA_CFLAGS += -std=gnu99
 LDFLAGS += -Wl,-pie -nostdlib
 
 build-all: s390-ccw.img s390-netboot.img
diff --git a/pc-bios/s390-ccw/netboot.mak b/pc-bios/s390-ccw/netboot.mak
index 1a06befa4b..ee59a5f4de 100644
--- a/pc-bios/s390-ccw/netboot.mak
+++ b/pc-bios/s390-ccw/netboot.mak
@@ -8,7 +8,7 @@ LIBNET_INC := -I$(SLOF_DIR)/lib/libnet
 
 NETLDFLAGS := $(LDFLAGS) -Wl,-Ttext=0x7800000
 
-$(NETOBJS): QEMU_CFLAGS += $(LIBC_INC) $(LIBNET_INC)
+$(NETOBJS): EXTRA_CFLAGS += $(LIBC_INC) $(LIBNET_INC)
 
 s390-netboot.elf: $(NETOBJS) libnet.a libc.a
 	$(call quiet-command,$(CC) $(NETLDFLAGS) -o $@ $^,"BUILD","$(TARGET_DIR)$@")
@@ -18,7 +18,7 @@ s390-netboot.img: s390-netboot.elf
 
 # libc files:
 
-LIBC_CFLAGS = $(QEMU_CFLAGS) $(CFLAGS) $(LIBC_INC) $(LIBNET_INC) \
+LIBC_CFLAGS = $(EXTRA_CFLAGS) $(CFLAGS) $(LIBC_INC) $(LIBNET_INC) \
 	      -MMD -MP -MT $@ -MF $(@:%.o=%.d)
 
 CTYPE_OBJS = isdigit.o isxdigit.o toupper.o
@@ -52,7 +52,7 @@ libc.a: $(LIBCOBJS)
 
 LIBNETOBJS := args.o dhcp.o dns.o icmpv6.o ipv6.o tcp.o udp.o bootp.o \
 	      dhcpv6.o ethernet.o ipv4.o ndp.o tftp.o pxelinux.o
-LIBNETCFLAGS = $(QEMU_CFLAGS) $(CFLAGS) $(LIBC_INC) $(LIBNET_INC) \
+LIBNETCFLAGS = $(EXTRA_CFLAGS) $(CFLAGS) $(LIBC_INC) $(LIBNET_INC) \
 	       -DDHCPARCH=0x1F -MMD -MP -MT $@ -MF $(@:%.o=%.d)
 
 %.o : $(SLOF_DIR)/lib/libnet/%.c
-- 
2.36.1

[PULL 06/18] configure, pc-bios/vof: pass cross CFLAGS correctly

[Paolo Bonzini]

Use the flags passed to the configure script for the ppc cross compiler,
which in fact default to those that are needed to get the 32-bit ISA.
Add the endianness flag so that it remains possible to use a ppc64le
compiler to compile VOF.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure            | 13 ++++---------
 pc-bios/vof/Makefile |  8 +++-----
 2 files changed, 7 insertions(+), 14 deletions(-)

diff --git a/configure b/configure
index bf9282e2a1..8f3401a23e 100755
--- a/configure
+++ b/configure
@@ -1858,7 +1858,7 @@ fi
 : ${cross_cc_hexagon="hexagon-unknown-linux-musl-clang"}
 : ${cross_cc_cflags_hexagon="-mv67 -O2 -static"}
 : ${cross_cc_cflags_i386="-m32"}
-: ${cross_cc_cflags_ppc="-m32"}
+: ${cross_cc_cflags_ppc="-m32 -mbig-endian"}
 : ${cross_cc_cflags_ppc64="-m64 -mbig-endian"}
 : ${cross_cc_ppc64le="$cross_cc_ppc64"}
 : ${cross_cc_cflags_ppc64le="-m64 -mlittle-endian"}
@@ -2059,6 +2059,7 @@ probe_target_compiler() {
   compute_target_variable $1 target_strip strip
   case "$1:$cpu" in
     i386:x86_64 | \
+    ppc*:ppc64 | \
     "$cpu:$cpu")
       : ${target_cc:=$cc}
       : ${target_ccas:=$ccas}
@@ -2084,13 +2085,6 @@ probe_target_compiler() {
   fi
 }
 
-probe_target_compilers() {
-  for i; do
-    probe_target_compiler $i
-    test -n "$target_cc" && return 0
-  done
-}
-
 write_target_makefile() {
   if test -n "$target_cc"; then
     echo "CC=$target_cc"
@@ -2265,12 +2259,13 @@ if test -n "$target_cc" &&
     fi
 fi
 
-probe_target_compilers ppc ppc64
+probe_target_compiler ppc
 if test -n "$target_cc" && test "$softmmu" = yes; then
     roms="$roms pc-bios/vof"
     config_mak=pc-bios/vof/config.mak
     echo "# Automatically generated by configure - do not modify" > $config_mak
     echo "SRC_DIR=$source_path/pc-bios/vof" >> $config_mak
+    echo "EXTRA_CFLAGS=$target_cflags" >> $config_mak
     write_target_makefile >> $config_mak
 fi
 
diff --git a/pc-bios/vof/Makefile b/pc-bios/vof/Makefile
index 391ac0d600..8809c82768 100644
--- a/pc-bios/vof/Makefile
+++ b/pc-bios/vof/Makefile
@@ -2,15 +2,13 @@ include config.mak
 VPATH=$(SRC_DIR)
 all: vof.bin
 
