Add a helper to check whether the target base architecture
is ARM (either 32-bit or 64-bit).
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20251021210144.58108-3-philmd@linaro.org>
Add a helper to distinct whether the binary is targetting
Aarch64 or not.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20251021210144.58108-2-philmd@linaro.org>
Add a helper to distinct whether the binary is targetting
ARM (32-bit only) or not.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20251021210144.58108-1-philmd@linaro.org>
A machine defined with the DEFINE_MACHINE_ARM() macro will
be available in both qemu-system-arm and qemu-system-aarch64
binaries.
One defined with DEFINE_MACHINE_AARCH64() will only be
available in the qemu-system-aarch64 binary.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20251021205741.57109-4-philmd@linaro.org>
Define the TYPE_TARGET_ARM_MACHINE and TYPE_TARGET_AARCH64_MACHINE
QOM interface names to allow machines to implement them.
Register these interfaces in common code in target_info-qom.c used
by all binaries because QOM interfaces must be registered before
being checked (see next commit with the 'none' machine).
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20251021205741.57109-2-philmd@linaro.org>
* esp: fix esp_cdb_ready() FIFO wraparound limit calculation
* isapc: warn rather than reject modern x86 CPU models
* mshv: fix Coverity issues
* qdev: Change PropertyInfo method print() to return malloc'ed string
* qobject: make refcount atomic
* rcu: make synchronize_rcu() more efficient
* rust: cleanup glib_sys bindings
* rust: Convert bit value to u8 within #[property]
* rust: only leave leaf crates as workspace members
* scripts: clean up meson-buildoptions.py
* scsi: make refcount atomic
* target/i386: Init SMM cpu address space for hotplugged CPUs
-----BEGIN PGP SIGNATURE-----
iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmkB3UUUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroMrRAgAidqHD3mBOEPhcz3Xh5xuJGd+fFnr
wD5/zi5DPy2ZmPKY/buMv/92R6GKKQwZVJrKKdj2+yXFayp0LZNs+ZXNhOl8+EWT
uZayJJt1Wx5E8BB31NKDBLSnvIjVnP+0QDN3pn7ihoIYtdy7ziUd2sS955z+42Vx
ewLwZMfIodSykYfeUsjA7A4GgXtHZWv1bGOZ4qVX/Bgr06efKui3WUaVAkN6i6T+
WJBn4Wb3fBiHLhmFzdIxB91hZjyP9athOQb5kiTL1g+2uYsuQPSfWRhqfgy3EWGf
K72bpnxnMSzhjz0YXKz5S5kjpe/3g7OCiPJm0Jf5Aq7KqGyIkUSSdgo59Q==
=KCqH
-----END PGP SIGNATURE-----
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* char: rename CharBackend->CharFrontend
* esp: fix esp_cdb_ready() FIFO wraparound limit calculation
* isapc: warn rather than reject modern x86 CPU models
* mshv: fix Coverity issues
* qdev: Change PropertyInfo method print() to return malloc'ed string
* qobject: make refcount atomic
* rcu: make synchronize_rcu() more efficient
* rust: cleanup glib_sys bindings
* rust: Convert bit value to u8 within #[property]
* rust: only leave leaf crates as workspace members
* scripts: clean up meson-buildoptions.py
* scsi: make refcount atomic
* target/i386: Init SMM cpu address space for hotplugged CPUs
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmkB3UUUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroMrRAgAidqHD3mBOEPhcz3Xh5xuJGd+fFnr
# wD5/zi5DPy2ZmPKY/buMv/92R6GKKQwZVJrKKdj2+yXFayp0LZNs+ZXNhOl8+EWT
# uZayJJt1Wx5E8BB31NKDBLSnvIjVnP+0QDN3pn7ihoIYtdy7ziUd2sS955z+42Vx
# ewLwZMfIodSykYfeUsjA7A4GgXtHZWv1bGOZ4qVX/Bgr06efKui3WUaVAkN6i6T+
# WJBn4Wb3fBiHLhmFzdIxB91hZjyP9athOQb5kiTL1g+2uYsuQPSfWRhqfgy3EWGf
# K72bpnxnMSzhjz0YXKz5S5kjpe/3g7OCiPJm0Jf5Aq7KqGyIkUSSdgo59Q==
# =KCqH
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 29 Oct 2025 10:24:21 AM CET
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [unknown]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
rust: migration: allow passing ParentField<> to vmstate_of!
target/i386: clear CPU_INTERRUPT_SIPI for all accelerators
docs/about/deprecated.rst: document isapc deprecation for modern x86 CPU models
hw/i386/isapc.c: warn rather than reject modern x86 CPU models
qdev: Change PropertyInfo method print() to return malloc'ed string
scsi: make SCSIRequest refcount atomic
rust/qemu-macros: Convert bit value to u8 within #[property]
qtest/am53c974-test: add additional test for cmdfifo overflow
esp.c: fix esp_cdb_ready() FIFO wraparound limit calculation
accel/mshv: use return value of handle_pio_str_read
accel/mshv: initialize thread name
char: rename CharBackend->CharFrontend
qobject: make refcount atomic
rust: only leave leaf crates as workspace members
rust: remove useless glib_sys bindings
rcu: Unify force quiescent state
i386/kvm/cpu: Init SMM cpu address space for hotplugged CPUs
scripts: clean up meson-buildoptions.py
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Simpler (more so after the next commit), and no risk of truncation
because the caller's buffer is too small. Performance doesn't matter;
the method is only used for "info qdev".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Link: https://lore.kernel.org/r/20251022101420.36059-2-armbru@redhat.com
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The actual backend is "Chardev", CharBackend is the frontend side of
it (whatever talks to the backend), let's rename it for readability.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Link: https://lore.kernel.org/r/20251022074612.1258413-1-marcandre.lureau@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The Rust bindings for QObject will only operate on complete objects,
treating them as immutable as long as the Rust QObject is live.
