Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 4f7528295b3e6dfe1189f660fa7865ad972d82e7
https://github.com/qemu/qemu/commit/4f7528295b3e6dfe1189f660fa7865ad972d82e7
Author: Andrew Jones <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M hw/riscv/riscv-iommu.c
Log Message:
-----------
hw/riscv/riscv-iommu: Fix MSI table size limit
The MSI table is not limited to 4k. The only constraint the table has
is that its base address must be aligned to its size, ensuring no
offsets of the table size will overrun when added to the base address
(see "8.5. MSI page tables" of the AIA spec).
Fixes: 0c54acb8243d ("hw/riscv: add RISC-V IOMMU base emulation")
Signed-off-by: Andrew Jones <[email protected]>
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: da14767b356c2342197708a997eeb0da053262a0
https://github.com/qemu/qemu/commit/da14767b356c2342197708a997eeb0da053262a0
Author: Andrea Bolognani <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M docs/interop/firmware.json
Log Message:
-----------
docs/interop/firmware: Add riscv64 to FirmwareArchitecture
Descriptors using this value have been shipped for years
by distros, so we just need to update the spec to match
reality.
Signed-off-by: Andrea Bolognani <[email protected]>
Reviewed-by: Kashyap Chamarthy <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 696086ad9fb500573c7f710483215e079ee3cf33
https://github.com/qemu/qemu/commit/696086ad9fb500573c7f710483215e079ee3cf33
Author: Daniel Henrique Barboza <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user/syscall.c: sync RISC-V hwprobe with Linux
It has been awhile since the last sync. Let's bring QEMU hwprobe support
on par with Linux 6.17-rc4.
A lot of new RISCV_HWPROBE_KEY_* entities are added but this patch is
only adding support for ZICBOM_BLOCK_SIZE.
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: e06d209aa69d8ece901ada9620b37af4d87b713e
https://github.com/qemu/qemu/commit/e06d209aa69d8ece901ada9620b37af4d87b713e
Author: Daniel Henrique Barboza <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M target/riscv/cpu.h
M target/riscv/riscv-qmp-cmds.c
Log Message:
-----------
target/riscv: implement MonitorDef HMP API
The MonitorDef API is related to two HMP monitor commands: 'p' and 'x':
(qemu) help p
print|p /fmt expr -- print expression value (use $reg for CPU register access)
(qemu) help x
x /fmt addr -- virtual memory dump starting at 'addr'
For x86, one of the few targets that implements it, it is possible to
print the PC register value with $pc and use the PC value in the 'x'
command as well.
Those 2 commands are hooked into get_monitor_def(), called by
exp_unary() in hmp.c. The function tries to fetch a reg value in two
ways: by reading them directly via a target_monitor_defs array or using
a target_get_monitor_def() helper. In RISC-V we have *A LOT* of
registers and this number will keep getting bigger, so we're opting out
of an array declaration.
We're able to retrieve all regs but vregs because the API only fits an
uint64_t and vregs have 'vlen' size that are bigger than that.
With this patch we can do things such as:
- print CSRs and use their val in expressions:
(qemu) p $mstatus
0xa000000a0
(qemu) p $mstatus & 0xFF
0xa0
- dump the next 10 insn from virtual memory starting at x1 (ra):
(qemu) x/10i $ra
0xffffffff80958aea: a9bff0ef jal ra,-1382
# 0xffffffff80958584
0xffffffff80958aee: 10016073 csrrsi zero,sstatus,2
0xffffffff80958af2: 60a2 ld ra,8(sp)
0xffffffff80958af4: 6402 ld s0,0(sp)
0xffffffff80958af6: 0141 addi sp,sp,16
0xffffffff80958af8: 8082 ret
0xffffffff80958afa: 10016073 csrrsi zero,sstatus,2
0xffffffff80958afe: 8082 ret
0xffffffff80958b00: 1141 addi sp,sp,-16
0xffffffff80958b02: e422 sd s0,8(sp)
(qemu)
Suggested-by: Dr. David Alan Gilbert <[email protected]>
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 7a9202eaeb2797fd122f9034c3739b48a4152636
https://github.com/qemu/qemu/commit/7a9202eaeb2797fd122f9034c3739b48a4152636
Author: Daniel Henrique Barboza <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M pc-bios/opensbi-riscv32-generic-fw_dynamic.bin
M pc-bios/opensbi-riscv64-generic-fw_dynamic.bin
M roms/opensbi
Log Message:
-----------
roms/opensbi: Update to v1.7
Update OpenSBI and the pre-built opensbi32 and opensbi64 images to
version 1.7.
