Branch: refs/heads/stable-7.2
Home: https://github.com/qemu/qemu
Commit: 9e9172ffb48e5402f95ce6a4a69faf04ae486448
https://github.com/qemu/qemu/commit/9e9172ffb48e5402f95ce6a4a69faf04ae486448
Author: Michael Tokarev <m...@tls.msk.ru>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M hw/display/qxl-render.c
Log Message:
-----------
hw/display/qxl-render.c: fix qxl_unpack_chunks() chunk size calculation
In case of multiple chunks, code in qxl_unpack_chunks() takes size of the
wrong (next in the chain) chunk, instead of using current chunk size.
This leads to wrong number of bytes being copied, and to crashes if next
chunk size is larger than the current one.
Based on the code by Gao Yong.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1628
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Reviewed-by: Thomas Huth <th...@redhat.com>
(cherry picked from commit b8882becd572d3afb888c836a6ffc7f92c17d1c5)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 489a0714bf1894ceaa341f271382d38e9b8598b3
https://github.com/qemu/qemu/commit/489a0714bf1894ceaa341f271382d38e9b8598b3
Author: Paolo Bonzini <pbonz...@redhat.com>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M target/i386/tcg/decode-new.c.inc
Log Message:
-----------
target/i386: fix width of third operand of VINSERTx128
Table A-5 of the Intel manual incorrectly lists the third operand of
VINSERTx128 as Wqq, but it is actually a 128-bit value. This is
visible when W is a memory operand close to the end of the page.
Fixes the recently-added poly1305_kunit test in linux-next.
(No testcase yet, but I plan to modify test-avx2 to use memory
close to the end of the page. This would work because the test
vectors correctly have the memory operand as xmm2/m128).
Reported-by: Eric Biggers <ebigg...@kernel.org>
Tested-by: Eric Biggers <ebigg...@kernel.org>
Cc: Ard Biesheuvel <a...@kernel.org>
Cc: "Jason A. Donenfeld" <ja...@zx2c4.com>
Cc: Guenter Roeck <li...@roeck-us.net>
Cc: qemu-sta...@nongnu.org
Fixes: 79068477686 ("target/i386: reimplement 0x0f 0x3a, add AVX", 2022-10-18)
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
(cherry picked from commit feea87cd6b645d5166bdd304aac88f47f63dc2ef)
(Mjt: adjust for 7.2.x due to lack of v8.1.0-2167-ge000687f12
"target/i386: validate VEX.W for AVX instructions")
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 73a4a6432a6ad77e8c70cd8977a38e97e05ea214
https://github.com/qemu/qemu/commit/73a4a6432a6ad77e8c70cd8977a38e97e05ea214
Author: Richard Henderson <richard.hender...@linaro.org>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm/sme: Reorg SME access handling in handle_msr_i()
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Fabiano Rosas <faro...@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-id: 20230112102436.1913-2-phi...@linaro.org
Message-Id: <20230112004322.161330-1-richard.hender...@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit 535ca76425fc1ffa4311b3a47518b06c596a55c6)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: f365f4e3411e091a7248d0b6858084306f7390d3
https://github.com/qemu/qemu/commit/f365f4e3411e091a7248d0b6858084306f7390d3
Author: Richard Henderson <richard.hender...@linaro.org>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M target/arm/sme_helper.c
M target/arm/translate-a64.c
Log Message:
-----------
target/arm/sme: Rebuild hflags in set_pstate() helpers
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Fabiano Rosas <faro...@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-id: 20230112102436.1913-3-phi...@linaro.org
Message-Id: <20230112004322.161330-1-richard.hender...@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit 3c9ee548948870c14235e3fa8fb235c0c1c20822)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: a2f3bbf35e3a1b82ad6bc0fd612e43245a255995
https://github.com/qemu/qemu/commit/a2f3bbf35e3a1b82ad6bc0fd612e43245a255995
Author: Richard Henderson <richard.hender...@linaro.org>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M linux-user/aarch64/cpu_loop.c
M linux-user/aarch64/signal.c
M target/arm/cpu.h
M target/arm/helper.c
M target/arm/sme_helper.c
Log Message:
-----------
target/arm/sme: Introduce aarch64_set_svcr()
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Fabiano Rosas <faro...@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-id: 20230112102436.1913-4-phi...@linaro.org
Message-Id: <20230112004322.161330-1-richard.hender...@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit 2a8af3825958e5d8c98b3ca92ac42a10e25db9e1)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 4f50e20ec33d363816bd2ef43483060785d3f5af
https://github.com/qemu/qemu/commit/4f50e20ec33d363816bd2ef43483060785d3f5af
Author: Richard Henderson <richard.hender...@linaro.org>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M linux-user/aarch64/cpu_loop.c
M linux-user/aarch64/signal.c
M target/arm/cpu.h
M target/arm/helper.c
M target/arm/sme_helper.c
Log Message:
-----------
target/arm/sme: Reset SVE state in aarch64_set_svcr()
Move arm_reset_sve_state() calls to aarch64_set_svcr().
