[PATCH v3 0/7] esp.c: only allow ESP commands permitted in the current mode

2025-07-11 Thread Mark Cave-Ayland
This series contains a few minor tidy-ups along with an implementation of the logic to only allow ESP commands permitted in the current mode. The motivation is to fix GitLab issue #2464 which causes Windows NT MIPS to bluescreen on boot. Patches 1 to 5 are simple tidy-ups from investigating the is

[Stable-7.2.19 11/15] target/arm: Fix SME vs AdvSIMD exception priority

2025-07-11 Thread Michael Tokarev
From: Richard Henderson We failed to raise an exception when sme_excp_el == 0 and fp_excp_el == 1. Cc: qemu-sta...@nongnu.org Fixes: 3d74825f4d6 ("target/arm: Add SME enablement checks") Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20250704142112.1018902-2-richard.he

[Stable-7.2.19 12/15] target/arm: Fix sve_access_check for SME

2025-07-11 Thread Michael Tokarev
From: Richard Henderson Do not assume SME implies SVE. Ensure that the non-streaming check is present along the SME path, since it is not implied by sme_*_enabled_check. Cc: qemu-sta...@nongnu.org Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20250704142112.1018902-3

[PATCH v3 2/7] esp.c: improve comment in esp_transfer_data()

2025-07-11 Thread Mark Cave-Ayland
Whilst working on the previous patch, the existing comment was not enough to document when the TI command codepath was being used. Update and improve the comment accordingly. Signed-off-by: Mark Cave-Ayland Reviewed-by: Philippe Mathieu-Daudé --- hw/scsi/esp.c | 5 +++-- 1 file changed, 3 inser

[Stable-7.2.19 01/15] hw/misc/aspeed_hace: Ensure HASH_IRQ is always set to prevent firmware hang

2025-07-11 Thread Michael Tokarev
From: Jamin Lin Currently, if the program encounters an unsupported algorithm, it does not set the HASH_IRQ bit in the status register and send an interrupt to indicate command completion. As a result, the FW gets stuck waiting for a completion signal from the HACE module. Additionally, in do_ha

[Stable-7.2.19 02/15] vhost: Don't set vring call if guest notifier is unused

2025-07-11 Thread Michael Tokarev
From: Huaitong Han The vring call fd is set even when the guest does not use MSI-X (e.g., in the case of virtio PMD), leading to unnecessary CPU overhead for processing interrupts. The commit 96a3d98d2c("vhost: don't set vring call if no vector") optimized the case where MSI-X is enabled but the

[Stable-7.2.19 14/15] target/arm: Fix PSEL size operands to tcg_gen_gvec_ands

2025-07-11 Thread Michael Tokarev
From: Richard Henderson Gvec only operates on size 8 and multiples of 16. Predicates may be any multiple of 2. Round up the size using the appropriate function. Cc: qemu-sta...@nongnu.org Fixes: 598ab0b24c0 ("target/arm: Implement PSEL") Reviewed-by: Peter Maydell Signed-off-by: Richard Henders

[Stable-7.2.19 15/15] target/arm: Fix f16_dotadd vs nan selection

2025-07-11 Thread Michael Tokarev
From: Richard Henderson Implement FPProcessNaNs4 within f16_dotadd, rather than simply letting NaNs propagate through the function. Cc: qemu-sta...@nongnu.org Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)") Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Messag

[PATCH v3 5/7] esp.c: only call dma_memory_write function if transfer length is non-zero

2025-07-11 Thread Mark Cave-Ayland
In the cases where mixed DMA/non-DMA transfers are used or no data is available, it is possible for the calculated transfer length to be zero. Only call the dma_memory_write function where the transfer length is non-zero to avoid invoking the DMA engine for a zero length transfer which can have sid

[Stable-7.2.19 07/15] qemu-options.hx: Fix reversed description of icount sleep behavior

2025-07-11 Thread Michael Tokarev
From: Ethan Chen The documentation for the -icount option incorrectly describes the behavior of the sleep suboption. Based on the actual implementation and system behavior, the effects of sleep=on and sleep=off were inadvertently reversed. This commit updates the description to reflect their inte

[Stable-7.2.19 09/15] tcg: Fix constant propagation in tcg_reg_alloc_dup

2025-07-11 Thread Michael Tokarev
From: Richard Henderson The scalar constant must be replicated for dup. Cc: qemu-sta...@nongnu.org Fixes: bab1671f0fa ("tcg: Manually expand INDEX_op_dup_vec") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3002 Signed-off-by: Richard Henderson (cherry picked from commit 0d0fc3f4658937

[PATCH v4 22/28] pc-bios/s390-ccw: Add additional security checks for secure boot

2025-07-11 Thread Zhuoying Cai
Add additional checks to ensure that components do not overlap with signed components when loaded into memory. Add additional checks to ensure the load addresses of unsigned components are greater than or equal to 0x2000. When the secure IPL code loading attributes facility (SCLAF) is installed,

[PATCH v4 20/28] pc-bios/s390-ccw: Add signature verification for secure IPL in audit mode

2025-07-11 Thread Zhuoying Cai
Enable secure IPL in audit mode, which performs signature verification, but any error does not terminate the boot process. Only warnings will be logged to the console instead. Add a comp_len variable to store the length of a segment in zipl_load_segment. comp_len variable is necessary to store the

