[PATCH v3] linux-user: Add syscall dispatch support

This commit adds support for the `prctl(PR_SET_SYSCALL_USER_DISPATCH)` function in the Linux userspace emulator. It is implemented as a fully host-independent function, by forcing a SIGSYS early during syscall handling, if the PC is outside the allowed range. Since disabled SUD is indistinguishab

[PATCH v2 1/9] target/arm: Add prot_check parameter to pmsav8_mpu_lookup

Separate the access_type from the protection check. Signed-off-by: Richard Henderson --- target/arm/internals.h| 5 +++-- target/arm/ptw.c | 11 ++- target/arm/tcg/m_helper.c | 4 ++-- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/target/arm/internals.h b

[PATCH v2 6/9] target/arm: Convert do_ats_write to access_perm

Signed-off-by: Richard Henderson --- target/arm/tcg/cpregs-at.c | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/target/arm/tcg/cpregs-at.c b/target/arm/tcg/cpregs-at.c index 2ff0b3e76f..bebf168997 100644 --- a/target/arm/tcg/cpregs-at.c +++ b/target/arm/tcg/cp

[PATCH v2 4/9] target/arm: Introduce get_phys_addr_for_at

Rename get_phys_addr_with_space_nogpc for its only caller, do_ats_write. Drop the MemOp memop argument as it doesn't make sense in the new context. Replace the access_type parameter with prot_check. Signed-off-by: Richard Henderson --- target/arm/internals.h | 18 +++--- target

[PATCH v2 8/9] target/arm: Remove outdated comment for ZCR_EL12

The comment about not being included in the summary table has been out of date for quite a while. Signed-off-by: Richard Henderson --- target/arm/helper.c | 5 - 1 file changed, 5 deletions(-) diff --git a/target/arm/helper.c b/target/arm/helper.c index ce981191b3..8c8eea7109 100644 --- a/t

[PATCH v2 5/9] target/arm: Skip AF and DB updates for AccessType_AT

We are required to skip DB update for AT instructions, and we are allowed to skip AF updates. Choose to skip both. Signed-off-by: Richard Henderson --- target/arm/ptw.c | 15 ++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/target/arm/ptw.c b/target/arm/ptw.c index

Re: [PATCH v4 20/28] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode

On 7/11/25 5:10 PM, Zhuoying Cai wrote: > Enable secure IPL in audit mode, which performs signature verification, > but any error does not terminate the boot process. Only warnings will be > logged to the console instead. > > Add a comp_len variable to store the length of a segment in > zipl_load_

[PATCH v2 9/9] target/arm: Implement FEAT_ATS1A

Implement FEAT_ATS1A and enable for -cpu max. Signed-off-by: Richard Henderson --- target/arm/cpregs.h | 1 + target/arm/cpu-features.h | 5 target/arm/tcg/cpregs-at.c| 44 +++ target/arm/tcg/cpu64.c| 1 + docs/system/arm/emulatio

[PATCH v2 3/9] target/arm: Skip permission check from arm_cpu_get_phys_page_attrs_debug

Do not require read permission when translating addresses for debugging purposes. Signed-off-by: Richard Henderson --- target/arm/ptw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/arm/ptw.c b/target/arm/ptw.c index 1b90e33f52..c7db93b95c 100644 --- a/target/arm/ptw

[PATCH v2 7/9] target/arm: Fill in HFG[RWI]TR_EL2 bits for Arm v9.5

Signed-off-by: Richard Henderson --- target/arm/cpregs.h | 28 ++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/target/arm/cpregs.h b/target/arm/cpregs.h index c9506aa6d5..1d103b577f 100644 --- a/target/arm/cpregs.h +++ b/target/arm/cpregs.h @@ -408,10 +

[PATCH v2 2/9] target/arm: Add in_prot_check to S1Translate

Separate the access_type from the protection check. Save the trouble of modifying all helper functions by passing the new data in the control structure. Signed-off-by: Richard Henderson --- target/arm/ptw.c | 19 ++- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/

[PATCH v2 0/9] target/arm: Implement FEAT_ATS1A

Based-on: 20250711140828.1714666-1-gustavo.rom...@linaro.org ("[PATCH-for-10.1 v7 0/6] target/arm: Add FEAT_MEC to max cpu") which itself is based on the 20250711 target-arm.next pull request. Changes for v2: - Rearrange the protection check patches: - Do not drop access_type

Re: [PATCH for v10.0.0] target/riscv/kvm/kvm-cpu: Fixed the issue of resume after QEMU+KVM migration

