From nobody Thu Apr 2 02:50:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1774871461; cv=none; d=zohomail.com; s=zohoarc; b=lVu1U39ih1+UC0YRL3h1TzmISa0A4ds/fRGNIeAsgwKu1nauXXqJWOuuq7yoFLNtixJbpK6jS5W81iuaeUkDz7zcsUTn0XVozSEe3rvpLO8tFFzVPBffCtYS47fEpIFN9Gt4Of46F5j9BiOtD+MfIPYe3uXqtDfWjcZcPcC+4Bw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774871461; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=4x2nEljhP4GBRpi+aWlvnI5jZW7bysIFD+mCf4NR8SU=; b=FFs7Sz0OgOQCyGb4nXBH+zLOR/wlIvs+sHD/QF90QQmeZ61rLDiaHmm1jXw3g38h8FYRcr2pYb6Bu/EavBIK3t1/RvPjcc0y7lwcS/cCookAF2Dzg6eUpu63jCoeJBOXNvbBgzrv1dAknT/n6WIxIf3fBM9psqI9ekL9kNcXm6g= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1774871461968440.81897766690395; Mon, 30 Mar 2026 04:51:01 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7B8b-00030F-SV; Mon, 30 Mar 2026 07:50:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8V-0002qN-4V for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:27 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8S-0005uD-OR for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:26 -0400 Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-404-jZDT2V4SN829-9ox_zGCQg-1; Mon, 30 Mar 2026 07:50:22 -0400 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-486fe36cf73so33473365e9.1 for ; Mon, 30 Mar 2026 04:50:22 -0700 (PDT) Received: from [192.168.10.48] ([151.49.85.67]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48730688605sm283026285e9.10.2026.03.30.04.50.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 04:50:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774871424; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4x2nEljhP4GBRpi+aWlvnI5jZW7bysIFD+mCf4NR8SU=; b=Zq9MYUxXKRphXL6UxsMRcsCyhpu0T8Ar2T/wHCRjDzPYQUnZE5HIBZOsCMuUEmfLJp6SSX fOdJjo8Ccjt19FAysGEVvHYz/3Gjo/EvflRHYBbHGvLkJky3SmqcXEFjvTBrxTHGykxFAM OxvY4PFlyXRaK22ICW708a2ztGuadms= X-MC-Unique: jZDT2V4SN829-9ox_zGCQg-1 X-Mimecast-MFC-AGG-ID: jZDT2V4SN829-9ox_zGCQg_1774871421 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1774871420; x=1775476220; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4x2nEljhP4GBRpi+aWlvnI5jZW7bysIFD+mCf4NR8SU=; b=OqxUgRmmoK726ycInFFXbuMTZpxFFH05PULCdvmezA2qcFP/x+4ygl0K6eYnlJOOpE 8NuH2QblGdyYdwP93aFtX+nOXx8n1lsHnQuGaSvRCA7CbHLMqVOyEiGIrB8tlaR1VNSe 5bQa52W2mNDuZ2zXLF3m2uZJ5ifs8uYtqshTRqsY//wXYXgvq4Y9yoj5L66AC9enFe+F GVtCBj4sUSq/zhW4YYVM46rf+Tg70yNgLBcKJFfx0f6HA8gu/CRh2MMuSSihEk8YVmtb sLhZv659KQVMxzwGSo41jw3WXRFb4DBFneEgAxc8ibPHJb3lWbYIIdCMnVhcmCLatKKK 6fkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774871420; x=1775476220; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=4x2nEljhP4GBRpi+aWlvnI5jZW7bysIFD+mCf4NR8SU=; b=F9O4AkyA2rFOYH0qs/g0AOrdUOj2NRIaYjOOe3udOb7gWIwuGfkeloaYTEwrDkZ4FB b49Zqe3GtyX25U1CtjIErPJBnLT+FMvzjJmrD1RFhX7lFs+DzGOCDdPG8M0AWrZiJ2Lj Hh75XhPksu2nsFPUnLp0MvzfuqVpsiPmmygL23OOtTbAUH0ngwO1lfjH6OoSz2Ljy3i6 7TLMiyzftZmr0sDsTY8yq+2TIS+d3yGpX/joHcPUxIF51NuZLeM4yaPj7VdsMlLwd1Qm eJbfmm6XcAj/Qx1zwz60AL8xSLrX1HU2gwXfaj0nPiBqF3+UE0EdX0AQOPkViLnfDtKO DvQA== X-Gm-Message-State: AOJu0YwXLxksVbpMcmz2s6FMgCnTEceBHNQeQhYaoxKHb+uvQBxmO1Im nMvmuaKc+6CO5B+ZM5BqBoHyjRGqGP9XC6oCUVHAjjO0wjnY6YEUmzzYL39TRMXmHO3OV7LQtJ8 OXodENFVmEGI4ackDkz7Ljq7+lenbg45B2nJm8mVYdT1sNOL1Up50Njp874l5nsZI+nTOOvKAfo HnaLnbXM+1YJXQmkf9UqWnAoSWso2ln7WWnfWf8x68 X-Gm-Gg: ATEYQzxh34w30dljNluty/lVKsjqvKsAc3el1JJ0ZSDRi512GTfgRxmKkwnF5QrMkP3 DwQCr+4L3xksTUNO2pVlwQuLbIIITckEn/2AVqHG3kvEj5Tvf3zPIgRiAJK5pdqp2r68MJnJLN5 VdnV6drS2VelyJdoN0iE389CsYKLgstuF4ZE/EMH48hpLACsYVx9zdDQufctD9Gi8wPJ1U/l9ur Ko5MNiLwTkhJk/S5lRt2X2KCpA2Ye1NiDIgV9NYfq1rKNiw24AOF2mwHH3EEvMjlDxvt/DAEzNT iWtisl2G1/AB8qazaZYbySJOOdbHgzV+so6Jys0AdBVqpGmOgqs+XyrTV9az7iccvTTgUzO6Xvw tL1cOoCKwrDMgK82K/1EGZnewkS8y1VOGXWsAJtc+WwElPQeHw1i21Il12AHvpRofObERJ6NyPs n38FpVmLBvrEzFSMKMKKw+q/wD X-Received: by 2002:a05:600c:4e08:b0:485:363b:fafe with SMTP id 5b1f17b1804b1-48727d5e971mr219190425e9.1.1774871420226; Mon, 30 Mar 2026 04:50:20 -0700 (PDT) X-Received: by 2002:a05:600c:4e08:b0:485:363b:fafe with SMTP id 5b1f17b1804b1-48727d5e971mr219189785e9.1.1774871419685; Mon, 30 Mar 2026 04:50:19 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Mohamed Mediouni Subject: [PULL 01/12] meson.build: remove i386-softmmu WHPX support Date: Mon, 30 Mar 2026 13:50:05 +0200 Message-ID: <20260330115017.256211-2-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260330115017.256211-1-pbonzini@redhat.com> References: <20260330115017.256211-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -6 X-Spam_score: -0.7 X-Spam_bar: / X-Spam_report: (-0.7 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.54, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.01, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=1, RCVD_IN_VALIDITY_RPBL_BLOCKED=1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1774871463504158500 Content-Type: text/plain; charset="utf-8" From: Mohamed Mediouni target/i386/emulate is pretty much incompatible with i386-softmmu and fixing that doesn't look worthwhile given the binary unification goals... Signed-off-by: Mohamed Mediouni Link: https://lore.kernel.org/r/20260327011152.4126-2-mohamed@unpredictable= .fr Signed-off-by: Paolo Bonzini --- meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index d7c4095b395..407eef5b4ed 100644 --- a/meson.build +++ b/meson.build @@ -314,7 +314,7 @@ elif cpu =3D=3D 'x86_64' 'CONFIG_HVF': ['x86_64-softmmu'], 'CONFIG_NITRO': ['x86_64-softmmu'], 'CONFIG_NVMM': ['i386-softmmu', 'x86_64-softmmu'], - 'CONFIG_WHPX': ['i386-softmmu', 'x86_64-softmmu'], + 'CONFIG_WHPX': ['x86_64-softmmu'], 'CONFIG_MSHV': ['x86_64-softmmu'], } endif --=20 2.53.0 From nobody Thu Apr 2 02:50:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1774871482; cv=none; d=zohomail.com; s=zohoarc; b=bECPjxt0SrI4XocTL6cY53ZLPOUKVUg6/eRtpW00aOPzTE+GPb4Sfqg4T6SLUv6iLFJEO2yt+xInfEERUz6wWSmK9YOaDqs6jTuVQNw/LfefByg8278kxb4Ha3cyBbna3jyvtV9S3F9mbSCGs3kyHp3EcjKwCO+mVAuyqlB5GiA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774871482; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=SCS3jb8S1yuHlO3cPPXyP/0uPMB67ud4t/A4TbJfwUU=; b=BZZ1F9vES1+JGJOEynddmL1Wi3MDy/UcXS2oLbbbDajWrGTps3GY6OAkcPbBsjFpjEu1znDoaNHru2ToIgwJAjw05AVKTfe3ObJ5yh+nyJhKgVpyXRGqh4RlWUYYL8Jc0iA1FHyRSRUAEOSphsKcoIk30JLZyaxuvwK5HEqunFE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1774871482890911.3640493583125; Mon, 30 Mar 2026 04:51:22 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7B8d-00038A-Ao; Mon, 30 Mar 2026 07:50:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8Y-0002yk-D1 for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:31 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8W-0005ux-B8 for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:30 -0400 Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-78-Fc4Ne78WO0WU85WmykTATw-1; Mon, 30 Mar 2026 07:50:26 -0400 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-43d03db814eso369756f8f.2 for ; Mon, 30 Mar 2026 04:50:25 -0700 (PDT) Received: from [192.168.10.48] ([151.49.85.67]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43cf245f8a3sm19823302f8f.24.2026.03.30.04.50.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 04:50:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774871427; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SCS3jb8S1yuHlO3cPPXyP/0uPMB67ud4t/A4TbJfwUU=; b=Z52aiebZaY5ehrVyZeNxdKK67RU8Z/u9jXkhz06UY5bDEbUbmywiQ1q9O7pa/+Rw+vtCHP A1YdHEHMnKRh+0CXSig70ur0c84iTaFRBUZsKHA3GctTXqcKJ1EIYO+BhsAZoBFxqGozgZ nPbSgdP4S6OAHT7iuW5gMsj5WaO9m14= X-MC-Unique: Fc4Ne78WO0WU85WmykTATw-1 X-Mimecast-MFC-AGG-ID: Fc4Ne78WO0WU85WmykTATw_1774871425 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1774871424; x=1775476224; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SCS3jb8S1yuHlO3cPPXyP/0uPMB67ud4t/A4TbJfwUU=; b=sZy/aREsO+72j/HNsaEXVScpL+ZQdEUDDOX2YiaDamRnZju81BuhLHpno0jdkd/xjm IM4lzTHvXCBvEBx0zqN0dzSyIPaEFjpc4yw7E+wfSLx9XYtvazZvx/Tx2HVwkWTiDWzI tRz4/pNKP9oYapbJAcx/vSXO3RnOsXD0kE7FBnpAInDBoz2sB00NN/NqfPgFmIHYA8zQ ooVxeNVKbzHri16hK471n1K5LCqksXVT9luHND522vJ4qMrmAX81lU8NE6vHH2ii81Hp VlwABlCSQtZUy1bRPzFW0GWXuyyQD+KGyLr1DcU4S/Apo1CxdouqVZxRC5Yh7f/zAsD/ DMQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774871424; x=1775476224; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=SCS3jb8S1yuHlO3cPPXyP/0uPMB67ud4t/A4TbJfwUU=; b=X/nMX3TUA1HXdjsrnBzNOEINk0Da9BcL4lhdX4NoKcdokeK/eODScGAPDrXZEMJwSJ qXAH9WNQ7+Ve+6tdEGSxqp56txOtsfZG46Nyhkp6/znn/Zq+6Y2azQwUFx9Vag4iYz9/ DTAQbkqCzfBGHo+c67PqtvbVLK+mw61ZGnWp6qwikCt2Q4yMvjkgvxhAo3oHtgBWiHqj UBP4VyY3X61CbKmykGB3ng5TImExOQYEZWbvzwTtxH0Q7xPKsfJJ5ppyhs2ULth+MHXD uWMA5Duh6nC0t+mrGRlGndJM7ZyBBTdvsvuZVv9LOrongENmHG7pcsg/2cOmLFADDYy4 22sg== X-Gm-Message-State: AOJu0Ywx6U1utd1hyo2mxKOsF9o8o9LhKcGuMjelQ8nl605GwJCnPfzx Y9FdtcR5UijUQKfRJ4KV2sURo9Vaq52mlwKA4qOOkDkIlOgwPtaXmBTlrknBefcmz2kUrD8SsPQ jJTAO7XEFSXDAqo7ij8Ity+q/fsjmb8RIRLkCHXCOkydxgJShkCz7FUvn9lOMmcICx1Ucn84wB+ TJT6p2+eah8CX7/DEsde1W7Gy4ha7BED8OofCTbvun X-Gm-Gg: ATEYQzxOwt1zGDeH0fEDTIpnX3hjcb8aQThtcgpNnz8bbkWxJa3hBJlClyDKZyVKJJF 1Eerb+aAywNUG+NAIgFgtGzr3D9D1fOPktFJX33AUB52f+vqATKu6SuzyxK5KlH+3EOvcyaHalA uLr96LpEotuQ0Zpn1hWMzWrGpUSLS/VsfHWS/zcfb1U3hKfuCq6mI/wCHHdzYbxQyvFya3iWjhy lsqn3GsHLqJJfO2lpQcEPepaAn7gikSGaywWqSW4A9JG88CDli921f+hfci70xwQzUuB5RUAvv1 Ys1Hxcg1J4AKtPUylXqF1rVSYCLjmysv/JvQMVhbZbA99BvIEZXetIx7pQufM+syTqY4IHAIqUr +w1GHjoKXEybdaTaGfsCLsHJTSvBMBSbGqpeF/lNcDj/WBTc2+e8rOyhDD12FG6UX3i0JK0TBvd ZaHFmbqKhDh+vuund7pGOY5zBe X-Received: by 2002:a05:6000:430a:b0:43b:5022:804 with SMTP id ffacd0b85a97d-43b9e9ee7a9mr20493851f8f.29.1774871423763; Mon, 30 Mar 2026 04:50:23 -0700 (PDT) X-Received: by 2002:a05:6000:430a:b0:43b:5022:804 with SMTP id ffacd0b85a97d-43b9e9ee7a9mr20493760f8f.29.1774871423105; Mon, 30 Mar 2026 04:50:23 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Mohamed Mediouni Subject: [PULL 02/12] docs: add WHPX section with initial info Date: Mon, 30 Mar 2026 13:50:06 +0200 Message-ID: <20260330115017.256211-3-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260330115017.256211-1-pbonzini@redhat.com> References: <20260330115017.256211-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -6 X-Spam_score: -0.7 X-Spam_bar: / X-Spam_report: (-0.7 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.54, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.01, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=1, RCVD_IN_VALIDITY_RPBL_BLOCKED=1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1774871484311154100 