From ad2085658511d0b14db7fca54094471b37bc6751 Mon Sep 17 00:00:00 2001 From: "David Hildenbrand (Red Hat)" Date: Mon, 3 Nov 2025 11:39:46 +0100 Subject: [PATCH 01/18] MAINTAINERS: Update David Hildenbrand's email address MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Switch to kernel.org email address as I will be leaving Red Hat. The old address will remain active until end of January 2026, so performing the change now should make sure that most mails will reach me. Signed-off-by: David Hildenbrand Signed-off-by: David Hildenbrand (Red Hat) Reviewed-by: Philippe Mathieu-Daudé Tested-by: Philippe Mathieu-Daudé Message-ID: <20251103103947.384401-1-david@kernel.org> Signed-off-by: Philippe Mathieu-Daudé --- .mailmap | 1 + MAINTAINERS | 18 +++++++++--------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.mailmap b/.mailmap index 7f817d9f42..0690f7be34 100644 --- a/.mailmap +++ b/.mailmap @@ -82,6 +82,7 @@ Brian Cain Brian Cain Christian Borntraeger Damien Hedde +David Hildenbrand Filip Bozuta Frederic Konrad Frederic Konrad diff --git a/MAINTAINERS b/MAINTAINERS index 38325e0617..d1c5080e50 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -364,7 +364,7 @@ F: target/rx/ S390 TCG CPUs M: Richard Henderson -M: David Hildenbrand +M: David Hildenbrand R: Ilya Leoshkevich S: Maintained F: target/s390x/ @@ -1862,7 +1862,7 @@ F: target/s390x/ioinst.c L: qemu-s390x@nongnu.org S390 CPU models -M: David Hildenbrand +M: David Hildenbrand S: Maintained F: target/s390x/cpu_features*.[ch] F: target/s390x/cpu_models.[ch] @@ -2384,7 +2384,7 @@ F: tests/functional/x86_64/test_virtio_version.py virtio-balloon M: Michael S. Tsirkin -M: David Hildenbrand +M: David Hildenbrand S: Maintained F: docs/interop/virtio-balloon-stats.rst F: hw/virtio/virtio-balloon*.c @@ -2532,7 +2532,7 @@ F: hw/virtio/virtio-crypto-pci.c F: include/hw/virtio/virtio-crypto.h virtio based memory device -M: David Hildenbrand +M: David Hildenbrand S: Supported F: hw/s390x/virtio-ccw-md.c F: hw/s390x/virtio-ccw-md.h @@ -2541,7 +2541,7 @@ F: hw/virtio/virtio-md-*.c F: include/hw/virtio/virtio-md-pci.h virtio-mem -M: David Hildenbrand +M: David Hildenbrand S: Supported W: https://virtio-mem.gitlab.io/ F: hw/virtio/virtio-mem.c @@ -2919,7 +2919,7 @@ L: qemu-s390x@nongnu.org S390 floating interrupt controller M: Halil Pasic M: Christian Borntraeger -M: David Hildenbrand +M: David Hildenbrand R: Jason Herne S: Supported F: hw/intc/s390_flic*.c @@ -3248,7 +3248,7 @@ T: git https://gitlab.com/stsquad/qemu gdbstub/next Memory API M: Paolo Bonzini M: Peter Xu -M: David Hildenbrand +M: David Hildenbrand R: Philippe Mathieu-Daudé S: Supported F: include/system/ioport.h @@ -3268,7 +3268,7 @@ F: system/ram-block-attributes.c F: scripts/coccinelle/memory-region-housekeeping.cocci Memory devices -M: David Hildenbrand +M: David Hildenbrand M: Igor Mammedov R: Xiao Guangrong S: Supported @@ -3371,7 +3371,7 @@ R: Ilya Maximets F: net/af-xdp.c Host Memory Backends -M: David Hildenbrand +M: David Hildenbrand M: Igor Mammedov S: Maintained F: backends/hostmem*.c From 3abfbb571143ba865488b6c11f8ad75dda97d1a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Date: Thu, 6 Nov 2025 11:51:48 +0100 Subject: [PATCH 02/18] hw/intc/ioapic: Fix ACCEL_KERNEL_GSI_IRQFD_POSSIBLE typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 638ac1c78457 introduced a regression in interrupt remapping when running a VM configured with an intel-iommu device and an assigned PCI VF. During boot, Linux reports repeated messages : [ 15.416794] __common_interrupt: 2.37 No irq handler for vector [ 15.417266] __common_interrupt: 2.37 No irq handler for vector [ 15.417733] __common_interrupt: 2.37 No irq handler for vector [ 15.418202] __common_interrupt: 2.37 No irq handler for vector [ 15.418670] __common_interrupt: 2.37 No irq handler for vector and may eventually hang. The issue is caused by the incorrect use of the macro ACCEL_KERNEL_GSI_IRQFD_POSSIBLE, which should instead be ACCEL_GSI_IRQFD_POSSIBLE. Fixes: 638ac1c78457 ("hw/intc: Generalize APIC helper names from kvm_* to accel_*") Cc: Magnus Kulke Signed-off-by: Cédric Le Goater Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20251106105148.737093-1-clg@redhat.