This series contains a few minor tidy-ups along with an implementation of the
logic to only allow ESP commands permitted in the current mode. The motivation
is to fix GitLab issue #2464 which causes Windows NT MIPS to bluescreen on
boot.
Patches 1 to 5 are simple tidy-ups from investigating the is
From: Richard Henderson
We failed to raise an exception when
sme_excp_el == 0 and fp_excp_el == 1.
Cc: qemu-sta...@nongnu.org
Fixes: 3d74825f4d6 ("target/arm: Add SME enablement checks")
Reviewed-by: Peter Maydell
Signed-off-by: Richard Henderson
Message-id: 20250704142112.1018902-2-richard.he
From: Richard Henderson
Do not assume SME implies SVE. Ensure that the non-streaming
check is present along the SME path, since it is not implied
by sme_*_enabled_check.
Cc: qemu-sta...@nongnu.org
Reviewed-by: Peter Maydell
Signed-off-by: Richard Henderson
Message-id: 20250704142112.1018902-3
Whilst working on the previous patch, the existing comment was not enough to
document when the TI command codepath was being used. Update and improve the
comment accordingly.
Signed-off-by: Mark Cave-Ayland
Reviewed-by: Philippe Mathieu-Daudé
---
hw/scsi/esp.c | 5 +++--
1 file changed, 3 inser
From: Jamin Lin
Currently, if the program encounters an unsupported algorithm, it does not set
the HASH_IRQ bit in the status register and send an interrupt to indicate
command completion. As a result, the FW gets stuck waiting for a completion
signal from the HACE module.
Additionally, in do_ha
From: Huaitong Han
The vring call fd is set even when the guest does not use MSI-X (e.g., in the
case of virtio PMD), leading to unnecessary CPU overhead for processing
interrupts.
The commit 96a3d98d2c("vhost: don't set vring call if no vector") optimized the
case where MSI-X is enabled but the
From: Richard Henderson
Gvec only operates on size 8 and multiples of 16.
Predicates may be any multiple of 2.
Round up the size using the appropriate function.
Cc: qemu-sta...@nongnu.org
Fixes: 598ab0b24c0 ("target/arm: Implement PSEL")
Reviewed-by: Peter Maydell
Signed-off-by: Richard Henders
From: Richard Henderson
Implement FPProcessNaNs4 within f16_dotadd, rather than
simply letting NaNs propagate through the function.
Cc: qemu-sta...@nongnu.org
Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)")
Reviewed-by: Peter Maydell
Signed-off-by: Richard Henderson
Messag
In the cases where mixed DMA/non-DMA transfers are used or no data is
available, it is possible for the calculated transfer length to be zero.
Only call the dma_memory_write function where the transfer length is
non-zero to avoid invoking the DMA engine for a zero length transfer
which can have sid
From: Ethan Chen
The documentation for the -icount option incorrectly describes the behavior
of the sleep suboption. Based on the actual implementation and system
behavior, the effects of sleep=on and sleep=off were inadvertently reversed.
This commit updates the description to reflect their inte
From: Richard Henderson
The scalar constant must be replicated for dup.
Cc: qemu-sta...@nongnu.org
Fixes: bab1671f0fa ("tcg: Manually expand INDEX_op_dup_vec")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3002
Signed-off-by: Richard Henderson
(cherry picked from commit 0d0fc3f4658937
Add additional checks to ensure that components do not overlap with
signed components when loaded into memory.
Add additional checks to ensure the load addresses of unsigned components
are greater than or equal to 0x2000.
When the secure IPL code loading attributes facility (SCLAF) is installed,
Enable secure IPL in audit mode, which performs signature verification,
but any error does not terminate the boot process. Only warnings will be
logged to the console instead.
Add a comp_len variable to store the length of a segment in
zipl_load_segment. comp_len variable is necessary to store the
DIAG 320 subcode 2 provides verification-certificates (VCs) that are in the
certificate store. Only X509 certificates in DER format and SHA-256 hash
type are recognized.
The subcode value is denoted by setting the second-left-most bit
of an 8-byte field.
The Verification Certificate Block (VCB) c
DIAGNOSE 320 is introduced to support certificate store facility,
which includes operations such as query certificate storage
information and provide certificates in the certificate store.
