Branch: refs/heads/staging-9.0
Home: https://github.com/qemu/qemu
Commit: 2cc14aac8b4bd7b694c3a70926e9a7f46e2e5405
https://github.com/qemu/qemu/commit/2cc14aac8b4bd7b694c3a70926e9a7f46e2e5405
Author: Fea.Wang <fea.w...@sifive.com>
Date: 2024-09-19 (Thu, 19 Sep 2024)
Changed paths:
M system/physmem.c
Log Message:
-----------
softmmu/physmem.c: Keep transaction attribute in address_space_map()
The follow-up transactions may use the data in the attribution, so keep
the value of attribution from the function parameter just as
flatview_translate() above.
Signed-off-by: Fea.Wang <fea.w...@sifive.com>
Cc: qemu-sta...@nongnu.org
Fixes: f26404fbee ("Make address_space_map() take a MemTxAttrs argument")
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Link: https://lore.kernel.org/r/20240912070404.2993976-2-fea.w...@sifive.com
Signed-off-by: Peter Xu <pet...@redhat.com>
(cherry picked from commit d8d5ca40048b04750de5a0ae0b2b9f153a391951)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
(Mjt: context fix due to lack of
v9.1.0-134-g637b0aa13956 "softmmu: Support concurrent bounce buffers"
v9.0.0-564-g69e78f1b3484 "system/physmem: Per-AddressSpace bounce buffering")
Commit: d996783c4743adba032f41d1624d795180ee9ecb
https://github.com/qemu/qemu/commit/d996783c4743adba032f41d1624d795180ee9ecb
Author: Peter Maydell <peter.mayd...@linaro.org>
Date: 2024-09-20 (Fri, 20 Sep 2024)
Changed paths:
M target/arm/tcg/cpu64.c
Log Message:
-----------
target/arm: Correct ID_AA64ISAR1_EL1 value for neoverse-v1
The Neoverse-V1 TRM is a bit confused about the layout of the
ID_AA64ISAR1_EL1 register, and so its table 3-6 has the wrong value
for this ID register. Trust instead section 3.2.74's list of which
fields are set.
This means that we stop incorrectly reporting FEAT_XS as present, and
now report the presence of FEAT_BF16.
Cc: qemu-sta...@nongnu.org
Reported-by: Marcin Juszkiewicz <marcin.juszkiew...@linaro.org>
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-id: 20240917161337.3012188-1-peter.mayd...@linaro.org
(cherry picked from commit 8676007eff04bb4e454bcdf92fab3f855bcc59b3)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: a85f57b6a9f01927a9c826bf5d0f237de0512215
https://github.com/qemu/qemu/commit/a85f57b6a9f01927a9c826bf5d0f237de0512215
Author: TANG Tiancheng <tangtiancheng....@alibaba-inc.com>
Date: 2024-09-28 (Sat, 28 Sep 2024)
Changed paths:
M tcg/tcg-op-gvec.c
Log Message:
-----------
tcg: Fix iteration step in 32-bit gvec operation
The loop in the 32-bit case of the vector compare operation
was incorrectly incrementing by 8 bytes per iteration instead
of 4 bytes. This caused the function to process only half of
the intended elements.
Cc: qemu-sta...@nongnu.org
Fixes: 9622c697d1 (tcg: Add gvec compare with immediate and scalar operand)
Signed-off-by: TANG Tiancheng <tangtiancheng....@alibaba-inc.com>
Reviewed-by: Liu Zhiwei <zhiwei_...@linux.alibaba.com>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Message-ID: <20240904142739.854-2-zhiwei_...@linux.alibaba.com>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
(cherry picked from commit 9d8d5a5b9078a16b4c0862fe54248c5cc8435648)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 9dc5eaff625c8731057313e95caae47e48609131
https://github.com/qemu/qemu/commit/9dc5eaff625c8731057313e95caae47e48609131
Author: Fabiano Rosas <faro...@suse.de>
Date: 2024-09-28 (Sat, 28 Sep 2024)
Changed paths:
M target/ppc/translate/vsx-impl.c.inc
Log Message:
-----------
target/ppc: Fix lxvx/stxvx facility check
The XT check for the lxvx/stxvx instructions is currently
inverted. This was introduced during the move to decodetree.
