Commit 350785d41d8b ("ramfb: Add property to control if load the
romfile") introduced the `use-legacy-x86-rom` property for the
`vfio-pci-nohotplug` device, allowing control over VGA BIOS ROM
loading. However, the property compatibility setting was incorrectly
applied to the `vfio-pci` device instead, which causes all `vfio-pci`
devices to fail to load. This change fixes the issue by ensuring the
property is set on the correct device.
Fixes: d5fcf0d960d8 ("hw/i386: Add the ramfb romfile compatibility") Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Shaoqin Huang <shahuang@redhat.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Link: https://lore.kernel.org/qemu-devel/20250723062714.1245826-1-clg@redhat.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
* tag 'pull-qga-2025-07-28' of https://repo.or.cz/qemu/armbru:
qga: Add cross-references
qga: Rephrase return docs to avoid type name
qga: Remove trivial "Returns:" sections
qga: Fix guest-network-get-route return value documentation
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 28 Jul 2025 13:31:12 +0000 (09:31 -0400)]
Merge tag 'pull-10.1-rc1-maintainer-260725-1' of https://gitlab.com/stsquad/qemu into staging
documentation and test cleanups
- improve clarity of user-mode docs
- remove reference to TAP tarball
- add new hypervisor test for aarch64 EL2
- reduce combinatorial explosion of plugin tests
- make docker-all-test-cross more friendly to non-x86 hosts
- expose unittests to sysv.args for embedded help
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmiFUdoACgkQ+9DbCVqe
# KkQn+Af/RpTh4XmIcqiLvXrygLWo8hSELS0gjIRZgAA8QyBmojZ+e13los3pzm2Z
# WWlQhh4T0OHgMtZCPPrP+XUc/QDgV3Pt41C1O6SWRwqD4v/7oWNNZz+pFra7x160
# CLBJfcVuRKdFzuR1NZldR8LJufmAMnPnBwE+cV9SpBlGe/lvcLPPvjF0eXQnW1yP
# fWmNgf7VnLBPEQ3NQkliZ23Ku6p4yWDfJLfqgUAXe57Eom1PpDEaPlc+5UaYtAKs
# ee6Gk5CqVFUhIj0v50qBn1giLyaqaXyGn9yWiwiNDL/qVV1v+DK7LNt5B0bTXCfd
# X1KTwpJJdbzmcDftrAq+oacaeXryIA==
# =Sxa/
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 26 Jul 2025 18:08:26 EDT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-10.1-rc1-maintainer-260725-1' of https://gitlab.com/stsquad/qemu:
tests/functional: expose sys.argv to unittest.main
tests/docker: handle host-arch selection for all-test-cross
tests/docker: add --arch-only to qemu deps for all-test-cross
tests/tcg: reduce the number of plugin tests combinations
configure: expose PYTHON to test/tcg/config-host.mak
tests/tcg: don't include multiarch tests if not supported
tests/tcg: remove ADDITIONAL_PLUGINS_TESTS
tests/tcg: skip libsyscall.so on softmmu tests
tests/functional: add hypervisor test for aarch64
docs/user: expand section on threading
docs/user: slightly reword section on system calls
docs/user: clean up headings
docs/system: reword the TAP notes to remove tarball ref
docs/user: clarify user-mode expects the same OS
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 28 Jul 2025 13:31:06 +0000 (09:31 -0400)]
Merge tag 'pull-lu-20250726' of https://gitlab.com/rth7680/qemu into staging
linux-user/aarch64: Clear TPIDR2_EL0 when delivering signals
linux-user/aarch64: Support TPIDR2_MAGIC signal frame record
linux-user/aarch64: Support ZT_MAGIC signal frame record
* tag 'pull-lu-20250726' of https://gitlab.com/rth7680/qemu:
linux-user/aarch64: Support ZT_MAGIC signal frame record
linux-user/aarch64: Support TPIDR2_MAGIC signal frame record
linux-user/aarch64: Clear TPIDR2_EL0 when delivering signals
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
target/i386: fix width of third operand of VINSERTx128
scripts: add script to help distros use global Rust packages
rust/pl011: merge device_class.rs into device.rs
rust: devices are not staticlibs
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Enclose command and type names in `backquotes`, so they become links
in generated HTML.
We did this for qapi/ in merge commit 504632dcc631.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250717115246.3830007-5-armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
Mentioning the type in the description again is commonly redundant.
There is just one such description. Rephrase it not to mention the
type.
We did this for qapi/ in commit f7296f8de5c (qapi: rephrase return
docs to avoid type name).
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250717115246.3830007-4-armbru@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
The QAPI doc generator recently started to auto-generate return
documentation when there is no "Returns:" section (commit 636c96cd77d
"qapi: Fix undocumented return values by generating something").
Remove "Returns:" sections where the auto-generated text is obviously
no worse. For instance, guest-info's documentation changes from
Return:
GuestAgentInfo -- GuestAgentInfo
to
Return:
GuestAgentInfo
The auto-generated returns all are in the exact same spot.
We did this for qapi/ in commit 0462da9d6b1 (qapi: remove trivial
"Returns:" sections).
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250717115246.3830007-3-armbru@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
qga: Fix guest-network-get-route return value documentation
Tagged sections are only recognized at the beginning of a paragraph.
guest-network-get-route's Returns: isn't, and therefore gets rendered
as ordinary text within its paragraph:
Retrieve information about route of network. Returns: List of route
info of guest.
Since there is no (recognized) Returns: section, the doc generator
adds
Return:
[GuestNetworkRoute]
Note: only since recent commit 636c96cd77d (qapi: Fix undocumented
return values by generating something).
Insert the required blank line so that Returns: is recognized.
Result:
Retrieve information about route of network.
Return:
[GuestNetworkRoute] -- List of route info of guest.