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/intc/ioapic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/intc/ioapic.c b/hw/intc/ioapic.c index e431d00311..38e4384648 100644 --- a/hw/intc/ioapic.c +++ b/hw/intc/ioapic.c @@ -216,7 +216,7 @@ static void ioapic_update_kvm_routes(IOAPICCommonState *s) #endif } -#ifdef ACCEL_KERNEL_GSI_IRQFD_POSSIBLE +#ifdef ACCEL_GSI_IRQFD_POSSIBLE static void ioapic_iec_notifier(void *private, bool global, uint32_t index, uint32_t mask) { @@ -434,7 +434,7 @@ static const MemoryRegionOps ioapic_io_ops = { static void ioapic_machine_done_notify(Notifier *notifier, void *data) { -#ifdef ACCEL_KERNEL_GSI_IRQFD_POSSIBLE +#ifdef ACCEL_GSI_IRQFD_POSSIBLE IOAPICCommonState *s = container_of(notifier, IOAPICCommonState, machine_done); From 321ded29e663ca040a0c4ecd3ff97452c9d30a3f Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 7 Nov 2025 17:43:06 +0000 Subject: [PATCH 03/18] system/qtest.c: Allow for multiple CHR_EVENT_CLOSED events MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In the qtest_event() QEMUChrEvent handler, we create a timer and log OPENED on CHR_EVENT_OPENED, and we destroy the timer and log CLOSED on CHR_EVENT_CLOSED. However, the chardev subsystem can send us more than one CHR_EVENT_CLOSED if we're reading from a file chardev: * the first one happens when we read the last data from the file * the second one happens when the user hits ^C to exit QEMU and the chardev is finalized: char_fd_finalize() This causes us to call g_timer_elapsed() with a NULL timer (which glib complains about) and print an extra CLOSED log line with a zero timestamp: [I +0.063829] CLOSED qemu-system-aarch64: GLib: g_timer_elapsed: assertion 'timer != NULL' failed [I +0.000000] CLOSED Avoid this by ignoring a CHR_EVENT_CLOSED if we have already processed one. Signed-off-by: Peter Maydell Reviewed-by: Laurent Vivier Reviewed-by: Fabiano Rosas Message-ID: <20251107174306.1408139-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé --- system/qtest.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/system/qtest.c b/system/qtest.c index e4d1cd75da..cbeb7f3772 100644 --- a/system/qtest.c +++ b/system/qtest.c @@ -808,6 +808,10 @@ static void qtest_event(void *opaque, QEMUChrEvent event) } break; case CHR_EVENT_CLOSED: + if (!qtest_opened) { + /* Ignore CLOSED events if we have already closed the log */ + break; + } qtest_opened = false; if (qtest_log_fp) { fprintf(qtest_log_fp, "[I +" FMT_timeval "] CLOSED\n", g_timer_elapsed(timer, NULL)); From 2739d6ff50bbfcb1983660730a05be26271e4fce Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Mon, 10 Nov 2025 19:05:06 +0800 Subject: [PATCH 04/18] hw/sd: Fix incorrect idle state reporting in R1 response for SPI mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since commit b66f73a0 ("hw/sd: Add SDHC support for SD card SPI-mode"), the CARD_POWER_UP bit in the OCR register has been set after reset. Therefore, checking this bit against zero in sd_response_r1_make() to determine the card’s idle state is incorrect in SPI mode. As a result, QEMU makes the U-Boot mmc-spi driver believe the card never leaves the reset state. Fixes: 1585ab9f ("hw/sd/sdcard: Fill SPI response bits in card code") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2945 Reported-by: Tom Rini Signed-off-by: Bin Meng Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20251110110507.1641042-2-bmeng.cn@gmail.