Merge tag 'pull-request-2025-11-03' of https://gitlab.com/thuth/qemu into staging
* Fix spurious EOFError messages from the device-crash-test script
* Fix various issues in the functional tests that pylint complained about
* Improve logging information in the functional tests
* Fix issue in the s390x clock-comparator code
* Use address generation for register branch targets on s390x
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCgAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmkIincRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbUpBg/+KQsh+JNxymwft6ohIiyUqP1vNFYbWMty
# MPRLhInAfT55Hkf6wBX0+WbhqePXvVcThjahh8+2ZlX7/9RVKA5xYn2zLe+tZc8P
# YayVfw0ferJkDoY5UjtQS2RxSpKvs+DaSEpnKzCXA5T5ytth70wM4doQ5h65qz45
# 31dLyBhkYLATF00otT62iKzcudpZosxdkC1nPd5FZDM5nXjzeA8CfdsWTW/wa7Kq
# OuMM9a9f7jp3i4OCsyOaPoHhZisP+RK/26m+cMFk2JR41anK4SZ5neunFYre5blg
# W1JkVI+JSLunPfNpKqAKPMPiJ4mKu0vxTeFsY6NMzeRINnr4ctoJf2zED1eMk+R5
# qEJWZfcjXAfMHF0VGvmMHbISCygJXBUMjK0I58N2hJbQPinGiQvQMM8M8S+S3bUm
# 0bQxYJPB9ipIz2N3j/xcgQV60df7ut9qp1buVC9XyRiozkUadjFJBCFtB9+Fum+6
# MmXwW94LZbKBYiB7gtEjnLdaqCyua5pnFqQG3BbWgpEpXbNlNVTw9cajKhqTD+H+
# R63wPSojo0jc2idmdJCVeUxxQFW/tpWdBXQ0fDRAqIkTTZhF4e+vM82aPd61jpDO
# M4gFsddTXNDhElAw14/RK+wtIZQHliaSQSxRrzpb8n0tKR+41XvBKIsqYBQUDN3o
# 7xe3j9SzpU4=
# =fyHW
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 11:56:55 AM CET
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [unknown]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [unknown]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2025-11-03' of https://gitlab.com/thuth/qemu: (22 commits)
tests/tcg/s390x: Test SET CLOCK COMPARATOR
target/s390x: Use address generation for register branch targets
target/s390x: Fix missing clock-comparator interrupts after reset
target/s390x: Fix missing interrupts for small CKC values
hw/s390x: Use memory_region_size()
tests/functional: include the lower level QMP log messages
tests/functional: include logger name and function in messages
tests/functional/ppc64: Fix class names to silence pylint warnings
tests/functional/x86_64/test_virtio_balloon: Fix cosmetic issues from pylint
tests/functional/x86_64/test_acpi_bits: Silence warnings reported by pylint
tests/functional/rx/test_gdbsim: Remove unused variables
tests/functional/ppc64/test_mac99: Fix style issues reported by pylint
tests/functional/migration: Fix bad indentation
MAINTAINERS: fix functional tests section
tests/functional/.../testcase.py: better socketdir cleanup
tests/functional/arm/test_aspeed_ast1030: Remove unused import
tests/functional: Fix problems in utils.py reported by pylint
tests/functional: Fix problems in uncompress.py reported by pylint
tests/functional: Fix problems in linuxkernel.py reported by pylint
tests/functional: Fix problems in decorators.py reported by pylint
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'accel-cpus-20251103' of https://github.com/philmd/qemu into staging
Generic CPUs / accelerators patch queue
- Access CPUState::thread_kicked atomically
- Fix bql_locked status with condvar APIs
- Document cpu_memory_rw_debug()
- Rename init_clocks() -> qemu_init_clocks() to avoid name clashing
- Fix QEMU_HEXDUMP_LINE_WIDTH logic
- Fix interrupts check in rx_cpu_do_interrupt()
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmkIrCIACgkQ4+MsLN6t
# wN6wSRAAkfYKbLKLqdrYpuz+D94KSnhrBxqXaC9RH+Q48VQS5Du4IBXfuTPtUa5+
# ii73XmEl3J83NbK+miH5rqRuRNCqj/MC1MUeFuXDjI2kkIupZMnarus4kS/zZ0zE
# KgJeZxfuHXkxs7SLjk/N1b8/BJSZXfXybtNVhnzPTS6UyuGvx3MBf5g3NtwlVC4B
# J3o/5klyxFzB9oyASg0pTCXnjdTnqakre1MnYFoEctxDq+W3AJgiT6MVkVWuPtxn
# AbN1Zf9vi/e7UyVB2r8NprMfgukJBiMIQK/yfwkWOr1iE4aUSapLCvZEc1ZuL5RF
# asFZ5sptn0QU0nJX2UTs/dWWdukLyffem/OIp737WsXR3EPCcWIEVF8oXlRcdGR0
# BBkyWP6H0v75lvD4V+cn0hUXeT2tSAWBddtSvIZ08tfIo1z6s+ckVPY1C3m3xbXt
# BsWjKaFG7UlkUXfmgXlkaNYzzicZTg1arOIQ4InPlIeJ+6gzWad3ciRk7zIyEpSA
# EizIIxI9WILcG2Qp5MvXuCiTQvPlN2AhOq7Z3L+XyeAK/7qXpUmlrdMeTshJE5z4
# rQHt0tb689ma/Vm0/NbZZ8RY66xgdpGcYjNYgthm4nkah02a07keLVKXxBF8oWbV
# v4LRE9Vprv0WP8zVKfuWi7s/L2HmNZodHGB+lrAJddqTl7X2lIc=
# =BKNk
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 02:20:34 PM CET
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'accel-cpus-20251103' of https://github.com/philmd/qemu:
rx: cpu: fix interrupts check in rx_cpu_do_interrupt()
util/hexdump: fix QEMU_HEXDUMP_LINE_WIDTH logic
timers: properly prefix init_clocks()
exec/cpu: Declare cpu_memory_rw_debug() in 'hw/core/cpu.h' and document
bql: Fix bql_locked status with condvar APIs
accel/tcg: Use cpu_is_stopped() helper to access CPUState::stopped
cpus: Access CPUState::thread_kicked atomically
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Igor Mammedov [Thu, 30 Oct 2025 16:59:32 +0000 (17:59 +0100)]
rx: cpu: fix interrupts check in rx_cpu_do_interrupt()
Commit 87511341c30 broke interrupt handling, replacing interrupts
fetch with a bool and then the remaining code attempting to check
individual bits on that bool value, which effectively masked those
interrupts.
