Branch: refs/heads/stable-9.2
Home: https://github.com/qemu/qemu
Commit: ec877d2ab010122fdcad904e44079790e0213e47
https://github.com/qemu/qemu/commit/ec877d2ab010122fdcad904e44079790e0213e47
Author: hemanshu.khilari.foss <hemanshu.khilari.f...@gmail.com>
Date: 2025-03-28 (Fri, 28 Mar 2025)
Changed paths:
M docs/specs/riscv-iommu.rst
Log Message:
-----------
docs/specs/riscv-iommu: Fixed broken link to external risv iommu document
The links to riscv iommu specification document are incorrect. This patch
updates all the said link to point to correct location.
Cc: qemu-sta...@nongnu.org
Cc: qemu-ri...@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2808
Signed-off-by: hemanshu.khilari.foss <hemanshu.khilari.f...@gmail.com>
Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>
Message-ID: <20250323063404.13206-1-hemanshu.khilari.f...@gmail.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
(cherry picked from commit e768f0246ce2625880800a2bdce78438b5e9282c)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: d87ee29327e20dfebbcab63c67db7789ece42a65
https://github.com/qemu/qemu/commit/d87ee29327e20dfebbcab63c67db7789ece42a65
Author: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
Date: 2025-04-02 (Wed, 02 Apr 2025)
Changed paths:
M hw/rtc/goldfish_rtc.c
Log Message:
-----------
hw/rtc/goldfish: keep time offset when resetting
Currently resetting the leads to resynchronizing the Goldfish RTC
with the system clock of the host. In real hardware an RTC reset
would not change the wall time. Other RTCs like pl031 do not show
this behavior.
Move the synchronization of the RTC with the system clock to the
instance realization.
Cc: qemu-sta...@nongnu.org
Reported-by: Frederik Du Toit Lotter <fred.lot...@canonical.com>
Fixes: 9a5b40b8427 ("hw: rtc: Add Goldfish RTC device")
Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20250321221248.17764-1-heinrich.schucha...@canonical.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 2542d5cf471a38c4ceb9717708178938b96ded47)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 358f7c68920e1aa6fbd4f1f68d9265b33d0bda55
https://github.com/qemu/qemu/commit/358f7c68920e1aa6fbd4f1f68d9265b33d0bda55
Author: Philippe Mathieu-Daudé <phi...@linaro.org>
Date: 2025-04-05 (Sat, 05 Apr 2025)
Changed paths:
M hw/pci-host/designware.c
Log Message:
-----------
hw/pci-host/designware: Fix ATU_UPPER_TARGET register access
Fix copy/paste error writing to the ATU_UPPER_TARGET
register, we want to update the upper 32 bits.
Cc: qemu-sta...@nongnu.org
Reported-by: Joey <jeund...@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2861
Fixes: d64e5eabc4c ("pci: Add support for Designware IP block")
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: Gustavo Romero <gustavo.rom...@linaro.org>
Message-Id: <20250331152041.74533-2-phi...@linaro.org>
(cherry picked from commit 04e99f9eb7920b0f0fcce65686c3bedf5e32a1f9)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: fa7638d8c117bf6c4fa68509c58e5765db2798d7
https://github.com/qemu/qemu/commit/fa7638d8c117bf6c4fa68509c58e5765db2798d7
Author: Richard Henderson <richard.hender...@linaro.org>
Date: 2025-04-05 (Sat, 05 Apr 2025)
Changed paths:
M target/avr/disas.c
Log Message:
-----------
target/avr: Fix buffer read in avr_print_insn
Do not unconditionally attempt to read 4 bytes, as there
may only be 2 bytes remaining in the translator cache.
Cc: qemu-sta...@nongnu.org
Reviewed-by: Pierrick Bouvier <pierrick.bouv...@linaro.org>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-Id: <20250325224403.4011975-2-richard.hender...@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 070a500cc0da70c1b4c62a6c95e41f0a1b19dc0b)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 8a669b8aae632405b36f7477387ab506910dfb48
https://github.com/qemu/qemu/commit/8a669b8aae632405b36f7477387ab506910dfb48
Author: Richard Henderson <richard.hender...@linaro.org>
Date: 2025-04-05 (Sat, 05 Apr 2025)
Changed paths:
M hw/mips/fuloong2e.c
M hw/mips/loongson3_virt.c
M target/mips/cpu-param.h
M target/mips/tcg/sysemu/cp0_helper.c
M target/mips/tcg/sysemu/tlb_helper.c
Log Message:
-----------
target/mips: Revert TARGET_PAGE_BITS_VARY
Revert ee3863b9d41 and a08d60bc6c2b. The logic behind changing
the system page size because of what the Loongson kernel "prefers"
is flawed.
In the Loongson-2E manual, section 5.5, it is clear that the cpu
supports a 4k page size (along with many others). Similarly for
the Loongson-3 series CPUs, the 4k page size is mentioned in the
section 7.7 (PageMask Register). Therefore we must continue to
support a 4k page size.
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20250328175526.368121-2-richard.hender...@linaro.org>
[PMD: Mention Loongson-3 series CPUs]
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit fca2817fdcb00e65020c2dcfcb0b23b2a20ea3c4)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 4580c38134b775b5dfe0150b19bdddb398ff14c5
https://github.com/qemu/qemu/commit/4580c38134b775b5dfe0150b19bdddb398ff14c5
Author: Richard Henderson <richard.hender...@linaro.org>
Date: 2025-04-05 (Sat, 05 Apr 2025)
Changed paths:
M target/mips/tcg/sysemu/cp0_helper.c
Log Message:
-----------
target/mips: Require even maskbits in update_pagemask
The number of bits set in PageMask must be even.
Fixes: d40b55bc1b86 ("target/mips: Fix PageMask with variable page size")
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20250328175526.368121-3-richard.hender...@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit d89b9899babcc01d7ee75f2917da861dc2afbc27)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 08c3572736b0cdcb42312636397b85aef82433fe
https://github.com/qemu/qemu/commit/08c3572736b0cdcb42312636397b85aef82433fe
Author: Richard Henderson <richard.hender...@linaro.org>
Date: 2025-04-05 (Sat, 05 Apr 2025)
Changed paths:
M target/mips/tcg/sysemu/cp0_helper.c
M target/mips/tcg/sysemu/tlb_helper.c
M target/mips/tcg/tcg-internal.h
Log Message:
-----------
target/mips: Simplify and fix update_pagemask
When update_pagemask was split from helper_mtc0_pagemask,
we failed to actually write to the new parameter but continue
to write to env->CP0_PageMask. Thus the use within
page_table_walk_refill modifies cpu state and not the local
variable as expected.
Simplify by renaming to compute_pagemask and returning the
value directly. No need for either env or pointer return.
Fixes: 074cfcb4dae ("target/mips: Implement hardware page table walker for
MIPS32")
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20250328175526.368121-4-richard.hender...@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit 256ba7715b109c080c0c77a3923df9e69736ba17)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 6e827147d6e12d36ee27dff379a17e6a14ef4d34
https://github.com/qemu/qemu/commit/6e827147d6e12d36ee27dff379a17e6a14ef4d34
Author: Marco Cavenati <marco.caven...@eurecom.fr>
Date: 2025-04-05 (Sat, 05 Apr 2025)
Changed paths:
M migration/channel-block.c
Log Message:
-----------
migration: fix SEEK_CUR offset calculation in qio_channel_block_seek
The SEEK_CUR case in qio_channel_block_seek was incorrectly using the
'whence' parameter instead of the 'offset' parameter when calculating the
new position.
Fixes: 65cf200a51 ("migration: introduce a QIOChannel impl for BlockDriverState
VMState")
Signed-off-by: Marco Cavenati <marco.caven...@eurecom.fr>
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Reviewed-by: Michael Tokarev <m...@tls.msk.ru>
Message-ID: <20250326162230.3323199-1-marco.caven...@eurecom.fr>
Signed-off-by: Fabiano Rosas <faro...@suse.de>
(cherry picked from commit c0b32426ce56182c1ce2a12904f3a702c2ecc460)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: ff765e490eef83480d07673e115060228b01d55e
https://github.com/qemu/qemu/commit/ff765e490eef83480d07673e115060228b01d55e
Author: Akihiko Odaki <akihiko.od...@daynix.com>
Date: 2025-04-05 (Sat, 05 Apr 2025)
Changed paths:
M hw/net/virtio-net.c
Log Message:
-----------
virtio-net: Fix num_buffers for version 1
The specification says the device MUST set num_buffers to 1 if
VIRTIO_NET_F_MRG_RXBUF has not been negotiated.