>From the ISA:
Chapter 7. Vector-Scalar Extension Facility
Load VSX Vector Indexed X-form
lxvx XT,RA,RB
if TX=0 & MSR.VSX=0 then VSX_Unavailable()
if TX=1 & MSR.VEC=0 then Vector_Unavailable()
...
Let XT be the value 32×TX + T.
The code currently does the opposite:
if (paired || a->rt >= 32) {
REQUIRE_VSX(ctx);
} else {
REQUIRE_VECTOR(ctx);
}
This was already fixed for lxv/stxv at commit "2cc0e449d1 (target/ppc:
Fix lxv/stxv MSR facility check)", but the indexed forms were missed.
Cc: qemu-sta...@nongnu.org
Fixes: 70426b5bb7 ("target/ppc: moved stxvx and lxvx from legacy to decodtree")
Signed-off-by: Fabiano Rosas <faro...@suse.de>
Reviewed-by: Claudio Fontana <cfont...@suse.de>
Acked-by: Ilya Leoshkevich <i...@linux.ibm.com>
Reviewed-by: Fabiano Rosas <faro...@suse.de>
Message-ID: <20240911141651.6914-1-faro...@suse.de>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
(cherry picked from commit 8bded2e73e80823a67f730140788a3c5e60bf4b5)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 7859abfe34ae6a564f0474fed7a3b519305791ac
https://github.com/qemu/qemu/commit/7859abfe34ae6a564f0474fed7a3b519305791ac
Author: Mark Cave-Ayland <mark.cave-ayl...@ilande.co.uk>
Date: 2024-09-28 (Sat, 28 Sep 2024)
Changed paths:
M hw/mips/jazz.c
Log Message:
-----------
hw/mips/jazz: fix typo in in-built NIC alias
Commit e104edbb9d ("hw/mips/jazz: use qemu_find_nic_info()") contained a typo
in the NIC alias which caused initialisation of the in-built dp83932 NIC to fail
when using the normal -nic user,model=dp83932 command line.
Fixes: e104edbb9d ("hw/mips/jazz: use qemu_find_nic_info()")
Signed-off-by: Mark Cave-Ayland <mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Reviewed-by: David Woodhouse <d...@amazon.co.uk>
Reviewed-by: Michael Tokarev <m...@tls.msk.ru>
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
(cherry picked from commit 2e4fdf566062c03456230fd8136b88c5c1e5c4bf)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 3731791fd7a6c4caa3aa9397c1bd75efb300e74b
https://github.com/qemu/qemu/commit/3731791fd7a6c4caa3aa9397c1bd75efb300e74b
Author: Fiona Ebner <f.eb...@proxmox.com>
Date: 2024-10-01 (Tue, 01 Oct 2024)
Changed paths:
M block/copy-before-write.c
M block/reqlist.c
Log Message:
-----------
block/reqlist: allow adding overlapping requests
Allow overlapping request by removing the assert that made it
impossible. There are only two callers:
1. block_copy_task_create()
It already asserts the very same condition before calling
reqlist_init_req().
2. cbw_snapshot_read_lock()
There is no need to have read requests be non-overlapping in
copy-before-write when used for snapshot-access. In fact, there was no
protection against two callers of cbw_snapshot_read_lock() calling
reqlist_init_req() with overlapping ranges and this could lead to an
assertion failure [1].
In particular, with the reproducer script below [0], two
cbw_co_snapshot_block_status() callers could race, with the second
calling reqlist_init_req() before the first one finishes and removes
its conflicting request.
