Stefan Weil [Tue, 9 Dec 2025 12:57:59 +0000 (13:57 +0100)]
hw/pci: Fix typo in documentation
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-ID: <20251209125759.764296-1-sw@weilnetz.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Stefan Weil [Tue, 9 Dec 2025 12:50:49 +0000 (13:50 +0100)]
migration: Fix order of function arguments
This fixes a compiler error when higher warning levels are enabled:
../migration/postcopy-ram.c: In function ‘postcopy_temp_pages_setup’:
../migration/postcopy-ram.c:1483:50: error: ‘g_malloc0_n’ sizes specified with ‘sizeof’ in the earlier argument and not in the later argument [-Werror=calloc-transposed-args]
1483 | mis->postcopy_tmp_pages = g_malloc0_n(sizeof(PostcopyTmpPage), channels);
| ^~~~~~~~~~~~~~~
../migration/postcopy-ram.c:1483:50: note: earlier argument should specify number of elements, later size of each element
Avoid also a related int/unsigned mismatch by fixing the type of
two local variables.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251209125049.764095-1-sw@weilnetz.de>
[PMD: Replace g_malloc0_n() by g_new0()] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Peter Xu <peterx@redhat.com>
Message-Id: <20251209195010.83219-1-philmd@linaro.org>
Hanna Czenczek [Mon, 8 Dec 2025 11:30:08 +0000 (12:30 +0100)]
vhost: Always initialize cached vring data
vhost_virtqueue_start() can exit early if the descriptor ring address is
0, assuming the virtqueue isn’t ready to start.
In this case, all cached vring information (size, physical address,
pointer) is left as-is. This is OK at first startup, when that info is
still initialized to 0, but after a reset, it will retain old (outdated)
information.
vhost_virtqueue_start() must make sure these values are (re-)set
properly before exiting.
(When using an IOMMU, these outdated values can stall the device:
vhost_dev_start() deliberately produces an IOMMU miss event for each
used vring. If used_phys contains an outdated value, the resulting
lookup may fail, forcing the device to be stopped.)
Cc: qemu-stable@nongnu.org Signed-off-by: Hanna Czenczek <hreitz@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251208113008.153249-1-hreitz@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Denis V. Lunev [Wed, 3 Dec 2025 22:01:38 +0000 (23:01 +0100)]
scripts: fix broken error path in modinfo-collect.py
sys.stderr.print is dropped long ago and should not be used. Official
replacement is sys.stderr.write
The problem has been found debugging building on some fancy platform
derived from Debian.
Signed-off-by: Denis V. Lunev <den@openvz.org> CC: John Snow <jsnow@redhat.com> CC: Cleber Rosa <crosa@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251203220138.159656-1-den@openvz.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Alano Song [Tue, 2 Dec 2025 13:21:32 +0000 (21:21 +0800)]
hw/9pfs: Correct typo
Correct comment typo in xen_9pfs_bh()
Signed-off-by: Alano Song <AlanoSong@163.com> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251202132132.17636-1-AlanoSong@163.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
osdep: Undefine FSCALE definition to fix Solaris builds
Solaris defines FSCALE in <sys/param.h>:
301 /*
302 * Scale factor for scaled integers used to count
303 * %cpu time and load averages.
304 */
305 #define FSHIFT 8 /* bits to right of fixed binary point */
306 #define FSCALE (1<<FSHIFT)
When emulating the SVE FSCALE instruction, we defines the same name
in decodetree format in target/arm/tcg/sve.decode:
In file included from ../target/arm/tcg/translate-sve.c:21:
../target/arm/tcg/translate.h:875:17: error: pasting "trans_" and "(" does not give a valid preprocessing token
875 | static bool trans_##NAME(DisasContext *s, arg_##NAME *a) \
| ^~~~~~
../target/arm/tcg/translate-sve.c:4205:5: note: in expansion of macro 'TRANS_FEAT'
4205 | TRANS_FEAT(NAME, FEAT, gen_gvec_fpst_arg_zpzz, name##_zpzz_fns[a->esz], a)
| ^~~~~~~~~~
../target/arm/tcg/translate-sve.c:4249:1: note: in expansion of macro 'DO_ZPZZ_FP'
4249 | DO_ZPZZ_FP(FSCALE, aa64_sve, sve_fscalbn)
| ^~~~~~~~~~
../target/arm/tcg/translate-sve.c:4249:12: error: expected declaration specifiers or '...' before numeric constant
4249 | DO_ZPZZ_FP(FSCALE, aa64_sve, sve_fscalbn)
| ^~~~~~
../target/arm/tcg/translate.h:875:25: note: in definition of macro 'TRANS_FEAT'
875 | static bool trans_##NAME(DisasContext *s, arg_##NAME *a) \
| ^~~~
../target/arm/tcg/translate-sve.c:4249:1: note: in expansion of macro 'DO_ZPZZ_FP'
4249 | DO_ZPZZ_FP(FSCALE, aa64_sve, sve_fscalbn)
| ^~~~~~~~~~
../target/arm/tcg/translate.h:875:47: error: pasting "arg_" and "(" does not give a valid preprocessing token
875 | static bool trans_##NAME(DisasContext *s, arg_##NAME *a) \
| ^~~~
../target/arm/tcg/translate-sve.c:4205:5: note: in expansion of macro 'TRANS_FEAT'
4205 | TRANS_FEAT(NAME, FEAT, gen_gvec_fpst_arg_zpzz, name##_zpzz_fns[a->esz], a)
| ^~~~~~~~~~
../target/arm/tcg/translate-sve.c:4249:1: note: in expansion of macro 'DO_ZPZZ_FP'
4249 | DO_ZPZZ_FP(FSCALE, aa64_sve, sve_fscalbn)
| ^~~~~~~~~~
In file included from ../target/arm/tcg/translate-sve.c:100:
libqemu-aarch64-softmmu.a.p/decode-sve.c.inc:1227:13: warning: 'trans_FSCALE' used but never defined
1227 | static bool trans_FSCALE(DisasContext *ctx, arg_FSCALE *a);
| ^~~~~~~~~~~~
../target/arm/tcg/translate-sve.c:4249:30: warning: 'sve_fscalbn_zpzz_fns' defined but not used [-Wunused-const-variable=]
4249 | DO_ZPZZ_FP(FSCALE, aa64_sve, sve_fscalbn)
| ^~~~~~~~~~~
../target/arm/tcg/translate-sve.c:4201:42: note: in definition of macro 'DO_ZPZZ_FP'
4201 | static gen_helper_gvec_4_ptr * const name##_zpzz_fns[4] = { \
| ^~~~
As a kludge, undefine it globally in <qemu/osdep.h>.
