!989 QEMU update to version 8.2.0-17:

From: @JiaboFeng 
Reviewed-by: @imxcc 
Signed-off-by: @imxcc

aspeed-smc-Fix-possible-integer-overflow.patch

@@ -0,0 +1,45 @@
+From 041c319f2f91c85aeb4ed0cefa6afa76773fe960 Mon Sep 17 00:00:00 2001
+From: qihao <qihao_yewu@cmss.chinamobile.com>
+Date: Thu, 25 Jul 2024 09:57:01 +0800
+Subject: [PATCH] aspeed/smc: Fix possible integer overflow
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+cheery-pick from 13951ccfcdf0f31902a93859506ccf8c0ef66583
+
+Coverity reports a possible integer overflow because routine
+aspeeed_smc_hclk_divisor() has a codepath returning 0, which could
+lead to an integer overflow when computing variable 'hclk_shift' in
+the caller aspeed_smc_dma_calibration().
+
+The value passed to aspeed_smc_hclk_divisor() is always between 0 and
+15 and, in this case, there is always a matching hclk divisor. Remove
+the return 0 and use g_assert_not_reached() instead.
+
+Fixes: Coverity CID 1547822
+Suggested-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
+---
+ hw/ssi/aspeed_smc.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
+index 2a4001b774..8af919a970 100644
+--- a/hw/ssi/aspeed_smc.c
++++ b/hw/ssi/aspeed_smc.c
+@@ -764,8 +764,7 @@ static uint8_t aspeed_smc_hclk_divisor(uint8_t hclk_mask)
+         }
+     }
+ 
+-    aspeed_smc_error("invalid HCLK mask %x", hclk_mask);
+-    return 0;
++    g_assert_not_reached();
+ }
+ 
+ /*
+-- 
+2.41.0.windows.1
+