[0]:
> #!/bin/bash -e
> dd if=/dev/urandom of=/tmp/disk.raw bs=1M count=1024
> ./qemu-img create /tmp/fleecing.raw -f raw 1G
> (
> ./qemu-system-x86_64 --qmp stdio \
> --blockdev raw,node-name=node0,file.driver=file,file.filename=/tmp/disk.raw \
> --blockdev
> raw,node-name=node1,file.driver=file,file.filename=/tmp/fleecing.raw \
> <<EOF
> {"execute": "qmp_capabilities"}
> {"execute": "blockdev-add", "arguments": { "driver": "copy-before-write",
> "file": "node0", "target": "node1", "node-name": "node3" } }
> {"execute": "blockdev-add", "arguments": { "driver": "snapshot-access",
> "file": "node3", "node-name": "snap0" } }
> {"execute": "nbd-server-start", "arguments": {"addr": { "type": "unix",
> "data": { "path": "/tmp/nbd.socket" } } } }
> {"execute": "block-export-add", "arguments": {"id": "exp0", "node-name":
> "snap0", "type": "nbd", "name": "exp0"}}
> EOF
> ) &
> sleep 5
> while true; do
> ./qemu-nbd -d /dev/nbd0
> ./qemu-nbd -c /dev/nbd0 nbd:unix:/tmp/nbd.socket:exportname=exp0 -f raw -r
> nbdinfo --map 'nbd+unix:///exp0?socket=/tmp/nbd.socket'
> done
[1]:
> #5 0x000071e5f0088eb2 in __GI___assert_fail (...) at ./assert/assert.c:101
> #6 0x0000615285438017 in reqlist_init_req (...) at ../block/reqlist.c:23
> #7 0x00006152853e2d98 in cbw_snapshot_read_lock (...) at
> ../block/copy-before-write.c:237
> #8 0x00006152853e3068 in cbw_co_snapshot_block_status (...) at
> ../block/copy-before-write.c:304
> #9 0x00006152853f4d22 in bdrv_co_snapshot_block_status (...) at
> ../block/io.c:3726
> #10 0x000061528543a63e in snapshot_access_co_block_status (...) at
> ../block/snapshot-access.c:48
> #11 0x00006152853f1a0a in bdrv_co_do_block_status (...) at ../block/io.c:2474
> #12 0x00006152853f2016 in bdrv_co_common_block_status_above (...) at
> ../block/io.c:2652
> #13 0x00006152853f22cf in bdrv_co_block_status_above (...) at
> ../block/io.c:2732
> #14 0x00006152853d9a86 in blk_co_block_status_above (...) at
> ../block/block-backend.c:1473
> #15 0x000061528538da6c in blockstatus_to_extents (...) at ../nbd/server.c:2374
> #16 0x000061528538deb1 in nbd_co_send_block_status (...) at
> ../nbd/server.c:2481
> #17 0x000061528538f424 in nbd_handle_request (...) at ../nbd/server.c:2978
> #18 0x000061528538f906 in nbd_trip (...) at ../nbd/server.c:3121
> #19 0x00006152855a7caf in coroutine_trampoline (...) at
> ../util/coroutine-ucontext.c:175
Cc: qemu-sta...@nongnu.org
Suggested-by: Vladimir Sementsov-Ogievskiy <vsement...@yandex-team.ru>
Signed-off-by: Fiona Ebner <f.eb...@proxmox.com>
Message-Id: <20240712140716.517911-1-f.eb...@proxmox.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsement...@yandex-team.ru>
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsement...@yandex-team.ru>
(cherry picked from commit 6475155d519209c80fdda53e05130365aa769838)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: aa291cc29240ce7f44eee1f82a3aa6eae02308e8
https://github.com/qemu/qemu/commit/aa291cc29240ce7f44eee1f82a3aa6eae02308e8
Author: Ard Biesheuvel <a...@kernel.org>
Date: 2024-10-02 (Wed, 02 Oct 2024)
Changed paths:
M target/arm/internals.h
M target/arm/ptw.c
Log Message:
-----------
target/arm: Avoid target_ulong for physical address lookups
target_ulong is typedef'ed as a 32-bit integer when building the
qemu-system-arm target, and this is smaller than the size of an
intermediate physical address when LPAE is being used.
Given that Linux may place leaf level user page tables in high memory
when built for LPAE, the kernel will crash with an external abort as
soon as it enters user space when running with more than ~3 GiB of
system RAM.
So replace target_ulong with vaddr in places where it may carry an
address value that is not representable in 32 bits.
Fixes: f3639a64f602ea ("target/arm: Use softmmu tlbs for page table walking")
Cc: qemu-sta...@nongnu.org
Reported-by: Arnd Bergmann <a...@arndb.de>
Tested-by: Arnd Bergmann <a...@arndb.de>
Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
Signed-off-by: Ard Biesheuvel <a...@kernel.org>
Message-id: 20240927071051.1444768-1-ardb+...@google.com
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
(cherry picked from commit 67d762e716a7127ecc114e9708254316dd521911)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 8ad609ab5f4ad74c82b9d67530946e4499b49acb
https://github.com/qemu/qemu/commit/8ad609ab5f4ad74c82b9d67530946e4499b49acb
Author: Alexander Bulekov <alx...@bu.edu>
Date: 2024-10-02 (Wed, 02 Oct 2024)
Changed paths:
M scripts/oss-fuzz/build.sh
Log Message:
-----------
fuzz: disable leak-detection for oss-fuzz builds
When we are building for OSS-Fuzz, we want to ensure that the fuzzer
targets are actually created, regardless of leaks. Leaks will be
detected by the subsequent tests of the individual fuzz-targets.
