Remove unnecessary PCI configuration register initialization that was
marked with TODO comments indicating it's redundant:
- PCI_COMMAND register is already 0x00 by default, no need to override
- PCI_BASE_ADDRESS_0 registers are automatically set by pci_register_bar()
This aligns the code with the pattern used by other PCI audio devices
in QEMU (via-ac97, intel-hda, es1370) and removes 15 lines of dead code.
Luigi Leonardi [Thu, 30 Oct 2025 14:32:04 +0000 (15:32 +0100)]
hw/i386/microvm: Use fdt field from MachineState
MachineState already provides an fdt field, remove it from
MicrovmMachineState and use that instead.
This is useful when using the `dumpdtb` option, as QEMU expects the
device tree to be stored in the MachineState struct, otherwise it
will return this error:
qemu-system-x86_64: This machine doesn't have an FDT
Signed-off-by: Luigi Leonardi <leonardi@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251030-fix_microvm-v1-1-f89544a04be3@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Kiszka [Tue, 9 Sep 2025 06:13:22 +0000 (08:13 +0200)]
docs: Add eMMC device model description
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <b9c3ff21e7170fef5d0e7d08698a113d2a64e649.1762261430.git.jan.kiszka@siemens.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Kiszka [Tue, 12 Aug 2025 19:53:49 +0000 (21:53 +0200)]
scripts: Add helper script to generate eMMC block device images
As an eMMC block device image may consist of more than just the user
data partition, provide a helper script that can compose the image from
boot partitions, an RPMB partition and the user data image. The script
also does the required size validation and/or rounding.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <eecefa8e-44ae-45ff-85d0-3f9b786948e0@siemens.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Kiszka [Tue, 12 Aug 2025 19:33:46 +0000 (21:33 +0200)]
hw/sd/sdcard: Handle RPMB MAC field
Implement correct setting of the MAC field when passing RPMB frames back
to the guest. Also check the MAC on authenticated write requests.
This depends on HMAC support for QCRYPTO_HASH_ALGO_SHA256 which is
always available via glib - assert this, just to be safe.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <b6f5698c0ca017871d54834f0c7bd4b4b6316bbd.1762261430.git.jan.kiszka@siemens.com> Tested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Kiszka [Mon, 11 Aug 2025 07:01:57 +0000 (09:01 +0200)]
hw/sd/sdcard: Add basic support for RPMB partition
The Replay Protected Memory Block (RPMB) is available since eMMC 4.4
which has been obsoleted by 4.41. Therefore lift the provided
EXT_CSD_REV to 5 (4.41) and provide the basic logic to implement basic
support for it. This allows to set the authentication key, read the
write counter and authenticated perform data read and write requests.
Those aren't actually authenticated yet, support for that will be added
later.
The RPMB image needs to be added to backing block images after potential
boot partitions and before the user data. It's size is controlled by
the rpmb-partition-size property.
Also missing in this version (and actually not only for RPMB bits) is
persistence of registers that are supposed to survive power cycles. Most
prominent are the write counters or the authentication key. This feature
can be added later, e.g. by append a state structure to the backing
block image.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <d57388b599e47f5c95f30be7571b77f9016289eb.1762261430.git.jan.kiszka@siemens.com> Tested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Luebbe [Tue, 15 Oct 2024 13:56:49 +0000 (15:56 +0200)]
hw/sd/sdcard: Allow user creation of eMMCs
For testing eMMC-specific functionality (such as handling boot
partitions), it would be very useful to attach them to generic VMs such
as x86_64 via the sdhci-pci device:
...
-drive if=none,id=emmc-drive,file=emmc.img,format=raw \
-device sdhci-pci \
-device emmc,id=emmc0,drive=emmc-drive,boot-partition-size=1048576 \
...
While most eMMCs are soldered to boards, they can also be connected to
SD controllers with just a passive adapter, such as:
https://docs.radxa.com/en/accessories/emmc-to-usd
https://github.com/voltlog/emmc-wfbga153-microsd
The only change necessary to make the options above work is to avoid
disabling user_creatable, so do that. The SDHCI-PCI driver in the Linux
kernel already supports this just fine.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Acked-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241015135649.4189256-1-jlu@pengutronix.de>
Enable user-instantiation so that eMMCs can be created for PCI-attached
SD/MMC host controllers (such as sdhci-pci) on virt machines, for QA
purposes for the eMMC model itself and for complex firmware/OS
integrations using the upcoming RPMB partition support.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Message-ID: <e515cc80de261ff03b3141724298f20313259a85.1762261430.git.jan.kiszka@siemens.com> Tested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jan Kiszka [Sun, 24 Aug 2025 07:18:33 +0000 (09:18 +0200)]
hw/sd/sdcard: Fix size check for backing block image
Alignment rules apply the the individual partitions (user, boot, later
on also RPMB) and depend both on the size of the image and the type of
the device. Up to and including 2GB, the power-of-2 rule applies to the
user data area. For larger images, multiples of 512 sectors must be used
for eMMC and multiples of 512K for SD-cards. Fix the check accordingly
and also detect if the image is too small to even hold the boot
partitions.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Cédric Le Goater <clg@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-ID: <591f6d8a9dc86428723cb6876df6e717cc41a70e.1762261430.git.jan.kiszka@siemens.com> Tested-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Merge tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu into staging
Merge crypto and other misc fixes / features
* Increase minimum gnutls to 3.7.5
* Increase minimum libgcrypt to 1.9.4
* Increase minimum nettle to 3.7.3
* Drop obsolete in-tree XTS impl
* Fix memory leak when loading certificates
* Remove/reduce duplication when loading certifcates
* Fix possible crash when certificates are unloaded
while an active TLS connection is using when in a
TLS handshake operation
* Deprecate use of dh-params.pem file
* Document how to create certificates with Post-Quantum
Cryptography compliant algorithms.
