QOM tree now has /audiodevs objects.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
QOM brings some conveniences for introspection, type checking, reference
counting, interfaces etc. This is only the first step to introduce QOM
in audio/ (I have more in the pipeline)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
That's no longer necessary, the code is bus-agnostic.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
For consistency, use only qdev_device_add() to instantiate the devices.
We can't rely on automatic bus lookup for the "hda-duplex" device though
as it may end up on a different "intel-hda" bus...
This allows to make init() callback bus-agnostic next.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
virtio-snd can rely on the default code to instantiate the device and
set the audiodev.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
All the functions are about "-audio model=" handling, a simpler
way to setup audio. Rename functions/variables to reflect this better.
audio_register_model_with_cb() dropped "pci" from the name, since it
will be generalized next.
deprecated_register_soundhw() was actually not a function to be
removed since it's used for "-audio model=" aliasing.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Generalize and simplify the device model creation.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
This helper is used next by -audio code.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
* esp: fix esp_cdb_ready() FIFO wraparound limit calculation
* isapc: warn rather than reject modern x86 CPU models
* mshv: fix Coverity issues
* qdev: Change PropertyInfo method print() to return malloc'ed string
* qobject: make refcount atomic
* rcu: make synchronize_rcu() more efficient
* rust: cleanup glib_sys bindings
* rust: Convert bit value to u8 within #[property]
* rust: only leave leaf crates as workspace members
* scripts: clean up meson-buildoptions.py
* scsi: make refcount atomic
* target/i386: Init SMM cpu address space for hotplugged CPUs
-----BEGIN PGP SIGNATURE-----
iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmkB3UUUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroMrRAgAidqHD3mBOEPhcz3Xh5xuJGd+fFnr
wD5/zi5DPy2ZmPKY/buMv/92R6GKKQwZVJrKKdj2+yXFayp0LZNs+ZXNhOl8+EWT
uZayJJt1Wx5E8BB31NKDBLSnvIjVnP+0QDN3pn7ihoIYtdy7ziUd2sS955z+42Vx
ewLwZMfIodSykYfeUsjA7A4GgXtHZWv1bGOZ4qVX/Bgr06efKui3WUaVAkN6i6T+
WJBn4Wb3fBiHLhmFzdIxB91hZjyP9athOQb5kiTL1g+2uYsuQPSfWRhqfgy3EWGf
K72bpnxnMSzhjz0YXKz5S5kjpe/3g7OCiPJm0Jf5Aq7KqGyIkUSSdgo59Q==
=KCqH
-----END PGP SIGNATURE-----
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* char: rename CharBackend->CharFrontend
* esp: fix esp_cdb_ready() FIFO wraparound limit calculation
* isapc: warn rather than reject modern x86 CPU models
* mshv: fix Coverity issues
* qdev: Change PropertyInfo method print() to return malloc'ed string
* qobject: make refcount atomic
* rcu: make synchronize_rcu() more efficient
* rust: cleanup glib_sys bindings
* rust: Convert bit value to u8 within #[property]
* rust: only leave leaf crates as workspace members
* scripts: clean up meson-buildoptions.py
* scsi: make refcount atomic
* target/i386: Init SMM cpu address space for hotplugged CPUs
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmkB3UUUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroMrRAgAidqHD3mBOEPhcz3Xh5xuJGd+fFnr
# wD5/zi5DPy2ZmPKY/buMv/92R6GKKQwZVJrKKdj2+yXFayp0LZNs+ZXNhOl8+EWT
# uZayJJt1Wx5E8BB31NKDBLSnvIjVnP+0QDN3pn7ihoIYtdy7ziUd2sS955z+42Vx
# ewLwZMfIodSykYfeUsjA7A4GgXtHZWv1bGOZ4qVX/Bgr06efKui3WUaVAkN6i6T+
# WJBn4Wb3fBiHLhmFzdIxB91hZjyP9athOQb5kiTL1g+2uYsuQPSfWRhqfgy3EWGf
# K72bpnxnMSzhjz0YXKz5S5kjpe/3g7OCiPJm0Jf5Aq7KqGyIkUSSdgo59Q==
# =KCqH
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 29 Oct 2025 10:24:21 AM CET
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [unknown]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
rust: migration: allow passing ParentField<> to vmstate_of!