Signed-off-by: Alexander Bulekov <alx...@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>
Message-ID: <20240527150001.325565-1-alx...@bu.edu>
Signed-off-by: Thomas Huth <th...@redhat.com>
(cherry picked from commit 3e964275d65b92075249201c49b39dfb06d08ad4)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Commit: 98228461a8f27f8c8bd527b921bb518668ba250d
https://github.com/qemu/qemu/commit/98228461a8f27f8c8bd527b921bb518668ba250d
Author: Alex Bennée <alex.ben...@linaro.org>
Date: 2024-10-03 (Thu, 03 Oct 2024)
Changed paths:
M tests/docker/dockerfiles/debian-mips64el-cross.docker
M tests/lcitool/mappings.yml
M tests/lcitool/refresh
Log Message:
-----------
testing: bump mips64el cross to bookworm and fix package list
The mips64el cross setup is very broken for bullseye which has now
entered LTS support so is unlikely to be fixed. While we still can't
build the container with all packages for bookworm due to a single
missing dependency that will hopefully get fixed in due course. For
the sake of keeping the CI green we disable the problematic packages
via the lcitool's mappings.yml file.
See also: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081535
Signed-off-by: Alex Bennée <alex.ben...@linaro.org>
[thuth: Disable the problematic packages via lcitool's mappings.yml]
Message-ID: <20241002080333.127172-1-th...@redhat.com>
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Signed-off-by: Thomas Huth <th...@redhat.com>
(cherry picked from commit c60473d29254b79d9437eface8b342e84663ba66)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
(Mjt: context fix in tests/docker/dockerfiles/debian-mips64el-cross.docker)
Commit: 1836c60af237f6069f5d2e80ff937a9f0f8eec8a
https://github.com/qemu/qemu/commit/1836c60af237f6069f5d2e80ff937a9f0f8eec8a
Author: Marc-André Lureau <marcandre.lur...@redhat.com>
Date: 2024-10-04 (Fri, 04 Oct 2024)
Changed paths:
M ui/vnc.c
Log Message:
-----------
vnc: fix crash when no console attached
Since commit e99441a3793b5 ("ui/curses: Do not use console_select()")
qemu_text_console_put_keysym() no longer checks for NULL console
argument, which leads to a later crash:
Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x00005555559ee186 in qemu_text_console_handle_keysym (s=0x0, keysym=31) at
../ui/console-vc.c:332
332 } else if (s->echo && (keysym == '\r' || keysym == '\n')) {
(gdb) bt
#0 0x00005555559ee186 in qemu_text_console_handle_keysym (s=0x0, keysym=31)
at ../ui/console-vc.c:332
#1 0x00005555559e18e5 in qemu_text_console_put_keysym (s=<optimized out>,
keysym=<optimized out>) at ../ui/console.c:303
#2 0x00005555559f2e88 in do_key_event (vs=vs@entry=0x5555579045c0,
down=down@entry=1, keycode=keycode@entry=60, sym=sym@entry=65471) at
../ui/vnc.c:2034
#3 0x00005555559f845c in ext_key_event (vs=0x5555579045c0, down=1, sym=65471,
keycode=<optimized out>) at ../ui/vnc.c:2070
#4 protocol_client_msg (vs=0x5555579045c0, data=<optimized out>,
len=<optimized out>) at ../ui/vnc.c:2514
#5 0x00005555559f515c in vnc_client_read (vs=0x5555579045c0) at
../ui/vnc.c:1607
Fixes: e99441a3793b5 ("ui/curses: Do not use console_select()")
Fixes: https://issues.redhat.com/browse/RHEL-50529
Cc: qemu-sta...@nongnu.org
Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Reviewed-by: Akihiko Odaki <akihiko.od...@daynix.com>
Reviewed-by: Michael Tokarev <m...@tls.msk.ru>
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
(cherry picked from commit 0e60fc80938d9ce84274a36ddfaaa640bdef2be8)
Signed-off-by: Michael Tokarev <m...@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/6a54d5cf55b4...1836c60af237
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
