This caused a failure with program using openat2, where O_LARGEFILE was
replaced by O_NOFOLLOW.
This issue is only visible when QEMU is compiled with musl libc, where
O_LARGEFILE is different from 0 (vs glibc).
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3262 Cc: qemu-stable@nongnu.org Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit 2ff8c9a298 removed support for 32-bit PPC hosts from the build
system. Unfortunately, the patch also removed the 32-bit PPC target for
containerized tests, which leads to an error when trying to run tests,
e.g., with "make check-tcg":
"make[1]: *** No rule to make target 'docker-image-debian-ppc-cross',
needed by 'build-tcg-tests-ppc-linux-user'. Stop."
This patch adds the PPC target back for containerized tests.
Fixes: 2ff8c9a2984b ("buildsys: Remove support for 32-bit PPC hosts") Signed-off-by: Florian Hofhammer <florian.hofhammer@fhofhammer.de> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
[Mjt: specify commit subject in Fixes tag) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Thomas Huth [Fri, 16 Jan 2026 10:11:39 +0000 (11:11 +0100)]
MAINTAINERS: Add docs/system/i386/ to the general x86 architecture section
We've got a section for generic x86 architecture support in our
MAINTAINERS file - this should cover the docs/system/i386/ folder, too.
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This happens because the sed statements require GNU sed. Let's use
gsed in these spots to get it fixed.
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Thomas Huth [Wed, 14 Jan 2026 08:33:06 +0000 (09:33 +0100)]
configure: Set $PYTHON in the configuration of the optionroms
pc-bios/optionrom/Makefile uses $(PYTHON) for running a Python script,
but this variable is never initialized here. So the script gets run
via its shebang line - which fails if the "python3" binary is not
available on the system. To fix this, write the PYTHON configuration
to the config.mak file of the optionroms.
Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Julian Ganz [Sat, 27 Dec 2025 08:53:46 +0000 (09:53 +0100)]
tests: fix comment declaring runtime in rv64 interruptedmemory test
The test attempts to trigger a regression for arount 30s. However, a
comment just before the computation of the target wall clock time falsly
declares the run time to be around 60s.
This was the case already when we introduced the test in
Signed-off-by: Julian Ganz <neither@nut.email> Reviewed-by: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Michael Tokarev [Thu, 18 Dec 2025 07:28:11 +0000 (10:28 +0300)]
qemu-options.hx: use KiB, MiB, GiB for power-of-2 units
Use MiB &Co instead of MB &Co when the talk is about
power-of-two-based sizes, in qemu-options.hx.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3222 Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Michael Tokarev [Thu, 25 Dec 2025 06:18:40 +0000 (09:18 +0300)]
gdbstub: unlink the unix socket before bind()
This is another variant of doing what v9.2.0-1561-gfccb744f41c6
"gdbstub: Try unlinking the unix socket before binding" did, but
that commit introduced dependency on qemu-sockets.c which is
more problematic for statically-linked qemu-user binaries.
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This commit introduced dependency of linux-user on qemu-sockets.c.
The latter includes handling of various socket types, while gdbstub
only needs unix sockets. Including different kinds of sockets
makes it more problematic to build linux-user statically.
The original issue - the need to unlink unix socket before binding -
will be addressed in the next change.
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Merge tag 'pull-tcg-20260119' of https://gitlab.com/rth7680/qemu into staging
Remove support for 32-bit hosts.
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmltWH8dHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/ERwgAjYEp0OOEGoHQG0Tj
# MWymeQXRgtslspQtkhlIC5IiC8vWOeJVXVvb+sWV4fckkv/v4BK2R903IuHrRiYu
# MeJSDMI6tCWDRzP2U2jbeFlxQ0BGAQUjpi7oRkJEZv9qgWxodek6o+2HLM0iqcDM
# 7NciQwWwlMpkizx45qD+rpulvictLWjYczSpQPrkXEvqVT7dut20MKP/06FvqGsa
# E+1WoZAq0UfkT8xbqcLXgX5QyVPFpC0ZIcHBzXiUip6G4rY5rVnBeuiYCKojl2CI
# M0l9UEwG1KP9aaP6Lx2lg0qnXKT6ITukoPIzlEUDoNorGDwdXklYjd/ChmknQv3K
# fG0zWg==
# =LRWj
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 19 Jan 2026 09:02:39 AM AEDT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-tcg-20260119' of https://gitlab.com/rth7680/qemu: (54 commits)
include/qemu/atomic: Drop aligned_{u}int64_t
meson: Remove CONFIG_ATOMIC64
include/qemu/atomic: Drop qatomic_{read,set}_[iu]64
util: Remove stats64
block: Drop use of Stat64
migration: Drop use of Stat64
target/s390x: Simplify atomicity check in do_csst
target/s390x: Drop CONFIG_ATOMIC64 tests
target/m68k: Drop CONFIG_ATOMIC64 tests
target/hppa: Drop CONFIG_ATOMIC64 test
target/arm: Drop CONFIG_ATOMIC64 tests
linux-user/hppa: Drop CONFIG_ATOMIC64 test
linux-user/arm: Drop CONFIG_ATOMIC64 test
accel/tcg: Drop CONFIG_ATOMIC64 test from translator.c
accel/tcg: Drop CONFIG_ATOMIC64 checks from ldst_atomicicy.c.inc
tcg: Unconditionally define atomic64 helpers
accel/tcg/runtime: Remove helper_nonatomic_cmpxchgo
accel/tcg/runtime: Remove 64-bit shift helpers
target/riscv: Drop TCG_TARGET_REG_BITS test
target/i386/tcg: Drop TCG_TARGET_REG_BITS test
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
We should have used MO_{32,64} from the start, rather than
raw integer constants. However, now that the CONFIG_ATOMIC64
test has been removed, we can remove the 'max' variable and
simplify the two blocks.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Since we only support 64-bit hosts, there's no real need
to parameterize TCG_TARGET_REG_BITS. It seems worth holding
on to the identifier though, for documentation purposes.
Move one tcg/*/tcg-target-reg-bits.h to tcg/target-reg-bits.h
and remove the others.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Remove instances of __i386__, except from tests and imported headers.
Drop a block containing sanity check and fprintf error message for
i386-on-i386 or x86_64-on-x86_64 emulation. If we really want
something like this, we would do it via some form of compile-time check.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Remove tcg/arm.
Remove instances of __arm__, except from tests and imported headers.
Remove arm from supported_cpus.
Remove linux-user/include/host/arm.
Remove common-user/host/arm.
Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'accel-20260116' of https://github.com/philmd/qemu into staging
Accelerators patches queue
- Enable 64bit WebAssembly guests (TCI)
- Fix migration on HVF
- Remove a signal race with WFI on HVF (Aarch64)
- Correct HVF guest timer frequency (Aarch64)
- Fix NVMM build (x86)
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmlqHhcACgkQ4+MsLN6t
# wN7NEA//cZvw4AdTKgUxenEQL2r+Y8KVT+Wm+F7WqznTm9dqGgb+YHgmDoPA9b6y
# qxenzIwVA1R2ZkgAs7m99z9k9YcZLXHdoKelWYqxoWZd1DFVQJ7by5iRoQbvdtRJ
# LSxQXkdcXCGBIWQ080k0WJP5e7Sw/1+LdSm3jn2naRTD1JF3jn4LwUZMFQSwuhH0
# 0uXFrb207AlFz4itNnZXIjcvugMi6hIKNhHX8ol0JLSlfkS0lVR4y1X21J11ipg3
# VYucsUfA9fzfqcTDkPxGuEAV5mivaP1wy8kHRh5p8vgq7dbLivdIpjYIZynzb1LF
# 10WaeJaYHHYeWqLSKcZPUd66eKc2ZOeGn+zcE8oM8Zsm2NQUJ+rIkWw7/O978PfS
# RsXmIYTkM8gXfx7gUtW95/JmX5FH4xsvrwRjv1FdOPwYNe3kMtc1xslq9dkqsXMG
# P79n+NVXRr62ph93lSjLdLgqFW6eEXo0nVO4maD+9pBolK9S8TIrzLxRwXyHY/lx
# FD9nRHP/U1QjrrwpCcFT3PmTfJ/CsMlP0biUG9+uf6XKkxlOIyNoMSDdTC5xjUTx
# iCC71XluRIBKAIpwIN9QHtTTrKvm2wMFlTHpQxMD/kldc+0whHBtfU/24vemCCMQ
# dpnJxr0lVng942YHhT/n2Y6CZbzURF022I89p7EJ6d/1Els0j/c=
# =khzj
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 16 Jan 2026 10:16:39 PM AEDT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'accel-20260116' of https://github.com/philmd/qemu: (30 commits)
tests/functional: Require TCG to run reverse debugging tests
target/i386/nvmm: Include missing ramlist.h header
accel/nvmm: Fix 'cpu' typo in nvmm_init_vcpu()
hmp-commands-info.hx: Move definition of "info accel"
target/arm: Only allow disabling NEON when using TCG
target/arm/hvf: Really set Generic Timer counter frequency
target/arm: Create GTimers *after* features finalized / accel realized
accel/hvf: Add hvf_arch_cpu_realize() stubs
accel: Introduce AccelOpsClass::cpu_target_realize() hook
accel/hvf: Have PSCI CPU_SUSPEND halt the vCPU
accel/hvf: Implement WFI without using pselect()
accel/hvf: Skip WFI if CPU has work to do
target/arm/hvf: Implement dirty page tracking
accel/hvf: Remove mac_slots
accel/hvf: Drop hvf_slot and hvf_find_overlap_slot
accel/hvf: Simplify hvf_set_phys_mem
accel/hvf: Move hvf_log_sync to hvf_log_clear
accel/hvf: Simplify hvf_log_*
target/i386/hvf: Use address_space_translate in ept_emulation_fault
target/i386/hvf: Use hvf_unprotect_dirty_range
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
tests/functional: Require TCG to run reverse debugging tests
Record/replay is specific to TCG. Require it to avoid failure
when using a HVF-only build on Darwin:
qemu-system-aarch64: -icount shift=7,rr=record,rrfile=/scratch/replay.bin,rrsnapshot=init: cannot configure icount, TCG support not available
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20260115161029.24116-1-philmd@linaro.org>
target/i386/nvmm/nvmm-all.c: In function 'nvmm_init_vcpu':
target/i386/nvmm/nvmm-all.c:988:9: error: 'AccelCPUState' has no member named 'vcpu_dirty'
988 | qcpu->vcpu_dirty = true;
| ^~
Cc: qemu-stable@nongnu.org Reported-by: Thomas Huth <thuth@redhat.com> Fixes: 2098164a6be ("accel/nvmm: Replace @dirty field by generic CPUState::vcpu_dirty field") Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Tested-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20260113203924.81560-1-philmd@linaro.org>
hmp-commands-info.hx: Move definition of "info accel"
Commit c10eb740108 (accel/system: Add 'info accel' on human monitor)
inserted "info accel" in the middle of "info sync-profile". Move it
behind "info sync-profile".
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dave@treblig.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20260116005050.376616-2-dave@treblig.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
target/arm: Only allow disabling NEON when using TCG
Only allow disabling NEON when using TCG.
This avoids confusing user experience:
$ qemu-system-aarch64 -M virt -accel hvf \
-cpu host,neon=off,vfp=off,vfp-d32=off
qemu-system-aarch64: AArch64 CPUs must have both VFP and Neon or neither
$ qemu-system-aarch64 -M virt -accel hvf \
-cpu host,neon=off,vfp=off,vfp-d32=off
qemu-system-aarch64: ARM CPUs must have both VFP-D32 and Neon or neither
$ qemu-system-aarch64 -M virt -accel hvf \
-cpu host,neon=off,vfp=off,vfp-d32=off
qemu-system-aarch64: can't apply global host-arm-cpu.vfp-d32=off: Property 'host-arm-cpu.vfp-d32' not found
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Message-ID: <20260112103034.65310-20-philmd@linaro.org>
All of the complicated parts of updating the address space
are handled by address_space_update_topology_pass.
Do not create or use hvf_slot structures.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Message-ID: <20260112103034.65310-9-philmd@linaro.org>
Right idea, wrong hook. log_sync is called before using
dirty bit data (which for hvf is already up-to-date),
whereas log_clear is called before cleaning the range.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Message-ID: <20260112103034.65310-8-philmd@linaro.org>
target/i386/hvf: Use address_space_translate in ept_emulation_fault
The hvf_slot structure is a poor replacement for properly
looking up a memory region in the address space.
Use memory_region_get_dirty_log_mask instead of HVF_SLOT_LOG.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Message-ID: <20251103101034.59039-6-philmd@linaro.org>
Kohei Tokunaga [Mon, 4 Aug 2025 12:57:17 +0000 (21:57 +0900)]
gitlab-ci: Add build tests for wasm64
The wasm builds are tested for 3 targets: wasm32, wasm64(-sMEMORY64=1) and
wasm64(-sMEMORY64=2). The CI builds the containers using the same Dockerfile
(emsdk-wasm-cross.docker) with different build args.
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <ee30d4956a485fd46b4735028486d3fb7b22fe60.1768308374.git.ktokunaga.mail@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Kohei Tokunaga [Mon, 4 Aug 2025 12:57:16 +0000 (21:57 +0900)]
dockerfiles: Add support for wasm64 to the wasm Dockerfile
This commit fixes Dockerfile of the wasm build to support both of wasm32 and
wasm64 build. Dockerfile takes the following build argument and use it for
building dependencies.
- TARGET_CPU: target wasm arch (wasm32 or wasm64)
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <3f21342f50e0412a32143fe21ecc0d8db95b3f37.1768308374.git.ktokunaga.mail@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Kohei Tokunaga [Mon, 4 Aug 2025 12:57:15 +0000 (21:57 +0900)]
configure: Enable to propagate -sMEMORY64 flag to Emscripten
Currently there are some engines that don't support wasm64 (e.g. unsupported
on Safari[1]). To mitigate this issue, the configure script allows the user
to use Emscripten's compatibility feature, "-sMEMORY64=2" flag[2].
Emscripten's "-sMEMORY64=2" flag still enables 64bit pointers in C code. But
this flag lowers the output binary into wasm32, with limiting the maximum
memory size to 4GB. So QEMU can run on wasm32 engines.
Kohei Tokunaga [Mon, 4 Aug 2025 12:57:14 +0000 (21:57 +0900)]
meson: Add wasm64 support to the --cpu flag
wasm64 target enables 64bit pointers using Emscripten's -sMEMORY64=1
flag[1]. This enables QEMU to run 64bit guests.
Although the configure script uses "uname -m" as the fallback value when
"cpu" is empty, this can't be used for Emscripten which targets to Wasm.
So, in wasm build, this commit fixes configure to require --cpu flag to be
explicitly specified by the user.
tests/qtest/migration: Make 'has_dirty_ring' generic
Keep accelerator knowledge limited within MigrationTestEnv,
expose a generic %has_dirty_ring value, only checking for
KVM when initializing it in migration_get_env().
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Fabiano Rosas <farosas@suse.de>
Message-ID: <20250128135429.8500-3-philmd@linaro.org>
Merge tag 'pull-target-arm-20260115' of https://gitlab.com/pm215/qemu into staging
target-arm queue:
* hw/arm/raspi: remove duplicate include
* target/arm: Enable FEAT_ASID2 emulation
* hw/char/cmsdk-apb-uart.c: log guest_errors for r/w to disabled uart
* hw/arm: Re-enable the MAX78000FTHR machine in qemu-system-arm/aarch64
* target/arm/ptw: make granule_protection_check usable without a cpu
* hw/arm/omap: Remove omap_badwidth_* functions
* hw/arm/smmu: add memory regions as property for an SMMU instance
* docs/system/generic-loader: clarify
* tests/functional: migrate aspeed_rainier image
* target/arm: Correctly handle HCR.TID1 and TID3 traps on v7A CPUs
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmlpN5EZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3j/QD/9G1AV5Sd59zoO//cS6m7OO
# dB0/1MaX7ChTK4zHaQwA2TammwKTxUDV1nj8LJBd4/d1SV1SC3OrYl88bQdjKhLD
# +o4z9snfV+TmVm6WlmKvDkOhV0UdhrA31exvXFOXytmVSq6BxvHv/yy2j4eo8KVu
# UtWf8A2RHnfR1QNIvBGtDQ7NWhd9XHV8mKtGMIiTTQtQ72/9MLig9Kbv97yavbRT
# ZY8AdvDZJrR8P7euRc//qmGuWb6ix2GiFRWQ0FXQu/qU63MR+Css12nzkXFFGeU2
# KEtZ2PTwd8i/NRYtJmqVw3ZsQHAqXplGle/VzK7orTLWKHbjiLOc9FdnSVplkBNM
# AWhQGVqrwXYHnEI34RiTQuxzhNepPwOgS6/0gXw2mHzHQ5g6ndZnfJuPTw/70ZNY
# Yd0nAU1ajvgW/1/i9zVs4aQ5wy/SFRd+OoHqujVIcKWB9iPWvNZUGgrnySQO8lq+
# 6GOMZauK+8kU4WJO/wHCW9ktIUPWjwYmmTLwElTj/VUEjShy2t8mETZEvzJl+eVl
# WZpzfJEvbraJiCe+e2QRcRA0goTlBdNneUQ31ePoVOpXS6UXIXuqd3Qisli9y4sB
# 9NrJseIQ7RclIYfpHxkrlejXGOFlwtxaDoxSupn7IblKCCFFf6TS3LwiJRXpcf2k
# kpMq6Mcnt/HCrpvmN5gNUA==
# =yMo2
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 16 Jan 2026 05:53:05 AM AEDT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [unknown]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20260115' of https://gitlab.com/pm215/qemu: (25 commits)
target/arm: Rename access_aa64_tid5() to access_tid5()
target/arm: Correctly trap HCR.TID1 registers in v7A
target/arm: Correctly honour HCR.TID3 for v7A cores
target/arm: Don't specify ID_PFR1 accessfn twice
tests/functional: migrate aspeed_rainier image
docs/system/generic-loader: move TODO to source code
docs/system/generic-loader: Don't mention QemuOpts implementation detail
docs/system/generic-loader: Clarify behaviour of cpu-num
hw/arm/smmu: add memory regions as property for an SMMU instance
hw/arm/omap1: Remove omap_badwidth_* implementations
hw/arm/omap1: Remove omap_badwidth_write* calls
hw/arm/omap1: Remove omap_badwidth_read* calls
hw/dma/omap_dma: Remove omap_badwidth_* calls
hw/gpio/omap_gpio: Remove omap_badwidth_* calls
hw/i2c/omap_i2c: Remove omap_badwidth_* calls
hw/sd/omap_mmc: Remove omap_badwidth_* calls
target/arm/ptw: make granule_protection_check usable without a cpu
target/arm: Move ARMSecuritySpace to a common header
hw/arm: Re-enable the MAX78000FTHR machine in qemu-system-arm/aarch64
hw/char/cmsdk-apb-uart.c: log guest_errors for r/w to disabled uart
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-loongarch-20260115' of https://github.com/bibo-mao/qemu into staging
loongarch queue
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQNhkKjomWfgLCz0aQfewwSUazn0QUCaWiLIAAKCRAfewwSUazn
# 0cGHAQCVjRn2wPtniAIS6HQ/edTPXQt8Nr83Bv6SHkcOskbexwEA/OmUd4MiftSV
# GJFfJ66Z3i9TCRZJdLqsUZBk9p9W9AQ=
# =Aiem
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 15 Jan 2026 05:37:20 PM AEDT
# gpg: using EDDSA key 0D8642A3A2659F80B0B3D1A41F7B0C1251ACE7D1
# gpg: Good signature from "bibo mao <maobibo@loongson.cn>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7044 3A00 19C0 E97A 31C7 13C4 8E86 8FB7 A176 9D4C
# Subkey fingerprint: 0D86 42A3 A265 9F80 B0B3 D1A4 1F7B 0C12 51AC E7D1
* tag 'pull-loongarch-20260115' of https://github.com/bibo-mao/qemu:
hw/loongarch/virt: Don't abort on access to unimplemented IOCSR
target/loongarch: Fix exception ADEF/ADEM missing to update CSR_BADV
target/loongarch: Fix exception BCE missing to update CSR_BADV
target/loongach: Fix some exceptions failure in updating CSR_BADV
hw/loongarch/virt: Fix irq allocation failure with pci device from fdt
hw/loongarch/virt: Modify the interrupt trigger type in fdt table
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Wed, 31 Dec 2025 17:08:58 +0000 (17:08 +0000)]
target/arm: Rename access_aa64_tid5() to access_tid5()
There is no equivalent access_aa32_tid5() (HCR_EL2.TID5 only exists
starting from v8); rename access_aa64_tid5() to access_tid5() to line
up with the naming we now have for the TID1 and TID3 check functions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251231170858.254594-5-peter.maydell@linaro.org
Peter Maydell [Wed, 31 Dec 2025 17:08:57 +0000 (17:08 +0000)]
target/arm: Correctly trap HCR.TID1 registers in v7A
In v7A HCR.TID1 is defined to trap for TCMTR, TLBTR, REVIDR and AIDR.
