Re: [Qemu-devel] [PATCH v7 6/6] xfs: disable map_sync for async flush

[Pankaj Gupta]

> 
> On Tue, May 07, 2019 at 08:37:01AM -0700, Dan Williams wrote:
> > On Thu, Apr 25, 2019 at 10:03 PM Pankaj Gupta  wrote:
> > >
> > > Dont support 'MAP_SYNC' with non-DAX files and DAX files
> > > with asynchronous dax_device. Virtio pmem provides
> > > asynchronous host page cache flush mechanism. We don't
> > > support 'MAP_SYNC' with virtio pmem and xfs.
> > >
> > > Signed-off-by: Pankaj Gupta 
> > > ---
> > >  fs/xfs/xfs_file.c | 9 ++---
> > >  1 file changed, 6 insertions(+), 3 deletions(-)
> > 
> > Darrick, does this look ok to take through the nvdimm tree?
> 
>  forgot about this, sorry. :/
> 
> > >
> > > diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
> > > index a7ceae90110e..f17652cca5ff 100644
> > > --- a/fs/xfs/xfs_file.c
> > > +++ b/fs/xfs/xfs_file.c
> > > @@ -1203,11 +1203,14 @@ xfs_file_mmap(
> > > struct file *filp,
> > > struct vm_area_struct *vma)
> > >  {
> > > +   struct dax_device   *dax_dev;
> > > +
> > > +   dax_dev = xfs_find_daxdev_for_inode(file_inode(filp));
> > > /*
> > > -* We don't support synchronous mappings for non-DAX files. At
> > > least
> > > -* until someone comes with a sensible use case.
> > > +* We don't support synchronous mappings for non-DAX files and
> > > +* for DAX files if underneath dax_device is not synchronous.
> > >  */
> > > -   if (!IS_DAX(file_inode(filp)) && (vma->vm_flags & VM_SYNC))
> > > +   if (!daxdev_mapping_supported(vma, dax_dev))
> > > return -EOPNOTSUPP;
> 
> LGTM, and I'm fine with it going through nvdimm.  Nothing in
> xfs-5.2-merge touches that function so it should be clean.
> 
> Reviewed-by: Darrick J. Wong 

Thank you for the review.

Pankaj

> 
> --D
> 
> > >
> > > file_accessed(filp);
> > > --
> > > 2.20.1
> > >
> 
> 

Re: [Qemu-devel] [PATCH 11/26] target/mips: Convert to CPUClass::tlb_fill

[Philippe Mathieu-Daudé]

On 4/3/19 5:43 AM, Richard Henderson wrote:
> Note that env->active_tc.PC is removed from the qemu_log as that value
> is garbage.  The PC isn't recovered until cpu_restore_state, called from
> cpu_loop_exit_restore, called from do_raise_exception_err.
> 
> Cc: Aleksandar Markovic 
> Cc: Aleksandar Rikalo 
> Signed-off-by: Richard Henderson 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  target/mips/internal.h  |   5 +-
>  target/mips/cpu.c   |   5 +-
>  target/mips/helper.c| 115 +++-
>  target/mips/op_helper.c |  15 --
>  4 files changed, 61 insertions(+), 79 deletions(-)
> 
> diff --git a/target/mips/internal.h b/target/mips/internal.h
> index 8f6fc919d5..5ec9d0bd65 100644
> --- a/target/mips/internal.h
> +++ b/target/mips/internal.h
> @@ -203,8 +203,9 @@ void cpu_mips_start_count(CPUMIPSState *env);
>  void cpu_mips_stop_count(CPUMIPSState *env);
>  
>  /* helper.c */
> -int mips_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw,
> -  int mmu_idx);
> +bool mips_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
> +   MMUAccessType access_type, int mmu_idx,
> +   bool probe, uintptr_t retaddr);
>  
>  /* op_helper.c */
>  uint32_t float_class_s(uint32_t arg, float_status *fst);
> diff --git a/target/mips/cpu.c b/target/mips/cpu.c
> index e217fb3e36..ebdb834b97 100644
> --- a/target/mips/cpu.c
> +++ b/target/mips/cpu.c
> @@ -197,9 +197,8 @@ static void mips_cpu_class_init(ObjectClass *c, void 
> *data)
>  cc->synchronize_from_tb = mips_cpu_synchronize_from_tb;
>  cc->gdb_read_register = mips_cpu_gdb_read_register;
>  cc->gdb_write_register = mips_cpu_gdb_write_register;
> -#ifdef CONFIG_USER_ONLY
> -cc->handle_mmu_fault = mips_cpu_handle_mmu_fault;
> -#else
> +cc->tlb_fill = mips_cpu_tlb_fill;
> +#ifndef CONFIG_USER_ONLY
>  cc->do_unassigned_access = mips_cpu_unassigned_access;
>  cc->do_unaligned_access = mips_cpu_do_unaligned_access;
>  cc->get_phys_page_debug = mips_cpu_get_phys_page_debug;
> diff --git a/target/mips/helper.c b/target/mips/helper.c
> index c44cdca3b5..7fe0ba4754 100644
> --- a/target/mips/helper.c
> +++ b/target/mips/helper.c
> @@ -874,85 +874,82 @@ refill:
>  #endif
>  #endif
>  
> -int mips_cpu_handle_mmu_fault(CPUState *cs, vaddr address, int size, int rw,
> -  int mmu_idx)
> +bool mips_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
> +   MMUAccessType access_type, int mmu_idx,
> +   bool probe, uintptr_t retaddr)
>  {
>  MIPSCPU *cpu = MIPS_CPU(cs);
>  CPUMIPSState *env = >env;
> -#if !defined(CONFIG_USER_ONLY)
> +int ret = TLBRET_NOMATCH;
> +
> +#ifndef CONFIG_USER_ONLY
>  hwaddr physical;
>  int prot;
> -int access_type;
> -#endif
> -int ret = 0;
> +int mips_access_type = ACCESS_INT;
>  
> -#if 0
> -log_cpu_state(cs, 0);
> -#endif
>  qemu_log_mask(CPU_LOG_MMU,
> -  "%s pc " TARGET_FMT_lx " ad %" VADDR_PRIx " rw %d mmu_idx 
> %d\n",
> -  __func__, env->active_tc.PC, address, rw, mmu_idx);
> +  "%s ad %" VADDR_PRIx " rw %d mmu_idx %d\n",
> +  __func__, address, access_type, mmu_idx);
>  
>  /* data access */
> -#if !defined(CONFIG_USER_ONLY)
>  /* XXX: put correct access by using cpu_restore_state() correctly */
> -access_type = ACCESS_INT;
> -ret = get_physical_address(env, , ,
> -   address, rw, access_type, mmu_idx);
> -switch (ret) {
> -case TLBRET_MATCH:
> +ret = get_physical_address(env, , , address,
> +   access_type, mips_access_type, mmu_idx);
> +if (ret == TLBRET_MATCH) {
>  qemu_log_mask(CPU_LOG_MMU,
>"%s address=%" VADDR_PRIx " physical " TARGET_FMT_plx
>" prot %d\n", __func__, address, physical, prot);
> -break;
> -default:
> -qemu_log_mask(CPU_LOG_MMU,
> -  "%s address=%" VADDR_PRIx " ret %d\n", __func__, 
> address,
> -  ret);
> -break;
> -}
> -if (ret == TLBRET_MATCH) {
>  tlb_set_page(cs, address & TARGET_PAGE_MASK,
>   physical & TARGET_PAGE_MASK, prot | PAGE_EXEC,
>   mmu_idx, TARGET_PAGE_SIZE);
> -ret = 0;
> -} else if (ret < 0)
> -#endif
> -{
> -#if !defined(CONFIG_USER_ONLY)
> -#if !defined(TARGET_MIPS64)
> -if ((ret == TLBRET_NOMATCH) && (env->tlb->nb_tlb > 1)) {
> -/*
> - * Memory reads during hardware page table walking are performed
> - * as if they were kernel-mode load instructions.
> - */
> -int mode = (env->hflags & MIPS_HFLAG_KSU);
> -bool ret_walker;
> -env->hflags &= ~MIPS_HFLAG_KSU;
> -ret_walker = page_table_walk_refill(env, address, 

Re: [Qemu-devel] [PATCH 02/26] tcg: Add CPUClass::tlb_fill

[Philippe Mathieu-Daudé]

On 4/29/19 7:25 PM, Peter Maydell wrote:
> On Wed, 3 Apr 2019 at 04:49, Richard Henderson
>  wrote:
>>
>> This hook will replace the (user-only mode specific) handle_mmu_fault
>> hook, and the (system mode specific) tlb_fill function.
>>
>> The handle_mmu_fault hook was written as if there was a valid
>> way to recover from an mmu fault, and had 3 possible return states.
>> In reality, the only valid action is to raise an exception,
>> return to the main loop, and delver the SIGSEGV to the guest.
> 
> "deliver"
> 
> You might also mention here that all of the implementations
> of handle_mmu_fault for guest architectures which support
> linux-user do in fact only ever return 1.
> 
>>
>> Using the hook for system mode requires that all targets be converted,
>> so for now the hook is (optionally) used only from user-only mode.
>>
>> Signed-off-by: Richard Henderson 
>> ---
>>  include/qom/cpu.h |  9 +
>>  accel/tcg/user-exec.c | 42 ++
>>  2 files changed, 23 insertions(+), 28 deletions(-)
>>
>> diff --git a/include/qom/cpu.h b/include/qom/cpu.h
>> index 1d6099e5d4..7e96a0aed3 100644
>> --- a/include/qom/cpu.h
>> +++ b/include/qom/cpu.h
>> @@ -119,6 +119,12 @@ struct TranslationBlock;
>>   *   will need to do more. If this hook is not implemented then the
>>   *   default is to call @set_pc(tb->pc).
>>   * @handle_mmu_fault: Callback for handling an MMU fault.
>> + * @tlb_fill: Callback for handling a softmmu tlb miss or user-only
>> + *   address fault.  For system mode, if the access is valid, call
>> + *   tlb_set_page and return true; if the access is invalid, and
>> + *   probe is true, return false; otherwise raise an exception and
>> + *   do not return.  For user-only mode, always raise an exception
>> + *   and do not return.
>>   * @get_phys_page_debug: Callback for obtaining a physical address.
>>   * @get_phys_page_attrs_debug: Callback for obtaining a physical address 
>> and the
>>   *   associated memory transaction attributes to use for the access.
>> @@ -194,6 +200,9 @@ typedef struct CPUClass {
>>  void (*synchronize_from_tb)(CPUState *cpu, struct TranslationBlock *tb);
>>  int (*handle_mmu_fault)(CPUState *cpu, vaddr address, int size, int rw,
>>  int mmu_index);
>> +bool (*tlb_fill)(CPUState *cpu, vaddr address, int size,
>> + MMUAccessType access_type, int mmu_idx,
>> + bool probe, uintptr_t retaddr);
>>  hwaddr (*get_phys_page_debug)(CPUState *cpu, vaddr addr);
>>  hwaddr (*get_phys_page_attrs_debug)(CPUState *cpu, vaddr addr,
>>  MemTxAttrs *attrs);
>> diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
>> index fa9380a380..f13c0b2b67 100644
>> --- a/accel/tcg/user-exec.c
>> +++ b/accel/tcg/user-exec.c
>> @@ -65,6 +65,7 @@ static inline int handle_cpu_signal(uintptr_t pc, 
>> siginfo_t *info,
>>  CPUClass *cc;
>>  int ret;
>>  unsigned long address = (unsigned long)info->si_addr;
>> +MMUAccessType access_type;
>>
>>  /* We must handle PC addresses from two different sources:
>>   * a call return address and a signal frame address.
>> @@ -151,40 +152,25 @@ static inline int handle_cpu_signal(uintptr_t pc, 
>> siginfo_t *info,
>>  #if TARGET_LONG_BITS == 32 && HOST_LONG_BITS == 64
>>  g_assert(h2g_valid(address));
>>  #endif
>> -
>> -/* Convert forcefully to guest address space, invalid addresses
>> -   are still valid segv ones */
> 
> This comment is still valid so I don't think it should be deleted.
> 
>>  address = h2g_nocheck(address);
> 
> Otherwise
> 
> Reviewed-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

Re: [Qemu-devel] [PATCH] hw/i2c/smbus_ich9: Fix the confusing contributions-after-2012 statement

[Markus Armbruster]

Cc: Marcel in the hope of getting a pong.

Thomas Huth  writes:

> On 29/03/2019 09.42, Thomas Huth wrote:
>> On 06/02/2019 17.43, Thomas Huth wrote:
>>> The license information in this file is rather confusing. The text
>>> declares LGPL first, but then says that contributions after Jan 2012
>>> are licensed under the GPL instead. How should the average user who
>>> just downloaded the release tarball know which part is now GPL and
>>> which is LGPL? Also, as far as I can see, the file has been added to
>>> QEMU *after* January in 2012, so the whole file should be GPL by
>>> default instead.
>>>
>>> Furthermore, looking at the text of the LGPL (see COPYING.LIB in the
>>> top directory), the license clearly states in section "3." that one
>>> should rather replace the license information in such a case instead.
>>> Thus let's clean up the confusing statements and use the proper GPL
>>> text only.
>>>
>>> While we're at it, also remove the comment about acpi.c, since that
>>> file does not exist under this name in the QEMU tree anymore.
>>>
>>> Signed-off-by: Thomas Huth 
>>> ---
>>>  hw/i2c/smbus_ich9.c | 21 -
>>>  1 file changed, 8 insertions(+), 13 deletions(-)
>>>
>>> diff --git a/hw/i2c/smbus_ich9.c b/hw/i2c/smbus_ich9.c
>>> index 2a8b49e..484aef5 100644
>>> --- a/hw/i2c/smbus_ich9.c
>>> +++ b/hw/i2c/smbus_ich9.c
>>> @@ -6,23 +6,18 @@
>>>   *   VA Linux Systems Japan K.K.
>>>   * Copyright (C) 2012 Jason Baron 
>>>   *
>>> - * This is based on acpi.c, but heavily rewritten.
>>> + * This program is free software; you can redistribute it and/or modify
>>> + * it under the terms of the GNU General Public License as published by
>>> + * the Free Software Foundation; either version 2 of the License, or
>>> + * (at your option) any later version.
>>>   *
>>> - * This library is free software; you can redistribute it and/or
>>> - * modify it under the terms of the GNU Lesser General Public
>>> - * License version 2 as published by the Free Software Foundation.
>>> - *
>>> - * This library is distributed in the hope that it will be useful,
>>> + * This program is distributed in the hope that it will be useful,
>>>   * but WITHOUT ANY WARRANTY; without even the implied warranty of
>>>   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
>>> - * Lesser General Public License for more details.
>>> - *
>>> - * You should have received a copy of the GNU Lesser General Public
>>> - * License along with this library; if not, see 
>>> 
>>> - *
>>> - * Contributions after 2012-01-13 are licensed under the terms of the
>>> - * GNU GPL, version 2 or (at your option) any later version.
>>> + * General Public License for more details.
>>>   *
>>> + * You should have received a copy of the GNU General Public License
>>> + * along with this program; if not, see 
>>>   */
>>>  #include "qemu/osdep.h"
>>>  #include "hw/hw.h"
>>>
>> 
>> Ping?
>
> Ping^2
>
>  Thomas

Re: [Qemu-devel] [PULL 0/2] slirp: move slirp as git submodule project

[Philippe Mathieu-Daudé]

On 5/7/19 7:01 PM, Peter Maydell wrote:
> On Tue, 7 May 2019 at 15:19, Daniel P. Berrangé  wrote:
>> On Tue, May 07, 2019 at 09:11:09AM -0500, Eric Blake wrote:
>>> In the meantime, where do we stand on our goal of disabling in-tree builds?
>>
>> The view was largely positive when we discussed it. So I think it just
>> needs someone to step up with a patch proposal, and at the start of the
>> dev cycle is a good time for such a change i guess.
> 
> Pitfalls to watch out for include checking whether any of:
>  * the tests/vm scripting for the BSDs
>  * various travis/etc CI configs
>  * etc

   * most of roms/

> are currently using in-tree builds.
> Paolo will also need to update his coverity build config.
> 
> thanks
> -- PMM
> 

Re: [Qemu-devel] [PATCH 5/7] cpu: Let architectures set CPU class name format

[Markus Armbruster]

Markus Armbruster  writes:

> Eduardo Habkost  writes:
>
>> Instead of requiring every architecture to implement a
>> class_by_name function, let them set a format string at
>> CPUClass::class_name_format.
>>
>> This will let us get rid of at least 16 class_by_name functions
>> in the next commits.
>>
>> Signed-off-by: Eduardo Habkost 
>> ---
>>  include/qom/cpu.h | 12 
>>  qom/cpu.c | 18 --
>>  2 files changed, 28 insertions(+), 2 deletions(-)
>>
>> diff --git a/include/qom/cpu.h b/include/qom/cpu.h
>> index fefd5c26b0..eda6a46b82 100644
>> --- a/include/qom/cpu.h
>> +++ b/include/qom/cpu.h
>> @@ -163,7 +163,19 @@ typedef struct CPUClass {
>>  DeviceClass parent_class;
>>  /*< public >*/
>>  
>> +/* The following fields configure CPU model name -> QOM type 
>> translation: */
>> +
>> +/*
>> + * arch-specific CPU model -> QOM type translation function.
>> + * Optional if @class_name_format is set.
>> + */
>>  ObjectClass *(*class_by_name)(const char *cpu_model);
>> +/*
>> + * Format string for g_strdup_printf(), used to generate the CPU
>> + * class name.
>
> Please document acceptable conversion specifiers.
>
>> + */
>> +const char *class_name_format;
>> +
>>  void (*parse_features)(const char *typename, char *str, Error **errp);
>>  
>>  void (*reset)(CPUState *cpu);
>> diff --git a/qom/cpu.c b/qom/cpu.c
>> index b971a56242..1fa64941b6 100644
>> --- a/qom/cpu.c
>> +++ b/qom/cpu.c
>> @@ -286,9 +286,23 @@ static bool cpu_common_has_work(CPUState *cs)
>>  CPUClass *cpu_class_by_name(const char *typename, const char *cpu_model)
>>  {
>>  CPUClass *cc = CPU_CLASS(object_class_by_name(typename));
>> +ObjectClass *oc;
>> +char *class_name;
>>  
>> -assert(cpu_model && cc->class_by_name);
>> -return CPU_CLASS(cc->class_by_name(cpu_model));
>> +assert(cpu_model);
>> +if (cc->class_by_name) {
>> +return CPU_CLASS(cc->class_by_name(cpu_model));
>> +}
>> +
>> +assert(cc->class_name_format);
>> +class_name = g_strdup_printf(cc->class_name_format, cpu_model);
>
> Defeats -Wformat.  Triggers -Wformat-nonliteral, which we don't use, I
> presume.  Observation, not objection.
>
> cc->class_name_format must contain exactly one conversion specifier,
> which must take a char *.

s/exactly one/at most one/

PATCH 7 defines formats without a conversion specifier.

>> +oc = object_class_by_name(class_name);
>> +g_free(class_name);
>> +if (!oc || !object_class_dynamic_cast(oc, typename) ||
>> +object_class_is_abstract(oc)) {
>> +return NULL;
>> +}
>> +return CPU_CLASS(oc);
>>  }
>>  
>>  static void cpu_common_parse_features(const char *typename, char *features,

Re: [Qemu-devel] [PATCH v4 05/15] tests: acpi: fetch X_DSDT if pointer to DSDT is 0

[Wei Yang]

On Tue, May 07, 2019 at 12:04:08PM +0200, Igor Mammedov wrote:
>On Sun, 5 May 2019 09:27:45 +0800
>Wei Yang  wrote:
>
>> On Thu, May 02, 2019 at 04:51:53PM +0200, Igor Mammedov wrote:
>> >that way it would be possible to test a DSDT pointed by
>> >64bit X_DSDT field in FADT.
>> >
>> >PS:
>> >it will allow to enable testing arm/virt board, which sets
>> >only newer X_DSDT field.
>> >
>> >Signed-off-by: Igor Mammedov 
>> >---
>> >v4:
>> > * dropping Reviewed-bys due to acpi_fetch_table() change
>> >   introduced by earlier patch:
>> >   "tests: acpi: make acpi_fetch_table() take size of fetched table pointer"
>> >v2:
>> >  add 'val = le32_to_cpu(val)' even if it doesn't necessary
>> >  it works as reminder that value copied from table is in
>> >  little-endian format (Philippe Mathieu-Daudé )
>> >---
>> > tests/bios-tables-test.c | 11 ++-
>> > 1 file changed, 10 insertions(+), 1 deletion(-)
>> >
>> >diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
>> >index a164d27..d165a1b 100644
>> >--- a/tests/bios-tables-test.c
>> >+++ b/tests/bios-tables-test.c
>> >@@ -140,6 +140,9 @@ static void test_acpi_fadt_table(test_data *data)
>> > AcpiSdtTable table = g_array_index(data->tables, typeof(table), 0);
>> > uint8_t *fadt_aml = table.aml;
>> > uint32_t fadt_len = table.aml_len;
>> >+uint32_t val;
>> >+int dsdt_offset = 40 /* DSDT */;
>> >+int dsdt_entry_size = 4;
>> > 
>> > g_assert(compare_signature(, "FACP"));
>> > 
>> >@@ -148,8 +151,14 @@ static void test_acpi_fadt_table(test_data *data)
>> >  fadt_aml + 36 /* FIRMWARE_CTRL */, 4, "FACS", false);
>> > g_array_append_val(data->tables, table);
>> > 
>> >+memcpy(, fadt_aml + dsdt_offset, 4);
>> >+val = le32_to_cpu(val);
>> >+if (!val) {
>> >+dsdt_offset = 140 /* X_DSDT */;
>> 
>> In case we can point out where we get it, e.g. ACPI 5, Table 5-34 FADT 
>> Format.
>> 
>> This may be more helpful for reviewing and maintaining.
>
>for fields we typically use only verbatim field name, so it would be easy
>to find by searching for it in spec. In this case it is obvious about which
>table it applies to, so reference to spec for a field probably excessive.
>
>Complete reference necessary for tables and API functions that implement
>ACPI primitive.
>

That's fine.

Reviewed-by: Wei Yang 

-- 
Wei Yang
Help you, Help me

Re: [Qemu-devel] [PATCH v3 6/7] tests/qemu-iotests/group: Re-use the "auto" group for tests that can always run

[Thomas Huth]

On 07/05/2019 17.50, Eric Blake wrote:
> On 5/7/19 10:22 AM, Thomas Huth wrote:
>> On 07/05/2019 15.22, Markus Armbruster wrote:
>>> Thomas Huth  writes:
>>>
 Currently, all tests are in the "auto" group. This is a little bit 
 pointless.
 OTOH, we need a group for the tests that we can automatically run during
 "make check" each time, too. Tests in this new group are supposed to run
 with every possible QEMU configuration, for example they must run with 
 every
 QEMU binary (also non-x86), without failing when an optional features is
 missing (but reporting "skip" is ok), and be able to run on all kind of 
 host
 filesystems and users (i.e. also as "nobody" or "root").
 So let's use the "auto" group for this class of tests now. The initial
 list has been determined by running the iotests with non-x86 QEMU targets
 and with our CI pipelines on Gitlab, Cirrus-CI and Travis (i.e. including
 macOS and FreeBSD).
>>>
>>> I wonder whether we should additionally limit "make check" to "quick"
>>> tests.  How slow are the non-quick auto tests for you?
>>
>> I already sorted out some of the tests that run vry long, since the
>> run time on gitlab, cirrus-ci and travis is limited. "make check-block"
>> currently takes 3 minutes on my laptop, I think that's still ok?
>>
>> When I run the tests from the auto group that are not in the quick
>> group, I currently get:
>>
> 
> My personal threshold is about 5 seconds for quick, so:
> 
>> 003 1s ...
>> 007 2s ...
> 
> Should these be moved to quick?

I'll leave that decision up to the blocklayer folks ... I thought that
there might have been a different reason that these have not been put
into "quick" yet...?

>> 013 5s ...
> 
> this one is borderline
> 
>> 014 15s ...
>> 015 9s ...
> 
> Definitely not quick, but if you think they are still okay for auto, I
> can live with that.
> 
>> 022 1s ...
> 
> Another candidate for quick?
> 
>> 023 18s ...
> 
> Even longer than 14. Okay for auto?

I think I'd give it a try. If people are complaining later that "make
check" is running now way too long, we still can refine the list later.

 Thomas



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v7 4/6] dax: check synchronous mapping is supported

[Pankaj Gupta]

> 
> From: Pankaj Gupta 
> Date: Thu, Apr 25, 2019 at 10:00 PM
> 
> > +static inline bool daxdev_mapping_supported(struct vm_area_struct *vma,
> > +   struct dax_device *dax_dev)
> > +{
> > +   return !(vma->flags & VM_SYNC);
> > +}
> 
> Shouldn't it be rather `return !(vma->vm_flags & VM_SYNC);`? There is
> no field named `flags` in `struct vm_area_struct`.

Thanks for catching. Sorry! for this. 

Will correct in v8.

Thank you,
Pankaj 

> 
> Thank you,
> Jakub
> 

[Qemu-devel] Fwd: Fwd: How live migration work for vhost-user

[fengyd]

-- Forwarded message -
From: fengyd 
Date: Wed, 8 May 2019 at 12:50
Subject: Re: [Qemu-devel] Fwd: How live migration work for vhost-user
To: Dr. David Alan Gilbert 


Hi,


I checked the DPDK code and found that the function rte_vhost_enqueue_burst
in virtio_net.c is used to receive message.

uint16_t
rte_vhost_enqueue_burst(int vid, uint16_t queue_id,

struct rte_mbuf **pkts, uint16_t count)

{
struct virtio_net *dev = get_device(vid);

if (!dev)

return 0;

if (dev->features & (1 << VIRTIO_NET_F_MRG_RXBUF))
return virtio_dev_merge_rx(dev, queue_id, pkts, count);
else
return virtio_dev_rx(dev, queue_id, pkts, count);

}

If VIRTIO_NET_F_MRG_RXBUF is supported by guest, virtio_dev_merge_rx is
called, otherwise virtio_dev_rx is called.
And in virtio_dev_merge_rx, last_avail_idx will be updated, and in
virtio_dev_rx, last_avail_idx will not be touched, so it is kept as the
initial value 0.

Our guest virito driver doesn't support VIRTIO_NET_F_MRG_RXBUF, so
last_avail_idx QEMU read from DPDK is always 0?


And The strange thing is the function vhost_user_get_vring_base in
vhost_user.c which returns last_avail_idx to QEMU.
I checked the code in v18.05
,
last_avail_idx is assigned to the return message.
msg->payload.state.num = vq->last_avail_idx;

And in DPDK v17.11
,
last_used_idx is assigned to the return message.
msg->payload.state.num = vq->last_used_idx;

On Tue, 30 Apr 2019 at 00:22, Dr. David Alan Gilbert 
wrote:

> * fengyd (fengy...@gmail.com) wrote:
> > Hi,
> >
> > For vhost,  *last_avail_idx*  is maintained in vhost_virtqueue
> > but during live migration, *last_avail_idx*  is fetched from VirtQueue.
> > Do you know how these two *last_avail_idx *are synchronized?
> >
> > virtio_load related code which is called during live migration:
> >
> > * vdev->vq[i].inuse = (uint16_t)(vdev->vq[i].last_avail_idx -*
> > *vdev->vq[i].used_idx);*
> > *if (vdev->vq[i].inuse > vdev->vq[i].vring.num) {*
> > *error_report("VQ %d size 0x%x < last_avail_idx 0x%x - "*
> > * "used_idx 0x%x",*
> > * i, vdev->vq[i].vring.num,*
> > * vdev->vq[i].last_avail_idx,*
>
> I don't know that code well; but I think the answer is that since the
> queues themselves are in guest memory, the guest memory is migrated
> by the normal migration code and so the queues version of last_avail_idx
> should be correct.  The 'log' mechanism I previously mentioned will
> need to make sure the queue pages are marked dirty to make sure these
> are updated correctly.
>
> Dave
>
> >
> >
> > Thanks
> >
> > On Tue, 23 Apr 2019 at 14:20, fengyd  wrote:
> >
> > > Hi,
> > >
> > > I want to add some log to qemu-kvm-ev.
> > > Do you know how to compile qemu-kvm-ev from source code?
> > >
> > > Thanks
> > >
> > > Yafeng
> > >
> > > On Tue, 16 Apr 2019 at 16:47, Dr. David Alan Gilbert <
> dgilb...@redhat.com>
> > > wrote:
> > >
> > >> * fengyd (fengy...@gmail.com) wrote:
> > >> > -- Forwarded message -
> > >> > From: fengyd 
> > >> > Date: Tue, 16 Apr 2019 at 09:17
> > >> > Subject: Re: [Qemu-devel] How live migration work for vhost-user
> > >> > To: Dr. David Alan Gilbert 
> > >> >
> > >> >
> > >> > Hi,
> > >> >
> > >> > Any special feature needs to be supported on guest driver?
> > >> > Because it's OK for standard Linux VM, but not OK for our VM where
> > >> virtio
> > >> > is  implemented by ourself.
> > >>
> > >> I'm not sure; you do have to support that 'log' mechanism but I don't
> > >> know what else is needed.
> > >>
> > >> > And with qemu-kvm-ev-2.6, live migration can work with our VM where
> > >> virtio
> > >> > is  implemented by ourself.
> > >>
> > >> 2.6 is pretty old, so there's a lot of changes - not sure what's
> > >> relevant.
> > >>
> > >> Dave
> > >>
> > >> > Thanks
> > >> > Yafeng
> > >> >
> > >> > On Mon, 15 Apr 2019 at 22:54, Dr. David Alan Gilbert <
> > >> dgilb...@redhat.com>
> > >> > wrote:
> > >> >
> > >> > > * fengyd (fengy...@gmail.com) wrote:
> > >> > > > Hi,
> > >> > > >
> > >> > > > During live migration,  the folloing log can see in
> > >> nova-compute.log in
> > >> > > my
> > >> > > > environment:
> > >> > > >  ERROR nova.virt.libvirt.driver
> > >> [req-039a85e1-e7a1-4a63-bc6d-c4b9a044aab6
> > >> > > > 0cdab20dc79f4bc6ae5790e7b4a898ac
> 3363c319773549178acc67f32c78310e -
> > >> > > default
> > >> > > > default] [instance: 5ec719f4-1865-4afe-a207-3d9fae22c410] Live
> > >> Migration
> > >> > > > failure: internal error: qemu unexpectedly closed the monitor:
> > >> > > > 2019-04-15T02:58:22.213897Z qemu-kvm: VQ 0
> > >> > > > size 0x100 < last_avail_idx 0x1e - used_idx 0x23
> > >> > > >
> > >> > > > It's OK for standard Linux VM, but not OK for our VM where
> virtio is
> 

Re: [Qemu-devel] [PATCH v4 02/24] crypto: Merge crypto-obj-y into libqemuutil.a

[Richard Henderson]

On 5/7/19 8:58 PM, Richard Henderson wrote:
> On 5/7/19 2:03 AM, Laurent Vivier wrote:
>> This patch breaks linux-user statically linked build on Fedora.
>>
>> Fedora doesn't provide static version of nettle and gcrypt, so the configure
>> fails.
>>
>> You should update the configure for them like you did for gnutls in PATCH 1.
> 
> Which fedora?  I just tried fedora30 and it worked for me...

Nevermind, I see it now.


r~

Re: [Qemu-devel] [PATCH 22/26] target/unicore32: Convert to CPUClass::tlb_fill

[Guan Xuetao]

It's OK for unicore32 codes.

Thanks.

Guan Xuetao


> -Original Messages-
> From: "Peter Maydell" 
> Sent Time: 2019-04-30 18:06:03 (Tuesday)
> To: "Richard Henderson" 
> Cc: "QEMU Developers" , "Guan Xuetao" 
> 
> Subject: Re: [Qemu-devel] [PATCH 22/26] target/unicore32: Convert to 
> CPUClass::tlb_fill
> 
> On Wed, 3 Apr 2019 at 04:58, Richard Henderson
>  wrote:
> >
> > Cc: Guan Xuetao 
> > Signed-off-by: Richard Henderson 
> > ---
> >  target/unicore32/cpu.h   |  5 +++--
> >  target/unicore32/cpu.c   |  5 +
> >  target/unicore32/helper.c| 23 ---
> >  target/unicore32/op_helper.c | 14 --
> >  target/unicore32/softmmu.c   | 19 +++
> >  5 files changed, 19 insertions(+), 47 deletions(-)
> 
> Reviewed-by: Peter Maydell 
> 
> You might note in the commit message that we can just delete
> the user-mode (non-)handling of tlb fill because we
> don't support unicore32 linux-user any more.
> 
> thanks
> -- PMM

Re: [Qemu-devel] [PATCH v4 13/24] linux-user: Call qcrypto_init if not using -seed

[Richard Henderson]

On 5/7/19 7:13 AM, Laurent Vivier wrote:
>> -    if (seed_optarg != NULL) {
>> -    qemu_guest_random_seed_main(seed_optarg, _fatal);
>> +    {
>> +    Error *err = NULL;
>> +    if (seed_optarg != NULL) {
>> +    qemu_guest_random_seed_main(seed_optarg, );
>> +    } else {
>> +    /* ??? Assumes qcrypto is only used by qemu_guest_getrandom.  */
> 
> perhaps you can add a qemu_guest_random_init() function close to this
> assumption to call qcrypto_init()? So we will not forget to change this if we
> use something else in the future.

I'm not sure what you're suggesting.

Why would putting qcrypto_init within qemu_guest_random_init make it more
likely that, if something else within linux-user required qcrypto routines, we
would remember to remove qemu_guest_random_init and call qcrypto_init exactly 
once?


r~

Re: [Qemu-devel] [PATCH v4 02/24] crypto: Merge crypto-obj-y into libqemuutil.a

[Richard Henderson]

On 5/7/19 2:03 AM, Laurent Vivier wrote:
> This patch breaks linux-user statically linked build on Fedora.
> 
> Fedora doesn't provide static version of nettle and gcrypt, so the configure
> fails.
> 
> You should update the configure for them like you did for gnutls in PATCH 1.

Which fedora?  I just tried fedora30 and it worked for me...


r~

Re: [Qemu-devel] [Qemu-ppc] [PATCH v3 5/5] pci: Fold pci_get_bus_devfn() into its sole caller

[David Gibson]

On Tue, May 07, 2019 at 12:21:29PM +0200, Greg Kurz wrote:
> On Tue,  7 May 2019 16:23:16 +1000
> David Gibson  wrote:
> 
> > The only remaining caller of pci_get_bus_devfn() is pci_nic_init_nofail(),
> > itself an old compatibility function.  Fold the two together to avoid
> > re-using the stale interface.
> > 
> > While we're there replace the explicit fprintf()s with error_report().
> > 
> > Signed-off-by: David Gibson 
> > ---
> >  hw/pci/pci.c | 61 +---
> >  1 file changed, 29 insertions(+), 32 deletions(-)
> > 
> > diff --git a/hw/pci/pci.c b/hw/pci/pci.c
> > index 7e5f8d001b..90e2743185 100644
> > --- a/hw/pci/pci.c
> > +++ b/hw/pci/pci.c
> > @@ -723,37 +723,6 @@ static int pci_parse_devaddr(const char *addr, int 
> > *domp, int *busp,
> >  return 0;
> >  }
> >  
> > -static PCIBus *pci_get_bus_devfn(int *devfnp, PCIBus *root,
> > - const char *devaddr)
> > -{
> > -int dom, bus;
> > -unsigned slot;
> > -
> > -if (!root) {
> > -fprintf(stderr, "No primary PCI bus\n");
> > -return NULL;
> > -}
> > -
> > -assert(!root->parent_dev);
> > -
> > -if (!devaddr) {
> > -*devfnp = -1;
> > -return pci_find_bus_nr(root, 0);
> > -}
> > -
> > -if (pci_parse_devaddr(devaddr, , , , NULL) < 0) {
> > -return NULL;
> > -}
> > -
> > -if (dom != 0) {
> > -fprintf(stderr, "No support for non-zero PCI domains\n");
> > -return NULL;
> > -}
> > -
> > -*devfnp = PCI_DEVFN(slot, 0);
> > -return pci_find_bus_nr(root, bus);
> > -}
> > -
> >  static void pci_init_cmask(PCIDevice *dev)
> >  {
> >  pci_set_word(dev->cmask + PCI_VENDOR_ID, 0x);
> > @@ -1895,6 +1864,8 @@ PCIDevice *pci_nic_init_nofail(NICInfo *nd, PCIBus 
> > *rootbus,
> >  DeviceState *dev;
> >  int devfn;
> >  int i;
> > +int dom, busnr;
> > +unsigned slot;
> >  
> >  if (nd->model && !strcmp(nd->model, "virtio")) {
> >  g_free(nd->model);
> > @@ -1928,7 +1899,33 @@ PCIDevice *pci_nic_init_nofail(NICInfo *nd, PCIBus 
> > *rootbus,
> >  exit(1);
> >  }
> >  
> > -bus = pci_get_bus_devfn(, rootbus, devaddr);
> > +if (!rootbus) {
> > +error_report("No primary PCI bus");
> > +exit(1);
> > +}
> > +
> > +assert(!rootbus->parent_dev);
> > +
> > +if (!devaddr) {
> > +devfn = -1;
> > +busnr = 0;
> > +bus = pci_find_bus_nr(rootbus, 0);
> 
> This line isn't needed since it is done below...

Oops, missed that when I factored the find_bus_nr out of the if.
Fixed now.

> > +} else {
> > +if (pci_parse_devaddr(devaddr, , , , NULL) < 0) {
> > +error_report("Invalid PCI device address %s for device %s",
> > + devaddr, nd->model);
> > +exit(1);
> > +}
> > +
> > +if (dom != 0) {
> > +error_report("No support for non-zero PCI domains");
> > +exit(1);
> > +}
> > +
> > +devfn = PCI_DEVFN(slot, 0);
> > +}
> > +
> > +bus = pci_find_bus_nr(rootbus, busnr);
> 
> ... here.
> 
> >  if (!bus) {
> >  error_report("Invalid PCI device address %s for device %s",
> >   devaddr, nd->model);
> 
> Maybe output a different message from the one for pci_parse_devaddr()
> failures ? Here, the address is supposed to be well formatted but we
> couldn't find the requested bus.

I thought about that, but couldn't think of a could way of expressing
it.  Since this is only for a legacy option and it was already
ambiguous, I'm not overly concerned by it.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] Question in QEMU : The result of printf does not appear in the qemu VM's log.

[S KH]

Hello.

I'am student studying QEMU hypervisor and SPICE.

In order to find out the calling order of functions in QEMU source, I input
and compiled 'printf ("% s \ n", __ func__) "into source.

And when I run the VM and open 'domain_name.log' in '/ var / log / libvirt
/ qemu', I see that no output from printf is displayed.

I installed qemu on Centos now, but I did not have this problem when I used
qemu in Ubuntu.

I wonder why.

[Qemu-devel] [PATCH v3] i386: Add some MSR based features on Cascadelake-Server CPU model

[Tao Xu]

As noted in "c7a88b52f6 i386: Add new model of Cascadelake-Server"
Because MSR based feature has been supported by QEMU, we add
CPUID_7_0_EDX_ARCH_CAPABILITIES on Cascadelake-Server CPU model,
and add IA32_ARCH_CAPABILITIES MSR based features (RDCL_NO,
IBRS_ALL and SKIP_L1DFL_VMENTRY).

And "014018e19b i386: Make arch_capabilities migratable" has been
in QEMU upstream, the CPUID_7_0_EDX_ARCH_CAPABILITIES can be
safely added into CPU Model.