It has been almost an year since we last updated OpenSBI (at the time,
up to v1.5.1) and we're missing a lot of good stuff from both v1.6 and
v1.7, including SBI 3.0 and RPMI 1.0.
The changelog is too large and tedious to post in the commit msg so I
encourage refering to [1] and [2] to see the new features we're adding
into the QEMU roms.
[1] https://github.com/riscv-software-src/opensbi/releases/tag/v1.6
[2] https://github.com/riscv-software-src/opensbi/releases/tag/v1.7
Signed-off-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 191df346175283af013f414375f4be59fb850120
https://github.com/qemu/qemu/commit/191df346175283af013f414375f4be59fb850120
Author: Frank Chang <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M hw/char/sifive_uart.c
Log Message:
-----------
hw/char: sifive_uart: Raise IRQ according to the Tx/Rx watermark thresholds
Currently, the SiFive UART raises an IRQ whenever:
1. ie.txwm is enabled.
2. ie.rxwm is enabled and the Rx FIFO is not empty.
It does not check the watermark thresholds set by software. However,
since commit [1] changed the SiFive UART character printing from
synchronous to asynchronous, Tx overflows may occur, causing characters
to be dropped when running Linux because:
1. The Linux SiFive UART driver sets the transmit watermark level to 1
[2], meaning a transmit watermark interrupt is raised whenever a
character is enqueued into the Tx FIFO.
2. Upon receiving a transmit watermark interrupt, the Linux driver
transfers up to a full Tx FIFO's worth of characters from the Linux
serial transmit buffer [3], without checking the txdata.full flag
before transferring multiple characters [4].
To fix this issue, we must honor the Tx/Rx watermark thresholds and
raise interrupts only when the Tx threshold is exceeded or the Rx
threshold is undercut.
[1] 53c1557b230986ab6320a58e1b2c26216ecd86d5
[2]
https://github.com/torvalds/linux/blob/master/drivers/tty/serial/sifive.c#L1039
[3]
https://github.com/torvalds/linux/blob/master/drivers/tty/serial/sifive.c#L538
[4]
https://github.com/torvalds/linux/blob/master/drivers/tty/serial/sifive.c#L291
Signed-off-by: Frank Chang <[email protected]>
Signed-off-by: Emmanuel Blot <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: a090ecd880a1b211e92c41029d1a90edf6686a48
https://github.com/qemu/qemu/commit/a090ecd880a1b211e92c41029d1a90edf6686a48
Author: Frank Chang <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M hw/char/sifive_uart.c
Log Message:
-----------
hw/char: sifive_uart: Avoid pushing Tx FIFO when size is zero
There's no need to call fifo8_push_all() when size is zero.
Signed-off-by: Frank Chang <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 9100b9e67fbd2d60b53a6c5620c4ca2e6e43a0db
https://github.com/qemu/qemu/commit/9100b9e67fbd2d60b53a6c5620c4ca2e6e43a0db
Author: Frank Chang <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M hw/char/sifive_uart.c
Log Message:
-----------
hw/char: sifive_uart: Remove outdated comment about Tx FIFO
Since Tx FIFO is now implemented using "qemu/fifo8.h", remove the comment
that no longer reflects the current implementation.
Signed-off-by: Frank Chang <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: e04886254f0d88881ea14533c438859537ed1dfb
https://github.com/qemu/qemu/commit/e04886254f0d88881ea14533c438859537ed1dfb
Author: Frank Chang <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M hw/char/sifive_uart.c
Log Message:
-----------
hw/char: sifive_uart: Add newline to error message
Adds a missing newline character to the error message.
Signed-off-by: Frank Chang <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 63181b069be342c49b2bb95344654d3667250f46
https://github.com/qemu/qemu/commit/63181b069be342c49b2bb95344654d3667250f46
Author: TANG Tiancheng <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M hw/intc/riscv_aclint.c
Log Message:
-----------
hw/intc: Save time_delta in RISC-V mtimer VMState
In QEMU's RISC-V ACLINT timer model, 'mtime' is not stored directly as a
state variable. It is computed on demand as:
mtime = rtc_r + time_delta
where:
- 'rtc_r' is the current VM virtual time (in ticks) obtained via
cpu_riscv_read_rtc_raw() from QEMU_CLOCK_VIRTUAL.
- 'time_delta' is an offset applied when the guest writes a new 'mtime'
value via riscv_aclint_mtimer_write():
time_delta = value - rtc_r
Under this design, 'rtc_r' is assumed to be monotonically increasing
during VM execution. Even if the guest writes an 'mtime' value smaller
than the current one (making 'time_delta' negative in signed arithmetic,
or underflow in unsigned arithmetic), the computed 'mtime' remains
correct because 'rtc_r_new > rtc_r_old':
mtime_new = rtc_r_new + (value - rtc_r_old)
However, this monotonicity assumption breaks on snapshot load.
