Branch: refs/heads/staging-9.0
Home: https://github.com/qemu/qemu
Commit: a706820672ab20ecd332889622d24ebf60cc58f9
https://github.com/qemu/qemu/commit/a706820672ab20ecd332889622d24ebf60cc58f9
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2024-10-10 (Thu, 10 Oct 2024)
Changed paths:
M linux-user/flatload.c
Log Message:
-----------
linux-user/flatload: Take mmap_lock in load_flt_binary()
load_flt_binary() calls load_flat_file() -> page_set_flags().
page_set_flags() must be called with the mmap_lock held,
otherwise it aborts:
$ qemu-arm -L stm32/lib/ stm32/bin/busybox
qemu-arm: ../accel/tcg/user-exec.c:505: page_set_flags: Assertion
`have_mmap_lock()' failed.
Aborted (core dumped)
Fix by taking the lock in load_flt_binary().
Fixes: fbd3c4cff6 ("linux-user/arm: Mark the commpage executable")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2525
Suggested-by: Richard Henderson <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
(cherry picked from commit a9ee641bd46f5462eeed183ac3c3760bddfc2600)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: ff58fd29b490cadddd2f09166947df0bbad7e644
https://github.com/qemu/qemu/commit/ff58fd29b490cadddd2f09166947df0bbad7e644
Author: Richard Henderson <[email protected]>
Date: 2024-10-10 (Thu, 10 Oct 2024)
Changed paths:
M linux-user/elfload.c
Log Message:
-----------
linux-user: Fix parse_elf_properties GNU0_MAGIC check
Comparing a string of 4 bytes only works in little-endian.
Adjust bulk bswap to only apply to the note payload.
Perform swapping of the note header manually; the magic
is defined so that it does not need a runtime swap.
Fixes: 83f990eb5adb ("linux-user/elfload: Parse NT_GNU_PROPERTY_TYPE_0 notes")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2596
Signed-off-by: Richard Henderson <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Michael Tokarev <[email protected]>
(cherry picked from commit 2884596f5f385b5712c356310dd4125a089888a8)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: dd5a6b77f627193426e54a0a1a6c35a87f106db3
https://github.com/qemu/qemu/commit/dd5a6b77f627193426e54a0a1a6c35a87f106db3
Author: Richard Henderson <[email protected]>
Date: 2024-10-10 (Thu, 10 Oct 2024)
Changed paths:
M tcg/ppc/tcg-target.c.inc
Log Message:
-----------
tcg/ppc: Use TCG_REG_TMP2 for scratch tcg_out_qemu_st
In the fallback when STDBRX is not available, avoid clobbering
TCG_REG_TMP1, which might be h.base, which is still in use.
Use TCG_REG_TMP2 instead.
Cc: [email protected]
Fixes: 01a112e2e9 ("tcg/ppc: Reorg tcg_out_tlb_read")
Signed-off-by: Richard Henderson <[email protected]>
Tested-By: Michael Tokarev <[email protected]>
(cherry picked from commit 4cabcb89b101942346aebff081aa1453e958fe7f)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 2c2721a2c2d08bc00f7d224fcae9014725641d8c
https://github.com/qemu/qemu/commit/2c2721a2c2d08bc00f7d224fcae9014725641d8c
Author: Richard Henderson <[email protected]>
Date: 2024-10-10 (Thu, 10 Oct 2024)
Changed paths:
M tcg/ppc/tcg-target.c.inc
Log Message:
-----------
tcg/ppc: Use TCG_REG_TMP2 for scratch index in prepare_host_addr
In tcg_out_qemu_ldst_i128, we need a non-zero index register,
which we then use as a base register in several address modes.
Since we always have TCG_REG_TMP2 available, use that.
