Stefan Hajnoczi [Wed, 23 Apr 2025 13:29:12 +0000 (09:29 -0400)]
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* target/i386: Fix model number of Zhaoxin YongFeng vCPU template
* target/i386: Reset parked vCPUs together with the online ones
* scsi: add conversion from ENODEV to sense
* target/i386: tweaks to flag handling
* target/i386: tweaks to SHLD/SHRD code generation
* target/i386: remove some global temporaries from TCG
* target/i386: pull emulator outside target/i386/hvf
* host/i386: consolidate getting host CPU vendor
* rust/hpet: preparation for migration support
* rust/pl011: bring over more commits from C version
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (34 commits)
rust/hw/char/pl011: Extract DR write logic into separate function
rust/hw/char/pl011: Extract extract DR read logic into separate function
rust/vmstate_test: Fix typo in test_vmstate_macro_array_of_pointer_wrapped()
rust/hpet: Fix a clippy error
rust/hpet: convert HPETTimer index to u8 type
rust/hpet: convert num_timers to u8 type
i386/cpu: Consolidate the helper to get Host's vendor
target/i386/emulate: remove flags_mask
MAINTAINERS: add an entry for the x86 instruction emulator
target/i386: move x86 instruction emulator out of hvf
target/i386/emulate: add a panic.h
target/i386: add a directory for x86 instruction emulator
target/i386/hvf: rename some include guards
target/i386/hvf: drop unused headers
target/i386: rename lazy flags field and its type
target/i386/hvf: provide and use simulate_{wrmsr, rdmsr} in emul_ops
target/i386/hvf: provide and use write_mem in emul_ops
target/i386/hvf: use emul_ops->read_mem in x86_emu.c
target/i386: rename hvf_mmio_buf to emu_mmio_buf
target/i386/hvf: provide and use handle_io in emul_ops
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 23 Apr 2025 13:29:02 +0000 (09:29 -0400)]
Merge tag 'ipmi-for-qemu-10.0' of https://github.com/cminyard/qemu into staging
Some minor fixes for various things
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEE/Q1c5nzg9ZpmiCaGYfOMkJGb/4EFAmgAQuQACgkQYfOMkJGb
# /4G9EQ//do2GgBjj2NChR7G8CV7DyAA7rnhYx1txD8I4F1cyvMAW0flc8qE5MaC8
# pJpfvQwYJs60WQbg5RELEEPFubtMPz/OPgfZfpGsXBRwqbpl2c3JGrEpVnDpsqdW
# VXd24gFEuHyFKLoa4VMeJ40TvCsHsndkFTb7v12mneiH52YJyYDdb6ywkbeJS34F
# 1sX745LtgQbC/piFzcuwX/NvSPlk3O9FT84k4AdfUPpBJNicQ6aKeQB/kuXmecEU
# 6i6j8E/oCzZM9yLXWFFg3Fit5F24CBK9uDpFLE1ctoOW0lsVaQ+e8ogprvY7KMlO
# zZVu2CPOZPf6IwUC/nmvWukey1BHpJSpEwZPZJao3Bt+qxK3hEl2FNPQIBVLNsJ9
# /6f6VtdgYSkkMed3G11eVS+p5QwX+4GEg+rhV8HDMYPecpaSePR3DIomAUKTc9je
# t89ooW3iy6egONcbZSlFILPRmfRHv2h6aLOSMAAFXgx4aKt1I9b0EpjqBvDgTIxZ
# 3ehn2jnwG8jTYaJdkiXFvvYNn2A8qEJc1Hifud1skJchqFXn7e6mjneLuOWO4uYZ
# /VnOljqu+KwyDWxCnMfkLuOd+PNnHvB9fctqRvYJpsyc+WyjmRhH+YlbG2yt/FZj
# fmCjZWKrZR2e6GaUPQSTEpahbuySf4QV4B9sP+YOcSQFy3N8ocU=
# =V8+d
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 16 Apr 2025 19:53:08 EDT
# gpg: using RSA key FD0D5CE67CE0F59A6688268661F38C90919BFF81
# gpg: Good signature from "Corey Minyard <cminyard@mvista.com>" [unknown]
# gpg: aka "Corey Minyard <corey@minyard.net>" [unknown]
# gpg: aka "Corey Minyard <minyard@mvista.com>" [unknown]
# gpg: aka "Corey Minyard <minyard@acm.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FD0D 5CE6 7CE0 F59A 6688 2686 61F3 8C90 919B FF81
* tag 'ipmi-for-qemu-10.0' of https://github.com/cminyard/qemu:
ipmi/bmc-sim: add error handling for 'Set BMC Global Enables' command
ipmi/bmc-sim: implement watchdog dont log flag
ipmi/bmc-sim: Add 'Get Channel Info' command
ipmi: add fwinfo to pci ipmi devices
ipmi/pci-ipmi-bt: Rename copy-paste variables
hw/ipmi: Move vmsd registration to device class
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Zhao Liu [Mon, 14 Apr 2025 14:49:41 +0000 (22:49 +0800)]
rust/hpet: convert HPETTimer index to u8 type
The C version of HPET uses the uint8_t type for timer index ("tn"), and
usize type in Rust version will break migration between the C and Rust
versions.
