Stefan Hajnoczi [Thu, 18 Jun 2026 20:28:12 +0000 (16:28 -0400)]
Merge tag 'accel-20260618' of https://github.com/philmd/qemu into staging
Accelerators patches queue
- Avoid double hv_vcpu_destroy() call during teardown on HVF ARM
- Constify various AddressSpace/MemoryRegionCache arguments
- Clarify physical_memory_*() API in "system/physmem.h"
- Extract "accel/tcg/cpu-loop.h" out of "exec/cpu-common.h"
- Restrict few TCG-specific code
- Remove pre-C11 check
- Various header cleanups
* tag 'accel-20260618' of https://github.com/philmd/qemu: (48 commits)
accel/tcg: Restrict headers being TCG specific
accel/tcg: Move cpu_loop_exit_*() out of 'exec/cpu-common.h'
accel/tcg: Have cpu_loop_exit_requested() take const @cpu argument
accel/tcg: Move cpu_restore_state() out of 'exec/cpu-common.h'
accel/tcg: Move cpu_unwind_state_data() out of 'exec/cpu-common.h'
accel/tcg: Move cpu_exec_step_atomic() out of 'exec/cpu-common.h'
accel/tcg: Move cpu_exec() out of 'exec/cpu-common.h'
accel/tcg: Remove cpu_loop_exit() stub
hw/s390x/ipl: Remove TCG dependency in handle_diag_308()
system/memory: Rename cpu_exec_init_all() -> machine_memory_init()
system/memory: Remove unnecessary CONFIG_USER_ONLY guards
exec/cpu-common.h: Avoid including unused exec/page-protection.h header
exec/cpu-common.h: Avoid including unused 'tcg/debug-assert.h' header
exec/cpu-common.h: Avoid including unused 'exec/vaddr.h' header
exec/cpu-common.h: Include missing 'qemu/thread.h' header
ui/cocoa: Use qemu_input_map_osx_to_linux
util/cutils: drop qemu_strnlen() in favor of strnlen()
configure: honor --extra-ldflags when forced to use objc_LINKER
meson: build macOS signed binary as part of the default target
accel/tcg: Restrict IOMMU declarations
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'pull-9p-20260617' of https://github.com/cschoenebeck/qemu:
hw/9pfs: consolidate name validation with check_name()
hw/9pfs: reject . and .. in Twstat rename
hw/9pfs: fix abort due to illegal name with Twstat rename
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'ui-input-pr-v1' of https://gitlab.com/marcandre.lureau/qemu: (27 commits)
ui/sdl2: Set GL ES profile before creating initial GL context
ui/sdl2: Explicitly specify EGL platform
ui/pixman: fix zero rowstride in qemu_pixman_image_new_shareable()
ui/input: Have qemu_input_is_absolute() take a const QemuConsole
tools/qemu-vnc: Have console_get_mouse/keyboard take const QemuConsole
ui/input: remove old LED handler broadcast queue
ui/dbus: switch LED handling to Notifier-based input API
ui/spice: switch LED handling to Notifier-based input API
ui/vnc: switch LED handling to Notifier-based input API
hw/input/virtio-input-hid: use qemu_input_handler_set_leds_mask() for LED state
hw/input/hid: use qemu_input_handler_set_leds_mask() for LED state
hw/input/ps2: use qemu_input_handler_set_leds_mask() for LED state
ui/input: qemu_input_handler_register to warn for unused result
hw/m68k: keep QemuInputHandlerState in next-kbd
hw/input: keep QemuInputHandlerState in stellaris
hw/input: keep QemuInputHandlerState in adb-kbd
hw/arm: keep QemuInputHandlerState in musicpal
hw/input/ps2: keep QemuInputHandlerState in PS2State
ui/input: add LED state tracking to QemuInputHandlerState
ui/input: remove dead declaration
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Thu, 18 Jun 2026 13:46:49 +0000 (09:46 -0400)]
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* GNU/Hurd support
* More patches to support qemu-ga builds with clang-cl
* gdbstub: Update x86 control register bits
* rust: fix incorrect dependency in Cargo.toml
* target/i386: apply mod to immediate count of an RCL/RCR operation
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
qga/vss: Drop unused define uuid(x)
qga/vss: Remove unused undefs
qga/vss: Use MAX_PATH instead of PATH_MAX
qga/meson: Allow to use MSVC message compiler 'mc'
qga/meson: Use windows.compile_resources instead of custom_target
qga/meson: Remove unused lib stdc++
qga/win: Use swprintf instead of snwprintf