Hi XieBo, Could you give the method on how to test it? Thanks, Zhiwei 获取Outlook for Android From: qemu-devel-bounces+baxiantai=gmail@nongnu.org on behalf of 谢波 Sent: Friday, July 11, 2025 5:28:10 PM To: qemu-devel@nongnu.org Cc: al

Re: [Stable-10.0.3 00/39] Patch Round-up for stable 10.0.3, freeze on 2025-07-21

Am 11.07.25 um 10:15 schrieb Michael Tokarev: > The following patches are queued for QEMU stable v10.0.3: > > https://gitlab.com/qemu-project/qemu/-/commits/staging-10.0 > > Patch freeze is 2025-07-21, and the release is planned for 2025-07-23: > > https://wiki.qemu.org/Planning/10.0 > > Please

[PATCH v4 14/28] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers

Define a memory space for both IPL Parameter Block (IPLB) and IPL Information Report Block (IIRB) since IIRB is stored immediately following IPLB. Convert IPLB to pointer and it points to the start of the defined memory space. IIRB points to the end of IPLB. Signed-off-by: Zhuoying Cai --- pc-b

[PATCH v4 17/28] s390x: Guest support for Secure-IPL Facility

Introduce Secure-IPL (SIPL) facility. Use fac_ipl to represent bytes 136 and 137 for IPL device facilities of the SCLP Read Info block. Availability of SIPL facility is determined by byte 136 bit 1 of the SCLP Read Info block. Byte 136's facilities cannot be represented without the availability o

[PATCH v4 03/28] hw/s390x/ipl: Create certificate store

Create a certificate store for boot certificates used for secure IPL. Load certificates from the boot-certificate parameter of s390-ccw-virtio machine type option into the cert store. Currently, only X.509 certificates in PEM format are supported, as the QEMU command line accepts certificates in

[PATCH v4 26/28] pc-bios/s390-ccw: Handle secure boot with multiple boot devices

The current approach to enabling secure boot relies on providing -secure-boot and -boot-certificates options, which apply to all boot devices. With the possibility of multiple boot devices, secure boot expects all provided devices to be supported and eligible (e.g., virtio-blk/virtio-scsi using th

[PATCH v4 02/28] crypto/x509-utils: Add helper functions for certificate store

Introduce new helper functions for x509 certificate, which will be used by the certificate store: qcrypto_x509_convert_cert_der() - converts a certificate from PEM to DER format qcrypto_x509_get_keyid_len() - returns the length of the key ID qcrypto_x509_get_signature_algorithm() - returns signatu

[PATCH v4 25/28] pc-bios/s390-ccw: Handle true secure IPL mode

When secure boot is enabled (-secure-boot on) and certificate(s) are provided, the boot operates in True Secure IPL mode. Any verification error during True Secure IPL mode will cause the entire boot process to terminate. Secure IPL in audit mode requires at least one certificate provided in the

[PATCH v4 21/28] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF)

The secure-IPL-code-loading-attributes facility (SCLAF) provides additional security during IPL. Availability of SCLAF is determined by byte 136 bit 3 of the SCLP Read Info block. Signed-off-by: Zhuoying Cai --- target/s390x/cpu_features.c | 1 + target/s390x/cpu_features_def.h.inc | 1

[PATCH v4 19/28] pc-bios/s390-ccw: Refactor zipl_load_segment function

Make the address variable a parameter of zipl_load_segment and return segment length. Modify this function for reuse in the next patch, which allows loading segment or signature data to the destination memory address. Add a comp_len variable to store the length of a segment and return this variab

[PATCH v4 18/28] pc-bios/s390-ccw: Refactor zipl_run()

Refactor to enhance readability before enabling secure IPL in later patches. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c | 58 ++ 1 file changed, 34 insertions(+), 24 deletions(-) diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootm

[PATCH v4 12/28] s390x/diag: Implement DIAG 508 subcode 1 for signature verification

From: Collin Walling DIAG 508 subcode 1 performs signature-verification on signed components. A signed component may be a Linux kernel image, or any other signed binary. **Verification of initrd is not supported.** The instruction call expects two item-pairs: an address of a device component, an

[PATCH v4 11/28] crypto/x509-utils: Add helper functions for DIAG 508 subcode 1

Introduce helper functions to support signature verification required by DIAG 508 subcode 1: qcrypto_pkcs7_convert_sig_pem() – converts a signature from DER to PEM format qcrypto_x509_verify_sig() – verifies the provided data against the given signature These functions enable basic signature ver

