Merge tag 'pull-target-arm-20250916' of https://gitlab.com/pm215/qemu into staging
target-arm queue:
* tests, scripts: Don't import print_function from __future__
* Implement FEAT_ATS1A
* Remove deprecated pxa CPU family
* arm/kvm: report registers we failed to set
* Expose SME registers to GDB via gdbstub
* linux-user/aarch64: Generate ESR signal records
* hw/arm/raspi4b: remove redundant check in raspi_add_memory_node
* hw/arm/virt: Allow user-creatable SMMUv3 dev instantiation
* system: drop the -old-param option
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmjJpt8ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3vRGEACO3VrePiMIA9N7egqlUiGn
# aRQVqIKeuPVj6TRVG7BSNWlAX8qvnOWOKg1yGVHDZv/nLvRje9UyfUAw7pf6jXod
# bzxWBCPJ0J0eOB64Tz87WRCLltKB5pEN+uIG00PtpBcXT1ixYCDgBZXyD3mwuJ4Q
# 5Yc5hEwQzpmh+EycLtfCHbmjKDw3x1ncpVlGceOG4h5fvzIvIhcNcZJXfAHhbhyO
# Y4c5PELrCkCLZaTtSSxd6VJ+vXQ9bNWyKaSZu2KRRnLcMeAqw2Ic7dLPlkzCVyxM
# PTOHy4TuDu+kqCbkxdnhpI6fvq5kcHyfTL6qX6tth8ZZS+qKGtvMEIXnYoy6q1kh
# 4jV5vizK8avx31fSiuTKVpttRv4dC+Aq5QrcgYtIVMeOwtkWHv610D8gcFPmXoG+
# uHX9WdzOjrYOzXVKzJaCZF6b7L31ptSEfOrx7asBC9k2wPRwonFXg4JGNq16Yann
# aAO5TM7NAUvM2IPgqS+Tf1Bk0iQqORxGfqzCyL76OO/QMMgfBy9elKH0UR0G+ePJ
# yjpub1oWIELSXsQGMrdFo1W4/NIpFMTu3DP9W+6XRPu1AvrAx/AsrTuvSvXoeFY9
# d/U3yWAXm5XxRzbCIUg7ke8I8zLwRz924M5PA8vophvSnfDLS3V8CJHLwbz/PqYc
# 0P2KCeI6d2NIhVik4mgEoQ==
# =5tK3
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 16 Sep 2025 11:05:19 AM PDT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [unknown]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20250916' of https://gitlab.com/pm215/qemu: (36 commits)
hw/usb/network: Remove hardcoded 0x40 prefix in STRING_ETHADDR response
qtest/bios-tables-test: Update tables for smmuv3 tests
qtest/bios-tables-test: Add tests for legacy smmuv3 and smmuv3 device
bios-tables-test: Allow for smmuv3 test data.
qemu-options.hx: Document the arm-smmuv3 device
hw/arm/virt: Allow user-creatable SMMUv3 dev instantiation
hw/pci: Introduce pci_setup_iommu_per_bus() for per-bus IOMMU ops retrieval
hw/arm/virt: Add an SMMU_IO_LEN macro
hw/arm/virt: Factor out common SMMUV3 dt bindings code
hw/arm/virt-acpi-build: Update IORT for multiple smmuv3 devices
hw/arm/virt-acpi-build: Re-arrange SMMUv3 IORT build
hw/arm/smmu-common: Check SMMU has PCIe Root Complex association
target/arm: Added test case for SME register exposure to GDB
target/arm: Added support for SME register exposure to GDB
target/arm: Increase MAX_PACKET_LENGTH for SME ZA remote gdb debugging
arm/kvm: report registers we failed to set
system: drop the -old-param option
target/arm: Drop ARM_FEATURE_IWMMXT handling
target/arm: Drop ARM_FEATURE_XSCALE handling
target/arm: Remove iwmmxt helper functions
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'tracing-pull-request' of https://gitlab.com/stefanha/qemu into staging
Pull request
Daniel's updated tracetool test suite that doesn't break Windows CI.
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmjJo2gACgkQnKSrs4Gr
# c8gAWggAmFCi3KyeoJYLdw8ANZ46lDPV+GCtTKtCM68LtcSZKfrlNROWE/9UDI7V
# P3U/Xog01mqyWw4RX+SC90ckSWchMcLSN+TT8mZNfOTn8mcelyQkh4TDlguBLxlE
# Qz8PMwIxrKljP0bV9evZ1gk1CHkB8u1jPKLckiZRdI9rbjuxNkYTMyVSezCdfIhV
# dTDO1xf3oTDZq94591D0jSLHuF58MNXJHlA/q5OIdPCqu80Vo6cc8A8B5E1ZGKA5
# wzXaMY72GlX8RYwebXudHI0Sen6XyE3It+iWQYD8o6kgJ6kxBc0ljLxJCRE9O/d4
# D5hBgEgJ5S1ul4ggkBf5UKazF86EIQ==
# =YODs
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 16 Sep 2025 10:50:32 AM PDT
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [unknown]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* tag 'tracing-pull-request' of https://gitlab.com/stefanha/qemu:
tracetool-test: allow to run in parallel
qapi: switch to use QEMU_TEST_REGENERATE env var
tracetool: drop the probe "__nocheck__" wrapping
tracetool: add test suite for tracetool with reference output
tracetool: include SPDX-License-Identifier in generated files
tracetool: avoid space after "*" in arg types
tracetool: eliminate trailing whitespace in C format
checkpatch: cull trailing '*/' in SPDX check
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Create a temporary build subdirectory, to avoid conflicting with other
running tests. This fixes "meson test" with tracetool-test which is
parallel default.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20250916081638.764020-9-berrange@redhat.com
Message-ID: <20250908114652.1880366-1-marcandre.lureau@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The QAPI_TEST_UPDATE env var can be set when running the QAPI
schema tests to regenerate the reference output. For consistent
naming with the tracetool test, change the env var name to
QEMU_TEST_REGENERATE.
