Branch: refs/heads/staging-7.2
Home: https://github.com/qemu/qemu
Commit: 9e9172ffb48e5402f95ce6a4a69faf04ae486448
https://github.com/qemu/qemu/commit/9e9172ffb48e5402f95ce6a4a69faf04ae486448
Author: Michael Tokarev <[email protected]>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M hw/display/qxl-render.c
Log Message:
-----------
hw/display/qxl-render.c: fix qxl_unpack_chunks() chunk size calculation
In case of multiple chunks, code in qxl_unpack_chunks() takes size of the
wrong (next in the chain) chunk, instead of using current chunk size.
This leads to wrong number of bytes being copied, and to crashes if next
chunk size is larger than the current one.
Based on the code by Gao Yong.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1628
Signed-off-by: Michael Tokarev <[email protected]>
Reviewed-by: Thomas Huth <[email protected]>
(cherry picked from commit b8882becd572d3afb888c836a6ffc7f92c17d1c5)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 489a0714bf1894ceaa341f271382d38e9b8598b3
https://github.com/qemu/qemu/commit/489a0714bf1894ceaa341f271382d38e9b8598b3
Author: Paolo Bonzini <[email protected]>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M target/i386/tcg/decode-new.c.inc
Log Message:
-----------
target/i386: fix width of third operand of VINSERTx128
Table A-5 of the Intel manual incorrectly lists the third operand of
VINSERTx128 as Wqq, but it is actually a 128-bit value. This is
visible when W is a memory operand close to the end of the page.
Fixes the recently-added poly1305_kunit test in linux-next.
(No testcase yet, but I plan to modify test-avx2 to use memory
close to the end of the page. This would work because the test
vectors correctly have the memory operand as xmm2/m128).
Reported-by: Eric Biggers <[email protected]>
Tested-by: Eric Biggers <[email protected]>
Cc: Ard Biesheuvel <[email protected]>
Cc: "Jason A. Donenfeld" <[email protected]>
Cc: Guenter Roeck <[email protected]>
Cc: [email protected]
Fixes: 79068477686 ("target/i386: reimplement 0x0f 0x3a, add AVX", 2022-10-18)
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit feea87cd6b645d5166bdd304aac88f47f63dc2ef)
(Mjt: adjust for 7.2.x due to lack of v8.1.0-2167-ge000687f12
"target/i386: validate VEX.W for AVX instructions")
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 73a4a6432a6ad77e8c70cd8977a38e97e05ea214
https://github.com/qemu/qemu/commit/73a4a6432a6ad77e8c70cd8977a38e97e05ea214
Author: Richard Henderson <[email protected]>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M target/arm/translate-a64.c
Log Message:
-----------
target/arm/sme: Reorg SME access handling in handle_msr_i()
Signed-off-by: Richard Henderson <[email protected]>
Reviewed-by: Fabiano Rosas <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
Message-Id: <[email protected]>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 535ca76425fc1ffa4311b3a47518b06c596a55c6)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: f365f4e3411e091a7248d0b6858084306f7390d3
https://github.com/qemu/qemu/commit/f365f4e3411e091a7248d0b6858084306f7390d3
Author: Richard Henderson <[email protected]>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M target/arm/sme_helper.c
M target/arm/translate-a64.c
Log Message:
-----------
target/arm/sme: Rebuild hflags in set_pstate() helpers
Signed-off-by: Richard Henderson <[email protected]>
Reviewed-by: Fabiano Rosas <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
Message-Id: <[email protected]>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 3c9ee548948870c14235e3fa8fb235c0c1c20822)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: a2f3bbf35e3a1b82ad6bc0fd612e43245a255995
https://github.com/qemu/qemu/commit/a2f3bbf35e3a1b82ad6bc0fd612e43245a255995
Author: Richard Henderson <[email protected]>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M linux-user/aarch64/cpu_loop.c
M linux-user/aarch64/signal.c
M target/arm/cpu.h
M target/arm/helper.c
M target/arm/sme_helper.c
Log Message:
-----------
target/arm/sme: Introduce aarch64_set_svcr()
Signed-off-by: Richard Henderson <[email protected]>
Reviewed-by: Fabiano Rosas <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
Message-Id: <[email protected]>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 2a8af3825958e5d8c98b3ca92ac42a10e25db9e1)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 4f50e20ec33d363816bd2ef43483060785d3f5af
https://github.com/qemu/qemu/commit/4f50e20ec33d363816bd2ef43483060785d3f5af
Author: Richard Henderson <[email protected]>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M linux-user/aarch64/cpu_loop.c
M linux-user/aarch64/signal.c
M target/arm/cpu.h
M target/arm/helper.c
M target/arm/sme_helper.c
Log Message:
-----------
target/arm/sme: Reset SVE state in aarch64_set_svcr()
Move arm_reset_sve_state() calls to aarch64_set_svcr().