-CC ?= $(CROSS)gcc
-LD ?= $(CROSS)ld
-OBJCOPY ?= $(CROSS)objcopy
+EXTRA_CFLAGS += -mcpu=power4
 
 %.o: %.S
-	$(CC) -m32 -mbig-endian -mcpu=power4 -c -o $@ $<
+	$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
 
 %.o: %.c
-	$(CC) -m32 -mbig-endian -mcpu=power4 -c -fno-stack-protector -o $@ $<
+	$(CC) $(EXTRA_CFLAGS) -c -fno-stack-protector -o $@ $<
 
 vof.elf: entry.o main.o ci.o bootmem.o libc.o
 	$(LD) -nostdlib -e_start -T$(SRC_DIR)/vof.lds -EB -o $@ $^
-- 
2.36.1

[PULL 07/18] configure: allow more host/target combos to use the host compiler

[Paolo Bonzini]

Add more pairs of bi-arch compilers, so that it is not necessary to have
e.g. both little-endian and big-endian ARM compilers.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/configure b/configure
index 8f3401a23e..c9feb1a924 100755
--- a/configure
+++ b/configure
@@ -2058,8 +2058,12 @@ probe_target_compiler() {
   compute_target_variable $1 target_ranlib ranlib
   compute_target_variable $1 target_strip strip
   case "$1:$cpu" in
+    aarch64_be:aarch64 | \
+    armeb:arm | \
     i386:x86_64 | \
+    mips*:mips64 | \
     ppc*:ppc64 | \
+    sparc:sparc64 | \
     "$cpu:$cpu")
       : ${target_cc:=$cc}
       : ${target_ccas:=$ccas}
-- 
2.36.1

[PULL 08/18] configure: write EXTRA_CFLAGS for all sub-Makefiles

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/configure b/configure
index c9feb1a924..0fd2838e82 100755
--- a/configure
+++ b/configure
@@ -2090,6 +2090,7 @@ probe_target_compiler() {
 }
 
 write_target_makefile() {
+  echo "EXTRA_CFLAGS=$target_cflags"
   if test -n "$target_cc"; then
     echo "CC=$target_cc"
     echo "CCAS=$target_ccas"
@@ -2118,6 +2119,7 @@ write_target_makefile() {
 }
 
 write_container_target_makefile() {
+  echo "EXTRA_CFLAGS=$target_cflags"
   if test -n "$container_cross_cc"; then
     echo "CC=\$(DOCKER_SCRIPT) cc --cc $container_cross_cc -i qemu/$container_image -s $source_path --"
     echo "CCAS=\$(DOCKER_SCRIPT) cc --cc $container_cross_cc -i qemu/$container_image -s $source_path --"
@@ -2258,7 +2260,6 @@ if test -n "$target_cc" &&
         echo "# Automatically generated by configure - do not modify" > $config_mak
         echo "TOPSRC_DIR=$source_path" >> $config_mak
         echo "LD_I386_EMULATION=$ld_i386_emulation" >> $config_mak
-        echo "EXTRA_CFLAGS=$target_cflags" >> $config_mak
         write_target_makefile >> $config_mak
     fi
 fi
@@ -2269,7 +2270,6 @@ if test -n "$target_cc" && test "$softmmu" = yes; then
     config_mak=pc-bios/vof/config.mak
     echo "# Automatically generated by configure - do not modify" > $config_mak
     echo "SRC_DIR=$source_path/pc-bios/vof" >> $config_mak
-    echo "EXTRA_CFLAGS=$target_cflags" >> $config_mak
     write_target_makefile >> $config_mak
 fi
 
@@ -2289,7 +2289,6 @@ if test -n "$target_cc" && test "$softmmu" = yes; then
     config_mak=pc-bios/s390-ccw/config-host.mak
     echo "# Automatically generated by configure - do not modify" > $config_mak
     echo "SRC_PATH=$source_path/pc-bios/s390-ccw" >> $config_mak
-    echo "EXTRA_CFLAGS=$target_cflags" >> $config_mak
     write_target_makefile >> $config_mak
     # SLOF is required for building the s390-ccw firmware on s390x,
     # since it is using the libnet code from SLOF for network booting.
@@ -2604,7 +2603,6 @@ for target in $target_list; do
   if test $got_cross_cc = yes; then
       mkdir -p tests/tcg/$target
       echo "QEMU=$PWD/$qemu" >> $config_target_mak
-      echo "EXTRA_CFLAGS=$target_cflags" >> $config_target_mak
       echo "run-tcg-tests-$target: $qemu\$(EXESUF)" >> $makefile
       tcg_tests_targets="$tcg_tests_targets $target"
   fi
-- 
2.36.1

[PULL 09/18] tests/tcg: compile system emulation tests as freestanding

[Paolo Bonzini]

System emulation tests do not run in a hosted environment, since they
do not link with libc.  They should only use freestanding headers
(float.h, limits.h, stdarg.h, stddef.h, stdbool.h, stdint.h,
stdalign.h, stdnoreturn.h) and should be compiled with -ffreestanding
in order to use the compiler implementation of those headers
rather than the one in libc.