target/i386: clear CPU_INTERRUPT_SIPI for all accelerators
docs/about/deprecated.rst: document isapc deprecation for modern x86 CPU models
hw/i386/isapc.c: warn rather than reject modern x86 CPU models
qdev: Change PropertyInfo method print() to return malloc'ed string
scsi: make SCSIRequest refcount atomic
rust/qemu-macros: Convert bit value to u8 within #[property]
qtest/am53c974-test: add additional test for cmdfifo overflow
esp.c: fix esp_cdb_ready() FIFO wraparound limit calculation
accel/mshv: use return value of handle_pio_str_read
accel/mshv: initialize thread name
char: rename CharBackend->CharFrontend
qobject: make refcount atomic
rust: only leave leaf crates as workspace members
rust: remove useless glib_sys bindings
rcu: Unify force quiescent state
i386/kvm/cpu: Init SMM cpu address space for hotplugged CPUs
scripts: clean up meson-buildoptions.py
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The common superclass for devices could have its own migration state;
for it to be included in the subclass's VMState, ParentField<> must
implement the VMState trait.
Reported-by: Chen Miao <chenmiao@openatom.club>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Both the FIBMAP and FIGETBSZ ioctl get "int *" (pointer to 32bit
integer) as argument, not "long *" as specified in qemu. Using the
correct type makes the emulation work in cross endian context.
Both ioctl does not seem to be documented. However the kernel
implementation has always used "int *".
Signed-off-by: Bastian Blank <waldi@debian.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3185
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Helge Deller <deller@gmx.de>
Reviwed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Fix a typo in the title of the sriov.rst document.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Remove a left-over from the time when this test was still an
avocado-based test.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Add a new paragraph in the "Backwards compatibility" section documenting that
using modern x86 CPU models with the isapc machine is deprecated, and will be
rejected in a future release.
Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/20251023142926.964718-3-mark.caveayland@nutanix.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit e1e2909f8e ("hw/i386/pc_piix.c: restrict isapc machine to 32-bit CPUs")
restricted the isapc machine to 32-bit CPUs, but subsequent concern has been
expressed as to the effect this could have on users.
The outcome of the latest discussion is that we should exercise more caution
and follow the official deprecation route, so instead of rejecting modern x86
CPUs issue a deprecation warning but allow the user to continue.
Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/20251023142926.964718-2-mark.caveayland@nutanix.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Simpler (more so after the next commit), and no risk of truncation
because the caller's buffer is too small. Performance doesn't matter;
the method is only used for "info qdev".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Link: https://lore.kernel.org/r/20251022101420.36059-2-armbru@redhat.com
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
For bit property, make the type conversion within the #[property] macro
so that users do not need to handle the conversion.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20251024041344.1389488-1-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The original calculation in commit 3cc70889a3 ("esp.c: prevent cmdfifo overflow
in esp_cdb_ready()") subtracted cmdfifo_cdb_offset from fifo8_num_used() to
calculate the outstanding cmdfifo length, but this is incorrect because
fifo8_num_used() can also include wraparound data.
Instead calculate the maximum offset used by scsi_cdb_length() which is just
the first byte after cmdfifo_cdb_offset, and then peek the entire content
of the cmdfifo. The fifo8_peek_bufptr() result will then return the maximum
length of remaining data up to the end of the internal cmdfifo array, which
can then be used for the overflow check.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Fixes: 3cc70889a3 ("esp.c: prevent cmdfifo overflow in esp_cdb_ready()")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3082
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/20250925122846.527615-2-mark.cave-ayland@ilande.co.uk
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Coverity complains because we assign to ret here but
then never read it again before we overwrite it with
the call to set_x64_registers().
