OpenBSD 7.7 fixed the problem with the -fzero-call-used-regs on OpenBSD,
see https://github.com/openbsd/src/commit/03eca72d1e030b7a542cd6aec1 for
the fix there.
Suggested-by: Brad Smith <brad@comstyle.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250508144120.163009-6-thuth@redhat.com>
Thomas Huth [Thu, 8 May 2025 14:41:17 +0000 (16:41 +0200)]
hw/display/bcm2835_fb: Move inclusion of console.h to the .c file
The definitions from console.h are not needed in the bcm2835_fb.h
header file yet, so let's move it to the place that really needs
its definitions, i.e. into the bcm2835_fb.c file.
This way the header can also be used by code that is not compiled
with the CFLAGS that are required for pixman or OpenGL (in case
their headers do not reside under /usr/include).
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250508144120.163009-3-thuth@redhat.com>
Merge tag 'pull-tcg-20250905' of https://gitlab.com/rth7680/qemu into staging
tcg/arm: Fix tgen_deposit
tcg/i386: Use vgf2p8affineqb for MO_8 vector shifts
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmi6lgYdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9zUggAjXoSFDgMz3yr959F
# e6pSGkV+UIAYZ+fm9TAFQuKccUlEjX6Sq6sxV1my2ODnUnwFF1sV6rx8TG1VHFL/
# GxADQuwY3/6tsiZ24drU8oaocxISi91Km+5P7xwrAbdhSGVMJakzQqTPS178l1Fw
# pXRWN9Offz74gKKUxk6AiPyCUPZutUiM6Hwe5wZSwWIxSoEQWwnAoH8lTPrzAD/Z
# Bo0Cs/LHzmeantok7BRKTlQT4wpvCwRIunkD1V28zdFN63Ny6qTsbxtbRxmKvYC7
# UKli29d/KxFad1ccTNGo9DpFKBB9xHb7W4gBzSrJm9D1bWKcL4wLTmp29Z9aWWpW
# TnsyaQ==
# =8WbV
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 05 Sep 2025 09:49:26 AM CEST
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-tcg-20250905' of https://gitlab.com/rth7680/qemu:
tcg/i386: Use vgf2p8affineqb for MO_8 vector shifts
tcg/i386: Add INDEX_op_x86_vgf2p8affineqb_vec
tcg/i386: Use canonical operand ordering in expand_vec_sari
tcg/i386: Expand sari of bits-1 as pcmpgt
cpuinfo/i386: Detect GFNI as an AVX extension
tcg/arm: Fix tgen_deposit
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
When converting from tcg_out_deposit, the arguments were not
shuffled properly.
Cc: qemu-stable@nongnu.org Fixes: cf4905c03135f1181e8 ("tcg: Convert deposit to TCGOutOpDeposit") Reported-by: Michael Tokarev <mjt@tls.msk.ru> Tested-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging
trivial patches for 2025-09-03
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmi39UwACgkQgqpKJDse
# lHjfmRAAuDVM9SwcLIPhZCIbI9R6+T1LEpBidsEQ1O3n0Eatz4zkHPxPdzkwilve
# hbUjsiNjvpiWm4D0SY2njnwYr7ZLzvQK+hQnVRl0ViyI5+qJZMBhrqYZqmh7Usnx
# zYsRMzCacgZDxNzD3+tcKH7mk/60WsmnCFwnb+46cp8YewMRInSRhvjT8hpAINWl
# BBQkiXH8ZYpyWmo5LD2CM/PmHblhr1Mo623EAOgPjsTpwOTaA+JxT2j+Xol5nu3D
# CCyx4zaLdH6CmJKjcVHPG672g7NQZSJYzo7+GGNziEmDLH0lCze9mi4iPoyH5Osu
# Oiv4Zv7+9HoHVp+VVRPKfLrdYWDVfQtI/LC5cKEdNIvUtTOzVwBt4+x4hgQqNHAV
# He1Ye4msuWo1whlGboJFrlY1bX+6Rg/ZP2CiGjbDKOOUlCySsQQ7cVE8plzErll1
# tpEI3p6kxWXSSsqANrpdkgfKi7AA+w3w+PHTeuXiXbzk2dRFjQ16/OX6WE+FBRCJ
# zzDYRSq4T0hEbqR5TUW5ps4f20Im0rDwMtJWoKWJkgURXWgjttOsH3Px2zUbb2f4
# QlwQF5mIv+rXhM7GrwJAcGeC7JnC5qn8wY0T/Quc1TNgVs28Td1dQL7tlA65rAqG
# VAuj7iAoqKnMlqD1J1n46xqoU+w/UAlTKUIjRloMl5mFD/VacEs=
# =sVU5
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 03 Sep 2025 09:59:08 AM CEST
# gpg: using RSA key 64AA2AB531D56903366BFEF982AA4A243B1E9478
# gpg: Good signature from "Michael Tokarev <mjt@debian.org>" [unknown]
# gpg: aka "Michael Tokarev <mjt@corpit.ru>" [unknown]
# gpg: aka "Michael Tokarev <mjt@tls.msk.ru>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E
# Subkey fingerprint: 64AA 2AB5 31D5 6903 366B FEF9 82AA 4A24 3B1E 9478
* tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu:
docs: fix typo in xive doc
scripts/coverity-scan/COMPONENTS.md: Add a 'plugins' category
block/curl: drop old/unuspported curl version checks
block/curl: fix curl internal handles handling
chardev/baum: Fix compiler warning for Windows builds
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
scripts/coverity-scan/COMPONENTS.md: Add a 'plugins' category
Cover the TCG plugins files under their own Coverity category.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Michael Tokarev [Sun, 24 Aug 2025 00:05:32 +0000 (03:05 +0300)]
block/curl: fix curl internal handles handling
block/curl.c uses CURLMOPT_SOCKETFUNCTION to register a socket callback.
According to the documentation, this callback is called not just with
application-created sockets but also with internal curl sockets, - and
for such sockets, user data pointer is not set by the application, so
the result qemu crashing.
Pass BDRVCURLState directly to the callback function as user pointer,
instead of relying on CURLINFO_PRIVATE.
This problem started happening with update of libcurl from 8.9 to 8.10 --
apparently with this change curl started using private handles more.
(CURLINFO_PRIVATE is used in one more place, in curl_multi_check_completion() -
it might need a similar fix too)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3081 Cc: qemu-stable@qemu.org Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Stefan Weil via [Sat, 9 Aug 2025 06:13:02 +0000 (08:13 +0200)]
chardev/baum: Fix compiler warning for Windows builds
Compiler warning:
../chardev/baum.c:657:25: warning: comparison between pointer and integer
Use brlapi_fileDescriptor instead of int for brlapi_fd and
BRLAPI_INVALID_FILE_DESCRIPTOR instead of -1.
Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Merge tag 'hw-misc-20250902' of https://github.com/philmd/qemu into staging
Misc HW patches
- Compile various system files once
- Remove SDCard spec v1.10
- Remove mipssim machine and mipsnet device model
- Prevent crash in e1000e when legacy interrupt fires after enabling MSI-X
- Introduce qemu_init_irq_child()
- Remove various memory leaks reported by ASan
- Few Coverity fixes
- Use 74Kf CPU to run MIPS16e binaries and M14Kc for microMIPS ones
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmi3FDYACgkQ4+MsLN6t
# wN7fwA//WqegI1RTs65uHGV2M0vcYtGYTrucLyJtE9lJubb3wVjzdZpNcVVwKFRi
# lXNjnOfmA7lIsC2CMRaiFO/hIk40yN2BLoEupSrLXjiygtiwlhG8OX0mU/6o06/k
# Q41rEAu0wLVdJDpyUZWnVi1WvjMzaal3RvENRMr5CsrFw/Yk6Z7HKBDMEMuJjOWL
# qBTAf8o8pnfliiyeS+OE4r5iIFUHzCtGlQtJH1GZ+zFgR2LNe6UUbofmUnzIFU0j
# KuepdXemmd29nEz7wk8a7sjbJmoN9vLdJtsM+zcwNOsxmFC9+1ap/8BAGzRmhrWp
# l5zJmL2YbvdHExKLC3qlnhGsKutK+9K4VAB6jLZu0MHfUQBYCGgFgYFcLdlGlRzg
# OGgCvx5M7vZekTEHQu3zT29iUOAKAkD7dYlGIPqSUGuPGDZgPOqIMMc1HJAblXB1
# xNATGo2T2D3M01/ugwPAMF2IhLmKa9oAQDKnsW+bG6WJ4rjhqQpbmvxn51JB8q/x
# a7xuUJa8BqX24NMo5d6JqPZPQhor0P0J0ws6oKutLf381FQ9JAnVEVmbQqPSijHY
# BW3by77G2e97hfK0MwqUi43yuRHmNsh3flCdgCt7Zx6lsqmnMJuuhuOL4jQx6JRR
# hPWDFiR+mns12AL3J56A0Y92enoLTawMzrA5M/06my9HLjXuu5M=
# =WRLz
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 02 Sep 2025 05:58:46 PM CEST
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'hw-misc-20250902' of https://github.com/philmd/qemu: (38 commits)
hw/i386/pc_piix.c: remove unnecessary if() from pc_init1()
hw/arm/boot: Correctly free the MemoryDeviceInfoList
docs/about/removed-features: Clarify 'device_add' is removed
hw/mips/malta: Include 'system/system.h'
hw/mips/loongson3_virt: Include 'system/system.h'
hw/isa/superio: Include 'system/system.h'
hw/arm/virt: Include 'system/system.h'
crypto/hmac: Allow to build hmac over multiple qcrypto_gnutls_hmac_bytes[v] calls
hw/sd/sdcard: Refactor sd_bootpart_offset
hw/sd/sdcard: Add validation for boot-partition-size
hw/net: Remove mipsnet device model
hw/mips: Remove mipssim machine
hw/display/xlnx_dp: Don't leak dpcd and edid objects
hw/misc/xlnx-versal-cframe-reg: Free FIFO, g_tree on deinit
hw/char/max78000_uart: Destroy FIFO on deinit
hw/gpio/pca9554: Avoid leak in pca9554_set_pin()
hw/ide/ich.c: Use qemu_init_irq_child() to avoid memory leak
hw/char/serial-pci-multi: Use qemu_init_irq_child() to avoid leak
hw/irq: New qemu_init_irq_child() function
hw/ppc: Fix build error with CONFIG_POWERNV disabled
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
hw/i386/pc_piix.c: remove unnecessary if() from pc_init1()
Now that the isapc logic has been split out of pc_piix.c, the PCI Host Bridge
(phb) object is now always set in pc_init1().
Since phb is now guaranteed not to be NULL, Coverity reports that the if()
statement surrounding ioapic_init_gsi() is now unnecessary and can be removed
along with the phb NULL initialiser.
Coverity: CID 1620557 Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com> Fixes: 99d0630a45 ("hw/i386/pc_piix.c: assume pcmc->pci_enabled is always true in pc_init1()") Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250901203409.1196620-1-mark.caveayland@nutanix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Mon, 1 Sep 2025 10:22:14 +0000 (11:22 +0100)]
hw/arm/boot: Correctly free the MemoryDeviceInfoList
When running the bios-tables-test under ASAN we see leaks like this:
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x5bc58579b00d in calloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-aarch64+0x250400d) (BuildId: 2e27b63dc9ac45f522ced40a17c2a60cc32f1d38)
#1 0x7b4ad90337b1 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x637b1) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#2 0x5bc5861826db in qmp_memory_device_list /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/mem/memory-device.c:307:34
#3 0x5bc587a9edb6 in arm_load_dtb /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/arm/boot.c:656:15
Indirect leak of 28 byte(s) in 2 object(s) allocated from:
#0 0x5bc58579ae23 in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-aarch64+0x2503e23) (BuildId: 2e27b63dc9ac45f522ced40a17c2a60cc32f1d38)
#1 0x7b4ad6c8f947 in __vasprintf_internal libio/vasprintf.c:116:16
#2 0x7b4ad9080a52 in g_vasprintf (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xb0a52) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#3 0x7b4ad90515e4 in g_strdup_vprintf (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x815e4) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#4 0x7b4ad9051940 in g_strdup_printf (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x81940) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#5 0x5bc5885eb739 in object_get_canonical_path /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:2123:19
#6 0x5bc58618dca8 in pc_dimm_md_fill_device_info /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/mem/pc-dimm.c:268:18
#7 0x5bc586182792 in qmp_memory_device_list /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/mem/memory-device.c:310:9
This happens because we declared the MemoryDeviceInfoList *md_list
with g_autofree, which will free the direct memory with g_free() but
doesn't free all the other data structures referenced by it. Instead
what we want is to declare the pointer with g_autoptr(), which will
automatically call the qapi_free_MemoryDeviceInfoList() cleanup
function when the variable goes out of scope.
Fixes: 36bc78aca83cfd ("hw/arm: add static NVDIMMs in device tree") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250901102214.3748011-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
docs/about/removed-features: Clarify 'device_add' is removed
All other titles in removed-features.rst mention when
the feature was removed using "removed in". Use that
instead of "since" which we use for when a feature is
deprecated.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20250901113957.17113-1-philmd@linaro.org>
Files using serial_hd() should include 'system/system.h'. Fix that.
Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250901064631.530723-3-clg@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Kiszka [Mon, 1 Sep 2025 05:56:26 +0000 (07:56 +0200)]
crypto/hmac: Allow to build hmac over multiple qcrypto_gnutls_hmac_bytes[v] calls
If the buffers that should be considered for building the hmac are not
available at the same time, the current API is unsuitable. Extend it so
that passing a NULL pointer as result_len is used as indicator that
further buffers will be passed in succeeding calls to
qcrypto_gnutls_hmac_bytes[v].
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <2d3539c247a6c323491a3821f0e5b6fc382a4686.1756706188.git.jan.kiszka@siemens.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Kiszka [Mon, 1 Sep 2025 05:56:24 +0000 (07:56 +0200)]
hw/sd/sdcard: Refactor sd_bootpart_offset
This function provides the offset for any partition in the block image,
not only the boot partitions, therefore rename it. Align the constant
names with the numbering scheme in the standard and use constants for
both boot partitions for consistency reasons. There is also no reason to
return early if boot_part_size is zero because the existing code will
provide the right value in that case as well.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <66e9b07476aad61820c4f42f4f984cc90752ba5e.1756706188.git.jan.kiszka@siemens.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Kiszka [Mon, 1 Sep 2025 05:56:22 +0000 (07:56 +0200)]
hw/sd/sdcard: Add validation for boot-partition-size
Make sure we are not silently rounding down or even wrapping around,
causing inconsistencies with the provided image.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
[PMD: Use g_autofree, suggested by Alex]
Message-ID: <1fff448da042bdf8cff7733ce67cadff4c540f1d.1756706188.git.jan.kiszka@siemens.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
The mipsnet device model was only used by the mipssim machine,
which just got removed. Remove as now dead code.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <20250828143800.49842-3-philmd@linaro.org>
The "mipssim" machine is deprecated since commit facfc943cb9
("hw/mips: Mark the "mipssim" machine as deprecated"), released
in v10.0; time to remove.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <20250828143800.49842-2-philmd@linaro.org>
Peter Maydell [Tue, 26 Aug 2025 17:49:56 +0000 (18:49 +0100)]
hw/display/xlnx_dp: Don't leak dpcd and edid objects
In the xnlx_dp_init() function we create the s->dpcd and
s->edid objects with qdev_new(); then in xlnx_dp_realize()
we realize the dpcd with qdev_realize() and the edid with
qdev_realize_and_unref().