The test is modified to provide a hint about use of the new
env var and it is also added to the developer documentation.document its usage.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20250916081638.764020-8-berrange@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
The default build of qemu-system-x86_64 on Fedora with the
'log' backend, has its size reduced by 1 MB
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20250916081638.764020-7-berrange@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
tracetool: add test suite for tracetool with reference output
When reviewing tracetool patches it is often very unclear what the
expected output will be for the generated backends. Compounding
this is that a default build will only enable the 'log' trace
backend, so developers won't see generated code for other backends
without making a special effort. Some backends are also platform
specific, so can't be enabled in QEMU builds, even though tracetool
could generate the code.
To address this, introduce a test suite for tracetool which is
conceptually similar to the qapi-schema test. It is a simple
python program that runs tracetool and compares the actual output
to historical reference output kept in git. The test directly
emits TAP format logs for ease of integration with meson.
This can be run with
make check-tracetool
to make it easier for developers changing generated output, the
sample expected content can be auto-recreated
QEMU_TEST_REGENERATE=1 make check-tracetool
and the changes reviewed and added to the commit. This will also
assist reviewers interpreting the change.
Developers are reminded of this in the test output on failure:
$ make check-tracetool
1/6 qemu:tracetool / dtrace OK 0.14s
2/6 qemu:tracetool / ftrace FAIL 0.06s exit status 1
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
1..2
ok 1 - ftrace.c
#
not ok 1 - ftrace.h (set QEMU_TEST_REGENERATE=1 to recreate reference output if tracetool generator was intentionally changed)
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
3/6 qemu:tracetool / log OK 0.06s
4/6 qemu:tracetool / simple OK 0.06s
5/6 qemu:tracetool / syslog OK 0.06s
6/6 qemu:tracetool / ust OK 0.11s
Summary of Failures:
2/6 qemu:tracetool / ftrace FAIL 0.06s exit status 1
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20250916081638.764020-6-berrange@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
tracetool: include SPDX-License-Identifier in generated files
While these files are auto-generated, a later commit will add
reference output to git, so having SPDX-License-Identifier is
desirable.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20250916081638.764020-5-berrange@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
QEMU code style is to have no whitespace between "*" and the
arg name. Since generated trace code will soon be added to
git, make it comply with code style.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20250916081638.764020-4-berrange@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
tracetool: eliminate trailing whitespace in C format
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20250916081638.764020-3-berrange@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Sometimes SPDX expressions appear inside C comments, and this
confuses checkpatch.pl. Drop the closing C comment characters
to avoid this.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20250916081638.764020-2-berrange@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'pull-misc-20250916' of https://gitlab.com/rth7680/qemu:
.gitmodules: move u-boot mirrors to qemu-project-mirrors
tests/functional/x86_64: Accept a few locked pages in test_memlock.py
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'mem-staging-pull-request' of https://gitlab.com/peterx/qemu into staging
Memory pull for 10.2
- Peter's fix on flatview_access_allowed()
- Peter's fix on MR circular ref
# -----BEGIN PGP SIGNATURE-----
#
# iIgEABYKADAWIQS5GE3CDMRX2s990ak7X8zN86vXBgUCaMg4oxIccGV0ZXJ4QHJl
# ZGhhdC5jb20ACgkQO1/MzfOr1wYeLAD+LQ44LdRTjbdlAbDjSNnCorfEBFUmNysK
# St4ut4Z9ZzAA+gK8DO12zc41Oi51NaBdD+X0s94DCV4UFl4Cz1D8HoIF
# =hAUJ
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 15 Sep 2025 09:02:43 AM PDT
# gpg: using EDDSA key B9184DC20CC457DACF7DD1A93B5FCCCDF3ABD706
# gpg: issuer "peterx@redhat.com"
# gpg: Good signature from "Peter Xu <xzpeter@gmail.com>" [unknown]
# gpg: aka "Peter Xu <peterx@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B918 4DC2 0CC4 57DA CF7D D1A9 3B5F CCCD F3AB D706
* tag 'mem-staging-pull-request' of https://gitlab.com/peterx/qemu:
memory: Fix leaks due to owner-shared MRs circular references
memory: Fix addr/len for flatview_access_allowed()
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Alex Bennée [Mon, 8 Sep 2025 14:19:11 +0000 (15:19 +0100)]
.gitmodules: move u-boot mirrors to qemu-project-mirrors
To continue our GitLab Open Source Program license we need to pass an
automated license check for all repos under qemu-project. While U-Boot
is clearly GPLv2 rather than fight with the automated validation
script just move the mirror across to a separate project.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Cc: qemu-stable@nongnu.org Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250908141911.2546063-1-alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
tests/functional/x86_64: Accept a few locked pages in test_memlock.py
Startup of libgcrypt locks a small pool of pages -- by default 16k.
Testing for zero locked pages is isn't correct, while testing for
32k is a decent compromise.
Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
hw/usb/network: Remove hardcoded 0x40 prefix in STRING_ETHADDR response
USB NICs have a "40:" prefix hardcoded for all MAC addresses when we
return the guest the MAC address if it queries the STRING_ETHADDR USB
string property. This doesn't match what we use for the
OID_802_3_PERMANENT_ADDRESS or OID_802_3_CURRENT_ADDRESS OIDs for
NDIS, or the MAC address we actually use in the QEMU networking code
to send/receive packets for this device, or the NIC info string we
print for users. In all those other places we directly use
s->conf.macaddr.a, which is the full thing the user asks for.
This overrides user-provided configuration and leads to an inconsistent
experience.
I couldn't find any documented reason (comment or git commits) for
this behavior. It seems like everyone is just expecting the MAC
address to be fully passed through to the guest, but it isn't.
This may have been a debugging hack that accidentally made it through
to the accepted patch: it has been in the code since it was originally
added back in 2008.
This is also particularly problematic as the "40:" prefix isn't a
reserved prefix for MAC addresses (IEEE OUI). There are a number of
valid allocations out there which use this prefix, meaning that QEMU
may be causing MAC address conflicts.