Currently, only subcode 0 is supported with this patch, which is
used to query a bitmap of which subcodes are
Create a function to validate the address parameter of DIAGNOSE.
Refactor the function for reuse in the next patch, which allows address
validation in read or write operation of DIAGNOSE.
Signed-off-by: Zhuoying Cai
---
hw/s390x/ipl.h | 6 ++
target/s390x/diag.c | 4 +---
2 files chang
Add documentation for secure IPL
Signed-off-by: Collin Walling
Signed-off-by: Zhuoying Cai
---
docs/specs/s390x-secure-ipl.rst | 159 +++
docs/system/s390x/secure-ipl.rst | 156 ++
2 files changed, 315 insertions(+)
create mode 100644 do
Add IPIB flags to IPL Parameter Block to determine if IPL needs to
perform securely and if IPL Information Report Block (IIRB) exists.
Move DIAG308 flags to a separated header file and add flags for secure IPL.
Secure boot in audit mode will perform if certificate(s) exist in the
key store. IIRB
DIAG 320 is supported when the certificate-store (CS) facility
is installed.
Availability of CS facility is determined by byte 134 bit 5 of the
SCLP Read Info block. Byte 134's facilities cannot be represented
without the availability of the extended-length-SCCB, so add it as
a check for consisten
DIAG 320 subcode 1 provides information needed to determine
the amount of storage to store one or more certificates.
The subcode value is denoted by setting the left-most bit
of an 8-byte field.
The verification-certificate-storage-size block (VCSSB) contains
the output data when the operation co
The IPL information report block (IIRB) contains information used
to locate IPL records and to report the results of signature verification
of one or more secure components of the load device.
IIRB is stored immediately following the IPL Parameter Block. Results on
component verification in any ca
If an ESP command is issued in an incorrect mode then an illegal command
interrupt should be generated. Add a new esp_cmd_is_valid() function to
indicate whether the ESP command is valid for the current mode, and if not
then raise the illegal command interrupt.
This fixes WinNT MIPS which issues I
The following patches are queued for QEMU stable v7.2.19:
https://gitlab.com/qemu-project/qemu/-/commits/staging-7.2
Patch freeze is 2025-07-21, and the release is planned for 2025-07-23:
https://wiki.qemu.org/Planning/7.2
Please respond here or CC qemu-sta...@nongnu.org on any additional p
From: Shameer Kolothum
default_bus_bypass_iommu tells us whether the bypass_iommu is set
for the default PCIe root bus. Make sure we check that before adding
the "iommu-map" DT property.
Cc: qemu-sta...@nongnu.org
Fixes: 6d7a85483a06 ("hw/arm/virt: Add default_bus_bypass_iommu machine option")
S
Add a new asc_mode property to ESPState which indicates the current mode of
the ESP and update the ESP state machine accordingly.
Bump the vmstate version and include migration logic to ensure that asc_mode
is set to initiator mode such that any commands in progress will always
continue.
Signed-o
From: Volker Rümelin
As far as the emulated audio devices are concerned the pointer
returned by AUD_open_out() is an opaque handle. This includes
the NULL pointer. In this case, AUD_get_buffer_size_out() should
return a sensible buffer size instead of triggering a segmentation
fault. All other pu
From: Richard Henderson
We missed the instructions UDEF when the vector size is too small.
We missed marking the instructions non-streaming with SME.
Cc: qemu-sta...@nongnu.org
Reviewed-by: Peter Maydell
Signed-off-by: Richard Henderson
Message-id: 20250704142112.1018902-4-richard.hender...@li
From: J. Neuschäfer
Although the emulated cacheflush syscall does nothing, it still needs to
return zero to indicate success.
Cc: qemu-sta...@nongnu.org
Signed-off-by: J. Neuschäfer
Message-id: 20250613-cache-v1-1-ee9f4a9ba...@gmx.net
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
(c
From: Philippe Mathieu-Daudé
Linux kernel knows how to parse "arm,armv8", not "arm,arm-v8".
See arch/arm64/boot/dts/foundation-v8.dts:
https://github.com/torvalds/linux/commit/90556ca1ebdd
Cc: qemu-sta...@nongnu.org
Fixes: 26861c7ce06 ("target-arm: Add minimal KVM AArch64 support")
Fixes: 58
This is not needed as it is now handled by the OBJECT_DECLARE_SIMPLE_TYPE()
macro.
