From a7a05f5f6a4085afbede315e749b1c67e78c966b Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Sun, 23 Mar 2025 22:35:54 +0100 Subject: [PATCH 1/8] smbios: Fix buffer overrun when using path= option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We have to make sure the array of bytes read from the path= file is null-terminated, otherwise we run into a buffer overrun later on. Fixes: bb99f4772f54017490e3356ecbb3df25c5d4537f ("hw/smbios: support loading OEM strings values from a file") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2879 Signed-off-by: Daan De Meyer Reviewed-by: Daniel P. Berrangé Tested-by: Valentin David Message-ID: <20250323213622.2581013-1-daan.j.demeyer@gmail.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/smbios/smbios.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c index 02a09eb9cd..ad4cd6721e 100644 --- a/hw/smbios/smbios.c +++ b/hw/smbios/smbios.c @@ -1285,6 +1285,9 @@ static int save_opt_one(void *opaque, g_byte_array_append(data, (guint8 *)buf, ret); } + buf[0] = '\0'; + g_byte_array_append(data, (guint8 *)buf, 1); + qemu_close(fd); *opt->dest = g_renew(char *, *opt->dest, (*opt->ndest) + 1); From 15a9fe6e35369d6e488233f689a3dbdd7a525546 Mon Sep 17 00:00:00 2001 From: Joel Stanley Date: Tue, 1 Apr 2025 14:45:08 +1030 Subject: [PATCH 2/8] hw/core/machine: Fix -machine dumpdtb=file.dtb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In commit 8fd2518ef2f8 ("hw: Centralize handling of -machine dumpdtb option") the call to dump was moved with respect to the init of the machine. This resulted in the device tree missing parts of the machine description, depending on how they construct their device tree. The arm virt machine is missing some PSCI nodes, while the riscv one is missing most of its content. Move the dump to after the notifiers have been run, allowing virt_machine_done to be called and the device tree to be fully populated. Fixes: 8fd2518ef2f8 ("hw: Centralize handling of -machine dumpdtb option") Signed-off-by: Joel Stanley Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20250401041509.719153-1-joel@jms.id.au> Signed-off-by: Philippe Mathieu-Daudé --- hw/core/machine.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hw/core/machine.c b/hw/core/machine.c index f52a4f2273..63c6ef93d2 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -1731,12 +1731,6 @@ void qdev_machine_creation_done(void) phase_advance(PHASE_MACHINE_READY); qdev_assert_realized_properly(); - /* - * If the user used -machine dumpdtb=file.dtb to request that we - * dump the DTB to a file, do it now, and exit. - */ - handle_machine_dumpdtb(current_machine); - /* TODO: once all bus devices are qdevified, this should be done * when bus is created by qdev.c */ /* @@ -1750,6 +1744,12 @@ void qdev_machine_creation_done(void) notifier_list_notify(&machine_init_done_notifiers, NULL); + /* + * If the user used -machine dumpdtb=file.dtb to request that we + * dump the DTB to a file, do it now, and exit. + */ + handle_machine_dumpdtb(current_machine); + if (rom_check_and_register_reset() != 0) { exit(1); } From 2ba700a501820f7a59c030f6f49a631a3d2c06f5 Mon Sep 17 00:00:00 2001 From: Zhang Chen Date: Tue, 1 Apr 2025 16:31:02 +0800 Subject: [PATCH 3/8] docs/arm: Add apple HVF host for supported guest CPU type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In my test, latest QEMU already support Apple HVF for -cpu host and max. From guest VM lscpu: Architecture: aarch64 CPU op-mode(s): 64-bit Byte Order: Little Endian CPU(s): 11 On-line CPU(s) list: 0-10 Vendor ID: Apple Model name: - Model: 0 Thread(s) per core: 1 Core(s) per socket: 11 Socket(s): 1 Stepping: 0x0 BogoMIPS: 48.00 Flags: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm jscvt fcma lrcpc dcpop sha3 asimddp sha512 asim dfhm dit uscat ilrcpc flagm ssbs sb paca pacg dcpodp flagm2 frint Signed-off-by: Zhang Chen Reviewed-by: Alex Bennée Message-ID: <20250401083102.72845-1-zhangckid@gmail.com> Signed-off-by: Philippe Mathieu-Daudé --- docs/system/arm/virt.