The following patches are queued for QEMU stable v7.2.7: https://gitlab.com/qemu-project/qemu/-/commits/staging-7.2
Patch freeze is 2023-11-19 (frozen), and the release is planned for 2023-11-21: https://wiki.qemu.org/Planning/7.2 Please respond here or CC qemu-sta...@nongnu.org on any additional patches you think should (or shouldn't) be included in the release. v2: added more changes, removed 6f189a08c1 ("ui/gtk-egl: Check EGLSurface before doing scanout"), since this one caused a regression and the fix hasn't been found its way to master still. Hopefully this one can be included (together with the fix) in the next stable release. The changes which are staging for inclusion, with the original commit hash from master branch, are given below the bottom line. Thanks! /mjt -------------------------------------- 01* 7798f5c576d8 Nicholas Piggin: hw/ppc: Introduce functions for conversion between timebase and nanoseconds 02* 47de6c4c2870 Nicholas Piggin: host-utils: Add muldiv64_round_up 03* eab0888418ab Nicholas Piggin: hw/ppc: Round up the decrementer interval when converting to ns 04* 8e0a5ac87800 Nicholas Piggin: hw/ppc: Avoid decrementer rounding errors 05* c8fbc6b9f2f3 Nicholas Piggin: target/ppc: Sign-extend large decrementer to 64-bits 06* 17dd1354c1d1 Nicholas Piggin: target/ppc: Decrementer fix BookE semantics 07* febb71d543a8 Nicholas Piggin: hw/ppc: Always store the decrementer value 08* 2529497cb6b2 Mikulas Patocka: linux-user/hppa: clear the PSW 'N' bit when delivering signals 09* 5b1270ef1477 Mikulas Patocka: linux-user/hppa: lock both words of function descriptor 10* 7b165fa16402 Li Zhijian: hw/cxl: Fix CFMW config memory leak 11* 903dbefc2b69 Peter Maydell: target/arm: Don't skip MTE checks for LDRT/STRT at EL0 12* 0e5903436de7 Nicholas Piggin: accel/tcg: mttcg remove false-negative halted assertion 13* 7cfcc79b0ab8 Thomas Huth: hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467] 14* 0cb9c5880e6b Paolo Bonzini: ui/vnc: fix debug output for invalid audio message 15* 477b301000d6 Paolo Bonzini: ui/vnc: fix handling of VNC_FEATURE_XVP 16* 35ed01ba5448 Fabiano Rosas: optionrom: Remove build-id section 17* b86dc5cb0b41 Mark Cave-Ayland: esp: use correct type for esp_dma_enable() in sysbus_esp_gpio_demux() 18* 77668e4b9bca Mark Cave-Ayland: esp: restrict non-DMA transfer length to that of available data 19* be2b619a1734 Mark Cave-Ayland: scsi-disk: ensure that FORMAT UNIT commands are terminated 20* 3d304620ec6c Paolo Bonzini: target/i386: fix operand size of unary SSE operations 21* 9e65829699f9 Paolo Bonzini: tests/tcg/i386: correct mask for VPERM2F128/VPERM2I128 22* afa94dabc52b Ricky Zhou: target/i386: Fix and add some comments next to SSE/AVX instructions. 23* cab529b0dc15 Ricky Zhou: target/i386: Fix exception classes for SSE/AVX instructions. 24* 8bf171c2d126 Ricky Zhou: target/i386: Fix exception classes for MOVNTPS/MOVNTPD. 25* a48b26978a09 Paolo Bonzini: target/i386: generalize operand size "ph" for use in CVTPS2PD 26* abd41884c530 Paolo Bonzini: target/i386: fix memory operand size for CVTPS2PD 27* e0288a778473 Laszlo Ersek: hw/display/ramfb: plug slight guest-triggerable leak on mode setting 28* 4f7689f0817a Thomas Huth: chardev/char-pty: Avoid losing bytes when the other side just (re-)connected 29* 33bc4fa78b06 Richard Henderson: linux-user/hppa: Fix struct target_sigcontext layout 30* 0114c4513095 Akihiko Odaki: amd_iommu: Fix APIC address check 31* 86dec715a733 Peter Xu: migration/qmp: Fix crash on setting tls-authz with null 32* 00e3b29d065f Volker Rümelin: hw/audio/es1370: reset current sample counter 33* cffa99549088 Alvin Chang: disas/riscv: Fix the typo of inverted order of pmpaddr13 and pmpaddr14 34* 85fc35afa93c Yuval Shaia: hw/pvrdma: Protect against buggy or malicious guest driver 35* caea03279e11 Fabiano Rosas: migration: Fix analyze-migration read operation signedness 36* 6fad9b4bb91d Mikulas Patocka: linux-user/mips: fix abort on integer overflow 37* 3b894b699c9a Mikulas Patocka: linux-user/sh4: Fix crashes on signal delivery 38* a1e6a5c46219 Helge Deller: lasips2: LASI PS/2 devices are not user-createable 39* ae5f70baf549 Lu Gao: hw/sd/sdhci: Block Size Register bits [14:12] is lost 40* 6f83dc67168d Glenn Miles: misc/led: LED state is set opposite of what is expected 41* 7a06a8fec9df Akihiko Odaki: tests/migration: Add -fno-stack-protector 42* 580731dcc87e Akihiko Odaki: tests/tcg: Add -fno-stack-protector 43* 8b097fd6b06e Andrey Drobyshev: qemu-img: rebase: stop when reaching EOF of old backing file 44* 827171c31805 Andrey Drobyshev: qemu-iotests: 024: add rebasing test case for overlay_size > backing_size 45* 9f0246539ae8 Daniel P. Berrangé: Revert "linux-user: add more compat ioctl definitions" 46* 6003159ce18f Daniel P. Berrangé: Revert "linux-user: fix compat with glibc >= 2.36 sys/mount.h" 47* 0d3de77a07f4 Fabiano Rosas: target/arm: Don't access TCG code when debugging with KVM 48* 21a4ab8318ba Peter Maydell: target/arm: Don't allow stage 2 page table walks to downgrade to NS 49* fcc0b0418fff Peter Maydell: target/arm: Fix handling of SW and NSW bits for stage 2 walks 50* 4c09abeae870 Peter Maydell: target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk 51* cc8fb0c3ae3c Vladimir Sementsov-Ogievskiy: block/nvme: nvme_process_completion() fix bound for cid 52* 08730ee0cc01 BALATON Zoltan: ati-vga: Implement fallback for pixman routines 53* 565f85a9c293 Marc-André Lureau: ui/gtk: force realization of drawing area 54* 47fd6ab1e334 Dongwon Kim: ui/gtk-egl: apply scale factor when calculating window's dimension 55* 04591b3ddd9a Philippe Mathieu-Daudé: target/mips: Fix MSA BZ/BNZ opcodes displacement 56* 18f86aecd6a1 Philippe Mathieu-Daudé: target/mips: Fix TX79 LQ/SQ opcodes 57* 7d7512019fc4 Fiona Ebner: hw/ide: reset: cancel async DMA operation before resetting state 58* cc610857bbd3 Fiona Ebner: tests/qtest: ahci-test: add test exposing reset issue with pending callback 59* bea402482a8c Ilya Leoshkevich: target/s390x: Fix LAALG not updating cc_src 60* ebc14107f1f3 Ilya Leoshkevich: tests/tcg/s390x: Test LAALG with negative cc_src 61 4d96307c5b4f Marc-André Lureau: tracetool: avoid invalid escape in Python string 62 f8cfdd2038c1 Bastian Koppelmann: target/tricore: Rename tricore_feature (commit(s) marked with * were in previous series and are not resent)
