Branch: refs/heads/staging-10.0
Home: https://github.com/qemu/qemu
Commit: e2d0c64a0f5ee60d96330034019f4223d503b4f0
https://github.com/qemu/qemu/commit/e2d0c64a0f5ee60d96330034019f4223d503b4f0
Author: Paolo Bonzini <[email protected]>
Date: 2025-08-29 (Fri, 29 Aug 2025)
Changed paths:
M python/scripts/mkvenv.py
Log Message:
-----------
python: mkvenv: fix messages printed by mkvenv
The new Matcher class does not have a __str__ implementation, and therefore
it prints the debugging representation of the internal object:
$ ../configure --enable-rust && make qemu-system-arm --enable-download
python determined to be '/usr/bin/python3'
python version: Python 3.13.6
mkvenv: Creating non-isolated virtual environment at 'pyvenv'
mkvenv: checking for LegacyMatcher('meson>=1.5.0')
mkvenv: checking for LegacyMatcher('pycotap>=1.1.0')
Add the method to print the nicer
mkvenv: checking for meson>=1.5.0
mkvenv: checking for pycotap>=1.1.0
Cc: [email protected]
Cc: John Snow <[email protected]>
Reviewed-by: Manos Pitsidianakis <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
(cherry picked from commit ab85146ac4c6527d6d975afbd3157488cb42147f)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 579a0cc0e6dcf9f6bf06a33bef44cee90c989ccf
https://github.com/qemu/qemu/commit/579a0cc0e6dcf9f6bf06a33bef44cee90c989ccf
Author: Zero Tang <[email protected]>
Date: 2025-08-29 (Fri, 29 Aug 2025)
Changed paths:
M target/i386/tcg/system/svm_helper.c
Log Message:
-----------
i386/tcg/svm: fix incorrect canonicalization
For all 32-bit systems and 64-bit Windows systems, "long" is 4 bytes long.
Due to using "long" for a linear address, svm_canonicalization would
set all high bits to 1 when (assuming 48-bit linear address) the segment
base is bigger than 0x7FFF.
This fixes booting guests under TCG when the guest IDT and GDT bases are
above 0x7FFF, thereby resulting in incorrect bases. When an interrupt
arrives, it would trigger a #PF exception; the #PF would trigger again,
resulting in a #DF exception; the #PF would trigger for the third time,
resulting in triple-fault, and eventually causes a shutdown VM-Exit to
the hypervisor right after guest boot.
Cc: [email protected]
Signed-off-by: Zero Tang <[email protected]>
(cherry picked from commit c12cbaa007c9da97a11e74119ea3aed9fcc3ac4c)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: e13578488daadf36f91efbfd69047f932647e9ae
https://github.com/qemu/qemu/commit/e13578488daadf36f91efbfd69047f932647e9ae
Author: Joel Stanley <[email protected]>
Date: 2025-08-29 (Fri, 29 Aug 2025)
Changed paths:
M linux-user/strace.list
Log Message:
-----------
linux-user: Add strace for rseq
build/qemu-riscv64 -cpu rv64,v=on -d strace
build/tests/tcg/riscv64-linux-user/test-vstart-overflow
1118081 riscv_hwprobe(0xffffbc038200,1,0,0,0,0) = 0
1118081 brk(NULL) = 0x0000000000085000
1118081 brk(0x0000000000085b00) = 0x0000000000085b00
1118081 set_tid_address(0x850f0) = 1118081
1118081 set_robust_list(0x85100,24) = -1 errno=38 (Function not implemented)
1118081 rseq(0x857c0,32,0,0xf1401073) = -1 errno=38 (Function not implemented)
Signed-off-by: Joel Stanley <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
(cherry picked from commit f91563d011a0439cd6709e169cdfac268779d562)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: aeb1bc0d21c8f367476589eb3984a9707ceb67fa
https://github.com/qemu/qemu/commit/aeb1bc0d21c8f367476589eb3984a9707ceb67fa
Author: Steve Sistare <[email protected]>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
M hw/intc/arm_gicv3_kvm.c
M include/hw/intc/arm_gicv3_common.h
Log Message:
-----------
hw/intc/arm_gicv3_kvm: preserve pending interrupts during cpr
Close a race condition that causes cpr-transfer to lose VFIO
interrupts on ARM.