Before restoring a snapshot, QEMU resets the guest, which calls
riscv_aclint_mtimer_reset_enter() to set 'mtime' to 0 and recompute
'time_delta' as:
time_delta = 0 - rtc_r_reset
Here, the time_delta differs from the value that was present when the
snapshot was saved. As a result, subsequent reads produce a fixed offset
from the true mtime.
This can be observed with the 'date' command inside the guest: after loading
a snapshot, the reported time appears "frozen" at the save point, and only
resumes correctly after the guest has run long enough to compensate for the
erroneous offset.
The fix is to treat 'time_delta' as part of the device's migratable
state and save/restore it via vmstate. This preserves the correct
relation between 'rtc_r' and 'mtime' across snapshot save/load, ensuring
'mtime' continues incrementing from the precise saved value after
restore.
Reviewed-by: LIU Zhiwei <[email protected]>
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Signed-off-by: TANG Tiancheng <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 1d9a832b58be63e53ef0d2342c271a34ecb349db
https://github.com/qemu/qemu/commit/1d9a832b58be63e53ef0d2342c271a34ecb349db
Author: Cédric Le Goater <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M hw/vfio/container-legacy.c
M hw/vfio/trace-events
Log Message:
-----------
vfio: Remove workaround for kernel DMA unmap overflow bug
A kernel bug was introduced in Linux v4.15 via commit 71a7d3d78e3c
("vfio/type1: Check for address space wrap-around on unmap"), which
added a test for address space wrap-around in the vfio DMA unmap path.
Unfortunately, due to an integer overflow, the kernel would
incorrectly detect an unmap of the last page in the 64-bit address
space as a wrap-around, causing the unmap to fail with -EINVAL.
A QEMU workaround was introduced in commit 567d7d3e6be5 ("vfio/common:
Work around kernel overflow bug in DMA unmap") to retry the unmap,
excluding the final page of the range.
The kernel bug was then fixed in Linux v5.0 via commit 58fec830fc19
("vfio/type1: Fix dma_unmap wrap-around check"). Since the oldest
supported LTS kernel is now v5.4, kernels affected by this bug are
considered deprecated, and the workaround is no longer necessary.
This change reverts 567d7d3e6be5, removing the workaround.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1662291
Reviewed-by: Alex Williamson <[email protected]>
Reviewed-by: Zhenzhong Duan <[email protected]>
Link: https://lore.kernel.org/qemu-devel/[email protected]
Signed-off-by: Cédric Le Goater <[email protected]>
Commit: 70a7e33ddb7f2ca7caacf286222bd80fd330c454
https://github.com/qemu/qemu/commit/70a7e33ddb7f2ca7caacf286222bd80fd330c454
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M backends/iommufd.c
M include/system/iommufd.h
Log Message:
-----------
system/iommufd: Use uint64_t type for IOVA mapping size
The 'ram_addr_t' type is described as:
a QEMU internal address space that maps guest RAM physical
addresses into an intermediate address space that can map
to host virtual address spaces.
This doesn't represent well an IOVA mapping size. Simply use
the uint64_t type.
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Cédric Le Goater <[email protected]>
Link:
https://lore.kernel.org/qemu-devel/[email protected]
Signed-off-by: Cédric Le Goater <[email protected]>
Commit: 5764a715277afc4d6076fbf2bae1697dbd2fa182
https://github.com/qemu/qemu/commit/5764a715277afc4d6076fbf2bae1697dbd2fa182
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M hw/vfio/trace-events
Log Message:
-----------
hw/vfio: Reorder vfio_container_query_dirty_bitmap() trace format
Update the trace-events comments after the changes from
commit dcce51b1938 ("hw/vfio/container-base.c: rename file
to container.c") and commit a3bcae62b6a ("hw/vfio/container.c:
rename file to container-legacy.c").
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Cédric Le Goater <[email protected]>
Link:
https://lore.kernel.org/qemu-devel/[email protected]
Signed-off-by: Cédric Le Goater <[email protected]>
Commit: 0ca70d3bf722a94c53f254670e6a642e77aa077c
https://github.com/qemu/qemu/commit/0ca70d3bf722a94c53f254670e6a642e77aa077c
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M hw/vfio/container.c
M hw/vfio/listener.c
M hw/vfio/trace-events
M include/hw/vfio/vfio-container.h
Log Message:
-----------
hw/vfio: Avoid ram_addr_t in vfio_container_query_dirty_bitmap()
The 'ram_addr_t' type is described as:
a QEMU internal address space that maps guest RAM physical
addresses into an intermediate address space that can map
to host virtual address spaces.
vfio_container_query_dirty_bitmap() doesn't expect such QEMU
intermediate address, but a guest physical addresses. Use the
appropriate 'hwaddr' type, rename as @translated_addr for
clarity.