This is inconsistent, and both ways result in a memory
leak for the instance_init -> deinit lifecycle tested
by device-introspect-test:
Indirect leak of 1968 byte(s) in 1 object(s) allocated from:
#0 0x5aded4d54e23 in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-aarch64+0x24ffe23) (BuildId: 9f1e6c5 3fecd904ba5fc1f521d7da080a0e4103b)
#1 0x71fbfac9bb09 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#2 0x5aded7b9211c in object_new_with_type /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:767:15
#3 0x5aded7b92240 in object_new /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:789:12
#4 0x5aded7b773e4 in qdev_new /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/qdev.c:149:19
#5 0x5aded54458be in xlnx_dp_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/display/xlnx_dp.c:1272:20
Direct leak of 344 byte(s) in 1 object(s) allocated from:
#0 0x5aded4d54e23 in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-aarch64+0x24ffe23) (BuildId: 9f1e6c53fecd904ba5fc1f521d7da080a0e4103b)
#1 0x71fbfac9bb09 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#2 0x5aded7b9211c in object_new_with_type /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:767:15
#3 0x5aded7b92240 in object_new /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:789:12
#4 0x5aded7b773e4 in qdev_new /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/qdev.c:149:19
#5 0x5aded5445a56 in xlnx_dp_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/display/xlnx_dp.c:1275:22
Instead, explicitly object_unref() after we have added the objects as
child properties of the device. This means they will automatically
be freed when this device is deinited. When we do this,
qdev_realize() is the correct way to realize them in
xlnx_dp_realize().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com> Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Message-ID: <20250826174956.3010274-3-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Tue, 26 Aug 2025 17:49:55 +0000 (18:49 +0100)]
hw/misc/xlnx-versal-cframe-reg: Free FIFO, g_tree on deinit
In the xlnx-versal-cframe-reg device we create a FIFO in
instance_init but don't destroy it on deinit, causing ASAN
to report a leak in the device-introspect-test:
Direct leak of 400 byte(s) in 1 object(s) allocated from:
#0 0x5aded4d54e23 in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-aarch64+0x24ffe23) (BuildId: 9f1e6c53fecd904ba5fc1f521d7da080a0e4103b)
#1 0x71fbfac9bb09 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#2 0x5aded850059d in fifo8_create /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../util/fifo8.c:27:18
#3 0x5aded582b9e4 in fifo32_create /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/include/qemu/fifo32.h:35:5
#4 0x5aded582b326 in cframe_reg_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/misc/xlnx-versal-cframe-reg.c:693:5
Similarly, we don't clean up the g_tree we create:
Direct leak of 48 byte(s) in 1 object(s) allocated from:
#0 0x5aded4d54e23 in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-aarch64+0x24ffe23) (BuildId: 9f1e6c5 3fecd904ba5fc1f521d7da080a0e4103b)
#1 0x71fbfac9bb09 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#2 0x71fbfaccc799 in g_tree_new_full (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x93799) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d7
5)
#3 0x5aded582b21a in cframe_reg_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/misc/xlnx-versal-cframe-reg.c:691:18
Add an instance_finalize method to clean up what we
allocated in instance_init.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com>
Message-ID: <20250826174956.3010274-2-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Thu, 21 Aug 2025 15:43:58 +0000 (16:43 +0100)]
hw/char/max78000_uart: Destroy FIFO on deinit
In the max78000_uart we create a FIFO in the instance_init function,
but we don't destroy it on deinit, so ASAN reports a leak in the
device-introspect-test:
#0 0x561cc92d5de3 in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-arm+0x21f1de3) (BuildId: 98fdf9fc85c3beaeca8eda0be8412f1e11b9c6ad)
#1 0x70cbf2afab09 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#2 0x561ccc4c884d in fifo8_create /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../util/fifo8.c:27:18
#3 0x561cc9744ec9 in max78000_uart_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/char/max78000_uart.c:241:5
Add an instance_finalize method to destroy the FIFO.
Cc: qemu-stable@nongnu.org Fixes: d447e4b70295 ("MAX78000: UART Implementation") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250821154358.2417744-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Thu, 21 Aug 2025 15:44:59 +0000 (16:44 +0100)]
hw/gpio/pca9554: Avoid leak in pca9554_set_pin()
In pca9554_set_pin() we have a string property which we parse in
order to set some non-string fields in the device state. So we call
visit_type_str(), passing it the address of the local variable
state_str.
visit_type_str() will allocate a new copy of the string; we
never free this string, so the result is a memory leak, detected
by ASAN during a "make check" run:
Direct leak of 5 byte(s) in 1 object(s) allocated from:
#0 0x5d605212ede3 in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-arm+0x21f1de3) (
BuildId: 3d5373c89317f58bfcd191a33988c7347714be14)
#1 0x7f7edea57b09 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId: 1eb6131419edb83b2178b68282 9a6913cf682d75)
#2 0x7f7edea6d4d8 in g_strdup (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x784d8) (BuildId: 1eb6131419edb83b2178b68282 9a6913cf682d75)
#3 0x5d6055289a91 in g_strdup_inline /usr/include/glib-2.0/glib/gstrfuncs.h:321:10
#4 0x5d6055289a91 in qobject_input_type_str /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qapi/qo
bject-input-visitor.c:542:12
#5 0x5d605528479c in visit_type_str /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qapi/qapi-visit
-core.c:349:10
#6 0x5d60528bdd87 in pca9554_set_pin /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/gpio/pca9554.c:179:10
#7 0x5d60549bcbbb in object_property_set /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1450:5
#8 0x5d60549d2055 in object_property_set_qobject /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/qom-qobject.c:28:10
#9 0x5d60549bcdf1 in object_property_set_str /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1458:15
#10 0x5d605439d077 in gb200nvl_bmc_i2c_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/arm/aspeed.c:1267:5
#11 0x5d60543a3bbc in aspeed_machine_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/arm/aspeed.c:493:9
Make the state_str g_autofree, so that we will always free
it, on both error-exit and success codepaths.
