Stefan Hajnoczi [Mon, 27 Apr 2026 16:57:33 +0000 (12:57 -0400)]
Merge tag 'linux-user-next-pull-request' of https://github.com/hdeller/qemu-hppa into staging
linux-user: Pull request
This patch series adds myself as linux-user maintainer, and includes some
patches which have piled up for linux-user during the last few weeks.
Please apply.
Thanks!
Helge
* tag 'linux-user-next-pull-request' of https://github.com/hdeller/qemu-hppa:
linux-user: Flush errors by using exit() instead of _exit() in error path
linux-user: Use abi_int for imr_ifindex in ip_mreqn struct
linux-user: Fix CLONE_PARENT_SETTID when using fork-like clone
linux-user: Add getsockopt() for SO_RCVTIMEO_NEW and SO_SNDTIMEO_NEW
linux-user: Add setsockopt() for SO_RCVTIMEO_NEW and SO_SNDTIMEO_NEW
linux-user: Define SO_TIMESTAMP*_NEW and SO_RCVTIMEIO_NEW
linux-user/mips: sync k0 TLS for EF_MIPS_MACH_OCTEON userlands
linux-user/strace: Use pointer type for read and write values
linux-user/arm/nwfpe: Use thread-local storage for qemufpa
linux-user/arm/nwfpe: Replace user_registers with current_cpu
linux-user: Don't define target_stat64 struct for loongarch64
linux-user: fix off-by-one in host_to_target_for_each_rtattr()
linux-user/ppc: Fix ppc64 rt_sigframe stack offset
MAINTAINERS: Add myself as maintainer for linux-user
[I have confirmed with Laurent, the current maintainer, that he would
like Helge to help.
-- Stefan] Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Conflicts:
MAINTAINERS
Pierrick's email address changed.
Stefan Hajnoczi [Mon, 27 Apr 2026 15:45:45 +0000 (11:45 -0400)]
Merge tag 'pull-target-arm-20260427' of https://gitlab.com/pm215/qemu into staging
target-arm queue:
docs/system: add FEAT_AA32 and FEAT_AA64 to emulation list
hw/arm: Add the i.MX 8MM EVK(Evaluation Kit) board
target/arm: Build M-profile helper code once only
hw/arm: Remove hw_error() for the unimplemented CM_LMBUSCNT register
hw: Move ARM_SYSCTL_GPIO definitions to arm sysctl specific header
target/arm: Allow 'aarch64=off' to be set for TCG CPUs
target/arm: Allow some sysregs to not have to be an exact match for migration
hw/arm/raspi4b: NOP all DTB nodes when removing unimplemented devices
hw/arm/fsl-imx6ul: Implement LCDIF display device
target/arm: Refactor syndrome value code to use registerfields
target/arm: Report the register in WFxT syndromes
* tag 'pull-target-arm-20260427' of https://gitlab.com/pm215/qemu: (63 commits)
target/arm: report register in WFIT syndromes
target/arm: remove old syndrome defines
target/arm: use syndrome helpers to query VNCR bit
target/arm: use syndrome helpers in merge_syn_data_abort
target/arm: make hvf use syndrome helpers for decode
target/arm: make whpx use syndrome helpers for decode
target/arm: use syndrome helpers to set SAME_EL EC bit
target/arm: use syndrome helpers in arm_cpu_do_interrupt_aarch32_hyp
target/arm: migrate check_hcr_el2_trap to use syndrome helper
target/arm: migrate memory op syndromes to registerfields
target/arm: migrate gcs syndromes to registerfields
target/arm: migrate wfx syndromes to registerfields
target/arm: migrate debug syndromes to registerfields
target/arm: migrate fault syndromes to registerfields
target/arm: migrate Granule Protection traps to registerfields
target/arm: migrate BXJ trap syndromes to registerfields
target/arm: migrate BTI trap syndromes to registerfields
target/arm: migrate PAC trap syndromes to registerfields
target/arm: migrate SME trap syndromes to registerfields
target/arm: migrate eret trap syndromes to registerfields
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 27 Apr 2026 15:45:10 +0000 (11:45 -0400)]
Merge tag 'pull-request-2026-04-27' of https://gitlab.com/thuth/qemu into staging
* Bump the minimum GCC version to v10.4
* Make SMM code ready for the QEMU universal binary
* Convert TABs to spaces according to QEMU's coding style
* Fix use of pthread_get_name_np on OpenBSD
* Silence some warnings from pylint in the functional tests
* Fix a regression in the "register-array" device
* malloc cleanups
* tag 'pull-request-2026-04-27' of https://gitlab.com/thuth/qemu:
tests/functional/ppc/test_ppe42: Fix warning from the latest version of pylint
target/xtensa: Replace malloc() with g_strdup_printf()
hw/i386/fw_cfg: Use g_new() and g_new0() instead of g_malloc()
hw/core/register: add register_array_get_owner
tests/functional/qemu_test: Silence warnings from pylint in tesseract.py
util: fix use of pthread_get_name_np on OpenBSD
target: convert TABS indentation to spaces for consistency
target/i386/tcg/sysemu: Allow 32-bit SMM code to be used in the 64-bit binary
target/i386/tcg/sysemu: Move target specific SMM code to separate functions
meson.build: Bump the minimum GCC version to v10.4
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Alex Bennée [Wed, 22 Apr 2026 12:52:40 +0000 (13:52 +0100)]
target/arm: report register in WFIT syndromes
Pass the register number (rd) to the wfit helper and report it in the
syndrome ISS.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-24-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:39 +0000 (13:52 +0100)]
target/arm: remove old syndrome defines
Now everything is defined with registerfields we can drop the old
defines.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-23-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:38 +0000 (13:52 +0100)]
target/arm: use syndrome helpers to query VNCR bit
These are only valid for data abort syndromes.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-22-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:37 +0000 (13:52 +0100)]
target/arm: use syndrome helpers in merge_syn_data_abort
One more step to removing the old defines.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-21-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:36 +0000 (13:52 +0100)]
target/arm: make hvf use syndrome helpers for decode
Rather than open coding a bunch of shifts and masks we can use the
syndrome definitions.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260422125250.1303100-20-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:35 +0000 (13:52 +0100)]
target/arm: make whpx use syndrome helpers for decode
Rather than open coding a bunch of shifts and masks we can use the
syndrome definitions. While we are at it assert it really is a
EC_DATAABORT.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-19-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:34 +0000 (13:52 +0100)]
target/arm: use syndrome helpers to set SAME_EL EC bit
This removes the last use of ARM_EL_EC_SHIFT.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-18-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:33 +0000 (13:52 +0100)]
