Akihiko Odaki [Thu, 23 Oct 2025 08:10:59 +0000 (17:10 +0900)]
iotests: Run iotests with sanitizers
Commit 2cc4d1c5eab1 ("tests/check-block: Skip iotests when sanitizers
are enabled") changed iotests to skip when sanitizers are enabled.
The rationale is that AddressSanitizer emits warnings and reports leaks,
which results in test breakage. Later, sanitizers that are enabled for
production environments (safe-stack and cfi-icall) were exempted.
However, this approach has a few problems.
- It requires rebuild to disable sanitizers if the existing build has
them enabled.
- It disables other useful non-production sanitizers.
- The exemption of safe-stack and cfi-icall is not correctly
implemented, so qemu-iotests are incorrectly enabled whenever either
safe-stack or cfi-icall is enabled *and*, even if there is another
sanitizer like AddressSanitizer.
To solve these problems, direct AddressSanitizer warnings to separate
files to avoid changing the test results, and selectively disable
leak detection at runtime instead of requiring to disable all
sanitizers at buildtime.
Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Message-ID: <20251023-iotests-v1-2-fab143ca4c2f@rsg.ci.i.u-tokyo.ac.jp> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Akihiko Odaki [Thu, 23 Oct 2025 08:10:58 +0000 (17:10 +0900)]
qemu-img: Fix amend option parse error handling
qemu_opts_del(opts) dereferences opts->list, which is the old amend_opts
pointer that can be dangling after executing
qemu_opts_append(amend_opts, bs->drv->create_opts) and cause
use-after-free.
Fix the potential use-after-free by moving the qemu_opts_del() call
before the qemu_opts_append() call.
Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Message-ID: <20251023-iotests-v1-1-fab143ca4c2f@rsg.ci.i.u-tokyo.ac.jp> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Detaching filters using detach_subchain=true can cause segfaults as
described in #3149.
More specifically, this was observed when executing concurrent
block-stream and query-named-block-nodes. block-stream adds a
copy-on-read filter as the main BDS for the blockjob; that filter was
dropped with detach_subchain=true but not unref'd until the the blockjob
was free'd. Because query-named-block-nodes assumes that a filter will
always have exactly one child, it caused a segfault when it observed the
detached filter. Stacktrace:
0 bdrv_refresh_filename (bs=0x5efed72f8350)
at /usr/src/qemu-1:10.1.0+ds-5ubuntu2/b/qemu/block.c:8082
1 0x00005efea73cf9dc in bdrv_block_device_info
(blk=0x0, bs=0x5efed72f8350, flat=true, errp=0x7ffeb829ebd8)
at block/qapi.c:62
2 0x00005efea7391ed3 in bdrv_named_nodes_list
(flat=<optimized out>, errp=0x7ffeb829ebd8)
at /usr/src/qemu-1:10.1.0+ds-5ubuntu2/b/qemu/block.c:6275
3 0x00005efea7471993 in qmp_query_named_block_nodes
(has_flat=<optimized out>, flat=<optimized out>, errp=0x7ffeb829ebd8)
at /usr/src/qemu-1:10.1.0+ds-5ubuntu2/b/qemu/blockdev.c:2834
4 qmp_marshal_query_named_block_nodes
(args=<optimized out>, ret=0x7f2b753beec0, errp=0x7f2b753beec8)
at qapi/qapi-commands-block-core.c:553
5 0x00005efea74f03a5 in do_qmp_dispatch_bh (opaque=0x7f2b753beed0)
at qapi/qmp-dispatch.c:128
6 0x00005efea75108e6 in aio_bh_poll (ctx=0x5efed6f3f430)
at util/async.c:219
7 0x00005efea74ffdb2 in aio_dispatch (ctx=0x5efed6f3f430)
at util/aio-posix.c:436
8 0x00005efea7512846 in aio_ctx_dispatch (source=<optimized out>,
callback=<optimized out>,user_data=<optimized out>)
at util/async.c:361
9 0x00007f2b77809bfb in ?? ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
10 0x00007f2b77809e70 in g_main_context_dispatch ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
11 0x00005efea7517228 in glib_pollfds_poll () at util/main-loop.c:287
12 os_host_main_loop_wait (timeout=0) at util/main-loop.c:310
13 main_loop_wait (nonblocking=<optimized out>) at util/main-loop.c:589
14 0x00005efea7140482 in qemu_main_loop () at system/runstate.c:905
15 0x00005efea744e4e8 in qemu_default_main (opaque=opaque@entry=0x0)
at system/main.c:50
16 0x00005efea6e76319 in main
(argc=<optimized out>, argv=<optimized out>)
at system/main.c:93
As discussed in 20251024-second-fix-3149-v1-1-d997fa3d5ce2@canonical.com,
a filter should not exist without children in the first place; therefore,
drop the parameter entirely as it is only used for filters.
After this change, a blockdev-backup job's copy-before-write filter will
hold references to its children until the filter is unref'd. This causes
an additional flush during bdrv_close, so also update iotest 257.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3149 Suggested-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Wesley Hershberger <wesley.hershberger@canonical.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20251029-third-fix-3149-v2-1-94932bb404f4@canonical.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Yeqi Fu [Tue, 7 Oct 2025 16:35:11 +0000 (18:35 +0200)]
block: replace TABs with space
Bring the block files in line with the QEMU coding style, with spaces
for indentation. This patch partially resolves the issue 371.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/371 Signed-off-by: Yeqi Fu <fufuyqqqqqq@gmail.com>
Message-ID: <20230325085224.23842-1-fufuyqqqqqq@gmail.com>
[thuth: Rebased the patch to the current master branch] Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251007163511.334178-1-thuth@redhat.com>
[kwolf: Fixed up vertical alignemnt] Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 4 Nov 2025 02:29:33 +0000 (21:29 -0500)]
block/io_uring: use non-vectored read/write when possible
The io_uring_prep_readv2/writev2() man pages recommend using the
non-vectored read/write operations when possible for performance
reasons.
I didn't measure a significant difference but it doesn't hurt to have
this optimization in place.
Suggested-by: Eric Blake <eblake@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20251104022933.618123-16-stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 4 Nov 2025 02:29:32 +0000 (21:29 -0500)]
block/io_uring: use aio_add_sqe()
AioContext has its own io_uring instance for file descriptor monitoring.
The disk I/O io_uring code was developed separately. Originally I
thought the characteristics of file descriptor monitoring and disk I/O
were too different, requiring separate io_uring instances.
Now it has become clear to me that it's feasible to share a single
io_uring instance for file descriptor monitoring and disk I/O. We're not
using io_uring's IOPOLL feature or anything else that would require a
separate instance.
Unify block/io_uring.c and util/fdmon-io_uring.c using the new
aio_add_sqe() API that allows user-defined io_uring sqe submission. Now
block/io_uring.c just needs to submit readv/writev/fsync and most of the
io_uring-specific logic is handled by fdmon-io_uring.c.
There are two immediate advantages:
1. Fewer system calls. There is no need to monitor the disk I/O io_uring
ring fd from the file descriptor monitoring io_uring instance. Disk
I/O completions are now picked up directly. Also, sqes are
accumulated in the sq ring until the end of the event loop iteration
and there are fewer io_uring_enter(2) syscalls.
2. Less code duplication.
Note that error_setg() messages are not supposed to end with
punctuation, so I removed a '.' for the non-io_uring build error
message.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-ID: <20251104022933.618123-15-stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 4 Nov 2025 02:29:31 +0000 (21:29 -0500)]
aio-posix: add aio_add_sqe() API for user-defined io_uring requests
Introduce the aio_add_sqe() API for submitting io_uring requests in the
current AioContext. This allows other components in QEMU, like the block
layer, to take advantage of io_uring features without creating their own
io_uring context.
This API supports nested event loops just like file descriptor
monitoring and BHs do. This comes at a complexity cost: CQE callbacks
must be placed on a list so that nested event loops can invoke pending
CQE callbacks from parent event loops. If you're wondering why
CqeHandler exists instead of just a callback function pointer, this is
why.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-ID: <20251104022933.618123-14-stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 4 Nov 2025 02:29:30 +0000 (21:29 -0500)]
aio-posix: add fdmon_ops->dispatch()
The ppoll and epoll file descriptor monitoring implementations rely on
the event loop's generic file descriptor, timer, and BH dispatch code to
invoke user callbacks.
The io_uring file descriptor monitoring implementation will need
io_uring-specific dispatch logic for CQE handlers for custom SQEs.
Introduce a new FDMonOps ->dispatch() callback that allows file
descriptor monitoring implementations to invoke user callbacks. The next
patch will use this new callback.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20251104022933.618123-13-stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 4 Nov 2025 02:29:29 +0000 (21:29 -0500)]
aio-posix: unindent fdmon_io_uring_destroy()
Reduce the level of indentation to make further code changes easier to
read.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20251104022933.618123-12-stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
io_uring may not be available at runtime due to system policies (e.g.
the io_uring_disabled sysctl) or creation could fail due to file
descriptor resource limits.
Handle failure scenarios as follows:
If another AioContext already has io_uring, then fail AioContext
creation so that the aio_add_sqe() API is available uniformly from all
QEMU threads. Otherwise fall back to epoll(7) if io_uring is
unavailable.
Notes:
- Update the comment about selecting the fastest fdmon implementation.
At this point it's not about speed anymore, it's about aio_add_sqe()
API availability.
- Uppercase the error message when converting from error_report() to
error_setg_errno() for consistency (but there are instances of
lowercase in the codebase).
- It's easier to move the #ifdefs from aio-posix.h to aio-posix.c.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20251104022933.618123-11-stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 4 Nov 2025 02:29:27 +0000 (21:29 -0500)]
aio: add errp argument to aio_context_setup()
When aio_context_new() -> aio_context_setup() fails at startup it
doesn't really matter whether errors are returned to the caller or the
process terminates immediately.
However, it is not acceptable to terminate when hotplugging --object
iothread at runtime. Refactor aio_context_setup() so that errors can be
propagated. The next commit will set errp when fdmon_io_uring_setup()
fails.
Suggested-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20251104022933.618123-10-stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 4 Nov 2025 02:29:26 +0000 (21:29 -0500)]
aio: free AioContext when aio_context_new() fails
g_source_destroy() only removes the GSource from the GMainContext it's
attached to, if any. It does not free it.