Cc: [email protected]
Fixes: 526cd4ec01f ("tcg/ppc: Support 128-bit load/store")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2597
Signed-off-by: Richard Henderson <[email protected]>
Tested-By: Michael Tokarev <[email protected]>
(cherry picked from commit 3213da7b9539581c6df95f8ced5b09d0b02d425f)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 3b2a89a160affeec7317e498330ffb4b9d8324b0
https://github.com/qemu/qemu/commit/3b2a89a160affeec7317e498330ffb4b9d8324b0
Author: Richard Henderson <[email protected]>
Date: 2024-10-10 (Thu, 10 Oct 2024)
Changed paths:
M target/m68k/translate.c
Log Message:
-----------
target/m68k: Always return a temporary from gen_lea_mode
Returning a raw areg does not preserve the value if the areg
is subsequently modified. Fixes, e.g. "jsr (sp)", where the
return address is pushed before the branch.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2483
Signed-off-by: Richard Henderson <[email protected]>
Message-Id: <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit 352cc9f300d83ea48b8154bfd2ff985fece887d0)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 6e5f1429a2ec34e796c7b15a48fd3af22337cc2b
https://github.com/qemu/qemu/commit/6e5f1429a2ec34e796c7b15a48fd3af22337cc2b
Author: Alexandra Diupina <[email protected]>
Date: 2024-10-15 (Tue, 15 Oct 2024)
Changed paths:
M hw/intc/arm_gicv3_cpuif.c
Log Message:
-----------
hw/intc/arm_gicv3_cpuif: Add cast to match the documentation
The result of 1 << regbit with regbit==31 has a 1 in the 32nd bit.
When cast to uint64_t (for further bitwise OR), the 32 most
significant bits will be filled with 1s. However, the documentation
states that the upper 32 bits of ICH_AP[0/1]R<n>_EL2 are reserved.
Add an explicit cast to match the documentation.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Cc: [email protected]
Fixes: c3f21b065a ("hw/intc/arm_gicv3_cpuif: Support vLPIs")
Signed-off-by: Alexandra Diupina <[email protected]>
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 3db74afec3ca87f81fbdf5918ed1e21d837fbfab)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: c385420aaffcf2ee9a2ac11dd8a4be04e5d3d24a
https://github.com/qemu/qemu/commit/c385420aaffcf2ee9a2ac11dd8a4be04e5d3d24a
Author: Marc-André Lureau <[email protected]>
Date: 2024-10-16 (Wed, 16 Oct 2024)
Changed paths:
M hw/audio/hda-codec.c
Log Message:
-----------
hw/audio/hda: free timer on exit
Fixes: 280c1e1cd ("audio/hda: create millisecond timers that handle IO")
Signed-off-by: Marc-André Lureau <[email protected]>
Reviewed-by: Akihiko Odaki <[email protected]>
Message-ID: <[email protected]>
(cherry picked from commit f27206ceedbe2efae37c8d143c5eb2db05251508)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 51832486e4c62de3ccb0c0b901fa63c9dbe5d11e
https://github.com/qemu/qemu/commit/51832486e4c62de3ccb0c0b901fa63c9dbe5d11e
Author: Marc-André Lureau <[email protected]>
Date: 2024-10-16 (Wed, 16 Oct 2024)
Changed paths:
M hw/audio/hda-codec.c
Log Message:
-----------
hw/audio/hda: fix memory leak on audio setup
When SET_STREAM_FORMAT is called, we should clear the existing setup.
Factor out common function to close a stream.
Direct leak of 144 byte(s) in 3 object(s) allocated from:
#0 0x7f91d38f7350 in calloc (/lib64/libasan.so.8+0xf7350) (BuildId:
a4ad7eb954b390cf00f07fa10952988a41d9fc7a)
#1 0x7f91d2ab7871 in g_malloc0 (/lib64/libglib-2.0.so.0+0x64871) (BuildId:
36b60dbd02e796145a982d0151ce37202ec05649)
#2 0x562fa2f447ee in timer_new_full
/home/elmarco/src/qemu/include/qemu/timer.h:538
#3 0x562fa2f4486f in timer_new
/home/elmarco/src/qemu/include/qemu/timer.h:559
#4 0x562fa2f448a9 in timer_new_ns
/home/elmarco/src/qemu/include/qemu/timer.h:577
#5 0x562fa2f47955 in hda_audio_setup ../hw/audio/hda-codec.c:490
#6 0x562fa2f4897e in hda_audio_command ../hw/audio/hda-codec.c:605
Signed-off-by: Marc-André Lureau <[email protected]>
Reviewed-by: Akihiko Odaki <[email protected]>
Message-ID: <[email protected]>
(cherry picked from commit 6d6e23361fc732e4fe36a8bc5873b85f264ed53a)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 7245b1e381ea8db3c72325597bb4835875fb3d50
https://github.com/qemu/qemu/commit/7245b1e381ea8db3c72325597bb4835875fb3d50
Author: Marc-André Lureau <[email protected]>
Date: 2024-10-16 (Wed, 16 Oct 2024)
Changed paths:
M ui/dbus-listener.c
Log Message:
-----------
ui/dbus: fix leak on message filtering
A filter function that wants to drop a message should return NULL, in
which case it must also unref the message itself.
