[PULL 00/12] For next patches

[PULL 00/12] For next patches

[deller]

From: Helge Deller <deller@gmx.de>

The following changes since commit 900682c57287ea308850af4490339455512e92e7:

  Merge tag 'pull-target-arm-20260306-2' of https://gitlab.com/pm215/qemu into staging (2026-03-06 15:58:24 +0000)

are available in the Git repository at:

  https://github.com/hdeller/qemu-hppa.git tags/for-next-pull-request

for you to fetch changes up to 9e8501ba72d5136ee5e6622f8863ce8ea252c29a:

  linux-user: Improve formatting for mremap() (2026-03-07 22:58:27 +0100)

----------------------------------------------------------------
linux-user and hppa patches

Two patches which prevent memleaks when using Diva PCI
cards on the parisc architecture.
All other patches are for linux-user emulation.

----------------------------------------------------------------

Andreas Schwab (3):
  linux-user: properly check flags in openat2
  linux-user: fix matching ioctl numbers in print_ioctl
  linux-user: fix TIOCGSID ioctl

Bingwu Zhang (4):
  linux-user: Deal with mmap where start > reserved_va
  bsd-user: Deal with mmap where start > reserved_va
  tests/tcg/multiarch/test-mmap: Print more details
  tests/tcg/multiarch/test-mmap: Check mmaps beyond reserved_va

Frank Chang (1):
  linux-user: Check if RESOLVE_CACHED flag is defined before using it

Helge Deller (3):
  hw/hppa: Avoid leaking a diva-gsp device
  hw/char: Drop disable property of Diva GSP card
  linux-user: Improve formatting for mremap()

Jean-Christian CÎRSTEA (1):
  linux-user/strace: fix printing of file offsets

 bsd-user/mmap.c                 |  8 ++++--
 hw/char/diva-gsp.c              |  7 ++---
 hw/hppa/machine.c               | 19 ++++++------
 linux-user/ioctls.h             |  2 +-
 linux-user/mmap.c               |  9 ++++--
 linux-user/strace.c             | 51 +++++++++++++++++++++++----------
 linux-user/strace.list          |  2 +-
 linux-user/syscall.c            |  4 +++
 tests/tcg/multiarch/test-mmap.c | 27 +++++++++++++++--
 9 files changed, 87 insertions(+), 42 deletions(-)

-- 
2.53.0

[PULL 01/12] hw/hppa: Avoid leaking a diva-gsp device

[deller]

From: Helge Deller <deller@gmx.de>

Create a Diva-gsp unconditionally on all 64-bit PCI machines.
The A400 usually comes with a Diva card. The C3700 has a built-in
SUPERIO chip, which we haven't implemented yet, so running with an
emulated Diva is the best we can do for now.

Signed-off-by: Helge Deller <deller@gmx.de>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/hppa/machine.c | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c
index f55e84529f..50ace81528 100644
--- a/hw/hppa/machine.c
+++ b/hw/hppa/machine.c
@@ -380,18 +380,15 @@ static void machine_HP_common_init_tail(MachineState *machine, PCIBus *pci_bus,
 
