* [PULL 00/41] QOM, target/i386 patches for 2026-02-12
@ 2026-02-12 14:42 Paolo Bonzini
2026-02-12 14:42 ` [PULL 01/41] target/i386: convert SEV-ES termination requests to guest panic events Paolo Bonzini
` (41 more replies)
0 siblings, 42 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
The following changes since commit cd5a79dc98e3087e7658e643bdbbb0baec77ac8a:
Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging (2026-02-05 13:54:50 +0000)
are available in the Git repository at:
https://gitlab.com/bonzini/qemu.git tags/for-upstream
for you to fetch changes up to 28a29efe4342055b4631de96ba71fd577ae83e07:
target/i386/mshv: remove unused optimization of gva=>gpa translation (2026-02-10 14:41:08 +0100)
----------------------------------------------------------------
* hw/i386: Remove deprecated PC 2.6 and 2.7 machines
* i386/cpu: Fix incorrect initializer in Diamond Rapids definition
* qom: Clean up property release
* target/i386/kvm: set KVM_PMU_CAP_DISABLE if "-pmu" is configured
* target/i386/kvm: reset AMD and perfmon-v2 PMU registers during VM reset
* mshv: Cleanup
* target/i386: convert SEV-ES termination requests to guest panic events
----------------------------------------------------------------
Aidan Khoury (1):
i386/cpu: Fix incorrect initializer in Diamond Rapids definition
Chandan Somani (1):
qdev: Free property array on release
Dongli Zhang (5):
target/i386/kvm: set KVM_PMU_CAP_DISABLE if "-pmu" is configured
target/i386/kvm: extract unrelated code out of kvm_x86_build_cpuid()
target/i386/kvm: rename architectural PMU variables
target/i386/kvm: reset AMD PMU registers during VM reset
target/i386/kvm: support perfmon-v2 for reset
Igor Mammedov (1):
tests/acpi: Allow DSDT table change for x86 machines
Magnus Kulke (2):
accel/mshv: Remove remap overlapping mappings code
target/i386/mshv: remove unused optimization of gva=>gpa translation
Marc-André Lureau (4):
qdev: make release_string() idempotent
qdev: make release_drive() idempotent
qdev: make release_tpm() idempotent
tests: add /qdev/free-properties test
Paolo Bonzini (1):
target/i386: convert SEV-ES termination requests to guest panic events
Philippe Mathieu-Daudé (22):
hw/i386/pc: Remove deprecated pc-q35-2.6 and pc-i440fx-2.6 machines
hw/i386/pc: Remove PCMachineClass::legacy_cpu_hotplug field
hw/nvram/fw_cfg: Rename fw_cfg_init_mem() with '_nodma' suffix
hw/mips/loongson3_virt: Prefer using fw_cfg_init_mem_nodma()
hw/nvram/fw_cfg: Factor fw_cfg_init_mem_internal() out
hw/nvram/fw_cfg: Rename fw_cfg_init_mem_wide() -> fw_cfg_init_mem_dma()
hw/i386/x86: Remove X86MachineClass::fwcfg_dma_enabled field
hw/i386/pc: Remove multiboot.bin
hw/i386: Assume fw_cfg DMA is always enabled
hw/i386: Remove linuxboot.bin
hw/i386/pc: Remove pc_compat_2_6[] array
hw/intc/apic: Remove APICCommonState::legacy_instance_id field
hw/core/machine: Remove hw_compat_2_6[] array
hw/virtio/virtio-mmio: Remove VirtIOMMIOProxy::format_transport_address field
hw/i386/pc: Remove deprecated pc-q35-2.7 and pc-i440fx-2.7 machines
hw/i386/pc: Remove pc_compat_2_7[] array
target/i386/cpu: Remove CPUX86State::full_cpuid_auto_level field
hw/audio/pcspk: Remove PCSpkState::migrate field
hw/core/machine: Remove hw_compat_2_7[] array
hw/i386/intel_iommu: Remove IntelIOMMUState::buggy_eim field
hw/virtio/virtio-pci: Remove VirtIOPCIProxy::ignore_backend_features field
hw/char/virtio-serial: Do not expose the 'emergency-write' property
Zhao Liu (4):
pc: Start with modern CPU hotplug interface by default
acpi: Remove legacy cpu hotplug utilities
docs/specs/acpi_cpu_hotplug: Remove legacy cpu hotplug descriptions
tests/acpi: Update DSDT tables for pc & q35 machines
docs/specs/acpi_cpu_hotplug.rst | 28 +-
qapi/run-state.json | 23 +-
include/hw/acpi/cpu.h | 1 -
include/hw/acpi/ich9.h | 4 +-
include/hw/acpi/piix4.h | 4 +-
include/hw/core/boards.h | 6 -
include/hw/i386/apic_internal.h | 1 -
include/hw/i386/intel_iommu.h | 1 -
include/hw/i386/pc.h | 9 -
include/hw/i386/x86.h | 2 -
include/hw/nvram/fw_cfg.h | 9 +-
include/hw/virtio/virtio-mmio.h | 1 -
include/hw/virtio/virtio-pci.h | 1 -
include/hw/virtio/virtio-serial.h | 2 -
include/system/mshv_int.h | 22 +-
pc-bios/optionrom/optionrom.h | 4 -
target/i386/cpu.h | 19 +-
accel/kvm/kvm-all.c | 1 +
accel/mshv/mem.c | 406 ++--------------------
accel/mshv/mshv-all.c | 2 -
backends/tpm/tpm_util.c | 1 +
block/accounting.c | 1 -
hw/acpi/acpi-cpu-hotplug-stub.c | 19 +-
hw/acpi/cpu.c | 10 -
hw/acpi/cpu_hotplug.c | 348 -------------------
hw/acpi/generic_event_device.c | 1 +
hw/acpi/ich9.c | 61 +---
hw/acpi/piix4.c | 61 +---
hw/arm/virt.c | 2 +-
hw/audio/pcspk.c | 10 -
hw/char/virtio-serial-bus.c | 9 +-
hw/core/machine.c | 17 -
hw/core/qdev-properties-system.c | 1 +
hw/core/qdev-properties.c | 24 +-
hw/hppa/machine.c | 2 +-
hw/i386/acpi-build.c | 7 +-
hw/i386/fw_cfg.c | 16 +-
hw/i386/intel_iommu.c | 5 +-
hw/i386/microvm.c | 3 -
hw/i386/multiboot.c | 7 +-
hw/i386/pc.c | 25 +-
hw/i386/pc_piix.c | 23 --
hw/i386/pc_q35.c | 24 --
hw/i386/x86-common.c | 8 +-
hw/i386/x86.c | 2 -
hw/input/stellaris_gamepad.c | 8 -
hw/intc/apic_common.c | 5 -
hw/intc/arm_gicv3_common.c | 8 -
hw/intc/rx_icu.c | 8 -
hw/loongarch/fw_cfg.c | 4 +-
hw/loongarch/virt-acpi-build.c | 1 -
hw/mips/loongson3_virt.c | 2 +-
hw/misc/arm_sysctl.c | 2 -
hw/misc/mps2-scc.c | 8 -
hw/net/rocker/rocker.c | 1 -
hw/nvram/fw_cfg.c | 22 +-
hw/nvram/xlnx-efuse.c | 8 -
hw/nvram/xlnx-versal-efuse-ctrl.c | 8 -
hw/riscv/virt.c | 4 +-
hw/virtio/virtio-iommu-pci.c | 8 -
hw/virtio/virtio-mmio.c | 15 -
hw/virtio/virtio-pci.c | 5 +-
system/runstate.c | 4 +
target/i386/cpu-system.c | 22 ++
target/i386/cpu.c | 119 ++++---
target/i386/kvm/kvm.c | 314 ++++++++++++++---
target/i386/mshv/mshv-cpu.c | 63 +---
tests/qtest/test-x86-cpuid-compat.c | 11 -
tests/unit/test-qdev.c | 96 +++++
accel/mshv/trace-events | 5 -
hw/acpi/meson.build | 2 +-
pc-bios/meson.build | 2 -
pc-bios/multiboot.bin | Bin 1024 -> 0 bytes
pc-bios/optionrom/Makefile | 2 +-
pc-bios/optionrom/linuxboot.S | 195 -----------
pc-bios/optionrom/multiboot.S | 232 -------------
pc-bios/optionrom/multiboot_dma.S | 234 ++++++++++++-
roms/seabios-hppa | 2 +-
tests/data/acpi/x86/pc/DSDT | Bin 8611 -> 8598 bytes
tests/data/acpi/x86/pc/DSDT.acpierst | Bin 8522 -> 8509 bytes
tests/data/acpi/x86/pc/DSDT.acpihmat | Bin 9936 -> 9923 bytes
tests/data/acpi/x86/pc/DSDT.bridge | Bin 15482 -> 15469 bytes
tests/data/acpi/x86/pc/DSDT.cphp | Bin 9075 -> 9062 bytes
tests/data/acpi/x86/pc/DSDT.dimmpxm | Bin 10265 -> 10252 bytes
tests/data/acpi/x86/pc/DSDT.hpbridge | Bin 8562 -> 8549 bytes
tests/data/acpi/x86/pc/DSDT.hpbrroot | Bin 5100 -> 5087 bytes
tests/data/acpi/x86/pc/DSDT.ipmikcs | Bin 8683 -> 8670 bytes
tests/data/acpi/x86/pc/DSDT.memhp | Bin 9970 -> 9957 bytes
tests/data/acpi/x86/pc/DSDT.nohpet | Bin 8469 -> 8456 bytes
tests/data/acpi/x86/pc/DSDT.numamem | Bin 8617 -> 8604 bytes
tests/data/acpi/x86/pc/DSDT.roothp | Bin 12404 -> 12391 bytes
tests/data/acpi/x86/q35/DSDT | Bin 8440 -> 8427 bytes
tests/data/acpi/x86/q35/DSDT.acpierst | Bin 8457 -> 8444 bytes
tests/data/acpi/x86/q35/DSDT.acpihmat | Bin 9765 -> 9752 bytes
tests/data/acpi/x86/q35/DSDT.acpihmat-generic-x | Bin 12650 -> 12637 bytes
tests/data/acpi/x86/q35/DSDT.acpihmat-noinitiator | Bin 8719 -> 8706 bytes
tests/data/acpi/x86/q35/DSDT.applesmc | Bin 8486 -> 8473 bytes
tests/data/acpi/x86/q35/DSDT.bridge | Bin 12053 -> 12040 bytes
tests/data/acpi/x86/q35/DSDT.core-count | Bin 12998 -> 12985 bytes
tests/data/acpi/x86/q35/DSDT.core-count2 | Bin 33855 -> 33842 bytes
tests/data/acpi/x86/q35/DSDT.cphp | Bin 8904 -> 8891 bytes
tests/data/acpi/x86/q35/DSDT.cxl | Bin 13231 -> 13218 bytes
tests/data/acpi/x86/q35/DSDT.dimmpxm | Bin 10094 -> 10081 bytes
tests/data/acpi/x86/q35/DSDT.ipmibt | Bin 8515 -> 8502 bytes
tests/data/acpi/x86/q35/DSDT.ipmismbus | Bin 8528 -> 8515 bytes
tests/data/acpi/x86/q35/DSDT.ivrs | Bin 8457 -> 8444 bytes
tests/data/acpi/x86/q35/DSDT.memhp | Bin 9799 -> 9786 bytes
tests/data/acpi/x86/q35/DSDT.mmio64 | Bin 9570 -> 9557 bytes
tests/data/acpi/x86/q35/DSDT.multi-bridge | Bin 13293 -> 13280 bytes
tests/data/acpi/x86/q35/DSDT.noacpihp | Bin 8302 -> 8289 bytes
tests/data/acpi/x86/q35/DSDT.nohpet | Bin 8298 -> 8285 bytes
tests/data/acpi/x86/q35/DSDT.numamem | Bin 8446 -> 8433 bytes
tests/data/acpi/x86/q35/DSDT.pvpanic-isa | Bin 8541 -> 8528 bytes
tests/data/acpi/x86/q35/DSDT.thread-count | Bin 12998 -> 12985 bytes
tests/data/acpi/x86/q35/DSDT.thread-count2 | Bin 33855 -> 33842 bytes
tests/data/acpi/x86/q35/DSDT.tis.tpm12 | Bin 9046 -> 9033 bytes
tests/data/acpi/x86/q35/DSDT.tis.tpm2 | Bin 9072 -> 9059 bytes
tests/data/acpi/x86/q35/DSDT.type4-count | Bin 18674 -> 18661 bytes
tests/data/acpi/x86/q35/DSDT.viot | Bin 14697 -> 14684 bytes
tests/data/acpi/x86/q35/DSDT.xapic | Bin 35803 -> 35790 bytes
tests/unit/meson.build | 1 +
121 files changed, 852 insertions(+), 1802 deletions(-)
delete mode 100644 hw/acpi/cpu_hotplug.c
create mode 100644 tests/unit/test-qdev.c
delete mode 100644 pc-bios/multiboot.bin
delete mode 100644 pc-bios/optionrom/linuxboot.S
delete mode 100644 pc-bios/optionrom/multiboot.S
--
2.52.0
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PULL 01/41] target/i386: convert SEV-ES termination requests to guest panic events
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 02/41] hw/i386/pc: Remove deprecated pc-q35-2.6 and pc-i440fx-2.6 machines Paolo Bonzini
` (40 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Jin Liu, Michael Roth
This produces a good error message instead of:
KVM: unknown exit reason 24
EAX=00000000 EBX=00000000 ECX=00000000 EDX=00a00f11
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000b004 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 00000000 0000ffff 00009300
CS =f000 00800000 0000ffff 00009b00
SS =0000 00000000 0000ffff 00009300
DS =0000 00000000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT= 00000000 0000ffff
IDT= 00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000000
Code=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Reported-by: Jin Liu <jinl@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
qapi/run-state.json | 23 +++++++++++++++++++++--
accel/kvm/kvm-all.c | 1 +
system/runstate.c | 4 ++++
target/i386/cpu-system.c | 22 ++++++++++++++++++++++
4 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/qapi/run-state.json b/qapi/run-state.json
index a6bc94a44bb..a5771ad4681 100644
--- a/qapi/run-state.json
+++ b/qapi/run-state.json
@@ -504,10 +504,12 @@
#
# @tdx: tdx guest panic information type (Since: 10.1)
#
+# @sev: AMD SEV-ES guest termination information type (Since: 11.0)
+#
# Since: 2.9
##
{ 'enum': 'GuestPanicInformationType',
- 'data': [ 'hyper-v', 's390', 'tdx' ] }
+ 'data': [ 'hyper-v', 's390', 'tdx', 'sev' ] }
##
# @GuestPanicInformation:
@@ -523,7 +525,8 @@
'discriminator': 'type',
'data': {'hyper-v': 'GuestPanicInformationHyperV',
's390': 'GuestPanicInformationS390',
- 'tdx' : 'GuestPanicInformationTdx'}}
+ 'tdx': 'GuestPanicInformationTdx',
+ 'sev': 'GuestPanicInformationSev' }}
##
# @GuestPanicInformationHyperV:
@@ -625,6 +628,22 @@
'message': 'str',
'*gpa': 'uint64'}}
+##
+# @GuestPanicInformationSev:
+#
+# Information for AMD SEV-specific termination request (GHCB MSR
+# contents)
+#
+# @set: The reason code set provided by the guest
+#
+# @code: The reason code provided by the guest
+#
+# Since: 11.0
+##
+{'struct': 'GuestPanicInformationSev',
+ 'data': {'set': 'uint32',
+ 'code': 'uint32'}}
+
##
# @MEMORY_FAILURE:
#
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 8301a512e7f..0d8b0c43470 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -3300,6 +3300,7 @@ int kvm_cpu_exec(CPUState *cpu)
qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
ret = EXCP_INTERRUPT;
break;
+ case KVM_SYSTEM_EVENT_SEV_TERM:
case KVM_SYSTEM_EVENT_CRASH:
kvm_cpu_synchronize_state(cpu);
bql_lock();
diff --git a/system/runstate.c b/system/runstate.c
index ed2db564806..d091a2bdddb 100644
--- a/system/runstate.c
+++ b/system/runstate.c
@@ -669,6 +669,10 @@ void qemu_system_guest_panicked(GuestPanicInformation *info)
"can be found at gpa page: 0x%" PRIx64 "\n",
info->u.tdx.gpa);
}
+ } else if (info->type == GUEST_PANIC_INFORMATION_TYPE_SEV) {
+ qemu_log_mask(LOG_GUEST_ERROR, "SEV termination (reason set: %d code: %d)",
+ info->u.sev.set,
+ info->u.sev.code);
}
qapi_free_GuestPanicInformation(info);
diff --git a/target/i386/cpu-system.c b/target/i386/cpu-system.c
index b1494aa6740..c8bbf0cbafd 100644
--- a/target/i386/cpu-system.c
+++ b/target/i386/cpu-system.c
@@ -18,6 +18,8 @@
*/
#include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "system/kvm.h"
#include "cpu.h"
#include "qapi/error.h"
#include "qapi/qapi-visit-run-state.h"
@@ -272,6 +274,26 @@ GuestPanicInformation *x86_cpu_get_crash_info(CPUState *cs)
CPUX86State *env = &cpu->env;
GuestPanicInformation *panic_info = NULL;
+#ifdef CONFIG_KVM
+ if (kvm_enabled()) {
+ struct kvm_run *run = cs->kvm_run;
+
+ if (run->exit_reason == KVM_EXIT_SYSTEM_EVENT &&
+ run->system_event.type == KVM_SYSTEM_EVENT_SEV_TERM) {
+ panic_info = g_new0(GuestPanicInformation, 1);
+
+ panic_info->type = GUEST_PANIC_INFORMATION_TYPE_SEV;
+ /* There should always be one data item, otherwise use zeroes. */
+ if (run->system_event.ndata > 0) {
+ panic_info->u.sev.set = (run->system_event.data[0] >> 12) & 0xf;
+ panic_info->u.sev.code = (run->system_event.data[0] >> 16) & 0xff;
+ } else {
+ warn_report("Hypervisor did not provide any data for SEV-ES termination");
+ }
+ }
+ } else
+#endif
+
if (hyperv_feat_enabled(cpu, HYPERV_FEAT_CRASH)) {
panic_info = g_new0(GuestPanicInformation, 1);
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 02/41] hw/i386/pc: Remove deprecated pc-q35-2.6 and pc-i440fx-2.6 machines
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
2026-02-12 14:42 ` [PULL 01/41] target/i386: convert SEV-ES termination requests to guest panic events Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 03/41] tests/acpi: Allow DSDT table change for x86 machines Paolo Bonzini
` (39 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Mark Cave-Ayland, Thomas Huth,
Zhao Liu, Igor Mammedov
From: Philippe Mathieu-Daudé <philmd@linaro.org>
These machines has been supported for a period of more than 6 years.
According to our versioned machine support policy (see commit
ce80c4fa6ff "docs: document special exception for machine type
deprecation & removal") they can now be removed.
Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-2-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/pc_piix.c | 14 --------------
hw/i386/pc_q35.c | 14 --------------
2 files changed, 28 deletions(-)
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 878db5721b7..9efb42ad055 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -732,20 +732,6 @@ static void pc_i440fx_machine_2_7_options(MachineClass *m)
DEFINE_I440FX_MACHINE(2, 7);
-static void pc_i440fx_machine_2_6_options(MachineClass *m)
-{
- X86MachineClass *x86mc = X86_MACHINE_CLASS(m);
- PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-
- pc_i440fx_machine_2_7_options(m);
- pcmc->legacy_cpu_hotplug = true;
- x86mc->fwcfg_dma_enabled = false;
- compat_props_add(m->compat_props, hw_compat_2_6, hw_compat_2_6_len);
- compat_props_add(m->compat_props, pc_compat_2_6, pc_compat_2_6_len);
-}
-
-DEFINE_I440FX_MACHINE(2, 6);
-
#ifdef CONFIG_XEN
static void xenfv_machine_4_2_options(MachineClass *m)
{
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 6e5a23d718f..6dd1120c004 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -680,17 +680,3 @@ static void pc_q35_machine_2_7_options(MachineClass *m)
}
DEFINE_Q35_MACHINE(2, 7);
-
-static void pc_q35_machine_2_6_options(MachineClass *m)
-{
- X86MachineClass *x86mc = X86_MACHINE_CLASS(m);
- PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
-
- pc_q35_machine_2_7_options(m);
- pcmc->legacy_cpu_hotplug = true;
- x86mc->fwcfg_dma_enabled = false;
- compat_props_add(m->compat_props, hw_compat_2_6, hw_compat_2_6_len);
- compat_props_add(m->compat_props, pc_compat_2_6, pc_compat_2_6_len);
-}
-
-DEFINE_Q35_MACHINE(2, 6);
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 03/41] tests/acpi: Allow DSDT table change for x86 machines
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
2026-02-12 14:42 ` [PULL 01/41] target/i386: convert SEV-ES termination requests to guest panic events Paolo Bonzini
2026-02-12 14:42 ` [PULL 02/41] hw/i386/pc: Remove deprecated pc-q35-2.6 and pc-i440fx-2.6 machines Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 04/41] pc: Start with modern CPU hotplug interface by default Paolo Bonzini
` (38 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Igor Mammedov, Zhao Liu
From: Igor Mammedov <imammedo@redhat.com>
Before dropping legacy CPU hotplug code, mark and allow the affected
ACPI tables, to avoid breaking ACPI table testing.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-3-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
tests/qtest/bios-tables-test-allowed-diff.h | 42 +++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
index dfb8523c8bf..eed8ded6933 100644
--- a/tests/qtest/bios-tables-test-allowed-diff.h
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
@@ -1 +1,43 @@
/* List of comma-separated changed AML files to ignore */
+"tests/data/acpi/x86/pc/DSDT",
+"tests/data/acpi/x86/pc/DSDT.bridge",
+"tests/data/acpi/x86/pc/DSDT.ipmikcs",
+"tests/data/acpi/x86/pc/DSDT.cphp",
+"tests/data/acpi/x86/pc/DSDT.numamem",
+"tests/data/acpi/x86/pc/DSDT.nohpet",
+"tests/data/acpi/x86/pc/DSDT.memhp",
+"tests/data/acpi/x86/pc/DSDT.dimmpxm",
+"tests/data/acpi/x86/pc/DSDT.acpihmat",
+"tests/data/acpi/x86/pc/DSDT.acpierst",
+"tests/data/acpi/x86/pc/DSDT.roothp",
+"tests/data/acpi/x86/pc/DSDT.hpbridge",
+"tests/data/acpi/x86/pc/DSDT.hpbrroot",
+"tests/data/acpi/x86/q35/DSDT",
+"tests/data/acpi/x86/q35/DSDT.tis.tpm2",
+"tests/data/acpi/x86/q35/DSDT.tis.tpm12",
+"tests/data/acpi/x86/q35/DSDT.bridge",
+"tests/data/acpi/x86/q35/DSDT.noacpihp",
+"tests/data/acpi/x86/q35/DSDT.multi-bridge",
+"tests/data/acpi/x86/q35/DSDT.ipmibt",
+"tests/data/acpi/x86/q35/DSDT.cphp",
+"tests/data/acpi/x86/q35/DSDT.numamem",
+"tests/data/acpi/x86/q35/DSDT.nohpet",
+"tests/data/acpi/x86/q35/DSDT.acpihmat-noinitiator",
+"tests/data/acpi/x86/q35/DSDT.acpihmat-generic-x",
+"tests/data/acpi/x86/q35/DSDT.memhp",
+"tests/data/acpi/x86/q35/DSDT.dimmpxm",
+"tests/data/acpi/x86/q35/DSDT.acpihmat",
+"tests/data/acpi/x86/q35/DSDT.mmio64",
+"tests/data/acpi/x86/q35/DSDT.acpierst",
+"tests/data/acpi/x86/q35/DSDT.applesmc",
+"tests/data/acpi/x86/q35/DSDT.pvpanic-isa",
+"tests/data/acpi/x86/q35/DSDT.ivrs",
+"tests/data/acpi/x86/q35/DSDT.type4-count",
+"tests/data/acpi/x86/q35/DSDT.core-count",
+"tests/data/acpi/x86/q35/DSDT.core-count2",
+"tests/data/acpi/x86/q35/DSDT.thread-count",
+"tests/data/acpi/x86/q35/DSDT.thread-count2",
+"tests/data/acpi/x86/q35/DSDT.viot",
+"tests/data/acpi/x86/q35/DSDT.cxl",
+"tests/data/acpi/x86/q35/DSDT.ipmismbus",
+"tests/data/acpi/x86/q35/DSDT.xapic",
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 04/41] pc: Start with modern CPU hotplug interface by default
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (2 preceding siblings ...)
2026-02-12 14:42 ` [PULL 03/41] tests/acpi: Allow DSDT table change for x86 machines Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-03-16 16:01 ` Peter Maydell
2026-02-12 14:42 ` [PULL 05/41] hw/i386/pc: Remove PCMachineClass::legacy_cpu_hotplug field Paolo Bonzini
` (37 subsequent siblings)
41 siblings, 1 reply; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Zhao Liu, Igor Mammedov
From: Zhao Liu <zhao1.liu@intel.com>
For compatibility reasons PC/Q35 will start with legacy CPU hotplug
interface by default but with new CPU hotplug AML code since 2.7
machine type (in commit 679dd1a957df ("pc: use new CPU hotplug interface
since 2.7 machine type")). In that way, legacy firmware that doesn't use
QEMU generated ACPI tables was able to continue using legacy CPU hotplug
interface.
While later machine types, with firmware supporting QEMU provided ACPI
tables, generate new CPU hotplug AML, which will switch to new CPU
hotplug interface when guest OS executes its _INI method on ACPI tables
loading.
Since 2.6 machine type is now gone, and consider that the legacy BIOS
(based on QEMU ACPI prior to v2.7) should be no longer in use, previous
compatibility requirements are no longer necessary. So initialize
'modern' hotplug directly from the very beginning for PC/Q35 machines
with cpu_hotplug_hw_init(), and drop _INIT method.
Additionally, remove the checks and settings around cpu_hotplug_legacy
in cpuhp VMState (for piix4 & ich9), to eliminate the risk of
segmentation faults, as gpe_cpu no longer has the opportunity to be
initialized. This is safe because all hotplug now start with the modern
way, and it's impossible to switch to legacy way at runtime (even the
"cpu-hotplug-legacy" properties does not allow it either).
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Link: https://lore.kernel.org/r/20260108033051.777361-4-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/acpi/cpu.h | 1 -
hw/acpi/cpu.c | 10 ----------
hw/acpi/ich9.c | 22 +++-------------------
hw/acpi/piix4.c | 21 +++------------------
hw/i386/acpi-build.c | 2 +-
hw/loongarch/virt-acpi-build.c | 1 -
6 files changed, 7 insertions(+), 50 deletions(-)
diff --git a/include/hw/acpi/cpu.h b/include/hw/acpi/cpu.h
index 557219d2c63..2809dd8a911 100644
--- a/include/hw/acpi/cpu.h
+++ b/include/hw/acpi/cpu.h
@@ -54,7 +54,6 @@ void cpu_hotplug_hw_init(MemoryRegion *as, Object *owner,
typedef struct CPUHotplugFeatures {
bool acpi_1_compatible;
- bool has_legacy_cphp;
bool fw_unplugs_cpu;
const char *smi_path;
} CPUHotplugFeatures;
diff --git a/hw/acpi/cpu.c b/hw/acpi/cpu.c
index 6f1ae79edbf..d63ca83c1bc 100644
--- a/hw/acpi/cpu.c
+++ b/hw/acpi/cpu.c
@@ -408,16 +408,6 @@ void build_cpus_aml(Aml *table, MachineState *machine, CPUHotplugFeatures opts,
aml_append(field, aml_reserved_field(4 * 8));
aml_append(field, aml_named_field(CPU_DATA, 32));
aml_append(cpu_ctrl_dev, field);
-
- if (opts.has_legacy_cphp) {
- method = aml_method("_INI", 0, AML_SERIALIZED);
- /* switch off legacy CPU hotplug HW and use new one,
- * on reboot system is in new mode and writing 0
- * in CPU_SELECTOR selects BSP, which is NOP at
- * the time _INI is called */
- aml_append(method, aml_store(zero, aml_name(CPU_SELECTOR)));
- aml_append(cpu_ctrl_dev, method);
- }
}
aml_append(sb_scope, cpu_ctrl_dev);
diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index 2b3b493c014..54590129c69 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -183,26 +183,10 @@ static const VMStateDescription vmstate_tco_io_state = {
}
};
-static bool vmstate_test_use_cpuhp(void *opaque)
-{
- ICH9LPCPMRegs *s = opaque;
- return !s->cpu_hotplug_legacy;
-}
-
-static int vmstate_cpuhp_pre_load(void *opaque)
-{
- ICH9LPCPMRegs *s = opaque;
- Object *obj = OBJECT(s->gpe_cpu.device);
- object_property_set_bool(obj, "cpu-hotplug-legacy", false, &error_abort);
- return 0;
-}
-
static const VMStateDescription vmstate_cpuhp_state = {
.name = "ich9_pm/cpuhp",
.version_id = 1,
.minimum_version_id = 1,
- .needed = vmstate_test_use_cpuhp,
- .pre_load = vmstate_cpuhp_pre_load,
.fields = (const VMStateField[]) {
VMSTATE_CPU_HOTPLUG(cpuhp_state, ICH9LPCPMRegs),
VMSTATE_END_OF_LIST()
@@ -338,8 +322,8 @@ void ich9_pm_init(PCIDevice *lpc_pci, ICH9LPCPMRegs *pm, qemu_irq sci_irq)
pm->powerdown_notifier.notify = pm_powerdown_req;
qemu_register_powerdown_notifier(&pm->powerdown_notifier);
- legacy_acpi_cpu_hotplug_init(pci_address_space_io(lpc_pci),
- OBJECT(lpc_pci), &pm->gpe_cpu, ICH9_CPU_HOTPLUG_IO_BASE);
+ cpu_hotplug_hw_init(pci_address_space_io(lpc_pci),
+ OBJECT(lpc_pci), &pm->cpuhp_state, ICH9_CPU_HOTPLUG_IO_BASE);
acpi_memory_hotplug_init(pci_address_space_io(lpc_pci), OBJECT(lpc_pci),
&pm->acpi_memory_hotplug,
@@ -419,7 +403,7 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm)
{
static const uint32_t gpe0_len = ICH9_PMIO_GPE0_LEN;
pm->acpi_memory_hotplug.is_enabled = true;
- pm->cpu_hotplug_legacy = true;
+ pm->cpu_hotplug_legacy = false;
pm->disable_s3 = 0;
pm->disable_s4 = 0;
pm->s4_val = 2;
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 19d4d4be932..0eda692084d 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -195,25 +195,10 @@ static const VMStateDescription vmstate_memhp_state = {
}
};
-static bool vmstate_test_use_cpuhp(void *opaque)
-{
- PIIX4PMState *s = opaque;
- return !s->cpu_hotplug_legacy;
-}
-
-static int vmstate_cpuhp_pre_load(void *opaque)
-{
- Object *obj = OBJECT(opaque);
- object_property_set_bool(obj, "cpu-hotplug-legacy", false, &error_abort);
- return 0;
-}
-
static const VMStateDescription vmstate_cpuhp_state = {
.name = "piix4_pm/cpuhp",
.version_id = 1,
.minimum_version_id = 1,
- .needed = vmstate_test_use_cpuhp,
- .pre_load = vmstate_cpuhp_pre_load,
.fields = (const VMStateField[]) {
VMSTATE_CPU_HOTPLUG(cpuhp_state, PIIX4PMState),
VMSTATE_END_OF_LIST()
@@ -573,12 +558,12 @@ static void piix4_acpi_system_hot_add_init(MemoryRegion *parent,
qbus_set_hotplug_handler(BUS(pci_get_bus(PCI_DEVICE(s))), OBJECT(s));
}
- s->cpu_hotplug_legacy = true;
+ s->cpu_hotplug_legacy = false;
object_property_add_bool(OBJECT(s), "cpu-hotplug-legacy",
piix4_get_cpu_hotplug_legacy,
piix4_set_cpu_hotplug_legacy);
- legacy_acpi_cpu_hotplug_init(parent, OBJECT(s), &s->gpe_cpu,
- PIIX4_CPU_HOTPLUG_IO_BASE);
+ cpu_hotplug_hw_init(parent, OBJECT(s), &s->cpuhp_state,
+ PIIX4_CPU_HOTPLUG_IO_BASE);
if (s->acpi_memory_hotplug.is_enabled) {
acpi_memory_hotplug_init(parent, OBJECT(s), &s->acpi_memory_hotplug,
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 19c62362e31..cdd72cbcaa0 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -964,7 +964,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
build_legacy_cpu_hotplug_aml(dsdt, machine, pm->cpu_hp_io_base);
} else {
CPUHotplugFeatures opts = {
- .acpi_1_compatible = true, .has_legacy_cphp = true,
+ .acpi_1_compatible = true,
.smi_path = pm->smi_on_cpuhp ? "\\_SB.PCI0.SMI0.SMIC" : NULL,
.fw_unplugs_cpu = pm->smi_on_cpu_unplug,
};
diff --git a/hw/loongarch/virt-acpi-build.c b/hw/loongarch/virt-acpi-build.c
index 54ac94e17d3..3e34bedcd6f 100644
--- a/hw/loongarch/virt-acpi-build.c
+++ b/hw/loongarch/virt-acpi-build.c
@@ -369,7 +369,6 @@ build_la_ged_aml(Aml *dsdt, MachineState *machine)
if (event & ACPI_GED_CPU_HOTPLUG_EVT) {
opts.acpi_1_compatible = false;
- opts.has_legacy_cphp = false;
opts.fw_unplugs_cpu = false;
opts.smi_path = NULL;
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 05/41] hw/i386/pc: Remove PCMachineClass::legacy_cpu_hotplug field
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (3 preceding siblings ...)
2026-02-12 14:42 ` [PULL 04/41] pc: Start with modern CPU hotplug interface by default Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 06/41] acpi: Remove legacy cpu hotplug utilities Paolo Bonzini
` (36 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Philippe Mathieu-Daudé, Igor Mammedov, Zhao Liu
From: Philippe Mathieu-Daudé <philmd@linaro.org>
Now all PC & Q35 machiens are using modern hotplug from the beginning,
and all legacy_cpu_hotplug flags keep false during runtime.
So it's safe to remove legacy_cpu_hotplug flags and related properties,
with unused gpe_cpu field.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Link: https://lore.kernel.org/r/20260108033051.777361-5-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/acpi/ich9.h | 2 --
include/hw/acpi/piix4.h | 2 --
include/hw/i386/pc.h | 3 ---
hw/acpi/ich9.c | 40 ++++------------------------------------
hw/acpi/piix4.c | 40 ++++------------------------------------
hw/i386/acpi-build.c | 4 +---
6 files changed, 9 insertions(+), 82 deletions(-)
diff --git a/include/hw/acpi/ich9.h b/include/hw/acpi/ich9.h
index 245fe08dc24..6a21472eb32 100644
--- a/include/hw/acpi/ich9.h
+++ b/include/hw/acpi/ich9.h
@@ -53,8 +53,6 @@ typedef struct ICH9LPCPMRegs {
uint32_t pm_io_base;
Notifier powerdown_notifier;
- bool cpu_hotplug_legacy;
- AcpiCpuHotplug gpe_cpu;
CPUHotplugState cpuhp_state;
bool keep_pci_slot_hpc;
diff --git a/include/hw/acpi/piix4.h b/include/hw/acpi/piix4.h
index eb1c122d806..e075f0cbeaf 100644
--- a/include/hw/acpi/piix4.h
+++ b/include/hw/acpi/piix4.h
@@ -63,8 +63,6 @@ struct PIIX4PMState {
uint8_t disable_s4;
uint8_t s4_val;
- bool cpu_hotplug_legacy;
- AcpiCpuHotplug gpe_cpu;
CPUHotplugState cpuhp_state;
MemHotplugState acpi_memory_hotplug;
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 1890c61a387..7f8cf94138a 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -110,9 +110,6 @@ struct PCMachineClass {
bool enforce_amd_1tb_hole;
bool isa_bios_alias;
- /* generate legacy CPU hotplug AML */
- bool legacy_cpu_hotplug;
-
/* use PVH to load kernels that support this feature */
bool pvh_enabled;
diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index 54590129c69..f254f387971 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -339,26 +339,6 @@ static void ich9_pm_get_gpe0_blk(Object *obj, Visitor *v, const char *name,
visit_type_uint32(v, name, &value, errp);
}
-static bool ich9_pm_get_cpu_hotplug_legacy(Object *obj, Error **errp)
-{
- ICH9LPCState *s = ICH9_LPC_DEVICE(obj);
-
- return s->pm.cpu_hotplug_legacy;
-}
-
-static void ich9_pm_set_cpu_hotplug_legacy(Object *obj, bool value,
- Error **errp)
-{
- ICH9LPCState *s = ICH9_LPC_DEVICE(obj);
-
- assert(!value);
- if (s->pm.cpu_hotplug_legacy && value == false) {
- acpi_switch_to_modern_cphp(&s->pm.gpe_cpu, &s->pm.cpuhp_state,
- ICH9_CPU_HOTPLUG_IO_BASE);
- }
- s->pm.cpu_hotplug_legacy = value;
-}
-
static bool ich9_pm_get_enable_tco(Object *obj, Error **errp)
{
ICH9LPCState *s = ICH9_LPC_DEVICE(obj);
@@ -403,7 +383,6 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm)
{
static const uint32_t gpe0_len = ICH9_PMIO_GPE0_LEN;
pm->acpi_memory_hotplug.is_enabled = true;
- pm->cpu_hotplug_legacy = false;
pm->disable_s3 = 0;
pm->disable_s4 = 0;
pm->s4_val = 2;
@@ -422,9 +401,6 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm)
NULL, NULL, pm);
object_property_add_uint32_ptr(obj, ACPI_PM_PROP_GPE0_BLK_LEN,
&gpe0_len, OBJ_PROP_FLAG_READ);
- object_property_add_bool(obj, "cpu-hotplug-legacy",
- ich9_pm_get_cpu_hotplug_legacy,
- ich9_pm_set_cpu_hotplug_legacy);
object_property_add_uint8_ptr(obj, ACPI_PM_PROP_S3_DISABLED,
&pm->disable_s3, OBJ_PROP_FLAG_READWRITE);
object_property_add_uint8_ptr(obj, ACPI_PM_PROP_S4_DISABLED,
@@ -477,11 +453,7 @@ void ich9_pm_device_plug_cb(HotplugHandler *hotplug_dev, DeviceState *dev,
dev, errp);
}
} else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
- if (lpc->pm.cpu_hotplug_legacy) {
- legacy_acpi_cpu_plug_cb(hotplug_dev, &lpc->pm.gpe_cpu, dev, errp);
- } else {
- acpi_cpu_plug_cb(hotplug_dev, &lpc->pm.cpuhp_state, dev, errp);
- }
+ acpi_cpu_plug_cb(hotplug_dev, &lpc->pm.cpuhp_state, dev, errp);
} else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
acpi_pcihp_device_plug_cb(hotplug_dev, &lpc->pm.acpi_pci_hotplug,
dev, errp);
@@ -500,8 +472,7 @@ void ich9_pm_device_unplug_request_cb(HotplugHandler *hotplug_dev,
acpi_memory_unplug_request_cb(hotplug_dev,
&lpc->pm.acpi_memory_hotplug, dev,
errp);
- } else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU) &&
- !lpc->pm.cpu_hotplug_legacy) {
+ } else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
uint64_t negotiated = lpc->smi_negotiated_features;
if (negotiated & BIT_ULL(ICH9_LPC_SMI_F_BROADCAST_BIT) &&
@@ -533,8 +504,7 @@ void ich9_pm_device_unplug_cb(HotplugHandler *hotplug_dev, DeviceState *dev,
if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
acpi_memory_unplug_cb(&lpc->pm.acpi_memory_hotplug, dev, errp);
- } else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU) &&
- !lpc->pm.cpu_hotplug_legacy) {
+ } else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
acpi_cpu_unplug_cb(&lpc->pm.cpuhp_state, dev, errp);
} else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
acpi_pcihp_device_unplug_cb(hotplug_dev, &lpc->pm.acpi_pci_hotplug,
@@ -556,7 +526,5 @@ void ich9_pm_ospm_status(AcpiDeviceIf *adev, ACPIOSTInfoList ***list)
ICH9LPCState *s = ICH9_LPC_DEVICE(adev);
acpi_memory_ospm_status(&s->pm.acpi_memory_hotplug, list);
- if (!s->pm.cpu_hotplug_legacy) {
- acpi_cpu_ospm_status(&s->pm.cpuhp_state, list);
- }
+ acpi_cpu_ospm_status(&s->pm.cpuhp_state, list);
}
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 0eda692084d..05f9d6372a9 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -336,11 +336,7 @@ static void piix4_device_plug_cb(HotplugHandler *hotplug_dev,
} else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
acpi_pcihp_device_plug_cb(hotplug_dev, &s->acpi_pci_hotplug, dev, errp);
} else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
- if (s->cpu_hotplug_legacy) {
- legacy_acpi_cpu_plug_cb(hotplug_dev, &s->gpe_cpu, dev, errp);
- } else {
- acpi_cpu_plug_cb(hotplug_dev, &s->cpuhp_state, dev, errp);
- }
+ acpi_cpu_plug_cb(hotplug_dev, &s->cpuhp_state, dev, errp);
} else {
g_assert_not_reached();
}
@@ -358,8 +354,7 @@ static void piix4_device_unplug_request_cb(HotplugHandler *hotplug_dev,
} else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
acpi_pcihp_device_unplug_request_cb(hotplug_dev, &s->acpi_pci_hotplug,
dev, errp);
- } else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU) &&
- !s->cpu_hotplug_legacy) {
+ } else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
acpi_cpu_unplug_request_cb(hotplug_dev, &s->cpuhp_state, dev, errp);
} else {
error_setg(errp, "acpi: device unplug request for not supported device"
@@ -378,8 +373,7 @@ static void piix4_device_unplug_cb(HotplugHandler *hotplug_dev,
} else if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
acpi_pcihp_device_unplug_cb(hotplug_dev, &s->acpi_pci_hotplug, dev,
errp);
- } else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU) &&
- !s->cpu_hotplug_legacy) {
+ } else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
acpi_cpu_unplug_cb(&s->cpuhp_state, dev, errp);
} else {
error_setg(errp, "acpi: device unplug for not supported device"
@@ -523,26 +517,6 @@ static const MemoryRegionOps piix4_gpe_ops = {
.endianness = DEVICE_LITTLE_ENDIAN,
};
-
-static bool piix4_get_cpu_hotplug_legacy(Object *obj, Error **errp)
-{
- PIIX4PMState *s = PIIX4_PM(obj);
-
- return s->cpu_hotplug_legacy;
-}
-
-static void piix4_set_cpu_hotplug_legacy(Object *obj, bool value, Error **errp)
-{
- PIIX4PMState *s = PIIX4_PM(obj);
-
- assert(!value);
- if (s->cpu_hotplug_legacy && value == false) {
- acpi_switch_to_modern_cphp(&s->gpe_cpu, &s->cpuhp_state,
- PIIX4_CPU_HOTPLUG_IO_BASE);
- }
- s->cpu_hotplug_legacy = value;
-}
-
static void piix4_acpi_system_hot_add_init(MemoryRegion *parent,
PCIBus *bus, PIIX4PMState *s)
{
@@ -558,10 +532,6 @@ static void piix4_acpi_system_hot_add_init(MemoryRegion *parent,
qbus_set_hotplug_handler(BUS(pci_get_bus(PCI_DEVICE(s))), OBJECT(s));
}
- s->cpu_hotplug_legacy = false;
- object_property_add_bool(OBJECT(s), "cpu-hotplug-legacy",
- piix4_get_cpu_hotplug_legacy,
- piix4_set_cpu_hotplug_legacy);
cpu_hotplug_hw_init(parent, OBJECT(s), &s->cpuhp_state,
PIIX4_CPU_HOTPLUG_IO_BASE);
@@ -576,9 +546,7 @@ static void piix4_ospm_status(AcpiDeviceIf *adev, ACPIOSTInfoList ***list)
PIIX4PMState *s = PIIX4_PM(adev);
acpi_memory_ospm_status(&s->acpi_memory_hotplug, list);
- if (!s->cpu_hotplug_legacy) {
- acpi_cpu_ospm_status(&s->cpuhp_state, list);
- }
+ acpi_cpu_ospm_status(&s->cpuhp_state, list);
}
static void piix4_send_gpe(AcpiDeviceIf *adev, AcpiEventStatusBits ev)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index cdd72cbcaa0..22bd497c9be 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -960,9 +960,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
}
aml_append(dsdt, scope);
- if (pcmc->legacy_cpu_hotplug) {
- build_legacy_cpu_hotplug_aml(dsdt, machine, pm->cpu_hp_io_base);
- } else {
+ {
CPUHotplugFeatures opts = {
.acpi_1_compatible = true,
.smi_path = pm->smi_on_cpuhp ? "\\_SB.PCI0.SMI0.SMIC" : NULL,
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 06/41] acpi: Remove legacy cpu hotplug utilities
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (4 preceding siblings ...)