Use g_source_unref() instead so that the AioContext (which embeds a
GSource) is freed. There is no need to call g_source_destroy() in
aio_context_new() because the GSource isn't attached to a GMainContext
yet.
aio_ctx_finalize() expects everything to be set up already, so introduce
the new ctx->initialized boolean and do nothing when called with
!initialized. This also requires moving aio_context_setup() down after
event_notifier_init() since aio_ctx_finalize() won't release any
resources that aio_context_setup() acquired.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-ID: <20251104022933.618123-9-stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 4 Nov 2025 02:29:25 +0000 (21:29 -0500)]
aio: remove aio_context_use_g_source()
There is no need for aio_context_use_g_source() now that epoll(7) and
io_uring(7) file descriptor monitoring works with the glib event loop.
AioContext doesn't need to be notified that GSource is being used.
On hosts with io_uring support this now enables fdmon-io_uring.c by
default, replacing fdmon-poll.c and fdmon-epoll.c. In other words, the
event loop will use io_uring!
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20251104022933.618123-8-stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 4 Nov 2025 02:29:24 +0000 (21:29 -0500)]
aio-posix: integrate fdmon into glib event loop
AioContext's glib integration only supports ppoll(2) file descriptor
monitoring. epoll(7) and io_uring(7) disable themselves and switch back
to ppoll(2) when the glib event loop is used. The main loop thread
cannot use epoll(7) or io_uring(7) because it always uses the glib event
loop.
Future QEMU features may require io_uring(7). One example is uring_cmd
support in FUSE exports. Each feature could create its own io_uring(7)
context and integrate it into the event loop, but this is inefficient
due to extra syscalls. It would be more efficient to reuse the
AioContext's existing fdmon-io_uring.c io_uring(7) context because
fdmon-io_uring.c will already be active on systems where Linux io_uring
is available.
In order to keep fdmon-io_uring.c's AioContext operational even when the
glib event loop is used, extend FDMonOps with an API similar to
GSourceFuncs so that file descriptor monitoring can integrate into the
glib event loop.
A quick summary of the GSourceFuncs API:
- prepare() is called each event loop iteration before waiting for file
descriptors and timers.
- check() is called to determine whether events are ready to be
dispatched after waiting.
- dispatch() is called to process events.
More details here: https://docs.gtk.org/glib/struct.SourceFuncs.html
Move the ppoll(2)-specific code from aio-posix.c into fdmon-poll.c and
also implement epoll(7)- and io_uring(7)-specific file descriptor
monitoring code for glib event loops.
Note that it's still faster to use aio_poll() rather than the glib event
loop since glib waits for file descriptor activity with ppoll(2) and
does not support adaptive polling. But at least epoll(7) and io_uring(7)
now work in glib event loops.
Splitting this into multiple commits without temporarily breaking
AioContext proved difficult so this commit makes all the changes. The
next commit will remove the aio_context_use_g_source() API because it is
no longer needed.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-ID: <20251104022933.618123-7-stefanha@redhat.com>
[kwolf: Build fixes; fix AioContext.list_lock use after destroy] Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 4 Nov 2025 02:29:23 +0000 (21:29 -0500)]
tests/unit: skip test-nested-aio-poll with io_uring
test-nested-aio-poll relies on internal details of how fdmon-poll.c
handles AioContext polling. Skip it when other fdmon implementations are
in use.
The reason why fdmon-io_uring.c behaves differently from fdmon-poll.c is
that its fdmon_ops->need_wait() function returns true when
io_uring_enter(2) must be called (e.g. to submit pending SQEs).
AioContext polling is skipped when ->need_wait() returns true, so the
test case will never enter AioContext polling mode with
fdmon-io_uring.c.
Restrict this test to fdmon-poll.c and drop the
aio_context_use_g_source() call since it's no longer necessary.
Note that this test is only built on POSIX systems so it is safe to
include "util/aio-posix.h".
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Message-ID: <20251104022933.618123-6-stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 4 Nov 2025 02:29:22 +0000 (21:29 -0500)]
aio-posix: keep polling enabled with fdmon-io_uring.c
Commit 816a430c517e ("util/aio: Defer disabling poll mode as long as
possible") kept polling enabled when the event loop timeout is 0. Since
there is no timeout the event loop will continue immediately and the
overhead of disabling and re-enabling polling can be avoided.
fdmon-io_uring.c is unable to take advantage of this optimization
because its ->need_wait() function returns true whenever there are new
io_uring SQEs to submit:
if (timeout || ctx->fdmon_ops->need_wait(ctx)) {
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Polling will be disabled even when timeout == 0.
Extend the optimization to handle the case when need_wait() returns true
and timeout == 0.
Cc: Chao Gao <chao.gao@intel.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20251104022933.618123-5-stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 4 Nov 2025 02:29:21 +0000 (21:29 -0500)]
aio-posix: fix spurious return from ->wait() due to signals
io_uring_enter(2) only returns -EINTR in some cases when interrupted by
a signal. Therefore the while loop in fdmon_io_uring_wait() is
incomplete and can lead to a spurious early return.
Handle the case when a signal interrupts io_uring_enter(2) but the
syscall returns the number of SQEs submitted (that takes priority over
-EINTR).
This patch probably makes little difference for QEMU, but the test suite
relies on the exact pattern of aio_poll() return values, so it's best to
hide this io_uring syscall interface quirk.
Here is the strace of test-aio receiving 3 SIGCONT signals after this
fix has been applied. Notice how the io_uring_enter(2) return value is 1
the first time because an SQE was submitted, but -EINTR the other times:
Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20251104022933.618123-4-stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
io_uring_prep_timeout() stashes a pointer to the timespec struct rather
than copying its fields. That means the struct must live until after the
SQE has been submitted by io_uring_enter(2). add_timeout_sqe() violates
this constraint because the SQE is not submitted within the function.
Inline add_timeout_sqe() into fdmon_io_uring_wait() so that the struct
lives at least as long as io_uring_enter(2).
This fixes random hangs (bogus timeout values) when the kernel loads
undefined timespec struct values from userspace after the original
struct on the stack has been destroyed.
Reported-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20251104022933.618123-3-stefanha@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 4 Nov 2025 02:29:19 +0000 (21:29 -0500)]
aio-posix: fix race between io_uring CQE and AioHandler deletion
When an AioHandler is enqueued on ctx->submit_list for removal, the
fill_sq_ring() function will submit an io_uring POLL_REMOVE operation to
cancel the in-flight POLL_ADD operation.
There is a race when another thread enqueues an AioHandler for deletion
on ctx->submit_list when the POLL_ADD CQE has already appeared. In that
case POLL_REMOVE is unnecessary. The code already handled this, but
forgot that the AioHandler itself is still on ctx->submit_list when the
POLL_ADD CQE is being processed. It's unsafe to delete the AioHandler at
that point in time (use-after-free).
Solve this problem by keeping the AioHandler alive but setting a flag so
that it will be deleted by fill_sq_ring() when it runs.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20251104022933.618123-2-stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging
virtio,pci,pc: fixes for 10.2
small fixes all over the place.
UDP tunnel and TSEG tweaks are kind of borderline,
but I feel not making the change now will just add
to compatibility headaches down the road.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCgAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmkQplIPHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRpFDsIAMlScYTW0fugUaP4B/a8xjgRFwBSk2CoU7aE
# l0k5ihyadecpnMLswkvoLfH9jl5Mu3MOZ6bpfcIHOWXMusGyiYcds6wupb8qcATP
# Ud4ZjybuNrpoGUul1ECkNTE3xvUtSBOVu8z9ac4ojP+w0LVDiuWyg1bl5QiRuzEg
# K87OjbdTIgCKKJi5QRw/dMJfoOofay98g0kbcuhkBiudvu3FtOpJW0g/aiY1m2sY
# MXYeBZjGbYGkAOXLKRcSr3nYtZbY4sg/onJ3Xb0HPbUZfRMTm7KKApwhH9jsHmlO
# VgaRGcF+dNDC7XIsaZt6k/YTsWCApYvuCcEQbjR1rW1d4ZmZU/Y=
# =ocWR
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 09 Nov 2025 03:33:54 PM CET
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [unknown]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
vhost-user.rst: clarify when FDs can be sent
q35: increase default tseg size
virtio-net: Advertise UDP tunnel GSO support by default
tests/qtest/bios-tables-test: Update DSDT blobs after GPEX _DSM change
hw/pci-host/gpex-acpi: Fix _DSM function 0 support return value
tests/qtest/bios-tables-test: Prepare for _DSM change in the DSDT table
vhost-user: make vhost_set_vring_file() synchronous
intel_iommu: Fix DMA failure when guest switches IOMMU domain
intel_iommu: Reset pasid cache when system level reset
intel_iommu: Handle PASID cache invalidation
vhost-user: fix shared object lookup handler logic
amd_iommu: Support 64-bit address for IOTLB lookup
amd_iommu: Fix handling of devices on buses != 0
MAINTAINERS: Update entry for AMD-Vi Emulation
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'lasi-fixes-pull-request' of https://github.com/hdeller/qemu-hppa into staging
hppa lasi bugfixes pull request
Please pull a bunch of fixes which repair issues introduced due to the previous
patch series which added LASI SCSI and LASI network card support as well as
the new 715 machines.
This includes fixes for reported coverty issues, and repairs the B160L machine
emulation.
Thanks!
Helge
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCaREQRQAKCRD3ErUQojoP
# Xy+DAQDJk9BbaZA4DOIMptbGewQMJLRYESa6XClF3s0IdbORQQD8DB49ipDtQkBz
# 50VfT6IusGBBKMaLr/9XgKqrk2bBqgc=
# =mgEV
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 09 Nov 2025 11:05:57 PM CET
# gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'lasi-fixes-pull-request' of https://github.com/hdeller/qemu-hppa:
target/hppa: Update SeaBIOS-hppa to version 20
ncr710: Use address space of device instead of global address space
ncr710: Add missing vmstate entries
i82596: Adding proper break-statement functionality in RX functions
i82596: Remove crc_valid variable
ncr710: Drop leftover debug code
ncr710: Fix potential null pointer dereference
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
In the decode_group9() function, if we don't recognise the insn as
one that we should handle, we leave the 'entry' pointer unaltered.