Some tests are using inttypes.h instead of stdint.h, so fix that.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 tests/tcg/Makefile.target              | 1 +
 tests/tcg/aarch64/system/pauth-3.c     | 2 +-
 tests/tcg/aarch64/system/semiconsole.c | 2 +-
 tests/tcg/aarch64/system/semiheap.c    | 2 +-
 tests/tcg/multiarch/system/memory.c    | 2 +-
 5 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/tests/tcg/Makefile.target b/tests/tcg/Makefile.target
index f427a0304e..e68830af15 100644
--- a/tests/tcg/Makefile.target
+++ b/tests/tcg/Makefile.target
@@ -111,6 +111,7 @@ else
 # For softmmu targets we include a different Makefile fragement as the
 # build options for bare programs are usually pretty different. They
 # are expected to provide their own build recipes.
+EXTRA_CFLAGS += -ffreestanding
 -include $(SRC_PATH)/tests/tcg/minilib/Makefile.target
 -include $(SRC_PATH)/tests/tcg/multiarch/system/Makefile.softmmu-target
 -include $(SRC_PATH)/tests/tcg/$(TARGET_NAME)/Makefile.softmmu-target
diff --git a/tests/tcg/aarch64/system/pauth-3.c b/tests/tcg/aarch64/system/pauth-3.c
index 42eff4d5ea..77a467277b 100644
--- a/tests/tcg/aarch64/system/pauth-3.c
+++ b/tests/tcg/aarch64/system/pauth-3.c
@@ -1,4 +1,4 @@
-#include <inttypes.h>
+#include <stdint.h>
 #include <minilib.h>
 
 int main()
diff --git a/tests/tcg/aarch64/system/semiconsole.c b/tests/tcg/aarch64/system/semiconsole.c
index bfe7c9e26b..81324c639f 100644
--- a/tests/tcg/aarch64/system/semiconsole.c
+++ b/tests/tcg/aarch64/system/semiconsole.c
@@ -6,7 +6,7 @@
  * SPDX-License-Identifier: GPL-2.0-or-later
  */
 
-#include <inttypes.h>
+#include <stdint.h>
 #include <minilib.h>
 
 #define SYS_READC 0x7
diff --git a/tests/tcg/aarch64/system/semiheap.c b/tests/tcg/aarch64/system/semiheap.c
index 4ed258476d..a254bd8982 100644
--- a/tests/tcg/aarch64/system/semiheap.c
+++ b/tests/tcg/aarch64/system/semiheap.c
@@ -6,7 +6,7 @@
  * SPDX-License-Identifier: GPL-2.0-or-later
  */
 
-#include <inttypes.h>
+#include <stdint.h>
 #include <stddef.h>
 #include <minilib.h>
 
diff --git a/tests/tcg/multiarch/system/memory.c b/tests/tcg/multiarch/system/memory.c
index 41c7f66e2e..214f7d4f54 100644
--- a/tests/tcg/multiarch/system/memory.c
+++ b/tests/tcg/multiarch/system/memory.c
@@ -12,7 +12,7 @@
  *   - sign extension when loading
  */
 
-#include <inttypes.h>
+#include <stdint.h>
 #include <stdbool.h>
 #include <minilib.h>
 
-- 
2.36.1

[PULL 10/18] configure: pass whole target name to probe_target_compiler

[Paolo Bonzini]

Let probe_target_compiler know if it is looking for a compiler for a
softmmu (freestanding) or a linux-user (hosted) environment.  The
detection for the compiler has to be done differently in the two
cases.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure | 52 ++++++++++++++++++++++++++++++++--------------------
 1 file changed, 32 insertions(+), 20 deletions(-)

diff --git a/configure b/configure
index 0fd2838e82..5256bc88e5 100755
--- a/configure
+++ b/configure
@@ -1875,6 +1875,17 @@ compute_target_variable() {
   fi
 }
 
+# probe_target_compiler TARGET
+#
+# Look for a compiler for the given target, either native or cross.
+# Set variables target_* if a compiler is found, and container_cross_*
+# if a Docker-based cross-compiler image is known for the target.
+# Set got_cross_cc to yes/no depending on whether a non-container-based
+# compiler was found.
+#
+# If TARGET is a user-mode emulation target, also set build_static to
+# "y" if static linking is possible.
+#
 probe_target_compiler() {
   # reset all output variables
   container_image=
@@ -1896,7 +1907,8 @@ probe_target_compiler() {
   target_ranlib=
   target_strip=
 
