Branch: refs/heads/staging-7.2
Home: https://github.com/qemu/qemu
Commit: 465c50ac0f5c32bc935c9ecac36a896ba94d6a7b
https://github.com/qemu/qemu/commit/465c50ac0f5c32bc935c9ecac36a896ba94d6a7b
Author: Zero Tang <[email protected]>
Date: 2025-08-29 (Fri, 29 Aug 2025)
Changed paths:
M target/i386/tcg/sysemu/svm_helper.c
Log Message:
-----------
i386/tcg/svm: fix incorrect canonicalization
For all 32-bit systems and 64-bit Windows systems, "long" is 4 bytes long.
Due to using "long" for a linear address, svm_canonicalization would
set all high bits to 1 when (assuming 48-bit linear address) the segment
base is bigger than 0x7FFF.
This fixes booting guests under TCG when the guest IDT and GDT bases are
above 0x7FFF, thereby resulting in incorrect bases. When an interrupt
arrives, it would trigger a #PF exception; the #PF would trigger again,
resulting in a #DF exception; the #PF would trigger for the third time,
resulting in triple-fault, and eventually causes a shutdown VM-Exit to
the hypervisor right after guest boot.
Cc: [email protected]
Signed-off-by: Zero Tang <[email protected]>
(cherry picked from commit c12cbaa007c9da97a11e74119ea3aed9fcc3ac4c)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 653217a501a1575eb2aabc2fd4522ab5be62907d
https://github.com/qemu/qemu/commit/653217a501a1575eb2aabc2fd4522ab5be62907d
Author: Akihiko Odaki <[email protected]>
Date: 2025-08-29 (Fri, 29 Aug 2025)
Changed paths:
M hw/net/virtio-net.c
Log Message:
-----------
virtio-net: Add only one queue pair when realizing
Multiqueue usage is not negotiated yet when realizing. If more than
one queue is added and the guest never requests to enable multiqueue,
the extra queues will not be deleted when unrealizing and leak.
Fixes: f9d6dbf0bf6e ("virtio-net: remove virtio queues if the guest doesn't
support multiqueue")
Signed-off-by: Akihiko Odaki <[email protected]>
Signed-off-by: Jason Wang <[email protected]>
(cherry picked from commit 8c49756825dab430b17648637735c2736d23f778)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 361da9bd09bb524da6d1ac07749b4a2d45790c36
https://github.com/qemu/qemu/commit/361da9bd09bb524da6d1ac07749b4a2d45790c36
Author: Akihiko Odaki <[email protected]>
Date: 2025-08-29 (Fri, 29 Aug 2025)
Changed paths:
M hw/net/virtio-net.c
M hw/virtio/virtio.c
M include/hw/virtio/virtio.h
Log Message:
-----------
virtio-net: Add queues before loading them
Call virtio_net_set_multiqueue() to add queues before loading their
states. Otherwise the loaded queues will not have handlers and elements
in them will not be processed.
Cc: [email protected]
Fixes: 8c49756825da ("virtio-net: Add only one queue pair when realizing")
Fixes: 653217a501a1 ("virtio-net: Add only one queue pair when realizing" in
7.2.x)
Reported-by: Laurent Vivier <[email protected]>
Signed-off-by: Akihiko Odaki <[email protected]>
Acked-by: Michael S. Tsirkin <[email protected]>
Signed-off-by: Jason Wang <[email protected]>
(cherry picked from commit 9379ea9db3c0064fa2787db0794a23a30f7b2d2d)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: b3ad24485306e19d0cd08d96211ef033464eb97a
https://github.com/qemu/qemu/commit/b3ad24485306e19d0cd08d96211ef033464eb97a
Author: Akihiko Odaki <[email protected]>
Date: 2025-08-29 (Fri, 29 Aug 2025)
Changed paths:
M hw/net/virtio-net.c
M hw/virtio/virtio.c
M include/hw/virtio/virtio.h
Log Message:
-----------
virtio-net: Add queues for RSS during migration
virtio_net_pre_load_queues() inspects vdev->guest_features to tell if
VIRTIO_NET_F_RSS or VIRTIO_NET_F_MQ is enabled to infer the required
number of queues. This works for VIRTIO_NET_F_MQ but it doesn't for
VIRTIO_NET_F_RSS because only the lowest 32 bits of vdev->guest_features
is set at the point and VIRTIO_NET_F_RSS uses bit 60 while
VIRTIO_NET_F_MQ uses bit 22.
Instead of inferring the required number of queues from
vdev->guest_features, use the number loaded from the vm state. This
change also has a nice side effect to remove a duplicate peer queue
pair change by circumventing virtio_net_set_multiqueue().
Also update the comment in include/hw/virtio/virtio.h to prevent an
implementation of pre_load_queues() from refering to any fields being
loaded during migration by accident in the future.
