machine.c doesn't use any target-specific macro defined by
the "migration/cpu.h" header. Use the minimum header required:
"migration/qemu-file-types.h" and "migration/vmstate.h", which
are not target-specific.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260107200702.54582-8-philmd@linaro.org>
The HPPA architecture uses big endianness. Directly use
the big-endian LD/ST API.
Mechanical change using:
$ end=be; \
for acc in uw w l q tul; do \
sed -i -e "s/ld${acc}_p(/ld${acc}_${end}_p(/" \
-e "s/st${acc}_p(/st${acc}_${end}_p(/" \
$(git grep -wlE '(ld|st)t?u?[wlq]_p' target/hppa/); \
done
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251229225517.45078-4-philmd@linaro.org>
Partly revert changes introduced by commit b2c2d00f48 ("target/hppa:
add 64 bit support to gdbstub"), restoring the cpu_env() call and
removing the unused @cpu argument.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251229225517.45078-3-philmd@linaro.org>
We only build the HPPA target using big endianness order,
therefore the cpu_ld/st_data*() definitions expand to the big
endian declarations. Use the explicit big-endian variants.
Mechanical change running:
$ tgt=hppa; \
end=be; \
for op in data mmuidx_ra; do \
for ac in uw sw l q; do \
sed -i -e "s/cpu_ld${ac}_${op}/cpu_ld${ac}_${end}_${op}/" \
$(git grep -l cpu_ target/${tgt}/); \
done;
for ac in w l q; do \
sed -i -e "s/cpu_st${ac}_${op}/cpu_st${ac}_${end}_${op}/" \
$(git grep -l cpu_ target/${tgt}/); \
done;
done
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251229225517.45078-2-philmd@linaro.org>
We only build the Hexagon target using little endianness order,
therefore the cpu_ld/st_data*() definitions expand to the little
endian declarations. Use the explicit little-endian variants.
Mechanical change running:
$ tgt=hexagon; \
end=le; \
for op in data mmuidx_ra; do \
for ac in uw sw l q; do \
sed -i -e "s/cpu_ld${ac}_${op}/cpu_ld${ac}_${end}_${op}/" \
$(git grep -l cpu_ target/${tgt}/); \
done;
for ac in w l q; do \
sed -i -e "s/cpu_st${ac}_${op}/cpu_st${ac}_${end}_${op}/" \
$(git grep -l cpu_ target/${tgt}/); \
done;
done
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Brian Cain <brian.cain@oss.qualcomm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251219185025.97318-3-philmd@linaro.org>
In preparation for dropping TARGET_PHYS_ADDR_SPACE_BITS, add a
a runtime function to correctly represent the size of the physical
address space for EV4-6 based on the current CPU version.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Anton Johansson <anjo@rev.ng>
Message-ID: <20260112-phys_addr-v3-1-5f90fdb4015f@rev.ng>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
In preparation of removing the cpu_ldl_code wrapper, inline it.
Use the return address argument.
Since Alpha instructions are always stored in little-endian
order, replace MO_TE -> MO_LE.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260106155755.53646-4-philmd@linaro.org>
The Alpha architecture uses little endianness. Directly
use the little-endian LD/ST API.
Mechanical change running:
$ for a in uw w l q; do \
sed -i -e "s/ld${a}_p(/ld${a}_le_p(/" \
$(git grep -wlE '(ld|st)u?[wlq]_p' hw/alpha/);
done
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260106155755.53646-2-philmd@linaro.org>
As we are moving toward a single binary, targets might end
without any target-specific objects (all objects being in
the 'common' source set). Allow this by checking the
target_system_arch[] dictionary contains the target key
before using it.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20260106235333.22752-2-philmd@linaro.org>
When a variable size is known, prefer the address_space_ld/st()
API. Keep address_space_read/write() for blobs.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260109165058.59144-23-philmd@linaro.org>
X86 in/out port (related to ISA bus) uses little endianness:
- enforce little endianness in x86 cpu_in/out() accessors,
- serialize QTest in/out port accesses as little-endian.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260109165058.59144-22-philmd@linaro.org>
As its name suggests, address_space_stq_internal() is an
internal method which can be inlined like all the other
ones in this file.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260109165058.59144-7-philmd@linaro.org>
We have 115 direct inclusions of "system/memory.h", and 91 headers
in include/ use it: hundreds of files have to process it.