-  case $1 in
+  target_arch=${1%%-*}
+  case $target_arch in
     aarch64) container_hosts="x86_64 aarch64" ;;
     alpha) container_hosts=x86_64 ;;
     arm) container_hosts="x86_64 aarch64" ;;
@@ -1925,7 +1937,7 @@ probe_target_compiler() {
   for host in $container_hosts; do
     test "$container" != no || continue
     test "$host" = "$cpu" || continue
-    case $1 in
+    case $target_arch in
       aarch64)
         # We don't have any bigendian build tools so we only use this for AArch64
         container_image=debian-arm64-cross
@@ -2041,23 +2053,23 @@ probe_target_compiler() {
     : ${container_cross_strip:=${container_cross_prefix}strip}
   done
 
-  eval "target_cflags=\${cross_cc_cflags_$1}"
-  if eval test -n "\"\${cross_cc_$1}\""; then
-    if eval has "\"\${cross_cc_$1}\""; then
-      eval "target_cc=\"\${cross_cc_$1}\""
+  eval "target_cflags=\${cross_cc_cflags_$target_arch}"
+  if eval test -n "\"\${cross_cc_$target_arch}\""; then
+    if eval has "\"\${cross_cc_$target_arch}\""; then
+      eval "target_cc=\"\${cross_cc_$target_arch}\""
     fi
   else
-    compute_target_variable $1 target_cc gcc
+    compute_target_variable $target_arch target_cc gcc
   fi
   target_ccas=$target_cc
-  compute_target_variable $1 target_ar ar
-  compute_target_variable $1 target_as as
-  compute_target_variable $1 target_ld ld
-  compute_target_variable $1 target_nm nm
-  compute_target_variable $1 target_objcopy objcopy
-  compute_target_variable $1 target_ranlib ranlib
-  compute_target_variable $1 target_strip strip
-  case "$1:$cpu" in
+  compute_target_variable $target_arch target_ar ar
+  compute_target_variable $target_arch target_as as
+  compute_target_variable $target_arch target_ld ld
+  compute_target_variable $target_arch target_nm nm
+  compute_target_variable $target_arch target_objcopy objcopy
+  compute_target_variable $target_arch target_ranlib ranlib
+  compute_target_variable $target_arch target_strip strip
+  case "$target_arch:$cpu" in
     aarch64_be:aarch64 | \
     armeb:arm | \
     i386:x86_64 | \
@@ -2079,7 +2091,7 @@ probe_target_compiler() {
       ;;
   esac
   if test -n "$target_cc"; then
-    case $1 in
+    case $target_arch in
       i386|x86_64)
         if $target_cc --version | grep -qi "clang"; then
           unset target_cc
@@ -2241,7 +2253,7 @@ done
 
 # Mac OS X ships with a broken assembler
 roms=
-probe_target_compiler i386
+probe_target_compiler i386-softmmu
 if test -n "$target_cc" &&
         test "$targetos" != "darwin" && test "$targetos" != "sunos" && \
         test "$targetos" != "haiku" && test "$softmmu" = yes ; then
@@ -2264,7 +2276,7 @@ if test -n "$target_cc" &&
     fi
 fi
 
-probe_target_compiler ppc
+probe_target_compiler ppc-softmmu
 if test -n "$target_cc" && test "$softmmu" = yes; then
     roms="$roms pc-bios/vof"
     config_mak=pc-bios/vof/config.mak
@@ -2275,7 +2287,7 @@ fi
 
 # Only build s390-ccw bios if the compiler has -march=z900 or -march=z10
 # (which is the lowest architecture level that Clang supports)
-probe_target_compiler s390x
+probe_target_compiler s390x-softmmu
 if test -n "$target_cc" && test "$softmmu" = yes; then
   write_c_skeleton
   do_compiler "$target_cc" $target_cc_cflags -march=z900 -o $TMPO -c $TMPC
@@ -2488,7 +2500,6 @@ tcg_tests_targets=
 for target in $target_list; do
   arch=${target%%-*}
 
-  probe_target_compiler ${arch}
   config_target_mak=tests/tcg/config-$target.mak
 
   echo "# Automatically generated by configure - do not modify" > $config_target_mak
@@ -2507,6 +2518,7 @@ for target in $target_list; do
       ;;
   esac
 
+  probe_target_compiler $target
   got_cross_cc=no
   unset build_static
 
-- 
2.36.1

[PULL 11/18] build: try both native and cross compilers

[Paolo Bonzini]

Configure is trying to fall back on cross compilers for targets that
can have bi-arch or bi-endian toolchains, but there are many corner
cases where just checking the name can go wrong.  For example, the RHEL
ppc64le compiler is bi-arch and bi-endian, but multilibs are disabled.
Therefore it cannot be used to build 32-bit hosted binaries like the
linux-user TCG tests.

Trying the cross compiler first also does not work, and an example for
this is also ppc64le.  The powerpc64-linux-gnu-gcc binary from the
cross-gcc package is theoretically multilib-friendly, but it cannot
find the CRT files on a ppc64le host, because they are not in the .../le
multilib subdirectory.

This can be fixed by testing both the native compiler and the cross
compiler, and proceeding with the first one that works.  To do this,
move the compiler usability check from the tests/tcg snippet to inside
probe_target_compiler and, while at it, restrict the softmmu emulation
target to basically a test for the presence of libgcc.