Fixes: commit 8e326d36dd16 (qga/linux: Add new api 'guest-network-get-route') Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250717115246.3830007-2-armbru@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
positional arguments:
tests a list of any number of test modules, classes and test methods.
options:
-h, --help show this help message and exit
-v, --verbose Verbose output
-q, --quiet Quiet output
--locals Show local variables in tracebacks
--durations N Show the N slowest test cases (N=0 for all)
-f, --failfast Stop on first fail or error
-c, --catch Catch Ctrl-C and display results so far
-b, --buffer Buffer stdout and stderr during tests
-k TESTNAMEPATTERNS Only run tests which match the given substring
Examples:
test_aarch64_kvm.py test_module - run tests from test_module
test_aarch64_kvm.py module.TestClass - run tests from module.TestClass
test_aarch64_kvm.py module.Class.test_method - run specified test method
test_aarch64_kvm.py path/to/test_file.py - run tests from test_file.py
options:
-h, --help show this help message and exit
-v, --verbose Verbose output
-q, --quiet Quiet output
--locals Show local variables in tracebacks
--durations N Show the N slowest test cases (N=0 for all)
-f, --failfast Stop on first fail or error
-c, --catch Catch Ctrl-C and display results so far
-b, --buffer Buffer stdout and stderr during tests
-k TESTNAMEPATTERNS Only run tests which match the given substring
-s, --start-directory START
Directory to start discovery ('.' default)
-p, --pattern PATTERN
Pattern to match tests ('test*.py' default)
-t, --top-level-directory TOP
Top level directory of project (defaults to start directory)
For test discovery all test modules must be importable from the top level directory of the project.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250725154517.3523095-15-alex.bennee@linaro.org>
Alex Bennée [Fri, 25 Jul 2025 15:45:16 +0000 (16:45 +0100)]
tests/docker: handle host-arch selection for all-test-cross
When building on non-x86 we get a bunch but not all of the compilers.
Handle this in the Dockerfile by probing the arch and expanding the
list available.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250725154517.3523095-14-alex.bennee@linaro.org>
Alex Bennée [Fri, 25 Jul 2025 15:45:15 +0000 (16:45 +0100)]
tests/docker: add --arch-only to qemu deps for all-test-cross
If we want to build this container on non-x86 systems we might not
have all the cross-compilers needed for the ROM blobs we don't
actually build. Use --arch-only to avoid stalling on these missing
bits.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250725154517.3523095-13-alex.bennee@linaro.org>
Alex Bennée [Fri, 25 Jul 2025 15:45:14 +0000 (16:45 +0100)]
tests/tcg: reduce the number of plugin tests combinations
As our set of multiarch tests has grown the practice of running every
plugin with every test is becoming unsustainable. If we switch to
ensuring every test gets run with at least one plugin we can speed
things up.
Some plugins do need to be run with specific tests (for example the
memory instrumentation test). We can handle this by manually adding
them to EXTRA_RUNS. We also need to wrap rules in a CONFIG_PLUGIN test
so we don't enable the runs when plugins are not enabled.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250725154517.3523095-12-alex.bennee@linaro.org>
Alex Bennée [Fri, 25 Jul 2025 15:45:11 +0000 (16:45 +0100)]
tests/tcg: remove ADDITIONAL_PLUGINS_TESTS
We never actually used this is the end. Remove it to enable
re-factoring.
Fixes: 7cefff22d54 (tests/tcg: add mechanism to run specific tests with plugins) Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250725154517.3523095-9-alex.bennee@linaro.org>
Alex Bennée [Fri, 25 Jul 2025 15:45:09 +0000 (16:45 +0100)]
tests/functional: add hypervisor test for aarch64
This is a simple test case that runs an image with kvmtool and
kvm-unit-tests which can validate virtualisation works. This is useful
for exercising TCG but can also be applied to any nested virt setup
which is why it doesn't specify an accelerator.
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250725154517.3523095-7-alex.bennee@linaro.org>
Alex Bennée [Fri, 25 Jul 2025 15:45:08 +0000 (16:45 +0100)]
docs/user: expand section on threading
Potentially too many weasel words when describing atomic and memory
order issues.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250725154517.3523095-6-alex.bennee@linaro.org>
Alex Bennée [Fri, 25 Jul 2025 15:45:07 +0000 (16:45 +0100)]
docs/user: slightly reword section on system calls
Expand the description slightly and quote ioctl(). I did ponder
mentioning something about why DRM ioctls are often missing but I see
we have the I915 ones so I guess its just no one has done them.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250725154517.3523095-5-alex.bennee@linaro.org>
Peter Maydell [Fri, 25 Jul 2025 17:55:10 +0000 (18:55 +0100)]
linux-user/aarch64: Support ZT_MAGIC signal frame record
FEAT_SME2 adds the ZT0 register, whose contents may need to be
preserved and restored on signal handler entry and exit. This is
done with a new ZT_MAGIC record. We forgot to implement support for
this in our linux-user code before enabling the SME2p1 emulation,
which meant that a signal handler using SME would corrupt the ZT0
register value, and code that attempted to unwind an exception from
inside a signal handler would not work.
Add the missing record handling.
Fixes: 7b1613a1020d2942 ("target/arm: Enable FEAT_SME2p1 on -cpu max") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250725175510.3864231-4-peter.maydell@linaro.org>
Peter Maydell [Fri, 25 Jul 2025 17:55:09 +0000 (18:55 +0100)]
linux-user/aarch64: Support TPIDR2_MAGIC signal frame record
FEAT_SME adds the TPIDR2 userspace-accessible system register, which
is used as part of the procedure calling standard's lazy saving
scheme for the ZA registers:
https://github.com/ARM-software/abi-aa/blob/main/aapcs64/aapcs64.rst#66the-za-lazy-saving-scheme
The Linux kernel has a signal frame record for saving
and restoring this value when calling signal handlers, but
we forgot to implement this. The result is that code which
tries to unwind an exception out of a signal handler will
not work correctly.
Add support for the missing record.
Cc: qemu-stable@nongnu.org Fixes: 78011586b90d1 ("target/arm: Enable SME for user-only") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250725175510.3864231-3-peter.maydell@linaro.org>
Peter Maydell [Fri, 25 Jul 2025 17:55:08 +0000 (18:55 +0100)]
linux-user/aarch64: Clear TPIDR2_EL0 when delivering signals
A recent change to the kernel (Linux commit b376108e1f88
"arm64/fpsimd: signal: Clear TPIDR2 when delivering signals") updated
the signal-handler entry code to always clear TPIDR2_EL0.
