The vcpu property is no longer used in these backends. Removing it avoids
unnecessary checks and simplifies the code generation for these trace
backends.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Tanish Desai <tanishdesai37@gmail.com>
Message-id: 20250722114352.3624-1-tanishdesai37@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'display-20250718-pull-request' of https://gitlab.com/kraxel/qemu:
hw/i386: Add the ramfb romfile compatibility
vfio: Move the TYPE_* to hw/vfio/types.h
ramfb: Add property to control if load the romfile
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Conflicts:
hw/core/machine.c
Context conflict because the vfio-pci
"x-migration-load-config-after-iter" was added recently.
Stefan Hajnoczi [Mon, 21 Jul 2025 16:21:31 +0000 (12:21 -0400)]
Merge tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu into staging
Misc crypto & UI patches
* Fix endian defaults when no VNC pixel format message is set
* Add more trace events for VNC messages
* Fix checking of certificate loading
* Eliminate cert limit on loading CA certificates
* tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu:
crypto: load all certificates in X509 CA file
crypto/x509-utils: Check for error from gnutls_x509_crt_init()
ui: add trace events for all client messages
ui: fix setting client_endian field defaults
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Developers are accustomed to read RWX, not RWE.
Replace E -> X.
Reported-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Mads Ynddal <mads@ynddal.dk> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'pull-request-2025-07-21' of https://gitlab.com/thuth/qemu:
docs/devel: fix over-quoting of QEMU_TEST_KEEP_SCRATCH
functional: always enable all python warnings
functional: ensure sockets and files are closed
functional: ensure log handlers are closed
linux-headers: Remove the 32-bit arm headers
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 21 Jul 2025 10:34:47 +0000 (06:34 -0400)]
Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEIV1G9IJGaJ7HfzVi7wSWWzmNYhEFAmh91p0ACgkQ7wSWWzmN
# YhG+2wgAqw3G2TGRPT29ObyYDcd2Z54jdnNpX5gEND/UnqENprXfdD3PR58bnxe3
# uJGPRkMXgkIDit61lshsb8DF8x9ZEIlm/Ax5FM0ksBczWDYHiyEuXoyt2Uai1kWY
# fLBkVfjFqCu1AGniboCZiC4ZawZXIqkx/+DI3J/XRqa+bSCQ18I15dsLD/yxU/pp
# Hwxp07/d+UayANdxs0mZ5Lr7a1ktTgytCt0O2jQNHlMzfOvdBbVbF/WGclMWfNgI
# 68HWPY7P8k8jRTRFx3H/0LyYQrPyseTpa3zHC+zW9jNskkPkhCwlAY4UDC8x8LII
# OjsDc/0nre626rNCiJlifD3UJ7t86A==
# =xj23
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 21 Jul 2025 01:56:45 EDT
# gpg: using RSA key 215D46F48246689EC77F3562EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [full]
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* tag 'net-pull-request' of https://github.com/jasowang/qemu:
net/vhost-user: Remove unused "err" from chr_closed_bh() (CID 1612365)
net/passt: Initialize "error" variable in net_passt_send() (CID 1612368)
net/passt: Check return value of g_remove() in net_passt_cleanup() (CID 1612369)
net/passt: Remove dead code in passt_vhost_user_start error path (CID 1612371)
net/vhost-user: Remove unused "err" from net_vhost_user_event() (CID 1612372)
net/passt: Remove unused "err" from passt_vhost_user_event() (CID 1612375)
hw/net/npcm_gmac.c: Drop 'buf' local variable
hw/net/npcm_gmac.c: Correct test for when to reallocate packet buffer
hw/net/npcm_gmac.c: Unify length and prev_buf_size variables
hw/net/npcm_gmac.c: Send the right data for second packet in a row
tap: fix net_init_tap() return code
net/tap: drop too small packets
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Henry Kleynhans [Wed, 22 Dec 2021 15:05:59 +0000 (15:05 +0000)]
crypto: load all certificates in X509 CA file
Some CA files may contain multiple intermediaries and roots of trust.
These may not fit into the hard-coded limit of 16.
Extend the validation code to allocate enough space to load all of the
certificates present in the CA file and ensure they are cleaned up.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Henry Kleynhans <hkleynhans@fb.com>
[DB: drop MAX_CERTS constant & whitespace tweaks] Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit a2260983c655 ("hvf: arm: Add support for GICv3") added GICv3 support
by implementing emulation for a few system registers. ICC_RPR_EL1 was
defined but not plugged in the sysreg handlers (for no good reason).
Fix it.
Fixes: a2260983c655 ("hvf: arm: Add support for GICv3") Signed-off-by: Zenghui Yu <zenghui.yu@linux.dev> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250714160139.10404-3-zenghui.yu@linux.dev Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hvf: arm: Add permission check in GIC sysreg handlers
Quoting Peter Maydell:
" hvf_sysreg_read_cp() and hvf_sysreg_write_cp() do not check the .access
field of the ARMCPRegInfo to ensure that they forbid writes to registers
that are marked with a .access field that says they're read-only (and
ditto reads to write-only registers). "
Before we add more registers in GIC sysreg handlers, let's get it correct
by adding the .access checks to hvf_sysreg_read_cp() and
hvf_sysreg_write_cp(). With that, a sysreg access with invalid permission
will result in an UNDEFINED exception.
Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Zenghui Yu <zenghui.yu@linux.dev>
Message-id: 20250714160139.10404-2-zenghui.yu@linux.dev Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 18 Jul 2025 17:30:32 +0000 (18:30 +0100)]
target/arm: Make LD1Q decode and trans fn agree about a->u
For the LD1Q instruction (gather load of quadwords) we use the
LD1_zprz pattern with MO_128 elements. At this element size there is
no signed vs unsigned distinction, and we only set the 'u' bit in the
arg_LD1_zprz struct because we share the code and decode struct with
smaller element sizes.
However, we set u=0 in the decode pattern line but then accidentally
asserted that it was 1 in the trans function. Since our usual convention
is that the "default" is unsigned and we only mark operations as signed
when they really do need to extend, change the decode pattern line to
set u=1 to match the assert.
Fixes: d2aa9a804ee6 ("target/arm: Implement LD1Q, ST1Q for SVE2p1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-11-peter.maydell@linaro.org
Peter Maydell [Fri, 18 Jul 2025 17:30:31 +0000 (18:30 +0100)]
target/arm: Honour FPCR.AH=1 default NaN value in FMAXNMQV, FMINNMQV
The FMAXNMQV and FMINNMQV insns use the default NaN as their identity
value for inactive source vector elements. We open-coded this in
sve_helper.c, hoping to avoid a function call. However, this fails
to account for FPCR.AH=1 changing the default NaN value to set the
sign bit. Use a call to floatN_default_nan() to obtain this value.