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Fabiano Rosas <faro...@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-id: 20230112102436.1913-5-phi...@linaro.org
Message-Id: <20230112004322.161330-1-richard.hender...@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit 7f2a01e7368f960fadea38f437d0f6de7f249686)
(Mjt: re-apply v7.2.15-32-g3559e90146d8 (v9.2.0-1311-g1edc3d43f20d)
"target/arm: arm_reset_sve_state() should set FPSR, not FPCR"
on top of this one, as it's been picked up for 7.2.x series earlier
with adjustments for this change)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 3629f0840617cc487272a0ef68c686724e617475
https://github.com/qemu/qemu/commit/3629f0840617cc487272a0ef68c686724e617475
Author: Richard Henderson <richard.hender...@linaro.org>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M target/arm/helper.c
M target/arm/sme_helper.c
Log Message:
-----------
target/arm/sme: Reset ZA state in aarch64_set_svcr()
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Fabiano Rosas <faro...@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-id: 20230112102436.1913-6-phi...@linaro.org
Message-Id: <20230112004322.161330-1-richard.hender...@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit fccb49182e23bd359092f7ab09bc7e60a0fff71a)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 3ece4d8a145716450559c5b256107ba163ff01ef
https://github.com/qemu/qemu/commit/3ece4d8a145716450559c5b256107ba163ff01ef
Author: Richard Henderson <richard.hender...@linaro.org>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M linux-user/aarch64/cpu_loop.c
M linux-user/aarch64/signal.c
M target/arm/helper.c
M target/arm/sme_helper.c
Log Message:
-----------
target/arm/sme: Rebuild hflags in aarch64_set_svcr()
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Fabiano Rosas <faro...@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-id: 20230112102436.1913-7-phi...@linaro.org
Message-Id: <20230112004322.161330-1-richard.hender...@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit f4318557149184d6dac99e561acabcb602a84ee1)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 7356bc8036324359d46624d691cb748abe473ec9
https://github.com/qemu/qemu/commit/7356bc8036324359d46624d691cb748abe473ec9
Author: Richard Henderson <richard.hender...@linaro.org>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M target/arm/helper-sme.h
M target/arm/helper.c
M target/arm/sme_helper.c
M target/arm/translate-a64.c
Log Message:
-----------
target/arm/sme: Unify set_pstate() SM/ZA helpers as set_svcr()
Unify the two helper_set_pstate_{sm,za} in this function.
Do not call helper_* functions from svcr_write.
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Fabiano Rosas <faro...@suse.de>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-id: 20230112102436.1913-8-phi...@linaro.org
Message-Id: <20230112004322.161330-1-richard.hender...@linaro.org>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit 5c922ec5b136b452fe9d21e7581c99554ce650ed)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 7b94f67dd0698e9300c1d48301d2d39af4239d78
https://github.com/qemu/qemu/commit/7b94f67dd0698e9300c1d48301d2d39af4239d78
Author: Peter Maydell <peter.mayd...@linaro.org>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M linux-user/aarch64/signal.c
Log Message:
-----------
linux-user/aarch64: Support TPIDR2_MAGIC signal frame record
FEAT_SME adds the TPIDR2 userspace-accessible system register, which
is used as part of the procedure calling standard's lazy saving
scheme for the ZA registers:
https://github.com/ARM-software/abi-aa/blob/main/aapcs64/aapcs64.rst#66the-za-lazy-saving-scheme
The Linux kernel has a signal frame record for saving
and restoring this value when calling signal handlers, but
we forgot to implement this. The result is that code which
tries to unwind an exception out of a signal handler will
not work correctly.
Add support for the missing record.
Cc: qemu-sta...@nongnu.org
Fixes: 78011586b90d1 ("target/arm: Enable SME for user-only")
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouv...@linaro.org>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Message-ID: <20250725175510.3864231-3-peter.mayd...@linaro.org>
(cherry picked from commit 99870aff907b1c863cd32558b543f0ab0d0e74ba)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: b662b0e86256de0c029768af6038076dd89bad12
https://github.com/qemu/qemu/commit/b662b0e86256de0c029768af6038076dd89bad12
Author: Philippe Mathieu-Daudé <f4...@amsat.org>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M target/mips/tcg/sysemu/cp0_helper.c
Log Message:
-----------
target/mips: Only update MVPControl.EVP bit if executed by master VPE
According to the 'MIPS MT Application-Specific Extension' manual:
If the VPE executing the instruction is not a Master VPE,
with the MVP bit of the VPEConf0 register set, the EVP bit
is unchanged by the instruction.
Modify the DVPE/EVPE opcodes to only update the MVPControl.EVP bit
if executed on a master VPE.
Cc: qemu-sta...@nongnu.org
Reported-by: Hansni Bu
Buglink: https://bugs.launchpad.net/qemu/+bug/1926277
Fixes: f249412c749 ("mips: Add MT halting and waking of VPEs")
Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Jiaxun Yang <jiaxun.y...@flygoat.com>
Message-ID: <20210427133343.159718-1-f4...@amsat.org>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit e895095c78ab877d40df2dd31ee79d85757d963b)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: f74d5de0462ef257dfed03b987145ec7ca3a10d3
https://github.com/qemu/qemu/commit/f74d5de0462ef257dfed03b987145ec7ca3a10d3
Author: Luc Michel <luc.mic...@amd.com>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M hw/net/cadence_gem.c
Log Message:
-----------
hw/net/cadence_gem: fix register mask initialization
The gem_init_register_masks function was called at init time but it
relies on the num-priority-queues property. Call it at realize time
instead.