Content-Type: text/plain; charset="utf-8" From: Mohamed Mediouni Signed-off-by: Mohamed Mediouni Link: https://lore.kernel.org/r/20260327011152.4126-3-mohamed@unpredictable= .fr Signed-off-by: Paolo Bonzini --- MAINTAINERS | 1 + docs/system/index.rst | 1 + docs/system/whpx.rst | 144 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 146 insertions(+) create mode 100644 docs/system/whpx.rst diff --git a/MAINTAINERS b/MAINTAINERS index cd8ba144506..eb7132e39d9 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -582,6 +582,7 @@ F: include/system/whpx.h F: include/system/whpx-accel-ops.h F: include/system/whpx-common.h F: include/system/whpx-internal.h +F: docs/system/whpx.rst =20 MSHV M: Magnus Kulke diff --git a/docs/system/index.rst b/docs/system/index.rst index bb948e2993c..4509630fa46 100644 --- a/docs/system/index.rst +++ b/docs/system/index.rst @@ -40,6 +40,7 @@ or Hypervisor.Framework. confidential-guest-support igvm nitro + whpx vm-templating sriov qemu-colo diff --git a/docs/system/whpx.rst b/docs/system/whpx.rst new file mode 100644 index 00000000000..3e1979028c9 --- /dev/null +++ b/docs/system/whpx.rst @@ -0,0 +1,144 @@ +Windows Hypervisor Platform +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D + +Windows Hypervisor Platform is the Windows API for use of +third-party virtual machine monitors with hardware acceleration +on Hyper-V. + +It's implemented on top of ``Vid``, which is itself implemented +on the same set of hypercalls as the ``mshv`` driver on Linux. + +WHPX is the name of the Windows Hypervisor Platform accelerator +backend in QEMU. It enables using QEMU with hardware acceleration +on both x86_64 and arm64 Windows machines. + +Prerequisites +------------- + +WHPX requires the Windows Hypervisor Platform feature to be installed. + +Installation +^^^^^^^^^^^^ +On client editions of Windows, that means installation through +Windows Features (``optionalfeatures.exe``). On server editions, +feature-based installation in Server Manager can be used. + +Alternatively, command line installation is also possible through: +``DISM /online /Enable-Feature /FeatureName:HypervisorPlatform /All`` + +Minimum OS version +^^^^^^^^^^^^^^^^^^ + +On x86_64, QEMU's Windows Hypervisor Platform backend is tested=20 +starting from Windows 10 version 2004. Earlier Windows 10 releases +*might* work but are not tested. + +On arm64, Windows 11 24H2 with the April 2025 optional updates +or May 2025 security updates is the minimum required release.=20 + +Prior releases of Windows 11 version 24H2 on ARM64 shipped=20 +with a pre-release version of the Windows Hypervisor Platform +API, which is not supported in QEMU. + +Quick Start +----------- + +Launching a virtual machine on x86_64 with WHPX acceleration:: + + $ qemu-system-x86_64.exe -accel whpx -M pc \ + -smp cores=3D2 -m 2G -device ich9-usb-ehci1 \ + -device usb-tablet -hda OS.qcow2 + +Launching a virtual machine on arm64 with WHPX acceleration:: + + $ qemu-system-aarch64.exe -accel whpx -M virt \ + -cpu host -smp cores=3D2 -m 2G \ + -bios edk2-aarch64-code.fd \ + -device ramfb -device nec-usb-xhci \ + -device usb-kbd -device usb-tablet \ + -hda OS.qcow2 + +On arm64, for non-Windows guests, ``-device virtio-gpu-pci`` provides +additional functionality compared to ``-device ramfb``, but is +incompatible with Windows's UEFI GOP implementation, which +expects a linear framebuffer to be available. + +Some tracing options +-------------------- + +x86_64 +^^^^^^ + +``-trace whpx_unsupported_msr_access`` can be used to log accesses +to undocumented MSRs. + +``-d invalid_mem`` allows to trace accesses to unmapped +GPAs. + +Known issues on x86_64 +---------------------- + +Guests using legacy VGA modes +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +In guests using VGA modes that QEMU doesn't pass through framebuffer +memory for, performance will be quite suboptimal. + +Workaround: for affected guests, use a more modern graphics mode. +Alternatively, use TCG to run those guests. + +Guests using MMX, SSE or AVX instructions for MMIO +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Currently, ``target/i386/emulate`` does not support guests that use +MMX, SSE or AVX instructions for access to MMIO memory ranges. + +Attempts to run such guests will result in an ``Unimplemented handler`` +warning for MMX and a failure to decode for newer instructions. + +``-M isapc`` +^^^^^^^^^^^^ + +``-M isapc`` doesn't disable the Hyper-V LAPIC on its own yet. To +be able to use that machine, use ``-accel whpx,hyperv=3Doff,kernel-irqchip= =3Doff``. + +However, in QEMU 11.0, the guest will still be a 64-bit x86 +ISA machine with all the corresponding CPUID leaves exposed. + +gdbstub +^^^^^^^ + +As save/restore of xsave state is not currently present, state +exposed through GDB will be incomplete. + +The same also applies to ``info registers``. + +``-cpu type`` ignored +^^^^^^^^^^^^^^^^^^^^^ + +In this release, -cpu is an ignored argument.=20 + +PIC interrupts on Windows 10 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +On Windows 10, a legacy PIC interrupt injected does not wake the guest +from an HLT when using the Hyper-V provided interrupt controller. + +This has been addressed in QEMU 11.0 on Windows 11 platforms but +functionality to make it available on Windows 10 isn't present. + +Workaround: for affected use cases, use ``-M kernel-irqchip=3Doff``. + +Known issues on Windows 11 +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Nested virtualisation-specific Hyper-V enlightenments are not +currently exposed. + +arm64 +----- + +ISA feature support +^^^^^^^^^^^^^^^^^^^ + +SVE and SME are not currently supported. --=20 2.53.0 From nobody Thu Apr 2 02:50:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1774871441; cv=none; d=zohomail.com; s=zohoarc; b=anVcXyfPQCbCGQ2OwRNa/4tvuvM89IK9TC5QzbLILQXnxvsOikYmdlrG4Skvyu6Dr125w4N471vLIaUsyelL9rG0zDHvYoZATaBxyY+YN/i4bFtLIo6H8yw9rZvjApODn8G8gKSpqSD1GLOk9DtvN8Qa4K/h2OVwfgHagEqRx08= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774871441; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=SofHkglzIlj7gRwriJoYpIXXE5BjbplBzBVQuvwtZxM=; b=lEWV71k2HDjB8pDbs++T71KrPK4y1UGHj9uE9/lAVsc93DzKuiCnvncnps9RN8jixaTgdIg8fXgBKmZn/FfEFoplSzF3P+5VYrC4gUvUbX1VQPt37ef3nKLtJL1ODoYB9tBw4773noNUv9Mhwjx7RqBxRsA45ateOZC56lWJHg4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1774871441481571.1130355126287; Mon, 30 Mar 2026 04:50:41 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7B8e-0003HO-OR; Mon, 30 Mar 2026 07:50:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8a-00032E-RJ for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:33 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8Z-0005vJ-0R for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:32 -0400 Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-422-Z8a-alT-PAOB_mHNIMl95A-1; Mon, 30 Mar 2026 07:50:29 -0400 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-43cf7e96d4cso1432316f8f.1 for ; Mon, 30 Mar 2026 04:50:29 -0700 (PDT) Received: from [192.168.10.48] ([151.49.85.67]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43cf21e2727sm20201581f8f.2.2026.03.30.04.50.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 04:50:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774871430; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SofHkglzIlj7gRwriJoYpIXXE5BjbplBzBVQuvwtZxM=; b=CIl4FmFyAfwSZu7ijckhpvqHQKKDhmdUvUopdDTowhDsMYa+BrHQp1tM2JtCtjdBPdMWdZ JNPR2nT5LMTZyri3nIGxiwgKx/eGXF6v1POgSSyJ6B1IMBV7MwU1FYz544NH+CyoSJxKjx Rr0AtyTFrlkRXHtlRwh8K+NPc3x9Nsg= X-MC-Unique: Z8a-alT-PAOB_mHNIMl95A-1 X-Mimecast-MFC-AGG-ID: Z8a-alT-PAOB_mHNIMl95A_1774871428 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1774871426; x=1775476226; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SofHkglzIlj7gRwriJoYpIXXE5BjbplBzBVQuvwtZxM=; b=rxqcLwROLmKiZe2nB+G62duAIVRnInSSSIw8Ban6Mwh4aCSIk0hDfM6OsGFb+QZPo+ kuw8UMAd+kfA1MVzjpQq6+QhtSUUQy2O4lDLu7kBBxk13rM8A++T8Im3IufVs+6kqEbg X/CYR0KV/KonGA6iJGoh7xxKbW5WlBlFuzo/debEPhc1RbkPUWjbztyzd1vMLGA1PggR 1WA5RRea921J8Uc3Ez27h6sAhEUWN0/E2myu5XTd1Qad5izvBCVTRV5K+Pc0ckqNcxgE yTN9NoHGz0GQ3vmPxk/WslLegFbtZ6p7A7ynx1f9bCzyMzS+QKjO84eQuZpOJX2OBnPJ Hrdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774871426; x=1775476226; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=SofHkglzIlj7gRwriJoYpIXXE5BjbplBzBVQuvwtZxM=; b=pu3nBOLxl/twx1Q6iIctw7BQZ2E+uyQ6XCSxokG/Jo43+mGinq9uMC5ZMV+EnGRLvo eqkGqNeUHpkLqfmJvC7bDtrHLs5ZcKp9q9FfCBu19n2KuIqBE4bgHVwoPT0ydbdpasKH ZaP6Iy5uKH3e95lZ0y8wUvyjg8aRdPkYXt573Q+XQed4t8MFch6kHgHufBXUGwxXPSkV xcEwiiI1sNpChZwA62C8swcL5AF8rVtDmYmA6ZiZ7Xz6YcGJm7mfDPeGqoSYQMBqEq+c fohEyh6irnlq+z5x5mtF0Lf4i9jw4tTjkZFfq80i3JpGHlKRxbqf5uEJoqVqRctjDBFj VI2w== X-Gm-Message-State: AOJu0YwsSiFY3logwhYyUIHaQ6vbK3lFeTm7Xii1rxDQ8k5/rNpXtBqV jvev0wYZzEmKFfOilyn+/Oy5hPFiWG1Smd6lrXASzQeB8NDLknK2ovwZ6a1dOfr9aaVDtNVyd30 KGwNWJlcwAnTeDUY+d/cXh90efvNoUZWqwL9q9fryofWr6E0ll9qL9sdVBgOq9GCyJp2KIGR28P 950oQJGvgaUNJRwpWEYhCB/vaIaEtVW2tTi8xhBqLr X-Gm-Gg: ATEYQzxRpiJh61EUxa09/biRCckaTsw+knqXeOUahXXDZNudH8aboyHI8wPLRUr3ziD wrBtUNTuT0WjgGyqLovYO2biMR1eIujmALort81rGIICJrfH8GZl0kqKqqW08doPyZ1W1v0aY/n vjHbCjXcZ+bwJHA1IbqSbgykamCwSMlqvyfT2TmLu3xfUwrc2yNyF42CbBpQhLG+aYDTM//kxr2 KiHs8WpZsUc/Ex+LZK+SLReDAO3ZpDnUY1gC0KXP81jPNW3BYQsKRc1GkzaxLjoO2qx8YMWpVq+ W8bopi1ha/bNQODRVpWTjzryq4ncyc7fqXnQptHf3S1BUHQAXXyFr24QZGer/8FiKN0IXFowPU5 WKjA3gll3a3WHa9R2dXRKEZ+7UwlP2jx4JcIDrCXBjfuQl3PxrUTIpC2VJTM+fGHFYpWbGWZfo8 19hk1Bs9wheAr00xGDKlMK/xmu X-Received: by 2002:a05:6000:268a:b0:43b:45da:f296 with SMTP id ffacd0b85a97d-43b9e987d45mr20423212f8f.11.1774871426284; Mon, 30 Mar 2026 04:50:26 -0700 (PDT) X-Received: by 2002:a05:6000:268a:b0:43b:45da:f296 with SMTP id ffacd0b85a97d-43b9e987d45mr20423138f8f.11.1774871425717; Mon, 30 Mar 2026 04:50:25 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Mohamed Mediouni , Pierrick Bouvier Subject: [PULL 03/12] whpx: i386: trace unsupported MSR accesses Date: Mon, 30 Mar 2026 13:50:07 +0200 Message-ID: <20260330115017.256211-4-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260330115017.256211-1-pbonzini@redhat.com> References: <20260330115017.256211-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -6 X-Spam_score: -0.7 X-Spam_bar: / X-Spam_report: (-0.7 