Fix it by checking individual interrupt bits directly instead of
old 'fetch then check' approach.
Fixes: 87511341c30d ("add cpu_test_interrupt()/cpu_set_interrupt() helpers and use them tree wide") Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251030165932.138512-1-imammedo@redhat.com>
[PMD: Rebased on commit dde21df2393 "call plugin trap callbacks"] Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
QEMU_HEXDUMP_LINE_WIDTH calculation doesn't correspond to
qemu_hexdump_line(). This leads to last line of the dump (when
length is not multiply of 16) has badly aligned ASCII part.
Let's calculate length the same way.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251031190246.257153-2-vsementsov@yandex-team.ru> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Alex Bennée [Thu, 30 Oct 2025 17:33:02 +0000 (17:33 +0000)]
timers: properly prefix init_clocks()
Otherwise we run the risk of name clashing, for example with
stm32l4x5_usart-test.c should we shuffle the includes.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251030173302.1379174-1-alex.bennee@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
exec/cpu: Declare cpu_memory_rw_debug() in 'hw/core/cpu.h' and document
cpu_memory_rw_debug() dispatches to CPUClass::memory_rw_debug(),
move its declaration closer to the CPU API. Document.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20251001150529.14122-22-philmd@linaro.org>
Peter Xu [Thu, 4 Sep 2025 22:31:58 +0000 (18:31 -0400)]
bql: Fix bql_locked status with condvar APIs
QEMU has a per-thread "bql_locked" variable stored in TLS section, showing
whether the current thread is holding the BQL lock.
It's a pretty handy variable. Function-wise, QEMU have codes trying to
conditionally take bql, relying on the var reflecting the locking status
(e.g. BQL_LOCK_GUARD), or in a GDB debugging session, we could also look at
the variable (in reality, co_tls_bql_locked), to see which thread is
currently holding the bql.
When using that as a debugging facility, sometimes we can observe multiple
threads holding bql at the same time. It's because QEMU's condvar APIs
bypassed the bql_*() API, hence they do not update bql_locked even if they
have released the mutex while waiting.
It can cause confusion if one does "thread apply all p co_tls_bql_locked"
and see multiple threads reporting true.
Fix this by moving the bql status updates into the mutex debug hooks. Now
the variable should always reflect the reality.
Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250904223158.1276992-1-peterx@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
accel/tcg: Use cpu_is_stopped() helper to access CPUState::stopped
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250925025520.71805-5-philmd@linaro.org>
cpus_kick_thread() is called via cpu_exit() -> qemu_cpu_kick(),
and also via gdb_syscall_handling(). Access the CPUState field
using atomic accesses. See commit 8ac2ca02744 ("accel: use atomic
accesses for exit_request") for rationale.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-Id: <20250925025520.71805-3-philmd@linaro.org>
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmkIas0ACgkQTLbY7tPo
# cTjDMBAAsYpXOwWFHfSrAMbNw8a4hXcUJ6qvm1qMZIANX33jAX9v2rPN7W7PCldk
# Ch6mkouubIUUdSk0i8RIyobm+UwyHag9lHICul1Pv91B/+F1wC353f5YDK7EJsdg
# FBT0SIIz4ZEkRKWbLvF6i6a1SW0jaT2jRxjXV3wUBGCyUal84qKNsv2KQIoeYUk3
# zmH9mBZXKv6nM5hc7VEp2g/G8e18flrCHClohMJdBIiK2hFqFcRcULlT6eVuUVxP
# gzq8lhoZZeWPpxDopq3IKDEA8NQUTYImdLbOfdjncBpcAXX0FNykH9JRmC7X+ObZ
# FtjHzQIW2Ry68SBmNhBm8kj5e4uybd+DqoIcrGa8TJBlfrl/Zkc63PXaWWs3BnnN
# eTYKamV9YR03yD9fTt3RnGwisZloSeRBn06grcdq7Lynwnap7S6PJMaDlOOGeopn
# Ocdj7w6LS05ocl3d+kRmor+z8L8AQ12drjaOqX8n9XcbUw7+RmrNyw66lGkMBhfM
# BSdFi2cpAdtz4rYxf60rkk10cWaPlO65MhTFkWDbdv5f+LFVeRwKJt61U1RLcSRM
# hbwJXRCspVSALjQ5gtEIhQjojxXEkiCkO3ap+sILb/nXh92y+QQ7DzX4vOFQ879e
# r9dCEGO+hyIea0+6Gy10cfrUyNKbqm501k61DP4ij2YwvxFAx9M=
# =g/cv
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 03 Nov 2025 09:41:49 AM CET
# gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [unknown]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [unknown]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* tag 'igvm-20251103--pull-request' of https://gitlab.com/kraxel/qemu:
igvm: add MAINTAINERS entry
igvm: add support for initial register state load in native mode
igvm: add support for igvm memory map parameter in native mode
igvm: fix off by one bug in memmap entry count checking
igvm: move igvm.h file to include/system
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Ilya Leoshkevich [Thu, 16 Oct 2025 17:58:32 +0000 (19:58 +0200)]
target/s390x: Use address generation for register branch targets
Indirect branches to addresses taken from registers go through address
generation, e.g., for BRANCH ON CONDITION Principles of Operation says:
In the RR format, the contents of general register R2 are used to
generate the branch address
QEMU uses r2_nz handler for the respective register operands. Currently
it does not zero out extra bits in 24- and 31-bit addressing modes as
required by address generation. The very frequently used
s390x_tr_init_disas_context() function has a workaround for this,
but the code for saving an old PSW during an interrupt does not.
Add the missing masking to r2_nz. Enforce PSW validity by replacing the
workaround with an assertion.