Fixes: fa88b85de ("ui/dbus: filter out pending messages when scanout")
Signed-off-by: Marc-André Lureau <[email protected]>
Reviewed-by: Akihiko Odaki <[email protected]>
Message-ID: <[email protected]>
(cherry picked from commit 244d52ff736fefc3dd364ed091720aa896af306d)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 511c68fd73b450f860abd8b44d4cebecab7921ca
https://github.com/qemu/qemu/commit/511c68fd73b450f860abd8b44d4cebecab7921ca
Author: Marc-André Lureau <[email protected]>
Date: 2024-10-16 (Wed, 16 Oct 2024)
Changed paths:
M hw/display/virtio-gpu.c
M include/ui/qemu-pixman.h
M ui/console.c
M ui/qemu-pixman.c
Log Message:
-----------
ui/win32: fix potential use-after-free with dbus shared memory
DisplaySurface may be free before the pixman image is freed, since the
image is refcounted and used by different objects, including pending
dbus messages.
Furthermore, setting the destroy function in
create_displaysurface_from() isn't appropriate, as it may not be used,
and may be overriden as in ramfb.
Set the destroy function when the shared handle is set, use the HANDLE
directly for destroy data, using a single common helper
qemu_pixman_win32_image_destroy().
Signed-off-by: Marc-André Lureau <[email protected]>
Reviewed-by: Akihiko Odaki <[email protected]>
Message-ID: <[email protected]>
(cherry picked from commit 330ef31deb2e5461cff907488b710f5bd9cd2327)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: f3682be4f9960fd0ec09147c4cf9de2c65916034
https://github.com/qemu/qemu/commit/f3682be4f9960fd0ec09147c4cf9de2c65916034
Author: Marc-André Lureau <[email protected]>
Date: 2024-10-16 (Wed, 16 Oct 2024)
Changed paths:
M ui/dbus-listener.c
Log Message:
-----------
ui/dbus: fix filtering all update messages
Filtering pending messages when a new scanout is given shouldn't discard
pending cursor changes, for example.
Since filtering happens in a different thread, use atomic set/get.
Fixes: fa88b85dea ("ui/dbus: filter out pending messages when scanout")
Signed-off-by: Marc-André Lureau <[email protected]>
Reviewed-by: Akihiko Odaki <[email protected]>
Message-ID: <[email protected]>
(cherry picked from commit cf59889781297a5618f1735a5f31402caa806b42)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 22a1312909bc74ba2d953ffc7f96ade229431442
https://github.com/qemu/qemu/commit/22a1312909bc74ba2d953ffc7f96ade229431442
Author: Paolo Bonzini <[email protected]>
Date: 2024-10-18 (Fri, 18 Oct 2024)
Changed paths:
M tcg/s390x/tcg-target.c.inc
Log Message:
-----------
tcg/s390x: fix constraint for 32-bit TSTEQ/TSTNE
32-bit TSTEQ and TSTNE is subject to the same constraints as
for 64-bit, but setcond_i32 and negsetcond_i32 were incorrectly
using TCG_CT_CONST ("i") instead of TCG_CT_CONST_CMP ("C").