Signed-off-by: Richard Henderson <[email protected]>
Reviewed-by: Fabiano Rosas <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
Message-Id: <[email protected]>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 7f2a01e7368f960fadea38f437d0f6de7f249686)
(Mjt: re-apply v7.2.15-32-g3559e90146d8 (v9.2.0-1311-g1edc3d43f20d)
"target/arm: arm_reset_sve_state() should set FPSR, not FPCR"
on top of this one, as it's been picked up for 7.2.x series earlier
with adjustments for this change)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 3629f0840617cc487272a0ef68c686724e617475
https://github.com/qemu/qemu/commit/3629f0840617cc487272a0ef68c686724e617475
Author: Richard Henderson <[email protected]>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M target/arm/helper.c
M target/arm/sme_helper.c
Log Message:
-----------
target/arm/sme: Reset ZA state in aarch64_set_svcr()
Signed-off-by: Richard Henderson <[email protected]>
Reviewed-by: Fabiano Rosas <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
Message-Id: <[email protected]>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit fccb49182e23bd359092f7ab09bc7e60a0fff71a)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 3ece4d8a145716450559c5b256107ba163ff01ef
https://github.com/qemu/qemu/commit/3ece4d8a145716450559c5b256107ba163ff01ef
Author: Richard Henderson <[email protected]>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M linux-user/aarch64/cpu_loop.c
M linux-user/aarch64/signal.c
M target/arm/helper.c
M target/arm/sme_helper.c
Log Message:
-----------
target/arm/sme: Rebuild hflags in aarch64_set_svcr()
Signed-off-by: Richard Henderson <[email protected]>
Reviewed-by: Fabiano Rosas <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
Message-Id: <[email protected]>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit f4318557149184d6dac99e561acabcb602a84ee1)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 7356bc8036324359d46624d691cb748abe473ec9
https://github.com/qemu/qemu/commit/7356bc8036324359d46624d691cb748abe473ec9
Author: Richard Henderson <[email protected]>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M target/arm/helper-sme.h
M target/arm/helper.c
M target/arm/sme_helper.c
M target/arm/translate-a64.c
Log Message:
-----------
target/arm/sme: Unify set_pstate() SM/ZA helpers as set_svcr()
Unify the two helper_set_pstate_{sm,za} in this function.
Do not call helper_* functions from svcr_write.
Signed-off-by: Richard Henderson <[email protected]>
Reviewed-by: Fabiano Rosas <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
Message-Id: <[email protected]>
[PMD: Split patch in multiple tiny steps]
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 5c922ec5b136b452fe9d21e7581c99554ce650ed)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 7b94f67dd0698e9300c1d48301d2d39af4239d78
https://github.com/qemu/qemu/commit/7b94f67dd0698e9300c1d48301d2d39af4239d78
Author: Peter Maydell <[email protected]>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M linux-user/aarch64/signal.c
Log Message:
-----------
linux-user/aarch64: Support TPIDR2_MAGIC signal frame record
FEAT_SME adds the TPIDR2 userspace-accessible system register, which
is used as part of the procedure calling standard's lazy saving
scheme for the ZA registers:
https://github.com/ARM-software/abi-aa/blob/main/aapcs64/aapcs64.rst#66the-za-lazy-saving-scheme
The Linux kernel has a signal frame record for saving
and restoring this value when calling signal handlers, but
we forgot to implement this. The result is that code which
tries to unwind an exception out of a signal handler will
not work correctly.
Add support for the missing record.
Cc: [email protected]
Fixes: 78011586b90d1 ("target/arm: Enable SME for user-only")
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Pierrick Bouvier <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
(cherry picked from commit 99870aff907b1c863cd32558b543f0ab0d0e74ba)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: b662b0e86256de0c029768af6038076dd89bad12
https://github.com/qemu/qemu/commit/b662b0e86256de0c029768af6038076dd89bad12
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M target/mips/tcg/sysemu/cp0_helper.c
Log Message:
-----------
target/mips: Only update MVPControl.EVP bit if executed by master VPE
According to the 'MIPS MT Application-Specific Extension' manual:
If the VPE executing the instruction is not a Master VPE,
with the MVP bit of the VPEConf0 register set, the EVP bit
is unchanged by the instruction.
Modify the DVPE/EVPE opcodes to only update the MVPControl.EVP bit
if executed on a master VPE.