Analyzed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The initialization was dropped when the code was copied from existing
accelerators. Coverity knows (CID 1641400). Fix it.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The actual backend is "Chardev", CharBackend is the frontend side of
it (whatever talks to the backend), let's rename it for readability.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Link: https://lore.kernel.org/r/20251022074612.1258413-1-marcandre.lureau@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Fix incorrect key binding for resetting the graphical frontends scaling
Signed-off-by: Nir Lichtman <nir@lichtman.org>
Fixes: 15421f7113 "ui/sdl2: fix reset scaling binding to be consistent with gtk"
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
It was deprecated in 9.2, time to remove.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Daniil Tatianin <d-tatianin@yandex-team.ru>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
It was deprecated in 9.2, time to remove.
Note, that (which become obvious with this commit) we forget to do some
checks for reconnect-ms options, for example, it was silently ignored
for listening server, instead of error-out. The commit fixes this, as
now we use reconnect_ms everywhere.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Daniil Tatianin <d-tatianin@yandex-team.ru>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
The Rust bindings for QObject will only operate on complete objects,
treating them as immutable as long as the Rust QObject is live.
With that constraint, it is trivial for Rust code to treat QObjects as
thread-safe; all that's needed is to make reference count operations
atomic. Do the same when the C code adds or removes references, since
we don't really know what the Rust code is up to; of course C code will
have to agree with not making changes to the QObjects after they've
been passed to Rust code.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The definition of types needed for g_autolist(), g_autoslist(),
g_autoqueue() need the imports for GList, GSList and GQueue
to appear everything. Rust code is never going to see those,
since they are not used in structs. Block the types from
appearing in the bindings.
Co-authored-by: Martin Kletzander <mkletzan@redhat.com>
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Borrow the concept of force quiescent state from Linux to ensure readers
remain fast during normal operation and to avoid stalls.
Background
==========
The previous implementation had four steps to begin reclamation.
1. call_rcu_thread() would wait for the first callback.
2. call_rcu_thread() would periodically poll until a decent number of
callbacks piled up or it timed out.
3. synchronize_rcu() would statr a grace period (GP).
4. wait_for_readers() would wait for the GP to end. It would also
trigger the force_rcu notifier to break busy loops in a read-side
critical section if drain_call_rcu() had been called.
Problem
=======
The separation of waiting logic across these steps led to suboptimal
behavior:
The GP was delayed until call_rcu_thread() stops polling.
force_rcu was not consistently triggered when call_rcu_thread() detected
a high number of pending callbacks or a timeout. This inconsistency
sometimes led to stalls, as reported in a virtio-gpu issue where memory
unmapping was blocked[1].
wait_for_readers() imposed unnecessary overhead in non-urgent cases by
unconditionally executing qatomic_set(&index->waiting, true) and
qemu_event_reset(&rcu_gp_event), which are necessary only for expedited
synchronization.
Solution
========
Move the polling in call_rcu_thread() to wait_for_readers() to prevent
the delay of the GP. Additionally, reorganize wait_for_readers() to
distinguish between two states:
Normal State: it relies exclusively on periodic polling to detect
the end of the GP and maintains the read-side fast path.
Force Quiescent State: Whenever expediting synchronization, it always
triggers force_rcu and executes both qatomic_set(&index->waiting, true)
and qemu_event_reset(&rcu_gp_event). This avoids stalls while confining
the read-side overhead to this state.
This unified approach, inspired by the Linux RCU, ensures consistent and
efficient RCU grace period handling and confirms resolution of the
virtio-gpu issue.
[1] https://lore.kernel.org/qemu-devel/20251014111234.3190346-9-alex.bennee@linaro.org/
Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Link: https://lore.kernel.org/r/20251016-force-v1-1-919a82112498@rsg.ci.i.u-tokyo.ac.jp
Tested-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The SMM cpu address space is initialized in a machine_init_done
notifier. It only runs once when QEMU starts up, which leads to the
issue that for any hotplugged CPU after the machine is ready, SMM
cpu address space doesn't get initialized.
