Re: [PATCH 04/31] docs: mark CRIS support as deprecated

[Alex Bennée]

Daniel P. Berrangé  writes:

> On Mon, Sep 25, 2023 at 03:48:27PM +0100, Alex Bennée wrote:
>> This might be premature but while streamling the avocado tests I
>> realised the only tests we have are "check-tcg" ones. The aging
>> fedora-criss-cross image works well enough for developers but can't be
>> used in CI as we need supported build platforms to build QEMU.
>> 
>> Does this mean the writing is on the wall for this architecture?
>> 
>> Signed-off-by: Alex Bennée 
>> Cc: Rabin Vincent 
>> Cc: Edgar E. Iglesias 
>> ---
>>  docs/about/deprecated.rst | 11 +++
>>  1 file changed, 11 insertions(+)
>> 
>> diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
>> index dc4da95329..7cfe313aa6 100644
>> --- a/docs/about/deprecated.rst
>> +++ b/docs/about/deprecated.rst
>> @@ -399,6 +399,17 @@ Specifying the iSCSI password in plain text on the 
>> command line using the
>>  used instead, to refer to a ``--object secret...`` instance that provides
>>  a password via a file, or encrypted.
>>  
>> +TCG CPUs
>> +
>> +
>> +CRIS CPU architecture (since 8.1)
>> +'''''''''''''''''''''''''''''''''
>> +
>> +The CRIS architecture was pulled from Linux in 4.17 and the compiler
>> +is no longer packaged in any distro making it harder to run the
>> +``check-tcg`` tests. Unless we can improve the testing situation there
>> +is a chance the code will bitrot without anyone noticing.
>
> Deprecated is generally a warning that we intend to delete the
> feature.   If we're just going to relegate it to untested
> status (what I'd call "tier 3" quality), then we should document
> that elsewhere.  I don't mind which way we go.

We do have reasonably good coverage with tests/tcg/cris but of course
without a compiler we can't build them.

Both nios2 and microblaze have build-toolchain scripts which can be used
to re-create containers. However my preference is having pre-built
toolchains hosted by others like we do for loongarch, hexagon, xtensa
and tricore. Then the docker image can simply curl them into an image.

-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

Re: [PATCH 08/31] configure: ensure dependency for cross-compile setup

[Alex Bennée]

Paolo Bonzini  writes:

> On 9/25/23 16:48, Alex Bennée wrote:
>> If we update configure we should make sure we regenerate all the
>> compiler details. We should also ensure those details are upto date
>> before building the TCG tests.
>> Signed-off-by: Alex Bennée 
>> ---
>>   configure | 2 ++
>>   1 file changed, 2 insertions(+)
>> diff --git a/configure b/configure
>> index e83872571d..a95e0f5767 100755
>> --- a/configure
>> +++ b/configure
>> @@ -1788,6 +1788,8 @@ for target in $target_list; do
>> echo "HOST_GDB_SUPPORTS_ARCH=y" >> "$config_target_mak"
>> fi
>>   +  echo "$config_target_mak: configure" >> Makefile.prereqs
>
> This in practice is not adding anything; if "configure" changes then
> Makefile's dependency on config-host.mak will trigger a configure
> rerun anyway.
>
> If you want to add it, you should also add it for other config-*.mak
> files.  However, I'd remove this line and just change
>
> -# 1. ensure config-host.mak is up-to-date
> +# 1. ensure config-host.mak is up-to-date.  All other config-*.mak
> +# files for subdirectories will be updated as well.

Peter ran into a mismatch between config-host.mak and
tests/tcg/foo/config-target.mak in his build system so it didn't get
picked up at one point.

>
> in the Makefile.
>
> Paolo


-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

[PATCH 04/31] docs: mark CRIS support as deprecated

[Alex Bennée]

This might be premature but while streamling the avocado tests I
realised the only tests we have are "check-tcg" ones. The aging
fedora-criss-cross image works well enough for developers but can't be
used in CI as we need supported build platforms to build QEMU.

Does this mean the writing is on the wall for this architecture?

Signed-off-by: Alex Bennée 
Cc: Rabin Vincent 
Cc: Edgar E. Iglesias 
---
 docs/about/deprecated.rst | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index dc4da95329..7cfe313aa6 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -399,6 +399,17 @@ Specifying the iSCSI password in plain text on the command 
line using the
 used instead, to refer to a ``--object secret...`` instance that provides
 a password via a file, or encrypted.
 
+TCG CPUs
+
+
+CRIS CPU architecture (since 8.1)
+'''''''''''''''''''''''''''''''''
+
+The CRIS architecture was pulled from Linux in 4.17 and the compiler
+is no longer packaged in any distro making it harder to run the
+``check-tcg`` tests. Unless we can improve the testing situation there
+is a chance the code will bitrot without anyone noticing.
+
 Backwards compatibility
 ---
 
-- 
2.39.2

[PATCH 23/31] plugins: Set final instruction count in plugin_gen_tb_end

[Alex Bennée]

From: Matt Borgerson 

Translation logic may partially decode an instruction, then abort and
remove the instruction from the TB. This can happen for example when an
instruction spans two pages. In this case, plugins may get an incorrect
result when calling qemu_plugin_tb_n_insns to query for the number of
instructions in the TB. This patch updates plugin_gen_tb_end to set the
final instruction count.

Signed-off-by: Matt Borgerson 
[AJB: added g_assert to defed API]
Signed-off-by: Alex Bennée 
Message-Id: 
---
 include/exec/plugin-gen.h | 4 ++--
 accel/tcg/plugin-gen.c| 6 +-
 accel/tcg/translator.c| 2 +-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/include/exec/plugin-gen.h b/include/exec/plugin-gen.h
index 52828781bc..c4552b5061 100644
--- a/include/exec/plugin-gen.h
+++ b/include/exec/plugin-gen.h
@@ -20,7 +20,7 @@ struct DisasContextBase;
 
 bool plugin_gen_tb_start(CPUState *cpu, const struct DisasContextBase *db,
  bool supress);
-void plugin_gen_tb_end(CPUState *cpu);
+void plugin_gen_tb_end(CPUState *cpu, size_t num_insns);
 void plugin_gen_insn_start(CPUState *cpu, const struct DisasContextBase *db);
 void plugin_gen_insn_end(void);
 
@@ -42,7 +42,7 @@ void plugin_gen_insn_start(CPUState *cpu, const struct 
DisasContextBase *db)
 static inline void plugin_gen_insn_end(void)
 { }
 
-static inline void plugin_gen_tb_end(CPUState *cpu)
+static inline void plugin_gen_tb_end(CPUState *cpu, size_t num_insns)
 { }
 
 static inline void plugin_gen_disable_mem_helpers(void)
diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
index 5c13615112..c0adc9f4b7 100644
--- a/accel/tcg/plugin-gen.c
+++ b/accel/tcg/plugin-gen.c
@@ -866,10 +866,14 @@ void plugin_gen_insn_end(void)
  * do any clean-up here and make sure things are reset in
  * plugin_gen_tb_start.
  */
-void plugin_gen_tb_end(CPUState *cpu)
+void plugin_gen_tb_end(CPUState *cpu, size_t num_insns)
 {
 struct qemu_plugin_tb *ptb = tcg_ctx->plugin_tb;
 
+/* translator may have removed instructions, update final count */
+g_assert(num_insns <= ptb->n);
+ptb->n = num_insns;
+
 /* collect instrumentation requests */
 qemu_plugin_tb_trans_cb(cpu, ptb);
 
diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index 37f8dadbbd..ff84282fe5 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -212,7 +212,7 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, 
int *max_insns,
 gen_tb_end(tb, cflags, icount_start_insn, db->num_insns);
 
 if (plugin_enabled) {
-plugin_gen_tb_end(cpu);
+plugin_gen_tb_end(cpu, db->num_insns);
 }
 
 /* The disas_log hook may use these values rather than recompute.  */
-- 
2.39.2

[PATCH 17/31] target/arm: Remove references to gdb_has_xml

[Alex Bennée]

From: Akihiko Odaki 

GDB has XML support since 6.7 which was released in 2007.
It's time to remove support for old GDB versions without XML support.

Signed-off-by: Akihiko Odaki 
Acked-by: Alex Bennée 
Message-Id: <20230912224107.29669-10-akihiko.od...@daynix.com>
Signed-off-by: Alex Bennée 
---
 target/arm/gdbstub.c | 32 ++--
 1 file changed, 2 insertions(+), 30 deletions(-)

diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
index 8fc8351df7..b7ace24bfc 100644
--- a/target/arm/gdbstub.c
+++ b/target/arm/gdbstub.c
@@ -46,21 +46,7 @@ int arm_cpu_gdb_read_register(CPUState *cs, GByteArray 
*mem_buf, int n)
 /* Core integer register.  */
 return gdb_get_reg32(mem_buf, env->regs[n]);
 }
-if (n < 24) {
-/* FPA registers.  */
-if (gdb_has_xml()) {
-return 0;
-}
-return gdb_get_zeroes(mem_buf, 12);
-}
-switch (n) {
-case 24:
-/* FPA status register.  */
-if (gdb_has_xml()) {
-return 0;
-}
-return gdb_get_reg32(mem_buf, 0);
-case 25:
+if (n == 25) {
 /* CPSR, or XPSR for M-profile */
 if (arm_feature(env, ARM_FEATURE_M)) {
 return gdb_get_reg32(mem_buf, xpsr_read(env));
@@ -100,21 +86,7 @@ int arm_cpu_gdb_write_register(CPUState *cs, uint8_t 
*mem_buf, int n)
 env->regs[n] = tmp;
 return 4;
 }
-if (n < 24) { /* 16-23 */
-/* FPA registers (ignored).  */
-if (gdb_has_xml()) {
-return 0;
-}
-return 12;
-}
-switch (n) {
-case 24:
-/* FPA status register (ignored).  */
-if (gdb_has_xml()) {
-return 0;
-}
-return 4;
-case 25:
+if (n == 25) {
 /* CPSR, or XPSR for M-profile */
 if (arm_feature(env, ARM_FEATURE_M)) {
 /*
-- 
2.39.2

[PATCH 18/31] target/ppc: Remove references to gdb_has_xml

[Alex Bennée]

From: Akihiko Odaki 

GDB has XML support since 6.7 which was released in 2007.
It's time to remove support for old GDB versions without XML support.

Signed-off-by: Akihiko Odaki 
Message-Id: <20230912224107.29669-11-akihiko.od...@daynix.com>
Signed-off-by: Alex Bennée 
---
 target/ppc/gdbstub.c | 18 --
 1 file changed, 18 deletions(-)

diff --git a/target/ppc/gdbstub.c b/target/ppc/gdbstub.c
index 778ef73bd7..ec5731e5d6 100644
--- a/target/ppc/gdbstub.c
+++ b/target/ppc/gdbstub.c
@@ -54,12 +54,6 @@ static int ppc_gdb_register_len(int n)
 case 0 ... 31:
 /* gprs */
 return sizeof(target_ulong);
-case 32 ... 63:
-/* fprs */
-if (gdb_has_xml()) {
-return 0;
-}
-return 8;
 case 66:
 /* cr */
 case 69:
@@ -74,12 +68,6 @@ static int ppc_gdb_register_len(int n)
 case 68:
 /* ctr */
 return sizeof(target_ulong);
-case 70:
-/* fpscr */
-if (gdb_has_xml()) {
-return 0;
-}
-return sizeof(target_ulong);
 default:
 return 0;
 }
@@ -132,9 +120,6 @@ int ppc_cpu_gdb_read_register(CPUState *cs, GByteArray 
*buf, int n)
 if (n < 32) {
 /* gprs */
 gdb_get_regl(buf, env->gpr[n]);
-} else if (n < 64) {
-/* fprs */
-gdb_get_reg64(buf, *cpu_fpr_ptr(env, n - 32));
 } else {
 switch (n) {
 case 64:
@@ -158,9 +143,6 @@ int ppc_cpu_gdb_read_register(CPUState *cs, GByteArray 
*buf, int n)
 case 69:
 gdb_get_reg32(buf, cpu_read_xer(env));
 break;
-case 70:
-gdb_get_reg32(buf, env->fpscr);
-break;
 }
 }
 mem_buf = buf->data + buf->len - r;
-- 
2.39.2

[PATCH 26/31] contrib/plugins: fix coverity warning in hotblocks

[Alex Bennée]

Coverity complains that we have an unbalance use of mutex leading to
potential deadlocks.

Fixes: CID 1519048
Signed-off-by: Alex Bennée 
---
 contrib/plugins/hotblocks.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/plugins/hotblocks.c b/contrib/plugins/hotblocks.c
index 6b74d25fea..4de1b13494 100644
--- a/contrib/plugins/hotblocks.c
+++ b/contrib/plugins/hotblocks.c
@@ -69,8 +69,8 @@ static void plugin_exit(qemu_plugin_id_t id, void *p)
 }
 
 g_list_free(it);
-g_mutex_unlock(&lock);
 }
+g_mutex_unlock(&lock);
 
 qemu_plugin_outs(report->str);
 }
-- 
2.39.2

[RFC PATCH 31/31] contrib/plugins: add iops plugin example for cost modelling

[Alex Bennée]

This plugin uses the new time control interface to make decisions
about the state of time during the emulation. The algorithm is
currently very simple. The user specifies an iops rate which applies
per core. If the core runs ahead of its allocated execution time the
plugin sleeps for a bit to let real time catch up. Either way time as
updated for the emulation as a function of total executed instructions
with some adjustments for cores that idle.

Signed-off-by: Alex Bennée 
Message-Id: <20230519170454.2353945-9-alex.ben...@linaro.org>

---
v2
  - fix various style issues
---
 contrib/plugins/iops.c   | 261 +++
 contrib/plugins/Makefile |   1 +
 2 files changed, 262 insertions(+)
 create mode 100644 contrib/plugins/iops.c

diff --git a/contrib/plugins/iops.c b/contrib/plugins/iops.c
new file mode 100644
index 00..6f8baca6f7
--- /dev/null
+++ b/contrib/plugins/iops.c
@@ -0,0 +1,261 @@
+/*
+ * iops rate limiting plugin.
+ *
+ * This plugin can be used to restrict the execution of a system to a
+ * particular number of Instructions Per Second (IOPS). This controls
+ * time as seen by the guest so while wall-clock time may be longer
+ * from the guests point of view time will pass at the normal rate.
+ *
+ * This uses the new plugin API which allows the plugin to control
+ * system time.
+ *
+ * Copyright (c) 2023 Linaro Ltd
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include 
+#include 
+#include 
+
+QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION;
+
+#define SLICES 10 /* the number of slices per second we compute delay */
+
+static GMutex global_state_lock;
+
+static uint64_t iops = 100;  /* iops rate, per core, per second */
+static uint64_t current_ticks;   /* current global ticks */
+static uint64_t next_check;  /* the next checkpoint for time */
+static bool precise_execution;   /* count every instruction */
+
+static int64_t systime_at_start;  /* time we started the first vCPU */
+
+static const uint64_t nsec_per_sec = 10;
+static const void *time_handle;
+
+/*
+ * We need to track the number of instructions each vCPU has executed
+ * as well as what its current state is. We need to account for time
+ * passing while a vCPU is idle.
+ */
+
+typedef enum {
+UNKNOWN = 0,
+CREATED,
+EXECUTING,
+IDLE,
+FINISHED
+} vCPUState;
+
+typedef struct {
+/* pointer to vcpu counter entry */
+uint64_t *counter;
+vCPUState state;
+/* timestamp when vCPU entered state */
+uint64_t state_time;
+/* number of ns vCPU was idle */
+uint64_t total_idle;
+} vCPUTime;
+
+GArray *vcpus;
+uint64_t *vcpu_counters;
+
+/*
+ * Get the vcpu structure for this vCPU. We don't do any locking here
+ * as only one vCPU will ever access its own structure.
+ */
+static vCPUTime *get_vcpu(int cpu_index)
+{
+return &g_array_index(vcpus, vCPUTime, cpu_index);
+}
+
+/*
+ * When emulation is running faster than real time this is the point
+ * we can throttle the execution of a given vCPU. Either way we can
+ * now tell the system to move time forward.
+ */
+static void update_system_time(int64_t vcpu_ticks)
+{
+int64_t now = g_get_real_time();
+int64_t real_runtime_ns = now - systime_at_start;
+
+g_mutex_lock(&global_state_lock);
+/* now we have the lock double check we are fastest */
+if (vcpu_ticks > next_check) {
+
+int64_t tick_runtime_ns = (vcpu_ticks / iops) * nsec_per_sec;
+if (tick_runtime_ns > real_runtime_ns) {
+int64_t sleep_us = (tick_runtime_ns - real_runtime_ns) / 1000;
+g_usleep(sleep_us);
+}
+
+/* Having slept we can now move the clocks forward */
+qemu_plugin_update_ns(time_handle, vcpu_ticks);
+current_ticks = vcpu_ticks;
+next_check = iops / SLICES;
+}
+g_mutex_unlock(&global_state_lock);
+}
+
+/*
+ * State tracking
+ */
+static void vcpu_init(qemu_plugin_id_t id, unsigned int cpu_index)
+{
+vCPUTime *vcpu = get_vcpu(cpu_index);
+vcpu->state = CREATED;
+vcpu->state_time = *vcpu->counter;
+
+g_mutex_lock(&global_state_lock);
+if (!systime_at_start) {
+systime_at_start = g_get_real_time();
+}
+g_mutex_unlock(&global_state_lock);
+}
+
+static void vcpu_idle(qemu_plugin_id_t id, unsigned int cpu_index)
+{
+vCPUTime *vcpu = get_vcpu(cpu_index);
+vcpu->state = IDLE;
+vcpu->state_time = *vcpu->counter;
+
+/* handle when we are the last vcpu to sleep here */
+}
+
+static void vcpu_resume(qemu_plugin_id_t id, unsigned int cpu_index)
+{
+vCPUTime *vcpu = get_vcpu(cpu_index);
+
+/*
+ * Now we need to reset counter to something approximating the
+ * current time, however we only update current_ticks when a block
+ * exceeds next_check. If the vCPU has been asleep for awhile this
+ * will probably do, otherwise lets pick somewhere between
+ * current

[PATCH 11/31] plugins: Check if vCPU is realized

[Alex Bennée]

From: Akihiko Odaki 

The created member of CPUState tells if the vCPU thread is started, and
will be always false for the user space emulation that manages threads
independently. Use the realized member of DeviceState, which is valid
for both of the system and user space emulation.

Fixes: 54cb65d858 ("plugin: add core code")
Signed-off-by: Akihiko Odaki 
Message-Id: <20230912224107.29669-4-akihiko.od...@daynix.com>
Signed-off-by: Alex Bennée 
---
 plugins/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/core.c b/plugins/core.c
index 3c4e26c7ed..fcd33a2bff 100644
--- a/plugins/core.c
+++ b/plugins/core.c
@@ -64,7 +64,7 @@ static void plugin_cpu_update__locked(gpointer k, gpointer v, 
gpointer udata)
 CPUState *cpu = container_of(k, CPUState, cpu_index);
 run_on_cpu_data mask = RUN_ON_CPU_HOST_ULONG(*plugin.mask);
 
-if (cpu->created) {
+if (DEVICE(cpu)->realized) {
 async_run_on_cpu(cpu, plugin_cpu_update__async, mask);
 } else {
 plugin_cpu_update__async(cpu, mask);
-- 
2.39.2

[RFC PATCH 29/31] sysemu: generalise qtest_warp_clock as qemu_clock_advance_virtual_time

[Alex Bennée]

Move the key functionality of moving time forward into the clock
sub-system itself. This will allow us to plumb in time control into
plugins.

Signed-off-by: Alex Bennée 
Message-Id: <20230519170454.2353945-7-alex.ben...@linaro.org>

---
v2
  - rename arg to target_ns
---
 include/qemu/timer.h | 15 +++
 softmmu/qtest.c  | 24 ++--
 util/qemu-timer.c| 26 ++
 3 files changed, 43 insertions(+), 22 deletions(-)

diff --git a/include/qemu/timer.h b/include/qemu/timer.h
index 9a91cb1248..aa30f693b0 100644
--- a/include/qemu/timer.h
+++ b/include/qemu/timer.h
@@ -245,6 +245,21 @@ bool qemu_clock_run_timers(QEMUClockType type);
  */
 bool qemu_clock_run_all_timers(void);
 
+/**
+ * qemu_clock_advance_virtual_time(): advance the virtual time tick
+ * @target_ns: target time in nanoseconds
+ *
+ * This function is used where the control of the flow of time has
+ * been delegated to outside the clock subsystem (be it qtest, icount
+ * or some other external source). You can ask the clock system to
+ * return @early at the first expired timer.
+ *
+ * Time can only move forward, attempts to reverse time would lead to
+ * an error.
+ *
+ * Returns: new virtual time.
+ */
+int64_t qemu_clock_advance_virtual_time(int64_t target_ns);
 
 /*
  * QEMUTimerList
diff --git a/softmmu/qtest.c b/softmmu/qtest.c
index bac1962efb..72a2ee7a31 100644
--- a/softmmu/qtest.c
+++ b/softmmu/qtest.c
@@ -336,26 +336,6 @@ void qtest_set_virtual_clock(int64_t count)
 qatomic_set_i64(&qtest_clock_counter, count);
 }
 
-static void qtest_clock_warp(int64_t dest)
-{
-int64_t clock = cpus_get_virtual_clock();
-AioContext *aio_context;
-assert(qtest_enabled());
-aio_context = qemu_get_aio_context();
-while (clock < dest) {
-int64_t deadline = qemu_clock_deadline_ns_all(QEMU_CLOCK_VIRTUAL,
-  QEMU_TIMER_ATTR_ALL);
-int64_t warp = qemu_soonest_timeout(dest - clock, deadline);
-
-cpus_set_virtual_clock(cpus_get_virtual_clock() + warp);
-
-qemu_clock_run_timers(QEMU_CLOCK_VIRTUAL);
-timerlist_run_timers(aio_context->tlg.tl[QEMU_CLOCK_VIRTUAL]);
-clock = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
-}
-qemu_clock_notify(QEMU_CLOCK_VIRTUAL);
-}
-
 static bool (*process_command_cb)(CharBackend *chr, gchar **words);
 
 void qtest_set_command_cb(bool (*pc_cb)(CharBackend *chr, gchar **words))
@@ -754,7 +734,7 @@ static void qtest_process_command(CharBackend *chr, gchar 
**words)
 ns = qemu_clock_deadline_ns_all(QEMU_CLOCK_VIRTUAL,
 QEMU_TIMER_ATTR_ALL);
 }
-qtest_clock_warp(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + ns);
+qemu_clock_advance_virtual_time(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) 
+ ns);
 qtest_send_prefix(chr);
 qtest_sendf(chr, "OK %"PRIi64"\n",
 (int64_t)qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL));
@@ -780,7 +760,7 @@ static void qtest_process_command(CharBackend *chr, gchar 
**words)
 g_assert(words[1]);
 ret = qemu_strtoi64(words[1], NULL, 0, &ns);
 g_assert(ret == 0);
-qtest_clock_warp(ns);
+qemu_clock_advance_virtual_time(ns);
 qtest_send_prefix(chr);
 qtest_sendf(chr, "OK %"PRIi64"\n",
 (int64_t)qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL));
diff --git a/util/qemu-timer.c b/util/qemu-timer.c
index 6a0de33dd2..213114be68 100644
--- a/util/qemu-timer.c
+++ b/util/qemu-timer.c
@@ -645,6 +645,11 @@ int64_t qemu_clock_get_ns(QEMUClockType type)
 }
 }
 
+static void qemu_virtual_clock_set_ns(int64_t time)
+{
+return cpus_set_virtual_clock(time);
+}
+
 void init_clocks(QEMUTimerListNotifyCB *notify_cb)
 {
 QEMUClockType type;
@@ -675,3 +680,24 @@ bool qemu_clock_run_all_timers(void)
 
 return progress;
 }
+
+int64_t qemu_clock_advance_virtual_time(int64_t dest)
+{
+int64_t clock = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+AioContext *aio_context;
+aio_context = qemu_get_aio_context();
+while (clock < dest) {
+int64_t deadline = qemu_clock_deadline_ns_all(QEMU_CLOCK_VIRTUAL,
+  QEMU_TIMER_ATTR_ALL);
+int64_t warp = qemu_soonest_timeout(dest - clock, deadline);
+
+qemu_virtual_clock_set_ns(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 
warp);
+
+qemu_clock_run_timers(QEMU_CLOCK_VIRTUAL);
+timerlist_run_timers(aio_context->tlg.tl[QEMU_CLOCK_VIRTUAL]);
+clock = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+}
+qemu_clock_notify(QEMU_CLOCK_VIRTUAL);
+
+return clock;
+}
-- 
2.39.2

[PATCH 21/31] accel/tcg: Add plugin_enabled to DisasContextBase

[Alex Bennée]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Message-Id: <20230824181233.1568795-2-richard.hender...@linaro.org>
Signed-off-by: Alex Bennée 
---
 include/exec/translator.h | 2 ++
 accel/tcg/translator.c| 1 +
 2 files changed, 3 insertions(+)

diff --git a/include/exec/translator.h b/include/exec/translator.h
index 4e17c4f401..bf5bac260a 100644
--- a/include/exec/translator.h
+++ b/include/exec/translator.h
@@ -72,6 +72,7 @@ typedef enum DisasJumpType {
  * @num_insns: Number of translated instructions (including current).
  * @max_insns: Maximum number of instructions to be translated in this TB.
  * @singlestep_enabled: "Hardware" single stepping enabled.
+ * @plugin_enabled: TCG plugin enabled in this TB.
  *
  * Architecture-agnostic disassembly context.
  */
@@ -83,6 +84,7 @@ typedef struct DisasContextBase {
 int num_insns;
 int max_insns;
 bool singlestep_enabled;
+bool plugin_enabled;
 void *host_addr[2];
 } DisasContextBase;
 
diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index 1a6a5448c8..37f8dadbbd 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -156,6 +156,7 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, 
int *max_insns,
 tcg_debug_assert(db->is_jmp == DISAS_NEXT);  /* no early exit */
 
 plugin_enabled = plugin_gen_tb_start(cpu, db, cflags & CF_MEMI_ONLY);
+db->plugin_enabled = plugin_enabled;
 
 while (true) {
 *max_insns = ++db->num_insns;
-- 
2.39.2

[PATCH 16/31] gdbstub: Use g_markup_printf_escaped()

[Alex Bennée]

From: Akihiko Odaki 

g_markup_printf_escaped() is a safer alternative to simple printf() as
it automatically escapes values.

Signed-off-by: Akihiko Odaki 
Message-Id: <20230912224107.29669-9-akihiko.od...@daynix.com>
Signed-off-by: Alex Bennée 
---
 gdbstub/gdbstub.c | 36 +---
 1 file changed, 21 insertions(+), 15 deletions(-)

diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c
index 9db4af41c1..a4f2bf3723 100644
--- a/gdbstub/gdbstub.c
+++ b/gdbstub/gdbstub.c
@@ -373,28 +373,34 @@ static const char *get_feature_xml(const char *p, const 
char **newp,
 if (strncmp(p, "target.xml", len) == 0) {
 if (!process->target_xml) {
 GDBRegisterState *r;
-GString *xml = g_string_new("");
+g_autoptr(GPtrArray) xml = g_ptr_array_new_with_free_func(g_free);
 
-g_string_append(xml,
-""
-"");
+g_ptr_array_add(
+xml,
+g_strdup(""
+ ""
+ ""));
 
 if (cc->gdb_arch_name) {
-g_string_append_printf(xml,
-   "%s",
-   cc->gdb_arch_name(cpu));
+g_ptr_array_add(
+xml,
+g_markup_printf_escaped("%s",
+cc->gdb_arch_name(cpu)));
 }
-g_string_append(xml, "gdb_core_xml_file);
-g_string_append(xml, "\"/>");
+g_ptr_array_add(
+xml,
+g_markup_printf_escaped("",
+cc->gdb_core_xml_file));
 for (r = cpu->gdb_regs; r; r = r->next) {
-g_string_append(xml, "xml);
-g_string_append(xml, "\"/>");
+g_ptr_array_add(
+xml,
+g_markup_printf_escaped("",
+r->xml));
 }
-g_string_append(xml, "");
+g_ptr_array_add(xml, g_strdup(""));
+g_ptr_array_add(xml, NULL);
 
-process->target_xml = g_string_free(xml, false);
+process->target_xml = g_strjoinv(NULL, (void *)xml->pdata);
 }
 return process->target_xml;
 }
-- 
2.39.2

[RFC PATCH 30/31] plugins: add time control API

[Alex Bennée]

Expose the ability to control time through the plugin API. Only one
plugin can control time so it has to request control when loaded.
There are probably more corner cases to catch here.

Signed-off-by: Alex Bennée 
Message-Id: <20230519170454.2353945-8-alex.ben...@linaro.org>

---
v2
  - ifdef for SOFTMMU only
  - fix checkpatch warnings
---
 include/qemu/qemu-plugin.h   | 19 +++
 plugins/api.c| 28 
 plugins/qemu-plugins.symbols |  2 ++
 3 files changed, 49 insertions(+)

diff --git a/include/qemu/qemu-plugin.h b/include/qemu/qemu-plugin.h
index 50a9957279..898385d92d 100644
--- a/include/qemu/qemu-plugin.h
+++ b/include/qemu/qemu-plugin.h
@@ -536,7 +536,26 @@ void qemu_plugin_register_vcpu_mem_inline(struct 
qemu_plugin_insn *insn,
   enum qemu_plugin_op op, void *ptr,
   uint64_t imm);
 
+/**
+ * qemu_plugin_request_time_control() - request the ability to control time
+ *
+ * This grants the plugin the ability to control system time. Only one
+ * plugin can control time so if multiple plugins request the ability
+ * all but the first will fail.
+ *
+ * Returns an opaque handle or NULL if fails
+ */
+const void *qemu_plugin_request_time_control(void);
 
+/**
+ * qemu_plugin_update_ns() - update system emulation time
+ * @handle: opaque handle returned by qemu_plugin_request_time_control()
+ * @new_time_ns: time in nanoseconds
+ *
+ * This allows an appropriately authorised plugin (i.e. holding the
+ * time control handle) to move system time forward to @new_time_ns.
+ */
+void qemu_plugin_update_ns(const void *handle, int64_t new_time_ns);
 
 typedef void
 (*qemu_plugin_vcpu_syscall_cb_t)(qemu_plugin_id_t id, unsigned int vcpu_index,
diff --git a/plugins/api.c b/plugins/api.c
index 5521b0ad36..a1d413dc2d 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -37,6 +37,7 @@
 #include "qemu/osdep.h"
 #include "qemu/plugin.h"
 #include "qemu/log.h"
+#include "qemu/timer.h"
 #include "tcg/tcg.h"
 #include "exec/exec-all.h"
 #include "exec/ram_addr.h"
@@ -427,3 +428,30 @@ uint64_t qemu_plugin_entry_code(void)
 #endif
 return entry;
 }
+
+/*
+ * Time control
+ */
+#ifdef CONFIG_SOFTMMU
+static bool has_control;
+#endif
+
+const void *qemu_plugin_request_time_control(void)
+{
+#ifdef CONFIG_SOFTMMU
+if (!has_control) {
+has_control = true;
+return &has_control;
+}
+#endif
+return NULL;
+}
+
+void qemu_plugin_update_ns(const void *handle, int64_t new_time)
+{
+#ifdef CONFIG_SOFTMMU
+if (handle == &has_control) {
+qemu_clock_advance_virtual_time(new_time);
+}
+#endif
+}
diff --git a/plugins/qemu-plugins.symbols b/plugins/qemu-plugins.symbols
index 71f6c90549..91b882fecc 100644
--- a/plugins/qemu-plugins.symbols
+++ b/plugins/qemu-plugins.symbols
@@ -35,11 +35,13 @@
   qemu_plugin_register_vcpu_tb_exec_cb;
   qemu_plugin_register_vcpu_tb_exec_inline;
   qemu_plugin_register_vcpu_tb_trans_cb;
+  qemu_plugin_request_time_control;
   qemu_plugin_reset;
   qemu_plugin_start_code;
   qemu_plugin_tb_get_insn;
   qemu_plugin_tb_n_insns;
   qemu_plugin_tb_vaddr;
   qemu_plugin_uninstall;
+  qemu_plugin_update_ns;
   qemu_plugin_vcpu_for_each;
 };
-- 
2.39.2

[PATCH 25/31] contrib/plugins: fix coverity warning in lockstep

[Alex Bennée]

Coverity complains that e don't check for a truncation when copying in
the path. Bail if we can't copy the whole path into sockaddr.

Fixes: CID 1519045
Fixes: CID 1519046
Signed-off-by: Alex Bennée 
---
 contrib/plugins/lockstep.c | 13 +++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/contrib/plugins/lockstep.c b/contrib/plugins/lockstep.c
index 682b11feb2..f0cb8792c6 100644
--- a/contrib/plugins/lockstep.c
+++ b/contrib/plugins/lockstep.c
@@ -245,6 +245,7 @@ static void vcpu_tb_trans(qemu_plugin_id_t id, struct 
qemu_plugin_tb *tb)
 static bool setup_socket(const char *path)
 {
 struct sockaddr_un sockaddr;
+const gsize pathlen = sizeof(sockaddr.sun_path) - 1;
 int fd;
 
 fd = socket(AF_UNIX, SOCK_STREAM, 0);
@@ -254,7 +255,11 @@ static bool setup_socket(const char *path)
 }
 
 sockaddr.sun_family = AF_UNIX;
-g_strlcpy(sockaddr.sun_path, path, sizeof(sockaddr.sun_path) - 1);
+if (g_strlcpy(sockaddr.sun_path, path, pathlen) >= pathlen) {
+perror("bad path");
+return false;
+}
+
 if (bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr)) < 0) {
 perror("bind socket");
 close(fd);
@@ -287,6 +292,7 @@ static bool connect_socket(const char *path)
 {
 int fd;
 struct sockaddr_un sockaddr;
+const gsize pathlen = sizeof(sockaddr.sun_path) - 1;
 
 fd = socket(AF_UNIX, SOCK_STREAM, 0);
 if (fd < 0) {
@@ -295,7 +301,10 @@ static bool connect_socket(const char *path)
 }
 
 sockaddr.sun_family = AF_UNIX;
-g_strlcpy(sockaddr.sun_path, path, sizeof(sockaddr.sun_path) - 1);
+if (g_strlcpy(sockaddr.sun_path, path, pathlen) >= pathlen) {
+perror("bad path");
+return false;
+}
 
 if (connect(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr)) < 0) {
 perror("failed to connect");
-- 
2.39.2

[PATCH 22/31] target/sh4: Disable decode_gusa when plugins enabled

[Alex Bennée]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Message-Id: <20230824181233.1568795-3-richard.hender...@linaro.org>
Signed-off-by: Alex Bennée 
---
 target/sh4/translate.c | 41 +
 1 file changed, 29 insertions(+), 12 deletions(-)

diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index c1e590feb3..b4dee34c9a 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -1816,6 +1816,18 @@ static void decode_opc(DisasContext * ctx)
 }
 
 #ifdef CONFIG_USER_ONLY
+/*
+ * Restart with the EXCLUSIVE bit set, within a TB run via
+ * cpu_exec_step_atomic holding the exclusive lock.
+ */
+static void gen_restart_exclusive(DisasContext *ctx)
+{
+ctx->envflags |= TB_FLAG_GUSA_EXCLUSIVE;
+gen_save_cpu_state(ctx, false);
+gen_helper_exclusive(cpu_env);
+ctx->base.is_jmp = DISAS_NORETURN;
+}
+
 /* For uniprocessors, SH4 uses optimistic restartable atomic sequences.
Upon an interrupt, a real kernel would simply notice magic values in
the registers and reset the PC to the start of the sequence.
@@ -2149,12 +2161,7 @@ static void decode_gusa(DisasContext *ctx, CPUSH4State 
*env)
 qemu_log_mask(LOG_UNIMP, "Unrecognized gUSA sequence %08x-%08x\n",
   pc, pc_end);
 
-/* Restart with the EXCLUSIVE bit set, within a TB run via
-   cpu_exec_step_atomic holding the exclusive lock.  */
-ctx->envflags |= TB_FLAG_GUSA_EXCLUSIVE;
-gen_save_cpu_state(ctx, false);
-gen_helper_exclusive(cpu_env);
-ctx->base.is_jmp = DISAS_NORETURN;
+gen_restart_exclusive(ctx);
 
 /* We're not executing an instruction, but we must report one for the
purposes of accounting within the TB.  We might as well report the
@@ -2242,12 +2249,22 @@ static void sh4_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cs)
 #ifdef CONFIG_USER_ONLY
 if (unlikely(ctx->envflags & TB_FLAG_GUSA_MASK)
 && !(ctx->envflags & TB_FLAG_GUSA_EXCLUSIVE)) {
-/* We're in an gUSA region, and we have not already fallen
-   back on using an exclusive region.  Attempt to parse the
-   region into a single supported atomic operation.  Failure
-   is handled within the parser by raising an exception to
-   retry using an exclusive region.  */
-decode_gusa(ctx, env);
+/*
+ * We're in an gUSA region, and we have not already fallen
+ * back on using an exclusive region.  Attempt to parse the
+ * region into a single supported atomic operation.  Failure
+ * is handled within the parser by raising an exception to
+ * retry using an exclusive region.
+ *
+ * Parsing the region in one block conflicts with plugins,
+ * so always use exclusive mode if plugins enabled.
+ */
+if (ctx->base.plugin_enabled) {
+gen_restart_exclusive(ctx);
+ctx->base.pc_next += 2;
+} else {
+decode_gusa(ctx, env);
+}
 return;
 }
 #endif
-- 
2.39.2

[PATCH 14/31] target/arm: Move the reference to arm-core.xml

[Alex Bennée]

From: Akihiko Odaki 

Some subclasses overwrite gdb_core_xml_file member but others don't.
Always initialize the member in the subclasses for consistency.