Cc: qemu-stable@nongnu.org Fixes: 6c9f886ceae5b ("Add CDC-Ethernet usb NIC (original patch from Thomas Sailer)" Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2951 Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[PMM: beef up commit message based on mailing list discussion] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Shameer Kolothum [Fri, 29 Aug 2025 08:25:33 +0000 (09:25 +0100)]
qtest/bios-tables-test: Update tables for smmuv3 tests
For the legacy smmuv3 test case, generated IORT has a single SMMUv3 node,
a Root Complex(RC) node and 1 ITS node.
RC node features 4 ID mappings, of which 2 points to SMMU node and the
remaining ones points to ITS.
[0C4h 0196 4] Input base : 00000000
[0C8h 0200 4] ID Count : 000001FF
[0CCh 0204 4] Output Base : 00000000
[0D0h 0208 4] Output Reference : 00000048
[0D4h 0212 4] Flags (decoded below) : 00000000
Single Mapping : 0
[0D8h 0216 4] Input base : 00001000
[0DCh 0220 4] ID Count : 000000FF
[0E0h 0224 4] Output Base : 00001000
[0E4h 0228 4] Output Reference : 00000048
[0E8h 0232 4] Flags (decoded below) : 00000000
Single Mapping : 0
[0ECh 0236 4] Input base : 00000200
[0F0h 0240 4] ID Count : 00000DFF
[0F4h 0244 4] Output Base : 00000200
[0F8h 0248 4] Output Reference : 00000030
[0FCh 0252 4] Flags (decoded below) : 00000000
Single Mapping : 0
[100h 0256 4] Input base : 00001100
[104h 0260 4] ID Count : 0000EEFF
[108h 0264 4] Output Base : 00001100
[10Ch 0268 4] Output Reference : 00000030
[110h 0272 4] Flags (decoded below) : 00000000
Single Mapping : 0
For the smmuv3-dev test case, IORT has 2 SMMUV3 nodes,
1 RC node and 1 ITS node.
RC node features 4 ID mappings. 2 of them target the 2
SMMU nodes while the others targets the ITS.
Shameer Kolothum [Fri, 29 Aug 2025 08:25:32 +0000 (09:25 +0100)]
qtest/bios-tables-test: Add tests for legacy smmuv3 and smmuv3 device
For the legacy SMMUv3 test, the setup includes three PCIe Root Complexes,
one of which has bypass_iommu enabled. The generated IORT table contains
a single SMMUv3 node, a Root Complex(RC) node and 1 ITS node.
RC node features 4 ID mappings, of which 2 points to SMMU node and the
remaining ones points to ITS.
For the -device arm-smmuv3,... test, the configuration also includes three
Root Complexes, with two connected to separate SMMUv3 devices.
The resulting IORT table contains 1 RC node, 2 SMMU nodes and 1 ITS node.
RC node features 4 ID mappings. 2 of them target the 2 SMMU nodes while
the others targets the ITS.
Shameer Kolothum [Fri, 29 Aug 2025 08:25:29 +0000 (09:25 +0100)]
hw/arm/virt: Allow user-creatable SMMUv3 dev instantiation
Allow cold-plugging of an SMMUv3 device on the virt machine when no
global (legacy) SMMUv3 is present or when a virtio-iommu is specified.
This user-created SMMUv3 device is tied to a specific PCI bus provided
by the user, so ensure the IOMMU ops are configured accordingly.
Due to current limitations in QEMU’s device tree support, specifically
its inability to properly present pxb-pcie based root complexes and
their devices, the device tree support for the new SMMUv3 device is
limited to cases where it is attached to the default pcie.0 root complex.
Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Nathan Chen <nathanc@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Reviewed-by: Donald Dutile <ddutile@redhat.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com>
Message-id: 20250829082543.7680-8-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Shameer Kolothum [Fri, 29 Aug 2025 08:25:28 +0000 (09:25 +0100)]
hw/pci: Introduce pci_setup_iommu_per_bus() for per-bus IOMMU ops retrieval
Currently, pci_setup_iommu() registers IOMMU ops for a given PCIBus.
However, when retrieving IOMMU ops for a device using
pci_device_get_iommu_bus_devfn(), the function checks the parent_dev
and fetches IOMMU ops from the parent device, even if the current
bus does not have any associated IOMMU ops.
This behavior works for now because QEMU's IOMMU implementations are
globally scoped, and host bridges rely on the bypass_iommu property
to skip IOMMU translation when needed.
However, this model will break with the soon to be introduced
arm-smmuv3 device, which allows users to associate the IOMMU
with a specific PCIe root complex (e.g., the default pcie.0
or a pxb-pcie root complex).
For example, consider the following setup with multiple root
complexes:
In Qemu, pxb-pcie acts as a special root complex whose parent is
effectively the default root complex(pcie.0). Hence, though pcie.1
has no associated SMMUv3 as per above, pci_device_get_iommu_bus_devfn()
will incorrectly return the IOMMU ops from pcie.0 due to the fallback
via parent_dev.
To fix this, introduce a new helper pci_setup_iommu_per_bus() that
explicitly sets the new iommu_per_bus field in the PCIBus structure.
This helper will be used in a subsequent patch that adds support for
the new arm-smmuv3 device.
Update pci_device_get_iommu_bus_devfn() to use iommu_per_bus when
determining the correct IOMMU ops, ensuring accurate behavior for
per-bus IOMMUs.
Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Nathan Chen <nathanc@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Reviewed-by: Donald Dutile <ddutile@redhat.com>
Message-id: 20250829082543.7680-7-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Shameer Kolothum [Fri, 29 Aug 2025 08:25:25 +0000 (09:25 +0100)]
hw/arm/virt-acpi-build: Update IORT for multiple smmuv3 devices
With the soon to be introduced user-creatable SMMUv3 devices for
virt, it is possible to have multiple SMMUv3 devices associated
with different PCIe root complexes.
Update IORT nodes accordingly.
An example IORT Id mappings for a Qemu virt machine with two
PCIe Root Complexes each assocaited with a SMMUv3 will
be something like below,
Introduce a new struct AcpiIortSMMUv3Dev to hold all the information
required for SMMUv3 IORT node and use that for populating the node.