Fixes: 1de7ecfc12d05 ("target/arm: Implement FADDQV, F{MIN, MAX}{NM}QV for SVE2p1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-10-peter.maydell@linaro.org
Peter Maydell [Fri, 18 Jul 2025 17:30:30 +0000 (18:30 +0100)]
target/arm: Don't nest H() macro calls in SVE DO_REDUCE
In the part of the SVE DO_REDUCE macro used by the SVE2p1 FMAXQV,
FMINQV, etc insns, we incorrectly applied the H() macro twice when
calculating an offset to add to the vn pointer. This has no effect
on little-endian hosts but on big-endian hosts the two invocations
will cancel each other out and we will access the wrong part of the
array.
The "s * 16" part of the expression is already aligned, so we only
need to use the H macro on the "e". Correct the macro usage.
Fixes: 1de7ecfc12d05 ("target/arm: Implement FADDQV, F{MIN, MAX}{NM}QV for SVE2p1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-9-peter.maydell@linaro.org
Peter Maydell [Fri, 18 Jul 2025 17:30:29 +0000 (18:30 +0100)]
target/arm: Correct sense of FPCR.AH test for FMAXQV and FMINQV
When we implemented the FMAXQV and FMINQV insns we accidentally
inverted the sense of the FPCR.AH test, so we gave the AH=1 behaviour
when FPCR.AH was zero, and vice-versa. (The difference is limited to
handling of negative zero and NaN inputs.)
Fixes: 1de7ecfc12d05 ("target/arm: Implement FADDQV, F{MIN, MAX}{NM}QV for SVE2p1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250718173032.2498900-8-peter.maydell@linaro.org
Peter Maydell [Fri, 18 Jul 2025 17:30:27 +0000 (18:30 +0100)]
target/arm: Add BFMLA, BFMLS (vectors)
FEAT_SVE_B16B16 adds bfloat16 versions of the FMLA and FMLS insns in
the "SVE floating-point multiply-accumulate writing addend" group,
encoded as sz=0b00.
Fixes: 7b1613a1020d2942 ("target/arm: Enable FEAT_SME2p1 on -cpu max") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-6-peter.maydell@linaro.org
Peter Maydell [Fri, 18 Jul 2025 17:30:26 +0000 (18:30 +0100)]
target/arm: Add BFMUL (indexed)
FEAT_SVE_B16B16 adds a bfloat16 version of the FMUL insn in the
floating-point multiply (indexed) instruction group. The encoding
is slightly bespoke; in our implementation we use MO_8 to indicate
bfloat16, as with the other B16B16 insns.
Fixes: 7b1613a1020d2942 ("target/arm: Enable FEAT_SME2p1 on -cpu max") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-5-peter.maydell@linaro.org
Peter Maydell [Fri, 18 Jul 2025 17:30:25 +0000 (18:30 +0100)]
target/arm: Add BFMIN, BFMAX (predicated)
FEAT_SVE_B16B16 adds bfloat16 versions of the SVE floating point
(predicated) instructions, which are encoded via sz=0b00. Add the
BFMAX and BFMIN insns. These have separate behaviour for AH=1 and
AH=0; we have already implemented the AH=1 helper for the SME2
versions of these insns.
Fixes: 7b1613a1020d2942 ("target/arm: Enable FEAT_SME2p1 on -cpu max") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-4-peter.maydell@linaro.org
FEAT_SVE_B16B16 adds bfloat16 versions of the SVE floating point
(predicated) instructions, which are encoded via sz=0b00.
Add BFADD, BFSUB, BFMUL, BFMAXNM, BFMINNM; these are all the insns
in this group which do not change behaviour for AH=1.
We will deal with BFMAX/BFMIN (which do have different AH=1
behaviour) in a following commit.
Fixes: 7b1613a1020d2942 ("target/arm: Enable FEAT_SME2p1 on -cpu max") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250718173032.2498900-3-peter.maydell@linaro.org
commit ad8e0e8a0088 removed the "======" underlining the file title
which broke documentation rendering. Add it back.
Fixes: ad8e0e8a0088 ("docs: add support for gb200-bmc") Cc: Ed Tanous <etanous@nvidia.com> Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Ed Tanous <etanous@nvidia.com>
Message-id: 20250715061904.97540-1-clg@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Coverity Scan noted an unusual pattern in the
MAX78000 aes device, with duplicated calls to
set_decrypt. This commit adds a comment noting
why the implementation is correct.
Signed-off-by: Jackson Donaldson <jcksn@duck.com>
Message-id: 20250716002622.84685-1-jcksn@duck.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 21 Jul 2025 09:07:53 +0000 (10:07 +0100)]
host-utils: Drop workaround for buggy Apple Clang __builtin_subcll()
In commit b0438861efe ("host-utils: Avoid using __builtin_subcll on
buggy versions of Apple Clang") we added a workaround for a bug in
Apple Clang 14 where its __builtin_subcll() implementation was wrong.
This bug was only present in Apple Clang 14, not in upstream clang,
and is not present in Apple Clang versions 15 and newer.
Since commit 4e035201 we have required at least Apple Clang 15, so we
no longer build with the buggy versions. We can therefore drop the
workaround. This is effectively a revert of b0438861efe.
This should not be backported to stable branches, which may still
need to support Apple Clang 14.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3030 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20250714145033.1908788-1-peter.maydell@linaro.org
Peter Maydell [Mon, 21 Jul 2025 09:07:53 +0000 (10:07 +0100)]
target/arm: Provide always-false kvm_arm_*_supported() stubs for usermode
If you try to build aarch64-linux-user with clang and --enable-debug then it
fails to compile:
ld: libqemu-aarch64-linux-user.a.p/target_arm_cpu64.c.o: in function `cpu_arm_set_sve':
../../target/arm/cpu64.c:321:(.text+0x1254): undefined reference to `kvm_arm_sve_supported'
This is a regression introduced in commit f86d4220, which switched
the kvm-stub.c file away from being built for all arm targets to only
being built for system emulation binaries. It doesn't affect gcc,
presumably because even at -O0 gcc folds away the always-false
kvm_enabled() condition but clang does not.
We would prefer not to build kvm-stub.c once for usermode and once
for system-emulation binaries, and we can't build it just once for
both because it includes cpu.h. So instead provide always-false
versions of the five functions that are valid to call without KVM
support in kvm_arm.h.
