Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 5faaac0a4c5593865a33a3080b4fd211feb51d31
https://github.com/qemu/qemu/commit/5faaac0a4c5593865a33a3080b4fd211feb51d31
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-22 (Wed, 22 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
Log Message:
-----------
rust: pl011: fix repr(C) for PL011Class
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 6ace2d5163bbc0b38d9982e04f3a4199c5fef315
https://github.com/qemu/qemu/commit/6ace2d5163bbc0b38d9982e04f3a4199c5fef315
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/emit.c.inc
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: inline gen_jcc into sole caller
The code of gen_Jcc is very similar to gen_LOOP* and gen_JCXZ, but this
is hidden by gen_jcc.
Signed-off-by: Paolo Bonzini <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: e604be4fb4ed1abe5286f8f4145701bf3fc15b97
https://github.com/qemu/qemu/commit/e604be4fb4ed1abe5286f8f4145701bf3fc15b97
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/emit.c.inc
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: remove trailing 1 from gen_{j, cmov, set}cc1
This is not needed anymore now that gen_jcc has been eliminated
(merged into the similarly-named gen_Jcc, where the uppercase letter
gives away that it is an emission function).
Signed-off-by: Paolo Bonzini <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: b519556f58dcb548f295c5cbbf91617377c5c564
https://github.com/qemu/qemu/commit/b519556f58dcb548f295c5cbbf91617377c5c564
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: unify REP and REPZ/REPNZ generation
It only differs in a single call to gen_jcc, so use a "bool" argument
to distinguish the two cases; do not duplicate code.
Signed-off-by: Paolo Bonzini <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: d8d552d4591257368633831953a190b868e5f566
https://github.com/qemu/qemu/commit/d8d552d4591257368633831953a190b868e5f566
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/emit.c.inc
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: unify choice between single and repeated string instructions
The same "if" is present in all generator functions for string instructions.
Push it inside gen_repz() and gen_repz_nz() instead.
Signed-off-by: Paolo Bonzini <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 0eb7046e1bbe83468169a74b1886fa9c2605ffa7
https://github.com/qemu/qemu/commit/0eb7046e1bbe83468169a74b1886fa9c2605ffa7
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: reorganize ops emitted by do_gen_rep, drop repz_opt
The condition for optimizing repeat instruction is more or less the
opposite of what you imagine: almost always the string instruction
was _not_ optimized and optimizing the loop relied on goto_tb.
This is obviously not great for performance, due to the cost of the
exit-to-main-loop check, but also wrong. In fact, after expanding
dc->jmp_opt and simplifying "!!x" to "x", the condition for looping used
to be:
((cflags & CF_NO_GOTO_TB) ||
(flags & (HF_RF_MASK | HF_TF_MASK | HF_INHIBIT_IRQ_MASK))) && !(cflags &
CF_USE_ICOUNT)
In other words, setting aside RF (it requires special handling for REP
instructions and it was completely missing), repeat instruction were
being optimized if TF or inhibit IRQ flags were set. This is certainly
wrong for TF, because string instructions trap after every execution,
and probably for interrupt shadow too.
Get rid of repz_opt completely. The next patches will reintroduce the
optimization, applying it in the common case instead of the unlikely
and wrong one.
While at it, place the CX/ECX/RCX=0 case is at the end of the function,
which saves a label and is clearer when reading the generated ops.
For clarity, mark the cc_op explicitly as DYNAMIC even if at the end
of the translation block; the cc_op can come from either the previous
instruction or the string instruction, and currently we rely on
a gen_update_cc_op() that is hidden in the bowels of gen_jcc() to
spill cc_op and mark it clean.
Signed-off-by: Paolo Bonzini <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 4d7704ebc59a1f52d6ab65e5fff8e3160c1f4d79
https://github.com/qemu/qemu/commit/4d7704ebc59a1f52d6ab65e5fff8e3160c1f4d79
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: tcg: move gen_set/reset_* earlier in the file
Allow using them in the code that translates REP/REPZ, without
forward declarations.
Signed-off-by: Paolo Bonzini <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 0d82d9e84644ecee3e626bdf204e9847ffe10bce
https://github.com/qemu/qemu/commit/0d82d9e84644ecee3e626bdf204e9847ffe10bce
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: fix RF handling for string instructions
RF must be set on traps and interrupts from a string instruction,
except if they occur after the last iteration. Ensure it is set
before giving the main loop a chance to execute.
Signed-off-by: Paolo Bonzini <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 6986cf003226ddf7e5af36a9f4f033cb16c8636c
https://github.com/qemu/qemu/commit/6986cf003226ddf7e5af36a9f4f033cb16c8636c
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: make cc_op handling more explicit for repeated string
instructions.
Since the cost of gen_update_cc_op() must be paid anyway, it's easier
to place them manually and not rely on spilling that is buried under
multiple levels of function calls. While at it, clarify the circumstances
in which the gen_update_cc_op() is needed, and why it is not for REPxx
SCAS and REPxx CMPS.
And since cc_op will have been spilled at the point of a fault, just
make the whole insn CC_OP_DYNAMIC. Once repz_opt is reintroduced,
a fault could happen either before or after the first execution of
CMPS/SCAS, and CC_OP_DYNAMIC sidesteps the complicated matter of what
x86_restore_state_to_opc would do.
Signed-off-by: Paolo Bonzini <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 365811602572054b1c1173b19e8fd28689d827d9
https://github.com/qemu/qemu/commit/365811602572054b1c1173b19e8fd28689d827d9
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: do not use gen_op_jz_ecx for repeated string operations
Explicitly generate a TSTEQ branch (which is optimized to NE x,0 if possible).
This does not make much sense yet, but later we will add more checks and some
will use a temporary to check on the decremented value of CX/ECX/RCX; it will
be clearer for all checks to share the same logic using TSTEQ(reg, cx_mask).
Signed-off-by: Paolo Bonzini <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 0360b781870a628379de20e03305c4e62dbdcca4
https://github.com/qemu/qemu/commit/0360b781870a628379de20e03305c4e62dbdcca4
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: optimize CX handling in repeated string operations
In a repeated string operation, CX/ECX will be decremented until it
is 0 but never underflow. Use this observation to avoid a deposit or
zero-extend operation if the address size of the operation is smaller
than MO_TL.
As in the previous patch, the patch is structured to include some
preparatory work for subsequent changes. In particular, introducing
cx_next prepares for when ECX will be decremented *before* calling
fn(s, ot), and therefore cannot yet be written back to cpu_regs.
Signed-off-by: Paolo Bonzini <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 456709db50f424d112bc5f07260fdc51555f3a24
https://github.com/qemu/qemu/commit/456709db50f424d112bc5f07260fdc51555f3a24
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: execute multiple REP/REPZ iterations without leaving TB
Use a TCG loop so that it is not necessary to go through the setup steps
of REP and through the I/O check on every iteration. Interestingly, this
is not a particularly effective optimization on its own, though it avoids
the cost of correct RF emulation that was added in the previous patch.
The main benefit lies in allowing the hoisting of loop invariants outside
the loop, which will happen separately.
The loop exits when the low 16 bits of CX/ECX/RCX are zero (so generally
speaking the string operation runs in 65536 iteration batches) to give
the main loop an opportunity to pick up interrupts.
Signed-off-by: Paolo Bonzini <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 4f094e27f3ad2a35e305cb26a2926864815b6ac6
https://github.com/qemu/qemu/commit/4f094e27f3ad2a35e305cb26a2926864815b6ac6
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: pull computation of string update value out of loop
This is a common operation that is executed many times in rep
movs or rep stos loops. It can improve performance by several
percentage points.
Signed-off-by: Paolo Bonzini <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 82290c76476021c647824f816d8ccfbbfb773b2e
https://github.com/qemu/qemu/commit/82290c76476021c647824f816d8ccfbbfb773b2e
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: extract common bits of gen_repz/gen_repz_nz
Now that everything has been cleaned up, look at DF and prefixes
in a single function, and call that one from gen_repz and gen_repz_nz.