* Support loading multiple certificate identities to
allow support for Post-Quantum crypto in parallel
with traditional RSA/ECC
* Add "-run-with exit-with-parent=on" parameter
* Flush pending errors when seeing ENOBUFS with
a zero-copy send attempt
* Fix data buffer parameters in hash & IO channel APIs
to use 'void *'
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmkIr/8ACgkQvobrtBUQ
# T9+2RhAAhEak/krdlTJw8OlJonUop7G5mlLU2TEoX0duRORcFhScsdSwb2pyc/wM
# tnwfWXsnsKFItJx1y3STkOICtdNqizGoU3+c7wl4anQBurydu+XTs4ESBtVJtMYr
# 1lTYvp0HFyKvaXwDWKE+ztltlJiog51tHPDLUIBCnyJysLVqxCHMHmkbG46IPBZo
# A2XXxp3j/VBPmhls0JHpbAD4iVE3PChdK7zhyeGe/rld9+0JA12EPCvZ5Uokdj41
# aYP/okvnVH1atucoygPdDE3P5GYBKaSXZUWqzfkKhU7FgaF2863Td7ff1ip+WyWN
# FFPNEU1hVg+T5hfsZVQmmIFDdSJWqoZaZM/WJVYdrRY4dKUCPnJ9OINbbnhuWz5E
# JFmZOPibRZKQ44XcHX49JRfJEBvoq1z9OT1r7HkEP4D9/O7V/riIunbAESMk0sgi
# 0/fatvdhNKMN6YBQM3mtN3yNOcfRSWFtSy9XS9zDjdpEKT7ui2t9FC0ZNSP0FRkS
# aTY31FyacjHwU3zaoh6NoqqpxV9wwHrgsJwNbA/IztjmX/jvGG0Gb/sXVEqM59tR
# e3VWTmlmZ1T8OLImh1hG4t+nY+XzI64QpVX8H9RCGm21o28DyTcOnTFK4OyIfWe5
# ttnNfEJN8WCVCsA8tcM8yAbZ/0qXrYfiZSO7hq79wE7LvyholAQ=
# =9ESG
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 02:37:03 PM CET
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [unknown]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu: (32 commits)
docs: creation of x509 certs compliant with post-quantum crypto
crypto: support upto 5 parallel certificate identities
crypto: expand logic to cope with multiple certificate identities
crypto: avoid loading the identity certs twice
crypto: avoid loading the CA certs twice
crypto: deprecate use of external dh-params.pem file
crypto: make TLS credentials structs private
crypto: fix lifecycle handling of gnutls credentials objects
crypto: introduce a wrapper around gnutls credentials
crypto: introduce method for reloading TLS creds
crypto: reduce duplication in handling TLS priority strings
crypto: remove duplication loading x509 CA cert
crypto: shorten the endpoint == server check in TLS creds
crypto: move release of DH parameters into TLS creds parent
crypto: remove needless indirection via parent_obj field
crypto: use g_autofree when loading x509 credentials
crypto: move check for TLS creds 'dir' property
crypto: remove redundant access() checks before loading certs
crypto: replace stat() with access() for credential checks
crypto: add missing free of certs array
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-request-2025-11-03' of https://gitlab.com/thuth/qemu into staging
* Fix spurious EOFError messages from the device-crash-test script
* Fix various issues in the functional tests that pylint complained about
* Improve logging information in the functional tests
* Fix issue in the s390x clock-comparator code
* Use address generation for register branch targets on s390x
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCgAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmkIincRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbUpBg/+KQsh+JNxymwft6ohIiyUqP1vNFYbWMty
# MPRLhInAfT55Hkf6wBX0+WbhqePXvVcThjahh8+2ZlX7/9RVKA5xYn2zLe+tZc8P
# YayVfw0ferJkDoY5UjtQS2RxSpKvs+DaSEpnKzCXA5T5ytth70wM4doQ5h65qz45
# 31dLyBhkYLATF00otT62iKzcudpZosxdkC1nPd5FZDM5nXjzeA8CfdsWTW/wa7Kq
# OuMM9a9f7jp3i4OCsyOaPoHhZisP+RK/26m+cMFk2JR41anK4SZ5neunFYre5blg
# W1JkVI+JSLunPfNpKqAKPMPiJ4mKu0vxTeFsY6NMzeRINnr4ctoJf2zED1eMk+R5
# qEJWZfcjXAfMHF0VGvmMHbISCygJXBUMjK0I58N2hJbQPinGiQvQMM8M8S+S3bUm
# 0bQxYJPB9ipIz2N3j/xcgQV60df7ut9qp1buVC9XyRiozkUadjFJBCFtB9+Fum+6
# MmXwW94LZbKBYiB7gtEjnLdaqCyua5pnFqQG3BbWgpEpXbNlNVTw9cajKhqTD+H+
# R63wPSojo0jc2idmdJCVeUxxQFW/tpWdBXQ0fDRAqIkTTZhF4e+vM82aPd61jpDO
# M4gFsddTXNDhElAw14/RK+wtIZQHliaSQSxRrzpb8n0tKR+41XvBKIsqYBQUDN3o
# 7xe3j9SzpU4=
# =fyHW
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 11:56:55 AM CET
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [unknown]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [unknown]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2025-11-03' of https://gitlab.com/thuth/qemu: (22 commits)
tests/tcg/s390x: Test SET CLOCK COMPARATOR
target/s390x: Use address generation for register branch targets
target/s390x: Fix missing clock-comparator interrupts after reset
target/s390x: Fix missing interrupts for small CKC values
hw/s390x: Use memory_region_size()
tests/functional: include the lower level QMP log messages
tests/functional: include logger name and function in messages
tests/functional/ppc64: Fix class names to silence pylint warnings
tests/functional/x86_64/test_virtio_balloon: Fix cosmetic issues from pylint
tests/functional/x86_64/test_acpi_bits: Silence warnings reported by pylint
tests/functional/rx/test_gdbsim: Remove unused variables
tests/functional/ppc64/test_mac99: Fix style issues reported by pylint
tests/functional/migration: Fix bad indentation
MAINTAINERS: fix functional tests section
tests/functional/.../testcase.py: better socketdir cleanup
tests/functional/arm/test_aspeed_ast1030: Remove unused import
tests/functional: Fix problems in utils.py reported by pylint
tests/functional: Fix problems in uncompress.py reported by pylint
tests/functional: Fix problems in linuxkernel.py reported by pylint
tests/functional: Fix problems in decorators.py reported by pylint
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'accel-cpus-20251103' of https://github.com/philmd/qemu into staging
Generic CPUs / accelerators patch queue
- Access CPUState::thread_kicked atomically
- Fix bql_locked status with condvar APIs