This is necessary for the userspace ZA lazy saving scheme to work
correctly when unwinding exceptions across a signal boundary.
(For the essay-length description of the incorrect behaviour and
why this is the correct fix, see the commit message for the
kernel commit.)
Make QEMU also clear TPIDR2_EL0 on signal entry, applying the
equivalent bugfix to our implementation.
Note that getting this unwinding to work correctly also requires
changes to the userspace code, e.g. as implemented in gcc in
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=b5ffc8e75a8
This change is technically an ABI change; from the kernel's
point of view SME was never enabled (it was hidden behind
CONFIG_BROKEN) before the change. From QEMU's point of view
our SME-related signal handling was broken anyway as we weren't
saving and restoring TPIDR2_EL0.
Cc: qemu-stable@nongnu.org Fixes: 78011586b90d1 ("target/arm: Enable SME for user-only") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250725175510.3864231-2-peter.maydell@linaro.org>
Paolo Bonzini [Thu, 24 Jul 2025 23:10:12 +0000 (01:10 +0200)]
target/i386: fix width of third operand of VINSERTx128
Table A-5 of the Intel manual incorrectly lists the third operand of
VINSERTx128 as Wqq, but it is actually a 128-bit value. This is
visible when W is a memory operand close to the end of the page.
Fixes the recently-added poly1305_kunit test in linux-next.
(No testcase yet, but I plan to modify test-avx2 to use memory
close to the end of the page. This would work because the test
vectors correctly have the memory operand as xmm2/m128).
Reported-by: Eric Biggers <ebiggers@kernel.org> Tested-by: Eric Biggers <ebiggers@kernel.org> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: "Jason A. Donenfeld" <Jason@zx2c4.com> Cc: Guenter Roeck <linux@roeck-us.net> Cc: qemu-stable@nongnu.org Fixes: 79068477686 ("target/i386: reimplement 0x0f 0x3a, add AVX", 2022-10-18) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 22 Jul 2025 07:50:01 +0000 (09:50 +0200)]
scripts: add script to help distros use global Rust packages
Some distros prefer to avoid vendored crate sources, and instead use
local sources from e.g. ``/usr/share/cargo/registry``. Add a
script, inspired by the Mesa spec file(*), that automatically
performs this task. The script is meant to be invoked after unpacking
the QEMU tarball.
* tag 'pull-target-arm-20250725' of https://gitlab.com/pm215/qemu:
target/arm: hvf: stubbing reads to LORC_EL1
hw/arm/smmu-common: Avoid using inlined functions with external linkage
target/arm: Fix LD1W, LD1D to 128-bit elements
target/arm: Pass correct esize to sve_st1_z() for LD1Q, ST1Q
target/arm: LD1Q, ST1Q are vector + scalar, not scalar + vector
decodetree: Infer argument set before inferring format
target/arm: Pack mtedesc into upper 32 bits of descriptor
target/arm: Expand the descriptor for SME/SVE memory ops to i64
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Fri, 25 Jul 2025 12:24:44 +0000 (08:24 -0400)]
Merge tag 'tracing-pull-request' of https://gitlab.com/stefanha/qemu into staging
Pull request
This commit is still worth having in QEMU 10.1 for the all-round improvements
made (consistent timestamping, binary size reduction, header pollution cleanup)
even if it's debatable whether this is a bug fix.
* tag 'pull-ppc-20250724' of https://github.com/legoater/qemu:
MAINTAINERS: remove myself as ppc maintainer/reviewer
MAINTAINERS: Remove Frédéric as reviewer
MAINTAINERS: Add myself as a reviewer for XIVE
MAINTAINERS: Add myself as a reviewer of PowerNV emulation
MAINTAINERS: Add myself as reviewer for PowerPC TCG CPUs
MAINTAINERS: Adding myself as reviewer for PPC KVM cpus.
MAINTAINERS: Adding myself as a co-maintainer for ppc/spapr
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Fri, 25 Jul 2025 12:24:29 +0000 (08:24 -0400)]
Merge tag 'migration-20250722-pull-request' of https://gitlab.com/farosas/qemu into staging
Migration pull request
- Fixes to postcopy blocktime latency display code
- Fix to QMP error message (not)shown when postcopy fails
- Workaround to a GNUTLS bug that crashes QEMU
# -----BEGIN PGP SIGNATURE-----
#
# iQJEBAABCAAuFiEEqhtIsKIjJqWkw2TPx5jcdBvsMZ0FAmiAG1wQHGZhcm9zYXNA
# c3VzZS5kZQAKCRDHmNx0G+wxnR0xEACZMIqnVIFUu57V5gJ8v/4IJv70n6jrjtzJ
# 5/TzdAAY9bKJE5y84axovZy4iHijbZnGz+kVKr5Wai9KKb41tW0liWAe5RART2TE
# VuRBgxXODCmg3US6w0niy9cR3NH7WXbEQ5gyexC7D3/1R1ahpqOragZQxzvtA+3e
# aKe2pqRyQODHU9D1tnKexeFNJM6dGBVd9FVsYAHDfhx0Bk1vcpVXVrAJcfaSY2Y5
# +4/g7CXOJCUFBrFbVxYFU9muU8JrMvWv8lU4nG2ztDhmSH7Uy/DVCfEUa9/jEjDa
# 1BwZbOIIFMJy0P/G3toK6Z9lJEVfiUXaboNtqgSK5ZM8ZL1L1yHKQi631Qny/Wuf
# pzJWR1nOSL2f/bsueWj2OmZKl3FpXcaDWisZuDeS3wXWrtPRuJEXi6f//6JcYd2i
# Zm0kVRNf3CbXGnJxwDrsbh0hr5sN+bonaI+N4hHGxDCqUHhND4p0JMaPMte+PF4u
# pOooaRKq2a6KRZFyDPjyBgESXfDJ0Tdw5IeOKbFPskOEIpBVxyc3mpwu8Kz45qoV
# 8b2GYCKBjWLpqfTPwUcJd5MNVDO1ZUyqOPuarHNADth6pJglnWyFI/TIBoARzAKB
# EzS4dQ+DKM/Jz5cM++0dMPL75/1i2q2x7BBhCBBm9yeZDqDIKeT07yl8JGL/OCq9
# 7gNGfyze5w==
# =DGn2
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 22 Jul 2025 19:14:36 EDT
# gpg: using RSA key AA1B48B0A22326A5A4C364CFC798DC741BEC319D
# gpg: issuer "farosas@suse.de"
# gpg: Good signature from "Fabiano Rosas <farosas@suse.de>" [unknown]
# gpg: aka "Fabiano Almeida Rosas <fabiano.rosas@suse.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: AA1B 48B0 A223 26A5 A4C3 64CF C798 DC74 1BEC 319D
* tag 'migration-20250722-pull-request' of https://gitlab.com/farosas/qemu:
crypto: add tracing & warning about GNUTLS countermeasures
migration: activate TLS thread safety workaround
io: add support for activating TLS thread safety workaround
crypto: implement workaround for GNUTLS thread safety problems
migration: show error message when postcopy fails
migration: HMP: Fix postcopy latency distribution label
migration: HMP: Fix possible out-of-bounds access
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
JianChunfu [Fri, 14 Feb 2025 07:20:29 +0000 (15:20 +0800)]
hw/arm/smmu-common: Avoid using inlined functions with external linkage
Similarly to commit 9de9fa5c ("hw/arm/smmu-common: Avoid using
inlined functions with external linkage"):
None of our code base require / use inlined functions with external
linkage. Some places use internal inlining in the hot path. These
two functions are certainly not in any hot path and don't justify
any inlining, so these are likely oversights rather than intentional.