     if (pci_bus && hppa_is_pa20(&cpu[0]->env)) {
         /* BMC board: HP Diva GSP PCI card */
-        dev = qdev_new("diva-gsp");
-        if (dev && !object_property_get_bool(OBJECT(dev), "disable", NULL)) {
-            pci_dev = pci_new_multifunction(PCI_DEVFN(2, 0), "diva-gsp");
-            if (!lasi_dev) {
-                /* bind default keyboard/serial to Diva card */
-                qdev_prop_set_chr(DEVICE(pci_dev), "chardev1", serial_hd(0));
-                qdev_prop_set_chr(DEVICE(pci_dev), "chardev2", serial_hd(1));
-                qdev_prop_set_chr(DEVICE(pci_dev), "chardev3", serial_hd(2));
-                qdev_prop_set_chr(DEVICE(pci_dev), "chardev4", serial_hd(3));
-            }
-            pci_realize_and_unref(pci_dev, pci_bus, &error_fatal);
+        pci_dev = pci_new_multifunction(PCI_DEVFN(2, 0), "diva-gsp");
+        if (!lasi_dev) {
+            /* bind default keyboard/serial to Diva card */
+            qdev_prop_set_chr(DEVICE(pci_dev), "chardev1", serial_hd(0));
+            qdev_prop_set_chr(DEVICE(pci_dev), "chardev2", serial_hd(1));
+            qdev_prop_set_chr(DEVICE(pci_dev), "chardev3", serial_hd(2));
+            qdev_prop_set_chr(DEVICE(pci_dev), "chardev4", serial_hd(3));
         }
+        pci_realize_and_unref(pci_dev, pci_bus, &error_fatal);
     }
 
     /* create USB OHCI controller for USB keyboard & mouse on Astro machines */
-- 
2.53.0

[PULL 02/12] hw/char: Drop disable property of Diva GSP card

[deller]

From: Helge Deller <deller@gmx.de>

The "disable" property is not used, so drop it.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 hw/char/diva-gsp.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/hw/char/diva-gsp.c b/hw/char/diva-gsp.c
index 280d0413c6..2be5183216 100644
--- a/hw/char/diva-gsp.c
+++ b/hw/char/diva-gsp.c
@@ -51,7 +51,6 @@ typedef struct PCIDivaSerialState {
     SerialState  state[PCI_SERIAL_MAX_PORTS];
     uint32_t     level[PCI_SERIAL_MAX_PORTS];
     qemu_irq     *irqs;
-    bool         disable;
 } PCIDivaSerialState;
 
 static void diva_pci_exit(PCIDevice *dev)
@@ -159,20 +158,18 @@ static void diva_pci_realize(PCIDevice *dev, Error **errp)
 
 static const VMStateDescription vmstate_pci_diva = {
     .name = "pci-diva-serial",
-    .version_id = 1,
-    .minimum_version_id = 1,
+    .version_id = 2,
+    .minimum_version_id = 2,
     .fields = (const VMStateField[]) {
         VMSTATE_PCI_DEVICE(dev, PCIDivaSerialState),
         VMSTATE_STRUCT_ARRAY(state, PCIDivaSerialState, PCI_SERIAL_MAX_PORTS,
                              0, vmstate_serial, SerialState),
         VMSTATE_UINT32_ARRAY(level, PCIDivaSerialState, PCI_SERIAL_MAX_PORTS),
-        VMSTATE_BOOL(disable, PCIDivaSerialState),
         VMSTATE_END_OF_LIST()
     }
 };
 
 static const Property diva_serial_properties[] = {
-    DEFINE_PROP_BOOL("disable",  PCIDivaSerialState, disable, false),
     DEFINE_PROP_CHR("chardev1",  PCIDivaSerialState, state[0].chr),
     DEFINE_PROP_CHR("chardev2",  PCIDivaSerialState, state[1].chr),
     DEFINE_PROP_CHR("chardev3",  PCIDivaSerialState, state[2].chr),
-- 
2.53.0

[PULL 03/12] linux-user/strace: fix printing of file offsets

[deller]

From: Jean-Christian CÎRSTEA <jean.christian.cirstea@gmail.com>

Previously, 64-bit file offsets (loff_t) were printed using `print_raw_param()`
function, which led to silent truncation of the upper part. This commit fixes
this issue by adding two helper functions:

1. print_file_offset32(): prints 32-bit file offsets (off_t)
2. print_file_offset64(): prints 64-bit file offsets (loff_t)

Changelog v2:

1. Make `print_file_offset32()` static.
2. Use `last` parameter in `print_file_offset32()`.
3. Rename `low` and `high` parameters of `print_file_offset64()` to `word0`,
`word1` respectively
4. Convert `last` to bool for `print_file_offset[32,64]()`
5. Use `PRId64` instead of `PRIu64` for `print_file_offset64()`
6. Fix `print__llseek()`