Signed-off-by: Mark Cave-Ayland
Reviewed-by: Philippe Mathieu-Daudé
---
include/hw/scsi/esp.h | 2 --
1 file changed, 2 deletions(-)
diff --git a/include/hw/scsi/esp.h b/include/hw/scsi/esp.h
index 533d856aa3..
In the cases where mixed DMA/non-DMA transfers are used or no data is
available, it is possible for the calculated transfer length to be zero.
Only call the dma_memory_read function where the transfer length is
non-zero to avoid invoking the DMA engine for a zero length transfer
which can have side
From: Fiona Ebner
Currently, changing the 'drive' property of e.g. a scsi-hd object will
result in an assertion failure if the aio context of the block node
it's replaced with doesn't match the current aio context:
> bdrv_replace_child_noperm: Assertion `bdrv_get_aio_context(old_bs) ==
> bdrv_ge
From: Bibo Mao
With API build_mcfg(), it is not necessary with parameter structure
AcpiMcfgInfo to convert to little endian since it is directly used
with host native endian.
Here remove endian conversion before calling function build_mcfg().
With this patch, bios-tables-test passes to run on bi
Clarify the logic in esp_transfer_data() to ensure that the deferred interrupt
code
can only be triggered for CMD_SEL, CMD_SELATN and CMD_TI commands. This should
already
be the case, but make it explicit to ensure the logic isn't triggered
unexpectedly.
Signed-off-by: Mark Cave-Ayland
Reviewe
If secure boot in audit mode or True Secure IPL mode is enabled without
specifying a boot device, the boot process will terminate with an error.
Signed-off-by: Zhuoying Cai
---
hw/s390x/ipl.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index a1
Add boot-certificates as a parameter of s390-ccw-virtio machine type option.
The `boot-certificates=/path/dir:/path/file` parameter is implemented
to provide path to either a directory or a single certificate.
Multiple paths can be delineated using a colon.
Signed-off-by: Zhuoying Cai
---
hw/s
Add secure-boot as a parameter of s390-ccw-virtio machine type option.
The `secure-boot=on|off` parameter is implemented to enable secure IPL.
By default, secure-boot is set to false if not specified in
the command line.
Signed-off-by: Zhuoying Cai
---
hw/s390x/s390-virtio-ccw.c | 22 +
From: Collin Walling
In order to support secure IPL (aka secure boot) for the s390-ccw BIOS,
a new s390 DIAGNOSE instruction is introduced to leverage QEMU for
handling operations such as signature verification and certificate
retrieval.
Currently, only subcode 0 is supported with this patch, wh
Introduce new helper functions to extract certificate metadata needed for
DIAG 320 subcode 2:
qcrypto_x509_get_cert_version() - retrieves version of a certificate
qcrypto_x509_check_cert_times() - validates the certificate's validity period
against the current time
qcrypto_x509_get_pk_algorithm()
cyrpto/x590-utils
- Updated patch descriptions to summarize what each patch introduces.
- Restricted accepted certificate format on the QEMU command line to PEM
only.
- Added internal conversion routines to handle PEM-to-DER and
DER-to-PEM as needed.
- Renamed crypto functions using the qcrypto
From: Collin Walling
DIAG 508 subcode 1 performs signature-verification on signed components.
A signed component may be a Linux kernel image, or any other signed
binary. **Verification of initrd is not supported.**
The instruction call expects two item-pairs: an address of a device
component, an
Introduce helper functions to support signature verification required by
DIAG 508 subcode 1:
qcrypto_pkcs7_convert_sig_pem() – converts a signature from DER to PEM format
qcrypto_x509_verify_sig() – verifies the provided data against the given
signature
These functions enable basic signature ver
The IPL Information Report Block (IIRB) immediately follows the IPL
Parameter Block (IPLB).
The IPLB struct is allocated 4KB in memory, and iplb->len indicates
the amount of memory currently used by the IPLB.
To ensure proper alignment of the IIRB and prevent overlap, set
iplb->len to the maximum
If `-secure-boot on` is specified on the command line option, indicating
true secure IPL enabled, set Secure-IPL bit and IPL-Information-Report
bit on in IPIB Flags field, and trigger true secure IPL in the S390 BIOS.