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Cédric Le Goater <[email protected]>
Link:
https://lore.kernel.org/qemu-devel/[email protected]
Signed-off-by: Cédric Le Goater <[email protected]>
Commit: f0b52aa08ab0868c18d881381a8fda4b59b37517
https://github.com/qemu/qemu/commit/f0b52aa08ab0868c18d881381a8fda4b59b37517
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-10-02 (Thu, 02 Oct 2025)
Changed paths:
M hw/vfio-user/container.c
M hw/vfio/container-legacy.c
M hw/vfio/container.c
M hw/vfio/cpr-legacy.c
M hw/vfio/iommufd.c
M include/hw/vfio/vfio-container.h
M include/hw/vfio/vfio-cpr.h
Log Message:
-----------
hw/vfio: Use uint64_t for IOVA mapping size in vfio_container_dma_*map
The 'ram_addr_t' type is described as:
a QEMU internal address space that maps guest RAM physical
addresses into an intermediate address space that can map
to host virtual address spaces.
This doesn't represent well an IOVA mapping size. Simply use
the uint64_t type.
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Cédric Le Goater <[email protected]>
Link:
https://lore.kernel.org/qemu-devel/[email protected]
Signed-off-by: Cédric Le Goater <[email protected]>
Commit: 30478e2ff7839a692c3894ae5f6c28e780f0bc6d
https://github.com/qemu/qemu/commit/30478e2ff7839a692c3894ae5f6c28e780f0bc6d
Author: TANG Tiancheng <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M include/migration/vmstate.h
Log Message:
-----------
migration: Add support for a variable-length array of UINT32 pointers
Add support for defining a vmstate field which is a variable-length array
of pointers, and use this to define a VMSTATE_TIMER_PTR_VARRAY() which allows
a variable-length array of QEMUTimer* to be used by devices.
Message-id: [email protected]
Reviewed-by: LIU Zhiwei <[email protected]>
Reviewed-by: Peter Xu <[email protected]>
Signed-off-by: TANG Tiancheng <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 09f89ccc9763a20c0cf9030661af2c04647c1eec
https://github.com/qemu/qemu/commit/09f89ccc9763a20c0cf9030661af2c04647c1eec
Author: TANG Tiancheng <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M hw/intc/riscv_aclint.c
M include/hw/intc/riscv_aclint.h
Log Message:
-----------
hw/intc: Save timers array in RISC-V mtimer VMState
The current 'timecmp' field in vmstate_riscv_mtimer is insufficient to keep
timers functional after migration.
If an mtimer's entry in 'mtimer->timers' is active at the time the snapshot
is taken, it means riscv_aclint_mtimer_write_timecmp() has written to
'mtimecmp' and scheduled a timer into QEMU's main loop 'timer_list'.
During snapshot save, these active timers must also be migrated; otherwise,
after snapshot load there is no mechanism to restore 'mtimer->timers' back
into the 'timer_list', and any pending timer events would be lost.
QEMU's migration framework commonly uses VMSTATE_TIMER_xxx macros to save
and restore 'QEMUTimer' variables. However, 'timers' is a pointer array
with variable length, and vmstate.h did not previously provide a helper
macro for such type.
This commit adds a new macro, 'VMSTATE_TIMER_PTR_VARRAY', to handle saving
and restoring a variable-length array of 'QEMUTimer *'. We then use this
macro to migrate the 'mtimer->timers' array, ensuring that timer events
remain scheduled correctly after snapshot load.
Reviewed-by: LIU Zhiwei <[email protected]>
Signed-off-by: TANG Tiancheng <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: b0daaa172a1cd7e8bc8320bfd6612edbebef157f
https://github.com/qemu/qemu/commit/b0daaa172a1cd7e8bc8320bfd6612edbebef157f
Author: TANG Tiancheng <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M target/riscv/machine.c
Log Message:
-----------
target/riscv: Save stimer and vstimer in CPU vmstate
vmstate_riscv_cpu was missing env.stimer and env.vstimer.
Without migrating these QEMUTimer fields, active S/VS-mode
timer events are lost after snapshot or migration.
Add VMSTATE_TIMER_PTR() entries to save and restore them.