Signed-off-by: Jean-Christian CÎRSTEA <jean.christian.cirstea@gmail.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 linux-user/strace.c | 43 +++++++++++++++++++++++++++++++------------
 1 file changed, 31 insertions(+), 12 deletions(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index ca67cfd09d..d253b522bf 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -85,6 +85,10 @@ UNUSED static void print_enums(const struct enums *, abi_long, int);
 UNUSED static void print_at_dirfd(abi_long, int);
 UNUSED static void print_file_mode(abi_long, int);
 UNUSED static void print_open_flags(abi_long, int);
+UNUSED static void print_file_offset32(abi_long offset, bool last);
+UNUSED static void print_file_offset64(abi_long word0,
+                                       abi_long word1,
+                                       bool last);
 UNUSED static void print_syscall_prologue(const struct syscallname *);
 UNUSED static void print_syscall_epilogue(const struct syscallname *);
 UNUSED static void print_string(abi_long, int);
@@ -1664,6 +1668,20 @@ print_open_flags(abi_long flags, int last)
     print_flags(open_flags, flags, last);
 }
 
+/* Prints 32-bit file offset (off_t) */
+static void
+print_file_offset32(abi_long offset, bool last)
+{
+    print_raw_param(TARGET_ABI_FMT_ld, offset, last);
+}
+
+/* Prints 64-bit file offset (loff_t) */
+static void
+print_file_offset64(abi_long word0, abi_long word1, bool last)
+{
+    print_raw_param64("%" PRId64, target_offset64(word0, word1), last);
+}
+
 static void
 print_syscall_prologue(const struct syscallname *sc)
 {
@@ -2256,11 +2274,13 @@ print_fallocate(CPUArchState *cpu_env, const struct syscallname *name,
     print_raw_param("%d", arg0, 0);
     print_flags(falloc_flags, arg1, 0);
 #if TARGET_ABI_BITS == 32
-    print_raw_param("%" PRIu64, target_offset64(arg2, arg3), 0);
-    print_raw_param("%" PRIu64, target_offset64(arg4, arg5), 1);
+    /* On 32-bit targets, two registers are used for `loff_t` */
+    print_file_offset64(arg2, arg3, false);
+    print_file_offset64(arg4, arg5, true);
 #else
-    print_raw_param(TARGET_ABI_FMT_ld, arg2, 0);
-    print_raw_param(TARGET_ABI_FMT_ld, arg3, 1);
+    /* On 64-bit targets, one register is used for `loff_t` */
+    print_file_offset64(arg2, 0, false);
+    print_file_offset64(arg3, 0, true);
 #endif
     print_syscall_epilogue(name);
 }
@@ -2666,8 +2686,7 @@ print__llseek(CPUArchState *cpu_env, const struct syscallname *name,
     const char *whence = "UNKNOWN";
     print_syscall_prologue(name);
     print_raw_param("%d", arg0, 0);
-    print_raw_param("%ld", arg1, 0);
-    print_raw_param("%ld", arg2, 0);
+    print_file_offset64(arg1, arg2, false);
     print_pointer(arg3, 0);
     switch(arg4) {
     case SEEK_SET: whence = "SEEK_SET"; break;
@@ -2688,7 +2707,7 @@ print_lseek(CPUArchState *cpu_env, const struct syscallname *name,
 {
     print_syscall_prologue(name);
     print_raw_param("%d", arg0, 0);
-    print_raw_param(TARGET_ABI_FMT_ld, arg1, 0);
+    print_file_offset32(arg1, false);
     switch (arg2) {
     case SEEK_SET:
         qemu_log("SEEK_SET"); break;
@@ -2719,7 +2738,7 @@ print_truncate(CPUArchState *cpu_env, const struct syscallname *name,
 {
     print_syscall_prologue(name);
     print_string(arg0, 0);
-    print_raw_param(TARGET_ABI_FMT_ld, arg1, 1);
+    print_file_offset32(arg1, true);
     print_syscall_epilogue(name);
 }
 #endif
@@ -2736,7 +2755,7 @@ print_truncate64(CPUArchState *cpu_env, const struct syscallname *name,
         arg1 = arg2;
         arg2 = arg3;
     }
-    print_raw_param("%" PRIu64, target_offset64(arg1, arg2), 1);
+    print_file_offset64(arg1, arg2, true);
     print_syscall_epilogue(name);
 }
 #endif
@@ -2753,7 +2772,7 @@ print_ftruncate64(CPUArchState *cpu_env, const struct syscallname *name,
         arg1 = arg2;
         arg2 = arg3;
     }
-    print_raw_param("%" PRIu64, target_offset64(arg1, arg2), 1);
+    print_file_offset64(arg1, arg2, true);
     print_syscall_epilogue(name);
 }
 #endif
@@ -3308,7 +3327,7 @@ print_stat(CPUArchState *cpu_env, const struct syscallname *name,
     print_syscall_epilogue(name);
 }
 #define print_lstat     print_stat
-#define print_stat64	print_stat
+#define print_stat64    print_stat
 #define print_lstat64   print_stat
 #endif
 