[PATCH v4 16/28] hw/s390x/ipl: Set iplb->len to maximum length of IPL Parameter Block

The IPL Information Report Block (IIRB) immediately follows the IPL Parameter Block (IPLB). The IPLB struct is allocated 4KB in memory, and iplb->len indicates the amount of memory currently used by the IPLB. To ensure proper alignment of the IIRB and prevent overlap, set iplb->len to the maximum

[PATCH v4 24/28] hw/s390x/ipl: Set IPIB flags for secure IPL

If `-secure-boot on` is specified on the command line option, indicating true secure IPL enabled, set Secure-IPL bit and IPL-Information-Report bit on in IPIB Flags field, and trigger true secure IPL in the S390 BIOS. Any error that occurs during true secure IPL will cause the IPL to terminate. S

[PATCH v4 08/28] crypto/x509-utils: Add helper functions for DIAG 320 subcode 2

Introduce new helper functions to extract certificate metadata needed for DIAG 320 subcode 2: qcrypto_x509_get_cert_version() - retrieves version of a certificate qcrypto_x509_check_cert_times() - validates the certificate's validity period against the current time qcrypto_x509_get_pk_algorithm()

[PATCH v4 10/28] s390x/diag: Introduce DIAG 508 for secure IPL operations

From: Collin Walling In order to support secure IPL (aka secure boot) for the s390-ccw BIOS, a new s390 DIAGNOSE instruction is introduced to leverage QEMU for handling operations such as signature verification and certificate retrieval. Currently, only subcode 0 is supported with this patch, wh

[PATCH v4 00/28] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices

cyrpto/x590-utils - Updated patch descriptions to summarize what each patch introduces. - Restricted accepted certificate format on the QEMU command line to PEM only. - Added internal conversion routines to handle PEM-to-DER and DER-to-PEM as needed. - Renamed crypto functions using the qcrypto

[PATCH v4 23/28] Add secure-boot to s390-ccw-virtio machine type option

Add secure-boot as a parameter of s390-ccw-virtio machine type option. The `secure-boot=on|off` parameter is implemented to enable secure IPL. By default, secure-boot is set to false if not specified in the command line. Signed-off-by: Zhuoying Cai --- hw/s390x/s390-virtio-ccw.c | 22 +

[PATCH v4 01/28] Add boot-certificates to s390-ccw-virtio machine type option

Add boot-certificates as a parameter of s390-ccw-virtio machine type option. The `boot-certificates=/path/dir:/path/file` parameter is implemented to provide path to either a directory or a single certificate. Multiple paths can be delineated using a colon. Signed-off-by: Zhuoying Cai --- hw/s

[PATCH v4 27/28] hw/s390x/ipl: Handle secure boot without specifying a boot device

If secure boot in audit mode or True Secure IPL mode is enabled without specifying a boot device, the boot process will terminate with an error. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index a1

[PATCH v4 04/28] s390x: Guest support for Certificate Store Facility (CS)

DIAG 320 is supported when the certificate-store (CS) facility is installed. Availability of CS facility is determined by byte 134 bit 5 of the SCLP Read Info block. Byte 134's facilities cannot be represented without the availability of the extended-length-SCCB, so add it as a check for consisten

[PATCH v4 13/28] pc-bios/s390-ccw: Introduce IPL Information Report Block (IIRB)

The IPL information report block (IIRB) contains information used to locate IPL records and to report the results of signature verification of one or more secure components of the load device. IIRB is stored immediately following the IPL Parameter Block. Results on component verification in any ca

[PATCH v4 15/28] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block

Add IPIB flags to IPL Parameter Block to determine if IPL needs to perform securely and if IPL Information Report Block (IIRB) exists. Move DIAG308 flags to a separated header file and add flags for secure IPL. Secure boot in audit mode will perform if certificate(s) exist in the key store. IIRB

[PATCH v4 28/28] docs: Add secure IPL documentation

Add documentation for secure IPL Signed-off-by: Collin Walling Signed-off-by: Zhuoying Cai --- docs/specs/s390x-secure-ipl.rst | 159 +++ docs/system/s390x/secure-ipl.rst | 156 ++ 2 files changed, 315 insertions(+) create mode 100644 do

[PATCH v4 07/28] s390x/diag: Implement DIAG 320 subcode 1

DIAG 320 subcode 1 provides information needed to determine the amount of storage to store one or more certificates. The subcode value is denoted by setting the left-most bit of an 8-byte field. The verification-certificate-storage-size block (VCSSB) contains the output data when the operation co

