summaryrefslogtreecommitdiffstats
path: root/debian/patches/v7.2.12.diff
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/v7.2.12.diff')
-rw-r--r--debian/patches/v7.2.12.diff1516
1 files changed, 1516 insertions, 0 deletions
diff --git a/debian/patches/v7.2.12.diff b/debian/patches/v7.2.12.diff
new file mode 100644
index 00000000..3327a3e5
--- /dev/null
+++ b/debian/patches/v7.2.12.diff
@@ -0,0 +1,1516 @@
+Subject: v7.2.12
+Date: Sun Jun 9 00:23:52 2024 +0300
+From: Michael Tokarev <mjt@tls.msk.ru>
+Forwarded: not-needed
+
+This is a difference between upstream qemu v7.2.11
+and upstream qemu v7.2.12.
+
+
+.gitlab-ci.d/cirrus.yml | 2 +
+ .gitlab-ci.d/edk2.yml | 85 -------------------
+ .gitlab-ci.d/edk2/Dockerfile | 27 ------
+ .gitlab-ci.d/opensbi.yml | 4 +-
+ .gitlab-ci.d/opensbi/Dockerfile | 1 +
+ .gitlab-ci.d/qemu-project.yml | 1 -
+ .gitlab-ci.d/windows.yml | 4 +-
+ MAINTAINERS | 2 -
+ VERSION | 2 +-
+ backends/cryptodev-builtin.c | 9 +-
+ disas/riscv.c | 65 ++++++++++++++-
+ hw/arm/npcm7xx.c | 3 +-
+ hw/dma/xlnx_dpdma.c | 20 ++---
+ hw/intc/arm_gic.c | 4 +-
+ hw/intc/riscv_aplic.c | 6 +-
+ hw/remote/vfio-user-obj.c | 4 +-
+ linux-user/syscall.c | 9 +-
+ nbd/client.c | 28 ++++++-
+ nbd/common.c | 11 ---
+ nbd/nbd-internal.h | 10 ---
+ nbd/server.c | 130 ++++++++++++++++++-----------
+ target/arm/cpu64.c | 6 +-
+ target/arm/hvf/hvf.c | 160 ++++++++++++++++++------------------
+ target/i386/kvm/hyperv.c | 2 +-
+ target/i386/tcg/decode-new.c.inc | 4 +-
+ target/i386/tcg/fpu_helper.c | 5 ++
+ target/i386/tcg/translate.c | 31 +++----
+ target/loongarch/cpu.c | 2 +-
+ tests/avocado/boot_linux_console.py | 40 ++++-----
+ tests/avocado/replay_kernel.py | 8 +-
+ ui/gtk-egl.c | 2 +-
+ ui/gtk-gl-area.c | 2 +-
+ ui/gtk.c | 28 +++++--
+ ui/sdl2.c | 1 +
+ 34 files changed, 360 insertions(+), 358 deletions(-)
+
+diff --git a/.gitlab-ci.d/cirrus.yml b/.gitlab-ci.d/cirrus.yml
+index c86487da5b..f6e97c47f1 100644
+--- a/.gitlab-ci.d/cirrus.yml
++++ b/.gitlab-ci.d/cirrus.yml
+@@ -68,6 +68,7 @@ x64-freebsd-13-build:
+ CIRRUS_VM_RAM: 8G
+ UPDATE_COMMAND: pkg update
+ INSTALL_COMMAND: pkg install -y
++ CONFIGURE_ARGS: --target-list-exclude=arm-softmmu,i386-softmmu,microblaze-softmmu,mips64el-softmmu,mipsel-softmmu,mips-softmmu,ppc-softmmu,sh4eb-softmmu,xtensa-softmmu
+ TEST_TARGETS: check
+
+ aarch64-macos-12-base-build:
+@@ -83,6 +84,7 @@ aarch64-macos-12-base-build:
+ INSTALL_COMMAND: brew install
+ PATH_EXTRA: /opt/homebrew/ccache/libexec:/opt/homebrew/gettext/bin
+ PKG_CONFIG_PATH: /opt/homebrew/curl/lib/pkgconfig:/opt/homebrew/ncurses/lib/pkgconfig:/opt/homebrew/readline/lib/pkgconfig
++ CONFIGURE_ARGS: --target-list-exclude=arm-softmmu,i386-softmmu,microblazeel-softmmu,mips64-softmmu,mipsel-softmmu,mips-softmmu,ppc-softmmu,sh4-softmmu,xtensaeb-softmmu
+ TEST_TARGETS: check-unit check-block check-qapi-schema check-softfloat check-qtest-x86_64
+
+
+diff --git a/.gitlab-ci.d/edk2.yml b/.gitlab-ci.d/edk2.yml
+deleted file mode 100644
+index 314e101745..0000000000
+--- a/.gitlab-ci.d/edk2.yml
++++ /dev/null
+@@ -1,85 +0,0 @@
+-# All jobs needing docker-edk2 must use the same rules it uses.
+-.edk2_job_rules:
+- rules:
+- # Forks don't get pipelines unless QEMU_CI=1 or QEMU_CI=2 is set
+- - if: '$QEMU_CI != "1" && $QEMU_CI != "2" && $CI_PROJECT_NAMESPACE != "qemu-project"'
+- when: never
+-
+- # In forks, if QEMU_CI=1 is set, then create manual job
+- # if any of the files affecting the build are touched
+- - if: '$QEMU_CI == "1" && $CI_PROJECT_NAMESPACE != "qemu-project"'
+- changes:
+- - .gitlab-ci.d/edk2.yml
+- - .gitlab-ci.d/edk2/Dockerfile
+- - roms/edk2/*
+- when: manual
+-
+- # In forks, if QEMU_CI=1 is set, then create manual job
+- # if the branch/tag starts with 'edk2'
+- - if: '$QEMU_CI == "1" && $CI_PROJECT_NAMESPACE != "qemu-project" && $CI_COMMIT_REF_NAME =~ /^edk2/'
+- when: manual
+-
+- # In forks, if QEMU_CI=1 is set, then create manual job
+- # if last commit msg contains 'EDK2' (case insensitive)
+- - if: '$QEMU_CI == "1" && $CI_PROJECT_NAMESPACE != "qemu-project" && $CI_COMMIT_MESSAGE =~ /edk2/i'
+- when: manual
+-
+- # Run if any files affecting the build output are touched
+- - changes:
+- - .gitlab-ci.d/edk2.yml
+- - .gitlab-ci.d/edk2/Dockerfile
+- - roms/edk2/*
+- when: on_success
+-
+- # Run if the branch/tag starts with 'edk2'
+- - if: '$CI_COMMIT_REF_NAME =~ /^edk2/'
+- when: on_success
+-
+- # Run if last commit msg contains 'EDK2' (case insensitive)
+- - if: '$CI_COMMIT_MESSAGE =~ /edk2/i'
+- when: on_success
+-
+-docker-edk2:
+- extends: .edk2_job_rules
+- stage: containers
+- image: docker:19.03.1
+- services:
+- - docker:19.03.1-dind
+- variables:
+- GIT_DEPTH: 3
+- IMAGE_TAG: $CI_REGISTRY_IMAGE:edk2-cross-build
+- # We don't use TLS
+- DOCKER_HOST: tcp://docker:2375
+- DOCKER_TLS_CERTDIR: ""
+- before_script:
+- - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+- script:
+- - docker pull $IMAGE_TAG || true
+- - docker build --cache-from $IMAGE_TAG --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+- --tag $IMAGE_TAG .gitlab-ci.d/edk2
+- - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+- - docker push $IMAGE_TAG
+-
+-build-edk2:
+- extends: .edk2_job_rules
+- stage: build
+- needs: ['docker-edk2']
+- artifacts:
+- paths: # 'artifacts.zip' will contains the following files:
+- - pc-bios/edk2*bz2
+- - pc-bios/edk2-licenses.txt
+- - edk2-stdout.log
+- - edk2-stderr.log
+- image: $CI_REGISTRY_IMAGE:edk2-cross-build
+- variables:
+- GIT_DEPTH: 3
+- script: # Clone the required submodules and build EDK2
+- - git submodule update --init roms/edk2
+- - git -C roms/edk2 submodule update --init --
+- ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3
+- BaseTools/Source/C/BrotliCompress/brotli
+- CryptoPkg/Library/OpensslLib/openssl
+- MdeModulePkg/Library/BrotliCustomDecompressLib/brotli
+- - export JOBS=$(($(getconf _NPROCESSORS_ONLN) + 1))
+- - echo "=== Using ${JOBS} simultaneous jobs ==="
+- - make -j${JOBS} -C roms efi 2>&1 1>edk2-stdout.log | tee -a edk2-stderr.log >&2
+diff --git a/.gitlab-ci.d/edk2/Dockerfile b/.gitlab-ci.d/edk2/Dockerfile
+deleted file mode 100644
+index bbe50ff832..0000000000
+--- a/.gitlab-ci.d/edk2/Dockerfile
++++ /dev/null
+@@ -1,27 +0,0 @@
+-#
+-# Docker image to cross-compile EDK2 firmware binaries
+-#
+-FROM ubuntu:18.04
+-
+-MAINTAINER Philippe Mathieu-Daudé <f4bug@amsat.org>
+-
+-# Install packages required to build EDK2
+-RUN apt update \
+- && \
+- \
+- DEBIAN_FRONTEND=noninteractive \
+- apt install --assume-yes --no-install-recommends \
+- build-essential \
+- ca-certificates \
+- dos2unix \
+- gcc-aarch64-linux-gnu \
+- gcc-arm-linux-gnueabi \
+- git \
+- iasl \
+- make \
+- nasm \
+- python3 \