@@ -4302,7 +4321,7 @@ print_pread64(CPUArchState *cpu_env, const struct syscallname *name,
     print_raw_param("%d", arg0, 0);
     print_pointer(arg1, 0);
     print_raw_param("%d", arg2, 0);
-    print_raw_param("%" PRIu64, target_offset64(arg3, arg4), 1);
+    print_file_offset64(arg3, arg4, true);
     print_syscall_epilogue(name);
 }
 #endif
-- 
2.53.0

[PULL 04/12] linux-user: properly check flags in openat2

[deller]

From: Andreas Schwab <schwab@suse.de>

target_to_host_bitmask truncates the bitmask to int.  Check that the upper
half of the flags do not have any bits set.

Signed-off-by: Andreas Schwab <schwab@suse.de>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 linux-user/syscall.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 99e1ed97d9..064bc604c9 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8831,6 +8831,10 @@ static int do_openat2(CPUArchState *cpu_env, abi_long dirfd,
         }
         return ret;
     }
+    if (tswap64(how.flags) >> 32) {
+        return -TARGET_EINVAL;
+    }
+
     pathname = lock_user_string(guest_pathname);
     if (!pathname) {
         return -TARGET_EFAULT;
-- 
2.53.0

[PULL 05/12] linux-user: Check if RESOLVE_CACHED flag is defined before using it

[deller]

From: Frank Chang <frank.chang@sifive.com>

openat2.h was introduced in Linux kernel 5.6. However, RESOLVE_CACHED
flag was only added in kernel 5.12 and later. Therefore, we need to check
if RESOLVE_CACHED flag is defined before using it.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 linux-user/strace.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index d253b522bf..02d610a7f8 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -1129,7 +1129,9 @@ UNUSED static const struct flags openat2_resolve_flags[] = {
     FLAG_GENERIC(RESOLVE_NO_SYMLINKS),
     FLAG_GENERIC(RESOLVE_BENEATH),
     FLAG_GENERIC(RESOLVE_IN_ROOT),
+#ifdef RESOLVE_CACHED
     FLAG_GENERIC(RESOLVE_CACHED),
+#endif
 #endif
     FLAG_END,
 };
-- 
2.53.0

[PULL 06/12] linux-user: fix matching ioctl numbers in print_ioctl

[deller]

From: Andreas Schwab <schwab@suse.de>

target_cmd in struct IOCTLEntry is a signed int.  Make sure the ioctl cmd
argument in the syscall is converted to int when matching, so that it
works correctly with an ioctl cmd that has bit 31 set.