[PATCH v4 22/28] pc-bios/s390-ccw: Add additional security checks for secure boot

Add additional checks to ensure that components do not overlap with signed components when loaded into memory. Add additional checks to ensure the load addresses of unsigned components are greater than or equal to 0x2000. When the secure IPL code loading attributes facility (SCLAF) is installed,

[PATCH v4 09/28] s390x/diag: Implement DIAG 320 subcode 2

DIAG 320 subcode 2 provides verification-certificates (VCs) that are in the certificate store. Only X509 certificates in DER format and SHA-256 hash type are recognized. The subcode value is denoted by setting the second-left-most bit of an 8-byte field. The Verification Certificate Block (VCB) c

[PATCH v4 20/28] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode

Enable secure IPL in audit mode, which performs signature verification, but any error does not terminate the boot process. Only warnings will be logged to the console instead. Add a comp_len variable to store the length of a segment in zipl_load_segment. comp_len variable is necessary to store the

[PATCH v4 06/28] s390x/diag: Refactor address validation check from diag308_parm_check

Create a function to validate the address parameter of DIAGNOSE. Refactor the function for reuse in the next patch, which allows address validation in read or write operation of DIAGNOSE. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.h | 6 ++ target/s390x/diag.c | 4 +--- 2 files chang

[PATCH v4 05/28] s390x/diag: Introduce DIAG 320 for certificate store facility

DIAGNOSE 320 is introduced to support certificate store facility, which includes operations such as query certificate storage information and provide certificates in the certificate store. Currently, only subcode 0 is supported with this patch, which is used to query a bitmap of which subcodes are

[Stable-7.2.19 09/15] tcg: Fix constant propagation in tcg_reg_alloc_dup

From: Richard Henderson The scalar constant must be replicated for dup. Cc: qemu-sta...@nongnu.org Fixes: bab1671f0fa ("tcg: Manually expand INDEX_op_dup_vec") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3002 Signed-off-by: Richard Henderson (cherry picked from commit 0d0fc3f4658937

[Stable-7.2.19 15/15] target/arm: Fix f16_dotadd vs nan selection

From: Richard Henderson Implement FPProcessNaNs4 within f16_dotadd, rather than simply letting NaNs propagate through the function. Cc: qemu-sta...@nongnu.org Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)") Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Messag

[PATCH v3 5/7] esp.c: only call dma_memory_write function if transfer length is non-zero

In the cases where mixed DMA/non-DMA transfers are used or no data is available, it is possible for the calculated transfer length to be zero. Only call the dma_memory_write function where the transfer length is non-zero to avoid invoking the DMA engine for a zero length transfer which can have sid

[Stable-7.2.19 07/15] qemu-options.hx: Fix reversed description of icount sleep behavior

From: Ethan Chen The documentation for the -icount option incorrectly describes the behavior of the sleep suboption. Based on the actual implementation and system behavior, the effects of sleep=on and sleep=off were inadvertently reversed. This commit updates the description to reflect their inte

[Stable-7.2.19 04/15] hw/core/qdev-properties-system: Add missing return in set_drive_helper()

From: Fiona Ebner Currently, changing the 'drive' property of e.g. a scsi-hd object will result in an assertion failure if the aio context of the block node it's replaced with doesn't match the current aio context: > bdrv_replace_child_noperm: Assertion `bdrv_get_aio_context(old_bs) == > bdrv_ge

[Stable-7.2.19 08/15] linux-user/arm: Fix return value of SYS_cacheflush

From: J. Neuschäfer Although the emulated cacheflush syscall does nothing, it still needs to return zero to indicate success. Cc: qemu-sta...@nongnu.org Signed-off-by: J. Neuschäfer Message-id: 20250613-cache-v1-1-ee9f4a9ba...@gmx.net Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (c

[Stable-7.2.19 10/15] target/arm: Correct KVM & HVF dtb_compatible value

From: Philippe Mathieu-Daudé Linux kernel knows how to parse "arm,armv8", not "arm,arm-v8". See arch/arm64/boot/dts/foundation-v8.dts: https://github.com/torvalds/linux/commit/90556ca1ebdd Cc: qemu-sta...@nongnu.org Fixes: 26861c7ce06 ("target-arm: Add minimal KVM AArch64 support") Fixes: 58

[Stable-7.2.19 13/15] target/arm: Fix 128-bit element ZIP, UZP, TRN

From: Richard Henderson We missed the instructions UDEF when the vector size is too small. We missed marking the instructions non-streaming with SME. Cc: qemu-sta...@nongnu.org Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20250704142112.1018902-4-richard.hender...@li