Fixes: f86d42205c2eba ("target/arm/meson: accelerator files are not needed in user mode")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3033 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-id: 20250714135152.1896214-1-peter.maydell@linaro.org
Peter Maydell [Mon, 21 Jul 2025 09:07:53 +0000 (10:07 +0100)]
hw/misc/ivshmem-pci: Improve error handling
Coverity points out that the ivshmem-pci code has some error handling
cases where it incorrectly tries to use an invalid filedescriptor.
These generally happen because ivshmem_recv_msg() calls
qemu_chr_fe_get_msgfd(), which might return -1, but the code in
process_msg() generally assumes that the file descriptor was provided
when it was supposed to be. In particular:
* the error case in process_msg() only needs to close the fd
if one was provided
* process_msg_shmem() should fail if no fd was provided
Coverity: CID 1508726 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20250711145012.1521936-1-peter.maydell@linaro.org
Peter Maydell [Mon, 21 Jul 2025 09:07:52 +0000 (10:07 +0100)]
target/arm: Correct encoding of Debug Communications Channel registers
We don't implement the Debug Communications Channel (DCC), but
we do attempt to provide dummy versions of its system registers
so that software that tries to access them doesn't fall over.
However, we got the tx/rx register definitions wrong. These
should be:
AArch32:
DBGDTRTX p14 0 c0 c5 0 (on writes)
DBGDTRRX p14 0 c0 c5 0 (on reads)
AArch64:
DBGDTRTX_EL0 2 3 0 5 0 (on writes)
DBGDTRRX_EL0 2 3 0 5 0 (on reads)
DBGDTR_EL0 2 3 0 4 0 (reads and writes)
where DBGDTRTX and DBGDTRRX are effectively different names for the
same 32-bit register, which has tx behaviour on writes and rx
behaviour on reads. The AArch64-only DBGDTR_EL0 is a 64-bit wide
register whose top and bottom halves map to the DBGDTRRX and DBGDTRTX
registers.
Currently we have just one cpreg struct, which:
* calls itself DBGDTR_EL0
* uses the DBGDTRTX_EL0/DBGDTRRX_EL0 encoding
* is marked as ARM_CP_STATE_BOTH but has the wrong opc1
value for AArch32
* is implemented as RAZ/WI
Correct the encoding so:
* we name the DBGDTRTX/DBGDTRRX register correctly
* we split it into AA64 and AA32 versions so we can get the
AA32 encoding right
* we implement DBGDTR_EL0 at its correct encoding
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2986 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20250708141049.778361-1-peter.maydell@linaro.org
We don't synchronize vcpu registers from the hardware accelerator (e.g., by
cpu_synchronize_state()) in the Dabort handler, so env->pc points to the
instruction which has nothing to do with the Dabort at all.
And it doesn't seem to make much sense to log PC in every Dabort handler,
let's just remove it from this trace event.
Signed-off-by: Zenghui Yu <zenghui.yu@linux.dev> Reviewed-by: Mads Ynddal <mads@ynddal.dk>
Message-id: 20250713154719.4248-1-zenghui.yu@linux.dev Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Thu, 17 Jul 2025 10:41:05 +0000 (11:41 +0100)]
docs/devel: fix over-quoting of QEMU_TEST_KEEP_SCRATCH
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250717104105.2656786-1-alex.bennee@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Of most importance is that this gives us a heads-up if anything
we rely on has been deprecated. The default python behaviour
only emits a warning if triggered from __main__ which is very
limited.
Setting the env variable further ensures that any python child
processes will also display warnings.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250715143023.1851000-11-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
The multiprocess and virtio_gpu tests open sockets but then forget
to close them, which triggers resource leak warnings
The virtio_gpu test also fails to close a log file it opens.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250715143023.1851000-10-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
This avoids a resource leak warning from python when the
log handler is garbage collected.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250715143023.1851000-9-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Thu, 10 Jul 2025 12:00:35 +0000 (14:00 +0200)]
linux-headers: Remove the 32-bit arm headers
KVM support for 32-bit arm has been dropped a while ago, so we don't
need these headers in QEMU anymore.
Fixes: 82bf7ae84ce ("target/arm: Remove KVM support for 32-bit Arm hosts") Acked-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250710120035.169376-1-thuth@redhat.com>
net/vhost-user: Remove unused "err" from chr_closed_bh() (CID 1612365)
The "err" variable was declared but never used within the
chr_closed_bh() function. This resulted in a dead code
warning (CID 1612365) from Coverity.
Remove the unused variable and the associated error block
to resolve the issue.
Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
net/passt: Initialize "error" variable in net_passt_send() (CID 1612368)
This was flagged by Coverity as a memory illegal access.
Initialize the pointer to NULL at declaration.
Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
net/passt: Check return value of g_remove() in net_passt_cleanup() (CID 1612369)
If g_remove() fails, use warn_report() to log an error.
Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
net/passt: Remove dead code in passt_vhost_user_start error path (CID 1612371)
In passt_vhost_user_start(), if vhost_net_init() fails, the "net"
variable is NULL and execution jumps to the "err:" label.
The cleanup code within this label is conditioned on "if (net)",
which can never be true in this error case. This makes the cleanup
block dead code, as reported by Coverity (CID 1612371).
Refactor the error handling to occur inline, removing the goto and
the unreachable cleanup block.
Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
net/vhost-user: Remove unused "err" from net_vhost_user_event() (CID 1612372)
The "err" variable was declared but never used within the
net_vhost_user_event() function. This resulted in a dead code
warning (CID 1612372) from Coverity.
Remove the unused variable and the associated error block
to resolve the issue.
Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
net/passt: Remove unused "err" from passt_vhost_user_event() (CID 1612375)
The "err" variable was declared but never used within the
passt_vhost_user_event() function. This resulted in a dead code
warning (CID 1612375) from Coverity.
Remove the unused variable and the associated error block
to resolve the issue.
Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
Peter Maydell [Mon, 14 Jul 2025 16:55:23 +0000 (17:55 +0100)]
hw/net/npcm_gmac.c: Drop 'buf' local variable
We use the local variable 'buf' only when we call dma_memory_read(),
and it is always set to &tx_send_buffer[prev_buf_size] immediately
before both of those calls. So remove the variable and pass
tx_send_buffer + prev_buf_size to dma_memory_read().
This fixes in passing a place where we set buf = tx_send_buffer
but never used that value because we always updated buf to
something else later before using it.
Coverity: CID 1534027 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
Peter Maydell [Mon, 14 Jul 2025 16:55:22 +0000 (17:55 +0100)]
hw/net/npcm_gmac.c: Correct test for when to reallocate packet buffer
In gmac_try_send_next_packet() we have code that does "if this block
of data won't fit in the buffer, reallocate it". However, the
condition it uses is
if ((prev_buf_size + tx_buf_len) > sizeof(buf))
where buf is a uint8_t *.