Fix the issue by initializing the SMM cpu address space in x86_cpu_plug()
when the cpu is hotplugged.
Fixes: 591f817d81 ("target/i386: Define enum X86ASIdx for x86's address spaces")
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Closes: https://lore.kernel.org/qemu-devel/CAFEAcA_3kkZ+a5rTZGmK8W5K6J7qpYD31HkvjBnxWr-fGT2h_A@mail.gmail.com/
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Link: https://lore.kernel.org/r/20251014094216.164306-2-xiaoyao.li@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Various fixes and cleanups:
- Set FPCR exception flag bits for HPPA non-trapped exceptions
- Convert VirtIONet::vlans from pointer to array
and remove VMSTATE_BUFFER_POINTER_UNSAFE()
- Remove redundant QOM typedef when OBJECT_DECLARE_SIMPLE_TYPE() is used
- Have various QDev / SysBus helpers take a const device argument
- Improve errors when loaders parse images
- Remove IntelIOMMUState::dma_translation leftover
- Remove most target_[u]long uses in hw/riscv/
- Fix DS1225Y MemoryRegion owner
- Simplification refactors on Raven PCI Host Bridge
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmkAdQ8ACgkQ4+MsLN6t
wN5ochAAihqZQaRpLWeIt+EQMUAdkJwsg8ctLAz9vJE9leZZh10j1Uw2Y0b5EDKy
k3vwJUz0gDYnbbq33+FNBVv7Iq4bIvyundqX4odi4AOvRysJRBwkVQ+LeUo+Dyh3
of1eKDX6psJTo4Jy1ooOkkUq0vWpJPrGZYyzR7bsPDgpuqNOfF6+mwMQkYDXa2uw
vCJIOnzl+IIHxpnT+XVVXJsO05LUzkAru38jkjQZ1BcWj07ggSs70U7jcOhtvkpC
x0hXcKNj+uHjoupoX8LMOb6M+D06oL6ZyW51++Cnqu/cAvQqP/VQtb7b4AAKj3G9
yOMFZPyd4IObf7bxC4Zi/TYLYD43DrSppT4eU5zqYrzKSD6v0fdENkhqJuLTiLTa
cd4nhWJto+EdZBogp+jVW6ekLoC5CMqNT8HiqdGvDLMp45oSmlYPC030l4gBQdo8
4SUWLIRZULybObv+uF3heeaemahWIXOFpclCpITcLqa+VkXlboc0JH2PjbETvAQU
DBxSJ65izr4795rRhX5yoy2aBfiTFlYxIbpwztEzesdnAHw1N6gQ0J3WraxWSjAh
Y6IzXBAYLjZNTx5pongcuZT3cX7Cn+0zwaK/ajRcZhIvukDL/bT7GK25akcYIgBR
XS//Ccm79vs85o1zTBVLQzw343Bvtp4LfRLtrXjdLC+06pEixvo=
=5G1o
-----END PGP SIGNATURE-----
Merge tag 'hw-misc-20251028' of https://github.com/philmd/qemu into staging
Misc HW patches
Various fixes and cleanups:
- Set FPCR exception flag bits for HPPA non-trapped exceptions
- Convert VirtIONet::vlans from pointer to array
and remove VMSTATE_BUFFER_POINTER_UNSAFE()
- Remove redundant QOM typedef when OBJECT_DECLARE_SIMPLE_TYPE() is used
- Have various QDev / SysBus helpers take a const device argument
- Improve errors when loaders parse images
- Remove IntelIOMMUState::dma_translation leftover
- Remove most target_[u]long uses in hw/riscv/
- Fix DS1225Y MemoryRegion owner
- Simplification refactors on Raven PCI Host Bridge
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmkAdQ8ACgkQ4+MsLN6t