- Document cpu_memory_rw_debug()
- Rename init_clocks() -> qemu_init_clocks() to avoid name clashing
- Fix QEMU_HEXDUMP_LINE_WIDTH logic
- Fix interrupts check in rx_cpu_do_interrupt()
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmkIrCIACgkQ4+MsLN6t
# wN6wSRAAkfYKbLKLqdrYpuz+D94KSnhrBxqXaC9RH+Q48VQS5Du4IBXfuTPtUa5+
# ii73XmEl3J83NbK+miH5rqRuRNCqj/MC1MUeFuXDjI2kkIupZMnarus4kS/zZ0zE
# KgJeZxfuHXkxs7SLjk/N1b8/BJSZXfXybtNVhnzPTS6UyuGvx3MBf5g3NtwlVC4B
# J3o/5klyxFzB9oyASg0pTCXnjdTnqakre1MnYFoEctxDq+W3AJgiT6MVkVWuPtxn
# AbN1Zf9vi/e7UyVB2r8NprMfgukJBiMIQK/yfwkWOr1iE4aUSapLCvZEc1ZuL5RF
# asFZ5sptn0QU0nJX2UTs/dWWdukLyffem/OIp737WsXR3EPCcWIEVF8oXlRcdGR0
# BBkyWP6H0v75lvD4V+cn0hUXeT2tSAWBddtSvIZ08tfIo1z6s+ckVPY1C3m3xbXt
# BsWjKaFG7UlkUXfmgXlkaNYzzicZTg1arOIQ4InPlIeJ+6gzWad3ciRk7zIyEpSA
# EizIIxI9WILcG2Qp5MvXuCiTQvPlN2AhOq7Z3L+XyeAK/7qXpUmlrdMeTshJE5z4
# rQHt0tb689ma/Vm0/NbZZ8RY66xgdpGcYjNYgthm4nkah02a07keLVKXxBF8oWbV
# v4LRE9Vprv0WP8zVKfuWi7s/L2HmNZodHGB+lrAJddqTl7X2lIc=
# =BKNk
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 02:20:34 PM CET
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'accel-cpus-20251103' of https://github.com/philmd/qemu:
rx: cpu: fix interrupts check in rx_cpu_do_interrupt()
util/hexdump: fix QEMU_HEXDUMP_LINE_WIDTH logic
timers: properly prefix init_clocks()
exec/cpu: Declare cpu_memory_rw_debug() in 'hw/core/cpu.h' and document
bql: Fix bql_locked status with condvar APIs
accel/tcg: Use cpu_is_stopped() helper to access CPUState::stopped
cpus: Access CPUState::thread_kicked atomically
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Igor Mammedov [Thu, 30 Oct 2025 16:59:32 +0000 (17:59 +0100)]
rx: cpu: fix interrupts check in rx_cpu_do_interrupt()
Commit 87511341c30 broke interrupt handling, replacing interrupts
fetch with a bool and then the remaining code attempting to check
individual bits on that bool value, which effectively masked those
interrupts.
Fix it by checking individual interrupt bits directly instead of
old 'fetch then check' approach.
Fixes: 87511341c30d ("add cpu_test_interrupt()/cpu_set_interrupt() helpers and use them tree wide") Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251030165932.138512-1-imammedo@redhat.com>
[PMD: Rebased on commit dde21df2393 "call plugin trap callbacks"] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
QEMU_HEXDUMP_LINE_WIDTH calculation doesn't correspond to
qemu_hexdump_line(). This leads to last line of the dump (when
length is not multiply of 16) has badly aligned ASCII part.
Let's calculate length the same way.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251031190246.257153-2-vsementsov@yandex-team.ru> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Alex Bennée [Thu, 30 Oct 2025 17:33:02 +0000 (17:33 +0000)]
timers: properly prefix init_clocks()
Otherwise we run the risk of name clashing, for example with
stm32l4x5_usart-test.c should we shuffle the includes.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251030173302.1379174-1-alex.bennee@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
exec/cpu: Declare cpu_memory_rw_debug() in 'hw/core/cpu.h' and document
cpu_memory_rw_debug() dispatches to CPUClass::memory_rw_debug(),
move its declaration closer to the CPU API. Document.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20251001150529.14122-22-philmd@linaro.org>
Peter Xu [Thu, 4 Sep 2025 22:31:58 +0000 (18:31 -0400)]
bql: Fix bql_locked status with condvar APIs
QEMU has a per-thread "bql_locked" variable stored in TLS section, showing
whether the current thread is holding the BQL lock.
It's a pretty handy variable. Function-wise, QEMU have codes trying to
conditionally take bql, relying on the var reflecting the locking status
(e.g. BQL_LOCK_GUARD), or in a GDB debugging session, we could also look at
the variable (in reality, co_tls_bql_locked), to see which thread is
currently holding the bql.
When using that as a debugging facility, sometimes we can observe multiple
threads holding bql at the same time. It's because QEMU's condvar APIs
bypassed the bql_*() API, hence they do not update bql_locked even if they
have released the mutex while waiting.
It can cause confusion if one does "thread apply all p co_tls_bql_locked"
and see multiple threads reporting true.
Fix this by moving the bql status updates into the mutex debug hooks. Now
the variable should always reflect the reality.
Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250904223158.1276992-1-peterx@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
accel/tcg: Use cpu_is_stopped() helper to access CPUState::stopped
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250925025520.71805-5-philmd@linaro.org>
cpus_kick_thread() is called via cpu_exit() -> qemu_cpu_kick(),
and also via gdb_syscall_handling(). Access the CPUState field
using atomic accesses. See commit 8ac2ca02744 ("accel: use atomic
accesses for exit_request") for rationale.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-Id: <20250925025520.71805-3-philmd@linaro.org>
docs: creation of x509 certs compliant with post-quantum crypto
Explain how to alter the certtool commands for creating certficates,
so that they can use algorithms that are compliant with post-quantum
crytography standards.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto: support upto 5 parallel certificate identities
The default (required) identity is stored in server-cert.pem /
client-cert.pem and server-key.pem / client-key.pem.