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20251203120315.62889-1-philmd@linaro.org>
Merge tag 'pull-10.2-final-fixes-051225-2' of https://gitlab.com/stsquad/qemu into staging
Final fixes for 10.2 (gitlab, testing, docker, docs, plugins)
- drop out of date --disable-pie workaround for aarch64 custom job
- remove explicit pxe-test from build with no libslirp
- update the FreeBSD test image
- don't try and run check-tcg tests we haven't built qemu for
- skip iotests which need crypto if we haven't got support
- transition debian-all-test-cross to lcitool
- update build env documentation to refer to lcitool
- update MAINTAINERS entry for custom runners
- ensure discon plugins can read registers
- fix a bug on uftrace symbol helper script
- deprecate the fby35 machine
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmkzAAsACgkQ+9DbCVqe
# KkSCmAf/e5bJGX4GJhNBV9OwBahjDx0U+oCPUCQwH5E7KgUbvBKMd2e+icgjoPnF
# mAA+SVk1wlqi/EPywqMWIcYTNSwg1ZKkqxQwKnzjlinzshk5Q3Rd8CkIUCDE+i6B
# Cn5HXNMxAHwJZXi2ftOUm2wvb5p4NgahbtKUkEAsYvVWgHF+gQ+1KrpbKze2+Mzk
# 707c2zf0/8mcNl7GZDc7ti6MXEmlejR46UTsKz6u12hGTHjN13UDa+yQXqpot5y7
# blUxwneXo7zdxB6EnGgvArzZQh8o0fOo0zWoC5GDKrbdLIrBVxhXYoWCqgaQv7h7
# v5HhMvzq7obIa+qRnjRzUO68MT1rcw==
# =e46t
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 05 Dec 2025 09:53:47 AM CST
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-10.2-final-fixes-051225-2' of https://gitlab.com/stsquad/qemu:
aspeed: Deprecate the fby35 machine
contrib/plugins/uftrace_symbols.py: unbreak --no-prefix-symbols
plugins/core: allow reading of registers during discon events
MAINTAINERS: update the custom runner entries
docs/devel: Correct typo
docs/devel: update build environment setup documentation
tests/docker: drop --disable-[tools|system] from all-test-cross
tests/docker: transition debian-all-test-cross to lcitool
tests/lcitool: add bzip2 to the minimal dependency list
tests/qemu-iotests: Check for a functional "secret" object before using it
tests/tcg: honour the available QEMU binaries when running check-tcg
gitlab-ci.d/cirrus: Update the FreeBSD job to v14.3
gitlab: drop explicit pxe-test from the build-tci job
gitlab: drop --disable-pie from aarch64-all-linux-static build
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-tcg-20251205' of https://gitlab.com/rth7680/qemu into staging
tcg: fixes for tci
host: fixes for 128-bit atomics
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmkzBDEdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/YMggAgY0+rpQulo7k+fEo
# RP7cLweKSu8aahFvt304qyNGAWlGzBQwJSKWUfFyyMxh6FhO9iEsjkodArjDcK/J
# fou3pz4UmU/feMwVxFuRpCDEEKgpcpxgwj7XJFh96L4VFZ8OrHeuPG5KU5IA/vyy
# eHIzU8M50rejmKCmOL8FDGshWZdXkrgBp3ShIlqlVEb9HpuSFrti0Wh2euVUV67Y
# xG1F4iU5RVNW8OcGz5asLgwaNB7pK/v/FVDxR9rEAoiM9gZhV912fkogmVXTniTk
# rjTYR0k6d49EZ3+M4sUx2v2Nl+6O4wGUFWERU4vHmtUpv1F1UjqxOE3JWDeU2L0c
# 3q9k2Q==
# =M1lm
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 05 Dec 2025 10:11:29 AM CST
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-tcg-20251205' of https://gitlab.com/rth7680/qemu:
include/aarch64/host: Fix atomic16_fetch_{and,or}
include/generic/host: Fix atomic128-cas.h.inc for Int128 structure
tcg/tci: Disable -Wundef FFI_GO_CLOSURES warning
tcg: Remove duplicate test from plugin_gen_mem_callbacks
tcg/tci: Introduce INDEX_op_tci_qemu_{ld,st}_rrr
tcg: Zero extend 32-bit addresses for TCI
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Cédric Le Goater [Wed, 26 Nov 2025 10:24:24 +0000 (11:24 +0100)]
aspeed: Deprecate the fby35 machine
There are no functional tests for the 'fby35' machine which makes
harder to determine when something becomes deprecated or unused.
The 'fby35' machine was originally added as an example of a multi-SoC
system, with the expectation the models would evolve over time in an
heterogeneous system. This hasn't happened and no public firmware is
available to boot it. It can be replaced by the 'ast2700fc', another
multi-SoC machine based on the newer AST2700 SoCs which are excepted
to receive better support in the future.
Cc: Peter Delevoryas <peter@pjd.dev> Signed-off-by: Cédric Le Goater <clg@redhat.com>
Message-ID: <20251126102424.927527-1-clg@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Alex Bennée [Thu, 4 Dec 2025 19:49:02 +0000 (19:49 +0000)]
plugins/core: allow reading of registers during discon events
We have protections that prevent callbacks that didn't declare
themselves as wanting to access registers. However for discontinuities
the system state is fully rectified so they should always be able to
read the register values.
a1688bc86ce (plugins: add hooks for new discontinuity related callbacks)
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Cc: Julian Ganz <neither@nut.email> Reviewed-by: Julian Ganz <neither@nut.email>
Message-ID: <20251204194902.1340008-12-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Alex Bennée [Thu, 4 Dec 2025 19:49:01 +0000 (19:49 +0000)]
MAINTAINERS: update the custom runner entries
Fix a number of issues:
- update the ubuntu references to 24.0
- add the s390x and ppc64le yml files
- replace Works on Arm with Linaro
- Also mention IBM (s390x) and OSUL (ppc64le) as HW hosts
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251204194902.1340008-11-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Bring `libvirt-ci` front and centre when discussing dependencies for
QEMU. While we are at it:
- drop links to additional instructions (libvirt is more upto date)
- compress pkg installs into a table
- call out distro/upstream dep difference in a proper note
Message-ID: <20251204194902.1340008-9-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Alex Bennée [Thu, 4 Dec 2025 19:48:58 +0000 (19:48 +0000)]
tests/docker: drop --disable-[tools|system] from all-test-cross
We use this container to build system images in CI which do not honour
QEMU_CONFIGURE_OPTS. Drop the --disables from the container so
developers don not need to jump through hoops trying to replicate that
on their workstations.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251204194902.1340008-8-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Alex Bennée [Thu, 4 Dec 2025 19:48:57 +0000 (19:48 +0000)]
tests/docker: transition debian-all-test-cross to lcitool
While we are at it bump up to debian-13. As we use this container in
the CI runs this also has the benefit of ensuring our qemu-minimal
dependencies project really has just what we need to build a basic
QEMU.
We add a few extra packages so we can build with clang as well as what
we need to probe for the available cross-compilers in the image.
Message-ID: <20251204194902.1340008-7-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Alex Bennée [Thu, 4 Dec 2025 19:48:55 +0000 (19:48 +0000)]
tests/lcitool: add bzip2 to the minimal dependency list
You cannot build any softmmu targets without it by default unless you
build with --disable-install-blobs.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251204194902.1340008-5-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Thomas Huth [Fri, 5 Dec 2025 13:00:14 +0000 (14:00 +0100)]
tests/qemu-iotests: Check for a functional "secret" object before using it
QEMU iotests 049, 134 and 158 are currently failing if you compiled
QEMU without the crypto libraries. Thus make sure that the "secret"
object is really usable and skip the tests otherwise.
Reported-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251205130014.693799-1-thuth@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Alex Bennée [Thu, 4 Dec 2025 19:48:54 +0000 (19:48 +0000)]
tests/tcg: honour the available QEMU binaries when running check-tcg
Currently configure can identify all the targets that have
cross-compilers available from the supplied target-list. By default
this is the default_target_list which is all possible targets we can
build.
At the same time the target list passed to meson is filtered down
depending on various factors including not building 64 bit targets on
32 bit hosts. As a result make check-tcg will erroneously attempt to
run tests for which we haven't built a QEMU.
Solve this by filtering the final list of TCG_TEST_TARGETS based on
what actually was configured by meson. Rename the variable that
configure spits out to TCG_TESTS_WITH_COMPILERS for clarity and to
avoid larger churn in the Makefile.
Message-ID: <20251204194902.1340008-4-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Michael Tokarev [Thu, 4 Dec 2025 20:50:23 +0000 (23:50 +0300)]
gitlab-ci.d/cirrus: Update the FreeBSD job to v14.3
The FreeBSD 14.2 job fails since the image disappeared
from the cloud. We already bumped FreeBSD image to 14.3
in tests/vm in c8958b7eb4 (part of v10.1.0).
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251204205025.2423326-1-mjt@tls.msk.ru> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Alex Bennée [Thu, 4 Dec 2025 19:48:53 +0000 (19:48 +0000)]
gitlab: drop explicit pxe-test from the build-tci job
This needs libslirp to run and as debian-all-test-cross will soon be
based on qemu-minimal we won't have it in a few commits.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251204194902.1340008-3-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
The tmp[lh] variables were defined as inputs to the
asm rather than outputs, which meant that the compiler
rightly diagnosed uninitialized inputs.
Reported-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
include/generic/host: Fix atomic128-cas.h.inc for Int128 structure
Use the Int128Alias structure more when we need to convert
between Int128 and __int128_t, when Int128 is a struct.
Fixes the build on aarch64 host with TCI, which forces
the use of the struct.
Reported-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Since we build TCI with FFI (commit 22f15579fa1 "tcg: Build ffi data
structures for helpers") we get on Darwin:
In file included from ../../tcg/tci.c:22:
In file included from include/tcg/helper-info.h:13:
/Library/Developer/CommandLineTools/SDKs/MacOSX15.sdk/usr/include/ffi/ffi.h:483:5: warning: 'FFI_GO_CLOSURES' is not defined, evaluates to 0 [-Wundef]
483 | #if FFI_GO_CLOSURES
| ^
1 warning generated.
This was fixed in upstream libffi in 2023, but not backported to MacOSX.
Simply disable the warning locally.