Fixes: b8fa4c23 (hw/arm/smmu: Support nesting in the rest of commands) Signed-off-by: JianChunfu <jansef.jian@hj-micro.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 23 Jul 2025 16:54:58 +0000 (17:54 +0100)]
target/arm: Fix LD1W, LD1D to 128-bit elements
In our implementation of the SVE2p1 contiguous load to 128-bit
element insns such as LD1D (scalar plus scalar, single register), we
got the order of the arguments to the DO_LD1_2() macro wrong. Here
the first argument is the element size and the second is the memory
size, and the element size is always the same size or larger than
the memory size.
For the 128-bit versions, we want to load either 32-bit or 64-bit
values from memory and extend them to the 128-bit vector element, but
were trying to load 128 bit values and then stuff them into 32-bit or
64-bit vector elements. Correct the macro ordering.
Fixes: fc5f060bcb7b ("target/arm: Implement {LD1, ST1}{W, D} (128-bit element) for SVE2p1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250723165458.3509150-7-peter.maydell@linaro.org
Peter Maydell [Wed, 23 Jul 2025 16:54:57 +0000 (17:54 +0100)]
target/arm: Pass correct esize to sve_st1_z() for LD1Q, ST1Q
Our implementation of the helper functions for the LD1Q and ST1Q
insns reused the existing DO_LD1_ZPZ_D and DO_ST1_ZPZ_D macros. This
passes the wrong esize (8, not 16) to sve_ldl_z().
Create new macros DO_LD1_ZPZ_Q and DO_ST1_ZPZ_Q which pass the
correct esize, and use them for the LD1Q and ST1Q helpers.
Fixes: d2aa9a804ee ("target/arm: Implement LD1Q, ST1Q for SVE2p1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250723165458.3509150-6-peter.maydell@linaro.org
Peter Maydell [Wed, 23 Jul 2025 16:54:56 +0000 (17:54 +0100)]
target/arm: LD1Q, ST1Q are vector + scalar, not scalar + vector
Unlike the "LD1D (scalar + vector)" etc instructions, LD1Q is
vector + scalar. This means that:
* the vector and the scalar register are in opposite fields
in the encoding
* 31 in the scalar register field is XZR, not XSP
The same applies for ST1Q.
This means we can't reuse the trans_LD1_zprz() and trans_ST1_zprz()
functions for LD1Q and ST1Q. Split them out to use their own
trans functions.
Note that the change made here to sve.decode requires the decodetree
bugfix "decodetree: Infer argument set before inferring format" to
avoid a spurious compile-time error about "dtype".
Fixes: d2aa9a804ee678f ("target/arm: Implement LD1Q, ST1Q for SVE2p1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250723165458.3509150-5-peter.maydell@linaro.org
decodetree: Infer argument set before inferring format
Failure to confirm an argument set first may result in
the selection of a format which leaves extra arguments
to be filled in by the pattern.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250723165458.3509150-4-peter.maydell@linaro.org
Message-id: 20250722183343.273533-1-richard.henderson@linaro.org Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Pack mtedesc into upper 32 bits of descriptor
Instead of trying to pack mtedesc into the upper 17 bits of a 32-bit
gvec descriptor, pass the gvec descriptor in the lower 32 bits and
the mte descriptor in the upper 32 bits of a 64-bit operand.
This fixes two bugs:
(1) in gen_sve_ldr() and gen_sve_str() call gen_mte_checkN() with a
length value which is the SVE vector length and can be up to 256
bytes. We don't assert there that it fits in the descriptor, so
we would just fail to do the MTE checks on the right length of memory
if the VL is more than 32 bytes
(2) the new-in-SVE2p1 insns LD3Q, LD4Q, ST3Q, ST4Q also involve
transfers of more than 32 bytes of memory. In this case we would
assert at translate time.
(Note for potential backporting: this commit depends on the previous
"target/arm: Expand the descriptor for SME/SVE memory ops to i64".)
Fixes: 7b1613a1020d2942 ("target/arm: Enable FEAT_SME2p1 on -cpu max") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250723165458.3509150-3-peter.maydell@linaro.org
[PMM: expand commit message to clarify that we are fixing bugs here] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Expand the descriptor for SME/SVE memory ops to i64
We have run out of room attempting to pack both the gvec
descriptor and the mte descriptor into 32 bits.
Here, change nothing except the parameter type, which
affects all declarations, the function typedefs, and the
type used with tcg expansion.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250723165458.3509150-2-peter.maydell@linaro.org
In case of multiple chunks, code in qxl_unpack_chunks() takes size of the
wrong (next in the chain) chunk, instead of using current chunk size.
This leads to wrong number of bytes being copied, and to crashes if next
chunk size is larger than the current one.