Signed-off-by: Tao Xu 
---

Changes in v3 -> v2:
- improve the commit message [Daniel and Eric]

Changes in v2:
- rebased patch to latest qemu base
---
 hw/i386/pc.c  | 7 ++-
 target/i386/cpu.c | 6 +-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index d98b737b8f..27c3d25436 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -115,7 +115,12 @@ struct hpet_fw_config hpet_cfg = {.count = UINT8_MAX};
 /* Physical Address of PVH entry point read from kernel ELF NOTE */
 static size_t pvh_start_addr;
 
-GlobalProperty pc_compat_4_0[] = {};
+GlobalProperty pc_compat_4_0[] = {
+{ "Cascadelake-Server" "-" TYPE_X86_CPU, "arch-capabilities", "off" },
+{ "Cascadelake-Server" "-" TYPE_X86_CPU, "rdctl-no", "off" },
+{ "Cascadelake-Server" "-" TYPE_X86_CPU, "ibrs-all", "off" },
+{ "Cascadelake-Server" "-" TYPE_X86_CPU, "skip-l1dfl-vmentry", "off" },
+};
 const size_t pc_compat_4_0_len = G_N_ELEMENTS(pc_compat_4_0);
 
 GlobalProperty pc_compat_3_1[] = {
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 722c5514d4..2aa0a8f9ba 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2536,7 +2536,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_7_0_ECX_PKU |
 CPUID_7_0_ECX_AVX512VNNI,
 .features[FEAT_7_0_EDX] =
-CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD,
+CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_SPEC_CTRL_SSBD |
+CPUID_7_0_EDX_ARCH_CAPABILITIES,
 /* Missing: XSAVES (not supported by some Linux versions,
 * including v4.1 to v4.12).
 * KVM doesn't yet expose any XSAVES state save component,
@@ -2548,6 +2549,9 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_XSAVE_XGETBV1,
 .features[FEAT_6_EAX] =
 CPUID_6_EAX_ARAT,
+.features[FEAT_ARCH_CAPABILITIES] =
+MSR_ARCH_CAP_RDCL_NO | MSR_ARCH_CAP_IBRS_ALL |
+MSR_ARCH_CAP_SKIP_L1DFL_VMENTRY,
 .xlevel = 0x8008,
 .model_id = "Intel Xeon Processor (Cascadelake)",
 },
-- 
2.17.1

Re: [Qemu-devel] [PATCH v2 01/16] hw/ppc/pnv: Use object_initialize_child for correct reference counting

[David Gibson]

On Tue, May 07, 2019 at 06:34:01PM +0200, Philippe Mathieu-Daudé wrote:
> As explained in commit aff39be0ed97:
> 
>   Both functions, object_initialize() and object_property_add_child()
>   increase the reference counter of the new object, so one of the
>   references has to be dropped afterwards to get the reference
>   counting right. Otherwise the child object will not be properly
>   cleaned up when the parent gets destroyed.
>   Thus let's use now object_initialize_child() instead to get the
>   reference counting here right.
> 
> This patch was generated using the following Coccinelle script
> (with a bit of manual fix-up for overly long lines):
> 
>  @use_object_initialize_child@
>  expression parent_obj;
>  expression child_ptr;
>  expression child_name;
>  expression child_type;
>  expression child_size;
>  expression errp;
>  @@
>  (
>  -   object_initialize(child_ptr, child_size, child_type);
>  +   object_initialize_child(parent_obj, child_name,  child_ptr, child_size,
>  +   child_type, _abort, NULL);
>  ... when != parent_obj
>  -   object_property_add_child(parent_obj, child_name, OBJECT(child_ptr), 
> NULL);
>  ...
> ?-   object_unref(OBJECT(child_ptr));
>  |
>  -   object_initialize(child_ptr, child_size, child_type);
>  +   object_initialize_child(parent_obj, child_name,  child_ptr, child_size,
>  +child_type, errp, NULL);
>  ... when != parent_obj
>  -   object_property_add_child(parent_obj, child_name, OBJECT(child_ptr), 
> errp);
>  ...
> ?-   object_unref(OBJECT(child_ptr));
>  )
> 
> While the object_initialize() function doesn't take an
> 'Error *errp' argument, the object_initialize_child() does.
> Since this code is used when a machine is created (and is not
> yet running), we deliberately choose to use the _abort
> argument instead of ignoring errors if an object creation failed.
> 
> Suggested-by: Eduardo Habkost 
> Inspired-by: Thomas Huth 
> Signed-off-by: Philippe Mathieu-Daudé 

Acked-by: David Gibson 

> ---
>  hw/ppc/pnv.c | 12 
>  1 file changed, 4 insertions(+), 8 deletions(-)
> 
> diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
> index dfb4ea5742c..31aa20ee25d 100644
> --- a/hw/ppc/pnv.c
> +++ b/hw/ppc/pnv.c
> @@ -994,14 +994,12 @@ static void pnv_chip_quad_realize(Pnv9Chip *chip9, 
> Error **errp)
>  PnvCore *pnv_core = PNV_CORE(chip->cores + (i * 4) * typesize);
>  int core_id = CPU_CORE(pnv_core)->core_id;
>  
> -object_initialize(eq, sizeof(*eq), TYPE_PNV_QUAD);
>  snprintf(eq_name, sizeof(eq_name), "eq[%d]", core_id);
> +object_initialize_child(OBJECT(chip), eq_name, eq, sizeof(*eq),
> +TYPE_PNV_QUAD, _fatal, NULL);
>  
> -object_property_add_child(OBJECT(chip), eq_name, OBJECT(eq),
> -  _fatal);
>  object_property_set_int(OBJECT(eq), core_id, "id", _fatal);
>  object_property_set_bool(OBJECT(eq), true, "realized", _fatal);
> -object_unref(OBJECT(eq));
>  
>  pnv_xscom_add_subregion(chip, PNV9_XSCOM_EQ_BASE(eq->id),
>  >xscom_regs);
> @@ -1165,10 +1163,9 @@ static void pnv_chip_core_realize(PnvChip *chip, Error 
> **errp)
>  continue;
>  }
>  
> -object_initialize(pnv_core, typesize, typename);
>  snprintf(core_name, sizeof(core_name), "core[%d]", core_hwid);
> -object_property_add_child(OBJECT(chip), core_name, OBJECT(pnv_core),
> -  _fatal);
> +object_initialize_child(OBJECT(chip), core_name, pnv_core, typesize,
> +typename, _fatal, NULL);
>  object_property_set_int(OBJECT(pnv_core), smp_threads, "nr-threads",
>  _fatal);
>  object_property_set_int(OBJECT(pnv_core), core_hwid,
> @@ -1180,7 +1177,6 @@ static void pnv_chip_core_realize(PnvChip *chip, Error 
> **errp)
> OBJECT(chip), _fatal);
>  object_property_set_bool(OBJECT(pnv_core), true, "realized",
>   _fatal);
> -object_unref(OBJECT(pnv_core));
>  
>  /* Each core has an XSCOM MMIO region */
>  if (!pnv_chip_is_power9(chip)) {

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2 02/16] hw/misc/macio: Use object_initialize_child for correct ref. counting

[David Gibson]

On Tue, May 07, 2019 at 06:34:02PM +0200, Philippe Mathieu-Daudé wrote:
> As explained in commit aff39be0ed97:
> 
>   Both functions, object_initialize() and object_property_add_child()
>   increase the reference counter of the new object, so one of the
>   references has to be dropped afterwards to get the reference
>   counting right. Otherwise the child object will not be properly
>   cleaned up when the parent gets destroyed.
>   Thus let's use now object_initialize_child() instead to get the
>   reference counting here right.
> 
> This patch was generated using the following Coccinelle script
> (with a bit of manual fix-up for overly long lines):
> 
>  @use_object_initialize_child@
>  expression parent_obj;
>  expression child_ptr;
>  expression child_name;
>  expression child_type;
>  expression child_size;
>  expression errp;
>  @@
>  (
>  -   object_initialize(child_ptr, child_size, child_type);
>  +   object_initialize_child(parent_obj, child_name,  child_ptr, child_size,
>  +   child_type, _abort, NULL);
>  ... when != parent_obj
>  -   object_property_add_child(parent_obj, child_name, OBJECT(child_ptr), 
> NULL);
>  ...
>  ?-  object_unref(OBJECT(child_ptr));
>  |
>  -   object_initialize(child_ptr, child_size, child_type);
>  +   object_initialize_child(parent_obj, child_name,  child_ptr, child_size,
>  +child_type, errp, NULL);
>  ... when != parent_obj
>  -   object_property_add_child(parent_obj, child_name, OBJECT(child_ptr), 
> errp);
>  ...
>  ?-  object_unref(OBJECT(child_ptr));
>  )
> 
> While the object_initialize() function doesn't take an
> 'Error *errp' argument, the object_initialize_child() does.
> Since this code is used when a machine is created (and is not
> yet running), we deliberately choose to use the _abort
> argument instead of ignoring errors if an object creation failed.
> 
> Suggested-by: Eduardo Habkost 
> Inspired-by: Thomas Huth 
> Signed-off-by: Philippe Mathieu-Daudé 

Acked-by: David Gibson 

> ---
>  hw/misc/macio/macio.c | 8 
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
> index 94da85c8d7d..b726c73022c 100644
> --- a/hw/misc/macio/macio.c
> +++ b/hw/misc/macio/macio.c
> @@ -346,12 +346,12 @@ static void macio_newworld_realize(PCIDevice *d, Error 
> **errp)
>  object_property_set_bool(OBJECT(>gpio), true, "realized", );
>  
>  /* PMU */
> -object_initialize(>pmu, sizeof(s->pmu), TYPE_VIA_PMU);
> +object_initialize_child(OBJECT(s), "pmu", >pmu, sizeof(s->pmu),
> +TYPE_VIA_PMU, _abort, NULL);
>  object_property_set_link(OBJECT(>pmu), OBJECT(sysbus_dev), "gpio",
>   _abort);
>  qdev_prop_set_bit(DEVICE(>pmu), "has-adb", ns->has_adb);
>  qdev_set_parent_bus(DEVICE(>pmu), BUS(>macio_bus));
> -object_property_add_child(OBJECT(s), "pmu", OBJECT(>pmu), NULL);
>  
>  object_property_set_bool(OBJECT(>pmu), true, "realized", );
>  if (err) {
> @@ -365,9 +365,9 @@ static void macio_newworld_realize(PCIDevice *d, Error 
> **errp)
>  sysbus_mmio_get_region(sysbus_dev, 0));
>  } else {
>  /* CUDA */
> -object_initialize(>cuda, sizeof(s->cuda), TYPE_CUDA);
> +object_initialize_child(OBJECT(s), "cuda", >cuda, sizeof(s->cuda),
> +TYPE_CUDA, _abort, NULL);
>  qdev_set_parent_bus(DEVICE(>cuda), BUS(>macio_bus));
> -object_property_add_child(OBJECT(s), "cuda", OBJECT(>cuda), NULL);
>  qdev_prop_set_uint64(DEVICE(>cuda), "timebase-frequency",
>   s->frequency);
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2] i386: Add some MSR based features on Cascadelake-Server CPU model

[Tao Xu]

On 5/7/2019 11:06 PM, Eric Blake wrote:

On 5/7/19 8:07 AM, Daniel P. Berrangé wrote:

On Tue, May 07, 2019 at 08:48:53PM +0800, Tao Xu wrote:

As noted in
http://lists.gnu.org/archive/html/qemu-devel/2018-09/msg02212.html


Rather than pointing to the mailing list post, please just refer
to the git commit hash that patch was merged under, which IIUC
is c7a88b52f62b30c04158eeb07f73e3f72221b6a8.


Because MSR based feature has been supported by QEMU,
we add CPUID_7_0_EDX_ARCH_CAPABILITIES on Cascadelake-Server CPU
model, and add IA32_ARCH_CAPABILITIES MSR based features (RDCL_NO,
IBRS_ALL and SKIP_L1DFL_VMENTRY).

And "014018e19b i386: Make arch_capabilities migratable" has been
in QEMU upstream, the CPUID_7_0_EDX_ARCH_CAPABILITIES can be
safely added into CPU Model.


Also, this paragraph:



Changes in v2:
 - rebased patch to latest qemu base


is useful to the list reader but not to the permanent git history, so it
belongs better...



Signed-off-by: Tao Xu 
---


...here, after the --- marker, so that 'git am' will strip it on the
maintainer's behalf when they prepare the patch for a pull request.



Thank your for your suggestion, Eric. I will rewrite my commit message.

Re: [Qemu-devel] [PATCH v2] i386: Add some MSR based features on Cascadelake-Server CPU model

[Tao Xu]

On 5/7/2019 9:07 PM, Daniel P. Berrangé wrote:

On Tue, May 07, 2019 at 08:48:53PM +0800, Tao Xu wrote:

As noted in
http://lists.gnu.org/archive/html/qemu-devel/2018-09/msg02212.html


Rather than pointing to the mailing list post, please just refer
to the git commit hash that patch was merged under, which IIUC
is c7a88b52f62b30c04158eeb07f73e3f72221b6a8.



Thank you Daniel, I will improve my commit message in the next version 
of patch.



Because MSR based feature has been supported by QEMU,
we add CPUID_7_0_EDX_ARCH_CAPABILITIES on Cascadelake-Server CPU
model, and add IA32_ARCH_CAPABILITIES MSR based features (RDCL_NO,
IBRS_ALL and SKIP_L1DFL_VMENTRY).


...

[Qemu-devel] [PATCH v3 34/39] cpu: Move icount_decr to CPUNegativeOffsetState

[Richard Henderson]

Amusingly, we had already ignored the comment to keep this value at the
end of CPUState.  This restores the minimum negative offset from TCG_AREG0
for code generation.

For the couple of uses within qom/cpu.c, add a pointer from the CPUState
object to the IcountDecr object within CPUNegativeOffsetState.

Signed-off-by: Richard Henderson 
---
 include/exec/cpu-all.h|  1 +
 include/exec/cpu-defs.h   |  3 ++-
 include/exec/gen-icount.h | 16 ++--
 include/qom/cpu.h | 40 ++-
 accel/tcg/cpu-exec.c  | 23 +++---
 accel/tcg/tcg-all.c   |  6 ++
 accel/tcg/translate-all.c |  8 
 cpus.c|  9 +
 qom/cpu.c |  4 ++--
 9 files changed, 56 insertions(+), 54 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 5ae83405c8..253dd1d9a5 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -380,6 +380,7 @@ int cpu_exec(CPUState *cpu);
 static inline void cpu_set_cpustate_pointers(ArchCPU *cpu)
 {
 cpu->parent_obj.env_ptr = >env;
+cpu->parent_obj.icount_decr_ptr = >neg.icount_decr;
 }
 
 /**
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index ad97991faf..3971910653 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -33,6 +33,7 @@
 #include "exec/hwaddr.h"
 #endif
 #include "exec/memattrs.h"
+#include "qom/cpu.h"
 
 #include "cpu-param.h"
 
@@ -232,7 +233,7 @@ typedef struct CPUTLB {
  * before CPUArchState, as a field named "neg".
  */
 typedef struct CPUNegativeOffsetState {
-/* Empty */
+IcountDecr icount_decr;
 } CPUNegativeOffsetState;
 
 #endif
diff --git a/include/exec/gen-icount.h b/include/exec/gen-icount.h
index 9cfa6ccce5..f7669b6841 100644
--- a/include/exec/gen-icount.h
+++ b/include/exec/gen-icount.h
@@ -5,8 +5,6 @@
 
 /* Helpers for instruction counting code generation.  */
 
-#define ENV_OFFSET   offsetof(ArchCPU, env)
-
 static TCGOp *icount_start_insn;
 
 static inline void gen_tb_start(TranslationBlock *tb)
@@ -21,7 +19,8 @@ static inline void gen_tb_start(TranslationBlock *tb)
 }
 
 tcg_gen_ld_i32(count, cpu_env,
-   -ENV_OFFSET + offsetof(CPUState, icount_decr.u32));
+   offsetof(ArchCPU, neg.icount_decr.u32) -
+   offsetof(ArchCPU, env));
 
 if (tb_cflags(tb) & CF_USE_ICOUNT) {
 imm = tcg_temp_new_i32();
@@ -39,7 +38,8 @@ static inline void gen_tb_start(TranslationBlock *tb)
 
 if (tb_cflags(tb) & CF_USE_ICOUNT) {
 tcg_gen_st16_i32(count, cpu_env,
- -ENV_OFFSET + offsetof(CPUState, 
icount_decr.u16.low));
+ offsetof(ArchCPU, neg.icount_decr.u16.low) -
+ offsetof(ArchCPU, env));
 }
 
 tcg_temp_free_i32(count);
@@ -60,14 +60,18 @@ static inline void gen_tb_end(TranslationBlock *tb, int 
num_insns)
 static inline void gen_io_start(void)
 {
 TCGv_i32 tmp = tcg_const_i32(1);
-tcg_gen_st_i32(tmp, cpu_env, -ENV_OFFSET + offsetof(CPUState, can_do_io));
+tcg_gen_st_i32(tmp, cpu_env,
+   offsetof(ArchCPU, parent_obj.can_do_io) -
+   offsetof(ArchCPU, env));
 tcg_temp_free_i32(tmp);
 }
 
 static inline void gen_io_end(void)
 {
 TCGv_i32 tmp = tcg_const_i32(0);
-tcg_gen_st_i32(tmp, cpu_env, -ENV_OFFSET + offsetof(CPUState, can_do_io));
+tcg_gen_st_i32(tmp, cpu_env,
+   offsetof(ArchCPU, parent_obj.can_do_io) -
+   offsetof(ArchCPU, env));
 tcg_temp_free_i32(tmp);
 }
 
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 08abcbd3fe..0d8fc1caa6 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -226,17 +226,25 @@ typedef struct CPUClass {
 bool gdb_stop_before_watchpoint;
 } CPUClass;
 
+/*
+ * Low 16 bits: number of cycles left, used only in icount mode.
+ * High 16 bits: Set to -1 to force TCG to stop executing linked TBs
+ * for this CPU and return to its top level loop (even in non-icount mode).
+ * This allows a single read-compare-cbranch-write sequence to test
+ * for both decrementer underflow and exceptions.
+ */
+typedef union IcountDecr {
+uint32_t u32;
+struct {
 #ifdef HOST_WORDS_BIGENDIAN
-typedef struct icount_decr_u16 {
-uint16_t high;
-uint16_t low;
-} icount_decr_u16;
+uint16_t high;
+uint16_t low;
 #else
-typedef struct icount_decr_u16 {
-uint16_t low;
-uint16_t high;
-} icount_decr_u16;
+uint16_t low;
+uint16_t high;
 #endif
+} u16;
+} IcountDecr;
 
 typedef struct CPUBreakpoint {
 vaddr pc;
@@ -308,11 +316,6 @@ struct qemu_work_item;
  * @crash_occurred: Indicates the OS reported a crash (panic) for this CPU
  * @singlestep_enabled: Flags for single-stepping.
  * @icount_extra: Instructions until next timer event.
- * @icount_decr: Low 16 bits: number of cycles left, only used in icount mode.
- * High 16 bits: Set to -1 to force TCG to stop 

[Qemu-devel] [PATCH v3 39/39] tcg/arm: Remove mostly unreachable tlb special case

[Richard Henderson]

There was nothing armv7 specific about the bic+cmp sequence, however
looking at the set of guests more closely shows that the 8-bit immediate
operand for the bic can only be satisfied with one guest in tree:
baseline m-profile -- 10-bit pages with aligned 4-byte memory ops.
Therefore it does not seem useful to keep this path.

Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target.inc.c | 23 ---
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/tcg/arm/tcg-target.inc.c b/tcg/arm/tcg-target.inc.c
index ac813abfb8..e0fcc1d990 100644
--- a/tcg/arm/tcg-target.inc.c
+++ b/tcg/arm/tcg-target.inc.c
@@ -1290,19 +1290,20 @@ static TCGReg tcg_out_tlb_read(TCGContext *s, TCGReg 
addrlo, TCGReg addrhi,
 tcg_out_ld32_12(s, COND_AL, TCG_REG_R1, TCG_REG_R1,
 offsetof(CPUTLBEntry, addend));
 
-/* Check alignment, check comparators.  */
-if (use_armv7_instructions) {
+/*
+ * Check alignment, check comparators.
+ * Do this in no more than 3 insns.  Use MOVW for v7, if possible,
+ * to reduce the number of sequential conditional instructions.
+ * Almost all guests have at least 4k pages, which means that we need
+ * to clear at least 9 bits even for an 8-byte memory, which means it
+ * isn't worth checking for an immediate operand for BIC.
+ */
+if (use_armv7_instructions && TARGET_PAGE_BITS <= 16) {
 tcg_target_ulong mask = ~(TARGET_PAGE_MASK | ((1 << a_bits) - 1));
-int rot = encode_imm(mask);
 
-if (rot >= 0) { 
-tcg_out_dat_imm(s, COND_AL, ARITH_BIC, TCG_REG_TMP, addrlo,
-rotl(mask, rot) | (rot << 7));
-} else {
-tcg_out_movi32(s, COND_AL, TCG_REG_TMP, mask);
-tcg_out_dat_reg(s, COND_AL, ARITH_BIC, TCG_REG_TMP,
-addrlo, TCG_REG_TMP, 0);
-}
+tcg_out_movi32(s, COND_AL, TCG_REG_TMP, mask);
+tcg_out_dat_reg(s, COND_AL, ARITH_BIC, TCG_REG_TMP,
+addrlo, TCG_REG_TMP, 0);
 tcg_out_dat_reg(s, COND_AL, ARITH_CMP, 0, TCG_REG_R2, TCG_REG_TMP, 0);
 } else {
 if (a_bits) {
-- 
2.17.1

Re: [Qemu-devel] [PATCH] target/riscv: More accurate handling of `sip` CSR

[Palmer Dabbelt]

On Tue, 07 May 2019 15:36:46 PDT (-0700), jonat...@fintelia.io wrote:

According to the spec, "All bits besides SSIP, USIP, and UEIP in the sip
register are read-only." Further, if an interrupt is not delegated to mode x,
then "the corresponding bits in xip [...] should appear to be hardwired to
zero. This patch implements both of those requirements.

Signed-off-by: Jonathan Behrens 
---
 target/riscv/csr.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 1ec1222da1..fff7d834e8 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -246,6 +246,7 @@ static const target_ulong sstatus_v1_9_mask = SSTATUS_SIE | 
SSTATUS_SPIE |
 static const target_ulong sstatus_v1_10_mask = SSTATUS_SIE | SSTATUS_SPIE |
 SSTATUS_UIE | SSTATUS_UPIE | SSTATUS_SPP | SSTATUS_FS | SSTATUS_XS |
 SSTATUS_SUM | SSTATUS_MXR | SSTATUS_SD;
+static const target_ulong sip_writable_mask = SIP_SSIP | MIP_USIP | MIP_UEIP;

 #if defined(TARGET_RISCV32)
 static const char valid_vm_1_09[16] = {
@@ -694,8 +695,10 @@ static int write_sbadaddr(CPURISCVState *env, int csrno, 
target_ulong val)
 static int rmw_sip(CPURISCVState *env, int csrno, target_ulong *ret_value,
target_ulong new_value, target_ulong write_mask)
 {
-return rmw_mip(env, CSR_MSTATUS, ret_value, new_value,
-   write_mask & env->mideleg);
+int ret = rmw_mip(env, CSR_MSTATUS, ret_value, new_value,
+  write_mask & env->mideleg & sip_writable_mask);
+*ret_value &= env->mideleg;
+return ret;
 }

 /* Supervisor Protection and Translation */


Reviewed-by: Palmer Dabbelt 

Thanks!

Re: [Qemu-devel] [PATCH v4 09/24] ui/vnc: Use gcrypto_random_bytes for start_auth_vnc

[Richard Henderson]

On 5/7/19 3:49 AM, Laurent Vivier wrote:
>>     void start_auth_vnc(VncState *vs)
>>   {
>> -    make_challenge(vs);
>> +    Error *err = NULL;
>> +
>> +    if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), )) {
>> +    trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
>> +    error_get_pretty(err));
>> +    error_free(err);
>> +    authentication_failed(vs);
>> +    return;
>> +    }
>> +
> 
> This part is weird for me: if auth fails we send "vnc_write_u32(vs, 1)" but if
> it succeeds we send the challenge. There is no success value to send (like
> "vnc_write_u32(vs, 0)") ?

There is, but this code is a mess of callbacks.  In this case it happens toward
the end of protocol_client_auth_vnc:

   2604 trace_vnc_auth_pass(vs, vs->auth);
   2605 vnc_write_u32(vs, 0); /* Accept auth */
   2606 vnc_flush(vs);


r~

[Qemu-devel] [PATCH v3 32/39] cpu: Introduce cpu_set_cpustate_pointers

[Richard Henderson]

Consolidate some boilerplate from foo_cpu_initfn.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 include/exec/cpu-all.h  | 11 +++
 target/alpha/cpu.c  |  3 +--
 target/arm/cpu.c|  3 +--
 target/cris/cpu.c   |  3 +--
 target/hppa/cpu.c   |  2 +-
 target/i386/cpu.c   |  3 +--
 target/lm32/cpu.c   |  3 +--
 target/m68k/cpu.c   |  4 +---
 target/microblaze/cpu.c |  3 +--
 target/mips/cpu.c   |  3 +--
 target/moxie/cpu.c  |  3 +--
 target/nios2/cpu.c  |  6 ++
 target/openrisc/cpu.c   |  3 +--
 target/ppc/translate_init.inc.c |  3 +--
 target/riscv/cpu.c  |  3 +--
 target/s390x/cpu.c  |  9 +
 target/sh4/cpu.c|  3 +--
 target/sparc/cpu.c  |  3 +--
 target/tilegx/cpu.c |  4 +---
 target/tricore/cpu.c|  4 +---
 target/unicore32/cpu.c  |  3 +--
 target/xtensa/cpu.c |  3 +--
 22 files changed, 37 insertions(+), 48 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index c62f07b354..71154070a7 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -371,6 +371,17 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
 
 int cpu_exec(CPUState *cpu);
 
+/**
+ * cpu_set_cpustate_pointers(cpu)
+ * @cpu: The cpu object
+ *
+ * Set the generic pointers in CPUState into the outer object.
+ */
+static inline void cpu_set_cpustate_pointers(ArchCPU *cpu)
+{
+cpu->parent_obj.env_ptr = >env;
+}
+
 /**
  * env_archcpu(env)
  * @env: The architecture environment
diff --git a/target/alpha/cpu.c b/target/alpha/cpu.c
index ad3588a44a..b771b9f3fe 100644
--- a/target/alpha/cpu.c
+++ b/target/alpha/cpu.c
@@ -191,11 +191,10 @@ static void ev67_cpu_initfn(Object *obj)
 
 static void alpha_cpu_initfn(Object *obj)
 {
-CPUState *cs = CPU(obj);
 AlphaCPU *cpu = ALPHA_CPU(obj);
 CPUAlphaState *env = >env;
 
-cs->env_ptr = env;
+cpu_set_cpustate_pointers(cpu);
 
 env->lock_addr = -1;
 #if defined(CONFIG_USER_ONLY)
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index a181fa8dc1..79d5096270 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -698,10 +698,9 @@ static void cpreg_hashtable_data_destroy(gpointer data)
 
 static void arm_cpu_initfn(Object *obj)
 {
-CPUState *cs = CPU(obj);
 ARMCPU *cpu = ARM_CPU(obj);
 
-cs->env_ptr = >env;
+cpu_set_cpustate_pointers(cpu);
 cpu->cp_regs = g_hash_table_new_full(g_int_hash, g_int_equal,
  g_free, cpreg_hashtable_data_destroy);
 
diff --git a/target/cris/cpu.c b/target/cris/cpu.c
index 75729bfdd5..070f8be363 100644
--- a/target/cris/cpu.c
+++ b/target/cris/cpu.c
@@ -172,12 +172,11 @@ static void cris_disas_set_info(CPUState *cpu, 
disassemble_info *info)
 
 static void cris_cpu_initfn(Object *obj)
 {
-CPUState *cs = CPU(obj);
 CRISCPU *cpu = CRIS_CPU(obj);
 CRISCPUClass *ccc = CRIS_CPU_GET_CLASS(obj);
 CPUCRISState *env = >env;
 
-cs->env_ptr = env;
+cpu_set_cpustate_pointers(cpu);
 
 env->pregs[PR_VR] = ccc->vr;
 
diff --git a/target/hppa/cpu.c b/target/hppa/cpu.c
index e64f48581e..fdff057793 100644
--- a/target/hppa/cpu.c
+++ b/target/hppa/cpu.c
@@ -134,7 +134,7 @@ static void hppa_cpu_initfn(Object *obj)
 HPPACPU *cpu = HPPA_CPU(obj);
 CPUHPPAState *env = >env;
 
-cs->env_ptr = env;
+cpu_set_cpustate_pointers(cpu);
 cs->exception_index = -1;
 cpu_hppa_loaded_fr0(env);
 cpu_hppa_put_psw(env, PSW_W);
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 5b84629f91..7eff4c4dea 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5588,13 +5588,12 @@ static void x86_cpu_get_crash_info_qom(Object *obj, 
Visitor *v,
 
 static void x86_cpu_initfn(Object *obj)
 {
-CPUState *cs = CPU(obj);
 X86CPU *cpu = X86_CPU(obj);
 X86CPUClass *xcc = X86_CPU_GET_CLASS(obj);
 CPUX86State *env = >env;
 FeatureWord w;
 
-cs->env_ptr = env;
+cpu_set_cpustate_pointers(cpu);
 
 object_property_add(obj, "family", "int",
 x86_cpuid_version_get_family,
diff --git a/target/lm32/cpu.c b/target/lm32/cpu.c
index 282da19994..ebcbd2faa8 100644
--- a/target/lm32/cpu.c
+++ b/target/lm32/cpu.c
@@ -142,11 +142,10 @@ static void lm32_cpu_realizefn(DeviceState *dev, Error 
**errp)
 
 static void lm32_cpu_initfn(Object *obj)
 {
-CPUState *cs = CPU(obj);
 LM32CPU *cpu = LM32_CPU(obj);
 CPULM32State *env = >env;
 
-cs->env_ptr = env;
+cpu_set_cpustate_pointers(cpu);
 
 env->flags = 0;
 }
diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index 582e3a73b3..930e1be59f 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -238,11 +238,9 @@ static void m68k_cpu_realizefn(DeviceState *dev, Error 
**errp)
 
 static void m68k_cpu_initfn(Object *obj)
 {
-CPUState *cs = CPU(obj);
 M68kCPU 

[Qemu-devel] [PATCH v3 30/39] target/xtensa: Use env_cpu, env_archcpu

[Richard Henderson]

Move cpu_get_tb_cpu_state below the include of "exec/cpu-all.h"
so that the definition of env_cpu is available.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/xtensa/cpu.h  | 17 ++---
 hw/xtensa/pic_cpu.c  |  2 +-
 linux-user/xtensa/cpu_loop.c |  2 +-
 target/xtensa/dbg_helper.c   |  4 ++--
 target/xtensa/exc_helper.c   |  9 -
 target/xtensa/helper.c   |  2 +-
 target/xtensa/mmu_helper.c   | 11 ---
 target/xtensa/xtensa-semi.c  |  2 +-
 8 files changed, 20 insertions(+), 29 deletions(-)

diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h
index a20541b5d6..86c88eae40 100644
--- a/target/xtensa/cpu.h
+++ b/target/xtensa/cpu.h
@@ -529,11 +529,6 @@ struct XtensaCPU {
 CPUXtensaState env;
 };
 
-static inline XtensaCPU *xtensa_env_get_cpu(const CPUXtensaState *env)
-{
-return container_of(env, XtensaCPU, env);
-}
-
 #define ENV_OFFSET offsetof(XtensaCPU, env)
 
 
@@ -711,10 +706,15 @@ static inline int cpu_mmu_index(CPUXtensaState *env, bool 
ifetch)
 #define XTENSA_CSBASE_LBEG_OFF_MASK 0x00ff
 #define XTENSA_CSBASE_LBEG_OFF_SHIFT 16
 
+typedef CPUXtensaState CPUArchState;
+typedef XtensaCPU ArchCPU;
+
+#include "exec/cpu-all.h"
+
 static inline void cpu_get_tb_cpu_state(CPUXtensaState *env, target_ulong *pc,
 target_ulong *cs_base, uint32_t *flags)
 {
-CPUState *cs = CPU(xtensa_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 *pc = env->pc;
 *cs_base = 0;
@@ -784,9 +784,4 @@ static inline void cpu_get_tb_cpu_state(CPUXtensaState 
*env, target_ulong *pc,
 }
 }
 
-typedef CPUXtensaState CPUArchState;
-typedef XtensaCPU ArchCPU;
-
-#include "exec/cpu-all.h"
-
 #endif
diff --git a/hw/xtensa/pic_cpu.c b/hw/xtensa/pic_cpu.c
index a8939f5e58..df3acbb541 100644
--- a/hw/xtensa/pic_cpu.c
+++ b/hw/xtensa/pic_cpu.c
@@ -33,7 +33,7 @@
 
 void check_interrupts(CPUXtensaState *env)
 {
-CPUState *cs = CPU(xtensa_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int minlevel = xtensa_get_cintlevel(env);
 uint32_t int_set_enabled = env->sregs[INTSET] & env->sregs[INTENABLE];
 int level;
diff --git a/linux-user/xtensa/cpu_loop.c b/linux-user/xtensa/cpu_loop.c
index bee78edb8a..64831c9199 100644
--- a/linux-user/xtensa/cpu_loop.c
+++ b/linux-user/xtensa/cpu_loop.c
@@ -123,7 +123,7 @@ static void xtensa_underflow12(CPUXtensaState *env)
 
 void cpu_loop(CPUXtensaState *env)
 {
-CPUState *cs = CPU(xtensa_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 target_siginfo_t info;
 abi_ulong ret;
 int trapnr;
diff --git a/target/xtensa/dbg_helper.c b/target/xtensa/dbg_helper.c
index cd8fbd653a..be1f81107b 100644
--- a/target/xtensa/dbg_helper.c
+++ b/target/xtensa/dbg_helper.c
@@ -71,7 +71,7 @@ void HELPER(wsr_ibreaka)(CPUXtensaState *env, uint32_t i, 
uint32_t v)
 static void set_dbreak(CPUXtensaState *env, unsigned i, uint32_t dbreaka,
 uint32_t dbreakc)
 {
-CPUState *cs = CPU(xtensa_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int flags = BP_CPU | BP_STOP_BEFORE_ACCESS;
 uint32_t mask = dbreakc | ~DBREAKC_MASK;
 
@@ -118,7 +118,7 @@ void HELPER(wsr_dbreakc)(CPUXtensaState *env, uint32_t i, 
uint32_t v)
 set_dbreak(env, i, env->sregs[DBREAKA + i], v);
 } else {
 if (env->cpu_watchpoint[i]) {
-CPUState *cs = CPU(xtensa_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cpu_watchpoint_remove_by_ref(cs, env->cpu_watchpoint[i]);
 env->cpu_watchpoint[i] = NULL;
diff --git a/target/xtensa/exc_helper.c b/target/xtensa/exc_helper.c
index 4a1f7aef5d..601341d13a 100644
--- a/target/xtensa/exc_helper.c
+++ b/target/xtensa/exc_helper.c
@@ -34,7 +34,7 @@
 
 void HELPER(exception)(CPUXtensaState *env, uint32_t excp)
 {
-CPUState *cs = CPU(xtensa_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = excp;
 if (excp == EXCP_YIELD) {
@@ -100,7 +100,7 @@ void HELPER(debug_exception)(CPUXtensaState *env, uint32_t 
pc, uint32_t cause)
 
 void HELPER(waiti)(CPUXtensaState *env, uint32_t pc, uint32_t intlevel)
 {
-CPUState *cpu;
+CPUState *cpu = env_cpu(env);
 
 env->pc = pc;
 env->sregs[PS] = (env->sregs[PS] & ~PS_INTLEVEL) |
@@ -111,11 +111,10 @@ void HELPER(waiti)(CPUXtensaState *env, uint32_t pc, 
uint32_t intlevel)
 qemu_mutex_unlock_iothread();
 
 if (env->pending_irq_level) {
-cpu_loop_exit(CPU(xtensa_env_get_cpu(env)));
+cpu_loop_exit(cpu);
 return;
 }
 
-cpu = CPU(xtensa_env_get_cpu(env));
 cpu->halted = 1;
 HELPER(exception)(env, EXCP_HLT);
 }
@@ -165,7 +164,7 @@ static void handle_interrupt(CPUXtensaState *env)
 (env->config->level_mask[level] &
  env->sregs[INTSET] &
  env->sregs[INTENABLE])) {
-CPUState *cs = CPU(xtensa_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 if (level > 1) {
 

[Qemu-devel] [PATCH v3 31/39] cpu: Move ENV_OFFSET to exec/gen-icount.h

[Richard Henderson]

Now that we have ArchCPU, we can define this generically,
in the one place that needs it.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 include/exec/gen-icount.h | 2 ++
 target/alpha/cpu.h| 1 -
 target/arm/cpu.h  | 2 --
 target/cris/cpu.h | 1 -
 target/hppa/cpu.h | 1 -
 target/i386/cpu.h | 1 -
 target/lm32/cpu.h | 1 -
 target/m68k/cpu.h | 1 -
 target/microblaze/cpu.h   | 1 -
 target/mips/cpu.h | 1 -
 target/moxie/cpu.h| 1 -
 target/nios2/cpu.h| 1 -
 target/openrisc/cpu.h | 1 -
 target/ppc/cpu.h  | 1 -
 target/riscv/cpu.h| 2 --
 target/s390x/cpu.h| 1 -
 target/sh4/cpu.h  | 1 -
 target/sparc/cpu.h| 1 -
 target/tilegx/cpu.h   | 1 -
 target/tricore/cpu.h  | 1 -
 target/unicore32/cpu.h| 1 -
 target/xtensa/cpu.h   | 2 --
 22 files changed, 2 insertions(+), 24 deletions(-)

diff --git a/include/exec/gen-icount.h b/include/exec/gen-icount.h
index 24f7991781..9cfa6ccce5 100644
--- a/include/exec/gen-icount.h
+++ b/include/exec/gen-icount.h
@@ -5,6 +5,8 @@
 
 /* Helpers for instruction counting code generation.  */
 
+#define ENV_OFFSET   offsetof(ArchCPU, env)
+
 static TCGOp *icount_start_insn;
 
 static inline void gen_tb_start(TranslationBlock *tb)
diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index 53c085f691..66782cf5d4 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -273,7 +273,6 @@ struct AlphaCPU {
 QEMUTimer *alarm_timer;
 };
 
-#define ENV_OFFSET offsetof(AlphaCPU, env)
 
 #ifndef CONFIG_USER_ONLY
 extern const struct VMStateDescription vmstate_alpha_cpu;
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c54c67fde4..23beb1de9a 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -915,8 +915,6 @@ void arm_cpu_post_init(Object *obj);
 
 uint64_t arm_cpu_mp_affinity(int idx, uint8_t clustersz);
 
-#define ENV_OFFSET offsetof(ARMCPU, env)
-
 #ifndef CONFIG_USER_ONLY
 extern const struct VMStateDescription vmstate_arm_cpu;
 #endif
diff --git a/target/cris/cpu.h b/target/cris/cpu.h
index 7f244ad545..c19fdcec1e 100644
--- a/target/cris/cpu.h
+++ b/target/cris/cpu.h
@@ -183,7 +183,6 @@ struct CRISCPU {
 CPUCRISState env;
 };
 
-#define ENV_OFFSET offsetof(CRISCPU, env)
 
 #ifndef CONFIG_USER_ONLY
 extern const struct VMStateDescription vmstate_cris_cpu;
diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index a5ddc53bf1..58b2bf2933 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -222,7 +222,6 @@ struct HPPACPU {
 QEMUTimer *alarm_timer;
 };
 
-#define ENV_OFFSET  offsetof(HPPACPU, env)
 
 typedef CPUHPPAState CPUArchState;
 typedef HPPACPU ArchCPU;
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index e7f94437b1..a9cfb42b22 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1479,7 +1479,6 @@ struct X86CPU {
 int32_t hv_max_vps;
 };
 
-#define ENV_OFFSET offsetof(X86CPU, env)
 
 #ifndef CONFIG_USER_ONLY
 extern struct VMStateDescription vmstate_x86_cpu;
diff --git a/target/lm32/cpu.h b/target/lm32/cpu.h
index 8e7b70a275..4234a439a3 100644
--- a/target/lm32/cpu.h
+++ b/target/lm32/cpu.h
@@ -195,7 +195,6 @@ struct LM32CPU {
 uint32_t features;
 };
 
-#define ENV_OFFSET offsetof(LM32CPU, env)
 
 #ifndef CONFIG_USER_ONLY
 extern const struct VMStateDescription vmstate_lm32_cpu;
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index f8d5a0819b..02fbff3625 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -163,7 +163,6 @@ struct M68kCPU {
 CPUM68KState env;
 };
 
-#define ENV_OFFSET offsetof(M68kCPU, env)
 
 void m68k_cpu_do_interrupt(CPUState *cpu);
 bool m68k_cpu_exec_interrupt(CPUState *cpu, int int_req);
diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index 7b85beb556..1becb9270b 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -310,7 +310,6 @@ struct MicroBlazeCPU {
 CPUMBState env;
 };
 
-#define ENV_OFFSET offsetof(MicroBlazeCPU, env)
 
 void mb_cpu_do_interrupt(CPUState *cs);
 bool mb_cpu_exec_interrupt(CPUState *cs, int int_req);
diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index e0645eb1d1..52286fcb0e 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -1051,7 +1051,6 @@ struct MIPSCPU {
 CPUMIPSState env;
 };
 
-#define ENV_OFFSET offsetof(MIPSCPU, env)
 
 void mips_cpu_list(void);
 
diff --git a/target/moxie/cpu.h b/target/moxie/cpu.h
index a481a92833..ebe1c66f52 100644
--- a/target/moxie/cpu.h
+++ b/target/moxie/cpu.h
@@ -90,7 +90,6 @@ typedef struct MoxieCPU {
 CPUMoxieState env;
 } MoxieCPU;
 
-#define ENV_OFFSET offsetof(MoxieCPU, env)
 
 void moxie_cpu_do_interrupt(CPUState *cs);
 void moxie_cpu_dump_state(CPUState *cpu, FILE *f, int flags);
diff --git a/target/nios2/cpu.h b/target/nios2/cpu.h
index f2ffc1469f..96c8193179 100644
--- a/target/nios2/cpu.h
+++ b/target/nios2/cpu.h
@@ -193,7 +193,6 @@ typedef struct Nios2CPU {
 uint32_t fast_tlb_miss_addr;
 } Nios2CPU;
 
-#define ENV_OFFSET 

[Qemu-devel] [PATCH v3 38/39] tcg/arm: Use LDRD to load tlb mask+table

[Richard Henderson]

This changes the code generation for the tlb from e.g.

ldr  ip, [r6, #-0x10]
ldr  r2, [r6, #-0xc]
and  ip, ip, r4, lsr #8
ldrd r0, r1, [r2, ip]!
ldr  r2, [r2, #0x18]

to

ldrd r0, r1, [r6, #-0x10]
and  r0, r0, r4, lsr #8
ldrd r2, r3, [r1, r0]!
ldr  r1, [r1, #0x18]

for armv7 hosts.  Rearranging the register allocation in
order to avoid overlap between the two ldrd pairs causes
the patch to be larger than it ordinarily would be.