2026-02-12 14:42 ` [PULL 05/41] hw/i386/pc: Remove PCMachineClass::legacy_cpu_hotplug field Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 07/41] docs/specs/acpi_cpu_hotplug: Remove legacy cpu hotplug descriptions Paolo Bonzini
` (35 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Zhao Liu, Igor Mammedov
From: Zhao Liu <zhao1.liu@intel.com>
The cpu_hotplug.h and cpu_hotplug.c contain legacy cpu hotplug
utilities. Now there's no use case of legacy cpu hotplug, so it's safe
to drop legacy cpu hotplug support totally.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Link: https://lore.kernel.org/r/20260108033051.777361-6-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/acpi/ich9.h | 2 +-
include/hw/acpi/piix4.h | 2 +-
hw/acpi/acpi-cpu-hotplug-stub.c | 19 +-
hw/acpi/cpu_hotplug.c | 348 --------------------------------
hw/acpi/generic_event_device.c | 1 +
hw/acpi/ich9.c | 1 +
hw/acpi/piix4.c | 2 +-
hw/i386/acpi-build.c | 1 +
hw/i386/pc.c | 3 +-
hw/i386/x86-common.c | 1 -
hw/acpi/meson.build | 2 +-
11 files changed, 10 insertions(+), 372 deletions(-)
delete mode 100644 hw/acpi/cpu_hotplug.c
diff --git a/include/hw/acpi/ich9.h b/include/hw/acpi/ich9.h
index 6a21472eb32..019f0915c11 100644
--- a/include/hw/acpi/ich9.h
+++ b/include/hw/acpi/ich9.h
@@ -22,12 +22,12 @@
#define HW_ACPI_ICH9_H
#include "hw/acpi/acpi.h"
-#include "hw/acpi/cpu_hotplug.h"
#include "hw/acpi/cpu.h"
#include "hw/acpi/pcihp.h"
#include "hw/acpi/memory_hotplug.h"
#include "hw/acpi/acpi_dev_interface.h"
#include "hw/acpi/ich9_tco.h"
+#include "hw/acpi/cpu.h"
#define ACPI_PCIHP_ADDR_ICH9 0x0cc0
diff --git a/include/hw/acpi/piix4.h b/include/hw/acpi/piix4.h
index e075f0cbeaf..863382a814a 100644
--- a/include/hw/acpi/piix4.h
+++ b/include/hw/acpi/piix4.h
@@ -24,11 +24,11 @@
#include "hw/pci/pci_device.h"
#include "hw/acpi/acpi.h"
-#include "hw/acpi/cpu_hotplug.h"
#include "hw/acpi/memory_hotplug.h"
#include "hw/acpi/pcihp.h"
#include "hw/i2c/pm_smbus.h"
#include "hw/isa/apm.h"
+#include "hw/acpi/cpu.h"
#define TYPE_PIIX4_PM "PIIX4_PM"
OBJECT_DECLARE_SIMPLE_TYPE(PIIX4PMState, PIIX4_PM)
diff --git a/hw/acpi/acpi-cpu-hotplug-stub.c b/hw/acpi/acpi-cpu-hotplug-stub.c
index 9872dd55e43..72c5f05f5c4 100644
--- a/hw/acpi/acpi-cpu-hotplug-stub.c
+++ b/hw/acpi/acpi-cpu-hotplug-stub.c
@@ -1,22 +1,10 @@
#include "qemu/osdep.h"
-#include "hw/acpi/cpu_hotplug.h"
#include "migration/vmstate.h"
-
+#include "hw/acpi/cpu.h"
/* Following stubs are all related to ACPI cpu hotplug */
const VMStateDescription vmstate_cpu_hotplug;
-void acpi_switch_to_modern_cphp(AcpiCpuHotplug *gpe_cpu,
- CPUHotplugState *cpuhp_state,
- uint16_t io_port)
-{
-}
-
-void legacy_acpi_cpu_hotplug_init(MemoryRegion *parent, Object *owner,
- AcpiCpuHotplug *gpe_cpu, uint16_t base)
-{
-}
-
void cpu_hotplug_hw_init(MemoryRegion *as, Object *owner,
CPUHotplugState *state, hwaddr base_addr)
{
@@ -31,11 +19,6 @@ void acpi_cpu_plug_cb(HotplugHandler *hotplug_dev,
{
}
-void legacy_acpi_cpu_plug_cb(HotplugHandler *hotplug_dev,
- AcpiCpuHotplug *g, DeviceState *dev, Error **errp)
-{
-}
-
void acpi_cpu_unplug_cb(CPUHotplugState *cpu_st,
DeviceState *dev, Error **errp)
{
diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c
deleted file mode 100644
index aa0e1e3efa5..00000000000
--- a/hw/acpi/cpu_hotplug.c
+++ /dev/null
@@ -1,348 +0,0 @@
-/*
- * QEMU ACPI hotplug utilities
- *
- * Copyright (C) 2013 Red Hat Inc
- *
- * Authors:
- * Igor Mammedov <imammedo@redhat.com>
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- */
-#include "qemu/osdep.h"
-#include "hw/acpi/cpu_hotplug.h"
-#include "qapi/error.h"
-#include "hw/core/cpu.h"
-#include "hw/i386/x86.h"
-#include "hw/pci/pci_device.h"
-#include "qemu/error-report.h"
-
-#define CPU_EJECT_METHOD "CPEJ"
-#define CPU_MAT_METHOD "CPMA"
-#define CPU_ON_BITMAP "CPON"
-#define CPU_STATUS_METHOD "CPST"
-#define CPU_STATUS_MAP "PRS"
-#define CPU_SCAN_METHOD "PRSC"
-
-static uint64_t cpu_status_read(void *opaque, hwaddr addr, unsigned int size)
-{
- AcpiCpuHotplug *cpus = opaque;
- uint64_t val = cpus->sts[addr];
-
- return val;
-}
-
-static void cpu_status_write(void *opaque, hwaddr addr, uint64_t data,
- unsigned int size)
-{
- /* firmware never used to write in CPU present bitmap so use
- this fact as means to switch QEMU into modern CPU hotplug
- mode by writing 0 at the beginning of legacy CPU bitmap
- */
- if (addr == 0 && data == 0) {
- AcpiCpuHotplug *cpus = opaque;
- object_property_set_bool(cpus->device, "cpu-hotplug-legacy", false,
- &error_abort);
- }
-}
-
-static const MemoryRegionOps AcpiCpuHotplug_ops = {
- .read = cpu_status_read,
- .write = cpu_status_write,
- .endianness = DEVICE_LITTLE_ENDIAN,
- .valid = {
- .min_access_size = 1,
- .max_access_size = 4,
- },
- .impl = {
- .max_access_size = 1,
- },
-};
-
-static void acpi_set_cpu_present_bit(AcpiCpuHotplug *g, CPUState *cpu,
- bool *swtchd_to_modern)
-{
- int64_t cpu_id;
-
- cpu_id = cpu->cc->get_arch_id(cpu);
- if ((cpu_id / 8) >= ACPI_GPE_PROC_LEN) {
- object_property_set_bool(g->device, "cpu-hotplug-legacy", false,
- &error_abort);
- *swtchd_to_modern = true;
- return;
- }
-
- *swtchd_to_modern = false;
- g->sts[cpu_id / 8] |= (1 << (cpu_id % 8));
-}
-
-void legacy_acpi_cpu_plug_cb(HotplugHandler *hotplug_dev,
- AcpiCpuHotplug *g, DeviceState *dev, Error **errp)
-{
- bool swtchd_to_modern;
- Error *local_err = NULL;
-
- acpi_set_cpu_present_bit(g, CPU(dev), &swtchd_to_modern);
- if (swtchd_to_modern) {
- /* propagate the hotplug to the modern interface */
- hotplug_handler_plug(hotplug_dev, dev, &local_err);
- } else {
- acpi_send_event(DEVICE(hotplug_dev), ACPI_CPU_HOTPLUG_STATUS);
- }
-}
-
-void legacy_acpi_cpu_hotplug_init(MemoryRegion *parent, Object *owner,
- AcpiCpuHotplug *gpe_cpu, uint16_t base)
-{
- CPUState *cpu;
- bool swtchd_to_modern;
-
- memory_region_init_io(&gpe_cpu->io, owner, &AcpiCpuHotplug_ops,
- gpe_cpu, "acpi-cpu-hotplug", ACPI_GPE_PROC_LEN);
- memory_region_add_subregion(parent, base, &gpe_cpu->io);
- gpe_cpu->device = owner;
-
- CPU_FOREACH(cpu) {
- acpi_set_cpu_present_bit(gpe_cpu, cpu, &swtchd_to_modern);
- }
-}
-
-void acpi_switch_to_modern_cphp(AcpiCpuHotplug *gpe_cpu,
- CPUHotplugState *cpuhp_state,
- uint16_t io_port)
-{
- MemoryRegion *parent = pci_address_space_io(PCI_DEVICE(gpe_cpu->device));
-
- memory_region_del_subregion(parent, &gpe_cpu->io);
- cpu_hotplug_hw_init(parent, gpe_cpu->device, cpuhp_state, io_port);
-}
-
-void build_legacy_cpu_hotplug_aml(Aml *ctx, MachineState *machine,
- uint16_t io_base)
-{
- Aml *dev;
- Aml *crs;
- Aml *pkg;
- Aml *field;
- Aml *method;
- Aml *if_ctx;
- Aml *else_ctx;
- int i, apic_idx;
- Aml *sb_scope = aml_scope("_SB");
- uint8_t madt_tmpl[8] = {0x00, 0x08, 0x00, 0x00, 0x00, 0, 0, 0};
- Aml *cpu_id = aml_arg(1);
- Aml *apic_id = aml_arg(0);
- Aml *cpu_on = aml_local(0);
- Aml *madt = aml_local(1);
- Aml *cpus_map = aml_name(CPU_ON_BITMAP);
- Aml *zero = aml_int(0);
- Aml *one = aml_int(1);
- MachineClass *mc = MACHINE_GET_CLASS(machine);
- const CPUArchIdList *apic_ids = mc->possible_cpu_arch_ids(machine);
- X86MachineState *x86ms = X86_MACHINE(machine);
-
- /*
- * _MAT method - creates an madt apic buffer
- * apic_id = Arg0 = Local APIC ID
- * cpu_id = Arg1 = Processor ID
- * cpu_on = Local0 = CPON flag for this cpu
- * madt = Local1 = Buffer (in madt apic form) to return
- */
- method = aml_method(CPU_MAT_METHOD, 2, AML_NOTSERIALIZED);
- aml_append(method,
- aml_store(aml_derefof(aml_index(cpus_map, apic_id)), cpu_on));
- aml_append(method,
- aml_store(aml_buffer(sizeof(madt_tmpl), madt_tmpl), madt));
- /* Update the processor id, lapic id, and enable/disable status */
- aml_append(method, aml_store(cpu_id, aml_index(madt, aml_int(2))));
- aml_append(method, aml_store(apic_id, aml_index(madt, aml_int(3))));
- aml_append(method, aml_store(cpu_on, aml_index(madt, aml_int(4))));
- aml_append(method, aml_return(madt));
- aml_append(sb_scope, method);
-
- /*
- * _STA method - return ON status of cpu
- * apic_id = Arg0 = Local APIC ID
- * cpu_on = Local0 = CPON flag for this cpu
- */
- method = aml_method(CPU_STATUS_METHOD, 1, AML_NOTSERIALIZED);
- aml_append(method,
- aml_store(aml_derefof(aml_index(cpus_map, apic_id)), cpu_on));
- if_ctx = aml_if(cpu_on);
- {
- aml_append(if_ctx, aml_return(aml_int(0xF)));
- }
- aml_append(method, if_ctx);
- else_ctx = aml_else();
- {
- aml_append(else_ctx, aml_return(zero));
- }
- aml_append(method, else_ctx);
- aml_append(sb_scope, method);
-
- method = aml_method(CPU_EJECT_METHOD, 2, AML_NOTSERIALIZED);
- aml_append(method, aml_sleep(200));
- aml_append(sb_scope, method);
-
- method = aml_method(CPU_SCAN_METHOD, 0, AML_NOTSERIALIZED);
- {
- Aml *while_ctx, *if_ctx2, *else_ctx2;
- Aml *bus_check_evt = aml_int(1);
- Aml *remove_evt = aml_int(3);
- Aml *status_map = aml_local(5); /* Local5 = active cpu bitmap */
- Aml *byte = aml_local(2); /* Local2 = last read byte from bitmap */
- Aml *idx = aml_local(0); /* Processor ID / APIC ID iterator */
- Aml *is_cpu_on = aml_local(1); /* Local1 = CPON flag for cpu */
- Aml *status = aml_local(3); /* Local3 = active state for cpu */
-
- aml_append(method, aml_store(aml_name(CPU_STATUS_MAP), status_map));
- aml_append(method, aml_store(zero, byte));
- aml_append(method, aml_store(zero, idx));
-
- /* While (idx < SizeOf(CPON)) */
- while_ctx = aml_while(aml_lless(idx, aml_sizeof(cpus_map)));
- aml_append(while_ctx,
- aml_store(aml_derefof(aml_index(cpus_map, idx)), is_cpu_on));
-
- if_ctx = aml_if(aml_and(idx, aml_int(0x07), NULL));
- {
- /* Shift down previously read bitmap byte */
- aml_append(if_ctx, aml_shiftright(byte, one, byte));
- }
- aml_append(while_ctx, if_ctx);
-
- else_ctx = aml_else();
- {
- /* Read next byte from cpu bitmap */
- aml_append(else_ctx, aml_store(aml_derefof(aml_index(status_map,
- aml_shiftright(idx, aml_int(3), NULL))), byte));
- }
- aml_append(while_ctx, else_ctx);
-
- aml_append(while_ctx, aml_store(aml_and(byte, one, NULL), status));
- if_ctx = aml_if(aml_lnot(aml_equal(is_cpu_on, status)));
- {
- /* State change - update CPON with new state */
- aml_append(if_ctx, aml_store(status, aml_index(cpus_map, idx)));
- if_ctx2 = aml_if(aml_equal(status, one));
- {
- aml_append(if_ctx2,
- aml_call2(AML_NOTIFY_METHOD, idx, bus_check_evt));
- }
- aml_append(if_ctx, if_ctx2);
- else_ctx2 = aml_else();
- {
- aml_append(else_ctx2,
- aml_call2(AML_NOTIFY_METHOD, idx, remove_evt));
- }
- }
- aml_append(if_ctx, else_ctx2);
- aml_append(while_ctx, if_ctx);
-
- aml_append(while_ctx, aml_increment(idx)); /* go to next cpu */
- aml_append(method, while_ctx);
- }
- aml_append(sb_scope, method);
-
- /* The current AML generator can cover the APIC ID range [0..255],
- * inclusive, for VCPU hotplug. */
- QEMU_BUILD_BUG_ON(ACPI_CPU_HOTPLUG_ID_LIMIT > 256);
- if (x86ms->apic_id_limit > ACPI_CPU_HOTPLUG_ID_LIMIT) {
- error_report("max_cpus is too large. APIC ID of last CPU is %u",
- x86ms->apic_id_limit - 1);
- exit(1);
- }
-
- /* create PCI0.PRES device and its _CRS to reserve CPU hotplug MMIO */
- dev = aml_device("PCI0." stringify(CPU_HOTPLUG_RESOURCE_DEVICE));
- aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A06")));
- aml_append(dev,
- aml_name_decl("_UID", aml_string("CPU Hotplug resources"))
- );
- /* device present, functioning, decoding, not shown in UI */
- aml_append(dev, aml_name_decl("_STA", aml_int(0xB)));
- crs = aml_resource_template();
- aml_append(crs,
- aml_io(AML_DECODE16, io_base, io_base, 1, ACPI_GPE_PROC_LEN)
- );
- aml_append(dev, aml_name_decl("_CRS", crs));
- aml_append(sb_scope, dev);
- /* declare CPU hotplug MMIO region and PRS field to access it */
- aml_append(sb_scope, aml_operation_region(
- "PRST", AML_SYSTEM_IO, aml_int(io_base), ACPI_GPE_PROC_LEN));
- field = aml_field("PRST", AML_BYTE_ACC, AML_NOLOCK, AML_PRESERVE);
- aml_append(field, aml_named_field("PRS", 256));
- aml_append(sb_scope, field);
-
- /* build Processor object for each processor */
- for (i = 0; i < apic_ids->len; i++) {
- int cpu_apic_id = apic_ids->cpus[i].arch_id;
-
- assert(cpu_apic_id < ACPI_CPU_HOTPLUG_ID_LIMIT);
-
- dev = aml_processor(i, 0, 0, "CP%.02X", cpu_apic_id);
-
- method = aml_method("_MAT", 0, AML_NOTSERIALIZED);
- aml_append(method,
- aml_return(aml_call2(CPU_MAT_METHOD,
- aml_int(cpu_apic_id), aml_int(i))
- ));
- aml_append(dev, method);
-
- method = aml_method("_STA", 0, AML_NOTSERIALIZED);
- aml_append(method,
- aml_return(aml_call1(CPU_STATUS_METHOD, aml_int(cpu_apic_id))));
- aml_append(dev, method);
-
- method = aml_method("_EJ0", 1, AML_NOTSERIALIZED);
- aml_append(method,
- aml_return(aml_call2(CPU_EJECT_METHOD, aml_int(cpu_apic_id),
- aml_arg(0)))
- );
- aml_append(dev, method);
-
- aml_append(sb_scope, dev);
- }
-
- /* build this code:
- * Method(NTFY, 2) {If (LEqual(Arg0, 0x00)) {Notify(CP00, Arg1)} ...}
- */
- /* Arg0 = APIC ID */
- method = aml_method(AML_NOTIFY_METHOD, 2, AML_NOTSERIALIZED);
- for (i = 0; i < apic_ids->len; i++) {
- int cpu_apic_id = apic_ids->cpus[i].arch_id;
-
- if_ctx = aml_if(aml_equal(aml_arg(0), aml_int(cpu_apic_id)));
- aml_append(if_ctx,
- aml_notify(aml_name("CP%.02X", cpu_apic_id), aml_arg(1))
- );
- aml_append(method, if_ctx);
- }
- aml_append(sb_scope, method);
-
- /* build "Name(CPON, Package() { One, One, ..., Zero, Zero, ... })"
- *
- * Note: The ability to create variable-sized packages was first
- * introduced in ACPI 2.0. ACPI 1.0 only allowed fixed-size packages
- * ith up to 255 elements. Windows guests up to win2k8 fail when
- * VarPackageOp is used.
- */
- pkg = x86ms->apic_id_limit <= 255 ? aml_package(x86ms->apic_id_limit) :
- aml_varpackage(x86ms->apic_id_limit);
-
- for (i = 0, apic_idx = 0; i < apic_ids->len; i++) {
- int cpu_apic_id = apic_ids->cpus[i].arch_id;
-
- for (; apic_idx < cpu_apic_id; apic_idx++) {
- aml_append(pkg, aml_int(0));
- }
- aml_append(pkg, aml_int(apic_ids->cpus[i].cpu ? 1 : 0));
- apic_idx = cpu_apic_id + 1;
- }
- aml_append(sb_scope, aml_name_decl(CPU_ON_BITMAP, pkg));
- aml_append(ctx, sb_scope);
-
- method = aml_method("\\_GPE._E02", 0, AML_NOTSERIALIZED);
- aml_append(method, aml_call0("\\_SB." CPU_SCAN_METHOD));
- aml_append(ctx, method);
-}
diff --git a/hw/acpi/generic_event_device.c b/hw/acpi/generic_event_device.c
index 6741f46723c..30dab43a00c 100644
--- a/hw/acpi/generic_event_device.c
+++ b/hw/acpi/generic_event_device.c
@@ -13,6 +13,7 @@
#include "qapi/error.h"
#include "hw/acpi/acpi.h"
#include "hw/acpi/pcihp.h"
+#include "hw/acpi/cpu.h"
#include "hw/acpi/generic_event_device.h"
#include "hw/pci/pci.h"
#include "hw/core/irq.h"
diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index f254f387971..bbb1bd60a20 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -40,6 +40,7 @@
#include "hw/southbridge/ich9.h"
#include "hw/mem/pc-dimm.h"
#include "hw/mem/nvdimm.h"
+#include "hw/acpi/pc-hotplug.h"
static void ich9_pm_update_sci_fn(ACPIREGS *regs)
{
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 05f9d6372a9..138ac3d3940 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -33,7 +33,6 @@
#include "system/xen.h"
#include "qapi/error.h"
#include "qemu/range.h"
-#include "hw/acpi/cpu_hotplug.h"
#include "hw/acpi/cpu.h"
#include "hw/core/hotplug.h"
#include "hw/mem/pc-dimm.h"
@@ -43,6 +42,7 @@
#include "migration/vmstate.h"
#include "hw/core/cpu.h"
#include "qom/object.h"
+#include "hw/acpi/pc-hotplug.h"
#define GPE_BASE 0xafe0
#define GPE_LEN 4
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 22bd497c9be..f622b91b76a 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -35,6 +35,7 @@
#include "hw/acpi/acpi-defs.h"
#include "hw/acpi/acpi.h"
#include "hw/acpi/cpu.h"
+#include "hw/acpi/pc-hotplug.h"
#include "hw/nvram/fw_cfg.h"
#include "hw/acpi/bios-linker-loader.h"
#include "hw/acpi/acpi_aml_interface.h"
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 5cb074c0a08..716962f24fc 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -48,7 +48,8 @@
#include "hw/xen/xen.h"
#include "qobject/qlist.h"
#include "qemu/error-report.h"
-#include "hw/acpi/cpu_hotplug.h"
+#include "hw/acpi/acpi.h"
+#include "hw/acpi/pc-hotplug.h"
#include "acpi-build.h"
#include "hw/mem/nvdimm.h"
#include "hw/cxl/cxl_host.h"
diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
index c1c92240392..85b90ff4324 100644
--- a/hw/i386/x86-common.c
+++ b/hw/i386/x86-common.c
@@ -36,7 +36,6 @@
#include "hw/rtc/mc146818rtc.h"
#include "target/i386/sev.h"
-#include "hw/acpi/cpu_hotplug.h"
#include "hw/core/irq.h"
#include "hw/core/loader.h"
#include "multiboot.h"
diff --git a/hw/acpi/meson.build b/hw/acpi/meson.build
index 56b5d1ec969..66c978aae83 100644
--- a/hw/acpi/meson.build
+++ b/hw/acpi/meson.build
@@ -6,7 +6,7 @@ acpi_ss.add(files(
'core.c',
'utils.c',
))
-acpi_ss.add(when: 'CONFIG_ACPI_CPU_HOTPLUG', if_true: files('cpu.c', 'cpu_hotplug.c'))
+acpi_ss.add(when: 'CONFIG_ACPI_CPU_HOTPLUG', if_true: files('cpu.c'))
acpi_ss.add(when: 'CONFIG_ACPI_CPU_HOTPLUG', if_false: files('acpi-cpu-hotplug-stub.c'))
acpi_ss.add(when: 'CONFIG_ACPI_MEMORY_HOTPLUG', if_true: files('memory_hotplug.c'))
acpi_ss.add(when: 'CONFIG_ACPI_MEMORY_HOTPLUG', if_false: files('acpi-mem-hotplug-stub.c'))
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 07/41] docs/specs/acpi_cpu_hotplug: Remove legacy cpu hotplug descriptions
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (5 preceding siblings ...)
2026-02-12 14:42 ` [PULL 06/41] acpi: Remove legacy cpu hotplug utilities Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 08/41] tests/acpi: Update DSDT tables for pc & q35 machines Paolo Bonzini
` (34 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Zhao Liu, Igor Mammedov
From: Zhao Liu <zhao1.liu@intel.com>
Legacy cpu hotplug has been removed totally and machines start with
modern cpu hotplug interface directly.
Therefore, update the documentation to describe current QEMU cpu hotplug
logic.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-7-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
docs/specs/acpi_cpu_hotplug.rst | 28 +++-------------------------
1 file changed, 3 insertions(+), 25 deletions(-)
diff --git a/docs/specs/acpi_cpu_hotplug.rst b/docs/specs/acpi_cpu_hotplug.rst
index 351057c9676..f4967810004 100644
--- a/docs/specs/acpi_cpu_hotplug.rst
+++ b/docs/specs/acpi_cpu_hotplug.rst
@@ -8,22 +8,6 @@ ACPI BIOS GPE.2 handler is dedicated for notifying OS about CPU hot-add
and hot-remove events.
-Legacy ACPI CPU hotplug interface registers
--------------------------------------------
-
-CPU present bitmap for:
-
-- ICH9-LPC (IO port 0x0cd8-0xcf7, 1-byte access)
-- PIIX-PM (IO port 0xaf00-0xaf1f, 1-byte access)
-- One bit per CPU. Bit position reflects corresponding CPU APIC ID. Read-only.
-- The first DWORD in bitmap is used in write mode to switch from legacy
- to modern CPU hotplug interface, write 0 into it to do switch.
-
-QEMU sets corresponding CPU bit on hot-add event and issues SCI
-with GPE.2 event set. CPU present map is read by ACPI BIOS GPE.2 handler
-to notify OS about CPU hot-add events. CPU hot-remove isn't supported.
-
-
Modern ACPI CPU hotplug interface registers
-------------------------------------------
@@ -189,20 +173,14 @@ Typical usecases
(x86) Detecting and enabling modern CPU hotplug interface
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-QEMU starts with legacy CPU hotplug interface enabled. Detecting and
-switching to modern interface is based on the 2 legacy CPU hotplug features:
+QEMU starts with modern CPU hotplug interface enabled. Use following steps to
+detect modern CPU hotplug interface:
-#. Writes into CPU bitmap are ignored.
-#. CPU bitmap always has bit #0 set, corresponding to boot CPU.
-
-Use following steps to detect and enable modern CPU hotplug interface:
-
-#. Store 0x0 to the 'CPU selector' register, attempting to switch to modern mode
#. Store 0x0 to the 'CPU selector' register, to ensure valid selector value
#. Store 0x0 to the 'Command field' register
#. Read the 'Command data 2' register.
If read value is 0x0, the modern interface is enabled.
- Otherwise legacy or no CPU hotplug interface available
+ Otherwise no CPU hotplug interface available
Get a cpu with pending event
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 08/41] tests/acpi: Update DSDT tables for pc & q35 machines
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (6 preceding siblings ...)
2026-02-12 14:42 ` [PULL 07/41] docs/specs/acpi_cpu_hotplug: Remove legacy cpu hotplug descriptions Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 09/41] hw/nvram/fw_cfg: Rename fw_cfg_init_mem() with '_nodma' suffix Paolo Bonzini
` (33 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Zhao Liu, Igor Mammedov
From: Zhao Liu <zhao1.liu@intel.com>
Now the legacy cpu hotplug way has gone away, and there's no _INIT
method in DSDT table for modern cpu hotplug support.
