Thomas Huth [Fri, 10 Oct 2025 14:45:25 +0000 (16:45 +0200)]
tests/functional/alpha: Remove superfluous fetch() line from the clipper test
The kernel asset is retrieved automatically via the uncompress()
line below the fetch(), so the fetch() is simply not necessary here.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251010144525.842462-1-thuth@redhat.com>
Thomas Huth [Tue, 14 Oct 2025 08:34:24 +0000 (10:34 +0200)]
tests: Evict stale files in the functional download cache after a while
The download cache of the functional tests is currently only growing.
But sometimes tests get removed or changed to use different assets,
thus we should clean up the stale old assets after a while when they
are not in use anymore. So add a script that looks at the time stamps
of the assets and removes them if they haven't been touched for more
than half of a year. Since there might also be some assets around that
have been added to the cache before we added the time stamp files,
assume a default time stamp that is close to the creation date of this
patch, so that we don't delete these files too early (so we still have
all assets around in case we have to bisect an issue in the recent past
of QEMU).
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251014083424.103202-3-thuth@redhat.com>
Thomas Huth [Tue, 14 Oct 2025 08:34:23 +0000 (10:34 +0200)]
tests/functional: Set current time stamp of assets when using them
We are going to remove obsolete assets from the cache, so keep
the time stamps of the assets that we use up-to-date to have a way
to detect stale assets later.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251014083424.103202-2-thuth@redhat.com>
For the Windows msys2 CI job we install many packages using pacman
and use the GitLab cache to preserve the pacman cache across CI
runs. While metadata still needs downloading, this avoids pacman
re-downloading packages from msys2 if they have not changed.
The problem is that pacman never automatically purges anything
from its package cache. Thus the GitLab cache is growing without
bound and packing/unpacking the cache is consuming an increasing
amount of time in the CI job.
If we run 'pacman -Sc' /after/ installing our desired package set,
it will purge any cached downloaded packages that are not matching
any installed package.
This will (currently) cap the pacman download cache at approx
256 MB.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Yonggang Luo <luoyonggang@gmail.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20251010160545.144760-1-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Mon, 6 Oct 2025 16:18:50 +0000 (18:18 +0200)]
tests/functional/aarch64: Drop some sbsaref_alpine tests
test_sbsaref_alpine is one of the longest running test in our testsuite,
because it does a full Linux boot a couple of times, for various different
CPU configurations. That's quite a lot of testing each time, for a rather
small additional test coverage. Thus let's drop some of the tests that don't
provide much in addition to the other ones.
Suggested-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251006161850.181998-1-thuth@redhat.com>
Thomas Huth [Wed, 8 Oct 2025 13:19:36 +0000 (15:19 +0200)]
python/qemu: Replace some remaining "avocados" with "functional tests"
The avocado tests have been replaced by the new functional tests,
so also update this in the README.rst files in the python directory
accordingly.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251008131936.71160-1-thuth@redhat.com>
Merge tag 'pull-loongarch-20251015' of https://github.com/bibo-mao/qemu into staging
loongarch queue
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQNhkKjomWfgLCz0aQfewwSUazn0QUCaO8QRQAKCRAfewwSUazn
# 0UxeAQCM8zwwTBnAWbDJpxPWTVD5yz+Bv2YP+IbDc24BkzEvJwD/Z+5u+gEuBtum
# U8tTU/huVLezwpbwqgpTAYI2wJAOygw=
# =XZMy
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 14 Oct 2025 08:08:53 PM PDT
# gpg: using EDDSA key 0D8642A3A2659F80B0B3D1A41F7B0C1251ACE7D1
# gpg: Good signature from "bibo mao <maobibo@loongson.cn>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7044 3A00 19C0 E97A 31C7 13C4 8E86 8FB7 A176 9D4C
# Subkey fingerprint: 0D86 42A3 A265 9F80 B0B3 D1A4 1F7B 0C12 51AC E7D1
* tag 'pull-loongarch-20251015' of https://github.com/bibo-mao/qemu:
hw/loongarch/virt: Sort order by hardware device base address
hw/loongarch/virt: Remove header file ls7a.h
target/loongarch: Skip global TLB when calculating replaced TLB
target/loongarch: Add missing TLB flush with different asid
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Bibo Mao [Mon, 13 Oct 2025 06:35:16 +0000 (14:35 +0800)]
hw/loongarch/virt: Sort order by hardware device base address
With header file include/hw/loongarch/virt.h, hardware device definition
order is sorted by its base address. Add remove unused macro
VIRT_IOAPIC_REG_BASE and VIRT_MISC_REG_BASE.
Signed-off-by: Bibo Mao <maobibo@loongson.cn> Reviewed-by: Song Gao <gaosong@loongson.cn>
Bibo Mao [Mon, 13 Oct 2025 06:35:15 +0000 (14:35 +0800)]
hw/loongarch/virt: Remove header file ls7a.h
LoongArch virt machine uses GPEX PCIE host bridge rather than 7A host
bridge. Remove header file ls7a.h and put hardware information to file
include/hw/loongarch/virt.h
Signed-off-by: Bibo Mao <maobibo@loongson.cn> Reviewed-by: Song Gao <gaosong@loongson.cn>
Bibo Mao [Thu, 9 Oct 2025 02:59:31 +0000 (10:59 +0800)]
target/loongarch: Add missing TLB flush with different asid
If asid is changed in function helper_csrwr_asid(), qemu TLB is flushed,
however loongArch TLB is still valid. So loongArch TLB need be invalidated
in function invalidate_tlb() with different asid and bit effective need
be cleared.
Signed-off-by: Bibo Mao <maobibo@loongson.cn> Reviewed-by: Song Gao <gaosong@loongson.cn>
Merge tag 'pull-tcg-20251014' of https://gitlab.com/rth7680/qemu into staging
linux-user: Support MADV_DONTDUMP, MADV_DODUMP
accel/tcg: Hoist first page lookup above pointer_wrap
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmjuhtYdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9pEAgAty/bDw2U0l2Vnqxc
# xhDOcShpmIjelk9i8QtLve6uy0VS9FZBlQS2PbICI0Y2U5wpPsjFtyOyguSjrtrw
# tzVQwFsBme+ChdE8WrmYeKtp5eTk2jeXhGKH96nLDoEJU0R6Ul01FHYe6eWDRAmv
# ojsM/1Fl9YyHKR1U0R10Ijf09Id14Rq7BGDvi0UvVXO3yGT44oZqCtCLeLbXya0E
# 3rx5l/Mc5T6ycsF3kuooWq/cguFiH87Z3jU/wZe4xFANEeXDadlS5bUO/Ee9/TU8
# +ANInpHN7d9CEqkOpjHZEpvPJV1aNfGPMuyT84ebS2Xy7PC4drVi9t7P6DrJDO3h
# g7cFFA==
# =hVWM
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 14 Oct 2025 10:22:30 AM PDT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-tcg-20251014' of https://gitlab.com/rth7680/qemu:
accel/tcg: Hoist first page lookup above pointer_wrap
linux-user: Support MADV_DONTDUMP, MADV_DODUMP
accel/tcg: Add clear_flags argument to page_set_flags
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
accel/tcg: Hoist first page lookup above pointer_wrap
For strict alignment targets we registered cpu_pointer_wrap_notreached,
but generic code used it before recognizing the alignment exception.