Because the X86OpEntry struct has a union for the gen and decode
pointers, this means that the top level code will call decode.e.gen()
which tries to use the decode function pointer (still set to
decode_group9) as a gen function pointer.
This is undefined behaviour, but seems to be mostly harmless in
practice (we call decode_group9() again with bogus arguments and it
does nothing). If you have CFI enabled then it will trip the CFI
check:
../target/i386/tcg/decode-new.c.inc:2862:9: runtime error: control flow integrity check for type 'void (struct DisasContext *, struct X86DecodedInsn *)' failed during indirect function call
Set *entry to UNKNOWN_OPCODE to provoke the #UD exception, as we do
in decode_group1A() and decode_group11() for similar situations.
Thanks to the bug reporter for the clear description and analysis of
the bug and the simple reproducer.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3172 Fixes: fcd16539ebfe2 ("target/i386: convert CMPXCHG8B/CMPXCHG16B to new decoder") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251021173152.1695997-1-peter.maydell@linaro.org>
tests/functional: Mark another MIPS replay test as flaky
When disabling MIPS tests on commit 1c11aa18071
("tests/functional: Mark the MIPS replay tests as flaky")
we missed the 5KEc test.
Reported-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251104145955.84091-1-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250925035610.80605-3-philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250925035610.80605-2-philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Helge Deller [Sun, 9 Nov 2025 21:47:31 +0000 (22:47 +0100)]
target/hppa: Update SeaBIOS-hppa to version 20
This is SeaBIOS for the hppa architecture v20
and it contains mostly bugfixes for issues which
were introduced by adding the 715/64 machine.
Fixes include:
- Fix inventory for 715 Snake machine
- Detect if LASI LAN and SCSI exists at startup
- Allow LASI LAN on B160L if created by qemu
- Enhance error messages
Alyssa Ross [Thu, 6 Nov 2025 19:21:05 +0000 (20:21 +0100)]
vhost-user.rst: clarify when FDs can be sent
Previously the spec did not say where in a message the FDs should be
sent. As I understand it, FDs transferred in ancillary data will
always be received along with the first byte of the data they were
sent with, so we should define which byte that is. Going by both
libvhost-user in QEMU and the rust-vmm crate, that byte is the first
byte of the message header. This is important to specify because it
would make back-end implementation significantly more complicated if
receiving file descriptors in the middle of a message had to be
handled.
Signed-off-by: Alyssa Ross <hi@alyssa.is> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251106192105.3456755-1-hi@alyssa.is>
Gerd Hoffmann [Thu, 6 Nov 2025 10:56:40 +0000 (11:56 +0100)]
q35: increase default tseg size
With virtual machines becoming larger (more CPUs, more memory) the
memory needed by the SMM code in OVMF to manage page tables and vcpu
state grows too.
Default SMM memory (aka TSEG) size is 16 MB, and this often is not
enough. Bump it to 64 MB for new machine types.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251106105640.1642109-1-kraxel@redhat.com>
Paolo Abeni [Fri, 10 Oct 2025 14:12:57 +0000 (16:12 +0200)]
virtio-net: Advertise UDP tunnel GSO support by default
Allow bidirectional aggregated traffic for UDP encapsulated flows.
Add the needed compatibility entries to avoid migration issues
vs older QEMU instances.
Signed-off-by: Paolo Abeni <pabeni@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <9c500fbcd2cf29afd1826b1ac906f9d5beac3601.1760104079.git.pabeni@redhat.com>
Shameer Kolothum [Wed, 22 Oct 2025 08:06:39 +0000 (09:06 +0100)]
tests/qtest/bios-tables-test: Update DSDT blobs after GPEX _DSM change
Update the reference DSDT blobs after GPEX _DSM change. This affects the
aarch64 'virt', riscv64 "virt", loongarch64 "virt" and the x86 'microvm'
machines.
DSDT diff is the same for all the machines/tests:
/*
* Intel ACPI Component Architecture
* AML/ASL+ Disassembler version 20230628 (64-bit version)
* Copyright (c) 2000 - 2023 Intel Corporation
*
* Disassembling to symbolic ASL+ operators
*
- * Disassembly of tests/data/acpi/aarch64/virt/DSDT, Fri Oct 10 11:18:21 2025
+ * Disassembly of /tmp/aml-E6V9D3, Fri Oct 10 11:18:21 2025
*
* Original Table Header:
* Signature "DSDT"
* Length 0x000014D9 (5337)
* Revision 0x02
- * Checksum 0xA4
+ * Checksum 0xA5
* OEM ID "BOCHS "
* OEM Table ID "BXPC "
* OEM Revision 0x00000001 (1)
* Compiler ID "BXPC"
* Compiler Version 0x00000001 (1)
*/
DefinitionBlock ("", "DSDT", 2, "BOCHS ", "BXPC ", 0x00000001)
{
Scope (\_SB)
{
Device (C000)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, Zero) // _UID: Unique ID
}
Device (RES0)
{
Name (_HID, "PNP0C02" /* PNP Motherboard Resources */) // _HID: Hardware ID
Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
QWordMemory (ResourceProducer, PosDecode, MinFixed, MaxFixed, NonCacheable, ReadWrite,
Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251022080639.243965-4-skolothumtho@nvidia.com>
Eric Auger [Wed, 22 Oct 2025 08:06:38 +0000 (09:06 +0100)]
hw/pci-host/gpex-acpi: Fix _DSM function 0 support return value
Currently, only function 0 is supported. According to the ACPI
Specification, Revision 6.6, Section 9.1.1 “_DSM (Device Specific
Method)”, bit 0 should be 0 to indicate that no other functions
are supported beyond function 0.
Shameer Kolothum [Wed, 22 Oct 2025 08:06:37 +0000 (09:06 +0100)]
tests/qtest/bios-tables-test: Prepare for _DSM change in the DSDT table
Subsequent patch will fix the GPEX _DSM method. Add the affected DSDT blobs
to allowed-diff list for bios-table tests.
Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251022080639.243965-2-skolothumtho@nvidia.com>
German Maglione [Wed, 22 Oct 2025 16:24:05 +0000 (18:24 +0200)]
vhost-user: make vhost_set_vring_file() synchronous
QEMU sends all of VHOST_USER_SET_VRING_KICK, _CALL, and _ERR without
setting the NEED_REPLY flag, i.e. by the time the respective
vhost_user_set_vring_*() function returns, it is completely up to chance
whether the back-end has already processed the request and switched over
to the new FD for interrupts.
At least for vhost_user_set_vring_call(), that is a problem: It is
called through vhost_virtqueue_mask(), which is generally used in the
VirtioDeviceClass.guest_notifier_mask() implementation, which is in turn
called by virtio_pci_one_vector_unmask(). The fact that we do not wait
for the back-end to install the FD leads to a race there:
Masking interrupts is implemented by redirecting interrupts to an
internal event FD that is not connected to the guest. Unmasking then
re-installs the guest-connected IRQ FD, then checks if there are pending
interrupts left on the masked event FD, and if so, issues an interrupt
to the guest.
Because guest_notifier_mask() (through vhost_user_set_vring_call())
doesn't wait for the back-end to switch over to the actual IRQ FD, it's
possible we check for pending interrupts while the back-end is still
using the masked event FD, and then we will lose interrupts that occur
before the back-end finally does switch over.
Fix this by setting NEED_REPLY on those VHOST_USER_SET_VRING_* messages,
so when we get that reply, we know that the back-end is now using the
new FD.
We have a few reports of a virtiofs mount hanging:
- https://gitlab.com/virtio-fs/virtiofsd/-/issues/101
- https://gitlab.com/virtio-fs/virtiofsd/-/issues/133
- https://gitlab.com/virtio-fs/virtiofsd/-/issues/213
This is quite difficult bug to reproduce, even for the reporters.
It only happens on production, every few weeks, and/or on 1 in 300 VMs.
So, we are not 100% sure this fixes that issue. However, we think this
is still a bug, and at least we have one report that claims this fixed
the issue:
Fixes: 5f6f6664bf24 ("Add vhost-user as a vhost backend.") Signed-off-by: German Maglione <gmaglione@redhat.com> Signed-off-by: Hanna Czenczek <hreitz@redhat.com> Reviewed-by: Eugenio Pérez <eperezma@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251022162405.318672-1-gmaglione@redhat.com>
Zhenzhong Duan [Fri, 17 Oct 2025 09:36:02 +0000 (05:36 -0400)]
intel_iommu: Fix DMA failure when guest switches IOMMU domain
Kernel allows user to switch IOMMU domain, e.g., switch between DMA
and identity domain. When this happen in IOMMU scalable mode, a pasid
cache invalidation request is sent, this request is ignored by vIOMMU
which leads to device binding to wrong address space, then DMA fails.
This issue exists in scalable mode with both first stage and second
stage translations, both emulated and passthrough devices.
Take network device for example, below sequence trigger issue:
1. start a guest with iommu=pt
2. echo 0000:01:00.0 > /sys/bus/pci/drivers/virtio-pci/unbind
3. echo DMA > /sys/kernel/iommu_groups/6/type
4. echo 0000:01:00.0 > /sys/bus/pci/drivers/virtio-pci/bind
5. Ping test
Fix it by switching address space in invalidation handler.
Fixes: 4a4f219e8a10 ("intel_iommu: add scalable-mode option to make scalable mode work") Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Yi Liu <yi.l.liu@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251017093602.525338-4-zhenzhong.duan@intel.com>
Zhenzhong Duan [Fri, 17 Oct 2025 09:36:01 +0000 (05:36 -0400)]
intel_iommu: Reset pasid cache when system level reset
Reset pasid cache when system level reset. Currently we don't have any
device supporting PASID yet. So all are PASID_0, its vtd_as is allocated
by PCI system and never removed, just mark pasid cache invalid.
Signed-off-by: Yi Liu <yi.l.liu@intel.com> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Yi Liu <yi.l.liu@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251017093602.525338-3-zhenzhong.duan@intel.com>
Zhenzhong Duan [Fri, 17 Oct 2025 09:36:00 +0000 (05:36 -0400)]
intel_iommu: Handle PASID cache invalidation
Adds a new entry VTDPASIDCacheEntry in VTDAddressSpace to cache the pasid
entry and track PASID usage and future PASID tagged DMA address translation
support in vIOMMU.
When guest triggers pasid cache invalidation, QEMU will capture it and
update or invalidate pasid cache.
vIOMMU emulator could figure out the reason by fetching latest guest pasid
entry in memory and compare it with cached PASID entry if it's valid.