With that constraint, it is trivial for Rust code to treat QObjects as
thread-safe; all that's needed is to make reference count operations
atomic. Do the same when the C code adds or removes references, since
we don't really know what the Rust code is up to; of course C code will
have to agree with not making changes to the QObjects after they've
been passed to Rust code.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Various fixes and cleanups:
- Set FPCR exception flag bits for HPPA non-trapped exceptions
- Convert VirtIONet::vlans from pointer to array
and remove VMSTATE_BUFFER_POINTER_UNSAFE()
- Remove redundant QOM typedef when OBJECT_DECLARE_SIMPLE_TYPE() is used
- Have various QDev / SysBus helpers take a const device argument
- Improve errors when loaders parse images
- Remove IntelIOMMUState::dma_translation leftover
- Remove most target_[u]long uses in hw/riscv/
- Fix DS1225Y MemoryRegion owner
- Simplification refactors on Raven PCI Host Bridge
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmkAdQ8ACgkQ4+MsLN6t
wN5ochAAihqZQaRpLWeIt+EQMUAdkJwsg8ctLAz9vJE9leZZh10j1Uw2Y0b5EDKy
k3vwJUz0gDYnbbq33+FNBVv7Iq4bIvyundqX4odi4AOvRysJRBwkVQ+LeUo+Dyh3
of1eKDX6psJTo4Jy1ooOkkUq0vWpJPrGZYyzR7bsPDgpuqNOfF6+mwMQkYDXa2uw
vCJIOnzl+IIHxpnT+XVVXJsO05LUzkAru38jkjQZ1BcWj07ggSs70U7jcOhtvkpC
x0hXcKNj+uHjoupoX8LMOb6M+D06oL6ZyW51++Cnqu/cAvQqP/VQtb7b4AAKj3G9
yOMFZPyd4IObf7bxC4Zi/TYLYD43DrSppT4eU5zqYrzKSD6v0fdENkhqJuLTiLTa
cd4nhWJto+EdZBogp+jVW6ekLoC5CMqNT8HiqdGvDLMp45oSmlYPC030l4gBQdo8
4SUWLIRZULybObv+uF3heeaemahWIXOFpclCpITcLqa+VkXlboc0JH2PjbETvAQU
DBxSJ65izr4795rRhX5yoy2aBfiTFlYxIbpwztEzesdnAHw1N6gQ0J3WraxWSjAh
Y6IzXBAYLjZNTx5pongcuZT3cX7Cn+0zwaK/ajRcZhIvukDL/bT7GK25akcYIgBR
XS//Ccm79vs85o1zTBVLQzw343Bvtp4LfRLtrXjdLC+06pEixvo=
=5G1o
-----END PGP SIGNATURE-----
Merge tag 'hw-misc-20251028' of https://github.com/philmd/qemu into staging
Misc HW patches
Various fixes and cleanups:
- Set FPCR exception flag bits for HPPA non-trapped exceptions
- Convert VirtIONet::vlans from pointer to array
and remove VMSTATE_BUFFER_POINTER_UNSAFE()
- Remove redundant QOM typedef when OBJECT_DECLARE_SIMPLE_TYPE() is used
- Have various QDev / SysBus helpers take a const device argument
- Improve errors when loaders parse images
- Remove IntelIOMMUState::dma_translation leftover
- Remove most target_[u]long uses in hw/riscv/
- Fix DS1225Y MemoryRegion owner
- Simplification refactors on Raven PCI Host Bridge
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmkAdQ8ACgkQ4+MsLN6t
# wN5ochAAihqZQaRpLWeIt+EQMUAdkJwsg8ctLAz9vJE9leZZh10j1Uw2Y0b5EDKy
# k3vwJUz0gDYnbbq33+FNBVv7Iq4bIvyundqX4odi4AOvRysJRBwkVQ+LeUo+Dyh3
# of1eKDX6psJTo4Jy1ooOkkUq0vWpJPrGZYyzR7bsPDgpuqNOfF6+mwMQkYDXa2uw
# vCJIOnzl+IIHxpnT+XVVXJsO05LUzkAru38jkjQZ1BcWj07ggSs70U7jcOhtvkpC
# x0hXcKNj+uHjoupoX8LMOb6M+D06oL6ZyW51++Cnqu/cAvQqP/VQtb7b4AAKj3G9
# yOMFZPyd4IObf7bxC4Zi/TYLYD43DrSppT4eU5zqYrzKSD6v0fdENkhqJuLTiLTa
# cd4nhWJto+EdZBogp+jVW6ekLoC5CMqNT8HiqdGvDLMp45oSmlYPC030l4gBQdo8
# 4SUWLIRZULybObv+uF3heeaemahWIXOFpclCpITcLqa+VkXlboc0JH2PjbETvAQU
# DBxSJ65izr4795rRhX5yoy2aBfiTFlYxIbpwztEzesdnAHw1N6gQ0J3WraxWSjAh
# Y6IzXBAYLjZNTx5pongcuZT3cX7Cn+0zwaK/ajRcZhIvukDL/bT7GK25akcYIgBR
# XS//Ccm79vs85o1zTBVLQzw343Bvtp4LfRLtrXjdLC+06pEixvo=
# =5G1o
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 28 Oct 2025 08:47:27 AM CET
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'hw-misc-20251028' of https://github.com/philmd/qemu: (23 commits)
hw/riscv: Widen OpenSBI dynamic info struct
hw/riscv: Use generic hwaddr for firmware addresses
hw/i386/intel_iommu: Remove an unused state field
nw/nvram/ds1225y: Fix nvram MemoryRegion owner
hw/ppc: Pass error_fatal to load_image_targphys()
hw/core/loader: Pass errp to load_image_targphys_as()
hw/core/loader: add check for zero size in load_image_targphys_as
hw/core/loader: improve error handling in image loading functions
hw/core/loader: capture Error from load_image_targphys
hw/core/loader: Use qemu_open() instead of open() in get_image_size()
hw/int/loongarch: Include missing 'system/memory.h' header
hw/uefi: Include missing 'system/memory.h' header
hw/sysbus: Have various helpers take a const SysBusDevice argument
hw/qdev: Have qdev_get_gpio_out_connector() take const DeviceState arg
hw/pci-host/raven: Simplify PCI bus creation
hw/pci-host/raven: Use DEFINE_TYPES macro
hw/pci-host/raven: Simplify host bridge type declaration
hw/pci-host/raven: Simplify PCI facing part
hw/pci-host/raven: Simplify creating PCI facing part
migration/vmstate: remove VMSTATE_BUFFER_POINTER_UNSAFE macro
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This series adds a new emulation for a HP PA-RISC 715/64 model,
as descrived here: https://www.openpa.net/systems/hp-9000_715.html.