This especially helps for AArch64; in a following change, the file
specified by gdb_core_xml_file is always looked up even if it's going to
be overwritten later. Looking up arm-core.xml results in an error as
it will not be embedded in the AArch64 build.

Signed-off-by: Akihiko Odaki 
Reviewed-by: Richard Henderson 
Message-Id: <20230912224107.29669-7-akihiko.od...@daynix.com>
Signed-off-by: Alex Bennée 
---
 target/arm/cpu.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index b9e09a702d..10fcc61701 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -2393,7 +2393,6 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
*data)
 cc->sysemu_ops = &arm_sysemu_ops;
 #endif
 cc->gdb_num_core_regs = 26;
-cc->gdb_core_xml_file = "arm-core.xml";
 cc->gdb_arch_name = arm_gdb_arch_name;
 cc->gdb_get_dynamic_xml = arm_gdb_get_dynamic_xml;
 cc->gdb_stop_before_watchpoint = true;
@@ -2415,8 +2414,10 @@ static void arm_cpu_instance_init(Object *obj)
 static void cpu_register_class_init(ObjectClass *oc, void *data)
 {
 ARMCPUClass *acc = ARM_CPU_CLASS(oc);
+CPUClass *cc = CPU_CLASS(acc);
 
 acc->info = data;
+cc->gdb_core_xml_file = "arm-core.xml";
 }
 
 void arm_cpu_register(const ARMCPUInfo *info)
-- 
2.39.2

[PATCH 05/31] tests/docker: make docker engine choice entirely configure driven

[Alex Bennée]

Since 0b1a649047 (tests/docker: use direct RUNC call to build
containers) we ended up with the potential for the remaining docker.py
script calls to deviate from the direct RUNC calls. Fix this by
dropping the use of ENGINE in the makefile and rely entirely on what
we detect at configure time.

Signed-off-by: Alex Bennée 
---
 configure | 1 -
 tests/docker/Makefile.include | 7 ++-
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/configure b/configure
index e08127045d..707132a3ae 100755
--- a/configure
+++ b/configure
@@ -1694,7 +1694,6 @@ if test -n "$gdb_bin"; then
 fi
 
 if test "$container" != no; then
-echo "ENGINE=$container" >> $config_host_mak
 echo "RUNC=$runc" >> $config_host_mak
 fi
 echo "SUBDIRS=$subdirs" >> $config_host_mak
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index dfabafab92..035d272be9 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -17,8 +17,7 @@ endif
 DOCKER_REGISTRY := $(if $(REGISTRY),$(REGISTRY),$(DOCKER_DEFAULT_REGISTRY))
 
 RUNC ?= docker
-ENGINE ?= auto
-DOCKER_SCRIPT=$(SRC_PATH)/tests/docker/docker.py --engine $(ENGINE)
+DOCKER_SCRIPT=$(SRC_PATH)/tests/docker/docker.py --engine $(RUNC)
 
 CUR_TIME := $(shell date +%Y-%m-%d-%H.%M.%S.)
 DOCKER_SRC_COPY := $(BUILD_DIR)/docker-src.$(CUR_TIME)
@@ -158,7 +157,7 @@ $(foreach i,$(filter-out 
$(DOCKER_PARTIAL_IMAGES),$(DOCKER_IMAGES)), \
 )
 
 docker:
-   @echo 'Build QEMU and run tests inside Docker or Podman containers'
+   @echo 'Build QEMU and run tests inside $(RUNC) containers'
@echo
@echo 'Available targets:'
@echo
@@ -198,8 +197,6 @@ docker:
@echo 'EXECUTABLE=Include executable in image.'
@echo 'EXTRA_FILES=" [... ]"'
@echo ' Include extra files in image.'
-   @echo 'ENGINE=auto/docker/podman'
-   @echo ' Specify which container engine to run.'
@echo 'REGISTRY=url Cache builds from registry 
(default:$(DOCKER_REGISTRY))'
 
 docker-help: docker
-- 
2.39.2

[RFC PATCH 27/31] sysemu: add set_virtual_time to accel ops

[Alex Bennée]

We are about to remove direct calls to individual accelerators for
this information and will need a central point for plugins to hook
into time changes.

Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20230519170454.2353945-5-alex.ben...@linaro.org>

---
v2
  - more kerneldoc annotations
---
 include/sysemu/accel-ops.h| 18 -
 include/sysemu/cpu-timers.h   | 27 ++-
 softmmu/cpus.c| 11 
 ...t-virtual-clock.c => cpus-virtual-clock.c} |  5 
 stubs/meson.build |  2 +-
 5 files changed, 60 insertions(+), 3 deletions(-)
 rename stubs/{cpus-get-virtual-clock.c => cpus-virtual-clock.c} (68%)

diff --git a/include/sysemu/accel-ops.h b/include/sysemu/accel-ops.h
index 3c1fab4b1e..224e85a649 100644
--- a/include/sysemu/accel-ops.h
+++ b/include/sysemu/accel-ops.h
@@ -20,7 +20,12 @@
 typedef struct AccelOpsClass AccelOpsClass;
 DECLARE_CLASS_CHECKERS(AccelOpsClass, ACCEL_OPS, TYPE_ACCEL_OPS)
 
-/* cpus.c operations interface */
+/**
+ * struct AccelOpsClass - accelerator interfaces
+ *
+ * This structure is used to abstract accelerator differences from the
+ * core CPU code. Not all have to be implemented.
+ */
 struct AccelOpsClass {
 /*< private >*/
 ObjectClass parent_class;
@@ -43,7 +48,18 @@ struct AccelOpsClass {
 
 void (*handle_interrupt)(CPUState *cpu, int mask);
 
+/**
+ * @get_virtual_clock: fetch virtual clock
+ * @set_virtual_clock: set virtual clock
+ *
+ * These allow the timer subsystem to defer to the accelerator to
+ * fetch time. The set function is needed if the accelerator wants
+ * to track the changes to time as the timer is warped through
+ * various timer events.
+ */
 int64_t (*get_virtual_clock)(void);
+void (*set_virtual_clock)(int64_t time);
+
 int64_t (*get_elapsed_ticks)(void);
 
 /* gdbstub hooks */
diff --git a/include/sysemu/cpu-timers.h b/include/sysemu/cpu-timers.h
index 2e786fe7fb..31ab2bbd4e 100644
--- a/include/sysemu/cpu-timers.h
+++ b/include/sysemu/cpu-timers.h
@@ -84,8 +84,33 @@ int64_t cpu_get_clock(void);
 
 void qemu_timer_notify_cb(void *opaque, QEMUClockType type);
 
-/* get the VIRTUAL clock and VM elapsed ticks via the cpus accel interface */
+/**
+ * cpus_get_virtual_clock() - return current virtual clock.
+ *
+ * This is a wrapper around accelerator specific get_virtual_clock()
+ *
+ * Returns: ns of virtual time
+ */
 int64_t cpus_get_virtual_clock(void);
+
+/**
+ * cpus_set_virtual_clock() - set the virtual clock
+ * @new_time: new value in ns
+ *
+ * This is a wrapper around accelerator specific set_virtual_clock()
+ */
+void cpus_set_virtual_clock(int64_t new_time);
+
+/**
+ * cpus_get_elapsed_ticks() - get elapsed host time
+ *
+ * This is usually the current value of the host tick counter (i.e.
+ * not taking into account guest pauses). However some accelerators
+ * which want to keep elapsed time in sync with virtual time will
+ * return the virtual clock.
+ *
+ * Returns: ticks of elapsed host time (usually ns)
+ */
 int64_t cpus_get_elapsed_ticks(void);
 
 #endif /* SYSEMU_CPU_TIMERS_H */
diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index 0848e0dbdb..b645c462e1 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -221,6 +221,17 @@ int64_t cpus_get_virtual_clock(void)
 return cpu_get_clock();
 }
 
+/*
+ * Signal the new virtual time to the accelerator. This is only needed
+ * by accelerators that need to track the changes as we warp time.
+ */
+void cpus_set_virtual_clock(int64_t new_time)
+{
+if (cpus_accel && cpus_accel->set_virtual_clock) {
+cpus_accel->set_virtual_clock(new_time);
+}
+}
+
 /*
  * return the time elapsed in VM between vm_start and vm_stop.  Unless
  * icount is active, cpus_get_elapsed_ticks() uses units of the host CPU cycle
diff --git a/stubs/cpus-get-virtual-clock.c b/stubs/cpus-virtual-clock.c
similarity index 68%
rename from stubs/cpus-get-virtual-clock.c
rename to stubs/cpus-virtual-clock.c
index fd447d53f3..af7c1a1d40 100644
--- a/stubs/cpus-get-virtual-clock.c
+++ b/stubs/cpus-virtual-clock.c
@@ -6,3 +6,8 @@ int64_t cpus_get_virtual_clock(void)
 {
 return cpu_get_clock();
 }
+
+void cpus_set_virtual_clock(int64_t new_time)
+{
+/* do nothing */
+}
diff --git a/stubs/meson.build b/stubs/meson.build
index ef6e39a64d..2ea43ee076 100644
--- a/stubs/meson.build
+++ b/stubs/meson.build
@@ -5,7 +5,7 @@ stub_ss.add(files('blockdev-close-all-bdrv-states.c'))
 stub_ss.add(files('change-state-handler.c'))
 stub_ss.add(files('cmos.c'))
 stub_ss.add(files('cpu-get-clock.c'))
-stub_ss.add(files('cpus-get-virtual-clock.c'))
+stub_ss.add(files('cpus-virtual-clock.c'))
 stub_ss.add(files('qemu-timer-notify-cb.c'))
 stub_ss.add(files('icount.c'))
 stub_ss.add(files('dump.c'))
-- 
2.39.2

[PATCH 10/31] gdbstub: Fix target.xml response

[Alex Bennée]

From: Akihiko Odaki 

It was failing to return target.xml after the first request.

Fixes: 56e534bd11 ("gdbstub: refactor get_feature_xml")
Signed-off-by: Akihiko Odaki 
Message-Id: <20230912224107.29669-3-akihiko.od...@daynix.com>
Signed-off-by: Alex Bennée 
---
 gdbstub/gdbstub.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c
index 349d348c7b..384191bcb0 100644
--- a/gdbstub/gdbstub.c
+++ b/gdbstub/gdbstub.c
@@ -396,8 +396,8 @@ static const char *get_feature_xml(const char *p, const 
char **newp,
 g_string_append(xml, "");
 
 process->target_xml = g_string_free(xml, false);
-return process->target_xml;
 }
+return process->target_xml;
 }
 /* Is it dynamically generated by the target? */
 if (cc->gdb_get_dynamic_xml) {
-- 
2.39.2

[PATCH 15/31] hw/core/cpu: Return static value with gdb_arch_name()

[Alex Bennée]

From: Akihiko Odaki 

All implementations of gdb_arch_name() returns dynamic duplicates of
static strings. It's also unlikely that there will be an implementation
of gdb_arch_name() that returns a truly dynamic value due to the nature
of the function returning a well-known identifiers. Qualify the value
gdb_arch_name() with const and make all of its implementations return
static strings.

Signed-off-by: Akihiko Odaki 
Reviewed-by: Alex Bennée 
Message-Id: <20230912224107.29669-8-akihiko.od...@daynix.com>
Signed-off-by: Alex Bennée 
---
 include/hw/core/cpu.h  | 2 +-
 target/ppc/internal.h  | 2 +-
 gdbstub/gdbstub.c  | 3 +--
 target/arm/cpu.c   | 6 +++---
 target/arm/cpu64.c | 4 ++--
 target/i386/cpu.c  | 6 +++---
 target/loongarch/cpu.c | 8 
 target/ppc/gdbstub.c   | 6 +++---
 target/riscv/cpu.c | 6 +++---
 target/s390x/cpu.c | 4 ++--
 target/tricore/cpu.c   | 4 ++--
 11 files changed, 25 insertions(+), 26 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 648b5b3586..5ae479a961 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -164,7 +164,7 @@ struct CPUClass {
 vaddr (*gdb_adjust_breakpoint)(CPUState *cpu, vaddr addr);
 
 const char *gdb_core_xml_file;
-gchar * (*gdb_arch_name)(CPUState *cpu);
+const gchar * (*gdb_arch_name)(CPUState *cpu);
 const char * (*gdb_get_dynamic_xml)(CPUState *cpu, const char *xmlname);
 
 void (*disas_set_info)(CPUState *cpu, disassemble_info *info);
diff --git a/target/ppc/internal.h b/target/ppc/internal.h
index 15803bc313..c881c67a8b 100644
--- a/target/ppc/internal.h
+++ b/target/ppc/internal.h
@@ -221,7 +221,7 @@ void destroy_ppc_opcodes(PowerPCCPU *cpu);
 
 /* gdbstub.c */
 void ppc_gdb_init(CPUState *cs, PowerPCCPUClass *ppc);
-gchar *ppc_gdb_arch_name(CPUState *cs);
+const gchar *ppc_gdb_arch_name(CPUState *cs);
 
 /**
  * prot_for_access_type:
diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c
index 12f4d07046..9db4af41c1 100644
--- a/gdbstub/gdbstub.c
+++ b/gdbstub/gdbstub.c
@@ -380,10 +380,9 @@ static const char *get_feature_xml(const char *p, const 
char **newp,
 "");
 
 if (cc->gdb_arch_name) {
-g_autofree gchar *arch = cc->gdb_arch_name(cpu);
 g_string_append_printf(xml,
"%s",
-   arch);
+   cc->gdb_arch_name(cpu));
 }
 g_string_append(xml, "gdb_core_xml_file);
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 10fcc61701..408af17bf2 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -2320,15 +2320,15 @@ static Property arm_cpu_properties[] = {
 DEFINE_PROP_END_OF_LIST()
 };
 
-static gchar *arm_gdb_arch_name(CPUState *cs)
+static const gchar *arm_gdb_arch_name(CPUState *cs)
 {
 ARMCPU *cpu = ARM_CPU(cs);
 CPUARMState *env = &cpu->env;
 
 if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
-return g_strdup("iwmmxt");
+return "iwmmxt";
 }
-return g_strdup("arm");
+return "arm";
 }
 
 #ifndef CONFIG_USER_ONLY
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index f3d87e001f..8a8cde7c05 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -781,9 +781,9 @@ static void aarch64_cpu_finalizefn(Object *obj)
 {
 }
 
-static gchar *aarch64_gdb_arch_name(CPUState *cs)
+static const gchar *aarch64_gdb_arch_name(CPUState *cs)
 {
-return g_strdup("aarch64");
+return "aarch64";
 }
 
 static void aarch64_cpu_class_init(ObjectClass *oc, void *data)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 2589c8e929..993ebc21f6 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5914,12 +5914,12 @@ static void x86_cpu_load_model(X86CPU *cpu, X86CPUModel 
*model)
 memset(&env->user_features, 0, sizeof(env->user_features));
 }
 
-static gchar *x86_gdb_arch_name(CPUState *cs)
+static const gchar *x86_gdb_arch_name(CPUState *cs)
 {
 #ifdef TARGET_X86_64
-return g_strdup("i386:x86-64");
+return "i386:x86-64";
 #else
-return g_strdup("i386");
+return "i386";
 #endif
 }
 
diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index fc7f70fbe5..3cc9b2a89d 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -768,9 +768,9 @@ static void loongarch_cpu_class_init(ObjectClass *c, void 
*data)
 #endif
 }
 
-static gchar *loongarch32_gdb_arch_name(CPUState *cs)
+static const gchar *loongarch32_gdb_arch_name(CPUState *cs)
 {
-return g_strdup("loongarch32");
+return "loongarch32";
 }
 
 static void loongarch32_cpu_class_init(ObjectClass *c, void *data)
@@ -782,9 +782,9 @@ static void loongarch32_cpu_class_init(ObjectClass *c, void 
*data)
 cc->gdb_arch_name = loongarch32_gdb_arch_name;

[PATCH 09/31] gdbstub: Fix target_xml initialization

[Alex Bennée]

From: Akihiko Odaki 

target_xml is no longer a fixed-length array but a pointer to a
variable-length memory.

Fixes: 56e534bd11 ("gdbstub: refactor get_feature_xml")
Signed-off-by: Akihiko Odaki 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20230912224107.29669-2-akihiko.od...@daynix.com>
Signed-off-by: Alex Bennée 
---
 gdbstub/softmmu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gdbstub/softmmu.c b/gdbstub/softmmu.c
index 9f0b8b5497..42645d2220 100644
--- a/gdbstub/softmmu.c
+++ b/gdbstub/softmmu.c
@@ -292,7 +292,7 @@ static int find_cpu_clusters(Object *child, void *opaque)
 assert(cluster->cluster_id != UINT32_MAX);
 process->pid = cluster->cluster_id + 1;
 process->attached = false;
-process->target_xml[0] = '\0';
+process->target_xml = NULL;
 
 return 0;
 }
-- 
2.39.2

[PATCH 13/31] gdbstub: Introduce GDBFeature structure

[Alex Bennée]

From: Akihiko Odaki 

Before this change, the information from a XML file was stored in an
array that is not descriptive. Introduce a dedicated structure type to
make it easier to understand and to extend with more fields.

Signed-off-by: Akihiko Odaki 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Message-Id: <20230912224107.29669-6-akihiko.od...@daynix.com>
Signed-off-by: Alex Bennée 
---
 MAINTAINERS |  2 +-
 meson.build |  2 +-
 include/exec/gdbstub.h  |  9 --
 gdbstub/gdbstub.c   |  6 ++--
 stubs/gdbstub.c |  6 ++--
 scripts/feature_to_c.py | 48 
 scripts/feature_to_c.sh | 69 -
 7 files changed, 63 insertions(+), 79 deletions(-)
 create mode 100755 scripts/feature_to_c.py
 delete mode 100644 scripts/feature_to_c.sh

diff --git a/MAINTAINERS b/MAINTAINERS
index 355b1960ce..8ccd978811 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2829,7 +2829,7 @@ F: include/exec/gdbstub.h
 F: include/gdbstub/*
 F: gdb-xml/
 F: tests/tcg/multiarch/gdbstub/
-F: scripts/feature_to_c.sh
+F: scripts/feature_to_c.py
 F: scripts/probe-gdb-support.py
 
 Memory API
diff --git a/meson.build b/meson.build
index f426861d90..98a65c7df9 100644
--- a/meson.build
+++ b/meson.build
@@ -3702,7 +3702,7 @@ common_all = static_library('common',
 dependencies: common_all.dependencies(),
 name_suffix: 'fa')
 
-feature_to_c = find_program('scripts/feature_to_c.sh')
+feature_to_c = find_program('scripts/feature_to_c.py')
 
 if targetos == 'darwin'
   entitlement = find_program('scripts/entitlement.sh')
diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
index 16a139043f..705be2c5d7 100644
--- a/include/exec/gdbstub.h
+++ b/include/exec/gdbstub.h
@@ -10,6 +10,11 @@
 #define GDB_WATCHPOINT_READ  3
 #define GDB_WATCHPOINT_ACCESS4
 
+typedef struct GDBFeature {
+const char *xmlname;
+const char *xml;
+} GDBFeature;
+
 
 /* Get or set a register.  Returns the size of the register.  */
 typedef int (*gdb_get_reg_cb)(CPUArchState *env, GByteArray *buf, int reg);
@@ -48,7 +53,7 @@ void gdb_set_stop_cpu(CPUState *cpu);
  */
 bool gdb_has_xml(void);
 
-/* in gdbstub-xml.c, generated by scripts/feature_to_c.sh */
-extern const char *const xml_builtin[][2];
+/* in gdbstub-xml.c, generated by scripts/feature_to_c.py */
+extern const GDBFeature gdb_static_features[];
 
 #endif
diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c
index 384191bcb0..12f4d07046 100644
--- a/gdbstub/gdbstub.c
+++ b/gdbstub/gdbstub.c
@@ -408,11 +408,11 @@ static const char *get_feature_xml(const char *p, const 
char **newp,
 }
 }
 /* Is it one of the encoded gdb-xml/ files? */
-for (int i = 0; xml_builtin[i][0]; i++) {
-const char *name = xml_builtin[i][0];
+for (int i = 0; gdb_static_features[i].xmlname; i++) {
+const char *name = gdb_static_features[i].xmlname;
 if ((strncmp(name, p, len) == 0) &&
 strlen(name) == len) {
-return xml_builtin[i][1];
+return gdb_static_features[i].xml;
 }
 }
 
diff --git a/stubs/gdbstub.c b/stubs/gdbstub.c
index 2b7aee50d3..580e20702b 100644
--- a/stubs/gdbstub.c
+++ b/stubs/gdbstub.c
@@ -1,6 +1,6 @@
 #include "qemu/osdep.h"
-#include "exec/gdbstub.h"   /* xml_builtin */
+#include "exec/gdbstub.h"   /* gdb_static_features */
 
-const char *const xml_builtin[][2] = {
-  { NULL, NULL }
+const GDBFeature gdb_static_features[] = {
+  { NULL }
 };
diff --git a/scripts/feature_to_c.py b/scripts/feature_to_c.py
new file mode 100755
index 00..bcbcb83beb
--- /dev/null
+++ b/scripts/feature_to_c.py
@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+import os, sys
+
+def writeliteral(indent, bytes):
+sys.stdout.write(' ' * indent)
+sys.stdout.write('"')
+quoted = True
+
+for c in bytes:
+if not quoted:
+sys.stdout.write('\n')
+sys.stdout.write(' ' * indent)
+sys.stdout.write('"')
+quoted = True
+
+if c == b'"'[0]:
+sys.stdout.write('\\"')
+elif c == b'\\'[0]:
+sys.stdout.write('')
+elif c == b'\n'[0]:
+sys.stdout.write('\\n"')
+quoted = False
+elif c >= 32 and c < 127:
+sys.stdout.write(c.to_bytes(1, 'big').decode())
+else:
+sys.stdout.write(f'\{c:03o}')
+
+if quoted:
+sys.stdout.write('"')
+
+sys.stdout.write('#include "qemu/osdep.h"\n' \
+ '#in

[PATCH 01/31] tests/avocado: update firmware to enable sbsa-ref/neoverse-v1

[Alex Bennée]

From: Marcin Juszkiewicz 

Update prebuilt firmware images to have TF-A with Neoverse V1 support enabled.
This allowed us to enable test for this cpu in sbsa-ref machine.

Signed-off-by: Marcin Juszkiewicz 
Acked-by: Leif Lindholm 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20230915113519.269290-1-marcin.juszkiew...@linaro.org>
Signed-off-by: Alex Bennée 
---
 tests/avocado/machine_aarch64_sbsaref.py | 25 ++--
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/tests/avocado/machine_aarch64_sbsaref.py 
b/tests/avocado/machine_aarch64_sbsaref.py
index a794245e7e..b39f5566d7 100644
--- a/tests/avocado/machine_aarch64_sbsaref.py
+++ b/tests/avocado/machine_aarch64_sbsaref.py
@@ -28,33 +28,32 @@ def fetch_firmware(self):
 """
 Flash volumes generated using:
 
-- Fedora GNU Toolchain version 13.1.1 20230511 (Red Hat 13.1.1-2)
+- Fedora GNU Toolchain version 13.2.1 20230728 (Red Hat 13.2.1-1)
 
 - Trusted Firmware-A
-  https://github.com/ARM-software/arm-trusted-firmware/tree/c0d8ee38
+  https://github.com/ARM-software/arm-trusted-firmware/tree/cc933e1d
 
 - Tianocore EDK II
-  https://github.com/tianocore/edk2/tree/0f9283429dd4
-  https://github.com/tianocore/edk2-non-osi/tree/f0bb00937ad6
-  https://github.com/tianocore/edk2-platforms/tree/7880b92e2a04
+  https://github.com/tianocore/edk2/tree/29cce3356aec
+  https://github.com/tianocore/edk2-platforms/tree/fc22c0e69709
 """
 
 # Secure BootRom (TF-A code)
 fs0_xz_url = (
-"https://fileserver.linaro.org/s/HrYMCjP7MEccjRP/";
+"https://fileserver.linaro.org/s/g4C3WzJzNBES2p2/";
 "download/SBSA_FLASH0.fd.xz"
 )
-fs0_xz_hash = "447eff64a90b84ce47703c6ec41fbfc25befaaea"
+fs0_xz_hash = "374738599f7ba38c22924b2075ec5355c2b24a47"
 tar_xz_path = self.fetch_asset(fs0_xz_url, asset_hash=fs0_xz_hash)
 archive.extract(tar_xz_path, self.workdir)
 fs0_path = os.path.join(self.workdir, "SBSA_FLASH0.fd")
 
 # Non-secure rom (UEFI and EFI variables)
 fs1_xz_url = (
-"https://fileserver.linaro.org/s/t8foNnMPz74DZZy/";
+"https://fileserver.linaro.org/s/scJRninsAFTwEct/";
 "download/SBSA_FLASH1.fd.xz"
 )
-fs1_xz_hash = "13a9a262953787c7fc5a9155dfaa26e703631e02"
+fs1_xz_hash = "5d3f156ebd6c6374da2121e15c7c8f4ed0351dcc"
 tar_xz_path = self.fetch_asset(fs1_xz_url, asset_hash=fs1_xz_hash)
 archive.extract(tar_xz_path, self.workdir)
 fs1_path = os.path.join(self.workdir, "SBSA_FLASH1.fd")
@@ -144,10 +143,16 @@ def test_sbsaref_alpine_linux_cortex_a57(self):
 
 def test_sbsaref_alpine_linux_neoverse_n1(self):
 """
-:avocado: tags=cpu:max
+:avocado: tags=cpu:neoverse-n1
 """
 self.boot_alpine_linux("neoverse-n1")
 
+def test_sbsaref_alpine_linux_neoverse_v1(self):
+"""
+:avocado: tags=cpu:neoverse-v1
+"""
+self.boot_alpine_linux("neoverse-v1,pauth-impdef=on")
+
 def test_sbsaref_alpine_linux_max(self):
 """
 :avocado: tags=cpu:max
-- 
2.39.2

[PATCH 07/31] configure: remove gcc version suffixes

[Alex Bennée]

The modern packaging of cross GCC's doesn't need the explicit version
number at the end.

Signed-off-by: Alex Bennée 
---
 configure | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index ebad155d9e..e83872571d 100755
--- a/configure
+++ b/configure
@@ -1334,7 +1334,7 @@ probe_target_compiler() {
 # We don't have any bigendian build tools so we only use this for 
AArch64
 container_image=debian-arm64-cross
 container_cross_prefix=aarch64-linux-gnu-
-container_cross_cc=${container_cross_prefix}gcc-10
+container_cross_cc=${container_cross_prefix}gcc
 ;;
   alpha)
 container_image=debian-alpha-cross
@@ -1397,7 +1397,7 @@ probe_target_compiler() {
   ppc)
 container_image=debian-powerpc-test-cross
 container_cross_prefix=powerpc-linux-gnu-
-container_cross_cc=${container_cross_prefix}gcc-10
+container_cross_cc=${container_cross_prefix}gcc
 ;;
   ppc64|ppc64le)
 container_image=debian-powerpc-test-cross
-- 
2.39.2

[PATCH 08/31] configure: ensure dependency for cross-compile setup

[Alex Bennée]

If we update configure we should make sure we regenerate all the
compiler details. We should also ensure those details are upto date
before building the TCG tests.

Signed-off-by: Alex Bennée 
---
 configure | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/configure b/configure
index e83872571d..a95e0f5767 100755
--- a/configure
+++ b/configure
@@ -1788,6 +1788,8 @@ for target in $target_list; do
   echo "HOST_GDB_SUPPORTS_ARCH=y" >> "$config_target_mak"
   fi
 
+  echo "$config_target_mak: configure" >> Makefile.prereqs
+  echo "build-tcg-tests-$target: $config_target_mak" >> Makefile.prereqs
   echo "run-tcg-tests-$target: $qemu\$(EXESUF)" >> Makefile.prereqs
   tcg_tests_targets="$tcg_tests_targets $target"
   fi
-- 
2.39.2

[PATCH 12/31] contrib/plugins: Use GRWLock in execlog

[Alex Bennée]

From: Akihiko Odaki 

execlog had the following comment:
> As we could have multiple threads trying to do this we need to
> serialise the expansion under a lock. Threads accessing already
> created entries can continue without issue even if the ptr array
> gets reallocated during resize.

However, when the ptr array gets reallocated, the other threads may have
a stale reference to the old buffer. This results in use-after-free.

Use GRWLock to properly fix this issue.

Fixes: 3d7caf145e ("contrib/plugins: add execlog to log instruction execution 
and memory access")
Signed-off-by: Akihiko Odaki 
Reviewed-by: Alex Bennée 
Message-Id: <20230912224107.29669-5-akihiko.od...@daynix.com>
Signed-off-by: Alex Bennée 
---
 contrib/plugins/execlog.c | 16 ++--
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/contrib/plugins/execlog.c b/contrib/plugins/execlog.c
index 7129d526f8..82dc2f584e 100644
--- a/contrib/plugins/execlog.c
+++ b/contrib/plugins/execlog.c
@@ -19,7 +19,7 @@ QEMU_PLUGIN_EXPORT int qemu_plugin_version = 
QEMU_PLUGIN_VERSION;
 
 /* Store last executed instruction on each vCPU as a GString */
 static GPtrArray *last_exec;
-static GMutex expand_array_lock;
+static GRWLock expand_array_lock;
 
 static GPtrArray *imatches;
 static GArray *amatches;
@@ -28,18 +28,16 @@ static GArray *amatches;
  * Expand last_exec array.
  *
  * As we could have multiple threads trying to do this we need to
- * serialise the expansion under a lock. Threads accessing already
- * created entries can continue without issue even if the ptr array
- * gets reallocated during resize.
+ * serialise the expansion under a lock.
  */
 static void expand_last_exec(int cpu_index)
 {
-g_mutex_lock(&expand_array_lock);
+g_rw_lock_writer_lock(&expand_array_lock);
 while (cpu_index >= last_exec->len) {
 GString *s = g_string_new(NULL);
 g_ptr_array_add(last_exec, s);
 }
-g_mutex_unlock(&expand_array_lock);
+g_rw_lock_writer_unlock(&expand_array_lock);
 }
 
 /**
@@ -51,8 +49,10 @@ static void vcpu_mem(unsigned int cpu_index, 
qemu_plugin_meminfo_t info,
 GString *s;
 
 /* Find vCPU in array */
+g_rw_lock_reader_lock(&expand_array_lock);
 g_assert(cpu_index < last_exec->len);
 s = g_ptr_array_index(last_exec, cpu_index);
+g_rw_lock_reader_unlock(&expand_array_lock);
 
 /* Indicate type of memory access */
 if (qemu_plugin_mem_is_store(info)) {
@@ -80,10 +80,14 @@ static void vcpu_insn_exec(unsigned int cpu_index, void 
*udata)
 GString *s;
 
 /* Find or create vCPU in array */
+g_rw_lock_reader_lock(&expand_array_lock);
 if (cpu_index >= last_exec->len) {
+g_rw_lock_reader_unlock(&expand_array_lock);
 expand_last_exec(cpu_index);
+g_rw_lock_reader_lock(&expand_array_lock);
 }
 s = g_ptr_array_index(last_exec, cpu_index);
+g_rw_lock_reader_unlock(&expand_array_lock);
 
 /* Print previous instruction in cache */
 if (s->len) {
-- 
2.39.2

[RFC PATCH 28/31] qtest: use cpu interface in qtest_clock_warp

[Alex Bennée]

This generalises the qtest_clock_warp code to use the AccelOps
handlers for updating its own sense of time. This will make the next
patch which moves the warp code closer to pure code motion.

Signed-off-by: Alex Bennée 
Acked-by: Thomas Huth 
Message-Id: <20230519170454.2353945-6-alex.ben...@linaro.org>
---
 include/sysemu/qtest.h | 1 +
 accel/qtest/qtest.c| 1 +
 softmmu/qtest.c| 6 +++---
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/include/sysemu/qtest.h b/include/sysemu/qtest.h
index 85f05b0e46..e1f69783d6 100644
--- a/include/sysemu/qtest.h
+++ b/include/sysemu/qtest.h
@@ -35,5 +35,6 @@ void qtest_server_set_send_handler(void (*send)(void *, const 
char *),
 void qtest_server_inproc_recv(void *opaque, const char *buf);
 
 int64_t qtest_get_virtual_clock(void);
+void qtest_set_virtual_clock(int64_t count);
 
 #endif
diff --git a/accel/qtest/qtest.c b/accel/qtest/qtest.c
index f6056ac836..53182e6c2a 100644
--- a/accel/qtest/qtest.c
+++ b/accel/qtest/qtest.c
@@ -52,6 +52,7 @@ static void qtest_accel_ops_class_init(ObjectClass *oc, void 
*data)
 
 ops->create_vcpu_thread = dummy_start_vcpu_thread;
 ops->get_virtual_clock = qtest_get_virtual_clock;
+ops->set_virtual_clock = qtest_set_virtual_clock;
 };
 
 static const TypeInfo qtest_accel_ops_type = {
diff --git a/softmmu/qtest.c b/softmmu/qtest.c
index 35b643a274..bac1962efb 100644
--- a/softmmu/qtest.c
+++ b/softmmu/qtest.c
@@ -331,14 +331,14 @@ int64_t qtest_get_virtual_clock(void)
 return qatomic_read_i64(&qtest_clock_counter);
 }
 
-static void qtest_set_virtual_clock(int64_t count)
+void qtest_set_virtual_clock(int64_t count)
 {
 qatomic_set_i64(&qtest_clock_counter, count);
 }
 
 static void qtest_clock_warp(int64_t dest)
 {
-int64_t clock = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+int64_t clock = cpus_get_virtual_clock();
 AioContext *aio_context;
 assert(qtest_enabled());
 aio_context = qemu_get_aio_context();
@@ -347,7 +347,7 @@ static void qtest_clock_warp(int64_t dest)
   QEMU_TIMER_ATTR_ALL);
 int64_t warp = qemu_soonest_timeout(dest - clock, deadline);
 
-qtest_set_virtual_clock(qtest_get_virtual_clock() + warp);
+cpus_set_virtual_clock(cpus_get_virtual_clock() + warp);
 
 qemu_clock_run_timers(QEMU_CLOCK_VIRTUAL);
 timerlist_run_timers(aio_context->tlg.tl[QEMU_CLOCK_VIRTUAL]);
-- 
2.39.2

[PATCH 20/31] gdbstub: Replace gdb_regs with an array

[Alex Bennée]

From: Akihiko Odaki 

An array is a more appropriate data structure than a list for gdb_regs
since it is initialized only with append operation and read-only after
initialization.