Fixes: 8c49756825da ("virtio-net: Add only one queue pair when realizing")
Fixes: 653217a501a1 ("virtio-net: Add only one queue pair when realizing" in
7.2.x)
Tested-by: Lei Yang <[email protected]>
Cc: [email protected]
Signed-off-by: Akihiko Odaki <[email protected]>
Signed-off-by: Jason Wang <[email protected]>
(cherry picked from commit adda0ad56bd28d5a809051cbd190fda5798ec4e4)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: e83c6b74110cb83564973d10919e4cbc74a233c4
https://github.com/qemu/qemu/commit/e83c6b74110cb83564973d10919e4cbc74a233c4
Author: Peter Maydell <[email protected]>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
M scripts/kernel-doc
Log Message:
-----------
scripts/kernel-doc: Avoid new Perl precedence warning
Newer versions of Perl (5.41.x and up) emit a warning for code in
kernel-doc:
Possible precedence problem between ! and pattern match (m//) at
/scripts/kernel-doc line 1597.
This is because the code does:
if (!$param =~ /\w\.\.\.$/) {
In Perl, the ! operator has higher precedence than the =~
pattern-match binding, so the effect of this condition is to first
logically-negate the string $param into a true-or-false value and
then try to pattern match it against the regex, which in this case
will always fail. This is almost certainly not what the author
intended.
In the new Python version of kernel-doc in the Linux kernel,
the equivalent code is written:
if KernRe(r'\w\.\.\.$').search(param):
# For named variable parameters of the form `x...`,
# remove the dots
param = param[:-3]
else:
# Handles unnamed variable parameters
param = "..."
which is a more sensible way of writing the behaviour you would
get if you put in brackets to make the regex match first and
then negate the result.
Take this as the intended behaviour, and update the Perl to match.
For QEMU, this produces no change in output, presumably because we
never used the "unnamed variable parameters" syntax.
Cc: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Daniel P. Berrangé <[email protected]>
Reviewed-by: Mauro Carvalho Chehab <[email protected]>
Message-id: [email protected]
(cherry picked from commit 5ffd387e9e0f787744fadaad35e1bf92224b0642)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: c8f0f7c1f3e4e902b37f4b821354d0a638d65737
https://github.com/qemu/qemu/commit/c8f0f7c1f3e4e902b37f4b821354d0a638d65737
Author: Peter Maydell <[email protected]>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
M hw/arm/stm32f205_soc.c
M include/hw/arm/stm32f205_soc.h
Log Message:
-----------
hw/arm/stm32f205_soc: Don't leak TYPE_OR_IRQ objects
In stm32f250_soc_initfn() we mostly use the standard pattern
for child objects of calling object_initialize_child(). However
for s->adc_irqs we call object_new() and then later qdev_realize(),
and we never unref the object on deinit. This causes a leak,
detected by ASAN on the device-introspect-test:
Indirect leak of 10 byte(s) in 1 object(s) allocated from:
#0 0x5b9fc4789de3 in malloc
(/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-arm+0x21f1de3)
(BuildId: 267a2619a026ed91c78a07b1eb2ef15381538efe)
#1 0x740de3f28b09 in g_malloc
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId:
1eb6131419edb83b2178b682829a6913cf682d75)
#2 0x740de3f3e4d8 in g_strdup
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x784d8) (BuildId:
1eb6131419edb83b2178b682829a6913cf682d75)
#3 0x5b9fc70159e1 in g_strdup_inline
/usr/include/glib-2.0/glib/gstrfuncs.h:321:10
#4 0x5b9fc70159e1 in object_property_try_add
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1276:18
#5 0x5b9fc7015f94 in object_property_add
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1294:12
#6 0x5b9fc701b900 in object_add_link_prop
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:2021:10
#7 0x5b9fc701b3fc in object_property_add_link
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:2037:12
#8 0x5b9fc4c299fb in qdev_init_gpio_out_named
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/gpio.c:90:9
#9 0x5b9fc4c29b26 in qdev_init_gpio_out
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/gpio.c:101:5
#10 0x5b9fc4c0f77a in or_irq_init
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/or-irq.c:70:5
#11 0x5b9fc70257e1 in object_init_with_type
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:428:9
#12 0x5b9fc700cd4b in object_initialize_with_type
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:570:5
#13 0x5b9fc700e66d in object_new_with_type
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:774:5
#14 0x5b9fc700e750 in object_new
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:789:12
#15 0x5b9fc68b2162 in stm32f205_soc_initfn
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/arm/stm32f205_soc.c:69:26
Switch to using object_initialize_child() like all our
other child objects for this SoC object.
Cc: [email protected]
Fixes: b63041c8f6b ("STM32F205: Connect the ADC devices")
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
(cherry picked from commit 2e27650bddd35477d994a795a3b1cb57c8ed5c76)
(Mjt: adjust for 7.2, for before qemu_or_irq rename to OrIRQState)
Signed-off-by: Michael Tokarev <[email protected]>
Compare: https://github.com/qemu/qemu/compare/c01efd93cf24...c8f0f7c1f3e4
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
