hw/i2c/imx: Always set interrupt status bit if interrupt condition occurs
According to the i.MX 8M Plus reference manual, the status flag
I2C_I2SR[IIF] continues to be set when an interrupt condition
occurs even when I2C interrupts are disabled (I2C_I2CR[IIEN] is
clear). However, the device model only sets the flag when I2C
interrupts are enabled which causes U-Boot to loop forever. Fix
the device model by always setting the flag and let I2C_I2CR[IIEN]
guard I2C interrupts only.
Also remove the comment in the code since it merely stated the
obvious and would be outdated now.
Cc: qemu-stable@nongnu.org Fixes: 20d0f9cf6a41 ("i.MX: Add I2C controller emulator") Signed-off-by: Bernhard Beschow <shentey@gmail.com> Acked-by: Corey Minyard <cminyard@mvista.com>
Message-ID: <20250507124040.425773-1-shentey@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 54e54e594bc8273d210f7ff4448c165a989cbbe8) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Today, we don't track write-abiliy in the cache, if a user
requests a readable mapping followed by a writeable mapping
on the same page, the second lookup will incorrectly hit
the readable entry.
Split mapcache_grants by ro and rw access. Grants will now
have separate ways in the cache depending on writeability.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
(cherry picked from commit 88fb705600a3b612c571efc9f1a6aed923a18dcc) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
If we have request without lock and hit unlocked or invalid
entry during the search, we remap it immediately,
even if we have matching entry in next entries in bucket.
This leads to duplication of mappings of the same size,
and to possibility of selecting the wrong element
during invalidation and underflow it's entry->lock counter
Signed-off-by: Aleksandr Partanen <alex.pentagrid@gmail.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
(cherry picked from commit a4b20f737cda06bb8706a83e27f7fa89863ae689) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Paolo Bonzini [Mon, 15 Jul 2024 08:35:06 +0000 (10:35 +0200)]
target/i386: do not block singlestep for STI
STI will trigger a singlestep exception even if it has inhibit-IRQ
behavior. Do not suppress single-step for all IRQ-inhibiting
instructions, instead special case MOV SS and POP SS.
Cc: qemu-stable@nongnu.org Fixes: f0f0136abba ("target/i386: no single-step exception after MOV or POP SS", 2024-05-25) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 1e94ddc6854431064c94a7d8f2f2886def285829) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Paolo Bonzini [Thu, 8 May 2025 09:32:11 +0000 (11:32 +0200)]
target/i386: do not trigger IRQ shadow for LSS
Because LSS need not trigger an IRQ shadow, gen_movl_seg can't just use
the destination register to decide whether to inhibit IRQs. Add an
argument.
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit e54ef98c8a80d16158bab4341d9a898701270528)
(back-ported to 10.0) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
hw/gpio/imx_gpio: Fix interpretation of GDIR polarity
According to the i.MX 8M Plus reference manual, a GPIO pin is
configured as an output when the corresponding bit in the GDIR
register is set. The function imx_gpio_set_int_line() is intended to
be a no-op if the pin is configured as an output, returning early in
such cases. However, it inverts the condition. Fix this by
returning early when the bit is set.
cc: qemu-stable@nongnu.org Fixes: f44272809779 ("i.MX: Add GPIO device") Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 20250501183445.2389-4-shentey@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit eba837a31b9579e30cc6d7ecb4b5c2662a6ffaba) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Thu, 1 May 2025 09:31:26 +0000 (10:31 +0100)]
docs: Don't define duplicate label in qemu-block-drivers.rst.inc
Sphinx requires that labels within documents are unique across the
whole manual. This is because the "create a hyperlink" directive
specifies only the name of the label, not a filename+label. Some
Sphinx versions will warn about duplicate labels, but even if there
is no warning there is still an ambiguity and no guarantee that the
hyperlink will be created to the right target.
For QEMU this is awkward, because we have various .rst.inc fragments
which we include into multiple .rst files. If you define a label in
the .rst.inc file then it will be a duplicate label. We have mostly
worked around this by not putting labels into those .rst.inc files,
or by adding "insert a label" functionality into the hxtool extension
(see commit 1eeb432a953b0 "doc/sphinx/hxtool.py: add optional label
argument to SRST directive").
Unfortunately in commit 7f6314427e78 ("docs/devel: add a codebase
section") we accidentally added a duplicate label, because not all
Sphinx versions warn about the mistake.
In this case the link was only from the developer docs codebase
summary, so as the simplest fix for the stable branch, we drop
the link entirely.
Cc: qemu-stable@nongnu.org Fixes: 1eeb432a953b0 "doc/sphinx/hxtool.py: add optional label argument to SRST directive" Reported-by: Dario Faggioli <dfaggioli@suse.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Eric Blake <eblake@redhat.com> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-id: 20250501093126.716667-1-peter.maydell@linaro.org
(cherry picked from commit 82707dd4f07613eed8d639956a43bddffca5cd5c) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Both calls are in arm_tr_tb_stop(), one for the
DISAS_NEXT/DISAS_TOO_MANY handling, and one for the dc->condjump
condition-failed codepath. The DISAS_NEXT handling doesn't have this
problem because arm_post_translate_insn() does the handling of "emit
the label for the condition-failed conditional execution" and so
arm_tr_tb_stop() doesn't have dc->condjump set. But for
DISAS_TOO_MANY we don't do that.
Fix the bug by making arm_post_translate_insn() handle the
DISAS_TOO_MANY case. This only affects the SB and ISB insns when
used in Thumb mode inside an IT block: only these insns specifically
set is_jmp to TOO_MANY, and their A32 encodings are unconditional.
For the major TOO_MANY case (breaking the TB because it would cross a
page boundary) we do that check and set is_jmp to TOO_MANY only after
the call to arm_post_translate_insn(); so arm_post_translate_insn()
sees is_jmp == DISAS_NEXT, and we emit the correct code for that
situation.