Reported-by: Thomas Weißschuh <linux@weissschuh.net> Reported-by: Heiko Carstens <hca@linux.ibm.com> Link: https://lore.kernel.org/lkml/ab3131a2-c42a-47ff-bf03-e9f68ac053c0@t-8ch.de/ Cc: qemu-stable@nongnu.org Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Tested-by: Thomas Weißschuh <linux@weissschuh.net>
Message-ID: <20251016175954.41153-4-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
MemoryRegion::size is private data of MemoryRegion,
use the proper memory_region_size() getter to get it.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251028181300.41475-10-philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
tests/functional: include the lower level QMP log messages
We've seen a GitLab CI timeout failure in the test_pseries.py test,
where it appears likely that the test has hung in a self.qmp('quit')
call, but we don't have conclusive proof. Adding the QMP log category
to what we capture should help us diagnose this, at the cost of the
base.log file becoming significantly more verbose. The previous
commit to include the logger category name and function should at
least help understanding the more verbose logs.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251028182651.873256-3-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
tests/functional: include logger name and function in messages
As we collect debug logs from a wide range of code it becomes
increasingly confusing to understand where each log messages comes
from. Adding "%(name)s" gives us the logger name, which is usually
based on the python __name__ symbol, aka the code module name.
Then "%(funcName)s" completes the story by identifying the function.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251028182651.873256-2-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Wed, 29 Oct 2025 07:53:42 +0000 (08:53 +0100)]
tests/functional/x86_64/test_virtio_balloon: Fix cosmetic issues from pylint
Pylint complains about some style issues in this file: Unused variables
should be marked with an underscore, "when > then and when < now"
can be simplified to "now > when > then" and expectData doesn't conform
to the usual snake_case naming style.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251029075342.47335-1-thuth@redhat.com>
Thomas Huth [Wed, 29 Oct 2025 08:15:14 +0000 (09:15 +0100)]
tests/functional/x86_64/test_acpi_bits: Silence warnings reported by pylint
Pylint complains about too many positional arguments for the __init__
function of the QEMUBitsMachine class, use a "*" to enforce argument
passing by names instead (which the calling sites are doing here already).
Second, use lazy logging when calling self.log.info() with a "%s" format
string, and drop a superfluous "else:" that is not necessary after a
"raise" statement.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251029081514.60802-1-thuth@redhat.com>
Remove/comment some unused variables to make pylint happy.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251029081805.63147-1-thuth@redhat.com>
Thomas Huth [Mon, 27 Oct 2025 11:23:47 +0000 (12:23 +0100)]
tests/functional/migration: Fix bad indentation
pylint complains about bad indentation in two lines. Use 12 spaces
instead of 11 spaces to get it right.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251027112347.54190-1-thuth@redhat.com>
Without "S: Maintained", ./scripts/get_maintainer.pl shows "unknown"
role instead of "maintainer" for "M: " entry, it's confusing. I really
hope that functional tests are maintained:)
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251025165809.930670-3-vsementsov@yandex-team.ru> Signed-off-by: Thomas Huth <thuth@redhat.com>
TemporaryDirectory prefer explicit call to .cleanup() (or
use context manager). Otherwise it may produce a warning like:
/usr/lib/python3.10/tempfile.py:1008: \
ResourceWarning: Implicitly cleaning up \
<TemporaryDirectory '/tmp/qemu_func_test_sock_4esmf5ba'>
Currently, the only test using socket_dir() is
tests/functional/x86_64/test_vfio_user_client.py, and it does
print this warning, at least with python 3.10.12. With this commit,
the warning disappears.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251025165809.930670-2-vsementsov@yandex-team.ru> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Wed, 15 Oct 2025 09:54:54 +0000 (11:54 +0200)]
tests/functional: Fix problems in utils.py reported by pylint
- put the doc strings in the right locations (after the "def" line)
- use the right indentation (4 spaces)
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251015095454.1575318-7-thuth@redhat.com>
Thomas Huth [Wed, 15 Oct 2025 09:54:53 +0000 (11:54 +0200)]
tests/functional: Fix problems in uncompress.py reported by pylint
- put the doc strings in the right locations (after the "def" line)
- use isinstance() instead of checking via type()
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251015095454.1575318-6-thuth@redhat.com>
Thomas Huth [Wed, 15 Oct 2025 09:54:50 +0000 (11:54 +0200)]
tests/functional: Fix problems in decorators.py reported by pylint
The documentation strings should follow the function definition
lines, not precede them.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251015095454.1575318-3-thuth@redhat.com>
When the QMP library was updated to match the standalone repository in 094ded52, I neglected to update the logging filter(s) in
device-crash-test, which allowed the spurious messages to leak through.
Update the log filter to re-suppress these messages.
Fixes: 094ded52 Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20251022213109.395149-1-jsnow@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Gerd Hoffmann [Wed, 29 Oct 2025 10:55:55 +0000 (11:55 +0100)]
igvm: add MAINTAINERS entry
Roy Hopkins (the original author) does not respond, so the new plan
going forward is that I will maintain this together with Stefano. Also
add Ani as reviewer.
Gerd Hoffmann [Wed, 29 Oct 2025 10:55:54 +0000 (11:55 +0100)]
igvm: add support for initial register state load in native mode
Add IgvmNativeVpContextX64 struct holding the register state (see igvm
spec), and the qigvm_x86_load_context() function to load the register
state.
Wire up using two new functions: qigvm_x86_set_vp_context() is called
from igvm file handling code and stores the boot processor context.
qigvm_x86_bsp_reset() is called from i386 target cpu reset code and
loads the context into the cpu registers.
Gerd Hoffmann [Wed, 29 Oct 2025 10:55:53 +0000 (11:55 +0100)]
igvm: add support for igvm memory map parameter in native mode
Add and wire up qigvm_x86_get_mem_map_entry function which converts the
e820 table into an igvm memory map parameter. This makes igvm files for
the native (non-confidential) platform with memory map parameter work.