Make copy_file_range non-static on GNU/Hurd
block/file-posix: Clean up sys/ioctl import
tpm: Add conditional to not compile ioctls on GNU/Hurd
Add GNU/Hurd host_os=gnu
Include new arbitrary limits if not already defined
gdbstub: Update x86 control register bits
target/i386: add more easy cases to gen_eflags_adcox
target/i386: apply mod to immediate count of an RCL/RCR operation
rust: fix incorrect dependency in Cargo.toml
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Forbid including TCG-specific headers in non-TCG builds.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617171438.75914-12-philmd@oss.qualcomm.com>
accel/tcg: Move cpu_loop_exit_*() out of 'exec/cpu-common.h'
Move the following TCG-specific cpu_loop_exit_*() declarations
out of the generic "exec/cpu-common.h" header, to the recently
created "accel/tcg/cpu-loop.h" one, documenting them:
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617171438.75914-11-philmd@oss.qualcomm.com>
accel/tcg: Have cpu_loop_exit_requested() take const @cpu argument
Since the CPUState argument is simply read-only accessed, make it const.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617171438.75914-9-philmd@oss.qualcomm.com>
accel/tcg: Move cpu_restore_state() out of 'exec/cpu-common.h'
Move the TCG-specific cpu_restore_state() declaration out
of the generic "exec/cpu-common.h" header, to the recently
created "accel/tcg/cpu-loop.h" one.
Include "accel/tcg/cpu-loop.h" where appropriate.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617171438.75914-8-philmd@oss.qualcomm.com>
accel/tcg: Move cpu_unwind_state_data() out of 'exec/cpu-common.h'
Move the TCG-specific cpu_unwind_state_data() declaration out
of the generic "exec/cpu-common.h" header, to the recently
created "accel/tcg/cpu-loop.h" one.
Include "accel/tcg/cpu-loop.h" where appropriate.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617171438.75914-7-philmd@oss.qualcomm.com>
accel/tcg: Move cpu_exec_step_atomic() out of 'exec/cpu-common.h'
Move the TCG-specific cpu_exec_step_atomic() declaration out
of the generic "exec/cpu-common.h" header, to the recently
created "accel/tcg/cpu-loop.h" one.
Include "accel/tcg/cpu-loop.h" where appropriate.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617171438.75914-6-philmd@oss.qualcomm.com>
accel/tcg: Move cpu_exec() out of 'exec/cpu-common.h'
In order to keep TCG-specific functions under a TCG
API namespace, add the "accel/tcg/cpu-loop.h" header
and move cpu_exec() declaration to it. Add a bit of
documentation.
Include "accel/tcg/cpu-loop.h" where appropriate.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617171438.75914-5-philmd@oss.qualcomm.com>
Last commit removed the last non-TCG use of cpu_loop_exit().
This method is now only called within TCG files, so we can
remove its stub for non-TCG accelerators.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617171438.75914-4-philmd@oss.qualcomm.com>
hw/s390x/ipl: Remove TCG dependency in handle_diag_308()
Rather than calling a TCG specific method in s390_ipl_reset_request(),
have handle_diag_308() return whether a vCPU reset is pending, and use
that in the TCG DIAG helper to return to the main loop.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
Message-Id: <20260617164035.70788-4-philmd@oss.qualcomm.com>
cpu_exec_init_all() is system specific: it initializes globals
for the memory subsystem. Rename it as machine_memory_init()
and restrict its declaration to 'system/' namespace.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260616153754.93545-3-philmd@oss.qualcomm.com>
This header is only used when building system units,
checking for CONFIG_USER_ONLY is pointless.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260616153754.93545-2-philmd@oss.qualcomm.com>
exec/cpu-common.h: Avoid including unused exec/page-protection.h header
Since commit e74781c0888e ("exec/cpu: Extract page-protection
definitions to page-protection.h") the "exec/cpu-common.h" isn't
using anything defined in "exec/page-protection.h"; remove it.