Fixes: df91055db5c9 ("virtio-net: enable virtio 1.0")
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Message-Id: <20250108-buffers-v1-1-a0c85ff31...@daynix.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
Tested-by: Lei Yang <leiy...@redhat.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
(cherry picked from commit c17ad4b11bd268a35506cd976884562df6ca69d7)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 83d36ab099efed63e860c11a97099e3d49114041
https://github.com/qemu/qemu/commit/83d36ab099efed63e860c11a97099e3d49114041
Author: Suravee Suthikulpanit <suravee.suthikulpa...@amd.com>
Date: 2025-04-05 (Sat, 05 Apr 2025)
Changed paths:
M hw/i386/amd_iommu.c
Log Message:
-----------
hw/i386/amd_iommu: Assign pci-id 0x1419 for the AMD IOMMU device
Currently, the QEMU-emulated AMD IOMMU device use PCI vendor id 0x1022
(AMD) with device id zero (undefined). Eventhough this does not cause any
functional issue for AMD IOMMU driver since it normally uses information
in the ACPI IVRS table to probe and initialize the device per
recommendation in the AMD IOMMU specification, the device id zero causes
the Windows Device Manager utility to show the device as an unknown device.
Since Windows only recognizes AMD IOMMU device with device id 0x1419 as
listed in the machine.inf file, modify the QEMU AMD IOMMU model to use
the id 0x1419 to avoid the issue. This advertise the IOMMU as the AMD
IOMMU device for Family 15h (Models 10h-1fh).
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpa...@amd.com>
Message-Id: <20250325021140.5676-1-suravee.suthikulpa...@amd.com>
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Reviewed-by: Yan Vugenfirer <yvuge...@redhat.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
(cherry picked from commit 719255486df2fcbe1b8599786b37f4bb80272f1a)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 5313973fd495d788bd2b42f0b6a4af0213f3b245
https://github.com/qemu/qemu/commit/5313973fd495d788bd2b42f0b6a4af0213f3b245
Author: Philippe Mathieu-Daudé <phi...@linaro.org>
Date: 2025-04-05 (Sat, 05 Apr 2025)
Changed paths:
M tcg/tcg.c
Log Message:
-----------
tcg: Allocate TEMP_VAL_MEM frame in temp_load()
Be sure to allocate the temp frame if it wasn't.
In the resolved issues, incomplete dead code elimination left a load
at the top of an unreachable loop. We simply need to allocate the
stack slot to avoid crashing.
Fixes: c896fe29d6c ("TCG code generator")
Reported-by: Michael Tokarev <m...@tls.msk.ru>
Reported-by: Helge Konetzka <h...@zapateado.de>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2891
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2899
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Message-ID: <20250401144332.41615-1-phi...@linaro.org>
(cherry picked from commit e139bc4b1772575e1f2dcf8e3dbe1df2b684ef1f)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 849a6aea3364375da58f5a369a00c1db1ec1b12c
https://github.com/qemu/qemu/commit/849a6aea3364375da58f5a369a00c1db1ec1b12c
Author: Nicholas Piggin <npig...@gmail.com>
Date: 2025-04-09 (Wed, 09 Apr 2025)
Changed paths:
M target/ppc/misc_helper.c
Log Message:
-----------
target/ppc: Big-core scratch register fix
The per-core SCRATCH0-7 registers are shared between big cores, which
was missed in the big-core implementation. It is difficult to model
well with the big-core == 2xPnvCore scheme we moved to, this fix
uses the even PnvCore to store the scrach data.
Also remove a stray log message that came in with the same patch that
introduced patch.
Fixes: c26504afd5f5c ("ppc/pnv: Add a big-core mode that joins two regular
cores")
Cc: qemu-sta...@nongnu.org
Signed-off-by: Nicholas Piggin <npig...@gmail.com>
(cherry picked from commit 9808ce6d5cb75a4f9db76a3d9b508560efdf5ac2)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 697209ff41be6243e36a47a4839e4a7014af6c14
https://github.com/qemu/qemu/commit/697209ff41be6243e36a47a4839e4a7014af6c14
Author: Nicholas Piggin <npig...@gmail.com>
Date: 2025-04-09 (Wed, 09 Apr 2025)
Changed paths:
M target/ppc/cpu_init.c
Log Message:
-----------
target/ppc: Fix SPRC/SPRD SPRs for P9/10
Commit 60d30cff847 ("target/ppc: Move SPR indirect registers into
PnvCore") was mismerged and moved the SPRs to power8-only, instead
of power9/10-only.
Fixes: 60d30cff847 ("target/ppc: Move SPR indirect registers into PnvCore")
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Cc: qemu-sta...@nongnu.org
Signed-off-by: Nicholas Piggin <npig...@gmail.com>
(cherry picked from commit b3d47c8303b8be2c3693c5704012b3334741b7ed)
(Mjt: adjust context for v9.2.0-2634-gffb6440cc5 "ppc/pnv: Add new PowerPC
Special Purpose Registers (RWMR)")
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 6a3304c84a8363dba3eccd486ab83705dd87e195
https://github.com/qemu/qemu/commit/6a3304c84a8363dba3eccd486ab83705dd87e195
Author: Kevin Wolf <kw...@redhat.com>
Date: 2025-04-09 (Wed, 09 Apr 2025)
Changed paths:
M hw/scsi/scsi-disk.c
Log Message:
-----------
scsi-disk: Apply error policy for host_status errors again
Originally, all failed SG_IO requests called scsi_handle_rw_error() to
apply the configured error policy. However, commit f3126d65, which was
supposed to be a mere refactoring for scsi-disk.c, broke this and
accidentally completed the SCSI request without considering the error
policy any more if the error was signalled in the host_status field.
Apart from the commit message not describing the change as intended,
errors indicated in host_status are also obviously backend errors and
not something the guest must deal with independently of the error
policy.
This behaviour means that some recoverable errors (such as a path error
in multipath configurations) were reported to the guest anyway, which
might not expect it and might consider its disk broken.
Make sure that we apply the error policy again for host_status errors,
too. This addresses an existing FIXME comment and allows us to remove
some comments warning that callbacks weren't always called. With this
fix, they are called in all cases again.
The return value passed to the request callback doesn't have more free
values that could be used to indicate host_status errors as well as SAM
status codes and negative errno. Store the value in the host_status
field of the SCSIRequest instead and use -ENODEV as the return value (if
a path hasn't been reachable for a while, blk_aio_ioctl() will return
-ENODEV instead of just setting host_status, so just reuse it here -
it's not necessarily entirely accurate, but it's as good as any errno).
Cc: qemu-sta...@nongnu.org
Fixes: f3126d65b393 ('scsi: move host_status handling into SCSI drivers')
Signed-off-by: Kevin Wolf <kw...@redhat.com>
Message-ID: <20250407155949.44736-1-kw...@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefa...@redhat.com>
Reviewed-by: Hanna Czenczek <hre...@redhat.com>
Signed-off-by: Kevin Wolf <kw...@redhat.com>
(cherry picked from commit 61b6d9b749ba233784c7214cfe9585ea321159dc)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: d1960fafecbe1066d3d32c016db364c19a5ddb93
https://github.com/qemu/qemu/commit/d1960fafecbe1066d3d32c016db364c19a5ddb93
Author: Daan De Meyer <daan.j.deme...@gmail.com>
Date: 2025-04-10 (Thu, 10 Apr 2025)
Changed paths:
M hw/smbios/smbios.c
Log Message:
-----------
smbios: Fix buffer overrun when using path= option
We have to make sure the array of bytes read from the path= file
is null-terminated, otherwise we run into a buffer overrun later on.
Fixes: bb99f4772f54017490e3356ecbb3df25c5d4537f ("hw/smbios: support loading
OEM strings values from a file")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2879
Signed-off-by: Daan De Meyer <daan.j.deme...@gmail.com>
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Tested-by: Valentin David <valentin.da...@canonical.com>
Message-ID: <20250323213622.2581013-1-daan.j.deme...@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit a7a05f5f6a4085afbede315e749b1c67e78c966b)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 138d48eca8c98237cadeb90318c83408bed53185
https://github.com/qemu/qemu/commit/138d48eca8c98237cadeb90318c83408bed53185
Author: Pierrick Bouvier <pierrick.bouv...@linaro.org>
Date: 2025-04-15 (Tue, 15 Apr 2025)
Changed paths:
M plugins/loader.c
Log Message:
-----------
plugins/loader: fix deadlock when resetting/uninstalling a plugin
Reported and fixed by Dmitry Kurakin.