This means that sizeof(buf) is always 8 bytes, and the condition will
almost always be true, so we will reallocate the buffer more often
than we need to.
Correct the condition to test against tx_buffer_size, which is
where we track how big the allocated buffer is.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
Peter Maydell [Mon, 14 Jul 2025 16:55:21 +0000 (17:55 +0100)]
hw/net/npcm_gmac.c: Unify length and prev_buf_size variables
After the bug fix in the previous commit, the length and prev_buf_size
variables are identical, except that prev_buf_size is uint32_t and
length is uint16_t. We can therefore unify them. The only place where
the type makes a difference is that we will truncate the packet
at 64K when sending it; this commit preserves that behaviour
by using a local variable when doing the packet send.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
Peter Maydell [Mon, 14 Jul 2025 16:55:20 +0000 (17:55 +0100)]
hw/net/npcm_gmac.c: Send the right data for second packet in a row
The transmit loop in gmac_try_send_next_packet() is constructed in a
way that means it will send incorrect data if it it sends more than
one packet.
The function assembles the outbound data in a dynamically allocated
block of memory which is pointed to by tx_send_buffer. We track the
first point in this block of memory which is not yet used with the
prev_buf_size offset, initially zero. We track the size of the
packet we're sending with the length variable, also initially zero.
As we read chunks of data out of guest memory, we write them to
tx_send_buffer[prev_buf_size], and then increment both prev_buf_size
and length. (We might dynamically reallocate the buffer if needed.)
When we send a packet, we checksum and send length bytes, starting at
tx_send_buffer, and then we reset length to 0. This gives the right
data for the first packet. But we don't reset prev_buf_size. This
means that if we process more descriptors with further data for the
next packet, that data will continue to accumulate at offset
prev_buf_size, i.e. after the data for the first packet. But when
we transmit that second packet, we send length bytes from
tx_send_buffer, so we will send a packet which has the length of the
second packet but the data of the first one.
The fix for this is to also clear prev_buf_size after the packet has
been sent -- we never need the data from packet one after we've sent
it, so we can write packet two's data starting at the beginning of
the buffer.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
Steve Sistare [Mon, 14 Jul 2025 20:36:54 +0000 (13:36 -0700)]
tap: fix net_init_tap() return code
net_init_tap intends to return 0 for success and -1 on error. However,
when net_init_tap() succeeds for a multi-queue device, it returns 1,
because of this code where ret becomes 1 when g_unix_set_fd_nonblocking
succeeds:
ret = g_unix_set_fd_nonblocking(fd, true, NULL);
if (!ret) {
... error ...
free_fail:
...
return ret;
Luckily, the only current call site checks for negative, rather than non-zero:
net_client_init1()
if (net_client_init_fun[](...) < 0)
Also, in the unlikely case that g_unix_set_fd_nonblocking fails and returns
false, ret=0 is returned, and net_client_init1 will use a broken interface.
Fix it to be future proof.
Signed-off-by: Steve Sistare <steven.sistare@oracle.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Theoretically tap_read_packet() may return size less than
s->host_vnet_hdr_len, and next, we'll work with negative size
(in case of !s->using_vnet_hdr). Let's avoid it.
Don't proceed with size == s->host_vnet_hdr_len as well in case
of !s->using_vnet_hdr, it doesn't make sense.
Tested-by: Lei Yang <leiyang@redhat.com> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Signed-off-by: Jason Wang <jasowang@redhat.com>
So these six are the only machine types we have to worry about.
The three x86 machine types (pc, q35, microvm) will actually use the rom
(when booting with seabios).
For arm/riscv/loongarch virt we want to disable the rom.
This patch sets ramfb romfile option to false by default, except for x86
machines types (pc, q35, microvm) which need the rom file when booting
with seabios and machine types <= 10.0 (handling the case of arm virt,
for compat reasons).
At the same time, set the "use-legacy-x86-rom" property to true on those
historical versioned machine types in order to avoid the memory layout
being changed.
Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Shaoqin Huang <shahuang@redhat.com>
Message-ID: <20250717100941.2230408-4-shahuang@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Move the TYPE_* to a new file hw/vfio/types.h because the
TYPE_VFIO_PCI will be used in later patch, but directly include the
hw/vfio/pci.h can cause some compilation error when cross build the
windows version.
The hw/vfio/types.h can be included to mitigate that problem.
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
i386/tdx: Remove the redundant qemu_mutex_init(&tdx->lock)
i386/cpu: Cleanup host_cpu_max_instance_init()
target/i386: tdx: fix locking for interrupt injection
meson: re-generate scripts/meson-buildoptions.sh to fix IGVM entry
i386/cpu: Move x86_ext_save_areas[] initialization to .instance_init
target/i386: do not expose ARCH_CAPABILITIES on AMD CPU
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Xiaoyao Li [Thu, 17 Jul 2025 10:37:07 +0000 (18:37 +0800)]
i386/tdx: Remove the redundant qemu_mutex_init(&tdx->lock)
Commit 40da501d8989 ("i386/tdx: handle TDG.VP.VMCALL<GetQuote>") added
redundant qemu_mutex_init(&tdx->lock) in tdx_guest_init by mistake.
Fix it by removing the redundant one.
Fixes: 40da501d8989 ("i386/tdx: handle TDG.VP.VMCALL<GetQuote>") Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Link: https://lore.kernel.org/r/20250717103707.688929-1-xiaoyao.li@intel.com Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Xiaoyao Li [Wed, 16 Jul 2025 06:31:16 +0000 (14:31 +0800)]
i386/cpu: Cleanup host_cpu_max_instance_init()
The implementation of host_cpu_max_instance_init() was merged into
host_cpu_instance_init() by commit 29f1ba338baf ("target/i386: merge
host_cpu_instance_init() and host_cpu_max_instance_init()"), while the
declaration of it remains in host-cpu.h.
Reported-by: Peter Maydell <peter.maydell@linaro.org> Cc: Xiaoyao Li <xiaoyao.li@intel.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* tag 'pull-qapi-2025-07-16' of https://repo.or.cz/qemu/armbru:
python: fix editable installs for modern pip/setuptools
MAINTAINERS: Add docs/requirements.txt
docs: Bump sphinx to 6.2.1
tests/qtest/qom-test: unit test for qom-list-get
python: use qom-list-get
qom: qom-list-get
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
meson: re-generate scripts/meson-buildoptions.sh to fix IGVM entry
Commit 84fe49d94a ("meson: Add optional dependency on IGVM library")
was inconsistent with the contents of meson_options.txt and the one
generated in scripts/meson-buildoptions.sh
Let's regenerate the file in this way to keep them consistent and prevent
future changes from including the spurious diff:
touch meson_options.txt
make update-buildoptions
Fixes: 84fe49d94a ("meson: Add optional dependency on IGVM library") Cc: roy.hopkins@randomman.co.uk Reported-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Link: https://lore.kernel.org/r/20250717131256.157383-1-sgarzare@redhat.com Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Move x86_ext_save_areas[] initialization to .instance_init and place it
before accel_cpu_instance_init().