Signed-off-by: Yi Liu <yi.l.liu@intel.com> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Yi Liu <yi.l.liu@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251017093602.525338-2-zhenzhong.duan@intel.com>
BALATON Zoltan [Sat, 8 Nov 2025 19:37:17 +0000 (20:37 +0100)]
pc-bios/dtb/pegasos*.dtb: Fix compiled dtb blobs
When adding these files somehow an incomplete version was committed.
Regenerate and update these dtb files to match the dts which fixes
problems caused by missing nodes in the dtb.
Fixes: 9099b430a4 (hw/ppc/pegasos2: Change device tree generation) Fixes: 3c21f9dfcf (hw/ppc/pegasos2: Add VOF support for pegasos1) Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Reported-by: Yogesh Vyas <yvyas1991@gmail.com> Tested-by: Yogesh Vyas <yvyas1991@gmail.com>
Message-Id: <20251108193717.DADA9597302@zero.eik.bme.hu> Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Refactor backend_read() function and add a reply_ack variable
to have the option for handlers to force tweak whether they should
send a reply or not without depending on VHOST_USER_NEED_REPLY_MASK
flag.
This fixes an issue with
vhost_user_backend_handle_shared_object_lookup() logic, as the
error path was not closing the backend channel correctly. So,
we can remove the reply call from within the handler, make
sure it returns early on errors as other handlers do and
set the reply_ack variable on backend_read() to true to ensure
that it will send a response, thus keeping the original intent.
Fixes: 1609476662 ("vhost-user: add shared_object msg") Cc: qemu-stable@nongnu.org Signed-off-by: Albert Esteve <aesteve@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251017072011.1874874-2-aesteve@redhat.com>
Sairaj Kodilkar [Mon, 3 Nov 2025 20:32:09 +0000 (20:32 +0000)]
amd_iommu: Support 64-bit address for IOTLB lookup
The physical AMD IOMMU supports up to 64 bits of IOVA. When a device tries
to read or write from a given DMA address, the IOMMU translates the address
using the I/O page tables assigned to that device. Since the emulated IOMMU
uses per-device page tables, an ideal cache tag would need to be 68 bits
(64-bit address - 12-bit page alignment + 16-bit device ID).
The current software IOTLB implementation uses a GLib hash table with a
64-bit key to hash both the IOVA and device ID, which limits the IOVA to 60
bits. This causes a failure while setting up the device when a guest is
booted with "iommu.forcedac=1", which forces the use of DMA addresses at the
top of the 64-bit address space.
To address this issue, construct the 64-bit hash key using the upper 52 bits
of IOVA (GFN) and lower 12 bits of the device ID to avoid truncation as much
as possible (reducing hash collisions).
Fixes: d29a09ca6842 ("hw/i386: Introduce AMD IOMMU") Signed-off-by: Sairaj Kodilkar <sarunkod@amd.com> Reviewed-by: Vasant Hegde <vasant.hegde@amd.com> Reviewed-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com> Tested-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com> Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251103203209.645434-4-alejandro.j.jimenez@oracle.com>
Sairaj Kodilkar [Mon, 3 Nov 2025 20:32:08 +0000 (20:32 +0000)]
amd_iommu: Fix handling of devices on buses != 0
The AMD IOMMU is set up at boot time and uses PCI bus numbers + devfn for
indexing into the DTE. The problem is that before the guest starts, all PCI
bus numbers are 0 as no PCI discovery has happened yet (BIOS and/or kernel
will do that later), so relying on the bus number is wrong.
The immediate effect is that emulated devices cannot do DMA when placed on a
bus other than 0.
Replace the static address_space array with a hash table keyed by devfn and
PCIBus*, since these values do not change after the guest boots.
Co-developed-by: Alexey Kardashevskiy <aik@amd.com> Signed-off-by: Alexey Kardashevskiy <aik@amd.com> Signed-off-by: Sairaj Kodilkar <sarunkod@amd.com> Reviewed-by: Vasant Hegde <vasant.hegde@amd.com> Reviewed-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com> Tested-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com> Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251103203209.645434-3-alejandro.j.jimenez@oracle.com>
Add myself as maintainer and Sairaj Kodilkar as reviewer.
Reviewed-by: Cédric Le Goater <clg@redhat.com> Acked-by: Sairaj Kodilkar <sarunkod@amd.com> Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251103203209.645434-2-alejandro.j.jimenez@oracle.com>
i82596: Adding proper break-statement functionality in RX functions
Fix coverty reported logic error CID 1642873.
The initial issue was the break statement exited out of the for loop
unconditionally.
Now, the break only happens if rfd is null, out_of_resources or
bytes_copied < payload_size.
While testing and developing for the HPUX 10.20 the crc_valid variable
was used in performing CRC checks for the loopback. I expected the
CRC to be absent on specific condition and would skip some
functional checks for the loopback packet, so initially it added
a if-clause that would skip the checks preventing HPUX from
getting stuck at phase loopback.
However, we can remove it, and this then fixes Coverity CID 1642868.
The code dereferences s->current before checking if it is NULL. Move the
null check before the dereference to prevent potential crashes.
This issue could occur if s->current is NULL when the function reaches
the "Host adapter (re)connected" path, though this should not normally
happen during correct operation.
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* rust: cleanup Error, add &error_fatal bindings
* rust: do not add qemuutil to Rust crates
* rust: migration: allow nested offset_of
* rust: add back to Ubuntu 22.04 jobs
* checkpatch: remove bogus patch prefix warning
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmkKKfgUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroPIjAf/YrgwlyfL7Uocrga95I4+bVTluEI9
# Fi7Bf5jpKuS4AyeZvyp56S3pTPKdsOb1QUEj95b99DvwkQnDp6JlV4fgOWTZdyCv
# S0okaNNRG+kGVwrd+Ie4lvTt/ljNyVPPE3EiVAjrJ6Uy/0wKWwd/2hNuJgfpOgJH
# DlUkVB+tlzRcZVvgq35jNxiGZPZYmQnv2lwuDspyIg4Tt8dcJt0DbrwDeiN2oPKC
# 4wxfd21ui9RVyKKjHzFL7p0i/Ap8WgwKhZMqe+Ab5Zz93cE0FU1Jl3SSS/fEPJSu
# cAy5csQZWfpODzwduwsWYnUYBzw5FPTSZ31aWJqJCdBw8OBBgflOQ7Qhaw==
# =vdV1
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 04 Nov 2025 05:29:44 PM CET
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [unknown]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
rust: add back to Ubuntu 22.04 jobs
rust: migration: allow nested offset_of
rust: do not add qemuutil to Rust crates
rust: pull error_fatal out of SysbusDeviceMethods::sysbus_realize
rust/util: replace Error::err_or_unit/err_or_else with Error::with_errp
rust/util: use anyhow's native chaining capabilities
rust/util: add ensure macro
scripts/checkpatch.pl: remove bogus patch prefix warning
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'hw-misc-20251104' of https://github.com/philmd/qemu into staging
Misc HW patches
- Add RPMB emulation to eMMC model
- Use generic MachineState::fdt field in microvm machine
- Remove dead code in ac97_realize()
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmkLEUMACgkQ4+MsLN6t
# wN4yURAAuiQPYC6rcPbjCI1RZ5iPyrajH1iKW6HSV6nMWHap1vjL8hUnrfDu1GRH
# uCyf8ExMkPWemNJW1WcxMN19Gie/J42PfKv7ggHTVoEQwg70DLmKBUcFBbsPfLy7
# 7NJ9qNnyZANNgBlvywZRPxs3v+3WEgqa6NEjpWqS5ivIEQjW4bxGa6yJ6LmJq1UY
# YpdSuK/9tsdPcDnc0b95cEBOZa7y8tjr8gtxCAraPwY+elaM9EYDwB8Mrg84RWiN
# zeeiCt1PL/Hc9qRiZral2MsWGtfefeOPGCir0jawaYl7UfbLi/0EXvpHJbMTl626
# MjilMlUi23aUbn1cuxygA1NV3sy+yRpZtxrpfJTOhoo7WZUBnn0atcH6GKMH2AM0
# S/thR6c1ArUck8d8ABUBESskmZpZQFPGXLcW+XCi8SOP/HwmtT/0L+OlexQPLAep
# nqu/T/yXer2C4sUHB2iwK7DrF7Dl2bzhdRZhyTEtIYuT4dC0FDVv9bwdgna/xWj3
# Re0HPT5J9o0tzQ2QaGMwPkjepf+LH1z3ntXhgJstr0D5G2wJ8+g1ZlPFKgrvBsCj
# C/YWZ3og31THAIb12exxaF4mHUF4fBrerQHg4E93MPhz1403D+sqJDxOUaC/PRJB
# OWwBCkWsWE8tjLie+1igNWKKB0N4ZTNKTGu0yxXFbcocu9LO6r0=
# =X6wb
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 05 Nov 2025 09:56:35 AM CET
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'hw-misc-20251104' of https://github.com/philmd/qemu:
hw/audio: Remove dead code from ac97_realize
hw/i386/microvm: Use fdt field from MachineState
docs: Add eMMC device model description
scripts: Add helper script to generate eMMC block device images
hw/sd/sdcard: Handle RPMB MAC field
hw/sd/sdcard: Add basic support for RPMB partition
hw/sd/sdcard: Allow user creation of eMMCs
hw/sd/sdcard: Fix size check for backing block image
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'i82596-fixes-pull-request' of https://github.com/hdeller/qemu-hppa into staging
LASI i82596 network driver fixes
As part of the Google Summer of Code 2025 program "Implementing LASI Network
Card and NCR 710 SCSI Controller Device Models" Soumyajyotii Ssarkar fixed
various bugs and enhanced the existing Qemu i82596 network card implementation.