[PATCH v3 1/7] esp.c: only raise IRQ in esp_transfer_data() for CMD_SEL, CMD_SELATN and CMD_TI commands

Clarify the logic in esp_transfer_data() to ensure that the deferred interrupt code can only be triggered for CMD_SEL, CMD_SELATN and CMD_TI commands. This should already be the case, but make it explicit to ensure the logic isn't triggered unexpectedly. Signed-off-by: Mark Cave-Ayland Reviewe

[Stable-7.2.19 05/15] hw/loongarch/virt: Fix big endian support with MCFG table

From: Bibo Mao With API build_mcfg(), it is not necessary with parameter structure AcpiMcfgInfo to convert to little endian since it is directly used with host native endian. Here remove endian conversion before calling function build_mcfg(). With this patch, bios-tables-test passes to run on bi

[PATCH v3 4/7] esp.c: only call dma_memory_read function if transfer length is non-zero

In the cases where mixed DMA/non-DMA transfers are used or no data is available, it is possible for the calculated transfer length to be zero. Only call the dma_memory_read function where the transfer length is non-zero to avoid invoking the DMA engine for a zero length transfer which can have side

[PATCH v3 3/7] esp.h: remove separate ESPState typedef

This is not needed as it is now handled by the OBJECT_DECLARE_SIMPLE_TYPE() macro. Signed-off-by: Mark Cave-Ayland Reviewed-by: Philippe Mathieu-Daudé --- include/hw/scsi/esp.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/hw/scsi/esp.h b/include/hw/scsi/esp.h index 533d856aa3..

[Stable-7.2.19 14/15] target/arm: Fix PSEL size operands to tcg_gen_gvec_ands

From: Richard Henderson Gvec only operates on size 8 and multiples of 16. Predicates may be any multiple of 2. Round up the size using the appropriate function. Cc: qemu-sta...@nongnu.org Fixes: 598ab0b24c0 ("target/arm: Implement PSEL") Reviewed-by: Peter Maydell Signed-off-by: Richard Henders

[Stable-7.2.19 11/15] target/arm: Fix SME vs AdvSIMD exception priority

From: Richard Henderson We failed to raise an exception when sme_excp_el == 0 and fp_excp_el == 1. Cc: qemu-sta...@nongnu.org Fixes: 3d74825f4d6 ("target/arm: Add SME enablement checks") Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20250704142112.1018902-2-richard.he

[PATCH v3 0/7] esp.c: only allow ESP commands permitted in the current mode

This series contains a few minor tidy-ups along with an implementation of the logic to only allow ESP commands permitted in the current mode. The motivation is to fix GitLab issue #2464 which causes Windows NT MIPS to bluescreen on boot. Patches 1 to 5 are simple tidy-ups from investigating the is

[Stable-7.2.19 12/15] target/arm: Fix sve_access_check for SME

From: Richard Henderson Do not assume SME implies SVE. Ensure that the non-streaming check is present along the SME path, since it is not implied by sme_*_enabled_check. Cc: qemu-sta...@nongnu.org Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20250704142112.1018902-3

[PATCH v3 2/7] esp.c: improve comment in esp_transfer_data()

Whilst working on the previous patch, the existing comment was not enough to document when the TI command codepath was being used. Update and improve the comment accordingly. Signed-off-by: Mark Cave-Ayland Reviewed-by: Philippe Mathieu-Daudé --- hw/scsi/esp.c | 5 +++-- 1 file changed, 3 inser

[PATCH v3 6/7] esp.c: add asc_mode property to indicate the current ESP mode

Add a new asc_mode property to ESPState which indicates the current mode of the ESP and update the ESP state machine accordingly. Bump the vmstate version and include migration logic to ensure that asc_mode is set to initiator mode such that any commands in progress will always continue. Signed-o

[Stable-7.2.19 03/15] audio: fix SIGSEGV in AUD_get_buffer_size_out()

From: Volker Rümelin As far as the emulated audio devices are concerned the pointer returned by AUD_open_out() is an opaque handle. This includes the NULL pointer. In this case, AUD_get_buffer_size_out() should return a sensible buffer size instead of triggering a segmentation fault. All other pu

[Stable-7.2.19 06/15] hw/arm/virt: Check bypass iommu is not set for iommu-map DT property

From: Shameer Kolothum default_bus_bypass_iommu tells us whether the bypass_iommu is set for the default PCIe root bus. Make sure we check that before adding the "iommu-map" DT property. Cc: qemu-sta...@nongnu.org Fixes: 6d7a85483a06 ("hw/arm/virt: Add default_bus_bypass_iommu machine option") S

[Stable-7.2.19 00/15] Patch Round-up for stable 7.2.19, freeze on 2025-07-21

The following patches are queued for QEMU stable v7.2.19: https://gitlab.com/qemu-project/qemu/-/commits/staging-7.2 Patch freeze is 2025-07-21, and the release is planned for 2025-07-23: https://wiki.qemu.org/Planning/7.2 Please respond here or CC qemu-sta...@nongnu.org on any additional p

[PATCH v3 7/7] esp.c: only allow ESP commands permitted in the current asc_mode

If an ESP command is issued in an incorrect mode then an illegal command interrupt should be generated. Add a new esp_cmd_is_valid() function to indicate whether the ESP command is valid for the current mode, and if not then raise the illegal command interrupt. This fixes WinNT MIPS which issues I

[Stable-7.2.19 01/15] hw/misc/aspeed_hace: Ensure HASH_IRQ is always set to prevent firmware hang

From: Jamin Lin Currently, if the program encounters an unsupported algorithm, it does not set the HASH_IRQ bit in the status register and send an interrupt to indicate command completion. As a result, the FW gets stuck waiting for a completion signal from the HACE module. Additionally, in do_ha

[Stable-7.2.19 02/15] vhost: Don't set vring call if guest notifier is unused

From: Huaitong Han The vring call fd is set even when the guest does not use MSI-X (e.g., in the case of virtio PMD), leading to unnecessary CPU overhead for processing interrupts. The commit 96a3d98d2c("vhost: don't set vring call if no vector") optimized the case where MSI-X is enabled but the

Re: [PATCH v2 5/7] esp.c: only call dma_memory_write function if transfer length is non-zero

On 09/07/2025 12:14, Philippe Mathieu-Daudé wrote: On 18/6/25 08:12, Mark Cave-Ayland wrote: In the cases where mixed DMA/non-DMA transfers are used or no data is available, it is possible to for the calculated transfer length to be zero. Only call the dma_memory_write function where the transf

Re: [PATCH v2 0/7] esp.c: only allow ESP commands permitted in the current mode

On 09/07/2025 12:16, Philippe Mathieu-Daudé wrote: Hi Mark, On 9/7/25 09:50, Mark Cave-Ayland wrote: On 18/06/2025 07:12, Mark Cave-Ayland wrote: This series contains a few minor tidy-ups along with an implementation of the logic to only allow ESP commands permitted in the current mode. The

Re: [PATCH v2 4/7] esp.c: only call dma_memory_read function if transfer length is non-zero

On 09/07/2025 12:11, Philippe Mathieu-Daudé wrote: On 18/6/25 08:12, Mark Cave-Ayland wrote: In the cases where mixed DMA/non-DMA transfers are used or no data is available, it is possible to for the calculated transfer length to be "to ~for~ the..." Ooops. Will fix in v3. zero. Only call

Re: [PATCH v2 1/7] esp.c: only raise IRQ in esp_transfer_data() for CMD_SEL, CMD_SELATN and CMD_TI commands

On 09/07/2025 12:09, Philippe Mathieu-Daudé wrote: On 18/6/25 08:12, Mark Cave-Ayland wrote: Clarify the logic in esp_transfer_data() to ensure that the deferred interrupt code can only be triggered for CMD_SEL, CMD_SELATN and CMD_TI commands. This should already be the case, but make it expl

Re: [PATCH] target/arm: Added support for SME register exposure to GDB

On 7/8/25 16:14, Vacha Bhavsar wrote: +if (isar_feature_aa64_sme(&cpu->isar)) { Preferred usage is cpu_isar_feature(aa64_sme, cpu) Otherwise, Reviewed-by: Richard Henderson PS: I tried this myself a few weeks ago and got an error from gdb. I had assumed that gdb simply wasn't p

Re: [PATCH] target/arm: Added support for SME register exposure to GDB

+ richard.hender...@linaro.org Hi Richard, I'm an intern working with Joel Jones and he mentioned you've worked quite a bit on SME on QEMU. We were wondering if you could take a look at this patch as the deadline for the soft freeze is fast approaching and we'd like it to make it to the next rel

Re: [PATCH v2 00/18] i386/cpu: Unify the cache model in X86CPUState

Queued, thanks. Paolo

Re: [PATCH 0/2] qapi: Minor documentation cleanups

Queued for 10.1. Thanks for the review!