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/sd/sd.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hw/sd/sd.c b/hw/sd/sd.c index 9c86c016cc..5aae541363 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -789,8 +789,7 @@ static size_t sd_response_size(SDState *sd, sd_rsp_type_t rtype) static void sd_response_r1_make(SDState *sd, uint8_t *response) { if (sd_is_spi(sd)) { - response[0] = sd->state == sd_idle_state - && !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); + response[0] = sd->state == sd_idle_state; response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_RESET) << 1; response[0] |= FIELD_EX32(sd->card_status, CSR, ILLEGAL_COMMAND) << 2; response[0] |= FIELD_EX32(sd->card_status, CSR, COM_CRC_ERROR) << 3; From 40260d3ea67cc5cdf20553be24353680d70b1b6c Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Mon, 10 Nov 2025 19:05:07 +0800 Subject: [PATCH 05/18] hw/sd: Fix ACMD41 state machine in SPI mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In SPI mode, the ACMD41 argument only defines bit 30 (HCS); all other bits are reserved. The current implementation incorrectly checks the voltage window bits even in SPI mode, preventing the state machine from transitioning to the READY state. As a result, the U-Boot mmc-spi driver falls into an endless CMD55/ACMD41 loop. Fixes: 3241a61a ("hw/sd/sdcard: Use complete SEND_OP_COND implementation in SPI mode") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2945 Reported-by: Tom Rini Signed-off-by: Bin Meng Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20251110110507.1641042-3-bmeng.cn@gmail.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/sd/sd.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/hw/sd/sd.c b/hw/sd/sd.c index 5aae541363..df5a36fad9 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -2289,20 +2289,21 @@ static sd_rsp_type_t sd_cmd_SEND_OP_COND(SDState *sd, SDRequest req) } } - if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) { - /* - * We accept any voltage. 10000 V is nothing. - * - * Once we're powered up, we advance straight to ready state - * unless it's an enquiry ACMD41 (bits 23:0 == 0). - */ - sd->state = sd_ready_state; - } - if (sd_is_spi(sd)) { + sd->state = sd_ready_state; return sd_r1; + } else { + if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) { + /* + * We accept any voltage. 10000 V is nothing. + * + * Once we're powered up, we advance straight to ready state + * unless it's an enquiry ACMD41 (bits 23:0 == 0). + */ + sd->state = sd_ready_state; + } + return sd_r3; } - return sd_r3; } /* ACMD42 */ From a344e22917f48d8cd876d72057bcfb938beb0630 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yannick=20Vo=C3=9Fen?= Date: Tue, 11 Nov 2025 11:28:29 +0100 Subject: [PATCH 06/18] hw/dma/zynq-devcfg: Fix register memory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Registers are always 32 bit aligned. R_MAX is not the maximum register address, it is the maximum register number. The memory size can be determined by 4 * R_MAX. Currently every register with an offset bigger than 0x40 will be ignored, because the memory size is set wrong. This effects the MCTRL register and makes it useless. This commit restores the correct behaviour. Cc: qemu-stable@nongnu.org Fixes: 034c2e69023 ("dma: Add Xilinx Zynq devcfg device model") Signed-off-by: YannickV Reviewed-by: Edgar E. Iglesias Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20251111102836.212535-9-corvin.koehne@gmail.