The 4 extra (optional) identities are stored in server-cert-$N.pem /
client-cert-$N.pem and server-key-$N.pem / client-key-$N.pem. The
numbering starts at 0 and the first missing cert/key pair will
terminate the loading process.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto: expand logic to cope with multiple certificate identities
Currently only a single set of certificates can be loaded for a
server / client. Certificates are created using a particular
key algorithm and in some scenarios it can be useful to support
multiple algorithms in parallel. This requires the ability to
load multiple sets of certificates.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The x509 TLS credentials code will load the identity certs once to
perform sanity chcking on the certs, then discard the certificate
objects and let gnutls load them a second time.
This extends the previous QCryptoTLSCredsX509Files struct to also
hold the identity certificates & key loaded for sanity checking
and pass them on to gnutls, avoiding the duplicated loading.
The unit tests need updating because we now correctly diagnose the
error scenario where the cert PEM file exists, without its matching
key PEM file. Previously that error was mistakenly ignored.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The x509 TLS credentials code will load the CA certs once to perform
sanity chcking on the certs, then discard the certificate objects
and let gnutls load them a second time.
This introduces a new QCryptoTLSCredsX509Files struct which will
hold the CA certificates loaded for sanity checking and pass them on
to gnutls, avoiding the duplicated loading.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto: deprecate use of external dh-params.pem file
GNUTLS has deprecated use of externally provided diffie-hellman
parameters. Since 3.6.0 it will automatically negotiate DH params
in accordance with RFC7919.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto: fix lifecycle handling of gnutls credentials objects
As described in the previous commit, the gnutls credentials need to
be kept alive for as long as the gnutls session object exists. Convert
the QCryptoTLSCreds objects to use QCryptoTLSCredsBox and holding the
gnutls credential objects. When loading the credentials into a gnutls
session, store a reference to the box into the QCryptoTLSSession object.
This has the useful side effect that the QCryptoTLSSession code no
longer needs to know about all the different credential types, it can
use the generic pointer stored in the box.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto: introduce a wrapper around gnutls credentials
The gnutls_credentials_set() method has a very suprising API contract
that requires the caller to preserve the passed in credentials pointer
for as long as the gnutls_session_t object is alive. QEMU is failing
to ensure this happens.
In QEMU the GNUTLS credentials object is owned by the QCryptoTLSCreds
object instance while the GNUTLS session object is owned by the
QCryptoTLSSession object instance. Their lifetimes are not guaranteed
to be the same, though in most common usage the credentials will outlive
the session. This is notably not the case, however, after the VNC server
gained the ability to reload credentials on the fly with:
If that is triggered while a VNC client is in the middle of performing
a TLS handshake, we might hit a use-after-free.
It is difficult to correct this problem because there's no way to deep-
clone a GNUTLS credentials object, nor is it reference counted. Thus we
introduce a QCryptoTLSCredsBox object whose only purpose is to add
reference counting around the GNUTLS credentials object.
The DH parameters set against a credentials object also have to be kept
alive for as long as the credentials exist. So the box must also hold
the DH parameters pointer.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto: reduce duplication in handling TLS priority strings
The logic for setting the TLS priority string on a session object has a
significant amount of logic duplication across the different credential
types. By recording the extra priority string suffix against the
credential class, we can introduce a common method for building the
priority string. The TLS session can now set the priority string without
caring about the credential type.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto: move release of DH parameters into TLS creds parent
The code for releasing DH parameters is common to all credential
subclasses, and the unload function is only called from the
finalizers, except for x509 reload, so can be moved into the
parent with a little update of the reload method.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto: remove needless indirection via parent_obj field
The reload method already has a pointer to the parent object in
the 'creds' parameter that is passed in, so indirect access via
the subclass 'parent_obj' field is redundant.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto: use g_autofree when loading x509 credentials
This allows removal of goto jumps during loading of the credentials
and will simplify the diff in following commits.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The check for the 'dir' property is being repeated for every
credential file to be loaded, but this results in incorrect
logic for optional credentials. The 'dir' property is mandatory
for PSK and x509 creds, even if some individual files are
optional. Address this by separating the check for the 'dir'
property.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto: remove redundant access() checks before loading certs
The qcrypto_tls_creds_get_path method will perform an access()
check on the file and return a NULL path if it fails. By the
time we get to loading the cert files we know they must exist
on disk and thus the second access() check is redundant.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto: replace stat() with access() for credential checks
Readability of the credential files is what matters for our usage,
so access() is more appropriate than stat().
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto: remove redundant parameter checking CA certs
The only caller of qcrypto_tls_creds_check_authority_chain always
passes 'true' for the 'isCA' parameter. The point of this method
is to check the CA chani, so no other value would ever make sense.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Manish Mishra [Fri, 24 Oct 2025 13:15:43 +0000 (13:15 +0000)]
io: flush zerocopy socket error queue on sendmsg failure due to ENOBUF
The kernel allocates extra metadata SKBs in case of a zerocopy send,
eventually used for zerocopy's notification mechanism. This metadata
memory is accounted for in the OPTMEM limit. The kernel queues
completion notifications on the socket error queue and this error queue
is freed when userspace reads it.
Usually, in the case of in-order processing, the kernel will batch the
notifications and merge the metadata into a single SKB and free the
rest. As a result, it never exceeds the OPTMEM limit. However, if there
is any out-of-order processing or intermittent zerocopy failures, this
error chain can grow significantly, exhausting the OPTMEM limit. As a
result, all new sendmsg requests fail to allocate any new SKB, leading
to an ENOBUF error. Depending on the amount of data queued before the
flush (i.e., large live migration iterations), even large OPTMEM limits
are prone to failure.
To work around this, if we encounter an ENOBUF error with a zerocopy
sendmsg, flush the error queue and retry once more.
Co-authored-by: Manish Mishra <manish.mishra@nutanix.com> Signed-off-by: Tejus GK <tejus.gk@nutanix.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[DB: change TRUE/FALSE to true/false for 'bool' type;
add more #ifdef QEMU_MSG_ZEROCOPY blocks] Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Tejus GK [Fri, 24 Oct 2025 13:15:42 +0000 (13:15 +0000)]
io: add a "blocking" field to QIOChannelSocket
Add a 'blocking' boolean field to QIOChannelSocket to track whether the
underlying socket is in blocking or non-blocking mode.