target/arm: use syndrome helpers in arm_cpu_do_interrupt_aarch32_hyp
One more step towards dropping the old #defines.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-17-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:32 +0000 (13:52 +0100)]
target/arm: migrate check_hcr_el2_trap to use syndrome helper
It shares the same COPROC_ISS encoding as the other CP traps although
not all the fields are used.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-16-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:31 +0000 (13:52 +0100)]
target/arm: migrate memory op syndromes to registerfields
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-15-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:30 +0000 (13:52 +0100)]
target/arm: migrate gcs syndromes to registerfields
Tweak arg names to make it clear raddr is the data address register
number.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-14-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:29 +0000 (13:52 +0100)]
target/arm: migrate wfx syndromes to registerfields
This will help later when we expand the fields we report.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-13-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:28 +0000 (13:52 +0100)]
target/arm: migrate debug syndromes to registerfields
Migrate syn_swstep, syn_watchpoint and syn_breakpoint to the
registerfields API.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-12-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:27 +0000 (13:52 +0100)]
target/arm: migrate fault syndromes to registerfields
Migrate syn_insn_abort and syn_data_abort_* to the registerfields API.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260422125250.1303100-11-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:26 +0000 (13:52 +0100)]
target/arm: migrate Granule Protection traps to registerfields
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-10-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:25 +0000 (13:52 +0100)]
target/arm: migrate BXJ trap syndromes to registerfields
This is an Armv7 specific syndrome for chips with Jazelle
functionality.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-9-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:24 +0000 (13:52 +0100)]
target/arm: migrate BTI trap syndromes to registerfields
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-8-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:23 +0000 (13:52 +0100)]
target/arm: migrate PAC trap syndromes to registerfields
syn_pactrap is fairly simple as the ISS is all RES0.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-7-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:22 +0000 (13:52 +0100)]
target/arm: migrate SME trap syndromes to registerfields
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-6-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:21 +0000 (13:52 +0100)]
target/arm: migrate eret trap syndromes to registerfields
For simplicity keep the OP as a two bit field rather than the two
interlinked fields in the docs (ERET/ERETA).
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-5-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:20 +0000 (13:52 +0100)]
target/arm: migrate FP/SIMD trap syndromes to registerfields
The syn_simd_access trap was never used so remove it. We should only
see the COPROC encoding on v7 architectures.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-4-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:19 +0000 (13:52 +0100)]
target/arm: migrate system/cp trap syndromes to registerfields
Migrate syn_aa64_sysregtrap and co-processor register trap syndromes
to the registerfields API. The co-processor syndromes are split
between single and duel register moves.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-3-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Wed, 22 Apr 2026 12:52:18 +0000 (13:52 +0100)]
target/arm: migrate basic syndrome helpers to registerfields
We have a registerfields interface which we can use for defining
fields alongside helpers to access them. Define the basic syndrome
layout and convert the helpers that take the imm16 data directly.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20260422125250.1303100-2-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Yucai Liu [Sun, 12 Apr 2026 11:02:40 +0000 (19:02 +0800)]
hw/arm/fsl-imx6ul: Wire in the LCDIF device model
Instantiate LCDIF as a child object of the i.MX6UL SoC in init and
realize it in the SoC realize path before MMIO/IRQ hookup.
Also make FSL_IMX6UL select CONFIG_IMX6UL_LCDIF and map the LCDIF
region with a 16 KiB size to match the SoC memory map.
Signed-off-by: Yucai Liu <1486344514@qq.com>
Message-id: 20260412110240.93116-3-yangyanglan718@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Yucai Liu [Sun, 12 Apr 2026 11:02:39 +0000 (19:02 +0800)]
hw/display: Add i.MX6UL LCDIF device model
Implement a basic i.MX6UL LCDIF controller model with MMIO registers,
frame-done interrupt behavior, and framebuffer-backed display updates
for RGB565 and XRGB8888 input formats.
Place the LCDIF device under hw/display and build it via a dedicated
CONFIG_IMX6UL_LCDIF symbol. Model register fields with
registerfields.h helpers and provide migration support via vmstate.
Signed-off-by: Yucai Liu <1486344514@qq.com>
Message-id: 20260412110240.93116-2-yangyanglan718@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/raspi4b: NOP all DTB nodes when removing unimplemented devices
fdt_node_offset_by_compatible(fdt, -1, compat) only finds the first match.
If the blob has more than one node with the same compatible string, extra
nodes will remain active. Remove all the matching nodes, using the same
loop as imx8mp-evk.c does for this purpose.
Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com>
Message-id: 20260420162114.308519-1-osama.abdelkader@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eric Auger [Mon, 20 Apr 2026 14:03:57 +0000 (16:03 +0200)]
Revert "target/arm: Reinstate bogus AArch32 DBGDTRTX register for migration compat"
This reverts commit 4f2b82f60431 ("target/arm: Reinstate bogus AArch32
DBGDTRTX register for migration compat). We don't need that commit
anymore as the AArch32 DBGDTRTX register is declared to
be safe to ignore in the incoming migration stream.
Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Sebastian Ott <sebott@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260420140552.104369-8-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eric Auger [Mon, 20 Apr 2026 14:03:56 +0000 (16:03 +0200)]
target/arm/helper: Define cpreg migration tolerance for DGBDTR_EL0
We want to remove AArch32 DBGDTRTX which was erroneously exposed.
This was attempted by 655659a74a36b ("target/arm: Correct encoding
of Debug Communications Channel registers") but it was discovered
that the removal of this debug register broke forward migration on
TCG. Now we have the cpreg migration tolerance infrastructure, we
can declare one for the DBGDTRTX. This allow to revert the reinstate
patch.
Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Sebastian Ott <sebott@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260420140552.104369-7-eric.auger@redhat.com
[PMM: revised comment, included note about when we can drop
the workaround] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eric Auger [Mon, 20 Apr 2026 14:03:55 +0000 (16:03 +0200)]
target/arm/cpu64: Define cpreg migration tolerance for KVM_REG_ARM_VENDOR_HYP_BMAP_2
KVM_REG_ARM_VENDOR_HYP_BMAP_2 pseudo FW register is exposed
from v6.15 onwards. Backward migration from a >= v6.15 to an older
kernel would fail without cpreg migration tolerance definition
for this register. If the register is present on source but not
on destination, its value must be checked to make sure it matches
the reset value, ie. 0, meaning no service is exposed to the guest,
hence the choice of a ToleranceOnlySrcTestValue migration
tolerance.
Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260420140552.104369-6-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eric Auger [Mon, 20 Apr 2026 14:03:54 +0000 (16:03 +0200)]
target/arm/cpu64: Mitigate migration failures due to spurious TCR_EL1, PIRE0_EL1 and PIR_EL1
Before linux v6.13 those registers were erroneously unconditionally
exposed and this was fixed by commits:
- 0fcb4eea5345 ("KVM: arm64: Hide TCR2_EL1 from userspace when
disabled for guests")
- a68cddbe47ef ("KVM: arm64: Hide S1PIE registers from userspace
when disabled for guests")
in v6.13.
This means if we migrate from an old kernel host to a >= 6.13 kernel
host, migration currently fails.
Declare cpreg migration tolerance for those registers.
Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Sebastian Ott <sebott@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260420140552.104369-5-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Pass the value of the incoming register to
handle_cpreg_only_in_incoming_stream and check whether there is
a matching ToleranceOnlySrcTestValue tolerance.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20260420140552.104369-4-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
If there is a mismatch between the cpreg indexes found on both ends,
check whether a tolerance was registered for the given kvmidx. If any,
silence warning/errors.
Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260420140552.104369-3-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Eric Auger [Mon, 20 Apr 2026 14:03:51 +0000 (16:03 +0200)]
target/arm/cpu: Introduce the infrastructure for cpreg migration tolerances
We introduce a datatype for a tolerance with respect to a given
cpreg migration issue. The tolerance applies to a given cpreg kvm index,
and can be of different types:
a) mismatch in cpreg indexes
- ToleranceNotOnBothEnds (cpreg index is allowed to be only present
on one end)
- ToleranceOnlySrcTestValue (cpreg index is allowed to be only
present in source if its value @mask field matches @value)
b) mismatch in cpreg values
- ToleranceDiffInMask (value differences are allowed only within a mask)
- ToleranceFieldLT (incoming field value must be less than a given value)
- ToleranceFieldGT (incoming field value must be greater than a given value)
A QLIST of such tolerances can be populated using a new helper:
arm_register_cpreg_mig_tolerance() and arm_cpu_match_cpreg_mig_tolerance()
allows to check whether a tolerance exists for a given kvm index and its
criterion is matched.
callers for those helpers will be introduced in subsequent patches.
Only registration of migration tolerances related to cpreg index
mismatch is currently allowed.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20260420140552.104369-2-eric.auger@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 16 Apr 2026 16:53:53 +0000 (17:53 +0100)]
tests/functional/aarch64: Add basic test of TCG aarch64=off
Add a basic test of the TCG 'aarch64=off' functionality; this is the
same as our existing arm/test_virt test, but it runs the AArch32
guest kernel on qemu-system-aarch64 with -cpu max,aarch64=off.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260416165353.589569-4-peter.maydell@linaro.org
Peter Maydell [Thu, 16 Apr 2026 16:53:52 +0000 (17:53 +0100)]
target/arm: Allow 'aarch64=off' to be set for TCG CPUs
Allow the 'aarch64=off' property, which is currently KVM-only, to
be set for TCG CPUs also.
Note that we don't permit it on the qemu-aarch64 user-mode binary:
this makes no sense as that executable can only handle AArch64
syscalls (and it would also assert at startup since it doesn't
compile in the A32-specific GDB xml files like arm-neon.xml).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Clément Chigot <chigot@adacore.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260416165353.589569-3-peter.maydell@linaro.org
Peter Maydell [Thu, 16 Apr 2026 16:53:51 +0000 (17:53 +0100)]
target/arm: Clear AArch64 ID regs from ARMISARegisters if AArch64 disabled
If we create a normally-AArch64 CPU and configure it with
aarch64=off, this will by default leave all the AArch64 ID register
values in its ARMISARegisters struct untouched. That in turn means
that tests of cpu_isar_feature(aa64_something, cpu) will return true.
Until now we have had a design policy that you shouldn't check an
aa64_ feature unless you know that the CPU has AArch64; but this is
quite fragile as it's easy to forget and only causes a problem in the
corner case where AArch64 was turned off. In particular, when we
extend the ability to disable AArch64 from only KVM to also TCG there
are many more aa64 feature check points which we would otherwise have
to audit for whether they needed to be guarded with a check on
ARM_FEATURE_AARCH64.
Instead, make the CPU realize function zero out all the 64-bit ID
registers if a TCG CPU doesn't have AArch64; this will make aa64_
feature tests generally return false.
We only do this for TCG because only TCG really needs it, and for
KVM it might be confusing to have QEMU's idea of the ID registers
be different from KVM's.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260416165353.589569-2-peter.maydell@linaro.org
Peter Maydell [Thu, 16 Apr 2026 17:26:27 +0000 (18:26 +0100)]
hw: Move ARM_SYSCTL_GPIO definitions to arm sysctl specific header
include/hw/arm/primecell.h used to be more expansive, but now the
only thing it defines is the ARM_SYSCTL_GPIO_* constants for the GPIO
lines for the arm-sysctl system-control device used on the Realview,
Versatile and Versatile Express boards.