Reviewed-by: LIU Zhiwei <[email protected]>
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Signed-off-by: TANG Tiancheng <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: c69fc80035b708a8b997cbab0d393e2702364a3e
https://github.com/qemu/qemu/commit/c69fc80035b708a8b997cbab0d393e2702364a3e
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M target/riscv/kvm/kvm-cpu.c
Log Message:
-----------
target/riscv/kvm: Use riscv_cpu_is_32bit() when handling SBI_DBCN reg
Use the existing riscv_cpu_is_32bit() helper to check for 32-bit CPU.
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Reviewed-by: Andrew Jones <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: cebaf7434b4af059caca053ee1ec7ed8df91c2a7
https://github.com/qemu/qemu/commit/cebaf7434b4af059caca053ee1ec7ed8df91c2a7
Author: stove <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M target/riscv/cpu.h
Log Message:
-----------
target/riscv: use riscv_csrr in riscv_csr_read
Commit 38c83e8d3a33 ("target/riscv: raise an exception when CSRRS/CSRRC
writes a read-only CSR") changed the behavior of riscv_csrrw, which
would formerly be treated as read-only if the write mask were set to 0.
Fixes an exception being raised when accessing read-only vector CSRs
like vtype.
Fixes: 38c83e8d3a33 ("target/riscv: raise an exception when CSRRS/CSRRC writes
a read-only CSR")
Signed-off-by: stove <[email protected]>
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: ec139c3dd00599e3e71b28c30b8207f6f15207c7
https://github.com/qemu/qemu/commit/ec139c3dd00599e3e71b28c30b8207f6f15207c7
Author: Xuemei Liu <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M include/qemu/osdep.h
Log Message:
-----------
qemu/osdep: align memory allocations to 2M on RISC-V
Similar to other architectures (e.g., x86_64, aarch64), utilizing THP on RISC-V
KVM requires 2MiB-aligned memory blocks.
Signed-off-by: Xuemei Liu <[email protected]>
Reviewed-by: David Hildenbrand <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: a86d3352ab70f33f5feabbf9bad9450d3c19d0bf
https://github.com/qemu/qemu/commit/a86d3352ab70f33f5feabbf9bad9450d3c19d0bf
Author: Vladimir Isaev <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M target/riscv/translate.c
Log Message:
-----------
target/riscv: do not use translator_ldl in opcode_at
opcode_at is used only in semihosting checks to match opcodes with expected
pattern.
This is not a translator and if we got following assert if page is not in TLB:
qemu-system-riscv64: ../accel/tcg/translator.c:363: record_save: Assertion
`offset == db->record_start + db->record_len' failed.
Fixes: 1f9c4462334f ("target/riscv: Use translator_ld* for everything")
Signed-off-by: Vladimir Isaev <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
[ Changes by AF:
- Fixup header includes after rebase
]
Signed-off-by: Alistair Francis <[email protected]>
Commit: c851052a77fd79300708df2070297b5428b4be8d
https://github.com/qemu/qemu/commit/c851052a77fd79300708df2070297b5428b4be8d
Author: Jim Shu <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M target/riscv/insn_trans/trans_rvzicfiss.c.inc
Log Message:
-----------
target/riscv: Fix the mepc when sspopchk triggers the exception
When sspopchk is in the middle of TB and triggers the SW check
exception, it should update PC from gen_update_pc(). If not, RISC-V mepc
CSR will get wrong PC address which is still at the start of TB.
Signed-off-by: Jim Shu <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 84c1605b7606d810ded4c1c3a2717f158dc89e3f
https://github.com/qemu/qemu/commit/84c1605b7606d810ded4c1c3a2717f158dc89e3f
Author: Jim Shu <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M target/riscv/csr.c
Log Message:
-----------
target/riscv: Fix SSP CSR error handling in VU/VS mode
In VU/VS mode, accessing $ssp CSR will trigger the virtual instruction
exception instead of illegal instruction exception if SSE is disabled
via xenvcfg CSRs.
This is from RISC-V CFI v1.0 spec ch2.2.4. Shadow Stack Pointer
Signed-off-by: Jim Shu <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 0b16c7b6a854d461cdfd418769b51d58e43dd92a
https://github.com/qemu/qemu/commit/0b16c7b6a854d461cdfd418769b51d58e43dd92a
Author: Jim Shu <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M target/riscv/helper.h
M target/riscv/insn_trans/trans_rvzicfiss.c.inc
M target/riscv/op_helper.c
Log Message:
-----------
target/riscv: Fix ssamoswap error handling
Follow the RISC-V CFI v1.0 spec [1] to fix the exception type
when ssamoswap is disabled by xSSE.
[1] RISC-V CFI spec v1.0, ch2.7 Atomic Swap from a Shadow Stack Location
Signed-off-by: Jim Shu <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: ae4a37f57818e47e212272821a5a86ad54620eb8
https://github.com/qemu/qemu/commit/ae4a37f57818e47e212272821a5a86ad54620eb8
Author: Max Chou <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M target/riscv/cpu.c
M target/riscv/csr.c
M target/riscv/machine.c
M target/riscv/riscv-qmp-cmds.c
M target/riscv/tcg/tcg-cpu.c
Log Message:
-----------
target/riscv: rvv: Replace checking V by checking Zve32x
The Zve32x extension will be applied by the V and Zve* extensions.
Therefore we can replace the original V checking with Zve32x checking for both
the V and Zve* extensions.
Signed-off-by: Max Chou <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: be50ff3a73859ebbbdc0e6f704793062b1743d93
https://github.com/qemu/qemu/commit/be50ff3a73859ebbbdc0e6f704793062b1743d93
Author: Max Chou <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M target/riscv/tcg/tcg-cpu.c
Log Message:
-----------
target/riscv: rvv: Modify minimum VLEN according to enabled vector extensions
According to the RISC-V unprivileged specification, the VLEN should be greater
or equal to the ELEN. This commit modifies the minimum VLEN based on the vector
extensions and introduces a check rule for VLEN and ELEN.
Extension Minimum VLEN
* V 128
* Zve64[d|f|x] 64
* Zve32[f|x] 32
Signed-off-by: Max Chou <[email protected]>
Reviewed-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 81d1885dcc4424fec6761120f6e251eb3408fb8e
https://github.com/qemu/qemu/commit/81d1885dcc4424fec6761120f6e251eb3408fb8e
Author: Max Chou <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M target/riscv/helper.h
M target/riscv/insn_trans/trans_rvv.c.inc
M target/riscv/vector_helper.c
Log Message:
-----------
target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN=32 and
SEW=64
When XLEN is 32 and SEW is 64, the original implementation of
vslide1up.vx and vslide1down.vx helper functions fills the 32-bit value
of rs1 into the first element of the destination vector register (rd),
which is a 64-bit element.
This commit attempted to resolve the issue by extending the rs1 value
to 64 bits during the TCG translation phase to ensure that the helper
functions won't lost the higer 32 bits.
Signed-off-by: Max Chou <[email protected]>
Acked-by: Alistair Francis <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 15abfced803929f935bb59a0e1b02558bd8325c4
https://github.com/qemu/qemu/commit/15abfced803929f935bb59a0e1b02558bd8325c4
Author: Guo Ren (Alibaba DAMO Academy) <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M hw/riscv/riscv-iommu.c
Log Message:
-----------
hw/riscv/riscv-iommu: Fixup PDT Nested Walk
Current implementation is wrong when iohgatp != bare. The RISC-V
IOMMU specification has defined that the PDT is based on GPA, not
SPA. So this patch fixes the problem, making PDT walk correctly
when the G-stage table walk is enabled.
Fixes: 0c54acb8243d ("hw/riscv: add RISC-V IOMMU base emulation")
Cc: [email protected]
Cc: Sebastien Boeuf <[email protected]>
Cc: Tomasz Jeznach <[email protected]>
Reviewed-by: Weiwei Li <[email protected]>
Reviewed-by: Nutty Liu <[email protected]>
Signed-off-by: Guo Ren (Alibaba DAMO Academy) <[email protected]>
Tested-by: Chen Pei <[email protected]>
Tested-by: Fangyu Yu <[email protected]>
Message-ID: <[email protected]>
[ Changes by AF:
- Add braces to if statements
]
Signed-off-by: Alistair Francis <[email protected]>
Commit: b25133d38fe693589cf695b85968caa0724bfafd
https://github.com/qemu/qemu/commit/b25133d38fe693589cf695b85968caa0724bfafd
Author: vhaudiquet <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M target/riscv/insn_trans/trans_rvzce.c.inc
Log Message:
-----------
target/riscv: Fix endianness swap on compressed instructions
Three instructions were not using the endianness swap flag, which resulted in a
bug on big-endian architectures.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3131
Buglink: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2123828
Fixes: e0a3054f18e ("target/riscv: add support for Zcb extension")
Signed-off-by: Valentin Haudiquet <[email protected]>
Cc: [email protected]
Reviewed-by: Anton Johansson <[email protected]>
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: ad2a0aa2824b1dac9f61bac33980e866e9a88856
https://github.com/qemu/qemu/commit/ad2a0aa2824b1dac9f61bac33980e866e9a88856
Author: Joel Stanley <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M docs/specs/riscv-iommu.rst
Log Message:
-----------
docs: riscv-iommu: Update status of kernel support
The iommu Linux kernel support is now upstream. VFIO is still
downstream at this stage.