Signed-off-by: Richard Henderson 
---
v3: Add QEMU_BUILD_BUG_ON for mask/table ordering; comment fixes.
---
 tcg/arm/tcg-target.inc.c | 92 +++-
 1 file changed, 53 insertions(+), 39 deletions(-)

diff --git a/tcg/arm/tcg-target.inc.c b/tcg/arm/tcg-target.inc.c
index ad32b04e13..ac813abfb8 100644
--- a/tcg/arm/tcg-target.inc.c
+++ b/tcg/arm/tcg-target.inc.c
@@ -267,6 +267,7 @@ static const char *target_parse_constraint(TCGArgConstraint 
*ct,
 tcg_regset_reset_reg(ct->u.regs, TCG_REG_R0);
 tcg_regset_reset_reg(ct->u.regs, TCG_REG_R1);
 tcg_regset_reset_reg(ct->u.regs, TCG_REG_R2);
+tcg_regset_reset_reg(ct->u.regs, TCG_REG_R3);
 tcg_regset_reset_reg(ct->u.regs, TCG_REG_R14);
 #endif
 break;
@@ -1224,6 +1225,10 @@ static TCGReg tcg_out_arg_reg64(TCGContext *s, TCGReg 
argreg,
 QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) > 0);
 QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) < -256);
 
+/* These offsets are built into the LDRD below.  */
+QEMU_BUILD_BUG_ON(offsetof(CPUTLBDescFast, mask) != 0);
+QEMU_BUILD_BUG_ON(offsetof(CPUTLBDescFast, table) != 4);
+
 /* Load and compare a TLB entry, leaving the flags set.  Returns the register
containing the addend of the tlb entry.  Clobbers R0, R1, R2, TMP.  */
 
@@ -1238,47 +1243,54 @@ static TCGReg tcg_out_tlb_read(TCGContext *s, TCGReg 
addrlo, TCGReg addrhi,
 unsigned s_bits = opc & MO_SIZE;
 unsigned a_bits = get_alignment_bits(opc);
 
-/* Load tlb_mask[mmu_idx] and tlb_table[mmu_idx].  */
-tcg_out_ld(s, TCG_TYPE_I32, TCG_REG_TMP, TCG_AREG0, mask_off);
-tcg_out_ld(s, TCG_TYPE_I32, TCG_REG_R2, TCG_AREG0, table_off);
-
-/* Extract the tlb index from the address into TMP.  */
-tcg_out_dat_reg(s, COND_AL, ARITH_AND, TCG_REG_TMP, TCG_REG_TMP, addrlo,
-SHIFT_IMM_LSR(TARGET_PAGE_BITS - CPU_TLB_ENTRY_BITS));
-
 /*
- * Add the tlb_table pointer, creating the CPUTLBEntry address in R2.
- * Load the tlb comparator into R0/R1 and the fast path addend into R2.
+ * We don't support inline unaligned acceses, but we can easily
+ * support overalignment checks.
  */
-if (cmp_off == 0) {
-   if (use_armv6_instructions && TARGET_LONG_BITS == 64) {
-tcg_out_ldrd_rwb(s, COND_AL, TCG_REG_R0, TCG_REG_R2, TCG_REG_TMP);
-} else {
-tcg_out_ld32_rwb(s, COND_AL, TCG_REG_R0, TCG_REG_R2, TCG_REG_TMP);
-}
-} else {
-tcg_out_dat_reg(s, COND_AL, ARITH_ADD,
-   TCG_REG_R2, TCG_REG_R2, TCG_REG_TMP, 0);
-if (use_armv6_instructions && TARGET_LONG_BITS == 64) {
-tcg_out_ldrd_8(s, COND_AL, TCG_REG_R0, TCG_REG_R2, cmp_off);
-} else {
-tcg_out_ld32_12(s, COND_AL, TCG_REG_R0, TCG_REG_R2, cmp_off);
-   }
-}
-if (!use_armv6_instructions && TARGET_LONG_BITS == 64) {
-tcg_out_ld32_12(s, COND_AL, TCG_REG_R1, TCG_REG_R2, cmp_off + 4);
-}
-
-/* Load the tlb addend.  */
-tcg_out_ld32_12(s, COND_AL, TCG_REG_R2, TCG_REG_R2,
-offsetof(CPUTLBEntry, addend));
-
-/* Check alignment.  We don't support inline unaligned acceses,
-   but we can easily support overalignment checks.  */
 if (a_bits < s_bits) {
 a_bits = s_bits;
 }
 
+/* Load env_tlb(env)->f[mmu_idx].{mask,table} into {r0,r1}.  */
+if (use_armv6_instructions) {
+tcg_out_ldrd_8(s, COND_AL, TCG_REG_R0, TCG_AREG0, fast_off);
+} else {
+tcg_out_ld(s, TCG_TYPE_I32, TCG_REG_R0, TCG_AREG0, mask_off);
+tcg_out_ld(s, TCG_TYPE_I32, TCG_REG_R1, TCG_AREG0, table_off);
+}
+
+/* Extract the tlb index from the address into R0.  */
+tcg_out_dat_reg(s, COND_AL, ARITH_AND, TCG_REG_R0, TCG_REG_R0, addrlo,
+SHIFT_IMM_LSR(TARGET_PAGE_BITS - CPU_TLB_ENTRY_BITS));
+
+/*
+ * Add the tlb_table pointer, creating the CPUTLBEntry address in R1.
+ * Load the tlb comparator into R2/R3 and the fast path addend into R1.
+ */
+if (cmp_off == 0) {
+if (use_armv6_instructions && TARGET_LONG_BITS == 64) {
+tcg_out_ldrd_rwb(s, COND_AL, TCG_REG_R2, TCG_REG_R1, TCG_REG_R0);
+} else {
+tcg_out_ld32_rwb(s, COND_AL, TCG_REG_R2, TCG_REG_R1, TCG_REG_R0);
+}
+} else {
+tcg_out_dat_reg(s, COND_AL, ARITH_ADD,
+TCG_REG_R1, TCG_REG_R1, TCG_REG_R0, 0);
+if 

[Qemu-devel] [PATCH v3 36/39] cpu: Remove CPU_COMMON

[Richard Henderson]

This macro is now always empty, so remove it.  This leaves the
entire contents of CPUArchState under the control of the guest
architecture.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 include/exec/cpu-defs.h | 2 --
 target/alpha/cpu.h  | 3 ---
 target/arm/cpu.h| 4 +---
 target/cris/cpu.h   | 2 --
 target/hppa/cpu.h   | 3 ---
 target/i386/cpu.h   | 4 +---
 target/lm32/cpu.h   | 2 --
 target/m68k/cpu.h   | 2 --
 target/microblaze/cpu.h | 2 --
 target/mips/cpu.h   | 2 --
 target/moxie/cpu.h  | 3 ---
 target/nios2/cpu.h  | 2 --
 target/openrisc/cpu.h   | 2 --
 target/ppc/cpu.h| 2 --
 target/riscv/cpu.h  | 4 
 target/s390x/cpu.h  | 2 --
 target/sh4/cpu.h| 2 --
 target/sparc/cpu.h  | 2 --
 target/tilegx/cpu.h | 2 --
 target/tricore/cpu.h| 2 --
 target/unicore32/cpu.h  | 2 --
 target/xtensa/cpu.h | 2 --
 22 files changed, 2 insertions(+), 51 deletions(-)

diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 4cde7d611c..1f75a97701 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -233,8 +233,6 @@ typedef struct CPUTLB { } CPUTLB;
 
 #endif  /* !CONFIG_USER_ONLY && CONFIG_TCG */
 
-#define CPU_COMMON  /* Nothing */
-
 /*
  * This structure must be placed in ArchCPU immedately
  * before CPUArchState, as a field named "neg".
diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index f4bb67c101..5bd90b7ce5 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -246,9 +246,6 @@ struct CPUAlphaState {
 /* This alarm doesn't exist in real hardware; we wish it did.  */
 uint64_t alarm_expire;
 
-/* Those resources are used only in QEMU core */
-CPU_COMMON
-
 int error_code;
 
 uint32_t features;
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 909cb4604d..135a16a351 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -643,9 +643,7 @@ typedef struct CPUARMState {
 /* Fields up to this point are cleared by a CPU reset */
 struct {} end_reset_fields;
 
-CPU_COMMON
-
-/* Fields after CPU_COMMON are preserved across CPU reset. */
+/* Fields after this point are preserved across CPU reset. */
 
 /* Internal CPU feature flags.  */
 uint64_t features;
diff --git a/target/cris/cpu.h b/target/cris/cpu.h
index eeab483dba..6dc4502e9a 100644
--- a/target/cris/cpu.h
+++ b/target/cris/cpu.h
@@ -163,8 +163,6 @@ typedef struct CPUCRISState {
 /* Fields up to this point are cleared by a CPU reset */
 struct {} end_reset_fields;
 
-CPU_COMMON
-
 /* Members from load_info on are preserved across resets.  */
 void *load_info;
 } CPUCRISState;
diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index 0661ff60c1..3ed2ac3c25 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -197,9 +197,6 @@ struct CPUHPPAState {
 target_ureg cr_back[2];  /* back of cr17/cr18 */
 target_ureg shadow[7];   /* shadow registers */
 
-/* Those resources are used only in QEMU core */
-CPU_COMMON
-
 /* ??? The number of entries isn't specified by the architecture.  */
 /* ??? Implement a unified itlb/dtlb for the moment.  */
 /* ??? We should use a more intelligent data structure.  */
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 43bb6ab841..8069e5b19d 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1288,9 +1288,7 @@ typedef struct CPUX86State {
 /* Fields up to this point are cleared by a CPU reset */
 struct {} end_reset_fields;
 
-CPU_COMMON
-
-/* Fields after CPU_COMMON are preserved across CPU reset. */
+/* Fields after this point are preserved across CPU reset. */
 
 /* processor features (e.g. for CPUID insn) */
 /* Minimum level/xlevel/xlevel2, based on CPU model + features */
diff --git a/target/lm32/cpu.h b/target/lm32/cpu.h
index 0ec898eb1d..563600a30a 100644
--- a/target/lm32/cpu.h
+++ b/target/lm32/cpu.h
@@ -159,8 +159,6 @@ struct CPULM32State {
 /* Fields up to this point are cleared by a CPU reset */
 struct {} end_reset_fields;
 
-CPU_COMMON
-
 /* Fields from here on are preserved across CPU reset. */
 uint32_t eba;   /* exception base address */
 uint32_t deba;  /* debug exception base address */
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 096d1eb588..4e27ff677f 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -143,8 +143,6 @@ typedef struct CPUM68KState {
 /* Fields up to this point are cleared by a CPU reset */
 struct {} end_reset_fields;
 
-CPU_COMMON
-
 /* Fields from here on are preserved across CPU reset. */
 uint32_t features;
 } CPUM68KState;
diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index 732653caed..6a470a2492 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -266,8 +266,6 @@ struct CPUMBState {
 /* Fields up to this point are cleared by a CPU reset */
 struct {} end_reset_fields;
 
-   

[Qemu-devel] [PATCH v3 28/39] target/tricore: Use env_cpu

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/tricore/cpu.h   | 5 -
 target/tricore/op_helper.c | 4 ++--
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/target/tricore/cpu.h b/target/tricore/cpu.h
index 4c997b6d30..fc3328fdf5 100644
--- a/target/tricore/cpu.h
+++ b/target/tricore/cpu.h
@@ -208,11 +208,6 @@ struct TriCoreCPU {
 CPUTriCoreState env;
 };
 
-static inline TriCoreCPU *tricore_env_get_cpu(CPUTriCoreState *env)
-{
-return TRICORE_CPU(container_of(env, TriCoreCPU, env));
-}
-
 #define ENV_OFFSET offsetof(TriCoreCPU, env)
 
 hwaddr tricore_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
diff --git a/target/tricore/op_helper.c b/target/tricore/op_helper.c
index ed9dc0c83e..ba2f21a6c3 100644
--- a/target/tricore/op_helper.c
+++ b/target/tricore/op_helper.c
@@ -29,7 +29,7 @@ static void QEMU_NORETURN
 raise_exception_sync_internal(CPUTriCoreState *env, uint32_t class, int tin,
   uintptr_t pc, uint32_t fcd_pc)
 {
-CPUState *cs = CPU(tricore_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 /* in case we come from a helper-call we need to restore the PC */
 cpu_restore_state(cs, pc, true);
 
@@ -2800,7 +2800,7 @@ static inline void QEMU_NORETURN 
do_raise_exception_err(CPUTriCoreState *env,
 int error_code,
 uintptr_t pc)
 {
-CPUState *cs = CPU(tricore_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 cs->exception_index = exception;
 env->error_code = error_code;
 /* now we have a real cpu fault */
-- 
2.17.1

[Qemu-devel] [PATCH v3 37/39] tcg/aarch64: Use LDP to load tlb mask+table

[Richard Henderson]

This changes the code generation for the tlb from e.g.

ldur x0, [x19, #0xffe0]
ldur x1, [x19, #0xffe8]
and  x0, x0, x20, lsr #8
add  x1, x1, x0
ldr  x0, [x1]
ldr  x1, [x1, #0x18]

to

ldp  x0, x1, [x19, #-0x20]
and  x0, x0, x20, lsr #8
add  x1, x1, x0
ldr  x0, [x1]
ldr  x1, [x1, #0x18]

Signed-off-by: Richard Henderson 
---
v3: Add QEMU_BUILD_BUG_ON for mask/table ordering; comment fixes.
---
 tcg/aarch64/tcg-target.inc.c | 15 ---
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
index afac018301..2863a371a0 100644
--- a/tcg/aarch64/tcg-target.inc.c
+++ b/tcg/aarch64/tcg-target.inc.c
@@ -1459,6 +1459,10 @@ static void add_qemu_ldst_label(TCGContext *s, bool 
is_ld, TCGMemOpIdx oi,
 QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) > 0);
 QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) < -512);
 
+/* These offsets are built into the LDP below.  */
+QEMU_BUILD_BUG_ON(offsetof(CPUTLBDescFast, mask) != 0);
+QEMU_BUILD_BUG_ON(offsetof(CPUTLBDescFast, table) != 8);
+
 /* Load and compare a TLB entry, emitting the conditional jump to the
slow path for the failure case, which will be patched later when finalizing
the slow path. Generated code returns the host addend in X1,
@@ -1467,23 +1471,20 @@ static void tcg_out_tlb_read(TCGContext *s, TCGReg 
addr_reg, TCGMemOp opc,
  tcg_insn_unit **label_ptr, int mem_index,
  bool is_read)
 {
-int fast_ofs = TLB_MASK_TABLE_OFS(mem_index);
-int mask_ofs = fast_ofs + offsetof(CPUTLBDescFast, mask);
-int table_ofs = fast_ofs + offsetof(CPUTLBDescFast, table);
 unsigned a_bits = get_alignment_bits(opc);
 unsigned s_bits = opc & MO_SIZE;
 unsigned a_mask = (1u << a_bits) - 1;
 unsigned s_mask = (1u << s_bits) - 1;
-TCGReg mask_base = TCG_AREG0, table_base = TCG_AREG0, x3;
+TCGReg x3;
 TCGType mask_type;
 uint64_t compare_mask;
 
 mask_type = (TARGET_PAGE_BITS + CPU_TLB_DYN_MAX_BITS > 32
  ? TCG_TYPE_I64 : TCG_TYPE_I32);
 
-/* Load tlb_mask[mmu_idx] and tlb_table[mmu_idx].  */
-tcg_out_ld(s, mask_type, TCG_REG_X0, mask_base, mask_ofs);
-tcg_out_ld(s, TCG_TYPE_PTR, TCG_REG_X1, table_base, table_ofs);
+/* Load env_tlb(env)->f[mmu_idx].{mask,table} into {x0,x1}.  */
+tcg_out_insn(s, 3314, LDP, TCG_REG_X0, TCG_REG_X1, TCG_AREG0,
+ TLB_MASK_TABLE_OFS(mem_index), 1, 0);
 
 /* Extract the TLB index from the address into X0.  */
 tcg_out_insn(s, 3502S, AND_LSR, mask_type == TCG_TYPE_I64,
-- 
2.17.1

[Qemu-devel] [PATCH v3 29/39] target/unicore32: Use env_cpu, env_archcpu

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/unicore32/cpu.h  |  5 -
 hw/unicore32/puv3.c |  2 +-
 target/unicore32/helper.c   |  8 ++--
 target/unicore32/op_helper.c|  2 +-
 target/unicore32/softmmu.c  | 11 ---
 target/unicore32/translate.c| 26 ++
 target/unicore32/ucf64_helper.c |  2 +-
 7 files changed, 11 insertions(+), 45 deletions(-)

diff --git a/target/unicore32/cpu.h b/target/unicore32/cpu.h
index 22e22345dc..2dd1b34765 100644
--- a/target/unicore32/cpu.h
+++ b/target/unicore32/cpu.h
@@ -76,11 +76,6 @@ struct UniCore32CPU {
 CPUUniCore32State env;
 };
 
-static inline UniCore32CPU *uc32_env_get_cpu(CPUUniCore32State *env)
-{
-return container_of(env, UniCore32CPU, env);
-}
-
 #define ENV_OFFSET offsetof(UniCore32CPU, env)
 
 void uc32_cpu_do_interrupt(CPUState *cpu);
diff --git a/hw/unicore32/puv3.c b/hw/unicore32/puv3.c
index b42e600f74..132e6086ee 100644
--- a/hw/unicore32/puv3.c
+++ b/hw/unicore32/puv3.c
@@ -56,7 +56,7 @@ static void puv3_soc_init(CPUUniCore32State *env)
 
 /* Initialize interrupt controller */
 cpu_intc = qemu_allocate_irq(puv3_intc_cpu_handler,
- uc32_env_get_cpu(env), 0);
+ env_archcpu(env), 0);
 dev = sysbus_create_simple("puv3_intc", PUV3_INTC_BASE, cpu_intc);
 for (i = 0; i < PUV3_IRQS_NR; i++) {
 irqs[i] = qdev_get_gpio_in(dev, i);
diff --git a/target/unicore32/helper.c b/target/unicore32/helper.c
index a5ff2ddb74..19ba865482 100644
--- a/target/unicore32/helper.c
+++ b/target/unicore32/helper.c
@@ -31,8 +31,6 @@
 void helper_cp0_set(CPUUniCore32State *env, uint32_t val, uint32_t creg,
 uint32_t cop)
 {
-UniCore32CPU *cpu = uc32_env_get_cpu(env);
-
 /*
  * movc pp.nn, rn, #imm9
  *  rn: UCOP_REG_D
@@ -101,7 +99,7 @@ void helper_cp0_set(CPUUniCore32State *env, uint32_t val, 
uint32_t creg,
 case 6:
 if ((cop <= 6) && (cop >= 2)) {
 /* invalid all tlb */
-tlb_flush(CPU(cpu));
+tlb_flush(env_cpu(env));
 return;
 }
 break;
@@ -218,10 +216,8 @@ void helper_cp1_putc(target_ulong x)
 #ifdef CONFIG_USER_ONLY
 void switch_mode(CPUUniCore32State *env, int mode)
 {
-UniCore32CPU *cpu = uc32_env_get_cpu(env);
-
 if (mode != ASR_MODE_USER) {
-cpu_abort(CPU(cpu), "Tried to switch out of user mode\n");
+cpu_abort(env_cpu(env), "Tried to switch out of user mode\n");
 }
 }
 
diff --git a/target/unicore32/op_helper.c b/target/unicore32/op_helper.c
index e0a15882d3..44ff84420e 100644
--- a/target/unicore32/op_helper.c
+++ b/target/unicore32/op_helper.c
@@ -19,7 +19,7 @@
 
 void HELPER(exception)(CPUUniCore32State *env, uint32_t excp)
 {
-CPUState *cs = CPU(uc32_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = excp;
 cpu_loop_exit(cs);
diff --git a/target/unicore32/softmmu.c b/target/unicore32/softmmu.c
index 00c7e0d028..2f31592faf 100644
--- a/target/unicore32/softmmu.c
+++ b/target/unicore32/softmmu.c
@@ -36,8 +36,6 @@
 /* Map CPU modes onto saved register banks.  */
 static inline int bank_number(CPUUniCore32State *env, int mode)
 {
-UniCore32CPU *cpu = uc32_env_get_cpu(env);
-
 switch (mode) {
 case ASR_MODE_USER:
 case ASR_MODE_SUSR:
@@ -51,7 +49,7 @@ static inline int bank_number(CPUUniCore32State *env, int 
mode)
 case ASR_MODE_INTR:
 return 4;
 }
-cpu_abort(CPU(cpu), "Bad mode %x\n", mode);
+cpu_abort(env_cpu(env), "Bad mode %x\n", mode);
 return -1;
 }
 
@@ -126,8 +124,7 @@ static int get_phys_addr_ucv2(CPUUniCore32State *env, 
uint32_t address,
 int access_type, int is_user, uint32_t *phys_ptr, int *prot,
 target_ulong *page_size)
 {
-UniCore32CPU *cpu = uc32_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+CPUState *cs = env_cpu(env);
 int code;
 uint32_t table;
 uint32_t desc;
@@ -174,11 +171,11 @@ static int get_phys_addr_ucv2(CPUUniCore32State *env, 
uint32_t address,
 *page_size = TARGET_PAGE_SIZE;
 break;
 default:
-cpu_abort(CPU(cpu), "wrong page type!");
+cpu_abort(cs, "wrong page type!");
 }
 break;
 default:
-cpu_abort(CPU(cpu), "wrong page type!");
+cpu_abort(cs, "wrong page type!");
 }
 
 *phys_ptr = phys_addr;
diff --git a/target/unicore32/translate.c b/target/unicore32/translate.c
index 89b02d1c3c..d27451eed3 100644
--- a/target/unicore32/translate.c
+++ b/target/unicore32/translate.c
@@ -180,7 +180,7 @@ static void store_reg(DisasContext *s, int reg, TCGv var)
 #define UCOP_SET_L  UCOP_SET(24)
 #define UCOP_SET_S  UCOP_SET(24)
 
-#define ILLEGAL cpu_abort(CPU(cpu), \
+#define ILLEGAL cpu_abort(env_cpu(env), \
   

[Qemu-devel] [PATCH v3 35/39] cpu: Move the softmmu tlb to CPUNegativeOffsetState

[Richard Henderson]

We have for some time had code within the tcg backends to
handle large positive offsets from env.  This move makes
sure that need not happen.  Indeed, we are able to assert
at build time that simple offsets suffice for all hosts.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 include/exec/cpu-defs.h  | 22 +---
 tcg/aarch64/tcg-target.inc.c | 29 ++
 tcg/arm/tcg-target.inc.c | 40 
 tcg/i386/tcg-target.inc.c|  6 --
 tcg/mips/tcg-target.inc.c| 39 ---
 tcg/ppc/tcg-target.inc.c | 30 ---
 tcg/riscv/tcg-target.inc.c   | 31 +++-
 tcg/s390/tcg-target.inc.c| 11 +-
 tcg/sparc/tcg-target.inc.c   | 32 +
 9 files changed, 74 insertions(+), 166 deletions(-)

diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 3971910653..4cde7d611c 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -178,13 +178,14 @@ typedef struct CPUTLBDesc {
 
 /*
  * Data elements that are per MMU mode, accessed by the fast path.
+ * The structure is aligned to aid loading the pair with one insn.
  */
 typedef struct CPUTLBDescFast {
 /* Contains (n_entries - 1) << CPU_TLB_ENTRY_BITS */
 uintptr_t mask;
 /* The array of tlb entries itself. */
 CPUTLBEntry *table;
-} CPUTLBDescFast;
+} CPUTLBDescFast QEMU_ALIGNED(2 * sizeof(void *));
 
 /*
  * Data elements that are shared between all MMU modes.
@@ -211,28 +212,35 @@ typedef struct CPUTLBCommon {
 /*
  * The entire softmmu tlb, for all MMU modes.
  * The meaning of each of the MMU modes is defined in the target code.
+ * Since this is placed within CPUNegativeOffsetState, the smallest
+ * negative offsets are at the end of the struct.
  */
 typedef struct CPUTLB {
-CPUTLBDescFast f[NB_MMU_MODES];
-CPUTLBDesc d[NB_MMU_MODES];
 CPUTLBCommon c;
+CPUTLBDesc d[NB_MMU_MODES];
+CPUTLBDescFast f[NB_MMU_MODES];
 } CPUTLB;
 
-/* There are target-specific members named "tlb".  This is temporary.  */
-#define CPU_COMMONCPUTLB tlb_;
-#define env_tlb(ENV)  (&(ENV)->tlb_)
+#define env_tlb(ENV)  (_neg(ENV)->tlb)
+
+/* This will be used by TCG backends to compute offsets.  */
+#define TLB_MASK_TABLE_OFS(IDX) \
+((int)offsetof(ArchCPU, neg.tlb.f[IDX]) - (int)offsetof(ArchCPU, env))
 
 #else
 
-#define CPU_COMMON  /* Nothing */
+typedef struct CPUTLB { } CPUTLB;
 
 #endif  /* !CONFIG_USER_ONLY && CONFIG_TCG */
 
+#define CPU_COMMON  /* Nothing */
+
 /*
  * This structure must be placed in ArchCPU immedately
  * before CPUArchState, as a field named "neg".
  */
 typedef struct CPUNegativeOffsetState {
+CPUTLB tlb;
 IcountDecr icount_decr;
 } CPUNegativeOffsetState;
 
diff --git a/tcg/aarch64/tcg-target.inc.c b/tcg/aarch64/tcg-target.inc.c
index 72cf4c5ff8..afac018301 100644
--- a/tcg/aarch64/tcg-target.inc.c
+++ b/tcg/aarch64/tcg-target.inc.c
@@ -1455,9 +1455,9 @@ static void add_qemu_ldst_label(TCGContext *s, bool 
is_ld, TCGMemOpIdx oi,
 label->label_ptr[0] = label_ptr;
 }
 
-/* We expect to use a 24-bit unsigned offset from ENV.  */
-QEMU_BUILD_BUG_ON(offsetof(CPUArchState, tlb_.f[NB_MMU_MODES - 1].table)
-  > 0xff);
+/* We expect to use a 7-bit scaled negative offset from ENV.  */
+QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) > 0);
+QEMU_BUILD_BUG_ON(TLB_MASK_TABLE_OFS(0) < -512);
 
 /* Load and compare a TLB entry, emitting the conditional jump to the
slow path for the failure case, which will be patched later when finalizing
@@ -1467,8 +1467,9 @@ static void tcg_out_tlb_read(TCGContext *s, TCGReg 
addr_reg, TCGMemOp opc,
  tcg_insn_unit **label_ptr, int mem_index,
  bool is_read)
 {
-int mask_ofs = offsetof(CPUArchState, tlb_.f[mem_index].mask);
-int table_ofs = offsetof(CPUArchState, tlb_.f[mem_index].table);
+int fast_ofs = TLB_MASK_TABLE_OFS(mem_index);
+int mask_ofs = fast_ofs + offsetof(CPUTLBDescFast, mask);
+int table_ofs = fast_ofs + offsetof(CPUTLBDescFast, table);
 unsigned a_bits = get_alignment_bits(opc);
 unsigned s_bits = opc & MO_SIZE;
 unsigned a_mask = (1u << a_bits) - 1;
@@ -1477,24 +1478,6 @@ static void tcg_out_tlb_read(TCGContext *s, TCGReg 
addr_reg, TCGMemOp opc,
 TCGType mask_type;
 uint64_t compare_mask;
 
-if (table_ofs > 0xfff) {
-int table_hi = table_ofs & ~0xfff;
-int mask_hi = mask_ofs & ~0xfff;
-
-table_base = TCG_REG_X1;
-if (mask_hi == table_hi) {
-mask_base = table_base;
-} else if (mask_hi) {
-mask_base = TCG_REG_X0;
-tcg_out_insn(s, 3401, ADDI, TCG_TYPE_I64,
- mask_base, TCG_AREG0, mask_hi);
-}
-tcg_out_insn(s, 3401, ADDI, TCG_TYPE_I64,
- table_base, TCG_AREG0, table_hi);
-mask_ofs -= mask_hi;
- 

[Qemu-devel] [PATCH v3 27/39] target/tilegx: Use env_cpu

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/tilegx/cpu.h  | 5 -
 linux-user/tilegx/cpu_loop.c | 2 +-
 target/tilegx/helper.c   | 2 +-
 3 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/target/tilegx/cpu.h b/target/tilegx/cpu.h
index 135df63523..7f8fe7c513 100644
--- a/target/tilegx/cpu.h
+++ b/target/tilegx/cpu.h
@@ -138,11 +138,6 @@ typedef struct TileGXCPU {
 CPUTLGState env;
 } TileGXCPU;
 
-static inline TileGXCPU *tilegx_env_get_cpu(CPUTLGState *env)
-{
-return container_of(env, TileGXCPU, env);
-}
-
 #define ENV_OFFSET offsetof(TileGXCPU, env)
 
 /* TILE-Gx memory attributes */
diff --git a/linux-user/tilegx/cpu_loop.c b/linux-user/tilegx/cpu_loop.c
index 4f39eb9ad3..d4abe29dcd 100644
--- a/linux-user/tilegx/cpu_loop.c
+++ b/linux-user/tilegx/cpu_loop.c
@@ -206,7 +206,7 @@ static void do_fetch(CPUTLGState *env, int trapnr, bool 
quad)
 
 void cpu_loop(CPUTLGState *env)
 {
-CPUState *cs = CPU(tilegx_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr;
 
 while (1) {
diff --git a/target/tilegx/helper.c b/target/tilegx/helper.c
index 4964bb9111..a57a679825 100644
--- a/target/tilegx/helper.c
+++ b/target/tilegx/helper.c
@@ -28,7 +28,7 @@
 
 void helper_exception(CPUTLGState *env, uint32_t excp)
 {
-CPUState *cs = CPU(tilegx_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = excp;
 cpu_loop_exit(cs);
-- 
2.17.1

[Qemu-devel] [PATCH v3 22/39] target/ppc: Use env_cpu, env_archcpu

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/ppc/cpu.h|   7 +-
 target/ppc/helper_regs.h|   4 +-
 hw/ppc/ppc.c|  18 ++---
 hw/ppc/ppc405_uc.c  |   2 +-
 hw/ppc/ppc_booke.c  |   4 +-
 linux-user/ppc/cpu_loop.c   |   2 +-
 target/ppc/excp_helper.c|  14 ++--
 target/ppc/fpu_helper.c |  14 ++--
 target/ppc/kvm.c|   5 +-
 target/ppc/misc_helper.c|  22 ++
 target/ppc/mmu-hash64.c |  14 ++--
 target/ppc/mmu_helper.c | 115 +---
 target/ppc/translate_init.inc.c |  85 ---
 13 files changed, 134 insertions(+), 172 deletions(-)

diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index 3449b0b085..ef00a3415d 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1203,11 +1203,6 @@ struct PowerPCCPU {
 int32_t mig_slb_nr;
 };
 
-static inline PowerPCCPU *ppc_env_get_cpu(CPUPPCState *env)
-{
-return container_of(env, PowerPCCPU, env);
-}
-
 #define ENV_OFFSET offsetof(PowerPCCPU, env)
 
 PowerPCCPUClass *ppc_cpu_class_by_pvr(uint32_t pvr);
@@ -2451,7 +2446,7 @@ static inline int booke206_tlbm_to_tlbn(CPUPPCState *env, 
ppcmas_tlb_t *tlbm)
 }
 }
 
-cpu_abort(CPU(ppc_env_get_cpu(env)), "Unknown TLBe: %d\n", id);
+cpu_abort(env_cpu(env), "Unknown TLBe: %d\n", id);
 return 0;
 }
 
diff --git a/target/ppc/helper_regs.h b/target/ppc/helper_regs.h
index 922da76c6c..85dfe7687f 100644
--- a/target/ppc/helper_regs.h
+++ b/target/ppc/helper_regs.h
@@ -116,7 +116,7 @@ static inline int hreg_store_msr(CPUPPCState *env, 
target_ulong value,
 {
 int excp;
 #if !defined(CONFIG_USER_ONLY)
-CPUState *cs = CPU(ppc_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 #endif
 
 excp = 0;
@@ -175,7 +175,7 @@ static inline int hreg_store_msr(CPUPPCState *env, 
target_ulong value,
 #if !defined(CONFIG_USER_ONLY)
 static inline void check_tlb_flush(CPUPPCState *env, bool global)
 {
-CPUState *cs = CPU(ppc_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 /* Handle global flushes first */
 if (global && (env->tlb_need_flush & TLB_NEED_GLOBAL_FLUSH)) {
diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
index ad20584f26..debcdab993 100644
--- a/hw/ppc/ppc.c
+++ b/hw/ppc/ppc.c
@@ -385,7 +385,7 @@ void ppc40x_system_reset(PowerPCCPU *cpu)
 
 void store_40x_dbcr0(CPUPPCState *env, uint32_t val)
 {
-PowerPCCPU *cpu = ppc_env_get_cpu(env);
+PowerPCCPU *cpu = env_archcpu(env);
 
 switch ((val >> 28) & 0x3) {
 case 0x0:
@@ -785,7 +785,7 @@ target_ulong cpu_ppc_load_decr(CPUPPCState *env)
 
 target_ulong cpu_ppc_load_hdecr(CPUPPCState *env)
 {
-PowerPCCPU *cpu = ppc_env_get_cpu(env);
+PowerPCCPU *cpu = env_archcpu(env);
 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
 ppc_tb_t *tb_env = env->tb_env;
 uint64_t hdecr;
@@ -923,7 +923,7 @@ static inline void _cpu_ppc_store_decr(PowerPCCPU *cpu, 
target_ulong decr,
 
 void cpu_ppc_store_decr(CPUPPCState *env, target_ulong value)
 {
-PowerPCCPU *cpu = ppc_env_get_cpu(env);
+PowerPCCPU *cpu = env_archcpu(env);
 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
 int nr_bits = 32;
 
@@ -955,7 +955,7 @@ static inline void _cpu_ppc_store_hdecr(PowerPCCPU *cpu, 
target_ulong hdecr,
 
 void cpu_ppc_store_hdecr(CPUPPCState *env, target_ulong value)
 {
-PowerPCCPU *cpu = ppc_env_get_cpu(env);
+PowerPCCPU *cpu = env_archcpu(env);
 PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
 
 _cpu_ppc_store_hdecr(cpu, cpu_ppc_load_hdecr(env), value,
@@ -980,7 +980,7 @@ static void cpu_ppc_store_purr(PowerPCCPU *cpu, uint64_t 
value)
 static void cpu_ppc_set_tb_clk (void *opaque, uint32_t freq)
 {
 CPUPPCState *env = opaque;
-PowerPCCPU *cpu = ppc_env_get_cpu(env);
+PowerPCCPU *cpu = env_archcpu(env);
 ppc_tb_t *tb_env = env->tb_env;
 
 tb_env->tb_freq = freq;
@@ -1095,7 +1095,7 @@ const VMStateDescription vmstate_ppc_timebase = {
 /* Set up (once) timebase frequency (in Hz) */
 clk_setup_cb cpu_ppc_tb_init (CPUPPCState *env, uint32_t freq)
 {
-PowerPCCPU *cpu = ppc_env_get_cpu(env);
+PowerPCCPU *cpu = env_archcpu(env);
 ppc_tb_t *tb_env;
 
 tb_env = g_malloc0(sizeof(ppc_tb_t));
@@ -1165,7 +1165,7 @@ static void cpu_4xx_fit_cb (void *opaque)
 uint64_t now, next;
 
 env = opaque;
-cpu = ppc_env_get_cpu(env);
+cpu = env_archcpu(env);
 tb_env = env->tb_env;
 ppc40x_timer = tb_env->opaque;
 now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
@@ -1235,7 +1235,7 @@ static void cpu_4xx_pit_cb (void *opaque)
 ppc40x_timer_t *ppc40x_timer;
 
 env = opaque;
-cpu = ppc_env_get_cpu(env);
+cpu = env_archcpu(env);
 tb_env = env->tb_env;
 ppc40x_timer = tb_env->opaque;
 env->spr[SPR_40x_TSR] |= 1 << 27;
@@ -1261,7 +1261,7 @@ static void cpu_4xx_wdt_cb (void *opaque)
 uint64_t now, next;
 
 env = opaque;
-cpu = 

[Qemu-devel] [PATCH v3 33/39] cpu: Introduce CPUNegativeOffsetState

[Richard Henderson]

Nothing in there so far, but all of the plumbing done
within the target ArchCPU state.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 include/exec/cpu-all.h  | 24 
 include/exec/cpu-defs.h |  8 
 target/alpha/cpu.h  |  1 +
 target/arm/cpu.h|  1 +
 target/cris/cpu.h   |  1 +
 target/hppa/cpu.h   |  1 +
 target/i386/cpu.h   |  1 +
 target/lm32/cpu.h   |  1 +
 target/m68k/cpu.h   |  1 +
 target/microblaze/cpu.h |  5 +++--
 target/mips/cpu.h   |  1 +
 target/moxie/cpu.h  |  1 +
 target/nios2/cpu.h  |  2 ++
 target/openrisc/cpu.h   |  2 +-
 target/ppc/cpu.h|  2 ++
 target/riscv/cpu.h  |  1 +
 target/s390x/cpu.h  |  1 +
 target/sh4/cpu.h|  1 +
 target/sparc/cpu.h  |  1 +
 target/tilegx/cpu.h |  1 +
 target/tricore/cpu.h|  1 +
 target/unicore32/cpu.h  |  1 +
 target/xtensa/cpu.h |  1 +
 23 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 71154070a7..5ae83405c8 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -404,4 +404,28 @@ static inline CPUState *env_cpu(CPUArchState *env)
 return _archcpu(env)->parent_obj;
 }
 
+/**
+ * env_neg(env)
+ * @env: The architecture environment
+ *
+ * Return the CPUNegativeOffsetState associated with the environment.
+ */
+static inline CPUNegativeOffsetState *env_neg(CPUArchState *env)
+{
+ArchCPU *arch_cpu = container_of(env, ArchCPU, env);
+return _cpu->neg;
+}
+
+/**
+ * cpu_neg(cpu)
+ * @cpu: The generic CPUState
+ *
+ * Return the CPUNegativeOffsetState associated with the cpu.
+ */
+static inline CPUNegativeOffsetState *cpu_neg(CPUState *cpu)
+{
+ArchCPU *arch_cpu = container_of(cpu, ArchCPU, parent_obj);
+return _cpu->neg;
+}
+
 #endif /* CPU_ALL_H */
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index fbe8945606..ad97991faf 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -227,4 +227,12 @@ typedef struct CPUTLB {
 
 #endif  /* !CONFIG_USER_ONLY && CONFIG_TCG */
 
+/*
+ * This structure must be placed in ArchCPU immedately
+ * before CPUArchState, as a field named "neg".
+ */
+typedef struct CPUNegativeOffsetState {
+/* Empty */
+} CPUNegativeOffsetState;
+
 #endif
diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index 66782cf5d4..f4bb67c101 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -267,6 +267,7 @@ struct AlphaCPU {
 CPUState parent_obj;
 /*< public >*/
 
+CPUNegativeOffsetState neg;
 CPUAlphaState env;
 
 /* This alarm doesn't exist in real hardware; we wish it did.  */
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 23beb1de9a..909cb4604d 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -719,6 +719,7 @@ struct ARMCPU {
 CPUState parent_obj;
 /*< public >*/
 
+CPUNegativeOffsetState neg;
 CPUARMState env;
 
 /* Coprocessor information */
diff --git a/target/cris/cpu.h b/target/cris/cpu.h
index c19fdcec1e..eeab483dba 100644
--- a/target/cris/cpu.h
+++ b/target/cris/cpu.h
@@ -180,6 +180,7 @@ struct CRISCPU {
 CPUState parent_obj;
 /*< public >*/
 
+CPUNegativeOffsetState neg;
 CPUCRISState env;
 };
 
diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index 58b2bf2933..0661ff60c1 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -218,6 +218,7 @@ struct HPPACPU {
 CPUState parent_obj;
 /*< public >*/
 
+CPUNegativeOffsetState neg;
 CPUHPPAState env;
 QEMUTimer *alarm_timer;
 };
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index a9cfb42b22..43bb6ab841 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1368,6 +1368,7 @@ struct X86CPU {
 CPUState parent_obj;
 /*< public >*/
 
+CPUNegativeOffsetState neg;
 CPUX86State env;
 
 bool hyperv_vapic;
diff --git a/target/lm32/cpu.h b/target/lm32/cpu.h
index 4234a439a3..0ec898eb1d 100644
--- a/target/lm32/cpu.h
+++ b/target/lm32/cpu.h
@@ -186,6 +186,7 @@ struct LM32CPU {
 CPUState parent_obj;
 /*< public >*/
 
+CPUNegativeOffsetState neg;
 CPULM32State env;
 
 uint32_t revision;
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 02fbff3625..096d1eb588 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -160,6 +160,7 @@ struct M68kCPU {
 CPUState parent_obj;
 /*< public >*/
 
+CPUNegativeOffsetState neg;
 CPUM68KState env;
 };
 
diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index 1becb9270b..732653caed 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -287,6 +287,9 @@ struct MicroBlazeCPU {
 
 /*< public >*/
 
+CPUNegativeOffsetState neg;
+CPUMBState env;
+
 /* Microblaze Configuration Settings */
 struct {
 bool stackprot;
@@ -306,8 +309,6 @@ struct MicroBlazeCPU {
 char *version;
 uint8_t pvr;
 } cfg;
-
-CPUMBState env;
 };
 
 
diff --git a/target/mips/cpu.h 

[Qemu-devel] [PATCH v3 23/39] target/riscv: Use env_cpu, env_archcpu

[Richard Henderson]

Reviewed-by: Alistair Francis 
Signed-off-by: Richard Henderson 
---
 target/riscv/cpu.h  |  5 -
 linux-user/riscv/cpu_loop.c |  2 +-
 target/riscv/cpu_helper.c   |  4 ++--
 target/riscv/csr.c  | 12 ++--
 target/riscv/op_helper.c|  8 
 5 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index cd4f2de798..c32428a4ef 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -211,11 +211,6 @@ typedef struct RISCVCPU {
 CPURISCVState env;
 } RISCVCPU;
 
-static inline RISCVCPU *riscv_env_get_cpu(CPURISCVState *env)
-{
-return container_of(env, RISCVCPU, env);
-}
-
 static inline int riscv_has_ext(CPURISCVState *env, target_ulong ext)
 {
 return (env->misa & ext) != 0;
diff --git a/linux-user/riscv/cpu_loop.c b/linux-user/riscv/cpu_loop.c
index 31700f75d0..c1134597fd 100644
--- a/linux-user/riscv/cpu_loop.c
+++ b/linux-user/riscv/cpu_loop.c
@@ -25,7 +25,7 @@
 
 void cpu_loop(CPURISCVState *env)
 {
-CPUState *cs = CPU(riscv_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr, signum, sigcode;
 target_ulong sigaddr;
 target_ulong ret;
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index b17f169681..72f82c1ccf 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -191,7 +191,7 @@ static int get_physical_address(CPURISCVState *env, hwaddr 
*physical,
 }
 }
 
-CPUState *cs = CPU(riscv_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int va_bits = PGSHIFT + levels * ptidxbits;
 target_ulong mask = (1L << (TARGET_LONG_BITS - (va_bits - 1))) - 1;
 target_ulong masked_msbs = (addr >> (va_bits - 1)) & mask;
@@ -320,7 +320,7 @@ restart:
 static void raise_mmu_exception(CPURISCVState *env, target_ulong address,
 MMUAccessType access_type)
 {
-CPUState *cs = CPU(riscv_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int page_fault_exceptions =
 (env->priv_ver >= PRIV_VERSION_1_10_0) &&
 get_field(env->satp, SATP_MODE) != VM_1_10_MBARE;
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index e1d91b6c60..97a4e10e3e 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -296,7 +296,7 @@ static int write_mstatus(CPURISCVState *env, int csrno, 
target_ulong val)
 if (env->priv_ver <= PRIV_VERSION_1_09_1) {
 if ((val ^ mstatus) & (MSTATUS_MXR | MSTATUS_MPP |
 MSTATUS_MPRV | MSTATUS_SUM | MSTATUS_VM)) {
-tlb_flush(CPU(riscv_env_get_cpu(env)));
+tlb_flush(env_cpu(env));
 }
 mask = MSTATUS_SIE | MSTATUS_SPIE | MSTATUS_MIE | MSTATUS_MPIE |
 MSTATUS_SPP | MSTATUS_FS | MSTATUS_MPRV | MSTATUS_SUM |
@@ -307,7 +307,7 @@ static int write_mstatus(CPURISCVState *env, int csrno, 
target_ulong val)
 if (env->priv_ver >= PRIV_VERSION_1_10_0) {
 if ((val ^ mstatus) & (MSTATUS_MXR | MSTATUS_MPP |
 MSTATUS_MPRV | MSTATUS_SUM)) {
-tlb_flush(CPU(riscv_env_get_cpu(env)));
+tlb_flush(env_cpu(env));
 }
 mask = MSTATUS_SIE | MSTATUS_SPIE | MSTATUS_MIE | MSTATUS_MPIE |
 MSTATUS_SPP | MSTATUS_FS | MSTATUS_MPRV | MSTATUS_SUM |
@@ -382,7 +382,7 @@ static int write_misa(CPURISCVState *env, int csrno, 
target_ulong val)
 
 /* flush translation cache */
 if (val != env->misa) {
-tb_flush(CPU(riscv_env_get_cpu(env)));
+tb_flush(env_cpu(env));
 }
 
 env->misa = val;
@@ -549,7 +549,7 @@ static int write_mbadaddr(CPURISCVState *env, int csrno, 
target_ulong val)
 static int rmw_mip(CPURISCVState *env, int csrno, target_ulong *ret_value,
target_ulong new_value, target_ulong write_mask)
 {
-RISCVCPU *cpu = riscv_env_get_cpu(env);
+RISCVCPU *cpu = env_archcpu(env);
 /* Allow software control of delegable interrupts not claimed by hardware 
*/
 target_ulong mask = write_mask & delegable_ints & ~env->miclaim;
 uint32_t old_mip;
@@ -712,7 +712,7 @@ static int write_satp(CPURISCVState *env, int csrno, 
target_ulong val)
 return 0;
 }
 if (env->priv_ver <= PRIV_VERSION_1_09_1 && (val ^ env->sptbr)) {
-tlb_flush(CPU(riscv_env_get_cpu(env)));
+tlb_flush(env_cpu(env));
 env->sptbr = val & (((target_ulong)
 1 << (TARGET_PHYS_ADDR_SPACE_BITS - PGSHIFT)) - 1);
 }
@@ -723,7 +723,7 @@ static int write_satp(CPURISCVState *env, int csrno, 
target_ulong val)
 if (env->priv == PRV_S && get_field(env->mstatus, MSTATUS_TVM)) {
 return -1;
 } else {
-tlb_flush(CPU(riscv_env_get_cpu(env)));
+tlb_flush(env_cpu(env));
 env->satp = val;
 }
 }
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index b7dc18a41e..f078bafbe6 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -28,7 +28,7 @@
 void QEMU_NORETURN 

[Qemu-devel] [PATCH v3 26/39] target/sparc: Use env_cpu, env_archcpu

[Richard Henderson]

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/sparc/cpu.h  |  5 -
 bsd-user/main.c |  2 +-
 hw/sparc/leon3.c|  4 ++--
 hw/sparc/sun4m.c|  4 ++--
 hw/sparc64/sparc64.c|  2 +-
 linux-user/sparc/cpu_loop.c |  2 +-
 target/sparc/fop_helper.c   |  2 +-
 target/sparc/helper.c   |  8 
 target/sparc/ldst_helper.c  | 33 +++--
 target/sparc/mmu_helper.c   | 10 +-
 10 files changed, 32 insertions(+), 40 deletions(-)

diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index 5a10680d8f..1442232cef 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -532,11 +532,6 @@ struct SPARCCPU {
 CPUSPARCState env;
 };
 
-static inline SPARCCPU *sparc_env_get_cpu(CPUSPARCState *env)
-{
-return container_of(env, SPARCCPU, env);
-}
-
 #define ENV_OFFSET offsetof(SPARCCPU, env)
 