Reported-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
tcg: Remove duplicate test from plugin_gen_mem_callbacks
All callers have already tested tcg_ctx->plugin_insn.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Since d182123974c4, the number of bits in a MemOpIdx tops out at 17.
which won't fit in the TCI rrm format, thus an assertion failure.
Introduce new opcodes that take the MemOpIdx from a register, as
we already do for qemu_ld2 and qemu_st2.
Fixes: d182123974c4 ("include/exec/memopidx: Adjust for 32 mmu indexes") Tested-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
For native code generation, zero-extending 32-bit addresses for
the slow path helpers happens in tcg_out_{ld,st}_helper_args,
but there isn't really a slow path for TCI, so that didn't happen.
Make the extension for TCI explicit in the opcode stream,
much like we already do for plugins and atomic helpers.
Cc: qemu-stable@nongnu.org Fixes: 24e46e6c9d9 ("accel/tcg: Widen tcg-ldst.h addresses to uint64_t") Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Kevin Wolf [Fri, 28 Nov 2025 22:14:40 +0000 (23:14 +0100)]
file-posix: Handle suspended dm-multipath better for SG_IO
When introducing DM_MPATH_PROBE_PATHS, we already anticipated that
dm-multipath devices might be suspended for a short time when the DM
tables are reloaded and that they return -EAGAIN in this case. We then
wait for a millisecond and retry.
However, meanwhile it has also turned out that libmpathpersist (which is
used by qemu-pr-helper) may need to perform more complex recovery
operations to get reservations back to expected state if a path failure
happened in the middle of a PR operation. In this case, the device is
suspended for a longer time compared to the case we originally expected.
This patch changes hdev_co_ioctl() to treat -EAGAIN separately so that
it doesn't result in an immediate failure if the device is suspended for
more than 1ms, and moves to incremental backoff to cover both quick and
slow cases without excessive delays.
John Levon [Wed, 3 Dec 2025 10:03:14 +0000 (15:33 +0530)]
vfio-user: simplify vfio_user_recv_one()
This function was unnecessarily difficult to understand due to the
separate handling of request and reply messages. Use common code for
both where we can.
Merge tag 'pull-error-2025-12-02' of https://repo.or.cz/qemu/armbru into staging
Error reporting patches for 2025-12-02
# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmkunlkSHGFybWJydUBy
# ZWRoYXQuY29tAAoJEDhwtADrkYZTXQUP+QHhID4XE1DuYaGeE2WaLH6JBf4LuNGZ
# ReZjDtRR8imt2qwUJ9oxp2RQ1SCwnKFMKYsHnfA/DzCRw1tQNMeiwaWNFpGn/X5I
# m9Xrkh3Xr2BAK6NP+0LjrkfFSQ8ybj2tAe/MUPlpyt0Ig3OMwek6qbp8yEax4BKD
# UdKAjYn86CXfcthRa95NZ/aktcL+lYs00jRE/yKtL37cY4HvyzTVI+KP1KBPEtLR
# tcg42/nsbcv3UJrMQDovopP8XbuTKAX+ed9mIw6pEaQSZ8ktiaiX6Dc1IbfUnDPL
# ZHKSqqtr9TWvIST8NDuIglo4X+1grnHP/7742ZNANiGmHqM4s+I6nNfSR94HF9YR
# c69iu9jsbEBk4t6RellgrM+zPjOQi+EPeXyHghjO179KdjYvJFNOwI9lgiE6GZiV
# 5eZX3BKYiylxkKAbKIsNQn71PCLdLhMjk0OB03+kX16Z9vrNm37cyR6L9mHlEjk8
# u+e+dv8bjDPqD467hSw8Cf1Z9wSugjzt4I6+5OnqPFPYONzBTrpESH7XtWwgZyKK
# Tcr2DB/S7JWgZz8EIUWo41frNdTZsjNwLHbODHtv/KkPA5vlCLkHbz/vPxUcrobo
# atMXFNx9NazKtrOOpfc9pioCEpDNXLlfEJ8jbE+pIAwHDvuedSaXjvTicIAwQ6qA
# Bojn8eZPwWP2
# =OrYZ
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 02 Dec 2025 12:07:53 AM PST
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [unknown]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* tag 'pull-error-2025-12-02' of https://repo.or.cz/qemu/armbru:
kvm: Fix kvm_vm_ioctl() and kvm_device_ioctl() return value
migration: Fix double-free on error path
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
kvm: Fix kvm_vm_ioctl() and kvm_device_ioctl() return value
These functions wrap ioctl(). When ioctl() fails, it sets @errno.
The wrappers then return that @errno negated.
Except they call accel_ioctl_end() between calling ioctl() and reading
@errno. accel_ioctl_end() can clobber @errno, e.g. when a futex()
system call fails. Seems unlikely, but it's a bug all the same.
Fix by retrieving @errno before calling accel_ioctl_end().
Fixes: a27dd2de68f3 (KVM: keep track of running ioctls) Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251128152050.3417834-1-armbru@redhat.com>
Recent changes introduced build errors in the i386 HVF backend:
- ../accel/hvf/hvf-accel-ops.c:163:17: error: no member named 'guest_debug_enabled' in 'struct AccelCPUState'
163 | cpu->accel->guest_debug_enabled = false;
- ../accel/hvf/hvf-accel-ops.c:151:51
error: no member named 'unblock_ipi_mask' in 'struct AccelCPUState'
- ../target/i386/hvf/hvf.c:736:5
error: use of undeclared identifier 'rip'
- ../target/i386/hvf/hvf.c:737:5
error: use of undeclared identifier 'env'
This patch corrects the field usage and move identifier to correct
function ensuring successful compilation of the i386 HVF backend.
Peter Maydell [Tue, 25 Nov 2025 16:45:11 +0000 (16:45 +0000)]
docs/devel: Update URL for make-pullreq script
In the submitting-a-pull-request docs, we have a link to the
make-pullreq script which might be useful for maintainers. The
canonical git repo for this script has moved; update the link.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20251125164511.255550-1-peter.maydell@linaro.org
set_btype_for_br (if aa64_bti is enabled and the register is not x16 or
x17) does
gen_pc_plus_diff(s, pc, 0);
gen_pc_plus_diff does
assert(s->pc_save != -1);
Hence, this assert is getting hit. We need to call set_btype_for_br
before gen_a64_set_pc, and there is nothing in set_btype_for_br that
depends on gen_a64_set_pc having already been called, so this commit
simply swaps the calls.
(The commit message for 64678fc45d8f6 says that set_brtype_for_br()
must be "moved after" get_a64_set_pc(), but this is a mistake in
the commit message -- the actual changes in that commit move
set_brtype_for_br() *before* get_a64_set_pc() and this is necessary
to avoid the assert.)
Cc: qemu-stable@nongnu.org Fixes: 64678fc45d8f6 ("target/arm: Fix BTI versus CF_PCREL") Signed-off-by: Harald van Dijk <hdijk@accesssoftek.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: d2265ebb-84bc-41b7-a2d7-05dc9a5a2055@accesssoftek.com
[PMM: added note about 64678fc45d8f6 to commit message] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Merge tag 'hw-misc-20251125' of https://github.com/philmd/qemu into staging
Misc HW patches
Few fixes in hw/; also including qtest and replay fixes.
