Branch: refs/heads/staging-7.2
Home: https://github.com/qemu/qemu
Commit: 978cd0679d0de6a0a0a3e85177f72eb89a35e513
https://github.com/qemu/qemu/commit/978cd0679d0de6a0a0a3e85177f72eb89a35e513
Author: Daniel Xu <[email protected]>
Date: 2025-09-03 (Wed, 03 Sep 2025)
Changed paths:
M qga/commands.c
Log Message:
-----------
qga: Fix memory leak when output stream is unused
If capture-output is requested but one of the channels goes unused (eg.
we attempt to capture stderr but the command never writes to stderr), we
can leak memory.
guest_exec_output_watch() is (from what I understand) unconditionally
called for both streams if output capture is requested. The first call
will always pass the `p->size == p->length` check b/c both values are
0. Then GUEST_EXEC_IO_SIZE bytes will be allocated for the stream.
But when we reap the exited process there's a `gei->err.length > 0`
check to actually free the buffer. Which does not get run if the command
doesn't write to the stream.
Fix by making free() unconditional.
Reviewed-by: Konstantin Kostiuk <[email protected]>
Signed-off-by: Daniel Xu <[email protected]>
Signed-off-by: Konstantin Kostiuk <[email protected]>
(cherry picked from commit d6f67b83b81bf49b5c62e77143ed39c020e51830)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: b0e24a476e0ff5f0cabdf67162def77ba8c3e242
https://github.com/qemu/qemu/commit/b0e24a476e0ff5f0cabdf67162def77ba8c3e242
Author: minglei.liu <[email protected]>
Date: 2025-09-03 (Wed, 03 Sep 2025)
Changed paths:
M qga/commands.c
Log Message:
-----------
qga: Fix truncated output handling in guest-exec status reporting
Signed-off-by: minglei.liu <[email protected]>
Fixes: a1853dca743
Reviewed-by: Daniel P. Berrangé <[email protected]>
Reviewed-by: Kostiantyn Kostiuk <[email protected]>
Link:
https://lore.kernel.org/qemu-devel/[email protected]
Signed-off-by: Kostiantyn Kostiuk <[email protected]>
(cherry picked from commit 28c5d27dd4dc4100a96ff4c9e5871dd23c6b02ec)
Signed-off-by: Michael Tokarev <[email protected]>
(cherry picked from commit 294b0b09b0adc00930cb97534723c8079f5c7dc4)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 481a906e503a324d5f9750a7aa199f61d76c5504
https://github.com/qemu/qemu/commit/481a906e503a324d5f9750a7aa199f61d76c5504
Author: Laurent Vivier <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M hw/net/e1000e_core.c
Log Message:
-----------
e1000e: Prevent crash from legacy interrupt firing after MSI-X enable
A race condition between guest driver actions and QEMU timers can lead
to an assertion failure when the guest switches the e1000e from legacy
interrupt mode to MSI-X. If a legacy interrupt delay timer (TIDV or
RDTR) is active, but the guest enables MSI-X before the timer fires,
the pending interrupt cause can trigger an assert in
e1000e_intmgr_collect_delayed_causes().
This patch removes the assertion and executes the code that clears the
pending legacy causes. This change is safe and introduces no unintended
behavioral side effects, as it only alters a state that previously led
to termination.
- when core->delayed_causes == 0 the function was already a no-op and
remains so.
- when core->delayed_causes != 0 the function would previously
crash due to the assertion failure. The patch now defines a safe
outcome by clearing the cause and returning. Since behavior after
the assertion never existed, this simply corrects the crash.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1863
Suggested-by: Akihiko Odaki <[email protected]>
Signed-off-by: Laurent Vivier <[email protected]>
Acked-by: Jason Wang <[email protected]>
Reviewed-by: Akihiko Odaki <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit 8e4649cac9bcddc050d2df07908075e9e69bccc7)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 7d17a095cd830811d6093097514f62698c891c6d
https://github.com/qemu/qemu/commit/7d17a095cd830811d6093097514f62698c891c6d
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M linux-user/mips/target_elf.h
Log Message:
-----------
linux-user/mips: Use P5600 as default CPU to run NaN2008 ELF binaries
Per the release 6.06 revision history:
5.03 August 21, 2013
• ABS2008 and NAN2008 fields of Table 5.7 “FCSR RegisterField
Descriptions” were optional in release 3 and could be R/W,
but as of release 5 are required, read-only, and preset by
hardware.
The P5600 core implements the release 5, and has the ABS2008
and NAN2008 bits set in CP1_fcr31. Therefore it is able to run
ELF binaries compiled with EF_MIPS_NAN2008, such the CIP United
Debian NaN2008 distribution:
http://repo.oss.cipunited.com/mipsel-nan2008/README.txt
In order to run such compiled binaries, select by default the
P5600 core when the ELF 'MIPS_NAN2008' flag is set.