Merge tag 'pull-target-arm-20251031' of https://gitlab.com/pm215/qemu into staging
target-arm queue:
* hw/gpio/pl061: Declare pullups/pulldowns as 8-bit types
* docs/system/arm/virt: Document user-creatable SMMUv3
* docs/system/security: Restrict "virtualization use case" to specific machines
* target/arm: Add assert to arm_to_core_mmu_idx()
* hw/arm/virt: remove deprecated virt-4.1 and virt-4.2 machine types
* hvf: Refactorings and cleanups
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmkFAKcZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3oSZD/0ekFlrMRFZCYg7ie9t/Cgz
# 7OBZGjK+WfuKsD9odYesZzxJ+aPMBQHu6l/44cYaqf+NTRM2hI9ZeaV9e4fXPG0e
# fYImjYMLKPHj4UTam42uN0btl3poq+oaVPKqDPovy+9E09NctO4fmTl7Zys6pH/1
# EwznCk1x3+JLW0xPXXEvfTniB1nB+hvKA/n7NS0qe6n2ddenhQzG8DpdnGEGB+75
# whMwhE/UJ5Y8rP6/Nfc8XqzgU6fmEpPsDRHjDCULy/CiGCV6k8/C8J94UTf2SExh
# iiMLySUb2Rv6qIL2nJX2+xup79UB7umxxoIL0eeN1U/M1L7zMB64rlcU/cym2I40
# mAFuW2qzdsADnpRP8d4KTMJQmFxtZuKuxpkapvIFuusiKq5vBwTxfzyLWdM6nPI9
# 7tbKImzLxC1mnOAT0QeZYhLrWMZgQi3tBcS852JAXpiW1eT7SWsl59bKNgCVzI7r
# malptTniE1G+F4VWlghApLympBhNMMaFBfY4XBQ+VxEu+JNhO+MQlJhcLVbqX+oY
# m2OQhPHRv2YUM2VGv40JuzaUE1cXHXNsC7s9hHsB/3UwIp3fXOsdGuq6KviHdcbP
# moQn3M8S/vdFB+1spkhVxS7xgIZJo9f2kaTe9VlpEY7/k5n36BTsxPN6Uae2gIVq
# w4qzOjXFEyeIxLLKQZqyZg==
# =9IV+
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 31 Oct 2025 07:32:07 PM CET
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [unknown]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20251031' of https://gitlab.com/pm215/qemu: (38 commits)
accel/hvf: Trace prefetch abort
target/arm/hvf/hvf: Document $pc adjustment in HVF & SMC
target/arm: Share ARM_PSCI_CALL trace event between TCG and HVF
target/arm: Re-use arm_is_psci_call() in HVF
target/arm/hvf: Rename 'vgic' -> 'emu_reginfo' in trace events
target/arm: Rename init_cpreg_list() -> arm_init_cpreg_list()
accel/hvf: Restrict ARM specific fields of AccelCPUState
target/arm: Call aarch64_add_pauth_properties() once in host_initfn()
accel/hvf: Guard hv_vcpu_run() between cpu_exec_start/end() calls
cpus: Trace cpu_exec_start() and cpu_exec_end() calls
target/arm/hvf: Keep calling hv_vcpu_run() in loop
target/arm/hvf: Factor hvf_handle_vmexit() out
target/i386/hvf: Factor hvf_handle_vmexit() out
target/arm/hvf: Factor hvf_handle_exception() out
target/arm/hvf: switch hvf_arm_get_host_cpu_features to not create a vCPU
target/arm/hvf: Simplify hvf_arm_get_host_cpu_features()
target/arm/hvf: Hardcode Apple MIDR
accel/hvf: Implement hvf_arch_vcpu_destroy()
target/arm/hvf: Mention hvf_inject_interrupts() must run on vCPU thread
accel/hvf: Mention hvf_arch_update_guest_debug() must run on vCPU
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'audio-test-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging
Audio clean-ups
# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCgA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmkEWqwcHG1hcmNhbmRy
# ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5a4RD/49KcP8h/5+QT3nu703
# OL/c/+M0DEZCVikzbj1T+nZNlUZtto/wE1vY0/xxzoyMh/4XbUFI0b/YK8WcQyUx
# ozrWOCi6TquS1QpR62FBmDJ6QDA2KteTF8Zq/owdFj+l7VJ5F5mzcuuFCxLx1EVH
# 7qOIf37Vk4r8jz42CLRTusPGQZLSvS8LbTBP62guauXlVAKVWI8k9macRSqoTBRo
# VrQO3QC/JFSqkB2jGfes8AMU+RWLYPG3ICCf0UYHH/kMik/JEL+1arx7au7oukTb
# 3kp8cxGnuJzBKCvY8SLwQF3YiCotYQIjSkvAQrMYBXalPBjQIIh+vzegcF1D+xZb
# 6KR4kh3oXPHtVCG2AXcxA4IuAi50jYFPn6TgDkRrUAEhsOqOxLo5bmZsqWK7L3/u
# 61jLKSjLRSc+NjhwHN0YVy1ocdsLf2z1LQNHjC1TuxrgI//9fQnOE2gASb8tmJGg
# BlPYp5h6G50IEaACzlZEtudWpKRb/XyflWpHbWte0VUO9dpz/cUvO1P38CpPD1dr
# ohENb8eLn0L23M12tUABV0IoA729phBYh3Eua9uIzEVfuRVfoPCuocx6VxQked91
# SZr7X9G80Nyh5YYiMlrwpN8eDgPtKfW5JwI2wYME6clGLnf/catkqCl/qp4nQeG5
# LPZiFy5Krz+QuSq41DjcSWRD+g==
# =qTgA
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 31 Oct 2025 07:43:56 AM CET
# gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg: issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [unknown]
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5
* tag 'audio-test-pull-request' of https://gitlab.com/marcandre.lureau/qemu: (36 commits)
audio: deprecate HMP audio commands
audio: Rename @endianness argument as @big_endian for clarity
audio: Remove pointless local variables
audio: drop needless audio_driver "descr" field
audio: move capture API to own header
audio: cleanup, use bool for booleans
audio: remove dependency on spice header
audio: move audio.h under include/qemu/
audio/dbus: use a helper function to set the backend dbus server
audio: remove QEMUSoundCard
audio: rename AudioState -> AudioBackend
audio: move internal APIs to audio_int.h
audio/replay: fix type punning
audio: introduce AUD_set_volume_{in,out}_lr()
audio: remove AUDIO_HOST_ENDIANNESS
audio: remove some needless headers
audio: initialize card_head during object init
audio: register and unregister vmstate with AudioState
audio: keep vmstate handle with AudioState
audio: drop needless error message