Hoist the first page lookup, so that the alignment exception happens first.
Cc: qemu-stable@nongnu.org Buglink: https://bugs.debian.org/1112285 Fixes: a4027ed7d4be ("target: Use cpu_pointer_wrap_notreached for strict align targets") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jon Wilson [Wed, 24 Sep 2025 01:52:28 +0000 (18:52 -0700)]
linux-user: Support MADV_DONTDUMP, MADV_DODUMP
Set and clear PAGE_DONTDUMP, and honor that in vma_dump_size.
Signed-off-by: Jon Wilson <jonwilson030981@gmail.com>
[rth: Use new page_set_flags semantics; also handle DODUMP] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* rust: fix nightly warnings
* target/i386: a smattering of fixes
* monitor: add "info accelerators"
* kvm: cleanups to kvm_cpu_synchronize_put()
* target/i386: Add TSA attack variants and verw-clear feature flag
* async: tsan bottom half fixes
* rust: migration state wrappers with support for BQL-free devices
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmjuRZYUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroPTFgf+LRXCvGJwrlJwD4cAS/TBzhzpOAMZ
# v75RZ/s2tF7nYRhT28MDtZWsXeVrjO/nrSXaThxe6WHfmKK2W+16a+BgfhbeTEGt
# wBnK3JMb84i7T2Foy91jVCc4k0igwZu6Wmnf3rOP9gpdjAK6FYLje1KWvF7FrJO1
# ackAzJJ+TiZmc5QpXLW8sjaIidmefveXsdHwMVRz67LDvlDANEhp4rixjTVmKe0Z
# UL3tzrEj/b15vvElkh3a1IrVAttexay425J94R5i3Xpz3fEBqmIdpJt4eiCt9j0L
# zL7TOXwSJWiOX+mec6aJwYh8y4ikD6Yq4f4Hc9xFBEZRcICaxx4uoOscYA==
# =FroL
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 14 Oct 2025 05:44:06 AM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [unknown]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (28 commits)
rust: migration: implement ToMigrationState as part of impl_vmstate_bitsized
timer: constify some functions
rust: qemu-macros: add ToMigrationState derive macro
rust: migration: add high-level migration wrappers
rust: move VMState from bql to migration
rust: migration: extract vmstate_fields_ref
rust: migration: validate termination of subsection arrays
rust: migration: do not store raw pointers into VMStateSubsectionsWrapper
rust: migration: do not pass raw pointer to VMStateDescription::fields
rust: bql: add BqlRefCell::get_mut()
accel/kvm: Factor kvm_cpu_synchronize_put() out
accel/kvm: Introduce KvmPutState enum
monitor: generalize query-mshv/"info mshv" to query-accelerators/"info accelerators"
monitor: clarify "info accel" help message
target/i386: user: do not set up a valid LDT on reset
async: access bottom half flags with qatomic_read
target/i386: fix access to the T bit of the TSS
target/i386: fix x86_64 pushw op
i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit
i386/cpu: Prevent delivering SIPI during SMM in TCG mode
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'hw-misc-20251013' of https://github.com/philmd/qemu into staging
Misc HW patches
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmjtUDsACgkQ4+MsLN6t
# wN79jg/+IUcN3tRk39XeLMyJvTBbv1Q/25llZPuCwkPz1kkS9QEtgck0ZluWxiqG
# Uql2mb3mnxR3pQaQ38gim058XfTFnc1W76/cprYq/0HeZuk8XlVVgnU+wjEYFYvD
# nGfdXJdCytGnDjcr4OQGKjsIo20b++QNtB/Jgy+gQNcFc/dg0BHG8sJoeIL/0IRz
# qpJZ3ACcmurlMdfYm3o0U9tRn7I9fmOOZbM5INnA9OBuhrSc95ObXiOKbUd9QTaX
# Fzminv85ZULIx5sX515l6vbiMRaAy/toj40OyWrG6qV6zMv/T8Snpad53NyOEalc
# QHEmx2t7ae0g0o8NB4EEA8JOy/RT9l2nu8xiPeDCcmI6/E4M6mQDovEgMsbhKiYd
# /YbAPifdLyNy4p2D9S0xjXsihNRNshvH0ce7x5sDxRMITrvHWrPQ3WzSxw8oeaVd
# aczm4plm777GSzioIP4zz0hVy48vc9c0Bzsw6CwTJjFI2f8ThuKtDRc/FWabr/cp
# OCA2pBWYSoKCEm8WE+RTpCVu87oPQ/HNj8ekDszFStnPkz62B4Xq8EGriSMM56xX
# R9wn6IRepQ6gc0ObWl8ofgdvuXh+F1wFC2EvhQ6n93Bq1YXKFSccNf9tX84zEMdn
# Dpx6SrKeYA53Qm0fHoOWQeCw2rjwK6hR9Pd5dZB9cK+2XGbfPtQ=
# =nIym
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 13 Oct 2025 12:17:15 PM PDT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'hw-misc-20251013' of https://github.com/philmd/qemu:
hw/hppa: Reduce variables scope in common_init()
hw/hppa: Factor QOM HPPA_COMMON_MACHINE out
hw/hppa: Convert type_init() -> DEFINE_TYPES()
hw/loongarch/boot: Remove unnecessary cast to target_ulong
hw/vmapple: include missing headers
hw/s390x/sclp: Do not ignore address_space_read/write() errors
hw/arm/aspeed: Don't set 'auto_create_sdcard'
hw/net/can/xlnx-versal-canfd: remove unused include directives
hw/sparc/leon3: Remove unnecessary CPU() QOM cast
hw/xtensa/xtfpga: Have xtfpga_init() only initialize MMU
hw/ppc: Do not open-code cpu_resume() in spin_kick()
hw/display/xenfb: Replace unreachable code by g_assert_not_reached()
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-aspeed-20251013' of https://github.com/legoater/qemu into staging
aspeed queue:
* Introduce AspeedCoprocessor class and base implementation
* Remove redudant functional tests to optimize for CI resources
* Deprecate fp5280g2-bmc, qcom-dc-scm-v1-bmc, qcom-firework-bmc and
sonorapass-bmc machines
* Bump ASPEED SDK to v09.08
* Add PCIe and network tests
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmjs8/YACgkQUaNDx8/7
# 7KFjzw//dL7SV3fVdq5faOLVheXTj5IpgtsCaqcBl/KUSprkCV/PHE5wYUN0pKjA
# TBd9waKBt5yg9ppZC/5o20SLkKyrYLa3+2af6X+c0eHo1ALXMUC+Cupws514eEoe
# y9sq1TO+yag5OczUi6h0UCmz3ELK2KHRf8e3ca/0S8zLry5bcwYAu6BHig2wqKnN
# qOkIwz9lSIAem9IvXDbWN15x7nO8eKBlDUfnu9psPToVtRthXifwSgUGAMSndAh9
# Sq9Qjf5Uy5QEocRuCq82xidpAwPRw/ulAe/1nMujHnWuZXx++uJ6PCtL2+pvzkV/
# DZXP1J2elMfjRH+iy1NW/8TIZedv9mHR2qJ4XI7D/IZjpZN2NpjQSjVDapKs/SmX
# LI3kofQRT4OfZ98bhIMsZ7E0MA2i+SGtQSSfKPUqYT6298c6LefHINk9zZsMO8bR
# M4XKDS4yX9gNpM/j2LyxkL/gkMToHKVxmBJFNbC9DAo9AOJ/+iMnUFYT9F7J67jW
# LZwr490K73I1bORbrYStqnAnw0OEuzGVcehOrj7CzIuoy6nGc0yx1YeVDA8HT83Z
# WjCej+TOiDfKnq450VJ5r+CXBDMvwMzls5q5SVEjRN0vtQ04eXPNteUSHrvPLx7q
# tCTs7nzge5hUUZ5Yx5/uIs+341iMMq+U9JMLF71IFEqeIYUxHA0=
# =ubfO
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 13 Oct 2025 05:43:34 AM PDT