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.54, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.01, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=1, RCVD_IN_VALIDITY_RPBL_BLOCKED=1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1774871443785154100 Content-Type: text/plain; charset="utf-8" From: Mohamed Mediouni Not actionable information for users, so stop having it displayed unconditionally. Signed-off-by: Mohamed Mediouni Reviewed-by: Pierrick Bouvier Link: https://lore.kernel.org/r/20260327011152.4126-4-mohamed@unpredictable= .fr Signed-off-by: Paolo Bonzini --- meson.build | 1 + target/i386/whpx/trace.h | 2 ++ target/i386/whpx/whpx-all.c | 5 +++-- target/i386/whpx/trace-events | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 target/i386/whpx/trace.h create mode 100644 target/i386/whpx/trace-events diff --git a/meson.build b/meson.build index 407eef5b4ed..daa58e46a3c 100644 --- a/meson.build +++ b/meson.build @@ -3687,6 +3687,7 @@ if have_system or have_user 'target/hppa', 'target/i386', 'target/i386/kvm', + 'target/i386/whpx', 'target/loongarch', 'target/mips/tcg', 'target/ppc', diff --git a/target/i386/whpx/trace.h b/target/i386/whpx/trace.h new file mode 100644 index 00000000000..b7c090deff3 --- /dev/null +++ b/target/i386/whpx/trace.h @@ -0,0 +1,2 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +#include "trace/trace-target_i386_whpx.h" diff --git a/target/i386/whpx/whpx-all.c b/target/i386/whpx/whpx-all.c index acae61e089d..e56ae2b3433 100644 --- a/target/i386/whpx/whpx-all.c +++ b/target/i386/whpx/whpx-all.c @@ -41,6 +41,7 @@ #include "emulate/x86_emu.h" #include "emulate/x86_flags.h" #include "emulate/x86_mmu.h" +#include "trace.h" =20 #include =20 @@ -1921,8 +1922,8 @@ int whpx_vcpu_run(CPUState *cpu) 1 : 3; =20 if (!is_known_msr) { - warn_report("WHPX: Unsupported MSR access (0x%x), IsWrite= =3D%i",=20 - vcpu->exit_ctx.MsrAccess.MsrNumber, vcpu->exit_ctx.MsrAcce= ss.AccessInfo.IsWrite); + trace_whpx_unsupported_msr_access(vcpu->exit_ctx.MsrAccess= .MsrNumber, + vcpu->exit_ctx.MsrAccess.AccessInfo.IsWrite); } =20 hr =3D whp_dispatch.WHvSetVirtualProcessorRegisters( diff --git a/target/i386/whpx/trace-events b/target/i386/whpx/trace-events new file mode 100644 index 00000000000..ebdfa34b281 --- /dev/null +++ b/target/i386/whpx/trace-events @@ -0,0 +1 @@ +whpx_unsupported_msr_access(uint32_t msr, int is_write) "WHPX: Unsupported= MSR access (0x%x), IsWrite=3D%i" --=20 2.53.0 From nobody Thu Apr 2 02:50:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1774871461; cv=none; d=zohomail.com; s=zohoarc; b=lL3zb4A9mTd+4qIG5ZKs4B2kuXCHWV53nZwPBNSmxxVCL6V501/qCz4YagBzbaf4iM69ghQPoXtBmxcKuyufDfvsRrC8MqIY0v9yBRdchedX8e2EasIl//dK16bv/5WROesOpnbbKAFphYgybVKJdwqHmxzXgDJJLIaf8L0i3d0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774871461; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=1KN1Ez0UFJRKSmYhQtmJ35yN2E12QY55k45i80KRaE8=; b=BprBED1oOGxM8sw3iCjQrolgTYnIizZb9RDdCl6b+cCCOJJ55mMYM953ZI/40VL6+KfX5X8XnO5c8x8IrBaH4INLG+vT0d8I3c2o7PLR8KC5GNty+TdXTf3EM5Zka1iR77dSzsgEQKoGIa+flQFmdY9A6D58DQkxa6FLlL1CQHk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1774871461294115.18776345205151; Mon, 30 Mar 2026 04:51:01 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7B8k-0003Sf-Tf; Mon, 30 Mar 2026 07:50:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8e-0003Gn-E5 for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:36 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8c-0005vj-8V for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:35 -0400 Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-178-76U1j0eDPNqdFpbiEz442A-1; Mon, 30 Mar 2026 07:50:31 -0400 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-43cfbe041b2so796136f8f.1 for ; Mon, 30 Mar 2026 04:50:31 -0700 (PDT) Received: from [192.168.10.48] ([151.49.85.67]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4873069961esm179811265e9.12.2026.03.30.04.50.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 04:50:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774871433; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1KN1Ez0UFJRKSmYhQtmJ35yN2E12QY55k45i80KRaE8=; b=IJM0UuB3+1nzI6bGZgjm5Wx+3hktqTFtiZ6RKe3rghAMiV1NGYd0tygYT700imZkuerW0t 0rkD+Mh8HMzdxHiGB5GpukMH2AlnF593RR4ijZmFBkMEQKtXHs16aXtWNLlVa8iOtzQMk7 gIdAy32nh9z4VR9wcivedg07QyA4AvU= X-MC-Unique: 76U1j0eDPNqdFpbiEz442A-1 X-Mimecast-MFC-AGG-ID: 76U1j0eDPNqdFpbiEz442A_1774871431 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1774871430; x=1775476230; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1KN1Ez0UFJRKSmYhQtmJ35yN2E12QY55k45i80KRaE8=; b=S/9oG5AAEc22ajOaWi399FCJFSWAz2droNsrv5QhcnzJXlpxTjRr1FRUyEUcco+GoQ 6FgyrhHElYiQw2B2/IK0uWPdIjxkBaXlDIstBulnZ5gFPtJkZAK8tnHxATnfOHhCZ8Z+ kIq0KcGQ/VvdMErEPRY6gOdZ6Zi0xZMMn5brxLcqqiiRKqAxE9NaT/+GACdEMM7JNzvu LiJ/xTfXcW8nAtlXuliMISci8c7gK6hnxTCDkXsWkHaVjVeYbeVSqfFjfHRRpFaF2o7q trSKGNTfWUR95RYWlbBoYc4AKJq0DSB/P721Iep7arHf8QN7hygbw+rJAkIEeZyQV+dI Ur9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774871430; x=1775476230; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=1KN1Ez0UFJRKSmYhQtmJ35yN2E12QY55k45i80KRaE8=; b=OmgP7bd4xYvVEgto4rKhoWVuqHh1qAP4RqD/6jWZ2vQfL+QduYcNeS67IawFKPaavY jxTnvgleaVNCUH7KWY/pojRXuShPlmx6QaJjy4vKtFij1niGhysP/JTxk1uU3CoA45v3 BnhmNeM/KZ4IqpkyFH7m1TWJvrT58XzCyvUwfTcpOEWgH1onlxuuS5C3OgYUiJN2vhIX O403Z0ytxZxnb4S8SQ2WSlkvMtT7qlUsFkmbH0dLjdesOcdZeOPw6O/VPY/Uf59LTiuZ ai3UhZmCnJW8NEB9XuJe3j77YiRvP10AMb6ucJEi8C8FeY2MhoJd+eYqlAtYKO1v+R77 aolw== X-Gm-Message-State: AOJu0YxLjaHhWrwYO7hDOsqbDXXNgmo4rTbGFwT78I5pYQaUFafoBf2Z W0xHhKBeEApw/gpfh5LDnjtwutJ3LGRGJzAWUb0YyYdAn6eeHvxDpDbxp8ziFpSh+e0JnBI8Qim zcLiTMzoh7eJ6WyX/fOOZVEcdXDnNdcBcB9kOmHBKWPzVuhPB5cAfYmQKTyXNDPmH4O3guykMgz 3HtHkUvrpPANLfS+YcmqLjdMHBcnuHO9daVVIrxNzo X-Gm-Gg: ATEYQzyMVHXU6VPDq42PccE+1bSbqZhVl3IWkIed2yB11Fb3GJRQMECVS+4CMAdggYg iKmWeA/0uZxUKDxftq99yBocL1LAmW2mV6oTEPXASy4Q5M9pPXcjJSpsC76myQG5j88rFOPJ3Op /BDox6ycBg4O3qX/X/+++EE8/G4ukHCwX3LXKHYASSh9+Vxx0OVwq5ivsgMh+BWXDUkYFq3yV7R VxVwWLhxbODAlMg/I756VwFL1Jn0hkp6do2/onVItQNYkeETm0JXN1MEn8ckesIdIZC0CeulpxM W+YF/26hlL/g9DxJnoJQMDbSnixisyd/UlyEpqroBFq/jqRxTvAOtTmUpDbird7VKaScKERYdAv LjQALAWhSFXGV0go2r+Qx3XbcFfGWoym66VUIITybO6PYPSESxVZuKH0nT4/BTqeE6cFh5t3sHG 9XdoFxsokfaSvynNkR3DxXItBY X-Received: by 2002:a05:600d:8402:b0:485:3428:774c with SMTP id 5b1f17b1804b1-487290b36b5mr125570745e9.4.1774871430066; Mon, 30 Mar 2026 04:50:30 -0700 (PDT) X-Received: by 2002:a05:600d:8402:b0:485:3428:774c with SMTP id 5b1f17b1804b1-487290b36b5mr125570385e9.4.1774871429550; Mon, 30 Mar 2026 04:50:29 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Mohamed Mediouni Subject: [PULL 04/12] target/i386: emulate: remove redundant logging for unmapped MMIO access Date: Mon, 30 Mar 2026 13:50:08 +0200 Message-ID: <20260330115017.256211-5-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260330115017.256211-1-pbonzini@redhat.com> References: <20260330115017.256211-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -6 X-Spam_score: -0.7 X-Spam_bar: / X-Spam_report: (-0.7 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.54, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.01, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=1, RCVD_IN_VALIDITY_RPBL_BLOCKED=1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1774871464092154100 Content-Type: text/plain; charset="utf-8" From: Mohamed Mediouni ReactOS's install ISO does a bunch of 4-byte accesses to 0xffdff124. This doesn't happen for the boot ISO. It looks to be an access relative to the Windows KPCR which is at 0xffdff000 but mistakenly done prior to paging being on... As this logging is redundant with -d invalid_mem, remove it. https://geoffchappell.com/studies/windows/km/ntoskrnl/inc/ntos/i386_x/kpcr.= htm Signed-off-by: Mohamed Mediouni Link: https://lore.kernel.org/r/20260327011152.4126-5-mohamed@unpredictable= .fr Signed-off-by: Paolo Bonzini --- target/i386/emulate/x86_mmu.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/target/i386/emulate/x86_mmu.c b/target/i386/emulate/x86_mmu.c index c69ae96acb7..007de582de9 100644 --- a/target/i386/emulate/x86_mmu.c +++ b/target/i386/emulate/x86_mmu.c @@ -21,7 +21,6 @@ #include "cpu.h" #include "system/address-spaces.h" #include "system/memory.h" -#include "qemu/error-report.h" #include "emulate/x86.h" #include "emulate/x86_emu.h" #include "emulate/x86_mmu.h" @@ -287,7 +286,6 @@ static MMUTranslateResult x86_write_mem_ex(CPUState *cp= u, void *data, target_ulo MEMTXATTRS_UNSPECIFIED, data, copy); =20 if (mem_tx_res =3D=3D MEMTX_DECODE_ERROR) { - warn_report("write to unmapped mmio region gpa=3D0x%" PRIx64 "= size=3D%i", gpa, bytes); return MMU_TRANSLATE_GPA_UNMAPPED; } else if (mem_tx_res =3D=3D MEMTX_ACCESS_ERROR) { return MMU_TRANSLATE_GPA_NO_WRITE_ACCESS; @@ -339,7 +337,6 @@ static MMUTranslateResult x86_read_mem_ex(CPUState *cpu= , void *data, target_ulon data, copy); =20 if (mem_tx_res =3D=3D MEMTX_DECODE_ERROR) { - warn_report("read from unmapped mmio region gpa=3D0x%" PRIx64 = " size=3D%i", gpa, bytes); return MMU_TRANSLATE_GPA_UNMAPPED; } else if (mem_tx_res =3D=3D MEMTX_ACCESS_ERROR) { return MMU_TRANSLATE_GPA_NO_READ_ACCESS; --=20 2.53.0 From nobody Thu Apr 2 02:50:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1774871499; cv=none; d=zohomail.com; s=zohoarc; b=TYLdOrJZ/hNRtFTNrqyzJcRVub408GOXPxBtXLbPiBk9Q45gqCK0XF/5QaieVrzwYwXrhLaJAeNlWSCj+3mPD2U5FpkntaWr8CsgMQ2x9EhzllgeJcJI2c+StXBiZKetlmTAI0+F0dlhe71n09gkg194Fs7wzM/NX3GdE1XmYr0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774871499; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=5fKt7A2FD1i1SFTtrZ6g0b8Qc8madY+JGGQ0SAw4LSg=; b=Peov8OSIXefF9X/JEQjcOtH9nmmypy9RhEZEAQQUcpQjQSCa7UUdItG6UFPNm0ML/1Ob/9AwNOrcNw0F+nAz/i84ajAeTyDFyd5H2OHr5yUKXIq6CGRXcv0ldRhNDACwsy6zvQjTEl7Nv9HxpFCd8KTGJWlidfv0/rqVxC6ouAk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1774871499364524.0972630050277; Mon, 30 Mar 2026 04:51:39 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7B97-0003bV-Ck; Mon, 30 Mar 2026 07:51:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8h-0003Rk-Uf for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:40 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8f-0005wP-VM for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:39 -0400 Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-269-Vno_V2PkOwyCRYN7gdjzEw-1; Mon, 30 Mar 2026 07:50:35 -0400 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-43cfc3bf7f6so1449277f8f.2 for ; Mon, 30 Mar 2026 04:50:35 -0700 (PDT) Received: from [192.168.10.48] ([151.49.85.67]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48727c0cdf6sm221937835e9.2.2026.03.30.04.50.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 04:50:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774871436; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5fKt7A2FD1i1SFTtrZ6g0b8Qc8madY+JGGQ0SAw4LSg=; b=GL6lC1BHccK6bWNl+fR1DlLwW+cdK2zcrIYDE/QaGinB83D7G5o0OI05b4HM2lC3LO239T xd4vtID+xu/oUAzoPfwlvAaVmCxdN7yDoPKuCBhKKNKzs8aNjlDZyorUJNtd14SFUMkidP rK5xBsgpkFOmy8N4nK62dLoVFwRiNRk= X-MC-Unique: Vno_V2PkOwyCRYN7gdjzEw-1 X-Mimecast-MFC-AGG-ID: Vno_V2PkOwyCRYN7gdjzEw_1774871435 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1774871433; x=1775476233; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5fKt7A2FD1i1SFTtrZ6g0b8Qc8madY+JGGQ0SAw4LSg=; b=Nw+H6iCTgyJxRyB1285wQaitr/8FF7t+KGxyutvLIGUaTmcQq9y+ijK3y1gltjfdD3 OKmCd7ALWzWgJCVPjMaLeGj9e//X1EyVcaxd76qcUiIDf5sFiCcKd4BdUTdYNyXvAchX lanYyEU5dQuImwgnGfTcb7PeQcQIsp925vBgUCru7/VB5+OR2CftwZCHgSRSQvAoNFAl aNDdrvLCrjKo4HKvAL96gehwbUf3kuyeJ3nW8PTX/hcpjwISWIB6/VVwOfsM/LFfFHPU HvUl5pac5tmc++ewV2mlrNj/akKIwFmQFViysWMUx5g5pH5KgIDXx+MqsOFyUliTh8+K jHQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774871433; x=1775476233; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=5fKt7A2FD1i1SFTtrZ6g0b8Qc8madY+JGGQ0SAw4LSg=; b=Mqm6DCu8KvZnvXx2dONzRUWwGw+NeM/57tVIAab21aH/lh/d0bkoKlilJK3mr+AP16 lzODYGf2rXbkzmQaJgFDcyolM+K1mC5xycLMRh69pZdLtHZUyzDkRi0G1OjML5O4RPX7 MslJ6vAyLg8zGeHDCTo6eFF1xxf7SgKLH/lYmBK5woYOn2EYrqKYZKc8Tn2b9uImlCki Y6+gz32tnOhwCtEb+kCnj/23FOlm/Xvu8EqxYpnhYgl+xpCUl7tONslcQwqTzdRWKw0S +8mly5RQZLzch03Q8lMJ8PsJuIxfq8DBmxXNdWAzE64uo1UsFw3HOBLNXjZvTkdCqoVh aWUQ== X-Gm-Message-State: AOJu0YxuQ9KrS61OD/SX6bHmhdMZ26WXznXemf0LzWf4qb6uMzVHLe7z KkZ2sK+DoTfa4mcRK7c/t8KXDNWYk+ggm6C+5scHckq9SnRpVj2QanKLtvpHkvUHJ3/mNzGQqZ8 9ieGJiSL2v/ZQe5INbjysjcNcIb7P07/9uNxwQrqNRMOXDtSFGV3fMkSHPGq1BW0ItZ8ZtZHEL9 sF3+eVPUMJZnDt4awEPDjH+O72k2JFWTbo9vhBIjM/ X-Gm-Gg: ATEYQzzuQqODn0aqb3JIGR+Iur+QrblnVqLf9EqDiBht1aNHnYAe8TQvBmZWHdTtW/6 g+JUm7pk5cEyVfwkT67BW2lGk9c6LYM9sNVvGPQWfInVensGhypG8aQxoxvlEXwST9QC5dK4fA0 AVJcmbb63MR3ruLm0WdlWeN9WrFEoTCMdLCGoPHpF4bBLNIrHR3A48GbaB314ooURx/TPzQLEml z7b9NzfwSSCgNLlx80475kWv6mK9ifAVWjfJsg8b0JOr6EYy+k8Es3H1uSXLa1bnXCBcUifZSNd sl2VsVmkj3nlftmC78k4NQmNb4kb4Jv1A06DXiQTwcTiG1iE3aDegx+yOZiJx9cS6OlISPw3nud V4Shvm1F6nZYgNWhn44otH8b/jhZ8VKdtT7s9Ysf4v3T2oFrxaz2NDSLmuuWLCfgsZcXrsOaP8I mtxl1iXOkQ+bHMYqcy0AGSrX5s X-Received: by 2002:a05:600c:1593:b0:485:3bc7:a231 with SMTP id 5b1f17b1804b1-487341a3df0mr70764595e9.29.1774871433294; Mon, 30 Mar 2026 04:50:33 -0700 (PDT) X-Received: by 2002:a05:600c:1593:b0:485:3bc7:a231 with SMTP id 5b1f17b1804b1-487341a3df0mr70764275e9.29.1774871432709; Mon, 30 Mar 2026 04:50:32 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: "Yuma Kurogome, Ricerca Security, Inc." Subject: [PULL 05/12] hpet: fix bounds check for s->timer[] Date: Mon, 30 Mar 2026 13:50:09 +0200 Message-ID: <20260330115017.256211-6-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260330115017.256211-1-pbonzini@redhat.com> References: <20260330115017.256211-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -5 X-Spam_score: -0.6 X-Spam_bar: / X-Spam_report: (-0.6 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.54, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=1, RCVD_IN_VALIDITY_RPBL_BLOCKED=1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1774871502446154100 Content-Type: text/plain; charset="utf-8" Fix an off-by-one issue in QEMU's HPET read and write MMIO handlers. Both handlers check timer_id > s->num_timers instead of timer_id >=3D s->num_timers, allowing a guest to access one timer beyond the valid range. The affected slot is initialized properly in hpet_realize, which goes through all HPET_MAX_TIMERS elements of the array, so even though it is not reset in hpet_reset() the bug does not cause any use of uninitialized host memory. Because of this, and also because (even though HPET_MAX_TIMERS is 32) the HPET only has room for 24 timers in its MMIO region, the bug has no security implications. Commit 869b0afa4fa ("rust/hpet: Drop BqlCell wrapper for num_timers", 2025-06-06) silently fixed the same bug in rust/hw/timer/hpet/src/device.rs. Reported-by: Yuma Kurogome, Ricerca Security, Inc. Signed-off-by: Paolo Bonzini --- hw/timer/hpet.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c index 767093c431a..42285cff762 100644 --- a/hw/timer/hpet.c +++ b/hw/timer/hpet.c @@ -464,13 +464,14 @@ static uint64_t hpet_ram_read(void *opaque, hwaddr ad= dr, } } else { uint8_t timer_id =3D (addr - 0x100) / 0x20; - HPETTimer *timer =3D &s->timer[timer_id]; + HPETTimer *timer; =20 - if (timer_id > s->num_timers) { + if (timer_id >=3D s->num_timers) { trace_hpet_timer_id_out_of_range(timer_id); return 0; } =20 + timer =3D &s->timer[timer_id]; switch (addr & 0x1f) { case HPET_TN_CFG: // including interrupt capabilities return timer->config >> shift; @@ -564,13 +565,15 @@ static void hpet_ram_write(void *opaque, hwaddr addr, } } else { uint8_t timer_id =3D (addr - 0x100) / 0x20; - HPETTimer *timer =3D &s->timer[timer_id]; + HPETTimer *timer; =20 trace_hpet_ram_write_timer_id(timer_id); - if (timer_id > s->num_timers) { + if (timer_id >=3D s->num_timers) { trace_hpet_timer_id_out_of_range(timer_id); return; } + + timer =3D &s->timer[timer_id]; switch (addr & 0x18) { case HPET_TN_CFG: trace_hpet_ram_write_tn_cfg(addr & 4); --=20 2.53.0 From nobody Thu Apr 2 02:50:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1774871603; cv=none; d=zohomail.com; s=zohoarc; b=GEFIIx6EI7FPajt2M80DT1sZRNHz/Eo7VjaB9glsfTKbh4ebhprIfxhcqzFVGuvnu2BKFvdiozcY3DaiQQwBuGNTCFxxD20u53QsYdR3sgABZc8oHwb/1TtQGxWeC6e2NCAAsSGH2PGj1zmjG96V+xQ4n7BnKI4ygWFdK2p4yT4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774871603; h=Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=nQN6BGEz2uMzaWLtnDgvxzEtfd2FYHTGxTkLOU4YzLs=; b=f2PdHXlniYI3lFpiHi4zNQnL0lK5lcoHnX9bZwvqT7ubanSOJKEH1Waptl+HuKcRGuIZfsObGElXuE9vBHDG3ziTcd7oeKoKUBvMr8fBMcJ77qLrPhzdozjU8EOX0BXZzbb8Tgxm3mw/6qtDDB1G/N+y5fgmDbMZ3Iv0ydsyoeU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1774871603061213.6139799426095; Mon, 30 Mar 2026 04:53:23 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7BAs-0005jA-8d; Mon, 30 Mar 2026 07:52:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8s-0003bi-2j for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:59 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8h-0005wT-30 for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:40 -0400 Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-147-76Xfui6XNB-bZilV6tSgVA-1; Mon, 30 Mar 2026 07:50:36 -0400 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-43cfe9aef60so796746f8f.3 for ; Mon, 30 Mar 2026 04:50:36 -0700 (PDT) Received: from [192.168.10.48] ([151.49.85.67]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43cf24707f2sm19331841f8f.26.2026.03.30.04.50.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 04:50:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774871438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nQN6BGEz2uMzaWLtnDgvxzEtfd2FYHTGxTkLOU4YzLs=; b=edm1RASeyoHcRT6G+QtOYrO9Rf34L+1nroTb5u680JDhO/aP4wxW46PwpYrNBkGkiSS0zH mKNQH5nR8uvEKBbWQaEo0WMmifUFH3WtqBzQH23MJvnwPXgRJk545xT7iBFzT+pMhkO5pq UmCKfAQeYYWdWwdn0JO88YquJeBwQoo= X-MC-Unique: 76Xfui6XNB-bZilV6tSgVA-1 X-Mimecast-MFC-AGG-ID: 76Xfui6XNB-bZilV6tSgVA_1774871435 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1774871434; x=1775476234; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=nQN6BGEz2uMzaWLtnDgvxzEtfd2FYHTGxTkLOU4YzLs=; b=GGJ3IHvnTtGve1Myd91lMln2vUtLdhXvOT6eraUAznTjQ7AAHzjJvMp7SY6MvxskaC qVNsXYYoesTQHBPb/C7cyH4YQFNydKaVf7LyZAonNUNBW0N8U8qaMPT8qEjeW+c4O4/+ AnWiFN1XFwk8YIBfIkSmw/xWb6qXcxtRkJMgrt614tz+jCEpysM/O7+mtyjUf3IL7BQB xrLItjLYi+G+byKYMAiSeO8XRp98GkOfXnBavYhrOl8PVuOvhbaWTcaM5R7+7QfOROBj jHdwUiwFf7oPfsJb6tVngYQm3+dwQdkNg2BtLwXRyinQUTCyZOhWQBau9a9UX4qI5ufF cbPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774871434; x=1775476234; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=nQN6BGEz2uMzaWLtnDgvxzEtfd2FYHTGxTkLOU4YzLs=; b=rLpeN+RegQmvTOBzMwOq1JyfsGCmmSO+Z78XZVr7/aVxS1WxDCHudEYb4A0FapLqsw 8FgqlfSgkJ0KTZXdN0GAbE74ArRWbdSa8gfQgkcx7hUOSftuX9eXJlgZ2wjfXpMFBxPA Lto6zjufIqcdaI2KatjRKYqYaA4FygU2naZAi9HeC8i+WsUgh9OsMIswRv5Oe9SB1Og6 t3Bwc5i93E9H8Fkrelfcsmx+NcSMq/onzH/TAfkjgIDkIYGHQd5zb+sQ7rUbgGw4H00V f+iEpyQh+g/RwlyalaZhRJu2DDc4gJ8iSLQQGz+7x54etKqNy98kJXaVZai4clVmNPu5 kAGQ== X-Gm-Message-State: AOJu0YzUxWDsvNCSfsS82QII3fVjWEVWD/JvpxsIDeuMl5Wti4dXT7D1 KcfAICEUynSjzVb9pfHIRdxPYeDwiK0NM2lEj4ODP/LRSM9kMVw9xH1aMxk8LGlAb3XfBUZ8aaJ U4nzPAiUaTXRgrIRqi1gMcPGQ1ppa/aTmjkEFdtkvcqyQShclRNOG+iBjU4qjoVU48AE/7FhJ4N AssySoCTBfErg8bcj6JaaulJQGDD0FyS6l6+9iqs83 X-Gm-Gg: ATEYQzx+uaeLWEOYrE7fc5PGgo3xdfe9mKF2b697X44yQfJlQneMuJsPeA3YskvwmyB RetBhHakcq4sfLDkW1Ob3ZizX1n+f39Wx6fZjjgSbq8RCDR2QIrVNdHNu6OG8zdO1gV7qtvTN6K nVtl+7bEHWpJzMOaf57n+eBJ0vLoP05biWJ5wcb+7B+rzc3MtKCl409it+lNIM9vi2eJnh+gjAL A9Aw9Iu/CmU1w3HHLeRrObAj5nCNz02dMLLl/srh98+6XLiFmNW3+Sug+284H7Qth91mgPM33im hKR5hWOEzxSGbnt/FYvD9qW7I+UZUKFPkmgVCXHPRTDy4a4JsQG/JCprh8ckJBODh2ww8uNse3u 6ogX6/i2UAfW0QrOdtrf+SF7TV1b43cBdY5ftrrxzmEO8K4YineX26NNlSdNUbePvuPdcUjtJIC vAT8UmgqPIVSFGA6WmlqttvM59 X-Received: by 2002:a5d:66ca:0:b0:43b:f322:34e1 with SMTP id ffacd0b85a97d-43bf3223544mr12989094f8f.51.1774871434564; Mon, 30 Mar 2026 04:50:34 -0700 (PDT) X-Received: by 2002:a5d:66ca:0:b0:43b:f322:34e1 with SMTP id ffacd0b85a97d-43bf3223544mr12989040f8f.51.1774871433974; Mon, 30 Mar 2026 04:50:33 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PULL 06/12] hpet: lower HPET_MAX_TIMERS to 24 Date: Mon, 30 Mar 2026 13:50:10 +0200 Message-ID: <20260330115017.256211-7-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260330115017.256211-1-pbonzini@redhat.com> References: <20260330115017.256211-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -5 X-Spam_score: -0.6 X-Spam_bar: / X-Spam_report: (-0.6 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.54, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=1, RCVD_IN_VALIDITY_RPBL_BLOCKED=1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1774871605960154100 Content-Type: text/plain; charset="utf-8" Each timer block occupies 32 bytes, but they only start at offset 256 of the 1024-byte MMIO register space. Therefore the correct limit for HPET_MAX_TIMERS is 24, not 32. Signed-off-by: Paolo Bonzini --- include/hw/timer/hpet.h | 2 +- rust/hw/timer/hpet/src/device.