Am 15.05.23 um 10:32 schrieb Juan Quintela:
> When we detect that we have broken backwards compantibility in a
compatibility
(...)
> +
> +In qemu-8.0 we got this commit: ::
> +
> +commit 9a6ef182c03eaa138bae553f0fbb5a123bef9a53
> +Author: Jonathan Cameron
> +Date: Thu Mar 2 13:37:
CCing Markus for some advice.
On Tue, May 16, 2023 at 11:04:21AM -0500, Jonathon Jongsma wrote:
On 5/15/23 5:10 AM, Stefano Garzarella wrote:
On Thu, May 11, 2023 at 11:03:22AM -0500, Jonathon Jongsma wrote:
On 5/11/23 4:15 AM, Stefano Garzarella wrote:
The virtio-blk-vhost-vdpa driver in lib
Hi Mostafa,
On 5/16/23 22:33, Mostafa Saleh wrote:
> Parse stage-2 configuration from STE and populate it in SMMUS2Cfg.
> Validity of field values are checked when possible.
>
> Only AA64 tables are supported and Small Translation Tables (STT) are
> not supported.
>
> According to SMMUv3 UM(IHI007
Now that the st*_p and ld*_p functions can be used from common code,
too, we can move ioport.c from specific_ss into softmmu_ss to avoid
that we have to compile it multiple times.
Signed-off-by: Thomas Huth
---
softmmu/ioport.c| 2 +-
softmmu/meson.build | 2 +-
2 files changed, 2 insertions
Assuming that the code in ioport.c is not too performance critical,
we can move this to the target-independent source set after
reworking the ld*_p and st*_p helper functions a little bit.
This way, ioport.c has only to be compiled once and not multiple
times anymore (one time for each target), so
This will allow to move more code into the target independent source set.
Signed-off-by: Thomas Huth
---
include/exec/cpu-all.h | 25
include/exec/tswap.h | 66 ++
2 files changed, 66 insertions(+), 25 deletions(-)
diff --git a/include/
On 2023/5/17 10:27, Alistair Francis wrote:
On Sun, Apr 23, 2023 at 11:39 PM Yong Li wrote:
The firmware may be specified with -bios
and the plfash0 device with option -drive if=pflash.
If both options are applied, it is intented that the pflash0 will
store the secure variable and the firmware
From: Paolo Bonzini
If hostlen is zero, there is a possibility that addrstr[hostlen - 1]
underflows and, if a closing bracked is there, hostlen - 2 is passed
to g_strndup() on the next line. If websocket==false then
addrstr[0] would be a colon, but if websocket==true this could in
principle happ
From: Shivaprasad G Bhat
The float32_exp2 function is computing wrong exponent of 2.
For example, with the following set of values {0.1, 2.0, 2.0, -1.0},
the expected output would be {1.071773, 4.00, 4.00, 0.50}.
Instead, the function is computing {1.119102, 3.382044, 3.382044, -0.19
From: Yang Zhong
The previous patch wrongly replaced FEAT_XSAVE_XCR0_{LO|HI} with
FEAT_XSAVE_XSS_{LO|HI} in CPUID(EAX=12,ECX=1):{ECX,EDX}. As a result,
SGX enclaves only supported SSE and x87 feature (xfrm=0x3).
Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")
Signe
From: Wang Liang
hmp_commit() calls blk_is_available() from a non-coroutine context (and
in the main loop). blk_is_available() is a co_wrapper_mixed_bdrv_rdlock
function, and in the non-coroutine context it calls AIO_WAIT_WHILE(),
which crashes if the aio_context lock is not taken before.
Resolv
From: Peter Maydell
The msf2-emac ethernet controller has functions emac_load_desc() and
emac_store_desc() which read and write the in-memory descriptor
blocks and handle conversion between guest and host endianness.
As currently written, emac_store_desc() does the endianness
conversion in-place
From: Kevin Wolf
These functions must not be called in coroutine context, because they
need write access to the graph.
Cc: qemu-sta...@nongnu.org
Signed-off-by: Kevin Wolf
Reviewed-by: Eric Blake
Reviewed-by: Stefan Hajnoczi
Message-Id: <20230504115750.54437-4-kw...@redhat.com>
Signed-off-by:
From: Peter Maydell
We currently don't correctly handle the VSTCR_EL2.SW and VTCR_EL2.NSW
configuration bits. These allow configuration of whether the stage 2
page table walks for Secure IPA and NonSecure IPA should do their
descriptor reads from Secure or NonSecure physical addresses. (This
is
From: Thomas Weißschuh
This can be used to validate that an address range is mapped but without
being readable or writable.