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/system/arm/virt.rst b/docs/system/arm/virt.rst index adf446c0a2..6a719b9586 100644 --- a/docs/system/arm/virt.rst +++ b/docs/system/arm/virt.rst @@ -70,11 +70,11 @@ Supported guest CPU types: - ``cortex-a76`` (64-bit) - ``cortex-a710`` (64-bit) - ``a64fx`` (64-bit) -- ``host`` (with KVM only) +- ``host`` (with KVM and HVF only) - ``neoverse-n1`` (64-bit) - ``neoverse-v1`` (64-bit) - ``neoverse-n2`` (64-bit) -- ``max`` (same as ``host`` for KVM; best possible emulation with TCG) +- ``max`` (same as ``host`` for KVM and HVF; best possible emulation with TCG) Note that the default is ``cortex-a15``, so for an AArch64 guest you must specify a CPU type. From 535ef195663e134d704a3c4f375bf5c488705808 Mon Sep 17 00:00:00 2001 From: Keoseong Park Date: Thu, 3 Apr 2025 18:21:40 +0900 Subject: [PATCH 4/8] hw/ufs: Fix incorrect comment for segment_size and allocation_unit_size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The comments for segment_size and allocation_unit_size incorrectly described them as 4KB. According to the UFS specification, segment_size is expressed in units of 512 bytes. Given segment_size = 0x2000 (8192), the actual size is 4MB. Similarly, allocation_unit_size = 1 means 1 segment = 4MB. This patch updates the comments to reflect the correct size. Signed-off-by: Keoseong Park Reviewed-by: Jeuk Kim Message-ID: <20250403092140epcms2p355a7f039871b3e5b409754ef450b9158@epcms2p3> Signed-off-by: Philippe Mathieu-Daudé --- hw/ufs/ufs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/ufs/ufs.c b/hw/ufs/ufs.c index ee13edacd8..542f13b10e 100644 --- a/hw/ufs/ufs.c +++ b/hw/ufs/ufs.c @@ -1753,8 +1753,8 @@ static void ufs_init_hc(UfsHc *u) u->geometry_desc.length = sizeof(GeometryDescriptor); u->geometry_desc.descriptor_idn = UFS_QUERY_DESC_IDN_GEOMETRY; u->geometry_desc.max_number_lu = (UFS_MAX_LUS == 32) ? 0x1 : 0x0; - u->geometry_desc.segment_size = cpu_to_be32(0x2000); /* 4KB */ - u->geometry_desc.allocation_unit_size = 0x1; /* 4KB */ + u->geometry_desc.segment_size = cpu_to_be32(0x2000); /* 4MB: 8192 * 512B */ + u->geometry_desc.allocation_unit_size = 0x1; /* 4MB: 1 segment */ u->geometry_desc.min_addr_block_size = 0x8; /* 4KB */ u->geometry_desc.max_in_buffer_size = 0x8; u->geometry_desc.max_out_buffer_size = 0x8; From 764ca3ec8999fbeb64e2ddb3cd2df0f7004fc59b Mon Sep 17 00:00:00 2001 From: Guenter Roeck Date: Sat, 5 Apr 2025 23:48:59 +0200 Subject: [PATCH 5/8] hw/arm/imx8mp-evk: Remove unimplemented cpu-idle-states properties from devicetree MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The cpu-idle-states property causes a hard boot hang. Rather than documenting the workaround, perform the removal from the devicetree automatically. Signed-off-by: Guenter Roeck Signed-off-by: Bernhard Beschow [Bernhard: split patch, update documentation, adapt commit message] Signed-off-by: Bernhard Beschow Message-ID: <20250405214900.7114-3-shentey@gmail.com> Signed-off-by: Philippe Mathieu-Daudé --- docs/system/arm/imx8mp-evk.rst | 12 ++---------- hw/arm/imx8mp-evk.c | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/docs/system/arm/imx8mp-evk.rst b/docs/system/arm/imx8mp-evk.rst index 00527b0cbe..b2f7d29ade 100644 --- a/docs/system/arm/imx8mp-evk.rst +++ b/docs/system/arm/imx8mp-evk.rst @@ -35,7 +35,7 @@ Direct Linux Kernel Boot Probably the easiest way to get started with a whole Linux system on the machine is to generate an image with Buildroot. Version 2024.11.1 is tested at the time -of writing and involves three steps. First run the following commands in the +of writing and involves two steps. First run the following commands in the toplevel directory of the Buildroot source tree: .. code-block:: bash @@ -50,14 +50,6 @@ it and resize the SD card image to a power of two: $ qemu-img resize sdcard.img 256M -Finally, the device tree needs to be patched with the following commands which -will remove the ``cpu-idle-states`` properties from CPU nodes: - -.. code-block:: bash - - $ dtc imx8mp-evk.dtb | sed '/cpu-idle-states/d' > imx8mp-evk-patched.dts - $ dtc imx8mp-evk-patched.dts -o imx8mp-evk-patched.dtb - Now that everything is prepared the machine can be started as follows: .. code-block:: bash @@ -65,6 +57,6 @@ Now that everything is prepared the machine can be started as follows: $ qemu-system-aarch64 -M imx8mp-evk -smp 4 -m 3G \ -display none -serial null -serial stdio \ -kernel Image \ - -dtb imx8mp-evk-patched.dtb \ + -dtb imx8mp-evk.dtb \ -append "root=/dev/mmcblk2p2" \ -drive file=sdcard.img,if=sd,bus=2,format=raw,id=mmcblk2 diff --git a/hw/arm/imx8mp-evk.c b/hw/arm/imx8mp-evk.c index f17d5db466..3bbf2bfbea 100644 --- a/hw/arm/imx8mp-evk.c +++ b/hw/arm/imx8mp-evk.c @@ -15,6 +15,19 @@ #include "system/qtest.h" #include "qemu/error-report.h" #include "qapi/error.h" +#include + +static void imx8mp_evk_modify_dtb(const struct arm_boot_info *info, void *fdt) +{ + int offset; + + /* Remove cpu-idle-states property from CPU nodes */ + offset = fdt_node_offset_by_compatible(fdt, -1, "arm,cortex-a53"); + while (offset >= 0) { + fdt_nop_property(fdt, offset, "cpu-idle-states"); + offset = fdt_node_offset_by_compatible(fdt, offset, "arm,cortex-a53"); + } +} static void imx8mp_evk_init(MachineState *machine) { @@ -32,6 +45,7 @@ static void imx8mp_evk_init(MachineState *machine) .board_id = -1, .ram_size = machine->ram_size, .psci_conduit = QEMU_PSCI_CONDUIT_SMC, + .modify_dtb = imx8mp_evk_modify_dtb, }; s = FSL_IMX8MP(object_new(TYPE_FSL_IMX8MP)); From f978f410aa4f4b5ce9a4c18c815507bcbfb75b9d Mon Sep 17 00:00:00 2001 From: Guenter Roeck Date: Sat, 5 Apr 2025 23:49:00 +0200 Subject: [PATCH 6/8] hw/arm/imx8mp-evk: Temporarily remove unimplemented imx8mp-fspi node from devicetree MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The nxp,imx8mp-fspi node triggers a warning backtrace. Remove it from the devicetree file. Signed-off-by: Guenter Roeck Inspired-by: commit bf1da4b308 ("hw/arm/raspi4b: Temporarily disable unimplemented rpi4b devices") Signed-off-by: Bernhard Beschow [Bernhard: split patch, adapt commit message] Message-ID: <20250405214900.7114-4-shentey@gmail.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/arm/imx8mp-evk.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/hw/arm/imx8mp-evk.c b/hw/arm/imx8mp-evk.c index 3bbf2bfbea..b5aec06ec5 100644 --- a/hw/arm/imx8mp-evk.c +++ b/hw/arm/imx8mp-evk.c @@ -19,7 +19,22 @@ static void imx8mp_evk_modify_dtb(const struct arm_boot_info *info, void *fdt) { - int offset; + int i, offset; + + /* Temporarily disable following nodes until they are implemented */ + const char *nodes_to_remove[] = { + "nxp,imx8mp-fspi", + }; + + for (i = 0; i < ARRAY_SIZE(nodes_to_remove); i++) { + const char *dev_str = nodes_to_remove[i]; + + offset = fdt_node_offset_by_compatible(fdt, -1, dev_str); + while (offset >= 0) { + fdt_nop_node(fdt, offset); + offset = fdt_node_offset_by_compatible(fdt, offset, dev_str); + } + } /* Remove cpu-idle-states property from CPU nodes */ offset = fdt_node_offset_by_compatible(fdt, -1, "arm,cortex-a53"); From 8c996e32712820d6d1e62ba6436424d0ba837d96 Mon Sep 17 00:00:00 2001 From: Klaus Jensen Date: Tue, 8 Apr 2025 12:20:46 +0200 Subject: [PATCH 7/8] hw/nvme: fix attachment of private namespaces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix regression when attaching private namespaces that gets attached to the wrong controller. Keep track of the original controller "owner" of private namespaces, and only attach if this matches on controller enablement. Fixes: 6ccca4b6bb9f ("hw/nvme: rework csi handling") Reported-by: Alan Adamson Suggested-by: Alan Adamson Signed-off-by: Klaus Jensen Tested-by: Alan Adamson Reviewed-by: Alan Adamson Reviewed-by: Keith Busch Message-ID: <20250408-fix-private-ns-v1-1-28e169b6b60b@samsung.