Nicolin Chen [Thu, 29 Jan 2026 13:32:04 +0000 (13:32 +0000)]
hw/arm/smmuv3-accel: Add nested vSTE install/uninstall support
A device placed behind a vSMMU instance must have corresponding vSTEs
(bypass, abort, or translate) installed. The bypass and abort proxy nested
HWPTs are pre-allocated.
For translat HWPT, a vDEVICE object is allocated and associated with the
vIOMMU for each guest device. This allows the host kernel to establish a
virtual SID to physical SID mapping, which is required for handling
invalidations and event reporting.
An translate HWPT is allocated based on the guest STE configuration and
attached to the device when the guest issues SMMU_CMD_CFGI_STE or
SMMU_CMD_CFGI_STE_RANGE, provided the STE enables S1 translation.
If the guest STE is invalid or S1 translation is disabled, the device is
attached to one of the pre-allocated ABORT or BYPASS HWPTs instead.
While at it, export smmu_find_ste() for use here.
Signed-off-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Tested-by: Zhangfei Gao <zhangfei.gao@linaro.org> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com>
Message-id: 20260126104342.253965-15-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Implement the VFIO/PCI callbacks to attach and detach a HostIOMMUDevice
to a vSMMUv3 when accel=on,
- set_iommu_device(): attach a HostIOMMUDevice to a vIOMMU
- unset_iommu_device(): detach and release associated resources
In SMMUv3 accel=on mode, the guest SMMUv3 is backed by the host SMMUv3 via
IOMMUFD. A vIOMMU object (created via IOMMU_VIOMMU_ALLOC) provides a per-VM,
security-isolated handle to the physical SMMUv3. Without a vIOMMU, the
vSMMUv3 cannot relay guest operations to the host hardware nor maintain
isolation across VMs or devices. Therefore, set_iommu_device() allocates
a vIOMMU object if one does not already exist.
There are two main points to consider in this implementation:
1) VFIO core allocates and attaches a S2 HWPT that acts as the nesting
parent for nested HWPTs(IOMMU_DOMAIN_NESTED). This parent HWPT will
be shared across multiple vSMMU instances within a VM.
2) A device cannot attach directly to a vIOMMU. Instead, it attaches
through a proxy nested HWPT (IOMMU_DOMAIN_NESTED). Based on the STE
configuration,there are three types of nested HWPTs: bypass, abort,
and translate.
-The bypass and abort proxy HWPTs are pre-allocated. When SMMUv3
operates in global abort or bypass modes, as controlled by the GBPA
register, or issues a vSTE for bypass or abort we attach these
pre-allocated nested HWPTs.
-The translate HWPT requires a vDEVICE to be allocated first, since
invalidations and events depend on a valid vSID.
-The vDEVICE allocation and attach operations for vSTE based HWPTs
are implemented in subsequent patches.
In summary, a device placed behind a vSMMU instance must have a vSID for
translate vSTE. The bypass and abort vSTEs are pre-allocated as proxy
nested HWPTs and is attached based on GBPA register. The core-managed
nesting parent S2 HWPT is used as parent S2 HWPT for all the nested
HWPTs and is intended to be shared across vSMMU instances within the
same VM.
set_iommu_device():
- Reuse an existing vIOMMU for the same physical SMMU if available.
If not, allocate a new one using the nesting parent S2 HWPT.
- Pre-allocate two proxy nested HWPTs (bypass and abort) under the
vIOMMU and install one based on GBPA.ABORT value.
- Add the device to the vIOMMU’s device list.
unset_iommu_device():
- Re-attach device to the nesting parent S2 HWPT.
- Remove the device from the vIOMMU’s device list.
- If the list is empty, free the proxy HWPTs (bypass and abort)
and release the vIOMMU object.
Introduce struct SMMUv3AccelState, representing an accelerated SMMUv3
instance backed by an iommufd vIOMMU object, and storing the bypass and
abort proxy HWPT IDs.
Signed-off-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Tested-by: Zhangfei Gao <zhangfei.gao@linaro.org> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com>
Message-id: 20260126104342.253965-13-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Shameer Kolothum [Thu, 29 Jan 2026 13:32:04 +0000 (13:32 +0000)]
hw/arm/smmuv3-accel: Restrict accelerated SMMUv3 to vfio-pci endpoints with iommufd
Accelerated SMMUv3 is only meaningful when a device can leverage the host
SMMUv3 in nested mode (S1+S2 translation). To keep the model consistent
and correct, this mode is restricted to vfio-pci endpoint devices using
the iommufd backend.
Non-endpoint emulated devices such as PCIe root ports and bridges are also
permitted so that vfio-pci devices can be attached downstream. All other
device types are unsupported in accelerated mode.
Implement supports_address_space() callback to reject all such unsupported
devices.
This restriction also avoids complications with IOTLB invalidations. Some
TLBI commands (e.g. CMD_TLBI_NH_ASID) lack an associated SID, making it
difficult to trace the originating device. Allowing emulated endpoints
would require invalidating both QEMU’s software IOTLB and the host’s
hardware IOTLB, which can significantly degrade performance.
A key design choice is the address space returned for accelerated vfio-pci
endpoints. VFIO core has a container that manages an HWPT. By default, it
allocates a stage-1 normal HWPT, unless vIOMMU requests for a nesting
parent HWPT for accelerated cases.
VFIO core adds a listener for that HWPT and sets up a handler
vfio_container_region_add() where it checks the memory region.
-If the region is a non-IOMMU translated one (system address space), VFIO
treats it as RAM and handles all stage-2 mappings for the core allocated
nesting parent HWPT.
-If the region is an IOMMU address space, VFIO instead enables IOTLB
notifier handling and translation replay, skipping the RAM listener and
therefore not installing stage-2 mappings.
For accelerated SMMUv3, correct operation requires the S1+S2 nesting
model, and therefore VFIO must take the "system address space" path so
that stage-2 mappings are properly built. Returning an alias of the
system address space ensures this happens. Returning the IOMMU address
space would omit stage-2 mapping and break nested translation.
Another option considered was forcing a pre-registration path using
vfio_prereg_listener() to set up stage-2 mappings, but this requires
changes in VFIO core and was not adopted. Returning an alias of the
system address space keeps the design aligned with existing VFIO/iommufd
nesting flows and avoids the need for cross-subsystem changes.
In summary:
- vfio-pci devices(with iommufd as backend) return an address space
aliased to system address space.
- bridges and root ports return the IOMMU address space.
Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Tested-by: Zhangfei Gao <zhangfei.gao@linaro.org> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com>
Message-id: 20260126104342.253965-11-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Introduce an optional supports_address_space() callback in PCIIOMMUOps to
allow a vIOMMU implementation to reject devices that should not be attached
to it.
Currently, get_address_space() is the first and mandatory callback into the
vIOMMU layer, which always returns an address space. For certain setups, such
as hardware accelerated vIOMMUs (e.g. ARM SMMUv3 with accel=on), attaching
emulated endpoint devices is undesirable as it may impact the behavior or
performance of VFIO passthrough devices, for example, by triggering
unnecessary invalidations on the host IOMMU.
The new callback allows a vIOMMU to check and reject unsupported devices
early during PCI device registration.
Cc: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Tested-by: Zhangfei Gao <zhangfei.gao@linaro.org> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Message-id: 20260126104342.253965-9-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Shameer Kolothum [Thu, 29 Jan 2026 13:32:04 +0000 (13:32 +0000)]
hw/pci/pci: Move pci_init_bus_master() after adding device to bus
During PCI hotplug, in do_pci_register_device(), pci_init_bus_master()
is called before storing the pci_dev pointer in bus->devices[devfn].
This causes a problem if pci_init_bus_master() (via its
get_address_space() callback) attempts to retrieve the device using
pci_find_device(), since the PCI device is not yet visible on the bus.
Fix this by moving the pci_init_bus_master() call to after the device
has been added to bus->devices[devfn].
This prepares for a subsequent patch where the accel SMMUv3
get_address_space() callback retrieves the pci_dev to identify the
attached device type.
No functional change intended.
Cc: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Tested-by: Zhangfei Gao <zhangfei.gao@linaro.org> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Message-id: 20260126104342.253965-8-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Shameer Kolothum [Thu, 29 Jan 2026 13:32:04 +0000 (13:32 +0000)]
hw/arm/smmuv3-accel: Initialize shared system address space
To support accelerated SMMUv3 instances, introduce a shared system-wide
AddressSpace (shared_as_sysmem) that aliases the global system memory.
This shared AddressSpace will be used in a subsequent patch for all
vfio-pci devices behind all accelerated SMMUv3 instances within a VM.
Sharing a single system AddressSpace ensures that all devices behind
accelerated SMMUv3s use the same system address space pointer. This
allows VFIO/iommufd to reuse a single IOAS ID in iommufd_cdev_attach(),
enabling the Stage-2 page tables to be shared within the VM rather than
duplicated for each SMMUv3 instance.
Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Zhangfei Gao <zhangfei.gao@linaro.org> Tested-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com>
Message-id: 20260126104342.253965-7-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Set up dedicated PCIIOMMUOps for the accel SMMUv3, since it will need
different callback handling in upcoming patches. This also adds a
CONFIG_ARM_SMMUV3_ACCEL build option so the feature can be disabled
at compile time. Because we now include CONFIG_DEVICES in the header to
check for ARM_SMMUV3_ACCEL, the meson file entry for smmuv3.c needs to
be changed to arm_ss.add.
The “accel” property isn’t user visible yet and it will be introduced in
a later patch once all the supporting pieces are ready.
Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Zhangfei Gao <zhangfei.gao@linaro.org> Tested-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com>
Message-id: 20260126104342.253965-6-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Shameer Kolothum [Thu, 29 Jan 2026 13:32:04 +0000 (13:32 +0000)]
hw/arm/smmu-common: Make iommu ops part of SMMUState
Make iommu ops part of SMMUState and set to the current default smmu_ops.
No functional change intended. This will allow SMMUv3 accel implementation
to set a different iommu ops later.
Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Zhangfei Gao <zhangfei.gao@linaro.org> Tested-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com>
Message-id: 20260126104342.253965-5-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pierrick Bouvier [Thu, 22 Jan 2026 19:58:46 +0000 (11:58 -0800)]
meson: fix build of qemu-system-microblaze with --enable-modules
A previous commit wrongly skipped including the generated modinfo in
case hw_arch dictionary ends up being empty.
Fix that by adding an empty source set in dictionary in this case.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3280 Fixes: e8efe5ff4 (meson: Do not try to build module for empty per-target hw/ directory) Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Merge tag 'pull-request-2026-01-27' of https://gitlab.com/thuth/qemu into staging
* gitlab: preserve base rules for container template
* Fix some issues to make QEMU compilable on non-mainstream distros again
* Enforce sha256 as hashsum algorithm for all functional tests
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCgAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAml4ytMRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbX8LQ//dceTUIF2Ynakhce4MZjsHzM9YZz86knw
# 3MK8172k05Vcb/e4vlsqLv/gJYAu1XlZRGsEjSfFBi11FSQMORV3c3QLm0MkSIzR
# 7L3Zt9YnwBMEdMjJ/3moLPegRvE1kE/Kaa5t/wWP/eh34jgsubcnALktw9K5vkBP
# B/gYMKP5ZgYM+3UyNvy3FmtNGz4+U8IeURzqmgYvZ87BkCfT4DAR8WWBgjasGRSZ
# MjOYsJwtVLnm1eSzZRiJKAwzLgsQMJOp3UJFvGSTYFgalM+YP/MoV4aia3ZyKr5H
# iZQfqTdvRnp2KIJKsOJIYop3do/xUylKDYCXxESF61QyFugrA9igZ9i4tTtLBTJf
# M6ZDqdJIZj2auU4Pps6DXDjcpZcOpnhTI3exg4aCLDdUZt9DsZrdjGYnM6rf0TeK
# g7Cr+TXHEt8nMTymH3NXZLPCOyzpBbOH7a6ZbblLkOhV/KSZaazBBzpoC3FHKdfu
# l61+wbre3JCNSLUyNRh2eH112N2JR/J3Yg/8CLcAgQjsJfko701nfnb+kC8eoVtP
# YTCZmPPrbaSzzNrEamDC3YafyX3/92Y9NLiS6oEeoOog2Fy69V5tF4HzOkA4riBx
# LVk6aLkScJYYM/MI4vUYhYnK3yu9u9ioDDQJfPYgPOj5ariON7AA6ftU/WZkW7xL
# EP7xytLZBUE=
# =vTKP
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 28 Jan 2026 01:25:23 AM AEDT
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [unknown]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [unknown]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2026-01-27' of https://gitlab.com/thuth/qemu:
tests/functional: Enforce sha256 as hashsum algorithm for all tests
tests/vm: Make the haiku VM usable again
tests/vm: Update netbsd VM to version 10.1
pc-bios/optionrom: Use 32-bit linker emulation for the optionroms
tests/tracetool: Honor the Python interpreter that "configure" detected
tests/functional/x86_64: Use the right Python interpreter & fix format string
tests/functional/x86_64: Limit the memlock test to Linux hosts
tests/functional/riscv64: Silence warnings from Pylint in the boston test
gitlab: preserve base rules for container template
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-11.0-maintainer-updates-270126-1' of https://gitlab.com/stsquad/qemu into staging
MAINTAINER updates
- fix some malformed entries (names, lists, status)
- drop Mads from HVF and Tracing reviews
- add Pierrick for overall docs catcher
- add Pierrick as a linux-user reviewer
- add Pierrick as a co-maintainer for plugins
- set linux-user to Odd Fixes
- update core Arm to "Supported"
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAml4pGcACgkQ+9DbCVqe
# KkQA6wgAkkXh8ZfPmtqYurG75nAPT37t70OUyFxxf0/MmbvERzIuBrnl7AOxsKWt
# NGo0CnP/jD3hiC9f8ciUgp7XqS8xUMdbflkt7h/opoiD+72I6G1K7Z8IS6vIF++o
# xhGj6fOVQlVfib/wMFFSGbJ+W+Uii1zuX4N1dTT1xVMFs833aj6dQ3x2qHKXBO1S
# K2Hlj6kfcIOW0l85LK6SmpNnSlmK3seolXDcceQ6cqZtofjmrApLqIGuM4lyA6uG
# qNjKH3J2omFI7eUAvxu+xa/UT1zKJQFmH9f7qUKcXhHd5z7unIj/RrUEMRu/moge
# 3F7r7LCOJ5tJxZ86DdO52b2yf1nMEA==
# =CyCY
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 27 Jan 2026 10:41:27 PM AEDT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-11.0-maintainer-updates-270126-1' of https://gitlab.com/stsquad/qemu:
MAINTAINERS: add co-maintainer for TCG Plugins
MAINTAINERS: be realistic about *-user
MAINTAINERS: add reviewer for linux-user
MAINTAINERS: update Arm to Supported status
MAINTAINERS: add maintainer for docs/
MAINTAINERS: remove myself as reviewer
MAINTAINERS: regularise the status fields
MAINTAINERS: fix libvirt entry
MAINTAINERS: fix missing names
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* rust: move binding generation to bindings/
* rust: fixes for Windows
* target/i386/tcg: fix a few instructions that do not support VEX.L=1
* target/i386/tcg: various cleanups
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAml4h1QUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroP56Qf/cqjdwUO8GUNP5Og2s/D2wjiTeSTq
# 9oer3Jq2OUyh5zqt6oVXLjWIV6GOjaak9aSa8b23Ej4jC+Zjc0RRN9s6qXkCfvM7
# yrfQWnbIkkSmCWIp5stsqtXtE11wMWh25gjVNzj0tuPxNEzgYG8lyZT3/vgZ3B/o
# OO6s8HxNdgGrP5zeIMNeaF0OkdyF/JADv5NrKH57HYRyYE0ZMmn0G/RPxecyS7se
# W0KW7H6F6RqFPNf7W0Y9+uQjDttrinQ9Ni2+IIgZ9GaoIRloqslclmof9fxMizK9
# aqxuC8XmJkgF13V/9mLy+iZKO9fhlaCJ0CsxZqscmrzPNs7QWlJ3L9nDng==
# =4pTP
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 27 Jan 2026 08:37:24 PM AEDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [unknown]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
rust/hpet: remove stale TODO comment
target/i386/tcg: cleanup #ifdef TARGET_X86_64
target/i386/tcg: replace havesib variable with the SIB byte itself
target/i386/tcg: merge decode_modrm and decode_modrm_address split
target/i386/tcg: remove dead constants
target/i386/tcg: fix typo in dpps/dppd instructions
target/i386/tcg: fix a few instructions that do not support VEX.L=1
qdev: add hw/core/gpio.c to libhwcore
rust: move hwcore::sysbus to system crate
rust: move binding generation to bindings/
rust: move class_init to an extension trait
rust: hwcore: add chardev symbols to integration tests
rust: trace: libc does not have syslog on windows
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Thomas Huth [Wed, 21 Jan 2026 10:19:57 +0000 (11:19 +0100)]
tests/functional: Enforce sha256 as hashsum algorithm for all tests
The functional testing framework currently supports both, sha256
and sha512 as hashsums for the assets. However, all but one test
currently only use sha256, which should also be sufficient according
to the current security standards. Having two algorithms around already
caused some confusion (e.g. the clean_functional_cache.py script only
supports sha256 right now), so standardize now on enforcing sha256
before more tests use a mix of the two algorithms.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Aditya Gupta <adityag@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260121101957.82477-1-thuth@redhat.com>
Thomas Huth [Fri, 23 Jan 2026 18:44:29 +0000 (19:44 +0100)]
tests/vm: Make the haiku VM usable again
The haiku VM bitrotted in the course of time. Make sure to use the
latest version of the repositories here and install missing pieces
like "pip" and "tomli" now.
Since we nowadays also install our own version of meson in our venv,
this also requires a change to our configure script: On Haiku, the
meson binary shows up as pyvenv/non-packaged/bin/meson here, and not
in the expected location pyvenv/bin/meson. Adjust the "meson" variable
to point to that Haiku-specific location to fix this issue. See also:
https://github.com/haiku/haiku/blob/r1beta5/docs/user/storage/storageintro.dox
And finally, with the new toolchain from the beta 5, we also have to
compile with "-pie", otherwise the linker complains about bad relocations
in the object files, so allow compiling with PIE in the configure script
now.
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260123184429.5278-1-thuth@redhat.com>
Thomas Huth [Tue, 13 Jan 2026 19:35:54 +0000 (20:35 +0100)]
tests/vm: Update netbsd VM to version 10.1
NetBSD 10.1 has been released since more than a year, so it's time to
update our VM to that version.
Apart from the usual changes in the installation process, we also have
to disable the installation of the "jpeg" package now, otherwise the
package installation fails with an error message like this:
pkg_add: jpeg-9fnb1: conflicts with `libjpeg-turbo-[0-9]*', and
`libjpeg-turbo-3.1.3' is installed.
We also have to drop the executable bits from scripts/qemu-plugin-symbols.py
to force meson to use the detected Python interpreter instead of executing
the file directly (which tries to use the Python interpreter from the file's
shebang line).
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260113193554.123082-1-thuth@redhat.com>
Thomas Huth [Wed, 21 Jan 2026 07:48:19 +0000 (08:48 +0100)]
pc-bios/optionrom: Use 32-bit linker emulation for the optionroms
Without this linker flag, the linking fails on NetBSD v10.1 with:
ld: i386 architecture of input file `multiboot.o' is incompatible with i386:x86-64 output
ld: i386 architecture of input file `multiboot_dma.o' is incompatible with i386:x86-64 output
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260121074819.29396-1-thuth@redhat.com>
Thomas Huth [Thu, 15 Jan 2026 15:53:18 +0000 (16:53 +0100)]
tests/tracetool: Honor the Python interpreter that "configure" detected
The tracetool tests currently fail if the host installation does not
have a "python3" binary (and you compiled QEMU by selecting a different
one during the "configure" step). This happens because tracetool-test.py
executes scripts/tracetool.py directly, so that this script is run via
its shebang line. To fix the issue, use the same Python interpreter to
run scripts/tracetool.py as we are using to run the tracetool-test.py
script.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260115155318.37823-1-thuth@redhat.com>
Thomas Huth [Wed, 14 Jan 2026 10:11:01 +0000 (11:11 +0100)]
tests/functional/x86_64: Use the right Python interpreter & fix format string
The bad_vmstate test currently fails if the host does not have a "python3"
binary in $PATH because the vmstate-static-checker.py script is executed
directly, so that it gets run via its shebang line. Use the right Python
interpreter from sys.executable to fix this problem.