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/2901
Signed-off-by: Pierrick Bouvier <pierrick.bouv...@linaro.org>
Message-Id: <20250404032027.430575-2-pierrick.bouv...@linaro.org>
Signed-off-by: Alex Bennée <alex.ben...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit c07cd110a1824e2d046581af7375f16dac26e96f)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 7f637d2922e702673c672573a931941a5098388f
https://github.com/qemu/qemu/commit/7f637d2922e702673c672573a931941a5098388f
Author: Arthur Sengileyev <arthur.sengile...@gmail.com>
Date: 2025-04-15 (Tue, 15 Apr 2025)
Changed paths:
M scripts/nsis.py
Log Message:
-----------
Fix objdump output parser in "nsis.py"
In msys2 distribution objdump from gcc is using single tab character
prefix, but objdump from clang is using 4 white space characters instead.
The script will not identify any dll dependencies for a QEMU build
generated with clang. This in turn will fail the build, because there
will be no files inside dlldir and no setup file will be created.
Instead of checking for whitespace in prefix use lstrip to accommodate
for differences in outputs.
Signed-off-by: Arthur Sengileyev <arthur.sengile...@gmail.com>
Reviewed-by: Stefan Weil <s...@weilnetz.de>
Reviewed-by: Michael Tokarev <m...@tls.msk.ru>
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
(cherry picked from commit b0b5af62ef9eaf25246cdd433a4eb69361298ee4)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: af01cf195ba106fe039ab320ce9e8074b4ddd841
https://github.com/qemu/qemu/commit/af01cf195ba106fe039ab320ce9e8074b4ddd841
Author: Antoine Damhet <adam...@scaleway.com>
Date: 2025-04-16 (Wed, 16 Apr 2025)
Changed paths:
M hw/net/virtio-net.c
Log Message:
-----------
Revert "virtio-net: Copy received header to buffer"
This reverts commit 7987d2be5a8bc3a502f89ba8cf3ac3e09f64d1ce.
The goal was to remove the need to patch the (const) input buffer
with a recomputed UDP checksum by copying headers to a RW region and
inject the checksum there. The patch computed the checksum only from the
header fields (missing the rest of the payload) producing an invalid one
and making guests fail to acquire a DHCP lease.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2727
Cc: qemu-sta...@nongnu.org
Signed-off-by: Antoine Damhet <adam...@scaleway.com>
Acked-by: Michael S. Tsirkin <m...@redhat.com>
Message-ID: <20250408145345.142947-1-adam...@scaleway.com>
Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
(cherry picked from commit e28fbd1c525db21f0502b85517f49504c9f9dcd8)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 1cc062970e49e8387ae14b120bc94b1009b634c1
https://github.com/qemu/qemu/commit/1cc062970e49e8387ae14b120bc94b1009b634c1
Author: Paolo Bonzini <pbonz...@redhat.com>
Date: 2025-04-24 (Thu, 24 Apr 2025)
Changed paths:
M target/i386/hvf/x86_flags.c
Log Message:
-----------
target/i386/hvf: fix lflags_to_rflags
Clear the flags before adding in the ones computed from lflags.
Cc: Wei Liu <li...@linux.microsoft.com>
Cc: qemu-sta...@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit 94a159f3dc737d00749cc930adaec112abe07b3c)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 9f8bb7edacd4f5833740fe6d81509d5396f8b7cc
https://github.com/qemu/qemu/commit/9f8bb7edacd4f5833740fe6d81509d5396f8b7cc
Author: Richard Henderson <richard.hender...@linaro.org>
Date: 2025-04-24 (Thu, 24 Apr 2025)
Changed paths:
M target/avr/insn.decode
M target/avr/translate.c
Log Message:
-----------
target/avr: Improve decode of LDS, STS
The comment about not being able to define a field with
zero bits is out of date since 94597b6146f3
("decodetree: Allow !function with no input bits").
This fixes the missing load of imm in the disassembler.
Cc: qemu-sta...@nongnu.org
Fixes: 9d8caa67a24 ("target/avr: Add support for disassembling via option '-d
in_asm'")
Reviewed-by: Pierrick Bouvier <pierrick.bouv...@linaro.org>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
(cherry picked from commit 6b661b7ed7cd02c54a78426d5eb7dd8543b030ed)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: e6e49667ae966037e3c4c682ec6275dc3128d459
https://github.com/qemu/qemu/commit/e6e49667ae966037e3c4c682ec6275dc3128d459
Author: Philippe Mathieu-Daudé <phi...@linaro.org>
Date: 2025-04-29 (Tue, 29 Apr 2025)
Changed paths:
M hw/core/machine-qmp-cmds.c
M target/ppc/cpu_init.c
Log Message:
-----------
hw/core: Get default_cpu_type calling machine_class_default_cpu_type()
Since commit 62b4a227a33 the default cpu type can come from the
valid_cpu_types[] array. Call the machine_class_default_cpu_type()
instead of accessing MachineClass::default_cpu_type field.
Cc: qemu-sta...@nongnu.org
Fixes: 62b4a227a33 ("hw/core: Add machine_class_default_cpu_type()")
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouv...@linaro.org>
Reviewed-by: Zhao Liu <zhao1....@intel.com>
Message-Id: <20250422084114.39499-1-phi...@linaro.org>
(cherry picked from commit d5f241834be1b323ea697a469ff0f1335a1823fe)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: c7e01899822a8780136656004ddba4e756dc59d6
https://github.com/qemu/qemu/commit/c7e01899822a8780136656004ddba4e756dc59d6
Author: Peter Maydell <peter.mayd...@linaro.org>
Date: 2025-04-29 (Tue, 29 Apr 2025)
Changed paths:
M include/hw/core/cpu.h
Log Message:
-----------
hw/core/cpu: gdb_arch_name string should not be freed
The documentation for the CPUClass::gdb_arch_name method claims that
the returned string should be freed with g_free(). This is not
correct: in commit a650683871ba728 we changed this method to
instead return a simple constant string, but forgot to update
the documentation.
Make the documentation match the new semantics.
Fixes: a650683871ba728 ("hw/core/cpu: Return static value with gdb_arch_name()")
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Reviewed-by: Alex Bennée <alex.ben...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20250317142819.900029-2-peter.mayd...@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 56a9f0d4c4a483ce217e5290db69cb1788586787)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 639cee5ed76c21201fc0e7321e11dbb7974f093d
https://github.com/qemu/qemu/commit/639cee5ed76c21201fc0e7321e11dbb7974f093d
Author: Hauke Mehrtens <ha...@hauke-m.de>
Date: 2025-04-29 (Tue, 29 Apr 2025)
Changed paths:
M target/mips/tcg/mips16e_translate.c.inc
Log Message:
-----------
target/mips: Fix MIPS16e translation
Fix a wrong conversion to gen_op_addr_addi(). The framesize should be
added like it was done before.
This bug broke booting OpenWrt MIPS32 BE malta Linux system images
generated by OpenWrt.
Cc: qemu-sta...@nongnu.org
Fixes: d0b24b7f50e1 ("target/mips: Use gen_op_addr_addi() when possible")
Signed-off-by: Hauke Mehrtens <ha...@hauke-m.de>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20250412194003.181411-1-ha...@hauke-m.de>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit d4a785ba30ce6d8acf0206f049fb4a7494e0898a)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: dc13fed5f0d4c0d07bf3af865e6f67a52d2783e3
https://github.com/qemu/qemu/commit/dc13fed5f0d4c0d07bf3af865e6f67a52d2783e3
Author: Akihiko Odaki <akihiko.od...@daynix.com>
Date: 2025-04-29 (Tue, 29 Apr 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson: Use has_header_symbol() to check getcpu()
The use of gnu_source_prefix in the detection of getcpu() was
ineffective because the header file that declares getcpu() when
_GNU_SOURCE is defined was not included. Pass sched.h to
has_header_symbol() so that the existence of the declaration will be
properly checked.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Tested-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20250424-buildsys-v1-1-97655e3b2...@daynix.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 563cd698dffb977eea0ccfef3b95f6f9786766f3)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 8696da0495624cfc3ce8d5cb105c24d8bf796cd0
https://github.com/qemu/qemu/commit/8696da0495624cfc3ce8d5cb105c24d8bf796cd0
Author: Akihiko Odaki <akihiko.od...@daynix.com>
Date: 2025-04-29 (Tue, 29 Apr 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson: Remove CONFIG_STATX and CONFIG_STATX_MNT_ID
CONFIG_STATX and CONFIG_STATX_MNT_ID are not used since commit
e0dc2631ec4 ("virtiofsd: Remove source").