+- uuid-dev \
+- && \
+- \
+- rm -rf /var/lib/apt/lists/*
+diff --git a/.gitlab-ci.d/opensbi.yml b/.gitlab-ci.d/opensbi.yml
+index 04ed5a3ea1..9a651465d8 100644
+--- a/.gitlab-ci.d/opensbi.yml
++++ b/.gitlab-ci.d/opensbi.yml
+@@ -42,9 +42,9 @@
+ docker-opensbi:
+ extends: .opensbi_job_rules
+ stage: containers
+- image: docker:19.03.1
++ image: docker:stable
+ services:
+- - docker:19.03.1-dind
++ - docker:stable-dind
+ variables:
+ GIT_DEPTH: 3
+ IMAGE_TAG: $CI_REGISTRY_IMAGE:opensbi-cross-build
+diff --git a/.gitlab-ci.d/opensbi/Dockerfile b/.gitlab-ci.d/opensbi/Dockerfile
+index 4ba8a4de86..5ccf4151f4 100644
+--- a/.gitlab-ci.d/opensbi/Dockerfile
++++ b/.gitlab-ci.d/opensbi/Dockerfile
+@@ -15,6 +15,7 @@ RUN apt update \
+ ca-certificates \
+ git \
+ make \
++ python3 \
+ wget \
+ && \
+ \
+diff --git a/.gitlab-ci.d/qemu-project.yml b/.gitlab-ci.d/qemu-project.yml
+index 691d9bf5dc..a7ed447fe4 100644
+--- a/.gitlab-ci.d/qemu-project.yml
++++ b/.gitlab-ci.d/qemu-project.yml
+@@ -4,7 +4,6 @@
+ include:
+ - local: '/.gitlab-ci.d/base.yml'
+ - local: '/.gitlab-ci.d/stages.yml'
+- - local: '/.gitlab-ci.d/edk2.yml'
+ - local: '/.gitlab-ci.d/opensbi.yml'
+ - local: '/.gitlab-ci.d/containers.yml'
+ - local: '/.gitlab-ci.d/crossbuilds.yml'
+diff --git a/.gitlab-ci.d/windows.yml b/.gitlab-ci.d/windows.yml
+index 0180261b7f..dfa4eb84a7 100644
+--- a/.gitlab-ci.d/windows.yml
++++ b/.gitlab-ci.d/windows.yml
+@@ -1,9 +1,7 @@
+ .shared_msys2_builder:
+ extends: .base_job_template
+ tags:
+- - shared-windows
+- - windows
+- - windows-1809
++ - saas-windows-medium-amd64
+ cache:
+ key: "${CI_JOB_NAME}-cache"
+ paths:
+diff --git a/MAINTAINERS b/MAINTAINERS
+index 6966490c94..e688db1f55 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -3257,8 +3257,6 @@ F: roms/edk2
+ F: roms/edk2-*
+ F: tests/data/uefi-boot-images/
+ F: tests/uefi-test-tools/
+-F: .gitlab-ci.d/edk2.yml
+-F: .gitlab-ci.d/edk2/
+
+ VT-d Emulation
+ M: Michael S. Tsirkin <mst@redhat.com>
+diff --git a/VERSION b/VERSION
+index 971381d35b..4625f55e26 100644
+--- a/VERSION
++++ b/VERSION
+@@ -1 +1 @@
+-7.2.11
++7.2.12
+diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
+index 2e792be756..763e67dfd6 100644
+--- a/backends/cryptodev-builtin.c
++++ b/backends/cryptodev-builtin.c
+@@ -23,6 +23,7 @@
+
+ #include "qemu/osdep.h"
+ #include "sysemu/cryptodev.h"
++#include "qemu/error-report.h"
+ #include "qapi/error.h"
+ #include "standard-headers/linux/virtio_crypto.h"
+ #include "crypto/cipher.h"
+@@ -385,8 +386,8 @@ static int cryptodev_builtin_create_session(
+ case VIRTIO_CRYPTO_HASH_CREATE_SESSION:
+ case VIRTIO_CRYPTO_MAC_CREATE_SESSION:
+ default:
+- error_setg(&local_error, "Unsupported opcode :%" PRIu32 "",
+- sess_info->op_code);
++ error_report("Unsupported opcode :%" PRIu32 "",
++ sess_info->op_code);
+ return -VIRTIO_CRYPTO_NOTSUPP;
+ }
+
+@@ -546,8 +547,8 @@ static int cryptodev_builtin_operation(
+
+ if (op_info->session_id >= MAX_NUM_SESSIONS ||
+ builtin->sessions[op_info->session_id] == NULL) {
+- error_setg(&local_error, "Cannot find a valid session id: %" PRIu64 "",
+- op_info->session_id);
++ error_report("Cannot find a valid session id: %" PRIu64 "",
++ op_info->session_id);
+ return -VIRTIO_CRYPTO_INVSESS;
+ }
+
+diff --git a/disas/riscv.c b/disas/riscv.c
+index dee4e580a0..42399867a1 100644
+--- a/disas/riscv.c
++++ b/disas/riscv.c
+@@ -2159,7 +2159,22 @@ static const char *csr_name(int csrno)
+ case 0x0383: return "mibound";
+ case 0x0384: return "mdbase";
+ case 0x0385: return "mdbound";
+- case 0x03a0: return "pmpcfg3";
++ case 0x03a0: return "pmpcfg0";
++ case 0x03a1: return "pmpcfg1";
++ case 0x03a2: return "pmpcfg2";
++ case 0x03a3: return "pmpcfg3";
++ case 0x03a4: return "pmpcfg4";
++ case 0x03a5: return "pmpcfg5";
++ case 0x03a6: return "pmpcfg6";
++ case 0x03a7: return "pmpcfg7";
++ case 0x03a8: return "pmpcfg8";
++ case 0x03a9: return "pmpcfg9";
++ case 0x03aa: return "pmpcfg10";
++ case 0x03ab: return "pmpcfg11";
++ case 0x03ac: return "pmpcfg12";
++ case 0x03ad: return "pmpcfg13";
++ case 0x03ae: return "pmpcfg14";
++ case 0x03af: return "pmpcfg15";
+ case 0x03b0: return "pmpaddr0";
+ case 0x03b1: return "pmpaddr1";
+ case 0x03b2: return "pmpaddr2";
+@@ -2176,6 +2191,54 @@ static const char *csr_name(int csrno)
+ case 0x03bd: return "pmpaddr13";
+ case 0x03be: return "pmpaddr14";
+ case 0x03bf: return "pmpaddr15";
++ case 0x03c0: return "pmpaddr16";
++ case 0x03c1: return "pmpaddr17";
++ case 0x03c2: return "pmpaddr18";
++ case 0x03c3: return "pmpaddr19";
++ case 0x03c4: return "pmpaddr20";
++ case 0x03c5: return "pmpaddr21";
++ case 0x03c6: return "pmpaddr22";
++ case 0x03c7: return "pmpaddr23";
++ case 0x03c8: return "pmpaddr24";
++ case 0x03c9: return "pmpaddr25";
++ case 0x03ca: return "pmpaddr26";
++ case 0x03cb: return "pmpaddr27";
++ case 0x03cc: return "pmpaddr28";
++ case 0x03cd: return "pmpaddr29";
++ case 0x03ce: return "pmpaddr30";
++ case 0x03cf: return "pmpaddr31";
++ case 0x03d0: return "pmpaddr32";
++ case 0x03d1: return "pmpaddr33";
++ case 0x03d2: return "pmpaddr34";
++ case 0x03d3: return "pmpaddr35";
++ case 0x03d4: return "pmpaddr36";
++ case 0x03d5: return "pmpaddr37";
++ case 0x03d6: return "pmpaddr38";
++ case 0x03d7: return "pmpaddr39";
++ case 0x03d8: return "pmpaddr40";
++ case 0x03d9: return "pmpaddr41";
++ case 0x03da: return "pmpaddr42";
++ case 0x03db: return "pmpaddr43";
++ case 0x03dc: return "pmpaddr44";
++ case 0x03dd: return "pmpaddr45";
++ case 0x03de: return "pmpaddr46";
++ case 0x03df: return "pmpaddr47";
++ case 0x03e0: return "pmpaddr48";
++ case 0x03e1: return "pmpaddr49";
++ case 0x03e2: return "pmpaddr50";
++ case 0x03e3: return "pmpaddr51";
++ case 0x03e4: return "pmpaddr52";
++ case 0x03e5: return "pmpaddr53";
++ case 0x03e6: return "pmpaddr54";
++ case 0x03e7: return "pmpaddr55";
++ case 0x03e8: return "pmpaddr56";
++ case 0x03e9: return "pmpaddr57";
++ case 0x03ea: return "pmpaddr58";
++ case 0x03eb: return "pmpaddr59";
++ case 0x03ec: return "pmpaddr60";
++ case 0x03ed: return "pmpaddr61";
++ case 0x03ee: return "pmpaddr62";
++ case 0x03ef: return "pmpaddr63";
+ case 0x0780: return "mtohost";
+ case 0x0781: return "mfromhost";
+ case 0x0782: return "mreset";
+diff --git a/hw/arm/npcm7xx.c b/hw/arm/npcm7xx.c
+index d85cc02765..13d0b8bbb2 100644
+--- a/hw/arm/npcm7xx.c
++++ b/hw/arm/npcm7xx.c
+@@ -24,6 +24,7 @@
+ #include "hw/qdev-clock.h"
+ #include "hw/qdev-properties.h"
+ #include "qapi/error.h"
++#include "qemu/bswap.h"
+ #include "qemu/units.h"
+ #include "sysemu/sysemu.h"
+
+@@ -369,7 +370,7 @@ static void npcm7xx_init_fuses(NPCM7xxState *s)
+ * The initial mask of disabled modules indicates the chip derivative (e.g.