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmkmI9YACgkQ4+MsLN6t
# wN6sSg/9EsnXLpMCfW1HyvgI67Yxb397YCvAxacPqFA+Xm9q6xCo2jKcjBnVI61A
# 4DkSsYC7OE2wdRzzziiWaXEfydGKHa7rXNGdunYSY52XLk2oElhSS0ykPsUWeFS+
# 66+YzSgNgBKHIdDHSVRgoTPDOYW6LSLU+Zfbj40FfApnuRw8AFRB+qVQaXvCV8h/
# W6fI4B2ce/0Rv8o0AJDWnN3HP6rZZ+l+eyhj9ODPusAC+OU4nowiJBCoCJa8GwDY
# KiASI9+mA4jY2vcoCiXG4Bbg1VzOte2TKudZwTwvhqkmGh0S6VejqO/Pn6IKh3j0
# H3YrXMDn6h4GrJ3gd3YTseeuEhApYnUP76MWuPy+MjMwp605rMCh/voVkzRvBdmn
# xXzklO48hpk8cRD3W4kfvJIlrBZIrMSFG8Q4m6S9FXZkGUP9zm2bOCkRqMxfdEdI
# H1/J/sJ5iPOIwd87yElSV16i9BZyalcWZDYkQLKgtroq1uPaGxUR46mlnhMFKeBP
# 68Xjh9ux6zOuFwb4FIqbEyyKTMVdGrkHuD267YHEKQo0X0frGjFfdRtrW3zJbMIw
# vAFsQl2oPAKJ7DpEHae/CeD10piQRb/nTav9UdscaXoIUJdFJ+nPfHNwUkKW30Gw
# SSmueD2qJcqwzVa36SRhYxwG5+EW2RsN1kL5wkHv3qhRaoEfKJ8=
# =hq47
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 25 Nov 2025 01:47:02 PM PST
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'hw-misc-20251125' of https://github.com/philmd/qemu:
hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICE_LITTLE_ENDIAN
hw/core/machine: Provide a description for aux-ram-share property
replay: Improve assert in replay_char_read_all_load()
hw/virtio: Use error_setg_file_open() for a better error message
hw/scsi: Use error_setg_file_open() for a better error message
hw/usb: Convert to qemu_create() for a better error message
docs/deprecated: Remove undeprecated SMP description
hw/pci: Make msix_init take a uint32_t for nentries
qtest: Allow and ignore blank lines in input
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Cédric Le Goater [Tue, 25 Nov 2025 14:26:31 +0000 (15:26 +0100)]
hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICE_LITTLE_ENDIAN
When the XDMA, RTC and SDHCI device models of the Aspeed SoCs were
first introduced, their MMIO regions inherited of a DEVICE_NATIVE_ENDIAN
endianness. It should be DEVICE_LITTLE_ENDIAN. Fix that.
Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251125142631.676689-1-clg@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Mon, 24 Nov 2025 17:34:07 +0000 (17:34 +0000)]
replay: Improve assert in replay_char_read_all_load()
In replay_char_read_all_load() we get a buffer and size from the
replay log. We know the size has to fit an int because of how we
write the log. However the way we assert this is wrong: we cast the
size_t from replay_get_array() to an int and then check that it is
non-negative. This misses cases where an over-large size is
truncated into a positive value by the cast.
Replace the assertion with checking that the size is in-range
before doing the cast.
Coverity complained about the possible overflow: CID 1643440.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251124173407.50124-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
hw/virtio: Use error_setg_file_open() for a better error message
The error message changes from
vhost-vsock: failed to open vhost device: REASON
to
Could not open '/dev/vhost-vsock': REASON
I think the exact file name is more useful to know than the file's
purpose.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251121121438.1249498-8-armbru@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
hw/scsi: Use error_setg_file_open() for a better error message
The error message changes from
vhost-scsi: open vhost char device failed: REASON
to
Could not open '/dev/vhost-scsi': REASON
I think the exact file name is more useful to know than the file's
purpose.
We could put back the "vhost-scsi: " prefix with error_prepend(). Not
worth the bother.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dave@treblig.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251121121438.1249498-7-armbru@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
hw/usb: Convert to qemu_create() for a better error message
The error message changes from
open FILENAME failed
to
Could not create 'FILENAME': REASON
where REASON is the value of strerror(errno).
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251121121438.1249498-3-armbru@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
"Unsupported 'parameter=1' SMP configuration" was proposed to be
deprecated in the commit 54c4ea8f3ae6 ("hw/core/machine-smp: Deprecate
unsupported "parameter=1" SMP configurations").
But the related code was reverted later in the commit 9d7950edb0cd
("hw/core: allow parameter=1 for SMP topology on any machine").
Thus, this SMP behavior is still valid and is not actually deprecated.
Remove outdated document descriptions.
Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20251121084416.1031466-1-zhao1.liu@intel.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Fri, 7 Nov 2025 13:10:44 +0000 (13:10 +0000)]
hw/pci: Make msix_init take a uint32_t for nentries
msix_init() and msix_init_exclusive_bar() take an "unsigned short"
argument for the number of MSI-X vectors to try to use. This is big
enough for the maximum permitted number of vectors, which is 2048.
Unfortunately, we have several devices (most notably virtio) which
allow the user to specify the desired number of vectors, and which
use uint32_t properties for this. If the user sets the property to a
value that is too big for a uint16_t, the value will be truncated
when it is passed to msix_init(), and msix_init() may then return
success if the truncated value is a valid one.
The resulting mismatch between the number of vectors the msix code
thinks the device has and the number of vectors the device itself
thinks it has can cause assertions, such as the one in issue 2631,
where "-device virtio-mouse-pci,vectors=19923041" is interpreted by
msix as "97 vectors" and by the virtio-pci layer as "19923041
vectors"; a guest attempt to access vector 97 thus passes the
virtio-pci bounds checking and hits an essertion in
msix_vector_use().
Avoid this by making msix_init() and its wrapper function
msix_init_exclusive_bar() take the number of vectors as a uint32_t.
The erroneous command line will now produce the warning
qemu-system-i386: -device virtio-mouse-pci,vectors=19923041:
warning: unable to init msix vectors to 19923041
and proceed without crashing. (The virtio device warns and falls
back to not using MSIX, rather than complaining that the option is
not a valid value this is the same as the existing behaviour for
values that are beyond the MSI-X maximum possible value but fit into
a 16-bit integer, like 2049.)
To ensure this doesn't result in potential overflows in calculation
of the BAR size in msix_init_exclusive_bar(), we duplicate the
nentries error-check from msix_init() at the top of
msix_init_exclusive_bar(), so we know nentries is sane before we
start using it.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2631 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251107131044.1321637-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Thu, 6 Nov 2025 15:19:59 +0000 (15:19 +0000)]
qtest: Allow and ignore blank lines in input
Currently the code that reads the qtest protocol commands insists
that every input line has a command. If it receives a line with
nothing but whitespace it will trip an assertion in
qtest_process_command().
This is a little awkward for the case where we are feeding qtest a
set of bug-reproduction commands via standard input or a file,
because it means you need to be careful not to leave a blank line at
the start or the end when cutting and pasting the command sequence
from a bug report.
Change the code to allow and ignore blank lines in the input.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de>
Message-ID: <20251106151959.1088095-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging
Block layer patches
- Image creation: Honour pwrite_zeroes_alignment for zeroing first sector
- block-backend: Fix race (causing a crash) when resuming queued requests
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCgAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmklvQMRHGt3b2xmQHJl
# ZGhhdC5jb20ACgkQfwmycsiPL9byFA//d9VtU3wLZpJRL2mnYH2qJME3WeqJaSB+
# FzkG32gkCb0JtH5yr427oJYKhZsKpNkz20E7z4+1ZT4ovcjo7mddJYW7DwaMjUmO
# G3UXWE33ayLNZFMDrsMRV5tfiQkSb7Y0ekYfwU7GjC3qhMhRIX9eCRBrCLD6jdUx
# mg2h0ML0smE9AV5AEuunwSoqp+rD+OpRQ6EBkkCVF5iMlIHeiewP/TQbJtKBtxdK
# AumiIcYgPbH7QFG8kDTmVCCGPDC0v2i1G6Owtptbt9RmWTEGp++Ngm8F+7u/kPMk
# weRhlVhnxwDxVxmHzvysh0m+n08oVJyA2vB4QJrti6ZmgDcJYulxFfQgPCKxjvGd
# 6va02q0DYrCbO3YiViaAtnudEuqqaB1to57jeQq6tP9KrpH8uzAddrFWeb3TY4gN
# CvWr+p4V7bYvteNASJt/+VC5T3haR+U5eCRD5nOKPyXqCbMT+z6zZRuYxP2q1W6i
# VwQLIjuWIx+bXVRUrHkf9VNy1clB4ga+ZDbTGFrl0NOLDcn6u3Vcr4GQ7VvQ31Pj
# ulGA9F+DXjPRQpZC+WnCZsBSLwVBrNeYPyxsCSk2ORH930djgb7e1lxX5OawT7MT
# lNzbQ+N7PXCd5Yt0UyJ3uCF6gqlpvmUV7IZMbyoYHceoCnz8+McqvGORYfzkLwk9
# HUDS3UTI8Ks=
# =57x4
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 25 Nov 2025 06:28:19 AM PST