[PATCH v4 09/28] s390x/diag: Implement DIAG 320 subcode 2

2025-07-11 Thread Zhuoying Cai
DIAG 320 subcode 2 provides verification-certificates (VCs) that are in the certificate store. Only X509 certificates in DER format and SHA-256 hash type are recognized. The subcode value is denoted by setting the second-left-most bit of an 8-byte field. The Verification Certificate Block (VCB) c

[PATCH v4 05/28] s390x/diag: Introduce DIAG 320 for certificate store facility

2025-07-11 Thread Zhuoying Cai
DIAGNOSE 320 is introduced to support certificate store facility, which includes operations such as query certificate storage information and provide certificates in the certificate store. Currently, only subcode 0 is supported with this patch, which is used to query a bitmap of which subcodes are

[PATCH v4 06/28] s390x/diag: Refactor address validation check from diag308_parm_check

2025-07-11 Thread Zhuoying Cai
Create a function to validate the address parameter of DIAGNOSE. Refactor the function for reuse in the next patch, which allows address validation in read or write operation of DIAGNOSE. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.h | 6 ++ target/s390x/diag.c | 4 +--- 2 files chang

[PATCH v4 28/28] docs: Add secure IPL documentation

2025-07-11 Thread Zhuoying Cai
Add documentation for secure IPL Signed-off-by: Collin Walling Signed-off-by: Zhuoying Cai --- docs/specs/s390x-secure-ipl.rst | 159 +++ docs/system/s390x/secure-ipl.rst | 156 ++ 2 files changed, 315 insertions(+) create mode 100644 do

[PATCH v4 15/28] hw/s390x/ipl: Add IPIB flags to IPL Parameter Block

2025-07-11 Thread Zhuoying Cai
Add IPIB flags to IPL Parameter Block to determine if IPL needs to perform securely and if IPL Information Report Block (IIRB) exists. Move DIAG308 flags to a separated header file and add flags for secure IPL. Secure boot in audit mode will perform if certificate(s) exist in the key store. IIRB

[PATCH v4 04/28] s390x: Guest support for Certificate Store Facility (CS)

2025-07-11 Thread Zhuoying Cai
DIAG 320 is supported when the certificate-store (CS) facility is installed. Availability of CS facility is determined by byte 134 bit 5 of the SCLP Read Info block. Byte 134's facilities cannot be represented without the availability of the extended-length-SCCB, so add it as a check for consisten

[PATCH v4 07/28] s390x/diag: Implement DIAG 320 subcode 1

2025-07-11 Thread Zhuoying Cai
DIAG 320 subcode 1 provides information needed to determine the amount of storage to store one or more certificates. The subcode value is denoted by setting the left-most bit of an 8-byte field. The verification-certificate-storage-size block (VCSSB) contains the output data when the operation co

[PATCH v4 13/28] pc-bios/s390-ccw: Introduce IPL Information Report Block (IIRB)

2025-07-11 Thread Zhuoying Cai
The IPL information report block (IIRB) contains information used to locate IPL records and to report the results of signature verification of one or more secure components of the load device. IIRB is stored immediately following the IPL Parameter Block. Results on component verification in any ca

[PATCH v3 7/7] esp.c: only allow ESP commands permitted in the current asc_mode

2025-07-11 Thread Mark Cave-Ayland
If an ESP command is issued in an incorrect mode then an illegal command interrupt should be generated. Add a new esp_cmd_is_valid() function to indicate whether the ESP command is valid for the current mode, and if not then raise the illegal command interrupt. This fixes WinNT MIPS which issues I

[Stable-7.2.19 00/15] Patch Round-up for stable 7.2.19, freeze on 2025-07-21

2025-07-11 Thread Michael Tokarev
The following patches are queued for QEMU stable v7.2.19: https://gitlab.com/qemu-project/qemu/-/commits/staging-7.2 Patch freeze is 2025-07-21, and the release is planned for 2025-07-23: https://wiki.qemu.org/Planning/7.2 Please respond here or CC qemu-sta...@nongnu.org on any additional p

[Stable-7.2.19 06/15] hw/arm/virt: Check bypass iommu is not set for iommu-map DT property

2025-07-11 Thread Michael Tokarev
From: Shameer Kolothum default_bus_bypass_iommu tells us whether the bypass_iommu is set for the default PCIe root bus. Make sure we check that before adding the "iommu-map" DT property. Cc: qemu-sta...@nongnu.org Fixes: 6d7a85483a06 ("hw/arm/virt: Add default_bus_bypass_iommu machine option") S

[PATCH v3 6/7] esp.c: add asc_mode property to indicate the current ESP mode

2025-07-11 Thread Mark Cave-Ayland
Add a new asc_mode property to ESPState which indicates the current mode of the ESP and update the ESP state machine accordingly. Bump the vmstate version and include migration logic to ensure that asc_mode is set to initiator mode such that any commands in progress will always continue. Signed-o

[Stable-7.2.19 03/15] audio: fix SIGSEGV in AUD_get_buffer_size_out()

2025-07-11 Thread Michael Tokarev
From: Volker Rümelin As far as the emulated audio devices are concerned the pointer returned by AUD_open_out() is an opaque handle. This includes the NULL pointer. In this case, AUD_get_buffer_size_out() should return a sensible buffer size instead of triggering a segmentation fault. All other pu