Signed-off-by: Akihiko Odaki 
Message-Id: <20230912224107.29669-13-akihiko.od...@daynix.com>
[AJB: fixed a checkpatch violation]
Signed-off-by: Alex Bennée 
---
 include/hw/core/cpu.h |  2 +-
 gdbstub/gdbstub.c | 35 +--
 2 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 5ae479a961..0338640e3d 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -364,7 +364,7 @@ struct CPUState {
 
 CPUJumpCache *tb_jmp_cache;
 
-struct GDBRegisterState *gdb_regs;
+GArray *gdb_regs;
 int gdb_num_regs;
 int gdb_num_g_regs;
 QTAILQ_ENTRY(CPUState) node;
diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c
index 177dce9ba2..a041b1c0aa 100644
--- a/gdbstub/gdbstub.c
+++ b/gdbstub/gdbstub.c
@@ -51,7 +51,6 @@ typedef struct GDBRegisterState {
 gdb_get_reg_cb get_reg;
 gdb_set_reg_cb set_reg;
 const char *xml;
-struct GDBRegisterState *next;
 } GDBRegisterState;
 
 GDBState gdbserver_state;
@@ -386,7 +385,8 @@ static const char *get_feature_xml(const char *p, const 
char **newp,
 xml,
 g_markup_printf_escaped("",
 cc->gdb_core_xml_file));
-for (r = cpu->gdb_regs; r; r = r->next) {
+for (guint i = 0; i < cpu->gdb_regs->len; i++) {
+r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
 g_ptr_array_add(
 xml,
 g_markup_printf_escaped("",
@@ -430,7 +430,8 @@ static int gdb_read_register(CPUState *cpu, GByteArray 
*buf, int reg)
 return cc->gdb_read_register(cpu, buf, reg);
 }
 
-for (r = cpu->gdb_regs; r; r = r->next) {
+for (guint i = 0; i < cpu->gdb_regs->len; i++) {
+r = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
 return r->get_reg(env, buf, reg - r->base_reg);
 }
@@ -448,7 +449,8 @@ static int gdb_write_register(CPUState *cpu, uint8_t 
*mem_buf, int reg)
 return cc->gdb_write_register(cpu, mem_buf, reg);
 }
 
-for (r = cpu->gdb_regs; r; r = r->next) {
+for (guint i = 0; i < cpu->gdb_regs->len; i++) {
+r =  &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
 return r->set_reg(env, mem_buf, reg - r->base_reg);
 }
@@ -461,17 +463,23 @@ void gdb_register_coprocessor(CPUState *cpu,
   int num_regs, const char *xml, int g_pos)
 {
 GDBRegisterState *s;
-GDBRegisterState **p;
-
-p = &cpu->gdb_regs;
-while (*p) {
-/* Check for duplicates.  */
-if (strcmp((*p)->xml, xml) == 0)
-return;
-p = &(*p)->next;
+guint i;
+
+if (cpu->gdb_regs) {
+for (i = 0; i < cpu->gdb_regs->len; i++) {
+/* Check for duplicates.  */
+s = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
+if (strcmp(s->xml, xml) == 0) {
+return;
+}
+}
+} else {
+cpu->gdb_regs = g_array_new(false, false, sizeof(GDBRegisterState));
+i = 0;
 }
 
-s = g_new0(GDBRegisterState, 1);
+g_array_set_size(cpu->gdb_regs, i + 1);
+s = &g_array_index(cpu->gdb_regs, GDBRegisterState, i);
 s->base_reg = cpu->gdb_num_regs;
 s->num_regs = num_regs;
 s->get_reg = get_reg;
@@ -480,7 +488,6 @@ void gdb_register_coprocessor(CPUState *cpu,
 
 /* Add to end of list.  */
 cpu->gdb_num_regs += num_regs;
-*p = s;
 if (g_pos) {
 if (g_pos != s->base_reg) {
 error_report("Error: Bad gdb register numbering for '%s', "
-- 
2.39.2

[PATCH 24/31] contrib/plugins: fix coverity warning in cache

[Alex Bennée]

Coverity complains that appends_stats_line can be fed a 0 leading
to the undefined behaviour of a divide by 0.

Fixes: CID 1519044
Fixes: CID 1519047
Signed-off-by: Alex Bennée 
---
 contrib/plugins/cache.c | 18 --
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/contrib/plugins/cache.c b/contrib/plugins/cache.c
index 4fca3edd07..9e7ade3b37 100644
--- a/contrib/plugins/cache.c
+++ b/contrib/plugins/cache.c
@@ -535,15 +535,13 @@ static void caches_free(Cache **caches)
 }
 }
 
-static void append_stats_line(GString *line, uint64_t l1_daccess,
-  uint64_t l1_dmisses, uint64_t l1_iaccess,
-  uint64_t l1_imisses,  uint64_t l2_access,
-  uint64_t l2_misses)
+static void append_stats_line(GString *line,
+  uint64_t l1_daccess, uint64_t l1_dmisses,
+  uint64_t l1_iaccess, uint64_t l1_imisses,
+  uint64_t l2_access, uint64_t l2_misses)
 {
-double l1_dmiss_rate, l1_imiss_rate, l2_miss_rate;
-
-l1_dmiss_rate = ((double) l1_dmisses) / (l1_daccess) * 100.0;
-l1_imiss_rate = ((double) l1_imisses) / (l1_iaccess) * 100.0;
+double l1_dmiss_rate = ((double) l1_dmisses) / (l1_daccess) * 100.0;
+double l1_imiss_rate = ((double) l1_imisses) / (l1_iaccess) * 100.0;
 
 g_string_append_printf(line, "%-14" PRIu64 " %-12" PRIu64 " %9.4lf%%"
"  %-14" PRIu64 " %-12" PRIu64 " %9.4lf%%",
@@ -554,8 +552,8 @@ static void append_stats_line(GString *line, uint64_t 
l1_daccess,
l1_imisses,
l1_iaccess ? l1_imiss_rate : 0.0);
 
-if (use_l2) {
-l2_miss_rate =  ((double) l2_misses) / (l2_access) * 100.0;
+if (l2_access && l2_misses) {
+double l2_miss_rate =  ((double) l2_misses) / (l2_access) * 100.0;
 g_string_append_printf(line,
"  %-12" PRIu64 " %-11" PRIu64 " %10.4lf%%",
l2_access,
-- 
2.39.2

[PATCH 19/31] gdbstub: Remove gdb_has_xml variable

[Alex Bennée]

From: Akihiko Odaki 

GDB has XML support since 6.7 which was released in 2007.
It's time to remove support for old GDB versions without XML support.

Signed-off-by: Akihiko Odaki 
Message-Id: <20230912224107.29669-12-akihiko.od...@daynix.com>
Signed-off-by: Alex Bennée 
---
 gdbstub/internals.h|  2 --
 include/exec/gdbstub.h |  8 
 gdbstub/gdbstub.c  | 15 ---
 3 files changed, 25 deletions(-)

diff --git a/gdbstub/internals.h b/gdbstub/internals.h
index fee243081f..7128c4aa85 100644
--- a/gdbstub/internals.h
+++ b/gdbstub/internals.h
@@ -32,8 +32,6 @@ enum {
 typedef struct GDBProcess {
 uint32_t pid;
 bool attached;
-
-/* If gdb sends qXfer:features:read:target.xml this will be populated */
 char *target_xml;
 } GDBProcess;
 
diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
index 705be2c5d7..1a01c35f8e 100644
--- a/include/exec/gdbstub.h
+++ b/include/exec/gdbstub.h
@@ -45,14 +45,6 @@ int gdbserver_start(const char *port_or_device);
 
 void gdb_set_stop_cpu(CPUState *cpu);
 
-/**
- * gdb_has_xml() - report of gdb supports modern target descriptions
- *
- * This will report true if the gdb negotiated qXfer:features:read
- * target descriptions.
- */
-bool gdb_has_xml(void);
-
 /* in gdbstub-xml.c, generated by scripts/feature_to_c.py */
 extern const GDBFeature gdb_static_features[];
 
diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c
index a4f2bf3723..177dce9ba2 100644
--- a/gdbstub/gdbstub.c
+++ b/gdbstub/gdbstub.c
@@ -349,11 +349,6 @@ static CPUState *gdb_get_cpu(uint32_t pid, uint32_t tid)
 }
 }
 
-bool gdb_has_xml(void)
-{
-return !!gdb_get_cpu_process(gdbserver_state.g_cpu)->target_xml;
-}
-
 static const char *get_feature_xml(const char *p, const char **newp,
GDBProcess *process)
 {
@@ -1086,11 +1081,6 @@ static void handle_set_reg(GArray *params, void 
*user_ctx)
 {
 int reg_size;
 
-if (!gdb_get_cpu_process(gdbserver_state.g_cpu)->target_xml) {
-gdb_put_packet("");
-return;
-}
-
 if (params->len != 2) {
 gdb_put_packet("E22");
 return;
@@ -1107,11 +1097,6 @@ static void handle_get_reg(GArray *params, void 
*user_ctx)
 {
 int reg_size;
 
-if (!gdb_get_cpu_process(gdbserver_state.g_cpu)->target_xml) {
-gdb_put_packet("");
-return;
-}
-
 if (!params->len) {
 gdb_put_packet("E14");
 return;
-- 
2.39.2

[PATCH 03/31] gitlab: shuffle some targets and reduce avocado noise

[Alex Bennée]

We move a couple of targets out of the avocado runs because there are
no tests to run. Tricore already has some coverage.  The cris target
only really has check-tcg tests but its getting harder to find
anything that packages the compiler.

To reduce the noise of CANCEL messages we also set AVOCADO_TAGS
appropriately so we filter down the number of tests we attempt.

Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 

---
v2
  - minor commit reword, no longer attempt to keep cris going
---
 .gitlab-ci.d/buildtest.yml | 15 +++
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
index aee9101507..25af1bc41e 100644
--- a/.gitlab-ci.d/buildtest.yml
+++ b/.gitlab-ci.d/buildtest.yml
@@ -30,6 +30,7 @@ avocado-system-alpine:
   variables:
 IMAGE: alpine
 MAKE_CHECK_ARGS: check-avocado
+AVOCADO_TAGS: arch:avr arch:loongarch64 arch:mips64 arch:mipsel
 
 build-system-ubuntu:
   extends:
@@ -40,8 +41,7 @@ build-system-ubuntu:
   variables:
 IMAGE: ubuntu2204
 CONFIGURE_ARGS: --enable-docs
-TARGETS: alpha-softmmu cris-softmmu hppa-softmmu
-  microblazeel-softmmu mips64el-softmmu
+TARGETS: alpha-softmmu microblazeel-softmmu mips64el-softmmu
 MAKE_CHECK_ARGS: check-build
 
 check-system-ubuntu:
@@ -61,6 +61,7 @@ avocado-system-ubuntu:
   variables:
 IMAGE: ubuntu2204
 MAKE_CHECK_ARGS: check-avocado
+AVOCADO_TAGS: arch:alpha arch:microblaze arch:mips64el
 
 build-system-debian:
   extends:
@@ -72,7 +73,7 @@ build-system-debian:
 IMAGE: debian-amd64
 CONFIGURE_ARGS: --with-coroutine=sigaltstack
 TARGETS: arm-softmmu i386-softmmu riscv64-softmmu sh4eb-softmmu
-  sparc-softmmu xtensaeb-softmmu
+  sparc-softmmu xtensa-softmmu
 MAKE_CHECK_ARGS: check-build
 
 check-system-debian:
@@ -92,6 +93,7 @@ avocado-system-debian:
   variables:
 IMAGE: debian-amd64
 MAKE_CHECK_ARGS: check-avocado
+AVOCADO_TAGS: arch:arm arch:i386 arch:riscv64 arch:sh4 arch:sparc 
arch:xtensa
 
 crash-test-debian:
   extends: .native_test_job_template
@@ -114,7 +116,7 @@ build-system-fedora:
   variables:
 IMAGE: fedora
 CONFIGURE_ARGS: --disable-gcrypt --enable-nettle --enable-docs
-TARGETS: tricore-softmmu microblaze-softmmu mips-softmmu
+TARGETS: microblaze-softmmu mips-softmmu
   xtensa-softmmu m68k-softmmu riscv32-softmmu ppc-softmmu sparc64-softmmu
 MAKE_CHECK_ARGS: check-build
 
@@ -135,6 +137,8 @@ avocado-system-fedora:
   variables:
 IMAGE: fedora
 MAKE_CHECK_ARGS: check-avocado
+AVOCADO_TAGS: arch:microblaze arch:mips arch:xtensa arch:m68k
+  arch:riscv32 arch:ppc arch:sparc64
 
 crash-test-fedora:
   extends: .native_test_job_template
@@ -180,6 +184,8 @@ avocado-system-centos:
   variables:
 IMAGE: centos8
 MAKE_CHECK_ARGS: check-avocado
+AVOCADO_TAGS: arch:ppc64 arch:or1k arch:390x arch:x86_64 arch:rx
+  arch:sh4 arch:nios2
 
 build-system-opensuse:
   extends:
@@ -209,6 +215,7 @@ avocado-system-opensuse:
   variables:
 IMAGE: opensuse-leap
 MAKE_CHECK_ARGS: check-avocado
+AVOCADO_TAGS: arch:s390x arch:x86_64 arch:aarch64
 
 
 # This jobs explicitly disable TCG (--disable-tcg), KVM is detected by
-- 
2.39.2

[PATCH 06/31] configure: allow user to override docker engine

[Alex Bennée]

If you have both engines installed but one is broken you are stuck
with the automagic. Allow the user to override the engine for this
case.

Signed-off-by: Alex Bennée 
---
 configure | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 707132a3ae..ebad155d9e 100755
--- a/configure
+++ b/configure
@@ -180,6 +180,7 @@ fi
 # some defaults, based on the host environment
 
 # default parameters
+container_engine="auto"
 cpu=""
 cross_compile="no"
 cross_prefix=""
@@ -787,6 +788,8 @@ for opt do
   ;;
   --disable-containers) use_containers="no"
   ;;
+  --container-engine=*) container_engine="$optarg"
+  ;;
   --gdb=*) gdb_bin="$optarg"
   ;;
   # everything else has the same name in configure and meson
@@ -921,6 +924,7 @@ Advanced options (experts only):
   --enable-plugins
enable plugins via shared library loading
   --disable-containers don't use containers for cross-building
+  --container-engine=TYPE  which container engine to use [$container_engine]
   --gdb=GDB-path   gdb to use for gdbstub tests [$gdb_bin]
 EOF
   meson_options_help
@@ -1195,14 +1199,14 @@ fi
 container="no"
 runc=""
 if test $use_containers = "yes" && (has "docker" || has "podman"); then
-case $($python "$source_path"/tests/docker/docker.py probe) in
+case $($python "$source_path"/tests/docker/docker.py --engine 
"$container_engine" probe) in
 *docker) container=docker ;;
 podman) container=podman ;;
 no) container=no ;;
 esac
 if test "$container" != "no"; then
 docker_py="$python $source_path/tests/docker/docker.py --engine 
$container"
-runc=$($python "$source_path"/tests/docker/docker.py probe)
+runc=$container
 fi
 fi
 
-- 
2.39.2

[PATCH 02/31] tests/lcitool: add swtpm to the package list

[Alex Bennée]

We need this to test some TPM stuff.

Signed-off-by: Alex Bennée 
---
 .gitlab-ci.d/cirrus/macos-12.vars| 2 +-
 tests/docker/dockerfiles/alpine.docker   | 1 +
 tests/docker/dockerfiles/centos8.docker  | 1 +
 tests/docker/dockerfiles/debian-amd64-cross.docker   | 1 +
 tests/docker/dockerfiles/debian-amd64.docker | 1 +
 tests/docker/dockerfiles/debian-arm64-cross.docker   | 1 +
 tests/docker/dockerfiles/debian-armhf-cross.docker   | 1 +
 tests/docker/dockerfiles/debian-ppc64el-cross.docker | 1 +
 tests/docker/dockerfiles/debian-s390x-cross.docker   | 1 +
 tests/docker/dockerfiles/fedora-win32-cross.docker   | 1 +
 tests/docker/dockerfiles/fedora-win64-cross.docker   | 1 +
 tests/docker/dockerfiles/fedora.docker   | 1 +
 tests/docker/dockerfiles/opensuse-leap.docker| 1 +
 tests/docker/dockerfiles/ubuntu2204.docker   | 1 +
 tests/lcitool/libvirt-ci | 2 +-
 tests/lcitool/projects/qemu.yml  | 1 +
 16 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.d/cirrus/macos-12.vars 
b/.gitlab-ci.d/cirrus/macos-12.vars
index 80eadaab29..5f3fb346d1 100644
--- a/.gitlab-ci.d/cirrus/macos-12.vars
+++ b/.gitlab-ci.d/cirrus/macos-12.vars
@@ -11,6 +11,6 @@ MAKE='/opt/homebrew/bin/gmake'
 NINJA='/opt/homebrew/bin/ninja'
 PACKAGING_COMMAND='brew'
 PIP3='/opt/homebrew/bin/pip3'
-PKGS='bash bc bison bzip2 capstone ccache cmocka ctags curl dbus diffutils dtc 
flex gcovr gettext git glib gnu-sed gnutls gtk+3 jemalloc jpeg-turbo json-c 
libepoxy libffi libgcrypt libiscsi libnfs libpng libslirp libssh libtasn1 
libusb llvm lzo make meson mtools ncurses nettle ninja pixman pkg-config 
python3 rpm2cpio sdl2 sdl2_image snappy socat sparse spice-protocol tesseract 
usbredir vde vte3 xorriso zlib zstd'
+PKGS='bash bc bison bzip2 capstone ccache cmocka ctags curl dbus diffutils dtc 
flex gcovr gettext git glib gnu-sed gnutls gtk+3 jemalloc jpeg-turbo json-c 
libepoxy libffi libgcrypt libiscsi libnfs libpng libslirp libssh libtasn1 
libusb llvm lzo make meson mtools ncurses nettle ninja pixman pkg-config 
python3 rpm2cpio sdl2 sdl2_image snappy socat sparse spice-protocol swtpm 
tesseract usbredir vde vte3 xorriso zlib zstd'
 PYPI_PKGS='PyYAML numpy pillow sphinx sphinx-rtd-theme tomli'
 PYTHON='/opt/homebrew/bin/python3'
diff --git a/tests/docker/dockerfiles/alpine.docker 
b/tests/docker/dockerfiles/alpine.docker
index d25649cb4f..42f6928627 100644
--- a/tests/docker/dockerfiles/alpine.docker
+++ b/tests/docker/dockerfiles/alpine.docker
@@ -100,6 +100,7 @@ RUN apk update && \
 sparse \
 spice-dev \
 spice-protocol \
+swtpm \
 tar \
 tesseract-ocr \
 usbredir-dev \
diff --git a/tests/docker/dockerfiles/centos8.docker 
b/tests/docker/dockerfiles/centos8.docker
index 68bfe606f5..d97c30e96a 100644
--- a/tests/docker/dockerfiles/centos8.docker
+++ b/tests/docker/dockerfiles/centos8.docker
@@ -107,6 +107,7 @@ RUN dnf distro-sync -y && \
 socat \
 spice-protocol \
 spice-server-devel \
+swtpm \
 systemd-devel \
 systemtap-sdt-devel \
 tar \
diff --git a/tests/docker/dockerfiles/debian-amd64-cross.docker 
b/tests/docker/dockerfiles/debian-amd64-cross.docker
index 0991938595..00bdc06021 100644
--- a/tests/docker/dockerfiles/debian-amd64-cross.docker
+++ b/tests/docker/dockerfiles/debian-amd64-cross.docker
@@ -55,6 +55,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
   sed \
   socat \
   sparse \
+  swtpm \
   tar \
   tesseract-ocr \
   tesseract-ocr-eng \
diff --git a/tests/docker/dockerfiles/debian-amd64.docker 
b/tests/docker/dockerfiles/debian-amd64.docker
index 61dbc3ff24..9b50fb2f63 100644
--- a/tests/docker/dockerfiles/debian-amd64.docker
+++ b/tests/docker/dockerfiles/debian-amd64.docker
@@ -124,6 +124,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
   sed \
   socat \
   sparse \
+  swtpm \
   systemtap-sdt-dev \
   tar \
   tesseract-ocr \
diff --git a/tests/docker/dockerfiles/debian-arm64-cross.docker 
b/tests/docker/dockerfiles/debian-arm64-cross.docker
index 74eabb274e..2dae3777f7 100644
--- a/tests/docker/dockerfiles/debian-arm64-cross.docker
+++ b/tests/docker/dockerfiles/debian-arm64-cross.docker
@@ -55,6 +55,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
   sed \
   socat \
   sparse \
+  swtpm \
   tar \
   tesseract-ocr \
   tess

[PATCH 00/31] September maintainer omnibus (tests, gdbstub, plugins)

[Alex Bennée]

Hi,

This wraps up my current testing, gdbstub and plugin trees in an
attempt to do my part to reduce the qemu-devel fire hose.

For testing we have a number of cleanups to configure to better handle
selecting the container engine (removing the ability to dynamically
switch). I had to do this as one of my build boxes has recently
acquired a broken podman install. There are also some updates to
avocado sbsa-ref as well as tweaks to the gitlab setup to minimise the
amount of wheel spinning we do. The deprecation of CRIS is a little
provocative but if we do want to keep it we need to stop relying on a
rapidly dated fedora image to do it. Finally we include the swtpm
package to widen the testing we do through avocado.

The gdbstub updates are from Akihiko and include a bunch of clean-ups
that will hopefully pave the way for another series which allows the
plugins to access register values using the gdb backend to source the
data.

Finally the plugins has a few fixes which includes a tweak to make SH4
atomic modelling more plugin friendly. This allows for Matt's fix to
deal with non-regular instruction encoding spanning pages. I also fix
a number of coverity warnings.

The final time control patches are still RFC and not ready for merging
but I include them for completeness.

The following still need review:

  contrib/plugins: add iops plugin example for cost modelling
  plugins: add time control API
  sysemu: generalise qtest_warp_clock as qemu_clock_advance_virtual_time
  qtest: use cpu interface in qtest_clock_warp (1 acks, 1 sobs, 0 tbs)
  contrib/plugins: fix coverity warning in hotblocks
  contrib/plugins: fix coverity warning in lockstep
  contrib/plugins: fix coverity warning in cache
  configure: ensure dependency for cross-compile setup
  configure: remove gcc version suffixes
  configure: allow user to override docker engine
  tests/docker: make docker engine choice entirely configure driven
  docs: mark CRIS support as deprecated
  tests/lcitool: add swtpm to the package list

Akihiko Odaki (12):
  gdbstub: Fix target_xml initialization
  gdbstub: Fix target.xml response
  plugins: Check if vCPU is realized
  contrib/plugins: Use GRWLock in execlog
  gdbstub: Introduce GDBFeature structure
  target/arm: Move the reference to arm-core.xml
  hw/core/cpu: Return static value with gdb_arch_name()
  gdbstub: Use g_markup_printf_escaped()
  target/arm: Remove references to gdb_has_xml
  target/ppc: Remove references to gdb_has_xml
  gdbstub: Remove gdb_has_xml variable
  gdbstub: Replace gdb_regs with an array

Alex Bennée (15):
  tests/lcitool: add swtpm to the package list
  gitlab: shuffle some targets and reduce avocado noise
  docs: mark CRIS support as deprecated
  tests/docker: make docker engine choice entirely configure driven
  configure: allow user to override docker engine
  configure: remove gcc version suffixes
  configure: ensure dependency for cross-compile setup
  contrib/plugins: fix coverity warning in cache
  contrib/plugins: fix coverity warning in lockstep
  contrib/plugins: fix coverity warning in hotblocks
  sysemu: add set_virtual_time to accel ops
  qtest: use cpu interface in qtest_clock_warp
  sysemu: generalise qtest_warp_clock as qemu_clock_advance_virtual_time
  plugins: add time control API
  contrib/plugins: add iops plugin example for cost modelling

Marcin Juszkiewicz (1):
  tests/avocado: update firmware to enable sbsa-ref/neoverse-v1

Matt Borgerson (1):
  plugins: Set final instruction count in plugin_gen_tb_end

Richard Henderson (2):
  accel/tcg: Add plugin_enabled to DisasContextBase
  target/sh4: Disable decode_gusa when plugins enabled

 MAINTAINERS   |   2 +-
 docs/about/deprecated.rst |  11 +
 configure |  15 +-
 meson.build   |   2 +-
 gdbstub/internals.h   |   2 -
 include/exec/gdbstub.h|  17 +-
 include/exec/plugin-gen.h |   4 +-
 include/exec/translator.h |   2 +
 include/hw/core/cpu.h |   4 +-
 include/qemu/qemu-plugin.h|  19 ++
 include/qemu/timer.h  |  15 +
 include/sysemu/accel-ops.h|  18 +-
 include/sysemu/cpu-timers.h   |  27 +-
 include/sysemu/qtest.h|   1 +
 target/ppc/internal.h |   2 +-
 accel/qtest/qtest.c   |   1 +
 accel/tcg/plugin-gen.c|   6 +-
 accel/tcg/translator.c|   3 +-
 contrib/plugins/cache.c   |  18 +-
 contrib/plugins/execlog.c |  16 +-
 contrib/plugins/hotblocks.c   |   2 +-
 contrib/plugins/iops.c| 261 ++
 contrib/plugins/lockstep.c|  13 +-
 gdbstub/gdbstub.c 

Re: [PATCH v2] accel: Remove HAX accelerator

[Alex Bennée]

Philippe Mathieu-Daudé  writes:

> HAX is deprecated since commits 73741fda6c ("MAINTAINERS: Abort
> HAXM maintenance") and 90c167a1da ("docs/about/deprecated: Mark
> HAXM in QEMU as deprecated"), released in v8.0.0.
>
> Per the latest HAXM release (v7.8 [*]), the latest QEMU supported
> is v7.2:
>
>   Note: Up to this release, HAXM supports QEMU from 2.9.0 to 7.2.0.
>
> The next commit (https://github.com/intel/haxm/commit/da1b8ec072)
> added:
>
>   HAXM v7.8.0 is our last release and we will not accept
>   pull requests or respond to issues after this.
>
> It became very hard to build and test HAXM. Its previous
> maintainers made it clear they won't help.  It doesn't seem to be
> a very good use of QEMU maintainers to spend their time in a dead
> project. Save our time by removing this orphan zombie code.
>
> [*] https://github.com/intel/haxm/releases/tag/v7.8.0
>
> Reviewed-by: Richard Henderson 
> Acked-by: Markus Armbruster 
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alex Bennée 

-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

[PATCH v6 04/11] scripts/qapi: document the tool that generated the file

[Alex Bennée]

This makes it a little easier for developers to find where things
where being generated.

Reviewed-by: Richard Henderson 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Markus Armbruster 
Signed-off-by: Alex Bennée 
Message-Id: <20230524133952.3971948-5-alex.ben...@linaro.org>

---
v6
  - use Markus' suggestion for prettier wrapping lines
  - drop un-needed str()
---
 scripts/qapi/gen.py | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/scripts/qapi/gen.py b/scripts/qapi/gen.py
index 8f8f784f4a..70bc576a10 100644
--- a/scripts/qapi/gen.py
+++ b/scripts/qapi/gen.py
@@ -13,6 +13,7 @@
 
 from contextlib import contextmanager
 import os
+import sys
 import re
 from typing import (
 Dict,
@@ -162,7 +163,7 @@ def __init__(self, fname: str, blurb: str, pydoc: str):
 
 def _top(self) -> str:
 return mcgen('''
-/* AUTOMATICALLY GENERATED, DO NOT MODIFY */
+/* AUTOMATICALLY GENERATED by %(tool)s DO NOT MODIFY */
 
 /*
 %(blurb)s
@@ -174,6 +175,7 @@ def _top(self) -> str:
  */
 
 ''',
+ tool=os.path.basename(sys.argv[0]),
  blurb=self._blurb, copyright=self._copyright)
 
 def _bottom(self) -> str:
@@ -195,7 +197,10 @@ def _bottom(self) -> str:
 
 class QAPIGenTrace(QAPIGen):
 def _top(self) -> str:
-return super()._top() + '# AUTOMATICALLY GENERATED, DO NOT MODIFY\n\n'
+return (super()._top()
++ '# AUTOMATICALLY GENERATED by '
++ os.path.basename(sys.argv[0])
++ ', DO NOT MODIFY\n\n')
 
 
 @contextmanager
-- 
2.39.2

[PATCH v6 07/11] trace: remove code that depends on setting vcpu

[Alex Bennée]

Now we no longer have any events that are for vcpus we can start
excising the code from the trace control. As the vcpu parameter is
encoded as part of QMP we just stub out the has_vcpu/vcpu parameters
rather than alter the API.

Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Signed-off-by: Alex Bennée 
Message-Id: <20230524133952.3971948-7-alex.ben...@linaro.org>
---
 trace/control-internal.h |  10 
 trace/control-vcpu.h |  16 --
 trace/control.h  |  48 -
 hw/core/cpu-common.c |   2 -
 stubs/trace-control.c|  13 -
 trace/control-target.c   | 108 ---
 trace/control.c  |  16 --
 trace/qmp.c  |  74 +++
 trace/trace-hmp-cmds.c   |  18 ++-
 9 files changed, 20 insertions(+), 285 deletions(-)

diff --git a/trace/control-internal.h b/trace/control-internal.h
index 0178121720..8d818d359b 100644
--- a/trace/control-internal.h
+++ b/trace/control-internal.h
@@ -25,16 +25,6 @@ static inline uint32_t trace_event_get_id(TraceEvent *ev)
 return ev->id;
 }
 
-static inline uint32_t trace_event_get_vcpu_id(TraceEvent *ev)
-{
-return 0;
-}
-
-static inline bool trace_event_is_vcpu(TraceEvent *ev)
-{
-return false;
-}
-
 static inline const char * trace_event_get_name(TraceEvent *ev)
 {
 assert(ev != NULL);
diff --git a/trace/control-vcpu.h b/trace/control-vcpu.h
index 0f98ebe7b5..800fc5a219 100644
--- a/trace/control-vcpu.h
+++ b/trace/control-vcpu.h
@@ -30,13 +30,6 @@
  trace_event_get_vcpu_state_dynamic_by_vcpu_id( \
  vcpu, _ ## id ## _EVENT.vcpu_id))
 
-/**
- * trace_event_get_vcpu_state_dynamic:
- *
- * Get the dynamic tracing state of an event for the given vCPU.
- */
-static bool trace_event_get_vcpu_state_dynamic(CPUState *vcpu, TraceEvent *ev);
-
 #include "control-internal.h"
 
 static inline bool
@@ -51,13 +44,4 @@ trace_event_get_vcpu_state_dynamic_by_vcpu_id(CPUState *vcpu,
 }
 }
 
-static inline bool trace_event_get_vcpu_state_dynamic(CPUState *vcpu,
-  TraceEvent *ev)
-{
-uint32_t vcpu_id;
-assert(trace_event_is_vcpu(ev));
-vcpu_id = trace_event_get_vcpu_id(ev);
-return trace_event_get_vcpu_state_dynamic_by_vcpu_id(vcpu, vcpu_id);
-}
-
 #endif
diff --git a/trace/control.h b/trace/control.h
index 23b8393b29..dfd209edd8 100644
--- a/trace/control.h
+++ b/trace/control.h
@@ -89,23 +89,6 @@ static bool trace_event_is_pattern(const char *str);
  */
 static uint32_t trace_event_get_id(TraceEvent *ev);
 
-/**
- * trace_event_get_vcpu_id:
- *
- * Get the per-vCPU identifier of an event.
- *
- * Special value #TRACE_VCPU_EVENT_NONE means the event is not vCPU-specific
- * (does not have the "vcpu" property).
- */
-static uint32_t trace_event_get_vcpu_id(TraceEvent *ev);
-
-/**
- * trace_event_is_vcpu:
- *
- * Whether this is a per-vCPU event.
- */
-static bool trace_event_is_vcpu(TraceEvent *ev);
-
 /**
  * trace_event_get_name:
  *
@@ -172,21 +155,6 @@ static bool trace_event_get_state_dynamic(TraceEvent *ev);
  */
 void trace_event_set_state_dynamic(TraceEvent *ev, bool state);
 
-/**
- * trace_event_set_vcpu_state_dynamic:
- *
- * Set the dynamic tracing state of an event for the given vCPU.
- *
- * Pre-condition: trace_event_get_vcpu_state_static(ev) == true
- *
- * Note: Changes for execution-time events with the 'tcg' property will not be
- *   propagated until the next TB is executed (iff executing in TCG mode).
- */
-void trace_event_set_vcpu_state_dynamic(CPUState *vcpu,
-TraceEvent *ev, bool state);
-
-
-
 /**
  * trace_init_backends:
  *
@@ -205,22 +173,6 @@ bool trace_init_backends(void);
  */
 void trace_init_file(void);
 
-/**
- * trace_init_vcpu:
- * @vcpu: Added vCPU.
- *
- * Set initial dynamic event state for a hot-plugged vCPU.
- */
-void trace_init_vcpu(CPUState *vcpu);
-
-/**
- * trace_fini_vcpu:
- * @vcpu: Removed vCPU.
- *
- * Disable dynamic event state for a hot-unplugged vCPU.
- */
-void trace_fini_vcpu(CPUState *vcpu);
-
 /**
  * trace_list_events:
  * @f: Where to send output.
diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index 951477a7fd..f4e51c8a1b 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -211,7 +211,6 @@ static void cpu_common_realizefn(DeviceState *dev, Error 
**errp)
 }
 
 /* NOTE: latest generic point where the cpu is fully realized */
-trace_init_vcpu(cpu);
 }
 
 static void cpu_common_unrealizefn(DeviceState *dev)
@@ -219,7 +218,6 @@ static void cpu_common_unrealizefn(DeviceState *dev)
 CPUState *cpu = CPU(dev);
 
 /* NOTE: latest generic point before the cpu is fully unrealized */
-trace_fini_vcpu(cpu);
 cpu_exec_unrealizefn(cpu);
 }
 
diff --git a/stubs/trace-control.c b/stubs/trace-control.c
index 7f856e5c24..b428f34c87 100644
--- a/stubs/trace-control.c
+++ b/stubs/

[PATCH v6 01/11] *-user: remove the guest_user_syscall tracepoints

[Alex Bennée]

This is pure duplication now. Both bsd-user and linux-user have
builtin strace support and we can also track syscalls via the plugins
system.

Reviewed-by: Warner Losh 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Message-Id: <20230524133952.3971948-2-alex.ben...@linaro.org>
---
 include/user/syscall-trace.h  |  4 
 bsd-user/freebsd/os-syscall.c |  2 --
 trace-events  | 19 ---
 3 files changed, 25 deletions(-)

diff --git a/include/user/syscall-trace.h b/include/user/syscall-trace.h
index 90bda7631c..557f881a79 100644
--- a/include/user/syscall-trace.h
+++ b/include/user/syscall-trace.h
@@ -26,9 +26,6 @@ static inline void record_syscall_start(void *cpu, int num,
 abi_long arg5, abi_long arg6,
 abi_long arg7, abi_long arg8)
 {
-trace_guest_user_syscall(cpu, num,
- arg1, arg2, arg3, arg4,
- arg5, arg6, arg7, arg8);
 qemu_plugin_vcpu_syscall(cpu, num,
  arg1, arg2, arg3, arg4,
  arg5, arg6, arg7, arg8);
@@ -36,7 +33,6 @@ static inline void record_syscall_start(void *cpu, int num,
 
 static inline void record_syscall_return(void *cpu, int num, abi_long ret)
 {
-trace_guest_user_syscall_ret(cpu, num, ret);
 qemu_plugin_vcpu_syscall_ret(cpu, num, ret);
 }
 
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index c8f998ecec..b0ae43766f 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -531,7 +531,6 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 CPUState *cpu = env_cpu(cpu_env);
 abi_long ret;
 
-trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 
arg7, arg8);
 if (do_strace) {
 print_freebsd_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
 }
@@ -541,7 +540,6 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 if (do_strace) {
 print_freebsd_syscall_ret(num, ret);
 }
-trace_guest_user_syscall_ret(cpu, num, ret);
 
 return ret;
 }
diff --git a/trace-events b/trace-events
index b6b84b175e..691c3533e4 100644
--- a/trace-events
+++ b/trace-events
@@ -85,22 +85,3 @@ vcpu guest_cpu_exit(void)
 # Targets: all
 vcpu guest_cpu_reset(void)
 
-# include/user/syscall-trace.h
-
-# @num: System call number.
-# @arg*: System call argument value.
-#
-# Start executing a guest system call in syscall emulation mode.
-#
-# Mode: user
-# Targets: TCG(all)
-vcpu guest_user_syscall(uint64_t num, uint64_t arg1, uint64_t arg2, uint64_t 
arg3, uint64_t arg4, uint64_t arg5, uint64_t arg6, uint64_t arg7, uint64_t 
arg8) "num=0x%016"PRIx64" arg1=0x%016"PRIx64" arg2=0x%016"PRIx64" 
arg3=0x%016"PRIx64" arg4=0x%016"PRIx64" arg5=0x%016"PRIx64" arg6=0x%016"PRIx64" 
arg7=0x%016"PRIx64" arg8=0x%016"PRIx64
-
-# @num: System call number.
-# @ret: System call result value.
-#
-# Finish executing a guest system call in syscall emulation mode.
-#
-# Mode: user
-# Targets: TCG(all)
-vcpu guest_user_syscall_ret(uint64_t num, uint64_t ret) "num=0x%016"PRIx64" 
ret=0x%016"PRIx64
-- 
2.39.2

[PATCH v6 11/11] accel/tcg: include cs_base in our hash calculations

[Alex Bennée]

We weren't using cs_base in the hash calculations before. Since the
arm front end moved a chunk of flags in a378206a20 (target/arm: Move
mode specific TB flags to tb->cs_base) they comprise of an important
part of the execution state.