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/dma/xlnx-zynq-devcfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/dma/xlnx-zynq-devcfg.c b/hw/dma/xlnx-zynq-devcfg.c index 26845713ee..8141d46033 100644 --- a/hw/dma/xlnx-zynq-devcfg.c +++ b/hw/dma/xlnx-zynq-devcfg.c @@ -372,7 +372,7 @@ static void xlnx_zynq_devcfg_init(Object *obj) s->regs_info, s->regs, &xlnx_zynq_devcfg_reg_ops, XLNX_ZYNQ_DEVCFG_ERR_DEBUG, - XLNX_ZYNQ_DEVCFG_R_MAX); + XLNX_ZYNQ_DEVCFG_R_MAX * 4); memory_region_add_subregion(&s->iomem, A_CTRL, ®_array->mem); From f20a824902abe144c1441322d02ba18567797452 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Wed, 12 Nov 2025 09:35:19 +0100 Subject: [PATCH 07/18] hw/arm: Re-enable xenpvh machine in qemu-system-arm/aarch64 binaries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While registering the ARM/Aarch64 machine interfaces in commit 38c5ab40031 ("hw/arm: Filter machine types for qemu-system-arm/aarch64 binaries"), we missed the XenPV machine. Correct that. Reported-by: Edgar E. Iglesias Signed-off-by: Philippe Mathieu-Daudé Tested-by: Edgar E. Iglesias Reviewed-by: Edgar E. Iglesias Message-Id: <20251117091253.56009-1-philmd@linaro.org> --- hw/arm/xen-pvh.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/arm/xen-pvh.c b/hw/arm/xen-pvh.c index 1a9eeb01c8..86a0296616 100644 --- a/hw/arm/xen-pvh.c +++ b/hw/arm/xen-pvh.c @@ -10,6 +10,7 @@ #include "hw/boards.h" #include "system/system.h" #include "hw/xen/xen-pvh-common.h" +#include "hw/arm/machines-qom.h" #define TYPE_XEN_ARM MACHINE_TYPE_NAME("xenpvh") @@ -95,6 +96,7 @@ static const TypeInfo xen_arm_machine_type = { .class_init = xen_arm_machine_class_init, .instance_size = sizeof(XenPVHMachineState), .instance_init = xen_arm_instance_init, + .interfaces = arm_aarch64_machine_interfaces, }; static void xen_arm_machine_register_types(void) From 99282a805cea60a1b81223b1ed4fe42ea4b16189 Mon Sep 17 00:00:00 2001 From: Jan Kiszka Date: Fri, 14 Nov 2025 22:27:35 +0100 Subject: [PATCH 08/18] hw/sd/sdcard: Avoid confusing address calculation in rpmb_calc_hmac MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From the source frame, we initially need to copy out all fields after data, thus starting from nonce on. Avoid expressing this indirectly by pointing to the end of the data field - which also raised the attention of Coverity (out-of-bound read /wrt data). Resolves: CID 1642869 Reported-by: GuoHan Zhao Signed-off-by: Jan Kiszka Reviewed-by: Philippe Mathieu-Daudé Message-ID: <4f7e1952-ecbd-4484-b128-9d02de3a7935@siemens.com> [PMD: Add comment before the memcpy() call] Signed-off-by: Philippe Mathieu-Daudé --- hw/sd/sd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hw/sd/sd.c b/hw/sd/sd.c index df5a36fad9..40a75a43ff 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -1160,8 +1160,13 @@ static bool rpmb_calc_hmac(SDState *sd, const RPMBDataFrame *frame, assert(RPMB_HASH_LEN <= sizeof(sd->data)); - memcpy((uint8_t *)buf + RPMB_DATA_LEN, &frame->data[RPMB_DATA_LEN], + /* + * We will hash everything from data field to the end of RPMBDataFrame. + */ + memcpy((uint8_t *)buf + RPMB_DATA_LEN, + (uint8_t *)frame + offsetof(RPMBDataFrame, nonce), RPMB_HASH_LEN - RPMB_DATA_LEN); + offset = lduw_be_p(&frame->address) * RPMB_DATA_LEN + sd_part_offset(sd); do { if (blk_pread(sd->blk, offset, RPMB_DATA_LEN, buf, 0) < 0) { From d3bc229c79c7d5a94463f836707793331807b709 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 17 Nov 2025 18:20:19 +0100 Subject: [PATCH 09/18] qga/commands: Include proper Solaris header for getloadavg() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Solaris declares getloadavg() in : getloadavg(3C) Standard C Library Functions getloadavg(3C) NAME getloadavg - get system load averages SYNOPSIS #include int getloadavg(double loadavg[], int nelem); [...] Oracle Solaris 11.4 23 Jul 2020 getloadavg(3C) Include it in order to avoid: ../qga/commands-posix.c: In function 'qmp_guest_get_load': ../qga/commands-posix.c:1408:9: error: implicit declaration of function 'getloadavg' [-Wimplicit-function-declaration] 1408 | if (getloadavg(loadavg, G_N_ELEMENTS(loadavg)) < 0) { | ^~~~~~~~~~ ../qga/commands-posix.c:1408:9: warning: nested extern declaration of 'getloadavg' [-Wnested-externs] ../configure relevant output: C compiler for the host machine: gcc (gcc 14.2.0 "gcc (GCC) 14.2.0") C linker for the host machine: gcc ld.solaris 5.11-1.3315 Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Kostiantyn Kostiuk Acked-by: Richard Henderson Message-Id: <20251117203834.83713-2-philmd@linaro.org> --- qga/commands-posix.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/qga/commands-posix.c b/qga/commands-posix.c index c7059857e4..66f3e6f673 100644 --- a/qga/commands-posix.c +++ b/qga/commands-posix.c @@ -43,6 +43,9 @@ #include #endif #ifdef CONFIG_SOLARIS +#ifdef CONFIG_GETLOADAVG +#include +#endif #include #endif #endif From 9c3b76a0d40671cbdf1f97c662311ec8bb517c76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Sun, 16 Nov 2025 23:56:54 +0100 Subject: [PATCH 10/18] hw/southbridge/lasi: Correct LasiState parent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit TYPE_LASI_CHIP inherits from TYPE_SYS_BUS_DEVICE, not TYPE_PCI_HOST_BRIDGE, so its parent structure is of SysBusDevice type. Cc: qemu-stable@nongnu.org Fixes: 376b851909d ("hppa: Add support for LASI chip with i82596 NIC") Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Gustavo Romero Reviewed-by: Thomas Huth Message-Id: <20251117091804.56529-1-philmd@linaro.org> --- include/hw/misc/lasi.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/hw/misc/lasi.h b/include/hw/misc/lasi.h index 04312d0b58..0e95be1c32 100644 --- a/include/hw/misc/lasi.h +++ b/include/hw/misc/lasi.h @@ -13,8 +13,8 @@ #define LASI_H #include "system/address-spaces.h" -#include "hw/pci/pci_host.h" #include "hw/boards.h" +#include "hw/sysbus.h" #define TYPE_LASI_CHIP "lasi-chip" OBJECT_DECLARE_SIMPLE_TYPE(LasiState, LASI_CHIP) @@ -63,7 +63,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(LasiState, LASI_CHIP) #define LASI_IRQ_PS2MOU_HPA 26 struct LasiState { - PCIHostState parent_obj; + SysBusDevice parent_obj; uint32_t irr; uint32_t imr; From 15544486f0609608f6118a551f876e3030fc5eb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 17 Nov 2025 11:05:56 +0100 Subject: [PATCH 11/18] buildsys: Remove dead 'mips' entry in supported_cpus[] array MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove 'mips' from supported_cpus[], forgotten in commit 269ffaabc84 ("buildsys: Remove support for 32-bit MIPS hosts"). Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Daniel P. Berrangé Message-Id: <20251117114200.60917-1-philmd@linaro.org> --- meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index df4460035c..5ddec8afd7 100644 --- a/meson.build +++ b/meson.build @@ -52,7 +52,7 @@ qapi_trace_events = [] bsd_oses = ['gnu/kfreebsd', 'freebsd', 'netbsd', 'openbsd', 'dragonfly', 'darwin'] supported_oses = ['windows', 'freebsd', 'netbsd', 'openbsd', 'darwin', 'sunos', 'linux', 'emscripten'] supported_cpus = ['ppc', 'ppc64', 's390x', 'riscv32', 'riscv64', 'x86', 'x86_64', - 'arm', 'aarch64', 'loongarch64', 'mips', 'mips64', 'sparc64', 'wasm32'] + 'arm', 'aarch64', 'loongarch64', 'mips64', 'sparc64', 'wasm32'] cpu = host_machine.cpu_family() From 0456a977af2157d85871a7645b9b34ca29bd8d8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 17 Nov 2025 18:25:38 +0100 Subject: [PATCH 12/18] migration/rdma: Check ntohll() availability with meson MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 44ce1b5d2fc ("migration/rdma: define htonll/ntohll only if not predefined") tried to only include htonll/ntohll replacements when their symbol is *defined*, but this doesn't work, as they aren't: ../migration/rdma.c:242:17: error: static declaration of 'htonll' follows non-static declaration 242 | static uint64_t htonll(uint64_t v) | ^~~~~~ In file included from /usr/include/netinet/in.h:73, from /usr/include/sys/socket.h:32, from /home/f4bug/qemu/include/system/os-posix.h:30, from /home/f4bug/qemu/include/qemu/osdep.h:176, from ../migration/rdma.c:17: /usr/include/sys/byteorder.h:75:18: note: previous declaration of 'htonll' with type 'uint64_t(uint64_t)' {aka 'long unsigned int(long unsigned int)'} 75 | extern uint64_t htonll(uint64_t); | ^~~~~~ ../migration/rdma.c:252:17: error: static declaration of 'ntohll' follows non-static declaration 252 | static uint64_t ntohll(uint64_t v) | ^~~~~~ /usr/include/sys/byteorder.h:76:18: note: previous declaration of 'ntohll' with type 'uint64_t(uint64_t)' {aka 'long unsigned int(long unsigned int)'} 76 | extern uint64_t ntohll(uint64_t); | ^~~~~~ Better to check the symbol availability with meson. Signed-off-by: Philippe Mathieu-Daudé Acked-by: Peter Xu Reviewed-by: Richard Henderson Message-Id: <20251117203834.83713-3-philmd@linaro.org> --- meson.build | 1 + migration/rdma.c | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/meson.build b/meson.build index 5ddec8afd7..81f9f7b328 100644 --- a/meson.build +++ b/meson.build @@ -2663,6 +2663,7 @@ config_host_data.set('CONFIG_SYNCFS', cc.has_function('syncfs')) config_host_data.set('CONFIG_SYNC_FILE_RANGE', cc.has_function('sync_file_range')) config_host_data.set('CONFIG_TIMERFD', cc.has_function('timerfd_create')) config_host_data.set('CONFIG_GETLOADAVG', cc.has_function('getloadavg')) +config_host_data.set('CONFIG_ARPA_INET_64', cc.has_function('htonll')) config_host_data.set('HAVE_COPY_FILE_RANGE', cc.has_function('copy_file_range')) config_host_data.set('HAVE_GETIFADDRS', cc.has_function('getifaddrs')) config_host_data.set('HAVE_GLIB_WITH_SLICE_ALLOCATOR', glib_has_gslice) diff --git a/migration/rdma.c b/migration/rdma.c index 2d839fce6c..337b415889 100644 --- a/migration/rdma.c +++ b/migration/rdma.c @@ -238,7 +238,7 @@ static const char *control_desc(unsigned int rdma_control) return strs[rdma_control]; } -#if !defined(htonll) +#if !defined(CONFIG_ARPA_INET_64) static uint64_t htonll(uint64_t v) { union { uint32_t lv[2]; uint64_t llv; } u; @@ -246,9 +246,7 @@ static uint64_t htonll(uint64_t v) u.lv[1] = htonl(v & 0xFFFFFFFFULL); return u.llv; } -#endif -#if !defined(ntohll) static uint64_t ntohll(uint64_t v) { union { uint32_t lv[2]; uint64_t llv; } u; From 08ab276a38002baabf05aa7cdb96f395bb8d5c35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 17 Nov 2025 16:59:35 +0100 Subject: [PATCH 13/18] docs: Correct release of MIPS deprecations / removals MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We are going to release 10.2, not 11.0 :) Reported-by: Daniel P. Berrangé Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Daniel P. Berrangé Reviewed-by: Richard Henderson Message-Id: <20251117171236.80472-2-philmd@linaro.org> --- docs/about/deprecated.rst | 2 +- docs/about/removed-features.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 03e29915f0..30ab72b2a4 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -192,7 +192,7 @@ The ``info capture`` command is deprecated and will be removed in a future relea Host Architectures ------------------ -MIPS (since 11.0) +MIPS (since 10.2) ''''''''''''''''' MIPS is not supported by Debian 13 ("Trixie") and newer, making it hard to diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst index 88ea0dc4ed..a72df26dd2 100644 --- a/docs/about/removed-features.rst +++ b/docs/about/removed-features.rst @@ -896,7 +896,7 @@ work around the atomicity issues in system mode by running all vCPUs in a single thread context; in user mode atomicity was simply