Update DSDT tables for pc machine, and_INIT methods are removed from
DSDT tables:
- Method (_INI, 0, Serialized) // _INI: Initialize
- {
- CSEL = Zero
- }
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Link: https://lore.kernel.org/r/20260108033051.777361-8-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
tests/qtest/bios-tables-test-allowed-diff.h | 42 ------------------
tests/data/acpi/x86/pc/DSDT | Bin 8611 -> 8598 bytes
tests/data/acpi/x86/pc/DSDT.acpierst | Bin 8522 -> 8509 bytes
tests/data/acpi/x86/pc/DSDT.acpihmat | Bin 9936 -> 9923 bytes
tests/data/acpi/x86/pc/DSDT.bridge | Bin 15482 -> 15469 bytes
tests/data/acpi/x86/pc/DSDT.cphp | Bin 9075 -> 9062 bytes
tests/data/acpi/x86/pc/DSDT.dimmpxm | Bin 10265 -> 10252 bytes
tests/data/acpi/x86/pc/DSDT.hpbridge | Bin 8562 -> 8549 bytes
tests/data/acpi/x86/pc/DSDT.hpbrroot | Bin 5100 -> 5087 bytes
tests/data/acpi/x86/pc/DSDT.ipmikcs | Bin 8683 -> 8670 bytes
tests/data/acpi/x86/pc/DSDT.memhp | Bin 9970 -> 9957 bytes
tests/data/acpi/x86/pc/DSDT.nohpet | Bin 8469 -> 8456 bytes
tests/data/acpi/x86/pc/DSDT.numamem | Bin 8617 -> 8604 bytes
tests/data/acpi/x86/pc/DSDT.roothp | Bin 12404 -> 12391 bytes
tests/data/acpi/x86/q35/DSDT | Bin 8440 -> 8427 bytes
tests/data/acpi/x86/q35/DSDT.acpierst | Bin 8457 -> 8444 bytes
tests/data/acpi/x86/q35/DSDT.acpihmat | Bin 9765 -> 9752 bytes
.../data/acpi/x86/q35/DSDT.acpihmat-generic-x | Bin 12650 -> 12637 bytes
.../acpi/x86/q35/DSDT.acpihmat-noinitiator | Bin 8719 -> 8706 bytes
tests/data/acpi/x86/q35/DSDT.applesmc | Bin 8486 -> 8473 bytes
tests/data/acpi/x86/q35/DSDT.bridge | Bin 12053 -> 12040 bytes
tests/data/acpi/x86/q35/DSDT.core-count | Bin 12998 -> 12985 bytes
tests/data/acpi/x86/q35/DSDT.core-count2 | Bin 33855 -> 33842 bytes
tests/data/acpi/x86/q35/DSDT.cphp | Bin 8904 -> 8891 bytes
tests/data/acpi/x86/q35/DSDT.cxl | Bin 13231 -> 13218 bytes
tests/data/acpi/x86/q35/DSDT.dimmpxm | Bin 10094 -> 10081 bytes
tests/data/acpi/x86/q35/DSDT.ipmibt | Bin 8515 -> 8502 bytes
tests/data/acpi/x86/q35/DSDT.ipmismbus | Bin 8528 -> 8515 bytes
tests/data/acpi/x86/q35/DSDT.ivrs | Bin 8457 -> 8444 bytes
tests/data/acpi/x86/q35/DSDT.memhp | Bin 9799 -> 9786 bytes
tests/data/acpi/x86/q35/DSDT.mmio64 | Bin 9570 -> 9557 bytes
tests/data/acpi/x86/q35/DSDT.multi-bridge | Bin 13293 -> 13280 bytes
tests/data/acpi/x86/q35/DSDT.noacpihp | Bin 8302 -> 8289 bytes
tests/data/acpi/x86/q35/DSDT.nohpet | Bin 8298 -> 8285 bytes
tests/data/acpi/x86/q35/DSDT.numamem | Bin 8446 -> 8433 bytes
tests/data/acpi/x86/q35/DSDT.pvpanic-isa | Bin 8541 -> 8528 bytes
tests/data/acpi/x86/q35/DSDT.thread-count | Bin 12998 -> 12985 bytes
tests/data/acpi/x86/q35/DSDT.thread-count2 | Bin 33855 -> 33842 bytes
tests/data/acpi/x86/q35/DSDT.tis.tpm12 | Bin 9046 -> 9033 bytes
tests/data/acpi/x86/q35/DSDT.tis.tpm2 | Bin 9072 -> 9059 bytes
tests/data/acpi/x86/q35/DSDT.type4-count | Bin 18674 -> 18661 bytes
tests/data/acpi/x86/q35/DSDT.viot | Bin 14697 -> 14684 bytes
tests/data/acpi/x86/q35/DSDT.xapic | Bin 35803 -> 35790 bytes
43 files changed, 42 deletions(-)
diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
index eed8ded6933..dfb8523c8bf 100644
--- a/tests/qtest/bios-tables-test-allowed-diff.h
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
@@ -1,43 +1 @@
/* List of comma-separated changed AML files to ignore */
-"tests/data/acpi/x86/pc/DSDT",
-"tests/data/acpi/x86/pc/DSDT.bridge",
-"tests/data/acpi/x86/pc/DSDT.ipmikcs",
-"tests/data/acpi/x86/pc/DSDT.cphp",
-"tests/data/acpi/x86/pc/DSDT.numamem",
-"tests/data/acpi/x86/pc/DSDT.nohpet",
-"tests/data/acpi/x86/pc/DSDT.memhp",
-"tests/data/acpi/x86/pc/DSDT.dimmpxm",
-"tests/data/acpi/x86/pc/DSDT.acpihmat",
-"tests/data/acpi/x86/pc/DSDT.acpierst",
-"tests/data/acpi/x86/pc/DSDT.roothp",
-"tests/data/acpi/x86/pc/DSDT.hpbridge",
-"tests/data/acpi/x86/pc/DSDT.hpbrroot",
-"tests/data/acpi/x86/q35/DSDT",
-"tests/data/acpi/x86/q35/DSDT.tis.tpm2",
-"tests/data/acpi/x86/q35/DSDT.tis.tpm12",
-"tests/data/acpi/x86/q35/DSDT.bridge",
-"tests/data/acpi/x86/q35/DSDT.noacpihp",
-"tests/data/acpi/x86/q35/DSDT.multi-bridge",
-"tests/data/acpi/x86/q35/DSDT.ipmibt",
-"tests/data/acpi/x86/q35/DSDT.cphp",
-"tests/data/acpi/x86/q35/DSDT.numamem",
-"tests/data/acpi/x86/q35/DSDT.nohpet",
-"tests/data/acpi/x86/q35/DSDT.acpihmat-noinitiator",
-"tests/data/acpi/x86/q35/DSDT.acpihmat-generic-x",
-"tests/data/acpi/x86/q35/DSDT.memhp",
-"tests/data/acpi/x86/q35/DSDT.dimmpxm",
-"tests/data/acpi/x86/q35/DSDT.acpihmat",
-"tests/data/acpi/x86/q35/DSDT.mmio64",
-"tests/data/acpi/x86/q35/DSDT.acpierst",
-"tests/data/acpi/x86/q35/DSDT.applesmc",
-"tests/data/acpi/x86/q35/DSDT.pvpanic-isa",
-"tests/data/acpi/x86/q35/DSDT.ivrs",
-"tests/data/acpi/x86/q35/DSDT.type4-count",
-"tests/data/acpi/x86/q35/DSDT.core-count",
-"tests/data/acpi/x86/q35/DSDT.core-count2",
-"tests/data/acpi/x86/q35/DSDT.thread-count",
-"tests/data/acpi/x86/q35/DSDT.thread-count2",
-"tests/data/acpi/x86/q35/DSDT.viot",
-"tests/data/acpi/x86/q35/DSDT.cxl",
-"tests/data/acpi/x86/q35/DSDT.ipmismbus",
-"tests/data/acpi/x86/q35/DSDT.xapic",
diff --git a/tests/data/acpi/x86/pc/DSDT b/tests/data/acpi/x86/pc/DSDT
index 4beb5194b84a711fcb52e3e52cc2096497d18442..6ea2d36d138daffb59a8636759078500adc58f24 100644
GIT binary patch
delta 39
vcmZ4NJk6QQCD<ionj!-O<M)kRr+K(so#KO?;-j0qIVa!enYp=@S55=~{=N*|
delta 53
zcmbQ{yx5t`CD<iou_6Nl<A;r0r+K)Xoa2L?;-i~9xF+A{naL}{6YuHg$x*=I9PH||
Jxq??t1OUPD58VI&
diff --git a/tests/data/acpi/x86/pc/DSDT.acpierst b/tests/data/acpi/x86/pc/DSDT.acpierst
index abda6863b64c5dc8ba5aba1a286cbfa76772a1e4..d8c173aa613f51b1c76ea7b9dee19e899cba240d 100644
GIT binary patch
delta 39
vcmX@*wAYEtCD<jzR*`{$(S9S>X&x?Dr}$u}_~<5Y&dK+AW^QifJt_<U?(Yn~
delta 53
zcmdn%bjpd#CD<jzOOb(r(PAUlX&x>o=lEc!_~<4NuF3a#X7Y;g#C!UAauhH)2fO-g
JuHZc?3;?HG5552Z
diff --git a/tests/data/acpi/x86/pc/DSDT.acpihmat b/tests/data/acpi/x86/pc/DSDT.acpihmat
index d081db26d7ba504b3344fad130d5812419291ac0..ba363d6af76af728b7c88bbaf47f7e0ea3dcb41f 100644
GIT binary patch
delta 39
vcmccMd)SxDCD<k8uo?pc<CcwFr+K(sJmQ0$;-j0qIVa!enYp=@*IN<*4-pM<
delta 53
zcmX@?d%>5>CD<k8f*Jz@<Jyf}r+K&>J>!F&;-i~9xF+A{naL}{6YuHg$x*=I9PH||
Jxq{bQ5&+kc5ODwi
diff --git a/tests/data/acpi/x86/pc/DSDT.bridge b/tests/data/acpi/x86/pc/DSDT.bridge
index e16897dc5f0fbb3f7b4de8db913884046246cc3b..b68302363cb24181988d6e3dceb04a0946838d5e 100644
GIT binary patch
delta 39
vcmexW@wS4?CD<h-*M@<Ck#!^2X&x?Dr}$u}_~<5Y&dK+AW^Qif{i+855Lyl9
delta 53
zcmaD`@vDN%CD<jT%7%e~@!v+S(>z>G&hf!c@zG5lT$Atf%;Xi}iTCvL<S1Zp4tDj~
JT*3QQ4*>hl5#|5@
diff --git a/tests/data/acpi/x86/pc/DSDT.cphp b/tests/data/acpi/x86/pc/DSDT.cphp
index e95711cd9cde5d50b841b701ae0fed5a4b15e872..20688edf2da41146ece4faa4141517408a42870c 100644
GIT binary patch
delta 39
vcmezD_RNjTCD<h-O__m#F>52&X&x@u`1oL__~<5Y&dK+AW^QifeJ2V42kQ;C
delta 53
zcmaFn_SucgCD<jTSeb!=F?l1`X&x@8g!o{m_~<4NuF3a#X7Y;g#C!UAauhH)2fO-g
JuHbzq3INN05VimS
diff --git a/tests/data/acpi/x86/pc/DSDT.dimmpxm b/tests/data/acpi/x86/pc/DSDT.dimmpxm
index 90ba66b9164f9a958d5a3c4371b1eec03e922828..8d4be05d2c71ca8de6d732d3e48e0e323143160c 100644
GIT binary patch
delta 39
vcmbOk&=bJr66_Mfqrt$yD87;FJ`a~)aD1>+d~}mH=j6{kGdIuVZIA*0-<AwM
delta 53
zcmeAPm>Iz366_KpslmX&D6o<1J`b07NPMtUd~}ls*W}MUGkHaL;ywL5ISLq@gI#?#
J_wY7I0RWRv4?X|@
diff --git a/tests/data/acpi/x86/pc/DSDT.hpbridge b/tests/data/acpi/x86/pc/DSDT.hpbridge
index 0eafe5fbf3d73719c9c3e6e26371863bfb44ed2f..2b5b885b862a2fe8bc4a24446400dccf685dab85 100644
GIT binary patch
delta 39
vcmez5^wf#VCD<h-Rgr;#QF|lTX&x?Dr}$u}_~<5Y&dK+AW^QifeJczA{o4&n
delta 53
zcmaFr^vQ|KCD<jTNRfeoQDr07X&x>o=lEc!_~<4NuF3a#X7Y;g#C!UAauhH)2fO-g
JuHbzu3;?^p5J~_5
diff --git a/tests/data/acpi/x86/pc/DSDT.hpbrroot b/tests/data/acpi/x86/pc/DSDT.hpbrroot
index 077a4cc988dc417a1bc9317dddd2dbd96ff1ff50..cc6f26a3f8fe85f34a8acb5432bab3cf4d3ab1f6 100644
GIT binary patch
delta 39
vcmaE(eqWu-CD<k8zAys=W7bBl9BwXGr}$u}_~<5Y&dCkjGdHX89AgIn`U?zT
delta 53
zcmcbw{zje4CD<k8jW7cPWAa9>9BwWr=lEc!_~<4NuE`DDGkHaL;ywL5ISLq@gI#?#
JOY$6J2LQ7!4`2WQ
diff --git a/tests/data/acpi/x86/pc/DSDT.ipmikcs b/tests/data/acpi/x86/pc/DSDT.ipmikcs
index 8d465f027772f9c59b0c328c1a099e374a6d2a90..052a84e294eee4ecef9a36341493f841caf887a5 100644
GIT binary patch
delta 39
vcmaFue9xK7CD<k8o+1MSWAR3=(>z?RPVvD`@zG7*oRjbK%-r0{n<fGP5J?Sr
delta 53
zcmccT{MwnzCD<k8wITxpW6nmd(>z>G&hf!c@zG5lT$Atf%;Xi}iTCvL<S1Zp4tDj~
JT)~?r0sz<r5P1Lq
diff --git a/tests/data/acpi/x86/pc/DSDT.memhp b/tests/data/acpi/x86/pc/DSDT.memhp
index e3b49757cb7abd7536ee89a6824967d2cb2485cf..7efc12a46cb87c0684b7d880b2cc94d302744e03 100644
GIT binary patch
delta 39
vcmez5`_z}qCD<k8sTu<V<LQlDr+K)%o#KO?;-j0qIVa!enYp=@H&+q>AHfb0
delta 53
zcmaFr`^lHfCD<k8lNtj9<B^SAr+K(Moa2L?;-i~9xF+A{naL}{6YuHg$x*=I9PH||
Jxq>%W5&-Wd5fK0Y
diff --git a/tests/data/acpi/x86/pc/DSDT.nohpet b/tests/data/acpi/x86/pc/DSDT.nohpet
index 9e772c1316d0ea07c51717466c4c7e383553f345..7eedfcd64ebd0193744864b4f6cbead35c7c3ab2 100644
GIT binary patch
delta 39
vcmbR0)ZxVC66_Mfp~%3%cwi%!Ef1HgQ+%*fd~}mH=j1@1nVY}!$cX>|)oKe*
delta 53
zcmeBhn(D;m66_Kps>r~=xN{?yEf1HIb9}H<d~}ls*W^H+nY<!A@t%I390d%{!LB}=
JU-8I^004Ze4o?68
diff --git a/tests/data/acpi/x86/pc/DSDT.numamem b/tests/data/acpi/x86/pc/DSDT.numamem
index 9bfbfc28213713c208dfc38a85abb46fb190871d..910b4952a0757025cfed1c60416d16054e70846f 100644
GIT binary patch
delta 39
vcmZ4KJja>KCD<iojv@mCWAjF?(>z?>PVvD`@zG7*oRjbK%-r0{t0Dpb_GAo)
delta 53
zcmbQ^ywaJ=CD<ior6L0ZW6egc(>z=r&hf!c@zG5lT$Atf%;Xi}iTCvL<S1Zp4tDj~
JT*0d%0syp+4~GB%
diff --git a/tests/data/acpi/x86/pc/DSDT.roothp b/tests/data/acpi/x86/pc/DSDT.roothp
index efbee6d8aa5c62ff4fcb83e6c5cff59542977850..45d3dbe1b69143a956b4f829913ca47f07134741 100644
GIT binary patch
delta 39
vcmey8@H~ObCD<h--GG6Cv3VocX&x?Dr}$u}_~<5Y&dK+AW^QifeXj%n5y%b%
delta 53
zcmaE!@FjuECD<jT#DIZ;v1TLJX&x>o=lEc!_~<4NuF3a#X7Y;g#C!UAauhH)2fO-g
JuHb#I1OV9F5d;7L
diff --git a/tests/data/acpi/x86/q35/DSDT b/tests/data/acpi/x86/q35/DSDT
index e5e8d1e041e20e1b3ee56a5c93fe3d6ebd721ee6..377e880175f6f11101548c0c64da61b5aee00bd9 100644
GIT binary patch
delta 39
vcmez2_}Y=nCD<k8wE_bJ<I#;=l9F7mPVvD`@zG7*oRf7WXKubMsmcxj3Rw)V
delta 53
zcmaFu_`{LQCD<k8hXMlw<Gzhtl9F6b&hf!c@zG5lT$6PrXYz{h#C!UAauhH)2fO-g
JJ|?Nk4gkhs53c|K
diff --git a/tests/data/acpi/x86/q35/DSDT.acpierst b/tests/data/acpi/x86/q35/DSDT.acpierst
index 072a3fe2cd17dfe06658dfd82588f69787810114..026bfdfebf66c1803f158ac8c115eb5f49b5cb19 100644
GIT binary patch
delta 39
vcmeBl`s2vu66_N4M}dKXF?A!Cq$HQCQ+%*fd~}mH=VV>UnVT<5ny~`_^t=od
delta 53
zcmez4*y+UO66_MfsmQ><7`u^6Qj*KbIX>7aKDx<+YqGB7OkNS5cuzl1jsgbfU{{~b
I$0W_z0eo!^6aWAK
diff --git a/tests/data/acpi/x86/q35/DSDT.acpihmat b/tests/data/acpi/x86/q35/DSDT.acpihmat
index 2a4f2fc1d5c5649673353186e67ff5b5e59e8d53..f1b8483d8da21dd57f3e5e7a1e4eb787df2c38ac 100644
GIT binary patch
delta 39
vcmZ4LGsB0=CD<iILXClev2i1pq$HP%M|`kTd~}mH=VV>UnVT<52Jrv@*4zt4
delta 53
zcmbQ?v($&nCD<iIRgHmxv1%iiq$HQ4XMC_zd~}ls*JNGEnY<!A@t%I390d%{!LB}=
Jk4Xmc004Yz4n+U}
diff --git a/tests/data/acpi/x86/q35/DSDT.acpihmat-generic-x b/tests/data/acpi/x86/q35/DSDT.acpihmat-generic-x
index 7911c058bba5005d318b8db8d6da5c1ee381b0f1..a7731403f460a235bf705770a1547dafeee069ab 100644
GIT binary patch
delta 39
vcmaErbT^61CD<h-){udL(R3r1q$HP<Uwp7rd~}mH=VV>UnVT<5P8SCN^mq(Y
delta 53
zcmcbc^eTzVCD<h-%aDPAQGO$rq$HQWUwp7rd~}ls*JNGEnY<!A@t%I390d%{!LB}=
Jk4a7!2LPlJ4^sdD
diff --git a/tests/data/acpi/x86/q35/DSDT.acpihmat-noinitiator b/tests/data/acpi/x86/q35/DSDT.acpihmat-noinitiator
index 580b4a456a20fc0cc0a832eaf74193b46d8ae8b1..cb4995de7e33cd9f2d134ec96651d217873d6944 100644
GIT binary patch
delta 39
ucmeBoX>#Fm33dr#Qet3WwBE=iDaqv%93SiyAKm25Iayb7=H|<iHXH!OR0^U1
delta 53
zcmZp2>389B33dtLS7KmbG}*`{Daqv-5+CdoAKm1^HCb13Ca(xjyr-WhM*)L#u&dAJ
IW0E!;0Apnhq5uE@
diff --git a/tests/data/acpi/x86/q35/DSDT.applesmc b/tests/data/acpi/x86/q35/DSDT.applesmc
index 5e8220e38d6f88b103f6eb3eb7c78dfa466882dc..92c8fdb6cbb8ae8bdf5ede9679eea92486eaf372 100644
GIT binary patch
delta 39
vcmZ4HG}DR8CD<iIQjvjyamz+7Nl7kOr}$u}_~<5Y&dIuxGdEwB3}y!a*l-J3
delta 53
zcmbQ~w9JXiCD<iIO_70taqUJfNl7jz=lEc!_~<4NuF1NRGkHaL;ywL5ISLq@gI#?#
JACnAb2LOLh4p{&I
diff --git a/tests/data/acpi/x86/q35/DSDT.bridge b/tests/data/acpi/x86/q35/DSDT.bridge
index ee039453af1071e00a81ee7b37cf8f417f524257..957b3ad90c787616eac212865bce0a19a5ac1e6e 100644
GIT binary patch
delta 39
vcmbOl*Ad6%66_Mfq0hj;_+TTKq$HQCQ+%*fd~}mH=VV>UnVT<5I*9@R-%JaY
delta 53
zcmeB(n;OUE66_Kps?Wf{cyl9{q$HP<b9}H<d~}ls*JNGEnY<!A@t%I390d%{!LB}=
Jk4ZX-0sx7f4wV1^
diff --git a/tests/data/acpi/x86/q35/DSDT.core-count b/tests/data/acpi/x86/q35/DSDT.core-count
index 7ebfceeb66460d0ad98471924ce224b7153e87ef..50ca91b065d9a2ba95f97d01856865f0e7c615f6 100644
GIT binary patch
delta 40
wcmX?>x-*r_CD<iorx61KqwPj6NlEVJc*gi(r}*e5Z_dejk~247k^Ce900Y(yC;$Ke
delta 54
zcmdm)dMuU8CD<k8m=Oa5quE9-NlEU81jhJar}*e553b32k~4Wlc;Y?%JUI#&oP%9`
KHXoP#Bmn@rP7o*n
diff --git a/tests/data/acpi/x86/q35/DSDT.core-count2 b/tests/data/acpi/x86/q35/DSDT.core-count2
index d0394558a1faa0b4ba43abab66d474d96b477ff3..f460be2bf74ae512db8f24418b42e8cf2a56202d 100644
GIT binary patch
delta 42
ycmdnr!L+G^iOVI}CB&$Ofq}7aBbTHkcTX8xe6Uk|bdxvdWIf55o3BV_X8`~d01a>e
delta 56
zcmdng!L+}FiOVI}CB(jkfq}7oBbTHkcV{_Ue6Uk|bdv|yWIf55ydpgDo_?Mj1q{x?
Mu0ETOOJ-*Q0MS7ZZ~y=R
diff --git a/tests/data/acpi/x86/q35/DSDT.cphp b/tests/data/acpi/x86/q35/DSDT.cphp
index a055c2e7d3c4f5a00a03be20fd73227e322283a4..7c87d41d03fcfd2b5b82f2581f16de6bc0bb10bf 100644
GIT binary patch
delta 39
vcmX@%y4#h@CD<iow-N&bqs2xpNl7l(`1oL__~<5Y&dIuxGdEwB{K^3U?XnDt
delta 53
zcmdn(dcu{<CD<k8gc1V-qv1v_Nl7lJg!o{m_~<4NuF1NRGkHaL;ywL5ISLq@gI#?#
JACvsb0RWs;4~hT)
diff --git a/tests/data/acpi/x86/q35/DSDT.cxl b/tests/data/acpi/x86/q35/DSDT.cxl
index 20843549f54af1cb0e6017c4cfff7463318d9eb7..da86b25f51b550ab20771111cb0a2bc49e713186 100644
GIT binary patch
delta 39
vcmZ3Vz9^l`CD<iokud`U<Ijy;l9F7mPVvD`@zG7*oRf7WXKubMc}Efe|Hln5
delta 53
zcmZ3KzCNAHCD<ioy)gp=<EM>Wl9F6b&hf!c@zG5lT$6PrXYz{h#C!UAauhH)2fO-g
JJ|=lb5&*aE5HJ7$
diff --git a/tests/data/acpi/x86/q35/DSDT.dimmpxm b/tests/data/acpi/x86/q35/DSDT.dimmpxm
index 664e926e90765550136242f7e3e0bdc7719c1853..a2d812e5a23a3ce7739789246b342e703f8c96c0 100644
GIT binary patch
delta 39
vcmaFo_t1~aCD<h-QJsN-@##h`T}dv#;P_yt_~<5Y&dH9FGdDk%Z07|41ThT|
delta 53
zcmaFp_s);YCD<h-Po05*@!m!*T}dwQkoaJy_~<4NuE~y)GkHaL;ywL5ISLq@gI#?#
J-;!+S1pvOk5D)+W
diff --git a/tests/data/acpi/x86/q35/DSDT.ipmibt b/tests/data/acpi/x86/q35/DSDT.ipmibt
index 4066a76d26aa380dfbecc58aa3f83ab5db2baadb..43ac1bd693d1b3f67d2a9e89ccaf8a56656df22d 100644
GIT binary patch
delta 39
vcmX@?w9SdjCD<jzOp$?s@yA9kNl7kOr}$u}_~<5Y&dIuxGdEwBEMNx!>rf04
delta 53
zcmdnybl8c@CD<jzS&@N(@#97=Nl7jz=lEc!_~<4NuF1NRGkHaL;ywL5ISLq@gI#?#
JACoL#2LPI>4-o(W
diff --git a/tests/data/acpi/x86/q35/DSDT.ipmismbus b/tests/data/acpi/x86/q35/DSDT.ipmismbus
index 6d0b6b95c2a9fd01befc37b26650781ee1562e2a..1b998820d46e522b3129e42a867ed691c1f83e8f 100644
GIT binary patch
delta 39
vcmccMbl8c@CD<jzS&@N(F>@oAq$HQCQ+%*fd~}mH=VV>UnVT<5*0KWt;?)bb
delta 53
zcmX@?bis+sCD<h-K#_rgF=->0q$HP<b9}H<d~}ls*JNGEnY<!A@t%I390d%{!LB}=
Jk4e_D0|1PE4z>UQ
diff --git a/tests/data/acpi/x86/q35/DSDT.ivrs b/tests/data/acpi/x86/q35/DSDT.ivrs
index 072a3fe2cd17dfe06658dfd82588f69787810114..026bfdfebf66c1803f158ac8c115eb5f49b5cb19 100644
GIT binary patch
delta 39
vcmeBl`s2vu66_N4M}dKXF?A!Cq$HQCQ+%*fd~}mH=VV>UnVT<5ny~`_^t=od
delta 53
zcmez4*y+UO66_MfsmQ><7`u^6Qj*KbIX>7aKDx<+YqGB7OkNS5cuzl1jsgbfU{{~b
I$0W_z0eo!^6aWAK
diff --git a/tests/data/acpi/x86/q35/DSDT.memhp b/tests/data/acpi/x86/q35/DSDT.memhp
index 4f2f9bcfceff076490cc49b8286380295a340004..7346125d23fb3174c0ce678a2cdf2fdc77c4a9fa 100644
GIT binary patch
delta 39
vcmX@^v&)CeCD<jzN{xYmamGe2Nl7kmr}$u}_~<5Y&dIuxGdEwBEa3qF=Zp*G
delta 53
zcmdnxbKHl^CD<jzU5$Z(apFcUNl7jb=lEc!_~<4NuF1NRGkHaL;ywL5ISLq@gI#?#
JACoNM0RWT#4&?v<
diff --git a/tests/data/acpi/x86/q35/DSDT.mmio64 b/tests/data/acpi/x86/q35/DSDT.mmio64
index 0fb6aab16f1bd79f3c0790cc9f644f7e52ac37b1..15a291dbfb62e6ceb0249e02eb25b319744e351f 100644
GIT binary patch
delta 39
vcmaFlb=8Z@CD<h-RF#2&F>)i9q$HQOQ+%*fd~}mH=VV>UnVT<5_HzRO>=z6S
delta 53
zcmccW^~j6MCD<h-NtJ<tF=!)~q$HPzb9}H<d~}ls*JNGEnY<!A@t%I390d%{!LB}=
Jk4g4(0|1#o4-5bR
diff --git a/tests/data/acpi/x86/q35/DSDT.multi-bridge b/tests/data/acpi/x86/q35/DSDT.multi-bridge
index f6afa6d96d2525d512cc46f17439f7a49962b730..889a9040d950dd08980408d57f1037a5fc20c961 100644
GIT binary patch
delta 39
vcmaEx{ve&pCD<k8fiVLE<E@Qcl9F7mPVvD`@zG7*oRf7WXKubMDJ2B}6!;Aa
delta 53
zcmaEm{x+S<CD<k8tuX@w<K>N9l9F6b&hf!c@zG5lT$6PrXYz{h#C!UAauhH)2fO-g
JJ|-z81pw8G5DEYQ
diff --git a/tests/data/acpi/x86/q35/DSDT.noacpihp b/tests/data/acpi/x86/q35/DSDT.noacpihp
index 9f7261d1b06bbf5d8a3e5a7a46b247a2a21eb544..780616774f97a2d7305faf9e9a9d12afeb0e2fa2 100644
GIT binary patch
delta 39
vcmaFo@X&$FCD<h-QGtPhars8BUE*A>PVvD`@zG7*oRiOq&)i%h@rxY*2F?wn
delta 53
zcmaFp@XmqDCD<h-Pl17faluBeUE*9$&hf!c@zG5lT$9g<&*T;1iTCvL<S1Zp4tDj~
JoG$T;9RSJJ5TpPA
diff --git a/tests/data/acpi/x86/q35/DSDT.nohpet b/tests/data/acpi/x86/q35/DSDT.nohpet
index 99ad629c9171ff6ab346d6b4c519e77ca23e5b1c..0f862ab2938e0e11aa8335630fad389095b37edd 100644
GIT binary patch
delta 39
vcmaFmaMyv$CD<h-R)K+mv2P<+w*;4~Q+%*fd~}mH=j8bkGdH_Rs<HzB`rQm5
delta 53
zcmccX@XCS9CD<h-OM!ubv3(;~w*;4yb9}H<d~}ls*W~#UGkHaL;ywL5ISLq@gI#?#
JTS%(10|2(>4<G;l
diff --git a/tests/data/acpi/x86/q35/DSDT.numamem b/tests/data/acpi/x86/q35/DSDT.numamem
index fd1d8a79d3d9b071c8796e5e99b76698a9a8d29c..df8edc05b69ecd1331973b16e534b44616b50f58 100644
GIT binary patch
delta 39
vcmez8_|cKeCD<k8qXGj1W8g+ENl7kmr}$u}_~<5Y&dIuxGdEwB)Mf_&0sjnH
delta 53
zcmez9_|K8cCD<k8p8^8|qt`|*Nl7jb=lEc!_~<4NuF1NRGkHaL;ywL5ISLq@gI#?#
JACuH(2LQPL4_N>J
diff --git a/tests/data/acpi/x86/q35/DSDT.pvpanic-isa b/tests/data/acpi/x86/q35/DSDT.pvpanic-isa
index 89032fa0290f496be0c06c6382586541aa1118a8..da3ce12787c28e555b6ba5eacb26275bdd4587f1 100644
GIT binary patch
delta 39
vcmccXbis+sCD<h-K#_rgv3w(!q$HQCQ+%*fd~}mH=VV>UnVT<5cCiBh>8}g;
delta 53
zcmccMbk~W?CD<h-R*`{$v0x*Yq$HP<b9}H<d~}ls*JNGEnY<!A@t%I390d%{!LB}=
Jk4bj10|1sj4)_27
diff --git a/tests/data/acpi/x86/q35/DSDT.thread-count b/tests/data/acpi/x86/q35/DSDT.thread-count
index 7ebfceeb66460d0ad98471924ce224b7153e87ef..50ca91b065d9a2ba95f97d01856865f0e7c615f6 100644
GIT binary patch
delta 40
wcmX?>x-*r_CD<iorx61KqwPj6NlEVJc*gi(r}*e5Z_dejk~247k^Ce900Y(yC;$Ke
delta 54
zcmdm)dMuU8CD<k8m=Oa5quE9-NlEU81jhJar}*e553b32k~4Wlc;Y?%JUI#&oP%9`
KHXoP#Bmn@rP7o*n
diff --git a/tests/data/acpi/x86/q35/DSDT.thread-count2 b/tests/data/acpi/x86/q35/DSDT.thread-count2
index d0394558a1faa0b4ba43abab66d474d96b477ff3..f460be2bf74ae512db8f24418b42e8cf2a56202d 100644
GIT binary patch
delta 42
ycmdnr!L+G^iOVI}CB&$Ofq}7aBbTHkcTX8xe6Uk|bdxvdWIf55o3BV_X8`~d01a>e
delta 56
zcmdng!L+}FiOVI}CB(jkfq}7oBbTHkcV{_Ue6Uk|bdv|yWIf55ydpgDo_?Mj1q{x?
Mu0ETOOJ-*Q0MS7ZZ~y=R
diff --git a/tests/data/acpi/x86/q35/DSDT.tis.tpm12 b/tests/data/acpi/x86/q35/DSDT.tis.tpm12
index f2ed40ca70cb13e733e39f4bad756be8688e01fe..67ebd7c158759221b801ecb67d8562d92fa219d5 100644
GIT binary patch
delta 39
vcmccScG8W@CD<jzQ<;H*@#{t|Nl7kOr}$u}_~<5Y&dIuxGdEwBY~}<2^lc1g
delta 53
zcmX@<cFm2;CD<h-Oqqd!@!du)Nl7jz=lEc!_~<4NuF1NRGkHaL;ywL5ISLq@gI#?#
JACqk61OTT-4`u)W
diff --git a/tests/data/acpi/x86/q35/DSDT.tis.tpm2 b/tests/data/acpi/x86/q35/DSDT.tis.tpm2
index 5c975d2162d0bfee5a3a089e79b5ba038f82b7ef..c6b58472157d575e2625557d1346586be06b927c 100644
GIT binary patch
delta 39
vcmez1_SlWfCD<h-S($->as5UvNl7kOr}$u}_~<5Y&dIuxGdEwBoXZIS_>T;T
delta 53
zcmaFt_Q8$ICD<jTK$(Goam7Y1Nl7jz=lEc!_~<4NuF1NRGkHaL;ywL5ISLq@gI#?#
JACsKR2>`3u4~PH&
diff --git a/tests/data/acpi/x86/q35/DSDT.type4-count b/tests/data/acpi/x86/q35/DSDT.type4-count
index 3194a82b8b4f66aff1ecf7d2d60b4890181fc600..17a64adb2055ad3168754ca121bf29851d2ee496 100644
GIT binary patch
delta 42
ycmew~k@4w7MlP3Nmyo9(3=E7>8@VJUx%&??#RogZM>lzMPS%s0x%rBuoIU_FstxM^
delta 56
zcmaDlk@3?+MlP3Nmyk~$3=E9H8@VJUxqA*V#RogZM>lzJP1ci~$t%JW@9F2sQNZ9F
M?CP`mxTKsu001Nq>i_@%
diff --git a/tests/data/acpi/x86/q35/DSDT.viot b/tests/data/acpi/x86/q35/DSDT.viot
index 129d43e1e561be3fd7cd71406829ab81d0a8aba0..6eb30e8f4b2c54e4789c649475adff356c8c58a4 100644
GIT binary patch
delta 39
vcmaD^bf<{RCD<h-#*%@7ar#CsNl7kOr}$u}_~<5Y&dIuxGdEwBoF)$d0-g-m
delta 53
zcmcap^s<P{CD<h-(~^OKal%F}Nl7jz=lEc!_~<4NuF1NRGkHaL;ywL5ISLq@gI#?#
JACsIW4*<Dl57+<z
diff --git a/tests/data/acpi/x86/q35/DSDT.xapic b/tests/data/acpi/x86/q35/DSDT.xapic
index b37ab591110d1c8201575ad6bba83449d7b90b21..111bb041dc0d114351add07c040dde61643d157a 100644
GIT binary patch
delta 42
ycmcaTo$1_kCN7s?mymPa3=E828@VJUxjR0v#RogZM>lzMPS%s0x%rADdl3LU$qs)2
delta 56
zcmX>%o$2;;CN7s?myp}t3=E9T8@VJUxm!Q7#RogZM>lzJP1ci~$t%JW@9F2sQNZ9F
M?CP`mxFmZK01fjIe*gdg
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 09/41] hw/nvram/fw_cfg: Rename fw_cfg_init_mem() with '_nodma' suffix
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (7 preceding siblings ...)
2026-02-12 14:42 ` [PULL 08/41] tests/acpi: Update DSDT tables for pc & q35 machines Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 10/41] hw/mips/loongson3_virt: Prefer using fw_cfg_init_mem_nodma() Paolo Bonzini
` (32 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Zhao Liu, Igor Mammedov, Xiaoyao Li
From: Philippe Mathieu-Daudé <philmd@linaro.org>
Rename fw_cfg_init_mem() as fw_cfg_init_mem_nodma()
to distinct with the DMA version (currently named
fw_cfg_init_mem_wide).
Suggested-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-9-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/nvram/fw_cfg.h | 3 ++-
hw/hppa/machine.c | 2 +-
hw/nvram/fw_cfg.c | 7 +++----
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
index a29a5d55eab..510b227b7ef 100644
--- a/include/hw/nvram/fw_cfg.h
+++ b/include/hw/nvram/fw_cfg.h
@@ -307,7 +307,8 @@ bool fw_cfg_add_file_from_generator(FWCfgState *s,
FWCfgState *fw_cfg_init_io_dma(uint32_t iobase, uint32_t dma_iobase,
AddressSpace *dma_as);
-FWCfgState *fw_cfg_init_mem(hwaddr ctl_addr, hwaddr data_addr);
+FWCfgState *fw_cfg_init_mem_nodma(hwaddr ctl_addr, hwaddr data_addr,
+ unsigned data_width);
FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
hwaddr data_addr, uint32_t data_width,
hwaddr dma_addr, AddressSpace *dma_as);
diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c
index 960aefc9e26..c3680667aee 100644
--- a/hw/hppa/machine.c
+++ b/hw/hppa/machine.c
@@ -208,7 +208,7 @@ static FWCfgState *create_fw_cfg(MachineState *ms, PCIBus *pci_bus,
int btlb_entries = HPPA_BTLB_ENTRIES(&cpu[0]->env);
int len;
- fw_cfg = fw_cfg_init_mem(addr, addr + 4);
+ fw_cfg = fw_cfg_init_mem_nodma(addr, addr + 4, 1);
fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, ms->smp.cpus);
fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, HPPA_MAX_CPUS);
fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, ms->ram_size);
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 69e97361453..7751de3d977 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -1088,11 +1088,10 @@ FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
return s;
}
-FWCfgState *fw_cfg_init_mem(hwaddr ctl_addr, hwaddr data_addr)
+FWCfgState *fw_cfg_init_mem_nodma(hwaddr ctl_addr, hwaddr data_addr,
+ unsigned data_width)
{
- return fw_cfg_init_mem_wide(ctl_addr, data_addr,
- fw_cfg_data_mem_ops.valid.max_access_size,
- 0, NULL);
+ return fw_cfg_init_mem_wide(ctl_addr, data_addr, data_width, 0, NULL);
}
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 10/41] hw/mips/loongson3_virt: Prefer using fw_cfg_init_mem_nodma()
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (8 preceding siblings ...)
2026-02-12 14:42 ` [PULL 09/41] hw/nvram/fw_cfg: Rename fw_cfg_init_mem() with '_nodma' suffix Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 11/41] hw/nvram/fw_cfg: Factor fw_cfg_init_mem_internal() out Paolo Bonzini
` (31 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Xiaoyao Li, Igor Mammedov, Zhao Liu
From: Philippe Mathieu-Daudé <philmd@linaro.org>
fw_cfg_init_mem_wide() is prefered to initialize fw_cfg
with DMA support. Without DMA, use fw_cfg_init_mem_nodma().
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-10-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/mips/loongson3_virt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/mips/loongson3_virt.c b/hw/mips/loongson3_virt.c
index fe51fb66f6f..cd94e9f5f77 100644
--- a/hw/mips/loongson3_virt.c
+++ b/hw/mips/loongson3_virt.c
@@ -287,7 +287,7 @@ static void fw_conf_init(void)
FWCfgState *fw_cfg;
hwaddr cfg_addr = virt_memmap[VIRT_FW_CFG].base;
- fw_cfg = fw_cfg_init_mem_wide(cfg_addr, cfg_addr + 8, 8, 0, NULL);
+ fw_cfg = fw_cfg_init_mem_nodma(cfg_addr, cfg_addr + 8, 8);
fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, (uint16_t)current_machine->smp.cpus);
fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)current_machine->smp.max_cpus);
fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, loaderparams.ram_size);
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 11/41] hw/nvram/fw_cfg: Factor fw_cfg_init_mem_internal() out
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (9 preceding siblings ...)
2026-02-12 14:42 ` [PULL 10/41] hw/mips/loongson3_virt: Prefer using fw_cfg_init_mem_nodma() Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 12/41] hw/nvram/fw_cfg: Rename fw_cfg_init_mem_wide() -> fw_cfg_init_mem_dma() Paolo Bonzini
` (30 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Igor Mammedov, Zhao Liu, Xiaoyao Li
From: Philippe Mathieu-Daudé <philmd@linaro.org>
Factor fw_cfg_init_mem_internal() out of fw_cfg_init_mem_wide().
In fw_cfg_init_mem_wide(), assert DMA arguments are provided.
Callers without DMA have to use the fw_cfg_init_mem() helper.
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-11-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/nvram/fw_cfg.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 7751de3d977..8a21cdae4fc 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -1054,9 +1054,9 @@ FWCfgState *fw_cfg_init_io_dma(uint32_t iobase, uint32_t dma_iobase,
return s;
}
-FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
- hwaddr data_addr, uint32_t data_width,
- hwaddr dma_addr, AddressSpace *dma_as)
+static FWCfgState *fw_cfg_init_mem_internal(hwaddr ctl_addr,
+ hwaddr data_addr, uint32_t data_width,
+ hwaddr dma_addr, AddressSpace *dma_as)
{
DeviceState *dev;
SysBusDevice *sbd;
@@ -1088,10 +1088,19 @@ FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
return s;
}
+FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
+ hwaddr data_addr, uint32_t data_width,
+ hwaddr dma_addr, AddressSpace *dma_as)
+{
+ assert(dma_addr && dma_as);
+ return fw_cfg_init_mem_internal(ctl_addr, data_addr, data_width,
+ dma_addr, dma_as);
+}
+
FWCfgState *fw_cfg_init_mem_nodma(hwaddr ctl_addr, hwaddr data_addr,
unsigned data_width)
{
- return fw_cfg_init_mem_wide(ctl_addr, data_addr, data_width, 0, NULL);
+ return fw_cfg_init_mem_internal(ctl_addr, data_addr, data_width, 0, NULL);
}
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 12/41] hw/nvram/fw_cfg: Rename fw_cfg_init_mem_wide() -> fw_cfg_init_mem_dma()
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (10 preceding siblings ...)
2026-02-12 14:42 ` [PULL 11/41] hw/nvram/fw_cfg: Factor fw_cfg_init_mem_internal() out Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 13/41] hw/i386/x86: Remove X86MachineClass::fwcfg_dma_enabled field Paolo Bonzini
` (29 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Zhao Liu, Xiaoyao Li, Igor Mammedov
From: Philippe Mathieu-Daudé <philmd@linaro.org>
"wide" in fw_cfg_init_mem_wide() means "DMA support".
Rename for clarity.
Suggested-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-12-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/nvram/fw_cfg.h | 6 +++---
hw/arm/virt.c | 2 +-
hw/loongarch/fw_cfg.c | 4 ++--
hw/nvram/fw_cfg.c | 6 +++---
hw/riscv/virt.c | 4 ++--
5 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
index 510b227b7ef..56f17a0bdcf 100644
--- a/include/hw/nvram/fw_cfg.h
+++ b/include/hw/nvram/fw_cfg.h
@@ -309,9 +309,9 @@ FWCfgState *fw_cfg_init_io_dma(uint32_t iobase, uint32_t dma_iobase,
AddressSpace *dma_as);
FWCfgState *fw_cfg_init_mem_nodma(hwaddr ctl_addr, hwaddr data_addr,
unsigned data_width);
-FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
- hwaddr data_addr, uint32_t data_width,
- hwaddr dma_addr, AddressSpace *dma_as);
+FWCfgState *fw_cfg_init_mem_dma(hwaddr ctl_addr,
+ hwaddr data_addr, uint32_t data_width,
+ hwaddr dma_addr, AddressSpace *dma_as);
FWCfgState *fw_cfg_find(void);
bool fw_cfg_dma_enabled(void *opaque);
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 390845c503b..13d2057fb30 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -1412,7 +1412,7 @@ static FWCfgState *create_fw_cfg(const VirtMachineState *vms, AddressSpace *as)
FWCfgState *fw_cfg;
char *nodename;
- fw_cfg = fw_cfg_init_mem_wide(base + 8, base, 8, base + 16, as);
+ fw_cfg = fw_cfg_init_mem_dma(base + 8, base, 8, base + 16, as);
fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, (uint16_t)ms->smp.cpus);
nodename = g_strdup_printf("/fw-cfg@%" PRIx64, base);
diff --git a/hw/loongarch/fw_cfg.c b/hw/loongarch/fw_cfg.c
index 493563669e5..d2a79efbf76 100644
--- a/hw/loongarch/fw_cfg.c
+++ b/hw/loongarch/fw_cfg.c
@@ -23,8 +23,8 @@ FWCfgState *virt_fw_cfg_init(ram_addr_t ram_size, MachineState *ms)
int max_cpus = ms->smp.max_cpus;
int smp_cpus = ms->smp.cpus;
- fw_cfg = fw_cfg_init_mem_wide(VIRT_FWCFG_BASE + 8, VIRT_FWCFG_BASE, 8,
- VIRT_FWCFG_BASE + 16, &address_space_memory);
+ fw_cfg = fw_cfg_init_mem_dma(VIRT_FWCFG_BASE + 8, VIRT_FWCFG_BASE, 8,
+ VIRT_FWCFG_BASE + 16, &address_space_memory);
fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, (uint16_t)smp_cpus);
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 8a21cdae4fc..1d7d8354213 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -1088,9 +1088,9 @@ static FWCfgState *fw_cfg_init_mem_internal(hwaddr ctl_addr,
return s;
}
-FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
- hwaddr data_addr, uint32_t data_width,
- hwaddr dma_addr, AddressSpace *dma_as)
+FWCfgState *fw_cfg_init_mem_dma(hwaddr ctl_addr,
+ hwaddr data_addr, uint32_t data_width,
+ hwaddr dma_addr, AddressSpace *dma_as)
{
assert(dma_addr && dma_as);
return fw_cfg_init_mem_internal(ctl_addr, data_addr, data_width,
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index bd8608ea5bf..07e66b39364 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -1274,8 +1274,8 @@ static FWCfgState *create_fw_cfg(const MachineState *ms, hwaddr base)
{
FWCfgState *fw_cfg;
- fw_cfg = fw_cfg_init_mem_wide(base + 8, base, 8, base + 16,
- &address_space_memory);
+ fw_cfg = fw_cfg_init_mem_dma(base + 8, base, 8, base + 16,
+ &address_space_memory);
fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, (uint16_t)ms->smp.cpus);
return fw_cfg;
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 13/41] hw/i386/x86: Remove X86MachineClass::fwcfg_dma_enabled field
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (11 preceding siblings ...)
2026-02-12 14:42 ` [PULL 12/41] hw/nvram/fw_cfg: Rename fw_cfg_init_mem_wide() -> fw_cfg_init_mem_dma() Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 14/41] hw/i386/pc: Remove multiboot.bin Paolo Bonzini
` (28 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Philippe Mathieu-Daudé, Zhao Liu, Igor Mammedov
From: Philippe Mathieu-Daudé <philmd@linaro.org>
The X86MachineClass::fwcfg_dma_enabled boolean was only used
by the pc-q35-2.6 and pc-i440fx-2.6 machines, which got
removed. Remove it and simplify.
'multiboot.bin' isn't used anymore, we'll remove it in the
next commit.
