Branch: refs/heads/staging
Home: https://github.com/qemu/qemu
Commit: c513fa987b47d872ead4a8723f9c91d6aa4e4efc
https://github.com/qemu/qemu/commit/c513fa987b47d872ead4a8723f9c91d6aa4e4efc
Author: Paolo Bonzini <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M tcg/optimize.c
Log Message:
-----------
tcg/optimize: do use affected bits
We inadvertently disabled affected bits optimizations on operations
that use fold_masks_zosa. These happen relatively often in x86 code
for extract/sextract; for example given the following:
mov %esi, %ebp
xor $0x1, %ebp
the optimizer is able to simplify the "extract_i64 rbp,tmp0,$0x0,$0x20"
produced by the second instruction to a move.
Cc: [email protected]
Fixes: 932522a9ddc ("tcg/optimize: Fold and to extract during optimize")
Signed-off-by: Paolo Bonzini <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Commit: 930528daf4cfdbbfd63fbeb0be1d6a5af653cee6
https://github.com/qemu/qemu/commit/930528daf4cfdbbfd63fbeb0be1d6a5af653cee6
Author: Richard Henderson <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M tcg/optimize.c
Log Message:
-----------
tcg/optimize: Save o_mask in fold_masks_zosa_int
When adding o_mask to this function, we used it in a
couple of places but failed to save it for future use.
Also, update a related comment.
Cc: [email protected]
Fixes: 56f15f67ea1 ("tcg/optimize: Add one's mask to TempOptInfo")
Reported-by: Manos Pitsidianakis <[email protected]>
Reviewed-by: Pierrick Bouvier <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Commit: b58abe49afde8be6962cee9ee79b5c4ef8ab7103
https://github.com/qemu/qemu/commit/b58abe49afde8be6962cee9ee79b5c4ef8ab7103
Author: Richard Henderson <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M tcg/riscv/tcg-target.c.inc
Log Message:
-----------
tcg/riscv: Fix TCG_REG_TMP0 clobber in tcg_gen_dup{m,i}
TCG_REG_TMP0 may be used by set_vtype* to load the vtype
parameter, so delay any other use of TCG_REG_TMP0 until
the correct vtype has been installed.
Cc: [email protected]
Fixes: d4be6ee1111 ("tcg/riscv: Implement vector mov/dup{m/i}")
Reported-by: Zhijin Zeng <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Commit: e5d50d1670c01bfc8e129f0af61bc2141d45df1f
https://github.com/qemu/qemu/commit/e5d50d1670c01bfc8e129f0af61bc2141d45df1f
Author: Jean-Christian CÎRSTEA <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: allow null `pathname` for statx()/fstatat()
Since Linux 6.11, the path argument may be NULL.
Before this patch, qemu-*-linux-user failed with EFAULT when `pathname` was
specified as NULL, even for Linux kernel hosts > 6.10. This patch fixes this
issue by checking whether `arg2` is 0. If so, don't return EFAULT, but instead
perform the appropiate syscall and let the host's kernel handle null `pathname`.
Cc: [email protected]
Signed-off-by: Jean-Christian CÎRSTEA <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Commit: 85990a2a8e53726d4fb4e1ad6764a5c067b4257f
https://github.com/qemu/qemu/commit/85990a2a8e53726d4fb4e1ad6764a5c067b4257f
Author: Jim MacArthur <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M linux-user/elfload.c
Log Message:
-----------
linux-user/elfload.c: Correction to HWCAP2 accessor
get_elf_hwcap was used when get_elf_hwcap2 should have been.
Cc: [email protected]
Fixes: fcac98d0ba8b ("linux-user: Remove ELF_HWCAP2")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3259
Signed-off-by: Jim MacArthur <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Commit: c67b99e9db2e9c011ea1ecd61252155d42d110ab
https://github.com/qemu/qemu/commit/c67b99e9db2e9c011ea1ecd61252155d42d110ab
Author: Matthew Lugg <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M linux-user/mmap.c
Log Message:
-----------
linux-user: fix mremap unmapping adjacent region
This typo meant that calls to `mremap` which shrink a mapping by some N
bytes would, when the virtual address space was pre-reserved (e.g.