Re: [PATCH V5 0/3] fast qom tree get

Steve Sistare writes: > Using qom-list and qom-get to get all the nodes and property values in a > QOM tree can take multiple seconds because it requires 1000's of individual > QOM requests. Some managers fetch the entire tree or a large subset > of it when starting a new VM, and this cost is a

[PULL 7/9] linux-user: Hold the fd-trans lock across fork

From: Geoffrey Thomas If another thread is holding target_fd_trans_lock during a fork, then the lock becomes permanently locked in the child and the emulator deadlocks at the next interaction with the fd-trans table. As with other locks, acquire the lock in fork_start() and release it in fork_end

[PULL 6/9] linux-user/mips/o32: Drop sa_restorer functionality

From: Thomas Weißschuh The Linux kernel dropped support for sa_restorer on O32 MIPS in the release 2.5.48 because it was unused. See the comment in arch/mips/include/uapi/asm/signal.h. Applications using the kernels UAPI headers will not reserve enough space for qemu-user to copy the sigaction.s

[PULL 3/9] linux-user: Check for EFAULT failure in nanosleep

From: Peter Maydell target_to_host_timespec() returns an error if the memory the guest passed us isn't actually readable. We check for this everywhere except the callsite in the TARGET_NR_nanosleep case, so this mistake was caught by a Coverity heuristic. Add the missing error checks to the cal

[PULL 0/9] tcg/linux-user/fpu patch queue

The following changes since commit df6fe2abf2e990f767ce755d426bc439c7bba336: Merge tag 'pull-target-arm-20250704' of https://gitlab.com/pm215/qemu into staging (2025-07-07 09:22:41 -0400) are available in the Git repository at: https://gitlab.com/rth7680/qemu.git tags/pull-tc

[PULL 8/9] tcg: Use uintptr_t in tcg_malloc implementation

Avoid ubsan failure with clang-20, tcg.h:715:19: runtime error: applying non-zero offset 64 to null pointer by not using pointers. Acked-by: Ilya Leoshkevich Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson --- include/tcg/tcg.h | 6 +++--- tcg/tcg.c | 9 +

[PULL 9/9] linux-user: Use qemu_set_cloexec() to mark pidfd as FD_CLOEXEC

From: Peter Maydell In the linux-user do_fork() function we try to set the FD_CLOEXEC flag on a pidfd like this: fcntl(pid_fd, F_SETFD, fcntl(pid_fd, F_GETFL) | FD_CLOEXEC); This has two problems: (1) it doesn't check errors, which Coverity complains about (2) we use F_GETFL when we mean

[PULL 5/9] linux-user/gen-vdso: Don't read off the end of buf[]

From: Peter Maydell In gen-vdso we load in a file and assume it's a valid ELF file. In particular we assume it's big enough to be able to read the ELF information in e_ident in the ELF header. Add a check that the total file length is at least big enough for all the e_ident bytes, which is good

[PULL 4/9] linux-user/gen-vdso: Handle fseek() failure

From: Peter Maydell Coverity points out that we don't check for fseek() failure in gen-vdso.c, and so we might pass -1 to malloc(). Add the error checking. (This is a standalone executable that doesn't link against glib, so we can't do the easy thing and use g_file_get_contents().) Coverity: CI

[PULL 1/9] fpu: Process float_muladd_negate_result after rounding

Changing the sign before rounding affects the correctness of the asymmetric rouding modes: float_round_up and float_round_down. Reported-by: WANG Rui Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Richard Henderson --- fpu/softfloat.c | 54 +++--

Re: [PATCH v6 1/4] docs/qapi-domain: add return-nodesc

John Snow writes: > This form is used to annotate a return type without an accompanying > description, for when there is no "Returns:" information in the source > doc, but we have a return type we want to generate a cross-reference to. > > The syntax is: > > :return-nodesc: TypeName > > It's prim

[PULL 2/9] linux-user: Implement fchmodat2 syscall

From: Peter Maydell The fchmodat2 syscall is new from Linux 6.6; it is like the existing fchmodat syscall except that it takes a flags parameter. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3019 Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard H

Re: [PATCH v3] rust: add qdev Device derive macro

> Add derive macro for declaring qdev properties directly above the field > definitions. To do this, we split DeviceImpl::properties method on a > separate trait so we can implement only that part in the derive macro > expansion (we cannot partially implement the DeviceImpl trait). > > Adding a `pr