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-13-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/i386/x86.h | 2 --
hw/i386/microvm.c | 3 ---
hw/i386/multiboot.c | 7 +------
hw/i386/x86-common.c | 3 +--
hw/i386/x86.c | 2 --
5 files changed, 2 insertions(+), 15 deletions(-)
diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h
index 0dffba95f9a..23be6274377 100644
--- a/include/hw/i386/x86.h
+++ b/include/hw/i386/x86.h
@@ -30,8 +30,6 @@
struct X86MachineClass {
MachineClass parent;
- /* use DMA capable linuxboot option rom */
- bool fwcfg_dma_enabled;
/* CPU and apic information: */
bool apic_xrupt_override;
};
diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c
index 8cf99ad6623..7ff20512636 100644
--- a/hw/i386/microvm.c
+++ b/hw/i386/microvm.c
@@ -640,7 +640,6 @@ GlobalProperty microvm_properties[] = {
static void microvm_class_init(ObjectClass *oc, const void *data)
{
- X86MachineClass *x86mc = X86_MACHINE_CLASS(oc);
MicrovmMachineClass *mmc = MICROVM_MACHINE_CLASS(oc);
MachineClass *mc = MACHINE_CLASS(oc);
HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(oc);
@@ -674,8 +673,6 @@ static void microvm_class_init(ObjectClass *oc, const void *data)
hc->unplug_request = microvm_device_unplug_request_cb;
hc->unplug = microvm_device_unplug_cb;
- x86mc->fwcfg_dma_enabled = true;
-
object_class_property_add(oc, MICROVM_MACHINE_RTC, "OnOffAuto",
microvm_machine_get_rtc,
microvm_machine_set_rtc,
diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c
index 8b6acfee9ba..0e960a15dda 100644
--- a/hw/i386/multiboot.c
+++ b/hw/i386/multiboot.c
@@ -153,7 +153,6 @@ int load_multiboot(X86MachineState *x86ms,
int kernel_file_size,
uint8_t *header)
{
- bool multiboot_dma_enabled = X86_MACHINE_GET_CLASS(x86ms)->fwcfg_dma_enabled;
int i, is_multiboot = 0;
uint32_t flags = 0;
uint32_t mh_entry_addr;
@@ -402,11 +401,7 @@ int load_multiboot(X86MachineState *x86ms,
fw_cfg_add_bytes(fw_cfg, FW_CFG_INITRD_DATA, mb_bootinfo_data,
sizeof(bootinfo));
- if (multiboot_dma_enabled) {
- option_rom[nb_option_roms].name = "multiboot_dma.bin";
- } else {
- option_rom[nb_option_roms].name = "multiboot.bin";
- }
+ option_rom[nb_option_roms].name = "multiboot_dma.bin";
option_rom[nb_option_roms].bootindex = 0;
nb_option_roms++;
diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
index 85b90ff4324..192e91042f2 100644
--- a/hw/i386/x86-common.c
+++ b/hw/i386/x86-common.c
@@ -645,7 +645,6 @@ void x86_load_linux(X86MachineState *x86ms,
int acpi_data_size,
bool pvh_enabled)
{
- bool linuxboot_dma_enabled = X86_MACHINE_GET_CLASS(x86ms)->fwcfg_dma_enabled;
uint16_t protocol;
int setup_size, kernel_size, cmdline_size;
int dtb_size, setup_data_offset;
@@ -1004,7 +1003,7 @@ void x86_load_linux(X86MachineState *x86ms,
option_rom[nb_option_roms].bootindex = 0;
option_rom[nb_option_roms].name = "linuxboot.bin";
- if (linuxboot_dma_enabled && fw_cfg_dma_enabled(fw_cfg)) {
+ if (fw_cfg_dma_enabled(fw_cfg)) {
option_rom[nb_option_roms].name = "linuxboot_dma.bin";
}
nb_option_roms++;
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index c29856c810a..01872cba073 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -375,14 +375,12 @@ static void x86_machine_initfn(Object *obj)
static void x86_machine_class_init(ObjectClass *oc, const void *data)
{
MachineClass *mc = MACHINE_CLASS(oc);
- X86MachineClass *x86mc = X86_MACHINE_CLASS(oc);
NMIClass *nc = NMI_CLASS(oc);
mc->cpu_index_to_instance_props = x86_cpu_index_to_props;
mc->get_default_cpu_node_id = x86_get_default_cpu_node_id;
mc->possible_cpu_arch_ids = x86_possible_cpu_arch_ids;
mc->kvm_type = x86_kvm_type;
- x86mc->fwcfg_dma_enabled = true;
nc->nmi_monitor_handler = x86_nmi;
object_class_property_add(oc, X86_MACHINE_SMM, "OnOffAuto",
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 14/41] hw/i386/pc: Remove multiboot.bin
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (12 preceding siblings ...)
2026-02-12 14:42 ` [PULL 13/41] hw/i386/x86: Remove X86MachineClass::fwcfg_dma_enabled field Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 15/41] hw/i386: Assume fw_cfg DMA is always enabled Paolo Bonzini
` (27 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Thomas Huth, Zhao Liu, Igor Mammedov
From: Philippe Mathieu-Daudé <philmd@linaro.org>
All PC machines now use the multiboot_dma.bin binary,
we can remove the non-DMA version (multiboot.bin).
This doesn't change multiboot_dma binary file.
Suggested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-14-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
pc-bios/optionrom/optionrom.h | 4 -
hw/i386/pc.c | 1 -
pc-bios/meson.build | 1 -
pc-bios/multiboot.bin | Bin 1024 -> 0 bytes
pc-bios/optionrom/Makefile | 2 +-
pc-bios/optionrom/multiboot.S | 232 -----------------------------
pc-bios/optionrom/multiboot_dma.S | 234 +++++++++++++++++++++++++++++-
7 files changed, 233 insertions(+), 241 deletions(-)
delete mode 100644 pc-bios/multiboot.bin
delete mode 100644 pc-bios/optionrom/multiboot.S
diff --git a/pc-bios/optionrom/optionrom.h b/pc-bios/optionrom/optionrom.h
index 7bcdf0eeb24..2e6e2493f83 100644
--- a/pc-bios/optionrom/optionrom.h
+++ b/pc-bios/optionrom/optionrom.h
@@ -117,16 +117,12 @@
*
* Clobbers: %eax, %edx, %es, %ecx, %edi and adresses %esp-20 to %esp
*/
-#ifdef USE_FW_CFG_DMA
#define read_fw_blob_dma(var) \
read_fw var ## _SIZE; \
mov %eax, %ecx; \
read_fw var ## _ADDR; \
mov %eax, %edi ; \
read_fw_dma var ## _DATA, %ecx, %edi
-#else
-#define read_fw_blob_dma(var) read_fw_blob(var)
-#endif
#define read_fw_blob_pre(var) \
read_fw var ## _SIZE; \
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 716962f24fc..b033fc67cf9 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -672,7 +672,6 @@ void xen_load_linux(PCMachineState *pcms)
assert(!strcmp(option_rom[i].name, "linuxboot.bin") ||
!strcmp(option_rom[i].name, "linuxboot_dma.bin") ||
!strcmp(option_rom[i].name, "pvh.bin") ||
- !strcmp(option_rom[i].name, "multiboot.bin") ||
!strcmp(option_rom[i].name, "multiboot_dma.bin"));
rom_add_option(option_rom[i].name, option_rom[i].bootindex);
}
diff --git a/pc-bios/meson.build b/pc-bios/meson.build
index 9260aaad78e..efe45c16705 100644
--- a/pc-bios/meson.build
+++ b/pc-bios/meson.build
@@ -62,7 +62,6 @@ blobs = [
'efi-e1000e.rom',
'efi-vmxnet3.rom',
'qemu-nsis.bmp',
- 'multiboot.bin',
'multiboot_dma.bin',
'linuxboot.bin',
'linuxboot_dma.bin',
diff --git a/pc-bios/multiboot.bin b/pc-bios/multiboot.bin
deleted file mode 100644
index e772713c95749bee82c20002b50ec6d05b2d4987..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 1024
zcmeHFF=!KE7=3rWv_~9rsoFv02vW|$BE3Z@O2HvxF(Tbn?w$(KKupFCa&$N@9Fjpq
zK@c}VaQwY4cgc{Tlqxt>x}>-yZJ|RqIXJnrkq&Z`qYu9S`*@G<!T0!A-^*X{S6sw=
z<w-@7C*lkF^`H61m~8d^?O!oleMSR?t#6EW6}mqu{h%`{(K%RTG*bK#J^ijsscX~K
zfejV5t1IyI=d$hU)1arfC$b8fp&yDo0xfqK6mtiR2I}dj(5KrIXEOCj%z}ZI15%6l
zsG98;4HbW|Im?$8-zl*8b`fJPq`5;gae4|rodZBo8UhR|H&^a#p0A%Z9?-oNQ`)lJ
z<ppqkr}^DX7yufq>&pvhTyuJgL1#^qn)3#|vcmPSdBLEU<5H(yG&ogOxzu?&L$_ll
z`=1R?t;PFYKHEz@813aPx^pUQ7NogpP)Gm@mqMG#RX}I}{ICADANm7-NHH@$nuknt
zOJkc<q3`x6)C@VID5jAD$LsM?l|sv2$Y;o1A%FaECE3M>1gMiQ1RzNOyxKbM?UVlI
lgl_|v@lXbCmseKtxLIvHx?ig`O4Zsu%dVet`Hz2u_&3=y3J?GQ
diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile
index e6674a76e73..963a77a3298 100644
--- a/pc-bios/optionrom/Makefile
+++ b/pc-bios/optionrom/Makefile
@@ -2,7 +2,7 @@ include config.mak
SRC_DIR := $(TOPSRC_DIR)/pc-bios/optionrom
VPATH = $(SRC_DIR)
-all: multiboot.bin multiboot_dma.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin pvh.bin
+all: multiboot_dma.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin pvh.bin
# Dummy command so that make thinks it has done something
@true
diff --git a/pc-bios/optionrom/multiboot.S b/pc-bios/optionrom/multiboot.S
deleted file mode 100644
index c95e35c9cb6..00000000000
--- a/pc-bios/optionrom/multiboot.S
+++ /dev/null
@@ -1,232 +0,0 @@
-/*
- * Multiboot Option ROM
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * Copyright Novell Inc, 2009
- * Authors: Alexander Graf <agraf@suse.de>
- */
-
-#include "optionrom.h"
-
-#define BOOT_ROM_PRODUCT "multiboot loader"
-
-#define MULTIBOOT_MAGIC 0x2badb002
-
-#define GS_PROT_JUMP 0
-#define GS_GDT_DESC 6
-
-
-BOOT_ROM_START
-
-run_multiboot:
-
- cli
- cld
-
- mov %cs, %eax
- shl $0x4, %eax
-
- /* set up a long jump descriptor that is PC relative */
-
- /* move stack memory to %gs */
- mov %ss, %ecx
- shl $0x4, %ecx
- mov %esp, %ebx
- add %ebx, %ecx
- sub $0x20, %ecx
- sub $0x30, %esp
- shr $0x4, %ecx
- mov %cx, %gs
-
- /* now push the indirect jump descriptor there */
- mov (prot_jump), %ebx
- add %eax, %ebx
- movl %ebx, %gs:GS_PROT_JUMP
- mov $8, %bx
- movw %bx, %gs:GS_PROT_JUMP + 4
-
- /* fix the gdt descriptor to be PC relative */
- movw (gdt_desc), %bx
- movw %bx, %gs:GS_GDT_DESC
- movl (gdt_desc+2), %ebx
- add %eax, %ebx
- movl %ebx, %gs:GS_GDT_DESC + 2
-
- xor %eax, %eax
- mov %eax, %es
-
- /* Read the bootinfo struct into RAM */
- read_fw_blob_dma(FW_CFG_INITRD)
-
- /* FS = bootinfo_struct */
- read_fw FW_CFG_INITRD_ADDR
- shr $4, %eax
- mov %ax, %fs
-
- /* Account for the EBDA in the multiboot structure's e801
- * map.
- */
- int $0x12
- cwtl
- movl %eax, %fs:4
-
- /* ES = mmap_addr */
- mov %fs:48, %eax
- shr $4, %eax
- mov %ax, %es
-
- /* Initialize multiboot mmap structs using int 0x15(e820) */
- xor %ebx, %ebx
- /* Start storing mmap data at %es:0 */
- xor %edi, %edi
-
-mmap_loop:
- /* The multiboot entry size has offset -4, so leave some space */
- add $4, %di
- /* entry size (mmap struct) & max buffer size (int15) */
- movl $20, %ecx
- /* e820 */
- movl $0x0000e820, %eax
- /* 'SMAP' magic */
- movl $0x534d4150, %edx
- int $0x15
-
-mmap_check_entry:
- /* Error or last entry already done? */
- jb mmap_done
-
-mmap_store_entry:
- /* store entry size */
- /* old as(1) doesn't like this insn so emit the bytes instead:
- movl %ecx, %es:-4(%edi)
- */
- .dc.b 0x26,0x67,0x66,0x89,0x4f,0xfc
-
- /* %edi += entry_size, store as mbs_mmap_length */
- add %ecx, %edi
- movw %di, %fs:0x2c
-
- /* Continuation value 0 means last entry */
- test %ebx, %ebx
- jnz mmap_loop
-
-mmap_done:
- /* Calculate upper_mem field: The amount of memory between 1 MB and
- the first upper memory hole. Get it from the mmap. */
- xor %di, %di
- mov $0x100000, %edx
-upper_mem_entry:
- cmp %fs:0x2c, %di
- je upper_mem_done
- add $4, %di
-
- /* Skip if type != 1 */
- cmpl $1, %es:16(%di)
- jne upper_mem_next
-
- /* Skip if > 4 GB */
- movl %es:4(%di), %eax
- test %eax, %eax
- jnz upper_mem_next
-
- /* Check for contiguous extension (base <= %edx < base + length) */
- movl %es:(%di), %eax
- cmp %eax, %edx
- jb upper_mem_next
- addl %es:8(%di), %eax
- cmp %eax, %edx
- jae upper_mem_next
-
- /* If so, update %edx, and restart the search (mmap isn't ordered) */
- mov %eax, %edx
- xor %di, %di
- jmp upper_mem_entry
-
-upper_mem_next:
- addl %es:-4(%di), %edi
- jmp upper_mem_entry
-
-upper_mem_done:
- sub $0x100000, %edx
- shr $10, %edx
- mov %edx, %fs:0x8
-
-real_to_prot:
- /* Load the GDT before going into protected mode */
-lgdt:
- data32 lgdt %gs:GS_GDT_DESC
-
- /* get us to protected mode now */
- movl $1, %eax
- movl %eax, %cr0
-
- /* the LJMP sets CS for us and gets us to 32-bit */
-ljmp:
- data32 ljmp *%gs:GS_PROT_JUMP
-
-prot_mode:
-.code32
-
- /* initialize all other segments */
- movl $0x10, %eax
- movl %eax, %ss
- movl %eax, %ds
- movl %eax, %es
- movl %eax, %fs
- movl %eax, %gs
-
- /* Read the kernel and modules into RAM */
- read_fw_blob_dma(FW_CFG_KERNEL)
-
- /* Jump off to the kernel */
- read_fw FW_CFG_KERNEL_ENTRY
- mov %eax, %ecx
-
- /* EBX contains a pointer to the bootinfo struct */
- read_fw FW_CFG_INITRD_ADDR
- movl %eax, %ebx
-
- /* EAX has to contain the magic */
- movl $MULTIBOOT_MAGIC, %eax
-ljmp2:
- jmp *%ecx
-
-/* Variables */
-.align 4, 0
-prot_jump: .long prot_mode
- .short 8
-
-.align 8, 0
-gdt:
- /* 0x00 */
-.byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-
- /* 0x08: code segment (base=0, limit=0xfffff, type=32bit code exec/read, DPL=0, 4k) */
-.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x9a, 0xcf, 0x00
-
- /* 0x10: data segment (base=0, limit=0xfffff, type=32bit data read/write, DPL=0, 4k) */
-.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x92, 0xcf, 0x00
-
- /* 0x18: code segment (base=0, limit=0x0ffff, type=16bit code exec/read/conf, DPL=0, 1b) */
-.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x9e, 0x00, 0x00
-
- /* 0x20: data segment (base=0, limit=0x0ffff, type=16bit data read/write, DPL=0, 1b) */
-.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x92, 0x00, 0x00
-
-gdt_desc:
-.short (5 * 8) - 1
-.long gdt
-
-BOOT_ROM_END
diff --git a/pc-bios/optionrom/multiboot_dma.S b/pc-bios/optionrom/multiboot_dma.S
index d809af3e23f..c95e35c9cb6 100644
--- a/pc-bios/optionrom/multiboot_dma.S
+++ b/pc-bios/optionrom/multiboot_dma.S
@@ -1,2 +1,232 @@
-#define USE_FW_CFG_DMA 1
-#include "multiboot.S"
+/*
+ * Multiboot Option ROM
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * Copyright Novell Inc, 2009
+ * Authors: Alexander Graf <agraf@suse.de>
+ */
+
+#include "optionrom.h"
+
+#define BOOT_ROM_PRODUCT "multiboot loader"
+
+#define MULTIBOOT_MAGIC 0x2badb002
+
+#define GS_PROT_JUMP 0
+#define GS_GDT_DESC 6
+
+
+BOOT_ROM_START
+
+run_multiboot:
+
+ cli
+ cld
+
+ mov %cs, %eax
+ shl $0x4, %eax
+
+ /* set up a long jump descriptor that is PC relative */
+
+ /* move stack memory to %gs */
+ mov %ss, %ecx
+ shl $0x4, %ecx
+ mov %esp, %ebx
+ add %ebx, %ecx
+ sub $0x20, %ecx
+ sub $0x30, %esp
+ shr $0x4, %ecx
+ mov %cx, %gs
+
+ /* now push the indirect jump descriptor there */
+ mov (prot_jump), %ebx
+ add %eax, %ebx
+ movl %ebx, %gs:GS_PROT_JUMP
+ mov $8, %bx
+ movw %bx, %gs:GS_PROT_JUMP + 4
+
+ /* fix the gdt descriptor to be PC relative */
+ movw (gdt_desc), %bx
+ movw %bx, %gs:GS_GDT_DESC
+ movl (gdt_desc+2), %ebx
+ add %eax, %ebx
+ movl %ebx, %gs:GS_GDT_DESC + 2
+
+ xor %eax, %eax
+ mov %eax, %es
+
+ /* Read the bootinfo struct into RAM */
+ read_fw_blob_dma(FW_CFG_INITRD)
+
+ /* FS = bootinfo_struct */
+ read_fw FW_CFG_INITRD_ADDR
+ shr $4, %eax
+ mov %ax, %fs
+
+ /* Account for the EBDA in the multiboot structure's e801
+ * map.
+ */
+ int $0x12
+ cwtl
+ movl %eax, %fs:4
+
+ /* ES = mmap_addr */
+ mov %fs:48, %eax
+ shr $4, %eax
+ mov %ax, %es
+
+ /* Initialize multiboot mmap structs using int 0x15(e820) */
+ xor %ebx, %ebx
+ /* Start storing mmap data at %es:0 */
+ xor %edi, %edi
+
+mmap_loop:
+ /* The multiboot entry size has offset -4, so leave some space */
+ add $4, %di
+ /* entry size (mmap struct) & max buffer size (int15) */
+ movl $20, %ecx
+ /* e820 */
+ movl $0x0000e820, %eax
+ /* 'SMAP' magic */
+ movl $0x534d4150, %edx
+ int $0x15
+
+mmap_check_entry:
+ /* Error or last entry already done? */
+ jb mmap_done
+
+mmap_store_entry:
+ /* store entry size */
+ /* old as(1) doesn't like this insn so emit the bytes instead:
+ movl %ecx, %es:-4(%edi)
+ */
+ .dc.b 0x26,0x67,0x66,0x89,0x4f,0xfc
+
+ /* %edi += entry_size, store as mbs_mmap_length */
+ add %ecx, %edi
+ movw %di, %fs:0x2c
+
+ /* Continuation value 0 means last entry */
+ test %ebx, %ebx
+ jnz mmap_loop
+
+mmap_done:
+ /* Calculate upper_mem field: The amount of memory between 1 MB and
+ the first upper memory hole. Get it from the mmap. */
+ xor %di, %di
+ mov $0x100000, %edx
+upper_mem_entry:
+ cmp %fs:0x2c, %di
+ je upper_mem_done
+ add $4, %di
+
+ /* Skip if type != 1 */
+ cmpl $1, %es:16(%di)
+ jne upper_mem_next
+
+ /* Skip if > 4 GB */
+ movl %es:4(%di), %eax
+ test %eax, %eax
+ jnz upper_mem_next
+
+ /* Check for contiguous extension (base <= %edx < base + length) */
+ movl %es:(%di), %eax
+ cmp %eax, %edx
+ jb upper_mem_next
+ addl %es:8(%di), %eax
+ cmp %eax, %edx
+ jae upper_mem_next
+
+ /* If so, update %edx, and restart the search (mmap isn't ordered) */
+ mov %eax, %edx
+ xor %di, %di
+ jmp upper_mem_entry
+
+upper_mem_next:
+ addl %es:-4(%di), %edi
+ jmp upper_mem_entry
+
+upper_mem_done:
+ sub $0x100000, %edx
+ shr $10, %edx
+ mov %edx, %fs:0x8
+
+real_to_prot:
+ /* Load the GDT before going into protected mode */
+lgdt:
+ data32 lgdt %gs:GS_GDT_DESC
+
+ /* get us to protected mode now */
+ movl $1, %eax
+ movl %eax, %cr0
+
+ /* the LJMP sets CS for us and gets us to 32-bit */
+ljmp:
+ data32 ljmp *%gs:GS_PROT_JUMP
+
+prot_mode:
+.code32
+
+ /* initialize all other segments */
+ movl $0x10, %eax
+ movl %eax, %ss
+ movl %eax, %ds
+ movl %eax, %es
+ movl %eax, %fs
+ movl %eax, %gs
+
+ /* Read the kernel and modules into RAM */
+ read_fw_blob_dma(FW_CFG_KERNEL)
+
+ /* Jump off to the kernel */
+ read_fw FW_CFG_KERNEL_ENTRY
+ mov %eax, %ecx
+
+ /* EBX contains a pointer to the bootinfo struct */
+ read_fw FW_CFG_INITRD_ADDR
+ movl %eax, %ebx
+
+ /* EAX has to contain the magic */
+ movl $MULTIBOOT_MAGIC, %eax
+ljmp2:
+ jmp *%ecx
+
+/* Variables */
+.align 4, 0
+prot_jump: .long prot_mode
+ .short 8
+
+.align 8, 0
+gdt:
+ /* 0x00 */
+.byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+ /* 0x08: code segment (base=0, limit=0xfffff, type=32bit code exec/read, DPL=0, 4k) */
+.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x9a, 0xcf, 0x00
+
+ /* 0x10: data segment (base=0, limit=0xfffff, type=32bit data read/write, DPL=0, 4k) */
+.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x92, 0xcf, 0x00
+
+ /* 0x18: code segment (base=0, limit=0x0ffff, type=16bit code exec/read/conf, DPL=0, 1b) */
+.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x9e, 0x00, 0x00
+
+ /* 0x20: data segment (base=0, limit=0x0ffff, type=16bit data read/write, DPL=0, 1b) */
+.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x92, 0x00, 0x00
+
+gdt_desc:
+.short (5 * 8) - 1
+.long gdt
+
+BOOT_ROM_END
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 15/41] hw/i386: Assume fw_cfg DMA is always enabled
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (13 preceding siblings ...)
2026-02-12 14:42 ` [PULL 14/41] hw/i386/pc: Remove multiboot.bin Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 16/41] hw/i386: Remove linuxboot.bin Paolo Bonzini
` (26 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Zhao Liu, Igor Mammedov, Thomas Huth
From: Philippe Mathieu-Daudé <philmd@linaro.org>
Now all calls of x86 machines to fw_cfg_init_io_dma() pass DMA
arguments, so the FWCfgState (FWCfgIoState) created by x86 machines
enables DMA by default.
Although other callers of fw_cfg_init_io_dma() besides x86 also pass
DMA arguments to create DMA-enabled FwCfgIoState, the "dma_enabled"
property of FwCfgIoState cannot yet be removed, because Sun4u and Sun4v
still create DMA-disabled FwCfgIoState (bypass fw_cfg_init_io_dma()) in
sun4uv_init() (hw/sparc64/sun4u.c).
Maybe reusing fw_cfg_init_io_dma() for them would be a better choice, or
adding fw_cfg_init_io_nodma(). However, before that, first simplify the
handling of FwCfgState in x86.
Considering that FwCfgIoState in x86 enables DMA by default, remove the
handling for DMA-disabled cases and replace DMA checks with assertions
to ensure that the default DMA-enabled setting is not broken.
Then 'linuxboot.bin' isn't used anymore, and it will be removed in the
next commit.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Link: https://lore.kernel.org/r/20260108033051.777361-15-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/fw_cfg.c | 16 ++++++++--------
hw/i386/x86-common.c | 6 ++----
2 files changed, 10 insertions(+), 12 deletions(-)
diff --git a/hw/i386/fw_cfg.c b/hw/i386/fw_cfg.c
index 5c0bcd5f8a9..5670e8553ea 100644
--- a/hw/i386/fw_cfg.c
+++ b/hw/i386/fw_cfg.c
@@ -215,18 +215,18 @@ void fw_cfg_build_feature_control(MachineState *ms, FWCfgState *fw_cfg)
#ifdef CONFIG_ACPI
void fw_cfg_add_acpi_dsdt(Aml *scope, FWCfgState *fw_cfg)
{
+ uint8_t io_size;
+ Aml *dev = aml_device("FWCF");
+ Aml *crs = aml_resource_template();
+
/*
* when using port i/o, the 8-bit data register *always* overlaps
* with half of the 16-bit control register. Hence, the total size
- * of the i/o region used is FW_CFG_CTL_SIZE; when using DMA, the
- * DMA control register is located at FW_CFG_DMA_IO_BASE + 4
+ * of the i/o region used is FW_CFG_CTL_SIZE; And the DMA control
+ * register is located at FW_CFG_DMA_IO_BASE + 4
*/
- Object *obj = OBJECT(fw_cfg);
- uint8_t io_size = object_property_get_bool(obj, "dma_enabled", NULL) ?
- ROUND_UP(FW_CFG_CTL_SIZE, 4) + sizeof(dma_addr_t) :
- FW_CFG_CTL_SIZE;
- Aml *dev = aml_device("FWCF");
- Aml *crs = aml_resource_template();
+ assert(fw_cfg_dma_enabled(fw_cfg));
+ io_size = ROUND_UP(FW_CFG_CTL_SIZE, 4) + sizeof(dma_addr_t);
aml_append(dev, aml_name_decl("_HID", aml_string("QEMU0002")));
diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
index 192e91042f2..de4cd7650a4 100644
--- a/hw/i386/x86-common.c
+++ b/hw/i386/x86-common.c
@@ -1002,10 +1002,8 @@ void x86_load_linux(X86MachineState *x86ms,
}
option_rom[nb_option_roms].bootindex = 0;
- option_rom[nb_option_roms].name = "linuxboot.bin";
- if (fw_cfg_dma_enabled(fw_cfg)) {
- option_rom[nb_option_roms].name = "linuxboot_dma.bin";
- }
+ assert(fw_cfg_dma_enabled(fw_cfg));
+ option_rom[nb_option_roms].name = "linuxboot_dma.bin";
nb_option_roms++;
}
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 16/41] hw/i386: Remove linuxboot.bin
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (14 preceding siblings ...)
2026-02-12 14:42 ` [PULL 15/41] hw/i386: Assume fw_cfg DMA is always enabled Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-03-24 12:12 ` Daniel P. Berrangé
2026-02-12 14:42 ` [PULL 17/41] hw/i386/pc: Remove pc_compat_2_6[] array Paolo Bonzini
` (25 subsequent siblings)
41 siblings, 1 reply; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Philippe Mathieu-Daudé, Thomas Huth, Zhao Liu
From: Philippe Mathieu-Daudé <philmd@linaro.org>
All machines now use the linuxboot_dma.bin binary, so it's safe to
remove the non-DMA version (linuxboot.bin).
Suggested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Link: https://lore.kernel.org/r/20260108033051.777361-16-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/pc.c | 3 +-
pc-bios/meson.build | 1 -
pc-bios/optionrom/Makefile | 2 +-
pc-bios/optionrom/linuxboot.S | 195 ----------------------------------
4 files changed, 2 insertions(+), 199 deletions(-)
delete mode 100644 pc-bios/optionrom/linuxboot.S
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index b033fc67cf9..c0e6a23bec1 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -669,8 +669,7 @@ void xen_load_linux(PCMachineState *pcms)
x86_load_linux(x86ms, fw_cfg, PC_FW_DATA, pcmc->pvh_enabled);
for (i = 0; i < nb_option_roms; i++) {
- assert(!strcmp(option_rom[i].name, "linuxboot.bin") ||
- !strcmp(option_rom[i].name, "linuxboot_dma.bin") ||
+ assert(!strcmp(option_rom[i].name, "linuxboot_dma.bin") ||
!strcmp(option_rom[i].name, "pvh.bin") ||
!strcmp(option_rom[i].name, "multiboot_dma.bin"));
rom_add_option(option_rom[i].name, option_rom[i].bootindex);
diff --git a/pc-bios/meson.build b/pc-bios/meson.build
index efe45c16705..2f470ed1294 100644
--- a/pc-bios/meson.build
+++ b/pc-bios/meson.build
@@ -63,7 +63,6 @@ blobs = [
'efi-vmxnet3.rom',
'qemu-nsis.bmp',
'multiboot_dma.bin',
- 'linuxboot.bin',
'linuxboot_dma.bin',
'kvmvapic.bin',
'pvh.bin',
diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile
index 963a77a3298..f1c1b9efc21 100644
--- a/pc-bios/optionrom/Makefile
+++ b/pc-bios/optionrom/Makefile
@@ -2,7 +2,7 @@ include config.mak
SRC_DIR := $(TOPSRC_DIR)/pc-bios/optionrom
VPATH = $(SRC_DIR)
-all: multiboot_dma.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin pvh.bin
+all: multiboot_dma.bin linuxboot_dma.bin kvmvapic.bin pvh.bin
# Dummy command so that make thinks it has done something
@true
diff --git a/pc-bios/optionrom/linuxboot.S b/pc-bios/optionrom/linuxboot.S
deleted file mode 100644
index ba821ab922d..00000000000
--- a/pc-bios/optionrom/linuxboot.S
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Linux Boot Option ROM
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * Copyright Novell Inc, 2009
- * Authors: Alexander Graf <agraf@suse.de>
- *
- * Based on code in hw/pc.c.
- */
-
-#include "optionrom.h"
-
-#define BOOT_ROM_PRODUCT "Linux loader"
-
-BOOT_ROM_START
-
-run_linuxboot:
-
- cli
- cld
-
- jmp copy_kernel
-boot_kernel:
-
- read_fw FW_CFG_SETUP_ADDR
-
- mov %eax, %ebx
- shr $4, %ebx
-
- /* All segments contain real_addr */
- mov %bx, %ds
- mov %bx, %es
- mov %bx, %fs
- mov %bx, %gs
- mov %bx, %ss
-
- /* CX = CS we want to jump to */
- add $0x20, %bx
- mov %bx, %cx
-
- /* SP = cmdline_addr-real_addr-16 */
- read_fw FW_CFG_CMDLINE_ADDR
- mov %eax, %ebx
- read_fw FW_CFG_SETUP_ADDR
- sub %eax, %ebx
- sub $16, %ebx
- mov %ebx, %esp
-
- /* Build indirect lret descriptor */
- pushw %cx /* CS */
- xor %ax, %ax
- pushw %ax /* IP = 0 */
-
- /* Clear registers */
- xor %eax, %eax
- xor %ebx, %ebx
- xor %ecx, %ecx
- xor %edx, %edx
- xor %edi, %edi
- xor %ebp, %ebp
-
- /* Jump to Linux */
- lret
-
-
-copy_kernel:
- /* Read info block in low memory (0x10000 or 0x90000) */
- read_fw FW_CFG_SETUP_ADDR
- shr $4, %eax
- mov %eax, %es
- xor %edi, %edi
- read_fw_blob_addr32_edi(FW_CFG_SETUP)
-
- cmpw $0x203, %es:0x206 // if protocol >= 0x203
- jae 1f // have initrd_max
- movl $0x37ffffff, %es:0x22c // else assume 0x37ffffff
-1:
-
- /* Check if using kernel-specified initrd address */
- read_fw FW_CFG_INITRD_ADDR
- mov %eax, %edi // (load_kernel wants it in %edi)
- read_fw FW_CFG_INITRD_SIZE // find end of initrd
- add %edi, %eax
- xor %es:0x22c, %eax // if it matches es:0x22c
- and $-4096, %eax // (apart from padding for page)
- jz load_kernel // then initrd is not at top
- // of memory
-
- /* pc.c placed the initrd at end of memory. Compute a better
- * initrd address based on e801 data.
- */
- mov $0xe801, %ax
- xor %cx, %cx
- xor %dx, %dx
- int $0x15
-
- /* Output could be in AX/BX or CX/DX */
- or %cx, %cx
- jnz 1f
- or %dx, %dx
- jnz 1f
- mov %ax, %cx
- mov %bx, %dx
-1:
-
- or %dx, %dx
- jnz 2f
- addw $1024, %cx /* add 1 MB */
- movzwl %cx, %edi
- shll $10, %edi /* convert to bytes */
- jmp 3f
-
-2:
- addw $16777216 >> 16, %dx /* add 16 MB */
- movzwl %dx, %edi
- shll $16, %edi /* convert to bytes */
-
-3:
- read_fw FW_CFG_INITRD_SIZE
- subl %eax, %edi
- andl $-4096, %edi /* EDI = start of initrd */
- movl %edi, %es:0x218 /* put it in the header */
-
-load_kernel:
- /* We need to load the kernel into memory we can't access in 16 bit
- mode, so let's get into 32 bit mode, write the kernel and jump
- back again. */
-
- /* Reserve space on the stack for our GDT descriptor. */
- mov %esp, %ebp
- sub $16, %esp
-
- /* Now create the GDT descriptor */
- movw $((3 * 8) - 1), -16(%bp)
- mov %cs, %eax
- movzwl %ax, %eax
- shl $4, %eax
- addl $gdt, %eax
- movl %eax, -14(%bp)
-
- /* And load the GDT */
- data32 lgdt -16(%bp)
- mov %ebp, %esp
-
- /* Get us to protected mode now */
- mov $1, %eax
- mov %eax, %cr0
-
- /* So we can set ES to a 32-bit segment */
- mov $0x10, %eax
- mov %eax, %es
-
- /* We're now running in 16-bit CS, but 32-bit ES! */
-
- /* Load kernel and initrd */
- read_fw_blob_addr32_edi(FW_CFG_INITRD)
- read_fw_blob_addr32(FW_CFG_KERNEL)
- read_fw_blob_addr32(FW_CFG_CMDLINE)
-
- /* And now jump into Linux! */
- mov $0, %eax
- mov %eax, %cr0
-
- /* ES = CS */
- mov %cs, %ax
- mov %ax, %es
-
- jmp boot_kernel
-
-/* Variables */
-
-.align 4, 0
-gdt:
- /* 0x00 */
-.byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-
- /* 0x08: code segment (base=0, limit=0xfffff, type=32bit code exec/read, DPL=0, 4k) */
-.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x9a, 0xcf, 0x00
-
- /* 0x10: data segment (base=0, limit=0xfffff, type=32bit data read/write, DPL=0, 4k) */
-.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x92, 0xcf, 0x00
-
-BOOT_ROM_END
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 17/41] hw/i386/pc: Remove pc_compat_2_6[] array
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (15 preceding siblings ...)
2026-02-12 14:42 ` [PULL 16/41] hw/i386: Remove linuxboot.bin Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 18/41] hw/intc/apic: Remove APICCommonState::legacy_instance_id field Paolo Bonzini
` (24 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Mark Cave-Ayland, Thomas Huth,
Zhao Liu, Igor Mammedov
From: Philippe Mathieu-Daudé <philmd@linaro.org>
The pc_compat_2_6[] array was only used by the pc-q35-2.6
and pc-i440fx-2.6 machines, which got removed. Remove it.
Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-17-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/i386/pc.h | 3 ---
hw/i386/pc.c | 8 --------
2 files changed, 11 deletions(-)
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 7f8cf94138a..d6d54852375 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -298,9 +298,6 @@ extern const size_t pc_compat_2_8_len;
extern GlobalProperty pc_compat_2_7[];
extern const size_t pc_compat_2_7_len;
-extern GlobalProperty pc_compat_2_6[];
-extern const size_t pc_compat_2_6_len;
-
#define DEFINE_PC_MACHINE(suffix, namestr, initfn, optsfn) \
static void pc_machine_##suffix##_class_init(ObjectClass *oc, \
const void *data) \
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index c0e6a23bec1..12f139c6798 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -266,14 +266,6 @@ GlobalProperty pc_compat_2_7[] = {
};
const size_t pc_compat_2_7_len = G_N_ELEMENTS(pc_compat_2_7);
-GlobalProperty pc_compat_2_6[] = {
- { TYPE_X86_CPU, "cpuid-0xb", "off" },
- { "vmxnet3", "romfile", "" },
- { TYPE_X86_CPU, "fill-mtrr-mask", "off" },
- { "apic-common", "legacy-instance-id", "on", }
-};
-const size_t pc_compat_2_6_len = G_N_ELEMENTS(pc_compat_2_6);
-
/*
* @PC_FW_DATA:
* Size of the chunk of memory at the top of RAM for the BIOS ACPI tables
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 18/41] hw/intc/apic: Remove APICCommonState::legacy_instance_id field
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (16 preceding siblings ...)
2026-02-12 14:42 ` [PULL 17/41] hw/i386/pc: Remove pc_compat_2_6[] array Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 19/41] hw/core/machine: Remove hw_compat_2_6[] array Paolo Bonzini
` (23 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Mark Cave-Ayland, Thomas Huth,
Igor Mammedov, Zhao Liu
From: Philippe Mathieu-Daudé <philmd@linaro.org>
The APICCommonState::legacy_instance_id boolean was only set
in the pc_compat_2_6[] array, via the 'legacy-instance-id=on'
property. We removed all machines using that array, lets remove
that property, simplifying apic_common_realize().
Because instance_id is initialized as initial_apic_id, we can
not register vmstate_apic_common directly via dc->vmsd.
Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-18-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/i386/apic_internal.h | 1 -
hw/intc/apic_common.c | 5 -----
2 files changed, 6 deletions(-)
diff --git a/include/hw/i386/apic_internal.h b/include/hw/i386/apic_internal.h
index 4a62fdceb4e..0cb06bbc76c 100644
--- a/include/hw/i386/apic_internal.h
+++ b/include/hw/i386/apic_internal.h
@@ -187,7 +187,6 @@ struct APICCommonState {
uint32_t vapic_control;
DeviceState *vapic;
hwaddr vapic_paddr; /* note: persistence via kvmvapic */
- bool legacy_instance_id;
uint32_t extended_log_dest;
};
diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
index 4e9e3089945..bf4abc21d7b 100644
--- a/hw/intc/apic_common.c
+++ b/hw/intc/apic_common.c
@@ -276,9 +276,6 @@ static void apic_common_realize(DeviceState *dev, Error **errp)
info->enable_tpr_reporting(s, true);
}
- if (s->legacy_instance_id) {
- instance_id = VMSTATE_INSTANCE_ID_ANY;
- }
vmstate_register_with_alias_id(NULL, instance_id, &vmstate_apic_common,
s, -1, 0, NULL);
@@ -395,8 +392,6 @@ static const Property apic_properties_common[] = {
DEFINE_PROP_UINT8("version", APICCommonState, version, 0x14),
DEFINE_PROP_BIT("vapic", APICCommonState, vapic_control, VAPIC_ENABLE_BIT,
true),
- DEFINE_PROP_BOOL("legacy-instance-id", APICCommonState, legacy_instance_id,
- false),
};
static void apic_common_get_id(Object *obj, Visitor *v, const char *name,
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 19/41] hw/core/machine: Remove hw_compat_2_6[] array
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (17 preceding siblings ...)
2026-02-12 14:42 ` [PULL 18/41] hw/intc/apic: Remove APICCommonState::legacy_instance_id field Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 20/41] hw/virtio/virtio-mmio: Remove VirtIOMMIOProxy::format_transport_address field Paolo Bonzini
` (22 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Mark Cave-Ayland, Thomas Huth,
Zhao Liu, Igor Mammedov
From: Philippe Mathieu-Daudé <philmd@linaro.org>
The hw_compat_2_6[] array was only used by the pc-q35-2.6 and
pc-i440fx-2.6 machines, which got removed. Remove it.
Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-19-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/core/boards.h | 3 ---
hw/core/machine.c | 8 --------
2 files changed, 11 deletions(-)
diff --git a/include/hw/core/boards.h b/include/hw/core/boards.h
index 07f89387525..d6ff9f3d233 100644
--- a/include/hw/core/boards.h
+++ b/include/hw/core/boards.h
@@ -885,7 +885,4 @@ extern const size_t hw_compat_2_8_len;
extern GlobalProperty hw_compat_2_7[];
extern const size_t hw_compat_2_7_len;
-extern GlobalProperty hw_compat_2_6[];
-extern const size_t hw_compat_2_6_len;
-
#endif
diff --git a/hw/core/machine.c b/hw/core/machine.c
index 6411e68856b..2664848c2b0 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -293,14 +293,6 @@ GlobalProperty hw_compat_2_7[] = {
};
const size_t hw_compat_2_7_len = G_N_ELEMENTS(hw_compat_2_7);
-GlobalProperty hw_compat_2_6[] = {
- { "virtio-mmio", "format_transport_address", "off" },
- /* Optional because not all virtio-pci devices support legacy mode */
- { "virtio-pci", "disable-modern", "on", .optional = true },
- { "virtio-pci", "disable-legacy", "off", .optional = true },
-};
-const size_t hw_compat_2_6_len = G_N_ELEMENTS(hw_compat_2_6);
-
MachineState *current_machine;
static char *machine_get_kernel(Object *obj, Error **errp)
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 20/41] hw/virtio/virtio-mmio: Remove VirtIOMMIOProxy::format_transport_address field
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (18 preceding siblings ...)
2026-02-12 14:42 ` [PULL 19/41] hw/core/machine: Remove hw_compat_2_6[] array Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 21/41] hw/i386/pc: Remove deprecated pc-q35-2.7 and pc-i440fx-2.7 machines Paolo Bonzini
` (21 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Mark Cave-Ayland, Thomas Huth,
Zhao Liu, Igor Mammedov
From: Philippe Mathieu-Daudé <philmd@linaro.org>
The VirtIOMMIOProxy::format_transport_address boolean was only set
in the hw_compat_2_6[] array, via the 'format_transport_address=off'
property. We removed all machines using that array, lets remove
that property, simplifying virtio_mmio_bus_get_dev_path().
Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-20-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/virtio/virtio-mmio.h | 1 -
hw/virtio/virtio-mmio.c | 15 ---------------
2 files changed, 16 deletions(-)
diff --git a/include/hw/virtio/virtio-mmio.h b/include/hw/virtio/virtio-mmio.h
index 1eab3c0dece..1644d098105 100644
--- a/include/hw/virtio/virtio-mmio.h
+++ b/include/hw/virtio/virtio-mmio.h
@@ -66,7 +66,6 @@ struct VirtIOMMIOProxy {
uint32_t guest_page_shift;
/* virtio-bus */
VirtioBusState bus;
- bool format_transport_address;
/* Fields only used for non-legacy (v2) devices */
uint32_t guest_features[2];
VirtIOMMIOQueue vqs[VIRTIO_QUEUE_MAX];
diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c
index 0b0412b22f2..742ca3d3e4d 100644
--- a/hw/virtio/virtio-mmio.c
+++ b/hw/virtio/virtio-mmio.c
@@ -764,8 +764,6 @@ static void virtio_mmio_pre_plugged(DeviceState *d, Error **errp)
/* virtio-mmio device */
static const Property virtio_mmio_properties[] = {
- DEFINE_PROP_BOOL("format_transport_address", VirtIOMMIOProxy,
- format_transport_address, true),
DEFINE_PROP_BOOL("force-legacy", VirtIOMMIOProxy, legacy, true),
DEFINE_PROP_BIT("ioeventfd", VirtIOMMIOProxy, flags,
VIRTIO_IOMMIO_FLAG_USE_IOEVENTFD_BIT, true),
@@ -827,19 +825,6 @@ static char *virtio_mmio_bus_get_dev_path(DeviceState *dev)
virtio_mmio_proxy = VIRTIO_MMIO(virtio_mmio_bus->parent);
proxy_path = qdev_get_dev_path(DEVICE(virtio_mmio_proxy));
- /*
- * If @format_transport_address is false, then we just perform the same as
- * virtio_bus_get_dev_path(): we delegate the address formatting for the
- * device on the virtio-mmio bus to the bus that the virtio-mmio proxy
- * (i.e., the device that implements the virtio-mmio bus) resides on. In
- * this case the base address of the virtio-mmio transport will be
- * invisible.
- */
- if (!virtio_mmio_proxy->format_transport_address) {
- return proxy_path;
- }
-
- /* Otherwise, we append the base address of the transport. */
section = memory_region_find(&virtio_mmio_proxy->iomem, 0, 0x200);
assert(section.mr);
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 21/41] hw/i386/pc: Remove deprecated pc-q35-2.7 and pc-i440fx-2.7 machines
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (19 preceding siblings ...)
2026-02-12 14:42 ` [PULL 20/41] hw/virtio/virtio-mmio: Remove VirtIOMMIOProxy::format_transport_address field Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 22/41] hw/i386/pc: Remove pc_compat_2_7[] array Paolo Bonzini
` (20 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Mark Cave-Ayland, Thomas Huth,
Zhao Liu, Igor Mammedov
From: Philippe Mathieu-Daudé <philmd@linaro.org>
These machines has been supported for a period of more than 6 years.
According to our versioned machine support policy (see commit
ce80c4fa6ff "docs: document special exception for machine type
deprecation & removal") they can now be removed. Remove the qtest
in test-x86-cpuid-compat.c file.
Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-21-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/pc_piix.c | 9 ---------
hw/i386/pc_q35.c | 10 ----------
tests/qtest/test-x86-cpuid-compat.c | 11 -----------
3 files changed, 30 deletions(-)
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 9efb42ad055..f9e0bca9743 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -723,15 +723,6 @@ static void pc_i440fx_machine_2_8_options(MachineClass *m)
DEFINE_I440FX_MACHINE(2, 8);
-static void pc_i440fx_machine_2_7_options(MachineClass *m)
-{
- pc_i440fx_machine_2_8_options(m);
- compat_props_add(m->compat_props, hw_compat_2_7, hw_compat_2_7_len);
- compat_props_add(m->compat_props, pc_compat_2_7, pc_compat_2_7_len);
-}
-
-DEFINE_I440FX_MACHINE(2, 7);
-
#ifdef CONFIG_XEN
static void xenfv_machine_4_2_options(MachineClass *m)
{
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 6dd1120c004..9158631f761 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -670,13 +670,3 @@ static void pc_q35_machine_2_8_options(MachineClass *m)
}
DEFINE_Q35_MACHINE(2, 8);
-
-static void pc_q35_machine_2_7_options(MachineClass *m)
-{
- pc_q35_machine_2_8_options(m);
- m->max_cpus = 255;
- compat_props_add(m->compat_props, hw_compat_2_7, hw_compat_2_7_len);
- compat_props_add(m->compat_props, pc_compat_2_7, pc_compat_2_7_len);
-}
-
-DEFINE_Q35_MACHINE(2, 7);
diff --git a/tests/qtest/test-x86-cpuid-compat.c b/tests/qtest/test-x86-cpuid-compat.c
index 456e2af6657..5e0547e81b7 100644
--- a/tests/qtest/test-x86-cpuid-compat.c
+++ b/tests/qtest/test-x86-cpuid-compat.c
@@ -345,17 +345,6 @@ int main(int argc, char **argv)
/* Check compatibility of old machine-types that didn't
* auto-increase level/xlevel/xlevel2: */
- if (qtest_has_machine("pc-i440fx-2.7")) {
- add_cpuid_test("x86/cpuid/auto-level/pc-2.7",
- "486", "arat=on,avx512vbmi=on,xsaveopt=on",
- "pc-i440fx-2.7", "level", 1);
- add_cpuid_test("x86/cpuid/auto-xlevel/pc-2.7",
- "486", "3dnow=on,sse4a=on,invtsc=on,npt=on,svm=on",
- "pc-i440fx-2.7", "xlevel", 0);
- add_cpuid_test("x86/cpuid/auto-xlevel2/pc-2.7",
- "486", "xstore=on", "pc-i440fx-2.7",
- "xlevel2", 0);
- }
if (qtest_has_machine("pc-i440fx-2.9")) {
add_cpuid_test("x86/cpuid/auto-level7/pc-i440fx-2.9/off",
"Conroe", NULL, "pc-i440fx-2.9",
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 22/41] hw/i386/pc: Remove pc_compat_2_7[] array
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (20 preceding siblings ...)
2026-02-12 14:42 ` [PULL 21/41] hw/i386/pc: Remove deprecated pc-q35-2.7 and pc-i440fx-2.7 machines Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 23/41] target/i386/cpu: Remove CPUX86State::full_cpuid_auto_level field Paolo Bonzini
` (19 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Mark Cave-Ayland, Zhao Liu,
Thomas Huth, Igor Mammedov
From: Philippe Mathieu-Daudé <philmd@linaro.org>
The pc_compat_2_7[] array was only used by the pc-q35-2.7
and pc-i440fx-2.7 machines, which got removed. Remove it.
Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-22-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/i386/pc.h | 3 ---
hw/i386/pc.c | 10 ----------
2 files changed, 13 deletions(-)
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index d6d54852375..1cf88c16975 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -295,9 +295,6 @@ extern const size_t pc_compat_2_9_len;
extern GlobalProperty pc_compat_2_8[];
extern const size_t pc_compat_2_8_len;
-extern GlobalProperty pc_compat_2_7[];
-extern const size_t pc_compat_2_7_len;
-
#define DEFINE_PC_MACHINE(suffix, namestr, initfn, optsfn) \
static void pc_machine_##suffix##_class_init(ObjectClass *oc, \
const void *data) \
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 12f139c6798..5a70e5a7da4 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -256,16 +256,6 @@ GlobalProperty pc_compat_2_8[] = {
};
const size_t pc_compat_2_8_len = G_N_ELEMENTS(pc_compat_2_8);
-GlobalProperty pc_compat_2_7[] = {
- { TYPE_X86_CPU, "l3-cache", "off" },
- { TYPE_X86_CPU, "full-cpuid-auto-level", "off" },
- { "Opteron_G3" "-" TYPE_X86_CPU, "family", "15" },
- { "Opteron_G3" "-" TYPE_X86_CPU, "model", "6" },
- { "Opteron_G3" "-" TYPE_X86_CPU, "stepping", "1" },
- { "isa-pcspk", "migrate", "off" },
-};
-const size_t pc_compat_2_7_len = G_N_ELEMENTS(pc_compat_2_7);
-
/*
* @PC_FW_DATA:
* Size of the chunk of memory at the top of RAM for the BIOS ACPI tables
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 23/41] target/i386/cpu: Remove CPUX86State::full_cpuid_auto_level field
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (21 preceding siblings ...)
2026-02-12 14:42 ` [PULL 22/41] hw/i386/pc: Remove pc_compat_2_7[] array Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 24/41] hw/audio/pcspk: Remove PCSpkState::migrate field Paolo Bonzini
` (18 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Philippe Mathieu-Daudé, Zhao Liu, Igor Mammedov
From: Philippe Mathieu-Daudé <philmd@linaro.org>
The CPUX86State::full_cpuid_auto_level boolean was only
disabled for the pc-q35-2.7 and pc-i440fx-2.7 machines,
which got removed. Being now always %true, we can remove
it and simplify x86_cpu_expand_features().
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-23-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.h | 3 --
target/i386/cpu.c | 117 ++++++++++++++++++++++------------------------
2 files changed, 57 insertions(+), 63 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index da5161fc1a5..f2be42d7f65 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2425,9 +2425,6 @@ struct ArchCPU {
/* Force to enable cpuid 0x1f */
bool force_cpuid_0x1f;
- /* Enable auto level-increase for all CPUID leaves */
- bool full_cpuid_auto_level;
-
/*
* Compatibility bits for old machine types (PC machine v6.0 and older).
* Only advertise CPUID leaves defined by the vendor.
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 0a7b884528e..201c5d5c210 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -9508,74 +9508,72 @@ void x86_cpu_expand_features(X86CPU *cpu, Error **errp)
/* CPUID[EAX=7,ECX=0].EBX always increased level automatically: */
x86_cpu_adjust_feat_level(cpu, FEAT_7_0_EBX);
- if (cpu->full_cpuid_auto_level) {
- x86_cpu_adjust_feat_level(cpu, FEAT_1_EDX);
- x86_cpu_adjust_feat_level(cpu, FEAT_1_ECX);
- x86_cpu_adjust_feat_level(cpu, FEAT_6_EAX);
- x86_cpu_adjust_feat_level(cpu, FEAT_7_0_ECX);
- x86_cpu_adjust_feat_level(cpu, FEAT_7_1_EAX);
- x86_cpu_adjust_feat_level(cpu, FEAT_7_1_ECX);
- x86_cpu_adjust_feat_level(cpu, FEAT_7_1_EDX);
- x86_cpu_adjust_feat_level(cpu, FEAT_7_2_EDX);
- x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_EDX);
- x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_ECX);
- x86_cpu_adjust_feat_level(cpu, FEAT_8000_0007_EDX);
- x86_cpu_adjust_feat_level(cpu, FEAT_8000_0008_EBX);
- x86_cpu_adjust_feat_level(cpu, FEAT_C000_0001_EDX);
- x86_cpu_adjust_feat_level(cpu, FEAT_SVM);
- x86_cpu_adjust_feat_level(cpu, FEAT_XSAVE);
+ x86_cpu_adjust_feat_level(cpu, FEAT_1_EDX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_1_ECX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_6_EAX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_7_0_ECX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_7_1_EAX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_7_1_ECX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_7_1_EDX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_7_2_EDX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_EDX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_8000_0001_ECX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_8000_0007_EDX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_8000_0008_EBX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_C000_0001_EDX);
+ x86_cpu_adjust_feat_level(cpu, FEAT_SVM);
+ x86_cpu_adjust_feat_level(cpu, FEAT_XSAVE);
- /* Intel Processor Trace requires CPUID[0x14] */
- if ((env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT)) {
- if (cpu->intel_pt_auto_level) {
- x86_cpu_adjust_level(cpu, &cpu->env.cpuid_min_level, 0x14);
- } else if (cpu->env.cpuid_min_level < 0x14) {
- mark_unavailable_features(cpu, FEAT_7_0_EBX,
- CPUID_7_0_EBX_INTEL_PT,
- "Intel PT need CPUID leaf 0x14, please set by \"-cpu ...,intel-pt=on,min-level=0x14\"");
- }
+ /* Intel Processor Trace requires CPUID[0x14] */
+ if ((env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT)) {
+ if (cpu->intel_pt_auto_level) {
+ x86_cpu_adjust_level(cpu, &cpu->env.cpuid_min_level, 0x14);
+ } else if (cpu->env.cpuid_min_level < 0x14) {
+ mark_unavailable_features(cpu, FEAT_7_0_EBX,
+ CPUID_7_0_EBX_INTEL_PT,
+ "Intel PT need CPUID leaf 0x14, please set by \"-cpu ...,intel-pt=on,min-level=0x14\"");
}
+ }
- /*
- * Intel CPU topology with multi-dies support requires CPUID[0x1F].
- * For AMD Rome/Milan, cpuid level is 0x10, and guest OS should detect
- * extended toplogy by leaf 0xB. Only adjust it for Intel CPU, unless
- * cpu->vendor_cpuid_only has been unset for compatibility with older
- * machine types.
- */
- if (x86_has_cpuid_0x1f(cpu) &&
- (IS_INTEL_CPU(env) || !cpu->vendor_cpuid_only)) {
- x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x1F);
- }
+ /*
+ * Intel CPU topology with multi-dies support requires CPUID[0x1F].
+ * For AMD Rome/Milan, cpuid level is 0x10, and guest OS should detect
+ * extended toplogy by leaf 0xB. Only adjust it for Intel CPU, unless
+ * cpu->vendor_cpuid_only has been unset for compatibility with older
+ * machine types.
+ */
+ if (x86_has_cpuid_0x1f(cpu) &&
+ (IS_INTEL_CPU(env) || !cpu->vendor_cpuid_only)) {
+ x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x1F);
+ }
- /* Advanced Vector Extensions 10 (AVX10) requires CPUID[0x24] */
- if (env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_AVX10) {
- x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x24);
- }
+ /* Advanced Vector Extensions 10 (AVX10) requires CPUID[0x24] */
+ if (env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_AVX10) {
+ x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x24);
+ }
- /* Advanced Performance Extensions (APX) requires CPUID[0x29] */
- if (env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_APXF) {
- x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x29);
- }
+ /* Advanced Performance Extensions (APX) requires CPUID[0x29] */
+ if (env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_APXF) {
+ x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x29);
+ }
- /* SVM requires CPUID[0x8000000A] */
- if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
- x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A);
- }
+ /* SVM requires CPUID[0x8000000A] */
+ if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
+ x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A);
+ }
- /* SEV requires CPUID[0x8000001F] */
- if (sev_enabled()) {
- x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F);
- }
+ /* SEV requires CPUID[0x8000001F] */
+ if (sev_enabled()) {
+ x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F);
+ }
- if (env->features[FEAT_8000_0021_EAX]) {
- x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x80000021);
- }
+ if (env->features[FEAT_8000_0021_EAX]) {
+ x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x80000021);
+ }
- /* SGX requires CPUID[0x12] for EPC enumeration */
- if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SGX) {
- x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x12);
- }
+ /* SGX requires CPUID[0x12] for EPC enumeration */
+ if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SGX) {
+ x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x12);
}
/* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */
@@ -10520,7 +10518,6 @@ static const Property x86_cpu_properties[] = {
DEFINE_PROP_UINT32("min-xlevel", X86CPU, env.cpuid_min_xlevel, 0),
DEFINE_PROP_UINT32("min-xlevel2", X86CPU, env.cpuid_min_xlevel2, 0),
DEFINE_PROP_UINT64("ucode-rev", X86CPU, ucode_rev, 0),
- DEFINE_PROP_BOOL("full-cpuid-auto-level", X86CPU, full_cpuid_auto_level, true),
DEFINE_PROP_STRING("hv-vendor-id", X86CPU, hyperv_vendor),
DEFINE_PROP_BOOL("cpuid-0xb", X86CPU, enable_cpuid_0xb, true),
DEFINE_PROP_BOOL("x-vendor-cpuid-only", X86CPU, vendor_cpuid_only, true),
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 24/41] hw/audio/pcspk: Remove PCSpkState::migrate field
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (22 preceding siblings ...)
2026-02-12 14:42 ` [PULL 23/41] target/i386/cpu: Remove CPUX86State::full_cpuid_auto_level field Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 25/41] hw/core/machine: Remove hw_compat_2_7[] array Paolo Bonzini
` (17 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Mark Cave-Ayland, Thomas Huth,
Igor Mammedov, Zhao Liu
From: Philippe Mathieu-Daudé <philmd@linaro.org>
The PCSpkState::migrate boolean was only set in the
pc_compat_2_7[] array, via the 'migrate=off' property.
We removed all machines using that array, lets remove
that property, simplifying vmstate_spk[].
Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-24-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/audio/pcspk.c | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/hw/audio/pcspk.c b/hw/audio/pcspk.c
index 916c56fa4c0..0b01544941c 100644
--- a/hw/audio/pcspk.c
+++ b/hw/audio/pcspk.c
@@ -57,7 +57,6 @@ struct PCSpkState {
unsigned int play_pos;
uint8_t data_on;
uint8_t dummy_refresh_clock;
- bool migrate;
};
static const char *s_spk = "pcspk";
@@ -202,18 +201,10 @@ static void pcspk_realizefn(DeviceState *dev, Error **errp)
}
}
-static bool migrate_needed(void *opaque)
-{
- PCSpkState *s = opaque;
-
- return s->migrate;
-}
-
static const VMStateDescription vmstate_spk = {
.name = "pcspk",
.version_id = 1,
.minimum_version_id = 1,
- .needed = migrate_needed,
.fields = (const VMStateField[]) {
VMSTATE_UINT8(data_on, PCSpkState),
VMSTATE_UINT8(dummy_refresh_clock, PCSpkState),
@@ -224,7 +215,6 @@ static const VMStateDescription vmstate_spk = {
static const Property pcspk_properties[] = {
DEFINE_AUDIO_PROPERTIES(PCSpkState, audio_be),
DEFINE_PROP_UINT32("iobase", PCSpkState, iobase, 0x61),
- DEFINE_PROP_BOOL("migrate", PCSpkState, migrate, true),
DEFINE_PROP_LINK("pit", PCSpkState, pit, TYPE_PIT_COMMON, PITCommonState *),
};
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 25/41] hw/core/machine: Remove hw_compat_2_7[] array
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (23 preceding siblings ...)
2026-02-12 14:42 ` [PULL 24/41] hw/audio/pcspk: Remove PCSpkState::migrate field Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 26/41] hw/i386/intel_iommu: Remove IntelIOMMUState::buggy_eim field Paolo Bonzini
` (16 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Mark Cave-Ayland, Zhao Liu,
Igor Mammedov
From: Philippe Mathieu-Daudé <philmd@linaro.org>
The hw_compat_2_7[] array was only used by the pc-q35-2.7 and
pc-i440fx-2.7 machines, which got removed. Remove it.
Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-25-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/core/boards.h | 3 ---
hw/core/machine.c | 9 ---------
2 files changed, 12 deletions(-)
diff --git a/include/hw/core/boards.h b/include/hw/core/boards.h
index d6ff9f3d233..a99ef4ca469 100644
--- a/include/hw/core/boards.h
+++ b/include/hw/core/boards.h
@@ -882,7 +882,4 @@ extern const size_t hw_compat_2_9_len;
extern GlobalProperty hw_compat_2_8[];
extern const size_t hw_compat_2_8_len;
-extern GlobalProperty hw_compat_2_7[];
-extern const size_t hw_compat_2_7_len;
-
#endif
diff --git a/hw/core/machine.c b/hw/core/machine.c
index 2664848c2b0..308bd0b6088 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -284,15 +284,6 @@ GlobalProperty hw_compat_2_8[] = {
};
const size_t hw_compat_2_8_len = G_N_ELEMENTS(hw_compat_2_8);
-GlobalProperty hw_compat_2_7[] = {
- { "virtio-pci", "page-per-vq", "on" },
- { "virtio-serial-device", "emergency-write", "off" },
- { "ioapic", "version", "0x11" },
- { "intel-iommu", "x-buggy-eim", "true" },
- { "virtio-pci", "x-ignore-backend-features", "on" },
-};
-const size_t hw_compat_2_7_len = G_N_ELEMENTS(hw_compat_2_7);
-
MachineState *current_machine;
static char *machine_get_kernel(Object *obj, Error **errp)
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 26/41] hw/i386/intel_iommu: Remove IntelIOMMUState::buggy_eim field
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (24 preceding siblings ...)
2026-02-12 14:42 ` [PULL 25/41] hw/core/machine: Remove hw_compat_2_7[] array Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 27/41] hw/virtio/virtio-pci: Remove VirtIOPCIProxy::ignore_backend_features field Paolo Bonzini
` (15 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Mark Cave-Ayland, Igor Mammedov,
Zhao Liu
From: Philippe Mathieu-Daudé <philmd@linaro.org>
The IntelIOMMUState::buggy_eim boolean was only set in
the hw_compat_2_7[] array, via the 'x-buggy-eim=true'
property. We removed all machines using that array, lets
remove that property, simplifying vtd_decide_config().
Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-26-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/i386/intel_iommu.h | 1 -
hw/i386/intel_iommu.c | 5 ++---
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/include/hw/i386/intel_iommu.h b/include/hw/i386/intel_iommu.h
index d600e5495f5..54c2b6b77a0 100644
--- a/include/hw/i386/intel_iommu.h
+++ b/include/hw/i386/intel_iommu.h
@@ -313,7 +313,6 @@ struct IntelIOMMUState {
uint32_t intr_size; /* Number of IR table entries */
bool intr_eime; /* Extended interrupt mode enabled */
OnOffAuto intr_eim; /* Toggle for EIM cabability */
- bool buggy_eim; /* Force buggy EIM unless eim=off */
uint8_t aw_bits; /* Host/IOVA address width (in bits) */
bool dma_drain; /* Whether DMA r/w draining enabled */
bool pasid; /* Whether to support PASID */
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index dd00079a406..92a367d6577 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -4180,7 +4180,6 @@ static const Property vtd_properties[] = {
DEFINE_PROP_UINT32("version", IntelIOMMUState, version, 0),
DEFINE_PROP_ON_OFF_AUTO("eim", IntelIOMMUState, intr_eim,
ON_OFF_AUTO_AUTO),
- DEFINE_PROP_BOOL("x-buggy-eim", IntelIOMMUState, buggy_eim, false),
DEFINE_PROP_UINT8("aw-bits", IntelIOMMUState, aw_bits,
VTD_HOST_ADDRESS_WIDTH),
DEFINE_PROP_BOOL("caching-mode", IntelIOMMUState, caching_mode, FALSE),
@@ -5539,11 +5538,11 @@ static bool vtd_decide_config(IntelIOMMUState *s, Error **errp)
}
if (s->intr_eim == ON_OFF_AUTO_AUTO) {
- s->intr_eim = (kvm_irqchip_in_kernel() || s->buggy_eim)
+ s->intr_eim = kvm_irqchip_in_kernel()
&& x86_iommu_ir_supported(x86_iommu) ?
ON_OFF_AUTO_ON : ON_OFF_AUTO_OFF;
}
- if (s->intr_eim == ON_OFF_AUTO_ON && !s->buggy_eim) {
+ if (s->intr_eim == ON_OFF_AUTO_ON) {
if (kvm_irqchip_is_split() && !kvm_enable_x2apic()) {
error_setg(errp, "eim=on requires support on the KVM side"
"(X2APIC_API, first shipped in v4.7)");
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 27/41] hw/virtio/virtio-pci: Remove VirtIOPCIProxy::ignore_backend_features field
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (25 preceding siblings ...)
2026-02-12 14:42 ` [PULL 26/41] hw/i386/intel_iommu: Remove IntelIOMMUState::buggy_eim field Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 28/41] hw/char/virtio-serial: Do not expose the 'emergency-write' property Paolo Bonzini
` (14 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Mark Cave-Ayland, Igor Mammedov,
Zhao Liu
From: Philippe Mathieu-Daudé <philmd@linaro.org>
The VirtIOPCIProxy::ignore_backend_features boolean was only set
in the hw_compat_2_7[] array, via the 'x-ignore-backend-features=on'
property. We removed all machines using that array, lets remove
that property, simplify by only using the default version.
Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-27-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/virtio/virtio-pci.h | 1 -
hw/virtio/virtio-pci.c | 5 +----
2 files changed, 1 insertion(+), 5 deletions(-)
diff --git a/include/hw/virtio/virtio-pci.h b/include/hw/virtio/virtio-pci.h
index 639752977ee..581bb830b79 100644
--- a/include/hw/virtio/virtio-pci.h
+++ b/include/hw/virtio/virtio-pci.h
@@ -150,7 +150,6 @@ struct VirtIOPCIProxy {
uint16_t last_pcie_cap_offset;
uint32_t flags;
bool disable_modern;
- bool ignore_backend_features;
OnOffAuto disable_legacy;
/* Transitional device id */
uint16_t trans_devid;
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 1e8f90df34e..fe13a7a9503 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -2040,8 +2040,7 @@ static void virtio_pci_device_plugged(DeviceState *d, Error **errp)
* Virtio capabilities present without
* VIRTIO_F_VERSION_1 confuses guests
*/
- if (!proxy->ignore_backend_features &&
- !virtio_has_feature(vdev->host_features, VIRTIO_F_VERSION_1)) {
+ if (!virtio_has_feature(vdev->host_features, VIRTIO_F_VERSION_1)) {
virtio_pci_disable_modern(proxy);
if (!legacy) {
@@ -2443,8 +2442,6 @@ static const Property virtio_pci_properties[] = {
VIRTIO_PCI_FLAG_MODERN_PIO_NOTIFY_BIT, false),
DEFINE_PROP_BIT("page-per-vq", VirtIOPCIProxy, flags,
VIRTIO_PCI_FLAG_PAGE_PER_VQ_BIT, false),
- DEFINE_PROP_BOOL("x-ignore-backend-features", VirtIOPCIProxy,
- ignore_backend_features, false),
DEFINE_PROP_BIT("ats", VirtIOPCIProxy, flags,
VIRTIO_PCI_FLAG_ATS_BIT, false),
DEFINE_PROP_BIT("x-ats-page-aligned", VirtIOPCIProxy, flags,
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 28/41] hw/char/virtio-serial: Do not expose the 'emergency-write' property
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (26 preceding siblings ...)
2026-02-12 14:42 ` [PULL 27/41] hw/virtio/virtio-pci: Remove VirtIOPCIProxy::ignore_backend_features field Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-16 17:21 ` Alexander Bulekov
2026-02-12 14:42 ` [PULL 29/41] i386/cpu: Fix incorrect initializer in Diamond Rapids definition Paolo Bonzini
` (13 subsequent siblings)
41 siblings, 1 reply; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Mark Cave-Ayland, Zhao Liu,
Igor Mammedov
From: Philippe Mathieu-Daudé <philmd@linaro.org>
The VIRTIO_CONSOLE_F_EMERG_WRITE feature bit was only set
in the hw_compat_2_7[] array, via the 'emergency-write=off'
property. We removed all machines using that array, lets remove
that property. All instances have this feature bit set and
it can not be disabled. VirtIOSerial::host_features mask is
now unused, remove it.
Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260108033051.777361-28-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/hw/virtio/virtio-serial.h | 2 --
hw/char/virtio-serial-bus.c | 9 +++------
2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/include/hw/virtio/virtio-serial.h b/include/hw/virtio/virtio-serial.h
index 60641860bf8..da0c91e1a40 100644
--- a/include/hw/virtio/virtio-serial.h
+++ b/include/hw/virtio/virtio-serial.h
@@ -186,8 +186,6 @@ struct VirtIOSerial {
struct VirtIOSerialPostLoad *post_load;
virtio_serial_conf serial;
-
- uint64_t host_features;
};
/* Interface to the virtio-serial bus */
diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
index 5ec5f5313b2..b7c57ea9678 100644
--- a/hw/char/virtio-serial-bus.c
+++ b/hw/char/virtio-serial-bus.c
@@ -557,7 +557,7 @@ static uint64_t get_features(VirtIODevice *vdev, uint64_t features,
vser = VIRTIO_SERIAL(vdev);
- features |= vser->host_features;
+ features |= BIT_ULL(VIRTIO_CONSOLE_F_EMERG_WRITE);
if (vser->bus.max_nr_ports > 1) {
virtio_add_feature(&features, VIRTIO_CONSOLE_F_MULTIPORT);
}
@@ -587,8 +587,7 @@ static void set_config(VirtIODevice *vdev, const uint8_t *config_data)
VirtIOSerialPortClass *vsc;
uint8_t emerg_wr_lo;
- if (!virtio_has_feature(vser->host_features,
- VIRTIO_CONSOLE_F_EMERG_WRITE) || !config->emerg_wr) {
+ if (!config->emerg_wr) {
return;
}
@@ -1040,7 +1039,7 @@ static void virtio_serial_device_realize(DeviceState *dev, Error **errp)
return;
}
- if (!virtio_has_feature(vser->host_features,
+ if (!virtio_has_feature(vdev->host_features,
VIRTIO_CONSOLE_F_EMERG_WRITE)) {
config_size = offsetof(struct virtio_console_config, emerg_wr);
}
@@ -1156,8 +1155,6 @@ static const VMStateDescription vmstate_virtio_console = {
static const Property virtio_serial_properties[] = {
DEFINE_PROP_UINT32("max_ports", VirtIOSerial, serial.max_virtserial_ports,
31),
- DEFINE_PROP_BIT64("emergency-write", VirtIOSerial, host_features,
- VIRTIO_CONSOLE_F_EMERG_WRITE, true),
};
static void virtio_serial_class_init(ObjectClass *klass, const void *data)
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 29/41] i386/cpu: Fix incorrect initializer in Diamond Rapids definition
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (27 preceding siblings ...)
2026-02-12 14:42 ` [PULL 28/41] hw/char/virtio-serial: Do not expose the 'emergency-write' property Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 30/41] target/i386/kvm: set KVM_PMU_CAP_DISABLE if "-pmu" is configured Paolo Bonzini
` (12 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Aidan Khoury
From: Aidan Khoury <aidan@aktech.ai>
The new Diamond Rapids x86 cpu model definition that was added in 7a6dd8bde1
has an unexpected comma in the `.features[FEAT_VMX_EXIT_CTLS]` subobject
initializer, causing the prior initialization to be overridden. For this
reason `VMX_VM_EXIT_SAVE_DEBUG_CONTROLS | VMX_VM_EXIT_HOST_ADDR_SPACE_SIZE`
is not included.
Fix this by replacing the comma with the missing bitwise OR to properly
combine all the flags into a single bitmask value.
Fixes: 7a6dd8bde159 ("i386/cpu: Add CPU model for Diamond Rapids")
Signed-off-by: Aidan Khoury <aidan@aktech.ai>
---
target/i386/cpu.c | 2 +-
roms/seabios-hppa | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 201c5d5c210..eaa01438c1b 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5579,7 +5579,7 @@ static const X86CPUDefinition builtin_x86_defs[] = {
MSR_VMX_EPT_INVVPID_ALL_CONTEXT |
MSR_VMX_EPT_INVVPID_SINGLE_CONTEXT_NOGLOBALS,
.features[FEAT_VMX_EXIT_CTLS] =
- VMX_VM_EXIT_SAVE_DEBUG_CONTROLS | VMX_VM_EXIT_HOST_ADDR_SPACE_SIZE,
+ VMX_VM_EXIT_SAVE_DEBUG_CONTROLS | VMX_VM_EXIT_HOST_ADDR_SPACE_SIZE |
VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL |
VMX_VM_EXIT_ACK_INTR_ON_EXIT | VMX_VM_EXIT_SAVE_IA32_PAT |
VMX_VM_EXIT_LOAD_IA32_PAT | VMX_VM_EXIT_SAVE_IA32_EFER |
diff --git a/roms/seabios-hppa b/roms/seabios-hppa
index b876684ec39..3391c580960 160000
--- a/roms/seabios-hppa
+++ b/roms/seabios-hppa
@@ -1 +1 @@
-Subproject commit b876684ec394856a8cc2523c57b3dc784dc119d4
+Subproject commit 3391c580960febcb9fa8f686f9666adaa462c349
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 30/41] target/i386/kvm: set KVM_PMU_CAP_DISABLE if "-pmu" is configured
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (28 preceding siblings ...)
2026-02-12 14:42 ` [PULL 29/41] i386/cpu: Fix incorrect initializer in Diamond Rapids definition Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 31/41] target/i386/kvm: extract unrelated code out of kvm_x86_build_cpuid() Paolo Bonzini
` (11 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Dongli Zhang, Xiaoyao Li, Zhao Liu, Dapeng Mi, Zide Chen
From: Dongli Zhang <dongli.zhang@oracle.com>
Although AMD PERFCORE and PerfMonV2 are removed when "-pmu" is configured,
there is no way to fully disable KVM AMD PMU virtualization. Neither
"-cpu host,-pmu" nor "-cpu EPYC" achieves this.
As a result, the following message still appears in the VM dmesg:
[ 0.263615] Performance Events: AMD PMU driver.
However, the expected output should be:
[ 0.596381] Performance Events: PMU not available due to virtualization, using software events only.
[ 0.600972] NMI watchdog: Perf NMI watchdog permanently disabled
This occurs because AMD does not use any CPUID bit to indicate PMU
availability.
To address this, KVM_CAP_PMU_CAPABILITY is used to set KVM_PMU_CAP_DISABLE
when "-pmu" is configured.
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
Reviewed-by: Zide Chen <zide.chen@intel.com>
Link: https://lore.kernel.org/r/20260109075508.113097-2-dongli.zhang@oracle.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/kvm/kvm.c | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 0c940d4b640..69748420fd6 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -178,6 +178,8 @@ static int has_triple_fault_event;
static bool has_msr_mcg_ext_ctl;
+static int pmu_cap;
+
static struct kvm_cpuid2 *cpuid_cache;
static struct kvm_cpuid2 *hv_cpuid_cache;
static struct kvm_msr_list *kvm_feature_msrs;
@@ -2079,6 +2081,33 @@ full:
int kvm_arch_pre_create_vcpu(CPUState *cpu, Error **errp)
{
+ static bool first = true;
+ int ret;
+
+ if (first) {
+ first = false;
+
+ /*
+ * Since Linux v5.18, KVM provides a VM-level capability to easily
+ * disable PMUs; however, QEMU has been providing PMU property per
+ * CPU since v1.6. In order to accommodate both, have to configure
+ * the VM-level capability here.
+ *
+ * KVM_PMU_CAP_DISABLE doesn't change the PMU
+ * behavior on Intel platform because current "pmu" property works
+ * as expected.
+ */
+ if ((pmu_cap & KVM_PMU_CAP_DISABLE) && !X86_CPU(cpu)->enable_pmu) {
+ ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_PMU_CAPABILITY, 0,
+ KVM_PMU_CAP_DISABLE);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret,
+ "Failed to set KVM_PMU_CAP_DISABLE");
+ return ret;
+ }
+ }
+ }
+
if (is_tdx_vm()) {
return tdx_pre_create_vcpu(cpu, errp);
}
@@ -3390,6 +3419,8 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
}
}
+ pmu_cap = kvm_check_extension(s, KVM_CAP_PMU_CAPABILITY);
+
return 0;
}
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 31/41] target/i386/kvm: extract unrelated code out of kvm_x86_build_cpuid()
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (29 preceding siblings ...)
2026-02-12 14:42 ` [PULL 30/41] target/i386/kvm: set KVM_PMU_CAP_DISABLE if "-pmu" is configured Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 32/41] target/i386/kvm: rename architectural PMU variables Paolo Bonzini
` (10 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Dongli Zhang, Zhao Liu, Dapeng Mi, Zide Chen
From: Dongli Zhang <dongli.zhang@oracle.com>
The initialization of 'has_architectural_pmu_version',
'num_architectural_pmu_gp_counters', and
'num_architectural_pmu_fixed_counters' is unrelated to the process of
building the CPUID.
Extract them out of kvm_x86_build_cpuid().
In addition, use cpuid_find_entry() instead of cpu_x86_cpuid(), because
CPUID has already been filled at this stage.
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
Reviewed-by: Zide Chen <zide.chen@intel.com>
Link: https://lore.kernel.org/r/20260109075508.113097-3-dongli.zhang@oracle.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/kvm/kvm.c | 62 ++++++++++++++++++++++++-------------------
1 file changed, 35 insertions(+), 27 deletions(-)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 69748420fd6..31e8ef87aab 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -1985,33 +1985,6 @@ uint32_t kvm_x86_build_cpuid(CPUX86State *env, struct kvm_cpuid_entry2 *entries,
}
}
- if (limit >= 0x0a) {
- uint32_t eax, edx;
-
- cpu_x86_cpuid(env, 0x0a, 0, &eax, &unused, &unused, &edx);
-
- has_architectural_pmu_version = eax & 0xff;
- if (has_architectural_pmu_version > 0) {
- num_architectural_pmu_gp_counters = (eax & 0xff00) >> 8;
-
- /* Shouldn't be more than 32, since that's the number of bits
- * available in EBX to tell us _which_ counters are available.
- * Play it safe.
- */
- if (num_architectural_pmu_gp_counters > MAX_GP_COUNTERS) {
- num_architectural_pmu_gp_counters = MAX_GP_COUNTERS;
- }
-
- if (has_architectural_pmu_version > 1) {
- num_architectural_pmu_fixed_counters = edx & 0x1f;
-
- if (num_architectural_pmu_fixed_counters > MAX_FIXED_COUNTERS) {
- num_architectural_pmu_fixed_counters = MAX_FIXED_COUNTERS;
- }
- }
- }
- }
-
cpu_x86_cpuid(env, 0x80000000, 0, &limit, &unused, &unused, &unused);
for (i = 0x80000000; i <= limit; i++) {
@@ -2115,6 +2088,39 @@ int kvm_arch_pre_create_vcpu(CPUState *cpu, Error **errp)
return 0;
}
+static void kvm_init_pmu_info(struct kvm_cpuid2 *cpuid)
+{
+ struct kvm_cpuid_entry2 *c;
+
+ c = cpuid_find_entry(cpuid, 0xa, 0);
+
+ if (!c) {
+ return;
+ }
+
+ has_architectural_pmu_version = c->eax & 0xff;
+ if (has_architectural_pmu_version > 0) {
+ num_architectural_pmu_gp_counters = (c->eax & 0xff00) >> 8;
+
+ /*
+ * Shouldn't be more than 32, since that's the number of bits
+ * available in EBX to tell us _which_ counters are available.
