]> git.ipfire.org Git - thirdparty/qemu.git/log
thirdparty/qemu.git
6 months agorust: hide panicking default associated constants from rustdoc
Paolo Bonzini [Thu, 4 Dec 2025 09:19:00 +0000 (10:19 +0100)] 
rust: hide panicking default associated constants from rustdoc

Work around rustdoc issue that panics while trying to evaluate
the constants.

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agorust: fix reference to MemoryRegion
Paolo Bonzini [Wed, 26 Nov 2025 12:58:43 +0000 (13:58 +0100)] 
rust: fix reference to MemoryRegion

Use the wrapper struct, not the C one.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agorust: do not copy the SysBusDevice
Paolo Bonzini [Wed, 26 Nov 2025 12:39:08 +0000 (13:39 +0100)] 
rust: do not copy the SysBusDevice

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agorust: remove unnecessary repetitive options
Paolo Bonzini [Wed, 26 Nov 2025 18:04:50 +0000 (19:04 +0100)] 
rust: remove unnecessary repetitive options

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agorust: remove unused --cfg arguments
Paolo Bonzini [Wed, 26 Nov 2025 16:25:21 +0000 (17:25 +0100)] 
rust: remove unused --cfg arguments

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agorust: remove leftover bindings/
Marc-André Lureau [Tue, 25 Nov 2025 08:28:06 +0000 (12:28 +0400)] 
rust: remove leftover bindings/

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
6 months agoinclude: reorganize memory API headers
Paolo Bonzini [Thu, 27 Nov 2025 08:41:14 +0000 (09:41 +0100)] 
include: reorganize memory API headers

Move RAMBlock functions out of ram_addr.h and cpu-common.h;
move memory API headers out of include/exec and into include/system.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/hw.h to hw/core/, rename
Paolo Bonzini [Thu, 27 Nov 2025 07:41:37 +0000 (08:41 +0100)] 
include: move hw/hw.h to hw/core/, rename

Call it include/hw/core/hw-error.h since that is the only
thing it contains.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/vmstate-if.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:38:30 +0000 (08:38 +0100)] 
include: move hw/vmstate-if.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/sysbus.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:38:26 +0000 (08:38 +0100)] 
include: move hw/sysbus.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/stream.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:38:22 +0000 (08:38 +0100)] 
include: move hw/stream.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/resettable.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:38:18 +0000 (08:38 +0100)] 
include: move hw/resettable.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/register.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:38:15 +0000 (08:38 +0100)] 
include: move hw/register.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/registerfields.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:38:12 +0000 (08:38 +0100)] 
include: move hw/registerfields.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/qdev-properties-system.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:38:09 +0000 (08:38 +0100)] 
include: move hw/qdev-properties-system.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/qdev-properties.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:38:05 +0000 (08:38 +0100)] 
include: move hw/qdev-properties.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/qdev-dma.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:38:01 +0000 (08:38 +0100)] 
include: move hw/qdev-dma.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/qdev-core.h to hw/core/, rename
Paolo Bonzini [Thu, 27 Nov 2025 07:37:58 +0000 (08:37 +0100)] 
include: move hw/qdev-core.h to hw/core/, rename

Call it hw/core/qdev.h to avoid the duplication in the name.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/qdev-clock.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:37:54 +0000 (08:37 +0100)] 
include: move hw/qdev-clock.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/ptimer.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:37:51 +0000 (08:37 +0100)] 
include: move hw/ptimer.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/platform-bus.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:37:49 +0000 (08:37 +0100)] 
include: move hw/platform-bus.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/or-irq.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:37:45 +0000 (08:37 +0100)] 
include: move hw/or-irq.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/nmi.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:37:42 +0000 (08:37 +0100)] 
include: move hw/nmi.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/loader.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:37:39 +0000 (08:37 +0100)] 
include: move hw/loader.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/loader-fit.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:37:36 +0000 (08:37 +0100)] 
include: move hw/loader-fit.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/irq.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:37:32 +0000 (08:37 +0100)] 
include: move hw/irq.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/hotplug.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:37:29 +0000 (08:37 +0100)] 
include: move hw/hotplug.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/fw-path-provider.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:37:26 +0000 (08:37 +0100)] 
include: move hw/fw-path-provider.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/clock.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:37:22 +0000 (08:37 +0100)] 
include: move hw/clock.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/boards.h to hw/core/
Paolo Bonzini [Thu, 27 Nov 2025 07:37:19 +0000 (08:37 +0100)] 
include: move hw/boards.h to hw/core/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move hw/usb.h to hw/usb/
Paolo Bonzini [Thu, 27 Nov 2025 07:33:06 +0000 (08:33 +0100)] 
include: move hw/usb.h to hw/usb/

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: move memory_ldst* to include/system
Paolo Bonzini [Wed, 26 Nov 2025 10:26:16 +0000 (11:26 +0100)] 
include: move memory_ldst* to include/system

These partial headers are only included via system/memory.h, so keep them in
the same directory.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoinclude: name the MemReentrancyGuard struct
Paolo Bonzini [Wed, 26 Nov 2025 18:34:34 +0000 (19:34 +0100)] 
include: name the MemReentrancyGuard struct

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoi386/tcg/svm: fix comma operator typo
Nicholas Mosier [Tue, 11 Nov 2025 21:57:52 +0000 (13:57 -0800)] 
i386/tcg/svm: fix comma operator typo

A comma operator inappropriately terminates an expression
in svm_helper.c. Replace it with a semicolon.

Signed-off-by: Nicholas Mosier <nmosier@stanford.edu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/20251111-i386-svm-vmexit-typo-fix-v1-1-49f0414472cd@stanford.edu
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
6 months agoMerge tag 'qtest-20251226-pull-request' of https://gitlab.com/farosas/qemu into staging
Richard Henderson [Fri, 26 Dec 2025 21:44:15 +0000 (08:44 +1100)] 
Merge tag 'qtest-20251226-pull-request' of https://gitlab.com/farosas/qemu into staging

Qtest pull request

- Fix tests using deprecated machine versions

# -----BEGIN PGP SIGNATURE-----
#
# iQJEBAABCAAuFiEEqhtIsKIjJqWkw2TPx5jcdBvsMZ0FAmlOxGMQHGZhcm9zYXNA
# c3VzZS5kZQAKCRDHmNx0G+wxnQ8jEACKyE525JVTSBqa7UTVpU1WMmViHGYoQY1S
# bbGHTnWuMMXHFw0ptF1nMRQbKSZvtOJ7BDYDs/lYhNzKCJJ47/WkHyv9npUH1ttl
# jSbbZz0iN5RrIkRvVv3paiJ+uh3pCOSnThh86eUCf8W+7lwpulYVM5AUTg7cc7Lh
# sTCDbVp6im/tB5ePySUTp7edSc+tEXe1NufmKxOfw7znvn0Aqj+31F5KV39GvyQb
# CpaoPxVI6l6F489EcDiwzLXGoOTG6pmIx0fvDiHiC+u41lwLL/dDsWfXS03EdQmu
# GXD0SKSp7ta0QhxvhSlmasM/YqNIeXGGdNeAEVvoZdV9jm3KIFZViOqa7ObPxlGO
# h8ZBM3mwkDzLcszp1F1UF5a0HoBUv7F788W1Ocn3QEumFS2UmOG1xJ6vWhBCWOyC
# n6XrA9ollxuqpBL+wkZF1fKeFWQp0+umsaosQoC1l3+dw0MIgwf0wwncMD0XNMhO
# L3pRkH/kgNo0C6U4CwujpXtel3Q0C51+6kSzpKFUgpt/5Igd30jdDEszbrv1HKFB
# ZrTOuTFPOPIH9+BVZYbId4deyUUcs0zUNUO+xpizBuq4kNg1npxGLJO77kNYOSdJ
# TurJcyAkwQp9Wd0kcMzXOVA0qKJvmsWtX36GCBhrecaW+sWLq8b8uYv8LBdFvaRh
# 3Z5depSLQQ==
# =n+cs
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 27 Dec 2025 04:22:43 AM AEDT
# gpg:                using RSA key AA1B48B0A22326A5A4C364CFC798DC741BEC319D
# gpg:                issuer "farosas@suse.de"
# gpg: Good signature from "Fabiano Rosas <farosas@suse.de>" [unknown]
# gpg:                 aka "Fabiano Almeida Rosas <fabiano.rosas@suse.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: AA1B 48B0 A223 26A5 A4C3  64CF C798 DC74 1BEC 319D