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'qga-pull-2025-10-30' of https://github.com/kostyanf14/qemu into staging
qga-pull-2025-10-30
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEwsLBCepDxjwUI+uE711egWG6hOcFAmkDYhwACgkQ711egWG6
# hOcMLQ//X/xmrP+PMFbEkPVHCYV0OB5CqvWXw01NOUTRfzMr/xoW+Bws9gC3ok8b
# j1OfsQp48l7e347ZzOYTCaU05lKz7uxgniciwV76tqZM0hPF8ftjRFh4Sia4gGDD
# yqAo9utZ9gE3fW2KEDgjjHtzujj7O0jkV2tqwhjkFr74LH99b422HCgM21GUC03W
# hOLXuNkUVZZVR3JSMweVjSUf+/3NX17lU6EBTdZJ9fF7OF4tpQeLIrgQfI03Tkee
# ZXiVbUbpbRC8LUJhA6sfm0+YCK4x5kRhveSk9nJx5qcARLG0V4RS/DEyZatr2R7/
# KsBR7VSKPWwHhS+MbHako0nMbO76UCZ5Tqx+9i0evHe6KIiMq6O8QhENGtrCwpV0
# wcycFqgtmEyMqoqoHIDAIFrOblo9DzgsxE3QchBOl+EDc/zfKNE4nho+KVT9H2J5
# IjcljLkQUSFcw5pcW+QRsg/HL+rgoSrb8FXuUDZKXeD8jnyM/ISHA8EX0CxJWhUi
# FbkHvhWk7S/SarENr2WnQzuAoPa/eFTd3HKOizZNNkhwyOjox349QwudIEpjdusE
# GCiBrEh3q3fSwgy85KaZH5NYTvgCRa9Ol8CAeIDJxiEb3ywpZJTgnOf21m8Lj5J1
# FITBVpZ+z8fu0PUXScHQ3KZmHh3OoDs++sa7iOqghpDYvJVeUM0=
# =OGKA
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 30 Oct 2025 02:03:24 PM CET
# gpg: using RSA key C2C2C109EA43C63C1423EB84EF5D5E8161BA84E7
# gpg: Good signature from "Kostiantyn Kostiuk (Upstream PR sign) <kkostiuk@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: C2C2 C109 EA43 C63C 1423 EB84 EF5D 5E81 61BA 84E7
* tag 'qga-pull-2025-10-30' of https://github.com/kostyanf14/qemu:
qga: Support guest shutdown of BusyBox-based systems
qga: Improve Windows filesystem space info retrieval logic
scripts/qemu-guest-agent/fsfreeze-hook: improve script description
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-ppc-for-10.2-d4-20251030' of https://gitlab.com/harshpb/qemu into staging
ppc queue for 10.2
* Firmware updates for SLOF, sam460ex u-boot
* Removal of unusable e200 CPUs
* Coverity fixes for fadump
* Other minor fixes, cleanups for pegasos, spapr.
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEa4EM1tK+EPOIPSFCRUTplPnWj7sFAmkDH0MACgkQRUTplPnW
# j7tRjQ/+JbtHt8v4liav4EXRMvM0b8ASDQZFtltC8cg/vpgy/CbYgqcltQDKC4+F
# NjBwSR4mKMTLX95LQsdFCLZY6FENKCirjpsCvHDxU9Hw/UdsVA12rFd/+lgytrTe
# yvJzyhUAoUMSFgpYGZSRQVV+eMEMgHBZekR2RLXwEeuLf/TOAdG+giCMM92Xs7bz
# petdqCspKvpw8RHjb2nyIh67RQ3zYVisU9/pczoNRytjQHYgllddXRt1/DOdF/Gi
# zREc7qE3biDg5jYgWScByy6EwBBBPqNbvR1GLjMV2rM77785KD9GsIzKCCzg6YQY
# CSN/fy8V4TXVkJn8nY2s3SHvBz3szNSvx/nL8sCyKXol/5Naha5CLN0ykz5VcrIf
# 9gNwifW22lHbAtvbmRY9yuTrao8RoQwEZ/3o8Te3W/U9iCFLnwCmKWb/3GT6i/kw
# yyJlUBuW5WASf5N+G0N7IB5BAwzoQQtd0WXW1ugXAFG+Bd/nkRvVkIf9sPWUxWJ/
# 0Tx+2rPZOFzju8VYO8188wh/zDLuNRTEdfo+L21GMI2OBBEUO2nIiwPTLIMrCT4e
# ycC7Vvyu3IahX9ojIL9g0RhPH4K4JDbQuDnszp9SBGcgJYzwLh5Hb436A30A6qJE
# 7r5FTCiwtG27eMKCeZU3iBGpcj+g4kWIvmYEITsyCl8CxKv5+fs=
# =fzVo
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 30 Oct 2025 09:18:11 AM CET
# gpg: using RSA key 6B810CD6D2BE10F3883D21424544E994F9D68FBB
# gpg: Good signature from "Harsh Prateek Bora <harsh.prateek.bora@gmail.com>" [undefined]
# gpg: aka "Harsh Prateek Bora <harshpb@linux.ibm.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6B81 0CD6 D2BE 10F3 883D 2142 4544 E994 F9D6 8FBB
* tag 'pull-ppc-for-10.2-d4-20251030' of https://gitlab.com/harshpb/qemu:
hw/ppc/pegasos: Update documentation for pegasos1
hw/ppc/pegasos2: Rename to pegasos
hw/ppc/pegasos2: Add /chosen/stdin node with VOF
hw/ppc: Fix memory leak in get_cpu_state_data()
hw/ppc: Fix missing return on allocation failure
ppc/spapr: Cleanup MSI IRQ number handling
target/ppc: Remove the unusable e200 CPUs
target/ppc/cpu_init: Simplify the setup of the TLBxCFG SPR registers
hw/ppc/sam460ex: Update u-boot-sam460ex
pseries: Update SLOF firmware image to release 20251027
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm/hvf/hvf: Document $pc adjustment in HVF & SMC
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Share ARM_PSCI_CALL trace event between TCG and HVF
It is useful to compare PSCI calls of the same guest running
under TCG or HVF.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Re-use arm_is_psci_call() instead of open-coding it.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm/hvf: Rename 'vgic' -> 'emu_reginfo' in trace events
In order to extend the trace events to other registers,
rename and pass the register group as argument.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
accel/hvf: Restrict ARM specific fields of AccelCPUState
Do not expose ARM specific fields to X86 implementation,
allowing to use the proper 'hv_vcpu_exit_t' type.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Call aarch64_add_pauth_properties() once in host_initfn()
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
accel/hvf: Guard hv_vcpu_run() between cpu_exec_start/end() calls
Similarly to 1d78a3c3ab8 for KVM, wrap hv_vcpu_run() with
cpu_exec_start/end(), so that the accelerator can perform
pending operations while all vCPUs are quiescent. See also
explanation in commit c265e976f46 ("cpus-common: lock-free
fast path for cpu_exec_start/end").