+ * Play it safe.
+ */
+ if (num_architectural_pmu_gp_counters > MAX_GP_COUNTERS) {
+ num_architectural_pmu_gp_counters = MAX_GP_COUNTERS;
+ }
+
+ if (has_architectural_pmu_version > 1) {
+ num_architectural_pmu_fixed_counters = c->edx & 0x1f;
+
+ if (num_architectural_pmu_fixed_counters > MAX_FIXED_COUNTERS) {
+ num_architectural_pmu_fixed_counters = MAX_FIXED_COUNTERS;
+ }
+ }
+ }
+}
+
int kvm_arch_init_vcpu(CPUState *cs)
{
struct {
@@ -2305,6 +2311,8 @@ int kvm_arch_init_vcpu(CPUState *cs)
cpuid_i = kvm_x86_build_cpuid(env, cpuid_data.entries, cpuid_i);
cpuid_data.cpuid.nent = cpuid_i;
+ kvm_init_pmu_info(&cpuid_data.cpuid);
+
if (x86_cpu_family(env->cpuid_version) >= 6
&& (env->features[FEAT_1_EDX] & (CPUID_MCE | CPUID_MCA)) ==
(CPUID_MCE | CPUID_MCA)) {
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 32/41] target/i386/kvm: rename architectural PMU variables
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (30 preceding siblings ...)
2026-02-12 14:42 ` [PULL 31/41] target/i386/kvm: extract unrelated code out of kvm_x86_build_cpuid() Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 33/41] target/i386/kvm: reset AMD PMU registers during VM reset Paolo Bonzini
` (9 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Dongli Zhang, Dapeng Mi, Zhao Liu, Sandipan Das, Zide Chen
From: Dongli Zhang <dongli.zhang@oracle.com>
AMD does not have what is commonly referred to as an architectural PMU.
Therefore, we need to rename the following variables to be applicable for
both Intel and AMD:
- has_architectural_pmu_version
- num_architectural_pmu_gp_counters
- num_architectural_pmu_fixed_counters
For Intel processors, the meaning of pmu_version remains unchanged.
For AMD processors:
pmu_version == 1 corresponds to versions before AMD PerfMonV2.
pmu_version == 2 corresponds to AMD PerfMonV2.
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Reviewed-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Sandipan Das <sandipan.das@amd.com>
Reviewed-by: Zide Chen <zide.chen@intel.com>
Link: https://lore.kernel.org/r/20260109075508.113097-4-dongli.zhang@oracle.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/kvm/kvm.c | 49 ++++++++++++++++++++++++-------------------
1 file changed, 28 insertions(+), 21 deletions(-)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 31e8ef87aab..8faba7e471e 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -166,9 +166,16 @@ static bool has_msr_perf_capabs;
static bool has_msr_pkrs;
static bool has_msr_hwcr;
-static uint32_t has_architectural_pmu_version;
-static uint32_t num_architectural_pmu_gp_counters;
-static uint32_t num_architectural_pmu_fixed_counters;
+/*
+ * For Intel processors, the meaning is the architectural PMU version
+ * number.
+ *
+ * For AMD processors: 1 corresponds to the prior versions, and 2
+ * corresponds to AMD PerfMonV2.
+ */
+static uint32_t pmu_version;
+static uint32_t num_pmu_gp_counters;
+static uint32_t num_pmu_fixed_counters;
static int has_xsave2;
static int has_xcrs;
@@ -2098,24 +2105,24 @@ static void kvm_init_pmu_info(struct kvm_cpuid2 *cpuid)
return;
}
- has_architectural_pmu_version = c->eax & 0xff;
- if (has_architectural_pmu_version > 0) {
- num_architectural_pmu_gp_counters = (c->eax & 0xff00) >> 8;
+ pmu_version = c->eax & 0xff;
+ if (pmu_version > 0) {
+ num_pmu_gp_counters = (c->eax & 0xff00) >> 8;
/*
* Shouldn't be more than 32, since that's the number of bits
* available in EBX to tell us _which_ counters are available.
* Play it safe.
*/
- if (num_architectural_pmu_gp_counters > MAX_GP_COUNTERS) {
- num_architectural_pmu_gp_counters = MAX_GP_COUNTERS;
+ if (num_pmu_gp_counters > MAX_GP_COUNTERS) {
+ num_pmu_gp_counters = MAX_GP_COUNTERS;
}
- if (has_architectural_pmu_version > 1) {
- num_architectural_pmu_fixed_counters = c->edx & 0x1f;
+ if (pmu_version > 1) {
+ num_pmu_fixed_counters = c->edx & 0x1f;
- if (num_architectural_pmu_fixed_counters > MAX_FIXED_COUNTERS) {
- num_architectural_pmu_fixed_counters = MAX_FIXED_COUNTERS;
+ if (num_pmu_fixed_counters > MAX_FIXED_COUNTERS) {
+ num_pmu_fixed_counters = MAX_FIXED_COUNTERS;
}
}
}
@@ -4086,25 +4093,25 @@ static int kvm_put_msrs(X86CPU *cpu, KvmPutState level)
kvm_msr_entry_add(cpu, MSR_KVM_POLL_CONTROL, env->poll_control_msr);
}
- if (has_architectural_pmu_version > 0) {
- if (has_architectural_pmu_version > 1) {
+ if (pmu_version > 0) {
+ if (pmu_version > 1) {
/* Stop the counter. */
kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR_CTRL, 0);
kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_CTRL, 0);
}
/* Set the counter values. */
- for (i = 0; i < num_architectural_pmu_fixed_counters; i++) {
+ for (i = 0; i < num_pmu_fixed_counters; i++) {
kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR0 + i,
env->msr_fixed_counters[i]);
}
- for (i = 0; i < num_architectural_pmu_gp_counters; i++) {
+ for (i = 0; i < num_pmu_gp_counters; i++) {
kvm_msr_entry_add(cpu, MSR_P6_PERFCTR0 + i,
env->msr_gp_counters[i]);
kvm_msr_entry_add(cpu, MSR_P6_EVNTSEL0 + i,
env->msr_gp_evtsel[i]);
}
- if (has_architectural_pmu_version > 1) {
+ if (pmu_version > 1) {
kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_STATUS,
env->msr_global_status);
kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_OVF_CTRL,
@@ -4621,17 +4628,17 @@ static int kvm_get_msrs(X86CPU *cpu)
if (env->features[FEAT_KVM] & CPUID_KVM_POLL_CONTROL) {
kvm_msr_entry_add(cpu, MSR_KVM_POLL_CONTROL, 1);
}
- if (has_architectural_pmu_version > 0) {
- if (has_architectural_pmu_version > 1) {
+ if (pmu_version > 0) {
+ if (pmu_version > 1) {
kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR_CTRL, 0);
kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_CTRL, 0);
kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_STATUS, 0);
kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_OVF_CTRL, 0);
}
- for (i = 0; i < num_architectural_pmu_fixed_counters; i++) {
+ for (i = 0; i < num_pmu_fixed_counters; i++) {
kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR0 + i, 0);
}
- for (i = 0; i < num_architectural_pmu_gp_counters; i++) {
+ for (i = 0; i < num_pmu_gp_counters; i++) {
kvm_msr_entry_add(cpu, MSR_P6_PERFCTR0 + i, 0);
kvm_msr_entry_add(cpu, MSR_P6_EVNTSEL0 + i, 0);
}
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 33/41] target/i386/kvm: reset AMD PMU registers during VM reset
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (31 preceding siblings ...)
2026-02-12 14:42 ` [PULL 32/41] target/i386/kvm: rename architectural PMU variables Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 34/41] target/i386/kvm: support perfmon-v2 for reset Paolo Bonzini
` (8 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Dongli Zhang, Dapeng Mi, Zhao Liu
From: Dongli Zhang <dongli.zhang@oracle.com>
QEMU uses the kvm_get_msrs() function to save Intel PMU registers from KVM
and kvm_put_msrs() to restore them to KVM. However, there is no support for
AMD PMU registers. Currently, pmu_version and num_pmu_gp_counters are
initialized based on cpuid(0xa), which does not apply to AMD processors.
For AMD CPUs, prior to PerfMonV2, the number of general-purpose registers
is determined based on the CPU version.
To address this issue, we need to add support for AMD PMU registers.
Without this support, the following problems can arise:
1. If the VM is reset (e.g., via QEMU system_reset or VM kdump/kexec) while
running "perf top", the PMU registers are not disabled properly.
2. Despite x86_cpu_reset() resetting many registers to zero, kvm_put_msrs()
does not handle AMD PMU registers, causing some PMU events to remain
enabled in KVM.
3. The KVM kvm_pmc_speculative_in_use() function consistently returns true,
preventing the reclamation of these events. Consequently, the
kvm_pmc->perf_event remains active.
4. After a reboot, the VM kernel may report the following error:
[ 0.092011] Performance Events: Fam17h+ core perfctr, Broken BIOS detected, complain to your hardware vendor.
[ 0.092023] [Firmware Bug]: the BIOS has corrupted hw-PMU resources (MSR c0010200 is 530076)
5. In the worst case, the active kvm_pmc->perf_event may inject unknown
NMIs randomly into the VM kernel:
[...] Uhhuh. NMI received for unknown reason 30 on CPU 0.
To resolve these issues, we propose resetting AMD PMU registers during the
VM reset process.
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Reviewed-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20260109075508.113097-5-dongli.zhang@oracle.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.h | 12 +++
target/i386/kvm/kvm.c | 168 +++++++++++++++++++++++++++++++++++++++++-
2 files changed, 176 insertions(+), 4 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index f2be42d7f65..cf02472fc79 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -506,6 +506,14 @@ typedef enum X86Seg {
#define MSR_CORE_PERF_GLOBAL_CTRL 0x38f
#define MSR_CORE_PERF_GLOBAL_OVF_CTRL 0x390
+#define MSR_K7_EVNTSEL0 0xc0010000
+#define MSR_K7_PERFCTR0 0xc0010004
+#define MSR_F15H_PERF_CTL0 0xc0010200
+#define MSR_F15H_PERF_CTR0 0xc0010201
+
+#define AMD64_NUM_COUNTERS 4
+#define AMD64_NUM_COUNTERS_CORE 6
+
#define MSR_MC0_CTL 0x400
#define MSR_MC0_STATUS 0x401
#define MSR_MC0_ADDR 0x402
@@ -1737,6 +1745,10 @@ typedef struct {
#endif
#define MAX_FIXED_COUNTERS 3
+/*
+ * This formula is based on Intel's MSR. The current size also meets AMD's
+ * needs.
+ */
#define MAX_GP_COUNTERS (MSR_IA32_PERF_STATUS - MSR_P6_EVNTSEL0)
#define NB_OPMASK_REGS 8
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 8faba7e471e..7ebb96c66f2 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -2095,7 +2095,7 @@ int kvm_arch_pre_create_vcpu(CPUState *cpu, Error **errp)
return 0;
}
-static void kvm_init_pmu_info(struct kvm_cpuid2 *cpuid)
+static void kvm_init_pmu_info_intel(struct kvm_cpuid2 *cpuid)
{
struct kvm_cpuid_entry2 *c;
@@ -2128,6 +2128,89 @@ static void kvm_init_pmu_info(struct kvm_cpuid2 *cpuid)
}
}
+static void kvm_init_pmu_info_amd(struct kvm_cpuid2 *cpuid, X86CPU *cpu)
+{
+ struct kvm_cpuid_entry2 *c;
+ int64_t family;
+
+ family = object_property_get_int(OBJECT(cpu), "family", NULL);
+ if (family < 0) {
+ return;
+ }
+
+ if (family < 6) {
+ error_report("AMD performance-monitoring is supported from "
+ "K7 and later");
+ return;
+ }
+
+ pmu_version = 1;
+ num_pmu_gp_counters = AMD64_NUM_COUNTERS;
+
+ c = cpuid_find_entry(cpuid, 0x80000001, 0);
+ if (!c) {
+ return;
+ }
+
+ if (!(c->ecx & CPUID_EXT3_PERFCORE)) {
+ return;
+ }
+
+ num_pmu_gp_counters = AMD64_NUM_COUNTERS_CORE;
+}
+
+static bool is_host_compat_vendor(CPUX86State *env)
+{
+ char host_vendor[CPUID_VENDOR_SZ + 1];
+
+ host_cpu_vendor_fms(host_vendor, NULL, NULL, NULL);
+
+ /*
+ * Intel and Zhaoxin are compatible.
+ */
+ if ((g_str_equal(host_vendor, CPUID_VENDOR_INTEL) ||
+ g_str_equal(host_vendor, CPUID_VENDOR_ZHAOXIN1) ||
+ g_str_equal(host_vendor, CPUID_VENDOR_ZHAOXIN2)) &&
+ (IS_INTEL_CPU(env) || IS_ZHAOXIN_CPU(env))) {
+ return true;
+ }
+
+ return g_str_equal(host_vendor, CPUID_VENDOR_AMD) &&
+ IS_AMD_CPU(env);
+}
+
+static void kvm_init_pmu_info(struct kvm_cpuid2 *cpuid, X86CPU *cpu)
+{
+ CPUX86State *env = &cpu->env;
+
+ /*
+ * If KVM_CAP_PMU_CAPABILITY is not supported, there is no way to
+ * disable the AMD PMU virtualization.
+ *
+ * Assume the user is aware of this when !cpu->enable_pmu. AMD PMU
+ * registers are not going to reset, even they are still available to
+ * guest VM.
+ */
+ if (!cpu->enable_pmu) {
+ return;
+ }
+
+ /*
+ * It is not supported to virtualize AMD PMU registers on Intel
+ * processors, nor to virtualize Intel PMU registers on AMD processors.
+ */
+ if (!is_host_compat_vendor(env)) {
+ error_report("host doesn't support requested feature: vPMU");
+ return;
+ }
+
+ if (IS_INTEL_CPU(env) || IS_ZHAOXIN_CPU(env)) {
+ kvm_init_pmu_info_intel(cpuid);
+ } else if (IS_AMD_CPU(env)) {
+ kvm_init_pmu_info_amd(cpuid, cpu);
+ }
+}
+
int kvm_arch_init_vcpu(CPUState *cs)
{
struct {
@@ -2318,7 +2401,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
cpuid_i = kvm_x86_build_cpuid(env, cpuid_data.entries, cpuid_i);
cpuid_data.cpuid.nent = cpuid_i;
- kvm_init_pmu_info(&cpuid_data.cpuid);
+ kvm_init_pmu_info(&cpuid_data.cpuid, cpu);
if (x86_cpu_family(env->cpuid_version) >= 6
&& (env->features[FEAT_1_EDX] & (CPUID_MCE | CPUID_MCA)) ==
@@ -4093,7 +4176,7 @@ static int kvm_put_msrs(X86CPU *cpu, KvmPutState level)
kvm_msr_entry_add(cpu, MSR_KVM_POLL_CONTROL, env->poll_control_msr);
}
- if (pmu_version > 0) {
+ if ((IS_INTEL_CPU(env) || IS_ZHAOXIN_CPU(env)) && pmu_version > 0) {
if (pmu_version > 1) {
/* Stop the counter. */
kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR_CTRL, 0);
@@ -4124,6 +4207,38 @@ static int kvm_put_msrs(X86CPU *cpu, KvmPutState level)
env->msr_global_ctrl);
}
}
+
+ if (IS_AMD_CPU(env) && pmu_version > 0) {
+ uint32_t sel_base = MSR_K7_EVNTSEL0;
+ uint32_t ctr_base = MSR_K7_PERFCTR0;
+ /*
+ * The address of the next selector or counter register is
+ * obtained by incrementing the address of the current selector
+ * or counter register by one.
+ */
+ uint32_t step = 1;
+
+ /*
+ * When PERFCORE is enabled, AMD PMU uses a separate set of
+ * addresses for the selector and counter registers.
+ * Additionally, the address of the next selector or counter
+ * register is determined by incrementing the address of the
+ * current register by two.
+ */
+ if (num_pmu_gp_counters == AMD64_NUM_COUNTERS_CORE) {
+ sel_base = MSR_F15H_PERF_CTL0;
+ ctr_base = MSR_F15H_PERF_CTR0;
+ step = 2;
+ }
+
+ for (i = 0; i < num_pmu_gp_counters; i++) {
+ kvm_msr_entry_add(cpu, ctr_base + i * step,
+ env->msr_gp_counters[i]);
+ kvm_msr_entry_add(cpu, sel_base + i * step,
+ env->msr_gp_evtsel[i]);
+ }
+ }
+
/*
* Hyper-V partition-wide MSRs: to avoid clearing them on cpu hot-add,
* only sync them to KVM on the first cpu
@@ -4628,7 +4743,8 @@ static int kvm_get_msrs(X86CPU *cpu)
if (env->features[FEAT_KVM] & CPUID_KVM_POLL_CONTROL) {
kvm_msr_entry_add(cpu, MSR_KVM_POLL_CONTROL, 1);
}
- if (pmu_version > 0) {
+
+ if ((IS_INTEL_CPU(env) || IS_ZHAOXIN_CPU(env)) && pmu_version > 0) {
if (pmu_version > 1) {
kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR_CTRL, 0);
kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_CTRL, 0);
@@ -4644,6 +4760,35 @@ static int kvm_get_msrs(X86CPU *cpu)
}
}
+ if (IS_AMD_CPU(env) && pmu_version > 0) {
+ uint32_t sel_base = MSR_K7_EVNTSEL0;
+ uint32_t ctr_base = MSR_K7_PERFCTR0;
+ /*
+ * The address of the next selector or counter register is
+ * obtained by incrementing the address of the current selector
+ * or counter register by one.
+ */
+ uint32_t step = 1;
+
+ /*
+ * When PERFCORE is enabled, AMD PMU uses a separate set of
+ * addresses for the selector and counter registers.
+ * Additionally, the address of the next selector or counter
+ * register is determined by incrementing the address of the
+ * current register by two.
+ */
+ if (num_pmu_gp_counters == AMD64_NUM_COUNTERS_CORE) {
+ sel_base = MSR_F15H_PERF_CTL0;
+ ctr_base = MSR_F15H_PERF_CTR0;
+ step = 2;
+ }
+
+ for (i = 0; i < num_pmu_gp_counters; i++) {
+ kvm_msr_entry_add(cpu, ctr_base + i * step, 0);
+ kvm_msr_entry_add(cpu, sel_base + i * step, 0);
+ }
+ }
+
if (env->mcg_cap) {
kvm_msr_entry_add(cpu, MSR_MCG_STATUS, 0);
kvm_msr_entry_add(cpu, MSR_MCG_CTL, 0);
@@ -4974,6 +5119,21 @@ static int kvm_get_msrs(X86CPU *cpu)
case MSR_P6_EVNTSEL0 ... MSR_P6_EVNTSEL0 + MAX_GP_COUNTERS - 1:
env->msr_gp_evtsel[index - MSR_P6_EVNTSEL0] = msrs[i].data;
break;
+ case MSR_K7_EVNTSEL0 ... MSR_K7_EVNTSEL0 + AMD64_NUM_COUNTERS - 1:
+ env->msr_gp_evtsel[index - MSR_K7_EVNTSEL0] = msrs[i].data;
+ break;
+ case MSR_K7_PERFCTR0 ... MSR_K7_PERFCTR0 + AMD64_NUM_COUNTERS - 1:
+ env->msr_gp_counters[index - MSR_K7_PERFCTR0] = msrs[i].data;
+ break;
+ case MSR_F15H_PERF_CTL0 ...
+ MSR_F15H_PERF_CTL0 + AMD64_NUM_COUNTERS_CORE * 2 - 1:
+ index = index - MSR_F15H_PERF_CTL0;
+ if (index & 0x1) {
+ env->msr_gp_counters[index] = msrs[i].data;
+ } else {
+ env->msr_gp_evtsel[index] = msrs[i].data;
+ }
+ break;
case HV_X64_MSR_HYPERCALL:
env->msr_hv_hypercall = msrs[i].data;
break;
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 34/41] target/i386/kvm: support perfmon-v2 for reset
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (32 preceding siblings ...)
2026-02-12 14:42 ` [PULL 33/41] target/i386/kvm: reset AMD PMU registers during VM reset Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 35/41] qdev: Free property array on release Paolo Bonzini
` (7 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Dongli Zhang, Zhao Liu, Sandipan Das, Zide Chen
From: Dongli Zhang <dongli.zhang@oracle.com>
Since perfmon-v2, the AMD PMU supports additional registers. This update
includes get/put functionality for these extra registers.
Similar to the implementation in KVM:
- MSR_CORE_PERF_GLOBAL_STATUS and MSR_AMD64_PERF_CNTR_GLOBAL_STATUS both
use env->msr_global_status.
- MSR_CORE_PERF_GLOBAL_CTRL and MSR_AMD64_PERF_CNTR_GLOBAL_CTL both use
env->msr_global_ctrl.
- MSR_CORE_PERF_GLOBAL_OVF_CTRL and MSR_AMD64_PERF_CNTR_GLOBAL_STATUS_CLR
both use env->msr_global_ovf_ctrl.
No changes are needed for vmstate_msr_architectural_pmu or
pmu_enable_needed().
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Sandipan Das <sandipan.das@amd.com>
Reviewed-by: Zide Chen <zide.chen@intel.com>
Link: https://lore.kernel.org/r/20260109075508.113097-6-dongli.zhang@oracle.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.h | 4 ++++
target/i386/kvm/kvm.c | 48 +++++++++++++++++++++++++++++++++++--------
2 files changed, 43 insertions(+), 9 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index cf02472fc79..9f222a0c9fe 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -506,6 +506,10 @@ typedef enum X86Seg {
#define MSR_CORE_PERF_GLOBAL_CTRL 0x38f
#define MSR_CORE_PERF_GLOBAL_OVF_CTRL 0x390
+#define MSR_AMD64_PERF_CNTR_GLOBAL_STATUS 0xc0000300
+#define MSR_AMD64_PERF_CNTR_GLOBAL_CTL 0xc0000301
+#define MSR_AMD64_PERF_CNTR_GLOBAL_STATUS_CLR 0xc0000302
+
#define MSR_K7_EVNTSEL0 0xc0010000
#define MSR_K7_PERFCTR0 0xc0010004
#define MSR_F15H_PERF_CTL0 0xc0010200
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 7ebb96c66f2..9f1a4d4cbb2 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -2157,6 +2157,16 @@ static void kvm_init_pmu_info_amd(struct kvm_cpuid2 *cpuid, X86CPU *cpu)
}
num_pmu_gp_counters = AMD64_NUM_COUNTERS_CORE;
+
+ c = cpuid_find_entry(cpuid, 0x80000022, 0);
+ if (c && (c->eax & CPUID_8000_0022_EAX_PERFMON_V2)) {
+ pmu_version = 2;
+ num_pmu_gp_counters = c->ebx & 0xf;
+
+ if (num_pmu_gp_counters > MAX_GP_COUNTERS) {
+ num_pmu_gp_counters = MAX_GP_COUNTERS;
+ }
+ }
}
static bool is_host_compat_vendor(CPUX86State *env)
@@ -4219,13 +4229,14 @@ static int kvm_put_msrs(X86CPU *cpu, KvmPutState level)
uint32_t step = 1;
/*
- * When PERFCORE is enabled, AMD PMU uses a separate set of
- * addresses for the selector and counter registers.
- * Additionally, the address of the next selector or counter
- * register is determined by incrementing the address of the
- * current register by two.
+ * When PERFCORE or PerfMonV2 is enabled, AMD PMU uses a
+ * separate set of addresses for the selector and counter
+ * registers. Additionally, the address of the next selector or
+ * counter register is determined by incrementing the address
+ * of the current register by two.
*/
- if (num_pmu_gp_counters == AMD64_NUM_COUNTERS_CORE) {
+ if (num_pmu_gp_counters == AMD64_NUM_COUNTERS_CORE ||
+ pmu_version > 1) {
sel_base = MSR_F15H_PERF_CTL0;
ctr_base = MSR_F15H_PERF_CTR0;
step = 2;
@@ -4237,6 +4248,15 @@ static int kvm_put_msrs(X86CPU *cpu, KvmPutState level)
kvm_msr_entry_add(cpu, sel_base + i * step,
env->msr_gp_evtsel[i]);
}
+
+ if (pmu_version > 1) {
+ kvm_msr_entry_add(cpu, MSR_AMD64_PERF_CNTR_GLOBAL_STATUS,
+ env->msr_global_status);
+ kvm_msr_entry_add(cpu, MSR_AMD64_PERF_CNTR_GLOBAL_STATUS_CLR,
+ env->msr_global_ovf_ctrl);
+ kvm_msr_entry_add(cpu, MSR_AMD64_PERF_CNTR_GLOBAL_CTL,
+ env->msr_global_ctrl);
+ }
}
/*
@@ -4771,13 +4791,14 @@ static int kvm_get_msrs(X86CPU *cpu)
uint32_t step = 1;
/*
- * When PERFCORE is enabled, AMD PMU uses a separate set of
- * addresses for the selector and counter registers.
+ * When PERFCORE or PerfMonV2 is enabled, AMD PMU uses a separate
+ * set of addresses for the selector and counter registers.
* Additionally, the address of the next selector or counter
* register is determined by incrementing the address of the
* current register by two.
*/
- if (num_pmu_gp_counters == AMD64_NUM_COUNTERS_CORE) {
+ if (num_pmu_gp_counters == AMD64_NUM_COUNTERS_CORE ||
+ pmu_version > 1) {
sel_base = MSR_F15H_PERF_CTL0;
ctr_base = MSR_F15H_PERF_CTR0;
step = 2;
@@ -4787,6 +4808,12 @@ static int kvm_get_msrs(X86CPU *cpu)
kvm_msr_entry_add(cpu, ctr_base + i * step, 0);
kvm_msr_entry_add(cpu, sel_base + i * step, 0);
}
+
+ if (pmu_version > 1) {
+ kvm_msr_entry_add(cpu, MSR_AMD64_PERF_CNTR_GLOBAL_CTL, 0);
+ kvm_msr_entry_add(cpu, MSR_AMD64_PERF_CNTR_GLOBAL_STATUS, 0);
+ kvm_msr_entry_add(cpu, MSR_AMD64_PERF_CNTR_GLOBAL_STATUS_CLR, 0);
+ }
}
if (env->mcg_cap) {
@@ -5102,12 +5129,15 @@ static int kvm_get_msrs(X86CPU *cpu)
env->msr_fixed_ctr_ctrl = msrs[i].data;
break;
case MSR_CORE_PERF_GLOBAL_CTRL:
+ case MSR_AMD64_PERF_CNTR_GLOBAL_CTL:
env->msr_global_ctrl = msrs[i].data;
break;
case MSR_CORE_PERF_GLOBAL_STATUS:
+ case MSR_AMD64_PERF_CNTR_GLOBAL_STATUS:
env->msr_global_status = msrs[i].data;
break;
case MSR_CORE_PERF_GLOBAL_OVF_CTRL:
+ case MSR_AMD64_PERF_CNTR_GLOBAL_STATUS_CLR:
env->msr_global_ovf_ctrl = msrs[i].data;
break;
case MSR_CORE_PERF_FIXED_CTR0 ... MSR_CORE_PERF_FIXED_CTR0 + MAX_FIXED_COUNTERS - 1:
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 35/41] qdev: Free property array on release
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (33 preceding siblings ...)
2026-02-12 14:42 ` [PULL 34/41] target/i386/kvm: support perfmon-v2 for reset Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 36/41] qdev: make release_string() idempotent Paolo Bonzini
` (6 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Chandan Somani, Stefan Hajnoczi
From: Chandan Somani <csomani@redhat.com>
Before this patch, users of the property array would free the
array themselves in their cleanup functions. This causes
inconsistencies where some users leak the array and some free them.
This patch makes it so that the property array's release function
frees the property array (instead of just its elements). It fixes any
leaks and requires less code.
DEFINE_PROP_ARRAY leakers that are fixed in this patch:
ebpf-rss_fds in hw/net/virtio-net.c
rnmi_irqvec, rnmi_excpvec in hw/riscv/riscv_hart.c
common.display_modes in hw/display/apple-gfx-mmio.m
common.display_modes in hw/display/apple-gfx-pci.m
Signed-off-by: Chandan Somani <csomani@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Link: https://lore.kernel.org/r/20260108230311.584141-2-csomani@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
block/accounting.c | 1 -
hw/core/qdev-properties.c | 21 ++++++++++-----------
hw/input/stellaris_gamepad.c | 8 --------
hw/intc/arm_gicv3_common.c | 8 --------
hw/intc/rx_icu.c | 8 --------
hw/misc/arm_sysctl.c | 2 --
hw/misc/mps2-scc.c | 8 --------
hw/net/rocker/rocker.c | 1 -
hw/nvram/xlnx-efuse.c | 8 --------
hw/nvram/xlnx-versal-efuse-ctrl.c | 8 --------
hw/virtio/virtio-iommu-pci.c | 8 --------
11 files changed, 10 insertions(+), 71 deletions(-)
diff --git a/block/accounting.c b/block/accounting.c
index 0933c61f3a2..5cf51f029b1 100644
--- a/block/accounting.c
+++ b/block/accounting.c
@@ -73,7 +73,6 @@ bool block_acct_setup(BlockAcctStats *stats, enum OnOffAuto account_invalid,
}
block_acct_add_interval(stats, stats_intervals[i]);
}
- g_free(stats_intervals);
}
return true;
}
diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
index c96ccfb2635..c2e3f0543fd 100644
--- a/hw/core/qdev-properties.c
+++ b/hw/core/qdev-properties.c
@@ -673,10 +673,8 @@ static Property array_elem_prop(Object *obj, const Property *parent_prop,
/*
* Object property release callback for array properties: We call the
- * underlying element's property release hook for each element.
- *
- * Note that it is the responsibility of the individual device's deinit
- * to free the array proper.
+ * underlying element's property release hook for each element and free the
+ * property array.
*/
static void release_prop_array(Object *obj, const char *name, void *opaque)
{
@@ -686,15 +684,16 @@ static void release_prop_array(Object *obj, const char *name, void *opaque)
char *elem = *arrayptr;
int i;
- if (!prop->arrayinfo->release) {
- return;
+ if (prop->arrayinfo->release) {
+ for (i = 0; i < *alenptr; i++) {
+ Property elem_prop = array_elem_prop(obj, prop, name, elem);
+ prop->arrayinfo->release(obj, NULL, &elem_prop);
+ elem += prop->arrayfieldsize;
+ }
}
- for (i = 0; i < *alenptr; i++) {
- Property elem_prop = array_elem_prop(obj, prop, name, elem);
- prop->arrayinfo->release(obj, NULL, &elem_prop);
- elem += prop->arrayfieldsize;
- }
+ g_clear_pointer(arrayptr, g_free);
+ *alenptr = 0;
}
/*
diff --git a/hw/input/stellaris_gamepad.c b/hw/input/stellaris_gamepad.c
index f64f5ea9ce3..42d43f9af51 100644
--- a/hw/input/stellaris_gamepad.c
+++ b/hw/input/stellaris_gamepad.c
@@ -63,13 +63,6 @@ static void stellaris_gamepad_realize(DeviceState *dev, Error **errp)
qemu_input_handler_register(dev, &stellaris_gamepad_handler);
}
-static void stellaris_gamepad_finalize(Object *obj)
-{
- StellarisGamepad *s = STELLARIS_GAMEPAD(obj);
-
- g_free(s->keycodes);
-}
-
static void stellaris_gamepad_reset_enter(Object *obj, ResetType type)
{
StellarisGamepad *s = STELLARIS_GAMEPAD(obj);
@@ -98,7 +91,6 @@ static const TypeInfo stellaris_gamepad_info[] = {
.name = TYPE_STELLARIS_GAMEPAD,
.parent = TYPE_SYS_BUS_DEVICE,
.instance_size = sizeof(StellarisGamepad),
- .instance_finalize = stellaris_gamepad_finalize,
.class_init = stellaris_gamepad_class_init,
},
};
diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
index 0a2e5a3e2fc..e5f3c3c4473 100644
--- a/hw/intc/arm_gicv3_common.c
+++ b/hw/intc/arm_gicv3_common.c
@@ -488,13 +488,6 @@ static void arm_gicv3_common_realize(DeviceState *dev, Error **errp)
s->itslist = g_ptr_array_new();
}
-static void arm_gicv3_finalize(Object *obj)
-{
- GICv3State *s = ARM_GICV3_COMMON(obj);
-
- g_free(s->redist_region_count);
-}
-
static void arm_gicv3_common_reset_hold(Object *obj, ResetType type)
{
GICv3State *s = ARM_GICV3_COMMON(obj);
@@ -644,7 +637,6 @@ static const TypeInfo arm_gicv3_common_type = {
.instance_size = sizeof(GICv3State),
.class_size = sizeof(ARMGICv3CommonClass),
.class_init = arm_gicv3_common_class_init,
- .instance_finalize = arm_gicv3_finalize,
.abstract = true,
.interfaces = (const InterfaceInfo[]) {
{ TYPE_ARM_LINUX_BOOT_IF },
diff --git a/hw/intc/rx_icu.c b/hw/intc/rx_icu.c
index 87cdc6cbdef..992b069ae24 100644
--- a/hw/intc/rx_icu.c
+++ b/hw/intc/rx_icu.c
@@ -334,13 +334,6 @@ static void rxicu_init(Object *obj)
sysbus_init_irq(d, &icu->_swi);
}
-static void rxicu_fini(Object *obj)
-{
- RXICUState *icu = RX_ICU(obj);
- g_free(icu->map);
- g_free(icu->init_sense);
-}
-
static const VMStateDescription vmstate_rxicu = {
.name = "rx-icu",
.version_id = 1,
@@ -382,7 +375,6 @@ static const TypeInfo rxicu_info = {
.parent = TYPE_SYS_BUS_DEVICE,
.instance_size = sizeof(RXICUState),
.instance_init = rxicu_init,
- .instance_finalize = rxicu_fini,
.class_init = rxicu_class_init,
};
diff --git a/hw/misc/arm_sysctl.c b/hw/misc/arm_sysctl.c
index 2a317ac7f5b..7b320f89c1f 100644
--- a/hw/misc/arm_sysctl.c
+++ b/hw/misc/arm_sysctl.c
@@ -618,9 +618,7 @@ static void arm_sysctl_finalize(Object *obj)
{
arm_sysctl_state *s = ARM_SYSCTL(obj);
- g_free(s->db_voltage);
g_free(s->db_clock);
- g_free(s->db_clock_reset);
}
static const Property arm_sysctl_properties[] = {
diff --git a/hw/misc/mps2-scc.c b/hw/misc/mps2-scc.c
index 350bba3dab8..7877b31479c 100644
--- a/hw/misc/mps2-scc.c
+++ b/hw/misc/mps2-scc.c
@@ -405,13 +405,6 @@ static void mps2_scc_realize(DeviceState *dev, Error **errp)
s->oscclk = g_new0(uint32_t, s->num_oscclk);
}
-static void mps2_scc_finalize(Object *obj)
-{
- MPS2SCC *s = MPS2_SCC(obj);
-
- g_free(s->oscclk_reset);
-}
-
static bool cfg7_needed(void *opaque)
{
MPS2SCC *s = opaque;
@@ -489,7 +482,6 @@ static const TypeInfo mps2_scc_info = {
.parent = TYPE_SYS_BUS_DEVICE,
.instance_size = sizeof(MPS2SCC),
.instance_init = mps2_scc_init,
- .instance_finalize = mps2_scc_finalize,
.class_init = mps2_scc_class_init,
};
diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
index 3eb7b445113..4a7056bd45e 100644
--- a/hw/net/rocker/rocker.c
+++ b/hw/net/rocker/rocker.c
@@ -1429,7 +1429,6 @@ static void pci_rocker_uninit(PCIDevice *dev)
world_free(r->worlds[i]);
}
}
- g_free(r->fp_ports_peers);
}
static void rocker_reset(DeviceState *dev)
diff --git a/hw/nvram/xlnx-efuse.c b/hw/nvram/xlnx-efuse.c
index 34436705dde..1a9650ba128 100644
--- a/hw/nvram/xlnx-efuse.c
+++ b/hw/nvram/xlnx-efuse.c
@@ -225,13 +225,6 @@ static void efuse_realize(DeviceState *dev, Error **errp)
}
}
-static void efuse_finalize(Object *obj)
-{
- XlnxEFuse *s = XLNX_EFUSE(obj);
-
- g_free(s->ro_bits);
-}
-
static void efuse_prop_set_drive(Object *obj, Visitor *v, const char *name,
void *opaque, Error **errp)
{
@@ -289,7 +282,6 @@ static const TypeInfo efuse_info = {
.name = TYPE_XLNX_EFUSE,
.parent = TYPE_DEVICE,
.instance_size = sizeof(XlnxEFuse),
- .instance_finalize = efuse_finalize,
.class_init = efuse_class_init,
};
diff --git a/hw/nvram/xlnx-versal-efuse-ctrl.c b/hw/nvram/xlnx-versal-efuse-ctrl.c
index b7dc0e49e5f..69acdfa3047 100644
--- a/hw/nvram/xlnx-versal-efuse-ctrl.c
+++ b/hw/nvram/xlnx-versal-efuse-ctrl.c
@@ -724,13 +724,6 @@ static void efuse_ctrl_init(Object *obj)
sysbus_init_irq(sbd, &s->irq_efuse_imr);
}
-static void efuse_ctrl_finalize(Object *obj)
-{
- XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(obj);
-
- g_free(s->extra_pg0_lock_spec);
-}
-
static const VMStateDescription vmstate_efuse_ctrl = {
.name = TYPE_XLNX_VERSAL_EFUSE_CTRL,
.version_id = 1,
@@ -767,7 +760,6 @@ static const TypeInfo efuse_ctrl_info = {
.instance_size = sizeof(XlnxVersalEFuseCtrl),
.class_init = efuse_ctrl_class_init,
.instance_init = efuse_ctrl_init,
- .instance_finalize = efuse_ctrl_finalize,
};
static void efuse_ctrl_register_types(void)
diff --git a/hw/virtio/virtio-iommu-pci.c b/hw/virtio/virtio-iommu-pci.c
index f5f6ce7359d..7b5ffddc1e9 100644
--- a/hw/virtio/virtio-iommu-pci.c
+++ b/hw/virtio/virtio-iommu-pci.c
@@ -94,18 +94,10 @@ static void virtio_iommu_pci_instance_init(Object *obj)
TYPE_VIRTIO_IOMMU);
}
-static void virtio_iommu_pci_instance_finalize(Object *obj)
-{
- VirtIOIOMMUPCI *dev = VIRTIO_IOMMU_PCI(obj);
-
- g_free(dev->vdev.prop_resv_regions);
-}
-
static const VirtioPCIDeviceTypeInfo virtio_iommu_pci_info = {
.generic_name = TYPE_VIRTIO_IOMMU_PCI,
.instance_size = sizeof(VirtIOIOMMUPCI),
.instance_init = virtio_iommu_pci_instance_init,
- .instance_finalize = virtio_iommu_pci_instance_finalize,
.class_init = virtio_iommu_pci_class_init,
};
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 36/41] qdev: make release_string() idempotent
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (34 preceding siblings ...)