CPR stops VCPUs but does not disable VFIO interrupts, which may continue
to arrive throughout the transition to new QEMU.
CPR calls kvm_irqchip_remove_irqfd_notifier_gsi in old QEMU to force
future interrupts to the producer eventfd, where they are preserved.
Old QEMU then destroys the old KVM instance. However, interrupts may
already be pending in KVM state. To preserve them, call ioctl
KVM_DEV_ARM_VGIC_SAVE_PENDING_TABLES to flush them to guest RAM, where
they will be picked up when the new KVM+VCPU instance is created.
Cc: [email protected]
Signed-off-by: Steve Sistare <[email protected]>
Reviewed-by: Fabiano Rosas <[email protected]>
Message-id: [email protected]
Reviewed-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 376cdd7e9c94f1e03b2c58e068e8ebfe78b49514)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 842918ee3c1cb9ac687bb27920c8d9020c2c109b
https://github.com/qemu/qemu/commit/842918ee3c1cb9ac687bb27920c8d9020c2c109b
Author: Smail AIDER <[email protected]>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Trap PMCR when MDCR_EL2.TPMCR is set
Trap PMCR_EL0 or PMCR accesses to EL2 when MDCR_EL2.TPMCR is set.
Similar to MDCR_EL2.TPM, MDCR_EL2.TPMCR allows trapping EL0 and EL1
accesses to the PMCR register to EL2.
Cc: [email protected]
Signed-off-by: Smail AIDER <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-id: [email protected]
Message-Id: <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 186db6a73bc5c01026bb9f4f4a59e442c0156841)
(Mjt: adjust for 10.0, before target/arm/helper.c split)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 65ce8bd819c44e04844c490c03757b1c170df417
https://github.com/qemu/qemu/commit/65ce8bd819c44e04844c490c03757b1c170df417
Author: Peter Maydell <[email protected]>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
M scripts/kernel-doc
Log Message:
-----------
scripts/kernel-doc: Avoid new Perl precedence warning
Newer versions of Perl (5.41.x and up) emit a warning for code in
kernel-doc:
Possible precedence problem between ! and pattern match (m//) at
/scripts/kernel-doc line 1597.
This is because the code does:
if (!$param =~ /\w\.\.\.$/) {
In Perl, the ! operator has higher precedence than the =~
pattern-match binding, so the effect of this condition is to first
logically-negate the string $param into a true-or-false value and
then try to pattern match it against the regex, which in this case
will always fail. This is almost certainly not what the author
intended.
In the new Python version of kernel-doc in the Linux kernel,
the equivalent code is written:
if KernRe(r'\w\.\.\.$').search(param):
# For named variable parameters of the form `x...`,
# remove the dots
param = param[:-3]
else:
# Handles unnamed variable parameters
param = "..."
which is a more sensible way of writing the behaviour you would
get if you put in brackets to make the regex match first and
then negate the result.
Take this as the intended behaviour, and update the Perl to match.
For QEMU, this produces no change in output, presumably because we
never used the "unnamed variable parameters" syntax.
Cc: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Daniel P. Berrangé <[email protected]>
Reviewed-by: Mauro Carvalho Chehab <[email protected]>
Message-id: [email protected]
(cherry picked from commit 5ffd387e9e0f787744fadaad35e1bf92224b0642)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 3b0c3dc9ea2a9882a13472effc1d2365951086c8
https://github.com/qemu/qemu/commit/3b0c3dc9ea2a9882a13472effc1d2365951086c8
Author: Richard Henderson <[email protected]>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
R host/include/aarch64/host/atomic128-cas.h
A host/include/aarch64/host/atomic128-cas.h.inc
Log Message:
-----------
qemu/atomic: Finish renaming atomic128-cas.h headers
The aarch64 header was not renamed with the others, meaning it
was skipped in favor of the generic version.