Signed-off-by: Tejus GK <tejus.gk@nutanix.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
io/channel: Have read/write functions take void * buffer argument
I/O channel read/write functions can operate on any area of
memory, regardless of the content their represent. Do not
restrict to array of char, use the void* type, which is also
the type of the underlying iovec::iov_base field.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[DB: also adapt test-crypto-tlssession.c func signatures] Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto/hash: Have hashing functions take void * buffer argument
Cryptographic hash function can operate on any area of memory,
regardless of the content their represent. Do not restrict to
array of char, use the void* type, which is also the type of
the underlying iovec::iov_base field.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
tests/qtest: Use exit-with-parent=on in qtest invocations
Previously libqtest.c set PR_SET_PDEATHSIG (or the equivalent on
FreeBSD) after forking the qemu subprocess. However we can get the
same behaviour now by using the new -run-with exit-with-parent=on
flag, on platforms that support it.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Libguestfs wants to use qemu to run a captive appliance. When the
program linked to libguestfs exits, we want qemu to be cleaned up.
Libguestfs goes to great lengths to do this at the moment: it either
forks a separate process to ensure clean-up is done, or it asks
libvirt to clean up the qemu process. However this is complicated and
not totally reliable.
On Linux, FreeBSD and macOS, there are mechanisms to ensure a signal
or message is delivered to a process when its parent process goes
away. The qemu test suite even uses this mechanism on Linux (see
PR_SET_PDEATHSIG in tests/qtest/libqtest.c).
In nbdkit we have long had the concept of running nbdkit captively,
and we have the nbdkit --exit-with-parent flag to help
(https://libguestfs.org/nbdkit-captive.1.html#EXIT-WITH-PARENT)
This commit adds the same mechanism. The syntax is:
qemu -run-with exit-with-parent=on [...]
This is not a feature that most typical users of qemu (for running
general purpose, long-lived VMs) should use, so it defaults to off.
The exit-with-parent.[ch] files are copied from nbdkit, where they
have a 3-clause BSD license which is compatible with qemu:
Thanks: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmkIas0ACgkQTLbY7tPo
# cTjDMBAAsYpXOwWFHfSrAMbNw8a4hXcUJ6qvm1qMZIANX33jAX9v2rPN7W7PCldk
# Ch6mkouubIUUdSk0i8RIyobm+UwyHag9lHICul1Pv91B/+F1wC353f5YDK7EJsdg
# FBT0SIIz4ZEkRKWbLvF6i6a1SW0jaT2jRxjXV3wUBGCyUal84qKNsv2KQIoeYUk3
# zmH9mBZXKv6nM5hc7VEp2g/G8e18flrCHClohMJdBIiK2hFqFcRcULlT6eVuUVxP
# gzq8lhoZZeWPpxDopq3IKDEA8NQUTYImdLbOfdjncBpcAXX0FNykH9JRmC7X+ObZ
# FtjHzQIW2Ry68SBmNhBm8kj5e4uybd+DqoIcrGa8TJBlfrl/Zkc63PXaWWs3BnnN
# eTYKamV9YR03yD9fTt3RnGwisZloSeRBn06grcdq7Lynwnap7S6PJMaDlOOGeopn
# Ocdj7w6LS05ocl3d+kRmor+z8L8AQ12drjaOqX8n9XcbUw7+RmrNyw66lGkMBhfM
# BSdFi2cpAdtz4rYxf60rkk10cWaPlO65MhTFkWDbdv5f+LFVeRwKJt61U1RLcSRM
# hbwJXRCspVSALjQ5gtEIhQjojxXEkiCkO3ap+sILb/nXh92y+QQ7DzX4vOFQ879e
# r9dCEGO+hyIea0+6Gy10cfrUyNKbqm501k61DP4ij2YwvxFAx9M=
# =g/cv
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 09:41:49 AM CET
# gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [unknown]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [unknown]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* tag 'igvm-20251103--pull-request' of https://gitlab.com/kraxel/qemu:
igvm: add MAINTAINERS entry
igvm: add support for initial register state load in native mode
igvm: add support for igvm memory map parameter in native mode
igvm: fix off by one bug in memmap entry count checking
igvm: move igvm.h file to include/system
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Ilya Leoshkevich [Thu, 16 Oct 2025 17:58:32 +0000 (19:58 +0200)]
target/s390x: Use address generation for register branch targets
Indirect branches to addresses taken from registers go through address
generation, e.g., for BRANCH ON CONDITION Principles of Operation says:
In the RR format, the contents of general register R2 are used to
generate the branch address
QEMU uses r2_nz handler for the respective register operands. Currently
it does not zero out extra bits in 24- and 31-bit addressing modes as
required by address generation. The very frequently used
s390x_tr_init_disas_context() function has a workaround for this,
but the code for saving an old PSW during an interrupt does not.
Add the missing masking to r2_nz. Enforce PSW validity by replacing the
workaround with an assertion.
Reported-by: Thomas Weißschuh <linux@weissschuh.net> Reported-by: Heiko Carstens <hca@linux.ibm.com> Link: https://lore.kernel.org/lkml/ab3131a2-c42a-47ff-bf03-e9f68ac053c0@t-8ch.de/ Cc: qemu-stable@nongnu.org Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Tested-by: Thomas Weißschuh <linux@weissschuh.net>
Message-ID: <20251016175954.41153-4-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
MemoryRegion::size is private data of MemoryRegion,
use the proper memory_region_size() getter to get it.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251028181300.41475-10-philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
tests/functional: include the lower level QMP log messages
We've seen a GitLab CI timeout failure in the test_pseries.py test,
where it appears likely that the test has hung in a self.qmp('quit')
call, but we don't have conclusive proof. Adding the QMP log category
to what we capture should help us diagnose this, at the cost of the
base.log file becoming significantly more verbose. The previous
commit to include the logger category name and function should at
least help understanding the more verbose logs.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251028182651.873256-3-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
tests/functional: include logger name and function in messages
As we collect debug logs from a wide range of code it becomes
increasingly confusing to understand where each log messages comes
from. Adding "%(name)s" gives us the logger name, which is usually
based on the python __name__ symbol, aka the code module name.