We incorrectly use an accessfn for REVIDR and AIDR that only traps on
v8A cores. Fix this by collapsing access_aa64_tid1() and
access_aa32_tid1() together and never doing a check for v8 vs v7.
The accessfn is also used for SMIDR_EL1, which is fine as this
register is AArch64 only.
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251231170858.254594-4-peter.maydell@linaro.org
Peter Maydell [Wed, 31 Dec 2025 17:08:56 +0000 (17:08 +0000)]
target/arm: Correctly honour HCR.TID3 for v7A cores
The HCR.TID3 bit defines that we should trap to the hypervisor for
reads to a collection of ID registers. Different architecture versions
have defined this differently:
* v7A has a set of ID regs that definitely must trap:
- ID_PFR{0,1}, ID_DFR0, ID_AFR0, ID_MMFR{0,1,2,3},
ID_ISAR{0,1,2,3,4,5}, MVFR{0,1}
and somewhat vaguely says that "there is no requirement"
to trap for registers that are reserved in the ID reg space
(i.e. which RAZ and might be used for new ID regs in future)
* v8A adds to this list:
- ID_PFR2 and MVFR2 must trap
- ID_MMFR4, ID_MMFR5, ID_ISAR6, ID_DFR1 and reserved registers
in the ID reg space must trap if FEAT_FGT is implemented,
and it is IMPDEF if they trap if FEAT_FGT is not implemented
In QEMU we seem to have attempted to implement this distinction
(taking the "we do trap" IMPDEF choice if no FEAT_FGT), with
access_aa64_tid3() always trapping on TID3 and access_aa32_tid3()
trapping only if ARM_FEATURE_V8 is set. However, we didn't apply
these to the right set of registers: we use access_aa32_tid3() on all
the 32-bit ID registers *except* ID_PFR2, ID_DFR1, ID_MMFR5 and the
RES0 space, which means that for a v7 CPU we don't trap on a lot of
registers that we should trap on, and we do trap on various things
that the v7A Arm ARM says there is "no requirement" to trap on.
Straighten this out by naming the access functions more clearly for
their purpose, and documenting this: access_v7_tid3() is only for the
fixed set of ID registers that v7A traps on HCR.TID3, and
access_tid3() is for any others, including the reserved encoding
spaces and any new registers we add in future.
AArch32 MVFR2 access is handled differently, in check_hcr_el2_trap;
there we already do not trap on TID3 on v7A cores (where MVFR2
doesn't exist), because we in the code-generation function we UNDEF
if ARM_FEATURE_V8 is not set, without generating code to call
check_hcr_el2_trap.
This bug was causing a problem for Xen which (after a recent change
to Xen) expects to be able to trap ID_PFR0 on a Cortex-A15.
The result of these changes is that our v8A behaviour remains
the same, and on v7A we now trap the registers the Arm ARM definitely
requires us to trap, and don't trap the reserved space that "there is
no requirement" to trap.
Cc: qemu-stable@nongnu.org Fixes: 6a4ef4e5d1084c ("target/arm: Honor HCR_EL2.TID3 trapping requirements") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251231170858.254594-3-peter.maydell@linaro.org
projects / thirdparty / qemu.git / log