Replace it with a header file specific to that device.
virt.c and vmapple.c included primecell.h despite not using the
constants it defined; there we can simply drop the include entirely.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260416172627.690396-1-peter.maydell@linaro.org
That means this register does not seem to be implemented on real CP boards
at all, only for older AP boards. Thus it should be fine if we simply
ignore this register in QEMU and handle it like all other unimplemented
registers in the "default" handler of the case statement.
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3407 Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260420064933.64765-1-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260414005348.4767-10-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Replace MO_TE -> mo_endian() for Cortex-M helpers
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260414005348.4767-9-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260414005348.4767-8-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Replace MO_TE -> mo_endian() for MVE helpers
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260414005348.4767-7-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260414005348.4767-6-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260414005348.4767-5-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260414005348.4767-4-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Extract the implicit MO_TE definition in order to replace
it in the next commit.
Mechanical change using:
$ for n in UW UL UQ UO SW SL SQ; do \
sed -i -e "s/MO_TE$n/MO_TE | MO_$n/" \
$(git grep -l MO_TE$n target/arm); \
done
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260414005348.4767-3-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Ignore endianness when setting MTE tags
As mentioned by Richard in [*]:
We don't actually need any specific endianness here, because
every byte has the same value. So we could simply drop MO_TE.
That would produce a store in host-endianness, which will be
fractionally more efficient on some hosts.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260414005348.4767-2-philmd@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/fsl-imx8mm: Adding support for USB controller
It enables emulation of USB on iMX8MM
Enables testing and debugging of USB drivers
Reviewed-by: Philippe Mathieu-Daude <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Gaurav Sharma <gaurav.sharma_7@nxp.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/fsl-imx8mm: Adding support for Watchdog Timers
It enables emulation of WDT in iMX8MM
Added WDT IRQ lines
Reviewed-by: Philippe Mathieu-Daude <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Gaurav Sharma <gaurav.sharma_7@nxp.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/fsl-imx8mm: Adding support for SPI controller
It enables emulation of ECSPI in iMX8MM
Added SPI IRQ lines
Reviewed-by: Philippe Mathieu-Daude <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Gaurav Sharma <gaurav.sharma_7@nxp.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/fsl-imx8mm: Adding support for I2C emulation
This can be used to test and debug I2C device drivers.
Added I2C interrupts
Reviewed-by: Philippe Mathieu-Daude <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Gaurav Sharma <gaurav.sharma_7@nxp.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Enabled GPIO controller emulation
Also updated the GPIO IRQ lines of iMX8MM
Reviewed-by: Philippe Mathieu-Daude <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Gaurav Sharma <gaurav.sharma_7@nxp.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This enables support for Designware PCI Express Controller emulation
It provides a controlled environment to debug the linux pci subsystem
Reviewed-by: Philippe Mathieu-Daude <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Gaurav Sharma <gaurav.sharma_7@nxp.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/fsl-imx8mm: Adding support for USDHC storage controllers
It enables emulation of SD/MMC cards through a virtual SDHCI interface
The emulated SDHCI controller allows guest OS to use emulated storage as
a standard block device.
This will allow running the images such as those generated
by Buildroot.
Reviewed-by: Philippe Mathieu-Daude <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Gaurav Sharma <gaurav.sharma_7@nxp.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/fsl-imx8mm: Add Clock Control Module IP to iMX8MM
Add the Clock Control Module (CCM) device to i.MX8MM SoC.
The CCM implementation is shared with i.MX8MP as the register
layout is identical between the two variants.Hence iMX8MM will
be using the source of iMX8MP CCM.
Reviewed-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Gaurav Sharma <gaurav.sharma_7@nxp.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/fsl-imx8mm: Add Analog device IP to iMX8MM SOC
Add the Analog IP to i.MX8MM SoC. iMX8MM and i.MX8MP uses
the same Analog IP so the analog ip source will be shared.
The ARM PLL divider control register (arm-pll-fdiv-ctl0) has
a different reset value on i.MX8MM (0x000fa030) compared to
i.MX8MP (0x000fa031). So iMX8MM will be overriding this property
with its own reset-value.
Reviewed-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Gaurav Sharma <gaurav.sharma_7@nxp.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/misc/imx8mp_analog: Add property to analog device
Add configurable properties for register reset values that differ
between i.MX 8M variants (Plus, Mini, etc.). This allows the same
device implementation to be shared across multiple SoCs.
Properties added:
- arm-pll-fdiv-ctl0-reset: ARM PLL divider control reset value
Default value is set to match i.MX 8MP reset value (0x000FA031).
This can be overridden in the variant like iMX8MM with its own
reset value.
Reviewed-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Gaurav Sharma <gaurav.sharma_7@nxp.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
And indeed, the "break" is unreachable since the previous self.fail()
always aborts immediately. Thus let's remove the "break" to make pylint
happy again.
Message-ID: <20260427080731.389061-1-thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
hw/arm: Add the i.MX 8MM EVK(Evaluation Kit) board
Implemented CPUs, RAM, UARTs and Interrupt Controller
Other peripherals are represented as TYPE_UNIMPLEMENTED_DEVICE
Complete memory map of the SoC is provided.
Set default RAM size to 2GB and default CPU count to 4 to match
the real i.MX8MM EVK hardware configuration.
Documentation is shared with imx8mp-evk to avoid duplication.
Signed-off-by: Gaurav Sharma <gaurav.sharma_7@nxp.com>
[PMM: fixed over-long lines in doc] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Alex Bennée [Tue, 21 Apr 2026 09:35:06 +0000 (10:35 +0100)]
docs/system: add FEAT_AA32 and FEAT_AA64 to emulation list
This is just a documentation tweak as we already support both.
FEAT_AA32 implies FEAT_AA32EL0. FEAT_AA64 implies FEAT_AA64EL[0123].