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/hw/timer/hpet.h b/include/hw/timer/hpet.h index c2656f7f0be..84be4c3529a 100644 --- a/include/hw/timer/hpet.h +++ b/include/hw/timer/hpet.h @@ -22,7 +22,7 @@ =20 #define FS_PER_NS 1000000 /* 1000000 femtoseconds =3D=3D 1 ns */ #define HPET_MIN_TIMERS 3 -#define HPET_MAX_TIMERS 32 +#define HPET_MAX_TIMERS 24 =20 #define HPET_NUM_IRQ_ROUTES 32 =20 diff --git a/rust/hw/timer/hpet/src/device.rs b/rust/hw/timer/hpet/src/devi= ce.rs index 0a5c131819b..ec0bca4496d 100644 --- a/rust/hw/timer/hpet/src/device.rs +++ b/rust/hw/timer/hpet/src/device.rs @@ -32,7 +32,7 @@ /// Minimum recommended hardware implementation. const HPET_MIN_TIMERS: usize =3D 3; /// Maximum timers in each timer block. -const HPET_MAX_TIMERS: usize =3D 32; +const HPET_MAX_TIMERS: usize =3D 24; =20 /// Flags that HPETState.flags supports. const HPET_FLAG_MSI_SUPPORT_SHIFT: usize =3D 0; --=20 2.53.0 From nobody Thu Apr 2 02:50:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1774871596; cv=none; d=zohomail.com; s=zohoarc; b=KLt6jgPnjMDDnTExRZSmXAvvrkLpF7ZPHvqCyVWVGWJO7MqQEtRdyvCNNjOY1jDcSsttWkp/VCvwaoHUhrOnMwXfmyF5A2hHNa4MU3QmFCtuEwvhurTaN9EE76qB0h1h4frGy+ev9zn4gk7T8kXBchohRM+FVVzKowHbRPGF064= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774871596; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=wJNY+f2TrbCPXZjzOHz0yYvcyj3qPpUKW0IeXPo8WUg=; b=XpVpAzTQ/rJvDhbaI869cYK34j6Z1BrtzbyCyTSDackelK4jxT0ws7F5E9HRl5BzglwbNfLtZ1G0gLi4WISpikH/RYRhYI61Lx83LzxddVMg8VgrM9l6qx+Ql3Foga8yd+ZkCn5Zv7XonyTjgizoeGp9zb0HRKUl77PVfMDVfzE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1774871596904428.31042833812194; Mon, 30 Mar 2026 04:53:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7BAd-0005NU-MF; Mon, 30 Mar 2026 07:52:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8y-0003fF-Dp for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:51:03 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8s-0005wq-Dl for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:53 -0400 Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-407-2ax8G-3fMhS-Xmi3FcN4aQ-1; Mon, 30 Mar 2026 07:50:39 -0400 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-43d034589d0so410910f8f.1 for ; Mon, 30 Mar 2026 04:50:39 -0700 (PDT) Received: from [192.168.10.48] ([151.49.85.67]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43cf24707f2sm19331948f8f.26.2026.03.30.04.50.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 04:50:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774871440; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wJNY+f2TrbCPXZjzOHz0yYvcyj3qPpUKW0IeXPo8WUg=; b=PJpGkRk6m+ckCjm7v4iGcNaSWOiiFSh4yDcvyRiChekIUmx5yOYOLX/glBBwDSU8UZlWfS VGma9CNEGkd5mDuBBegzgJyIkHZzGMUD/9khEjkR3ThUQsd2woerE8Na++hH4/hF1d97cu nLNx9G4KegVu4R8iiPIweoBZiZQSTLM= X-MC-Unique: 2ax8G-3fMhS-Xmi3FcN4aQ-1 X-Mimecast-MFC-AGG-ID: 2ax8G-3fMhS-Xmi3FcN4aQ_1774871438 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1774871438; x=1775476238; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wJNY+f2TrbCPXZjzOHz0yYvcyj3qPpUKW0IeXPo8WUg=; b=Ci0t0xDISiukipZsqHs56De+QYjUVZSHGQvWnYBk+eZCLwxGzS8F/NOzxhdxFb17Yg 2udnfpPn/+m7zEC+O+h4+ZdPBv1CVbq+YR2q/NYAqBr7bV5XGraYw2PwxXooucZjCkFQ PChqh044re1axdrO+yyjsW30zViK1uXMCluYWu5JdRudO32YtEKbnE1p1aPlZRc9llbK cna/PvBGX8oa5IfeLR/NzyFBtlQ6uSDl7+IpJO6FFtjJBqVcc6x3h5MhV+RbDo4kuTk9 JbsM2MauFHdzzEee8Y8GPx+tt25NrL26vgaJbnfrMSBQIWjhRxAYH0NRjPQweJ+zhvug mnkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774871438; x=1775476238; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=wJNY+f2TrbCPXZjzOHz0yYvcyj3qPpUKW0IeXPo8WUg=; b=Ljd7Ke101qhZ/P8GlGx0iEfrTMmnvbQ7GdAg+CvQ0kISLesayUzarEeWt8ogOAI3IL jxHgZo5iTytNPCn9VS1wJL6ByB3UHi+crcMCgfKR+6+EHCsErPVnTwSlMVlEYQbJd/uA gDYzIQHUzUpIX0DF0RVSmnn4MFrIOJQw4+5fedsM6Zr9Fzm5NELk0eApRUwn71IfitY+ /cRf1qVK2pFxOgx/AJmNXRFiPV8IBNbu/hk623LfcNSDeZ9xx/lLxp3Z20prwT2TXghI /4vnK0dMXC0OL/uwP0a6xjXslYIQkSHFC2pO51yw6amIw0gPu+e1vcAYcRBXLUKhM1Wp nhkw== X-Gm-Message-State: AOJu0YyVkaDbQEHXnunDYGXZzylvohRdlDyvJsl/w2ObMJHsaRlYDnBQ lqjGo00tzBR/+oFrSNxmGRZZcsoQagJQCNJKk7FgVYyfiCg2ioBy48o9RP75mYk/nyij7HWlU8s I5a05zcW2E0B4FISdXxgWzwl7M8EAQgVesp/6sMmAKqGGxeR1GNYvNy0+r51AJqsuaYAQG3zixd ncI2xut5DLq9DcdU5hmhBU9mzh3F9IRlr4bvwxyCAw X-Gm-Gg: ATEYQzyyA5E38BZKKI21A5XOGEnHTGMG5pD6F9ZlmsEfO64lDfcFgxThpKP2FooD6yA MDfY8LiHrnzFlSDE/dQ0CeQGraH+cg2NXQbozWPsZN2pN0n98jojsCgIjsnn3zwENLrtUguRnjq 1DCq3LPBdCt23PhkSipSKI7iVarz8IQd80Ti9e4+c0ASMFpP6wPhXWmFsdm50U77bXAvptMLiHK eRXJ3ZsvjoEkbzjCb4Www1g+kbI11TNgnYwLPovw39CO3RLj22pFzcnAP7P8T6+arlHVOIIs+0U 7AeEZZZB3JCqAMsItMD7NiflxMJGwCMApmWlSXvTlpWbNb6JNw9SqSxn9XTa1jP5YZUwGzeTHvi +byD94ur5jsZXseWIs+r22+uPU2r6WzAfIAwK0zX+oYNp8bwUXqsM4K0+wImajvWGPUlKCaBVUo fQdaOdeTY2dAq3jbtGggGyS3Dx X-Received: by 2002:a5d:64e8:0:b0:43c:fde6:2126 with SMTP id ffacd0b85a97d-43cfde62295mr7316034f8f.37.1774871437534; Mon, 30 Mar 2026 04:50:37 -0700 (PDT) X-Received: by 2002:a5d:64e8:0:b0:43c:fde6:2126 with SMTP id ffacd0b85a97d-43cfde62295mr7315970f8f.37.1774871436940; Mon, 30 Mar 2026 04:50:36 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org Subject: [PULL 07/12] lsi53c895a: keep a reference to the device while SCRIPTS execute Date: Mon, 30 Mar 2026 13:50:11 +0200 Message-ID: <20260330115017.256211-8-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260330115017.256211-1-pbonzini@redhat.com> References: <20260330115017.256211-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -5 X-Spam_score: -0.6 X-Spam_bar: / X-Spam_report: (-0.6 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.54, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=1, RCVD_IN_VALIDITY_RPBL_BLOCKED=1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1774871599877154100 Content-Type: text/plain; charset="utf-8" SCRIPTS execution can trigger PCI device unplug and consequently a use-after-free after the unplug returns. Avoid this by keeping the device alive. Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3090 Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini --- hw/scsi/lsi53c895a.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index 6f43e500b3c..90643b26ab8 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -1163,6 +1163,7 @@ static void lsi_execute_script(LSIState *s) s->waiting =3D LSI_NOWAIT; } =20 + object_ref(s); reentrancy_level++; =20 s->istat1 |=3D LSI_ISTAT1_SRUN; @@ -1182,6 +1183,7 @@ again: s->waiting =3D LSI_WAIT_SCRIPTS; lsi_scripts_timer_start(s); reentrancy_level--; + object_unref(s); return; } insn =3D read_dword(s, s->dsp); @@ -1630,6 +1632,7 @@ again: trace_lsi_execute_script_stop(); =20 reentrancy_level--; + object_unref(s); } =20 static uint8_t lsi_reg_readb(LSIState *s, int offset) --=20 2.53.0 From nobody Thu Apr 2 02:50:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1774871545; cv=none; d=zohomail.com; s=zohoarc; b=ZnUTX05szr+kTBMHgQlPBWTPPgRTtdgFOqXLdcCDmiosDuI1jj7h6autUIQwF6XV3cTAHZ95IzzIODPoAv8aD4SGS53orneH2XdUI8qBJ+JTaQdCPpAJLnJXkJltBvQEvYcDFHC38FqnDn9Ji5CdGxEsbqipZD4Xk5yLfxKi9fA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774871545; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=+sJu2rHkLQmtf44os66TEn4JFKTj0rKBgEnPKUk/PT8=; b=JWJ6xpw5A5FdMXrKcLa4q8Eg+haKX0Lm8fb3nHAOlxZzJQ2c/+x0YiotQa3UH1+Q+ny7BVfV+xE4a7xPXURSKfUkIBgRsFUnCYNTudfaIBCzX3zTOp8zq32cVhIv6VyG7FILRBSZQ6auM+GGsHrTfdc7BMUsbB3nNPz0moEAZk0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1774871545412591.5180371188594; Mon, 30 Mar 2026 04:52:25 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7BA4-0004mN-G0; Mon, 30 Mar 2026 07:52:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8u-0003bn-J8 for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:59 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8s-0005x7-56 for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:52 -0400 Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-378-4LS_5xVQPNSfAeTGx6issA-1; Mon, 30 Mar 2026 07:50:42 -0400 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-43cffbe261eso640398f8f.2 for ; Mon, 30 Mar 2026 04:50:41 -0700 (PDT) Received: from [192.168.10.48] ([151.49.85.67]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43cf2463dc2sm18578176f8f.23.2026.03.30.04.50.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 04:50:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774871443; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+sJu2rHkLQmtf44os66TEn4JFKTj0rKBgEnPKUk/PT8=; b=BeZokOkNWkWHELZWLfVcpbi9JZsg2oCq8Ltyy9ZOOtq3+HPQMmff62Gzq5xzEzDryL6ZFM JI2NGgPZ1QlFatowOkfUYiqO7eZDj9MR0IaUDUJ4kXX0sznno6/yvGdU7XBBNfZ9Vnr250 6Rk+lYSFVS3GXUc+DqXH4rSqLX0Rymw= X-MC-Unique: 4LS_5xVQPNSfAeTGx6issA-1 X-Mimecast-MFC-AGG-ID: 4LS_5xVQPNSfAeTGx6issA_1774871441 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1774871440; x=1775476240; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+sJu2rHkLQmtf44os66TEn4JFKTj0rKBgEnPKUk/PT8=; b=qnnJPLfpJhjSD4LtO+ZEG+erqNEhqysv6HKKsvUwxzXjuQ3/2q9T09+SlgXG1h+bGp CUS4yPhT6N/sf0gm9yCs/PpW8Sf3KKLpOqukz15bUHDSeij8ZjmWLrF00pZ4nS8A0Xrt s06pr/xmr14IttVMFsXQohapBUZhD/Jm3a81dXnPtJ1i0wSnTNS9kh+yaw5YuBRgT1tR nszE4C7m9w2pLtDfPyAETIHqV0g44SYJz72jxL5ZgfgPQCCQIyFU8GzRFy1IgfxLcIta Ro1A1n6IuJ6ZiUaweV679KW+25jKfGXzPV23+4cbLgkRxCfdvh7DzOegubl/4eW854iW WnnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774871440; x=1775476240; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=+sJu2rHkLQmtf44os66TEn4JFKTj0rKBgEnPKUk/PT8=; b=cDoTgFcQIT29tdOO2ufJHI+vu3lNf0IzmmJ3t/zd9nOKkArP8LD4tRXthG/i8OrEya atMBbVtdL1XwKuCBibwEDgIM4rVxARBCjRKA6nDmsg9zn2M6Ixzp7vvhZRZL/eUmcJqu M5CskKGIeG24xE8YIQOyyEt9h2kOfCpwMG722QQAG7kS9zzuEMDWkQEp6d6O1beOaLW8 cGS920Ms4RXh3RLDE8y0wJmPKga9fTa0h+xa6jm5Nwow9S5vPJXnxr/xwnsdYC4jZSEt XWcFTgcOpoKfRrAbmlhIeIjHDn94RX8uzqS7LioHl1PcqcGIx6Bdy5seVCN3r6fudfSc y4LQ== X-Gm-Message-State: AOJu0Yw2c85UWll2s0dqyihTPTPAFBVbmgVWbsBiFbH6gRRVwTkYYAnf 5drEmnaQSb9UQsmbalbRuhq244iQ89bb8ML6tpDhgPtBLC0swOTFRSECIRPg3gmPi9PYYhtj1p+ tWI6g1iSqV0OptIXaW2uxT9PuSb+y1+/8RDfYLWXbip1YJbVpfh4m0kp1+LIzoLRkMtoe+AN8Ty 0EsegGKKtxybYk31GcwS1CAU3iOM/600q4AO1eTAX+ X-Gm-Gg: ATEYQzyUPA3sxfp5KsL2QTYF8I2WhmeMEd/Qr3bGMV7x6AYyQ1p9XvjLtb+CB62GwOW slBTrXh1ouw+oR81/SCodgdBJg3kfueqq1d+mAvc4GuDeQ0hwmOq+j1Cdue45UJ/2AxghVd86+m kPRWezVOoCTwBWqQmJbnB1cs0n23SWt2HnZKzGpuUytQ4gigkEONnuJCilFqRQIv3ZvTSekOtwP 4gYfZ5Xrzfbf92uSAlB64Dtsphr73t3qzczg2S0N6NPnnSVD5coO02gZtzA6JRJMmh89pNxxmQ3 7uuJEevjnVj1DTb1ijmtR9M94EIgal2tSWKFlpqDRLrM5xd55I0mVSrBg4szw9c/FacMB3qObTg 8qFERxOsQ+PCnu25oFRKf7H7hct4CGJ1XUGm0gSHKI3w8FJIrM6Redndbfk4f/Q3QGO/S1aXLME q0qy2ZMARs0JprGw/4PCCeuXqP X-Received: by 2002:a05:6000:26c2:b0:43b:4989:869d with SMTP id ffacd0b85a97d-43b9ea4a46dmr19121633f8f.33.1774871439824; Mon, 30 Mar 2026 04:50:39 -0700 (PDT) X-Received: by 2002:a05:6000:26c2:b0:43b:4989:869d with SMTP id ffacd0b85a97d-43b9ea4a46dmr19121592f8f.33.1774871439364; Mon, 30 Mar 2026 04:50:39 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org Subject: [PULL 08/12] lsi53c895a: do not do anything else if a reset is requested by writing ISTAT0 Date: Mon, 30 Mar 2026 13:50:12 +0200 Message-ID: <20260330115017.256211-9-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260330115017.256211-1-pbonzini@redhat.com> References: <20260330115017.256211-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -6 X-Spam_score: -0.7 X-Spam_bar: / X-Spam_report: (-0.7 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.54, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.01, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=1, RCVD_IN_VALIDITY_RPBL_BLOCKED=1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1774871545805158500 Content-Type: text/plain; charset="utf-8" If the device is reset, anything that is done before will not really be visible. So do the reset and exit immediately if that is one of the requests in the value written to ISTAT0. Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini --- hw/scsi/lsi53c895a.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index 90643b26ab8..81b4f93f4d3 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -1949,6 +1949,10 @@ static void lsi_reg_writeb(LSIState *s, int offset, = uint8_t val) CASE_SET_REG32(dsa, 0x10) case 0x14: /* ISTAT0 */ s->istat0 =3D (s->istat0 & 0x0f) | (val & 0xf0); + if (val & LSI_ISTAT0_SRST) { + device_cold_reset(DEVICE(s)); + return; + } if (val & LSI_ISTAT0_ABRT) { lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); } @@ -1962,9 +1966,6 @@ static void lsi_reg_writeb(LSIState *s, int offset, u= int8_t val) s->dsp =3D s->dnad; lsi_execute_script(s); } - if (val & LSI_ISTAT0_SRST) { - device_cold_reset(DEVICE(s)); - } break; case 0x16: /* MBOX0 */ s->mbox0 =3D val; --=20 2.53.0 From nobody Thu Apr 2 02:50:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1774871527; cv=none; d=zohomail.com; s=zohoarc; b=m3vkY/HpWEozHiX6cSaNWnpkLQ1z9gi6wcHm8yxnoY71aYYYzY295VMud073IIcGXLTW7A8TxkvD6mPnzmswd1I7GOGHUMBX8CNQZThg5ZkMdZX+e+ILPS/w3ACpqXx/zq0vpAI8M0KJaO1v9eVuO8olgTulEjLjx5vL56yucr0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774871527; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=XB8m7Sndyux0qiJrEVjHOmARiOQkTMH4+4NUfWzFM0Y=; b=Ge0/+YtWIo61hMo4S1y8Q5wXrxOefabqNc9VrJZJqujKErPufWRZME2c74T/3x5mm9T7KTVSuL1QH7SBlk73wUQlqvrssjp9ozfd1X+04MlcM3wciPc0wzTsmPopeTrUz/jLPF60OsvjHDT9aMbZ+S38cI5aaaOKeqn0C5BbG4g= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 17748715277941013.457514697298; Mon, 30 Mar 2026 04:52:07 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7B9w-0004co-2G; Mon, 30 Mar 2026 07:51:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8u-0003bo-JW for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:59 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8s-0005xa-6j for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:52 -0400 Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-458-1hVFE3iAMeSmJYX0LXq6FQ-1; Mon, 30 Mar 2026 07:50:44 -0400 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-4836abfc742so38080855e9.0 for ; Mon, 30 Mar 2026 04:50:44 -0700 (PDT) Received: from [192.168.10.48] ([151.49.85.67]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43cf21e265fsm19206909f8f.1.2026.03.30.04.50.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 04:50:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774871445; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XB8m7Sndyux0qiJrEVjHOmARiOQkTMH4+4NUfWzFM0Y=; b=JYPCpkLeDJ9w/M0NuivMnP5f3F5pD+fHTA1GrbIxIeelUoATeSiZmrLk2my4Kadmxv+AxO f2sfA/0gpI8XXiFv6P8zX/s8LQwFhBpNzINmUutUudCar3UAHCeLetZ+l7VKY8tuWtFFyJ +uXsIVEqxfWCgiqpY2ulpc6VPHoeXLs= X-MC-Unique: 1hVFE3iAMeSmJYX0LXq6FQ-1 X-Mimecast-MFC-AGG-ID: 1hVFE3iAMeSmJYX0LXq6FQ_1774871443 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1774871442; x=1775476242; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XB8m7Sndyux0qiJrEVjHOmARiOQkTMH4+4NUfWzFM0Y=; b=EEDH5fnYG5aH41Ge5O8sjrkQVjXP7aM32BI04hBX2vfEUJAo2ueE2Ii217XDK3X/p/ Eb4t3AIUAYNvvQ8oA71O4l6U7GZq+s4kvD3uEV7XgrUQV7+SMSW7EWHh0lBCM9Am7AVy 163N9tD8ZSjaUUaojMQIjkJJuBZ4FD9sQMOTQ8JLZDETq2kJcfBsWnIBKGoCywXf7mwx DOCpUVT60RZM2Sl9saISGYtO8PjTT8H4/bKYpbUxM6WNe09R/VVxtMo6yDLH4/b0SUeP Etp9o+yZrFUaXm9vCN/zc/6pkOHq/x8YB56NTFgRQviHGc0rqlAlHFbIkIfZbY3Pysh/ GCfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774871442; x=1775476242; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=XB8m7Sndyux0qiJrEVjHOmARiOQkTMH4+4NUfWzFM0Y=; b=nhc9xAEUvL0xlwKx25LnS3r/1t6QKyHIseofrWEVoeoy6yeMUbNgBEKgaSMfb02gPM 6uuZsWzAbaNLk31tqQTF5D8Q/v309mQrhhNkq1mc9lp6aiUrx5XoCbMCJ/nI2uqdHCk5 b7B6rkVr9nQhYP7XwA2oRag4xUhsRTjgj6AXYXfMm/uEYmIlt/v8WC6tPGVB3bDoEysf 8xM1SJ5aWMbZPCnI7+VQQUpDg6giptvRJlpkVAmNxmnUKA5A320ea2EkT/OiFjWoNg3k YrRD2RXcSfCxR5jpapAfNntJ8v63Na0YrgKvrooY9oudoV8HJ/sHb36qzOnrwAcjJo01 CCKA== X-Gm-Message-State: AOJu0Yws9VJEXhuQmHA8ykWxJMkaAeDCmgDxLGyZcZNAf0UUsD/5+TjT gs28h0P/XDTStuiK89zLtepDnMT+gVCovF4bZdSbpDEN1rvMVjiE2z55BGp4XDL/e6Q6+zvtoJC TyDJu8xjxtod2K7gzy22QHcLOflxhutlGuAaxkv6Mq3vL7Pu3i+hJuMJYl/Tt1ufhlwDAwoFeNo QIZ3MGDfJc+YRW33pA6MV+ts1SPvg9vE1iPdw6DWnL X-Gm-Gg: ATEYQzxQzMHfR4M2fOTUE/4Ln4VEmwGwpJzO9+M080OJVUhHCmJ5TDvK4/DZe/Lf1w1 kEotOvGz4D1w/xIE2VzMPsQ6WozPbzipNkVg1P0QCbmilXisDHQiL8/rPdijZbQFlL1pF2qgc7O HDAPLUpfHG+BwqPqHGgWD4gCP3wrim0w50138Tf5XcEVjNNFU9et/t8jvTeUG4K+zr/RMkMmO2r MuCX/CPPfZv07NSPVJIqoGg/A8wPOigJCoIlI4hDSJvLNcfcz7IcrV1Hc3JzyY73N5+8yc4ML0G LVk0zH5Y38ePsFYSf5TM7c1WSd390KrZc1KH199aFb28aNw5Mr46X1PszhVOEr1tPCk/PVj4YYb TUkCV8wDydT12u19YPxsu0q84qEk2lTBKrP1pD3Kqy4BYv+0FiZFqZdu7I5gQaHLaXYGu7GqqNV fzpPyEDkoKDQEeauLSUhCJpubm X-Received: by 2002:a05:600c:a012:b0:480:6bef:63a0 with SMTP id 5b1f17b1804b1-48727ede8d3mr216732995e9.21.1774871442425; Mon, 30 Mar 2026 04:50:42 -0700 (PDT) X-Received: by 2002:a05:600c:a012:b0:480:6bef:63a0 with SMTP id 5b1f17b1804b1-48727ede8d3mr216732415e9.21.1774871441797; Mon, 30 Mar 2026 04:50:41 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org Subject: [PULL 09/12] lsi53c895a: keep lsi_request and SCSIRequest in local variables Date: Mon, 30 Mar 2026 13:50:13 +0200 Message-ID: <20260330115017.256211-10-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260330115017.256211-1-pbonzini@redhat.com> References: <20260330115017.256211-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -6 X-Spam_score: -0.7 X-Spam_bar: / X-Spam_report: (-0.7 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.54, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.01, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=1, RCVD_IN_VALIDITY_RPBL_BLOCKED=1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1774871529659158500 Content-Type: text/plain; charset="utf-8" Protect against changes from reentrant device MMIO during DMA, by always operating on the same request. Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini --- hw/scsi/lsi53c895a.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index 81b4f93f4d3..1180e601811 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -626,6 +626,8 @@ static void lsi_do_dma(LSIState *s, int out) uint32_t count; dma_addr_t addr; SCSIDevice *dev; + SCSIRequest *req; + lsi_request *p; =20 if (!s->current || !s->current->dma_len) { /* Wait until data is available. */ @@ -633,12 +635,14 @@ static void lsi_do_dma(LSIState *s, int out) return; } =20 - dev =3D s->current->req->dev; + p =3D s->current; + req =3D s->current->req; + dev =3D req->dev; assert(dev); =20 count =3D s->dbc; - if (count > s->current->dma_len) - count =3D s->current->dma_len; + if (count > p->dma_len) + count =3D p->dma_len; =20 addr =3D s->dnad; /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ @@ -653,21 +657,22 @@ static void lsi_do_dma(LSIState *s, int out) s->csbc +=3D count; s->dnad +=3D count; s->dbc -=3D count; - if (s->current->dma_buf =3D=3D NULL) { - s->current->dma_buf =3D scsi_req_get_buf(s->current->req); + if (p->dma_buf =3D=3D NULL) { + p->dma_buf =3D scsi_req_get_buf(req); } /* ??? Set SFBR to first data byte. */ if (out) { - lsi_mem_read(s, addr, s->current->dma_buf, count); + lsi_mem_read(s, addr, p->dma_buf, count); } else { - lsi_mem_write(s, addr, s->current->dma_buf, count); + lsi_mem_write(s, addr, p->dma_buf, count); } - s->current->dma_len -=3D count; - if (s->current->dma_len =3D=3D 0) { - s->current->dma_buf =3D NULL; - scsi_req_continue(s->current->req); + + p->dma_len -=3D count; + if (p->dma_len =3D=3D 0) { + p->dma_buf =3D NULL; + scsi_req_continue(req); } else { - s->current->dma_buf +=3D count; + p->dma_buf +=3D count; lsi_resume_script(s); } } --=20 2.53.0 From nobody Thu Apr 2 02:50:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1774871524; cv=none; d=zohomail.com; s=zohoarc; b=E9IED8Nevvd6XUCXSIlLgF0GnrTExiDnETaER8EHbNvSRY0dmWxJiRnDXvLI+nUjMB2p1eO2jWon6vVn6LvQm0ccvuKPLEMvHK16YQ92UBeT1NXZxI6U0+BrvCh/xc4cz1Ph49+r8RlPAJBJyhJBadLxSPE+9/4nqlg5QPp3iGs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774871524; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=N96Cvh9nP6r8XFXHnMsPNyo3ZrU8DUpNDRPrE2edM1c=; b=IZuPTWrxmJbHMbNXrvLEx9V8kBntKijf1+F9yg3Wl2G+oFx3NqrnpHKzwFI8UcpQbjDkexwwJCfP/5HHuVAwK+m90ybT146G6GMo6m/DO2df6IYaXcXamG6OOOoZibcP4J8dltcW08qR0UR+IxURfOqqQg3/i8sQY/Hm5Y+Xtzk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1774871524638770.3836474187095; Mon, 30 Mar 2026 04:52:04 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7B9q-0004Mg-4d; Mon, 30 Mar 2026 07:51:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8u-0003cB-UV for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:59 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8s-0005xq-9J for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:52 -0400 Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-180-2Yyro-DEMH62zTrvbSU3tg-1; Mon, 30 Mar 2026 07:50:46 -0400 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-486fe36cf73so33475335e9.1 for ; Mon, 30 Mar 2026 04:50:46 -0700 (PDT) Received: from [192.168.10.48] ([151.49.85.67]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43cf245f8a3sm19825485f8f.24.2026.03.30.04.50.