 #ifndef CONFIG_USER_ONLY
diff --git a/bsd-user/main.c b/bsd-user/main.c
index bfdcae4269..f6f76f1a64 100644
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -486,7 +486,7 @@ static void flush_windows(CPUSPARCState *env)
 
 void cpu_loop(CPUSPARCState *env)
 {
-CPUState *cs = CPU(sparc_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr, ret, syscall_nr;
 //target_siginfo_t info;
 
diff --git a/hw/sparc/leon3.c b/hw/sparc/leon3.c
index 774639af33..ef74bc81c2 100644
--- a/hw/sparc/leon3.c
+++ b/hw/sparc/leon3.c
@@ -91,7 +91,7 @@ static void leon3_set_pil_in(void *opaque, uint32_t pil_in)
 
 env->interrupt_index = TT_EXTINT | i;
 if (old_interrupt != env->interrupt_index) {
-cs = CPU(sparc_env_get_cpu(env));
+cs = env_cpu(env);
 trace_leon3_set_irq(i);
 cpu_interrupt(cs, CPU_INTERRUPT_HARD);
 }
@@ -99,7 +99,7 @@ static void leon3_set_pil_in(void *opaque, uint32_t pil_in)
 }
 }
 } else if (!env->pil_in && (env->interrupt_index & ~15) == TT_EXTINT) {
-cs = CPU(sparc_env_get_cpu(env));
+cs = env_cpu(env);
 trace_leon3_reset_irq(env->interrupt_index & 15);
 env->interrupt_index = 0;
 cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index ca1e3825d5..a87bef6d4f 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -147,7 +147,7 @@ void cpu_check_irqs(CPUSPARCState *env)
 
 env->interrupt_index = TT_EXTINT | i;
 if (old_interrupt != env->interrupt_index) {
-cs = CPU(sparc_env_get_cpu(env));
+cs = env_cpu(env);
 trace_sun4m_cpu_interrupt(i);
 cpu_interrupt(cs, CPU_INTERRUPT_HARD);
 }
@@ -155,7 +155,7 @@ void cpu_check_irqs(CPUSPARCState *env)
 }
 }
 } else if (!env->pil_in && (env->interrupt_index & ~15) == TT_EXTINT) {
-cs = CPU(sparc_env_get_cpu(env));
+cs = env_cpu(env);
 trace_sun4m_cpu_reset_interrupt(env->interrupt_index & 15);
 env->interrupt_index = 0;
 cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
diff --git a/hw/sparc64/sparc64.c b/hw/sparc64/sparc64.c
index 408388945e..689801f37d 100644
--- a/hw/sparc64/sparc64.c
+++ b/hw/sparc64/sparc64.c
@@ -46,7 +46,7 @@ void cpu_check_irqs(CPUSPARCState *env)
 if (env->ivec_status & 0x20) {
 return;
 }
-cs = CPU(sparc_env_get_cpu(env));
+cs = env_cpu(env);
 /* check if TM or SM in SOFTINT are set
setting these also causes interrupt 14 */
 if (env->softint & (SOFTINT_TIMER | SOFTINT_STIMER)) {
diff --git a/linux-user/sparc/cpu_loop.c b/linux-user/sparc/cpu_loop.c
index 9e357229c0..d85359037c 100644
--- a/linux-user/sparc/cpu_loop.c
+++ b/linux-user/sparc/cpu_loop.c
@@ -145,7 +145,7 @@ static void flush_windows(CPUSPARCState *env)
 
 void cpu_loop (CPUSPARCState *env)
 {
-CPUState *cs = CPU(sparc_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr;
 abi_long ret;
 target_siginfo_t info;
diff --git a/target/sparc/fop_helper.c b/target/sparc/fop_helper.c
index b6642fd1d7..9eb9b75718 100644
--- a/target/sparc/fop_helper.c
+++ b/target/sparc/fop_helper.c
@@ -53,7 +53,7 @@ static target_ulong do_check_ieee_exceptions(CPUSPARCState 
*env, uintptr_t ra)
 }
 
 if ((fsr & FSR_CEXC_MASK) & ((fsr & FSR_TEM_MASK) >> 23)) {
-CPUState *cs = CPU(sparc_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 /* Unmasked exception, generate a trap.  Note that while
the helper is marked as NO_WG, we can get away with
diff --git a/target/sparc/helper.c b/target/sparc/helper.c
index 46232788c8..1a52061fbf 100644
--- a/target/sparc/helper.c
+++ b/target/sparc/helper.c
@@ -26,7 +26,7 @@
 
 void cpu_raise_exception_ra(CPUSPARCState *env, int tt, uintptr_t ra)
 {
-CPUState *cs = CPU(sparc_env_get_cpu(env));
+  

[Qemu-devel] [PATCH v3 25/39] target/sh4: Use env_cpu, env_archcpu

[Richard Henderson]

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/sh4/cpu.h  |  5 -
 linux-user/sh4/cpu_loop.c |  2 +-
 target/sh4/helper.c   | 26 --
 target/sh4/op_helper.c|  9 +++--
 4 files changed, 16 insertions(+), 26 deletions(-)

diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h
index c1a9e4f981..2ed942ca47 100644
--- a/target/sh4/cpu.h
+++ b/target/sh4/cpu.h
@@ -207,11 +207,6 @@ struct SuperHCPU {
 CPUSH4State env;
 };
 
-static inline SuperHCPU *sh_env_get_cpu(CPUSH4State *env)
-{
-return container_of(env, SuperHCPU, env);
-}
-
 #define ENV_OFFSET offsetof(SuperHCPU, env)
 
 void superh_cpu_do_interrupt(CPUState *cpu);
diff --git a/linux-user/sh4/cpu_loop.c b/linux-user/sh4/cpu_loop.c
index 59cbbeda7e..add8817d86 100644
--- a/linux-user/sh4/cpu_loop.c
+++ b/linux-user/sh4/cpu_loop.c
@@ -23,7 +23,7 @@
 
 void cpu_loop(CPUSH4State *env)
 {
-CPUState *cs = CPU(sh_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr, ret;
 target_siginfo_t info;
 
diff --git a/target/sh4/helper.c b/target/sh4/helper.c
index 2ff0cf4060..5240da715e 100644
--- a/target/sh4/helper.c
+++ b/target/sh4/helper.c
@@ -238,8 +238,6 @@ static void update_itlb_use(CPUSH4State * env, int itlbnb)
 
 static int itlb_replacement(CPUSH4State * env)
 {
-SuperHCPU *cpu = sh_env_get_cpu(env);
-
 if ((env->mmucr & 0xe000) == 0xe000) {
return 0;
 }
@@ -252,7 +250,7 @@ static int itlb_replacement(CPUSH4State * env)
 if ((env->mmucr & 0x2c00) == 0x) {
return 3;
 }
-cpu_abort(CPU(cpu), "Unhandled itlb_replacement");
+cpu_abort(env_cpu(env), "Unhandled itlb_replacement");
 }
 
 /* Find the corresponding entry in the right TLB
@@ -308,7 +306,7 @@ static int copy_utlb_entry_itlb(CPUSH4State *env, int utlb)
 itlb = itlb_replacement(env);
 ientry = >itlb[itlb];
 if (ientry->v) {
-tlb_flush_page(CPU(sh_env_get_cpu(env)), ientry->vpn << 10);
+tlb_flush_page(env_cpu(env), ientry->vpn << 10);
 }
 *ientry = env->utlb[utlb];
 update_itlb_use(env, itlb);
@@ -533,14 +531,14 @@ hwaddr superh_cpu_get_phys_page_debug(CPUState *cs, vaddr 
addr)
 
 void cpu_load_tlb(CPUSH4State * env)
 {
-SuperHCPU *cpu = sh_env_get_cpu(env);
+CPUState *cs = env_cpu(env);
 int n = cpu_mmucr_urc(env->mmucr);
 tlb_t * entry = >utlb[n];
 
 if (entry->v) {
 /* Overwriting valid entry in utlb. */
 target_ulong address = entry->vpn << 10;
-tlb_flush_page(CPU(cpu), address);
+tlb_flush_page(cs, address);
 }
 
 /* Take values into cpu status from registers. */
@@ -563,7 +561,7 @@ void cpu_load_tlb(CPUSH4State * env)
 entry->size = 1024 * 1024; /* 1M */
 break;
 default:
-cpu_abort(CPU(cpu), "Unhandled load_tlb");
+cpu_abort(cs, "Unhandled load_tlb");
 break;
 }
 entry->sh   = (uint8_t)cpu_ptel_sh(env->ptel);
@@ -590,7 +588,7 @@ void cpu_load_tlb(CPUSH4State * env)
 entry->v = 0;
 }
 
-tlb_flush(CPU(sh_env_get_cpu(s)));
+tlb_flush(env_cpu(s));
 }
 
 uint32_t cpu_sh4_read_mmaped_itlb_addr(CPUSH4State *s,
@@ -616,7 +614,7 @@ void cpu_sh4_write_mmaped_itlb_addr(CPUSH4State *s, hwaddr 
addr,
 if (entry->v) {
 /* Overwriting valid entry in itlb. */
 target_ulong address = entry->vpn << 10;
-tlb_flush_page(CPU(sh_env_get_cpu(s)), address);
+tlb_flush_page(env_cpu(s), address);
 }
 entry->asid = asid;
 entry->vpn = vpn;
@@ -658,7 +656,7 @@ void cpu_sh4_write_mmaped_itlb_data(CPUSH4State *s, hwaddr 
addr,
 if (entry->v) {
 /* Overwriting valid entry in utlb. */
 target_ulong address = entry->vpn << 10;
-tlb_flush_page(CPU(sh_env_get_cpu(s)), address);
+tlb_flush_page(env_cpu(s), address);
 }
 entry->ppn = (mem_value & 0x1c00) >> 10;
 entry->v   = (mem_value & 0x0100) >> 8;
@@ -711,7 +709,7 @@ void cpu_sh4_write_mmaped_utlb_addr(CPUSH4State *s, hwaddr 
addr,
 if (entry->vpn == vpn
 && (!use_asid || entry->asid == asid || entry->sh)) {
if (utlb_match_entry) {
-CPUState *cs = CPU(sh_env_get_cpu(s));
+CPUState *cs = env_cpu(s);
 
/* Multiple TLB Exception */
 cs->exception_index = 0x140;
@@ -743,14 +741,14 @@ void cpu_sh4_write_mmaped_utlb_addr(CPUSH4State *s, 
hwaddr addr,
}
 
 if (needs_tlb_flush) {
-tlb_flush_page(CPU(sh_env_get_cpu(s)), vpn << 10);
+tlb_flush_page(env_cpu(s), vpn << 10);
 }
 
 } else {
 int index = (addr & 0x3f00) >> 8;
 tlb_t * entry = >utlb[index];
if (entry->v) {
-CPUState *cs = CPU(sh_env_get_cpu(s));
+CPUState *cs = env_cpu(s);
 
/* Overwriting valid entry in utlb. */
  

[Qemu-devel] [PATCH v3 24/39] target/s390x: Use env_cpu, env_archcpu

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/s390x/cpu.h  |  5 
 linux-user/s390x/cpu_loop.c |  2 +-
 target/s390x/cc_helper.c|  5 ++--
 target/s390x/diag.c |  2 +-
 target/s390x/excp_helper.c  |  6 ++---
 target/s390x/fpu_helper.c   |  4 +--
 target/s390x/helper.c   |  7 +++---
 target/s390x/int_helper.c   |  3 +--
 target/s390x/interrupt.c|  6 ++---
 target/s390x/mem_helper.c   | 28 -
 target/s390x/misc_helper.c  | 50 ++---
 target/s390x/mmu_helper.c   |  8 +++---
 target/s390x/sigp.c |  4 +--
 13 files changed, 56 insertions(+), 74 deletions(-)

diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 9cdd831a77..eefed6f509 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -163,11 +163,6 @@ struct S390CPU {
 uint32_t irqstate_saved_size;
 };
 
-static inline S390CPU *s390_env_get_cpu(CPUS390XState *env)
-{
-return container_of(env, S390CPU, env);
-}
-
 #define ENV_OFFSET offsetof(S390CPU, env)
 
 #ifndef CONFIG_USER_ONLY
diff --git a/linux-user/s390x/cpu_loop.c b/linux-user/s390x/cpu_loop.c
index b8bd1c956c..8211022ceb 100644
--- a/linux-user/s390x/cpu_loop.c
+++ b/linux-user/s390x/cpu_loop.c
@@ -26,7 +26,7 @@
 
 void cpu_loop(CPUS390XState *env)
 {
-CPUState *cs = CPU(s390_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr, n, sig;
 target_siginfo_t info;
 target_ulong addr;
diff --git a/target/s390x/cc_helper.c b/target/s390x/cc_helper.c
index 0e467bf2b6..e9732500ad 100644
--- a/target/s390x/cc_helper.c
+++ b/target/s390x/cc_helper.c
@@ -405,7 +405,6 @@ static uint32_t cc_calc_lcbb(uint64_t dst)
 static uint32_t do_calc_cc(CPUS390XState *env, uint32_t cc_op,
   uint64_t src, uint64_t dst, uint64_t vr)
 {
-S390CPU *cpu = s390_env_get_cpu(env);
 uint32_t r = 0;
 
 switch (cc_op) {
@@ -526,7 +525,7 @@ static uint32_t do_calc_cc(CPUS390XState *env, uint32_t 
cc_op,
 break;
 
 default:
-cpu_abort(CPU(cpu), "Unknown CC operation: %s\n", cc_name(cc_op));
+cpu_abort(env_cpu(env), "Unknown CC operation: %s\n", cc_name(cc_op));
 }
 
 HELPER_LOG("%s: %15s 0x%016lx 0x%016lx 0x%016lx = %d\n", __func__,
@@ -550,7 +549,7 @@ uint32_t HELPER(calc_cc)(CPUS390XState *env, uint32_t 
cc_op, uint64_t src,
 void HELPER(load_psw)(CPUS390XState *env, uint64_t mask, uint64_t addr)
 {
 load_psw(env, mask, addr);
-cpu_loop_exit(CPU(s390_env_get_cpu(env)));
+cpu_loop_exit(env_cpu(env));
 }
 
 void HELPER(sacf)(CPUS390XState *env, uint64_t a1)
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index aafa740f61..65eabf0461 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -55,7 +55,7 @@ int handle_diag_288(CPUS390XState *env, uint64_t r1, uint64_t 
r3)
 
 void handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t 
ra)
 {
-CPUState *cs = CPU(s390_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 uint64_t addr =  env->regs[r1];
 uint64_t subcode = env->regs[r3];
 IplParameterBlock *iplb;
diff --git a/target/s390x/excp_helper.c b/target/s390x/excp_helper.c
index f84bfb1284..b83c1e6559 100644
--- a/target/s390x/excp_helper.c
+++ b/target/s390x/excp_helper.c
@@ -36,7 +36,7 @@
 void QEMU_NORETURN tcg_s390_program_interrupt(CPUS390XState *env, uint32_t 
code,
   int ilen, uintptr_t ra)
 {
-CPUState *cs = CPU(s390_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cpu_restore_state(cs, ra, true);
 qemu_log_mask(CPU_LOG_INT, "program interrupt at %#" PRIx64 "\n",
@@ -51,7 +51,7 @@ void QEMU_NORETURN tcg_s390_data_exception(CPUS390XState 
*env, uint32_t dxc,
 g_assert(dxc <= 0xff);
 #if !defined(CONFIG_USER_ONLY)
 /* Store the DXC into the lowcore */
-stl_phys(CPU(s390_env_get_cpu(env))->as,
+stl_phys(env_cpu(env)->as,
  env->psa + offsetof(LowCore, data_exc_code), dxc);
 #endif
 
@@ -261,7 +261,7 @@ static void do_svc_interrupt(CPUS390XState *env)
 static void do_ext_interrupt(CPUS390XState *env)
 {
 QEMUS390FLICState *flic = QEMU_S390_FLIC(s390_get_flic());
-S390CPU *cpu = s390_env_get_cpu(env);
+S390CPU *cpu = env_archcpu(env);
 uint64_t mask, addr;
 uint16_t cpu_addr;
 LowCore *lowcore;
diff --git a/target/s390x/fpu_helper.c b/target/s390x/fpu_helper.c
index 1be68bafea..906fa8ce99 100644
--- a/target/s390x/fpu_helper.c
+++ b/target/s390x/fpu_helper.c
@@ -114,8 +114,6 @@ static void handle_exceptions(CPUS390XState *env, bool XxC, 
uintptr_t retaddr)
 
 static inline int float_comp_to_cc(CPUS390XState *env, int float_compare)
 {
-S390CPU *cpu = s390_env_get_cpu(env);
-
 switch (float_compare) {
 case float_relation_equal:
 return 0;
@@ -126,7 +124,7 @@ static inline int float_comp_to_cc(CPUS390XState *env, int 
float_compare)
 case float_relation_unordered:
 return 3;
 default:
-   

[Qemu-devel] [PATCH v3 21/39] target/openrisc: Use env_cpu, env_archcpu

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/openrisc/cpu.h  | 5 -
 linux-user/openrisc/cpu_loop.c | 2 +-
 target/openrisc/exception_helper.c | 5 ++---
 target/openrisc/sys_helper.c   | 8 
 4 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/target/openrisc/cpu.h b/target/openrisc/cpu.h
index 0ba4ae3356..91ba667139 100644
--- a/target/openrisc/cpu.h
+++ b/target/openrisc/cpu.h
@@ -317,11 +317,6 @@ typedef struct OpenRISCCPU {
 
 } OpenRISCCPU;
 
-static inline OpenRISCCPU *openrisc_env_get_cpu(CPUOpenRISCState *env)
-{
-return container_of(env, OpenRISCCPU, env);
-}
-
 #define ENV_OFFSET offsetof(OpenRISCCPU, env)
 
 void cpu_openrisc_list(void);
diff --git a/linux-user/openrisc/cpu_loop.c b/linux-user/openrisc/cpu_loop.c
index f496e4b48a..4b8165b261 100644
--- a/linux-user/openrisc/cpu_loop.c
+++ b/linux-user/openrisc/cpu_loop.c
@@ -23,7 +23,7 @@
 
 void cpu_loop(CPUOpenRISCState *env)
 {
-CPUState *cs = CPU(openrisc_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr;
 abi_long ret;
 target_siginfo_t info;
diff --git a/target/openrisc/exception_helper.c 
b/target/openrisc/exception_helper.c
index 6073a5b21c..dd639ba5f2 100644
--- a/target/openrisc/exception_helper.c
+++ b/target/openrisc/exception_helper.c
@@ -25,15 +25,14 @@
 
 void HELPER(exception)(CPUOpenRISCState *env, uint32_t excp)
 {
-OpenRISCCPU *cpu = openrisc_env_get_cpu(env);
+OpenRISCCPU *cpu = env_archcpu(env);
 
 raise_exception(cpu, excp);
 }
 
 static void QEMU_NORETURN do_range(CPUOpenRISCState *env, uintptr_t pc)
 {
-OpenRISCCPU *cpu = openrisc_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = EXCP_RANGE;
 cpu_loop_exit_restore(cs, pc);
diff --git a/target/openrisc/sys_helper.c b/target/openrisc/sys_helper.c
index 05f66c455b..8f11cb8202 100644
--- a/target/openrisc/sys_helper.c
+++ b/target/openrisc/sys_helper.c
@@ -30,8 +30,8 @@
 void HELPER(mtspr)(CPUOpenRISCState *env, target_ulong spr, target_ulong rb)
 {
 #ifndef CONFIG_USER_ONLY
-OpenRISCCPU *cpu = openrisc_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+OpenRISCCPU *cpu = env_archcpu(env);
+CPUState *cs = env_cpu(env);
 target_ulong mr;
 int idx;
 
@@ -194,8 +194,8 @@ target_ulong HELPER(mfspr)(CPUOpenRISCState *env, 
target_ulong rd,
target_ulong spr)
 {
 #ifndef CONFIG_USER_ONLY
-OpenRISCCPU *cpu = openrisc_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+OpenRISCCPU *cpu = env_archcpu(env);
+CPUState *cs = env_cpu(env);
 int idx;
 
 switch (spr) {
-- 
2.17.1

[Qemu-devel] [PATCH v3 20/39] target/nios2: Use env_cpu, env_archcpu

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/nios2/cpu.h |  5 -
 hw/nios2/cpu_pic.c |  5 +
 target/nios2/mmu.c | 10 +-
 3 files changed, 6 insertions(+), 14 deletions(-)

diff --git a/target/nios2/cpu.h b/target/nios2/cpu.h
index b14095b8dc..f2ffc1469f 100644
--- a/target/nios2/cpu.h
+++ b/target/nios2/cpu.h
@@ -193,11 +193,6 @@ typedef struct Nios2CPU {
 uint32_t fast_tlb_miss_addr;
 } Nios2CPU;
 
-static inline Nios2CPU *nios2_env_get_cpu(CPUNios2State *env)
-{
-return NIOS2_CPU(container_of(env, Nios2CPU, env));
-}
-
 #define ENV_OFFSET offsetof(Nios2CPU, env)
 
 void nios2_tcg_init(void);
diff --git a/hw/nios2/cpu_pic.c b/hw/nios2/cpu_pic.c
index 6bccce2f32..9e39955bd1 100644
--- a/hw/nios2/cpu_pic.c
+++ b/hw/nios2/cpu_pic.c
@@ -54,12 +54,9 @@ static void nios2_pic_cpu_handler(void *opaque, int irq, int 
level)
 
 void nios2_check_interrupts(CPUNios2State *env)
 {
-Nios2CPU *cpu = nios2_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
-
 if (env->irq_pending) {
 env->irq_pending = 0;
-cpu_interrupt(cs, CPU_INTERRUPT_HARD);
+cpu_interrupt(env_cpu(env), CPU_INTERRUPT_HARD);
 }
 }
 
diff --git a/target/nios2/mmu.c b/target/nios2/mmu.c
index 33382bad1b..61eaa06b3e 100644
--- a/target/nios2/mmu.c
+++ b/target/nios2/mmu.c
@@ -73,7 +73,7 @@ unsigned int mmu_translate(CPUNios2State *env,
Nios2MMULookup *lu,
target_ulong vaddr, int rw, int mmu_idx)
 {
-Nios2CPU *cpu = nios2_env_get_cpu(env);
+Nios2CPU *cpu = env_archcpu(env);
 int pid = (env->mmu.tlbmisc_wr & CR_TLBMISC_PID_MASK) >> 4;
 int vpn = vaddr >> 12;
 
@@ -115,7 +115,7 @@ unsigned int mmu_translate(CPUNios2State *env,
 static void mmu_flush_pid(CPUNios2State *env, uint32_t pid)
 {
 CPUState *cs = env_cpu(env);
-Nios2CPU *cpu = nios2_env_get_cpu(env);
+Nios2CPU *cpu = env_archcpu(env);
 int idx;
 MMU_LOG(qemu_log("TLB Flush PID %d\n", pid));
 
@@ -139,7 +139,7 @@ static void mmu_flush_pid(CPUNios2State *env, uint32_t pid)
 void mmu_write(CPUNios2State *env, uint32_t rn, uint32_t v)
 {
 CPUState *cs = env_cpu(env);
-Nios2CPU *cpu = nios2_env_get_cpu(env);
+Nios2CPU *cpu = env_archcpu(env);
 
 MMU_LOG(qemu_log("mmu_write %08X = %08X\n", rn, v));
 
@@ -256,7 +256,7 @@ void mmu_write(CPUNios2State *env, uint32_t rn, uint32_t v)
 
 void mmu_init(CPUNios2State *env)
 {
-Nios2CPU *cpu = nios2_env_get_cpu(env);
+Nios2CPU *cpu = env_archcpu(env);
 Nios2MMU *mmu = >mmu;
 
 MMU_LOG(qemu_log("mmu_init\n"));
@@ -267,7 +267,7 @@ void mmu_init(CPUNios2State *env)
 
 void dump_mmu(CPUNios2State *env)
 {
-Nios2CPU *cpu = nios2_env_get_cpu(env);
+Nios2CPU *cpu = env_archcpu(env);
 int i;
 
 qemu_printf("MMU: ways %d, entries %d, pid bits %d\n",
-- 
2.17.1

[Qemu-devel] [PATCH v3 18/39] target/mips: Use env_cpu, env_archcpu

[Richard Henderson]

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/mips/cpu.h|  5 -
 hw/intc/mips_gic.c   |  2 +-
 hw/mips/mips_int.c   |  2 +-
 linux-user/mips/cpu_loop.c   |  2 +-
 target/mips/helper.c | 15 +--
 target/mips/op_helper.c  | 25 +++--
 target/mips/translate.c  |  3 +--
 target/mips/translate_init.inc.c |  4 +---
 8 files changed, 21 insertions(+), 37 deletions(-)

diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 31e15834ca..e0645eb1d1 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -1051,11 +1051,6 @@ struct MIPSCPU {
 CPUMIPSState env;
 };
 
-static inline MIPSCPU *mips_env_get_cpu(CPUMIPSState *env)
-{
-return container_of(env, MIPSCPU, env);
-}
-
 #define ENV_OFFSET offsetof(MIPSCPU, env)
 
 void mips_cpu_list(void);
diff --git a/hw/intc/mips_gic.c b/hw/intc/mips_gic.c
index 15e6e40f9f..8f509493ea 100644
--- a/hw/intc/mips_gic.c
+++ b/hw/intc/mips_gic.c
@@ -44,7 +44,7 @@ static void mips_gic_set_vp_irq(MIPSGICState *gic, int vp, 
int pin)
   GIC_VP_MASK_CMP_SHF;
 }
 if (kvm_enabled())  {
-kvm_mips_set_ipi_interrupt(mips_env_get_cpu(gic->vps[vp].env),
+kvm_mips_set_ipi_interrupt(env_archcpu(gic->vps[vp].env),
pin + GIC_CPU_PIN_OFFSET,
ored_level);
 } else {
diff --git a/hw/mips/mips_int.c b/hw/mips/mips_int.c
index 5ddeb15848..f899f6ceb3 100644
--- a/hw/mips/mips_int.c
+++ b/hw/mips/mips_int.c
@@ -76,7 +76,7 @@ void cpu_mips_irq_init_cpu(MIPSCPU *cpu)
 qemu_irq *qi;
 int i;
 
-qi = qemu_allocate_irqs(cpu_mips_irq_request, mips_env_get_cpu(env), 8);
+qi = qemu_allocate_irqs(cpu_mips_irq_request, env_archcpu(env), 8);
 for (i = 0; i < 8; i++) {
 env->irq[i] = qi[i];
 }
diff --git a/linux-user/mips/cpu_loop.c b/linux-user/mips/cpu_loop.c
index 828137cd84..ac6c6d1504 100644
--- a/linux-user/mips/cpu_loop.c
+++ b/linux-user/mips/cpu_loop.c
@@ -425,7 +425,7 @@ static int do_break(CPUMIPSState *env, target_siginfo_t 
*info,
 
 void cpu_loop(CPUMIPSState *env)
 {
-CPUState *cs = CPU(mips_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 target_siginfo_t info;
 int trapnr;
 abi_long ret;
diff --git a/target/mips/helper.c b/target/mips/helper.c
index c44cdca3b5..1fc0a4ce4b 100644
--- a/target/mips/helper.c
+++ b/target/mips/helper.c
@@ -336,10 +336,8 @@ static int get_physical_address (CPUMIPSState *env, hwaddr 
*physical,
 
 void cpu_mips_tlb_flush(CPUMIPSState *env)
 {
-MIPSCPU *cpu = mips_env_get_cpu(env);
-
 /* Flush qemu's TLB and discard all shadowed entries.  */
-tlb_flush(CPU(cpu));
+tlb_flush(env_cpu(env));
 env->tlb->tlb_in_use = env->tlb->nb_tlb;
 }
 
@@ -401,7 +399,7 @@ void cpu_mips_store_status(CPUMIPSState *env, target_ulong 
val)
 #if defined(TARGET_MIPS64)
 if ((env->CP0_Status ^ old) & (old & (7 << CP0St_UX))) {
 /* Access to at least one of the 64-bit segments has been disabled */
-tlb_flush(CPU(mips_env_get_cpu(env)));
+tlb_flush(env_cpu(env));
 }
 #endif
 if (env->CP0_Config3 & (1 << CP0C3_MT)) {
@@ -446,7 +444,7 @@ void cpu_mips_store_cause(CPUMIPSState *env, target_ulong 
val)
 static void raise_mmu_exception(CPUMIPSState *env, target_ulong address,
 int rw, int tlb_error)
 {
-CPUState *cs = CPU(mips_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int exception = 0, error_code = 0;
 
 if (rw == MMU_INST_FETCH) {
@@ -1400,8 +1398,7 @@ bool mips_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 #if !defined(CONFIG_USER_ONLY)
 void r4k_invalidate_tlb (CPUMIPSState *env, int idx, int use_extra)
 {
-MIPSCPU *cpu = mips_env_get_cpu(env);
-CPUState *cs;
+CPUState *cs = env_cpu(env);
 r4k_tlb_t *tlb;
 target_ulong addr;
 target_ulong end;
@@ -1427,7 +1424,6 @@ void r4k_invalidate_tlb (CPUMIPSState *env, int idx, int 
use_extra)
 /* 1k pages are not supported. */
 mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1);
 if (tlb->V0) {
-cs = CPU(cpu);
 addr = tlb->VPN & ~mask;
 #if defined(TARGET_MIPS64)
 if (addr >= (0x8000ULL & env->SEGMask)) {
@@ -1441,7 +1437,6 @@ void r4k_invalidate_tlb (CPUMIPSState *env, int idx, int 
use_extra)
 }
 }
 if (tlb->V1) {
-cs = CPU(cpu);
 addr = (tlb->VPN & ~mask) | ((mask >> 1) + 1);
 #if defined(TARGET_MIPS64)
 if (addr >= (0x8000ULL & env->SEGMask)) {
@@ -1462,7 +1457,7 @@ void QEMU_NORETURN do_raise_exception_err(CPUMIPSState 
*env,
   int error_code,
   uintptr_t pc)
 {
-CPUState *cs = CPU(mips_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 qemu_log_mask(CPU_LOG_INT, "%s: %d %d\n",
   

[Qemu-devel] [PATCH v3 06/39] cpu: Replace ENV_GET_CPU with env_cpu

[Richard Henderson]

Now that we have both ArchCPU and CPUArchState, we can define
this generically instead of via macro in each target's cpu.h.

Reviewed-by: Peter Maydell 
Acked-by: Alistair Francis 
Signed-off-by: Richard Henderson 
---
 accel/tcg/atomic_template.h   |  8 +--
 accel/tcg/softmmu_template.h  | 20 
 include/exec/cpu-all.h| 12 +
 include/exec/cpu_ldst_template.h  |  6 +--
 include/exec/cpu_ldst_useronly_template.h |  6 +--
 include/exec/softmmu-semi.h   | 16 +++---
 linux-user/cpu_loop-common.h  |  2 +-
 target/alpha/cpu.h|  2 -
 target/arm/cpu.h  |  2 -
 target/cris/cpu.h |  2 -
 target/hppa/cpu.h |  1 -
 target/i386/cpu.h |  2 -
 target/lm32/cpu.h |  2 -
 target/m68k/cpu.h |  2 -
 target/microblaze/cpu.h   |  2 -
 target/mips/cpu.h |  2 -
 target/moxie/cpu.h|  2 -
 target/nios2/cpu.h|  2 -
 target/openrisc/cpu.h |  2 -
 target/ppc/cpu.h  |  2 -
 target/riscv/cpu.h|  1 -
 target/s390x/cpu.h|  2 -
 target/sh4/cpu.h  |  2 -
 target/sparc/cpu.h|  2 -
 target/tilegx/cpu.h   |  2 -
 target/tricore/cpu.h  |  2 -
 target/unicore32/cpu.h|  2 -
 target/xtensa/cpu.h   |  2 -
 accel/tcg/cputlb.c| 22 -
 accel/tcg/tcg-runtime.c   |  4 +-
 accel/tcg/translate-all.c |  2 +-
 accel/tcg/user-exec.c |  2 +-
 bsd-user/syscall.c|  6 +--
 linux-user/arm/cpu_loop.c |  2 +-
 linux-user/cris/cpu_loop.c|  2 +-
 linux-user/elfload.c  |  6 +--
 linux-user/m68k/cpu_loop.c|  2 +-
 linux-user/main.c |  2 +-
 linux-user/mips/cpu_loop.c|  2 +-
 linux-user/nios2/cpu_loop.c   |  2 +-
 linux-user/riscv/cpu_loop.c   |  2 +-
 linux-user/signal.c   |  8 +--
 linux-user/syscall.c  | 18 +++
 linux-user/uname.c|  2 +-
 target/arm/helper.c   | 42 
 target/hppa/op_helper.c   |  2 +-
 target/i386/hax-all.c |  6 +--
 target/i386/hvf/x86_decode.c  | 22 -
 target/i386/hvf/x86_emu.c | 60 +--
 target/i386/mem_helper.c  |  4 +-
 target/m68k/op_helper.c   |  2 +-
 target/nios2/mmu.c|  4 +-
 target/nios2/op_helper.c  |  2 +-
 target/ppc/mmu_helper.c   |  2 +-
 target/s390x/gdbstub.c| 24 -
 target/s390x/mem_helper.c |  2 +-
 target/sh4/op_helper.c|  2 +-
 docs/devel/tracing.txt|  4 +-
 scripts/tracetool/format/tcg_helper_c.py  |  2 +-
 59 files changed, 176 insertions(+), 198 deletions(-)

diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
index 685602b076..5aaf186253 100644
--- a/accel/tcg/atomic_template.h
+++ b/accel/tcg/atomic_template.h
@@ -62,21 +62,21 @@
 #define ATOMIC_TRACE_RMW do {   \
 uint8_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, false); \
 \
-trace_guest_mem_before_exec(ENV_GET_CPU(env), addr, info);  \
-trace_guest_mem_before_exec(ENV_GET_CPU(env), addr, \
+trace_guest_mem_before_exec(env_cpu(env), addr, info);  \
+trace_guest_mem_before_exec(env_cpu(env), addr, \
 info | TRACE_MEM_ST);   \
 } while (0)
 
 #define ATOMIC_TRACE_LD do {\
 uint8_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, false); \
 \
-trace_guest_mem_before_exec(ENV_GET_CPU(env), addr, info);  \
+trace_guest_mem_before_exec(env_cpu(env), addr, info);  \
 } while (0)
 
 # define ATOMIC_TRACE_ST do {   \
 uint8_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, true); \
 \
-trace_guest_mem_before_exec(ENV_GET_CPU(env), addr, info);  \
+trace_guest_mem_before_exec(env_cpu(env), addr, info);  \
 } while (0)
 
 /* Define host-endian atomic operations.  Note that 

[Qemu-devel] [PATCH v3 19/39] target/moxie: Use env_cpu, env_archcpu

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/moxie/cpu.h   | 5 -
 target/moxie/helper.c| 6 +++---
 target/moxie/translate.c | 2 +-
 3 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/target/moxie/cpu.h b/target/moxie/cpu.h
index 5b9aae95d2..a481a92833 100644
--- a/target/moxie/cpu.h
+++ b/target/moxie/cpu.h
@@ -90,11 +90,6 @@ typedef struct MoxieCPU {
 CPUMoxieState env;
 } MoxieCPU;
 
-static inline MoxieCPU *moxie_env_get_cpu(CPUMoxieState *env)
-{
-return container_of(env, MoxieCPU, env);
-}
-
 #define ENV_OFFSET offsetof(MoxieCPU, env)
 
 void moxie_cpu_do_interrupt(CPUState *cs);
diff --git a/target/moxie/helper.c b/target/moxie/helper.c
index 287a45232c..a18b21c4c0 100644
--- a/target/moxie/helper.c
+++ b/target/moxie/helper.c
@@ -42,7 +42,7 @@ void tlb_fill(CPUState *cs, target_ulong addr, int size,
 
 void helper_raise_exception(CPUMoxieState *env, int ex)
 {
-CPUState *cs = CPU(moxie_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = ex;
 /* Stash the exception type.  */
@@ -79,7 +79,7 @@ uint32_t helper_udiv(CPUMoxieState *env, uint32_t a, uint32_t 
b)
 
 void helper_debug(CPUMoxieState *env)
 {
-CPUState *cs = CPU(moxie_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = EXCP_DEBUG;
 cpu_loop_exit(cs);
@@ -89,7 +89,7 @@ void helper_debug(CPUMoxieState *env)
 
 void moxie_cpu_do_interrupt(CPUState *cs)
 {
-CPUState *cs = CPU(moxie_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = -1;
 }
diff --git a/target/moxie/translate.c b/target/moxie/translate.c
index c668178f2c..c87e9ec2b1 100644
--- a/target/moxie/translate.c
+++ b/target/moxie/translate.c
@@ -816,7 +816,7 @@ static int decode_opc(MoxieCPU *cpu, DisasContext *ctx)
 void gen_intermediate_code(CPUState *cs, TranslationBlock *tb, int max_insns)
 {
 CPUMoxieState *env = cs->env_ptr;
-MoxieCPU *cpu = moxie_env_get_cpu(env);
+MoxieCPU *cpu = env_archcpu(env);
 DisasContext ctx;
 target_ulong pc_start;
 int num_insns;
-- 
2.17.1

[Qemu-devel] [PATCH v3 02/39] tcg: Split out target/arch/cpu-param.h

[Richard Henderson]

For all targets, into this new file move TARGET_LONG_BITS,
TARGET_PAGE_BITS, TARGET_PHYS_ADDR_SPACE_BITS,
TARGET_VIRT_ADDR_SPACE_BITS, and NB_MMU_MODES.

Include this new file from exec/cpu-defs.h.

This now removes the somewhat odd requirement that target/arch/cpu.h
defines TARGET_LONG_BITS before including exec/cpu-defs.h, so push the
bulk of the includes within target/arch/cpu.h to the top.

Reviewed-by: Peter Maydell 
Acked-by: Alistair Francis 
Signed-off-by: Richard Henderson 
---
v3: Add header comment + include guards.
Copyright and license copied from cpu.h, when present.
---
 include/exec/cpu-defs.h   | 22 +-
 target/alpha/cpu-param.h  | 31 ++
 target/alpha/cpu.h| 23 +--
 target/arm/cpu-param.h| 34 
 target/arm/cpu.h  | 33 +++
 target/cris/cpu-param.h   | 17 ++
 target/cris/cpu.h | 11 +
 target/hppa/cpu-param.h   | 34 
 target/hppa/cpu.h | 24 +---
 target/i386/cpu-param.h   | 28 +++
 target/i386/cpu.h | 21 --
 target/lm32/cpu-param.h   | 17 ++
 target/lm32/cpu.h | 12 +++---
 target/m68k/cpu-param.h   | 22 ++
 target/m68k/cpu.h | 16 ++---
 target/microblaze/cpu-param.h | 18 +++
 target/microblaze/cpu.h   | 14 ++--
 target/mips/cpu-param.h   | 29 
 target/mips/cpu.h |  3 +--
 target/mips/mips-defs.h   | 15 -
 target/moxie/cpu-param.h  | 17 ++
 target/moxie/cpu.h| 12 +-
 target/nios2/cpu-param.h  | 21 ++
 target/nios2/cpu.h| 17 ++
 target/openrisc/cpu-param.h   | 17 ++
 target/openrisc/cpu.h | 14 +++-
 target/ppc/cpu-param.h| 37 ++
 target/ppc/cpu.h  | 42 ---
 target/riscv/cpu-param.h  | 23 +++
 target/riscv/cpu.h| 21 --
 target/s390x/cpu-param.h  | 17 ++
 target/s390x/cpu.h| 11 +
 target/sh4/cpu-param.h| 21 ++
 target/sh4/cpu.h  | 14 +---
 target/sparc/cpu-param.h  | 28 +++
 target/sparc/cpu.h| 20 ++---
 target/tilegx/cpu-param.h | 17 ++
 target/tilegx/cpu.h   |  9 +---
 target/tricore/cpu-param.h| 17 ++
 target/tricore/cpu.h  |  4 +---
 target/tricore/tricore-defs.h |  5 -
 target/unicore32/cpu-param.h  | 17 ++
 target/unicore32/cpu.h| 10 +
 target/xtensa/cpu-param.h | 21 ++
 target/xtensa/cpu.h   | 21 +-
 45 files changed, 544 insertions(+), 333 deletions(-)
 create mode 100644 target/alpha/cpu-param.h
 create mode 100644 target/arm/cpu-param.h
 create mode 100644 target/cris/cpu-param.h
 create mode 100644 target/hppa/cpu-param.h
 create mode 100644 target/i386/cpu-param.h
 create mode 100644 target/lm32/cpu-param.h
 create mode 100644 target/m68k/cpu-param.h
 create mode 100644 target/microblaze/cpu-param.h
 create mode 100644 target/mips/cpu-param.h
 create mode 100644 target/moxie/cpu-param.h
 create mode 100644 target/nios2/cpu-param.h
 create mode 100644 target/openrisc/cpu-param.h
 create mode 100644 target/ppc/cpu-param.h
 create mode 100644 target/riscv/cpu-param.h
 create mode 100644 target/s390x/cpu-param.h
 create mode 100644 target/sh4/cpu-param.h
 create mode 100644 target/sparc/cpu-param.h
 create mode 100644 target/tilegx/cpu-param.h
 create mode 100644 target/tricore/cpu-param.h
 create mode 100644 target/unicore32/cpu-param.h
 create mode 100644 target/xtensa/cpu-param.h

diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 52d150aaf1..2694481769 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -34,8 +34,28 @@
 #endif
 #include "exec/memattrs.h"
 
+#include "cpu-param.h"
+
 #ifndef TARGET_LONG_BITS
-#error TARGET_LONG_BITS must be defined before including this header
+# error TARGET_LONG_BITS must be defined in cpu-param.h
+#endif
+#ifndef NB_MMU_MODES
+# error NB_MMU_MODES must be defined in cpu-param.h
+#endif
+#ifndef TARGET_PHYS_ADDR_SPACE_BITS
+# error TARGET_PHYS_ADDR_SPACE_BITS must be defined in cpu-param.h
+#endif
+#ifndef TARGET_VIRT_ADDR_SPACE_BITS
+# error TARGET_VIRT_ADDR_SPACE_BITS must be defined in cpu-param.h
+#endif
+#ifndef TARGET_PAGE_BITS
+# ifdef TARGET_PAGE_BITS_VARY
+#  ifndef TARGET_PAGE_BITS_MIN
+#   error TARGET_PAGE_BITS_MIN must be defined in cpu-param.h
+#  endif
+# else
+#  error TARGET_PAGE_BITS must be defined in cpu-param.h
+# endif
 #endif
 
 #define TARGET_LONG_SIZE 

[Qemu-devel] [PATCH v3 11/39] target/cris: Reindent op_helper.c

[Richard Henderson]

Fix all of the coding style errors in this file at once.