Cc: qemu-sta...@nongnu.org
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Tested-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20250424-buildsys-v1-2-97655e3b2...@daynix.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 6804b89fb531f5dd49c1e038214c89272383e220)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 83c926daf87b02e95f4d69327883db6d2c5379ed
https://github.com/qemu/qemu/commit/83c926daf87b02e95f4d69327883db6d2c5379ed
Author: Richard Henderson <richard.hender...@linaro.org>
Date: 2025-05-07 (Wed, 07 May 2025)
Changed paths:
M accel/tcg/translate-all.c
Log Message:
-----------
accel/tcg: Don't use TARGET_LONG_BITS in decode_sleb128
When we changed decode_sleb128 from target_long to
int64_t, we failed to adjust the shift limit.
Cc: qemu-sta...@nongnu.org
Fixes: c9ad8d27caa ("tcg: Widen gen_insn_data to uint64_t")
Reviewed-by: Pierrick Bouvier <pierrick.bouv...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
(cherry picked from commit 9401f91b9b0c46886388735b3f2033a9c254895a)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 7407d2319d405b4d67b2c107a31f9a59c8196c70
https://github.com/qemu/qemu/commit/7407d2319d405b4d67b2c107a31f9a59c8196c70
Author: Peter Maydell <peter.mayd...@linaro.org>
Date: 2025-05-08 (Thu, 08 May 2025)
Changed paths:
M target/arm/tcg/translate.c
Log Message:
-----------
target/arm: Don't assert() for ISB/SB inside IT block
If the guest code has an ISB or SB insn inside an IT block, we
generate incorrect code which trips a TCG assertion:
qemu-system-arm: ../tcg/tcg-op.c:3343: void tcg_gen_goto_tb(unsigned int):
Assertion `(tcg_ctx->goto_tb_issue_mask & (1 << idx)) == 0' failed.
This is because we call gen_goto_tb(dc, 1, ...) twice:
brcond_i32 ZF,$0x0,ne,$L1
add_i32 pc,pc,$0x4
goto_tb $0x1
exit_tb $0x73d948001b81
set_label $L1
add_i32 pc,pc,$0x4
goto_tb $0x1
exit_tb $0x73d948001b81
Both calls are in arm_tr_tb_stop(), one for the
DISAS_NEXT/DISAS_TOO_MANY handling, and one for the dc->condjump
condition-failed codepath. The DISAS_NEXT handling doesn't have this
problem because arm_post_translate_insn() does the handling of "emit
the label for the condition-failed conditional execution" and so
arm_tr_tb_stop() doesn't have dc->condjump set. But for
DISAS_TOO_MANY we don't do that.
Fix the bug by making arm_post_translate_insn() handle the
DISAS_TOO_MANY case. This only affects the SB and ISB insns when
used in Thumb mode inside an IT block: only these insns specifically
set is_jmp to TOO_MANY, and their A32 encodings are unconditional.
For the major TOO_MANY case (breaking the TB because it would cross a
page boundary) we do that check and set is_jmp to TOO_MANY only after
the call to arm_post_translate_insn(); so arm_post_translate_insn()
sees is_jmp == DISAS_NEXT, and we emit the correct code for that
situation.
With this fix we generate the somewhat more sensible set of TCG ops:
brcond_i32 ZF,$0x0,ne,$L1
set_label $L1
add_i32 pc,pc,$0x4
goto_tb $0x1
exit_tb $0x7c5434001b81
(NB: the TCG optimizer doesn't optimize out the jump-to-next, but
we can't really avoid emitting it because we don't know at the
point we're emitting the handling for the condexec check whether
this insn is going to happen to be a nop for us or not.)
Cc: qemu-sta...@nongnu.org
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/2942
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-id: 20250501125544.727038-1-peter.mayd...@linaro.org
(cherry picked from commit 8ed7c0b6488a7f20318d6ba414f1cbcd0ed92afe)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 9e13cd7232c1e528962acf8c17c664da5e80d548
https://github.com/qemu/qemu/commit/9e13cd7232c1e528962acf8c17c664da5e80d548
Author: Bernhard Beschow <shen...@gmail.com>
Date: 2025-05-08 (Thu, 08 May 2025)
Changed paths:
M hw/gpio/imx_gpio.c
Log Message:
-----------
hw/gpio/imx_gpio: Fix interpretation of GDIR polarity
According to the i.MX 8M Plus reference manual, a GPIO pin is
configured as an output when the corresponding bit in the GDIR
register is set. The function imx_gpio_set_int_line() is intended to
be a no-op if the pin is configured as an output, returning early in
such cases. However, it inverts the condition. Fix this by
returning early when the bit is set.
cc: qemu-sta...@nongnu.org
Fixes: f44272809779 ("i.MX: Add GPIO device")
Signed-off-by: Bernhard Beschow <shen...@gmail.com>
Message-id: 20250501183445.2389-4-shen...@gmail.com
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit eba837a31b9579e30cc6d7ecb4b5c2662a6ffaba)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 4ba45dffdebc2018ab85e4385cb5155e97ebb742
https://github.com/qemu/qemu/commit/4ba45dffdebc2018ab85e4385cb5155e97ebb742
Author: Paolo Bonzini <pbonz...@redhat.com>
Date: 2025-05-08 (Thu, 08 May 2025)
Changed paths:
M target/i386/tcg/emit.c.inc
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: do not trigger IRQ shadow for LSS
Because LSS need not trigger an IRQ shadow, gen_movl_seg can't just use
the destination register to decide whether to inhibit IRQs. Add an
argument.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit e54ef98c8a80d16158bab4341d9a898701270528)
(back-ported to 10.0)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 5dd4660f5f4d12166018e1d6dc122149264a8832
https://github.com/qemu/qemu/commit/5dd4660f5f4d12166018e1d6dc122149264a8832
Author: Paolo Bonzini <pbonz...@redhat.com>
Date: 2025-05-08 (Thu, 08 May 2025)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: do not block singlestep for STI
STI will trigger a singlestep exception even if it has inhibit-IRQ
behavior. Do not suppress single-step for all IRQ-inhibiting
instructions, instead special case MOV SS and POP SS.
Cc: qemu-sta...@nongnu.org
Fixes: f0f0136abba ("target/i386: no single-step exception after MOV or POP
SS", 2024-05-25)
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit 1e94ddc6854431064c94a7d8f2f2886def285829)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: dc5208769a0f29ea47d38e614f2f6612f3f15f50
https://github.com/qemu/qemu/commit/dc5208769a0f29ea47d38e614f2f6612f3f15f50
Author: Daniel P. Berrangé <berra...@redhat.com>
Date: 2025-05-08 (Thu, 08 May 2025)
Changed paths:
M .gitlab-ci.d/check-dco.py
M .gitlab-ci.d/check-patch.py
Log Message:
-----------
gitlab: use --refetch in check-patch/check-dco jobs
When gitlab initializes the repo checkout for a CI job, it will have
done a shallow clone with only partial history. Periodically the objects
that are omitted cause trouble with the check-patch/check-dco jobs. This
is exhibited as reporting strange errors being unable to fetch certain
objects that are known to exist.
Passing the --refetch flag to 'git fetch' causes it to not assume the
local checkout has all common objects and thus re-fetch everything that
is needed. This appears to solve the check-patch/check-dco job failures.
Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
Acked-by: Michael S. Tsirkin <m...@redhat.com>
Message-ID: <20250225110525.2209854-1-berra...@redhat.com>
Signed-off-by: Thomas Huth <th...@redhat.com>
(cherry picked from commit d5d028eee38d4107821c0d2cfdb0dd04b9ba5ca3)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 93e5ecd78031555426a8c74aad87ac1a308ccbb8
https://github.com/qemu/qemu/commit/93e5ecd78031555426a8c74aad87ac1a308ccbb8
Author: Bernhard Beschow <shen...@gmail.com>
Date: 2025-05-11 (Sun, 11 May 2025)
Changed paths:
M hw/i2c/imx_i2c.c
Log Message:
-----------
hw/i2c/imx: Always set interrupt status bit if interrupt condition occurs
According to the i.MX 8M Plus reference manual, the status flag
I2C_I2SR[IIF] continues to be set when an interrupt condition
occurs even when I2C interrupts are disabled (I2C_I2CR[IIEN] is
clear). However, the device model only sets the flag when I2C
interrupts are enabled which causes U-Boot to loop forever. Fix
the device model by always setting the flag and let I2C_I2CR[IIEN]
guard I2C interrupts only.