However only one single header really uses the MemoryRegionCache
API: "hw/virtio/virtio-access.h". Split it out to a new header,
avoiding processing unused inlined functions hundreds of times.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260109165058.59144-6-philmd@linaro.org>
Defining DEBUG_SUBPAGE allows to use raw printf() statements to
print information about some events; convert these to tracepoints.
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260109165058.59144-5-philmd@linaro.org>
leul_to_cpu() is only used within physmem.c: inline it
and remove.
Since @bitmap is of 'unsigned long' type, use its size
with ldn_le_p() instead of using HOST_LONG_BITS.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260109165058.59144-4-philmd@linaro.org>
None of these files use API declared in "qemu/bswap.h",
remove the unnecessary inclusion.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260109164742.58041-2-philmd@linaro.org>
Since these headers use some __builtin_bswap*(), use it
consistently in all the cases, allowing to remove the
"qemu/bswap.h" inclusion (which only defines bswap* to
the builtin equivalent).
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260109164742.58041-5-philmd@linaro.org>
The update to Python 3.13 causes meson configuration to fail, see e.g.:
https://gitlab.com/qemu-project/qemu/-/jobs/12672816538#L397
meson.build:1:0: ERROR: prefix value '/qemu' must be an absolute path
This is https://github.com/mesonbuild/meson/issues/14303. Remove the
prefix='/qemu' line in configs/meson/windows.txt, since commit d17f305a26
("configure: use a platform-neutral prefix", 2020-09-30) says that the
NSIS installer doesn't care.
Cc: qemu-stable@nongnu.org
Cc: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260112160736.1028280-1-pbonzini@redhat.com>
* update copyright year to 2026
* Some more universal-binary work for the s390x code done by Philippe
* Fix reverse debugging for s390x and add a functional test for it
-----BEGIN PGP SIGNATURE-----
iQJFBAABCgAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmlk81cRHHRodXRoQHJl
ZGhhdC5jb20ACgkQLtnXdP5wLbWxhxAAlvaTwC7trSsFY3sTMwenG0GHfg0M840H
vYXHm69uHigT4IyC2pXOjCN0Yq9zujCymtUIWOKY8l+Hx/x5tgi5fKhOXqqZBhJP
KyBKZqJx3cVZC54qlNWF0vxSYCi32wi6xQmVlMYtbBZPfbMfY1Vi55PAknpXCWjv
YfBB72LQhS3uPBLOi2Dg3mkGq9+cqHoAVCDVguOBx0N4SdkotvbKrG4XOhFfzjVu
VrLgwF2LBLQzlU2JZ/b2u1IOSju67c0qW29dx86p5n6JZdLqNhsOjQ81ToHpQML2
S/X2Nv0uyZTSzjdriBvkyOnM6L35wpZ2qyPrRekfnwzUNKEyHN9b+WTqAZdvCrm1
eKrs87HQ7u3XUu3lR43fFCVlAgpstsF2I9UyyiMMEqGlKAjllDzgy7U3SYaP04Zm
pgv7cLt1jgh5GoLB7TC/XRdy1P7Ya1cZ76tL2Uj93CF4w7E2vtHtVzCA6YQk9kVJ
jn9pxjYXw/qsoQgM2Ze7UI/d5MYqVHVPK83T5natq1sXf9ardmf2OGQWLrp1JaUl
O8xeVpMR08tElxPlcEL+3zd5YAw4QrNJ9D7GhfJQWKOgnOkT/4Kslcyqp8wLP4/D
oeNVrv/aEXA8Lf+ozHyIEejmmWJnmgHlAnfL+wi9KV1JzWAsskg5ClR8G3ZzAa69
CUnS7mOSnsw=
=N/we
-----END PGP SIGNATURE-----
Merge tag 'pull-request-2026-01-12' of https://gitlab.com/thuth/qemu into staging
* Check functional tests with pylint