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Signed-off-by: Joel Stanley <[email protected]>
Message-ID: <[email protected]>
Signed-off-by: Alistair Francis <[email protected]>
Commit: 91f80dda70aeedeb78979b07ad2a0e5503f7dd47
https://github.com/qemu/qemu/commit/91f80dda70aeedeb78979b07ad2a0e5503f7dd47
Author: Richard Henderson <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M docs/interop/firmware.json
M docs/specs/riscv-iommu.rst
M hw/char/sifive_uart.c
M hw/intc/riscv_aclint.c
M hw/riscv/riscv-iommu.c
M include/hw/intc/riscv_aclint.h
M include/migration/vmstate.h
M include/qemu/osdep.h
M linux-user/syscall.c
M pc-bios/opensbi-riscv32-generic-fw_dynamic.bin
M pc-bios/opensbi-riscv64-generic-fw_dynamic.bin
M roms/opensbi
M target/riscv/cpu.c
M target/riscv/cpu.h
M target/riscv/csr.c
M target/riscv/helper.h
M target/riscv/insn_trans/trans_rvv.c.inc
M target/riscv/insn_trans/trans_rvzce.c.inc
M target/riscv/insn_trans/trans_rvzicfiss.c.inc
M target/riscv/kvm/kvm-cpu.c
M target/riscv/machine.c
M target/riscv/op_helper.c
M target/riscv/riscv-qmp-cmds.c
M target/riscv/tcg/tcg-cpu.c
M target/riscv/translate.c
M target/riscv/vector_helper.c
Log Message:
-----------
Merge tag 'pull-riscv-to-apply-20251003-3' of
https://github.com/alistair23/qemu into staging
First RISC-V PR for 10.2
* Fix MSI table size limit
* Add riscv64 to FirmwareArchitecture
* Sync RISC-V hwprobe with Linux
* Implement MonitorDef HMP API
* Update OpenSBI to v1.7
* Fix SiFive UART character drop issue and minor refactors
* Fix RISC-V timer migration issues
* Use riscv_cpu_is_32bit() when handling SBI_DBCN reg
* Use riscv_csrr in riscv_csr_read
* Align memory allocations to 2M on RISC-V
* Do not use translator_ldl in opcode_at
* Minor fixes of RISC-V CFI
* Modify minimum VLEN rule
* Fix vslide1[up|down].vx unexpected result when XLEN=32 and SEW=64
* Fixup IOMMU PDT Nested Walk
* Fix endianness swap on compressed instructions
* Update status of IOMMU kernel support
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmjfQhoACgkQr3yVEwxT
# gBPnTg//eQ9GMFTLcW4kFMsVYeY8TbkmQN9Wnk+XubG92siGkzuNmfy36yo7oeib
# dB6/h5JLjycjttOfgyx73/TKUucyZs+ZYkVVWWQCSU+sqPTA370MmGNM8CSmPms/
# lFuNIixd+sSUDIOod9zQHzxv+f3ZN2bjEAyzJAEhSXgTO+1xnOeJHHjxB5O2Z/a1
# ccd3Po1wR6nm2T4x88LcHDHj8svLsfG0G1RRkU+yeLu7J6Qpp0d/lOZI7if+AQqb
# Nmz65n2uSuUEuNNQIxYaQp/nbkF3DSxi3mg3+hCQjF+hMjXL4hAhSEPril3MQjGi
# 802nEaqG8Qdzec+bZiKt0c3e0f4SrnpDXDnz7NrtfSO6vXAvqqZuC8kTdZy8dsPU
# 1D809ksZoNDIB87z89MQPsQ7k1Bs2Iq9pNpB9huD3mzY4DHqYhkzysAwc8Qhvimv
# pBaeSDV66OrI/al5c0FqSN0LiLHvlRcwqiATiQwIdCV+PUe+cVPwIKq6ABQiYpVu
# mvnzgEJ4r7iO92hOoAGM+eRC7krafF1/gbe3SDI3RLUTDPM6hcTRcluvBlpBdNDj
# lIYXs89f0jBh0I4IRGm8ftqD9xPDP56mZVEIIjSWDRTT6mfZLxWWMmXC/OK63U7/
# bpJKohFOKy8P6SSvTACcLSOQlP3r+FRrmBOXs7S24U+Hr9xUep0=
# =DGkt
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 02 Oct 2025 08:25:14 PM PDT
# gpg: using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <[email protected]>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-20251003-3' of https://github.com/alistair23/qemu:
(26 commits)
docs: riscv-iommu: Update status of kernel support
target/riscv: Fix endianness swap on compressed instructions
hw/riscv/riscv-iommu: Fixup PDT Nested Walk
target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN=32 and
SEW=64
target/riscv: rvv: Modify minimum VLEN according to enabled vector extensions
target/riscv: rvv: Replace checking V by checking Zve32x
target/riscv: Fix ssamoswap error handling
target/riscv: Fix SSP CSR error handling in VU/VS mode
target/riscv: Fix the mepc when sspopchk triggers the exception
target/riscv: do not use translator_ldl in opcode_at
qemu/osdep: align memory allocations to 2M on RISC-V
target/riscv: use riscv_csrr in riscv_csr_read
target/riscv/kvm: Use riscv_cpu_is_32bit() when handling SBI_DBCN reg
target/riscv: Save stimer and vstimer in CPU vmstate
hw/intc: Save timers array in RISC-V mtimer VMState
migration: Add support for a variable-length array of UINT32 pointers
hw/intc: Save time_delta in RISC-V mtimer VMState
hw/char: sifive_uart: Add newline to error message
hw/char: sifive_uart: Remove outdated comment about Tx FIFO
hw/char: sifive_uart: Avoid pushing Tx FIFO when size is zero
...