broken. From 10.0, QEMU has disabled configuration of 64-bit guests on 32-bit hosts. -32-bit MIPS (since 11.0) +32-bit MIPS (since 10.2) '''''''''''''''''''''''' Debian 12 "Bookworm" removed support for 32-bit MIPS, making it hard to From 4af2433a81bd057161371413348790969500bd4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 17 Nov 2025 16:34:34 +0100 Subject: [PATCH 14/18] docs: Mention 32-bit PPC host as removed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We removed support for 32-bit PPC hosts in commit 5c1ec5a1ee0 ("tcg/ppc: Remove support for 32-bit hosts"). Signed-off-by: Philippe Mathieu-Daudé Acked-by: Harsh Prateek Bora Reviewed-by: Richard Henderson Message-Id: <20251117171236.80472-3-philmd@linaro.org> --- docs/about/removed-features.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst index a72df26dd2..422b9c98d3 100644 --- a/docs/about/removed-features.rst +++ b/docs/about/removed-features.rst @@ -902,6 +902,11 @@ From 10.0, QEMU has disabled configuration of 64-bit guests on 32-bit hosts. Debian 12 "Bookworm" removed support for 32-bit MIPS, making it hard to maintain our cross-compilation CI tests of the architecture. +32-bit PPC (since 10.2) +''''''''''''''''''''''' + +The QEMU project no longer supports 32-bit host builds. + Guest Emulator ISAs ------------------- From f6816bf9adeac77db3cc7832f0d27a6482acf6e9 Mon Sep 17 00:00:00 2001 From: Djordje Todorovic Date: Tue, 18 Nov 2025 08:58:11 +0000 Subject: [PATCH 15/18] scripts/checkpatch: Check DEVICE_NATIVE_ENDIAN MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Developers should specify endianess explicitly. Signed-off-by: Djordje Todorovic Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20251118085758.3996513-15-djordje.todorovic@htecgroup.com> Signed-off-by: Philippe Mathieu-Daudé --- scripts/checkpatch.pl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index d0f4537f25..3a9557417f 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -3200,6 +3200,10 @@ sub process { if ($realfile =~ /.*\/hw\/.*/ && $line =~ /\baio_bh_new\s*\(/) { ERROR("use aio_bh_new_guarded() instead of aio_bh_new() to avoid reentrancy problems\n" . $herecurr); } +# check for DEVICE_NATIVE_ENDIAN, use explicit endianness instead + if ($line =~ /\bDEVICE_NATIVE_ENDIAN\b/) { + ERROR("DEVICE_NATIVE_ENDIAN is not allowed, use DEVICE_LITTLE_ENDIAN or DEVICE_BIG_ENDIAN instead\n" . $herecurr); + } # check for module_init(), use category-specific init macros explicitly please if ($line =~ /^module_init\s*\(/) { ERROR("please use block_init(), type_init() etc. instead of module_init()\n" . $herecurr); From 29ca82150657624a77df301d2c11114c4420d23a Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 18 Nov 2025 16:47:16 +0100 Subject: [PATCH 16/18] ebpf: Fix stubs to set an error when they return failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Stubs in ebpf_rss-stub.c return false for failure without setting an Error. This is wrong. Callers may assume that the functions set an error when they fail, and crash when they try to examine or report the error. Callers may also check the error instead of the return value, and misinterpret the failure as success. ebpf_rss_load() and ebpf_rss_load() are reachable via virtio_net_load_ebpf(). Fix them to set an error. ebpf_rss_set_all() is unreachable: it can only be called when the context has an eBPF program loaded, which is impossible with eBPF support compiled out. Call abort() there to make that clear, and to get rid of the latent bug. Fixes: 00b69f1d867d (ebpf: add formal error reporting to all APIs) Signed-off-by: Markus Armbruster Reviewed-by: Daniel P. Berrangé Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20251118154718.3969982-2-armbru@redhat.com> Signed-off-by: Philippe Mathieu-Daudé --- ebpf/ebpf_rss-stub.