Include it in few files where it is currently pulled in indirectly,
otherwise we'd get:
linux-user/qemu.h:182:22: error: ‘PAGE_READ’ undeclared
182 | #define VERIFY_READ PAGE_READ
| ^~~~~~~~~
target/loongarch/cpu_helper.c:329:25: error: use of undeclared identifier 'PAGE_READ'
329 | context->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
| ^
target/loongarch/cpu_helper.c:329:37: error: use of undeclared identifier 'PAGE_WRITE'
329 | context->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
| ^
target/loongarch/cpu_helper.c:329:50: error: use of undeclared identifier 'PAGE_EXEC'
329 | context->prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC;
| ^
target/ppc/mmu-hash32.h:98:20: error: use of undeclared identifier 'PAGE_READ'
98 | prot = PAGE_READ | PAGE_WRITE;
| ^
target/ppc/mmu-hash32.h:98:32: error: use of undeclared identifier 'PAGE_WRITE'
98 | prot = PAGE_READ | PAGE_WRITE;
| ^
hw/ppc/ppc_booke.c:39:17: error: use of undeclared identifier 'PAGE_RWX'
39 | tlb->prot = PAGE_RWX << 4 | PAGE_VALID;
| ^
hw/ppc/ppc_booke.c:39:33: error: use of undeclared identifier 'PAGE_VALID'
39 | tlb->prot = PAGE_RWX << 4 | PAGE_VALID;
| ^
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617160426.64461-6-philmd@oss.qualcomm.com>
exec/cpu-common.h: Avoid including unused 'tcg/debug-assert.h' header
Since commit efe25c260cd ("include/exec: Split out
accel/tcg/cpu-mmu-index.h") the "exec/cpu-common.h" isn't using
anything defined in "tcg/debug-assert.h".
Include it in target/loongarch/tcg/tcg_cpu.c however, where it
is required but included indirectly, otherwise we'd get:
target/loongarch/tcg/tcg_cpu.c:291:5: error: call to undeclared function 'tcg_debug_assert'
291 | tcg_debug_assert(!tcg_cflags_has(cs, CF_PCREL));
| ^
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617160426.64461-5-philmd@oss.qualcomm.com>
exec/cpu-common.h: Avoid including unused 'exec/vaddr.h' header
We neglected to remove the "exec/vaddr.h" header when moving
cpu_memory_rw_debug() around in commit e9048f099b3 ("exec/cpu:
Declare cpu_memory_rw_debug() in 'hw/core/cpu.h' and document").
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617160426.64461-4-philmd@oss.qualcomm.com>
exec/cpu-common.h: Include missing 'qemu/thread.h' header
Unfortunately we need to include "qemu/thread.h" -- which is
currently indirectly pulled in -- to get the QemuMutex type
definition:
extern QemuMutex qemu_cpu_list_lock;
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617160426.64461-3-philmd@oss.qualcomm.com>
Akihiko Odaki [Thu, 4 Jun 2026 06:39:32 +0000 (15:39 +0900)]
ui/cocoa: Use qemu_input_map_osx_to_linux
ui/cocoa used to have a conversion table from macOS keycode to Linux
key code. It is an unnecessary redundancy as ui/input-keymap.c already
has such a table. Worse, I added an incorrect mapping of kVK_JIS_Eisu and
kVK_JIS_Kana with commit 708b72557ff5 ("ui/cocoa: Support unique keys of
JIS keyboards").