Fixes: commit 5f158abef44c ("target/i386: move accel_cpu_instance_init to .instance_init") Reported-by: Paolo Abeni <pabeni@redhat.com> Tested-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Link: https://lore.kernel.org/r/20250717023933.2502109-1-zhao1.liu@intel.com Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 14 Jul 2025 08:19:36 +0000 (10:19 +0200)]
target/i386: do not expose ARCH_CAPABILITIES on AMD CPU
KVM emulates the ARCH_CAPABILITIES on x86 for both Intel and AMD
cpus, although the IA32_ARCH_CAPABILITIES MSR is an Intel-specific
MSR and it makes no sense to emulate it on AMD.
As a consequence, VMs created on AMD with qemu -cpu host and using
KVM will advertise the ARCH_CAPABILITIES feature and provide the
IA32_ARCH_CAPABILITIES MSR. This can cause issues (like Windows BSOD)
as the guest OS might not expect this MSR to exist on such cpus (the
AMD documentation specifies that ARCH_CAPABILITIES feature and MSR
are not defined on the AMD architecture).
A fix was proposed in KVM code, however KVM maintainers don't want to
change this behavior that exists for 6+ years and suggest changes to be
done in QEMU instead. Therefore, hide the bit from "-cpu host":
migration of -cpu host guests is only possible between identical host
kernel and QEMU versions, therefore this is not a problematic breakage.
If a future AMD machine does include the MSR, that would re-expose the
Windows guest bug; but it would not be KVM/QEMU's problem at that
point, as we'd be following a genuine physical CPU impl.
Reported-by: Alexandre Chartre <alexandre.chartre@oracle.com> Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
ramfb: Add property to control if load the romfile
Currently the ramfb device loads the vgabios-ramfb.bin unconditionally,
but only the x86 need the vgabios-ramfb.bin, this can cause that when
use the release package on arm64 it can't find the vgabios-ramfb.bin.
Because only seabios will use the vgabios-ramfb.bin, load the rom logic
is x86-specific. For other !x86 platforms, the edk2 ships an EFI driver
for ramfb, so they don't need to load the romfile.
So add a new property use-legacy-x86-rom in both ramfb and vfio_pci
device, because the vfio display also use the ramfb_setup() to load
the vgabios-ramfb.bin file.
After have this property, the machine type can set the compatibility to
not load the vgabios-ramfb.bin if the arch doesn't need it.
For now the default value is true but it will be turned off by default
in subsequent patch when compats get properly handled.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Shaoqin Huang <shahuang@redhat.com>
Message-ID: <20250717100941.2230408-2-shahuang@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
John Snow [Tue, 15 Jul 2025 22:25:48 +0000 (18:25 -0400)]
python: fix editable installs for modern pip/setuptools
The way editable installs work has changed at some point since Fedora 40
was released. Generally, we should be opting to use pyproject.toml
installs (PEP517/518) - but those are not fully supported until v61 of
setuptools, and CentOS Stream 9 ships v53.
Until that time, we can make use of a transitional feature in
pip/setuptools to use "legacy" editable installs, which is enough to fix
"make check-dev" on modern local workstations for now.
By using the environment variable approach to configure pip, we avoid
any problems for older versions of pip that don't recognize this option,
so it's harmless. The config-settings option first appeared in v23 of
pip. editable_mode was first supported by setuptools in v64.
(I'm not currently precisely aware of when the default behavior of '-e'
switched away from 'compat', but it appears to be a joint effect between
setuptools and pip versions.)
Version information for supported build platforms:
Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20250715222548.198888-1-jsnow@redhat.com> Tested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
../docs/meson.build:37: WARNING: /home/me/qemu/build/pyvenv/bin/sphinx-build:
Extension error:
Could not import extension sphinx.builders.epub3 (exception: No module named 'imghdr')
../docs/meson.build:39:6: ERROR: Problem encountered: Install a Python 3 version of python-sphinx and the readthedoc theme
Bump sphinx to 6.2.1 and also sphinx_rtd_theme as required for the new
sphinx version.
(jsnow note: this patch bumps the recommended version for Sphinx to
install when it is missing, but allows old versions to be used if they
are present and functional. The version used for building docs on
readthedocs is pinned to the recommended version, 6.2.1.)
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Tested-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20250715212848.171879-2-jsnow@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Steve Sistare [Fri, 11 Jul 2025 15:45:03 +0000 (08:45 -0700)]
tests/qtest/qom-test: unit test for qom-list-get
Add a unit test for qom-list-get.
Signed-off-by: Steve Sistare <steven.sistare@oracle.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <1752248703-217318-4-git-send-email-steven.sistare@oracle.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Steve Sistare [Fri, 11 Jul 2025 15:45:02 +0000 (08:45 -0700)]
python: use qom-list-get
Use qom-list-get to speed up the qom-tree command.
Signed-off-by: Steve Sistare <steven.sistare@oracle.com> Acked-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <1752248703-217318-3-git-send-email-steven.sistare@oracle.com> Tested-by: Markus Armbruster <armbru@redhat.com>
[Lint picked off to mollify make check-minreqs] Signed-off-by: Markus Armbruster <armbru@redhat.com>
Steve Sistare [Fri, 11 Jul 2025 15:45:01 +0000 (08:45 -0700)]
qom: qom-list-get
Using qom-list and qom-get to get all the nodes and property values in
a QOM tree can take multiple seconds because it requires 1000's of
individual QOM requests. Some managers fetch the entire tree or a
large subset of it when starting a new VM, and this cost is a
substantial fraction of start up time.
Define the qom-list-get command, which fetches all the properties and
values for a list of paths. This can be much faster than qom-list
plus qom-get. When getting an entire QOM tree, I measured a 10x
speedup in elapsed time.
Signed-off-by: Steve Sistare <steven.sistare@oracle.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <1752248703-217318-2-git-send-email-steven.sistare@oracle.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Sean Wei [Sat, 14 Jun 2025 02:09:20 +0000 (22:09 -0400)]
hw/9pfs: move G_GNUC_PRINTF to header
v9fs_path_sprintf() is annotated with G_GNUC_PRINTF(2, 3) in
hw/9pfs/9p.c, but the prototype in hw/9pfs/9p.h is missing the
attribute, so callers that include only the header do not get format
checking.
