This patch adds functions to the plugins API to allow plugins to read
and write memory via hardware addresses. The functions use the current
address space of the current CPU in order to avoid exposing address
space information to users. A later patch may want to add a function to
permit a specified address space, for example to facilitate
architecture-specific plugins that want to operate on them, for example
reading ARM secure memory.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Rowan Hart <rowanbhart@gmail.com>
Message-ID: <20250624175351.440780-6-rowanbhart@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-10-alex.bennee@linaro.org>
This patch adds functions to the plugins API to allow reading and
writing memory via virtual addresses. These functions only permit doing
so on the current CPU, because there is no way to ensure consistency if
plugins are allowed to read or write to other CPUs that aren't currently
in the context of the plugin.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Rowan Hart <rowanbhart@gmail.com>
Message-ID: <20250624175351.440780-5-rowanbhart@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-9-alex.bennee@linaro.org>
This patch adds functionality to enforce the requested QEMU_PLUGIN_CB_
flags level passed when registering a callback function using the
plugins API. Each time a callback is about to be invoked, a thread-local
variable will be updated with the level that callback requested. Then,
called API functions (in particular, the register read and write API)
will call qemu_plugin_get_cb_flags() to check the level is at least the
level they require.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Rowan Hart <rowanbhart@gmail.com>
Message-ID: <20250624175351.440780-4-rowanbhart@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-8-alex.bennee@linaro.org>
This patch adds a function to the plugins API to allow plugins to write
register contents. It also moves the qemu_plugin_read_register function
so all the register-related functions are grouped together in the file.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Rowan Hart <rowanbhart@gmail.com>
Message-ID: <20250624175351.440780-3-rowanbhart@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-7-alex.bennee@linaro.org>
This patch exposes the gdb_write_register function from
gdbstub/gdbstub.c via the exec/gdbstub.h header file to support use in
plugins to write register contents.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Julian Ganz <neither@nut.email>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Rowan Hart <rowanbhart@gmail.com>
Message-ID: <20250624175351.440780-2-rowanbhart@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-6-alex.bennee@linaro.org>
Add a functional test, aarch64_hotplug_pci, to exercise PCI hotplug and
hot-unplug on arm64.
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250528203137.1654964-1-gustavo.romero@linaro.org>
[AJB: trimmed boilerplate for checkpatch, simplified invocations]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-3-alex.bennee@linaro.org>
The system tests (usually qos-test or migration-test) prove to be very
susceptible on the s390x runners. Although we have boosted memory and
virtual CPUs on the runners problems persist. For now mark test as
allow_failure so the its clear on the CI UI when checking test
results.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <20250627112512.1880708-2-alex.bennee@linaro.org>
tcg/optimize: Use fold_and in do_constant_folding_cond[12]
tcg/optimize: Fold and to extract during optimize
tcg/optimize: Simplify some fold constant checks
tcg/riscv: Fix typo in tgen_extract
tcg: Fix constant propagation in tcg_reg_alloc_dup
-----BEGIN PGP SIGNATURE-----
iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmhirQYdHHJpY2hhcmQu
aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9uvAgArBOTndFCLuPAubS/
3wg4L1TivXm/uEkZeNUSZ/x9i0eDE9/tDb5iRTH4vVkySndCgIQHbahrgNV349iM
hny7pONlZxpNyfbEsvfsgY1wdy5vdHD+EpCV4ycO579DEHwZM0Q/CfXKQjbMP2oq
95zXgoIO5aCqTFZ8Eqa3WpiRvCQe9yHFMNBfm5btsmtyKHAvB+vSYwQskngwVYCJ
5KWpzOVwBOgXZ7wRBAojOODizw7z9C32uTT5D1o0fxuuOUdtiU7rQbLgiomno/FM
BFz4cLY5+EehJSmXRbw7XbgsL5cICFSgTsFlnH9D8iqSnJFk//JMRQTUsHH42BGM
Sa9sWg==
=DuOD
-----END PGP SIGNATURE-----
Merge tag 'pull-tcg-20250630' of https://gitlab.com/rth7680/qemu into staging
tcg/optimize: Build and use one's mask in logical operations
tcg/optimize: Use fold_and in do_constant_folding_cond[12]
tcg/optimize: Fold and to extract during optimize
tcg/optimize: Simplify some fold constant checks
tcg/riscv: Fix typo in tgen_extract
tcg: Fix constant propagation in tcg_reg_alloc_dup
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmhirQYdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9uvAgArBOTndFCLuPAubS/
# 3wg4L1TivXm/uEkZeNUSZ/x9i0eDE9/tDb5iRTH4vVkySndCgIQHbahrgNV349iM
# hny7pONlZxpNyfbEsvfsgY1wdy5vdHD+EpCV4ycO579DEHwZM0Q/CfXKQjbMP2oq
# 95zXgoIO5aCqTFZ8Eqa3WpiRvCQe9yHFMNBfm5btsmtyKHAvB+vSYwQskngwVYCJ
# 5KWpzOVwBOgXZ7wRBAojOODizw7z9C32uTT5D1o0fxuuOUdtiU7rQbLgiomno/FM
# BFz4cLY5+EehJSmXRbw7XbgsL5cICFSgTsFlnH9D8iqSnJFk//JMRQTUsHH42BGM
# Sa9sWg==
# =DuOD
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 30 Jun 2025 11:28:06 EDT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* tag 'pull-tcg-20250630' of https://gitlab.com/rth7680/qemu: (29 commits)
tcg: Fix constant propagation in tcg_reg_alloc_dup
tcg/riscv: Fix typo in tgen_extract
tcg/optimize: Simplify fold_eqv constant checks
tcg/optimize: Simplify fold_orc constant checks
tcg/optimize: Simplify fold_andc constant checks
tcg/optimize: Simplify fold_and constant checks
tcg/optimize: Fold and to extract during optimize
tcg/optimize: Use fold_and in do_constant_folding_cond[12]
tcg/optimize: Build and use o_bits in fold_shift
tcg/optimize: Build and use o_bits in fold_sextract
tcg/optimize: Build and use o_bits in fold_movcond
tcg/optimize: Build and use o_bits in fold_extu
tcg/optimize: Build and use o_bits in fold_exts
tcg/optimize: Build and use z_bits and o_bits in fold_extract2
tcg/optimize: Build and use o_bits in fold_extract
tcg/optimize: Build and use o_bits in fold_deposit
tcg/optimize: Build and use o_bits in fold_bswap
tcg/optimize: Build and use o_bits in fold_xor
tcg/optimize: Build and use zero, one and affected bits in fold_orc
tcg/optimize: Build and use one and affected bits in fold_or
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fix the direction of the shift, introduced when converting
the codebase to TCGOutOp* and small tgen_* helpers.
Fixes: 5a4d034f3c ("tcg: Convert extract to TCGOutOpExtract")
Reported-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Andrea Bolognani <abologna@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Both cases are handled by fold_xor after conversion.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
If operand 2 is constant, then the computation of z_mask and a_mask
will produce the same results as the explicit check via fold_xi_to_i.
Shift the calls of fold_xx_to_i and fold_ix_to_not down below the
i2->is_const check.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
If operand 2 is constant, then the computation of z_mask and a_mask
will produce the same results as the explicit check via fold_xi_to_i.
Shift the calls of fold_xx_to_i and fold_ix_to_not down below the
i2->is_const check.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
If operand 2 is constant, then the computation of z_mask
and a_mask will produce the same results as the explicit
checks via fold_xi_to_i and fold_xi_to_x. Shift the call
of fold_xx_to_x down below the ti_is_const(t2) check.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
When lowering tst comparisons, completely fold the and
opcode that we generate.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This was the last use of fold_affected_mask,
now fully replaced by fold_masks_zosa.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Add a new function with an affected mask. This will allow
folding to a constant to happen before folding to a copy,
without having to mind the ordering in all users.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Add o_mask mirroring z_mask, but for 1's instead of 0's.