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
cpus: Trace cpu_exec_start() and cpu_exec_end() calls
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Factor hvf_handle_vmexit() out of hvf_arch_vcpu_exec().
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Use index in the structure, dereference &host_isar.idregs[] once.
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm/hvf: Mention hvf_arch_set_traps() must run on vCPU thread
Since hvf_arch_set_traps() calls hv_vcpu_set_trap_debug_exceptions()
and hv_vcpu_set_trap_debug_reg_accesses(), which must run on a vCPU,
it also must. Mention it.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Mads Ynddal <mads@ynddal.dk> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
accel/hvf: Mention hvf_arch_init_vcpu() must run on vCPU thread
hvf_arch_init_vcpu(), along with hvf_put_guest_debug_registers()
and hvf_put_gdbstub_debug_registers(), calls hv_vcpu_set_sys_reg(),
which must run on a vCPU. Mention they also must.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Mads Ynddal <mads@ynddal.dk> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm/hvf: Check hv_vcpu_set_vtimer_mask() returned value
hv_vcpu_set_vtimer_mask() returns a hv_return_t enum type
(defined in <Hypervisor/hv_error.h>). Assert we succeeded,
as we are not ready to handle any error path.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Mads Ynddal <mads@ynddal.dk> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm/hvf: Check hv_vcpus_exit() returned value
hv_vcpus_exit() returns a hv_return_t enum type (defined
in <Hypervisor/hv_error.h>). Assert we succeeded, as we
are not ready to handle any error path.
Suggested-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Mads Ynddal <mads@ynddal.dk> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm/hvf: Release memory allocated by hv_vcpu_config_create()
hv_vcpu_config_create() is documented in <Hypervisor/hv_vcpu_config.h>
as:
/*!
@abstract Creates a vcpu configuration object.
@result A new vcpu configuration object. This should be released with os_release when no longer used.
*/
OS_OBJECT_RETURNS_RETAINED OS_WARN_RESULT
hv_vcpu_config_t hv_vcpu_config_create(void);
Release the memory allocated by hv_vcpu_config_create() with
os_release().
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Mads Ynddal <mads@ynddal.dk> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/virt: Remove VirtMachineClass::kvm_no_adjvtime field
The VirtMachineClass::kvm_no_adjvtime field was only used by the
virt-4.2 machine, which got removed. Remove it as now unused, but
keep the ARMCPU homonym property.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20251020094022.68768-5-philmd@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This machine has been supported for a period of more than 6 years.
According to our versioned machine support policy (see commit ce80c4fa6ff "docs: document special exception for machine type
deprecation & removal") it can now be removed.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20251020094022.68768-4-philmd@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/virt: Remove VirtMachineClass::no_ged field
The VirtMachineClass::no_ged field was only used by virt-4.1
machine, which got removed. Remove it as now unused.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20251020094022.68768-3-philmd@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This machine has been supported for a period of more than 6 years.
According to our versioned machine support policy (see commit ce80c4fa6ff "docs: document special exception for machine type
deprecation & removal") it can now be removed.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20251020094022.68768-2-philmd@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 23 Oct 2025 10:13:39 +0000 (11:13 +0100)]
target/arm: Add assert to arm_to_core_mmu_idx()
Before commit f76cee647c ("target/arm: Introduce mmu indexes for
GCS") it was impossible for arm_to_core_mmu_idx() to return an
invalid core MMU index, because NB_MMU_MODES was 16 and
ARM_MMU_IDX_COREIDX_MASK was 0xf.
That commit raises ARM_MMU_IDX_COREIDX_MASK to 0x1f and NB_MMU_MODES
to 22, so it's now possible for a bogus Arm mmu index to result in an
out of range core mmu index (which can then get used as an array
index in the CPUTLB struct arrays). Coverity complains that this
might result in an out-of-bounds access.
The out-of-bounds access can't happen because we construct all the
ARMMMUIdx values we will use for TLBs to have valid core MMU indexes
in the COREIDX field. But we can add an assert() so that if we ever
do end up operating on a corrupted or wrong ARMMMUIdx value we get an
assert rather than silently indexing off the end of an array. This
should also make Coverity happier.
Coverity: CID 1641404 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251023101339.1983809-1-peter.maydell@linaro.org
Peter Maydell [Thu, 16 Oct 2025 13:11:59 +0000 (14:11 +0100)]
docs/system/security: Restrict "virtualization use case" to specific machines
Currently our security policy defines a "virtualization use case"
where we consider bugs to be security issues, and a
"non-virtualization use case" where we do not make any security
guarantees and don't consider bugs to be security issues.
The rationale for this split is that much code in QEMU is older and
was not written with malicious guests in mind, and we don't have the
resources to audit, fix and defend it. So instead we inform users
about what the can in practice rely on as a security barrier, and
what they can't.
We don't currently restrict the "virtualization use case" to any
particular set of machine types. This means that we have effectively
barred ourselves from adding KVM support to any machine type that we
don't want to put into the "bugs are security issues" category, even
if it would be useful for users to be able to get better performance
with a trusted guest by enabling KVM. This seems an unnecessary
restriction, and in practice the set of machine types it makes
sense to use for untrusted-guest virtualization is quite small.