Also remove the comment in the code since it merely stated the
obvious and would be outdated now.
Cc: qemu-sta...@nongnu.org
Fixes: 20d0f9cf6a41 ("i.MX: Add I2C controller emulator")
Signed-off-by: Bernhard Beschow <shen...@gmail.com>
Acked-by: Corey Minyard <cminy...@mvista.com>
Message-ID: <20250507124040.425773-1-shen...@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 54e54e594bc8273d210f7ff4448c165a989cbbe8)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 649ef0c6f15a49e5af065935ebfde15262682929
https://github.com/qemu/qemu/commit/649ef0c6f15a49e5af065935ebfde15262682929
Author: Christian Schoenebeck <qemu_...@crudebyte.com>
Date: 2025-05-12 (Mon, 12 May 2025)
Changed paths:
M hw/9pfs/9p.c
M hw/9pfs/9p.h
Log Message:
-----------
9pfs: fix concurrent v9fs_reclaim_fd() calls
Even though this function is serialized to be always called from main
thread, v9fs_reclaim_fd() is dispatching the coroutine to a worker thread
in between via its v9fs_co_*() calls, hence leading to the situation where
v9fs_reclaim_fd() is effectively executed multiple times simultaniously,
which renders its LRU algorithm useless and causes high latency.
Fix this by adding a simple boolean variable to ensure this function is
only called once at a time. No synchronization needed for this boolean
variable as this function is only entered and returned on main thread.
Fixes: 7a46274529c ('hw/9pfs: Add file descriptor reclaim support')
Signed-off-by: Christian Schoenebeck <qemu_...@crudebyte.com>
Reviewed-by: Greg Kurz <gr...@kaod.org>
Message-Id:
<5c622067efd66dd4ee5eca740dcf263f41db20b2.1741339452.git.qemu_...@crudebyte.com>
(cherry picked from commit 61da38db70affd925226ce1e8a61d761c20d045b)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 3d2e7e1428abea7ed0956c99e4944e596755a207
https://github.com/qemu/qemu/commit/3d2e7e1428abea7ed0956c99e4944e596755a207
Author: Christian Schoenebeck <qemu_...@crudebyte.com>
Date: 2025-05-12 (Mon, 12 May 2025)
Changed paths:
M hw/9pfs/9p.c
Log Message:
-----------
9pfs: fix FD leak and reduce latency of v9fs_reclaim_fd()
This patch fixes two different bugs in v9fs_reclaim_fd():
1. Reduce latency:
This function calls v9fs_co_close() and v9fs_co_closedir() in a loop. Each
one of the calls adds two thread hops (between main thread and a fs driver
background thread). Each thread hop adds latency, which sums up in
function's loop to a significant duration.
Reduce overall latency by open coding what v9fs_co_close() and
v9fs_co_closedir() do, executing those and the loop itself altogether in
only one background thread block, hence reducing the total amount of
thread hops to only two.
2. Fix file descriptor leak:
The existing code called v9fs_co_close() and v9fs_co_closedir() to close
file descriptors. Both functions check right at the beginning if the 9p
request was cancelled:
if (v9fs_request_cancelled(pdu)) {
return -EINTR;
}
So if client sent a 'Tflush' message, v9fs_co_close() / v9fs_co_closedir()
returned without having closed the file descriptor and v9fs_reclaim_fd()
subsequently freed the FID without its file descriptor being closed, hence
leaking those file descriptors.
This 2nd bug is fixed by this patch as well by open coding v9fs_co_close()
and v9fs_co_closedir() inside of v9fs_reclaim_fd() and not performing the
v9fs_request_cancelled(pdu) check there.
Fixes: 7a46274529c ('hw/9pfs: Add file descriptor reclaim support')
Fixes: bccacf6c792 ('hw/9pfs: Implement TFLUSH operation')
Signed-off-by: Christian Schoenebeck <qemu_...@crudebyte.com>
Reviewed-by: Greg Kurz <gr...@kaod.org>
Message-Id:
<5747469d3f039c53147e850b456943a1d4b5485c.1741339452.git.qemu_...@crudebyte.com>
(cherry picked from commit 89f7b4da7662ecc6840ffb0846045f03f9714bc6)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 0883bdd92e6ec2ee99e6dd6da95b45e9696744fd
https://github.com/qemu/qemu/commit/0883bdd92e6ec2ee99e6dd6da95b45e9696744fd
Author: Fabiano Rosas <faro...@suse.de>
Date: 2025-05-16 (Fri, 16 May 2025)
Changed paths:
M hw/s390x/s390-virtio-ccw.c
Log Message:
-----------
s390x: Fix leak in machine_set_loadparm
ASAN spotted a leaking string in machine_set_loadparm():
Direct leak of 9 byte(s) in 1 object(s) allocated from:
#0 0x560ffb5bb379 in malloc
../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
#1 0x7f1aca926518 in g_malloc ../glib/gmem.c:106
#2 0x7f1aca94113e in g_strdup ../glib/gstrfuncs.c:364
#3 0x560ffc8afbf9 in qobject_input_type_str
../qapi/qobject-input-visitor.c:542:12
#4 0x560ffc8a80ff in visit_type_str ../qapi/qapi-visit-core.c:349:10
#5 0x560ffbe6053a in machine_set_loadparm
../hw/s390x/s390-virtio-ccw.c:802:10
#6 0x560ffc0c5e52 in object_property_set ../qom/object.c:1450:5
#7 0x560ffc0d4175 in object_property_set_qobject ../qom/qom-qobject.c:28:10
#8 0x560ffc0c6004 in object_property_set_str ../qom/object.c:1458:15
#9 0x560ffbe2ae60 in update_machine_ipl_properties ../hw/s390x/ipl.c:569:9
#10 0x560ffbe2aa65 in s390_ipl_update_diag308 ../hw/s390x/ipl.c:594:5
#11 0x560ffbdee132 in handle_diag_308 ../target/s390x/diag.c:147:9
#12 0x560ffbebb956 in helper_diag ../target/s390x/tcg/misc_helper.c:137:9
#13 0x7f1a3c51c730 (/memfd:tcg-jit (deleted)+0x39730)
Cc: qemu-sta...@nongnu.org
Signed-off-by: Fabiano Rosas <faro...@suse.de>
Message-ID: <20250509174938.25935-1-faro...@suse.de>
Fixes: 1fd396e3228 ("s390x: Register TYPE_S390_CCW_MACHINE properties as class
properties")
Reviewed-by: Thomas Huth <th...@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Thomas Huth <th...@redhat.com>
(cherry picked from commit bdf12f2a56bf3f13c52eb51f0a994bbfe40706b2)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 0b8c7cdeff6523dfb30aabd0c112ea3211a96159
https://github.com/qemu/qemu/commit/0b8c7cdeff6523dfb30aabd0c112ea3211a96159
Author: Akihiko Odaki <akihiko.od...@daynix.com>
Date: 2025-05-16 (Fri, 16 May 2025)
Changed paths:
M hw/virtio/virtio.c
Log Message:
-----------
virtio: Call set_features during reset
virtio-net expects set_features() will be called when the feature set
used by the guest changes to update the number of virtqueues but it is
not called during reset, which will clear all features, leaving the
queues added for VIRTIO_NET_F_MQ or VIRTIO_NET_F_RSS. Not only these
extra queues are visible to the guest, they will cause segmentation
fault during migration.
Call set_features() during reset to remove those queues for virtio-net
as we call set_status(). It will also prevent similar bugs for
virtio-net and other devices in the future.
Fixes: f9d6dbf0bf6e ("virtio-net: remove virtio queues if the guest doesn't
support multiqueue")
Buglink: https://issues.redhat.com/browse/RHEL-73842
Cc: qemu-sta...@nongnu.org
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Message-Id: <20250421-reset-v2-1-e4c1ead88...@daynix.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
(cherry picked from commit 0caed25cd171c611781589b5402161d27d57229c)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: d6258d62cf445db3cdbdee8ca63d798afc4e6c82
https://github.com/qemu/qemu/commit/d6258d62cf445db3cdbdee8ca63d798afc4e6c82
Author: Loïc Lefort <l...@rivosinc.com>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M target/riscv/pmp.c
Log Message:
-----------
target/riscv: pmp: move Smepmp operation conversion into a function
Signed-off-by: Loïc Lefort <l...@rivosinc.com>
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>
Reviewed-by: LIU Zhiwei <zhiwei_...@linux.alibaba.com>
Message-ID: <20250313193011.720075-3-l...@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit 915b203745540e908943758f78f5da49e0a15e45)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 82c0f4946a2b88dcbe976e673e826bab7d94f6a3
https://github.com/qemu/qemu/commit/82c0f4946a2b88dcbe976e673e826bab7d94f6a3
Author: Ziqiao Kong <ziqiaok...@gmail.com>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M target/riscv/cpu_helper.c
Log Message:
-----------
target/riscv: fix endless translation loop on big endian systems
On big endian systems, pte and updated_pte hold big endian host data
while pte_pa points to little endian target data. This means the branch
at cpu_helper.c:1669 will be always satisfied and restart translation,
causing an endless translation loop.
