From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622569; cv=none;
	d=zohomail.com; s=zohoarc;
	b=VJBKwhpsQ9b+QdioZlHiMl3iRBHQoLBIqy9PrxIlGXukobil9VD4/p4cAE4LpecKVH5/xIRZHL+gLuIcJFmr6q+2WojPgqP9Q4j0jkSzeR9U0y58sSP46ukvMRvqXs3kBF7NcKThSVbSjsVsnUemI2lWD2wwqY7v/Hes5caT2rI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622569;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=kXSkwgKwkB19yhXjRTO41PQicmA2wtHXRYJaF+66HEA=;
	b=k8k1pfmnEjsXxclnvG5w9IspG8EzX0ClCWKeLjpY+l5DZHlXpd2mmrSMxJhyLqvNvof3ukHhh8+QXA9sfMkXUNYpk269NhbbcTpV405kI/goO/mSwQnNhqkhaF1QmLhs1HR9pEDDBs5jEx6WlioPgqwR2VawxeMTeAAs1Ly4QsU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622569743349.7263592393433;
 Tue, 12 May 2026 14:49:29 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuUX-0007Ol-AR; Tue, 12 May 2026 17:18:13 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuUQ-0006sI-8l; Tue, 12 May 2026 17:18:06 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuUO-00073z-Gh; Tue, 12 May 2026 17:18:06 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id CD1A41AA3CC;
 Tue, 12 May 2026 23:58:16 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id D98333ABD24;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619496; bh=/DhOdDmo58kzaSVRgr6oIR5Y2kl4p3blSN2ouY54oXU=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=So/Y6B9gGiy1O4QWB7cBkliSeiep5gjp5cotTF3oIcGqb2OMBMjMU/+HwsnoElvMS
 uhXcMyfA7zUC8V/LzU8CbEBLcpq8zdJIHCRCCa2q+69gue/WGDU6tc2gCA3I8qdHPY
 T4aFXxIyTPsuIwVJyZe7mX1GyNrfO0iWxvmxtyi+37db5p9mrC0ccBIPAotovzlisl
 rny1aAd9JkLIUBHn/nf7R6UK1LePx17ZfP4EhGQCEklzo126/OWLUUZ5/9DhOesulF
 IodbjHIFQ3dW18D55/nY8AsnIjpKkUPlGItrhcXKpGPFxk8XBd4uU7sERgJdqmHKIT
 f/f3v6ZqFTt7w==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Werner de Carne <werner@carne.de>,
 =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 01/58] serial COM: windows serial COM PollingFunc
 don't sleep
Date: Tue, 12 May 2026 23:57:22 +0300
Message-ID: <20260512205820.361821-1-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622571246154100

From: Werner de Carne <werner@carne.de>

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1802
Signed-off-by: Werner de Carne <werner@carne.de>
[ Marc-Andr=C3=A9 - indentation fixes ]
Signed-off-by: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230807201443.2668-1-werner@carne.de>
(cherry picked from commit 7437b3eab6af1d31bb7fdfb3ac4e0a4de6ada50b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/chardev/char-win.c b/chardev/char-win.c
index fef45e83aa..e194242c9f 100644
--- a/chardev/char-win.c
+++ b/chardev/char-win.c
@@ -28,7 +28,7 @@
 #include "qapi/error.h"
 #include "chardev/char-win.h"
=20
-static void win_chr_read(Chardev *chr, DWORD len)
+static int win_chr_read(Chardev *chr, DWORD len)
 {
     WinChardev *s =3D WIN_CHARDEV(chr);
     int max_size =3D qemu_chr_be_can_write(chr);
@@ -40,7 +40,7 @@ static void win_chr_read(Chardev *chr, DWORD len)
         len =3D max_size;
     }
     if (len =3D=3D 0) {
-        return;
+        return 0;
     }
=20
     ZeroMemory(&s->orecv, sizeof(s->orecv));
@@ -56,6 +56,8 @@ static void win_chr_read(Chardev *chr, DWORD len)
     if (size > 0) {
         qemu_chr_be_write(chr, buf, size);
     }
+
+    return size > 0 ? 1 : 0;
 }
=20
 static int win_chr_serial_poll(void *opaque)
@@ -67,8 +69,9 @@ static int win_chr_serial_poll(void *opaque)
=20
     ClearCommError(s->file, &comerr, &status);
     if (status.cbInQue > 0) {
-        win_chr_read(chr, status.cbInQue);
-        return 1;
+        if (win_chr_read(chr, status.cbInQue)) {
+            return 1;
+        }
     }
     return 0;
 }
@@ -147,8 +150,9 @@ int win_chr_pipe_poll(void *opaque)
=20
     PeekNamedPipe(s->file, NULL, 0, NULL, &size, NULL);
     if (size > 0) {
-        win_chr_read(chr, size);
-        return 1;
+        if (win_chr_read(chr, size)) {
+            return 1;
+        }
     }
     return 0;
 }
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621961; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Mmeyu2T3l7NNuIpjrTzi9Q3Se5qdzvEP2PZHWKkfyMK61OWqrMm3eN784aU7i8xxt6q/9aLTRK/W5TP7B+JfcUHMcljKaA5y0on1l8OX+oF83PVwTR6cUDEEPp+xp9W24FMLN7y2BPpsRtyviZ3QbyT9EjJ5bygyItebaJKlpdw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621961;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=xu+X7dOOQZvGp67HDTqKNf+zcSqE7gzXW1gAlHmYm6w=;
	b=PeESq7RVSUY7JaStUvd1w/uqz6Z9TRHhLtV+MtpWEBXXCnctNs/WtyDrPorMJ9WOV6X0gyqFhhZcoHtIpqJpEML+V/G3RgSYgw+17p+VqtdJogGNiZsd9RAPd+3EYjj9jsbqGYQeF0MDXwzno1IibqMxAybF5W7Y2eNBGc6MU1c=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621961260819.2838494296007;
 Tue, 12 May 2026 14:39:21 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuUY-0007UQ-4F; Tue, 12 May 2026 17:18:14 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuUQ-0006uF-UX; Tue, 12 May 2026 17:18:07 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuUP-00074T-AT; Tue, 12 May 2026 17:18:06 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id DC8801AA3CD;
 Tue, 12 May 2026 23:58:16 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id E96903ABD25;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619496; bh=fKChvVL7VZ0KnMJHb6PbOKdMqxmWqdWKvYlAl7Sm5/4=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=M5zuhfHgFrJd7uJ5j1RBj7uNmIZVuzC/sS3Lg2+fzdirq8nREUk4AhCHBqbW4C24M
 0jDRXn8XfQR65vceLmCx8b1RBTM7bbodL8aMlYxlNItfDZkYlxgU1FT8j74woONt97
 57+WZAAT6DWg3+9d2Hw89chgVLGuvRQMyQCXKBUe+84fwU3ZMFbuo/c/DsTaP9sZmt
 bcqh4wtz7/oqKDITjZykIWiAopiTuQSdqxcjzz7HR+1vzGJGM4GlsfRh7Am2rSQHuO
 CzasrxSm61mydD/ipio3V1W2ElFOUfQjbYr5gD+Nzg7GH5qS+MBuZOj8dEUdBgPfsp
 vQNa0s6GLGFlw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, GuoHan Zhao <zhaoguohan@kylinos.cn>,
 =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 02/58] ui/spice-app: detect runtime directory creation
 failures
Date: Tue, 12 May 2026 23:57:23 +0300
Message-ID: <20260512205820.361821-2-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621962895154100

From: GuoHan Zhao <zhaoguohan@kylinos.cn>

spice_app_display_early_init() creates the per-VM runtime directory
with g_mkdir_with_parents() before setting up the Spice socket. The
code checks for "< -1", but g_mkdir_with_parents() returns -1 on
failure, so the error path is never taken.

This lets spice-app continue after a directory creation failure and
defers the problem to later setup steps.

Check for "< 0" instead so the failure is reported immediately and
spice-app exits before using an invalid runtime directory.

Fixes: d8aec9d9f129 ("display: add -display spice-app launching a Spice cli=
ent")
Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
Reviewed-by: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
Message-ID: <20260408031725.641417-1-zhaoguohan@kylinos.cn>
(cherry picked from commit 52cf667ed2285aa2d08db6abed46cdba5c14f9aa)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/ui/spice-app.c b/ui/spice-app.c
index 9e55f27371..0df7325e67 100644
--- a/ui/spice-app.c
+++ b/ui/spice-app.c
@@ -151,7 +151,7 @@ static void spice_app_display_early_init(DisplayOptions=
 *opts)
     if (qemu_name) {
         app_dir =3D g_build_filename(g_get_user_runtime_dir(),
                                    "qemu", qemu_name, NULL);
-        if (g_mkdir_with_parents(app_dir, S_IRWXU) < -1) {
+        if (g_mkdir_with_parents(app_dir, S_IRWXU) < 0) {
             error_report("Failed to create directory %s: %s",
                          app_dir, strerror(errno));
             exit(1);
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778620703; cv=none;
	d=zohomail.com; s=zohoarc;
	b=MUXNJ5lnGyURVOuIvbHrU6V8ppCN1B9LXbYvxktoby18/9dz+GGb3DuYaq9UVv7yjUh+4GazmslBq8FPBv9Cc7Or1btG8Qo7V/DNS8UwnLLpjy8P4ZShfUOSUSvWbEhjU2OAZOa/GG2Upafmyq05E3Y9NE8KW43EoY1M6f/f/+s=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778620703;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=syOE9L8Ec7SobgC/bjMkCHRSfJFcxokZ7uNsrVgDLZ4=;
	b=DXOjMYgXAehCoT08bSmh0OzfFTv+cUsyPwTwzG7XGKOdUTCRnJwpkrPb67mNrgOIf5h/ShiK9EKtqJOml66jk80nKsrazw3ejYXZVsp0A6o6jMB9Htez32ltSZRw5aCeC7opFXDBGe0M4/KZHpeLgNobhY5bRq6YpxYLRTKtn/k=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778620703112690.4498048458717;
 Tue, 12 May 2026 14:18:23 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuUd-000896-Be; Tue, 12 May 2026 17:18:19 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuUT-0006yu-Jr; Tue, 12 May 2026 17:18:09 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuUR-000787-Sn; Tue, 12 May 2026 17:18:09 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 031C81AA3CE;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 054783ABD26;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=SzhnecTGMLKADIL0bXg2IKkkugTTFzlX9B/O24H7RrY=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=GbpXpI0Ib48DIIR+denf+iJVNWvScuNF6b88B7xeZe2wk2rT/291fz1a6n5prPW0j
 X0NRsYVCWyppybPDUQyiWCnYzpD1Ygwnbtr4V52vdkXwD8hweJ/kUbzlVDCFSeyUUh
 7NkOVS9joY6Wb+unM1DNfVwBhHbRg/3XxWSMabn8rxXUAVjB49uREt44N8FYbDVmhJ
 EO9F1ra5mk2MMl6Aqr7E8r1JcZrqkioCmhYFNWkjVEhQZWa+AeQa3kZwiWOs2vt8Fw
 AqyeVdaIlVJ+ifqbtyTXPEzDaTpjdGl8Fh7ybgN3CC0j7xVpwiLflr2dKY9YYTiNL6
 VrEEOeAx8GlOQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
 =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>,
 =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 03/58] ui/console-vc: fix off-by-one in CSI J 2 (clear
 entire screen)
Date: Tue, 12 May 2026 23:57:24 +0300
Message-ID: <20260512205820.361821-3-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778620705242154100

From: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>

The loop condition used `y <=3D s->height` instead of `y < s->height`,
causing vc_clear_xy() to be called with y =3D=3D s->height. This clears
a row in the scrollback buffer beyond the visible screen.

Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Signed-off-by: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
(cherry picked from commit 181fdf8a7e13c0460a26777ff9301e0ecdca3784)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/ui/console-vc.c b/ui/console-vc.c
index f22806fed7..8dee1f9bd0 100644
--- a/ui/console-vc.c
+++ b/ui/console-vc.c
@@ -899,7 +899,7 @@ static void vc_putchar(VCChardev *vc, int ch)
                     break;
                 case 2:
                     /* clear entire screen */
-                    for (y =3D 0; y <=3D s->height; y++) {
+                    for (y =3D 0; y < s->height; y++) {
                         for (x =3D 0; x < s->width; x++) {
                             vc_clear_xy(vc, x, y);
                         }
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622284; cv=none;
	d=zohomail.com; s=zohoarc;
	b=KItCc6xUHH8z380cn9njwgzCY7MiaJet/JOPTZpI9t5UL9B9nIfHBF9y85PsD25/F9JQsNkApYgS7OK8ayXdCdDtajG+yIRQAR3HUd5p2Um3k3htJvXwfz99lkiqr7tsEhVW/upnMQl37pzuvbKlNxD561lZGAmkOAA1IwWy1eE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622284;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=2WylmwdpsR/Rnn7HJMIP3hlsFSUAdTqixk37VEodaoc=;
	b=U3yuBIAxtAq0BndcM4Ijk9pgi8Exs2B+Z40lrXGi3Y+x5yZOHDujPOhEbJtx04v/+qZoWeXiMkgBi+qp9Dz97WG21QTorpyuxkhHTtmktw1iEA27QaP3O6m61TXY3TSL9MY8iIkoGWvNJwYyX51xbhKk5ta8byXJP73Vl2+u3BU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622284382582.1941709906362;
 Tue, 12 May 2026 14:44:44 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuUp-0001GB-Lz; Tue, 12 May 2026 17:18:31 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuUo-00019s-2s; Tue, 12 May 2026 17:18:30 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuUm-00078i-Db; Tue, 12 May 2026 17:18:29 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 1E55C1AA3CF;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 1F0873ABD27;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=Ot6VTe7LmoBlbNjo0DzPBrnXcPNhAl/oqaysgrnoOf4=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=nwWZA2QX7EfQlKiI2WzYCww+IDILTFZIQynsO11odXPO06lN0O1hACMSGwdGiUYNt
 dlCe2lBV7X6RRzxSGcN9wl1KmGZdJysSrQDtipNbT/Av1rJH3LcCSZLDUQ5R03yVDu
 65XkpjPX+J0hqVKV0C7qjyxNmhhNE7qh92KaI3SD2Aeef2mfnIyPzgb5NrGhkBAdvN
 B9ZWE11KBRkV2t27umoPlv5tskNg8nygt/a199YPJu3jNRg6thydKJXqgY0umhGWax
 z3vSBzuTs+mhBEpBSem8OagfPWtl9v3iEoIoTLtyj79GSSz4PMKJzUqYUd3vf5FIto
 7+WNZNMDyeS3Q==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Pierrick Bouvier <pierrick.bouvier@linaro.org>,
 Richard Henderson <richard.henderson@linaro.org>,
 Peter Maydell <peter.maydell@linaro.org>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 04/58] target/arm/tcg/translate.c: remove MO_TE usage
Date: Tue, 12 May 2026 23:57:25 +0300
Message-ID: <20260512205820.361821-4-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622286450158500
Content-Type: text/plain; charset="utf-8"

From: Pierrick Bouvier <pierrick.bouvier@linaro.org>

dc->be_data is already set just above in the same function:
```
    dc->be_data =3D EX_TBFLAG_ANY(tb_flags, BE_DATA) ? MO_BE : MO_LE;
```

Cc: qemu-stable@nongnu.org
Fixes: a729a46b05a ("target/arm: Add wrapper macros for accessing tbflags")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-id: 20260407222208.271838-12-pierrick.bouvier@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 027ad866bd2984a8fc50b41d235aabf14711df3e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index f9d1b8897d..fe89131d34 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -6343,7 +6343,6 @@ static void arm_tr_init_disas_context(DisasContextBas=
e *dcbase, CPUState *cs)
=20
     if (arm_feature(env, ARM_FEATURE_M)) {
         dc->vfp_enabled =3D 1;
-        dc->be_data =3D MO_TE;
         dc->v7m_handler_mode =3D EX_TBFLAG_M32(tb_flags, HANDLER);
         dc->v8m_secure =3D EX_TBFLAG_M32(tb_flags, SECURE);
         dc->v8m_stackcheck =3D EX_TBFLAG_M32(tb_flags, STACKCHECK);
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778620805; cv=none;
	d=zohomail.com; s=zohoarc;
	b=QOz/JDvV5SG4h1B2EVDNHJlZ/VIOaK9Sx3EsFOQQjyqR7e3DpOtgDvo11TfFk3GAUz6EA0BGf0RO22gSk8eh3XJty3vnfW/1PgjpDYeTtSLwVDujSipgIbHh2fE8h0nqIkab12X9LQ4FcXAm/oEkdXvtzauWCxlhSylakFJkfIY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778620805;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=GH3Jin7JgDsr8ye8WxobSoTiOmW3ncs56nlPTnAPrms=;
	b=RWqiFaBEls3MbjnZwNrbv2ePe2lPr2Llg++fooVtGHf1Yi9OV6Ybtj5Ae0CULokeFWWiT29cQlHA1BrLoovkqS3bJ2U+yVCkGzXxvbxhETSFg1sVwYypGB/ATkLIQDw4/aE4FTDklu3d71kQvgnPHQ7uvHza4UgpbwObxQclrtA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778620805884340.31204490136486;
 Tue, 12 May 2026 14:20:05 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuV2-0001TM-Qg; Tue, 12 May 2026 17:18:45 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuUq-0001Od-V9; Tue, 12 May 2026 17:18:32 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuUp-0007Cl-4z; Tue, 12 May 2026 17:18:32 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 3A92E1AA3D0;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 3C1B73ABD28;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=3Dgouw/Be4emkib1kDzVyM9ntYJ2bumwMnhhCb3hOvk=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=pt+1NJ6Vlo2P/ktO/U3FY6tRROo1iP8BqVwLQ40yQxg0aRFWqoW3mIsHL88elodlG
 3GaLymDznjiJXlAUsGLySTCBejdWcS2DuWIKYQthCyLaXNkCDZjAt8w1hD4slnDvbd
 Asyl6e0ABTAqFilY7pGf1NRonPTcQjX5b2dGlW1Z2SJrxMz3+OdmMoa+f6xrD8aCth
 bkGJzKBgKQSnYVTu3uw3PEc+ZcNiHMreiTEpxUHr7LGd+bVvINRgQ9Ge4aWjCHjxeA
 4JcyfHT+K3Uu2/1usgigZhYDxz+GNPimJYD51Cbwp6hKiVbxed/ddesjUv1BoJLB/3
 qzwZa/pCWMPTw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
 =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>,
 Paolo Bonzini <pbonzini@redhat.com>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 05/58] target/i386: fix strList leak in
 x86_cpu_get_unavailable_features
Date: Tue, 12 May 2026 23:57:26 +0300
Message-ID: <20260512205820.361821-5-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778620807679158500

From: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>

The result list built by x86_cpu_list_feature_names() was never freed
after being visited, causing a memory leak detected by ASan.
(the getter visitor is VISITOR_OUTPUT kind and doesn't own data)

Fixes: 506174bf8219 ("i386: "unavailable-features" QOM property")
Signed-off-by: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
Link: https://lore.kernel.org/r/20260413125040.3842686-1-marcandre.lureau@r=
edhat.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 87e1226e6f6844845ac407d50198d84205e7ed7f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index c6fd1dc00e..9d126600c0 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -7842,6 +7842,7 @@ static void x86_cpu_get_unavailable_features(Object *=
obj, Visitor *v,
=20
     x86_cpu_list_feature_names(xc->filtered_features, &result);
     visit_type_strList(v, "unavailable-features", &result, errp);
+    qapi_free_strList(result);
 }
=20
 /* Print all cpuid feature names in featureset
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622158; cv=none;
	d=zohomail.com; s=zohoarc;
	b=SExOlusNpOoEfK4p5tI7j0NnTXJa5bA6ba1PZLlw1109kusihEiCNmurEUYjTe8Zyi37OY8kB/MluqUJ73CSAjdICO4jc2JAyq/tq4twcFXUdLhAbR/vgxeP7wTrSYuvgozQ1arYoLVSXVMy9nrhPczHO/bl9Z1QkHgEer5RFwA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622158;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=nKxyOxCQgACho096i6aGa+Zx/yPlcmz6ZHsbKOM2sFc=;
	b=HS5FXFo0Cc8a4lIdnhcn1Oc2qzn7+dU4xeNQLlEuWlh4R885yLTxAuyaz9oMn2gjXLncB1S/pJKpFA5mQcPZuPyxKA1+waomKdpcCQnq+JeT64yCm+0GcEYNqy5zkqsQW0fIZfQ3fKHH+sitAcxbYlrWfUCcQqCWbtauQZ+KRYY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622158219516.8353347945806;
 Tue, 12 May 2026 14:42:38 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuV3-0001Xx-Vk; Tue, 12 May 2026 17:18:46 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuUr-0001QH-AV; Tue, 12 May 2026 17:18:35 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuUp-0007nV-IX; Tue, 12 May 2026 17:18:33 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 499401AA3D1;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 565D63ABD29;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=zT9TgF6o4TXyWanO3UNHzIF7RjU5cf9pufPgvf2Y+8g=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=ZaKA6DSSIp8RZwPRJIRobo9Ec9hna44sW0jTuhQgSkk3JvoJL6BudMtbHkG98V+pz
 hLTZh/ki0hqpUdv4qyYy5sNT1pWAGP10f2lb2NhXY9X8/rdbyh8mM97JPQ7OuTzyMk
 ToDPIMhme3uC0V2d4CkdFE/T1ucD8uHiI5Efgzo8yfNS9N5WBCkFIS/GN8fC6ElCne
 jzyYh6hudNdkIC25sss39tWjuMGJxOWyDVg8iX29Z+piBnaKn8jwEcwiNBMiUV8p71
 hnvK8+LxCgu6kKgAasRNd5wQVGJRK3xv5XUAqCFlTwfiRO5dDvorh12+mDK6KgGWjQ
 8Otje/GBfObIQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Simon Scherer <scherer.simon89@gmail.com>,
 Paolo Bonzini <pbonzini@redhat.com>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 06/58] target/i386: fix missing PF_INSTR in SIGSEGV
 context
Date: Tue, 12 May 2026 23:57:27 +0300
Message-ID: <20260512205820.361821-6-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622160446154100
Content-Type: text/plain; charset="utf-8"

From: Simon Scherer <scherer.simon89@gmail.com>

When running linux-user emulation, the SIGSEGV handler does not
correctly set the 4th bit (PF_INSTR) in the error_code variable of
the context argument (context->uc_mcontext.gregs[REG_ERR]).

Because this bit is never set, guest applications cannot distinguish
if a fault was due to missing executable permissions. This patch
ensures that when a page fault occurs during an instruction fetch,
the PF_INSTR flag is properly populated in the signal context.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3384
Signed-off-by: Simon Scherer <scherer.simon89@gmail.com>
Link: https://lore.kernel.org/r/20260413115622.160212-1-scherer.simon89@gma=
il.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 3eae91a8b93a35f194a39ab5b894ae405def9270)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/target/i386/tcg/user/excp_helper.c b/target/i386/tcg/user/excp=
_helper.c
index 98fab4cbc3..6c5df5e0e8 100644
--- a/target/i386/tcg/user/excp_helper.c
+++ b/target/i386/tcg/user/excp_helper.c
@@ -36,9 +36,10 @@ void x86_cpu_record_sigsegv(CPUState *cs, vaddr addr,
      * signal and set exception_index to EXCP_INTERRUPT.
      */
     env->cr[2] =3D addr;
-    env->error_code =3D ((access_type =3D=3D MMU_DATA_STORE) << PG_ERROR_W=
_BIT)
-                    | (maperr ? 0 : PG_ERROR_P_MASK)
-                    | PG_ERROR_U_MASK;
+    env->error_code =3D (maperr ? 0 : PG_ERROR_P_MASK)
+                    | ((access_type =3D=3D MMU_DATA_STORE) << PG_ERROR_W_B=
IT)
+                    | PG_ERROR_U_MASK
+                    | ((access_type =3D=3D MMU_INST_FETCH) ? PG_ERROR_I_D_=
MASK : 0);
     cs->exception_index =3D EXCP0E_PAGE;
=20
     /* Disable do_interrupt_user. */
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621689; cv=none;
	d=zohomail.com; s=zohoarc;
	b=g827+bQCqW6AbPYYp5/9mh+mi9c0YgLMQyxk0MUQqwNtu+QJpySp5WfIqLJjSkE0bPODequIq2+0iWjAf8Btar5jQqGqXYPEylHCX6jjQTHEmxoyL7tOIyKRARNk7qqUbCAwYZvFZym3rhq4pLfi1xWWlRgd37Svi/2bizFN/iM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621689;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=Xxm7F/ypY/ghK4TAOsGEdeDOmNNtbZoyO8FLKlpjCWw=;
	b=MsTpS3THAOLVaOvoznh5k66qbhsNqDMpBBEavAk2C4RNlaWDntHPDOK/JTcSuBudDRSn56ekrjRmsGubXq3oCizIW9RQQNDdFvcixOVZMGXhMQt9PjAyh29pcZRYqFnlJ6yN88tW0YmZEP6WZvdvpVi7JupGT7d8ELJ/+FMEc2w=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621689191897.3186077549288;
 Tue, 12 May 2026 14:34:49 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuVc-0002AR-0O; Tue, 12 May 2026 17:19:22 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuV0-0001TO-CV; Tue, 12 May 2026 17:18:43 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuUs-0007nl-Bk; Tue, 12 May 2026 17:18:35 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 56FA81AA3D2;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 656D93ABD2A;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=/0ZbzGfGskioYwQBMDo73Gh48u/hAR/dwCyinBY+ttk=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=Omfbq5xezaoUX4pGX4VlWT5i0qj0ebGY0fxrecG/EjD3v2YakY3rJQ2/royr4q9ge
 9W59pM/k0ndsQ1op/OW/GbEAOIlKZ4ZVsb2fUJ0zseFLD7IMxjX7DrwpCDpQLYYanQ
 zREMfdeTiXgimuofT57l2nzP5J2sERVUEcdZTklY/7a+p7RlqS5qEH4X1uPkeTd3qV
 4HL2uxif6ac66DRM8uW9qaoDCDOxY6mlIxoO1l3afqT9gX6NBD7+ZpOsK09y7j+DjI
 K8iekfMOboGcYEI9g09m1aXWQzFx4Ex/slxXT6p5fczTt7+RPhPR/6hGohaRdHlTai
 apPk5qJIuokqQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, rickgcn <rickgcn@gmail.com>,
 Paolo Bonzini <pbonzini@redhat.com>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 07/58] hw: i386: vapic: restore IRQ polling for
 non-kernel irqchip backends
Date: Tue, 12 May 2026 23:57:28 +0300
Message-ID: <20260512205820.361821-7-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621689552158500
Content-Type: text/plain; charset="utf-8"

From: rickgcn <rickgcn@gmail.com>

69dfc078 extended vAPIC handling for WHPX with user-mode irqchip, but it
also changed vapic_write() case 4 in a way that excludes TCG from
apic_poll_irq().

Before that change, IRQ polling happened whenever no in-kernel irqchip
was active. After the change, it only happened for KVM or WHPX with a
user-mode irqchip. Under TCG, both kvm_enabled() and whpx_enabled() are
false, so the poll never happens.

This regresses 32-bit Windows XP guests on a Windows host with
-machine pc-i440fx-10.0,accel=3Dtcg, causing a STOP 0x0000000A during boot.

Fix it by making the decision depend on whether KVM or WHPX is using an
in-kernel irqchip, instead of whether either accelerator is enabled.

Fixes: 69dfc078a6f0 ("hw: i386: vapic: enable on WHPX with user-mode irqchi=
p")

Signed-off-by: rickgcn <rickgcn@gmail.com>
Link: https://lore.kernel.org/r/20260418061429.16898-1-rickgcn@gmail.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit c906c2337058bd467e6ac0176c2966d1eeb6f8f5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/i386/vapic.c b/hw/i386/vapic.c
index 41e5ca26df..1acb9f91b2 100644
--- a/hw/i386/vapic.c
+++ b/hw/i386/vapic.c
@@ -716,8 +716,7 @@ static void vapic_write(void *opaque, hwaddr addr, uint=
64_t data,
         break;
     default:
     case 4:
-        if ((kvm_enabled() && !kvm_irqchip_in_kernel())
-          || (whpx_enabled() && !whpx_irqchip_in_kernel())) {
+        if (!kvm_irqchip_in_kernel() && !whpx_irqchip_in_kernel()) {
             apic_poll_irq(cpu->apic_state);
         }
         break;
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778620822; cv=none;
	d=zohomail.com; s=zohoarc;
	b=XSKN7Pv7z3zJGcDz4fig2DtOYMIpMZrCWeFbCZjHZHzjyAD8rwQ2ng/JBWOY0+N8EYKoaR3g3Aw8o+K0eq1lzEDDezr/8H2nbYa+mjzPwQBPCAc+wgBZpaPmgU0yA2e9vJZZmTK/SYiEfIYHWBZWJkVft3VoIWmH1oyCdrO8VTU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778620822;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=ZSqIlGO/WZDUcF27h/Eqqc6mcKYzWBmtwiDwiS8RoW0=;
	b=C+YJvOUVxRgPjA+460kM0z6zz7XtonFLnMbqKIPDo8t321FOqA42zp1ckwj7kStojH0Ngn7tvQ/yuVT6nqrwhJ8Jl9v5nrNvwrJerLjQ501G1ZrlUiS6kN+hWdT0O4EjkLo0DLHGqXCnvzagREUuOQA2vj6dq1oZzf7FCZP1m4s=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778620822699571.6298904455263;
 Tue, 12 May 2026 14:20:22 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuVr-0003I3-S7; Tue, 12 May 2026 17:19:36 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVJ-0001t0-Bl; Tue, 12 May 2026 17:19:02 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVD-0007ny-8D; Tue, 12 May 2026 17:18:58 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 663C91AA3D3;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 72BC83ABD2B;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=J5ZopIHRvNIpGmXxn6yCxR23lVzlxpNAEx3lxGlR9A0=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=LHuo4/egyFK5ZbLaAvcoszIfX4pAwSrbaMuxX49EOEPBNEWB7c5qYj0XVOy+vqyRM
 48HObN5pbycIZk8QYaaHWeGbW2potQD96J+GJ5yRFr/XZPoglqzpLQ/KUnAnAIE2NP
 +S3u29dOXOgw1VTh9zI6YGsa8cEOttJnof4g6YgOpy5sVQd87aAoPf3zZh4i36qXxc
 wPGKG2ZRdHzRY3JOuKz7umpUr41wbzL06Sg9rC6CxfcWBn1YuZC7oQO4mAaJCtOafz
 diUkq45+xfb6Tn7vq8xFNp38O56Henw/ytE6nLAt1DBaWjeMlbngFrv8sWSWfl0360
 GRjYoExg42Csw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Magnus Kulke <magnuskulke@linux.microsoft.com>,
 Mohamed Mediouni <mohamed@unpredictable.fr>,
 Paolo Bonzini <pbonzini@redhat.com>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 08/58] target/i386/mshv: Fix segment regression in
 MMIO emu
Date: Tue, 12 May 2026 23:57:29 +0300
Message-ID: <20260512205820.361821-8-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778620823339154100
Content-Type: text/plain; charset="utf-8"

From: Magnus Kulke <magnuskulke@linux.microsoft.com>

When the segmentation code has been reworked, there is now an
unconditional call to emul_ops->read_segment_descriptor(). The MSHV impl
was delegating this to x86_read_segement_descriptor(), which read from
the GDT in guest memory. This fails for selector.idx =3D=3D 0 and when no
GDT is set up (which is the case in real mode).

In the fix we change the MSHV impl to fill segment descriptor from
SegmentCache, that was populated from the hypervisor by mshv_load_regs()
before instruction emulation.

Fixes: 09442d98ab (target/i386: emulate: segmentation rework)

Signed-off-by: Magnus Kulke <magnuskulke@linux.microsoft.com>
Reviewed-by: Mohamed Mediouni <mohamed@unpredictable.fr>
Link: https://lore.kernel.org/r/20260410142652.367541-1-magnuskulke@linux.m=
icrosoft.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 7d6231dfb5eaba55b7cf266b0993adaccf0381d0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/target/i386/mshv/mshv-cpu.c b/target/i386/mshv/mshv-cpu.c
index 2bc978deb2..4ed6e7548f 100644
--- a/target/i386/mshv/mshv-cpu.c
+++ b/target/i386/mshv/mshv-cpu.c
@@ -1552,17 +1552,42 @@ static void read_segment_descriptor(CPUState *cpu,
                                     struct x86_segment_descriptor *desc,
                                     enum X86Seg seg_idx)
 {
-    bool ret;
     X86CPU *x86_cpu =3D X86_CPU(cpu);
     CPUX86State *env =3D &x86_cpu->env;
     SegmentCache *seg =3D &env->segs[seg_idx];
-    x86_segment_selector sel =3D { .sel =3D seg->selector & 0xFFFF };
-
-    ret =3D x86_read_segment_descriptor(cpu, desc, sel);
-    if (ret =3D=3D false) {
-        error_report("failed to read segment descriptor");
-        abort();
+    uint32_t limit;
+
+    memset(desc, 0, sizeof(struct x86_segment_descriptor));
+
+    desc->type =3D (seg->flags & DESC_TYPE_MASK) >> DESC_TYPE_SHIFT;
+    desc->s    =3D (seg->flags & DESC_S_MASK)    >> DESC_S_SHIFT;
+    desc->dpl  =3D (seg->flags & DESC_DPL_MASK)  >> DESC_DPL_SHIFT;
+    desc->p    =3D (seg->flags & DESC_P_MASK)    >> DESC_P_SHIFT;
+    desc->avl  =3D (seg->flags & DESC_AVL_MASK)  >> DESC_AVL_SHIFT;
+    desc->l    =3D (seg->flags & DESC_L_MASK)    >> DESC_L_SHIFT;
+    desc->db   =3D (seg->flags & DESC_B_MASK)    >> DESC_B_SHIFT;
+    desc->g    =3D (seg->flags & DESC_G_MASK)    >> DESC_G_SHIFT;
+
+    /*
+     * SegmentCache stores the hypervisor-provided value verbatim (populat=
ed by
+     * mshv_load_regs). We need to convert it to format expected by the
+     * instruction emulator. We can have a limit value > 0xfffff with
+     * granularity of 0 (byte granularity), which is not representable
+     * in real x86_segment_descriptor. In this case we set granularity to 1
+     * (4k granularity) and shift the limit accordingly.
+     *
+     * This quirk has been adopted from "whpx_segment_to_x86_description()"
+     */
+
+    if (!desc->g && seg->limit <=3D 0xfffff) {
+        limit =3D seg->limit;
+    } else {
+        limit =3D seg->limit >> 12;
+        desc->g =3D 1;
     }
+
+    x86_set_segment_limit(desc, limit);
+    x86_set_segment_base(desc, seg->base);
 }
=20
 static const struct x86_emul_ops mshv_x86_emul_ops =3D {
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621961; cv=none;
	d=zohomail.com; s=zohoarc;
	b=I2Zz38ktUU+l9piOWfEPa6DZSZYLtjkUbP329qwxxgV9AFPHZsliE1tamNXznpQr8cp2D7l107MZH0EVf6Vxxzyq9qDTCD2alU1CeX6UFQf1Dg6JUusGcRZRfCVI81oroJAc27oLLmQ7TCG/2z3nt3FcqbFSSd2C5ws6KRZbGEQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621961;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=38j+kkSz82snGop6/5eNBCc4uLvYZDHg6VWRmH8vsuQ=;
	b=IcMd72M+FHt/mmmbdhZwejUr9ZyU1RXbBT2NB2CjmlAdo0/PeJ1mrUICCq6T/Q08sBEllNbsVmuU3d8R9tjg8Jrs76PUGYPDF+ziEr9j1yW39XxsNbVB7FkXKKJK6/x2+Z/6Y9g37EAlmjl/sfH0/P82avz95ZqwH8gUL0KTn88=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621961044105.47940446689154;
 Tue, 12 May 2026 14:39:21 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuVP-0001u4-NZ; Tue, 12 May 2026 17:19:08 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuV5-0001eF-03; Tue, 12 May 2026 17:18:51 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuV3-0007pl-4G; Tue, 12 May 2026 17:18:46 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 736E31AA3D4;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 8186C3ABD2C;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=1giFfvMgMnxgYPMVAPHx5Yo1DKNuX6HHKpB4lR9DQiU=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=bUeVli613UQI20nY8bxCKumENDuG1e1DcF5wifqLxbmGkpiE9SdKNYIuON81ZP2aw
 T5iBvla3sVr3JNs4+aZIbxJigPJNtk8sxWvIDlQRDmsriZ0y5ZFaK7ZMeVKf33Rcjo
 2sGsSZHozFsOqssFoLaF/TQggCEKtZoQz+eAWLmTSFCymjVteWOMugTwL4QTKo6yof
 f4l1MpGkXscC1pGbgKc8PksHr6KhgmmakmyUXzZgSWITyoJZ1BpyKmsXMoM91JOZwk
 pb1G3aJkzY16Fd0Sa8oy35bgaV5XwDI8pOmn01lEKzjSf5CFwxDnt5228l9xsOP1zS
 HYP31bA/Ldupw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Paolo Bonzini <pbonzini@redhat.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 09/58] target/i386/tcg: fix decoding of MOVBE and
 CRC32 in 16-bit mode
Date: Tue, 12 May 2026 23:57:30 +0300
Message-ID: <20260512205820.361821-9-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621962503154100
Content-Type: text/plain; charset="utf-8"

From: Paolo Bonzini <pbonzini@redhat.com>

Table A-4 of the SDM shows

                    F0                     F1
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
--------------------------------------------------------
     NP           MOVBE Gy,My           MOVBE My,Gy
     66           MOVBE Gw,Mw           MOVBW Mw,Gw
     F2           CRC32 Gd,Eb           CRC32 Gd,Ey
  66+F2           CRC32 Gd,Eb           CRC32 Gd,Ew

However, this is incorrect.  Both MOVBE and (for 0xF1) CRC32
take Gv, Ev or Mv operands.  In 16-bit mode therefore the
operand is of 16-bit size without prefix and 32-bit mode
with 0x66 (the data size override).

For example, with NASM you get:

                                 bits 16
   67 0F 38 F0 02                movbe ax, [edx]
   66 67 0F 38 F0 02             movbe eax, [edx]

   67 F2 0F 38 F1 02             crc32 ax, word [edx]
   66 67 F2 0F 38 F1 02          crc32 eax, dword [edx]

versus

                                 bits 32
   66 0F 38 F0 02                movbe ax, [edx]
   0F 38 F0 02                   movbe eax, [edx]

   66 F2 0F 38 F1 02             crc32 eax, word [edx]
   F2 0F 38 F1 02                crc32 eax, dword [edx]

The instruction is listed correctly in the APX documentation
as "SCALABLE" (which means it has v-size operands).

Cc: qemu-stable@nongnu.org
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 76ad26dd172d27aae9f1e76d1165b497167c36c2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.=
c.inc
index bc105aab9e..c8b5bd6ad2 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -875,19 +875,23 @@ static const X86OpEntry opcodes_0F38_00toEF[240] =3D {
=20
 /* five rows for no prefix, 66, F3, F2, 66+F2  */
 static const X86OpEntry opcodes_0F38_F0toFF[16][5] =3D {
+    /*
+     * MOVBE and CRC32 are incorrectly listed as always doing 32-bit opera=
tion
+     * without prefix and 16-bit operation with 0x66.
+     */
     [0] =3D {
-        X86_OP_ENTRYwr(MOVBE, G,y, M,y, cpuid(MOVBE)),
-        X86_OP_ENTRYwr(MOVBE, G,w, M,w, cpuid(MOVBE)),
+        X86_OP_ENTRYwr(MOVBE, G,v, M,v, cpuid(MOVBE)),
+        X86_OP_ENTRYwr(MOVBE, G,v, M,v, cpuid(MOVBE)),
         {},
         X86_OP_ENTRY2(CRC32, G,d, E,b, cpuid(SSE42)),
         X86_OP_ENTRY2(CRC32, G,d, E,b, cpuid(SSE42)),
     },
     [1] =3D {
-        X86_OP_ENTRYwr(MOVBE, M,y, G,y, cpuid(MOVBE)),
-        X86_OP_ENTRYwr(MOVBE, M,w, G,w, cpuid(MOVBE)),
+        X86_OP_ENTRYwr(MOVBE, M,v, G,v, cpuid(MOVBE)),
+        X86_OP_ENTRYwr(MOVBE, M,v, G,v, cpuid(MOVBE)),
         {},
-        X86_OP_ENTRY2(CRC32, G,d, E,y, cpuid(SSE42)),
-        X86_OP_ENTRY2(CRC32, G,d, E,w, cpuid(SSE42)),
+        X86_OP_ENTRY2(CRC32, G,d, E,v, cpuid(SSE42)),
+        X86_OP_ENTRY2(CRC32, G,d, E,v, cpuid(SSE42)),
     },
     [2] =3D {
         X86_OP_ENTRY3(ANDN, G,y, B,y, E,y, vex13 cpuid(BMI1)),
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621957; cv=none;
	d=zohomail.com; s=zohoarc;
	b=YKCX9nKH3FlK0eyP/6dWqOQFjNFhCGimdTrKKSmHWWbHcuOI2a1iqCCAyjOWs31qfCwTWf8AcpjgpUeKL/c9m5N2TWNFu+iEnitUESonpKT4XFWFjqKrkTRRSSzRcrfLhmmqUW9sk3ry+nz94vIt0PNSee32jDYbz1/L8BP1h5k=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621957;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=zmFq64MQx21SPP9yoo6eES/Se5L0QLxT4cOEzxisqRY=;
	b=URE1w+NfJF8KACT2XSerNqKcGmahd+qNnqz5ZP5kzyQmLnHWTXFA7nThLw5SGcoHhNeTI5VOg0sxUxb/mj7/FIpI/97xS0o1hYF49Wx8CfxWP86JTVptgKa3CC5/gwXPsaT2mA5R4NjlYXHzhxWhouINjafGOK/Uy1xz1R6EypM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621957992539.3353862424779;
 Tue, 12 May 2026 14:39:17 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuVo-0002oW-HD; Tue, 12 May 2026 17:19:32 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuV9-0001ln-G7; Tue, 12 May 2026 17:18:53 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuV6-0007uB-Do; Tue, 12 May 2026 17:18:50 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 8FE091AA3D5;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 8F3273ABD2D;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=WzazOYJib6UYK1Lpk5NVX9UN/ML2FUg6X18bS+E6jgQ=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=UB6bwHOBZEq6XsyRMFkG2LYC673VPnI7PaFIxIAvwiR/UNXqi2KFof4DDCjbV9TdK
 /SLhTXJQqX9GXqFnI4HKaiLjKHvYVUqtHRGsXqLsTmj0gYS0K9cX2nCTUeQg7Xvh2U
 oXloyyBRFf/zxKh1ruclBX53lwsyjmoo2bZrlox8dDSmmTd1rYwFf0eUVRGCY3WA93
 9RN49eCbD4yz+ApPmSwzzd9j/ZVlism3Peyr6dPm2/xIK/MJpn3OpMPcAEtkfTXKh/
 ZadPV4kuZSbY24NLbhJu+0CtUGTDFgp0rSLniHyHepOo0SXQUMmP7IeZPQZpbvnVw1
 CLwC6JTeVDFKQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Stepan Popov <Stepan.Popov@kaspersky.com>,
 =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org>,
 =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>,
 Paolo Bonzini <pbonzini@redhat.com>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 10/58] meson: add missing semicolon in
 pthread_condattr_setclock test
Date: Tue, 12 May 2026 23:57:31 +0300
Message-ID: <20260512205820.361821-10-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621959581158500

From: Stepan Popov <Stepan.Popov@kaspersky.com>

The test code was missing a semicolon after the pthread_condattr_t
variable declaration.

Signed-off-by: Stepan Popov <Stepan.Popov@kaspersky.com>
Reviewed-by: Alex Benn=C3=A9e <alex.bennee@linaro.org>
Fixes: 657ac98b58c ("thread-posix: use monotonic clock for QemuCond and Qem=
uSemaphore", 2022-02-22)
Reviewed-by: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
Link: https://lore.kernel.org/r/20260330131406.87080-1-Stepan.Popov@kaspers=
ky.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 79bc1771867723cb70dac0fae8f2c26fda1a635d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/meson.build b/meson.build
index ab3e97eb9f..d7b03e4746 100644
--- a/meson.build
+++ b/meson.build
@@ -2890,7 +2890,7 @@ config_host_data.set('CONFIG_PTHREAD_CONDATTR_SETCLOC=
K', cc.links(osdep_prefix +
=20
   int main(void)
   {
-    pthread_condattr_t attr
+    pthread_condattr_t attr;
     pthread_condattr_init(&attr);
     pthread_condattr_setclock(&attr, CLOCK_MONOTONIC);
     return 0;
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621608; cv=none;
	d=zohomail.com; s=zohoarc;
	b=NDFAc5MRlJf9T8aZM5MT9MtYaBug9zGSvGnHEhjANq9zx2tDR4gaKRAFX8md9zVzlHEBliACzLVJtEJEGQcUZgbPbKnVnJBLUMbW6vqy5hpay0KCmdliIAzUPlhDEbeCJN7uOhJD7QUvepLuYc/bXh4HkokmwmeSugDb7LLCI6o=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621608;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=ju7kCOdSnDN3+nk9xKL+5Ia6NsGIpvsn0FyJvk/soZI=;
	b=TkR/jS0lNaEXml1lRvJ8Xn1Ax/NqZMJsUztsBLj4Fu59QKBWQq5QlyOPQpScz0aj57RctaO6DTMTln2Wy560h6tuf9tQCoKUnweZtyCyzGo7Jjmuz5iQS3L/bwzHYBRdvbGtSnqd2tAu3f+WsuHT2JBrRKbYbZy+bXjqw1BKCg8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621608757531.9024084256586;
 Tue, 12 May 2026 14:33:28 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuVp-0002sX-3R; Tue, 12 May 2026 17:19:33 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVY-00029s-0e; Tue, 12 May 2026 17:19:17 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVV-0007un-Ee; Tue, 12 May 2026 17:19:15 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 9F4A51AA3D6;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id AC4FB3ABD2E;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=KcCabwFzWrmO66mf9hxZ+26dvO/eGo3AO/wddZXfZCE=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=MO9HmS7yQNuox9LDLWHdBzA0fmi7rMWh0hHdkapFq8crPKlzm7cgFZFcygnUnPaXv
 lTdBMS+bWu4cka+v6VipBnVyP5yNUQs6gPyBuZppWmjoHE2mnoa29HY9mCU5dtPCe4
 HP2Kz2O0pKaUOBd9moQReGRbhzeUjIHs4hryaVTvQ1Tb6nQ/v/ZLd3wuBoMv0wpPFk
 8nuK9kgxbkGudkRfOH6uMZ9PdotJchnEJzXMic6pONeooPfx3k1HSiNZXcigtxvd+a
 q73/zuz/F6kY5ksv+1NRaaapsowf26qSWNaGoN3w6tyEjRuaEFeQIRaQrdbh12X0l+
 HERrq0OMHVeMA==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Anthony Roberts <anthony.roberts@linaro.org>,
 =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 11/58] ui/sdl2: Fix assumption of EGL presence at
 runtime
Date: Tue, 12 May 2026 23:57:32 +0300
Message-ID: <20260512205820.361821-11-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621609703158500

From: Anthony Roberts <anthony.roberts@linaro.org>

The original commit had a section of code which worked on the assumption
that if OpenGL was enabled at build, it was present on the end user machine,
and calls could be made to it. This is not always the case (such as Windows
on Arm devices).

This line should have also included a runtime check.

This commit moves the relevant line to inside a runtime check for OpenGL.

Fixes: 52053b7e0a0e ("ui/sdl2: Implement dpy dmabuf functions")
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3347
Cc: qemu-stable@nongnu.org
Signed-off-by: Anthony Roberts <anthony.roberts@linaro.org>
Reviewed-by: Alex Benn=C3=A9e <alex.bennee@linaro.org>
Message-ID: <20260409110256.684-1-anthony.roberts@linaro.org>
Signed-off-by: Alex Benn=C3=A9e <alex.bennee@linaro.org>
(cherry picked from commit 7077c83f71a7530af5d93748e998b00732f6fb36)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/ui/sdl2.c b/ui/sdl2.c
index aaaede56e0..987ad334bb 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -120,15 +120,15 @@ void sdl2_window_create(struct sdl2_console *scon)
=20
         scon->winctx =3D SDL_GL_CreateContext(scon->real_window);
         SDL_GL_SetSwapInterval(0);
+
+#ifdef CONFIG_OPENGL
+        qemu_egl_display =3D eglGetCurrentDisplay();
+#endif
     } else {
         /* The SDL renderer is only used by sdl2-2D, when OpenGL is disabl=
ed */
         scon->real_renderer =3D SDL_CreateRenderer(scon->real_window, -1, =
0);
     }
=20
-#ifdef CONFIG_OPENGL
-    qemu_egl_display =3D eglGetCurrentDisplay();
-#endif
-
     sdl_update_caption(scon);
 }
=20
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621479; cv=none;
	d=zohomail.com; s=zohoarc;
	b=amAwhedNsJG0AbhYz0maI2peLmbHI1y554Ctww3XuOTOc9tvnx4SUZnud18+/ULDNQAITYTfvsf7R7Syj0dxtSpPsgulROZNwTIkaYZX+Ui7HEDZLArlIK6fsYeplKPsC+JPHhTqLez6lT7Ou2hTFQyqnfHIgmB14n6fVt6CVTg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621479;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=tmBeQtZ7y4nzyv0sdCdRvOYrHHw143FlfUvfVFX4aKA=;
	b=Dbgn3pPkFBTa1EihlxNwHoXuXBA6e5RpcbHNvagsnI1+SGmhUleSwKwjazDq15rEJ9L5tgqB8S1ml52A+YM7Vzw3zGv5MGOprVt4fmptVq52fnlJ624zYqEJLC9Yqj36XavWcp/jx/zE6J4dMYOgWdqBx3CZ41CXyDxzbvQdpNc=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621479767929.551830745551;
 Tue, 12 May 2026 14:31:19 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuVl-0002T2-T5; Tue, 12 May 2026 17:19:30 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVT-0001xi-1E; Tue, 12 May 2026 17:19:11 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVL-0007w9-Df; Tue, 12 May 2026 17:19:08 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id B04131AA3D7;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id BB67B3ABD2F;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=0Ltl0SagAImtq57f08x0TRCYzKEAteLzaVQ/6BXHgWo=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=LxDc5mfijk1+tiQHHLq4lcYz8G80+D7SYvjHNdPUCS/WFlQCqoMAc6IQFpSIdp+B3
 SNpr8CRnPIIomJjY/g7ffB+Xy4ANF7pZqPg9LVe6Iqf524DJgUosVfMQhrkNt7nupb
 wFPI4hdLQcCN+PNMndBhRyw+ahjK0WVidPi4Mc8+nA9ZjvF3COLLsCx+tlH3Yz22Ij
 9EkvuscH2zp5UTpWvvFQ3IW73NtWhi2wCQncfXD7dVLlifuL7/CC6d53rPXomPwEoQ
 q6vFBAiWETgb0FDzx2uDEiTmXXrj1PJx5snXCIRJLgADeoPFesu6NJbsmSLAQDGzjL
 wSp/KQVrKQhLQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
 =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org>,
 Manos Pitsidianakis <manos.pitsidianakis@linaro.org>,
 Dmitry Osipenko <dmitry.osipenko@collabora.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 12/58] hw/display: don't accidentally autofree
 existing virgl resources
Date: Tue, 12 May 2026 23:57:33 +0300
Message-ID: <20260512205820.361821-12-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621480805158500

From: Alex Benn=C3=A9e <alex.bennee@linaro.org>

While sanity checking a create blob operation the use of the auto
freed res variable could lead to inadvertently freeing an existing
blob.

Avoid this by in-lining the virtio_gpu_virgl_find_resource() check as
the value is not needed anyway.

While at it add a comment to the end and use g_steal_pointer to make
it clearer the object lifetime exceeds the function bounds if we pass
all the checks.

Fixes: CVE-2026-6502
Fixes: 7c092f17cce (virtio-gpu: Handle resource blob commands)
Message-ID: 20260417094443.785462-1-alex.bennee@linaro.org
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Cc: qemu-stable@nongnu.org
Message-ID: <20260417122703.845442-1-alex.bennee@linaro.org>
Signed-off-by: Alex Benn=C3=A9e <alex.bennee@linaro.org>
Reviewed-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
(cherry picked from commit 30fad722ce68316d22b926ba0e6017f0440465df)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/display/virtio-gpu-virgl.c b/hw/display/virtio-gpu-virgl.c
index b7a2d160dd..add85bd4e6 100644
--- a/hw/display/virtio-gpu-virgl.c
+++ b/hw/display/virtio-gpu-virgl.c
@@ -830,8 +830,7 @@ static void virgl_cmd_resource_create_blob(VirtIOGPU *g,
         return;
     }
=20
-    res =3D virtio_gpu_virgl_find_resource(g, cblob.resource_id);
-    if (res) {
+    if (virtio_gpu_virgl_find_resource(g, cblob.resource_id)) {
         qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n",
                       __func__, cblob.resource_id);
         cmd->error =3D VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
@@ -884,8 +883,9 @@ static void virgl_cmd_resource_create_blob(VirtIOGPU *g,
=20
     res->base.dmabuf_fd =3D info.fd;
=20
+    /* Now live, cleaned up in virtio_gpu_virgl_resource_unref */
     QTAILQ_INSERT_HEAD(&g->reslist, &res->base, next);
-    res =3D NULL;
+    g_steal_pointer(&res);
 }
=20
 static void virgl_cmd_resource_map_blob(VirtIOGPU *g,
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621674; cv=none;
	d=zohomail.com; s=zohoarc;
	b=VWlWE6P5AVWP57GCoeI4pNHh4nmIOqjseb+lTZgh/bL6hjirr8Ba1ceVZX6z2xnblSm/tJkXOhNG0hDBfStMQktFdws3EVt2llTdnXuicgB5GGb/JhrtvEmj66No/04nfUNji3jAqPsVp4uxiqplqXZIdHvxYFREA6pbCyuKXFo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621674;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=s/wI6ivCe2HP90t+xl1pB2a15wGnHMhOGqHbWaBYkIw=;
	b=izg/9opEXi3/3wLvWxrrAIAHP2IIuivAjBDnPsvQcJRvR/MXjkU87zav2EzTRR+RFH9gaJp0JevTvELfruBSJkwucJIl58mnm+PB3Z20ion7hzcTiKOkgxnlwOCrLc6Jrjy8EYx/AYsgkEzIVWQ6j0gQiTYu5FGR1EnodTgktrE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621674731499.2395485845084;
 Tue, 12 May 2026 14:34:34 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuVv-0003oB-05; Tue, 12 May 2026 17:19:39 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVX-00028M-Kg; Tue, 12 May 2026 17:19:17 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVU-00084C-GR; Tue, 12 May 2026 17:19:13 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id C0D151AA3D8;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id CCA363ABD30;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=6bpVwPgBT8xb2Rf00Ig1uckenO4aE6GImxQGwKbTjS8=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=Qe4t+xXMfGDW5K+VO0jo9osI8kzamYmq6nbQkuHbXR5eXCnuisQ8jLa7VcBmXAMdK
 CxJZfZ0gkE3QKX5q/JNM1XaxW37XmMHjqQgRFfa4mBZDvBcQ2R6Jb4NMJXZYrZPKXJ
 JnVaB2n91W3+vgAnIwb6RokIaBraJczZmgfW5gb6zUGa/B8mwjHzRRhxdeu2aeBMaf
 URt4cGXljWK3J8hFPQxoFKtEpSDQBeXA8iQwS5ksYvb30U+I05DSBzhchyQfuaa2kG
 5YEdKd6IgAgVgLtLIT6xwU2dmbwTfp0w+gMga5EGP6pi0wN4Tw1TLeuc2sBMF1Edrj
 K0svCCPONdhnA==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
 Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>,
 Fabiano Rosas <farosas@suse.de>, Peter Xu <peterx@redhat.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 13/58] migration: vmstate_save_state_v: fix double
 error_setg
Date: Tue, 12 May 2026 23:57:34 +0300
Message-ID: <20260512205820.361821-13-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621676014158500
Content-Type: text/plain; charset="utf-8"

From: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>

We may call error_setg twice on same errp if inner
vmstate_save_state_v() or vmstate_save_state() call fails. Next we will
crash on assertion in error_setv().

Fixes: 848a0503422d043 "migration: Update error description outside migrati=
on.c"
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Peter Xu <peterx@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20260304212303.667141-2-vsementsov=
@yandex-team.ru
Signed-off-by: Fabiano Rosas <farosas@suse.de>
(cherry picked from commit d41ce10d0f5a3d6e497e4b75807a8e675033c597)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/migration/vmstate.c b/migration/vmstate.c
index 4d28364f7b..fccd030dfd 100644
--- a/migration/vmstate.c
+++ b/migration/vmstate.c
@@ -539,6 +539,9 @@ int vmstate_save_state_v(QEMUFile *f, const VMStateDesc=
ription *vmsd,
                 } else {
                     ret =3D inner_field->info->put(f, curr_elem, size,
                                                  inner_field, vmdesc_loop);
+                    if (ret < 0) {
+                        error_setg(errp, "put failed");
+                    }
                 }
=20
                 written_bytes =3D qemu_file_transferred(f) - old_offset;
@@ -551,8 +554,8 @@ int vmstate_save_state_v(QEMUFile *f, const VMStateDesc=
ription *vmsd,
                 }
=20
                 if (ret) {
-                    error_setg(errp, "Save of field %s/%s failed",
-                                vmsd->name, field->name);
+                    error_prepend(errp, "Save of field %s/%s failed: ",
+                                  vmsd->name, field->name);
                     if (vmsd->post_save) {
                         vmsd->post_save(opaque);
                     }
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621889; cv=none;
	d=zohomail.com; s=zohoarc;
	b=H1FhXWo/2OE+j6RXTx/sUCakAqBmVaoNgzWd/UuuhtsEaOrSilv/FhYijnJdlFgTiQovMjJ4OPHFaFb5ojrAXAfrUJ05YIyredFH0iOFYA+afr+lk8ElieSI3Ii/aqnQiifbNrQe4EQqbzfoFxKvBUd8DFf73wmNZzqCygwBygc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621889;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=CRpdCCy64VpM1mknG5Kzj+XGzuTEGTOVAPGGDBAF8cM=;
	b=jYUb8ngyWo9y/qPNmmrr4TsyJY6PbjDo/UZAoDJrQ7AwznBzzUIp0oYiFvMqBg63XkF7bCa6M1oZTmtRSoMC9nDfnlF6W06zOwDmIDxnbNNRcbyJfl3bK3a8c+qD85rsrXzNzVCM5Yey5Tk5aAx53jbSf3ZM2rkDCeDF/EHlLMM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621889067502.0456763322313;
 Tue, 12 May 2026 14:38:09 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuVo-0002lg-0X; Tue, 12 May 2026 17:19:32 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVZ-0002Aa-TO; Tue, 12 May 2026 17:19:18 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVY-00085L-18; Tue, 12 May 2026 17:19:17 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id D0E201AA3D9;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id DCF863ABD31;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=KmapxmHYpr6NMoLQ9AopXcpAvWN4EbWfaEYKTPZEfao=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=haqZF4t6swvvQXR2Lecs2rr03ogpODIUMJ5eHxoU9hMEua5PxpsXbGT0I6b1dx6Qj
 w3bMYShiVGG+2965BCy1Z/Pgch3sPvJLYYiXQnWg1x0SHtjyO5QXRnZoNiW+UZ7g6C
 Iixr84Ntw2VD6puPBT6xplGEs2h1isiaK7AW6yZ/obiZ99YGODI6zE2qj1yioHEf6n
 bDOQhLVtaMjYjOkR8DhBmyelhcCL4/KMU2OUQg7hk5NPmHBY5jZ4yO1q/CYBXPtMc3
 a1Sosrvjj8YeF26IWvYkFdiqDsjng+hIQELJM5pscax1FqFjJ9tkD3rUV1dvtoq14I
 aNfmhH/flEdMQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Junjie Cao <junjie.cao@intel.com>,
 BALATON Zoltan <balaton@eik.bme.hu>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 14/58] ati-vga: fix unsigned integer overflow in
 cursor bounds checks
Date: Tue, 12 May 2026 23:57:35 +0300
Message-ID: <20260512205820.361821-14-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621891360154100

From: Junjie Cao <junjie.cao@intel.com>

The cursor bounds checks compare (srcoff + N) against vram_size, but
both sides are uint32_t so the addition can wrap past UINT32_MAX when
srcoff underflows from the cur_hv_offs subtraction, causing the check
to be bypassed.

Rewrite the checks as (srcoff > vram_size - N) to avoid the
overflow-prone addition, matching the style already used in
ati_mm_read() and ati_mm_write().

Cc: qemu-stable@nongnu.org
Fixes: 2f1fbe6ee9b5 ("ati-vga: Make sure hardware cursor data is within vra=
m")
Signed-off-by: Junjie Cao <junjie.cao@intel.com>
Message-ID: <20260414141458.1076014-1-junjie.cao@intel.com>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
(cherry picked from commit 0990cc8b286b9981b2548c3d591584d22c7bf2f1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/display/ati.c b/hw/display/ati.c
index 88a5bbbf07..0489995d00 100644
--- a/hw/display/ati.c
+++ b/hw/display/ati.c
@@ -149,7 +149,7 @@ static void ati_cursor_define(ATIVGAState *s)
     /* FIXME handle cur_hv_offs correctly */
     srcoff =3D s->regs.cur_offset - (s->regs.cur_hv_offs >> 16) -
              (s->regs.cur_hv_offs & 0xffff) * 16;
-    if (srcoff + 64 * 16 > s->vga.vram_size) {
+    if (srcoff > s->vga.vram_size - 64 * 16) {
         return;
     }
     for (int i =3D 0; i < 64; i++, srcoff +=3D 16) {
@@ -206,7 +206,7 @@ static void ati_cursor_draw_line(VGACommonState *vga, u=
int8_t *d, int scr_y)
     }
     /* FIXME handle cur_hv_offs correctly */
     srcoff =3D s->cursor_offset + (scr_y - vga->hw_cursor_y) * 16;
-    if (srcoff + 16 > s->vga.vram_size) {
+    if (srcoff > s->vga.vram_size - 16) {
         return;
     }
     dp =3D &dp[vga->hw_cursor_x];
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778620798; cv=none;
	d=zohomail.com; s=zohoarc;
	b=H2p3lB8fgS5bBUVIPshQyvdz7g79/7GCpz40NhQ/PrMut8LEJffkX8SOPaC0f6gIpOm/AdqSEtwYZp1sDRy1M0MQgm4JcKAIEXUQzzp8FnstPak/EMy0YOjqeFTd20Ti5U/CgcSFcp1MMWg5gSi5r0YUqEVk2Ctw5Psh7HfVtkw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778620798;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=opprBkWu8cX5iL2TqTUiT8s2iVDnncKx/8JAZLSZJfI=;
	b=kBbPKBkV6NwYM1ZsYef6uTXT9hi31wxoFhgm2N0dauF4CpemnlxHx1bmzlZa+/fQchrYcYcv4fZtb1ryNydtMip5MxWiwwXd08ZNEKxk0YrVN7kKcjuLSnli4ECrR/sQnTY21apoE1//dsVxktpr5jJYBvVd6Lgv6/X83mxz/Uo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778620798355977.7726295083459;
 Tue, 12 May 2026 14:19:58 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuVy-00049P-8O; Tue, 12 May 2026 17:19:42 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVv-0003ya-W8; Tue, 12 May 2026 17:19:40 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVu-00085g-1Z; Tue, 12 May 2026 17:19:39 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id E03A91AA3DA;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id EC7C43ABD32;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=2Auq4ZShcHPhyzVP1lYtU+rdqjbXwUZ5HXuQ4o789do=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=AJuH4lx7o+w4m7qbXjtw8j5uFnVIaW/iyKZp9Yvrz/s7xKzUrl9pzTZuXv9O4JHxP
 mqT8Egb0w+0sNFzUGBAhCdHDj0vGBpP4/ppV1kFBVxTsbK2fAjRB925svmlVmlVdBH
 g9rJmghkwNZsBDtqVcIpIM8YZamqxQSFZRuSDWbeTVRU0cT9r4EhrWTsc1Y/RShIwQ
 VDxbRcge2olDyQE2YGxIVBTpzjF1fSDCzNtIMocqXCXpfkeGZo7Qb/YBZQBgGpKovC
 B1WEDV6akWgUNP07uLHKBpOc805LDUbgP/6u89/4u3BSU6PTpDTPc6tVs3YMGcFmUg
 nUA9rmyWg63LA==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Thomas Huth <thuth@redhat.com>,
 Peter Maydell <peter.maydell@linaro.org>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 15/58] hw/misc: Fix the valid access size to the
 avr-power device
Date: Tue, 12 May 2026 23:57:36 +0300
Message-ID: <20260512205820.361821-15-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778620798918154100

From: Thomas Huth <thuth@redhat.com>

Accessing the device with in non-single byte mode currently causes
QEMU to abort:

 $ echo "writew 0x800064 0x4142" | \
   ./qemu-system-avr -M mega2560 -display none -qtest stdio -accel qtest
 [I 0.000000] OPENED
 [R +0.001784] writew 0x800064 0x4142
 qemu-system-avr: ../../devel/qemu/hw/misc/avr_power.c:58: avr_mask_write:
  Assertion `offset =3D=3D 0' failed.
 Aborted                    (core dumped)

Set the valid max access size to 1 to fix the problem.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3393
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Message-ID: <20260421082935.85995-1-thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
(cherry picked from commit c0306d2b8f45a708f7ab45c846bb24851d6e17f2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/misc/avr_power.c b/hw/misc/avr_power.c
index f42cf4fd90..42be265691 100644
--- a/hw/misc/avr_power.c
+++ b/hw/misc/avr_power.c
@@ -73,6 +73,9 @@ static const MemoryRegionOps avr_mask_ops =3D {
     .impl =3D {
         .max_access_size =3D 1,
     },
+    .valid =3D {
+        .max_access_size =3D 1,
+    },
 };
=20
 static void avr_mask_init(Object *dev)
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621876; cv=none;
	d=zohomail.com; s=zohoarc;
	b=al/MbITYhJBRbEabmD1F2LvmeEcMvhGwMu496uEjRwtbITPIdRSIzYOW6GPPi7WzhTkLMgZJLsOQMuqJHv0rfEDJqdGwirK32hrvqjDjmKAh8Md6f+bHxaVNH35M/wIcXdhVKO/pb26vcTKTC4F3W6iOP6mIkVI4LOJKHvAvINU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621876;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=8KizXjYs3aoSxsA11YZ5eHouMrqHdYKfrRrdRpgSB2U=;
	b=Vl487TxmrfvST+fIPQB8+5/eRsYUUlZ8bqpf7xTXBHGh9w6uSTlR+rgKx250Z/TTFq+ODWG86TwnRn995E0t08k6Ez1rKOrcoKgzkg7InHsS9XkY2ZntBvk8v1vPU9xuxWg0UdRJDAc73odib7xwBftcASlAXEXaKkWX1tiivhA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621876941193.9235466559394;
 Tue, 12 May 2026 14:37:56 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuW0-0004KV-Fn; Tue, 12 May 2026 17:19:44 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVx-00044Q-4S; Tue, 12 May 2026 17:19:41 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVv-000862-BC; Tue, 12 May 2026 17:19:40 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id EF2EE1AA3DB;
 Tue, 12 May 2026 23:58:17 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 08B563ABD33;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619497; bh=B2c+vLvkbAabhRi7LphPcXaUSAm1v5TeHgGSBIHw5k4=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=WchYI7iw2aTRwkAv0XxkJ6JTgwg9f+IKiavImy4F0q1n58FgtLUM0C4pERqOPKfvd
 yQWR/NYb9v1+NRyyKgwIF9ajTNbZDig17ushWlSFz6kpQn7jYROb/dFYNnrpuPIqHa
 rDPJT+qnqWRelm+qvx5/s1JUSsGadd5XiHcqxTYCJpsSFRSw7hvkkdi+rk640wM2on
 28+G0DvN/ayrAwiICPCKBtSrkY891cK6MMdnM4bzcDH+Gj1+aBxM9rsMUiloxj65N0
 CPAip2pLnwR3y5N3qf+/jtlNiVGFndc3INUHHbCZd9Kys6GT95KL16VIuPqAxbpSU9
 0OD+zTxWQ49KA==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Thomas Huth <thuth@redhat.com>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 16/58] hw/sh4/sh7750: Remove forgotten abort() in the
 MM_ITLB_DATA handler
Date: Tue, 12 May 2026 23:57:37 +0300
Message-ID: <20260512205820.361821-16-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621879008158500

From: Thomas Huth <thuth@redhat.com>

QEMU currently aborts when the guest writes to the MM_ITLB_DATA register:

 echo "writel 0xf3000000 0x11223344" | \
  ./qemu-system-sh4 -M r2d -display none -accel qtest -qtest stdio
 [I 0.000000] OPENED
 [R +0.004476] writel 0xf3000000 0x11223344
 Aborted                    (core dumped)

Looking at the history of the code, the abort() here has likely just
been forgotten when the register handler had been implemented (it used
to be a reminder about unimplemented functionality initially):

 https://gitlab.com/qemu-project/qemu/-/commit/9f97309a70f12df5f9104f1f

Thus simply remove the abort() now to get rid of the problem.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3420
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Message-ID: <20260422075429.341409-1-thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
(cherry picked from commit 3ab47a47d716f8f2b7686cc06c8312db2e6fc2d4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/sh4/sh7750.c b/hw/sh4/sh7750.c
index 3ae71f99fe..6aa7f63773 100644
--- a/hw/sh4/sh7750.c
+++ b/hw/sh4/sh7750.c
@@ -687,7 +687,6 @@ static void sh7750_mmct_write(void *opaque, hwaddr addr,
         break;
     case MM_ITLB_DATA:
         cpu_sh4_write_mmaped_itlb_data(&s->cpu->env, addr, mem_value);
-        abort();
         break;
     case MM_OCACHE_ADDR:
     case MM_OCACHE_DATA:
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622157; cv=none;
	d=zohomail.com; s=zohoarc;
	b=XLhqb8KpFCE8Ay1UYJSG/1peAWpzdCQfGortHF9dQDIEdkkZ++0VR/WCK+but8cM+dH+5D5YxSQGL7FfpJjhQlJDHa2oZTPk9plCgFMcMVyJ5oEvTV3UygSamQfPOyGoDheQZaMVDhaHBn8bn6cUPH+lK0R5DHQ8A4f6L30FvWg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622157;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=1B1DbiYMv9G9AXAfmaeN75IjSzK+9a69S0ZajcvLJRU=;
	b=lYJqNUdgwMF6xDpFiMWGXQ88lVhs9yJJmO4Wa1QIDhr5bN4XuAvhAgMyH83VvC6vaL5JgE33bQtgfRZ1jFPktSNGWYzg9nFW/lmadwoh6rXodkEUYmM7ubiOQG4GvFcn3Yi6j3fNdlS0ufqtVNpZb9W4ZGZn5opcHwhyixcLIUU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622157724453.92591621804036;
 Tue, 12 May 2026 14:42:37 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuW1-0004Pi-Hh; Tue, 12 May 2026 17:19:45 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVz-0004Io-C9; Tue, 12 May 2026 17:19:43 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVx-0008Al-Gf; Tue, 12 May 2026 17:19:43 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 0AF801AA3DC;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 175AB3ABD34;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=RI10+5zPGhJ/aOzuzHvVJ9FNHtrl/IeqoVNJcNULtVs=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=WlNKfINdL1zM3ckiimG7NZx//JYaLm6PjEW3Cgxnrn3ndRBGtWdidgRAD2DhDdnb0
 FeJe2xLWvfrpXCqOcikn/AeYd4BpgM2/2m5jKF+xVG/+DYRjNyT2UM8sF04WmmNWOH
 1oAKc79yYddMCX/aqtTFGQDyQQxG0+fpaInmHAON41+tVB6QfqAjdxZg5HBZfc2bBX
 3DkwcljEp5BpSVzDxn1zwLx9QgYqX2hZuEwGUw85Bqt8E6/SN7qSSicKIttU2SU8Pw
 4JNzFNOaTyH6kyvR2Xt5GHsr+219yGuZt4HitxtrTLVbsq6055tmkXyogVPWDJPQC2
 uBRF5mAXG9Tbg==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Matt Turner <mattst88@gmail.com>,
 Peter Maydell <peter.maydell@linaro.org>, Helge Deller <deller@gmx.de>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 17/58] linux-user/ppc: Fix ppc64 rt_sigframe stack
 offset
Date: Tue, 12 May 2026 23:57:38 +0300
Message-ID: <20260512205820.361821-17-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622160565154100
Content-Type: text/plain; charset="utf-8"

From: Matt Turner <mattst88@gmail.com>

The kernel's 64-bit signal delivery (signal_64.c) uses:

    newsp =3D frame - __SIGNAL_FRAMESIZE

while the 32-bit path (signal_32.c) uses:

    newsp =3D frame - (__SIGNAL_FRAMESIZE + 16)

The extra 16 bytes in the 32-bit case is to place siginfo and ucontext
at the same offsets as older kernels (see the comment in signal_32.c).
The 64-bit rt_sigframe starts with ucontext directly and does not need
this adjustment.

QEMU's setup_rt_frame() unconditionally used (SIGNAL_FRAMESIZE + 16)
for both 32-bit and 64-bit, placing the handler's SP 16 bytes too low
on ppc64. Signal delivery and return still worked because do_rt_sigreturn
had the matching wrong offset, but the vDSO DWARF unwind info encodes
the correct kernel offset. This caused any DWARF unwinder (libunwind,
libgcc, etc.) to compute a CFA that is 16 bytes off, reading garbage
register values from the signal frame.

Define RT_SIGFRAME_ADJUST (0 on ppc64, 16 on ppc32) and use it in both
setup_rt_frame and do_rt_sigreturn to match the kernel.

This was verified by A/B testing with libunwind's test suite:

  ppc64le: Gtest-bt, Ltest-bt, Gtest-concurrent, Ltest-concurrent,
           and Ltest-sig-context all change from FAIL to PASS.
  ppc64be: Gtest-bt, Ltest-bt, and Ltest-sig-context all change
           from FAIL to PASS.

Signed-off-by: Matt Turner <mattst88@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: qemu-stable@nongnu.org
(cherry picked from commit 654dce6c523612d38e8d53818dbc7c03cbe535a3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/ppc/signal.c b/linux-user/ppc/signal.c
index 24e5a02a78..a9c10e0987 100644
--- a/linux-user/ppc/signal.c
+++ b/linux-user/ppc/signal.c
@@ -210,6 +210,18 @@ QEMU_BUILD_BUG_ON(offsetof(struct target_rt_sigframe, =
uc.tuc_mcontext)
=20
 #endif
=20
+#ifdef TARGET_PPC64
+#define RT_SIGFRAME_ADJUST 0
+#else
+/*
+ * For 32-bit rt sigframes we have an extra 16 bytes of gap
+ * on top of __SIGNAL_FRAMESIZE; this is to get the siginfo
+ * and ucontext in the same positions as in older kernels.
+ * See Linux's arch/powerpc/kernel/signal_32.c.
+ */
+#define RT_SIGFRAME_ADJUST 16
+#endif
+
 #if defined(TARGET_PPC64)
=20
 struct target_func_ptr {
@@ -525,7 +537,7 @@ void setup_rt_frame(int sig, struct target_sigaction *k=
a,
     env->fpscr =3D 0;
=20
     /* Create a stack frame for the caller of the handler.  */
-    newsp =3D rt_sf_addr - (SIGNAL_FRAMESIZE + 16);
+    newsp =3D rt_sf_addr - (SIGNAL_FRAMESIZE + RT_SIGFRAME_ADJUST);
     err |=3D put_user(env->gpr[1], newsp, target_ulong);
=20
     if (err)
@@ -641,7 +653,7 @@ long do_rt_sigreturn(CPUPPCState *env)
     struct target_rt_sigframe *rt_sf =3D NULL;
     target_ulong rt_sf_addr;
=20
-    rt_sf_addr =3D env->gpr[1] + SIGNAL_FRAMESIZE + 16;
+    rt_sf_addr =3D env->gpr[1] + SIGNAL_FRAMESIZE + RT_SIGFRAME_ADJUST;
     if (!lock_user_struct(VERIFY_READ, rt_sf, rt_sf_addr, 1))
         goto sigsegv;
=20
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621921; cv=none;
	d=zohomail.com; s=zohoarc;
	b=GUPFihtxP/WaZaIh1eUSTJ+y6AZGpijGsZ7anRHeYb2ij8amsSMymbE9CkipBfXd+B+9GiFvk3nxQKoFw9iC30HFce6yDDGoY5vGyuP0zG9ZvTckCqRqJ5X+8Ug2gxLssaAYWy76CdDW7nlSplXd2/MhQ6DsN0Eww/yj/g38Nxc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621921;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=vG/YdsP732TZscJ8nWNFTrhtHX8nZB2Fc6+dkMw0jpA=;
	b=LzNJI2nhSCzqYC/EDyIHZHQYlcn5pL0Sq4BLnAA4RrFPJ4Akt+wN6mIEf2d+lJpb6rgn8jkgFnkT3ZFx7E4p5Mk9Baq+hFVzBC0Rx25wGGFrS2DJ5jtp9swZlqolU1xsQJJ6je3v/tsp7wfVPgD67VwJbvUs847Fh3ts4ZexKLY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621921620939.5111904602829;
 Tue, 12 May 2026 14:38:41 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuW5-0004em-36; Tue, 12 May 2026 17:19:49 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuW0-0004N6-MF; Tue, 12 May 2026 17:19:44 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuVy-0008B4-OW; Tue, 12 May 2026 17:19:44 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 1E3D21AA3DD;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 275BE3ABD35;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=7BblCVnTCWRIIlh82QszBhhE6WtDoE41Tga+6zFXCNI=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=hrzwUG8QQkmSMvdGYpihgrsuqZUHEvNjdkuUOI+8L0RdIcPNyS6nRBYR3M18/OSlb
 LtvArDkY0d4MIjLHIVLBNcPdG8zsRJaOn1v+QRdg1avYw83CS6BVLbjDdGOCgzGM76
 K1CvU8vkKH9Qr6vCDPXzUL2d+z4PiI9fD+3am7K7RQzWH6TnG+NcsqbxKpXmRKRANg
 BlNOlGyrHTO3JdFnHa4UJt27xmj0ugc0eYednbGtpIdx0hx2zGJd9mYaWayHVVjs58
 iYpdMQ/xyJXArWgypYuG5PUwA/EYT5mG/Cc/ugSA+dE/3dwajuu9Pinlo2m0CEbHVu
 yFm388xhfs4mw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Yixin Wei <easonwei1998@gmail.com>,
 Yixin Wei <yixinwei@meta.com>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Helge Deller <deller@gmx.de>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 18/58] linux-user: fix off-by-one in
 host_to_target_for_each_rtattr()
Date: Tue, 12 May 2026 23:57:39 +0300
Message-ID: <20260512205820.361821-18-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621923928154100

From: Yixin Wei <easonwei1998@gmail.com>

host_to_target_for_each_rtattr() uses "len > sizeof(struct rtattr)"
as its loop condition. When the last rtattr in a netlink message has
exactly sizeof(struct rtattr) (4) bytes remaining, the loop exits
without byte-swapping its rta_len and rta_type. A big-endian guest
then reads rta_len in the wrong byte order and fails validation.

The companion function target_to_host_for_each_rtattr() correctly
uses ">=3D" (added in commit fa2229dbf8). The kernel's RTA_OK macro
also uses ">=3D". Fix the host_to_target direction to match.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2485
Signed-off-by: Yixin Wei <yixinwei@meta.com>
Fixes: 6c5b5645ae0 ("linux-user: add rtnetlink(7) support")
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: qemu-stable@nongnu.org
(cherry picked from commit 029f10e852780da846d3e7f1691c495474683b73)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/fd-trans.c b/linux-user/fd-trans.c
index 64dd0745d2..7f55a0690b 100644
--- a/linux-user/fd-trans.c
+++ b/linux-user/fd-trans.c
@@ -480,7 +480,7 @@ static abi_long host_to_target_for_each_rtattr(struct r=
tattr *rtattr,
     unsigned short aligned_rta_len;
     abi_long ret;
=20
-    while (len > sizeof(struct rtattr)) {
+    while (len >=3D sizeof(struct rtattr)) {
         rta_len =3D rtattr->rta_len;
         if (rta_len < sizeof(struct rtattr) ||
             rta_len > len) {
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622158; cv=none;
	d=zohomail.com; s=zohoarc;
	b=b08LkpEX4+O9E/XAO4O+pr+m9ZIRvdLtaNP6BD2HUvKfDOOiHeIDM7bf+0fGPbj+BnKoGTHfNt861vEvsGbhmYVWUmKK2j8lf+w0PRm5ZOb+SJtPM7uUiZIrWXTuMXUhcFHgve+8twBsS/DCqP0DVTi1obIhmImoUrqN90EknZc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622158;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=lkUVq2sxAGu/JNFncMWk+34/9FbVi95MQAdHw7EQwQI=;
	b=NoWNNZ5vawdB1gz8Q3O1k7NqCstgD7TqjHtR4Qx5GpMjg7BntCAGBWPIXye5TJaAwRSAtKckDVv982A0ZbCI2ZWz2nRlLNujJrmCi9OpqMoA7kFiY4FYpjSuCMgZF9wpB79ggzWj36Qijv58hbLEmpenfLnqDjlXv6qk1ZP2Ce4=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622158218423.96200746497766;
 Tue, 12 May 2026 14:42:38 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuW5-0004kA-Hx; Tue, 12 May 2026 17:19:49 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuW2-0004St-Dj; Tue, 12 May 2026 17:19:46 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuW0-0008BR-Ry; Tue, 12 May 2026 17:19:46 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 2FB991AA3DE;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 3A2753ABD36;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=pE8FGCMUOa/KDw+pyOkBJnpHIlSPh7/CPIuMTng6qws=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=a51Q6jligCITLbd9DszKKdXqowJLwVHA/jVRxzR8MPvUjekAbzjxjuLKS1R0fltf/
 TtfjWC0U8ZRT7wUV/UnhMBCG1UhZcfPGmJc6YNRRBWqu/qUxNPkiLhpp2vJd4oJaRr
 g1bv5EcsQ6StDnX7azpV/UCHr1gB44JHkin1TUJu4xtyR7rr9Jq74O0wLXqBwyiLWj
 X7tENbMxJZPiyG66ITekHNmml0g3EB+8HKymKsMs/OT1o8CZ5eVkdXzamgbQKGJZW5
 0hEg0fHxTRNntFUOaHb9fSfS1uaDK5DOwGhkLCHPNXmkx6esnmIeit6dQY1gXQtMNO
 +G28MMjbDUrQw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Gyorgy Tamasi <gyorgy.tamasi@gmail.com>,
 Pierrick Bouvier <pierrick.bouvier@linaro.org>,
 Peter Maydell <peter.maydell@linaro.org>, Helge Deller <deller@gmx.de>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 19/58] linux-user: Don't define target_stat64 struct
 for loongarch64
Date: Tue, 12 May 2026 23:57:40 +0300
Message-ID: <20260512205820.361821-19-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622160546154100
Content-Type: text/plain; charset="utf-8"

From: Gyorgy Tamasi <gyorgy.tamasi@gmail.com>

The kernel defines 'struct stat64' only if
__BITS_PER_LONG !=3D 64 || defined(__ARCH_WANT_STAT64).
loongarch64 doesn't set __ARCH_WANT_STAT64, and it isn't 32-bit,
so it won't get this struct.

QEMU incorrectly does define a target_stat64 struct. However this
isn't causing any guest-visible problems, because defining the
target_stat64 struct and TARGET_HAS_STRUCT_STAT64 affects these
syscalls:
 TARGET_NR_stat64
 TARGET_NR_lstat64
 TARGET_NR_fstat64
 TARGET_NR_fstatat64
 TARGET_NR_newfstatat

For loongarch64 the only one of those we provide is newfstatat,
and that is actually a separate QEMU bug, because the kernel does
not provide that syscall for this architecture. No real guest
code will be using a syscall that doesn't exist in the ABI.

(Some of these syscalls are present in the loongarch64 "ABI1.0",
but that ABI was never accepted in the upstream kernel, and
QEMU does not model that ABI, only the "ABI2.0".)

Stop defining TARGET_HAS_STRUCT_STAT64 anyway, for consistency
with the kernel and to avoid confusion.

Note:
Commit message suggested by Peter Maydell <peter.maydell@linaro.org>

Signed-off-by: Gyorgy Tamasi <gyorgy.tamasi@gmail.com>
Tested-by: Gyorgy Tamasi <gyorgy.tamasi@gmail.com>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 93484c768f2b66947a91d6372f408ae01c83e8c6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index 679af640c0..6967306be4 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -2005,7 +2005,7 @@ struct target_stat {
     abi_uint __unused5;
 };
=20
-#if !defined(TARGET_RISCV64)
+#if !defined(TARGET_RISCV64) && !defined(TARGET_LOONGARCH64)
 #define TARGET_HAS_STRUCT_STAT64
 struct target_stat64 {
     abi_ullong st_dev;
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621699; cv=none;
	d=zohomail.com; s=zohoarc;
	b=DmYgz8pnDFifV+IGxINiMJCEGd2neAGQoB9E6iBGvfp3y9VqTwwDbjkQiOzdPk0eHJ/fstyDlXddcr5OHzTcHlu8dXOC/RPL8ydPjwh3lOGuP32f4cPWsR4Wac7jsRUDqjOg6pG5NgWp6GXWwmid0V9q36VeLbuYnDDSUGEWoYU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621699;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=pWvITdYsKmZLgso78Tt6Kj/uzBg68E9e2GPUIKRh1+U=;
	b=j8UsYkP//y9ZZq3zBaLIsbnRFhLEHO57GDYGrOEgS/edIRiC2oo+SBInXLRc2uysy8jfARL8nLLtORR//IU5q0vGOohHYns5bJYbFuYTAgj+fQFHVkCrGm7q//xvbjl8QUhTXJviwYb7575UzX+cNI4SCnHs2qOjTpb1MWIFpXk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621699079549.8711625562956;
 Tue, 12 May 2026 14:34:59 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuWY-000673-KH; Tue, 12 May 2026 17:20:19 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWO-0005w8-9n; Tue, 12 May 2026 17:20:08 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWM-0008Bi-7k; Tue, 12 May 2026 17:20:08 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 3FA801AA3DF;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 4BFB03ABD37;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=V7gkghQsB4tBQh5UWSCsYyqZz3ISxj9VCGHrPlza6Xc=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=aTcb0wkc91Uh7SC8O3Rxh6/1qoDxQ0GV1TuMlTW78q5ZZqk3VuacvsW+HkUUsIEqV
 1B2TpkaPwTf0QDasPvOc54CxXfOGT59fhDAvesl1g/BaGQBc/vdThJY0P0FUgv6+lY
 3xQR/vhMR4tmcYkrEvDj261Jsh3JBt6rdLZSlwn7tGIksJMpZHF2HaJ89zzw/4GX+d
 YUAe9n4zCpVIo+Cd4R6b+veKkakAlyj9y1PpODalTuV3FixG+uJ6xk6Jh5xrI9jFpi
 5vvs+ykwJlWQWHm9NIiTDI1KkHfQW3UA+K4WzMLh+QcFt5yhPwZD41vliQF795ulLw
 2kVuKXQf2FoPQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Richard Henderson <richard.henderson@linaro.org>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Helge Deller <deller@gmx.de>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 20/58] linux-user/arm/nwfpe: Replace user_registers
 with current_cpu
Date: Tue, 12 May 2026 23:57:41 +0300
Message-ID: <20260512205820.361821-20-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621700222154100

From: Richard Henderson <richard.henderson@linaro.org>

Use the thread-local variable current_cpu instead of
a global variable to access the general registers.
This also means we don't need to pass env to EmulateAll.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit c8ea1759009a248cf331b275854d8b272e0f7d8a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
index 19874f4c72..262ab5cc41 100644
--- a/linux-user/arm/cpu_loop.c
+++ b/linux-user/arm/cpu_loop.c
@@ -215,7 +215,7 @@ static bool insn_is_linux_bkpt(uint32_t opcode, bool is=
_thumb)
 static bool emulate_arm_fpa11(CPUARMState *env, uint32_t opcode)
 {
     TaskState *ts =3D get_task_state(env_cpu(env));
-    int rc =3D EmulateAll(opcode, &ts->fpa, env);
+    int rc =3D EmulateAll(opcode, &ts->fpa);
     int raise, enabled;
=20
     if (rc =3D=3D 0) {
diff --git a/linux-user/arm/nwfpe/fpa11.c b/linux-user/arm/nwfpe/fpa11.c
index 0f1afbd91d..44783934b2 100644
--- a/linux-user/arm/nwfpe/fpa11.c
+++ b/linux-user/arm/nwfpe/fpa11.c
@@ -30,7 +30,6 @@
=20
=20
 FPA11* qemufpa =3D NULL;
-CPUARMState* user_registers;
=20
 /* Reset the FPA11 chip.  Called to initialize and reset the emulator. */
 void resetFPA11(void)
@@ -156,7 +155,7 @@ void SetRoundingPrecision(const unsigned int opcode)
=20
 /* Emulate the instruction in the opcode. */
 /* ??? This is not thread safe.  */
-unsigned int EmulateAll(unsigned int opcode, FPA11* qfpa, CPUARMState* qre=
gs)
+unsigned int EmulateAll(unsigned int opcode, FPA11* qfpa)
 {
   unsigned int nRc =3D 0;
 //  unsigned long flags;
@@ -173,12 +172,6 @@ unsigned int EmulateAll(unsigned int opcode, FPA11* qf=
pa, CPUARMState* qregs)
   }
=20
   qemufpa=3Dqfpa;
-  user_registers=3Dqregs;
-
-#if 0
-  fprintf(stderr,"emulating FP insn 0x%08x, PC=3D0x%08x\n",
-          opcode, qregs[ARM_REG_PC]);
-#endif
   fpa11 =3D GET_FPA11();
=20
   if (fpa11->initflag =3D=3D 0)		/* good place for __builtin_expect */
diff --git a/linux-user/arm/nwfpe/fpa11.h b/linux-user/arm/nwfpe/fpa11.h
index d459c5da02..20f9d2eb81 100644
--- a/linux-user/arm/nwfpe/fpa11.h
+++ b/linux-user/arm/nwfpe/fpa11.h
@@ -25,15 +25,6 @@
=20
 #define GET_FPA11() (qemufpa)
=20
-/*
- * The processes registers are always at the very top of the 8K
- * stack+task struct.  Use the same method as 'current' uses to
- * reach them.
- */
-extern CPUARMState *user_registers;
-
-#define GET_USERREG() (user_registers)
-
 /* Need task_struct */
 //#include <linux/sched.h>
=20
@@ -91,25 +82,25 @@ void SetRoundingPrecision(const unsigned int);
=20
 static inline unsigned int readRegister(unsigned int reg)
 {
-    return (user_registers->regs[(reg)]);
+    CPUARMState *env =3D cpu_env(current_cpu);
+    return env->regs[reg];
 }
=20
 static inline void writeRegister(unsigned int x, unsigned int y)
 {
-#if 0
-	printf("writing %d to r%d\n",y,x);
-#endif
-        user_registers->regs[(x)]=3D(y);
+    CPUARMState *env =3D cpu_env(current_cpu);
+    env->regs[x] =3D y;
 }
=20
 static inline void writeConditionCodes(unsigned int x)
 {
-    cpsr_write(user_registers, x, CPSR_NZCV, CPSRWriteByInstr);
+    CPUARMState *env =3D cpu_env(current_cpu);
+    cpsr_write(env, x, CPSR_NZCV, CPSRWriteByInstr);
 }
=20
 #define ARM_REG_PC 15
=20
-unsigned int EmulateAll(unsigned int opcode, FPA11* qfpa, CPUARMState* qre=
gs);
+unsigned int EmulateAll(unsigned int opcode, FPA11* qfpa);
=20
 unsigned int EmulateCPDO(const unsigned int);
 unsigned int EmulateCPDT(const unsigned int);
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621921; cv=none;
	d=zohomail.com; s=zohoarc;
	b=H4jXPXfH7xjij3PDT3a73SpfD7Z3dUOeLudAwZVoHs5DWAq7uhzMQGOAOrumHYUaw4FTvw3EL0SNGVuuVX8sNvJHfoz5f+MjxzUK7D9cIZs3YHpwqyd4fI3LG4LytKgf0S6NsrEOaln/R/nuJF06TFeGHbONWKuQEBrghdEuc/E=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621921;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=H4FIuXYNcXhcICyJotPi6hepQlNWKb0yCqilF49UBa0=;
	b=CCdNxhOEqjwpbJgGX+XRbipFmVpLb5ZKsmCcxx7zMZFu36+kVYUcbSiWkrmzzCEswXOHquh1BntxLRtRRyADg8pwPgWf6y9ZpwbtJQOZZhFEfPSEHkuKCtUCMFONS/uX28KvuRVrrB/6JM/6ulBOac44tPnD5uMwXumEk47OrbY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621921855980.7293500434757;
 Tue, 12 May 2026 14:38:41 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuWZ-0006Fx-Rp; Tue, 12 May 2026 17:20:20 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWP-00062c-EX; Tue, 12 May 2026 17:20:10 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWN-0008F0-TD; Tue, 12 May 2026 17:20:09 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 4FED91AA3E0;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 5BE643ABD38;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=IV1KOOsP62EAMhURr/iHTfOhWJ/M086I5KB7WEGlK5c=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=QvPgKs1hSWVWNf1JuN67s0scRfac1++uK3fQ7DWk622kJhJWV2g/gUIXhMMZmNxdw
 HX6bHbiNCATZyqsAgrVKPT0agJTDDAr4UnMeKJPpqorNLAaedB34yxJWMx0oiqiUUf
 Du9UfTQd2Mh7varYKLNm3p187QheRs3goVy5R8/ake1NLB2F0ZNYQuA1GWHBJHtsai
 vhP8Y+Mp1+on5ivPuWEMfd/Vzkw9gi23HPz3HBL5zmduh4VEgxSiCw3vNxf4M23sOM
 mMBqibRYT2vTjhOab67g7xyLGGsSMunOpH+k+haWrJUU73JvUeoeeUFxAvXB6nKP1/
 OdPj0fWbI5DjA==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Richard Henderson <richard.henderson@linaro.org>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Helge Deller <deller@gmx.de>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 21/58] linux-user/arm/nwfpe: Use thread-local storage
 for qemufpa
Date: Tue, 12 May 2026 23:57:42 +0300
Message-ID: <20260512205820.361821-21-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621923919154100

From: Richard Henderson <richard.henderson@linaro.org>

Fix the thread safety of the emulation by not storing a
pointer in global storage.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 784f1dde90df1ed57de0697adcd8ebfe7c342f58)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/arm/nwfpe/fpa11.c b/linux-user/arm/nwfpe/fpa11.c
index 44783934b2..15888463f7 100644
--- a/linux-user/arm/nwfpe/fpa11.c
+++ b/linux-user/arm/nwfpe/fpa11.c
@@ -29,7 +29,7 @@
 //#include <asm/system.h>
=20
=20
-FPA11* qemufpa =3D NULL;
+__thread FPA11* qemufpa =3D NULL;
=20
 /* Reset the FPA11 chip.  Called to initialize and reset the emulator. */
 void resetFPA11(void)
@@ -154,7 +154,6 @@ void SetRoundingPrecision(const unsigned int opcode)
 }
=20
 /* Emulate the instruction in the opcode. */
-/* ??? This is not thread safe.  */
 unsigned int EmulateAll(unsigned int opcode, FPA11* qfpa)
 {
   unsigned int nRc =3D 0;
diff --git a/linux-user/arm/nwfpe/fpa11.h b/linux-user/arm/nwfpe/fpa11.h
index 20f9d2eb81..659d38ae3a 100644
--- a/linux-user/arm/nwfpe/fpa11.h
+++ b/linux-user/arm/nwfpe/fpa11.h
@@ -74,7 +74,7 @@ typedef struct tagFPA11 {
     float_status fp_status;      /* QEMU float emulator status */
 } FPA11;
=20
-extern FPA11* qemufpa;
+extern __thread FPA11* qemufpa;
=20
 void resetFPA11(void);
 void SetRoundingMode(const unsigned int);
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622475; cv=none;
	d=zohomail.com; s=zohoarc;
	b=N4O1WMZ/KkYxUsYskQCK4R4w8VbvYo2znUD4ViiyToKJe8ANYN2Jdg49aMrljQJTq5D43Ggj8KDYOJBYXOB5zoOD4gMH7mPXqstmli7L0g6uC6ElEfBpcDHLpH4xpxxFzHH21gSVf85ijU91tMZkczXLRLV7yHqP+RuyArUQ2C4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622475;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=atmg2JF1m+4ds6dbFq3hP7dRXZXhO5Fx+5O41MZSSgU=;
	b=LjcxS+KNcuaxmiyC9DSvt6bI9HnVregp9s+qMniFGk6MUgtUq201ZsOXTw2Kjkgxfl3RzK/OrgAdQnIY3qsYPn7rdmSGlLep+3EQ/tLCXUYD0j5s6iE0G7D4rHMRxXICub2iIk7EXqmZON4ddp9+7ansilgVvNAF6ExLFP3ezC8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622475063391.0731016610848;
 Tue, 12 May 2026 14:47:55 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuWb-0006Rw-MC; Tue, 12 May 2026 17:20:21 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWT-000690-1a; Tue, 12 May 2026 17:20:14 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWQ-00005m-QL; Tue, 12 May 2026 17:20:12 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 60A171AA3E1;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 6C8333ABD39;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=5LbqDUa8CKllKEbzNGdcmbAjIF3ZXTiLPAm5pXG/k9Y=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=AclizC4sfp1Wqx8vRUCuzxwI8BR+4T8WZwQppKhuakRGFnh5cwdQtTqNcgVG6ZySy
 EkEEWCWEJHr2Kk8bgwgJWb2SPZ09ykTnCPiPqWYggpFpdoeJNCnnaMQswYqCHlJLRg
 AKCm9My52V5J2KvKCxNbqn/FJhyxG4lAVmZ0yNmJKBtNT7REfSkZP4HW7D6v5QMlP9
 bycaCAlIZQ8yH3JALnPERugqyqwREEi1c7bOoIfGP7NmfivY9eHlkITaWqAWKPbpVS
 /M1jIZfBCRCcn6Lpjfu55s9Rwi8wb2xC0Eh8/rbvDhRc1XRxspCfuQ3ARgqdARkoYV
 Lmj2XHEiudHbQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Alistair Francis <alistair.francis@wdc.com>,
 Nutty Liu <nutty.liu@hotmail.com>, Helge Deller <deller@gmx.de>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 22/58] linux-user/strace: Use pointer type for read
 and write values
Date: Tue, 12 May 2026 23:57:43 +0300
Message-ID: <20260512205820.361821-22-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622475926158500
Content-Type: text/plain; charset="utf-8"

From: Alistair Francis <alistair.francis@wdc.com>

The stack pointer is being truncated as 32-bits for qemu-riscv64, so
let's use %p to print the syscall pointer argument.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3238
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Nutty Liu <nutty.liu@hotmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 1730e6f33f9732658b88c2e4eda257f50531ef0e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/strace.list b/linux-user/strace.list
index 35f001fecd..6162a407f9 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -1114,7 +1114,7 @@
 { TARGET_NR_quotactl, "quotactl" , NULL, NULL, NULL },
 #endif
 #ifdef TARGET_NR_read
-{ TARGET_NR_read, "read" , "%s(%d,%#x,%d)", NULL, NULL },
+{ TARGET_NR_read, "read" , "%s(%d,%p,%d)", NULL, NULL },
 #endif
 #ifdef TARGET_NR_readahead
 { TARGET_NR_readahead, "readahead" , NULL, NULL, NULL },
@@ -1674,7 +1674,7 @@
                      print_syscall_ret_waitpid },
 #endif
 #ifdef TARGET_NR_write
-{ TARGET_NR_write, "write" , "%s(%d,%#x,%d)", NULL, NULL },
+{ TARGET_NR_write, "write" , "%s(%d,%p,%d)", NULL, NULL },
 #endif
 #ifdef TARGET_NR_writev
 { TARGET_NR_writev, "writev" , "%s(%d,%p,%#x)", NULL, NULL },
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621656; cv=none;
	d=zohomail.com; s=zohoarc;
	b=hAzrGbNSpBZp1wIKgCDv/NUievsjBfXw0v+gdrT/qIlrN9eymuhlTv7cHn9j7iGuQYd+bpMfRawcEMd5PXCU1/hlTvTM4e84JQPjJLPcq9ODq14Rsy9d8VlgJ4iUvGKw/JrzK4TjzOUWgrOYWBiZE+cFGqZLnobc2q8JMQRC0E0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621656;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=vtESXXE6kJ19uAMHOKD4uojNQFs8i5YeMRMwV/5Yy7Y=;
	b=QrvC9lxr7YP8M8OWSTLd5uehPcOtL/7JaN8UE4Ubek3KbdyJJf7eD8nXl05ei/b6I3r4gxl1HSMLAi37GzDg4PKN43alzn9zNm3Py5KMLf1bY7wHTi4UHOr+5pTNq/GovwzLL+M04ITugxs0ZOWHT7tYu/W7mIrLudPWFcdSJWY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621656602368.853245438669;
 Tue, 12 May 2026 14:34:16 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuWb-0006Pq-G2; Tue, 12 May 2026 17:20:21 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWU-00069D-8G; Tue, 12 May 2026 17:20:18 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWR-00006R-M9; Tue, 12 May 2026 17:20:13 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 7040F1AA3E2;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 7CE043ABD3A;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=CvQZJ/8svD+JUCqfi8IyJTZ5JVuoX+mlctKHWLzUa2I=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=R72kfku55Tp6BcCJ0oHpcHEuK1sFYiXq1r63juFLjbfdg0rWKwOysB9K5KWNPeZ2C
 RWi6xqMi2ffdJVCUE4QkHL59rID0iJxKvfgscju0wz2+p00a1Y4T0+crKt6Z2NBE/T
 CRYYY25In4kXxl34U1eFwPazBPzKfvI9Zn8Pj2bteB6fXJYxVO02dXcnW8cpvD5oZ6
 dTLaUSAtCIs/oGj3Ou7mTS0uLPcvV5WFlbYDwrUKxSg7fnLAkIPMCgGkfOwM6gPZhC
 +QTAYDq5+iUti+sfj8GzLPYxZUbSMgm5vq0lBJFJuUQuHaNdz2ju7arLt/JlTIAPFb
 wR7vdPH+Wc7cw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, James Hilliard <james.hilliard1@gmail.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Helge Deller <deller@gmx.de>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 23/58] linux-user/mips: sync k0 TLS for
 EF_MIPS_MACH_OCTEON userlands
Date: Tue, 12 May 2026 23:57:44 +0300
Message-ID: <20260512205820.361821-23-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621657497154101
Content-Type: text/plain; charset="utf-8"

From: James Hilliard <james.hilliard1@gmail.com>

Cavium Octeon userspace is not following a generic MIPS Linux TLS
ABI rule here. Older Octeon glibc uses the k0 register as the fast
thread pointer, while newer Octeon2 and Octeon3 glibc variants use
the normal rdhwr $29 path.

linux-user already updates CP0_UserLocal for cpu_set_tls() and
TARGET_NR_set_thread_area, but it does not keep gpr[26]
synchronized. That leaves EF_MIPS_MACH_OCTEON userlands able to
complete set_thread_area() and still reach pthread startup or
pthread_self() with a stale k0 value.

Use the existing MIPS ELF machine flags from linux-user/elfload.c and
mirror CP0_UserLocal into gpr[26] only for EF_MIPS_MACH_OCTEON.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 4c681ba3b82d9a9f00a3f361399a1bb7612f3535)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 59b543f740..0e757787d2 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -1476,6 +1476,9 @@ static void load_elf_image(const char *image_name, co=
nst ImageSource *src,
     /* Usual start for brk is after all sections of the main executable. */
     info->brk =3D TARGET_PAGE_ALIGN(hiaddr + load_bias);
     info->elf_flags =3D ehdr->e_flags;
+#ifdef TARGET_MIPS
+    info->use_k0_tls =3D (ehdr->e_flags & EF_MIPS_MACH) =3D=3D EF_MIPS_MAC=
H_OCTEON;
+#endif
=20
     prot_exec =3D PROT_EXEC;
 #ifdef TARGET_AARCH64
diff --git a/linux-user/mips/target_cpu.h b/linux-user/mips/target_cpu.h
index c375616c55..2bbd0a81c5 100644
--- a/linux-user/mips/target_cpu.h
+++ b/linux-user/mips/target_cpu.h
@@ -35,7 +35,12 @@ static inline void cpu_clone_regs_parent(CPUMIPSState *e=
nv, unsigned flags)
=20
 static inline void cpu_set_tls(CPUMIPSState *env, target_ulong newtls)
 {
+    TaskState *ts =3D get_task_state(env_cpu(env));
+
     env->active_tc.CP0_UserLocal =3D newtls;
+    if (ts->info->use_k0_tls) {
+        env->active_tc.gpr[26] =3D newtls;
+    }
 }
=20
 static inline abi_ulong get_sp_from_cpustate(CPUMIPSState *state)
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index cfe5f45fc4..7f98fb2607 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -65,6 +65,7 @@ struct image_info {
         uint32_t        note_flags;
=20
 #ifdef TARGET_MIPS
+        bool            use_k0_tls;
         int             fp_abi;
         int             interp_fp_abi;
 #endif
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index f4b74ad350..8e96cc26db 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -13216,7 +13216,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, =
int num, abi_long arg1,
 #ifdef TARGET_NR_set_thread_area
     case TARGET_NR_set_thread_area:
 #if defined(TARGET_MIPS)
-      cpu_env->active_tc.CP0_UserLocal =3D arg1;
+      cpu_set_tls(cpu_env, arg1);
       return 0;
 #elif defined(TARGET_I386) && defined(TARGET_ABI32)
       return do_set_thread_area(cpu_env, arg1);
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622424; cv=none;
	d=zohomail.com; s=zohoarc;
	b=LksETkgIBiywJiQ22VgxnIn5qS0rvO3O0QbhxtaU5l3aAbxpo00ZWppMta1Zg9zOExn9tvzdOMrCjKZ77cvr/6HlR24HOjy5dmswt9OmDvnnvuzTawkAe2cWspbQ10wDFdHTrHgV0nFCnwJ8G9/yX4AdxaF9NvOi6qtPjgX0v6E=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622424;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=kR9RqGYAWYjZrvVSJalUG1JIkK8JgdhAwmLj9ZnB/Ak=;
	b=WsE3IiSCUTvlbp5mweUJ1A23Y5DplyDeveINSvkn1HvzFIQvxGakb18Pi5rIhLIMG59iKxHSG6oPGWNaZl085DT1o/zS9PaoLhvh8FxOAzl1y0PcQ/pf3P1OwzZQTQhChMaRjEt6V9U4yAVx6QfgsG64WRcbqsHF/u0hRHbuCkw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622424077205.96994545706718;
 Tue, 12 May 2026 14:47:04 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuWg-0006wd-23; Tue, 12 May 2026 17:20:26 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWW-0006Bd-Vs; Tue, 12 May 2026 17:20:19 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWU-00007K-Qp; Tue, 12 May 2026 17:20:16 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 7D54E1AA3E3;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 8C08E3ABD3B;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=3SPDU/MzEED/in/FPcMMdlRMZaMC11Nee7F0BCRqMtM=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=T4bCyna7lFO8Xb9ams/FxMNJWCNrQETdN+jVjCEhVD1WKe9Vh4soYsy2APAJaKnvM
 E9yhCAM4SpRrGgG62mVWd/4NqEbgHy+YH9v6wAppDEx2mxnf6S7RPRqoZCMgC5e781
 CLKXhIFUbQssB9M4r9O2g7KQCPxdiNDcclPzjnb3NZ7w0jBuZzGRWObvdIoHSBOExS
 pZqP1OcvmKuz7jgCoGyRFAs755UA6diYsOfv5McYi221LnG56NkxrhSPnI1BC8fZLe
 ApF0sLd3Byc3CFnGZSi1LypKbRRi7FiCtIH9ecIGGK7bjOBNEtnN9iU7sO+Qwmpwcn
 NjQGO3a/kGljA==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Helge Deller <deller@gmx.de>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 24/58] linux-user: Define SO_TIMESTAMP*_NEW and
 SO_RCVTIMEIO_NEW
Date: Tue, 12 May 2026 23:57:45 +0300
Message-ID: <20260512205820.361821-24-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622425028154100
Content-Type: text/plain; charset="utf-8"

From: Helge Deller <deller@gmx.de>

Define the entries which always use the 64-bit timestamps.

Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 8b60ed835478a787dd60e0f7308a65f6d35b0268)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/alpha/sockbits.h b/linux-user/alpha/sockbits.h
index d54dc98c09..0201ab9374 100644
--- a/linux-user/alpha/sockbits.h
+++ b/linux-user/alpha/sockbits.h
@@ -75,6 +75,13 @@
 /* Instruct lower device to use last 4-bytes of skb data as FCS */
 #define TARGET_SO_NOFCS     43
=20
+#define TARGET_SO_TIMESTAMP_NEW        63
+#define TARGET_SO_TIMESTAMPNS_NEW      64
+#define TARGET_SO_TIMESTAMPING_NEW     65
+
+#define TARGET_SO_RCVTIMEO_NEW         66
+#define TARGET_SO_SNDTIMEO_NEW         67
+
 /* TARGET_O_NONBLOCK clashes with the bits used for socket types.  Therefo=
re we
  * have to define SOCK_NONBLOCK to a different value here.
  */
diff --git a/linux-user/generic/sockbits.h b/linux-user/generic/sockbits.h
index b3b4a8e44c..33e6c3a572 100644
--- a/linux-user/generic/sockbits.h
+++ b/linux-user/generic/sockbits.h
@@ -58,4 +58,12 @@
=20
 #define TARGET_SO_PROTOCOL             38
 #define TARGET_SO_DOMAIN               39
+
+#define TARGET_SO_TIMESTAMP_NEW        63
+#define TARGET_SO_TIMESTAMPNS_NEW      64
+#define TARGET_SO_TIMESTAMPING_NEW     65
+
+#define TARGET_SO_RCVTIMEO_NEW         66
+#define TARGET_SO_SNDTIMEO_NEW         67
+
 #endif
diff --git a/linux-user/hppa/sockbits.h b/linux-user/hppa/sockbits.h
index 23f69a3293..2304dbbf79 100644
--- a/linux-user/hppa/sockbits.h
+++ b/linux-user/hppa/sockbits.h
@@ -67,6 +67,13 @@
=20
 #define TARGET_SO_CNX_ADVICE           0x402E
=20
+#define TARGET_SO_TIMESTAMP_NEW        0x4038
+#define TARGET_SO_TIMESTAMPNS_NEW      0x4039
+#define TARGET_SO_TIMESTAMPING_NEW     0x403A
+
+#define TARGET_SO_RCVTIMEO_NEW         0x4040
+#define TARGET_SO_SNDTIMEO_NEW         0x4041
+
 /* TARGET_O_NONBLOCK clashes with the bits used for socket types.  Therefo=
re we
  * have to define SOCK_NONBLOCK to a different value here.
  */
diff --git a/linux-user/mips/sockbits.h b/linux-user/mips/sockbits.h
index 562cad88e2..1f479d54aa 100644
--- a/linux-user/mips/sockbits.h
+++ b/linux-user/mips/sockbits.h
@@ -71,6 +71,13 @@
 #define TARGET_SO_RCVBUFFORCE          33
 #define TARGET_SO_PASSSEC              34
=20
+#define TARGET_SO_TIMESTAMP_NEW        63
+#define TARGET_SO_TIMESTAMPNS_NEW      64
+#define TARGET_SO_TIMESTAMPING_NEW     65
+
+#define TARGET_SO_RCVTIMEO_NEW         66
+#define TARGET_SO_SNDTIMEO_NEW         67
+
 /** sock_type - Socket types
  *
  * Please notice that for binary compat reasons MIPS has to
diff --git a/linux-user/sparc/sockbits.h b/linux-user/sparc/sockbits.h
index 0a822e3e1f..42ecfdc8f9 100644
--- a/linux-user/sparc/sockbits.h
+++ b/linux-user/sparc/sockbits.h
@@ -61,6 +61,13 @@
 #define TARGET_SO_TIMESTAMPING         0x0023
 #define TARGET_SCM_TIMESTAMPING        TARGET_SO_TIMESTAMPING
=20
+#define TARGET_SO_TIMESTAMP_NEW        0x0046
+#define TARGET_SO_TIMESTAMPNS_NEW      0x0042
+#define TARGET_SO_TIMESTAMPING_NEW     0x0043
+
+#define TARGET_SO_RCVTIMEO_NEW         0x0044
+#define TARGET_SO_SNDTIMEO_NEW         0x0045
+
 #define TARGET_SO_RXQ_OVFL             0x0024
=20
 #define TARGET_SO_WIFI_STATUS          0x0025
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621949; cv=none;
	d=zohomail.com; s=zohoarc;
	b=X+bpTQdXRIV9JCvJj09sQiq/yQZfJI45+2W2nWl+WvkBp+Wk7EhjLImQ6n3/qUb/z6UI6VDrQiRLhGkuftw6hTtz+jeljPlazu3/Al2rVn0dn+i39AfUy8galMhaPBezoWKIIcdCGtIdayPwKes8icHZySK6YIBdw0vf5KvqayE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621949;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=qsdm0cJwNAlHb3Tb9ghH2CUmaDPmy6RKri1cfgOyxGs=;
	b=CNw23k/xHlUPsgMPymd0m3TZ6wYseVFNbysdEu8C6co2B3OVvAKT7gtIdjNO8uWD0mOJXnObKPBE46YcAUFCGozfbxHm3z8bwXCZbEL7mzrDEXep9oVBJrltNZrBbeaQztyq6cndQW7Z6pA/L4RJHY8ju+Dq4aCDpLQQLNFbyws=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621949692600.844113216564;
 Tue, 12 May 2026 14:39:09 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuWt-0000FO-4t; Tue, 12 May 2026 17:20:39 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWr-000056-Ix; Tue, 12 May 2026 17:20:37 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWp-00007l-Ms; Tue, 12 May 2026 17:20:37 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 8AB881AA3E4;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 993B83ABD3C;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=favLerJjkR8u+IyO/lTJe1+072vjucbVd6lRH37CS3g=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=BnwyEBQgITOrIPoUacjPPudMEtVB94B84GECWJR50N7AtbyRbiLFpS2VfY1d0L8uE
 fIDUSjMq5ZSFm/uu/xzDH6ifov2wOMOCPisessddCKYgX59jxHtzuFTppd+TF+FZWu
 WSpOVyOh/9DCS1PzTvPFnWHnmshZmHnCaKkHdXduIqATpyeI6DMge/yiDqVtWZrZfW
 veUkwb1mT9e6QpC+rhQTPV/vTVxC7jHibl6w5ZWNsVOjeVxGoAChXD29iIvDYh3Gmz
 YVUKyjOaUUU8cvy9IBQvuQbSBj5e9e4XuR6hbBpf+/MYYspVP/wgcLLxtsMQzclQRu
 ySc2lh5tQlnZQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Helge Deller <deller@gmx.de>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 25/58] linux-user: Add setsockopt() for
 SO_RCVTIMEO_NEW and SO_SNDTIMEO_NEW
Date: Tue, 12 May 2026 23:57:46 +0300
Message-ID: <20260512205820.361821-25-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621950347154100
Content-Type: text/plain; charset="utf-8"

From: Helge Deller <deller@gmx.de>

Add handlers for both sockopts which use 64-bit time_t from userspace.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/885
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit edb4588309a753dea40f338fb8e02e3cfc2eed70)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8e96cc26db..751e6eabe5 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1143,7 +1143,6 @@ static inline abi_long copy_to_user_timeval(abi_ulong=
 target_tv_addr,
     return 0;
 }
=20
-#if defined(TARGET_NR_clock_adjtime64) && defined(CONFIG_CLOCK_ADJTIME)
 static inline abi_long copy_from_user_timeval64(struct timeval *tv,
                                                 abi_ulong target_tv_addr)
 {
@@ -1160,7 +1159,6 @@ static inline abi_long copy_from_user_timeval64(struc=
t timeval *tv,
=20
     return 0;
 }
-#endif
=20
 static inline abi_long copy_to_user_timeval64(abi_ulong target_tv_addr,
                                               const struct timeval *tv)
@@ -2391,6 +2389,25 @@ static abi_long do_setsockopt(int sockfd, int level,=
 int optname,
                                 &tv, sizeof(tv)));
                 return ret;
         }
+        case TARGET_SO_RCVTIMEO_NEW:
+        case TARGET_SO_SNDTIMEO_NEW:
+        {
+                struct timeval tv;
+
+                if (optlen !=3D sizeof(struct target__kernel_sock_timeval)=
) {
+                    return -TARGET_EINVAL;
+                }
+
+                if (copy_from_user_timeval64(&tv, optval_addr)) {
+                    return -TARGET_EFAULT;
+                }
+
+                ret =3D get_errno(setsockopt(sockfd, SOL_SOCKET,
+                                optname =3D=3D TARGET_SO_RCVTIMEO_NEW ?
+                                    SO_RCVTIMEO : SO_SNDTIMEO,
+                                &tv, sizeof(tv)));
+                return ret;
+        }
         case TARGET_SO_ATTACH_FILTER:
         {
                 struct target_sock_fprog *tfprog;
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622190; cv=none;
	d=zohomail.com; s=zohoarc;
	b=MjHN6AeaOq24MWC9RPOC/y3MDyXh9Y9nBO0x47jFZ37AqGyAhA5hppCmyZHR1PZ3UkRLnuWE3aT8c6uJrfiSwMgqSoEbWYTKafX/dkk/SSsZariw0cx/KMK3T4TKWonfZtD0eGW8cgjaLyYYACPDcqBz7v0V1DiI1rMHM3LP3Zk=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622190;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=xUzRicr7Otn834cOPn22YsNsTSsslTLp0EAK8Sfo1+E=;
	b=m6wWOvrzUbRLnb/GbasWE+2vU38DD/HtY38xDzFugcnpMwXjnTcffn5PJyG8PH/5D9OZhvoLdeLjRZmTGbxRso0npsqIyEu07avkv5ty4MPBX9mGQNO4ocdP0ozcTzmftAA9kamq7NLO3pJeAbctRa7hnaz570vL4AsuvJ9lGdA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 177862219091086.73657607077325;
 Tue, 12 May 2026 14:43:10 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuXC-0000jq-MU; Tue, 12 May 2026 17:20:58 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWu-0000Vr-Rr; Tue, 12 May 2026 17:20:42 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWs-0000Bu-R5; Tue, 12 May 2026 17:20:40 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 97DAD1AA3E5;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id A6EE73ABD3D;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=TwtpCm5YvInbm+U16oaOgO3h5XBN7+GgNtXa9veL2Sg=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=dDk0NPPF697KW5GENc/JUv9X63po+FRof9db5hmAN+bRx605XUuM6mjEyxf9YVgHc
 BBtaBEyjqDqnNE2NJRrAQvMUp+/+OEv14F4sNgpQ/KuMqVwluoVA1NfvGDozIgINS8
 +RMRu2MdWjEr2sZvVpYIHT4VccRRJGTGw+EkwcX/Vzi9/QUmrkA2Y71h3Nx/tk87p5
 T/AgIWnFLUmSavxZBwrOlU1JyQMzISK41624u6rUwXWk+xtyomytXc1loD6En9BMk0
 hctTA7uh9JO935SH3aHQt+vLTr/WG+2O0usk2Y8yqVqThhPxKnfH209hVgUBSjFi0z
 qSesHrv1kqfkg==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Helge Deller <deller@gmx.de>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 26/58] linux-user: Add getsockopt() for
 SO_RCVTIMEO_NEW and SO_SNDTIMEO_NEW
Date: Tue, 12 May 2026 23:57:47 +0300
Message-ID: <20260512205820.361821-26-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622192983154100
Content-Type: text/plain; charset="utf-8"

From: Helge Deller <deller@gmx.de>

Add handlers for both sockopts which use 64-bit time_t from userspace.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/885
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 07c7decaa54a83bd1656b2645074380714b83374)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 751e6eabe5..d0390e04b4 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2621,7 +2621,8 @@ static abi_long do_getsockopt(int sockfd, int level, =
int optname,
         /* These don't just return a single integer */
         case TARGET_SO_PEERNAME:
             goto unimplemented;
-        case TARGET_SO_RCVTIMEO: {
+        case TARGET_SO_RCVTIMEO:
+        case TARGET_SO_RCVTIMEO_NEW: {
             struct timeval tv;
             socklen_t tvlen;
=20
@@ -2641,11 +2642,17 @@ get_timeout:
             if (ret < 0) {
                 return ret;
             }
-            if (len > sizeof(struct target_timeval)) {
-                len =3D sizeof(struct target_timeval);
-            }
-            if (copy_to_user_timeval(optval_addr, &tv)) {
-                return -TARGET_EFAULT;
+            if (len =3D=3D sizeof(struct target__kernel_sock_timeval)) {
+                if (copy_to_user_timeval64(optval_addr, &tv)) {
+                    return -TARGET_EFAULT;
+                }
+            } else {
+                if (len >=3D sizeof(struct target_timeval)) {
+                    len =3D sizeof(struct target_timeval);
+                    if (copy_to_user_timeval(optval_addr, &tv)) {
+                        return -TARGET_EFAULT;
+                    }
+                }
             }
             if (put_user_u32(len, optlen)) {
                 return -TARGET_EFAULT;
@@ -2653,6 +2660,7 @@ get_timeout:
             break;
         }
         case TARGET_SO_SNDTIMEO:
+        case TARGET_SO_SNDTIMEO_NEW:
             optname =3D SO_SNDTIMEO;
             goto get_timeout;
         case TARGET_SO_PEERCRED: {
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621674; cv=none;
	d=zohomail.com; s=zohoarc;
	b=JtCHgKZ2Jqev1V67QmvrX6E4nBhwABK501H+I0UZc+3xlOyTy98Jv7X6nLg09NK2qaWBne3ak/Hrjv55KaHiEEo6pqdtbDUHb1+MIR9MQQ+Jye5Gutb7KtZKUPz0sEKUAPKdTREz7YJkM6BVCfWs7VyNj0R7EQiiq9p37xWgIFg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621674;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=3GtQECP2nzS+MnFTNwqdyLLLtaFLJfVUxC9+G0jzN5s=;
	b=jy6HEScftk5GDPAa+GXMCs1FntHM8zeqa5rbgbcXRJGBwX/yw2uwgwIWSdiDmtfhV/PZkcl9X6u9J8i03okLo5AWhKdwpZtAqAWDoJY2ihto3qJHHfSYZiKgqqpZ5ufM2Ptk59d6tS6BmIr78/Qky2OXFf5RDS0Y/DnZlaPRC60=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621674571731.7413366731503;
 Tue, 12 May 2026 14:34:34 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuXE-0000uw-8B; Tue, 12 May 2026 17:21:00 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWv-0000XT-2N; Tue, 12 May 2026 17:20:42 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWt-0000UN-61; Tue, 12 May 2026 17:20:40 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id A5C321AA3E6;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id B3FC73ABD3E;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=EKDXPMM5eNFJy7bXcObWvwLGsgkjWoQWqnzi+izuIps=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=R/1Wr2iaJKW2FgpY4ehALlzno5759KWXzn7D7PmzzELhyeVPuAHLtmwQk4BcFkwAU
 InHJDn2UfFgJZM/OjdfVfkgm8RHSgIl+KaIVfNSRtDlvY5DRHwRFMuVrC2SnzkrW73
 fo2cxVXh4DyqYtQYvgVYLgsKD3FspSuiPDywkewUEHzGYOyNREx2AaOh09I3GsbCXd
 BAzDayyORNIcZ/KTsDmx3mBg7LpJAoE92JckrvS/yBE7PCcHIGdm9LlYvbCiABcIhH
 kKzt/6iVUYBo52H//oOL0VnpviTeTVdsYVV7UnoNvkg42zetRY1ylZYKX4zn8YABv+
 GNgGeuw3A18sg==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Helge Deller <deller@gmx.de>,
 Peter Maydell <peter.maydell@linaro.org>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 27/58] linux-user: Fix CLONE_PARENT_SETTID when using
 fork-like clone
Date: Tue, 12 May 2026 23:57:48 +0300
Message-ID: <20260512205820.361821-27-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621675798154100
Content-Type: text/plain; charset="utf-8"

From: Helge Deller <deller@gmx.de>

The CLONE_PARENT_SETTID option requires the implementation to store the
child thread ID at the location pointed to by parent_tid in the parent's
memory.

Fix our implementation and move the code from the client side (where
fork returned 0), to the parent side and store the return value from the
fork call (which is the client TID) in the parent_tid pointer.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3340
Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit b03a6ac6fa5d7775b9f912fa5c39f7b92388c6a2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index d0390e04b4..910a4da0a6 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7050,8 +7050,6 @@ static int do_fork(CPUArchState *env, unsigned int fl=
ags, abi_ulong newsp,
                the child process gets its own copy of the lock.  */
             if (flags & CLONE_CHILD_SETTID)
                 put_user_u32(sys_gettid(), child_tidptr);
-            if (flags & CLONE_PARENT_SETTID)
-                put_user_u32(sys_gettid(), parent_tidptr);
             ts =3D get_task_state(cpu);
             if (flags & CLONE_SETTLS)
                 cpu_set_tls (env, newtls);
@@ -7059,6 +7057,8 @@ static int do_fork(CPUArchState *env, unsigned int fl=
ags, abi_ulong newsp,
                 ts->child_tidptr =3D child_tidptr;
         } else {
             cpu_clone_regs_parent(env, flags);
+            if (flags & CLONE_PARENT_SETTID)
+                put_user_u32(ret, parent_tidptr);
             if (flags & CLONE_PIDFD) {
                 int pid_fd =3D 0;
 #if defined(__NR_pidfd_open) && defined(TARGET_NR_pidfd_open)
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622499; cv=none;
	d=zohomail.com; s=zohoarc;
	b=kG13UYG8cD/Qpp2/Qz6hFNC7QKs+qj6zOK0M6iPghxZFgc44/kVEd3d0W0Pt9H+zfWsXHwHP7a0od3ex27AodDIHxf8WIpxfISRm61KqryBgBtlx7BZc9CbgdCbeHH+Ro70v4Rj8taMtTGBdLsqyxthaASDcW3Y2OXuCE5OOdWI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622499;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=C3ycpHDOdxmmRq6DGEkcgYa5pfR7mqNZa3aUS4rH5V0=;
	b=Y/Nfq1MdC8kxfVThCnP4MzlQnGc4scO5QSf8rG1/KuAo1Woi180O6vPtCkeJlv6hir2MTQ1GUVygCeiPSH3Dw7Irws7WGaRks2PWDkf6w+/MUk55Ee84tVtrH7xdtxWNG8NvuXDfZCcB/SUKGX9o/m3eSMqzKyjf95Nln2N8Nr0=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 17786224995018.205863700258874;
 Tue, 12 May 2026 14:48:19 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuXX-0001CP-J7; Tue, 12 May 2026 17:21:19 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWx-0000bF-UL; Tue, 12 May 2026 17:20:48 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuWw-0000Ur-8Q; Tue, 12 May 2026 17:20:43 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id B40971AA3E7;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id C18B63ABD3F;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=fqYpsT4ubFrnlohTyKLplTtZln56K3nZqjlhxDef+bI=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=PJE/3ZaB8LHt0AStzwgegDKM3l3gjHM6ODjZ7zqeqedHqVWV2tp+h+vpVnsOM6q+d
 4+Ma5zNXYx8a7zr1tYJ0/lw4YR4r8O52qfQEcWJ1JByaXU4Y0Bf8PqqvMOz/vWFNeV
 sUzMqH32wD96MhW35DMc+GfkGk7sEszre12+lrTjcsDBNOlfk3MvJQ8KcTXeFuVbjz
 7xlWA8aefHygJCEtizU4MTcivbv/Vk3xioSieyfWEBuvD1jmoES4Yj3/Kxuc7XOhzB
 J3HCR2qMO+4lkWktW+G2rWyuNbapFECYDdFWDWG2h8OfDkBTPUEVelVfyTPvUIOcGj
 hrtp/DW/+Lc5g==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Helge Deller <deller@gmx.de>,
 Peter Hartley <peter@talesfromthearmchair.net>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 28/58] linux-user: Use abi_int for imr_ifindex in
 ip_mreqn struct
Date: Tue, 12 May 2026 23:57:49 +0300
Message-ID: <20260512205820.361821-28-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622502126154100
Content-Type: text/plain; charset="utf-8"

From: Helge Deller <deller@gmx.de>

Peter Hartley noticed, that in the qemu code the imr_ifindex member of
struct target_ip_mreq needs to be of type "int" instead of "long", which
is what the Linux kernel uses on all architectures.

Adjust the type accordingly, and add a QEMU_BUILD_BUG_ON() checker to
prevent such issues in the future.

This change should fix multicast issues when using hosts and guests with
different endianess or bit size.

Reported-by: Peter Hartley <peter@talesfromthearmchair.net>
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/2553
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit e2af3eadc09b3672017c650e0abfd29a08521921)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 910a4da0a6..4594909242 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2161,6 +2161,8 @@ static abi_long do_setsockopt(int sockfd, int level, =
int optname,
=20
             QEMU_BUILD_BUG_ON(sizeof(struct ip_mreq) !=3D
                               sizeof(struct target_ip_mreq));
+            QEMU_BUILD_BUG_ON(sizeof(struct ip_mreqn) !=3D
+                              sizeof(struct target_ip_mreqn));
=20
             if (optname =3D=3D IP_MULTICAST_IF) {
                 min_size =3D sizeof(struct in_addr);
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index 6967306be4..5799769f83 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -210,7 +210,7 @@ struct target_ip_mreq {
 struct target_ip_mreqn {
     struct target_in_addr imr_multiaddr;
     struct target_in_addr imr_address;
-    abi_long imr_ifindex;
+    abi_int imr_ifindex;
 };
=20
 struct target_ip_mreq_source {
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622284; cv=none;
	d=zohomail.com; s=zohoarc;
	b=dM+WCCRQPu8LsWMrK/B9GsdP1hAWW4aDCtHLtJyFqhj87wgSxNpJXEexPOAvVN5iW8+LWXxzZm29+G0Fl61VMeVsTD8olnPLD3rDAWlVWLgfYwRyQutQKCN9n8kkQIzdZjTg2gkhqjRXNFaIAxQY1SGe6Yp1ZWaoe6JJVBT7Cw4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622284;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=KstXk0gPCtQlp+7sNDvOD3TK6Hit78DCu+e04YWxpLk=;
	b=ecgo6ONoVBsnKpN9e16YSe9+AlnBhykYGIs3P22Jy/HYpOyMmWiJP1IUGfsLzCjcZMmiLrIIhwC1ZvD+yLc24OB257NVz04PjifCYgozzvA3nTFHsPZwzWpXHoXQ4KWiCZL23PUyR8Bf/WVJ6+1RxH+wYN33TwXb9hRRiL/EhJQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622283804511.2839837526793;
 Tue, 12 May 2026 14:44:43 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuY4-00029L-A8; Tue, 12 May 2026 17:21:56 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuXK-00019F-Ib; Tue, 12 May 2026 17:21:09 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuXG-0000Uy-Io; Tue, 12 May 2026 17:21:05 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id CB1AD1AA3E8;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id D07573ABD40;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=zFDJf8yIYUB/twmcIlBtgTln1mnhH3QL8rKuTxLxqGY=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=TkliS1jixZWiJYbntmXRsIDVXVOsLJqlX2W8/418QNpidxHh/APIZAjJJjLwzdyPY
 VASG4TkEQjrxh14VR1F0bzbR7Q5Mdsm8RqxUrjI3vs+s9wSpV6DmUBOffJCB9+i4lz
 KsHXi2ELBc0HSvBzwIMnXEypW7nfRRp1nQPnaFBWRuyOCWwech+uStB0WPQuU+bnqg
 u+DKOlVVpTkJOf9GOJPX8u84sKB3LbFYhGXcJ7INV/wBlR31eMLWlyIBkdPS2n7xRI
 5SGzsWU1BepLlVTkXuPjntpwQEJcx92oZEv4DGnTxHYNEO/dG9JMXwW7TuPidPQXy0
 NxBnlI+k4wiDA==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Helge Deller <deller@gmx.de>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 29/58] linux-user: Flush errors by using exit()
 instead of _exit() in error path
Date: Tue, 12 May 2026 23:57:50 +0300
Message-ID: <20260512205820.361821-29-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622288447158500
Content-Type: text/plain; charset="utf-8"

From: Helge Deller <deller@gmx.de>

Qemu user mode does not properly flushes error messages related to bad
arguments when exiting (at least when the output is piped to a file
instead of running on a terminal).
Ensure that we always flush by using exit() instead of _exit().

Reported by: Tobias Bergkvist
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/2544
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 9e7734ead149d73f1d25f61d0b7f075d4b2cb07d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/main.c b/linux-user/main.c
index c49d1e91d2..84e110dfe9 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -767,7 +767,7 @@ int main(int argc, char **argv, char **envp)
         execfd =3D open(exec_path, O_RDONLY);
         if (execfd < 0) {
             printf("Error while loading %s: %s\n", exec_path, strerror(err=
no));
-            _exit(EXIT_FAILURE);
+            exit(EXIT_FAILURE);
         }
     }
=20
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621883; cv=none;
	d=zohomail.com; s=zohoarc;
	b=kNiwZo4Ev/Ti2WGgUk2foejccen/tgLzOFMytWWFzr/n0S9i7okB0upLIz56SJSu0lpvuw6tem738cNHJ/L/qphFt7GMFNncxHt51aS1LWd2FVr+8oV+q9J0uQEzQJa3rlq8s4lFpqgQZ0AIt/ynJmothXQb6KZ6n4i++X2XWVk=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621883;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=4MrMvZGO2HqF1cN1WMKVtKELfk3c+jQtgsUhTwAE6Ps=;
	b=BbMVmQo78iO6HZMhyst7dCjIGF3wLXzGRBri0M1+gKjrZcOE7V96lpywGiddD1+huJ+bXmTVylz0bFiwLvVv5nXSnfY2750w67PLSeEg3DBgEQUP5kLOUlif7Uqgv5RP0gAb+mliEUxq7TNlFF6CAbg4ipuYQ53smvVNXQBMVdU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621883109190.00604328391353;
 Tue, 12 May 2026 14:38:03 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuXi-0001a0-9I; Tue, 12 May 2026 17:21:30 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuXV-0001Jb-Bj; Tue, 12 May 2026 17:21:19 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuXK-0000VQ-9E; Tue, 12 May 2026 17:21:12 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id DB1E11AA3E9;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id E7A183ABD41;
 Tue, 12 May 2026 23:58:22 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=6iBCX3m90W+n7ynirIoE5e+d9cL60E7Odafty5zebwo=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=bdXPmbl5WiEFSId3yH1RcmWMalGwDXEFGVW0V0s8wpedyQ5lhxNnGb5LIeNrwbNsJ
 ta8tzNrJ0O78W/mq7Z+g+ZuK5Vu4oThZxU5eV6AFjs/7UAxp+H/RxS04uC1hPcJ2iG
 RlArlQTX58CIWLqK076SE7Dxxu+g76i82bbp6xmpot5Y+CNIVm+0TGm5o2Cniojv20
 7b8//JdQt+NItuFICetVXFKgE1GgLHnqv/v2rkZtfeAxl3GGWYpuHHzMFKMG+ge0kD
 ef6axaSsljCtqSC6M5D2vY04eLesTOenYGIYao6La3MyfZUqN8cVA4YmbTHLjStWS/
 //3F+D1+vJZew==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
 =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Thomas Huth <thuth@redhat.com>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 30/58] util: fix use of pthread_get_name_np on OpenBSD
Date: Tue, 12 May 2026 23:57:51 +0300
Message-ID: <20260512205820.361821-30-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621885003158500

From: Daniel P. Berrang=C3=A9 <berrange@redhat.com>

The pthread_get_name_np function is present on FreeBSD and OpenBSD
and has 'void' return not 'int'. We didn't notice this build problem
on FreeBSD since it also has pthread_getname_np which does return
int like Linux and we use the latter preferentially.

Fixes: 215235d365e49c72a85ea2940751e45419676031
Closes: https://gitlab.com/qemu-project/qemu/-/work_items/3399
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20260417120531.2215549-1-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit b8c2426157f51391b74251a830371beda43358c9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
index bd1c2ad2a5..089606c93f 100644
--- a/util/qemu-thread-posix.c
+++ b/util/qemu-thread-posix.c
@@ -568,7 +568,8 @@ const char *qemu_thread_get_name(void)
 # if defined(CONFIG_PTHREAD_GETNAME_NP)
     rv =3D pthread_getname_np(pthread_self(), namebuf, sizeof(namebuf));
 # elif defined(CONFIG_PTHREAD_GET_NAME_NP)
-    rv =3D pthread_get_name_np(pthread_self(), namebuf, sizeof(namebuf));
+    pthread_get_name_np(pthread_self(), namebuf, sizeof(namebuf));
+    rv =3D 0;
 # else
     rv =3D -1;
 # endif
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622207; cv=none;
	d=zohomail.com; s=zohoarc;
	b=KeyZDYM/LSFpmSW5qnKO5DntT9YQsBy03tjV8i2rFjgvTQGQYOJcEIPQUXmDDnKrJkH4DfylzwOoyH6Ye4C7kS+0qIi1R2Jg4x0XTKzylS+iiIcQEhbLeLKZ05Y7QeOAPFoxKNIurCqYOaFaT6Z4b8JdQYwKeVmsypQBJsiJDow=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622207;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=YjKnHTQYM1ChucFZ/+S0Uw6zCMmo5wkiYZ54vfVjcUY=;
	b=RlT6Qhqdeyuz6IZnwd9WGa+k1QjhrqOGp0AYxJ7WFHJIBbg1Kjxy0gvlxF+aYIt3O8m5n4W4/gkVO+H2nLrgAIAacYz2khcN1ZOfxW35eT2eXaSYBfbj7mPtKaIRM7bObTQNlZPikBvJyliuug+8qkLa8QVKJ0k2rxni9Mfpcnk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622207486824.4158560825837;
 Tue, 12 May 2026 14:43:27 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuXk-00020Z-Jm; Tue, 12 May 2026 17:21:32 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuXV-0001JZ-BH; Tue, 12 May 2026 17:21:19 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuXM-0000a5-Jw; Tue, 12 May 2026 17:21:13 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id ED6BC1AA3EA;
 Tue, 12 May 2026 23:58:18 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 037103ABD42;
 Tue, 12 May 2026 23:58:23 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619498; bh=QDzQ9Z/iLPEiGCNsQMy3lqSumWj/0txSEiDQDLcMbJQ=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=PQZqkIQGcXENeH27ivw7Slnhsgdii4kdXprWQVXhJ8uotRHknFqATltO2KZflb3eq
 gyOZttO+FAlzhPrDEN0LfYoSVuE3xa6G/sHu11XoZKEeGlSKHRwHLtU0Ah3zO2FNyX
 5pwJVQpunmg/Ze9kosZIpd9v9ghbGcOCkjWJDCJ0O6x5gyheS8vGPUnDgmvQvQV7Xn
 +0PZGnPKa86hmcchbBetxUc2jweOrsyedplU3L9mhDsoyLtH0pnKV3pDVCos2k50lZ
 oyM8v+3azTGttkn4ttdEkQwG549/SxPNyKq9oEanu5h6iR5VDK0l8YihFYzWg+edQR
 VoTYYU3Mdi8SA==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Luc Michel <luc.michel@amd.com>,
 Thomas Huth <thuth@redhat.com>,
 Alistair Francis <alistair.francis@wdc.com>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 31/58] hw/core/register: add register_array_get_owner
Date: Tue, 12 May 2026 23:57:52 +0300
Message-ID: <20260512205820.361821-31-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622209537154100

From: Luc Michel <luc.michel@amd.com>

Add the register_array_get_owner function to the register API. This
function can be used to retrieve the device owning the given
RegisterInfoArray.

This was previously done inline by some devices.
5c6367bc1c8850f74812eeaaf87cff9911be58de modified the way register
blocks are created and parented to the device. Since this is an
implementation detail of the register API, it makes sense to have a
function for this.