Widen the tb_hash_func to include cs_base and expand to qemu_xxhash8()
to accommodate it.

My initial benchmark shows very little difference in the
runtime.

Before:

armhf

➜  hyperfine -w 2 -m 20 "./arm-softmmu/qemu-system-arm -cpu cortex-a15 -machine 
type=virt,highmem=off -display none -m 2048 -serial mon:stdio -netdev 
user,id=unet,hostfwd=tcp::-:22 -device virtio-net-pci,netdev=unet -device 
virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-armhf
 -device scsi-hd,drive=hd -smp 4 -kernel 
/home/alex/lsrc/linux.git/builds/arm/arch/arm/boot/zImage -append 
'console=ttyAMA0 root=/dev/sda2 systemd.unit=benchmark.service' -snapshot"
Benchmark 1: ./arm-softmmu/qemu-system-arm -cpu cortex-a15 -machine 
type=virt,highmem=off -display none -m 2048 -serial mon:stdio -netdev 
user,id=unet,hostfwd=tcp::-:22 -device virtio-net-pci,netdev=unet -device 
virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-armhf
 -device scsi-hd,drive=hd -smp 4 -kernel 
/home/alex/lsrc/linux.git/builds/arm/arch/arm/boot/zImage -append 
'console=ttyAMA0 root=/dev/sda2 systemd.unit=benchmark.service' -snapshot
  Time (mean ± σ): 24.627 s ±  2.708 s[User: 34.309 s, System: 1.797 s]
  Range (min … max):   22.345 s … 29.864 s20 runs

arm64

➜  hyperfine -w 2 -n 20 "./qemu-system-aarch64 -cpu max,pauth-impdef=on 
-machine type=virt,virtualization=on,gic-version=3 -display none -serial 
mon:stdio -netdev user,id=unet,hostfwd=tcp::-:22,hostfwd=tcp::1234-:1234 
-device virtio-net-pci,netdev=unet -device virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-arm64
 -device scsi-hd,drive=hd -smp 4 -kernel 
~/lsrc/linux.git/builds/arm64/arch/arm64/boot/Image.gz -append 'console=ttyAMA0 
root=/dev/sda2 systemd.unit=benchmark-pigz.service' -snapshot"
Benchmark 1: 20
  Time (mean ± σ): 62.559 s ±  2.917 s[User: 189.115 s, System: 4.089 s]
  Range (min … max):   59.997 s … 70.153 s10 runs

After:

armhf

Benchmark 1: ./arm-softmmu/qemu-system-arm -cpu cortex-a15 -machine 
type=virt,highmem=off -display none -m 2048 -serial mon:stdio -netdev 
user,id=unet,hostfwd=tcp::-:22 -device virtio-net-pci,netdev=unet -device 
virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-armhf
 -device scsi-hd,drive=hd -smp 4 -kernel 
/home/alex/lsrc/linux.git/builds/arm/arch/arm/boot/zImage -append 
'console=ttyAMA0 root=/dev/sda2 systemd.unit=benchmark.service' -snapshot
  Time (mean ± σ): 24.223 s ±  2.151 s[User: 34.284 s, System: 1.906 s]
  Range (min … max):   22.000 s … 28.476 s20 runs

arm64

hyperfine -w 2 -n 20 "./qemu-system-aarch64 -cpu max,pauth-impdef=on -machine 
type=virt,virtualization=on,gic-version=3 -display none -serial mon:stdio 
-netdev user,id=unet,hostfwd=tcp::-:22,hostfwd=tcp::1234-:1234 -device 
virtio-net-pci,netdev=unet -device virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-arm64
 -device scsi-hd,drive=hd -smp 4 -kernel 
~/lsrc/linux.git/builds/arm64/arch/arm64/boot/Image.gz -append 'console=ttyAMA0 
root=/dev/sda2 systemd.unit=benchmark-pigz.service' -snapshot"
Benchmark 1: 20
  Time (mean ± σ): 62.769 s ±  1.978 s[User: 188.431 s, System: 5.269 s]
  Range (min … max):   60.285 s … 66.868 s10 runs

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Message-Id: <20230524133952.3971948-11-alex.ben...@linaro.org>
---
 accel/tcg/tb-hash.h   |  4 ++--
 include/qemu/xxhash.h | 23 +--
 accel/tcg/cpu-exec.c  |  2 +-
 accel/tcg/tb-maint.c  |  4 ++--
 util/qsp.c|  2 +-
 5 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/accel/tcg/tb-hash.h b/accel/tcg/tb-hash.h
index 1d19c69caa..2ba2193731 100644
--- a/accel/tcg/tb-hash.h
+++ b/accel/tcg/tb-hash.h
@@ -62,9 +62,9 @@ static inline unsigned int 
tb_jmp_cache_hash_func(target_ulong pc)
 
 static inline
 uint32_t tb_hash_func(tb_page_addr_t phys_pc, target_ulong pc,
-  uint32_t flags, uint32_t cf_mask)
+  uint32_t flags, uint64_t flags2, uint32_t cf_mask)
 {
-return qemu_xxhash6(phys_pc, pc, flags, cf_mask);
+return qemu_xxhash8(phys_pc, pc, flags2, flags, cf_mask);
 }
 
 #endif
diff --git a/include/qemu/xxhash.h b/include/qemu/xxhash.h
index c2dcccadbf..0259bbef18 100644
--- a/include/qemu/xxhash.h
+++ b/inc

[PATCH v6 09/11] tcg: remove the final vestiges of dstate

[Alex Bennée]

Now we no longer have dynamic state affecting things we can remove the
additional fields in cpu.h and simplify the TB hash calculation.

For the benchmark:

hyperfine -w 2 -m 20 \
  "./arm-softmmu/qemu-system-arm -cpu cortex-a15 \
-machine type=virt,highmem=off \
-display none -m 2048 \
-serial mon:stdio \
-netdev user,id=unet,hostfwd=tcp::-:22 \
-device virtio-net-pci,netdev=unet \
-device virtio-scsi-pci \
-blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-armhf
 \
-device scsi-hd,drive=hd -smp 4 \
-kernel /home/alex/lsrc/linux.git/builds/arm/arch/arm/boot/zImage \
-append 'console=ttyAMA0 root=/dev/sda2 systemd.unit=benchmark.service' 
\
-snapshot"

It has a marginal effect on runtime, before:

  Time (mean ± σ): 26.279 s ±  2.438 s[User: 41.113 s, System: 1.843 s]
  Range (min … max):   24.420 s … 32.565 s20 runs

after:

  Time (mean ± σ): 24.440 s ±  2.885 s[User: 34.474 s, System: 2.028 s]
  Range (min … max):   21.663 s … 29.937 s20 runs

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1358
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Message-Id: <20230524133952.3971948-9-alex.ben...@linaro.org>
---
 accel/tcg/tb-hash.h   | 6 +++---
 include/exec/exec-all.h   | 3 ---
 include/hw/core/cpu.h | 5 -
 accel/tcg/cpu-exec.c  | 7 +--
 accel/tcg/tb-maint.c  | 5 ++---
 accel/tcg/translate-all.c | 6 --
 6 files changed, 6 insertions(+), 26 deletions(-)

diff --git a/accel/tcg/tb-hash.h b/accel/tcg/tb-hash.h
index 83dc610e4c..1d19c69caa 100644
--- a/accel/tcg/tb-hash.h
+++ b/accel/tcg/tb-hash.h
@@ -61,10 +61,10 @@ static inline unsigned int 
tb_jmp_cache_hash_func(target_ulong pc)
 #endif /* CONFIG_SOFTMMU */
 
 static inline
-uint32_t tb_hash_func(tb_page_addr_t phys_pc, target_ulong pc, uint32_t flags,
-  uint32_t cf_mask, uint32_t trace_vcpu_dstate)
+uint32_t tb_hash_func(tb_page_addr_t phys_pc, target_ulong pc,
+  uint32_t flags, uint32_t cf_mask)
 {
-return qemu_xxhash7(phys_pc, pc, flags, cf_mask, trace_vcpu_dstate);
+return qemu_xxhash6(phys_pc, pc, flags, cf_mask);
 }
 
 #endif
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 4d2b151986..3b1b57f6ad 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -545,9 +545,6 @@ struct TranslationBlock {
 #define CF_CLUSTER_MASK  0xff00 /* Top 8 bits are cluster ID */
 #define CF_CLUSTER_SHIFT 24
 
-/* Per-vCPU dynamic tracing state used to generate this TB */
-uint32_t trace_vcpu_dstate;
-
 /*
  * Above fields used for comparing
  */
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 39150cf8f8..383456d1b3 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -266,7 +266,6 @@ typedef void (*run_on_cpu_func)(CPUState *cpu, 
run_on_cpu_data data);
 struct qemu_work_item;
 
 #define CPU_UNSET_NUMA_NODE_ID -1
-#define CPU_TRACE_DSTATE_MAX_EVENTS 32
 
 /**
  * CPUState:
@@ -407,10 +406,6 @@ struct CPUState {
 /* Use by accel-block: CPU is executing an ioctl() */
 QemuLockCnt in_ioctl_lock;
 
-/* Used for events with 'vcpu' and *without* the 'disabled' properties */
-DECLARE_BITMAP(trace_dstate_delayed, CPU_TRACE_DSTATE_MAX_EVENTS);
-DECLARE_BITMAP(trace_dstate, CPU_TRACE_DSTATE_MAX_EVENTS);
-
 DECLARE_BITMAP(plugin_mask, QEMU_PLUGIN_EV_MAX);
 
 #ifdef CONFIG_PLUGIN
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 0e741960da..4a1dce98ff 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -175,7 +175,6 @@ struct tb_desc {
 tb_page_addr_t page_addr0;
 uint32_t flags;
 uint32_t cflags;
-uint32_t trace_vcpu_dstate;
 };
 
 static bool tb_lookup_cmp(const void *p, const void *d)
@@ -187,7 +186,6 @@ static bool tb_lookup_cmp(const void *p, const void *d)
 tb_page_addr0(tb) == desc->page_addr0 &&
 tb->cs_base == desc->cs_base &&
 tb->flags == desc->flags &&
-tb->trace_vcpu_dstate == desc->trace_vcpu_dstate &&
 tb_cflags(tb) == desc->cflags) {
 /* check next page if needed */
 tb_page_addr_t tb_phys_page1 = tb_page_addr1(tb);
@@ -228,7 +226,6 @@ static TranslationBlock *tb_htable_lookup(CPUState *cpu, 
target_ulong pc,
 desc.cs_base = cs_base;
 desc.flags = flags;
 desc.cflags = cflags;
-desc.trace_vcpu_dstate = *cpu->trace_dstate;
 desc.pc = pc;
 phys_pc = get_page_addr_code(desc.env, pc);
 if (phys_pc == -1) {
@@ -236,7 +233,7 @@ static TranslationBlock *tb_htable_lookup(CPUState *cpu, 
target_ulong pc,
 }
 desc.page_addr0 = phys_pc;
 h = tb_hash_func(phys_pc, (cflags & CF_P

[PATCH v6 08/11] trace: remove control-vcpu.h

[Alex Bennée]

Now we no longer have vcpu controlled trace events we can excise the
code that allows us to query its status.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Signed-off-by: Alex Bennée 
Message-Id: <20230524133952.3971948-8-alex.ben...@linaro.org>
---
 trace/control-vcpu.h  | 47 ---
 trace/qmp.c   |  2 +-
 scripts/tracetool/format/h.py |  5 +---
 3 files changed, 2 insertions(+), 52 deletions(-)
 delete mode 100644 trace/control-vcpu.h

diff --git a/trace/control-vcpu.h b/trace/control-vcpu.h
deleted file mode 100644
index 800fc5a219..00
--- a/trace/control-vcpu.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Interface for configuring and controlling the state of tracing events.
- *
- * Copyright (C) 2011-2016 Lluís Vilanova 
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- */
-
-#ifndef TRACE__CONTROL_VCPU_H
-#define TRACE__CONTROL_VCPU_H
-
-#include "control.h"
-#include "event-internal.h"
-#include "hw/core/cpu.h"
-
-/**
- * trace_event_get_vcpu_state:
- * @vcpu: Target vCPU.
- * @id: Event identifier name.
- *
- * Get the tracing state of an event (both static and dynamic) for the given
- * vCPU.
- *
- * If the event has the disabled property, the check will have no performance
- * impact.
- */
-#define trace_event_get_vcpu_state(vcpu, id)\
-((id ##_ENABLED) && \
- trace_event_get_vcpu_state_dynamic_by_vcpu_id( \
- vcpu, _ ## id ## _EVENT.vcpu_id))
-
-#include "control-internal.h"
-
-static inline bool
-trace_event_get_vcpu_state_dynamic_by_vcpu_id(CPUState *vcpu,
-  uint32_t vcpu_id)
-{
-/* it's on fast path, avoid consistency checks (asserts) */
-if (unlikely(trace_events_enabled_count)) {
-return test_bit(vcpu_id, vcpu->trace_dstate);
-} else {
-return false;
-}
-}
-
-#endif
diff --git a/trace/qmp.c b/trace/qmp.c
index aa760f1fc4..3e3971c6a8 100644
--- a/trace/qmp.c
+++ b/trace/qmp.c
@@ -10,7 +10,7 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qapi/qapi-commands-trace.h"
-#include "control-vcpu.h"
+#include "control.h"
 
 
 static bool check_events(bool ignore_unavailable, bool is_pattern,
diff --git a/scripts/tracetool/format/h.py b/scripts/tracetool/format/h.py
index 285d7b03a9..ea126b07ea 100644
--- a/scripts/tracetool/format/h.py
+++ b/scripts/tracetool/format/h.py
@@ -16,10 +16,7 @@
 
 
 def generate(events, backend, group):
-if group == "root":
-header = "trace/control-vcpu.h"
-else:
-header = "trace/control.h"
+header = "trace/control.h"
 
 out('/* This file is autogenerated by tracetool, do not edit. */',
 '',
-- 
2.39.2

[PATCH v6 02/11] trace-events: remove the remaining vcpu trace events

[Alex Bennée]

While these are all in helper functions being designated vcpu events
complicates the removal of the dynamic vcpu state code. TCG plugins
allow you to instrument vcpu_[init|exit|idle].

We rename cpu_reset and make it a normal trace point.

Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Message-Id: <20230524133952.3971948-3-alex.ben...@linaro.org>
---
 hw/core/cpu-common.c   |  4 ++--
 trace/control-target.c |  1 -
 trace/control.c|  2 --
 hw/core/trace-events   |  3 +++
 trace-events   | 31 ---
 5 files changed, 5 insertions(+), 36 deletions(-)

diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index 5ccc3837b6..951477a7fd 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -32,7 +32,7 @@
 #include "sysemu/tcg.h"
 #include "hw/boards.h"
 #include "hw/qdev-properties.h"
-#include "trace/trace-root.h"
+#include "trace.h"
 #include "qemu/plugin.h"
 
 CPUState *cpu_by_arch_id(int64_t id)
@@ -113,7 +113,7 @@ void cpu_reset(CPUState *cpu)
 {
 device_cold_reset(DEVICE(cpu));
 
-trace_guest_cpu_reset(cpu);
+trace_cpu_reset(cpu->cpu_index);
 }
 
 static void cpu_common_reset_hold(Object *obj)
diff --git a/trace/control-target.c b/trace/control-target.c
index c0c1e2310a..a10752924b 100644
--- a/trace/control-target.c
+++ b/trace/control-target.c
@@ -144,5 +144,4 @@ void trace_init_vcpu(CPUState *vcpu)
 }
 }
 }
-trace_guest_cpu_enter(vcpu);
 }
diff --git a/trace/control.c b/trace/control.c
index 6c77cc6318..d24af91004 100644
--- a/trace/control.c
+++ b/trace/control.c
@@ -277,8 +277,6 @@ void trace_fini_vcpu(CPUState *vcpu)
 TraceEventIter iter;
 TraceEvent *ev;
 
-trace_guest_cpu_exit(vcpu);
-
 trace_event_iter_init_all(&iter);
 while ((ev = trace_event_iter_next(&iter)) != NULL) {
 if (trace_event_is_vcpu(ev) &&
diff --git a/hw/core/trace-events b/hw/core/trace-events
index 56da55bd71..2cf085ac66 100644
--- a/hw/core/trace-events
+++ b/hw/core/trace-events
@@ -29,3 +29,6 @@ clock_set(const char *clk, uint64_t old, uint64_t new) "'%s', 
%"PRIu64"Hz->%"PRI
 clock_propagate(const char *clk) "'%s'"
 clock_update(const char *clk, const char *src, uint64_t hz, int cb) "'%s', 
src='%s', val=%"PRIu64"Hz cb=%d"
 clock_set_mul_div(const char *clk, uint32_t oldmul, uint32_t mul, uint32_t 
olddiv, uint32_t div) "'%s', mul: %u -> %u, div: %u -> %u"
+
+# cpu-common.c
+cpu_reset(int cpu_index) "%d"
diff --git a/trace-events b/trace-events
index 691c3533e4..dd318ed1af 100644
--- a/trace-events
+++ b/trace-events
@@ -54,34 +54,3 @@ qmp_job_resume(void *job) "job %p"
 qmp_job_complete(void *job) "job %p"
 qmp_job_finalize(void *job) "job %p"
 qmp_job_dismiss(void *job) "job %p"
-
-
-### Guest events, keep at bottom
-
-
-## vCPU
-
-# trace/control-target.c
-
-# Hot-plug a new virtual (guest) CPU
-#
-# Mode: user, softmmu
-# Targets: all
-vcpu guest_cpu_enter(void)
-
-# trace/control.c
-
-# Hot-unplug a virtual (guest) CPU
-#
-# Mode: user, softmmu
-# Targets: all
-vcpu guest_cpu_exit(void)
-
-# hw/core/cpu.c
-
-# Reset the state of a virtual (guest) CPU
-#
-# Mode: user, softmmu
-# Targets: all
-vcpu guest_cpu_reset(void)
-
-- 
2.39.2

[PATCH v6 05/11] docs/deprecated: move QMP events bellow QMP command section

[Alex Bennée]

Also rename the section to make the fact this is part of the
management protocol even clearer.

Suggested-by: Markus Armbruster 
Signed-off-by: Alex Bennée 
---
 docs/about/deprecated.rst | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index e934e0a13a..7c45a64363 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -218,6 +218,15 @@ instruction per translated block" mode (which can be set 
on the
 command line or via the HMP, but not via QMP). The information remains
 available via the HMP 'info jit' command.
 
+QEMU Machine Protocol (QMP) events
+--
+
+``MEM_UNPLUG_ERROR`` (since 6.2)
+''''''''''''''''''''''''''''''''''''''''''''''''''''''''
+
+Use the more generic event ``DEVICE_UNPLUG_GUEST_ERROR`` instead.
+
+
 Human Monitor Protocol (HMP) commands
 -
 
@@ -251,15 +260,6 @@ it. Since all recent x86 hardware from the past >10 years 
is capable of the
 64-bit x86 extensions, a corresponding 64-bit OS should be used instead.
 
 
-QEMU API (QAPI) events
---
-
-``MEM_UNPLUG_ERROR`` (since 6.2)
-''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-
-Use the more generic event ``DEVICE_UNPLUG_GUEST_ERROR`` instead.
-
-
 System emulator machines
 
 
-- 
2.39.2

[PATCH v6 10/11] hw/9pfs: use qemu_xxhash4

[Alex Bennée]

No need to pass zeros as we have helpers that do that for us.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Christian Schoenebeck 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Signed-off-by: Alex Bennée 
Message-Id: <20230524133952.3971948-10-alex.ben...@linaro.org>
---
 hw/9pfs/9p.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 9621ec1341..991645adca 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -738,15 +738,14 @@ static VariLenAffix affixForIndex(uint64_t index)
 return invertAffix(&prefix); /* convert prefix to suffix */
 }
 
-/* creative abuse of tb_hash_func7, which is based on xxhash */
 static uint32_t qpp_hash(QppEntry e)
 {
-return qemu_xxhash7(e.ino_prefix, e.dev, 0, 0, 0);
+return qemu_xxhash4(e.ino_prefix, e.dev);
 }
 
 static uint32_t qpf_hash(QpfEntry e)
 {
-return qemu_xxhash7(e.ino, e.dev, 0, 0, 0);
+return qemu_xxhash4(e.ino, e.dev);
 }
 
 static bool qpd_cmp_func(const void *obj, const void *userp)
-- 
2.39.2

[PATCH v6 06/11] qapi: make the vcpu parameters deprecated for 8.1

[Alex Bennée]

I don't think I can remove the parameters directly but certainly mark
them as deprecated.

Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Message-Id: <20230524133952.3971948-6-alex.ben...@linaro.org>

---
v6
  - s/QAPI/QMP/
  - /and always false./and always ignored./
---
 docs/about/deprecated.rst |  7 +++
 qapi/trace.json   | 40 +--
 2 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 7c45a64363..0743459862 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -226,6 +226,13 @@ QEMU Machine Protocol (QMP) events
 
 Use the more generic event ``DEVICE_UNPLUG_GUEST_ERROR`` instead.
 
+``vcpu`` trace events (since 8.1)
+'''''''''''''''''''''''''''''''''
+
+The ability to instrument QEMU helper functions with vCPU-aware trace
+points was removed in 7.0. However QMP still exposed the vcpu
+parameter. This argument has now been deprecated and the remaining
+remaining trace points that used it are selected just by name.
 
 Human Monitor Protocol (HMP) commands
 -
diff --git a/qapi/trace.json b/qapi/trace.json
index 6bf0af0946..39b752fc88 100644
--- a/qapi/trace.json
+++ b/qapi/trace.json
@@ -37,13 +37,14 @@
 #
 # @vcpu: Whether this is a per-vCPU event (since 2.7).
 #
-# An event is per-vCPU if it has the "vcpu" property in the
-# "trace-events" files.
+# Features:
+# @deprecated: Member @vcpu is deprecated, and always ignored.
 #
 # Since: 2.2
 ##
 { 'struct': 'TraceEventInfo',
-  'data': {'name': 'str', 'state': 'TraceEventState', 'vcpu': 'bool'} }
+  'data': {'name': 'str', 'state': 'TraceEventState',
+   'vcpu': { 'type': 'bool', 'features': ['deprecated'] } } }
 
 ##
 # @trace-event-get-state:
@@ -52,19 +53,15 @@
 #
 # @name: Event name pattern (case-sensitive glob).
 #
-# @vcpu: The vCPU to query (any by default; since 2.7).
+# @vcpu: The vCPU to query (since 2.7).
 #
-# Returns: a list of @TraceEventInfo for the matching events
-#
-# An event is returned if:
+# Features:
+# @deprecated: Member @vcpu is deprecated, and always ignored.
 #
-# - its name matches the @name pattern, and
-# - if @vcpu is given, the event has the "vcpu" property.
+# Returns: a list of @TraceEventInfo for the matching events
 #
-# Therefore, if @vcpu is given, the operation will only match per-vCPU
-# events, returning their state on the specified vCPU. Special case:
-# if @name is an exact match, @vcpu is given and the event does not
-# have the "vcpu" property, an error is returned.
+# An event is returned if its name matches the @name pattern
+# (There are no longer any per-vCPU events).
 #
 # Since: 2.2
 #
@@ -75,7 +72,8 @@
 # <- { "return": [ { "name": "qemu_memalign", "state": "disabled", "vcpu": 
false } ] }
 ##
 { 'command': 'trace-event-get-state',
-  'data': {'name': 'str', '*vcpu': 'int'},
+  'data': {'name': 'str',
+   '*vcpu': {'type': 'int', 'features': ['deprecated'] } },
   'returns': ['TraceEventInfo'] }
 
 ##
@@ -91,15 +89,11 @@
 #
 # @vcpu: The vCPU to act upon (all by default; since 2.7).
 #
-# An event's state is modified if:
-#
-# - its name matches the @name pattern, and
-# - if @vcpu is given, the event has the "vcpu" property.
+# Features:
+# @deprecated: Member @vcpu is deprecated, and always ignored.
 #
-# Therefore, if @vcpu is given, the operation will only match per-vCPU
-# events, setting their state on the specified vCPU. Special case: if
-# @name is an exact match, @vcpu is given and the event does not have
-# the "vcpu" property, an error is returned.
+# An event is enabled if its name matches the @name pattern
+# (There are no longer any per-vCPU events).
 #
 # Since: 2.2
 #
@@ -111,4 +105,4 @@
 ##
 { 'command': 'trace-event-set-state',
   'data': {'name': 'str', 'enable': 'bool', '*ignore-unavailable': 'bool',
-   '*vcpu': 'int'} }
+   '*vcpu': {'type': 'int', 'features': ['deprecated'] } } }
-- 
2.39.2

[PATCH v6 03/11] trace: remove vcpu_id from the TraceEvent structure

[Alex Bennée]

This does involve temporarily stubbing out some helper functions
before we excise the rest of the code.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Signed-off-by: Alex Bennée 
Message-Id: <20230524133952.3971948-4-alex.ben...@linaro.org>
---
 trace/control-internal.h  |  4 ++--
 trace/event-internal.h|  2 --
 trace/control.c   | 10 --
 scripts/tracetool/format/c.py |  6 --
 scripts/tracetool/format/h.py | 11 +--
 5 files changed, 3 insertions(+), 30 deletions(-)

diff --git a/trace/control-internal.h b/trace/control-internal.h
index 8b2b50a7cf..0178121720 100644
--- a/trace/control-internal.h
+++ b/trace/control-internal.h
@@ -27,12 +27,12 @@ static inline uint32_t trace_event_get_id(TraceEvent *ev)
 
 static inline uint32_t trace_event_get_vcpu_id(TraceEvent *ev)
 {
-return ev->vcpu_id;
+return 0;
 }
 
 static inline bool trace_event_is_vcpu(TraceEvent *ev)
 {
-return ev->vcpu_id != TRACE_VCPU_EVENT_NONE;
+return false;
 }
 
 static inline const char * trace_event_get_name(TraceEvent *ev)
diff --git a/trace/event-internal.h b/trace/event-internal.h
index f63500b37e..0c24e01b52 100644
--- a/trace/event-internal.h
+++ b/trace/event-internal.h
@@ -19,7 +19,6 @@
 /**
  * TraceEvent:
  * @id: Unique event identifier.
- * @vcpu_id: Unique per-vCPU event identifier.
  * @name: Event name.
  * @sstate: Static tracing state.
  * @dstate: Dynamic tracing state
@@ -33,7 +32,6 @@
  */
 typedef struct TraceEvent {
 uint32_t id;
-uint32_t vcpu_id;
 const char * name;
 const bool sstate;
 uint16_t *dstate;
diff --git a/trace/control.c b/trace/control.c
index d24af91004..5dfb609954 100644
--- a/trace/control.c
+++ b/trace/control.c
@@ -68,16 +68,6 @@ void trace_event_register_group(TraceEvent **events)
 size_t i;
 for (i = 0; events[i] != NULL; i++) {
 events[i]->id = next_id++;
-if (events[i]->vcpu_id == TRACE_VCPU_EVENT_NONE) {
-continue;
-}
-
-if (likely(next_vcpu_id < CPU_TRACE_DSTATE_MAX_EVENTS)) {
-events[i]->vcpu_id = next_vcpu_id++;
-} else {
-warn_report("too many vcpu trace events; dropping '%s'",
-events[i]->name);
-}
 }
 event_groups = g_renew(TraceEventGroup, event_groups, nevent_groups + 1);
 event_groups[nevent_groups].events = events;
diff --git a/scripts/tracetool/format/c.py b/scripts/tracetool/format/c.py
index c390c1844a..69edf0d588 100644
--- a/scripts/tracetool/format/c.py
+++ b/scripts/tracetool/format/c.py
@@ -32,19 +32,13 @@ def generate(events, backend, group):
 out('uint16_t %s;' % e.api(e.QEMU_DSTATE))
 
 for e in events:
-if "vcpu" in e.properties:
-vcpu_id = 0
-else:
-vcpu_id = "TRACE_VCPU_EVENT_NONE"
 out('TraceEvent %(event)s = {',
 '.id = 0,',
-'.vcpu_id = %(vcpu_id)s,',
 '.name = \"%(name)s\",',
 '.sstate = %(sstate)s,',
 '.dstate = &%(dstate)s ',
 '};',
 event = e.api(e.QEMU_EVENT),
-vcpu_id = vcpu_id,
 name = e.name,
 sstate = "TRACE_%s_ENABLED" % e.name.upper(),
 dstate = e.api(e.QEMU_DSTATE))
diff --git a/scripts/tracetool/format/h.py b/scripts/tracetool/format/h.py
index e94f0be7da..285d7b03a9 100644
--- a/scripts/tracetool/format/h.py
+++ b/scripts/tracetool/format/h.py
@@ -74,16 +74,7 @@ def generate(events, backend, group):
 
 out('}')
 
-# tracer wrapper with checks (per-vCPU tracing)
-if "vcpu" in e.properties:
-trace_cpu = next(iter(e.args))[1]
-cond = "trace_event_get_vcpu_state(%(cpu)s,"\
-   " TRACE_%(id)s)"\
-   % dict(
-   cpu=trace_cpu,
-   id=e.name.upper())
-else:
-cond = "true"
+cond = "true"
 
 out('',
 'static inline void %(api)s(%(args)s)',
-- 
2.39.2

[PATCH v6 00/11] tracing: remove dynamic vcpu state

[Alex Bennée]

Hi Stefan,

The references dynamic vcpu tracing support was removed when the
original TCG trace points where removed. However there was still a
legacy of dynamic trace state to track this in cpu.h and extra hash
variables to track TBs. While the removed vcpu tracepoints are not in
generated code (or helpers) they still bring in a bunch of machinery
to manage the state so I've pulled them out. We keep and rename one
(cpu_reset) to a static trace points which dump vcpu->index as it is
useful to f4bug.

v6 new patch to shuffle deprecated, added rth's rb, qapi doc cleanups

Please queue into your tree.

Alex Bennée (11):
  *-user: remove the guest_user_syscall tracepoints
  trace-events: remove the remaining vcpu trace events
  trace: remove vcpu_id from the TraceEvent structure
  scripts/qapi: document the tool that generated the file
  docs/deprecated: move QMP events bellow QMP command section
  qapi: make the vcpu parameters deprecated for 8.1
  trace: remove code that depends on setting vcpu
  trace: remove control-vcpu.h
  tcg: remove the final vestiges of dstate
  hw/9pfs: use qemu_xxhash4
  accel/tcg: include cs_base in our hash calculations

 docs/about/deprecated.rst |  25 +---
 qapi/trace.json   |  40 ++---
 accel/tcg/tb-hash.h   |   6 +-
 include/exec/exec-all.h   |   3 -
 include/hw/core/cpu.h |   5 --
 include/qemu/xxhash.h |  23 +--
 include/user/syscall-trace.h  |   4 --
 trace/control-internal.h  |  10 
 trace/control-vcpu.h  |  63 
 trace/control.h   |  48 ---
 trace/event-internal.h|   2 -
 accel/tcg/cpu-exec.c  |   7 +--
 accel/tcg/tb-maint.c  |   5 +-
 accel/tcg/translate-all.c |   6 --
 bsd-user/freebsd/os-syscall.c |   2 -
 hw/9pfs/9p.c  |   5 +-
 hw/core/cpu-common.c  |   6 +-
 stubs/trace-control.c |  13 
 trace/control-target.c| 109 +++---
 trace/control.c   |  28 -
 trace/qmp.c   |  76 +++-
 trace/trace-hmp-cmds.c|  18 +-
 util/qsp.c|   2 +-
 hw/core/trace-events  |   3 +
 scripts/qapi/gen.py   |   9 ++-
 scripts/tracetool/format/c.py |   6 --
 scripts/tracetool/format/h.py |  16 +
 trace-events  |  50 
 28 files changed, 94 insertions(+), 496 deletions(-)
 delete mode 100644 trace/control-vcpu.h

-- 
2.39.2

Re: [PATCH v5 05/10] qapi: make the vcpu parameters deprecated for 8.1

[Alex Bennée]

Markus Armbruster  writes:

> Alex Bennée  writes:
>
>> I don't think I can remove the parameters directly but certainly mark
>> them as deprecated.
>>
>> Reviewed-by: Stefan Hajnoczi 
>> Reviewed-by: Richard Henderson 
>> Reviewed-by: Philippe Mathieu-Daudé 
>> Signed-off-by: Alex Bennée 
>> Message-Id: <20230523125000.3674739-6-alex.ben...@linaro.org>
>>
>> ---
>> v5
>>   - reword match description
>>   - fix reference to return for set operation
>> ---
>>  docs/about/deprecated.rst |  9 +
>>  qapi/trace.json   | 40 +--
>>  2 files changed, 26 insertions(+), 23 deletions(-)
>>
>> diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
>> index e934e0a13a..e44cde057f 100644
>> --- a/docs/about/deprecated.rst
>> +++ b/docs/about/deprecated.rst
>> @@ -254,6 +254,15 @@ it. Since all recent x86 hardware from the past >10 
>> years is capable of the
>>  QEMU API (QAPI) events
>>  --
>
> Not this patch's fault: the headline should be "QEMU Machine Protocol
> (QMP) events".  The section should directly follow section "QEMU Machine
> Protocol (QMP) commands".
>
> I'd go one step farther, and fuse the two sections under the heading
> "QEMU Machine Protocol (QMP)".
>
>>  
>> +``vcpu`` trace events (since 8.1)
>> +'''''''''''''''''''''''''''''''''
>> +
>> +The ability to instrument QEMU helper functions with vcpu aware trace
>
> Should this be "vCPU-aware"?
>
>> +points was removed in 7.0. However the QAPI still exposed the vcpu
>
> s/the QAPI/QMP/
>
>> +parameter. This argument has now been deprecated and the remaining
>> +used trace points converted to plain trace points selected just by
>
> "remaining trace points that used it"?
>
>> +name.
>> +
>>  ``MEM_UNPLUG_ERROR`` (since 6.2)
>>  ''''''''''''''''''''''''''''''''''''''''''''''''''''''''
>>  
>> diff --git a/qapi/trace.json b/qapi/trace.json
>> index 6bf0af0946..e561f3d3da 100644
>> --- a/qapi/trace.json
>> +++ b/qapi/trace.json
>> @@ -37,13 +37,14 @@
>>  #
>>  # @vcpu: Whether this is a per-vCPU event (since 2.7).
>>  #
>> -# An event is per-vCPU if it has the "vcpu" property in the
>> -# "trace-events" files.
>> +# Features:
>> +# @deprecated: Member @vcpu is deprecated, and always false.
>>  #
>>  # Since: 2.2
>>  ##
>>  { 'struct': 'TraceEventInfo',
>> -  'data': {'name': 'str', 'state': 'TraceEventState', 'vcpu': 'bool'} }
>> +  'data': {'name': 'str', 'state': 'TraceEventState',
>> +   'vcpu': { 'type': 'bool', 'features': ['deprecated'] } } }
>>  
>>  ##
>>  # @trace-event-get-state:
>> @@ -52,19 +53,15 @@
>>  #
>>  # @name: Event name pattern (case-sensitive glob).
>>  #
>> -# @vcpu: The vCPU to query (any by default; since 2.7).
>> +# @vcpu: The vCPU to query (since 2.7).
>>  #
>> -# Returns: a list of @TraceEventInfo for the matching events
>> -#
>> -# An event is returned if:
>> +# Features:
>> +# @deprecated: Member @vcpu is deprecated, and always false.
>
> This isn't quite right: parameter @vcpu cannot be false, it's int.
>
> I figure specifying the parameter makes no sense anymore, because if you
> do, the command will return an empty list.  Correct?