So convert HPETTimer index' type to u8 (consistent with the C version of
HPET) to make it friendly for vmstate support.
Zhao Liu [Mon, 14 Apr 2025 14:49:40 +0000 (22:49 +0800)]
rust/hpet: convert num_timers to u8 type
The C version of HPET uses the uint8_t type for num_timers, and usize
type in Rust version will break migration between the C and Rust
versions.
So convert num_timers' type to u8 (consistent with the C version of
HPET) to make it friendly for vmstate support.
Note the commit 7bda68e8e2b0 ("qdev, rust/hpet: fix type of HPET
'timers property") supports the usize type property, but the uint8
property has to be re-supported now.
Paolo Bonzini [Thu, 3 Apr 2025 19:45:36 +0000 (21:45 +0200)]
target/i386/emulate: remove flags_mask
The field is written but never read.
Cc: Wei Liu <liuwe@linux.microsoft.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Wei Liu [Fri, 7 Mar 2025 19:55:15 +0000 (11:55 -0800)]
target/i386: rename hvf_mmio_buf to emu_mmio_buf
We want to refactor HVF's instruction emulator to a common component. Renaming
hvf_mmio_buf removes the association between HVF and the instruction emulator.
The definition of the field is still guarded by CONFIG_HVF for now, since it is
the only user.
Paolo Bonzini [Thu, 3 Apr 2025 16:20:06 +0000 (18:20 +0200)]
target/i386: tcg: use cout to commonize add/adc/sub/sbb cases
Use the carry-out vector as the basis to compute AF, CF and OF. The cost
is pretty much the same, because the carry-out is just four boolean
operations, and the code is much smaller because add/adc/sub/sbb now
share most of it.
A similar algorithm to what is used in target/i386/emulate can also be
used for APX, in order to build the result of CCMP/CTEST with a new CC_OP_*.
CCMP needs to place into the flags from either a subtraction or a constant
value; CTEST likewise place into the flags either an AND or a constant
value. The new CC_OP for CCMP and CTEST would store for a successful
predcate:
- in DST and SRC2, the result of the operation;
- in SRC, a carry-out vector for CCMP or zero for CTEST;
If the default flag value is used, DST/SRC/SRC2 can be filled with
constants:
- in DST the negated ZF;
- in SRC's top 2 bits, a value that results in the desired OF and CF;
- in SRC2 a suitable value (any of 0/1/~0/~1) that can be used
instead of DST to compute the desired SF and PF.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 3 Apr 2025 12:06:37 +0000 (14:06 +0200)]
target/i386: tcg: simplify computation of AF after INC/DEC
No difference in generated code, but the XOR-based formula is
easily understood on its own. This will make more sense once
ADD/SUB stop using dst^src1^src2 to compute AF.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 13 Feb 2025 17:51:34 +0000 (18:51 +0100)]
target/i386: tcg: remove some more uses of temporaries
Remove all uses of 32-bit temporaries in emit.c.inc. Remove uses
in translate.c outside the large multiplexed generator functions.
tmp3_i32 is not used anymore and can go away.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 3 Apr 2025 19:39:54 +0000 (21:39 +0200)]
target/i386/hvf: fix lflags_to_rflags
Clear the flags before adding in the ones computed from lflags.
Cc: Wei Liu <liuwe@linux.microsoft.com> Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
target/i386: Reset parked vCPUs together with the online ones
Commit 3f2a05b31ee9 ("target/i386: Reset TSCs of parked vCPUs too on VM
reset") introduced a way to reset TSCs of parked vCPUs during VM reset to
prevent them getting desynchronized with the online vCPUs and therefore
causing the KVM PV clock to lose PVCLOCK_TSC_STABLE_BIT.
The way this was done was by registering a parked vCPU-specific QEMU reset
callback via qemu_register_reset().
However, it turns out that on particularly device-rich VMs QEMU reset
callbacks can take a long time to execute (which isn't surprising,
considering that they involve resetting all of VM devices).
In particular, their total runtime can exceed the 1-second TSC
synchronization window introduced in KVM commit 5d3cb0f6a8e3 ("KVM:
Improve TSC offset matching").
Since the TSCs of online vCPUs are only reset from "synchronize_post_reset"
AccelOps handler (which runs after all qemu_register_reset() handlers) this
essentially makes that fix ineffective on these VMs.
The easiest way to guarantee that these parked vCPUs are reset at the same
time as the online ones (regardless how long it takes for VM devices to
reset) is to piggyback on post-reset vCPU synchronization handler for one
of online vCPUs - as there is no generic post-reset AccelOps handler that
isn't per-vCPU.
The first online vCPU was selected for that since it is easily available
under "first_cpu" define.
This does not create an ordering issue since the order of vCPU TSC resets
does not matter.
Ewan Hai [Mon, 14 Apr 2025 07:53:42 +0000 (03:53 -0400)]
target/i386: Fix model number of Zhaoxin YongFeng vCPU template
The model number was mistakenly set to 0x0b (11) in commit ff04bc1ac4.
The correct value is 0x5b. This mistake occurred because the extended
model bits in cpuid[eax=0x1].eax were overlooked, and only the base
model was used.
Using the wrong model number can affect guest behavior. One known issue
is that vPMU (which relies on the model number) may fail to operate
correctly.
This patch corrects the model field by introducing a new vCPU version.
Paolo Bonzini [Thu, 10 Apr 2025 15:42:52 +0000 (17:42 +0200)]
scsi: add conversion from ENODEV to sense
This is mostly for completeness; I noticed it because ENODEV is used internally
within scsi-disk.c, but when scsi_sense_from_errno(ENODEV) is called the resulting
sense is never used and instead scsi_sense_from_host_status() is called later
by scsi_req_complete_failed().
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The goal was to remove the need to patch the (const) input buffer
with a recomputed UDP checksum by copying headers to a RW region and
inject the checksum there. The patch computed the checksum only from the
header fields (missing the rest of the payload) producing an invalid one
and making guests fail to acquire a DHCP lease.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2727 Cc: qemu-stable@nongnu.org Signed-off-by: Antoine Damhet <adamhet@scaleway.com> Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-ID: <20250408145345.142947-1-adamhet@scaleway.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
system/main: transfer replay mutex ownership from main thread to main loop thread
On MacOS, UI event loop has to be ran in the main thread of a process.
Because of that restriction, on this platform, qemu main event loop is
ran on another thread [1].
This breaks record/replay feature, which expects thread running qemu_init
to initialize hold this lock, breaking associated functional tests on
MacOS.
Thus, as a generalization, and similar to how BQL is handled, we release
it after init, and reacquire the lock before entering main event loop,
avoiding a special case if a separate thread is used.
Stefan Hajnoczi [Mon, 14 Apr 2025 15:02:34 +0000 (11:02 -0400)]
Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging
trivial patches for 2025-04-14
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmf81fEACgkQgqpKJDse
# lHihiBAAlf/FCOGs4qCJuwuoeebI9WC22C+80hQPNMiXLvV7wQWJMqdf6UvPOUt/
# LUdndWrPb2hKKVzcv6mMEKl0wEAxOdxB1FiZZltKwIJiES1OXJcKjNSK84PTN/CN
# WDC/mVjv5v10X7x3xUHTqB1qr6MpWuSQLnfob5u40MVa43wZj6fJPeSYzHsWNgrx
# 47xLlqFyGVv7mMtIxpYsrKoFypNaTTHggSydZnUkOQBIsXvxE9mEagIdNhjGQVNh
# gx76DWxYnjM932yIizKCQJhe2umetlHUR9dUEqWkI8xRA0pQVTE/p5c+rkIxCzeu
# uAadKOOGdRaHKjinyMQMoFTjC6CH8f1znWVwYJvsh2XLyJXb7PAo6jq3piUWLQpv
# OTXSQ2N/1FJeYEkliyjJibabviJpmdY3mzr/Bw0jJh3KYGm1Ub/lGjjaVes5PwHz
# xa5jnm2Dk9sdpWP2VCyxhlffs5iSOQblPBit4UeTyytg1SZohcWNevcz+AdrCUEE
# nYvxQoAl0euq6oAXDV1qsVl7HwgEm9FCiMJY8G94G890wGx9gPIZ+Ofp+9GHbve0
# sxY027EjvosX9Om2IRexmLpwnHRCUYw+09fD8iqs7ie/oN5ryTgYG5oZMAjAZC46
# Rd+dcuxxmT9uc5XZoZaGzloNmCDI7RjMAMAaSlwUMXHB0XA0wc8=
# =VgUD
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 14 Apr 2025 05:31:29 EDT