Specifically he added or fixed the following functionality:
- Monitor Mode
- Promiscuous Mode
- Support for linear mode, segmented mode, and flexible memory models
- RX Timer
- Bus Throttle Timers
- Support for Little Endian mode
- Accurate CU and RU transition State
- HP-UX Specific Behavior Support
- Support for Loopback mode
- Self test
- Statistical counters
- VMstate descriptors
- Polling mechanism
- Transmit and Receive functions
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCaQoaFAAKCRD3ErUQojoP
# X/JLAP4mXjeN9G2F8xXEnCKDPoGFc16eQ/VjZJgh650KEHAO+gD/ZzSEeeoHGpp+
# Kg0/FrKY4u1TpZCq9RYKWjoDTjrzSAc=
# =26cF
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 04 Nov 2025 04:21:56 PM CET
# gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'i82596-fixes-pull-request' of https://github.com/hdeller/qemu-hppa:
i82596: Implement enhanced TX/RX with packet queuing and filtering
i82596: Added core infrastructure and helper functions
hw/hppa: Enable LASI i82596 network on 715 machine
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Remove unnecessary PCI configuration register initialization that was
marked with TODO comments indicating it's redundant:
- PCI_COMMAND register is already 0x00 by default, no need to override
- PCI_BASE_ADDRESS_0 registers are automatically set by pci_register_bar()
This aligns the code with the pattern used by other PCI audio devices
in QEMU (via-ac97, intel-hda, es1370) and removes 15 lines of dead code.
Luigi Leonardi [Thu, 30 Oct 2025 14:32:04 +0000 (15:32 +0100)]
hw/i386/microvm: Use fdt field from MachineState
MachineState already provides an fdt field, remove it from
MicrovmMachineState and use that instead.
This is useful when using the `dumpdtb` option, as QEMU expects the
device tree to be stored in the MachineState struct, otherwise it
will return this error:
qemu-system-x86_64: This machine doesn't have an FDT
Signed-off-by: Luigi Leonardi <leonardi@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251030-fix_microvm-v1-1-f89544a04be3@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Kiszka [Tue, 9 Sep 2025 06:13:22 +0000 (08:13 +0200)]
docs: Add eMMC device model description
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <b9c3ff21e7170fef5d0e7d08698a113d2a64e649.1762261430.git.jan.kiszka@siemens.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Kiszka [Tue, 12 Aug 2025 19:53:49 +0000 (21:53 +0200)]
scripts: Add helper script to generate eMMC block device images
As an eMMC block device image may consist of more than just the user
data partition, provide a helper script that can compose the image from
boot partitions, an RPMB partition and the user data image. The script
also does the required size validation and/or rounding.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <eecefa8e-44ae-45ff-85d0-3f9b786948e0@siemens.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Kiszka [Tue, 12 Aug 2025 19:33:46 +0000 (21:33 +0200)]
hw/sd/sdcard: Handle RPMB MAC field
Implement correct setting of the MAC field when passing RPMB frames back
to the guest. Also check the MAC on authenticated write requests.
This depends on HMAC support for QCRYPTO_HASH_ALGO_SHA256 which is
always available via glib - assert this, just to be safe.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <b6f5698c0ca017871d54834f0c7bd4b4b6316bbd.1762261430.git.jan.kiszka@siemens.com> Tested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Kiszka [Mon, 11 Aug 2025 07:01:57 +0000 (09:01 +0200)]
hw/sd/sdcard: Add basic support for RPMB partition
The Replay Protected Memory Block (RPMB) is available since eMMC 4.4
which has been obsoleted by 4.41. Therefore lift the provided
EXT_CSD_REV to 5 (4.41) and provide the basic logic to implement basic
support for it. This allows to set the authentication key, read the
write counter and authenticated perform data read and write requests.
Those aren't actually authenticated yet, support for that will be added
later.
The RPMB image needs to be added to backing block images after potential
boot partitions and before the user data. It's size is controlled by
the rpmb-partition-size property.
Also missing in this version (and actually not only for RPMB bits) is
persistence of registers that are supposed to survive power cycles. Most
prominent are the write counters or the authentication key. This feature
can be added later, e.g. by append a state structure to the backing
block image.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <d57388b599e47f5c95f30be7571b77f9016289eb.1762261430.git.jan.kiszka@siemens.com> Tested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Luebbe [Tue, 15 Oct 2024 13:56:49 +0000 (15:56 +0200)]
hw/sd/sdcard: Allow user creation of eMMCs
For testing eMMC-specific functionality (such as handling boot
partitions), it would be very useful to attach them to generic VMs such
as x86_64 via the sdhci-pci device:
...
-drive if=none,id=emmc-drive,file=emmc.img,format=raw \
-device sdhci-pci \
-device emmc,id=emmc0,drive=emmc-drive,boot-partition-size=1048576 \
...
While most eMMCs are soldered to boards, they can also be connected to
SD controllers with just a passive adapter, such as:
https://docs.radxa.com/en/accessories/emmc-to-usd
https://github.com/voltlog/emmc-wfbga153-microsd
The only change necessary to make the options above work is to avoid
disabling user_creatable, so do that. The SDHCI-PCI driver in the Linux
kernel already supports this just fine.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Acked-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241015135649.4189256-1-jlu@pengutronix.de>
Enable user-instantiation so that eMMCs can be created for PCI-attached
SD/MMC host controllers (such as sdhci-pci) on virt machines, for QA
purposes for the eMMC model itself and for complex firmware/OS
integrations using the upcoming RPMB partition support.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-ID: <e515cc80de261ff03b3141724298f20313259a85.1762261430.git.jan.kiszka@siemens.com> Tested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Kiszka [Sun, 24 Aug 2025 07:18:33 +0000 (09:18 +0200)]
hw/sd/sdcard: Fix size check for backing block image
Alignment rules apply the the individual partitions (user, boot, later
on also RPMB) and depend both on the size of the image and the type of
the device. Up to and including 2GB, the power-of-2 rule applies to the
user data area. For larger images, multiples of 512 sectors must be used
for eMMC and multiples of 512K for SD-cards. Fix the check accordingly
and also detect if the image is too small to even hold the boot
partitions.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-ID: <591f6d8a9dc86428723cb6876df6e717cc41a70e.1762261430.git.jan.kiszka@siemens.com> Tested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Merge tag 'pull-qapi-2025-11-04' of https://repo.or.cz/qemu/armbru into staging
QAPI patches for 2025-11-04
# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmkJ9+kSHGFybWJydUBy
# ZWRoYXQuY29tAAoJEDhwtADrkYZT3iwP/0t5o3xciGFgElQ+b/+5zv+tveUMHgec
# DXJk5gVrk5jS66QB9vxPkq6II1eunqP83KnxsaNi4D1b68+yrMj45amKpUKXV/Am
# GW8LJt1FTfbNhf7dLmXZ5K5q6unTqnyJdSjpCXqvAQ6yJVa3yG2U4TsRz6ZkFrEa
# gRluVAM0YGys30FXWOJ5bS4JB7VKAXIUzYQjvGRugdCdSTbs3VU/235KAQ87cK4H
# TRb0jTMdah8K+CmXBZLduxRTKaFqho/+hNBBlX23jgSdgNwsTcDPbz4ZaeSrVFEU
# frwKX5v4EwebyOFAzTlhRFGtENvDPCQNHIw3LpSseHCQeeWGulcymAintBty32A2
# 3CcK/7mgRC3ElvNpE0hYw910M3Cg0OVPOgME2NzuRKRiJ86mHgn/a90dLsKugNH7
# +v9bCzzeTHRtzgeyBC7oQ3omEpLxXGSD+MAzRR0iLY+f01ynQ+g2NorJsdELfY4S
# +A2sEq9+YnvoCbu3cMob5KaNyeKe6B4rjeo3Evketm+hdiaxuqLXcUuE6mgzAXDP
# s7n6JR2Li2cnzP/3RLWAHFNwqjaMUUd4gdhfTxTyiJsB/qTkGQsulK3iJX2EXQRI
# Me99IJsV78gLR/pFbeYOqCW7ySlx7+ykcAMyqc+4RaF3g72E05p+oncYTs9rmpBS
# UOy/PN3a7PP4
# =ub6L
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 04 Nov 2025 01:56:09 PM CET
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [unknown]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* tag 'pull-qapi-2025-11-04' of https://repo.or.cz/qemu/armbru:
qapi: Add documentation format validation
docs/interop: Add test to keep vhost-user.json sane
docs/interop/firmware: Literal block markup
docs/interop/vhost-user: Belatedly convert "Example" section
docs/interop: Refill QAPI doc comments to conform to conventions
qga/qapi-schema: Clean up whitespace between definitions
qga/qapi-schema: Refill doc comments to conform to conventions
qapi: Clean up whitespace between definitions
qapi: Refill doc comments to conform to conventions
qapi/audio: Fix description markup of AudiodevDBusOptions @nsamples
meson: Add missing backends.py to qapi_gen_depends
qapi/command: Avoid generating unused qmp_marshal_output_T()
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-aspeed-20251104' of https://github.com/legoater/qemu into staging
aspeed queue:
* Move Aspeed machine models in separate source files to ease maintenance
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmkJudUACgkQUaNDx8/7
# 7KFbOA/8CXCx6LMxs0F4ICUsX/HlmSi8n4oeR9bTar+Di/1wJBZsngVXmFIUq+g9
# i28QJiDKKPaGIbFkKfa/Ndd9vybnQNv9zdA7nbvJ/A9kRzIz3bzBtICwa1rUzwcb
# CeIzAAxLpBUHCwC9MDSe0PbCaCr/Fa1AsQrKrflLtbsDPtLdChwrNAJYD0N3Jih9
# Gh94nRQqy6VEv1bn0bUCxMgWbPVMm+ZAblUK0SN9asr2ZFl180Fec7kmHUKKhbUV
# WaNJM3qu7D15ShsrciarNLEgDQQGDKA/FemscAp41J5Ot1qymgBDS02MaNbFkBaZ
# 43xEh2o1a8pM4fELvawJoeCnODF9+EXYMiC6KTy4gk8T06U1d67AqQDgtmaAW9/T
# Mu79tXyYhygW3eFzvenOviPPmZCRPxeU9HerIZtb82EUJ1Os/ztctobZNdamMnue
# QMjUFfi1FUdvvsonx3kMVVCUsV3ZlSD7aAC3BR+tCe7b2hGeFEFXePUVO/HWSJGJ
# 3e92Wp11QKR9iXFK+g9910mPbNz+AMSw5C/GZIQf9TnGID+PrCTFTAaCW0D18Cvo
# A1zr1OZ8gJRz2hDRYVfDzykvWR7Y8IFdEPPeMzK9VAuv+Draiv1pNQ7bkqmf3m39
# rIV/oFOILQVEdnaQdc/q/cqWjSevptL+kt+Le+5qf0kbrJEOJY0=
# =nxN9
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 04 Nov 2025 09:31:17 AM CET
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg: aka "Cédric Le Goater <clg@kaod.org>" [full]
* tag 'pull-aspeed-20251104' of https://github.com/legoater/qemu: (30 commits)
hw/arm/aspeed: Split AST1030 EVB machine into a separate source file for maintainability
hw/arm/aspeed: Rename and export connect_serial_hds_to_uarts() as aspeed_connect_serial_hds_to_uarts()
hw/arm/aspeed: Split AST2700 EVB machine into a separate source file for maintainability
hw/arm/aspeed: Split AST2600 EVB machine into a separate source file for maintainability
hw/arm/aspeed: Split Catalina machine into a separate source file for maintainability
hw/arm/aspeed: Split Rainier machine into a separate source file for maintainability
hw/arm/aspeed: Split GB200NVL machine into a separate source file for maintainability
hw/arm/aspeed: Make aspeed_machine_ast2600_class_emmc_init() a common API for eMMC boot setup
hw/arm/aspeed: Split QCOM DC-SCM V1 machine into a separate source file for maintainability
hw/arm/aspeed: Split QCOM Firework machine into a separate source file for maintainability
hw/arm/aspeed: Split Fuji machine into a separate source file for maintainability
hw/arm/aspeed: Split FBY35 BMC machine into a separate source file for maintainability
hw/arm/aspeed: Split Bletchley machine into a separate source file for maintainability
hw/arm/aspeed: Move ASPEED_RAM_SIZE() macro to common header for reuse
hw/arm/aspeed: Split Palmetto machine into a separate source file for maintainability
hw/arm/aspeed: Split Supermicro X11 machine into a separate source file for maintainability
hw/arm/aspeed: Split Quanta-Q71L machine into a separate source file for maintainability
hw/arm/aspeed: Split AST2500 EVB machine into a separate source file for maintainability
hw/arm/aspeed: Split Supermicro X11SPI machine into a separate file for maintainability
hw/arm/aspeed: Split Romulus machine into a separate source file for maintainability
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Paolo Bonzini [Fri, 31 Oct 2025 13:24:18 +0000 (14:24 +0100)]
rust: add back to Ubuntu 22.04 jobs
Ubuntu is now including updated versions of Rust (up to 1.85) for
its LTS releases. Adjust the CI containers and re-add --enable-rust
to the Ubuntu jobs.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 3 Oct 2025 12:31:13 +0000 (14:31 +0200)]
rust: do not add qemuutil to Rust crates
This fails due to https://github.com/mesonbuild/meson/pull/15076.