That machine has no PCI bus and instead uses a "LASI" chip which has built-in
NCR 53c710 SCSI and i82596 network chips. Compared to the other already
emulated machines B160L and C3700, this machine should be able to support older
operating systems like HP-UX 9 as well.
The QEMU project participated in the Google Summer of Code 2025 program by
"Implementing LASI Network Card and NCR 710 SCSI Controller Device Models", and
Soumyajyotii Ssarkar stepped up to develop those drivers.
This patch series includes the code for the NCR710 SCSI controller,
the network code will follow in later patch series.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCaP/g8wAKCRD3ErUQojoP
X1hOAP9WOYVNz7UIpNztQ9p3tUKApALaPR3aaiORMLrjktaDMQD/TIHExaKIKtn6
iLy+RXzPFdpqmI/cBQx57q8lWzUd2QI=
=Y7lX
-----END PGP SIGNATURE-----
Merge tag 'devel-scsi-ncr710-pull-request' of https://github.com/hdeller/qemu-hppa into staging
HP-PARISC 715 machine with NCR710 SCSI chip
This series adds a new emulation for a HP PA-RISC 715/64 model,
as descrived here: https://www.openpa.net/systems/hp-9000_715.html.
That machine has no PCI bus and instead uses a "LASI" chip which has built-in
NCR 53c710 SCSI and i82596 network chips. Compared to the other already
emulated machines B160L and C3700, this machine should be able to support older
operating systems like HP-UX 9 as well.
The QEMU project participated in the Google Summer of Code 2025 program by
"Implementing LASI Network Card and NCR 710 SCSI Controller Device Models", and
Soumyajyotii Ssarkar stepped up to develop those drivers.
This patch series includes the code for the NCR710 SCSI controller,
the network code will follow in later patch series.
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCaP/g8wAKCRD3ErUQojoP
# X1hOAP9WOYVNz7UIpNztQ9p3tUKApALaPR3aaiORMLrjktaDMQD/TIHExaKIKtn6
# iLy+RXzPFdpqmI/cBQx57q8lWzUd2QI=
# =Y7lX
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 27 Oct 2025 10:15:31 PM CET
# gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'devel-scsi-ncr710-pull-request' of https://github.com/hdeller/qemu-hppa:
hw/hppa: Add 715 machine type including NCR710 SCSI
hw/hppa: Require SeaBIOS version 19 for 715 machine
hw/hppa: PCI devices depend on availability of PCI bus
hw/hppa: Add NCR 710 SCSI driver to LASI chip Kconfig entry
hw/hppa: Fix interrupt of LASI parallel port
hw/hppa: Fix firmware end address for LASI chip
hw/scsi: Add config option for new ncr710 driver
lasi: Forward LASI SCSI ports to NCR 53c710 driver
ncr710: Add driver for the NCR 53c710 SCSI chip
lasi_ncr710: Add LASI wrapper for NCR 53c710 SCSI chip
target/hppa: Update SeaBIOS-hppa to version 19
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Since fw_dynamic_info is only used for non 32 bit targets, target_long
is int64_t anyway. Rename struct to fw_dynamic_info64 and use int64_t.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Anton Johansson <anjo@rev.ng>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251027-feature-single-binary-hw-v1-v2-3-44478d589ae9@rev.ng>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Anton Johansson <anjo@rev.ng>
Message-ID: <20251027-feature-single-binary-hw-v1-v2-1-44478d589ae9@rev.ng>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[PMD: Do not update riscv_load_kernel()]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
dma_translation has been moved to x86-iommu and is no longer referenced.
Fixes: b6b49c2cd6 (intel-iommu: Move dma_translation to x86-iommu)
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251027075232.95262-1-clement.mathieu--drif@eviden.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Add Error **errp parameter to load_image_targphys(),
load_image_targphys_as(), and get_image_size() to enable better
error reporting when image loading fails.
Pass NULL for errp in all existing call sites to maintain current
behavior. No functional change intended in this patch.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Aditya Gupta <adityag@linux.ibm.com>
Tested-by: Aditya Gupta <adityag@linux.ibm.com>
Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
Message-ID: <20251024130556.1942835-6-vishalc@linux.ibm.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
"system/memory.h" header is indirectly pulled by "hw/sysbus.h".
Include it explicitly to avoid when refactoring the latter:
In file included from ../../hw/intc/loongson_ipi.c:9:
In file included from /Users/philmd/source/qemu/include/hw/intc/loongson_ipi.h:12:
include/hw/intc/loongson_ipi_common.h:37:18: error: field has incomplete type 'MemoryRegion' (aka 'struct MemoryRegion')
37 | MemoryRegion ipi_iocsr_mem;
| ^
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Message-Id: <20251024190416.8803-21-philmd@linaro.org>
"system/memory.h" header is indirectly pulled by "hw/sysbus.h".
Include it explicitly to avoid when refactoring the latter:
include/hw/uefi/var-service.h:50:39: error: field has incomplete type 'MemoryRegion' (aka 'struct MemoryRegion')
50 | MemoryRegion mr;
| ^
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20251024190416.8803-14-philmd@linaro.org>
These getters don't update any SysBusDevice internal fields,
make the argument const.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20251024190416.8803-3-philmd@linaro.org>
This getter doesn't update any DeviceState internal fields,
make it const.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20251024190416.8803-2-philmd@linaro.org>
The only user of this macro was VirtIONet.vlans, which has been
converted to regular VMSTATE_BUFFER.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Peter Xu <peterx@redhat.com>
Message-ID: <20251023135316.31128-3-mjt@tls.msk.ru>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
This field is a fixed-size buffer (number of elements is MAX_VLAN,
known at build time). There's no need to allocate it dynamically,
it can be made an integral part of VirtIONet structure.
This field is the only user of VMSTATE_BUFFER_POINTER_UNSAFE() macro.
Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Tested-by: Lei Yang <leiyang@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20251023135316.31128-2-mjt@tls.msk.ru>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
When OBJECT_DECLARE_SIMPLE_TYPE is used, it automatically provides
the typedef, so we don’t have to define it ourselves.
