Branch: refs/heads/staging
Home: https://github.com/qemu/qemu
Commit: 9d1bccac8f1090a51468fddccfeb6e0c92bcb9ca
https://github.com/qemu/qemu/commit/9d1bccac8f1090a51468fddccfeb6e0c92bcb9ca
Author: Soumyajyotii Ssarkar <[email protected]>
Date: 2025-11-07 (Fri, 07 Nov 2025)
Changed paths:
M hw/scsi/ncr53c710.c
Log Message:
-----------
ncr710: Fix potential null pointer dereference
The code dereferences s->current before checking if it is NULL. Move the
null check before the dereference to prevent potential crashes.
This issue could occur if s->current is NULL when the function reaches
the "Host adapter (re)connected" path, though this should not normally
happen during correct operation.
Reported-by: Stefan Hajnoczi <[email protected]>
Reported-by: GuoHan Zhao <[email protected]>
Suggested-by: GuoHan Zhao <[email protected]>
Signed-off-by: Soumyajyotii Ssarkar <[email protected]>
Reviewed-by: Helge Deller <[email protected]>
Signed-off-by: Helge Deller <[email protected]>
Commit: 32878c6b4a2e399435bea0d0a2075c9379e55473
https://github.com/qemu/qemu/commit/32878c6b4a2e399435bea0d0a2075c9379e55473
Author: Soumyajyotii Ssarkar <[email protected]>
Date: 2025-11-07 (Fri, 07 Nov 2025)
Changed paths:
M hw/scsi/ncr53c710.c
Log Message:
-----------
ncr710: Drop leftover debug code
That code was part of some debugging code. Now it has no effect any
longer, so let's drop it.
Reported-by: Stefan Hajnoczi <[email protected]>
Signed-off-by: Soumyajyotii Ssarkar <[email protected]>
Reviewed-by: Helge Deller <[email protected]>
Signed-off-by: Helge Deller <[email protected]>
Commit: 343166a084c522e8090bea6e8ef0137e85759591
https://github.com/qemu/qemu/commit/343166a084c522e8090bea6e8ef0137e85759591
Author: Soumyajyotii Ssarkar <[email protected]>
Date: 2025-11-07 (Fri, 07 Nov 2025)
Changed paths:
M hw/net/i82596.c
Log Message:
-----------
i82596: Remove crc_valid variable
While testing and developing for the HPUX 10.20 the crc_valid variable
was used in performing CRC checks for the loopback. I expected the
CRC to be absent on specific condition and would skip some
functional checks for the loopback packet, so initially it added
a if-clause that would skip the checks preventing HPUX from
getting stuck at phase loopback.
However, we can remove it, and this then fixes Coverity CID 1642868.
Reported-by: Peter Maydell <[email protected]>
Signed-off-by: Soumyajyotii Ssarkar <[email protected]>
Reviewed-by: Helge Deller <[email protected]>
Signed-off-by: Helge Deller <[email protected]>
Commit: 54c1e9cdeee71b84f1e78d01f3e083cf5158bd08
https://github.com/qemu/qemu/commit/54c1e9cdeee71b84f1e78d01f3e083cf5158bd08
Author: Soumyajyotii Ssarkar <[email protected]>
Date: 2025-11-07 (Fri, 07 Nov 2025)
Changed paths:
M hw/net/i82596.c
Log Message:
-----------
i82596: Adding proper break-statement functionality in RX functions
Fix coverty reported logic error CID 1642873.
The initial issue was the break statement exited out of the for loop
unconditionally.
Now, the break only happens if rfd is null, out_of_resources or
bytes_copied < payload_size.