Additionally, there was another bug with the formatting of the error
message in case of failures: The "+" operator can only concatenate strings,
but not strings with integers. Use a proper format string here instead.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260114101101.36225-1-thuth@redhat.com>
Thomas Huth [Wed, 21 Jan 2026 11:11:40 +0000 (12:11 +0100)]
tests/functional/x86_64: Limit the memlock test to Linux hosts
The memlock test analyzes /proc/*/status files and expects the layout
from Linux in there. However, these files also exist on NetBSD hosts
with a completely different layout, causing this test to fail. Thus
limit the test to Linux hosts now. We already have a decorator to
skip a test if it is running on a certain host system, but in this
case, we rather want to skip if we are not running on a specific
host system, so introduce a new @skipUnlessOperatingSystem decorator
for this job.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260121111140.99482-1-thuth@redhat.com>
Thomas Huth [Fri, 16 Jan 2026 09:56:15 +0000 (10:56 +0100)]
tests/functional/riscv64: Silence warnings from Pylint in the boston test
Pylint complains:
tests/functional/riscv64/test_boston.py:1:0: C0114:
Missing module docstring (missing-module-docstring)
tests/functional/riscv64/test_boston.py:95:8: C0415:
Import outside toplevel (subprocess.run, subprocess.PIPE) (import-outside-toplevel)
tests/functional/riscv64/test_boston.py:112:17: W1510:
'subprocess.run' used without explicitly defining the value for 'check'. (subprocess-run-check)
tests/functional/riscv64/test_boston.py:95:8: W0611:
Unused PIPE imported from subprocess (unused-import)
Rework the code a little bit to make the linter happy.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Chao Liu <chao.liu.zevorn@gmail.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260116095615.269199-1-thuth@redhat.com>
gitlab: preserve base rules for container template
When extending the container template to allow scheduled pipelines in
upstream context, we must ensure that all the existing rules defined
by .base_job_template are preserved.
Fortunately since the new rule for scheduled pipelines can come at
the head of all other rules, not in the middle, we can just the obscure
'!reference' syntax to pull in all the pre-existing rules as a single
block.
This fixes
* stable branches using the wrong tag name in container images
* pushes to forks unconditionally running container builds
Fixes: 8bec7b9874235e60f14172618121c60fdbd39302 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Tested-by: Michael Tokarev <mjt@tls.msk.ru> Fixes: 8bec7b987423 ("gitlab: add a weekly container building job")
Message-ID: <20260119135528.2738108-1-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Pierrick Bouvier [Thu, 15 Jan 2026 20:25:09 +0000 (12:25 -0800)]
MAINTAINERS: add co-maintainer for TCG Plugins
I would like to help Alex to maintain TCG Plugins. We talked about it
and he will keep the priority for merging series, but I can occasionally
merge some of them when there is a special interest.
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20260115202511.2709767-1-pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Richard Henderson (4):
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
Merge tag 'pull-tcg-20251019' of https://gitlab.com/rth7680/qemu into staging
Stefan Hajnoczi (12):
Merge tag 'linux-user-fix-gupnp-pull-request' of https://github.com/hdeller/qemu-hppa into staging
Merge tag 'pull-10.0-testing-and-gdstub-updates-100225-1' of https://gitlab.com/stsquad/qemu into staging
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
Merge tag 'pull-loongarch-20250424' of https://github.com/gaosong715/qemu into staging
Merge tag 'pull-misc-2025-04-24' of https://repo.or.cz/qemu/armbru into staging
Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging
Merge tag 'hppa-fpe-fixup-pull-request' of https://github.com/hdeller/qemu-hppa into staging
Merge tag 'pull-target-arm-20250704' of https://gitlab.com/pm215/qemu into staging
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
Merge tag 'pull-10.1-rc0-maintainer-140725-1' of https://gitlab.com/stsquad/qemu into staging
Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging
Merge tag 'accel-20250715' of https://github.com/philmd/qemu into staging
None of the pull requests have come through the maintainers and while
there are a fair number of commits overall they have been mostly bug
fixes, re-factoring clean-ups and the occasional new syscall/ioctl
handling.
We should reflect the current status so users don't have unrealistic
expectations of how quickly things can get reviewed and merged.
Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-ID: <20260123145750.1200879-9-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Alex Bennée [Fri, 23 Jan 2026 14:57:39 +0000 (14:57 +0000)]
MAINTAINERS: update Arm to Supported status
We are involved in lots of areas of the QEMU code base but as I'm sure
most developers will realise we are actively funded to support the Arm
ecosystem for both emulation and virtualisation use-cases. Lets make
that clear in MAINTAINERS to keep parity with the other Supported
architectures.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20260123145750.1200879-7-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Pierrick Bouvier [Fri, 23 Jan 2026 14:57:38 +0000 (14:57 +0000)]
MAINTAINERS: add maintainer for docs/
I would like to help maintaining qemu documentation and I've been
invited by Alex to apply as maintainer.
Files in docs/ that are already maintained will continue to be under
their respective maintainer. The goal here is to have someone that can
help on all other files that don't have an official maintainer.
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Thomas Huth <thuth@redhat.com> Acked-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20260115203529.2713193-1-pierrick.bouvier@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20260123145750.1200879-6-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Alex Bennée [Fri, 23 Jan 2026 14:57:36 +0000 (14:57 +0000)]
MAINTAINERS: regularise the status fields
Orphaned isn't a state, Orphan is. Likewise all the other "Odd Fixes"
are capitalised so fix the ones that are not.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20260123145750.1200879-4-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Alex Bennée [Fri, 23 Jan 2026 14:57:35 +0000 (14:57 +0000)]
MAINTAINERS: fix libvirt entry
We have a particular tag for lists so lets use it.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Message-Id: <20180716073226.21127-3-armbru@redhat.com>
Message-ID: <20260123145750.1200879-3-alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Paolo Bonzini [Fri, 9 Jan 2026 14:42:59 +0000 (15:42 +0100)]
target/i386/tcg: cleanup #ifdef TARGET_X86_64
32-bit TCG opcodes produced for the i386 target usually looks the same
as 64-bit TCG opcodes produced for the x86_64. The special one that
needs extensions is 32-bit TCG opcodes produced for the x86_64 target.
Make all #ifdefs look the same, like this:
case MO_32:
#ifdef TARGET_X86_64
/* code using 32-bit opcodes */
case MO_64:
#endif
/* code using target_long opcodes */
default:
g_assert_not_reached();
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 23 Dec 2025 16:55:59 +0000 (17:55 +0100)]
target/i386/tcg: merge decode_modrm and decode_modrm_address split
Unlike the older code in translate.c, mod=11b *is* filtered out earlier
by decode_modrm, and it would have returned bogus code. Since the register
case is so simple, just inline decode_modrm_address into its caller instead
of removing the "if".
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 9 Jan 2026 14:30:36 +0000 (15:30 +0100)]
target/i386/tcg: remove dead constants
NB_OP_SIZES has been dead since the conversion to TCG, REG_L_OFFSET
since 2015, the others somewhere in the middle.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 7 Jan 2026 15:42:19 +0000 (16:42 +0100)]
target/i386/tcg: fix a few instructions that do not support VEX.L=1
Match the contents of table 2-17 ("#UD Exception and VEX.L Field Encoding")
in the SDM, for instruction in exception class 5. They were incorrectly
accepting 256-bit versions that do not exist.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 14 Jan 2026 16:34:10 +0000 (17:34 +0100)]
qdev: add hw/core/gpio.c to libhwcore
While GPIO functionality is not used by user-mode emulation, it is
conceptually part of qdev - GPIO pins are included in DeviceState
independent of whether this is system or user-mode emulation.
For the Rust bindings, having GPIO functionality in system_ss causes
a problem because, for simplicity, all methods of DeviceState are
included in the Rust hwcore crate. On Windows, rustc is not able
to do dead code elimination as well as on other OSes and this causes
an undefined symbol error, because gpio.c is not linked into the
rust/hw/core/rust-hwcore-rs-integration test binary.
To fix it, move gpio.c out of system_ss and into libhwcore.
Alternatively, it would be possible to define some DeviceState
methods also in the system crate, using for example a separate trace
SystemDeviceMethods. For now, keep all the methods in one crate and
link 200 unused lines of code into user-mode emulators.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 14 Jan 2026 08:44:36 +0000 (09:44 +0100)]
rust: move hwcore::sysbus to system crate
This inverts the dependency from hwcore to system, replacing it with
a dependency from system to hwcore. It also matches how hw/core/sysbus.h
is part of the system-sys crate, and hw/core/sysbus.c is part of system_ss
on the C side.
This fixes a linker error in hwcore integration tests on msys2.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Move raw FFI bindings generation to separate crates. This makes it
possible to reuse bindgen declarations for a header file in its
dependencies (this was not the case before this change), while keeping
multiple -sys crates to avoid rebuilding all the code whenever
something changes.
Because the -sys crates are generated in dependency order, this also
enforces that the crates are organized in something that resembles
the dependencies between C headers.
The meson.build for rust-safe crates becomes simpler, and it should be
possible in the future to let Meson's cargo support handle most of it.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
[General cleanup and Python script. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 14 Jan 2026 08:46:01 +0000 (09:46 +0100)]
rust: move class_init to an extension trait
Prepare for having ObjectClass, DeviceClass and SysbusDeviceClass
defined outside the hwcore and qom crates. It then becomes
impossible to add a method to them.
Extracted from a patch by Marc-André Lureau.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Merge tag 'pull-vfio-20260126' of https://github.com/legoater/qemu into staging
vfio queue:
* Fixes for vfio-user and CPR
* Fixes issues detected by Coverity
* Updates linux-headers to Linux v6.19-rc1
* Adds support for the creation of dma-buf objects for PCI BARs. This
allows safe P2P DMA operations when using iommufd host backend.
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAml3MhsACgkQUaNDx8/7
# 7KH5dg/+PKQIuokpJOgbxBjQNvrw4qAehsuv799+tmCJ621utRWplSqnLls2x8+R
# jIu1v8T830Cxl7C+KcaSthxH+dcCvvVtV1YgQUbpjJJU/M/D5yq/Nc6N4KRGHE7t
# zTs1nUx4kTZ70HTbpoDgnDbZpTpbhfk3a6yNk+e/JSgJV3rf58z7ZsqaGMtRxp10
# eK9xSXzFS2MOwHPWsE33BL6aju8N1BeHmqW+j3Thsoh/aGxoTOT5wUSuJ0n1UmWx
# X53Cc62XS0ToGFCYqwbe06kZtn+n+xP3DakLoaj6xqdjuGtNn2CFE3XWSTRJKFqJ
# B3ODyBhOuZkyJhluQ3dBqd+CzE5DCiNPxvPAEAHZjNoAD2FRiGT/ZEHY5+49yIMq
# sMRm1qluNYFU17PvN3BjkQHcxDEpGu+f9NHp6/USMtdY4N9LgH8WkMjP/WAr/dXp
# hh/f8xJlzSAt8YfFgCWNEsWao1aaeOf6Lmn6A4MxV0TfBpas4s9eD+35Qrlt3GsI
# FhD1h8M8+vK/mn51JyQDWKCl9vjKvN8RIrHLS32T0PE0OVmT+d1w1/ZWlxmJeLld
# KVM1ex68zIX1xMdIK6Ygwv2KEMJpIe5JzOZSDeha1X+IgfjdM6ou2m5dVQ6sJp2d
# hJnEqtVOl7Pwn+DyEEmLVSIU2djqUHd2KESjt29u0T39WY95KGI=
# =R7jr
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 26 Jan 2026 08:21:31 PM AEDT
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg: aka "Cédric Le Goater <clg@kaod.org>" [full]
* tag 'pull-vfio-20260126' of https://github.com/legoater/qemu:
vfio-user: update VFIOProxy flag constants to use the BIT() macro
vfio-user: fix VFIO_PROXY_USE_MULTI constant value
hw/vfio/region: Create dmabuf for PCI BAR per region
hw/vfio: Add helper to retrieve device feature
linux-headers: Update to Linux v6.19-rc1
hw/vfio: cpr-iommufd: Fix wrong usage of migrate_add_blocker_modes
vfio/migration: Fix page size calculation
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Mark Cave-Ayland [Wed, 21 Jan 2026 10:59:46 +0000 (10:59 +0000)]
vfio-user: update VFIOProxy flag constants to use the BIT() macro
This should help avoid incorrect constant values being used in future. At
the same time we can remove the gap left for BIT(1) which was originally
intended for the VFIO_PROXY_NO_MMAP feature which was removed from later
versions of the vfio-user series.
Nicolin Chen [Wed, 21 Jan 2026 11:41:11 +0000 (11:41 +0000)]
hw/vfio/region: Create dmabuf for PCI BAR per region
Linux now provides a VFIO dmabuf exporter to expose PCI BAR memory for P2P
use cases. Create a dmabuf for each mapped BAR region after the mmap is set
up, and store the returned fd in the region’s RAMBlock. This allows QEMU to
pass the fd to dma_map_file(), enabling iommufd to import the dmabuf and map
the BAR correctly in the host IOMMU page table.
If the kernel lacks support or dmabuf setup fails, QEMU skips the setup
and continues with normal mmap handling.
Tested-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Link: https://lore.kernel.org/qemu-devel/20260121114111.34045-4-skolothumtho@nvidia.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
Shameer Kolothum [Wed, 21 Jan 2026 11:41:10 +0000 (11:41 +0000)]
hw/vfio: Add helper to retrieve device feature
Add vfio_device_get_feature() as a common helper to retrieve
VFIO device features.
No functional change intended.
Reviewed-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Link: https://lore.kernel.org/qemu-devel/20260121114111.34045-3-skolothumtho@nvidia.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
Shameer Kolothum [Wed, 21 Jan 2026 11:41:09 +0000 (11:41 +0000)]
linux-headers: Update to Linux v6.19-rc1
Mainly for adding support for VFIO DMABUF. While at it, update all
headers.
The header update breaks virtio-net due to virtio_net_hdr_v1_hash
changes. Include the virtio-net changes to avoid build and bisect
failures.
Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Link: https://lore.kernel.org/qemu-devel/20260121114111.34045-2-skolothumtho@nvidia.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
Jim Shu [Wed, 21 Jan 2026 06:34:18 +0000 (14:34 +0800)]
hw/vfio: cpr-iommufd: Fix wrong usage of migrate_add_blocker_modes
The return value of API is 0 for success and negative error code for
failure. We'll check if the return value equals to 0.
Also, the MIG_MODE should be CPR_TRANSFER and CPR_EXEC instead
of 2 same bits.
The API usage is aligned with 'hw/vfio/cpr-legacy.c' after these 2
changes.
Zhenzhong Duan [Fri, 16 Jan 2026 06:03:15 +0000 (01:03 -0500)]
vfio/migration: Fix page size calculation
Coverity detected an issue of left shifting int by more than 31 bits leading
to undefined behavior.
In practice bcontainer->dirty_pgsizes always have some common page sizes
when dirty tracking is supported.
Resolves: Coverity CID 1644186
Resolves: Coverity CID 1644187
Resolves: Coverity CID 1644188 Fixes: 46c763311419 ("vfio/migration: Add migration blocker if VM memory is too large to cause unmap_bitmap failure"). Suggested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Link: https://lore.kernel.org/qemu-devel/20260116060315.65723-1-zhenzhong.duan@intel.com Signed-off-by: Cédric Le Goater <clg@redhat.com>
Merge tag 'linux-user-for-v11-pull-request' of https://github.com/hdeller/qemu-hppa into staging
linux-user: statx() syscall, termios2 support and futext() syscall fixes
v2:
Fix build error in which CentOS9 is lacking the definition of MADV_COLLAPSE
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCaXSIawAKCRD3ErUQojoP
# X1HtAQDmDfFPKNNL9+tRr+6d2mzfc2mM4B8prJhh1LdUaDy6SwEAmf/M080jpH5W
# ljtBSN41MIOfS4s3qFs2O9uL096YgQE=
# =WcLZ
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 24 Jan 2026 07:52:59 PM AEDT
# gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'linux-user-for-v11-pull-request' of https://github.com/hdeller/qemu-hppa:
linux-user: Fix MADV_XXX constants on hppa target
linux-user: strace: Fix 5th argument of futex syscall
linux-user: fixup termios2 related things on PowerPC
linux-user: Add missing termios baud rates
linux-user: Add termios2 support to sparc target
linux-user: Add termios2 support to sh4 target
linux-user: Add termios2 support to mips target
linux-user: Add termios2 support to hppa target
linux-user: Add termios2 support to alpha target
linux-user: Add termios2 support
linux-user: update statx emulation
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Helge Deller [Fri, 23 Jan 2026 15:01:08 +0000 (16:01 +0100)]
linux-user: Fix MADV_XXX constants on hppa target
Older hppa binaries may still use the old MADV_XXX constants for the
madivise() syscall. Fix it up in the same manner as it's done in the
Linux kernel in the parisc_madvise() function.
Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Merge tag 'migration-20260123-pull-request' of https://gitlab.com/farosas/qemu into staging
Migration pull request
- Removal of deprecated query-migrationthreads command
- Removal of deprecated QMP migrate argument 'detach'
- Removal of deprecated zero-blocks capability
- Removal of deprecated migration to file using fd: URI
- Improvements to fd handling in QEMUFile
- Cleanups to postcopy tests
- Cleanup of migration channel connection code
# -----BEGIN PGP SIGNATURE-----
#
# iQJEBAABCAAuFiEEqhtIsKIjJqWkw2TPx5jcdBvsMZ0FAmlz0PIQHGZhcm9zYXNA
# c3VzZS5kZQAKCRDHmNx0G+wxnS1hEADSUFCynktz0MwmPbun9rHI/DSTmkk2SFIj
# 4WI66Wgez805uD/Xa/r7qpqpjkTTFd+mgbfUlkcmiatrrPMFsYFP4cyrtFfLOl16
# ODmYZO+VQ+cFpzgXDsS1IrHSwaJ1zU7sFkYLXGJdwwhkDWDDxHpO/1OADG7HotkH
# GFaZaMFim4fAHuDp688uzbUsljNjaKNlqbZQFVeg2S+ewEFtp1/tTY2oRTuKA0Es
# BPeENU6xQxR26YPn8lZub61D12ZNw4BCKTNANGvnDGjTmC9Ijw3iAjEo5O4TWhca
# q7UPkFS9uuxIxtAeRul92XzAclASnZ52Lk1oTfP083GcXIepsFwNKKmZtulOjGm2
# bz8exu46WUSO0wxlWcM/DGfmkapKbXteP/nIBjpeRrYxxz4dBJ4MHHCNv487Si3Y
# Um8dar3wUNP6UZEt/ZGidJRvcigMwM01aDVXyn05qqHQ8Qfj93ozi9hz1ttHBeDP
# QuX6LlJ4wiU4z9QZqNaDe7pwSi/VdROkp3U0/0SVySudqE/vTC0YtUxq2miH7RLl
# VJsYPF9nZOEgKXCqMdzM4G9kr/jJ0Ou7z8hm/J6l19joBn79pf7FrRG935LCM7at
# 0xkF1D+D/O4+C/mnYemVXNwY35MhQR9OihS6DjVxYeySf4QIwUtuzBQ6W1pz9vJt
# EyLedtJXpg==
# =7sEk
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 24 Jan 2026 06:50:10 AM AEDT
# gpg: using RSA key AA1B48B0A22326A5A4C364CFC798DC741BEC319D
# gpg: issuer "farosas@suse.de"
# gpg: Good signature from "Fabiano Rosas <farosas@suse.de>" [unknown]
# gpg: aka "Fabiano Almeida Rosas <fabiano.rosas@suse.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: AA1B 48B0 A223 26A5 A4C3 64CF C798 DC74 1BEC 319D
* tag 'migration-20260123-pull-request' of https://gitlab.com/farosas/qemu: (36 commits)
migration/channel: Centralize calling migration_channel_connect_outgoing
migration: Remove qmp_migrate_finish
migration: Move CPR HUP watch to cpr-transfer.c
migration: Free cpr-transfer MigrationAddress along with gsource
migration: Move URI parsing to channel.c
migration: Move channel parsing to channel.c
migration: Move transport connection code into channel.c
migration: Move channel code to channel.c
migration: Rename instances of start
migration/channel: Rename migration_channel_connect
migration: Start incoming from channel.c
migration/rdma: Use common connection paths
migration: Move setting of QEMUFile into migration_outgoing|incoming_setup
migration: Handle error in the early async paths
migration: Fold migration_cleanup() into migration_connect_error_propagate()
migration: yank: Move register instance earlier
migration: Expand migration_connect_error_propagate to cover cancelling
migration: Move error reporting out of migration_cleanup
migration: Free the error earlier in the resume case
migration: Use migrate_mode() to query for cpr-transfer
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-target-arm-20260123' of https://gitlab.com/pm215/qemu into staging
target-arm queue:
* hw/arm/imx8mp-evk: Provide some defaults matching real hardware
* hw/intc: endianness fixes
* various: Clean up includes
* kernel-doc.py: sync with upstream Kernel v6.19-rc4
* scripts/clean-includes: Minor improvements; exclude list update
* docs/system/arm/imx8mp-evk: Avoid suggesting redundant CLI parameters
* docs/system/arm/xlnx-zynq.rst: Improve docs rendering
* docs: Be consistent about capitalization of 'Arm' (again)
* docs: Avoid unintended mailto: hyperlinks
* qemu-options.hx: Drop uses of @var
* qemu-options.hx: Improve formatting in colo-compare docs
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmlzju4ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3uU/D/9IHpo57UIHAF7vU9gsWm5k
# TxLl9PBw3ev2Uv6zWWza0wYZQF2ZcvqwMiU/AlBFuyJFyXTLocL3iN6Rsw+8kcjh
# jaq2hCtzSNJWj41CEU22l7iUfJ5PdOVdRYhhwlrQqxXDJj8Oj3plliRc6AL1EZYD
# mxAJ+YQ8pfJ/2ibO66sqwGMLjPsjCmmgfloTm/qFzk7QccQkPZKzDrC9CGGRmmRA
# tcdBGMtu+DOqpCRKIRul0S8ed2qaTecIK3+fUID0+qEzb10VWgFs/AAQiwLPkwyi
# RvMmIbC9lYVCnP+YC4HlvYMfd61V3lpzsUXgMIbdRZYsN/IlTVfetJUOVmn3LTQ/
# gGU0b+t6D/OZAt1L6toBngKVh89VPqbpGXEx4UMHCNIcvfI1Xo+HRT9ZV5WCw6b8
# sVKOZUwKs9ZbFAcrgBgskXp/5KWZAb92IFjwbfwxxl/2NRK3B3y7CDHBoOM/zQ9a
# rZ7rfJHhQVGR2+1QonNbpG0IFwbgs0zPQwBjPreGh6TWf2UiXvx1ku94Wxe2lA+5
# CPeju+swbFKRNjwSas6NZjJWazacohYG3nhmhF7HtcgX279BzIV0d+ZIl786Juls
# 4Vt4dPUxU/kHHZHjE52AZUS/opIy+UHAj0FKPAPpTrc7UfuHlY3gqoI7UfVpciau
# q3DqM7PlF2X91kw4xJ6JCA==
# =bE6w
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 24 Jan 2026 02:08:30 AM AEDT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [unknown]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20260123' of https://gitlab.com/pm215/qemu: (22 commits)
qemu-options.hx: Improve formatting in colo-compare docs
qemu-options.hx: Drop uses of @var
docs: avoid unintended mailto: hyperlinks
docs/system/arm/xlnx-zynq.rst: Improve docs rendering
hw/intc: avoid byte swap fiddling in gicv3 its path
hw/intc: declare GICv3 regions as little endian
hw/intc: declare GIC regions as little endian
hw/intc: declare NVIC regions as little endian
all: Clean up includes
misc: Clean up includes
bsd-user: Clean up includes
mshv: Clean up includes
scripts/clean-includes: Update exclude list
scripts/clean-includes: Give the args in git commit messages
scripts/clean-includes: Do all our exclusions with REGEXFILE
scripts/clean-includes: Make ignore-regexes one per line
scripts/clean-includes: Remove outdated comment
scripts/clean-includes: Allow directories on command line
docs: Be consistent about capitalization of 'Arm' (again)
kernel-doc.py: sync with upstream Kernel v6.19-rc4
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEIV1G9IJGaJ7HfzVi7wSWWzmNYhEFAmlzZqsACgkQ7wSWWzmN
# YhGITAf+I46cGYha4dE7Gepbqnk+/eHxURNhToX2yZwWsRBkn4LEWHxavWzYGhTk
# acaVL7zPiHG7S33xSUT7Ie3yrLvbpATAlBsa5xbEKS26KAVIzVtsmMJA6jHyKXUX
# RKBoX2zUkveMZCDtU0XSPjf/wzf7LyeFEDk/o9Agl5zzqfU3mfe58Zk+9MkpFJ9Y
# HEGgocbW4Kuu65RJzesejbrBw0f3PMq8cfktUJ8rj0o5v5MX58hrijBAbE5JLrxG
# Z2u1GvMFR4ZA3e+Mmgu5zg2/AZ4/ZrN9c8moxB9DWLVX8Psz4fJwyYm2Hx0ldhf4
# 4ETQ326nrAZ5REiUTea1FPACBSK7dw==
# =TV7k
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 23 Jan 2026 11:16:43 PM AEDT
# gpg: using RSA key 215D46F48246689EC77F3562EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* tag 'net-pull-request' of https://github.com/jasowang/qemu:
tests/qtest: Add test for filter-redirector rx event opened
qtest: add a test to test redirector status change
net/filter-redirector: add support for dynamic status on/off switching
tests/qtest: add test for filter-buffer interval change
net/filter-buffer: make interval change take effect immediately
net/tap: rework tap_set_sndbuf()
net/tap: tap_set_sndbuf(): add return value
net/tap: setup exit notifier only when needed
net/tap: rework scripts handling
net/tap: pass NULL to net_init_tap_one() in cases when scripts are NULL
net/tap: net_init_tap_one(): move parameter checking earlier
net/tap: net_init_tap_one(): drop extra error propagation
net/tap-linux.c: avoid abort when setting invalid fd
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Helge Deller [Fri, 23 Jan 2026 14:49:45 +0000 (15:49 +0100)]
linux-user: strace: Fix 5th argument of futex syscall
The 5th argument isn't printed, but instead the 4th argument is shown twice.
Fix this, and print the FUTEX_BITSET_MATCH_ANY string constant instead of -1
if the op is FUTEX_WAIT_BITSET or FUTEX_WAKE_BITSET.
Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Make the synchronous calls evident by not hiding the call to
migration_channel_connect_outgoing() in the transport code. Have those
functions return and call the function at the upper level.
This helps with navigation: the transport code returns the ioc,
there's no need to look into them when browsing the code.
It also allows RDMA in the source side to use the same path as the
rest of the transports.
While here, document the async calls which are the exception.
Fabiano Rosas [Fri, 23 Jan 2026 14:16:54 +0000 (11:16 -0300)]
migration: Remove qmp_migrate_finish
After cleanups, the qmp_migrate_finish function is now just a call to
migration_connect_outgoing(). Remove qmp_migrate_finish() and rename
the qmp_migrate_finish_cb callback.
This also allows the function's error handling to be removed as it now
receives &local_err like the rest of the callees of qmp_migrate().
Fabiano Rosas [Fri, 23 Jan 2026 14:16:53 +0000 (11:16 -0300)]
migration: Move CPR HUP watch to cpr-transfer.c
Move this CPR-specific code into a cpr file. While here, give the
functions more significant names.
This makes the new idea (after cpr-transfer) of having two parts to
qmp_migrate slightly more obvious: either wait for the hangup or
continue directly.
Fabiano Rosas [Fri, 23 Jan 2026 14:16:52 +0000 (11:16 -0300)]
migration: Free cpr-transfer MigrationAddress along with gsource
When setting a callback on a Glib source and giving it a data pointer,
it's natural to also provide the destructor for the data in question.