Adjust the constraint and make tcg_target_const_match use the
same sequence as tgen_cmp2: first check if the constant is a
valid operand for TSTEQ/TSTNE, then accept everything for 32-bit
non-test comparisons, finally check if the constant is a valid
operand for 64-bit non-test comparisons.
Reported-by: Philippe Mathieu-Daudé <[email protected]>
Cc: [email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit 615586cb356811e46c2e5f85c36db4b93f8381cd)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 58550ab6662659d02695993876db2aa3182ffec6
https://github.com/qemu/qemu/commit/58550ab6662659d02695993876db2aa3182ffec6
Author: Peter Xu <[email protected]>
Date: 2024-10-18 (Fri, 18 Oct 2024)
Changed paths:
M accel/kvm/kvm-all.c
M accel/kvm/trace-events
M include/sysemu/kvm_int.h
Log Message:
-----------
KVM: Dynamic sized kvm memslots array
Zhiyi reported an infinite loop issue in VFIO use case. The cause of that
was a separate discussion, however during that I found a regression of
dirty sync slowness when profiling.
Each KVMMemoryListerner maintains an array of kvm memslots. Currently it's
statically allocated to be the max supported by the kernel. However after
Linux commit 4fc096a99e ("KVM: Raise the maximum number of user memslots"),
the max supported memslots reported now grows to some number large enough
so that it may not be wise to always statically allocate with the max
reported.
What's worse, QEMU kvm code still walks all the allocated memslots entries
to do any form of lookups. It can drastically slow down all memslot
operations because each of such loop can run over 32K times on the new
kernels.
Fix this issue by making the memslots to be allocated dynamically.
Here the initial size was set to 16 because it should cover the basic VM
usages, so that the hope is the majority VM use case may not even need to
grow at all (e.g. if one starts a VM with ./qemu-system-x86_64 by default
it'll consume 9 memslots), however not too large to waste memory.
There can also be even better way to address this, but so far this is the
simplest and should be already better even than before we grow the max
supported memslots. For example, in the case of above issue when VFIO was
attached on a 32GB system, there are only ~10 memslots used. So it could
be good enough as of now.
In the above VFIO context, measurement shows that the precopy dirty sync
shrinked from ~86ms to ~3ms after this patch applied. It should also apply
to any KVM enabled VM even without VFIO.
NOTE: we don't have a FIXES tag for this patch because there's no real
commit that regressed this in QEMU. Such behavior existed for a long time,
but only start to be a problem when the kernel reports very large
nr_slots_max value. However that's pretty common now (the kernel change
was merged in 2021) so we attached cc:stable because we'll want this change
to be backported to stable branches.
Cc: qemu-stable <[email protected]>
Reported-by: Zhiyi Guo <[email protected]>
Tested-by: Zhiyi Guo <[email protected]>
Signed-off-by: Peter Xu <[email protected]>
Acked-by: David Hildenbrand <[email protected]>
Reviewed-by: Fabiano Rosas <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit 5504a8126115d173687b37e657312a8ffe29fc0c)
Signed-off-by: Michael Tokarev <[email protected]>
(Mjt: context fixup in accel/kvm/trace-events)
Commit: df58d1ff2bb9c3dcaa5f4c6b5fec0f7d7a8ea22e
https://github.com/qemu/qemu/commit/df58d1ff2bb9c3dcaa5f4c6b5fec0f7d7a8ea22e
Author: Tom Dohrmann <[email protected]>
Date: 2024-10-18 (Fri, 18 Oct 2024)
Changed paths:
M accel/kvm/kvm-all.c
Log Message:
-----------
accel/kvm: check for KVM_CAP_READONLY_MEM on VM
KVM_CAP_READONLY_MEM used to be a global capability, but with the
introduction of AMD SEV-SNP confidential VMs, this extension is not
always available on all VM types [1,2].
Query the extension on the VM level instead of on the KVM level.