+ * NPCM750 or NPCM730).
+ */
+- value = tswap32(nc->disabled_modules);
++ value = cpu_to_le32(nc->disabled_modules);
+ npcm7xx_otp_array_write(&s->fuse_array, &value, NPCM7XX_FUSE_DERIVATIVE,
+ sizeof(value));
+ }
+diff --git a/hw/dma/xlnx_dpdma.c b/hw/dma/xlnx_dpdma.c
+index dd66be5265..06e187e99c 100644
+--- a/hw/dma/xlnx_dpdma.c
++++ b/hw/dma/xlnx_dpdma.c
+@@ -175,24 +175,24 @@ static uint64_t xlnx_dpdma_desc_get_source_address(DPDMADescriptor *desc,
+
+ switch (frag) {
+ case 0:
+- addr = desc->source_address
+- + (extract32(desc->address_extension, 16, 12) << 20);
++ addr = (uint64_t)desc->source_address
++ + (extract64(desc->address_extension, 16, 16) << 32);
+ break;
+ case 1:
+- addr = desc->source_address2
+- + (extract32(desc->address_extension_23, 0, 12) << 8);
++ addr = (uint64_t)desc->source_address2
++ + (extract64(desc->address_extension_23, 0, 16) << 32);
+ break;
+ case 2:
+- addr = desc->source_address3
+- + (extract32(desc->address_extension_23, 16, 12) << 20);
++ addr = (uint64_t)desc->source_address3
++ + (extract64(desc->address_extension_23, 16, 16) << 32);
+ break;
+ case 3:
+- addr = desc->source_address4
+- + (extract32(desc->address_extension_45, 0, 12) << 8);
++ addr = (uint64_t)desc->source_address4
++ + (extract64(desc->address_extension_45, 0, 16) << 32);
+ break;
+ case 4:
+- addr = desc->source_address5
+- + (extract32(desc->address_extension_45, 16, 12) << 20);
++ addr = (uint64_t)desc->source_address5
++ + (extract64(desc->address_extension_45, 16, 16) << 32);
+ break;
+ default:
+ addr = 0;
+diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
+index 7a34bc0998..47f01e45e3 100644
+--- a/hw/intc/arm_gic.c
++++ b/hw/intc/arm_gic.c
+@@ -1658,7 +1658,7 @@ static MemTxResult gic_cpu_read(GICState *s, int cpu, int offset,
+ *data = s->h_apr[gic_get_vcpu_real_id(cpu)];
+ } else if (gic_cpu_ns_access(s, cpu, attrs)) {
+ /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */
+- *data = gic_apr_ns_view(s, regno, cpu);
++ *data = gic_apr_ns_view(s, cpu, regno);
+ } else {
+ *data = s->apr[regno][cpu];
+ }
+@@ -1746,7 +1746,7 @@ static MemTxResult gic_cpu_write(GICState *s, int cpu, int offset,
+ s->h_apr[gic_get_vcpu_real_id(cpu)] = value;
+ } else if (gic_cpu_ns_access(s, cpu, attrs)) {
+ /* NS view of GICC_APR<n> is the top half of GIC_NSAPR<n> */
+- gic_apr_write_ns_view(s, regno, cpu, value);
++ gic_apr_write_ns_view(s, cpu, regno, value);
+ } else {
+ s->apr[regno][cpu] = value;
+ }
+diff --git a/hw/intc/riscv_aplic.c b/hw/intc/riscv_aplic.c
+index cfd007e629..961caff7b6 100644
+--- a/hw/intc/riscv_aplic.c
++++ b/hw/intc/riscv_aplic.c
+@@ -957,13 +957,13 @@ DeviceState *riscv_aplic_create(hwaddr addr, hwaddr size,
+ qdev_prop_set_bit(dev, "msimode", msimode);
+ qdev_prop_set_bit(dev, "mmode", mmode);
+
+- sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
+- sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr);
+-
+ if (parent) {
+ riscv_aplic_add_child(parent, dev);
+ }
+
++ sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
++ sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr);
++
+ if (!msimode) {
+ for (i = 0; i < num_harts; i++) {
+ CPUState *cpu = qemu_get_cpu(hartid_base + i);
+diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
+index 4e36bb8bcf..973cebe785 100644
+--- a/hw/remote/vfio-user-obj.c
++++ b/hw/remote/vfio-user-obj.c
+@@ -273,7 +273,7 @@ static ssize_t vfu_object_cfg_access(vfu_ctx_t *vfu_ctx, char * const buf,
+ while (bytes > 0) {
+ len = (bytes > pci_access_width) ? pci_access_width : bytes;
+ if (is_write) {
+- memcpy(&val, ptr, len);
++ val = ldn_le_p(ptr, len);
+ pci_host_config_write_common(o->pci_dev, offset,
+ pci_config_size(o->pci_dev),
+ val, len);
+@@ -281,7 +281,7 @@ static ssize_t vfu_object_cfg_access(vfu_ctx_t *vfu_ctx, char * const buf,
+ } else {
+ val = pci_host_config_read_common(o->pci_dev, offset,
+ pci_config_size(o->pci_dev), len);
+- memcpy(ptr, &val, len);
++ stn_le_p(ptr, len, val);
+ trace_vfu_cfg_read(offset, val);
+ }
+ offset += len;
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index 41017b0df2..74240f99ad 100644
+--- a/linux-user/syscall.c
++++ b/linux-user/syscall.c
+@@ -2297,18 +2297,13 @@ static abi_long do_setsockopt(int sockfd, int level, int optname,
+ switch (optname) {
+ case ALG_SET_KEY:
+ {
+- char *alg_key = g_malloc(optlen);
+-
++ char *alg_key = lock_user(VERIFY_READ, optval_addr, optlen, 1);
+ if (!alg_key) {
+- return -TARGET_ENOMEM;
+- }
+- if (copy_from_user(alg_key, optval_addr, optlen)) {
+- g_free(alg_key);
+ return -TARGET_EFAULT;
+ }
+ ret = get_errno(setsockopt(sockfd, level, optname,
+ alg_key, optlen));
+- g_free(alg_key);
++ unlock_user(alg_key, optval_addr, optlen);
+ break;
+ }
+ case ALG_SET_AEAD_AUTHSIZE:
+diff --git a/nbd/client.c b/nbd/client.c
+index 30d5383cb1..15503d0928 100644
+--- a/nbd/client.c
++++ b/nbd/client.c
+@@ -596,13 +596,31 @@ static int nbd_request_simple_option(QIOChannel *ioc, int opt, bool strict,
+ return 1;
+ }
+
++/* Callback to learn when QIO TLS upgrade is complete */
++struct NBDTLSClientHandshakeData {
++ bool complete;
++ Error *error;
++ GMainLoop *loop;
++};
++
++static void nbd_client_tls_handshake(QIOTask *task, void *opaque)
++{
++ struct NBDTLSClientHandshakeData *data = opaque;
++
++ qio_task_propagate_error(task, &data->error);
++ data->complete = true;
++ if (data->loop) {
++ g_main_loop_quit(data->loop);
++ }
++}
++
+ static QIOChannel *nbd_receive_starttls(QIOChannel *ioc,
+ QCryptoTLSCreds *tlscreds,
+ const char *hostname, Error **errp)
+ {
+ int ret;
+ QIOChannelTLS *tioc;
+- struct NBDTLSHandshakeData data = { 0 };
++ struct NBDTLSClientHandshakeData data = { 0 };
+
+ ret = nbd_request_simple_option(ioc, NBD_OPT_STARTTLS, true, errp);
+ if (ret <= 0) {
+@@ -619,18 +637,20 @@ static QIOChannel *nbd_receive_starttls(QIOChannel *ioc,
+ return NULL;
+ }
+ qio_channel_set_name(QIO_CHANNEL(tioc), "nbd-client-tls");
+- data.loop = g_main_loop_new(g_main_context_default(), FALSE);
+ trace_nbd_receive_starttls_tls_handshake();
+ qio_channel_tls_handshake(tioc,
+- nbd_tls_handshake,
++ nbd_client_tls_handshake,
+ &data,
+ NULL,
+ NULL);
+
+ if (!data.complete) {
++ data.loop = g_main_loop_new(g_main_context_default(), FALSE);
+ g_main_loop_run(data.loop);
++ assert(data.complete);
++ g_main_loop_unref(data.loop);
+ }
+- g_main_loop_unref(data.loop);
++
+ if (data.error) {
+ error_propagate(errp, data.error);
+ object_unref(OBJECT(tioc));
+diff --git a/nbd/common.c b/nbd/common.c
+index ddfe7d1183..c201b58a83 100644
+--- a/nbd/common.c
++++ b/nbd/common.c
+@@ -47,17 +47,6 @@ int nbd_drop(QIOChannel *ioc, size_t size, Error **errp)
+ }
+
+
+-void nbd_tls_handshake(QIOTask *task,
+- void *opaque)
+-{
+- struct NBDTLSHandshakeData *data = opaque;
+-
+- qio_task_propagate_error(task, &data->error);
+- data->complete = true;
+- g_main_loop_quit(data->loop);
+-}
+-
+-
+ const char *nbd_opt_lookup(uint32_t opt)
+ {
+ switch (opt) {
+diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
+index 1b2141ab4b..c18554cb87 100644
+--- a/nbd/nbd-internal.h
++++ b/nbd/nbd-internal.h
+@@ -71,16 +71,6 @@ static inline int nbd_write(QIOChannel *ioc, const void *buffer, size_t size,
+ return qio_channel_write_all(ioc, buffer, size, errp) < 0 ? -EIO : 0;
+ }
+
+-struct NBDTLSHandshakeData {
+- GMainLoop *loop;
+- bool complete;
+- Error *error;
+-};
+-
+-
+-void nbd_tls_handshake(QIOTask *task,
+- void *opaque);
+-
+ int nbd_drop(QIOChannel *ioc, size_t size, Error **errp);
+
+ #endif
+diff --git a/nbd/server.c b/nbd/server.c
+index ada16089f3..74edb2815b 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -189,8 +189,9 @@ static inline void set_be_option_rep(NBDOptionReply *rep, uint32_t option,
+
+ /* Send a reply header, including length, but no payload.