* update copyright year to 2026
* Some more universal-binary work for the s390x code done by Philippe
* Fix reverse debugging for s390x and add a functional test for it
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCgAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmlk81cRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbWxhxAAlvaTwC7trSsFY3sTMwenG0GHfg0M840H
# vYXHm69uHigT4IyC2pXOjCN0Yq9zujCymtUIWOKY8l+Hx/x5tgi5fKhOXqqZBhJP
# KyBKZqJx3cVZC54qlNWF0vxSYCi32wi6xQmVlMYtbBZPfbMfY1Vi55PAknpXCWjv
# YfBB72LQhS3uPBLOi2Dg3mkGq9+cqHoAVCDVguOBx0N4SdkotvbKrG4XOhFfzjVu
# VrLgwF2LBLQzlU2JZ/b2u1IOSju67c0qW29dx86p5n6JZdLqNhsOjQ81ToHpQML2
# S/X2Nv0uyZTSzjdriBvkyOnM6L35wpZ2qyPrRekfnwzUNKEyHN9b+WTqAZdvCrm1
# eKrs87HQ7u3XUu3lR43fFCVlAgpstsF2I9UyyiMMEqGlKAjllDzgy7U3SYaP04Zm
# pgv7cLt1jgh5GoLB7TC/XRdy1P7Ya1cZ76tL2Uj93CF4w7E2vtHtVzCA6YQk9kVJ
# jn9pxjYXw/qsoQgM2Ze7UI/d5MYqVHVPK83T5natq1sXf9ardmf2OGQWLrp1JaUl
# O8xeVpMR08tElxPlcEL+3zd5YAw4QrNJ9D7GhfJQWKOgnOkT/4Kslcyqp8wLP4/D
# oeNVrv/aEXA8Lf+ozHyIEejmmWJnmgHlAnfL+wi9KV1JzWAsskg5ClR8G3ZzAa69
# CUnS7mOSnsw=
# =N/we
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 13 Jan 2026 12:12:55 AM AEDT
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [unknown]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [unknown]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2026-01-12' of https://gitlab.com/thuth/qemu:
tests/functional/s390x: Add reverse debugging test for s390x
target/s390x: Fix infinite loop during replay
target/s390x: Un-inline s390_is_pv()
target/s390x: Simplify S390_ADAPTER_SUPPRESSIBLE definition
target/s390x: Remove unused 'gdbstub/helpers.h' header in helper.c
target/s390x: Replace target_ulong -> uint64_t in gdb_write_register()
target/s390x: Use vaddr for $pc in get_next_pc()
target/s390x: Restrict WatchPoint API to TCG
docs: update copyright year to 2026
tests/functional: Add a generic test that checks the files with pylint
tests/functional/aarch64/test_smmu: Silence warning from pylint
tests/functional/aarch64/test_virt_gpu: Fix style issues
tests/functional/ppc64/test_hv: Silence warnings reported by pylint
tests/functional/mips/test_malta: Silence warnings reported by pylint
tests/functional: Add a pylintrc file
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
- Snapshot support for several ppc devices
- Migration fix and OS level migration test for pseries
- Minor code cleanups
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEa4EM1tK+EPOIPSFCRUTplPnWj7sFAmlky2YACgkQRUTplPnW
j7vXUg/8Dx/nsygeDspmhlmvqEWjyXm3fjIGnyCtSZWSkDkhh1x+uc0khFLuG8in
1Ep2D4qkGDBrdv079WzDKJDhgH21gTApA92xUsJFof2LLgN+MZOgi2Im6wR+Prtr
EddB7jJ062fDDyMQWBdg+9jkl0+xuj+JE5JXPbXV0Fqu+t3rVJvn7c1b3uRXRrC9
hgiss0xgTpXdVGnVjsQYLr3+iJ5Qcd7+6UhtRzTgv7S02IJRjpVoHSayBnKmzG9r
eLqQMykyqU8drmQUruTk1nM2PRbaGTuRO+Swcld7SgqxOxxYIXD72f89B94kZKqM
qZKv/C03EP30wS7/zJMwWsIEuXKM/oUwXl4i5C5eRUIa637VjcFEhuj0fCd8qxmz
mUp6tVTYaGESpWUJA9TLZOkvLO9c4gumbTWa5valYeRWCLdXFQZgDg0wrwu7SL5M
vdzKdnTMozkkKIY0W2Gk5j6E6aHpcGvNxREGrtI1BEUGKtGVzPjMHZmYDormSLIz
lvgZj7JEncjkGv6uIYKMv1tT7Cbo2YxoGRWbx59PWpK9Ekl8307BMi2OtPYqZm7N
CKS0lK+OM8CUP7Ao4nwxzH+T6X+C88Ivjt31sS25ixdUK6+Wy8tCEK2XCwA8gxjH
QuBMDYMoAWgZ+mQITNy+HrqM1TBI8a4PiF9DjX2xj3sdyBd67F8=
=2zBL
-----END PGP SIGNATURE-----
Merge tag 'pull-ppc-for-11.0-20260112' of https://gitlab.com/harshpb/qemu into staging
First PPC PR for 11.0
- Snapshot support for several ppc devices
- Migration fix and OS level migration test for pseries
- Minor code cleanups
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEa4EM1tK+EPOIPSFCRUTplPnWj7sFAmlky2YACgkQRUTplPnW
# j7vXUg/8Dx/nsygeDspmhlmvqEWjyXm3fjIGnyCtSZWSkDkhh1x+uc0khFLuG8in
# 1Ep2D4qkGDBrdv079WzDKJDhgH21gTApA92xUsJFof2LLgN+MZOgi2Im6wR+Prtr
# EddB7jJ062fDDyMQWBdg+9jkl0+xuj+JE5JXPbXV0Fqu+t3rVJvn7c1b3uRXRrC9
# hgiss0xgTpXdVGnVjsQYLr3+iJ5Qcd7+6UhtRzTgv7S02IJRjpVoHSayBnKmzG9r
# eLqQMykyqU8drmQUruTk1nM2PRbaGTuRO+Swcld7SgqxOxxYIXD72f89B94kZKqM
# qZKv/C03EP30wS7/zJMwWsIEuXKM/oUwXl4i5C5eRUIa637VjcFEhuj0fCd8qxmz
# mUp6tVTYaGESpWUJA9TLZOkvLO9c4gumbTWa5valYeRWCLdXFQZgDg0wrwu7SL5M
# vdzKdnTMozkkKIY0W2Gk5j6E6aHpcGvNxREGrtI1BEUGKtGVzPjMHZmYDormSLIz
# lvgZj7JEncjkGv6uIYKMv1tT7Cbo2YxoGRWbx59PWpK9Ekl8307BMi2OtPYqZm7N
# CKS0lK+OM8CUP7Ao4nwxzH+T6X+C88Ivjt31sS25ixdUK6+Wy8tCEK2XCwA8gxjH
# QuBMDYMoAWgZ+mQITNy+HrqM1TBI8a4PiF9DjX2xj3sdyBd67F8=
# =2zBL
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 12 Jan 2026 09:22:30 PM AEDT
# gpg: using RSA key 6B810CD6D2BE10F3883D21424544E994F9D68FBB
# gpg: Good signature from "Harsh Prateek Bora <harsh.prateek.bora@gmail.com>" [undefined]
# gpg: aka "Harsh Prateek Bora <harshpb@linux.ibm.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6B81 0CD6 D2BE 10F3 883D 2142 4544 E994 F9D6 8FBB
* tag 'pull-ppc-for-11.0-20260112' of https://gitlab.com/harshpb/qemu:
tests/functional: Add a OS level migration test for pseries
target/ppc: Fix env->quiesced migration
hw/ppc: Add VMSTATE information to PnvPsi
hw/ppc: pnv_chiptod.c add vmstate support
hw/ppc: pnv_core.c add vmstate support
hw/ppc: pnv_adu.c added vmstate support
hw/ppc: Add pnv_i2c vmstate support
hw/ppc: Add pnv_spi vmstate support
hw/ppc: Add VMSTATE information for LPC model
target/ppc/kvm : Use macro names instead of hardcoded constants as return values
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQQNhkKjomWfgLCz0aQfewwSUazn0QUCaWSdwgAKCRAfewwSUazn
0cwwAQC4xgK0x98Z10yoMfuIz5FfDq1onrFC7rd5k0K7pLgsywEA1NrLtW/lSy6Z
xlgaus/3reiDz+zEOeBQPLibVIVQSA0=
=8ksY
-----END PGP SIGNATURE-----
Merge tag 'pull-loongarch-20260112' of https://github.com/bibo-mao/qemu into staging
loongarch queue
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQNhkKjomWfgLCz0aQfewwSUazn0QUCaWSdwgAKCRAfewwSUazn
# 0cwwAQC4xgK0x98Z10yoMfuIz5FfDq1onrFC7rd5k0K7pLgsywEA1NrLtW/lSy6Z
# xlgaus/3reiDz+zEOeBQPLibVIVQSA0=
# =8ksY
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 12 Jan 2026 06:07:46 PM AEDT
# gpg: using EDDSA key 0D8642A3A2659F80B0B3D1A41F7B0C1251ACE7D1
# gpg: Good signature from "bibo mao <maobibo@loongson.cn>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 7044 3A00 19C0 E97A 31C7 13C4 8E86 8FB7 A176 9D4C
# Subkey fingerprint: 0D86 42A3 A265 9F80 B0B3 D1A4 1F7B 0C12 51AC E7D1
* tag 'pull-loongarch-20260112' of https://github.com/bibo-mao/qemu:
hw/loongarch/virt: Add property highmem-mmio-size with virt machine
hw/loongarch/virt: Add high MMIO support with GPEX host
hw/loongarch/virt: Add property highmem_mmio with virt machine
hw/loongarch/virt: Get PCI info from gpex config info
hw/loongarch/virt: Get irq number from gpex config info
hw/loongarch/virt: Add field gpex in LoongArchVirtMachineState
hw/loongarch/virt: Add field ram_end in LoongArchVirtMachineState
target/loongarch: Add PMU register dump support in KVM
target/loongarch: Call function loongarch_la464_init_csr() after realized
target/loongarch: Add PMU migration support in KVM mode
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Some CHK2 (Check Register Against Bounds) instructions, such as opcode
02FA, cause spurious illegal instruction exceptions, despite being valid
on Motorola MC68020 and later processors and used in existing software.
With this patch, QEMU:
- Translates CHK2 and CMP2 (Compare Register Against Bounds)
instructions [1] having any valid size or effective address. CHK2 and
CMP2 use the same opcodes but differ in bit 11 of the extension word.
(BITREV or BYTEREV instructions for ColdFire family processors [2],
which use similar opcodes, are not captured, however.)
- Implements CMP2, which "is identical to CHK2 except that it sets
condition codes rather than taking an exception" [1].
- Populates the correct "logical address of the instruction following
the instruction that caused the trap" [3] in the exception stack frame
for CHK and CHK2 exceptions, according to the number of words in the
instruction, including extension words, rather than default lengths.
An existing test for CHK2 is enabled, and tests are added for CHK, CHK2,
and CMP2.
References:
[1] Motorola M68000 Family Programmer's Reference Manual (M68000PM/AD),
Rev. 1, 1992, pages 4-72 to 4-73 and 4-82 to 4-83.
[2] Freescale Semiconductor, ColdFire Family Programmer's Reference Manual
(CFPRM), Rev. 3, 2005, pages 4-19 and 4-26.
[3] Motorola M68040 User's Manual (M68040UM/AD), 1993, page 8-8.
Signed-off-by: William Hooper <wsh@wshooper.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-ID: <20251222002634.61480-1-wsh@wshooper.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Base 68000 only supports word size.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: William Hooper <wsh@wshooper.org>
Message-ID: <20251227210250.411882-1-laurent@vivier.eu>
According to Programmer's Reference Manual, if Dc1 and Dc2 specify the
same data register and the comparison fails, memory operand 1 is stored
in the data register.
The current helpers wrote Dc1 then Dc2, leaving operand 2 in the shared
register.
Swap the writeback order for cas2w/cas2l so memory operand 1 wins.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251226213707.331741-1-laurent@vivier.eu>
We just have to make sure that we can set the endianness to big endian,
then we can also run this test on s390x.
Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251128133949.181828-1-thuth@redhat.com>
Replaying even trivial s390x kernels hangs, because:
- cpu_post_load() fires the TOD timer immediately.
- s390_tod_load() schedules work for firing the TOD timer.
- If rr loop sees work and then timer, we get one timer expiration.
- If rr loop sees timer and then work, we get two timer expirations.
- Record and replay may diverge due to this race.
- In this particular case divergence makes replay loop spin: it sees that
TOD timer has expired, but cannot invoke its callback, because there
is no recorded CHECKPOINT_CLOCK_VIRTUAL.
- The order in which rr loop sees work and timer depends on whether
and when rr loop wakes up during load_snapshot().
- rr loop may wake up after the main thread kicks the CPU and drops
the BQL, which may happen if it calls, e.g., qemu_cond_wait_bql().
Firing TOD timer twice is duplicate work, but it was introduced
intentionally in commit 7c12f710ba ("s390x/tcg: rearm the CKC timer
during migration") in order to avoid dependency on migration order.
The key culprits here are timers that are armed ready expired. They
break the ordering between timers and CPU work, because they are not
constrained by instruction execution, thus introducing non-determinism
and record-replay divergence.
Fix by converting such timer callbacks to CPU work. Also add TOD clock
updates to the save path, mirroring the load path, in order to have the
same CHECKPOINT_CLOCK_VIRTUAL during recording and replaying.
Link: https://lore.kernel.org/qemu-devel/20251128133949.181828-1-thuth@redhat.com/
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251201215514.1751994-1-iii@linux.ibm.com>
[thuth: Add SPDX license identifiers to the new stubs files]
Signed-off-by: Thomas Huth <thuth@redhat.com>
Inlining a method which use a static variable is really a
bad idea, as it totally defeats the point of both concepts.
Currently we have 12 + 4 = 16 static 'ccw' variables...:
$ git grep -wl target/s390x/kvm/pv.h | fgrep .h
hw/s390x/ipl.h
$ git grep -wl target/s390x/kvm/pv.h | fgrep .c | wc -l
12
$ git grep -wl hw/s390x/ipl.h | fgrep .c | wc -l
4
Fixes: c3347ed0d2 ("s390x: protvirt: Support unpack facility")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260107130807.69870-16-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Commit 1497c16066 ("s390x: add flags field for registering I/O
adapter") defined S390_ADAPTER_SUPPRESSIBLE twice, one when
KVM is available and another when it isn't. However both
definitions expand to the same value. Unify them, adding an
extra safety check in KVM-specific file.
This allows removing the target-specific 'CONFIG_KVM'
definition in "cpu.h".
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260107130807.69870-15-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
"gdbstub/helpers.h" uses target-specific symbols, but we don't
need it, so remove it.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260107130807.69870-6-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
On s390x target_ulong expands to uint64_t. Besides,
ldq_be_p() returns a uint64_t type. Use that instead.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260107130807.69870-5-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
DisasContextBase::pc_next is of vaddr type.
Since translator_lduw_end() returns a uint16_t,
also use that type for clarity.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260107130807.69870-4-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
By inverting the 'tcg_enabled()' check in s390_cpu_set_psw()
we can let the compiler elide the s390_cpu_recompute_watchpoints()
call when TCG is not available. Move this function -- along with
s390x_cpu_debug_excp_handler() which was introduced in the same
commit 311918b979 ("target-s390x: PER storage-alteration event
support") -- to a TCG specific file to avoid compiling dead code
on KVM. This restricts the WatchPoint API calls to TCG.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260107130807.69870-2-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
We are already in 2026. Update docs to update copyright info to year 2026.
Cc: peter.maydell@linaro.org
Cc: qemu-trivial@nongnu.org
Signed-off-by: Ani Sinha <anisinha@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20260107045250.34420-1-anisinha@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
To avoid that new pylint-related warnings get committed, let's check
the files with pylint during each run (similar to what we are doing
for the iotests already).