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg: aka "Cédric Le Goater <clg@kaod.org>" [full]
* tag 'pull-aspeed-20251013' of https://github.com/legoater/qemu: (29 commits)
hw/arm/aspeed_ast27x0-{ssp,tsp}: Fix coding style
hw/arm/aspeed_ast27x0-tsp: Rename type to TYPE_ASPEED27X0TSP_COPROCESSOR
hw/arm/aspeed_ast27x0-ssp: Rename type to TYPE_ASPEED27X0SSP_COPROCESSOR
hw/arm/aspeed_ast27x0-tsp: Change to use Aspeed27x0CoprocessorState
hw/arm/aspeed_ast27x0-ssp: Change to use Aspeed27x0CoprocessorState
hw/arm/aspeed_ast27x0-tsp: Make AST27x0 TSP inherit from AspeedCoprocessor instead of AspeedSoC
hw/arm/aspeed_ast27x0-ssp: Make AST27x0 SSP inherit from AspeedCoprocessor instead of AspeedSoC
hw/arm/aspeed: Introduce AspeedCoprocessor class and base implementation
hw/arm/aspeed: Remove the aspeed_soc_get_irq and class get_irq hook
hw/arm/aspeed: Remove AspeedSoCState dependency from aspeed_soc_uart_realize() API
hw/arm/aspeed: Remove AspeedSoCState dependency from aspeed_mmio_map_unimplemented() API
hw/arm/aspeed: Remove AspeedSoCState dependency from aspeed_mmio_map() API
hw/arm/aspeed: Remove AspeedSoCClass dependency from aspeed_soc_cpu_type() API
hw/arm/aspeed: Remove AspeedSoCState dependency from aspeed_soc_uart_set_chr() API
hw/arm/aspeed: Remove AspeedSoCClass dependency from aspeed_uart_last() API
hw/arm/aspeed: Remove AspeedSoCState dependency from aspeed_uart_first() API
test/functional/aarch64: Split the ast2700a1-evb OpenBMC boot test
test/functional/aarch64: Remove test for the ast2700a0-evb machine
aspeed: Deprecate the fp5280g2-bmc machine
aspeed: Deprecate the qcom-dc-scm-v1-bmc and qcom-firework-bmc machines
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Instead of dealing with pre/post callbacks, allow devices to
implement a snapshot/restore mechanism; this has two main
advantages:
- it can be easily implemented via procedural macros
- there can be generic implementations to deal with various
kinds of interior-mutable containers, from BqlRefCell to Mutex,
so that C code does not see Rust concepts such as Mutex<>.
Using it is easy; you can implement the snapshot/restore trait
ToMigrationState and declare your state like:
regs: Migratable<Mutex<MyDeviceRegisters>>
Migratable<> allows dereferencing to the underlying object with
no run-time cost.
Note that Migratable<> actually does not accept ToMigrationState,
only the similar ToMigrationStateShared trait that the user will mostly
not care about. This is required by the fact that pre/post callbacks
take a &self, and ensures that the argument is a Mutex or BqlRefCell
(including an array or Arc<> thereof).
Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 9 Oct 2025 08:24:54 +0000 (10:24 +0200)]
rust: move VMState from bql to migration
The high-level wrapper Migratable<T> will contain a BqlCell,
which would introduce a circular dependency betwen the bql and
migration crates. Move the implementation of VMState for cells
to "migration", together with the implementation for std types.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 17 Sep 2025 10:37:59 +0000 (12:37 +0200)]
rust: migration: extract vmstate_fields_ref
This is useful when building a VMState for generic structs, because you have
to avoid nested statics. Using vmstate_fields! will fail in the likely case
where the _FIELDS static uses Self from an outer item, because that is
forbidden.
The separate macros are needed because you cannot just do
The value returned by vmstate_fields_ref! is not promoted to static, which is
unfortunate but intentional (https://github.com/rust-lang/rust/issues/60502):
error[E0716]: temporary value dropped while borrowed
--> rust/hw/char/pl011/libpl011.rlib.p/structured/device.rs:743:17
|
738 | / VMStateDescriptionBuilder::<PL011State>::new()
739 | | .name(c"pl011/clock")
740 | | .version_id(1)
741 | | .minimum_version_id(1)
742 | | .needed(&PL011State::clock_needed)
743 | | .fields(vmstate_fields_ref! {
| | _________________^
744 | || vmstate_of!(PL011State, clock),
745 | || })
| ||_________^- argument requires that borrow lasts for `'static`
| |_________|
| creates a temporary value which is freed while still in use
746 | .build();
| - temporary value is freed at the end of this statement
Thus it is necessary to use the "static", whether explicitly or hidden by
vmstate_fields.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 25 Sep 2025 08:32:23 +0000 (10:32 +0200)]
rust: migration: do not store raw pointers into VMStateSubsectionsWrapper
Raw pointers were used to insert a NULL one at the end of the array.
However, Option<&...> has the same layout and does not remove Sync
from the type of the array.
As an extra benefit, this enables validation of the terminator of the
subsection array, because is_null() in const context would not be stable
until Rust 1.84.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 25 Sep 2025 08:13:29 +0000 (10:13 +0200)]
rust: migration: do not pass raw pointer to VMStateDescription::fields
Pass a slice instead; a function that accepts a raw pointer should
arguably be declared as unsafe.
But since it is now much easier to forget vmstate_fields!, validate the
value (at least to some extent) before passing it to C. (Unfortunately,
doing the same for subsections would require const ptr::is_null(), which
is only stable in Rust 1.84).