Based on the code by Gao Yong.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1628 Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Thomas Huth <thuth@redhat.com>
log: make '-msg timestamp=on' apply to all qemu_log usage
Currently the tracing 'log' back emits special code to add timestamps
to trace points sent via qemu_log(). This current impl is a bad design
for a number of reasons.
* It changes the QEMU headers, such that 'error-report.h' content
is visible to all files using tracing, but only when the 'log'
backend is enabled. This has led to build failure bugs as devs
rarely test without the (default) 'log' backend enabled, and
CI can't cover every scenario for every trace backend.
* It bloats the trace points definitions which are inlined into
every probe location due to repeated inlining of timestamp
formatting code, adding MBs of overhead to QEMU.
* The tracing subsystem should not be treated any differently
from other users of qemu_log. They all would benefit from
having timestamps present.
* The timestamp emitted with the tracepoints is in a needlessly
different format to that used by error_report() in response
to '-msg timestamp=on'.
This fixes all these issues simply by moving timestamp formatting
into qemu_log, using the same approach as for error_report.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-id: 20250721185452.3016488-1-berrange@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
MAINTAINERS: remove myself as ppc maintainer/reviewer
It has been awhile since I actively did anything for qemu-ppc aside from
reading the qemu-ppc inbox a couple of times each month. It's not enough
to justify a reviewer role, let alone being a maintainer.
Given that we're doing qemu-ppc maintainership changes across the board
I'll take the opportunity and remove myself from the premises too. Feel
free to reach out with questions about code I did in the past, but at
this moment I'm no longer able to keep up with qemu-ppc activities.
I have been looking at XIVE in context of KVM internally at IBM for some time
in addition to testing a few XIVE upstream patches; and I'll be closely looking
at XIVE going forward.
MAINTAINERS: Add myself as reviewer for PowerPC TCG CPUs
I have been working on Power ISA for a long time now and have mostly
contributed in TCG instruction translation area (moved 300+ instructions to
decodetree as of yet) and would like to continue contributing to PPC TCG in
best possible ways I can. I think it's time to step up and assist in reviewing
related patches to enable myself contribute more effectively in this direction.
MAINTAINERS: Adding myself as a co-maintainer for ppc/spapr
Have been contributing in ppc/spapr and related areas for quite some
time as a contributor and reviewer. I think its time to step up as a
co-maintainer to help with maintainer activities.
crypto: add tracing & warning about GNUTLS countermeasures
We want some visibility on stderr when the GNUTLS thread
safety countermeasures are activated, to encourage people
to get the real fix deployed (once it exists). Some trace
points will also help if we see any further wierd crash
scenario we've not anticipated.
When either the postcopy or return path capabilities are
enabled, the migration code will use the primary channel
for bidirectional I/O.
If either of those capabilities are enabled, the migration
code needs to mark the channel as expecting concurrent I/O
in order to activate the thread safety workarounds for
GNUTLS bug 1717
io: add support for activating TLS thread safety workaround
Add a QIO_CHANNEL_FEATURE_CONCURRENT_IO feature flag.
If this is set on a QIOChannelTLS session object, the TLS
session will be marked as requiring thread safety, which
will activate the workaround for GNUTLS bug 1717 if needed.
crypto: implement workaround for GNUTLS thread safety problems
When TLS 1.3 is negotiated on a TLS session, GNUTLS will perform
automatic rekeying of the session after 16 million records. This
is done for all algorithms except CHACHA20_POLY1305 which does
not require rekeying.
Unfortunately the rekeying breaks GNUTLS' promise that it is safe
to use a gnutls_session_t object concurrently from multiple threads
if they are exclusively calling gnutls_record_send/recv.
This patch implements a workaround for QEMU that adds a mutex lock
around any gnutls_record_send/recv call to serialize execution
within GNUTLS code. When GNUTLS calls into the push/pull functions
we can release the lock so the OS level I/O calls can at least
have some parallelism.
The big downside of this is that the actual encryption/decryption
code is fully serialized, which will halve performance of that
cipher operations if two threads are contending.
The workaround is not enabled by default, since most use of GNUTLS
in QEMU does not tickle the problem, only non-multifd migration
with a return path open is affected. Fortunately the migration
code also won't trigger the halving of performance, since only
the outbound channel diretion needs to sustain high data rates,
the inbound direction is low volume.
The 'info migrate' command only shows the error message when the
migration state is 'failed'. When postcopy is used, however,
the 'postcopy-paused' state is used instead of 'failed', so we
must show the error message there too.
The vcpu property is no longer used in these backends. Removing it avoids
unnecessary checks and simplifies the code generation for these trace
backends.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Tanish Desai <tanishdesai37@gmail.com>
Message-id: 20250722114352.3624-1-tanishdesai37@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Paolo Bonzini [Mon, 21 Jul 2025 10:51:31 +0000 (12:51 +0200)]
rust: devices are not staticlibs
This is only cosmetic for now, but hopefully later on Meson will parse more
of Cargo.toml. Devices are linked into a staticlib but are not staticlibs
themselves.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Stefan Hajnoczi [Mon, 21 Jul 2025 18:55:31 +0000 (14:55 -0400)]
Merge tag 'pull-ppc-20250721' of https://github.com/legoater/qemu into staging
ppc/xive queue:
* Various bug fixes around lost interrupts particularly.
* Major group interrupt work, in particular around redistributing
interrupts. Upstream group support is not in a complete or usable
state as it is.
* Significant context push/pull improvements, particularly pool and
phys context handling was quite incomplete beyond trivial OPAL
case that pushes at boot.
* Improved tracing and checking for unimp and guest error situations.
* Various other missing feature support.