Suggested-by: Richard Henderson <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 22063f03a7626c77d7a4546b90fd27badd504269
https://github.com/qemu/qemu/commit/22063f03a7626c77d7a4546b90fd27badd504269
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: avoid using s->tmp0 for add to implicit registers
For updates to implicit registers (RCX in LOOP instructions, RSI or RDI
in string instructions, or the stack pointer) do the add directly using
the registers (with no temporary) if 32-bit or 64-bit, or use a temporary
created for the occasion if 16-bit. This is more efficient and removes
move instructions for the MO_TL case.
Signed-off-by: Paolo Bonzini <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: c597ff5339a9918b00d9f4160126db0ac2a423cc
https://github.com/qemu/qemu/commit/c597ff5339a9918b00d9f4160126db0ac2a423cc
Author: Tao Su <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
target/i386: Introduce SierraForest-v2 model
Update SierraForest CPU model to add LAM, 4 bits indicating certain bits
of IA32_SPEC_CTR are supported(intel-psfd, ipred-ctrl, rrsba-ctrl,
bhi-ctrl) and the missing features(ss, tsc-adjust, cldemote, movdiri,
movdir64b)
Also add GDS-NO and RFDS-NO to indicate the related vulnerabilities are
mitigated in stepping 3.
Tested-by: Xuelian Guo <[email protected]>
Signed-off-by: Tao Su <[email protected]>
Reviewed-by: Zhao Liu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: b611931d4f70b9a3e49e39c405c63b3b5e9c0df1
https://github.com/qemu/qemu/commit/b611931d4f70b9a3e49e39c405c63b3b5e9c0df1
Author: Tao Su <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
target/i386: Export BHI_NO bit to guests
Branch History Injection (BHI) is a CPU side-channel vulnerability, where
an attacker may manipulate branch history before transitioning from user
to supervisor mode or from VMX non-root/guest to root mode. CPUs that set
BHI_NO bit in MSR IA32_ARCH_CAPABILITIES to indicate no additional
mitigation is required to prevent BHI.
Make BHI_NO bit available to guests.
Tested-by: Xuelian Guo <[email protected]>
Signed-off-by: Tao Su <[email protected]>
Reviewed-by: Zhao Liu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 56e84d898f17606b5d88778726466540af96b234
https://github.com/qemu/qemu/commit/56e84d898f17606b5d88778726466540af96b234
Author: Tao Su <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M target/i386/cpu.c
M target/i386/cpu.h
Log Message:
-----------
target/i386: Add new CPU model ClearwaterForest
According to table 1-2 in Intel Architecture Instruction Set Extensions
and Future Features (rev 056) [1], ClearwaterForest has the following new
features which have already been virtualized:
- AVX-VNNI-INT16 CPUID.(EAX=7,ECX=1):EDX[bit 10]
- SHA512 CPUID.(EAX=7,ECX=1):EAX[bit 0]
- SM3 CPUID.(EAX=7,ECX=1):EAX[bit 1]
- SM4 CPUID.(EAX=7,ECX=1):EAX[bit 2]
Add above features to new CPU model ClearwaterForest. Comparing with
SierraForest, ClearwaterForest bare-metal contains all features of
SierraForest-v2 CPU model and adds:
- PREFETCHI CPUID.(EAX=7,ECX=1):EDX[bit 14]
- DDPD_U CPUID.(EAX=7,ECX=2):EDX[bit 3]
- BHI_NO IA32_ARCH_CAPABILITIES[bit 20]
Add above and all features of SierraForest-v2 CPU model to new CPU model
ClearwaterForest.
[1] https://cdrdv2.intel.com/v1/dl/getContent/671368
Tested-by: Xuelian Guo <[email protected]>
Signed-off-by: Tao Su <[email protected]>
Reviewed-by: Zhao Liu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 0a6dec6d11e5e392dcd6299548bf1514f1201707
https://github.com/qemu/qemu/commit/0a6dec6d11e5e392dcd6299548bf1514f1201707
Author: Tao Su <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M docs/system/cpu-models-x86.rst.inc
Log Message:
-----------
docs: Add GNR, SRF and CWF CPU models
Update GraniteRapids, SierraForest and ClearwaterForest CPU models in
section "Preferred CPU models for Intel x86 hosts".
Also introduce bhi-no, gds-no and rfds-no in doc.
Suggested-by: Zhao Liu <[email protected]>
Signed-off-by: Tao Su <[email protected]>
Reviewed-by: Zhao Liu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 8113dbbcdaee05f319a7e48272416d918cb2b04a
https://github.com/qemu/qemu/commit/8113dbbcdaee05f319a7e48272416d918cb2b04a
Author: Zhao Liu <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M stubs/meson.build
Log Message:
-----------
stub: Fix build failure with --enable-user --disable-system --enable-tools
Configuring "--enable-user --disable-system --enable-tools" causes the
build failure with the following information:
/usr/bin/ld: libhwcore.a.p/hw_core_qdev.c.o: in function `device_finalize':
/qemu/build/../hw/core/qdev.c:688: undefined reference to
`qapi_event_send_device_deleted'
collect2: error: ld returned 1 exit status
To fix the above issue, add qdev.c stub when build with `have_tools`.
With this fix, QEMU could be successfully built in the following cases:
--enable-user --disable-system --enable-tools
--enable-user --disable-system --disable-tools
--enable-user --disable-system
Cc: [email protected]
Fixes: 388b849fb6c3 ("stubs: avoid duplicate symbols in libqemuutil.a")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2766
Signed-off-by: Zhao Liu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 0f9eb0ff2b25787be62fceb036dba7c3f54fde2d
https://github.com/qemu/qemu/commit/0f9eb0ff2b25787be62fceb036dba7c3f54fde2d
Author: Zhao Liu <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
M rust/qemu-api/src/qdev.rs
Log Message:
-----------
rust/qdev: Make REALIZE safe
A safe REALIZE accepts immutable reference.
Since current PL011's realize() only calls a char binding function (
qemu_chr_fe_set_handlers), it is possible to convert mutable reference
(&mut self) to immutable reference (&self), which only needs to convert
the pointers passed to C to mutable pointers.
Thus, make REALIZE accept immutable reference.
Signed-off-by: Zhao Liu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 06a1cfb5550a090b63c81cf5f44d2558010a8ed7
https://github.com/qemu/qemu/commit/06a1cfb5550a090b63c81cf5f44d2558010a8ed7
Author: Zhao Liu <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
Log Message:
-----------
rust/pl011: Avoid bindings::*
List all the necessary bindings to better identify gaps in rust/qapi.
And include the bindings wrapped by rust/qapi instead mapping the raw
bindings directly.
Inspired-by: Paolo Bonzini <[email protected]>
Signed-off-by: Zhao Liu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 5014e33b1e00d330f13df33c09a3932ac88f8d94
https://github.com/qemu/qemu/commit/5014e33b1e00d330f13df33c09a3932ac88f8d94
Author: Zhao Liu <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M include/exec/memattrs.h
Log Message:
-----------
memattrs: Convert unspecified member to bool
Convert `unspecified` member of MemTxAttrs from bit field to bool, so
that bindgen could generate more ergonomic Rust binding with bool type.
As a result, MemTxAttrs needs to be expanded from 4 bytes to 8 bytes.
Therefore, move `unspecified` to after the bit fields and add reserved
members to ensure that the whole structure is packed into 8 bytes.
Suggested-by: Richard Henderson <[email protected]>
Suggested-by: Paolo Bonzini <[email protected]>
Signed-off-by: Zhao Liu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 57f9d9c84a9112d534fa90f2a6dad74bd71150b6
https://github.com/qemu/qemu/commit/57f9d9c84a9112d534fa90f2a6dad74bd71150b6
Author: Zhao Liu <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M include/exec/memattrs.h
Log Message:
-----------
memattrs: Check the size of MemTxAttrs
Make sure MemTxAttrs is packed into 8 bytes and does not exceed 8 bytes.
Suggested-by: Philippe Mathieu-Daudà <[email protected]>
Signed-off-by: Zhao Liu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 0d43ddae35a29d1822ec3f35a31bfe7c91618ef4
https://github.com/qemu/qemu/commit/0d43ddae35a29d1822ec3f35a31bfe7c91618ef4
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/qemu-api/src/prelude.rs
M rust/qemu-api/src/vmstate.rs
Log Message:
-----------
rust: vmstate: add new type safe implementation
The existing translation of the C macros for vmstate does not make
any attempt to type-check vmstate declarations against the struct, so
introduce a new system that computes VMStateField based on the actual
struct declaration.
Macros do not have full access to the type system, therefore a full
implementation of this scheme requires a helper trait to analyze the
type and produce a VMStateField from it; a macro "vmstate_of!" accepts
arguments similar to "offset_of!" and tricks the compiler into looking
up the trait for the right type.
The patch introduces not just vmstate_of!, but also the slightly too
clever enabling macro call_func_with_field!. The particular trick used
here was proposed on the users.rust-lang.org forum, so I take no merit
and all the blame.
Introduce the trait and some functions to access it; the actual
implementation comes later.
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 80aa3045bd42bec287d1f9bcc94be32a4c1b582e
https://github.com/qemu/qemu/commit/80aa3045bd42bec287d1f9bcc94be32a4c1b582e
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/qemu-api/src/vmstate.rs
Log Message:
-----------
rust: vmstate: implement VMState for non-leaf types
Arrays, pointers and cells use a VMStateField that is based on that
for the inner type. The implementation therefore delegates to the
VMState implementation of the inner type.
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 5b024b4e73f180402fde8485e8d4a51383592940
https://github.com/qemu/qemu/commit/5b024b4e73f180402fde8485e8d4a51383592940
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/qemu-api/src/vmstate.rs
Log Message:
-----------
rust: vmstate: add varray support to vmstate_of!
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 2537f8309885013c4b04ae7b2888591ba0cb6ca7
https://github.com/qemu/qemu/commit/2537f8309885013c4b04ae7b2888591ba0cb6ca7
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/qemu-api/src/vmstate.rs
M rust/qemu-api/src/zeroable.rs
Log Message:
-----------
rust: vmstate: implement Zeroable for VMStateField
This shortens a bit the constants. Do not bother using it
in the vmstate macros since most of them will go away soon.
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: f2cb78bdbe5f9ff61366beb216971a8502456c3a
https://github.com/qemu/qemu/commit/f2cb78bdbe5f9ff61366beb216971a8502456c3a
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/qemu-api/src/vmstate.rs
Log Message:
-----------
rust: vmstate: implement VMState for scalar types
Scalar types are those that have their own VMStateInfo. This poses
a problem in that references to VMStateInfo can only be included in
associated consts starting with Rust 1.83.0, when the const_refs_static
was stabilized. Removing the requirement is done by placing a limited
list of VMStateInfos in an enum, and going from enum to &VMStateInfo
only when building the VMStateField.
The same thing cannot be done with VMS_STRUCT because the set of
VMStateDescriptions extends to structs defined by the devices.
Therefore, structs and cells cannot yet use vmstate_of!.
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 00f89716a8858f6b9274dd4067740fb40212e88b
https://github.com/qemu/qemu/commit/00f89716a8858f6b9274dd4067740fb40212e88b
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/qemu-api/src/vmstate.rs
Log Message:
-----------
rust: vmstate: add public utility macros to implement VMState
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 9a2ba4882d320a650b4f98f92b49bb45956d227e
https://github.com/qemu/qemu/commit/9a2ba4882d320a650b4f98f92b49bb45956d227e
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/qemu-api/src/vmstate.rs
Log Message:
-----------
rust: qemu_api: add vmstate_struct
It is not type safe, but it's the best that can be done without
const_refs_static. It can also be used with BqlCell and BqlRefCell.
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: b800a3132194014928cfbf9d79062da77ea70fee
https://github.com/qemu/qemu/commit/b800a3132194014928cfbf9d79062da77ea70fee
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
M rust/hw/char/pl011/src/device_class.rs
M rust/hw/char/pl011/src/lib.rs
Log Message:
-----------
rust: pl011: switch vmstate to new-style macros
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 9d4899496b555751c8ea4155d6da4fc3dbd7edae
https://github.com/qemu/qemu/commit/9d4899496b555751c8ea4155d6da4fc3dbd7edae
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/qemu-api/src/vmstate.rs
Log Message:
-----------
rust: vmstate: remove translation of C vmstate macros
Keep vmstate_clock!; because it uses a field of type VMStateDescription,
it cannot be converted to the VMState trait without access to the
const_refs_static feature.
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 24f0e8d818b931758b6dc47f973a6b1b80ecee1f
https://github.com/qemu/qemu/commit/24f0e8d818b931758b6dc47f973a6b1b80ecee1f
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device_class.rs
M rust/qemu-api/src/vmstate.rs
Log Message:
-----------
rust: vmstate: make order of parameters consistent in vmstate_clock
Place struct_name before field_name, similar to offset_of.
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 7d0520398f7f58214cf5242b34c1b46efa2fcf4f
https://github.com/qemu/qemu/commit/7d0520398f7f58214cf5242b34c1b46efa2fcf4f
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
M rust/hw/char/pl011/src/device_class.rs
M rust/hw/char/pl011/src/memory_ops.rs
M rust/qemu-api/src/qdev.rs
M rust/qemu-api/src/qom.rs
Log Message:
-----------
rust: prefer NonNull::new to assertions
Do not use new_unchecked; the effect is the same, but the
code is easier to read and unsafe regions become smaller.
Likewise, NonNull::new can be used instead of assertion and
followed by as_ref() or as_mut() instead of dereferencing the
pointer.
Suggested-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: efe5719c64c7fd7e85f65dc378de1ec3776ef3ee
https://github.com/qemu/qemu/commit/efe5719c64c7fd7e85f65dc378de1ec3776ef3ee
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/lib.rs
Log Message:
-----------
rust: pl011: remove unnecessary "extern crate"
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: d1f27ae9ca1c87268b97741c0a2560baa7be4c8b
https://github.com/qemu/qemu/commit/d1f27ae9ca1c87268b97741c0a2560baa7be4c8b
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
M rust/hw/char/pl011/src/device_class.rs
M rust/hw/char/pl011/src/lib.rs
Log Message:
-----------
rust: pl011: hide unnecessarily "pub" items from outside pl011::device
The only public interfaces for pl011 are TYPE_PL011 and pl011_create.
Remove pub from everything else.
Note: the "allow(dead_code)" is removed later.
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 13f113e46944e735cc1d9fadd62d61d8ead7856e
https://github.com/qemu/qemu/commit/13f113e46944e735cc1d9fadd62d61d8ead7856e
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M hw/arm/nrf51_soc.c
M include/hw/arm/nrf51_soc.h
Log Message:
-----------
hw/arm/nrf51: Rename ARMv7MState 'cpu' -> 'armv7m'
The ARMv7MState object is not simply a CPU, it also
contains the NVIC, SysTick timer, and various MemoryRegions.
Rename the field as 'armv7m', like other Cortex-M boards.
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-id: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
Commit: 19266bec2770f40baa6f17d9a7d84d0fd9211a2e
https://github.com/qemu/qemu/commit/19266bec2770f40baa6f17d9a7d84d0fd9211a2e
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M hw/arm/stellaris.c
Log Message:
-----------
hw/arm/stellaris: Add 'armv7m' local variable
While the TYPE_ARMV7M object forward its NVIC interrupt lines,
it is somehow misleading to name it 'nvic'. Add the 'armv7m'
local variable for clarity, but also keep the 'nvic' variable
behaving like before when used for wiring IRQ lines.
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-id: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
Commit: deeb9969357d377110ac61fe3c6482c7303313ae
https://github.com/qemu/qemu/commit/deeb9969357d377110ac61fe3c6482c7303313ae
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M hw/arm/b-l475e-iot01a.c
M hw/arm/microbit.c
M hw/arm/mps2-tz.c
M hw/arm/mps2.c
M hw/arm/msf2-som.c
M hw/arm/musca.c
M hw/arm/netduino2.c
M hw/arm/netduinoplus2.c
M hw/arm/olimex-stm32-h405.c
M hw/arm/stellaris.c
M hw/arm/stm32vldiscovery.c
Log Message:
-----------
hw/arm/v7m: Remove use of &first_cpu in machine_init()
When instanciating the machine model, the machine_init()
implementations usually create the CPUs, so have access
to its first CPU. Use that rather then the &first_cpu
global.
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Reviewed-by: Samuel Tardieu <[email protected]>
Message-id: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
Commit: b6cd77fbddf020d4dad23476b286fbeb22d4c334
https://github.com/qemu/qemu/commit/b6cd77fbddf020d4dad23476b286fbeb22d4c334
Author: Bernhard Beschow <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M hw/char/imx_serial.c
M include/hw/char/imx_serial.h
Log Message:
-----------
hw/char/imx_serial: Fix reset value of UFCR register
The value of the UCFR register is respected when echoing characters to the
terminal, but its reset value is reserved. Fix the reset value to the one
documented in the datasheet.
While at it move the related attribute out of the section of unimplemented
registers since its value is actually respected.
Signed-off-by: Bernhard Beschow <[email protected]>
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Commit: a451cc11c47903242123def2717a86a56e5fb390
https://github.com/qemu/qemu/commit/a451cc11c47903242123def2717a86a56e5fb390
Author: Bernhard Beschow <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M hw/char/imx_serial.c
Log Message:
-----------
hw/char/imx_serial: Update all state before restarting ageing timer
Fixes characters to be "echoed" after each keystroke rather than after every
other since imx_serial_rx_fifo_ageing_timer_restart() would see ~UTS1_RXEMPTY
only after every other keystroke.
Signed-off-by: Bernhard Beschow <[email protected]>
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Commit: 1b326f278d05543425a71165a66b925922e532ac
https://github.com/qemu/qemu/commit/1b326f278d05543425a71165a66b925922e532ac
Author: Bernhard Beschow <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M hw/arm/Kconfig
M hw/arm/fsl-imx6.c
M hw/arm/fsl-imx7.c
M hw/pci-host/designware.c
M include/hw/arm/fsl-imx6.h
M include/hw/arm/fsl-imx7.h
M include/hw/pci-host/designware.h
Log Message:
-----------
hw/pci-host/designware: Expose MSI IRQ
Fixes INTD and MSI interrupts poking the same IRQ line without keeping track of
each other's IRQ level. Furthermore, SoCs such as the i.MX 8M Plus don't share
the MSI IRQ with the INTx lines, so expose it as a dedicated pin.
Signed-off-by: Bernhard Beschow <[email protected]>
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Commit: 82634b58bc2dc32489cdf8e04af5b61bea4efb9a
https://github.com/qemu/qemu/commit/82634b58bc2dc32489cdf8e04af5b61bea4efb9a
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M hw/arm/stellaris.c
Log Message:
-----------
hw/arm/stellaris: Link each board schematic
Board schematic is useful to corroborate GPIOs/IRQs wiring.
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Peter Maydell <[email protected]>
Message-id: [email protected]
[PMM: Use https:// URLs]
Signed-off-by: Peter Maydell <[email protected]>
Commit: 87409ea90408938d55a37652968f2855954bada1
https://github.com/qemu/qemu/commit/87409ea90408938d55a37652968f2855954bada1
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M hw/arm/stellaris.c
Log Message:
-----------
hw/arm/stellaris: Constify read-only arrays
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Peter Maydell <[email protected]>
Message-id: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
Commit: 00bc529d95505f3bfcc2792f92d403da4aebc68d
https://github.com/qemu/qemu/commit/00bc529d95505f3bfcc2792f92d403da4aebc68d
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M hw/arm/stellaris.c
Log Message:
-----------
hw/arm/stellaris: Remove incorrect unimplemented i2c-0 at 0x40002000
There is nothing mapped at 0x40002000.
I2C#0 is already mapped at 0x40021000.
Remove the invalid mapping added in commits aecfbbc97a2 & 394c8bbfb7a.
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Peter Maydell <[email protected]>
Message-id: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
Commit: 7330c1c5c61acd8172ff218dd9e169cd2a4fa87b
https://github.com/qemu/qemu/commit/7330c1c5c61acd8172ff218dd9e169cd2a4fa87b
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M hw/arm/stellaris.c
Log Message:
-----------
hw/arm/stellaris: Replace magic numbers by definitions
Add definitions for the number of controllers.
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Peter Maydell <[email protected]>
Message-id: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
Commit: b7c55f596cc8b6cd85aeed08846da677e7261b5c
https://github.com/qemu/qemu/commit/b7c55f596cc8b6cd85aeed08846da677e7261b5c
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M hw/arm/stellaris.c
Log Message:
-----------
hw/arm/stellaris: Use DEVCAP macro to access DeviceCapability registers
Add definitions (DCx_periph) for the DeviceCapability bits,
replace direct bitmask checks with the DEV_CAP() macro,
which use the extract/deposit API.
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Peter Maydell <[email protected]>
Message-id: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
Commit: 3499f7e356e7ce54fa65fd0e610625199de2c42b
https://github.com/qemu/qemu/commit/3499f7e356e7ce54fa65fd0e610625199de2c42b
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M hw/arm/stellaris.c
Log Message:
-----------
hw/arm/stellaris: Map both I2C controllers
There are 2 I2C controllers, map them both, removing
the unimplemented one. Keep the OLED controller on the
first I2C bus.
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Peter Maydell <[email protected]>
Message-id: [email protected]
[PMM: tweak to appease maybe-use-uninitialized warning]
Signed-off-by: Peter Maydell <[email protected]>
Commit: 6d314cc04544969bd83521a315312702b8c166d1
https://github.com/qemu/qemu/commit/6d314cc04544969bd83521a315312702b8c166d1
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
M rust/hw/char/pl011/src/lib.rs
Log Message:
-----------
rust: pl011: extract conversion to RegisterOffset
As an added bonus, this also makes the new function return u32 instead
of u64, thus factoring some casts into a single place.
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 137612772e300a386f0f0c31486eae7d1008a68c
https://github.com/qemu/qemu/commit/137612772e300a386f0f0c31486eae7d1008a68c
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
Log Message:
-----------
rust: pl011: extract CharBackend receive logic into a separate function
Prepare for moving all references to the registers and the FIFO into a
separate struct.
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: ab6b6a8a55b5434b77dc229f86179c8d3ca55873
https://github.com/qemu/qemu/commit/ab6b6a8a55b5434b77dc229f86179c8d3ca55873
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
Log Message:
-----------
rust: pl011: pull interrupt updates out of read/write ops
qemu_irqs are not part of the vmstate, therefore they will remain in
PL011State. Update them if needed after regs_read()/regs_write().
Apply #[must_use] to functions that return whether the interrupt state
could have changed, so that it's harder to forget the call to update().
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 49bfe63f297f71c5d7e1578a8b69953430b7b532
https://github.com/qemu/qemu/commit/49bfe63f297f71c5d7e1578a8b69953430b7b532
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-27 (Mon, 27 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
M rust/hw/char/pl011/src/device_class.rs
Log Message:
-----------
rust: pl011: extract PL011Registers
Pull all the mutable fields of PL011State into a separate struct.
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: a1ab4eed8d37e4afb78367d766edeadfdb489027
https://github.com/qemu/qemu/commit/a1ab4eed8d37e4afb78367d766edeadfdb489027
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
M rust/hw/char/pl011/src/device_class.rs
Log Message:
-----------
rust: pl011: wrap registers with BqlRefCell
This is a step towards making memory ops use a shared reference to the
device type; it's not yet possible due to the calls to character device
functions.
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: c44818a5fdbcca9a4e3474be70f8a2615e19922b
https://github.com/qemu/qemu/commit/c44818a5fdbcca9a4e3474be70f8a2615e19922b
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
M rust/hw/char/pl011/src/lib.rs
Log Message:
-----------
rust: pl011: remove duplicate definitions
Unify the "Interrupt" enum and the "INT_*" constants with a struct
that contains the bits. The "int_level" and "int_enabled" fields
could use a crate such as "bitflags".
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: b3a29b3dc0d3f1e0f177b2be3edeb0d74c061b15
https://github.com/qemu/qemu/commit/b3a29b3dc0d3f1e0f177b2be3edeb0d74c061b15
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
M rust/hw/char/pl011/src/memory_ops.rs
Log Message:
-----------
rust: pl011: pull device-specific code out of MemoryRegionOps callbacks
read() can now return a simple u64.
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: 20bcc96f458dafb9fcf84e240545c8136ac7443f
https://github.com/qemu/qemu/commit/20bcc96f458dafb9fcf84e240545c8136ac7443f
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
Log Message:
-----------
rust: pl011: drop use of ControlFlow
It is a poor match for what the code is doing, anyway.
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: af7edb1d326de0af565b48c663163c7e5050e03c
https://github.com/qemu/qemu/commit/af7edb1d326de0af565b48c663163c7e5050e03c
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M rust/hw/char/pl011/src/device.rs
M rust/qemu-api/src/qdev.rs
Log Message:
-----------
rust: qdev: make reset take a shared reference
Because register reset is within a borrow_mut() call, reset
does not need anymore a mut reference to the PL011State.
Reviewed-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: aaf3778baaa6408460ec6e6636babbdf0b92c101
https://github.com/qemu/qemu/commit/aaf3778baaa6408460ec6e6636babbdf0b92c101
Author: Zhao Liu <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M rust/qemu-api/src/zeroable.rs
Log Message:
-----------
rust/zeroable: Implement Zeroable with const_zero macro
The `const_zero` crate provides a nice macro to zero type-specific
constants, which doesn't need to enumerates the fields one by one.
Introduce the `const_zero` macro to QEMU (along with its documentation), and
use it to simplify the implementation of `Zeroable` trait.
Suggested-by: Paolo Bonzini <[email protected]>
Signed-off-by: Zhao Liu <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: d28ece2487fb13f93fcd7eb870cdc64412027c34
https://github.com/qemu/qemu/commit/d28ece2487fb13f93fcd7eb870cdc64412027c34
Author: Zhao Liu <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M rust/qemu-api/tests/tests.rs
Log Message:
-----------
rust: qemu-api: add sub-subclass to the integration tests
Signed-off-by: Zhao Liu <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: cb5f6ca8af0f1dd2f55008855e542ec33479e929
https://github.com/qemu/qemu/commit/cb5f6ca8af0f1dd2f55008855e542ec33479e929
Author: Thomas Huth <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M MAINTAINERS
M tests/functional/meson.build
A tests/functional/test_arm_microbit.py
Log Message:
-----------
tests/functional: Add a test for the arm microbit machine
We don't have any functional tests for this machine yet, thus let's
add a test with a MicroPython binary that is available online
(thanks to Joel Stanley for providing it, see:
https://www.mail-archive.com/[email protected]/msg606064.html ).
Signed-off-by: Thomas Huth <[email protected]>
Reviewed-by: Alex Bennée <[email protected]>
Message-id: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
Commit: 1edc3d43f20df0d04f8d00b906ba19fed37512a5
https://github.com/qemu/qemu/commit/1edc3d43f20df0d04f8d00b906ba19fed37512a5
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: arm_reset_sve_state() should set FPSR, not FPCR
The pseudocode ResetSVEState() does:
FPSR = ZeroExtend(0x0800009f<31:0>, 64);
but QEMU's arm_reset_sve_state() called vfp_set_fpcr() by accident.
Before the advent of FEAT_AFP, this was only setting a collection of
RES0 bits, which vfp_set_fpsr() would then ignore, so the only effect
was that we didn't actually set the FPSR the way we are supposed to
do. Once FEAT_AFP is implemented, setting the bottom bits of FPSR
will change the floating point behaviour.
Call vfp_set_fpsr(), as we ought to.
(Note for stable backports: commit 7f2a01e7368f9 moved this function
from sme_helper.c to helper.c, but it had the same bug before the
move too.)
Cc: [email protected]
Fixes: f84734b87461 ("target/arm: Implement SMSTART, SMSTOP")
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: f10dee833f5b810d7c5ac036e3b5937d388f7b3b
https://github.com/qemu/qemu/commit/f10dee833f5b810d7c5ac036e3b5937d388f7b3b
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/vfp_helper.c
Log Message:
-----------
target/arm: Use FPSR_ constants in vfp_exceptbits_from_host()
Use the FPSR_ named constants in vfp_exceptbits_from_host(),
rather than hardcoded magic numbers.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: eda8d53083956f31c2ffe4ae62bb5883eda84be5
https://github.com/qemu/qemu/commit/eda8d53083956f31c2ffe4ae62bb5883eda84be5
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/vfp_helper.c
Log Message:
-----------
target/arm: Use uint32_t in vfp_exceptbits_from_host()
In vfp_exceptbits_from_host(), we accumulate the FPSR flags in
an "int", and our return type is also "int". However, the only
callsite returns the same information as a uint32_t, and
more generally we handle FPSR values in the code as uint32_t,
not int. Bring this function in to line with that convention.
There is no behaviour change because none of the FPSR bits
we set in this function are bit 31. The input argument to
the function remains 'int' because that is the return type
of the softfloat get_float_exception_flags().
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: 2208cb46e60a825768b0d6aad1bd809f7b235bd1
https://github.com/qemu/qemu/commit/2208cb46e60a825768b0d6aad1bd809f7b235bd1
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/cpu.c
M target/arm/cpu.h
M target/arm/tcg/translate.h
M target/arm/vfp_helper.c
Log Message:
-----------
target/arm: Define new fp_status_a32 and fp_status_a64
We want to split the existing fp_status in the Arm CPUState into
separate float_status fields for AArch32 and AArch64. (This is
because new control bits defined by FEAT_AFP only have an effect for
AArch64, not AArch32.) To make this split we will:
* define new fp_status_a32 and fp_status_a64 which have
identical behaviour to the existing fp_status
* move existing uses of fp_status to fp_status_a32 or
fp_status_a64 as appropriate
* delete the old fp_status when it has no uses left
In this patch we add the new float_status fields.
We will also need to split fp_status_f16, but we will do that
as a separate series of patches.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: 57bd2f30ff50642dc32b3b2a4232054f3b6d664e
https://github.com/qemu/qemu/commit/57bd2f30ff50642dc32b3b2a4232054f3b6d664e
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/tcg/sme_helper.c
M target/arm/tcg/vec_helper.c
Log Message:
-----------
target/arm: Use vfp.fp_status_a64 in A64-only helper functions
Switch from vfp.fp_status to vfp.fp_status_a64 for helpers which:
* directly reference an fp_status field
* are called only from the A64 decoder
* are not called inside a set_rmode/restore_rmode sequence
Signed-off-by: Peter Maydell <[email protected]>
Message-id: [email protected]
Reviewed-by: Richard Henderson <[email protected]>
Commit: 75df4e86097062ce3f0926cf2c4afd837edfb286
https://github.com/qemu/qemu/commit/75df4e86097062ce3f0926cf2c4afd837edfb286
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/tcg/vec_helper.c
Log Message:
-----------
target/arm: Use fp_status_a64 or fp_status_a32 in is_ebf()
In is_ebf(), we might be called for A64 or A32, but we have
the CPUARMState* so we can select fp_status_a64 or
fp_status_a32 accordingly.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Commit: 1069d8ab30cb8c06cb093b06b05f571f64248d0d
https://github.com/qemu/qemu/commit/1069d8ab30cb8c06cb093b06b05f571f64248d0d
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/vfp_helper.c
Log Message:
-----------
target/arm: Use fp_status_a32 in vjvct helper
Use fp_status_a32 in the vjcvt helper function; this is called only
from the A32/T32 decoder and is not used inside a
set_rmode/restore_rmode sequence.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: d1ce6db3b1dcaa51d48def07f5615e6655ec4550
https://github.com/qemu/qemu/commit/d1ce6db3b1dcaa51d48def07f5615e6655ec4550
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/vfp_helper.c
Log Message:
-----------
target/arm: Use fp_status_a32 in vfp_cmp helpers
The helpers vfp_cmps, vfp_cmpes, vfp_cmpd, vfp_cmped are used only from
the A32 decoder; the A64 decoder uses separate vfp_cmps_a64 etc helpers
(because for A64 we update the main NZCV flags and for A32 we update
the FPSCR NZCV flags). So we can make these helpers use the fp_status_a32
field instead of fp_status.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: 961a8b3fb81ffd74218e44397fb14854b9793194
https://github.com/qemu/qemu/commit/961a8b3fb81ffd74218e44397fb14854b9793194
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/tcg/translate-vfp.c
Log Message:
-----------
target/arm: Use FPST_A32 in A32 decoder
In the A32 decoder, use FPST_A32 rather than FPST_FPCR. By
doing an automated conversion of the whole file we avoid possibly
using more than one fpst value in a set_rmode/op/restore_rmode
sequence.
Patch created with
perl -p -i -e 's/FPST_FPCR(?!_)/FPST_A32/g' target/arm/tcg/translate-vfp.c
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: e107a7a54e51b4f93e2fa8cff46ac5beb6cafafe
https://github.com/qemu/qemu/commit/e107a7a54e51b4f93e2fa8cff46ac5beb6cafafe
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/tcg/translate-a64.c
M target/arm/tcg/translate-sme.c
M target/arm/tcg/translate-sve.c
Log Message:
-----------
target/arm: Use FPST_A64 in A64 decoder
In the A64 decoder, use FPST_A64 rather than FPST_FPCR. By
doing an automated conversion of the whole file we avoid possibly
using more than one fpst value in a set_rmode/op/restore_rmode
sequence.
Patch created with
perl -p -i -e 's/FPST_FPCR(?!_)/FPST_A64/g'
target/arm/tcg/translate-{a64,sve,sme}.c
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: 2aa9656ebc26ea73c0cdb5c67409de1b9ef303c8
https://github.com/qemu/qemu/commit/2aa9656ebc26ea73c0cdb5c67409de1b9ef303c8
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/cpu.c
M target/arm/cpu.h
M target/arm/tcg/translate.h
M target/arm/vfp_helper.c
Log Message:
-----------
target/arm: Remove now-unused vfp.fp_status and FPST_FPCR
Now we have moved all the uses of vfp.fp_status and FPST_FPCR
to either the A32 or A64 fields, we can remove these.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: 5f4ed6da85ff4abeb89bf9e6ad9481b82c5db0b0
https://github.com/qemu/qemu/commit/5f4ed6da85ff4abeb89bf9e6ad9481b82c5db0b0
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/cpu.c
M target/arm/cpu.h
M target/arm/tcg/translate.h
M target/arm/vfp_helper.c
Log Message:
-----------
target/arm: Define new fp_status_f16_a32 and fp_status_f16_a64
As the first part of splitting the existing fp_status_f16
into separate float_status fields for AArch32 and AArch64
(so that we can make FEAT_AFP control bits apply only
for AArch64), define the two new fp_status_f16_a32 and
fp_status_f16_a64 fields, but don't use them yet.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: 85fffc1085c0b2623aa615cfdfb6b4d84694cfa3
https://github.com/qemu/qemu/commit/85fffc1085c0b2623aa615cfdfb6b4d84694cfa3
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/tcg/vec_helper.c
M target/arm/vfp_helper.c
Log Message:
-----------
target/arm: Use fp_status_f16_a32 in AArch32-only helpers
We directly use fp_status_f16 in a handful of helpers that
are AArch32-specific; switch to fp_status_f16_a32 for these.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: e4b3c388f96c1e4d18e276db6a9963bcb8cb98fb
https://github.com/qemu/qemu/commit/e4b3c388f96c1e4d18e276db6a9963bcb8cb98fb
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/tcg/sme_helper.c
M target/arm/tcg/vec_helper.c
Log Message:
-----------
target/arm: Use fp_status_f16_a64 in AArch64-only helpers
We directly use fp_status_f16 in a handful of helpers that are
AArch64-specific; switch to fp_status_f16_a64 for these.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: e935710bc8c76c1a7a665da10fa2d5e97ea94ee1
https://github.com/qemu/qemu/commit/e935710bc8c76c1a7a665da10fa2d5e97ea94ee1
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/tcg/translate-vfp.c
Log Message:
-----------
target/arm: Use FPST_A32_F16 in A32 decoder
In the A32 decoder, use FPST_A32_F16 rather than FPST_FPCR_F16.
By doing an automated conversion of the whole file we avoid possibly
using more than one fpst value in a set_rmode/op/restore_rmode
sequence.
Patch created with
perl -p -i -e 's/FPST_FPCR_F16(?!_)/FPST_A32_F16/g'
target/arm/tcg/translate-vfp.c
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: 230c2bd3f2882e007abc80d513b86770adb7b0e5
https://github.com/qemu/qemu/commit/230c2bd3f2882e007abc80d513b86770adb7b0e5
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/tcg/translate-a64.c
M target/arm/tcg/translate-sve.c
Log Message:
-----------
target/arm: Use FPST_A64_F16 in A64 decoder
In the A32 decoder, use FPST_A64_F16 rather than FPST_FPCR_F16.
By doing an automated conversion of the whole file we avoid possibly
using more than one fpst value in a set_rmode/op/restore_rmode
sequence.
Patch created with
perl -p -i -e 's/FPST_FPCR_F16(?!_)/FPST_A64_F16/g'
target/arm/tcg/translate-{a64,sve,sme}.c
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: 3847b5b1fbb2d6d4ab1dffd8842ffc3d0c3ddb37
https://github.com/qemu/qemu/commit/3847b5b1fbb2d6d4ab1dffd8842ffc3d0c3ddb37
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/cpu.c
M target/arm/cpu.h
M target/arm/tcg/translate.h
M target/arm/vfp_helper.c
Log Message:
-----------
target/arm: Remove now-unused vfp.fp_status_f16 and FPST_FPCR_F16
Now we have moved all the uses of vfp.fp_status_f16 and FPST_FPCR_F16
to the new A32 or A64 fields, we can remove these.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: 584b7aec817ea2c2d24cbc92588363caee8667ab
https://github.com/qemu/qemu/commit/584b7aec817ea2c2d24cbc92588363caee8667ab
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M fpu/softfloat-parts.c.inc
M fpu/softfloat.c
M include/fpu/softfloat-types.h
M target/arm/tcg/sve_helper.c
M target/arm/vfp_helper.c
M target/i386/tcg/fpu_helper.c
M target/mips/tcg/msa_helper.c
M target/rx/op_helper.c
Log Message:
-----------
fpu: Rename float_flag_input_denormal to float_flag_input_denormal_flushed
Our float_flag_input_denormal exception flag is set when the fpu code
flushes an input denormal to zero. This is what many guest
architectures (eg classic Arm behaviour) require, but it is not the
only donarmal-related reason we might want to set an exception flag.
The x86 behaviour (which we do not currently model correctly) wants
to see an exception flag when a denormal input is *not* flushed to
zero and is actually used in an arithmetic operation. Arm's FEAT_AFP
also wants these semantics.
Rename float_flag_input_denormal to float_flag_input_denormal_flushed
to make it clearer when it is set and to allow us to add a new
float_flag_input_denormal_used next to it for the x86/FEAT_AFP
semantics.
Commit created with
for f in `git grep -l float_flag_input_denormal`; do sed -i -e
's/float_flag_input_denormal/float_flag_input_denormal_flushed/' $f; done
and manual editing of softfloat-types.h and softfloat.c to clean
up the indentation afterwards and to fix a comment which wasn't
using the full name of the flag.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: 7af64d103d2d81e4b1a9a7c92a803abb2bcd6d91
https://github.com/qemu/qemu/commit/7af64d103d2d81e4b1a9a7c92a803abb2bcd6d91
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M fpu/softfloat-parts.c.inc
M fpu/softfloat.c
M include/fpu/softfloat-types.h
M target/arm/vfp_helper.c
M target/i386/tcg/fpu_helper.c
M target/m68k/fpu_helper.c
M target/mips/tcg/msa_helper.c
M target/rx/op_helper.c
M target/tricore/fpu_helper.c
Log Message:
-----------
fpu: Rename float_flag_output_denormal to float_flag_output_denormal_flushed
Our float_flag_output_denormal exception flag is set when
the fpu code flushes an output denormal to zero. Rename
it to float_flag_output_denormal_flushed:
* this keeps it parallel with the flag for flushing
input denormals, which we just renamed
* it makes it clearer that it doesn't mean "set when
the output is a denormal"
Commit created with
for f in `git grep -l float_flag_output_denormal`; do sed -i -e
's/float_flag_output_denormal/float_flag_output_denormal_flushed/' $f; done
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: 1c49280f023e87e1c93c136e2b1b435e26f7c332
https://github.com/qemu/qemu/commit/1c49280f023e87e1c93c136e2b1b435e26f7c332
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M include/fpu/softfloat-types.h
Log Message:
-----------
fpu: Fix a comment in softfloat-types.h
In softfloat-types.h a comment documents that if the float_status
field flush_to_zero is set then we flush denormalised results to 0
and set the inexact flag. This isn't correct: the status flag that
we set when flush_to_zero causes us to flush an output to zero is
float_flag_output_denormal_flushed.
Correct the comment.
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: d168a081479c8f90fa99949111c93bcb3a342348
https://github.com/qemu/qemu/commit/d168a081479c8f90fa99949111c93bcb3a342348
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/tcg/helper-a64.c
M target/arm/tcg/helper-a64.h
M target/arm/tcg/translate-a64.c
Log Message:
-----------
target/arm: Remove redundant advsimd float16 helpers
The advsimd_addh etc helpers defined in helper-a64.c are identical to
the vfp_addh etc helpers defined in helper-vfp.c: both take two
float16 inputs (in a uint32_t type) plus a float_status* and are
simple wrappers around the softfloat float16_* functions.
(The duplication seems to be a historical accident: we added the
advsimd helpers in 2018 as part of the A64 implementation, and at
that time there was no f16 emulation in A32. Then later we added the
A32 f16 handling by extending the existing VFP helper macros to
generate f16 versions as well as f32 and f64, and didn't realise we
could clean things up.)
Remove the now-unnecessary advsimd helpers and make the places that
generated calls to them use the vfp helpers instead. Many of the
helper functions were already unused.
(The remaining advsimd_ helpers are those which don't have vfp
versions.)
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: e07b48995aaae22fb8aa582b0a53633734bbea92
https://github.com/qemu/qemu/commit/e07b48995aaae22fb8aa582b0a53633734bbea92
Author: Peter Maydell <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M target/arm/tcg/translate-a64.c
M target/arm/tcg/translate-sve.c
Log Message:
-----------
target/arm: Use FPST_A64_F16 for halfprec-to-other conversions
We should be using the F16-specific float_status for conversions from
half-precision, because halfprec inputs never set Input Denormal.
Without FEAT_AHP, using the wrong fpst here had no effect, because
the only difference between the A64_F16 and A64 fpst is its handling
of flush-to-zero on input and output, and the helper functions
vfp_fcvt_f16_to_* and vfp_fcvt_*_to_f16 all explicitly squash the
relevant flushing flags, and flush_inputs_to_zero was the only way
that IDC could be set.
With FEAT_AHP, the FPCR.AH=1 behaviour sets IDC for
input_denormal_used, which we will only ignore in
vfp_get_fpsr_from_host() for the A64_F16 fpst; so it matters that we
use that one for f16 inputs (and the normal one for single/double to
f16 conversions).
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Commit: 664280abddcb3cacc9c6204706bb739fcc1316f7
https://github.com/qemu/qemu/commit/664280abddcb3cacc9c6204706bb739fcc1316f7
Author: Hongren Zheng <[email protected]>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M hw/usb/canokey.c
M hw/usb/canokey.h
Log Message:
-----------
hw/usb/canokey: Fix buffer overflow for OUT packet
When USBPacket in OUT direction has larger payload
than the ep_out_buffer (of size 512), a buffer overflow
would occur.
It could be fixed by limiting the size of usb_packet_copy
to be at most buffer size. Further optimization gets rid
of the ep_out_buffer and directly uses ep_out as the target
buffer.
This is reported by a security researcher who artificially
constructed an OUT packet of size 2047. The report has gone
through the QEMU security process, and as this device is for
testing purpose and no deployment of it in virtualization
environment is observed, it is triaged not to be a security bug.
Cc: [email protected]
Fixes: d7d34918551dc48 ("hw/usb: Add CanoKey Implementation")
Reported-by: Juan Jose Lopez Jaimez <[email protected]>
Signed-off-by: Hongren Zheng <[email protected]>
Message-id: Z4TfMOrZz6IQYl_h@Sun
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Commit: 3b36ee720288ba17962a17b305243ea34100e1f3
https://github.com/qemu/qemu/commit/3b36ee720288ba17962a17b305243ea34100e1f3
Author: Paolo Bonzini <[email protected]>
Date: 2025-01-29 (Wed, 29 Jan 2025)
Changed paths:
M .gitlab-ci.d/buildtest-template.yml
Log Message:
-----------
gitlab-ci: include full Rust backtraces in test runs
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Thomas Huth <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Commit: fb49b69bf9fd584546c7d946eaeec90941941d25
https://github.com/qemu/qemu/commit/fb49b69bf9fd584546c7d946eaeec90941941d25
Author: Stefan Hajnoczi <[email protected]>
Date: 2025-01-29 (Wed, 29 Jan 2025)
Changed paths:
M MAINTAINERS
M fpu/softfloat-parts.c.inc
M fpu/softfloat.c
M hw/arm/Kconfig
M hw/arm/b-l475e-iot01a.c
M hw/arm/fsl-imx6.c
M hw/arm/fsl-imx7.c
M hw/arm/microbit.c
M hw/arm/mps2-tz.c
M hw/arm/mps2.c
M hw/arm/msf2-som.c
M hw/arm/musca.c
M hw/arm/netduino2.c
M hw/arm/netduinoplus2.c
M hw/arm/nrf51_soc.c
M hw/arm/olimex-stm32-h405.c
M hw/arm/stellaris.c
M hw/arm/stm32vldiscovery.c
M hw/char/imx_serial.c
M hw/pci-host/designware.c
M hw/usb/canokey.c
M hw/usb/canokey.h
M include/fpu/softfloat-types.h
M include/hw/arm/fsl-imx6.h
M include/hw/arm/fsl-imx7.h
M include/hw/arm/nrf51_soc.h
M include/hw/char/imx_serial.h
M include/hw/pci-host/designware.h
M target/arm/cpu.c
M target/arm/cpu.h
M target/arm/helper.c
M target/arm/tcg/helper-a64.c
M target/arm/tcg/helper-a64.h
M target/arm/tcg/sme_helper.c
M target/arm/tcg/sve_helper.c
M target/arm/tcg/translate-a64.c
M target/arm/tcg/translate-sme.c
M target/arm/tcg/translate-sve.c
M target/arm/tcg/translate-vfp.c
M target/arm/tcg/translate.h
M target/arm/tcg/vec_helper.c
M target/arm/vfp_helper.c
M target/i386/tcg/fpu_helper.c
M target/m68k/fpu_helper.c
M target/mips/tcg/msa_helper.c
M target/rx/op_helper.c
M target/tricore/fpu_helper.c
M tests/functional/meson.build
A tests/functional/test_arm_microbit.py
Log Message:
-----------
Merge tag 'pull-target-arm-20250128-1' of
https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* hw/arm: Remove various uses of first_cpu global
* hw/char/imx_serial: Fix reset value of UFCR register
* hw/char/imx_serial: Update all state before restarting ageing timer
* hw/pci-host/designware: Expose MSI IRQ
* hw/arm/stellaris: refactoring, cleanup
* hw/arm/stellaris: map both I2C controllers
* tests/functional: Add a test for the arm microbit machine
* target/arm: arm_reset_sve_state() should set FPSR, not FPCR
* target/arm: refactorings preparatory to FEAT_AFP implementation
* fpu: Rename float_flag_input_denormal to float_flag_input_denormal_flushed
* fpu: Rename float_flag_output_denormal to float_flag_output_denormal_flushed
* hw/usb/canokey: Fix buffer overflow for OUT packet
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmeZOi0ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3sUeEACwDhM4ldn/gVZgVN7nf42a
# /CLD/qJx1vqi5bAB5zkY1bSCR9hS2IkhTBoQQH9Ng6ztG1IRpT/tKXDJAemWty70
# XgExdl4yjdwXMQK4JKU9qSfaBTuX7Z8Hz+nA1AnblO/4H+XpVNVJzp8Ee/uWTyEd
# BKPBpwqbIXNwUWEqkzDok074Q05rHlhsJD2DsoJTcmtpROhLHLATwQDZGGFuf56H
# LVcdx6GRP+/mWEGWLtj19mvaR/2cn4rQf+I1MACZ81nRjQCHbCohNAMr2wFsKg1+
# 2jYk9uHdFoambJ5+mFuC55Efk+QJaP4vDR0Gf3jLloFr+rS/5h3HiUuD8dUWOwFd
# mPWXsjwYzqBW2knt1nfq1ByzYWZ8rVQEn5G53dX/eoNXuDGsonZxPnevgmv5kIUc
# /W618Jez1nu9RDtNKccobHEtTGlGInJxJ7YzkU7Q6FO80IAqSdV7t9v7uPLJwcnz
# nQz+wVzb4oOmwMzn3BpKY7N/S7IZOSy3ASNHj8o4yCHMJT8Ki0/N4bl0k0DLxJ0T
# RiNCsV9c7MJfo9a+pbOnu0Lc3SjjropdvHYU+bB7R0mgd8ysN+Tou0dpa+i7tUTu
# DHWqs2/+UApHKBiC+DSynPjjRR2aT/5lYFncGaiEVoEQttPLka3SAzgHPVQZs1zD
# bxZkEAFktAFGIjU70fYNkg==
# =H4p7
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 28 Jan 2025 15:12:29 EST
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "[email protected]"
# gpg: Good signature from "Peter Maydell <[email protected]>" [full]
# gpg: aka "Peter Maydell <[email protected]>" [full]
# gpg: aka "Peter Maydell <[email protected]>"
[full]
# gpg: aka "Peter Maydell <[email protected]>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20250128-1' of
https://git.linaro.org/people/pmaydell/qemu-arm: (36 commits)
hw/usb/canokey: Fix buffer overflow for OUT packet
target/arm: Use FPST_A64_F16 for halfprec-to-other conversions
target/arm: Remove redundant advsimd float16 helpers
fpu: Fix a comment in softfloat-types.h
fpu: Rename float_flag_output_denormal to float_flag_output_denormal_flushed
fpu: Rename float_flag_input_denormal to float_flag_input_denormal_flushed
target/arm: Remove now-unused vfp.fp_status_f16 and FPST_FPCR_F16
target/arm: Use FPST_A64_F16 in A64 decoder
target/arm: Use FPST_A32_F16 in A32 decoder
target/arm: Use fp_status_f16_a64 in AArch64-only helpers
target/arm: Use fp_status_f16_a32 in AArch32-only helpers
target/arm: Define new fp_status_f16_a32 and fp_status_f16_a64
target/arm: Remove now-unused vfp.fp_status and FPST_FPCR
target/arm: Use FPST_A64 in A64 decoder
target/arm: Use FPST_A32 in A32 decoder
target/arm: Use fp_status_a32 in vfp_cmp helpers
target/arm: Use fp_status_a32 in vjvct helper
target/arm: Use fp_status_a64 or fp_status_a32 in is_ebf()
target/arm: Use vfp.fp_status_a64 in A64-only helper functions
target/arm: Define new fp_status_a32 and fp_status_a64
...
Signed-off-by: Stefan Hajnoczi <[email protected]>
Commit: 871af84dd599fab68c8ed414d9ecbdb2bcfc5801
https://github.com/qemu/qemu/commit/871af84dd599fab68c8ed414d9ecbdb2bcfc5801
Author: Stefan Hajnoczi <[email protected]>
Date: 2025-01-29 (Wed, 29 Jan 2025)
Changed paths:
M .gitlab-ci.d/buildtest-template.yml
M docs/system/cpu-models-x86.rst.inc
M include/exec/memattrs.h
M rust/hw/char/pl011/src/device.rs
M rust/hw/char/pl011/src/device_class.rs
M rust/hw/char/pl011/src/lib.rs
M rust/hw/char/pl011/src/memory_ops.rs
M rust/qemu-api/src/prelude.rs
M rust/qemu-api/src/qdev.rs
M rust/qemu-api/src/qom.rs
M rust/qemu-api/src/vmstate.rs
M rust/qemu-api/src/zeroable.rs
M rust/qemu-api/tests/tests.rs
M stubs/meson.build
M target/i386/cpu.c
M target/i386/cpu.h
M target/i386/tcg/emit.c.inc
M target/i386/tcg/translate.c
Log Message:
-----------
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* target/i386: optimize string instructions
* target/i386: new Sierra Forest and Clearwater Forest models
* rust: type-safe vmstate implementation
* rust: use interior mutability for PL011
* rust: clean ups
* memtxattrs: remove usage of bitfields from MEMTXATTRS_UNSPECIFIED
* gitlab-ci: enable Rust backtraces
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmeZ6VYUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroMjbQgApuooMOp0z/8Ky4/ux8M8/vrlcNCH
# V1Pm6WzrjEzd9TIMLGr6npOyLOkWI31Aa4o/TuW09SeKE3dpCf/7LYA5VDEtkH79
# F57MgnSj56sMNgu+QZ/SiGvkKJXl+3091jIianrrI0dtX8hPonm6bt55woDvQt3z
# p94+4zzv5G0nc+ncITCDho8sn5itdZWVOjf9n6VCOumMjF4nRSoMkJKYIvjNht6n
# GtjMhYA70tzjkIi4bPyYkhFpMNlAqEDIp2TvPzp6klG5QoUErHIzdzoRTAtE4Dpb
# 7240r6jarQX41TBXGOFq0NrxES1cm5zO/6159D24qZGHGm2hG4nDx+t2jw==
# =ZKFy
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 29 Jan 2025 03:39:50 EST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "[email protected]"
# gpg: Good signature from "Paolo Bonzini <[email protected]>" [full]
# gpg: aka "Paolo Bonzini <[email protected]>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (49 commits)
gitlab-ci: include full Rust backtraces in test runs
rust: qemu-api: add sub-subclass to the integration tests
rust/zeroable: Implement Zeroable with const_zero macro
rust: qdev: make reset take a shared reference
rust: pl011: drop use of ControlFlow
rust: pl011: pull device-specific code out of MemoryRegionOps callbacks
rust: pl011: remove duplicate definitions
rust: pl011: wrap registers with BqlRefCell
rust: pl011: extract PL011Registers
rust: pl011: pull interrupt updates out of read/write ops
rust: pl011: extract CharBackend receive logic into a separate function
rust: pl011: extract conversion to RegisterOffset
rust: pl011: hide unnecessarily "pub" items from outside pl011::device
rust: pl011: remove unnecessary "extern crate"
rust: prefer NonNull::new to assertions
rust: vmstate: make order of parameters consistent in vmstate_clock
rust: vmstate: remove translation of C vmstate macros
rust: pl011: switch vmstate to new-style macros
rust: qemu_api: add vmstate_struct
rust: vmstate: add public utility macros to implement VMState
...
Signed-off-by: Stefan Hajnoczi <[email protected]>
Compare: https://github.com/qemu/qemu/compare/7faf9d2f12ac...871af84dd599
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