Signed-off-by: Andreas Schwab <schwab@suse.de>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 linux-user/strace.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index 02d610a7f8..2cbaf94c89 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -1021,12 +1021,12 @@ print_syscall_ret_ioctl(CPUArchState *cpu_env, const struct syscallname *name,
         int target_size;
 
         for (ie = ioctl_entries; ie->target_cmd != 0; ie++) {
-            if (ie->target_cmd == arg1) {
+            if (ie->target_cmd == (int)arg1) {
                 break;
             }
         }
 
-        if (ie->target_cmd == arg1 &&
+        if (ie->target_cmd == (int)arg1 &&
            (ie->access == IOC_R || ie->access == IOC_RW)) {
             arg_type = ie->arg_type;
             qemu_log(" (");
@@ -4359,7 +4359,7 @@ print_ioctl(CPUArchState *cpu_env, const struct syscallname *name,
     int target_size;
 
     for (ie = ioctl_entries; ie->target_cmd != 0; ie++) {
-        if (ie->target_cmd == arg1) {
+        if (ie->target_cmd == (int)arg1) {
             break;
         }
     }
-- 
2.53.0

[PULL 07/12] linux-user: fix TIOCGSID ioctl

[deller]

From: Andreas Schwab <schwab@suse.de>

TIOCGSID is IOC_R, not IOC_W.

Signed-off-by: Andreas Schwab <schwab@suse.de>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 linux-user/ioctls.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index 6ecfe6306e..5b7d00e92f 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -26,7 +26,7 @@
      IOCTL(TIOCSCTTY, 0, TYPE_INT)
      IOCTL(TIOCGPGRP, IOC_R, MK_PTR(TYPE_INT))
      IOCTL(TIOCSPGRP, IOC_W, MK_PTR(TYPE_INT))
-     IOCTL(TIOCGSID, IOC_W, MK_PTR(TYPE_INT))
+     IOCTL(TIOCGSID, IOC_R, MK_PTR(TYPE_INT))
      IOCTL(TIOCOUTQ, IOC_R, MK_PTR(TYPE_INT))
      IOCTL(TIOCSTI, IOC_W, MK_PTR(TYPE_INT))
      IOCTL(TIOCMGET, IOC_R, MK_PTR(TYPE_INT))
-- 
2.53.0

[PULL 08/12] linux-user: Deal with mmap where start > reserved_va

[deller]

From: Bingwu Zhang <xtex@astrafall.org>

Fixes: 4c13048e02d9 ("linux-user: Use page_find_range_empty for mmap_find_vma_reserved")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3310
Signed-off-by: Bingwu Zhang <xtex@astrafall.org>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 linux-user/mmap.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 07175e11d5..76978a56a8 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -423,12 +423,15 @@ abi_ulong mmap_next_start;
 static abi_ulong mmap_find_vma_reserved(abi_ulong start, abi_ulong size,
                                         abi_ulong align)
 {
-    target_ulong ret;
+    target_ulong ret = -1;
 
-    ret = page_find_range_empty(start, reserved_va, size, align);
+    if (start <= reserved_va) {
+        ret = page_find_range_empty(start, reserved_va, size, align);
+    }
     if (ret == -1 && start > mmap_min_addr) {
         /* Restart at the beginning of the address space. */
-        ret = page_find_range_empty(mmap_min_addr, start - 1, size, align);
+        ret = page_find_range_empty(mmap_min_addr, MIN(start - 1, reserved_va),
+                                    size, align);
     }
 
     return ret;
-- 
2.53.0

[PULL 09/12] bsd-user: Deal with mmap where start > reserved_va

[deller]