# gpg: using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg: issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
iotests: add Linux loop device image creation test
block: use pwrite_zeroes_alignment when writing first sector
file-posix: populate pwrite_zeroes_alignment
block-backend: Fix race when resuming queued requests
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'fix-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging
ui/chardev fixes for v10.2
# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCgA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmkluXscHG1hcmNhbmRy
# ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5YHAEACTqxHta05VSpzwnHxv
# A8NOasN02V6KYrN6Cjtowy5JULPOWQANadG4H3CZIm1CQ6sZ0u5grA8ZOUHBQaSZ
# HLF+baugBqTUQYyQdGX2JBwrqD0PxF2uohzIdQI8yiaXJQ2c/rp9HXVZNv+Cd80F
# sajq8TsIvdBP/IDUMAud+MOMYGl4TvkkMd1Rdbq11PZaVBu5bbmMuVOeqaJeqFgP
# /8uVlvZaYMqep6WSRShhrnwPuernGqdJCesGV3eooaZ9pO0LC6yiEw/5mVyZ+u1S
# nO6DVOhvZv519RoMiBbwtkS8HjjXQaKbY0TQYu1p6vDcXnfSvRYmX0skrx7B0ZHR
# IMC6h8JVXe6q8FV7iXz6RnIGycPz318HCG1JC+Rvts4VtO9A4MSlItJiNSVFcdkA
# 66PSV7MUd67XYzAODOxN4g5XTCC2EYR3t5wRh2VgkSc2Y3fVmWKsQtsu4PRkfspV
# 4ciwuhqDG1UQeis7x0m8RD6bUefg5ZXdpHWOCQdX9VKcOHoV13EMOHURuONWCFEE
# xzf3TG6uLg4GvJBT2kcRhp1gOSgI4XZ1lpCoTUp7nuZPtMzuoxeNVkHP+D7isRF2
# RQDmKuyQc1SeDXfUU3KvakXPv8Aq1Mb7kGgjivfyGzAAlimKhDw5HxuCCsEjKfMi
# cliGeoytFgZJlZpCp9LINq2sAQ==
# =OZt5
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 25 Nov 2025 06:13:15 AM PST
# gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg: issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [unknown]
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5
* tag 'fix-pull-request' of https://gitlab.com/marcandre.lureau/qemu:
ui/vnc: Fix qemu abort when query vnc info
chardev/char-pty: Do not ignore chr_write() failures
chardev/char-file: fix failure path
ui/vdagent: fix windows agent regression
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-nvme-20251125' of https://gitlab.com/birkelund/qemu into staging
nvme queue
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmklZyQACgkQTeGvMW1P
# DemROQf+IprPh+u3uPuJ51ED3JrvQ02D+djWmun77f0spF/hiCCEWE708voe3pfp
# 2QT3zCvCruqxBzzpirYZCALTpZ3cQfd5Fq2UuAOWzye4jE4yvgNHpV9vFbC7JY3w
# jJmRSuS3/m06MipEGmuoQGS0wNFpOaNLz15DMPWco0A+U2BgKmX/AVFpUJtvGYXz
# /E3VhwHwS9LCfOMEwZc+e9G4mzM0hB/xgg1qNPe1sp4Ao0hlVXvgVg1Bc6ujhFEc
# yrdCdzmDVwq/jAjYJDW0/5mXOPX+ugcyoMrFPkm0ABnksEnK6pPn6K7oMEXGZ4qr
# GyeSWtdyBZuK453sK3S1C/aX7izWeA==
# =GU3Z
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 25 Nov 2025 12:21:56 AM PST
# gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838
# Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9
* tag 'pull-nvme-20251125' of https://gitlab.com/birkelund/qemu:
hw/nvme: Validate PMR memory size
hw/nvme: fix up extended protection information format
hw/nvme: fix namespace atomic parameter setup
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Stefan Hajnoczi [Tue, 7 Oct 2025 14:17:00 +0000 (10:17 -0400)]
iotests: add Linux loop device image creation test
This qemu-iotests test case is based on the reproducer that Jean-Louis
Dupond <jean-louis@dupond.be> shared in
https://gitlab.com/qemu-project/qemu/-/issues/3127.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20251007141700.71891-4-stefanha@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Tested-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Tested-by: Fiona Ebner <f.ebner@proxmox.com> Reviewed-by: Fiona Ebner <f.ebner@proxmox.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 7 Oct 2025 14:16:59 +0000 (10:16 -0400)]
block: use pwrite_zeroes_alignment when writing first sector
Since commit 5634622bcb33 ("file-posix: allow BLKZEROOUT with -t
writeback"), qemu-img create errors out on a Linux loop block device
with a 4 KB sector size:
# dd if=/dev/zero of=blockfile bs=1M count=1024
# losetup --sector-size 4096 /dev/loop0 blockfile
# qemu-img create -f raw /dev/loop0 1G
Formatting '/dev/loop0', fmt=raw size=1073741824
qemu-img: /dev/loop0: Failed to clear the new image's first sector: Invalid argument
Use the pwrite_zeroes_alignment block limit to avoid misaligned
fallocate(2) or ioctl(BLKZEROOUT) in the block/file-posix.c block
driver.
Cc: qemu-stable@nongnu.org Fixes: 5634622bcb33 ("file-posix: allow BLKZEROOUT with -t writeback") Reported-by: Jean-Louis Dupond <jean-louis@dupond.be> Buglink: https://gitlab.com/qemu-project/qemu/-/issues/3127 Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20251007141700.71891-3-stefanha@redhat.com> Tested-by: Fiona Ebner <f.ebner@proxmox.com> Reviewed-by: Fiona Ebner <f.ebner@proxmox.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 7 Oct 2025 14:16:58 +0000 (10:16 -0400)]
file-posix: populate pwrite_zeroes_alignment
Linux block devices require write zeroes alignment whereas files do not.
It may come as a surprise that block devices opened in buffered I/O mode
require the alignment for write zeroes requests although normal
read/write requests do not.
Therefore it is necessary to populate the pwrite_zeroes_alignment field.
Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20251007141700.71891-2-stefanha@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Tested-by: Fiona Ebner <f.ebner@proxmox.com> Reviewed-by: Fiona Ebner <f.ebner@proxmox.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 19 Nov 2025 17:27:20 +0000 (18:27 +0100)]
block-backend: Fix race when resuming queued requests
When new requests arrive at a BlockBackend that is currently drained,
these requests are queued until the drain section ends.
There is a race window between blk_root_drained_end() waking up a queued
request in an iothread from the main thread and blk_wait_while_drained()
actually being woken up in the iothread and calling blk_inc_in_flight().
If the BlockBackend is drained again during this window, drain won't
wait for this request and it will sneak in when the BlockBackend is
already supposed to be quiesced. This causes assertion failures in
bdrv_drain_all_begin() and can have other unintended consequences.
Fix this by increasing the in_flight counter immediately when scheduling
the request to be resumed so that the next drain will wait for it to
complete.
Cc: qemu-stable@nongnu.org Reported-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20251119172720.135424-1-kwolf@redhat.com> Reviewed-by: Hanna Czenczek <hreitz@redhat.com> Tested-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com> Reviewed-by: Fiona Ebner <f.ebner@proxmox.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
When there is no display device on qemu machine,
and user only access qemu by remote vnc.
At the same time user input `info vnc` by QMP,
the qemu will abort.
To avoid the abort above, I add display device check,
when query vnc info in qmp_query_vnc_servers().
Per the PCI spec 3.0, in section 6.2.5.1, "Address Maps":
A 32-bit register can be implemented to support a single
memory size that is a power of 2 from 16 bytes to 2 GB.
Add a check in nvme_init_pmr(), returning an error if the
PMR region size is too small; and update the QTest.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Keith Busch [Thu, 20 Nov 2025 01:53:35 +0000 (17:53 -0800)]
hw/nvme: fix up extended protection information format
Set the protection information format (pif) only in the formats that can
support the larger guard types, and update the current in-use format
information when the user changes it.
Signed-off-by: Keith Busch <kbusch@kernel.org>
[k.jensen: fix missing braces and wrong indentation] Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Klaus Jensen [Tue, 4 Nov 2025 10:51:45 +0000 (11:51 +0100)]
hw/nvme: fix namespace atomic parameter setup
Coverity complains about a possible copy-paste error in the verification
of the namespace atomic parameters (CID 1642811). While the check is
correct, the code (and the intention) is unclear.
Fix this by reworking how the parameters are verified. Peter also
identified that the realize function was not correctly erroring out if
parameters were misconfigured, so fix that too.
Lastly, change the error messages to be more describing.
Since commit f626116f ("ui/vdagent: factor out clipboard peer
registration"), the QEMU clipboard serial is reset whenever the vdagent
chardev receives the guest caps. This triggers a CHR_EVENT_CLOSED which
is handled by virtio_serial_close() to notify the guest.
The "reconnection logic" is there to reset the agent when a
client (dbus, spice etc) reconnects, or the agent is restarted.