The correctness of this patch can be deduced by:
old_pte will hold value either from cpu_to_le32/64(pte) or
cpu_to_le32/64(updated_pte), both of wich is litte endian. After that,
an in-place conversion by le32/64_to_cpu(old_pte) ensures that old_pte
now is in native endian, same with pte. Therefore, the endianness of the
both side of if (old_pte != pte) is correct.
Signed-off-by: Ziqiao Kong <ziqiaok...@gmail.com>
Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-ID: <20250415080254.3667878-2-ziqiaok...@gmail.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit ad63158bdb33dab5704ea1cf740d2ea0387175df)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: fb1f88ee29fedf649d4422db241d03986d1f1df8
https://github.com/qemu/qemu/commit/fb1f88ee29fedf649d4422db241d03986d1f1df8
Author: Icenowy Zheng <u...@icenowy.me>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M common-user/host/riscv/safe-syscall.inc.S
Log Message:
-----------
common-user/host/riscv: use tail pseudoinstruction for calling tail
The j pseudoinstruction maps to a JAL instruction, which can only handle
a jump to somewhere with a signed 20-bit destination. In case of static
linking and LTO'ing this easily leads to "relocation truncated to fit"
error.
Switch to use tail pseudoinstruction, which is the standard way to
tail-call a function in medium code model (emits AUIPC+JALR).
Signed-off-by: Icenowy Zheng <u...@icenowy.me>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-ID: <20250417072206.364008-1-...@icenowy.me>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit 22b448ccc6611a59d4aa54419f4d88c1f343cb35)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 10bfc8d45e8a48fea3802fc0849c5080a444029d
https://github.com/qemu/qemu/commit/10bfc8d45e8a48fea3802fc0849c5080a444029d
Author: Anton Blanchard <ant...@tenstorrent.com>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M target/riscv/insn_trans/trans_rvv.c.inc
Log Message:
-----------
target/riscv: rvv: Source vector registers cannot overlap mask register
Add the relevant ISA paragraphs explaining why source (and destination)
registers cannot overlap the mask register.
Signed-off-by: Anton Blanchard <ant...@tenstorrent.com>
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Reviewed-by: Max Chou <max.c...@sifive.com>
Signed-off-by: Max Chou <max.c...@sifive.com>
Message-ID: <20250408103938.3623486-2-max.c...@sifive.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit 3e8d1e4a628bb234c0b5d1ccd510900047181dbd)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 6c4ddafa0daedf88aca19a8bd872519b7bc2da19
https://github.com/qemu/qemu/commit/6c4ddafa0daedf88aca19a8bd872519b7bc2da19
Author: Anton Blanchard <ant...@tenstorrent.com>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M target/riscv/insn_trans/trans_rvv.c.inc
Log Message:
-----------
target/riscv: rvv: Add CHECK arg to GEN_OPFVF_WIDEN_TRANS
Signed-off-by: Anton Blanchard <ant...@tenstorrent.com>
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Reviewed-by: Max Chou <max.c...@sifive.com>
Signed-off-by: Max Chou <max.c...@sifive.com>
Message-ID: <20250408103938.3623486-3-max.c...@sifive.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit b0450a101d6c88789d0e8df2bcbef61bc7cd159a)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 28ee50bbe9c73f531b52485b017d040c03819cd4
https://github.com/qemu/qemu/commit/28ee50bbe9c73f531b52485b017d040c03819cd4
Author: Max Chou <max.c...@sifive.com>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M target/riscv/insn_trans/trans_rvv.c.inc
Log Message:
-----------
target/riscv: rvv: Apply vext_check_input_eew to vrgather instructions to
check mismatched input EEWs encoding constraint
According to the v spec, a vector register cannot be used to provide source
operands with more than one EEW for a single instruction.
The vs1 EEW of vrgatherei16.vv is 16.
Co-authored-by: Anton Blanchard <ant...@tenstorrent.com>
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Signed-off-by: Max Chou <max.c...@sifive.com>
Message-ID: <20250408103938.3623486-4-max.c...@sifive.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit 629c2a8dd7506e1cb9b6b7127604641632ac453f)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: fd0fc3eb48650a8c7ce49e252b529aaa5c11093c
https://github.com/qemu/qemu/commit/fd0fc3eb48650a8c7ce49e252b529aaa5c11093c
Author: Max Chou <max.c...@sifive.com>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M target/riscv/insn_trans/trans_rvv.c.inc
Log Message:
-----------
target/riscv: rvv: Apply vext_check_input_eew to
OPIVI/OPIVX/OPFVF(vext_check_ss) instructions
Handle the overlap of source registers with different EEWs.
Co-authored-by: Anton Blanchard <ant...@tenstorrent.com>
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Signed-off-by: Max Chou <max.c...@sifive.com>
Message-ID: <20250408103938.3623486-5-max.c...@sifive.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit fbeaf35838768086b435833cb4dc5182c73ec2bc)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 80eebc00f93c2cf2a35da4a86fb5d998ce162ab6
https://github.com/qemu/qemu/commit/80eebc00f93c2cf2a35da4a86fb5d998ce162ab6
Author: Max Chou <max.c...@sifive.com>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M target/riscv/insn_trans/trans_rvv.c.inc
Log Message:
-----------
target/riscv: rvv: Apply vext_check_input_eew to OPIVV/OPFVV(vext_check_sss)
instructions
Handle the overlap of source registers with different EEWs.
Co-authored-by: Anton Blanchard <ant...@tenstorrent.com>
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Signed-off-by: Max Chou <max.c...@sifive.com>
Message-ID: <20250408103938.3623486-6-max.c...@sifive.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit fda68acb7761af40df78db18e44ca1ff20195fe0)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: d5166dad5519a5df508531fa11ca95a7b80ac529
https://github.com/qemu/qemu/commit/d5166dad5519a5df508531fa11ca95a7b80ac529
Author: Max Chou <max.c...@sifive.com>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M target/riscv/insn_trans/trans_rvv.c.inc
Log Message:
-----------
target/riscv: rvv: Apply vext_check_input_eew to vector slide
instructions(OPIVI/OPIVX)
Handle the overlap of source registers with different EEWs.
Co-authored-by: Anton Blanchard <ant...@tenstorrent.com>
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Signed-off-by: Max Chou <max.c...@sifive.com>
Message-ID: <20250408103938.3623486-7-max.c...@sifive.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit b5480a693e3e657108746721ffe434b3bb6e7a72)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 32f8a2b4292d78409da7845ae095a173102b02b7
https://github.com/qemu/qemu/commit/32f8a2b4292d78409da7845ae095a173102b02b7
Author: Max Chou <max.c...@sifive.com>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M target/riscv/insn_trans/trans_rvv.c.inc
Log Message:
-----------
target/riscv: rvv: Apply vext_check_input_eew to vector integer extension
instructions(OPMVV)
Handle the overlap of source registers with different EEWs.
Co-authored-by: Anton Blanchard <ant...@tenstorrent.com>
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Signed-off-by: Max Chou <max.c...@sifive.com>
Message-ID: <20250408103938.3623486-8-max.c...@sifive.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit 411eefd56a3921ddbfdbadca596e1a8593ce834c)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: dec1f0b924f80d83453003f671fa83a6d8f65519
https://github.com/qemu/qemu/commit/dec1f0b924f80d83453003f671fa83a6d8f65519
Author: Max Chou <max.c...@sifive.com>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M target/riscv/insn_trans/trans_rvbf16.c.inc
M target/riscv/insn_trans/trans_rvv.c.inc
Log Message:
-----------
target/riscv: rvv: Apply vext_check_input_eew to vector narrow/widen
instructions
Handle the overlap of source registers with different EEWs.
The vd of vector widening mul-add instructions is one of the input
operands.
