Instead of checking, did backend set the filename state or not, let's
be stateless: filename is needed rarely, so, let's just have a generic
function (with optional implementation by backends) to get it.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
[ Marc-André - fix leak in ivshmem-pci.c ] Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20260115144606.233252-10-vsementsov@yandex-team.ru>
chardev: consistent naming for ChardevClass handlers implementations
Most handlers implementations has name like {unit_name}_{handler_name},
which is usual and well-recognized pattern. Convert the rest (especially
with useless qemu_ prefixes and misleading qmp_ prefixes) to the common
pattern.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20260115144606.233252-5-vsementsov@yandex-team.ru>
Eric K [Mon, 8 Dec 2025 22:58:49 +0000 (16:58 -0600)]
char-udp: Fix initial backend open status
This patch removes the `*be_opened = false` override for the UDP chardev
backend. Since UDP is connectionless it never sends a `CHR_EVENT_OPENED`
so it is never marked open. This causes some frontends (e.g. virtio-serial)
to never perform any operations on the socket.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2993 Signed-off-by: Eric K <erickra@cs.utexas.edu> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20251208225849.705554-1-erickra@cs.utexas.edu>
Marco Liebel [Mon, 26 Jan 2026 22:34:34 +0000 (16:34 -0600)]
target/hexagon: Remove unused is_finite()
is_finite() is defined but never called anywhere in the codebase.
Signed-off-by: Marco Liebel <marco.liebel@oss.qualcomm.com> Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com> Reviewed-by: Brian Cain <brian.cain@oss.qualcomm.com> Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>
Marco Liebel [Mon, 26 Jan 2026 22:34:33 +0000 (16:34 -0600)]
target/hexagon: Remove unused EXT_IDX enum
The EXT_IDX_noext, EXT_IDX_mmvec, and XX_LAST_EXT_IDX enum
constants are defined but never referenced anywhere in the
codebase.
Signed-off-by: Marco Liebel <marco.liebel@oss.qualcomm.com> Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com> Reviewed-by: Brian Cain <brian.cain@oss.qualcomm.com> Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>
Anton Johansson [Mon, 9 Feb 2026 14:42:49 +0000 (15:42 +0100)]
target/hexagon: Widen MemLog::width to 32 bits
MemLog::width is a uint8_t value mapped to a TCGv (32 bit), the only
reason this currently works is because MemLog::width is padded to 32
bits. Widen the field to uint32_t and fix the size of the TCGv
operations as well. Use uint32_t when referencing and passing around
the field, as valid values are asserted in commit_store().
Reviewed-by: Brian Cain <brian.cain@oss.qualcomm.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Anton Johansson <anjo@rev.ng>
--
Changes in v3:
- Added reviewed-by
Changes in v2:
- Removed truncation to uint8_t, valid values of 1,2,4,8 are checked in
commit_store() already.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>
Brian Cain [Wed, 11 Feb 2026 22:19:53 +0000 (14:19 -0800)]
target/hexagon: Detect register write conflicts
A conflict exists when any GPR is written by multiple instructions and
at least one write is unconditional. This catches (1) two unconditional
writes to the same GPR and (2) an unconditional write combined with a
predicated write.
Add HEX_CAUSE_REG_WRITE_CONFLICT and map it to SIGILL.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2696 Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com> Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>
Brian Cain [Wed, 11 Feb 2026 22:19:52 +0000 (14:19 -0800)]
tests/tcg/hexagon: Handle SIGILL internally in invalid-slots test
Rewrite invalid-slots.c to catch and verify SIGILL using a sigaction
handler that modifies the ucontext, matching the pattern used by
invalid-encoding.c.
Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>
Brian Cain [Wed, 11 Feb 2026 22:19:51 +0000 (14:19 -0800)]
target/hexagon: Return decode failure for invalid non-duplex encodings
When a non-duplex encoding (parse_bits != 0) fails both decode_normal()
and decode_hvx(), the decoder hit an unreachable. Instead, handle
the decode failure and raise an exception.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com> Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>
Brian Cain [Wed, 11 Feb 2026 22:19:50 +0000 (14:19 -0800)]
target/hexagon: Fix invalid duplex decoding
When decoding a duplex instruction, if the slot0 sub-instruction fails
to decode after slot1 succeeds, QEMU was leaving the packet in a
partially-decoded state. This allowed invalid duplex encodings (where
one sub-instruction doesn't match any valid pattern) to be executed
incorrectly.
Fix by resetting the decoder state when slot0 fails, returning an empty
instruction that triggers an exception.
Add gen_exception_decode_fail() for raising exceptions when decode fails
before ctx->next_PC is initialized. This keeps gen_exception_end_tb()
semantics unchanged (it continues to use ctx->next_PC for the exception
PC after successful decode).
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3291 Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com> Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>
Add functional coverage for the AST2700 A2 EVB machine by introducing
test cases that boot and validate an OpenBMC SDK v11.00 image on
"ast2700a2-evb".
Jamin Lin [Wed, 11 Feb 2026 02:15:34 +0000 (02:15 +0000)]
tests/qtest/ast2700-hace-test: Use ast2700-evb alias for AST2700 HACE tests
Update AST2700 HACE qtests to use the "ast2700-evb" machine alias
instead of a specific silicon revision.
The AST2700 A1 and A2 revisions are compatible for the HACE model, so
the tests do not depend on a particular EVB revision. Using the
"ast2700-evb" alias ensures the tests always run the latest
supported AST2700 silicon revision.
Jamin Lin [Wed, 11 Feb 2026 02:15:33 +0000 (02:15 +0000)]
hw/arm/aspeed_ast27x0_evb: Move ast2700-evb alias to AST2700 A2 EVB
Make AST2700 A2 EVB the default ast2700-evb machine.
The "ast2700-evb" machine alias is moved from the AST2700 A1 EVB
to the AST2700 A2 EVB, making A2 the default evaluation board
for AST2700.
This ensures that users selecting "ast2700-evb" will run on the
latest AST2700 silicon revision. The AST2700 A1 EVB machine
remains available explicitly as "ast2700a1-evb".
Jamin Lin [Wed, 11 Feb 2026 02:15:31 +0000 (02:15 +0000)]
hw/arm/aspeed_ast27x0: Add AST2700 A2 SoC support
AST2700 A2 is functionally identical to AST2700 A1.
There are no changes to the IRQ layout, memory map, or peripheral
configuration. The only difference is the silicon revision.
This commit introduces a dedicated AST2700 A2 SoC type by reusing
the existing AST2700 A1 implementation and setting the A2 silicon
revision accordingly.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Nabih Estefan <nabihestefan@google.com> Tested-by: Nabih Estefan <nabihestefan@google.com> Link: https://lore.kernel.org/qemu-devel/20260211021527.119674-4-jamin_lin@aspeedtech.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
Kane Chen [Wed, 11 Feb 2026 05:23:28 +0000 (05:23 +0000)]
tests/functional/arm/aspeed_ast2600: Enhance OTP test with functional validation
Improve the OTP test script by adding functional verification of OTP
strap registers. The test now validates that OTP modifications made
in U-Boot persist through the Linux boot process and survive a
subsequent reboot.
Key changes:
- Added interactive console commands for U-Boot and Linux.
- Implemented verification for OTP register 0x30 across reboots.
Jamin Lin [Tue, 10 Feb 2026 02:43:33 +0000 (02:43 +0000)]
hw/i2c/aspeed_i2c: Increase I2C device register size to 0xA0
According to the AST2700 A1 datasheet, the register space for each I2C
device instance has been expanded from 0x80 bytes to 0xA0 bytes.
Update the AST2700 I2C controller configuration to reflect the new
register layout by increasing the per-device register size to 0xA0
and adjusting the register gap size accordingly.
Jamin Lin [Tue, 10 Feb 2026 02:43:32 +0000 (02:43 +0000)]
hw/i2c/aspeed_i2c: Fix out-of-bounds read in I2C MMIO handlers
The ASPEED I2C controller exposes a per-bus MMIO window of 0x80 bytes on
AST2600/AST1030/AST2700, but the backing regs[] array was sized for only
28 dwords (0x70 bytes). This allows guest reads in the range [0x70..0x7f]
to index past the end of regs[].
Fix this by:
- Sizing ASPEED_I2C_NEW_NUM_REG to match the 0x80-byte window
(0x80 >> 2 = 32 dwords).
- Avoiding an unconditional pre-read from regs[] in the legacy/new read
handlers. Initialize the return value to -1 and only read regs[] for
offsets that are explicitly handled/valid, leaving invalid offsets to
return -1 with a guest error log.
Add functional tests for AST2500 and AST2600 machines using the
OpenBMC SDK v11.00 with Linux kernel 5.15. These tests complement the
existing SDK tests and verify that QEMU correctly boots older kernel
versions on these platforms.
tests/functional: Split Aspeed ARM tests into separate files
Reorganize the monolithic Aspeed functional test files into separate
files based on firmware type (Buildroot vs SDK) and specific test
scenarios. This allows the test suite to run tests in parallel more
effectively and makes it easier to identify and run specific test
scenarios independently.
Peter Maydell [Thu, 12 Feb 2026 14:35:18 +0000 (14:35 +0000)]
Merge tag 'pull-block-jobs-2026-02-12' of https://gitlab.com/vsementsov/qemu into staging
block: mirror: fix zero bitmap handling
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEi5wmzbL9FHyIDoahVh8kwfGfefsFAmmNlVcACgkQVh8kwfGf
# eftwBA/8CzB05/OX8vOONCHYPeZI7i2vjw+3yeAm6iIqD5ICDlrmCl6lJP8TpVfa
# DHLAJVfi8DxIeLL72hORlFNEVNSt5qWYI3s+oJajnbX47gf0UNjqDG/NHeIWBDQU
# B+fBEWtRwvqVHjajfRqYwWx4goFSVRjICYbdQRY5R/1Gmw9DnvGsGj+XkAcoQ23a
# Azoqd8HGnRQbhXmvXi9hJDMlrZW0Yuoi6/Jygo3P4ks9c6BundZZFP87OEAbzzH7
# KNbtaWSjH4N8N39wRIF6qxJ5keaPDCY6hkzvXcbit+d6zoifg5sN4JCRcVJ1R8Se
# w2FIksUl0U2pjQ8/pQbZihH480Mhk2cENh8sSQAyYXc6LtCubR6FngFlf3d0Y9ho
# ky3YVnopm+v2++yJEJmqCKRa4Z3WQszO4eXejoheSiMa48FUs1Vh5QcPU7y/EBJf
# NuA5mN9PRs8eMSJ7HEtufY97LoGeJSQYtfhs9xxsdKmETtHgG7cro1Jl0CDDZToX
# cQdpP/sf/XZBb27/KX+x3GuOWp8MYZ78WsrjFQE1WO1ZG1Mn3Bx4WqwNIJG1W6OT
# ZyYt81OESTN1xBbeWnYUsuxIXzH6uGb3guJ6bTRubhlSMemBlun3u+UyyZqs0Dfj
# hnY1kigl9JRNEQ+SOzAqxBukj0wF5pHJYL/3urM0gmu3V6ypeXA=
# =uqha
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu Feb 12 08:54:47 2026 GMT
# gpg: using RSA key 8B9C26CDB2FD147C880E86A1561F24C1F19F79FB
# gpg: Good signature from "Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>" [unknown]
# gpg: aka "Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8B9C 26CD B2FD 147C 880E 86A1 561F 24C1 F19F 79FB
* tag 'pull-block-jobs-2026-02-12' of https://gitlab.com/vsementsov/qemu:
iotests: test active mirror with unaligned, small write zeroes op
block/mirror: check range when setting zero bitmap for sync write
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'pull-request-2026-02-12v2' of https://gitlab.com/thuth/qemu:
python: drop uses of pkg_resources
hw/i386/pc.c: add description for fd-bootchk option
tests/Makefile.include: add run-tcg-tests-TARGET to check-help
tests/tcg/s390x: Test DIVIDE TO INTEGER
target/s390x: Implement DIVIDE TO INTEGER
fpu: Restrict parts_round_to_int_normal to target precision
target/s390x: Extract s390_get_bfp_rounding_mode()
target/s390x: Dump Floating-Point-Control Register
Revert "rcu: Unify force quiescent state"
s390x/pci: Fix endianness for zPCI BAR values.
virtio-ccw: virtio_ccw_set_guest_notifier(): fix failure path
tests/.../reverse_debugging: Remove unsatisfiable condition
MAINTAINERS: Replace backup for s390 PCI
MAINTAINERS: Switch to my NVIDIA email
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
John Snow [Wed, 11 Feb 2026 19:58:04 +0000 (14:58 -0500)]
python: drop uses of pkg_resources
pkg_resources has been fully dropped from modern pip/setuptools
distributions and we should phase out its use. This patch is enough to,
by itself, repair most GitLab CI tests upstream; with the exception of
tox tests which are still making use of avocado - which will be dropped
in a separate series to restore functionality there.
Signed-off-by: John Snow <jsnow@redhat.com> Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20260211195804.135144-3-jsnow@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Choon Keong [Wed, 11 Feb 2026 16:29:09 +0000 (16:29 +0000)]
hw/i386/pc.c: add description for fd-bootchk option
The 'fd-bootchk' option for pc and q35 machines currently lacks of
description in the help output. This makes it difficult for users
to understand the purpose of the command.
This commit solve this issue by adding description using
object_class_property_set_description() in hw/i386/pc.c,
adding the the description message for the option 'fd-bootchk'.
Suggested-by: Peter Maydell <peter.maydell@linaro.org> Suggested-by: Thomas Huth <thuth@redhat.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3193 Signed-off-by: Choon Keong <ckeong.teo17@gmail.com>
Message-ID: <20260211162909.6550-1-ckeong.teo17@gmail.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Choon Keong [Fri, 6 Feb 2026 17:00:59 +0000 (17:00 +0000)]
tests/Makefile.include: add run-tcg-tests-TARGET to check-help
User can execute TCG tests for a specific TARGET using the command:
$ make run-tcg-tests-TARGET-softmmu
However, this command is not showing in 'make check-help'
documentation, making it hard for new contributors to
discover.
This commit help to resolve this by adding the description
for the command, to the "check-tcg" section, as suggested
by Thomas, in tests/Makefile.include.
Additionally, reformat the alignment to accommodate
the length of the new command, ensuring the
consistency of the output.
Suggested-by: Thomas Huth <thuth@redhat.com> Reported-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/228 Signed-off-by: ck <ckeong.teo17@gmail.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260206170059.4913-1-ckeong.teo17@gmail.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Ilya Leoshkevich [Tue, 10 Feb 2026 21:39:02 +0000 (22:39 +0100)]
fpu: Restrict parts_round_to_int_normal to target precision
Currently parts_round_to_int_normal() assumes that its input has just
been unpacked and therefore doesn't expect non-zero fraction bits past
target precision.
The upcoming DIVIDE TO INTEGER use cases needs it to support
calculations on intermediate values that utilize all fraction bits,
while at the same time restricting the result's precision to frac_size.
Delete the "All integral" check, because even though really large
values are always integer, their low fraction bits still need to be
truncated. For the same reason, make sure rnd_mask covers at least
fraction bits past target precision.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260210214044.1174699-4-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Fiona Ebner [Mon, 12 Jan 2026 15:23:51 +0000 (16:23 +0100)]
block/mirror: check range when setting zero bitmap for sync write
Some Proxmox users reported an occasional assertion failure [0][1] in
busy VMs when using drive mirror with active mode. In particular, the
failure may occur for zero writes shorter than the job granularity:
> #0 0x00007b421154b507 in abort ()
> #1 0x00007b421154b420 in ?? ()
> #2 0x0000641c582e061f in bitmap_set (map=0x7b4204014e00, start=14, nr=-1)
> #3 0x0000641c58062824 in do_sync_target_write (job=0x641c7e73d1e0,
> method=MIRROR_METHOD_ZERO, offset=852480, bytes=4096, qiov=0x0, flags=0)
> #4 0x0000641c58062250 in bdrv_mirror_top_do_write (bs=0x641c7e62e1f0,
method=MIRROR_METHOD_ZERO, copy_to_target=true, offset=852480,
bytes=4096, qiov=0x0, flags=0)
> #5 0x0000641c58061f31 in bdrv_mirror_top_pwrite_zeroes (bs=0x641c7e62e1f0,
offset=852480, bytes=4096, flags=0)
The range for the dirty bitmap described by dirty_bitmap_offset and
dirty_bitmap_end is narrower than the original range and in fact,
dirty_bitmap_end might be smaller than dirty_bitmap_offset. There
already is a check for 'dirty_bitmap_offset < dirty_bitmap_end' before
resetting the dirty bitmap. Add such a check for setting the zero
bitmap too, which uses the same narrower range.
For DIVIDE TO INTEGER it will be helpful to pass final-quotient
rounding mode around explicitly rather than setting it in fpu_status
implicitly. To facilitate this, extract a function for converting the
mask to the rounding mode.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-ID: <20260210214044.1174699-3-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
The commit introduced a regression in the replay functional test
on alpha (tests/functional/alpha/test_replay.py), that causes CI
failures regularly. Thus revert this change until someone has
figured out what is going wrong here.
Peter Maydell [Wed, 11 Feb 2026 15:12:50 +0000 (15:12 +0000)]
Merge tag 'pull-tpm-2026-02-10-1' of https://github.com/stefanberger/qemu-tpm into staging
Merge tpm 2026/02/10 v1
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEuBi5yt+QicLVzsZrda1lgCoLQhEFAmmLUPwACgkQda1lgCoL
# QhH6Dwf/b2CqCmWwt4otJIYteKdhOGOuurL9jo2YWthJKj6hr3SuefRnflSweQTD
# 2Mij2tdfu089gWC7qmvLNeqCBKT0L9q80sV6YPD4RJBrybcVBQRYeO7aDM2HhYjq
# Q5AjHnToIdKgwr8rniccH0dOnGyCTMbe3jmamT8hr32Cev8Lu2++Hkxu0FEj/6Ur
# +yGIu0yNn5Es+IOX1Kd01n3LZb0TLpDRGglWScWZxh4jc99CHhzRNFn4IQfSqbAE
# A5rqN5bWY0p855h/+XNNdOiocx/hlrzyl47FWatzFJTaxvGka3N4WYVtrd6U0g1w
# ByP8ajaONqiQgo1tsV+52yWz7jj+vg==
# =quEE
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue Feb 10 15:38:36 2026 GMT
# gpg: using RSA key B818B9CADF9089C2D5CEC66B75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211
* tag 'pull-tpm-2026-02-10-1' of https://github.com/stefanberger/qemu-tpm:
tpm_emulator: tpm_emulator_set_state_blobs(): move to boolean return
tpm_emulator: drop direct use of errno variable
tpm_emulator: print error on error-ignore path
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'pull-target-arm-20260210' of https://gitlab.com/pm215/qemu: (26 commits)
target/arm: implement FEAT_E2H0
target/arm: Implement WFE, SEV and SEVONPEND for Cortex-M
target/arm: Remove entry for "any" from cpu32 arm_tcg_cpus[] list
hw/arm/virt: Rename arm_virt_compat into arm_virt_compat_defaults
whpx: arm64: add partition-wide reset on the reboot path
whpx: enable arm64 builds
target/arm: whpx: instantiate GIC early
whpx: arm64: implement -cpu host
hw/arm, accel/hvf, whpx: unify get_physical_address_range between WHPX and HVF
whpx: arm64: clamp down IPA size
target/arm: cpu: mark WHPX as supporting PSCI 1.3
whpx: change memory management logic
whpx: add arm64 support
hw, target, accel: whpx: change apic_in_platform to kernel_irqchip
whpx: common: add WHPX_INTERCEPT_DEBUG_TRAPS define
whpx: ifdef out winhvemulation on non-x86_64
whpx: reshuffle common code
whpx: Move around files before introducing AArch64 support
docs: arm: update virt machine model description
qtest: hw/arm: virt: add new test case for GICv3 + GICv2m
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Jaehoon Kim [Fri, 6 Feb 2026 16:46:02 +0000 (10:46 -0600)]
s390x/pci: Fix endianness for zPCI BAR values.
During zPCI scan, BAR configuration data retrieved via CLP Query was
misinterpreted due to an endianness mismatch between QEMU and the guest
kernel.
The guest kernel's clp_store_query_pci_fn() expects BAR values in
little-endian format and converts them with le32_to_cpu(). However, QEMU
was incorrectly sending them in big-endian format, not following the
architecture specification. This caused incorrect bit-swapping in the
kernel, leading zpci_setup_bus_resources() to perform registration checks
against invalid flags, making the process ineffective.
Observation values for zPCI device (NVMe passthrough):
LPAR from real CLP:
[ 0.865595] Resource: PCI Bus 0000:00 -> zdev->bar[0].val: 0x4
[ 0.865597] start: 0x4000000000000000
[ 0.865598] end: 0x4000000000003fff
[ 0.865600] flags: 0x100200
Signed-off-by: Jaehoon Kim <jhkim@linux.ibm.com> Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com> Reviewed-by: Farhan Ali <alifm@linux.ibm.com> Reviewed-by: Eric Farman <farman@linux.ibm.com>
Message-ID: <20260206164645.1845366-1-jhkim@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
tpm_emulator: tpm_emulator_set_state_blobs(): move to boolean return
The returned error is only used to check for success, so no reason
to use specific errno values.
Also, this is the only function with -errno contract in the file,
so converting it simplifies the whole file from three types of
contract (0/-1, 0/-errno, true/false) to only two (0/-1, true/false).
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Let's drop these explicit usage of errno. If we need this information,
it should be added to errp deeper in the stack.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Commit 3469a56fa3dc985 introduced errp passthrough for many
errors in the file. But in this specific case in
tpm_emulator_get_buffer_size(), it simply used errp=NULL, so we lose
printed error. Let's bring it back
Note also, that 3469a56fa3dc985 was fixing another commit, 42e556fa3f7a "backends/tpm: Propagate vTPM error on migration failure"
and didn't mention it.
Fixes: 3469a56fa3dc985 "tmp_emulator: improve and fix use of errp" Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Alex Bennée [Thu, 5 Feb 2026 21:02:31 +0000 (21:02 +0000)]
target/arm: implement FEAT_E2H0
FEAT_E2H0 is a formalisation of the existing behaviour of HCR_EL2.E2H
being programmable to switch between EL2 host mode and the
"traditional" nVHE EL2 mode. This implies at some point we might want
to model CPUs without FEAT_E2H0 which will always have EL2 host mode
enabled.
There are two values to represent no E2H0 systems of which 0b1110 will
make HCR_EL2.NV1 RES0 for FEAT_NV systems. For FEAT_NV2 the NV1 bit is
always valid.
Ashish Anand [Mon, 9 Feb 2026 05:19:31 +0000 (10:49 +0530)]
target/arm: Implement WFE, SEV and SEVONPEND for Cortex-M
Currently, QEMU implements the 'Wait For Event' (WFE) instruction as a
simple yield. This causes high host CPU usage because guest
RTOS idle loops effectively become busy-wait loops.
To improve efficiency, this patch transitions WFE to use the architectural
'Halt' state (EXCP_HLT) for M-profile CPUs. This allows the host thread
to sleep when the guest is idle.
To support this transition, we implement the full architectural behavior
required for WFE, specifically the 'Event Register', 'SEVONPEND' logic,
and 'R_BPBR' exception handling requirements defined in the ARM
Architecture Reference Manual.
This patch enables resource-efficient idle emulation for Cortex-M.
Signed-off-by: Ashish Anand <ashish.a6@samsung.com>
Message-id: 20260209051931.122531-1-ashish.a6@samsung.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Remove entry for "any" from cpu32 arm_tcg_cpus[] list
Since commit a0032cc5427 ("target/arm: Make 'any' CPU just an alias
for 'max'") the 'any' CPU QOM type is never used, because we change
"any" to "max" before creating the object. The array entry means we
have an unnecessary type in the system, and the only user-visible
effect is that "any" is listed in the "-cpu help" output for
qemu-arm. (System emulation already doesn't include this array
entry.)
Since qemu-aarch64 already doesn't include "any" in its "-cpu help"
output, we can reasonably drop it for qemu-arm also; remove the
not-very-useful array entry.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-id: 20260202153618.78675-2-philmd@linaro.org
[PMM: update commit message to note effect on help output.] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eric Auger [Tue, 10 Feb 2026 11:34:49 +0000 (11:34 +0000)]
hw/arm/virt: Rename arm_virt_compat into arm_virt_compat_defaults
Renaming arm_virt_compat into arm_virt_compat_defaults
makes more obvious that those compats apply to all machine
types by default, if not overriden for specific ones. This also
matches the terminology used for pc-q35.
Suggested-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Sebastian Ott <sebott@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Mohamed Mediouni [Tue, 10 Feb 2026 11:34:49 +0000 (11:34 +0000)]
whpx: arm64: implement -cpu host
Logic to fetch MIDR_EL1 for cpu 0 adapted from:
https://github.com/FEX-Emu/FEX/blob/e6de17e72ef03aa88ba14fa0ec13163061608c74/Source/Windows/Common/CPUFeatures.cpp#L62
Sebastian Ott [Tue, 10 Feb 2026 11:34:48 +0000 (11:34 +0000)]
target/arm/kvm: add constants for new PSCI versions
Add constants for PSCI version 1_2 and 1_3.
Signed-off-by: Sebastian Ott <sebott@redhat.com> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We leak notifier initialization on that failure path. Let's
cleanup it.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Halil Pasic <pasic@linux.ibm.com> Reviewed-by: Eric Farman <farman@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260119185228.203296-8-vsementsov@yandex-team.ru> Signed-off-by: Thomas Huth <thuth@redhat.com>
get_qemu_img() already skips the test if qemu-img is not found and does
not return None. Eliminate the check for None on its result, and the
unreachable skipTest() gated by it.
Signed-off-by: Yodel Eldar <yodel.eldar@yodel.dev> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260203182153.75276-1-yodel.eldar@yodel.dev> Signed-off-by: Thomas Huth <thuth@redhat.com>
Eric Farman [Mon, 2 Feb 2026 14:47:02 +0000 (15:47 +0100)]
MAINTAINERS: Replace backup for s390 PCI
Farhan has been doing a masterful job coming on in the
s390 PCI space, and my own attention has been lacking.
Let's make MAINTAINERS reflect reality.