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/nvme/ctrl.c | 7 ++++++- hw/nvme/ns.c | 4 ++++ hw/nvme/nvme.h | 3 +++ hw/nvme/subsys.c | 9 +-------- 4 files changed, 14 insertions(+), 9 deletions(-) diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index 518d02dc66..d6b77d4fbc 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -7755,7 +7755,11 @@ static int nvme_start_ctrl(NvmeCtrl *n) for (int i = 1; i <= NVME_MAX_NAMESPACES; i++) { NvmeNamespace *ns = nvme_subsys_ns(n->subsys, i); - if (ns && nvme_csi_supported(n, ns->csi) && !ns->params.detached) { + if (!ns || (!ns->params.shared && ns->ctrl != n)) { + continue; + } + + if (nvme_csi_supported(n, ns->csi) && !ns->params.detached) { if (!ns->attached || ns->params.shared) { nvme_attach_ns(n, ns); } @@ -8988,6 +8992,7 @@ static void nvme_realize(PCIDevice *pci_dev, Error **errp) if (n->namespace.blkconf.blk) { ns = &n->namespace; ns->params.nsid = 1; + ns->ctrl = n; if (nvme_ns_setup(ns, errp)) { return; diff --git a/hw/nvme/ns.c b/hw/nvme/ns.c index 98c1e75a5d..4ab8ba74f5 100644 --- a/hw/nvme/ns.c +++ b/hw/nvme/ns.c @@ -763,6 +763,10 @@ static void nvme_ns_realize(DeviceState *dev, Error **errp) ns->id_ns.endgid = cpu_to_le16(0x1); ns->id_ns_ind.endgrpid = cpu_to_le16(0x1); + + if (!ns->params.shared) { + ns->ctrl = n; + } } static const Property nvme_ns_props[] = { diff --git a/hw/nvme/nvme.h b/hw/nvme/nvme.h index 6f782ba188..b5c9378ea4 100644 --- a/hw/nvme/nvme.h +++ b/hw/nvme/nvme.h @@ -268,6 +268,9 @@ typedef struct NvmeNamespace { NvmeSubsystem *subsys; NvmeEnduranceGroup *endgrp; + /* NULL for shared namespaces; set to specific controller if private */ + NvmeCtrl *ctrl; + struct { uint32_t err_rec; } features; diff --git a/hw/nvme/subsys.c b/hw/nvme/subsys.c index 2ae56f12a5..b617ac3892 100644 --- a/hw/nvme/subsys.c +++ b/hw/nvme/subsys.c @@ -56,7 +56,7 @@ int nvme_subsys_register_ctrl(NvmeCtrl *n, Error **errp) { NvmeSubsystem *subsys = n->subsys; NvmeSecCtrlEntry *sctrl = nvme_sctrl(n); - int cntlid, nsid, num_rsvd, num_vfs = n->params.sriov_max_vfs; + int cntlid, num_rsvd, num_vfs = n->params.sriov_max_vfs; if (pci_is_vf(&n->parent_obj)) { cntlid = le16_to_cpu(sctrl->scid); @@ -92,13 +92,6 @@ int nvme_subsys_register_ctrl(NvmeCtrl *n, Error **errp) subsys->ctrls[cntlid] = n; - for (nsid = 1; nsid < ARRAY_SIZE(subsys->namespaces); nsid++) { - NvmeNamespace *ns = subsys->namespaces[nsid]; - if (ns && ns->params.shared && !ns->params.detached) { - nvme_attach_ns(n, ns); - } - } - return cntlid; } From ae81527b431e235b7f81a400b9a6a27b798c40b3 Mon Sep 17 00:00:00 2001 From: Zhao Liu Date: Wed, 9 Apr 2025 00:27:02 +0800 Subject: [PATCH 8/8] scripts/checkpatch: Fix typo in SPDX-License-Identifier keyword MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix the typo in the error message to help `grep` the example: ERROR: New file '***' requires 'SPDX-License-Identifer' Fixes: fa4d79c64dae ("scripts: mandate that new files have SPDX-License-Identifier") Signed-off-by: Zhao Liu Reviewed-by: Alex Bennée Message-ID: <20250408162702.2350565-1-zhao1.liu@intel.com> Signed-off-by: Philippe Mathieu-Daudé --- scripts/checkpatch.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 6ae9d7febe..365892de04 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -1688,11 +1688,11 @@ sub process { /\.(c|h|py|pl|sh|json|inc|Makefile)$/) { # source code files MUST have SPDX license declared ERROR("New file '$expect_spdx_file' requires " . - "'SPDX-License-Identifer'"); + "'SPDX-License-Identifier'"); } else { # Other files MAY have SPDX license if appropriate WARN("Does new file '$expect_spdx_file' need " . - "'SPDX-License-Identifer'?"); + "'SPDX-License-Identifier'?"); } } $expect_spdx = 1;