+ * Return -errno on error, 0 on success. */
+-static int nbd_negotiate_send_rep_len(NBDClient *client, uint32_t type,
+- uint32_t len, Error **errp)
++static coroutine_fn int
++nbd_negotiate_send_rep_len(NBDClient *client, uint32_t type,
++ uint32_t len, Error **errp)
+ {
+ NBDOptionReply rep;
+
+@@ -205,15 +206,15 @@ static int nbd_negotiate_send_rep_len(NBDClient *client, uint32_t type,
+
+ /* Send a reply header with default 0 length.
+ * Return -errno on error, 0 on success. */
+-static int nbd_negotiate_send_rep(NBDClient *client, uint32_t type,
+- Error **errp)
++static coroutine_fn int
++nbd_negotiate_send_rep(NBDClient *client, uint32_t type, Error **errp)
+ {
+ return nbd_negotiate_send_rep_len(client, type, 0, errp);
+ }
+
+ /* Send an error reply.
+ * Return -errno on error, 0 on success. */
+-static int G_GNUC_PRINTF(4, 0)
++static coroutine_fn int G_GNUC_PRINTF(4, 0)
+ nbd_negotiate_send_rep_verr(NBDClient *client, uint32_t type,
+ Error **errp, const char *fmt, va_list va)
+ {
+@@ -253,7 +254,7 @@ nbd_sanitize_name(const char *name)
+
+ /* Send an error reply.
+ * Return -errno on error, 0 on success. */
+-static int G_GNUC_PRINTF(4, 5)
++static coroutine_fn int G_GNUC_PRINTF(4, 5)
+ nbd_negotiate_send_rep_err(NBDClient *client, uint32_t type,
+ Error **errp, const char *fmt, ...)
+ {
+@@ -269,7 +270,7 @@ nbd_negotiate_send_rep_err(NBDClient *client, uint32_t type,
+ /* Drop remainder of the current option, and send a reply with the
+ * given error type and message. Return -errno on read or write
+ * failure; or 0 if connection is still live. */
+-static int G_GNUC_PRINTF(4, 0)
++static coroutine_fn int G_GNUC_PRINTF(4, 0)
+ nbd_opt_vdrop(NBDClient *client, uint32_t type, Error **errp,
+ const char *fmt, va_list va)
+ {
+@@ -282,7 +283,7 @@ nbd_opt_vdrop(NBDClient *client, uint32_t type, Error **errp,
+ return ret;
+ }
+
+-static int G_GNUC_PRINTF(4, 5)
++static coroutine_fn int G_GNUC_PRINTF(4, 5)
+ nbd_opt_drop(NBDClient *client, uint32_t type, Error **errp,
+ const char *fmt, ...)
+ {
+@@ -296,7 +297,7 @@ nbd_opt_drop(NBDClient *client, uint32_t type, Error **errp,
+ return ret;
+ }
+
+-static int G_GNUC_PRINTF(3, 4)
++static coroutine_fn int G_GNUC_PRINTF(3, 4)
+ nbd_opt_invalid(NBDClient *client, Error **errp, const char *fmt, ...)
+ {
+ int ret;
+@@ -313,8 +314,9 @@ nbd_opt_invalid(NBDClient *client, Error **errp, const char *fmt, ...)
+ * If @check_nul, require that no NUL bytes appear in buffer.
+ * Return -errno on I/O error, 0 if option was completely handled by
+ * sending a reply about inconsistent lengths, or 1 on success. */
+-static int nbd_opt_read(NBDClient *client, void *buffer, size_t size,
+- bool check_nul, Error **errp)
++static coroutine_fn int
++nbd_opt_read(NBDClient *client, void *buffer, size_t size,
++ bool check_nul, Error **errp)
+ {
+ if (size > client->optlen) {
+ return nbd_opt_invalid(client, errp,
+@@ -337,7 +339,8 @@ static int nbd_opt_read(NBDClient *client, void *buffer, size_t size,
+ /* Drop size bytes from the unparsed payload of the current option.
+ * Return -errno on I/O error, 0 if option was completely handled by
+ * sending a reply about inconsistent lengths, or 1 on success. */
+-static int nbd_opt_skip(NBDClient *client, size_t size, Error **errp)
++static coroutine_fn int
++nbd_opt_skip(NBDClient *client, size_t size, Error **errp)
+ {
+ if (size > client->optlen) {
+ return nbd_opt_invalid(client, errp,
+@@ -360,8 +363,9 @@ static int nbd_opt_skip(NBDClient *client, size_t size, Error **errp)
+ * Return -errno on I/O error, 0 if option was completely handled by
+ * sending a reply about inconsistent lengths, or 1 on success.
+ */
+-static int nbd_opt_read_name(NBDClient *client, char **name, uint32_t *length,
+- Error **errp)
++static coroutine_fn int
++nbd_opt_read_name(NBDClient *client, char **name, uint32_t *length,
++ Error **errp)
+ {
+ int ret;
+ uint32_t len;
+@@ -396,8 +400,8 @@ static int nbd_opt_read_name(NBDClient *client, char **name, uint32_t *length,
+
+ /* Send a single NBD_REP_SERVER reply to NBD_OPT_LIST, including payload.
+ * Return -errno on error, 0 on success. */
+-static int nbd_negotiate_send_rep_list(NBDClient *client, NBDExport *exp,
+- Error **errp)
++static coroutine_fn int
++nbd_negotiate_send_rep_list(NBDClient *client, NBDExport *exp, Error **errp)
+ {
+ ERRP_GUARD();
+ size_t name_len, desc_len;
+@@ -438,7 +442,8 @@ static int nbd_negotiate_send_rep_list(NBDClient *client, NBDExport *exp,
+
+ /* Process the NBD_OPT_LIST command, with a potential series of replies.
+ * Return -errno on error, 0 on success. */
+-static int nbd_negotiate_handle_list(NBDClient *client, Error **errp)
++static coroutine_fn int
++nbd_negotiate_handle_list(NBDClient *client, Error **errp)
+ {
+ NBDExport *exp;
+ assert(client->opt == NBD_OPT_LIST);
+@@ -453,7 +458,8 @@ static int nbd_negotiate_handle_list(NBDClient *client, Error **errp)
+ return nbd_negotiate_send_rep(client, NBD_REP_ACK, errp);
+ }
+
+-static void nbd_check_meta_export(NBDClient *client)
++static coroutine_fn void
++nbd_check_meta_export(NBDClient *client)
+ {
+ if (client->exp != client->export_meta.exp) {
+ client->export_meta.count = 0;
+@@ -462,8 +468,9 @@ static void nbd_check_meta_export(NBDClient *client)
+
+ /* Send a reply to NBD_OPT_EXPORT_NAME.
+ * Return -errno on error, 0 on success. */
+-static int nbd_negotiate_handle_export_name(NBDClient *client, bool no_zeroes,
+- Error **errp)
++static coroutine_fn int
++nbd_negotiate_handle_export_name(NBDClient *client, bool no_zeroes,
++ Error **errp)
+ {
+ ERRP_GUARD();
+ g_autofree char *name = NULL;
+@@ -523,9 +530,9 @@ static int nbd_negotiate_handle_export_name(NBDClient *client, bool no_zeroes,
+ /* Send a single NBD_REP_INFO, with a buffer @buf of @length bytes.
+ * The buffer does NOT include the info type prefix.
+ * Return -errno on error, 0 if ready to send more. */
+-static int nbd_negotiate_send_info(NBDClient *client,
+- uint16_t info, uint32_t length, void *buf,
+- Error **errp)
++static coroutine_fn int
++nbd_negotiate_send_info(NBDClient *client, uint16_t info, uint32_t length,
++ void *buf, Error **errp)
+ {
+ int rc;
+
+@@ -552,7 +559,8 @@ static int nbd_negotiate_send_info(NBDClient *client,
+ * -errno transmission error occurred or @fatal was requested, errp is set
+ * 0 error message successfully sent to client, errp is not set
+ */
+-static int nbd_reject_length(NBDClient *client, bool fatal, Error **errp)
++static coroutine_fn int
++nbd_reject_length(NBDClient *client, bool fatal, Error **errp)
+ {
+ int ret;
+
+@@ -570,7 +578,8 @@ static int nbd_reject_length(NBDClient *client, bool fatal, Error **errp)
+ /* Handle NBD_OPT_INFO and NBD_OPT_GO.
+ * Return -errno on error, 0 if ready for next option, and 1 to move
+ * into transmission phase. */
+-static int nbd_negotiate_handle_info(NBDClient *client, Error **errp)
++static coroutine_fn int
++nbd_negotiate_handle_info(NBDClient *client, Error **errp)
+ {
+ int rc;
+ g_autofree char *name = NULL;
+@@ -729,15 +738,33 @@ static int nbd_negotiate_handle_info(NBDClient *client, Error **errp)
+ return rc;
+ }
+
++/* Callback to learn when QIO TLS upgrade is complete */
++struct NBDTLSServerHandshakeData {
++ bool complete;
++ Error *error;
++ Coroutine *co;
++};
++
++static void
++nbd_server_tls_handshake(QIOTask *task, void *opaque)
++{
++ struct NBDTLSServerHandshakeData *data = opaque;
++
++ qio_task_propagate_error(task, &data->error);
++ data->complete = true;
++ if (!qemu_coroutine_entered(data->co)) {
++ aio_co_wake(data->co);
++ }
++}
+
+ /* Handle NBD_OPT_STARTTLS. Return NULL to drop connection, or else the
+ * new channel for all further (now-encrypted) communication. */
+-static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
+- Error **errp)
++static coroutine_fn QIOChannel *
++nbd_negotiate_handle_starttls(NBDClient *client, Error **errp)
+ {
+ QIOChannel *ioc;
+ QIOChannelTLS *tioc;
+- struct NBDTLSHandshakeData data = { 0 };
++ struct NBDTLSServerHandshakeData data = { 0 };
+
+ assert(client->opt == NBD_OPT_STARTTLS);
+
+@@ -758,17 +785,18 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
+
+ qio_channel_set_name(QIO_CHANNEL(tioc), "nbd-server-tls");
+ trace_nbd_negotiate_handle_starttls_handshake();
+- data.loop = g_main_loop_new(g_main_context_default(), FALSE);
++ data.co = qemu_coroutine_self();
+ qio_channel_tls_handshake(tioc,
+- nbd_tls_handshake,
++ nbd_server_tls_handshake,
+ &data,
+ NULL,
+ NULL);
+
+ if (!data.complete) {
+- g_main_loop_run(data.loop);
++ qemu_coroutine_yield();
++ assert(data.complete);
+ }
+- g_main_loop_unref(data.loop);
++
+ if (data.error) {
+ object_unref(OBJECT(tioc));
+ error_propagate(errp, data.error);
+@@ -784,10 +812,9 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
+ *
+ * For NBD_OPT_LIST_META_CONTEXT @context_id is ignored, 0 is used instead.
+ */
+-static int nbd_negotiate_send_meta_context(NBDClient *client,
+- const char *context,
+- uint32_t context_id,
+- Error **errp)
++static coroutine_fn int
++nbd_negotiate_send_meta_context(NBDClient *client, const char *context,
++ uint32_t context_id, Error **errp)
+ {
+ NBDOptionReplyMetaContext opt;
+ struct iovec iov[] = {
+@@ -812,8 +839,9 @@ static int nbd_negotiate_send_meta_context(NBDClient *client,
+ * Return true if @query matches @pattern, or if @query is empty when
+ * the @client is performing _LIST_.
+ */
+-static bool nbd_meta_empty_or_pattern(NBDClient *client, const char *pattern,
+- const char *query)
++static coroutine_fn bool
++nbd_meta_empty_or_pattern(NBDClient *client, const char *pattern,
++ const char *query)
+ {
+ if (!*query) {
+ trace_nbd_negotiate_meta_query_parse("empty");
+@@ -830,7 +858,8 @@ static bool nbd_meta_empty_or_pattern(NBDClient *client, const char *pattern,
+ /*
+ * Return true and adjust @str in place if it begins with @prefix.
+ */
+-static bool nbd_strshift(const char **str, const char *prefix)
++static coroutine_fn bool
++nbd_strshift(const char **str, const char *prefix)
+ {
+ size_t len = strlen(prefix);
+
+@@ -846,8 +875,9 @@ static bool nbd_strshift(const char **str, const char *prefix)
+ * Handle queries to 'base' namespace. For now, only the base:allocation
+ * context is available. Return true if @query has been handled.
+ */
+-static bool nbd_meta_base_query(NBDClient *client, NBDExportMetaContexts *meta,
+- const char *query)
++static coroutine_fn bool
++nbd_meta_base_query(NBDClient *client, NBDExportMetaContexts *meta,
++ const char *query)
+ {
+ if (!nbd_strshift(&query, "base:")) {
+ return false;
+@@ -866,8 +896,9 @@ static bool nbd_meta_base_query(NBDClient *client, NBDExportMetaContexts *meta,
+ * and qemu:allocation-depth contexts are available. Return true if @query
+ * has been handled.
+ */
+-static bool nbd_meta_qemu_query(NBDClient *client, NBDExportMetaContexts *meta,
+- const char *query)
++static coroutine_fn bool
++nbd_meta_qemu_query(NBDClient *client, NBDExportMetaContexts *meta,
++ const char *query)
+ {
+ size_t i;
+
+@@ -931,8 +962,9 @@ static bool nbd_meta_qemu_query(NBDClient *client, NBDExportMetaContexts *meta,
+ *
+ * Return -errno on I/O error, 0 if option was completely handled by
+ * sending a reply about inconsistent lengths, or 1 on success. */
+-static int nbd_negotiate_meta_query(NBDClient *client,
+- NBDExportMetaContexts *meta, Error **errp)
++static coroutine_fn int
++nbd_negotiate_meta_query(NBDClient *client,
++ NBDExportMetaContexts *meta, Error **errp)
+ {
+ int ret;
+ g_autofree char *query = NULL;
+@@ -971,8 +1003,9 @@ static int nbd_negotiate_meta_query(NBDClient *client,
+ * Handle NBD_OPT_LIST_META_CONTEXT and NBD_OPT_SET_META_CONTEXT
+ *
+ * Return -errno on I/O error, or 0 if option was completely handled. */
+-static int nbd_negotiate_meta_queries(NBDClient *client,
+- NBDExportMetaContexts *meta, Error **errp)
++static coroutine_fn int
++nbd_negotiate_meta_queries(NBDClient *client,
++ NBDExportMetaContexts *meta, Error **errp)
+ {
+ int ret;
+ g_autofree char *export_name = NULL;
+@@ -1096,7 +1129,8 @@ static int nbd_negotiate_meta_queries(NBDClient *client,
+ * 1 if client sent NBD_OPT_ABORT, i.e. on valid disconnect,
+ * errp is not set
+ */
+-static int nbd_negotiate_options(NBDClient *client, Error **errp)
++static coroutine_fn int
++nbd_negotiate_options(NBDClient *client, Error **errp)
+ {
+ uint32_t flags;
+ bool fixedNewstyle = false;
+diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
+index 3d74f134f5..037e9d9feb 100644
+--- a/target/arm/cpu64.c
++++ b/target/arm/cpu64.c
+@@ -190,7 +190,11 @@ void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp)
+ * No explicit bits enabled, and no implicit bits from sve-max-vq.
+ */
+ if (!cpu_isar_feature(aa64_sve, cpu)) {
+- /* SVE is disabled and so are all vector lengths. Good. */
++ /*
++ * SVE is disabled and so are all vector lengths. Good.
++ * Disable all SVE extensions as well.