Signed-off-by: Richard Henderson 
---
 target/cris/op_helper.c | 817 +++-
 1 file changed, 398 insertions(+), 419 deletions(-)

diff --git a/target/cris/op_helper.c b/target/cris/op_helper.c
index 0ee3a3117b..d4479167a5 100644
--- a/target/cris/op_helper.c
+++ b/target/cris/op_helper.c
@@ -76,9 +76,10 @@ void helper_raise_exception(CPUCRISState *env, uint32_t 
index)
 void helper_tlb_flush_pid(CPUCRISState *env, uint32_t pid)
 {
 #if !defined(CONFIG_USER_ONLY)
-   pid &= 0xff;
-   if (pid != (env->pregs[PR_PID] & 0xff))
-   cris_mmu_flush_pid(env, env->pregs[PR_PID]);
+pid &= 0xff;
+if (pid != (env->pregs[PR_PID] & 0xff)) {
+cris_mmu_flush_pid(env, env->pregs[PR_PID]);
+}
 #endif
 }
 
@@ -94,541 +95,519 @@ void helper_spc_write(CPUCRISState *env, uint32_t new_spc)
 }
 
 /* Used by the tlb decoder.  */
-#define EXTRACT_FIELD(src, start, end) \
-   (((src) >> start) & ((1 << (end - start + 1)) - 1))
+#define EXTRACT_FIELD(src, start, end)  \
+(((src) >> start) & ((1 << (end - start + 1)) - 1))
 
 void helper_movl_sreg_reg(CPUCRISState *env, uint32_t sreg, uint32_t reg)
 {
 #if !defined(CONFIG_USER_ONLY)
 CRISCPU *cpu = cris_env_get_cpu(env);
 #endif
-   uint32_t srs;
-   srs = env->pregs[PR_SRS];
-   srs &= 3;
-   env->sregs[srs][sreg] = env->regs[reg];
+uint32_t srs;
+srs = env->pregs[PR_SRS];
+srs &= 3;
+env->sregs[srs][sreg] = env->regs[reg];
 
 #if !defined(CONFIG_USER_ONLY)
-   if (srs == 1 || srs == 2) {
-   if (sreg == 6) {
-   /* Writes to tlb-hi write to mm_cause as a side 
-  effect.  */
-   env->sregs[SFR_RW_MM_TLB_HI] = env->regs[reg];
-   env->sregs[SFR_R_MM_CAUSE] = env->regs[reg];
-   }
-   else if (sreg == 5) {
-   uint32_t set;
-   uint32_t idx;
-   uint32_t lo, hi;
-   uint32_t vaddr;
-   int tlb_v;
+if (srs == 1 || srs == 2) {
+if (sreg == 6) {
+/* Writes to tlb-hi write to mm_cause as a side effect.  */
+env->sregs[SFR_RW_MM_TLB_HI] = env->regs[reg];
+env->sregs[SFR_R_MM_CAUSE] = env->regs[reg];
+} else if (sreg == 5) {
+uint32_t set;
+uint32_t idx;
+uint32_t lo, hi;
+uint32_t vaddr;
+int tlb_v;
 
-   idx = set = env->sregs[SFR_RW_MM_TLB_SEL];
-   set >>= 4;
-   set &= 3;
+idx = set = env->sregs[SFR_RW_MM_TLB_SEL];
+set >>= 4;
+set &= 3;
 
-   idx &= 15;
-   /* We've just made a write to tlb_lo.  */
-   lo = env->sregs[SFR_RW_MM_TLB_LO];
-   /* Writes are done via r_mm_cause.  */
-   hi = env->sregs[SFR_R_MM_CAUSE];
+idx &= 15;
+/* We've just made a write to tlb_lo.  */
+lo = env->sregs[SFR_RW_MM_TLB_LO];
+/* Writes are done via r_mm_cause.  */
+hi = env->sregs[SFR_R_MM_CAUSE];
 
-   vaddr = EXTRACT_FIELD(env->tlbsets[srs-1][set][idx].hi,
- 13, 31);
-   vaddr <<= TARGET_PAGE_BITS;
-   tlb_v = EXTRACT_FIELD(env->tlbsets[srs-1][set][idx].lo,
-   3, 3);
-   env->tlbsets[srs - 1][set][idx].lo = lo;
-   env->tlbsets[srs - 1][set][idx].hi = hi;
+vaddr = EXTRACT_FIELD(env->tlbsets[srs - 1][set][idx].hi, 13, 31);
+vaddr <<= TARGET_PAGE_BITS;
+tlb_v = EXTRACT_FIELD(env->tlbsets[srs - 1][set][idx].lo, 3, 3);
+env->tlbsets[srs - 1][set][idx].lo = lo;
+env->tlbsets[srs - 1][set][idx].hi = hi;
 
-   D_LOG("tlb flush vaddr=%x v=%d pc=%x\n", 
- vaddr, tlb_v, env->pc);
-   if (tlb_v) {
+D_LOG("tlb flush vaddr=%x v=%d pc=%x\n",
+  vaddr, tlb_v, env->pc);
+if (tlb_v) {
 tlb_flush_page(CPU(cpu), vaddr);
-   }
-   }
-   }
+}
+}
+}
 #endif
 }
 
 void helper_movl_reg_sreg(CPUCRISState *env, uint32_t reg, uint32_t sreg)
 {
-   uint32_t srs;
-   env->pregs[PR_SRS] &= 3;
-   srs = env->pregs[PR_SRS];
-   
+uint32_t srs;
+env->pregs[PR_SRS] &= 3;
+srs = env->pregs[PR_SRS];
+
 #if !defined(CONFIG_USER_ONLY)
-   if (srs == 1 || srs == 2)
-   {
-   uint32_t set;
-   uint32_t idx;
-   uint32_t lo, hi;
+if (srs == 1 || srs == 2) {
+

[Qemu-devel] [PATCH v3 15/39] target/lm32: Use env_cpu, env_archcpu

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/lm32/cpu.h   |  5 -
 target/lm32/helper.c| 19 ++-
 target/lm32/op_helper.c |  6 +++---
 target/lm32/translate.c |  2 +-
 4 files changed, 10 insertions(+), 22 deletions(-)

diff --git a/target/lm32/cpu.h b/target/lm32/cpu.h
index c6b252f90a..8e7b70a275 100644
--- a/target/lm32/cpu.h
+++ b/target/lm32/cpu.h
@@ -195,11 +195,6 @@ struct LM32CPU {
 uint32_t features;
 };
 
-static inline LM32CPU *lm32_env_get_cpu(CPULM32State *env)
-{
-return container_of(env, LM32CPU, env);
-}
-
 #define ENV_OFFSET offsetof(LM32CPU, env)
 
 #ifndef CONFIG_USER_ONLY
diff --git a/target/lm32/helper.c b/target/lm32/helper.c
index a039a993ff..674cbd7fe4 100644
--- a/target/lm32/helper.c
+++ b/target/lm32/helper.c
@@ -58,28 +58,23 @@ hwaddr lm32_cpu_get_phys_page_debug(CPUState *cs, vaddr 
addr)
 
 void lm32_breakpoint_insert(CPULM32State *env, int idx, target_ulong address)
 {
-LM32CPU *cpu = lm32_env_get_cpu(env);
-
-cpu_breakpoint_insert(CPU(cpu), address, BP_CPU,
+cpu_breakpoint_insert(env_cpu(env), address, BP_CPU,
   >cpu_breakpoint[idx]);
 }
 
 void lm32_breakpoint_remove(CPULM32State *env, int idx)
 {
-LM32CPU *cpu = lm32_env_get_cpu(env);
-
 if (!env->cpu_breakpoint[idx]) {
 return;
 }
 
-cpu_breakpoint_remove_by_ref(CPU(cpu), env->cpu_breakpoint[idx]);
+cpu_breakpoint_remove_by_ref(env_cpu(env), env->cpu_breakpoint[idx]);
 env->cpu_breakpoint[idx] = NULL;
 }
 
 void lm32_watchpoint_insert(CPULM32State *env, int idx, target_ulong address,
 lm32_wp_t wp_type)
 {
-LM32CPU *cpu = lm32_env_get_cpu(env);
 int flags = 0;
 
 switch (wp_type) {
@@ -98,26 +93,24 @@ void lm32_watchpoint_insert(CPULM32State *env, int idx, 
target_ulong address,
 }
 
 if (flags != 0) {
-cpu_watchpoint_insert(CPU(cpu), address, 1, flags,
->cpu_watchpoint[idx]);
+cpu_watchpoint_insert(env_cpu(env), address, 1, flags,
+  >cpu_watchpoint[idx]);
 }
 }
 
 void lm32_watchpoint_remove(CPULM32State *env, int idx)
 {
-LM32CPU *cpu = lm32_env_get_cpu(env);
-
 if (!env->cpu_watchpoint[idx]) {
 return;
 }
 
-cpu_watchpoint_remove_by_ref(CPU(cpu), env->cpu_watchpoint[idx]);
+cpu_watchpoint_remove_by_ref(env_cpu(env), env->cpu_watchpoint[idx]);
 env->cpu_watchpoint[idx] = NULL;
 }
 
 static bool check_watchpoints(CPULM32State *env)
 {
-LM32CPU *cpu = lm32_env_get_cpu(env);
+LM32CPU *cpu = env_archcpu(env);
 int i;
 
 for (i = 0; i < cpu->num_watchpoints; i++) {
diff --git a/target/lm32/op_helper.c b/target/lm32/op_helper.c
index 234d55e056..ebff4c4518 100644
--- a/target/lm32/op_helper.c
+++ b/target/lm32/op_helper.c
@@ -16,7 +16,7 @@
 #if !defined(CONFIG_USER_ONLY)
 void raise_exception(CPULM32State *env, int index)
 {
-CPUState *cs = CPU(lm32_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = index;
 cpu_loop_exit(cs);
@@ -29,7 +29,7 @@ void HELPER(raise_exception)(CPULM32State *env, uint32_t 
index)
 
 void HELPER(hlt)(CPULM32State *env)
 {
-CPUState *cs = CPU(lm32_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cs->halted = 1;
 cs->exception_index = EXCP_HLT;
@@ -39,7 +39,7 @@ void HELPER(hlt)(CPULM32State *env)
 void HELPER(ill)(CPULM32State *env)
 {
 #ifndef CONFIG_USER_ONLY
-CPUState *cs = CPU(lm32_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 fprintf(stderr, "VM paused due to illegal instruction. "
 "Connect a debugger or switch to the monitor console "
 "to find out more.\n");
diff --git a/target/lm32/translate.c b/target/lm32/translate.c
index f0e0e7058e..b9f2f2c4a7 100644
--- a/target/lm32/translate.c
+++ b/target/lm32/translate.c
@@ -1053,7 +1053,7 @@ static inline void decode(DisasContext *dc, uint32_t ir)
 void gen_intermediate_code(CPUState *cs, TranslationBlock *tb, int max_insns)
 {
 CPULM32State *env = cs->env_ptr;
-LM32CPU *cpu = lm32_env_get_cpu(env);
+LM32CPU *cpu = env_archcpu(env);
 struct DisasContext ctx, *dc = 
 uint32_t pc_start;
 uint32_t page_start;
-- 
2.17.1

[Qemu-devel] [PATCH v3 14/39] target/i386: Use env_cpu, env_archcpu

[Richard Henderson]

Combined uses of CPU(x86_env_get_cpu()) were failures to use
the more proper, ENV_GET_CPU macro, now replaced by env_cpu.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/i386/cpu.h  |  5 -
 bsd-user/main.c|  3 +--
 hw/i386/kvmvapic.c |  4 ++--
 hw/i386/pc.c   |  2 +-
 linux-user/i386/cpu_loop.c |  2 +-
 linux-user/i386/signal.c   |  2 +-
 linux-user/vm86.c  | 18 +-
 target/i386/bpt_helper.c   |  4 ++--
 target/i386/cpu.c  |  4 ++--
 target/i386/excp_helper.c  |  2 +-
 target/i386/fpu_helper.c   |  2 +-
 target/i386/helper.c   | 16 ++--
 target/i386/misc_helper.c  | 24 +++-
 target/i386/seg_helper.c   | 14 +++---
 target/i386/smm_helper.c   |  4 ++--
 target/i386/svm_helper.c   | 22 +++---
 16 files changed, 58 insertions(+), 70 deletions(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 2546ffa4d4..e7f94437b1 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1479,11 +1479,6 @@ struct X86CPU {
 int32_t hv_max_vps;
 };
 
-static inline X86CPU *x86_env_get_cpu(CPUX86State *env)
-{
-return container_of(env, X86CPU, env);
-}
-
 #define ENV_OFFSET offsetof(X86CPU, env)
 
 #ifndef CONFIG_USER_ONLY
diff --git a/bsd-user/main.c b/bsd-user/main.c
index 6192e9d91e..bfdcae4269 100644
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -140,8 +140,7 @@ static void set_idt(int n, unsigned int dpl)
 
 void cpu_loop(CPUX86State *env)
 {
-X86CPU *cpu = x86_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+CPUState *cs = env_cpu(cpu);
 int trapnr;
 abi_ulong pc;
 //target_siginfo_t info;
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index 70f6f26a94..fe5b12ef6e 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -152,7 +152,7 @@ static void update_guest_rom_state(VAPICROMState *s)
 
 static int find_real_tpr_addr(VAPICROMState *s, CPUX86State *env)
 {
-CPUState *cs = CPU(x86_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 hwaddr paddr;
 target_ulong addr;
 
@@ -279,7 +279,7 @@ instruction_ok:
 
 static int update_rom_mapping(VAPICROMState *s, CPUX86State *env, target_ulong 
ip)
 {
-CPUState *cs = CPU(x86_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 hwaddr paddr;
 uint32_t rom_state_vaddr;
 uint32_t pos, patch, offset;
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index d98b737b8f..6a3a0678fc 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -408,7 +408,7 @@ uint64_t cpu_get_tsc(CPUX86State *env)
 /* IRQ handling */
 int cpu_get_pic_interrupt(CPUX86State *env)
 {
-X86CPU *cpu = x86_env_get_cpu(env);
+X86CPU *cpu = env_archcpu(env);
 int intno;
 
 if (!kvm_irqchip_in_kernel()) {
diff --git a/linux-user/i386/cpu_loop.c b/linux-user/i386/cpu_loop.c
index 51cfa006c9..71da24384f 100644
--- a/linux-user/i386/cpu_loop.c
+++ b/linux-user/i386/cpu_loop.c
@@ -82,7 +82,7 @@ static void set_idt(int n, unsigned int dpl)
 
 void cpu_loop(CPUX86State *env)
 {
-CPUState *cs = CPU(x86_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr;
 abi_ulong pc;
 abi_ulong ret;
diff --git a/linux-user/i386/signal.c b/linux-user/i386/signal.c
index fecb4c99c3..97a39204cc 100644
--- a/linux-user/i386/signal.c
+++ b/linux-user/i386/signal.c
@@ -198,7 +198,7 @@ static void setup_sigcontext(struct target_sigcontext *sc,
 struct target_fpstate *fpstate, CPUX86State *env, abi_ulong mask,
 abi_ulong fpstate_addr)
 {
-CPUState *cs = CPU(x86_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 #ifndef TARGET_X86_64
 uint16_t magic;
 
diff --git a/linux-user/vm86.c b/linux-user/vm86.c
index 9c393df424..2fa7a89edc 100644
--- a/linux-user/vm86.c
+++ b/linux-user/vm86.c
@@ -72,7 +72,7 @@ static inline unsigned int vm_getl(CPUX86State *env,
 
 void save_v86_state(CPUX86State *env)
 {
-CPUState *cs = CPU(x86_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 TaskState *ts = cs->opaque;
 struct target_vm86plus_struct * target_v86;
 
@@ -132,7 +132,7 @@ static inline void return_to_32bit(CPUX86State *env, int 
retval)
 
 static inline int set_IF(CPUX86State *env)
 {
-CPUState *cs = CPU(x86_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 TaskState *ts = cs->opaque;
 
 ts->v86flags |= VIF_MASK;
@@ -145,7 +145,7 @@ static inline int set_IF(CPUX86State *env)
 
 static inline void clear_IF(CPUX86State *env)
 {
-CPUState *cs = CPU(x86_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 TaskState *ts = cs->opaque;
 
 ts->v86flags &= ~VIF_MASK;
@@ -163,7 +163,7 @@ static inline void clear_AC(CPUX86State *env)
 
 static inline int set_vflags_long(unsigned long eflags, CPUX86State *env)
 {
-CPUState *cs = CPU(x86_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 TaskState *ts = cs->opaque;
 
 set_flags(ts->v86flags, eflags, ts->v86mask);
@@ -177,7 +177,7 @@ static inline int 

[Qemu-devel] [PATCH v3 10/39] target/cris: Reindent mmu.c

[Richard Henderson]

Fix all of the coding style errors in this file at once.

Signed-off-by: Richard Henderson 
---
 target/cris/mmu.c | 479 +++---
 1 file changed, 237 insertions(+), 242 deletions(-)

diff --git a/target/cris/mmu.c b/target/cris/mmu.c
index b8db908823..9cb73bbfec 100644
--- a/target/cris/mmu.c
+++ b/target/cris/mmu.c
@@ -33,96 +33,99 @@
 
 void cris_mmu_init(CPUCRISState *env)
 {
-   env->mmu_rand_lfsr = 0x;
+env->mmu_rand_lfsr = 0x;
 }
 
 #define SR_POLYNOM 0x8805
 static inline unsigned int compute_polynom(unsigned int sr)
 {
-   unsigned int i;
-   unsigned int f;
+unsigned int i;
+unsigned int f;
 
-   f = 0;
-   for (i = 0; i < 16; i++)
-   f += ((SR_POLYNOM >> i) & 1) & ((sr >> i) & 1);
+f = 0;
+for (i = 0; i < 16; i++) {
+f += ((SR_POLYNOM >> i) & 1) & ((sr >> i) & 1);
+}
 
-   return f;
+return f;
 }
 
 static void cris_mmu_update_rand_lfsr(CPUCRISState *env)
 {
-   unsigned int f;
+unsigned int f;
 
-   /* Update lfsr at every fault.  */
-   f = compute_polynom(env->mmu_rand_lfsr);
-   env->mmu_rand_lfsr >>= 1;
-   env->mmu_rand_lfsr |= (f << 15);
-   env->mmu_rand_lfsr &= 0x;
+/* Update lfsr at every fault.  */
+f = compute_polynom(env->mmu_rand_lfsr);
+env->mmu_rand_lfsr >>= 1;
+env->mmu_rand_lfsr |= (f << 15);
+env->mmu_rand_lfsr &= 0x;
 }
 
 static inline int cris_mmu_enabled(uint32_t rw_gc_cfg)
 {
-   return (rw_gc_cfg & 12) != 0;
+return (rw_gc_cfg & 12) != 0;
 }
 
 static inline int cris_mmu_segmented_addr(int seg, uint32_t rw_mm_cfg)
 {
-   return (1 << seg) & rw_mm_cfg;
+return (1 << seg) & rw_mm_cfg;
 }
 
 static uint32_t cris_mmu_translate_seg(CPUCRISState *env, int seg)
 {
-   uint32_t base;
-   int i;
+uint32_t base;
+int i;
 
-   if (seg < 8)
-   base = env->sregs[SFR_RW_MM_KBASE_LO];
-   else
-   base = env->sregs[SFR_RW_MM_KBASE_HI];
+if (seg < 8) {
+base = env->sregs[SFR_RW_MM_KBASE_LO];
+} else {
+base = env->sregs[SFR_RW_MM_KBASE_HI];
+}
 
-   i = seg & 7;
-   base >>= i * 4;
-   base &= 15;
+i = seg & 7;
+base >>= i * 4;
+base &= 15;
 
-   base <<= 28;
-   return base;
+base <<= 28;
+return base;
 }
-/* Used by the tlb decoder.  */
-#define EXTRACT_FIELD(src, start, end) \
-   (((src) >> start) & ((1 << (end - start + 1)) - 1))
 
-static inline void set_field(uint32_t *dst, unsigned int val, 
+/* Used by the tlb decoder.  */
+#define EXTRACT_FIELD(src, start, end)  \
+(((src) >> start) & ((1 << (end - start + 1)) - 1))
+
+static inline void set_field(uint32_t *dst, unsigned int val,
 unsigned int offset, unsigned int width)
 {
-   uint32_t mask;
+uint32_t mask;
 
-   mask = (1 << width) - 1;
-   mask <<= offset;
-   val <<= offset;
+mask = (1 << width) - 1;
+mask <<= offset;
+val <<= offset;
 
-   val &= mask;
-   *dst &= ~(mask);
-   *dst |= val;
+val &= mask;
+*dst &= ~(mask);
+*dst |= val;
 }
 
 #ifdef DEBUG
 static void dump_tlb(CPUCRISState *env, int mmu)
 {
-   int set;
-   int idx;
-   uint32_t hi, lo, tlb_vpn, tlb_pfn;
+int set;
+int idx;
+uint32_t hi, lo, tlb_vpn, tlb_pfn;
 
-   for (set = 0; set < 4; set++) {
-   for (idx = 0; idx < 16; idx++) {
-   lo = env->tlbsets[mmu][set][idx].lo;
-   hi = env->tlbsets[mmu][set][idx].hi;
-   tlb_vpn = EXTRACT_FIELD(hi, 13, 31);
-   tlb_pfn = EXTRACT_FIELD(lo, 13, 31);
+for (set = 0; set < 4; set++) {
+for (idx = 0; idx < 16; idx++) {
+lo = env->tlbsets[mmu][set][idx].lo;
+hi = env->tlbsets[mmu][set][idx].hi;
+tlb_vpn = EXTRACT_FIELD(hi, 13, 31);
+tlb_pfn = EXTRACT_FIELD(lo, 13, 31);
 
-   printf ("TLB: [%d][%d] hi=%x lo=%x v=%x p=%x\n", 
-   set, idx, hi, lo, tlb_vpn, tlb_pfn);
-   }
-   }
+printf("TLB: [%d][%d] hi=%x lo=%x v=%x p=%x\n",
+   set, idx, hi, lo, tlb_vpn, tlb_pfn);
+}
+}
 }
 #endif
 
@@ -131,232 +134,224 @@ static int cris_mmu_translate_page(struct 
cris_mmu_result *res,
   CPUCRISState *env, uint32_t vaddr,
   int rw, int usermode, int debug)
 {
-   unsigned int vpage;
-   unsigned int idx;
-   uint32_t pid, lo, hi;
-   uint32_t tlb_vpn, tlb_pfn = 0;
-   int tlb_pid, tlb_g, tlb_v, tlb_k, tlb_w, tlb_x;
-   int cfg_v, cfg_k, cfg_w, cfg_x; 
-   int set, match = 0;
-   uint32_t r_cause;
-   uint32_t r_cfg;
-   int rwcause;
-   int mmu = 1; /* Data mmu is default.  */
-   int vect_base;
+unsigned int vpage;
+  

[Qemu-devel] [PATCH v3 13/39] target/hppa: Use env_cpu, env_archcpu

[Richard Henderson]

Combined uses of CPU(hppa_env_get_cpu()) were failures to use
the more proper, ENV_GET_CPU macro, now replaced by env_cpu.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/hppa/cpu.h  |  5 -
 linux-user/hppa/cpu_loop.c |  2 +-
 target/hppa/helper.c   |  3 +--
 target/hppa/int_helper.c   |  4 ++--
 target/hppa/mem_helper.c   | 10 --
 target/hppa/op_helper.c|  8 +++-
 6 files changed, 11 insertions(+), 21 deletions(-)

diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index 887e10398a..a5ddc53bf1 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -222,11 +222,6 @@ struct HPPACPU {
 QEMUTimer *alarm_timer;
 };
 
-static inline HPPACPU *hppa_env_get_cpu(CPUHPPAState *env)
-{
-return container_of(env, HPPACPU, env);
-}
-
 #define ENV_OFFSET  offsetof(HPPACPU, env)
 
 typedef CPUHPPAState CPUArchState;
diff --git a/linux-user/hppa/cpu_loop.c b/linux-user/hppa/cpu_loop.c
index 880955fdef..9915456a1d 100644
--- a/linux-user/hppa/cpu_loop.c
+++ b/linux-user/hppa/cpu_loop.c
@@ -105,7 +105,7 @@ static abi_ulong hppa_lws(CPUHPPAState *env)
 
 void cpu_loop(CPUHPPAState *env)
 {
-CPUState *cs = CPU(hppa_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 target_siginfo_t info;
 abi_ulong ret;
 int trapnr;
diff --git a/target/hppa/helper.c b/target/hppa/helper.c
index 11c61b3ca2..0dcd105b88 100644
--- a/target/hppa/helper.c
+++ b/target/hppa/helper.c
@@ -71,8 +71,7 @@ void cpu_hppa_put_psw(CPUHPPAState *env, target_ureg psw)
 /* If PSW_P changes, it affects how we translate addresses.  */
 if ((psw ^ old_psw) & PSW_P) {
 #ifndef CONFIG_USER_ONLY
-CPUState *src = CPU(hppa_env_get_cpu(env));
-tlb_flush_by_mmuidx(src, 0xf);
+tlb_flush_by_mmuidx(env_cpu(env), 0xf);
 #endif
 }
 }
diff --git a/target/hppa/int_helper.c b/target/hppa/int_helper.c
index 8d5edd3a20..89241c31e7 100644
--- a/target/hppa/int_helper.c
+++ b/target/hppa/int_helper.c
@@ -77,7 +77,7 @@ void HELPER(write_eirr)(CPUHPPAState *env, target_ureg val)
 {
 env->cr[CR_EIRR] &= ~val;
 qemu_mutex_lock_iothread();
-eval_interrupt(hppa_env_get_cpu(env));
+eval_interrupt(env_archcpu(env));
 qemu_mutex_unlock_iothread();
 }
 
@@ -85,7 +85,7 @@ void HELPER(write_eiem)(CPUHPPAState *env, target_ureg val)
 {
 env->cr[CR_EIEM] = val;
 qemu_mutex_lock_iothread();
-eval_interrupt(hppa_env_get_cpu(env));
+eval_interrupt(env_archcpu(env));
 qemu_mutex_unlock_iothread();
 }
 #endif /* !CONFIG_USER_ONLY */
diff --git a/target/hppa/mem_helper.c b/target/hppa/mem_helper.c
index 77fb544838..e2f464c78c 100644
--- a/target/hppa/mem_helper.c
+++ b/target/hppa/mem_helper.c
@@ -55,7 +55,7 @@ static hppa_tlb_entry *hppa_find_tlb(CPUHPPAState *env, vaddr 
addr)
 
 static void hppa_flush_tlb_ent(CPUHPPAState *env, hppa_tlb_entry *ent)
 {
-CPUState *cs = CPU(hppa_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 unsigned i, n = 1 << (2 * ent->page_size);
 uint64_t addr = ent->va_b;
 
@@ -323,7 +323,7 @@ static void ptlb_work(CPUState *cpu, run_on_cpu_data data)
 
 void HELPER(ptlb)(CPUHPPAState *env, target_ulong addr)
 {
-CPUState *src = CPU(hppa_env_get_cpu(env));
+CPUState *src = env_cpu(env);
 CPUState *cpu;
 trace_hppa_tlb_ptlb(env);
 run_on_cpu_data data = RUN_ON_CPU_TARGET_PTR(addr);
@@ -340,17 +340,15 @@ void HELPER(ptlb)(CPUHPPAState *env, target_ulong addr)
number of pages/entries (we choose all), and is local to the cpu.  */
 void HELPER(ptlbe)(CPUHPPAState *env)
 {
-CPUState *src = CPU(hppa_env_get_cpu(env));
 trace_hppa_tlb_ptlbe(env);
 memset(env->tlb, 0, sizeof(env->tlb));
-tlb_flush_by_mmuidx(src, 0xf);
+tlb_flush_by_mmuidx(env_cpu(env), 0xf);
 }
 
 void cpu_hppa_change_prot_id(CPUHPPAState *env)
 {
 if (env->psw & PSW_P) {
-CPUState *src = CPU(hppa_env_get_cpu(env));
-tlb_flush_by_mmuidx(src, 0xf);
+tlb_flush_by_mmuidx(env_cpu(env), 0xf);
 }
 }
 
diff --git a/target/hppa/op_helper.c b/target/hppa/op_helper.c
index 952e97a7d7..04d23c1b22 100644
--- a/target/hppa/op_helper.c
+++ b/target/hppa/op_helper.c
@@ -29,8 +29,7 @@
 
 void QEMU_NORETURN HELPER(excp)(CPUHPPAState *env, int excp)
 {
-HPPACPU *cpu = hppa_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = excp;
 cpu_loop_exit(cs);
@@ -38,8 +37,7 @@ void QEMU_NORETURN HELPER(excp)(CPUHPPAState *env, int excp)
 
 void QEMU_NORETURN hppa_dynamic_excp(CPUHPPAState *env, int excp, uintptr_t ra)
 {
-HPPACPU *cpu = hppa_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = excp;
 cpu_loop_exit_restore(cs, ra);
@@ -630,7 +628,7 @@ target_ureg HELPER(read_interval_timer)(void)
 #ifndef CONFIG_USER_ONLY
 void HELPER(write_interval_timer)(CPUHPPAState *env, target_ureg val)
 {
-HPPACPU *cpu = hppa_env_get_cpu(env);
+HPPACPU *cpu = 

[Qemu-devel] [PATCH v3 16/39] target/m68k: Use env_cpu, env_archcpu

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 linux-user/m68k/target_cpu.h |  2 +-
 target/m68k/cpu.h|  5 -
 linux-user/m68k-sim.c|  3 +--
 linux-user/m68k/cpu_loop.c   |  2 +-
 target/m68k/helper.c | 33 -
 target/m68k/m68k-semi.c  |  4 ++--
 target/m68k/op_helper.c  | 12 ++--
 target/m68k/translate.c  |  4 +---
 8 files changed, 24 insertions(+), 41 deletions(-)

diff --git a/linux-user/m68k/target_cpu.h b/linux-user/m68k/target_cpu.h
index 7a26f3c3fc..bc7446fbaf 100644
--- a/linux-user/m68k/target_cpu.h
+++ b/linux-user/m68k/target_cpu.h
@@ -31,7 +31,7 @@ static inline void cpu_clone_regs(CPUM68KState *env, 
target_ulong newsp)
 
 static inline void cpu_set_tls(CPUM68KState *env, target_ulong newtls)
 {
-CPUState *cs = CPU(m68k_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 TaskState *ts = cs->opaque;
 
 ts->tp_value = newtls;
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 43ef30b7cb..f8d5a0819b 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -163,11 +163,6 @@ struct M68kCPU {
 CPUM68KState env;
 };
 
-static inline M68kCPU *m68k_env_get_cpu(CPUM68KState *env)
-{
-return container_of(env, M68kCPU, env);
-}
-
 #define ENV_OFFSET offsetof(M68kCPU, env)
 
 void m68k_cpu_do_interrupt(CPUState *cpu);
diff --git a/linux-user/m68k-sim.c b/linux-user/m68k-sim.c
index 34d332d8b1..9bc6ff3d3a 100644
--- a/linux-user/m68k-sim.c
+++ b/linux-user/m68k-sim.c
@@ -91,7 +91,6 @@ static int translate_openflags(int flags)
 #define ARG(x) tswap32(args[x])
 void do_m68k_simcall(CPUM68KState *env, int nr)
 {
-M68kCPU *cpu = m68k_env_get_cpu(env);
 uint32_t *args;
 
 args = (uint32_t *)(unsigned long)(env->aregs[7] + 4);
@@ -159,6 +158,6 @@ void do_m68k_simcall(CPUM68KState *env, int nr)
 check_err(env, lseek(ARG(0), (int32_t)ARG(1), ARG(2)));
 break;
 default:
-cpu_abort(CPU(cpu), "Unsupported m68k sim syscall %d\n", nr);
+cpu_abort(env_cpu(env), "Unsupported m68k sim syscall %d\n", nr);
 }
 }
diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c
index 42d8d841ea..f2c33057b3 100644
--- a/linux-user/m68k/cpu_loop.c
+++ b/linux-user/m68k/cpu_loop.c
@@ -23,7 +23,7 @@
 
 void cpu_loop(CPUM68KState *env)
 {
-CPUState *cs = CPU(m68k_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr;
 unsigned int n;
 target_siginfo_t info;
diff --git a/target/m68k/helper.c b/target/m68k/helper.c
index d958a34959..6699f056a4 100644
--- a/target/m68k/helper.c
+++ b/target/m68k/helper.c
@@ -168,8 +168,6 @@ void m68k_cpu_init_gdb(M68kCPU *cpu)
 
 void HELPER(cf_movec_to)(CPUM68KState *env, uint32_t reg, uint32_t val)
 {
-M68kCPU *cpu = m68k_env_get_cpu(env);
-
 switch (reg) {
 case M68K_CR_CACR:
 env->cacr = val;
@@ -186,7 +184,7 @@ void HELPER(cf_movec_to)(CPUM68KState *env, uint32_t reg, 
uint32_t val)
 break;
 /* TODO: Implement control registers.  */
 default:
-cpu_abort(CPU(cpu),
+cpu_abort(env_cpu(env),
   "Unimplemented control register write 0x%x = 0x%x\n",
   reg, val);
 }
@@ -194,8 +192,6 @@ void HELPER(cf_movec_to)(CPUM68KState *env, uint32_t reg, 
uint32_t val)
 
 void HELPER(m68k_movec_to)(CPUM68KState *env, uint32_t reg, uint32_t val)
 {
-M68kCPU *cpu = m68k_env_get_cpu(env);
-
 switch (reg) {
 /* MC680[1234]0 */
 case M68K_CR_SFC:
@@ -248,14 +244,13 @@ void HELPER(m68k_movec_to)(CPUM68KState *env, uint32_t 
reg, uint32_t val)
 env->mmu.ttr[M68K_DTTR1] = val;
 return;
 }
-cpu_abort(CPU(cpu), "Unimplemented control register write 0x%x = 0x%x\n",
+cpu_abort(env_cpu(env),
+  "Unimplemented control register write 0x%x = 0x%x\n",
   reg, val);
 }
 
 uint32_t HELPER(m68k_movec_from)(CPUM68KState *env, uint32_t reg)
 {
-M68kCPU *cpu = m68k_env_get_cpu(env);
-
 switch (reg) {
 /* MC680[1234]0 */
 case M68K_CR_SFC:
@@ -292,7 +287,7 @@ uint32_t HELPER(m68k_movec_from)(CPUM68KState *env, 
uint32_t reg)
 case M68K_CR_DTT1:
 return env->mmu.ttr[M68K_DTTR1];
 }
-cpu_abort(CPU(cpu), "Unimplemented control register read 0x%x\n",
+cpu_abort(env_cpu(env), "Unimplemented control register read 0x%x\n",
   reg);
 }
 
@@ -401,8 +396,7 @@ static void dump_address_map(CPUM68KState *env, uint32_t 
root_pointer)
 uint32_t last_logical, last_physical;
 int32_t size;
 int last_attr = -1, attr = -1;
-M68kCPU *cpu = m68k_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+CPUState *cs = env_cpu(env);
 
 if (env->mmu.tcr & M68K_TCR_PAGE_8K) {
 /* 8k page */
@@ -635,8 +629,7 @@ static int get_physical_address(CPUM68KState *env, hwaddr 
*physical,
 int *prot, target_ulong address,
 int access_type, target_ulong *page_size)
 {
-

[Qemu-devel] [PATCH v3 09/39] target/arm: Use env_cpu, env_archcpu

[Richard Henderson]

Combined uses of CPU(arm_env_get_cpu()) were failures to use
the more proper, ENV_GET_CPU macro, now replaced by env_cpu.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/cpu.h  |   5 --
 linux-user/aarch64/cpu_loop.c |   6 +-
 linux-user/aarch64/signal.c   |   4 +-
 linux-user/arm/cpu_loop.c |   2 +-
 linux-user/syscall.c  |   8 +--
 target/arm/arm-semi.c |   4 +-
 target/arm/cpu64.c|   2 +-
 target/arm/helper-a64.c   |   4 +-
 target/arm/helper.c   | 120 +-
 target/arm/op_helper.c|  21 +++---
 target/arm/translate-a64.c|   2 +-
 target/arm/translate.c|   2 +-
 target/arm/vfp_helper.c   |   2 +-
 13 files changed, 88 insertions(+), 94 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index a633a233cc..c54c67fde4 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -911,11 +911,6 @@ struct ARMCPU {
 uint32_t sve_max_vq;
 };
 
-static inline ARMCPU *arm_env_get_cpu(CPUARMState *env)
-{
-return container_of(env, ARMCPU, env);
-}
-
 void arm_cpu_post_init(Object *obj);
 
 uint64_t arm_cpu_mp_affinity(int idx, uint8_t clustersz);
diff --git a/linux-user/aarch64/cpu_loop.c b/linux-user/aarch64/cpu_loop.c
index d75fd9d3e2..97f355ee23 100644
--- a/linux-user/aarch64/cpu_loop.c
+++ b/linux-user/aarch64/cpu_loop.c
@@ -72,7 +72,7 @@
 /* AArch64 main loop */
 void cpu_loop(CPUARMState *env)
 {
-CPUState *cs = CPU(arm_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr;
 abi_long ret;
 target_siginfo_t info;
@@ -167,8 +167,8 @@ void arm_init_pauth_key(ARMPACKey *key)
 
 void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
 {
-ARMCPU *cpu = arm_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+ARMCPU *cpu = env_archcpu(env);
+CPUState *cs = env_cpu(env);
 TaskState *ts = cs->opaque;
 struct image_info *info = ts->info;
 int i;
diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
index f84a9cf28a..cd521ee42d 100644
--- a/linux-user/aarch64/signal.c
+++ b/linux-user/aarch64/signal.c
@@ -314,7 +314,7 @@ static int target_restore_sigframe(CPUARMState *env,
 break;
 
 case TARGET_SVE_MAGIC:
-if (cpu_isar_feature(aa64_sve, arm_env_get_cpu(env))) {
+if (cpu_isar_feature(aa64_sve, env_archcpu(env))) {
 vq = (env->vfp.zcr_el[1] & 0xf) + 1;
 sve_size = QEMU_ALIGN_UP(TARGET_SVE_SIG_CONTEXT_SIZE(vq), 16);
 if (!sve && size == sve_size) {
@@ -433,7 +433,7 @@ static void target_setup_frame(int usig, struct 
target_sigaction *ka,
   );
 
 /* SVE state needs saving only if it exists.  */
-if (cpu_isar_feature(aa64_sve, arm_env_get_cpu(env))) {
+if (cpu_isar_feature(aa64_sve, env_archcpu(env))) {
 vq = (env->vfp.zcr_el[1] & 0xf) + 1;
 sve_size = QEMU_ALIGN_UP(TARGET_SVE_SIG_CONTEXT_SIZE(vq), 16);
 sve_ofs = alloc_sigframe_space(sve_size, );
diff --git a/linux-user/arm/cpu_loop.c b/linux-user/arm/cpu_loop.c
index b7e7a6323c..ece4cf335e 100644
--- a/linux-user/arm/cpu_loop.c
+++ b/linux-user/arm/cpu_loop.c
@@ -206,7 +206,7 @@ do_kernel_trap(CPUARMState *env)
 
 void cpu_loop(CPUARMState *env)
 {
-CPUState *cs = CPU(arm_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr;
 unsigned int n, insn;
 target_siginfo_t info;
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 9f110a7581..eb7fd9a1bf 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9683,10 +9683,10 @@ static abi_long do_syscall1(void *cpu_env, int num, 
abi_long arg1,
  * even though the current architectural maximum is VQ=16.
  */
 ret = -TARGET_EINVAL;
-if (cpu_isar_feature(aa64_sve, arm_env_get_cpu(cpu_env))
+if (cpu_isar_feature(aa64_sve, env_archcpu(cpu_env))
 && arg2 >= 0 && arg2 <= 512 * 16 && !(arg2 & 15)) {
 CPUARMState *env = cpu_env;
-ARMCPU *cpu = arm_env_get_cpu(env);
+ARMCPU *cpu = env_archcpu(env);
 uint32_t vq, old_vq;
 
 old_vq = (env->vfp.zcr_el[1] & 0xf) + 1;
@@ -9703,7 +9703,7 @@ static abi_long do_syscall1(void *cpu_env, int num, 
abi_long arg1,
 case TARGET_PR_SVE_GET_VL:
 ret = -TARGET_EINVAL;
 {
-ARMCPU *cpu = arm_env_get_cpu(cpu_env);
+ARMCPU *cpu = env_archcpu(cpu_env);
 if (cpu_isar_feature(aa64_sve, cpu)) {
 ret = ((cpu->env.vfp.zcr_el[1] & 0xf) + 1) * 16;
 }
@@ -9712,7 +9712,7 @@ static abi_long do_syscall1(void *cpu_env, int num, 
abi_long arg1,
 case TARGET_PR_PAC_RESET_KEYS:
 {
 CPUARMState *env = cpu_env;
-ARMCPU *cpu = arm_env_get_cpu(env);
+

[Qemu-devel] [PATCH v3 17/39] target/microblaze: Use env_cpu, env_archcpu

[Richard Henderson]

Move cpu_mmu_index below the include of "exec/cpu-all.h",
so that the definition of env_archcpu is available.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/microblaze/cpu.h  | 35 ++--
 linux-user/microblaze/cpu_loop.c |  2 +-
 target/microblaze/mmu.c  |  5 ++---
 target/microblaze/op_helper.c|  2 +-
 target/microblaze/translate.c|  2 +-
 5 files changed, 20 insertions(+), 26 deletions(-)

diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index c5af1c6076..7b85beb556 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -310,11 +310,6 @@ struct MicroBlazeCPU {
 CPUMBState env;
 };
 
-static inline MicroBlazeCPU *mb_env_get_cpu(CPUMBState *env)
-{
-return container_of(env, MicroBlazeCPU, env);
-}
-
 #define ENV_OFFSET offsetof(MicroBlazeCPU, env)
 
 void mb_cpu_do_interrupt(CPUState *cs);
@@ -344,21 +339,6 @@ int cpu_mb_signal_handler(int host_signum, void *pinfo,
 #define MMU_USER_IDX2
 /* See NB_MMU_MODES further up the file.  */
 
-static inline int cpu_mmu_index (CPUMBState *env, bool ifetch)
-{
-MicroBlazeCPU *cpu = mb_env_get_cpu(env);
-
-/* Are we in nommu mode?.  */
-if (!(env->sregs[SR_MSR] & MSR_VM) || !cpu->cfg.use_mmu) {
-return MMU_NOMMU_IDX;
-}
-
-if (env->sregs[SR_MSR] & MSR_UM) {
-return MMU_USER_IDX;
-}
-return MMU_KERNEL_IDX;
-}
-
 int mb_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw,
 int mmu_idx);
 
@@ -383,4 +363,19 @@ void mb_cpu_transaction_failed(CPUState *cs, hwaddr 
physaddr, vaddr addr,
MemTxResult response, uintptr_t retaddr);
 #endif
 
+static inline int cpu_mmu_index(CPUMBState *env, bool ifetch)
+{
+MicroBlazeCPU *cpu = env_archcpu(env);
+
+/* Are we in nommu mode?.  */
+if (!(env->sregs[SR_MSR] & MSR_VM) || !cpu->cfg.use_mmu) {
+return MMU_NOMMU_IDX;
+}
+
+if (env->sregs[SR_MSR] & MSR_UM) {
+return MMU_USER_IDX;
+}
+return MMU_KERNEL_IDX;
+}
+
 #endif
diff --git a/linux-user/microblaze/cpu_loop.c b/linux-user/microblaze/cpu_loop.c
index 076bdb9a61..a6ea71401d 100644
--- a/linux-user/microblaze/cpu_loop.c
+++ b/linux-user/microblaze/cpu_loop.c
@@ -23,7 +23,7 @@
 
 void cpu_loop(CPUMBState *env)
 {
-CPUState *cs = CPU(mb_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr, ret;
 target_siginfo_t info;
 
diff --git a/target/microblaze/mmu.c b/target/microblaze/mmu.c
index fcf86b12d5..6763421ba2 100644
--- a/target/microblaze/mmu.c
+++ b/target/microblaze/mmu.c
@@ -34,7 +34,7 @@ static unsigned int tlb_decode_size(unsigned int f)
 
 static void mmu_flush_idx(CPUMBState *env, unsigned int idx)
 {
-CPUState *cs = CPU(mb_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 struct microblaze_mmu *mmu = >mmu;
 unsigned int tlb_size;
 uint32_t tlb_tag, end, t;
@@ -228,7 +228,6 @@ uint32_t mmu_read(CPUMBState *env, bool ext, uint32_t rn)
 
 void mmu_write(CPUMBState *env, bool ext, uint32_t rn, uint32_t v)
 {
-MicroBlazeCPU *cpu = mb_env_get_cpu(env);
 uint64_t tmp64;
 unsigned int i;
 qemu_log_mask(CPU_LOG_MMU,
@@ -269,7 +268,7 @@ void mmu_write(CPUMBState *env, bool ext, uint32_t rn, 
uint32_t v)
 /* Changes to the zone protection reg flush the QEMU TLB.
Fortunately, these are very uncommon.  */
 if (v != env->mmu.regs[rn]) {
-tlb_flush(CPU(cpu));
+tlb_flush(env_cpu(env));
 }
 env->mmu.regs[rn] = v;
 break;
diff --git a/target/microblaze/op_helper.c b/target/microblaze/op_helper.c
index e23dcfdc20..aa91d3a257 100644
--- a/target/microblaze/op_helper.c
+++ b/target/microblaze/op_helper.c
@@ -84,7 +84,7 @@ uint32_t helper_get(uint32_t id, uint32_t ctrl)
 
 void helper_raise_exception(CPUMBState *env, uint32_t index)
 {
-CPUState *cs = CPU(mb_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = index;
 cpu_loop_exit(cs);
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 885fc44b51..9ce65f3bcf 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -1604,7 +1604,7 @@ static inline void decode(DisasContext *dc, uint32_t ir)
 void gen_intermediate_code(CPUState *cs, TranslationBlock *tb, int max_insns)
 {
 CPUMBState *env = cs->env_ptr;
-MicroBlazeCPU *cpu = mb_env_get_cpu(env);
+MicroBlazeCPU *cpu = env_archcpu(env);
 uint32_t pc_start;
 struct DisasContext ctx;
 struct DisasContext *dc = 
-- 
2.17.1

[Qemu-devel] [PATCH v3 05/39] cpu: Define ArchCPU

[Richard Henderson]

For all targets, do this just before including exec/cpu-all.h.