Specifically, we would like to be able to enable the use of
KVM with the imx8 development board machine types, but we don't
want to commit ourselves to having to support those SoC models
and device models as part of QEMU's security boundary:
https://lore.kernel.org/qemu-devel/20250629204851.1778-3-shentey@gmail.com/
This patch updates the security policy to explicitly list the
machine types we consider to be useful for the "virtualization
use case".
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Christian Borntraeger <borntraeger@linux.ibm.com> Reviewed-by: Bibo Mao <maobibo@loongson.cn> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com> Reviewed-by: Bernhard Beschow <shentey@gmail.com>
Message-id: 20251016131159.750480-1-peter.maydell@linaro.org Acked-by: Markus Armbruster <armbru@redhat.com>
The virt machine now supports creating multiple SMMUv3 instances, each
associated with a separate PCIe root complex.
Update the documentation with an example.
Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com>
[PMM: some minor wording tweaks]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/gpio/pl061: Declare pullups/pulldowns as 8-bit types
uint8_t is good enough to hold a property "between 0 and 0xff".
Define pullups/pulldowns properties using DEFINE_PROP_UINT8()
macro, remove unnecessary range checks in pl061_realize().
Update the two caller sites.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Merge tag 'pull-loongarch-20251030' of https://github.com/bibo-mao/qemu into staging
loongarch queue
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQNhkKjomWfgLCz0aQfewwSUazn0QUCaQLPjQAKCRAfewwSUazn
# 0c6EAP4wnAifbVCAMLxvMXtacIO7LomcdGDxXtwSh8l7GXvCtwD9E8MvJhrb7gMb
# tty5M+P2eIzOafaRHscarWLrnI01mAY=
# =zfDK
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 30 Oct 2025 03:38:05 AM CET
# gpg: using EDDSA key 0D8642A3A2659F80B0B3D1A41F7B0C1251ACE7D1
# gpg: Good signature from "bibo mao <maobibo@loongson.cn>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7044 3A00 19C0 E97A 31C7 13C4 8E86 8FB7 A176 9D4C
# Subkey fingerprint: 0D86 42A3 A265 9F80 B0B3 D1A4 1F7B 0C12 51AC E7D1
* tag 'pull-loongarch-20251030' of https://github.com/bibo-mao/qemu:
target/loongarch: Add PTW feature support in KVM mode
linux-headers: Update to Linux v6.18-rc3
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Merge tag 'pull-misc-20251031' of https://gitlab.com/rth7680/qemu into staging
linux-user: permit sendto() with NULL buf and 0 len
tests/functional: Mark the MIPS replay tests as flaky
tests/functional: Mark the MIPS Debian Wheezy tests as flaky
accel/tcg: Introduce and use MO_ALIGN_TLB_ONLY
tcg: Simplify extract2 usage in tcg_gen_shifti_i64
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmkEou4dHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/+/gf/XVoIbDCTgwt9hIbU
# azcxXgc+2kKpEK08OHTMA0Vfv06elR+ls5SXJuIV/ZvhM7amjOehs6rU5bX349Yi
# on901/zsa1woED6c3Jhp9FdQ3edFR8T3gvFaLIlhMoTHbe+CDRNHM7iYE5ASIdYx
# F2exgsZoUlcu12x5InttHvanC8lumLMBntlTnBgLZKjmW2tUehlMyAMRga0gyW5j
# EUG4v3frKI6rNMRSK6uE62I3paLvmU4zwlieCiqMtB5gT9+LKg//1Cfn149pLryj
# tuQ3kQfDZ9Lr5/18QtskfiTWnFoFx4xUyOHEQHUcmLpV/hvIBMq17pL+8ftcUdTB
# pjvzhg==
# =S/88
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 31 Oct 2025 12:52:14 PM CET
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-misc-20251031' of https://gitlab.com/rth7680/qemu:
linux-user: permit sendto() with NULL buf and 0 len
tests/functional: Mark the MIPS Debian Wheezy tests as flaky
tests/functional: Mark the MIPS replay tests as flaky
tcg: Simplify extract2 usage in tcg_gen_shifti_i64
accel/tcg: Introduce and use MO_ALIGN_TLB_ONLY
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Tue, 28 Oct 2025 14:20:01 +0000 (14:20 +0000)]
linux-user: permit sendto() with NULL buf and 0 len
If you pass sendto() a NULL buffer, this is usually an error
(causing an EFAULT return); however if you pass a 0 length then
we should not try to validate the buffer provided. Instead we
skip the copying of the user data and possible processing
through fd_trans_target_to_host_data, and call the host syscall
with NULL, 0.
(unlock_user() permits a NULL buffer pointer for "do nothing"
so we don't need to special case the unlock code.)
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3102 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251028142001.3011630-1-peter.maydell@linaro.org>
tests/functional: Mark the MIPS Debian Wheezy tests as flaky
test_malta.py sometimes times out (likely hang) under GitLab CI:
1/57 qemu:func-thorough+func-mips-thorough+thorough / func-mips-malta TIMEOUT 480.11s killed by signal 15 SIGTERM
console.log shows a soft lockup failure:
06:46,426: INIT: version 2.88 booting
06:46,942: [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel S.