Co-authored-by: Anton Blanchard <ant...@tenstorrent.com>
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Signed-off-by: Max Chou <max.c...@sifive.com>
Message-ID: <20250408103938.3623486-9-max.c...@sifive.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit 1f090a229f85e662394267680408bd31fd0a99c9)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 84dd432553c48aecaf3d2020eb7bfd3496ab5cb6
https://github.com/qemu/qemu/commit/84dd432553c48aecaf3d2020eb7bfd3496ab5cb6
Author: Max Chou <max.c...@sifive.com>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M target/riscv/insn_trans/trans_rvv.c.inc
Log Message:
-----------
target/riscv: rvv: Apply vext_check_input_eew to vector indexed load/store
instructions
Handle the overlap of source registers with different EEWs.
Co-authored-by: Anton Blanchard <ant...@tenstorrent.com>
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Signed-off-by: Max Chou <max.c...@sifive.com>
Message-ID: <20250408103938.3623486-10-max.c...@sifive.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit db21c3eb05504c4cedaad4f7b19e588361b02385)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 41c984df66ac85c81893add1ba497f2092503c39
https://github.com/qemu/qemu/commit/41c984df66ac85c81893add1ba497f2092503c39
Author: Max Chou <max.c...@sifive.com>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M target/riscv/insn32.decode
Log Message:
-----------
target/riscv: Fix the rvv reserved encoding of unmasked instructions
According to the v spec, the encodings of vcomoress.vm and vector
mask-register logical instructions with vm=0 are reserved.
Reviewed-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Signed-off-by: Max Chou <max.c...@sifive.com>
Message-ID: <20250408103938.3623486-11-max.c...@sifive.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit 8539a1244bf240d28917effb88a140eb58e45e88)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: ac053657f040ef2f55f25cc3b75c1411f7fd161c
https://github.com/qemu/qemu/commit/ac053657f040ef2f55f25cc3b75c1411f7fd161c
Author: Anton Blanchard <ant...@tenstorrent.com>
Date: 2025-05-20 (Tue, 20 May 2025)
Changed paths:
M target/riscv/vector_helper.c
Log Message:
-----------
target/riscv: Fix vslidedown with rvv_ta_all_1s
vslidedown always zeroes elements past vl, where it should use the
tail policy.
Signed-off-by: Anton Blanchard <ant...@tenstorrent.com>
Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>
Message-ID: <20250414213006.3509058-1-ant...@tenstorrent.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit 2669b696e243b64f8ea1a6468dcee255de99f08d)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 800495a3943dbc6a07d2789ccd7278c1e10fb2d2
https://github.com/qemu/qemu/commit/800495a3943dbc6a07d2789ccd7278c1e10fb2d2
Author: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Date: 2025-05-25 (Sun, 25 May 2025)
Changed paths:
M target/riscv/kvm/kvm-cpu.c
Log Message:
-----------
target/riscv/kvm: fix leak in kvm_riscv_init_multiext_cfg()
'reglist' is being g-malloc'ed but never freed.
Reported-by: Andrew Jones <ajo...@ventanamicro.com>
Signed-off-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Reviewed-by: Andrew Jones <ajo...@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>
Message-ID: <20250429124421.223883-3-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit 906af6de9462c5192547cca0beac2c134659a437)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 6b10b25dddfb70a2df149dde4b2e09e97430ba9a
https://github.com/qemu/qemu/commit/6b10b25dddfb70a2df149dde4b2e09e97430ba9a
Author: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Date: 2025-05-25 (Sun, 25 May 2025)
Changed paths:
M target/riscv/kvm/kvm-cpu.c
Log Message:
-----------
target/riscv/kvm: turn u32/u64 reg functions into macros
This change is motivated by a future change w.r.t CSRs management. We
want to handle them the same way as KVM extensions, i.e. a static array
with KVMCPUConfig objs that will be read/write during init and so on.
But to do that properly we must be able to declare a static array that
hold KVM regs.
C does not allow to init static arrays and use functions as
initializers, e.g. we can't do:
.kvm_reg_id = kvm_riscv_reg_id_ulong(...)
When instantiating the array. We can do that with macros though, so our
goal is turn kvm_riscv_reg_ulong() in a macro. It is cleaner to turn
every other reg_id_*() function in macros, and ulong will end up using
the macros for u32 and u64, so we'll start with them.
Signed-off-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Reviewed-by: Andrew Jones <ajo...@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>
Message-ID: <20250429124421.223883-4-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit b6096103494506514d9bfa442f62fef36ffc8fba)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: e2d4d3c2ac9e01bad0a734f3c51c93815eda9ffb
https://github.com/qemu/qemu/commit/e2d4d3c2ac9e01bad0a734f3c51c93815eda9ffb
Author: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Date: 2025-05-25 (Sun, 25 May 2025)
Changed paths:
M target/riscv/kvm/kvm-cpu.c
Log Message:
-----------
target/riscv/kvm: turn kvm_riscv_reg_id_ulong() into a macro
We need the reg_id_ulong() helper to be a macro to be able to create a
static array of KVMCPUConfig that will hold CSR information.
Despite the amount of changes all of them are tedious/trivial:
- replace instances of "kvm_riscv_reg_id_ulong" with
"KVM_RISCV_REG_ID_ULONG";
- RISCV_CORE_REG(), RISCV_CSR_REG(), RISCV_CONFIG_REG() and
RISCV_VECTOR_CSR_REG() only receives one 'name' arg. Remove unneeded
'env' variables when applicable.
Signed-off-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Reviewed-by: Andrew Jones <ajo...@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>
Message-ID: <20250429124421.223883-5-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit 11766e17616a5a4181d4a63f88adf67ac52c553b)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 289dcab554eddb536055e1ddc058d7d838f299af
https://github.com/qemu/qemu/commit/289dcab554eddb536055e1ddc058d7d838f299af
Author: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Date: 2025-05-25 (Sun, 25 May 2025)
Changed paths:
M target/riscv/cpu.h
M target/riscv/kvm/kvm-cpu.c
Log Message:
-----------
target/riscv/kvm: add kvm_csr_cfgs[]
At this moment we're not checking if the host has support for any
specific CSR before doing get/put regs. This will cause problems if the
host KVM doesn't support it (see [1] as an example).
We'll use the same approach done with the CPU extensions: read all known
KVM CSRs during init() to check for availability, then read/write them
if they are present. This will be made by either using get-reglist or by
directly reading the CSRs.
For now we'll just convert the CSRs to use a kvm_csr_cfg[] array,
reusing the same KVMCPUConfig abstraction we use for extensions, and use
the array in (get|put)_csr_regs() instead of manually listing them. A
lot of boilerplate will be added but at least we'll automate the get/put
procedure for CSRs, i.e. adding a new CSR in the future will be a matter
of adding it in kvm_csr_regs[] and everything else will be taken care
of.
Despite all the code changes no behavioral change is made.
[1]
https://lore.kernel.org/qemu-riscv/CABJz62OfUDHYkQ0T3rGHStQprf1c7_E0qBLbLKhfv=+jb0s...@mail.gmail.com/
Signed-off-by: Daniel Henrique Barboza <dbarb...@ventanamicro.com>
Reviewed-by: Andrew Jones <ajo...@ventanamicro.com>
Acked-by: Alistair Francis <alistair.fran...@wdc.com>
Message-ID: <20250429124421.223883-6-dbarb...@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.fran...@wdc.com>
Cc: qemu-sta...@nongnu.org
(cherry picked from commit d3b6f1742c36e3a3c1e74cb60646ee98a4e39ea3)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 5d139247e910132082027afbc19d60a7a6cdb693
https://github.com/qemu/qemu/commit/5d139247e910132082027afbc19d60a7a6cdb693
Author: Rakesh Jeyasingh <rakeshjb...@gmail.com>
Date: 2025-05-25 (Sun, 25 May 2025)
Changed paths:
M hw/pci-host/gt64120.c
Log Message:
-----------
hw/pci-host/gt64120: Fix endianness handling
The GT-64120 PCI controller requires special handling where:
1. Host bridge(bus 0 ,device 0) must never be byte-swapped
2. Other devices follow MByteSwap bit in GT_PCI0_CMD
The previous implementation incorrectly swapped all accesses, breaking
host bridge detection (lspci -d 11ab:4620).