Reviewed-by: Peter Maydell 
Acked-by: Alistair Francis 
Signed-off-by: Richard Henderson 
---
 target/alpha/cpu.h  | 1 +
 target/arm/cpu.h| 1 +
 target/cris/cpu.h   | 1 +
 target/hppa/cpu.h   | 1 +
 target/i386/cpu.h   | 1 +
 target/lm32/cpu.h   | 1 +
 target/m68k/cpu.h   | 1 +
 target/microblaze/cpu.h | 1 +
 target/mips/cpu.h   | 1 +
 target/moxie/cpu.h  | 1 +
 target/nios2/cpu.h  | 1 +
 target/openrisc/cpu.h   | 1 +
 target/ppc/cpu.h| 1 +
 target/riscv/cpu.h  | 1 +
 target/s390x/cpu.h  | 1 +
 target/sh4/cpu.h| 1 +
 target/sparc/cpu.h  | 1 +
 target/tilegx/cpu.h | 1 +
 target/tricore/cpu.h| 1 +
 target/unicore32/cpu.h  | 1 +
 target/xtensa/cpu.h | 1 +
 21 files changed, 21 insertions(+)

diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index 56d1eade4f..ce470b9089 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -300,6 +300,7 @@ void alpha_cpu_do_unaligned_access(CPUState *cpu, vaddr 
addr,
 #define cpu_signal_handler cpu_alpha_signal_handler
 
 typedef CPUAlphaState CPUArchState;
+typedef AlphaCPU ArchCPU;
 
 #include "exec/cpu-all.h"
 
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 9b4874112f..d943bb0fed 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3113,6 +3113,7 @@ static inline bool arm_cpu_data_is_big_endian(CPUARMState 
*env)
 }
 
 typedef CPUARMState CPUArchState;
+typedef ARMCPU ArchCPU;
 
 #include "exec/cpu-all.h"
 
diff --git a/target/cris/cpu.h b/target/cris/cpu.h
index 94e1a2aed7..9f1fbd2f81 100644
--- a/target/cris/cpu.h
+++ b/target/cris/cpu.h
@@ -284,6 +284,7 @@ int cris_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, 
int size, int rw,
 #define SFR_RW_MM_TLB_HI   env->pregs[PR_SRS]][6
 
 typedef CPUCRISState CPUArchState;
+typedef CRISCPU ArchCPU;
 
 #include "exec/cpu-all.h"
 
diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index c9bb16af9b..9038fa3c13 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -231,6 +231,7 @@ static inline HPPACPU *hppa_env_get_cpu(CPUHPPAState *env)
 #define ENV_OFFSET  offsetof(HPPACPU, env)
 
 typedef CPUHPPAState CPUArchState;
+typedef HPPACPU ArchCPU;
 
 #include "exec/cpu-all.h"
 
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 2ccd796e9b..6bd01ebb83 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1751,6 +1751,7 @@ static inline target_long lshift(target_long x, int n)
 void tcg_x86_init(void);
 
 typedef CPUX86State CPUArchState;
+typedef X86CPU ArchCPU;
 
 #include "exec/cpu-all.h"
 #include "svm.h"
diff --git a/target/lm32/cpu.h b/target/lm32/cpu.h
index bd23c39d7a..9132397066 100644
--- a/target/lm32/cpu.h
+++ b/target/lm32/cpu.h
@@ -256,6 +256,7 @@ int lm32_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, 
int size, int rw,
   int mmu_idx);
 
 typedef CPULM32State CPUArchState;
+typedef LM32CPU ArchCPU;
 
 #include "exec/cpu-all.h"
 
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 2f92972dca..ce0f93343b 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -535,6 +535,7 @@ void m68k_cpu_unassigned_access(CPUState *cs, hwaddr addr,
 unsigned size);
 
 typedef CPUM68KState CPUArchState;
+typedef M68kCPU ArchCPU;
 
 #include "exec/cpu-all.h"
 
diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index ac3e785927..161d18546d 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -365,6 +365,7 @@ int mb_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, 
int size, int rw,
 int mmu_idx);
 
 typedef CPUMBState CPUArchState;
+typedef MicroBlazeCPU ArchCPU;
 
 #include "exec/cpu-all.h"
 
diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 522d2ebadc..3fdd075f8e 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -1091,6 +1091,7 @@ static inline int cpu_mmu_index (CPUMIPSState *env, bool 
ifetch)
 }
 
 typedef CPUMIPSState CPUArchState;
+typedef MIPSCPU ArchCPU;
 
 #include "exec/cpu-all.h"
 
diff --git a/target/moxie/cpu.h b/target/moxie/cpu.h
index dcc319adf6..8691185162 100644
--- a/target/moxie/cpu.h
+++ b/target/moxie/cpu.h
@@ -118,6 +118,7 @@ static inline int cpu_mmu_index(CPUMoxieState *env, bool 
ifetch)
 }
 
 typedef CPUMoxieState CPUArchState;
+typedef MoxieCPU ArchCPU;
 
 #include "exec/cpu-all.h"
 
diff --git a/target/nios2/cpu.h b/target/nios2/cpu.h
index 915ddd386f..fce08e3575 100644
--- a/target/nios2/cpu.h
+++ b/target/nios2/cpu.h
@@ -245,6 +245,7 @@ static inline int cpu_interrupts_enabled(CPUNios2State *env)
 }
 
 typedef CPUNios2State CPUArchState;
+typedef Nios2CPU ArchCPU;
 
 #include "exec/cpu-all.h"
 
diff --git a/target/openrisc/cpu.h b/target/openrisc/cpu.h
index e327c81703..a6abcc7d2c 100644
--- a/target/openrisc/cpu.h
+++ b/target/openrisc/cpu.h
@@ -363,6 +363,7 @@ void cpu_openrisc_count_stop(OpenRISCCPU *cpu);
 #define CPU_RESOLVING_TYPE TYPE_OPENRISC_CPU
 
 typedef 

[Qemu-devel] [PATCH v3 12/39] target/cris: Use env_cpu, env_archcpu

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/cris/cpu.h  |  5 -
 linux-user/cris/cpu_loop.c |  2 +-
 target/cris/mmu.c  |  3 +--
 target/cris/op_helper.c| 10 +++---
 target/cris/translate.c|  2 +-
 5 files changed, 6 insertions(+), 16 deletions(-)

diff --git a/target/cris/cpu.h b/target/cris/cpu.h
index 883799b463..7f244ad545 100644
--- a/target/cris/cpu.h
+++ b/target/cris/cpu.h
@@ -183,11 +183,6 @@ struct CRISCPU {
 CPUCRISState env;
 };
 
-static inline CRISCPU *cris_env_get_cpu(CPUCRISState *env)
-{
-return container_of(env, CRISCPU, env);
-}
-
 #define ENV_OFFSET offsetof(CRISCPU, env)
 
 #ifndef CONFIG_USER_ONLY
diff --git a/linux-user/cris/cpu_loop.c b/linux-user/cris/cpu_loop.c
index 7ec36cb0b5..86e711108d 100644
--- a/linux-user/cris/cpu_loop.c
+++ b/linux-user/cris/cpu_loop.c
@@ -23,7 +23,7 @@
 
 void cpu_loop(CPUCRISState *env)
 {
-CPUState *cs = CPU(cris_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr, ret;
 target_siginfo_t info;
 
diff --git a/target/cris/mmu.c b/target/cris/mmu.c
index 9cb73bbfec..2acbcfd1c7 100644
--- a/target/cris/mmu.c
+++ b/target/cris/mmu.c
@@ -288,7 +288,6 @@ static int cris_mmu_translate_page(struct cris_mmu_result 
*res,
 
 void cris_mmu_flush_pid(CPUCRISState *env, uint32_t pid)
 {
-CRISCPU *cpu = cris_env_get_cpu(env);
 target_ulong vaddr;
 unsigned int idx;
 uint32_t lo, hi;
@@ -312,7 +311,7 @@ void cris_mmu_flush_pid(CPUCRISState *env, uint32_t pid)
 if (tlb_v && !tlb_g && (tlb_pid == pid)) {
 vaddr = tlb_vpn << TARGET_PAGE_BITS;
 D_LOG("flush pid=%x vaddr=%x\n", pid, vaddr);
-tlb_flush_page(CPU(cpu), vaddr);
+tlb_flush_page(env_cpu(env), vaddr);
 }
 }
 }
diff --git a/target/cris/op_helper.c b/target/cris/op_helper.c
index d4479167a5..0e323c1dd7 100644
--- a/target/cris/op_helper.c
+++ b/target/cris/op_helper.c
@@ -67,7 +67,7 @@ void tlb_fill(CPUState *cs, target_ulong addr, int size,
 
 void helper_raise_exception(CPUCRISState *env, uint32_t index)
 {
-CPUState *cs = CPU(cris_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = index;
 cpu_loop_exit(cs);
@@ -86,8 +86,7 @@ void helper_tlb_flush_pid(CPUCRISState *env, uint32_t pid)
 void helper_spc_write(CPUCRISState *env, uint32_t new_spc)
 {
 #if !defined(CONFIG_USER_ONLY)
-CRISCPU *cpu = cris_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+CPUState *cs = env_cpu(env);
 
 tlb_flush_page(cs, env->pregs[PR_SPC]);
 tlb_flush_page(cs, new_spc);
@@ -100,9 +99,6 @@ void helper_spc_write(CPUCRISState *env, uint32_t new_spc)
 
 void helper_movl_sreg_reg(CPUCRISState *env, uint32_t sreg, uint32_t reg)
 {
-#if !defined(CONFIG_USER_ONLY)
-CRISCPU *cpu = cris_env_get_cpu(env);
-#endif
 uint32_t srs;
 srs = env->pregs[PR_SRS];
 srs &= 3;
@@ -140,7 +136,7 @@ void helper_movl_sreg_reg(CPUCRISState *env, uint32_t sreg, 
uint32_t reg)
 D_LOG("tlb flush vaddr=%x v=%d pc=%x\n",
   vaddr, tlb_v, env->pc);
 if (tlb_v) {
-tlb_flush_page(CPU(cpu), vaddr);
+tlb_flush_page(env_cpu(env), vaddr);
 }
 }
 }
diff --git a/target/cris/translate.c b/target/cris/translate.c
index b005a5c20e..c0af9665fc 100644
--- a/target/cris/translate.c
+++ b/target/cris/translate.c
@@ -3104,7 +3104,7 @@ void gen_intermediate_code(CPUState *cs, TranslationBlock 
*tb, int max_insns)
  * delayslot, like in real hw.
  */
 pc_start = tb->pc & ~1;
-dc->cpu = cris_env_get_cpu(env);
+dc->cpu = env_archcpu(env);
 dc->tb = tb;
 
 dc->is_jmp = DISAS_NEXT;
-- 
2.17.1

[Qemu-devel] [PATCH v3 03/39] tcg: Create struct CPUTLB

[Richard Henderson]

Move all softmmu tlb data into this structure.  Arrange the
members so that we are able to place mask+table together and
at a smaller absolute offset from ENV.

Reviewed-by: Peter Maydell 
Acked-by: Alistair Francis 
Signed-off-by: Richard Henderson 
---
 accel/tcg/softmmu_template.h |   4 +-
 include/exec/cpu-defs.h  |  61 --
 include/exec/cpu_ldst.h  |   6 +-
 accel/tcg/cputlb.c   | 149 ++-
 target/arm/translate-a64.c   |   2 +-
 tcg/aarch64/tcg-target.inc.c |  10 +--
 tcg/arm/tcg-target.inc.c |  10 +--
 tcg/i386/tcg-target.inc.c|   4 +-
 tcg/mips/tcg-target.inc.c|  12 +--
 tcg/ppc/tcg-target.inc.c |   8 +-
 tcg/riscv/tcg-target.inc.c   |  12 +--
 tcg/s390/tcg-target.inc.c|   8 +-
 tcg/sparc/tcg-target.inc.c   |  12 +--
 13 files changed, 137 insertions(+), 161 deletions(-)

diff --git a/accel/tcg/softmmu_template.h b/accel/tcg/softmmu_template.h
index e970a8b378..fc6371aed1 100644
--- a/accel/tcg/softmmu_template.h
+++ b/accel/tcg/softmmu_template.h
@@ -102,7 +102,7 @@ static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState 
*env,
   bool recheck,
   MMUAccessType access_type)
 {
-CPUIOTLBEntry *iotlbentry = >iotlb[mmu_idx][index];
+CPUIOTLBEntry *iotlbentry = _tlb(env)->d[mmu_idx].iotlb[index];
 return io_readx(env, iotlbentry, mmu_idx, addr, retaddr, recheck,
 access_type, DATA_SIZE);
 }
@@ -273,7 +273,7 @@ static inline void glue(io_write, SUFFIX)(CPUArchState *env,
   uintptr_t retaddr,
   bool recheck)
 {
-CPUIOTLBEntry *iotlbentry = >iotlb[mmu_idx][index];
+CPUIOTLBEntry *iotlbentry = _tlb(env)->d[mmu_idx].iotlb[index];
 return io_writex(env, iotlbentry, mmu_idx, val, addr, retaddr,
  recheck, DATA_SIZE);
 }
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 2694481769..fbe8945606 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -78,6 +78,7 @@ typedef uint64_t target_ulong;
 #endif
 
 #if !defined(CONFIG_USER_ONLY) && defined(CONFIG_TCG)
+
 /* use a fully associative victim tlb of 8 entries */
 #define CPU_VTLB_SIZE 8
 
@@ -147,6 +148,10 @@ typedef struct CPUIOTLBEntry {
 MemTxAttrs attrs;
 } CPUIOTLBEntry;
 
+/*
+ * Data elements that are per MMU mode, minus the bits accessed by
+ * the TCG fast path.
+ */
 typedef struct CPUTLBDesc {
 /*
  * Describe a region covering all of the large pages allocated
@@ -160,16 +165,31 @@ typedef struct CPUTLBDesc {
 int64_t window_begin_ns;
 /* maximum number of entries observed in the window */
 size_t window_max_entries;
+size_t n_used_entries;
 /* The next index to use in the tlb victim table.  */
 size_t vindex;
-size_t n_used_entries;
+/* The tlb victim table, in two parts.  */
+CPUTLBEntry vtable[CPU_VTLB_SIZE];
+CPUIOTLBEntry viotlb[CPU_VTLB_SIZE];
+/* The iotlb.  */
+CPUIOTLBEntry *iotlb;
 } CPUTLBDesc;
 
+/*
+ * Data elements that are per MMU mode, accessed by the fast path.
+ */
+typedef struct CPUTLBDescFast {
+/* Contains (n_entries - 1) << CPU_TLB_ENTRY_BITS */
+uintptr_t mask;
+/* The array of tlb entries itself. */
+CPUTLBEntry *table;
+} CPUTLBDescFast;
+
 /*
  * Data elements that are shared between all MMU modes.
  */
 typedef struct CPUTLBCommon {
-/* Serialize updates to tlb_table and tlb_v_table, and others as noted. */
+/* Serialize updates to tlb_table and vtable, and others as noted. */
 QemuSpin lock;
 /*
  * Within dirty, for each bit N, modifications have been made to
@@ -187,35 +207,24 @@ typedef struct CPUTLBCommon {
 size_t elide_flush_count;
 } CPUTLBCommon;
 
-# define CPU_TLB\
-/* tlb_mask[i] contains (n_entries - 1) << CPU_TLB_ENTRY_BITS */\
-uintptr_t tlb_mask[NB_MMU_MODES];   \
-CPUTLBEntry *tlb_table[NB_MMU_MODES];
-# define CPU_IOTLB  \
-CPUIOTLBEntry *iotlb[NB_MMU_MODES];
-
 /*
+ * The entire softmmu tlb, for all MMU modes.
  * The meaning of each of the MMU modes is defined in the target code.
- * Note that NB_MMU_MODES is not yet defined; we can only reference it
- * within preprocessor defines that will be expanded later.
  */
-#define CPU_COMMON_TLB \
-CPUTLBCommon tlb_c; \
-CPUTLBDesc tlb_d[NB_MMU_MODES]; \
-CPU_TLB \
-CPUTLBEntry tlb_v_table[NB_MMU_MODES][CPU_VTLB_SIZE];   \
-CPU_IOTLB   \
-CPUIOTLBEntry iotlb_v[NB_MMU_MODES][CPU_VTLB_SIZE];
+typedef struct CPUTLB {
+CPUTLBDescFast f[NB_MMU_MODES];
+   

[Qemu-devel] [PATCH v3 01/39] tcg: Fold CPUTLBWindow into CPUTLBDesc

[Richard Henderson]

Reviewed-by: Alex Bennée 
Signed-off-by: Richard Henderson 
---
 include/exec/cpu-defs.h | 17 -
 accel/tcg/cputlb.c  | 24 
 2 files changed, 16 insertions(+), 25 deletions(-)

diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 8f2a848bf5..52d150aaf1 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -127,18 +127,6 @@ typedef struct CPUIOTLBEntry {
 MemTxAttrs attrs;
 } CPUIOTLBEntry;
 
-/**
- * struct CPUTLBWindow
- * @begin_ns: host time (in ns) at the beginning of the time window
- * @max_entries: maximum number of entries observed in the window
- *
- * See also: tlb_mmu_resize_locked()
- */
-typedef struct CPUTLBWindow {
-int64_t begin_ns;
-size_t max_entries;
-} CPUTLBWindow;
-
 typedef struct CPUTLBDesc {
 /*
  * Describe a region covering all of the large pages allocated
@@ -148,9 +136,12 @@ typedef struct CPUTLBDesc {
  */
 target_ulong large_page_addr;
 target_ulong large_page_mask;
+/* host time (in ns) at the beginning of the time window */
+int64_t window_begin_ns;
+/* maximum number of entries observed in the window */
+size_t window_max_entries;
 /* The next index to use in the tlb victim table.  */
 size_t vindex;
-CPUTLBWindow window;
 size_t n_used_entries;
 } CPUTLBDesc;
 
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index f2f618217d..6c7593235c 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -79,11 +79,11 @@ static inline size_t sizeof_tlb(CPUArchState *env, 
uintptr_t mmu_idx)
 return env->tlb_mask[mmu_idx] + (1 << CPU_TLB_ENTRY_BITS);
 }
 
-static void tlb_window_reset(CPUTLBWindow *window, int64_t ns,
+static void tlb_window_reset(CPUTLBDesc *desc, int64_t ns,
  size_t max_entries)
 {
-window->begin_ns = ns;
-window->max_entries = max_entries;
+desc->window_begin_ns = ns;
+desc->window_max_entries = max_entries;
 }
 
 static void tlb_dyn_init(CPUArchState *env)
@@ -94,7 +94,7 @@ static void tlb_dyn_init(CPUArchState *env)
 CPUTLBDesc *desc = >tlb_d[i];
 size_t n_entries = 1 << CPU_TLB_DYN_DEFAULT_BITS;
 
-tlb_window_reset(>window, get_clock_realtime(), 0);
+tlb_window_reset(desc, get_clock_realtime(), 0);
 desc->n_used_entries = 0;
 env->tlb_mask[i] = (n_entries - 1) << CPU_TLB_ENTRY_BITS;
 env->tlb_table[i] = g_new(CPUTLBEntry, n_entries);
@@ -151,18 +151,18 @@ static void tlb_mmu_resize_locked(CPUArchState *env, int 
mmu_idx)
 int64_t now = get_clock_realtime();
 int64_t window_len_ms = 100;
 int64_t window_len_ns = window_len_ms * 1000 * 1000;
-bool window_expired = now > desc->window.begin_ns + window_len_ns;
+bool window_expired = now > desc->window_begin_ns + window_len_ns;
 
-if (desc->n_used_entries > desc->window.max_entries) {
-desc->window.max_entries = desc->n_used_entries;
+if (desc->n_used_entries > desc->window_max_entries) {
+desc->window_max_entries = desc->n_used_entries;
 }
-rate = desc->window.max_entries * 100 / old_size;
+rate = desc->window_max_entries * 100 / old_size;
 
 if (rate > 70) {
 new_size = MIN(old_size << 1, 1 << CPU_TLB_DYN_MAX_BITS);
 } else if (rate < 30 && window_expired) {
-size_t ceil = pow2ceil(desc->window.max_entries);
-size_t expected_rate = desc->window.max_entries * 100 / ceil;
+size_t ceil = pow2ceil(desc->window_max_entries);
+size_t expected_rate = desc->window_max_entries * 100 / ceil;
 
 /*
  * Avoid undersizing when the max number of entries seen is just below
@@ -182,7 +182,7 @@ static void tlb_mmu_resize_locked(CPUArchState *env, int 
mmu_idx)
 
 if (new_size == old_size) {
 if (window_expired) {
-tlb_window_reset(>window, now, desc->n_used_entries);
+tlb_window_reset(desc, now, desc->n_used_entries);
 }
 return;
 }
@@ -190,7 +190,7 @@ static void tlb_mmu_resize_locked(CPUArchState *env, int 
mmu_idx)
 g_free(env->tlb_table[mmu_idx]);
 g_free(env->iotlb[mmu_idx]);
 
-tlb_window_reset(>window, now, 0);
+tlb_window_reset(desc, now, 0);
 /* desc->n_used_entries is cleared by the caller */
 env->tlb_mask[mmu_idx] = (new_size - 1) << CPU_TLB_ENTRY_BITS;
 env->tlb_table[mmu_idx] = g_try_new(CPUTLBEntry, new_size);
-- 
2.17.1

[Qemu-devel] [PATCH v3 07/39] cpu: Introduce env_archcpu

[Richard Henderson]

This will replace foo_env_get_cpu with a generic definition.
No changes to the target specific code so far.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 include/exec/cpu-all.h | 14 --
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 454f6d663f..c62f07b354 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -371,6 +371,17 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
 
 int cpu_exec(CPUState *cpu);
 
+/**
+ * env_archcpu(env)
+ * @env: The architecture environment
+ *
+ * Return the ArchCPU associated with the environment.
+ */
+static inline ArchCPU *env_archcpu(CPUArchState *env)
+{
+return container_of(env, ArchCPU, env);
+}
+
 /**
  * env_cpu(env)
  * @env: The architecture environment
@@ -379,8 +390,7 @@ int cpu_exec(CPUState *cpu);
  */
 static inline CPUState *env_cpu(CPUArchState *env)
 {
-ArchCPU *arch_cpu = container_of(env, ArchCPU, env);
-return _cpu->parent_obj;
+return _archcpu(env)->parent_obj;
 }
 
 #endif /* CPU_ALL_H */
-- 
2.17.1

[Qemu-devel] [PATCH v3 08/39] target/alpha: Use env_cpu, env_archcpu

[Richard Henderson]

With exactly one exception, most uses of alpha_env_get_cpu
were failures to use the more proper, ENV_GET_CPU macro,
now replaced by env_cpu.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/alpha/cpu.h  | 5 -
 linux-user/alpha/cpu_loop.c | 2 +-
 target/alpha/helper.c   | 8 +++-
 target/alpha/sys_helper.c   | 8 
 4 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index 2c7f75f584..53c085f691 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -273,11 +273,6 @@ struct AlphaCPU {
 QEMUTimer *alarm_timer;
 };
 
-static inline AlphaCPU *alpha_env_get_cpu(CPUAlphaState *env)
-{
-return container_of(env, AlphaCPU, env);
-}
-
 #define ENV_OFFSET offsetof(AlphaCPU, env)
 
 #ifndef CONFIG_USER_ONLY
diff --git a/linux-user/alpha/cpu_loop.c b/linux-user/alpha/cpu_loop.c
index 61992571e1..7a94eee84c 100644
--- a/linux-user/alpha/cpu_loop.c
+++ b/linux-user/alpha/cpu_loop.c
@@ -23,7 +23,7 @@
 
 void cpu_loop(CPUAlphaState *env)
 {
-CPUState *cs = CPU(alpha_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 int trapnr;
 target_siginfo_t info;
 abi_long sysret;
diff --git a/target/alpha/helper.c b/target/alpha/helper.c
index 7201576aae..08dfb834a5 100644
--- a/target/alpha/helper.c
+++ b/target/alpha/helper.c
@@ -119,7 +119,7 @@ static int get_physical_address(CPUAlphaState *env, 
target_ulong addr,
 int prot_need, int mmu_idx,
 target_ulong *pphys, int *pprot)
 {
-CPUState *cs = CPU(alpha_env_get_cpu(env));
+CPUState *cs = env_cpu(env);
 target_long saddr = addr;
 target_ulong phys = 0;
 target_ulong L1pte, L2pte, L3pte;
@@ -463,8 +463,7 @@ void alpha_cpu_dump_state(CPUState *cs, FILE *f, int flags)
We expect that ENV->PC has already been updated.  */
 void QEMU_NORETURN helper_excp(CPUAlphaState *env, int excp, int error)
 {
-AlphaCPU *cpu = alpha_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = excp;
 env->error_code = error;
@@ -475,8 +474,7 @@ void QEMU_NORETURN helper_excp(CPUAlphaState *env, int 
excp, int error)
 void QEMU_NORETURN dynamic_excp(CPUAlphaState *env, uintptr_t retaddr,
 int excp, int error)
 {
-AlphaCPU *cpu = alpha_env_get_cpu(env);
-CPUState *cs = CPU(cpu);
+CPUState *cs = env_cpu(env);
 
 cs->exception_index = excp;
 env->error_code = error;
diff --git a/target/alpha/sys_helper.c b/target/alpha/sys_helper.c
index ac22323191..f9c34b1144 100644
--- a/target/alpha/sys_helper.c
+++ b/target/alpha/sys_helper.c
@@ -44,17 +44,17 @@ uint64_t helper_load_pcc(CPUAlphaState *env)
 #ifndef CONFIG_USER_ONLY
 void helper_tbia(CPUAlphaState *env)
 {
-tlb_flush(CPU(alpha_env_get_cpu(env)));
+tlb_flush(env_cpu(env));
 }
 
 void helper_tbis(CPUAlphaState *env, uint64_t p)
 {
-tlb_flush_page(CPU(alpha_env_get_cpu(env)), p);
+tlb_flush_page(env_cpu(env), p);
 }
 
 void helper_tb_flush(CPUAlphaState *env)
 {
-tb_flush(CPU(alpha_env_get_cpu(env)));
+tb_flush(env_cpu(env));
 }
 
 void helper_halt(uint64_t restart)
@@ -78,7 +78,7 @@ uint64_t helper_get_walltime(void)
 
 void helper_set_alarm(CPUAlphaState *env, uint64_t expire)
 {
-AlphaCPU *cpu = alpha_env_get_cpu(env);
+AlphaCPU *cpu = env_archcpu(env);
 
 if (expire) {
 env->alarm_expire = expire;
-- 
2.17.1

[Qemu-devel] [PATCH v3 04/39] cpu: Define CPUArchState with typedef

[Richard Henderson]

For all targets, do this just before including exec/cpu-all.h.

Reviewed-by: Peter Maydell 
Acked-by: Alistair Francis 
Signed-off-by: Richard Henderson 
---
 target/alpha/cpu.h  | 4 ++--
 target/arm/cpu.h| 4 ++--
 target/cris/cpu.h   | 4 ++--
 target/hppa/cpu.h   | 4 ++--
 target/i386/cpu.h   | 5 ++---
 target/lm32/cpu.h   | 5 ++---
 target/m68k/cpu.h   | 4 ++--
 target/microblaze/cpu.h | 5 ++---
 target/mips/cpu.h   | 6 ++
 target/moxie/cpu.h  | 4 ++--
 target/nios2/cpu.h  | 5 ++---
 target/openrisc/cpu.h   | 4 ++--
 target/ppc/cpu.h| 4 ++--
 target/riscv/cpu.h  | 4 ++--
 target/s390x/cpu.h  | 8 
 target/sh4/cpu.h| 4 ++--
 target/sparc/cpu.h  | 4 ++--
 target/tilegx/cpu.h | 4 ++--
 target/tricore/cpu.h| 6 +-
 target/unicore32/cpu.h  | 4 ++--
 target/xtensa/cpu.h | 4 ++--
 21 files changed, 43 insertions(+), 53 deletions(-)

diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index 2ab468ffd6..56d1eade4f 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -26,8 +26,6 @@
 
 #define ALIGNED_ONLY
 
-#define CPUArchState struct CPUAlphaState
-
 /* Alpha processors have a weak memory model */
 #define TCG_GUEST_DEFAULT_MO  (0)
 
@@ -301,6 +299,8 @@ void alpha_cpu_do_unaligned_access(CPUState *cpu, vaddr 
addr,
 #define cpu_list alpha_cpu_list
 #define cpu_signal_handler cpu_alpha_signal_handler
 
+typedef CPUAlphaState CPUArchState;
+
 #include "exec/cpu-all.h"
 
 enum {
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index ca199d1afb..9b4874112f 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -29,8 +29,6 @@
 /* ARM processors have a weak memory model */
 #define TCG_GUEST_DEFAULT_MO  (0)
 
-#define CPUArchState struct CPUARMState
-
 #define EXCP_UDEF1   /* undefined instruction */
 #define EXCP_SWI 2   /* software interrupt */
 #define EXCP_PREFETCH_ABORT  3
@@ -3114,6 +3112,8 @@ static inline bool arm_cpu_data_is_big_endian(CPUARMState 
*env)
 }
 }
 
+typedef CPUARMState CPUArchState;
+
 #include "exec/cpu-all.h"
 
 /* Bit usage in the TB flags field: bit 31 indicates whether we are
diff --git a/target/cris/cpu.h b/target/cris/cpu.h
index 3fbe1232ab..94e1a2aed7 100644
--- a/target/cris/cpu.h
+++ b/target/cris/cpu.h
@@ -25,8 +25,6 @@
 #include "cpu-qom.h"
 #include "exec/cpu-defs.h"
 
-#define CPUArchState struct CPUCRISState
-
 #define EXCP_NMI1
 #define EXCP_GURU   2
 #define EXCP_BUSFAULT   3
@@ -285,6 +283,8 @@ int cris_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, 
int size, int rw,
 #define SFR_RW_MM_TLB_LO   env->pregs[PR_SRS]][5
 #define SFR_RW_MM_TLB_HI   env->pregs[PR_SRS]][6
 
+typedef CPUCRISState CPUArchState;
+
 #include "exec/cpu-all.h"
 
 static inline void cpu_get_tb_cpu_state(CPUCRISState *env, target_ulong *pc,
diff --git a/target/hppa/cpu.h b/target/hppa/cpu.h
index f96c3a17e4..c9bb16af9b 100644
--- a/target/hppa/cpu.h
+++ b/target/hppa/cpu.h
@@ -31,8 +31,6 @@
basis.  It's probably easier to fall back to a strong memory model.  */
 #define TCG_GUEST_DEFAULT_MOTCG_MO_ALL
 
-#define CPUArchState struct CPUHPPAState
-
 #define ALIGNED_ONLY
 #define MMU_KERNEL_IDX   0
 #define MMU_USER_IDX 3
@@ -232,6 +230,8 @@ static inline HPPACPU *hppa_env_get_cpu(CPUHPPAState *env)
 #define ENV_GET_CPU(e)  CPU(hppa_env_get_cpu(e))
 #define ENV_OFFSET  offsetof(HPPACPU, env)
 
+typedef CPUHPPAState CPUArchState;
+
 #include "exec/cpu-all.h"
 
 static inline int cpu_mmu_index(CPUHPPAState *env, bool ifetch)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index e53dbdeee5..2ccd796e9b 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1,4 +1,3 @@
-
 /*
  * i386 virtual CPU header
  *
@@ -44,8 +43,6 @@
 #define ELF_MACHINE_UNAME "i686"
 #endif
 
-#define CPUArchState struct CPUX86State
-
 enum {
 R_EAX = 0,
 R_ECX = 1,
@@ -1753,6 +1750,8 @@ static inline target_long lshift(target_long x, int n)
 /* translate.c */
 void tcg_x86_init(void);
 
+typedef CPUX86State CPUArchState;
+
 #include "exec/cpu-all.h"
 #include "svm.h"
 
diff --git a/target/lm32/cpu.h b/target/lm32/cpu.h
index 79852dda5a..bd23c39d7a 100644
--- a/target/lm32/cpu.h
+++ b/target/lm32/cpu.h
@@ -24,9 +24,6 @@
 #include "cpu-qom.h"
 #include "exec/cpu-defs.h"
 
-#define CPUArchState struct CPULM32State
-
-struct CPULM32State;
 typedef struct CPULM32State CPULM32State;
 
 static inline int cpu_mmu_index(CPULM32State *env, bool ifetch)
@@ -258,6 +255,8 @@ bool lm32_cpu_do_semihosting(CPUState *cs);
 int lm32_cpu_handle_mmu_fault(CPUState *cpu, vaddr address, int size, int rw,
   int mmu_idx);
 
+typedef CPULM32State CPUArchState;
+
 #include "exec/cpu-all.h"
 
 static inline void cpu_get_tb_cpu_state(CPULM32State *env, target_ulong *pc,
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index bad85174ca..2f92972dca 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -25,8 +25,6 @@
 #include "exec/cpu-defs.h"
 

[Qemu-devel] [PATCH v3 00/39] tcg: Move the softmmu tlb to CPUNegativeOffsetState

[Richard Henderson]

Patches missing review/ack:
0010-target-cris-Reindent-mmu.c.patch (new)
0011-target-cris-Reindent-op_helper.c.patch (new)
0034-cpu-Move-icount_decr-to-CPUNegativeOffsetState.patch
0037-tcg-aarch64-Use-LDP-to-load-tlb-mask-table.patch
0038-tcg-arm-Use-LDRD-to-load-tlb-mask-table.patch
0039-tcg-arm-Remove-mostly-unreachable-tlb-special-cas.patch (new)

Changes from v2->v3:
  * Incorporate review from pm215:
include guards and copyright/license for new headers;
qemu_build_bug_on for tcg/{arm,aarch64}/ load-pair expectations;
split out an independant tlb change in tcg/arm/;
split out some re-indent patches for target/cris/.

Changes from v1->v2:
  * Add cpu_set_cpustate_pointers.
  * Add icount_decr_ptr to CPUState.

Blurb from v1:

This started merely as an attempt to reduce the size of each
softmmu lookup by using smaller offsets from env.  But in the
end it also represents a significant cleanup in the boilerplate
that each target must define.

With respect to the initial goal, here are the relevant code
snips generated for loading the mask & table fields for a
qemu_ld from an aarch64 guest on the indicated host.


r~


Richard Henderson (39):
  tcg: Fold CPUTLBWindow into CPUTLBDesc
  tcg: Split out target/arch/cpu-param.h
  tcg: Create struct CPUTLB
  cpu: Define CPUArchState with typedef
  cpu: Define ArchCPU
  cpu: Replace ENV_GET_CPU with env_cpu
  cpu: Introduce env_archcpu
  target/alpha: Use env_cpu, env_archcpu
  target/arm: Use env_cpu, env_archcpu
  target/cris: Reindent mmu.c
  target/cris: Reindent op_helper.c
  target/cris: Use env_cpu, env_archcpu
  target/hppa: Use env_cpu, env_archcpu
  target/i386: Use env_cpu, env_archcpu
  target/lm32: Use env_cpu, env_archcpu
  target/m68k: Use env_cpu, env_archcpu
  target/microblaze: Use env_cpu, env_archcpu
  target/mips: Use env_cpu, env_archcpu
  target/moxie: Use env_cpu, env_archcpu
  target/nios2: Use env_cpu, env_archcpu
  target/openrisc: Use env_cpu, env_archcpu
  target/ppc: Use env_cpu, env_archcpu
  target/riscv: Use env_cpu, env_archcpu
  target/s390x: Use env_cpu, env_archcpu
  target/sh4: Use env_cpu, env_archcpu
  target/sparc: Use env_cpu, env_archcpu
  target/tilegx: Use env_cpu
  target/tricore: Use env_cpu
  target/unicore32: Use env_cpu, env_archcpu
  target/xtensa: Use env_cpu, env_archcpu
  cpu: Move ENV_OFFSET to exec/gen-icount.h
  cpu: Introduce cpu_set_cpustate_pointers
  cpu: Introduce CPUNegativeOffsetState
  cpu: Move icount_decr to CPUNegativeOffsetState
  cpu: Move the softmmu tlb to CPUNegativeOffsetState
  cpu: Remove CPU_COMMON
  tcg/aarch64: Use LDP to load tlb mask+table
  tcg/arm: Use LDRD to load tlb mask+table
  tcg/arm: Remove mostly unreachable tlb special case

 accel/tcg/atomic_template.h   |   8 +-
 accel/tcg/softmmu_template.h  |  24 +-
 include/exec/cpu-all.h|  58 ++
 include/exec/cpu-defs.h   | 113 ++-
 include/exec/cpu_ldst.h   |   6 +-
 include/exec/cpu_ldst_template.h  |   6 +-
 include/exec/cpu_ldst_useronly_template.h |   6 +-
 include/exec/gen-icount.h |  14 +-
 include/exec/softmmu-semi.h   |  16 +-
 include/qom/cpu.h |  40 +-
 linux-user/cpu_loop-common.h  |   2 +-
 linux-user/m68k/target_cpu.h  |   2 +-
 target/alpha/cpu-param.h  |  31 +
 target/alpha/cpu.h|  40 +-
 target/arm/cpu-param.h|  34 +
 target/arm/cpu.h  |  52 +-
 target/cris/cpu-param.h   |  17 +
 target/cris/cpu.h |  25 +-
 target/hppa/cpu-param.h   |  34 +
 target/hppa/cpu.h |  38 +-
 target/i386/cpu-param.h   |  28 +
 target/i386/cpu.h |  40 +-
 target/lm32/cpu-param.h   |  17 +
 target/lm32/cpu.h |  25 +-
 target/m68k/cpu-param.h   |  22 +
 target/m68k/cpu.h |  28 +-
 target/microblaze/cpu-param.h |  18 +
 target/microblaze/cpu.h   |  63 +-
 target/mips/cpu-param.h   |  29 +
 target/mips/cpu.h |  21 +-
 target/mips/mips-defs.h   |  15 -
 target/moxie/cpu-param.h  |  17 +
 target/moxie/cpu.h|  29 +-
 target/nios2/cpu-param.h  |  21 +
 target/nios2/cpu.h|  33 +-
 target/openrisc/cpu-param.h   |  17 +
 target/openrisc/cpu.h |  31 +-
 target/ppc/cpu-param.h|  37 +
 target/ppc/cpu.h  |  61 +-
 target/ppc/helper_regs.h  |   4 +-
 target/riscv/cpu-param.h  |  23 +
 target/riscv/cpu.h|  35 +-
 target/s390x/cpu-param.h  |  17 +
 target/s390x/cpu.h|  31 +-
 

Re: [Qemu-devel] [PULL 0/8] Vga 20190507 patches

[Peter Maydell]

On Tue, 7 May 2019 at 09:19, Gerd Hoffmann  wrote:
>
> The following changes since commit a6ae23831b05a11880b40f7d58e332c45a6b04f7:
>
>   Merge remote-tracking branch 
> 'remotes/ehabkost/tags/python-next-pull-request' into staging (2019-05-03 
> 15:26:09 +0100)
>
> are available in the Git repository at:
>
>   git://git.kraxel.org/qemu tags/vga-20190507-pull-request
>
> for you to fetch changes up to 6306cae275c7091aa4e785809d956b475bfedab4:
>
>   i2c-ddc: move it to hw/display (2019-05-07 09:56:10 +0200)
>
> 
> vga: bugfixes for qxl, cirrus, ati.
> vga: add "-vga help" support.
> vga: move i2c-ddc to display.
>
> 
>

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.1
for any user-visible changes.

-- PMM

Re: [Qemu-devel] qapi-scheme/unicode-str test failure due to mismatch between e-acute and \xe9

[Richard Henderson]

On 5/7/19 3:37 PM, Peter Maydell wrote:
> I just ran into this test failure:
> 
> PYTHONPATH=/home/linux1/qemu/scripts python3 -B
> /home/linux1/qemu/tests/qapi-schema/test-qapi.py
> /home/linux1/qemu/tests/qapi-schema/unicode-str.json
>> tests/qapi-schema/unicode-str.test.out
> 2>tests/qapi-schema/unicode-str.test.err; echo $?
>> tests/qapi-schema/unicode-str.test.exit
> --- /home/linux1/qemu/tests/qapi-schema/unicode-str.err2017-07-06
> 10:23:13.601812330 -0400
> +++ -2019-05-07 18:32:31.533125931 -0400
> @@ -1 +1 @@
> -tests/qapi-schema/unicode-str.json:2: 'command' uses invalid name 'é'
> +tests/qapi-schema/unicode-str.json:2: 'command' uses invalid name '\xe9'
> /home/linux1/qemu/tests/Makefile.include:1105: recipe for target
> 'check-tests/qapi-schema/unicode-str.json' failed
> make: *** [check-tests/qapi-schema/unicode-str.json] Error 1
> make: Leaving directory '/home/linux1/qemu/build/all'
> 
> but oddly only when I ran 'make check' by logging directly
> into this machine (usually I run the tests automatically
> via ssh and scripting), which suggests it may depend
> on the locale settings. Does anybody recognize this ?
> I think LANG=C fails, but LANG=C.UTF-8 passes.
> 
> Ideally our test suite should not depend on the locale
> or environment settings of the user running it.

Yes, there's an active thread about this:

https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg01247.html


r~

Re: [Qemu-devel] [PATCH for 4.1] target/riscv: More accurate handling of `sip` CSR

[Jonathan Behrens]

Yes, I was pasting the output of `git format-patch`. Gmail displays
properly for me, but seems to have hard-wrapped the plaintext version of my
outgoing message to 78 characters. I've tried re-sending from a different
address where I can use `git send-email` directly, please let me know if it
works and I'll resend the other patch the same way. Sorry about this!