crypto-Introduce-SM4-symmetric-cipher-algorithm.patch

@@ -0,0 +1,306 @@
+From f402887e0c3e97dcbd6d1929ca9908ec57e2bb1f Mon Sep 17 00:00:00 2001
+From: Hyman Huang <yong.huang@smartx.com>
+Date: Thu, 7 Dec 2023 23:47:35 +0800
+Subject: [PATCH] crypto: Introduce SM4 symmetric cipher algorithm
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Introduce the SM4 cipher algorithms (OSCCA GB/T 32907-2016).
+
+SM4 (GBT.32907-2016) is a cryptographic standard issued by the
+Organization of State Commercial Administration of China (OSCCA)
+as an authorized cryptographic algorithms for the use within China.
+
+Detect the SM4 cipher algorithms and enable the feature silently
+if it is available.
+
+Signed-off-by: Hyman Huang <yong.huang@smartx.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+Signed-off-by: cheliequan <cheliequan@inspur.com>
+---
+ crypto/block-luks.c             | 11 ++++++++
+ crypto/cipher-gcrypt.c.inc      |  8 ++++++
+ crypto/cipher-nettle.c.inc      | 49 +++++++++++++++++++++++++++++++++
+ crypto/cipher.c                 |  6 ++++
+ meson.build                     | 26 +++++++++++++++++
+ qapi/crypto.json                |  5 +++-
+ tests/unit/test-crypto-cipher.c | 13 +++++++++
+ 7 files changed, 117 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/block-luks.c b/crypto/block-luks.c
+index fb01ec38bb..f0813d69b4 100644
+--- a/crypto/block-luks.c
++++ b/crypto/block-luks.c
+@@ -95,12 +95,23 @@ qcrypto_block_luks_cipher_size_map_twofish[] = {
+     { 0, 0 },
+ };
+ 
++#ifdef CONFIG_CRYPTO_SM4
++static const QCryptoBlockLUKSCipherSizeMap
++qcrypto_block_luks_cipher_size_map_sm4[] = {
++    { 16, QCRYPTO_CIPHER_ALG_SM4},
++    { 0, 0 },
++};
++#endif
++
+ static const QCryptoBlockLUKSCipherNameMap
+ qcrypto_block_luks_cipher_name_map[] = {
+     { "aes", qcrypto_block_luks_cipher_size_map_aes },
+     { "cast5", qcrypto_block_luks_cipher_size_map_cast5 },
+     { "serpent", qcrypto_block_luks_cipher_size_map_serpent },
+     { "twofish", qcrypto_block_luks_cipher_size_map_twofish },
++#ifdef CONFIG_CRYPTO_SM4
++    { "sm4", qcrypto_block_luks_cipher_size_map_sm4},
++#endif
+ };
+ 
+ QEMU_BUILD_BUG_ON(sizeof(struct QCryptoBlockLUKSKeySlot) != 48);
+diff --git a/crypto/cipher-gcrypt.c.inc b/crypto/cipher-gcrypt.c.inc
+index a6a0117717..1377cbaf14 100644
+--- a/crypto/cipher-gcrypt.c.inc
++++ b/crypto/cipher-gcrypt.c.inc
+@@ -35,6 +35,9 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+     case QCRYPTO_CIPHER_ALG_SERPENT_256:
+     case QCRYPTO_CIPHER_ALG_TWOFISH_128:
+     case QCRYPTO_CIPHER_ALG_TWOFISH_256:
++#ifdef CONFIG_CRYPTO_SM4
++    case QCRYPTO_CIPHER_ALG_SM4:
++#endif
+         break;
+     default:
+         return false;
+@@ -219,6 +222,11 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
+     case QCRYPTO_CIPHER_ALG_TWOFISH_256:
+         gcryalg = GCRY_CIPHER_TWOFISH;
+         break;
++#ifdef CONFIG_CRYPTO_SM4
++    case QCRYPTO_CIPHER_ALG_SM4:
++        gcryalg = GCRY_CIPHER_SM4;
++        break;
++#endif
+     default:
+         error_setg(errp, "Unsupported cipher algorithm %s",
+                    QCryptoCipherAlgorithm_str(alg));
+diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc
+index 24cc61f87b..42b39e18a2 100644
+--- a/crypto/cipher-nettle.c.inc
++++ b/crypto/cipher-nettle.c.inc
+@@ -33,6 +33,9 @@
+ #ifndef CONFIG_QEMU_PRIVATE_XTS
+ #include <nettle/xts.h>
+ #endif
++#ifdef CONFIG_CRYPTO_SM4
++#include <nettle/sm4.h>
++#endif
+ 
+ static inline bool qcrypto_length_check(size_t len, size_t blocksize,
+                                         Error **errp)
+@@ -426,6 +429,30 @@ DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_twofish,
+                        QCryptoNettleTwofish, TWOFISH_BLOCK_SIZE,
+                        twofish_encrypt_native, twofish_decrypt_native)
+ 
++#ifdef CONFIG_CRYPTO_SM4
++typedef struct QCryptoNettleSm4 {
++    QCryptoCipher base;
++    struct sm4_ctx key[2];
++} QCryptoNettleSm4;
++
++static void sm4_encrypt_native(void *ctx, size_t length,
++                               uint8_t *dst, const uint8_t *src)
++{
++    struct sm4_ctx *keys = ctx;
++    sm4_crypt(&keys[0], length, dst, src);
++}
++
++static void sm4_decrypt_native(void *ctx, size_t length,
++                               uint8_t *dst, const uint8_t *src)
++{
++    struct sm4_ctx *keys = ctx;
++    sm4_crypt(&keys[1], length, dst, src);
++}
++
++DEFINE_ECB(qcrypto_nettle_sm4,
++           QCryptoNettleSm4, SM4_BLOCK_SIZE,
++           sm4_encrypt_native, sm4_decrypt_native)
++#endif
+ 
+ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+                              QCryptoCipherMode mode)
+@@ -443,6 +470,9 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
+     case QCRYPTO_CIPHER_ALG_TWOFISH_128:
+     case QCRYPTO_CIPHER_ALG_TWOFISH_192:
+     case QCRYPTO_CIPHER_ALG_TWOFISH_256:
++#ifdef CONFIG_CRYPTO_SM4
++    case QCRYPTO_CIPHER_ALG_SM4:
++#endif
+         break;
+     default:
+         return false;
+@@ -701,6 +731,25 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
+ 
+             return &ctx->base;
+         }
++#ifdef CONFIG_CRYPTO_SM4
++    case QCRYPTO_CIPHER_ALG_SM4:
++        {
++            QCryptoNettleSm4 *ctx = g_new0(QCryptoNettleSm4, 1);
++
++            switch (mode) {
++            case QCRYPTO_CIPHER_MODE_ECB:
++                ctx->base.driver = &qcrypto_nettle_sm4_driver_ecb;
++                break;
++            default:
++                goto bad_cipher_mode;
++            }
++
++            sm4_set_encrypt_key(&ctx->key[0], key);
++            sm4_set_decrypt_key(&ctx->key[1], key);
++
++            return &ctx->base;
++        }
++#endif
+ 
+     default:
+         error_setg(errp, "Unsupported cipher algorithm %s",
+diff --git a/crypto/cipher.c b/crypto/cipher.c
+index 74b09a5b26..5f512768ea 100644
+--- a/crypto/cipher.c
++++ b/crypto/cipher.c
+@@ -38,6 +38,9 @@ static const size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {
+     [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16,
+     [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 24,
+     [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 32,
++#ifdef CONFIG_CRYPTO_SM4
++    [QCRYPTO_CIPHER_ALG_SM4] = 16,
++#endif
+ };
+ 
+ static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
+@@ -53,6 +56,9 @@ static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
+     [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16,
+     [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 16,
+     [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 16,
++#ifdef CONFIG_CRYPTO_SM4
++    [QCRYPTO_CIPHER_ALG_SM4] = 16,
++#endif
+ };
+ 
+ static const bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = {
+diff --git a/meson.build b/meson.build
+index 0c62b4156d..089f45d386 100644
+--- a/meson.build
++++ b/meson.build
+@@ -1485,6 +1485,7 @@ endif
+ gcrypt = not_found
+ nettle = not_found
+ hogweed = not_found
++crypto_sm4 = not_found
+ xts = 'none'
+ 
+ if get_option('nettle').enabled() and get_option('gcrypt').enabled()
+@@ -1510,6 +1511,17 @@ if not gnutls_crypto.found()
+          cc.find_library('gpg-error', required: true)],
+         version: gcrypt.version())
+     endif
++    crypto_sm4 = gcrypt
++    # SM4 ALG is available in libgcrypt >= 1.9
++    if gcrypt.found() and not cc.links('''
++      #include <gcrypt.h>
++      int main(void) {
++        gcry_cipher_hd_t handler;
++        gcry_cipher_open(&handler, GCRY_CIPHER_SM4, GCRY_CIPHER_MODE_ECB, 0);
++        return 0;
++      }''', dependencies: gcrypt)
++      crypto_sm4 = not_found
++    endif
+   endif
+   if (not get_option('nettle').auto() or have_system) and not gcrypt.found()
+     nettle = dependency('nettle', version: '>=3.4',
+@@ -1518,6 +1530,18 @@ if not gnutls_crypto.found()
+     if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: nettle)
+       xts = 'private'
+     endif
++    crypto_sm4 = nettle
++    # SM4 ALG is available in nettle >= 3.9
++    if nettle.found() and not cc.links('''
++      #include <nettle/sm4.h>
++      int main(void) {
++        struct sm4_ctx ctx;
++        unsigned char key[16] = {0};
++        sm4_set_encrypt_key(&ctx, key);
++        return 0;
++      }''', dependencies: nettle)
++      crypto_sm4 = not_found
++    endif
+   endif
+ endif
+ 
+@@ -2204,6 +2228,7 @@ config_host_data.set('CONFIG_GNUTLS_CRYPTO', gnutls_crypto.found())
+ config_host_data.set('CONFIG_TASN1', tasn1.found())
+ config_host_data.set('CONFIG_GCRYPT', gcrypt.found())
+ config_host_data.set('CONFIG_NETTLE', nettle.found())
++config_host_data.set('CONFIG_CRYPTO_SM4', crypto_sm4.found())
+ config_host_data.set('CONFIG_HOGWEED', hogweed.found())
+ config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts == 'private')
+ config_host_data.set('CONFIG_MALLOC_TRIM', has_malloc_trim)
+@@ -4280,6 +4305,7 @@ summary_info += {'nettle':            nettle}
+ if nettle.found()
+    summary_info += {'  XTS':             xts != 'private'}
+ endif
++summary_info += {'SM4 ALG support':   crypto_sm4}
+ summary_info += {'AF_ALG support':    have_afalg}
+ summary_info += {'rng-none':          get_option('rng_none')}
+ summary_info += {'Linux keyring':     have_keyring}
+diff --git a/qapi/crypto.json b/qapi/crypto.json
+index fd3d46ebd1..2f2aeff5fd 100644
+--- a/qapi/crypto.json
++++ b/qapi/crypto.json
+@@ -94,6 +94,8 @@
+ #
+ # @twofish-256: Twofish with 256 bit / 32 byte keys
+ #
++# @sm4: SM4 with 128 bit / 16 byte keys (since 9.0)
++#
+ # Since: 2.6
+ ##
+ { 'enum': 'QCryptoCipherAlgorithm',
+@@ -102,7 +104,8 @@
+            'des', '3des',
+            'cast5-128',
+            'serpent-128', 'serpent-192', 'serpent-256',
+-           'twofish-128', 'twofish-192', 'twofish-256']}
++           'twofish-128', 'twofish-192', 'twofish-256',
++           'sm4']}
+ 
+ ##
+ # @QCryptoCipherMode:
+diff --git a/tests/unit/test-crypto-cipher.c b/tests/unit/test-crypto-cipher.c
+index d9d9d078ff..11ab1a54fc 100644
+--- a/tests/unit/test-crypto-cipher.c
++++ b/tests/unit/test-crypto-cipher.c
+@@ -382,6 +382,19 @@ static QCryptoCipherTestData test_data[] = {
+         .plaintext = "90afe91bb288544f2c32dc239b2635e6",
+         .ciphertext = "6cb4561c40bf0a9705931cb6d408e7fa",
+     },
++#ifdef CONFIG_CRYPTO_SM4
++    {
++        /* SM4, GB/T 32907-2016, Appendix A.1 */
++        .path = "/crypto/cipher/sm4",
++        .alg = QCRYPTO_CIPHER_ALG_SM4,
++        .mode = QCRYPTO_CIPHER_MODE_ECB,
++        .key = "0123456789abcdeffedcba9876543210",
++        .plaintext  =
++            "0123456789abcdeffedcba9876543210",
++        .ciphertext =
++            "681edf34d206965e86b3e94f536e4246",
++    },
++#endif
+     {
+         /* #1 32 byte key, 32 byte PTX */
+         .path = "/crypto/cipher/aes-xts-128-1",
+-- 
+2.41.0.windows.1
+

cvm-bug-fix-for-incorrect-device-name-check-for-vhos.patch

@@ -0,0 +1,34 @@
+From 282d63f9b5915f0529e9d0ae54b47c0ceacc58c3 Mon Sep 17 00:00:00 2001
+From: liupingwei <liupingwei0317@outlook.com>
+Date: Mon, 19 Aug 2024 15:38:23 +0800
+Subject: [PATCH] cvm : bug-fix for incorrect device name check for
+ vhost-user-fs
+
+The 'vhost-user-fs' was being parsed as 'virtio-user-fs' during the
+compilation and this caused the device to erroneously trigger the error
+branch.
+
+Fixes: 5db954cb188d3775aec053fad8a39bf4c26a2b92("Add support for the
+virtcca cvm feature.)
+
+Signed-off-by: liupingwei <liupingwei0317@outlook.com>
+---
+ hw/virtio/virtio-bus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c
+index 7e750d073d..4f16e7ef77 100644
+--- a/hw/virtio/virtio-bus.c
++++ b/hw/virtio/virtio-bus.c
+@@ -83,7 +83,7 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
+     if (has_iommu) {
+         vdev_has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
+ 
+-        if (virtcca_cvm_enabled() && (strcmp(vdev->name, "vhost-user-fs") == 0)) {
++        if (virtcca_cvm_enabled() && (strcmp(vdev->name, "virtio-user-fs") == 0)) {
+             vdev_has_iommu = true;
+         }
+ 
+-- 
+2.41.0.windows.1
+

cvm-bug-fix-for-undefined-reference-to-virtcca_cvm_a.patch

@@ -0,0 +1,30 @@
+From 87dfbca72fe11b7a8d3f1afce52a7925be0e0b01 Mon Sep 17 00:00:00 2001
+From: liupingwei <liupingwei0317@outlook.com>
+Date: Wed, 4 Sep 2024 14:29:02 +0800
+Subject: [PATCH] cvm : bug fix for undefined reference to
+ 'virtcca_cvm_allowed' while compiling.
+
+Fixes a linking error due to an undefined reference to
+'virtcca_cvm_allowed' when KVM is not enabled.
+
+Signed-off-by: liupingwei <liupingwei0317@outlook.com>
+---
+ accel/stubs/kvm-stub.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c
+index 1b37d9a302..ad39a434c4 100644
+--- a/accel/stubs/kvm-stub.c
++++ b/accel/stubs/kvm-stub.c
+@@ -25,6 +25,8 @@ bool kvm_allowed;
+ bool kvm_readonly_mem_allowed;
+ bool kvm_msi_use_devid;
+ 
++bool virtcca_cvm_allowed;
++
+ void kvm_flush_coalesced_mmio_buffer(void)
+ {
+ }
+-- 
+2.41.0.windows.1
+

hvf-arm-Do-not-advance-PC-when-raising-an-exception.patch

@@ -0,0 +1,39 @@
+From 550d304465b366a116e02d2cb006475ea453a98a Mon Sep 17 00:00:00 2001
+From: guping <guping_yewu@cmss.chinamobile.com>
+Date: Mon, 22 Jul 2024 00:37:30 +0000
+Subject: [PATCH] hvf: arm: Do not advance PC when raising an exception
+ cherry-pick from 30a1690f2402e6c1582d5b3ebcf7940bfe2fad4b
+
+hvf did not advance PC when raising an exception for most unhandled
+system registers, but it mistakenly advanced PC when raising an
+exception for GICv3 registers.
+
+Cc: qemu-stable@nongnu.org
+Fixes: a2260983
+
+ ("hvf: arm: Add support for GICv3")
+Signed-off-by: default avatarAkihiko Odaki <akihiko.odaki@daynix.com>
+Message-id: 20240716-pmu-v3-4-8c7c1858a227@daynix.com
+Reviewed-by: default avatarPeter Maydell <peter.maydell@linaro.org>
+Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
+
+Signed-off-by: guping <guping_yewu@cmss.chinamobile.com>
+---
+ target/arm/hvf/hvf.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
+index 757e13b0f9..b4e98a99e2 100644
+--- a/target/arm/hvf/hvf.c
++++ b/target/arm/hvf/hvf.c
+@@ -1272,6 +1272,7 @@ static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, uint32_t rt)
+         /* Call the TCG sysreg handler. This is only safe for GICv3 regs. */
+         if (!hvf_sysreg_read_cp(cpu, reg, &val)) {
+             hvf_raise_exception(cpu, EXCP_UDEF, syn_uncategorized());
++            return 1;
+         }
+         break;
+     case SYSREG_DBGBVR0_EL1:
+-- 
+2.41.0.windows.1
+

hw-display-bcm2835_fb-fix-fb_use_offsets-condition.patch

@@ -0,0 +1,51 @@
+From 1d3ea28fd7da9a23e278be70c7e028fbd2b69bf3 Mon Sep 17 00:00:00 2001
+From: qihao <qihao_yewu@cmss.chinamobile.com>
+Date: Thu, 25 Jul 2024 10:29:20 +0800
+Subject: [PATCH] hw/display/bcm2835_fb: fix fb_use_offsets condition
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+cheery-pick from 345acc443905eda8008a1d328dd89b73c4a3f89e
+
+It is common practice when implementing double-buffering on VideoCore
+to do so by multiplying the height of the virtual buffer by the
+number of virtual screens desired (i.e., two - in the case of
+double-bufferring).
+
+At present, this won't work in QEMU because the logic in
+fb_use_offsets require that both the virtual width and height exceed
+their physical counterparts.
+
+This appears to be unintentional/a typo and indeed the comment
+states; "Experimentally, the hardware seems to do this only if the
+viewport size is larger than the physical screen".  The
+viewport/virtual size would be larger than the physical size if
+either virtual dimension were larger than their physical counterparts
+and not necessarily both.
+
+Signed-off-by: SamJakob <me@samjakob.com>
+Message-id: 20240713160353.62410-1-me@samjakob.com
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
+---
+ hw/display/bcm2835_fb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/display/bcm2835_fb.c b/hw/display/bcm2835_fb.c
+index a05277674f..c45da149d9 100644
+--- a/hw/display/bcm2835_fb.c
++++ b/hw/display/bcm2835_fb.c
+@@ -145,7 +145,7 @@ static bool fb_use_offsets(BCM2835FBConfig *config)
+      * viewport size is larger than the physical screen. (It doesn't
+      * prevent the guest setting this silly viewport setting, though...)
+      */
+-    return config->xres_virtual > config->xres &&
++    return config->xres_virtual > config->xres ||
+         config->yres_virtual > config->yres;
+ }
+ 
+-- 
+2.41.0.windows.1
+

hw-nvme-fix-memory-leak-in-nvme_dsm.patch

@@ -0,0 +1,49 @@
+From 0c23d22ea9f160a8e0e0e48b6cb400d7964ae868 Mon Sep 17 00:00:00 2001
+From: qihao <qihao_yewu@cmss.chinamobile.com>
+Date: Tue, 23 Jul 2024 21:06:08 +0800
+Subject: [PATCH] hw/nvme: fix memory leak in nvme_dsm
+
+cheery-pick from c510fe78f1b7c966524489d6ba752107423b20c8
+
+The allocated memory to hold LBA ranges leaks in the nvme_dsm function. This
+happens because the allocated memory for iocb->range is not freed in all
+error handling paths.
+
+Fix this by adding a free to ensure that the allocated memory is properly freed.
+
+ASAN log:
+==3075137==ERROR: LeakSanitizer: detected memory leaks
+
+Direct leak of 480 byte(s) in 6 object(s) allocated from:
+    #0 0x55f1f8a0eddd in malloc llvm/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
+    #1 0x7f531e0f6738 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5e738)
+    #2 0x55f1faf1f091 in blk_aio_get block/block-backend.c:2583:12
+    #3 0x55f1f945c74b in nvme_dsm hw/nvme/ctrl.c:2609:30
+    #4 0x55f1f945831b in nvme_io_cmd hw/nvme/ctrl.c:4470:16
+    #5 0x55f1f94561b7 in nvme_process_sq hw/nvme/ctrl.c:7039:29
+
+Cc: qemu-stable@nongnu.org
+Fixes: d7d1474fd85d ("hw/nvme: reimplement dsm to allow cancellation")
+Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
+Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
+Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
+Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
+---
+ hw/nvme/ctrl.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
+index 237b5c8871..dd1c962f93 100644
+--- a/hw/nvme/ctrl.c
++++ b/hw/nvme/ctrl.c
+@@ -2592,6 +2592,7 @@ next:
+ done:
+     iocb->aiocb = NULL;
+     iocb->common.cb(iocb->common.opaque, iocb->ret);
++    g_free(iocb->range);
+     qemu_aio_unref(iocb);
+ }
+ 
+-- 
+2.41.0.windows.1
+

hw-nvme-fix-number-of-PIDs-for-FDP-RUH-update.patch

@@ -0,0 +1,35 @@
+From 3696b12c582440669de12d127701187828c5598f Mon Sep 17 00:00:00 2001
+From: Xu Zheng <xuzheng_yewu@cmss.chinamobile.com>
+Date: Fri, 19 Jul 2024 22:11:17 +0800
+Subject: [PATCH] hw/nvme: fix number of PIDs for FDP RUH update
+
+The number of PIDs is in the upper 16 bits of cdw10. So we need to
+right-shift by 16 bits instead of only a single bit.
+
+Fixes: 73064edfb864 ("hw/nvme: flexible data placement emulation")
+
+cherry-pick from 3936bbdf9a2e9233875f850c7576c79d06add261
+Signed-off-by: Vincent Fu <vincent.fu@samsung.com>
+Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+Signed-off-by: Xu Zheng <xuzheng_yewu@cmss.chinamobile.com>
+---
+ hw/nvme/ctrl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
+index 237b5c8871..d7e83c3d55 100644
+--- a/hw/nvme/ctrl.c
++++ b/hw/nvme/ctrl.c
+@@ -4352,7 +4352,7 @@ static uint16_t nvme_io_mgmt_send_ruh_update(NvmeCtrl *n, NvmeRequest *req)
+     NvmeNamespace *ns = req->ns;
+     uint32_t cdw10 = le32_to_cpu(cmd->cdw10);
+     uint16_t ret = NVME_SUCCESS;
+-    uint32_t npid = (cdw10 >> 1) + 1;
++    uint32_t npid = (cdw10 >> 16) + 1;
+     unsigned int i = 0;
+     g_autofree uint16_t *pids = NULL;
+     uint32_t maxnpid;
+-- 
+2.41.0.windows.1
+

physmem-Bail-out-qemu_ram_block_from_host-for-invali.patch

@@ -0,0 +1,40 @@
+From 39eae397a6b573505c0e84cc808cd9765a950908 Mon Sep 17 00:00:00 2001
+From: guping <guping_yewu@cmss.chinamobile.com>
+Date: Mon, 15 Jul 2024 00:54:12 +0000
+Subject: [PATCH] physmem: Bail out qemu_ram_block_from_host() for invalid ram
+ addrs cherry-pick from 596ccccdbfa124adb42be8c2faf0c74f4849c7a6
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Bail out in qemu_ram_block_from_host() when
+xen_ram_addr_from_mapcache() does not find an existing
+mapping.
+
+Signed-off-by: default avatarEdgar E. Iglesias <edgar.iglesias@amd.com>
+Reviewed-by: default avatarAlex Bennée <alex.bennee@linaro.org>
+Reviewed-by: default avatarStefano Stabellini <sstabellini@kernel.org>
+
+Signed-off-by: guping <guping_yewu@cmss.chinamobile.com>
+---
+ system/physmem.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/system/physmem.c b/system/physmem.c
+index cbe838f203..0c629233bd 100644
+--- a/system/physmem.c
++++ b/system/physmem.c
+@@ -2263,6 +2263,10 @@ RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
+         ram_addr_t ram_addr;
+         RCU_READ_LOCK_GUARD();
+         ram_addr = xen_ram_addr_from_mapcache(ptr);
++        if (ram_addr == RAM_ADDR_INVALID) {
++            return NULL;
++        }
++
+         block = qemu_get_ram_block(ram_addr);
+         if (block) {
+             *offset = ram_addr - block->offset;
+-- 
+2.41.0.windows.1
+

