Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc, pci, virtio: cleanups, fixes

a bunch of bugfixes and a couple of cleanups
making these easier and/or making debugging easier

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri 29 Jul 2016 04:11:01 BST
# gpg:                using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream: (41 commits)
  mptsas: Fix a migration compatible issue
  vhost: do not update last avail idx on get_vring_base() failure
  vhost: add vhost_net_set_backend()
  vhost-user: add error report in vhost_user_write()
  tests: fix vhost-user-test leak
  tests: plug some leaks in virtio-net-test
  vhost-user: wait until backend init is completed
  char: add and use tcp_chr_wait_connected
  char: add chr_wait_connected callback
  vhost: add assert() to check runtime behaviour
  vhost-net: vhost_migration_done is vhost-user specific
  Revert "vhost-net: do not crash if backend is not present"
  vhost-user: add get_vhost_net() assertions
  vhost-user: keep vhost_net after a disconnection
  vhost-user: check vhost_user_{read,write}() return value
  vhost-user: check qemu_chr_fe_set_msgfds() return value
  vhost-user: call set_msgfds unconditionally
  qemu-char: fix qemu_chr_fe_set_msgfds() crash when disconnected
  vhost: use error_report() instead of fprintf(stderr,...)
  vhost: add missing VHOST_OPS_DEBUG
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

diff --combined hw/virtio/virtio.c
index 28cf504,b4d0511..15ee3a7
--- 1/hw/virtio/virtio.c
--- 2/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@@ -458,6 -458,11 +458,11 @@@ static void virtqueue_map_desc(unsigne
      unsigned num_sg = *p_num_sg;
      assert(num_sg <= max_num_sg);
  
+     if (!sz) {
+         error_report("virtio: zero sized buffers are not allowed");
+         exit(1);
+     }
+ 
      while (sz) {
          hwaddr len = sz;
  
@@@ -562,11 -567,6 +567,11 @@@ void *virtqueue_pop(VirtQueue *vq, size
  
      max = vq->vring.num;
  
 +    if (vq->inuse >= vq->vring.num) {
 +        error_report("Virtqueue size exceeded");
 +        exit(1);
 +    }
 +
      i = head = virtqueue_get_head(vq, vq->last_avail_idx++);
      if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) {
          vring_set_avail_event(vq, vq->last_avail_idx);