[PULL 0/2] Staging patches

[PULL 0/2] Staging patches

[Peter Xu]

The following changes since commit 5a68a3add61208aad34d47134fdcfd3f407d2ce4:

  Update version for v11.0.0-rc0 release (2026-03-18 15:56:51 +0000)

are available in the Git repository at:

  https://gitlab.com/peterx/qemu.git tags/staging-pull-request

for you to fetch changes up to 2a13e310732154f75a02be54e2b32524cc869417:

  hw/display/tcx: Init memory regions in realize (2026-03-19 10:05:18 -0400)

----------------------------------------------------------------
mem pull for 11.0-rc1

Two fixes included:

- Xiaoyao's fix on recent coco guest boot failure
- BALATON's fix on recent sparce device-introspect-test failure

----------------------------------------------------------------

BALATON Zoltan (1):
  hw/display/tcx: Init memory regions in realize

Xiaoyao Li (1):
  memory: Set mr->ram before RAM Block allocation

 hw/display/tcx.c | 24 +++++++++---------------
 system/memory.c  |  8 ++++++--
 2 files changed, 15 insertions(+), 17 deletions(-)

-- 
2.50.1

[PULL 1/2] memory: Set mr->ram before RAM Block allocation

[Peter Xu]

From: Xiaoyao Li <xiaoyao.li@intel.com>

Commit 2fb627ef2f48 ("memory: Factor out common ram region initialization")
introduced a helper function memory_region_set_ram_block(), which causes
mr->ram to be set to true after the RAM Block allocation by
qemu_ram_alloc_*().

It leads to the assertion

  g_assert(memory_region_is_ram(mr));

in memory_region_set_ram_discard_manager() being triggered when creating
RAM Block with the RAM_GUEST_MEMFD flag.

Fix this by restoring the original behavior of setting mr->ram before
RAM Block allocation.

Closes: https://gitlab.com/qemu-project/qemu/-/work_items/3330
Reported-by: Farrah Chen <farrah.chen@intel.com>
Link: https://lore.kernel.org/r/df63fdf0-05ea-4de0-8009-c52703e4b052@amd.com
Reported-by: Kim Phillips <kim.phillips@amd.com>
Fixes: 2fb627ef2f48 ("memory: Factor out common ram region initialization")
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Tested-by: Kim Phillips <kim.phillips@amd.com>
Link: https://lore.kernel.org/r/20260312063420.973637-1-xiaoyao.li@intel.com
Signed-off-by: Peter Xu <peterx@redhat.com>
---
 system/memory.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/system/memory.c b/system/memory.c
index 17a7bcd9af..56f3225b21 100644
--- a/system/memory.c
+++ b/system/memory.c
@@ -1578,7 +1578,6 @@ void memory_region_init_io(MemoryRegion *mr, Object *owner,
 
 static bool memory_region_set_ram_block(MemoryRegion *mr, RAMBlock *rb)
 {
-    mr->ram = true;
     mr->terminates = true;
     mr->destructor = memory_region_destructor_ram;
     mr->ram_block = rb;
@@ -1597,6 +1596,7 @@ bool memory_region_init_ram_flags_nomigrate(MemoryRegion *mr, Object *owner,
     RAMBlock *rb;
 
     memory_region_init(mr, owner, name, size);
+    mr->ram = true;
     rb = qemu_ram_alloc(size, ram_flags, mr, errp);
     return memory_region_set_ram_block(mr, rb);
 }
@@ -1614,6 +1614,7 @@ bool memory_region_init_resizeable_ram(MemoryRegion *mr,
     RAMBlock *rb;
 
     memory_region_init(mr, owner, name, size);
+    mr->ram = true;
     rb = qemu_ram_alloc_resizeable(size, max_size, resized, mr, errp);
     return memory_region_set_ram_block(mr, rb);
 }
@@ -1628,6 +1629,7 @@ bool memory_region_init_ram_from_file(MemoryRegion *mr, Object *owner,
     RAMBlock *rb;
 
     memory_region_init(mr, owner, name, size);
+    mr->ram = true;
     mr->readonly = !!(ram_flags & RAM_READONLY);
     mr->align = align;
     rb = qemu_ram_alloc_from_file(size, mr, ram_flags, path, offset, errp);
@@ -1642,6 +1644,7 @@ bool memory_region_init_ram_from_fd(MemoryRegion *mr, Object *owner,
     RAMBlock *rb;
 
     memory_region_init(mr, owner, name, size);
+    mr->ram = true;
     mr->readonly = !!(ram_flags & RAM_READONLY);
     rb = qemu_ram_alloc_from_fd(size, size, NULL, mr, ram_flags, fd, offset,
                                 false, errp);
@@ -1663,6 +1666,7 @@ void memory_region_init_ram_ptr(MemoryRegion *mr, Object *owner,
                                 void *ptr)
 {
     memory_region_init(mr, owner, name, size);
+    mr->ram = true;
     memory_region_set_ram_ptr(mr, size, ptr);
 }
 
@@ -1671,6 +1675,7 @@ void memory_region_init_ram_device_ptr(MemoryRegion *mr, Object *owner,
                                        void *ptr)
 {
     memory_region_init_io(mr, owner, &ram_device_mem_ops, mr, name, size);
+    mr->ram = true;
     mr->ram_device = true;
     memory_region_set_ram_ptr(mr, size, ptr);
 }
@@ -3699,7 +3704,6 @@ bool memory_region_init_rom_device(MemoryRegion *mr, Object *owner,
     memory_region_init_io(mr, owner, ops, opaque, name, size);
     rb = qemu_ram_alloc(size, 0, mr, errp);
     if (memory_region_set_ram_block(mr, rb)) {
-        mr->ram = false;
         mr->rom_device = true;
         memory_region_register_ram(mr, owner);
         return true;
-- 
2.50.1