[Stable-7.2.19 13/15] target/arm: Fix 128-bit element ZIP, UZP, TRN

2025-07-11 Thread Michael Tokarev
From: Richard Henderson We missed the instructions UDEF when the vector size is too small. We missed marking the instructions non-streaming with SME. Cc: qemu-sta...@nongnu.org Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20250704142112.1018902-4-richard.hender...@li

[Stable-7.2.19 08/15] linux-user/arm: Fix return value of SYS_cacheflush

2025-07-11 Thread Michael Tokarev
From: J. Neuschäfer Although the emulated cacheflush syscall does nothing, it still needs to return zero to indicate success. Cc: qemu-sta...@nongnu.org Signed-off-by: J. Neuschäfer Message-id: 20250613-cache-v1-1-ee9f4a9ba...@gmx.net Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (c

[Stable-7.2.19 10/15] target/arm: Correct KVM & HVF dtb_compatible value

2025-07-11 Thread Michael Tokarev
From: Philippe Mathieu-Daudé Linux kernel knows how to parse "arm,armv8", not "arm,arm-v8". See arch/arm64/boot/dts/foundation-v8.dts: https://github.com/torvalds/linux/commit/90556ca1ebdd Cc: qemu-sta...@nongnu.org Fixes: 26861c7ce06 ("target-arm: Add minimal KVM AArch64 support") Fixes: 58

[PATCH v3 3/7] esp.h: remove separate ESPState typedef

2025-07-11 Thread Mark Cave-Ayland
This is not needed as it is now handled by the OBJECT_DECLARE_SIMPLE_TYPE() macro. Signed-off-by: Mark Cave-Ayland Reviewed-by: Philippe Mathieu-Daudé --- include/hw/scsi/esp.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/hw/scsi/esp.h b/include/hw/scsi/esp.h index 533d856aa3..

[PATCH v3 4/7] esp.c: only call dma_memory_read function if transfer length is non-zero

2025-07-11 Thread Mark Cave-Ayland
In the cases where mixed DMA/non-DMA transfers are used or no data is available, it is possible for the calculated transfer length to be zero. Only call the dma_memory_read function where the transfer length is non-zero to avoid invoking the DMA engine for a zero length transfer which can have side

[Stable-7.2.19 04/15] hw/core/qdev-properties-system: Add missing return in set_drive_helper()

2025-07-11 Thread Michael Tokarev
From: Fiona Ebner Currently, changing the 'drive' property of e.g. a scsi-hd object will result in an assertion failure if the aio context of the block node it's replaced with doesn't match the current aio context: > bdrv_replace_child_noperm: Assertion `bdrv_get_aio_context(old_bs) == > bdrv_ge

[Stable-7.2.19 05/15] hw/loongarch/virt: Fix big endian support with MCFG table

2025-07-11 Thread Michael Tokarev
From: Bibo Mao With API build_mcfg(), it is not necessary with parameter structure AcpiMcfgInfo to convert to little endian since it is directly used with host native endian. Here remove endian conversion before calling function build_mcfg(). With this patch, bios-tables-test passes to run on bi

[PATCH v3 1/7] esp.c: only raise IRQ in esp_transfer_data() for CMD_SEL, CMD_SELATN and CMD_TI commands

2025-07-11 Thread Mark Cave-Ayland
Clarify the logic in esp_transfer_data() to ensure that the deferred interrupt code can only be triggered for CMD_SEL, CMD_SELATN and CMD_TI commands. This should already be the case, but make it explicit to ensure the logic isn't triggered unexpectedly. Signed-off-by: Mark Cave-Ayland Reviewe

[PATCH v4 27/28] hw/s390x/ipl: Handle secure boot without specifying a boot device

2025-07-11 Thread Zhuoying Cai
If secure boot in audit mode or True Secure IPL mode is enabled without specifying a boot device, the boot process will terminate with an error. Signed-off-by: Zhuoying Cai --- hw/s390x/ipl.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index a1

[PATCH v4 01/28] Add boot-certificates to s390-ccw-virtio machine type option

2025-07-11 Thread Zhuoying Cai
Add boot-certificates as a parameter of s390-ccw-virtio machine type option. The `boot-certificates=/path/dir:/path/file` parameter is implemented to provide path to either a directory or a single certificate. Multiple paths can be delineated using a colon. Signed-off-by: Zhuoying Cai --- hw/s

[PATCH v4 23/28] Add secure-boot to s390-ccw-virtio machine type option

2025-07-11 Thread Zhuoying Cai
Add secure-boot as a parameter of s390-ccw-virtio machine type option. The `secure-boot=on|off` parameter is implemented to enable secure IPL. By default, secure-boot is set to false if not specified in the command line. Signed-off-by: Zhuoying Cai --- hw/s390x/s390-virtio-ccw.c | 22 +

[PATCH v4 10/28] s390x/diag: Introduce DIAG 508 for secure IPL operations

2025-07-11 Thread Zhuoying Cai
From: Collin Walling In order to support secure IPL (aka secure boot) for the s390-ccw BIOS, a new s390 DIAGNOSE instruction is introduced to leverage QEMU for handling operations such as signature verification and certificate retrieval. Currently, only subcode 0 is supported with this patch, wh