Signed-off-by: Nguyen Dinh Phi <phind.uet@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20251023063429.1400398-1-phind.uet@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
If the QIOChannelWebsock object is freed while it is waiting to
complete a handshake, a GSource is leaked. This can lead to the
callback firing later on and triggering a use-after-free in the
use of the channel. This was observed in the VNC server with the
following trace from valgrind:
==2523108== Invalid read of size 4
==2523108== at 0x4054A24: vnc_disconnect_start (vnc.c:1296)
==2523108== by 0x4054A24: vnc_client_error (vnc.c:1392)
==2523108== by 0x4068A09: vncws_handshake_done (vnc-ws.c:105)
==2523108== by 0x44863B4: qio_task_complete (task.c:197)
==2523108== by 0x448343D: qio_channel_websock_handshake_io (channel-websock.c:588)
==2523108== by 0x6EDB862: UnknownInlinedFun (gmain.c:3398)
==2523108== by 0x6EDB862: g_main_context_dispatch_unlocked.lto_priv.0 (gmain.c:4249)
==2523108== by 0x6EDBAE4: g_main_context_dispatch (gmain.c:4237)
==2523108== by 0x45EC79F: glib_pollfds_poll (main-loop.c:287)
==2523108== by 0x45EC79F: os_host_main_loop_wait (main-loop.c:310)
==2523108== by 0x45EC79F: main_loop_wait (main-loop.c:589)
==2523108== by 0x423A56D: qemu_main_loop (runstate.c:835)
==2523108== by 0x454F300: qemu_default_main (main.c:37)
==2523108== by 0x73D6574: (below main) (libc_start_call_main.h:58)
==2523108== Address 0x57a6e0dc is 28 bytes inside a block of size 103,608 free'd
==2523108== at 0x5F2FE43: free (vg_replace_malloc.c:989)
==2523108== by 0x6EDC444: g_free (gmem.c:208)
==2523108== by 0x4053F23: vnc_update_client (vnc.c:1153)
==2523108== by 0x4053F23: vnc_refresh (vnc.c:3225)
==2523108== by 0x4042881: dpy_refresh (console.c:880)
==2523108== by 0x4042881: gui_update (console.c:90)
==2523108== by 0x45EFA1B: timerlist_run_timers.part.0 (qemu-timer.c:562)
==2523108== by 0x45EFC8F: timerlist_run_timers (qemu-timer.c:495)
==2523108== by 0x45EFC8F: qemu_clock_run_timers (qemu-timer.c:576)
==2523108== by 0x45EFC8F: qemu_clock_run_all_timers (qemu-timer.c:663)
==2523108== by 0x45EC765: main_loop_wait (main-loop.c:600)
==2523108== by 0x423A56D: qemu_main_loop (runstate.c:835)
==2523108== by 0x454F300: qemu_default_main (main.c:37)
==2523108== by 0x73D6574: (below main) (libc_start_call_main.h:58)
==2523108== Block was alloc'd at
==2523108== at 0x5F343F3: calloc (vg_replace_malloc.c:1675)
==2523108== by 0x6EE2F81: g_malloc0 (gmem.c:133)
==2523108== by 0x4057DA3: vnc_connect (vnc.c:3245)
==2523108== by 0x448591B: qio_net_listener_channel_func (net-listener.c:54)
==2523108== by 0x6EDB862: UnknownInlinedFun (gmain.c:3398)
==2523108== by 0x6EDB862: g_main_context_dispatch_unlocked.lto_priv.0 (gmain.c:4249)
==2523108== by 0x6EDBAE4: g_main_context_dispatch (gmain.c:4237)
==2523108== by 0x45EC79F: glib_pollfds_poll (main-loop.c:287)
==2523108== by 0x45EC79F: os_host_main_loop_wait (main-loop.c:310)
==2523108== by 0x45EC79F: main_loop_wait (main-loop.c:589)
==2523108== by 0x423A56D: qemu_main_loop (runstate.c:835)
==2523108== by 0x454F300: qemu_default_main (main.c:37)
==2523108== by 0x73D6574: (below main) (libc_start_call_main.h:58)
==2523108==
The above can be reproduced by launching QEMU with
$ qemu-system-x86_64 -vnc localhost:0,websocket=5700
and then repeatedly running:
for i in {1..100}; do
(echo -n "GET / HTTP/1.1" && sleep 0.05) | nc -w 1 localhost 5700 &
done
CVE-2025-11234
Reported-by: Grant Millar | Cylo <rid@cylo.io>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The Linux kernel checks the PCS disabled bit in the R_DESCONF register
to determine if SGMII is supported. If the bit is set, SGMII support is
disabled. Since the Microchip Icicle devicetree file configures SGMII
interface mode, enabling the Ethernet interfaces fails when booting
the Linux kernel.
Add pcs-enabled property to to let the driver know if PCS should be
enabled. Set the flag to false by default (indicating that PCS is disabled)
to match the exiting code.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251004200049.871646-4-linux@roeck-us.net>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The Microchip PolarFire SoC Icicle Kit supports two Ethernet interfaces.
The PHY on each may be connected to separate MDIO busses, or both may be
connected on the same MDIO bus using different PHY addresses.
To be able to support two PHY instances on a single MDIO bus, two properties
are needed: First, there needs to be a flag indicating if the MDIO bus on
a given Ethernet interface is connected. If not, attempts to read from this
bus must always return 0xffff. Implement this property as phy-connected.