# gpg: using RSA key 64AA2AB531D56903366BFEF982AA4A243B1E9478
# gpg: Good signature from "Michael Tokarev <mjt@debian.org>" [unknown]
# gpg: aka "Michael Tokarev <mjt@corpit.ru>" [unknown]
# gpg: aka "Michael Tokarev <mjt@tls.msk.ru>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E
# Subkey fingerprint: 64AA 2AB5 31D5 6903 366B FEF9 82AA 4A24 3B1E 9478
* tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu:
docs: Document removal of 64-bit on 32-bit emulation
Fix objdump output parser in "nsis.py"
docs: Fix some typos (found by codespell and typos)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 14 Apr 2025 15:02:09 +0000 (11:02 -0400)]
Merge tag 'pull-10.0-final-fixes-090425-1' of https://gitlab.com/stsquad/qemu into staging
Final fixes for 10.0
- properly exit aarch64-softmmu tcg tests on unexpected exceptions
- fix deadlock when uninstalling a plugin
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmf2P+0ACgkQ+9DbCVqe
# KkTHdAf/b4CGLNJBS7UV/eYxhgxJ2TM4KgfXm4FvrcS4V5rpNheMuLoQzgYDY+EC
# 5ioANRcY+rOK2Yd+upO4SbaUyAvf7C5kAtMgs6AYiqbm5F8b47FS/q8f9mBBJ+qB
# tl2FU6hjVjymMRoaPqqpPkkkHy9YNHe48TP4ohGfD6336JA5MW6v8nhdK+d3fsan
# AUCSWAe8gxjmM6qnrhku6vvJ5EOiqpsb8zhsWVXdZesSG+1ATm6KCo6hDd0OkMrk
# si6ML5txU1rxx5VOkGlDUo7ZV2TE/zdgMyaP/kXGtKuj+ipLMzqNjlD50xPJu05b
# o4hTbt8erzxduVHrBKT5qhKQl8BEpw==
# =LN/t
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 09 Apr 2025 05:37:49 EDT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-10.0-final-fixes-090425-1' of https://gitlab.com/stsquad/qemu:
tests/tcg/plugins: add plugin to test reset and uninstall
plugins/loader: fix deadlock when resetting/uninstalling a plugin
tests/tcg: fix semihosting SYS_EXIT for aarch64 in boot.S
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
docs: Document removal of 64-bit on 32-bit emulation
With acce728cbc6c we disallowed configuring 64-bit guests on
32-bit hosts, but forgot to document that in removed-features.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
In msys2 distribution objdump from gcc is using single tab character
prefix, but objdump from clang is using 4 white space characters instead.
The script will not identify any dll dependencies for a QEMU build
generated with clang. This in turn will fail the build, because there
will be no files inside dlldir and no setup file will be created.
Instead of checking for whitespace in prefix use lstrip to accommodate
for differences in outputs.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Nicholas Piggin [Tue, 1 Apr 2025 14:01:52 +0000 (00:01 +1000)]
ipmi/bmc-sim: add error handling for 'Set BMC Global Enables' command
Mask out unsupported bits and return failure if attempting to set
any. This is not required by the IPMI spec, but it does require that
system software not change bits it isn't aware of.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-ID: <20250401140153.685523-6-npiggin@gmail.com> Signed-off-by: Corey Minyard <corey@minyard.net>
Nicholas Piggin [Tue, 1 Apr 2025 14:01:49 +0000 (00:01 +1000)]
ipmi: add fwinfo to pci ipmi devices
This requires some adjustments to callers to avoid possible behaviour
changes for PCI devices.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-ID: <20250401140153.685523-3-npiggin@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[Rename pci_ipmi_bt_get_fwinfo to pci_ipmi_kcs_get_fwinfo in the
pci_ipmi_kcs.c file.] Signed-off-by: Corey Minyard <corey@minyard.net>
Nicholas Piggin [Tue, 1 Apr 2025 14:01:48 +0000 (00:01 +1000)]
ipmi/pci-ipmi-bt: Rename copy-paste variables
IPMI drivers use p/k suffix in variable names depending on bt or kcs.
The pci bt driver must have come from the kcs driver because it's
still using k suffixes in some cases. Rename.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-ID: <20250401140153.685523-2-npiggin@gmail.com> Signed-off-by: Corey Minyard <corey@minyard.net>
It's the right way to do it now, and it handles multiple instances
properly. I need multiple instances for some testing I'm doing so this
is the right thing to do.
