Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* Fix Patchew CI failures (myself)
* i386 fw_cfg refactoring (Philippe)
* pmem bugfix (Stefan)
* Support for accessing cstate MSRs (Wanpeng)
* exec.c cleanups (Wei Yang)
* Improved throttling (Yury)
* elf-ops.h coverity fix (Stefano)

# gpg: Signature made Mon 16 Sep 2019 16:13:12 BST
# gpg:                using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (29 commits)
  hw/i386/pc: Extract the x86 generic fw_cfg code
  hw/i386/pc: Rename pc_build_feature_control() as generic fw_cfg_build_*
  hw/i386/pc: Let pc_build_feature_control() take a MachineState argument
  hw/i386/pc: Let pc_build_feature_control() take a FWCfgState argument
  hw/i386/pc: Rename pc_build_smbios() as generic fw_cfg_build_smbios()
  hw/i386/pc: Let pc_build_smbios() take a generic MachineState argument
  hw/i386/pc: Let pc_build_smbios() take a FWCfgState argument
  hw/i386/pc: Replace PCMachineState argument with MachineState in fw_cfg_arch_create
  hw/i386/pc: Pass the CPUArchIdList array by argument
  hw/i386/pc: Pass the apic_id_limit value by argument
  hw/i386/pc: Pass the boot_cpus value by argument
  hw/i386/pc: Rename bochs_bios_init as more generic fw_cfg_arch_create
  hw/i386/pc: Use address_space_memory in place
  hw/i386/pc: Extract e820 memory layout code
  hw/i386/pc: Use e820_get_num_entries() to access e820_entries
  cpus: Fix throttling during vm_stop
  qemu-thread: Add qemu_cond_timedwait
  memory: inline and optimize devend_memop
  memory: fetch pmem size in get_file_size()
  elf-ops.h: fix int overflow in load_elf()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

3 files changed, 6 insertions, 11 deletions

diff --git a/include/hw/elf_ops.h b/include/hw/elf_ops.h
index 1496d7e..e07d276 100644
--- a/include/hw/elf_ops.h
+++ b/include/hw/elf_ops.h
@@ -485,6 +485,11 @@ static int glue(load_elf, SZ)(const char *name, int fd,
                 }
             }
 
+            if (mem_size > INT_MAX - total_size) {
+                ret = ELF_LOAD_TOO_BIG;
+                goto fail;
+            }
+
             /* address_offset is hack for kernel images that are
                linked at the wrong physical address.  */
             if (translate_fn) {
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 19a8378..062feeb 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -291,17 +291,6 @@ void pc_system_firmware_init(PCMachineState *pcms, MemoryRegion *rom_memory);
 void pc_madt_cpu_entry(AcpiDeviceIf *adev, int uid,
                        const CPUArchIdList *apic_ids, GArray *entry);
 
-/* e820 types */
-#define E820_RAM        1
-#define E820_RESERVED   2
-#define E820_ACPI       3
-#define E820_NVS        4
-#define E820_UNUSABLE   5
-
-int e820_add_entry(uint64_t, uint64_t, uint32_t);
-int e820_get_num_entries(void);
-bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
-
 extern GlobalProperty pc_compat_4_1[];
 extern const size_t pc_compat_4_1_len;
 
diff --git a/include/hw/loader.h b/include/hw/loader.h
index 07fd928..48a96cd 100644
--- a/include/hw/loader.h
+++ b/include/hw/loader.h
@@ -89,6 +89,7 @@ int load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz);
 #define ELF_LOAD_NOT_ELF      -2
 #define ELF_LOAD_WRONG_ARCH   -3
 #define ELF_LOAD_WRONG_ENDIAN -4
+#define ELF_LOAD_TOO_BIG      -5
 const char *load_elf_strerror(int error);
 
 /** load_elf_ram_sym: