linux-user: permit sendto() with NULL buf and 0 len

If you pass sendto() a NULL buffer, this is usually an error
(causing an EFAULT return); however if you pass a 0 length then
we should not try to

linux-user: permit sendto() with NULL buf and 0 len

If you pass sendto() a NULL buffer, this is usually an error
(causing an EFAULT return); however if you pass a 0 length then
we should not try to validate the buffer provided. Instead we
skip the copying of the user data and possible processing
through fd_trans_target_to_host_data, and call the host syscall
with NULL, 0.

(unlock_user() permits a NULL buffer pointer for "do nothing"
so we don't need to special case the unlock code.)

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3102
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251028142001.3011630-1-peter.maydell@linaro.org>

show more ...

linux-user: Use correct type for FIBMAP and FIGETBSZ emulation

Both the FIBMAP and FIGETBSZ ioctl get "int *" (pointer to 32bit
integer) as argument, not "long *" as specified in qemu. Using the
co

linux-user: Use correct type for FIBMAP and FIGETBSZ emulation

Both the FIBMAP and FIGETBSZ ioctl get "int *" (pointer to 32bit
integer) as argument, not "long *" as specified in qemu. Using the
correct type makes the emulation work in cross endian context.

Both ioctl does not seem to be documented. However the kernel
implementation has always used "int *".

Signed-off-by: Bastian Blank <waldi@debian.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3185
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Helge Deller <deller@gmx.de>
Reviwed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user/hexagon: Use an array for GPRs

Link: https://lore.kernel.org/qemu-devel/023e01dc389c$faf84320$f0e8c960$@gmail.com/
Suggested-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Tay

linux-user/hexagon: Use an array for GPRs

Link: https://lore.kernel.org/qemu-devel/023e01dc389c$faf84320$f0e8c960$@gmail.com/
Suggested-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>

show more ...

linux-user/hexagon: use abi_ulong

Change the user_regs_struct to use abi_ulong instead of
target_ulong.

Link: https://lore.kernel.org/qemu-devel/7bf3d8c5-df07-4cbd-ba62-4c7246a5f96b@linaro.org/
Sug

linux-user/hexagon: use abi_ulong

Change the user_regs_struct to use abi_ulong instead of
target_ulong.

Link: https://lore.kernel.org/qemu-devel/7bf3d8c5-df07-4cbd-ba62-4c7246a5f96b@linaro.org/
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>

show more ...

linux-user/hexagon: Fix sigcontext

In order to correspond with the kernel, we've now (1) moved the
preds[] to the right offset and combined the representation as a single
ulong "p3_0", (2), added th

linux-user/hexagon: Fix sigcontext

In order to correspond with the kernel, we've now (1) moved the
preds[] to the right offset and combined the representation as a single
ulong "p3_0", (2), added the cs{0,1} registers, (3) added a pad for 48
words, (4) added the user regs structure to an 8-byte aligned
target_sigcontext structure.

Co-authored-by: Alex Rønne Petersen <alex@alexrp.com>
Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>

show more ...

linux-user/microblaze: Fix little-endianness binary

MicroBlaze CPU model has a "little-endian" property, pointing to
the @endi internal field. Commit c36ec3a9655 ("hw/microblaze:
Explicit CPU endian

linux-user/microblaze: Fix little-endianness binary

MicroBlaze CPU model has a "little-endian" property, pointing to
the @endi internal field. Commit c36ec3a9655 ("hw/microblaze:
Explicit CPU endianness") took care of having all MicroBlaze
boards with an explicit default endianness, so later commit
415aae543ed ("target/microblaze: Consider endianness while
translating code") could infer the endianness at runtime from
the @endi field, and not a compile time via the TARGET_BIG_ENDIAN
definition. Doing so, we forgot to make the endianness explicit
on user emulation, so there all CPUs are started with the default
"little-endian=off" value, leading to breaking support for little
endian binaries:

$ readelf -h ./hello-world-mbel
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian

$ qemu-microblazeel ./hello-world-mbel
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)

Fix by restoring the previous behavior of starting with the
builtin endianness of the binary:

$ qemu-microblazeel ./hello-world-mbel
Hello World

Cc: qemu-stable@nongnu.org
Fixes: 415aae543ed ("target/microblaze: Consider endianness while translating code")
Reported-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Message-Id: <20251006173350.17455-1-philmd@linaro.org>

show more ...

linux-user: Support MADV_DONTDUMP, MADV_DODUMP

Set and clear PAGE_DONTDUMP, and honor that in vma_dump_size.

Signed-off-by: Jon Wilson <jonwilson030981@gmail.com>
[rth: Use new page_set_flags seman

linux-user: Support MADV_DONTDUMP, MADV_DODUMP

Set and clear PAGE_DONTDUMP, and honor that in vma_dump_size.