Jonathan


On Tue, May 7, 2019 at 1:52 PM Palmer Dabbelt  wrote:

> On Mon, 06 May 2019 08:52:43 PDT (-0700), finte...@gmail.com wrote:
> > According to the spec, "All bits besides SSIP, USIP, and UEIP in the sip
> > register are read-only." Further, if an interrupt is not delegated to
> mode
> > x,
> > then "the corresponding bits in xip [...] should appear to be hardwired
> to
> > zero. This patch implements both of those requirements.
> >
> > Signed-off-by: Jonathan Behrens 
> > ---
> >  target/riscv/csr.c | 7 +--
> >  1 file changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> > index 1ec1222da1..fff7d834e8 100644
> > --- a/target/riscv/csr.c
> > +++ b/target/riscv/csr.c
> > @@ -246,6 +246,7 @@ static const target_ulong sstatus_v1_9_mask =
> > SSTATUS_SIE | SSTATUS_SPIE |
> >  static const target_ulong sstatus_v1_10_mask = SSTATUS_SIE |
> SSTATUS_SPIE |
> >  SSTATUS_UIE | SSTATUS_UPIE | SSTATUS_SPP | SSTATUS_FS | SSTATUS_XS |
> >  SSTATUS_SUM | SSTATUS_MXR | SSTATUS_SD;
> > +static const target_ulong sip_writable_mask = SIP_SSIP | MIP_USIP |
> > MIP_UEIP;
> >
> >  #if defined(TARGET_RISCV32)
> >  static const char valid_vm_1_09[16] = {
> > @@ -694,8 +695,10 @@ static int write_sbadaddr(CPURISCVState *env, int
> > csrno, target_ulong val)
> >  static int rmw_sip(CPURISCVState *env, int csrno, target_ulong
> *ret_value,
> > target_ulong new_value, target_ulong write_mask)
> >  {
> > -return rmw_mip(env, CSR_MSTATUS, ret_value, new_value,
> > -   write_mask & env->mideleg);
> > +int ret = rmw_mip(env, CSR_MSTATUS, ret_value, new_value,
> > +  write_mask & env->mideleg & sip_writable_mask);
> > +*ret_value &= env->mideleg;
> > +return ret;
> >  }
> >
> >  /* Supervisor Protection and Translation */
>
> This patch (and your previous one) don't apply for me.  I don't see the
> git-send-email tags in your messages, are you trying to do something like
> paste
> them into gmail?  If so I think they're getting line wrapped.
>

[Qemu-devel] [PATCH] target/riscv: More accurate handling of `sip` CSR

[Jonathan Behrens]

According to the spec, "All bits besides SSIP, USIP, and UEIP in the sip
register are read-only." Further, if an interrupt is not delegated to mode x,
then "the corresponding bits in xip [...] should appear to be hardwired to
zero. This patch implements both of those requirements.

Signed-off-by: Jonathan Behrens 
---
 target/riscv/csr.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 1ec1222da1..fff7d834e8 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -246,6 +246,7 @@ static const target_ulong sstatus_v1_9_mask = SSTATUS_SIE | 
SSTATUS_SPIE |
 static const target_ulong sstatus_v1_10_mask = SSTATUS_SIE | SSTATUS_SPIE |
 SSTATUS_UIE | SSTATUS_UPIE | SSTATUS_SPP | SSTATUS_FS | SSTATUS_XS |
 SSTATUS_SUM | SSTATUS_MXR | SSTATUS_SD;
+static const target_ulong sip_writable_mask = SIP_SSIP | MIP_USIP | MIP_UEIP;
 
 #if defined(TARGET_RISCV32)
 static const char valid_vm_1_09[16] = {
@@ -694,8 +695,10 @@ static int write_sbadaddr(CPURISCVState *env, int csrno, 
target_ulong val)
 static int rmw_sip(CPURISCVState *env, int csrno, target_ulong *ret_value,
target_ulong new_value, target_ulong write_mask)
 {
-return rmw_mip(env, CSR_MSTATUS, ret_value, new_value,
-   write_mask & env->mideleg);
+int ret = rmw_mip(env, CSR_MSTATUS, ret_value, new_value,
+  write_mask & env->mideleg & sip_writable_mask);
+*ret_value &= env->mideleg;
+return ret;
 }
 
 /* Supervisor Protection and Translation */
-- 
2.20.1

[Qemu-devel] qapi-scheme/unicode-str test failure due to mismatch between e-acute and \xe9

[Peter Maydell]

I just ran into this test failure:

PYTHONPATH=/home/linux1/qemu/scripts python3 -B
/home/linux1/qemu/tests/qapi-schema/test-qapi.py
/home/linux1/qemu/tests/qapi-schema/unicode-str.json
>tests/qapi-schema/unicode-str.test.out
2>tests/qapi-schema/unicode-str.test.err; echo $?
>tests/qapi-schema/unicode-str.test.exit
--- /home/linux1/qemu/tests/qapi-schema/unicode-str.err2017-07-06
10:23:13.601812330 -0400
+++ -2019-05-07 18:32:31.533125931 -0400
@@ -1 +1 @@
-tests/qapi-schema/unicode-str.json:2: 'command' uses invalid name 'é'
+tests/qapi-schema/unicode-str.json:2: 'command' uses invalid name '\xe9'
/home/linux1/qemu/tests/Makefile.include:1105: recipe for target
'check-tests/qapi-schema/unicode-str.json' failed
make: *** [check-tests/qapi-schema/unicode-str.json] Error 1
make: Leaving directory '/home/linux1/qemu/build/all'

but oddly only when I ran 'make check' by logging directly
into this machine (usually I run the tests automatically
via ssh and scripting), which suggests it may depend
on the locale settings. Does anybody recognize this ?
I think LANG=C fails, but LANG=C.UTF-8 passes.

Ideally our test suite should not depend on the locale
or environment settings of the user running it.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 1/2] vfio/mdev: add version attribute for mdev device

[Alex Williamson]

On Sun,  5 May 2019 21:49:04 -0400
Yan Zhao  wrote:

> version attribute is used to check two mdev devices' compatibility.
> 
> The key point of this version attribute is that it's rw.
> User space has no need to understand internal of device version and no
> need to compare versions by itself.
> Compared to reading version strings from both two mdev devices being
> checked, user space only reads from one mdev device's version attribute.
> After getting its version string, user space writes this string into the
> other mdev device's version attribute. Vendor driver of mdev device
> whose version attribute being written will check device compatibility of
> the two mdev devices for user space and return success for compatibility
> or errno for incompatibility.
> So two readings of version attributes + checking in user space are now
> changed to one reading + one writing of version attributes + checking in
> vendor driver.
> Format and length of version strings are now private to vendor driver
> who can define them freely.
> 
>  __ user space
>   /\  \
>  / \write
> / read  \
>  __/__   ___\|/___
> | version | | version |-->check compatibility
> --- ---
> mdev device A   mdev device B
> 
> This version attribute is optional. If a mdev device does not provide
> with a version attribute, this mdev device is incompatible to all other
> mdev devices.
> 
> Live migration is able to take advantage of this version attribute.
> Before user space actually starts live migration, it can first check
> whether two mdev devices are compatible.
> 
> v2:
> 1. added detailed intent and usage
> 2. made definition of version string completely private to vendor driver
>(Alex Williamson)
> 3. abandoned changes to sample mdev drivers (Alex Williamson)
> 4. mandatory --> optional (Cornelia Huck)
> 5. added description for errno (Cornelia Huck)
> 
> Cc: Alex Williamson 
> Cc: Erik Skultety 
> Cc: "Dr. David Alan Gilbert" 
> Cc: Cornelia Huck 
> Cc: "Tian, Kevin" 
> Cc: Zhenyu Wang 
> Cc: "Wang, Zhi A" 
> Cc: Neo Jia 
> Cc: Kirti Wankhede 
> Cc: Daniel P. Berrangé 
> Cc: Christophe de Dinechin 
> 
> Signed-off-by: Yan Zhao 
> ---
>  Documentation/vfio-mediated-device.txt | 140 +
>  1 file changed, 140 insertions(+)
> 
> diff --git a/Documentation/vfio-mediated-device.txt 
> b/Documentation/vfio-mediated-device.txt
> index c3f69bcaf96e..013a764968eb 100644
> --- a/Documentation/vfio-mediated-device.txt
> +++ b/Documentation/vfio-mediated-device.txt
> @@ -202,6 +202,7 @@ Directories and files under the sysfs for Each Physical 
> Device
>| |   |--- available_instances
>| |   |--- device_api
>| |   |--- description
> +  | |   |--- version
>| |   |--- [devices]
>| |--- []
>| |   |--- create
> @@ -209,6 +210,7 @@ Directories and files under the sysfs for Each Physical 
> Device
>| |   |--- available_instances
>| |   |--- device_api
>| |   |--- description
> +  | |   |--- version
>| |   |--- [devices]
>| |--- []
>|  |--- create
> @@ -216,6 +218,7 @@ Directories and files under the sysfs for Each Physical 
> Device
>|  |--- available_instances
>|  |--- device_api
>|  |--- description
> +  |  |--- version
>|  |--- [devices]

I thought there was a request to make this more specific to migration
by renaming it to something like migration_version.  Also, as an
optional attribute, it seems the example should perhaps not add it to
all types to illustrate that it is not required.

>  
>  * [mdev_supported_types]
> @@ -246,6 +249,143 @@ Directories and files under the sysfs for Each Physical 
> Device
>This attribute should show the number of devices of type  that 
> can be
>created.
>  
> +* version
> +
> +  This attribute is rw, and is optional.
> +  It is used to check device compatibility between two mdev devices and is

between two mdev devices of the same type.

> +  accessed in pairs between the two mdev devices being checked.

"in pairs"?

> +  The intent of this attribute is to make an mdev device's version opaque to
> +  user space, so instead of reading two mdev devices' version strings and

perhaps "...instead of reading the version string of two mdev devices
and comparing them in userspace..."

> +  comparing in userspace, user space should only read one mdev device's 
> version
> +  attribute, and writes this version string into the other mdev device's 
> version
> +  attribute. Then vendor driver of mdev device whose version attribute being
> +  written would check the incoming version string and tell user space whether
> +  the two mdev devices are compatible via return value. That's why this
> +  attribute is writable.
> +
> +  when reading this attribute, it should show device version string of
> 

Re: [Qemu-devel] [multiprocess RFC PATCH 36/37] multi-process: add the concept description to docs/devel/qemu-multiprocess

[Elena Ufimtseva]

On Mon, Mar 11, 2019 at 10:20:06AM +, Daniel P. Berrangé wrote:
> On Thu, Mar 07, 2019 at 03:29:41PM -0800, John G Johnson wrote:
> > 
> > 

Hi Daniel, Stefan

We have not replied in a while as we were trying to figure out
the best approach after multiple comments we have received on the
patch series.

Leaving other concerns that you, Stefan and others shared with us
out of this particular topic, we would like to get your opinion on
the following approach.

Please see below.

> > > On Mar 7, 2019, at 11:27 AM, Stefan Hajnoczi  wrote:
> > > 
> > > On Thu, Mar 07, 2019 at 02:51:20PM +, Daniel P. Berrangé wrote:
> > >> I guess one obvious answer is that the existing security mechanisms like
> > >> SELinux/ApArmor/DAC can be made to work in a more fine grained manner if
> > >> there are distinct processes. This would allow for a more useful seccomp
> > >> filter to better protect against secondary kernel exploits should QEMU
> > >> itself be exploited, if we can protect individual components.
> > > 
> > > Fine-grained sandboxing is possible in theory but tedious in practice.
> > > From what I can tell this patch series doesn't implement any sandboxing
> > > for child processes.
> > > 
> > 
> > The policies aren’t in QEMU, but in the selinux config files.
> > They would say, for example, that when the QEMU process exec()s the
> > disk emulation process, the process security context type transitions
> > to a new type.  This type would have permission to access the VM image
> > objects, whereas the QEMU process type (and any other device emulation
> > process types) cannot access them.
> 
> Note that currently all QEMU instances run by libvirt have seccomp
> policy applied that explicitly forbids any use of fork+exec as a way
> to reduce avenues of attack for an exploited QEMU.
> 
> Even in a modularized QEMU I'd be loathe to allow QEMU to have the
> fork+exec privileged, unless "QEMU" in this case was just a stub
> process that does nothing more than fork+exec the other binaries,
> while having zero attack exposed to the untrusted guest OS.

We see libvirt uses QEMU’s -sandbox option to indicate that QEMU
should use seccomp() to prohibit future use of certain system calls,
including fork() and exec().  Our idea is to enumerate the remote
processes needed via QEMU command line options, and have QEMU exec()
those processes before -sandbox is processed.
And we also will init seccomp for emulated devices processes.

> 
> > If you wanted to use DAC, you could do the something similar by
> > making the disk emulation executable setuid to a UID than can access
> > VM image files.
> > 
> > In either case, the policies and permissions are set up before
> > libvirt even runs, so it doesn’t need to be aware of them.
> 
> That's not the case bearing in mind the above point about fork+exec
> being forbidden. It would likely require libvirt to be in charge of
> spawning the various helper binaries from a trusted context.
> 
> 
> > > How to do this in practice must be clear from the beginning if
> > > fine-grained sandboxing is the main selling point.
> > > 
> > > Some details to start the discussion:
> > > 
> > > * How will fine-grained SELinux/AppArmor/DAC policies be configured for
> > >   each process?  I guess this requires root, so does libvirt need to
> > >   know about each process?
> > > 
> > 
> > The polices would apply to process security context types (or
> > UIDs in a DAC regime), so I would not expect libvirt to be aware of them.
> 
> I'm pretty skeptical that such a large modularization of QEMU can be
> done without libvirt being aware of it & needing some kind of changes
> applied.
>

We agree with that. With above proposed approach we still have to change hotplug
in some way.
If a eparate process will be spawned, libvirt will be the one doing
fork/exec of the separate processes. Or possibly launch a helper
binaries that will unify the way how an instance is being started with
multiple processes and hotplugging.

Thanks!
Elena, Jag, John.


> 
> Regards,
> Daniel
> -- 
> |: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org -o-https://fstop138.berrange.com :|
> |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH 5/5] iotests: Let 233 run concurrently

[Max Reitz]

On 07.05.19 22:38, Eric Blake wrote:
> On 5/7/19 1:36 PM, Max Reitz wrote:
>> common.nbd's nbd_server_set_tcp_port() tries to find a free port, and
>> then uses it for the whole test run.  However, this is racey because
> 
> racy
> 
>> even if the port was free at the beginning, there is no guarantee it
>> will continue to be available.  Therefore, 233 currently cannot reliably
>> be run concurrently with other NBD TCP tests.
>>
>> This patch addresses the problem by dropping nbd_server_set_tcp_port(),
>> and instead finding a new port every time nbd_server_start_tcp_socket()
>> is invoked.  For this, we run qemu-nbd with --fork and on error evaluate
>> the output to see whether it contains "Address already in use".  If so,
>> we try the next port.
>>
>> On success, we still want to continually redirect the output from
>> qemu-nbd to stderr.  To achieve both, we redirect qemu-nbd's stderr to a
>> FIFO that we then open in bash.  If the parent process exits with status
>> 0 (which means that the server has started successfully), we launch a
>> background cat process that copies the FIFO to stderr.  On failure, we
>> read the whole content into a variable and then evaluate it.
>>
>> While at it, use --fork in nbd_server_start_unix_socket(), too.  Doing
>> so allows us to drop nbd_server_wait_for_*_socket().
>>
>> Note that the reason common.nbd did not use --fork before is that
>> qemu-nbd did not have --pid-file.
>>
>> Signed-off-by: Max Reitz 
>> ---
>>  tests/qemu-iotests/233|  1 -
>>  tests/qemu-iotests/common.nbd | 93 ---
>>  2 files changed, 42 insertions(+), 52 deletions(-)
>>
> 
>> @@ -34,76 +39,62 @@ nbd_server_stop()
>>  fi
>>  fi
>>  rm -f "$nbd_unix_socket"
>> -}
>> -
>> -nbd_server_wait_for_unix_socket()
>> -{
> ...
>> -echo "Failed in check of unix socket created by qemu-nbd"
>> -exit 1
>> +rm -f "$nbd_stderr_fifo"
> 
> You could use a single 'rm -f "$nbd_unix_socket" "$nbd_stderr_fifo"'.
> That's cosmetic, though.
> 
> Are we sure that even on failure, our fifo will not fill up and cause
> deadlock? If the failing qemu-nbd has so much output as to be non-atomic
> so that it blocks waiting for a reader, but we don't read anything until
> after qemu-nbd exits after forking the daemon, then we have deadlock.

Hm, right.  I don’t think it will happen, but if it does, it won’t be
because of an “Address already in use”.  So if it did happen, the test
should fail anyway.

Of course, a hang is not the nicest way to fail a test, but I think as
long as we don’t think it will be a problem, it should be fine.

(The alternative I can think of would be to start a background cat that
copies data over to a log file, and then kill it after the qemu-nbd
parent process has exited.  On error, we read the log; on success, we
print it to stderr and then start the cat from nbd_stderr_fifo to stderr.)

> But in the common case, I don't think qemu-nbd ever spits out that much
> in errors, even when it fails to start whether due to a socket in use or
> for other reasons.  And even if it does hang, it is our testsuite (and
> our CI tools will probably notice it), rather than our main code.
> 
> Otherwise, it's a lot of shell code with quite a few bash-isms, but we
> already require bash, and I didn't spot anything blatantly wrong.
> 
> Reviewed-by: Eric Blake 

Thanks again!

I’ll prepare the v2.

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PULL v2 00/12] Trivial branch patches

[Peter Maydell]

On Tue, 7 May 2019 at 20:10, Laurent Vivier  wrote:
>
> Ping ?

This is in my queue to process, but there are still a bunch of
other pullreqs in the queue too; I am working through them.

thanks
-- PMM

[Qemu-devel] [PATCH v4 7/7] iotests: Test qemu-img convert -C --salvage

[Max Reitz]

We do not support this combination (yet), so this should yield an error
message.

Signed-off-by: Max Reitz 
Tested-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
---
 tests/qemu-iotests/082 | 1 +
 tests/qemu-iotests/082.out | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/tests/qemu-iotests/082 b/tests/qemu-iotests/082
index 278511dba4..804610c7eb 100755
--- a/tests/qemu-iotests/082
+++ b/tests/qemu-iotests/082
@@ -163,6 +163,7 @@ echo === convert: -C and other options ===
 run_qemu_img convert -C -S 4k -O $IMGFMT "$TEST_IMG" "$TEST_IMG".target
 run_qemu_img convert -C -S 8k -O $IMGFMT "$TEST_IMG" "$TEST_IMG".target
 run_qemu_img convert -C -c -O $IMGFMT "$TEST_IMG" "$TEST_IMG".target
+run_qemu_img convert -C --salvage -O $IMGFMT "$TEST_IMG" "$TEST_IMG".target
 
 echo
 echo === amend: Options specified more than once ===
diff --git a/tests/qemu-iotests/082.out b/tests/qemu-iotests/082.out
index 7e25706813..58de358b38 100644
--- a/tests/qemu-iotests/082.out
+++ b/tests/qemu-iotests/082.out
@@ -567,6 +567,9 @@ qemu-img: Cannot enable copy offloading when -S is used
 Testing: convert -C -c -O qcow2 TEST_DIR/t.qcow2 TEST_DIR/t.qcow2.target
 qemu-img: Cannot enable copy offloading when -c is used
 
+Testing: convert -C --salvage -O qcow2 TEST_DIR/t.qcow2 TEST_DIR/t.qcow2.target
+qemu-img: Cannot use copy offloading in salvaging mode
+
 === amend: Options specified more than once ===
 
 Testing: amend -f foo -f qcow2 -o lazy_refcounts=on TEST_DIR/t.qcow2
-- 
2.20.1

[Qemu-devel] [PATCH v4 5/7] blkdebug: Inject errors on .bdrv_co_block_status()

[Max Reitz]

Signed-off-by: Max Reitz 
Reviewed-by: Eric Blake 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
---
 qapi/block-core.json | 5 -
 block/blkdebug.c | 8 
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index 54c927f1ad..028e4d6e02 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3252,10 +3252,13 @@
 #
 # @flush: .bdrv_co_flush_to_disk()
 #
+# @block-status: .bdrv_co_block_status()
+#
 # Since: 4.1
 ##
 { 'enum': 'BlkdebugIOType', 'prefix': 'BLKDEBUG_IO_TYPE',
-  'data': [ 'read', 'write', 'write-zeroes', 'discard', 'flush' ] }
+  'data': [ 'read', 'write', 'write-zeroes', 'discard', 'flush',
+'block-status' ] }
 
 ##
 # @BlkdebugInjectErrorOptions:
diff --git a/block/blkdebug.c b/block/blkdebug.c
index 1663ed25af..5ae96c52b0 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -670,7 +670,15 @@ static int coroutine_fn 
blkdebug_co_block_status(BlockDriverState *bs,
  int64_t *map,
  BlockDriverState **file)
 {
+int err;
+
 assert(QEMU_IS_ALIGNED(offset | bytes, bs->bl.request_alignment));
+
+err = rule_check(bs, offset, bytes, BLKDEBUG_IO_TYPE_BLOCK_STATUS);
+if (err) {
+return err;
+}
+
 return bdrv_co_block_status_from_file(bs, want_zero, offset, bytes,
   pnum, map, file);
 }
-- 
2.20.1

Re: [Qemu-devel] [PATCH 5/5] iotests: Let 233 run concurrently

[Eric Blake]

On 5/7/19 1:36 PM, Max Reitz wrote:
> common.nbd's nbd_server_set_tcp_port() tries to find a free port, and
> then uses it for the whole test run.  However, this is racey because

racy

> even if the port was free at the beginning, there is no guarantee it
> will continue to be available.  Therefore, 233 currently cannot reliably
> be run concurrently with other NBD TCP tests.
> 
> This patch addresses the problem by dropping nbd_server_set_tcp_port(),
> and instead finding a new port every time nbd_server_start_tcp_socket()
> is invoked.  For this, we run qemu-nbd with --fork and on error evaluate
> the output to see whether it contains "Address already in use".  If so,
> we try the next port.
> 
> On success, we still want to continually redirect the output from
> qemu-nbd to stderr.  To achieve both, we redirect qemu-nbd's stderr to a
> FIFO that we then open in bash.  If the parent process exits with status
> 0 (which means that the server has started successfully), we launch a
> background cat process that copies the FIFO to stderr.  On failure, we
> read the whole content into a variable and then evaluate it.
> 
> While at it, use --fork in nbd_server_start_unix_socket(), too.  Doing
> so allows us to drop nbd_server_wait_for_*_socket().
> 
> Note that the reason common.nbd did not use --fork before is that
> qemu-nbd did not have --pid-file.
> 
> Signed-off-by: Max Reitz 
> ---
>  tests/qemu-iotests/233|  1 -
>  tests/qemu-iotests/common.nbd | 93 ---
>  2 files changed, 42 insertions(+), 52 deletions(-)
> 

> @@ -34,76 +39,62 @@ nbd_server_stop()
>  fi
>  fi
>  rm -f "$nbd_unix_socket"
> -}
> -
> -nbd_server_wait_for_unix_socket()
> -{
...
> -echo "Failed in check of unix socket created by qemu-nbd"
> -exit 1
> +rm -f "$nbd_stderr_fifo"

You could use a single 'rm -f "$nbd_unix_socket" "$nbd_stderr_fifo"'.
That's cosmetic, though.

Are we sure that even on failure, our fifo will not fill up and cause
deadlock? If the failing qemu-nbd has so much output as to be non-atomic
so that it blocks waiting for a reader, but we don't read anything until
after qemu-nbd exits after forking the daemon, then we have deadlock.
But in the common case, I don't think qemu-nbd ever spits out that much
in errors, even when it fails to start whether due to a socket in use or
for other reasons.  And even if it does hang, it is our testsuite (and
our CI tools will probably notice it), rather than our main code.

Otherwise, it's a lot of shell code with quite a few bash-isms, but we
already require bash, and I didn't spot anything blatantly wrong.

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH v4 6/7] iotests: Test qemu-img convert --salvage

[Max Reitz]

This test converts a simple image to another, but blkdebug injects
block_status and read faults at some offsets.  The resulting image
should be the same as the input image, except that sectors that could
not be read have to be 0.

Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/251 | 162 +
 tests/qemu-iotests/251.out |  43 ++
 tests/qemu-iotests/group   |   1 +
 3 files changed, 206 insertions(+)
 create mode 100755 tests/qemu-iotests/251
 create mode 100644 tests/qemu-iotests/251.out

diff --git a/tests/qemu-iotests/251 b/tests/qemu-iotests/251
new file mode 100755
index 00..508d69769f
--- /dev/null
+++ b/tests/qemu-iotests/251
@@ -0,0 +1,162 @@
+#!/usr/bin/env bash
+#
+# Test qemu-img convert --salvage
+#
+# Copyright (C) 2019 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=mre...@redhat.com
+
+seq=$(basename $0)
+echo "QA output created by $seq"
+
+status=1   # failure is the default!
+
+_cleanup()
+{
+_cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.qemu
+
+_supported_fmt generic
+_supported_proto file
+_supported_os Linux
+
+
+TEST_IMG="$TEST_IMG.orig" _make_test_img 64M
+
+$QEMU_IO -c 'write -P 42 0 64M' "$TEST_IMG.orig" | _filter_qemu_io
+
+
+sector_size=512
+
+# Offsets on which to fail block-status.  Keep in ascending order so
+# the indexing done by _filter_offsets will appear in ascending order
+# in the output as well.
+status_fail_offsets="$((16 * 1024 * 1024 + 8192))
+ $((33 * 1024 * 1024 + 512))"
+
+# Offsets on which to fail reads.  Keep in ascending order for the
+# same reason.
+# The second element is shared with $status_fail_offsets on purpose.
+# Starting with the third element, we test what happens when a
+# continuous range of sectors is inaccessible.
+read_fail_offsets="$((32 * 1024 * 1024 - 65536))
+   $((33 * 1024 * 1024 + 512))
+   $(seq $((34 * 1024 * 1024)) $sector_size \
+ $((34 * 1024 * 1024 + 4096 - $sector_size)))"
+
+
+# blkdebug must be above the format layer so it can intercept all
+# block-status events
+source_img="json:{'driver': 'blkdebug',
+  'image': {
+  'driver': '$IMGFMT',
+  'file': {
+  'driver': 'file',
+  'filename': '$TEST_IMG.orig'
+  }
+  },
+  'inject-error': ["
+
+for ofs in $status_fail_offsets
+do
+source_img+="{ 'event': 'none',
+   'iotype': 'block-status',
+   'errno': 5,
+   'sector': $((ofs / sector_size)) },"
+done
+
+for ofs in $read_fail_offsets
+do
+source_img+="{ 'event': 'none',
+   'iotype': 'read',
+   'errno': 5,
+   'sector': $((ofs / sector_size)) },"
+done
+
+# Remove the trailing comma and terminate @inject-error and json:{}
+source_img="${source_img%,} ] }"
+
+
+echo
+
+
+_filter_offsets() {
+filters=
+
+index=0
+for ofs in $2
+do
+filters+=" -e s/$(printf "$1" $ofs)/status_fail_offset_$index/"
+index=$((index + 1))
+done
+
+index=0
+for ofs in $3
+do
+filters+=" -e s/$(printf "$1" $ofs)/read_fail_offset_$index/"
+index=$((index + 1))
+done
+
+sed $filters
+}
+
+# While determining the number of allocated sectors in the input
+# image, we should see one block status warning per element of
+# $status_fail_offsets.
+#
+# Then, the image is read.  Since the block status is queried in
+# basically the same way, the same warnings as in the previous step
+# should reappear.  Interleaved with those we should see a read
+# warning per element of $read_fail_offsets.
+# Note that $read_fail_offsets and $status_fail_offsets share an
+# element (read_fail_offset_1 == status_fail_offset_1), so
+# "status_fail_offset_1" in the output is the same as
+# "read_fail_offset_1".
+$QEMU_IMG convert --salvage "$source_img" "$TEST_IMG" 2>&1 \
+| _filter_offsets '%i' "$status_fail_offsets" "$read_fail_offsets"
+
+echo
+
+# The offsets where the block status could not be determined should
+# have been treated as containing data and thus should be 

Re: [Qemu-devel] [PULL 0/3] decodetree: Support variable-length ISAs

[Peter Maydell]

On Mon, 6 May 2019 at 19:29, Richard Henderson
 wrote:
>
> This is a pre-requisite for the RX port.
>
>
> r~
>
>
> The following changes since commit a6ae23831b05a11880b40f7d58e332c45a6b04f7:
>
>   Merge remote-tracking branch 
> 'remotes/ehabkost/tags/python-next-pull-request' into staging (2019-05-03 
> 15:26:09 +0100)
>
> are available in the Git repository at:
>
>   https://github.com/rth7680/qemu.git tags/pull-dt-20190506
>
> for you to fetch changes up to 451e4ffdb0003ab5ed0d98bd37b385c076aba183:
>
>   decodetree: Add DisasContext argument to !function expanders (2019-05-06 
> 11:18:34 -0700)
>
> 
> Add support for variable-length ISAs
>
> 


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.1
for any user-visible changes.

-- PMM

[Qemu-devel] [PATCH v4 2/7] qemu-img: Add salvaging mode to convert

[Max Reitz]

This adds a salvaging mode (--salvage) to qemu-img convert which ignores
read errors and treats the respective areas as containing only zeroes.
This can be used for instance to at least partially recover the data
from terminally corrupted qcow2 images.

Signed-off-by: Max Reitz 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
---
 qemu-img.c   | 90 +---
 qemu-img-cmds.hx |  4 +--
 qemu-img.texi|  4 +++
 3 files changed, 75 insertions(+), 23 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index f606675933..9ffda08458 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -66,6 +66,7 @@ enum {
 OPTION_SIZE = 264,
 OPTION_PREALLOCATION = 265,
 OPTION_SHRINK = 266,
+OPTION_SALVAGE = 267,
 };
 
 typedef enum OutputFormat {
@@ -1578,6 +1579,7 @@ typedef struct ImgConvertState {
 int64_t target_backing_sectors; /* negative if unknown */
 bool wr_in_order;
 bool copy_range;
+bool salvage;
 bool quiet;
 int min_sparse;
 int alignment;
@@ -1625,25 +1627,44 @@ static int convert_iteration_sectors(ImgConvertState 
*s, int64_t sector_num)
 }
 
 if (s->sector_next_status <= sector_num) {
-int64_t count = n * BDRV_SECTOR_SIZE;
+uint64_t offset = (sector_num - src_cur_offset) * BDRV_SECTOR_SIZE;
+int64_t count;
 
-if (s->target_has_backing) {
+do {
+count = n * BDRV_SECTOR_SIZE;
+
+if (s->target_has_backing) {
+ret = bdrv_block_status(blk_bs(s->src[src_cur]), offset,
+count, , NULL, NULL);
+} else {
+ret = bdrv_block_status_above(blk_bs(s->src[src_cur]), NULL,
+  offset, count, , NULL,
+  NULL);
+}
+
+if (ret < 0) {
+if (s->salvage) {
+if (n == 1) {
+if (!s->quiet) {
+warn_report("error while reading block status at "
+"offset %" PRIu64 ": %s", offset,
+strerror(-ret));
+}
+/* Just try to read the data, then */
+ret = BDRV_BLOCK_DATA;
+count = BDRV_SECTOR_SIZE;
+} else {
+/* Retry on a shorter range */
+n = DIV_ROUND_UP(n, 4);
+}
+} else {
+error_report("error while reading block status at offset "
+ "%" PRIu64 ": %s", offset, strerror(-ret));
+return ret;
+}
+}
+} while (ret < 0);
 
-ret = bdrv_block_status(blk_bs(s->src[src_cur]),
-(sector_num - src_cur_offset) *
-BDRV_SECTOR_SIZE,
-count, , NULL, NULL);
-} else {
-ret = bdrv_block_status_above(blk_bs(s->src[src_cur]), NULL,
-  (sector_num - src_cur_offset) *
-  BDRV_SECTOR_SIZE,
-  count, , NULL, NULL);
-}
-if (ret < 0) {
-error_report("error while reading block status of sector %" PRId64
- ": %s", sector_num, strerror(-ret));
-return ret;
-}
 n = DIV_ROUND_UP(count, BDRV_SECTOR_SIZE);
 
 if (ret & BDRV_BLOCK_ZERO) {
@@ -1680,6 +1701,7 @@ static int convert_iteration_sectors(ImgConvertState *s, 
int64_t sector_num)
 static int coroutine_fn convert_co_read(ImgConvertState *s, int64_t sector_num,
 int nb_sectors, uint8_t *buf)
 {
+uint64_t single_read_until = 0;
 int n, ret;
 
 assert(nb_sectors <= s->buf_sectors);
@@ -1687,6 +1709,7 @@ static int coroutine_fn convert_co_read(ImgConvertState 
*s, int64_t sector_num,
 BlockBackend *blk;
 int src_cur;
 int64_t bs_sectors, src_cur_offset;
+uint64_t offset;
 
 /* In the case of compression with multiple source files, we can get a
  * nb_sectors that spreads into the next part. So we must be able to
@@ -1695,13 +1718,29 @@ static int coroutine_fn convert_co_read(ImgConvertState 
*s, int64_t sector_num,
 blk = s->src[src_cur];
 bs_sectors = s->src_sectors[src_cur];
 
+offset = (sector_num - src_cur_offset) << BDRV_SECTOR_BITS;
+
 n = MIN(nb_sectors, bs_sectors - (sector_num - src_cur_offset));
+if (single_read_until > offset) {
+n = 1;
+}
 
-ret = blk_co_pread(
-blk, (sector_num - src_cur_offset) << BDRV_SECTOR_BITS,
-n << BDRV_SECTOR_BITS, buf, 0);
+ret = 

[Qemu-devel] [PATCH v4 1/7] qemu-img: Move quiet into ImgConvertState

[Max Reitz]

Move img_convert()'s quiet flag into the ImgConvertState so it is
accessible by nested functions.  -q dictates that it suppresses anything
but errors, so if those functions want to emit warnings, they need to
query this flag first.  (There currently are no such warnings, but there
will be as of the next patch.)

Signed-off-by: Max Reitz 
Reviewed-by: Eric Blake 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
---
 qemu-img.c | 13 +++--
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index e6ad5978e0..f606675933 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1578,6 +1578,7 @@ typedef struct ImgConvertState {
 int64_t target_backing_sectors; /* negative if unknown */
 bool wr_in_order;
 bool copy_range;
+bool quiet;
 int min_sparse;
 int alignment;
 size_t cluster_sectors;
@@ -2009,7 +2010,7 @@ static int img_convert(int argc, char **argv)
 QDict *open_opts = NULL;
 char *options = NULL;
 Error *local_err = NULL;
-bool writethrough, src_writethrough, quiet = false, image_opts = false,
+bool writethrough, src_writethrough, image_opts = false,
  skip_create = false, progress = false, tgt_image_opts = false;
 int64_t ret = -EINVAL;
 bool force_share = false;
@@ -2117,7 +2118,7 @@ static int img_convert(int argc, char **argv)
 src_cache = optarg;
 break;
 case 'q':
-quiet = true;
+s.quiet = true;
 break;
 case 'n':
 skip_create = true;
@@ -2206,7 +2207,7 @@ static int img_convert(int argc, char **argv)
 }
 
 /* Initialize before goto out */
-if (quiet) {
+if (s.quiet) {
 progress = false;
 }
 qemu_progress_init(progress, 1.0);
@@ -2217,7 +2218,7 @@ static int img_convert(int argc, char **argv)
 
 for (bs_i = 0; bs_i < s.src_num; bs_i++) {
 s.src[bs_i] = img_open(image_opts, argv[optind + bs_i],
-   fmt, src_flags, src_writethrough, quiet,
+   fmt, src_flags, src_writethrough, s.quiet,
force_share);
 if (!s.src[bs_i]) {
 ret = -1;
@@ -2380,7 +2381,7 @@ static int img_convert(int argc, char **argv)
 
 if (skip_create) {
 s.target = img_open(tgt_image_opts, out_filename, out_fmt,
-flags, writethrough, quiet, false);
+flags, writethrough, s.quiet, false);
 } else {
 /* TODO ultimately we should allow --target-image-opts
  * to be used even when -n is not given.
@@ -2388,7 +2389,7 @@ static int img_convert(int argc, char **argv)
  * to allow filenames in option syntax
  */
 s.target = img_open_file(out_filename, open_opts, out_fmt,
- flags, writethrough, quiet, false);
+ flags, writethrough, s.quiet, false);
 open_opts = NULL; /* blk_new_open will have freed it */
 }
 if (!s.target) {
-- 
2.20.1

[Qemu-devel] [PATCH v4 4/7] blkdebug: Add "none" event

[Max Reitz]

Together with @iotypes and @sector, this can be used to trap e.g. the
first read or write access to a certain sector without having to know
what happens internally in the block layer, i.e. which "real" events
happen right before such an access.

Signed-off-by: Max Reitz 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
---
 qapi/block-core.json | 4 +++-
 block/blkdebug.c | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index 34d261721b..54c927f1ad 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3215,6 +3215,8 @@
 #
 # @cor_write: a write due to copy-on-read (since 2.11)
 #
+# @none: triggers once at creation of the blkdebug node (since 4.1)
+#
 # Since: 2.9
 ##
 { 'enum': 'BlkdebugEvent', 'prefix': 'BLKDBG',
@@ -3233,7 +3235,7 @@
 'pwritev_rmw_tail', 'pwritev_rmw_after_tail', 'pwritev',
 'pwritev_zero', 'pwritev_done', 'empty_image_prepare',
 'l1_shrink_write_table', 'l1_shrink_free_l2_clusters',
-'cor_write'] }
+'cor_write', 'none' ] }
 
 ##
 # @BlkdebugIOType:
diff --git a/block/blkdebug.c b/block/blkdebug.c
index 3f3ec11230..1663ed25af 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -491,6 +491,8 @@ static int blkdebug_open(BlockDriverState *bs, QDict 
*options, int flags,
 goto out;
 }
 
+bdrv_debug_event(bs, BLKDBG_NONE);
+
 ret = 0;
 out:
 if (ret < 0) {
-- 
2.20.1

[Qemu-devel] [PATCH v4 0/7] qemu-img: Add salvaging mode to convert

[Max Reitz]

Hi,

This series adds a --salvage option to qemu-img convert.  With this,
qemu-img will not abort when it encounters an I/O error.  Instead, it
tries to narrow it down and will treat the affected sectors as being
completely 0 (and print a warning).

Testing this is not so easy, because while real I/O errors during read
operations should be treated as described above, errors encountered
during bdrv_block_status() should just be ignored and the affected
sectors should be considered allocated.  But blkdebug does not yet have
a way to intercept this, and:

(1) Just adding a new block-status event would be silly, because I don't
want an event, I want it to fail on a certain kind of operation, on
a certain sector range, independently of any events, so why can't we
just do that?  See patch 4.

(2) If we just make blkdebug intercept .bdrv_co_block_status() like all
other kinds of operations, at least iotest 041 fails, which does
exactly that silly thing: It uses the read_aio event to wait for any
read.  But it turns out that there may be a bdrv_*block_status()
call in between, so suddenly the wrong operation yields an error.
As I said, the real fault here is that it does not really make sense
to pray that the operation you want to fail is the one that is
immediately executed after some event that you hope will trigger
that operation.
See patch 3.

So patch 3 allows blkdebug users to select which kind of I/O operation
they actually want to make fail, and patch 4 allows them to not use any
event, but to have a rule active all the time.

Together, we can then enable error injection for block-status in patch 5
and make use of event=none iotype=block-status in patch 6.


v4:
- Patch 2: Rebase conflict (265a7e54efad246f4bde63f77aee6311f436f5f1)
- Patch 3: Fix enum prefix to be BLKDEBUG_IO_TYPE [Vladimir]
- Patch 5: The same
- Patch 6:
  - 249 -> 251
  - s%#!/bin/bash%#!/usr/bin/env bash% [Thomas]
  - s/2018/2019/ [Vladimir]
  - Drop here=$PWD [Vladimir]
  - Clarified a comment (I hope) [Vladimir]


git-backport-diff against v3:

Key:
[] : patches are identical
[] : number of functional differences between upstream/downstream patch
[down] : patch is downstream-only
The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively

001/7:[] [--] 'qemu-img: Move quiet into ImgConvertState'
002/7:[0006] [FC] 'qemu-img: Add salvaging mode to convert'
003/7:[0028] [FC] 'blkdebug: Add @iotype error option'
004/7:[] [--] 'blkdebug: Add "none" event'
005/7:[0002] [FC] 'blkdebug: Inject errors on .bdrv_co_block_status()'
006/7:[0015] [FC] 'iotests: Test qemu-img convert --salvage'
007/7:[] [--] 'iotests: Test qemu-img convert -C --salvage'


Max Reitz (7):
  qemu-img: Move quiet into ImgConvertState
  qemu-img: Add salvaging mode to convert
  blkdebug: Add @iotype error option
  blkdebug: Add "none" event
  blkdebug: Inject errors on .bdrv_co_block_status()
  iotests: Test qemu-img convert --salvage
  iotests: Test qemu-img convert -C --salvage

 qapi/block-core.json   |  33 +++-
 block/blkdebug.c   |  60 +++---
 qemu-img.c | 103 ---
 qemu-img-cmds.hx   |   4 +-
 qemu-img.texi  |   4 +
 tests/qemu-iotests/082 |   1 +
 tests/qemu-iotests/082.out |   3 +
 tests/qemu-iotests/251 | 162 +
 tests/qemu-iotests/251.out |  43 ++
 tests/qemu-iotests/group   |   1 +
 10 files changed, 375 insertions(+), 39 deletions(-)
 create mode 100755 tests/qemu-iotests/251
 create mode 100644 tests/qemu-iotests/251.out

-- 
2.20.1

[Qemu-devel] [PATCH v4 3/7] blkdebug: Add @iotype error option

[Max Reitz]

This new error option allows users of blkdebug to inject errors only on
certain kinds of I/O operations.  Users usually want to make a very
specific operation fail, not just any; but right now they simply hope
that the event that triggers the error injection is followed up with
that very operation.  That may not be true, however, because the block
layer is changing (including blkdebug, which may increase the number of
types of I/O operations on which to inject errors).

The new option's default has been chosen to keep backwards
compatibility.

Note that similar to the internal representation, we could choose to
expose this option as a list of I/O types.  But there is no practical
use for this, because as described above, users usually know exactly
which kind of operation they want to make fail, so there is no need to
specify multiple I/O types at once.  In addition, exposing this option
as a list would require non-trivial changes to qemu_opts_absorb_qdict().

