[PULL 0/5] Misc patch queue

[PULL 0/5] Misc patch queue

[Richard Henderson]

The following changes since commit 69f153667fce723ee546d2f047d66d0cfa67c3cc:

  Merge tag 'memory-api-20211231' of https://github.com/philmd/qemu into staging (2021-12-30 17:02:42 -0800)

are available in the Git repository at:

  https://gitlab.com/rth7680/qemu.git tags/pull-misc-20220103

for you to fetch changes up to 5c23f0c3191907000bab278654570a7d5879822a:

  gitlab: Disable check-python-tox (2022-01-03 08:55:55 -0800)

----------------------------------------------------------------
Fix some meson conversion breakage
Disable check-python-tox
Fix emulation of hppa STBY insn

----------------------------------------------------------------
Richard Henderson (5):
      meson: Unify mips and mips64 in host_arch
      tests/tcg: Use $cpu in configure.sh
      tests/tcg: Unconditionally use 90 second timeout
      target/hppa: Fix atomic_store_3 for STBY
      gitlab: Disable check-python-tox

 configure                      |  2 +-
 meson.build                    |  2 +
 target/hppa/op_helper.c        | 27 +++++++------
 tests/tcg/hppa/stby.c          | 87 ++++++++++++++++++++++++++++++++++++++++++
 .gitlab-ci.d/static_checks.yml |  2 +
 tests/tcg/Makefile.target      | 12 +++---
 tests/tcg/configure.sh         |  2 +-
 tests/tcg/hppa/Makefile.target |  5 +++
 8 files changed, 118 insertions(+), 21 deletions(-)
 create mode 100644 tests/tcg/hppa/stby.c

Re: [PULL 0/5] Misc patch queue

[Richard Henderson]

On 1/3/22 9:33 AM, Richard Henderson wrote:
> The following changes since commit 69f153667fce723ee546d2f047d66d0cfa67c3cc:
> 
>    Merge tag 'memory-api-20211231' of https://github.com/philmd/qemu into staging (2021-12-30 17:02:42 -0800)
> 
> are available in the Git repository at:
> 
>    https://gitlab.com/rth7680/qemu.git tags/pull-misc-20220103
> 
> for you to fetch changes up to 5c23f0c3191907000bab278654570a7d5879822a:
> 
>    gitlab: Disable check-python-tox (2022-01-03 08:55:55 -0800)
> 
> ----------------------------------------------------------------
> Fix some meson conversion breakage
> Disable check-python-tox
> Fix emulation of hppa STBY insn
> 
> ----------------------------------------------------------------
> Richard Henderson (5):
>        meson: Unify mips and mips64 in host_arch
>        tests/tcg: Use $cpu in configure.sh
>        tests/tcg: Unconditionally use 90 second timeout
>        target/hppa: Fix atomic_store_3 for STBY
>        gitlab: Disable check-python-tox
> 
>   configure                      |  2 +-
>   meson.build                    |  2 +
>   target/hppa/op_helper.c        | 27 +++++++------
>   tests/tcg/hppa/stby.c          | 87 ++++++++++++++++++++++++++++++++++++++++++
>   .gitlab-ci.d/static_checks.yml |  2 +
>   tests/tcg/Makefile.target      | 12 +++---
>   tests/tcg/configure.sh         |  2 +-
>   tests/tcg/hppa/Makefile.target |  5 +++
>   8 files changed, 118 insertions(+), 21 deletions(-)
>   create mode 100644 tests/tcg/hppa/stby.c

Applied.

r~

[PULL 0/5] misc patch queue

[Richard Henderson]

The following changes since commit 93b799fafd9170da3a79a533ea6f73a18de82e22:

  Merge tag 'pull-ppc-for-9.1-2-20240726-1' of https://gitlab.com/npiggin/qemu into staging (2024-07-26 15:10:45 +1000)

are available in the Git repository at:

  https://gitlab.com/rth7680/qemu.git tags/pull-misc-20240730

for you to fetch changes up to d9b019e0a05cbbaa184815dd201b25006950c6d7:

  linux-user: open_self_stat: Implement num_threads (2024-07-30 07:59:23 +1000)

----------------------------------------------------------------
util/getauxval: Ensure setting errno if not found
util/getauxval: Use elf_aux_info on OpenBSD
linux-user: open_self_stat: Implement num_threads
target/rx: Use target_ulong for address in LI

----------------------------------------------------------------
Brad Smith (1):
      util/cpuinfo: Make use of elf_aux_info(3) on OpenBSD

Fabio D'Urso (1):
      linux-user: open_self_stat: Implement num_threads

Richard Henderson (1):
      target/rx: Use target_ulong for address in LI

Vivian Wang (2):
      util/getauxval: Ensure setting errno if not found
      linux-user/main: Check errno when getting AT_EXECFD

 linux-user/main.c      |  3 ++-
 linux-user/syscall.c   | 10 ++++++++++
 target/rx/translate.c  |  3 ++-
 util/cpuinfo-aarch64.c |  9 ++++++---
 util/cpuinfo-ppc.c     |  5 +++--
 util/getauxval.c       |  9 +++++++--
 meson.build            |  8 ++++++++
 7 files changed, 38 insertions(+), 9 deletions(-)

Re: [PULL 0/5] misc patch queue

[Richard Henderson]

On 7/30/24 11:11, Richard Henderson wrote:
> The following changes since commit 93b799fafd9170da3a79a533ea6f73a18de82e22:
> 
>    Merge tag 'pull-ppc-for-9.1-2-20240726-1' of https://gitlab.com/npiggin/qemu into staging (2024-07-26 15:10:45 +1000)
> 
> are available in the Git repository at:
> 
>    https://gitlab.com/rth7680/qemu.git tags/pull-misc-20240730
> 
> for you to fetch changes up to d9b019e0a05cbbaa184815dd201b25006950c6d7:
> 
>    linux-user: open_self_stat: Implement num_threads (2024-07-30 07:59:23 +1000)
> 
> ----------------------------------------------------------------
> util/getauxval: Ensure setting errno if not found
> util/getauxval: Use elf_aux_info on OpenBSD
> linux-user: open_self_stat: Implement num_threads
> target/rx: Use target_ulong for address in LI
> 
> ----------------------------------------------------------------
> Brad Smith (1):
>        util/cpuinfo: Make use of elf_aux_info(3) on OpenBSD
> 
> Fabio D'Urso (1):
>        linux-user: open_self_stat: Implement num_threads
> 
> Richard Henderson (1):
>        target/rx: Use target_ulong for address in LI
> 
> Vivian Wang (2):
>        util/getauxval: Ensure setting errno if not found
>        linux-user/main: Check errno when getting AT_EXECFD
> 
>   linux-user/main.c      |  3 ++-
>   linux-user/syscall.c   | 10 ++++++++++
>   target/rx/translate.c  |  3 ++-
>   util/cpuinfo-aarch64.c |  9 ++++++---
>   util/cpuinfo-ppc.c     |  5 +++--
>   util/getauxval.c       |  9 +++++++--
>   meson.build            |  8 ++++++++
>   7 files changed, 38 insertions(+), 9 deletions(-)


Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/9.1 as appropriate.

r~

[PULL 0/5] misc patch queue

[Richard Henderson]

Two x86 fixes and one {bsd,linux}-user fix.

r~


The following changes since commit 9eb5bfbe3394b92fb37cc6f155ceea4d6c9e401c:

  Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging (2024-08-20 21:29:52 +1000)

are available in the Git repository at:

  https://gitlab.com/rth7680/qemu.git tags/pull-misc-20240821

for you to fetch changes up to ded1db48c9f9b35f6d9569e53503e2b345f6d44e:

  target/i386: Fix tss access size in switch_tss_ra (2024-08-21 09:11:26 +1000)

----------------------------------------------------------------
target/i386: Fix carry flag for BLSI
target/i386: Fix tss access size in switch_tss_ra
linux-user: Handle short reads in mmap_h_gt_g
bsd-user: Handle short reads in mmap_h_gt_g

----------------------------------------------------------------
Richard Henderson (5):
      linux-user: Handle short reads in mmap_h_gt_g
      bsd-user: Handle short reads in mmap_h_gt_g
      target/i386: Split out gen_prepare_val_nz
      target/i386: Fix carry flag for BLSI
      target/i386: Fix tss access size in switch_tss_ra

 target/i386/cpu.h                        |  5 ++++
 bsd-user/mmap.c                          | 38 +++++++++++++++++++++++++--
 linux-user/mmap.c                        | 44 +++++++++++++++++++++++++++-----
 target/i386/tcg/cc_helper.c              | 18 +++++++++++++
 target/i386/tcg/seg_helper.c             |  5 ++--
 target/i386/tcg/translate.c              | 27 ++++++++++++++------
 tests/tcg/x86_64/test-2175.c             | 24 +++++++++++++++++
 target/i386/tcg/cc_helper_template.h.inc | 18 +++++++++++++
 target/i386/tcg/emit.c.inc               |  2 +-
 tests/tcg/x86_64/Makefile.target         |  1 +
 10 files changed, 163 insertions(+), 19 deletions(-)
 create mode 100644 tests/tcg/x86_64/test-2175.c

Re: [PULL 0/5] misc patch queue

[Richard Henderson]

On 8/21/24 12:25, Richard Henderson wrote:
> The following changes since commit 9eb5bfbe3394b92fb37cc6f155ceea4d6c9e401c:
> 
>    Merge tag 'for_upstream' ofhttps://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging (2024-08-20 21:29:52 +1000)
> 
> are available in the Git repository at:
> 
>    https://gitlab.com/rth7680/qemu.git tags/pull-misc-20240821
> 
> for you to fetch changes up to ded1db48c9f9b35f6d9569e53503e2b345f6d44e:
> 
>    target/i386: Fix tss access size in switch_tss_ra (2024-08-21 09:11:26 +1000)
> 
> ----------------------------------------------------------------
> target/i386: Fix carry flag for BLSI
> target/i386: Fix tss access size in switch_tss_ra
> linux-user: Handle short reads in mmap_h_gt_g
> bsd-user: Handle short reads in mmap_h_gt_g


Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/9.1 as appropriate.

r~

[PULL 0/5] misc patch queue

[Richard Henderson]

The following changes since commit 917ac07f9aef579b9538a81d45f45850aba42906:

  Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2025-11-05 16:07:18 +0100)

are available in the Git repository at:

  https://gitlab.com/rth7680/qemu.git tags/pull-misc-20251110

for you to fetch changes up to 4f503afc7eb503997fedad84f24e2cdf696a7a0e:

  target/x86: Correctly handle invalid 0x0f 0xc7 0xxx insns (2025-11-10 12:02:45 +0100)

----------------------------------------------------------------
accel/tcg: Trace tb_flush() calls
accel/tcg: Trace tb_gen_code() buffer overflow
qapi/parser: Mollify mypy
tests/functional: Mark another MIPS replay test as flaky
target/x86: Correctly handle invalid 0x0f 0xc7 0xxx insns

----------------------------------------------------------------
Markus Armbruster (1):
      qapi/parser: Mollify mypy

Peter Maydell (1):
      target/x86: Correctly handle invalid 0x0f 0xc7 0xxx insns

Philippe Mathieu-Daudé (3):
      accel/tcg: Trace tb_flush() calls
      accel/tcg: Trace tb_gen_code() buffer overflow
      tests/functional: Mark another MIPS replay test as flaky

 accel/tcg/tb-maint.c                     | 3 ++-
 accel/tcg/translate-all.c                | 3 +++
 accel/tcg/trace-events                   | 4 ++++
 scripts/qapi/parser.py                   | 2 +-
 target/i386/tcg/decode-new.c.inc         | 2 ++
 tests/functional/mips64el/test_replay.py | 1 +
 6 files changed, 13 insertions(+), 2 deletions(-)

[PULL 1/5] accel/tcg: Trace tb_flush() calls

[Richard Henderson]

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250925035610.80605-2-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/tb-maint.c   | 3 ++-
 accel/tcg/trace-events | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/accel/tcg/tb-maint.c b/accel/tcg/tb-maint.c
index 5a8d0784e7..cd7c32361b 100644
--- a/accel/tcg/tb-maint.c
+++ b/accel/tcg/tb-maint.c
@@ -40,7 +40,7 @@
 #else
 #include "system/runstate.h"
 #endif
-
+#include "trace.h"
 
 /* List iterators for lists of tagged pointers in TranslationBlock. */
 #define TB_FOR_EACH_TAGGED(head, tb, n, field)                          \
@@ -771,6 +771,7 @@ void tb_flush__exclusive_or_serial(void)
 {
     CPUState *cpu;
 
+    trace_tb_flush();
     assert(tcg_enabled());
     /* Note that cpu_in_serial_context checks cpu_in_exclusive_context. */
     assert(!runstate_is_running() ||
diff --git a/accel/tcg/trace-events b/accel/tcg/trace-events
index 14f638810c..121d6b5081 100644
--- a/accel/tcg/trace-events
+++ b/accel/tcg/trace-events
@@ -24,3 +24,6 @@ store_atom2_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIx
 store_atom4_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR""
 store_atom8_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR""
 store_atom16_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR""
+
+# tb-maint.c
+tb_flush(void) ""
-- 
2.43.0

[PULL 2/5] accel/tcg: Trace tb_gen_code() buffer overflow

[Richard Henderson]

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250925035610.80605-3-philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
 accel/tcg/translate-all.c | 3 +++
 accel/tcg/trace-events    | 1 +
 2 files changed, 4 insertions(+)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index da9d7f1675..fba4e9dc21 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -290,6 +290,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu, TCGTBCPUState s)
     if (unlikely(!tb)) {
         /* flush must be done */
         if (cpu_in_serial_context(cpu)) {
+            trace_tb_gen_code_buffer_overflow("tcg_tb_alloc");
             tb_flush__exclusive_or_serial();
             goto buffer_overflow;
         }
@@ -325,6 +326,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu, TCGTBCPUState s)
     if (unlikely(gen_code_size < 0)) {
         switch (gen_code_size) {
         case -1:
+            trace_tb_gen_code_buffer_overflow("setjmp_gen_code");
             /*
              * Overflow of code_gen_buffer, or the current slice of it.
              *
@@ -389,6 +391,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu, TCGTBCPUState s)
 
     search_size = encode_search(tb, (void *)gen_code_buf + gen_code_size);
     if (unlikely(search_size < 0)) {
+        trace_tb_gen_code_buffer_overflow("encode_search");
         tb_unlock_pages(tb);
         goto buffer_overflow;
     }
diff --git a/accel/tcg/trace-events b/accel/tcg/trace-events
index 121d6b5081..0816cafd33 100644
--- a/accel/tcg/trace-events
+++ b/accel/tcg/trace-events
@@ -12,6 +12,7 @@ memory_notdirty_set_dirty(uint64_t vaddr) "0x%" PRIx64
 
 # translate-all.c
 translate_block(void *tb, uintptr_t pc, const void *tb_code) "tb:%p, pc:0x%"PRIxPTR", tb_code:%p"
+tb_gen_code_buffer_overflow(const char *reason) "reason: %s"
 
 # ldst_atomicity
 load_atom2_fallback(uint32_t memop, uintptr_t ra) "mop:0x%"PRIx32", ra:0x%"PRIxPTR""
-- 
2.43.0

[PULL 3/5] qapi/parser: Mollify mypy

[Richard Henderson]

From: Markus Armbruster <armbru@redhat.com>

re.match(r'^ *', ...) can't fail, but mypy doesn't know that and
complains:

    scripts/qapi/parser.py:444: error: Item "None" of "Match[str] | None" has no attribute "end"  [union-attr]

Work around by using must_match() instead.

Fixes: 8107ba47fd78 (qapi: Add documentation format validation)
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251105152219.311154-1-armbru@redhat.com>
---
 scripts/qapi/parser.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/qapi/parser.py b/scripts/qapi/parser.py
index 1bb1af7051..c3cf33904e 100644
--- a/scripts/qapi/parser.py
+++ b/scripts/qapi/parser.py
@@ -441,7 +441,7 @@ def get_doc_line(self) -> Optional[str]:
             self._literal_mode = True
             self._literal_mode_indent = 0
         elif self._literal_mode and line:
-            indent = re.match(r'^ *', line).end()
+            indent = must_match(r'\s*', line).end()
             if self._literal_mode_indent == 0:
                 self._literal_mode_indent = indent
             elif indent < self._literal_mode_indent:
-- 
2.43.0

[PULL 4/5] tests/functional: Mark another MIPS replay test as flaky

[Richard Henderson]

From: Philippe Mathieu-Daudé <philmd@linaro.org>

When disabling MIPS tests on commit 1c11aa18071
("tests/functional: Mark the MIPS replay tests as flaky")
we missed the 5KEc test.

Reported-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251104145955.84091-1-philmd@linaro.org>
---
 tests/functional/mips64el/test_replay.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/functional/mips64el/test_replay.py b/tests/functional/mips64el/test_replay.py
index 05cc585f85..e9318448fa 100755
--- a/tests/functional/mips64el/test_replay.py
+++ b/tests/functional/mips64el/test_replay.py
@@ -40,6 +40,7 @@ def test_replay_mips64el_malta(self):
         '75ba10cd35fb44e32948eeb26974f061b703c81c4ba2fab1ebcacf1d1bec3b61')
 
     @skipUntrustedTest()
+    @skipFlakyTest("https://gitlab.com/qemu-project/qemu/-/issues/2013")
     def test_replay_mips64el_malta_5KEc_cpio(self):
         self.set_machine('malta')
         self.cpu = '5KEc'
-- 
2.43.0

[PULL 5/5] target/x86: Correctly handle invalid 0x0f 0xc7 0xxx insns

[Richard Henderson]

From: Peter Maydell <peter.maydell@linaro.org>

In the decode_group9() function, if we don't recognise the insn as
one that we should handle, we leave the 'entry' pointer unaltered.
Because the X86OpEntry struct has a union for the gen and decode
pointers, this means that the top level code will call decode.e.gen()
which tries to use the decode function pointer (still set to
decode_group9) as a gen function pointer.

This is undefined behaviour, but seems to be mostly harmless in
practice (we call decode_group9() again with bogus arguments and it
does nothing).  If you have CFI enabled then it will trip the CFI
check:

../target/i386/tcg/decode-new.c.inc:2862:9: runtime error: control flow integrity check for type 'void (struct DisasContext *, struct X86DecodedInsn *)' failed during indirect function call

Set *entry to UNKNOWN_OPCODE to provoke the #UD exception, as we do
in decode_group1A() and decode_group11() for similar situations.

Thanks to the bug reporter for the clear description and analysis of
the bug and the simple reproducer.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3172
Fixes: fcd16539ebfe2 ("target/i386: convert CMPXCHG8B/CMPXCHG16B to new decoder")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251021173152.1695997-1-peter.maydell@linaro.org>
---
 target/i386/tcg/decode-new.c.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index a50f57dbaa..f4192f1006 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -335,6 +335,8 @@ static void decode_group9(DisasContext *s, CPUX86State *env, X86OpEntry *entry,
         *entry = group9_reg;
     } else if (op == 1) {
         *entry = REX_W(s) ? cmpxchg16b : cmpxchg8b;
+    } else {
+        *entry = UNKNOWN_OPCODE;
     }
 }
 
-- 
2.43.0

Re: [PULL 0/5] misc patch queue

[Richard Henderson]

On 11/10/25 12:10, Richard Henderson wrote:
> The following changes since commit 917ac07f9aef579b9538a81d45f45850aba42906:
> 
>    Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging (2025-11-05 16:07:18 +0100)
> 
> are available in the Git repository at:
> 
>    https://gitlab.com/rth7680/qemu.git tags/pull-misc-20251110
> 
> for you to fetch changes up to 4f503afc7eb503997fedad84f24e2cdf696a7a0e:
> 
>    target/x86: Correctly handle invalid 0x0f 0xc7 0xxx insns (2025-11-10 12:02:45 +0100)
> 
> ----------------------------------------------------------------
> accel/tcg: Trace tb_flush() calls
> accel/tcg: Trace tb_gen_code() buffer overflow
> qapi/parser: Mollify mypy
> tests/functional: Mark another MIPS replay test as flaky
> target/x86: Correctly handle invalid 0x0f 0xc7 0xxx insns
> 

Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/10.2 as appropriate.

r~