Reported-by: Peter Maydell <[email protected]>
Signed-off-by: Soumyajyotii Ssarkar <[email protected]>
Reviewed-by: Helge Deller <[email protected]>
Signed-off-by: Helge Deller <[email protected]>
Commit: 2dd1d20b0932fb5c29960fa5c1e57fb11e490413
https://github.com/qemu/qemu/commit/2dd1d20b0932fb5c29960fa5c1e57fb11e490413
Author: Soumyajyotii Ssarkar <[email protected]>
Date: 2025-11-09 (Sun, 09 Nov 2025)
Changed paths:
M hw/scsi/lasi_ncr710.c
M hw/scsi/lasi_ncr710.h
M hw/scsi/ncr53c710.c
M hw/scsi/ncr53c710.h
Log Message:
-----------
ncr710: Add missing vmstate entries
Signed-off-by: Soumyajyotii Ssarkar <[email protected]>
Reviewed-by: Helge Deller <[email protected]>
Signed-off-by: Helge Deller <[email protected]>
Commit: 0336727f4859ee9ed1fbb7e88f4e22f6e08fab92
https://github.com/qemu/qemu/commit/0336727f4859ee9ed1fbb7e88f4e22f6e08fab92
Author: Soumyajyotii Ssarkar <[email protected]>
Date: 2025-11-09 (Sun, 09 Nov 2025)
Changed paths:
M hw/scsi/ncr53c710.c
Log Message:
-----------
ncr710: Use address space of device instead of global address space
Signed-off-by: Soumyajyotii Ssarkar <[email protected]>
Reviewed-by: Helge Deller <[email protected]>
Signed-off-by: Helge Deller <[email protected]>
Commit: 8c1fa9cbecba50ae7e732923ee567fe40551d1a6
https://github.com/qemu/qemu/commit/8c1fa9cbecba50ae7e732923ee567fe40551d1a6
Author: Helge Deller <[email protected]>
Date: 2025-11-09 (Sun, 09 Nov 2025)
Changed paths:
M pc-bios/hppa-firmware.img
M pc-bios/hppa-firmware64.img
M roms/seabios-hppa
Log Message:
-----------
target/hppa: Update SeaBIOS-hppa to version 20
This is SeaBIOS for the hppa architecture v20
and it contains mostly bugfixes for issues which
were introduced by adding the 715/64 machine.
Fixes include:
- Fix inventory for 715 Snake machine
- Detect if LASI LAN and SCSI exists at startup
- Allow LASI LAN on B160L if created by qemu
- Enhance error messages
Signed-off-by: Helge Deller <[email protected]>
Commit: 98d7c299415bb21b5fa6e44020df608acfea729f
https://github.com/qemu/qemu/commit/98d7c299415bb21b5fa6e44020df608acfea729f
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M accel/tcg/tb-maint.c
M accel/tcg/trace-events
Log Message:
-----------
accel/tcg: Trace tb_flush() calls
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Commit: 31dd80e1e7a237cb7a096589b726801c085ebb19
https://github.com/qemu/qemu/commit/31dd80e1e7a237cb7a096589b726801c085ebb19
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M accel/tcg/trace-events
M accel/tcg/translate-all.c
Log Message:
-----------
accel/tcg: Trace tb_gen_code() buffer overflow
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Commit: 1ca08107c54227580786527db28fb77440f62391
https://github.com/qemu/qemu/commit/1ca08107c54227580786527db28fb77440f62391
Author: Markus Armbruster <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M scripts/qapi/parser.py
Log Message:
-----------
qapi/parser: Mollify mypy
re.match(r'^ *', ...) can't fail, but mypy doesn't know that and
complains:
scripts/qapi/parser.py:444: error: Item "None" of "Match[str] | None" has
no attribute "end" [union-attr]
Work around by using must_match() instead.
Fixes: 8107ba47fd78 (qapi: Add documentation format validation)
Signed-off-by: Markus Armbruster <[email protected]>
Reviewed-by: Vladimir Sementsov-Ogievskiy <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Commit: 290e4e7de7a579be7457bfbc338b697b8eea638f
https://github.com/qemu/qemu/commit/290e4e7de7a579be7457bfbc338b697b8eea638f
Author: Philippe Mathieu-Daudé <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M tests/functional/mips64el/test_replay.py
Log Message:
-----------
tests/functional: Mark another MIPS replay test as flaky
When disabling MIPS tests on commit 1c11aa18071
("tests/functional: Mark the MIPS replay tests as flaky")
we missed the 5KEc test.
Reported-by: Richard Henderson <[email protected]>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Commit: 4f503afc7eb503997fedad84f24e2cdf696a7a0e
https://github.com/qemu/qemu/commit/4f503afc7eb503997fedad84f24e2cdf696a7a0e
Author: Peter Maydell <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M target/i386/tcg/decode-new.c.inc
Log Message:
-----------
target/x86: Correctly handle invalid 0x0f 0xc7 0xxx insns
In the decode_group9() function, if we don't recognise the insn as
one that we should handle, we leave the 'entry' pointer unaltered.
Because the X86OpEntry struct has a union for the gen and decode
pointers, this means that the top level code will call decode.e.gen()
which tries to use the decode function pointer (still set to
decode_group9) as a gen function pointer.
This is undefined behaviour, but seems to be mostly harmless in
practice (we call decode_group9() again with bogus arguments and it
does nothing). If you have CFI enabled then it will trip the CFI
check:
../target/i386/tcg/decode-new.c.inc:2862:9: runtime error: control flow
integrity check for type 'void (struct DisasContext *, struct X86DecodedInsn
*)' failed during indirect function call
Set *entry to UNKNOWN_OPCODE to provoke the #UD exception, as we do
in decode_group1A() and decode_group11() for similar situations.
Thanks to the bug reporter for the clear description and analysis of
the bug and the simple reproducer.
Cc: [email protected]
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3172
Fixes: fcd16539ebfe2 ("target/i386: convert CMPXCHG8B/CMPXCHG16B to new
decoder")
Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Commit: 681480a1391b32c6d4474d4426ce3371eed06fa9
https://github.com/qemu/qemu/commit/681480a1391b32c6d4474d4426ce3371eed06fa9
Author: Richard Henderson <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M accel/tcg/tb-maint.c
M accel/tcg/trace-events
M accel/tcg/translate-all.c
M scripts/qapi/parser.py
M target/i386/tcg/decode-new.c.inc
M tests/functional/mips64el/test_replay.py
Log Message:
-----------
Merge tag 'pull-misc-20251110' of https://gitlab.com/rth7680/qemu into staging
accel/tcg: Trace tb_flush() calls
accel/tcg: Trace tb_gen_code() buffer overflow
qapi/parser: Mollify mypy
tests/functional: Mark another MIPS replay test as flaky
target/x86: Correctly handle invalid 0x0f 0xc7 0xxx insns
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmkRx8EdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9wywf/e1aFOMdj6SFHeum6
# vb7cmWZWDQr5KrV2lnHxkAhoGk4TL6StlWNgSJfUVAzeElbNTqM+W/w0yJrM7W6K
# LEsYCVsvA1juIrfD8aPkzO5+hS0bv+nCS74k7OsYlS4u20A7FBRrR98UI4icgYO0
# ND4hEdGMP+1+Rc+U8+qhP4KiXMW2c3MC7SXwsb8fvdBvbe9Oh7ExpeOJao8mlasg
# hmu4WrjGQwkxLLLkAK7F55IgJx6x8QIWxtjg+q1AxA7AhgnG/kQ8e4RDF8cZyORF
# fsVRgST4o7kCdM9n2eicVLf2P0BLbZgM1bpsoXPadjTUMpioXLujGCIzl5Cnto4k
# AjpTJQ==
# =Tirj
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 10 Nov 2025 12:08:49 PM CET
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "[email protected]"
# gpg: Good signature from "Richard Henderson <[email protected]>"
[ultimate]
* tag 'pull-misc-20251110' of https://gitlab.com/rth7680/qemu:
target/x86: Correctly handle invalid 0x0f 0xc7 0xxx insns
tests/functional: Mark another MIPS replay test as flaky
qapi/parser: Mollify mypy
accel/tcg: Trace tb_gen_code() buffer overflow
accel/tcg: Trace tb_flush() calls
Signed-off-by: Richard Henderson <[email protected]>
Commit: 49877625c97143ff19e63ac87df5d7094a9377ea
https://github.com/qemu/qemu/commit/49877625c97143ff19e63ac87df5d7094a9377ea
Author: Richard Henderson <[email protected]>
Date: 2025-11-10 (Mon, 10 Nov 2025)
Changed paths:
M hw/net/i82596.c
M hw/scsi/lasi_ncr710.c
M hw/scsi/lasi_ncr710.h
M hw/scsi/ncr53c710.c
M hw/scsi/ncr53c710.h
M pc-bios/hppa-firmware.img
M pc-bios/hppa-firmware64.img
M roms/seabios-hppa
Log Message:
-----------
Merge tag 'lasi-fixes-pull-request' of https://github.com/hdeller/qemu-hppa
into staging
hppa lasi bugfixes pull request
Please pull a bunch of fixes which repair issues introduced due to the previous
patch series which added LASI SCSI and LASI network card support as well as
the new 715 machines.
This includes fixes for reported coverty issues, and repairs the B160L machine
emulation.
Thanks!
Helge
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCaREQRQAKCRD3ErUQojoP
# Xy+DAQDJk9BbaZA4DOIMptbGewQMJLRYESa6XClF3s0IdbORQQD8DB49ipDtQkBz
# 50VfT6IusGBBKMaLr/9XgKqrk2bBqgc=
# =mgEV
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 09 Nov 2025 11:05:57 PM CET
# gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <[email protected]>" [unknown]
# gpg: aka "Helge Deller <[email protected]>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'lasi-fixes-pull-request' of https://github.com/hdeller/qemu-hppa:
target/hppa: Update SeaBIOS-hppa to version 20
ncr710: Use address space of device instead of global address space
ncr710: Add missing vmstate entries
i82596: Adding proper break-statement functionality in RX functions
i82596: Remove crc_valid variable
ncr710: Drop leftover debug code
ncr710: Fix potential null pointer dereference
Signed-off-by: Richard Henderson <[email protected]>
Compare: https://github.com/qemu/qemu/compare/917ac07f9aef...49877625c971
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