32-bit guest on 64-bit host), unmap the N bytes following the *original*
mapping.
Signed-off-by: Matthew Lugg <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Commit: bddd189af5ea2cc9da266d9350367fa6f3df7364
https://github.com/qemu/qemu/commit/bddd189af5ea2cc9da266d9350367fa6f3df7364
Author: Matthew Lugg <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M linux-user/mmap.c
Log Message:
-----------
linux-user: fix mremap errors for invalid ranges
If an address range given to `mremap` is invalid (exceeds addressing
bounds on the guest), we were previously returning `ENOMEM`, which is
not correct. The manpage and the Linux kernel implementation both agree
that if `old_addr`/`old_size` refer to an invalid address, `EFAULT` is
returned, and if `new_addr`/`new_size` refer to an invalid address,
`EINVAL` is returned.
Signed-off-by: Matthew Lugg <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Commit: b36979a78ebf7e212fcc56f2dfea1f0163cace22
https://github.com/qemu/qemu/commit/b36979a78ebf7e212fcc56f2dfea1f0163cace22
Author: Matthew Lugg <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M linux-user/mmap.c
Log Message:
-----------
linux-user: fix reserved_va page leak in do_munmap
The old logic had an off-by-one bug. For instance, assuming 4k pages on
host and guest, if 'len' is '4097' (indicating to unmap 2 pages), then
'last = start + 4096', so 'real_last = start + 4095', so ultimately
'real_len = 4096'. I do not believe this could cause any observable bugs
in guests, because `target_munmap` page-aligns the length it passes in.
However, calls to this function in `target_mremap` do not page-align the
length, so those calls could "drop" pages, leading to a part of the
reserved region becoming unmapped. At worst, a host allocation could get
mapped into that hole, then clobbered by a new guest mapping.
Signed-off-by: Matthew Lugg <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Commit: fc95a88344c16015bc768f9f125065574e583d11
https://github.com/qemu/qemu/commit/fc95a88344c16015bc768f9f125065574e583d11
Author: Matthew Lugg <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M tests/tcg/multiarch/test-mmap.c
Log Message:
-----------
tests: add tcg coverage for fixed mremap bugs
These tests cover the first two fixes in this patch series. The final
patch is not covered because the bug it fixes is not easily observable
by the guest.
Signed-off-by: Matthew Lugg <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Commit: e4fb421f132f912a2918894e8a1055158fbab5f1
https://github.com/qemu/qemu/commit/e4fb421f132f912a2918894e8a1055158fbab5f1
Author: Michael Tokarev <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: cleanup epoll_pwait ifdeff'ery
All linux targets these days have epoll_pwait system call
(while some miss epoll_wait, which is less generic). And
all linux targets definitely has one or another epoll_*wait*
system call - so whole code block dealing with this system
call should always be present.
Remove the now-unneeded ifdef'fery.
Reviewed-by: Pierrick Bouvier <[email protected]>
Signed-off-by: Michael Tokarev <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Commit: cbb91d7aeb89b6a727846525a653e69dd584f0be
https://github.com/qemu/qemu/commit/cbb91d7aeb89b6a727846525a653e69dd584f0be
Author: Michael Tokarev <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: implement epoll_pwait2 syscall
epoll_pwait2 is the same as epoll_pwait but with timeout being
(a pointer to) struct timespec instead of an integer.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3210
Signed-off-by: Michael Tokarev <[email protected]>
Reviewed-by: Pierrick Bouvier <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Commit: 7ae141c0fabeb95720bf3a3e5e3d9d98a48e93cf
https://github.com/qemu/qemu/commit/7ae141c0fabeb95720bf3a3e5e3d9d98a48e93cf
Author: Daniel P. Berrangé <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M meson.build
Log Message:
-----------
meson: disable libatomic with GCC >= 16
Historically it was required to ask for libatomic explicitly with
-latomic, but with GCC >= 16 apps will get linked to libatomic
whether they ask for it or not.