According to the following documentations, the definitions in
ui/keycodemapdb/keymaps.csv, which ui/input-keymap.c uses, are correct:
https://developer.apple.com/documentation/uikit/uikeyboardhidusage/uikeyboardhidusagekeyboardlang1?language=objc
https://developer.apple.com/documentation/uikit/uikeyboardhidusage/uikeyboardhidusagekeyboardlang2?language=objc
https://docs.microsoft.com/en-us/windows-hardware/design/component-guidelines/keyboard-japan-ime
Use qemu_input_map_osx_to_linux to eliminate the redundancy and
incorrect mappings.
Fixes: 708b72557ff5 ("ui/cocoa: Support unique keys of JIS keyboards") Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp> Reviewed-by: Philippe Mathieu-Daudé <philmd@mailo.com>
Message-ID: <20260604-osx-v3-1-453b4ee0e072@rsg.ci.i.u-tokyo.ac.jp> Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com>
Bin Guo [Sat, 30 May 2026 06:28:16 +0000 (14:28 +0800)]
util/cutils: drop qemu_strnlen() in favor of strnlen()
There are only three call sites, and strnlen() is available on all
supported platforms (POSIX.1-2008, Windows via UCRT, MinGW). Remove
the hand-rolled wrapper and use the standard function directly.
While here, align bsd-user/uaccess.c to use size_t for max_len/len,
matching linux-user/uaccess.c and eliminating a signed/unsigned mismatch.
Also remove the stale qemu_strnlen() entry from docs/devel/style.rst.
Suggested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Bin Guo <guobin@linux.alibaba.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-ID: <20260530062816.59206-1-guobin@linux.alibaba.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com>
Matt Jacobson [Mon, 15 Jun 2026 04:55:47 +0000 (00:55 -0400)]
configure: honor --extra-ldflags when forced to use objc_LINKER
3220b38a8d had the side effect of making the individual target link steps
use objc_LINKER on macOS, because `coreaudio.m` became visible to Meson as
a source file. (The preexisting presence of `cocoa.m` is masked by the
fact that it gets built into libsystem and then extracted back out as an
object file.)
`configure` correctly passes `$EXTRA_LDFLAGS` to the "C linker" and "C++
linker", but it neglected to do so for the "Objective-C linker". Fix that.
Signed-off-by: Matt Jacobson <mhjacobson@me.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com>
Message-ID: <20260615045547.23422-1-mhjacobson@me.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com>
Move the two TCG-specific IOMMU method declarations from the
generic "exec/cpu-common.h" header to "accel/tcg/iommu.h".
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260616153633.93267-1-philmd@oss.qualcomm.com>
target/sparc: Include missing 'accel/tcg/cpu-ops.h' header in cpu.c
target/sparc/cpu.c implement a TCGCPUOps structure, which is
defined in "accel/tcg/cpu-ops.h":
1040 static const TCGCPUOps sparc_tcg_ops = {
...
While this header is currently included indirectly, make the
inclusion explicit to avoid issue when refactoring unrelated
headers.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617160426.64461-2-philmd@oss.qualcomm.com>
"accel/accel-cpu-target.h" is to register accelerator target
specific hooks via TypeInfo::ACCEL_CPU_NAME(), which LoongArch
TCG frontend does not. Remove as unused header.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>
Message-Id: <20260529194940.97143-2-philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com>
TCGTBCPUState is a structure used during TCG translation,
therefore not needed when TCG is not available.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260616153432.92939-4-philmd@oss.qualcomm.com>
Avoid including TCG-specific headers in non-TCG builds.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260617171438.75914-2-philmd@oss.qualcomm.com>
Armv8-M Protected Memory System Architecture can only be emulated,
therefore restrict it to TCG to avoid compiling it on hardware
accelerators.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20260616153432.92939-3-philmd@oss.qualcomm.com>
target/arm: Remove vcpu_dirty=true assigments in hvf_handle_exception()
Commit 2a425aae0b5 ("target/arm: ensure PSCI register updates
are flushed") manually sets %vcpu_dirty in hvf_handle_exception(),
but these calls follow calls to cpu_synchronize_state() which
itself sets %vcpu_dirty. Better have the generic CPU API handle
this, but add a pair of assertions when serializing the accelerator
state to be safe.