[1]
https://patchwork.kernel.org/project/kvm/patch/[email protected]/
[2]
https://patchwork.kernel.org/project/kvm/patch/[email protected]/
Cc: Paolo Bonzini <[email protected]>
Signed-off-by: Tom Dohrmann <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Cc: [email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit 64e0e63ea16aa0122dc0c41a0679da0ae4616208)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: ada96d88ae4f17aa801f92e356d8ecade9bb35a9
https://github.com/qemu/qemu/commit/ada96d88ae4f17aa801f92e356d8ecade9bb35a9
Author: Stefan Berger <[email protected]>
Date: 2024-10-21 (Mon, 21 Oct 2024)
Changed paths:
M tests/qtest/tpm-tests.c
Log Message:
-----------
tests: Wait for migration completion on destination QEMU to avoid failures
Rather than waiting for the completion of migration on the source side,
wait for it on the destination QEMU side to avoid accessing the TPM TIS
memory mapped registers before QEMU could restore their state. This
error condition could be triggered on busy systems where the destination
QEMU did not have enough time to restore the TIS state while the test case
was already reading its registers. The test case was for example reading
the STS register and received an unexpected value (0xffffffff), which
lead to a segmentation fault later on due to trying to read 0xffff bytes
from the TIS into a buffer.
Cc: <[email protected]>
Reported-by: Fabiano Rosas <[email protected]>
Reviewed-by: Daniel P. Berrangé <[email protected]>
Signed-off-by: Stefan Berger <[email protected]>
(cherry picked from commit d9280ea3174700170d39c4cdd3f587f260757711)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 15ffa6800c846c2f1ea9904b8b332a5de959a1eb
https://github.com/qemu/qemu/commit/15ffa6800c846c2f1ea9904b8b332a5de959a1eb
Author: Thomas Huth <[email protected]>
Date: 2024-10-22 (Tue, 22 Oct 2024)
Changed paths:
M hw/sh4/r2d.c
Log Message:
-----------
Revert "hw/sh4/r2d: Realize IDE controller before accessing it"
This reverts commit 3c5f86a22686ef475a8259c0d8ee714f61c770c9.
Changing the order here caused a regression with the "tuxrun"
kernels (from https://storage.tuxboot.com/20230331/) - ATA commands
fail with a "ata1: lost interrupt (Status 0x58)" message.
Apparently we need to wire the interrupt here first before
realizing the device, so revert the change to the original
behavior.
Reported-by: Guenter Roeck <[email protected]>
Acked-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Thomas Huth <[email protected]>
Message-ID: <[email protected]>
(cherry picked from commit 68ad89b75ad2bb5f38abea815a50ec17a142565a)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: e0ff5c6f48b605d6516da71507f78b8a9ace213e
https://github.com/qemu/qemu/commit/e0ff5c6f48b605d6516da71507f78b8a9ace213e
Author: Peter Maydell <[email protected]>
Date: 2024-10-24 (Thu, 24 Oct 2024)
Changed paths:
M tests/qemu-iotests/211.out
Log Message:
-----------
tests/qemu-iotests/211.out: Update to expect MapEntry 'compressed' field
In commit 52b10c9c0c68e90f in 2023 the QAPI MapEntry struct was
updated to add a 'compressed' field. That commit updated a number
of iotest expected-output files, but missed 211, which is vdi
specific. The result is that
./check -vdi
and more specifically
./check -vdi 211
fails because the expected and actual output don't match.
Update the reference output.
Cc: [email protected]
Fixes: 52b10c9c0c68e90f ("qemu-img: map: report compressed data blocks")
Signed-off-by: Peter Maydell <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Kevin Wolf <[email protected]>
Signed-off-by: Kevin Wolf <[email protected]>
(cherry picked from commit d60bd080e783107cb876a6f16561fe03f9dcbca7)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 4636542140929f7e21590333cd7516b65e0b236b
https://github.com/qemu/qemu/commit/4636542140929f7e21590333cd7516b65e0b236b
Author: Kevin Wolf <[email protected]>
Date: 2024-10-24 (Thu, 24 Oct 2024)
Changed paths:
M block/raw-format.c
Log Message:
-----------
raw-format: Fix error message for invalid offset/size
s->offset and s->size are only set at the end of the function and still
contain the old values when formatting the error message. Print the
parameters with the new values that we actually checked instead.
Fixes: 500e2434207d ('raw-format: Split raw_read_options()')
Signed-off-by: Kevin Wolf <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Daniel P. Berrangé <[email protected]>
Reviewed-by: Hanna Czenczek <[email protected]>
Signed-off-by: Kevin Wolf <[email protected]>
(cherry picked from commit 04bbc3ee52b32ac465547bb40c1f090a1b8f315a)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 78612343e41a911dcef98a6aa9bdfc3a2a093789
https://github.com/qemu/qemu/commit/78612343e41a911dcef98a6aa9bdfc3a2a093789
Author: Richard Henderson <[email protected]>
Date: 2024-10-25 (Fri, 25 Oct 2024)
Changed paths:
M tcg/tcg.c
Log Message:
-----------
tcg: Reset data_gen_ptr correctly
This pointer needs to be reset after overflow just like
code_buf and code_ptr.
Cc: [email protected]
Fixes: 57a269469db ("tcg: Infrastructure for managing constant pools")
Acked-by: Alistair Francis <[email protected]>
Reviewed-by: Pierrick Bouvier <[email protected]>
Reviewed-by: LIU Zhiwei <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
(cherry picked from commit a7cfd751fb269de4a93bf1658cb13911c7ac77cc)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 9f9517f0f0a52a1ac60795d7b1a56dbc6c7faed7
https://github.com/qemu/qemu/commit/9f9517f0f0a52a1ac60795d7b1a56dbc6c7faed7
Author: Alexander Graf <[email protected]>
Date: 2024-10-25 (Fri, 25 Oct 2024)
Changed paths:
M target/i386/tcg/sysemu/excp_helper.c
Log Message:
-----------
target/i386: Walk NPT in guest real mode
When translating virtual to physical address with a guest CPU that
supports nested paging (NPT), we need to perform every page table walk
access indirectly through the NPT, which we correctly do.
However, we treat real mode (no page table walk) special: In that case,
we currently just skip any walks and translate VA -> PA. With NPT
enabled, we also need to then perform NPT walk to do GVA -> GPA -> HPA
which we fail to do so far.
The net result of that is that TCG VMs with NPT enabled that execute
real mode code (like SeaBIOS) end up with GPA==HPA mappings which means
the guest accesses host code and data. This typically shows as failure
to boot guests.
This patch changes the page walk logic for NPT enabled guests so that we
always perform a GVA -> GPA translation and then skip any logic that
requires an actual PTE.
That way, all remaining logic to walk the NPT stays and we successfully
walk the NPT in real mode.
Cc: [email protected]
Fixes: fe441054bb3f0 ("target-i386: Add NPT support")
Signed-off-by: Alexander Graf <[email protected]>
Reported-by: Eduard Vlad <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
(cherry picked from commit b56617bbcb473c25815d1bf475e326f84563b1de)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 59b6efae8ba9c1253666988623ac8ee373fb71af
https://github.com/qemu/qemu/commit/59b6efae8ba9c1253666988623ac8ee373fb71af
Author: Richard Henderson <[email protected]>
Date: 2024-10-25 (Fri, 25 Oct 2024)
Changed paths:
M target/i386/tcg/sysemu/excp_helper.c
Log Message:
-----------
target/i386: Use probe_access_full_mmu in ptw_translate
The probe_access_full_mmu function was designed for this purpose,
and does not report the memory operation event to plugins.
Cc: [email protected]
Fixes: 6d03226b422 ("plugins: force slow path when plugins instrument memory
ops")
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Alex Bennée <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
(cherry picked from commit 115ade42d50144c15b74368d32dc734ea277d853)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: d2c2a4caafe24b327ce4e6dc5270ac7fa564b743
https://github.com/qemu/qemu/commit/d2c2a4caafe24b327ce4e6dc5270ac7fa564b743
Author: Ilya Leoshkevich <[email protected]>
Date: 2024-10-25 (Fri, 25 Oct 2024)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: Emulate /proc/self/maps under mmap_lock
If one thread modifies the mappings and another thread prints them,
a situation may occur that the printer thread sees a guest mapping
without a corresponding host mapping, leading to a crash in
open_self_maps_2().
Cc: [email protected]
Fixes: 7b7a3366e142 ("linux-user: Use walk_memory_regions for open_self_maps")
Signed-off-by: Ilya Leoshkevich <[email protected]>
Reviewed-by: Laurent Vivier <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
(cherry picked from commit bbd5630a75e70a0f1bcf04de74c94aa94a145628)
Signed-off-by: Michael Tokarev <[email protected]>
(Mjt: context fix in linux-user/syscall.c due to missing
v9.0.0-421-g59272469bd13
"user: Use get_task_state() helper")
Commit: ffd1d82f90f9dcc3d8c364ab551dcda6cdf7c65b
https://github.com/qemu/qemu/commit/ffd1d82f90f9dcc3d8c364ab551dcda6cdf7c65b
Author: Ilya Leoshkevich <[email protected]>
Date: 2024-10-25 (Fri, 25 Oct 2024)
Changed paths:
M linux-user/ppc/signal.c
Log Message:
-----------
linux-user/ppc: Fix sigmask endianness issue in sigreturn
do_setcontext() copies the target sigmask without endianness handling
and then uses target_to_host_sigset_internal(), which expects a
byte-swapped one. Use target_to_host_sigset() instead.
Fixes: bcd4933a23f1 ("linux-user: ppc signal handling")
Signed-off-by: Ilya Leoshkevich <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
(cherry picked from commit 8704132805cf7a3259d1c5a073b3c2b92afa2616)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: b3686fced61f51de77838b8b76823e7adada6b08
https://github.com/qemu/qemu/commit/b3686fced61f51de77838b8b76823e7adada6b08
Author: Yao Zi <[email protected]>
Date: 2024-10-25 (Fri, 25 Oct 2024)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user/riscv: Fix definition of RISCV_HWPROBE_EXT_ZVFHMIN
Current definition yields a negative 32bits value, messing up hwprobe
result when Zvfhmin extension presents. Replace it by using a 1ULL bit
shift value as done in kernel upstream.
Link:
https://github.com/torvalds/linux/commit/5ea6764d9095e234b024054f75ebbccc4f0eb146
Fixes: a3432cf227 ("linux-user/riscv: Sync hwprobe keys with Linux")
Cc: [email protected]
Signed-off-by: Yao Zi <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
(cherry picked from commit 310df7a9fe400f32cde8a7edf80daad12cd9cf02)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 17af9ee66b6746684bd13d2cf7113424071b45cb
https://github.com/qemu/qemu/commit/17af9ee66b6746684bd13d2cf7113424071b45cb
Author: Avihai Horon <[email protected]>
Date: 2024-10-25 (Fri, 25 Oct 2024)
Changed paths:
M hw/vfio/migration.c
Log Message:
-----------
vfio/migration: Report only stop-copy size in vfio_state_pending_exact()
vfio_state_pending_exact() is used to update migration core how much
device data is left for the device migration. Currently, the sum of
pre-copy and stop-copy sizes of the VFIO device are reported.
The pre-copy size is obtained via the VFIO_MIG_GET_PRECOPY_INFO ioctl,
which returns the amount of device data available to be transferred
while the device is in the PRE_COPY states.
The stop-copy size is obtained via the VFIO_DEVICE_FEATURE_MIG_DATA_SIZE
ioctl, which returns the total amount of device data left to be
transferred in order to complete the device migration.
According to the above, current implementation is wrong -- it reports
extra overlapping data because pre-copy size is already contained in
stop-copy size. Fix it by reporting only stop-copy size.
Fixes: eda7362af959 ("vfio/migration: Add VFIO migration pre-copy support")
Signed-off-by: Avihai Horon <[email protected]>
Reviewed-by: Cédric Le Goater <[email protected]>
(cherry picked from commit 3b5948f808e3b99aedfa0aff45cffbe8b7ec07ed)
Signed-off-by: Michael Tokarev <[email protected]>
Compare: https://github.com/qemu/qemu/compare/1836c60af237...17af9ee66b67
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