* tag 'qtest-20251226-pull-request' of https://gitlab.com/farosas/qemu:
  tests/qtest: Do not use versioned pc-q35-5.0 machine anymore

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agoMerge tag 'hppa-updates-qemu-v11-pull-request' of https://github.com/hdeller/qemu...
Richard Henderson [Fri, 26 Dec 2025 21:43:07 +0000 (08:43 +1100)] 
Merge tag 'hppa-updates-qemu-v11-pull-request' of https://github.com/hdeller/qemu-hppa into staging

Please pull fixes and updates for the parisc architecture:

- New SeaBIOS-hppa v21 mit fixes for 715 machine
- ncr710 fixes for NetBSD and HP-UX on 715 machine
- 64-bit gdb support

Thanks!
Helge

# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCaUq53gAKCRD3ErUQojoP
# X0fqAP4wmQIDeyknz4uSZlfaNS7L6HElMrz1jiyyh0avKA/TjwD/UkSvVJJ5Ww7W
# DRx9W5Lg7if93+hQl00QnJGTzgQZQQo=
# =zro8
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 24 Dec 2025 02:48:46 AM AEDT
# gpg:                using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg:                 aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D  25F8 3E5F 3D04 A7A2 4603
#      Subkey fingerprint: BCE9 123E 1AD2 9F07 C049  BBDE F712 B510 A23A 0F5F

* tag 'hppa-updates-qemu-v11-pull-request' of https://github.com/hdeller/qemu-hppa:
  target/hppa: add 64 bit support to gdbstub
  scsi: ncr710: Fix CTEST FIFO status
  scsi: ncr710: Fix DSA register
  scsi: ncr710: Simplify disconnect handling
  scsi: ncr710: Add LUN scanning
  scsi: ncr710: Mark command complete in status phase and fix disconnect
  scsi: ncr710: Fix table indirect addressing endianness
  scsi: ncr710: Fix DMA State machine and flow control
  scsi: ncr710: Fix interrupt related register handing
  scsi: ncr710: Fix use after free in command_complete
  scsi: ncr710: Add null pointer checks
  target/hppa: Update SeaBIOS-hppa to version 21

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agoMerge tag 'next-pull-request' of https://gitlab.com/peterx/qemu into staging
Richard Henderson [Fri, 26 Dec 2025 21:42:37 +0000 (08:42 +1100)] 
Merge tag 'next-pull-request' of https://gitlab.com/peterx/qemu into staging

memory + migration pull

- Pawel's misc fixes to mapped-ram when x-ignore-share is enabled
- Peter's series to cleanup migration error reporting
- Peter's added debug property for x-ignore-shared
- Part of Fabiano's series on unify capabilities and parameters
- Chuang's log_clear optimization on unaligned ramblocks
- Maintainer file update from Ben (CPR++) and David (MemoryAPI-)

# -----BEGIN PGP SIGNATURE-----
#
# iIgEABYKADAWIQS5GE3CDMRX2s990ak7X8zN86vXBgUCaUqnKhIccGV0ZXJ4QHJl
# ZGhhdC5jb20ACgkQO1/MzfOr1wbOSgD/b62g/6CnM3WtvzsGhOodjO1vixaYOxXk
# BO5k8x0mea8A/ibOOI4MreDfJ7cx6KtI+Pn2ooyJBPAtMJLYiPvaDmUF
# =KmkA
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 24 Dec 2025 01:28:58 AM AEDT
# gpg:                using EDDSA key B9184DC20CC457DACF7DD1A93B5FCCCDF3ABD706
# gpg:                issuer "peterx@redhat.com"
# gpg: Good signature from "Peter Xu <xzpeter@gmail.com>" [unknown]
# gpg:                 aka "Peter Xu <peterx@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B918 4DC2 0CC4 57DA CF7D  D1A9 3B5F CCCD F3AB D706

* tag 'next-pull-request' of https://gitlab.com/peterx/qemu: (31 commits)
  MAINTAINERS: remove David from "Memory API" section
  migration: merge fragmented clear_dirty ioctls
  tests/qtest/migration: Pass MigrateStart into cancel tests
  tests/qtest/migration: Pass MigrateCommon into test functions
  migration: Use QAPI_CLONE_MEMBERS in query_migrate_parameters
  migration: Extract code to mark all parameters as present
  migration: Do away with usage of QERR_INVALID_PARAMETER_VALUE
  migration: Remove checks for s->parameters has_* fields
  migration: Add a flag to track block-bitmap-mapping input
  migration: Run a post update routine after setting parameters
  qapi/migration: Don't document MigrationParameter
  migration: Remove MigrateSetParameters
  migration: Normalize tls arguments
  tests/qtest/migration: Add a NULL parameters test for TLS
  migration: Add a qdev property for StrOrNull
  migration: Fix leak of cpr_exec_command
  migration: Fix leak of block_bitmap_mapping
  MAINTAINERS: Update reviewers for CPR
  migration/options: Add x-ignore-shared
  migration: Use error_propagate() in migrate_error_propagate()
  ...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agotests/qtest: Do not use versioned pc-q35-5.0 machine anymore
Philippe Mathieu-Daudé [Wed, 24 Dec 2025 08:57:14 +0000 (09:57 +0100)] 
tests/qtest: Do not use versioned pc-q35-5.0 machine anymore

As of QEMU v10.2.0, the v5.0.0 machines are not usable anymore.

Use the latest x86 q35 machine instead, otherwise we get:

  $ qemu-system-x86_64 -M pc-q35-5.0
  qemu-system-x86_64: unsupported machine type: "pc-q35-5.0"
  Use -machine help to list supported machines

See commit a35f8577a07 ("include/hw: add macros for deprecation
& removal of versioned machines") and f59ee044067 ("include/hw/boards:
cope with dev/rc versions in deprecation checks") for explanation
on automatically removed versioned machines.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Link: https://lore.kernel.org/qemu-devel/20251224085714.83169-1-philmd@linaro.org
Signed-off-by: Fabiano Rosas <farosas@suse.de>
6 months agotarget/hppa: add 64 bit support to gdbstub
Sven Schnelle [Thu, 13 Nov 2025 04:48:57 +0000 (05:48 +0100)] 
target/hppa: add 64 bit support to gdbstub

Signed-off-by: Sven Schnelle <svens@stackframe.org>
Reviewed-by: Helge Deller <deller@gmx.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
6 months agoscsi: ncr710: Fix CTEST FIFO status
Soumyajyotii Ssarkar [Sun, 21 Dec 2025 14:23:17 +0000 (19:53 +0530)] 
scsi: ncr710: Fix CTEST FIFO status

Update CTEST1 FIFO status when CTEST8 is written, setting to 0xFF when
FIFO is flushed, otherwise clear to 0x00.

Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
6 months agoscsi: ncr710: Fix DSA register
Soumyajyotii Ssarkar [Sun, 21 Dec 2025 14:23:16 +0000 (19:53 +0530)] 
scsi: ncr710: Fix DSA register

Implement bytewise write handling for DSA register instead of using
the macro, as NetBSD driver accesses it byte by byte.

Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
6 months agoscsi: ncr710: Simplify disconnect handling
Soumyajyotii Ssarkar [Sun, 21 Dec 2025 14:23:15 +0000 (19:53 +0530)] 
scsi: ncr710: Simplify disconnect handling

Simplify disconnect instruction by unconditionally clearing waiting
statements when command completes.

Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
6 months agoscsi: ncr710: Add LUN scanning
Soumyajyotii Ssarkar [Sun, 21 Dec 2025 14:23:14 +0000 (19:53 +0530)] 
scsi: ncr710: Add LUN scanning

Add multi LUN support by scanning all 8 LUNs when ANT bit is set.

Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
6 months agoscsi: ncr710: Mark command complete in status phase and fix disconnect
Soumyajyotii Ssarkar [Sun, 21 Dec 2025 14:23:13 +0000 (19:53 +0530)] 
scsi: ncr710: Mark command complete in status phase and fix disconnect

Set command_complete flag after status_phase and use_phase_clearing,
instead of full disconnect during message processing.

Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
6 months agoscsi: ncr710: Fix table indirect addressing endianness
Soumyajyotii Ssarkar [Sun, 21 Dec 2025 14:23:12 +0000 (19:53 +0530)] 
scsi: ncr710: Fix table indirect addressing endianness

Correct the endianness conversion for table indirect addressing and
use be32_to_cpu() instead of cpu_to_le32().