This invalidates QEMU's check for atomic op support for int128
which explicitly does NOT want to use the libatomic impl. As a
result with GCC >= 16, QEMU is now getting linked to libatomic
and is activating CONFIG_ATOMIC128. This in turn exposes a bug
in GCC's libatomic.a static buld which is incompatible with the
use of -static-pie leading to build failures like:
/usr/bin/ld: /usr/lib/gcc/x86_64-redhat-linux/16/libatomic.a(cas_16_.o):
relocation R_X86_64_32 against hidden symbol `libat_compare_exchange_16_i1' can
not be used when making a PIE object
/usr/bin/ld: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
The newly introduced -fno-link-libatomic flag can be used to
disable the new automatic linking of libatomic. Setting this in
qemu_isa_flags early on ensures that the check for CONFIG_ATOMIC128
still works correctly.
Signed-off-by: Daniel P. Berrangé <[email protected]>
Acked-by: Paolo Bonzini <[email protected]>
Reviewed-by: Richard Henderson <[email protected]>
Signed-off-by: Richard Henderson <[email protected]>
Message-ID: <[email protected]>
Commit: b85875501e8e7291a3010aa2b010506b53054b53
https://github.com/qemu/qemu/commit/b85875501e8e7291a3010aa2b010506b53054b53
Author: Richard Henderson <[email protected]>
Date: 2026-01-11 (Sun, 11 Jan 2026)
Changed paths:
M linux-user/elfload.c
M linux-user/mmap.c
M linux-user/syscall.c
M meson.build
M tcg/optimize.c
M tcg/riscv/tcg-target.c.inc
M tests/tcg/multiarch/test-mmap.c
Log Message:
-----------
Merge tag 'pull-tcg-20260111' of https://gitlab.com/rth7680/qemu into staging
meson: disable libatomic with GCC >= 16
linux-user: allow null `pathname` for statx()/fstatat()
linux-user/elfload.c: Correction to HWCAP2 accessor
linux-user: fix mremap errors
linux-user: cleanup epoll_pwait ifdeff'ery
linux-user: implement epoll_pwait2 syscall
tcg/optimize: do use affected bits
tcg/optimize: Save o_mask in fold_masks_zosa_int
tcg/riscv: Fix TCG_REG_TMP0 clobber in tcg_gen_dup{m,i}
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmljOM0dHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9iZQgAkKBruLSIKNbBGswR
# NPrkjJ/7t724ZniCTA5FH5TfT9c7kw7t3p/RtiqhagUiCaWOxSI06aA6S768Wec/
# XyjCaBa2/KKyRFF426749T4ENuEb3QMvDkRsZEEyTknf0rSuizERAfNdRvD81oEU
# tEEDqCygis6kIMKDvCwTD6kgcx+OTNH70E3Ijklr4wCvE4LmStfKqjw9994a+kqg
# PYxI9MQL8Q/sGkGGoTKTZwetYdon2hMPziBc55Q8byEKISQPqX54VyMipcUF09tV
# jUR1r1WMBWsaNzRpHaexW4yWRXYk2v+D8OoLNGGPCQb/F3IYTqqJ0u1MldV6By8S
# WFynyQ==
# =6dmG
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 11 Jan 2026 04:44:45 PM AEDT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "[email protected]"
# gpg: Good signature from "Richard Henderson <[email protected]>"
[ultimate]
* tag 'pull-tcg-20260111' of https://gitlab.com/rth7680/qemu:
meson: disable libatomic with GCC >= 16
linux-user: implement epoll_pwait2 syscall
linux-user: cleanup epoll_pwait ifdeff'ery
tests: add tcg coverage for fixed mremap bugs
linux-user: fix reserved_va page leak in do_munmap
linux-user: fix mremap errors for invalid ranges
linux-user: fix mremap unmapping adjacent region
linux-user/elfload.c: Correction to HWCAP2 accessor
linux-user: allow null `pathname` for statx()/fstatat()
tcg/riscv: Fix TCG_REG_TMP0 clobber in tcg_gen_dup{m,i}
tcg/optimize: Save o_mask in fold_masks_zosa_int
tcg/optimize: do use affected bits
Signed-off-by: Richard Henderson <[email protected]>
Compare: https://github.com/qemu/qemu/compare/b254e4862424...b85875501e8e
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