ppc-vof-Fix-unaligned-FDT-property-access.patch

@@ -0,0 +1,34 @@
+From ad1d68502c41ff6a966ae89ae5ac008050602e2a Mon Sep 17 00:00:00 2001
+From: qihao <qihao_yewu@cmss.chinamobile.com>
+Date: Mon, 29 Jul 2024 10:38:46 +0800
+Subject: [PATCH] ppc/vof: Fix unaligned FDT property access
+
+cheery-pick from 785c8637f9d2362a8addf4ded853d975955a9d6b
+
+FDT properties are aligned by 4 bytes, not 8 bytes.
+
+Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
+Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
+---
+ hw/ppc/vof.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/ppc/vof.c b/hw/ppc/vof.c
+index e3b430a81f..b5b6514d79 100644
+--- a/hw/ppc/vof.c
++++ b/hw/ppc/vof.c
+@@ -646,7 +646,7 @@ static void vof_dt_memory_available(void *fdt, GArray *claimed, uint64_t base)
+     mem0_reg = fdt_getprop(fdt, offset, "reg", &proplen);
+     g_assert(mem0_reg && proplen == sizeof(uint32_t) * (ac + sc));
+     if (sc == 2) {
+-        mem0_end = be64_to_cpu(*(uint64_t *)(mem0_reg + sizeof(uint32_t) * ac));
++        mem0_end = ldq_be_p(mem0_reg + sizeof(uint32_t) * ac);
+     } else {
+         mem0_end = be32_to_cpu(*(uint32_t *)(mem0_reg + sizeof(uint32_t) * ac));
+     }
+-- 
+2.41.0.windows.1
+

qemu.spec

@@ -3,7 +3,7 @@
 
 Name: qemu
 Version: 8.2.0
-Release: 16
+Release: 17
 Epoch: 11
 Summary: QEMU is a generic and open source machine emulator and virtualizer
 License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@@ -287,6 +287,21 @@ Patch0270: nbd-server-Plumb-in-new-args-to-nbd_client_add.patch
 Patch0271: nbd-server-CVE-2024-7409-Cap-default-max-connections.patch
 Patch0272: nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch
 Patch0273: nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch
+Patch0274: physmem-Bail-out-qemu_ram_block_from_host-for-invali.patch
+Patch0275: hvf-arm-Do-not-advance-PC-when-raising-an-exception.patch
+Patch0276: hw-nvme-fix-memory-leak-in-nvme_dsm.patch
+Patch0277: hw-nvme-fix-number-of-PIDs-for-FDP-RUH-update.patch
+Patch0278: aspeed-smc-Fix-possible-integer-overflow.patch
+Patch0279: hw-display-bcm2835_fb-fix-fb_use_offsets-condition.patch
+Patch0280: vl-fix-type-is-NULL-in-vga-help.patch
+Patch0281: ppc-vof-Fix-unaligned-FDT-property-access.patch
+Patch0282: crypto-Introduce-SM4-symmetric-cipher-algorithm.patch
+Patch0283: target-sparc-use-signed-denominator-in-sdiv-helper.patch
+Patch0284: Add-support-for-the-virtcca-cvm-feature.patch
+Patch0285: target-i386-add-support-for-LAM-in-CPUID-enumeration.patch
+Patch0286: target-i386-add-control-bits-support-for-LAM.patch
+Patch0287: cvm-bug-fix-for-incorrect-device-name-check-for-vhos.patch
+Patch0288: cvm-bug-fix-for-undefined-reference-to-virtcca_cvm_a.patch
 
 BuildRequires: flex
 BuildRequires: gcc
@@ -884,6 +899,23 @@ getent passwd qemu >/dev/null || \
 %endif
 
 %changelog
+* Thu Sep 5 2024 Jiabo Feng <fengjiabo1@huawei.com> - 11:8.2.0-17
+- cvm : bug fix for undefined reference to 'virtcca_cvm_allowed' while compiling
+- cvm : bug-fix for incorrect device name check for vhost-user-fs
+- target/i386: add control bits support for LAM
+- target/i386: add support for LAM in CPUID enumeration
+- Add support for the virtcca cvm feature.
+- target/sparc: use signed denominator in sdiv helper
+- crypto: Introduce SM4 symmetric cipher algorithm
+- ppc/vof: Fix unaligned FDT property access
+- vl: fix "type is NULL" in -vga help
+- hw/display/bcm2835_fb: fix fb_use_offsets condition
+- aspeed/smc: Fix possible integer overflow
+- hw/nvme: fix number of PIDs for FDP RUH update
+- hw/nvme: fix memory leak in nvme_dsm
+- hvf: arm: Do not advance PC when raising an exception
+- physmem: Bail out qemu_ram_block_from_host() for invalid ram addrs
+
 * Tue Aug 13 2024 Jiabo Feng <fengjiabo1@huawei.com> - 11:8.2.0-16
 - nbd/server: CVE-2024-7409: Close stray clients at server-stop
 - nbd/server: CVE-2024-7409: Drop non-negotiating clients