This fix descriptor table parsing when using indirect addressing modes
in SCRIPTS.

Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
6 months agoscsi: ncr710: Fix DMA State machine and flow control
Soumyajyotii Ssarkar [Sun, 21 Dec 2025 14:23:11 +0000 (19:53 +0530)] 
scsi: ncr710: Fix DMA State machine and flow control

Set waiting state and return after scsi_req_continue() to prevent
re entrancy when DMA transfer completes.

Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
6 months agoscsi: ncr710: Fix interrupt related register handing
Soumyajyotii Ssarkar [Sun, 21 Dec 2025 14:23:10 +0000 (19:53 +0530)] 
scsi: ncr710: Fix interrupt related register handing

These fixes ensure proper interrupt signaling and status
register behavior during SCSI operations:
- Mask DFE bit in ncr710_update_irq()
- Remove manual ISTAT_DIP clearing, let ncr710_update_irq()
  handle it consistently
- Fix SSTAT0 read to clear unconditionally when non zero
- Fix SSTAT2 read was returning DSTAT instead
- Preserve DFE status bit when clearing DSTAT

Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
6 months agoscsi: ncr710: Fix use after free in command_complete
Soumyajyotii Ssarkar [Sun, 21 Dec 2025 14:23:09 +0000 (19:53 +0530)] 
scsi: ncr710: Fix use after free in command_complete

Add proper hba_private pointer cleanup in ncr710_command_complete.
This prevents use after free errors from occuring.

This was causing memory corruption in NetBSD device initialization
when commands complete and the request structures were freed while
still being referenced.

Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
6 months agoscsi: ncr710: Add null pointer checks
Soumyajyotii Ssarkar [Sun, 21 Dec 2025 14:23:08 +0000 (19:53 +0530)] 
scsi: ncr710: Add null pointer checks

Add nullpointer safety checks in ncr710_request_free() and
ncr710_request_cancelled() to prevent crashed while handing invalid req
structures.

Added to preventing memory corruption, which occured during device
initialization.

Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
6 months agotarget/hppa: Update SeaBIOS-hppa to version 21
Helge Deller [Mon, 22 Dec 2025 20:52:55 +0000 (21:52 +0100)] 
target/hppa: Update SeaBIOS-hppa to version 21

Some small bugfixes for the 715/64 machine:
- fix CPU detection of 715 in HP-UX and NetBSD
- minor cleanups regarding LASI_SCSI for 715

Signed-off-by: Helge Deller <deller@gmx.de>
6 months agoMAINTAINERS: remove David from "Memory API" section
David Hildenbrand (Red Hat) [Mon, 22 Dec 2025 14:14:38 +0000 (15:14 +0100)] 
MAINTAINERS: remove David from "Memory API" section

I don't have a lot of capacity to do any maintanance (or even review) of
"Memory API" lately, so remove myself. Fortunately we still do have two
other maintainers and one reviewer :)

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: David Hildenbrand (Red Hat) <david@kernel.org>
Link: https://lore.kernel.org/r/20251222141438.409218-1-david@kernel.org
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: merge fragmented clear_dirty ioctls
Chuang Xu [Thu, 18 Dec 2025 11:42:20 +0000 (19:42 +0800)] 
migration: merge fragmented clear_dirty ioctls

In our long-term experience in Bytedance, we've found that under
the same load, live migration of larger VMs with more devices is
often more difficult to converge (requiring a larger downtime limit).

Through some testing and calculations, we conclude that bitmap sync time
affects the calculation of live migration bandwidth.

When the addresses processed are not aligned, a large number of
clear_dirty ioctl occur (e.g. a 4MB misaligned memory can generate
2048 clear_dirty ioctls from two different memory_listener),
which increases the time required for bitmap_sync and makes it
more difficult for dirty pages to converge.

For a 64C256G vm with 8 vhost-user-net(32 queue per nic) and
16 vhost-user-blk(4 queue per blk), the sync time is as high as *73ms*
(tested with 10GBps dirty rate, the sync time increases as the dirty
page rate increases), Here are each part of the sync time:

- sync from kvm to ram_list: 2.5ms
- vhost_log_sync:3ms
- sync aligned memory from ram_list to RAMBlock: 5ms
- sync misaligned memory from ram_list to RAMBlock: 61ms

Attempt to merge those fragmented clear_dirty ioctls, then syncing
misaligned memory from ram_list to RAMBlock takes only about 1ms,
and the total sync time is only *12ms*.

Signed-off-by: Chuang Xu <xuchuangxclwt@bytedance.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251218114220.83354-1-xuchuangxclwt@bytedance.com
[peterx: drop var "offset" in physical_memory_sync_dirty_bitmap]
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agotests/qtest/migration: Pass MigrateStart into cancel tests
Fabiano Rosas [Mon, 15 Dec 2025 22:00:12 +0000 (19:00 -0300)] 
tests/qtest/migration: Pass MigrateStart into cancel tests

Pass the "args" parameter to the cancel tests so they can access the
config object which will be part of this struct.

Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251215220041.12657-27-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agotests/qtest/migration: Pass MigrateCommon into test functions
Fabiano Rosas [Mon, 15 Dec 2025 22:00:11 +0000 (19:00 -0300)] 
tests/qtest/migration: Pass MigrateCommon into test functions

With the upcoming addition of the config QDict, the tests will need a
better way of managing the memory of the test data than putting the
test arguments on the stack of the test functions. The config QDict
will need to be merged into the arguments of migrate_qmp* functions,
which causes a refcount increment, so the test functions would need to
allocate and deref the config QDict themselves.

A better approach is to already pass the arguments into the test
functions and do the memory management in the existing wrapper. There
is already migration_test_destroy(), which is called for every test.

Do the following:

- merge the two existing wrappers, migration_test_wrapper() and
  migration_test_wrapper_full(). The latter was pioneer in passing
  data into the tests, but now all tests will receive data, so we
  don't need it anymore.

  The usage of migration_test_wrapper_full() was in passing a slightly
  different test name string into the cancel tests, so still keep the
  migration_test_add_suffix() function.

- add (char *name, MigrateCommon *args) to the signature of all test
  functions.

- alter any code to stop allocating args on the stack and instead use
  the object that came as parameter.

- pass args around as needed.

- while here, order args (MigrateCommon) before args->start
  (MigrateStart) and put a blank like in between.

No functional change.

Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251215220041.12657-26-farosas@suse.de
[peterx: fix a conflict with newly added mapped-ram+ignore-share test]
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Use QAPI_CLONE_MEMBERS in query_migrate_parameters
Fabiano Rosas [Mon, 15 Dec 2025 21:59:59 +0000 (18:59 -0300)] 
migration: Use QAPI_CLONE_MEMBERS in query_migrate_parameters

QAPI_CLONE_MEMBERS is a better option than copying parameters one by
one because it operates on the entire struct and follows pointers. It
also avoids the need to alter this function every time a new parameter
is added.

For this to work, the has_* fields of s->parameters need to be already
set beforehand, so move migrate_mark_all_params_present() to the init
routine.

Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251215220041.12657-14-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Extract code to mark all parameters as present
Fabiano Rosas [Mon, 15 Dec 2025 21:59:58 +0000 (18:59 -0300)] 
migration: Extract code to mark all parameters as present

MigrationParameters needs to have all of its has_* fields marked as
true when used as the return of query_migrate_parameters because the
corresponding QMP command has all of its members non-optional by
design, despite them being marked as optional in migration.json.

Extract this code into a function and make it assert if any field is
missing. With this we ensure future changes will not inadvertently
leave any parameters missing.

Note that the block-bitmap-mapping is a special case because the empty
list is considered a valid value, so it has historically not been
present in the command's output if it has never been set.

CC: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251215220041.12657-13-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Do away with usage of QERR_INVALID_PARAMETER_VALUE
Fabiano Rosas [Mon, 15 Dec 2025 21:59:57 +0000 (18:59 -0300)] 
migration: Do away with usage of QERR_INVALID_PARAMETER_VALUE

The QERR_INVALID_PARAMETER_VALUE macro is documented as not to be used
in new code. Remove the usage from migration/options.c.

Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251215220041.12657-12-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Remove checks for s->parameters has_* fields
Fabiano Rosas [Mon, 15 Dec 2025 21:59:56 +0000 (18:59 -0300)] 
migration: Remove checks for s->parameters has_* fields

The migration parameters validation produces a temporary structure
which is the merge of the current parameter values (s->parameters,
MigrationParameters) with the new parameters set by the user
(former MigrateSetParameters).

