Merge tag 'hw-misc-20260407' of https://github.com/philmd/qemu into staging Misc HW patches Few fixes, mostly for VGA display models. # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmnVffgACgkQ4+MsLN6t # wN4vAw/+OpYUXgVIE82vn6eJQPewiFm/oq7Bi2iHWtB51JLGy+eckbVrahG5M74g # dvr2x+1APsweNizhkHz6m00UdCDmhli8N+p9xOa2F61LjYCszZBteR7DhMdPVF33 # GuptAXnyZZkeN0lvD+hYfk2KBNCGGOz2r96XUsuSoOS6BwgTzqlpaZ3mL4YaQbLD # KED9wsqqKHgUrgZa7yzH4IFx4iuQoRTEeXUfa/BOnYUMKs7zlf8+x8a/93GM2fqK # HRHi27Dw52DI0wSKZ97i67a+pP291S5BbSBnLb37HZeOdS5AUa3hHuoXKNhdd1O1 # PbQT1Rs0cPBkQ/YEeJySfQbRNS6fk2W/fz1yKVUaUzgWgXZxRJuAIml0JyudfhMr # g4/g882St0b8umQRqePgmCUHWeG/bpVvsRPZN+lm6jobpk69htbGtR0pYO/dRCkZ # aZWTGulPqnPNLMQG/qkYCFCPX4NpJfrl1VWSwCXRLt8d4r1CrnqmwfqmgQCsMkRd # UJtHqYeYPHT4ivW/Vbn3cEUY1c5kRLjlPjWO6mAZCKCwnPyK5p3f4hSStLJlra6k # /bidMyIJXvYHPCgHRzTDWsx2tV1tL3iyGlxEae3BTcPlUiXOczxsoKEqvg487nh6 # tmzodtsOHpNXnuZQb3rFdiGdzKUhhpobex7mKzef7xEFOKA2adk= # =7zMH # -----END PGP SIGNATURE----- # gpg: Signature made Tue Apr 7 22:58:16 2026 BST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * tag 'hw-misc-20260407' of https://github.com/philmd/qemu: ati-vga: Do not crash on 24 bits per pixel ati-vga: Update mode on CRTC_PITCH change ati-vga: Fix setting CRTC_OFFSET hw/arm/omap_sx1: map CS3 at the correct base cirrus-vga: Make frame buffer endianness little endian by default docs/about/removed-features: Replace 'since' -> 'removed in' Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst index 557a246..e75db08 100644 --- a/docs/about/removed-features.rst +++ b/docs/about/removed-features.rst
@@ -782,8 +782,8 @@ threads). For debugging purpose, please use ``-name $VM,debug-threads=on`` instead. -``migrate`` argument ``detach`` (since 11.0) -'''''''''''''''''''''''''''''''''''''''''''' +``migrate`` argument ``detach`` (removed in 11.0) +'''''''''''''''''''''''''''''''''''''''''''''''''' This argument has always been ignored. @@ -932,14 +932,14 @@ in a single thread context; in user mode atomicity was simply broken. From 10.0, QEMU has disabled configuration of 64-bit guests on 32-bit hosts. -32-bit MIPS (since 10.2) -'''''''''''''''''''''''' +32-bit MIPS (removed in 10.2) +''''''''''''''''''''''''''''' Debian 12 "Bookworm" removed support for 32-bit MIPS, making it hard to maintain our cross-compilation CI tests of the architecture. -32-bit PPC (since 10.2) -''''''''''''''''''''''' +32-bit PPC (removed in 10.2) +'''''''''''''''''''''''''''' The QEMU project no longer supports 32-bit host builds. @@ -1172,8 +1172,8 @@ Linux dropped support for this virtual machine type in kernel v3.7, and there was also no binary available online to use with that board. -Arm ``ast2700a0-evb`` machine (since 11.0) -'''''''''''''''''''''''''''''''''''''''''' +Arm ``ast2700a0-evb`` machine (removed in 11.0) +''''''''''''''''''''''''''''''''''''''''''''''' The ``ast2700a0-evb`` machine represents the first revision of the AST2700 and serves as the initial engineering sample rather than a production version. @@ -1290,8 +1290,8 @@ The 'pvrdma' device and the whole RDMA subsystem have been removed. -``-device sd-card,spec_version=1`` (since 10.2) -''''''''''''''''''''''''''''''''''''''''''''''' +``-device sd-card,spec_version=1`` (removed in 10.2) +'''''''''''''''''''''''''''''''''''''''''''''''''''' SD physical layer specification v2.00 supersedes the v1.10 one. @@ -1396,21 +1396,21 @@ VFIO devices ------------ -``-device vfio-calxeda-xgmac`` (since 10.2) -''''''''''''''''''''''''''''''''''''''''''' +``-device vfio-calxeda-xgmac`` (removed in 10.2) +'''''''''''''''''''''''''''''''''''''''''''''''' The vfio-calxeda-xgmac device allows to assign a host Calxeda Highbank 10Gb XGMAC Ethernet controller device ("calxeda,hb-xgmac" compatibility string) to a guest. Calxeda HW has been ewasted now and there is no point keeping that device. -``-device vfio-amd-xgbe`` (since 10.2) -'''''''''''''''''''''''''''''''''''''' +``-device vfio-amd-xgbe`` (removed in 10.2) +''''''''''''''''''''''''''''''''''''''''''' The vfio-amd-xgbe device allows to assign a host AMD 10GbE controller to a guest ("amd,xgbe-seattle-v1a" compatibility string). AMD "Seattle" is not supported anymore and there is no point keeping that device. -``-device vfio-platform`` (since 10.2) -'''''''''''''''''''''''''''''''''''''' +``-device vfio-platform`` (removed in 10.2) +''''''''''''''''''''''''''''''''''''''''''' The vfio-platform device allows to assign a host platform device to a guest in a generic manner. Integrating a new device into the vfio-platform infrastructure requires some adaptation at