Alex Bennée [Fri, 4 Apr 2025 11:51:12 +0000 (12:51 +0100)]
tests/tcg: fix semihosting SYS_EXIT for aarch64 in boot.S
We don't expect to hit exceptions in our testing so currently all the
vectors report an un-expected exception and then attempt to exit.
However for aarch64 we should always use the extended information
block as we do in _exit. Rather than duplicate the code on the error
handler just branch to the _exit handler with a failing status code.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20250404115641.258048-1-alex.bennee@linaro.org>
* tag 'hw-misc-20250408' of https://github.com/philmd/qemu:
scripts/checkpatch: Fix typo in SPDX-License-Identifier keyword
hw/nvme: fix attachment of private namespaces
hw/arm/imx8mp-evk: Temporarily remove unimplemented imx8mp-fspi node from devicetree
hw/arm/imx8mp-evk: Remove unimplemented cpu-idle-states properties from devicetree
hw/ufs: Fix incorrect comment for segment_size and allocation_unit_size
docs/arm: Add apple HVF host for supported guest CPU type
hw/core/machine: Fix -machine dumpdtb=file.dtb
smbios: Fix buffer overrun when using path= option
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Zhao Liu [Tue, 8 Apr 2025 16:27:02 +0000 (00:27 +0800)]
scripts/checkpatch: Fix typo in SPDX-License-Identifier keyword
Fix the typo in the error message to help `grep` the example:
ERROR: New file '***' requires 'SPDX-License-Identifer'
Fixes: fa4d79c64dae ("scripts: mandate that new files have SPDX-License-Identifier") Signed-off-by: Zhao Liu <zhao1.liu@intel.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250408162702.2350565-1-zhao1.liu@intel.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Keoseong Park [Thu, 3 Apr 2025 09:21:40 +0000 (18:21 +0900)]
hw/ufs: Fix incorrect comment for segment_size and allocation_unit_size
The comments for segment_size and allocation_unit_size incorrectly
described them as 4KB. According to the UFS specification,
segment_size is expressed in units of 512 bytes.
Given segment_size = 0x2000 (8192), the actual size is 4MB.
Similarly, allocation_unit_size = 1 means 1 segment = 4MB.
This patch updates the comments to reflect the correct size.
Signed-off-by: Keoseong Park <keosung.park@samsung.com> Reviewed-by: Jeuk Kim <jeuk20.kim@samsung.com>
Message-ID: <20250403092140epcms2p355a7f039871b3e5b409754ef450b9158@epcms2p3> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Joel Stanley [Tue, 1 Apr 2025 04:15:08 +0000 (14:45 +1030)]
hw/core/machine: Fix -machine dumpdtb=file.dtb
In commit 8fd2518ef2f8 ("hw: Centralize handling of -machine dumpdtb
option") the call to dump was moved with respect to the init of the
machine. This resulted in the device tree missing parts of the machine
description, depending on how they construct their device tree.
The arm virt machine is missing some PSCI nodes, while the riscv one
is missing most of its content.
Move the dump to after the notifiers have been run, allowing
virt_machine_done to be called and the device tree to be fully
populated.
Fixes: 8fd2518ef2f8 ("hw: Centralize handling of -machine dumpdtb option") Signed-off-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250401041509.719153-1-joel@jms.id.au> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Daan De Meyer [Sun, 23 Mar 2025 21:35:54 +0000 (22:35 +0100)]
smbios: Fix buffer overrun when using path= option
We have to make sure the array of bytes read from the path= file
is null-terminated, otherwise we run into a buffer overrun later on.