Any error that occurs during true secure IPL will cause the IPL to
terminate.
S
The secure-IPL-code-loading-attributes facility (SCLAF)
provides additional security during IPL.
Availability of SCLAF is determined by byte 136 bit 3 of the
SCLP Read Info block.
Signed-off-by: Zhuoying Cai
---
target/s390x/cpu_features.c | 1 +
target/s390x/cpu_features_def.h.inc | 1
When secure boot is enabled (-secure-boot on) and certificate(s) are
provided, the boot operates in True Secure IPL mode.
Any verification error during True Secure IPL mode will cause the
entire boot process to terminate.
Secure IPL in audit mode requires at least one certificate provided in
the
Make the address variable a parameter of zipl_load_segment and return
segment length.
Modify this function for reuse in the next patch, which allows
loading segment or signature data to the destination memory address.
Add a comp_len variable to store the length of a segment and return this
variab
Refactor to enhance readability before enabling secure IPL in later
patches.
Signed-off-by: Zhuoying Cai
---
pc-bios/s390-ccw/bootmap.c | 58 ++
1 file changed, 34 insertions(+), 24 deletions(-)
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootm
The current approach to enabling secure boot relies on providing
-secure-boot and -boot-certificates options, which apply to all boot
devices.
With the possibility of multiple boot devices, secure boot expects all
provided devices to be supported and eligible (e.g.,
virtio-blk/virtio-scsi using th
Introduce new helper functions for x509 certificate, which will be used
by the certificate store:
qcrypto_x509_convert_cert_der() - converts a certificate from PEM to DER format
qcrypto_x509_get_keyid_len() - returns the length of the key ID
qcrypto_x509_get_signature_algorithm() - returns signatu
Define a memory space for both IPL Parameter Block (IPLB) and
IPL Information Report Block (IIRB) since IIRB is stored immediately
following IPLB.
Convert IPLB to pointer and it points to the start of the defined memory space.
IIRB points to the end of IPLB.
Signed-off-by: Zhuoying Cai
---
pc-b
Introduce Secure-IPL (SIPL) facility.
Use fac_ipl to represent bytes 136 and 137 for IPL device facilities
of the SCLP Read Info block.
Availability of SIPL facility is determined by byte 136 bit 1 of the
SCLP Read Info block. Byte 136's facilities cannot be represented
without the availability o
Create a certificate store for boot certificates used for secure IPL.
Load certificates from the boot-certificate parameter of s390-ccw-virtio
machine type option into the cert store.
Currently, only X.509 certificates in PEM format are supported, as the
QEMU command line accepts certificates in
On Thu, 2025-07-10 at 16:50 -0600, Richard Henderson wrote:
> Avoid ubsan failure with clang-20,
> tcg.h:715:19: runtime error: applying non-zero offset 64 to null
> pointer
> by not using pointers.
>
> Cc: Ilya Leoshkevich
> Signed-off-by: Richard Henderson
> ---
>
> Supercedes: 202506181837
Coverity points out that the ivshmem-pci code has some error handling
cases where it incorrectly tries to use an invalid filedescriptor.
These generally happen because ivshmem_recv_msg() calls
qemu_chr_fe_get_msgfd(), which might return -1, but the code in
process_msg() generally assumes that the f
On Fri, Jul 11, 2025 at 03:12:17PM +0100, Peter Maydell wrote:
> In the linux-user do_fork() function we try to set the FD_CLOEXEC
> flag on a pidfd like this:
>
> fcntl(pid_fd, F_SETFD, fcntl(pid_fd, F_GETFL) | FD_CLOEXEC);
>
> This has two problems:
> (1) it doesn't check errors, which Cov
Peter Maydell writes:
> Coverity points out that the ivshmem-pci code has some error handling
> cases where it incorrectly tries to use an invalid filedescriptor.
> These generally happen because ivshmem_recv_msg() calls
> qemu_chr_fe_get_msgfd(), which might return -1, but the code in
> process_
+ richard.hender...@linaro.org
Hi Richard,
I'm an intern working with Joel Jones and he mentioned you've worked quite
a bit on SME on QEMU. We were wondering if you could take a look at this
patch as the deadline for the soft freeze is fast approaching and we'd like
it to make it to the next rel
Steve Sistare writes:
> Define the qom-list-get command, which fetches all the properties and
> values for a list of paths. This is faster than qom-list plus qom-get,
> especially when fetching a large subset of the QOM tree. Some managers
> do so when starting a new VM, and this cost can be a
Add a unit test for qom-list-get.