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 04:50:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774871447; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=N96Cvh9nP6r8XFXHnMsPNyo3ZrU8DUpNDRPrE2edM1c=; b=EobMz3zA7YsWNdOHQEbQB2W6YV7WXJJkOBVg4fFWthf4+Tp3g7Ozw5P5TYiifziCriLSS0 1U0C+uKuFd1CYcgVPkJ3t2rEETexUFV0uzM5riz/+SUthmdNqW2POw5yurgDelKFDF2wVf SKCQNKjIpTV74kyLtx1UMskf8LpU92w= X-MC-Unique: 2Yyro-DEMH62zTrvbSU3tg-1 X-Mimecast-MFC-AGG-ID: 2Yyro-DEMH62zTrvbSU3tg_1774871445 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1774871444; x=1775476244; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=N96Cvh9nP6r8XFXHnMsPNyo3ZrU8DUpNDRPrE2edM1c=; b=gWmUOgHjM14MC8DTKb8VQiePPfvpfsVI5zUrLMdA2rbn8qSo63zBppINEOqtB6WhDB j3R8MoG5ZyGRrjO6PujNkXSxvI9shO2j6CxBB4cDqWjKeZiSYXekYOU2fLGmzXpHVrj8 iN225LsmAdoPN8CTplsB4HZ0DYG2g6ZjFLZOQLxKVw7Y3r+w1R0KW5L7Wa78pStHLQQ6 dZccv2Yx4sDymNFlI4i2uErbVn3GuUwXnK2GE4TvstLPwWntlWnoXB0ZX3uC7Jolusr2 ssQgZjQhnHtbnfSPhBOQ5Wjso6jVQnuLerqFWB+VgwpUJL3wI956SoY0gx7HAA9ceozE 7HnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774871444; x=1775476244; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=N96Cvh9nP6r8XFXHnMsPNyo3ZrU8DUpNDRPrE2edM1c=; b=JbKfltReGeX0wfH8mt7Qpv+P4qHotBaJ/Cw7CHcvtl2SZF4N8cKoC5LlyZQoix22MN j/IlVrQzjPjIzGy3fnNV6yXioMfemOtyrwPqqr8j2vMBfws93Zp1Oc6DzSlT5j4B5xMa SF5C8s6Zk97x7OxWc5uWc87Q0vCKeFezyWxo6FBhB+oHgxjnUSDmj30dQoUEWb1hHukc SYPnCNftgoIzfFi3Xqj6B25K7+SvuKuuP8gQARhTZIY3Rmj6VGitAJDfD1ZVLVF7Qv0e ViEDJytQYxkrhJu/9okjAb4z21Z3Eq2ypZMX065GYhkQ1npTanY0VnMrwkP560FHWCu1 Ht/w== X-Gm-Message-State: AOJu0Yz+LXSZVNH9fmrZE4hYuMDo2F7ZSB4W3D0472wpMdarafOYOCAX GWeCUDs4fry3ZCcr0kS2wtSVZSnAzBOQYAUmgJrNpr1SvhPSOkt71yAFCfTwBCUATXA18QxukZn 4qykGM9B5aGrlMLgE+YIAqrxoLrU2RJ4Gwu7datA7L+3V91umJ/1cb7bMm+vL3zEFUmLOdi+2Sc 8mnILekGQXDkHCrlUomvzzgtqIFPwSEyE5WGYyOEsF X-Gm-Gg: ATEYQzzbib8TSW1Wu6RWdewTqn9g8Kmh49NkHMKcJ8gkzU6wbLyTSzzYSkNpzTdGFxo TSCRlUZzFP1ZTcG9dGYIbvUjP2F3zkqQofx3ZOR8O1SQ2aqdxQubvzkhB3q0lLMJfFsqi2ojarY nTReEzKe6DzMwx9QRYnMCK/5CibUtCjFhvp6uiQM5oYhby0n6NwwkOGIZu+Y56qBkRgblluhDx0 yX1+N4+MhhHUPRz5UqqfOZM1+bJgLQTpnoWqO0zs3r6QxnOJh4ikX1DNz8uSxLdXXXgoZvTuKQy dEcgoN0tyHcyXYHJrB9B76OEXrq8Gn635DgNtMKQQAHuAiL+QixDbfV4jmwUbTdhcwAzekJEclV ndFkHJzq767jr0TuYJ7C1gZbsBiPOJRrnnZ27Cyg5pWfP27/IID85QHE2RhTQgnpNYrPfBMIHrN XW6SXIHEIby5Tlvl4uzMJE6iPT X-Received: by 2002:a05:600c:4744:b0:485:4278:2558 with SMTP id 5b1f17b1804b1-48727d5a313mr204229935e9.6.1774871443577; Mon, 30 Mar 2026 04:50:43 -0700 (PDT) X-Received: by 2002:a05:600c:4744:b0:485:4278:2558 with SMTP id 5b1f17b1804b1-48727d5a313mr204229495e9.6.1774871443075; Mon, 30 Mar 2026 04:50:43 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org Subject: [PULL 10/12] lsi53c895a: keep lsi_request alive as long as the SCSIRequest Date: Mon, 30 Mar 2026 13:50:14 +0200 Message-ID: <20260330115017.256211-11-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260330115017.256211-1-pbonzini@redhat.com> References: <20260330115017.256211-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -6 X-Spam_score: -0.7 X-Spam_bar: / X-Spam_report: (-0.7 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.54, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.01, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=1, RCVD_IN_VALIDITY_RPBL_BLOCKED=1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1774871526741154100 Content-Type: text/plain; charset="utf-8" To protect against using the lsi_request after SCSIRequest has been freed, keep the HBA-private data alive until the last reference to the SCSIRequest is gone. Because req->hba_private was used (even if just for an assertion) to check that the request was still either current or queued, add a boolean field that is set when the SCSIRequest is cancelled or completed, which is when the lsi_request would have been unqueued. Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini --- hw/scsi/lsi53c895a.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index 1180e601811..b882fc02276 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -197,6 +197,7 @@ typedef struct lsi_request { uint8_t *dma_buf; uint32_t pending; int out; + bool orphan; QTAILQ_ENTRY(lsi_request) next; } lsi_request; =20 @@ -748,14 +749,20 @@ static lsi_request *lsi_find_by_tag(LSIState *s, uint= 32_t tag) return NULL; } =20 -static void lsi_request_free(LSIState *s, lsi_request *p) +static void lsi_request_orphan(LSIState *s, lsi_request *p) { + p->orphan =3D true; if (p =3D=3D s->current) { s->current =3D NULL; } else { QTAILQ_REMOVE(&s->queue, p, next); } - g_free(p); + scsi_req_unref(p->req); +} + +static void lsi_free_request(SCSIBus *bus, void *priv) +{ + g_free(priv); } =20 static void lsi_request_cancelled(SCSIRequest *req) @@ -763,9 +770,7 @@ static void lsi_request_cancelled(SCSIRequest *req) LSIState *s =3D LSI53C895A(req->bus->qbus.parent); lsi_request *p =3D req->hba_private; =20 - req->hba_private =3D NULL; - lsi_request_free(s, p); - scsi_req_unref(req); + lsi_request_orphan(s, p); } =20 /* Record that data is available for a queued command. Returns zero if @@ -817,9 +822,7 @@ static void lsi_command_complete(SCSIRequest *req, size= _t resid) } =20 if (req->hba_private =3D=3D s->current) { - req->hba_private =3D NULL; - lsi_request_free(s, s->current); - scsi_req_unref(req); + lsi_request_orphan(s, s->current); } if (!stop) { lsi_resume_script(s); @@ -830,10 +833,11 @@ static void lsi_command_complete(SCSIRequest *req, si= ze_t resid) static void lsi_transfer_data(SCSIRequest *req, uint32_t len) { LSIState *s =3D LSI53C895A(req->bus->qbus.parent); + lsi_request *p =3D req->hba_private; int out; =20 - assert(req->hba_private); - if (s->waiting =3D=3D LSI_WAIT_RESELECT || req->hba_private !=3D s->cu= rrent || + assert(!p->orphan); + if (s->waiting =3D=3D LSI_WAIT_RESELECT || p !=3D s->current || (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { if (lsi_queue_req(s, req, len)) { return; @@ -2325,7 +2329,8 @@ static const struct SCSIBusInfo lsi_scsi_info =3D { =20 .transfer_data =3D lsi_transfer_data, .complete =3D lsi_command_complete, - .cancel =3D lsi_request_cancelled + .cancel =3D lsi_request_cancelled, + .free_request =3D lsi_free_request, }; =20 static void scripts_timer_cb(void *opaque) --=20 2.53.0 From nobody Thu Apr 2 02:50:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1774871608; cv=none; d=zohomail.com; s=zohoarc; b=BKgRUstAnGj/bBflwmJwOPhYlfwg/EssNa7imqVgkr5PO4Wy38rM6hNfn6oEeUdgFiu/edTADaSn65swtsKDiD2GvQczOTODiqw1I6nkY+LlOljSEXJUepuibLGiVBav22zHvnmBxAUwUnZqVxxf7gNwSHzV4mp7/+3PIkUQzug= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774871608; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=iZniXf7Th5qb+Qh//mdwiOoh7tVxEGpoHVgDrxDagI0=; b=aoseiaiBaUgEavTq52QVOeA7q/EnoLSWjDtceao9eJ07NLLkXRGINJtZ5IdvpD8hSxH0Tu2JnWdj+1tzQdFRDWBF+5PgPwLLzOmaNgyXzWuP1dT2s40Z2fDYCR3KWQcR3VlMQnZYQDGEaHJjbUvOmeu5ly2nb+mUNX2LKHBaN1E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 177487160847449.28755585585952; Mon, 30 Mar 2026 04:53:28 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7BBG-00061S-0j; Mon, 30 Mar 2026 07:53:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8y-0003f8-DR for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:51:03 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8t-0005y7-Mt for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:54 -0400 Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-479-y289Jhn0Mz-lR5DQiRtV3A-1; Mon, 30 Mar 2026 07:50:49 -0400 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-48544725bdeso59210715e9.2 for ; Mon, 30 Mar 2026 04:50:49 -0700 (PDT) Received: from [192.168.10.48] ([151.49.85.67]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48730688694sm164169325e9.11.2026.03.30.04.50.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 04:50:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774871450; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iZniXf7Th5qb+Qh//mdwiOoh7tVxEGpoHVgDrxDagI0=; b=KB/VfMbtqK6bMrjtJwfH4KpXTuGE4O1K3SnuPN+ABW289q7VLJgVWUhNXybNdj9epy9XnM QtN+4z9ZXZOhoNFIJ9OMZ2tDCFY8ER84SvbkdwXmj+endNfUzrQbGNw3cpmNf7tjDf4hw0 0tGtPmm7mHZ547pmpwynqjdA6W5q8vM= X-MC-Unique: y289Jhn0Mz-lR5DQiRtV3A-1 X-Mimecast-MFC-AGG-ID: y289Jhn0Mz-lR5DQiRtV3A_1774871448 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1774871447; x=1775476247; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iZniXf7Th5qb+Qh//mdwiOoh7tVxEGpoHVgDrxDagI0=; b=JUE7o5SbsIu0VNykv7x7rUOgOWWLF3LnG+ydd9xFOAtdsXGkro7xxgJr+W/SKjNSL6 d+EOIf/r5Lsq4UAEzJ+tCF1eJ9s4GO0flNs7jfev5x+hbaoGf63FLuxmBeB89sS3FFy2 RxmD1laIv5VgXAq5Ndjh7/c/o1NN35x5m0Hkg46PnN0VyG9kQARr9/u1FKpjHKyPNxCp fo9vbIxl1a08jpC4DAAaEpYZYKy3CqEAI90j1+e8Rqv9fd4zXYXCDBOv9AqHNzYlaYmj D01g8XAjGenUm4cG+EPFZmKI7Tgxr30HJPu2B4wVaF/Afr7817ziUDWWP5F4Ey6+l2op KGaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774871447; x=1775476247; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=iZniXf7Th5qb+Qh//mdwiOoh7tVxEGpoHVgDrxDagI0=; b=GH9FUb/pz+OgWGzH1dj7F+UNoMvhv9kN9wGeOiyDBEo8iV263Ngez8KosMv5hhHvwn zVE/4XNekV55/cO3xRv2V2LBz39XZ7cRyTfOb83J10Di4qRQADZtxkWsa1MuLj5d7P55 zvmwnh4p83oeKMv2dzRaO/Tahqc0LmKWVgMa1EtOOtR0oZMFRCnBnztvPp5tpOYjx8LP UfrmGiLRkRCMByIR/GLC6Tu9psfxVKjAqaNnMnWGUrMFv99wgTFjWAL7g2UKRVxUlwZD F9DkMW9xGyui0+jhgbkkjn9TNiBaSIS26eerwNy/j3BNRAmoZiwr8EXBsuDg+wGmbggB 8UMw== X-Gm-Message-State: AOJu0YxDg+XPxiM543ftOYv5BY8h3D1fcb7tQ42e6AygPB4s7F30+7O2 W04eBzIvXFp3Kf8jgbVrDQAhzDF/lZXenTrVeOSGefGwt6tQizpJxn2hF/i8m6xLGweBDgACFnZ gCZeD/oaebxHZSW3ImltpfI6jYpt8AMWUXXrUKO37GvDFBWtpunebbSiEWJ4Fppn2A3SiPE5VQD 7lHCdeGllyRVEZqT9AQgtHN9AAiLN1h/KXKzJF7YIK X-Gm-Gg: ATEYQzyrlPHbmU7bQECfvm1cK+iWPKhH2vHkT7oSZhFlQiArkDNcvI0ORjxXpKu7RwT WxZ3iX6xpYb0zF4VpGkYOr3s6ThVk0UdtXzaOHUocmxR5KieW1E5o10CDzlIPPOIv4Sn4j6ooVW 4I6f9g/DdqFpBvIdPLT4gBuzomBs55+3rI3wm8m0HOK974xQyEFyFrj9FKI4P+CKX6Gs7gvp8pI zj/pRWarOgz584ReyDEkBmeBN3S+zgIhjHDvdEmuKLiqCBWHrZJeP4CXTE+G9Irs3TqZS0xuz5K J2zJSzkhLZsI/1Fxsf5Thz6hoM+Amre3fGGAsAiEVEsAfVxfnwWpFBXVMHVH8SA2X6/tkzq+2Ik b1zP2YuL/VCv1GT2aSEw3Ir3wL1nIiDDCEh42WKa47a7thJqpFfVJHRpKKyM9K13EWUYiROP5j5 cFqn17pM3oVErHhOvSBIzcEZ3u X-Received: by 2002:a05:600d:8451:b0:485:40db:d40c with SMTP id 5b1f17b1804b1-48727d4596dmr178503015e9.3.1774871447242; Mon, 30 Mar 2026 04:50:47 -0700 (PDT) X-Received: by 2002:a05:600d:8451:b0:485:40db:d40c with SMTP id 5b1f17b1804b1-48727d4596dmr178502605e9.3.1774871446690; Mon, 30 Mar 2026 04:50:46 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Jihe Wang , qemu-stable@nongnu.org Subject: [PULL 11/12] lsi53c895a: keep SCSIRequest alive during DMA Date: Mon, 30 Mar 2026 13:50:15 +0200 Message-ID: <20260330115017.256211-12-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260330115017.256211-1-pbonzini@redhat.com> References: <20260330115017.256211-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -5 X-Spam_score: -0.6 X-Spam_bar: / X-Spam_report: (-0.6 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.54, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=1, RCVD_IN_VALIDITY_RPBL_BLOCKED=1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1774871610098158500 Content-Type: text/plain; charset="utf-8" Reentrant MMIO can cause the SCSIRequest to be completed, at which point lsi_request_orphan would drop the last reference. Anything that happens afterwards would access freed data. Keep a reference to the SCSIRequest and, through req->hba_private, to the lsi_request* for as long as DMA runs. Reported-by: Jihe Wang Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini --- hw/scsi/lsi53c895a.