Cc: qemu-stable@nongnu.org Fixes: de0c7d543bca ("misc: Add a pca9554 GPIO device model") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Glenn Miles <milesg@linux.ibm.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250821154459.2417976-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Thu, 21 Aug 2025 15:40:53 +0000 (16:40 +0100)]
hw/ide/ich.c: Use qemu_init_irq_child() to avoid memory leak
The ICH9 PCI device uses qemu_init_irq() in its instance_init method,
but fails to clean it up in its uninit. This results in a leak,
detected by ASAN when running the device-introspect-test:
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x58f3b53ecde3 in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qem
u-system-arm+0x21f1de3) (BuildId: 8dcd38b1d76bd7bd44f905c38200f4cceafd7ca4)
#1 0x72e446dd5b09 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId: 1 eb6131419edb83b2178b682829a6913cf682d75)
#2 0x72e446db745a in g_hash_table_new_full (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4445a
) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#3 0x58f3b7c6fc67 in object_initialize_with_type /mnt/nvmedisk/linaro/qemu-from-laptop/qem
u/build/arm-asan/../../qom/object.c:568:23
#4 0x58f3b7c6f670 in object_initialize /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/ar
m-asan/../../qom/object.c:578:5
#5 0x58f3b7c6611b in qemu_init_irq /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/irq.c:48:5
#6 0x58f3b5c6e931 in pci_ich9_ahci_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/ide/ich.c:117:5
We could call qemu_free_irq() in pci_ich9_uninit(), but
since we have a method of initializing the IRQ that doesn't
need manual freeing, use that instead: qemu_init_irq_child().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250821154053.2417090-4-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Thu, 21 Aug 2025 15:40:52 +0000 (16:40 +0100)]
hw/char/serial-pci-multi: Use qemu_init_irq_child() to avoid leak
The serial-pci-multi device initializes an IRQ with qemu_init_irq()
in its instance_init function; however it never calls qemu_free_irq(),
so the init/deinit cycle has a memory leak, which ASAN catches
in the device-introspect-test:
Direct leak of 576 byte(s) in 6 object(s) allocated from:
#0 0x626306ddade3 in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qem
u-system-arm+0x21f1de3) (BuildId: 52ece17287eba2d68e5be980e1856cd1f6be932f)
#1 0x7756ade79b09 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId: 1 eb6131419edb83b2178b682829a6913cf682d75)
#2 0x7756ade5b45a in g_hash_table_new_full (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4445a
) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#3 0x62630965da37 in object_initialize_with_type /mnt/nvmedisk/linaro/qemu-from-laptop/qem
u/build/arm-asan/../../qom/object.c:568:23
#4 0x62630965d440 in object_initialize /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/ar
m-asan/../../qom/object.c:578:5
#5 0x626309653eeb in qemu_init_irq /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-as
an/../../hw/core/irq.c:48:5
#6 0x6263072370bb in multi_serial_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/char/serial-pci-multi.c:183:9
Use the new qemu_init_irq_child() function instead, so that the
IRQ object is automatically unreffed when the serial-pci
device is deinited.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250821154053.2417090-3-peter.maydell@linaro.org>
[PMD: Use "irq[*]" as child property name] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Thu, 21 Aug 2025 15:40:51 +0000 (16:40 +0100)]
hw/irq: New qemu_init_irq_child() function
The qemu_init_irq() function initializes a TYPE_IRQ QOM object. The
caller is therefore responsible for eventually calling
qemu_free_irq() to unref (and thus free) it.
In many places where we want to initialize an IRQ we are in
the init/realize of some other QOM object; if we have a variant
of this function that calls object_initialize_child() then the
IRQ will be automatically cleaned up when its parent object is
destroyed, and we don't need to remember to manually free it.
Implement qemu_init_irq_child(), which is to qemu_init_irq()
what object_initialize_child() is to object_initialize().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250821154053.2417090-2-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Aditya Gupta [Wed, 20 Aug 2025 12:25:17 +0000 (17:55 +0530)]
hw/ppc: Fix build error with CONFIG_POWERNV disabled
Currently when CONFIG_POWERNV is not enabled, the build fails, such as
with --without-default-devices:
$ ./configure --without-default-devices
$ make
[281/283] Linking target qemu-system-ppc64
FAILED: qemu-system-ppc64
cc -m64 @qemu-system-ppc64.rsp
/usr/bin/ld: libqemu-ppc64-softmmu.a.p/target_ppc_misc_helper.c.o: in function `helper_load_sprd':
.../target/ppc/misc_helper.c:335:(.text+0xcdc): undefined reference to `pnv_chip_find_core'
/usr/bin/ld: libqemu-ppc64-softmmu.a.p/target_ppc_misc_helper.c.o: in function `helper_store_sprd':
.../target/ppc/misc_helper.c:375:(.text+0xdf4): undefined reference to `pnv_chip_find_core'
collect2: error: ld returned 1 exit status
...
This is since target/ppc/misc_helper.c references PowerNV specific
'pnv_chip_find_core' call.
Split the PowerNV specific SPRD code out of the generic PowerPC code, by
moving the SPRD code to pnv.c
Fixes: 9808ce6d5cb ("target/ppc: Big-core scratch register fix") Cc: Philippe Mathieu-Daudé <philmd@linaro.org> Reported-by: Thomas Huth <thuth@redhat.com> Suggested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Aditya Gupta <adityag@linux.ibm.com> Acked-by: Cédric Le Goater <clg@redhat.com>
Message-ID: <20250820122516.949766-2-adityag@linux.ibm.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Denis Rastyogin [Thu, 14 Aug 2025 10:48:32 +0000 (13:48 +0300)]
target/mips: fix TLB huge page check to use 64-bit shift
Use extract64(entry, psn, 1) instead of (entry & (1 << psn)) to avoid
undefined behavior for shifts by 32–63 and to make bit extraction intent explicit.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
Message-ID: <20250814104914.13101-1-gerben@altlinux.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Include MIPS ASE ELF definitions from binutils:
https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=include/elf/mips.h;h=4fc190f404d828ded84e621bfcece5fa9f9c23c8;hb=HEAD#l210
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250814070650.78657-2-philmd@linaro.org>
hw/scsi/mptsas: Avoid silent integer truncation in MPI_FUNC_IOC_INIT
For the MaxDevices 8-bit field of the request / response structures
of the MPI_FUNCTION_IOC_INIT command, the 0x00 value means "max 256
devices". This is not a problem because when max_devices=256, its
value (0x100), being casted to a uint8_t, is truncated to 0x00.
However Coverity complains for an "Overflowed constant". Fix by
re-using the request fields in the response, since they are not
modified and use the same types.
Fix: Coverity 1547736 (Overflowed constant) Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20250811095550.93655-1-philmd@linaro.org>
scripts/coverity-scan/COMPONENTS.md: Add a 'plugins' category
Cover the TCG plugins files under their own Coverity category.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20250811094341.91597-1-philmd@linaro.org>
Laurent Vivier [Thu, 7 Aug 2025 11:08:06 +0000 (13:08 +0200)]
e1000e: Prevent crash from legacy interrupt firing after MSI-X enable
A race condition between guest driver actions and QEMU timers can lead
to an assertion failure when the guest switches the e1000e from legacy
interrupt mode to MSI-X. If a legacy interrupt delay timer (TIDV or
RDTR) is active, but the guest enables MSI-X before the timer fires,
the pending interrupt cause can trigger an assert in
e1000e_intmgr_collect_delayed_causes().
This patch removes the assertion and executes the code that clears the
pending legacy causes. This change is safe and introduces no unintended
behavioral side effects, as it only alters a state that previously led
to termination.
- when core->delayed_causes == 0 the function was already a no-op and
remains so.
- when core->delayed_causes != 0 the function would previously
crash due to the assertion failure. The patch now defines a safe
outcome by clearing the cause and returning. Since behavior after
the assertion never existed, this simply corrects the crash.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1863 Suggested-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp> Signed-off-by: Laurent Vivier <lvivier@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Message-ID: <20250807110806.409065-1-lvivier@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Since there is no pch_gbe emulation, we could be using func other
than 0 when adding new devices to specific boards.