Move the annotation to the header and delete the duplicate in the
source file. No behavior change.
Signed-off-by: Sean Wei <me@sean.taipei> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250613.qemu.9p.02@sean.taipei>
[CS: fix code style (max. 80 chars per line)] Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Sean Wei [Sat, 14 Jun 2025 02:08:40 +0000 (22:08 -0400)]
fsdev/9p-marshal: move G_GNUC_PRINTF to header
v9fs_string_sprintf() is annotated with G_GNUC_PRINTF(2, 3) in
9p-marshal.c, but the prototype in fsdev/9p-marshal.h is missing the
attribute, so callers that include only the header do not get format
checking.
Move the annotation to the header and delete the duplicate in the
source file. No behavior change.
Signed-off-by: Sean Wei <me@sean.taipei> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20250613.qemu.9p.01@sean.taipei>
[CS: fix code style (max. 80 chars per line)] Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Stefan Hajnoczi [Wed, 16 Jul 2025 11:13:40 +0000 (07:13 -0400)]
Merge tag 'accel-20250715' of https://github.com/philmd/qemu into staging
Accelerators patches
- Unify x86/arm hw/xen/arch_hvm.h header
- Move non-system-specific 'accel/accel-ops.h' and 'accel-cpu-ops.h' to accel/
- Move KVM definitions qapi/accelerator.json
- Add @qom-type field to CpuInfoFast QAPI structure
- Display CPU model name in 'info cpus' HMP command
- Introduce @x-accel-stats QMP command
- Add 'info accel' on HMP
- Improve qemu_add_vm_change_state_handler*() docstring
- Extract TCG statistic related code to tcg-stats.c
- Implement AccelClass::get_[vcpu]_stats() handlers for TCG and HVF
- Do not dump NaN in TCG statistics
- Revert incomplete "accel/tcg: Unregister the RCU before exiting RR thread"
* tag 'accel-20250715' of https://github.com/philmd/qemu:
system/runstate: Document qemu_add_vm_change_state_handler_prio* in hdr
system/runstate: Document qemu_add_vm_change_state_handler()
accel/hvf: Implement AccelClass::get_vcpu_stats() handler
accel/tcg: Implement AccelClass::get_stats() handler
accel/tcg: Propagate AccelState to dump_accel_info()
accel/system: Add 'info accel' on human monitor
accel/system: Introduce @x-accel-stats QMP command
accel/tcg: Extract statistic related code to tcg-stats.c
Revert "accel/tcg: Unregister the RCU before exiting RR thread"
accel: Extract AccelClass definition to 'accel/accel-ops.h'
accel: Rename 'system/accel-ops.h' -> 'accel/accel-cpu-ops.h'
accel/tcg: Do not dump NaN statistics
hw/core/machine: Display CPU model name in 'info cpus' command
qapi/machine: Add @qom-type field to CpuInfoFast structure
qapi/accel: Move definitions related to accelerators in their own file
hw/arm/xen-pvh: Remove unnecessary 'hw/xen/arch_hvm.h' header
hw/xen/arch_hvm: Unify x86 and ARM variants
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Conflicts:
qapi/machine.json
Commit 0462da9d6b19 ("qapi: remove trivial "Returns:" sections")
removed trivial "Returns:". This caused a conflict with the move from
machine.json to accelerator.json.
Stefan Hajnoczi [Wed, 16 Jul 2025 11:08:09 +0000 (07:08 -0400)]
Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging
Block layer patches
- file-posix: Fix aio=threads performance regression after enablign FUA
- QMP query-block/query-named-block-nodes: Include child references
- Graph locking cleanups and fixes around making drain GRAPH_UNLOCKED
- qemu-img: Overhaul option handling and --help
- iotests: add test for changing the 'drive' property via 'qom-set'
Stefan Hajnoczi [Wed, 16 Jul 2025 11:07:44 +0000 (07:07 -0400)]
Merge tag 'pull-vfio-20250715' of https://github.com/legoater/qemu into staging
vfio queue:
* Fixed vfio-user issues reported by Coverity
* Tweaked VFIO migration with multifd to support aarch64
* Introduced a property to override a device PCI class code
* tag 'pull-vfio-20250715' of https://github.com/legoater/qemu:
vfio/migration: Max in-flight VFIO device state buffers size limit
vfio/migration: Add x-migration-load-config-after-iter VFIO property
vfio/pci: Introduce x-pci-class-code option
hw/vfio-user: fix use of uninitialized variable
hw/vfio-user: wait for proxy close correctly
hw/vfio: fix region fd initialization
hw/vfio-user: add Cédric Le Goater as a maintainer
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'pull-qapi-2025-07-14-v2' of https://repo.or.cz/qemu/armbru: (29 commits)
qapi: add cross-references to misc modules
qapi: add cross-references to yank.json
qapi: add cross-references to virtio.json
qapi: add cross-references to ui.json
qapi: add cross-references to sockets.json
qapi: add cross-references to run-state.json
qapi: add cross-references to replay.json
qapi: add cross-references to QOM
qapi: add cross-references to pci.json
qapi: add cross-references to net.json
qapi: add cross-references to migration.json
qapi: add cross-references to Machine core
qapi: add cross-references to job.json
qapi: add cross-references to dump.json
qapi: add cross-references to crypto.json
qapi: add cross-references to block layer
qapi: add cross-references to authz.json
qapi: add cross-references to acpi.json
qapi: rephrase return docs to avoid type name
qapi: remove trivial "Returns:" sections
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu:
tpm: "qemu -tpmdev help" should return success
ui/gtk: Add scale option
ui/gtk: Add keep-aspect-ratio option
hw/display: Allow injection of virtio-gpu EDID name
ui/spice: Blit the scanout texture if its memory layout is not linear
ui/spice: Create a new texture with linear layout when gl=on is specified
ui/console-gl: Add a helper to create a texture with linear memory layout
ui/spice: Add an option to submit gl_draw requests at fixed rate
ui/spice: Add an option for users to provide a preferred video codec
ui/spice: Enable gl=on option for non-local or remote clients
ui/egl-helpers: Error check the fds in egl_dmabuf_export_texture()
ui/vnc: Introduce the VncWorker type
ui/vnc: Do not copy z_stream
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'mips-20250715' of https://github.com/philmd/qemu:
esp.c: only allow ESP commands permitted in the current asc_mode
esp.c: add asc_mode property to indicate the current ESP mode
esp.c: only call dma_memory_write function if transfer length is non-zero