From: Bingwu Zhang <xtex@astrafall.org>

Fixes: f12294b5bd21 ("bsd-user: Use page_find_range_empty for mmap_find_vma_reserved")
Signed-off-by: Bingwu Zhang <xtex@astrafall.org>
Reviewed-by: Helge Deller <deller@gmx.de>
Reviewed-by: Warner Losh <imp@bsdimp.com>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 bsd-user/mmap.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
index 24ba1728eb..fe77eceb48 100644
--- a/bsd-user/mmap.c
+++ b/bsd-user/mmap.c
@@ -258,12 +258,14 @@ abi_ulong mmap_next_start = TASK_UNMAPPED_BASE;
 static abi_ulong mmap_find_vma_reserved(abi_ulong start, abi_ulong size,
                                         abi_ulong alignment)
 {
-    abi_ulong ret;
+    abi_ulong ret = -1;
 
-    ret = page_find_range_empty(start, reserved_va, size, alignment);
+    if (start <= reserved_va) {
+        ret = page_find_range_empty(start, reserved_va, size, alignment);
+    }
     if (ret == -1 && start > TARGET_PAGE_SIZE) {
         /* Restart at the beginning of the address space. */
-        ret = page_find_range_empty(TARGET_PAGE_SIZE, start - 1,
+        ret = page_find_range_empty(TARGET_PAGE_SIZE, MIN(start - 1, reserved_va),
                                     size, alignment);
     }
 
-- 
2.53.0

[PULL 10/12] tests/tcg/multiarch/test-mmap: Print more details

[deller]

From: Bingwu Zhang <xtex@astrafall.org>

Useful for debugging

Signed-off-by: Bingwu Zhang <xtex@astrafall.org>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 tests/tcg/multiarch/test-mmap.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/tests/tcg/multiarch/test-mmap.c b/tests/tcg/multiarch/test-mmap.c
index e297f4b1e9..88f7a04101 100644
--- a/tests/tcg/multiarch/test-mmap.c
+++ b/tests/tcg/multiarch/test-mmap.c
@@ -442,19 +442,19 @@ void check_invalid_mmaps(void)
 
     /* Attempt to map a zero length page.  */
     addr = mmap(NULL, 0, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
-    fprintf(stdout, "%s addr=%p", __func__, (void *)addr);
+    fprintf(stdout, "%s addr=%p errno=%d\n", __func__, (void *)addr, errno);
     fail_unless(addr == MAP_FAILED);
     fail_unless(errno == EINVAL);
 
     /* Attempt to map a over length page.  */
     addr = mmap(NULL, -4, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
-    fprintf(stdout, "%s addr=%p", __func__, (void *)addr);
+    fprintf(stdout, "%s addr=%p errno=%d\n", __func__, (void *)addr, errno);
     fail_unless(addr == MAP_FAILED);
     fail_unless(errno == ENOMEM);
 
     /* Attempt to remap a region which exceeds the bounds of memory. */
     addr = mremap((void *)((uintptr_t)pagesize * 10), SIZE_MAX & ~(size_t)pagemask, pagesize, 0);
-    fprintf(stdout, "%s mremap addr=%p", __func__, (void *)addr);
+    fprintf(stdout, "%s mremap addr=%p errno=%d\n", __func__, (void *)addr, errno);
     fail_unless(addr == MAP_FAILED);
     fail_unless(errno == EFAULT);
 
@@ -465,8 +465,11 @@ void check_shrink_mmaps(void)
 {
     unsigned char *a, *b, *c;
     a = mmap(NULL, pagesize * 2, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+    fprintf(stdout, "%s addr=%p errno=%d\n", __func__, (void *)a, errno);
     b = mmap(NULL, pagesize * 2, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+    fprintf(stdout, "%s addr=%p errno=%d\n", __func__, (void *)b, errno);
     c = mmap(NULL, pagesize * 2, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+    fprintf(stdout, "%s addr=%p errno=%d\n", __func__, (void *)c, errno);
 
     fail_unless(a != MAP_FAILED);
     fail_unless(b != MAP_FAILED);
@@ -479,6 +482,7 @@ void check_shrink_mmaps(void)
 
     /* Shrink the middle mapping in-place; the others should be unaffected */
     b = mremap(b, pagesize * 2, pagesize, 0);
+    fprintf(stdout, "%s mremap addr=%p errno=%d\n", __func__, (void *)b, errno);
     fail_unless(b != MAP_FAILED);
 
     /* Ensure we can still access all valid mappings */
@@ -489,6 +493,8 @@ void check_shrink_mmaps(void)
     munmap(a, 2 * pagesize);
     munmap(b, pagesize);
     munmap(c, 2 * pagesize);
+
+    fprintf(stdout, " passed\n");
 }
 
 int main(int argc, char **argv)
-- 
2.53.0

[PULL 11/12] tests/tcg/multiarch/test-mmap: Check mmaps beyond reserved_va

[deller]

From: Bingwu Zhang <xtex@astrafall.org>

Unfixed mmap calls where start > reserved_va or the max guest addr
should have a valid result.

Signed-off-by: Bingwu Zhang <xtex@astrafall.org>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 tests/tcg/multiarch/test-mmap.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tests/tcg/multiarch/test-mmap.c b/tests/tcg/multiarch/test-mmap.c
index 88f7a04101..2bfa529127 100644
--- a/tests/tcg/multiarch/test-mmap.c
+++ b/tests/tcg/multiarch/test-mmap.c
@@ -497,6 +497,20 @@ void check_shrink_mmaps(void)
     fprintf(stdout, " passed\n");
 }
 
+void check_mmaps_beyond_addr_space(void)
+{
+    unsigned char *addr;
+    addr = mmap((void *)(-(unsigned long)pagesize * 10), pagesize * 2,
+                PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+    fprintf(stdout, "%s addr=%p errno=%d", __func__, (void *)addr, errno);
+    fail_unless(addr != MAP_FAILED);
+
+    memcpy(dummybuf, addr, 2 * pagesize);
+    munmap(addr, 2 * pagesize);
+
+    fprintf(stdout, " passed\n");
+}
+
 int main(int argc, char **argv)
 {
 	char tempname[] = "/tmp/.cmmapXXXXXX";
@@ -540,6 +554,7 @@ int main(int argc, char **argv)
 	check_file_unfixed_eof_mmaps();
 	check_invalid_mmaps();
     check_shrink_mmaps();
+    check_mmaps_beyond_addr_space();
 
 	/* Fails at the moment.  */
 	/* check_aligned_anonymous_fixed_mmaps_collide_with_host(); */
-- 
2.53.0

[PULL 12/12] linux-user: Improve formatting for mremap()

[deller]

From: Helge Deller <deller@gmx.de>

Improve slightly the strace output for mremap().
Print the old_address and new_address as hex values, old_size and
new_size as unsigned, and the flags as integer.

Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
 linux-user/strace.list | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/strace.list b/linux-user/strace.list
index 51b5ead969..35f001fecd 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -641,7 +641,7 @@
 { TARGET_NR_mq_unlink, "mq_unlink" , NULL, print_mq_unlink, NULL },
 #endif
 #ifdef TARGET_NR_mremap
-{ TARGET_NR_mremap, "mremap" , NULL, NULL, NULL },
+{ TARGET_NR_mremap, "mremap" , "%s(%#x,%u,%u,%d,%#x)", NULL, NULL },
 #endif
 #ifdef TARGET_NR_msgctl
 { TARGET_NR_msgctl, "msgctl" , NULL, NULL, NULL },
-- 
2.53.0

Re: [PULL 00/12] For next patches

[Helge Deller]

On 3/8/26 18:29, deller@kernel.org wrote:
> From: Helge Deller <deller@gmx.de>
> 
> The following changes since commit 900682c57287ea308850af4490339455512e92e7:
> 
>    Merge tag 'pull-target-arm-20260306-2' of https://gitlab.com/pm215/qemu into staging (2026-03-06 15:58:24 +0000)
> 
> are available in the Git repository at:
> 
>    https://github.com/hdeller/qemu-hppa.git tags/for-next-pull-request
> 
> for you to fetch changes up to 9e8501ba72d5136ee5e6622f8863ce8ea252c29a:
> 
>    linux-user: Improve formatting for mremap() (2026-03-07 22:58:27 +0100)
> 
> ----------------------------------------------------------------
> linux-user and hppa patches
> 
> Two patches which prevent memleaks when using Diva PCI
> cards on the parisc architecture.
> All other patches are for linux-user emulation.