This is however useful if you are using emulation.rst as a source of
truth of what QEMU emulates and when cross checking with
Features.json from Arm.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260421093506.616307-1-alex.bennee@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/i386/fw_cfg: Use g_new() and g_new0() instead of g_malloc()
Replace g_malloc() and g_malloc0() calls that calculate the allocation
size using sizeof() with the type-safe g_new() and g_new0() macros.
This aligns the code with QEMU's coding style guidelines, improving
readability and protecting against potential integer overflow
vulnerabilities when allocating arrays.
Luc Michel [Fri, 24 Apr 2026 15:56:44 +0000 (17:56 +0200)]
hw/core/register: add register_array_get_owner
Add the register_array_get_owner function to the register API. This
function can be used to retrieve the device owning the given
RegisterInfoArray.
This was previously done inline by some devices. 5c6367bc1c8850f74812eeaaf87cff9911be58de modified the way register
blocks are created and parented to the device. Since this is an
implementation detail of the register API, it makes sense to have a
function for this.
Use it in the Versal OSPI and Versal/ZynqMP eFuse models instead of
tinkering with the API internals.
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3421
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3422
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3423 Signed-off-by: Luc Michel <luc.michel@amd.com> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Fixes: 5c6367bc1c8 ("hw/core/register: add the REGISTER_ARRAY type") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20260424155646.533334-1-luc.michel@amd.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Wed, 22 Apr 2026 07:11:44 +0000 (09:11 +0200)]
tests/functional/qemu_test: Silence warnings from pylint in tesseract.py
Pylint complains:
tesseract.py:1:0: C0114: Missing module docstring (missing-module-docstring)
tesseract.py:12:0: C0116: Missing function or method docstring (missing-function-docstring)
tesseract.py:15:11: W1510: 'subprocess.run' used without explicitly defining the value for 'check'. (subprocess-run-check)
tesseract.py:12:30: W0613: Unused argument 'tesseract_args' (unused-argument)
Thus add the missing bits and remove the unused tesseract_args argument.
While we're at it, also add a SPDX identifier instead of the weird three
dots at the beginning of the file, and drop the license boilerplate text.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260422071145.244820-1-thuth@redhat.com>
The pthread_get_name_np function is present on FreeBSD and OpenBSD
and has 'void' return not 'int'. We didn't notice this build problem
on FreeBSD since it also has pthread_getname_np which does return
int like Linux and we use the latter preferentially.
Fixes: 215235d365e49c72a85ea2940751e45419676031 Closes: https://gitlab.com/qemu-project/qemu/-/work_items/3399 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260417120531.2215549-1-berrange@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Wed, 25 Mar 2026 12:09:44 +0000 (13:09 +0100)]
target/i386/tcg/sysemu: Allow 32-bit SMM code to be used in the 64-bit binary
This is a preparation for the QEMU universal binary where we might want
to support both, the x86_64 and the i386 target, in one binary. Instead
of using #ifdef TARGET_X86_64 here, check the LM bit to select the 32-bit
or 64-bit code during runtime.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260325120944.29391-3-thuth@redhat.com>
However, NetBSD 10 has already been released since two years ago
(see https://www.netbsd.org/releases/formal-10/NetBSD-10.0.html),
so according to our support policy, starting with QEMU v11.0, we
don't have to take care of the previous major release of NetBSD
anymore.
Looking at the various distros that we take care of (see e.g.
https://repology.org/project/gcc/versions), and the NetBSD 10.0
3rd party package information:
... it seems like NetBSD 10 has the lowest version of GCC again,
but at least it's GCC 10.4 now. Thus bump our GCC requirement to
this version now.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260310155331.320066-1-thuth@redhat.com>
linux-user: Flush errors by using exit() instead of _exit() in error path
Qemu user mode does not properly flushes error messages related to bad
arguments when exiting (at least when the output is piped to a file
instead of running on a terminal).
Ensure that we always flush by using exit() instead of _exit().
Stefan Hajnoczi [Sat, 25 Apr 2026 14:22:04 +0000 (10:22 -0400)]
Merge tag 'pbouvier/pr/plugins-20260424' of https://gitlab.com/p-b-o/qemu into staging
Changes:
- [PATCH v2 0/2] contrib/plugins/uftrace_symbols.py: fix issues to (Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>) Link: https://lore.kernel.org/qemu-devel/20260424194451.1439316-1-pierrick.bouvier@oss.qualcomm.com
# -----BEGIN PGP SIGNATURE-----
#
# iQGzBAABCgAdFiEEN8FWlNi6l2Sxlz/btEQ30ZwoYt8FAmnsC04ACgkQtEQ30Zwo
# Yt+8ywv8D5QrLcqIfxeImZiNN1chM0qv8qs3rISMxTV7bSbgCdEWV8hZgadYqNrT
# Nnw3/ebWEZFdmtnVvSRbKAt9DKdjAAGtIMq91HNIKsAkPCaUEpRx24ccBLTeSvwx
# ZmQ1jntvcXGz+TRrp+OBzxEst/C+SeVk3pMNGVwFZhcae9ci9NDaY5RUTaQ/5U7d
# E5czK1GJUYJAUJALdXp8gpMCfdIkwMHuv1tyrTb6YZIBHGASCLDGbcy6pHWUNlqJ
# V7iMBNdP9mhSSHDmAZgO7uNnYmqNQ7rvZmkqOoPO8RkZF8nHIJydZStYyxVxUNTR
# SlnNBDGiMiUeNIqWAsEhf9wrpwxrvd7jlG4X4yuGSJkQZ5HcF3rvOeaaJUcqA555
# KnJiZNZ+nqraAgXKLHEhX3EAKW6iFGdiNzBmuwxqm52O7YGQgWywvRrnPjMTVUCu
# /MQLOX03uBZtSoX0VT7J7/pd7de0lkQxYc1QBg0Hj1o1ztzeJ0eaYoahPodirkWX
# wymbic6n
# =IZwN
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 24 Apr 2026 20:31:10 EDT
# gpg: using RSA key 37C15694D8BA9764B1973FDBB44437D19C2862DF
# gpg: Good signature from "Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 37C1 5694 D8BA 9764 B197 3FDB B444 37D1 9C28 62DF
* tag 'pbouvier/pr/plugins-20260424' of https://gitlab.com/p-b-o/qemu:
contrib/plugins/uftrace_symbols.py: handle missing source line from addr2line
contrib/plugins/uftrace_symbols.py: fix symbols reading
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Sat, 25 Apr 2026 14:21:42 +0000 (10:21 -0400)]
Merge tag 'hw-misc-20260422' of https://github.com/philmd/qemu into staging
Misc HW patches
- Build hw/avr/ as common unit files
- Header cleanups around 'cpu.h', 'qemu/audio.h' or duplicated lines
- Remove obsolete TPMIfClass::ppi_enabled field
- Cleanups around load/store API
- Restrict 'compat' properties API to system emulation
- Correct TPM PPCI ACPI for Windows guests on ARM Virt machine
- Simplify physical_memory_range_includes_clean()
- Avoid including CONFIG_DEVICES in hw/arm/smmuv3
- Initialize bus frequency in PPC e500 device tree blob
- More ATI VGA fixes
- Fix fuzzing issues on AVR power controller and SH4 MCU
- MAINTAINERS updates
- Machine compat array for v11.0.0 release
- USB EHCI cleanups
* tag 'hw-misc-20260422' of https://github.com/philmd/qemu: (62 commits)
MAINTAINERS: Transfer CI maintenance to Pierrick
MAINTAINERS: Maintain MIPS Boston
MAINTAINERS: Remove PhilMD from NVMe Block Driver
MAINTAINERS: Remove my disfunctional emails
MAINTAINERS: Remove my unused git tree locations
MAINTAINERS: Cover hexloader tests under the Generic Loader section
MAINTAINERS: Merge PCIe DOE section within SPDM
hw/usb/hcd-ehci: Introduce common properties macro for sysbus and pci
hw/usb/hcd-ehci: Replace DPRINTF debug logs with trace events
hw/usb/hcd-ehci.c: Replace fprintf(stderr, ...) with qemu_log_mask(LOG_GUEST_ERROR)
hw/usb/hcd-ehci.c: Fix coding style issues reported by checkpatch
hw/usb/hcd-ehci.h: Fix coding style issues reported by checkpatch
hw/usb/hcd-ehci: Remove unused EHCIfstn structure and dead code
hw/arm/virt: Do not select Kconfig symbol PCI_EXPRESS
hw/cxl: Define cxl_fmws_get_all_sorted() stub
hw/sh4/sh7750: Remove forgotten abort() in the MM_ITLB_DATA handler
hw/misc: Fix the valid access size to the avr-power device
hw/ppc/amigaone: remove duplicate include
hw/hyperv: remove duplicate include
hw/virtio/virtio-iommu: remove duplicate include
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Sat, 25 Apr 2026 14:21:12 +0000 (10:21 -0400)]
Merge tag 'pull-hex-20260423' of https://github.com/quic/qemu into staging
Hexagon arch rev specific behavior
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEPWaq5HRZSCTIjOD4GlSvuOVkbDIFAmnq1vAACgkQGlSvuOVk
# bDJW9w/9GC+x5k98AJVNz3Hf03esR3MEka7aWM6S/lqBFTq68gVJ0HOqUGBgbjtC
# ENnlh97PNuAXUg3/i3G3OM3xwUYxrjkinpAvwQzKd42yvFUk/x4bUOO/KxpqR07w
# qJXLDy9n5nW9wLR2hqPuBFd3MlGWBmteH1ZrpSFMxElgQ7/M5LNprCKzuy5PYDLr
# a+z9eRcL0MOrVWxnXE4weM2U5oCiaIC6Zk37sDen1jGrgtnlPSAyZj4L+W8qtYzN
# 1SFR1BBCxCXUmpwYvhwxsfjrXzP3I9yuDkppszKRxYE2oyBC5I20aDtet7VK89NY
# pMOxdFzLoWHbZpLDGC92EKysns1eXya/9HN262sr4aJcyMTINReBW+/jb4KPxbdk
# a+VoXyPBkAT9r2B0L+J3t6/YkoFo0CNvUjtj39AKPnPppJY9Gpgy2Wf0BbgK3akG
# s9qV8THqYNPnfFKUW8pPoTyFLa6vVrl53eJqZ9C3oChEeFs3efdCyC603ecruRWq
# 7jW43s0Zpp7CgMfBjpQRLUbui3bYPeS+L9y6+jnnlMVMj0fsXWm0MsQ0Hz0NMZqD
# jjiqRosqCt9s5i7LlKEbUQnMVkfk8hnpYqnvEnnlLttdOC088IwW5TvheSb1gYNY
# YhzPOcyYxWAbsupV9WsJXBO+Mpd2EPRHiUUVsgGIsGyUwCpHI+E=
# =7ufn
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 23 Apr 2026 22:35:28 EDT
# gpg: using RSA key 3D66AAE474594824C88CE0F81A54AFB8E5646C32
# gpg: Good signature from "Brian Cain (OSS Qualcomm) <brian.cain@oss.qualcomm.com>" [unknown]
# gpg: aka "Brian Cain <bcain@kernel.org>" [unknown]
# gpg: aka "Brian Cain (QuIC) <bcain@quicinc.com>" [unknown]
# gpg: aka "Brian Cain (CAF) <bcain@codeaurora.org>" [unknown]
# gpg: aka "bcain" [unknown]
# gpg: aka "Brian Cain (QUIC) <quic_bcain@quicinc.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6350 20F9 67A7 7164 79EF 49E0 175C 464E 541B 6D47
# Subkey fingerprint: 3D66 AAE4 7459 4824 C88C E0F8 1A54 AFB8 E564 6C32
* tag 'pull-hex-20260423' of https://github.com/quic/qemu:
target/hexagon: Change DisasContext packet type
Hexagon (target/hexagon) Remove snprint_a_pkt_debug
tests/tcg/hexagon: Add test for revision-gated instruction decoding
Hexagon (target/hexagon) Disassembly of invalid packets
Hexagon (target/hexagon) Check each opcode against current CPU definition
Hexagon (target/hexagon) Introduce tag_rev_info.c.inc
Hexagon (target/hexagon) Add Hexagon definition field to DisasContext
Hexagon (linux-user/hexagon) Identify Hexagon version in ELF file
Hexagon (target/hexagon) Properly handle Hexagon CPU version
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Sat, 25 Apr 2026 14:20:29 +0000 (10:20 -0400)]
Merge tag 'migration-20260423-pull-request' of https://gitlab.com/farosas/qemu into staging
Migration pull request
- Cleanups to internal vmstate APIs
- Cleanups to handling of vmstate flags
- New vmstate VMS_ARRAY_OF_POINTER_AUTO_ALLOC
- Fixes to:
- functional exec test
- leaks in file migration
- mapped-ram migration input validation
- programming errors in qemu-file and multifd
- qtest leaks
- Additions to iochannel APIs:
qio_channel_pread{v,}_all{,_eof}
qio_channel_pwrite{v,}_all
- New migration qtest for capabilities validation
- Tweaks to documentation and checkpatch
# -----BEGIN PGP SIGNATURE-----
#
# iQJEBAABCAAuFiEEqhtIsKIjJqWkw2TPx5jcdBvsMZ0FAmnqar8QHGZhcm9zYXNA
# c3VzZS5kZQAKCRDHmNx0G+wxnQZzEACJcMspEO21PClDOwkhyqjIT0j2Xmyhe+B9
# OZkl42SnbXsKNDdORIKJ2U9oG2v+vzWccEMSqjV0jFyQJzrUfEvA0V2i5eH/zXuW
# jUTgrOO5nbwbvPUk4BXGxnplRwB2BrKgjQ62WDgLEn/ZeW9KxUOuNcUCvAtJnljY
# WFYOFn5oeV41TdGj7H5w7fzwYDsRYMUAB9lbr4MnRynSVq2aWrf+ddJpbPhC03fZ
# t6hMyhIT3SnELMw1hnIOGbkYJn5gCHme6cnyMOUrnU/ws+2lExEL4X11sSCexRbo
# N9zpJfi2U/wfiKrHPjUZ7InavaJm47WvzOQ1eC2I0v5xWY5G3wgvFJ9PAm3gtgr/
# n0QYf4xWpJ2rZDnFvKepXRqcndhNa6VYAhs4v2qVBH/9mSjhKHEqLMza6llZ/d/W
# 4ovHK3OQp0NUDWkBmjYUEu/JCusKrWLMdzosm75Z0Vs/cG4ks4s5zb47NIFjFsnT
# WWIK6dAi+27eiZ7BMflVx6La2DAFBc9b8jpO1Rxi3VyN2J7LTzXWIqshJ1Rap6wb
# kNtVjQOtsLdURX6tKLthdzY1M7mgYm+W12l94X9OTZHZUcQwoYKO0P7FJ4YdKDh/
# lPEkAg5um66drxPM268E4jLBxzRWxhPz5SPgv2qeXRO9vkm6G2mapgQtWb00Ta4P
# CitNkhqk0A==
# =3vDa
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 23 Apr 2026 14:53:51 EDT
# gpg: using RSA key AA1B48B0A22326A5A4C364CFC798DC741BEC319D
# gpg: issuer "farosas@suse.de"
# gpg: Good signature from "Fabiano Rosas <farosas@suse.de>" [unknown]
# gpg: aka "Fabiano Almeida Rosas <fabiano.rosas@suse.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: AA1B 48B0 A223 26A5 A4C3 64CF C798 DC74 1BEC 319D
* tag 'migration-20260423-pull-request' of https://gitlab.com/farosas/qemu: (43 commits)
migration/qemu-file: drop incorrect const from qemu_get_buffer_at buf
migration/file: switch file_write_ramblock_iov to pwritev_all
migration/qemu-file: switch buffer_at functions to positioned I/O _all helpers
tests/qtest/migration: fix fd leak in ufd_version_check
tests/unit: add pread/pwrite _all tests for io channel file
migration/file: fix type mismatch and NULL deref in multifd_file_recv_data
io/channel: introduce qio_channel_pwrite{v,}_all()
io/channel: introduce qio_channel_pread{v, }_all{, _eof}()
migration: validate page_size in mapped-ram header before use
tests/unit/test-vmstate: add tests for VMS_ARRAY_OF_POINTER_AUTO_ALLOC
vmstate: Stop checking size for nullptr compression
vmstate: Implement VMS_ARRAY_OF_POINTER_AUTO_ALLOC
vmstate: Implement load of ptr marker in vmstate core
vmstate: Allow vmstate_info_nullptr to emit non-NULL markers
vmstate: Introduce vmstate_save_field_with_vmdesc()
vmstate: Rename VMS_NULLPTR_MARKER to VMS_MARKER_PTR_NULL
vmstate: Update max_elems early and check field compressable once
vmstate: Do not set size for VMS_ARRAY_OF_POINTER
vmstate: Pass in struct itself for VMSTATE_VARRAY_OF_POINTER_UINT32
vmstate: Pass in struct itself for VMSTATE_ARRAY_OF_POINTER
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
contrib/plugins/uftrace_symbols.py: handle missing source line from addr2line
Some symbols have only a file information, and no line information. In
this case, addr2line reports '?'. Replace with 0 to guarantee consistent
data for consumers.
linux-user: Use abi_int for imr_ifindex in ip_mreqn struct
Peter Hartley noticed, that in the qemu code the imr_ifindex member of
struct target_ip_mreq needs to be of type "int" instead of "long", which
is what the Linux kernel uses on all architectures.
Adjust the type accordingly, and add a QEMU_BUILD_BUG_ON() checker to
prevent such issues in the future.
This change should fix multicast issues when using hosts and guests with
different endianess or bit size.