2026-02-12 14:42 ` [PULL 35/41] qdev: Free property array on release Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 37/41] qdev: make release_drive() idempotent Paolo Bonzini
` (5 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Marc-André Lureau, Stefan Berger, Stefan Hajnoczi
From: Marc-André Lureau <marcandre.lureau@redhat.com>
So it can eventually be called multiple times safely.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Link: https://lore.kernel.org/r/20250429140306.190384-2-marcandre.lureau@redhat.com
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Link: https://lore.kernel.org/r/20260108230311.584141-3-csomani@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/core/qdev-properties.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
index c2e3f0543fd..ba8461e9a42 100644
--- a/hw/core/qdev-properties.c
+++ b/hw/core/qdev-properties.c
@@ -551,7 +551,8 @@ const PropertyInfo qdev_prop_usize = {
static void release_string(Object *obj, const char *name, void *opaque)
{
const Property *prop = opaque;
- g_free(*(char **)object_field_prop_ptr(obj, prop));
+
+ g_clear_pointer((char **)object_field_prop_ptr(obj, prop), g_free);
}
static void get_string(Object *obj, Visitor *v, const char *name,
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 37/41] qdev: make release_drive() idempotent
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (35 preceding siblings ...)
2026-02-12 14:42 ` [PULL 36/41] qdev: make release_string() idempotent Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 38/41] qdev: make release_tpm() idempotent Paolo Bonzini
` (4 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Marc-André Lureau, Stefan Berger, Stefan Hajnoczi
From: Marc-André Lureau <marcandre.lureau@redhat.com>
So it can eventually be called multiple times safely.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Link: https://lore.kernel.org/r/20250429140306.190384-3-marcandre.lureau@redhat.com
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Link: https://lore.kernel.org/r/20260108230311.584141-4-csomani@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/core/qdev-properties-system.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/core/qdev-properties-system.c b/hw/core/qdev-properties-system.c
index fe5464c7da1..a402321f42c 100644
--- a/hw/core/qdev-properties-system.c
+++ b/hw/core/qdev-properties-system.c
@@ -232,6 +232,7 @@ static void release_drive(Object *obj, const char *name, void *opaque)
if (*ptr) {
blockdev_auto_del(*ptr);
blk_detach_dev(*ptr, dev);
+ *ptr = NULL;
}
}
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 38/41] qdev: make release_tpm() idempotent
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (36 preceding siblings ...)
2026-02-12 14:42 ` [PULL 37/41] qdev: make release_drive() idempotent Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 39/41] tests: add /qdev/free-properties test Paolo Bonzini
` (3 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Marc-André Lureau, Stefan Berger, Stefan Hajnoczi
From: Marc-André Lureau <marcandre.lureau@redhat.com>
So it can eventually be called multiple times safely.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Link: https://lore.kernel.org/r/20250429140306.190384-4-marcandre.lureau@redhat.com
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Link: https://lore.kernel.org/r/20260108230311.584141-5-csomani@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
backends/tpm/tpm_util.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/backends/tpm/tpm_util.c b/backends/tpm/tpm_util.c
index a64e156f45f..264bff22a91 100644
--- a/backends/tpm/tpm_util.c
+++ b/backends/tpm/tpm_util.c
@@ -72,6 +72,7 @@ static void release_tpm(Object *obj, const char *name, void *opaque)
if (*be) {
tpm_backend_reset(*be);
+ *be = NULL;
}
}
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 39/41] tests: add /qdev/free-properties test
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (37 preceding siblings ...)
2026-02-12 14:42 ` [PULL 38/41] qdev: make release_tpm() idempotent Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 40/41] accel/mshv: Remove remap overlapping mappings code Paolo Bonzini
` (2 subsequent siblings)
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Marc-André Lureau, Stefan Berger, Stefan Hajnoczi
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Add a simple qdev test to check that allocated properties get freed with
the object. This test exhibited array leaks before the fixes.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Link: https://lore.kernel.org/r/20250429140306.190384-6-marcandre.lureau@redhat.com
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Link: https://lore.kernel.org/r/20260108230311.584141-6-csomani@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
tests/unit/test-qdev.c | 96 ++++++++++++++++++++++++++++++++++++++++++
tests/unit/meson.build | 1 +
2 files changed, 97 insertions(+)
create mode 100644 tests/unit/test-qdev.c
diff --git a/tests/unit/test-qdev.c b/tests/unit/test-qdev.c
new file mode 100644
index 00000000000..20eae38e03f
--- /dev/null
+++ b/tests/unit/test-qdev.c
@@ -0,0 +1,96 @@
+#include "qemu/osdep.h"
+#include "hw/core/qdev-properties.h"
+#include "qom/object.h"
+#include "qapi/error.h"
+#include "qapi/visitor.h"
+
+
+#define TYPE_MY_DEV "my-dev"
+typedef struct MyDev MyDev;
+DECLARE_INSTANCE_CHECKER(MyDev, STATIC_TYPE,
+ TYPE_MY_DEV)
+
+struct MyDev {
+ DeviceState parent_obj;
+
+ uint32_t prop_u32;
+ char *prop_string;
+ uint32_t *prop_array_u32;
+ uint32_t prop_array_u32_nb;
+};
+
+static const Property my_dev_props[] = {
+ DEFINE_PROP_UINT32("u32", MyDev, prop_u32, 100),
+ DEFINE_PROP_STRING("string", MyDev, prop_string),
+ DEFINE_PROP_ARRAY("array-u32", MyDev, prop_array_u32_nb, prop_array_u32,
+ qdev_prop_uint32, uint32_t),
+};
+
+static void my_dev_class_init(ObjectClass *oc, const void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ dc->realize = NULL;
+ device_class_set_props(dc, my_dev_props);
+}
+
+static const TypeInfo my_dev_type_info = {
+ .name = TYPE_MY_DEV,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(MyDev),
+ .class_init = my_dev_class_init,
+};
+
+/*
+ * Initialize a fake machine, being prepared for future tests.
+ *
+ * Realization of anonymous qdev (with no parent object) requires both
+ * the machine object and its "unattached" container to be at least present.
+ */
+static void test_init_machine(void)
+{
+ /* This is a fake machine - it doesn't need to be a machine object */
+ Object *machine = object_property_add_new_container(
+ object_get_root(), "machine");
+
+ /* This container must exist for anonymous qdevs to realize() */
+ object_property_add_new_container(machine, "unattached");
+}
+
+static void test_qdev_free_properties(void)
+{
+ MyDev *mt;
+
+ mt = STATIC_TYPE(object_new(TYPE_MY_DEV));
+ object_set_props(OBJECT(mt), &error_fatal,
+ "string", "something",
+ "array-u32", "12,13",
+ NULL);
+ qdev_realize(DEVICE(mt), NULL, &error_fatal);
+
+ g_assert_cmpuint(mt->prop_u32, ==, 100);
+ g_assert_cmpstr(mt->prop_string, ==, "something");
+ g_assert_cmpuint(mt->prop_array_u32_nb, ==, 2);
+ g_assert_cmpuint(mt->prop_array_u32[0], ==, 12);
+ g_assert_cmpuint(mt->prop_array_u32[1], ==, 13);
+
+ object_unparent(OBJECT(mt));
+ object_unref(mt);
+}
+
+
+int main(int argc, char **argv)
+{
+ g_test_init(&argc, &argv, NULL);
+
+ module_call_init(MODULE_INIT_QOM);
+ type_register_static(&my_dev_type_info);
+ test_init_machine();
+
+ g_test_add_func("/qdev/free-properties",
+ test_qdev_free_properties);
+
+ g_test_run();
+
+ return 0;
+}
diff --git a/tests/unit/meson.build b/tests/unit/meson.build
index bd580290601..41e8b06c339 100644
--- a/tests/unit/meson.build
+++ b/tests/unit/meson.build
@@ -156,6 +156,7 @@ if have_system
'test-qdev-global-props': [qom, hwcore]
}
endif
+ tests += {'test-qdev': [qom, hwcore]}
endif
if have_ga and host_os == 'linux'
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 40/41] accel/mshv: Remove remap overlapping mappings code
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (38 preceding siblings ...)
2026-02-12 14:42 ` [PULL 39/41] tests: add /qdev/free-properties test Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 41/41] target/i386/mshv: remove unused optimization of gva=>gpa translation Paolo Bonzini
2026-02-12 16:26 ` [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Peter Maydell
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Magnus Kulke, Wei Liu (Microsoft), Mohamed Mediouni
From: Magnus Kulke <magnuskulke@linux.microsoft.com>
This change removes userland code that worked around a restriction
in the mshv driver in the 6.18 kernel: regions from userland
couldn't be mapped to multiple regions in the kernel. We maintained a
shadow mapping table in qemu and used a heuristic to swap in a requested
region in case of UNMAPPED_GPA exits.
However, this heuristic wasn't reliable in all cases, since HyperV
behaviour is not 100% reliable across versions. HyperV itself doesn't
prohibit to map regions at multiple places into the guest, so the
restriction has been removed in the mshv driver.
Hence we can remove the remapping code. Effectively this will mandate a
6.19 kernel, if the workload attempt to map e.g. BIOS to multiple
reagions. I still think it's the right call to remove this logic:
- The workaround only seems to work reliably with a certain revision
of HyperV as a nested hypervisor.
- We expect Direct Virtualization (L1VH) to be the main platform for
the mshv accelerator, which also requires a 6.19 kernel
This reverts commit efc4093358511a58846a409b965213aa1bb9f31a.
Signed-off-by: Magnus Kulke <magnuskulke@linux.microsoft.com>
Acked-by: Wei Liu (Microsoft) <wei.liu@kernel.org>
Tested-by: Mohamed Mediouni <mohamed@unpredictable.fr>
Link: https://lore.kernel.org/r/20260113153708.448968-1-magnuskulke@linux.microsoft.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/system/mshv_int.h | 22 +-
accel/mshv/mem.c | 406 +++---------------------------------
accel/mshv/mshv-all.c | 2 -
target/i386/mshv/mshv-cpu.c | 43 ----
accel/mshv/trace-events | 5 -
5 files changed, 30 insertions(+), 448 deletions(-)
diff --git a/include/system/mshv_int.h b/include/system/mshv_int.h
index 490563c1ab2..ad4d001c3cd 100644
--- a/include/system/mshv_int.h
+++ b/include/system/mshv_int.h
@@ -16,8 +16,6 @@
#define MSHV_MSR_ENTRIES_COUNT 64
-#define MSHV_MAX_MEM_SLOTS 32
-
typedef struct hyperv_message hv_message;
typedef struct MshvHvCallArgs {
@@ -42,12 +40,6 @@ typedef struct MshvAddressSpace {
AddressSpace *as;
} MshvAddressSpace;
-typedef struct MshvMemorySlotManager {
- size_t n_slots;
- GList *slots;
- QemuMutex mutex;
-} MshvMemorySlotManager;
-
struct MshvState {
AccelState parent_obj;
int vm;
@@ -56,7 +48,6 @@ struct MshvState {
int nr_as;
MshvAddressSpace *as;
int fd;
- MshvMemorySlotManager msm;
};
typedef struct MshvMsiControl {
@@ -87,12 +78,6 @@ typedef enum MshvVmExit {
MshvVmExitSpecial = 2,
} MshvVmExit;
-typedef enum MshvRemapResult {
- MshvRemapOk = 0,
- MshvRemapNoMapping = 1,
- MshvRemapNoOverlap = 2,
-} MshvRemapResult;
-
void mshv_init_mmio_emu(void);
int mshv_create_vcpu(int vm_fd, uint8_t vp_index, int *cpu_fd);
void mshv_remove_vcpu(int vm_fd, int cpu_fd);
@@ -116,22 +101,19 @@ int mshv_hvcall(int fd, const struct mshv_root_hvcall *args);
#endif
/* memory */
-typedef struct MshvMemorySlot {
+typedef struct MshvMemoryRegion {
uint64_t guest_phys_addr;
uint64_t memory_size;
uint64_t userspace_addr;
bool readonly;
- bool mapped;
-} MshvMemorySlot;
+} MshvMemoryRegion;
-MshvRemapResult mshv_remap_overlap_region(int vm_fd, uint64_t gpa);
int mshv_guest_mem_read(uint64_t gpa, uint8_t *data, uintptr_t size,
bool is_secure_mode, bool instruction_fetch);
int mshv_guest_mem_write(uint64_t gpa, const uint8_t *data, uintptr_t size,
bool is_secure_mode);
void mshv_set_phys_mem(MshvMemoryListener *mml, MemoryRegionSection *section,
bool add);
-void mshv_init_memory_slot_manager(MshvState *mshv_state);
/* msr */
typedef struct MshvMsrEntry {
diff --git a/accel/mshv/mem.c b/accel/mshv/mem.c
index 0e2164af3ee..e55c38d4db9 100644
--- a/accel/mshv/mem.c
+++ b/accel/mshv/mem.c
@@ -11,9 +11,7 @@
*/
#include "qemu/osdep.h"
-#include "qemu/lockable.h"
#include "qemu/error-report.h"
-#include "qemu/rcu.h"
#include "linux/mshv.h"
#include "system/address-spaces.h"
#include "system/mshv.h"
@@ -22,137 +20,6 @@
#include <sys/ioctl.h>
#include "trace.h"
-typedef struct SlotsRCUReclaim {
- struct rcu_head rcu;
- GList *old_head;
- MshvMemorySlot *removed_slot;
-} SlotsRCUReclaim;
-
-static void rcu_reclaim_slotlist(struct rcu_head *rcu)
-{
- SlotsRCUReclaim *r = container_of(rcu, SlotsRCUReclaim, rcu);
- g_list_free(r->old_head);
- g_free(r->removed_slot);
- g_free(r);
-}
-
-static void publish_slots(GList *new_head, GList *old_head,
- MshvMemorySlot *removed_slot)
-{
- MshvMemorySlotManager *manager = &mshv_state->msm;
-
- assert(manager);
- qatomic_store_release(&manager->slots, new_head);
-
- SlotsRCUReclaim *r = g_new(SlotsRCUReclaim, 1);
- r->old_head = old_head;
- r->removed_slot = removed_slot;
-
- call_rcu1(&r->rcu, rcu_reclaim_slotlist);
-}
-
-/* Needs to be called with mshv_state->msm.mutex held */
-static int remove_slot(MshvMemorySlot *slot)
-{
- GList *old_head, *new_head;
- MshvMemorySlotManager *manager = &mshv_state->msm;
-
- assert(manager);
- old_head = qatomic_load_acquire(&manager->slots);
-
- if (!g_list_find(old_head, slot)) {
- error_report("slot requested for removal not found");
- return -1;
- }
-
- new_head = g_list_copy(old_head);
- new_head = g_list_remove(new_head, slot);
- manager->n_slots--;
-
- publish_slots(new_head, old_head, slot);
-
- return 0;
-}
-
-/* Needs to be called with mshv_state->msm.mutex held */
-static MshvMemorySlot *append_slot(uint64_t gpa, uint64_t userspace_addr,
- uint64_t size, bool readonly)
-{
- GList *old_head, *new_head;
- MshvMemorySlot *slot;
- MshvMemorySlotManager *manager = &mshv_state->msm;
-
- assert(manager);
-
- old_head = qatomic_load_acquire(&manager->slots);
-
- if (manager->n_slots >= MSHV_MAX_MEM_SLOTS) {
- error_report("no free memory slots available");
- return NULL;
- }
-
- slot = g_new0(MshvMemorySlot, 1);
- slot->guest_phys_addr = gpa;
- slot->userspace_addr = userspace_addr;
- slot->memory_size = size;
- slot->readonly = readonly;
-
- new_head = g_list_copy(old_head);
- new_head = g_list_append(new_head, slot);
- manager->n_slots++;
-
- publish_slots(new_head, old_head, NULL);
-
- return slot;
-}
-
-static int slot_overlaps(const MshvMemorySlot *slot1,
- const MshvMemorySlot *slot2)
-{
- uint64_t start_1 = slot1->userspace_addr,
- start_2 = slot2->userspace_addr;
- size_t len_1 = slot1->memory_size,
- len_2 = slot2->memory_size;
-
- if (slot1 == slot2) {
- return -1;
- }
-
- return ranges_overlap(start_1, len_1, start_2, len_2) ? 0 : -1;
-}
-
-static bool is_mapped(MshvMemorySlot *slot)
-{
- /* Subsequent reads of mapped field see a fully-initialized slot */
- return qatomic_load_acquire(&slot->mapped);
-}
-
-/*
- * Find slot that is:
- * - overlapping in userspace
- * - currently mapped in the guest
- *
- * Needs to be called with mshv_state->msm.mutex or RCU read lock held.
- */
-static MshvMemorySlot *find_overlap_mem_slot(GList *head, MshvMemorySlot *slot)
-{
- GList *found;
- MshvMemorySlot *overlap_slot;
-
- found = g_list_find_custom(head, slot, (GCompareFunc) slot_overlaps);
-
- if (!found) {
- return NULL;
- }
-
- overlap_slot = found->data;
- if (!overlap_slot || !is_mapped(overlap_slot)) {
- return NULL;
- }
-
- return overlap_slot;
-}
-
static int set_guest_memory(int vm_fd,
const struct mshv_user_mem_region *region)
{
@@ -160,169 +27,38 @@ static int set_guest_memory(int vm_fd,
ret = ioctl(vm_fd, MSHV_SET_GUEST_MEMORY, region);
if (ret < 0) {
- error_report("failed to set guest memory: %s", strerror(errno));
- return -1;
+ error_report("failed to set guest memory");
+ return -errno;
}
return 0;
}
-static int map_or_unmap(int vm_fd, const MshvMemorySlot *slot, bool map)
+static int map_or_unmap(int vm_fd, const MshvMemoryRegion *mr, bool map)
{
struct mshv_user_mem_region region = {0};
- region.guest_pfn = slot->guest_phys_addr >> MSHV_PAGE_SHIFT;
- region.size = slot->memory_size;
- region.userspace_addr = slot->userspace_addr;
+ region.guest_pfn = mr->guest_phys_addr >> MSHV_PAGE_SHIFT;
+ region.size = mr->memory_size;
+ region.userspace_addr = mr->userspace_addr;
if (!map) {
region.flags |= (1 << MSHV_SET_MEM_BIT_UNMAP);
- trace_mshv_unmap_memory(slot->userspace_addr, slot->guest_phys_addr,
- slot->memory_size);
+ trace_mshv_unmap_memory(mr->userspace_addr, mr->guest_phys_addr,
+ mr->memory_size);
return set_guest_memory(vm_fd, ®ion);
}
region.flags = BIT(MSHV_SET_MEM_BIT_EXECUTABLE);
- if (!slot->readonly) {
+ if (!mr->readonly) {
region.flags |= BIT(MSHV_SET_MEM_BIT_WRITABLE);
}
- trace_mshv_map_memory(slot->userspace_addr, slot->guest_phys_addr,
- slot->memory_size);
+ trace_mshv_map_memory(mr->userspace_addr, mr->guest_phys_addr,
+ mr->memory_size);
return set_guest_memory(vm_fd, ®ion);
}
-static int slot_matches_region(const MshvMemorySlot *slot1,
- const MshvMemorySlot *slot2)
-{
- return (slot1->guest_phys_addr == slot2->guest_phys_addr &&
- slot1->userspace_addr == slot2->userspace_addr &&
- slot1->memory_size == slot2->memory_size) ? 0 : -1;
-}
-
-/* Needs to be called with mshv_state->msm.mutex held */
-static MshvMemorySlot *find_mem_slot_by_region(uint64_t gpa, uint64_t size,
- uint64_t userspace_addr)
-{
- MshvMemorySlot ref_slot = {
- .guest_phys_addr = gpa,
- .userspace_addr = userspace_addr,
- .memory_size = size,
- };
- GList *found;
- MshvMemorySlotManager *manager = &mshv_state->msm;
-
- assert(manager);
- found = g_list_find_custom(manager->slots, &ref_slot,
- (GCompareFunc) slot_matches_region);
-
- return found ? found->data : NULL;
-}
-
-static int slot_covers_gpa(const MshvMemorySlot *slot, uint64_t *gpa_p)
-{
- uint64_t gpa_offset, gpa = *gpa_p;
-
- gpa_offset = gpa - slot->guest_phys_addr;
- return (slot->guest_phys_addr <= gpa && gpa_offset < slot->memory_size)
- ? 0 : -1;
-}
-
-/* Needs to be called with mshv_state->msm.mutex or RCU read lock held */
-static MshvMemorySlot *find_mem_slot_by_gpa(GList *head, uint64_t gpa)
-{
- GList *found;
- MshvMemorySlot *slot;
-
- trace_mshv_find_slot_by_gpa(gpa);
-
- found = g_list_find_custom(head, &gpa, (GCompareFunc) slot_covers_gpa);
- if (found) {
- slot = found->data;
- trace_mshv_found_slot(slot->userspace_addr, slot->guest_phys_addr,
- slot->memory_size);
- return slot;
- }
-
- return NULL;
-}
-
-/* Needs to be called with mshv_state->msm.mutex held */
-static void set_mapped(MshvMemorySlot *slot, bool mapped)
-{
- /* prior writes to mapped field becomes visible before readers see slot */
- qatomic_store_release(&slot->mapped, mapped);
-}
-
-MshvRemapResult mshv_remap_overlap_region(int vm_fd, uint64_t gpa)
-{
- MshvMemorySlot *gpa_slot, *overlap_slot;
- GList *head;
- int ret;
- MshvMemorySlotManager *manager = &mshv_state->msm;
-
- /* fast path, called often by unmapped_gpa vm exit */
- WITH_RCU_READ_LOCK_GUARD() {
- assert(manager);
- head = qatomic_load_acquire(&manager->slots);
- /* return early if no slot is found */
- gpa_slot = find_mem_slot_by_gpa(head, gpa);
- if (gpa_slot == NULL) {
- return MshvRemapNoMapping;
- }
-
- /* return early if no overlapping slot is found */
- overlap_slot = find_overlap_mem_slot(head, gpa_slot);
- if (overlap_slot == NULL) {
- return MshvRemapNoOverlap;
- }
- }
-
- /*
- * We'll modify the mapping list, so we need to upgrade to mutex and
- * recheck.
- */
- assert(manager);
- QEMU_LOCK_GUARD(&manager->mutex);
-
- /* return early if no slot is found */
- gpa_slot = find_mem_slot_by_gpa(manager->slots, gpa);
- if (gpa_slot == NULL) {
- return MshvRemapNoMapping;
- }
-
- /* return early if no overlapping slot is found */
- overlap_slot = find_overlap_mem_slot(manager->slots, gpa_slot);
- if (overlap_slot == NULL) {
- return MshvRemapNoOverlap;
- }
-
- /* unmap overlapping slot */
- ret = map_or_unmap(vm_fd, overlap_slot, false);
- if (ret < 0) {
- error_report("failed to unmap overlap region");
- abort();
- }
- set_mapped(overlap_slot, false);
- warn_report("mapped out userspace_addr=0x%016lx gpa=0x%010lx size=0x%lx",
- overlap_slot->userspace_addr,
- overlap_slot->guest_phys_addr,
- overlap_slot->memory_size);
-
- /* map region for gpa */
- ret = map_or_unmap(vm_fd, gpa_slot, true);
- if (ret < 0) {
- error_report("failed to map new region");
- abort();
- }
- set_mapped(gpa_slot, true);
- warn_report("mapped in userspace_addr=0x%016lx gpa=0x%010lx size=0x%lx",
- gpa_slot->userspace_addr, gpa_slot->guest_phys_addr,
- gpa_slot->memory_size);
-
- return MshvRemapOk;
-}
-
static int handle_unmapped_mmio_region_read(uint64_t gpa, uint64_t size,
uint8_t *data)
{
@@ -388,97 +124,20 @@ int mshv_guest_mem_write(uint64_t gpa, const uint8_t *data, uintptr_t size,
return -1;
}
-static int tracked_unmap(int vm_fd, uint64_t gpa, uint64_t size,
- uint64_t userspace_addr)
+static int set_memory(const MshvMemoryRegion *mshv_mr, bool add)
{
- int ret;
- MshvMemorySlot *slot;
- MshvMemorySlotManager *manager = &mshv_state->msm;
+ int ret = 0;
- assert(manager);
-
- QEMU_LOCK_GUARD(&manager->mutex);
-
- slot = find_mem_slot_by_region(gpa, size, userspace_addr);
- if (!slot) {
- trace_mshv_skip_unset_mem(userspace_addr, gpa, size);
- /* no work to do */
- return 0;
- }
-
- if (!is_mapped(slot)) {
- /* remove slot, no need to unmap */
- return remove_slot(slot);
- }
-
- ret = map_or_unmap(vm_fd, slot, false);
- if (ret < 0) {
- error_report("failed to unmap memory region");
- return ret;
- }
- return remove_slot(slot);
-}
-
-static int tracked_map(int vm_fd, uint64_t gpa, uint64_t size, bool readonly,
- uint64_t userspace_addr)
-{
- MshvMemorySlot *slot, *overlap_slot;
- int ret;
- MshvMemorySlotManager *manager = &mshv_state->msm;
-
- assert(manager);
-
- QEMU_LOCK_GUARD(&manager->mutex);
-
- slot = find_mem_slot_by_region(gpa, size, userspace_addr);
- if (slot) {
- error_report("memory region already mapped at gpa=0x%lx, "
- "userspace_addr=0x%lx, size=0x%lx",
- slot->guest_phys_addr, slot->userspace_addr,
- slot->memory_size);
+ if (!mshv_mr) {
+ error_report("Invalid mshv_mr");
return -1;
}
- slot = append_slot(gpa, userspace_addr, size, readonly);
-
- overlap_slot = find_overlap_mem_slot(manager->slots, slot);
- if (overlap_slot) {
- trace_mshv_remap_attempt(slot->userspace_addr,
- slot->guest_phys_addr,
- slot->memory_size);
- warn_report("attempt to map region [0x%lx-0x%lx], while "
- "[0x%lx-0x%lx] is already mapped in the guest",
- userspace_addr, userspace_addr + size - 1,
- overlap_slot->userspace_addr,
- overlap_slot->userspace_addr +
- overlap_slot->memory_size - 1);
-
- /* do not register mem slot in hv, but record for later swap-in */
- set_mapped(slot, false);
-
- return 0;
- }
-
- ret = map_or_unmap(vm_fd, slot, true);
- if (ret < 0) {
- error_report("failed to map memory region");
- return -1;
- }
- set_mapped(slot, true);
-
- return 0;
-}
-
-static int set_memory(uint64_t gpa, uint64_t size, bool readonly,
- uint64_t userspace_addr, bool add)
-{
- int vm_fd = mshv_state->vm;
-
- if (add) {
- return tracked_map(vm_fd, gpa, size, readonly, userspace_addr);
- }
-
- return tracked_unmap(vm_fd, gpa, size, userspace_addr);
+ trace_mshv_set_memory(add, mshv_mr->guest_phys_addr,
+ mshv_mr->memory_size,
+ mshv_mr->userspace_addr, mshv_mr->readonly,
+ ret);
+ return map_or_unmap(mshv_state->vm, mshv_mr, add);
}
/*
@@ -514,9 +173,7 @@ void mshv_set_phys_mem(MshvMemoryListener *mml, MemoryRegionSection *section,
bool writable = !area->readonly && !area->rom_device;
hwaddr start_addr, mr_offset, size;
void *ram;
-
- size = align_section(section, &start_addr);
- trace_mshv_set_phys_mem(add, section->mr->name, start_addr);
+ MshvMemoryRegion mshv_mr = {0};
size = align_section(section, &start_addr);
trace_mshv_set_phys_mem(add, section->mr->name, start_addr);
@@ -543,21 +200,14 @@ void mshv_set_phys_mem(MshvMemoryListener *mml, MemoryRegionSection *section,
ram = memory_region_get_ram_ptr(area) + mr_offset;
- ret = set_memory(start_addr, size, !writable, (uint64_t)ram, add);
+ mshv_mr.guest_phys_addr = start_addr;
+ mshv_mr.memory_size = size;
+ mshv_mr.readonly = !writable;
+ mshv_mr.userspace_addr = (uint64_t)ram;
+
+ ret = set_memory(&mshv_mr, add);
if (ret < 0) {
- error_report("failed to set memory region");
+ error_report("Failed to set memory region");
abort();
}
}
-
-void mshv_init_memory_slot_manager(MshvState *mshv_state)
-{
- MshvMemorySlotManager *manager;
-
- assert(mshv_state);
- manager = &mshv_state->msm;
-
- manager->n_slots = 0;
- manager->slots = NULL;
- qemu_mutex_init(&manager->mutex);
-}
diff --git a/accel/mshv/mshv-all.c b/accel/mshv/mshv-all.c
index bed0fa298e6..ddc4c18cba4 100644
--- a/accel/mshv/mshv-all.c
+++ b/accel/mshv/mshv-all.c
@@ -437,8 +437,6 @@ static int mshv_init(AccelState *as, MachineState *ms)
mshv_init_msicontrol();
- mshv_init_memory_slot_manager(s);
-
ret = create_vm(mshv_fd, &vm_fd);
if (ret < 0) {
close(mshv_fd);
diff --git a/target/i386/mshv/mshv-cpu.c b/target/i386/mshv/mshv-cpu.c
index 586383b8820..f5c388eb87c 100644
--- a/target/i386/mshv/mshv-cpu.c
+++ b/target/i386/mshv/mshv-cpu.c
@@ -1167,43 +1167,6 @@ static int handle_mmio(CPUState *cpu, const struct hyperv_message *msg,
return 0;
}
-static int handle_unmapped_mem(int vm_fd, CPUState *cpu,
- const struct hyperv_message *msg,
- MshvVmExit *exit_reason)
-{
- struct hv_x64_memory_intercept_message info = { 0 };
- uint64_t gpa;
- int ret;
- enum MshvRemapResult remap_result;
-
- ret = set_memory_info(msg, &info);
- if (ret < 0) {
- error_report("failed to convert message to memory info");
- return -1;
- }
-
- gpa = info.guest_physical_address;
-
- /* attempt to remap the region, in case of overlapping userspace mappings */
- remap_result = mshv_remap_overlap_region(vm_fd, gpa);
- *exit_reason = MshvVmExitIgnore;
-
- switch (remap_result) {
- case MshvRemapNoMapping:
- /* if we didn't find a mapping, it is probably mmio */
- return handle_mmio(cpu, msg, exit_reason);
- case MshvRemapOk:
- break;
- case MshvRemapNoOverlap:
- /* This should not happen, but we are forgiving it */
- warn_report("found no overlap for unmapped region");
- *exit_reason = MshvVmExitSpecial;
- break;
- }
-
- return 0;
-}
-
static int set_ioport_info(const struct hyperv_message *msg,
hv_x64_io_port_intercept_message *info)
{
@@ -1545,12 +1508,6 @@ int mshv_run_vcpu(int vm_fd, CPUState *cpu, hv_message *msg, MshvVmExit *exit)
case HVMSG_UNRECOVERABLE_EXCEPTION:
return MshvVmExitShutdown;
case HVMSG_UNMAPPED_GPA:
- ret = handle_unmapped_mem(vm_fd, cpu, msg, &exit_reason);
- if (ret < 0) {
- error_report("failed to handle unmapped memory");
- return -1;
- }
- return exit_reason;
case HVMSG_GPA_INTERCEPT:
ret = handle_mmio(cpu, msg, &exit_reason);
if (ret < 0) {
diff --git a/accel/mshv/trace-events b/accel/mshv/trace-events
index 36f0d59b385..a4dffeb24a3 100644
--- a/accel/mshv/trace-events
+++ b/accel/mshv/trace-events
@@ -26,8 +26,3 @@ mshv_map_memory(uint64_t userspace_addr, uint64_t gpa, uint64_t size) "\tu_a=0x%
mshv_unmap_memory(uint64_t userspace_addr, uint64_t gpa, uint64_t size) "\tu_a=0x%" PRIx64 " gpa=0x%010" PRIx64 " size=0x%08" PRIx64
mshv_set_phys_mem(bool add, const char *name, uint64_t gpa) "\tadd=%d name=%s gpa=0x%010" PRIx64
mshv_handle_mmio(uint64_t gva, uint64_t gpa, uint64_t size, uint8_t access_type) "\tgva=0x%" PRIx64 " gpa=0x%010" PRIx64 " size=0x%" PRIx64 " access_type=%d"
-
-mshv_found_slot(uint64_t userspace_addr, uint64_t gpa, uint64_t size) "\tu_a=0x%" PRIx64 " gpa=0x%010" PRIx64 " size=0x%08" PRIx64
-mshv_skip_unset_mem(uint64_t userspace_addr, uint64_t gpa, uint64_t size) "\tu_a=0x%" PRIx64 " gpa=0x%010" PRIx64 " size=0x%08" PRIx64
-mshv_remap_attempt(uint64_t userspace_addr, uint64_t gpa, uint64_t size) "\tu_a=0x%" PRIx64 " gpa=0x%010" PRIx64 " size=0x%08" PRIx64
-mshv_find_slot_by_gpa(uint64_t gpa) "\tgpa=0x%010" PRIx64
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* [PULL 41/41] target/i386/mshv: remove unused optimization of gva=>gpa translation
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (39 preceding siblings ...)
2026-02-12 14:42 ` [PULL 40/41] accel/mshv: Remove remap overlapping mappings code Paolo Bonzini
@ 2026-02-12 14:42 ` Paolo Bonzini
2026-02-12 16:26 ` [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Peter Maydell
41 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-02-12 14:42 UTC (permalink / raw)
To: qemu-devel; +Cc: Magnus Kulke, Wei Liu
From: Magnus Kulke <magnuskulke@linux.microsoft.com>
The removed parameters are remnants of a prior attempt to optimize
gva=>gpa translation. Currently there is only one call site and it's
not using it. So we can remove it as dead code.
Signed-off-by: Magnus Kulke <magnuskulke@linux.microsoft.com>
Reviewed-by: Wei Liu <wei.liu@kernel.org>
Link: https://lore.kernel.org/r/20251125120852.250149-1-magnuskulke@linux.microsoft.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/mshv/mshv-cpu.c | 20 ++++++++------------
1 file changed, 8 insertions(+), 12 deletions(-)
diff --git a/target/i386/mshv/mshv-cpu.c b/target/i386/mshv/mshv-cpu.c
index f5c388eb87c..f190e83bd15 100644
--- a/target/i386/mshv/mshv-cpu.c
+++ b/target/i386/mshv/mshv-cpu.c
@@ -1336,23 +1336,19 @@ static int read_memory(const CPUState *cpu, uint64_t initial_gva,
return 0;
}
-static int write_memory(const CPUState *cpu, uint64_t initial_gva,
- uint64_t initial_gpa, uint64_t gva, const uint8_t *data,
+static int write_memory(const CPUState *cpu, uint64_t gva, const uint8_t *data,
size_t len)
{
int ret;
uint64_t gpa, flags;
- if (gva == initial_gva) {
- gpa = initial_gpa;
- } else {
- flags = HV_TRANSLATE_GVA_VALIDATE_WRITE;
- ret = translate_gva(cpu, gva, &gpa, flags);
- if (ret < 0) {
- error_report("failed to translate gva to gpa");
- return -1;
- }
+ flags = HV_TRANSLATE_GVA_VALIDATE_WRITE;
+ ret = translate_gva(cpu, gva, &gpa, flags);
+ if (ret < 0) {
+ error_report("failed to translate gva to gpa");
+ return -1;
}
+
ret = mshv_guest_mem_write(gpa, data, len, false);
if (ret != MEMTX_OK) {
error_report("failed to write to mmio");
@@ -1407,7 +1403,7 @@ static int handle_pio_str_read(CPUState *cpu,
for (size_t i = 0; i < repeat; i++) {
pio_read(port, data, len, false);
- ret = write_memory(cpu, 0, 0, dst, data, len);
+ ret = write_memory(cpu, dst, data, len);
if (ret < 0) {
error_report("Failed to write memory");
return -1;
--
2.52.0
^ permalink raw reply related [flat|nested] 49+ messages in thread
* Re: [PULL 00/41] QOM, target/i386 patches for 2026-02-12
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
` (40 preceding siblings ...)
2026-02-12 14:42 ` [PULL 41/41] target/i386/mshv: remove unused optimization of gva=>gpa translation Paolo Bonzini
@ 2026-02-12 16:26 ` Peter Maydell
41 siblings, 0 replies; 49+ messages in thread
From: Peter Maydell @ 2026-02-12 16:26 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: qemu-devel
On Thu, 12 Feb 2026 at 14:44, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> The following changes since commit cd5a79dc98e3087e7658e643bdbbb0baec77ac8a:
>
> Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging (2026-02-05 13:54:50 +0000)
>
> are available in the Git repository at:
>
> https://gitlab.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to 28a29efe4342055b4631de96ba71fd577ae83e07:
>
> target/i386/mshv: remove unused optimization of gva=>gpa translation (2026-02-10 14:41:08 +0100)
>
> ----------------------------------------------------------------
> * hw/i386: Remove deprecated PC 2.6 and 2.7 machines
> * i386/cpu: Fix incorrect initializer in Diamond Rapids definition
> * qom: Clean up property release
> * target/i386/kvm: set KVM_PMU_CAP_DISABLE if "-pmu" is configured
> * target/i386/kvm: reset AMD and perfmon-v2 PMU registers during VM reset
> * mshv: Cleanup
> * target/i386: convert SEV-ES termination requests to guest panic events
>
> ----------------------------------------------------------------
Hi; the commit for this patch:
> Aidan Khoury (1):
> i386/cpu: Fix incorrect initializer in Diamond Rapids definition
includes this change to the roms/seabios-hppa submodule:
> roms/seabios-hppa | 2 +-
which is not mentioned in the commit message and is not
related to the change. This seems likely to have been introduced
by accident during a patchseries rebase: could you remove it
from the commit and resend, please ?
thanks
-- PMM
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PULL 28/41] hw/char/virtio-serial: Do not expose the 'emergency-write' property
2026-02-12 14:42 ` [PULL 28/41] hw/char/virtio-serial: Do not expose the 'emergency-write' property Paolo Bonzini
@ 2026-02-16 17:21 ` Alexander Bulekov
0 siblings, 0 replies; 49+ messages in thread
From: Alexander Bulekov @ 2026-02-16 17:21 UTC (permalink / raw)
To: Paolo Bonzini
Cc: qemu-devel, Philippe Mathieu-Daudé, Mark Cave-Ayland,
Zhao Liu, Igor Mammedov
On 260212 1542, Paolo Bonzini wrote:
> From: Philippe Mathieu-Daudé <philmd@linaro.org>
>
> The VIRTIO_CONSOLE_F_EMERG_WRITE feature bit was only set
> in the hw_compat_2_7[] array, via the 'emergency-write=off'
> property. We removed all machines using that array, lets remove
> that property. All instances have this feature bit set and
> it can not be disabled. VirtIOSerial::host_features mask is
> now unused, remove it.