The current machine wide SMMUv3 is named as legacy SMMUv3 as we will
soon add support for user-creatable SMMUv3 devices. These changes will
be useful to have common code paths when we add that support.
Tested-by: Nathan Chen <nathanc@nvidia.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Reviewed-by: Donald Dutile <ddutile@redhat.com>
Message-id: 20250829082543.7680-3-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Shameer Kolothum [Fri, 29 Aug 2025 08:25:23 +0000 (09:25 +0100)]
hw/arm/smmu-common: Check SMMU has PCIe Root Complex association
We only allow default PCIe Root Complex(pcie.0) or pxb-pcie based extra
root complexes to be associated with SMMU.
Although this change does not affect functionality at present, it is
required when we add support for user-creatable SMMUv3 devices in
future patches.
Note: Added a specific check to identify pxb-pcie to avoid matching
pxb-cxl host bridges, which are also of type PCI_HOST_BRIDGE. This
restriction can be relaxed once support for CXL devices on arm/virt
is added and validated with SMMUv3.
Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Nathan Chen <nathanc@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Reviewed-by: Donald Dutile <ddutile@redhat.com>
Message-id: 20250829082543.7680-2-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Added support for SME register exposure to GDB
The QEMU GDB stub does not expose the ZA storage SME register to GDB
via the remote serial protocol, which can be a useful functionality
to debug SME code. To provide this functionality for AArch64
targets, this patch registers the SME register set with the GDB stub.
To do so, this patch implements the aarch64_gdb_get_sme_reg() and
aarch64_gdb_set_sme_reg() functions to specify how to get and set the
SME registers, and the arm_gen_dynamic_smereg_feature() function to
generate the target description in XML format to indicate the target
architecture supports SME. Finally, this patch includes a
dyn_smereg_feature structure to hold this GDB XML description of the
SME registers for each CPU.
Note that according to the GDB documentation the ZA register is
defined as a vector of bytes; however the target description xml
retrieved when using gdb natively on a host with SME capabilities
represents the ZA register as a vector of vectors of bytes, so this
is a GDB documentation error. We follow GDB's own gdbstub
implementation and represent the ZA register as a vector of vectors
of bytes as is done by GDB here:
target/arm: Increase MAX_PACKET_LENGTH for SME ZA remote gdb debugging
This patch increases the value of the MAX_PACKET_LEGNTH to
131104 from 4096 to allow the GDBState.line_buf to be large enough
to accommodate the full contents of the SME ZA storage when the
vector length is maximal. This is in preparation for a related
patch that allows SME register visibility through remote GDB
debugging.
Signed-off-by: Vacha Bhavsar <vacha.bhavsar@oss.qualcomm.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20250909161012.2561593-2-vacha.bhavsar@oss.qualcomm.com
[PMM: fixed up comment formatting] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
If we fail migration because of a mismatch of some registers between
source and destination, the error message is not very informative:
qemu-system-aarch64: error while loading state for instance 0x0 ofdevice 'cpu'
qemu-system-aarch64: Failed to put registers after init: Invalid argument
At least try to give the user a hint which registers had a problem,
even if they cannot really do anything about it right now.
Sample output:
Could not set register op0:3 op1:0 crn:0 crm:0 op2:0 to c00fac31 (is 413fd0c1)
We could be even more helpful once we support writable ID registers,
at which point the user might actually be able to configure something
that is migratable.
Suggested-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Sebastian Ott <sebott@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20250911154159.158046-1-cohuck@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 28 Aug 2025 16:27:00 +0000 (17:27 +0100)]
system: drop the -old-param option
We deprecated the command line option -old-param for the 10.0
release, which allows us to drop it in 10.2. This option was used to
boot Arm targets with a very old boot protocol using the
'param_struct' ABI. We only ever needed this on a handful of board
types which have all now been removed from QEMU.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20250828162700.3308812-1-peter.maydell@linaro.org
Peter Maydell [Thu, 28 Aug 2025 14:04:22 +0000 (15:04 +0100)]
target/arm: Drop ARM_FEATURE_IWMMXT handling
We have now removed all the CPU types which had the Intel XScale
extensions indicated via ARM_FEATURE_IWMMXT, so this feature bit
is never set. Remove all the code that can only be reached when
using this flag.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250828140422.3271703-6-peter.maydell@linaro.org
Peter Maydell [Thu, 28 Aug 2025 14:04:21 +0000 (15:04 +0100)]
target/arm: Drop ARM_FEATURE_XSCALE handling
We have now removed all the CPU types which had the Intel XScale
extensions indicated via ARM_FEATURE_XSCALE, so this feature bit
is never set. Remove all the code that can only be reached when
using this flag.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250828140422.3271703-5-peter.maydell@linaro.org
Peter Maydell [Thu, 28 Aug 2025 14:04:20 +0000 (15:04 +0100)]
target/arm: Remove iwmmxt helper functions
Remove the iwmmxt helper functions which are no longer called now
that we have removed the associated translate.c handling.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250828140422.3271703-4-peter.maydell@linaro.org
Peter Maydell [Thu, 28 Aug 2025 14:04:19 +0000 (15:04 +0100)]
target/arm: Remove XScale and iWMMXt translate.c code
Remove all the translator code that is accessible only via
ARM_FEATURE_XSCALE or ARM_FEATURE_IWMMXT. This includes the
xscale-only cp15_cpar TB flags and cpu_{V0,V1,M0} TCG temps.
The no-longer-used helper functions will be removed in a separate
commit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250828140422.3271703-3-peter.maydell@linaro.org
Peter Maydell [Thu, 28 Aug 2025 14:04:18 +0000 (15:04 +0100)]
target/arm: Remove deprecated pxa CPU family
In 10.0 we deprecated the pxa CPU family (pxa250, pxa255, pxa260
pxa261, pxa262, pxa270-a0, pxa270-a1, pxa270, pxa270-b0, pxa270-b1,
pxa270-c0, pxa270-c5). Now we have released 10.1 we can remove them.