Suggested-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260423170229.64655-13-philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com>
Commit 34c45d53026 ("target-arm: kvm - re-inject guest debug
exceptions") removed CPU_INTERRUPT_EXITTB from KVM, but it
also appears on HVF. Better to restrict it to TCG.
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>
Message-Id: <20250630130937.3487-2-philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com>
HVF should be able to handle task priority register accesses.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Message-Id: <20250616090632.55214-1-philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com>
tcg: Include missing 'qemu/bitops.h' header in tcg-gvec-desc.h
Include the missing 'qemu/bitops.h' header to avoid when refactoring
unrelated headers:
In file included from target/arm/internals.h:34:
include/tcg/tcg-gvec-desc.h:48:12: error: call to undeclared function 'extract32'
48 | return extract32(desc, SIMD_MAXSZ_SHIFT, SIMD_MAXSZ_BITS) * 8 + 8;
| ^
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260616153432.92939-2-philmd@oss.qualcomm.com>
We mandate a compiler supporting C11 since 2021-06-15 in
commit d22797ce36a ("configure: Use -std=gnu11"), thus the
max_align_t type definition exists. Remove what is now dead
code.
Note, C11 provides aligned_alloc(). Using it is left as a
future cleanup step.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260615091308.4458-3-philmd@oss.qualcomm.com>
We mandate a compiler supporting C99 since 2019-01-17 in
commit 7be41675f7c ("configure: Force the C standard to gnu99"),
thus supporting flexible array members [*]. Remove what is now
dead code.
[*] https://www.gnu.org/software/c-intro-and-ref/manual/html_node/Flexible-Array-Fields.html Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260615091308.4458-2-philmd@oss.qualcomm.com>
Rename them removing the 'cpu_' prefix, and move then to the
"system/physmem.h" header with the other methods involved in
global physical address space.
Mechanical change using sed, then adding missing headers manually.
No logical change intended.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260616020839.19104-7-philmd@oss.qualcomm.com>
cpu_physical_memory_read() and cpu_physical_memory_write() are
legacy (see commit b7ecba0f6f6), replace by address_space_read()
and address_space_write() respectively, accessing the per-vCPU
address space instead of the global &address_space_memory one.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
Message-Id: <20260616020839.19104-6-philmd@oss.qualcomm.com>
target/s390x: Factor common s390_ipl_read/write() helpers
Prevent duplication factoring common helpers.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
Message-Id: <20260616020839.19104-5-philmd@oss.qualcomm.com>
cpu_physical_memory_read() and cpu_physical_memory_write() are
legacy (see commit b7ecba0f6f6), replace the two calls by a single
one to address_space_rw(). So far there is no logical change, but
stop ignoring these functions returned value and propagate it,
respecting the *memory_rw_debug() family error path. Thus this is
effectively a logical change.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260616020839.19104-4-philmd@oss.qualcomm.com>
cpu_physical_memory_write() is legacy (see commit b7ecba0f6f6),
replace it by address_space_write(). Both if() ladders only
differ in the address space argument: rework to have a single
address_space_write() call. No logical change intended.
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260616020839.19104-3-philmd@oss.qualcomm.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260616020839.19104-2-philmd@oss.qualcomm.com>
system/cpu: Reset vCPU %exception_index before resuming it
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20260423170229.64655-8-philmd@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com>
Ryan Zhang [Fri, 15 May 2026 11:21:55 +0000 (19:21 +0800)]
ui/sdl2: Set GL ES profile before creating initial GL context
When the user selects GLES via '-display sdl,gl=es', we need to set
SDL_GL_CONTEXT_PROFILE_MASK to SDL_GL_CONTEXT_PROFILE_ES before
calling SDL_GL_CreateContext(). This ensures SDL_GL_LoadLibrary()
loads the correct GLES driver instead of the desktop OpenGL driver.