* tag 'pull-ppc-20250721' of https://github.com/legoater/qemu: (50 commits)
ppc/xive2: Enable lower level contexts on VP push
ppc/xive: Split need_resend into restore_nvp
ppc/xive2: Implement PHYS ring VP push TIMA op
ppc/xive2: Implement POOL LGS push TIMA op
ppc/xive2: Implement set_os_pending TIMA op
ppc/xive2: redistribute group interrupts on context push
ppc/xive2: Implement pool context push TIMA op
ppc/xive: Check TIMA operations validity
ppc/xive: Redistribute phys after pulling of pool context
ppc/xive2: Prevent pulling of pool context losing phys interrupt
ppc/xive2: implement NVP context save restore for POOL ring
ppc/xive: Assert group interrupts were redistributed
ppc/xive2: Avoid needless interrupt re-check on CPPR set
ppc/xive2: Consolidate presentation processing in context push
ppc/xive2: split tctx presentation processing from set CPPR
ppc/xive: Add xive_tctx_pipr_set() helper function
ppc/xive: tctx_accept only lower irq line if an interrupt was presented
ppc/xive: tctx signaling registers rework
ppc/xive: Split xive recompute from IPB function
ppc/xive: Fix high prio group interrupt being preempted by low prio VP
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'display-20250718-pull-request' of https://gitlab.com/kraxel/qemu:
hw/i386: Add the ramfb romfile compatibility
vfio: Move the TYPE_* to hw/vfio/types.h
ramfb: Add property to control if load the romfile
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Conflicts:
hw/core/machine.c
Context conflict because the vfio-pci
"x-migration-load-config-after-iter" was added recently.
Stefan Hajnoczi [Mon, 21 Jul 2025 16:21:31 +0000 (12:21 -0400)]
Merge tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu into staging
Misc crypto & UI patches
* Fix endian defaults when no VNC pixel format message is set
* Add more trace events for VNC messages
* Fix checking of certificate loading
* Eliminate cert limit on loading CA certificates
* tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu:
crypto: load all certificates in X509 CA file
crypto/x509-utils: Check for error from gnutls_x509_crt_init()
ui: add trace events for all client messages
ui: fix setting client_endian field defaults
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Developers are accustomed to read RWX, not RWE.
Replace E -> X.
Reported-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Mads Ynddal <mads@ynddal.dk> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'pull-request-2025-07-21' of https://gitlab.com/thuth/qemu:
docs/devel: fix over-quoting of QEMU_TEST_KEEP_SCRATCH
functional: always enable all python warnings
functional: ensure sockets and files are closed
functional: ensure log handlers are closed
linux-headers: Remove the 32-bit arm headers
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 21 Jul 2025 10:34:47 +0000 (06:34 -0400)]
Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEIV1G9IJGaJ7HfzVi7wSWWzmNYhEFAmh91p0ACgkQ7wSWWzmN
# YhG+2wgAqw3G2TGRPT29ObyYDcd2Z54jdnNpX5gEND/UnqENprXfdD3PR58bnxe3
# uJGPRkMXgkIDit61lshsb8DF8x9ZEIlm/Ax5FM0ksBczWDYHiyEuXoyt2Uai1kWY
# fLBkVfjFqCu1AGniboCZiC4ZawZXIqkx/+DI3J/XRqa+bSCQ18I15dsLD/yxU/pp
# Hwxp07/d+UayANdxs0mZ5Lr7a1ktTgytCt0O2jQNHlMzfOvdBbVbF/WGclMWfNgI
# 68HWPY7P8k8jRTRFx3H/0LyYQrPyseTpa3zHC+zW9jNskkPkhCwlAY4UDC8x8LII
# OjsDc/0nre626rNCiJlifD3UJ7t86A==
# =xj23
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 21 Jul 2025 01:56:45 EDT
# gpg: using RSA key 215D46F48246689EC77F3562EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [full]
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* tag 'net-pull-request' of https://github.com/jasowang/qemu:
net/vhost-user: Remove unused "err" from chr_closed_bh() (CID 1612365)
net/passt: Initialize "error" variable in net_passt_send() (CID 1612368)
net/passt: Check return value of g_remove() in net_passt_cleanup() (CID 1612369)
net/passt: Remove dead code in passt_vhost_user_start error path (CID 1612371)
net/vhost-user: Remove unused "err" from net_vhost_user_event() (CID 1612372)
net/passt: Remove unused "err" from passt_vhost_user_event() (CID 1612375)
hw/net/npcm_gmac.c: Drop 'buf' local variable
hw/net/npcm_gmac.c: Correct test for when to reallocate packet buffer
hw/net/npcm_gmac.c: Unify length and prev_buf_size variables
hw/net/npcm_gmac.c: Send the right data for second packet in a row
tap: fix net_init_tap() return code
net/tap: drop too small packets
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Henry Kleynhans [Wed, 22 Dec 2021 15:05:59 +0000 (15:05 +0000)]
crypto: load all certificates in X509 CA file
Some CA files may contain multiple intermediaries and roots of trust.
These may not fit into the hard-coded limit of 16.
Extend the validation code to allocate enough space to load all of the
certificates present in the CA file and ensure they are cleaned up.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Henry Kleynhans <hkleynhans@fb.com>
[DB: drop MAX_CERTS constant & whitespace tweaks] Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit a2260983c655 ("hvf: arm: Add support for GICv3") added GICv3 support
by implementing emulation for a few system registers. ICC_RPR_EL1 was
defined but not plugged in the sysreg handlers (for no good reason).
Fix it.
Fixes: a2260983c655 ("hvf: arm: Add support for GICv3") Signed-off-by: Zenghui Yu <zenghui.yu@linux.dev> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250714160139.10404-3-zenghui.yu@linux.dev Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hvf: arm: Add permission check in GIC sysreg handlers
Quoting Peter Maydell:
" hvf_sysreg_read_cp() and hvf_sysreg_write_cp() do not check the .access
field of the ARMCPRegInfo to ensure that they forbid writes to registers
that are marked with a .access field that says they're read-only (and
ditto reads to write-only registers). "
Before we add more registers in GIC sysreg handlers, let's get it correct
by adding the .access checks to hvf_sysreg_read_cp() and
hvf_sysreg_write_cp(). With that, a sysreg access with invalid permission
will result in an UNDEFINED exception.
Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Zenghui Yu <zenghui.yu@linux.dev>
Message-id: 20250714160139.10404-2-zenghui.yu@linux.dev Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 18 Jul 2025 17:30:32 +0000 (18:30 +0100)]
target/arm: Make LD1Q decode and trans fn agree about a->u
For the LD1Q instruction (gather load of quadwords) we use the
LD1_zprz pattern with MO_128 elements. At this element size there is
no signed vs unsigned distinction, and we only set the 'u' bit in the
arg_LD1_zprz struct because we share the code and decode struct with
smaller element sizes.