Cc: qemu-sta...@nongnu.org
Fixes: 4c70e32f05f ("net: cadence_gem: Define access permission for interrupt
registers")
Signed-off-by: Luc Michel <luc.mic...@amd.com>
Reviewed-by: Francisco Iglesias <francisco.igles...@amd.com>
Reviewed-by: Sai Pavan Boddu <sai.pavan.bo...@amd.com>
Message-ID: <20250716095432.81923-2-luc.mic...@amd.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 2bfcd27e00a49da2efa5d703121b94cd9cd4948b)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: e3ac46b4553c239a2a8af94311e2de852042c6ed
https://github.com/qemu/qemu/commit/e3ac46b4553c239a2a8af94311e2de852042c6ed
Author: Zenghui Yu <zenghui...@linux.dev>
Date: 2025-08-05 (Tue, 05 Aug 2025)
Changed paths:
M hw/intc/arm_gicv3_kvm.c
Log Message:
-----------
hw/intc/arm_gicv3_kvm: Write all 1's to clear enable/active
KVM's userspace access interface to the GICD enable and active bits
is via set/clear register pairs which implement the hardware's "write
1s to the clear register to clear the 0 bits, and write 1s to the set
register to set the 1 bits" semantics. We didn't get this right,
because we were writing 0 to the clear register.
Writing 0 to GICD_IC{ENABLE,ACTIVE}R architecturally has no effect on
interrupt status (all writes are simply ignored by KVM) and doesn't
comply with the intention of "first write to the clear-reg to clear
all bits".
Write all 1's to actually clear the enable/active status.
This didn't have any adverse effects on migration because there
we start with a clean VM state; it would be guest-visible when
doing a system reset, but since Linux always cleans up the
register state of the GIC during bootup before it enables it
most users won't have run into a problem here.
Cc: qemu-sta...@nongnu.org
Fixes: 367b9f527bec ("hw/intc/arm_gicv3_kvm: Implement get/put functions")
Signed-off-by: Zenghui Yu <zenghui...@linux.dev>
Message-id: 20250729161650.43758-3-zenghui...@linux.dev
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit b10bd4bd17ac8628ede8735a08ad82dc3b721c64)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: d85e56bc73154236301752f56f665bbf03a87151
https://github.com/qemu/qemu/commit/d85e56bc73154236301752f56f665bbf03a87151
Author: Vacha Bhavsar <vacha.bhav...@oss.qualcomm.com>
Date: 2025-08-05 (Tue, 05 Aug 2025)
Changed paths:
M target/arm/gdbstub64.c
Log Message:
-----------
target/arm: Fix big-endian handling of NEON gdb remote debugging
In the code for allowing the gdbstub to set the value of an AArch64
FP/SIMD register, we weren't accounting for target_big_endian()
being true. This meant that for aarch64_be-linux-user we would
set the two halves of the FP register the wrong way around.
The much more common case of a little-endian guest is not affected;
nor are big-endian hosts.
Correct the handling of this case.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Vacha Bhavsar <vacha.bhav...@oss.qualcomm.com>
Message-id: 20250722173736.2332529-2-vacha.bhav...@oss.qualcomm.com
[PMM: added comment, expanded commit message, fixed missing space]
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit 35cca0f95ff5345f54c11d116efc8940a0dab8aa)
(Mjt: s/target_big_endian/target_words_bigendian/ due to missing
v10.0.0-277-gb939b8e42a "exec: Rename target_words_bigendian() ->
target_big_endian()")
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 423a3bece9e671386b8667b2b96d4796af9a3a54
https://github.com/qemu/qemu/commit/423a3bece9e671386b8667b2b96d4796af9a3a54
Author: Vacha Bhavsar <vacha.bhav...@oss.qualcomm.com>
Date: 2025-08-05 (Tue, 05 Aug 2025)
Changed paths:
M target/arm/gdbstub64.c
Log Message:
-----------
target/arm: Fix handling of setting SVE registers from gdb
The code to handle setting SVE registers via the gdbstub is broken:
* it sets each pair of elements in the zregs[].d[] array in the
wrong order for the most common (little endian) case: the least
significant 64-bit value comes first
* it makes no attempt to handle target_endian()
* it does a simple copy out of the (target endian) gdbstub buffer
into the (host endan) zregs data structure, which is wrong on
big endian hosts
Fix all these problems:
* use ldq_p() to read from the gdbstub buffer
* check target_big_endian() to see if we need to handle the
128-bit values the opposite way around
Cc: qemu-sta...@nongnu.org
Signed-off-by: Vacha Bhavsar <vacha.bhav...@oss.qualcomm.com>
Message-id: 20250722173736.2332529-3-vacha.bhav...@oss.qualcomm.com
[PMM: adjusted commit message, fixed spacing]
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit 97b3d732afec9b165c33697452e31267a845338f)
(Mjt: s/target_big_endian/target_words_bigendian/ due to missing
v10.0.0-277-gb939b8e42a "exec: Rename target_words_bigendian() ->
target_big_endian()")
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 7023cde2e4850d0358b438f3ee4def95ac5dff8a
https://github.com/qemu/qemu/commit/7023cde2e4850d0358b438f3ee4def95ac5dff8a
Author: Jamin Lin <jamin_...@aspeedtech.com>
Date: 2025-08-05 (Tue, 05 Aug 2025)
Changed paths:
M hw/ssi/aspeed_smc.c
Log Message:
-----------
hw/ssi/aspeed_smc: Fix incorrect FMC_WDT2 register read on AST1030
On AST1030, reading the FMC_WDT2 register always returns 0xFFFFFFFF.