Fix the below issue: qemu-system-aarch64: /usr/src/debug/libepoxy
/1.5.10/src/dispatch_common.c:872: epoxy_get_proc_address: Assertion
`0 && "Couldn't find current GLX or EGL context.\n"' failed.
sdl2_gl_create_context() already sets the profile mask correctly for
ES mode, but the initial context created in sdl2_window_create() is
missing the same treatment.
Akihiko Odaki [Thu, 11 Jun 2026 11:58:03 +0000 (20:58 +0900)]
ui/sdl2: Explicitly specify EGL platform
Mesa's eglGetDisplay() chooses the native EGL platform from
EGL_PLATFORM, limited autodetection, or the build-time default. If that
selects Wayland while SDL is using the X11 video backend, Mesa can treat
the X11 Display pointer as a wl_display and crash during eglInitialize().
Probe EGL with the X11 platform explicitly before enabling
SDL_HINT_VIDEO_X11_FORCE_EGL.
ui/pixman: fix zero rowstride in qemu_pixman_image_new_shareable()
qemu_create_displaysurface_from() callers such as xlnx_dp.c pass
linesize=0 with data=NULL, relying on pixman to compute the stride.
Since 1ff788db978 ("ui: use a shareable type"), the data=NULL path
goes through qemu_pixman_image_new_shareable() which computes
size = height * rowstride_bytes, resulting in a zero-size allocation
and an abort in qemu_memfd_alloc().
Introduce qemu-pixman-helpers.h with overflow-safe stride and buffer
size computation (matching pixman's create_bits() formula), and use it
from both qemu_pixman_image_new_shareable() and pixman-minimal's
create_bits().
Reported-by: Peter Maydell <peter.maydell@linaro.org> Fixes: 1ff788db9781 ("ui: use a shareable type") Reviewed-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20260611113614.1935094-1-marcandre.lureau@redhat.com>
ui/vnc: switch LED handling to Notifier-based input API
Replace QEMUPutLEDEntry with an embedded Notifier in VncDisplay.
Use qemu_input_led_notifier_add/remove instead of the old
qemu_add/remove_led_event_handler.
Reviewed-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
ui/input: add LED state tracking to QemuInputHandlerState
Add per-handler LED state and a NotifierList for UI backends to
subscribe to LED changes.
Devices call qemu_input_handler_set_led() to store their LED state and
notify backends. Notify also on focus change, or list update.
Note: I considered conflating mouse-mode & led-state changes, but those
are quite different events (from different source kinds etc) and we may
want to improve the internal implementation.
Reviewed-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
ui: move LED and key utilities to input.c, delete input-legacy.c
With both legacy mouse API consumers converted, the remaining
code in input-legacy.c (LED broadcast, index_from_key, qmp_send_key)
is not legacy-specific. Move it to ui/input.c and delete the file.
Clean up include/ui/console.h by removing the now-unused legacy
mouse API declarations (QEMUPutMouseEvent, QEMUPutMouseEntry,
QEMUPutKBDEvent, QEMUPutKbdEntry) and MOUSE_EVENT_* constants.
Reviewed-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
hw/usb/dev-wacom: convert to modern QemuInputHandler API
Replace the legacy QEMUPutMouseEvent callbacks with a proper
QemuInputHandler registration. The device now receives typed
input events (BTN/ABS/REL) directly.
Replace the legacy QEMUPutMouseEvent callback with a proper
QemuInputHandler registration. This eliminates one of the two
remaining users of the legacy input adapter in ui/input-legacy.c.
Right & middle buttons are inverted (see hmp_mouse_button)
Acked-by: Dr. David Alan Gilbert <dave@treblig.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
hw/9pfs: consolidate name validation with check_name()
Add a new, shared helper function check_name() that consolidates the name
validation logic (illegal name check and "." / ".." rejection) currently
spread over multiple 9p handlers, unnecessarily duplicating code.
This is pure refactoring with no behavior change. The existing error code
semantics are preserved: rename operations return -EISDIR, create
operations return -EEXIST.
Note: These current error codes actually differ from native Linux system
calls (e.g. rename() returns -EBUSY, open(O_CREAT) returns -EISDIR). The 9P
protocol does not mandate specific error codes for these validation errors.
