<feed xmlns='http://www.w3.org/2005/Atom'>
<title>qemu/target, branch master</title>
<subtitle>QEMU development tree</subtitle>
<id>https://git.zx2c4.com/qemu/atom/target?h=master</id>
<link rel='self' href='https://git.zx2c4.com/qemu/atom/target?h=master'/>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/'/>
<updated>2024-08-20T23:11:26Z</updated>
<entry>
<title>target/i386: Fix tss access size in switch_tss_ra</title>
<updated>2024-08-20T23:11:26Z</updated>
<author>
<name>Richard Henderson</name>
<email>richard.henderson@linaro.org</email>
</author>
<published>2024-08-19T07:39:55Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=ded1db48c9f9b35f6d9569e53503e2b345f6d44e'/>
<id>urn:sha1:ded1db48c9f9b35f6d9569e53503e2b345f6d44e</id>
<content type='text'>
The two limit_max variables represent size - 1, just like the
encoding in the GDT, thus the 'old' access was off by one.
Access the minimal size of the new tss: the complete tss contains
the iopb, which may be a larger block than the access api expects,
and irrelevant because the iopb is not accessed during the
switch itself.

Fixes: 8b131065080a ("target/i386/tcg: use X86Access for TSS access")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2511
Signed-off-by: Richard Henderson &lt;richard.henderson@linaro.org&gt;
Message-Id: &lt;20240819074052.207783-1-richard.henderson@linaro.org&gt;
Reviewed-by: Peter Maydell &lt;peter.maydell@linaro.org&gt;
Reviewed-by: Pierrick Bouvier &lt;pierrick.bouvier@linaro.org&gt;
</content>
</entry>
<entry>
<title>target/i386: Fix carry flag for BLSI</title>
<updated>2024-08-20T23:11:26Z</updated>
<author>
<name>Richard Henderson</name>
<email>richard.henderson@linaro.org</email>
</author>
<published>2024-08-01T07:57:45Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=83a3a20e59fa4b1add714bb4062af0d144b67ab7'/>
<id>urn:sha1:83a3a20e59fa4b1add714bb4062af0d144b67ab7</id>
<content type='text'>
BLSI has inverted semantics for C as compared to the other two
BMI1 instructions, BLSMSK and BLSR.  Introduce CC_OP_BLSI* for
this purpose.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2175
Signed-off-by: Richard Henderson &lt;richard.henderson@linaro.org&gt;
Reviewed-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
Message-Id: &lt;20240801075845.573075-3-richard.henderson@linaro.org&gt;
</content>
</entry>
<entry>
<title>target/i386: Split out gen_prepare_val_nz</title>
<updated>2024-08-20T23:11:26Z</updated>
<author>
<name>Richard Henderson</name>
<email>richard.henderson@linaro.org</email>
</author>
<published>2024-08-01T07:42:36Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=266d6dddbd85286e64004499f6f8f6fad15e5521'/>
<id>urn:sha1:266d6dddbd85286e64004499f6f8f6fad15e5521</id>
<content type='text'>
Split out the TCG_COND_TSTEQ logic from gen_prepare_eflags_z,
and use it for CC_OP_BMILG* as well.  Prepare for requiring
both zero and non-zero senses.

Reviewed-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
Signed-off-by: Richard Henderson &lt;richard.henderson@linaro.org&gt;
Message-Id: &lt;20240801075845.573075-2-richard.henderson@linaro.org&gt;
</content>
</entry>
<entry>
<title>Merge tag 'hw-misc-20240820' of https://github.com/philmd/qemu into staging</title>
<updated>2024-08-19T23:17:41Z</updated>
<author>
<name>Richard Henderson</name>
<email>richard.henderson@linaro.org</email>
</author>
<published>2024-08-19T23:17:41Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=76277cf82f0e1123bd69ec59d22014b8f78485ec'/>
<id>urn:sha1:76277cf82f0e1123bd69ec59d22014b8f78485ec</id>
<content type='text'>
Various fixes

- Null pointer dereference in IPI IOCSR (Jiaxun)
- Correct '-smbios type=4' in man page (Heinrich)
- Use correct MMU index in MIPS get_pte (Phil)
- Reset MPQEMU remote message using device_cold_reset (Peter)
- Update linux-user MIPS CPU list (Phil)
- Do not let exec_command read console if no pattern to wait for (Nick)
- Remove shadowed declaration warning (Pierrick)
- Restrict STQF opcode to SPARC V9 (Richard)
- Add missing Kconfig dependency for POWERNV ISA serial port (Bernhard)
- Do not allow vmport device without i8042 PS/2 controller (Kamil)
- Fix QCryptoTLSCredsPSK leak (Peter)

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmbDzAsACgkQ4+MsLN6t
# wN7SvBAAwM0Frtg4ZKDZQu8XgMjLq1xVoSWjC3YJZKTpyGap5gO+7StvHg0sf9iB
# YyGqocCO+qdj9a7pTSasfGDyufpwoIZkOqkwGUWKBos76cOcHWt4e/gkl9O65Lf1
# VVKX4/xdY+a5w2eVAAdWWrYdaPWkKLm0ZZXKoeSIvN4R9A41j7J4kANhE2SweczF
# NnTt2gBnSlpRzghlVWPJKhnq+aYbvLeR7ApdNGUJDpSI1ZTh9gH1GtZFwBN7aeDo
# PvDucoui0EmuyHTVdOYOH3zihTfzKlNZECcT3Y6/6i8y5p7jLHyINHHexsKw6T56
# i5RidJMPTfM0EO6LU1GvUN5FzZy24zXOf298Fe/GMYczQsOznQd4+aFHYPb3d4hZ
# 8Vc1wB1s8XF5WGj+7bchBAUdynUnbwUqfMOb2pMXLIm21pSDnOTVgmYMnp1Kt4AA
# 9WbHiS6tUJf/HjQsep8BBNGUiVSsUPDNNhL8QN43u2C0NgNRPgtRuIV+ytgVXS1G
# 2t1QiRX0lX4ACHmw88agUCU3OhorumuDOpoitQK5jn2VutT7TqbGgibkQMFSgn9E
# Xwrmtlf7nYU9MVgXYJjH2bBh7wbOmQCqbHniEj0targkxccAMJoswG4vtKsP9zkd
# tBs6qMiZ8qSj5eoq8JBRF8bF4tONmboPZjRlboACJ0kTD5wCElA=
# =lPMG
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Aug 2024 08:49:47 AM AEST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) &lt;f4bug@amsat.org&gt;" [full]

* tag 'hw-misc-20240820' of https://github.com/philmd/qemu:
  crypto/tlscredspsk: Free username on finalize
  hw/i386/pc: Ensure vmport prerequisites are fulfilled
  hw/i386/pc: Unify vmport=auto handling
  hw/ppc/Kconfig: Add missing SERIAL_ISA dependency to POWERNV machine
  target/sparc: Restrict STQF to sparcv9
  contrib/plugins/execlog: Fix shadowed declaration warning
  tests/avocado: Mark ppc_hv_tests.py as non-flaky after fixed console interaction
  tests/avocado: exec_command should not consume console output
  linux-user/mips: Select Loongson CPU for Loongson binaries
  linux-user/mips: Select MIPS64R2-generic for Rel2 binaries
  linux-user/mips: Select Octeon68XX CPU for Octeon binaries
  linux-user/mips: Do not try to use removed R5900 CPU
  hw/remote/message.c: Don't directly invoke DeviceClass:reset
  hw/dma/xilinx_axidma: Use semicolon at end of statement, not comma
  target/mips: Load PTE as DATA
  target/mips: Use correct MMU index in get_pte()
  target/mips: Pass page table entry size as MemOp to get_pte()
  qemu-options.hx: correct formatting -smbios type=4
  hw/mips/loongson3_virt: Fix condition of IPI IOCSR connection
  hw/mips/loongson3_virt: Store core_iocsr into LoongsonMachineState

Signed-off-by: Richard Henderson &lt;richard.henderson@linaro.org&gt;
</content>
</entry>
<entry>
<title>target/sparc: Restrict STQF to sparcv9</title>
<updated>2024-08-19T22:49:14Z</updated>
<author>
<name>Richard Henderson</name>
<email>richard.henderson@linaro.org</email>
</author>
<published>2024-08-16T07:23:06Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=12d36294a2d978faf893101862118d1ac1815e85'/>
<id>urn:sha1:12d36294a2d978faf893101862118d1ac1815e85</id>
<content type='text'>
Prior to sparcv9, the same encoding was STDFQ.

Cc: qemu-stable@nongnu.org
Fixes: 06c060d9e5b ("target/sparc: Move simple fp load/store to decodetree")
Signed-off-by: Richard Henderson &lt;richard.henderson@linaro.org&gt;
Reviewed-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
Message-ID: &lt;20240816072311.353234-2-richard.henderson@linaro.org&gt;
Signed-off-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
</content>
</entry>
<entry>
<title>target/mips: Load PTE as DATA</title>
<updated>2024-08-19T22:38:48Z</updated>
<author>
<name>Philippe Mathieu-Daudé</name>
<email>philmd@linaro.org</email>
</author>
<published>2024-08-13T15:22:37Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=44017c66556da85168d31380ca36f0311d37a1a8'/>
<id>urn:sha1:44017c66556da85168d31380ca36f0311d37a1a8</id>
<content type='text'>
PTE is not CODE so load it as normal DATA access.

Fixes: 074cfcb4da ("Implement hardware page table walker for MIPS32")
Suggested-by: Richard Henderson &lt;richard.henderson@linaro.org&gt;
Signed-off-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
Reviewed-by: Richard Henderson &lt;richard.henderson@linaro.org&gt;
Message-ID: &lt;20240814090452.2591-4-philmd@linaro.org&gt;
</content>
</entry>
<entry>
<title>target/mips: Use correct MMU index in get_pte()</title>
<updated>2024-08-19T22:38:48Z</updated>
<author>
<name>Philippe Mathieu-Daudé</name>
<email>philmd@linaro.org</email>
</author>
<published>2024-08-13T10:05:42Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=7ce9760d64e8a884f044f95a1f32f96c2e0fafa0'/>
<id>urn:sha1:7ce9760d64e8a884f044f95a1f32f96c2e0fafa0</id>
<content type='text'>
When refactoring page_table_walk_refill() in commit 4e999bf419
we missed the indirect call to cpu_mmu_index() in get_pte():

  page_table_walk_refill()
  -&gt; get_pte()
     -&gt; cpu_ld[lq]_code()
        -&gt; cpu_mmu_index()

Since we don't mask anymore the modes in hflags, cpu_mmu_index()
can return UM or SM, while we only expect KM or ERL.

Fix by propagating ptw_mmu_idx to get_pte(), and use the
cpu_ld/st_code_mmu() API with the correct MemOpIdx.

Reported-by: Thomas Petazzoni &lt;thomas.petazzoni@bootlin.com&gt;
Reported-by: Waldemar Brodkorb &lt;wbx@uclibc-ng.org&gt;
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2470
Fixes: 4e999bf419 ("target/mips: Pass ptw_mmu_idx down from mips_cpu_tlb_fill")
Signed-off-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
Reviewed-by: Richard Henderson &lt;richard.henderson@linaro.org&gt;
Message-ID: &lt;20240814090452.2591-3-philmd@linaro.org&gt;
</content>
</entry>
<entry>
<title>target/mips: Pass page table entry size as MemOp to get_pte()</title>
<updated>2024-08-19T22:38:48Z</updated>
<author>
<name>Philippe Mathieu-Daudé</name>
<email>philmd@linaro.org</email>
</author>
<published>2024-08-13T13:30:31Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=453ba4f675f751fe4dceaff57ac1ebf72f28f6d0'/>
<id>urn:sha1:453ba4f675f751fe4dceaff57ac1ebf72f28f6d0</id>
<content type='text'>
In order to simplify the next commit, pass the PTE size as MemOp.

Rename:

  native_shift -&gt; native_op
  directory_shift -&gt; directory_mop
  leaf_shift -&gt; leaf_mop

Suggested-by: Richard Henderson &lt;richard.henderson@linaro.org&gt;
Reviewed-by: Richard Henderson &lt;richard.henderson@linaro.org&gt;
Signed-off-by: Philippe Mathieu-Daudé &lt;philmd@linaro.org&gt;
Message-ID: &lt;20240814090452.2591-2-philmd@linaro.org&gt;
</content>
</entry>
<entry>
<title>target/i386: allow access_ptr to force slow path on failed probe</title>
<updated>2024-08-16T13:04:19Z</updated>
<author>
<name>Alex Bennée</name>
<email>alex.bennee@linaro.org</email>
</author>
<published>2024-08-13T20:23:15Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=cf584a908acd62bf7bc08b8f7a055209f497a266'/>
<id>urn:sha1:cf584a908acd62bf7bc08b8f7a055209f497a266</id>
<content type='text'>
When we are using TCG plugin memory callbacks probe_access_internal
will return TLB_MMIO to force the slow path for memory access. This
results in probe_access returning NULL but the x86 access_ptr function
happily accepts an empty haddr resulting in segfault hilarity.

Check for an empty haddr to prevent the segfault and enable plugins to
track all the memory operations for the x86 save/restore helpers. As
we also want to run the slow path when instrumenting *-user we should
also not have the short cutting test_ptr macro.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2489
Fixes: 6d03226b42 (plugins: force slow path when plugins instrument memory ops)
Reviewed-by: Alexandre Iooss &lt;erdnaxe@crans.org&gt;
Reviewed-by: Richard Henderson &lt;richard.henderson@linaro.org&gt;
Signed-off-by: Alex Bennée &lt;alex.bennee@linaro.org&gt;
Message-Id: &lt;20240813202329.1237572-8-alex.bennee@linaro.org&gt;
</content>
</entry>
<entry>
<title>target/s390x: fix build warning (gcc-12 -fsanitize=thread)</title>
<updated>2024-08-15T14:33:56Z</updated>
<author>
<name>Pierrick Bouvier</name>
<email>pierrick.bouvier@linaro.org</email>
</author>
<published>2024-08-14T22:41:31Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/qemu/commit/?id=e4a4edc10ab6a621e1c18eb73fc3e6f5d3f7c2e1'/>
<id>urn:sha1:e4a4edc10ab6a621e1c18eb73fc3e6f5d3f7c2e1</id>
<content type='text'>
Found on debian stable.

../target/s390x/tcg/translate.c: In function ‘get_mem_index’:
../target/s390x/tcg/translate.c:398:1: error: control reaches end of non-void function [-Werror=return-type]
  398 | }

Signed-off-by: Pierrick Bouvier &lt;pierrick.bouvier@linaro.org&gt;
Acked-by: Ilya Leoshkevich &lt;iii@linux.ibm.com&gt;
Message-ID: &lt;20240814224132.897098-4-pierrick.bouvier@linaro.org&gt;
Signed-off-by: Thomas Huth &lt;thuth@redhat.com&gt;
</content>
</entry>
</feed>