Cc: [email protected]
Fixes: 15606965400b ("qemu/atomic: Rename atomic128-cas.h headers using .h.inc
suffix")
Signed-off-by: Richard Henderson <[email protected]>
Reviewed-by: Peter Maydell <[email protected]>
Message-id: [email protected]
Signed-off-by: Peter Maydell <[email protected]>
(cherry picked from commit 1748c0d59228c7790940d8be381df1c3108022b1)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 5fdba4d41d10c56b6bb47f703aef050179eb3dd2
https://github.com/qemu/qemu/commit/5fdba4d41d10c56b6bb47f703aef050179eb3dd2
Author: Peter Maydell <[email protected]>
Date: 2025-08-31 (Sun, 31 Aug 2025)
Changed paths:
M hw/arm/stm32f205_soc.c
M include/hw/arm/stm32f205_soc.h
Log Message:
-----------
hw/arm/stm32f205_soc: Don't leak TYPE_OR_IRQ objects
In stm32f250_soc_initfn() we mostly use the standard pattern
for child objects of calling object_initialize_child(). However
for s->adc_irqs we call object_new() and then later qdev_realize(),
and we never unref the object on deinit. This causes a leak,
detected by ASAN on the device-introspect-test:
Indirect leak of 10 byte(s) in 1 object(s) allocated from:
#0 0x5b9fc4789de3 in malloc
(/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-arm+0x21f1de3)
(BuildId: 267a2619a026ed91c78a07b1eb2ef15381538efe)
#1 0x740de3f28b09 in g_malloc
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId:
1eb6131419edb83b2178b682829a6913cf682d75)
#2 0x740de3f3e4d8 in g_strdup
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x784d8) (BuildId:
1eb6131419edb83b2178b682829a6913cf682d75)
#3 0x5b9fc70159e1 in g_strdup_inline
/usr/include/glib-2.0/glib/gstrfuncs.h:321:10
#4 0x5b9fc70159e1 in object_property_try_add
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1276:18
#5 0x5b9fc7015f94 in object_property_add
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1294:12
#6 0x5b9fc701b900 in object_add_link_prop
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:2021:10
#7 0x5b9fc701b3fc in object_property_add_link
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:2037:12
#8 0x5b9fc4c299fb in qdev_init_gpio_out_named
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/gpio.c:90:9
#9 0x5b9fc4c29b26 in qdev_init_gpio_out
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/gpio.c:101:5
#10 0x5b9fc4c0f77a in or_irq_init
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/or-irq.c:70:5
#11 0x5b9fc70257e1 in object_init_with_type
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:428:9
#12 0x5b9fc700cd4b in object_initialize_with_type
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:570:5
#13 0x5b9fc700e66d in object_new_with_type
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:774:5
#14 0x5b9fc700e750 in object_new
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:789:12
#15 0x5b9fc68b2162 in stm32f205_soc_initfn
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/arm/stm32f205_soc.c:69:26
Switch to using object_initialize_child() like all our
other child objects for this SoC object.
Cc: [email protected]
Fixes: b63041c8f6b ("STM32F205: Connect the ADC devices")
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-id: [email protected]
(cherry picked from commit 2e27650bddd35477d994a795a3b1cb57c8ed5c76)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 91803e42cf4054c9104132525fe0a21082c720df
https://github.com/qemu/qemu/commit/91803e42cf4054c9104132525fe0a21082c720df
Author: Kostiantyn Kostiuk <[email protected]>
Date: 2025-09-03 (Wed, 03 Sep 2025)
Changed paths:
M qga/installer/qemu-ga.wxs
Log Message:
-----------
qga/installer: Remove QGA VSS if QGA installation failed
When QGA Installer failed to install QGA service but install
QGA VSS provider, provider should be removed before installer
exits. Otherwise QGA VSS will has broken infomation and
prevent QGA installation in next run.
Reviewed-by: Yan Vugenfirer <[email protected]>
Link:
https://lore.kernel.org/qemu-devel/[email protected]
Signed-off-by: Kostiantyn Kostiuk <[email protected]>
(cherry picked from commit 85ff0e956bf26a93c92e4dca8f6257613269a0cf)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: e6ac36818ab3b1891c5b13ed0f41c0bfa9600c8e
https://github.com/qemu/qemu/commit/e6ac36818ab3b1891c5b13ed0f41c0bfa9600c8e
Author: Kostiantyn Kostiuk <[email protected]>
Date: 2025-09-03 (Wed, 03 Sep 2025)
Changed paths:
M qga/vss-win32/requester.cpp
Log Message:
-----------
qga-vss: Write hex value of error in log
QGA-VSS writes error using error_setg_win32_internal,
which call g_win32_error_message.
g_win32_error_message - translate a Win32 error code
(as returned by GetLastError()) into the corresponding message.
