Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* add help option for -audio and -audiodev
* another missing memory barrier for dirty pages
* target/i386: Raise #GP on unaligned m128 accesses
* coverity fixes + improvements to components
* add MMX and 3DNow! tests
* SSE4a fixes
* target/i386: TCG translation cleanups
* update qboot submodule

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmMocZcUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroNV7Qf+NEoB8R0ug+ClMRe1Qqt8FXEd0eXE
# nT19q4rOWfmW4/L+wI6gpxhbxrxOuLwoZ8YvD8c6rQAdexMoHoeTvA1PAca4zZTo
# ISmW3bXsoHN2uGLPz4CKhjKBLCANtDkh3EWCwRFkLSRCLSRDhKPrG1Ue3fOgQ6GO
# riROcxbyYzvU/4uefSW+xG/Im9gftNF6occZZ59LrK7Xd8kwlb+E+EdsmzFw5f8O
# Q9irVQ8pX9ZM4BK2KiT16nZ0uSRwJqSJKbLI670nUEsj1jQCIgU3srgZHjAIvoir
# yivDs6oktgS/HkPD5CQoTX+fVDgEDM1TTF6P8r7uJopPXpzz+AHswfSJmg==
# =RVCS
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 19 Sep 2022 09:41:43 EDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (21 commits)
  qboot: update to latest submodule
  build: remove extra parentheses causing missing rebuilds
  target/i386: introduce insn_get_addr
  target/i386: REPZ and REPNZ are mutually exclusive
  target/i386: fix INSERTQ implementation
  target/i386: correctly mask SSE4a bit indices in register operands
  audio: add help option for -audio and -audiodev
  tests/tcg: remove old SSE tests
  tests/tcg: refine MMX support in SSE tests
  tests/tcg: i386: add MMX and 3DNow! tests
  tests/tcg: i386: fix typos in 3DNow! instructions
  tests: unit: add NULL-pointer check
  tests: test-qga: close socket on failure to connect
  tests: unit: simplify test-visitor-serialization list tests
  smbios: sanitize type from external type before checking have_fields_bitmap
  coverity: put NUBus under m68k component
  coverity: add new RISC-V component
  spapr_pci: fix leak in spapr_phb_vfio_get_loc_code
  kvm: fix memory leak on failure to read stats descriptors
  target/i386: Raise #GP on unaligned m128 accesses when required.
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

2 files changed, 9 insertions, 6 deletions

diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 67e9d468aa..57c8a4f085 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -800,6 +800,7 @@ static char *spapr_phb_vfio_get_loc_code(SpaprPhbState *sphb,  PCIDevice *pdev)
     }
 
     /* Construct and read from host device tree the loc-code */
+    g_free(path);
     path = g_strdup_printf("/proc/device-tree%s/ibm,loc-code", devspec);
     if (!g_file_get_contents(path, &buf, NULL, NULL)) {
         return NULL;
diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
index 60349ee402..4c9f664830 100644
--- a/hw/smbios/smbios.c
+++ b/hw/smbios/smbios.c
@@ -1205,13 +1205,15 @@ void smbios_entry_add(QemuOpts *opts, Error **errp)
             return;
         }
 
-        if (test_bit(header->type, have_fields_bitmap)) {
-            error_setg(errp,
-                       "can't load type %d struct, fields already specified!",
-                       header->type);
-            return;
+        if (header->type <= SMBIOS_MAX_TYPE) {
+            if (test_bit(header->type, have_fields_bitmap)) {
+                error_setg(errp,
+                           "can't load type %d struct, fields already specified!",
+                           header->type);
+                return;
+            }
+            set_bit(header->type, have_binfile_bitmap);
         }
-        set_bit(header->type, have_binfile_bitmap);
 
         if (header->type == 4) {
             smbios_type4_count++;