However, we set u=0 in the decode pattern line but then accidentally
asserted that it was 1 in the trans function. Since our usual convention
is that the "default" is unsigned and we only mark operations as signed
when they really do need to extend, change the decode pattern line to
set u=1 to match the assert.
Fixes: d2aa9a804ee6 ("target/arm: Implement LD1Q, ST1Q for SVE2p1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-11-peter.maydell@linaro.org
Peter Maydell [Fri, 18 Jul 2025 17:30:31 +0000 (18:30 +0100)]
target/arm: Honour FPCR.AH=1 default NaN value in FMAXNMQV, FMINNMQV
The FMAXNMQV and FMINNMQV insns use the default NaN as their identity
value for inactive source vector elements. We open-coded this in
sve_helper.c, hoping to avoid a function call. However, this fails
to account for FPCR.AH=1 changing the default NaN value to set the
sign bit. Use a call to floatN_default_nan() to obtain this value.
Fixes: 1de7ecfc12d05 ("target/arm: Implement FADDQV, F{MIN, MAX}{NM}QV for SVE2p1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-10-peter.maydell@linaro.org
Peter Maydell [Fri, 18 Jul 2025 17:30:30 +0000 (18:30 +0100)]
target/arm: Don't nest H() macro calls in SVE DO_REDUCE
In the part of the SVE DO_REDUCE macro used by the SVE2p1 FMAXQV,
FMINQV, etc insns, we incorrectly applied the H() macro twice when
calculating an offset to add to the vn pointer. This has no effect
on little-endian hosts but on big-endian hosts the two invocations
will cancel each other out and we will access the wrong part of the
array.
The "s * 16" part of the expression is already aligned, so we only
need to use the H macro on the "e". Correct the macro usage.
Fixes: 1de7ecfc12d05 ("target/arm: Implement FADDQV, F{MIN, MAX}{NM}QV for SVE2p1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-9-peter.maydell@linaro.org
Peter Maydell [Fri, 18 Jul 2025 17:30:29 +0000 (18:30 +0100)]
target/arm: Correct sense of FPCR.AH test for FMAXQV and FMINQV
When we implemented the FMAXQV and FMINQV insns we accidentally
inverted the sense of the FPCR.AH test, so we gave the AH=1 behaviour
when FPCR.AH was zero, and vice-versa. (The difference is limited to
handling of negative zero and NaN inputs.)
Fixes: 1de7ecfc12d05 ("target/arm: Implement FADDQV, F{MIN, MAX}{NM}QV for SVE2p1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250718173032.2498900-8-peter.maydell@linaro.org
Peter Maydell [Fri, 18 Jul 2025 17:30:27 +0000 (18:30 +0100)]
target/arm: Add BFMLA, BFMLS (vectors)
FEAT_SVE_B16B16 adds bfloat16 versions of the FMLA and FMLS insns in
the "SVE floating-point multiply-accumulate writing addend" group,
encoded as sz=0b00.
Fixes: 7b1613a1020d2942 ("target/arm: Enable FEAT_SME2p1 on -cpu max") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-6-peter.maydell@linaro.org
Peter Maydell [Fri, 18 Jul 2025 17:30:26 +0000 (18:30 +0100)]
target/arm: Add BFMUL (indexed)
FEAT_SVE_B16B16 adds a bfloat16 version of the FMUL insn in the
floating-point multiply (indexed) instruction group. The encoding
is slightly bespoke; in our implementation we use MO_8 to indicate
bfloat16, as with the other B16B16 insns.
Fixes: 7b1613a1020d2942 ("target/arm: Enable FEAT_SME2p1 on -cpu max") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-5-peter.maydell@linaro.org
Peter Maydell [Fri, 18 Jul 2025 17:30:25 +0000 (18:30 +0100)]
target/arm: Add BFMIN, BFMAX (predicated)
FEAT_SVE_B16B16 adds bfloat16 versions of the SVE floating point
(predicated) instructions, which are encoded via sz=0b00. Add the
BFMAX and BFMIN insns. These have separate behaviour for AH=1 and
AH=0; we have already implemented the AH=1 helper for the SME2
versions of these insns.
Fixes: 7b1613a1020d2942 ("target/arm: Enable FEAT_SME2p1 on -cpu max") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-4-peter.maydell@linaro.org
FEAT_SVE_B16B16 adds bfloat16 versions of the SVE floating point
(predicated) instructions, which are encoded via sz=0b00.
Add BFADD, BFSUB, BFMUL, BFMAXNM, BFMINNM; these are all the insns
in this group which do not change behaviour for AH=1.
We will deal with BFMAX/BFMIN (which do have different AH=1
behaviour) in a following commit.
Fixes: 7b1613a1020d2942 ("target/arm: Enable FEAT_SME2p1 on -cpu max") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-3-peter.maydell@linaro.org
commit ad8e0e8a0088 removed the "======" underlining the file title
which broke documentation rendering. Add it back.
Fixes: ad8e0e8a0088 ("docs: add support for gb200-bmc") Cc: Ed Tanous <etanous@nvidia.com> Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Ed Tanous <etanous@nvidia.com>
Message-id: 20250715061904.97540-1-clg@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Coverity Scan noted an unusual pattern in the
MAX78000 aes device, with duplicated calls to
set_decrypt. This commit adds a comment noting
why the implementation is correct.
Signed-off-by: Jackson Donaldson <jcksn@duck.com>
Message-id: 20250716002622.84685-1-jcksn@duck.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 21 Jul 2025 09:07:53 +0000 (10:07 +0100)]
host-utils: Drop workaround for buggy Apple Clang __builtin_subcll()
In commit b0438861efe ("host-utils: Avoid using __builtin_subcll on
buggy versions of Apple Clang") we added a workaround for a bug in
Apple Clang 14 where its __builtin_subcll() implementation was wrong.
This bug was only present in Apple Clang 14, not in upstream clang,
and is not present in Apple Clang versions 15 and newer.
Since commit 4e035201 we have required at least Apple Clang 15, so we
no longer build with the buggy versions. We can therefore drop the
workaround. This is effectively a revert of b0438861efe.