Signed-off-by: Steve Sistare
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Markus Armbruster
---
tests/qtest/qom-test.c | 116 -
1 file changed, 115 insertions(+), 1 deletion(-)
diff --git a/tests/qtest/qom-t
Using qom-list and qom-get to get all the nodes and property values in
a QOM tree can take multiple seconds because it requires 1000's of
individual QOM requests. Some managers fetch the entire tree or a
large subset of it when starting a new VM, and this cost is a
substantial fraction of start up
Using qom-list and qom-get to get all the nodes and property values in a
QOM tree can take multiple seconds because it requires 1000's of individual
QOM requests. Some managers fetch the entire tree or a large subset
of it when starting a new VM, and this cost is a substantial fraction of
start up
Use qom-list-get to speed up the qom-tree command.
Signed-off-by: Steve Sistare
Acked-by: Markus Armbruster
---
python/qemu/utils/qom.py| 43 +++--
python/qemu/utils/qom_common.py | 53 +
2 files changed, 78 insertions(
Steve Sistare writes:
> Use qom-list-get to speed up the qom-tree command.
>
> Signed-off-by: Steve Sistare
Quick test... Differences in output before and after match expectations
(see appended diff).
New version:
real0m0.446s
user0m0.062s
sys 0m0.017s
Old version ba
Steve Sistare writes:
> Add a unit test for qom-list-getv.
qom-list-get here and in subject. Could scratch this line, subject
suffices.
>
> Signed-off-by: Steve Sistare
> Reviewed-by: Philippe Mathieu-Daudé
> ---
> tests/qtest/qom-test.c | 116
>
On 09/07/2025 12:09, Philippe Mathieu-Daudé wrote:
On 18/6/25 08:12, Mark Cave-Ayland wrote:
Clarify the logic in esp_transfer_data() to ensure that the deferred interrupt
code
can only be triggered for CMD_SEL, CMD_SELATN and CMD_TI commands. This should
already
be the case, but make it expl
On 09/07/2025 12:11, Philippe Mathieu-Daudé wrote:
On 18/6/25 08:12, Mark Cave-Ayland wrote:
In the cases where mixed DMA/non-DMA transfers are used or no data is
available, it is possible to for the calculated transfer length to be
"to ~for~ the..."
Ooops. Will fix in v3.
zero. Only call
On 09/07/2025 12:16, Philippe Mathieu-Daudé wrote:
Hi Mark,
On 9/7/25 09:50, Mark Cave-Ayland wrote:
On 18/06/2025 07:12, Mark Cave-Ayland wrote:
This series contains a few minor tidy-ups along with an implementation of the
logic to only allow ESP commands permitted in the current mode. The
On 09/07/2025 12:14, Philippe Mathieu-Daudé wrote:
On 18/6/25 08:12, Mark Cave-Ayland wrote:
In the cases where mixed DMA/non-DMA transfers are used or no data is
available, it is possible to for the calculated transfer length to be
zero. Only call the dma_memory_write function where the transf
From: Weifeng Liu
Now that we've documented definitions and presentation of various
coordinates, let's enforce the rules.
Signed-off-by: Weifeng Liu
Message-ID: <20250511073337.876650-3-weifeng.li...@gmail.com>
Acked-by: Gerd Hoffmann
Acked-by: Marc-André Lureau
(cherry picked from commit 3a6
From: Stefan Hajnoczi
Commit 2e8e18c2e463 ("virtio-scsi: add iothread-vq-mapping parameter")
removed the limitation that virtio-scsi devices must successfully set
the AioContext on their BlockBackends. This was made possible thanks to
the QEMU multi-queue block layer.
This change broke qemu-iote
From: Jamin Lin
Currently, if the program encounters an unsupported algorithm, it does not set
the HASH_IRQ bit in the status register and send an interrupt to indicate
command completion. As a result, the FW gets stuck waiting for a completion
signal from the HACE module.
Additionally, in do_ha
On 7/11/2025 3:55 PM, Paolo Bonzini wrote:
Simplify the accelerators' cpu_instance_init callbacks by doing all
host-cpu setup in a single function.
btw, it changes the behavior for "-cpu base" with accelerator.