# wN5ochAAihqZQaRpLWeIt+EQMUAdkJwsg8ctLAz9vJE9leZZh10j1Uw2Y0b5EDKy
# k3vwJUz0gDYnbbq33+FNBVv7Iq4bIvyundqX4odi4AOvRysJRBwkVQ+LeUo+Dyh3
# of1eKDX6psJTo4Jy1ooOkkUq0vWpJPrGZYyzR7bsPDgpuqNOfF6+mwMQkYDXa2uw
# vCJIOnzl+IIHxpnT+XVVXJsO05LUzkAru38jkjQZ1BcWj07ggSs70U7jcOhtvkpC
# x0hXcKNj+uHjoupoX8LMOb6M+D06oL6ZyW51++Cnqu/cAvQqP/VQtb7b4AAKj3G9
# yOMFZPyd4IObf7bxC4Zi/TYLYD43DrSppT4eU5zqYrzKSD6v0fdENkhqJuLTiLTa
# cd4nhWJto+EdZBogp+jVW6ekLoC5CMqNT8HiqdGvDLMp45oSmlYPC030l4gBQdo8
# 4SUWLIRZULybObv+uF3heeaemahWIXOFpclCpITcLqa+VkXlboc0JH2PjbETvAQU
# DBxSJ65izr4795rRhX5yoy2aBfiTFlYxIbpwztEzesdnAHw1N6gQ0J3WraxWSjAh
# Y6IzXBAYLjZNTx5pongcuZT3cX7Cn+0zwaK/ajRcZhIvukDL/bT7GK25akcYIgBR
# XS//Ccm79vs85o1zTBVLQzw343Bvtp4LfRLtrXjdLC+06pEixvo=
# =5G1o
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 28 Oct 2025 08:47:27 AM CET
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'hw-misc-20251028' of https://github.com/philmd/qemu: (23 commits)
hw/riscv: Widen OpenSBI dynamic info struct
hw/riscv: Use generic hwaddr for firmware addresses
hw/i386/intel_iommu: Remove an unused state field
nw/nvram/ds1225y: Fix nvram MemoryRegion owner
hw/ppc: Pass error_fatal to load_image_targphys()
hw/core/loader: Pass errp to load_image_targphys_as()
hw/core/loader: add check for zero size in load_image_targphys_as
hw/core/loader: improve error handling in image loading functions
hw/core/loader: capture Error from load_image_targphys
hw/core/loader: Use qemu_open() instead of open() in get_image_size()
hw/int/loongarch: Include missing 'system/memory.h' header
hw/uefi: Include missing 'system/memory.h' header
hw/sysbus: Have various helpers take a const SysBusDevice argument
hw/qdev: Have qdev_get_gpio_out_connector() take const DeviceState arg
hw/pci-host/raven: Simplify PCI bus creation
hw/pci-host/raven: Use DEFINE_TYPES macro
hw/pci-host/raven: Simplify host bridge type declaration
hw/pci-host/raven: Simplify PCI facing part
hw/pci-host/raven: Simplify creating PCI facing part
migration/vmstate: remove VMSTATE_BUFFER_POINTER_UNSAFE macro
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This series adds a new emulation for a HP PA-RISC 715/64 model,
as descrived here: https://www.openpa.net/systems/hp-9000_715.html.
That machine has no PCI bus and instead uses a "LASI" chip which has built-in
NCR 53c710 SCSI and i82596 network chips. Compared to the other already
emulated machines B160L and C3700, this machine should be able to support older
operating systems like HP-UX 9 as well.
The QEMU project participated in the Google Summer of Code 2025 program by
"Implementing LASI Network Card and NCR 710 SCSI Controller Device Models", and
Soumyajyotii Ssarkar stepped up to develop those drivers.