In the same time, we call error_setg_win32_internal with
error codes from different Windows componets like VSS or
Performance monitor that provides different codes and
can't be converted with g_win32_error_message. In this
case, the empty suffix will be returned so error will be
masked.
This commit directly add hex value of error code.
Reproduce:
- Run QGA command: {"execute": "guest-fsfreeze-freeze-list", "arguments":
{"mountpoints": ["D:"]}}
QGA error example:
- before changes:
{"error": {"class": "GenericError", "desc": "failed to add D: to snapshot
set: "}}
- after changes:
{"error": {"class": "GenericError", "desc": "failed to add D: to snapshot
set: Windows error 0x8004230e: "}}
Reviewed-by: Yan Vugenfirer <[email protected]>
Link:
https://lore.kernel.org/qemu-devel/[email protected]
Signed-off-by: Kostiantyn Kostiuk <[email protected]>
(cherry picked from commit edf3780a7dad4658ab7b72ea37e310a2be9b16d3)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: cb58ff30c53e14a01371f7c8064949903ce1898c
https://github.com/qemu/qemu/commit/cb58ff30c53e14a01371f7c8064949903ce1898c
Author: minglei.liu <[email protected]>
Date: 2025-09-03 (Wed, 03 Sep 2025)
Changed paths:
M qga/commands.c
Log Message:
-----------
qga: Fix truncated output handling in guest-exec status reporting
Signed-off-by: minglei.liu <[email protected]>
Fixes: a1853dca743
Reviewed-by: Daniel P. Berrangé <[email protected]>
Reviewed-by: Kostiantyn Kostiuk <[email protected]>
Link:
https://lore.kernel.org/qemu-devel/[email protected]
Signed-off-by: Kostiantyn Kostiuk <[email protected]>
(cherry picked from commit 28c5d27dd4dc4100a96ff4c9e5871dd23c6b02ec)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 21bd5bc0c3c29f57be67b1c34c262a52966f5bef
https://github.com/qemu/qemu/commit/21bd5bc0c3c29f57be67b1c34c262a52966f5bef
Author: Markus Armbruster <[email protected]>
Date: 2025-09-03 (Wed, 03 Sep 2025)
Changed paths:
M target/i386/kvm/vmsr_energy.c
Log Message:
-----------
i386/kvm/vmsr_energy: Plug memory leak on failure to connect socket
vmsr_open_socket() leaks the Error set by
qio_channel_socket_connect_sync(). Plug the leak by not creating the
Error.
Fixes: 0418f90809ae (Add support for RAPL MSRs in KVM/Qemu)
Signed-off-by: Markus Armbruster <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Zhao Liu <[email protected]>
(cherry picked from commit b2e4534a2c9ce3d20ba44d855f1e2b71cc53c3a3)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 5c3d05db416b9fc19bbcea5f16082233d70eb168
https://github.com/qemu/qemu/commit/5c3d05db416b9fc19bbcea5f16082233d70eb168
Author: Markus Armbruster <[email protected]>
Date: 2025-09-03 (Wed, 03 Sep 2025)
Changed paths:
M scsi/pr-manager-helper.c
M ui/input-barrier.c
Log Message:
-----------
vfio scsi ui: Error-check qio_channel_socket_connect_sync() the same way
qio_channel_socket_connect_sync() returns 0 on success, and -1 on
failure, with errp set. Some callers check the return value, and some
check whether errp was set.
For consistency, always check the return value, and always check it's
negative.