The config-host.h file from the qemuutil dependency ends up on the
rustc command line for targets that do not use structured sources.
It will be reverted once Meson 1.9.2 is released.
Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 10 Oct 2025 16:17:59 +0000 (18:17 +0200)]
rust/util: use anyhow's native chaining capabilities
This simplifies conversions, making it possible to convert any error
into a QEMU util::Error with ".into()" (and therefore with "?").
The cost is having a separate constructor for when the error is a simple
string, but that is made easier by the ensure! macro. If necessary,
another macro similar to "anyhow!" can be returned, but for now there
is no need for that.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 10 Oct 2025 12:25:08 +0000 (14:25 +0200)]
rust/util: add ensure macro
The macro is similar to anyhow::ensure but uses QEMU's variation
on anyhow::Error. It can be used to easily check a condition
and format an error message.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Merge tag 'staging-pull-request' of https://gitlab.com/peterx/qemu into staging
mem + migration pull for 10.2
- Fabiano's patch to fix snapshot crash by rejecting some caps
- Marco's mapped-ram support on snapshot save/load
- Steve's cpr maintainers entry update on retirement
- Peter's coverity fixes
- Chenyi's tdx fix on hugetlbfs regression
- Peter's doc update on migrate resume flag
- Peter's doc update on HMP set parameter for cpr-exec-command's char** parsing
- Xiaoyao's guest-memfd fix for enabling shmem
- Arun's fix on error_fatal regression for migration errors
- Bin's fix on redundant error free for add block failures
- Markus's cleanup around MigMode sets
- Peter's two patches (out of loadvm threadify) to cleanup qio read peek process
- Thomas's vmstate-static-checker update for possible deprecation of argparse use
- Stefan's fix on windows deadlock by making unassigned MMIOs lockless
# -----BEGIN PGP SIGNATURE-----
#
# iIgEABYKADAWIQS5GE3CDMRX2s990ak7X8zN86vXBgUCaQkZPBIccGV0ZXJ4QHJl
# ZGhhdC5jb20ACgkQO1/MzfOr1wZhTgEA8eCBMpM7PusNSdzzeIygKnIp2A8I70ca
# eIJz3ZM+FiUBAPVDrIZ59EhZA6NPcJb8Ya9OY4lT63F4BxrvN+f+uG4N
# =GUBi
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 10:06:04 PM CET
# gpg: using EDDSA key B9184DC20CC457DACF7DD1A93B5FCCCDF3ABD706
# gpg: issuer "peterx@redhat.com"
# gpg: Good signature from "Peter Xu <xzpeter@gmail.com>" [unknown]
# gpg: aka "Peter Xu <peterx@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B918 4DC2 0CC4 57DA CF7D D1A9 3B5F CCCD F3AB D706
* tag 'staging-pull-request' of https://gitlab.com/peterx/qemu: (36 commits)
migration: Introduce POSTCOPY_DEVICE state
migration: Make postcopy listen thread joinable
migration: Respect exit-on-error when migration fails before resuming
migration: Refactor all incoming cleanup info migration_incoming_destroy()
migration: Introduce postcopy incoming setup and cleanup functions
migration: Move postcopy_ram_listen_thread() to postcopy-ram.c
migration: Do not try to start VM if disk activation fails
migration: Flush migration channel after sending data of CMD_PACKAGED
system/physmem: mark io_mem_unassigned lockless
scripts/vmstate-static-checker: Fix deprecation warnings with latest argparse
migration: vmsd errp handlers: return bool
migration/vmstate: stop reporting error number for new _errp APIs
tmp_emulator: improve and fix use of errp
migration: vmstate_save_state_v(): fix error path
migration: Properly wait on G_IO_IN when peeking messages
io: Add qio_channel_wait_cond() helper
migration: Put Error **errp parameter last
migration: Use bitset of MigMode instead of variable arguments
migration: Use unsigned instead of int for bit set of MigMode
migration: Don't free the reason after calling migrate_add_blocker
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-target-arm-20251103' of https://gitlab.com/pm215/qemu into staging
target-arm queue:
* allow KVM accelerator on imx8mp-evk
* docs/devel/testing/fuzzing: Note that you can get qtest to read from a file
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmkIzk0ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3pn5D/0djVUHCCeDkw8ZrgXYqw3m
# IkdSkA4dmuBPUUnjBT92ZUwuZ6IY7bk14fARC2Y4W01mgB78V+kzoRAeHSJ3Hp2+
# 8fKKDrv0ZCmBV/iqlxpP3j9q7gG91aEsC5dz7xfl1bZmLMaSvOArPbuEZECDTW7z
# vQxQfw9V33TwIzbLy8hLOmgCMxse4BIm8wpKjXAcVNAt0dDc7VGBaLfMCegZ/JYR
# 8+c8XSAITxe9bd5CrVfIOI5pnZ/PBekMAAYRtT/fhJLPGeKZsqH3EZpSOrBS+apv
# dpjtOEUdUbN54v5QkmNaCiX+/Yy4EEo+/0etmNR10LKpDBPPUkLQMWgtF0YUHPyp
# e7Y3iaLqTrd+GQ8JNvjqZteKiI6NEVxZDB+EKf9VyxZ0DACVxrDyZ9Yq8r4RGlib
# ltog0lPxShJW88yhuHajLouMITVj/FQiUSwQ9I4fmzHqTJa0CDC553vivIxXSglG
# BBF3dJ2WcBynkkzfpH751TwAnS/k/QsjR75c2wc8Vx21LAL+MM0RpbMwbk5Wh46Z
# uXKHps2NTyfDX8WfetgS3+FnAeyOfy8pqLpQPOyvep3s24xjW8Vuh6bxpHjyhYxm
# mHN+3ZB2/am2rNADg5WWtqzeRUw4kytoRAPTQyw2t7jWnjebRDHr3eCpPcicXkv5
# zuNSj8Ugiq60jgmRxZAQ9w==
# =Zqu+
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 04:46:21 PM CET
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [unknown]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20251103' of https://gitlab.com/pm215/qemu:
docs/devel/testing/fuzzing: Note that you can get qtest to read from a file
hw/arm/imx8mp-evk: Fix guest time in KVM mode
hw/arm/imx8mp-evk: Add KVM support
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
i82596: Added core infrastructure and helper functions
As a part of GSOC 2025 I have done a massive rewrite of what was the
82596 NIC. This has been done to add the missing functionality according
to the 82596 Manual and making the code production ready.
This patch adds:
- comprehensive 82596 constants and configuration macros
- address translation for segmented/linear memory modes
- error recording and statistics tracking infrastructure
- CRC-16/32 calculation and appending functions
- CSMA/CD collision detection and backoff logic
- bus throttle timer framework
- enhanced reset with full state initialization
- receive_iov and polling support functions
- updated VMState for migration of all new fields
Note:
This patch primarily includes placeholder code.
To achieve full 82596 emulation, the complete 82596 patch series is
required. Nevertheless, QEMU is able to load and boot successfully with
this patch.
Helge Deller [Mon, 3 Nov 2025 11:27:21 +0000 (16:57 +0530)]
hw/hppa: Enable LASI i82596 network on 715 machine
Enable the i82596 network chip which is included in the LASI
multi I/O chip. Since LASI has different start addresses on
the various machines, always initialize the LASI components
by their offsets.
Merge tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu into staging
Merge crypto and other misc fixes / features
* Increase minimum gnutls to 3.7.5
* Increase minimum libgcrypt to 1.9.4
* Increase minimum nettle to 3.7.3
* Drop obsolete in-tree XTS impl
* Fix memory leak when loading certificates
* Remove/reduce duplication when loading certifcates
* Fix possible crash when certificates are unloaded
while an active TLS connection is using when in a
TLS handshake operation
* Deprecate use of dh-params.pem file
* Document how to create certificates with Post-Quantum
Cryptography compliant algorithms.