Second, if the MDIO bus on an interface is active, it needs a link to the
consumer interface to be able to provide PHY access for it. Implement this
property as phy-consumer.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251004200049.871646-2-linux@roeck-us.net>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
* target/arm: Enable FEAT_AIE for -cpu max
* target/arm: Fix reads of CNTFRQ_EL0 in linux-user mode
* target/arm: Implement SME2 support in gdbstub
* hw/intc/arm_gicv3_dist: Implement GICD_TYPER2 as 0
* hw/intc/arm_gicv3_kvm: Avoid reading ICC_CTLR_EL1 from kernel in cpuif reset
* MAINTAINERS: Claim the Arm XML in gdb-xml
* hw/net/rocker: Don't overflow in of_dpa_mask2prefix()
-----BEGIN PGP SIGNATURE-----
iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmj6QZ8ZHHBldGVyLm1h
eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3gA1D/0S210sIggCfQoJGXrcEgEh
pfoRMnESlMk2rdnkYdSUrWp+62/mVx+PwaJxtle4HOzCp2iEwDttJI7XSJoUIg90
uYLg9wCCjMxu5oHrRgD5xTzJPVALJLHSO2oF3UXmTk44nCxbcAerM3lQYiTJJRZA
32uy4RhNdDDy+KhZccUAD1XNR1kcoczMQ2lxMD9NADFgRF5E4z06grVIwiuRe6sK
4GhkMIXox9679qQMX/IkVKWJyIPEQv4F42B0Ksbpe4GxJxmt/Q/4Ef1dHYWwodwr
X0Ot7OMClBsEoivlgeMAhLrU92RY1sVrITGRn675tJ6Hsaz3PnkjEF7t9aX4PqiP
TDStDpcli7zOU/O5QL5qrNF7GZfhNlBdZmFFE6vZk6eGjAdhev8eNmgU33hP5ndr
sbrVYZ+UQvWkGrUWl9Vopw0rPHrBejtQ4xWFSp0LJqX1Ev6R3LDIA+XOxvetue1t
jiqlVqJfnTcsggfy2/nmY/zgdQDruNhvg8OrY1XM8Zhw7TT+1WFoh2K0OtgnxFi8
pPpg15MMI872lMbn9U81qHFxfC82LXr4nw8hn6ox36FUSCDdqqdSjIkCb7OstyC9
lrgd9WbmkeG9fJqhiSaKywgfvOGbfIfrRiJpKkSSeJQIjX8HxqjDCtOARvGw0duq
5no0CUpaUoPT6LFsl7/3wA==
=ZRVN
-----END PGP SIGNATURE-----
Merge tag 'pull-target-arm-20251023' of https://gitlab.com/pm215/qemu into staging
target-arm queue:
* target/arm: Enable FEAT_AIE for -cpu max
* target/arm: Fix reads of CNTFRQ_EL0 in linux-user mode
* target/arm: Implement SME2 support in gdbstub
* hw/intc/arm_gicv3_dist: Implement GICD_TYPER2 as 0
* hw/intc/arm_gicv3_kvm: Avoid reading ICC_CTLR_EL1 from kernel in cpuif reset
* MAINTAINERS: Claim the Arm XML in gdb-xml
* hw/net/rocker: Don't overflow in of_dpa_mask2prefix()
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmj6QZ8ZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3gA1D/0S210sIggCfQoJGXrcEgEh
# pfoRMnESlMk2rdnkYdSUrWp+62/mVx+PwaJxtle4HOzCp2iEwDttJI7XSJoUIg90
# uYLg9wCCjMxu5oHrRgD5xTzJPVALJLHSO2oF3UXmTk44nCxbcAerM3lQYiTJJRZA
# 32uy4RhNdDDy+KhZccUAD1XNR1kcoczMQ2lxMD9NADFgRF5E4z06grVIwiuRe6sK
# 4GhkMIXox9679qQMX/IkVKWJyIPEQv4F42B0Ksbpe4GxJxmt/Q/4Ef1dHYWwodwr
# X0Ot7OMClBsEoivlgeMAhLrU92RY1sVrITGRn675tJ6Hsaz3PnkjEF7t9aX4PqiP
# TDStDpcli7zOU/O5QL5qrNF7GZfhNlBdZmFFE6vZk6eGjAdhev8eNmgU33hP5ndr
# sbrVYZ+UQvWkGrUWl9Vopw0rPHrBejtQ4xWFSp0LJqX1Ev6R3LDIA+XOxvetue1t
# jiqlVqJfnTcsggfy2/nmY/zgdQDruNhvg8OrY1XM8Zhw7TT+1WFoh2K0OtgnxFi8
# pPpg15MMI872lMbn9U81qHFxfC82LXr4nw8hn6ox36FUSCDdqqdSjIkCb7OstyC9
# lrgd9WbmkeG9fJqhiSaKywgfvOGbfIfrRiJpKkSSeJQIjX8HxqjDCtOARvGw0duq
# 5no0CUpaUoPT6LFsl7/3wA==
# =ZRVN
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 23 Oct 2025 09:54:23 AM CDT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [unknown]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [unknown]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20251023' of https://gitlab.com/pm215/qemu:
hw/net/rocker: Don't overflow in of_dpa_mask2prefix()
tests/tcg/aarch64: Add test case for SME2 gdbstub registers
target/arm: Implement org.gnu.gdb.aarch64.tls XML feature in gdbstub
target/arm: Implement SME2 support in gdbstub
MAINTAINERS: Claim the Arm XML in gdb-xml
hw/intc/arm_gicv3_kvm: Avoid reading ICC_CTLR_EL1 from kernel in cpuif reset
target/arm: Fix reads of CNTFRQ_EL0 in linux-user mode
target/arm: Enable FEAT_AIE for -cpu max
target/arm: Honor param.aie in get_phys_addr_lpae
target/arm: Use el local indexing mair_el
target/arm: Drop trivial assert vs attrindx
target/arm: Add AIE to ARMVAParameters
target/arm: Implement MAIR2_ELx and AMAIR2_ELx
target/arm: Add isar feature test for FEAT_AIE
hw/intc/arm_gicv3_kvm: Drop DPRINTF macro
hw/intc/arm_gicv3_dist: Implement GICD_TYPER2 as 0
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Currently in arm_gicv3_icc_reset() we read the kernel's value of
ICC_CTLR_EL1 as part of resetting the CPU interface. This mostly
works, but we're actually breaking an assumption the kernel makes
that userspace only accesses the in-kernel GIC data when the VM is
totally paused, which may not be the case if a single vCPU is being
reset. The effect is that it's possible that the read attempt
returns EBUSY.
Avoid this by reading the kernel's value of the reset ICC_CTLR_EL1
once in device realize. This brings ICC_CTLR_EL1 into line with
the other cpuif registers, where we assume we know what the kernel
is resetting them to and just update QEMU's data structures in
arm_gicv3_icc_reset().
Reviewed-by: Salil Mehta <salil.mehta@huawei.com>
Tested-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20251014102439.319915-1-peter.maydell@linaro.org
Kernel expects CPU states/register states in the format mentioned in
"Register Save Area" in PAPR.
The platform (in our case, QEMU) saves each CPU register in the form of
an array of "register entries", the start and end of this array is
signified by "CPUSTRT" and "CPUEND" register entries respectively.
The CPUSTRT and CPUEND register entry also has 4-byte logical CPU ID,
thus storing the CPU ID corresponding to the array of register entries.
Each register, and CPUSTRT, CPUEND has a predefined identifier.
Implement calculating identifier for a given register in
'fadump_str_to_u64', which has been taken from the linux kernel
Similarly GPRs also have predefined identifiers, and a corresponding
64-bit resiter value (split into two 32-bit cells). Implement
calculation of GPR identifiers with 'fadump_gpr_id_to_u64'
PAPR has restrictions on particular order of few registers, and is
free to be in any order for other registers.
Some registers mentioned in PAPR have not been exported as they are not
implemented in QEMU / don't make sense in QEMU.
Implement saving of CPU state according to the PAPR document
Signed-off-by: Aditya Gupta <adityag@linux.ibm.com>
Reviewed-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Tested-by: Shivang Upadhyay <shivangu@linux.ibm.com>
Link: https://lore.kernel.org/qemu-devel/20251021134823.1861675-5-adityag@linux.ibm.com
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
While the first kernel boots, it registers memory regions for fadump
such as:
* CPU state data (has to be populated by the platform)
* HPTE state data (has to be populated by the platform)
* Real Mode Regions (platform should copy it to requested
destination addresses)
* OS defined regions (such as parameter save area)
Platform is also expected to modify the 'bytes_dumped' to the length of
data preserved/copied by platform (ideally same as the source length
passed by kernel).
The kernel passes source address and length for the memory regions, and
a destination address to where the memory is to be copied.
Implement the preserving/copying of the Real Mode Regions and the
Parameter Save Area in QEMU Pseries
The regions are copied in chunks instead of copying all at once.
Signed-off-by: Aditya Gupta <adityag@linux.ibm.com>
Reviewed-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Tested-by: Shivang Upadhyay <shivangu@linux.ibm.com>
Link: https://lore.kernel.org/qemu-devel/20251021134823.1861675-4-adityag@linux.ibm.com
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
According to PAPR:
R1–7.3.30–3. When the platform receives an ibm,os-term RTAS call, or
on a system reset without an ibm,nmi-interlock RTAS call, if the
platform has a dump structure registered through the
ibm,configure-kernel-dump call, the platform must process each
registered kernel dump section as required and, when available,
present the dump structure information to the operating system
through the “ibm,kernel-dump” property, updated with status for each
dump section, until the dump has been invalidated through the
ibm,configure-kernel-dump RTAS call.
If Fadump has been registered, trigger an Fadump boot (memory preserving
boot), if QEMU recieves a 'ibm,os-term' rtas call.
Implementing the fadump boot as:
* pause all vcpus (will need to save registers later)
* preserve memory regions specified by fadump (will be implemented
in future)
* do a memory preserving reboot (GUEST_RESET in QEMU doesn't clear
the memory)
Memory regions registered by fadump will be handled in a later patch.
Note: Preserving memory regions is not implemented yet so on an
"ibm,os-term" call will just trigger a reboot in QEMU if fadump is
registered, and the second kernel will boot as a normal boot (not
fadump boot)
Signed-off-by: Aditya Gupta <adityag@linux.ibm.com>
Reviewed-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Tested-by: Shivang Upadhyay <shivangu@linux.ibm.com>
Link: https://lore.kernel.org/qemu-devel/20251021134823.1861675-3-adityag@linux.ibm.com
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Add skeleton to handle "ibm,configure-kernel-dump" rtas call in QEMU,
including register, unregister and invalidate commands.
The register just verifies the structure of the fadump memory structure
passed by kernel, and set fadump_registered in spapr state to true.
Verify basic details mandated by the PAPR, such as number of
inputs/output, and add handling for the three fadump commands:
regiser/unregister/invalidate.
The checks are based on the table in following requirement in PAPR v2.13:
"R1–7.3.30–1. For the Configure Platform Assisted Kernel Dump option ..."
Relevant section for the register command in PAPR is:
Section 7.3.30: "ibm,configure-kernel-dump RTAS call" (PAPR v2.13)
Note: Any modifications made by the kernel to the fadump memory
structure after the 'ibm,configure-kernel-dump' RTAS call returns will
not be reflected in QEMU, as QEMU retains the fadump memory structure
that was provided during fadump registration.
The kernel must unregister and re-register fadump to apply any changes
to the fadump memory structure.
Signed-off-by: Aditya Gupta <adityag@linux.ibm.com>
Reviewed-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Tested-by: Shivang Upadhyay <shivangu@linux.ibm.com>
Link: https://lore.kernel.org/qemu-devel/20251021134823.1861675-2-adityag@linux.ibm.com
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Remove the pseries-4.2 machine specific logic as had been deprecated and
due for removal now as per policy.
Suggested-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20251021084346.73671-12-philmd@linaro.org
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Remove the pseries-4.1 machine specific logic as had been deprecated and
due for removal now as per policy.
Suggested-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20251021084346.73671-11-philmd@linaro.org
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
The SpaprMachineClass::phb_placement callback was only used by
the pseries-4.0 machine, which got removed. Remove it as now
unused, directly calling spapr_phb_placement().
Move spapr_phb_placement() definition to avoid forward declaration.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Chinmay Rath <rathc@linux.ibm.com>
Link: https://lore.kernel.org/qemu-devel/20251021084346.73671-10-philmd@linaro.org
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
pseries-4.0 had been deprecated and due for removal now as per policy.
Also remove pre-4.1 migration hacks which were introduced for backward
compatibility.
Suggested-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
[PMD: Remove SpaprMachineClass::pre_4_1_migration field]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20251021084346.73671-9-philmd@linaro.org
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
pseries-3.1 had been deprecated and due for removal now as per policy.
Also remove backward compatibility flags and related code introduced for
pre pseries-4.0 machines.
Suggested-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20251021084346.73671-4-philmd@linaro.org
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
The SpaprMachineClass::nr_xirqs field was only used by the
pseries-3.0 machine, which got removed. Remove it as now unused.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20251021084346.73671-3-philmd@linaro.org
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
pseries-3.0 had been deprecated and due for removal now as per policy.
Also remove legacy irq support which existed for pre pseries-3.1 machines.
Suggested-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20251021084346.73671-2-philmd@linaro.org
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
* Fix CPR transfer
* Add support for VFIO_DMA_UNMAP_FLAG_ALL
* Fix vfio-user documentation
* Update Alex Williamson's email address
* Fix for vfio-region cache for the vGPU use case
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmj4y4QACgkQUaNDx8/7
7KFGOw/8DRo/tRCW5q5uQj8T5DPQqL7QSBsZ50Zbtxn31xAstx8d30waxNCYGyMz
/LzKHATb/MFKtM4pZnQS9fVQRXsHaiFyokIx58u+xZpbxrAs8WeBsBgepftkid9+
Mv88plvFdMRZuIiEmAZOvuIcCWjAMjDwJ60o/InykQR6Y2a+LawAy2Jp30wAp5q4
7RH4+CkjKP4G00WAjhi1cRZjjBOa8xA+BvD5CDMlZKpURnSivjK0K5XQARWpj3aG
X0Ggg8LVsE98iJtq7g/+233QfCiuHe+c7FvVd+c6svg18n0uEYzfUUI0MGJPUtWS
zxUlhDcNoy0XCVIb5Dd3QG+8NfetMV5T4oNrhZADRBjKHBk+OuJfI9yZFwAzXlKl
n9hVRk/HVIsdi2f5OtRgUNJYhuph0gkryNPQQRDgPb8XLip/OeLRQJ4qUyZ4XuYA
nfU3vZWFwfPdhfbqU6koa49VTIJTx2TGj/naFAeqLhJolGVTdjgXoJTIS62y58gd
eKxJwkB0sVv7em8VvjhdsOPMdeosU/ZS82aM6B0u5PB/DepsG1tq5RSSkbmozgYJ
6muXwOsSwMQbvsf2KVy70kQCuTb5sKyWr2BlS8tvya5LV7BPbNNlOqtnapekCh+B
C2cP1MAVs2LcKNQwI2avrDrb7mun6uupFtA3Ci7gxxbBulMQZTA=
=O4HA
-----END PGP SIGNATURE-----
Merge tag 'pull-vfio-20251022' of https://github.com/legoater/qemu into staging
vfio queue:
* Fix CPR transfer
* Add support for VFIO_DMA_UNMAP_FLAG_ALL
* Fix vfio-user documentation
* Update Alex Williamson's email address
* Fix for vfio-region cache for the vGPU use case
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmj4y4QACgkQUaNDx8/7
# 7KFGOw/8DRo/tRCW5q5uQj8T5DPQqL7QSBsZ50Zbtxn31xAstx8d30waxNCYGyMz
# /LzKHATb/MFKtM4pZnQS9fVQRXsHaiFyokIx58u+xZpbxrAs8WeBsBgepftkid9+
# Mv88plvFdMRZuIiEmAZOvuIcCWjAMjDwJ60o/InykQR6Y2a+LawAy2Jp30wAp5q4
# 7RH4+CkjKP4G00WAjhi1cRZjjBOa8xA+BvD5CDMlZKpURnSivjK0K5XQARWpj3aG
# X0Ggg8LVsE98iJtq7g/+233QfCiuHe+c7FvVd+c6svg18n0uEYzfUUI0MGJPUtWS
# zxUlhDcNoy0XCVIb5Dd3QG+8NfetMV5T4oNrhZADRBjKHBk+OuJfI9yZFwAzXlKl
# n9hVRk/HVIsdi2f5OtRgUNJYhuph0gkryNPQQRDgPb8XLip/OeLRQJ4qUyZ4XuYA
# nfU3vZWFwfPdhfbqU6koa49VTIJTx2TGj/naFAeqLhJolGVTdjgXoJTIS62y58gd
# eKxJwkB0sVv7em8VvjhdsOPMdeosU/ZS82aM6B0u5PB/DepsG1tq5RSSkbmozgYJ
# 6muXwOsSwMQbvsf2KVy70kQCuTb5sKyWr2BlS8tvya5LV7BPbNNlOqtnapekCh+B
# C2cP1MAVs2LcKNQwI2avrDrb7mun6uupFtA3Ci7gxxbBulMQZTA=
# =O4HA
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 22 Oct 2025 07:18:12 AM CDT
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg: aka "Cédric Le Goater <clg@kaod.org>" [full]
* tag 'pull-vfio-20251022' of https://github.com/legoater/qemu:
vfio: only check region info cache for initial regions
vfio: rename field to "num_initial_regions"
MAINTAINERS: Update Alex Williamson's email address
docs/system/devices/vfio-user: fix formatting
vfio/listener: Add an assertion for unmap_all
vfio/iommufd: Support unmap all in one ioctl()
vfio/container: Support unmap all in one ioctl()
accel/kvm: Fix an erroneous check on coalesced_mmio_ring
vfio/iommufd: Restore vbasedev's reference to hwpt after CPR transfer
vfio/iommufd: Set cpr.ioas_id on source side for CPR transfer
vfio/cpr-legacy: drop an erroneous assert
vfio/container: Remap only populated parts in a section
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* Improve AST2700 co-processor models
* Add vbootrom support to the ast2700fc multi-soc machine
* Bump SDK version to v09.08 for the ast2700fc machine
* Add 32 bits property for Aspeed GPIOs
* Change ast2600-evb machine flash model to w25q512jv
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmj4ziMACgkQUaNDx8/7
7KFBBxAAy6LnSZDA9XncZsqVe1Vk254OLdwHAlOVgFD7pBDXp12qNBMJHyjw8QmV
sxxQXyyLARq4z+P58HMdEBvqdwtdyrieo7lv7QsR8zhYa/HSJtFQmnwRVFKA9lS5
vAJ1TRi+B29ff24DC2CVBjnAgjrvE0lxmcXoLhObFdc2gU4Gzd+Oia91Nbgf35gA
NjfgIjMs1wKLO5SICCGDhW5bsdm2jYS+b5dP35VuvizfSihlUQMAbdnSXzLk2aT+
iimik/aOAv/Tu3nV8G6RmQ/aWZhRNvuTGfBnK0AnSCWnQP6/9a9y+gp61mDzD8ht
6hpLgEbBTwldjdrvaejg1iYQ04szYNiIYRTxT7ral4sIkCEi0tg4yzOcpHLfSnr1
1YT3Z1+Z2z7w3jAsd/SqMfQXksLQR3G/51tGkatxHMJ4IScdt/cASZWXK3RlhXH1
YrQjiF5GuanM0oMcbyhgoq+sWNXP4EIWC3i6ER7H6MSRlfIjG+27kuxfnzJuZtDU
iAq4YD0tckoivhixvdv2OiT9IdYCDAeb/TMRy+5Xdf36D8NOhyoQUBgHeIhow6yJ
nCNPyCkM4HnpgkF0C+fyPBTqUP2AQ8NiTzBQA1bLorSjEN/9LMKvY9lwkEammp8/
VnfeoIzNHIupeEcFCO+vgomHBKo/i4DeetrQYGDGkicvR7ztP8k=
=mivB
-----END PGP SIGNATURE-----
Merge tag 'pull-aspeed-20251022' of https://github.com/legoater/qemu into staging
aspeed queue:
* Improve AST2700 co-processor models
* Add vbootrom support to the ast2700fc multi-soc machine
* Bump SDK version to v09.08 for the ast2700fc machine
* Add 32 bits property for Aspeed GPIOs
* Change ast2600-evb machine flash model to w25q512jv
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmj4ziMACgkQUaNDx8/7
# 7KFBBxAAy6LnSZDA9XncZsqVe1Vk254OLdwHAlOVgFD7pBDXp12qNBMJHyjw8QmV
# sxxQXyyLARq4z+P58HMdEBvqdwtdyrieo7lv7QsR8zhYa/HSJtFQmnwRVFKA9lS5
# vAJ1TRi+B29ff24DC2CVBjnAgjrvE0lxmcXoLhObFdc2gU4Gzd+Oia91Nbgf35gA
# NjfgIjMs1wKLO5SICCGDhW5bsdm2jYS+b5dP35VuvizfSihlUQMAbdnSXzLk2aT+
# iimik/aOAv/Tu3nV8G6RmQ/aWZhRNvuTGfBnK0AnSCWnQP6/9a9y+gp61mDzD8ht
# 6hpLgEbBTwldjdrvaejg1iYQ04szYNiIYRTxT7ral4sIkCEi0tg4yzOcpHLfSnr1
# 1YT3Z1+Z2z7w3jAsd/SqMfQXksLQR3G/51tGkatxHMJ4IScdt/cASZWXK3RlhXH1
# YrQjiF5GuanM0oMcbyhgoq+sWNXP4EIWC3i6ER7H6MSRlfIjG+27kuxfnzJuZtDU
# iAq4YD0tckoivhixvdv2OiT9IdYCDAeb/TMRy+5Xdf36D8NOhyoQUBgHeIhow6yJ
# nCNPyCkM4HnpgkF0C+fyPBTqUP2AQ8NiTzBQA1bLorSjEN/9LMKvY9lwkEammp8/
# VnfeoIzNHIupeEcFCO+vgomHBKo/i4DeetrQYGDGkicvR7ztP8k=
# =mivB
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 22 Oct 2025 07:29:23 AM CDT
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg: aka "Cédric Le Goater <clg@kaod.org>" [full]
* tag 'pull-aspeed-20251022' of https://github.com/legoater/qemu:
hw/arm/aspeed: Remove ast2700fc self-aliasing
hw/arm/aspeed: ast2600-evb: Use w25q512jv flash model
tests/qtest: Add qtest for for ASPEED GPIO gpio-set property
hw/gpio: Add property for ASPEED GPIO in 32 bits basis
tests/functional/aarch64/ast2700fc: Add vbootrom test
tests/functional/aarch64/ast2700fc: Move coprocessor image loading to common function
tests/functional/aarch64/ast2700fc: Add eth2 network interface check in PCIe test
tests/functional/aarch64/ast2700fc: Update test ASPEED SDK v09.08
hw/arm/aspeed_ast27x0-fc: Add VBOOTROM support
hw/arm/aspeed_ast27x0-fc: Map FMC0 flash contents into CA35 boot ROM
hw/arm/ast27x0: Share single UART set across PSP, SSP, and TSP
hw/arm/ast27x0: Share single SCU instance across PSP, SSP, and TSP
hw/arm/ast27x0: Add SRAM link and alias mapping for TSP coprocessor
hw/arm/ast27x0: Add SRAM link and alias mapping for SSP coprocessor
hw/arm/aspeed_ast27x0-tsp: Add SDRAM region and fix naming and size to 512MB
hw/arm/aspeed_ast27x0-ssp: Add SDRAM region and fix naming and size to 512MB
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This adds the hmp variant of the query-firmware-log qmp command.
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20251017115006.2696991-3-kraxel@redhat.com>
When adding the TargetInfo::@endianness field in commit a37aec2e7d,
we neglected to include the "qapi-types-common.h" header to get the
EndianMode enum definition. Fix that.
Fixes: a37aec2e7d ("qemu/target-info: Add target_endian_mode()")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <20251020220941.65269-10-philmd@linaro.org>
In the original model, each subsystem (PSP, SSP, and TSP) created its own
set of 13 UART devices, resulting in a total of 39 UART instances. However,
on real AST2700 hardware, there is only one set of 13 UARTs shared among
all processors.
This commit reworks the UART handling to correctly model the shared
hardware design. The PSP now creates the full set of 13 UART instances,
while the SSP and TSP link to the corresponding shared UART device
through object properties.
Changes include:
- Add "DEFINE_PROP_LINK("uart", ...)" and "DEFINE_PROP_INT32("uart-dev", ...)"
to allow each coprocessor to reference a specific shared UART instance.
- Modify SSP to link to PSP’s UART4, and TSP to link to PSP’s UART7.
- Introduce "uart_alias" to remap the UART’s MMIO region into the coprocessor’s
memory space.
- Redirect the UART interrupt to the coprocessor’s NVIC, replacing the
default routing to the PSP’s GIC.
With this change, only one set of 13 UART devices is instantiated by the PSP,
while the SSP and TSP reuse them via aliasing and shared interrupt routing,
matching the real AST2700 hardware behavior.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20251015062210.3128710-7-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