Reported-by: Peter Hartley <peter@talesfromthearmchair.net>
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/2553 Signed-off-by: Helge Deller <deller@gmx.de>
linux-user: Fix CLONE_PARENT_SETTID when using fork-like clone
The CLONE_PARENT_SETTID option requires the implementation to store the
child thread ID at the location pointed to by parent_tid in the parent's
memory.
Fix our implementation and move the code from the client side (where
fork returned 0), to the parent side and store the return value from the
fork call (which is the client TID) in the parent_tid pointer.
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3340 Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
James Hilliard [Fri, 10 Apr 2026 02:00:12 +0000 (20:00 -0600)]
linux-user/mips: sync k0 TLS for EF_MIPS_MACH_OCTEON userlands
Cavium Octeon userspace is not following a generic MIPS Linux TLS
ABI rule here. Older Octeon glibc uses the k0 register as the fast
thread pointer, while newer Octeon2 and Octeon3 glibc variants use
the normal rdhwr $29 path.
linux-user already updates CP0_UserLocal for cpu_set_tls() and
TARGET_NR_set_thread_area, but it does not keep gpr[26]
synchronized. That leaves EF_MIPS_MACH_OCTEON userlands able to
complete set_thread_area() and still reach pthread startup or
pthread_self() with a stale k0 value.
Use the existing MIPS ELF machine flags from linux-user/elfload.c and
mirror CP0_UserLocal into gpr[26] only for EF_MIPS_MACH_OCTEON.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Helge Deller <deller@gmx.de>
linux-user/arm/nwfpe: Replace user_registers with current_cpu
Use the thread-local variable current_cpu instead of
a global variable to access the general registers.
This also means we don't need to pass env to EmulateAll.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Helge Deller <deller@gmx.de>
linux-user: Don't define target_stat64 struct for loongarch64
The kernel defines 'struct stat64' only if
__BITS_PER_LONG != 64 || defined(__ARCH_WANT_STAT64).
loongarch64 doesn't set __ARCH_WANT_STAT64, and it isn't 32-bit,
so it won't get this struct.
QEMU incorrectly does define a target_stat64 struct. However this
isn't causing any guest-visible problems, because defining the
target_stat64 struct and TARGET_HAS_STRUCT_STAT64 affects these
syscalls:
TARGET_NR_stat64
TARGET_NR_lstat64
TARGET_NR_fstat64
TARGET_NR_fstatat64
TARGET_NR_newfstatat
For loongarch64 the only one of those we provide is newfstatat,
and that is actually a separate QEMU bug, because the kernel does
not provide that syscall for this architecture. No real guest
code will be using a syscall that doesn't exist in the ABI.
(Some of these syscalls are present in the loongarch64 "ABI1.0",
but that ABI was never accepted in the upstream kernel, and
QEMU does not model that ABI, only the "ABI2.0".)
Stop defining TARGET_HAS_STRUCT_STAT64 anyway, for consistency
with the kernel and to avoid confusion.
Note:
Commit message suggested by Peter Maydell <peter.maydell@linaro.org>
linux-user: fix off-by-one in host_to_target_for_each_rtattr()
host_to_target_for_each_rtattr() uses "len > sizeof(struct rtattr)"
as its loop condition. When the last rtattr in a netlink message has
exactly sizeof(struct rtattr) (4) bytes remaining, the loop exits
without byte-swapping its rta_len and rta_type. A big-endian guest
then reads rta_len in the wrong byte order and fails validation.
The companion function target_to_host_for_each_rtattr() correctly
uses ">=" (added in commit fa2229dbf8). The kernel's RTA_OK macro
also uses ">=". Fix the host_to_target direction to match.
The kernel's 64-bit signal delivery (signal_64.c) uses:
newsp = frame - __SIGNAL_FRAMESIZE
while the 32-bit path (signal_32.c) uses:
newsp = frame - (__SIGNAL_FRAMESIZE + 16)
The extra 16 bytes in the 32-bit case is to place siginfo and ucontext
at the same offsets as older kernels (see the comment in signal_32.c).
The 64-bit rt_sigframe starts with ucontext directly and does not need
this adjustment.
QEMU's setup_rt_frame() unconditionally used (SIGNAL_FRAMESIZE + 16)
for both 32-bit and 64-bit, placing the handler's SP 16 bytes too low
on ppc64. Signal delivery and return still worked because do_rt_sigreturn
had the matching wrong offset, but the vDSO DWARF unwind info encodes
the correct kernel offset. This caused any DWARF unwinder (libunwind,
libgcc, etc.) to compute a CFA that is 16 bytes off, reading garbage
register values from the signal frame.
Define RT_SIGFRAME_ADJUST (0 on ppc64, 16 on ppc32) and use it in both
setup_rt_frame and do_rt_sigreturn to match the kernel.
This was verified by A/B testing with libunwind's test suite:
ppc64le: Gtest-bt, Ltest-bt, Gtest-concurrent, Ltest-concurrent,
and Ltest-sig-context all change from FAIL to PASS.
ppc64be: Gtest-bt, Ltest-bt, and Ltest-sig-context all change
from FAIL to PASS.
Signed-off-by: Matt Turner <mattst88@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Helge Deller <deller@gmx.de> Cc: qemu-stable@nongnu.org
MAINTAINERS: Add myself as maintainer for linux-user
I'd like to step up as maintainer for linux-user. I'm actively using
linux-user to emulate a HP-PARISC (hppa) linux environment on my debian
buildd servers, so I'm very much interested that linux-user is running
good and stable.
Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Maintain the Boston board as just another MIPS board.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20260422080406.62638-4-philmd@linaro.org>
I'm not following this code anymore, no need
to be listed as reviewer.
My gratitude to Stefan for everything he taught me while
supervising this topic. I truly appreciate the time he spent
helping me in many occasions. Thank you very much Stefan!
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20260422080406.62638-8-philmd@linaro.org>
With retrospective, mentioning email in authorship wasn't
really useful, more now than these addresses are dead:
- f4bug@amsat.org
- philmd@redhat.com
Simply remove them.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20260422080406.62638-3-philmd@linaro.org>
projects / thirdparty / qemu.git / log