Since migrate_hup_add() already needs to clone the MigrationAddress
when setting the qmp_migrate_finish_cb callback, also pass the
qapi_free_MigrationAddress as the GDestroyNotify callback.
With this the address doesn't need to be freed at the callback body,
making the management of that memory slightly simpler.
Cc: Mark Kanda <mark.kanda@oracle.com> Cc: Ben Chaney <bchaney@akamai.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Prasad Pandit <pjp@fedoraproject.org> Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-23-farosas@suse.de Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Fri, 23 Jan 2026 14:16:51 +0000 (11:16 -0300)]
migration: Move URI parsing to channel.c
The migrate_uri_parse function is responsible for converting the URI
string into a MigrationChannel for consumption by the rest of the
code. Move it to channel.c and add a wrapper that calls both URI and
channels parsing.
Fabiano Rosas [Fri, 23 Jan 2026 14:16:50 +0000 (11:16 -0300)]
migration: Move channel parsing to channel.c
Encapsulate the MigrationChannelList parsing in a new
migrate_channels_parse() located at channel.c.
This also makes the memory management of the MigrationAddress more
uniform. Previously, half the parsing code (uri parsing) would
allocate memory for the address while the other half (channel parsing)
would instead pass the original QAPI object along. After this patch,
the MigrationAddress is always QAPI_CLONEd, so the callers can use
g_autoptr(MigrationAddress) in all cases.
Fabiano Rosas [Fri, 23 Jan 2026 14:16:48 +0000 (11:16 -0300)]
migration: Move channel code to channel.c
Move the code responsible for the various channels connection into
channel.c. This is all executed before the migration_thread and
process_incoming_migration_co are running, so it helps the reasoning
to have them out of migration.c.
migration_ioc_process_incoming becomes migration_channel_identify
which is more in line with what the function does.
Fabiano Rosas [Fri, 23 Jan 2026 14:16:47 +0000 (11:16 -0300)]
migration: Rename instances of start
To make it easier to follow the code, rename the functions that start
the migration thread and migration coroutine to contain the word
"start".
This will give new contributors the chance of seeing the word start
and reaching the actual migration code, instead of twists and turns of
qio_channel_add_watch and qio_task_run_in_thread.
Remove all other instances of "start" and use wording more suitable to
what the current migration stage is. The transport code such as
fd_start_migration_outgoing becomes fd_connect_outgoing, the early
setup code such as qemu_start_incoming_migration becomes
qemu_setup_incoming_migration and so on.
Rename migration_channel_connect to indicate this is the source
side. Future patches will do similar changes to the incoming side and
this will avoid inconsistencies in naming.
Fabiano Rosas [Fri, 23 Jan 2026 14:16:45 +0000 (11:16 -0300)]
migration: Start incoming from channel.c
Leave migration_ioc_process_incoming to do only the channel
identification process and move the migration start into
channel.c. Both routines will be renamed in the next patches to better
reflect their usage.
Fabiano Rosas [Fri, 23 Jan 2026 14:16:44 +0000 (11:16 -0300)]
migration/rdma: Use common connection paths
Use the common connection paths for the incoming and outgoing sides of
rdma migration. This removes one usage of QEMUFile from rdma.c. It
also allows further unification of the connection code in next
patches.
Move the channels enum to channel.h so rdma.c can access it. The RDMA
channel is considered a CH_MAIN channel.
Fabiano Rosas [Fri, 23 Jan 2026 14:16:43 +0000 (11:16 -0300)]
migration: Move setting of QEMUFile into migration_outgoing|incoming_setup
Centralize, on both sides of migration, the setting of the to_src_file
and from_dst_file QEMUFiles. This will clean up the interface with
channel.c and rdma.c, allowing those files to stop dealing with
QEMUFile themselves.
(multifd_recv_new_channel was changed to return bool+errp for
convenience)
Fabiano Rosas [Fri, 23 Jan 2026 14:16:42 +0000 (11:16 -0300)]
migration: Handle error in the early async paths
Simplify migration_channel_connect() and migration_connect() to not
take an error as input. Move the error handling into the paths that
generate the error.
To achieve this, call migration_connect_error_propagate() from
socket.c and tls.c, which are the async paths.
For the sync paths, the handling is done as normal by returning all
the way to qmp_migrate_finish(), except that now the sync paths don't
pass the error forward into migration_connect() anymore.
Fabiano Rosas [Fri, 23 Jan 2026 14:16:41 +0000 (11:16 -0300)]
migration: Fold migration_cleanup() into migration_connect_error_propagate()
Whenever an error occurs between migrate_init() and the start of
migration_thread, do cleanup immediately.
This allows the special casing for resume to be removed from
migration_connect(), that check is now done at
migration_connect_error_propagate() which already had a case for
resume.
The cleanup at qmp_migrate_finish_cb can also be removed because it
will always be reached either via the error path at
qmp_migrate_finish->migration_connect_error_propagate or via the
migrate_cleanup_bh.
The yank_unregister_instance at qmp_migrate() is now replaced by the
one at migration_cleanup().
Fabiano Rosas [Fri, 23 Jan 2026 14:16:40 +0000 (11:16 -0300)]
migration: yank: Move register instance earlier
Move the register_instance call to migrate_prepare() so it can be
paired with the unregister_instance at migration_cleanup(). Otherwise,
the cleanup cannot be run when cpr_state_save() fails because the
instance is registered only after it.
When resuming from a paused postcopy migration, migrate_prepare()
returns early, but migration_cleanup() doesn't run, so the yank will
remain paired.
Fabiano Rosas [Fri, 23 Jan 2026 14:16:39 +0000 (11:16 -0300)]
migration: Expand migration_connect_error_propagate to cover cancelling
Cover the CANCELLING state in migration_connect_error_propagate() and
use it to funnel errors from migrate_prepare() until the end of
migration_connect().
Fabiano Rosas [Fri, 23 Jan 2026 14:16:38 +0000 (11:16 -0300)]
migration: Move error reporting out of migration_cleanup
In the next patches migration_cleanup() will be used in qmp_migrate(),
which currently does not show an error message. Move the error
reporting out of migration_cleanup() to avoid duplicate messages.
For the resume case, migrate_prepare() returns early and doesn't reach
migrate_init(). Move the extra migrate_error_free() call to
migrate_prepare() along with the resume check.
Also change migrate_init() to use migrate_error_free(), so it's easier
to see where are the places the error gets freed.
Fabiano Rosas [Fri, 23 Jan 2026 14:16:34 +0000 (11:16 -0300)]
migration: Cleanup TLS handshake hostname passing
The TLS hostname is doing a tour around the world just to be cached
into s->hostname. We're already abusing MigrationState by doing that,
so incorporate the s->hostname into migration_tls_hostname() and stop
passing the string around.
Fabiano Rosas [Fri, 23 Jan 2026 14:16:32 +0000 (11:16 -0300)]
migration: Fix state change at migration_channel_process_incoming
When the incoming migration fails during the channel connection phase,
the state transition to FAILED is currently being done in the
MigrationState->state, but the MigrationIncomingState->state is the
one that should be used.
projects / thirdparty / qemu.git / log