Well its not longer checked so I guess "and always ignored" would be
more correct.

-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

[PATCH v5 04/10] scripts/qapi: document the tool that generated the file

[Alex Bennée]

This makes it a little easier for developers to find where things
where being generated.

Reviewed-by: Richard Henderson 
Signed-off-by: Alex Bennée 
Message-Id: <20230523125000.3674739-5-alex.ben...@linaro.org>
---
 scripts/qapi/gen.py | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scripts/qapi/gen.py b/scripts/qapi/gen.py
index 8f8f784f4a..2ea27ef31c 100644
--- a/scripts/qapi/gen.py
+++ b/scripts/qapi/gen.py
@@ -13,6 +13,7 @@
 
 from contextlib import contextmanager
 import os
+import sys
 import re
 from typing import (
 Dict,
@@ -162,7 +163,7 @@ def __init__(self, fname: str, blurb: str, pydoc: str):
 
 def _top(self) -> str:
 return mcgen('''
-/* AUTOMATICALLY GENERATED, DO NOT MODIFY */
+/* AUTOMATICALLY GENERATED by %(tool)s DO NOT MODIFY */
 
 /*
 %(blurb)s
@@ -174,6 +175,7 @@ def _top(self) -> str:
  */
 
 ''',
+ tool=str(os.path.basename(sys.argv[0])),
  blurb=self._blurb, copyright=self._copyright)
 
 def _bottom(self) -> str:
@@ -195,7 +197,9 @@ def _bottom(self) -> str:
 
 class QAPIGenTrace(QAPIGen):
 def _top(self) -> str:
-return super()._top() + '# AUTOMATICALLY GENERATED, DO NOT MODIFY\n\n'
+return super()._top() + (
+'# AUTOMATICALLY GENERATED by '
+f"{os.path.basename(sys.argv[0])}, DO NOT MODIFY\n\n" )
 
 
 @contextmanager
-- 
2.39.2

[PATCH v5 02/10] trace-events: remove the remaining vcpu trace events

[Alex Bennée]

While these are all in helper functions being designated vcpu events
complicates the removal of the dynamic vcpu state code. TCG plugins
allow you to instrument vcpu_[init|exit|idle].

We rename cpu_reset and make it a normal trace point.

Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Message-Id: <20230523125000.3674739-3-alex.ben...@linaro.org>
---
 hw/core/cpu-common.c   |  4 ++--
 trace/control-target.c |  1 -
 trace/control.c|  2 --
 hw/core/trace-events   |  3 +++
 trace-events   | 31 ---
 5 files changed, 5 insertions(+), 36 deletions(-)

diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index 5ccc3837b6..951477a7fd 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -32,7 +32,7 @@
 #include "sysemu/tcg.h"
 #include "hw/boards.h"
 #include "hw/qdev-properties.h"
-#include "trace/trace-root.h"
+#include "trace.h"
 #include "qemu/plugin.h"
 
 CPUState *cpu_by_arch_id(int64_t id)
@@ -113,7 +113,7 @@ void cpu_reset(CPUState *cpu)
 {
 device_cold_reset(DEVICE(cpu));
 
-trace_guest_cpu_reset(cpu);
+trace_cpu_reset(cpu->cpu_index);
 }
 
 static void cpu_common_reset_hold(Object *obj)
diff --git a/trace/control-target.c b/trace/control-target.c
index c0c1e2310a..a10752924b 100644
--- a/trace/control-target.c
+++ b/trace/control-target.c
@@ -144,5 +144,4 @@ void trace_init_vcpu(CPUState *vcpu)
 }
 }
 }
-trace_guest_cpu_enter(vcpu);
 }
diff --git a/trace/control.c b/trace/control.c
index 6c77cc6318..d24af91004 100644
--- a/trace/control.c
+++ b/trace/control.c
@@ -277,8 +277,6 @@ void trace_fini_vcpu(CPUState *vcpu)
 TraceEventIter iter;
 TraceEvent *ev;
 
-trace_guest_cpu_exit(vcpu);
-
 trace_event_iter_init_all(&iter);
 while ((ev = trace_event_iter_next(&iter)) != NULL) {
 if (trace_event_is_vcpu(ev) &&
diff --git a/hw/core/trace-events b/hw/core/trace-events
index 56da55bd71..2cf085ac66 100644
--- a/hw/core/trace-events
+++ b/hw/core/trace-events
@@ -29,3 +29,6 @@ clock_set(const char *clk, uint64_t old, uint64_t new) "'%s', 
%"PRIu64"Hz->%"PRI
 clock_propagate(const char *clk) "'%s'"
 clock_update(const char *clk, const char *src, uint64_t hz, int cb) "'%s', 
src='%s', val=%"PRIu64"Hz cb=%d"
 clock_set_mul_div(const char *clk, uint32_t oldmul, uint32_t mul, uint32_t 
olddiv, uint32_t div) "'%s', mul: %u -> %u, div: %u -> %u"
+
+# cpu-common.c
+cpu_reset(int cpu_index) "%d"
diff --git a/trace-events b/trace-events
index 691c3533e4..dd318ed1af 100644
--- a/trace-events
+++ b/trace-events
@@ -54,34 +54,3 @@ qmp_job_resume(void *job) "job %p"
 qmp_job_complete(void *job) "job %p"
 qmp_job_finalize(void *job) "job %p"
 qmp_job_dismiss(void *job) "job %p"
-
-
-### Guest events, keep at bottom
-
-
-## vCPU
-
-# trace/control-target.c
-
-# Hot-plug a new virtual (guest) CPU
-#
-# Mode: user, softmmu
-# Targets: all
-vcpu guest_cpu_enter(void)
-
-# trace/control.c
-
-# Hot-unplug a virtual (guest) CPU
-#
-# Mode: user, softmmu
-# Targets: all
-vcpu guest_cpu_exit(void)
-
-# hw/core/cpu.c
-
-# Reset the state of a virtual (guest) CPU
-#
-# Mode: user, softmmu
-# Targets: all
-vcpu guest_cpu_reset(void)
-
-- 
2.39.2

[PATCH v5 05/10] qapi: make the vcpu parameters deprecated for 8.1

[Alex Bennée]

I don't think I can remove the parameters directly but certainly mark
them as deprecated.

Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Message-Id: <20230523125000.3674739-6-alex.ben...@linaro.org>

---
v5
  - reword match description
  - fix reference to return for set operation
---
 docs/about/deprecated.rst |  9 +
 qapi/trace.json   | 40 +--
 2 files changed, 26 insertions(+), 23 deletions(-)

diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index e934e0a13a..e44cde057f 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -254,6 +254,15 @@ it. Since all recent x86 hardware from the past >10 years 
is capable of the
 QEMU API (QAPI) events
 --
 
+``vcpu`` trace events (since 8.1)
+'''''''''''''''''''''''''''''''''
+
+The ability to instrument QEMU helper functions with vcpu aware trace
+points was removed in 7.0. However the QAPI still exposed the vcpu
+parameter. This argument has now been deprecated and the remaining
+used trace points converted to plain trace points selected just by
+name.
+
 ``MEM_UNPLUG_ERROR`` (since 6.2)
 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''
 
diff --git a/qapi/trace.json b/qapi/trace.json
index 6bf0af0946..e561f3d3da 100644
--- a/qapi/trace.json
+++ b/qapi/trace.json
@@ -37,13 +37,14 @@
 #
 # @vcpu: Whether this is a per-vCPU event (since 2.7).
 #
-# An event is per-vCPU if it has the "vcpu" property in the
-# "trace-events" files.
+# Features:
+# @deprecated: Member @vcpu is deprecated, and always false.
 #
 # Since: 2.2
 ##
 { 'struct': 'TraceEventInfo',
-  'data': {'name': 'str', 'state': 'TraceEventState', 'vcpu': 'bool'} }
+  'data': {'name': 'str', 'state': 'TraceEventState',
+   'vcpu': { 'type': 'bool', 'features': ['deprecated'] } } }
 
 ##
 # @trace-event-get-state:
@@ -52,19 +53,15 @@
 #
 # @name: Event name pattern (case-sensitive glob).
 #
-# @vcpu: The vCPU to query (any by default; since 2.7).
+# @vcpu: The vCPU to query (since 2.7).
 #
-# Returns: a list of @TraceEventInfo for the matching events
-#
-# An event is returned if:
+# Features:
+# @deprecated: Member @vcpu is deprecated, and always false.
 #
-# - its name matches the @name pattern, and
-# - if @vcpu is given, the event has the "vcpu" property.
+# Returns: a list of @TraceEventInfo for the matching events
 #
-# Therefore, if @vcpu is given, the operation will only match per-vCPU
-# events, returning their state on the specified vCPU. Special case:
-# if @name is an exact match, @vcpu is given and the event does not
-# have the "vcpu" property, an error is returned.
+# An event is returned if its name matches the @name pattern
+# (There are no longer any per-vCPU events).
 #
 # Since: 2.2
 #
@@ -75,7 +72,8 @@
 # <- { "return": [ { "name": "qemu_memalign", "state": "disabled", "vcpu": 
false } ] }
 ##
 { 'command': 'trace-event-get-state',
-  'data': {'name': 'str', '*vcpu': 'int'},
+  'data': {'name': 'str',
+   '*vcpu': {'type': 'int', 'features': ['deprecated'] } },
   'returns': ['TraceEventInfo'] }
 
 ##
@@ -91,15 +89,11 @@
 #
 # @vcpu: The vCPU to act upon (all by default; since 2.7).
 #
-# An event's state is modified if:
-#
-# - its name matches the @name pattern, and
-# - if @vcpu is given, the event has the "vcpu" property.
+# Features:
+# @deprecated: Member @vcpu is deprecated, and always false.
 #
-# Therefore, if @vcpu is given, the operation will only match per-vCPU
-# events, setting their state on the specified vCPU. Special case: if
-# @name is an exact match, @vcpu is given and the event does not have
-# the "vcpu" property, an error is returned.
+# An event is enabled if its name matches the @name pattern
+# (There are no longer any per-vCPU events).
 #
 # Since: 2.2
 #
@@ -111,4 +105,4 @@
 ##
 { 'command': 'trace-event-set-state',
   'data': {'name': 'str', 'enable': 'bool', '*ignore-unavailable': 'bool',
-   '*vcpu': 'int'} }
+   '*vcpu': {'type': 'int', 'features': ['deprecated'] } } }
-- 
2.39.2

[PATCH v5 08/10] tcg: remove the final vestiges of dstate

[Alex Bennée]

Now we no longer have dynamic state affecting things we can remove the
additional fields in cpu.h and simplify the TB hash calculation.

For the benchmark:

hyperfine -w 2 -m 20 \
  "./arm-softmmu/qemu-system-arm -cpu cortex-a15 \
-machine type=virt,highmem=off \
-display none -m 2048 \
-serial mon:stdio \
-netdev user,id=unet,hostfwd=tcp::-:22 \
-device virtio-net-pci,netdev=unet \
-device virtio-scsi-pci \
-blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-armhf
 \
-device scsi-hd,drive=hd -smp 4 \
-kernel /home/alex/lsrc/linux.git/builds/arm/arch/arm/boot/zImage \
-append 'console=ttyAMA0 root=/dev/sda2 systemd.unit=benchmark.service' 
\
-snapshot"

It has a marginal effect on runtime, before:

  Time (mean ± σ): 26.279 s ±  2.438 s[User: 41.113 s, System: 1.843 s]
  Range (min … max):   24.420 s … 32.565 s20 runs

after:

  Time (mean ± σ): 24.440 s ±  2.885 s[User: 34.474 s, System: 2.028 s]
  Range (min … max):   21.663 s … 29.937 s20 runs

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1358
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Message-Id: <20230523125000.3674739-9-alex.ben...@linaro.org>
---
 accel/tcg/tb-hash.h   | 6 +++---
 include/exec/exec-all.h   | 3 ---
 include/hw/core/cpu.h | 5 -
 accel/tcg/cpu-exec.c  | 7 +--
 accel/tcg/tb-maint.c  | 5 ++---
 accel/tcg/translate-all.c | 6 --
 6 files changed, 6 insertions(+), 26 deletions(-)

diff --git a/accel/tcg/tb-hash.h b/accel/tcg/tb-hash.h
index 83dc610e4c..1d19c69caa 100644
--- a/accel/tcg/tb-hash.h
+++ b/accel/tcg/tb-hash.h
@@ -61,10 +61,10 @@ static inline unsigned int 
tb_jmp_cache_hash_func(target_ulong pc)
 #endif /* CONFIG_SOFTMMU */
 
 static inline
-uint32_t tb_hash_func(tb_page_addr_t phys_pc, target_ulong pc, uint32_t flags,
-  uint32_t cf_mask, uint32_t trace_vcpu_dstate)
+uint32_t tb_hash_func(tb_page_addr_t phys_pc, target_ulong pc,
+  uint32_t flags, uint32_t cf_mask)
 {
-return qemu_xxhash7(phys_pc, pc, flags, cf_mask, trace_vcpu_dstate);
+return qemu_xxhash6(phys_pc, pc, flags, cf_mask);
 }
 
 #endif
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 4d2b151986..3b1b57f6ad 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -545,9 +545,6 @@ struct TranslationBlock {
 #define CF_CLUSTER_MASK  0xff00 /* Top 8 bits are cluster ID */
 #define CF_CLUSTER_SHIFT 24
 
-/* Per-vCPU dynamic tracing state used to generate this TB */
-uint32_t trace_vcpu_dstate;
-
 /*
  * Above fields used for comparing
  */
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 39150cf8f8..383456d1b3 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -266,7 +266,6 @@ typedef void (*run_on_cpu_func)(CPUState *cpu, 
run_on_cpu_data data);
 struct qemu_work_item;
 
 #define CPU_UNSET_NUMA_NODE_ID -1
-#define CPU_TRACE_DSTATE_MAX_EVENTS 32
 
 /**
  * CPUState:
@@ -407,10 +406,6 @@ struct CPUState {
 /* Use by accel-block: CPU is executing an ioctl() */
 QemuLockCnt in_ioctl_lock;
 
-/* Used for events with 'vcpu' and *without* the 'disabled' properties */
-DECLARE_BITMAP(trace_dstate_delayed, CPU_TRACE_DSTATE_MAX_EVENTS);
-DECLARE_BITMAP(trace_dstate, CPU_TRACE_DSTATE_MAX_EVENTS);
-
 DECLARE_BITMAP(plugin_mask, QEMU_PLUGIN_EV_MAX);
 
 #ifdef CONFIG_PLUGIN
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 0e741960da..4a1dce98ff 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -175,7 +175,6 @@ struct tb_desc {
 tb_page_addr_t page_addr0;
 uint32_t flags;
 uint32_t cflags;
-uint32_t trace_vcpu_dstate;
 };
 
 static bool tb_lookup_cmp(const void *p, const void *d)
@@ -187,7 +186,6 @@ static bool tb_lookup_cmp(const void *p, const void *d)
 tb_page_addr0(tb) == desc->page_addr0 &&
 tb->cs_base == desc->cs_base &&
 tb->flags == desc->flags &&
-tb->trace_vcpu_dstate == desc->trace_vcpu_dstate &&
 tb_cflags(tb) == desc->cflags) {
 /* check next page if needed */
 tb_page_addr_t tb_phys_page1 = tb_page_addr1(tb);
@@ -228,7 +226,6 @@ static TranslationBlock *tb_htable_lookup(CPUState *cpu, 
target_ulong pc,
 desc.cs_base = cs_base;
 desc.flags = flags;
 desc.cflags = cflags;
-desc.trace_vcpu_dstate = *cpu->trace_dstate;
 desc.pc = pc;
 phys_pc = get_page_addr_code(desc.env, pc);
 if (phys_pc == -1) {
@@ -236,7 +233,7 @@ static TranslationBlock *tb_htable_lookup(CPUState *cpu, 
target_ulong pc,
 }
 desc.page_addr0 = phys_pc;
 h = tb_hash_func(phys_pc, (cflags & CF_P

[PATCH v5 00/10] tracing: remove dynamic vcpu state

[Alex Bennée]

Hi Stefan,

The references dynamic vcpu tracing support was removed when the
original TCG trace points where removed. However there was still a
legacy of dynamic trace state to track this in cpu.h and extra hash
variables to track TBs. While the removed vcpu tracepoints are not in
generated code (or helpers) they still bring in a bunch of machinery
to manage the state so I've pulled them out. We keep and rename one
(cpu_reset) to a static trace points which dump vcpu->index as it is
useful to f4bug.

v5 added f4bug's rb, minor reword of state and rth's suggested tweak for xxhash

Please queue into your tree.

Alex Bennée (10):
  *-user: remove the guest_user_syscall tracepoints
  trace-events: remove the remaining vcpu trace events
  trace: remove vcpu_id from the TraceEvent structure
  scripts/qapi: document the tool that generated the file
  qapi: make the vcpu parameters deprecated for 8.1
  trace: remove code that depends on setting vcpu
  trace: remove control-vcpu.h
  tcg: remove the final vestiges of dstate
  hw/9pfs: use qemu_xxhash4
  accel/tcg: include cs_base in our hash calculations

 docs/about/deprecated.rst |   9 +++
 qapi/trace.json   |  40 ++---
 accel/tcg/tb-hash.h   |   6 +-
 include/exec/exec-all.h   |   3 -
 include/hw/core/cpu.h |   5 --
 include/qemu/xxhash.h |  23 +--
 include/user/syscall-trace.h  |   4 --
 trace/control-internal.h  |  10 
 trace/control-vcpu.h  |  63 
 trace/control.h   |  48 ---
 trace/event-internal.h|   2 -
 accel/tcg/cpu-exec.c  |   7 +--
 accel/tcg/tb-maint.c  |   5 +-
 accel/tcg/translate-all.c |   6 --
 bsd-user/freebsd/os-syscall.c |   2 -
 hw/9pfs/9p.c  |   5 +-
 hw/core/cpu-common.c  |   6 +-
 stubs/trace-control.c |  13 
 trace/control-target.c| 109 +++---
 trace/control.c   |  28 -
 trace/qmp.c   |  76 +++-
 trace/trace-hmp-cmds.c|  18 +-
 util/qsp.c|   2 +-
 hw/core/trace-events  |   3 +
 scripts/qapi/gen.py   |   8 ++-
 scripts/tracetool/format/c.py |   6 --
 scripts/tracetool/format/h.py |  16 +
 trace-events  |  50 
 28 files changed, 86 insertions(+), 487 deletions(-)
 delete mode 100644 trace/control-vcpu.h

-- 
2.39.2

[PATCH v5 01/10] *-user: remove the guest_user_syscall tracepoints

[Alex Bennée]

This is pure duplication now. Both bsd-user and linux-user have
builtin strace support and we can also track syscalls via the plugins
system.

Reviewed-by: Warner Losh 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Message-Id: <20230523125000.3674739-2-alex.ben...@linaro.org>
---
 include/user/syscall-trace.h  |  4 
 bsd-user/freebsd/os-syscall.c |  2 --
 trace-events  | 19 ---
 3 files changed, 25 deletions(-)

diff --git a/include/user/syscall-trace.h b/include/user/syscall-trace.h
index 90bda7631c..557f881a79 100644
--- a/include/user/syscall-trace.h
+++ b/include/user/syscall-trace.h
@@ -26,9 +26,6 @@ static inline void record_syscall_start(void *cpu, int num,
 abi_long arg5, abi_long arg6,
 abi_long arg7, abi_long arg8)
 {
-trace_guest_user_syscall(cpu, num,
- arg1, arg2, arg3, arg4,
- arg5, arg6, arg7, arg8);
 qemu_plugin_vcpu_syscall(cpu, num,
  arg1, arg2, arg3, arg4,
  arg5, arg6, arg7, arg8);
@@ -36,7 +33,6 @@ static inline void record_syscall_start(void *cpu, int num,
 
 static inline void record_syscall_return(void *cpu, int num, abi_long ret)
 {
-trace_guest_user_syscall_ret(cpu, num, ret);
 qemu_plugin_vcpu_syscall_ret(cpu, num, ret);
 }
 
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index c8f998ecec..b0ae43766f 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -531,7 +531,6 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 CPUState *cpu = env_cpu(cpu_env);
 abi_long ret;
 
-trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 
arg7, arg8);
 if (do_strace) {
 print_freebsd_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
 }
@@ -541,7 +540,6 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 if (do_strace) {
 print_freebsd_syscall_ret(num, ret);
 }
-trace_guest_user_syscall_ret(cpu, num, ret);
 
 return ret;
 }
diff --git a/trace-events b/trace-events
index b6b84b175e..691c3533e4 100644
--- a/trace-events
+++ b/trace-events
@@ -85,22 +85,3 @@ vcpu guest_cpu_exit(void)
 # Targets: all
 vcpu guest_cpu_reset(void)
 
-# include/user/syscall-trace.h
-
-# @num: System call number.
-# @arg*: System call argument value.
-#
-# Start executing a guest system call in syscall emulation mode.
-#
-# Mode: user
-# Targets: TCG(all)
-vcpu guest_user_syscall(uint64_t num, uint64_t arg1, uint64_t arg2, uint64_t 
arg3, uint64_t arg4, uint64_t arg5, uint64_t arg6, uint64_t arg7, uint64_t 
arg8) "num=0x%016"PRIx64" arg1=0x%016"PRIx64" arg2=0x%016"PRIx64" 
arg3=0x%016"PRIx64" arg4=0x%016"PRIx64" arg5=0x%016"PRIx64" arg6=0x%016"PRIx64" 
arg7=0x%016"PRIx64" arg8=0x%016"PRIx64
-
-# @num: System call number.
-# @ret: System call result value.
-#
-# Finish executing a guest system call in syscall emulation mode.
-#
-# Mode: user
-# Targets: TCG(all)
-vcpu guest_user_syscall_ret(uint64_t num, uint64_t ret) "num=0x%016"PRIx64" 
ret=0x%016"PRIx64
-- 
2.39.2

[PATCH v5 07/10] trace: remove control-vcpu.h

[Alex Bennée]

Now we no longer have vcpu controlled trace events we can excise the
code that allows us to query its status.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Signed-off-by: Alex Bennée 
Message-Id: <20230523125000.3674739-8-alex.ben...@linaro.org>
---
 trace/control-vcpu.h  | 47 ---
 trace/qmp.c   |  2 +-
 scripts/tracetool/format/h.py |  5 +---
 3 files changed, 2 insertions(+), 52 deletions(-)
 delete mode 100644 trace/control-vcpu.h

diff --git a/trace/control-vcpu.h b/trace/control-vcpu.h
deleted file mode 100644
index 800fc5a219..00
--- a/trace/control-vcpu.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Interface for configuring and controlling the state of tracing events.
- *
- * Copyright (C) 2011-2016 Lluís Vilanova 
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- */
-
-#ifndef TRACE__CONTROL_VCPU_H
-#define TRACE__CONTROL_VCPU_H
-
-#include "control.h"
-#include "event-internal.h"
-#include "hw/core/cpu.h"
-
-/**
- * trace_event_get_vcpu_state:
- * @vcpu: Target vCPU.
- * @id: Event identifier name.
- *
- * Get the tracing state of an event (both static and dynamic) for the given
- * vCPU.
- *
- * If the event has the disabled property, the check will have no performance
- * impact.
- */
-#define trace_event_get_vcpu_state(vcpu, id)\
-((id ##_ENABLED) && \
- trace_event_get_vcpu_state_dynamic_by_vcpu_id( \
- vcpu, _ ## id ## _EVENT.vcpu_id))
-
-#include "control-internal.h"
-
-static inline bool
-trace_event_get_vcpu_state_dynamic_by_vcpu_id(CPUState *vcpu,
-  uint32_t vcpu_id)
-{
-/* it's on fast path, avoid consistency checks (asserts) */
-if (unlikely(trace_events_enabled_count)) {
-return test_bit(vcpu_id, vcpu->trace_dstate);
-} else {
-return false;
-}
-}
-
-#endif
diff --git a/trace/qmp.c b/trace/qmp.c
index aa760f1fc4..3e3971c6a8 100644
--- a/trace/qmp.c
+++ b/trace/qmp.c
@@ -10,7 +10,7 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qapi/qapi-commands-trace.h"
-#include "control-vcpu.h"
+#include "control.h"
 
 
 static bool check_events(bool ignore_unavailable, bool is_pattern,
diff --git a/scripts/tracetool/format/h.py b/scripts/tracetool/format/h.py
index 285d7b03a9..ea126b07ea 100644
--- a/scripts/tracetool/format/h.py
+++ b/scripts/tracetool/format/h.py
@@ -16,10 +16,7 @@
 
 
 def generate(events, backend, group):
-if group == "root":
-header = "trace/control-vcpu.h"
-else:
-header = "trace/control.h"
+header = "trace/control.h"
 
 out('/* This file is autogenerated by tracetool, do not edit. */',
 '',
-- 
2.39.2

[PATCH v5 03/10] trace: remove vcpu_id from the TraceEvent structure

[Alex Bennée]

This does involve temporarily stubbing out some helper functions
before we excise the rest of the code.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Signed-off-by: Alex Bennée 
Message-Id: <20230523125000.3674739-4-alex.ben...@linaro.org>
---
 trace/control-internal.h  |  4 ++--
 trace/event-internal.h|  2 --
 trace/control.c   | 10 --
 scripts/tracetool/format/c.py |  6 --
 scripts/tracetool/format/h.py | 11 +--
 5 files changed, 3 insertions(+), 30 deletions(-)

diff --git a/trace/control-internal.h b/trace/control-internal.h
index 8b2b50a7cf..0178121720 100644
--- a/trace/control-internal.h
+++ b/trace/control-internal.h
@@ -27,12 +27,12 @@ static inline uint32_t trace_event_get_id(TraceEvent *ev)
 
 static inline uint32_t trace_event_get_vcpu_id(TraceEvent *ev)
 {
-return ev->vcpu_id;
+return 0;
 }
 
 static inline bool trace_event_is_vcpu(TraceEvent *ev)
 {
-return ev->vcpu_id != TRACE_VCPU_EVENT_NONE;
+return false;
 }
 
 static inline const char * trace_event_get_name(TraceEvent *ev)
diff --git a/trace/event-internal.h b/trace/event-internal.h
index f63500b37e..0c24e01b52 100644
--- a/trace/event-internal.h
+++ b/trace/event-internal.h
@@ -19,7 +19,6 @@
 /**
  * TraceEvent:
  * @id: Unique event identifier.
- * @vcpu_id: Unique per-vCPU event identifier.
  * @name: Event name.
  * @sstate: Static tracing state.
  * @dstate: Dynamic tracing state
@@ -33,7 +32,6 @@
  */
 typedef struct TraceEvent {
 uint32_t id;
-uint32_t vcpu_id;
 const char * name;
 const bool sstate;
 uint16_t *dstate;
diff --git a/trace/control.c b/trace/control.c
index d24af91004..5dfb609954 100644
--- a/trace/control.c
+++ b/trace/control.c
@@ -68,16 +68,6 @@ void trace_event_register_group(TraceEvent **events)
 size_t i;
 for (i = 0; events[i] != NULL; i++) {
 events[i]->id = next_id++;
-if (events[i]->vcpu_id == TRACE_VCPU_EVENT_NONE) {
-continue;
-}
-
-if (likely(next_vcpu_id < CPU_TRACE_DSTATE_MAX_EVENTS)) {
-events[i]->vcpu_id = next_vcpu_id++;
-} else {
-warn_report("too many vcpu trace events; dropping '%s'",
-events[i]->name);
-}
 }
 event_groups = g_renew(TraceEventGroup, event_groups, nevent_groups + 1);
 event_groups[nevent_groups].events = events;
diff --git a/scripts/tracetool/format/c.py b/scripts/tracetool/format/c.py
index c390c1844a..69edf0d588 100644
--- a/scripts/tracetool/format/c.py
+++ b/scripts/tracetool/format/c.py
@@ -32,19 +32,13 @@ def generate(events, backend, group):
 out('uint16_t %s;' % e.api(e.QEMU_DSTATE))
 
 for e in events:
-if "vcpu" in e.properties:
-vcpu_id = 0
-else:
-vcpu_id = "TRACE_VCPU_EVENT_NONE"
 out('TraceEvent %(event)s = {',
 '.id = 0,',
-'.vcpu_id = %(vcpu_id)s,',
 '.name = \"%(name)s\",',
 '.sstate = %(sstate)s,',
 '.dstate = &%(dstate)s ',
 '};',
 event = e.api(e.QEMU_EVENT),
-vcpu_id = vcpu_id,
 name = e.name,
 sstate = "TRACE_%s_ENABLED" % e.name.upper(),
 dstate = e.api(e.QEMU_DSTATE))
diff --git a/scripts/tracetool/format/h.py b/scripts/tracetool/format/h.py
index e94f0be7da..285d7b03a9 100644
--- a/scripts/tracetool/format/h.py
+++ b/scripts/tracetool/format/h.py
@@ -74,16 +74,7 @@ def generate(events, backend, group):
 
 out('}')
 
-# tracer wrapper with checks (per-vCPU tracing)
-if "vcpu" in e.properties:
-trace_cpu = next(iter(e.args))[1]
-cond = "trace_event_get_vcpu_state(%(cpu)s,"\
-   " TRACE_%(id)s)"\
-   % dict(
-   cpu=trace_cpu,
-   id=e.name.upper())
-else:
-cond = "true"
+cond = "true"
 
 out('',
 'static inline void %(api)s(%(args)s)',
-- 
2.39.2

[PATCH v5 09/10] hw/9pfs: use qemu_xxhash4

[Alex Bennée]

No need to pass zeros as we have helpers that do that for us.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Christian Schoenebeck 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Signed-off-by: Alex Bennée 
Message-Id: <20230523125000.3674739-10-alex.ben...@linaro.org>
---
 hw/9pfs/9p.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 9621ec1341..991645adca 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -738,15 +738,14 @@ static VariLenAffix affixForIndex(uint64_t index)
 return invertAffix(&prefix); /* convert prefix to suffix */
 }
 
-/* creative abuse of tb_hash_func7, which is based on xxhash */
 static uint32_t qpp_hash(QppEntry e)
 {
-return qemu_xxhash7(e.ino_prefix, e.dev, 0, 0, 0);
+return qemu_xxhash4(e.ino_prefix, e.dev);
 }
 
 static uint32_t qpf_hash(QpfEntry e)
 {
-return qemu_xxhash7(e.ino, e.dev, 0, 0, 0);
+return qemu_xxhash4(e.ino, e.dev);
 }
 
 static bool qpd_cmp_func(const void *obj, const void *userp)
-- 
2.39.2

[PATCH v5 10/10] accel/tcg: include cs_base in our hash calculations

[Alex Bennée]

We weren't using cs_base in the hash calculations before. Since the
arm front end moved a chunk of flags in a378206a20 (target/arm: Move
mode specific TB flags to tb->cs_base) they comprise of an important
part of the execution state.

Widen the tb_hash_func to include cs_base and expand to qemu_xxhash8()
to accommodate it.

My initial benchmark shows very little difference in the
runtime.

Before:

armhf

➜  hyperfine -w 2 -m 20 "./arm-softmmu/qemu-system-arm -cpu cortex-a15 -machine 
type=virt,highmem=off -display none -m 2048 -serial mon:stdio -netdev 
user,id=unet,hostfwd=tcp::-:22 -device virtio-net-pci,netdev=unet -device 
virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-armhf
 -device scsi-hd,drive=hd -smp 4 -kernel 
/home/alex/lsrc/linux.git/builds/arm/arch/arm/boot/zImage -append 
'console=ttyAMA0 root=/dev/sda2 systemd.unit=benchmark.service' -snapshot"
Benchmark 1: ./arm-softmmu/qemu-system-arm -cpu cortex-a15 -machine 
type=virt,highmem=off -display none -m 2048 -serial mon:stdio -netdev 
user,id=unet,hostfwd=tcp::-:22 -device virtio-net-pci,netdev=unet -device 
virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-armhf
 -device scsi-hd,drive=hd -smp 4 -kernel 
/home/alex/lsrc/linux.git/builds/arm/arch/arm/boot/zImage -append 
'console=ttyAMA0 root=/dev/sda2 systemd.unit=benchmark.service' -snapshot
  Time (mean ± σ): 24.627 s ±  2.708 s[User: 34.309 s, System: 1.797 s]
  Range (min … max):   22.345 s … 29.864 s20 runs

arm64

➜  hyperfine -w 2 -n 20 "./qemu-system-aarch64 -cpu max,pauth-impdef=on 
-machine type=virt,virtualization=on,gic-version=3 -display none -serial 
mon:stdio -netdev user,id=unet,hostfwd=tcp::-:22,hostfwd=tcp::1234-:1234 
-device virtio-net-pci,netdev=unet -device virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-arm64
 -device scsi-hd,drive=hd -smp 4 -kernel 
~/lsrc/linux.git/builds/arm64/arch/arm64/boot/Image.gz -append 'console=ttyAMA0 
root=/dev/sda2 systemd.unit=benchmark-pigz.service' -snapshot"
Benchmark 1: 20
  Time (mean ± σ): 62.559 s ±  2.917 s[User: 189.115 s, System: 4.089 s]
  Range (min … max):   59.997 s … 70.153 s10 runs

After:

armhf

Benchmark 1: ./arm-softmmu/qemu-system-arm -cpu cortex-a15 -machine 
type=virt,highmem=off -display none -m 2048 -serial mon:stdio -netdev 
user,id=unet,hostfwd=tcp::-:22 -device virtio-net-pci,netdev=unet -device 
virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-armhf
 -device scsi-hd,drive=hd -smp 4 -kernel 
/home/alex/lsrc/linux.git/builds/arm/arch/arm/boot/zImage -append 
'console=ttyAMA0 root=/dev/sda2 systemd.unit=benchmark.service' -snapshot
  Time (mean ± σ): 24.223 s ±  2.151 s[User: 34.284 s, System: 1.906 s]
  Range (min … max):   22.000 s … 28.476 s20 runs

arm64

hyperfine -w 2 -n 20 "./qemu-system-aarch64 -cpu max,pauth-impdef=on -machine 
type=virt,virtualization=on,gic-version=3 -display none -serial mon:stdio 
-netdev user,id=unet,hostfwd=tcp::-:22,hostfwd=tcp::1234-:1234 -device 
virtio-net-pci,netdev=unet -device virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-arm64
 -device scsi-hd,drive=hd -smp 4 -kernel 
~/lsrc/linux.git/builds/arm64/arch/arm64/boot/Image.gz -append 'console=ttyAMA0 
root=/dev/sda2 systemd.unit=benchmark-pigz.service' -snapshot"
Benchmark 1: 20
  Time (mean ± σ): 62.769 s ±  1.978 s[User: 188.431 s, System: 5.269 s]
  Range (min … max):   60.285 s … 66.868 s10 runs

Signed-off-by: Alex Bennée 
Message-Id: <20230523125000.3674739-11-alex.ben...@linaro.org>

---
v5
  - push 32 bit args in xxhash5/6 to last two xxhash8 args
---
 accel/tcg/tb-hash.h   |  4 ++--
 include/qemu/xxhash.h | 23 +--
 accel/tcg/cpu-exec.c  |  2 +-
 accel/tcg/tb-maint.c  |  4 ++--
 util/qsp.c|  2 +-
 5 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/accel/tcg/tb-hash.h b/accel/tcg/tb-hash.h
index 1d19c69caa..2ba2193731 100644
--- a/accel/tcg/tb-hash.h
+++ b/accel/tcg/tb-hash.h
@@ -62,9 +62,9 @@ static inline unsigned int 
tb_jmp_cache_hash_func(target_ulong pc)
 
 static inline
 uint32_t tb_hash_func(tb_page_addr_t phys_pc, target_ulong pc,
-  uint32_t flags, uint32_t cf_mask)
+  uint32_t flags, uint64_t flags2, uint32_t cf_mask)
 {
-return qemu_xxhash6(phys_pc, pc, flags, cf_mask);
+return qemu_xxhash8(phys_pc, pc, flags2, flags, cf_mask);
 }
 
 #endif
diff --git a/include/qemu/xxhash.h b/include/qemu/xxhash.h
index c2dcccadbf..0259bbef18 100644
--- 

[PATCH v5 06/10] trace: remove code that depends on setting vcpu

[Alex Bennée]

Now we no longer have any events that are for vcpus we can start
excising the code from the trace control. As the vcpu parameter is
encoded as part of QMP we just stub out the has_vcpu/vcpu parameters
rather than alter the API.

Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Signed-off-by: Alex Bennée 
Message-Id: <20230523125000.3674739-7-alex.ben...@linaro.org>

---
v5
  - minor checkpath long line fix
---
 trace/control-internal.h |  10 
 trace/control-vcpu.h |  16 --
 trace/control.h  |  48 -
 hw/core/cpu-common.c |   2 -
 stubs/trace-control.c|  13 -
 trace/control-target.c   | 108 ---
 trace/control.c  |  16 --
 trace/qmp.c  |  74 +++
 trace/trace-hmp-cmds.c   |  18 ++-
 9 files changed, 20 insertions(+), 285 deletions(-)

diff --git a/trace/control-internal.h b/trace/control-internal.h
index 0178121720..8d818d359b 100644
--- a/trace/control-internal.h
+++ b/trace/control-internal.h
@@ -25,16 +25,6 @@ static inline uint32_t trace_event_get_id(TraceEvent *ev)
 return ev->id;
 }
 
-static inline uint32_t trace_event_get_vcpu_id(TraceEvent *ev)
-{
-return 0;
-}
-
-static inline bool trace_event_is_vcpu(TraceEvent *ev)
-{
-return false;
-}
-
 static inline const char * trace_event_get_name(TraceEvent *ev)
 {
 assert(ev != NULL);
diff --git a/trace/control-vcpu.h b/trace/control-vcpu.h
index 0f98ebe7b5..800fc5a219 100644
--- a/trace/control-vcpu.h
+++ b/trace/control-vcpu.h
@@ -30,13 +30,6 @@
  trace_event_get_vcpu_state_dynamic_by_vcpu_id( \
  vcpu, _ ## id ## _EVENT.vcpu_id))
 
-/**
- * trace_event_get_vcpu_state_dynamic:
- *
- * Get the dynamic tracing state of an event for the given vCPU.
- */
-static bool trace_event_get_vcpu_state_dynamic(CPUState *vcpu, TraceEvent *ev);
-
 #include "control-internal.h"
 
 static inline bool
@@ -51,13 +44,4 @@ trace_event_get_vcpu_state_dynamic_by_vcpu_id(CPUState *vcpu,
 }
 }
 
-static inline bool trace_event_get_vcpu_state_dynamic(CPUState *vcpu,
-  TraceEvent *ev)
-{
-uint32_t vcpu_id;
-assert(trace_event_is_vcpu(ev));
-vcpu_id = trace_event_get_vcpu_id(ev);
-return trace_event_get_vcpu_state_dynamic_by_vcpu_id(vcpu, vcpu_id);
-}
-
 #endif
diff --git a/trace/control.h b/trace/control.h
index 23b8393b29..dfd209edd8 100644
--- a/trace/control.h
+++ b/trace/control.h
@@ -89,23 +89,6 @@ static bool trace_event_is_pattern(const char *str);
  */
 static uint32_t trace_event_get_id(TraceEvent *ev);
 
-/**
- * trace_event_get_vcpu_id:
- *
- * Get the per-vCPU identifier of an event.
- *
- * Special value #TRACE_VCPU_EVENT_NONE means the event is not vCPU-specific
- * (does not have the "vcpu" property).
- */
-static uint32_t trace_event_get_vcpu_id(TraceEvent *ev);
-
-/**
- * trace_event_is_vcpu:
- *
- * Whether this is a per-vCPU event.
- */
-static bool trace_event_is_vcpu(TraceEvent *ev);
-
 /**
  * trace_event_get_name:
  *
@@ -172,21 +155,6 @@ static bool trace_event_get_state_dynamic(TraceEvent *ev);
  */
 void trace_event_set_state_dynamic(TraceEvent *ev, bool state);
 
-/**
- * trace_event_set_vcpu_state_dynamic:
- *
- * Set the dynamic tracing state of an event for the given vCPU.
- *
- * Pre-condition: trace_event_get_vcpu_state_static(ev) == true
- *
- * Note: Changes for execution-time events with the 'tcg' property will not be
- *   propagated until the next TB is executed (iff executing in TCG mode).
- */
-void trace_event_set_vcpu_state_dynamic(CPUState *vcpu,
-TraceEvent *ev, bool state);
-
-
-
 /**
  * trace_init_backends:
  *
@@ -205,22 +173,6 @@ bool trace_init_backends(void);
  */
 void trace_init_file(void);
 
-/**
- * trace_init_vcpu:
- * @vcpu: Added vCPU.
- *
- * Set initial dynamic event state for a hot-plugged vCPU.
- */
-void trace_init_vcpu(CPUState *vcpu);
-
-/**
- * trace_fini_vcpu:
- * @vcpu: Removed vCPU.
- *
- * Disable dynamic event state for a hot-unplugged vCPU.
- */
-void trace_fini_vcpu(CPUState *vcpu);
-
 /**
  * trace_list_events:
  * @f: Where to send output.
diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index 951477a7fd..f4e51c8a1b 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -211,7 +211,6 @@ static void cpu_common_realizefn(DeviceState *dev, Error 
**errp)
 }
 
 /* NOTE: latest generic point where the cpu is fully realized */
-trace_init_vcpu(cpu);
 }
 
 static void cpu_common_unrealizefn(DeviceState *dev)
@@ -219,7 +218,6 @@ static void cpu_common_unrealizefn(DeviceState *dev)
 CPUState *cpu = CPU(dev);
 
 /* NOTE: latest generic point before the cpu is fully unrealized */
-trace_fini_vcpu(cpu);
 cpu_exec_unrealizefn(cpu);
 }
 
diff --git a/stubs/trace-control.c b/stubs/trace-control.c
index 7f856e5c24..b428f34c87 100644

[PATCH v4 08/10] tcg: remove the final vestiges of dstate

[Alex Bennée]

Now we no longer have dynamic state affecting things we can remove the
additional fields in cpu.h and simplify the TB hash calculation.

For the benchmark:

hyperfine -w 2 -m 20 \
  "./arm-softmmu/qemu-system-arm -cpu cortex-a15 \
-machine type=virt,highmem=off \
-display none -m 2048 \
-serial mon:stdio \
-netdev user,id=unet,hostfwd=tcp::-:22 \
-device virtio-net-pci,netdev=unet \
-device virtio-scsi-pci \
-blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-armhf
 \
-device scsi-hd,drive=hd -smp 4 \
-kernel /home/alex/lsrc/linux.git/builds/arm/arch/arm/boot/zImage \
-append 'console=ttyAMA0 root=/dev/sda2 systemd.unit=benchmark.service' 
\
-snapshot"

It has a marginal effect on runtime, before:

  Time (mean ± σ): 26.279 s ±  2.438 s[User: 41.113 s, System: 1.843 s]
  Range (min … max):   24.420 s … 32.565 s20 runs

after:

  Time (mean ± σ): 24.440 s ±  2.885 s[User: 34.474 s, System: 2.028 s]
  Range (min … max):   21.663 s … 29.937 s20 runs

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1358
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Message-Id: <20230505155336.137393-9-alex.ben...@linaro.org>
---
 accel/tcg/tb-hash.h   | 6 +++---
 include/exec/exec-all.h   | 3 ---
 include/hw/core/cpu.h | 5 -
 accel/tcg/cpu-exec.c  | 7 +--
 accel/tcg/tb-maint.c  | 5 ++---
 accel/tcg/translate-all.c | 6 --
 6 files changed, 6 insertions(+), 26 deletions(-)

diff --git a/accel/tcg/tb-hash.h b/accel/tcg/tb-hash.h
index 83dc610e4c..1d19c69caa 100644
--- a/accel/tcg/tb-hash.h
+++ b/accel/tcg/tb-hash.h
@@ -61,10 +61,10 @@ static inline unsigned int 
tb_jmp_cache_hash_func(target_ulong pc)
 #endif /* CONFIG_SOFTMMU */
 
 static inline
-uint32_t tb_hash_func(tb_page_addr_t phys_pc, target_ulong pc, uint32_t flags,
-  uint32_t cf_mask, uint32_t trace_vcpu_dstate)
+uint32_t tb_hash_func(tb_page_addr_t phys_pc, target_ulong pc,
+  uint32_t flags, uint32_t cf_mask)
 {
-return qemu_xxhash7(phys_pc, pc, flags, cf_mask, trace_vcpu_dstate);
+return qemu_xxhash6(phys_pc, pc, flags, cf_mask);
 }
 
 #endif
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index ecded1f112..3ee76af28b 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -548,9 +548,6 @@ struct TranslationBlock {
 #define CF_CLUSTER_MASK  0xff00 /* Top 8 bits are cluster ID */
 #define CF_CLUSTER_SHIFT 24
 
-/* Per-vCPU dynamic tracing state used to generate this TB */
-uint32_t trace_vcpu_dstate;
-
 /*
  * Above fields used for comparing
  */
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 39150cf8f8..383456d1b3 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -266,7 +266,6 @@ typedef void (*run_on_cpu_func)(CPUState *cpu, 
run_on_cpu_data data);
 struct qemu_work_item;
 
 #define CPU_UNSET_NUMA_NODE_ID -1
-#define CPU_TRACE_DSTATE_MAX_EVENTS 32
 
 /**
  * CPUState:
@@ -407,10 +406,6 @@ struct CPUState {
 /* Use by accel-block: CPU is executing an ioctl() */
 QemuLockCnt in_ioctl_lock;
 
-/* Used for events with 'vcpu' and *without* the 'disabled' properties */
-DECLARE_BITMAP(trace_dstate_delayed, CPU_TRACE_DSTATE_MAX_EVENTS);
-DECLARE_BITMAP(trace_dstate, CPU_TRACE_DSTATE_MAX_EVENTS);
-
 DECLARE_BITMAP(plugin_mask, QEMU_PLUGIN_EV_MAX);
 
 #ifdef CONFIG_PLUGIN
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index bc0e1c3299..973da2a434 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -175,7 +175,6 @@ struct tb_desc {
 tb_page_addr_t page_addr0;
 uint32_t flags;
 uint32_t cflags;
-uint32_t trace_vcpu_dstate;
 };
 
 static bool tb_lookup_cmp(const void *p, const void *d)
@@ -187,7 +186,6 @@ static bool tb_lookup_cmp(const void *p, const void *d)
 tb_page_addr0(tb) == desc->page_addr0 &&
 tb->cs_base == desc->cs_base &&
 tb->flags == desc->flags &&
-tb->trace_vcpu_dstate == desc->trace_vcpu_dstate &&
 tb_cflags(tb) == desc->cflags) {
 /* check next page if needed */
 tb_page_addr_t tb_phys_page1 = tb_page_addr1(tb);
@@ -228,7 +226,6 @@ static TranslationBlock *tb_htable_lookup(CPUState *cpu, 
target_ulong pc,
 desc.cs_base = cs_base;
 desc.flags = flags;
 desc.cflags = cflags;
-desc.trace_vcpu_dstate = *cpu->trace_dstate;
 desc.pc = pc;
 phys_pc = get_page_addr_code(desc.env, pc);
 if (phys_pc == -1) {
@@ -236,7 +233,7 @@ static TranslationBlock *tb_htable_lookup(CPUState *cpu, 
target_ulong pc,
 }
 desc.page_addr0 = phys_pc;
 h = tb_hash_func(phys_pc, (cflags & CF_P

[PATCH v4 06/10] trace: remove code that depends on setting vcpu

[Alex Bennée]

Now we no longer have any events that are for vcpus we can start
excising the code from the trace control. As the vcpu parameter is
encoded as part of QMP we just stub out the has_vcpu/vcpu parameters
rather than alter the API.

Message-Id: <20230420150009.1675181-7-alex.ben...@linaro.org>
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Message-Id: <20230503091756.1453057-7-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
Message-Id: <20230505155336.137393-7-alex.ben...@linaro.org>
---
 trace/control-internal.h |  10 
 trace/control-vcpu.h |  16 --
 trace/control.h  |  48 -
 hw/core/cpu-common.c |   2 -
 stubs/trace-control.c|  13 -
 trace/control-target.c   | 108 ---
 trace/control.c  |  16 --
 trace/qmp.c  |  74 +++
 trace/trace-hmp-cmds.c   |  17 +-
 9 files changed, 19 insertions(+), 285 deletions(-)

diff --git a/trace/control-internal.h b/trace/control-internal.h
index 0178121720..8d818d359b 100644
--- a/trace/control-internal.h
+++ b/trace/control-internal.h
@@ -25,16 +25,6 @@ static inline uint32_t trace_event_get_id(TraceEvent *ev)
 return ev->id;
 }
 
-static inline uint32_t trace_event_get_vcpu_id(TraceEvent *ev)
-{
-return 0;
-}
-
-static inline bool trace_event_is_vcpu(TraceEvent *ev)
-{
-return false;
-}
-
 static inline const char * trace_event_get_name(TraceEvent *ev)
 {
 assert(ev != NULL);
diff --git a/trace/control-vcpu.h b/trace/control-vcpu.h
index 0f98ebe7b5..800fc5a219 100644
--- a/trace/control-vcpu.h
+++ b/trace/control-vcpu.h
@@ -30,13 +30,6 @@
  trace_event_get_vcpu_state_dynamic_by_vcpu_id( \
  vcpu, _ ## id ## _EVENT.vcpu_id))
 
-/**
- * trace_event_get_vcpu_state_dynamic:
- *
- * Get the dynamic tracing state of an event for the given vCPU.
- */
-static bool trace_event_get_vcpu_state_dynamic(CPUState *vcpu, TraceEvent *ev);
-
 #include "control-internal.h"
 
 static inline bool
@@ -51,13 +44,4 @@ trace_event_get_vcpu_state_dynamic_by_vcpu_id(CPUState *vcpu,
 }
 }
 
-static inline bool trace_event_get_vcpu_state_dynamic(CPUState *vcpu,
-  TraceEvent *ev)
-{
-uint32_t vcpu_id;
-assert(trace_event_is_vcpu(ev));
-vcpu_id = trace_event_get_vcpu_id(ev);
-return trace_event_get_vcpu_state_dynamic_by_vcpu_id(vcpu, vcpu_id);
-}
-
 #endif
diff --git a/trace/control.h b/trace/control.h
index 23b8393b29..dfd209edd8 100644
--- a/trace/control.h
+++ b/trace/control.h
@@ -89,23 +89,6 @@ static bool trace_event_is_pattern(const char *str);
  */
 static uint32_t trace_event_get_id(TraceEvent *ev);
 
-/**
- * trace_event_get_vcpu_id:
- *
- * Get the per-vCPU identifier of an event.
- *
- * Special value #TRACE_VCPU_EVENT_NONE means the event is not vCPU-specific
- * (does not have the "vcpu" property).
- */
-static uint32_t trace_event_get_vcpu_id(TraceEvent *ev);
-
-/**
- * trace_event_is_vcpu:
- *
- * Whether this is a per-vCPU event.
- */
-static bool trace_event_is_vcpu(TraceEvent *ev);
-
 /**
  * trace_event_get_name:
  *
@@ -172,21 +155,6 @@ static bool trace_event_get_state_dynamic(TraceEvent *ev);
  */
 void trace_event_set_state_dynamic(TraceEvent *ev, bool state);
 
-/**
- * trace_event_set_vcpu_state_dynamic:
- *
- * Set the dynamic tracing state of an event for the given vCPU.
- *
- * Pre-condition: trace_event_get_vcpu_state_static(ev) == true
- *
- * Note: Changes for execution-time events with the 'tcg' property will not be
- *   propagated until the next TB is executed (iff executing in TCG mode).
- */
-void trace_event_set_vcpu_state_dynamic(CPUState *vcpu,
-TraceEvent *ev, bool state);
-
-
-
 /**
  * trace_init_backends:
  *
@@ -205,22 +173,6 @@ bool trace_init_backends(void);
  */
 void trace_init_file(void);
 
-/**
- * trace_init_vcpu:
- * @vcpu: Added vCPU.
- *
- * Set initial dynamic event state for a hot-plugged vCPU.
- */
-void trace_init_vcpu(CPUState *vcpu);
-
-/**
- * trace_fini_vcpu:
- * @vcpu: Removed vCPU.
- *
- * Disable dynamic event state for a hot-unplugged vCPU.
- */
-void trace_fini_vcpu(CPUState *vcpu);
-
 /**
  * trace_list_events:
  * @f: Where to send output.
diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index 951477a7fd..f4e51c8a1b 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -211,7 +211,6 @@ static void cpu_common_realizefn(DeviceState *dev, Error 
**errp)
 }
 
 /* NOTE: latest generic point where the cpu is fully realized */
-trace_init_vcpu(cpu);
 }
 
 static void cpu_common_unrealizefn(DeviceState *dev)
@@ -219,7 +218,6 @@ static void cpu_common_unrealizefn(DeviceState *dev)
 CPUState *cpu = CPU(dev);
 
 /* NOTE: latest generic point before the cpu is fully unrealized */
-trace_fini_vcpu(cpu);
 cpu_exec_unrealizefn(cpu);
 }

[PATCH v4 07/10] trace: remove control-vcpu.h

[Alex Bennée]

Now we no longer have vcpu controlled trace events we can excise the
code that allows us to query its status.

Message-Id: <20230420150009.1675181-8-alex.ben...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Message-Id: <20230503091756.1453057-8-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
Message-Id: <20230505155336.137393-8-alex.ben...@linaro.org>
---
 trace/control-vcpu.h  | 47 ---
 trace/qmp.c   |  2 +-
 scripts/tracetool/format/h.py |  5 +---
 3 files changed, 2 insertions(+), 52 deletions(-)
 delete mode 100644 trace/control-vcpu.h

diff --git a/trace/control-vcpu.h b/trace/control-vcpu.h
deleted file mode 100644
index 800fc5a219..00
--- a/trace/control-vcpu.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Interface for configuring and controlling the state of tracing events.
- *
- * Copyright (C) 2011-2016 Lluís Vilanova 
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- */
-
-#ifndef TRACE__CONTROL_VCPU_H
-#define TRACE__CONTROL_VCPU_H
-
-#include "control.h"
-#include "event-internal.h"
-#include "hw/core/cpu.h"
-
-/**
- * trace_event_get_vcpu_state:
- * @vcpu: Target vCPU.
- * @id: Event identifier name.
- *
- * Get the tracing state of an event (both static and dynamic) for the given
- * vCPU.
- *
- * If the event has the disabled property, the check will have no performance
- * impact.
- */
-#define trace_event_get_vcpu_state(vcpu, id)\
-((id ##_ENABLED) && \
- trace_event_get_vcpu_state_dynamic_by_vcpu_id( \
- vcpu, _ ## id ## _EVENT.vcpu_id))
-
-#include "control-internal.h"
-
-static inline bool
-trace_event_get_vcpu_state_dynamic_by_vcpu_id(CPUState *vcpu,
-  uint32_t vcpu_id)
-{
-/* it's on fast path, avoid consistency checks (asserts) */
-if (unlikely(trace_events_enabled_count)) {
-return test_bit(vcpu_id, vcpu->trace_dstate);
-} else {
-return false;
-}
-}
-
-#endif
diff --git a/trace/qmp.c b/trace/qmp.c
index aa760f1fc4..3e3971c6a8 100644
--- a/trace/qmp.c
+++ b/trace/qmp.c
@@ -10,7 +10,7 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qapi/qapi-commands-trace.h"
-#include "control-vcpu.h"
+#include "control.h"
 
 
 static bool check_events(bool ignore_unavailable, bool is_pattern,
diff --git a/scripts/tracetool/format/h.py b/scripts/tracetool/format/h.py
index 285d7b03a9..ea126b07ea 100644
--- a/scripts/tracetool/format/h.py
+++ b/scripts/tracetool/format/h.py
@@ -16,10 +16,7 @@
 
 
 def generate(events, backend, group):
-if group == "root":
-header = "trace/control-vcpu.h"
-else:
-header = "trace/control.h"
+header = "trace/control.h"
 
 out('/* This file is autogenerated by tracetool, do not edit. */',
 '',
-- 
2.39.2

[PATCH v4 10/10] accel/tcg: include cs_base in our hash calculations

[Alex Bennée]

We weren't using cs_base in the hash calculations before. Since the
arm front end moved a chunk of flags in a378206a20 (target/arm: Move
mode specific TB flags to tb->cs_base) they comprise of an important
part of the execution state.

Widen the tb_hash_func to include cs_base and expand to qemu_xxhash8()
to accommodate it.

My initial benchmark shows very little difference in the
runtime.

Before:

armhf

➜  hyperfine -w 2 -m 20 "./arm-softmmu/qemu-system-arm -cpu cortex-a15 -machine 
type=virt,highmem=off -display none -m 2048 -serial mon:stdio -netdev 
user,id=unet,hostfwd=tcp::-:22 -device virtio-net-pci,netdev=unet -device 
virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-armhf
 -device scsi-hd,drive=hd -smp 4 -kernel 
/home/alex/lsrc/linux.git/builds/arm/arch/arm/boot/zImage -append 
'console=ttyAMA0 root=/dev/sda2 systemd.unit=benchmark.service' -snapshot"
Benchmark 1: ./arm-softmmu/qemu-system-arm -cpu cortex-a15 -machine 
type=virt,highmem=off -display none -m 2048 -serial mon:stdio -netdev 
user,id=unet,hostfwd=tcp::-:22 -device virtio-net-pci,netdev=unet -device 
virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-armhf
 -device scsi-hd,drive=hd -smp 4 -kernel 
/home/alex/lsrc/linux.git/builds/arm/arch/arm/boot/zImage -append 
'console=ttyAMA0 root=/dev/sda2 systemd.unit=benchmark.service' -snapshot
  Time (mean ± σ): 24.627 s ±  2.708 s[User: 34.309 s, System: 1.797 s]
  Range (min … max):   22.345 s … 29.864 s20 runs

arm64

➜  hyperfine -w 2 -n 20 "./qemu-system-aarch64 -cpu max,pauth-impdef=on 
-machine type=virt,virtualization=on,gic-version=3 -display none -serial 
mon:stdio -netdev user,id=unet,hostfwd=tcp::-:22,hostfwd=tcp::1234-:1234 
-device virtio-net-pci,netdev=unet -device virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-arm64
 -device scsi-hd,drive=hd -smp 4 -kernel 
~/lsrc/linux.git/builds/arm64/arch/arm64/boot/Image.gz -append 'console=ttyAMA0 
root=/dev/sda2 systemd.unit=benchmark-pigz.service' -snapshot"
Benchmark 1: 20
  Time (mean ± σ): 62.559 s ±  2.917 s[User: 189.115 s, System: 4.089 s]
  Range (min … max):   59.997 s … 70.153 s10 runs

After:

armhf

Benchmark 1: ./arm-softmmu/qemu-system-arm -cpu cortex-a15 -machine 
type=virt,highmem=off -display none -m 2048 -serial mon:stdio -netdev 
user,id=unet,hostfwd=tcp::-:22 -device virtio-net-pci,netdev=unet -device 
virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-armhf
 -device scsi-hd,drive=hd -smp 4 -kernel 
/home/alex/lsrc/linux.git/builds/arm/arch/arm/boot/zImage -append 
'console=ttyAMA0 root=/dev/sda2 systemd.unit=benchmark.service' -snapshot
  Time (mean ± σ): 24.223 s ±  2.151 s[User: 34.284 s, System: 1.906 s]
  Range (min … max):   22.000 s … 28.476 s20 runs

arm64

hyperfine -w 2 -n 20 "./qemu-system-aarch64 -cpu max,pauth-impdef=on -machine 
type=virt,virtualization=on,gic-version=3 -display none -serial mon:stdio 
-netdev user,id=unet,hostfwd=tcp::-:22,hostfwd=tcp::1234-:1234 -device 
virtio-net-pci,netdev=unet -device virtio-scsi-pci -blockdev 
driver=raw,node-name=hd,discard=unmap,file.driver=host_device,file.filename=/dev/zen-disk/debian-bullseye-arm64
 -device scsi-hd,drive=hd -smp 4 -kernel 
~/lsrc/linux.git/builds/arm64/arch/arm64/boot/Image.gz -append 'console=ttyAMA0 
root=/dev/sda2 systemd.unit=benchmark-pigz.service' -snapshot"
Benchmark 1: 20
  Time (mean ± σ): 62.769 s ±  1.978 s[User: 188.431 s, System: 5.269 s]
  Range (min … max):   60.285 s … 66.868 s10 runs

Signed-off-by: Alex Bennée 

---
v4
  - use an additional 64 bit argument, shuffle qsp usage
---
 accel/tcg/tb-hash.h   |  4 ++--
 include/qemu/xxhash.h | 23 +--
 accel/tcg/cpu-exec.c  |  2 +-
 accel/tcg/tb-maint.c  |  4 ++--
 util/qsp.c|  2 +-
 5 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/accel/tcg/tb-hash.h b/accel/tcg/tb-hash.h
index 1d19c69caa..2ba2193731 100644
--- a/accel/tcg/tb-hash.h
+++ b/accel/tcg/tb-hash.h
@@ -62,9 +62,9 @@ static inline unsigned int 
tb_jmp_cache_hash_func(target_ulong pc)
 
 static inline
 uint32_t tb_hash_func(tb_page_addr_t phys_pc, target_ulong pc,
-  uint32_t flags, uint32_t cf_mask)
+  uint32_t flags, uint64_t flags2, uint32_t cf_mask)
 {
-return qemu_xxhash6(phys_pc, pc, flags, cf_mask);
+return qemu_xxhash8(phys_pc, pc, flags2, flags, cf_mask);
 }
 
 #endif
diff --git a/include/qemu/xxhash.h b/include/qemu/xxhash.h
index c2dcccadbf..8a5ad1f1f3 100644
--- a/include/qemu/xxhash.h
+++ b/include/qemu/xxhash.h
@@ -48,8 +48,8 @@
  * 

[PATCH v4 04/10] scripts/qapi: document the tool that generated the file

[Alex Bennée]

This makes it a little easier for developers to find where things
where being generated.

Reviewed-by: Richard Henderson 
Signed-off-by: Alex Bennée 
Message-Id: <20230505155336.137393-5-alex.ben...@linaro.org>

---
v4
  - expand out os.path.basename(sys.argv[0])
---
 scripts/qapi/gen.py | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scripts/qapi/gen.py b/scripts/qapi/gen.py
index 8f8f784f4a..2ea27ef31c 100644
--- a/scripts/qapi/gen.py
+++ b/scripts/qapi/gen.py
@@ -13,6 +13,7 @@
 
 from contextlib import contextmanager
 import os
+import sys
 import re
 from typing import (
 Dict,
@@ -162,7 +163,7 @@ def __init__(self, fname: str, blurb: str, pydoc: str):
 
 def _top(self) -> str:
 return mcgen('''
-/* AUTOMATICALLY GENERATED, DO NOT MODIFY */
+/* AUTOMATICALLY GENERATED by %(tool)s DO NOT MODIFY */
 
 /*
 %(blurb)s
@@ -174,6 +175,7 @@ def _top(self) -> str:
  */
 
 ''',
+ tool=str(os.path.basename(sys.argv[0])),
  blurb=self._blurb, copyright=self._copyright)
 
 def _bottom(self) -> str:
@@ -195,7 +197,9 @@ def _bottom(self) -> str:
 
 class QAPIGenTrace(QAPIGen):
 def _top(self) -> str:
-return super()._top() + '# AUTOMATICALLY GENERATED, DO NOT MODIFY\n\n'
+return super()._top() + (
+'# AUTOMATICALLY GENERATED by '
+f"{os.path.basename(sys.argv[0])}, DO NOT MODIFY\n\n" )
 
 
 @contextmanager
-- 
2.39.2

[PATCH v4 01/10] *-user: remove the guest_user_syscall tracepoints

[Alex Bennée]

This is pure duplication now. Both bsd-user and linux-user have
builtin strace support and we can also track syscalls via the plugins
system.

Message-Id: <20230420150009.1675181-2-alex.ben...@linaro.org>
Reviewed-by: Warner Losh 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Message-Id: <20230503091756.1453057-2-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
Message-Id: <20230505155336.137393-2-alex.ben...@linaro.org>
---
 include/user/syscall-trace.h  |  4 
 bsd-user/freebsd/os-syscall.c |  2 --
 trace-events  | 19 ---
 3 files changed, 25 deletions(-)

diff --git a/include/user/syscall-trace.h b/include/user/syscall-trace.h
index 90bda7631c..557f881a79 100644
--- a/include/user/syscall-trace.h
+++ b/include/user/syscall-trace.h
@@ -26,9 +26,6 @@ static inline void record_syscall_start(void *cpu, int num,
 abi_long arg5, abi_long arg6,
 abi_long arg7, abi_long arg8)
 {
-trace_guest_user_syscall(cpu, num,
- arg1, arg2, arg3, arg4,
- arg5, arg6, arg7, arg8);
 qemu_plugin_vcpu_syscall(cpu, num,
  arg1, arg2, arg3, arg4,
  arg5, arg6, arg7, arg8);
@@ -36,7 +33,6 @@ static inline void record_syscall_start(void *cpu, int num,
 
 static inline void record_syscall_return(void *cpu, int num, abi_long ret)
 {
-trace_guest_user_syscall_ret(cpu, num, ret);
 qemu_plugin_vcpu_syscall_ret(cpu, num, ret);
 }
 
diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index c8f998ecec..b0ae43766f 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -531,7 +531,6 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 CPUState *cpu = env_cpu(cpu_env);
 abi_long ret;
 
-trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 
arg7, arg8);
 if (do_strace) {
 print_freebsd_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
 }
@@ -541,7 +540,6 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 if (do_strace) {
 print_freebsd_syscall_ret(num, ret);
 }
-trace_guest_user_syscall_ret(cpu, num, ret);
 
 return ret;
 }
diff --git a/trace-events b/trace-events
index b6b84b175e..691c3533e4 100644
--- a/trace-events
+++ b/trace-events
@@ -85,22 +85,3 @@ vcpu guest_cpu_exit(void)
 # Targets: all
 vcpu guest_cpu_reset(void)
 
-# include/user/syscall-trace.h
-
-# @num: System call number.
-# @arg*: System call argument value.
-#
-# Start executing a guest system call in syscall emulation mode.
-#
-# Mode: user
-# Targets: TCG(all)
-vcpu guest_user_syscall(uint64_t num, uint64_t arg1, uint64_t arg2, uint64_t 
arg3, uint64_t arg4, uint64_t arg5, uint64_t arg6, uint64_t arg7, uint64_t 
arg8) "num=0x%016"PRIx64" arg1=0x%016"PRIx64" arg2=0x%016"PRIx64" 
arg3=0x%016"PRIx64" arg4=0x%016"PRIx64" arg5=0x%016"PRIx64" arg6=0x%016"PRIx64" 
arg7=0x%016"PRIx64" arg8=0x%016"PRIx64
-
-# @num: System call number.
-# @ret: System call result value.
-#
-# Finish executing a guest system call in syscall emulation mode.
-#
-# Mode: user
-# Targets: TCG(all)
-vcpu guest_user_syscall_ret(uint64_t num, uint64_t ret) "num=0x%016"PRIx64" 
ret=0x%016"PRIx64
-- 
2.39.2

[PATCH v4 09/10] hw/9pfs: use qemu_xxhash4

[Alex Bennée]

No need to pass zeros as we have helpers that do that for us.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Christian Schoenebeck 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Message-Id: <20230503091756.1453057-10-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
Message-Id: <20230505155336.137393-10-alex.ben...@linaro.org>
---
 hw/9pfs/9p.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 9621ec1341..991645adca 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -738,15 +738,14 @@ static VariLenAffix affixForIndex(uint64_t index)
 return invertAffix(&prefix); /* convert prefix to suffix */
 }
 
-/* creative abuse of tb_hash_func7, which is based on xxhash */
 static uint32_t qpp_hash(QppEntry e)
 {
-return qemu_xxhash7(e.ino_prefix, e.dev, 0, 0, 0);
+return qemu_xxhash4(e.ino_prefix, e.dev);
 }
 
 static uint32_t qpf_hash(QpfEntry e)
 {
-return qemu_xxhash7(e.ino, e.dev, 0, 0, 0);
+return qemu_xxhash4(e.ino, e.dev);
 }
 
 static bool qpd_cmp_func(const void *obj, const void *userp)
-- 
2.39.2

[PATCH v4 03/10] trace: remove vcpu_id from the TraceEvent structure

[Alex Bennée]

This does involve temporarily stubbing out some helper functions
before we excise the rest of the code.

Message-Id: <20230420150009.1675181-4-alex.ben...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Message-Id: <20230503091756.1453057-4-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
Message-Id: <20230505155336.137393-4-alex.ben...@linaro.org>
---
 trace/control-internal.h  |  4 ++--
 trace/event-internal.h|  2 --
 trace/control.c   | 10 --
 scripts/tracetool/format/c.py |  6 --
 scripts/tracetool/format/h.py | 11 +--
 5 files changed, 3 insertions(+), 30 deletions(-)

diff --git a/trace/control-internal.h b/trace/control-internal.h
index 8b2b50a7cf..0178121720 100644
--- a/trace/control-internal.h
+++ b/trace/control-internal.h
@@ -27,12 +27,12 @@ static inline uint32_t trace_event_get_id(TraceEvent *ev)
 
 static inline uint32_t trace_event_get_vcpu_id(TraceEvent *ev)
 {
-return ev->vcpu_id;
+return 0;
 }
 
 static inline bool trace_event_is_vcpu(TraceEvent *ev)
 {
-return ev->vcpu_id != TRACE_VCPU_EVENT_NONE;
+return false;
 }
 
 static inline const char * trace_event_get_name(TraceEvent *ev)
diff --git a/trace/event-internal.h b/trace/event-internal.h
index f63500b37e..0c24e01b52 100644
--- a/trace/event-internal.h
+++ b/trace/event-internal.h
@@ -19,7 +19,6 @@
 /**
  * TraceEvent:
  * @id: Unique event identifier.
- * @vcpu_id: Unique per-vCPU event identifier.
  * @name: Event name.
  * @sstate: Static tracing state.
  * @dstate: Dynamic tracing state
@@ -33,7 +32,6 @@
  */
 typedef struct TraceEvent {
 uint32_t id;
-uint32_t vcpu_id;
 const char * name;
 const bool sstate;
 uint16_t *dstate;
diff --git a/trace/control.c b/trace/control.c
index d24af91004..5dfb609954 100644
--- a/trace/control.c
+++ b/trace/control.c
@@ -68,16 +68,6 @@ void trace_event_register_group(TraceEvent **events)
 size_t i;
 for (i = 0; events[i] != NULL; i++) {
 events[i]->id = next_id++;
-if (events[i]->vcpu_id == TRACE_VCPU_EVENT_NONE) {
-continue;
-}
-
-if (likely(next_vcpu_id < CPU_TRACE_DSTATE_MAX_EVENTS)) {
-events[i]->vcpu_id = next_vcpu_id++;
-} else {
-warn_report("too many vcpu trace events; dropping '%s'",
-events[i]->name);
-}
 }
 event_groups = g_renew(TraceEventGroup, event_groups, nevent_groups + 1);
 event_groups[nevent_groups].events = events;
diff --git a/scripts/tracetool/format/c.py b/scripts/tracetool/format/c.py
index c390c1844a..69edf0d588 100644
--- a/scripts/tracetool/format/c.py
+++ b/scripts/tracetool/format/c.py
@@ -32,19 +32,13 @@ def generate(events, backend, group):
 out('uint16_t %s;' % e.api(e.QEMU_DSTATE))
 
 for e in events:
-if "vcpu" in e.properties:
-vcpu_id = 0
-else:
-vcpu_id = "TRACE_VCPU_EVENT_NONE"
 out('TraceEvent %(event)s = {',
 '.id = 0,',
-'.vcpu_id = %(vcpu_id)s,',
 '.name = \"%(name)s\",',
 '.sstate = %(sstate)s,',
 '.dstate = &%(dstate)s ',
 '};',
 event = e.api(e.QEMU_EVENT),
-vcpu_id = vcpu_id,
 name = e.name,
 sstate = "TRACE_%s_ENABLED" % e.name.upper(),
 dstate = e.api(e.QEMU_DSTATE))
diff --git a/scripts/tracetool/format/h.py b/scripts/tracetool/format/h.py
index e94f0be7da..285d7b03a9 100644
--- a/scripts/tracetool/format/h.py
+++ b/scripts/tracetool/format/h.py
@@ -74,16 +74,7 @@ def generate(events, backend, group):
 
 out('}')
 
-# tracer wrapper with checks (per-vCPU tracing)
-if "vcpu" in e.properties:
-trace_cpu = next(iter(e.args))[1]
-cond = "trace_event_get_vcpu_state(%(cpu)s,"\
-   " TRACE_%(id)s)"\
-   % dict(
-   cpu=trace_cpu,
-   id=e.name.upper())
-else:
-cond = "true"
+cond = "true"
 
 out('',
 'static inline void %(api)s(%(args)s)',
-- 
2.39.2

[PATCH v4 05/10] qapi: make the vcpu parameters deprecated for 8.1

[Alex Bennée]

I don't think I can remove the parameters directly but certainly mark
them as deprecated.