With this fix we generate the somewhat more sensible set of TCG ops:
brcond_i32 ZF,$0x0,ne,$L1
set_label $L1
add_i32 pc,pc,$0x4
goto_tb $0x1
exit_tb $0x7c5434001b81
(NB: the TCG optimizer doesn't optimize out the jump-to-next, but
we can't really avoid emitting it because we don't know at the
point we're emitting the handling for the condexec check whether
this insn is going to happen to be a nop for us or not.)
Cc: qemu-stable@nongnu.org Fixes: https://gitlab.com/qemu-project/qemu/-/issues/2942 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250501125544.727038-1-peter.maydell@linaro.org
(cherry picked from commit 8ed7c0b6488a7f20318d6ba414f1cbcd0ed92afe) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Tim Lee [Mon, 28 Apr 2025 02:29:34 +0000 (10:29 +0800)]
hw/arm/npcm8xx_boards: Correct valid_cpu_types setting of NPCM8XX SoC
NPCM8XX SoC is the successor of the NPCM7XX. It features quad-core
Cortex-A35 (Armv8, 64-bit) CPUs and some additional peripherals.
Correct the `valid_cpu_types` setting to match the NPCM8XX SoC.
Cc: qemu-stable@nongnu.org Fixes: 7e70eb3cad7c83 ("hw/arm: Add NPCM845 Evaluation board") Signed-off-by: Tim Lee <timlee660101@gmail.com>
Message-id: 20250428022934.3081139-1-timlee660101@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Tyrone Ting <kfting@nuvoton.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 97cdd1b0a7a010702a1d118b74c3af3bb2edb35c) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
macOS SDK may have the symbol of strchrnul(), but it is actually
available only on macOS 15.4 or later and that fact is codified in
string.h. Include the header file using osdep_prefix to check if the
function is available on the deployment target.
Cc: qemu-stable@nongnu.org Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250424-buildsys-v1-4-97655e3b25d7@daynix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit a5b30be534538dc6e44a68ce9734e45dd08f52ec) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
gnu_source_prefix defines _GNU_SOURCE for compiler object functions.
The definition is universally available in the code base.
docs/devel/style.rst also says that the "qemu/osdep.h" header is
always included, so files included in the file is also universally
available in the code base.
Rename gnu_source_prefix to osdep_prefix, and add #include directives
that are referred by the users of gnu_source_prefix and contained in
qemu/osdep.h to safely de-duplicate #include directives.
Cc: qemu-stable@nongnu.org Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250424-buildsys-v1-3-97655e3b25d7@daynix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 797150d69d2edba8b1bd4a7d8c7ba2df1219c503) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The use of gnu_source_prefix in the detection of getcpu() was
ineffective because the header file that declares getcpu() when
_GNU_SOURCE is defined was not included. Pass sched.h to
has_header_symbol() so that the existence of the declaration will be
properly checked.
Cc: qemu-stable@nongnu.org Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250424-buildsys-v1-1-97655e3b25d7@daynix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 563cd698dffb977eea0ccfef3b95f6f9786766f3) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Mon, 17 Mar 2025 14:28:11 +0000 (14:28 +0000)]
hw/core/cpu: gdb_arch_name string should not be freed
The documentation for the CPUClass::gdb_arch_name method claims that
the returned string should be freed with g_free(). This is not
correct: in commit a650683871ba728 we changed this method to
instead return a simple constant string, but forgot to update
the documentation.
Make the documentation match the new semantics.
Fixes: a650683871ba728 ("hw/core/cpu: Return static value with gdb_arch_name()") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250317142819.900029-2-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 56a9f0d4c4a483ce217e5290db69cb1788586787) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
hw/core: Get default_cpu_type calling machine_class_default_cpu_type()
Since commit 62b4a227a33 the default cpu type can come from the
valid_cpu_types[] array. Call the machine_class_default_cpu_type()
instead of accessing MachineClass::default_cpu_type field.
Cc: qemu-stable@nongnu.org Fixes: 62b4a227a33 ("hw/core: Add machine_class_default_cpu_type()") Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250422084114.39499-1-philmd@linaro.org>
(cherry picked from commit d5f241834be1b323ea697a469ff0f1335a1823fe) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The comment about not being able to define a field with
zero bits is out of date since 94597b6146f3
("decodetree: Allow !function with no input bits").
This fixes the missing load of imm in the disassembler.
Cc: qemu-stable@nongnu.org Fixes: 9d8caa67a24 ("target/avr: Add support for disassembling via option '-d in_asm'") Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 6b661b7ed7cd02c54a78426d5eb7dd8543b030ed) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Paolo Bonzini [Thu, 3 Apr 2025 19:39:54 +0000 (21:39 +0200)]
target/i386/hvf: fix lflags_to_rflags
Clear the flags before adding in the ones computed from lflags.
Cc: Wei Liu <liuwe@linux.microsoft.com> Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 94a159f3dc737d00749cc930adaec112abe07b3c) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
target/i386: Reset parked vCPUs together with the online ones
Commit 3f2a05b31ee9 ("target/i386: Reset TSCs of parked vCPUs too on VM
reset") introduced a way to reset TSCs of parked vCPUs during VM reset to
prevent them getting desynchronized with the online vCPUs and therefore
causing the KVM PV clock to lose PVCLOCK_TSC_STABLE_BIT.
The way this was done was by registering a parked vCPU-specific QEMU reset
callback via qemu_register_reset().
However, it turns out that on particularly device-rich VMs QEMU reset
callbacks can take a long time to execute (which isn't surprising,
considering that they involve resetting all of VM devices).
In particular, their total runtime can exceed the 1-second TSC
synchronization window introduced in KVM commit 5d3cb0f6a8e3 ("KVM:
Improve TSC offset matching").
Since the TSCs of online vCPUs are only reset from "synchronize_post_reset"
AccelOps handler (which runs after all qemu_register_reset() handlers) this
essentially makes that fix ineffective on these VMs.