target-i386-add-control-bits-support-for-LAM.patch

@@ -0,0 +1,99 @@
+From 03e73f225c44daa067ff1c57845dcd4678897a49 Mon Sep 17 00:00:00 2001
+From: Binbin Wu <binbin.wu@linux.intel.com>
+Date: Fri, 12 Jan 2024 14:00:42 +0800
+Subject: [PATCH] target/i386: add control bits support for LAM
+
+commit 0117067131f99acaab4f4d2cca0290c5510e37cf upstream.
+
+LAM uses CR3[61] and CR3[62] to configure/enable LAM on user pointers.
+LAM uses CR4[28] to configure/enable LAM on supervisor pointers.
+
+For CR3 LAM bits, no additional handling needed:
+- TCG
+  LAM is not supported for TCG of target-i386.  helper_write_crN() and
+  helper_vmrun() check max physical address bits before calling
+  cpu_x86_update_cr3(), no change needed, i.e. CR3 LAM bits are not allowed
+  to be set in TCG.
+- gdbstub
+  x86_cpu_gdb_write_register() will call cpu_x86_update_cr3() to update cr3.
+  Allow gdb to set the LAM bit(s) to CR3, if vcpu doesn't support LAM,
+  KVM_SET_SREGS will fail as other reserved bits.
+
+For CR4 LAM bit, its reservation depends on vcpu supporting LAM feature or
+not.
+- TCG
+  LAM is not supported for TCG of target-i386.  helper_write_crN() and
+  helper_vmrun() check CR4 reserved bit before calling cpu_x86_update_cr4(),
+  i.e. CR4 LAM bit is not allowed to be set in TCG.
+- gdbstub
+  x86_cpu_gdb_write_register() will call cpu_x86_update_cr4() to update cr4.
+  Mask out LAM bit on CR4 if vcpu doesn't support LAM.
+- x86_cpu_reset_hold() doesn't need special handling.
+
+Intel-SIG: commit 0117067131f9 target/i386: add control bits support for
+LAM
+Backport Qemu Linear Address Masking (LAM) support.
+
+Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>
+Tested-by: Xuelian Guo <xuelian.guo@intel.com>
+Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
+Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
+Message-ID: <20240112060042.19925-3-binbin.wu@linux.intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+[ Zhiquan Li: amend commit log ]
+Signed-off-by: Zhiquan Li <zhiquan1.li@intel.com>
+---
+ target/i386/cpu.h    | 7 ++++++-
+ target/i386/helper.c | 4 ++++
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/target/i386/cpu.h b/target/i386/cpu.h
+index 8dbcb4a35f..b0666167d2 100644
+--- a/target/i386/cpu.h
++++ b/target/i386/cpu.h
+@@ -262,6 +262,7 @@ typedef enum X86Seg {
+ #define CR4_SMAP_MASK   (1U << 21)
+ #define CR4_PKE_MASK   (1U << 22)
+ #define CR4_PKS_MASK   (1U << 24)
++#define CR4_LAM_SUP_MASK (1U << 28)
+ 
+ #define CR4_RESERVED_MASK \
+ (~(target_ulong)(CR4_VME_MASK | CR4_PVI_MASK | CR4_TSD_MASK \
+@@ -270,7 +271,8 @@ typedef enum X86Seg {
+                 | CR4_OSFXSR_MASK | CR4_OSXMMEXCPT_MASK | CR4_UMIP_MASK \
+                 | CR4_LA57_MASK \
+                 | CR4_FSGSBASE_MASK | CR4_PCIDE_MASK | CR4_OSXSAVE_MASK \
+-                | CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | CR4_PKS_MASK))
++                | CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | CR4_PKS_MASK \
++                | CR4_LAM_SUP_MASK))
+ 
+ #define DR6_BD          (1 << 13)
+ #define DR6_BS          (1 << 14)
+@@ -2527,6 +2529,9 @@ static inline uint64_t cr4_reserved_bits(CPUX86State *env)
+     if (!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKS)) {
+         reserved_bits |= CR4_PKS_MASK;
+     }
++    if (!(env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_LAM)) {
++        reserved_bits |= CR4_LAM_SUP_MASK;
++    }
+     return reserved_bits;
+ }
+ 
+diff --git a/target/i386/helper.c b/target/i386/helper.c
+index 2070dd0dda..1da7a7d315 100644
+--- a/target/i386/helper.c
++++ b/target/i386/helper.c
+@@ -219,6 +219,10 @@ void cpu_x86_update_cr4(CPUX86State *env, uint32_t new_cr4)
+         new_cr4 &= ~CR4_PKS_MASK;
+     }
+ 
++    if (!(env->features[FEAT_7_1_EAX] & CPUID_7_1_EAX_LAM)) {
++        new_cr4 &= ~CR4_LAM_SUP_MASK;
++    }
++
+     env->cr[4] = new_cr4;
+     env->hflags = hflags;
+ 
+-- 
+2.41.0.windows.1
+

target-i386-add-support-for-LAM-in-CPUID-enumeration.patch

@@ -0,0 +1,69 @@
+From 8bc3dd094a9daa348d49436dc4d0867b7b514ba7 Mon Sep 17 00:00:00 2001
+From: Robert Hoo <robert.hu@linux.intel.com>
+Date: Fri, 12 Jan 2024 14:00:41 +0800
+Subject: [PATCH] target/i386: add support for LAM in CPUID enumeration
+
+commit ba6780905943696d790cc880c8e5684b51f027fe upstream.
+
+Linear Address Masking (LAM) is a new Intel CPU feature, which allows
+software to use of the untranslated address bits for metadata.
+
+The bit definition:
+CPUID.(EAX=7,ECX=1):EAX[26]
+
+Add CPUID definition for LAM.
+
+Note LAM feature is not supported for TCG of target-i386, LAM CPIUD bit
+will not be added to TCG_7_1_EAX_FEATURES.
+
+More info can be found in Intel ISE Chapter "LINEAR ADDRESS MASKING(LAM)"
+https://cdrdv2.intel.com/v1/dl/getContent/671368
+
+Intel-SIG: commit ba6780905943 target/i386: add support for LAM in CPUID
+enumeration
+Backport Qemu Linear Address Masking (LAM) support.
+
+Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
+Co-developed-by: Binbin Wu <binbin.wu@linux.intel.com>
+Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>
+Tested-by: Xuelian Guo <xuelian.guo@intel.com>
+Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
+Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
+Message-ID: <20240112060042.19925-2-binbin.wu@linux.intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+[ Zhiquan Li: amend commit log ]
+Signed-off-by: Zhiquan Li <zhiquan1.li@intel.com>
+---
+ target/i386/cpu.c | 2 +-
+ target/i386/cpu.h | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/target/i386/cpu.c b/target/i386/cpu.c
+index 711370d9b8..19ebd49e8c 100644
+--- a/target/i386/cpu.c
++++ b/target/i386/cpu.c
+@@ -967,7 +967,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
+             "fsrc", NULL, NULL, NULL,
+             NULL, NULL, NULL, NULL,
+             NULL, "amx-fp16", NULL, "avx-ifma",
+-            NULL, NULL, NULL, NULL,
++            NULL, NULL, "lam", NULL,
+             NULL, NULL, NULL, NULL,
+         },
+         .cpuid = {
+diff --git a/target/i386/cpu.h b/target/i386/cpu.h
+index 6993552cd9..8dbcb4a35f 100644
+--- a/target/i386/cpu.h
++++ b/target/i386/cpu.h
+@@ -926,6 +926,8 @@ uint64_t x86_cpu_get_supported_feature_word(FeatureWord w,
+ #define CPUID_7_1_EAX_AMX_FP16          (1U << 21)
+ /* Support for VPMADD52[H,L]UQ */
+ #define CPUID_7_1_EAX_AVX_IFMA          (1U << 23)
++/* Linear Address Masking */
++#define CPUID_7_1_EAX_LAM               (1U << 26)
+ 
+ /* Support for VPDPB[SU,UU,SS]D[,S] */
+ #define CPUID_7_1_EDX_AVX_VNNI_INT8     (1U << 4)
+-- 
+2.41.0.windows.1
+

target-sparc-use-signed-denominator-in-sdiv-helper.patch

@@ -0,0 +1,41 @@
+From a222f9c1eea20db470c55f534d85987df27a1654 Mon Sep 17 00:00:00 2001
+From: Xu Zheng <xuzheng_yewu@cmss.chinamobile.com>
+Date: Fri, 19 Jul 2024 22:45:21 +0800
+Subject: [PATCH] target/sparc: use signed denominator in sdiv helper
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The result has to be done with the signed denominator (b32) instead of
+the unsigned value passed in argument (b).
+
+cherry-pick from 6b4965373e561b77f91cfbdf41353635c9661358
+Fixes: 1326010322d6 ("target/sparc: Remove CC_OP_DIV")
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2319
+Signed-off-by: Clément Chigot <chigot@adacore.com>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Message-Id: <20240606144331.698361-1-chigot@adacore.com>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+(cherry picked from commit 6b4965373e561b77f91cfbdf41353635c9661358)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+Signed-off-by: Xu Zheng <xuzheng_yewu@cmss.chinamobile.com>
+---
+ target/sparc/helper.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/target/sparc/helper.c b/target/sparc/helper.c
+index bd10b60e4b..8820c59e7c 100644
+--- a/target/sparc/helper.c
++++ b/target/sparc/helper.c
+@@ -121,7 +121,7 @@ uint64_t helper_sdiv(CPUSPARCState *env, target_ulong a, target_ulong b)
+         return (uint32_t)(b32 < 0 ? INT32_MAX : INT32_MIN) | (-1ull << 32);
+     }
+ 
+-    a64 /= b;
++    a64 /= b32;
+     r = a64;
+     if (unlikely(r != a64)) {
+         return (uint32_t)(a64 < 0 ? INT32_MIN : INT32_MAX) | (-1ull << 32);
+-- 
+2.41.0.windows.1
+

vl-fix-type-is-NULL-in-vga-help.patch

@@ -0,0 +1,49 @@
+From ef42d79d805e430e24df57d46c156f9a7e3e1bed Mon Sep 17 00:00:00 2001
+From: qihao <qihao_yewu@cmss.chinamobile.com>
+Date: Thu, 25 Jul 2024 14:11:12 +0800
+Subject: [PATCH] vl: fix "type is NULL" in -vga help
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+cheery-pick from a99dc9cd611cbaf10edee6260272e299626d0871
+
+Don't pass NULL to module_object_class_by_name(), when the interface is
+unavailable.
+
+Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Message-ID: <20240715114420.2062870-1-marcandre.lureau@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Signed-off-by: qihao_yewu <qihao_yewu@cmss.chinamobile.com>
+---
+ system/vl.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/system/vl.c b/system/vl.c
+index 165c3cae8a..8e3357c578 100644
+--- a/system/vl.c
++++ b/system/vl.c
+@@ -994,9 +994,16 @@ static bool vga_interface_available(VGAInterfaceType t)
+     const VGAInterfaceInfo *ti = &vga_interfaces[t];
+ 
+     assert(t < VGA_TYPE_MAX);
+-    return !ti->class_names[0] ||
+-           module_object_class_by_name(ti->class_names[0]) ||
+-           module_object_class_by_name(ti->class_names[1]);
++
++    if (!ti->class_names[0] || module_object_class_by_name(ti->class_names[0])) {
++        return true;
++    }
++
++    if (ti->class_names[1] && module_object_class_by_name(ti->class_names[1])) {
++        return true;
++    }
++
++    return false;
+ }
+ 
+ static const char *
+-- 
+2.41.0.windows.1
+