06:47,378: findfs: unable to resolve 'UUID=042f1883-e9a5-4801-bb9b-667b5c8e87ea'
06:50,448: [....] Starting the hotplug events dispatcher: udevd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
06:52,269: [....] Synthesizing the initial hotplug events...module e1000: dangerous R_MIPS_LO16 REL relocation
07:17,707: BUG: soft lockup - CPU#0 stuck for 22s! [modprobe:208]
07:17,707: Modules linked in:
07:17,707: Cpu 0
07:17,708: $ 0 : 000000001000a4000000003d87808b00
07:17,708: $ 4 : 87808b0087808bf00000000000000000
07:17,709: $ 8 : 86862100868621008686210086862100
07:17,709: $12 : 86862100000000000000000186862100
07:17,709: $16 : 87808a00868621001000a401c008fa60
07:17,709: $20 : 868621008041d23000000000ffff0000
07:17,710: $24 : 0000000077711470
07:17,710: $28 : 87bb600087bb7df88041d230801f7388
07:17,710: Hi : 00000000
07:17,710: Lo : 00000000
07:17,711: epc : 801f7308 kfree+0x104/0x19c
07:17,711: Not tainted
07:17,711: ra : 801f7388 kfree+0x184/0x19c
07:17,712: Status: 1000a403 KERNEL EXL IE
07:17,712: Cause : 50808000
07:17,712: PrId : 00019300 (MIPS 24Kc)
07:45,707: BUG: soft lockup - CPU#0 stuck for 22s! [modprobe:208]
07:45,707: Modules linked in:
Reported-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251031094118.28440-3-philmd@linaro.org>
tests/functional: Mark the MIPS replay tests as flaky
MIPS test_replay.py often times out (likely hang) under GitLab CI:
2/21 qemu:func-thorough+func-mips64el-thorough+thorough / func-mips64el-replay TIMEOUT 180.12s killed by signal 15 SIGTERM
The console.log file is empty, and recording.logs only shows:
qemu-system-mips64el: terminating on signal 15 from pid 344
Since this is a long term issue affecting our CI, disable the tests.
Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251031094118.28440-2-philmd@linaro.org>
For Arm, we need 3 cases: (1) the alignment required when accessing
Normal memory, (2) the alignment required when accessing Device memory,
and (3) the atomicity of the access.
When we added TLB_CHECK_ALIGNED, we assumed that cases 2 and 3 were
identical, and thus used memop_atomicity_bits for TLB_CHECK_ALIGNED.
This is incorrect for multiple reasons, including that the atomicity
of the access is adjusted depending on whether or not we are executing
within a serial context.
For Arm, what is true is that there is an underlying alignment
requirement of the access, and for that access Normal memory
will support unalignement.
Introduce MO_ALIGN_TLB_ONLY to indicate that the alignment
specified in MO_AMASK only applies when the TLB entry has
TLB_CHECK_ALIGNED set; otherwise no alignment required.
Introduce memop_tlb_alignment_bits with an additional bool
argument that specifies whether TLB_CHECK_ALIGNED is set.
All other usage of memop_alignment_bits assumes it is not.
Remove memop_atomicity_bits as unused; it didn't properly
support MO_ATOM_SUBWORD anyway.
Update target/arm finalize_memop_atom to set MO_ALIGN_TLB_ONLY
when strict alignment isn't otherwise required.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3171 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Merge tag 'single-binary-20251030' of https://github.com/philmd/qemu into staging
Various patches related to single binary work:
- Make hw/arm/ common by adding a QOM type to machines to
tag in which binary (32 or 64-bit) they can be used.
Convert the Virt and SBSA-Ref machines.
- Build Xen files once
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmkDbS4ACgkQ4+MsLN6t
# wN7LOQ/9HQSArWumcPtJNjfdKyN4BI+evdJuIsJlGnVirZzAShd/aA3emeVoIQXf
# kb1xAJvbL6IryasuFFrWJjLKAdTk8RgTzbDwSS07dEvNE/fVo22OarBfusrO+/fJ
# 6da3j08gwb0EV9m8eUbTwuRBxIF/tnPzZMzyRwx23b4wRb4jnIsshutHX9/hoZBj
# 8cdCJx284EZgj5gLTmk+jEyPEU+miKpnHWqpxSKZCXg7UfzXH34gOo6IBZIzylZs
# kJqcPXaJHF//ISMQQGzl7k1GNyr1fZZBIuCd7zdOIBntWjb45g/7lEKTGFaVrR5Y
# yqaUsNZNj8z3ESA4y42RUPSYAvjwGh+AKafZiHE6K7Oa/WIjeqfr33GHNSMrDYk1
# UDz4o6/VhA/T7VaQjcd/IG9vYsF3jwjhbXQRa1xXKxhuIC0PzEKxpyWo3mAIEfm8
# 7vw90xx4no29WsUpKi6kyplJ/fq9o3h0kWpd6fYlJQsCtwVZFLT9UeBVIQHrfGec
# xkJx/L1OZFzym8Y4bcj0/V4zRJyvyuKK30+bFvu0fKcNR3uijKUjYcQHYg04fSG9
# PgQtCgHxwdbO8vCwHf0WIVtOhqC0aOgtE10jh9HdLG07Ef5K1JBkE90XX27rCOV3
# rAVo/czNnHpx2j0kRGpyRlz9M/eqOVcz4z3TFzKOFPEEumvz1MM=
# =Ncy4
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 30 Oct 2025 02:50:38 PM CET
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'single-binary-20251030' of https://github.com/philmd/qemu: (23 commits)
hw/riscv: Replace target_ulong uses
hw/xen: Build only once
hw/xen: Replace target_ulong by agnostic target_long_bits()
hw/xen: Use BITS_PER_BYTE & MAKE_64BIT_MASK() in req_size_bits()
hw/arm/meson: Move Xen files to arm_common_ss[]
hw/arm/virt: Build only once
hw/arm/virt-acpi-build: Build only once
hw/arm/virt-acpi-build: Include missing 'cpu.h' header
hw/arm/sbsa-ref: Build only once
hw/arm/sbsa-ref: Include missing 'cpu.h' header
hw/arm/virt: Get default CPU type at runtime
hw/arm/virt: Replace TARGET_AARCH64 -> target_aarch64()
qemu/target_info: Add target_base_arm() helper
qemu/target_info: Add target_aarch64() helper
qemu/target_info: Add target_arm() helper
hw/arm/virt: Check accelerator availability at runtime
hw/arm/virt: Register valid CPU types dynamically
config/target: Implement per-binary TargetInfo structure (ARM, AARCH64)
meson: Prepare to accept per-binary TargetInfo structure implementation
hw/arm: Filter machine types for qemu-system-arm/aarch64 binaries
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The command is niche and better served by the host audio system.
There is no QMP equivalent, fortunately. You can capture the audio
stream via remote desktop protocols too (dbus, vnc, spice).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Dr. David Alan Gilbert <dave@treblig.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20251022105753.1474739-1-marcandre.lureau@redhat.com>
projects / thirdparty / qemu.git / log