diff --git a/hw/arm/omap_sx1.c b/hw/arm/omap_sx1.c index d858dab..bcb7105 100644 --- a/hw/arm/omap_sx1.c +++ b/hw/arm/omap_sx1.c
@@ -146,7 +146,7 @@ memory_region_init_io(&cs[3], NULL, &static_ops, &cs3val, "sx1.cs3", OMAP_CS3_SIZE); memory_region_add_subregion(address_space, - OMAP_CS2_BASE, &cs[3]); + OMAP_CS3_BASE, &cs[3]); fl_idx = 0; if ((dinfo = drive_get(IF_PFLASH, 0, fl_idx)) != NULL) {
diff --git a/hw/display/ati.c b/hw/display/ati.c index 97d871b..7bb57c4 100644 --- a/hw/display/ati.c +++ b/hw/display/ati.c
@@ -48,6 +48,19 @@ enum { VGA_MODE, EXT_MODE }; +static void ati_vga_set_offset(VGACommonState *vga, uint32_t offs) +{ + int bypp = DIV_ROUND_UP(vga->vbe_regs[VBE_DISPI_INDEX_BPP], BITS_PER_BYTE); + + if (!bypp || + vga->vbe_regs[VBE_DISPI_INDEX_YRES] * + vga->vbe_regs[VBE_DISPI_INDEX_VIRT_WIDTH] * bypp + offs > + vga->vbe_size) { + return; + } + vga->vbe_start_addr = offs / 4; +} + static void ati_vga_switch_mode(ATIVGAState *s) { DPRINTF("%d -> %d\n", @@ -109,26 +122,12 @@ vbe_ioport_write_data(&s->vga, 0, VBE_DISPI_ENABLED | VBE_DISPI_LFB_ENABLED | VBE_DISPI_NOCLEARMEM | (s->regs.dac_cntl & DAC_8BIT_EN ? VBE_DISPI_8BIT_DAC : 0)); - /* now set offset and stride after enable as that resets these */ + /* now set offset and stride because enable resets these */ if (stride) { - int bypp = DIV_ROUND_UP(bpp, BITS_PER_BYTE); - vbe_ioport_write_index(&s->vga, 0, VBE_DISPI_INDEX_VIRT_WIDTH); vbe_ioport_write_data(&s->vga, 0, stride); - stride *= bypp; - if (offs % stride) { - DPRINTF("CRTC offset is not multiple of pitch\n"); - vbe_ioport_write_index(&s->vga, 0, - VBE_DISPI_INDEX_X_OFFSET); - vbe_ioport_write_data(&s->vga, 0, offs % stride / bypp); - } - vbe_ioport_write_index(&s->vga, 0, VBE_DISPI_INDEX_Y_OFFSET); - vbe_ioport_write_data(&s->vga, 0, offs / stride); - DPRINTF("VBE offset (%d,%d), vbe_start_addr=%x\n", - s->vga.vbe_regs[VBE_DISPI_INDEX_X_OFFSET], - s->vga.vbe_regs[VBE_DISPI_INDEX_Y_OFFSET], - s->vga.vbe_start_addr); } + ati_vga_set_offset(&s->vga, offs); } } else { /* VGA mode enabled */ @@ -737,13 +736,18 @@ s->regs.crtc_v_sync_strt_wid = data & 0x9f0fff; break; case CRTC_OFFSET: - s->regs.crtc_offset = data & 0xc7ffffff; + s->regs.crtc_offset = data & 0x87fffff8; + ati_vga_set_offset(&s->vga, s->regs.crtc_offset & 0x07ffffff); break; case CRTC_OFFSET_CNTL: s->regs.crtc_offset_cntl = data; /* FIXME */ break; case CRTC_PITCH: - s->regs.crtc_pitch = data & 0x07ff07ff; + data &= 0x07ff07ff; + if (s->regs.crtc_pitch != data) { + s->regs.crtc_pitch = data; + ati_vga_switch_mode(s); + } break; case 0xf00 ... 0xfff: /* read-only copy of PCI config space so ignore writes */
diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c index 9baf6ff..f0f77ce 100644 --- a/hw/display/ati_2d.c +++ b/hw/display/ati_2d.c
@@ -265,6 +265,10 @@ { uint32_t filler = 0; + if (ctx->bpp == 24) { + qemu_log_mask(LOG_UNIMP, "Fill blt unsupported in 24 bits\n"); + return false; + } switch (ctx->rop3) { case ROP3_PATCOPY: filler = make_filler(ctx->bpp, ctx->frgd_clr); @@ -362,6 +366,11 @@ setup_2d_blt_ctx(s, &ctx); + if (ctx.bpp == 24) { + qemu_log_mask(LOG_UNIMP, + "host_data_blt: unsupported in 24 bits mode\n"); + return false; + } if (!ctx.left_to_right || !ctx.top_to_bottom) { qemu_log_mask(LOG_UNIMP, "host_data_blt: unsupported blit direction %c%c\n",
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c index 629b34f..48be3c8 100644 --- a/hw/display/cirrus_vga.c +++ b/hw/display/cirrus_vga.c
@@ -2930,6 +2930,8 @@ s->vga.cursor_invalidate = cirrus_cursor_invalidate; s->vga.cursor_draw_line = cirrus_cursor_draw_line; + s->vga.big_endian_fb = false; + qemu_register_reset(cirrus_reset, s); }