Signed-off-by: Markus Armbruster <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Zhao Liu <[email protected]>
(cherry picked from commit ec14a3de622ae30a8afa78b6f564bc743b753ee1)
(Mjt: drop changes for hw/vfio-user/proxy.c which is not in 10.0)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 27fb18a8c5cd307d19e4c2357ad6522a2f0b5bc9
https://github.com/qemu/qemu/commit/27fb18a8c5cd307d19e4c2357ad6522a2f0b5bc9
Author: Markus Armbruster <[email protected]>
Date: 2025-09-03 (Wed, 03 Sep 2025)
Changed paths:
M tests/qtest/qos-test.c
M tests/qtest/vhost-user-test.c
Log Message:
-----------
Revert "tests/qtest: use qos_printf instead of g_test_message"
This reverts commit 30ea13e9d97dcbd4ea541ddf9e8857fa1d5cb30f.
Also rewrites qos_printf() calls added later.
"make check" prints many lines like
stdout: 138: UNKNOWN: # # qos_test running single test in subprocess
stdout: 139: UNKNOWN: # # set_protocol_features: 0x42
stdout: 140: UNKNOWN: # # set_owner: start of session
stdout: 141: UNKNOWN: # # vhost-user: un-handled message: 14
stdout: 142: UNKNOWN: # # vhost-user: un-handled message: 14
stdout: 143: UNKNOWN: # # set_vring(0)=enabled
stdout: 144: UNKNOWN: # # set_vring(1)=enabled
stdout: 145: UNKNOWN: # # set_vring(0)=enabled
stdout: 146: UNKNOWN: # # set_vring(1)=enabled
stdout: 147: UNKNOWN: # # set_vring(0)=enabled
stdout: 148: UNKNOWN: # # set_vring(1)=enabled
stdout: 149: UNKNOWN: # # set_vring(0)=enabled
stdout: 150: UNKNOWN: # # set_vring(1)=enabled
stdout: 151: UNKNOWN: # # set_vring(0)=enabled
stdout: 152: UNKNOWN: # # set_vring(1)=enabled
stdout: 153: UNKNOWN: # # set_vring_num: 0/256
stdout: 154: UNKNOWN: # # set_vring_addr:
0x7f9060000000/0x7f905ffff000/0x7f9060001000
Turns out this is qos-test, and the culprit is a commit meant to ease
debugging. Revert it until a better solution is found.
Signed-off-by: Markus Armbruster <[email protected]>
Message-ID: <[email protected]>
[Commit message clarified]
(cherry picked from commit c9a1ea9c52e6462ad5c7814f3abd65baa69dc4ce)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: de5fcb105a24bcc4d743fae7dd1e449b2c143c99
https://github.com/qemu/qemu/commit/de5fcb105a24bcc4d743fae7dd1e449b2c143c99
Author: Laurent Vivier <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M hw/net/e1000e_core.c
Log Message:
-----------
e1000e: Prevent crash from legacy interrupt firing after MSI-X enable
A race condition between guest driver actions and QEMU timers can lead
to an assertion failure when the guest switches the e1000e from legacy
interrupt mode to MSI-X. If a legacy interrupt delay timer (TIDV or
RDTR) is active, but the guest enables MSI-X before the timer fires,
the pending interrupt cause can trigger an assert in
e1000e_intmgr_collect_delayed_causes().
This patch removes the assertion and executes the code that clears the
pending legacy causes. This change is safe and introduces no unintended
behavioral side effects, as it only alters a state that previously led
to termination.
- when core->delayed_causes == 0 the function was already a no-op and
remains so.
- when core->delayed_causes != 0 the function would previously
crash due to the assertion failure. The patch now defines a safe
outcome by clearing the cause and returning. Since behavior after
the assertion never existed, this simply corrects the crash.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1863
Suggested-by: Akihiko Odaki <[email protected]>
Signed-off-by: Laurent Vivier <[email protected]>
Acked-by: Jason Wang <[email protected]>
Reviewed-by: Akihiko Odaki <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit 8e4649cac9bcddc050d2df07908075e9e69bccc7)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 1d61b14684dcf03fc85a6a9001d60a3f46333660
https://github.com/qemu/qemu/commit/1d61b14684dcf03fc85a6a9001d60a3f46333660
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M include/elf.h
Log Message:
-----------
elf: Add EF_MIPS_ARCH_ASE definitions
Include MIPS ASE ELF definitions from binutils:
https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=include/elf/mips.h;h=4fc190f404d828ded84e621bfcece5fa9f9c23c8;hb=HEAD#l210
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit 14ab44b96d5bf761af81cc723314ef5ecf73ed17)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 3b723a3518a1ffce121e035c6c6c33185170ac2a
https://github.com/qemu/qemu/commit/3b723a3518a1ffce121e035c6c6c33185170ac2a
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M linux-user/mips/target_elf.h
Log Message:
-----------
linux-user/mips: Select 74Kf CPU to run MIPS16e binaries
The 74Kf is our latest CPU supporting MIPS16e ASE.