Then "%(funcName)s" completes the story by identifying the function.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251028182651.873256-2-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Wed, 29 Oct 2025 07:53:42 +0000 (08:53 +0100)]
tests/functional/x86_64/test_virtio_balloon: Fix cosmetic issues from pylint
Pylint complains about some style issues in this file: Unused variables
should be marked with an underscore, "when > then and when < now"
can be simplified to "now > when > then" and expectData doesn't conform
to the usual snake_case naming style.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251029075342.47335-1-thuth@redhat.com>
Thomas Huth [Wed, 29 Oct 2025 08:15:14 +0000 (09:15 +0100)]
tests/functional/x86_64/test_acpi_bits: Silence warnings reported by pylint
Pylint complains about too many positional arguments for the __init__
function of the QEMUBitsMachine class, use a "*" to enforce argument
passing by names instead (which the calling sites are doing here already).
Second, use lazy logging when calling self.log.info() with a "%s" format
string, and drop a superfluous "else:" that is not necessary after a
"raise" statement.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251029081514.60802-1-thuth@redhat.com>
Remove/comment some unused variables to make pylint happy.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251029081805.63147-1-thuth@redhat.com>
Thomas Huth [Mon, 27 Oct 2025 11:23:47 +0000 (12:23 +0100)]
tests/functional/migration: Fix bad indentation
pylint complains about bad indentation in two lines. Use 12 spaces
instead of 11 spaces to get it right.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251027112347.54190-1-thuth@redhat.com>
Without "S: Maintained", ./scripts/get_maintainer.pl shows "unknown"
role instead of "maintainer" for "M: " entry, it's confusing. I really
hope that functional tests are maintained:)
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251025165809.930670-3-vsementsov@yandex-team.ru> Signed-off-by: Thomas Huth <thuth@redhat.com>
TemporaryDirectory prefer explicit call to .cleanup() (or
use context manager). Otherwise it may produce a warning like:
/usr/lib/python3.10/tempfile.py:1008: \
ResourceWarning: Implicitly cleaning up \
<TemporaryDirectory '/tmp/qemu_func_test_sock_4esmf5ba'>
Currently, the only test using socket_dir() is
tests/functional/x86_64/test_vfio_user_client.py, and it does
print this warning, at least with python 3.10.12. With this commit,
the warning disappears.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251025165809.930670-2-vsementsov@yandex-team.ru> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Wed, 15 Oct 2025 09:54:54 +0000 (11:54 +0200)]
tests/functional: Fix problems in utils.py reported by pylint
- put the doc strings in the right locations (after the "def" line)
- use the right indentation (4 spaces)
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251015095454.1575318-7-thuth@redhat.com>
Thomas Huth [Wed, 15 Oct 2025 09:54:53 +0000 (11:54 +0200)]
tests/functional: Fix problems in uncompress.py reported by pylint
- put the doc strings in the right locations (after the "def" line)
- use isinstance() instead of checking via type()
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251015095454.1575318-6-thuth@redhat.com>
Thomas Huth [Wed, 15 Oct 2025 09:54:50 +0000 (11:54 +0200)]
tests/functional: Fix problems in decorators.py reported by pylint
The documentation strings should follow the function definition
lines, not precede them.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251015095454.1575318-3-thuth@redhat.com>
When the QMP library was updated to match the standalone repository in 094ded52, I neglected to update the logging filter(s) in
device-crash-test, which allowed the spurious messages to leak through.
Update the log filter to re-suppress these messages.
Fixes: 094ded52 Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20251022213109.395149-1-jsnow@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Gerd Hoffmann [Wed, 29 Oct 2025 10:55:55 +0000 (11:55 +0100)]
igvm: add MAINTAINERS entry
Roy Hopkins (the original author) does not respond, so the new plan
going forward is that I will maintain this together with Stefano. Also
add Ani as reviewer.
Gerd Hoffmann [Wed, 29 Oct 2025 10:55:54 +0000 (11:55 +0100)]
igvm: add support for initial register state load in native mode
Add IgvmNativeVpContextX64 struct holding the register state (see igvm
spec), and the qigvm_x86_load_context() function to load the register
state.
Wire up using two new functions: qigvm_x86_set_vp_context() is called
from igvm file handling code and stores the boot processor context.
qigvm_x86_bsp_reset() is called from i386 target cpu reset code and
loads the context into the cpu registers.
Gerd Hoffmann [Wed, 29 Oct 2025 10:55:53 +0000 (11:55 +0100)]
igvm: add support for igvm memory map parameter in native mode
Add and wire up qigvm_x86_get_mem_map_entry function which converts the
e820 table into an igvm memory map parameter. This makes igvm files for
the native (non-confidential) platform with memory map parameter work.