This should not be backported to stable branches, which may still
need to support Apple Clang 14.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3030 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250714145033.1908788-1-peter.maydell@linaro.org
Peter Maydell [Mon, 21 Jul 2025 09:07:53 +0000 (10:07 +0100)]
target/arm: Provide always-false kvm_arm_*_supported() stubs for usermode
If you try to build aarch64-linux-user with clang and --enable-debug then it
fails to compile:
ld: libqemu-aarch64-linux-user.a.p/target_arm_cpu64.c.o: in function `cpu_arm_set_sve':
../../target/arm/cpu64.c:321:(.text+0x1254): undefined reference to `kvm_arm_sve_supported'
This is a regression introduced in commit f86d4220, which switched
the kvm-stub.c file away from being built for all arm targets to only
being built for system emulation binaries. It doesn't affect gcc,
presumably because even at -O0 gcc folds away the always-false
kvm_enabled() condition but clang does not.
We would prefer not to build kvm-stub.c once for usermode and once
for system-emulation binaries, and we can't build it just once for
both because it includes cpu.h. So instead provide always-false
versions of the five functions that are valid to call without KVM
support in kvm_arm.h.
Fixes: f86d42205c2eba ("target/arm/meson: accelerator files are not needed in user mode")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3033 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-id: 20250714135152.1896214-1-peter.maydell@linaro.org
Peter Maydell [Mon, 21 Jul 2025 09:07:53 +0000 (10:07 +0100)]
hw/misc/ivshmem-pci: Improve error handling
Coverity points out that the ivshmem-pci code has some error handling
cases where it incorrectly tries to use an invalid filedescriptor.
These generally happen because ivshmem_recv_msg() calls
qemu_chr_fe_get_msgfd(), which might return -1, but the code in
process_msg() generally assumes that the file descriptor was provided
when it was supposed to be. In particular:
* the error case in process_msg() only needs to close the fd
if one was provided
* process_msg_shmem() should fail if no fd was provided
Coverity: CID 1508726 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20250711145012.1521936-1-peter.maydell@linaro.org
Peter Maydell [Mon, 21 Jul 2025 09:07:52 +0000 (10:07 +0100)]
target/arm: Correct encoding of Debug Communications Channel registers
We don't implement the Debug Communications Channel (DCC), but
we do attempt to provide dummy versions of its system registers
so that software that tries to access them doesn't fall over.
However, we got the tx/rx register definitions wrong. These
should be:
AArch32:
DBGDTRTX p14 0 c0 c5 0 (on writes)
DBGDTRRX p14 0 c0 c5 0 (on reads)
AArch64:
DBGDTRTX_EL0 2 3 0 5 0 (on writes)
DBGDTRRX_EL0 2 3 0 5 0 (on reads)
DBGDTR_EL0 2 3 0 4 0 (reads and writes)
where DBGDTRTX and DBGDTRRX are effectively different names for the
same 32-bit register, which has tx behaviour on writes and rx
behaviour on reads. The AArch64-only DBGDTR_EL0 is a 64-bit wide
register whose top and bottom halves map to the DBGDTRRX and DBGDTRTX
registers.
Currently we have just one cpreg struct, which:
* calls itself DBGDTR_EL0
* uses the DBGDTRTX_EL0/DBGDTRRX_EL0 encoding
* is marked as ARM_CP_STATE_BOTH but has the wrong opc1
value for AArch32
* is implemented as RAZ/WI
Correct the encoding so:
* we name the DBGDTRTX/DBGDTRRX register correctly
* we split it into AA64 and AA32 versions so we can get the
AA32 encoding right
* we implement DBGDTR_EL0 at its correct encoding
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2986 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250708141049.778361-1-peter.maydell@linaro.org
We don't synchronize vcpu registers from the hardware accelerator (e.g., by
cpu_synchronize_state()) in the Dabort handler, so env->pc points to the
instruction which has nothing to do with the Dabort at all.
And it doesn't seem to make much sense to log PC in every Dabort handler,
let's just remove it from this trace event.
Signed-off-by: Zenghui Yu <zenghui.yu@linux.dev> Reviewed-by: Mads Ynddal <mads@ynddal.dk>
Message-id: 20250713154719.4248-1-zenghui.yu@linux.dev Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Nicholas Piggin [Mon, 12 May 2025 03:10:59 +0000 (13:10 +1000)]
ppc/xive2: Enable lower level contexts on VP push
When pushing a context, the lower-level context becomes valid if it
had V=1, and so on. Iterate lower level contexts and send them
pending interrupts if they become enabled.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Glenn Miles <milesg@linux.ibm.com> Reviewed-by: Michael Kowal <kowal@linux.ibm.com> Tested-by: Gautam Menghani <gautam@linux.ibm.com> Link: https://lore.kernel.org/qemu-devel/20250512031100.439842-51-npiggin@gmail.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
Nicholas Piggin [Mon, 12 May 2025 03:10:55 +0000 (13:10 +1000)]
ppc/xive2: Implement set_os_pending TIMA op
xive2 must take into account redistribution of group interrupts if
the VP directed priority exceeds the group interrupt priority after
this operation. The xive1 code is not group aware so implement this
for xive2.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Glenn Miles <milesg@linux.ibm.com> Reviewed-by: Michael Kowal <kowal@linux.ibm.com> Tested-by: Gautam Menghani <gautam@linux.ibm.com> Link: https://lore.kernel.org/qemu-devel/20250512031100.439842-47-npiggin@gmail.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
Nicholas Piggin [Mon, 12 May 2025 03:10:52 +0000 (13:10 +1000)]
ppc/xive: Check TIMA operations validity
Certain TIMA operations should only be performed when a ring is valid,
others when the ring is invalid, and they are considered undefined if
used incorrectly. Add checks for this condition.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Glenn Miles <milesg@linux.ibm.com> Reviewed-by: Michael Kowal <kowal@linux.ibm.com> Tested-by: Gautam Menghani <gautam@linux.ibm.com> Link: https://lore.kernel.org/qemu-devel/20250512031100.439842-44-npiggin@gmail.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
projects / thirdparty / qemu.git / log