Use it in the Versal OSPI and Versal/ZynqMP eFuse models instead of
tinkering with the API internals.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3421
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3422
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3423
Signed-off-by: Luc Michel <luc.michel@amd.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Fixes: 5c6367bc1c8 ("hw/core/register: add the REGISTER_ARRAY type")
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Message-ID: <20260424155646.533334-1-luc.michel@amd.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 57abf6b1d5762380765673a17cba74c481cc4b29)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/core/register.c b/hw/core/register.c
index c3f3c936e7..99ca5e1775 100644
--- a/hw/core/register.c
+++ b/hw/core/register.c
@@ -322,6 +322,11 @@ static void register_array_finalize(Object *obj)
     g_free(r_array->r);
 }
=20
+DeviceState *register_array_get_owner(const RegisterInfoArray *reg_array)
+{
+    return DEVICE(OBJECT(reg_array)->parent);
+}
+
 static const TypeInfo register_array_info =3D {
     .name  =3D TYPE_REGISTER_ARRAY,
     .parent =3D TYPE_OBJECT,
diff --git a/hw/nvram/xlnx-versal-efuse-ctrl.c b/hw/nvram/xlnx-versal-efuse=
-ctrl.c
index 69acdfa304..f5d5587cb6 100644
--- a/hw/nvram/xlnx-versal-efuse-ctrl.c
+++ b/hw/nvram/xlnx-versal-efuse-ctrl.c
@@ -619,11 +619,11 @@ static void efuse_ctrl_reg_write(void *opaque, hwaddr=
 addr,
 {
     RegisterInfoArray *reg_array =3D opaque;
     XlnxVersalEFuseCtrl *s;
-    Object *dev;
+    DeviceState *dev;
=20
     assert(reg_array !=3D NULL);
=20
-    dev =3D reg_array->mem.owner;
+    dev =3D register_array_get_owner(reg_array);
     assert(dev);
=20
     s =3D XLNX_VERSAL_EFUSE_CTRL(dev);
diff --git a/hw/nvram/xlnx-zynqmp-efuse.c b/hw/nvram/xlnx-zynqmp-efuse.c
index e6bc54fc6b..028120f824 100644
--- a/hw/nvram/xlnx-zynqmp-efuse.c
+++ b/hw/nvram/xlnx-zynqmp-efuse.c
@@ -724,11 +724,11 @@ static void zynqmp_efuse_reg_write(void *opaque, hwad=
dr addr,
 {
     RegisterInfoArray *reg_array =3D opaque;
     XlnxZynqMPEFuse *s;
-    Object *dev;
+    DeviceState *dev;
=20
     assert(reg_array !=3D NULL);
=20
-    dev =3D reg_array->mem.owner;
+    dev =3D register_array_get_owner(reg_array);
     assert(dev);
=20
     s =3D XLNX_ZYNQMP_EFUSE(dev);
diff --git a/hw/ssi/xlnx-versal-ospi.c b/hw/ssi/xlnx-versal-ospi.c
index 467f0ce703..e25e4c26c2 100644
--- a/hw/ssi/xlnx-versal-ospi.c
+++ b/hw/ssi/xlnx-versal-ospi.c
@@ -1569,15 +1569,11 @@ static RegisterAccessInfo ospi_regs_info[] =3D {
 };
=20
 /* Return dev-obj from reg-region created by register_init_block32 */
-static XlnxVersalOspi *xilinx_ospi_of_mr(void *mr_accessor)
+static XlnxVersalOspi *xilinx_ospi_of_mr(void *opaque)
 {
-    RegisterInfoArray *reg_array =3D mr_accessor;
-    Object *dev;
+    RegisterInfoArray *reg_array =3D REGISTER_ARRAY(opaque);
=20
-    dev =3D reg_array->mem.owner;
-    assert(dev);
-
-    return XILINX_VERSAL_OSPI(dev);
+    return XILINX_VERSAL_OSPI(register_array_get_owner(reg_array));
 }
=20
 static void ospi_write(void *opaque, hwaddr addr, uint64_t value,
diff --git a/include/hw/core/register.h b/include/hw/core/register.h
index 1f265f4ed7..c6f648fe95 100644
--- a/include/hw/core/register.h
+++ b/include/hw/core/register.h
@@ -209,4 +209,15 @@ RegisterInfoArray *register_init_block64(DeviceState *=
owner,
                                          bool debug_enabled,
                                          uint64_t memory_size);
=20
+/**
+ * register_array_get_owner
+ *
+ * Retrieve the device owning the register info array @reg_array.
+ *
+ * @reg_array The register info array to retrieve the owner from
+ *
+ * Returns: the device owning @reg_array
+ */
+DeviceState *register_array_get_owner(const RegisterInfoArray *reg_array);
+
 #endif
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621678; cv=none;
	d=zohomail.com; s=zohoarc;
	b=iNounodRi9aDBPB4ZbUxAiHHKfIjOWCo7m9xy2sP89wMlMJUrdYGs7aAU3y4TOm3OJh20gMW8SOXIChKKCp1YgZMntcqpeylFLfJ0mgymqyQ4PHw42od3kBNnQ7jDDY5wCukbE/oS+Uor2ekHOvh3lWilmiXoZCS+XsasRo04C4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621678;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=5JkYt3csFgJEn5S8Cap8h+ykRuPMyBPgQ1tn4m273UM=;
	b=P2feAVNOqPgduWddCGGtlE2Dedspr6h8w5eVObH2h3gUFu72yRm4YVYIoLppZraLSedEUOcD+Sj7flI29yB5nDuDMevlbzZ63zWMG6t8CcAaScnhnTItJN5wmlR3maTWaIZg2FxL2IHMeTYgTfV05Z6Gqgor8lImoomJGC93tFM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621678233235.18017522458365;
 Tue, 12 May 2026 14:34:38 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuhK-0003Hh-Lo; Tue, 12 May 2026 17:31:28 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuXc-0001oL-IN; Tue, 12 May 2026 17:21:28 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuXY-0000co-Aa; Tue, 12 May 2026 17:21:23 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 099501AA3EB;
 Tue, 12 May 2026 23:58:19 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 15B2F3ABD43;
 Tue, 12 May 2026 23:58:23 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619499; bh=dm3H42c1x7JUzSv5Jkh42Fx0cbWalHn8RfvTCoAk7zE=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=lnPKR/XAMbaI521Xfi0hzvihvySMt5yXx810k8FApMDhkrtb3rMm53zjaUMpdAP49
 280dcaU380KsvCJ7k7yoUJptWpc+2OBQ343Z64rNV5GrhXJEq0+lrcEGbl6MSHtB/j
 fJocl+3unp42O53Le0QYhVEkrJgRW4gcCOPSgv7yUqI91Zek9VGhprf3hPZ1BppR0z
 RXzPWQFcJX2WzsOoIyH6uOjXjRdE2aowBcW6r2WhNH4lxe/3IFACWXpqH4nhIscfQi
 pM/M7GshNTfVRlSAC1d46MuIjDonUmk1qI0yS9/SI6Yx5vJPDfjv3UVMPTBtD2vT3Q
 Uy9xTCKbM8Qgw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Yicong Yang <yang.yicong@picoheart.com>,
 Andrew Jones <andrew.jones@oss.qualcomm.com>,
 Alistair Francis <alistair.francis@wdc.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 32/58] hw/riscv/virt-acpi-build.c: Use kvm timer
 frequency when kvm enabled
Date: Tue, 12 May 2026 23:57:53 +0300
Message-ID: <20260512205820.361821-32-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621679925154100
Content-Type: text/plain; charset="utf-8"

From: Yicong Yang <yang.yicong@picoheart.com>

The timer frequency is decided by the host(kvm) rather than a fixed
RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ on kvm accelerated VM. So build
RCHT with KVM provided timer frequency if KVM is enabled, just like
how we build the timer node on DT based VM.

Fixes: ebfd39289370 ("hw/riscv/virt: virt-acpi-build.c: Add RHCT Table")
Signed-off-by: Yicong Yang <yang.yicong@picoheart.com>
Reviewed-by: Andrew Jones <andrew.jones@oss.qualcomm.com>
Message-ID: <20260325081314.57089-1-yang.yicong@picoheart.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit 4cb2f91773e8ec9511002de851734820f7ba64fe)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/riscv/virt-acpi-build.c b/hw/riscv/virt-acpi-build.c
index f1406cb683..fd6ca5dbc4 100644
--- a/hw/riscv/virt-acpi-build.c
+++ b/hw/riscv/virt-acpi-build.c
@@ -35,9 +35,11 @@
 #include "hw/riscv/virt.h"
 #include "hw/riscv/numa.h"
 #include "hw/virtio/virtio-acpi.h"
+#include "kvm/kvm_riscv.h"
 #include "migration/vmstate.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
+#include "system/kvm.h"
 #include "system/reset.h"
=20
 #define ACPI_BUILD_TABLE_SIZE             0x20000
@@ -296,7 +298,10 @@ static void build_rhct(GArray *table_data,
=20
     /* Time Base Frequency */
     build_append_int_noprefix(table_data,
-                              RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, 8);
+                              kvm_enabled() ?
+                              kvm_riscv_get_timebase_frequency(&s->soc->ha=
rts[0]) :
+                              RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ,
+                              8);
=20
     /* ISA + N hart info */
     num_rhct_nodes =3D 1 + ms->smp.cpus;
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621800; cv=none;
	d=zohomail.com; s=zohoarc;
	b=SoQFKz/xcunfvR3w4kH5Wst8u81+lKqhzHWJ3e8yjreMj7rxEu6lV90zCsz0JorMjxqY0azCfC1uOPwSenPc1XU0+Sz0+TRC9AqY7E25UbdRANmzNPz51KfeNfVfZiNpVAbEnFswR4iaYdoUl3ywmtOYypX6a0YrI4Q7iSFp8bs=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621800;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=Za6u8RqVe3TBYsTotSq9HkiftxnB4iPhvNnw2fg5t80=;
	b=A6ahRnDxd+J0VdmQYhfCacqIpcBly/fFH9bz0dpyz8KV7MQofmX1eRVlwpqaAlOza/TTAsP3okseLP+OSVQSQSEOyiAkxmzPYv5k/JeKjcWYgqqKnZWT/qJmZvT8gK4hPUIlyPLybWLRowrQcYRGy9KdtY81TvJ3Z0hFHXLgJZw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621800664494.5306549856823;
 Tue, 12 May 2026 14:36:40 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuhq-0003jH-2L; Tue, 12 May 2026 17:31:59 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuXb-0001lh-SV; Tue, 12 May 2026 17:21:28 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuXY-0000cn-6T; Tue, 12 May 2026 17:21:23 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 180701AA3EC;
 Tue, 12 May 2026 23:58:19 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 25E3E3ABD44;
 Tue, 12 May 2026 23:58:23 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619499; bh=5QSfPIBwBylo5n3ODtAiUvypqrI/UzMeMPJUaSlksSQ=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=hMvmmeK0NkMfgPrFN+oq4rtjBWJW8I86V+j1HldHsrVdpes2dVvz+J1Ug0cUoaa0m
 VTOkC3JT2tFO84BG+EQQncxvbR6uWlmMYLk5dyTB83gke99C4sCsQQFkiVKHu/b0sU
 X1QfxkXgBU5NsgANeZS0/pSMCrIBrd1zMRgQIUmbOgPc9vIyBnj4SUxImbYtxKZHmN
 61OgA9m/ge4baUVMljwfHATFjWYBRcx6qb3XcRd2AhiShLaokug1MvLIVkfXpkflBZ
 xcn8oceNBNKpOgvQgygEJawOXgZuKqALmNrNrikE8+Hpxw4LlUNFvMwosSX64lxjch
 ftyUXSKYW1iig==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
 =?UTF-8?q?Sebasti=C3=A1n=20Alba=20Vives?= <sebasjosue84@gmail.com>,
 Alistair Francis <alistair.francis@wdc.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 33/58] target/riscv: fix stale ptshift and base on
 page walk restart
Date: Tue, 12 May 2026 23:57:54 +0300
Message-ID: <20260512205820.361821-33-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621802087154100

From: Sebasti=C3=A1n Alba Vives <sebasjosue84@gmail.com>

When the atomic compare-and-swap for updating A/D bits in the page
table entry fails due to a concurrent PTE modification by another
vCPU, get_physical_address() jumps to the 'restart' label to re-walk
the page table from the root.

However, neither 'ptshift' nor 'base' are re-initialized before the
restart. After the walk completes, ptshift has been decremented to
its final value and base has been overwritten with an inner PTE PPN.
On goto restart, the for loop resets i=3D0 but ptshift and base remain
stale, causing the restarted walk to compute incorrect PTE addresses.

In an SMP guest with MTTCG and Svadu active, this can result in
incorrect physical address mappings or guest crashes.

Fix by saving the root base address and re-initializing both ptshift
and base on each restart.

Fixes: 0c3e702aca ("RISC-V CPU Helpers")
Signed-off-by: Sebasti=C3=A1n Alba Vives <sebasjosue84@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20260401053853.10473-1-sebasjosue84@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit b2e874bfec59f6150b49a70df0529458efa0726b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index dd6c861a90..22bab45e68 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -1316,12 +1316,15 @@ static int get_physical_address(CPURISCVState *env,=
 hwaddr *physical,
         adue =3D adue && (env->henvcfg & HENVCFG_ADUE);
     }
=20
-    int ptshift =3D (levels - 1) * ptidxbits;
+    int ptshift;
     target_ulong pte;
     hwaddr pte_addr;
+    const hwaddr base_root =3D base;
     int i;
=20
  restart:
+    ptshift =3D (levels - 1) * ptidxbits;
+    base =3D base_root;
     for (i =3D 0; i < levels; i++, ptshift -=3D ptidxbits) {
         target_ulong idx;
         if (i =3D=3D 0) {
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621683; cv=none;
	d=zohomail.com; s=zohoarc;
	b=PT+Z/AjSnJRmfEb/wwncxtGoOWeNPl+o30okkaOv7oEBw9jGVIafgL6gCmCgZdsJECuKKN9sHeJiye2nT/5DhSiH4C7Ewhr627wOEdEcJgLWYJ5dS0/KzHZ0K/HcbyAvO4XRV8kgBj/oW9VgGfTUB7kEJFloovML5Fb86fYOYqo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621683;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=f6IyC+EbdgkB+R/5bO11CBzSpx5IAdLZRdv3nI1P7lw=;
	b=EC62VjVlcThYy2kkINy+1q5mcnqxY3UvHQbeqbscvOpw3njiBHgREnQ3V2Ar4az9QV3lvlaQiNe6FowWPmuZQqRaJNGU/789fOsupCoM5hO58OptumiAYm+MHEGcxVQVjlNylQ8GItzOSA2DJm806eaazEfeakm3IwP3eAKTKRU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621683461339.0406238932288;
 Tue, 12 May 2026 14:34:43 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuiM-00043R-VD; Tue, 12 May 2026 17:32:32 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuY8-0002I4-Oc; Tue, 12 May 2026 17:21:58 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuXg-0000gU-6Y; Tue, 12 May 2026 17:21:55 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 2ACEC1AA3ED;
 Tue, 12 May 2026 23:58:19 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 36D093ABD45;
 Tue, 12 May 2026 23:58:23 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619499; bh=kzBsfPBxJ9OsHGCfVDNm5liRopNuWtvBtbwcG4sITvQ=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=k94KpupD/SRn14j3dDnK9gQIYipfigJNK9fBR//BG7oGr1Bk04zu15p9ZlSoc7Go6
 hNfPuE9MPlPMql31iic2klKRVpbguWiEJJWzf7IbsIpufa+1kif7HK8mKrCUG21iOL
 yYG0nm7RmUkxW8dTfmfp9fdS9gxwAGKBqxzPi5gCpO8+D0JK8gzFFxdbDNvl7srAo7
 /LLyaVEMLSpG9f4kxq8kkCR09a9sCKaIGubsvG9TgsEDFiR2JpTcLi6bIc7kuFNLDy
 de0799oA3R0qIco4UODnwUPW9h6wrz/EufTnTf6oop7X1iojK4NsHpTGtYS0QPma5g
 YwUTVnaBWqklQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
 =?UTF-8?q?Sebasti=C3=A1n=20Alba=20Vives?= <sebasjosue84@gmail.com>,
 qemu-security@nongnu.org, Alistair Francis <alistair.francis@wdc.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 34/58] hw/intc: fix heap OOB in ACLINT MTIMER
 multi-socket
Date: Tue, 12 May 2026 23:57:55 +0300
Message-ID: <20260512205820.361821-34-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621685564158500

From: Sebasti=C3=A1n Alba Vives <sebasjosue84@gmail.com>

The MMIO read/write handlers index timecmp[] with the absolute hartid
(hartid_base + offset) but the array is allocated with num_harts
elements. In multi-socket configurations with hartid_base > 0 this
causes heap OOB access in the QEMU process.

Fix by using the relative offset for array indexing.

Cc: qemu-security@nongnu.org
Signed-off-by: Sebasti=C3=A1n Alba Vives <sebasjosue84@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20260401053853.10473-2-sebasjosue84@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit d5b33fc180f557ee3574cef9c64650174d0ef5dd)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/intc/riscv_aclint.c b/hw/intc/riscv_aclint.c
index 9c1491bd04..e27e5fb394 100644
--- a/hw/intc/riscv_aclint.c
+++ b/hw/intc/riscv_aclint.c
@@ -131,6 +131,7 @@ static uint64_t riscv_aclint_mtimer_read(void *opaque, =
hwaddr addr,
         addr < (mtimer->timecmp_base + (mtimer->num_harts << 3))) {
         size_t hartid =3D mtimer->hartid_base +
                         ((addr - mtimer->timecmp_base) >> 3);
+        size_t hartid_offset =3D hartid - mtimer->hartid_base;
         CPUState *cpu =3D cpu_by_arch_id(hartid);
         CPURISCVState *env =3D cpu ? cpu_env(cpu) : NULL;
         if (!env) {
@@ -138,11 +139,11 @@ static uint64_t riscv_aclint_mtimer_read(void *opaque=
, hwaddr addr,
                           "aclint-mtimer: invalid hartid: %zu", hartid);
         } else if ((addr & 0x7) =3D=3D 0) {
             /* timecmp_lo for RV32/RV64 or timecmp for RV64 */
-            uint64_t timecmp =3D mtimer->timecmp[hartid];
+            uint64_t timecmp =3D mtimer->timecmp[hartid_offset];
             return (size =3D=3D 4) ? (timecmp & 0xFFFFFFFF) : timecmp;
         } else if ((addr & 0x7) =3D=3D 4) {
             /* timecmp_hi */
-            uint64_t timecmp =3D mtimer->timecmp[hartid];
+            uint64_t timecmp =3D mtimer->timecmp[hartid_offset];
             return (timecmp >> 32) & 0xFFFFFFFF;
         } else {
             qemu_log_mask(LOG_UNIMP,
@@ -174,6 +175,7 @@ static void riscv_aclint_mtimer_write(void *opaque, hwa=
ddr addr,
         addr < (mtimer->timecmp_base + (mtimer->num_harts << 3))) {
         size_t hartid =3D mtimer->hartid_base +
                         ((addr - mtimer->timecmp_base) >> 3);
+        size_t hartid_offset =3D hartid - mtimer->hartid_base;
         CPUState *cpu =3D cpu_by_arch_id(hartid);
         CPURISCVState *env =3D cpu ? cpu_env(cpu) : NULL;
         if (!env) {
@@ -182,7 +184,7 @@ static void riscv_aclint_mtimer_write(void *opaque, hwa=
ddr addr,
         } else if ((addr & 0x7) =3D=3D 0) {
             if (size =3D=3D 4) {
                 /* timecmp_lo for RV32/RV64 */
-                uint64_t timecmp_hi =3D mtimer->timecmp[hartid] >> 32;
+                uint64_t timecmp_hi =3D mtimer->timecmp[hartid_offset] >> =
32;
                 riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu), =
hartid,
                     timecmp_hi << 32 | (value & 0xFFFFFFFF));
             } else {
@@ -193,7 +195,7 @@ static void riscv_aclint_mtimer_write(void *opaque, hwa=
ddr addr,
         } else if ((addr & 0x7) =3D=3D 4) {
             if (size =3D=3D 4) {
                 /* timecmp_hi for RV32/RV64 */
-                uint64_t timecmp_lo =3D mtimer->timecmp[hartid];
+                uint64_t timecmp_lo =3D mtimer->timecmp[hartid_offset];
                 riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu), =
hartid,
                     value << 32 | (timecmp_lo & 0xFFFFFFFF));
             } else {
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621777; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Lbh5ElLSy4+KoZfaRJ6Fb5h1YHUCcdqmYzxAPhzuZFCkrtcgrIN1ozV0b1DFfp55vJ0xhpzItd5hH+1rgLPGv9VTxJ2HNd13uUTvJoefTWbu8lBjuLZP784PwjFAiEOMhl7LZvt6I86jYrGmRQfwM0XFv5Gc3W5qUDEykVttzx0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621777;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=sybGFz0E9YGdLtMoMtTquOIidiCg9VEq13KqV1O7U4I=;
	b=ZfAiul/Nbpw8XIyyn+pSdJP3G7vG2d0gDMsdWZ+QlrOkkoAQo00o303Jc/FDEF1VwZuyqIOIb0qGJmrybg1FcmlD4Qtp462+MUlHTtgrgzzElakj1627ay3VXZ6+VyB35Na4QUo6+e6QWS400GKnTR1sm9oJGgYO/Fhd2ScYci8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621777679369.85181765994696;
 Tue, 12 May 2026 14:36:17 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuhI-0003Fe-6u; Tue, 12 May 2026 17:31:26 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuY8-0002I3-OO; Tue, 12 May 2026 17:21:58 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuXf-0000gj-Fg; Tue, 12 May 2026 17:21:55 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 3E88F1AA3EE;
 Tue, 12 May 2026 23:58:19 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 474B33ABD46;
 Tue, 12 May 2026 23:58:23 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619499; bh=fSX8V1GH6cOS7jaYi9WOBY/PGSpp3CPveh4gYDxacBk=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=KMK/MnkimaHWDFZF1NTs7irLWPxL0s1UH38rCMWuilZWYPixue8sAAATCemo9sDzC
 GR9bdZ9GBOoFZIBkRAylTuL6PdOmataQSQGSaFYoPyQpwmSLiaSKSn9Hyggc7dlM0B
 xifzUuxXiyKpC2GxMMd0ZrZ1U3hetoobu+J0+kkiIVPmWdmbCsPzRHWU8UzIEsTYb0
 3peqUIfDI+pu2uiDAa6rffTHqpTQZCyq7sdKJLo+KoXrrRCtGFjZ+LBa+WRvOt5Vgp
 N1Z2SeXyRAUu+luwljmtLwm0/XrCfog3vkoslt8sMfQBYLb0rr+VHFWO5MwOtSG8d/
 q/76R69ZCy+fw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Munkhbaatar Enkhbaatar <munkhuu0825@gmail.com>,
 Alistair Francis <alistair.francis@wdc.com>,
 Tao Tang <tangtao1634@phytium.com.cn>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Chao Liu <chao.liu.zevorn@gmail.com>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 35/58] riscv_htif: reject invalid signature ranges
 (end <= begin)
Date: Tue, 12 May 2026 23:57:56 +0300
Message-ID: <20260512205820.361821-35-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621778222158500

From: Munkhbaatar Enkhbaatar <munkhuu0825@gmail.com>

Prevents huge allocations and crashes caused by malformed HTIF signature
addresses.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3205
Signed-off-by: Munkhbaatar Enkhbaatar <munkhuu0825@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20251209085349.61510-1-munkhuu0825@gmail.com>
[ Squashed with following commit to fix build failures
    hw/char/riscv_htif: Fix format specifier for uint64_t

    Message-ID: <20260415134826.1742308-1-chao.liu.zevorn@gmail.com>
    Signed-off-by: Chao Liu <chao.liu.zevorn@gmail.com>
]
Tested-by: Tao Tang <tangtao1634@phytium.com.cn>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Signed-off-by: Chao Liu <chao.liu.zevorn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit 14808578ccbcd17d474c98bb53b60452888f8529)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/char/riscv_htif.c b/hw/char/riscv_htif.c
index e9efab16e9..a53d2ace02 100644
--- a/hw/char/riscv_htif.c
+++ b/hw/char/riscv_htif.c
@@ -171,6 +171,12 @@ static void htif_handle_tohost_write(HTIFState *s, uin=
t64_t val_written)
                  * begin/end_signature symbols exist.
                  */
                 if (sig_file && begin_sig_addr && end_sig_addr) {
+                    if (end_sig_addr <=3D begin_sig_addr) {
+                        error_report("Invalid HTIF signature range:"
+                                     " begin=3D0x%" PRIx64 " end=3D0x%" PR=
Ix64,
+                                     begin_sig_addr, end_sig_addr);
+                        return;
+                    }
                     uint64_t sig_len =3D end_sig_addr - begin_sig_addr;
                     char *sig_data =3D g_malloc(sig_len);
                     dma_memory_read(&address_space_memory, begin_sig_addr,
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621658; cv=none;
	d=zohomail.com; s=zohoarc;
	b=UL7g/uWkl53B8niiuNoCcgTv+ye8A6CLpPGJWbQoOa3I0jh1BPjkL61rX4rMApalECKDA8h8CxvXDEOuNxw8JHYmZxYRlbdYUvrcqV5lzb7WWey/LD1Ji0B1o21wv3VNjbpY1d9SMY45uFbMK4V2mqSG5ogj9pNprhjvDOoHbTQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621658;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=H8NRV8Hp4vaYtCzbYkZ4nzQ+iPudBYE+8g/JGbSLt7o=;
	b=ac/5ipYKgT2spxiGWa+GiH0OLCNIQRUhrAuZZOg7fABcgENKzIIysb9CB3wXRqZ+WcLTJNDFWWP5EZ7bmWb6Vt/VgBE00qbrl5tYuvMRoVWZTROxPvLQhLeHeBCY13h7Ob/Q/AgF27z1isz9RpSbQ5e3TLF+pRBA/9tem+ba4FY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 177862165898673.62818494976511;
 Tue, 12 May 2026 14:34:18 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuiM-00043Q-VT; Tue, 12 May 2026 17:32:32 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuhI-0003Tu-Sz; Tue, 12 May 2026 17:31:27 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuYB-0000uu-0U; Tue, 12 May 2026 17:24:13 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 4F13D1AA3EF;
 Tue, 12 May 2026 23:58:19 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 5AFA33ABD47;
 Tue, 12 May 2026 23:58:23 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619499; bh=QtZMv/eUNp00lZGF+Ax8EVZrxLcKxZLVCasWZm66xAY=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=C3D9A16nLwbFzv7/7P3R2/NaOGN73DfYaqmRP4huvMnrLMi7TbR0NUDMi/wZEDLwB
 uo7to2WKr+C5a6o8nAXLx+yov5+wv5QnNPcnMqcUaCTU3plEhhlQnHjUA65WaxNpB5
 26/R8CPuNDvvQM550wOHbqI14N6WHVNA8v7BzPTpbEVAwuB80Uuizyle16oRr1wR4p
 7E/vImWilJQlbYHaGc40eivTOrTpbv0A7i66yFVAWd5w/v+k5PQnxG243W0iaZh7nH
 km4/DD050pWeVJf5z7WpnMUyScmGPpBdMtWE62g+nzxv7gYNtvZE1sXoeIHoNemJzF
 +3oppXhddrh1A==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Alistair Francis <alistair.francis@wdc.com>,
 Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com>,
 Chao Liu <chao.liu.zevorn@gmail.com>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 36/58] target/riscv: Generate access fault if sc
 comparison fails
Date: Tue, 12 May 2026 23:57:57 +0300
Message-ID: <20260512205820.361821-36-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621659720154100
Content-Type: text/plain; charset="utf-8"

From: Alistair Francis <alistair.francis@wdc.com>

The RISC-V spec states:

"For the purposes of memory protection, a failed SC.W may be treated
like a store."

So if the comparison in sc.w fails we should still check for alignment
and do a probe access to check permissions.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3323
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3136
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com>
Reviewed-by: Chao Liu <chao.liu.zevorn@gmail.com>
Message-ID: <20260415233740.3027321-2-alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit d107b748072cea3f86089a4a7b2e83f1a62745f2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/target/riscv/helper.h b/target/riscv/helper.h
index b785456ee0..fa16ab2b82 100644
--- a/target/riscv/helper.h
+++ b/target/riscv/helper.h
@@ -1289,3 +1289,6 @@ DEF_HELPER_4(vsm4r_vs, void, ptr, ptr, env, i32)
 #ifndef CONFIG_USER_ONLY
 DEF_HELPER_1(ssamoswap_disabled, void, env)
 #endif
+
+/* Zalrsc SC write probe */
+DEF_HELPER_FLAGS_3(sc_probe_write, TCG_CALL_NO_WG, void, env, tl, tl)
diff --git a/target/riscv/insn_trans/trans_rva.c.inc b/target/riscv/insn_tr=
ans/trans_rva.c.inc
index a7a3278d24..62c0fe673d 100644
--- a/target/riscv/insn_trans/trans_rva.c.inc
+++ b/target/riscv/insn_trans/trans_rva.c.inc
@@ -90,6 +90,12 @@ static bool gen_sc(DisasContext *ctx, arg_atomic *a, Mem=
Op mop)
      */
     TCGBar bar_strl =3D (ctx->ztso || a->rl) ? TCG_BAR_STRL : 0;
     tcg_gen_mb(TCG_MO_ALL + a->aq * TCG_BAR_LDAQ + bar_strl);
+    /*
+     * "For the purposes of memory protection, a failed SC.W may be treated
+     * like a store." so let's check the write access permissions
+     */
+    gen_helper_sc_probe_write(tcg_env, src1,
+                              tcg_constant_tl(memop_size(mop)));
     gen_set_gpr(ctx, a->rd, tcg_constant_tl(1));
=20
     gen_set_label(l2);
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index 6ccc127c30..b569366369 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -281,6 +281,20 @@ void helper_cbo_inval(CPURISCVState *env, target_ulong=
 address)
     /* We don't emulate the cache-hierarchy, so we're done. */
 }
=20
+void helper_sc_probe_write(CPURISCVState *env, target_ulong addr,
+                           target_ulong size)
+{
+    uintptr_t ra =3D GETPC();
+    int mmu_idx =3D riscv_env_mmu_index(env, false);
+
+    if (addr & (size - 1)) {
+        env->badaddr =3D addr;
+        riscv_raise_exception(env, RISCV_EXCP_STORE_AMO_ADDR_MIS, ra);
+    }
+
+    probe_write(env, addr, size, mmu_idx, ra);
+}
+
 #ifndef CONFIG_USER_ONLY
=20
 target_ulong helper_sret(CPURISCVState *env)
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621883; cv=none;
	d=zohomail.com; s=zohoarc;
	b=dzOqAMcvKHUb9doqJ7/+FBaS758M93B8ZrkA9FxCPkSXezGuP85MEJ6BNml1Jxqz7jwuvdx1kekxboDQxTQ1pKOgt7Q+Z37WbytuCg1mREJQ88ITUZlQ0VK5alqqBTbRp2V7heDjFo9L49xKrv5wqkx+9r51aUIq1LbgoxEPaNQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621883;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=5/JPMh62GOGn9nx2KIqyX5jNRj3xXaglnJx/oL9aiXc=;
	b=EmjzndvW0YNx2TorZK0h295pbrNH9G0760edMsho3Kw2zjG+UIbdIZAoorCivOQyboHBBgOyoCKieOIQcgPj5jXX7+r3R9LTI/sy10hthIcxXYo/P8Kj+gnUENJSc/rRsi0HWovJerOR4JH6GJDsZG7hSOw5JOdMULWxkjpsOhs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621883956872.8492073147421;
 Tue, 12 May 2026 14:38:03 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuii-0004V8-0G; Tue, 12 May 2026 17:32:52 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuhG-0003TJ-EI; Tue, 12 May 2026 17:31:26 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuYB-0000uw-5f; Tue, 12 May 2026 17:24:13 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 5EF491AA3F0;
 Tue, 12 May 2026 23:58:19 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 6B8523ABD48;
 Tue, 12 May 2026 23:58:23 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619499; bh=/6JwHIiWOaqsyYTTl/tshHbNobFM37fOo4/dYaRhKic=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=VUyGVrO3CJ3gPrbTVmzF7mq6rfA+062xj9tOxUAt+u2qgCrdfDM0qsGqlANBOLb2r
 uXkwGhML++BZivykL5ptC4SaH3zacOHE2hGcahvWup0F1H3teiLW+thpFUQ6RYeKkm
 DlWlmDrBrRaN28HmwkptDfc2G3pNmZEHLR/xYvazCuVb79DTRsNuNo6JaF8BxCtwU7
 PXVEPh+r/+ekC9yF+9IbRuYkgPdiFqO5zj6W7oWKQPhd0FFFg9Eq80gIPD6F/8z0Ne
 QNDL6T7P4ZVnn6l8UA+9+EhuW91GV+MwjuMG0nJKnzl7FeG/NS4jzeayVkNk2JNHlQ
 rXIi9Cmy6fziQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Alistair Francis <alistair.francis@wdc.com>,
 Chao Liu <chao.liu.zevorn@gmail.com>, Nutty Liu <nutty.liu@hotmail.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 37/58] target/riscv: Don't OR mip.SEIP when mvien is
 one
Date: Tue, 12 May 2026 23:57:58 +0300
Message-ID: <20260512205820.361821-37-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621885284154100

From: Alistair Francis <alistair.francis@wdc.com>

The RISC-V spec states that

"""
But when bit 9 of mvien is one, bit SEIP in mip is read-only and does
not include the value of bit 9 of mvip. Rather, the value of mip.SEIP
is simply the supervisor external interrupt signal from the hart=E2=80=99s
external interrupt controller (APLIC or IMSIC).
"""

As such let's mark the mip.SEIP in rmw_mip64().

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/2828
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Chao Liu <chao.liu.zevorn@gmail.com>
Reviewed-by: Nutty Liu <nutty.liu@hotmail.com>
Message-ID: <20260415233740.3027321-4-alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit 175afdb0d155a7429e2ac0c568c1c807953444a4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index a75281539b..29dd596ae4 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -3671,6 +3671,14 @@ static RISCVException rmw_mip64(CPURISCVState *env, =
int csrno,
     uint64_t old_mip, mask =3D wr_mask & delegable_ints;
     uint32_t gin;
=20
+    /*
+     * When mvien[9]=3D1, mip.SEIP is read-only and reflects only
+     * the external interrupt signal from the interrupt controller.
+     */
+    if (env->mvien & MIP_SEIP) {
+        mask &=3D ~MIP_SEIP;
+    }
+
     if (mask & MIP_SEIP) {
         env->software_seip =3D new_val & MIP_SEIP;
         new_val |=3D env->external_seip * MIP_SEIP;
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622170; cv=none;
	d=zohomail.com; s=zohoarc;
	b=aZXMuS9FYA91OYsBCKa3ACPRQMQ5iZE76/+UaWqYWS2C/x9xrxc7OktS0JW7WL/iXuG/EfHHVWKafXvxNeNUBcLe/zpyZQXyb6rl6IR80o0s/FOOnn/7LV49FBWfsHb+txuZM9+QZiSr0KdPz93O+1gqUVlZP0vhxPbShbzoAY0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622170;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=V7ZHRNUNkVGlHofKfXMq66JvNdCSHrywFdCwexSnbzA=;
	b=nJ+u1no66novKbEIvORSgP3/vuKeEPRWYVos3DesMVzdPZNouY/fXxzPV5PTjf2RcIYGMPXqAfgj6BiXk3H2cm2Kq47y39EvWWF9LmFeXqZGTAR3sVjklNQqnWh6zwyn13SHBYdChKJMqB4VLWVa2ylwgLll4Ro9RxlKAW/lUyw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622170386607.8609841051825;
 Tue, 12 May 2026 14:42:50 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuj3-00052k-Sd; Tue, 12 May 2026 17:33:14 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuhb-0003ia-LR; Tue, 12 May 2026 17:31:46 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuhV-0001hs-4V; Tue, 12 May 2026 17:31:43 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 72BE81AA3F1;
 Tue, 12 May 2026 23:58:19 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 7BBBD3ABD49;
 Tue, 12 May 2026 23:58:23 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619499; bh=GdU5rmywvm/PU8w5RHsCt+h5kcA2DbJoW72xFw1JLXo=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=phIvSxZ1vFVLXvkiPvQuGYPS4dnnOvuUIvVbveRp5ailyZ8WOHEcMPnni/pbTk93Y
 OauunLzr/6Zzxy1xlE96IOXZv1/Zi0jvZrkMvOPbtM/QsJ2UoTDgGJJ9h3KBaRMvIG
 HGLP71UCrsD7xjvCLXL2YhmyhFgYflrfcRuRxR9mMm9j+Zw451VimqTFmPBDmTYPcu
 9LAjobWPZnqbXiIO3HRxqsKoOtzVSEoYuBZ6Sn1uvwAjjdrnNKNFRoybTXDPfkDHK5
 rxUHIpAUXvBnoKVpp2tNMmnRQrscIroWpaB7/93FtaBA8C9de7pGFxyoYlsPDGlwar
 2BtOf7Px2CVkw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Alistair Francis <alistair.francis@wdc.com>,
 Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com>,
 LIU Zhiwei <zhiwei_liu@linux.alibaba.com>,
 Chao Liu <chao.liu.zevorn@gmail.com>, Max Chou <max.chou@sifive.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 38/58] target/riscv: Use ELEN for Fractional LMUL
 check
Date: Tue, 12 May 2026 23:57:59 +0300
Message-ID: <20260512205820.361821-38-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622172718154100
Content-Type: text/plain; charset="utf-8"

From: Alistair Francis <alistair.francis@wdc.com>

The RISC-V spec states that

"""
For a given supported fractional LMUL setting, implementations
must support SEW settings between SEWMIN and LMUL * ELEN, inclusive.
"""

We were previously checking VLEN, instead of ELEN, so let's update to
check ELEN instead of VLEN for fractional scaling.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3196
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Reviewed-by: Chao Liu <chao.liu.zevorn@gmail.com>
Reviewed-by: Max Chou <max.chou@sifive.com>
Message-ID: <20260415233740.3027321-5-alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit 5dcc64828dc79c2426905db5fae885f6ccf93347)
(Mjt: context fixup)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
index 83dd26314d..b4fc791eb7 100644
--- a/target/riscv/vector_helper.c
+++ b/target/riscv/vector_helper.c
@@ -47,18 +47,17 @@ target_ulong HELPER(vsetvl)(CPURISCVState *env, target_=
ulong s1,
     target_ulong reserved =3D s2 &
                             MAKE_64BIT_MASK(R_VTYPE_RESERVED_SHIFT,
                                             xlen - 1 - R_VTYPE_RESERVED_SH=
IFT);
-    uint16_t vlen =3D cpu->cfg.vlenb << 3;
     int8_t lmul;
=20
     if (vlmul & 4) {
         /*
          * Fractional LMUL, check:
          *
-         * VLEN * LMUL >=3D SEW
-         * VLEN >> (8 - lmul) >=3D sew
-         * (vlenb << 3) >> (8 - lmul) >=3D sew
+         * ELEN * LMUL >=3D SEW
+         * ELEN >> (8 - vlmul) >=3D sew
          */
-        if (vlmul =3D=3D 4 || (vlen >> (8 - vlmul)) < sew) {
+        if (vlmul =3D=3D 4 ||
+            (cpu->cfg.elen >> (8 - vlmul)) < sew) {
             vill =3D true;
         }
     }
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622499; cv=none;
	d=zohomail.com; s=zohoarc;
	b=FBBeOiMv4wGbLq+6ME1PAxJ6HC+ljzDM0Po8ExL8AJmIIZc12lQuPb/+OaIAf+NvWpcL8e2BsRnT40ImJPPZSSaANYcByZJ7Yi3831SK/BbT80jJwBb3VHJMVXlnqP8gereY30xoc6fm4rU97AatVcqatoEeIewBtJnbGyEryHg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622499;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=Kr69M++KAyvvMxp865C20nOin67IapzZm1S+6FNLhwA=;
	b=k/NNjGg7pJx8D8ilubWVWU16nqPaIIgfy4pkckJE1d+EKo3A8rw5tSzjfUxbXaOTgvoaNPVDie8drpUo/CbmAuYS32hh5HzLwOTTY6D/N13xIb7SZiHa/6oqQyoj/q7bVRwIQmRI6dXQizTFOqqpKyjnBgtwfxHC6U440UEunqg=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622499573941.6479685129174;
 Tue, 12 May 2026 14:48:19 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuis-0004iw-80; Tue, 12 May 2026 17:33:02 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuhZ-0003iB-VQ; Tue, 12 May 2026 17:31:44 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuhT-0001uK-37; Tue, 12 May 2026 17:31:40 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 802C61AA3F2;
 Tue, 12 May 2026 23:58:19 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 8EF293ABD4A;
 Tue, 12 May 2026 23:58:23 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619499; bh=eCM7vXILxrJ1WoMGxOFmd/DjA6B0QwwTpBYgsE7b4/A=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=xHY11C1GktRbiDm5Irs6JTAqmaQRdHhNuqosiQA03XujYTWvlb/OT9LsmruGSE5Pn
 7TOAIaWa1LUsy8gepk0VmH2GYKOWmh9V+xfRyvjA52CRCHnQR25BWxScog3mxVjm2O
 sAu3TldVe0LY00vAu+pDgGsXhrRYp1Mt6K09zT1/Yd802B6tuutfDKi87NOaJLvE9A
 T2V4vv3Ao/rpUexHIo/U0fMsOUmDNIQFqiqN6WpqdPlyFxXasi5fPNgOyuEPivjH64
 OBRbij3ybZvbiQR/GNeAbST3RRBlXlliBwMa/D0F41r+lGNRGiiknz4nlxrti+xEoz
 W+eF0HwJHxaDw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Helge Deller <deller@gmx.de>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 39/58] linux-user: Add missing CDROM ioctls
Date: Tue, 12 May 2026 23:58:00 +0300
Message-ID: <20260512205820.361821-39-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622502148154100
Content-Type: text/plain; charset="utf-8"

From: Helge Deller <deller@gmx.de>

Add the missing CDROM ioctls and bring them in same order as
documentation.

Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit dcb6e96257eea926aef16854bed0871b0605a8b9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index 5b7d00e92f..aa485ee6e5 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -416,19 +416,18 @@
 #endif
=20
   IOCTL(CDROMPAUSE, 0, TYPE_NULL)
-  IOCTL(CDROMSTART, 0, TYPE_NULL)
-  IOCTL(CDROMSTOP, 0, TYPE_NULL)
   IOCTL(CDROMRESUME, 0, TYPE_NULL)
-  IOCTL(CDROMEJECT, 0, TYPE_NULL)
-  IOCTL(CDROMEJECT_SW, 0, TYPE_INT)
-  IOCTL(CDROMCLOSETRAY, 0, TYPE_NULL)
-  IOCTL(CDROMRESET, 0, TYPE_NULL)
   IOCTL(CDROMPLAYMSF, IOC_W, MK_PTR(TYPE_INT))
   IOCTL(CDROMPLAYTRKIND, IOC_W, MK_PTR(TYPE_INT))
   IOCTL(CDROMREADTOCHDR, IOC_R, MK_PTR(TYPE_INT))
   IOCTL(CDROMREADTOCENTRY, IOC_RW, MK_PTR(TYPE_INT))
+  IOCTL(CDROMSTOP, 0, TYPE_NULL)
+  IOCTL(CDROMSTART, 0, TYPE_NULL)
+  IOCTL(CDROMEJECT, 0, TYPE_NULL)
   IOCTL(CDROMVOLCTRL, IOC_W, MK_PTR(TYPE_INT))
   IOCTL(CDROMSUBCHNL, IOC_RW, MK_PTR(TYPE_INT))
+  IOCTL(CDROMEJECT_SW, IOC_W, TYPE_INT)
+  IOCTL(CDROMRESET, 0, TYPE_NULL)
   /* XXX: incorrect (need specific handling) */
   IOCTL(CDROMREADAUDIO, IOC_W, MK_PTR(MK_STRUCT(STRUCT_cdrom_read_audio)))
   IOCTL(CDROMREADCOOKED, IOC_RW, MK_PTR(TYPE_INT))
@@ -438,16 +437,22 @@
   IOCTL(CDROMREADALL, IOC_RW, MK_PTR(TYPE_INT))
   IOCTL(CDROMMULTISESSION, IOC_RW, MK_PTR(TYPE_INT))
   IOCTL(CDROM_GET_UPC, IOC_R, MK_PTR(TYPE_INT))
+  IOCTL(CDROM_LAST_WRITTEN, IOC_R, MK_PTR(TYPE_LONG))
   IOCTL(CDROMVOLREAD, IOC_R, MK_PTR(TYPE_INT))
   IOCTL(CDROMSEEK, IOC_W, MK_PTR(TYPE_INT))
   IOCTL(CDROMPLAYBLK, IOC_W, MK_PTR(TYPE_INT))
-  IOCTL(CDROM_MEDIA_CHANGED, 0, TYPE_NULL)
-  IOCTL(CDROM_SET_OPTIONS, 0, TYPE_INT)
-  IOCTL(CDROM_CLEAR_OPTIONS, 0, TYPE_INT)
-  IOCTL(CDROM_SELECT_SPEED, 0, TYPE_INT)
-  IOCTL(CDROM_SELECT_DISC, 0, TYPE_INT)
-  IOCTL(CDROM_DRIVE_STATUS, 0, TYPE_NULL)
+  IOCTL(CDROMCLOSETRAY, 0, TYPE_NULL)
+  IOCTL(CDROM_SET_OPTIONS, IOC_W, TYPE_INT)
+  IOCTL(CDROM_CLEAR_OPTIONS, IOC_W, TYPE_INT)
+  IOCTL(CDROM_SELECT_SPEED, IOC_W, TYPE_INT)
+  IOCTL(CDROM_SELECT_DISC, IOC_W, TYPE_INT)
+  IOCTL(CDROM_MEDIA_CHANGED, IOC_W, TYPE_INT)
+  IOCTL(CDROM_DRIVE_STATUS, IOC_W, TYPE_INT)
   IOCTL(CDROM_DISC_STATUS, 0, TYPE_NULL)
+  IOCTL(CDROM_CHANGER_NSLOTS, 0, TYPE_NULL)
+  IOCTL(CDROM_LOCKDOOR, IOC_W, TYPE_INT)
+  IOCTL(CDROM_DEBUG, IOC_W, TYPE_INT)
+  IOCTL(CDROM_GET_CAPABILITY, 0, TYPE_NULL)
   IOCTL(CDROMAUDIOBUFSIZ, 0, TYPE_INT)
=20
 #if 0
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622477; cv=none;
	d=zohomail.com; s=zohoarc;
	b=h3bJoyHxMErEg4JKgsUeG+NKMJ7A4h42wX+tFU9k247JM2syWNC6AcghRkVkRGF8Y4S+AXMLScwOmSCbNiWa/I6hI/164qZmn3BzmNCFa+327WzfvDZzvtkLx2Olq1gLjYITRDXupakeg8qiT5M13X5Wn9O84n6kepDDl0twvoY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622477;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=KXAtSxShiDbI9hWaO/H7Uej8ahT+PrryczpHmWhHQdg=;
	b=UvaJ7+diEWkyjHsxjwnuO1bCEhZBUoR/PT5mB/wfRDpEjSGNnj0LLXHnlRfUYQadq3/HFSAa/8fxps3r5faKzJKOI5lLI9/cRpCwhuJofpCx8O/6hbpS17pqgPHTnK3nY35kbnbra91NXhkjfwiAcWsXCygggiYefb9opUEWvZc=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622477101274.6675916687959;
 Tue, 12 May 2026 14:47:57 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuif-0004R4-6p; Tue, 12 May 2026 17:32:49 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuiJ-00044U-RZ; Tue, 12 May 2026 17:32:30 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuhb-0002EN-GU; Tue, 12 May 2026 17:32:27 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 983D81AA3F3;
 Tue, 12 May 2026 23:58:19 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 9C47F3ABD4B;
 Tue, 12 May 2026 23:58:23 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619499; bh=F1ZjrKYiZq3Jun8XhqtVGKKyZHugcUCPVem+L/R0zQ4=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=XSxPa5DGMDpYoQM6f/2XQtu1i7KvvLSngKHAijY+Cyj1fnoGXTmn0Hrz920g9kNvo
 NAkAUCbFxhRMlP6Ub2oTs0W6/x4UyLbwoQC0O9lsbW/9+m5WgoMZjYyH+ZytUbyGGF
 sA6S7sEYhag5/OLU+Lesq/DwgUNKTw0Fvx+tZIlJOwb8xD6avWfdgB7JBlM3ElwLGn
 gUc0SmczYgJ3hv/M5pUf6oAvfsb3qWmQYb7vtmLOc/fEs+bVJBEVpoUMXDlyx6VnTq
 /WW6BXaDpe5reprVqdIH9b6yTMOYnPrlgoGvGTe1mwGu6GRmyCtpFz+/Y0ZSQyHWSs
 0l72lPz3Qpz1g==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Helge Deller <deller@gmx.de>,
 Warner Losh <imp@bsdimp.com>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 40/58] linux-user: Flush errors by using exit()
 instead of _exit() in error path
Date: Tue, 12 May 2026 23:58:01 +0300
Message-ID: <20260512205820.361821-40-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622477937158500
Content-Type: text/plain; charset="utf-8"

From: Helge Deller <deller@gmx.de>

Similiar to previous patch - ensure that we always flush I/O by using
exit() instead of _exit().

Reported by: Tobias Bergkvist <tobias@bergkv.ist>
Reviewed-by: Warner Losh <imp@bsdimp.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/2544
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 9fb681792d65fa570cb3e1a769945c10bf276d25)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/main.c b/linux-user/main.c
index 84e110dfe9..86d04cca3c 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -975,7 +975,7 @@ int main(int argc, char **argv, char **envp)
                       info, &bprm);
     if (ret !=3D 0) {
         printf("Error while loading %s: %s\n", exec_path, strerror(-ret));
-        _exit(EXIT_FAILURE);
+        exit(EXIT_FAILURE);
     }
=20
     for (wrk =3D target_environ; *wrk; wrk++) {
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621943; cv=none;
	d=zohomail.com; s=zohoarc;
	b=SGjZy/g6GOaI2ZLPnRjdzu5TdyejlNm6cy9pII6QS88lk7WH9mXx6lxgRI1nJ4JEN1RbWCF9KgJ/Kvc1IX3AFb1MUKQtJNTVgduad9PMWhfdT1Ev8UoiJkyVAc6hLqApzc4IFTtXgEPbSKeJQcz2g0J3n4bKGwejOJcFwxzNgLc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621943;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=8zQNVjzqfNAqc/JcfkFr1Pyl4dPQhChjyox+dpEsvXY=;
	b=UFEhwf93RQWnj+qDemfw2VRZaNm5wh2BjKS4gfsAdSd8fJVnFU6ur5FqRImGvEhLhqi5MNaZiVKYK2/Er2z/VR/vkt/pg4yzQiIzMqFHovL15Hek4oxE9j6kRGiBUwCxhwZ2q6OGkW6r+F1L5LxS2bghhJk5nJrrLtRgqeCatuk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621943971601.1924871464992;
 Tue, 12 May 2026 14:39:03 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuit-0004mJ-Ce; Tue, 12 May 2026 17:33:03 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuiN-00047M-Dn; Tue, 12 May 2026 17:32:32 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuhd-0002Fo-GK; Tue, 12 May 2026 17:32:28 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id C23E71AA3F4;
 Tue, 12 May 2026 23:58:19 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id B36BF3ABD4C;
 Tue, 12 May 2026 23:58:23 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619499; bh=gbm8nkzIZb3/sWf7kA6zr4NLx2XSe3RZeKjcEw48UgA=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=a6xMyPE+PlaXBz/4U7SZ3oR7Fw7X8jTPt4cWtbO9PHTAciaRNqZaDM9lnDHETZDjs
 se5IgB7u+X8WfNgIC7juz0sLUB97CGcwf3SXvoLJ1ueUKAhzEJR5lks4TijyoeTmvX
 ItcvQ2naE02DEdriEF+o7eqRplVeIbXd9Te/18arl3cGD+mhfPyD8sUnBWPXQ929Xf
 bpQ+iGfaPjp9XM32cfCFcRjWw++ze8B45qtQga8ILD0KFE/nmR8KZy1I/2spasDIx3
 JDYLXKXoEEwr7EyCFQYU8c1h2x/yDm1FXhucMBL43MRf3HzRlxQIXLGNd1yOZgKa7E
 6ACGW6LRAV0BQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Helge Deller <deller@gmx.de>,
 Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 41/58] linux-user: Allow getsockopt() with NULL optval
 address
Date: Tue, 12 May 2026 23:58:02 +0300
Message-ID: <20260512205820.361821-41-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621946256154100
Content-Type: text/plain; charset="utf-8"

From: Helge Deller <deller@gmx.de>

Some programs test availability of socket options by asking for the
value with an NULL optval address, which currenrly always trigger an
EFAULT in qemu.  Fix it by allowing a NULL address, in the same manner
as the Linux kernel on physical machines.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/2390
Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>
(cherry picked from commit 08dc3e240fc00213c0eb29b71569dc0ca9301337)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 4594909242..d68edb7afd 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2644,6 +2644,10 @@ get_timeout:
             if (ret < 0) {
                 return ret;
             }
+            /* special case: destination address is NULL, return 0 */
+            if (optval_addr) {
+                len =3D 0;
+            }
             if (len =3D=3D sizeof(struct target__kernel_sock_timeval)) {
                 if (copy_to_user_timeval64(optval_addr, &tv)) {
                     return -TARGET_EFAULT;
@@ -2844,7 +2848,10 @@ get_timeout:
         }
         if (len > lv)
             len =3D lv;
-        if (len =3D=3D 4) {
+        if (!optval_addr) {
+            /* writing to NULL does not give error */
+            len =3D 0;
+        } else if (len =3D=3D 4) {
             if (put_user_u32(val, optval_addr))
                 return -TARGET_EFAULT;
         } else {
@@ -2877,18 +2884,24 @@ get_timeout:
                 return -TARGET_EINVAL;
             lv =3D sizeof(lv);
             ret =3D get_errno(getsockopt(sockfd, level, optname, &val, &lv=
));
+write_ret:
             if (ret < 0)
                 return ret;
-            if (len < sizeof(int) && len > 0 && val >=3D 0 && val < 255) {
+            if (!optval_addr) {
+                len =3D 0;
+            } else if (len < sizeof(int) && len > 0 && val >=3D 0 && val <=
 255) {
                 len =3D 1;
-                if (put_user_u32(len, optlen)
-                    || put_user_u8(val, optval_addr))
+                if (put_user_u8(val, optval_addr)) {
                     return -TARGET_EFAULT;
+                }
             } else {
                 if (len > sizeof(int))
                     len =3D sizeof(int);
-                if (put_user_u32(len, optlen)
-                    || put_user_u32(val, optval_addr))
+                if (put_user_u32(val, optval_addr)) {
+                    return -TARGET_EFAULT;
+                }
+            }
+            if (put_user_u32(len, optlen)) {
                     return -TARGET_EFAULT;
             }
             break;
@@ -2939,20 +2952,7 @@ get_timeout:
                 return -TARGET_EINVAL;
             lv =3D sizeof(lv);
             ret =3D get_errno(getsockopt(sockfd, level, optname, &val, &lv=
));
-            if (ret < 0)
-                return ret;
-            if (len < sizeof(int) && len > 0 && val >=3D 0 && val < 255) {
-                len =3D 1;
-                if (put_user_u32(len, optlen)
-                    || put_user_u8(val, optval_addr))
-                    return -TARGET_EFAULT;
-            } else {
-                if (len > sizeof(int))
-                    len =3D sizeof(int);
-                if (put_user_u32(len, optlen)
-                    || put_user_u32(val, optval_addr))
-                    return -TARGET_EFAULT;
-            }
+            goto write_ret;
             break;
         default:
             ret =3D -TARGET_ENOPROTOOPT;
@@ -2986,8 +2986,14 @@ get_timeout:
             if (ret < 0) {
                 return ret;
             }
-            if (put_user_u32(lv, optlen)
-                || put_user_u32(val, optval_addr)) {
+            if (optval_addr) {
+                if (put_user_u32(val, optval_addr)) {
+                    return -TARGET_EFAULT;
+                }
+            } else {
+                lv =3D 0;
+            }
+            if (put_user_u32(lv, optlen)) {
                 return -TARGET_EFAULT;
             }
             break;
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622420; cv=none;
	d=zohomail.com; s=zohoarc;
	b=G8vwhYrXzvz38iZGoYUQ/pAw7u2/3lEoTUrI/9MNX6MrKNkx/UPoPwG+orZPtyMO2Gj380S3/ncmeO0mqdTZxf1lLSRbdoTr8Pn0zs+hN70KGTcJ6iPwx8uqtrbqRIJAS1GTuZNREP+KNqrlox8MSEhZFIJccgZmErMd+yq4Dic=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622420;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=TqD837yp88DSS1Gslp0t4800/XTogJIGiBSgzHVkOIc=;
	b=Qz3gPYPZRrqLdV1o+yCpoywEtPOnrFHsRorXdvB1Oa7AuPLgTXbXHRhfbbylb+BuWaBP6HNYiiu724W1nmMs+7SQhPXySB6PfV4SIMx1Knof29p1W03oZJUZS/DdmyKn2/N3XIwQFiGzJFp8taFCCeX1pSz10lrRQvOxEL0DtfI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 177862242013757.87659191216278;
 Tue, 12 May 2026 14:47:00 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuj2-00051Y-Rf; Tue, 12 May 2026 17:33:13 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuiX-0004Fw-FY; Tue, 12 May 2026 17:32:41 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuiM-0002ZA-A4; Tue, 12 May 2026 17:32:39 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id CE8A51AA3F5;
 Tue, 12 May 2026 23:58:19 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id DDECC3ABD4D;
 Tue, 12 May 2026 23:58:23 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619499; bh=JUzy+Aux80fJCuGYOfjx3LkGiItOtwzq7VuAiSImeqI=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=WfNtCbbnk5vfXJal2euM/fVIdUZt6V9cOjHKVPPn+Lok0Frd0AyRzeS23mnj4i/Tg
 5uy/o6Lf5PLzb0H0c9IkPbKlqI62H/lNIkKvq/9z0wtEbmkgwZ7Ykc9m8cqQYPI57X
 op35qsp26E5iGLmw+BOiYm8/bM6wTjAnDaTcJTGH4Osic32zCtljdeZYcRwFCgbpqa
 BYWyx91mK0E2i9mbPhbTmREqaPsOARUiZHXUeDrcdzJhWyAzPPLxcLMqsJ5x2f8IzR
 u6qW+ZjsADYcyAqmYqEMBrQ9rLaDePCESTdMIRCjz1OGNwzdjFPX+jm6gc6O+TCL7l
 7V59+JspiH8Ng==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Helge Deller <deller@gmx.de>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 42/58] linux-user: Translate errno in IP_RECVERR and
 IPV6_RECVERR
Date: Tue, 12 May 2026 23:58:03 +0300
Message-ID: <20260512205820.361821-42-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622421781158500
Content-Type: text/plain; charset="utf-8"

From: Helge Deller <deller@gmx.de>

Translate host error codes of IP_RECVERR and IPV6_RECVERR control messages =
to
target error codes before returning to the caller.
For example, this is important for architectures (e.g. hppa, alpha, sparc,
mips) on which the value of ECONNREFUSED is different to the value on a x86=
_64
host.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/602
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 9667bf3249256788245c6ca07bc12106f3e4fa22)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index d68edb7afd..d3d9fffb54 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2008,7 +2008,8 @@ static inline abi_long host_to_target_cmsg(struct tar=
get_msghdr *target_msgh,
                     tgt_len !=3D sizeof(struct errhdr_t)) {
                     goto unimplemented;
                 }
-                __put_user(errh->ee.ee_errno, &target_errh->ee.ee_errno);
+                __put_user(host_to_target_errno(errh->ee.ee_errno),
+                           &target_errh->ee.ee_errno);
                 __put_user(errh->ee.ee_origin, &target_errh->ee.ee_origin);
                 __put_user(errh->ee.ee_type,  &target_errh->ee.ee_type);
                 __put_user(errh->ee.ee_code, &target_errh->ee.ee_code);
@@ -2062,7 +2063,8 @@ static inline abi_long host_to_target_cmsg(struct tar=
get_msghdr *target_msgh,
                     tgt_len !=3D sizeof(struct errhdr6_t)) {
                     goto unimplemented;
                 }
-                __put_user(errh->ee.ee_errno, &target_errh->ee.ee_errno);
+                __put_user(host_to_target_errno(errh->ee.ee_errno),
+                           &target_errh->ee.ee_errno);
                 __put_user(errh->ee.ee_origin, &target_errh->ee.ee_origin);
                 __put_user(errh->ee.ee_type,  &target_errh->ee.ee_type);
                 __put_user(errh->ee.ee_code, &target_errh->ee.ee_code);
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621897; cv=none;
	d=zohomail.com; s=zohoarc;
	b=kTHHE6FRtSlaYwADdXJl8+ACXAeJwxsqZtDqYDw6+W2QD91rxWjv/3u7Jc48Cs+e2eKOoU/cQjsOSXbv5F3FkW+nrh1+UKiWK3AaXK483of+MRUmA0msfiayLVPYe1AGA3rkk/nanw01jT+V0OXYZ5N64Z9LB/pgMwN8XWXxVY8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621897;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=emyPiBCmqlCIKIAVMHxalKHoKxtTkzuf1WRf7Xmo2TQ=;
	b=R5e5ujOACAmGeL98rSlJZyEJeyNAJfsGcAymMRZ4pZqhuGEwzxz1AQM+IA3+jyqBseAqwybPMamZxZxT1yR0neBnJ0+4L1XVz7yHokO8lo1SwmH+6Lq+l2ld+evsG02dHjh99omGMU/rQM0Al8onQqMzC8sZ7muUJlG/bisPtfY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621897055776.1941746242865;
 Tue, 12 May 2026 14:38:17 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuj5-0005FB-Vj; Tue, 12 May 2026 17:33:16 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuia-0004NT-Ej; Tue, 12 May 2026 17:32:45 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuiQ-0002a7-9N; Tue, 12 May 2026 17:32:41 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id E124E1AA3F6;
 Tue, 12 May 2026 23:58:19 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id EA9DD3ABD4E;
 Tue, 12 May 2026 23:58:23 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619499; bh=BnyGBCl2tDmEhHgXBXYxgINhnh2BQvH3VrIdaBHXsMg=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=sjMktoFQHDIAS++H60JdTJ3Ul+OH7su1wi4j9sMhLUxjpgk3WFdq7ShFAxeQbATyB
 Sns4+vXNrg8mW2WPBNwz6+x+eUTIw6N9dtZ9pXiWVw5K27LtwhdqiQflvkHGrKXDYe
 8Ah3cibwgPtmcOeDUmJnTbFf8x9JC8mCKLRwMSHt8GKWAx3EYS5Y7W5Qqm5WgtVyZ0
 ZjSR/7UlTmbeWJkJfie/KUfiQayijIZN7RgEaV4FEMtBb3jAvn/p0UBQwhyaa9BkF6
 duPLqS5BNoG/Ccw76gCjkMamkjZ1hrV+KnOX6ASlTaA+6azZtnwLG0ytCMHpAnmazn
 jE3pa5qajK4xg==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, kiki <Chan9Yan9@gmail.com>,
 Zexiang Zhang <chan9yan9@gmail.com>,
 Gautam Menghani <gautam@linux.ibm.com>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Harsh Prateek Bora <harshpb@linux.ibm.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 43/58] hw/intc/xics: Add a check for an invalid server
 id
Date: Tue, 12 May 2026 23:58:04 +0300
Message-ID: <20260512205820.361821-43-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621899091158500

From: kiki <Chan9Yan9@gmail.com>

A malformed IVE value can result in an invalid server field being
passed to icp_irq(). The function assumes the server id is valid and
may access invalid state otherwise, potentially leading to a crash.

Fix this by validating the server id before using it and ignoring
invalid values.

Reported-by: Zexiang Zhang <chan9yan9@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3324
Signed-off-by: Zexiang Zhang <chan9yan9@gmail.com>
Signed-off-by: Gautam Menghani <gautam@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20260428103645.50617-1-Gautam.Meng=
hani@ibm.com
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
(cherry picked from commit 1aee8067fce95d15061eca8fbb6772d8a90ea699)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/intc/xics.c b/hw/intc/xics.c
index 1d40c4386d..2e68ac8b96 100644
--- a/hw/intc/xics.c
+++ b/hw/intc/xics.c
@@ -26,6 +26,7 @@
  */
=20
 #include "qemu/osdep.h"
+#include "qemu/log.h"
 #include "qapi/error.h"
 #include "trace.h"
 #include "qemu/timer.h"
@@ -222,6 +223,13 @@ void icp_irq(ICSState *ics, int server, int nr, uint8_=
t priority)
=20
     trace_xics_icp_irq(server, nr, priority);
=20
+    if (!icp) {
+        qemu_log_mask(LOG_GUEST_ERROR, "XICS: invalid server %d for IRQ 0x=
%x\n",
+                      server, nr);
+        ics_reject(ics, nr);
+        return;
+    }
+
     if ((priority >=3D CPPR(icp))
         || (XISR(icp) && (icp->pending_priority <=3D priority))) {
         ics_reject(ics, nr);
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621928; cv=none;
	d=zohomail.com; s=zohoarc;
	b=GL2K8Y8q1IHci7c7VEXq9vdVtID71ewMLynh5fn/CWqh7FBJ4XpAOqMWXQoucN+vCEqpV5U1MIyIScMuGn+x9EG0aCwEIXqTi/4pJjMrLUvJg+6/YvDQXmuO1r1Vc5gM3LQpwDUkSTHzVZNFOsya2+lnE13meshjeTFL1pJeQ8E=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621928;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=MdeKvpHbCUahU8cH9WgagehrZx2YXdwUE0JYGVq3Ud8=;
	b=lHhdLcnqV+b/q6a6tNtBlf0jgmcH3+wPIgY1fEd5KP+S8p8wao6RmvPa+2hyzxlWp50IhtafjIWpAhCWvM21WBc+1Fha6LmUds6ybSW5LfEuJnEGe8cvcB+tkbCRRmz0N1EkyGATqB3/M1M/YvAElA6qhaHuxpIJi4+DMDatyqA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 17786219285901015.5825032997795;
 Tue, 12 May 2026 14:38:48 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuj9-0005N0-G4; Tue, 12 May 2026 17:33:19 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuih-0004Z4-Ds; Tue, 12 May 2026 17:32:51 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuib-0002dY-Ed; Tue, 12 May 2026 17:32:50 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id F21CA1AA3F7;
 Tue, 12 May 2026 23:58:19 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 0983D3ABD4F;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619499; bh=twiQ6dve30+HtVBJ4b/QtkQ0XVNEemfxY0ciTJYJ+d4=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=ror0EQ1AvBiOfWnZNSCztBRny35Zlmc6TbWtvrQtTwHX9eTP92H09oLWiXCCpxdy6
 wzzAja1UZswn0rXzH1s2UT1bZ2qoTpxVu0AEO6TZXSEkcWfmdqRTmCCOc/jj1urFiF
 0ziUeHhf5037Mhac1nou1pvMqBjoAzUEVXftKinWnDNHfNaowdE+LtYaueZBYYk3KA
 Vg5ayah/UO+Rvhpj2J+cZdzq5XeERAY0V4NKzKvxy/vrxNsos/FYFk6HbZUGejv7lG
 BCJFE2QDmpjGnnZr3JePFajSJRLcWB+mt8qRL0GubzUPn6V0KYJxZgjf1RWBRr7uyG
 r0lCoYyBStdQw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Vivien LEGER <vivien.leger@gmail.com>,
 Bernhard Beschow <shentey@gmail.com>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 44/58] hw/ppc/e500: fix bus-frequency property
 hardcoded to zero in CPU FDT node
Date: Tue, 12 May 2026 23:58:05 +0300
Message-ID: <20260512205820.361821-44-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621930025154100

From: Vivien LEGER <vivien.leger@gmail.com>

The bus-frequency property in the CPU FDT node was hardcoded to 0.
This is incorrect - it should reflect the actual platform bus clock
frequency, as firmware and RTOSes use it to derive peripheral clock
rates.

Notably, the RTEMS QorIQ BSP uses bus-frequency to program the MPIC
global timer interval. With bus-frequency=3D0, the timer interval
overflows to ~85 seconds, preventing any clock interrupts from firing.

Fix by adding a bus_freq field to PPCE500MachineClass and using it in
the FDT generator. Set bus_freq =3D PLATFORM_CLK_FREQ_HZ (400MHz) for
existing machines, matching the existing clock_freq value.

Signed-off-by: Vivien LEGER <vivien.leger@gmail.com>
Reviewed-by: Bernhard Beschow <shentey@gmail.com>
Message-ID: <20260411154535.1451361-1-vivien.leger@gmail.com>
Signed-off-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
(cherry picked from commit 774e6f5c1533aba9e04f95cb8cfba64d8329fcb0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index d6ca2e8563..5be2f2095f 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -518,7 +518,7 @@ static int ppce500_load_device_tree(PPCE500MachineState=
 *pms,
                               env->icache_line_size);
         qemu_fdt_setprop_cell(fdt, cpu_name, "d-cache-size", 0x8000);
         qemu_fdt_setprop_cell(fdt, cpu_name, "i-cache-size", 0x8000);
-        qemu_fdt_setprop_cell(fdt, cpu_name, "bus-frequency", 0);
+        qemu_fdt_setprop_cell(fdt, cpu_name, "bus-frequency", pmc->bus_fre=
q);
         if (cpu->cpu_index) {
             qemu_fdt_setprop_string(fdt, cpu_name, "status", "disabled");
             qemu_fdt_setprop_string(fdt, cpu_name, "enable-method",
diff --git a/hw/ppc/e500.h b/hw/ppc/e500.h
index 11f8ae5317..6d56c7b4cb 100644
--- a/hw/ppc/e500.h
+++ b/hw/ppc/e500.h
@@ -40,6 +40,7 @@ struct PPCE500MachineClass {
     hwaddr pci_mmio_bus_base;
     hwaddr spin_base;
     uint32_t clock_freq;
+    uint32_t bus_freq;
     uint32_t tb_freq;
 };
=20
diff --git a/hw/ppc/e500plat.c b/hw/ppc/e500plat.c
index ca5647284d..85cec810d9 100644
--- a/hw/ppc/e500plat.c
+++ b/hw/ppc/e500plat.c
@@ -94,6 +94,7 @@ static void e500plat_machine_class_init(ObjectClass *oc, =
const void *data)
     pmc->pci_mmio_bus_base =3D 0xE0000000ULL;
     pmc->spin_base =3D 0xFEF000000ULL;
     pmc->clock_freq =3D PLATFORM_CLK_FREQ_HZ;
+    pmc->bus_freq =3D PLATFORM_CLK_FREQ_HZ;
     pmc->tb_freq =3D PLATFORM_CLK_FREQ_HZ;
=20
     mc->desc =3D "generic paravirt e500 platform";
diff --git a/hw/ppc/mpc8544ds.c b/hw/ppc/mpc8544ds.c
index 582698559d..d022761cb6 100644
--- a/hw/ppc/mpc8544ds.c
+++ b/hw/ppc/mpc8544ds.c
@@ -56,6 +56,7 @@ static void mpc8544ds_machine_class_init(ObjectClass *oc,=
 const void *data)
     pmc->pci_pio_base =3D 0xE1000000ULL;
     pmc->spin_base =3D 0xEF000000ULL;
     pmc->clock_freq =3D PLATFORM_CLK_FREQ_HZ;
+    pmc->bus_freq =3D PLATFORM_CLK_FREQ_HZ;
     pmc->tb_freq =3D PLATFORM_CLK_FREQ_HZ;
=20
     mc->desc =3D "mpc8544ds";
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622489; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Ki9YNjlctU4cq3dlEkHIgdDCrFsrhBfKQpWwSSqrLEo2VHLHe0TsahBZ1jehqsZ6xOnvYmqc9DXz8EZANkW691+XBdoa0s5zyICwEEuX4DDmHs+yb+1WfF+3YUAAUqcbnWAHZk6Ca+MGDH2VbpZybmAnHpWKd9SP+zE0h+WRBXM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622489;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=j8Cy11bqSHbtC9PGJDW1Gfj5h5QjNbaPO2RIKbQf97U=;
	b=O7X4jkjmglw0znLKZ8aYHswJbiFB3eejnoGQftaVlTEi869eaE4FHdR9mxX9WW3dI6+5k7VknJOcq7bqzWXXDdfIP5XY/4GEtGoUymZVnEAGlZe/N2GVdDoWzBj0k+fpQ1wb1Knw1J2xWdvKemL28GrrGc0aXqiG3+94c1l0xgI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622489323660.0579472106864;
 Tue, 12 May 2026 14:48:09 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMujA-0005O7-51; Tue, 12 May 2026 17:33:20 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuih-0004ZD-DT; Tue, 12 May 2026 17:32:51 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuie-0002ej-Cq; Tue, 12 May 2026 17:32:50 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 0CBD81AA3F8;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 19E423ABD50;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619500; bh=TJPoL99SCcRmYeBbngM5TxHXnKnsJdA5vW/twqNnpms=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=w/gIv8qtRQWX514NocrC331SyxSRKlBYgJgCZ6+AtNgeWzD3vMUL6ay7E4PMS198u
 KHsVz+N50Cv8SNKLub5J9lZLSnFiGXnURZe9wE1fhd5YTR+kWwdxPsNmQja1AcHKro
 yF7kGMLz6umdomz6879yF1lOeXr2bEwJhg46wYF/hUBcG8BAwLjyqNL+1KLorCEA/q
 6GH9+wqgsmRa2U2T89ba/MoXMJYm9U3yfDYjlsolnmHMUEQmIm4UbubtIj5NNjaL3o
 JGOdKhD1uhbNUq9biyVGWaTcoOaDSbRMK53cUv3Z5jeOD1ER6IfN7/3nNwsHx48bAp
 aIW/TmB8M0ReA==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
 =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong@member.fsf.org>,
 Peter Maydell <peter.maydell@linaro.org>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 45/58] hw/net/allwinner-sun8i-emac: Flush queued
 packets when rx is enabled
Date: Tue, 12 May 2026 23:58:06 +0300
Message-ID: <20260512205820.361821-45-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622489990158500

From: =E5=AE=8B=E6=96=87=E6=AD=A6 <iyzsong@member.fsf.org>

The RX_CTL_0 register includes the RX_EN receive-enable bit,
which allwinner_sun8i_emac_can_receive() checks. That means that
if the guest sets it we need to call qemu_flush_queued_packets()
as we might now be able to handle them.

This fixes a bug where networking didn't work in u-boot on the
orangepi-pc machine.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3459
Signed-off-by: =E5=AE=8B=E6=96=87=E6=AD=A6 <iyzsong@member.fsf.org>
Message-id: 20260430040753.3337-1-iyzsong@envs.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: expanded commit message, removed unneeded RX_EN test]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit a7f27d6903b30bcea21c46986cb7507edcbc970c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/net/allwinner-sun8i-emac.c b/hw/net/allwinner-sun8i-emac.c
index 9b7c67ae8e..8ddaa6101f 100644
--- a/hw/net/allwinner-sun8i-emac.c
+++ b/hw/net/allwinner-sun8i-emac.c
@@ -727,6 +727,9 @@ static void allwinner_sun8i_emac_write(void *opaque, hw=
addr offset,
         break;
     case REG_RX_CTL_0:          /* Receive Control 0 */
         s->rx_ctl0 =3D value;
+        if (allwinner_sun8i_emac_can_receive(nc)) {
+            qemu_flush_queued_packets(nc);
+        }
         break;
     case REG_RX_CTL_1:          /* Receive Control 1 */
         s->rx_ctl1 =3D value | RX_CTL1_RX_MD;
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622485; cv=none;
	d=zohomail.com; s=zohoarc;
	b=EyOQ/aX05O30B9dkdPqB3rDUiAd9mgYdQmjgJI8y4lcF2G+I+z1iRotlc/CHtHVhkqg9HUxfVWZURppCHfY0q6quM3u+HtFdGI5RWs8T6XvA4MSRSacVLmLJfb8IIZchi2PJkjWC+KvwDAYgco66sFxPHhwxpOBxgREGAt7NuoQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622485;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=eQBsYyBJUnlWv4gW8Iv3dHiiWxwzJ8FyOphe23ifGfc=;
	b=PyDsi0dkJ5lHt9eXy9XsWr5iI1xth4tJYp0TKGc8FqhzF0okNeFCz4AEa1DrtUFle2sDCee5GMCC6JwSjV2Lnt/CkVbWddbHgdlJlJWyXuJc/oDlFuq7BSnLKvn1tKgEEePhj2lpwKhJhCK38xsrEevSOCv4fbvnCLUAAwuqm4Q=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622485446938.4244222590396;
 Tue, 12 May 2026 14:48:05 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMujD-0005UO-2f; Tue, 12 May 2026 17:33:30 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuil-0004ep-BU; Tue, 12 May 2026 17:32:55 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuii-0002ht-Vl; Tue, 12 May 2026 17:32:55 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 1B1B01AA3F9;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 28FD63ABD51;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619500; bh=VlGXvUDypyZhaDaWHFTe/L9iILzY0B2u/VrXrrnCbpg=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=GpqMOoteG7jIa7FhZDg1f4HMlf+w0S/WUhvL5WFEZUSqlH2VlKc7m9K7aNuaUbsWi
 Xojq+Xnhu5nm9PNtHV6zn7ZiJTjkTbqma8zvxFm7VpVN40jQqA3t9Bbm7fK0haD2gF
 jBnckPrr5/KtxzxyPSriBu7KXOf+sYCw4PRqX9IHsIhKMbxTNQ8LySE7KfL/IAq50r
 SQc6Y1DL2ZDMxCbqNyF2/KCALlRwPZL9JDc3M4n8jU+4gIzRPoykHLgQ/LpIHBfB2z
 +80+jyRBJwQErKhu7LHTKjIfIL2wR8GUBdg8qM3lAXKj0CNXP/LDyyGqZzo2I3RirD
 qeFwi0+Ypp2pQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, liugan1 <liugan1@lixiang.com>,
 Peter Maydell <peter.maydell@linaro.org>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 46/58] hw/intc/arm_gicv3: Fix NS write to
 ICC_AP1Rn_EL1 when prebits < 7
Date: Tue, 12 May 2026 23:58:07 +0300
Message-ID: <20260512205820.361821-46-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622486014158500
Content-Type: text/plain; charset="utf-8"

From: liugan1 <liugan1@lixiang.com>

The existing code uses a blanket `regno < 2` check to make
ICC_AP1R0_EL1 and ICC_AP1R1_EL1 writes from Non-secure code WI
(Write Ignore) when EL3 is present. This is intended to prevent
NS code from claiming active interrupts in the Secure priority
range, which could block Secure interrupt delivery.

However, that check assumes prebits=3D7 (4 APR registers), where the
NS priority range (128..255) maps entirely to AP1R2/AP1R3. Since
commit 39f29e599355 ("hw/intc/arm_gicv3: Use correct number of
priority bits for the CPU", first in 7.1), all QEMU AArch64 CPUs
are initialised with gic_pribits=3D5 (one APR register), so NS
priorities map to AP1R0 bits [16:31]. Blanket WI of the entire
AP1R0 register prevents NS code from clearing its own NS active
priority bits. Machines using hw_compat_7_0 (e.g. virt-7.0) still
force pribits=3D8 via force-8-bit-prio and are therefore unaffected.

A concrete consequence observed in virtualisation scenarios: when
a guest VM acknowledges an SPI interrupt but does not perform EOI,
is force-killed and restarted, the new guest's attempt to clear
the residual active state by writing ICC_AP1R0_EL1=3D0 is silently
ignored. The running priority (RPR) remains stuck at the old
interrupt's priority, preventing all equal-or-lower priority
interrupts (including timer interrupts) from being delivered, and
hanging the guest.

Fix this by computing the exact Secure/NS boundary within the APR
bank based on prebits. For registers entirely in the Secure range,
keep the WI behaviour. For the register that straddles the
boundary, preserve only the Secure bits while allowing NS bits to
be modified. For registers entirely in the NS range, allow full
write access.

The new logic produces identical behaviour to the old code when
prebits=3D7, preserving existing behaviour for machines that use
force-8-bit-prio.

Fixes: 39f29e599355 ("hw/intc/arm_gicv3: Use correct number of priority bit=
s for the CPU")
Cc: qemu-stable@nongnu.org
Signed-off-by: liugan1 <liugan1@lixiang.com>
Message-id: 20260428083119.1400110-1-gs_liugan@163.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit f35f0f1ca121fb4931fe98570cda3aeb06b7a87f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index eaf1e512ed..d0110756be 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -1869,9 +1869,40 @@ static void icc_ap_write(CPUARMState *env, const ARM=
CPRegInfo *ri,
      * at a priority outside the Non-secure range (128..255), since this
      * would otherwise allow malicious NS code to block delivery of S inte=
rrupts
      * by writing a bad value to these registers.
+     *
+     * The NS priority range (128..255) maps to APR bits starting at
+     * aprbit =3D 0x80 >> (8 - prebits). Depending on prebits, this bounda=
ry
+     * may fall within AP1R0 or AP1R1, so we cannot simply WI the entire
+     * register. Instead we calculate which bits within each register
+     * correspond to the Secure range and preserve those, while allowing
+     * NS code to modify only the NS range bits.
+     *
+     *   prebits=3D4: num_aprs=3D1, NS starts at AP1R0[8]
+     *   prebits=3D5: num_aprs=3D1, NS starts at AP1R0[16]
+     *   prebits=3D6: num_aprs=3D2, NS starts at AP1R1[0]
+     *   prebits=3D7: num_aprs=3D4, NS starts at AP1R2[0]
      */
-    if (grp =3D=3D GICV3_G1NS && regno < 2 && arm_feature(env, ARM_FEATURE=
_EL3)) {
-        return;
+    if (grp =3D=3D GICV3_G1NS && arm_feature(env, ARM_FEATURE_EL3)) {
+        int ns_start_bit =3D 0x80 >> (8 - cs->prebits);
+        int ns_start_regno =3D ns_start_bit / 32;
+        int ns_start_regbit =3D ns_start_bit % 32;
+
+        if (regno < ns_start_regno) {
+            /* This entire register is in the Secure range: WI */
+            return;
+        } else if (regno =3D=3D ns_start_regno && ns_start_regbit > 0) {
+            /*
+             * This register is split: low bits are Secure, high bits are =
NS.
+             * Preserve the Secure bits (below ns_start_regbit) from the
+             * current value, and take the NS bits (at and above
+             * ns_start_regbit) from the written value.
+             */
+            uint32_t secure_mask =3D MAKE_64BIT_MASK(0, ns_start_regbit);
+
+            value =3D (cs->icc_apr[grp][regno] & secure_mask) |
+                    (value & ~secure_mask);
+        }
+        /* else: regno > ns_start_regno, entire register is NS: allow writ=
e */
     }
=20
     if (cs->nmi_support) {
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621943; cv=none;
	d=zohomail.com; s=zohoarc;
	b=nwtsbWJ0ZXU5S+D9LRshP5TuUbuSoRmquOYHl9PfZTWeL2oxD4gSwFlLFzLioQ8KB1E13INi8pwmvJSlY1wfNHnPifW9F947y5zsT2ZQWMSLCeoIfPYhA0bT0yje+Io7XbBAJ4NEon91+1lEY0QPnmGC74Bx0M3e8dQxpLy7QBM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621943;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=ihi9LJJ8uAMP1945luItmWMAwqdZoXCZXmPPBxoBxW0=;
	b=XoQwpLj3jPIUeSUlntH5v2DVL9cjoH5dgHhGbJ85kRG3sqe13CmbQQyBRP6AePq5f5dnkGWSo4pC/yBdUfh1+Q1Mq4E8IB273i6oMe9rRuHkGEd3hGGgdjubke6mQd48HN6Q/ph8NCWaIvbrDHg+tRfJiGxCYCmxsE0JDfMwbMw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621943882498.60632419258854;
 Tue, 12 May 2026 14:39:03 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuj8-0005M2-GR; Tue, 12 May 2026 17:33:19 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuim-0004fn-12; Tue, 12 May 2026 17:32:58 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuij-0002hv-Vm; Tue, 12 May 2026 17:32:55 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 2D07C1AA3FA;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 378603ABD52;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619500; bh=c0sUG123j8SktnUoky/z9a2M0oaRE/G9DflycOe1HTQ=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=g221C0abSsnKJgOShht0bTyZ+FXBONl0Y0gkmW0rrMR8wC4ZADEpIIYeiv76T87Fo
 uOIPvyeD6kqg1lby1ASdMhc9pH6FqN+E/2pFrlDRXmFSk8znQn4uNtjXVeshWSZeF8
 /wFpv+XWBO/061vF9f8tWcmX6zN2rNXDWpnj/ezj97OuGMfEvJ/G553bcC98rdIpZJ
 E/nXr5r1o4epud7owQ3rDA+5nAsLOA/rR94LFFi9w5zYxxv6evjYif6Ikc1dU3eRdl
 BtZ6q2br162I0RlOv21fsxMenTyyBVlQS/JutmKOiayJq0DOCHbAguDqQAAq0LGL2E
 lzXKtV1wGSBNA==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Fabiano Rosas <farosas@suse.de>,
 "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>,
 Peter Xu <peterx@redhat.com>,
 "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 47/58] migration: Use QAPI_CLONE_MEMBERS in
 migrate_params_test_apply
Date: Tue, 12 May 2026 23:58:08 +0300
Message-ID: <20260512205820.361821-47-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621945680158500
Content-Type: text/plain; charset="utf-8"

From: Fabiano Rosas <farosas@suse.de>

Use QAPI_CLONE_MEMBERS instead of making an assignment. The QAPI
method makes the handling of the TLS strings more intuitive because it
clones them as well.

This also fixes a segfault when a NULL TLS option is accessed as part
of a validation check for another option (e.g. in the zero-copy +
multifd compression case). Details follow:

Currently, after copying s->parameters to the temporary
MigrationParameters object before migrate_params_check(), the
references in temporary object to the TLS options are dropped, either
because:

a) the user set a new option, in which case that's fine as
   s->parameters still holds the reference to the old memory or,

b) the user did not set a new option, in which case keeping the
   references in the temporary object would later cause them to be
   freed along with it, leading to double-free when s->parameters is
   also freed later on.

In this second case, it was overlooked that the TLS options can be
accessed already during migrate_params_check() as part of validation
of another option. Those pointers should not have been cleared.

Using QAPI_CLONE_MEMBERS fixes the issue because the temporary object
is not stealing a reference from s->parameters anymore.

Cc: qemu-stable <qemu-stable@nongnu.org>
Fixes: aed97f0563 ("migration: Normalize tls arguments")
Reported-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Link: https://lore.kernel.org/r/a65a1049-9f19-460a-8e27-a62bb30d2727@maciej=
.szmigiero.name
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Tested-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Link: https://lore.kernel.org/r/20260414223718.23965-1-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit f77a7cec9f64ed94062f7b9eb661bd07d60e859a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/migration/options.c b/migration/options.c
index 7556fbc06b..68441f0276 100644
--- a/migration/options.c
+++ b/migration/options.c
@@ -1279,9 +1279,9 @@ bool migrate_params_check(MigrationParameters *params=
, Error **errp)
 static void migrate_params_test_apply(MigrationParameters *params,
                                       MigrationParameters *dest)
 {
-    *dest =3D migrate_get_current()->parameters;
+    MigrationState *s =3D migrate_get_current();
=20
-    /* TODO use QAPI_CLONE() instead of duplicating it inline */
+    QAPI_CLONE_MEMBERS(MigrationParameters, dest, &s->parameters);
=20
     if (params->has_throttle_trigger_threshold) {
         dest->throttle_trigger_threshold =3D params->throttle_trigger_thre=
shold;
@@ -1300,24 +1300,18 @@ static void migrate_params_test_apply(MigrationPara=
meters *params,
     }
=20
     if (params->tls_creds) {
+        qapi_free_StrOrNull(dest->tls_creds);
         dest->tls_creds =3D QAPI_CLONE(StrOrNull, params->tls_creds);
-    } else {
-        /* clear the reference, it's owned by s->parameters */
-        dest->tls_creds =3D NULL;
     }
=20
     if (params->tls_hostname) {
+        qapi_free_StrOrNull(dest->tls_hostname);
         dest->tls_hostname =3D QAPI_CLONE(StrOrNull, params->tls_hostname);
-    } else {
-        /* clear the reference, it's owned by s->parameters */
-        dest->tls_hostname =3D NULL;
     }
=20
     if (params->tls_authz) {
+        qapi_free_StrOrNull(dest->tls_authz);
         dest->tls_authz =3D QAPI_CLONE(StrOrNull, params->tls_authz);
-    } else {
-        /* clear the reference, it's owned by s->parameters */
-        dest->tls_authz =3D NULL;
     }
=20
     if (params->has_max_bandwidth) {
@@ -1374,8 +1368,9 @@ static void migrate_params_test_apply(MigrationParame=
ters *params,
     }
=20
     if (params->has_block_bitmap_mapping) {
-        dest->has_block_bitmap_mapping =3D true;
-        dest->block_bitmap_mapping =3D params->block_bitmap_mapping;
+        qapi_free_BitmapMigrationNodeAliasList(dest->block_bitmap_mapping);
+        dest->block_bitmap_mapping =3D QAPI_CLONE(BitmapMigrationNodeAlias=
List,
+                                                params->block_bitmap_mappi=
ng);
     }
=20
     if (params->has_x_vcpu_dirty_limit_period) {
@@ -1399,7 +1394,8 @@ static void migrate_params_test_apply(MigrationParame=
ters *params,
     }
=20
     if (params->has_cpr_exec_command) {
-        dest->cpr_exec_command =3D params->cpr_exec_command;
+        qapi_free_strList(dest->cpr_exec_command);
+        dest->cpr_exec_command =3D QAPI_CLONE(strList, params->cpr_exec_co=
mmand);
     }
 }
=20
@@ -1555,4 +1551,6 @@ void qmp_migrate_set_parameters(MigrationParameters *=
params, Error **errp)
     }
=20
     migrate_tls_opts_free(&tmp);
+    qapi_free_BitmapMigrationNodeAliasList(tmp.block_bitmap_mapping);
+    qapi_free_strList(tmp.cpr_exec_command);
 }
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622480; cv=none;
	d=zohomail.com; s=zohoarc;
	b=HSNSHI09mCXB+O3SOlxL0N44LNXvN5FPZDv/eAgyxbE8+VZ5dV8UHuMuUaVVzLJVZnLgF/31ztv5mVuZx3hstjCwZaAp5bvYM7Ro2HwDWNyOq3/2Mf977Y63sz3lDvFltNI9v77nm8KwCsCg6A5TNZ41MrBRXNvk9TsVDeqT4CA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622480;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=wqBn/Ccfc3dP1peR38+L33bimvK+a+vJ6zHcO6tUHDI=;
	b=MsvSayklKg6URF90ZFcRaNMPmHglb8LABS/j6ndS2m6URuUyXSjyzYFIrrkGTbg016caAD7d/cwb7ewiNfXkQNllN6dq/Tsv8MBmN069g1/kg2STTXPlBCaMt6K/3MNjgo26rCPdwqg2JzCOnHm3trezjK5UMrBP+209jG3p3ag=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 177862248093640.50617678920264;
 Tue, 12 May 2026 14:48:00 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuk2-00063J-32; Tue, 12 May 2026 17:34:14 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuio-0004gY-RK; Tue, 12 May 2026 17:32:59 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuim-0002jY-Uc; Tue, 12 May 2026 17:32:58 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 3B77F1AA3FB;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 493453ABD53;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619500; bh=v6CLEle3Y76GVTrXMau5TR4bHiXzQQR2E4WOqrllpiU=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=M1/3YUVV5vXbvCsYqvaftcV0q9/TS0QAhWTUqWu5IMpLEYmaQ6UNw9fgp41XKEvlx
 zMbfsJjqcwHTRovpxnqqWNyRD7Y2U43/LWYQB8ymgXe9+dHR+2xdCFsCnru6VRQWFZ
 cviIJy+JlqtShTJsOzHS57sR+XIoj3ff9BAvbzwa0ntvg3drA3helQhDvfjE5Qjw6O
 NxVTWwZM+3iOR2xUkMSkoPt65pTmzCSiiJyOrhziHX43ZDfeVxHSDvHJ5trUBQEdcj
 ppjGxKwg98BWPOP4B1/jTO+Jd55mMAwLpnXkl53KML2N+ax3f3Hofitm/eC9vvnHLs
 eHZyCzqTOmrxw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Peter Xu <peterx@redhat.com>,
 Juraj Marcin <jmarcin@redhat.com>, Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 48/58] migration: Fix low possibility downtime
 violation
Date: Tue, 12 May 2026 23:58:09 +0300
Message-ID: <20260512205820.361821-48-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622483849154100
Content-Type: text/plain; charset="utf-8"

From: Peter Xu <peterx@redhat.com>

When QEMU queried the estimated version of pending data and thinks it's
ready to converge, it'll send another accurate query to make sure of it.
It is needed to make sure we collect the latest reports and that equation
still holds true.

However we missed one tiny little difference here on "<" v.s. "<=3D" when
comparing pending_size (A) to threshold_size (B)..

QEMU src only re-query if A<B, but will kickoff switchover if A<=3DB.

I think it means it is possible to happen if A (as an estimate only so far)
accidentally equals to B, then re-query won't happen and switchover will
proceed without considering new dirtied data.

It turns out it was an accident in my commit 7aaa1fc072 when refactoring
the code around.  Fix this by using the same equation in both places.

Fixes: 7aaa1fc072 ("migration: Rewrite the migration complete detect logic")
Cc: qemu-stable@nongnu.org
Reviewed-by: Juraj Marcin <jmarcin@redhat.com>
Link: https://lore.kernel.org/r/20260421202110.306051-3-peterx@redhat.com
Signed-off-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit 455a6167f25416ce97ea966d6e8301df9fda9a47)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/migration/migration.c b/migration/migration.c
index 5c9aaa6e58..dfc60372cf 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -3242,7 +3242,7 @@ static MigIterateState migration_iteration_run(Migrat=
ionState *s)
          * postcopy started, so ESTIMATE should always match with EXACT
          * during postcopy phase.
          */
-        if (pending_size < s->threshold_size) {
+        if (pending_size <=3D s->threshold_size) {
             qemu_savevm_state_pending_exact(&must_precopy, &can_postcopy);
             pending_size =3D must_precopy + can_postcopy;
             trace_migrate_pending_exact(pending_size, must_precopy,
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622282; cv=none;
	d=zohomail.com; s=zohoarc;
	b=P91vskc1Z4jUAOzZ0evkhQ0TPRLs0OMzSKtoPO2fohl+TETVz1ek4ROAO+r8ckIeLrHgejFBaKsd9Pr+B9xnpVgTSiihqQqeNCx6nYLHlIBVSI0JccDXT6Y4GPnA3HDMl17KOdrp/fKw8i0OaRX36sF6spbYx7PnflMUQrOXUDU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622282;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=IZIgp8sFjJXMhdTVix4u7Y3R2Tb34GMEuvO6RuYSnNE=;
	b=gmCL3Of/va+5xQed9eO2vTHEs7v6qMKHiVSDg0HskI2Y39dwlMtf19Mp7efk0FraHJevwrhjZO+RC6iBShdyCze+s8kEuG9X0V0+ex7++rju5VRJQ/fVf1hoBdbm6Y9KxFDfnqqPRgULRnXXSz5D7Xdd9kms9AyLTFldBew+3sU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 17786222824701.8277038335962743;
 Tue, 12 May 2026 14:44:42 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMujk-000600-NJ; Tue, 12 May 2026 17:34:00 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuir-0004ka-9W; Tue, 12 May 2026 17:33:02 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuin-0002ji-FF; Tue, 12 May 2026 17:33:00 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 4B1F61AA3FC;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 57B5F3ABD54;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619500; bh=v25+bAzOfkjLEgub1Lg6dfuq/a49WinZ9dGMAo86v5A=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=URTa9H4l/V2btrOOcidKZVRIUxpIhO29NGacFNgM5HS4yHvpxt/pMHpJILP0GyX7z
 J2h8DTHvem6DaC52qiln0JyEHKTBYZiHq3AaGh+5JW0kZw87hGtdzWHWpT6cmcTyQG
 AYLzCWJ0aN/VWfsLpqj6rSBImQbclq7Dsi/mmExzckjDWwLCy6N2N7I9q1U5RDsUoI
 +VeDANrd+Tak6hFpUALSc/tH4MM7eLYoxt3/Gt9N3XPRQ37rVt8QXVlkoMpbowUH7L
 WsWiO6slwXiSl5AjWHbsowPB8ou5brxi2ksCyVXzYQemaHz2rD6ocibT0KHNxmUx2d
 CeCY2+C+evKlw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Richard Henderson <richard.henderson@linaro.org>,
 Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 49/58] target/microblaze: Fix endianness used to
 disassemble
Date: Tue, 12 May 2026 23:58:10 +0300
Message-ID: <20260512205820.361821-49-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622284616158500

From: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>

MicroBlaze CPU model has a "little-endian" property, pointing to
the @endi internal field. Commit c36ec3a9655 ("hw/microblaze:
Explicit CPU endianness") took care of having all MicroBlaze
boards with an explicit default endianness (similarly with
commit 91fc6d8101d for linux-user binaries), so later commit
415aae543ed ("target/microblaze: Consider endianness while
translating code") could infer the endianness at runtime from
the @endi field, and not a compile time via the TARGET_BIG_ENDIAN
definition. Doing so, we forgot to propagate that runtime change
to the disassemble_info structure. Do it now to display the
opcodes in correct endianness order.

Cc: qemu-stable@nongnu.org
Fixes: 415aae543ed ("target/microblaze: Consider endianness while translati=
ng code")
Signed-off-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>
Message-Id: <20260423100612.27278-3-philmd@linaro.org>
(cherry picked from commit 41c417290df91c31a70adeb8f5271896a8c5f802)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
index ec513ae82d..639f46b525 100644
--- a/target/microblaze/cpu.c
+++ b/target/microblaze/cpu.c
@@ -237,8 +237,8 @@ static void mb_disas_set_info(const CPUState *cpu, disa=
ssemble_info *info)
 {
     info->mach =3D bfd_arch_microblaze;
     info->print_insn =3D print_insn_microblaze;
-    info->endian =3D TARGET_BIG_ENDIAN ? BFD_ENDIAN_BIG
-                                     : BFD_ENDIAN_LITTLE;
+    info->endian =3D MICROBLAZE_CPU(cpu)->cfg.endi ? BFD_ENDIAN_LITTLE
+                                                 : BFD_ENDIAN_BIG;
 }
=20
 static void mb_cpu_realizefn(DeviceState *dev, Error **errp)
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622101; cv=none;
	d=zohomail.com; s=zohoarc;
	b=k/14GMBXOZOQrISZ1U5qdLourvsCcdouqE28dOBijbWI7guekkOc3QdFDtPuB7d5GMChKfTHGt8I97/M6jnEySrZa7cj/t4axyYf8++Ihg0IRHtmK72Adi4KDb4JbZ6EKZaBmwOFZFUYkX1bNUhvnGTf36CjuT8a2dbFdpbEo9w=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622101;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=W6+kPi/gwSKJWOqITINAstuP3Wzvedbn9KVnG7IFkLI=;
	b=C/uCRI7OBC7TUxU2OhFTAFRnKBWzdTR+MzwdFPFIPITsEnk8z58WsVA0PIPehHpMUWx3113v1Rb6S7M8mej14QwZ9DjmIjl6yAEx3I4vg1iFvaXPXPteUfw11f5uzLizrKR7XNQLy/hAX0Ts7yGP8twlfRwD3TI3QfmXD4OnzJo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622101338484.7452625775487;
 Tue, 12 May 2026 14:41:41 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuk9-0006XN-Ra; Tue, 12 May 2026 17:34:22 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuj7-0005KP-Bz; Tue, 12 May 2026 17:33:17 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuiq-0002k4-U3; Tue, 12 May 2026 17:33:16 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 5B9ED1AA3FD;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 676B03ABD55;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619500; bh=kN+vRBn/OLwmEbR2rmlF5FYYrIr0wj4Oa9rSHAR4hyI=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=PKaT0Weepgtd1VTMtKcvC0+vdjir4vBD0i25MZ47PoMa/ucDG+bxOJyBjvMnEVU8R
 gI1GtkLkfs0SF2PZc4bdYFznu5KvtABxjn81CfYh2g1VNrHhvwLiEfykRUDPqe40SR
 u4bgCvz4pLokYE75KHpDjiYrOjvuxX4HY937H1AwFRXeKPM3qSDGTFr2RF24pppHNv
 T6Nfa6223IqwK+91qIGl5nHmpLw76ggeOttUoPVR/8JgrV0LY/FMvO7tz317nH7NDC
 yfKzifkhLyxntD/fjRjyoO4aRZagEer+fi0J1fTZXP5ZKOYZbZ9TFMjB1XH+C5038u
 TM1eJrxPAvaJw==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Peter Maydell <peter.maydell@linaro.org>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 =?UTF-8?q?Alex=20Benn=C3=A9e?= <alex.bennee@linaro.org>,
 Richard Henderson <richard.henderson@linaro.org>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 50/58] target/arm: Report IL=0 for Thumb 16-bit BKPT
 insn
Date: Tue, 12 May 2026 23:58:11 +0300
Message-ID: <20260512205820.361821-50-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622103137158500

From: Peter Maydell <peter.maydell@linaro.org>

The Thumb BKPT insn is 16-bit, and the ESR_ELx syndrome register
definition requires that we set the IL bit to 0 for this, and 1 for
the 32-bit A32 and A64 BKPT/BRK.

We used to do this correctly, but accidentally lost it in the
conversion to decodetree, because we converted the A32 BKPT first,
and then when we converted the T16 BKPT we forgot that trans_BKPT()
was unconditionally setting IL=3D1.

Pass the right value for syn_aa32_bkpt()'s is_16bit argument.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3474
Fixes: 43f7e42c7d515f ("target/arm: Convert T16, Miscellaneous 16-bit instr=
uctions")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Reviewed-by: Alex Benn=C3=A9e <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20260505103726.419195-1-peter.maydell@linaro.org
(cherry picked from commit f443b687636205b7f70029692b244f1f90532cf2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/target/arm/tcg/translate.c b/target/arm/tcg/translate.c
index fe89131d34..c57d1a6e73 100644
--- a/target/arm/tcg/translate.c
+++ b/target/arm/tcg/translate.c
@@ -3578,7 +3578,7 @@ static bool trans_BKPT(DisasContext *s, arg_BKPT *a)
         (a->imm =3D=3D 0xab)) {
         gen_exception_internal_insn(s, EXCP_SEMIHOST);
     } else {
-        gen_exception_bkpt_insn(s, syn_aa32_bkpt(a->imm, false));
+        gen_exception_bkpt_insn(s, syn_aa32_bkpt(a->imm, curr_insn_len(s) =
=3D=3D 2));
     }
     return true;
 }
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622423; cv=none;
	d=zohomail.com; s=zohoarc;
	b=mFzpUt4VlHzvDmY581el7stSGfBnNZqSZikiZ5r4Dh5KyQKMb4G+nAZzBVDgRapYsCGLacf/QXGW7Eglkb5WoQXPkPSCPYum54JIyxCcG5LUhTNUVS/RHOTO/XlEglqQUew7hsIFJkOYIDIT22hLgafzGI2KeSIsN64N0BSO1tM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622423;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=VHflSMu20nKdvHOnxmUNyotqTmIFf2QXZ6PIwo+aYSw=;
	b=JEB9b7fmEEvToP5pnAjNRo22odjTwJudPUwNTXEzzqiDEuGi/eTU32RT2Bk01yxRNCFHkvytlpByT8jVcv0OrMH6GaY00er9LHh1/DOK4dqecxetHh1EX1Kpffh7g3APznI/BKBizqVKBSHNvQ4mt711Q2xfr35qbZf0JFFQnZs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622423375639.328809046687;
 Tue, 12 May 2026 14:47:03 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMukC-0006iq-Q1; Tue, 12 May 2026 17:34:25 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMujA-0005Ri-Ta; Tue, 12 May 2026 17:33:21 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuis-0002ke-Pk; Tue, 12 May 2026 17:33:20 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 743231AA3FE;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 77A283ABD56;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619500; bh=xmHfeUJz0ZcDqeB1vL/AXC1QJ6Wf1Lm11pgd52X7R5w=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=NYUDQDHPZcUH0d0wlRzkx3yYSABIu3Wxbug1yinYSX6p3WExF1hQ2ZozMoCIY8zGG
 Le3X7K+9NF9B/FHpOQ3QdN1FAhC0SO1lsbhatiP5W/LJbIEDrF8m22DjOUCFA+5NzD
 nt2QFjhAwpjYHFY0cPm3N4Z4klHsFLKBF6X6ofZ2GDwvUXa/k8bErA+Xp8a9ZNbFcD
 YuRbkMOuQud7qdSqwfw4GEr+cd/X+qb9W6jsYmKh4Py6WOQMTuQ+oBsK7kOZuDv0KE
 XARjwUeojcbA/AqUSkk/XOd4Yr6CzZwTbYQoq3nRD246g7NlSdMZ4a/AstPSj7wjZ3
 XG2vt8Gzk/Q+w==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Peter Maydell <peter.maydell@linaro.org>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 51/58] hw/misc/bcm2835_rng: Specify valid memory
 access sizes
Date: Tue, 12 May 2026 23:58:12 +0300
Message-ID: <20260512205820.361821-51-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622425014154100

From: Peter Maydell <peter.maydell@linaro.org>

The BCM2835 RNG has 32-bit registers only; specify this in
the MemoryRegionOps so wrong-sized accesses are rejected rather
than getting to the assertions in the read and write functions,
and for clarity add the matching .impl constraints.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3394
Fixes: 54a5ba13a9f ("target-arm: Implement BCM2835 hardware RNG")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Message-id: 20260501162700.4092512-1-peter.maydell@linaro.org
(cherry picked from commit 18b664c90085b0d2be9c2ad8c747e00a7a733402)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/misc/bcm2835_rng.c b/hw/misc/bcm2835_rng.c
index e4d2c224c8..4492e325b4 100644
--- a/hw/misc/bcm2835_rng.c
+++ b/hw/misc/bcm2835_rng.c
@@ -93,6 +93,10 @@ static const MemoryRegionOps bcm2835_rng_ops =3D {
     .read =3D bcm2835_rng_read,
     .write =3D bcm2835_rng_write,
     .endianness =3D DEVICE_NATIVE_ENDIAN,
+    .impl.min_access_size =3D 4,
+    .impl.max_access_size =3D 4,
+    .valid.min_access_size =3D 4,
+    .valid.max_access_size =3D 4,
 };
=20
 static const VMStateDescription vmstate_bcm2835_rng =3D {
--=20
2.47.3


From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621922; cv=none;
	d=zohomail.com; s=zohoarc;
	b=bXYljsDVzMrnaWj+kJDxMTdECQZsZbwAxJT+whKGCWoDqUMfbq287uFu7T6bsCd/K2s1ZnQbfZ6SvsvO5sNb0BdIu9fZPyi2+JJvJxKTN3a062lMPI50Pu+QBo9iJ5w8UTDrNSsHg0MbQkb1eAXUCXrCj8/TuQnGKS6ytSeFBv4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621922;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=xkI6i+uBUlkExmZ6mg6I2KvHo56RgMN/Qsa9rFB6+Rk=;
	b=MZZWCN/Dxr4VjhuLmxDgUPwebHqFaZ7Sz6URhso616AwAK/0BolnOTpFYgq7RL9JFJsCJwuE0gQY1RSD0uGKw8tg8v+NoZIsUu0KCO8fRD83malwMPtEB8D8cv33inAe+PYIzrPFoNXZjttFZwRUiByEPw83Nz9B0nF7MHKMX88=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621922915388.1954203325332;
 Tue, 12 May 2026 14:38:42 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMukF-0006tX-7L; Tue, 12 May 2026 17:34:27 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMujq-00063E-Uy; Tue, 12 May 2026 17:34:04 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuj8-0002pj-UY; Tue, 12 May 2026 17:34:01 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 82A2C1AA3FF;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 905313ABD57;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619500; bh=dUrLKmTkUndyoYa9d6dzbEjuSzCN702BPMF0XP3yVOQ=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=uhIY4Lenowqcwhfa1Qbh8d9Cb3ZlEOdyXGnC3/6mtV6IhEj6w5QzWpmUmCLLlUVgr
 fHDKQJ6QxUYR/pZduDm1rER6txv4eq4oN5lAg3UTP3GN0bghvLeaFj3BmC6y1tKOaR
 Ujlg3z5+A+5j+fyK3yFAR89B3KOxqgEIG6qoOf3OXCPq/elz6fr18B4PRbZwOfwlLE
 PS2gAWj3h964sbozqAsheVWy01aNTrrsh9b1qvb73crpeK9phG0m5ZAeme1DKxYAKX
 XHWnSV2gLQxvMhV/iMJo9z9qVNi8Ib3YNzS5lZ1g/dLs/NfSvw8q5vsYQipUwRh/9f
 pdtHkHMM7KLRA==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>,
 Katherine Leaver <katherine.j.leaver@gmail.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 52/58] hw/uefi: fix buffer overruns
Date: Tue, 12 May 2026 23:58:13 +0300
Message-ID: <20260512205820.361821-52-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621923880154100
Content-Type: text/plain; charset="utf-8"

From: Gerd Hoffmann <kraxel@redhat.com>

The buffer size checks do not consider the mm_header size, simliar to
CVE-2026-5744.  Factor out the repeated size check to a small helper
function, fix the check, update all places to use the new helper.

Fixes: CVE-2026-41435
Fixes: db1ecfb473ac ("hw/uefi: add var-service-vars.c")
Reported-by: Katherine Leaver <katherine.j.leaver@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20260422092910.444997-2-kraxel@redhat.com>
(cherry picked from commit f252769a23e67765f9b95d8944ca3da6c9edf58b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/uefi/var-service-vars.c b/hw/uefi/var-service-vars.c
index 5e3907118d..24e6516a9c 100644
--- a/hw/uefi/var-service-vars.c
+++ b/hw/uefi/var-service-vars.c
@@ -297,6 +297,17 @@ static size_t uefi_vars_mm_error(mm_header *mhdr, mm_v=
ariable *mvar,
     return sizeof(*mvar);
 }
=20
+static bool check_buffer_size(uefi_vars_state *uv, uint64_t length)
+{
+    /* uefi_vars_cmd_mm() checks that */
+    g_assert(uv->buf_size >=3D sizeof(mm_header));
+
+    if (uv->buf_size - sizeof(mm_header) < length) {
+        return false;
+    }
+    return true;
+}
+
 static size_t uefi_vars_mm_get_variable(uefi_vars_state *uv, mm_header *mh=
dr,
                                         mm_variable *mvar, void *func)
 {
@@ -344,7 +355,7 @@ static size_t uefi_vars_mm_get_variable(uefi_vars_state=
 *uv, mm_header *mhdr,
     if (uadd64_overflow(length, va->data_size, &length)) {
         return uefi_vars_mm_error(mhdr, mvar, EFI_BAD_BUFFER_SIZE);
     }
-    if (uv->buf_size < length) {
+    if (!check_buffer_size(uv, length)) {
         return uefi_vars_mm_error(mhdr, mvar, EFI_BAD_BUFFER_SIZE);
     }
=20
@@ -414,7 +425,7 @@ uefi_vars_mm_get_next_variable(uefi_vars_state *uv, mm_=
header *mhdr,
     }
=20
     length =3D sizeof(*mvar) + sizeof(*nv) + var->name_size;
-    if (uv->buf_size < length) {
+    if (!check_buffer_size(uv, length)) {
         return uefi_vars_mm_error(mhdr, mvar, EFI_BAD_BUFFER_SIZE);
     }
=20
@@ -605,7 +616,7 @@ static size_t uefi_vars_mm_variable_info(uefi_vars_stat=
e *uv, mm_header *mhdr,
     uint64_t length;
=20
     length =3D sizeof(*mvar) + sizeof(*vi);
-    if (uv->buf_size < length) {
+    if (!check_buffer_size(uv, length)) {
         return uefi_vars_mm_error(mhdr, mvar, EFI_BAD_BUFFER_SIZE);
     }
=20
@@ -626,7 +637,7 @@ uefi_vars_mm_get_payload_size(uefi_vars_state *uv, mm_h=
eader *mhdr,
     uint64_t length;
=20
     length =3D sizeof(*mvar) + sizeof(*ps);
-    if (uv->buf_size < length) {
+    if (!check_buffer_size(uv, length)) {
         return uefi_vars_mm_error(mhdr, mvar, EFI_BAD_BUFFER_SIZE);
     }
=20
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621877; cv=none;
	d=zohomail.com; s=zohoarc;
	b=RJ6ED/x/srwDbObHNCknpYBWl78CQgcHq/kHs379HcW3nKD/asgQailYyxKSHzzHw5hXaReh2keE5+uaSmgrxTE7IHH0sht4yVpZxPeyE7Ic2pJiRuIV0ibi0hwkui/M7FGFAIkCTetY88/C9OKIuNWYcCGz9HQx1dkAjrxwhtg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621877;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=o0eC74xZqhmk+qf65bBIknU1VJ1Hwfk4mpCgBVT9+7Q=;
	b=BRy4BQBLLBp1pLjJjAGYrb4r7gLotxLyTQAUSuItXP2tgUHWoEbPGmYYqP1Xk6I0EzLa7VrpIg5Y/iTTLxaKwV7KZfuMJoqWfiPEAcOpTTvHg26gISX2N6LEwXy/j2yBDHbnLO9Tpo8FhVjF+KpgWmtQrNB6E8OWQK+XM+pi+Nc=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621877975898.1824102598514;
 Tue, 12 May 2026 14:37:57 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMuk7-0006LK-Io; Tue, 12 May 2026 17:34:19 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMujs-00063Y-GV; Tue, 12 May 2026 17:34:08 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMujC-0002rM-Fw; Tue, 12 May 2026 17:34:03 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 9A1C41AA400;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 9E2843ABD58;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619500; bh=GmszARVt7TPtIOh6I9oJ+mseqA72Tyv+NZcbJ25pw2E=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=RXH6tjBvm3vZCx3CcbyH26k9pDyUqEuX4IRBSAyOqA5ClyKCQz0at6w4du+G5YcyI
 eubskGOi1O3HuijVYcROGfo0AXJ/NsgjlWc/4woufzxrgzbLde/+eYEeZcB8MH+hxI
 bjh1+K2sV/BzMEEeWFGLURAgsE9ChEJYA5mo+m3enmIxobgbRy/XHIOnTc7qc9c0+h
 8ruoK70UD77VskmBDV71a3owRLiEQERpxmpnXEp0zFKtQuyEV/o/FkjZDLCxmAulsg
 4p6K8FHhIQQV4RN1awveAT0rhQuNAnC8RZB1GyWD6kwdMRvbgRkNmO2TLtdVvP3cHD
 zSe/3wQSMm+dA==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>,
 Katherine Leaver <katherine.j.leaver@gmail.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 53/58] hw/uefi: verify pio_xfer_offset before
 calculating buffer checksum
Date: Tue, 12 May 2026 23:58:14 +0300
Message-ID: <20260512205820.361821-53-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621878953158500
Content-Type: text/plain; charset="utf-8"

From: Gerd Hoffmann <kraxel@redhat.com>

Without that it is possible to do trigger OOB reads by first
advancing offset, then making the buffer smaller, finally
asking for a checksum.

Fixes: CVE-2026-41436
Fixes: 90ca4e03c27d ("hw/uefi: add var-service-core.c")
Reported-by: Katherine Leaver <katherine.j.leaver@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20260422092910.444997-3-kraxel@redhat.com>
(cherry picked from commit 94d9a8b2c9e6962aa7f7673229d2db7b110cfac6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/uefi/var-service-core.c b/hw/uefi/var-service-core.c
index 68d7594c0d..828d760073 100644
--- a/hw/uefi/var-service-core.c
+++ b/hw/uefi/var-service-core.c
@@ -235,6 +235,10 @@ static uint64_t uefi_vars_read(void *opaque, hwaddr ad=
dr, unsigned size)
         uv->pio_xfer_offset +=3D size;
         break;
     case UEFI_VARS_REG_PIO_BUFFER_CRC32C:
+        if (uv->pio_xfer_offset > uv->buf_size) {
+            retval =3D 0;
+            break;
+        }
         retval =3D crc32c(0xffffffff, uv->pio_xfer_buffer, uv->pio_xfer_of=
fset);
         break;
     case UEFI_VARS_REG_FLAGS:
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622638; cv=none;
	d=zohomail.com; s=zohoarc;
	b=lfpkfGIHNc/qNZUK1PcbP7T6HHiARSV4VCos/JrSXD/PHZRQus9zoVy322Cnj3N4fdBkH3+nlXxttKINU8gtJpVT400vuwVWJllannv355KEI5yknyY9miqymqbMSBwz379GDWP4teQ7p05j1TxuQH2pG+IviGLXVrqI0hq/aHI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622638;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=zGw7nSNusu90GdlFNQmCioSIIlgEJtbJHM5dwt7gaKw=;
	b=KWIhym8B6sWUdfkrP6uGP/iyjpvEsOfKwlUhuonTRQNY2inqnSBINuSSlF4aunU4Mv8EQPvV84RHJ56S5bL25gOTHR0XVtIYp9ny2VnQnyIEDwcPUvkyPWW5F6fSiIDQhtYaqGb0km6q1pv6P2TYstaL5NsjcHM1a0nNFekgDFg=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622638691427.6621864182923;
 Tue, 12 May 2026 14:50:38 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMukX-0007e8-6p; Tue, 12 May 2026 17:34:45 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMukM-0007Rl-Gc; Tue, 12 May 2026 17:34:36 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMujs-00038Z-FZ; Tue, 12 May 2026 17:34:33 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id A79F21AA401;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id B5F113ABD59;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619500; bh=tGCFPzas1hHKzOl+cALrD/N2SyuwGyZAQXj2RFisqsM=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=A1mLYXRFTl/x5lpwEtHNsdFvvd9Y0+2COPbFW2GGEBBAF9R53O/GyKWBHiAN7BuCD
 KW6Oel0xLj0gCRQ8IhGQ75KlSDaxOJH0InhG9i4hISbILRCzlJAXpvvqGeGv0DyLCN
 F/35PZqXHkJV/GrOoxBj/kt8ahq+CLP23r5IhfY5B7Dhaajn+rTlCfWkKcUJTh/AEF
 fMIgtRG891Je6i8ajflUcgf1VepmGchX2WyShH3OsJ3UY84WrhIxHV+qOpm2cno8dw
 5DZ0nnvcuBhI0XfVFEBkuURsKe4dFoThMJGXVRXTedi4cVn2fLPRZMvMX2xUa4KIRy
 anwdYb96k214Q==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>,
 Katherine Leaver <katherine.j.leaver@gmail.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 54/58] hw/uefi: fix ucs2 string helper functions
Date: Tue, 12 May 2026 23:58:15 +0300
Message-ID: <20260512205820.361821-54-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622640349154100
Content-Type: text/plain; charset="utf-8"

From: Gerd Hoffmann <kraxel@redhat.com>

The length passed in is in bytes not characters.  Rename the
parameters to make that clear.  Calculate the number of chars
if needed.  Fix length checks to use the number of chars not
bytes to avoid OOB reads.

Fixes: CVE-2026-41437
Fixes: 1ebc319c8ca7 ("hw/uefi: add var-service-utils.c")
Reported-by: Katherine Leaver <katherine.j.leaver@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20260422092910.444997-4-kraxel@redhat.com>
(cherry picked from commit 5247b3034c23bdfd91a7f78587c3b3e37f90568c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/uefi/var-service-utils.c b/hw/uefi/var-service-utils.c
index 258013f436..489321a26c 100644
--- a/hw/uefi/var-service-utils.c
+++ b/hw/uefi/var-service-utils.c
@@ -19,13 +19,18 @@
  * sometimes when they are not (for example in variable policies).
  */
=20
-gboolean uefi_str_is_valid(const uint16_t *str, size_t len,
+gboolean uefi_str_is_valid(const uint16_t *str, size_t bytes,
                            gboolean must_be_null_terminated)
 {
+    size_t chars =3D bytes / 2;
     size_t pos =3D 0;
=20
+    if ((bytes % 2) !=3D 0) {
+        return false;
+    }
+
     for (;;) {
-        if (pos =3D=3D len) {
+        if (pos =3D=3D chars) {
             if (must_be_null_terminated) {
                 return false;
             } else {
@@ -47,12 +52,13 @@ gboolean uefi_str_is_valid(const uint16_t *str, size_t =
len,
     }
 }
=20
-size_t uefi_strlen(const uint16_t *str, size_t len)
+size_t uefi_strlen(const uint16_t *str, size_t bytes)
 {
+    size_t chars =3D bytes / 2;
     size_t pos =3D 0;
=20
     for (;;) {
-        if (pos =3D=3D len) {
+        if (pos =3D=3D chars) {
             return pos;
         }
         if (str[pos] =3D=3D 0) {
@@ -62,25 +68,25 @@ size_t uefi_strlen(const uint16_t *str, size_t len)
     }
 }
=20
-gboolean uefi_str_equal_ex(const uint16_t *a, size_t alen,
-                           const uint16_t *b, size_t blen,
+gboolean uefi_str_equal_ex(const uint16_t *a, size_t a_bytes,
+                           const uint16_t *b, size_t b_bytes,
                            gboolean wildcards_in_a)
 {
+    size_t a_chars =3D a_bytes / 2;
+    size_t b_chars =3D b_bytes / 2;
     size_t pos =3D 0;
=20
-    alen =3D alen / 2;
-    blen =3D blen / 2;
     for (;;) {
-        if (pos =3D=3D alen && pos =3D=3D blen) {
+        if (pos =3D=3D a_chars && pos =3D=3D b_chars) {
             return true;
         }
-        if (pos =3D=3D alen && b[pos] =3D=3D 0) {
+        if (pos =3D=3D a_chars && b[pos] =3D=3D 0) {
             return true;
         }
-        if (pos =3D=3D blen && a[pos] =3D=3D 0) {
+        if (pos =3D=3D b_chars && a[pos] =3D=3D 0) {
             return true;
         }
-        if (pos =3D=3D alen || pos =3D=3D blen) {
+        if (pos =3D=3D a_chars || pos =3D=3D b_chars) {
             return false;
         }
         if (a[pos] =3D=3D 0 && b[pos] =3D=3D 0) {
@@ -100,18 +106,18 @@ gboolean uefi_str_equal_ex(const uint16_t *a, size_t =
alen,
     }
 }
=20
-gboolean uefi_str_equal(const uint16_t *a, size_t alen,
-                        const uint16_t *b, size_t blen)
+gboolean uefi_str_equal(const uint16_t *a, size_t a_bytes,
+                        const uint16_t *b, size_t b_bytes)
 {
-    return uefi_str_equal_ex(a, alen, b, blen, false);
+    return uefi_str_equal_ex(a, a_bytes, b, b_bytes, false);
 }
=20
-char *uefi_ucs2_to_ascii(const uint16_t *ucs2, uint64_t ucs2_size)
+char *uefi_ucs2_to_ascii(const uint16_t *ucs2, uint64_t ucs2_bytes)
 {
-    char *str =3D g_malloc0(ucs2_size / 2 + 1);
+    char *str =3D g_malloc0(ucs2_bytes / 2 + 1);
     int i;
=20
-    for (i =3D 0; i * 2 < ucs2_size; i++) {
+    for (i =3D 0; i * 2 < ucs2_bytes; i++) {
         if (ucs2[i] =3D=3D 0) {
             break;
         }
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622114; cv=none;
	d=zohomail.com; s=zohoarc;
	b=KhoHuJK+hb70xjDDt9qLkx8WMeX+SeJR2i6CTGD9q+84Vu4Q66Wp+3v2PBqgmaM0TgFxhA8Xo5IsBWr91cgIKoIddFmFD4rt40JzFwQ3M2kGfxPfcNtw/CXI6k9ij62Wxwlc86YHT2Iqj9Rb6O3Vz1X1FFw8IYrCnNLKQF7kHfg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622114;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=eL9ZRdfRbdEN9PYGyyhOwZ/175xB8qavU4mUcQB11tU=;
	b=Ln9k1Rdo32UudiIOjBWu1Vuf+MoXOx3TMVFZrlGAKM6hMd8sNLfCaXmtBhW65DFSLw9rYQARUHiYdPVhV2V8uSo3LSqmyKVUGPmIhk9RRQFXo/tfxXauWrJHf4xLjc/u9AJPEdwsQlsV43odFXyAfJxuM53vItL4lFrlrhrbQfs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622114765297.9729919593964;
 Tue, 12 May 2026 14:41:54 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMukZ-0007oZ-GV; Tue, 12 May 2026 17:34:48 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMukS-0007bR-FM; Tue, 12 May 2026 17:34:41 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuju-0003Ah-PF; Tue, 12 May 2026 17:34:36 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id C06861AA403;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id C2EFA3ABD5A;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619500; bh=EeiXjvuU4ygfvIobdZuPB4O8zYg6YICyrhsTaWnc8oU=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=azi3LyLZOcrpLYMUuqHzXYxJesA3sxcg34dzW/WcHv9buEWRBeX1vwA0yPu8gswkU
 IprGNgaeCbA4p9pRvWOc3NAogmALtM811pXfhaWZUMlK+ghZkeW4Ae3uPs4jCGPobZ
 dA8GQ62odC357cIg98ZmstzZXwKcFBl3LEtgOr29S0rrqH4IZltV0EfmAaiQyeIng0
 4lbTr7namF2I70423EUNDZ/igxQpMoEXNNwDl0c9km3aH9w52hhkuiKl8kUTsusHOU
 UhcVNgvv/3ucc0drgWessYptrGGCgQoIBPt5YrKL0MAxxi/SovZ5NXlSBXm1J3rVxG
 8RChFDRBjcU5w==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>,
 Katherine Leaver <katherine.j.leaver@gmail.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 55/58] hw/uefi: add name_size check to
 uefi_vars_mm_lock_variable()
Date: Tue, 12 May 2026 23:58:16 +0300
Message-ID: <20260512205820.361821-55-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622115873154100
Content-Type: text/plain; charset="utf-8"

From: Gerd Hoffmann <kraxel@redhat.com>

Make sure the total variable_policy_entry size stays below
64k so the (16-bit) size field can not wrap.

Fixes: CVE-2026-41438
Fixes: db1ecfb473ac ("hw/uefi: add var-service-vars.c")
Reported-by: Katherine Leaver <katherine.j.leaver@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20260422092910.444997-5-kraxel@redhat.com>
(cherry picked from commit c45b460d16f991ff3f753623f3423e1adc4077a2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/uefi/var-service-vars.c b/hw/uefi/var-service-vars.c
index 24e6516a9c..2c83130ebf 100644
--- a/hw/uefi/var-service-vars.c
+++ b/hw/uefi/var-service-vars.c
@@ -667,6 +667,9 @@ uefi_vars_mm_lock_variable(uefi_vars_state *uv, mm_head=
er *mhdr,
     if (mhdr->length < length) {
         return uefi_vars_mm_error(mhdr, mvar, EFI_BAD_BUFFER_SIZE);
     }
+    if (sizeof(*pe) + lv->name_size > UINT16_MAX) {
+        return uefi_vars_mm_error(mhdr, mvar, EFI_BAD_BUFFER_SIZE);
+    }
=20
     uefi_trace_variable(__func__, lv->guid, name, lv->name_size);
=20
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778621812; cv=none;
	d=zohomail.com; s=zohoarc;
	b=joinQRRWZnnCtQ6ZwzozqOmhtK9kEY+hgqAsHoOBtO8BAWPGGRWpEOblup9cN/FrlRyEQwXWM7F8qeNm09bE6jse622FpZUKBrLNY1qgyZ3NjnaG0bsNZvkGfHP9yR4Z89H1MyJIwJRLo+CY6pKBCYx8mx+DhDOAFVM2vvwxiUo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778621812;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=RALOQ1sONAPVBPsNYlKmR16ceV8GnLF36LNysNH/IP8=;
	b=MDtiTZJlpfsuhlqfxrRIduujsRrTBXFdjYLF45s7mWc8EoWELq6Ty3mVDR6MUyEs3gZ1w/54AtdLpT0Sc6LXSJc4zdbUlHIgUdzxmcp9+SBYbdUlrD9upRmFdusxAzI/IQfgvGW3Yr01Zf7dtVlQIJMmCwWbx7tW97r6l5Gar7g=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778621812884195.29526250442427;
 Tue, 12 May 2026 14:36:52 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMukv-0000Jj-QE; Tue, 12 May 2026 17:35:12 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMukp-000097-1t; Tue, 12 May 2026 17:35:03 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMukO-0003Oj-8L; Tue, 12 May 2026 17:35:02 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id D8DCD1AA404;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id DC21C3ABD5B;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619500; bh=6yNTHyY4n+czwCDJOviiZkYDpnz4dMyJaeqmCz/8sP8=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=Qc5pTFzyS+wT3TKOkT3a6SYEJMo8S+Pi39QM3ED8vgZrbrSZNzgQvWYB2OLdXeSTR
 0OxpVPw8pyTo9ECGmNIYQFg38/NCFwBRwz+Xxj7tyvLR42l+qtrzduR3AGViJnHzCz
 AGxO/5ZZsaQn7zeAiebbxHphedYovbf7lY7WD7FOK7UCOceYBJjJgQ8HDfyKM6BFHN
 KbYk+NpLiPo7VxX0TlwgmeKajl1niDeu+xWRdWBC3a7flLjN7IjV7Rf1yNc4j/+3Kx
 0okE4dzQPdQb86M2V68Pwn2P+Hr1B8xwYZiaZoVa10VSy/z1JMw/395e3+RSCb64KZ
 8qbnTEVUiy6qA==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>,
 Katherine Leaver <katherine.j.leaver@gmail.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 56/58] hw/uefi: verify data size before accessing it
 in wrap_pkcs7
Date: Tue, 12 May 2026 23:58:17 +0300
Message-ID: <20260512205820.361821-56-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778621814541158500
Content-Type: text/plain; charset="utf-8"

From: Gerd Hoffmann <kraxel@redhat.com>

Fixes: CVE-2026-41439
Fixes: 3e33af2cb306 ("hw/uefi: add var-service-pkcs7.c")
Reported-by: Katherine Leaver <katherine.j.leaver@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20260422092910.444997-6-kraxel@redhat.com>
(cherry picked from commit 22b7b222d8f5428be8b5d4787f36efd0a0b75292)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/uefi/var-service-pkcs7.c b/hw/uefi/var-service-pkcs7.c
index 32accf4e44..f17ad6872f 100644
--- a/hw/uefi/var-service-pkcs7.c
+++ b/hw/uefi/var-service-pkcs7.c
@@ -73,7 +73,8 @@ static void wrap_pkcs7(gnutls_datum_t *pkcs7)
     };
     gnutls_datum_t wrap;
=20
-    if (pkcs7->data[4] =3D=3D 0x06 &&
+    if (pkcs7->size > 16 &&
+        pkcs7->data[4] =3D=3D 0x06 &&
         pkcs7->data[5] =3D=3D 0x09 &&
         memcmp(pkcs7->data + 6, signed_data_oid, sizeof(signed_data_oid)) =
=3D=3D 0 &&
         pkcs7->data[15] =3D=3D 0x0a &&
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622630; cv=none;
	d=zohomail.com; s=zohoarc;
	b=NpIrVR3F1jOvfNVXvRYLl2THRb7zY2XkatrpYlKM1ZwQU58UesBNgDw/XZ0ei+/YL9yd50x/nSyvBJ6PL5EGZVZYZ33zo9QN72Czkw8H4Vq4aOK4nGNCCMbyUsS3FND63N7ypHv4aW3lVpJk2TmRyObVzFUiHHJxWif22Jm4sgY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622630;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=M9bu+U3Hrsqqix84wJNlpaZbqtoIRpRWopYtEb7vdHk=;
	b=nDVaURJPD1kGUaZtZ63Ww5SW37Qkym3APFAZBNM3YBu9ylOdot1yInN2LUmFbF0YzFOXNfK0gHdyRxRDv8cMjMPjs7zikUru8O7eEVTYA3mOBz3DW5M1zFgmxqTaMb79CiWkpbIVroA/z8m+Y65A/imFDPwCS/Yg0T4imaDwIHQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622630919231.42059713574508;
 Tue, 12 May 2026 14:50:30 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMukz-0000Va-6o; Tue, 12 May 2026 17:35:13 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMukq-0000C1-P3; Tue, 12 May 2026 17:35:06 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMukU-0003Su-9Q; Tue, 12 May 2026 17:35:04 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id E6E8D1AA405;
 Tue, 12 May 2026 23:58:20 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 0062C3ABD5C;
 Tue, 12 May 2026 23:58:24 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619500; bh=qG6ii2l7hCb7dAKBoB+JAL6Fy6hY5WJKV7Caap/hyCY=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=eL3OK+S0vG4V163OUhNHmu63oLD6Q0s76Le7l79C26QwHh5/jvRgymlej+zZ2Blzo
 U/tj4CW66GRpuFMyyofwmOFpoeNOj9f0cVJNX7x8aE40cpWc3wU1Pyaa/jBSz7aNSW
 ijOa85W57cbGf75hTMw3eLCmvF3Fyln7PQRpkBK3ZnqW5u+wbEoORazqw9JTMYfxF3
 3ctm/Q8KKjQAZQxY3Z/sltVLi0XPXp77IMWTcAlFTF3GmfCWa42ZpvICU63yJlcD3Z
 +usR77b7/hwycdhSz36j4UuvWH+ssNmaPFp3gyHdPExcvHaaO2sK0be5yX8KzmPVqr
 8DhJH9Vk970wg==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>,
 Katherine Leaver <katherine.j.leaver@gmail.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 57/58] hw/uefi: avoid possibly unaligned
 variable_auth_2 struct field access
Date: Tue, 12 May 2026 23:58:18 +0300
Message-ID: <20260512205820.361821-57-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622632196154100
Content-Type: text/plain; charset="utf-8"

From: Gerd Hoffmann <kraxel@redhat.com>

Copy data to stack-allocated struct before accessing it
to make sure it is properly aligned.

Fixes: CVE-2026-41440
Fixes: f1488fac0584 ("hw/uefi: add var-service-auth.c")
Reported-by: Katherine Leaver <katherine.j.leaver@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20260422092910.444997-7-kraxel@redhat.com>
(cherry picked from commit b4680c02b8e838c75691656ee2c4450b454d1ca7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/hw/uefi/var-service-auth.c b/hw/uefi/var-service-auth.c
index fba5a0956a..795f2f54e4 100644
--- a/hw/uefi/var-service-auth.c
+++ b/hw/uefi/var-service-auth.c
@@ -180,9 +180,10 @@ static efi_status uefi_vars_check_auth_2_sb(uefi_vars_=
state *uv,
                                             void *data,
                                             uint64_t data_offset)
 {
-    variable_auth_2 *auth =3D data;
+    variable_auth_2 auth;
     uefi_variable *siglist;
=20
+    memcpy(&auth, data, sizeof(auth));
     if (custom_mode_is_active(uv)) {
         /* no authentication in custom mode */
         return EFI_SUCCESS;
@@ -193,7 +194,7 @@ static efi_status uefi_vars_check_auth_2_sb(uefi_vars_s=
tate *uv,
         return EFI_SUCCESS;
     }
=20
-    if (auth->hdr_length =3D=3D 24) {
+    if (auth.hdr_length =3D=3D 24) {
         /* no signature (auth->cert_data is empty) */
         return EFI_SECURITY_VIOLATION;
     }
@@ -218,23 +219,25 @@ static efi_status uefi_vars_check_auth_2_sb(uefi_vars=
_state *uv,
 efi_status uefi_vars_check_auth_2(uefi_vars_state *uv, uefi_variable *var,
                                   mm_variable_access *va, void *data)
 {
-    variable_auth_2 *auth =3D data;
+    variable_auth_2 auth;
     uint64_t data_offset;
     efi_status status;
=20
-    if (va->data_size < sizeof(*auth)) {
+    if (va->data_size < sizeof(auth)) {
         return EFI_SECURITY_VIOLATION;
     }
-    if (uadd64_overflow(sizeof(efi_time), auth->hdr_length, &data_offset))=
 {
+    memcpy(&auth, data, sizeof(auth));
+
+    if (uadd64_overflow(sizeof(efi_time), auth.hdr_length, &data_offset)) {
         return EFI_SECURITY_VIOLATION;
     }
     if (va->data_size < data_offset) {
         return EFI_SECURITY_VIOLATION;
     }
=20
-    if (auth->hdr_revision !=3D 0x0200 ||
-        auth->hdr_cert_type !=3D WIN_CERT_TYPE_EFI_GUID ||
-        !qemu_uuid_is_equal(&auth->guid_cert_type, &EfiCertTypePkcs7Guid))=
 {
+    if (auth.hdr_revision !=3D 0x0200 ||
+        auth.hdr_cert_type !=3D WIN_CERT_TYPE_EFI_GUID ||
+        !qemu_uuid_is_equal(&auth.guid_cert_type, &EfiCertTypePkcs7Guid)) {
         return EFI_UNSUPPORTED;
     }
=20
@@ -255,7 +258,7 @@ efi_status uefi_vars_check_auth_2(uefi_vars_state *uv, =
uefi_variable *var,
     }
=20
     /* checks passed, set variable data */
-    var->time =3D auth->timestamp;
+    var->time =3D auth.timestamp;
     if (va->data_size - data_offset > 0) {
         var->data =3D g_malloc(va->data_size - data_offset);
         memcpy(var->data, data + data_offset, va->data_size - data_offset);
diff --git a/hw/uefi/var-service-pkcs7.c b/hw/uefi/var-service-pkcs7.c
index f17ad6872f..c859743e86 100644
--- a/hw/uefi/var-service-pkcs7.c
+++ b/hw/uefi/var-service-pkcs7.c
@@ -21,17 +21,20 @@
  */
 static gnutls_datum_t *build_signed_data(mm_variable_access *va, void *dat=
a)
 {
-    variable_auth_2 *auth =3D data;
-    uint64_t data_offset =3D sizeof(efi_time) + auth->hdr_length;
+    variable_auth_2 auth;
+    uint64_t data_offset;
     uint16_t *name =3D (void *)va + sizeof(mm_variable_access);
     gnutls_datum_t *sdata;
     uint64_t pos =3D 0;
=20
+    memcpy(&auth, data, sizeof(auth));
+    data_offset =3D sizeof(efi_time) + auth.hdr_length;
+
     sdata =3D g_new(gnutls_datum_t, 1);
     sdata->size =3D (va->name_size - 2
                    + sizeof(QemuUUID)
                    + sizeof(va->attributes)
-                   + sizeof(auth->timestamp)
+                   + sizeof(auth.timestamp)
                    + va->data_size - data_offset);
     sdata->data =3D g_malloc(sdata->size);
=20
@@ -48,8 +51,8 @@ static gnutls_datum_t *build_signed_data(mm_variable_acce=
ss *va, void *data)
     pos +=3D sizeof(va->attributes);
=20
     /* TimeStamp */
-    memcpy(sdata->data + pos, &auth->timestamp, sizeof(auth->timestamp));
-    pos +=3D sizeof(auth->timestamp);
+    memcpy(sdata->data + pos, &auth.timestamp, sizeof(auth.timestamp));
+    pos +=3D sizeof(auth.timestamp);
=20
     /* Variable Content */
     memcpy(sdata->data + pos, data + data_offset, va->data_size - data_off=
set);
@@ -105,11 +108,12 @@ static void wrap_pkcs7(gnutls_datum_t *pkcs7)
=20
 static gnutls_datum_t *build_pkcs7(void *data)
 {
-    variable_auth_2 *auth =3D data;
+    variable_auth_2 auth;
     gnutls_datum_t *pkcs7;
=20
+    memcpy(&auth, data, sizeof(auth));
     pkcs7 =3D g_new(gnutls_datum_t, 1);
-    pkcs7->size =3D auth->hdr_length - 24;
+    pkcs7->size =3D auth.hdr_length - 24;
     pkcs7->data =3D g_malloc(pkcs7->size);
     memcpy(pkcs7->data, data + 16 + 24, pkcs7->size);
=20
--=20
2.47.3
From nobody Sat May 30 17:46:19 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1778622075; cv=none;
	d=zohomail.com; s=zohoarc;
	b=gi8OgZH520d/+bhHlDYrvKDBcKvPs0zQPn76qZuCD2Zkd5rSl5+hp10QVBZkzHACWFbr51f/1nzC8zn061RCdlXybr1NZCX/5Jl1UoJy9PNWrCcWAWmwN6SO/JqE58U78aXM2F1ocd3f1V00rmQ7GCtkpvX+R6o+RgCBnI0Ky1Y=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1778622075;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=haelpKmZOpJ8o/yGrDHwJLQlQRMpBM9nfzse2KG7teE=;
	b=aXSDE9nYAs3acBW40dnGZJSTVyP+EcdAvB5plCA/Psv55qJtM2Eod44aA0sPL81vPeSHnc4QA8jzmL+OG0HPf4YPKqlJd6h6PgIf12L+u8Gu7jY4mKVaZUJSQq+/oWF4KR7csBkuZCuZXTMqtkj1IOa3tQ9psnxyn1EiVvJg2RU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1778622075865368.92205204111735;
 Tue, 12 May 2026 14:41:15 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wMulF-0001D0-3D; Tue, 12 May 2026 17:35:29 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMuky-0000c9-AA; Tue, 12 May 2026 17:35:12 -0400
Received: from isrv.corpit.ru ([212.248.84.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1wMukq-0003dD-RO; Tue, 12 May 2026 17:35:11 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 04D9E1AA406;
 Tue, 12 May 2026 23:58:21 +0300 (MSK)
Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146])
 by tsrv.corpit.ru (Postfix) with ESMTP id 0F5C33ABD5D;
 Tue, 12 May 2026 23:58:25 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tls.msk.ru; s=202602;
 t=1778619501; bh=LY0TJ+s2kr/iIXJIunpGAvKJ7pHGKcccos8a298YuYA=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=u48iDz4lO+CvQqSTtIuGIfZguZClwWWo+X+WBLlrxSoN2U49jjxqC1436gOK7QEOd
 lAOX0ty9jkwcg701pS4s/Qmq/TOmBfGN+0nSVWq3XcTbJZIT+K/J+1/hQf+yiNDW7m
 lXzOUBJslZzpWhsWUW+lrS8hye7BrZtE8WKEMfyXLgtW4louIp2dkj7cKgDZ+a9vDb
 nH7/pXShoMXyiWQgH1s+3X2Z0bjOUtwBkOvSI1uS3niZyq8gEHjMfI4uZkf7SgaKTB
 3hb62Ac7dapmNtbCelGdpE0kV+2yEIX3lcerrg7TQzKBGDlbhpcNjb2cWMELBUXDn9
 26rNo6HQf3ToQ==
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org, Fabiano Rosas <farosas@suse.de>,
 Thomas Huth <thuth@redhat.com>, Peter Xu <peterx@redhat.com>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-11.0.1 58/58] tests/functional: Make socat wait longer in
 migration exec test
Date: Tue, 12 May 2026 23:58:19 +0300
Message-ID: <20260512205820.361821-58-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
References: <qemu-stable-11.0.1-20260512235518@cover.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -19
X-Spam_score: -2.0
X-Spam_bar: --
X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @tls.msk.ru)
X-ZM-MESSAGEID: 1778622076886158500

From: Fabiano Rosas <farosas@suse.de>

The migration_with_exec test is failing sporadically for all
architectures due to a race when the destination socat process takes
too long to start listening while the source process is already
issuing connect().

The race is inherent because the exec: migration spawns the
to-be-exec'ed command asynchronously and returns from the
migrate-incoming command. The localhost-only testcase is not
representative of the majority of migrations. In a real scenario
between two different hosts that race wouldn't happen.

Fix the testcase by configuring the source socat command to wait
indefinitely while trying to connect.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Link: https://lore.kernel.org/qemu-devel/20260422230001.3168-1-farosas@suse=
.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
(cherry picked from commit b4ec2e8dae4da74498068536a336fd7424f8446e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/tests/functional/migration.py b/tests/functional/migration.py
index 144f091ba8..3b7674af3b 100644
--- a/tests/functional/migration.py
+++ b/tests/functional/migration.py
@@ -85,5 +85,5 @@ def migration_with_exec(self):
         with Ports() as ports:
             free_port =3D self._get_free_port(ports)
             dst_uri =3D 'exec:socat TCP-LISTEN:%u -' % free_port
-            src_uri =3D 'exec:socat - TCP:localhost:%u' % free_port
+            src_uri =3D 'exec:socat - TCP:localhost:%u,forever' % free_port
             self.migrate(dst_uri, src_uri)
--=20
2.47.3