[PATCH v4 08/28] crypto/x509-utils: Add helper functions for DIAG 320 subcode 2

2025-07-11 Thread Zhuoying Cai
Introduce new helper functions to extract certificate metadata needed for DIAG 320 subcode 2: qcrypto_x509_get_cert_version() - retrieves version of a certificate qcrypto_x509_check_cert_times() - validates the certificate's validity period against the current time qcrypto_x509_get_pk_algorithm()

[PATCH v4 00/28] Secure IPL Support for SCSI Scheme of virtio-blk/virtio-scsi Devices

2025-07-11 Thread Zhuoying Cai
cyrpto/x590-utils - Updated patch descriptions to summarize what each patch introduces. - Restricted accepted certificate format on the QEMU command line to PEM only. - Added internal conversion routines to handle PEM-to-DER and DER-to-PEM as needed. - Renamed crypto functions using the qcrypto

[PATCH v4 12/28] s390x/diag: Implement DIAG 508 subcode 1 for signature verification

2025-07-11 Thread Zhuoying Cai
From: Collin Walling DIAG 508 subcode 1 performs signature-verification on signed components. A signed component may be a Linux kernel image, or any other signed binary. **Verification of initrd is not supported.** The instruction call expects two item-pairs: an address of a device component, an

[PATCH v4 11/28] crypto/x509-utils: Add helper functions for DIAG 508 subcode 1

2025-07-11 Thread Zhuoying Cai
Introduce helper functions to support signature verification required by DIAG 508 subcode 1: qcrypto_pkcs7_convert_sig_pem() – converts a signature from DER to PEM format qcrypto_x509_verify_sig() – verifies the provided data against the given signature These functions enable basic signature ver

[PATCH v4 16/28] hw/s390x/ipl: Set iplb->len to maximum length of IPL Parameter Block

2025-07-11 Thread Zhuoying Cai
The IPL Information Report Block (IIRB) immediately follows the IPL Parameter Block (IPLB). The IPLB struct is allocated 4KB in memory, and iplb->len indicates the amount of memory currently used by the IPLB. To ensure proper alignment of the IIRB and prevent overlap, set iplb->len to the maximum

[PATCH v4 24/28] hw/s390x/ipl: Set IPIB flags for secure IPL

2025-07-11 Thread Zhuoying Cai
If `-secure-boot on` is specified on the command line option, indicating true secure IPL enabled, set Secure-IPL bit and IPL-Information-Report bit on in IPIB Flags field, and trigger true secure IPL in the S390 BIOS. Any error that occurs during true secure IPL will cause the IPL to terminate. S

[PATCH v4 21/28] s390x: Guest support for Secure-IPL Code Loading Attributes Facility (SCLAF)

2025-07-11 Thread Zhuoying Cai
The secure-IPL-code-loading-attributes facility (SCLAF) provides additional security during IPL. Availability of SCLAF is determined by byte 136 bit 3 of the SCLP Read Info block. Signed-off-by: Zhuoying Cai --- target/s390x/cpu_features.c | 1 + target/s390x/cpu_features_def.h.inc | 1

[PATCH v4 25/28] pc-bios/s390-ccw: Handle true secure IPL mode

2025-07-11 Thread Zhuoying Cai
When secure boot is enabled (-secure-boot on) and certificate(s) are provided, the boot operates in True Secure IPL mode. Any verification error during True Secure IPL mode will cause the entire boot process to terminate. Secure IPL in audit mode requires at least one certificate provided in the

[PATCH v4 19/28] pc-bios/s390-ccw: Refactor zipl_load_segment function

2025-07-11 Thread Zhuoying Cai
Make the address variable a parameter of zipl_load_segment and return segment length. Modify this function for reuse in the next patch, which allows loading segment or signature data to the destination memory address. Add a comp_len variable to store the length of a segment and return this variab

[PATCH v4 18/28] pc-bios/s390-ccw: Refactor zipl_run()

2025-07-11 Thread Zhuoying Cai
Refactor to enhance readability before enabling secure IPL in later patches. Signed-off-by: Zhuoying Cai --- pc-bios/s390-ccw/bootmap.c | 58 ++ 1 file changed, 34 insertions(+), 24 deletions(-) diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootm

[PATCH v4 26/28] pc-bios/s390-ccw: Handle secure boot with multiple boot devices

2025-07-11 Thread Zhuoying Cai
The current approach to enabling secure boot relies on providing -secure-boot and -boot-certificates options, which apply to all boot devices. With the possibility of multiple boot devices, secure boot expects all provided devices to be supported and eligible (e.g., virtio-blk/virtio-scsi using th

[PATCH v4 02/28] crypto/x509-utils: Add helper functions for certificate store

2025-07-11 Thread Zhuoying Cai
Introduce new helper functions for x509 certificate, which will be used by the certificate store: qcrypto_x509_convert_cert_der() - converts a certificate from PEM to DER format qcrypto_x509_get_keyid_len() - returns the length of the key ID qcrypto_x509_get_signature_algorithm() - returns signatu

[PATCH v4 14/28] pc-bios/s390-ccw: Define memory for IPLB and convert IPLB to pointers

2025-07-11 Thread Zhuoying Cai
Define a memory space for both IPL Parameter Block (IPLB) and IPL Information Report Block (IIRB) since IIRB is stored immediately following IPLB. Convert IPLB to pointer and it points to the start of the defined memory space. IIRB points to the end of IPLB. Signed-off-by: Zhuoying Cai --- pc-b

[PATCH v4 17/28] s390x: Guest support for Secure-IPL Facility

2025-07-11 Thread Zhuoying Cai
Introduce Secure-IPL (SIPL) facility. Use fac_ipl to represent bytes 136 and 137 for IPL device facilities of the SCLP Read Info block. Availability of SIPL facility is determined by byte 136 bit 1 of the SCLP Read Info block. Byte 136's facilities cannot be represented without the availability o

[PATCH v4 03/28] hw/s390x/ipl: Create certificate store

2025-07-11 Thread Zhuoying Cai
Create a certificate store for boot certificates used for secure IPL. Load certificates from the boot-certificate parameter of s390-ccw-virtio machine type option into the cert store. Currently, only X.509 certificates in PEM format are supported, as the QEMU command line accepts certificates in

Re: [PATCH] tcg: Use uintptr_t in tcg_malloc implementation

2025-07-11 Thread Ilya Leoshkevich
On Thu, 2025-07-10 at 16:50 -0600, Richard Henderson wrote: > Avoid ubsan failure with clang-20, >   tcg.h:715:19: runtime error: applying non-zero offset 64 to null > pointer > by not using pointers. > > Cc: Ilya Leoshkevich > Signed-off-by: Richard Henderson > --- > > Supercedes: 202506181837

[PATCH] hw/misc/ivshmem-pci: Improve error handling

2025-07-11 Thread Peter Maydell
Coverity points out that the ivshmem-pci code has some error handling cases where it incorrectly tries to use an invalid filedescriptor. These generally happen because ivshmem_recv_msg() calls qemu_chr_fe_get_msgfd(), which might return -1, but the code in process_msg() generally assumes that the f

Re: [PATCH] linux-user: Use qemu_set_cloexec() to mark pidfd as FD_CLOEXEC

2025-07-11 Thread Daniel P . Berrangé
On Fri, Jul 11, 2025 at 03:12:17PM +0100, Peter Maydell wrote: > In the linux-user do_fork() function we try to set the FD_CLOEXEC > flag on a pidfd like this: > > fcntl(pid_fd, F_SETFD, fcntl(pid_fd, F_GETFL) | FD_CLOEXEC); > > This has two problems: > (1) it doesn't check errors, which Cov

Re: [PATCH] hw/misc/ivshmem-pci: Improve error handling

2025-07-11 Thread Markus Armbruster
Peter Maydell writes: > Coverity points out that the ivshmem-pci code has some error handling > cases where it incorrectly tries to use an invalid filedescriptor. > These generally happen because ivshmem_recv_msg() calls > qemu_chr_fe_get_msgfd(), which might return -1, but the code in > process_

Re: [PATCH] target/arm: Added support for SME register exposure to GDB

2025-07-11 Thread Vacha Bhavsar
+ richard.hender...@linaro.org Hi Richard, I'm an intern working with Joel Jones and he mentioned you've worked quite a bit on SME on QEMU. We were wondering if you could take a look at this patch as the deadline for the soft freeze is fast approaching and we'd like it to make it to the next rel

Re: [PATCH V4 1/3] qom: qom-list-get

2025-07-11 Thread Markus Armbruster
Steve Sistare writes: > Define the qom-list-get command, which fetches all the properties and > values for a list of paths. This is faster than qom-list plus qom-get, > especially when fetching a large subset of the QOM tree. Some managers > do so when starting a new VM, and this cost can be a

[PATCH V5 3/3] tests/qtest/qom-test: unit test for qom-list-get

2025-07-11 Thread Steve Sistare
Add a unit test for qom-list-get. Signed-off-by: Steve Sistare Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Markus Armbruster --- tests/qtest/qom-test.c | 116 - 1 file changed, 115 insertions(+), 1 deletion(-) diff --git a/tests/qtest/qom-t

[PATCH V5 1/3] qom: qom-list-get

2025-07-11 Thread Steve Sistare
Using qom-list and qom-get to get all the nodes and property values in a QOM tree can take multiple seconds because it requires 1000's of individual QOM requests. Some managers fetch the entire tree or a large subset of it when starting a new VM, and this cost is a substantial fraction of start up

[PATCH V5 0/3] fast qom tree get

2025-07-11 Thread Steve Sistare
Using qom-list and qom-get to get all the nodes and property values in a QOM tree can take multiple seconds because it requires 1000's of individual QOM requests. Some managers fetch the entire tree or a large subset of it when starting a new VM, and this cost is a substantial fraction of start up

[PATCH V5 2/3] python: use qom-list-get

2025-07-11 Thread Steve Sistare
Use qom-list-get to speed up the qom-tree command. Signed-off-by: Steve Sistare Acked-by: Markus Armbruster --- python/qemu/utils/qom.py| 43 +++-- python/qemu/utils/qom_common.py | 53 + 2 files changed, 78 insertions(

Re: [PATCH V4 2/3] python: use qom-list-get

2025-07-11 Thread Markus Armbruster
Steve Sistare writes: > Use qom-list-get to speed up the qom-tree command. > > Signed-off-by: Steve Sistare Quick test... Differences in output before and after match expectations (see appended diff). New version: real0m0.446s user0m0.062s sys 0m0.017s Old version ba

Re: [PATCH V4 3/3] tests/qtest/qom-test: unit test for qom-list-getv

2025-07-11 Thread Markus Armbruster
Steve Sistare writes: > Add a unit test for qom-list-getv. qom-list-get here and in subject. Could scratch this line, subject suffices. > > Signed-off-by: Steve Sistare > Reviewed-by: Philippe Mathieu-Daudé > --- > tests/qtest/qom-test.c | 116 >

Re: [PATCH v2 1/7] esp.c: only raise IRQ in esp_transfer_data() for CMD_SEL, CMD_SELATN and CMD_TI commands

2025-07-11 Thread Mark Cave-Ayland
On 09/07/2025 12:09, Philippe Mathieu-Daudé wrote: On 18/6/25 08:12, Mark Cave-Ayland wrote: Clarify the logic in esp_transfer_data() to ensure that the deferred interrupt code can only be triggered for CMD_SEL, CMD_SELATN and CMD_TI commands. This should already be the case, but make it expl

Re: [PATCH v2 4/7] esp.c: only call dma_memory_read function if transfer length is non-zero

2025-07-11 Thread Mark Cave-Ayland
On 09/07/2025 12:11, Philippe Mathieu-Daudé wrote: On 18/6/25 08:12, Mark Cave-Ayland wrote: In the cases where mixed DMA/non-DMA transfers are used or no data is available, it is possible to for the calculated transfer length to be "to ~for~ the..." Ooops. Will fix in v3. zero. Only call

Re: [PATCH v2 0/7] esp.c: only allow ESP commands permitted in the current mode

2025-07-11 Thread Mark Cave-Ayland
On 09/07/2025 12:16, Philippe Mathieu-Daudé wrote: Hi Mark, On 9/7/25 09:50, Mark Cave-Ayland wrote: On 18/06/2025 07:12, Mark Cave-Ayland wrote: This series contains a few minor tidy-ups along with an implementation of the logic to only allow ESP commands permitted in the current mode. The

Re: [PATCH v2 5/7] esp.c: only call dma_memory_write function if transfer length is non-zero

2025-07-11 Thread Mark Cave-Ayland
On 09/07/2025 12:14, Philippe Mathieu-Daudé wrote: On 18/6/25 08:12, Mark Cave-Ayland wrote: In the cases where mixed DMA/non-DMA transfers are used or no data is available, it is possible to for the calculated transfer length to be zero. Only call the dma_memory_write function where the transf

[Stable-10.0.3 04/39] ui/gtk: Use consistent naming for variables in different coordinates

2025-07-11 Thread Michael Tokarev
From: Weifeng Liu Now that we've documented definitions and presentation of various coordinates, let's enforce the rules. Signed-off-by: Weifeng Liu Message-ID: <20250511073337.876650-3-weifeng.li...@gmail.com> Acked-by: Gerd Hoffmann Acked-by: Marc-André Lureau (cherry picked from commit 3a6

[Stable-10.0.3 20/39] iotests: fix 240

2025-07-11 Thread Michael Tokarev
From: Stefan Hajnoczi Commit 2e8e18c2e463 ("virtio-scsi: add iothread-vq-mapping parameter") removed the limitation that virtio-scsi devices must successfully set the AioContext on their BlockBackends. This was made possible thanks to the QEMU multi-queue block layer. This change broke qemu-iote

[Stable-10.0.3 01/39] hw/misc/aspeed_hace: Ensure HASH_IRQ is always set to prevent firmware hang

2025-07-11 Thread Michael Tokarev
From: Jamin Lin Currently, if the program encounters an unsupported algorithm, it does not set the HASH_IRQ bit in the status register and send an interrupt to indicate command completion. As a result, the FW gets stuck waiting for a completion signal from the HACE module. Additionally, in do_ha

Re: [PATCH] target/i386: merge host_cpu_instance_init() and host_cpu_max_instance_init()

2025-07-11 Thread Xiaoyao Li
On 7/11/2025 3:55 PM, Paolo Bonzini wrote: Simplify the accelerators' cpu_instance_init callbacks by doing all host-cpu setup in a single function. btw, it changes the behavior for "-cpu base" with accelerator. I think it should be OK considering "-cpu base" seems only for experiment case.

[Stable-10.0.3 09/39] ui/vnc: take account of client byte order in pixman format

2025-07-11 Thread Michael Tokarev
From: Daniel P. Berrangé The set_pixel_conversion() method is responsible for determining whether the VNC client pixel format matches the server format, and thus whether we can use the fast path "copy" impl for sending pixels, or must use the generic impl with bit swizzling. The VNC server forma

[Stable-10.0.3 07/39] ui/sdl: Consider scaling in mouse event handling

2025-07-11 Thread Michael Tokarev
From: Weifeng Liu When using sdl display backend, if the window is scaled, incorrect mouse positions will be reported since scaling is not properly handled. Fix it by transforming the positions from window coordinate to guest buffer coordinate. Signed-off-by: Weifeng Liu Message-ID: <2025051107

[Stable-10.0.3 05/39] gtk/ui: Introduce helper gd_update_scale

2025-07-11 Thread Michael Tokarev
From: Weifeng Liu The code snippet updating scale_x/scale_y is general and will be used in next patch. Make it a function. Signed-off-by: Weifeng Liu Message-ID: <20250511073337.876650-4-weifeng.li...@gmail.com> Acked-by: Gerd Hoffmann Acked-by: Marc-André Lureau (cherry picked from commit a1

[Stable-10.0.3 32/39] virtio-gpu: support context init multiple timeline

2025-07-11 Thread Michael Tokarev
From: Yiwei Zhang Venus and later native contexts have their own fence context along with multiple timelines within. Fences wtih VIRTIO_GPU_FLAG_INFO_RING_IDX in the flags must be dispatched to be created on the target context. Fence signaling also has to be handled on the specific timeline withi

[Stable-10.0.3 19/39] target/i386: Remove FRED dependency on WRMSRNS

2025-07-11 Thread Michael Tokarev
From: "Xin Li (Intel)" WRMSRNS doesn't become a required feature for FERD, and Linux has removed the dependency, as such remove it from Qemu. Cc: qemu-sta...@nongnu.org Signed-off-by: Xin Li (Intel) Reviewed-by: Xiaoyao Li Link: https://lore.kernel.org/r/20250103084827.1820007-2-...@zytor.com

[Stable-10.0.3 25/39] hw/arm/mps2: Configure the AN500 CPU with 16 MPU regions

2025-07-11 Thread Michael Tokarev
From: Peter Maydell The AN500 application note documents that it configures the Cortex-M7 CPU to have 16 MPU regions. We weren't doing this in our emulation, so the CPU had only the default 8 MPU regions. Set the mpu-ns-regions property to 16 for this board. This bug doesn't affect any of the ot

[Stable-10.0.3 14/39] hw/i386/amd_iommu: Fix device setup failure when PT is on.

2025-07-11 Thread Michael Tokarev
From: Sairaj Kodilkar Commit c1f46999ef506 ("amd_iommu: Add support for pass though mode") introduces the support for "pt" flag by enabling nodma memory when "pt=off". This allowed VFIO devices to successfully register notifiers by using nodma region. But, This also broke things when guest is bo

[Stable-10.0.3 26/39] linux-user/arm: Fix return value of SYS_cacheflush

2025-07-11 Thread Michael Tokarev
From: J. Neuschäfer Although the emulated cacheflush syscall does nothing, it still needs to return zero to indicate success. Cc: qemu-sta...@nongnu.org Signed-off-by: J. Neuschäfer Message-id: 20250613-cache-v1-1-ee9f4a9ba...@gmx.net Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (c

[Stable-10.0.3 15/39] hw/i386/amd_iommu: Fix xtsup when vcpus < 255

2025-07-11 Thread Michael Tokarev
From: Vasant Hegde If vCPUs > 255 then x86 common code (x86_cpus_init()) call kvm_enable_x2apic(). But if vCPUs <= 255 then the common code won't calls kvm_enable_x2apic(). This is because commit 8c6619f3e692 ("hw/i386/amd_iommu: Simplify non-KVM checks on XTSup feature") removed the call to kvm

[Stable-10.0.3 30/39] target/arm: Make RETA[AB] UNDEF when pauth is not implemented

2025-07-11 Thread Michael Tokarev
From: Solomon Tan According to the Arm A-profile A64 Instruction Set Architecture, RETA[AB] should be decoded as UNDEF if the pauth feature is not implemented. We got this right in the initial implementation, but accidentally dropped the feature-check when we converted these insns to decodetree.

[Stable-10.0.3 03/39] ui/gtk: Document scale and coordinate handling

2025-07-11 Thread Michael Tokarev
From: Weifeng Liu The existence of multiple scaling factors forces us to deal with various coordinate systems and this would be confusing. It would be beneficial to define the concepts clearly and use consistent representation for variables in different coordinates. Signed-off-by: Weifeng Liu M

[Stable-10.0.3 13/39] hw/i386/pc_piix: Fix RTC ISA IRQ wiring of isapc machine

2025-07-11 Thread Michael Tokarev
From: Bernhard Beschow Commit 56b1f50e3c10 ("hw/i386/pc: Wire RTC ISA IRQs in south bridges") attempted to refactor RTC IRQ wiring which was previously done in pc_basic_device_init() but forgot about the isapc machine. Fix this by wiring in the code section dedicated exclusively to the isapc mach

[Stable-10.0.3 02/39] hw/arm/aspeed_ast27x0: Fix RAM size detection failure on BE hosts

2025-07-11 Thread Michael Tokarev
From: Jamin Lin On big-endian hosts, the aspeed_ram_capacity_write() function previously passed the address of a 64-bit "data" variable directly to address_space_write(), assuming host and guest endianness matched. However, the data is expected to be written in little-endian format to DRAM. On b

Re: [PATCH] target/i386: merge host_cpu_instance_init() and host_cpu_max_instance_init()

2025-07-11 Thread Paolo Bonzini
On Fri, Jul 11, 2025 at 10:16 AM Xiaoyao Li wrote: > On 7/11/2025 3:55 PM, Paolo Bonzini wrote: > > Simplify the accelerators' cpu_instance_init callbacks by doing all > > host-cpu setup in a single function. > > btw, it changes the behavior for "-cpu base" with accelerator. > > I think it should

[Stable-10.0.3 22/39] hw/loongarch/virt: Fix big endian support with MCFG table

2025-07-11 Thread Michael Tokarev
From: Bibo Mao With API build_mcfg(), it is not necessary with parameter structure AcpiMcfgInfo to convert to little endian since it is directly used with host native endian. Here remove endian conversion before calling function build_mcfg(). With this patch, bios-tables-test passes to run on bi

[Stable-10.0.3 24/39] qemu-options.hx: Fix reversed description of icount sleep behavior

2025-07-11 Thread Michael Tokarev
From: Ethan Chen The documentation for the -icount option incorrectly describes the behavior of the sleep suboption. Based on the actual implementation and system behavior, the effects of sleep=on and sleep=off were inadvertently reversed. This commit updates the description to reflect their inte

[Stable-10.0.3 31/39] target/arm: Correct KVM & HVF dtb_compatible value

2025-07-11 Thread Michael Tokarev
From: Philippe Mathieu-Daudé Linux kernel knows how to parse "arm,armv8", not "arm,arm-v8". See arch/arm64/boot/dts/foundation-v8.dts: https://github.com/torvalds/linux/commit/90556ca1ebdd Cc: qemu-sta...@nongnu.org Fixes: 26861c7ce06 ("target-arm: Add minimal KVM AArch64 support") Fixes: 58

[Stable-10.0.3 21/39] hw/core/qdev-properties-system: Add missing return in set_drive_helper()

2025-07-11 Thread Michael Tokarev
From: Fiona Ebner Currently, changing the 'drive' property of e.g. a scsi-hd object will result in an assertion failure if the aio context of the block node it's replaced with doesn't match the current aio context: > bdrv_replace_child_noperm: Assertion `bdrv_get_aio_context(old_bs) == > bdrv_ge

[Stable-10.0.3 23/39] hw/arm/virt: Check bypass iommu is not set for iommu-map DT property

2025-07-11 Thread Michael Tokarev
From: Shameer Kolothum default_bus_bypass_iommu tells us whether the bypass_iommu is set for the default PCIe root bus. Make sure we check that before adding the "iommu-map" DT property. Cc: qemu-sta...@nongnu.org Fixes: 6d7a85483a06 ("hw/arm/virt: Add default_bus_bypass_iommu machine option") S

[Stable-10.0.3 29/39] tcg: Fix constant propagation in tcg_reg_alloc_dup

2025-07-11 Thread Michael Tokarev
From: Richard Henderson The scalar constant must be replicated for dup. Cc: qemu-sta...@nongnu.org Fixes: bab1671f0fa ("tcg: Manually expand INDEX_op_dup_vec") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3002 Signed-off-by: Richard Henderson (cherry picked from commit 0d0fc3f4658937

[Stable-10.0.3 28/39] target/loongarch: fix vldi/xvldi raise wrong error

2025-07-11 Thread Michael Tokarev
From: Song Gao on qemu we got an aborted error ** ERROR:../target/loongarch/tcg/insn_trans/trans_vec.c.inc:3574:vldi_get_value: code should not be reached Bail out! ERROR:../target/loongarch/tcg/insn_trans/trans_vec.c.inc:3574:vldi_get_value: code should not be reached Aborted (core dumped) bu

[Stable-10.0.3 27/39] target/loongarch: add check for fcond

2025-07-11 Thread Michael Tokarev
From: Song Gao fcond only has 22 types, add a check for fcond. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2972 Signed-off-by: Song Gao Reviewed-by: Richard Henderson Message-Id: <20250603024810.350510-1-gaos...@loongson.cn> (cherry picked from commit e7788da9860c97920c19fa1150806

[Stable-10.0.3 33/39] hw/s390x/ccw-device: Fix memory leak in loadparm setter

2025-07-11 Thread Michael Tokarev
From: Kevin Wolf Commit bdf12f2a fixed the setter for the "loadparm" machine property, which gets a string from a visitor, passes it to s390_ipl_fmt_loadparm() and then forgot to free it. It left another instance of the same problem unfixed in the "loadparm" device property. Fix it. Signed-off-b

[Stable-10.0.3 00/39] Patch Round-up for stable 10.0.3, freeze on 2025-07-21

2025-07-11 Thread Michael Tokarev
The following patches are queued for QEMU stable v10.0.3: https://gitlab.com/qemu-project/qemu/-/commits/staging-10.0 Patch freeze is 2025-07-21, and the release is planned for 2025-07-23: https://wiki.qemu.org/Planning/10.0 Please respond here or CC qemu-sta...@nongnu.org on any additional

[Stable-10.0.3 16/39] audio: fix SIGSEGV in AUD_get_buffer_size_out()

2025-07-11 Thread Michael Tokarev
From: Volker Rümelin As far as the emulated audio devices are concerned the pointer returned by AUD_open_out() is an opaque handle. This includes the NULL pointer. In this case, AUD_get_buffer_size_out() should return a sensible buffer size instead of triggering a segmentation fault. All other pu

[Stable-10.0.3 38/39] target/arm: Fix f16_dotadd vs nan selection

2025-07-11 Thread Michael Tokarev
From: Richard Henderson Implement FPProcessNaNs4 within f16_dotadd, rather than simply letting NaNs propagate through the function. Cc: qemu-sta...@nongnu.org Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)") Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Messag

[Stable-10.0.3 35/39] target/arm: Fix sve_access_check for SME

2025-07-11 Thread Michael Tokarev
From: Richard Henderson Do not assume SME implies SVE. Ensure that the non-streaming check is present along the SME path, since it is not implied by sme_*_enabled_check. Cc: qemu-sta...@nongnu.org Reviewed-by: Peter Maydell Signed-off-by: Richard Henderson Message-id: 20250704142112.1018902-3

  1   2   3   4   5   >