Fixes: bb99f4772f54017490e3356ecbb3df25c5d4537f ("hw/smbios: support loading OEM strings values from a file")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2879
Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Tested-by: Valentin David <valentin.david@canonical.com>
Message-ID: <20250323213622.2581013-1-daan.j.demeyer@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Stefan Hajnoczi [Tue, 8 Apr 2025 13:59:33 +0000 (09:59 -0400)]
Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging
Block layer patches
- scsi-disk: Apply error policy for host_status errors again
- qcow2: Fix qemu-img info crash with missing crypto header
- qemu-img bench: Fix division by zero for zero-sized images
- test-bdrv-drain: Fix data races
* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
test-bdrv-drain: Fix data races
scsi-disk: Apply error policy for host_status errors again
qcow2: Don't crash qemu-img info with missing crypto header
qemu-img: fix division by zero in bench_cb() for zero-sized images
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'pull-qapi-2025-04-08' of https://repo.or.cz/qemu/armbru:
qga/qapi-schema: Add a proper introduction
storage-daemon/qapi/qapi-schema: Add a proper introduction
qapi/qapi-schema: Address the introduction's bit rot
qapi/qapi-schema: Update introduction for example notation
docs/sphinx/qmp_lexer: Highlight elisions like comments, not prompts
docs/sphinx/qmp_lexer: Generalize elision syntax
docs/devel/qapi-code-gen: Improve the part on qmp-example directive
docs/interop: Sanitize QMP reference manuals TOC
docs/interop: Delete "QEMU Guest Agent Protocol Reference" TOC
qapi/rocker: Tidy up query-rocker-of-dpa-flows example
docs/devel/qapi-code-gen: Tidy up whitespace
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 8 Apr 2025 13:12:27 +0000 (09:12 -0400)]
Merge tag 'pull-loongarch-20250408' of https://github.com/gaosong715/qemu into staging
loongarch bug fix for 10.0
# -----BEGIN PGP SIGNATURE-----
#
# iLMEAAEKAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCZ/THrQAKCRBAov/yOSY+
# 37asA/0YLOX9BvqG5Qk2cDYJD7ZCTuVsd7bJ0VHGbbf4vuuvmD8ubGeJf1F8cse0
# mufip5/DHlzV3gB+G/vavkG/i45mMDlkyFgvuYaEHZiYH/+3S1Np0/iyl3RFpGNz
# Srua0Flo4PppYRbQ2NG0puvpuhNziTQTMneTm2YiMMBxl4p2OA==
# =BwNB
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 08 Apr 2025 02:52:29 EDT
# gpg: using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF
# gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF
* tag 'pull-loongarch-20250408' of https://github.com/gaosong715/qemu:
hw/loongarch/virt: Replace destination error with error_abort
hw/loongarch/virt: Fix cpuslot::cpu set at last in virt_cpu_plug()
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch addresses potential data races involving access to Job fields
in the test-bdrv-drain test.
Fixes: 7253220de4 ("test-bdrv-drain: Test drain vs. block jobs")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2900 Signed-off-by: Vitalii Mordan <mordan@ispras.ru>
Message-ID: <20250402102119.3345626-1-mordan@ispras.ru>
[kwolf: Fixed up coding style and one missing atomic access] Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Mon, 7 Apr 2025 15:59:49 +0000 (17:59 +0200)]
scsi-disk: Apply error policy for host_status errors again
Originally, all failed SG_IO requests called scsi_handle_rw_error() to
apply the configured error policy. However, commit f3126d65, which was
supposed to be a mere refactoring for scsi-disk.c, broke this and
accidentally completed the SCSI request without considering the error
policy any more if the error was signalled in the host_status field.
Apart from the commit message not describing the change as intended,
errors indicated in host_status are also obviously backend errors and
not something the guest must deal with independently of the error
policy.
This behaviour means that some recoverable errors (such as a path error
in multipath configurations) were reported to the guest anyway, which
might not expect it and might consider its disk broken.
Make sure that we apply the error policy again for host_status errors,
too. This addresses an existing FIXME comment and allows us to remove
some comments warning that callbacks weren't always called. With this
fix, they are called in all cases again.
The return value passed to the request callback doesn't have more free
values that could be used to indicate host_status errors as well as SAM
status codes and negative errno. Store the value in the host_status
field of the SCSIRequest instead and use -ENODEV as the return value (if
a path hasn't been reachable for a while, blk_aio_ioctl() will return
-ENODEV instead of just setting host_status, so just reuse it here -
it's not necessarily entirely accurate, but it's as good as any errno).
Cc: qemu-stable@nongnu.org Fixes: f3126d65b393 ('scsi: move host_status handling into SCSI drivers') Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20250407155949.44736-1-kwolf@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Hanna Czenczek <hreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Nicholas Piggin [Thu, 24 Oct 2024 15:18:12 +0000 (01:18 +1000)]
target/ppc: Fix SPRC/SPRD SPRs for P9/10
Commit 60d30cff847 ("target/ppc: Move SPR indirect registers into
PnvCore") was mismerged and moved the SPRs to power8-only, instead
of power9/10-only.
Fixes: 60d30cff847 ("target/ppc: Move SPR indirect registers into PnvCore") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Cc: qemu-stable@nongnu.org Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Nicholas Piggin [Thu, 5 Sep 2024 22:13:51 +0000 (08:13 +1000)]
target/ppc: Big-core scratch register fix
The per-core SCRATCH0-7 registers are shared between big cores, which
was missed in the big-core implementation. It is difficult to model
well with the big-core == 2xPnvCore scheme we moved to, this fix
uses the even PnvCore to store the scrach data.
Also remove a stray log message that came in with the same patch that
introduced patch.
Fixes: c26504afd5f5c ("ppc/pnv: Add a big-core mode that joins two regular cores") Cc: qemu-stable@nongnu.org Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Kevin Wolf [Tue, 18 Mar 2025 20:11:43 +0000 (21:11 +0100)]
qcow2: Don't crash qemu-img info with missing crypto header
qcow2_refresh_limits() assumes that s->crypto is non-NULL whenever
bs->encrypted is true. This is actually not the case: qcow2_do_open()
allows to open an image with a missing crypto header for BDRV_O_NO_IO,
and then bs->encrypted is true, but s->crypto is still NULL.
It doesn't make sense to open an invalid image, so remove the exception
for BDRV_O_NO_IO. This catches the problem early and any code that makes
the same assumption is safe now.
At the same time, in the name of defensive programming, we shouldn't
make the assumption in the first place. Let qcow2_refresh_limits() check
s->crypto rather than bs->encrypted. If s->crypto is NULL, it also can't
make any requirement on request alignment.
Finally, start a qcow2-encryption test case that only serves as a
regression test for this crash for now.
Reported-by: Leonid Reviakin <L.reviakin@fobos-nt.ru> Reported-by: Denis Rastyogin <gerben@altlinux.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20250318201143.70657-1-kwolf@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Denis Rastyogin [Tue, 18 Mar 2025 10:19:00 +0000 (13:19 +0300)]
qemu-img: fix division by zero in bench_cb() for zero-sized images
This error was discovered by fuzzing qemu-img.
This commit fixes a division by zero error in the bench_cb() function
that occurs when using the bench command with a zero-sized image.
The issue arises because b->image_size can be zero, leading to a
division by zero in the modulo operation (b->offset %= b->image_size).
This patch adds a check for b->image_size == 0 and resets b->offset
to 0 in such cases, preventing the error.
Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
Message-ID: <20250318101933.255617-1-gerben@altlinux.org> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-12-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
storage-daemon/qapi/qapi-schema: Add a proper introduction
Contents adapted from qapi/qapi-schema.json.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-11-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
qapi/qapi-schema: Address the introduction's bit rot
Cut the crap that stopped making sense years ago. Adjust the
remainder.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-10-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
qapi/qapi-schema: Update introduction for example notation
The introduction explains example notation. The series merged in
merge commit e6485190f77e (in 9.1) improved how they look in generated
docs, but neglected to update the introduction accordingly. Do that
now.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-9-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
docs/sphinx/qmp_lexer: Highlight elisions like comments, not prompts
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-8-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Accept "... lorem ipsum ..." in addition to "...".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-7-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
docs/devel/qapi-code-gen: Improve the part on qmp-example directive
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-6-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
The "QEMU QMP Reference Manual" and the "QEMU Storage Daemon QMP
Reference Manual" start with a table of contents that looks like this:
Contents
* Title of the manual
* Title of first first-level section
* Title of its first second-level section
* Title of its second second-level section
...
* Title of second first-level section
...
The first level is useless. Drop it.
While there, delete the option that limits the TOC to depth 3. Its
actual depth was 3 before the patch, and is now 2.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-5-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
The "QEMU Guest Agent Protocol Reference" starts with the following
table of contents:
Contents
* QEMU Guest Agent Protocol Reference
* QEMU guest agent protocol commands and structs
This is useless. Delete the entire TOC.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-4-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
qapi/rocker: Tidy up query-rocker-of-dpa-flows example
The command can return any number of RockerOfDpaFlow objects. The
example shows it returning exactly two, with the second object's
members elided. Tweak it so it elides elements after the first
instead.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-3-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
[Commit message typo fixed]
Consistently use two spaces to separate sentences.
Put "::" on a line of its own when it's preceded by whitespace.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20250404121413.1743790-2-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Bibo Mao [Mon, 24 Mar 2025 03:01:45 +0000 (11:01 +0800)]
hw/loongarch/virt: Replace destination error with error_abort
In function virt_cpu_plug() and virt_cpu_unplug(), the error is
impossile. Destination error is not propagated and replaced with
error_abort. With this, the logic is simple.
Signed-off-by: Bibo Mao <maobibo@loongson.cn> Acked-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20250324030145.3037408-3-maobibo@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
Bibo Mao [Mon, 24 Mar 2025 03:01:44 +0000 (11:01 +0800)]
hw/loongarch/virt: Fix cpuslot::cpu set at last in virt_cpu_plug()
In function virt_cpu_plug(), Object cpuslot::cpu is set at last
only when there is no any error, otherwise it is problematic that
cpuslot::cpu is set in advance however it returns because of error.
Fixes: ab9935d2991e (hw/loongarch/virt: Implement cpu plug interface) Signed-off-by: Bibo Mao <maobibo@loongson.cn> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20250324030145.3037408-2-maobibo@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
Commit 5b4beba124 ("RISC-V Spike Machines") added the Spike machine and
made it default for qemu-system-riscv32/64. It was the first RISC-V
machine added in QEMU so setting it as default was sensible.
Today we have 7 riscv64 and 6 riscv32 machines and having 'spike' as
default machine is not intuitive. For example, [1] is a bug that was
opened with the 'virt' board in mind, but given that the user didn't
pass a '-machine' option, the user was using 'spike' without knowing.
Being explicit in the command line is desirable when we have a handful
of boards available, so deprecate the default machine setting from
RISC-V.
Suggested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250404122858.241598-1-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Stefan Hajnoczi [Fri, 4 Apr 2025 14:23:17 +0000 (10:23 -0400)]
Merge tag 'pull-tcg-20250403' of https://gitlab.com/rth7680/qemu into staging
tcg: Allocate TEMP_VAL_MEM frame in temp_load()
tests/functional: Skip aarch64_replay test on macOS
hw/arm: Do not build VMapple machine by default
tests/functional/test_aarch64_rme_virt: fix sporadic failure
* tag 'pull-tcg-20250403' of https://gitlab.com/rth7680/qemu:
hw/arm: Do not build VMapple machine by default
tests/qtest: Skip Aarch64 VMapple machine
tests/functional: Skip aarch64_replay test on macOS
tests/functional: Add a decorator for skipping tests on particular OS
tests/functional/test_aarch64_rme_virt: fix sporadic failure
tcg: Allocate TEMP_VAL_MEM frame in temp_load()
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
hw/i386/amd_iommu: Assign pci-id 0x1419 for the AMD IOMMU device
virtio-net: Fix num_buffers for version 1
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This is tracked as https://gitlab.com/qemu-project/qemu/-/issues/2913
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250403203241.46692-6-philmd@linaro.org>
First, the VMapple machine only works with the ARM 'host' CPU
type, which isn't accepted for QTest:
$ qemu-system-aarch64 -M vmapple -accel qtest
qemu-system-aarch64: The 'host' CPU type can only be used with KVM or HVF
Second, the QTest framework expects machines to be createable
without specifying optional arguments, however the VMapple
machine requires few of them:
$ qemu-system-aarch64 -M vmapple -accel qtest
qemu-system-aarch64: No firmware specified
$ qemu-system-aarch64 -M vmapple -accel qtest -bios /dev/null
qemu-system-aarch64: No AUX device. Please specify one as pflash drive.
Restrict this machine with QTest so we can at least run check-qtest,
otherwise we get:
$ make check-qtest-aarch64
qemu-system-aarch64: The 'host' CPU type can only be used with KVM or HVF
Broken pipe
../tests/qtest/libqtest.c:199: kill_qemu() tried to terminate QEMU process but encountered exit status 1 (expected 0)
...
7/26 qemu:qtest+qtest-aarch64 / qtest-aarch64/test-hmp ERROR 24.71s killed by signal 6 SIGABRT
2/26 qemu:qtest+qtest-aarch64 / qtest-aarch64/qom-test ERROR 71.23s killed by signal 6 SIGABRT
Suggested-by: Fabiano Rosas <farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250403203241.46692-5-philmd@linaro.org>
This is tracked as https://gitlab.com/qemu-project/qemu/-/issues/2907
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250403203241.46692-4-philmd@linaro.org>
tests/functional: Add a decorator for skipping tests on particular OS
Since tests might be failing on some operating systems,
introduce the skipIfOperatingSystem() decorator.
Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250403203241.46692-3-philmd@linaro.org>
This test was randomly failing on our CI, and on dev machines,
especially with QEMU debug builds.
>From the information collected, it's related to an implementation choice
in edk2 QEMU virt support. The workaround is to disable KASLR, to avoid
accessing protected memory.
Note: this is *not* needed for the similar test_aarch64_rme_sbsaref.
More information is available on the associated GitLab issue.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2823 Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250328183816.2687925-1-pierrick.bouvier@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250403203241.46692-2-philmd@linaro.org>
projects / people / aperard / qemu-dm.git / log