Suggested-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 13 Oct 2025 10:49:04 +0000 (12:49 +0200)]
monitor: generalize query-mshv/"info mshv" to query-accelerators/"info accelerators"
The recently-introduced query-mshv command is a duplicate of query-kvm,
and neither provides a full view of which accelerators are supported
by a particular binary of QEMU and which is in use.
KVM was the first accelerator added to QEMU, predating QOM and TYPE_ACCEL,
so it got a pass. But now, instead of adding a badly designed copy, solve
the problem completely for all accelerators with a command that provides
the whole picture:
Cc: Praveen K Paladugu <prapal@microsoft.com> Cc: Magnus Kulke <magnuskulke@linux.microsoft.com> Suggested-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 13 Oct 2025 16:34:28 +0000 (18:34 +0200)]
target/i386: user: do not set up a valid LDT on reset
In user-mode emulation, QEMU uses the default setting of the LDT base
and limit, which places it at the bottom 64K of virtual address space.
However, by default there is no LDT at all in Linux processes, and
therefore the limit should be 0.
This is visible as a NULL pointer dereference in LSL and LAR instructions
when they try to read the LDT at an unmapped address.
Resolves: #1376 Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 13 Oct 2025 16:24:54 +0000 (18:24 +0200)]
async: access bottom half flags with qatomic_read
Running test-aio-multithread under TSAN reveals data races on bh->flags.
Because bottom halves may be scheduled or canceled asynchronously,
without taking a lock, adjust aio_compute_bh_timeout() and aio_ctx_check()
to use a relaxed read to access the flags.
Use an acquire load to ensure that anything that was written prior to
qemu_bh_schedule() is visible.
Closes: https://gitlab.com/qemu-project/qemu/-/issues/2749 Closes: https://gitlab.com/qemu-project/qemu/-/issues/851 Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 13 Oct 2025 16:08:12 +0000 (18:08 +0200)]
target/i386: fix access to the T bit of the TSS
The T bit is bit 0 of the 16-bit word at offset 100 of the TSS. However,
accessing it with a 32-bit word is not really correct, because bytes
102-103 contain the I/O map base address (relative to the base of the
TSS) and bits 1-15 are reserved. In particular, any task switch to a TSS that
has a nonzero I/O map base address is broken.
This fixes the eventinj and taskswitch tests in kvm-unit-tests.
Cc: qemu-stable@nongnu.org Fixes: ad441b8b791 ("target/i386: implement TSS trap bit", 2025-05-12) Reported-by: Thomas Huth <thuth@redhat.com> Closes: https://gitlab.com/qemu-project/qemu/-/issues/3101 Tested-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit
do_smm_enter and helper_rsm sets the env->dr, but does not sync the
values with cpu_x86_update_dr7. A malicious kernel may control the
instruction pointer in SMM by setting a breakpoint on the SMI
entry point, and after do_smm_enter cpu->breakpoints contains the
stale breakpoint; and because IDT is not reloaded upon SMI entry,
the debug exception handler controlled by the malicious kernel
is invoked.
A different sequence, SMI INIT SIPI, is also buggy in TCG because
INIT is not blocked or latched during SMM. However, it is not
vulnerable to an instruction pointer control in the same way because
x86_cpu_exec_reset clears env->hflags, exiting SMM.
Fixes: a9bad65d2c1f ("target-i386: wake up processors that receive an SMI") Analyzed-by: YiFei Zhu <zhuyifei@google.com> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Jon Kohler [Wed, 8 Oct 2025 20:25:57 +0000 (13:25 -0700)]
i386/kvm: Expose ARCH_CAP_FB_CLEAR when invulnerable to MDS
Newer Intel hardware (Sapphire Rapids and higher) sets multiple MDS
immunity bits in MSR_IA32_ARCH_CAPABILITIES but lacks the hardware-level
MSR_ARCH_CAP_FB_CLEAR (bit 17):
ARCH_CAP_MDS_NO
ARCH_CAP_TAA_NO
ARCH_CAP_PSDP_NO
ARCH_CAP_FBSDP_NO
ARCH_CAP_SBDR_SSDP_NO
This prevents VMs with fb-clear=on from migrating from older hardware
(Cascade Lake, Ice Lake) to newer hardware, limiting live migration
capabilities. Note fb-clear was first introduced in v8.1.0 [1].
Expose MSR_ARCH_CAP_FB_CLEAR for MDS-invulnerable systems to enable
seamless migration between hardware generations.
Note: There is no impact when a guest migrates to newer hardware as
the existing bit combinations already mark the host as MMIO-immune and
disable FB_CLEAR operations in the kernel (see Linux's
arch_cap_mmio_immune() and vmx_update_fb_clear_dis()). See kernel side
discussion for [2] for additional context.
[1] 22e1094ca82 ("target/i386: add support for FB_CLEAR feature")
[2] https://patchwork.kernel.org/project/kvm/patch/20250401044931.793203-1-jon@nutanix.com/
Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Suggested-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Jon Kohler <jon@nutanix.com> Link: https://lore.kernel.org/r/20251008202557.4141285-1-jon@nutanix.com Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Mathias Krause [Thu, 12 Jun 2025 14:21:55 +0000 (16:21 +0200)]
target/i386: Fix CR2 handling for non-canonical addresses
Commit 3563362ddfae ("target/i386: Introduce structures for mmu_translate")
accidentally modified CR2 for non-canonical address exceptions while these
should lead to a #GP / #SS instead -- without changing CR2.
Transient Scheduler Attacks (TSA) are new speculative side channel attacks
related to the execution timing of instructions under specific
microarchitectural conditions. In some cases, an attacker may be able to
use this timing information to infer data from other contexts, resulting in
information leakage
CPUID Fn8000_0021 EAX[5] (VERW_CLEAR). If this bit is 1, the memory form of
the VERW instruction may be used to help mitigate TSA.
target/i386: Add TSA attack variants TSA-SQ and TSA-L1
Transient Scheduler Attacks (TSA) are new speculative side channel attacks
related to the execution timing of instructions under specific
microarchitectural conditions. In some cases, an attacker may be able to
use this timing information to infer data from other contexts, resulting in
information leakage.
AMD has identified two sub-variants two variants of TSA.
CPUID Fn8000_0021 ECX[1] (TSA_SQ_NO).
If this bit is 1, the CPU is not vulnerable to TSA-SQ.
CPUID Fn8000_0021 ECX[2] (TSA_L1_NO).
If this bit is 1, the CPU is not vulnerable to TSA-L1.
Add the new feature word FEAT_8000_0021_ECX and corresponding bits to
detect TSA variants.
Paolo Bonzini [Mon, 13 Oct 2025 14:49:12 +0000 (16:49 +0200)]
rust: hpet: fix fw_cfg handling
HPET ids for fw_cfg are not assigned correctly, because there
is a read but no write. This is caught by nightly Rust as
an unused-assignments warning, so fix it.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 10 Oct 2025 14:57:56 +0000 (16:57 +0200)]
rust: bits: disable double_parens check
It is showing in the output of the bits! macro when using the nightly
toolchain, though it's not clear if it is intentional or a bug.
Shut it up for now.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20251010061836.45739-4-philmd@linaro.org>
B160L and C3700 share a lot of common code. Factor it out
as an abstract HPPA_COMMON_MACHINE QOM parent.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20251009143106.22724-4-philmd@linaro.org>
Prefer DEFINE_TYPES() macro over type_init() to register
multiple QOM types.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20251009143106.22724-3-philmd@linaro.org>
hw/loongarch/boot: Remove unnecessary cast to target_ulong
Reduce initrd_size scope. It is already of signed type (ssize_t),
no need to cast to unsigned for the comparison.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20251009201947.34643-2-philmd@linaro.org>
../hw/vmapple/vmapple.c:276:39: error: use of undeclared identifier 'GTIMER_VIRT'
276 | qdev_connect_gpio_out(cpudev, GTIMER_VIRT,
| ^
../hw/vmapple/vmapple.c:479:54: error: use of undeclared identifier 'QEMU_PSCI_CONDUIT_HVC'
479 | object_property_set_int(cpu, "psci-conduit", QEMU_PSCI_CONDUIT_HVC,
| ^
../hw/vmapple/vmapple.c:556:13: error: call to undeclared function 'arm_build_mp_affinity'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
556 | arm_build_mp_affinity(n, GICV3_TARGETLIST_BITS);
| ^
3 errors generated.
pretty quickly.
Signed-off-by: Mohamed Mediouni <mohamed@unpredictable.fr> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251007203153.30136-2-mohamed@unpredictable.fr> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
hw/s390x/sclp: Do not ignore address_space_read/write() errors
If address_space_read() fails, return PGM_ADDRESSING. In the
unlikely case address_space_write() fails (we already checked
the address is readable), return PGM_PROTECTION.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Jason J. Herne <jjherne@linux.ibm.com>
Message-Id: <20251007015802.24748-1-philmd@linaro.org>
The Aspeed machines inherited from a 'no_sdcard' attribute when first
introduced in QEMU. This attribute was later renamed to
'auto_create_sdcard' by commit cdc8d7cadaac ("hw/boards: Rename
no_sdcard -> auto_create_sdcard") and set to 'true'. This has the
indesirable efect to automatically create SD cards at init time.
Remove 'auto_create_sdcard' to avoid creating a SD card device.
Cc: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251003103024.1863551-1-clg@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Luc Michel [Thu, 2 Oct 2025 07:34:14 +0000 (09:34 +0200)]
hw/net/can/xlnx-versal-canfd: remove unused include directives
Drop unecessary include directives in xlnx-versal-canfd.c.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Signed-off-by: Luc Michel <luc.michel@amd.com>
Message-ID: <20251002073418.109375-6-luc.michel@amd.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
hw/xtensa/xtfpga: Have xtfpga_init() only initialize MMU
cpu_reset() should not be used with an unrealized CPU.
Here we simply want to initialize the MMU, not the CPU,
so just call reset_mmu().
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Max Filippov <jcmvbkbc@gmail.com>
Message-Id: <20250925013513.67780-1-philmd@linaro.org>
hw/ppc: Do not open-code cpu_resume() in spin_kick()
In order to make the code easier to follow / review,
use the cpu_resume() helper instead of open-coding it.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250924173028.53658-2-philmd@linaro.org>
hw/display/xenfb: Replace unreachable code by g_assert_not_reached()
xenfb_mouse_event() has a switch statement whose controlling
expression move->axis is an enum InputAxis. The enum values are
INPUT_AXIS_X and INPUT_AXIS_Y, encoded as 0 and 1. The switch has a
case for both axes. In addition, it has an unreachable default label.
This convinces Coverity that move->axis can be greater than 1. It
duly reports a buffer overrun when it is used to subscript an array
with two elements.
Replace the unreachable code by g_assert_not_reached().
Resolves: Coverity CID 1613906 Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250729111226.3627499-1-armbru@redhat.com>
[PMD: s/abort/g_assert_not_reached/] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jamin Lin [Mon, 13 Oct 2025 05:43:27 +0000 (13:43 +0800)]
hw/arm/aspeed_ast27x0-tsp: Rename type to TYPE_ASPEED27X0TSP_COPROCESSOR
Rename the AST27x0 TSP type from TYPE_ASPEED27X0TSP_SOC to
TYPE_ASPEED27X0TSP_COPROCESSOR to align with the naming convention used
for the SSP coprocessor (TYPE_ASPEED27X0SSP_COPROCESSOR).
This change clarifies that TSP is implemented as a coprocessor rather than
a full SoC.
This ensures consistent terminology between SSP and TSP components and
improves clarity within the coprocessor subsystem code.
Jamin Lin [Mon, 13 Oct 2025 05:43:26 +0000 (13:43 +0800)]
hw/arm/aspeed_ast27x0-ssp: Rename type to TYPE_ASPEED27X0SSP_COPROCESSOR
Rename the AST27x0 SSP type from TYPE_ASPEED27X0SSP_SOC to
TYPE_ASPEED27X0SSP_COPROCESSOR to better reflect its role as a coprocessor
rather than a standalone SoC. This aligns naming conventions with the
coprocessor-based design introduced in earlier refactors.
This change improves naming consistency across SSP and TSP coprocessor
implementations and clarifies their relationship to the unified
Aspeed27x0CoprocessorState.
Jamin Lin [Mon, 13 Oct 2025 05:43:25 +0000 (13:43 +0800)]
hw/arm/aspeed_ast27x0-tsp: Change to use Aspeed27x0CoprocessorState
Refactor the AST27x0 TSP implementation to use the unified
Aspeed27x0CoprocessorState, matching the prior SSP change and removing the
duplicated Aspeed27x0TSPSoCState.
Key updates:
- Delete Aspeed27x0TSPSoCState and reuse Aspeed27x0CoprocessorState.
Update Ast2700FCState to declare tsp as Aspeed27x0CoprocessorState.
This aligns TSP with SSP on a single coprocessor state type, reducing code
duplication and simplifying maintenance.
Jamin Lin [Mon, 13 Oct 2025 05:43:24 +0000 (13:43 +0800)]
hw/arm/aspeed_ast27x0-ssp: Change to use Aspeed27x0CoprocessorState
Refactor the AST27x0 SSP implementation to use the unified
Aspeed27x0CoprocessorState structure shared between SSP and TSP.
Previously, SSP and TSP each defined separate state structures
(Aspeed27x0SSPSoCState and Aspeed27x0TSPSoCState), which contained
identical members and caused unnecessary code duplication.
This change removes Aspeed27x0SSPSoCState and replaces it with
Aspeed27x0CoprocessorState, consolidating shared coprocessor state fields
into a single definition in aspeed_coprocessor.h.
This refactor unifies SSP and TSP under the same coprocessor state type,
improving code maintainability and consistency across Aspeed coprocessor
implementations.
Jamin Lin [Mon, 13 Oct 2025 05:43:23 +0000 (13:43 +0800)]
hw/arm/aspeed_ast27x0-tsp: Make AST27x0 TSP inherit from AspeedCoprocessor instead of AspeedSoC
Refactor the AST27x0 TSP implementation to derive from the newly introduced
AspeedCoprocessor base class rather than AspeedSoC. The AspeedSoC class
includes SoC-level infrastructure and peripheral definitions that are not
applicable to lightweight coprocessor subsystems such as TSP, resulting in
unnecessary coupling and complexity.
This change moves the Aspeed27x0TSPSoCState structure definition into
aspeed_coprocessor.h and updates all related references in
aspeed_ast27x0-tsp.c and aspeed_ast27x0-fc.c to use
AspeedCoprocessorState and AspeedCoprocessorClass.
Key updates include:
- Replace inheritance from AspeedSoC -> AspeedCoprocessor.
- Update type casts and macros from ASPEED_SOC_* to ASPEED_COPROCESSOR_*
This refactor improves modularity, reduces memory footprint, and prepares
for future coprocessor variants to share a lighter-weight common base.
Jamin Lin [Mon, 13 Oct 2025 05:43:22 +0000 (13:43 +0800)]
hw/arm/aspeed_ast27x0-ssp: Make AST27x0 SSP inherit from AspeedCoprocessor instead of AspeedSoC
Refactor the AST27x0 SSP implementation to derive from the newly introduced
AspeedCoprocessor base class rather than AspeedSoC. The AspeedSoC class
contains many SoC-level fields and behaviors that are not applicable to
coprocessor subsystems like SSP, leading to unnecessary coupling and code size.
This change moves the Aspeed27x0SSPSoCState structure definition into
aspeed_coprocessor.h and updates related references in
aspeed_ast27x0-ssp.c and aspeed_ast27x0-fc.c to use
AspeedCoprocessorState and AspeedCoprocessorClass.
Key updates include:
- Replace inheritance from AspeedSoC -> AspeedCoprocessor.
- Replace type casts and class access macros (ASPEED_SOC_*) with
ASPEED_COPROCESSOR_*.
This refactor improves modularity, reduces memory footprint, and prepares
for future coprocessor variants to share a lighter-weight common base.
Jamin Lin [Mon, 13 Oct 2025 05:43:21 +0000 (13:43 +0800)]
hw/arm/aspeed: Introduce AspeedCoprocessor class and base implementation
Add a new AspeedCoprocessor class that defines the foundational structure for
ASPEED coprocessor models. This class encapsulates a base DeviceState with
links to system memory, clock, and peripheral components such as SCU, SCUIO,
Timer Controller, and UARTs.
Introduce the corresponding implementation file
aspeed_coprocessor_common.c, which provides the aspeed_coprocessor_realize()
method, property registration, and QOM type registration. The class is marked
as abstract and intended to serve as a common base for specific coprocessor
variants (e.g. SSP/TSP subsystems).
This establishes a reusable and extensible framework for modeling ASPEED
coprocessor devices.
Jamin Lin [Mon, 13 Oct 2025 05:43:20 +0000 (13:43 +0800)]
hw/arm/aspeed: Remove the aspeed_soc_get_irq and class get_irq hook
Remove the the common aspeed_soc_get_irq. Call sites are updated to use the
SoC-specific get_irq helpers directly (aspeed_soc_ast1030_get_irq(),
_aspeed2400_get_irq(), _ast2600_get_irq(), _ast27x0ssp_get_irq(),
_ast27x0tsp_get_irq(), and _ast2700_get_irq())
This makes the IRQ lookup explicit per-SoC and drops the exported
API that depended on AspeedSoCState, reducing cross-module coupling
in the common layer.
Jamin Lin [Mon, 13 Oct 2025 05:43:19 +0000 (13:43 +0800)]
hw/arm/aspeed: Remove AspeedSoCState dependency from aspeed_soc_uart_realize() API
Refactor aspeed_soc_uart_realize() to take MemoryRegion *, SerialMM *,
and MMIO base addr instead of AspeedSoCState *, decoupling the helper
from SoC state and making it reusable per-UART.
The helper now realizes a single UART instance and maps its MMIO.
IRQ wiring and iteration over all UARTs are moved to callers.
Update call sites in AST1030, AST2400, AST2600, AST27x0 SSP/TSP, and
AST2700 to loop over UARTs, call the new helper, and connect IRQ via
aspeed_soc_get_irq().
This simplifies the UART realize path and reduces cross-module coupling.
Jamin Lin [Mon, 13 Oct 2025 05:43:18 +0000 (13:43 +0800)]
hw/arm/aspeed: Remove AspeedSoCState dependency from aspeed_mmio_map_unimplemented() API
Refactor aspeed_mmio_map_unimplemented() to take MemoryRegion *
instead of AspeedSoCState *, removing its dependency on SoC state and
aligning it with the updated aspeed_mmio_map() interface.
All related call sites are updated to explicitly pass s->memory.
Affected files include headers, aspeed_soc_common.c, and SoC realize
functions in AST10x0, AST2400, AST2600, AST27x0 (SSP/TSP), and AST2700.
This change simplifies the MMIO mapping helpers, improves API
consistency, and reduces coupling between SoC logic and memory
operations.
Jamin Lin [Mon, 13 Oct 2025 05:43:17 +0000 (13:43 +0800)]
hw/arm/aspeed: Remove AspeedSoCState dependency from aspeed_mmio_map() API
Refactor aspeed_mmio_map() to take MemoryRegion * instead of
AspeedSoCState *, making the MMIO mapping helper more generic and
decoupled from SoC state.
Update all call sites to pass s->memory (or equivalent) explicitly.
Touched files include: headers, aspeed_soc_common.c, and SoC realize
paths in AST10x0/2400/2600/27x0 (SSP/TSP) and AST2700.
This reduces coupling, improves reuse across variants, and clarifies the
API boundary between SoC state and memory mapping.
Jamin Lin [Mon, 13 Oct 2025 05:43:16 +0000 (13:43 +0800)]
hw/arm/aspeed: Remove AspeedSoCClass dependency from aspeed_soc_cpu_type() API
Refactor the aspeed_soc_cpu_type() helper to remove its dependency on
AspeedSoCClass and make CPU type retrieval more generic.
The function now takes valid_cpu_types as a const char * const *
parameter instead of requiring a full AspeedSoCClass instance.
All corresponding call sites in various Aspeed SoC initialization files
(aspeed_ast10x0.c, aspeed_ast2400.c, aspeed_ast2600.c,
aspeed_ast27x0.c, and related variants) are updated accordingly.
This change simplifies the API, eliminates unnecessary type coupling,
and improves code reusability across different SoC families.
Jamin Lin [Mon, 13 Oct 2025 05:43:15 +0000 (13:43 +0800)]
hw/arm/aspeed: Remove AspeedSoCState dependency from aspeed_soc_uart_set_chr() API
Refactor the aspeed_soc_uart_set_chr() helper to remove its dependency
on AspeedSoCState and make the UART character device binding more
generic.
The function now takes SerialMM *uart, uarts_base, and uarts_num
as arguments instead of relying on AspeedSoCState. All affected call
sites in aspeed.c, aspeed_ast27x0-fc.c, and fby35.c are updated
to use the new parameter format.
This improves API flexibility and enables reuse across different Aspeed
SoC variants without requiring access to internal SoC state.
Jamin Lin [Mon, 13 Oct 2025 05:43:14 +0000 (13:43 +0800)]
hw/arm/aspeed: Remove AspeedSoCClass dependency from aspeed_uart_last() API
Refactor the aspeed_uart_last() helper to remove its dependency on
AspeedSoCClass and make the UART helper APIs more generic.
The function now takes uarts_base and uarts_num as integer
parameters instead of requiring a full SoC class instance.
All related call sites in aspeed.c are updated accordingly.
Jamin Lin [Mon, 13 Oct 2025 05:43:13 +0000 (13:43 +0800)]
hw/arm/aspeed: Remove AspeedSoCState dependency from aspeed_uart_first() API
Refactor the aspeed_uart_first() helper to remove its dependency on
AspeedSoCState and make the UART helper APIs more generic.
The function now takes uarts_base as an integer parameter instead of
requiring a full SoC class instance. Corresponding call sites in
aspeed.c and aspeed_soc_common.c are updated accordingly.
test/functional/aarch64: Split the ast2700a1-evb OpenBMC boot test
The 'ast2700a1-evb' machine has two functional tests: one loading
firmware components into memory and another using a vbootrom
image. Both tests perform a full OpenBMC boot and run checks on I2C
and PCIe devices, which is redundant and time-consuming.
To save CI resources, the vbootrom test is refactored to focus on the
firmware boot process only. The OpenBMC boot verification logic is
split and a new verify_openbmc_boot_start() helper is introduced to
only wait for the kernel to start.
The vbootrom test now uses this function and the less essential I2C
and PCIe checks have been removed from this test case.
Cc: Thomas Huth <thuth@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Jamin Lin <jamin_lin@aspeedtech.com> Link: https://lore.kernel.org/qemu-devel/20251007141604.761686-6-clg@redhat.com
[ clg: Changed pattern from 'Starting kernel ...' to 'Linux version ' ] Signed-off-by: Cédric Le Goater <clg@redhat.com>
test/functional/aarch64: Remove test for the ast2700a0-evb machine
The 'ast2700a0-evb' machine was deprecated in commit 6888a4a9c860 and
removal is scheduled in the QEMU 11.0 release. This change removes
the corresponding tests ahead of time to save CI resources.
There are no functional tests for the 'fp5280g2-bmc' machine which
makes harder to determine when something becomes deprecated or unused.
Since the machine does not rely on any specific device models, it can
be replaced by the 'ast2500-evb' machine using the 'fmc-model' option
to specify the flash type. The I2C devices connected to the board can
be defined via the QEMU command line.
aspeed: Deprecate the qcom-dc-scm-v1-bmc and qcom-firework-bmc machines
There are no functional tests for the 'qcom-dc-scm-v1-bmc' and
'qcom-firework-bmc' machines which makes harder to determine when
something becomes deprecated or unused.
Since the machines do not rely on any specific device models, they can
be replaced by the 'ast2600-evb' machine using the 'fmc-model' option
to specify the flash type. The I2C devices connected to the board can
be defined via the QEMU command line.
The 'sonorapass-bmc' machine represents a lab server that never
entered production. There are no functional tests for this machine
which makes harder to determine when something becomes deprecated or
unused.
Since the machine does not rely on any specific device models, it can
be replaced by the 'ast2500-evb' machine using the 'fmc-model' option
to specify the flash type. The I2C devices connected to the board can
be defined via the QEMU command line.
tests/functional/arm: Split the ast2600 tests in two files
The ast2600 test file currently includes tests for both the Buildroot
and SDK images. Since the SDK image tests can take long to run, split
them into a separate file to clearly distinguish the two sets of
tests, improve parallelism and allow for different CI timeouts.
Jamin Lin [Fri, 3 Oct 2025 07:21:06 +0000 (15:21 +0800)]
tests/functional/aarch64/test_aspeed_ast2700: Move eth2 IP check into common function
The eth2 IP address check was previously only performed in
test_aarch64_ast2700a1_evb_sdk_vbootrom_v09_08. This patch moves the
check into do_ast2700_pcie_test(), ensuring it is executed consistently
across all AST2700 PCIe test runs. This avoids code duplication.
The Aspeed machines inherited from a 'no_sdcard' attribute when first
introduced in QEMU. This attribute was later renamed to
'auto_create_sdcard' by commit cdc8d7cadaac ("hw/boards: Rename
no_sdcard -> auto_create_sdcard") and set to 'true'. This has the
indesirable efect to automatically create SD cards at init time.
Remove 'auto_create_sdcard' to avoid creating a SD card device.
Additional changes:
- Add `-device e1000e,netdev=net1,bus=pcie.2 -netdev user,id=net1` to the
AST2700 and AST2700fc test machines.
- In the AST2700 vbootrom test, assign an IP address to the e1000e
interface and verify it using `ip addr`.