* Support loading multiple certificate identities to
allow support for Post-Quantum crypto in parallel
with traditional RSA/ECC
* Add "-run-with exit-with-parent=on" parameter
* Flush pending errors when seeing ENOBUFS with
a zero-copy send attempt
* Fix data buffer parameters in hash & IO channel APIs
to use 'void *'
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmkIr/8ACgkQvobrtBUQ
# T9+2RhAAhEak/krdlTJw8OlJonUop7G5mlLU2TEoX0duRORcFhScsdSwb2pyc/wM
# tnwfWXsnsKFItJx1y3STkOICtdNqizGoU3+c7wl4anQBurydu+XTs4ESBtVJtMYr
# 1lTYvp0HFyKvaXwDWKE+ztltlJiog51tHPDLUIBCnyJysLVqxCHMHmkbG46IPBZo
# A2XXxp3j/VBPmhls0JHpbAD4iVE3PChdK7zhyeGe/rld9+0JA12EPCvZ5Uokdj41
# aYP/okvnVH1atucoygPdDE3P5GYBKaSXZUWqzfkKhU7FgaF2863Td7ff1ip+WyWN
# FFPNEU1hVg+T5hfsZVQmmIFDdSJWqoZaZM/WJVYdrRY4dKUCPnJ9OINbbnhuWz5E
# JFmZOPibRZKQ44XcHX49JRfJEBvoq1z9OT1r7HkEP4D9/O7V/riIunbAESMk0sgi
# 0/fatvdhNKMN6YBQM3mtN3yNOcfRSWFtSy9XS9zDjdpEKT7ui2t9FC0ZNSP0FRkS
# aTY31FyacjHwU3zaoh6NoqqpxV9wwHrgsJwNbA/IztjmX/jvGG0Gb/sXVEqM59tR
# e3VWTmlmZ1T8OLImh1hG4t+nY+XzI64QpVX8H9RCGm21o28DyTcOnTFK4OyIfWe5
# ttnNfEJN8WCVCsA8tcM8yAbZ/0qXrYfiZSO7hq79wE7LvyholAQ=
# =9ESG
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 02:37:03 PM CET
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [unknown]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu: (32 commits)
docs: creation of x509 certs compliant with post-quantum crypto
crypto: support upto 5 parallel certificate identities
crypto: expand logic to cope with multiple certificate identities
crypto: avoid loading the identity certs twice
crypto: avoid loading the CA certs twice
crypto: deprecate use of external dh-params.pem file
crypto: make TLS credentials structs private
crypto: fix lifecycle handling of gnutls credentials objects
crypto: introduce a wrapper around gnutls credentials
crypto: introduce method for reloading TLS creds
crypto: reduce duplication in handling TLS priority strings
crypto: remove duplication loading x509 CA cert
crypto: shorten the endpoint == server check in TLS creds
crypto: move release of DH parameters into TLS creds parent
crypto: remove needless indirection via parent_obj field
crypto: use g_autofree when loading x509 credentials
crypto: move check for TLS creds 'dir' property
crypto: remove redundant access() checks before loading certs
crypto: replace stat() with access() for credential checks
crypto: add missing free of certs array
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Add explicit validation for QAPI documentation formatting rules:
1. Lines must not exceed 70 columns in width (including '# ' prefix)
2. Sentences must be separated by two spaces
Example sections and literal :: blocks (seldom case) are excluded, we
don't require them to be <= 70, that would be too restrictive. Anyway,
they share common 80-columns recommendations (not requirements).
Add two simple tests, illustrating the change.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20251031183129.246814-1-vsementsov@yandex-team.ru>
The detection of example and literal blocks isn't quite correct, but
it works well enough, and we can improve on top.
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Comments, error messages, and test file names tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
docs/interop: Add test to keep vhost-user.json sane
We did this for firmware.json in commit d4181658dfb (docs: add test
for firmware.json QAPI).
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20251103082354.3273027-10-armbru@redhat.com>
A few doc comments show command line snippets. The snippets are
indented, which is legible enough. Actually formatting these with
Sphinx would fail with "Unexpected indentation", though. We don't so
far. Add suitable markup anyway.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20251103082354.3273027-9-armbru@redhat.com>
These are gone since 3c5f6114d9f (qapi: remove "Example" doc section).
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20251103082354.3273027-8-armbru@redhat.com>
docs/interop: Refill QAPI doc comments to conform to conventions
For legibility, wrap text paragraphs so every line is at most 70
characters long. Consistently separate sentences with two spaces.
Consistently separate member descriptions with a blank line.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20251103082354.3273027-7-armbru@redhat.com>
qga/qapi-schema: Clean up whitespace between definitions
Consistently separate definitions with a single blank line.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20251103082354.3273027-6-armbru@redhat.com>
qga/qapi-schema: Refill doc comments to conform to conventions
Sweep the entire documentation again. Last done in commit 7270819384c (qga/qapi-schema: Refill doc comments to conform to
current conventions).
To check the generated documentation does not change, I compared the
generated HTML before and after this commit with "wdiff -3". Finds no
differences. Comparing with diff is not useful, as the reflown
paragraphs are visible there.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20251103082354.3273027-5-armbru@redhat.com>
Consistently separate definitions with a single blank line.
Consistently separate member descriptions with a blank line.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20251103082354.3273027-4-armbru@redhat.com>
qapi: Refill doc comments to conform to conventions
Sweep the entire documentation again. Last done in commit 01bed0ff14b (qapi: Refill doc comments to conform to conventions).
To check the generated documentation does not change, I compared the
generated HTML before and after this commit with "wdiff -3". Finds no
differences. Comparing with diff is not useful, as the reflown
paragraphs are visible there.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20251103082354.3273027-3-armbru@redhat.com>
qmp_marshal_output_T() is only ever called by qmp_marshal_C() for a
command C that returns type T.
We've always generated it as a static function on demand, i.e. when we
generate a call.
Since we split up monolithic generated code into modules (commit 252dc3105fc "qapi: Generate separate .h, .c for each module"), we do
this per module. As noted in the commit message, this can result in
identical (static) qmp_marshal_output_T() in several modules. Was
deemed not worth avoiding.
A bit later, we added 'if' conditionals to the schema language (merge
commit 5dafaf4fbce).
When a conditional definition uses a type, then its condition must
imply the type's condition. We made this the user's responsibility.
Hasn't been an issue in practice.
However, the sharing of qmp_marshal_output_T() among commands
complicates matters. To avoid both undefined function errors and
unused function warnings, qmp_marshal_output_T() must be defined
exactly when it's used. It is used when any of the qmp_marshal_C()
calling it is defined, i.e. when any C's condition holds.
The generator uses T's condition instead. To avoid both error and
warning, T's condition must be the conjunction of all C's conditions.
Unfortunately, this can be impossible:
* Conditional command returning a builtin type
A builtin type cannot be conditional. This is noted in a FIXME
comment.
* Commands in multiple modules where the conjunction differs between
modules
An instance of this came up recently. we have unconditional
commands returning HumanReadableText. If we add a conditional one
to a module that does not have unconditional ones, compilation fails
with "defined but not used". If we make HumanReadableText
conditional to fix this module, we break the others.
Instead of complicating the code to compute the conjunction, simplify
it: generate the output marshaling code right into qmp_marshal_C().
This duplicates it when multiple commands return the same type. The
impact on code size is negligible: qemu-system-x86_64's text segment
grows by 1448 bytes.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250804130602.903904-1-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[Commit message typos fixed]
Remove the 'patch prefix exists, appears to be a -p0 patch' warning
entirely as it is fundamentally flawed and can only produce false
positives.
Sometimes I create test files with names 'a' and 'b', and then get
surprised seeing this warning. It was not easy to understand where it
comes from.
How it works:
1. It extracts prefixes (a/, b/) from standard diff output
2. Checks if files/directories with these names exist in the project
root
3. Warns if they exist, claiming it's a '-p0 patch' issue
This logic is wrong because:
- Standard diff/patch tools always use a/ and b/ prefixes by default
- The existence of files named 'a' or 'b' in the working directory is
completely unrelated to patch format
- The working directory state may not correspond to the patch content
(different commits, branches, etc.)
- In QEMU project, there are no single-letter files/directories in root,
so this check can only generate false positives
The correct way to detect -p0 patches would be to analyze the path
format within the patch itself (e.g., absolute paths or paths without
prefixes), not check filesystem state.