This issue is due to the aspeed_smc_read function, which checks for the
ASPEED_SMC_FEATURE_WDT_CONTROL feature. Since AST1030 was missing this
feature flag, the read operation fails and returns -1.
To resolve this, add the WDT_CONTROL feature to AST1030's feature set
so that FMC_WDT2 can be correctly accessed by firmware.
Signed-off-by: Jamin Lin <jamin_...@aspeedtech.com>
Reviewed-by: Cédric Le Goater <c...@redhat.com>
Fixes: 2850df6a81bcdc2e063dfdd56751ee2d11c58030 ("aspeed/smc: Add AST1030
support ")
Link:
https://lore.kernel.org/qemu-devel/20250804014633.512737-1-jamin_...@aspeedtech.com
Signed-off-by: Cédric Le Goater <c...@redhat.com>
(cherry picked from commit 13ed972b4ce57198914a37217251d30fbec20e41)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 64e5f0f93db1ceb142e949041af157fc7d563dbb
https://github.com/qemu/qemu/commit/64e5f0f93db1ceb142e949041af157fc7d563dbb
Author: Werner Fink <wer...@suse.de>
Date: 2025-08-13 (Wed, 13 Aug 2025)
Changed paths:
M tests/qemu-iotests/039.out
M tests/qemu-iotests/061.out
M tests/qemu-iotests/137.out
M tests/qemu-iotests/common.filter
Log Message:
-----------
qemu-iotests: Ignore indentation in Killed messages
New bash 5.3 uses a different padding for reporting job status.
Resolves: boo#1246830
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3050
Signed-off-by: Werner Fink <wer...@suse.de>
Message-ID: <ajl8rh8eppnet...@boole.nue2.suse.org>
Reviewed-by: Kevin Wolf <kw...@redhat.com>
Tested-by: Martin Kletzander <mklet...@redhat.com>
Signed-off-by: Kevin Wolf <kw...@redhat.com>
(cherry picked from commit c0df98ab1f3d348bc05f09d1c093abc529f2b530)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: c01efd93cf243c88abbd06c05e2217a1c4019124
https://github.com/qemu/qemu/commit/c01efd93cf243c88abbd06c05e2217a1c4019124
Author: Philippe Mathieu-Daudé <phi...@linaro.org>
Date: 2025-08-13 (Wed, 13 Aug 2025)
Changed paths:
M hw/sd/ssi-sd.c
Log Message:
-----------
hw/sd/ssi-sd: Return noise (dummy byte) when no card connected
Commit 1585ab9f1ba ("hw/sd/sdcard: Fill SPI response bits in card
code") exposed a bug in the SPI adapter: if no SD card is plugged,
we are returning "there is a card with an error". This is wrong,
we shouldn't return any particular packet response, but the noise
shifted on the MISO line. Return the dummy byte, otherwise we get:
qemu-system-riscv64: ../hw/sd/ssi-sd.c:160: ssi_sd_transfer: Assertion
`s->arglen > 0' failed.
Reported-by: Guenter Roeck <li...@roeck-us.net>
Fixes: 775616c3ae8 ("Partial SD card SPI mode support")
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Tested-by: Guenter Roeck <li...@roeck-us.net>
Reviewed-by: Alex Bennée <alex.ben...@linaro.org>
Reviewed-by: Gustavo Romero <gustavo.rom...@linaro.org>
Tested-by: Alex Bennée <alex.ben...@linaro.org>
Message-Id: <20250812140415.70153-2-phi...@linaro.org>
(cherry picked from commit e262646e12acd6c1132e03d57fea20680a503251)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 465c50ac0f5c32bc935c9ecac36a896ba94d6a7b
https://github.com/qemu/qemu/commit/465c50ac0f5c32bc935c9ecac36a896ba94d6a7b
Author: Zero Tang <zero.tang...@gmail.com>
Date: 2025-08-29 (Fri, 29 Aug 2025)
Changed paths:
M target/i386/tcg/sysemu/svm_helper.c
Log Message:
-----------
i386/tcg/svm: fix incorrect canonicalization
For all 32-bit systems and 64-bit Windows systems, "long" is 4 bytes long.
Due to using "long" for a linear address, svm_canonicalization would
set all high bits to 1 when (assuming 48-bit linear address) the segment
base is bigger than 0x7FFF.