Please ignore this pull request.

The two patches for Diva cards have already been merged via the "misc-hw" pull request.
I'll send a new pull request, which will include the "linux-user" patches only.

Helge

Re: [PULL 00/12] For next patches

[Philippe Mathieu-Daudé]

On 9/3/26 14:44, Helge Deller wrote:
> On 3/8/26 18:29, deller@kernel.org wrote:
>> From: Helge Deller <deller@gmx.de>
>>
>> The following changes since commit 
>> 900682c57287ea308850af4490339455512e92e7:
>>
>>    Merge tag 'pull-target-arm-20260306-2' of https://gitlab.com/pm215/ 
>> qemu into staging (2026-03-06 15:58:24 +0000)
>>
>> are available in the Git repository at:
>>
>>    https://github.com/hdeller/qemu-hppa.git tags/for-next-pull-request
>>
>> for you to fetch changes up to 9e8501ba72d5136ee5e6622f8863ce8ea252c29a:
>>
>>    linux-user: Improve formatting for mremap() (2026-03-07 22:58:27 
>> +0100)
>>
>> ----------------------------------------------------------------
>> linux-user and hppa patches
>>
>> Two patches which prevent memleaks when using Diva PCI
>> cards on the parisc architecture.
>> All other patches are for linux-user emulation.
> 
> Please ignore this pull request.
> 
> The two patches for Diva cards have already been merged via the "misc- 
> hw" pull request.

My bad, I didn't noticed your PR while I was preparing mine.

> I'll send a new pull request, which will include the "linux-user" 
> patches only.

No need, git-merge should figure the commits are identical and proceed
as usual.

Re: [PULL 00/12] For next patches

[Helge Deller]

On 3/9/26 14:51, Philippe Mathieu-Daudé wrote:
> On 9/3/26 14:44, Helge Deller wrote:
>> On 3/8/26 18:29, deller@kernel.org wrote:
>>> From: Helge Deller <deller@gmx.de>
>>>
>>> The following changes since commit 900682c57287ea308850af4490339455512e92e7:
>>>
>>>    Merge tag 'pull-target-arm-20260306-2' of https://gitlab.com/pm215/ qemu into staging (2026-03-06 15:58:24 +0000)
>>>
>>> are available in the Git repository at:
>>>
>>>    https://github.com/hdeller/qemu-hppa.git tags/for-next-pull-request
>>>
>>> for you to fetch changes up to 9e8501ba72d5136ee5e6622f8863ce8ea252c29a:
>>>
>>>    linux-user: Improve formatting for mremap() (2026-03-07 22:58:27 +0100)
>>>
>>> ----------------------------------------------------------------
>>> linux-user and hppa patches
>>>
>>> Two patches which prevent memleaks when using Diva PCI
>>> cards on the parisc architecture.
>>> All other patches are for linux-user emulation.
>>
>> Please ignore this pull request.
>>
>> The two patches for Diva cards have already been merged via the "misc- hw" pull request.
> 
> My bad, I didn't noticed your PR while I was preparing mine.

That's ok. Thanks for including the other hppa CPU patches as well!
  
>> I'll send a new pull request, which will include the "linux-user" patches only.
> 
> No need, git-merge should figure the commits are identical and proceed
> as usual.

Ah, I didn't know, so I just sent out the second pull request before reading
your answer. Anyway, both are now out and both should work then :-)

Helge