When copying the values from s->parameters into the temporary
structure, the has_* fields are copied along, but when merging the
user-input values they are not.

During migrate_params_check(), only the parameters that have the
corresponding has_* field will be checked, so only the parameters that
were initialized in migrate_params_init() will be validated.

This causes (almost) all of the migration parameters to be validated
every time a parameter is set, regardless of which fields the user
touched, but it also skips validation of any values that are not set
in migrate_params_init().

It's not clear what was the intention of the original code, whether to
validate all fields always, or only validate what the user input
changed. Since the current situation is closer to the former option,
make the choice of validating all parameters by removing the checks
for the has_* fields when validating.

Note that bringing the user input into the temporary structure for
validation still needs to look at the has_* fields, otherwise any
parameters not set by the user (i.e. 0) would override the
corresponding value in s->parameters.

The empty migrate_params_init() will be kept because subsequent
patches will add code to it.

Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251215220041.12657-11-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Add a flag to track block-bitmap-mapping input
Fabiano Rosas [Mon, 15 Dec 2025 21:59:55 +0000 (18:59 -0300)] 
migration: Add a flag to track block-bitmap-mapping input

The QAPI converts an empty list on the block-bitmap-mapping input into
a NULL BitmapMigrationNodeAliasList. The empty list is a valid input
for the block-bitmap-mapping option, so commit 3cba22c9ad ("migration:
Fix block_bitmap_mapping migration") started using the
s->parameters.has_block_bitmap_mapping field to tell when the user has
passed in an empty list vs. when no list has been passed at all.

Using s->parameters.has_block_bitmap_mapping field is only possible
because MigrationParameters has had its members made optional due to
historical reasons.

In order to make improvements to the way configuration options are set
for a migration, we'd like to reduce the open-coded usage of the has_*
fields of the global configuration object (s->parameters).

Add a separate boolean to track the status of the block_bitmap_mapping
option.

No functional change intended.

(this was verified to not regress iotest 300, which is the test that
3cba22c9ad refers to)

CC: Kevin Wolf <kwolf@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251215220041.12657-10-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Run a post update routine after setting parameters
Fabiano Rosas [Mon, 15 Dec 2025 21:59:54 +0000 (18:59 -0300)] 
migration: Run a post update routine after setting parameters

Some migration parameters are updated immediately once they are set
via migrate-set-parameters. Move that work outside of
migrate_params_apply() and leave that function with the single
responsibility of setting s->parameters and not doing any
side-effects.

Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251215220041.12657-9-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agoqapi/migration: Don't document MigrationParameter
Fabiano Rosas [Mon, 15 Dec 2025 21:59:53 +0000 (18:59 -0300)] 
qapi/migration: Don't document MigrationParameter

The MigrationParameter (singular) enumeration is not part of the
migration QMP API, it's only used for nicely converting HMP strings
into MigrationParameters (plural) members and for providing readline
completion.

Documenting this enum only serves to duplicate documentation between
MigrationParameter and MigrationParameters.

Add an exception to QAPIs pragma.json and stop documenting it.

The generated "QEMU QMP Reference Manual" now lists the enum members
as "Not documented."  Tolerable.

Acked-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251215220041.12657-8-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Remove MigrateSetParameters
Fabiano Rosas [Mon, 15 Dec 2025 21:59:52 +0000 (18:59 -0300)] 
migration: Remove MigrateSetParameters

Now that the TLS options have been made the same between
migrate-set-parameters and query-migrate-parameters, a single type can
be used. Remove MigrateSetParameters.

The TLS options documentation from MigrationParameters were replaced
with the ones from MigrateSetParameters which was more complete.

Acked-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251215220041.12657-7-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Normalize tls arguments
Fabiano Rosas [Mon, 15 Dec 2025 21:59:51 +0000 (18:59 -0300)] 
migration: Normalize tls arguments

The migration parameters tls_creds, tls_authz and tls_hostname
currently have a non-uniform handling. When used as arguments to
migrate-set-parameters, their type is StrOrNull and when used as
return value from query-migrate-parameters their type is a plain
string.

Not only having to convert between the types is cumbersome, but it
also creates the issue of requiring two different QAPI types to be
used, one for each command. MigrateSetParameters is used for
migrate-set-parameters with the TLS arguments as StrOrNull while
MigrationParameters is used for query-migrate-parameters with the TLS
arguments as str.

Since StrOrNull could be considered a superset of str, change the type
of the TLS arguments in MigrationParameters to StrOrNull. Also ensure
that QTYPE_QNULL is never used.

1) migrate-set-parameters will always write QTYPE_QSTRING to
  s->parameters, either an empty or non-empty string.

2) query-migrate-parameters will always return a QTYPE_QSTRING, either
  empty or non-empty.

3) the migrate_tls_* helpers will always return a non-empty string or
  NULL, for the internal migration code's consumption.

Points (1) and (2) above help simplify the parameters validation and
the query command handling because s->parameters is already kept in
the format that query-migrate-parameters (and info migrate_paramters)
expect. Point (3) is so people don't need to care about StrOrNull in
migration code.

This will allow the type duplication to be removed in the next
patches.

Note that the type of @tls_creds, @tls-hostname, @tls-authz changes
from str to StrOrNull in introspection of the query-migrate-parameters
command. We accept this imprecision to enable de-duplication.

There's no need to free the TLS options in
migration_instance_finalize() because they're freed by the qdev
properties .release method.

Temporary in this patch:
migrate_params_test_apply() copies s->parameters into a temporary
structure, so it's necessary to drop the references to the TLS options
if they were not set by the user to avoid double-free. This is fixed
in the next patches.

Acked-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251215220041.12657-6-farosas@suse.de
[peterx: in hmp_info_migrate_parameters(), remove an extra dump of
 max_postcopy_bandwidth, introduced likely by accident]
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agotests/qtest/migration: Add a NULL parameters test for TLS
Fabiano Rosas [Mon, 15 Dec 2025 21:59:50 +0000 (18:59 -0300)] 
tests/qtest/migration: Add a NULL parameters test for TLS

Make sure the TLS options handling is working correctly with a NULL
parameter. This is relevant due to the usage of StrOrNull for the
tls-creds, tls-authz and tls-hostname options.

With this, all manners of passing TLS options are somehow covered by
the tests, we should not need to do manual testing when touching TLS
options code.

Signed-off-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Peter Xu <peterx@redhat.com>
Link: https://lore.kernel.org/r/20251215220041.12657-5-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Add a qdev property for StrOrNull
Fabiano Rosas [Mon, 15 Dec 2025 21:59:49 +0000 (18:59 -0300)] 
migration: Add a qdev property for StrOrNull

The MigrationState is a QOM object with TYPE_DEVICE as a parent. This
was done about eight years ago so the migration code could make use of
qdev properties to define the defaults for the migration parameters
and to be able to expose migration knobs for debugging via the
'-global migration' command line option.

Due to unrelated historical reasons, three of the migration parameters
(TLS options) received different types when used via the
query-migrate-parameters QMP command than with the
migrate-set-parameters command. This has created a lot of duplication
in the migration code and in the QAPI documentation because the whole
of MigrationParameters had to be duplicated as well.

The migration code is now being fixed to remove the duplication and
for that to happen the offending fields need to be reconciled into a
single type. The StrOrNull type is going to be used.

To keep the command line compatibility, the parameters need to
continue being exposed via qdev properties accessible from the command
line. Introduce a qdev property StrOrNull just for that.

Note that this code is being kept in migration/options.c as this
version of StrOrNull doesn't need to handle QNULL because it was never
a valid option in the previous command line, which took a string.