Re: [PATCH V4 2/3] python: use qom-list-get

On 7/11/2025 12:50 PM, Markus Armbruster wrote: Steven Sistare writes: On 7/11/2025 10:47 AM, Markus Armbruster wrote: Steve Sistare writes: Use qom-list-get to speed up the qom-tree command. Signed-off-by: Steve Sistare Quick test... Differences in output before and after match expec

Re: [PATCH] hw/misc/ivshmem-pci: Improve error handling

Peter Maydell writes: > Coverity points out that the ivshmem-pci code has some error handling > cases where it incorrectly tries to use an invalid filedescriptor. > These generally happen because ivshmem_recv_msg() calls > qemu_chr_fe_get_msgfd(), which might return -1, but the code in > process_

Re: [PATCH v2 0/9] i386/cpu: Intel cache model & topo CPUID enhencement

Queued, thanks. Paolo

Re: [PATCH V4 2/3] python: use qom-list-get

Steven Sistare writes: > On 7/11/2025 10:47 AM, Markus Armbruster wrote: >> Steve Sistare writes: >> >>> Use qom-list-get to speed up the qom-tree command. >>> >>> Signed-off-by: Steve Sistare >> >> Quick test... Differences in output before and after match expectations >> (see appended diff

Re: [PATCH] linux-user: Use qemu_set_cloexec() to mark pidfd as FD_CLOEXEC

On 7/11/25 08:12, Peter Maydell wrote: In the linux-user do_fork() function we try to set the FD_CLOEXEC flag on a pidfd like this: fcntl(pid_fd, F_SETFD, fcntl(pid_fd, F_GETFL) | FD_CLOEXEC); This has two problems: (1) it doesn't check errors, which Coverity complains about (2) we use

Re: [PATCH] linux-user: Use qemu_set_cloexec() to mark pidfd as FD_CLOEXEC

On 7/11/25 08:12, Peter Maydell wrote: In the linux-user do_fork() function we try to set the FD_CLOEXEC flag on a pidfd like this: fcntl(pid_fd, F_SETFD, fcntl(pid_fd, F_GETFL) | FD_CLOEXEC); This has two problems: (1) it doesn't check errors, which Coverity complains about (2) we use

Re: [RFC PATCH] tests/functional: Move tests into architecture specific folders

On 7/11/25 4:55 AM, Thomas Huth wrote: On 10/07/2025 17.51, Pierrick Bouvier wrote: On 7/10/25 2:42 AM, Thomas Huth wrote: This patch tackles two issues. First, the tests/functional folder has become quite crowded already, some restructuring would be helpful here. Second, we currently encode th

Re: [PATCH V4 0/3] fast qom tree get

On 7/11/2025 11:06 AM, Markus Armbruster wrote: This feels ready. Have a look at my (few) comments, and tell me what you think. Happy to apply finishing touches in my tree, without another respin. Thanks your your patience! I'll send V5 with the final changes. Thank you for your time Markus

Re: [PATCH] linux-user: Use qemu_set_cloexec() to mark pidfd as FD_CLOEXEC

On Fri, Jul 11, 2025 at 03:12:17PM +0100, Peter Maydell wrote: > In the linux-user do_fork() function we try to set the FD_CLOEXEC > flag on a pidfd like this: > > fcntl(pid_fd, F_SETFD, fcntl(pid_fd, F_GETFL) | FD_CLOEXEC); > > This has two problems: > (1) it doesn't check errors, which Cov

[PATCH v2 2/3] Adds the GDB register XML files for Sparc32.

From: Rot127 Commit 2/3 Signed-off-by: Rot127 --- configs/targets/sparc-linux-user.mak | 1 + configs/targets/sparc-softmmu.mak| 1 + gdb-xml/sparc32-core.xml | 84 target/sparc/cpu.c | 1 + 4 files changed, 87 insertions(+) cr

[PATCH v2 3/3] Assign the GDB register XML files of Sparc64 to Sparc32plus.

From: Rot127 Commit 3/3 Signed-off-by: Rot127 --- configs/targets/sparc32plus-linux-user.mak | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/targets/sparc32plus-linux-user.mak b/configs/targets/sparc32plus-linux-user.mak index 7a16934fd1..0d9cf44652 100644 --- a/configs/targets/sp

[PATCH v2 1/3] Adds the GDB register XML files for Sparc64.

From: Rot127 Commit 1/3 Signed-off-by: Rot127 --- configs/targets/sparc64-linux-user.mak | 1 + configs/targets/sparc64-softmmu.mak| 1 + gdb-xml/sparc64-core.xml | 99 ++ target/sparc/cpu.c | 1 + 4 files changed, 102 insertions

  1   2   3   4   5   >