Signed-off-by: Eric Farman <farman@linux.ibm.com> Acked-by: Farhan Ali <alifm@linux.ibm.com> Acked-by: Hendrik Brueckner <brueckner@linux.ibm.com> Acked-by: Matthew Rosato <mjrosato@linux.ibm.com> Acked-by: Christian Borntraeger <borntraeger@linux.ibm.com> Acked-by: Alex Williamson <alex@shazbot.org>
Message-ID: <20260202144702.1783102-1-farman@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Peter Maydell [Tue, 10 Feb 2026 09:12:38 +0000 (09:12 +0000)]
Merge tag 'pull-loongarch-20260210' of https://github.com/gaosong715/qemu into staging
pull-loongarch-2026-02-10
# -----BEGIN PGP SIGNATURE-----
#
# iLMEAAEKAB0WIQTKRzxE1qCcGJoZP81FK5aFKyaCFgUCaYqcuAAKCRBFK5aFKyaC
# FkgeA/9G0mHfS7GOrna5V3mUkTmCZt0vDRyhoUvQYhq5xOxiw6xTwUHSnUGhrW1X
# Rl5I7TcRiv/Bl6pmDB3c0lZ4+V70MQBufxpwURA3XzKT1C2RSjVHEr7p2WzRiXPF
# 0Zgam8cG2xugT3Al9gdsrba1br/OLXtJHj1+n/L6tgAI8V2Beg==
# =WO9M
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue Feb 10 02:49:28 2026 GMT
# gpg: using RSA key CA473C44D6A09C189A193FCD452B96852B268216
# gpg: Good signature from "Song Gao <gaosong@loongson.cn>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: CA47 3C44 D6A0 9C18 9A19 3FCD 452B 9685 2B26 8216
* tag 'pull-loongarch-20260210' of https://github.com/gaosong715/qemu:
target/loongarch: Add LA v1.1 instructions to max cpu
target/loongarch: Add sc.q instructions
target/loongarch: Add llacq/screl instructions
target/loongarch: Add estimated reciprocal instructions
target/loongarch: Add amcas[_db].{b/h/w/d}
target/loongarch: Add am{swap/add}[_db].{b/h}
target/loongarch: Require atomics to be aligned
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'single-binary-20260206' of https://github.com/philmd/qemu: (30 commits)
target-info: Statically initialize target_arch
meson: Add TARGET_ARCH to config_target_data
qapi: Add hexagon to SysEmuTarget
hw/or1k: Rename or1k-sim.c from openrisc_sim.c
docs/system/or1k: Rename from openrisc
tests/tcg/or1k: Rename from openrisc
hw/or1k: Rename from openrisc
include/hw/or1k: Rename from openrisc
target/or1k: Rename from openrisc
configs/targets: Restrict the legacy ldst_phys() API on x86 targets
hw/intc/ioapic: Replace legacy st_phys() -> address_space_st()
hw/intc: Mark x86-specific [IO]APIC peripherals as little-endian
target/i386: Use explicit little-endian LD/ST API
configs/targets: Restrict legacy ldst_phys() API on 32-bit SPARC target
target/sparc: Replace legacy st_phys() -> address_space_st()
configs/targets: Forbid SPARC to use legacy native endianness APIs
target/sparc: Replace MO_TE -> MO_BE
target/sparc: Remove dubious swapping in LD_code() helper
target/arm/arm-qmp-cmds.c: make compilation unit common
target/s390x: Expand tcg_global_mem_new() -> tcg_global_mem_new_i64()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Jiajie Chen [Wed, 19 Nov 2025 12:30:57 +0000 (20:30 +0800)]
target/loongarch: Add sc.q instructions
Add the sc.q instruction in LoongArch v1.1, guarded by CPUCFG2.SCQ. It
is implemented by reading 128bit data (llval + llval_high) in ll.d when
aligned to 16B boundary, and cmpxchg 128bit in sc.q. If ld.d
matches the higher part of the 128bit, its data is taken from
llval_high.
They are guarded by CPUCFG2.FRECIPE. Altought the instructions allow
implementation to improve performance by reducing precision, we use the
existing softfloat implementation.
Signed-off-by: Jiajie Chen <c@jia.je> Acked-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Song Gao <gaosong@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
projects / thirdparty / qemu.git / log