This patch series includes the code for the NCR710 SCSI controller,
the network code will follow in later patch series.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCaP/g8wAKCRD3ErUQojoP
X1hOAP9WOYVNz7UIpNztQ9p3tUKApALaPR3aaiORMLrjktaDMQD/TIHExaKIKtn6
iLy+RXzPFdpqmI/cBQx57q8lWzUd2QI=
=Y7lX
-----END PGP SIGNATURE-----
Merge tag 'devel-scsi-ncr710-pull-request' of https://github.com/hdeller/qemu-hppa into staging
HP-PARISC 715 machine with NCR710 SCSI chip
This series adds a new emulation for a HP PA-RISC 715/64 model,
as descrived here: https://www.openpa.net/systems/hp-9000_715.html.
That machine has no PCI bus and instead uses a "LASI" chip which has built-in
NCR 53c710 SCSI and i82596 network chips. Compared to the other already
emulated machines B160L and C3700, this machine should be able to support older
operating systems like HP-UX 9 as well.
The QEMU project participated in the Google Summer of Code 2025 program by
"Implementing LASI Network Card and NCR 710 SCSI Controller Device Models", and
Soumyajyotii Ssarkar stepped up to develop those drivers.
This patch series includes the code for the NCR710 SCSI controller,
the network code will follow in later patch series.
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCaP/g8wAKCRD3ErUQojoP
# X1hOAP9WOYVNz7UIpNztQ9p3tUKApALaPR3aaiORMLrjktaDMQD/TIHExaKIKtn6
# iLy+RXzPFdpqmI/cBQx57q8lWzUd2QI=
# =Y7lX
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 27 Oct 2025 10:15:31 PM CET
# gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'devel-scsi-ncr710-pull-request' of https://github.com/hdeller/qemu-hppa:
hw/hppa: Add 715 machine type including NCR710 SCSI
hw/hppa: Require SeaBIOS version 19 for 715 machine
hw/hppa: PCI devices depend on availability of PCI bus
hw/hppa: Add NCR 710 SCSI driver to LASI chip Kconfig entry
hw/hppa: Fix interrupt of LASI parallel port
hw/hppa: Fix firmware end address for LASI chip
hw/scsi: Add config option for new ncr710 driver
lasi: Forward LASI SCSI ports to NCR 53c710 driver
ncr710: Add driver for the NCR 53c710 SCSI chip
lasi_ncr710: Add LASI wrapper for NCR 53c710 SCSI chip
target/hppa: Update SeaBIOS-hppa to version 19
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Fiona's virtio-scsi TMF deadlock fix.
Paolo: I merged the scsi fix in my block tree, but realize now that it belongs
to the scsi subsystem. Sorry about that, I'll be more careful next time. Please
reply if you want to handle this patch yourself.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmj/wl0ACgkQnKSrs4Gr
c8ga0Qf/TaIXqp2xyFmKCmCxbruNvZZtD96qBmK694AXm8+exZcXkGTuFyBcxC6T
1bHaHNBCRw5mu0h6T88lHT5QQ7h7AvZnm6gOa+6MpkeAY59DP0zDGF4GyCC4enUz
D9kAcC2UGKXDSTv8oyqpFq/ZOamW9T7XI+rjpN+kIr5/Z+vG+IuBFX9atIk5es41
vuoYCuXldZNcOYeA88L8F0O7ikwpGJk3RI8lJFVPGfGju94BpXiOcP7Csqvkjk8r
F1p6Uy/GD7031em/sVxvezOpRsC62dtnItYFBwt8FGjtbCN7HNy9bCvoM6mIVK0n
B2+Rh7oQeDRVAJIMHtSXtJtuA6pPDw==
=P138
-----END PGP SIGNATURE-----
Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging
Pull request
Fiona's virtio-scsi TMF deadlock fix.
Paolo: I merged the scsi fix in my block tree, but realize now that it belongs
to the scsi subsystem. Sorry about that, I'll be more careful next time. Please
reply if you want to handle this patch yourself.