It is required to sync the clipboard serials and to prevent races or
loops due to clipboard managers on both ends (but this is not
implemented by windows vdagent).
The Unix agent has been reconnecting without resending caps, thus
working with this approach.
However, the Windows agent does not seem to have a way to handle
VIRTIO_CONSOLE_PORT_OPEN=0 event and do not receive further data...
Let's not trigger this disconnection/reset logic if the agent does not
support VD_AGENT_CAP_CLIPBOARD_GRAB_SERIAL.
Fixes: f626116f ("ui/vdagent: factor out clipboard peer registration") Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reported-by: Lucas Kornicki <lucas.kornicki@nutanix.com> Tested-by: Fiona Ebner <f.ebner@proxmox.com> Reviewed-by: Fiona Ebner <f.ebner@proxmox.com> Tested-by: Lucas Kornicki <lucas.kornicki@nutanix.com>
Merge tag 'pull-target-arm-20251124' of https://gitlab.com/pm215/qemu into staging
target-arm queue:
* hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section()
* hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs
* hw/display/exynos4210_fimd: Remove duplicated definition
* hw/arm/Kconfig: Exclude imx8mp-evk machine from KVM-only build
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmkka80ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3hVpD/48w6peqEy8HmLtmrswBdVt
# TIYAkcz3oGNDnpYqB0UsjEVvmtAQZtGLS0XaOSVlB3l8NPiGe5GFwJJmt8TYBUpB
# rl76Cbmnx9lHyJshuoHb7CdtY2Q2gWxQPaeqD+cFvWTa/HNzeMO8joS9EkNApubP
# B7SQpcZuMgv4mgBTM3ly2/9mmFkKyY+/gkvtOmTMS/wGjrhpIs8DWIgLZ5/odmI5
# +c15aNOsfsnZ7KEsawRyYpn1pV2YeoYWYbQqQGOVLLfF7y/mLSfkI35SoXHI79zu
# nU0f/8NKhFswtx+SoAuQtHmnGLpgc5gRL21hwHZxiLkLQif1HgfCT3YNM2V/03ll
# +n5lOZzvNY4TLaoc5R9a2B+DRpp7ihrDnpW+tUV5LIhpDT4eqRto6+ATqlJ0Hfkw
# konwiahSAuHMMpnmfKbDvieVQasOZZBI0bpdwj3/yzXKh91/cYhAE4RySC1qLWe+
# dHeroqdyWKxbxetQz14kwJVWHDrvZSiSVpc1uVHWYBnrP310kMXlkgGt7MA2qiw5
# Dm01Dz/Upc+FpLGUqwHhZPWf2sJLdQVRqGwEevRkJl80AFpCR10JbSqwN4Fpz2gg
# YlkHmFhJfNM7FYoD+c6y4USwxiv0mMmtkIMuR2csmY5F5oH18H6zJ0lYikz5I0eo
# MVcNV1lPilWh7lKAKlLlGQ==
# =+CbZ
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 24 Nov 2025 06:29:33 AM PST
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [unknown]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20251124' of https://gitlab.com/pm215/qemu:
hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section()
hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs
hw/display/exynos4210_fimd: Remove duplicated definition
hw/arm/Kconfig: Exclude imx8mp-evk machine from KVM-only build
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-10.2-gitdm-241125-1' of https://gitlab.com/stsquad/qemu into staging
gitdm updates for 2025
With the latest updates the last year has been made possible by:
Top changeset contributors by employer
Linaro 2959 (37.0%)
Red Hat 1919 (24.0%)
Intel 313 (3.9%)
(None) 308 (3.9%)
ASPEED Technology Inc. 231 (2.9%)
Loongson Technology 227 (2.8%)
IBM 192 (2.4%)
Oracle 187 (2.3%)
Nutanix 133 (1.7%)
Academics (various) 99 (1.2%)
Top lines changed by employer
Linaro 109812 (31.8%)
Red Hat 91050 (26.4%)
ASPEED Technology Inc. 11811 (3.4%)
Intel 10606 (3.1%)
IBM 10146 (2.9%)
(None) 8965 (2.6%)
Oracle 8574 (2.5%)
Loongson Technology 7614 (2.2%)
Nutanix 7404 (2.1%)
Microsoft 6927 (2.0%)
Employers with the most hackers (total 433)
Red Hat 54 (12.5%)
IBM 30 (6.9%)
Intel 17 (3.9%)
(None) 13 (3.0%)
AMD 13 (3.0%)
Google 11 (2.5%)
Rivos Inc 10 (2.3%)
Linaro 9 (2.1%)
Oracle 8 (1.8%)
Huawei 8 (1.8%)
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmkkKsAACgkQ+9DbCVqe
# KkRbcQgAhc2I0HQa9fqFnp8vAZPMEEp3FFuPf1Dhwl4SWP95uZe/giooFyUhoZjw
# fmLu3V+Tza1oX9ymgHcbGu465jgIORotIG9c2jfTNStbWQWMLT+3fsS3+/9oNgry
# TtTNrSR2RpcUvnOWbMCPm68FiekQEmm4lbzNjh5uuGb6IddFyP/gZatbdMw3KzaX
# kYKnlV6Ul5wBjzfH68paRfC1ZcM0/iPy5EbK3FhPVozpA3fV729ZR535WnFHNjc9
# Gk6+oN2o4KQnvgSBY00NNnKUMcvMnvg3LSgmd2YUWh3O5jfVBbzaebP06HgfjLI3
# WwBdlAnhAQRFZqJhiH7mCVmJhuwigQ==
# =OPEI
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 24 Nov 2025 01:52:00 AM PST
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-10.2-gitdm-241125-1' of https://gitlab.com/stsquad/qemu:
contrib/gitdm: add more individual contributors
contrib/gitdm: add mapping for Nutanix
contrib/gitdm: add mapping for Eviden
contrib/gitdm: add University of Tokyo to academic group
contrib/gitdm: add group-map for Microsoft
contrib/gitdm: add group-map for Huawei
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-aspeed-20251124' of https://github.com/legoater/qemu into staging
aspeed queue:
* Fixed typo in the AST2700 LTPI device
* Fixed missing wiring of the SPI IRQ in AST10x0, AST2600, AST2700 SoCs
* Updated ASPEED PCIe Root Port capabilities and MSI support
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmkkA5wACgkQUaNDx8/7
# 7KG/xg/+LqpKxeFhofFSini+NLcD6gelGf2svIlz/q7Q5NhbgBdVC77g7L8aUho3
# gphaMmpafwyUW7OqtddB6FINDOVR8UnbU7NJJv5hedmgC+oxdpMrG2PiIPr6TsRu
# 6g/f4YvEMsehKAJm+x9APCFHmr9bTuY1iVwDJ3jfzWUBo8VPOT+duTLLTmc/RypZ
# elupzVTN7+RwVi18cYkrSQEtkmkz1U42W9ZG+PUKAdta0VfRTSReiEFGsD8pY/CB
# ndPbeEYVwIF2ezH5pXUneXgwMFM/ANYpNx2VXRuWabaRZMfChiDiHBOYt/CvfTH+
# v/o52sjbHtPJ2rKWKnZO+VBuV8Frwz9HgWAKLpoEurTolrnbA592BIxo3XaMS/eq
# 5a3HJ6wHAoU6qfiI3JSsP42nsCh5Ercf1mX8ArJlLePT/5XiQ3/MLBiESHXPptkm
# 4XBwG9zkr6zVhTm+Yj789rSlQgL+7cPZ78bMwCNhFHHXtZSpiWUP1e3LdVIX4pkP
# 1CPNyXRA+DDQEvksKkE6XkQZrnjydRbwCGrtNpuPkFmWDq9vQhUCjaKQBcutYgcD
# mbJVTeK3e7za/toWf88eNOWaJ7D+syXSQ8AfACkg5bG5zKreaQOLc2oC8UDcVJSE
# 3nwj12jDbfbmTDcFOY3diEhA8JiwylagiMZNiSx7bN9t+RO1jlQ=
# =DmJM
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 23 Nov 2025 11:05:00 PM PST
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg: aka "Cédric Le Goater <clg@kaod.org>" [full]
* tag 'pull-aspeed-20251124' of https://github.com/legoater/qemu:
hw/pci-host/aspeed_pcie: Update ASPEED PCIe Root Port capabilities and enable MSI to support hotplug
hw/arm/aspeed: Fix missing SPI IRQ connection causing DMA interrupt failure
hw/arm/ast27x0: Fix typo in LTPI address
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Fri, 7 Nov 2025 14:39:13 +0000 (14:39 +0000)]
hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section()
In fimd_update_memory_section() we attempt ot find and map part of
the RAM MR which backs the framebuffer, based on guest-configurable
size and start address.