I think it should be OK considering "-cpu base" seems only for
experiment case.
From: Daniel P. Berrangé
The set_pixel_conversion() method is responsible for determining whether
the VNC client pixel format matches the server format, and thus whether
we can use the fast path "copy" impl for sending pixels, or must use
the generic impl with bit swizzling.
The VNC server forma
From: Weifeng Liu
When using sdl display backend, if the window is scaled, incorrect mouse
positions will be reported since scaling is not properly handled. Fix it
by transforming the positions from window coordinate to guest buffer
coordinate.
Signed-off-by: Weifeng Liu
Message-ID: <2025051107
From: Weifeng Liu
The code snippet updating scale_x/scale_y is general and will be used in
next patch. Make it a function.
Signed-off-by: Weifeng Liu
Message-ID: <20250511073337.876650-4-weifeng.li...@gmail.com>
Acked-by: Gerd Hoffmann
Acked-by: Marc-André Lureau
(cherry picked from commit a1
From: Yiwei Zhang
Venus and later native contexts have their own fence context along with
multiple timelines within. Fences wtih VIRTIO_GPU_FLAG_INFO_RING_IDX in
the flags must be dispatched to be created on the target context. Fence
signaling also has to be handled on the specific timeline withi
From: "Xin Li (Intel)"
WRMSRNS doesn't become a required feature for FERD, and Linux has
removed the dependency, as such remove it from Qemu.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Xin Li (Intel)
Reviewed-by: Xiaoyao Li
Link: https://lore.kernel.org/r/20250103084827.1820007-2-...@zytor.com
From: Peter Maydell
The AN500 application note documents that it configures the Cortex-M7
CPU to have 16 MPU regions. We weren't doing this in our emulation,
so the CPU had only the default 8 MPU regions. Set the mpu-ns-regions
property to 16 for this board.
This bug doesn't affect any of the ot
From: Sairaj Kodilkar
Commit c1f46999ef506 ("amd_iommu: Add support for pass though mode")
introduces the support for "pt" flag by enabling nodma memory when
"pt=off". This allowed VFIO devices to successfully register notifiers
by using nodma region.
But, This also broke things when guest is bo
From: J. Neuschäfer
Although the emulated cacheflush syscall does nothing, it still needs to
return zero to indicate success.
Cc: qemu-sta...@nongnu.org
Signed-off-by: J. Neuschäfer
Message-id: 20250613-cache-v1-1-ee9f4a9ba...@gmx.net
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
(c
From: Vasant Hegde
If vCPUs > 255 then x86 common code (x86_cpus_init()) call kvm_enable_x2apic().
But if vCPUs <= 255 then the common code won't calls kvm_enable_x2apic().
This is because commit 8c6619f3e692 ("hw/i386/amd_iommu: Simplify non-KVM
checks on XTSup feature") removed the call to kvm
From: Solomon Tan
According to the Arm A-profile A64 Instruction Set Architecture,
RETA[AB] should be decoded as UNDEF if the pauth feature is not
implemented.
We got this right in the initial implementation, but accidentally
dropped the feature-check when we converted these insns to
decodetree.
From: Weifeng Liu
The existence of multiple scaling factors forces us to deal with various
coordinate systems and this would be confusing. It would be beneficial
to define the concepts clearly and use consistent representation for
variables in different coordinates.
Signed-off-by: Weifeng Liu
M
From: Bernhard Beschow
Commit 56b1f50e3c10 ("hw/i386/pc: Wire RTC ISA IRQs in south bridges")
attempted to refactor RTC IRQ wiring which was previously done in
pc_basic_device_init() but forgot about the isapc machine. Fix this by
wiring in the code section dedicated exclusively to the isapc mach
From: Jamin Lin
On big-endian hosts, the aspeed_ram_capacity_write() function previously passed
the address of a 64-bit "data" variable directly to address_space_write(),
assuming host and guest endianness matched.
However, the data is expected to be written in little-endian format to DRAM.
On b
On Fri, Jul 11, 2025 at 10:16 AM Xiaoyao Li wrote:
> On 7/11/2025 3:55 PM, Paolo Bonzini wrote:
> > Simplify the accelerators' cpu_instance_init callbacks by doing all
> > host-cpu setup in a single function.