Changes made:
1. Removed gt64120_update_pci_cfgdata_mapping() and moved data_mem
initialization
to gt64120_realize() for cleaner setup
2. Implemented custom read/write handlers that:
- Preserve host bridge accesses (extract32(config_reg,11,13)==0)
- apply swapping only for non-bridge devices in big-endian mode
Fixes: 145e2198 ("hw/mips/gt64xxx_pci: Endian-swap using PCI_HOST_BRIDGE
MemoryRegionOps")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2826
Signed-off-by: Rakesh Jeyasingh <rakeshjb...@gmail.com>
Tested-by: Thomas Huth <th...@redhat.com>
Link: https://lore.kernel.org/r/20250429170354.150581-2-rakeshjb...@gmail.com
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit e5894fd6f411c113e2b5f62811e96eeb5b084381)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 361bd5efe41ccebbc799b0f5530e188cdfd1c29b
https://github.com/qemu/qemu/commit/361bd5efe41ccebbc799b0f5530e188cdfd1c29b
Author: Rakesh Jeyasingh <rakeshjb...@gmail.com>
Date: 2025-05-25 (Sun, 25 May 2025)
Changed paths:
M hw/pci/pci_host.c
M include/hw/pci-host/dino.h
M include/hw/pci/pci_host.h
Log Message:
-----------
hw/pci-host: Remove unused pci_host_data_be_ops
pci_host_data_be_ops became unused after endianness fixes
Suggested-by: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Rakesh Jeyasingh <rakeshjb...@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Tested-by: Thomas Huth <th...@redhat.com>
Link: https://lore.kernel.org/r/20250429170354.150581-3-rakeshjb...@gmail.com
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit 560375cff3ccedabf1fe5ca1bc7a31b13fdc68e5)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 5a1414313bc52946e2287913368ff1d783b08028
https://github.com/qemu/qemu/commit/5a1414313bc52946e2287913368ff1d783b08028
Author: Zhao Liu <zhao1....@intel.com>
Date: 2025-05-25 (Sun, 25 May 2025)
Changed paths:
M qapi/misc-target.json
Log Message:
-----------
qapi/misc-target: Fix the doc to distinguish query-sgx and
query-sgx-capabilities
There're 2 QMP commands: query-sgx and query-sgx-capabilities, but
their outputs are very similar and the documentation lacks clear
differentiation.
>From the codes, query-sgx is used to gather guest's SGX capabilities
(including SGX related CPUIDs and EPC sections' size, in SGXInfo), and
if guest doesn't have SGX, then QEMU will report the error message.
On the other hand, query-sgx-capabilities is used to gather host's SGX
capabilities (descripted by SGXInfo as well). And if host doesn't
support SGX, then QEMU will also report the error message.
Considering that SGXInfo is already documented and both these 2 commands
have enough error messages (for the exception case in their codes).
Therefore the QAPI documentation for these two commands only needs to
emphasize that one of them applies to the guest and the other to the
host.
Fix their documentation to reflect this difference.
Reported-by: Markus Armbruster <arm...@redhat.com>
Suggested-by: Paolo Bonzini <pbonz...@redhat.com>
Signed-off-by: Zhao Liu <zhao1....@intel.com>
Acked-by: Markus Armbruster <arm...@redhat.com>
Link: https://lore.kernel.org/r/20250513143131.2008078-3-zhao1....@intel.com
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit 7f2131c35c1781ca41c62dc26fd93282e1351323)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 53a4bf6830874caf31a1a832beac15115a22443f
https://github.com/qemu/qemu/commit/53a4bf6830874caf31a1a832beac15115a22443f
Author: Peter Xu <pet...@redhat.com>
Date: 2025-05-25 (Sun, 25 May 2025)
Changed paths:
M migration/options.c
Log Message:
-----------
migration: Allow caps to be set when preempt or multifd cap enabled
With commit 82137e6c8c ("migration: enforce multifd and postcopy preempt to
be set before incoming"), and if postcopy preempt / multifd is enabled, one
cannot setup any capability because these checks would always fail.
(qemu) migrate_set_capability xbzrle off
Error: Postcopy preempt must be set before incoming starts
To fix it, check existing cap and only raise an error if the specific cap
changed.
Fixes: 82137e6c8c ("migration: enforce multifd and postcopy preempt to be set
before incoming")
Reviewed-by: Dr. David Alan Gilbert <d...@treblig.org>
Reviewed-by: Juraj Marcin <jmar...@redhat.com>
Signed-off-by: Peter Xu <pet...@redhat.com>
(cherry picked from commit 17bec9235bb0775cf8dec4103c167757ee8898f3)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: b1ff64ba4e84fdefc514111270da4283b94271c3
https://github.com/qemu/qemu/commit/b1ff64ba4e84fdefc514111270da4283b94271c3
Author: Helge Deller <del...@gmx.de>
Date: 2025-05-25 (Sun, 25 May 2025)
Changed paths:
M target/hppa/int_helper.c
Log Message:
-----------
target/hppa: Copy instruction code into fr1 on FPU assist fault
The hardware stores the instruction code in the lower bits of the FP
exception register #1 on FP assist traps.
This fixes the FP exception handler on Linux, as the Linux kernel uses
the value to decide on the correct signal which should be pushed into
userspace (see decode_fpu() in Linux kernel).
Signed-off-by: Helge Deller <del...@gmx.de>
(cherry picked from commit 923976dfe367b0bfed45ff660c369f3fe65604a7)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 148eb79f573299bf517ff2ff0f2ed87f18d59af9
https://github.com/qemu/qemu/commit/148eb79f573299bf517ff2ff0f2ed87f18d59af9
Author: Helge Deller <del...@gmx.de>
Date: 2025-05-25 (Sun, 25 May 2025)
Changed paths:
M linux-user/hppa/cpu_loop.c
Log Message:
-----------
linux-user/hppa: Send proper si_code on SIGFPE exception
Improve the linux-user emulation to send the correct si_code depending
on overflow (TARGET_FPE_FLTOVF), underflow (TARGET_FPE_FLTUND), ...
Note that the hardware stores the relevant flags in FP exception
register #1, which is actually the lower 32-bits of the 64-bit fr[0]
register in qemu.
Signed-off-by: Helge Deller <del...@gmx.de>
(cherry picked from commit b4b49cf39dba5f993ad925f204cb820aacfc8e45)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 0befc056f38731d9cbdd727244c2b4324f1ac813
https://github.com/qemu/qemu/commit/0befc056f38731d9cbdd727244c2b4324f1ac813
Author: Helge Deller <del...@gmx.de>
Date: 2025-05-25 (Sun, 25 May 2025)
Changed paths:
M target/hppa/fpu_helper.c
Log Message:
-----------
target/hppa: Fix FPE exceptions
Implement FP exception register #1 (lower 32-bits of 64-bit fr[0]).
A proper implementation is necessary to allow the Linux kernel in
system mode and the qemu linux-user to send proper si_code values
on SIGFPE signal.
Always set the T-bit on taken exception, and merge over- and underflow
in system mode to just set overflow bit to mimic the behaviour I tested
on a physical machine.
The test program below can be used to verify correct behaviour. Note
that behaviour on SIGFPE may vary on different platforms. The program
should always detect the correct signal, but it may or may not be able
to sucessfully continue afterwards.
#define _GNU_SOURCE
#include <signal.h>
#include <stdio.h>
#include <fenv.h>
#include <float.h>
static void fpe_func(int sig, siginfo_t *i, void *v) {
sigset_t set;
sigemptyset(&set);
sigaddset(&set, SIGFPE);
sigprocmask(SIG_UNBLOCK, &set, NULL);
printf("GOT signal %d with si_code %ld\n", sig, i->si_code);
}
int main(int argc, char *argv[]) {
struct sigaction action = {
.sa_sigaction = fpe_func,
.sa_flags = SA_RESTART|SA_SIGINFO };
sigaction(SIGFPE, &action, 0);
feenableexcept(FE_OVERFLOW | FE_UNDERFLOW);
double x = DBL_MIN;
return printf("%lf\n", argc > 1
? 1.7976931348623158E308*1.7976931348623158E308
: x / 10);
}
Signed-off-by: Helge Deller <del...@gmx.de>
(cherry picked from commit ebd394948de4e868cb8fc5b265a8a18f0935dce1)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: b2995afed254e4804611df52210067a4d5dbdf0b
https://github.com/qemu/qemu/commit/b2995afed254e4804611df52210067a4d5dbdf0b
Author: Michael Tokarev <m...@tls.msk.ru>
Date: 2025-05-26 (Mon, 26 May 2025)
Changed paths:
M VERSION
Log Message:
-----------
Update version for 9.2.4 release
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/9027aa63959c...b2995afed254
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