Message-Id: <20230420150009.1675181-6-alex.ben...@linaro.org>
Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Message-Id: <20230503091756.1453057-6-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
Message-Id: <20230505155336.137393-6-alex.ben...@linaro.org>

---
v4
  - used @deprecated in json
  - added note to deprecated.rst
---
 docs/about/deprecated.rst |  9 +
 qapi/trace.json   | 38 ++
 2 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index e934e0a13a..e44cde057f 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -254,6 +254,15 @@ it. Since all recent x86 hardware from the past >10 years 
is capable of the
 QEMU API (QAPI) events
 --
 
+``vcpu`` trace events (since 8.1)
+'''''''''''''''''''''''''''''''''
+
+The ability to instrument QEMU helper functions with vcpu aware trace
+points was removed in 7.0. However the QAPI still exposed the vcpu
+parameter. This argument has now been deprecated and the remaining
+used trace points converted to plain trace points selected just by
+name.
+
 ``MEM_UNPLUG_ERROR`` (since 6.2)
 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''
 
diff --git a/qapi/trace.json b/qapi/trace.json
index 6bf0af0946..aac58e875b 100644
--- a/qapi/trace.json
+++ b/qapi/trace.json
@@ -37,13 +37,14 @@
 #
 # @vcpu: Whether this is a per-vCPU event (since 2.7).
 #
-# An event is per-vCPU if it has the "vcpu" property in the
-# "trace-events" files.
+# Features:
+# @deprecated: Member @vcpu is deprecated, and always false.
 #
 # Since: 2.2
 ##
 { 'struct': 'TraceEventInfo',
-  'data': {'name': 'str', 'state': 'TraceEventState', 'vcpu': 'bool'} }
+  'data': {'name': 'str', 'state': 'TraceEventState',
+   'vcpu': { 'type': 'bool', 'features': ['deprecated'] } } }
 
 ##
 # @trace-event-get-state:
@@ -52,19 +53,17 @@
 #
 # @name: Event name pattern (case-sensitive glob).
 #
-# @vcpu: The vCPU to query (any by default; since 2.7).
+# @vcpu: The vCPU to query (since 2.7).
+#
+# Features:
+# @deprecated: Member @vcpu is deprecated, and always false.
 #
 # Returns: a list of @TraceEventInfo for the matching events
 #
 # An event is returned if:
 #
-# - its name matches the @name pattern, and
-# - if @vcpu is given, the event has the "vcpu" property.
-#
-# Therefore, if @vcpu is given, the operation will only match per-vCPU
-# events, returning their state on the specified vCPU. Special case:
-# if @name is an exact match, @vcpu is given and the event does not
-# have the "vcpu" property, an error is returned.
+# - its name matches the @name pattern
+#   There are no longer any per-vCPU events
 #
 # Since: 2.2
 #
@@ -75,7 +74,8 @@
 # <- { "return": [ { "name": "qemu_memalign", "state": "disabled", "vcpu": 
false } ] }
 ##
 { 'command': 'trace-event-get-state',
-  'data': {'name': 'str', '*vcpu': 'int'},
+  'data': {'name': 'str',
+   '*vcpu': {'type': 'int', 'features': ['deprecated'] } },
   'returns': ['TraceEventInfo'] }
 
 ##
@@ -91,15 +91,13 @@
 #
 # @vcpu: The vCPU to act upon (all by default; since 2.7).
 #
-# An event's state is modified if:
+# Features:
+# @deprecated: Member @vcpu is deprecated, and always false.
 #
-# - its name matches the @name pattern, and
-# - if @vcpu is given, the event has the "vcpu" property.
+# An event's state is modified if:
 #
-# Therefore, if @vcpu is given, the operation will only match per-vCPU
-# events, setting their state on the specified vCPU. Special case: if
-# @name is an exact match, @vcpu is given and the event does not have
-# the "vcpu" property, an error is returned.
+# - its name matches the @name pattern
+#   There are no longer any per-vCPU events
 #
 # Since: 2.2
 #
@@ -111,4 +109,4 @@
 ##
 { 'command': 'trace-event-set-state',
   'data': {'name': 'str', 'enable': 'bool', '*ignore-unavailable': 'bool',
-   '*vcpu': 'int'} }
+   '*vcpu': {'type': 'int', 'features': ['deprecated'] } } }
-- 
2.39.2

[PATCH v4 02/10] trace-events: remove the remaining vcpu trace events

[Alex Bennée]

While these are all in helper functions being designated vcpu events
complicates the removal of the dynamic vcpu state code. TCG plugins
allow you to instrument vcpu_[init|exit|idle].

We rename cpu_reset and make it a normal trace point.

Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Richard Henderson 
Message-Id: <20230503091756.1453057-3-alex.ben...@linaro.org>
Signed-off-by: Alex Bennée 
Message-Id: <20230505155336.137393-3-alex.ben...@linaro.org>
---
 hw/core/cpu-common.c   |  4 ++--
 trace/control-target.c |  1 -
 trace/control.c|  2 --
 hw/core/trace-events   |  3 +++
 trace-events   | 31 ---
 5 files changed, 5 insertions(+), 36 deletions(-)

diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index 5ccc3837b6..951477a7fd 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -32,7 +32,7 @@
 #include "sysemu/tcg.h"
 #include "hw/boards.h"
 #include "hw/qdev-properties.h"
-#include "trace/trace-root.h"
+#include "trace.h"
 #include "qemu/plugin.h"
 
 CPUState *cpu_by_arch_id(int64_t id)
@@ -113,7 +113,7 @@ void cpu_reset(CPUState *cpu)
 {
 device_cold_reset(DEVICE(cpu));
 
-trace_guest_cpu_reset(cpu);
+trace_cpu_reset(cpu->cpu_index);
 }
 
 static void cpu_common_reset_hold(Object *obj)
diff --git a/trace/control-target.c b/trace/control-target.c
index c0c1e2310a..a10752924b 100644
--- a/trace/control-target.c
+++ b/trace/control-target.c
@@ -144,5 +144,4 @@ void trace_init_vcpu(CPUState *vcpu)
 }
 }
 }
-trace_guest_cpu_enter(vcpu);
 }
diff --git a/trace/control.c b/trace/control.c
index 6c77cc6318..d24af91004 100644
--- a/trace/control.c
+++ b/trace/control.c
@@ -277,8 +277,6 @@ void trace_fini_vcpu(CPUState *vcpu)
 TraceEventIter iter;
 TraceEvent *ev;
 
-trace_guest_cpu_exit(vcpu);
-
 trace_event_iter_init_all(&iter);
 while ((ev = trace_event_iter_next(&iter)) != NULL) {
 if (trace_event_is_vcpu(ev) &&
diff --git a/hw/core/trace-events b/hw/core/trace-events
index 56da55bd71..2cf085ac66 100644
--- a/hw/core/trace-events
+++ b/hw/core/trace-events
@@ -29,3 +29,6 @@ clock_set(const char *clk, uint64_t old, uint64_t new) "'%s', 
%"PRIu64"Hz->%"PRI
 clock_propagate(const char *clk) "'%s'"
 clock_update(const char *clk, const char *src, uint64_t hz, int cb) "'%s', 
src='%s', val=%"PRIu64"Hz cb=%d"
 clock_set_mul_div(const char *clk, uint32_t oldmul, uint32_t mul, uint32_t 
olddiv, uint32_t div) "'%s', mul: %u -> %u, div: %u -> %u"
+
+# cpu-common.c
+cpu_reset(int cpu_index) "%d"
diff --git a/trace-events b/trace-events
index 691c3533e4..dd318ed1af 100644
--- a/trace-events
+++ b/trace-events
@@ -54,34 +54,3 @@ qmp_job_resume(void *job) "job %p"
 qmp_job_complete(void *job) "job %p"
 qmp_job_finalize(void *job) "job %p"
 qmp_job_dismiss(void *job) "job %p"
-
-
-### Guest events, keep at bottom
-
-
-## vCPU
-
-# trace/control-target.c
-
-# Hot-plug a new virtual (guest) CPU
-#
-# Mode: user, softmmu
-# Targets: all
-vcpu guest_cpu_enter(void)
-
-# trace/control.c
-
-# Hot-unplug a virtual (guest) CPU
-#
-# Mode: user, softmmu
-# Targets: all
-vcpu guest_cpu_exit(void)
-
-# hw/core/cpu.c
-
-# Reset the state of a virtual (guest) CPU
-#
-# Mode: user, softmmu
-# Targets: all
-vcpu guest_cpu_reset(void)
-
-- 
2.39.2

[PATCH v4 00/10] tracing: remove dynamic vcpu state

[Alex Bennée]

Hi Stefan,

The references dynamic vcpu tracing support was removed when the
original TCG trace points where removed. However there was still a
legacy of dynamic trace state to track this in cpu.h and extra hash
variables to track TBs. While the removed vcpu tracepoints are not in
generated code (or helpers) they still bring in a bunch of machinery
to manage the state so I've pulled them out. We keep and rename one
(cpu_reset) to a static trace points which dump vcpu->index as it is
useful to f4bug.

v4 addressed Markus's comments on QAPI bits and other fixes during re-base.

Please queue into your tree.

Alex Bennée (10):
  *-user: remove the guest_user_syscall tracepoints
  trace-events: remove the remaining vcpu trace events
  trace: remove vcpu_id from the TraceEvent structure
  scripts/qapi: document the tool that generated the file
  qapi: make the vcpu parameters deprecated for 8.1
  trace: remove code that depends on setting vcpu
  trace: remove control-vcpu.h
  tcg: remove the final vestiges of dstate
  hw/9pfs: use qemu_xxhash4
  accel/tcg: include cs_base in our hash calculations

 docs/about/deprecated.rst |   9 +++
 qapi/trace.json   |  38 ++--
 accel/tcg/tb-hash.h   |   6 +-
 include/exec/exec-all.h   |   3 -
 include/hw/core/cpu.h |   5 --
 include/qemu/xxhash.h |  23 +--
 include/user/syscall-trace.h  |   4 --
 trace/control-internal.h  |  10 
 trace/control-vcpu.h  |  63 
 trace/control.h   |  48 ---
 trace/event-internal.h|   2 -
 accel/tcg/cpu-exec.c  |   7 +--
 accel/tcg/tb-maint.c  |   5 +-
 accel/tcg/translate-all.c |   6 --
 bsd-user/freebsd/os-syscall.c |   2 -
 hw/9pfs/9p.c  |   5 +-
 hw/core/cpu-common.c  |   6 +-
 stubs/trace-control.c |  13 
 trace/control-target.c| 109 +++---
 trace/control.c   |  28 -
 trace/qmp.c   |  76 +++-
 trace/trace-hmp-cmds.c|  17 +-
 util/qsp.c|   2 +-
 hw/core/trace-events  |   3 +
 scripts/qapi/gen.py   |   8 ++-
 scripts/tracetool/format/c.py |   6 --
 scripts/tracetool/format/h.py |  16 +
 trace-events  |  50 
 28 files changed, 86 insertions(+), 484 deletions(-)
 delete mode 100644 trace/control-vcpu.h

-- 
2.39.2

Re: [RFC PATCH] docs/about/deprecated: Deprecate 32-bit host systems

[Alex Bennée]

Reinoud Zandijk  writes:

> On Wed, Feb 22, 2023 at 09:51:57AM +, Daniel P. Berrangé wrote:
>> On Wed, Feb 22, 2023 at 09:11:13AM +, Bernhard Beschow wrote:
>> > Are there any plans or ideas to support 128 bit architectures
>> > such as CHERI in the future? There is already a QEMU fork
>> > implementing CHERI for RISC V [1]. Also ARM has developed an
>> > experimental hardware implementation of CHERI within the Morello
>> > project where Linaro is involved as well, although the QEMU
>> > implementation is performed by the University of Cambridge [2].
>> 
>> If 128 bit hardware exists and has real world non-toy usage,
>> then a request to support it in QEMU is essentially inevitable.
>> 
>> > I'm asking because once we deeply bake in the assumption that
>> > host size >= guest size then adding such architectures will
>> > become much harder.
>> 
>> Yep, that is a risk.
>
> I can second that. Better keep it in the code and deal with it. Maybe those
> specific parts can be implemented in such a way that it can easily become a
> noop on host size >= guest size.

AIUI these don't expose bigger addresses or natural atomic sizes which
is where things get tricky for the TCG. All the extra bits are used for
authentication or permission checks.

-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

[RFC PATCH] build: deprecate --enable-gprof builds and remove from CI

[Alex Bennée]

As gprof relies on instrumentation you rarely get useful data compared
to a real optimised build. Lets deprecate the build option and
simplify the CI configuration as a result.

Signed-off-by: Alex Bennée 
Cc: Thomas Huth 
---
 docs/about/deprecated.rst  | 14 ++
 meson.build|  7 ++-
 .gitlab-ci.d/buildtest.yml | 19 ---
 meson_options.txt  |  3 ++-
 4 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 9f1bbc495d..87b4511535 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -20,6 +20,20 @@ they were first deprecated in the 2.10.0 release.
 What follows is a list of all features currently marked as
 deprecated.
 
+Build options
+-
+
+``gprof`` builds (since 8.0)
+''''''''''''''''''''''''''''
+
+The ``--enable-gprof`` configure setting relies on compiler
+instrumentation to gather its data which can distort the generated
+profile. As other non-instrumenting tools are available that give a
+more holistic view of the system with non-instrumented binaries we are
+deprecating the build option and no longer defend it in CI. The
+``--enable-gcov`` build option remains for analysis test case
+coverage.
+
 System emulator command line arguments
 --
 
diff --git a/meson.build b/meson.build
index 56320ae717..ecf44ea534 100644
--- a/meson.build
+++ b/meson.build
@@ -3791,7 +3791,12 @@ summary_info += {'mutex debugging':   
get_option('debug_mutex')}
 summary_info += {'memory allocator':  get_option('malloc')}
 summary_info += {'avx2 optimization': config_host_data.get('CONFIG_AVX2_OPT')}
 summary_info += {'avx512f optimization': 
config_host_data.get('CONFIG_AVX512F_OPT')}
-summary_info += {'gprof enabled': get_option('gprof')}
+if get_option('gprof')
+  gprof_info = 'YES (deprecated)'
+else
+  gprof_info = get_option('gprof')
+endif
+summary_info += {'gprof': gprof_info}
 summary_info += {'gcov':  get_option('b_coverage')}
 summary_info += {'thread sanitizer':  config_host.has_key('CONFIG_TSAN')}
 summary_info += {'CFI support':   get_option('cfi')}
diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
index 9a6ba1fe3b..dc8fa0a498 100644
--- a/.gitlab-ci.d/buildtest.yml
+++ b/.gitlab-ci.d/buildtest.yml
@@ -468,27 +468,16 @@ tsan-build:
 TARGETS: x86_64-softmmu ppc64-softmmu riscv64-softmmu x86_64-linux-user
 MAKE_CHECK_ARGS: bench V=1
 
-# gprof/gcov are GCC features
-build-gprof-gcov:
+# gcov is a GCC features
+gcov:
   extends: .native_build_job_template
   needs:
 job: amd64-ubuntu2004-container
+  timeout: 80m
   variables:
 IMAGE: ubuntu2004
-CONFIGURE_ARGS: --enable-gprof --enable-gcov
+CONFIGURE_ARGS: --enable-gcov
 TARGETS: aarch64-softmmu ppc64-softmmu s390x-softmmu x86_64-softmmu
-  artifacts:
-expire_in: 1 days
-paths:
-  - build
-
-check-gprof-gcov:
-  extends: .native_test_job_template
-  needs:
-- job: build-gprof-gcov
-  artifacts: true
-  variables:
-IMAGE: ubuntu2004
 MAKE_CHECK_ARGS: check
   after_script:
 - cd build
diff --git a/meson_options.txt b/meson_options.txt
index 559a571b6b..53459c15fc 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -316,7 +316,8 @@ option('debug_stack_usage', type: 'boolean', value: false,
 option('qom_cast_debug', type: 'boolean', value: false,
description: 'cast debugging support')
 option('gprof', type: 'boolean', value: false,
-   description: 'QEMU profiling with gprof')
+   description: 'QEMU profiling with gprof',
+   deprecated: true)
 option('profiler', type: 'boolean', value: false,
description: 'profiler support')
 option('slirp_smbd', type : 'feature', value : 'auto',
-- 
2.34.1

Re: [RFC PATCH] docs/about/deprecated: Deprecate 32-bit host systems

[Alex Bennée]

Daniel P. Berrangé  writes:

> On Mon, Jan 30, 2023 at 11:47:02AM +, Peter Maydell wrote:
>> On Mon, 30 Jan 2023 at 11:44, Thomas Huth  wrote:
>> >
>> > Testing 32-bit host OS support takes a lot of precious time during the QEMU
>> > contiguous integration tests, and considering that many OS vendors stopped
>> > shipping 32-bit variants of their OS distributions and most hardware from
>> > the past >10 years is capable of 64-bit
>> 
>> True for x86, not necessarily true for other architectures.
>> Are you proposing to deprecate x86 32-bit, or all 32-bit?
>> I'm not entirely sure about whether we're yet at a point where
>> I'd want to deprecate-and-drop 32-bit arm host support.
>
> Do we have a feeling on which aspects of 32-bit cause us the support
> burden ? The boring stuff like compiler errors from mismatched integer
> sizes is mostly quick & easy to detect simply through a cross compile.
>
> I vaguely recall someone mentioned problems with atomic ops in the past,
> or was it 128-bit ints, caused implications for the codebase ?

Atomic operations on > TARGET_BIT_SIZE and cputlb when
TCG_OVERSIZED_GUEST is set. Also the core TCG code and a bunch of the
backends have TARGET_LONG_BITS > TCG_TARGET_REG_BITS ifdefs peppered
throughout.

>
> With regards,
> Daniel


-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

Re: [libvirt PATCH v2 0/2] conf: fix handling of missing CPU cache info in sysfs

[Alex Bennée]

Daniel P. Berrangé  writes:

> Changed in v2:
>
>  - Introduce g_autoptr support for virCapsHostCacheBank struct
>
> Daniel P. Berrangé (2):
>   conf: define autoptr func for virCapsHostCacheBankFree
>   conf: skip resource cache init if sysfs files are missing
>
>  src/conf/capabilities.c | 90 +
>  src/conf/capabilities.h |  3 ++
>  2 files changed, 58 insertions(+), 35 deletions(-)

Tested-by: Alex Bennée 

-- 
Alex Bennée

Re: [libvirt PATCH] conf: skip resource cache init if sysfs files are missing

[Alex Bennée]

Daniel P. Berrangé  writes:

> On aarch64 the 'id' file is not present for CPU cache information in
> sysfs. This causes the local stateful hypervisor drivers to fail to
> initialize capabilities:
>
> virStateInitialize:657 : Initialisation of cloud-hypervisor state driver 
> failed: no error
>
> The 'no error' is because the 'virFileReadValueNNN' methods return
> ret==-2, with no error raised, when the requeted file does not exist.
> None of the callers were checking for this scenario when populating
> capabilities. The most graceful way to handle this is to skip the
> cache bank in question.  This fixes failure to launch libvirt drivers
> on certain aarch64 hardware.
>
> Fixes: https://gitlab.com/libvirt/libvirt/-/issues/389
> Signed-off-by: Daniel P. Berrangé 

Tested-by: Alex Bennée 

-- 
Alex Bennée

[PULL 21/30] Deprecate 32 bit big-endian MIPS

[Alex Bennée]

It's becoming harder to maintain a cross-compiler to test this host
architecture as the old stable Debian 10 ("Buster") moved into LTS
which supports fewer architectures. For now:

  - mark it's deprecation in the docs
  - downgrade the containers to build TCG tests only
  - drop the cross builds from our CI

Users with an appropriate toolchain and user-space can still take
their chances building it.

Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Huacai Chen 
Reviewed-by: Richard Henderson 
Message-Id: <20220914155950.804707-22-alex.ben...@linaro.org>

diff --git a/docs/about/build-platforms.rst b/docs/about/build-platforms.rst
index a2fee53248..1c1e7b9e11 100644
--- a/docs/about/build-platforms.rst
+++ b/docs/about/build-platforms.rst
@@ -41,7 +41,7 @@ Those hosts are officially supported, with various 
accelerators:
  - Accelerators
* - Arm
  - kvm (64 bit only), tcg, xen
-   * - MIPS
+   * - MIPS (little endian only)
  - kvm, tcg
* - PPC
  - kvm, tcg
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index c75a25daad..0d1fd4469b 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -213,6 +213,19 @@ MIPS ``Trap-and-Emul`` KVM support (since 6.0)
 The MIPS ``Trap-and-Emul`` KVM host and guest support has been removed
 from Linux upstream kernel, declare it deprecated.
 
+Host Architectures
+--
+
+BE MIPS (since 7.2)
+'''''''''''''''''''
+
+As Debian 10 ("Buster") moved into LTS the big endian 32 bit version of
+MIPS moved out of support making it hard to maintain our
+cross-compilation CI tests of the architecture. As we no longer have
+CI coverage support may bitrot away before the deprecation process
+completes. The little endian variants of MIPS (both 32 and 64 bit) are
+still a supported host architecture.
+
 QEMU API (QAPI) events
 --
 
diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
index 611c6c0b39..95d57e1c5d 100644
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -89,7 +89,6 @@ mips64el-debian-cross-container:
 mips-debian-cross-container:
   extends: .container_job_template
   stage: containers
-  needs: ['amd64-debian10-container']
   variables:
 NAME: debian-mips-cross
 
diff --git a/.gitlab-ci.d/crossbuilds.yml b/.gitlab-ci.d/crossbuilds.yml
index 4a5fb6ea2a..c4cd96433d 100644
--- a/.gitlab-ci.d/crossbuilds.yml
+++ b/.gitlab-ci.d/crossbuilds.yml
@@ -70,20 +70,6 @@ cross-i386-tci:
 EXTRA_CONFIGURE_OPTS: 
--target-list=i386-softmmu,i386-linux-user,aarch64-softmmu,aarch64-linux-user,ppc-softmmu,ppc-linux-user
 MAKE_CHECK_ARGS: check check-tcg
 
-cross-mips-system:
-  extends: .cross_system_build_job
-  needs:
-job: mips-debian-cross-container
-  variables:
-IMAGE: debian-mips-cross
-
-cross-mips-user:
-  extends: .cross_user_build_job
-  needs:
-job: mips-debian-cross-container
-  variables:
-IMAGE: debian-mips-cross
-
 cross-mipsel-system:
   extends: .cross_system_build_job
   needs:
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index c3375f89c5..b1bf56434f 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -81,14 +81,12 @@ endif
 
 # For non-x86 hosts not all cross-compilers have been packaged
 ifneq ($(HOST_ARCH),x86_64)
-DOCKER_PARTIAL_IMAGES += debian-mips-cross debian-mipsel-cross 
debian-mips64el-cross
+DOCKER_PARTIAL_IMAGES += debian-mipsel-cross debian-mips64el-cross
 DOCKER_PARTIAL_IMAGES += debian-ppc64el-cross
 DOCKER_PARTIAL_IMAGES += debian-s390x-cross
 DOCKER_PARTIAL_IMAGES += fedora
 endif
 
-docker-image-debian-mips-cross: docker-image-debian10
-
 # The native build should never use the registry
 docker-image-debian-native: DOCKER_REGISTRY=
 
@@ -144,6 +142,7 @@ DOCKER_PARTIAL_IMAGES += debian-hppa-cross
 DOCKER_PARTIAL_IMAGES += debian-loongarch-cross
 DOCKER_PARTIAL_IMAGES += debian-m68k-cross debian-mips64-cross
 DOCKER_PARTIAL_IMAGES += debian-microblaze-cross
+DOCKER_PARTIAL_IMAGES += debian-mips-cross
 DOCKER_PARTIAL_IMAGES += debian-nios2-cross
 DOCKER_PARTIAL_IMAGES += debian-riscv64-test-cross
 DOCKER_PARTIAL_IMAGES += debian-sh4-cross debian-sparc64-cross
diff --git a/tests/docker/dockerfiles/debian-mips-cross.docker 
b/tests/docker/dockerfiles/debian-mips-cross.docker
index 26c154014d..7b55f0f3b2 100644
--- a/tests/docker/dockerfiles/debian-mips-cross.docker
+++ b/tests/docker/dockerfiles/debian-mips-cross.docker
@@ -1,32 +1,14 @@
 #
 # Docker mips cross-compiler target
 #
-# This docker target builds on the debian Buster base image.
+# This docker target builds on the Debian Bullseye base image.
 #
-FROM qemu/debian10
-
-MAINTAINER Philippe Mathieu-Daudé 
-
-# Add the foreign architecture we want and install dependencies
-RUN dpkg --add-architect

[PATCH v2 21/30] Deprecate 32 bit big-endian MIPS

[Alex Bennée]

It's becoming harder to maintain a cross-compiler to test this host
architecture as the old stable Debian 10 ("Buster") moved into LTS
which supports fewer architectures. For now:

  - mark it's deprecation in the docs
  - downgrade the containers to build TCG tests only
  - drop the cross builds from our CI

Users with an appropriate toolchain and user-space can still take
their chances building it.

Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Huacai Chen 
Message-Id: <20220826172128.353798-16-alex.ben...@linaro.org>

---
v2
  - explicit little endian instead of LE
  - s/A/As/
  - restore mips to dockerfile
---
 docs/about/build-platforms.rst|  2 +-
 docs/about/deprecated.rst | 13 +++
 .gitlab-ci.d/container-cross.yml  |  1 -
 .gitlab-ci.d/crossbuilds.yml  | 14 ---
 tests/docker/Makefile.include |  5 +--
 .../dockerfiles/debian-mips-cross.docker  | 38 +--
 6 files changed, 26 insertions(+), 47 deletions(-)

diff --git a/docs/about/build-platforms.rst b/docs/about/build-platforms.rst
index a2fee53248..1c1e7b9e11 100644
--- a/docs/about/build-platforms.rst
+++ b/docs/about/build-platforms.rst
@@ -41,7 +41,7 @@ Those hosts are officially supported, with various 
accelerators:
  - Accelerators
* - Arm
  - kvm (64 bit only), tcg, xen
-   * - MIPS
+   * - MIPS (little endian only)
  - kvm, tcg
* - PPC
  - kvm, tcg
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index c75a25daad..0d1fd4469b 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -213,6 +213,19 @@ MIPS ``Trap-and-Emul`` KVM support (since 6.0)
 The MIPS ``Trap-and-Emul`` KVM host and guest support has been removed
 from Linux upstream kernel, declare it deprecated.
 
+Host Architectures
+--
+
+BE MIPS (since 7.2)
+'''''''''''''''''''
+
+As Debian 10 ("Buster") moved into LTS the big endian 32 bit version of
+MIPS moved out of support making it hard to maintain our
+cross-compilation CI tests of the architecture. As we no longer have
+CI coverage support may bitrot away before the deprecation process
+completes. The little endian variants of MIPS (both 32 and 64 bit) are
+still a supported host architecture.
+
 QEMU API (QAPI) events
 --
 
diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
index 611c6c0b39..95d57e1c5d 100644
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -89,7 +89,6 @@ mips64el-debian-cross-container:
 mips-debian-cross-container:
   extends: .container_job_template
   stage: containers
-  needs: ['amd64-debian10-container']
   variables:
 NAME: debian-mips-cross
 
diff --git a/.gitlab-ci.d/crossbuilds.yml b/.gitlab-ci.d/crossbuilds.yml
index 4a5fb6ea2a..c4cd96433d 100644
--- a/.gitlab-ci.d/crossbuilds.yml
+++ b/.gitlab-ci.d/crossbuilds.yml
@@ -70,20 +70,6 @@ cross-i386-tci:
 EXTRA_CONFIGURE_OPTS: 
--target-list=i386-softmmu,i386-linux-user,aarch64-softmmu,aarch64-linux-user,ppc-softmmu,ppc-linux-user
 MAKE_CHECK_ARGS: check check-tcg
 
-cross-mips-system:
-  extends: .cross_system_build_job
-  needs:
-job: mips-debian-cross-container
-  variables:
-IMAGE: debian-mips-cross
-
-cross-mips-user:
-  extends: .cross_user_build_job
-  needs:
-job: mips-debian-cross-container
-  variables:
-IMAGE: debian-mips-cross
-
 cross-mipsel-system:
   extends: .cross_system_build_job
   needs:
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index c3375f89c5..b1bf56434f 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -81,14 +81,12 @@ endif
 
 # For non-x86 hosts not all cross-compilers have been packaged
 ifneq ($(HOST_ARCH),x86_64)
-DOCKER_PARTIAL_IMAGES += debian-mips-cross debian-mipsel-cross 
debian-mips64el-cross
+DOCKER_PARTIAL_IMAGES += debian-mipsel-cross debian-mips64el-cross
 DOCKER_PARTIAL_IMAGES += debian-ppc64el-cross
 DOCKER_PARTIAL_IMAGES += debian-s390x-cross
 DOCKER_PARTIAL_IMAGES += fedora
 endif
 
-docker-image-debian-mips-cross: docker-image-debian10
-
 # The native build should never use the registry
 docker-image-debian-native: DOCKER_REGISTRY=
 
@@ -144,6 +142,7 @@ DOCKER_PARTIAL_IMAGES += debian-hppa-cross
 DOCKER_PARTIAL_IMAGES += debian-loongarch-cross
 DOCKER_PARTIAL_IMAGES += debian-m68k-cross debian-mips64-cross
 DOCKER_PARTIAL_IMAGES += debian-microblaze-cross
+DOCKER_PARTIAL_IMAGES += debian-mips-cross
 DOCKER_PARTIAL_IMAGES += debian-nios2-cross
 DOCKER_PARTIAL_IMAGES += debian-riscv64-test-cross
 DOCKER_PARTIAL_IMAGES += debian-sh4-cross debian-sparc64-cross
diff --git a/tests/docker/dockerfiles/debian-mips-cross.docker 
b/tests/docker/dockerfiles/debian-mips-cross.docker
index 26c154014

Re: [PATCH v1 15/25] Deprecate 32 bit big-endian MIPS

[Alex Bennée]

Thomas Huth  writes:

> On 26/08/2022 19.21, Alex Bennée wrote:

>> -   * - MIPS
>> +   * - MIPS (LE only)
>
> I'd replace "LE" with "little endian" - not everybody might know that
> abbreviation.

>> +'''''''''''''''''''
>> +
>> +A Debian 10 ("Buster") moved into LTS the big endian 32 bit version of
>
> s/A Debian/As Debian/

Fixed.

>> +MIPS moved out of support making it hard to maintain our
>> +cross-compilation CI tests of the architecture. As we no longer have
>> +CI coverage support may bitrot away before the deprecation process
>> +completes. The little endian variants of MIPS (both 32 and 64 bit) are
>> +still a supported host architecture.
>> +
>>   QEMU API (QAPI) events
>>   --
> ...
>> diff --git a/tests/docker/dockerfiles/debian-mips-cross.docker
>> b/tests/docker/dockerfiles/debian-mips-cross.docker
>> index 26c154014d..75943619df 100644
>> --- a/tests/docker/dockerfiles/debian-mips-cross.docker
>> +++ b/tests/docker/dockerfiles/debian-mips-cross.docker
>> @@ -1,32 +1,14 @@
>>   #
>> -# Docker mips cross-compiler target
>> +# Docker cross-compiler target
>
> Why did you remove the "mips" here?

You may notice most of the flattened cross compiler docker images are
basically the same save the last two lines. I ended up just copy pasting
the preamble as I went along. I could restore if you like.

>
>  Thomas


-- 
Alex Bennée

[PATCH v1 15/25] Deprecate 32 bit big-endian MIPS

[Alex Bennée]

It's becoming harder to maintain a cross-compiler to test this host
architecture as the old stable Debian 10 ("Buster") moved into LTS
which supports fewer architectures. For now:

  - mark it's deprecation in the docs
  - downgrade the containers to build TCG tests only
  - drop the cross builds from our CI

Users with an appropriate toolchain and user-space can still take
their chances building it.

Signed-off-by: Alex Bennée 
---
 docs/about/build-platforms.rst|  2 +-
 docs/about/deprecated.rst | 13 ++
 .gitlab-ci.d/container-cross.yml  |  1 -
 .gitlab-ci.d/crossbuilds.yml  | 14 ---
 tests/docker/Makefile.include |  5 +--
 .../dockerfiles/debian-mips-cross.docker  | 40 +--
 6 files changed, 27 insertions(+), 48 deletions(-)

diff --git a/docs/about/build-platforms.rst b/docs/about/build-platforms.rst
index 26028756d0..1ca9144a7d 100644
--- a/docs/about/build-platforms.rst
+++ b/docs/about/build-platforms.rst
@@ -41,7 +41,7 @@ Those hosts are officially supported, with various 
accelerators:
  - Accelerators
* - Arm
  - kvm (64 bit only), tcg, xen
-   * - MIPS
+   * - MIPS (LE only)
  - kvm, tcg
* - PPC
  - kvm, tcg
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 91b03115ee..22c2f4f4de 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -213,6 +213,19 @@ MIPS ``Trap-and-Emul`` KVM support (since 6.0)
 The MIPS ``Trap-and-Emul`` KVM host and guest support has been removed
 from Linux upstream kernel, declare it deprecated.
 
+Host Architectures
+--
+
+BE MIPS (since 7.2)
+'''''''''''''''''''
+
+A Debian 10 ("Buster") moved into LTS the big endian 32 bit version of
+MIPS moved out of support making it hard to maintain our
+cross-compilation CI tests of the architecture. As we no longer have
+CI coverage support may bitrot away before the deprecation process
+completes. The little endian variants of MIPS (both 32 and 64 bit) are
+still a supported host architecture.
+
 QEMU API (QAPI) events
 --
 
diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
index 611c6c0b39..95d57e1c5d 100644
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -89,7 +89,6 @@ mips64el-debian-cross-container:
 mips-debian-cross-container:
   extends: .container_job_template
   stage: containers
-  needs: ['amd64-debian10-container']
   variables:
 NAME: debian-mips-cross
 
diff --git a/.gitlab-ci.d/crossbuilds.yml b/.gitlab-ci.d/crossbuilds.yml
index 4a5fb6ea2a..c4cd96433d 100644
--- a/.gitlab-ci.d/crossbuilds.yml
+++ b/.gitlab-ci.d/crossbuilds.yml
@@ -70,20 +70,6 @@ cross-i386-tci:
 EXTRA_CONFIGURE_OPTS: 
--target-list=i386-softmmu,i386-linux-user,aarch64-softmmu,aarch64-linux-user,ppc-softmmu,ppc-linux-user
 MAKE_CHECK_ARGS: check check-tcg
 
-cross-mips-system:
-  extends: .cross_system_build_job
-  needs:
-job: mips-debian-cross-container
-  variables:
-IMAGE: debian-mips-cross
-
-cross-mips-user:
-  extends: .cross_user_build_job
-  needs:
-job: mips-debian-cross-container
-  variables:
-IMAGE: debian-mips-cross
-
 cross-mipsel-system:
   extends: .cross_system_build_job
   needs:
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index c3375f89c5..b1bf56434f 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -81,14 +81,12 @@ endif
 
 # For non-x86 hosts not all cross-compilers have been packaged
 ifneq ($(HOST_ARCH),x86_64)
-DOCKER_PARTIAL_IMAGES += debian-mips-cross debian-mipsel-cross 
debian-mips64el-cross
+DOCKER_PARTIAL_IMAGES += debian-mipsel-cross debian-mips64el-cross
 DOCKER_PARTIAL_IMAGES += debian-ppc64el-cross
 DOCKER_PARTIAL_IMAGES += debian-s390x-cross
 DOCKER_PARTIAL_IMAGES += fedora
 endif
 
-docker-image-debian-mips-cross: docker-image-debian10
-
 # The native build should never use the registry
 docker-image-debian-native: DOCKER_REGISTRY=
 
@@ -144,6 +142,7 @@ DOCKER_PARTIAL_IMAGES += debian-hppa-cross
 DOCKER_PARTIAL_IMAGES += debian-loongarch-cross
 DOCKER_PARTIAL_IMAGES += debian-m68k-cross debian-mips64-cross
 DOCKER_PARTIAL_IMAGES += debian-microblaze-cross
+DOCKER_PARTIAL_IMAGES += debian-mips-cross
 DOCKER_PARTIAL_IMAGES += debian-nios2-cross
 DOCKER_PARTIAL_IMAGES += debian-riscv64-test-cross
 DOCKER_PARTIAL_IMAGES += debian-sh4-cross debian-sparc64-cross
diff --git a/tests/docker/dockerfiles/debian-mips-cross.docker 
b/tests/docker/dockerfiles/debian-mips-cross.docker
index 26c154014d..75943619df 100644
--- a/tests/docker/dockerfiles/debian-mips-cross.docker
+++ b/tests/docker/dockerfiles/debian-mips-cross.docker
@@ -1,32 +1,14 @@
 #
-# Docker mips cross-compiler target
+# Docker cross-compiler target
 #
-# This docke

[PULL 27/28] linux-user: Remove the deprecated ppc64abi32 target

[Alex Bennée]

From: Thomas Huth 

It's likely broken, and nobody cared for picking it up again
during the deprecation phase, so let's remove this now.