Signed-off-by: Jon Wilson <jonwilson030981@gmail.com>
[rth: Use new page_set_flags semantics; also handle DODUMP]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

accel/tcg: Add clear_flags argument to page_set_flags

Expand the interface of page_set_flags to separate the
set of flags to be set and the set of flags to be cleared.

This allows us to replace PAG

accel/tcg: Add clear_flags argument to page_set_flags

Expand the interface of page_set_flags to separate the
set of flags to be set and the set of flags to be cleared.

This allows us to replace PAGE_RESET with the PAGE_VALID
bit within clear_flags.

Replace PAGE_TARGET_STICKY with TARGET_PAGE_NOTSTICKY;
aarch64-linux-user is the only user.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user/aarch64: Enable GCS in HWCAP

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251008215613.300150-

linux-user/aarch64: Enable GCS in HWCAP

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251008215613.300150-71-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

linux-user/aarch64: Generate GCS signal records

Here we must push and pop a cap on the GCS stack as
well as the gcs record on the normal stack.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linar

linux-user/aarch64: Generate GCS signal records

Here we must push and pop a cap on the GCS stack as
well as the gcs record on the normal stack.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251008215613.300150-70-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

linux-user/aarch64: Inject SIGSEGV for GCS faults

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 202510082156

linux-user/aarch64: Inject SIGSEGV for GCS faults

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251008215613.300150-69-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

linux-user/aarch64: Implement map_shadow_stack syscall

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 2025100

linux-user/aarch64: Implement map_shadow_stack syscall

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251008215613.300150-67-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

linux-user/aarch64: Release gcs stack on thread exit

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 202510082

linux-user/aarch64: Release gcs stack on thread exit

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251008215613.300150-66-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

linux-user/aarch64: Allocate new gcs stack on clone

Allocate the new stack early, so that error reporting need
not clean up other objects.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org

linux-user/aarch64: Allocate new gcs stack on clone

Allocate the new stack early, so that error reporting need
not clean up other objects.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251008215613.300150-65-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

linux-user/aarch64: Implement prctls for GCS

This is PR_GET_SHADOW_STACK_STATUS, PR_SET_SHADOW_STACK_STATUS,
and PR_LOCK_SHADOW_STACK_STATUS.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.

linux-user/aarch64: Implement prctls for GCS

This is PR_GET_SHADOW_STACK_STATUS, PR_SET_SHADOW_STACK_STATUS,
and PR_LOCK_SHADOW_STACK_STATUS.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251008215613.300150-64-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

linux-user/syscall.c: sync RISC-V hwprobe with Linux

It has been awhile since the last sync. Let's bring QEMU hwprobe support
on par with Linux 6.17-rc4.

A lot of new RISCV_HWPROBE_KEY_* entities a

linux-user/syscall.c: sync RISC-V hwprobe with Linux

It has been awhile since the last sync. Let's bring QEMU hwprobe support
on par with Linux 6.17-rc4.

A lot of new RISCV_HWPROBE_KEY_* entities are added but this patch is
only adding support for ZICBOM_BLOCK_SIZE.

Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250903164043.2828336-1-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>

show more ...

target/arm: Move ID register field defs to cpu-features.h

Currently we define constants for the ID register fields in cpu.h.
This means they're defined for a lot more code in QEMU than actually
need

target/arm: Move ID register field defs to cpu-features.h

Currently we define constants for the ID register fields in cpu.h.
This means they're defined for a lot more code in QEMU than actually
needs them. Move them to cpu-features.h, which is where we define
the feature functions that test fields in these registers.

There's only one place where we need to use some of these macro
definitions that we weren't already including cpu-features.h:
linux-user/arm/target_proc.h. Otherwise this patch is a pure
movement of code from one file to the other.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* qom: Do not unparent in instance_finalize
* linux-user: avoid -Werror=int-in-bool-context
* docs: use the pyvenv version of

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* qom: Do not unparent in instance_finalize
* linux-user: avoid -Werror=int-in-bool-context
* docs: use the pyvenv version of Meson
* rust: parse attributes using the attrs crate
* rust: complete conversion of qdev properties to proc macro
* docs: clarify AI-generated content policy

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmjTnTgUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroNYUwf9EpJbiCN8Qif9JU3XQEaOMDGTDO07
# nMvn6RnRTFyn4iYzCc+pn6GFKWfJGZ6/cD9Qby7lyi3lHlhW8fLYbAcTXn1HoLNk
# lr/Ibmyaa8U2WP5u/QG+3dwn9zTgNFza3BFLguKrOhWjbv3ZL85xez29yChGgtYq
# sTUTigtl261JF4SvtOhzCMqUPo4wzqD0m0Vc/pjxrlgpHAb3rKf32Y6xPkNMVN84
# 81egbF0ZRtUbubjvGzPFstMdRcVBdrac5wnFPWum9GazuWwB4K8p2iBFdmuXMOhy
# NW6M8HP516zhoNk7bA5zQghxmhPWLXah4iA7MflAzLTI30s23TNIMCeJRw==
# =ug+J
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 24 Sep 2025 12:26:48 AM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [unknown]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (29 commits)
docs/code-provenance: AI exceptions are in addition to DCO
docs/code-provenance: make the exception process more prominent
docs/code-provenance: clarify scope very early
hw/xen: Do not unparent in instance_finalize()
vfio: Do not unparent in instance_finalize()
hw/sd/sdhci: Do not unparent in instance_finalize()
hv-balloon: hw/core/register: Do not unparent in instance_finalize()
hw/core/register: Do not unparent in instance_finalize()
vfio/pci: Do not unparent in instance_finalize()
docs/devel: Do not unparent in instance_finalize()
linux-user: avoid -Werror=int-in-bool-context
rust/qdev: Drop declare_properties & define_property macros
rust/hpet: Convert qdev properties to #property macro
rust/hpet: Clean up type mismatch for num_timers property
rust/qdev: Test bit property for #property
rust/qdev: Support bit property in #property macro
rust/qdev: Support property info for more common types
rust/qdev: Refine the documentation for QDevProp trait
rust/qdev: use addr_of! in QDevProp
rust/common/uninit: Fix Clippy's complaints about lifetime
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user: Split out begin_parallel_context

Move the test/flush/set block to a new function.
Use tb_flush__exclusive_or_serial while we're at it.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro

linux-user: Split out begin_parallel_context

Move the test/flush/set block to a new function.
Use tb_flush__exclusive_or_serial while we're at it.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

target/alpha: Simplify call_pal implementation

Since 288a5fe980f, we don't link translation blocks
directly to palcode entry points. If we load palbr
from env instead of encoding the constant, we a

target/alpha: Simplify call_pal implementation

Since 288a5fe980f, we don't link translation blocks
directly to palcode entry points. If we load palbr
from env instead of encoding the constant, we avoid
all need for tb_flush().

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user: Add syscall dispatch support

This commit adds support for the `prctl(PR_SET_SYSCALL_USER_DISPATCH)`
function in the Linux userspace emulator.

It is implemented as a fully host-independe

linux-user: Add syscall dispatch support

This commit adds support for the `prctl(PR_SET_SYSCALL_USER_DISPATCH)`
function in the Linux userspace emulator.

It is implemented as a fully host-independent function, by forcing
a SIGSYS early during syscall handling, if the PC is outside the
allowed range.

Since disabled SUD is indistinguishable from enabled SUD with
always-allowed region length == ~0, this encoding is used
instead of introducing a new flag.

Tested on [uglendix][1], will probably also apply to software like
tiny-wine, rpcsx, limbo, lazypoline, vicar, sysfail and endokernel,
to name a few.

[1]: https://sr.ht/~arusekk/uglendix

Signed-off-by: Arusekk <floss@arusekk.pl>
Message-ID: <20250711225226.14652-1-floss@arusekk.pl>
[rth: Split out is_vdso_sigreturn region matching and other minor tweaks.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user: Populate vdso_sigreturn_region_{start,end} from sigtramp page

When a target does not support a vdso, we generate a sigtramp page.
The only thing on this page is a (set of) signal return

linux-user: Populate vdso_sigreturn_region_{start,end} from sigtramp page

When a target does not support a vdso, we generate a sigtramp page.
The only thing on this page is a (set of) signal return syscalls.
We do not need to narrowly restrict the vdso_sigreturn_region;
simply record the entire page for all such targets.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user: Populate sigreturn_region_{start,end} in all vdso.S

Mark the regions which contain sigreturn syscalls within
each vdso. Rebuild the shared objects.

Signed-off-by: Richard Henderson <ri

linux-user: Populate sigreturn_region_{start,end} in all vdso.S

Mark the regions which contain sigreturn syscalls within
each vdso. Rebuild the shared objects.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user: Create vdso_sigreturn_region_{start,end}

These variables will be populated from the vdso, and used
for detecting whether we are executing the sigreturn.

Signed-off-by: Richard Henderson

linux-user: Create vdso_sigreturn_region_{start,end}

These variables will be populated from the vdso, and used
for detecting whether we are executing the sigreturn.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user: avoid -Werror=int-in-bool-context

linux-user is failing to compile on Fedora 43:

../linux-user/strace.c:57:66: error: enum constant in boolean context [-Werror=int-in-bool-context]
5

linux-user: avoid -Werror=int-in-bool-context

linux-user is failing to compile on Fedora 43:

../linux-user/strace.c:57:66: error: enum constant in boolean context [-Werror=int-in-bool-context]
57 | #define FLAG_BASIC(V, M, N) { V, M | QEMU_BUILD_BUG_ON_ZERO(!(M)), N }

The warning does not seem to be too useful and we could even disable it,
but the workaround is simple in this case.

Cc: qemu-stable@nongnu.org
Cc: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...