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ebpf/ebpf_rss-stub.c b/ebpf/ebpf_rss-stub.c index d0e7f99fb9..11729f3d8f 100644 --- a/ebpf/ebpf_rss-stub.c +++ b/ebpf/ebpf_rss-stub.c @@ -25,6 +25,7 @@ bool ebpf_rss_is_loaded(struct EBPFRSSContext *ctx) bool ebpf_rss_load(struct EBPFRSSContext *ctx, Error **errp) { + error_setg(errp, "eBPF support is not compiled in"); return false; } @@ -32,6 +33,7 @@ bool ebpf_rss_load_fds(struct EBPFRSSContext *ctx, int program_fd, int config_fd, int toeplitz_fd, int table_fd, Error **errp) { + error_setg(errp, "eBPF support is not compiled in"); return false; } @@ -39,7 +41,7 @@ bool ebpf_rss_set_all(struct EBPFRSSContext *ctx, struct EBPFRSSConfig *config, uint16_t *indirections_table, uint8_t *toeplitz_key, Error **errp) { - return false; + abort(); } void ebpf_rss_unload(struct EBPFRSSContext *ctx) From 6cb4cd503b7c8d543a234b59271522a524b2f6b0 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 18 Nov 2025 16:47:17 +0100 Subject: [PATCH 17/18] ebpf: Clean up useless error check in ebpf_rss_set_all() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ebpf_rss_set_all() is only called when the context has an eBPF program loaded. Replace the dead error check with an assertion. Signed-off-by: Markus Armbruster Reviewed-by: Daniel P. Berrangé Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20251118154718.3969982-3-armbru@redhat.com> Signed-off-by: Philippe Mathieu-Daudé --- ebpf/ebpf_rss.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ebpf/ebpf_rss.c b/ebpf/ebpf_rss.c index e793786c17..b64e9da3e3 100644 --- a/ebpf/ebpf_rss.c +++ b/ebpf/ebpf_rss.c @@ -247,10 +247,8 @@ bool ebpf_rss_set_all(struct EBPFRSSContext *ctx, struct EBPFRSSConfig *config, uint16_t *indirections_table, uint8_t *toeplitz_key, Error **errp) { - if (!ebpf_rss_is_loaded(ctx)) { - error_setg(errp, "eBPF program is not loaded"); - return false; - } + g_assert(ebpf_rss_is_loaded(ctx)); + if (config == NULL) { error_setg(errp, "eBPF config table is NULL"); return false; From de285aa9076841c618d068f7b838e312fc8b26c6 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 18 Nov 2025 16:47:18 +0100 Subject: [PATCH 18/18] ebpf: Make ebpf_rss_load() return value consistent with @errp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ebpf_rss_load() returns false for failure without setting an Error when its @ctx argument already has an eBPF program loaded. This is wrong. Fortunately, it is only called @ctx has a program. Replace the incorrect error check by an assertion. The return value is now obviously reliable. Change the caller to use it, because it's more concise. Signed-off-by: Markus Armbruster Reviewed-by: Daniel P. Berrangé Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20251118154718.3969982-4-armbru@redhat.com> Signed-off-by: Philippe Mathieu-Daudé --- ebpf/ebpf_rss.c | 4 +--- hw/net/virtio-net.c | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/ebpf/ebpf_rss.c b/ebpf/ebpf_rss.c index b64e9da3e3..926392b3c5 100644 --- a/ebpf/ebpf_rss.c +++ b/ebpf/ebpf_rss.c @@ -106,9 +106,7 @@ bool ebpf_rss_load(struct EBPFRSSContext *ctx, Error **errp) { struct rss_bpf *rss_bpf_ctx; - if (ebpf_rss_is_loaded(ctx)) { - return false; - } + g_assert(!ebpf_rss_is_loaded(ctx)); rss_bpf_ctx = rss_bpf__open(); if (rss_bpf_ctx == NULL) { diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 3b85560f6f..f5d93eb400 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -1363,9 +1363,7 @@ static bool virtio_net_load_ebpf(VirtIONet *n, Error **errp) return virtio_net_load_ebpf_fds(n, errp); } - ebpf_rss_load(&n->ebpf_rss, &err); - /* Beware, ebpf_rss_load() can return false with @err unset */ - if (err) { + if (!ebpf_rss_load(&n->ebpf_rss, &err)) { warn_report_err(err); } return true;