Since this is the last entry in deprecated_targets_list, remove
the related code in the configure script, too.

Signed-off-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Acked-by: Cédric Le Goater 
Acked-by: Alex Bennée 
Message-Id: <20211215084958.185214-1-th...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220112112722.3641051-32-alex.ben...@linaro.org>

diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 47a594a3b6..25b1fb8677 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -403,13 +403,6 @@ The above, converted to the current supported format::
 linux-user mode CPUs
 
 
-``ppc64abi32`` CPUs (since 5.2)
-'''''''''''''''''''''''''''''''
-
-The ``ppc64abi32`` architecture has a number of issues which regularly
-trip up our CI testing and is suspected to be quite broken. For that
-reason the maintainers strongly suspect no one actually uses it.
-
 MIPS ``I7200`` CPU (since 5.2)
 ''''''''''''''''''''''''''''''
 
diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
index b0156e0f25..cb0575fd49 100644
--- a/docs/about/removed-features.rst
+++ b/docs/about/removed-features.rst
@@ -601,6 +601,14 @@ the upstream Linux kernel in 2018, and it has also been 
dropped from glibc, so
 there is no new Linux development taking place with this architecture. For
 running the old binaries, you can use older versions of QEMU.
 
+``ppc64abi32`` CPUs (removed in 7.0)
+''''''''''''''''''''''''''''''''''''
+
+The ``ppc64abi32`` architecture has a number of issues which regularly
+tripped up the CI testing and was suspected to be quite broken. For that
+reason the maintainers strongly suspected no one actually used it.
+
+
 TCG introspection features
 --
 
diff --git a/docs/user/main.rst b/docs/user/main.rst
index e08d4be63b..6f2ffa080f 100644
--- a/docs/user/main.rst
+++ b/docs/user/main.rst
@@ -166,7 +166,6 @@ Other binaries
 
 -  user mode (PowerPC)
 
-   * ``qemu-ppc64abi32`` TODO.
* ``qemu-ppc64`` TODO.
* ``qemu-ppc`` TODO.
 
diff --git a/configure b/configure
index dfb9019b24..3a29eff5cc 100755
--- a/configure
+++ b/configure
@@ -1252,8 +1252,6 @@ if eval test -z "\${cross_cc_$cpu}"; then
 fi
 
 default_target_list=""
-deprecated_targets_list=ppc64abi32-linux-user
-deprecated_features=""
 mak_wilds=""
 
 if [ "$linux_user" != no ]; then
@@ -1281,16 +1279,6 @@ if [ "$bsd_user" = "yes" ]; then
 mak_wilds="${mak_wilds} $source_path/configs/targets/*-bsd-user.mak"
 fi
 
-# If the user doesn't explicitly specify a deprecated target we will
-# skip it.
-if test -z "$target_list"; then
-if test -z "$target_list_exclude"; then
-target_list_exclude="$deprecated_targets_list"
-else
-target_list_exclude="$target_list_exclude,$deprecated_targets_list"
-fi
-fi
-
 for config in $mak_wilds; do
 target="$(basename "$config" .mak)"
 if echo "$target_list_exclude" | grep -vq "$target"; then
@@ -1309,11 +1297,9 @@ Standard options:
   --prefix=PREFIX  install in PREFIX [$prefix]
   --interp-prefix=PREFIX   where to find shared libraries, etc.
use %M for cpu name [$interp_prefix]
-  --target-list=LIST   set target list (default: build all non-deprecated)
+  --target-list=LIST   set target list (default: build all)
 $(echo Available targets: $default_target_list | \
   fold -s -w 53 | sed -e 's/^/   /')
-$(echo Deprecated targets: $deprecated_targets_list | \
-  fold -s -w 53 | sed -e 's/^/   /')
   --target-list-exclude=LIST exclude a set of targets from the default 
target-list
 
 Advanced options (experts only):
@@ -1797,13 +1783,6 @@ else
 done
 fi
 
-for target in $target_list; do
-# if a deprecated target is enabled we note it here
-if echo "$deprecated_targets_list" | grep -q "$target"; then
-add_to deprecated_features $target
-fi
-done
-
 # see if system emulation was really requested
 case " $target_list " in
   *"-softmmu "*) softmmu=yes
@@ -3830,12 +3809,6 @@ else
   fi
 fi
 
-if test -n &

Re: [PULL 31/31] linux-user: Remove the deprecated ppc64abi32 target

[Alex Bennée]

Thomas Huth  writes:

> On 12/01/2022 12.27, Alex Bennée wrote:
>> From: Thomas Huth 
>> It's likely broken, and nobody cared for picking it up again
>> during the deprecation phase, so let's remove this now.
>> Since this is the last entry in deprecated_targets_list, remove
>> the related code in the configure script, too.
>> Signed-off-by: Thomas Huth 
>
>  Hi Alex!
>
> What happened to this patch here? Seems like it got lost in v2 of the
> pull request?

Looks like... I'll include it in the PR I'll roll later today.

>
>  Thomas


-- 
Alex Bennée

[PULL 31/31] linux-user: Remove the deprecated ppc64abi32 target

[Alex Bennée]

From: Thomas Huth 

It's likely broken, and nobody cared for picking it up again
during the deprecation phase, so let's remove this now.

Since this is the last entry in deprecated_targets_list, remove
the related code in the configure script, too.

Signed-off-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Acked-by: Cédric Le Goater 
Acked-by: Alex Bennée 
Message-Id: <20211215084958.185214-1-th...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220105135009.1584676-35-alex.ben...@linaro.org>

diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index e21e07478f..6f85afdee4 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -390,13 +390,6 @@ The above, converted to the current supported format::
 linux-user mode CPUs
 
 
-``ppc64abi32`` CPUs (since 5.2)
-'''''''''''''''''''''''''''''''
-
-The ``ppc64abi32`` architecture has a number of issues which regularly
-trip up our CI testing and is suspected to be quite broken. For that
-reason the maintainers strongly suspect no one actually uses it.
-
 MIPS ``I7200`` CPU (since 5.2)
 ''''''''''''''''''''''''''''''
 
diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
index 4c4da20d0f..380a1b30ea 100644
--- a/docs/about/removed-features.rst
+++ b/docs/about/removed-features.rst
@@ -601,6 +601,14 @@ the upstream Linux kernel in 2018, and it has also been 
dropped from glibc, so
 there is no new Linux development taking place with this architecture. For
 running the old binaries, you can use older versions of QEMU.
 
+``ppc64abi32`` CPUs (removed in 7.0)
+''''''''''''''''''''''''''''''''''''
+
+The ``ppc64abi32`` architecture has a number of issues which regularly
+tripped up the CI testing and was suspected to be quite broken. For that
+reason the maintainers strongly suspected no one actually used it.
+
+
 System emulator devices
 ---
 
diff --git a/docs/user/main.rst b/docs/user/main.rst
index e08d4be63b..6f2ffa080f 100644
--- a/docs/user/main.rst
+++ b/docs/user/main.rst
@@ -166,7 +166,6 @@ Other binaries
 
 -  user mode (PowerPC)
 
-   * ``qemu-ppc64abi32`` TODO.
* ``qemu-ppc64`` TODO.
* ``qemu-ppc`` TODO.
 
diff --git a/configure b/configure
index 030728d11e..0c57a063c6 100755
--- a/configure
+++ b/configure
@@ -1273,8 +1273,6 @@ if [ "$ARCH" = "unknown" ]; then
 fi
 
 default_target_list=""
-deprecated_targets_list=ppc64abi32-linux-user
-deprecated_features=""
 mak_wilds=""
 
 if [ "$softmmu" = "yes" ]; then
@@ -1287,16 +1285,6 @@ if [ "$bsd_user" = "yes" ]; then
 mak_wilds="${mak_wilds} $source_path/configs/targets/*-bsd-user.mak"
 fi
 
-# If the user doesn't explicitly specify a deprecated target we will
-# skip it.
-if test -z "$target_list"; then
-if test -z "$target_list_exclude"; then
-target_list_exclude="$deprecated_targets_list"
-else
-target_list_exclude="$target_list_exclude,$deprecated_targets_list"
-fi
-fi
-
 for config in $mak_wilds; do
 target="$(basename "$config" .mak)"
 if echo "$target_list_exclude" | grep -vq "$target"; then
@@ -1315,11 +1303,9 @@ Standard options:
   --prefix=PREFIX  install in PREFIX [$prefix]
   --interp-prefix=PREFIX   where to find shared libraries, etc.
use %M for cpu name [$interp_prefix]
-  --target-list=LIST   set target list (default: build all non-deprecated)
+  --target-list=LIST   set target list (default: build all)
 $(echo Available targets: $default_target_list | \
   fold -s -w 53 | sed -e 's/^/   /')
-$(echo Deprecated targets: $deprecated_targets_list | \
-  fold -s -w 53 | sed -e 's/^/   /')
   --target-list-exclude=LIST exclude a set of targets from the default 
target-list
 
 Advanced options (experts only):
@@ -1804,13 +1790,6 @@ else
 done
 fi
 
-for target in $target_list; do
-# if a deprecated target is enabled we note it here
-if echo "$deprecated_targets_list" | grep -q "$target"; then
-add_to deprecated_features $target
-fi
-done
-
 # see if system emulation was really requested
 case " $target_list " in
   *"-softmmu "*) softmmu=yes
@@ -3950,12 +3929,6 @@ else
   fi
 fi
 
-if 

[PATCH v1 34/34] linux-user: Remove the deprecated ppc64abi32 target

[Alex Bennée]

From: Thomas Huth 

It's likely broken, and nobody cared for picking it up again
during the deprecation phase, so let's remove this now.

Since this is the last entry in deprecated_targets_list, remove
the related code in the configure script, too.

Signed-off-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Acked-by: Cédric Le Goater 
Acked-by: Alex Bennée 
Message-Id: <20211215084958.185214-1-th...@redhat.com>
Signed-off-by: Alex Bennée 
---
 docs/about/deprecated.rst |  7 -
 docs/about/removed-features.rst   |  8 +
 docs/user/main.rst|  1 -
 configure | 29 +--
 configs/targets/ppc64abi32-linux-user.mak |  8 -
 linux-user/ppc/target_syscall.h   |  4 +--
 linux-user/syscall_defs.h |  6 ++--
 linux-user/elfload.c  |  4 +--
 linux-user/ppc/signal.c   | 11 ++-
 .gitlab-ci.d/buildtest.yml| 27 -
 .../dockerfiles/debian-ppc64el-cross.docker   |  2 +-
 tests/tcg/configure.sh|  2 +-
 12 files changed, 21 insertions(+), 88 deletions(-)
 delete mode 100644 configs/targets/ppc64abi32-linux-user.mak

diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 5693abb663..7f12f53713 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -396,13 +396,6 @@ The above, converted to the current supported format::
 linux-user mode CPUs
 
 
-``ppc64abi32`` CPUs (since 5.2)
-'''''''''''''''''''''''''''''''
-
-The ``ppc64abi32`` architecture has a number of issues which regularly
-trip up our CI testing and is suspected to be quite broken. For that
-reason the maintainers strongly suspect no one actually uses it.
-
 MIPS ``I7200`` CPU (since 5.2)
 ''''''''''''''''''''''''''''''
 
diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
index d42c3341de..f92b8bd738 100644
--- a/docs/about/removed-features.rst
+++ b/docs/about/removed-features.rst
@@ -594,6 +594,14 @@ the upstream Linux kernel in 2018, and it has also been 
dropped from glibc, so
 there is no new Linux development taking place with this architecture. For
 running the old binaries, you can use older versions of QEMU.
 
+``ppc64abi32`` CPUs (removed in 7.0)
+''''''''''''''''''''''''''''''''''''
+
+The ``ppc64abi32`` architecture has a number of issues which regularly
+tripped up the CI testing and was suspected to be quite broken. For that
+reason the maintainers strongly suspected no one actually used it.
+
+
 System emulator devices
 ---
 
diff --git a/docs/user/main.rst b/docs/user/main.rst
index e08d4be63b..6f2ffa080f 100644
--- a/docs/user/main.rst
+++ b/docs/user/main.rst
@@ -166,7 +166,6 @@ Other binaries
 
 -  user mode (PowerPC)
 
-   * ``qemu-ppc64abi32`` TODO.
* ``qemu-ppc64`` TODO.
* ``qemu-ppc`` TODO.
 
diff --git a/configure b/configure
index 030728d11e..0c57a063c6 100755
--- a/configure
+++ b/configure
@@ -1273,8 +1273,6 @@ if [ "$ARCH" = "unknown" ]; then
 fi
 
 default_target_list=""
-deprecated_targets_list=ppc64abi32-linux-user
-deprecated_features=""
 mak_wilds=""
 
 if [ "$softmmu" = "yes" ]; then
@@ -1287,16 +1285,6 @@ if [ "$bsd_user" = "yes" ]; then
 mak_wilds="${mak_wilds} $source_path/configs/targets/*-bsd-user.mak"
 fi
 
-# If the user doesn't explicitly specify a deprecated target we will
-# skip it.
-if test -z "$target_list"; then
-if test -z "$target_list_exclude"; then
-target_list_exclude="$deprecated_targets_list"
-else
-target_list_exclude="$target_list_exclude,$deprecated_targets_list"
-fi
-fi
-
 for config in $mak_wilds; do
 target="$(basename "$config" .mak)"
 if echo "$target_list_exclude" | grep -vq "$target"; then
@@ -1315,11 +1303,9 @@ Standard options:
   --prefix=PREFIX  install in PREFIX [$prefix]
   --interp-prefix=PREFIX   where to find shared libraries, etc.
use %M for cpu name [$interp_prefix]
-  --target-list=LIST   set target list (default: build all non-deprecated)
+  --target-list=LIST   set target list (default: build all)
 $(echo Available targets: $default_target_list | \
   fold -s -w 53

[PULL 21/22] docs/deprecated: deprecate passing plugin args through `arg=`

[Alex Bennée]

From: Mahmoud Mandour 

Signed-off-by: Mahmoud Mandour 
Message-Id: <20210802134414.52037-1-ma.mando...@gmail.com>
Reviewed-by: Alex Bennée 
[AJB: fixed up move of deprecated.rst]
Signed-off-by: Alex Bennée 

diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 1e1a5e96ad..6e88a84bba 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -139,6 +139,18 @@ The ``-no-quit`` is a synonym for ``-display 
...,window-close=off`` which
 should be used instead.
 
 
+Plugin argument passing through ``arg=`` (since 6.1)
+''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
+
+Passing TCG plugins arguments through ``arg=`` is redundant is makes the
+command-line less readable, especially when the argument itself consist of a
+name and a value, e.g. ``-plugin plugin_name,arg="arg_name=arg_value"``.
+Therefore, the usage of ``arg`` is redundant. Single-word arguments are treated
+as short-form boolean values, and passed to plugins as ``arg_name=on``.
+However, short-form booleans are deprecated and full explicit ``arg_name=on``
+form is preferred.
+
+
 QEMU Machine Protocol (QMP) commands
 
 
-- 
2.30.2

Re: [PATCH v4 13/13] docs/deprecated: deprecate passing plugin args through `arg=`

[Alex Bennée]

Mahmoud Mandour  writes:

> Signed-off-by: Mahmoud Mandour 
> ---
>  docs/system/deprecated.rst | 7 +++
>  1 file changed, 7 insertions(+)
>
> diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
> index e2e0090878..7ae6f1f727 100644
> --- a/docs/system/deprecated.rst
> +++ b/docs/system/deprecated.rst
> @@ -126,6 +126,13 @@ other options have been processed.  This will either 
> have no effect (if
>  if they were not given.  The property is therefore useless and should not be
>  specified.
>  
> +Plugin argument passing through ``arg=`` (since 6.1)
> +''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
> +
> +Passing TCG plugins arguments through ``arg=`` is redundant is makes the
> +command-line less readable, especially when the argument itself consist of a
> +name and a value, e.g. ``-plugin plugin_name,arg="arg_name=arg_value"``.
> +Therefore, the usage of ``arg`` is redundant.

We should probably also mention that single word arguments are treated
as booleans and prefer the flag=on form. Anyway:

Reviewed-by: Alex Bennée 

-- 
Alex Bennée

Re: [PATCH v1 5/7] docs: mark intention to deprecate TCG tracing functionality

[Alex Bennée]

Daniel P. Berrangé  writes:

> On Wed, May 05, 2021 at 11:41:46AM +0100, Alex Bennée wrote:
>> 
>> Alex Bennée  writes:
>> 
>> > Daniel P. Berrangé  writes:
>> >
>> >> On Wed, May 05, 2021 at 10:22:57AM +0100, Alex Bennée wrote:
>> 
>> >>> +TCG introspection features
>> >>> +--
>> >>> +
>> >>> +TCG trace-events (since 6.1)
>> >>> +''''''''''''''''''''''''''''
>> >>> +
>> >>> +The ability to add new TCG trace points has bit rotted and as the
>> >>
>> >> When you say this "has bit rotted", just how bad is the situation ?
>> >>
>> >> Is the TCG tracing still usable at all, or is is fully broken
>> >> already ?
>> >
>> > Well patches 6/7 got it working for generic TCG things. I haven't been
>> > able to get the architecture one working but I suspect that is some sort
>> > of interaction between the per-arch trace header generation that I
>> > haven't quite figured out yet.
>> 
>> Ahh it's since 7609ffb919 (trace: fix tcg tracing build breakage) which
>> limited tcg/vcpu events to the root trace-events file.
>
> That commit is from release 2.10.0.
>
> The other commit mentioned in patch 6 (73ff061032) is from 2.12.0.
>
> So no one has been able to use this feature for 3+ years already.
>
> Is it actually worth fixing and then deprecating for 2 releases before
> deleting, as opposed to just deleting the broken code today on basis
> that it can't have any current users ?

Well I can get it up and running with the aforementioned patches and it
seems reasonable to give some notice. I'm happy to defer to Stefan here
though as it's his sub-system.

>
> Regards,
> Daniel


-- 
Alex Bennée

Re: [PATCH v1 5/7] docs: mark intention to deprecate TCG tracing functionality

[Alex Bennée]

Alex Bennée  writes:

> Daniel P. Berrangé  writes:
>
>> On Wed, May 05, 2021 at 10:22:57AM +0100, Alex Bennée wrote:

>>> +TCG introspection features
>>> +--
>>> +
>>> +TCG trace-events (since 6.1)
>>> +''''''''''''''''''''''''''''
>>> +
>>> +The ability to add new TCG trace points has bit rotted and as the
>>
>> When you say this "has bit rotted", just how bad is the situation ?
>>
>> Is the TCG tracing still usable at all, or is is fully broken
>> already ?
>
> Well patches 6/7 got it working for generic TCG things. I haven't been
> able to get the architecture one working but I suspect that is some sort
> of interaction between the per-arch trace header generation that I
> haven't quite figured out yet.

Ahh it's since 7609ffb919 (trace: fix tcg tracing build breakage) which
limited tcg/vcpu events to the root trace-events file.

-- 
Alex Bennée

Re: [PATCH v1 5/7] docs: mark intention to deprecate TCG tracing functionality

[Alex Bennée]

Daniel P. Berrangé  writes:

> On Wed, May 05, 2021 at 10:22:57AM +0100, Alex Bennée wrote:
>> Currently attempts to add a new TCG trace events results in failures
>> to build. Previous discussions have suggested maybe it's time to mark
>> the feature as deprecated and push people towards using plugins.
>> 
>> Signed-off-by: Alex Bennée 
>> Cc: Luis Vilanova 
>> Cc: Stefan Hajnoczi 
>> ---
>>  docs/devel/tcg-plugins.rst |  2 ++
>>  docs/devel/tracing.rst |  7 +++
>>  docs/system/deprecated.rst | 13 +
>>  3 files changed, 22 insertions(+)
>> 
>> diff --git a/docs/devel/tcg-plugins.rst b/docs/devel/tcg-plugins.rst
>> index 18c6581d85..edf04e3091 100644
>> --- a/docs/devel/tcg-plugins.rst
>> +++ b/docs/devel/tcg-plugins.rst
>> @@ -3,6 +3,8 @@
>> Copyright (c) 2019, Linaro Limited
>> Written by Emilio Cota and Alex Bennée
>>  
>> +.. _tcgplugin-ref:
>> +
>>  
>>  QEMU TCG Plugins
>>  
>> diff --git a/docs/devel/tracing.rst b/docs/devel/tracing.rst
>> index ba83954899..6b0f46cd54 100644
>> --- a/docs/devel/tracing.rst
>> +++ b/docs/devel/tracing.rst
>> @@ -414,6 +414,13 @@ disabled, this check will have no performance impact.
>>  "tcg"
>>  -
>>  
>> +.. warning::
>> +   The ability to add new TCG trace points relies on a having a good
>> +   understanding of the TCG internals. In the meantime TCG plugins
>> +   have been introduced which solve many of the same problems with
>> +   more of a focus on analysing guest code. See :ref:`tcgplugin-ref`
>> +   for more details.
>> +
>>  Guest code generated by TCG can be traced by defining an event with the 
>> "tcg"
>>  event property. Internally, this property generates two events:
>>  "_trans" to trace the event at translation time, and
>> diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
>> index 80cae86252..0c9d3c1e1e 100644
>> --- a/docs/system/deprecated.rst
>> +++ b/docs/system/deprecated.rst
>> @@ -312,6 +312,19 @@ The ``I7200`` guest CPU relies on the nanoMIPS ISA, 
>> which is deprecated
>>  (the ISA has never been upstreamed to a compiler toolchain). Therefore
>>  this CPU is also deprecated.
>>  
>> +TCG introspection features
>> +--
>> +
>> +TCG trace-events (since 6.1)
>> +''''''''''''''''''''''''''''
>> +
>> +The ability to add new TCG trace points has bit rotted and as the
>
> When you say this "has bit rotted", just how bad is the situation ?
>
> Is the TCG tracing still usable at all, or is is fully broken
> already ?

Well patches 6/7 got it working for generic TCG things. I haven't been
able to get the architecture one working but I suspect that is some sort
of interaction between the per-arch trace header generation that I
haven't quite figured out yet.

It's currently broken without the included patches because it's not
really being exercised by anything.

>> +feature can be replicated with TCG plugins it will be deprecated. If
>> +any user is currently using this feature and needs help with
>> +converting to using TCG plugins they should contact the qemu-devel
>> +mailing list.
>> +
>
> Regards,
> Daniel


-- 
Alex Bennée

[PATCH v1 5/7] docs: mark intention to deprecate TCG tracing functionality

[Alex Bennée]

Currently attempts to add a new TCG trace events results in failures
to build. Previous discussions have suggested maybe it's time to mark
the feature as deprecated and push people towards using plugins.

Signed-off-by: Alex Bennée 
Cc: Luis Vilanova 
Cc: Stefan Hajnoczi 
---
 docs/devel/tcg-plugins.rst |  2 ++
 docs/devel/tracing.rst |  7 +++
 docs/system/deprecated.rst | 13 +
 3 files changed, 22 insertions(+)

diff --git a/docs/devel/tcg-plugins.rst b/docs/devel/tcg-plugins.rst
index 18c6581d85..edf04e3091 100644
--- a/docs/devel/tcg-plugins.rst
+++ b/docs/devel/tcg-plugins.rst
@@ -3,6 +3,8 @@
Copyright (c) 2019, Linaro Limited
Written by Emilio Cota and Alex Bennée
 
+.. _tcgplugin-ref:
+
 
 QEMU TCG Plugins
 
diff --git a/docs/devel/tracing.rst b/docs/devel/tracing.rst
index ba83954899..6b0f46cd54 100644
--- a/docs/devel/tracing.rst
+++ b/docs/devel/tracing.rst
@@ -414,6 +414,13 @@ disabled, this check will have no performance impact.
 "tcg"
 -
 
+.. warning::
+   The ability to add new TCG trace points relies on a having a good
+   understanding of the TCG internals. In the meantime TCG plugins
+   have been introduced which solve many of the same problems with
+   more of a focus on analysing guest code. See :ref:`tcgplugin-ref`
+   for more details.
+
 Guest code generated by TCG can be traced by defining an event with the "tcg"
 event property. Internally, this property generates two events:
 "_trans" to trace the event at translation time, and
diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
index 80cae86252..0c9d3c1e1e 100644
--- a/docs/system/deprecated.rst
+++ b/docs/system/deprecated.rst
@@ -312,6 +312,19 @@ The ``I7200`` guest CPU relies on the nanoMIPS ISA, which 
is deprecated
 (the ISA has never been upstreamed to a compiler toolchain). Therefore
 this CPU is also deprecated.
 
+TCG introspection features
+--
+
+TCG trace-events (since 6.1)
+''''''''''''''''''''''''''''
+
+The ability to add new TCG trace points has bit rotted and as the
+feature can be replicated with TCG plugins it will be deprecated. If
+any user is currently using this feature and needs help with
+converting to using TCG plugins they should contact the qemu-devel
+mailing list.
+
+
 Related binaries
 
 
-- 
2.20.1

[PULL 05/10] docs/system/deprecated: mark ppc64abi32-linux-user for deprecation

[Alex Bennée]

It's buggy and we are not sure anyone uses it.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Acked-by: David Gibson 
Message-Id: <20200909112742.25730-6-alex.ben...@linaro.org>

diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
index 851dbdeb8ab..a158e765c33 100644
--- a/docs/system/deprecated.rst
+++ b/docs/system/deprecated.rst
@@ -424,6 +424,13 @@ linux-user mode) is deprecated and will be removed in a 
future version
 of QEMU. Support for this CPU was removed from the upstream Linux
 kernel in 2018, and has also been dropped from glibc.
 
+``ppc64abi32`` CPUs (since 5.2.0)
+'''''''''''''''''''''''''''''''''
+
+The ``ppc64abi32`` architecture has a number of issues which regularly
+trip up our CI testing and is suspected to be quite broken. For that
+reason the maintainers strongly suspect no one actually uses it.
+
 Related binaries
 
 
-- 
2.20.1

[PATCH v2 05/10] docs/system/deprecated: mark ppc64abi32-linux-user for deprecation

[Alex Bennée]

It's buggy and we are not sure anyone uses it.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Acked-by: David Gibson 
---
 docs/system/deprecated.rst | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
index 851dbdeb8ab..a158e765c33 100644
--- a/docs/system/deprecated.rst
+++ b/docs/system/deprecated.rst
@@ -424,6 +424,13 @@ linux-user mode) is deprecated and will be removed in a 
future version
 of QEMU. Support for this CPU was removed from the upstream Linux
 kernel in 2018, and has also been dropped from glibc.
 
+``ppc64abi32`` CPUs (since 5.2.0)
+'''''''''''''''''''''''''''''''''
+
+The ``ppc64abi32`` architecture has a number of issues which regularly
+trip up our CI testing and is suspected to be quite broken. For that
+reason the maintainers strongly suspect no one actually uses it.
+
 Related binaries
 
 
-- 
2.20.1

Re: [RFC PATCH] docs/system/deprecated: mark ppc64abi32-linux-user for deprecation

[Alex Bennée]

Peter Maydell  writes:

> On Fri, 4 Sep 2020 at 17:52, Alex Bennée  wrote:
>>
>> It's buggy and we are not sure anyone uses it.
>
>> +``ppc64abi32`` CPUs (since 5.2.0)
>> +'''''''''''''''''''''''''''''''''
>> +
>> +The ``ppc64abi32`` architecture has a number of issues which regularly
>> +trip up our CI testing and is suspected to be quite broken.
>> +Furthermore the maintainers are unsure what the correct behaviour
>> +should be and strongly suspect no one actually uses it.
>
> IRC discussion suggests we do know what the correct behaviour
> is -- it should be "what the compat32 interface of a 64-bit
> PPC kernel gives you", it's just that the code doesn't do that
> (and never has?). It's like the mipsn32, mipsn32el, sparc32plus
> ABIs which we also implement (hopefully correctly...)
>
> But "this has always been broken and nobody complained" is
> a good reason to deprecate anyway.

What about tweaking configure? Or should I just manually squash it in
all our CI configs?


-- 
Alex Bennée

Re: [RFC PATCH] docs/system/deprecated: mark ppc64abi32-linux-user for deprecation

[Alex Bennée]

Alex Bennée  writes:

> It's buggy and we are not sure anyone uses it.
>
> Cc: David Gibson 
> Cc: Richard Henderson 
> Signed-off-by: Alex Bennée 

A more aggressive follow-up patch which would also solve the CI failures
across the board:

--8<---cut here---start->8---
configure: don't enable ppc64abi32-linux-user by default

The user can still enable this explicitly but they will get a warning
at the end of configure for their troubles. This also drops any builds
of ppc64abi32 from our CI tests.

Signed-off-by: Alex Bennée 

1 file changed, 27 insertions(+), 19 deletions(-)
configure | 46 +++---

modified   configure
@@ -574,6 +574,8 @@ gettext=""
 bogus_os="no"
 malloc_trim=""
 
+deprecated_features=""
+
 # parse CC options first
 for opt do
   optarg=$(expr "x$opt" : 'x[^=]*=\(.*\)')
@@ -1769,26 +1771,25 @@ if [ "$bsd_user" = "yes" ]; then
 mak_wilds="${mak_wilds} $source_path/default-configs/*-bsd-user.mak"
 fi
 
-if test -z "$target_list_exclude"; then
-for config in $mak_wilds; do
-default_target_list="${default_target_list} $(basename "$config" .mak)"
-done
-else
-exclude_list=$(echo "$target_list_exclude" | sed -e 's/,/ /g')
-for config in $mak_wilds; do
-target="$(basename "$config" .mak)"
-exclude="no"
-for excl in $exclude_list; do
-if test "$excl" = "$target"; then
-exclude="yes"
-break;
-fi
-done
-if test "$exclude" = "no"; then
-default_target_list="${default_target_list} $target"
+if test -z "$target_list_exclude" -a -z "$target_list"; then
+# if the user doesn't specify anything lets skip deprecating stuff
+target_list_exclude=ppc64abi32-linux-user
+fi
+
+exclude_list=$(echo "$target_list_exclude" | sed -e 's/,/ /g')
+for config in $mak_wilds; do
+target="$(basename "$config" .mak)"
+exclude="no"
+for excl in $exclude_list; do
+if test "$excl" = "$target"; then
+exclude="yes"
+break;
 fi
 done
-fi
+if test "$exclude" = "no"; then
+default_target_list="${default_target_list} $target"
+fi
+done
 
 # Enumerate public trace backends for --help output
 trace_backend_list=$(echo $(grep -le '^PUBLIC = True$' 
"$source_path"/scripts/tracetool/backend/*.py | sed -e 
's/^.*\/\(.*\)\.py$/\1/'))
@@ -7691,7 +7692,7 @@ TARGET_SYSTBL=""
 case "$target_name" in
   i386)
 mttcg="yes"
-   gdb_xml_files="i386-32bit.xml"
+gdb_xml_files="i386-32bit.xml"
 TARGET_SYSTBL_ABI=i386
 TARGET_SYSTBL=syscall_32.tbl
   ;;
@@ -7802,6 +7803,7 @@ case "$target_name" in
 TARGET_SYSTBL_ABI=common,nospu,32
 echo "TARGET_ABI32=y" >> $config_target_mak
 gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml 
power-spe.xml power-vsx.xml"
+    deprecated_features="ppc64abi32 ${deprecated_features}"
   ;;
   riscv32)
 TARGET_BASE_ARCH=riscv
@@ -8232,6 +8234,12 @@ fi
 touch ninjatool.stamp
 fi
 
+if test -n "${deprecated_features}"; then
+echo "Warning, deprecated features enabled."
+echo "Please see docs/system/deprecated.rst"
+echo "  features: ${deprecated_features}"
+fi
+
 # Save the configure command line for later reuse.
 cat <config.status
 #!/bin/sh
--8<---cut here---end--->8---

-- 
Alex Bennée

[RFC PATCH] docs/system/deprecated: mark ppc64abi32-linux-user for deprecation

[Alex Bennée]

It's buggy and we are not sure anyone uses it.

Cc: David Gibson 
Cc: Richard Henderson 
Signed-off-by: Alex Bennée 
---
 docs/system/deprecated.rst | 9 +
 1 file changed, 9 insertions(+)

diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
index 851dbdeb8ab..11c763383d9 100644
--- a/docs/system/deprecated.rst
+++ b/docs/system/deprecated.rst
@@ -424,6 +424,15 @@ linux-user mode) is deprecated and will be removed in a 
future version
 of QEMU. Support for this CPU was removed from the upstream Linux
 kernel in 2018, and has also been dropped from glibc.
 
+``ppc64abi32`` CPUs (since 5.2.0)
+'''''''''''''''''''''''''''''''''
+
+The ``ppc64abi32`` architecture has a number of issues which regularly
+trip up our CI testing and is suspected to be quite broken.
+Furthermore the maintainers are unsure what the correct behaviour
+should be and strongly suspect no one actually uses it.
+
+
 Related binaries
 
 
-- 
2.20.1

Re: [PATCH-for-5.1] .travis.yml: Deprecate it in favor of GitLab CI

[Alex Bennée]

Philippe Mathieu-Daudé  writes:

> As of QEMU 5.2 we prefer to focus our CI development on GitLab.
> Mark Travis-CI as deprecated (adding a big warning).

Subject doesn't match body (5.1 vs 5.2)

>
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  docs/system/deprecated.rst | 11 +++
>  .travis.yml|  7 +++
>  2 files changed, 18 insertions(+)
>
> diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
> index 851dbdeb8a..c17a5b0896 100644
> --- a/docs/system/deprecated.rst
> +++ b/docs/system/deprecated.rst
> @@ -17,6 +17,17 @@ they were first deprecated in the 2.10.0 release.
>  What follows is a list of all features currently marked as
>  deprecated.
>  
> +Build and test automation
> +-
> +
> +``Travis-CI`` (Since 5.2)
> +'''''''''''''''''''''''''
> +
> +``Travis-CI`` is deprecated in favor of GitLab-CI.
> +
> +The '.travis.yml' configuration should only be modified to remove jobs
> +when equivalent exist on GitLab-CI. Adding new jobs is not allowed.
> +

As others have pointed out I think we need to start a new document -
docs/devel/ci.rst and start putting things in there.

>  System emulator command line arguments
>  --
>  
> diff --git a/.travis.yml b/.travis.yml
> index 6695c0620f..4ad243f511 100644
> --- a/.travis.yml
> +++ b/.travis.yml
> @@ -1,3 +1,10 @@
> +#  WARNING  WARNING  WARNING  WARNING  WARNING  WARNING  WARNING  WARNING
> +#
> +#  As of QEMU 5.2, this file is now deprecated in favor of GitLab CI.
> +#  Do not modify, except to remove jobs ported to GitLab CI.
> +#
> +#  WARNING  WARNING  WARNING  WARNING  WARNING  WARNING  WARNING  WARNING
> +
>  # The current Travis default is a VM based 16.04 Xenial on GCE
>  # Additional builds with specific requirements for a full VM need to
>  # be added as additional matrix: entries later on


-- 
Alex Bennée