Note, currently QEMU doesn't have 64-bit CPU supporting MIPS16e ASE.
Cc: [email protected]
Fixes: 6ea219d0196..d19954f46df ("target-mips: MIPS16 support")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3054
Reported-by: Justin Applegate <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit 7a09b3cc70ab6d717b18dec5c5995f7a06af4593)
(Mjt: in 10.1 and before the code is in linux-user/mips/target_elf.h)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 3f4a16362bf0f75256663df7fb1442ca008a9295
https://github.com/qemu/qemu/commit/3f4a16362bf0f75256663df7fb1442ca008a9295
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M linux-user/mips/target_elf.h
Log Message:
-----------
linux-user/mips: Select M14Kc CPU to run microMIPS binaries
The M14Kc is our latest CPU supporting the microMIPS ASE.
Note, currently QEMU doesn't have 64-bit CPU supporting microMIPS ASE.
Cc: [email protected]
Fixes: 3c824109da0 ("target-mips: microMIPS ASE support")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3054
Reported-by: Justin Applegate <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-Id: <[email protected]>
(cherry picked from commit 51c3aebfda6489b49cebef593a1ceb597cb97a7e)
(Mjt: in 10.1 and before, the code is in linux-user/mips/target_elf.h)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: d742fcb27930209ea618436c7e4648b1c4ad64e2
https://github.com/qemu/qemu/commit/d742fcb27930209ea618436c7e4648b1c4ad64e2
Author: Denis Rastyogin <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M target/mips/tcg/system/tlb_helper.c
Log Message:
-----------
target/mips: fix TLB huge page check to use 64-bit shift
Use extract64(entry, psn, 1) instead of (entry & (1 << psn)) to avoid
undefined behavior for shifts by 32–63 and to make bit extraction intent
explicit.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Denis Rastyogin <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit 1f82ca723478f44823a18e7151e487d58da03659)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 43af06731727c7954fa25d9454f1964bd2c48149
https://github.com/qemu/qemu/commit/43af06731727c7954fa25d9454f1964bd2c48149
Author: Aditya Gupta <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M hw/ppc/pnv.c
M target/ppc/cpu.h
M target/ppc/misc_helper.c
Log Message:
-----------
hw/ppc: Fix build error with CONFIG_POWERNV disabled
Currently when CONFIG_POWERNV is not enabled, the build fails, such as
with --without-default-devices:
$ ./configure --without-default-devices
$ make
[281/283] Linking target qemu-system-ppc64
FAILED: qemu-system-ppc64
cc -m64 @qemu-system-ppc64.rsp
/usr/bin/ld: libqemu-ppc64-softmmu.a.p/target_ppc_misc_helper.c.o: in
function `helper_load_sprd':
.../target/ppc/misc_helper.c:335:(.text+0xcdc): undefined reference to
`pnv_chip_find_core'
/usr/bin/ld: libqemu-ppc64-softmmu.a.p/target_ppc_misc_helper.c.o: in
function `helper_store_sprd':
.../target/ppc/misc_helper.c:375:(.text+0xdf4): undefined reference to
`pnv_chip_find_core'
collect2: error: ld returned 1 exit status
...
This is since target/ppc/misc_helper.c references PowerNV specific
'pnv_chip_find_core' call.
Split the PowerNV specific SPRD code out of the generic PowerPC code, by
moving the SPRD code to pnv.c
Fixes: 9808ce6d5cb ("target/ppc: Big-core scratch register fix")
Cc: Philippe Mathieu-Daudé <[email protected]>
Reported-by: Thomas Huth <[email protected]>
Suggested-by: Cédric Le Goater <[email protected]>
Signed-off-by: Aditya Gupta <[email protected]>
Acked-by: Cédric Le Goater <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit 46d03bb23dde86513465724760d85f42eb17539e)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 46b5717924342ceebd4c1db18ce6e09ad78e7650
https://github.com/qemu/qemu/commit/46b5717924342ceebd4c1db18ce6e09ad78e7650
Author: Peter Maydell <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M hw/gpio/pca9554.c
Log Message:
-----------
hw/gpio/pca9554: Avoid leak in pca9554_set_pin()
In pca9554_set_pin() we have a string property which we parse in
order to set some non-string fields in the device state. So we call
visit_type_str(), passing it the address of the local variable
state_str.
visit_type_str() will allocate a new copy of the string; we
never free this string, so the result is a memory leak, detected
by ASAN during a "make check" run:
Direct leak of 5 byte(s) in 1 object(s) allocated from:
#0 0x5d605212ede3 in malloc
(/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-arm+0x21f1de3)
(
BuildId: 3d5373c89317f58bfcd191a33988c7347714be14)
#1 0x7f7edea57b09 in g_malloc
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId:
1eb6131419edb83b2178b68282
9a6913cf682d75)
#2 0x7f7edea6d4d8 in g_strdup
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x784d8) (BuildId:
1eb6131419edb83b2178b68282
9a6913cf682d75)
#3 0x5d6055289a91 in g_strdup_inline
/usr/include/glib-2.0/glib/gstrfuncs.h:321:10
#4 0x5d6055289a91 in qobject_input_type_str
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qapi/qo
bject-input-visitor.c:542:12
#5 0x5d605528479c in visit_type_str
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qapi/qapi-visit
-core.c:349:10
#6 0x5d60528bdd87 in pca9554_set_pin
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/gpio/pca9554.c:179:10
#7 0x5d60549bcbbb in object_property_set
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1450:5
#8 0x5d60549d2055 in object_property_set_qobject
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/qom-qobject.c:28:10
#9 0x5d60549bcdf1 in object_property_set_str
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1458:15
#10 0x5d605439d077 in gb200nvl_bmc_i2c_init
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/arm/aspeed.c:1267:5
#11 0x5d60543a3bbc in aspeed_machine_init
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/arm/aspeed.c:493:9
Make the state_str g_autofree, so that we will always free
it, on both error-exit and success codepaths.
Cc: [email protected]
Fixes: de0c7d543bca ("misc: Add a pca9554 GPIO device model")
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Glenn Miles <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
(cherry picked from commit 3284d1c07cfd8d42aa27d1cf83d3e65fcd62e35e)
Signed-off-by: Michael Tokarev <[email protected]>
Commit: 11a3a50ce3ccf9f5a300fccda6dcdee2a171a872
https://github.com/qemu/qemu/commit/11a3a50ce3ccf9f5a300fccda6dcdee2a171a872
Author: Michael Tokarev <[email protected]>
Date: 2025-09-04 (Thu, 04 Sep 2025)
Changed paths:
M block/curl.c
Log Message:
-----------
block/curl: fix curl internal handles handling
block/curl.c uses CURLMOPT_SOCKETFUNCTION to register a socket callback.
According to the documentation, this callback is called not just with
application-created sockets but also with internal curl sockets, - and
for such sockets, user data pointer is not set by the application, so
the result qemu crashing.
Pass BDRVCURLState directly to the callback function as user pointer,
instead of relying on CURLINFO_PRIVATE.
This problem started happening with update of libcurl from 8.9 to 8.10 --
apparently with this change curl started using private handles more.
(CURLINFO_PRIVATE is used in one more place, in curl_multi_check_completion() -
it might need a similar fix too)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3081
Cc: [email protected]
Reviewed-by: Daniel P. Berrangé <[email protected]>
Signed-off-by: Michael Tokarev <[email protected]>
(cherry picked from commit 606978500c3d18fb89a49844f253097b17f757de)
Signed-off-by: Michael Tokarev <[email protected]>
Compare: https://github.com/qemu/qemu/compare/91d33dce7604...11a3a50ce3cc
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