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmj/wl0ACgkQnKSrs4Gr
# c8ga0Qf/TaIXqp2xyFmKCmCxbruNvZZtD96qBmK694AXm8+exZcXkGTuFyBcxC6T
# 1bHaHNBCRw5mu0h6T88lHT5QQ7h7AvZnm6gOa+6MpkeAY59DP0zDGF4GyCC4enUz
# D9kAcC2UGKXDSTv8oyqpFq/ZOamW9T7XI+rjpN+kIr5/Z+vG+IuBFX9atIk5es41
# vuoYCuXldZNcOYeA88L8F0O7ikwpGJk3RI8lJFVPGfGju94BpXiOcP7Csqvkjk8r
# F1p6Uy/GD7031em/sVxvezOpRsC62dtnItYFBwt8FGjtbCN7HNy9bCvoM6mIVK0n
# B2+Rh7oQeDRVAJIMHtSXtJtuA6pPDw==
# =P138
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 27 Oct 2025 08:05:01 PM CET
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [unknown]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* tag 'block-pull-request' of https://gitlab.com/stefanha/qemu:
hw/scsi: avoid deadlock upon TMF request cancelling with VirtIO
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Since fw_dynamic_info is only used for non 32 bit targets, target_long
is int64_t anyway. Rename struct to fw_dynamic_info64 and use int64_t.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Anton Johansson <anjo@rev.ng>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251027-feature-single-binary-hw-v1-v2-3-44478d589ae9@rev.ng>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Anton Johansson <anjo@rev.ng>
Message-ID: <20251027-feature-single-binary-hw-v1-v2-1-44478d589ae9@rev.ng>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[PMD: Do not update riscv_load_kernel()]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
dma_translation has been moved to x86-iommu and is no longer referenced.
Fixes: b6b49c2cd6 (intel-iommu: Move dma_translation to x86-iommu)
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251027075232.95262-1-clement.mathieu--drif@eviden.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
s points to the MemoryRegion itself. dev points to DS1225Y, the real
owner.
Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251027-ds1225y-v1-1-406888eb495f@rsg.ci.i.u-tokyo.ac.jp>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Pass error_fatal to load_image_targphys() calls in ppc machine initialization
to capture detailed error information when loading firmware, kernel,
and initrd images.
Passing error_fatal automatically reports detailed error messages and
exits immediately on failure. Eliminating redundant exit(1) calls, as
error_fatal handles termination
The behavior remains functionally identical, but error messages now
come directly from the loader function with more context about the
failure cause.
Reviewed-by: Aditya Gupta <adityag@linux.ibm.com>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
Message-ID: <20251024130556.1942835-14-vishalc@linux.ibm.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Pass errp to load_image_targphys_as() in generic-loader and
guest-loader to capture detailed error information from the
loader functions.
Use error_prepend() instead of error_setg() to preserve the
underlying error details while adding context about which image
failed to load.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
Message-ID: <20251024130556.1942835-12-vishalc@linux.ibm.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Currently load_image_targphys_as() returns -1 on file open failure or
when max size is exceeded. Add an explicit check for zero-sized files
to catch this error early, since some callers check for size <= 0.
Also, remove the redundant size > 0 check later in the function.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
Message-ID: <20251024130556.1942835-10-vishalc@linux.ibm.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Add error checking for lseek() failure and provide better error
messages when image loading fails, including filenames and addresses.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Aditya Gupta <adityag@linux.ibm.com>
Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
Message-ID: <20251024130556.1942835-8-vishalc@linux.ibm.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Add Error **errp parameter to load_image_targphys(),
load_image_targphys_as(), and get_image_size() to enable better
error reporting when image loading fails.
Pass NULL for errp in all existing call sites to maintain current
behavior. No functional change intended in this patch.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Aditya Gupta <adityag@linux.ibm.com>
Tested-by: Aditya Gupta <adityag@linux.ibm.com>
Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
Message-ID: <20251024130556.1942835-6-vishalc@linux.ibm.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Replace open() with qemu_open() which provides better error handling
via the Error object, automatically sets O_CLOEXEC, and supports FD
passing with /dev/fdset.
Currently pass errp argument as NULL.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
Message-ID: <20251024130556.1942835-4-vishalc@linux.ibm.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