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmjpBGAZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3nyaEACV1f4oBSn/rzEgX0PYmYzj
# jW3tGbEk1i1QFApjkOSbjqNRBKEYLj1LsaeNOVqixRswATe1mMx9ZNWHqJnSd/tw
# 7XLr7dN+YsVvYViILL4VLrHipYcLrgyC1Vlg+UK5RsuVPV2O4PZw6T0LoV32CSF6
# r/LbEGKH4VKHOVMRIR7SJlajmkFbHQvTTj3jjXCgQCUQaKfMzkEGK/UGOt2D3H54
# oSrGLif9nRg0o6Ce9NzfC2xb4XSvdwyT3RE84vkuSSlRcmjt9zQEE+kds4yHhAAi
# D6w1m+Aq8zh4sKJbqVRp9M7ymb5465xv6p/4Av2r3Gxy3v4d0ADgQahel+AYh8Sp
# urzqZWAR66RLrWSEj51K5nbW8yUM6OYNC/VXrtcMBXgBRMeCYVLgZF3hCrqVyDtv
# fP61xJBHPd2+nlcJNFEE5yqazFkcpUsoE/gm2lDPPsdPF5DFKky4VkVqJIGreain
# 25zGj44q9vDY7slMJMW38rbB3f1pxbxlcljG93N8+2ZzPLKz+7ezvgXFpY2lij0r
# qNn7eFEG80roh+lykTe7BroQSQ+pIAxOXM/ouwr+59fsXtnCKrdFG+96WdS+yhsC
# 4ss24hvHUvVMGnEGiYbUL/tIwFJku1wBq+a745DiwJwqyVGbavOGApVbrv/9xuWN
# s2MWF0xy8CnhPBJwyK4iOg==
# =yKgg
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 10 Oct 2025 06:04:32 AM PDT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [unknown]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20251010' of https://gitlab.com/pm215/qemu: (76 commits)
target/arm: Enable FEAT_MEC in -cpu max
target/arm: Implement FEAT_MEC registers
target/arm: Add a cpreg flag to indicate no trap in NV
tests/tcg/aarch64: Add gcsss
tests/tcg/aarch64: Add gcspushm
tests/tcg/aarch64: Add gcsstr
linux-user/aarch64: Enable GCS in HWCAP
linux-user/aarch64: Generate GCS signal records
linux-user/aarch64: Inject SIGSEGV for GCS faults
target/arm: Enable GCSPR_EL0 for read in user-mode
linux-user/aarch64: Implement map_shadow_stack syscall
linux-user/aarch64: Release gcs stack on thread exit
linux-user/aarch64: Allocate new gcs stack on clone
linux-user/aarch64: Implement prctls for GCS
target/arm: Enable FEAT_GCS with -cpu max
target/arm: Implement EXLOCK check during exception return
target/arm: Copy EXLOCKEn to EXLOCK on exception to the same EL
target/arm: Load gcs record for RET with PAuth
target/arm: Load gcs record for RET
target/arm: Add gcs record for BLR with PAuth
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-request-2025-10-10' of https://gitlab.com/thuth/qemu into staging
* Improves s390x virtio-pci performance when using kvm
* Fix a problem with losing interrupts on s390x in certain cases
* Replace legacy cpu_physical_memory_[un]map() calls in s390x code
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCgAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmjowaoRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbWoIQ//ZgWUv/RXX4kX6WUM3DYkx702ytAo37EH
# f46NondN8nzhU3prhoAkSm9hKy+zDLJjMbWGXRioCuuVCbJily+C5pjqpg7a4VCr
# AEX2t/aU1fnxGtbgm3r4jQyKFm96Q0t7f/cue7ZLEJlgI5+PGeFcs11mlFn04Nr5
# 3V1aXWPCPKnH9tRoxl5YzWDyXI/jLWaOZIRBhWQ5LzQFUNnmYlBDQcgVwmoh8YzB
# 1Wn9ibJq2qDtu3W7t3YOZKk8D7+j0O26r2p6phvkk+mAIPeygrZNaVr4eG5prnzU
# OxcnpN3xkMFjHwIHf1UTz1bhpwhGLn+bdvBdodIM5T7AKI8+x/mcrIU4xBymllFI
# lCg7n+TSvyac1XNUxtmQCDEQ0shqSoMNjXSCQQSX54zdBn/swrhtw9ht6pRwrpsU
# da2uZf+x5IC+0P+uMXuXmNx++r25DqsD/EUmv+m5/eKNrPDaimj+gRlKDbi8iCpj
# lSrTmUMZ0BsVu7BOyNEsJh4n7KNZQW0E7SO5IE7xYcejHA3K9e3aWg5O8vP+IeHx
# NGut/Vr0SjzLhK6WQ5Z53GrY7Mx7BTC7eE8DYGLU9JKhZU/5t2mjnXXMDzEPzE8w
# KKVJbbIYy7SHcAMi1wgq/5Ap55wlTvAaB8kQZs/ePaBqcq0COkEqhQQC4jddtYwN
# lcfkr7iPzDs=
# =41ql
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 10 Oct 2025 01:19:54 AM PDT
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [unknown]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [unknown]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2025-10-10' of https://gitlab.com/thuth/qemu:
s390x/pci: set kvm_msi_via_irqfd_allowed
target/s390x: Replace legacy cpu_physical_memory_[un]map() calls (3/3)
target/s390x: Reduce s390_store_status() scope
target/s390x: Reduce s390_store_adtl_status() scope
target/s390x: Replace legacy cpu_physical_memory_[un]map() calls (2/3)
target/s390x: Propagate CPUS390XState to cpu_unmap_lowcore()
target/s390x: Replace legacy cpu_physical_memory_[un]map() calls (1/3)
s390x/pci: fix interrupt blocking by returning only the device's summary bit
tests/functional: Drop the "Attempting to cache ..." log text
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
block/curl.c: Use explicit long constants in curl_easy_setopt calls
curl_easy_setopt takes a variable argument that depends on what
CURLOPT you are setting. Some require a long constant. Passing a
plain int constant is potentially wrong on some platforms.
With warnings enabled, multiple warnings like this were printed:
../block/curl.c: In function ‘curl_init_state’:
../block/curl.c:474:13: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning]
474 | curl_easy_setopt(state->curl, CURLOPT_AUTOREFERER, 1) ||
| ^
Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Chenxi Mao <maochenxi@bosc.ac.cn> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251009141026.4042021-2-rjones@redhat.com>
Gustavo Romero [Mon, 6 Oct 2025 00:10:18 +0000 (00:10 +0000)]
target/arm: Enable FEAT_MEC in -cpu max
Advertise FEAT_MEC in AA64MMFR3 ID register for the Arm64 cpu max as a
first step to fully support FEAT_MEC.
The FEAT_MEC is an extension to FEAT_RME that implements multiple
Memory Encryption Contexts (MEC) so the memory in a realm can be
encrypted and accessing it from the wrong encryption context is not
possible. An encryption context allow the selection of a memory
encryption engine.
At this point, no real memory encryption is supported, but software
stacks that rely on FEAT_MEC should work properly.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20251006001018.219756-4-gustavo.romero@linaro.org
Message-ID: <20250711140828.1714666-7-gustavo.romero@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gustavo Romero [Mon, 6 Oct 2025 00:10:17 +0000 (00:10 +0000)]
target/arm: Implement FEAT_MEC registers
Add all FEAT_MEC registers. Enable access to the registers via the
SCTLR2 and TCR2 control bits. Add the two new cache management
instructions, which are nops in QEMU because we do not model caches.
Message-ID: <20250711140828.1714666-3-gustavo.romero@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20251006001018.219756-3-gustavo.romero@linaro.org
[rth: Squash 3 patches to add all registers at once.] Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Gustavo Romero [Mon, 6 Oct 2025 00:10:16 +0000 (00:10 +0000)]
target/arm: Add a cpreg flag to indicate no trap in NV
Add a new flag, ARM_CP_NV_NO_TRAP, to indicate that a CP register, even
though it has opc1 == 4 or 5, does not trap when nested virtualization
is enabled (FEAT_NV/FEAT_NV2).
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20251006001018.219756-2-gustavo.romero@linaro.org
[PMM: tweaked comment text] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / thirdparty / qemu.git / log