Signed-off-by: Fabiano Rosas <farosas@suse.de>
Acked-by: Peter Xu <peterx@redhat.com>
Link: https://lore.kernel.org/r/20251215220041.12657-4-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Fix leak of cpr_exec_command
Fabiano Rosas [Mon, 15 Dec 2025 21:59:48 +0000 (18:59 -0300)] 
migration: Fix leak of cpr_exec_command

Signed-off-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Peter Xu <peterx@redhat.com>
Link: https://lore.kernel.org/r/20251215220041.12657-3-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Fix leak of block_bitmap_mapping
Fabiano Rosas [Mon, 15 Dec 2025 21:59:47 +0000 (18:59 -0300)] 
migration: Fix leak of block_bitmap_mapping

Caught by inspection, but ASAN also reports:

Direct leak of 16 byte(s) in 1 object(s) allocated from:
 #0 in malloc
 #1 in g_malloc
 #2 in g_memdup
 #3 in qapi_clone_start_struct ../qapi/qapi-clone-visitor.c:40:12
 #4 in qapi_clone_start_list ../qapi/qapi-clone-visitor.c:59:12
 #5 in visit_start_list ../qapi/qapi-visit-core.c:80:10
 #6 in visit_type_BitmapMigrationNodeAliasList qapi/qapi-visit-migration.c:639:10
 #7 in migrate_params_apply ../migration/options.c:1407:13
 #8 in qmp_migrate_set_parameters ../migration/options.c:1463:5
 #9 in qmp_marshal_migrate_set_parameters qapi/qapi-commands-migration.c:214:5
 #10 in do_qmp_dispatch_bh ../qapi/qmp-dispatch.c:128:5

Note that this is entirely harmless because the migration object which
contains the MigrationParameters structure is kept until the QEMU
process exits.

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251215220041.12657-2-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agoMAINTAINERS: Update reviewers for CPR
Ben Chaney [Wed, 10 Dec 2025 14:36:23 +0000 (09:36 -0500)] 
MAINTAINERS: Update reviewers for CPR

Signed-off-by: Ben Chaney <bchaney@akamai.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251210143624.416697-1-bchaney@akamai.com
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration/options: Add x-ignore-shared
Peter Xu [Fri, 5 Dec 2025 17:20:54 +0000 (12:20 -0500)] 
migration/options: Add x-ignore-shared

This aids scriptings only.

Reviewed-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251205172054.288909-1-peterx@redhat.com
[peterx: make the property x-ignore-shared to match, per cedric]
[peterx: fix over-80 line]
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Use error_propagate() in migrate_error_propagate()
Peter Xu [Tue, 2 Dec 2025 17:53:17 +0000 (12:53 -0500)] 
migration: Use error_propagate() in migrate_error_propagate()

It improves readability, as suggested by Markus.

Suggested-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Link: https://lore.kernel.org/r/20251202175317.1186544-1-peterx@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Replace migrate_set_error() with migrate_error_propagate()
Peter Xu [Mon, 1 Dec 2025 19:45:10 +0000 (14:45 -0500)] 
migration: Replace migrate_set_error() with migrate_error_propagate()

migrate_set_error() currently doesn't take ownership of the error being
passed in.  It's not aligned with the error API and meanwhile it also
makes most of the caller free the error explicitly.

Change the API to take the ownership of the Error object instead.  This
should save a lot of error_copy() invocations.

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Link: https://lore.kernel.org/r/20251201194510.1121221-8-peterx@redhat.com
[peterx: break line for qemu_savevm_send_packaged, per markus]
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Make multifd_recv_terminate_threads() own the error
Peter Xu [Mon, 1 Dec 2025 19:45:09 +0000 (14:45 -0500)] 
migration: Make multifd_recv_terminate_threads() own the error

Make multifd_recv_terminate_threads() take ownership of the error always.
Paving way for making migrate_set_error() to take ownership.

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Link: https://lore.kernel.org/r/20251201194510.1121221-7-peterx@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Make multifd_send_set_error() own the error
Peter Xu [Mon, 1 Dec 2025 19:45:08 +0000 (14:45 -0500)] 
migration: Make multifd_send_set_error() own the error

Make multifd_send_set_error() take ownership of the error always.  Paving
way for making migrate_set_error() to take ownership.

When at it, rename it to multifd_send_error_propagate() to imply the
ownership transition following Error API's naming style.

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Link: https://lore.kernel.org/r/20251201194510.1121221-6-peterx@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Make migration_connect_set_error() own the error
Peter Xu [Mon, 1 Dec 2025 19:45:07 +0000 (14:45 -0500)] 
migration: Make migration_connect_set_error() own the error

Make migration_connect_set_error() take ownership of the error always.
Paving way for making migrate_set_error() to take ownership.

When at it, renaming it to migration_connect_error_propagate(), following
Error API, to imply the Error object ownership transition.

NOTE: this patch also makes migration_connect() to take ownership of the
Error passed in.

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Link: https://lore.kernel.org/r/20251201194510.1121221-5-peterx@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agoerror: Poison g_autoptr(Error) to prevent its use
Markus Armbruster [Mon, 1 Dec 2025 19:45:06 +0000 (14:45 -0500)] 
error: Poison g_autoptr(Error) to prevent its use

The previous commit reverted support for g_autoptr(Error).  This one
should stop it from coming back.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/r/20251201194510.1121221-4-peterx@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agoRevert "error: define g_autoptr() cleanup function for the Error type"
Peter Xu [Mon, 1 Dec 2025 19:45:05 +0000 (14:45 -0500)] 
Revert "error: define g_autoptr() cleanup function for the Error type"

This reverts commit 18eb55546a54e443d94a4c49286348176ad4b00a.

Due to the nature of how Error should be used (normally ownership will be
passed over to Error APIs, like error_report_err), auto-free functions may
be error prone on its own.  The auto cleanup function was merged without
proper review as pointed out by Dan and Markus:

https://lore.kernel.org/r/aSWSLMi6ZhTCS_p2@redhat.com

Cc: Cédric Le Goater <clg@redhat.com>
Acked-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Acked-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Link: https://lore.kernel.org/r/20251201194510.1121221-3-peterx@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Use explicit error_free() instead of g_autoptr
Peter Xu [Mon, 1 Dec 2025 19:45:04 +0000 (14:45 -0500)] 
migration: Use explicit error_free() instead of g_autoptr

There're only two use cases of g_autoptr to free Error objects in migration
code paths.

Due to the nature of how Error should be used (normally ownership will be
passed over to Error APIs, like error_report_err), auto-free functions may
be error prone on its own.  The auto cleanup function was merged without
proper review, as pointed out by Dan and Markus:

https://lore.kernel.org/r/aSWSLMi6ZhTCS_p2@redhat.com

Remove the two use cases so that we can remove the auto cleanup function,
hence suggest to not use auto frees for Errors.

Suggested-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Link: https://lore.kernel.org/r/20251201194510.1121221-2-peterx@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agoscripts/analyze-migration: Support mapped-ram snapshot format
Pawel Zmarzly [Thu, 13 Nov 2025 18:17:08 +0000 (13:17 -0500)] 
scripts/analyze-migration: Support mapped-ram snapshot format

The script has not been updated to read mapped-ram snapshots and is currently
crashing when trying to read such a file.

With this commit, it can now read a snapshot created with:

    (qemu) migrate_set_capability x-ignore-shared on
    (qemu) migrate_set_capability mapped-ram on
    (qemu) migrate -d file:vm.state

Signed-off-by: Pawel Zmarzly <pzmarzly0@gmail.com>
Link: https://lore.kernel.org/r/20251126155015.941129-1-pzmarzly0@gmail.com
[peterx: space fixes, introduce parseMappedRamBlob(), add comments, etc.]
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agoscripts/analyze-migration: Rename RAM_SAVE_FLAG_COMPRESS to RAM_SAVE_FLAG_ZERO
Pawel Zmarzly [Tue, 25 Nov 2025 17:30:07 +0000 (17:30 +0000)] 
scripts/analyze-migration: Rename RAM_SAVE_FLAG_COMPRESS to RAM_SAVE_FLAG_ZERO

It has been renamed on the C side a few years ago. In modern QEMU versions,
fill_byte must be zero. Updating the Python script to make grepping and
understanding the code easier.

Signed-off-by: Pawel Zmarzly <pzmarzly0@gmail.com>
Link: https://lore.kernel.org/r/20251125173007.245607-1-pzmarzly0@gmail.com
[peterx: fix over-long line]
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: Fix writing mapped_ram + ignore_shared snapshots
Pawel Zmarzly [Wed, 26 Nov 2025 15:47:34 +0000 (15:47 +0000)] 
migration: Fix writing mapped_ram + ignore_shared snapshots

Currently if you set these flags and have any shared memory object, saving
a snapshot will fail with:

    Failed to write bitmap to file: Unable to write to file: Bad address

We need to skip writing RAMBlocks that are backed by shared objects.

Also, we should mark these RAMBlocks as skipped, so the snapshot format stays
readable to tools that later don't know QEMU's command line (for example
scripts/analyze-migration.py). I used bitmap_offset=0 pages_offset=0 for this.

This minor change to snapshot format should be safe, as offset=0 should not
have ever been possible.

Signed-off-by: Pawel Zmarzly <pzmarzly0@gmail.com>
Link: https://lore.kernel.org/r/20251126154734.940066-1-pzmarzly0@gmail.com
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agomigration: fix parsing snapshots with x-ignore-shared flag
Pawel Zmarzly [Wed, 26 Nov 2025 12:12:33 +0000 (12:12 +0000)] 
migration: fix parsing snapshots with x-ignore-shared flag

Snapshots made with mapped-ram and x-ignore-shared flags are
not parsed properly.

The ignore-shared feature adds and extra field in the stream, which
needs to be consumed on the destination side. Even though mapped-ram has
a fixed header format, the ignore-shared is part of the "generic" stream
infomation so the mapped-ram code is currently skipping that be64 read
which incorrectly offsets every subsequent read from the stream.

The current ignore-shared handling can simply be moved earlier in the code
to encompass mapped-ram as well since the ignore-shared doubleword is the
first one read when parsing the ramblock section of the stream.

Co-authored-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Pawel Zmarzly <pzmarzly0@gmail.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20251126121233.542473-1-pzmarzly0@gmail.com
[peterx: enhance commit log per fabiano]
Signed-off-by: Peter Xu <peterx@redhat.com>
6 months agoOpen 11.0 development tree
Richard Henderson [Tue, 23 Dec 2025 03:45:38 +0000 (14:45 +1100)] 
Open 11.0 development tree

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agoUpdate version for v10.2.0 release v10.2.0
Richard Henderson [Tue, 23 Dec 2025 03:44:07 +0000 (14:44 +1100)] 
Update version for v10.2.0 release

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agoUpdate version for v10.2.0-rc4 release v10.2.0-rc4
Richard Henderson [Wed, 17 Dec 2025 19:46:27 +0000 (06:46 +1100)] 
Update version for v10.2.0-rc4 release

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agoMerge tag 'pull-error-2025-12-17' of https://repo.or.cz/qemu/armbru into staging
Richard Henderson [Wed, 17 Dec 2025 18:10:46 +0000 (05:10 +1100)] 
Merge tag 'pull-error-2025-12-17' of https://repo.or.cz/qemu/armbru into staging

Error reporting patches for 2025-12-17

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmlCbUQSHGFybWJydUBy
# ZWRoYXQuY29tAAoJEDhwtADrkYZTsFsP/0UmrBVT+q57USh2V0+YJkcWdHiu+qOO
# nVQewpTiKFePbJUF2d7gBuFJKd2m4rcRrAjAR93gSEmn1z8YUkNkynCvkxZ9awMj
# G2fjDFNTu0P9Ypgs1l7zv4VXKqa3L0Fe/SGjpma2ytOAH/sGJ7ziWsKeRsv3V3Fn
# QHp5OlInPWWVRYoLPDhd5Hf1lcs2lcA6t821kFhad8ejlSydiTFeEoAIPyo+yeu/
# U2FvsMJeTLdU3SuI8iO0tuJSI5TmqxmX2wHOP6QUFPAs/reLEtvbH6dCePGTXzLK
# BjJEBxXVAL5aGTWMSA+7j+a85Lzn0wXbWxqdAXYBzHvQaoESmnQUsogUaM1OASJI
# Zoxk89amoDI+oFwQjTbfpjFaSIR0ZsiqTEgeJOOOeJFgpfGwxt2cBDDcfa0qO4YD
# ATpudTJLkyTgLTftAOKC0D8WiOqyVFRbfdUgeysx01tbJAwhJkZ/P5PfTz2zBsq1
# HWYuW4o5tpbeXQbEoFqlvQLj/LvhqM1s49AzOwZoD6A4d1WFKPlaciKbpsGPHely
# lp40XTKDOj/BgpDptcLCH5hetjnZZKdTaNBDMyIM26wBvofuF1yfvm3NtNfCt/yR
# ZRkA0MbK3/YGoZHEHqp3ps53G+mbnzHTbqelsex9W7K2yNzkBENkwzRy0ouFvSAa
# tC7Za9gt7FIe
# =2A+h
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 17 Dec 2025 07:43:48 PM AEDT
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [unknown]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* tag 'pull-error-2025-12-17' of https://repo.or.cz/qemu/armbru:
  qdev: fix error handling in set_uint64_checkmask

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agoqdev: fix error handling in set_uint64_checkmask
Zesen Liu [Wed, 17 Dec 2025 03:59:52 +0000 (11:59 +0800)] 
qdev: fix error handling in set_uint64_checkmask

When specifying lbr_fmt=VALUE in cpu options with an invalid VALUE, error_setg() gets triggered twice, causing an assertion failure in error_setv() which requires *errp to be NULL, preventing meaningful error messages from being displayed.

Fix this by checking visit_type_uint64()'s return value and returning early on failure, consistent with other property setters like set_string().

Fixes: 18c22d7112a7 (qdev-properties: Add a new macro with bitmask check for uint64_t property)
Cc: qemu-stable@nongnu.org
Signed-off-by: Zesen Liu <ftyghome@gmail.com>
Message-ID: <20251217-qdev-fix-v1-1-bd33ea463220@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Add Fixes: and Cc:]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
6 months agoMerge tag 'pull-glibc-20251216' of https://github.com/legoater/qemu into staging
Richard Henderson [Tue, 16 Dec 2025 15:38:19 +0000 (02:38 +1100)] 
Merge tag 'pull-glibc-20251216' of https://github.com/legoater/qemu into staging

Fix const qualifier build errors with recent glibc

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmlBXyEACgkQUaNDx8/7
# 7KHemxAAjOKuYG7LCZv6iPd0ezgErAyKuIDstgNn4x3KKA75sfEMJZINwLBaTXcy
# l/DWOoZP3s9ciMJTBY1JdgkbVJ1LDDsf94rTUbZoNjrOocNSXypHNpVbYxuw3Ntf
# vBhQ8gOdR62Ny/2ndmF525L0ir0pGd9lgy9I9fnZ2xQO6QxklInaJjfw8In0+l+t
# mf1sUW8ltSWZs1tWpGaEUKnEyxs2iFYP83yvPSs1O0WAgPSBqPkLIkHp+QJJcdUV
# f5IPfXPWrbgbjkSLyo8EbYwmegTHcXdSEvQxOm3hnSN+0HCMd5oTNcKbjdTaTcgk
# DaUl39PJ09CB24orNMXEZakD7p3lFBVB5Yfr87dDujILTtpPtKAVZMt+X/b0chqj
# g43L3m5pqu34zMWvGDOSgU+8azip11Wy4MG/yWsgMKVXMAPBf3oOunZVkQY/dqeI
# eqX1Hvh7qXHcinuZKAKBefPUqKyoaOKDk3PtUVjW1p4iLC3f5MMOl4SKe8R/hKoe
# xRz+SAcS8TJgrcnaKm1mMUDnqXorHb0IxUYCc/i0CVNJsVclmGI5rwLRMwEDAIIy
# GOfMHMFUhtFzhVC+tbIcAe8QDnrzR6hvxBvEeunZ/lZtTjtlSPyZklRqKEpXjU4i
# ME1Vj6wRIpI9jb5fcJCFy+ZTxQ94c8T8mHsXMfTSWcZzUlFC1/s=
# =rEBR
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 17 Dec 2025 12:31:13 AM AEDT
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg:                 aka "Cédric Le Goater <clg@kaod.org>" [full]

* tag 'pull-glibc-20251216' of https://github.com/legoater/qemu:
  gdbstub: Fix const qualifier build errors with recent glibc
  monitor: Fix const qualifier build errors with recent glibc
  tests/vhost-user-bridge.c: Fix const qualifier build errors with recent glibc
  i386: Fix const qualifier build errors with recent glibc

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agogdbstub: Fix const qualifier build errors with recent glibc
Cédric Le Goater [Mon, 15 Dec 2025 10:19:37 +0000 (11:19 +0100)] 
gdbstub: Fix const qualifier build errors with recent glibc

A recent change in glibc 2.42.9000 [1] changes the return type of
strstr() and other string functions to be 'const char *' when the
input is a 'const char *'. This breaks the build in :

../gdbstub/user.c:322:21: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
  322 |     pid_placeholder = strstr(path, "%d");
      |                     ^
Fix this by changing the type of the variables that store the result
of these functions to 'const char *'.

[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=cd748a63ab1a7ae846175c532a3daab341c62690

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20251215101937.281722-5-clg@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
6 months agomonitor: Fix const qualifier build errors with recent glibc
Cédric Le Goater [Mon, 15 Dec 2025 10:19:36 +0000 (11:19 +0100)] 
monitor: Fix const qualifier build errors with recent glibc

A recent change in glibc 2.42.9000 [1] changes the return type of
strchr() and other string functions to be 'const char *' when the
input is a 'const char *'. This breaks the build in :

../monitor/hmp.c:589:7: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
  589 |     p = strchr(type, ':');
      |       ^

Fix this by changing the type of the variables that store the result
of these functions to 'const char *'.

[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=cd748a63ab1a7ae846175c532a3daab341c62690

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20251215101937.281722-4-clg@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
6 months agotests/vhost-user-bridge.c: Fix const qualifier build errors with recent glibc
Cédric Le Goater [Mon, 15 Dec 2025 10:19:35 +0000 (11:19 +0100)] 
tests/vhost-user-bridge.c: Fix const qualifier build errors with recent glibc

A recent change in glibc 2.42.9000 [1] changes the return type of
strstr() and other string functions to be 'const char *' when the
input is a 'const char *'. This breaks the build in :

../tests/vhost-user-bridge.c: In function ‘vubr_parse_host_port’:
../tests/vhost-user-bridge.c:749:15: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
  749 |     char *p = strchr(buf, ':');
      |               ^~~~~~

Fix this by using the glib g_strsplit() routine instead of strdup().

[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=cd748a63ab1a7ae846175c532a3daab341c62690

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Yodel Eldar <yodel.eldar@yodel.dev>
Tested-by: Yodel Eldar <yodel.eldar@yodel.dev>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20251215101937.281722-3-clg@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
6 months agoi386: Fix const qualifier build errors with recent glibc
Cédric Le Goater [Mon, 15 Dec 2025 10:19:34 +0000 (11:19 +0100)] 
i386: Fix const qualifier build errors with recent glibc

A recent change in glibc 2.42.9000 [1] changes the return type of
strstr() and other string functions to be 'const char *' when the
input is a 'const char *'. This breaks the build in :

  ../hw/i386/x86-common.c:827:11: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
  827 |     vmode = strstr(kernel_cmdline, "vga=");
      |           ^

Fix this by changing the type of the variables that store the result
of these functions to 'const char *'.

[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=cd748a63ab1a7ae846175c532a3daab341c62690

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20251215101937.281722-2-clg@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
6 months agoMerge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging
Richard Henderson [Tue, 16 Dec 2025 00:01:52 +0000 (11:01 +1100)] 
Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging

Block layer patches

- Fix crash due to BDS use after free during shutdown (in particular
  while migration is running)
- iotests: Fix a typo that made a check to prevent overwriting a file
  ineffective

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCgAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmlAQOARHGt3b2xmQHJl
# ZGhhdC5jb20ACgkQfwmycsiPL9YNCBAAqoWuOIdybhv44cLtrl3DZWHZnt1XbYvT
# xSUWI9fQQM6WLI1gAHXzl4awsTz0yZzc7KSyYPXdoub3A5D2LoFl4kJKXDzubAwr
# YP1Zmg6UWfaKfxkM42FV07xV8K4kvD11jMTimuYql6uFpzXZILwIPjl10ifdjwYg
# /5c9HUct+y28CdmvFYyt5B0lxJq2VSgLPjqyF7yltzKglirqBcvc1YbMoXfiN4JY
# tSvUHIiiJft839QbG1jrt5spl2xhORP6N7woqlgSiTeGKpPavp9nkWFPZO01QmkU
# la6/vgFZZPCgZOlmt0lVMWy5UsWqKb0voOzi3QvDpGYNie+85JmI4OEOXtsKQvDw
# 7EV+JaMtE72sjO35ruFo1KlapuFbM3yyJ97OpwpRuua1oCRXSyLYQMr5RvDO4rqf
# sdSJw/h+VZ524ydza3d/kj8qlzXkOhEo2WidBQCRRMpI8va4+IcMwHB8ZuthU3LZ
# MfOoEo4XayCQRUhFslHb6Y870Wsi3TxZCZ/fxpWqrCsxz5U5mNyUWoQHVdsofT6j
# WrzeA5ibt1GOC42dif0178PhdowFQHySz1wDbxUEO4yKIo3ziQbH95aUmcT3hYuI
# 17pSQegCA2EOCEzUXdD09qXSotJz7a+aKjiQ3hDxK7a1JokC9O4hvAwSbgOPsxCd
# BbKwOhhsSM4=
# =zBtX
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 16 Dec 2025 04:09:52 AM AEDT
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
  block: Fix BDS use after free during shutdown
  tests/qemu-iotests: Fix check for existing file in _require_disk_usage()

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agoMerge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging
Richard Henderson [Tue, 16 Dec 2025 00:01:26 +0000 (11:01 +1100)] 
Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging

Pull request

- Hanna's fix a regression that hangs the userspace NVMe block driver.

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmlAIbcACgkQnKSrs4Gr
# c8iuqgf/VV2OPXW2t56uzuUmf+220pnRAaaGLw7atuWmaRJQ8/tHZU23Vxbu7JtX
# ZLJfObJaoGHpCeWCFJ3RccsPabf19hsDIJyki9U6f2+B+OutWLlmcp2uLtQJ8FNw
# 2jMYSuT6XsCnm6VF3UIegDBTh6lvjyjDUVNAsWeiV6wHE61Oj3RD4joif52hx5uE
# xcDPii9fiF8S9tD3CKDGxR8fw7olFXiG2ojxqRZklZuHM6SfFHespWeTr9voLfgL
# maBJO3qyS6YFH1mFuIJvvCykGN2EI6tT1nlQw8et3oUGF+GN45yqLcK12/b7lWKF
# jTE8RCPCswFD4FF3eXJpcZRysi988A==
# =Jx5T
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 16 Dec 2025 01:56:55 AM AEDT
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [unknown]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* tag 'block-pull-request' of https://gitlab.com/stefanha/qemu:
  Revert "nvme: Fix coroutine waking"

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agoblock: Fix BDS use after free during shutdown
Kevin Wolf [Mon, 15 Dec 2025 15:07:14 +0000 (16:07 +0100)] 
block: Fix BDS use after free during shutdown

During shutdown, blockdev_close_all_bdrv_states() drops any block node
references that are still owned by the monitor (i.e. the user). However,
in doing so, it forgot to also remove the node from monitor_bdrv_states
(which qmp_blockdev_del() correctly does), which means that later calls
of bdrv_first()/bdrv_next() will still return the (now stale) pointer to
the node.

Usually there is no such call after this point, but in some cases it can
happen. In the reported case, there was an ongoing migration, and the
migration thread wasn't shut down yet: migration_shutdown() called by
qemu_cleanup() doesn't actually wait for the migration to be shut down,
but may just move it to MIGRATION_STATUS_CANCELLING. The next time
migration_iteration_finish() runs, it sees the status and tries to
re-activate all block devices that migration may have previously
inactivated. This is where bdrv_first()/bdrv_next() get called and the
access to the already freed node happens.

It is debatable if migration_shutdown() should really return before
migration has settled, but leaving a dangling pointer in the list of
monitor-owned block nodes is clearly a bug either way and fixing it
solves the immediate problem, so fix it.

Cc: qemu-stable@nongnu.org
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20251215150714.130214-1-kwolf@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
6 months agoRevert "nvme: Fix coroutine waking"
Hanna Czenczek [Mon, 15 Dec 2025 14:15:40 +0000 (15:15 +0100)] 
Revert "nvme: Fix coroutine waking"

This reverts commit 0f142cbd919fcb6cea7aa176f7e4939925806dd9.

Said commit changed the replay_bh_schedule_oneshot_event() in
nvme_rw_cb() to aio_co_wake(), allowing the request coroutine to be
entered directly (instead of only being scheduled for later execution).
This can cause the device to become stalled like so:

It is possible that after completion the request coroutine goes on to
submit another request without yielding, e.g. a flush after a write to
emulate FUA.  This will likely cause a nested nvme_process_completion()
call because nvme_rw_cb() itself is called from there.

(After submitting a request, we invoke nvme_process_completion() through
defer_call(); but the fact that nvme_process_completion() ran in the
first place indicates that we are not in a call-deferring section, so
defer_call() will call nvme_process_completion() immediately.)