Signed-off-by: Chao-ying Fu <cfu@mips.com> Signed-off-by: Djordje Todorovic <djordje.todorovic@htecgroup.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250901102850.1172983-13-djordje.todorovic@htecgroup.com>
[PMD: Compare with null character ('\0'), not '0'] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Merge tag 'qga-pull-2025-08-29-v2' of https://github.com/kostyanf14/qemu into staging
qga-pull-2025-08-29-v2
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEwsLBCepDxjwUI+uE711egWG6hOcFAmi1foEACgkQ711egWG6
# hOf0wA/+JhdZQUYWsdADK30KdAByRGF4ujz6n2c3smaYNxZh9M0fjmwy9TVjA3P9
# f2fLf1/ltgKwd8MVxR8UAE143Oq7mt2Qe+p37ftkMRtBnIyF7KVzlco3d+lH76PL
# 4zW8rCbYnhYonGD1mwTAgxHnmrEv91ZqgBH46o+A8vFUUog+QgtHj5y5YIPTTxOi
# BK+mkhG7F5nCjjl8MTFyiASRdHeYLV0cYhV+baX/sbnFU92ewojQhUFQwbxlwNH+
# yl5/+K8vlHf1OEMljCGtWabZwm5voj/hUi2apcdJtHycx3J4LOa9XpWknOZrUiJe
# ZR7ad1FAmLnoDO3MqRQvQpUDyGDwC4rBhyhcxImGljbxPlRaOV8NRjeOZYuDvb9Z
# Gv75dmAwNkLDTvCteMIsyTlavpVemu6sePmbOnFQmfRebl9Qcn5eSDoyoQX3QOp7
# SUZStaY6fLZCFnHOM97Yd5JFn5UuAlw/ZVGQjK5EYnAZX+7s0CbYmx5OSNusMPzt
# IW2Z3ydok0KkdbQ0Yhpm2j2nzvQr2gsuquaddcqjZg7i9F30CYbBAGWp91MSpJgx
# xS5aURvB1psktFNuA0WtpDkMN8sNnjNMIreh4StXf/tYg5pYi8yHYlRYkeTrxhLl
# HHaWfb2nAlZaQPjx6CXFvUKv0W2kAn+12WFzVMcM2IrQ/ESyUyE=
# =y5F8
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 01 Sep 2025 01:07:45 PM CEST
# gpg: using RSA key C2C2C109EA43C63C1423EB84EF5D5E8161BA84E7
# gpg: Good signature from "Kostiantyn Kostiuk (Upstream PR sign) <kkostiuk@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: C2C2 C109 EA43 C63C 1423 EB84 EF5D 5E81 61BA 84E7
* tag 'qga-pull-2025-08-29-v2' of https://github.com/kostyanf14/qemu:
qga: Fix truncated output handling in guest-exec status reporting
qga/installer: Remove QGA VSS if QGA installation failed
qga-vss: Write hex value of error in log
qga: ignore channel_init() fail if 'retry_path' is set
qga: Fix channel initialization check in run_agent_once
qga-vss: Remove unused dependencies
qga-vss: Replace asserts with condition and report error
qga: fix potentially not initialized nr_volumes in qga_vss_fsfreeze()
qga: Fix ubsan warning
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-tests-2025-09-01' of https://repo.or.cz/qemu/armbru into staging
Testing patches for 2025-09-01
# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmi1iOoSHGFybWJydUBy
# ZWRoYXQuY29tAAoJEDhwtADrkYZTT6QQAJ++4yNqGAtpYGvY7HHe7UIgA9s6kYMt
# aeIjVibzBFJCGX89etKpDX9IBHXl77kZEl1O84In9WDlvVC364uVaiL5DrPHLizR
# Xu+Jp6P88AXCqvgbfS5N/nYpT5I5+SGYYanDsLMyG9EtRSh+HrJEA364/pAq4ORu
# 1cm2naus2tkqVwIP/2i4B15iQT2awG0Ha0jI/22RmMlKDNyl1Mwx5P05DYFNxFRO
# XqwbEoigNc+UtZOyaj2uHLRDHTwXp+ylzqCo4FvSaF/ij/Gsu+elgJktDF7Hivop
# g0EXum3VEdhzT72sDcUa/4AbaATSD+9Iblg0XjkRTncYOO9jDnV3V/n8ffa3vSEM
# rYGGdgw5oLpjqcQp+fNlDPcF6c6o7uSZU6zl1DOSYJhge7r7pO5VnIPNydZxaU4J
# rHjLQT2rX1ISRe2k0RrXA8dy6Ld5W54XGBo9QLUH99sh1LKYZsUvCZ5P1N0g6Fe0
# obD3Y8+pR3VvMNQIx5+D12A3nijZpXSSDFdsSy1qXwnOZ/ODXXkmWqZK1cEExH4B
# EljiU+tlenUDg6N6q0fy5p3t/GBrbim9ZCjtJWJ5lNzySZP7fI0xMt5MzcKlLROq
# sYjABXG4lo/6c8SW5j+3+DN48DwQ/ct2Aa7FR5fOyW7NYpJDxxiyVoTEmE7Wyii1
# 79YqCNPkSEy5
# =L7VP
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 01 Sep 2025 01:52:10 PM CEST
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [unknown]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* tag 'pull-tests-2025-09-01' of https://repo.or.cz/qemu/armbru:
Revert "tests/qtest: use qos_printf instead of g_test_message"
MAINTAINERS: Cover tests/qtest/qom-test.c
qtest/qom-test: Don't bother to execute QMP command quit
qtest/qom-test: Traverse entire QOM tree
qtest/qom-test: Shallow testing of qom-list / qom-get
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-error-2025-09-01' of https://repo.or.cz/qemu/armbru into staging
Error reporting patches for 2025-09-01
# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmi1gEcSHGFybWJydUBy
# ZWRoYXQuY29tAAoJEDhwtADrkYZTxR4QAI3618X5dwJgW5aq+QaICs7yaXGiBv1w
# jj3gqIsvSFRALhAfJJRs6dmWX3MN9kFhpkE4xHpzVAkk1T5uwUc+/RH4weOf6BN3
# Thzyq8NkeICD3C7GpReQCuBA2mD3gga4xDwKTu21Gsl3cKW5WPE4MDFP6wdB7ftt
# L65AvLuQzt1aHoq9AArUf9ImbGW9Puu8jLOZUnwPVtTM6VLFZGULEFADuVu0zY5A
# DzIFFo6zBKPC6ikSafsQSlgeX9ioXlqgaoKoeTD53ozB+LsjHDn6PsNJk/byjdpF
# u17Cxr9Xh93LxvNwvDx2Um+X6XLspf5yH6ZQmjsiemVsyaOdPTEvZSqEQWxWNqbh
# hke/gD7DcGt2/d8KTbEJ2rEvefI7kna+qWqpM79iXIhTl7s4qdFiSYYXTjrdMFz2
# n3xFLJ0B/xJ5NmZkMXXGB2uPUA1+uQJ2p/J7qqz2gBoUPwcFHbUQUjUYwidlveAM
# gutVs0zAZKRmM+FPH6oIYHLAwM92u5C9KWtdct+lzb4VcoNzWflqVXQum83JsR5t
# 5CjjxFiUEZ8t9/BVZcL/qnWPAXAL1+eQ6jixdJVUgPcoh4+OX76f76atJRJgAEtY
# fB2MCwXfUzW872BCUIUIyANG3SQuhN37KSq4jNzdHXTmlOQFe44rm7eRijRsNnkt
# GdbfPSJSy13T
# =/S2t
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 01 Sep 2025 01:15:19 PM CEST
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [unknown]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* tag 'pull-error-2025-09-01' of https://repo.or.cz/qemu/armbru:
vfio scsi ui: Error-check qio_channel_socket_connect_sync() the same way
i386/kvm/vmsr_energy: Plug memory leak on failure to connect socket
ui/keymaps: Avoid trace crash and improve error messages
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
qtest/qom-test: Don't bother to execute QMP command quit
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250725135034.2280477-5-armbru@redhat.com> Reviewed-by: Steve Sistare <steven.sistare@oracle.com>
This test traverses the QOM sub-tree rooted at /machine. Traverse the
entire tree instead.
The x86_64 test runs some 40 additional QMP commands, and stays under
5s for me.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250725135034.2280477-4-armbru@redhat.com> Reviewed-by: Steve Sistare <steven.sistare@oracle.com>
qtest/qom-test: Shallow testing of qom-list / qom-get
This test traverses the QOM sub-tree rooted at /machine with a
combination of qom-list and qom-get. In my x86_64 testing, it runs
almost 12000 QMP commands in 34 seconds. With -m slow, we test more
machines, and it takes almost 84000 commands in almost four minutes.
Since commit 3dd93992ffb (tests/qtest/qom-test: unit test for
qom-list-get), the test traverses this tree a second time, with
qom-list-get. In my x86_64 testing, this takes some 200 QMP commands
and around two seconds, and some 1100 in just under 12s with -m slow.