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index b882fc02276..54123f77579 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -637,7 +637,7 @@ static void lsi_do_dma(LSIState *s, int out) } =20 p =3D s->current; - req =3D s->current->req; + req =3D scsi_req_ref(s->current->req); dev =3D req->dev; assert(dev); =20 @@ -667,6 +667,11 @@ static void lsi_do_dma(LSIState *s, int out) } else { lsi_mem_write(s, addr, p->dma_buf, count); } + if (p->orphan) { + scsi_req_unref(req); + return; + } + scsi_req_unref(req); =20 p->dma_len -=3D count; if (p->dma_len =3D=3D 0) { --=20 2.53.0 From nobody Thu Apr 2 02:50:58 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1774871629; cv=none; d=zohomail.com; s=zohoarc; b=KRgICbkeXkKhuhoS+xhIsPArnPUb7MBgMKjlW1Z9SvdeUi5XAp9JsejCRRf2+DxUwvOG3mi6qQF75EKYYkht+DH7MXVvrNPR2pHK60TMI3hNr6GBQuuQot4gsIRs20EvaujXYtcBRlXD6QfimPPDgpnmnOq3YnR5imBOdp//wW4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1774871629; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=GfpuJ19t/UpPzsDmyGWAHDp6zIk3S1l1GzeSUE0fPeA=; b=Eblr7XcLkHw9zoPmYKTWZtJE6jh4gCKGhzOCocVsQ0gdgDZrWItSE9pp4NNEw/MPIYiUMnzNrqE1vx5vL1IeodymR3ProGh3u7VZ1tF6Exo0PptThYQ2ChEUfDB0XzmU6I/6yaDqwmPGr5V+UUFEqrLjBWCTu7AOE0jF402wSZU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1774871629058880.3780751094256; Mon, 30 Mar 2026 04:53:49 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7BBI-00064e-Kb; Mon, 30 Mar 2026 07:53:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8z-0003h8-9Y for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:51:06 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7B8v-0005yu-IO for qemu-devel@nongnu.org; Mon, 30 Mar 2026 07:50:56 -0400 Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-516-S4hE5z2sNOmfK0UxEN2ekA-1; Mon, 30 Mar 2026 07:50:51 -0400 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-43ba02dc34bso2467114f8f.1 for ; Mon, 30 Mar 2026 04:50:51 -0700 (PDT) Received: from [192.168.10.48] ([151.49.85.67]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43cf21e265fsm19207747f8f.1.2026.03.30.04.50.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 04:50:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1774871452; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GfpuJ19t/UpPzsDmyGWAHDp6zIk3S1l1GzeSUE0fPeA=; b=hnjfwfS3jMbRjzZmOKiMjsd/pV9M0seYE2vTYBgowczH4JQtlCdH6FrrC34vvxurEL40Bg nnhf5fS2PQhynr4mLIGypRyAGSknBLm+D9An9sJ98+zDG77+X6pOjR0LkpscbVq212B+WZ tErt4Yi8yNIJ9PKpuRZuQ9agS9Xk9Qg= X-MC-Unique: S4hE5z2sNOmfK0UxEN2ekA-1 X-Mimecast-MFC-AGG-ID: S4hE5z2sNOmfK0UxEN2ekA_1774871450 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1774871450; x=1775476250; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GfpuJ19t/UpPzsDmyGWAHDp6zIk3S1l1GzeSUE0fPeA=; b=d3wFWdvaw8hxpIJEj8daUd8KTRkLCXBS9xwRmbdyMBy1XLPCfsp4XM98hy/znMhYk8 514FY+IVeEdIukOa0+gO2uV6swnatqfMRsd7FFD34N6mSFBScLf4SszTFYi1vflnE99f jAoA3pB4w6WruOJmAVF3icbR58mihhPbggX5mf4gnvI479zRZnkEB43VNVQMRcr0RQhx MJiOhWROekjXBpS7qge25U/lE0y9FSkbp+E00dSj7a8mRFilYMJTSzDnnlsSyRWyUIN8 d9eNKCu724tomBUGmxAzCneCrCkYHuX2eaOpxml9Z6dHQ1p337B7pTMtb0nzwsJ/1t9g wSlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774871450; x=1775476250; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=GfpuJ19t/UpPzsDmyGWAHDp6zIk3S1l1GzeSUE0fPeA=; b=Ruj1B7l3zQWZ5e0Sx3xWXl4/mzgTvsYHF2xaRe1cEvfkqH8D2eYi/Mil9TMA5jXJX2 wtAKMLA+0yBtzTclZMoab22+CzQTMGwpsvngGeLWI+fWk8m22/07+m6hdJKLSIDAWNUt KM6u83+F2OcceHGRDqnjgVFWTZfgKXANQmgFA7BAmTOOt8S7LupwCm+4Bf9i2EjC5asj Ums3DH1ktP8vRULxtAF3Jbz3mZ0I0bUDnviN/UZqF6uLTTqvwvNjIDecRU4wqKA+MtpD 1rPKasW7oGm3ZaohYcnuzFawHxXa3pnklJYbVlsPsK2KBnlyt575EGIRaIEr2KJgfpir HztA== X-Gm-Message-State: AOJu0YxpWsmK8Sp9yfkPvdNem1PYRkj+0wDs7qyRuX+TOYlGo3HOA7+3 1nEwevYGp5HMkoVeT31wga7JENbBQG/ivKnKUNbZjHrIp9rMF3XJ7sCbyZ2RKF4gsTB+HxcFVtc S0BOmyDlkmzUuxNa6dFD/pWmXBB0CyeSbBwkeVTtII5okpuqx7rraBl9dLRuLFxpWVyNwkV0gWE WF9fM/sV6lTf5pCJmpqCx1pPWGij3NUpV7trW1oJml X-Gm-Gg: ATEYQzwmfl47uqF50XsQH8/uVttdWva2HOiCM3a81xj+gqAJWmMeN4/EzmrtbzRTENp eLHgjaKWMkNwwNY7EtgSGeugRoLNQIeW1Wvp2kOK6PIvZHohusDYsknMsKPbrEwo4Kglo28Yx1q b3e0cXygsG9HWVurstVUSFekRCOOHgd2QDFInLnzTXeutKLm8H7QNxRBw5MUSdFY4l0oNaSwQnF qq8XL+s+DORY9CVY9eSgazbPsRLRYlMBBT0sRYooGCQt1bLLdYUrgTOyYwNoFXOpFPaKLczKp/i eFBN9hnV1V3r3aeH/8dbM4CowkssrCaPSTwp72MHqn9yWU2bxL0YAKuTkTJIuwjeoFTGINsq5Io 6PZMVXfQN9aQxdl/XeUeGAnAlAyQBKR488likPiDXd0actn1b1dBIv+Sqw7kLLwk7cYwseuXdz+ 2MuEPRMCRuxZhDFsyEYTyMvcPC X-Received: by 2002:a5d:5f86:0:b0:43d:533:9559 with SMTP id ffacd0b85a97d-43d05339842mr1762381f8f.19.1774871449650; Mon, 30 Mar 2026 04:50:49 -0700 (PDT) X-Received: by 2002:a5d:5f86:0:b0:43d:533:9559 with SMTP id ffacd0b85a97d-43d05339842mr1762300f8f.19.1774871448976; Mon, 30 Mar 2026 04:50:48 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Zhao Liu , Peter Maydell Subject: [PULL 12/12] hw/acpi: Do not save/load cpuhp state unconditionally Date: Mon, 30 Mar 2026 13:50:16 +0200 Message-ID: <20260330115017.256211-13-pbonzini@redhat.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260330115017.256211-1-pbonzini@redhat.com> References: <20260330115017.256211-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -6 X-Spam_score: -0.7 X-Spam_bar: / X-Spam_report: (-0.7 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.54, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.01, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=1, RCVD_IN_VALIDITY_RPBL_BLOCKED=1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1774871630273158500 Content-Type: text/plain; charset="utf-8" From: Zhao Liu Commit 7aa563630b6b ("pc: Start with modern CPU hotplug interface by default") removed the .needed callback (vmstate_test_use_cpuhp) from vmstate_cpuhp_state in both piix4.c and ich9.c. However, PIIX4 is also used by non-PC boards - MIPS Malta, which does not select CONFIG_ACPI_CPU_HOTPLUG. For MIPS Malta, the linker resolves vmstate_cpu_hotplug to the stub one in acpi-cpu-hotplug-stub.c, which is a zero-initialized VMStateDescription with .fields =3D=3D NULL. Before commit 7aa563630b6b, .needed() of PIIX4's vmstate_cpuhp_state returned false for MIPS Malta since PIIX4PMState always initialized the field cpu_hotplug_legacy as true. Malta implicitly relies on this initial value to bypass vmstate_cpuhp_state. However, this is unstable because Malta itself does not support CPU hotplugging, whether via the legacy way or the modern way. Commit 7aa563630b6b removed .needed() check for vmstate_cpuhp_state, this broke the existing dependency that Malta had relied on, forcing Malta to save and load vmstate_cpuhp_state during the save/load process, which in turn caused a segmentation fault due to NULL fields in the stub-compiled code. Fix this by bringing back the .needed =3D cpuhp_needed callback for vmstate_cpuhp_state of PIIX4, that checks MachineClass::has_hotpluggable_cpus. Boards that do not support CPU hotplug (only MIPS Malta) will skip this subsection entirely, which is both correct and consistent with the previous behavior. At the same time, add a similar .needed() check to ICH9. Although no boards with ICH9 are affected by this issue, this helps avoid potential issues in the future. Reproducer (MIPS Malta): $ qemu-img create -f qcow2 dummy.qcow2 32M $ qemu-system-mipsel -nographic \ -drive if=3Dnone,format=3Dqcow2,file=3Ddummy.qcow2 [Type "C-a c" to get the "(qemu)" monitor prompt)] (qemu) savevm foo # segfault Reported-by: Peter Maydell Fixes: 7aa563630b6b ("pc: Start with modern CPU hotplug interface by defaul= t") Signed-off-by: Zhao Liu Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3360 Tested-by: Peter Maydell Link: https://lore.kernel.org/r/20260330053008.2721532-1-zhao1.liu@intel.com Signed-off-by: Paolo Bonzini --- hw/acpi/ich9.c | 8 ++++++++ hw/acpi/piix4.c | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c index bbb1bd60a20..5c7dfb2c69d 100644 --- a/hw/acpi/ich9.c +++ b/hw/acpi/ich9.c @@ -184,10 +184,18 @@ static const VMStateDescription vmstate_tco_io_state = =3D { } }; =20 +static bool cpuhp_needed(void *opaque) +{ + MachineClass *mc =3D MACHINE_GET_CLASS(qdev_get_machine()); + + return mc->has_hotpluggable_cpus; +} + static const VMStateDescription vmstate_cpuhp_state =3D { .name =3D "ich9_pm/cpuhp", .version_id =3D 1, .minimum_version_id =3D 1, + .needed =3D cpuhp_needed, .fields =3D (const VMStateField[]) { VMSTATE_CPU_HOTPLUG(cpuhp_state, ICH9LPCPMRegs), VMSTATE_END_OF_LIST() diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c index 43860d12278..9b7f50c7afa 100644 --- a/hw/acpi/piix4.c +++ b/hw/acpi/piix4.c @@ -195,10 +195,18 @@ static const VMStateDescription vmstate_memhp_state = =3D { } }; =20 +static bool cpuhp_needed(void *opaque) +{ + MachineClass *mc =3D MACHINE_GET_CLASS(qdev_get_machine()); + + return mc->has_hotpluggable_cpus; +} + static const VMStateDescription vmstate_cpuhp_state =3D { .name =3D "piix4_pm/cpuhp", .version_id =3D 1, .minimum_version_id =3D 1, + .needed =3D cpuhp_needed, .fields =3D (const VMStateField[]) { VMSTATE_CPU_HOTPLUG(cpuhp_state, PIIX4PMState), VMSTATE_END_OF_LIST() --=20 2.53.0