This commit removes only the top level CPU definitions and updates
the documentation. Removing the CPUs means that there is now a lot
of dead iwMMXt code, which we will delete in subsequent commits.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250828140422.3271703-2-peter.maydell@linaro.org
hw/arm/raspi4b: remove redundant check in raspi_add_memory_node
The if (acells == 0 || scells == 0) check is redundant in
raspi_add_memory_node, since it is already checked in the call
chain, arm_load_dtb. Also the return value of the function is
not checked/used so it's removed.
Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20250902200818.43305-1-osama.abdelkader@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Rename get_phys_addr_with_space_nogpc for its only
caller, do_ats_write. Drop the MemOp memop argument
as it doesn't make sense in the new context. Replace
the access_type parameter with prot_check.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250830054128.448363-8-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Separate the access_type from the protection check.
Save the trouble of modifying all helper functions
by passing the new data in the control structure.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250830054128.448363-6-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Note that we have been passing the incorrect code for most
exception codes: uncategorized (do_el0_undef),
systemregistertrap (do_el0_sys), smetrap (do_sme_acc),
btitrap (do_el0_bti) and illegalstate (bad_el0_sync).
Only pacfail uses ILL_ILLOPN (do_el0_fpac).
Note that EC_MOP (do_el0_mops) ought not signal at all.
For now, preserve existing behavior signalling ILL_ILLOPN.
List all other exception codes and document why they do
not apply to user-only.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250830054128.448363-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 11 Sep 2025 12:14:15 +0000 (13:14 +0100)]
tests, scripts: Don't import print_function from __future__
Some of our Python scripts still include the line
from __future__ import print_function
which is intended to allow a Python 2 to handle the Python 3 print()
syntax. This particular part of the future arrived many years ago,
and our minimum Python version is 3.9, so we don't need to keep
this line around.
NB: the scripts in tests/tcg/*/gdbstub/ are run with whatever Python
gdb was built against, but we can safely assume that that was a
Python 3 because our supported distros are all on Python 3. In any
case these are only run as part of "make check-tcg", not by
end-users.
Commit created with:
sed -i -e '/import print_function/d' $(git grep -l 'from __future__')
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250819102409.2117969-1-peter.maydell@linaro.org
Of most importance is that this gives us a heads-up if anything
we rely on has been deprecated. The default python behaviour
only emits a warning if triggered from __main__ which is very
limited.
Setting the env variable further ensures that any python child
processes will also display warnings.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The iotest 151 creates a bunch of subprocesses, with their stdout
connected to a pipe but never reads any data from them and does
not gurantee the processes are killed on cleanup.
This triggers resource leak warnings from python when the
subprocess.Popen object is garbage collected.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
python: ensure QEMUQtestProtocol closes its socket
While QEMUQtestMachine closes the socket that was passed to
QEMUQtestProtocol, the python resource leak manager still
believes that the copy QEMUQtestProtocol holds is open. We
must explicitly call close to avoid this leak warnnig.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
John Snow [Tue, 26 Aug 2025 17:04:50 +0000 (13:04 -0400)]
python: synchronize qemu.qmp documentation
This patch collects comments and documentation changes from many commits
in the python-qemu-qmp repository; bringing the qemu.git copy in
bit-identical alignment with the standalone library *except* for several
copyright messages that reference the "LICENSE" file which is, for QEMU,
named "COPYING" instead and are therefore left unchanged.
Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
John Snow [Wed, 3 Sep 2025 05:06:30 +0000 (01:06 -0400)]
python: backport 'avoid creating additional event loops per thread'
This commit is two backports squashed into one to avoid regressions.
python: *really* remove get_event_loop
A prior commit, aa1ff990, switched away from using get_event_loop *by
default*, but this is not good enough to avoid deprecation warnings as
`asyncio.get_event_loop_policy().get_event_loop()` is *also*
deprecated. Replace this mechanism with explicit calls to
asyncio.get_new_loop() and revise the cleanup mechanisms in __del__ to
match.
python: avoid creating additional event loops per thread
"Too hasty by far!", commit 21ce2ee4 attempted to avoid deprecated
behavior altogether by calling new_event_loop() directly if there was no
loop currently running, but this has the unfortunate side effect of
potentially creating multiple event loops per thread if tests
instantiate multiple QMP connections in a single thread. This behavior
is apparently not well-defined and causes problems in some, but not all,
combinations of Python interpreter version and platform environment.
Partially revert to Daniel Berrange's original patch, which calls
get_event_loop and simply suppresses the deprecation warning in
Python<=3.13. This time, however, additionally register new loops
created with new_event_loop() so that future calls to get_event_loop()
will return the loop already created.
Reported-by: Richard W.M. Jones <rjones@redhat.com> Reported-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com>
cherry picked from commit python-qemu-qmp@21ce2ee4f2df87efe84a27b9c5112487f4670622
cherry picked from commit python-qemu-qmp@c08fb82b38212956ccffc03fc6d015c3979f42fe Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This method was deprecated in 3.12 because it ordinarily should not be
used from coroutines; if there is not a currently running event loop,
this automatically creates a new event loop - which is usually not what
you want from code that would ever run in the bottom half.
In our case, we do want this behavior in two places:
(1) The synchronous shim, for convenience: this allows fully sync
programs to use QEMUMonitorProtocol() without needing to set up an event
loop beforehand. This is intentional to fully box in the async
complexities into the legacy sync shim.
(2) The qmp_tui shell; instead of relying on asyncio.run to create and
run an asyncio program, we need to be able to pass the current asyncio
loop to urwid setup functions. For convenience, again, we create one if
one is not present to simplify the creation of the TUI appliance.
The remaining user of get_event_loop() was in fact one of the erroneous
users that should not have been using this function: if there's no
running event loop inside of a coroutine, you're in big trouble :)
Signed-off-by: John Snow <jsnow@redhat.com>
cherry picked from commit python-qemu-qmp@aa1ff9907603a3033296027e1bd021133df86ef1 Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
John Snow [Fri, 22 Jul 2022 19:55:45 +0000 (15:55 -0400)]
python: backport 'qmp-tui: Do not crash if optional dependencies are not met'
Based on the discussion at https://github.com/pypa/pip/issues/9726 -
even though the setuptools documentation implies that it is possible to
guard script execution with optional dependency groups, this is not true
in practice with the scripts generated by pip.