Traversing the entire tree is useful, because it exercise the QOM
property getters. Traversing it twice not so much.
Make the qom-list / qom-get test shallow unless -m slow is given:
don't recurse. Cuts the number of commands to around 600, and run
time to under 5s for me.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250725135034.2280477-3-armbru@redhat.com> Reviewed-by: Steve Sistare <steven.sistare@oracle.com>
vfio scsi ui: Error-check qio_channel_socket_connect_sync() the same way
qio_channel_socket_connect_sync() returns 0 on success, and -1 on
failure, with errp set. Some callers check the return value, and some
check whether errp was set.
For consistency, always check the return value, and always check it's
negative.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250723133257.1497640-3-armbru@redhat.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
i386/kvm/vmsr_energy: Plug memory leak on failure to connect socket
vmsr_open_socket() leaks the Error set by
qio_channel_socket_connect_sync(). Plug the leak by not creating the
Error.
Fixes: 0418f90809ae (Add support for RAPL MSRs in KVM/Qemu) Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250723133257.1497640-2-armbru@redhat.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
qga/installer: Remove QGA VSS if QGA installation failed
When QGA Installer failed to install QGA service but install
QGA VSS provider, provider should be removed before installer
exits. Otherwise QGA VSS will has broken infomation and
prevent QGA installation in next run.
QGA-VSS writes error using error_setg_win32_internal,
which call g_win32_error_message.
g_win32_error_message - translate a Win32 error code
(as returned by GetLastError()) into the corresponding message.
In the same time, we call error_setg_win32_internal with
error codes from different Windows componets like VSS or
Performance monitor that provides different codes and
can't be converted with g_win32_error_message. In this
case, the empty suffix will be returned so error will be
masked.
This commit directly add hex value of error code.
Reproduce:
- Run QGA command: {"execute": "guest-fsfreeze-freeze-list", "arguments": {"mountpoints": ["D:"]}}
QGA error example:
- before changes:
{"error": {"class": "GenericError", "desc": "failed to add D: to snapshot set: "}}
- after changes:
{"error": {"class": "GenericError", "desc": "failed to add D: to snapshot set: Windows error 0x8004230e: "}}
qga: ignore channel_init() fail if 'retry_path' is set
On Windows, we run QGA with `-d --retry-path` options by default,
and expect that QGA will start even without the vioserial driver
and will wait for communication forever.
Denis V. Lunev [Thu, 7 Aug 2025 13:32:21 +0000 (15:32 +0200)]
qga: fix potentially not initialized nr_volumes in qga_vss_fsfreeze()
In this function we could have this variable not initialized. If this
could be acceptable on error, the variable could be left not initialized
f.e. as follows:
void requester_freeze(int *num_vols, void *mountpoints, ErrorSet *errset)
{
...
if (mountpoints) {
...
if (num_mount_points == 0) {
/* If there is no valid mount points, just exit. */
goto out;
}
}
...
if (!mountpoints) {
...
if (num_fixed_drives == 0) {
goto out; /* If there is no fixed drive, just exit. */
}
}
...
}
Stay on safe side, initialize the variable at the beginning.
ui/keymaps: Avoid trace crash and improve error messages
parse_keyboard_layout() passes a possibly null @filename to
trace_keymap_parse(). Trace backend log then formats it with %s,
which crashes on some systems.
Fix by moving the null check before the trace_keymap_parse().
While there, improve the error messages a bit.
Fixes: d3b787fa7dde (keymaps: add tracing) Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250723131504.1482657-1-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Merge tag 'pull-loongarch-20250829' of https://github.com/bibo-mao/qemu into staging
loongarch queue
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQNhkKjomWfgLCz0aQfewwSUazn0QUCaLEK3AAKCRAfewwSUazn
# 0ZbOAQD5zRl292WYzl6qCWe+MIx+7T3rqiq8E/MkAUPhPSF2gAD8DYCQr1u+7le6
# pwzGx5iHygCzeTjgV4KuciGGqa8y8AA=
# =OX6j
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 29 Aug 2025 12:05:16 PM AEST
# gpg: using EDDSA key 0D8642A3A2659F80B0B3D1A41F7B0C1251ACE7D1
# gpg: Good signature from "bibo mao <maobibo@loongson.cn>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7044 3A00 19C0 E97A 31C7 13C4 8E86 8FB7 A176 9D4C
# Subkey fingerprint: 0D86 42A3 A265 9F80 B0B3 D1A4 1F7B 0C12 51AC E7D1
* tag 'pull-loongarch-20250829' of https://github.com/bibo-mao/qemu:
target/loongarch: Use correct address when flush tlb
target/loongarch: Use MMUContext in get_physical_address()
target/loongarch: Use MMUContext in loongarch_map_address()
target/loongarch: Use MMUContext in loongarch_get_addr_from_tlb
target/loongarch: Use MMUConext in loongarch_map_tlb_entry()
target/loongarch: Use loongarch_check_pte in loongarch_page_table_walker
target/loongarch: Add common function loongarch_check_pte()
target/loongarch: Use MMUAccessType in loongarch_map_tlb_entry()
target/loongarch: Use vaddr in get_physical_address()
target/loongarch: Add enum type TLBRet definition
target/loongarch: Add header file cpu-mmu.h
target/loongarch: Set page size in TLB entry with STLB
target/loongarch: Define function loongarch_cpu_post_init as static
target/loongarch: Move some function definition to kvm directory
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmixiO4UHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroMTowf9EmIcSgFXrP8QR/rVQ+Z8+csR4md7
# QDzQwoDHaP9F/J728AoT/nDwwlfiHRbcH8AQbzzMrsmMnqhaWCFWD5snGelzPJAo
# BPaOa4eYvwgssW1apfxGgzae71B3Hbx/sMYHdRcUvBnvS6cKEcOcgK8pANuZGzGQ
# uRquCMvk14WhnQV/NFqr2PmtmxXjdDNefdi1RfpaPDEt4VZsh4B3afU+I+L4LvIQ
# NOPh0PbDk+BLRt2fRPgdwF6KqS5ajPEzKnBlS0uxSXKxpLOLM/2SNDOGDDVUrAwV
# ILrnchZrpxHsHwBCjaBhKZDTTQUcH0HUrZhRJbUPsg5feHRs3KoaFJjmCQ==
# =RMLB
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 29 Aug 2025 09:03:10 PM AEST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [unknown]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (28 commits)
tcg: move interrupt caching and single step masking closer to user
kvm: i386: irqchip: take BQL only if there is an interrupt
hpet: make main counter read lock-less
hpet: move out main counter read into a separate block
hpet: switch to fine-grained device locking
acpi: mark PMTIMER as unlocked
memory: reintroduce BQL-free fine-grained PIO/MMIO
add cpu_test_interrupt()/cpu_set_interrupt() helpers and use them tree wide
user-exec: ensure interrupt_request is not used
hw/i386/isapc.c: replace rom_memory with system_memory
hw/i386/pc_piix.c: replace rom_memory with pci_memory
hw/i386/pc_piix.c: remove unused headers after isapc machine split
hw/i386: move isapc machine to separate isapc.c file
hw/i386/pc_piix.c: assume pcmc->pci_enabled is always true in pc_init1()
hw/i386/pc_piix.c: always initialise ISA IDE drives in pc_init_isa()
hw/i386/pc_piix.c: remove pc_system_flash_cleanup_unused() from pc_init_isa()
hw/i386/pc_piix.c: hardcode hole64_size to 0 in pc_init_isa()
hw/i386/pc_piix.c: simplify RAM size logic in pc_init_isa()
hw/i386/pc_piix.c: remove nvdimm initialisation from pc_init_isa()
hw/i386/pc_piix.c: remove SGX initialisation from pc_init_isa()