This fixes booting guests under TCG when the guest IDT and GDT bases are
above 0x7FFF, thereby resulting in incorrect bases. When an interrupt
arrives, it would trigger a #PF exception; the #PF would trigger again,
resulting in a #DF exception; the #PF would trigger for the third time,
resulting in triple-fault, and eventually causes a shutdown VM-Exit to
the hypervisor right after guest boot.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Zero Tang <zero.tang...@gmail.com>
(cherry picked from commit c12cbaa007c9da97a11e74119ea3aed9fcc3ac4c)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 653217a501a1575eb2aabc2fd4522ab5be62907d
https://github.com/qemu/qemu/commit/653217a501a1575eb2aabc2fd4522ab5be62907d
Author: Akihiko Odaki <akihiko.od...@daynix.com>
Date: 2025-08-29 (Fri, 29 Aug 2025)
Changed paths:
M hw/net/virtio-net.c
Log Message:
-----------
virtio-net: Add only one queue pair when realizing
Multiqueue usage is not negotiated yet when realizing. If more than
one queue is added and the guest never requests to enable multiqueue,
the extra queues will not be deleted when unrealizing and leak.
Fixes: f9d6dbf0bf6e ("virtio-net: remove virtio queues if the guest doesn't
support multiqueue")
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Signed-off-by: Jason Wang <jasow...@redhat.com>
(cherry picked from commit 8c49756825dab430b17648637735c2736d23f778)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 361da9bd09bb524da6d1ac07749b4a2d45790c36
https://github.com/qemu/qemu/commit/361da9bd09bb524da6d1ac07749b4a2d45790c36
Author: Akihiko Odaki <akihiko.od...@daynix.com>
Date: 2025-08-29 (Fri, 29 Aug 2025)
Changed paths:
M hw/net/virtio-net.c
M hw/virtio/virtio.c
M include/hw/virtio/virtio.h
Log Message:
-----------
virtio-net: Add queues before loading them
Call virtio_net_set_multiqueue() to add queues before loading their
states. Otherwise the loaded queues will not have handlers and elements
in them will not be processed.
Cc: qemu-sta...@nongnu.org
Fixes: 8c49756825da ("virtio-net: Add only one queue pair when realizing")
Fixes: 653217a501a1 ("virtio-net: Add only one queue pair when realizing" in
7.2.x)
Reported-by: Laurent Vivier <lviv...@redhat.com>
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Acked-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Jason Wang <jasow...@redhat.com>
(cherry picked from commit 9379ea9db3c0064fa2787db0794a23a30f7b2d2d)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: b3ad24485306e19d0cd08d96211ef033464eb97a
https://github.com/qemu/qemu/commit/b3ad24485306e19d0cd08d96211ef033464eb97a
Author: Akihiko Odaki <akihiko.od...@daynix.com>
Date: 2025-08-29 (Fri, 29 Aug 2025)
Changed paths:
M hw/net/virtio-net.c
M hw/virtio/virtio.c
M include/hw/virtio/virtio.h
Log Message:
-----------
virtio-net: Add queues for RSS during migration
virtio_net_pre_load_queues() inspects vdev->guest_features to tell if
VIRTIO_NET_F_RSS or VIRTIO_NET_F_MQ is enabled to infer the required
number of queues. This works for VIRTIO_NET_F_MQ but it doesn't for
VIRTIO_NET_F_RSS because only the lowest 32 bits of vdev->guest_features
is set at the point and VIRTIO_NET_F_RSS uses bit 60 while
VIRTIO_NET_F_MQ uses bit 22.
Instead of inferring the required number of queues from
vdev->guest_features, use the number loaded from the vm state. This
change also has a nice side effect to remove a duplicate peer queue
pair change by circumventing virtio_net_set_multiqueue().
Also update the comment in include/hw/virtio/virtio.h to prevent an
implementation of pre_load_queues() from refering to any fields being
loaded during migration by accident in the future.
Fixes: 8c49756825da ("virtio-net: Add only one queue pair when realizing")
Fixes: 653217a501a1 ("virtio-net: Add only one queue pair when realizing" in
7.2.x)
Tested-by: Lei Yang <leiy...@redhat.com>
Cc: qemu-sta...@nongnu.org
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
Signed-off-by: Jason Wang <jasow...@redhat.com>
(cherry picked from commit adda0ad56bd28d5a809051cbd190fda5798ec4e4)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: e83c6b74110cb83564973d10919e4cbc74a233c4
https://github.com/qemu/qemu/commit/e83c6b74110cb83564973d10919e4cbc74a233c4
Author: Peter Maydell <peter.mayd...@linaro.org>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
M scripts/kernel-doc
Log Message:
-----------
scripts/kernel-doc: Avoid new Perl precedence warning
Newer versions of Perl (5.41.x and up) emit a warning for code in
kernel-doc:
Possible precedence problem between ! and pattern match (m//) at
/scripts/kernel-doc line 1597.
This is because the code does:
if (!$param =~ /\w\.\.\.$/) {
In Perl, the ! operator has higher precedence than the =~
pattern-match binding, so the effect of this condition is to first
logically-negate the string $param into a true-or-false value and
then try to pattern match it against the regex, which in this case
will always fail. This is almost certainly not what the author
intended.
In the new Python version of kernel-doc in the Linux kernel,
the equivalent code is written:
if KernRe(r'\w\.\.\.$').search(param):
# For named variable parameters of the form `x...`,
# remove the dots
param = param[:-3]
else:
# Handles unnamed variable parameters
param = "..."
which is a more sensible way of writing the behaviour you would
get if you put in brackets to make the regex match first and
then negate the result.
Take this as the intended behaviour, and update the Perl to match.
For QEMU, this produces no change in output, presumably because we
never used the "unnamed variable parameters" syntax.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Reviewed-by: Mauro Carvalho Chehab <mchehab+hua...@kernel.org>
Message-id: 20250819115648.2125709-1-peter.mayd...@linaro.org
(cherry picked from commit 5ffd387e9e0f787744fadaad35e1bf92224b0642)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: c8f0f7c1f3e4e902b37f4b821354d0a638d65737
https://github.com/qemu/qemu/commit/c8f0f7c1f3e4e902b37f4b821354d0a638d65737
Author: Peter Maydell <peter.mayd...@linaro.org>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
M hw/arm/stm32f205_soc.c
M include/hw/arm/stm32f205_soc.h
Log Message:
-----------
hw/arm/stm32f205_soc: Don't leak TYPE_OR_IRQ objects
In stm32f250_soc_initfn() we mostly use the standard pattern
for child objects of calling object_initialize_child(). However
for s->adc_irqs we call object_new() and then later qdev_realize(),
and we never unref the object on deinit. This causes a leak,
detected by ASAN on the device-introspect-test:
Indirect leak of 10 byte(s) in 1 object(s) allocated from:
#0 0x5b9fc4789de3 in malloc
(/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-arm+0x21f1de3)
(BuildId: 267a2619a026ed91c78a07b1eb2ef15381538efe)
#1 0x740de3f28b09 in g_malloc
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId:
1eb6131419edb83b2178b682829a6913cf682d75)
#2 0x740de3f3e4d8 in g_strdup
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x784d8) (BuildId:
1eb6131419edb83b2178b682829a6913cf682d75)
#3 0x5b9fc70159e1 in g_strdup_inline
/usr/include/glib-2.0/glib/gstrfuncs.h:321:10
#4 0x5b9fc70159e1 in object_property_try_add
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1276:18
#5 0x5b9fc7015f94 in object_property_add
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1294:12
#6 0x5b9fc701b900 in object_add_link_prop
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:2021:10
#7 0x5b9fc701b3fc in object_property_add_link
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:2037:12
#8 0x5b9fc4c299fb in qdev_init_gpio_out_named
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/gpio.c:90:9
#9 0x5b9fc4c29b26 in qdev_init_gpio_out
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/gpio.c:101:5
#10 0x5b9fc4c0f77a in or_irq_init
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/or-irq.c:70:5
#11 0x5b9fc70257e1 in object_init_with_type
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:428:9
#12 0x5b9fc700cd4b in object_initialize_with_type
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:570:5
#13 0x5b9fc700e66d in object_new_with_type
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:774:5
#14 0x5b9fc700e750 in object_new
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:789:12
#15 0x5b9fc68b2162 in stm32f205_soc_initfn
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/arm/stm32f205_soc.c:69:26
Switch to using object_initialize_child() like all our
other child objects for this SoC object.
Cc: qemu-sta...@nongnu.org
Fixes: b63041c8f6b ("STM32F205: Connect the ADC devices")
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-id: 20250821154229.2417453-1-peter.mayd...@linaro.org
(cherry picked from commit 2e27650bddd35477d994a795a3b1cb57c8ed5c76)
(Mjt: adjust for 7.2, for before qemu_or_irq rename to OrIRQState)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 978cd0679d0de6a0a0a3e85177f72eb89a35e513
https://github.com/qemu/qemu/commit/978cd0679d0de6a0a0a3e85177f72eb89a35e513
Author: Daniel Xu <d...@dxuuu.xyz>
Date: 2025-09-03 (Wed, 03 Sep 2025)
Changed paths:
M qga/commands.c
Log Message:
-----------
qga: Fix memory leak when output stream is unused
If capture-output is requested but one of the channels goes unused (eg.
we attempt to capture stderr but the command never writes to stderr), we
can leak memory.
guest_exec_output_watch() is (from what I understand) unconditionally
called for both streams if output capture is requested. The first call
will always pass the `p->size == p->length` check b/c both values are
0. Then GUEST_EXEC_IO_SIZE bytes will be allocated for the stream.
But when we reap the exited process there's a `gei->err.length > 0`
check to actually free the buffer. Which does not get run if the command
doesn't write to the stream.
Fix by making free() unconditional.
Reviewed-by: Konstantin Kostiuk <kkost...@redhat.com>
Signed-off-by: Daniel Xu <d...@dxuuu.xyz>
Signed-off-by: Konstantin Kostiuk <kkost...@redhat.com>
(cherry picked from commit d6f67b83b81bf49b5c62e77143ed39c020e51830)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 5c8b55967f269b71f307d6643cdc48fecc6dfa31
https://github.com/qemu/qemu/commit/5c8b55967f269b71f307d6643cdc48fecc6dfa31
Author: minglei.liu <minglei....@smartx.com>
Date: 2025-09-06 (Sat, 06 Sep 2025)
Changed paths:
M qga/commands.c
Log Message:
-----------
qga: Fix truncated output handling in guest-exec status reporting
Signed-off-by: minglei.liu <minglei....@smartx.com>
Fixes: a1853dca743
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Reviewed-by: Kostiantyn Kostiuk <kkost...@redhat.com>
Link:
https://lore.kernel.org/qemu-devel/20250711021714.91258-1-minglei....@smartx.com
Signed-off-by: Kostiantyn Kostiuk <kkost...@redhat.com>
(cherry picked from commit 28c5d27dd4dc4100a96ff4c9e5871dd23c6b02ec)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: ee2a2c7d5449c427b9d45cfbbfb65810664a1492
https://github.com/qemu/qemu/commit/ee2a2c7d5449c427b9d45cfbbfb65810664a1492
Author: Laurent Vivier <lviv...@redhat.com>
Date: 2025-09-06 (Sat, 06 Sep 2025)
Changed paths:
M hw/net/e1000e_core.c
Log Message:
-----------
e1000e: Prevent crash from legacy interrupt firing after MSI-X enable
A race condition between guest driver actions and QEMU timers can lead
to an assertion failure when the guest switches the e1000e from legacy
interrupt mode to MSI-X. If a legacy interrupt delay timer (TIDV or
RDTR) is active, but the guest enables MSI-X before the timer fires,
the pending interrupt cause can trigger an assert in
e1000e_intmgr_collect_delayed_causes().
This patch removes the assertion and executes the code that clears the
pending legacy causes. This change is safe and introduces no unintended
behavioral side effects, as it only alters a state that previously led
to termination.
- when core->delayed_causes == 0 the function was already a no-op and
remains so.
- when core->delayed_causes != 0 the function would previously
crash due to the assertion failure. The patch now defines a safe
outcome by clearing the cause and returning. Since behavior after
the assertion never existed, this simply corrects the crash.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1863
Suggested-by: Akihiko Odaki <od...@rsg.ci.i.u-tokyo.ac.jp>
Signed-off-by: Laurent Vivier <lviv...@redhat.com>
Acked-by: Jason Wang <jasow...@redhat.com>
Reviewed-by: Akihiko Odaki <od...@rsg.ci.i.u-tokyo.ac.jp>
Message-ID: <20250807110806.409065-1-lviv...@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 8e4649cac9bcddc050d2df07908075e9e69bccc7)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: d790ae865c9ccdd347e453499700d4479e7e1a6a
https://github.com/qemu/qemu/commit/d790ae865c9ccdd347e453499700d4479e7e1a6a
Author: Philippe Mathieu-Daudé <phi...@linaro.org>
Date: 2025-09-06 (Sat, 06 Sep 2025)
Changed paths:
M linux-user/mips/target_elf.h
Log Message:
-----------
linux-user/mips: Use P5600 as default CPU to run NaN2008 ELF binaries
Per the release 6.06 revision history:
5.03 August 21, 2013
• ABS2008 and NAN2008 fields of Table 5.7 “FCSR RegisterField
Descriptions” were optional in release 3 and could be R/W,
but as of release 5 are required, read-only, and preset by
hardware.
The P5600 core implements the release 5, and has the ABS2008
and NAN2008 bits set in CP1_fcr31. Therefore it is able to run
ELF binaries compiled with EF_MIPS_NAN2008, such the CIP United
Debian NaN2008 distribution:
http://repo.oss.cipunited.com/mipsel-nan2008/README.txt
In order to run such compiled binaries, select by default the
P5600 core when the ELF 'MIPS_NAN2008' flag is set.
Reported-by: Jiaxun Yang <jiaxun.y...@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Acked-by: Laurent Vivier <laur...@vivier.eu>
Message-Id: <20230327162444.388-1-phi...@linaro.org>
(cherry picked from commit 450cb7ec2c5fda51b9650ca25e59ac9deeb60d1b)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 8a9322814e9704001ed8fb6dd086abf11494912d
https://github.com/qemu/qemu/commit/8a9322814e9704001ed8fb6dd086abf11494912d
Author: Philippe Mathieu-Daudé <phi...@linaro.org>
Date: 2025-09-06 (Sat, 06 Sep 2025)
Changed paths:
M linux-user/mips/target_elf.h
M linux-user/mips64/target_elf.h
Log Message:
-----------
linux-user/mips: Do not try to use removed R5900 CPU
R5900 emulation was removed in commit 823f2897bd.
Remove it from ELF parsing in order to avoid:
$ qemu-mipsn32 ./test5900
qemu-mipsn32: unable to find CPU model 'R5900'
This reverts commit 4d9e5a0eb7df6e98ac6cf5e16029f35dd05b9537.
Fixes: 823f2897bd ("target/mips: Disable R5900 support")
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-Id: <20240814133928.6746-2-phi...@linaro.org>
(cherry picked from commit f7e3d7521b41ada97c5344914d3c9bc6ed04c82a)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 41e2ed199ef3a1ef0b6d163f4e72f4e1e9b9ab8c
https://github.com/qemu/qemu/commit/41e2ed199ef3a1ef0b6d163f4e72f4e1e9b9ab8c
Author: Philippe Mathieu-Daudé <phi...@linaro.org>
Date: 2025-09-06 (Sat, 06 Sep 2025)
Changed paths:
M include/elf.h
Log Message:
-----------
elf: Add EF_MIPS_ARCH_ASE definitions
Include MIPS ASE ELF definitions from binutils:
https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=include/elf/mips.h;h=4fc190f404d828ded84e621bfcece5fa9f9c23c8;hb=HEAD#l210
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-Id: <20250814070650.78657-2-phi...@linaro.org>
(cherry picked from commit 14ab44b96d5bf761af81cc723314ef5ecf73ed17)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 2d035553f30e39f0122d583e4f1121dafeb9a6e3
https://github.com/qemu/qemu/commit/2d035553f30e39f0122d583e4f1121dafeb9a6e3
Author: Philippe Mathieu-Daudé <phi...@linaro.org>
Date: 2025-09-06 (Sat, 06 Sep 2025)
Changed paths:
M linux-user/mips/target_elf.h
Log Message:
-----------
linux-user/mips: Select 74Kf CPU to run MIPS16e binaries
The 74Kf is our latest CPU supporting MIPS16e ASE.
Note, currently QEMU doesn't have 64-bit CPU supporting MIPS16e ASE.
Cc: qemu-sta...@nongnu.org
Fixes: 6ea219d0196..d19954f46df ("target-mips: MIPS16 support")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3054
Reported-by: Justin Applegate <justink.appleg...@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-Id: <20250814070650.78657-3-phi...@linaro.org>
(cherry picked from commit 7a09b3cc70ab6d717b18dec5c5995f7a06af4593)
(Mjt: in 10.1 and before the code is in linux-user/mips/target_elf.h)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 2c2da6ecf81ccdebcd730356047844301800a761
https://github.com/qemu/qemu/commit/2c2da6ecf81ccdebcd730356047844301800a761
Author: Philippe Mathieu-Daudé <phi...@linaro.org>
Date: 2025-09-06 (Sat, 06 Sep 2025)
Changed paths:
M linux-user/mips/target_elf.h
Log Message:
-----------
linux-user/mips: Select M14Kc CPU to run microMIPS binaries
The M14Kc is our latest CPU supporting the microMIPS ASE.
Note, currently QEMU doesn't have 64-bit CPU supporting microMIPS ASE.
Cc: qemu-sta...@nongnu.org
Fixes: 3c824109da0 ("target-mips: microMIPS ASE support")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3054
Reported-by: Justin Applegate <justink.appleg...@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-Id: <20250814070650.78657-4-phi...@linaro.org>
(cherry picked from commit 51c3aebfda6489b49cebef593a1ceb597cb97a7e)
(Mjt: in 10.1 and before, the code is in linux-user/mips/target_elf.h)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: cb72e6e4456541033a397e1f4d46d66c24cf9086
https://github.com/qemu/qemu/commit/cb72e6e4456541033a397e1f4d46d66c24cf9086
Author: Denis Rastyogin <ger...@altlinux.org>
Date: 2025-09-06 (Sat, 06 Sep 2025)
Changed paths:
M target/mips/tcg/sysemu/tlb_helper.c
Log Message:
-----------
target/mips: fix TLB huge page check to use 64-bit shift
Use extract64(entry, psn, 1) instead of (entry & (1 << psn)) to avoid
undefined behavior for shifts by 32–63 and to make bit extraction intent
explicit.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Denis Rastyogin <ger...@altlinux.org>
Message-ID: <20250814104914.13101-1-ger...@altlinux.org>
Signed-off-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 1f82ca723478f44823a18e7151e487d58da03659)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 9ac9b7ea53ac7b9c6fcca5f732d6bf59709e4338
https://github.com/qemu/qemu/commit/9ac9b7ea53ac7b9c6fcca5f732d6bf59709e4338
Author: Michael Tokarev <m...@tls.msk.ru>
Date: 2025-09-06 (Sat, 06 Sep 2025)
Changed paths:
M block/curl.c
Log Message:
-----------
block/curl: fix curl internal handles handling
block/curl.c uses CURLMOPT_SOCKETFUNCTION to register a socket callback.
According to the documentation, this callback is called not just with
application-created sockets but also with internal curl sockets, - and
for such sockets, user data pointer is not set by the application, so
the result qemu crashing.
Pass BDRVCURLState directly to the callback function as user pointer,
instead of relying on CURLINFO_PRIVATE.
This problem started happening with update of libcurl from 8.9 to 8.10 --
apparently with this change curl started using private handles more.
(CURLINFO_PRIVATE is used in one more place, in curl_multi_check_completion() -
it might need a similar fix too)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3081
Cc: qemu-sta...@qemu.org
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
(cherry picked from commit 606978500c3d18fb89a49844f253097b17f757de)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: b26daad0c474e9df587d89007ac21637983a37ce
https://github.com/qemu/qemu/commit/b26daad0c474e9df587d89007ac21637983a37ce
Author: Michael Tokarev <m...@tls.msk.ru>
Date: 2025-09-08 (Mon, 08 Sep 2025)
Changed paths:
M VERSION
Log Message:
-----------
Update version for 7.2.20 release
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/5a6481389d93...b26daad0c474
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