Signed-off-by: Richard Henderson <[email protected]>
Commit: 81e3121bef89bcd3ccb261899e5a36246199065d
https://github.com/qemu/qemu/commit/81e3121bef89bcd3ccb261899e5a36246199065d
Author: Richard Henderson <[email protected]>
Date: 2025-10-03 (Fri, 03 Oct 2025)
Changed paths:
M backends/iommufd.c
M hw/vfio-user/container.c
M hw/vfio/container-legacy.c
M hw/vfio/container.c
M hw/vfio/cpr-legacy.c
M hw/vfio/iommufd.c
M hw/vfio/listener.c
M hw/vfio/trace-events
M include/hw/vfio/vfio-container.h
M include/hw/vfio/vfio-cpr.h
M include/system/iommufd.h
Log Message:
-----------
Merge tag 'pull-vfio-20251003' of https://github.com/legoater/qemu into
staging
vfio queue:
* Remove workaround for kernel DMA unmap overflow
* Remove invalid uses of ram_addr_t type
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmjfpl4ACgkQUaNDx8/7
# 7KFAHQ//R0WtsAsEYE8Diczscl9++gqORrrLYN2ffTKrhUBrBskPptWZ+4Rh4R2e
# OSxdcf1cl0sFNkzCqnbWE3sbAG1Yq6mvCXTGTx3Y+2wi0KNwZXSxYGMWApOydp5K
# McQv1Uyd48TKCEwjumu6jmoPUSi89kvA58BLjBtw2bwJQzdlMZpIHX0XlSjlBHTz
# wHPqqW5+WCWq52pTp2vNkRrcqTl/HuoaijHPEJMzd/GIl1x2tBruuXuwzkY33ZKy
# EyDNq/stK12Pa1Va1ey8QOMQUJJ1jb3feVognDDVRMUGbBPljMawi8vtXW6LW28P
# 0micGzDk1A3yi8X+tIHjQE/rcL86mIKyzCmrSB7WM+t3r79/hWZQruUu2e1eUGCE
# Mw5K0UoxBvp4LxeB2wKSIFUL1VgcB0azgsq6nOwRgMyzcqjniBu7M7gctIQQdypZ
# wSdUo8cViagUXS+YDVLsMreq4FShFWx6JLOGlxvN/eTaicUTjiOccriGmu1huhW/
# VzcfkgZWL1lSKoDeOAOafNjUP557hv0YbiAGa8ywglrukFLdFKIFJOvNdnzmmkiG
# 5YJt2RH/rx+etF0hBI4uZLCnumpiKVM27/9MuMRiF7jZSXx0rz8tFVcscxQY10GP
# pSPL3SZAeLD4HMhndrlLSPAJyboQ4TGPA26yn5nahUGmOhoP91o=
# =kCV9
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 03 Oct 2025 03:33:02 AM PDT
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <[email protected]>" [full]
# gpg: aka "Cédric Le Goater <[email protected]>" [full]
* tag 'pull-vfio-20251003' of https://github.com/legoater/qemu:
hw/vfio: Use uint64_t for IOVA mapping size in vfio_container_dma_*map
hw/vfio: Avoid ram_addr_t in vfio_container_query_dirty_bitmap()
hw/vfio: Reorder vfio_container_query_dirty_bitmap() trace format
system/iommufd: Use uint64_t type for IOVA mapping size
vfio: Remove workaround for kernel DMA unmap overflow bug
Signed-off-by: Richard Henderson <[email protected]>
Compare: https://github.com/qemu/qemu/compare/517e9b4862cc...81e3121bef89
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