++ */
++ cpu->isar.id_aa64zfr0 = 0;
+ return;
+ }
+
+diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
+index 060aa0ccf4..047cb8fc50 100644
+--- a/target/arm/hvf/hvf.c
++++ b/target/arm/hvf/hvf.c
+@@ -187,85 +187,85 @@ struct hvf_sreg_match {
+ };
+
+ static struct hvf_sreg_match hvf_sreg_match[] = {
+- { HV_SYS_REG_DBGBVR0_EL1, HVF_SYSREG(0, 0, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR0_EL1, HVF_SYSREG(0, 0, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR0_EL1, HVF_SYSREG(0, 0, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR0_EL1, HVF_SYSREG(0, 0, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR1_EL1, HVF_SYSREG(0, 1, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR1_EL1, HVF_SYSREG(0, 1, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR1_EL1, HVF_SYSREG(0, 1, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR1_EL1, HVF_SYSREG(0, 1, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR2_EL1, HVF_SYSREG(0, 2, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR2_EL1, HVF_SYSREG(0, 2, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR2_EL1, HVF_SYSREG(0, 2, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR2_EL1, HVF_SYSREG(0, 2, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR3_EL1, HVF_SYSREG(0, 3, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR3_EL1, HVF_SYSREG(0, 3, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR3_EL1, HVF_SYSREG(0, 3, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR3_EL1, HVF_SYSREG(0, 3, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR4_EL1, HVF_SYSREG(0, 4, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR4_EL1, HVF_SYSREG(0, 4, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR4_EL1, HVF_SYSREG(0, 4, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR4_EL1, HVF_SYSREG(0, 4, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR5_EL1, HVF_SYSREG(0, 5, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR5_EL1, HVF_SYSREG(0, 5, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR5_EL1, HVF_SYSREG(0, 5, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR5_EL1, HVF_SYSREG(0, 5, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR6_EL1, HVF_SYSREG(0, 6, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR6_EL1, HVF_SYSREG(0, 6, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR6_EL1, HVF_SYSREG(0, 6, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR6_EL1, HVF_SYSREG(0, 6, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR7_EL1, HVF_SYSREG(0, 7, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR7_EL1, HVF_SYSREG(0, 7, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR7_EL1, HVF_SYSREG(0, 7, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR7_EL1, HVF_SYSREG(0, 7, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR8_EL1, HVF_SYSREG(0, 8, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR8_EL1, HVF_SYSREG(0, 8, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR8_EL1, HVF_SYSREG(0, 8, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR8_EL1, HVF_SYSREG(0, 8, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR9_EL1, HVF_SYSREG(0, 9, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR9_EL1, HVF_SYSREG(0, 9, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR9_EL1, HVF_SYSREG(0, 9, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR9_EL1, HVF_SYSREG(0, 9, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR10_EL1, HVF_SYSREG(0, 10, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR10_EL1, HVF_SYSREG(0, 10, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR10_EL1, HVF_SYSREG(0, 10, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR10_EL1, HVF_SYSREG(0, 10, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR11_EL1, HVF_SYSREG(0, 11, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR11_EL1, HVF_SYSREG(0, 11, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR11_EL1, HVF_SYSREG(0, 11, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR11_EL1, HVF_SYSREG(0, 11, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR12_EL1, HVF_SYSREG(0, 12, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR12_EL1, HVF_SYSREG(0, 12, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR12_EL1, HVF_SYSREG(0, 12, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR12_EL1, HVF_SYSREG(0, 12, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR13_EL1, HVF_SYSREG(0, 13, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR13_EL1, HVF_SYSREG(0, 13, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR13_EL1, HVF_SYSREG(0, 13, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR13_EL1, HVF_SYSREG(0, 13, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR14_EL1, HVF_SYSREG(0, 14, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR14_EL1, HVF_SYSREG(0, 14, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR14_EL1, HVF_SYSREG(0, 14, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR14_EL1, HVF_SYSREG(0, 14, 14, 0, 7) },
+-
+- { HV_SYS_REG_DBGBVR15_EL1, HVF_SYSREG(0, 15, 14, 0, 4) },
+- { HV_SYS_REG_DBGBCR15_EL1, HVF_SYSREG(0, 15, 14, 0, 5) },
+- { HV_SYS_REG_DBGWVR15_EL1, HVF_SYSREG(0, 15, 14, 0, 6) },
+- { HV_SYS_REG_DBGWCR15_EL1, HVF_SYSREG(0, 15, 14, 0, 7) },
++ { HV_SYS_REG_DBGBVR0_EL1, HVF_SYSREG(0, 0, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR0_EL1, HVF_SYSREG(0, 0, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR0_EL1, HVF_SYSREG(0, 0, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR0_EL1, HVF_SYSREG(0, 0, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR1_EL1, HVF_SYSREG(0, 1, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR1_EL1, HVF_SYSREG(0, 1, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR1_EL1, HVF_SYSREG(0, 1, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR1_EL1, HVF_SYSREG(0, 1, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR2_EL1, HVF_SYSREG(0, 2, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR2_EL1, HVF_SYSREG(0, 2, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR2_EL1, HVF_SYSREG(0, 2, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR2_EL1, HVF_SYSREG(0, 2, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR3_EL1, HVF_SYSREG(0, 3, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR3_EL1, HVF_SYSREG(0, 3, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR3_EL1, HVF_SYSREG(0, 3, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR3_EL1, HVF_SYSREG(0, 3, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR4_EL1, HVF_SYSREG(0, 4, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR4_EL1, HVF_SYSREG(0, 4, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR4_EL1, HVF_SYSREG(0, 4, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR4_EL1, HVF_SYSREG(0, 4, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR5_EL1, HVF_SYSREG(0, 5, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR5_EL1, HVF_SYSREG(0, 5, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR5_EL1, HVF_SYSREG(0, 5, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR5_EL1, HVF_SYSREG(0, 5, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR6_EL1, HVF_SYSREG(0, 6, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR6_EL1, HVF_SYSREG(0, 6, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR6_EL1, HVF_SYSREG(0, 6, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR6_EL1, HVF_SYSREG(0, 6, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR7_EL1, HVF_SYSREG(0, 7, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR7_EL1, HVF_SYSREG(0, 7, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR7_EL1, HVF_SYSREG(0, 7, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR7_EL1, HVF_SYSREG(0, 7, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR8_EL1, HVF_SYSREG(0, 8, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR8_EL1, HVF_SYSREG(0, 8, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR8_EL1, HVF_SYSREG(0, 8, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR8_EL1, HVF_SYSREG(0, 8, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR9_EL1, HVF_SYSREG(0, 9, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR9_EL1, HVF_SYSREG(0, 9, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR9_EL1, HVF_SYSREG(0, 9, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR9_EL1, HVF_SYSREG(0, 9, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR10_EL1, HVF_SYSREG(0, 10, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR10_EL1, HVF_SYSREG(0, 10, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR10_EL1, HVF_SYSREG(0, 10, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR10_EL1, HVF_SYSREG(0, 10, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR11_EL1, HVF_SYSREG(0, 11, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR11_EL1, HVF_SYSREG(0, 11, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR11_EL1, HVF_SYSREG(0, 11, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR11_EL1, HVF_SYSREG(0, 11, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR12_EL1, HVF_SYSREG(0, 12, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR12_EL1, HVF_SYSREG(0, 12, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR12_EL1, HVF_SYSREG(0, 12, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR12_EL1, HVF_SYSREG(0, 12, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR13_EL1, HVF_SYSREG(0, 13, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR13_EL1, HVF_SYSREG(0, 13, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR13_EL1, HVF_SYSREG(0, 13, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR13_EL1, HVF_SYSREG(0, 13, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR14_EL1, HVF_SYSREG(0, 14, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR14_EL1, HVF_SYSREG(0, 14, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR14_EL1, HVF_SYSREG(0, 14, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR14_EL1, HVF_SYSREG(0, 14, 2, 0, 7) },
++
++ { HV_SYS_REG_DBGBVR15_EL1, HVF_SYSREG(0, 15, 2, 0, 4) },
++ { HV_SYS_REG_DBGBCR15_EL1, HVF_SYSREG(0, 15, 2, 0, 5) },
++ { HV_SYS_REG_DBGWVR15_EL1, HVF_SYSREG(0, 15, 2, 0, 6) },
++ { HV_SYS_REG_DBGWCR15_EL1, HVF_SYSREG(0, 15, 2, 0, 7) },
+
+ #ifdef SYNC_NO_RAW_REGS
+ /*
+@@ -277,7 +277,7 @@ static struct hvf_sreg_match hvf_sreg_match[] = {
+ { HV_SYS_REG_MPIDR_EL1, HVF_SYSREG(0, 0, 3, 0, 5) },
+ { HV_SYS_REG_ID_AA64PFR0_EL1, HVF_SYSREG(0, 4, 3, 0, 0) },
+ #endif
+- { HV_SYS_REG_ID_AA64PFR1_EL1, HVF_SYSREG(0, 4, 3, 0, 2) },
++ { HV_SYS_REG_ID_AA64PFR1_EL1, HVF_SYSREG(0, 4, 3, 0, 1) },
+ { HV_SYS_REG_ID_AA64DFR0_EL1, HVF_SYSREG(0, 5, 3, 0, 0) },
+ { HV_SYS_REG_ID_AA64DFR1_EL1, HVF_SYSREG(0, 5, 3, 0, 1) },
+ { HV_SYS_REG_ID_AA64ISAR0_EL1, HVF_SYSREG(0, 6, 3, 0, 0) },
+diff --git a/target/i386/kvm/hyperv.c b/target/i386/kvm/hyperv.c
+index e3ac978648..0a2e2a07e9 100644
+--- a/target/i386/kvm/hyperv.c
++++ b/target/i386/kvm/hyperv.c
+@@ -81,7 +81,7 @@ int kvm_hv_handle_exit(X86CPU *cpu, struct kvm_hyperv_exit *exit)
+ */
+ async_safe_run_on_cpu(CPU(cpu), async_synic_update, RUN_ON_CPU_NULL);
+
+- return 0;
++ return EXCP_INTERRUPT;
+ case KVM_EXIT_HYPERV_HCALL: {
+ uint16_t code = exit->u.hcall.input & 0xffff;
+ bool fast = exit->u.hcall.input & HV_HYPERCALL_FAST;
+diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
+index 528e2fdfbb..1dfc368456 100644
+--- a/target/i386/tcg/decode-new.c.inc
++++ b/target/i386/tcg/decode-new.c.inc
+@@ -1418,9 +1418,9 @@ static bool has_cpuid_feature(DisasContext *s, X86CPUIDFeature cpuid)
+ case X86_FEAT_PCLMULQDQ:
+ return (s->cpuid_ext_features & CPUID_EXT_PCLMULQDQ);
+ case X86_FEAT_SSE:
+- return (s->cpuid_ext_features & CPUID_SSE);
++ return (s->cpuid_features & CPUID_SSE);
+ case X86_FEAT_SSE2:
+- return (s->cpuid_ext_features & CPUID_SSE2);
++ return (s->cpuid_features & CPUID_SSE2);
+ case X86_FEAT_SSE3:
+ return (s->cpuid_ext_features & CPUID_EXT_SSE3);
+ case X86_FEAT_SSSE3:
+diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c
+index 6f3741b635..68c7058628 100644
+--- a/target/i386/tcg/fpu_helper.c
++++ b/target/i386/tcg/fpu_helper.c
+@@ -3011,6 +3011,11 @@ void helper_xsetbv(CPUX86State *env, uint32_t ecx, uint64_t mask)
+ goto do_gpf;
+ }
+
++ /* SSE can be disabled, but only if AVX is disabled too. */
++ if ((mask & (XSTATE_SSE_MASK | XSTATE_YMM_MASK)) == XSTATE_YMM_MASK) {
++ goto do_gpf;
++ }
++
+ /* Disallow enabling unimplemented features. */
+ cpu_x86_cpuid(env, 0x0d, 0, &ena_lo, &dummy, &dummy, &ena_hi);
+ ena = ((uint64_t)ena_hi << 32) | ena_lo;
+diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
+index abacb91ddf..417bc26e8f 100644
+--- a/target/i386/tcg/translate.c
++++ b/target/i386/tcg/translate.c
+@@ -2814,13 +2814,17 @@ static void gen_bnd_jmp(DisasContext *s)
+ static void
+ do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
+ {
++ bool inhibit_reset;
++
+ gen_update_cc_op(s);
+
+ /* If several instructions disable interrupts, only the first does it. */
+- if (inhibit && !(s->flags & HF_INHIBIT_IRQ_MASK)) {
+- gen_set_hflag(s, HF_INHIBIT_IRQ_MASK);
+- } else {
++ inhibit_reset = false;
++ if (s->flags & HF_INHIBIT_IRQ_MASK) {
+ gen_reset_hflag(s, HF_INHIBIT_IRQ_MASK);
++ inhibit_reset = true;
++ } else if (inhibit) {
++ gen_set_hflag(s, HF_INHIBIT_IRQ_MASK);
+ }
+
+ if (s->base.tb->flags & HF_RF_MASK) {
+@@ -2829,9 +2833,11 @@ do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
+ if (recheck_tf) {
+ gen_helper_rechecking_single_step(cpu_env);
+ tcg_gen_exit_tb(NULL, 0);
+- } else if (s->flags & HF_TF_MASK) {
++ } else if ((s->flags & HF_TF_MASK) && !inhibit) {
+ gen_helper_single_step(cpu_env);
+- } else if (jr) {
++ } else if (jr &&
++ /* give irqs a chance to happen */
++ !inhibit_reset) {
+ tcg_gen_lookup_and_goto_ptr();
+ } else {
+ tcg_gen_exit_tb(NULL, 0);
+@@ -6053,7 +6059,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
+ gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
+ break;
+ case 0xee: /* rdpkru */
+- if (prefixes & PREFIX_LOCK) {
++ if (s->prefix & (PREFIX_LOCK | PREFIX_DATA
++ | PREFIX_REPZ | PREFIX_REPNZ)) {
+ goto illegal_op;
+ }
+ tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]);
+@@ -6061,7 +6068,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
+ tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], s->tmp1_i64);
+ break;
+ case 0xef: /* wrpkru */
+- if (prefixes & PREFIX_LOCK) {
++ if (s->prefix & (PREFIX_LOCK | PREFIX_DATA
++ | PREFIX_REPZ | PREFIX_REPNZ)) {
+ goto illegal_op;
+ }
+ tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],
+@@ -6782,12 +6790,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
+ modrm = x86_ldub_code(env, s);
+ reg = ((modrm >> 3) & 7) | REX_R(s);
+
+- if (s->prefix & PREFIX_DATA) {
+- ot = MO_16;
+- } else {
+- ot = mo_64_32(dflag);
+- }
+-
++ ot = dflag;
+ gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
+ gen_extu(ot, s->T0);
+ tcg_gen_mov_tl(cpu_cc_src, s->T0);
+@@ -6953,7 +6956,7 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
+ dc->cpuid_7_0_ecx_features = env->features[FEAT_7_0_ECX];
+ dc->cpuid_xsave_features = env->features[FEAT_XSAVE];
+ dc->jmp_opt = !((cflags & CF_NO_GOTO_TB) ||
+- (flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK)));
++ (flags & (HF_RF_MASK | HF_TF_MASK | HF_INHIBIT_IRQ_MASK)));
+ /*
+ * If jmp_opt, we want to handle each string instruction individually.
+ * For icount also disable repz optimization so that each iteration
+diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
+index 92dd50e15e..56e36d81b3 100644
+--- a/target/loongarch/cpu.c
++++ b/target/loongarch/cpu.c
+@@ -653,7 +653,7 @@ void loongarch_cpu_dump_state(CPUState *cs, FILE *f, int flags)
+ qemu_fprintf(f, "EENTRY=%016" PRIx64 "\n", env->CSR_EENTRY);
+ qemu_fprintf(f, "PRCFG1=%016" PRIx64 ", PRCFG2=%016" PRIx64 ","
+ " PRCFG3=%016" PRIx64 "\n",
+- env->CSR_PRCFG1, env->CSR_PRCFG3, env->CSR_PRCFG3);
++ env->CSR_PRCFG1, env->CSR_PRCFG2, env->CSR_PRCFG3);
+ qemu_fprintf(f, "TLBRENTRY=%016" PRIx64 "\n", env->CSR_TLBRENTRY);
+ qemu_fprintf(f, "TLBRBADV=%016" PRIx64 "\n", env->CSR_TLBRBADV);
+ qemu_fprintf(f, "TLBRERA=%016" PRIx64 "\n", env->CSR_TLBRERA);
+diff --git a/tests/avocado/boot_linux_console.py b/tests/avocado/boot_linux_console.py
+index ec07c64291..b54693869b 100644
+--- a/tests/avocado/boot_linux_console.py
++++ b/tests/avocado/boot_linux_console.py
+@@ -542,12 +542,12 @@ def test_arm_cubieboard_initrd(self):
+ :avocado: tags=accel:tcg
+ """
+ deb_url = ('https://apt.armbian.com/pool/main/l/'
+- 'linux-5.10.16-sunxi/linux-image-current-sunxi_21.02.2_armhf.deb')
+- deb_hash = '9fa84beda245cabf0b4fa84cf6eaa7738ead1da0'
++ 'linux-6.6.16/linux-image-current-sunxi_24.2.1_armhf__6.6.16-Seb3e-D6b4a-P2359-Ce96bHfe66-HK01ba-V014b-B067e-R448a.deb')
++ deb_hash = 'f7c3c8c5432f765445dc6e7eab02f3bbe668256b'
+ deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+ kernel_path = self.extract_from_deb(deb_path,
+- '/boot/vmlinuz-5.10.16-sunxi')
+- dtb_path = '/usr/lib/linux-image-current-sunxi/sun4i-a10-cubieboard.dtb'
++ '/boot/vmlinuz-6.6.16-current-sunxi')