[PULL 2/2] hw/display/tcx: Init memory regions in realize

[Peter Xu]

From: BALATON Zoltan <balaton@eik.bme.hu>

Thomas reported test failure:

  $ export QTEST_QEMU_BINARY=./qemu-system-sparc
  $ tests/qtest/device-introspect-test -m thorough
  ...
  # Testing device 'sun-tcx'
  RAMBlock "tcx.prom" already registered, abort!
  Broken pipe
  ../../devel/qemu/tests/qtest/libqtest.c:210: kill_qemu() detected QEMU
  death from signal 6 (Aborted) (core dumped)
  Aborted (core dumped)

Issue is the qom introspect test will create yet another sun-tcx device
causing double register of the memory region.

Fix it by removing the init method and move memory region creation in
realize.

Reported-by: Thomas Huth <thuth@redhat.com>
Link: https://lore.kernel.org/r/3b87e6d9-a027-4dcd-a995-857e16c8b2e6@redhat.com
Fixes: 653c4fa5b0 hw/display/{cg3.tcx}: Do not use memory_region_init_rom_nomigrate
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Link: https://lore.kernel.org/r/20260316130651.5C8735968DE@zero.eik.bme.hu
[peterx: amend commit message, fix tag, add link]
Signed-off-by: Peter Xu <peterx@redhat.com>
---
 hw/display/tcx.c | 24 +++++++++---------------
 1 file changed, 9 insertions(+), 15 deletions(-)

diff --git a/hw/display/tcx.c b/hw/display/tcx.c
index c8a4ac21ca..ea92a48400 100644
--- a/hw/display/tcx.c
+++ b/hw/display/tcx.c
@@ -751,10 +751,15 @@ static const GraphicHwOps tcx24_ops = {
     .gfx_update = tcx24_update_display,
 };
 
-static void tcx_initfn(Object *obj)
+static void tcx_realize(DeviceState *dev, Error **errp)
 {
-    SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
-    TCXState *s = TCX(obj);
+    SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+    TCXState *s = TCX(dev);
+    Object *obj = OBJECT(dev);
+    ram_addr_t vram_offset = 0;
+    int size, ret;
+    uint8_t *vram_base;
+    char *fcode_filename;
 
     memory_region_init_rom(&s->rom, obj, "tcx.prom", FCODE_MAX_ROM_SIZE,
                            &error_fatal);
@@ -804,16 +809,6 @@ static void tcx_initfn(Object *obj)
     memory_region_init_io(&s->alt, obj, &tcx_dummy_ops, s, "tcx.alt",
                           TCX_ALT_NREGS);
     sysbus_init_mmio(sbd, &s->alt);
-}
-
-static void tcx_realizefn(DeviceState *dev, Error **errp)
-{
-    SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
-    TCXState *s = TCX(dev);
-    ram_addr_t vram_offset = 0;
-    int size, ret;
-    uint8_t *vram_base;
-    char *fcode_filename;
 
     memory_region_init_ram(&s->vram_mem, OBJECT(s), "tcx.vram",
                            s->vram_size * (1 + 4 + 4), &error_fatal);
@@ -887,7 +882,7 @@ static void tcx_class_init(ObjectClass *klass, const void *data)
 {
     DeviceClass *dc = DEVICE_CLASS(klass);
 
-    dc->realize = tcx_realizefn;
+    dc->realize = tcx_realize;
     device_class_set_legacy_reset(dc, tcx_reset);
     dc->vmsd = &vmstate_tcx;
     device_class_set_props(dc, tcx_properties);
@@ -897,7 +892,6 @@ static const TypeInfo tcx_info = {
     .name          = TYPE_TCX,
     .parent        = TYPE_SYS_BUS_DEVICE,
     .instance_size = sizeof(TCXState),
-    .instance_init = tcx_initfn,
     .class_init    = tcx_class_init,
 };
 
-- 
2.50.1

Re: [PULL 0/2] Staging patches

[Peter Maydell]

On Thu, 19 Mar 2026 at 14:07, Peter Xu <peterx@redhat.com> wrote:
>
> The following changes since commit 5a68a3add61208aad34d47134fdcfd3f407d2ce4:
>
>   Update version for v11.0.0-rc0 release (2026-03-18 15:56:51 +0000)
>
> are available in the Git repository at:
>
>   https://gitlab.com/peterx/qemu.git tags/staging-pull-request
>
> for you to fetch changes up to 2a13e310732154f75a02be54e2b32524cc869417:
>
>   hw/display/tcx: Init memory regions in realize (2026-03-19 10:05:18 -0400)
>
> ----------------------------------------------------------------
> mem pull for 11.0-rc1
>
> Two fixes included:
>
> - Xiaoyao's fix on recent coco guest boot failure
> - BALATON's fix on recent sparce device-introspect-test failure
>
> ----------------------------------------------------------------
>
> BALATON Zoltan (1):
>   hw/display/tcx: Init memory regions in realize
>
> Xiaoyao Li (1):
>   memory: Set mr->ram before RAM Block allocation



Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/11.0
for any user-visible changes.

-- PMM