Hence consolidating to a single error code (e.g., -EINVAL) for all cases
could be considered in the future for simplicity reason.
This change reduces code duplication across 9 functions:
The other Trename and Trenameat handlers already reject "." and ".."
as new name on rename requests by returning -EISDIR in this case.
The legacy Twstat rename handler is missing this validation. While passing
"." or ".." does not trigger a crash as fixed by the previous patch (since
the fs backend driver's system calls handle these gracefully), it creates
a behavioral inconsistency, as it is semantically meaningless to rename a
file to a directory reference in the first place.
Fix this by rejecting "." and ".." in Twstat rename handler with -EISDIR
to match behavior of Trename and Trenameat handlers.
hw/9pfs: fix abort due to illegal name with Twstat rename
The legacy Twstat 9p request can be used to rename files and directories.
Unlike the other, more recent rename requests like Trename and Trenameat,
Twstat does not validate the submitted new name before passing it to
v9fs_complete_rename().
A priviliged guest user with direct communication access to 9p server
could pass a string containing '/' as new name, which causes an assertion
fault (DoS) in local_name_to_path().
Fix this by rejecting such strings by checking the client supplied new
name with name_is_illegal(), similar to how Trename and Trenameat handlers
do already.
* tag 'firmware-20260617-pull-request' of https://gitlab.com/kraxel/qemu:
igvm: fix handling of optional variable header types
igvm: replace raw uint32_t with igvm library types
hw/uefi: fix parse_hexstr
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 17 Jun 2026 14:17:03 +0000 (10:17 -0400)]
Merge tag 'pull-target-arm-20260616' of https://gitlab.com/pm215/qemu into staging
target-arm queue:
* Implementation of various insns preparatory to FEAT_SVE2p2
* hw/arm/smmuv3: Make smmuv3 ATS, RIL, SSIDSIZE, and OAS 'auto' properties work
* hw/pci/pci: Enforce pci_setup_iommu_per_bus() is called only once per bus
* hw/arm/virt: Introduce Tegra241 CMDQV support for accelerated SMMUv3
* target/arm: honour CCR.BFHFNMIGN for probed data BusFaults
* hw/arm/bcm2838: Route I2C interrupts to GIC
Stefan Hajnoczi [Wed, 17 Jun 2026 14:16:23 +0000 (10:16 -0400)]
Merge tag 'pbouvier/pr/plugins-20260616' of https://gitlab.com/p-b-o/qemu into staging
Changes:
- [PATCH v2 00/26] plugins: refactor API to maintain state through (Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>) Link: https://lore.kernel.org/qemu-devel/20260615193526.2883349-1-pierrick.bouvier@oss.qualcomm.com
# -----BEGIN PGP SIGNATURE-----
#
# iQHWBAABCgBAFiEEN8FWlNi6l2Sxlz/btEQ30ZwoYt8FAmoxmRAiHHBpZXJyaWNr
# LmJvdXZpZXJAb3NzLnF1YWxjb21tLmNvbQAKCRC0RDfRnChi3ztKC/45bQ+YlttE
# d2Zdt/N57raaZ8cumzTfpsmnN3Yd+ilIzJizW2OUgdrKrsXsZ73nEwsy9oV2XAGN
# XEaXBlVmLrIXnWRcVYyeKeTr0pJpjhglbLMwXHotgCpCZn77wOkIhTsJlEL83G0/
# F0Vt0o1FbvOepwZXr0jCU9JT/kewT0BptXClfQpyJcGeggj6x/rUsk32Lj7c5kZH
# 6T64T5tJZ5hxndJ/MQCHbsPkUksZT2WD44EYNb3QpVIvPBeoD/02WBfqC+U0fXQ3
# +O/JSfNacgjLWskaPiykft8t9GsRX3DgR5IJJ/WG4y3h9rxpbQKVdn5aKhmNavYK
# QplhS47OashPPbRWBYmKPipQO30sga5dPBt43mU0y1OfKBJR240r5CnFDNtU+XPM
# fwrcdmogleAKAU5rMqvP7fp2usBX0VAzTwtHF6PtswYX46uon/qIQ7E4VYh8mOeV
# DULhi38wKXUKHDwv00pXOvk2n6SOUdoro6XYaJoyArSK+vVFptV6nd4=
# =gcF/
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 16 Jun 2026 14:42:24 EDT
# gpg: using RSA key 37C15694D8BA9764B1973FDBB44437D19C2862DF
# gpg: issuer "pierrick.bouvier@oss.qualcomm.com"
# gpg: Good signature from "Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 37C1 5694 D8BA 9764 B197 3FDB B444 37D1 9C28 62DF
* tag 'pbouvier/pr/plugins-20260616' of https://gitlab.com/p-b-o/qemu: (26 commits)
plugins/cpp: register callbacks using captureless lambda
scripts/checkpatch: remove check on forbidden space before '[' in C++
scripts/checkpatch: ignore spaces required around some operators in C++
plugins: use consistent parameter documentation for userdata
plugins: add userdata to qemu_plugin_register_vcpu_syscall_ret_cb
plugins: remove qemu_plugin_id from qemu_plugin_vcpu_syscall_ret_cb_t
plugins: add userdata to qemu_plugin_register_vcpu_syscall_filter_cb
plugins: remove qemu_plugin_id from qemu_plugin_vcpu_syscall_filter_cb_t
plugins: add userdata to qemu_plugin_register_vcpu_syscall_cb
plugins: remove qemu_plugin_id from qemu_plugin_vcpu_syscall_cb_t
plugins: add userdata to qemu_plugin_vcpu_tb_trans_cb_t
plugins: remove qemu_plugin_id from qemu_plugin_vcpu_tb_trans_cb_t
plugins: remove qemu_plugin_id from qemu_plugin_vcpu_discon_cb_t
plugins: add userdata to qemu_plugin_register_vcpu_discon_cb
plugins: remove type qemu_plugin_vcpu_simple_cb_t
plugins: add userdata to qemu_plugin_vcpu_for_each
plugins: add userdata to qemu_plugin_register_vcpu_resume_cb
plugins: add userdata to qemu_plugin_register_vcpu_idle_cb
plugins: add userdata to qemu_plugin_register_vcpu_exit_cb
plugins: add userdata to qemu_plugin_register_vcpu_init_cb
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
qga_libs are libraries for guest agent linking. Guest Agent
is a pure C-language application and doesn't need any C++ libs.
VSS linking dependencies are placed in a separate file.
snwprintf is a Microsoft extension, and according to the MSVC spec,
it is called _snwprintf. MinGW defines both snwprintf and _snwprintf,
while MSVC defines only _snwprintf.
We can also use swprintf here. The only difference between
the two is the return value, and we are not using it. So change
the function to support MSVC build env.
Damien Zammit [Sun, 8 Feb 2026 05:59:45 +0000 (05:59 +0000)]
Make copy_file_range non-static on GNU/Hurd
glibc has a stubs mechanism: a function can be declared in the
system headers, but only implemented as a stub that always fails with
ENOSYS, for example. Therefore when implementing this function
we cannot use static.
Damien Zammit [Sun, 8 Feb 2026 05:59:32 +0000 (05:59 +0000)]
tpm: Add conditional to not compile ioctls on GNU/Hurd
The Hurd currently doesn't have any TPM driver, compilation fails
for missing _IOT__IOTBASE_* symbols unless these are left undefined.
Signed-off-by: Damien Zammit <damien@zamaudio.com> Signed-off-by: Manolo de Medici <manolo.demedici@gmail.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Link: https://lore.kernel.org/r/20260208055858.2166524-4-damien@zamaudio.com Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Include new arbitrary limits if not already defined
Although GNU/Hurd supports unlimited path lengths
only bounded by available memory, for now we can use
an arbitrary limit on PATH_MAX that matches what POSIX requires.
We don't have bandwidth to fix this properly right now.
projects / thirdparty / qemu.git / log