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-target-arm-20250830' of https://gitlab.com/pm215/qemu into staging
target-arm queue:
* Implement FEAT_SCTLR2
* Implement FEAT_TCR2
* Implement FEAT_CSSC
* Implement FEAT_LSE128
* Clean up of register field definitions
* Trap PMCR when MDCR_EL2.TPMCR is set
* tests/functional: update aarch64 RME test images
* hw/intc/arm_gicv3_kvm: preserve pending interrupts during cpr
* hw/arm: add static NVDIMMs in device tree
* hw/arm/stm32f205_soc: Don't leak TYPE_OR_IRQ objects
* scripts/kernel-doc: Avoid new Perl precedence warning
* scripts/kernel-doc: Update to kernel's new Python implementation
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmizIcAZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3tmCD/9Pe4Evw/I2e3Nqr4X87+KC
# JtX3s9U8Gly1ttnWd5a+fRubBqIvpxRsJYf0PJQi7otPGDq4E3TZ5UCRnInArpRh
# hJqyNxi2ELgDU0Z917UYMnxBwpv7+V/635V1/svSOWDf9RPHnf6GwrmlCvu4Llgf
# mVtDlQd+Ta5hoICM0VzrMZfTYevxGqi/cr/oVzCObKmh1YMpPTtSNlfYPMFcY7py
# JLu5e7YNN2krh19nCXieS3iqXMsFoLp31kXcCmKE1BgIKeVPNxTRMfOWa4uNDtUN
# 17iLfHLatNfSWUA1gvUHxv2maCdm4xJZdGowP/uYvzaemquFSjfM/8qaBxxFqZ1v
# 7jdZEzdnn1CX4Kmu3cPvhcuACyYRprlrKZYvCrTH4yCKbJsm0Uo7M66ia3EIF5EQ
# kehnGGwu3rv3qrliTXiXoAr7fC0OOiN0afAkS6a5lAi13s6M+Se2VElnRvIoXR2W
# 0Xw21/05p/WuXLoMNFjEpAaQgWYEc0kQhFAQczcZH+pyGlaU2QxCTTnaeuHUWcke
# y7OtpVBk4Fukaqd4gn0SQtYQLxeFq6vPOL4b1VKR5FuGDSucBUjuVl0dG4gkdbII
# yvCBaTb+IEY4fJ1E8IMTI3Lcydv9yblLyGXLr42e22x/l51SCZs1WvIx2i6u6VST
# lYnoOObEknvf25YAu3rDTw==
# =VItP
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 31 Aug 2025 02:07:28 AM AEST
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [unknown]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20250830' of https://gitlab.com/pm215/qemu: (32 commits)
hw/arm/stm32f205_soc: Don't leak TYPE_OR_IRQ objects
target/arm: Enable FEAT_LSE128 for -cpu max
target/arm: Implement FEAT_LSE128
target/arm: Rename isar_feature_aa64_atomics
tcg: Add tcg_gen_atomic_{xchg,fetch_and,fetch_or}_i128
accel/tcg: Add cpu_atomic_*_mmu for 16-byte xchg, fetch_and, fetch_or
qemu/atomic: Add atomic16 primitives for xchg, fetch_and, fetch_or
qemu/atomic: Finish renaming atomic128-cas.h headers
target/arm: Correct condition of aa64_atomics feature function
MAINTAINERS: Put kernel-doc under the "docs build machinery" section
scripts/kernel-doc: Delete the old Perl kernel-doc script
scripts/kerneldoc: Switch to the Python kernel-doc script
scripts/kernel-doc: tweak for QEMU coding standards
scripts/kernel-doc: strip QEMU_ from function definitions
scripts: Import Python kerneldoc from Linux kernel
tests/qtest/libqtest.h: Remove stray space from doc comment
docs/sphinx/kerneldoc.py: Handle new LINENO syntax
scripts/kernel-doc: Avoid new Perl precedence warning
hw/arm: add static NVDIMMs in device tree
target/arm: Enable FEAT_CSSC for -cpu max
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
In stm32f250_soc_initfn() we mostly use the standard pattern
for child objects of calling object_initialize_child(). However
for s->adc_irqs we call object_new() and then later qdev_realize(),
and we never unref the object on deinit. This causes a leak,
detected by ASAN on the device-introspect-test:
Indirect leak of 10 byte(s) in 1 object(s) allocated from:
#0 0x5b9fc4789de3 in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-arm+0x21f1de3) (BuildId: 267a2619a026ed91c78a07b1eb2ef15381538efe)
#1 0x740de3f28b09 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#2 0x740de3f3e4d8 in g_strdup (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x784d8) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#3 0x5b9fc70159e1 in g_strdup_inline /usr/include/glib-2.0/glib/gstrfuncs.h:321:10
#4 0x5b9fc70159e1 in object_property_try_add /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1276:18
#5 0x5b9fc7015f94 in object_property_add /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1294:12
#6 0x5b9fc701b900 in object_add_link_prop /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:2021:10
#7 0x5b9fc701b3fc in object_property_add_link /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:2037:12
#8 0x5b9fc4c299fb in qdev_init_gpio_out_named /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/gpio.c:90:9
#9 0x5b9fc4c29b26 in qdev_init_gpio_out /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/gpio.c:101:5
#10 0x5b9fc4c0f77a in or_irq_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/or-irq.c:70:5
#11 0x5b9fc70257e1 in object_init_with_type /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:428:9
#12 0x5b9fc700cd4b in object_initialize_with_type /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:570:5
#13 0x5b9fc700e66d in object_new_with_type /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:774:5
#14 0x5b9fc700e750 in object_new /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:789:12
#15 0x5b9fc68b2162 in stm32f205_soc_initfn /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/arm/stm32f205_soc.c:69:26
Switch to using object_initialize_child() like all our
other child objects for this SoC object.
Cc: qemu-stable@nongnu.org Fixes: b63041c8f6b ("STM32F205: Connect the ADC devices") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250821154229.2417453-1-peter.maydell@linaro.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250815122653.701782-8-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This feature contains the LDCLRP, LDSETP, and SWPP instructions.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250815122653.701782-7-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This is FEAT_LSE -- rename the predicate to match.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250830045006.380393-1-richard.henderson@linaro.org
Message-id: 20250815122653.701782-6-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250815122653.701782-5-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
accel/tcg: Add cpu_atomic_*_mmu for 16-byte xchg, fetch_and, fetch_or
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250815122653.701782-4-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
qemu/atomic: Add atomic16 primitives for xchg, fetch_and, fetch_or
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250815122653.701782-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 19 Aug 2025 14:56:58 +0000 (15:56 +0100)]
target/arm: Correct condition of aa64_atomics feature function
The ARMv8.1-Atomics feature (renamed FEAT_LSE in more modern versions
of the Arm ARM) has always ben indicated by ID_AA64ISAR0.ATOMIC being
0b0010 or greater; 0b0001 is a reserved unused value.
We were incorrectly checking for != 0; this had no harmful effects
because all the CPUs set their value for this field to either 0
(for not having the feature) or 2 (if they do have it), but it's
better to match what the architecture specifies here.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250819145659.2165160-1-peter.maydell@linaro.org
Peter Maydell [Thu, 14 Aug 2025 17:13:23 +0000 (18:13 +0100)]
MAINTAINERS: Put kernel-doc under the "docs build machinery" section
We never had a MAINTAINERS entry for the old kernel-doc script; add
the files for the new Python kernel-doc under "Sphinx documentation
configuration and build machinery", as the most appropriate
subsection.
Mauro has kindly volunteered to help with maintenance/review
of this area of the codebase, so add him as a maintainer.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Message-id: 20250814171324.1614516-9-peter.maydell@linaro.org
Peter Maydell [Thu, 14 Aug 2025 17:13:22 +0000 (18:13 +0100)]
scripts/kernel-doc: Delete the old Perl kernel-doc script
We can now delete the old Perl kernel-doc script. For posterity,
this is a complete diff of the local changes that we were carrying
between the kernel's Perl script as of kernel commit 72b97d0b911872ba
(the last time we synced it) and our local copy:
+ # Strip QEMU specific compiler annotations
+ $prototype =~ s/QEMU_[A-Z_]+ +//;
+
# Yes, this truly is vile. We are looking for:
# 1. Return type (may be nothing if we're looking at a macro)
# 2. Function name
@@ -2057,7 +2060,7 @@
}
elsif (/$doc_decl/o) {
$identifier = $1;
- if (/\s*([\w\s]+?)(\(\))?\s*-/) {
+ if (/\s*([\w\s]+?)(\s*-|:)/) {
$identifier = $1;
}
These changes correspond to: 06e2329636f license: Update deprecated SPDX tag GPL-2.0 to GPL-2.0-only
(a bulk change which we won't bother to re-apply to this third-party script) b30df2751e5 scripts/kernel-doc: strip QEMU_ from function definitions 4cf41794411 docs: tweak kernel-doc for QEMU coding standards
We have already applied the equivalent of these changes to the
Python code in libs/kdoc/ in the preceding commits.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Thu, 14 Aug 2025 17:13:21 +0000 (18:13 +0100)]
scripts/kerneldoc: Switch to the Python kernel-doc script
Change the Sphinx config to run the new Python kernel-doc script
instead of the Perl one. The only difference between the two is that
the new script does not handle the -sphinx-version option, instead
assuming that Sphinx is always at least version 3: so we must
delete the code that passes that option to avoid the Python
script complaining about an unknown option.
QEMU's minimum Sphinx version is already 3.4.3, so this doesn't
change the set of versions we can handle.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Message-id: 20250814171324.1614516-7-peter.maydell@linaro.org
Peter Maydell [Thu, 14 Aug 2025 17:13:20 +0000 (18:13 +0100)]
scripts/kernel-doc: tweak for QEMU coding standards
This commit makes the equivalent changes to the Python script that we
had for the old Perl script in commit 4cf41794411f ("docs: tweak
kernel-doc for QEMU coding standards"). To repeat the rationale from
that commit:
Surprisingly, QEMU does have a pretty consistent doc comment style and
it is not very different from the Linux kernel's. Of the documentation
"sigils", only "#" separates the QEMU doc comment style from Linux's,
and it has 200+ instances vs. 6 for the kernel's '&struct foo' (all in
accel/tcg/translate-all.c), so it's clear that the two standards are
different in this respect. In addition, our structs are typedefed and
recognized by CamelCase names.
Note that in 4cf41794411f we used '(?!)' as our type_fallback regex;
this is strictly not quite a replacement for the upstream
'\&([_\w]+)', because the latter includes a group that can later be
matched with \1, and the former does not. The old perl script did
not care about this, but the python version does, so we must include
the extra set of brackets to ensure we have a group.
This commit does not include all the same changes that 4cf41794411f
did. Of the missing pieces, some had already gone in an earlier
kernel-doc update; the parts we still had but do not include here are:
The second of these is already in the upstream version: the line r =
KernRe("[-:](.*)") in process_name() matches the regex we have. The
first change has been refactored into the doc_begin_data and
doc_begin_func changes. Since the output HTML for QEMU's
documentation has no relevant changes with the new kerneldoc, we
assume that this too has been handled upstream.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Message-id: 20250814171324.1614516-6-peter.maydell@linaro.org
Peter Maydell [Thu, 14 Aug 2025 17:13:19 +0000 (18:13 +0100)]
scripts/kernel-doc: strip QEMU_ from function definitions
This commit is the Python version of our older commit b30df2751e5 ("scripts/kernel-doc: strip QEMU_ from function definitions").
Some versions of Sphinx get confused if function attributes are
left on the C code from kernel-doc; strip out any QEMU_* prefixes
from function prototypes.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Message-id: 20250814171324.1614516-5-peter.maydell@linaro.org
Peter Maydell [Thu, 14 Aug 2025 17:13:18 +0000 (18:13 +0100)]
scripts: Import Python kerneldoc from Linux kernel
We last synced our copy of kerneldoc with Linux back in 2020. In the
interim, upstream has entirely rewritten the script in Python, and
the new Python version is split into a main script plus some
libraries in the kernel's scripts/lib/kdoc.
Import all these files. These are the versions as of kernel commit 0cc53520e68be, with no local changes.
We use the same lib/kdoc/ directory as the kernel does here, so we
can avoid having to edit the top-level script just to adjust a
pathname, even though it is probably not the naming we would have
picked if this was a purely QEMU script.
The Sphinx conf.py still points at the Perl version of the script,
so this Python code will not be invoked to build the docs yet.
NB: checkpatch complains about many things in this commit,
including the use of "GPL-2.0" rather than "GPL-2.0-only" in
the SPDX tags, but since this is a third party import we can
ignore this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Message-id: 20250814171324.1614516-4-peter.maydell@linaro.org
Peter Maydell [Thu, 14 Aug 2025 17:13:17 +0000 (18:13 +0100)]
tests/qtest/libqtest.h: Remove stray space from doc comment
The doc comment for qtest_cb_for_every_machine has a stray
space at the start of its description, which makes kernel-doc
think that this line is part of the documentation of the
skip_old_versioned argument. The result is that the HTML
doesn't have a "Description" section and the text is instead
put in the wrong place.
Remove the stray space.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Message-id: 20250814171324.1614516-3-peter.maydell@linaro.org
Peter Maydell [Thu, 14 Aug 2025 17:13:16 +0000 (18:13 +0100)]
docs/sphinx/kerneldoc.py: Handle new LINENO syntax
The new upstream kernel-doc that we plan to update to uses a different
syntax for the LINENO directives that the Sphinx extension parses:
instead of
#define LINENO 86
it has
.. LINENO 86
Update the kerneldoc.py extension to handle both syntaxes, so
that it will work with both the old and the new kernel-doc.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Message-id: 20250814171324.1614516-2-peter.maydell@linaro.org
Peter Maydell [Tue, 19 Aug 2025 11:56:48 +0000 (12:56 +0100)]
scripts/kernel-doc: Avoid new Perl precedence warning
Newer versions of Perl (5.41.x and up) emit a warning for code in
kernel-doc:
Possible precedence problem between ! and pattern match (m//) at /scripts/kernel-doc line 1597.
This is because the code does:
if (!$param =~ /\w\.\.\.$/) {
In Perl, the ! operator has higher precedence than the =~
pattern-match binding, so the effect of this condition is to first
logically-negate the string $param into a true-or-false value and
then try to pattern match it against the regex, which in this case
will always fail. This is almost certainly not what the author
intended.
In the new Python version of kernel-doc in the Linux kernel,
the equivalent code is written:
if KernRe(r'\w\.\.\.$').search(param):
# For named variable parameters of the form `x...`,
# remove the dots
param = param[:-3]
else:
# Handles unnamed variable parameters
param = "..."
which is a more sensible way of writing the behaviour you would
get if you put in brackets to make the regex match first and
then negate the result.
Take this as the intended behaviour, and update the Perl to match.
For QEMU, this produces no change in output, presumably because we
never used the "unnamed variable parameters" syntax.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Message-id: 20250819115648.2125709-1-peter.maydell@linaro.org
NVDIMM is used for fast rootfs with EROFS, for example by kata
containers. To allow booting with static NVDIMM memory, add them to the
device tree in arm virt machine.
This allows users to boot directly with nvdimm memory devices without
having to rely on ACPI and hotplug.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250803014019.416797-4-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / thirdparty / qemu.git / log