Message-Id: <20251119082636.43286-16-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Pylint thinks that the accel variable might be used here without
being set first, since it does not know that skipTest() never
returns. Thus initialize "accel = None" here to make it happy.
Message-Id: <20251119082636.43286-14-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reshuffle the import statements according to the suggestions from pylint,
use lowercase letters for variable names, and drop some spaces that flake8
did not like.
Message-Id: <20251119082636.43286-12-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
To make pylint happy here, remove unused variables, switch to f-string,
use "check=True" when calling subprocess.run() and split a line that was
too long.
Message-Id: <20251119082636.43286-7-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Pylint complains about too many positional arguments for the
mips_check_wheezy() function. Add a "*" to enforce that the later
ones are passed with an argument name (all calling sites are doing
this already).
Also turn some old-school format strings into proper f-strings now.
Message-Id: <20251119082636.43286-6-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Add a pylintrc file that can be used for checking the python code of
the functional tests. For the beginning, we use some rather lax settings.
We still can refine them later if we think that there's a need for it.
Message-Id: <20251119082636.43286-2-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
There's currently no OS level test for ppc64le. Add one such test by
reusing the boot level tests that are already present.
The test boots the source machine, waits for it to reach a mid-boot
message, migrates and checks that the destination has reached the
final boot message (VFS error due to no disk).
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/qemu-devel/20260109123519.28703-3-farosas@suse.de
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
The commit referenced (from QEMU 10.0) has changed the way the pseries
machine marks a cpu as quiesced. Previously, the cpu->halted value
from QEMU common cpu code was (incorrectly) used. With the fix, the
env->quiesced variable starts being used, which improves on the
original situation, but also causes a side effect after migration:
The env->quiesced is set at reset and never migrated, which causes the
destination QEMU to stop delivering interrupts and hang the machine.
To fix the issue from this point on, start migrating the env->quiesced
value.
For QEMU versions < 10.0, sending the new element on the stream would
cause migration to be aborted, so add the appropriate compatibility
property to omit the new subsection.
Independently of this patch, all migrations from QEMU versions < 10.0
would result in a hang since the older QEMU never migrates
env->quiesced. This is bad because it leaves machines already running
on the old QEMU without a migration path into newer versions.
As a workaround, use a few heuristics to infer the new value of
env->quiesced based on cpu->halted, LPCR and PSSCR bits that are
usually set/cleared along with quiesced.
Note that this was tested with -cpu power9 and -machine ic-mode=xive
due to another bug affecting migration of XICS guests. Tested both
forward and backward migration and savevm/loadvm from 9.2 and 10.0.
Also tested loadvm of a savevm image that contains a mix of cpus both
halted and not halted.
Reported-by: Fabian Vogt <fvogt@suse.de>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3079
Fixes: fb802acdc8 ("ppc/spapr: Fix RTAS stopped state")
Acked-by: Chinmay Rath <rathc@linux.ibm.com>
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/qemu-devel/20260109123519.28703-2-farosas@suse.de
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
The default high mmio size of GPEX PCIE host controller is 64G bytes on
virt machine. If it does not meet requirements with some pass-throught HW
devices in future, it can be adjust dynamically, here adds property
highmem-mmio-size to set high mmio size.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
With high MMIO supported, its base address comes from high end of
physical address space. Also add high MMIO support with GPEX host bridge.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
On LoongArch Virt Machine, MMIO region with GPEX host bridge is
0x40000000 -- 0x7FFFFFFF. The total size is 1G bytes and it is enough
for emulated virtio devices basically.
However on some conditions such as hostmem is added with virtio-gpu
device, the command line is -device virtio-gpu-gl,hostmem=4G. The
PCIE MMIO region is not enough, 64-bit high MMIO region is required.
Here add property highmem_mmio with virt machine, however it brings
out incompatible issue. Here the default value is false.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Philippe Mathieu-Daudé
Anton Johansson
Paolo Bonzini
Richard Henderson
William Hooper
Laurent Vivier
Thomas Huth
Ilya Leoshkevich
Ani Sinha
Fabiano Rosas
Bibo Mao