Drop is_const and val fields, which now logically overlap.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Use arg_const_val instead of direct access to the TempOptInfo val
member. Rename both val and is_const to catch all direct accesses.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* Fix memory leak in loadparm setter on s390x
* Update OpenBSD image to 7.7
* Replace the invalid address of the Free Software Foundation
* Some updates to the MAINTAINERS file
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmhc3vURHHRodXRoQHJl
ZGhhdC5jb20ACgkQLtnXdP5wLbWqfg/+KKMEWjE0PLwVNnHRsoQhtbaJNIfHvejo
pchQLCIhMsakBUX/00xFNnKfxIMOMY06tMvRkg6/lYjEFs1JWSxZZF1DhElgYNDJ
hOCYV94bW2Xd/xe3QXfJAlf1f2lvAocBe8F1fh7N6mTD0YExXlusvm5ROfEUChlO
Qt+CkYlKwy2ag8j1tXdfEy9I8Hs71I3DYFUFKLf8Dq7mbsygST2nn40fNAWT8i/H
u7K7Fna3ybtsz9tkb8HpkGYraIxU7TI9NE+5hd9U5sniduvTNt+9573V29lOOe3o
ym164pzsVuks2m2jDRdWmBXjk5/aheU7SUTGJgY9uRapBBulDK+bJb02dRfrMNB7
mYt/bbXkidLQ5e/N4K8xqHjS6rx4cm5T2porf8HzMmPbLzo6TsXWWdGip2qBWd78
XIXdXeu7AZzKDfbeL58RCuiMJzQOlPquN7OgFERZ3DSvd+gLoRoSrowH7YHdjJl3
N9ymL7QUgsqfWySwv/0gtbwXsjjev0z7XyJIjG80o1CQhV25hoo78mKm2Q1pBz+k
aoWKkAlzrLPyjCezA6sWUNxh7DJ9UtN30z4B51sr95PxcLYjJAqOe0ZD+4FZySgH
0g0rLs7uZ1hw/LTr/sAQZUfniEiTf8MDXcNNUKd+oeYHAHXat25jWKXu+NObs6rn
vow7/0ZzV6I=
=nm/1
-----END PGP SIGNATURE-----
Merge tag 'pull-request-2025-06-26' of https://gitlab.com/thuth/qemu into staging
* Implement the "Control Program Identification" feature on s390x
* Fix memory leak in loadparm setter on s390x
* Update OpenBSD image to 7.7
* Replace the invalid address of the Free Software Foundation
* Some updates to the MAINTAINERS file
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmhc3vURHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbWqfg/+KKMEWjE0PLwVNnHRsoQhtbaJNIfHvejo
# pchQLCIhMsakBUX/00xFNnKfxIMOMY06tMvRkg6/lYjEFs1JWSxZZF1DhElgYNDJ
# hOCYV94bW2Xd/xe3QXfJAlf1f2lvAocBe8F1fh7N6mTD0YExXlusvm5ROfEUChlO
# Qt+CkYlKwy2ag8j1tXdfEy9I8Hs71I3DYFUFKLf8Dq7mbsygST2nn40fNAWT8i/H
# u7K7Fna3ybtsz9tkb8HpkGYraIxU7TI9NE+5hd9U5sniduvTNt+9573V29lOOe3o
# ym164pzsVuks2m2jDRdWmBXjk5/aheU7SUTGJgY9uRapBBulDK+bJb02dRfrMNB7
# mYt/bbXkidLQ5e/N4K8xqHjS6rx4cm5T2porf8HzMmPbLzo6TsXWWdGip2qBWd78
# XIXdXeu7AZzKDfbeL58RCuiMJzQOlPquN7OgFERZ3DSvd+gLoRoSrowH7YHdjJl3
# N9ymL7QUgsqfWySwv/0gtbwXsjjev0z7XyJIjG80o1CQhV25hoo78mKm2Q1pBz+k
# aoWKkAlzrLPyjCezA6sWUNxh7DJ9UtN30z4B51sr95PxcLYjJAqOe0ZD+4FZySgH
# 0g0rLs7uZ1hw/LTr/sAQZUfniEiTf8MDXcNNUKd+oeYHAHXat25jWKXu+NObs6rn
# vow7/0ZzV6I=
# =nm/1
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 26 Jun 2025 01:47:33 EDT
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2025-06-26' of https://gitlab.com/thuth/qemu:
target/i386/emulate: replace FSF postal address with licenses URL
target/xtensa: replace FSF postal address with licenses URL
contrib: replace FSF postal address with licenses URL
scripts: replace FSF postal address with licenses URL
hw: replace FSF postal address with licenses URL
util/rcu.c: replace FSF postal address with licenses URL
include/qemu: replace FSF postal address with licenses URL
include/hw: replace FSF postal address with licenses URL
include/libdecnumber: replace FSF postal address with licenses URL
libdecnumber: replace FSF postal address with licenses URL
COPYING: replace FSF postal address with licenses URL
tests/vm: update openbsd image to 7.7
hw/s390x/ccw-device: Fix memory leak in loadparm setter
MAINTAINERS: add reviewers for some s390 areas
hw/s390x: support migration of CPI data
hw/s390x: add Control-Program Identification to QOM
hw/s390x: add SCLP event type CPI
MAINTAINERS: Yoshinori Sato email address has been updated
tests/functional/test_pc_cpu_hotplug_props: Set 'pc' machine type explicitly
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This patch introduces the vfio-user protocol specification (formerly
known as VFIO-over-socket), which is designed to allow devices to be
emulated outside QEMU, in a separate process. vfio-user reuses the
existing VFIO defines, structs and concepts.
It has been earlier discussed as an RFC in:
"RFC: use VFIO over a UNIX domain socket to implement device offloading"
Signed-off-by: Thanos Makatos <thanos.makatos@nutanix.com>
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250625193012.2316242-20-john.levon@nutanix.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Add new message to send multiple writes to server in a single message.
Prevents the outgoing queue from overflowing when a long latency
operation is followed by a series of posted writes.
Originally-by: John Johnson <john.g.johnson@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250625193012.2316242-18-john.levon@nutanix.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Support an asynchronous send of a vfio-user socket message (no wait for
a reply) when the write is posted. This is only safe when no regions are
mappable by the VM. Add an option to explicitly disable this as well.
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250625193012.2316242-17-john.levon@nutanix.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
By default, the vfio-user subsystem will wait 5 seconds for a message
reply from the server. Add an option to allow this to be configurable.
Originally-by: John Johnson <john.g.johnson@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250625193012.2316242-16-john.levon@nutanix.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Unlike most other messages, this is a server->client message, for when a
server wants to do "DMA"; this is slow, so normally the server has
memory directly mapped instead.
Originally-by: John Johnson <john.g.johnson@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250625193012.2316242-15-john.levon@nutanix.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
When the vfio-user container gets mapping updates, share them with the
vfio-user by sending a message; this can include the region fd, allowing
the server to directly mmap() the region as needed.
For performance, we only wait for the message responses when we're doing
with a series of updates via the listener_commit() callback.
Originally-by: John Johnson <john.g.johnson@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250625193012.2316242-14-john.levon@nutanix.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Hook this call up to the legacy reset handler for vfio-user-pci.
Originally-by: John Johnson <john.g.johnson@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250625193012.2316242-13-john.levon@nutanix.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
The user container will shortly need access to the underlying vfio-user
proxy; set this up.
Originally-by: John Johnson <john.g.johnson@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20250625193012.2316242-12-john.levon@nutanix.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