++ dtb_path = '/usr/lib/linux-image-6.6.16-current-sunxi/sun4i-a10-cubieboard.dtb'
+ dtb_path = self.extract_from_deb(deb_path, dtb_path)
+ initrd_url = ('https://github.com/groeck/linux-build-test/raw/'
+ '2eb0a73b5d5a28df3170c546ddaaa9757e1e0848/rootfs/'
+@@ -583,12 +583,12 @@ def test_arm_cubieboard_sata(self):
+ :avocado: tags=accel:tcg
+ """
+ deb_url = ('https://apt.armbian.com/pool/main/l/'
+- 'linux-5.10.16-sunxi/linux-image-current-sunxi_21.02.2_armhf.deb')
+- deb_hash = '9fa84beda245cabf0b4fa84cf6eaa7738ead1da0'
++ 'linux-6.6.16/linux-image-current-sunxi_24.2.1_armhf__6.6.16-Seb3e-D6b4a-P2359-Ce96bHfe66-HK01ba-V014b-B067e-R448a.deb')
++ deb_hash = 'f7c3c8c5432f765445dc6e7eab02f3bbe668256b'
+ deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+ kernel_path = self.extract_from_deb(deb_path,
+- '/boot/vmlinuz-5.10.16-sunxi')
+- dtb_path = '/usr/lib/linux-image-current-sunxi/sun4i-a10-cubieboard.dtb'
++ '/boot/vmlinuz-6.6.16-current-sunxi')
++ dtb_path = '/usr/lib/linux-image-6.6.16-current-sunxi/sun4i-a10-cubieboard.dtb'
+ dtb_path = self.extract_from_deb(deb_path, dtb_path)
+ rootfs_url = ('https://github.com/groeck/linux-build-test/raw/'
+ '2eb0a73b5d5a28df3170c546ddaaa9757e1e0848/rootfs/'
+@@ -713,12 +713,12 @@ def test_arm_orangepi(self):
+ :avocado: tags=accel:tcg
+ """
+ deb_url = ('https://apt.armbian.com/pool/main/l/'
+- 'linux-5.10.16-sunxi/linux-image-current-sunxi_21.02.2_armhf.deb')
+- deb_hash = '9fa84beda245cabf0b4fa84cf6eaa7738ead1da0'
++ 'linux-6.6.16/linux-image-current-sunxi_24.2.1_armhf__6.6.16-Seb3e-D6b4a-P2359-Ce96bHfe66-HK01ba-V014b-B067e-R448a.deb')
++ deb_hash = 'f7c3c8c5432f765445dc6e7eab02f3bbe668256b'
+ deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+ kernel_path = self.extract_from_deb(deb_path,
+- '/boot/vmlinuz-5.10.16-sunxi')
+- dtb_path = '/usr/lib/linux-image-current-sunxi/sun8i-h3-orangepi-pc.dtb'
++ '/boot/vmlinuz-6.6.16-current-sunxi')
++ dtb_path = '/usr/lib/linux-image-6.6.16-current-sunxi/sun8i-h3-orangepi-pc.dtb'
+ dtb_path = self.extract_from_deb(deb_path, dtb_path)
+
+ self.vm.set_console()
+@@ -739,12 +739,12 @@ def test_arm_orangepi_initrd(self):
+ :avocado: tags=machine:orangepi-pc
+ """
+ deb_url = ('https://apt.armbian.com/pool/main/l/'
+- 'linux-5.10.16-sunxi/linux-image-current-sunxi_21.02.2_armhf.deb')
+- deb_hash = '9fa84beda245cabf0b4fa84cf6eaa7738ead1da0'
++ 'linux-6.6.16/linux-image-current-sunxi_24.2.1_armhf__6.6.16-Seb3e-D6b4a-P2359-Ce96bHfe66-HK01ba-V014b-B067e-R448a.deb')
++ deb_hash = 'f7c3c8c5432f765445dc6e7eab02f3bbe668256b'
+ deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+ kernel_path = self.extract_from_deb(deb_path,
+- '/boot/vmlinuz-5.10.16-sunxi')
+- dtb_path = '/usr/lib/linux-image-current-sunxi/sun8i-h3-orangepi-pc.dtb'
++ '/boot/vmlinuz-6.6.16-current-sunxi')
++ dtb_path = '/usr/lib/linux-image-6.6.16-current-sunxi/sun8i-h3-orangepi-pc.dtb'
+ dtb_path = self.extract_from_deb(deb_path, dtb_path)
+ initrd_url = ('https://github.com/groeck/linux-build-test/raw/'
+ '2eb0a73b5d5a28df3170c546ddaaa9757e1e0848/rootfs/'
+@@ -785,12 +785,12 @@ def test_arm_orangepi_sd(self):
+ self.require_netdev('user')
+
+ deb_url = ('https://apt.armbian.com/pool/main/l/'
+- 'linux-5.10.16-sunxi/linux-image-current-sunxi_21.02.2_armhf.deb')
+- deb_hash = '9fa84beda245cabf0b4fa84cf6eaa7738ead1da0'
++ 'linux-6.6.16/linux-image-current-sunxi_24.2.1_armhf__6.6.16-Seb3e-D6b4a-P2359-Ce96bHfe66-HK01ba-V014b-B067e-R448a.deb')
++ deb_hash = 'f7c3c8c5432f765445dc6e7eab02f3bbe668256b'
+ deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+ kernel_path = self.extract_from_deb(deb_path,
+- '/boot/vmlinuz-5.10.16-sunxi')
+- dtb_path = '/usr/lib/linux-image-current-sunxi/sun8i-h3-orangepi-pc.dtb'
++ '/boot/vmlinuz-6.6.16-current-sunxi')
++ dtb_path = '/usr/lib/linux-image-6.6.16-current-sunxi/sun8i-h3-orangepi-pc.dtb'
+ dtb_path = self.extract_from_deb(deb_path, dtb_path)
+ rootfs_url = ('http://storage.kernelci.org/images/rootfs/buildroot/'
+ 'buildroot-baseline/20221116.0/armel/rootfs.ext2.xz')
+diff --git a/tests/avocado/replay_kernel.py b/tests/avocado/replay_kernel.py
+index 00a26e4a0c..154de3ab5e 100644
+--- a/tests/avocado/replay_kernel.py
++++ b/tests/avocado/replay_kernel.py
+@@ -185,12 +185,12 @@ def test_arm_cubieboard_initrd(self):
+ :avocado: tags=machine:cubieboard
+ """
+ deb_url = ('https://apt.armbian.com/pool/main/l/'
+- 'linux-5.10.16-sunxi/linux-image-current-sunxi_21.02.2_armhf.deb')
+- deb_hash = '9fa84beda245cabf0b4fa84cf6eaa7738ead1da0'
++ 'linux-6.6.16/linux-image-current-sunxi_24.2.1_armhf__6.6.16-Seb3e-D6b4a-P2359-Ce96bHfe66-HK01ba-V014b-B067e-R448a.deb')
++ deb_hash = 'f7c3c8c5432f765445dc6e7eab02f3bbe668256b'
+ deb_path = self.fetch_asset(deb_url, asset_hash=deb_hash)
+ kernel_path = self.extract_from_deb(deb_path,
+- '/boot/vmlinuz-5.10.16-sunxi')
+- dtb_path = '/usr/lib/linux-image-current-sunxi/sun4i-a10-cubieboard.dtb'
++ '/boot/vmlinuz-6.6.16-current-sunxi')
++ dtb_path = '/usr/lib/linux-image-6.6.16-current-sunxi/sun4i-a10-cubieboard.dtb'
+ dtb_path = self.extract_from_deb(deb_path, dtb_path)
+ initrd_url = ('https://github.com/groeck/linux-build-test/raw/'
+ '2eb0a73b5d5a28df3170c546ddaaa9757e1e0848/rootfs/'
+diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c
+index 7ff9f1648c..b3d0354845 100644
+--- a/ui/gtk-egl.c
++++ b/ui/gtk-egl.c
+@@ -96,7 +96,7 @@ void gd_egl_draw(VirtualConsole *vc)
+ #ifdef CONFIG_GBM
+ if (dmabuf) {
+ egl_dmabuf_create_fence(dmabuf);
+- if (dmabuf->fence_fd > 0) {
++ if (dmabuf->fence_fd >= 0) {
+ qemu_set_fd_handler(dmabuf->fence_fd, gd_hw_gl_flushed, NULL, vc);
+ return;
+ }
+diff --git a/ui/gtk-gl-area.c b/ui/gtk-gl-area.c
+index 1605818bd1..c65e2a0d0c 100644
+--- a/ui/gtk-gl-area.c
++++ b/ui/gtk-gl-area.c
+@@ -85,7 +85,7 @@ void gd_gl_area_draw(VirtualConsole *vc)
+ #ifdef CONFIG_GBM
+ if (dmabuf) {
+ egl_dmabuf_create_fence(dmabuf);
+- if (dmabuf->fence_fd > 0) {
++ if (dmabuf->fence_fd >= 0) {
+ qemu_set_fd_handler(dmabuf->fence_fd, gd_hw_gl_flushed, NULL, vc);
+ return;
+ }
+diff --git a/ui/gtk.c b/ui/gtk.c
+index 283c41a1a1..17a34d37d9 100644
+--- a/ui/gtk.c
++++ b/ui/gtk.c
+@@ -589,10 +589,12 @@ void gd_hw_gl_flushed(void *vcon)
+ VirtualConsole *vc = vcon;
+ QemuDmaBuf *dmabuf = vc->gfx.guest_fb.dmabuf;
+
+- qemu_set_fd_handler(dmabuf->fence_fd, NULL, NULL, NULL);
+- close(dmabuf->fence_fd);
+- dmabuf->fence_fd = -1;
+- graphic_hw_gl_block(vc->gfx.dcl.con, false);
++ if (dmabuf->fence_fd >= 0) {
++ qemu_set_fd_handler(dmabuf->fence_fd, NULL, NULL, NULL);
++ close(dmabuf->fence_fd);
++ dmabuf->fence_fd = -1;
++ graphic_hw_gl_block(vc->gfx.dcl.con, false);
++ }
+ }
+
+ /** DisplayState Callbacks (opengl version) **/
+@@ -871,7 +873,7 @@ static gboolean gd_motion_event(GtkWidget *widget, GdkEventMotion *motion,
+ int x, y;
+ int mx, my;
+ int fbh, fbw;
+- int ww, wh, ws;
++ int ww, wh;
+
+ if (!vc->gfx.ds) {
+ return TRUE;
+@@ -879,11 +881,15 @@ static gboolean gd_motion_event(GtkWidget *widget, GdkEventMotion *motion,
+
+ fbw = surface_width(vc->gfx.ds) * vc->gfx.scale_x;
+ fbh = surface_height(vc->gfx.ds) * vc->gfx.scale_y;
+-
+ ww = gtk_widget_get_allocated_width(widget);
+ wh = gtk_widget_get_allocated_height(widget);
+- ws = gtk_widget_get_scale_factor(widget);
+
++ /*
++ * `widget` may not have the same size with the frame buffer.
++ * In such cases, some paddings are needed around the `vc`.
++ * To achieve that, `vc` will be displayed at (mx, my)
++ * so that it is displayed at the center of the widget.
++ */
+ mx = my = 0;
+ if (ww > fbw) {
+ mx = (ww - fbw) / 2;
+@@ -892,8 +898,12 @@ static gboolean gd_motion_event(GtkWidget *widget, GdkEventMotion *motion,
+ my = (wh - fbh) / 2;
+ }
+
+- x = (motion->x - mx) / vc->gfx.scale_x * ws;
+- y = (motion->y - my) / vc->gfx.scale_y * ws;
++ /*
++ * `motion` is reported in `widget` coordinates
++ * so translating it to the coordinates in `vc`.
++ */
++ x = (motion->x - mx) / vc->gfx.scale_x;
++ y = (motion->y - my) / vc->gfx.scale_y;
+
+ if (qemu_input_is_absolute()) {
+ if (x < 0 || y < 0 ||
+diff --git a/ui/sdl2.c b/ui/sdl2.c
+index d630459b78..fc7e8639c2 100644
+--- a/ui/sdl2.c
++++ b/ui/sdl2.c
+@@ -857,6 +857,7 @@ static void sdl2_display_init(DisplayState *ds, DisplayOptions *o)
+ SDL_SetHint(SDL_HINT_ALLOW_ALT_TAB_WHILE_GRABBED, "0");
+ #endif
+ SDL_SetHint(SDL_HINT_WINDOWS_NO_CLOSE_ON_ALT_F4, "1");
++ SDL_EnableScreenSaver();
+ memset(&info, 0, sizeof(info));
+ SDL_VERSION(&info.version);
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-25 20:29:27 +0000