Cc: [email protected]
Reported-by: Hansni Bu
Buglink: https://bugs.launchpad.net/qemu/+bug/1926277
Fixes: f249412c749 ("mips: Add MT halting and waking of VPEs")
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Jiaxun Yang <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit e895095c78ab877d40df2dd31ee79d85757d963b)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: f74d5de0462ef257dfed03b987145ec7ca3a10d3
https://github.com/qemu/qemu/commit/f74d5de0462ef257dfed03b987145ec7ca3a10d3
Author: Luc Michel <[email protected]>
Date: 2025-07-29 (Tue, 29 Jul 2025)
Changed paths:
M hw/net/cadence_gem.c
Log Message:
-----------
hw/net/cadence_gem: fix register mask initialization
The gem_init_register_masks function was called at init time but it
relies on the num-priority-queues property. Call it at realize time
instead.
Cc: [email protected]
Fixes: 4c70e32f05f ("net: cadence_gem: Define access permission for interrupt
registers")
Signed-off-by: Luc Michel <[email protected]>
Reviewed-by: Francisco Iglesias <[email protected]>
Reviewed-by: Sai Pavan Boddu <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit 2bfcd27e00a49da2efa5d703121b94cd9cd4948b)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: e3ac46b4553c239a2a8af94311e2de852042c6ed
https://github.com/qemu/qemu/commit/e3ac46b4553c239a2a8af94311e2de852042c6ed
Author: Zenghui Yu <[email protected]>
Date: 2025-08-05 (Tue, 05 Aug 2025)
Changed paths:
M hw/intc/arm_gicv3_kvm.c
Log Message:
-----------
hw/intc/arm_gicv3_kvm: Write all 1's to clear enable/active
KVM's userspace access interface to the GICD enable and active bits
is via set/clear register pairs which implement the hardware's "write
1s to the clear register to clear the 0 bits, and write 1s to the set
register to set the 1 bits" semantics. We didn't get this right,
because we were writing 0 to the clear register.
Writing 0 to GICD_IC{ENABLE,ACTIVE}R architecturally has no effect on
interrupt status (all writes are simply ignored by KVM) and doesn't
comply with the intention of "first write to the clear-reg to clear
all bits".
Write all 1's to actually clear the enable/active status.
This didn't have any adverse effects on migration because there
we start with a clean VM state; it would be guest-visible when
doing a system reset, but since Linux always cleans up the
register state of the GIC during bootup before it enables it
most users won't have run into a problem here.
Cc: [email protected]
Fixes: 367b9f527bec ("hw/intc/arm_gicv3_kvm: Implement get/put functions")
Signed-off-by: Zenghui Yu <[email protected]>
Message-id: [email protected]
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit b10bd4bd17ac8628ede8735a08ad82dc3b721c64)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: d85e56bc73154236301752f56f665bbf03a87151
https://github.com/qemu/qemu/commit/d85e56bc73154236301752f56f665bbf03a87151
Author: Vacha Bhavsar <[email protected]>
Date: 2025-08-05 (Tue, 05 Aug 2025)
Changed paths:
M target/arm/gdbstub64.c
Log Message:
-----------
target/arm: Fix big-endian handling of NEON gdb remote debugging
In the code for allowing the gdbstub to set the value of an AArch64
FP/SIMD register, we weren't accounting for target_big_endian()
being true. This meant that for aarch64_be-linux-user we would
set the two halves of the FP register the wrong way around.
The much more common case of a little-endian guest is not affected;
nor are big-endian hosts.
Correct the handling of this case.
Cc: [email protected]
Signed-off-by: Vacha Bhavsar <[email protected]>
Message-id: [email protected]
[PMM: added comment, expanded commit message, fixed missing space]
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 35cca0f95ff5345f54c11d116efc8940a0dab8aa)
(Mjt: s/target_big_endian/target_words_bigendian/ due to missing
v10.0.0-277-gb939b8e42a "exec: Rename target_words_bigendian() ->
target_big_endian()")
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 423a3bece9e671386b8667b2b96d4796af9a3a54
https://github.com/qemu/qemu/commit/423a3bece9e671386b8667b2b96d4796af9a3a54
Author: Vacha Bhavsar <[email protected]>
Date: 2025-08-05 (Tue, 05 Aug 2025)
Changed paths:
M target/arm/gdbstub64.c
Log Message:
-----------
target/arm: Fix handling of setting SVE registers from gdb
The code to handle setting SVE registers via the gdbstub is broken:
* it sets each pair of elements in the zregs[].d[] array in the
wrong order for the most common (little endian) case: the least
significant 64-bit value comes first
* it makes no attempt to handle target_endian()
* it does a simple copy out of the (target endian) gdbstub buffer
into the (host endan) zregs data structure, which is wrong on
big endian hosts
Fix all these problems:
* use ldq_p() to read from the gdbstub buffer
* check target_big_endian() to see if we need to handle the
128-bit values the opposite way around
Cc: [email protected]
Signed-off-by: Vacha Bhavsar <[email protected]>
Message-id: [email protected]
[PMM: adjusted commit message, fixed spacing]
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 97b3d732afec9b165c33697452e31267a845338f)
(Mjt: s/target_big_endian/target_words_bigendian/ due to missing
v10.0.0-277-gb939b8e42a "exec: Rename target_words_bigendian() ->
target_big_endian()")
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 7023cde2e4850d0358b438f3ee4def95ac5dff8a
https://github.com/qemu/qemu/commit/7023cde2e4850d0358b438f3ee4def95ac5dff8a
Author: Jamin Lin <[email protected]>
Date: 2025-08-05 (Tue, 05 Aug 2025)
Changed paths:
M hw/ssi/aspeed_smc.c
Log Message:
-----------
hw/ssi/aspeed_smc: Fix incorrect FMC_WDT2 register read on AST1030
On AST1030, reading the FMC_WDT2 register always returns 0xFFFFFFFF.
This issue is due to the aspeed_smc_read function, which checks for the
ASPEED_SMC_FEATURE_WDT_CONTROL feature. Since AST1030 was missing this
feature flag, the read operation fails and returns -1.
To resolve this, add the WDT_CONTROL feature to AST1030's feature set
so that FMC_WDT2 can be correctly accessed by firmware.
Signed-off-by: Jamin Lin <[email protected]>
Reviewed-by: Cédric Le Goater <[email protected]>
Fixes: 2850df6a81bcdc2e063dfdd56751ee2d11c58030 ("aspeed/smc: Add AST1030
support ")
Link:
https://lore.kernel.org/qemu-devel/[email protected]
Signed-off-by: Cédric Le Goater <[email protected]>
(cherry picked from commit 13ed972b4ce57198914a37217251d30fbec20e41)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 64e5f0f93db1ceb142e949041af157fc7d563dbb
https://github.com/qemu/qemu/commit/64e5f0f93db1ceb142e949041af157fc7d563dbb
Author: Werner Fink <[email protected]>
Date: 2025-08-13 (Wed, 13 Aug 2025)
Changed paths:
M tests/qemu-iotests/039.out
M tests/qemu-iotests/061.out
M tests/qemu-iotests/137.out
M tests/qemu-iotests/common.filter
Log Message:
-----------
qemu-iotests: Ignore indentation in Killed messages
New bash 5.3 uses a different padding for reporting job status.
Resolves: boo#1246830
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3050
Signed-off-by: Werner Fink <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Kevin Wolf <[email protected]>
Tested-by: Martin Kletzander <[email protected]>
Signed-off-by: Kevin Wolf <[email protected]>
(cherry picked from commit c0df98ab1f3d348bc05f09d1c093abc529f2b530)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: c01efd93cf243c88abbd06c05e2217a1c4019124
https://github.com/qemu/qemu/commit/c01efd93cf243c88abbd06c05e2217a1c4019124
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-08-13 (Wed, 13 Aug 2025)
Changed paths:
M hw/sd/ssi-sd.c
Log Message:
-----------
hw/sd/ssi-sd: Return noise (dummy byte) when no card connected
Commit 1585ab9f1ba ("hw/sd/sdcard: Fill SPI response bits in card
code") exposed a bug in the SPI adapter: if no SD card is plugged,
we are returning "there is a card with an error". This is wrong,
we shouldn't return any particular packet response, but the noise
shifted on the MISO line. Return the dummy byte, otherwise we get:
qemu-system-riscv64: ../hw/sd/ssi-sd.c:160: ssi_sd_transfer: Assertion
`s->arglen > 0' failed.
Reported-by: Guenter Roeck <[email protected]>
Fixes: 775616c3ae8 ("Partial SD card SPI mode support")
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Tested-by: Guenter Roeck <[email protected]>
Reviewed-by: Alex Bennée <[email protected]>
Reviewed-by: Gustavo Romero <[email protected]>
Tested-by: Alex Bennée <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit e262646e12acd6c1132e03d57fea20680a503251)
Signed-off-by: Michael Tokarev <[email protected]>
Compare: https://github.com/qemu/qemu/compare/5a6481389d93...c01efd93cf24
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