If the guest configures framebuffer settings which result in a
zero-sized framebuffer, we hit an assertion(), because
memory_region_find() will return a NULL mem_section.mr.
Explicitly check for the zero-size case and treat this as a
guest error.
Because we now have a code path which can reach error_return without
calling memory_region_find to set w->mem_section, we must NULL out
w->mem_section.mr after the unref of the old MR, so that error_return
does not incorrectly double-unref the old MR.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1407 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20251107143913.1341358-1-peter.maydell@linaro.org
Peter Maydell [Fri, 14 Nov 2025 15:53:04 +0000 (15:53 +0000)]
hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs
For M-profile cores which support TrustZone, there are some memory
areas which are "NS aliases" -- a Secure access to these addresses
really performs an NS access to a different part of the device. We
implement these using MemoryRegionOps read and write functions which
pass the access on with adjusted attributes using
memory_region_dispatch_read() and memory_region_dispatch_write().
Since the MR we are dispatching to is owned by the same device that
owns the NS-alias MR (the TYPE_ARMV7M container object), this trips
the reentrancy-guard that is applied by access_with_adjusted_size().
Mark the NS alias MemoryRegions as disable_reentrancy_guard; this is
safe because v7m_sysreg_ns_read() and v7m_sysreg_ns_write() do not
touch any of the device's state. (Any further reentrancy attempts by
the underlying MR will still be caught.)
Without this fix, an attempt to read from an address like 0xe002e010,
which is a register in the NS systick alias, will fail and provoke
qemu-system-arm: warning: Blocked re-entrant IO on MemoryRegion: v7m_systick at addr: 0x0
We didn't notice this earlier because almost all code accesses
the registers and systick via the non-alias addresses; the NS
aliases are only need for the rarer case of Secure code that needs
to manage the NS timer or system state on behalf of NS code.
Note that although the v7m_systick_ops read and write functions
also call memory_region_dispatch_{read,write}, this MR does not
need to have the reentrancy-guard disabled because the underlying
MR that it forwards to is owned by a different device (the
TYPE_SYSTICK timer device).
Reported via a stackoverflow question:
https://stackoverflow.com/questions/79808107/what-this-error-is-even-about-qemu-system-arm-warning-blocked-re-entrant-io
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20251114155304.2662414-1-peter.maydell@linaro.org
FIMD_VIDWADD0_END is defined twice, keep only one.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20251121093509.25088-1-philmd@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 19 Nov 2025 11:39:52 +0000 (11:39 +0000)]
contrib/gitdm: add more individual contributors
I only add names explicitly acked as individual contributors.
Acked-by: Sean Wei <me@sean.taipei> Acked-by: William Kosasih <kosasihwilliam4@gmail.com>
Message-ID: <20251119113953.1432303-10-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Alex Bennée [Wed, 19 Nov 2025 11:39:50 +0000 (11:39 +0000)]
contrib/gitdm: add mapping for Nutanix
We have a number of hackers from Nutanix, make sure they are grouped
together.
Reviewed-by: Jon Kohler <jon@nutanix.com> Reviewed-by: John Levon <john.levon@nutanix.com>
Message-ID: <20251119113953.1432303-8-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Alex Bennée [Wed, 19 Nov 2025 11:39:46 +0000 (11:39 +0000)]
contrib/gitdm: add group-map for Microsoft
While we do see contributions from the top-level domain we want to
catch the linux.microsoft subdomain and those contributors also post
via other addresses.
Cc: Magnus Kulke <magnuskulke@linux.microsoft.com> Acked-by: Wei Liu <wei.liu@kernel.org>
Message-ID: <20251119113953.1432303-4-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Jamin Lin [Fri, 21 Nov 2025 05:01:08 +0000 (13:01 +0800)]
hw/pci-host/aspeed_pcie: Update ASPEED PCIe Root Port capabilities and enable MSI to support hotplug
This patch updates the ASPEED PCIe Root Port capability layout and interrupt
handling to match the hardware-defined capability structure as documented in
the PCI Express Controller (PCIE) chapter of the ASPEED SoC datasheet.
The following capability offsets and fields are now aligned with the actual
hardware implementation (validated using EVB config-space dumps via
'lspci -s <bdf> -vvv'):
- Added MSI capability at offset 0x50 and enabled 1-vector MSI support
- Added PCI Express Capability structure at offset 0x80
- Added Secondary Subsystem Vendor ID (SSVID) at offset 0xC0
- Added AER capability at offset 0x100
- Implemented aer_vector() callback and MSI init/uninit hooks
- Updated Root Port SSID to 0x1150 to reflect the platform default
Enabling MSI is required for proper PCIe Hotplug event signaling. This change
improves correctness and ensures QEMU Root Port behavior matches the behavior
of ASPEED hardware and downstream kernel expectations.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Fixes: 2af56518fa91 ("hw/pci-host/aspeed: Add AST2600 PCIe Root Port and make address configurable") Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Nabih Estefan <nabihestefan@google.com> Tested-by: Nabih Estefan <nabihestefan@google.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Link: https://lore.kernel.org/qemu-devel/20251121050108.3407445-2-jamin_lin@aspeedtech.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
It did not connect SPI IRQ to the Interrupt Controller, so even the SPI
model raised the IRQ, the interrupt was not received. The CPU therefore
did not trigger an interrupt via the controller, and the firmware never
received the interrupt.
Merge tag 'staging-pull-request' of https://gitlab.com/peterx/qemu into staging
Migration pull for rc2
- Zhijian's COLO regression fix (since 10.0)
- Matthew's fix to avoid crash on wrong list manipulations
- Markus's error report leak fix and cleanups
- Peter's qtest changes to merge memory_backend and use_shmem
# -----BEGIN PGP SIGNATURE-----
#
# iIgEABYKADAWIQS5GE3CDMRX2s990ak7X8zN86vXBgUCaSEDHxIccGV0ZXJ4QHJl
# ZGhhdC5jb20ACgkQO1/MzfOr1wZSAAEAmixKaiIm+w0vp7YiNNTeq22+y6Eo7ran
# K7g5jCswEH8BAOTPeh7AHBN3L2Zi3tw58Rqyh08kiY/x0/s8DE7sL0wM
# =3a75
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 21 Nov 2025 04:26:07 PM PST
# gpg: using EDDSA key B9184DC20CC457DACF7DD1A93B5FCCCDF3ABD706
# gpg: issuer "peterx@redhat.com"
# gpg: Good signature from "Peter Xu <xzpeter@gmail.com>" [unknown]
# gpg: aka "Peter Xu <peterx@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B918 4DC2 0CC4 57DA CF7D D1A9 3B5F CCCD F3AB D706
* tag 'staging-pull-request' of https://gitlab.com/peterx/qemu:
tests/migration-test: Use MEM_TYPE_MEMFD for memory_backend
tests/migration-test: Add MEM_TYPE_SHMEM
tests/migration-test: Merge shmem_opts into memory_backend
tests/migration-test: Introduce MemType
migration/postcopy-ram: Improve error reporting after loadvm failure
migration: Use warn_reportf_err() where appropriate
migration: Plug memory leaks after migrate_set_error()
migration: set correct list pointer when removing notifier
migration: Fix transition to COLO state from precopy
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging
trivial patches for 2025-11-21
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmkgYNYACgkQgqpKJDse
# lHgZIA/+MMazD/z4+niWJinTb/NXq5Q5AbE9x1bivYT8eVdyYrklAn5vqA1tQUHg
# nqAHvMEhhl2JtDI/OAABMcMZGay/anqBpuJ17g0CV3nlFQAoYQDI2QZxtBAPXC8K
# n8ZtaWrdeASrVPfxohPn5hJvj5j2m0468QRSa/MKad5iBt3F3JuZn8m20X9YkzkI
# FHGnRzBYg+6s8p312imEmcPqxId6n4xxJY/i8PnXY+dce//zZqX2UPmjf8aRxDgY
# 9eTzio6526w4raIzv/FXUXlnYn/ihRYRWxY/bI0t+7AJ1mY+F5SbFeg0pTr5koEg
# 3UQF/U0yILCIWoyoj8qiRmq62DxKCuvC16RdpJ91x3q3hQKmLn+0rpJlTcBHEGkw
# T28XEniTrYJKD3LbvZE9dnYcskyPSqpskKixdB94wupWA9XZ/BW6Ivq6ni/Jsozz
# wTsdWfyhtI9xd4TKeR2Ondz9xlTjhOTk7OoPgVa+IKESSLZYy4FlFsFV9Bb03I9b
# gaB5C7FDzJMa4JT4Wrc95cTtobno7VD6+Qsg78/piWomBPXSWi9QM0Uap2SdA3Ac
# s+ZjIrO02jsUdA68MSaxQjPDzdHvuAbvqDXY0+ACFutRZn9Yb7PTbr3m0JwXa8pa
# E9nBy850A4XynnU+1wuuPLxJStsKv/182C8x8Mt7hP4HfZ5w0fc=
# =1PPo
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 21 Nov 2025 04:53:42 AM PST
# gpg: using RSA key 64AA2AB531D56903366BFEF982AA4A243B1E9478
# gpg: Good signature from "Michael Tokarev <mjt@debian.org>" [unknown]
# gpg: aka "Michael Tokarev <mjt@corpit.ru>" [unknown]
# gpg: aka "Michael Tokarev <mjt@tls.msk.ru>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E
# Subkey fingerprint: 64AA 2AB5 31D5 6903 366B FEF9 82AA 4A24 3B1E 9478
* tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu:
Fix the typo of vfio-pci device's enable-migration option
qmp: Fix a typo for a USO feature
qga: use access(2) to check for command existance instead of questionable stat(2)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-request-2025-11-21' of https://gitlab.com/thuth/qemu into staging
* Fix a crash that occurs when passing through virtio devices to nested guest
* Update s390x MAINTAINERS
* Fix various pylint warnings in functional tests
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCgAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmkgMrgRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbXvEg/8CxLpA1a/lkf17XyGQmxvES5sRZDD2DCg
# CTZfK8j4ZwaDlHH4WIQdvAPHxSMZ4p0Z+HoS+GlKkAMTp6ALJkSg+mRosehy7sH0
# z3DRcGXnR46kArdhLzZIXL0QStAcTRAhTrva/eI+pf6CDD8ypR3Qut6d4hTBVdvB
# lgU1LOOXDOGRsWYq11asUJabwZr4VYYIQlIMd57Lv2MITCt3UNwK279hZQQ/Xe5C
# 07Y9X4aC3m3f8+AHbZJhrSB9ySNQMGuKyGfHf+rQDyYGOybsG/cJoJLUO6eAUU3M
# b3J/YoEViL7JmKqwv2WJQdP2p7/M8M9XlK9rMn7Ry26Wdab/QeNTdjMHuakxHfmn
# oaorN7ua2P+wLKV6h2ElHFKiqhvs/n6vGGE39FsvbgGYhzsqdg0YvKDr61KxpXRp
# rz7LuiLygBFEUwhqlLa2ePoJb9wxgECLgEib17qNhjUlDHegSDGNpENAzvJ/rC2l
# ufCNQR17zocffJp1N/S1ZcjVc+JzMUG5G6ScdQsKUHueSqiXpS6pRI7cX0PFNz70
# jp2Ul+m1Mr9GJn9bFhz2Kf2k74gpW5B27SKnZlcZa/AFtT9WlHcEkStAs0PRe00Q
# rrPkxBJaesLayxX6xW8HMzO+IkBniHtxQesf5WPlf9+z2roM0eXuCXibMGHnK49P
# YqvvLCvBTEA=
# =yxWh
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 21 Nov 2025 01:36:56 AM PST
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [unknown]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [unknown]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2025-11-21' of https://gitlab.com/thuth/qemu:
MAINTAINERS: s390 maintainer updates
tests/functional/aarch64/test_rme_sbsaref: Silence issues reported by pylint
tests/functional/aarch64/test_reverse_debug: Fix issues reported by pylint
tests/functional/ppc/test_ppe42: Fix style issues reported by pylint
tests/functional/ppc/test_amiga: Fix issues reported by pylint and flake8
tests/functional/x86_64/test_memlock: Silence pylint warnings
tests/functional/x86_64/test_reverse_debug: Silence pylint warning
tests/functional/x86_64/test_virtio_gpu: Fix various issues reported by pylint
tests/functional/arm/test_aspeed_ast2600_buildroot: Fix pylint warnings
hw/s390x: Fix a possible crash with passed-through virtio devices
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Xu [Mon, 17 Nov 2025 22:39:08 +0000 (17:39 -0500)]
tests/migration-test: Use MEM_TYPE_MEMFD for memory_backend
The only two users of memory_backend as of now (cpr-exec, cpr-transfer)
uses memfd as backend, now we fully support it. We can move memory_backend
usage to mem_type and drop it.
Peter Xu [Mon, 17 Nov 2025 22:39:06 +0000 (17:39 -0500)]
tests/migration-test: Merge shmem_opts into memory_backend
The two parameters are more or less duplicated in migrate_args(). They all
describe the memory type. When one is used, the other is not.
mem_type currently uses numa parameter to specify the memory backend, while
memory_backend (the two users of such uses "-machine memory-backend=ID").
This patch merges the use of the two variables so that we always generate a
memory object string and put it into "memory_backend" variable. Now we can
drop shmem_opts parameter in the function.
Meanwhile we always use a memory-backend-* no matter which mem type is
used. This brings mem_type to be aligned with memory_backend usage, then
we stick with this as this is flexible enough.
This paves way that we merge mem_type and memory_backend in MigrateStart.
Peter Xu [Mon, 17 Nov 2025 22:39:05 +0000 (17:39 -0500)]
tests/migration-test: Introduce MemType
Some migration tests need to be run with shmem, the rest by default use
anonymous memory.
Introduce MemType and replace use_shmem with such a enumeration. This
prepares for a 3rd type of memory to be tested for migration.
Careful readers may also already notice that MigrateStart has another field
called memory_backend, which makes the whole "memory type" definition
convoluted. That'll be merged into MemType soon in a follow up patch.
When doing this, introduce some migrate_mem_type_*() helpers to do the
work for each memory type.
migration/postcopy-ram: Improve error reporting after loadvm failure
One of two error messages show __func__. Drop it; it doesn't help
users, and developers can grep for the message. This also permits
de-duplicating the code to prepend to the error message.
Both error messages show a numeric error code. I doubt that's
helpful, but I'm leaving it alone.
Use error_append_hint() for explaining that some dirty bitmaps may be
lost. Polish the prose.
Don't faff around with g_clear_pointer(), it's not worth its keep
here.
migration: Plug memory leaks after migrate_set_error()
migrate_set_error(s, err) stores a copy of @err in @s. The original
@err is not freed. Most callers free it immediately. Some callers
free it later, or pass it on. And some leak it. Fix those.
Perhaps migrate_set_error(s, err) should take ownership of @err. The
callers that free it immediately would become simpler, and avoid a
copy and a deallocation. The others would have to pass
error_copy(err).
Matthew Rosato [Thu, 13 Nov 2025 21:35:45 +0000 (16:35 -0500)]
migration: set correct list pointer when removing notifier
In migration_remove_notifier(), g_slist_remove() will search for and
potentially remove an entry from the specified list. The return value
should be used to update the potentially-changed head pointer of the
list that was just searched (migration_state_notifiers[mode]) instead
of the migration blockers list.
Li Zhijian [Tue, 4 Nov 2025 01:36:06 +0000 (09:36 +0800)]
migration: Fix transition to COLO state from precopy
Commit 4881411136 ("migration: Always set DEVICE state") set a new DEVICE
state before completed during migration, which broke the original transition
to COLO. The migration flow for precopy has changed to:
active -> pre-switchover -> device -> completed.
This patch updates the transition state to ensure that the Pre-COLO
state corresponds to DEVICE state correctly.
Cc: qemu-stable <qemu-stable@nongnu.org> Fixes: 4881411136 ("migration: Always set DEVICE state") Signed-off-by: Li Zhijian <lizhijian@fujitsu.com> Reviewed-by: Zhang Chen <zhangckid@gmail.com> Tested-by: Zhang Chen <zhangckid@gmail.com> Link: https://lore.kernel.org/r/20251104013606.1937764-1-lizhijian@fujitsu.com Signed-off-by: Peter Xu <peterx@redhat.com>
Yanghang Liu [Fri, 21 Nov 2025 09:43:41 +0000 (17:43 +0800)]
Fix the typo of vfio-pci device's enable-migration option
Signed-off-by: Yanghang Liu <yanghliu@redhat.com> Reported-by: Mario Casquero <mcasquer@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
projects / thirdparty / qemu.git / log