It will be used by an updated implementation of mincore().
Signed-off-by: Thomas Weißschuh
Reviewed-by: Laurent Vivier
Message-Id: <20230422100314.1650-2-tho...@t-8ch.de
From: Alex Bennée
We are a bit premature in recommending -blockdev/-device as the best
way to configure block devices. It seems there are times the more
human friendly -drive still makes sense especially when -snapshot is
involved.
Improve the language to hopefully make things clearer.
Suggeste
From: Cédric Le Goater
When writing the secondary-CPU stub boot loader code to the guest,
use arm_write_bootloader() instead of directly calling
rom_add_blob_fixed(). This fixes a bug on big-endian hosts, because
arm_write_bootloader() will correctly byte-swap the host-byte-order
array values in
From: Ilya Leoshkevich
Fix a problem similar to the one fixed by commit 703d03a4aaf3
("target/s390x: Fix EXECUTE of relative long instructions"), but now
for relative branches.
Reported-by: Nina Schoetterl-Glausch
Signed-off-by: Ilya Leoshkevich
Reviewed-by: Richard Henderson
Message-Id: <202
From: Bin Meng
When reading a non-existent CSR QEMU should raise illegal instruction
exception, but currently it just exits due to the g_assert() check.
This actually reverts commit 0ee342256af9205e7388efdf193a6d8f1ba1a617.
Some comments are also added to indicate that predicate() must be
provid
From: Thomas Weißschuh
Signed-off-by: Thomas Weißschuh
Reviewed-by: Laurent Vivier
[lv: define syscall]
Message-Id: <20230424153429.276788-1-tho...@t-8ch.de>
Signed-off-by: Laurent Vivier
---
linux-user/syscall.c | 33 +
1 file changed, 33 insertions(+)
diff -
From: Thomas Huth
This way we can get rid of the if'deffery and the XXX comment
here (it's repeated in the list_cpus() function anyway).
Signed-off-by: Thomas Huth
Reviewed-by: Richard Henderson
Reviewed-by: Philippe Mathieu-Daudé
Message-Id: <20230424122126.236586-1-th...@redhat.com>
Signed-
From: Afonso Bordado
RISC-V does not expose all extensions via hwcaps, thus some userspace
applications may want to query these via /proc/cpuinfo.
Currently when querying this file the host's file is shown instead
which is slightly confusing. Emulate a basic /proc/cpuinfo file
with mmu info and
From: Thomas Weißschuh
The kernel does not require PROT_READ for addresses passed to mincore.
For example the fincore(1) tool from util-linux uses PROT_NONE and
currently does not work under qemu-user.
Example (with fincore(1) from util-linux 2.38):
$ fincore /proc/self/exe
RES PAGES SIZE FILE
From: Kevin Wolf
This QMP handler runs in a coroutine, so it must use the corresponding
no_co_wrappers instead.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2185688
Cc: qemu-sta...@nongnu.org
Signed-off-by: Kevin Wolf
Reviewed-by: Eric Blake
Reviewed-by: Stefan Hajnoczi
Message-Id: <202
From: Peter Maydell
When writing the secondary-CPU stub boot loader code to the guest,
use arm_write_bootloader() instead of directly calling
rom_add_blob_fixed(). This fixes a bug on big-endian hosts, because
arm_write_bootloader() will correctly byte-swap the host-byte-order
array values into
From: Peter Maydell
In allwinner_sdhost_process_desc() we just read directly from
guest memory into a host TransferDescriptor struct and back.
This only works on little-endian hosts. Abstract the reading
and writing of descriptors into functions that handle the
byte-swapping so that TransferDescr
From: Cédric Le Goater
GCC13 reports an error :
../util/async.c: In function ‘aio_bh_poll’:
include/qemu/queue.h:303:22: error: storing the address of local variable
‘slice’ in ‘*ctx.bh_slice_list.sqh_last’ [-Werror=dangling-pointer=]
303 | (head)->sqh_last = &(elm)->field.sqe_next;
From: LIU Zhiwei
When I boot a ubuntu image, QEMU output a "Bad icount read" message and exit.
The reason is that when execute helper_mret or helper_sret, it will
cause a call to icount_get_raw_locked (), which needs set can_do_io flag
on cpustate.
Thus we setting this flag when execute these tw
From: Peter Maydell
The Allwinner PIC model uses set_bit() and clear_bit() to update the
values in its irq_pending[] array when an interrupt arrives. However
it is using these functions wrongly: they work on an array of type
'long', and it is passing an array of type 'uint32_t'. Because the
cod
From: Richard Henderson
A copy-paste bug had us looking at the victim cache for writes.
Cc: qemu-sta...@nongnu.org
Reported-by: Peter Maydell
Signed-off-by: Richard Henderson
Fixes: 08dff435e2 ("tcg: Probe the proper permissions for atomic ops")
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by
From: Peter Maydell
In check_s2_mmu_setup() we have a check that is attempting to
implement the part of AArch64.S2MinTxSZ that is specific to when EL1
is AArch32:
if !s1aarch64 then
// EL1 is AArch32
min_txsz = Min(min_txsz, 24);
Unfortunately we got this wrong in two ways:
From: Kevin Wolf
Migration code can call bdrv_activate() in coroutine context, whereas
other callers call it outside of coroutines. As it calls other code that
is not supposed to run in coroutines, standardise on running outside of
coroutines.
This adds a no_co_wrapper to switch to the main loop
From: Paolo Bonzini
meson.build files choose whether to build modules based on foo.found()
expressions. If a feature is enabled (e.g. --enable-gtk), these expressions
are true even if the code is not used by any emulator, and this results
in an unexpected difference between modular and non-modul
Hi Mostafa,
On 5/16/23 22:33, Mostafa Saleh wrote:
> This patch series adds stage-2 translation support for SMMUv3. It is
> controlled by a new system property “arm-smmuv3.stage”.
> - When set to “1”: Stage-1 only would be advertised and supported (default
> behaviour)
> - When set to “2”: Stage-2
From: Stefan Hajnoczi
Most export types install BlockDeviceOps pointers. It is easy to forget
to remove them because that happens automatically via the "drive" qdev
property in hw/ but not block/export/.
Put blk_set_dev_ops(blk, NULL, NULL) calls in the core export.c code so
the export types don
From: Thomas Weißschuh
The correct error number for unknown ioctls is ENOTTY.
ENOSYS would mean that the ioctl() syscall itself is not implemented,
which is very improbable and unexpected for userspace.
ENOTTY means "Inappropriate ioctl for device". This is what the kernel
returns on unknown io
From: Peter Maydell
In allwinner-sun8i-emac we just read directly from guest memory into
a host FrameDescriptor struct and back. This only works on
little-endian hosts. Reading and writing of descriptors is already
abstracted into functions; make those functions also handle the
byte-swapping so
From: Peter Maydell
In commit 5242876f37ca we deprecated the dtb-kaslr-seed property of
the virt board, but forgot the "since n.n" tag in the documentation
of this in deprecated.rst.
This deprecation note first appeared in the 7.1 release, so
retrospectively add the correct "since 7.1" annotatio
From: Cédric Le Goater
The arm boot.c code includes a utility function write_bootloader()
which assists in writing a boot-code fragment into guest memory,
including handling endianness and fixing it up with entry point
addresses and similar things. This is useful not just for the boot.c
code but
From: Axel Heider
Fix issue reported by Coverity.
Signed-off-by: Axel Heider
Message-id: 168070611775.20412.288324207730284147...@git.sr.ht
Reviewed-by: Peter Maydell
Signed-off-by: Peter Maydell
(cherry picked from commit 542fd43d79327dabe62e49ff584ca60b6184923a)
Signed-off-by: Michael Tokar
The following changes since commit 7c18f2d663521f1b31b821a13358ce38075eaf7d:
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
(2023-04-29 23:07:17 +0100)
are available in the Git repository at:
https://github.com/vivier/qemu.git tags/linux-user-for-8.1-pull-request
From: Kevin Wolf
job_cancel_locked() drops the job list lock temporarily and it may call
aio_poll(). We must assume that the list has changed after this call.
Also, with unlucky timing, it can end up freeing the job during
job_completed_txn_abort_locked(), making the job pointer invalid, too.
Fo
From: Thomas Weißschuh
Signed-off-by: Thomas Weißschuh
Reviewed-by: Laurent Vivier
Message-Id: <20230424153429.276788-2-tho...@t-8ch.de>
[lv: move declaration at the beginning of the block,
define syscall]
Signed-off-by: Laurent Vivier
---
linux-user/syscall.c | 33 ++
From: Peter Maydell
In several places in the 32-bit Arm translate.c, we try to use
load_cpu_field() to load from a CPUARMState field into a TCGv_i32
where the field is actually 64-bit. This works on little-endian
hosts, but gives the wrong half of the register on big-endian.
Add a new load_cpu_f
Hi everyone,
The following new patches are queued for QEMU stable v8.0.1:
https://gitlab.com/qemu-project/qemu/-/commits/staging-8.0
Patch freeze is 2023-05-27, and the release is planned for 2023-06-29:
https://wiki.qemu.org/Planning/8.0
Please respond here or CC qemu-sta...@nongnu.org on
From: Shivaprasad G Bhat
In function do_extractm() the mask is calculated as
dup_const(1 << (element_width - 1)). '1' being signed int
works fine for MO_8,16,32. For MO_64, on PPC64 host
this ends up becoming 0 on compilation. The vextractdm
uses MO_64, and it ends up having mask as 0.
Explicitl
From: Jonathan Cameron
Reproduce issue with
configure --enable-qom-cast-debug ...
qemu-system-x86_64 -display none -machine q35,cxl=on -device pxb-cxl,bus=pcie.0
hw/pci-bridge/pci_expander_bridge.c:54:PXB_DEV: Object 0x5570e0b1ada0 is not
an instance of type pxb
Aborted
The type conversi
From: Richard Henderson
The REXW bit must be set to produce a 64-bit pointer result; the
bit is disabled in 32-bit mode, so we can do this unconditionally.
Fixes: 7d9e1ee424b0 ("tcg/i386: Adjust assert in tcg_out_addi_ptr")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1592
Resolves: h
From: Jason Andryuk
xen_9pfs_free can't use gnttabdev since it is already closed and NULL-ed
out when free is called. Do the teardown in _disconnect(). This
matches the setup done in _connect().
trace-events are also added for the XenDevOps functions.
Signed-off-by: Jason Andryuk
Reviewed-by
From: Peter Maydell
When we take a PNG screenshot the ordering of the colour channels in
the data is not correct, resulting in the image having weird
colouring compared to the actual display. (Specifically, on a
little-endian host the blue and red channels are swapped; on
big-endian everything i
From: Akihiko Odaki
kvm_arm_init_debug() used to be called several times on a SMP system as
kvm_arch_init_vcpu() calls it. Move the call to kvm_arch_init() to make
sure it will be called only once; otherwise it will overwrite pointers
to memory allocated with the previous call and leak it.
Fixes
From: Igor Mammedov
with Q35 using ACPI PCI hotplug by default, user's request to unplug
device is ignored when it's issued before guest OS has been booted.
And any additional attempt to request device hot-unplug afterwards
results in following error:
"Device XYZ is already in the process of u
From: Daniil Kovalev
If a program requires fr1, we should set the FR bit of CP0 control status
register and add F64 hardware flag. The corresponding `else if` branch
statement is copied from the linux kernel sources (see `arch_check_elf` function
in linux/arch/mips/kernel/elf.c).
Signed-off-by:
From: Michael Tokarev
linux-user getgroups(), setgroups(), getgroups32() and setgroups32()
used alloca() to allocate grouplist arrays, with unchecked gidsetsize
coming from the "guest". With NGROUPS_MAX being 65536 (linux, and it
is common for an application to allocate NGROUPS_MAX for getgroups
Signed-off-by: Mohamed ElSayed
---
hw/watchdog/tm4c123_watchdog.c | 297 +
hw/watchdog/trace-events | 3 +
include/hw/watchdog/tm4c123_watchdog.h | 97
3 files changed, 397 insertions(+)
create mode 100644 hw/watchdog/tm4c123_watchdog.c
From: Axel Heider
Fix the limit check. If the limit is less than the compare value,
the timer can never reach this value, thus it will never fire.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1491
Signed-off-by: Axel Heider
Message-id: 168070611775.20412.288324207730284147...@git.sr.
This contribution aims to add the Tiva C support into QEMU.
The code could be found at https://github.com/moesay/qemu_TivaC
Mohamed ElSayed (8):
The tivac board initial machine definition
tiva c usart module implementation
tiva c gpio implementation
tiva c sysctl implementation
tiva c wa
Signed-off-by: Mohamed ElSayed
---
hw/arm/tivac.c| 56 ++
hw/arm/tm4c123gh6pm_soc.c | 275 ++
include/hw/arm/tm4c123gh6pm_soc.h | 71
3 files changed, 402 insertions(+)
create mode 100644 hw/arm/tivac.c
create mode 100644 hw
Signed-off-by: Mohamed ElSayed
---
hw/char/tm4c123_usart.c | 381
hw/char/trace-events| 4 +
include/hw/char/tm4c123_usart.h | 124 +++
3 files changed, 509 insertions(+)
create mode 100644 hw/char/tm4c123_usart.c
create mode 100644
On Tue, May 16, 2023 at 03:26:25PM -0400, Jonah Palmer wrote:
> The virtio_list duplicates information about virtio devices that already
> exist in the QOM composition tree. Instead of creating this list of
> realized virtio devices, search the QOM composition tree instead.
>
> This patch modifies
Signed-off-by: Mohamed ElSayed
---
hw/timer/tm4c123_gptm.c | 495
hw/timer/trace-events | 5 +
include/hw/timer/tm4c123_gptm.h | 131 +
3 files changed, 631 insertions(+)
create mode 100644 hw/timer/tm4c123_gptm.c
create mode 100644 i
Signed-off-by: Mohamed ElSayed
---
docs/system/arm/tivac.rst | 47 +++
1 file changed, 47 insertions(+)
create mode 100644 docs/system/arm/tivac.rst
diff --git a/docs/system/arm/tivac.rst b/docs/system/arm/tivac.rst
new file mode 100644
index 00..8e78
Signed-off-by: Mohamed ElSayed
---
hw/misc/tm4c123_sysctl.c | 989 +++
hw/misc/trace-events | 5 +
include/hw/misc/tm4c123_sysctl.h | 307 ++
3 files changed, 1301 insertions(+)
create mode 100644 hw/misc/tm4c123_sysctl.c
create mode 100
Signed-off-by: Mohamed ElSayed
---
MAINTAINERS | 9 +
configs/devices/arm-softmmu/default.mak | 1 +
hw/arm/Kconfig | 13 +
hw/arm/meson.build | 3 +++
hw/char/Kconfig | 3 +++
Signed-off-by: Mohamed ElSayed
---
hw/gpio/tm4c123_gpio.c | 372 +
hw/gpio/trace-events | 4 +
include/hw/gpio/tm4c123_gpio.h | 127 +++
3 files changed, 503 insertions(+)
create mode 100644 hw/gpio/tm4c123_gpio.c
create mode 100644 in
On Wed, May 17, 2023 at 7:22 AM Jason Wang wrote:
>
> On Sat, May 6, 2023 at 10:07 PM Hawkins Jiawei wrote:
> >
> > This patch introduces the vhost_vdpa_net_cvq_add() and
> > refactors the vhost_vdpa_net_load*(), so that QEMU can
> > send CVQ state load commands in parallel.
> >
> > To be more sp
Het Gala wrote:
> On 15/05/23 4:12 pm, Daniel P. Berrangé wrote:
>> On Fri, May 12, 2023 at 02:32:40PM +, Het Gala wrote:
>>> Integrated MigrateChannelList with all transport backends (socket, exec
>>> and rdma) for both source and destination migration code flow.
>>>
>>> Suggested-by: Aravind
On 17/05/2023 10.00, Michael Tokarev wrote:
Hi everyone,
The following new patches are queued for QEMU stable v8.0.1:
https://gitlab.com/qemu-project/qemu/-/commits/staging-8.0
Patch freeze is 2023-05-27, and the release is planned for 2023-06-29:
https://wiki.qemu.org/Planning/8.0
Ple
17.05.2023 11:00, Michael Tokarev пишет:
Hi everyone,
The following new patches are queued for QEMU stable v8.0.1:
https://gitlab.com/qemu-project/qemu/-/commits/staging-8.0
Patch freeze is 2023-05-27, and the release is planned for 2023-06-29:
And this sure meant to be 2023-05-29, May, n
On Wed, May 17, 2023 at 02:57:12PM +1000, Alistair Francis wrote:
> On Mon, May 8, 2023 at 9:45 PM Andrea Bolognani wrote:
> > > > Taking a step back, what is even the use case for having M-mode code
> > > > in pflash0? If you want to use an M-mode firmware, can't you just use
> > > > -bios instea
On Tue, May 16, 2023 at 08:33:07PM +, Mostafa Saleh wrote:
> This patch series can be used to run Linux pKVM SMMUv3 patches (currently on
> the list)
> which controls stage-2 (from EL2) while providing a paravirtualized
> interface the host(EL1)
> https://lore.kernel.org/kvmarm/20230201125328.
From: Cédric Le Goater
The arm boot.c code includes a utility function write_bootloader()
which assists in writing a boot-code fragment into guest memory,
including handling endianness and fixing it up with entry point
addresses and similar things. This is useful not just for the boot.c
code but
From: Peter Maydell
The msf2-emac ethernet controller has functions emac_load_desc() and
emac_store_desc() which read and write the in-memory descriptor
blocks and handle conversion between guest and host endianness.
As currently written, emac_store_desc() does the endianness
conversion in-place
From: Igor Mammedov
with Q35 using ACPI PCI hotplug by default, user's request to unplug
device is ignored when it's issued before guest OS has been booted.
And any additional attempt to request device hot-unplug afterwards
results in following error:
"Device XYZ is already in the process of u
From: Peter Maydell
The Allwinner PIC model uses set_bit() and clear_bit() to update the
values in its irq_pending[] array when an interrupt arrives. However
it is using these functions wrongly: they work on an array of type
'long', and it is passing an array of type 'uint32_t'. Because the
cod
From: Shivaprasad G Bhat
In function do_extractm() the mask is calculated as
dup_const(1 << (element_width - 1)). '1' being signed int
works fine for MO_8,16,32. For MO_64, on PPC64 host
this ends up becoming 0 on compilation. The vextractdm
uses MO_64, and it ends up having mask as 0.
Explicitl
From: Paolo Bonzini
If hostlen is zero, there is a possibility that addrstr[hostlen - 1]
underflows and, if a closing bracked is there, hostlen - 2 is passed
to g_strndup() on the next line. If websocket==false then
addrstr[0] would be a colon, but if websocket==true this could in
principle happ
From: Peter Maydell
In allwinner_sdhost_process_desc() we just read directly from
guest memory into a host TransferDescriptor struct and back.
This only works on little-endian hosts. Abstract the reading
and writing of descriptors into functions that handle the
byte-swapping so that TransferDescr
From: Peter Maydell
In allwinner-sun8i-emac we just read directly from guest memory into
a host FrameDescriptor struct and back. This only works on
little-endian hosts. Reading and writing of descriptors is already
abstracted into functions; make those functions also handle the
byte-swapping so
From: Cédric Le Goater
GCC13 reports an error :
../util/async.c: In function ‘aio_bh_poll’:
include/qemu/queue.h:303:22: error: storing the address of local variable
‘slice’ in ‘*ctx.bh_slice_list.sqh_last’ [-Werror=dangling-pointer=]
303 | (head)->sqh_last = &(elm)->field.sqe_next;
From: Peter Maydell
When writing the secondary-CPU stub boot loader code to the guest,
use arm_write_bootloader() instead of directly calling
rom_add_blob_fixed(). This fixes a bug on big-endian hosts, because
arm_write_bootloader() will correctly byte-swap the host-byte-order
array values into
From: Ilya Leoshkevich
Fix a problem similar to the one fixed by commit 703d03a4aaf3
("target/s390x: Fix EXECUTE of relative long instructions"), but now
for relative branches.
Reported-by: Nina Schoetterl-Glausch
Signed-off-by: Ilya Leoshkevich
Reviewed-by: Richard Henderson
Signed-off-by: T
From: Kevin Wolf
job_cancel_locked() drops the job list lock temporarily and it may call
aio_poll(). We must assume that the list has changed after this call.
Also, with unlucky timing, it can end up freeing the job during
job_completed_txn_abort_locked(), making the job pointer invalid, too.
Fo
From: Alex Bennée
We are a bit premature in recommending -blockdev/-device as the best
way to configure block devices. It seems there are times the more
human friendly -drive still makes sense especially when -snapshot is
involved.
Improve the language to hopefully make things clearer.
Suggeste
From: Wang Liang
hmp_commit() calls blk_is_available() from a non-coroutine context (and
in the main loop). blk_is_available() is a co_wrapper_mixed_bdrv_rdlock
function, and in the non-coroutine context it calls AIO_WAIT_WHILE(),
which crashes if the aio_context lock is not taken before.
Resolv
From: Peter Maydell
When we take a PNG screenshot the ordering of the colour channels in
the data is not correct, resulting in the image having weird
colouring compared to the actual display. (Specifically, on a
little-endian host the blue and red channels are swapped; on
big-endian everything i
From: Paolo Bonzini
meson.build files choose whether to build modules based on foo.found()
expressions. If a feature is enabled (e.g. --enable-gtk), these expressions
are true even if the code is not used by any emulator, and this results
in an unexpected difference between modular and non-modul
From: Greg Kurz
This reverts commit db8a3772e300c1a656331a92da0785d81667dc81.
Motivation : this is breaking vhost-user with DPDK as reported in [0].
Received unexpected msg type. Expected 22 received 40
Fail to update device iotlb
Received unexpected msg type. Expected 40 received 22
Received u
From: Akihiko Odaki
kvm_arm_init_debug() used to be called several times on a SMP system as
kvm_arch_init_vcpu() calls it. Move the call to kvm_arch_init() to make
sure it will be called only once; otherwise it will overwrite pointers
to memory allocated with the previous call and leak it.
Fixes
From: Carlos López
In virtqueue_{split,packed}_get_avail_bytes() descriptors are read
in a loop via MemoryRegionCache regions and calls to
vring_{split,packed}_desc_read() - these take a region cache and the
index of the descriptor to be read.
For direct descriptors we use a cache provided by th
From: Cédric Le Goater
When writing the secondary-CPU stub boot loader code to the guest,
use arm_write_bootloader() instead of directly calling
rom_add_blob_fixed(). This fixes a bug on big-endian hosts, because
arm_write_bootloader() will correctly byte-swap the host-byte-order
array values in
From: Shivaprasad G Bhat
The float32_exp2 function is computing wrong exponent of 2.
For example, with the following set of values {0.1, 2.0, 2.0, -1.0},
the expected output would be {1.071773, 4.00, 4.00, 0.50}.
Instead, the function is computing {1.119102, 3.382044, 3.382044, -0.19
From: LIU Zhiwei
When I boot a ubuntu image, QEMU output a "Bad icount read" message and exit.
The reason is that when execute helper_mret or helper_sret, it will
cause a call to icount_get_raw_locked (), which needs set can_do_io flag
on cpustate.
Thus we setting this flag when execute these tw
Hi everyone,
I intend to release at least one more 7.2.x release, maybe keep it
going for a while. This is another attempt at it.
The following new patches are queued for QEMU stable v7.2.3:
https://gitlab.com/qemu-project/qemu/-/commits/staging-7.2
Patch freeze is 2023-05-27, and the releas
From: Chuck Zmudzinski
Intel specifies that the Intel IGD must occupy slot 2 on the PCI bus,
as noted in docs/igd-assign.txt in the Qemu source code.
Currently, when the xl toolstack is used to configure a Xen HVM guest with
Intel IGD passthrough to the guest with the Qemu upstream device model,
From: Jason Andryuk
xen_9pfs_free can't use gnttabdev since it is already closed and NULL-ed
out when free is called. Do the teardown in _disconnect(). This
matches the setup done in _connect().
trace-events are also added for the XenDevOps functions.
Signed-off-by: Jason Andryuk
Reviewed-by
From: Yang Zhong
The previous patch wrongly replaced FEAT_XSAVE_XCR0_{LO|HI} with
FEAT_XSAVE_XSS_{LO|HI} in CPUID(EAX=12,ECX=1):{ECX,EDX}. As a result,
SGX enclaves only supported SSE and x87 feature (xfrm=0x3).
Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")
Signe
From: Richard Henderson
A copy-paste bug had us looking at the victim cache for writes.
Cc: qemu-sta...@nongnu.org
Reported-by: Peter Maydell
Signed-off-by: Richard Henderson
Fixes: 08dff435e2 ("tcg: Probe the proper permissions for atomic ops")
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by
From: Peter Maydell
In commit 5242876f37ca we deprecated the dtb-kaslr-seed property of
the virt board, but forgot the "since n.n" tag in the documentation
of this in deprecated.rst.
This deprecation note first appeared in the 7.1 release, so
retrospectively add the correct "since 7.1" annotatio
From: Albert Esteve
During protocol negotiation, when we the QEMU
stub does not support a backend with F_CONFIG,
it throws a warning and supresses the
VHOST_USER_PROTOCOL_F_CONFIG bit.
However, the warning uses warn_reportf_err macro
and passes an unitialized errp pointer. However,
the macro tri
1 - 100 of 417 matches
Mail list logo