esp.c: only call dma_memory_read function if transfer length is non-zero
esp.h: remove separate ESPState typedef
esp.c: improve comment in esp_transfer_data()
esp.c: only raise IRQ in esp_transfer_data() for CMD_SEL, CMD_SELATN and CMD_TI commands
hw/microblaze: Add missing FDT dependency
hw/intc/loongarch_extioi: Remove unnecessary 'qemu/typedefs.h' include
hw/mips: Restrict ITU to TCG
roms: re-remove execute bit from hppa-firmware*
tests/tcg/mips: Add tests for MIPS CRC32[c] instructions
target/mips: Have gen_[d]lsa() callers add 1 to shift amount argument
target/mips: Convert Octeon LX instructions to decodetree
target/mips: Extract generic gen_lx() helper
target/mips: Extract gen_base_index_addr() helper
target/mips: Add support for emulation of CRC32 instructions
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 16 Jul 2025 11:05:36 +0000 (07:05 -0400)]
Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEIV1G9IJGaJ7HfzVi7wSWWzmNYhEFAmh11cgACgkQ7wSWWzmN
# YhGZKAf+PZ3ZnOoHXd5z8hA5d9Xf+U/01YyPN+Q0NPLWVXhYZBeNhhYEnZwGeSwS
# n0YFTLiYIrcaSrt74QtBvUVCX7KoILRnzgoLquUnFBlI0BrR5pFKB70gHmLU3Dxw
# xOdxtIm/chfiicE39ziTfO28Cv0N1k9NCHsuMsydbhQL8kc/aRaMofizO8MjPLbr
# J8hf8N7jivh8fzH3F5vyglaNl2ijSkPm+XDQYAb04laGfdsIlYkmB7lB/17def2a
# S9gur484x5w+Yb2LNdyq/3IPzDqzlNbRGVcfTZS8FIc65R+5idIN+7lKHCffURrr
# W8zWFy1wA54hJoTxAq0nsf1TSvc9UA==
# =DiBC
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 15 Jul 2025 00:15:04 EDT
# gpg: using RSA key 215D46F48246689EC77F3562EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [full]
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* tag 'net-pull-request' of https://github.com/jasowang/qemu:
net/af-xdp: Support pinned map path for AF_XDP sockets
net/af-xdp: Fix up cleanup path upon failure in queue creation
net/af-xdp: Remove XDP program cleanup logic
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 16 Jul 2025 11:00:47 +0000 (07:00 -0400)]
Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging
virtio,pci,pc: features, fixes, tests
SPCR acpi table can now be disabled
vhost-vdpa can now report hashing capability to guest
PPTT acpi table now tells guest vCPUs are identical
vost-user-blk now shuts down faster
loongarch64 now supports bios-tables-test
intel_iommu now supports ATS
cxl now supports DCD Fabric Management Command Set
arm now supports acpi pci hotplug
* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (97 commits)
hw/cxl: mailbox-utils: 0x5605 - FMAPI Initiate DC Release
hw/cxl: mailbox-utils: 0x5604 - FMAPI Initiate DC Add
hw/cxl: Create helper function to create DC Event Records from extents
hw/cxl: mailbox-utils: 0x5603 - FMAPI Get DC Region Extent Lists
hw/cxl: mailbox-utils: 0x5602 - FMAPI Set DC Region Config
hw/mem: cxl_type3: Add DC Region bitmap lock
hw/cxl: Move definition for dynamic_capacity_uuid and enum for DC event types to header
hw/cxl: mailbox-utils: 0x5601 - FMAPI Get Host Region Config
hw/mem: cxl_type3: Add dsmas_flags to CXLDCRegion struct
hw/cxl: mailbox-utils: 0x5600 - FMAPI Get DCD Info
hw/cxl: fix DC extent capacity tracking
tests: virt: Update expected ACPI tables for virt test
hw/acpi/aml-build: Build a root node in the PPTT table
hw/acpi/aml-build: Set identical implementation flag for PPTT processor nodes
tests: virt: Allow changes to PPTT test table
qtest/bios-tables-test: Generate reference blob for DSDT.acpipcihp
qtest/bios-tables-test: Generate reference blob for DSDT.hpoffacpiindex
tests/qtest/bios-tables-test: Add aarch64 ACPI PCI hotplug test
tests/qtest/bios-tables-test: Prepare for addition of acpi pci hp tests
hw/arm/virt: Let virt support pci hotplug/unplug GED event
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Conflicts:
net/vhost-vdpa.c
vhost_vdpa_set_steering_ebpf() was removed, resolve the context
conflict.
Peter Maydell [Thu, 10 Jul 2025 14:44:17 +0000 (15:44 +0100)]
crypto/x509-utils: Check for error from gnutls_x509_crt_init()
Coverity notes that in qcrypto_get_x509_cert_fingerprint() we
call gnutls_x509_crt_init() but don't check for an error return.
Add the missing check.
Coverity: CID 1593155 Fixes: 10a1d34fc0d ("crypto: Introduce x509 utils") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This lets us see the full flow of RFB messages received from the
client.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
When a VNC client sends a "set pixel format" message, the
'client_endian' field will get initialized, however, it is
valid to omit this message if the client wants to use the
server's native pixel format. In the latter scenario nothing
is initializing the 'client_endian' field, so it remains set
to 0, matching neither G_LITTLE_ENDIAN nor G_BIG_ENDIAN. This
then results in pixel format conversion routines taking the
wrong code paths.
This problem existed before the 'client_be' flag was changed
into the 'client_endian' value, but the lack of initialization
meant it semantically defaulted to little endian, so only big
endian systems would potentially be exposed to incorrect pixel
translation.
The 'virt-viewer' / 'remote-viewer' apps always send a "set
pixel format" message so aren't exposed to any problems, but
the classical 'vncviewer' app will show the problem easily.
Fixes: 7ed96710e82c385c6cfc3d064eec7dde20f0f3fd Reported-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
system/runstate: Document qemu_add_vm_change_state_handler_prio* in hdr
Generally APIs to the rest of QEMU should be documented in the headers.
Comments on individual functions or internal details are fine to live
in the C files. Make qemu_add_vm_change_state_handler_prio[_full]()
docstrings consistent by moving them from source to header.
Suggested-by: Xiaoyao Li <xiaoyao.li@intel.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20250715171920.89670-1-philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250703173248.44995-4-philmd@linaro.org>
Michael Tokarev [Sat, 31 May 2025 17:16:09 +0000 (20:16 +0300)]
qemu-img: extend cvtnum() and use it in more places
cvtnum() expects input string to specify some sort of size
(optionally with KMG... suffix). However, there are a lot
of other number conversions in there (using qemu_strtol &Co),
also, not all conversions which use cvtnum, actually expects
size, - like dd count=nn.