>
> Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
> Reviewed-by: Igor Mammedov <imammedo@redhat.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
> Link: https://lore.kernel.org/r/20260108033051.777361-28-zhao1.liu@intel.com
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Hello,
This change appears to have introduced a Heap-buffer-overflow:
https://gitlab.com/qemu-project/qemu/-/issues/3303
-Alex
> ---
> include/hw/virtio/virtio-serial.h | 2 --
> hw/char/virtio-serial-bus.c | 9 +++------
> 2 files changed, 3 insertions(+), 8 deletions(-)
>
> diff --git a/include/hw/virtio/virtio-serial.h b/include/hw/virtio/virtio-serial.h
> index 60641860bf8..da0c91e1a40 100644
> --- a/include/hw/virtio/virtio-serial.h
> +++ b/include/hw/virtio/virtio-serial.h
> @@ -186,8 +186,6 @@ struct VirtIOSerial {
> struct VirtIOSerialPostLoad *post_load;
>
> virtio_serial_conf serial;
> -
> - uint64_t host_features;
> };
>
> /* Interface to the virtio-serial bus */
> diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
> index 5ec5f5313b2..b7c57ea9678 100644
> --- a/hw/char/virtio-serial-bus.c
> +++ b/hw/char/virtio-serial-bus.c
> @@ -557,7 +557,7 @@ static uint64_t get_features(VirtIODevice *vdev, uint64_t features,
>
> vser = VIRTIO_SERIAL(vdev);
>
> - features |= vser->host_features;
> + features |= BIT_ULL(VIRTIO_CONSOLE_F_EMERG_WRITE);
> if (vser->bus.max_nr_ports > 1) {
> virtio_add_feature(&features, VIRTIO_CONSOLE_F_MULTIPORT);
> }
> @@ -587,8 +587,7 @@ static void set_config(VirtIODevice *vdev, const uint8_t *config_data)
> VirtIOSerialPortClass *vsc;
> uint8_t emerg_wr_lo;
>
> - if (!virtio_has_feature(vser->host_features,
> - VIRTIO_CONSOLE_F_EMERG_WRITE) || !config->emerg_wr) {
> + if (!config->emerg_wr) {
> return;
> }
>
> @@ -1040,7 +1039,7 @@ static void virtio_serial_device_realize(DeviceState *dev, Error **errp)
> return;
> }
>
> - if (!virtio_has_feature(vser->host_features,
> + if (!virtio_has_feature(vdev->host_features,
> VIRTIO_CONSOLE_F_EMERG_WRITE)) {
> config_size = offsetof(struct virtio_console_config, emerg_wr);
> }
> @@ -1156,8 +1155,6 @@ static const VMStateDescription vmstate_virtio_console = {
> static const Property virtio_serial_properties[] = {
> DEFINE_PROP_UINT32("max_ports", VirtIOSerial, serial.max_virtserial_ports,
> 31),
> - DEFINE_PROP_BIT64("emergency-write", VirtIOSerial, host_features,
> - VIRTIO_CONSOLE_F_EMERG_WRITE, true),
> };
>
> static void virtio_serial_class_init(ObjectClass *klass, const void *data)
> --
> 2.52.0
>
>
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PULL 04/41] pc: Start with modern CPU hotplug interface by default
2026-02-12 14:42 ` [PULL 04/41] pc: Start with modern CPU hotplug interface by default Paolo Bonzini
@ 2026-03-16 16:01 ` Peter Maydell
2026-03-17 4:23 ` Zhao Liu
0 siblings, 1 reply; 49+ messages in thread
From: Peter Maydell @ 2026-03-16 16:01 UTC (permalink / raw)
To: Paolo Bonzini
Cc: qemu-devel, Zhao Liu, Igor Mammedov, Fabiano Rosas, Peter Xu
On Thu, 12 Feb 2026 at 14:44, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> From: Zhao Liu <zhao1.liu@intel.com>
>
> For compatibility reasons PC/Q35 will start with legacy CPU hotplug
> interface by default but with new CPU hotplug AML code since 2.7
> machine type (in commit 679dd1a957df ("pc: use new CPU hotplug interface
> since 2.7 machine type")). In that way, legacy firmware that doesn't use
> QEMU generated ACPI tables was able to continue using legacy CPU hotplug
> interface.
>
> While later machine types, with firmware supporting QEMU provided ACPI
> tables, generate new CPU hotplug AML, which will switch to new CPU
> hotplug interface when guest OS executes its _INI method on ACPI tables
> loading.
>
> Since 2.6 machine type is now gone, and consider that the legacy BIOS
> (based on QEMU ACPI prior to v2.7) should be no longer in use, previous
> compatibility requirements are no longer necessary. So initialize
> 'modern' hotplug directly from the very beginning for PC/Q35 machines
> with cpu_hotplug_hw_init(), and drop _INIT method.
>
> Additionally, remove the checks and settings around cpu_hotplug_legacy
> in cpuhp VMState (for piix4 & ich9), to eliminate the risk of
> segmentation faults, as gpe_cpu no longer has the opportunity to be
> initialized. This is safe because all hotplug now start with the modern
> way, and it's impossible to switch to legacy way at runtime (even the
> "cpu-hotplug-legacy" properties does not allow it either).
Hi. This commit seems (according to git bisect) to have broken
"savevm" for the MIPS malta board (which uses piix4): it now
segfaults when you run the command from the monitor. Repro:
$ qemu-img create -f qcow2 dummy.qcow2 32M
Build QEMU with
'--target-list=mips-linux-user,mips64-linux-user,mipsel-linux-user,mipsn32-linux-user,mipsn32el-linux-user,mips-softmmu,mipsel-softmmu,mips64-softmmu,mips64el-softmmu'.
$ ./build/mips/qemu-system-mipsel -nographic -drive
if=none,format=qcow2,file=dummy.qcow2
[Type "C-a c" to get the "(qemu)" monitor prompt)]
(qemu) savevm foo
Backtrace from doing this under gdb:
#0 0x0000555555df7d4d in vmsd_can_compress (field=0x5555564f78a0
<__compound_literal.3>) at ../../migration/vmstate.c:339
#1 0x0000555555df7dbb in vmsd_desc_field_start
(vmsd=0x555556431ba0 <vmstate_cpuhp_state>, vmdesc=0x555556918690,
field=0x5555564f78a0 <__compound_literal.3>, i=0, max=1) at
../../migration/vmstate.c:362
#2 0x0000555555df85a7 in vmstate_save_state_v
(f=0x555556b5a0c0, vmsd=0x555556431ba0 <vmstate_cpuhp_state>,
opaque=0x555556c9aac0, vmdesc=0x555556918690, version_id=1,
errp=0x7fffffffc948) at ../../migration/vmstate.c:528
#3 0x0000555555df8032 in vmstate_save_state
(f=0x555556b5a0c0, vmsd=0x555556431ba0 <vmstate_cpuhp_state>,
opaque=0x555556c9aac0, vmdesc_id=0x555556918690, errp=0x7fffffffc948)
at ../../migration/vmstate.c:427
#4 0x0000555555df8f83 in vmstate_subsection_save
(f=0x555556b5a0c0, vmsd=0x555556431c40 <vmstate_acpi>,
opaque=0x555556c9aac0, vmdesc=0x555556918690, errp=0x7fffffffc948)
at ../../migration/vmstate.c:695
#5 0x0000555555df88a0 in vmstate_save_state_v
(f=0x555556b5a0c0, vmsd=0x555556431c40 <vmstate_acpi>,
opaque=0x555556c9aac0, vmdesc=0x555556918690, version_id=3,
errp=0x7fffffffc948) at ../../migration/vmstate.c:582
#6 0x0000555555df8032 in vmstate_save_state
(f=0x555556b5a0c0, vmsd=0x555556431c40 <vmstate_acpi>,
opaque=0x555556c9aac0, vmdesc_id=0x555556918690, errp=0x7fffffffc948)
at ../../migration/vmstate.c:427
#7 0x0000555555bd379e in vmstate_save (f=0x555556b5a0c0,
se=0x555557090ff0, vmdesc=0x555556918690, errp=0x7fffffffc948)
at ../../migration/savevm.c:1054
#8 0x0000555555bd5133 in qemu_savevm_state_non_iterable
(f=0x555556b5a0c0, errp=0x7fffffffc948)
at ../../migration/savevm.c:1726
#9 0x0000555555bd5226 in qemu_savevm_state_complete_precopy
(s=0x5555567a1d00) at ../../migration/savevm.c:1753
#10 0x0000555555bd5615 in qemu_savevm_state (f=0x555556b5a0c0,
errp=0x7fffffffcbf0) at ../../migration/savevm.c:1855
#11 0x0000555555bd8b83 in save_snapshot
(name=0x555557497150 "foo", overwrite=true, vmstate=0x0,
has_devices=false, devices=0x0, errp=0x7fffffffcbf0)
at ../../migration/savevm.c:3267
#12 0x0000555555ba9a62 in hmp_savevm (mon=0x55555691d950,
qdict=0x5555574973a0) at ../../migration/migration-hmp-cmds.c:481
The problem is that the vmstate_cpu_hotplug VMStateDescription
that is being used has a NULL "fields" (it is the "stub" one).
This used to be OK because the "piix4_pm/cpuhp" vmstate had
a "needed" function that would return false for Malta, so we
never tried to use the stub code.
What's the intention here ? Shouldn't we still have a "needed"
function that returns "false" for the cases where we would be
using the stub version of vmstate_cpu_hotplug ? Otherwise we
would be changing the migration data. We can permit a compat
break for MIPS boards, but the commit message suggests that
this wasn't intended to be a compat break.
In this thread Fabiano suggests a fix which is probably OK
if we want to take the "break migration compat" route:
https://lore.kernel.org/qemu-devel/CAFEAcA9BzSp9F8yv4eZv5eeUM4JXSy9T-QnRr_UbJZpNmhtHyw@mail.gmail.com/T/#m6f4a672ddfa8a0a34dfdf9b57bb04e529ab5c9a4
> include/hw/acpi/cpu.h | 1 -
> hw/acpi/cpu.c | 10 ----------
> hw/acpi/ich9.c | 22 +++-------------------
> hw/acpi/piix4.c | 21 +++------------------
> hw/i386/acpi-build.c | 2 +-
> hw/loongarch/virt-acpi-build.c | 1 -
> 6 files changed, 7 insertions(+), 50 deletions(-)
>
> diff --git a/include/hw/acpi/cpu.h b/include/hw/acpi/cpu.h
> index 557219d2c63..2809dd8a911 100644
> --- a/include/hw/acpi/cpu.h
> +++ b/include/hw/acpi/cpu.h
> @@ -54,7 +54,6 @@ void cpu_hotplug_hw_init(MemoryRegion *as, Object *owner,
>
> typedef struct CPUHotplugFeatures {
> bool acpi_1_compatible;
> - bool has_legacy_cphp;
> bool fw_unplugs_cpu;
> const char *smi_path;
> } CPUHotplugFeatures;
> diff --git a/hw/acpi/cpu.c b/hw/acpi/cpu.c
> index 6f1ae79edbf..d63ca83c1bc 100644
> --- a/hw/acpi/cpu.c
> +++ b/hw/acpi/cpu.c
> @@ -408,16 +408,6 @@ void build_cpus_aml(Aml *table, MachineState *machine, CPUHotplugFeatures opts,
> aml_append(field, aml_reserved_field(4 * 8));
> aml_append(field, aml_named_field(CPU_DATA, 32));
> aml_append(cpu_ctrl_dev, field);
> -
> - if (opts.has_legacy_cphp) {
> - method = aml_method("_INI", 0, AML_SERIALIZED);
> - /* switch off legacy CPU hotplug HW and use new one,
> - * on reboot system is in new mode and writing 0
> - * in CPU_SELECTOR selects BSP, which is NOP at
> - * the time _INI is called */
> - aml_append(method, aml_store(zero, aml_name(CPU_SELECTOR)));
> - aml_append(cpu_ctrl_dev, method);
> - }
> }
> aml_append(sb_scope, cpu_ctrl_dev);
>
> diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
> index 2b3b493c014..54590129c69 100644
> --- a/hw/acpi/ich9.c
> +++ b/hw/acpi/ich9.c
> @@ -183,26 +183,10 @@ static const VMStateDescription vmstate_tco_io_state = {
> }
> };
>
> -static bool vmstate_test_use_cpuhp(void *opaque)
> -{
> - ICH9LPCPMRegs *s = opaque;
> - return !s->cpu_hotplug_legacy;
> -}
> -
> -static int vmstate_cpuhp_pre_load(void *opaque)
> -{
> - ICH9LPCPMRegs *s = opaque;
> - Object *obj = OBJECT(s->gpe_cpu.device);
> - object_property_set_bool(obj, "cpu-hotplug-legacy", false, &error_abort);
> - return 0;
> -}
> -
> static const VMStateDescription vmstate_cpuhp_state = {
> .name = "ich9_pm/cpuhp",
> .version_id = 1,
> .minimum_version_id = 1,
> - .needed = vmstate_test_use_cpuhp,
> - .pre_load = vmstate_cpuhp_pre_load,
> .fields = (const VMStateField[]) {
> VMSTATE_CPU_HOTPLUG(cpuhp_state, ICH9LPCPMRegs),
> VMSTATE_END_OF_LIST()
> @@ -338,8 +322,8 @@ void ich9_pm_init(PCIDevice *lpc_pci, ICH9LPCPMRegs *pm, qemu_irq sci_irq)
> pm->powerdown_notifier.notify = pm_powerdown_req;
> qemu_register_powerdown_notifier(&pm->powerdown_notifier);
>
> - legacy_acpi_cpu_hotplug_init(pci_address_space_io(lpc_pci),
> - OBJECT(lpc_pci), &pm->gpe_cpu, ICH9_CPU_HOTPLUG_IO_BASE);
> + cpu_hotplug_hw_init(pci_address_space_io(lpc_pci),
> + OBJECT(lpc_pci), &pm->cpuhp_state, ICH9_CPU_HOTPLUG_IO_BASE);
>
> acpi_memory_hotplug_init(pci_address_space_io(lpc_pci), OBJECT(lpc_pci),
> &pm->acpi_memory_hotplug,
> @@ -419,7 +403,7 @@ void ich9_pm_add_properties(Object *obj, ICH9LPCPMRegs *pm)
> {
> static const uint32_t gpe0_len = ICH9_PMIO_GPE0_LEN;
> pm->acpi_memory_hotplug.is_enabled = true;
> - pm->cpu_hotplug_legacy = true;
> + pm->cpu_hotplug_legacy = false;
> pm->disable_s3 = 0;
> pm->disable_s4 = 0;
> pm->s4_val = 2;
> diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
> index 19d4d4be932..0eda692084d 100644
> --- a/hw/acpi/piix4.c
> +++ b/hw/acpi/piix4.c
> @@ -195,25 +195,10 @@ static const VMStateDescription vmstate_memhp_state = {
> }
> };
>
> -static bool vmstate_test_use_cpuhp(void *opaque)
> -{
> - PIIX4PMState *s = opaque;
> - return !s->cpu_hotplug_legacy;
> -}
> -
> -static int vmstate_cpuhp_pre_load(void *opaque)
> -{
> - Object *obj = OBJECT(opaque);
> - object_property_set_bool(obj, "cpu-hotplug-legacy", false, &error_abort);
> - return 0;
> -}
> -
> static const VMStateDescription vmstate_cpuhp_state = {
> .name = "piix4_pm/cpuhp",
> .version_id = 1,
> .minimum_version_id = 1,
> - .needed = vmstate_test_use_cpuhp,
> - .pre_load = vmstate_cpuhp_pre_load,
> .fields = (const VMStateField[]) {
> VMSTATE_CPU_HOTPLUG(cpuhp_state, PIIX4PMState),
> VMSTATE_END_OF_LIST()
> @@ -573,12 +558,12 @@ static void piix4_acpi_system_hot_add_init(MemoryRegion *parent,
> qbus_set_hotplug_handler(BUS(pci_get_bus(PCI_DEVICE(s))), OBJECT(s));
> }
>
> - s->cpu_hotplug_legacy = true;
> + s->cpu_hotplug_legacy = false;
> object_property_add_bool(OBJECT(s), "cpu-hotplug-legacy",
> piix4_get_cpu_hotplug_legacy,
> piix4_set_cpu_hotplug_legacy);
> - legacy_acpi_cpu_hotplug_init(parent, OBJECT(s), &s->gpe_cpu,
> - PIIX4_CPU_HOTPLUG_IO_BASE);
> + cpu_hotplug_hw_init(parent, OBJECT(s), &s->cpuhp_state,
> + PIIX4_CPU_HOTPLUG_IO_BASE);
>
> if (s->acpi_memory_hotplug.is_enabled) {
> acpi_memory_hotplug_init(parent, OBJECT(s), &s->acpi_memory_hotplug,
> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> index 19c62362e31..cdd72cbcaa0 100644
> --- a/hw/i386/acpi-build.c
> +++ b/hw/i386/acpi-build.c
> @@ -964,7 +964,7 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
> build_legacy_cpu_hotplug_aml(dsdt, machine, pm->cpu_hp_io_base);
> } else {
> CPUHotplugFeatures opts = {
> - .acpi_1_compatible = true, .has_legacy_cphp = true,
> + .acpi_1_compatible = true,
> .smi_path = pm->smi_on_cpuhp ? "\\_SB.PCI0.SMI0.SMIC" : NULL,
> .fw_unplugs_cpu = pm->smi_on_cpu_unplug,
> };
> diff --git a/hw/loongarch/virt-acpi-build.c b/hw/loongarch/virt-acpi-build.c
> index 54ac94e17d3..3e34bedcd6f 100644
> --- a/hw/loongarch/virt-acpi-build.c
> +++ b/hw/loongarch/virt-acpi-build.c
> @@ -369,7 +369,6 @@ build_la_ged_aml(Aml *dsdt, MachineState *machine)
>
> if (event & ACPI_GED_CPU_HOTPLUG_EVT) {
> opts.acpi_1_compatible = false;
> - opts.has_legacy_cphp = false;
> opts.fw_unplugs_cpu = false;
> opts.smi_path = NULL;
>
> --
> 2.52.0
thanks
-- PMM
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PULL 04/41] pc: Start with modern CPU hotplug interface by default
2026-03-16 16:01 ` Peter Maydell
@ 2026-03-17 4:23 ` Zhao Liu
2026-03-17 14:21 ` Peter Maydell
0 siblings, 1 reply; 49+ messages in thread
From: Zhao Liu @ 2026-03-17 4:23 UTC (permalink / raw)
To: Peter Maydell, Igor Mammedov
Cc: Paolo Bonzini, qemu-devel, Fabiano Rosas, Peter Xu,
Philippe Mathieu-Daudé, Aurelien Jarno, Zhao Liu
+Philippe & Aurelien
(And seeking Igor's input)
> The problem is that the vmstate_cpu_hotplug VMStateDescription
> that is being used has a NULL "fields" (it is the "stub" one).
> This used to be OK because the "piix4_pm/cpuhp" vmstate had
> a "needed" function that would return false for Malta, so we
> never tried to use the stub code.
>
> What's the intention here ? Shouldn't we still have a "needed"
> function that returns "false" for the cases where we would be
> using the stub version of vmstate_cpu_hotplug ? Otherwise we
> would be changing the migration data. We can permit a compat
> break for MIPS boards, but the commit message suggests that
> this wasn't intended to be a compat break.
Thanks, this is my bad - I didn't realize it would break Malta. The
"needed" method looks necessary, but previously making the "stub" one
depend on cpu_hotplug_legacy=true also sounds a bit not proper.
Maybe in the needed() method we should also check whether the board/
machine supports CPU hotplug: check mc->has_hotpluggable_cpus. IIUC,
Malta doesn't support this.
> In this thread Fabiano suggests a fix which is probably OK
> if we want to take the "break migration compat" route:
> https://lore.kernel.org/qemu-devel/CAFEAcA9BzSp9F8yv4eZv5eeUM4JXSy9T-QnRr_UbJZpNmhtHyw@mail.gmail.com/T/#m6f4a672ddfa8a0a34dfdf9b57bb04e529ab5c9a4
I think Fabiano's patch is a clean solution. Or I think there's another
option: we can bring needed() back but check mc->has_hotpluggable_cpus
instead, like acpi-ged/cpuhp did ().
Igor, what do you think?
---
diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index bbb1bd60a206..5c7dfb2c69db 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -184,10 +184,18 @@ static const VMStateDescription vmstate_tco_io_state = {
}
};
+static bool cpuhp_needed(void *opaque)
+{
+ MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
+
+ return mc->has_hotpluggable_cpus;
+}
+
static const VMStateDescription vmstate_cpuhp_state = {
.name = "ich9_pm/cpuhp",
.version_id = 1,
.minimum_version_id = 1,
+ .needed = cpuhp_needed,
.fields = (const VMStateField[]) {
VMSTATE_CPU_HOTPLUG(cpuhp_state, ICH9LPCPMRegs),
VMSTATE_END_OF_LIST()
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 43860d122780..9b7f50c7afac 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -195,10 +195,18 @@ static const VMStateDescription vmstate_memhp_state = {
}
};
+static bool cpuhp_needed(void *opaque)
+{
+ MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
+
+ return mc->has_hotpluggable_cpus;
+}
+
static const VMStateDescription vmstate_cpuhp_state = {
.name = "piix4_pm/cpuhp",
.version_id = 1,
.minimum_version_id = 1,
+ .needed = cpuhp_needed,
.fields = (const VMStateField[]) {
VMSTATE_CPU_HOTPLUG(cpuhp_state, PIIX4PMState),
VMSTATE_END_OF_LIST()
^ permalink raw reply related [flat|nested] 49+ messages in thread
* Re: [PULL 04/41] pc: Start with modern CPU hotplug interface by default
2026-03-17 4:23 ` Zhao Liu
@ 2026-03-17 14:21 ` Peter Maydell
0 siblings, 0 replies; 49+ messages in thread
From: Peter Maydell @ 2026-03-17 14:21 UTC (permalink / raw)
To: Zhao Liu
Cc: Igor Mammedov, Paolo Bonzini, qemu-devel, Fabiano Rosas, Peter Xu,
Philippe Mathieu-Daudé, Aurelien Jarno
On Tue, 17 Mar 2026 at 03:57, Zhao Liu <zhao1.liu@intel.com> wrote:
> I think Fabiano's patch is a clean solution. Or I think there's another
> option: we can bring needed() back but check mc->has_hotpluggable_cpus
> instead, like acpi-ged/cpuhp did ().
>
> Igor, what do you think?
>
> ---
> diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
> index bbb1bd60a206..5c7dfb2c69db 100644
> --- a/hw/acpi/ich9.c
> +++ b/hw/acpi/ich9.c
> @@ -184,10 +184,18 @@ static const VMStateDescription vmstate_tco_io_state = {
> }
> };
>
> +static bool cpuhp_needed(void *opaque)
> +{
> + MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
> +
> + return mc->has_hotpluggable_cpus;
> +}
> +
> static const VMStateDescription vmstate_cpuhp_state = {
> .name = "ich9_pm/cpuhp",
> .version_id = 1,
> .minimum_version_id = 1,
> + .needed = cpuhp_needed,
> .fields = (const VMStateField[]) {
> VMSTATE_CPU_HOTPLUG(cpuhp_state, ICH9LPCPMRegs),
> VMSTATE_END_OF_LIST()
> diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
> index 43860d122780..9b7f50c7afac 100644
> --- a/hw/acpi/piix4.c
> +++ b/hw/acpi/piix4.c
> @@ -195,10 +195,18 @@ static const VMStateDescription vmstate_memhp_state = {
> }
> };
>
> +static bool cpuhp_needed(void *opaque)
> +{
> + MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
> +
> + return mc->has_hotpluggable_cpus;
> +}
> +
> static const VMStateDescription vmstate_cpuhp_state = {
> .name = "piix4_pm/cpuhp",
> .version_id = 1,
> .minimum_version_id = 1,
> + .needed = cpuhp_needed,
> .fields = (const VMStateField[]) {
> VMSTATE_CPU_HOTPLUG(cpuhp_state, PIIX4PMState),
> VMSTATE_END_OF_LIST()
I quite like this option, though I defer to people more expert
on the piix4/hotplug code. This patch does fix the test
failures I was seeing on MIPS.
-- PMM
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PULL 16/41] hw/i386: Remove linuxboot.bin
2026-02-12 14:42 ` [PULL 16/41] hw/i386: Remove linuxboot.bin Paolo Bonzini
@ 2026-03-24 12:12 ` Daniel P. Berrangé
2026-03-24 12:14 ` Paolo Bonzini
0 siblings, 1 reply; 49+ messages in thread
From: Daniel P. Berrangé @ 2026-03-24 12:12 UTC (permalink / raw)
To: Paolo Bonzini
Cc: qemu-devel, Philippe Mathieu-Daudé, Thomas Huth, Zhao Liu
On Thu, Feb 12, 2026 at 03:42:18PM +0100, Paolo Bonzini wrote:
> From: Philippe Mathieu-Daudé <philmd@linaro.org>
>
> All machines now use the linuxboot_dma.bin binary, so it's safe to
> remove the non-DMA version (linuxboot.bin).
>
> Suggested-by: Thomas Huth <thuth@redhat.com>
> Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
> Reviewed-by: Thomas Huth <thuth@redhat.com>
> Link: https://lore.kernel.org/r/20260108033051.777361-16-zhao1.liu@intel.com
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> hw/i386/pc.c | 3 +-
> pc-bios/meson.build | 1 -
> pc-bios/optionrom/Makefile | 2 +-
> pc-bios/optionrom/linuxboot.S | 195 ----------------------------------
> 4 files changed, 2 insertions(+), 199 deletions(-)
> delete mode 100644 pc-bios/optionrom/linuxboot.S
The pre-built pc-bios/linuxboot_dma.bin still exists in the tree,
shouldn't that have been deleted too ?
>
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index b033fc67cf9..c0e6a23bec1 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -669,8 +669,7 @@ void xen_load_linux(PCMachineState *pcms)
>
> x86_load_linux(x86ms, fw_cfg, PC_FW_DATA, pcmc->pvh_enabled);
> for (i = 0; i < nb_option_roms; i++) {
> - assert(!strcmp(option_rom[i].name, "linuxboot.bin") ||
> - !strcmp(option_rom[i].name, "linuxboot_dma.bin") ||
> + assert(!strcmp(option_rom[i].name, "linuxboot_dma.bin") ||
> !strcmp(option_rom[i].name, "pvh.bin") ||
> !strcmp(option_rom[i].name, "multiboot_dma.bin"));
> rom_add_option(option_rom[i].name, option_rom[i].bootindex);
> diff --git a/pc-bios/meson.build b/pc-bios/meson.build
> index efe45c16705..2f470ed1294 100644
> --- a/pc-bios/meson.build
> +++ b/pc-bios/meson.build
> @@ -63,7 +63,6 @@ blobs = [
> 'efi-vmxnet3.rom',
> 'qemu-nsis.bmp',
> 'multiboot_dma.bin',
> - 'linuxboot.bin',
> 'linuxboot_dma.bin',
> 'kvmvapic.bin',
> 'pvh.bin',
> diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile
> index 963a77a3298..f1c1b9efc21 100644
> --- a/pc-bios/optionrom/Makefile
> +++ b/pc-bios/optionrom/Makefile
> @@ -2,7 +2,7 @@ include config.mak
> SRC_DIR := $(TOPSRC_DIR)/pc-bios/optionrom
> VPATH = $(SRC_DIR)
>
> -all: multiboot_dma.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin pvh.bin
> +all: multiboot_dma.bin linuxboot_dma.bin kvmvapic.bin pvh.bin
> # Dummy command so that make thinks it has done something
> @true
>
> diff --git a/pc-bios/optionrom/linuxboot.S b/pc-bios/optionrom/linuxboot.S
> deleted file mode 100644
> index ba821ab922d..00000000000
> --- a/pc-bios/optionrom/linuxboot.S
> +++ /dev/null
> @@ -1,195 +0,0 @@
> -/*
> - * Linux Boot Option ROM
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License as published by
> - * the Free Software Foundation; either version 2 of the License, or
> - * (at your option) any later version.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License
> - * along with this program; if not, see <http://www.gnu.org/licenses/>.
> - *
> - * Copyright Novell Inc, 2009
> - * Authors: Alexander Graf <agraf@suse.de>
> - *
> - * Based on code in hw/pc.c.
> - */
> -
> -#include "optionrom.h"
> -
> -#define BOOT_ROM_PRODUCT "Linux loader"
> -
> -BOOT_ROM_START
> -
> -run_linuxboot:
> -
> - cli
> - cld
> -
> - jmp copy_kernel
> -boot_kernel:
> -
> - read_fw FW_CFG_SETUP_ADDR
> -
> - mov %eax, %ebx
> - shr $4, %ebx
> -
> - /* All segments contain real_addr */
> - mov %bx, %ds
> - mov %bx, %es
> - mov %bx, %fs
> - mov %bx, %gs
> - mov %bx, %ss
> -
> - /* CX = CS we want to jump to */
> - add $0x20, %bx
> - mov %bx, %cx
> -
> - /* SP = cmdline_addr-real_addr-16 */
> - read_fw FW_CFG_CMDLINE_ADDR
> - mov %eax, %ebx
> - read_fw FW_CFG_SETUP_ADDR
> - sub %eax, %ebx
> - sub $16, %ebx
> - mov %ebx, %esp
> -
> - /* Build indirect lret descriptor */
> - pushw %cx /* CS */
> - xor %ax, %ax
> - pushw %ax /* IP = 0 */
> -
> - /* Clear registers */
> - xor %eax, %eax
> - xor %ebx, %ebx
> - xor %ecx, %ecx
> - xor %edx, %edx
> - xor %edi, %edi
> - xor %ebp, %ebp
> -
> - /* Jump to Linux */
> - lret
> -
> -
> -copy_kernel:
> - /* Read info block in low memory (0x10000 or 0x90000) */
> - read_fw FW_CFG_SETUP_ADDR
> - shr $4, %eax
> - mov %eax, %es
> - xor %edi, %edi
> - read_fw_blob_addr32_edi(FW_CFG_SETUP)
> -
> - cmpw $0x203, %es:0x206 // if protocol >= 0x203
> - jae 1f // have initrd_max
> - movl $0x37ffffff, %es:0x22c // else assume 0x37ffffff
> -1:
> -
> - /* Check if using kernel-specified initrd address */
> - read_fw FW_CFG_INITRD_ADDR
> - mov %eax, %edi // (load_kernel wants it in %edi)
> - read_fw FW_CFG_INITRD_SIZE // find end of initrd
> - add %edi, %eax
> - xor %es:0x22c, %eax // if it matches es:0x22c
> - and $-4096, %eax // (apart from padding for page)
> - jz load_kernel // then initrd is not at top
> - // of memory
> -
> - /* pc.c placed the initrd at end of memory. Compute a better
> - * initrd address based on e801 data.
> - */
> - mov $0xe801, %ax
> - xor %cx, %cx
> - xor %dx, %dx
> - int $0x15
> -
> - /* Output could be in AX/BX or CX/DX */
> - or %cx, %cx
> - jnz 1f
> - or %dx, %dx
> - jnz 1f
> - mov %ax, %cx
> - mov %bx, %dx
> -1:
> -
> - or %dx, %dx
> - jnz 2f
> - addw $1024, %cx /* add 1 MB */
> - movzwl %cx, %edi
> - shll $10, %edi /* convert to bytes */
> - jmp 3f
> -
> -2:
> - addw $16777216 >> 16, %dx /* add 16 MB */
> - movzwl %dx, %edi
> - shll $16, %edi /* convert to bytes */
> -
> -3:
> - read_fw FW_CFG_INITRD_SIZE
> - subl %eax, %edi
> - andl $-4096, %edi /* EDI = start of initrd */
> - movl %edi, %es:0x218 /* put it in the header */
> -
> -load_kernel:
> - /* We need to load the kernel into memory we can't access in 16 bit
> - mode, so let's get into 32 bit mode, write the kernel and jump
> - back again. */
> -
> - /* Reserve space on the stack for our GDT descriptor. */
> - mov %esp, %ebp
> - sub $16, %esp
> -
> - /* Now create the GDT descriptor */
> - movw $((3 * 8) - 1), -16(%bp)
> - mov %cs, %eax
> - movzwl %ax, %eax
> - shl $4, %eax
> - addl $gdt, %eax
> - movl %eax, -14(%bp)
> -
> - /* And load the GDT */
> - data32 lgdt -16(%bp)
> - mov %ebp, %esp
> -
> - /* Get us to protected mode now */
> - mov $1, %eax
> - mov %eax, %cr0
> -
> - /* So we can set ES to a 32-bit segment */
> - mov $0x10, %eax
> - mov %eax, %es
> -
> - /* We're now running in 16-bit CS, but 32-bit ES! */
> -
> - /* Load kernel and initrd */
> - read_fw_blob_addr32_edi(FW_CFG_INITRD)
> - read_fw_blob_addr32(FW_CFG_KERNEL)
> - read_fw_blob_addr32(FW_CFG_CMDLINE)
> -
> - /* And now jump into Linux! */
> - mov $0, %eax
> - mov %eax, %cr0
> -
> - /* ES = CS */
> - mov %cs, %ax
> - mov %ax, %es
> -
> - jmp boot_kernel
> -
> -/* Variables */
> -
> -.align 4, 0
> -gdt:
> - /* 0x00 */
> -.byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
> -
> - /* 0x08: code segment (base=0, limit=0xfffff, type=32bit code exec/read, DPL=0, 4k) */
> -.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x9a, 0xcf, 0x00
> -
> - /* 0x10: data segment (base=0, limit=0xfffff, type=32bit data read/write, DPL=0, 4k) */
> -.byte 0xff, 0xff, 0x00, 0x00, 0x00, 0x92, 0xcf, 0x00
> -
> -BOOT_ROM_END
> --
> 2.52.0
>
>
With regards,
Daniel
--
|: https://berrange.com ~~ https://hachyderm.io/@berrange :|
|: https://libvirt.org ~~ https://entangle-photo.org :|
|: https://pixelfed.art/berrange ~~ https://fstop138.berrange.com :|
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PULL 16/41] hw/i386: Remove linuxboot.bin
2026-03-24 12:12 ` Daniel P. Berrangé
@ 2026-03-24 12:14 ` Paolo Bonzini
0 siblings, 0 replies; 49+ messages in thread
From: Paolo Bonzini @ 2026-03-24 12:14 UTC (permalink / raw)
To: Daniel P. Berrangé
Cc: qemu-devel, Philippe Mathieu-Daudé, Thomas Huth, Zhao Liu
On Tue, Mar 24, 2026 at 1:12 PM Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> On Thu, Feb 12, 2026 at 03:42:18PM +0100, Paolo Bonzini wrote:
> > From: Philippe Mathieu-Daudé <philmd@linaro.org>
> >
> > All machines now use the linuxboot_dma.bin binary, so it's safe to
> > remove the non-DMA version (linuxboot.bin).
> >
> > Suggested-by: Thomas Huth <thuth@redhat.com>
> > Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
> > Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> > Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
> > Reviewed-by: Thomas Huth <thuth@redhat.com>
> > Link: https://lore.kernel.org/r/20260108033051.777361-16-zhao1.liu@intel.com
> > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> > ---
> > hw/i386/pc.c | 3 +-
> > pc-bios/meson.build | 1 -
> > pc-bios/optionrom/Makefile | 2 +-
> > pc-bios/optionrom/linuxboot.S | 195 ----------------------------------
> > 4 files changed, 2 insertions(+), 199 deletions(-)
> > delete mode 100644 pc-bios/optionrom/linuxboot.S
>
> The pre-built pc-bios/linuxboot_dma.bin still exists in the tree,
> shouldn't that have been deleted too ?
I think you mean pc-bios/linuxboot.bin - yeah, that one should go as well.
Paolo
^ permalink raw reply [flat|nested] 49+ messages in thread
end of thread, other threads:[~2026-03-24 12:15 UTC | newest]
Thread overview: 49+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-12 14:42 [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Paolo Bonzini
2026-02-12 14:42 ` [PULL 01/41] target/i386: convert SEV-ES termination requests to guest panic events Paolo Bonzini
2026-02-12 14:42 ` [PULL 02/41] hw/i386/pc: Remove deprecated pc-q35-2.6 and pc-i440fx-2.6 machines Paolo Bonzini
2026-02-12 14:42 ` [PULL 03/41] tests/acpi: Allow DSDT table change for x86 machines Paolo Bonzini
2026-02-12 14:42 ` [PULL 04/41] pc: Start with modern CPU hotplug interface by default Paolo Bonzini
2026-03-16 16:01 ` Peter Maydell
2026-03-17 4:23 ` Zhao Liu
2026-03-17 14:21 ` Peter Maydell
2026-02-12 14:42 ` [PULL 05/41] hw/i386/pc: Remove PCMachineClass::legacy_cpu_hotplug field Paolo Bonzini
2026-02-12 14:42 ` [PULL 06/41] acpi: Remove legacy cpu hotplug utilities Paolo Bonzini
2026-02-12 14:42 ` [PULL 07/41] docs/specs/acpi_cpu_hotplug: Remove legacy cpu hotplug descriptions Paolo Bonzini
2026-02-12 14:42 ` [PULL 08/41] tests/acpi: Update DSDT tables for pc & q35 machines Paolo Bonzini
2026-02-12 14:42 ` [PULL 09/41] hw/nvram/fw_cfg: Rename fw_cfg_init_mem() with '_nodma' suffix Paolo Bonzini
2026-02-12 14:42 ` [PULL 10/41] hw/mips/loongson3_virt: Prefer using fw_cfg_init_mem_nodma() Paolo Bonzini
2026-02-12 14:42 ` [PULL 11/41] hw/nvram/fw_cfg: Factor fw_cfg_init_mem_internal() out Paolo Bonzini
2026-02-12 14:42 ` [PULL 12/41] hw/nvram/fw_cfg: Rename fw_cfg_init_mem_wide() -> fw_cfg_init_mem_dma() Paolo Bonzini
2026-02-12 14:42 ` [PULL 13/41] hw/i386/x86: Remove X86MachineClass::fwcfg_dma_enabled field Paolo Bonzini
2026-02-12 14:42 ` [PULL 14/41] hw/i386/pc: Remove multiboot.bin Paolo Bonzini
2026-02-12 14:42 ` [PULL 15/41] hw/i386: Assume fw_cfg DMA is always enabled Paolo Bonzini
2026-02-12 14:42 ` [PULL 16/41] hw/i386: Remove linuxboot.bin Paolo Bonzini
2026-03-24 12:12 ` Daniel P. Berrangé
2026-03-24 12:14 ` Paolo Bonzini
2026-02-12 14:42 ` [PULL 17/41] hw/i386/pc: Remove pc_compat_2_6[] array Paolo Bonzini
2026-02-12 14:42 ` [PULL 18/41] hw/intc/apic: Remove APICCommonState::legacy_instance_id field Paolo Bonzini
2026-02-12 14:42 ` [PULL 19/41] hw/core/machine: Remove hw_compat_2_6[] array Paolo Bonzini
2026-02-12 14:42 ` [PULL 20/41] hw/virtio/virtio-mmio: Remove VirtIOMMIOProxy::format_transport_address field Paolo Bonzini
2026-02-12 14:42 ` [PULL 21/41] hw/i386/pc: Remove deprecated pc-q35-2.7 and pc-i440fx-2.7 machines Paolo Bonzini
2026-02-12 14:42 ` [PULL 22/41] hw/i386/pc: Remove pc_compat_2_7[] array Paolo Bonzini
2026-02-12 14:42 ` [PULL 23/41] target/i386/cpu: Remove CPUX86State::full_cpuid_auto_level field Paolo Bonzini
2026-02-12 14:42 ` [PULL 24/41] hw/audio/pcspk: Remove PCSpkState::migrate field Paolo Bonzini
2026-02-12 14:42 ` [PULL 25/41] hw/core/machine: Remove hw_compat_2_7[] array Paolo Bonzini
2026-02-12 14:42 ` [PULL 26/41] hw/i386/intel_iommu: Remove IntelIOMMUState::buggy_eim field Paolo Bonzini
2026-02-12 14:42 ` [PULL 27/41] hw/virtio/virtio-pci: Remove VirtIOPCIProxy::ignore_backend_features field Paolo Bonzini
2026-02-12 14:42 ` [PULL 28/41] hw/char/virtio-serial: Do not expose the 'emergency-write' property Paolo Bonzini
2026-02-16 17:21 ` Alexander Bulekov
2026-02-12 14:42 ` [PULL 29/41] i386/cpu: Fix incorrect initializer in Diamond Rapids definition Paolo Bonzini
2026-02-12 14:42 ` [PULL 30/41] target/i386/kvm: set KVM_PMU_CAP_DISABLE if "-pmu" is configured Paolo Bonzini
2026-02-12 14:42 ` [PULL 31/41] target/i386/kvm: extract unrelated code out of kvm_x86_build_cpuid() Paolo Bonzini
2026-02-12 14:42 ` [PULL 32/41] target/i386/kvm: rename architectural PMU variables Paolo Bonzini
2026-02-12 14:42 ` [PULL 33/41] target/i386/kvm: reset AMD PMU registers during VM reset Paolo Bonzini
2026-02-12 14:42 ` [PULL 34/41] target/i386/kvm: support perfmon-v2 for reset Paolo Bonzini
2026-02-12 14:42 ` [PULL 35/41] qdev: Free property array on release Paolo Bonzini
2026-02-12 14:42 ` [PULL 36/41] qdev: make release_string() idempotent Paolo Bonzini
2026-02-12 14:42 ` [PULL 37/41] qdev: make release_drive() idempotent Paolo Bonzini
2026-02-12 14:42 ` [PULL 38/41] qdev: make release_tpm() idempotent Paolo Bonzini
2026-02-12 14:42 ` [PULL 39/41] tests: add /qdev/free-properties test Paolo Bonzini
2026-02-12 14:42 ` [PULL 40/41] accel/mshv: Remove remap overlapping mappings code Paolo Bonzini
2026-02-12 14:42 ` [PULL 41/41] target/i386/mshv: remove unused optimization of gva=>gpa translation Paolo Bonzini
2026-02-12 16:26 ` [PULL 00/41] QOM, target/i386 patches for 2026-02-12 Peter Maydell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox