Branch: refs/heads/staging-10.0
Home: https://github.com/qemu/qemu
Commit: 3af56fc07fa3c2d8170d9271762ab6d3ba115779
https://github.com/qemu/qemu/commit/3af56fc07fa3c2d8170d9271762ab6d3ba115779
Author: Ewan Hai <[email protected]>
Date: 2025-04-24 (Thu, 24 Apr 2025)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
target/i386: Fix model number of Zhaoxin YongFeng vCPU template
The model number was mistakenly set to 0x0b (11) in commit ff04bc1ac4.
The correct value is 0x5b. This mistake occurred because the extended
model bits in cpuid[eax=0x1].eax were overlooked, and only the base
model was used.
Using the wrong model number can affect guest behavior. One known issue
is that vPMU (which relies on the model number) may fail to operate
correctly.
This patch corrects the model field by introducing a new vCPU version.
Fixes: ff04bc1ac4 ("target/i386: Introduce Zhaoxin Yongfeng CPU model")
Signed-off-by: Ewan Hai <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit 280712b78781c43511d6286d40f9a518a4de25ff)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 86ffc25d3590bedac3fe00d6e2a5613ab89a5d68
https://github.com/qemu/qemu/commit/86ffc25d3590bedac3fe00d6e2a5613ab89a5d68
Author: Maciej S. Szmigiero <[email protected]>
Date: 2025-04-24 (Thu, 24 Apr 2025)
Changed paths:
M accel/kvm/kvm-all.c
Log Message:
-----------
target/i386: Reset parked vCPUs together with the online ones
Commit 3f2a05b31ee9 ("target/i386: Reset TSCs of parked vCPUs too on VM
reset") introduced a way to reset TSCs of parked vCPUs during VM reset to
prevent them getting desynchronized with the online vCPUs and therefore
causing the KVM PV clock to lose PVCLOCK_TSC_STABLE_BIT.
The way this was done was by registering a parked vCPU-specific QEMU reset
callback via qemu_register_reset().
However, it turns out that on particularly device-rich VMs QEMU reset
callbacks can take a long time to execute (which isn't surprising,
considering that they involve resetting all of VM devices).
In particular, their total runtime can exceed the 1-second TSC
synchronization window introduced in KVM commit 5d3cb0f6a8e3 ("KVM:
Improve TSC offset matching").
Since the TSCs of online vCPUs are only reset from "synchronize_post_reset"
AccelOps handler (which runs after all qemu_register_reset() handlers) this
essentially makes that fix ineffective on these VMs.
The easiest way to guarantee that these parked vCPUs are reset at the same
time as the online ones (regardless how long it takes for VM devices to
reset) is to piggyback on post-reset vCPU synchronization handler for one
of online vCPUs - as there is no generic post-reset AccelOps handler that
isn't per-vCPU.
The first online vCPU was selected for that since it is easily available
under "first_cpu" define.
This does not create an ordering issue since the order of vCPU TSC resets
does not matter.
Fixes: 3f2a05b31ee9 ("target/i386: Reset TSCs of parked vCPUs too on VM reset")
Signed-off-by: Maciej S. Szmigiero <[email protected]>
Link:
https://lore.kernel.org/r/e8b85a5915f79aa177ca49eccf0e9b534470c1cd.1743099810.git.maciej.szmigi...@oracle.com
Cc: [email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit f6b5f71f04529d3f56b35f91badac9f5e7e225ca)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 00a5dc28994e96f71a4aa7ad4273af9581f4f289
https://github.com/qemu/qemu/commit/00a5dc28994e96f71a4aa7ad4273af9581f4f289
Author: Paolo Bonzini <[email protected]>
Date: 2025-04-24 (Thu, 24 Apr 2025)
Changed paths:
M target/i386/hvf/x86_flags.c
Log Message:
-----------
target/i386/hvf: fix lflags_to_rflags
Clear the flags before adding in the ones computed from lflags.
Cc: Wei Liu <[email protected]>
Cc: [email protected]
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit 94a159f3dc737d00749cc930adaec112abe07b3c)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 2da497fd4fc0a5e09432443c6470c6e673e025d1
https://github.com/qemu/qemu/commit/2da497fd4fc0a5e09432443c6470c6e673e025d1
Author: Richard Henderson <[email protected]>
Date: 2025-04-24 (Thu, 24 Apr 2025)
Changed paths:
M target/avr/insn.decode
M target/avr/translate.c
Log Message:
-----------
target/avr: Improve decode of LDS, STS
The comment about not being able to define a field with
zero bits is out of date since 94597b6146f3
("decodetree: Allow !function with no input bits").
This fixes the missing load of imm in the disassembler.
Cc: [email protected]
Fixes: 9d8caa67a24 ("target/avr: Add support for disassembling via option '-d
in_asm'")
Reviewed-by: Pierrick Bouvier <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
(cherry picked from commit 6b661b7ed7cd02c54a78426d5eb7dd8543b030ed)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 94da90b8c7fa949ae3f61c254ee90b04889c016e
https://github.com/qemu/qemu/commit/94da90b8c7fa949ae3f61c254ee90b04889c016e
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-04-29 (Tue, 29 Apr 2025)
Changed paths:
M hw/core/machine-qmp-cmds.c
M target/ppc/cpu_init.c
Log Message:
-----------
hw/core: Get default_cpu_type calling machine_class_default_cpu_type()
Since commit 62b4a227a33 the default cpu type can come from the
valid_cpu_types[] array. Call the machine_class_default_cpu_type()
instead of accessing MachineClass::default_cpu_type field.
Cc: [email protected]
Fixes: 62b4a227a33 ("hw/core: Add machine_class_default_cpu_type()")
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Pierrick Bouvier <[email protected]>
Reviewed-by: Zhao Liu <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit d5f241834be1b323ea697a469ff0f1335a1823fe)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: dbbb444d72f7c7b251e9b88185d9b8fc2a468efa
https://github.com/qemu/qemu/commit/dbbb444d72f7c7b251e9b88185d9b8fc2a468efa
Author: Peter Maydell <[email protected]>
Date: 2025-04-29 (Tue, 29 Apr 2025)
Changed paths:
M include/hw/core/cpu.h
Log Message:
-----------
hw/core/cpu: gdb_arch_name string should not be freed
The documentation for the CPUClass::gdb_arch_name method claims that
the returned string should be freed with g_free(). This is not
correct: in commit a650683871ba728 we changed this method to
instead return a simple constant string, but forgot to update
the documentation.
Make the documentation match the new semantics.
Fixes: a650683871ba728 ("hw/core/cpu: Return static value with gdb_arch_name()")
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Alex Bennée <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit 56a9f0d4c4a483ce217e5290db69cb1788586787)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: e60bbdad934c619d1d325b68f51497f740fe1888
https://github.com/qemu/qemu/commit/e60bbdad934c619d1d325b68f51497f740fe1888
Author: Hauke Mehrtens <[email protected]>
Date: 2025-04-29 (Tue, 29 Apr 2025)
Changed paths:
M target/mips/tcg/mips16e_translate.c.inc
Log Message:
-----------
target/mips: Fix MIPS16e translation
Fix a wrong conversion to gen_op_addr_addi(). The framesize should be
added like it was done before.
This bug broke booting OpenWrt MIPS32 BE malta Linux system images
generated by OpenWrt.
Cc: [email protected]
Fixes: d0b24b7f50e1 ("target/mips: Use gen_op_addr_addi() when possible")
Signed-off-by: Hauke Mehrtens <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit d4a785ba30ce6d8acf0206f049fb4a7494e0898a)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 7bff88a745e6d1cecbdbabf6691d412394171037
https://github.com/qemu/qemu/commit/7bff88a745e6d1cecbdbabf6691d412394171037
Author: Akihiko Odaki <[email protected]>
Date: 2025-04-29 (Tue, 29 Apr 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson: Use has_header_symbol() to check getcpu()
The use of gnu_source_prefix in the detection of getcpu() was
ineffective because the header file that declares getcpu() when
_GNU_SOURCE is defined was not included. Pass sched.h to
has_header_symbol() so that the existence of the declaration will be
properly checked.
Cc: [email protected]
Signed-off-by: Akihiko Odaki <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Tested-by: Philippe Mathieu-Daudé <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit 563cd698dffb977eea0ccfef3b95f6f9786766f3)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 1604055e4e8ccf37ad0a27a4fcf6985201ff00ae
https://github.com/qemu/qemu/commit/1604055e4e8ccf37ad0a27a4fcf6985201ff00ae
Author: Akihiko Odaki <[email protected]>
Date: 2025-04-29 (Tue, 29 Apr 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson: Remove CONFIG_STATX and CONFIG_STATX_MNT_ID
CONFIG_STATX and CONFIG_STATX_MNT_ID are not used since commit
e0dc2631ec4 ("virtiofsd: Remove source").
Cc: [email protected]
Signed-off-by: Akihiko Odaki <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Tested-by: Philippe Mathieu-Daudé <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit 6804b89fb531f5dd49c1e038214c89272383e220)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: e1ccfea380ceafed77269735eee4b3b862dc8b6f
https://github.com/qemu/qemu/commit/e1ccfea380ceafed77269735eee4b3b862dc8b6f
Author: Akihiko Odaki <[email protected]>
Date: 2025-04-29 (Tue, 29 Apr 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson: Share common C source prefixes
gnu_source_prefix defines _GNU_SOURCE for compiler object functions.
The definition is universally available in the code base.
docs/devel/style.rst also says that the "qemu/osdep.h" header is
always included, so files included in the file is also universally
available in the code base.
Rename gnu_source_prefix to osdep_prefix, and add #include directives
that are referred by the users of gnu_source_prefix and contained in
qemu/osdep.h to safely de-duplicate #include directives.
Cc: [email protected]
Signed-off-by: Akihiko Odaki <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Tested-by: Philippe Mathieu-Daudé <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit 797150d69d2edba8b1bd4a7d8c7ba2df1219c503)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 8a9a7193143a75c54eb6c184e583c5c2b8935f18
https://github.com/qemu/qemu/commit/8a9a7193143a75c54eb6c184e583c5c2b8935f18
Author: Akihiko Odaki <[email protected]>
Date: 2025-04-29 (Tue, 29 Apr 2025)
Changed paths:
M meson.build
Log Message:
-----------
meson: Use osdep_prefix for strchrnul()
macOS SDK may have the symbol of strchrnul(), but it is actually
available only on macOS 15.4 or later and that fact is codified in
string.h. Include the header file using osdep_prefix to check if the
function is available on the deployment target.
Cc: [email protected]
Signed-off-by: Akihiko Odaki <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Tested-by: Philippe Mathieu-Daudé <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit a5b30be534538dc6e44a68ce9734e45dd08f52ec)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 86b846f9027ff5bcdff06a6a64d3d99ae3469150
https://github.com/qemu/qemu/commit/86b846f9027ff5bcdff06a6a64d3d99ae3469150
Author: Richard Henderson <[email protected]>
Date: 2025-05-07 (Wed, 07 May 2025)
Changed paths:
M accel/tcg/translate-all.c
Log Message:
-----------
accel/tcg: Don't use TARGET_LONG_BITS in decode_sleb128
When we changed decode_sleb128 from target_long to
int64_t, we failed to adjust the shift limit.
Cc: [email protected]
Fixes: c9ad8d27caa ("tcg: Widen gen_insn_data to uint64_t")
Reviewed-by: Pierrick Bouvier <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
(cherry picked from commit 9401f91b9b0c46886388735b3f2033a9c254895a)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 07f034c7f4f8a57068fbedce4891a60e5b4469f5
https://github.com/qemu/qemu/commit/07f034c7f4f8a57068fbedce4891a60e5b4469f5
Author: Tim Lee <[email protected]>
Date: 2025-05-08 (Thu, 08 May 2025)
Changed paths:
M hw/arm/npcm8xx_boards.c
Log Message:
-----------
hw/arm/npcm8xx_boards: Correct valid_cpu_types setting of NPCM8XX SoC
NPCM8XX SoC is the successor of the NPCM7XX. It features quad-core
Cortex-A35 (Armv8, 64-bit) CPUs and some additional peripherals.
Correct the `valid_cpu_types` setting to match the NPCM8XX SoC.
Cc: [email protected]
Fixes: 7e70eb3cad7c83 ("hw/arm: Add NPCM845 Evaluation board")
Signed-off-by: Tim Lee <[email protected]>
Message-id: [email protected]
Reviewed-by: Peter Maydell <[email protected]>
Reviewed-by: Tyrone Ting <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 97cdd1b0a7a010702a1d118b74c3af3bb2edb35c)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: ac32612b93343a9eb4af2dbac8ecaa9e596dcc27
https://github.com/qemu/qemu/commit/ac32612b93343a9eb4af2dbac8ecaa9e596dcc27
Author: Peter Maydell <[email protected]>
Date: 2025-05-08 (Thu, 08 May 2025)
Changed paths:
M target/arm/tcg/translate.c
Log Message:
-----------
target/arm: Don't assert() for ISB/SB inside IT block
If the guest code has an ISB or SB insn inside an IT block, we
generate incorrect code which trips a TCG assertion:
qemu-system-arm: ../tcg/tcg-op.c:3343: void tcg_gen_goto_tb(unsigned int):
Assertion `(tcg_ctx->goto_tb_issue_mask & (1 << idx)) == 0' failed.
This is because we call gen_goto_tb(dc, 1, ...) twice:
brcond_i32 ZF,$0x0,ne,$L1
add_i32 pc,pc,$0x4
goto_tb $0x1
exit_tb $0x73d948001b81
set_label $L1
add_i32 pc,pc,$0x4
goto_tb $0x1
exit_tb $0x73d948001b81
Both calls are in arm_tr_tb_stop(), one for the
DISAS_NEXT/DISAS_TOO_MANY handling, and one for the dc->condjump
condition-failed codepath. The DISAS_NEXT handling doesn't have this
problem because arm_post_translate_insn() does the handling of "emit
the label for the condition-failed conditional execution" and so
arm_tr_tb_stop() doesn't have dc->condjump set. But for
DISAS_TOO_MANY we don't do that.
Fix the bug by making arm_post_translate_insn() handle the
DISAS_TOO_MANY case. This only affects the SB and ISB insns when
used in Thumb mode inside an IT block: only these insns specifically
set is_jmp to TOO_MANY, and their A32 encodings are unconditional.
For the major TOO_MANY case (breaking the TB because it would cross a
page boundary) we do that check and set is_jmp to TOO_MANY only after
the call to arm_post_translate_insn(); so arm_post_translate_insn()
sees is_jmp == DISAS_NEXT, and we emit the correct code for that
situation.
With this fix we generate the somewhat more sensible set of TCG ops:
brcond_i32 ZF,$0x0,ne,$L1
set_label $L1
add_i32 pc,pc,$0x4
goto_tb $0x1
exit_tb $0x7c5434001b81
(NB: the TCG optimizer doesn't optimize out the jump-to-next, but
we can't really avoid emitting it because we don't know at the
point we're emitting the handling for the condexec check whether
this insn is going to happen to be a nop for us or not.)
Cc: [email protected]
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/2942
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
(cherry picked from commit 8ed7c0b6488a7f20318d6ba414f1cbcd0ed92afe)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: be7b08eb9f5b352f8e805fc8eca07d186e3fff15
https://github.com/qemu/qemu/commit/be7b08eb9f5b352f8e805fc8eca07d186e3fff15
Author: Peter Maydell <[email protected]>
Date: 2025-05-08 (Thu, 08 May 2025)
Changed paths:
M docs/devel/codebase.rst
M docs/system/qemu-block-drivers.rst.inc
Log Message:
-----------
docs: Don't define duplicate label in qemu-block-drivers.rst.inc
Sphinx requires that labels within documents are unique across the
whole manual. This is because the "create a hyperlink" directive
specifies only the name of the label, not a filename+label. Some
Sphinx versions will warn about duplicate labels, but even if there
is no warning there is still an ambiguity and no guarantee that the
hyperlink will be created to the right target.
For QEMU this is awkward, because we have various .rst.inc fragments
which we include into multiple .rst files. If you define a label in
the .rst.inc file then it will be a duplicate label. We have mostly
worked around this by not putting labels into those .rst.inc files,
or by adding "insert a label" functionality into the hxtool extension
(see commit 1eeb432a953b0 "doc/sphinx/hxtool.py: add optional label
argument to SRST directive").
Unfortunately in commit 7f6314427e78 ("docs/devel: add a codebase
section") we accidentally added a duplicate label, because not all
Sphinx versions warn about the mistake.
In this case the link was only from the developer docs codebase
summary, so as the simplest fix for the stable branch, we drop
the link entirely.
Cc: [email protected]
Fixes: 1eeb432a953b0 "doc/sphinx/hxtool.py: add optional label argument to SRST
directive"
Reported-by: Dario Faggioli <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Acked-by: Eric Blake <[email protected]>
Reviewed-by: Pierrick Bouvier <[email protected]>
Message-id: [email protected]
(cherry picked from commit 82707dd4f07613eed8d639956a43bddffca5cd5c)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 01a9f1a6c5ea7275f35fbdfe60401ff4d21ec609
https://github.com/qemu/qemu/commit/01a9f1a6c5ea7275f35fbdfe60401ff4d21ec609
Author: Bernhard Beschow <[email protected]>
Date: 2025-05-08 (Thu, 08 May 2025)
Changed paths:
M hw/gpio/imx_gpio.c
Log Message:
-----------
hw/gpio/imx_gpio: Fix interpretation of GDIR polarity
According to the i.MX 8M Plus reference manual, a GPIO pin is
configured as an output when the corresponding bit in the GDIR
register is set. The function imx_gpio_set_int_line() is intended to
be a no-op if the pin is configured as an output, returning early in
such cases. However, it inverts the condition. Fix this by
returning early when the bit is set.
cc: [email protected]
Fixes: f44272809779 ("i.MX: Add GPIO device")
Signed-off-by: Bernhard Beschow <[email protected]>
Message-id: [email protected]
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit eba837a31b9579e30cc6d7ecb4b5c2662a6ffaba)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: f60033d3794427dfef30b2b1cd3485d3df459737
https://github.com/qemu/qemu/commit/f60033d3794427dfef30b2b1cd3485d3df459737
Author: Paolo Bonzini <[email protected]>
Date: 2025-05-08 (Thu, 08 May 2025)
Changed paths:
M target/i386/tcg/emit.c.inc
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: do not trigger IRQ shadow for LSS
Because LSS need not trigger an IRQ shadow, gen_movl_seg can't just use
the destination register to decide whether to inhibit IRQs. Add an
argument.
Cc: [email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit e54ef98c8a80d16158bab4341d9a898701270528)
(back-ported to 10.0)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 827be9d37aa83ffc3a7489c73d4f4d11c4dba913
https://github.com/qemu/qemu/commit/827be9d37aa83ffc3a7489c73d4f4d11c4dba913
Author: Paolo Bonzini <[email protected]>
Date: 2025-05-08 (Thu, 08 May 2025)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: do not block singlestep for STI
STI will trigger a singlestep exception even if it has inhibit-IRQ
behavior. Do not suppress single-step for all IRQ-inhibiting
instructions, instead special case MOV SS and POP SS.
Cc: [email protected]
Fixes: f0f0136abba ("target/i386: no single-step exception after MOV or POP
SS", 2024-05-25)
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit 1e94ddc6854431064c94a7d8f2f2886def285829)
Signed-off-by: Michael Tokarev <[email protected]>
Compare: https://github.com/qemu/qemu/compare/3af56fc07fa3%5E...827be9d37aa8
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