Add bool is_size argument to cvtnum() to specify if it should
treat the argument as a size or something else, - this changes
conversion routine in use and error text.
Use the new cvtnum() in more places (like where strtol were used),
since it never return negative number in successful conversion.
When it makes sense, also specify upper or lower bounds at the
same time. This simplifies option processing in multiple places,
removing the need of local temporary variables and longer error
reporting code.
While at it, fix errors, like depth in measure must be >= 1,
while the previous code allowed it to be 0.
In a few places, change unsigned variables (like of type size_t)
to be signed instead, - to avoid the need of temporary conversion
variable. All these variables are okay to be signed, we never
assign <0 value to them except of the cases of conversion error,
where we return immediately.
While at it, remove allowed size suffixes from the error message
as it makes no sense most of the time (should be in help instead).
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250531171609.197078-28-mjt@tls.msk.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:16:08 +0000 (20:16 +0300)]
qemu-img: implement short --help, remove global help() function
now once all individual subcommands has --help support, remove
the large unreadable help() thing and replace it with small
global --help, which refers to individual command --help for
more info.
While at it, also line-wrap list of formats after 75 chars.
Since missing_argument() and unrecognized_option() are now unused,
remove them.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250531171609.197078-27-mjt@tls.msk.ru>
[kwolf: Fixed up style and formatting] Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:16:07 +0000 (20:16 +0300)]
qemu-img: measure: refresh options/--help
Add missing long options and --help output,
reorder options for consistency.
Also add -s short option for --size (and remove OPTION_SIZE).
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250531171609.197078-26-mjt@tls.msk.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:16:06 +0000 (20:16 +0300)]
qemu-img: dd: refresh options/--help
Add missing long options and --help output,
reorder options for consistency.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250531171609.197078-25-mjt@tls.msk.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:16:05 +0000 (20:16 +0300)]
qemu-img: bitmap: refresh options/--help
Add missing long options and --help output,
reorder options for consistency.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250531171609.197078-24-mjt@tls.msk.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:16:04 +0000 (20:16 +0300)]
qemu-img: bench: refresh options/--help
Add missing long options and --help output,
reorder options for consistency.
Add missing --object option.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250531171609.197078-23-mjt@tls.msk.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:16:03 +0000 (20:16 +0300)]
qemu-img: amend: refresh options/--help
Add missing long options and --help output,
reorder options for consistency.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250531171609.197078-22-mjt@tls.msk.ru>
[kwolf: Fixed up qemu-iotests] Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:16:02 +0000 (20:16 +0300)]
qemu-img: resize: refresh options/--help
Add missing long options and --help output,
reorder options for consistency.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250531171609.197078-21-mjt@tls.msk.ru>
[kwolf: Fixed up qemu-iotests] Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:16:01 +0000 (20:16 +0300)]
qemu-img: resize: do not always eat last argument
'qemu-img resize --help' does not work, since it wants more
arguments. Also -size is only recognized as a very last
argument, but it is common for tools to handle other options
after positional arguments too.
Tell getopt_long() to return non-options together with options,
and process filename and size in the loop, and check if there's
an argument right after filename which looks like -N (number),
and treat it as size (decrement). This way we can handle --help,
and we can also have options after filename and size, and `--'
will be handled fine too.
The only case which is not handled right is when there's an option
between filename and size, and size is given as decrement, - in
this case -size will be treated as option, not as size.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250531171609.197078-20-mjt@tls.msk.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Add missing long options and --help output,
reorder options for consistency.
Use -B for --backing-format, keep -F for
backwards compatibility.
Options added:
--format, --cache - for the image in question
--backing, --backing-format, --backing-cache, --backing-unsafe -
for the new backing file
(was eg CACHE vs SRC_CACHE, which is unclear).
Probably should rename local variables.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250531171609.197078-19-mjt@tls.msk.ru>
[kwolf: Removed command description from the argument list] Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:15:59 +0000 (20:15 +0300)]
qemu-img: snapshot: refresh options/--help
Add missing long options and --help output,
reorder options for consistency.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250531171609.197078-18-mjt@tls.msk.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:15:58 +0000 (20:15 +0300)]
qemu-img: snapshot: make -l (list) the default, simplify option handling
When no -l/-a/-c/-d specified, assume -l (list).
Use the same values for SNAPSHOT_LIST/etc constants as the
option chars (lacd), this makes it possible to simplify
option handling a lot, combining cases for 4 options into
one.
Also remove bdrv_oflags handling (only list can use RO mode).
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250531171609.197078-17-mjt@tls.msk.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:15:57 +0000 (20:15 +0300)]
qemu-img: snapshot: allow specifying -f fmt
For consistency with other commands, and since it already
accepts --image-opts, allow specifying -f fmt too.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250531171609.197078-16-mjt@tls.msk.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Tue, 15 Jul 2025 14:09:03 +0000 (17:09 +0300)]
qemu-img: map: refresh options/--help
Add missing long options and --help output,
reorder options for consistency.
While at it, remove unused option_index variable.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250715140903.131529-1-mjt@tls.msk.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:15:55 +0000 (20:15 +0300)]
qemu-img: info: refresh options/--help
Add missing long options and --help output.
Also add -b short option for --backing-chain, and remove
now-unused OPTION_BACKING_CHAIN.
Reorder options for consistency.
While at it, remove unused option_index variable.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250531171609.197078-14-mjt@tls.msk.ru>
[kwolf: Fixed up help text formatting] Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Use -b for --backing, and recognize -B for backwards
compatibility. Unfortunately we can't use -B to
specify backing format.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250715140702.131321-1-mjt@tls.msk.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:15:53 +0000 (20:15 +0300)]
qemu-img: compare: refresh options/--help
Add long options, add help, reorder options for consistency.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250531171609.197078-12-mjt@tls.msk.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:15:52 +0000 (20:15 +0300)]
qemu-img: compare: use helper function for --object
Use the same function to parse --object as used by all
other qemu-img subcommands.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250531171609.197078-11-mjt@tls.msk.ru> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:15:51 +0000 (20:15 +0300)]
qemu-img: commit: refresh options/--help
Add missing long options and --help output,
reorder options for consistency.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20250531171609.197078-10-mjt@tls.msk.ru>
[kwolf: Fixed up qemu-iotests] Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Michael Tokarev [Sat, 31 May 2025 17:15:50 +0000 (20:15 +0300)]
qemu-img: simplify --repair error message
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250531171609.197078-9-mjt@tls.msk.ru>
[kwolf: Added missing comma in help text] Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
projects / thirdparty / qemu.git / log