Just do the simple thing and guard the import statements.
Signed-off-by: John Snow <jsnow@redhat.com>
cherry picked from commit python-qemu-qmp@df520dcacf9a75dd4c82ab1129768de4128b554c Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
cherry picked from commit python-qemu-qmp@9c889dcbd58817b0c917a9d2dd16161f48ac8203 Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This is not strictly needed functionality-wise, but doing this allows
sphinx to see which decorated methods are async. Without this, sphinx
misses the "async" classifier on generated docs, which ... for an async
library, isn't great.
It does make an already gnarly function even gnarlier, though.
So, what's going on here?
A synchronous function (like require() before this patch) can return a
coroutine that can be awaited on, for example:
However, this function is not considered to be an "async" function in
the eyes of the abstract syntax tree. Specifically,
some_func.__code__.co_flags will not be set with CO_COROUTINE.
The interpreter uses this flag to know if it's legal to use "await" from
within the body of the function. Since this function is just wrapping
another function, it doesn't matter much for the decorator, but sphinx
uses the stdlib inspect.iscoroutinefunction() to determine when to add
the "async" prefix in generated output. This function uses the presence
of CO_COROUTINE.
So, in order to preserve the "async" flag for docs, the require()
decorator needs to differentiate based on whether it is decorating a
sync or async function and use a different wrapping mechanism
accordingly.
Phew.
Signed-off-by: John Snow <jsnow@redhat.com>
cherry picked from commit python-qemu-qmp@40aa9699d619849f528032aa456dd061a4afa957 Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Expose the limit parameter of the underlying StreamReader and StreamWriter
instances.
This is helpful for the use case of transferring files in and out of a VM
via the QEMU guest agent's guest-file-open, guest-file-read, guest-file-write,
and guest-file-close methods, as it allows pushing the buffer size up to the
guest agent's limit of 48MB per transfer.
Signed-off-by: Adam Dorsey <adam@dorseys.email>
cherry picked from commit python-qemu-qmp@9ba6a698344eb3b570fa4864e906c54042824cd6
cherry picked from commit python-qemu-qmp@e4d0d3f835d82283ee0e48438d1b154e18303491
[Squashed in linter fixups. --js] Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
John Snow [Fri, 22 Jul 2022 17:59:19 +0000 (13:59 -0400)]
python: backport 'qmp-shell: add common_parser()'
Signed-off-by: John Snow <jsnow@redhat.com>
cherry picked from commit python-qemu-qmp@20a88c2471f37d10520b2409046d59e1d0f1e905 Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
John Snow [Tue, 6 Jun 2023 17:45:44 +0000 (13:45 -0400)]
python: backport 'Use @asynciocontextmanager'
This removes a non-idiomatic use of a "coroutine callback" in favor of
something a bit more standardized.
Signed-off-by: John Snow <jsnow@redhat.com>
cherry picked from commit python-qemu-qmp@commit 97f7ffa3be17a50544b52767d14b6fd478c07b9e Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
John Snow [Tue, 6 Jun 2023 17:19:11 +0000 (13:19 -0400)]
python: backport 'drop Python3.6 workarounds'
Now that the minimum version is 3.7, drop some of the 3.6-specific hacks
we've been carrying. A single remaining compatibility hack concerning
3.6's lack of @asynccontextmanager is addressed in the following commit.
Signed-off-by: John Snow <jsnow@redhat.com>
cherry picked from commit python-qemu-qmp@3e8e34e594cfc6b707e6f67959166acde4b421b8 Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
John Snow [Fri, 22 Jul 2022 20:30:05 +0000 (16:30 -0400)]
python: backport 'protocol: adjust logging name when changing client name'
The client name is mutable, so the logging name should also change to
reflect it when it changes.
Signed-off-by: John Snow <jsnow@redhat.com>
cherry picked from commit python-qemu-qmp@e10b73c633ce138ba30bc8beccd2ab31989eaf3d Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
John Snow [Tue, 3 May 2022 18:07:10 +0000 (14:07 -0400)]
python: backport 'kick event queue on legacy event_pull()'
This corrects an oversight in qmp-shell operation where new events will
not accumulate in the event queue when pressing "enter" with an empty
command buffer, so no new events show up.
Reported-by: Jag Raman <jag.raman@oracle.com> Signed-off-by: John Snow <jsnow@redhat.com>
cherry picked from commit python-qemu-qmp@0443582d16cf9efd52b2c41a7b5be7af42c856cd Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
When the object is not stateful, this repr method prints what you'd
expect. In cases where there are pending events, the output is augmented
to illustrate that.
The object itself has no idea if it's "active" or not, so it cannot
convey that information.
Signed-off-by: John Snow <jsnow@redhat.com>
cherry picked from commit python-qemu-qmp@8a6f2e136dae395fec8aa5fd77487cfe12d9e05e Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
John Snow [Fri, 22 Jul 2022 18:23:37 +0000 (14:23 -0400)]
python: backport 'Change error classes to have better repr methods'
By passing all of the arguments to the base class and overriding the
__str__ method when we want a different "human readable" message that
isn't just printing the list of arguments, we can ensure that all custom
error classes have a reasonable __repr__ implementation.
In the case of ExecuteError, the pseudo-field that isn't actually
correlated to an input argument can be re-imagined as a read-only
property; this forces consistency in the class and makes the repr output
more obviously correct.
Signed-off-by: John Snow <jsnow@redhat.com>
cherry picked from commit python-qemu-qmp@afdb7893f3b34212da4259b7202973f9a8cb85b3 Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Peter Xu [Thu, 21 Aug 2025 16:59:02 +0000 (12:59 -0400)]
memory: Fix leaks due to owner-shared MRs circular references
Currently, QEMU refcounts the MR by always taking it from the owner.
It's common that one object will have multiple MR objects embeded in the
object itself. All the MRs in this case share the same lifespan of the
owner object.