Merge tag 'pull-request-2025-11-03' of https://gitlab.com/thuth/qemu into staging
* Fix spurious EOFError messages from the device-crash-test script
* Fix various issues in the functional tests that pylint complained about
* Improve logging information in the functional tests
* Fix issue in the s390x clock-comparator code
* Use address generation for register branch targets on s390x
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCgAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmkIincRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbUpBg/+KQsh+JNxymwft6ohIiyUqP1vNFYbWMty
# MPRLhInAfT55Hkf6wBX0+WbhqePXvVcThjahh8+2ZlX7/9RVKA5xYn2zLe+tZc8P
# YayVfw0ferJkDoY5UjtQS2RxSpKvs+DaSEpnKzCXA5T5ytth70wM4doQ5h65qz45
# 31dLyBhkYLATF00otT62iKzcudpZosxdkC1nPd5FZDM5nXjzeA8CfdsWTW/wa7Kq
# OuMM9a9f7jp3i4OCsyOaPoHhZisP+RK/26m+cMFk2JR41anK4SZ5neunFYre5blg
# W1JkVI+JSLunPfNpKqAKPMPiJ4mKu0vxTeFsY6NMzeRINnr4ctoJf2zED1eMk+R5
# qEJWZfcjXAfMHF0VGvmMHbISCygJXBUMjK0I58N2hJbQPinGiQvQMM8M8S+S3bUm
# 0bQxYJPB9ipIz2N3j/xcgQV60df7ut9qp1buVC9XyRiozkUadjFJBCFtB9+Fum+6
# MmXwW94LZbKBYiB7gtEjnLdaqCyua5pnFqQG3BbWgpEpXbNlNVTw9cajKhqTD+H+
# R63wPSojo0jc2idmdJCVeUxxQFW/tpWdBXQ0fDRAqIkTTZhF4e+vM82aPd61jpDO
# M4gFsddTXNDhElAw14/RK+wtIZQHliaSQSxRrzpb8n0tKR+41XvBKIsqYBQUDN3o
# 7xe3j9SzpU4=
# =fyHW
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 11:56:55 AM CET
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [unknown]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [unknown]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2025-11-03' of https://gitlab.com/thuth/qemu: (22 commits)
tests/tcg/s390x: Test SET CLOCK COMPARATOR
target/s390x: Use address generation for register branch targets
target/s390x: Fix missing clock-comparator interrupts after reset
target/s390x: Fix missing interrupts for small CKC values
hw/s390x: Use memory_region_size()
tests/functional: include the lower level QMP log messages
tests/functional: include logger name and function in messages
tests/functional/ppc64: Fix class names to silence pylint warnings
tests/functional/x86_64/test_virtio_balloon: Fix cosmetic issues from pylint
tests/functional/x86_64/test_acpi_bits: Silence warnings reported by pylint
tests/functional/rx/test_gdbsim: Remove unused variables
tests/functional/ppc64/test_mac99: Fix style issues reported by pylint
tests/functional/migration: Fix bad indentation
MAINTAINERS: fix functional tests section
tests/functional/.../testcase.py: better socketdir cleanup
tests/functional/arm/test_aspeed_ast1030: Remove unused import
tests/functional: Fix problems in utils.py reported by pylint
tests/functional: Fix problems in uncompress.py reported by pylint
tests/functional: Fix problems in linuxkernel.py reported by pylint
tests/functional: Fix problems in decorators.py reported by pylint
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'accel-cpus-20251103' of https://github.com/philmd/qemu into staging
Generic CPUs / accelerators patch queue
- Access CPUState::thread_kicked atomically
- Fix bql_locked status with condvar APIs
- Document cpu_memory_rw_debug()
- Rename init_clocks() -> qemu_init_clocks() to avoid name clashing
- Fix QEMU_HEXDUMP_LINE_WIDTH logic
- Fix interrupts check in rx_cpu_do_interrupt()
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmkIrCIACgkQ4+MsLN6t
# wN6wSRAAkfYKbLKLqdrYpuz+D94KSnhrBxqXaC9RH+Q48VQS5Du4IBXfuTPtUa5+
# ii73XmEl3J83NbK+miH5rqRuRNCqj/MC1MUeFuXDjI2kkIupZMnarus4kS/zZ0zE
# KgJeZxfuHXkxs7SLjk/N1b8/BJSZXfXybtNVhnzPTS6UyuGvx3MBf5g3NtwlVC4B
# J3o/5klyxFzB9oyASg0pTCXnjdTnqakre1MnYFoEctxDq+W3AJgiT6MVkVWuPtxn
# AbN1Zf9vi/e7UyVB2r8NprMfgukJBiMIQK/yfwkWOr1iE4aUSapLCvZEc1ZuL5RF
# asFZ5sptn0QU0nJX2UTs/dWWdukLyffem/OIp737WsXR3EPCcWIEVF8oXlRcdGR0
# BBkyWP6H0v75lvD4V+cn0hUXeT2tSAWBddtSvIZ08tfIo1z6s+ckVPY1C3m3xbXt
# BsWjKaFG7UlkUXfmgXlkaNYzzicZTg1arOIQ4InPlIeJ+6gzWad3ciRk7zIyEpSA
# EizIIxI9WILcG2Qp5MvXuCiTQvPlN2AhOq7Z3L+XyeAK/7qXpUmlrdMeTshJE5z4
# rQHt0tb689ma/Vm0/NbZZ8RY66xgdpGcYjNYgthm4nkah02a07keLVKXxBF8oWbV
# v4LRE9Vprv0WP8zVKfuWi7s/L2HmNZodHGB+lrAJddqTl7X2lIc=
# =BKNk
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 02:20:34 PM CET
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'accel-cpus-20251103' of https://github.com/philmd/qemu:
rx: cpu: fix interrupts check in rx_cpu_do_interrupt()
util/hexdump: fix QEMU_HEXDUMP_LINE_WIDTH logic
timers: properly prefix init_clocks()
exec/cpu: Declare cpu_memory_rw_debug() in 'hw/core/cpu.h' and document
bql: Fix bql_locked status with condvar APIs
accel/tcg: Use cpu_is_stopped() helper to access CPUState::stopped
cpus: Access CPUState::thread_kicked atomically
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Jamin Lin [Tue, 4 Nov 2025 03:13:08 +0000 (11:13 +0800)]
hw/arm/aspeed: Split AST1030 EVB machine into a separate source file for maintainability
This commit moves the Aspeed AST1030 MiniBMC machine
implementation out of aspeed.c into a new standalone file
aspeed_ast10x0_evb.c.
This refactor continues the modularization effort for Aspeed platform
support, placing each board’s logic and initialization sequence in its
own dedicated source file. It improves maintainability, readability, and
makes it easier to extend support for additional AST10x0-based variants.
Key updates include:
- Moved aspeed_minibmc_machine_init() and
aspeed_minibmc_machine_ast1030_evb_class_init() from aspeed.c to
aspeed_ast10x0_evb.c.
- Moved ast1030_evb_i2c_init() and associated I2C setup code.
- Removed AST1030 EVB machine type registration from aspeed.c.
- Added aspeed_ast10x0_evb.c to the Meson build system (meson.build).
Jamin Lin [Tue, 4 Nov 2025 03:13:07 +0000 (11:13 +0800)]
hw/arm/aspeed: Rename and export connect_serial_hds_to_uarts() as aspeed_connect_serial_hds_to_uarts()
The helper function connect_serial_hds_to_uarts() has been renamed to
aspeed_connect_serial_hds_to_uarts() and promoted to a public Aspeed
machine API.
Previously, this function was declared static within aspeed.c and only
used internally. Renaming it with the aspeed_ prefix and exporting its
declaration in aspeed.h makes the function accessible to other Aspeed
machine implementations that need to attach host serial devices to SoC
UARTs.
Jamin Lin [Tue, 4 Nov 2025 03:13:06 +0000 (11:13 +0800)]
hw/arm/aspeed: Split AST2700 EVB machine into a separate source file for maintainability
This commit moves the Aspeed AST2700 EVB machine implementation out of
aspeed.c into a new standalone file aspeed_ast27x0_evb.c.
This refactor continues the ongoing modularization of Aspeed platform
support, organizing each board’s initialization logic into its own
dedicated source file. It improves maintainability, readability, and
makes it easier to extend or update individual platform support without
cluttering aspeed.c.
Key updates include:
- Moved AST2700_EVB_HW_STRAP1 and AST2700_EVB_HW_STRAP2 macro definitions
into the new aspeed_ast27x0_evb.c file.
- Moved ast2700_evb_i2c_init(), aspeed_machine_ast2700a0_evb_class_init(),
and aspeed_machine_ast2700a1_evb_class_init() into the new
aspeed_ast27x0_evb.c file.
- Removed the AST2700 EVB machine type registration from aspeed.c.
- Added aspeed_ast27x0_evb.c to the Meson build system (meson.build).
Jamin Lin [Tue, 4 Nov 2025 03:13:05 +0000 (11:13 +0800)]
hw/arm/aspeed: Split AST2600 EVB machine into a separate source file for maintainability
This commit moves the Aspeed AST2600 EVB machine implementation out of
aspeed.c into a new standalone file aspeed_ast2600_evb.c.
This refactor continues the modularization effort of the Aspeed platform
machine definitions, separating each board’s initialization logic into its
own dedicated source file. It improves code maintainability, readability,
and reduces clutter in aspeed.c, simplifying future platform extensions.
Key updates include:
- Moved AST2600_EVB_HW_STRAP1 and AST2600_EVB_HW_STRAP2 macro definitions
into the new aspeed_ast2600_evb.c file.
- Moved ast2600_evb_i2c_init() and related device initialization code into
the new aspeed_ast2600_evb.c file.
- Moved aspeed_machine_ast2600_evb_class_init() and type registration logic
out of aspeed.c.
- Added aspeed_ast2600_evb.c to the Meson build system (meson.build).
- Cleaned up all AST2600 EVB-specific code and macros from aspeed.c.
Jamin Lin [Tue, 4 Nov 2025 03:13:04 +0000 (11:13 +0800)]
hw/arm/aspeed: Split Catalina machine into a separate source file for maintainability
This commit moves the Facebook Catalina BMC machine implementation out of
aspeed.c into a new standalone file aspeed_ast2600_catalina.c.
This refactor continues the ongoing modularization of Aspeed platform
support, organizing each board’s logic into its own dedicated source file.
It improves maintainability, readability, and simplifies future
development of new BMC platforms without cluttering aspeed.c.
Key updates include:
- Moved CATALINA_BMC_HW_STRAP1 and CATALINA_BMC_HW_STRAP2 macro definitions
into the new file.
- Moved catalina_bmc_i2c_init() and all Catalina-specific I2C device setup
into the new aspeed_ast2600_catalina.c file.
- Moved aspeed_machine_catalina_class_init() and type registration logic
out of aspeed.c.
- Cleaned up all Catalina-specific code and macros from aspeed.c.
- Added aspeed_ast2600_catalina.c to the Meson build system (meson.build).
Jamin Lin [Tue, 4 Nov 2025 03:13:03 +0000 (11:13 +0800)]
hw/arm/aspeed: Split Rainier machine into a separate source file for maintainability
This commit moves the IBM Rainier BMC machine implementation out of
aspeed.c into a new standalone file aspeed_ast2600_rainier.c.
This refactor continues the modularization effort for Aspeed platform
support, placing each board’s logic and FRUID data in its own dedicated
source file. It improves maintainability, readability, and simplifies
future development for new Aspeed-based systems without cluttering
aspeed.c.
Key updates include:
- Removed RAINIER_BMC_HW_STRAP1 and RAINIER_BMC_HW_STRAP2 macro definitions.
- Moved rainier_bmc_i2c_init() and all related I2C device setup code
into the new aspeed_ast2600_rainier.c file.
- Moved aspeed_machine_rainier_class_init() and type registration logic
out of aspeed.c.
- Deleted aspeed_eeprom.h and aspeed_eeprom.c; their FRUID data and
length definitions are now handled directly in the new Rainier file.
- Added aspeed_ast2600_rainier.c to the Meson build system (meson.build).
projects / thirdparty / qemu.git / log