>
> btw, it changes the behavior for "-cpu base" with accelerator.
>
> I think it should
From: Bibo Mao
With API build_mcfg(), it is not necessary with parameter structure
AcpiMcfgInfo to convert to little endian since it is directly used
with host native endian.
Here remove endian conversion before calling function build_mcfg().
With this patch, bios-tables-test passes to run on bi
From: Ethan Chen
The documentation for the -icount option incorrectly describes the behavior
of the sleep suboption. Based on the actual implementation and system
behavior, the effects of sleep=on and sleep=off were inadvertently reversed.
This commit updates the description to reflect their inte
From: Philippe Mathieu-Daudé
Linux kernel knows how to parse "arm,armv8", not "arm,arm-v8".
See arch/arm64/boot/dts/foundation-v8.dts:
https://github.com/torvalds/linux/commit/90556ca1ebdd
Cc: qemu-sta...@nongnu.org
Fixes: 26861c7ce06 ("target-arm: Add minimal KVM AArch64 support")
Fixes: 58
From: Fiona Ebner
Currently, changing the 'drive' property of e.g. a scsi-hd object will
result in an assertion failure if the aio context of the block node
it's replaced with doesn't match the current aio context:
> bdrv_replace_child_noperm: Assertion `bdrv_get_aio_context(old_bs) ==
> bdrv_ge
From: Shameer Kolothum
default_bus_bypass_iommu tells us whether the bypass_iommu is set
for the default PCIe root bus. Make sure we check that before adding
the "iommu-map" DT property.
Cc: qemu-sta...@nongnu.org
Fixes: 6d7a85483a06 ("hw/arm/virt: Add default_bus_bypass_iommu machine option")
S
From: Richard Henderson
The scalar constant must be replicated for dup.
Cc: qemu-sta...@nongnu.org
Fixes: bab1671f0fa ("tcg: Manually expand INDEX_op_dup_vec")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3002
Signed-off-by: Richard Henderson
(cherry picked from commit 0d0fc3f4658937
From: Song Gao
on qemu we got an aborted error
**
ERROR:../target/loongarch/tcg/insn_trans/trans_vec.c.inc:3574:vldi_get_value:
code should not be reached
Bail out!
ERROR:../target/loongarch/tcg/insn_trans/trans_vec.c.inc:3574:vldi_get_value:
code should not be reached
Aborted (core dumped)
bu
From: Song Gao
fcond only has 22 types, add a check for fcond.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2972
Signed-off-by: Song Gao
Reviewed-by: Richard Henderson
Message-Id: <20250603024810.350510-1-gaos...@loongson.cn>
(cherry picked from commit e7788da9860c97920c19fa1150806
From: Kevin Wolf
Commit bdf12f2a fixed the setter for the "loadparm" machine property,
which gets a string from a visitor, passes it to s390_ipl_fmt_loadparm()
and then forgot to free it. It left another instance of the same problem
unfixed in the "loadparm" device property. Fix it.
Signed-off-b
The following patches are queued for QEMU stable v10.0.3:
https://gitlab.com/qemu-project/qemu/-/commits/staging-10.0
Patch freeze is 2025-07-21, and the release is planned for 2025-07-23:
https://wiki.qemu.org/Planning/10.0
Please respond here or CC qemu-sta...@nongnu.org on any additional
From: Volker Rümelin
As far as the emulated audio devices are concerned the pointer
returned by AUD_open_out() is an opaque handle. This includes
the NULL pointer. In this case, AUD_get_buffer_size_out() should
return a sensible buffer size instead of triggering a segmentation
fault. All other pu
From: Richard Henderson
Implement FPProcessNaNs4 within f16_dotadd, rather than
simply letting NaNs propagate through the function.
Cc: qemu-sta...@nongnu.org
Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)")
Reviewed-by: Peter Maydell
Signed-off-by: Richard Henderson
Messag
From: Richard Henderson
Do not assume SME implies SVE. Ensure that the non-streaming
check is present along the SME path, since it is not implied
by sme_*_enabled_check.
Cc: qemu-sta...@nongnu.org
Reviewed-by: Peter Maydell
Signed-off-by: Richard Henderson
Message-id: 20250704142112.1018902-3
1 - 100 of 412 matches
Mail list logo