Merge tag 'pull-target-arm-20251031' of https://gitlab.com/pm215/qemu into staging
target-arm queue:
* hw/gpio/pl061: Declare pullups/pulldowns as 8-bit types
* docs/system/arm/virt: Document user-creatable SMMUv3
* docs/system/security: Restrict "virtualization use case" to specific machines
* target/arm: Add assert to arm_to_core_mmu_idx()
* hw/arm/virt: remove deprecated virt-4.1 and virt-4.2 machine types
* hvf: Refactorings and cleanups
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmkFAKcZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3oSZD/0ekFlrMRFZCYg7ie9t/Cgz
# 7OBZGjK+WfuKsD9odYesZzxJ+aPMBQHu6l/44cYaqf+NTRM2hI9ZeaV9e4fXPG0e
# fYImjYMLKPHj4UTam42uN0btl3poq+oaVPKqDPovy+9E09NctO4fmTl7Zys6pH/1
# EwznCk1x3+JLW0xPXXEvfTniB1nB+hvKA/n7NS0qe6n2ddenhQzG8DpdnGEGB+75
# whMwhE/UJ5Y8rP6/Nfc8XqzgU6fmEpPsDRHjDCULy/CiGCV6k8/C8J94UTf2SExh
# iiMLySUb2Rv6qIL2nJX2+xup79UB7umxxoIL0eeN1U/M1L7zMB64rlcU/cym2I40
# mAFuW2qzdsADnpRP8d4KTMJQmFxtZuKuxpkapvIFuusiKq5vBwTxfzyLWdM6nPI9
# 7tbKImzLxC1mnOAT0QeZYhLrWMZgQi3tBcS852JAXpiW1eT7SWsl59bKNgCVzI7r
# malptTniE1G+F4VWlghApLympBhNMMaFBfY4XBQ+VxEu+JNhO+MQlJhcLVbqX+oY
# m2OQhPHRv2YUM2VGv40JuzaUE1cXHXNsC7s9hHsB/3UwIp3fXOsdGuq6KviHdcbP
# moQn3M8S/vdFB+1spkhVxS7xgIZJo9f2kaTe9VlpEY7/k5n36BTsxPN6Uae2gIVq
# w4qzOjXFEyeIxLLKQZqyZg==
# =9IV+
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 31 Oct 2025 07:32:07 PM CET
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [unknown]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20251031' of https://gitlab.com/pm215/qemu: (38 commits)
accel/hvf: Trace prefetch abort
target/arm/hvf/hvf: Document $pc adjustment in HVF & SMC
target/arm: Share ARM_PSCI_CALL trace event between TCG and HVF
target/arm: Re-use arm_is_psci_call() in HVF
target/arm/hvf: Rename 'vgic' -> 'emu_reginfo' in trace events
target/arm: Rename init_cpreg_list() -> arm_init_cpreg_list()
accel/hvf: Restrict ARM specific fields of AccelCPUState
target/arm: Call aarch64_add_pauth_properties() once in host_initfn()
accel/hvf: Guard hv_vcpu_run() between cpu_exec_start/end() calls
cpus: Trace cpu_exec_start() and cpu_exec_end() calls
target/arm/hvf: Keep calling hv_vcpu_run() in loop
target/arm/hvf: Factor hvf_handle_vmexit() out
target/i386/hvf: Factor hvf_handle_vmexit() out
target/arm/hvf: Factor hvf_handle_exception() out
target/arm/hvf: switch hvf_arm_get_host_cpu_features to not create a vCPU
target/arm/hvf: Simplify hvf_arm_get_host_cpu_features()
target/arm/hvf: Hardcode Apple MIDR
accel/hvf: Implement hvf_arch_vcpu_destroy()
target/arm/hvf: Mention hvf_inject_interrupts() must run on vCPU thread
accel/hvf: Mention hvf_arch_update_guest_debug() must run on vCPU
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'audio-test-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging
Audio clean-ups
# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCgA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmkEWqwcHG1hcmNhbmRy
# ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5a4RD/49KcP8h/5+QT3nu703
# OL/c/+M0DEZCVikzbj1T+nZNlUZtto/wE1vY0/xxzoyMh/4XbUFI0b/YK8WcQyUx
# ozrWOCi6TquS1QpR62FBmDJ6QDA2KteTF8Zq/owdFj+l7VJ5F5mzcuuFCxLx1EVH
# 7qOIf37Vk4r8jz42CLRTusPGQZLSvS8LbTBP62guauXlVAKVWI8k9macRSqoTBRo
# VrQO3QC/JFSqkB2jGfes8AMU+RWLYPG3ICCf0UYHH/kMik/JEL+1arx7au7oukTb
# 3kp8cxGnuJzBKCvY8SLwQF3YiCotYQIjSkvAQrMYBXalPBjQIIh+vzegcF1D+xZb
# 6KR4kh3oXPHtVCG2AXcxA4IuAi50jYFPn6TgDkRrUAEhsOqOxLo5bmZsqWK7L3/u
# 61jLKSjLRSc+NjhwHN0YVy1ocdsLf2z1LQNHjC1TuxrgI//9fQnOE2gASb8tmJGg
# BlPYp5h6G50IEaACzlZEtudWpKRb/XyflWpHbWte0VUO9dpz/cUvO1P38CpPD1dr
# ohENb8eLn0L23M12tUABV0IoA729phBYh3Eua9uIzEVfuRVfoPCuocx6VxQked91
# SZr7X9G80Nyh5YYiMlrwpN8eDgPtKfW5JwI2wYME6clGLnf/catkqCl/qp4nQeG5
# LPZiFy5Krz+QuSq41DjcSWRD+g==
# =qTgA
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 31 Oct 2025 07:43:56 AM CET
# gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg: issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [unknown]
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5
* tag 'audio-test-pull-request' of https://gitlab.com/marcandre.lureau/qemu: (36 commits)
audio: deprecate HMP audio commands
audio: Rename @endianness argument as @big_endian for clarity
audio: Remove pointless local variables
audio: drop needless audio_driver "descr" field
audio: move capture API to own header
audio: cleanup, use bool for booleans
audio: remove dependency on spice header
audio: move audio.h under include/qemu/
audio/dbus: use a helper function to set the backend dbus server
audio: remove QEMUSoundCard
audio: rename AudioState -> AudioBackend
audio: move internal APIs to audio_int.h
audio/replay: fix type punning
audio: introduce AUD_set_volume_{in,out}_lr()
audio: remove AUDIO_HOST_ENDIANNESS
audio: remove some needless headers
audio: initialize card_head during object init
audio: register and unregister vmstate with AudioState
audio: keep vmstate handle with AudioState
audio: drop needless error message
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'qga-pull-2025-10-30' of https://github.com/kostyanf14/qemu into staging
qga-pull-2025-10-30
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEwsLBCepDxjwUI+uE711egWG6hOcFAmkDYhwACgkQ711egWG6
# hOcMLQ//X/xmrP+PMFbEkPVHCYV0OB5CqvWXw01NOUTRfzMr/xoW+Bws9gC3ok8b
# j1OfsQp48l7e347ZzOYTCaU05lKz7uxgniciwV76tqZM0hPF8ftjRFh4Sia4gGDD
# yqAo9utZ9gE3fW2KEDgjjHtzujj7O0jkV2tqwhjkFr74LH99b422HCgM21GUC03W
# hOLXuNkUVZZVR3JSMweVjSUf+/3NX17lU6EBTdZJ9fF7OF4tpQeLIrgQfI03Tkee
# ZXiVbUbpbRC8LUJhA6sfm0+YCK4x5kRhveSk9nJx5qcARLG0V4RS/DEyZatr2R7/
# KsBR7VSKPWwHhS+MbHako0nMbO76UCZ5Tqx+9i0evHe6KIiMq6O8QhENGtrCwpV0
# wcycFqgtmEyMqoqoHIDAIFrOblo9DzgsxE3QchBOl+EDc/zfKNE4nho+KVT9H2J5
# IjcljLkQUSFcw5pcW+QRsg/HL+rgoSrb8FXuUDZKXeD8jnyM/ISHA8EX0CxJWhUi
# FbkHvhWk7S/SarENr2WnQzuAoPa/eFTd3HKOizZNNkhwyOjox349QwudIEpjdusE
# GCiBrEh3q3fSwgy85KaZH5NYTvgCRa9Ol8CAeIDJxiEb3ywpZJTgnOf21m8Lj5J1
# FITBVpZ+z8fu0PUXScHQ3KZmHh3OoDs++sa7iOqghpDYvJVeUM0=
# =OGKA
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 30 Oct 2025 02:03:24 PM CET
# gpg: using RSA key C2C2C109EA43C63C1423EB84EF5D5E8161BA84E7
# gpg: Good signature from "Kostiantyn Kostiuk (Upstream PR sign) <kkostiuk@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: C2C2 C109 EA43 C63C 1423 EB84 EF5D 5E81 61BA 84E7
* tag 'qga-pull-2025-10-30' of https://github.com/kostyanf14/qemu:
qga: Support guest shutdown of BusyBox-based systems
qga: Improve Windows filesystem space info retrieval logic
scripts/qemu-guest-agent/fsfreeze-hook: improve script description
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-ppc-for-10.2-d4-20251030' of https://gitlab.com/harshpb/qemu into staging
ppc queue for 10.2
* Firmware updates for SLOF, sam460ex u-boot
* Removal of unusable e200 CPUs
* Coverity fixes for fadump
* Other minor fixes, cleanups for pegasos, spapr.
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEa4EM1tK+EPOIPSFCRUTplPnWj7sFAmkDH0MACgkQRUTplPnW
# j7tRjQ/+JbtHt8v4liav4EXRMvM0b8ASDQZFtltC8cg/vpgy/CbYgqcltQDKC4+F
# NjBwSR4mKMTLX95LQsdFCLZY6FENKCirjpsCvHDxU9Hw/UdsVA12rFd/+lgytrTe
# yvJzyhUAoUMSFgpYGZSRQVV+eMEMgHBZekR2RLXwEeuLf/TOAdG+giCMM92Xs7bz
# petdqCspKvpw8RHjb2nyIh67RQ3zYVisU9/pczoNRytjQHYgllddXRt1/DOdF/Gi
# zREc7qE3biDg5jYgWScByy6EwBBBPqNbvR1GLjMV2rM77785KD9GsIzKCCzg6YQY
# CSN/fy8V4TXVkJn8nY2s3SHvBz3szNSvx/nL8sCyKXol/5Naha5CLN0ykz5VcrIf
# 9gNwifW22lHbAtvbmRY9yuTrao8RoQwEZ/3o8Te3W/U9iCFLnwCmKWb/3GT6i/kw
# yyJlUBuW5WASf5N+G0N7IB5BAwzoQQtd0WXW1ugXAFG+Bd/nkRvVkIf9sPWUxWJ/
# 0Tx+2rPZOFzju8VYO8188wh/zDLuNRTEdfo+L21GMI2OBBEUO2nIiwPTLIMrCT4e
# ycC7Vvyu3IahX9ojIL9g0RhPH4K4JDbQuDnszp9SBGcgJYzwLh5Hb436A30A6qJE
# 7r5FTCiwtG27eMKCeZU3iBGpcj+g4kWIvmYEITsyCl8CxKv5+fs=
# =fzVo
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 30 Oct 2025 09:18:11 AM CET
# gpg: using RSA key 6B810CD6D2BE10F3883D21424544E994F9D68FBB
# gpg: Good signature from "Harsh Prateek Bora <harsh.prateek.bora@gmail.com>" [undefined]
# gpg: aka "Harsh Prateek Bora <harshpb@linux.ibm.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6B81 0CD6 D2BE 10F3 883D 2142 4544 E994 F9D6 8FBB
* tag 'pull-ppc-for-10.2-d4-20251030' of https://gitlab.com/harshpb/qemu:
hw/ppc/pegasos: Update documentation for pegasos1
hw/ppc/pegasos2: Rename to pegasos
hw/ppc/pegasos2: Add /chosen/stdin node with VOF
hw/ppc: Fix memory leak in get_cpu_state_data()
hw/ppc: Fix missing return on allocation failure
ppc/spapr: Cleanup MSI IRQ number handling
target/ppc: Remove the unusable e200 CPUs
target/ppc/cpu_init: Simplify the setup of the TLBxCFG SPR registers
hw/ppc/sam460ex: Update u-boot-sam460ex
pseries: Update SLOF firmware image to release 20251027
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm/hvf/hvf: Document $pc adjustment in HVF & SMC
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Share ARM_PSCI_CALL trace event between TCG and HVF
It is useful to compare PSCI calls of the same guest running
under TCG or HVF.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Re-use arm_is_psci_call() instead of open-coding it.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm/hvf: Rename 'vgic' -> 'emu_reginfo' in trace events
In order to extend the trace events to other registers,
rename and pass the register group as argument.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
accel/hvf: Restrict ARM specific fields of AccelCPUState
Do not expose ARM specific fields to X86 implementation,
allowing to use the proper 'hv_vcpu_exit_t' type.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Call aarch64_add_pauth_properties() once in host_initfn()
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
accel/hvf: Guard hv_vcpu_run() between cpu_exec_start/end() calls
Similarly to 1d78a3c3ab8 for KVM, wrap hv_vcpu_run() with
cpu_exec_start/end(), so that the accelerator can perform
pending operations while all vCPUs are quiescent. See also
explanation in commit c265e976f46 ("cpus-common: lock-free
fast path for cpu_exec_start/end").
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
cpus: Trace cpu_exec_start() and cpu_exec_end() calls
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Factor hvf_handle_vmexit() out of hvf_arch_vcpu_exec().
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use index in the structure, dereference &host_isar.idregs[] once.
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / thirdparty / qemu.git / log