If this inner nvme_process_completion() loop then processes any
completions, it will write the final completion queue (CQ) head index to
the CQ head doorbell, and subsequently execution will return to the
outer nvme_process_completion() loop.  Even if this loop now finds no
further completions, it still processed at least one completion before,
or it would not have called the nvme_rw_cb() which led to nesting.
Therefore, it will now write the exact same CQ head index value to the
doorbell, which effectively is an unrecoverable error[1].

Therefore, nesting of nvme_process_completion() does not work at this
point.  Reverting said commit removes the nesting (by scheduling the
request coroutine instead of entering it immediately), and so fixes the
stall.

On the downside, reverting said commit breaks multiqueue for nvme, but
better to have single-queue working than neither.  For 11.0, we will
have a solution that makes both work.

A side note: There is a comment in nvme_process_completion() above
qemu_bh_schedule() that claims nesting works, as long as it is done
through the completion_bh.  I am quite sure that is not true, for two
reasons:
- The problem described above, which is even worse when going through
  nvme_process_completion_bh() because that function unconditionally
  writes to the CQ head doorbell,
- nvme_process_completion_bh() never takes q->lock, so
  nvme_process_completion() unlocking it will likely abort.

Given the lack of reports of such aborts, I believe that completion_bh
simply is unused in practice.

[1] See the NVMe Base Specification revision 2.3, page 180, figure 152:
    “Invalid Doorbell Write Value: A host attempted to write an invalid
    doorbell value. Some possible causes of this error are: [...] the
    value written is the same as the previously written doorbell value.”

    To even be notified of this error, we would need to send an
    Asynchronous Event Request to the admin queue (p. 178ff), which we
    don’t do, and then to handle it, we would need to delete and
    recreate the queue (p. 88, section 3.3.1.2 Queue Usage).

Cc: qemu-stable@nongnu.org
Reported-by: Lukáš Doktor <ldoktor@redhat.com>
Tested-by: Lukáš Doktor <ldoktor@redhat.com>
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
Message-id: 20251215141540.88915-1-hreitz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
6 months agotests/qemu-iotests: Fix check for existing file in _require_disk_usage()
Thomas Huth [Mon, 8 Dec 2025 07:53:20 +0000 (08:53 +0100)] 
tests/qemu-iotests: Fix check for existing file in _require_disk_usage()

Looks like the "$" has been forgotten here to get the contents of
the FILENAME variable.

Fixes: c49dda7254d ("iotests: Filter out ZFS in several tests")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251208075320.35682-1-thuth@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
6 months agoUpdate version for v10.2.0-rc3 release v10.2.0-rc3
Richard Henderson [Tue, 9 Dec 2025 22:44:49 +0000 (16:44 -0600)] 
Update version for v10.2.0-rc3 release

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agoMerge tag 'hw-misc-20251209' of https://github.com/philmd/qemu into staging
Richard Henderson [Tue, 9 Dec 2025 21:08:46 +0000 (15:08 -0600)] 
Merge tag 'hw-misc-20251209' of https://github.com/philmd/qemu into staging

Misc HW / migration / typo fixes

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmk4gN0ACgkQ4+MsLN6t
# wN6wPw/9EiBPEumIFhsGQZdB4pZZBgjBgOilkazeVaitWwfjhZGWTB6l5O0+aEmH
# jCeK2AAUZEashB/CrGI9irQ8Zli/CGgzV8/pF25AHDnDFyhCwR2czxeVDiZtMmcE
# tOYfjqs57/85r0OiQHHzqgp7w25p/p0Toz5g9GR+7Wu8xFi5SkHVM2gblSViz9ks
# JY+RLnQN4KKessqFKwGJb/m6cnBUWTf3DCscD/j+Crb9OI3WQpz2DsbQaZ06NHR7
# hlPzQ05taMhIqh6OdRAGqGS7Mud+eQ58k9qkYGuSBUkuBoJ/3/EqHJXQ4blZt9IN
# reJ6EtN+xYTT+BGBhIXmAtIVERzyk1MF99hgUZJW0RDuE4Ioa7Omp5bnv82Yensz
# UledFAMrGpX25SlJG2oNGnqZTYnCYoQnRQTB90AlaluJqHSpSgBBoJyfukjKQDVa
# NmL+sJOthonvGsydJP8IYfmcBUC1AzmXFxzN+/xZOSJe1qmSh1kUaehsbyytdd/C
# tgyav8DsvxXR8rfYBX5bSml8pAKL5pSD0DYJD3LCyvRoC0SnYROFU1kaUfMpPA+/
# H1r0RO5Lzkcub1JW253gA89GfrK0Y7ShMtoJ+GBivH/cK+ZYT4uEAZajcgUi5kJJ
# FSWz/sNxOJ03s3CWQhlPOEnkLQ41/1+eqbLpmWceRIAfOmmXE00=
# =vcUd
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 09 Dec 2025 02:04:45 PM CST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* tag 'hw-misc-20251209' of https://github.com/philmd/qemu:
  Revert "hw/net/virtio-net: make VirtIONet.vlans an array instead of a pointer"
  Revert "migration/vmstate: remove VMSTATE_BUFFER_POINTER_UNSAFE macro"
  Fix const qualifier build errors with recent glibc
  scripts/nsis.py: Tell makensis that WoA is 64 bit
  hw/pci: Fix typo in documentation
  migration: Fix order of function arguments
  vhost: Always initialize cached vring data
  scripts: fix broken error path in modinfo-collect.py
  hw/9pfs: Correct typo
  osdep: Undefine FSCALE definition to fix Solaris builds

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
6 months agoRevert "hw/net/virtio-net: make VirtIONet.vlans an array instead of a pointer"
Philippe Mathieu-Daudé [Tue, 9 Dec 2025 19:11:17 +0000 (20:11 +0100)] 
Revert "hw/net/virtio-net: make VirtIONet.vlans an array instead of a pointer"

Per https://lore.kernel.org/qemu-devel/7798584d-e861-47b7-af52-2c2efb67a4de@proxmox.com/:

Loading a VM state taken with v10.1.2 or older doesn't work anymore,
using the script [*] we get:

  kvm: VQ 1 size 0x100 < last_avail_idx 0x9 - used_idx 0x3e30
  kvm: load of migration failed: Operation not permitted: error while loading state for instance 0x0 of device '0000:00:13.0/virtio-net': Failed to load element of type virtio for virtio: -1
  qemu-system-x86_64: Missing section footer for 0000:00:13.0/virtio-net
  qemu-system-x86_64: Section footer error, section_id: 41

[*]:

  #!/bin/bash
  rm /tmp/disk.qcow2
  args="
    -netdev type=tap,id=net1,ifname=tap104i1,script=/usr/libexec/qemu-server/pve-bridge,downscript=/usr/libexec/qemu-server/pve-bridgedown,vhost=on
    -device virtio-net-pci,mac=BC:24:11:32:3C:69,netdev=net1,bus=pci.0,addr=0x13,id=net1
    -machine type=pc-i440fx-10.1
  "
  $1/qemu-img create -f qcow2 /tmp/disk.qcow2 1G
  $1/qemu-system-x86_64 --qmp stdio --blockdev qcow2,node-name=node0,file.driver=file,file.filename=/tmp/disk.qcow2 $args <<EOF
  {"execute": "qmp_capabilities"}
  {"execute": "snapshot-save", "arguments": { "job-id": "save0", "tag": "snap", "vmstate": "node0", "devices": ["node0"] } }
  {"execute": "quit"}
  EOF
  $2/qemu-system-x86_64 --qmp stdio --blockdev qcow2,node-name=node0,file.driver=file,file.filename=/tmp/disk.qcow2 $args -loadvm snap

This reverts commit 3a9cd2a4a1571266dea37398de04f650c2a72d86.

Reported-by: Fiona Ebner <f.ebner@proxmox.com>
Suggested-by: Fiona Ebner <f.ebner@proxmox.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
6 months agoRevert "migration/vmstate: remove VMSTATE_BUFFER_POINTER_UNSAFE macro"
Philippe Mathieu-Daudé [Tue, 9 Dec 2025 19:11:09 +0000 (20:11 +0100)] 
Revert "migration/vmstate: remove VMSTATE_BUFFER_POINTER_UNSAFE macro"

Next commit will re-use VMSTATE_BUFFER_POINTER_UNSAFE().

This reverts commit 58341158d022823234d25fd337654a82fa6d157b.

Suggested-by: Fiona Ebner <f.ebner@proxmox.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>