It's also common that in the instance_init() of an object, MR A can be a
container of MR B, C, D, by using memory_region_add_subregion*() set of
memory region APIs.
Now we have a circular reference issue, as when adding subregions for MR A,
we essentially incremented the owner's refcount within the instance_init(),
meaning the object will be self-boosted and its refcount can never go down
to zero if the MRs won't get detached properly before object's finalize().
Delete subregions within object's finalize() won't work either, because
finalize() will be invoked only if the refcount goes to zero first. What
is worse, object_finalize() will do object_property_del_all() first before
object_deinit(). Since embeded MRs will be properties of the owner object,
it means they'll be freed _before_ the owner's finalize().
To fix that, teach memory API to stop refcount on MRs that share the same
owner. Because if they share the lifecycle of the owner, then they share
the same lifecycle between themselves, hence the refcount doesn't help but
only introduce troubles.
Meanwhile, allow auto-detachments of MRs during finalize() of MRs even
against its container, as long as they belong to the same owner.
The latter is needed because now it's possible to have MRs' finalize()
happen in any order when they share the same lifespan with a same owner.
In this case, we should allow finalize() to happen in any order of either
the parent or child MR. Loose the mr->container check in MR's finalize()
to allow auto-detach. Double check it shares the same owner.
Proper document this behavior in code.
This patch is heavily based on the work done by Akihiko Odaki:
Peter Xu [Wed, 3 Sep 2025 14:29:32 +0000 (10:29 -0400)]
memory: Fix addr/len for flatview_access_allowed()
flatview_access_allowed() should pass in the address offset of the memory
region, rather than the global address space. Shouldn't be a major issue
yet, since the addr is only used in an error log.
Cc: Philippe Mathieu-Daudé <philmd@linaro.org> Fixes: 3ab6fdc91b ("softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Link: https://lore.kernel.org/r/20250903142932.1038765-1-peterx@redhat.com Signed-off-by: Peter Xu <peterx@redhat.com>
Peter Maydell [Thu, 11 Sep 2025 11:41:01 +0000 (12:41 +0100)]
Merge tag 'pull-request-2025-09-09' of https://gitlab.com/thuth/qemu into staging
* Silence warnings from the undefined-behaviour sanitizer
* Many small improvements to various functional tests
* Remove remainders from storing avocado artifacts in the Gitlab CI
* Keep more meson log files as artifacts in the Gitlab CI instead
* Re-enable -fzero-call-used-regs on OpenBSD
* tag 'pull-request-2025-09-09' of https://gitlab.com/thuth/qemu: (23 commits)
tests/functional: purge scratch dir on test startup
tests/functional: avoid tearDown failure when QEMU dies
tests/functional: avoid duplicate messages on failures
tests/functional: fix infinite loop on console EOF
tests/functional: add vm param to cmd.py helpers
tests/functional: return output from cmd.py helpers
gitlab: prevent duplicated meson log artifacts in test jobs
gitlab: include all junit XML files from meson
gitlab: always include entire of meson-logs directory
gitlab: replace avocado results files with meson results files
tests/functional/arm: Update test ASPEED SDK v09.07 for AST2700 vbootrom
tests/functional/arm: Update test ASPEED SDK v09.07 for AST2600
tests/functional/arm: Update test ASPEED SDK v09.07 for AST2500
tests/functional/arm: Update test ASPEED SDK v03.02 for AST1030
tests/functional: handle URLError when fetching assets
tests/functional: fix formatting of exception args
tests/functional: enable force refresh of cached assets
tests/functional/m68k: Avoid ResourceWarning in the nextcube test
ui/vnc: Fix crash when specifying [vnc] without id in the config file
system/physmem: Silence warning from ubsan
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 11 Sep 2025 11:40:38 +0000 (12:40 +0100)]
Merge tag 'pull-vfio-20250908' of https://github.com/legoater/qemu into staging
vfio queue:
* Large refactor of the VFIO code to use QOM casts and follow the
current coding style guidelines
* Removal of the deprecated vfio-platform, vfio-calxeda-xgmac and
vfio-amd-xgbe devices
* Fail with error if dma_max_mappings limit is hit
* Added 'x-pci-class-code' property to vfio-user-pci device
* Added a new helper to retrieve a VFIOPCIDevice from a VFIODevice
* Fixed IGD OpRegion detection
* tag 'pull-vfio-20250908' of https://github.com/legoater/qemu: (31 commits)
vfio/pci.h: rename VFIOPCIDevice pdev field to parent_obj
s390x/s390-pci-vfio.c: use QOM casts where appropriate
vfio-user/pci.c: use QOM casts where appropriate
vfio/igd.c: use QOM casts where appropriate
vfio/cpr.c: use QOM casts where appropriate
vfio/pci-quirks.c: use QOM casts where appropriate
vfio/pci.c: use QOM casts where appropriate
vfio/pci.h: update VFIOPCIDevice declaration
vfio-user/pci.c: rename VFIOUserPCIDevice device field to parent_obj
vfio-user/pci.c: use QOM casts where appropriate
vfio-user/pci.c: update VFIOUserPCIDevice declaration
vfio-user/container.h: rename VFIOUserContainer bcontainer field to parent_obj
vfio/container.c: use QOM casts where appropriate
vfio-user/container.h: update VFIOUserContainer declaration
vfio/vfio-container.h: rename VFIOContainer bcontainer field to parent_obj
vfio/spapr.c: use QOM casts where appropriate
ppc/spapr_pci_vfio.c: use QOM casts where appropriate
hw/vfio/container.c: use QOM casts where appropriate
hw/vfio/cpr-legacy.c: use QOM casts where appropriate
vfio/vfio-container.h: update VFIOContainer declaration
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
tests/functional: purge scratch dir on test startup
The test suite purges the scratch dir in the tearDown method, but
if python crashes (or is non-gracefully killed) this won't get run.
Also the user can set QEMU_TEST_KEEP_SCRATCH to disable cleanup.
Purging the scratch dir on startup ensures that tests always run
from a clean state.
Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250908135722.3375580-5-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
tests/functional: avoid tearDown failure when QEMU dies
In a QEMU process under test dies unexpectedly, the 'shutdown'
method may well raise an exception. This causes the tearDown
method to fail, which means any later cleanup code fails to
get run. Most notably the log handlers don't get removed so
the base.log file from an earlier test will get polluted with
messages from any subsequent tests. The tearDown failure also
results in pages of exceptions printed on the console, which
obscures the real failure message / trace printed by the test.
Ignore any shutdown failures in the tearDown method, since any
test which cares about clean shutdown should have already
cleaned up any running VMs. The tearDown method is just there
as a safety net to cleanup resources. The base.log file will
still containing log messages from the failed 'vm.shutdown'
call too.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250908135722.3375580-4-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
tests/functional: avoid duplicate messages on failures
In some scenarios the same tests is mentioned in both the
'res.results.errors' and 'res.results.failures' array returned
by unittest.main(). This was seen when the 'tearDown' method
raised an exception.
In such a case, we printed out the same information about where
to find a log file twice for each test. Track which tests we
have already reported on, to avoid the duplication.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250908135722.3375580-3-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
tests/functional: fix infinite loop on console EOF
The 'recv' method will return an empty byte array, not None, when
the socket has EOF.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250908135722.3375580-2-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
John Levon [Wed, 3 Sep 2025 20:19:30 +0000 (22:19 +0200)]
tests/functional: add vm param to cmd.py helpers
Extend the "vm" parameter of wait_for_console_pattern() to all the other
utility functions; this allows them to be used on a VM other than
test.vm.
Signed-off-by: John Levon <john.levon@nutanix.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250903201931.168317-3-john.levon@nutanix.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
John Levon [Wed, 3 Sep 2025 20:19:29 +0000 (22:19 +0200)]
tests/functional: return output from cmd.py helpers
Tests might want to look at the whole output from a command execution,
as well as just logging it. Add support for this.
Signed-off-by: John Levon <john.levon@nutanix.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250903201931.168317-2-john.levon@nutanix.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
gitlab: prevent duplicated meson log artifacts in test jobs
The build jobs will populate build/meson-logs/ with various files
that are added as artifacts.
The test jobs preserve the state of the build jobs, so we must
delete any pre-existing logs to prevent confusion from duplicate
artifacts.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250908190901.3571859-5-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
The junit XML file produced by meson does not always have the
name 'testlog.junit.xml' - in the case of 'make check-functional'
there is a 'testlog-thorough.junit.xml' file too.
Improve CI debugging robustness by capturing all junit files that
meson produces.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250908190901.3571859-4-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
gitlab: always include entire of meson-logs directory
There are files besides testlog.txt that may be useful as published
CI artifacts.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250908190901.3571859-3-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
gitlab: replace avocado results files with meson results files
The 'results.xml' file and 'test-results' directory were both outputs
of the avovcado test runner. Since we're now using meson with the new
functional test framework, we must reference meson results files as the
CI artifacts.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250908190901.3571859-2-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
tests/functional: handle URLError when fetching assets
We treat most HTTP errors as non-fatal when fetching assets,
but forgot to handle network level errors. This adds catching
of URLError so that we retry on failure, and will ultimately
trigger graceful skipping in the pre-cache task.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250829142616.2633254-4-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
tests/functional: fix formatting of exception args
The catch-all exception handler forgot the placeholder for
the exception details.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250829142616.2633254-3-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
tests/functional: enable force refresh of cached assets
If the 'QEMU_TEST_REFRESH_CACHE' environment variable is set, then
ignore any existing cached asset and download a fresh copy.
This can be used to selectively refresh assets if set before running
a single test script.
Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250829142616.2633254-2-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Fri, 29 Aug 2025 14:20:00 +0000 (16:20 +0200)]
tests/functional/m68k: Avoid ResourceWarning in the nextcube test
Since commit c3fd296cf7b1 ("functional: always enable all python
warnings") we enabled more warnings for the functional tests. This
triggers now a warning in the nextcube test:
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250829142000.62320-1-thuth@redhat.com>
The required "id" is only set up automatically while parsing the command
line, but not when reading the options from the config file.
Thus let's move code that automatically adds the id (if it does not
exist yet) to the init function that needs the id for the first time,
replacing the assert() statement there.
Thomas Huth [Mon, 28 Jul 2025 11:51:51 +0000 (13:51 +0200)]
hw/mips/malta: Silence warning from ubsan
When compiling QEMU with --enable-ubsan there is a undefined behavior
warning when using the malta machine:
hw/mips/malta.c:1200:32: runtime error: addition of unsigned offset
to 0x7fb620600000 overflowed to 0x7fb6205fffff
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior hw/mips/malta.c:1200:32
To fix the issue, check the bios_size whether we really loaded the
firmware before trying to byte-swap the instructions here.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250728115152.187728-1-thuth@redhat.com>
OpenBSD 7.7 fixed the problem with the -fzero-call-used-regs on OpenBSD,
see https://github.com/openbsd/src/commit/03eca72d1e030b7a542cd6aec1 for
the fix there.
Suggested-by: Brad Smith <brad@comstyle.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250508144120.163009-6-thuth@redhat.com>
Thomas Huth [Thu, 8 May 2025 14:41:17 +0000 (16:41 +0200)]
hw/display/bcm2835_fb: Move inclusion of console.h to the .c file
The definitions from console.h are not needed in the bcm2835_fb.h
header file yet, so let's move it to the place that really needs
its definitions, i.e. into the bcm2835_fb.c file.
This way the header can also be used by code that is not compiled
with the CFLAGS that are required for pixman or OpenGL (in case
their headers do not reside under /usr/include).
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250508144120.163009-3-thuth@redhat.com>
Mark Cave-Ayland [Tue, 15 Jul 2025 09:26:02 +0000 (10:26 +0100)]
vfio/pci.h: rename VFIOPCIDevice pdev field to parent_obj
Now that nothing accesses the pdev field directly, rename pdev to
parent_obj as per our current coding guidelines.
Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Steve Sistare <steven.sistare@oracle.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-23-mark.caveayland@nutanix.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
projects / thirdparty / qemu.git / log