Reported-by: Jiaxun Yang <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Acked-by: Laurent Vivier <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit 450cb7ec2c5fda51b9650ca25e59ac9deeb60d1b)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 3e8130da7c97cd6598a9bbabda278e05fac75781
https://github.com/qemu/qemu/commit/3e8130da7c97cd6598a9bbabda278e05fac75781
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M linux-user/mips/target_elf.h
M linux-user/mips64/target_elf.h
Log Message:
-----------
linux-user/mips: Do not try to use removed R5900 CPU
R5900 emulation was removed in commit 823f2897bd.
Remove it from ELF parsing in order to avoid:
$ qemu-mipsn32 ./test5900
qemu-mipsn32: unable to find CPU model 'R5900'
This reverts commit 4d9e5a0eb7df6e98ac6cf5e16029f35dd05b9537.
Fixes: 823f2897bd ("target/mips: Disable R5900 support")
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit f7e3d7521b41ada97c5344914d3c9bc6ed04c82a)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 284955358c6fafc1d9ea9678b76cc743653b7ab8
https://github.com/qemu/qemu/commit/284955358c6fafc1d9ea9678b76cc743653b7ab8
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M include/elf.h
Log Message:
-----------
elf: Add EF_MIPS_ARCH_ASE definitions
Include MIPS ASE ELF definitions from binutils:
https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=include/elf/mips.h;h=4fc190f404d828ded84e621bfcece5fa9f9c23c8;hb=HEAD#l210
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit 14ab44b96d5bf761af81cc723314ef5ecf73ed17)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: ba9e0120f58d5efef025eaad906e1a91c12097a5
https://github.com/qemu/qemu/commit/ba9e0120f58d5efef025eaad906e1a91c12097a5
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M linux-user/mips/target_elf.h
Log Message:
-----------
linux-user/mips: Select 74Kf CPU to run MIPS16e binaries
The 74Kf is our latest CPU supporting MIPS16e ASE.
Note, currently QEMU doesn't have 64-bit CPU supporting MIPS16e ASE.
Cc: [email protected]
Fixes: 6ea219d0196..d19954f46df ("target-mips: MIPS16 support")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3054
Reported-by: Justin Applegate <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit 7a09b3cc70ab6d717b18dec5c5995f7a06af4593)
(Mjt: in 10.1 and before the code is in linux-user/mips/target_elf.h)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 4f932b853db15ab16b4460936dab90ac283bf074
https://github.com/qemu/qemu/commit/4f932b853db15ab16b4460936dab90ac283bf074
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M linux-user/mips/target_elf.h
Log Message:
-----------
linux-user/mips: Select M14Kc CPU to run microMIPS binaries
The M14Kc is our latest CPU supporting the microMIPS ASE.
Note, currently QEMU doesn't have 64-bit CPU supporting microMIPS ASE.
Cc: [email protected]
Fixes: 3c824109da0 ("target-mips: microMIPS ASE support")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3054
Reported-by: Justin Applegate <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit 51c3aebfda6489b49cebef593a1ceb597cb97a7e)
(Mjt: in 10.1 and before, the code is in linux-user/mips/target_elf.h)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 1ff7990350d447560369a3f9b748cb8dd26b3bf2
https://github.com/qemu/qemu/commit/1ff7990350d447560369a3f9b748cb8dd26b3bf2
Author: Denis Rastyogin <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M target/mips/tcg/sysemu/tlb_helper.c
Log Message:
-----------
target/mips: fix TLB huge page check to use 64-bit shift
Use extract64(entry, psn, 1) instead of (entry & (1 << psn)) to avoid
undefined behavior for shifts by 32–63 and to make bit extraction intent
explicit.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Denis Rastyogin <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit 1f82ca723478f44823a18e7151e487d58da03659)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 679606038b8d00cf9c7095cd4bb0f3cd2f3fca23
https://github.com/qemu/qemu/commit/679606038b8d00cf9c7095cd4bb0f3cd2f3fca23
Author: Michael Tokarev <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M block/curl.c
Log Message:
-----------
block/curl: fix curl internal handles handling
block/curl.c uses CURLMOPT_SOCKETFUNCTION to register a socket callback.
According to the documentation, this callback is called not just with
application-created sockets but also with internal curl sockets, - and
for such sockets, user data pointer is not set by the application, so
the result qemu crashing.
Pass BDRVCURLState directly to the callback function as user pointer,
instead of relying on CURLINFO_PRIVATE.
This problem started happening with update of libcurl from 8.9 to 8.10 --
apparently with this change curl started using private handles more.
(CURLINFO_PRIVATE is used in one more place, in curl_multi_check_completion() -
it might need a similar fix too)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3081
Cc: [email protected]
Reviewed-by: Daniel P. Berrangé <[email protected]>
Signed-off-by: Michael Tokarev <[email protected]>
(cherry picked from commit 606978500c3d18fb89a49844f253097b17f757de)
Signed-off-by: Michael Tokarev <[email protected]>
Compare: https://github.com/qemu/qemu/compare/c8f0f7c1f3e4...679606038b8d
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