The easiest way to guarantee that these parked vCPUs are reset at the same
time as the online ones (regardless how long it takes for VM devices to
reset) is to piggyback on post-reset vCPU synchronization handler for one
of online vCPUs - as there is no generic post-reset AccelOps handler that
isn't per-vCPU.
The first online vCPU was selected for that since it is easily available
under "first_cpu" define.
This does not create an ordering issue since the order of vCPU TSC resets
does not matter.
Ewan Hai [Mon, 14 Apr 2025 07:53:42 +0000 (03:53 -0400)]
target/i386: Fix model number of Zhaoxin YongFeng vCPU template
The model number was mistakenly set to 0x0b (11) in commit ff04bc1ac4.
The correct value is 0x5b. This mistake occurred because the extended
model bits in cpuid[eax=0x1].eax were overlooked, and only the base
model was used.
Using the wrong model number can affect guest behavior. One known issue
is that vPMU (which relies on the model number) may fail to operate
correctly.
This patch corrects the model field by introducing a new vCPU version.
The goal was to remove the need to patch the (const) input buffer
with a recomputed UDP checksum by copying headers to a RW region and
inject the checksum there. The patch computed the checksum only from the
header fields (missing the rest of the payload) producing an invalid one
and making guests fail to acquire a DHCP lease.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2727 Cc: qemu-stable@nongnu.org Signed-off-by: Antoine Damhet <adamhet@scaleway.com> Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-ID: <20250408145345.142947-1-adamhet@scaleway.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
system/main: transfer replay mutex ownership from main thread to main loop thread
On MacOS, UI event loop has to be ran in the main thread of a process.
Because of that restriction, on this platform, qemu main event loop is
ran on another thread [1].
This breaks record/replay feature, which expects thread running qemu_init
to initialize hold this lock, breaking associated functional tests on
MacOS.
Thus, as a generalization, and similar to how BQL is handled, we release
it after init, and reacquire the lock before entering main event loop,
avoiding a special case if a separate thread is used.
Stefan Hajnoczi [Mon, 14 Apr 2025 15:02:34 +0000 (11:02 -0400)]
Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging
trivial patches for 2025-04-14
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmf81fEACgkQgqpKJDse
# lHihiBAAlf/FCOGs4qCJuwuoeebI9WC22C+80hQPNMiXLvV7wQWJMqdf6UvPOUt/
# LUdndWrPb2hKKVzcv6mMEKl0wEAxOdxB1FiZZltKwIJiES1OXJcKjNSK84PTN/CN
# WDC/mVjv5v10X7x3xUHTqB1qr6MpWuSQLnfob5u40MVa43wZj6fJPeSYzHsWNgrx
# 47xLlqFyGVv7mMtIxpYsrKoFypNaTTHggSydZnUkOQBIsXvxE9mEagIdNhjGQVNh
# gx76DWxYnjM932yIizKCQJhe2umetlHUR9dUEqWkI8xRA0pQVTE/p5c+rkIxCzeu
# uAadKOOGdRaHKjinyMQMoFTjC6CH8f1znWVwYJvsh2XLyJXb7PAo6jq3piUWLQpv
# OTXSQ2N/1FJeYEkliyjJibabviJpmdY3mzr/Bw0jJh3KYGm1Ub/lGjjaVes5PwHz
# xa5jnm2Dk9sdpWP2VCyxhlffs5iSOQblPBit4UeTyytg1SZohcWNevcz+AdrCUEE
# nYvxQoAl0euq6oAXDV1qsVl7HwgEm9FCiMJY8G94G890wGx9gPIZ+Ofp+9GHbve0
# sxY027EjvosX9Om2IRexmLpwnHRCUYw+09fD8iqs7ie/oN5ryTgYG5oZMAjAZC46
# Rd+dcuxxmT9uc5XZoZaGzloNmCDI7RjMAMAaSlwUMXHB0XA0wc8=
# =VgUD
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 14 Apr 2025 05:31:29 EDT
# gpg: using RSA key 64AA2AB531D56903366BFEF982AA4A243B1E9478
# gpg: Good signature from "Michael Tokarev <mjt@debian.org>" [unknown]
# gpg: aka "Michael Tokarev <mjt@corpit.ru>" [unknown]
# gpg: aka "Michael Tokarev <mjt@tls.msk.ru>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E
# Subkey fingerprint: 64AA 2AB5 31D5 6903 366B FEF9 82AA 4A24 3B1E 9478
* tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu:
docs: Document removal of 64-bit on 32-bit emulation
Fix objdump output parser in "nsis.py"
docs: Fix some typos (found by codespell and typos)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 14 Apr 2025 15:02:09 +0000 (11:02 -0400)]
Merge tag 'pull-10.0-final-fixes-090425-1' of https://gitlab.com/stsquad/qemu into staging
Final fixes for 10.0
- properly exit aarch64-softmmu tcg tests on unexpected exceptions
- fix deadlock when uninstalling a plugin
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmf2P+0ACgkQ+9DbCVqe
# KkTHdAf/b4CGLNJBS7UV/eYxhgxJ2TM4KgfXm4FvrcS4V5rpNheMuLoQzgYDY+EC
# 5ioANRcY+rOK2Yd+upO4SbaUyAvf7C5kAtMgs6AYiqbm5F8b47FS/q8f9mBBJ+qB
# tl2FU6hjVjymMRoaPqqpPkkkHy9YNHe48TP4ohGfD6336JA5MW6v8nhdK+d3fsan
# AUCSWAe8gxjmM6qnrhku6vvJ5EOiqpsb8zhsWVXdZesSG+1ATm6KCo6hDd0OkMrk
# si6ML5txU1rxx5VOkGlDUo7ZV2TE/zdgMyaP/kXGtKuj+ipLMzqNjlD50xPJu05b
# o4hTbt8erzxduVHrBKT5qhKQl8BEpw==
# =LN/t
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 09 Apr 2025 05:37:49 EDT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-10.0-final-fixes-090425-1' of https://gitlab.com/stsquad/qemu:
tests/tcg/plugins: add plugin to test reset and uninstall
plugins/loader: fix deadlock when resetting/uninstalling a plugin
tests/tcg: fix semihosting SYS_EXIT for aarch64 in boot.S
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
docs: Document removal of 64-bit on 32-bit emulation
With acce728cbc6c we disallowed configuring 64-bit guests on
32-bit hosts, but forgot to document that in removed-features.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
In msys2 distribution objdump from gcc is using single tab character
prefix, but objdump from clang is using 4 white space characters instead.
The script will not identify any dll dependencies for a QEMU build
generated with clang. This in turn will fail the build, because there
will be no files inside dlldir and no setup file will be created.
Instead of checking for whitespace in prefix use lstrip to accommodate
for differences in outputs.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Alex Bennée [Fri, 4 Apr 2025 11:51:12 +0000 (12:51 +0100)]
tests/tcg: fix semihosting SYS_EXIT for aarch64 in boot.S
We don't expect to hit exceptions in our testing so currently all the
vectors report an un-expected exception and then attempt to exit.
However for aarch64 we should always use the extended information
block as we do in _exit. Rather than duplicate the code on the error
handler just branch to the _exit handler with a failing status code.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250404115641.258048-1-alex.bennee@linaro.org>
* tag 'hw-misc-20250408' of https://github.com/philmd/qemu:
scripts/checkpatch: Fix typo in SPDX-License-Identifier keyword
hw/nvme: fix attachment of private namespaces
hw/arm/imx8mp-evk: Temporarily remove unimplemented imx8mp-fspi node from devicetree
hw/arm/imx8mp-evk: Remove unimplemented cpu-idle-states properties from devicetree
hw/ufs: Fix incorrect comment for segment_size and allocation_unit_size
docs/arm: Add apple HVF host for supported guest CPU type
hw/core/machine: Fix -machine dumpdtb=file.dtb
smbios: Fix buffer overrun when using path= option
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Zhao Liu [Tue, 8 Apr 2025 16:27:02 +0000 (00:27 +0800)]
scripts/checkpatch: Fix typo in SPDX-License-Identifier keyword
Fix the typo in the error message to help `grep` the example:
ERROR: New file '***' requires 'SPDX-License-Identifer'
Fixes: fa4d79c64dae ("scripts: mandate that new files have SPDX-License-Identifier") Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250408162702.2350565-1-zhao1.liu@intel.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Keoseong Park [Thu, 3 Apr 2025 09:21:40 +0000 (18:21 +0900)]
hw/ufs: Fix incorrect comment for segment_size and allocation_unit_size
The comments for segment_size and allocation_unit_size incorrectly
described them as 4KB. According to the UFS specification,
segment_size is expressed in units of 512 bytes.
Given segment_size = 0x2000 (8192), the actual size is 4MB.
Similarly, allocation_unit_size = 1 means 1 segment = 4MB.
This patch updates the comments to reflect the correct size.
Signed-off-by: Keoseong Park <keosung.park@samsung.com> Reviewed-by: Jeuk Kim <jeuk20.kim@samsung.com>
Message-ID: <20250403092140epcms2p355a7f039871b3e5b409754ef450b9158@epcms2p3> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Joel Stanley [Tue, 1 Apr 2025 04:15:08 +0000 (14:45 +1030)]
hw/core/machine: Fix -machine dumpdtb=file.dtb
In commit 8fd2518ef2f8 ("hw: Centralize handling of -machine dumpdtb
option") the call to dump was moved with respect to the init of the
machine. This resulted in the device tree missing parts of the machine
description, depending on how they construct their device tree.
The arm virt machine is missing some PSCI nodes, while the riscv one
is missing most of its content.
Move the dump to after the notifiers have been run, allowing
virt_machine_done to be called and the device tree to be fully
populated.
Fixes: 8fd2518ef2f8 ("hw: Centralize handling of -machine dumpdtb option") Signed-off-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250401041509.719153-1-joel@jms.id.au> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Daan De Meyer [Sun, 23 Mar 2025 21:35:54 +0000 (22:35 +0100)]
smbios: Fix buffer overrun when using path= option
We have to make sure the array of bytes read from the path= file
is null-terminated, otherwise we run into a buffer overrun later on.
Fixes: bb99f4772f54017490e3356ecbb3df25c5d4537f ("hw/smbios: support loading OEM strings values from a file")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2879
Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Tested-by: Valentin David <valentin.david@canonical.com>
Message-ID: <20250323213622.2581013-1-daan.j.demeyer@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Stefan Hajnoczi [Tue, 8 Apr 2025 13:59:33 +0000 (09:59 -0400)]
Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging
Block layer patches
- scsi-disk: Apply error policy for host_status errors again
- qcow2: Fix qemu-img info crash with missing crypto header
- qemu-img bench: Fix division by zero for zero-sized images
- test-bdrv-drain: Fix data races
* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
test-bdrv-drain: Fix data races
scsi-disk: Apply error policy for host_status errors again
qcow2: Don't crash qemu-img info with missing crypto header
qemu-img: fix division by zero in bench_cb() for zero-sized images
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'pull-qapi-2025-04-08' of https://repo.or.cz/qemu/armbru:
qga/qapi-schema: Add a proper introduction
storage-daemon/qapi/qapi-schema: Add a proper introduction
qapi/qapi-schema: Address the introduction's bit rot
qapi/qapi-schema: Update introduction for example notation
docs/sphinx/qmp_lexer: Highlight elisions like comments, not prompts
docs/sphinx/qmp_lexer: Generalize elision syntax
docs/devel/qapi-code-gen: Improve the part on qmp-example directive
docs/interop: Sanitize QMP reference manuals TOC
docs/interop: Delete "QEMU Guest Agent Protocol Reference" TOC
qapi/rocker: Tidy up query-rocker-of-dpa-flows example
docs/devel/qapi-code-gen: Tidy up whitespace
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 8 Apr 2025 13:12:27 +0000 (09:12 -0400)]
Merge tag 'pull-loongarch-20250408' of https://github.com/gaosong715/qemu into staging
loongarch bug fix for 10.0
# -----BEGIN PGP SIGNATURE-----
#
# iLMEAAEKAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCZ/THrQAKCRBAov/yOSY+
# 37asA/0YLOX9BvqG5Qk2cDYJD7ZCTuVsd7bJ0VHGbbf4vuuvmD8ubGeJf1F8cse0
# mufip5/DHlzV3gB+G/vavkG/i45mMDlkyFgvuYaEHZiYH/+3S1Np0/iyl3RFpGNz
# Srua0Flo4PppYRbQ2NG0puvpuhNziTQTMneTm2YiMMBxl4p2OA==
# =BwNB
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 08 Apr 2025 02:52:29 EDT
# gpg: using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF
# gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF
* tag 'pull-loongarch-20250408' of https://github.com/gaosong715/qemu:
hw/loongarch/virt: Replace destination error with error_abort
hw/loongarch/virt: Fix cpuslot::cpu set at last in virt_cpu_plug()
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch addresses potential data races involving access to Job fields
in the test-bdrv-drain test.
Fixes: 7253220de4 ("test-bdrv-drain: Test drain vs. block jobs")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2900 Signed-off-by: Vitalii Mordan <mordan@ispras.ru>
Message-ID: <20250402102119.3345626-1-mordan@ispras.ru>
[kwolf: Fixed up coding style and one missing atomic access] Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Mon, 7 Apr 2025 15:59:49 +0000 (17:59 +0200)]
scsi-disk: Apply error policy for host_status errors again
Originally, all failed SG_IO requests called scsi_handle_rw_error() to
apply the configured error policy. However, commit f3126d65, which was
supposed to be a mere refactoring for scsi-disk.c, broke this and
accidentally completed the SCSI request without considering the error
policy any more if the error was signalled in the host_status field.
Apart from the commit message not describing the change as intended,
errors indicated in host_status are also obviously backend errors and
not something the guest must deal with independently of the error
policy.
This behaviour means that some recoverable errors (such as a path error
in multipath configurations) were reported to the guest anyway, which
might not expect it and might consider its disk broken.
Make sure that we apply the error policy again for host_status errors,
too. This addresses an existing FIXME comment and allows us to remove
some comments warning that callbacks weren't always called. With this
fix, they are called in all cases again.
The return value passed to the request callback doesn't have more free
values that could be used to indicate host_status errors as well as SAM
status codes and negative errno. Store the value in the host_status
field of the SCSIRequest instead and use -ENODEV as the return value (if
a path hasn't been reachable for a while, blk_aio_ioctl() will return
-ENODEV instead of just setting host_status, so just reuse it here -
it's not necessarily entirely accurate, but it's as good as any errno).
Cc: qemu-stable@nongnu.org Fixes: f3126d65b393 ('scsi: move host_status handling into SCSI drivers') Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20250407155949.44736-1-kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Hanna Czenczek <hreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Nicholas Piggin [Thu, 24 Oct 2024 15:18:12 +0000 (01:18 +1000)]
target/ppc: Fix SPRC/SPRD SPRs for P9/10
Commit 60d30cff847 ("target/ppc: Move SPR indirect registers into
PnvCore") was mismerged and moved the SPRs to power8-only, instead
of power9/10-only.
Fixes: 60d30cff847 ("target/ppc: Move SPR indirect registers into PnvCore") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Cc: qemu-stable@nongnu.org Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Nicholas Piggin [Thu, 5 Sep 2024 22:13:51 +0000 (08:13 +1000)]
target/ppc: Big-core scratch register fix
The per-core SCRATCH0-7 registers are shared between big cores, which
was missed in the big-core implementation. It is difficult to model
well with the big-core == 2xPnvCore scheme we moved to, this fix
uses the even PnvCore to store the scrach data.
Also remove a stray log message that came in with the same patch that
introduced patch.
Fixes: c26504afd5f5c ("ppc/pnv: Add a big-core mode that joins two regular cores") Cc: qemu-stable@nongnu.org Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Kevin Wolf [Tue, 18 Mar 2025 20:11:43 +0000 (21:11 +0100)]
qcow2: Don't crash qemu-img info with missing crypto header
qcow2_refresh_limits() assumes that s->crypto is non-NULL whenever
bs->encrypted is true. This is actually not the case: qcow2_do_open()
allows to open an image with a missing crypto header for BDRV_O_NO_IO,
and then bs->encrypted is true, but s->crypto is still NULL.
It doesn't make sense to open an invalid image, so remove the exception
for BDRV_O_NO_IO. This catches the problem early and any code that makes
the same assumption is safe now.
At the same time, in the name of defensive programming, we shouldn't
make the assumption in the first place. Let qcow2_refresh_limits() check
s->crypto rather than bs->encrypted. If s->crypto is NULL, it also can't
make any requirement on request alignment.
Finally, start a qcow2-encryption test case that only serves as a
regression test for this crash for now.
Reported-by: Leonid Reviakin <L.reviakin@fobos-nt.ru> Reported-by: Denis Rastyogin <gerben@altlinux.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20250318201143.70657-1-kwolf@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Denis Rastyogin [Tue, 18 Mar 2025 10:19:00 +0000 (13:19 +0300)]
qemu-img: fix division by zero in bench_cb() for zero-sized images
This error was discovered by fuzzing qemu-img.
This commit fixes a division by zero error in the bench_cb() function
that occurs when using the bench command with a zero-sized image.
The issue arises because b->image_size can be zero, leading to a
division by zero in the modulo operation (b->offset %= b->image_size).
This patch adds a check for b->image_size == 0 and resets b->offset
to 0 in such cases, preventing the error.
Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
Message-ID: <20250318101933.255617-1-gerben@altlinux.org> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-12-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
storage-daemon/qapi/qapi-schema: Add a proper introduction
Contents adapted from qapi/qapi-schema.json.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-11-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
qapi/qapi-schema: Address the introduction's bit rot
Cut the crap that stopped making sense years ago. Adjust the
remainder.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-10-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
qapi/qapi-schema: Update introduction for example notation
The introduction explains example notation. The series merged in
merge commit e6485190f77e (in 9.1) improved how they look in generated
docs, but neglected to update the introduction accordingly. Do that
now.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-9-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
docs/sphinx/qmp_lexer: Highlight elisions like comments, not prompts
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-8-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Accept "... lorem ipsum ..." in addition to "...".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-7-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
docs/devel/qapi-code-gen: Improve the part on qmp-example directive
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-6-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
The "QEMU QMP Reference Manual" and the "QEMU Storage Daemon QMP
Reference Manual" start with a table of contents that looks like this:
Contents
* Title of the manual
* Title of first first-level section
* Title of its first second-level section
* Title of its second second-level section
...
* Title of second first-level section
...
The first level is useless. Drop it.
While there, delete the option that limits the TOC to depth 3. Its
actual depth was 3 before the patch, and is now 2.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-5-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
The "QEMU Guest Agent Protocol Reference" starts with the following
table of contents:
Contents
* QEMU Guest Agent Protocol Reference
* QEMU guest agent protocol commands and structs
This is useless. Delete the entire TOC.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-4-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
qapi/rocker: Tidy up query-rocker-of-dpa-flows example
The command can return any number of RockerOfDpaFlow objects. The
example shows it returning exactly two, with the second object's
members elided. Tweak it so it elides elements after the first
instead.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-3-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
[Commit message typo fixed]
Consistently use two spaces to separate sentences.
Put "::" on a line of its own when it's preceded by whitespace.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-2-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Bibo Mao [Mon, 24 Mar 2025 03:01:45 +0000 (11:01 +0800)]
hw/loongarch/virt: Replace destination error with error_abort
In function virt_cpu_plug() and virt_cpu_unplug(), the error is
impossile. Destination error is not propagated and replaced with
error_abort. With this, the logic is simple.
Signed-off-by: Bibo Mao <maobibo@loongson.cn> Acked-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20250324030145.3037408-3-maobibo@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
Bibo Mao [Mon, 24 Mar 2025 03:01:44 +0000 (11:01 +0800)]
hw/loongarch/virt: Fix cpuslot::cpu set at last in virt_cpu_plug()
In function virt_cpu_plug(), Object cpuslot::cpu is set at last
only when there is no any error, otherwise it is problematic that
cpuslot::cpu is set in advance however it returns because of error.
Fixes: ab9935d2991e (hw/loongarch/virt: Implement cpu plug interface) Signed-off-by: Bibo Mao <maobibo@loongson.cn> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20250324030145.3037408-2-maobibo@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
Commit 5b4beba124 ("RISC-V Spike Machines") added the Spike machine and
made it default for qemu-system-riscv32/64. It was the first RISC-V
machine added in QEMU so setting it as default was sensible.
Today we have 7 riscv64 and 6 riscv32 machines and having 'spike' as
default machine is not intuitive. For example, [1] is a bug that was
opened with the 'virt' board in mind, but given that the user didn't
pass a '-machine' option, the user was using 'spike' without knowing.
Being explicit in the command line is desirable when we have a handful
of boards available, so deprecate the default machine setting from
RISC-V.
Suggested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250404122858.241598-1-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Stefan Hajnoczi [Fri, 4 Apr 2025 14:23:17 +0000 (10:23 -0400)]
Merge tag 'pull-tcg-20250403' of https://gitlab.com/rth7680/qemu into staging
tcg: Allocate TEMP_VAL_MEM frame in temp_load()
tests/functional: Skip aarch64_replay test on macOS
hw/arm: Do not build VMapple machine by default
tests/functional/test_aarch64_rme_virt: fix sporadic failure
* tag 'pull-tcg-20250403' of https://gitlab.com/rth7680/qemu:
hw/arm: Do not build VMapple machine by default
tests/qtest: Skip Aarch64 VMapple machine
tests/functional: Skip aarch64_replay test on macOS
tests/functional: Add a decorator for skipping tests on particular OS
tests/functional/test_aarch64_rme_virt: fix sporadic failure
tcg: Allocate TEMP_VAL_MEM frame in temp_load()
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
hw/i386/amd_iommu: Assign pci-id 0x1419 for the AMD IOMMU device
virtio-net: Fix num_buffers for version 1
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This is tracked as https://gitlab.com/qemu-project/qemu/-/issues/2913
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250403203241.46692-6-philmd@linaro.org>
First, the VMapple machine only works with the ARM 'host' CPU
type, which isn't accepted for QTest:
$ qemu-system-aarch64 -M vmapple -accel qtest
qemu-system-aarch64: The 'host' CPU type can only be used with KVM or HVF
Second, the QTest framework expects machines to be createable
without specifying optional arguments, however the VMapple
machine requires few of them:
$ qemu-system-aarch64 -M vmapple -accel qtest
qemu-system-aarch64: No firmware specified
$ qemu-system-aarch64 -M vmapple -accel qtest -bios /dev/null
qemu-system-aarch64: No AUX device. Please specify one as pflash drive.
Restrict this machine with QTest so we can at least run check-qtest,
otherwise we get:
$ make check-qtest-aarch64
qemu-system-aarch64: The 'host' CPU type can only be used with KVM or HVF
Broken pipe
../tests/qtest/libqtest.c:199: kill_qemu() tried to terminate QEMU process but encountered exit status 1 (expected 0)
...
7/26 qemu:qtest+qtest-aarch64 / qtest-aarch64/test-hmp ERROR 24.71s killed by signal 6 SIGABRT
2/26 qemu:qtest+qtest-aarch64 / qtest-aarch64/qom-test ERROR 71.23s killed by signal 6 SIGABRT
Suggested-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250403203241.46692-5-philmd@linaro.org>
This is tracked as https://gitlab.com/qemu-project/qemu/-/issues/2907
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250403203241.46692-4-philmd@linaro.org>
tests/functional: Add a decorator for skipping tests on particular OS
Since tests might be failing on some operating systems,
introduce the skipIfOperatingSystem() decorator.
Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250403203241.46692-3-philmd@linaro.org>
This test was randomly failing on our CI, and on dev machines,
especially with QEMU debug builds.
>From the information collected, it's related to an implementation choice
in edk2 QEMU virt support. The workaround is to disable KASLR, to avoid
accessing protected memory.
Note: this is *not* needed for the similar test_aarch64_rme_sbsaref.
More information is available on the associated GitLab issue.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2823 Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250328183816.2687925-1-pierrick.bouvier@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250403203241.46692-2-philmd@linaro.org>
In the resolved issues, incomplete dead code elimination left a load
at the top of an unreachable loop. We simply need to allocate the
stack slot to avoid crashing.
Fixes: c896fe29d6c ("TCG code generator") Reported-by: Michael Tokarev <mjt@tls.msk.ru> Reported-by: Helge Konetzka <hk@zapateado.de>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2891
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2899 Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250401144332.41615-1-philmd@linaro.org>
162 fail [13:06:40] [13:06:40] 0.2s (last: 0.2s) output mismatch
--- tests/qemu-iotests/162.out
+++ tests/qemu-iotests/scratch/qcow2-file-162/162.out.bad
@@ -3,6 +3,7 @@
=== NBD ===
qemu-img: Could not open 'json:{"driver": "nbd", "host": -1}': address
resolution failed for -1:10809: Name or service not known
image: nbd://localhost:PORT
+./common.rc: line 371: kill: (891116) - No such process
image: nbd+unix://?socket=42
The nbd server should normally terminate automatically, so trying to
kill it here now seems to cause a race that will cause a test failure
when the server terminated before the kill command has been executed.
The "Stop NBD server" patch has originally been written to solve another
problem with a hanging nbd server, but since that problem has been properly
solved by commit 3e1683485656, we now don't need the "_stop_nbd_server" here
anymore.
Reviewed-by: Hanna Czenczek <hreitz@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250326143533.932899-1-thuth@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
hw/i386/amd_iommu: Assign pci-id 0x1419 for the AMD IOMMU device
Currently, the QEMU-emulated AMD IOMMU device use PCI vendor id 0x1022
(AMD) with device id zero (undefined). Eventhough this does not cause any
functional issue for AMD IOMMU driver since it normally uses information
in the ACPI IVRS table to probe and initialize the device per
recommendation in the AMD IOMMU specification, the device id zero causes
the Windows Device Manager utility to show the device as an unknown device.
Since Windows only recognizes AMD IOMMU device with device id 0x1419 as
listed in the machine.inf file, modify the QEMU AMD IOMMU model to use
the id 0x1419 to avoid the issue. This advertise the IOMMU as the AMD
IOMMU device for Family 15h (Models 10h-1fh).
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Message-Id: <20250325021140.5676-1-suravee.suthikulpanit@amd.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Akihiko Odaki [Wed, 8 Jan 2025 12:13:29 +0000 (21:13 +0900)]
virtio-net: Fix num_buffers for version 1
The specification says the device MUST set num_buffers to 1 if
VIRTIO_NET_F_MRG_RXBUF has not been negotiated.
Fixes: df91055db5c9 ("virtio-net: enable virtio 1.0") Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20250108-buffers-v1-1-a0c85ff31aeb@daynix.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Lei Yang <leiyang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* tag 'pull-aspeed-20250401' of https://github.com/legoater/qemu:
hw/misc/aspeed_scu: Correct minimum access size for AST2500 / AST2600
hw/misc/aspeed_scu: Set MemoryRegionOps::impl::access_size to 32-bit
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 1 Apr 2025 13:25:14 +0000 (09:25 -0400)]
Merge tag 'hw-misc-20250331' of https://github.com/philmd/qemu into staging
Misc HW patches
- Expose v7M System Control Space as little endian (Philippe)
- Deprecate MipsSim machine (Thomas)
- Improve some devices categories / descriptions (Philippe)
- Correct memory_rw_debug() prototype (Richard)
- Do not expose i.MX 8M SoC as user-creatable (Bernhard)
- Do not expose some PLL & eFuse devices as user-creatable (Philippe)
- Do not reset Goldfish RTC time on machine reset (Heinrich)
- Fix incorrect BCM2835 AUX interrupt ID when RX disabled (Chung-Yi)
- Fix DesignWare PCI host bridge ATU_UPPER_TARGET register access (Philippe)
- Memory leak fixes (Bernhard & Zheng Huang)
- Prevent out-of-bound access in avr_print_insn (Richard)
- Fixes around MIPS page mask (Richard)
* tag 'hw-misc-20250331' of https://github.com/philmd/qemu: (23 commits)
target/mips: Simplify and fix update_pagemask
target/mips: Require even maskbits in update_pagemask
target/mips: Revert TARGET_PAGE_BITS_VARY
target/sparc: Log unimplemented ASI load/store accesses
target/avr: Fix buffer read in avr_print_insn
target/hppa: Remove duplicated CPU_RESOLVING_TYPE definition
hw/pci-host/designware: Fix ATU_UPPER_TARGET register access
hw/ufs: free irq on exit
hw/char/bcm2835_aux: Fix incorrect interrupt ID when RX disabled
hw/sd/sdhci: free irq on exit
hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize()
hw/nvram/xlnx-efuse: Do not expose as user-creatable
hw/misc/pll: Do not expose as user-creatable
hw/rtc/goldfish: keep time offset when resetting
hw/mips: Mark the "mipssim" machine as deprecated
hw/dma/i82374: Categorize and add description
hw/display/dm163: Add description
hw/block/m25p80: Categorize and add description
hw/core/cpu: Use size_t for memory_rw_debug len argument
hw/arm/fsl-imx8mp: Remove unused define
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Joel Stanley [Mon, 31 Mar 2025 23:04:44 +0000 (01:04 +0200)]
hw/misc/aspeed_scu: Correct minimum access size for AST2500 / AST2600
Guest code was performing a byte load to the SCU MMIO region, leading
to the guest code crashing (it should be using proper accessors, but
that is not Qemu's bug). Hardware and the documentation[1] both agree
that byte loads are okay, so change all of the aspeed SCU devices to
accept a minimum access size of 1.
[1] See the 'ARM Address Space Mapping' table in the ASPEED docs. This
is section 6.1 in the ast2400 and ast2700, and 7.1 in the ast2500 and
ast2600 datasheets.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2636 Signed-off-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Troy Lee <leetroy@gmail.com>
Message-ID: <20241118021820.4928-1-joel@jms.id.au>
[PMD: Rebased, only including SCU changes] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au> Link: https://lore.kernel.org/qemu-devel/20250331230444.88295-3-philmd@linaro.org Signed-off-by: Cédric Le Goater <clg@redhat.com>
When update_pagemask was split from helper_mtc0_pagemask,
we failed to actually write to the new parameter but continue
to write to env->CP0_PageMask. Thus the use within
page_table_walk_refill modifies cpu state and not the local
variable as expected.
Simplify by renaming to compute_pagemask and returning the
value directly. No need for either env or pointer return.
Fixes: 074cfcb4dae ("target/mips: Implement hardware page table walker for MIPS32") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250328175526.368121-4-richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Cc: qemu-stable@nongnu.org
Revert ee3863b9d41 and a08d60bc6c2b. The logic behind changing
the system page size because of what the Loongson kernel "prefers"
is flawed.
In the Loongson-2E manual, section 5.5, it is clear that the cpu
supports a 4k page size (along with many others). Similarly for
the Loongson-3 series CPUs, the 4k page size is mentioned in the
section 7.7 (PageMask Register). Therefore we must continue to
support a 4k page size.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250328175526.368121-2-richard.henderson@linaro.org>
[PMD: Mention Loongson-3 series CPUs] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
The CPU_RESOLVING_TYPE definition was added in commit 0dacec874fa ("cpu: add CPU_RESOLVING_TYPE macro"), but
then added again in commit d3ae32d4d20. Remove the
duplication.
Fixes: d3ae32d4d20 ("target/hppa: Implement cpu_list") Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250321184200.4329-1-philmd@linaro.org>
Chung-Yi Chen [Fri, 28 Mar 2025 12:37:25 +0000 (20:37 +0800)]
hw/char/bcm2835_aux: Fix incorrect interrupt ID when RX disabled
Fix a misconfiguration issue in the read implementation of the
AUX_MU_IIR_REG register. This issue can lead to a transmit interrupt
being incorrectly interpreted as a receive interrupt when the receive
interrupt is disabled and the receive FIFO holds valid bytes.
The AUX_MU_IIR_REG register (interrupt ID bits [2:1]) indicates the
status of mini UART interrupts:
- 00: No interrupts
- 01: Transmit FIFO is empty
- 10: Receive FIFO is not empty
- 11: <Not possible>
When the transmit interrupt is enabled and the receive interrupt is
disabled, the original code incorrectly sets the interrupt ID bits.
Specifically:
1. Transmit FIFO empty, receive FIFO empty
- Expected 0b01, returned 0b01 (correct)
2. Transmit FIFO empty, receive FIFO not empty
- Expected 0b01, returned 0b10 (incorrect)
In the second case, the code sets the interrupt ID to 0b10 (receive FIFO
is not empty) even if the receive interrupt is disabled.
To fix this, the patch adds additional condition for setting the
interrupt ID bits to also check if the receive interrupt is enabled.
Reference: BCM2835 ARM Peripherals, page 13. Available on
https://datasheets.raspberrypi.com/bcm2835/bcm2835-peripherals.pdf
Fixes: 97398d900ca ("bcm2835_aux: add emulation of BCM2835 AUX (aka UART1) block") Signed-off-by: Chung-Yi Chen <yeechen0207@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250328123725.94176-1-yeechen0207@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Zheng Huang [Fri, 28 Mar 2025 09:49:35 +0000 (17:49 +0800)]
hw/sd/sdhci: free irq on exit
Fix a memory leak bug in sdhci_pci_realize() due to s->irq
not being freed in sdhci_pci_exit().
Signed-off-by: Zheng Huang <hz1624917200@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <09ddf42b-a6db-42d5-954b-148d09d8d6cc@gmail.com>
[PMD: Moved qemu_free_irq() call before sdhci_common_unrealize()] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Zheng Huang [Fri, 28 Mar 2025 03:21:49 +0000 (11:21 +0800)]
hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize()
Address a memory leak bug in the usages of timer_del().
The issue arises from the incorrect use of the ambiguous timer API
timer_del(), which does not free the timer object. The LeakSanitizer
report this issue during fuzzing. The correct API timer_free() freed
the timer object instead.
Direct leak of 48 byte(s) in 1 object(s) allocated from:
#0 0x55f2afd89879 in calloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:75:3
#1 0x7f443b93ac50 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5ec50)
#2 0x55f2b053962e in timer_new include/qemu/timer.h:542:12
#3 0x55f2b0514771 in timer_new_us include/qemu/timer.h:582:12
#4 0x55f2b0514288 in lsi_scsi_realize hw/scsi/lsi53c895a.c:2350:24
#5 0x55f2b0452d26 in pci_qdev_realize hw/pci/pci.c:2174:9
Signed-off-by: Zheng Huang <hz1624917200@outlook.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <73cd69f9-ff9b-4cd4-b8aa-265f9d6067b9@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
hw/nvram/xlnx-efuse: Do not expose as user-creatable
This device is part of SoC components thus can not
be created manually.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20250325224310.8785-10-philmd@linaro.org>
All these devices are part of SoC components and can not
be created manually.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20250325224310.8785-9-philmd@linaro.org>
projects / thirdparty / qemu.git / log