Tested-by: Matheus Kowalczuk Ferst <matheus.ferst@eldorado.org.br>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure | 159 ++++++++++++++++++++++++++++++++----------------------
 1 file changed, 95 insertions(+), 64 deletions(-)

diff --git a/configure b/configure
index 5256bc88e5..e8cc850727 100755
--- a/configure
+++ b/configure
@@ -1868,6 +1868,7 @@ fi
 : ${cross_cc_cflags_x86_64="-m64"}
 
 compute_target_variable() {
+  eval "$2="
   if eval test -n "\"\${cross_prefix_$1}\""; then
     if eval has "\"\${cross_prefix_$1}\$3\""; then
       eval "$2=\"\${cross_prefix_$1}\$3\""
@@ -1888,6 +1889,7 @@ compute_target_variable() {
 #
 probe_target_compiler() {
   # reset all output variables
+  got_cross_cc=no
   container_image=
   container_hosts=
   container_cross_cc=
@@ -1898,14 +1900,6 @@ probe_target_compiler() {
   container_cross_objcopy=
   container_cross_ranlib=
   container_cross_strip=
-  target_cc=
-  target_ar=
-  target_as=
-  target_ld=
-  target_nm=
-  target_objcopy=
-  target_ranlib=
-  target_strip=
 
   target_arch=${1%%-*}
   case $target_arch in
@@ -2053,22 +2047,8 @@ probe_target_compiler() {
     : ${container_cross_strip:=${container_cross_prefix}strip}
   done
 
-  eval "target_cflags=\${cross_cc_cflags_$target_arch}"
-  if eval test -n "\"\${cross_cc_$target_arch}\""; then
-    if eval has "\"\${cross_cc_$target_arch}\""; then
-      eval "target_cc=\"\${cross_cc_$target_arch}\""
-    fi
-  else
-    compute_target_variable $target_arch target_cc gcc
-  fi
-  target_ccas=$target_cc
-  compute_target_variable $target_arch target_ar ar
-  compute_target_variable $target_arch target_as as
-  compute_target_variable $target_arch target_ld ld
-  compute_target_variable $target_arch target_nm nm
-  compute_target_variable $target_arch target_objcopy objcopy
-  compute_target_variable $target_arch target_ranlib ranlib
-  compute_target_variable $target_arch target_strip strip
+  local t try
+  try=cross
   case "$target_arch:$cpu" in
     aarch64_be:aarch64 | \
     armeb:arm | \
@@ -2077,27 +2057,101 @@ probe_target_compiler() {
     ppc*:ppc64 | \
     sparc:sparc64 | \
     "$cpu:$cpu")
-      : ${target_cc:=$cc}
-      : ${target_ccas:=$ccas}
-      : ${target_as:=$as}
-      : ${target_ld:=$ld}
-      : ${target_ar:=$ar}
-      : ${target_as:=$as}
-      : ${target_ld:=$ld}
-      : ${target_nm:=$nm}
-      : ${target_objcopy:=$objcopy}
-      : ${target_ranlib:=$ranlib}
-      : ${target_strip:=$strip}
-      ;;
+      try='native cross' ;;
   esac
-  if test -n "$target_cc"; then
-    case $target_arch in
-      i386|x86_64)
-        if $target_cc --version | grep -qi "clang"; then
-          unset target_cc
+  eval "target_cflags=\${cross_cc_cflags_$target_arch}"
+  for t in $try; do
+    case $t in
+    native)
+      target_cc=$cc
+      target_ccas=$ccas
+      target_ar=$ar
+      target_as=$as
+      target_ld=$ld
+      target_nm=$nm
+      target_objcopy=$objcopy
+      target_ranlib=$ranlib
+      target_strip=$strip
+      ;;
+    cross)
+      target_cc=
+      if eval test -n "\"\${cross_cc_$target_arch}\""; then
+        if eval has "\"\${cross_cc_$target_arch}\""; then
+          eval "target_cc=\"\${cross_cc_$target_arch}\""
+        fi
+      else
+        compute_target_variable $target_arch target_cc gcc
+      fi
+      target_ccas=$target_cc
+      compute_target_variable $target_arch target_ar ar
+      compute_target_variable $target_arch target_as as
+      compute_target_variable $target_arch target_ld ld
+      compute_target_variable $target_arch target_nm nm
+      compute_target_variable $target_arch target_objcopy objcopy
+      compute_target_variable $target_arch target_ranlib ranlib
+      compute_target_variable $target_arch target_strip strip
+      ;;
+    esac
+
+    if test -n "$target_cc"; then
+      case $target_arch in
+        i386|x86_64)
+          if $target_cc --version | grep -qi "clang"; then
+            continue
+          fi
+          ;;
+      esac
+    elif test -n "$target_as" && test -n "$target_ld"; then
+      # Special handling for assembler only targets
+      case $target in
+        tricore-softmmu)
+          build_static=
+          got_cross_cc=yes
+          break
+          ;;
+        *)
+          continue
+          ;;
+      esac
+    else
+      continue
+    fi
+
+    write_c_skeleton
+    case $1 in
+      *-softmmu)
+        if do_compiler "$target_cc" $target_cflags -o $TMPO -c $TMPC &&
+          do_compiler "$target_cc" $target_cflags -r -nostdlib -o "${TMPDIR1}/${TMPB}2.o" "$TMPO" -lgcc; then
+          got_cross_cc=yes
+          break
+        fi
+        ;;
+      *)
+        if do_compiler "$target_cc" $target_cflags -o $TMPE $TMPC -static ; then
+          build_static=y
+          got_cross_cc=yes
+          break
+        fi
+        if do_compiler "$target_cc" $target_cflags -o $TMPE $TMPC ; then
+          build_static=
+          got_cross_cc=yes
+          break
         fi
         ;;
     esac
+  done
+  if test $got_cross_cc != yes; then
+    build_static=
+    target_cc=
+    target_ccas=
+    target_cflags=
+    target_ar=
+    target_as=
+    target_ld=
+    target_nm=
+    target_objcopy=
+    target_ranlib=
+    target_strip=
   fi
 }
 
@@ -2519,29 +2573,6 @@ for target in $target_list; do
   esac
 
   probe_target_compiler $target
-  got_cross_cc=no
-  unset build_static
-
-  if test -n "$target_cc"; then
-      write_c_skeleton
-      if ! do_compiler "$target_cc" $target_cflags \
-           -o $TMPE $TMPC -static ; then
-          # For host systems we might get away with building without -static
-          if do_compiler "$target_cc" $target_cflags \
-                         -o $TMPE $TMPC ; then
-              got_cross_cc=yes
-          fi
-      else
-          got_cross_cc=yes
-          build_static=y
-      fi
-  elif test -n "$target_as" && test -n "$target_ld"; then
-      # Special handling for assembler only tests
-      case $target in
-          tricore-softmmu) got_cross_cc=yes ;;
-      esac
-  fi
-
   if test $got_cross_cc = yes; then
       # Test for compiler features for optional tests. We only do this
       # for cross compilers because ensuring the docker containers based
-- 
2.36.1

[PULL 12/18] build: improve -fsanitize-coverage-allowlist check

[Paolo Bonzini]

From: Alexander Bulekov <alxndr@bu.edu>

The sancov filter check still fails when unused arguments are treated as
errors. To work around that, add a SanitizerCoverage flag to the
build-check.

Fixes: aa4f3a3b88 ("build: fix check for -fsanitize-coverage-allowlist")
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20220621204507.698711-1-alxndr@bu.edu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 meson.build | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index bc5569ace1..013c694a49 100644
--- a/meson.build
+++ b/meson.build
@@ -212,7 +212,8 @@ if get_option('fuzzing')
 
   if cc.compiles('int main () { return 0; }',
                   name: '-fsanitize-coverage-allowlist=/dev/null',
-                 args: ['-fsanitize-coverage-allowlist=/dev/null'] )
+                 args: ['-fsanitize-coverage-allowlist=/dev/null',
+                        '-fsanitize-coverage=trace-pc'] )
     add_global_arguments('-fsanitize-coverage-allowlist=instrumentation-filter',
                          native: false, language: ['c', 'cpp', 'objc'])
   endif
-- 
2.36.1

[PULL 13/18] fuzz: only use generic-fuzz targets on oss-fuzz

[Paolo Bonzini]

From: Alexander Bulekov <alxndr@bu.edu>

The non-generic-fuzz targets often time-out, or run out of memory.
Additionally, they create unreproducible bug-reports. It is possible
that this is resulting in failing coverage-reports on OSS-Fuzz. In the
future, these test-cases should be fixed, or removed.

Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20220623125505.2137534-1-alxndr@bu.edu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 scripts/oss-fuzz/build.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/oss-fuzz/build.sh b/scripts/oss-fuzz/build.sh
index 98b56e0521..aaf485cb55 100755
--- a/scripts/oss-fuzz/build.sh
+++ b/scripts/oss-fuzz/build.sh
@@ -1,4 +1,4 @@
-#!/bin/sh -e
+#!/bin/bash -e
 #
 # OSS-Fuzz build script. See:
 # https://google.github.io/oss-fuzz/getting-started/new-project-guide/#buildsh
@@ -105,7 +105,7 @@ do
     # to be configured. We have some generic-fuzz-{pc-q35, floppy, ...} targets
     # that are thin wrappers around this target that set the required
     # environment variables according to predefined configs.
-    if [ "$target" != "generic-fuzz" ]; then
+    if [[ $target == "generic-fuzz-"* ]]; then
         ln  $base_copy \
             "$DEST_DIR/qemu-fuzz-i386-target-$target"
     fi
-- 
2.36.1

[PULL 14/18] audio/dbus: fix building

[Paolo Bonzini]

From: Marc-André Lureau <marcandre.lureau@redhat.com>

Commit c9c847481 broken dbus audio module compilation with bad
'CONFIG_GIO' usage. Furthermore, it implied extra dependency on audio
module which aren't necessary.

The problem was that 'dbus_display' is not correctly automatically set
on MacOS, because opengl dependency wasn't taken into account.

Fixes: c9c847481 ("audio/dbus: Fix building with modules on macOS")
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220622154918.560870-1-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 audio/meson.build | 2 +-
 meson.build       | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/audio/meson.build b/audio/meson.build
index 94dab16891..3abee90860 100644
--- a/audio/meson.build
+++ b/audio/meson.build
@@ -28,7 +28,7 @@ endforeach
 
 if dbus_display
     module_ss = ss.source_set()
-    module_ss.add(when: [gio, pixman, opengl, 'CONFIG_GIO'], if_true: files('dbusaudio.c'))
+    module_ss.add(when: gio, if_true: files('dbusaudio.c'))
     audio_modules += {'dbus': module_ss}
 endif
 
diff --git a/meson.build b/meson.build
index 013c694a49..ad92d288a6 100644
--- a/meson.build
+++ b/meson.build
@@ -1672,6 +1672,8 @@ dbus_display = get_option('dbus_display') \
            error_message: '-display dbus requires --enable-modules') \
   .require(gdbus_codegen.found(),
            error_message: '-display dbus requires gdbus-codegen') \
+  .require(opengl.found(),
+           error_message: '-display dbus requires epoxy/egl') \
   .allowed()
 
 have_virtfs = get_option('virtfs') \
-- 
2.36.1

[PULL 15/18] accel: kvm: Fix memory leak in find_stats_descriptors

[Paolo Bonzini]

From: Miaoqian Lin <linmq006@gmail.com>

This function doesn't release descriptors in one error path,
result in memory leak. Call g_free() to release it.

Fixes: cc01a3f4cadd ("kvm: Support for querying fd-based stats")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Message-Id: <20220624063159.57411-1-linmq006@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 accel/kvm/kvm-all.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index ba3210b1c1..ed8b6b896e 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -3891,6 +3891,7 @@ static StatsDescriptors *find_stats_descriptors(StatsTarget target, int stats_fd
         error_setg(errp, "KVM stats: failed to read stats header: "
                    "expected %zu actual %zu",
                    sizeof(*kvm_stats_header), ret);
+        g_free(descriptors);
         return NULL;
     }
     size_desc = sizeof(*kvm_stats_desc) + kvm_stats_header->name_size;
-- 
2.36.1

[PULL 16/18] build: Do not depend on pc-bios for config-host.mak

[Paolo Bonzini]

From: Akihiko Odaki <akihiko.odaki@gmail.com>

Commit 45f1eecdd63f9e4fa93fef01dd826e7706ac6d7b removed the dependency
from configure to pc-bios

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20220624150258.50449-1-akihiko.odaki@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index ec4445db9a..b4feda93c8 100644
--- a/Makefile
+++ b/Makefile
@@ -87,7 +87,7 @@ x := $(shell rm -rf meson-private meson-info meson-logs)
 endif
 
 # 1. ensure config-host.mak is up-to-date
-config-host.mak: $(SRC_PATH)/configure $(SRC_PATH)/scripts/meson-buildoptions.sh $(SRC_PATH)/pc-bios $(SRC_PATH)/VERSION
+config-host.mak: $(SRC_PATH)/configure $(SRC_PATH)/scripts/meson-buildoptions.sh $(SRC_PATH)/VERSION
 	@echo config-host.mak is out-of-date, running configure
 	@if test -f meson-private/coredata.dat; then \
 	  ./config.status --skip-meson; \
-- 
2.36.1

[PULL 17/18] qga: Relocate a path emitted in the help text

[Paolo Bonzini]

From: Akihiko Odaki <akihiko.odaki@gmail.com>

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20220624145455.50058-1-akihiko.odaki@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 qga/main.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/qga/main.c b/qga/main.c
index c373fec3ee..5f1efa2333 100644
--- a/qga/main.c
+++ b/qga/main.c
@@ -223,6 +223,10 @@ void reopen_fd_to_null(int fd)
 
 static void usage(const char *cmd)
 {
+#ifdef CONFIG_FSFREEZE
+    g_autofree char *fsfreeze_hook = get_relocated_path(QGA_FSFREEZE_HOOK_DEFAULT);
+#endif
+
     printf(
 "Usage: %s [-m <method> -p <path>] [<options>]\n"
 "QEMU Guest Agent " QEMU_FULL_VERSION "\n"
@@ -270,7 +274,7 @@ QEMU_HELP_BOTTOM "\n"
     , cmd, QGA_VIRTIO_PATH_DEFAULT, QGA_SERIAL_PATH_DEFAULT,
     dfl_pathnames.pidfile,
 #ifdef CONFIG_FSFREEZE
-    QGA_FSFREEZE_HOOK_DEFAULT,
+    fsfreeze_hook,
 #endif
     dfl_pathnames.state_dir);
 }
-- 
2.36.1

[PULL 18/18] meson: place default firmware path under .../share

[Paolo Bonzini]

Fixes: c09c1ce7e9 ("configure: switch directory options to automatic parsing", 2022-05-07)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 meson_options.txt             | 2 +-
 scripts/meson-buildoptions.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meson_options.txt b/meson_options.txt
index 97c38109b1..9a034f875b 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -6,7 +6,7 @@ option('qemu_suffix', type : 'string', value: 'qemu',
        description: 'Suffix for QEMU data/modules/config directories (can be empty)')
 option('docdir', type : 'string', value : 'share/doc',
        description: 'Base directory for documentation installation (can be empty)')
-option('qemu_firmwarepath', type : 'string', value : 'qemu-firmware',
+option('qemu_firmwarepath', type : 'string', value : 'share/qemu-firmware',
        description: 'search PATH for firmware files')
 option('pkgversion', type : 'string', value : '',
        description: 'use specified string as sub-version of the package')
diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh
index d0e14fd6de..4b7b8ffaa2 100644
--- a/scripts/meson-buildoptions.sh
+++ b/scripts/meson-buildoptions.sh
@@ -42,7 +42,7 @@ meson_options_help() {
   printf "%s\n" '  --enable-trace-backends=CHOICES'
   printf "%s\n" '                           Set available tracing backends [log] (choices:'
   printf "%s\n" '                           dtrace/ftrace/log/nop/simple/syslog/ust)'
-  printf "%s\n" '  --firmwarepath=VALUE     search PATH for firmware files [qemu-firmware]'
+  printf "%s\n" '  --firmwarepath=VALUE     search PATH for firmware files [share/qemu-firmware]'
   printf "%s\n" '  --iasl=VALUE             Path to ACPI disassembler'
   printf "%s\n" '  --includedir=VALUE       Header file directory [include]'
   printf "%s\n" '  --interp-prefix=VALUE    where to find shared libraries etc., use %M for'
-- 
2.36.1

Re: [PULL 00/18] Misc patches for 2022-07-12

[Peter Maydell]

On Tue, 12 Jul 2022 at 13:57, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> The following changes since commit 180c2f24d5e8eada41e012a3899d29bb695aae06:
>
>   Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging (2022-07-06 10:41:34 +0530)
>
> are available in the Git repository at:
>
>   https://gitlab.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to 9fb6d8a9b2fc0e150b56a0ff4341494dcd8360b8:
>
>   meson: place default firmware path under .../share (2022-07-12 14:46:58 +0200)
>
> ----------------------------------------------------------------
> * fuzzing fixes (Alexander)
> * fix cross compilation CFLAGS and compiler choice
> * do not specify -bios option for tests/vm
> * miscellaneous fixes
> * preparation for pre-install tree in the build directory (Akihiko)


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/7.1
for any user-visible changes.

-- PMM

Re: [PULL 09/18] tests/tcg: compile system emulation tests as freestanding

[Philippe Mathieu-Daudé via]

On 12/7/22 14:49, Paolo Bonzini wrote:
> System emulation tests do not run in a hosted environment, since they
> do not link with libc.  They should only use freestanding headers
> (float.h, limits.h, stdarg.h, stddef.h, stdbool.h, stdint.h,
> stdalign.h, stdnoreturn.h) and should be compiled with -ffreestanding
> in order to use the compiler implementation of those headers
> rather than the one in libc.
> 
> Some tests are using inttypes.h instead of stdint.h, so fix that.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>   tests/tcg/Makefile.target              | 1 +
>   tests/tcg/aarch64/system/pauth-3.c     | 2 +-
>   tests/tcg/aarch64/system/semiconsole.c | 2 +-
>   tests/tcg/aarch64/system/semiheap.c    | 2 +-
>   tests/tcg/multiarch/system/memory.c    | 2 +-
>   5 files changed, 5 insertions(+), 4 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Re: [PULL 15/18] accel: kvm: Fix memory leak in find_stats_descriptors

[Peter Maydell]

On Tue, 12 Jul 2022 at 13:57, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> From: Miaoqian Lin <linmq006@gmail.com>
>
> This function doesn't release descriptors in one error path,
> result in memory leak. Call g_free() to release it.
>
> Fixes: cc01a3f4cadd ("kvm: Support for querying fd-based stats")
> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
> Message-Id: <20220624063159.57411-1-linmq006@gmail.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  accel/kvm/kvm-all.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
> index ba3210b1c1..ed8b6b896e 100644
> --- a/accel/kvm/kvm-all.c
> +++ b/accel/kvm/kvm-all.c
> @@ -3891,6 +3891,7 @@ static StatsDescriptors *find_stats_descriptors(StatsTarget target, int stats_fd
>          error_setg(errp, "KVM stats: failed to read stats header: "
>                     "expected %zu actual %zu",
>                     sizeof(*kvm_stats_header), ret);
> +        g_free(descriptors);
>          return NULL;
>      }
>      size_desc = sizeof(*kvm_stats_desc) + kvm_stats_header->name_size;

Hi; this has fixed one memory leak in this error-exit path but
missed the other: it should also
   g_free(kvm_stats_header);

Spotted by Coverity, CID 1490142.

This g_free() is also missing from the other error-exit codepath
in the function (the "failed to read stats descriptors" one).

thanks
-- PMM