Signed-off-by: Max Reitz 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
---
 qapi/block-core.json | 26 +++
 block/blkdebug.c | 50 
 2 files changed, 67 insertions(+), 9 deletions(-)

diff --git a/qapi/block-core.json b/qapi/block-core.json
index 7ccbfff9d0..34d261721b 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -3235,6 +3235,26 @@
 'l1_shrink_write_table', 'l1_shrink_free_l2_clusters',
 'cor_write'] }
 
+##
+# @BlkdebugIOType:
+#
+# Kinds of I/O that blkdebug can inject errors in.
+#
+# @read: .bdrv_co_preadv()
+#
+# @write: .bdrv_co_pwritev()
+#
+# @write-zeroes: .bdrv_co_pwrite_zeroes()
+#
+# @discard: .bdrv_co_pdiscard()
+#
+# @flush: .bdrv_co_flush_to_disk()
+#
+# Since: 4.1
+##
+{ 'enum': 'BlkdebugIOType', 'prefix': 'BLKDEBUG_IO_TYPE',
+  'data': [ 'read', 'write', 'write-zeroes', 'discard', 'flush' ] }
+
 ##
 # @BlkdebugInjectErrorOptions:
 #
@@ -3245,6 +3265,11 @@
 # @state:   the state identifier blkdebug needs to be in to
 #   actually trigger the event; defaults to "any"
 #
+# @iotype:  the type of I/O operations on which this error should
+#   be injected; defaults to "all read, write,
+#   write-zeroes, discard, and flush operations"
+#   (since: 4.1)
+#
 # @errno:   error identifier (errno) to be returned; defaults to
 #   EIO
 #
@@ -3262,6 +3287,7 @@
 { 'struct': 'BlkdebugInjectErrorOptions',
   'data': { 'event': 'BlkdebugEvent',
 '*state': 'int',
+'*iotype': 'BlkdebugIOType',
 '*errno': 'int',
 '*sector': 'int',
 '*once': 'bool',
diff --git a/block/blkdebug.c b/block/blkdebug.c
index efd9441625..3f3ec11230 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -75,6 +75,7 @@ typedef struct BlkdebugRule {
 int state;
 union {
 struct {
+uint64_t iotype_mask;
 int error;
 int immediately;
 int once;
@@ -91,6 +92,9 @@ typedef struct BlkdebugRule {
 QSIMPLEQ_ENTRY(BlkdebugRule) active_next;
 } BlkdebugRule;
 
+QEMU_BUILD_BUG_MSG(BLKDEBUG_IO_TYPE__MAX > 64,
+   "BlkdebugIOType mask does not fit into an uint64_t");
+
 static QemuOptsList inject_error_opts = {
 .name = "inject-error",
 .head = QTAILQ_HEAD_INITIALIZER(inject_error_opts.head),
@@ -103,6 +107,10 @@ static QemuOptsList inject_error_opts = {
 .name = "state",
 .type = QEMU_OPT_NUMBER,
 },
+{
+.name = "iotype",
+.type = QEMU_OPT_STRING,
+},
 {
 .name = "errno",
 .type = QEMU_OPT_NUMBER,
@@ -162,6 +170,8 @@ static int add_rule(void *opaque, QemuOpts *opts, Error 
**errp)
 int event;
 struct BlkdebugRule *rule;
 int64_t sector;
+BlkdebugIOType iotype;
+Error *local_error = NULL;
 
 /* Find the right event for the rule */
 event_name = qemu_opt_get(opts, "event");
@@ -192,6 +202,26 @@ static int add_rule(void *opaque, QemuOpts *opts, Error 
**errp)
 sector = qemu_opt_get_number(opts, "sector", -1);
 rule->options.inject.offset =
 sector == -1 ? -1 : sector * BDRV_SECTOR_SIZE;
+
+iotype = qapi_enum_parse(_lookup,
+ qemu_opt_get(opts, "iotype"),
+ BLKDEBUG_IO_TYPE__MAX, _error);
+if (local_error) {
+error_propagate(errp, local_error);
+return -1;
+}
+if (iotype != BLKDEBUG_IO_TYPE__MAX) {
+rule->options.inject.iotype_mask = (1ull << iotype);
+} else {
+/* Apply the default */
+rule->options.inject.iotype_mask =
+(1ull << BLKDEBUG_IO_TYPE_READ)
+| (1ull << BLKDEBUG_IO_TYPE_WRITE)
+| (1ull << BLKDEBUG_IO_TYPE_WRITE_ZEROES)
+| (1ull << BLKDEBUG_IO_TYPE_DISCARD)
+| 

Re: [Qemu-devel] [PATCH v7 2/6] virtio-pmem: Add virtio pmem driver

[Jakub Staroń via Qemu-devel]

On 4/25/19 10:00 PM, Pankaj Gupta wrote:

> +void host_ack(struct virtqueue *vq)
> +{
> + unsigned int len;
> + unsigned long flags;
> + struct virtio_pmem_request *req, *req_buf;
> + struct virtio_pmem *vpmem = vq->vdev->priv;
> +
> + spin_lock_irqsave(>pmem_lock, flags);
> + while ((req = virtqueue_get_buf(vq, )) != NULL) {
> + req->done = true;
> + wake_up(>host_acked);
> +
> + if (!list_empty(>req_list)) {
> + req_buf = list_first_entry(>req_list,
> + struct virtio_pmem_request, list);
> + list_del(>req_list);

Shouldn't it be rather `list_del(vpmem->req_list.next)`? We are trying to unlink
first element of the list and `vpmem->req_list` is just the list head.

> +int virtio_pmem_flush(struct nd_region *nd_region)
> +{
> + int err;
> + unsigned long flags;
> + struct scatterlist *sgs[2], sg, ret;
> + struct virtio_device *vdev = nd_region->provider_data;
> + struct virtio_pmem *vpmem = vdev->priv;
> + struct virtio_pmem_request *req;
> +
> + might_sleep();
> + req = kmalloc(sizeof(*req), GFP_KERNEL);
> + if (!req)
> + return -ENOMEM;
> +
> + req->done = req->wq_buf_avail = false;
> + strcpy(req->name, "FLUSH");
> + init_waitqueue_head(>host_acked);
> + init_waitqueue_head(>wq_buf);
> + sg_init_one(, req->name, strlen(req->name));
> + sgs[0] = 
> + sg_init_one(, >ret, sizeof(req->ret));
> + sgs[1] = 
> +
> + spin_lock_irqsave(>pmem_lock, flags);
> + err = virtqueue_add_sgs(vpmem->req_vq, sgs, 1, 1, req, GFP_ATOMIC);
> + if (err) {
> + dev_err(>dev, "failed to send command to virtio pmem 
> device\n");
> +
> + list_add_tail(>req_list, >list);
> + spin_unlock_irqrestore(>pmem_lock, flags);
> +
> + /* When host has read buffer, this completes via host_ack */
> + wait_event(req->wq_buf, req->wq_buf_avail);
> + spin_lock_irqsave(>pmem_lock, flags);
> + }

Aren't the arguments in `list_add_tail` swapped? The element we are adding 
should
be first, the list should be second. Also, shouldn't we resubmit the request 
after
waking up from `wait_event(req->wq_buf, req->wq_buf_avail)`?

I propose rewriting it like that:

diff --git a/drivers/nvdimm/virtio_pmem.c b/drivers/nvdimm/virtio_pmem.c
index 66b582f751a3..ff0556b04e86 100644
--- a/drivers/nvdimm/virtio_pmem.c
+++ b/drivers/nvdimm/virtio_pmem.c
@@ -25,7 +25,7 @@ void host_ack(struct virtqueue *vq)
if (!list_empty(>req_list)) {
req_buf = list_first_entry(>req_list,
struct virtio_pmem_request, list);
-   list_del(>req_list);
+   list_del(vpmem->req_list.next);
req_buf->wq_buf_avail = true;
wake_up(_buf->wq_buf);
}
@@ -59,17 +59,33 @@ int virtio_pmem_flush(struct nd_region *nd_region)
sgs[1] = 
 
spin_lock_irqsave(>pmem_lock, flags);
-   err = virtqueue_add_sgs(vpmem->req_vq, sgs, 1, 1, req, GFP_ATOMIC);
-   if (err) {
-   dev_err(>dev, "failed to send command to virtio pmem 
device\n");
+   /*
+* If virtqueue_add_sgs returns -ENOSPC then req_vq virtual queue does 
not
+* have free descriptor slots. We add the request to req_list and wait
+* for host_ack to wake us up when free slots are available.
+*/
+   while ((err = virtqueue_add_sgs(vpmem->req_vq, sgs, 1, 1, req, 
GFP_ATOMIC)) == -ENOSPC) {
+   dev_err(>dev, "failed to send command to virtio pmem 
device, no free slots in the virtqueue, postponing request\n");
+   req->wq_buf_avail = false;
 
-   list_add_tail(>req_list, >list);
+   list_add_tail(>list, >req_list);
spin_unlock_irqrestore(>pmem_lock, flags);
 
/* When host has read buffer, this completes via host_ack */
wait_event(req->wq_buf, req->wq_buf_avail);
spin_lock_irqsave(>pmem_lock, flags);
}
+
+   /*
+* virtqueue_add_sgs failed with error different than -ENOSPC, we can't
+* do anything about that.
+*/
+   if (err) {
+   dev_info(>dev, "failed to send command to virtio pmem 
device, error code %d\n", err);
+   spin_unlock_irqrestore(>pmem_lock, flags);
+   err = -EIO;
+   goto ret;
+   }
err = virtqueue_kick(vpmem->req_vq);
spin_unlock_irqrestore(>pmem_lock, flags);


Let me know if it looks reasonable to you.

Thank you,
Jakub Staron

Re: [Qemu-devel] [PATCH 4/5] iotests: Use qemu-nbd's --pid-file

[Max Reitz]

On 07.05.19 21:53, Eric Blake wrote:
> On 5/7/19 1:36 PM, Max Reitz wrote:
>> Signed-off-by: Max Reitz 
>> ---
>>  tests/qemu-iotests/common.rc | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc
>> index 93f87389b6..217cf3874d 100644
>> --- a/tests/qemu-iotests/common.rc
>> +++ b/tests/qemu-iotests/common.rc
>> @@ -106,8 +106,8 @@ _qemu_io_wrapper()
>>  _qemu_nbd_wrapper()
>>  {
>>  (
>> -echo $BASHPID > "${QEMU_TEST_DIR}/qemu-nbd.pid"
>> -exec "$QEMU_NBD_PROG" $QEMU_NBD_OPTIONS "$@"
>> +exec "$QEMU_NBD_PROG" --pid-file="${QEMU_TEST_DIR}/qemu-nbd.pid" \
>> +  $QEMU_NBD_OPTIONS "$@"
>>  )
> 
> Beforehand, we needed the subshell + exec to guarantee that the pid we
> were writing was that of the subshell. Now, we don't need either; this
> could be simplified to:
> 
> _qemu_nbd_wrapper()
> {
> "$QEMU_NBD_PROG" --pid-file... "$@"
> }

True, but I just followed _qemu_img_wrapper()’s example.  I could change
both, of course...

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 1/5] qemu-nbd: Add --pid-file option

[Max Reitz]

On 07.05.19 21:51, Eric Blake wrote:
> On 5/7/19 2:39 PM, Max Reitz wrote:
>> On 07.05.19 21:30, Eric Blake wrote:
>>> On 5/7/19 1:36 PM, Max Reitz wrote:
 --fork is a bit boring if there is no way to get the child's PID.  This
 option helps.

 Signed-off-by: Max Reitz 
 ---
  qemu-nbd.c| 29 +
  qemu-nbd.texi |  2 ++
  2 files changed, 31 insertions(+)

>>>
 @@ -111,6 +112,7 @@ static void usage(const char *name)
  "specify tracing options\n"
  "  --forkfork off the server process and exit the 
 parent\n"
  "once the server is running\n"
 +"  --pid-file=PATH   store the server's process ID in the given 
 file\n"
>>>
>>> Should --pid-file imply --fork, or be an error if --fork was not
>>> supplied? As coded, it writes a pid file regardless of --fork, even
>>> though it is less obvious that it is useful in that case. I don't have a
>>> strong preference (there doesn't seem to be a useful consensus on what
>>> forking daemons should do), but it would at least be worth documenting
>>> the intended action (even if that implies a tweak to the patch to match
>>> the intent).
>>
>> I think the documentation is pretty clear.  It stores the server's PID,
>> whether it has been forked or not.
>>
>> I don't think we would gain anything from forbidding --pid-file without
>> --fork, would we?
> 
> I can't think of any reason to forbid it. So it sounds like we are
> intentional, this writes the pid into --pid-file regardless of whether
> that pid can be learned by other means as well.
> 
> 
 +const char *pid_path = NULL;
>>>
>>> Bikeshedding: pid_name is nicer (path makes me think of $PATH and other
>>> colon-separated lists, which this is not).
>>
>> I'd prefer pid_filename myself, then, because pid_name sounds like a
>> weird way to say "process name". O:-)
> 
> Works for me, even if it is longer. Do you want to respin, or just have
> me touch it up when folding it into my NBD tree?

I suppose I’d prefer a respin, independently of what you make of patches
4 and 5.

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 4/5] iotests: Use qemu-nbd's --pid-file

[Eric Blake]

On 5/7/19 1:36 PM, Max Reitz wrote:
> Signed-off-by: Max Reitz 
> ---
>  tests/qemu-iotests/common.rc | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc
> index 93f87389b6..217cf3874d 100644
> --- a/tests/qemu-iotests/common.rc
> +++ b/tests/qemu-iotests/common.rc
> @@ -106,8 +106,8 @@ _qemu_io_wrapper()
>  _qemu_nbd_wrapper()
>  {
>  (
> -echo $BASHPID > "${QEMU_TEST_DIR}/qemu-nbd.pid"
> -exec "$QEMU_NBD_PROG" $QEMU_NBD_OPTIONS "$@"
> +exec "$QEMU_NBD_PROG" --pid-file="${QEMU_TEST_DIR}/qemu-nbd.pid" \
> +  $QEMU_NBD_OPTIONS "$@"
>  )

Beforehand, we needed the subshell + exec to guarantee that the pid we
were writing was that of the subshell. Now, we don't need either; this
could be simplified to:

_qemu_nbd_wrapper()
{
"$QEMU_NBD_PROG" --pid-file... "$@"
}

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 1/5] qemu-nbd: Add --pid-file option

[Eric Blake]

On 5/7/19 2:39 PM, Max Reitz wrote:
> On 07.05.19 21:30, Eric Blake wrote:
>> On 5/7/19 1:36 PM, Max Reitz wrote:
>>> --fork is a bit boring if there is no way to get the child's PID.  This
>>> option helps.
>>>
>>> Signed-off-by: Max Reitz 
>>> ---
>>>  qemu-nbd.c| 29 +
>>>  qemu-nbd.texi |  2 ++
>>>  2 files changed, 31 insertions(+)
>>>
>>
>>> @@ -111,6 +112,7 @@ static void usage(const char *name)
>>>  "specify tracing options\n"
>>>  "  --forkfork off the server process and exit the 
>>> parent\n"
>>>  "once the server is running\n"
>>> +"  --pid-file=PATH   store the server's process ID in the given 
>>> file\n"
>>
>> Should --pid-file imply --fork, or be an error if --fork was not
>> supplied? As coded, it writes a pid file regardless of --fork, even
>> though it is less obvious that it is useful in that case. I don't have a
>> strong preference (there doesn't seem to be a useful consensus on what
>> forking daemons should do), but it would at least be worth documenting
>> the intended action (even if that implies a tweak to the patch to match
>> the intent).
> 
> I think the documentation is pretty clear.  It stores the server's PID,
> whether it has been forked or not.
> 
> I don't think we would gain anything from forbidding --pid-file without
> --fork, would we?

I can't think of any reason to forbid it. So it sounds like we are
intentional, this writes the pid into --pid-file regardless of whether
that pid can be learned by other means as well.


>>> +const char *pid_path = NULL;
>>
>> Bikeshedding: pid_name is nicer (path makes me think of $PATH and other
>> colon-separated lists, which this is not).
> 
> I'd prefer pid_filename myself, then, because pid_name sounds like a
> weird way to say "process name". O:-)

Works for me, even if it is longer. Do you want to respin, or just have
me touch it up when folding it into my NBD tree?

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 2/5] iotests.py: Add qemu_nbd_early_pipe()

[Eric Blake]

On 5/7/19 1:36 PM, Max Reitz wrote:
> qemu_nbd_pipe() currently unconditionally reads qemu-nbd's output.  That
> is not ideal because qemu-nbd may keep stderr open after the parent
> process has exited.
> 
> Currently, the only user of qemu_nbd_pipe() is 147, which discards the
> whole output if the parent process returned success and only evaluates
> it on error.  Therefore, we can replace qemu_nbd_pipe() by
> qemu_nbd_early_pipe() that does the same: Discard the output on success,
> and return it on error.
> 
> Signed-off-by: Max Reitz 
> ---
>  tests/qemu-iotests/147| 4 ++--
>  tests/qemu-iotests/iotests.py | 9 ++---
>  2 files changed, 8 insertions(+), 5 deletions(-)
> 

> @@ -216,7 +216,10 @@ def qemu_nbd_pipe(*args):
>  sys.stderr.write('qemu-nbd received signal %i: %s\n' %
>   (-exitcode,
>' '.join(qemu_nbd_args + ['--fork'] + list(args
> -return exitcode, subp.communicate()[0]
> +if exitcode == 0:
> +return exitcode, ''
> +else:
> +return exitcode, subp.communicate()[0]
>  

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v7 4/6] dax: check synchronous mapping is supported

[Jakub Staroń via Qemu-devel]

From: Pankaj Gupta 
Date: Thu, Apr 25, 2019 at 10:00 PM

> +static inline bool daxdev_mapping_supported(struct vm_area_struct *vma,
> +   struct dax_device *dax_dev)
> +{
> +   return !(vma->flags & VM_SYNC);
> +}

Shouldn't it be rather `return !(vma->vm_flags & VM_SYNC);`? There is
no field named `flags` in `struct vm_area_struct`.

Thank you,
Jakub

Re: [Qemu-devel] [PATCH 3/5] qemu-nbd: Do not close stderr

[Eric Blake]

On 5/7/19 1:36 PM, Max Reitz wrote:
> We kept old_stderr specifically so we could keep emitting error message
> on stderr.  However, qemu_daemon() closes stderr.  Therefore, we need to
> dup() stderr to old_stderr before invoking qemu_daemon().
> 
> Signed-off-by: Max Reitz 
> ---
> As I hinted at in the cover letter, I am not sure whether this is truly
> a bug or whether the current behavior is intentional.  So if you
> disagree with me on this patch, you are welcome to suggest an
> alternative.

Looks to me like a bug fix, for a problem present since commit c1f8fdc3
added old_stderr in 2011.

> 
> I personally can see two:
> (1) Add a --log option for a file to store the server's messages in.
> Seems a bit cumbersome to me.
> 
> (2) Add a --keep-stderr option, which specifically enables this behavior
> here.  Without this option we keep the old behavior.

The approach done here is simplest, I wouldn't worry about your two
alternatives.

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 1/5] qemu-nbd: Add --pid-file option

[Max Reitz]

On 07.05.19 21:30, Eric Blake wrote:
> On 5/7/19 1:36 PM, Max Reitz wrote:
>> --fork is a bit boring if there is no way to get the child's PID.  This
>> option helps.
>>
>> Signed-off-by: Max Reitz 
>> ---
>>  qemu-nbd.c| 29 +
>>  qemu-nbd.texi |  2 ++
>>  2 files changed, 31 insertions(+)
>>
> 
>> @@ -111,6 +112,7 @@ static void usage(const char *name)
>>  "specify tracing options\n"
>>  "  --forkfork off the server process and exit the 
>> parent\n"
>>  "once the server is running\n"
>> +"  --pid-file=PATH   store the server's process ID in the given 
>> file\n"
> 
> Should --pid-file imply --fork, or be an error if --fork was not
> supplied? As coded, it writes a pid file regardless of --fork, even
> though it is less obvious that it is useful in that case. I don't have a
> strong preference (there doesn't seem to be a useful consensus on what
> forking daemons should do), but it would at least be worth documenting
> the intended action (even if that implies a tweak to the patch to match
> the intent).

I think the documentation is pretty clear.  It stores the server's PID,
whether it has been forked or not.

I don't think we would gain anything from forbidding --pid-file without
--fork, would we?

>>  #if HAVE_NBD_DEVICE
>>  "\n"
>>  "Kernel NBD client support:\n"
>> @@ -651,6 +653,7 @@ int main(int argc, char **argv)
>>  { "image-opts", no_argument, NULL, QEMU_NBD_OPT_IMAGE_OPTS },
>>  { "trace", required_argument, NULL, 'T' },
>>  { "fork", no_argument, NULL, QEMU_NBD_OPT_FORK },
>> +{ "pid-file", required_argument, NULL, QEMU_NBD_OPT_PID_FILE },
>>  { NULL, 0, NULL, 0 }
>>  };
>>  int ch;
>> @@ -677,6 +680,8 @@ int main(int argc, char **argv)
>>  bool list = false;
>>  int old_stderr = -1;
>>  unsigned socket_activation;
>> +const char *pid_path = NULL;
> 
> Bikeshedding: pid_name is nicer (path makes me think of $PATH and other
> colon-separated lists, which this is not).

I'd prefer pid_filename myself, then, because pid_name sounds like a
weird way to say "process name". O:-)

> Otherwise, I agree that this is long overdue. Thanks! If you can justify
> the behavior without --fork,

I just can’t think of a reason not to allow it without --fork.  Maybe a
user doesn’t need --fork because they just start the server in the
background and that’s good enough, but they still want a PID file.  So
basically like common.rc’s _qemu_nbd_wrapper() before this series.

Max



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [Bug 1823458] Re: race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu

[Dan Streetman]

@sil2100 yes I agree, let's wait longer before releasing.  We have the
Canonical customer performing testing with the package, and we can run
some additional sanity checks as well.  The config coming from the
customer is an openstack setup using OVS, so that's what we will setup
and perform sanity testing on.

@cpaelzer, if you have any suggestions for specific tests/configurations
that might be good to test the specific code changed here, please let me
know.

@bdmurray, sure, let's leave it set to incomplete while we're regression
testing ;-)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1823458

Title:
  race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown
  crashes qemu

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Committed
Status in Ubuntu Cloud Archive ocata series:
  Fix Committed
Status in QEMU:
  Fix Released
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Trusty:
  Won't Fix
Status in qemu source package in Xenial:
  Incomplete
Status in qemu source package in Bionic:
  Fix Released
Status in qemu source package in Cosmic:
  Fix Released
Status in qemu source package in Disco:
  Fix Released

Bug description:
  [impact]

  on shutdown of a guest, there is a race condition that results in qemu
  crashing instead of normally shutting down.  The bt looks similar to
  this (depending on the specific version of qemu, of course; this is
  taken from 2.5 version of qemu):

  (gdb) bt
  #0  __GI___pthread_mutex_lock (mutex=0x0) at ../nptl/pthread_mutex_lock.c:66
  #1  0x5636c0bc4389 in qemu_mutex_lock (mutex=mutex@entry=0x0) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/util/qemu-thread-posix.c:73
  #2  0x5636c0988130 in qemu_chr_fe_write_all (s=s@entry=0x0, 
buf=buf@entry=0x7ffe65c086a0 "\v", len=len@entry=20) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/qemu-char.c:205
  #3  0x5636c08f3483 in vhost_user_write (msg=msg@entry=0x7ffe65c086a0, 
fds=fds@entry=0x0, fd_num=fd_num@entry=0, dev=0x5636c1bf6b70, 
dev=0x5636c1bf6b70)
  at /build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/vhost-user.c:195
  #4  0x5636c08f411c in vhost_user_get_vring_base (dev=0x5636c1bf6b70, 
ring=0x7ffe65c087e0) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/vhost-user.c:364
  #5  0x5636c08efff0 in vhost_virtqueue_stop (dev=dev@entry=0x5636c1bf6b70, 
vdev=vdev@entry=0x5636c2853338, vq=0x5636c1bf6d00, idx=1) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/vhost.c:895
  #6  0x5636c08f2944 in vhost_dev_stop (hdev=hdev@entry=0x5636c1bf6b70, 
vdev=vdev@entry=0x5636c2853338) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/vhost.c:1262
  #7  0x5636c08db2a8 in vhost_net_stop_one (net=0x5636c1bf6b70, 
dev=dev@entry=0x5636c2853338) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/net/vhost_net.c:293
  #8  0x5636c08dbe5b in vhost_net_stop (dev=dev@entry=0x5636c2853338, 
ncs=0x5636c209d110, total_queues=total_queues@entry=1) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/net/vhost_net.c:371
  #9  0x5636c08d7745 in virtio_net_vhost_status (status=7 '\a', 
n=0x5636c2853338) at /build/qemu-7I4i1R/qemu-2.5+dfsg/hw/net/virtio-net.c:150
  #10 virtio_net_set_status (vdev=, status=) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/net/virtio-net.c:162
  #11 0x5636c08ec42c in virtio_set_status (vdev=0x5636c2853338, 
val=) at /build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/virtio.c:624
  #12 0x5636c098fed2 in vm_state_notify (running=running@entry=0, 
state=state@entry=RUN_STATE_SHUTDOWN) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/vl.c:1605
  #13 0x5636c089172a in do_vm_stop (state=RUN_STATE_SHUTDOWN) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/cpus.c:724
  #14 vm_stop (state=RUN_STATE_SHUTDOWN) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/cpus.c:1407
  #15 0x5636c085d240 in main_loop_should_exit () at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/vl.c:1883
  #16 main_loop () at /build/qemu-7I4i1R/qemu-2.5+dfsg/vl.c:1931
  #17 main (argc=, argv=, envp=) 
at /build/qemu-7I4i1R/qemu-2.5+dfsg/vl.c:4683

  [test case]

  unfortunately since this is a race condition, it's very hard to
  arbitrarily reproduce; it depends very much on the overall
  configuration of the guest as well as how exactly it's shut down -
  specifically, its vhost user net must be closed from the host side at
  a specific time during qemu shutdown.

  I have someone with such a setup who has reported to me their setup is
  able to reproduce this reliably, but the config is too complex for me
  to reproduce so I have relied on their reproduction and testing to
  debug and craft the patch for this.

  [regression potential]

  the change adds a flag to prevent repeated calls to vhost_net_stop().
  This also prevents any calls to vhost_net_cleanup() from
  net_vhost_user_event().  Any regression would be seen when stopping
  and/or cleaning up a vhost net.  Regressions might include failure to
  hot-remove a vhost 

Re: [Qemu-devel] [RFC 0/3] VirtIO RDMA

[Jason Gunthorpe]

On Tue, Apr 30, 2019 at 08:13:54PM +0300, Yuval Shaia wrote:
> On Mon, Apr 22, 2019 at 01:45:27PM -0300, Jason Gunthorpe wrote:
> > On Fri, Apr 19, 2019 at 01:16:06PM +0200, Hannes Reinecke wrote:
> > > On 4/15/19 12:35 PM, Yuval Shaia wrote:
> > > > On Thu, Apr 11, 2019 at 07:02:15PM +0200, Cornelia Huck wrote:
> > > > > On Thu, 11 Apr 2019 14:01:54 +0300
> > > > > Yuval Shaia  wrote:
> > > > > 
> > > > > > Data center backends use more and more RDMA or RoCE devices and 
> > > > > > more and
> > > > > > more software runs in virtualized environment.
> > > > > > There is a need for a standard to enable RDMA/RoCE on Virtual 
> > > > > > Machines.
> > > > > > 
> > > > > > Virtio is the optimal solution since is the de-facto 
> > > > > > para-virtualizaton
> > > > > > technology and also because the Virtio specification
> > > > > > allows Hardware Vendors to support Virtio protocol natively in 
> > > > > > order to
> > > > > > achieve bare metal performance.
> > > > > > 
> > > > > > This RFC is an effort to addresses challenges in defining the 
> > > > > > RDMA/RoCE
> > > > > > Virtio Specification and a look forward on possible implementation
> > > > > > techniques.
> > > > > > 
> > > > > > Open issues/Todo list:
> > > > > > List is huge, this is only start point of the project.
> > > > > > Anyway, here is one example of item in the list:
> > > > > > - Multi VirtQ: Every QP has two rings and every CQ has one. This 
> > > > > > means that
> > > > > >in order to support for example 32K QPs we will need 64K VirtQ. 
> > > > > > Not sure
> > > > > >that this is reasonable so one option is to have one for all and
> > > > > >multiplex the traffic on it. This is not good approach as by 
> > > > > > design it
> > > > > >introducing an optional starvation. Another approach would be 
> > > > > > multi
> > > > > >queues and round-robin (for example) between them.
> > > > > > 
> > > Typically there will be a one-to-one mapping between QPs and CPUs (on the
> > > guest). 
> > 
> > Er we are really overloading words here.. The typical expectation is
> > that a 'RDMA QP' will have thousands and thousands of instances on a
> > system.
> > 
> > Most likely I think mapping 1:1 a virtio queue to a 'RDMA QP, CQ, SRQ,
> > etc' is a bad idea...
> 
> We have three options, no virtqueue for QP, 1 to 1 or multiplexing. What
> would be your vote on that?
> I think you are for option #1, right? but in this case there is actually no
> use of having a virtio-driver, isn't it?

The virtio driver is supposed to be a standard, like a hardware
standard, for doing the operation.

It doesn't mean that every single element under the driver needs to
use the virtio format QP.

Jason

Re: [Qemu-devel] [PATCH 1/5] qemu-nbd: Add --pid-file option

[Eric Blake]

On 5/7/19 1:36 PM, Max Reitz wrote:
> --fork is a bit boring if there is no way to get the child's PID.  This
> option helps.
> 
> Signed-off-by: Max Reitz 
> ---
>  qemu-nbd.c| 29 +
>  qemu-nbd.texi |  2 ++
>  2 files changed, 31 insertions(+)
> 

> @@ -111,6 +112,7 @@ static void usage(const char *name)
>  "specify tracing options\n"
>  "  --forkfork off the server process and exit the 
> parent\n"
>  "once the server is running\n"
> +"  --pid-file=PATH   store the server's process ID in the given 
> file\n"

Should --pid-file imply --fork, or be an error if --fork was not
supplied? As coded, it writes a pid file regardless of --fork, even
though it is less obvious that it is useful in that case. I don't have a
strong preference (there doesn't seem to be a useful consensus on what
forking daemons should do), but it would at least be worth documenting
the intended action (even if that implies a tweak to the patch to match
the intent).

>  #if HAVE_NBD_DEVICE
>  "\n"
>  "Kernel NBD client support:\n"
> @@ -651,6 +653,7 @@ int main(int argc, char **argv)
>  { "image-opts", no_argument, NULL, QEMU_NBD_OPT_IMAGE_OPTS },
>  { "trace", required_argument, NULL, 'T' },
>  { "fork", no_argument, NULL, QEMU_NBD_OPT_FORK },
> +{ "pid-file", required_argument, NULL, QEMU_NBD_OPT_PID_FILE },
>  { NULL, 0, NULL, 0 }
>  };
>  int ch;
> @@ -677,6 +680,8 @@ int main(int argc, char **argv)
>  bool list = false;
>  int old_stderr = -1;
>  unsigned socket_activation;
> +const char *pid_path = NULL;

Bikeshedding: pid_name is nicer (path makes me think of $PATH and other
colon-separated lists, which this is not).

Otherwise, I agree that this is long overdue. Thanks! If you can justify
the behavior without --fork,
Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [Bug 1823458] Re: race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu

[Brian Murray]

I'm setting this to Incomplete per sil2100's last comment.

** Changed in: qemu (Ubuntu Xenial)
   Status: Fix Committed => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1823458

Title:
  race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown
  crashes qemu

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Committed
Status in Ubuntu Cloud Archive ocata series:
  Fix Committed
Status in QEMU:
  Fix Released
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Trusty:
  Won't Fix
Status in qemu source package in Xenial:
  Incomplete
Status in qemu source package in Bionic:
  Fix Released
Status in qemu source package in Cosmic:
  Fix Released
Status in qemu source package in Disco:
  Fix Released

Bug description:
  [impact]

  on shutdown of a guest, there is a race condition that results in qemu
  crashing instead of normally shutting down.  The bt looks similar to
  this (depending on the specific version of qemu, of course; this is
  taken from 2.5 version of qemu):

  (gdb) bt
  #0  __GI___pthread_mutex_lock (mutex=0x0) at ../nptl/pthread_mutex_lock.c:66
  #1  0x5636c0bc4389 in qemu_mutex_lock (mutex=mutex@entry=0x0) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/util/qemu-thread-posix.c:73
  #2  0x5636c0988130 in qemu_chr_fe_write_all (s=s@entry=0x0, 
buf=buf@entry=0x7ffe65c086a0 "\v", len=len@entry=20) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/qemu-char.c:205
  #3  0x5636c08f3483 in vhost_user_write (msg=msg@entry=0x7ffe65c086a0, 
fds=fds@entry=0x0, fd_num=fd_num@entry=0, dev=0x5636c1bf6b70, 
dev=0x5636c1bf6b70)
  at /build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/vhost-user.c:195
  #4  0x5636c08f411c in vhost_user_get_vring_base (dev=0x5636c1bf6b70, 
ring=0x7ffe65c087e0) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/vhost-user.c:364
  #5  0x5636c08efff0 in vhost_virtqueue_stop (dev=dev@entry=0x5636c1bf6b70, 
vdev=vdev@entry=0x5636c2853338, vq=0x5636c1bf6d00, idx=1) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/vhost.c:895
  #6  0x5636c08f2944 in vhost_dev_stop (hdev=hdev@entry=0x5636c1bf6b70, 
vdev=vdev@entry=0x5636c2853338) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/vhost.c:1262
  #7  0x5636c08db2a8 in vhost_net_stop_one (net=0x5636c1bf6b70, 
dev=dev@entry=0x5636c2853338) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/net/vhost_net.c:293
  #8  0x5636c08dbe5b in vhost_net_stop (dev=dev@entry=0x5636c2853338, 
ncs=0x5636c209d110, total_queues=total_queues@entry=1) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/net/vhost_net.c:371
  #9  0x5636c08d7745 in virtio_net_vhost_status (status=7 '\a', 
n=0x5636c2853338) at /build/qemu-7I4i1R/qemu-2.5+dfsg/hw/net/virtio-net.c:150
  #10 virtio_net_set_status (vdev=, status=) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/hw/net/virtio-net.c:162
  #11 0x5636c08ec42c in virtio_set_status (vdev=0x5636c2853338, 
val=) at /build/qemu-7I4i1R/qemu-2.5+dfsg/hw/virtio/virtio.c:624
  #12 0x5636c098fed2 in vm_state_notify (running=running@entry=0, 
state=state@entry=RUN_STATE_SHUTDOWN) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/vl.c:1605
  #13 0x5636c089172a in do_vm_stop (state=RUN_STATE_SHUTDOWN) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/cpus.c:724
  #14 vm_stop (state=RUN_STATE_SHUTDOWN) at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/cpus.c:1407
  #15 0x5636c085d240 in main_loop_should_exit () at 
/build/qemu-7I4i1R/qemu-2.5+dfsg/vl.c:1883
  #16 main_loop () at /build/qemu-7I4i1R/qemu-2.5+dfsg/vl.c:1931
  #17 main (argc=, argv=, envp=) 
at /build/qemu-7I4i1R/qemu-2.5+dfsg/vl.c:4683

  [test case]

  unfortunately since this is a race condition, it's very hard to
  arbitrarily reproduce; it depends very much on the overall
  configuration of the guest as well as how exactly it's shut down -
  specifically, its vhost user net must be closed from the host side at
  a specific time during qemu shutdown.

  I have someone with such a setup who has reported to me their setup is
  able to reproduce this reliably, but the config is too complex for me
  to reproduce so I have relied on their reproduction and testing to
  debug and craft the patch for this.

  [regression potential]

  the change adds a flag to prevent repeated calls to vhost_net_stop().
  This also prevents any calls to vhost_net_cleanup() from
  net_vhost_user_event().  Any regression would be seen when stopping
  and/or cleaning up a vhost net.  Regressions might include failure to
  hot-remove a vhost net from a guest, or failure to cleanup (i.e. mem
  leak), or crashes during cleanup or stopping a vhost net.

  [other info]

  this was originally seen in the 2.5 version of qemu - specifically,
  the UCA version in trusty-mitaka (which uses the xenial qemu
  codebase).

  After discussion upstream, it appears this was fixed upstream by
  commit e7c83a885f8, which is included starting in version 2.9.
  

Re: [Qemu-devel] [PULL v2 00/12] Trivial branch patches

[Laurent Vivier]

Ping ?


On 03/05/2019 13:26, Laurent Vivier wrote:

The following changes since commit 8482ff2eb3bb95020eb2f370a9b3ea26511e41df:

   Merge remote-tracking branch 'remotes/jnsnow/tags/bitmaps-pull-request' into 
staging (2019-05-02 12:04:51 +0100)

are available in the Git repository at:

   git://github.com/vivier/qemu.git tags/trivial-branch-pull-request

for you to fetch changes up to 2d2023c3b99edb33ad4bb9791f70456ea1a1c049:

   sockets: avoid string truncation warnings when copying UNIX path (2019-05-03 
13:03:04 +0200)


Pull request trivial branch 2019-05-03



Aruna Jayasena (1):
   Header cleanups

Daniel P. Berrangé (1):
   sockets: avoid string truncation warnings when copying UNIX path

Dr. David Alan Gilbert (1):
   configure: fix pam test warning

Marc-André Lureau (1):
   doc: fix the configuration path

Philippe Mathieu-Daudé (3):
   hw/net/pcnet: Use qemu_log_mask(GUEST_ERROR) instead of printf
   Makefile: Let the 'clean' rule remove qemu-ga.exe on Windows hosts
   hw/sparc/leon3: Allow load of uImage firmwares

Stefan Weil (1):
   Update configure

Thomas Huth (1):
   net: Print output of "-net nic, model=help" to stdout instead of
 stderr

Wei Yang (3):
   CODING_STYLE: specify the indent rule for multiline code
   CODING_STYLE: indent example code as all others
   qom: use object_new_with_type in object_new_with_propv

  qemu-ga.texi  |  4 ++--
  configure |  5 ++---
  Makefile  | 11 +
  include/exec/cpu-common.h |  3 ---
  hw/net/pcnet.c|  4 +++-
  hw/sparc/leon3.c  |  4 
  net/net.c |  7 +++---
  qom/object.c  |  2 +-
  util/qemu-sockets.c   | 12 ++
  CODING_STYLE  | 47 +++
  10 files changed, 74 insertions(+), 25 deletions(-)

Re: [Qemu-devel] [multiprocess RFC PATCH 36/37] multi-process: add the concept description to docs/devel/qemu-multiprocess

[Jag Raman]

Hi Stefan,

Thank you very much for your feedback. Following is a summary of the
discussions our team had regarding your feedback.

On 4/25/2019 11:44 AM, Stefan Hajnoczi wrote:


Can multiple LSI SCSI controllers be launched such that each process
only has access to a subset of disk images?  Or is the disk image label
per-VM so that there is no isolation between LSI SCSI controller
processes for that VM?


Yes, it is possible to provide each process with access to a subset of
disk images. The Orchestrator (libvirt, etc.) assigns a set of MCS
Categories to each VM, then device instances can be isolated by being
assigned a subset of the VM’s Categories.



My concern with this overall approach is the practicality vs its
benefits.  Regarding practicality, each emulated device needs to be
proxied separately.  The QEMU subsystem used by the device also needs to
be proxied.  Global state, monitor commands, and live migration all
require code changes to support proxied operation.  This is very
invasive.

Then each emulated device needs an SELinux policy to achieve the
benefits of confinement.  I have no idea how to correctly write a policy
like this and it's likely that developers who contribute a single new
device will not be proficient in it either.  Writing these policies is a
rare thing and few people will be good at this.  It also makes me worry
about how we test and review them.


We also think that having an SELinux policy per device would become
complicated. Our proposal, therefore, is to define SELinux policies for
each device class - viz. disk, network, console, graphics, etc.
"fedora-selinux" upstream repo. [1] will contain these policies, so the
device developer doesn't have to worry about defining new policies for
each device. This proposal would diminish the complexity of SELinux
policies.



Despite the efforts required in making this work, all processes still
effectively have full access to the guest since they can access guest
RAM.  What I mean is that the device is actually not confined to its
host process (e.g. LSI SCSI controller process) because it can write
code to executable guest RAM pages.  The guest will then execute that
code and therefore all guest I/O (networking, disk, etc) is still
available indirectly to the "confined" processes.  They are not really
sandboxed from the outside world, regardless of how strict the SELinux
policy is :(.

There are performance issues due to proxying as well, but let's ignore
them for now and focus on security.


We are also focusing on performance. Please take a look at the following
blog for an initial report on performance. The results are for an iSCSI
backend in Oracle Cloud. We are working on collecting data on a much
heavier IOPS workload like an NVMe backend.

https://blogs.oracle.com/linux/towards-a-more-secure-qemu-hypervisor%2c-part-3-of-3-v2



How do the benefits compare against today's monolithic approach?  If the
guest exploits monolithic QEMU it has full access to all host files and
APIs available to QEMU.  However, these are largely just the resources
that belong to the guest anyway - not resources we are trying to keep
away from the guest.  With multi-process QEMU each process still has
access to all guest interfaces via the code injection I mentioned above,
but the SELinux policy could restrict access to some resources.  But
this benefit is really small in my opinion, given that the resources
belong to the guest anyway and the guest can already access them.


The primary focus of our project is to defend the host from malicious
guest. The code injection problem you outlined above involves part of
the guest attacking itself, but not the host. Therefore, this wouldn't
compromise our objective.

Like you know, there are some parts of QEMU which are not directly
accessible from the guest (via drivers, etc.), which we prefer to call
the control plane. It executes ioctls to the host kernel and has access
to a broader set of syscalls, which the device emulation code doesn’t
need. We want to protect the control plane from emulated devices. In the
case where a device injects code into the RAM to attack another device
on the same VM, the control plane would still be protected.

Another benefit with the project would be regarding detecting and
reporting failures in the emulated devices. For instance, in cases like
CVE-2018-18849, where an emulated device hangs/crashes, it wouldn't
directly crash the QEMU process as well. QEMU could detect the failure,
log the problem and exit, instead of generating coredump/hang.



I think you can implement this for a handful of devices as a one-time
thing, but the invasiveness and the impracticality of getting wide cover
of QEMU make this approach questionable.

Am I mistaken about the invasiveness or impracticality?


We are not planning to implement this for all devices since it would be
impractical. But the project adds a framework for implementing more
devices in the future.

One other thing we would 

Re: [Qemu-devel] [PATCH] pflash: Only read non-zero parts of backend image

[Laszlo Ersek]

Hi Markus,

On 05/07/19 20:01, Markus Armbruster wrote:
> The subject is slightly misleading.  Holes read as zero.  So do
> non-holes full of zeroes.  The patch avoids reading the former, but
> still reads the latter.
> 
> Xiang Zheng  writes:
> 
>> Currently we fill the memory space with two 64MB NOR images when
>> using persistent UEFI variables on virt board. Actually we only use
>> a very small(non-zero) part of the memory while the rest significant
>> large(zero) part of memory is wasted.
> 
> Neglects to mention that the "virt board" is ARM.
> 
>> So this patch checks the block status and only writes the non-zero part
>> into memory. This requires pflash devices to use sparse files for
>> backends.
> 
> I started to draft an improved commit message, but then I realized this
> patch can't work.
> 
> The pflash_cfi01 device allocates its device memory like this:
> 
> memory_region_init_rom_device(
> >mem, OBJECT(dev),
> _cfi01_ops,
> pfl,
> pfl->name, total_len, _err);
> 
> pflash_cfi02 is similar.
> 
> memory_region_init_rom_device() calls
> memory_region_init_rom_device_nomigrate() calls qemu_ram_alloc() calls
> qemu_ram_alloc_internal() calls g_malloc0().  Thus, all the device
> memory gets written to even with this patch.

As far as I can see, qemu_ram_alloc_internal() calls g_malloc0() only to
allocate the the new RAMBlock object called "new_block". The actual
guest RAM allocation occurs inside ram_block_add(), which is also called
by qemu_ram_alloc_internal().

One frame outwards the stack, qemu_ram_alloc() passes NULL to
qemu_ram_alloc_internal(), for the 4th ("host") parameter. Therefore, in
qemu_ram_alloc_internal(), we set "new_block->host" to NULL as well.

Then in ram_block_add(), we take the (!new_block->host) branch, and call
phys_mem_alloc().

Unfortunately, "phys_mem_alloc" is a function pointer, set with
phys_mem_set_alloc(). The phys_mem_set_alloc() function is called from
"target/s390x/kvm.c" (setting the function pointer to
legacy_s390_alloc()), so it doesn't apply in this case. Therefore we end
up calling the default qemu_anon_ram_alloc() function, through the
funcptr. (I think anyway.)

And qemu_anon_ram_alloc() boils down to mmap() + MAP_ANONYMOUS, in
qemu_ram_mmap(). (Even on PPC64 hosts, because qemu_anon_ram_alloc()
passes (-1) for "fd".)

I may have missed something, of course -- I obviously didn't test it,
just speculated from the source.

Thanks
Laszlo

> 
> I'm afraid you neglected to test.
> 
> I still believe this approach can be made to work.  Need a replacement
> for memory_region_init_rom_device() that uses mmap() with MAP_ANONYMOUS.
> 

Re: [Qemu-devel] [PATCH 1/9] target/ppc: Fix xvxsigdp

[Eric Blake]

On 5/6/19 7:48 PM, Anton Blanchard wrote:
> Fix a typo in xvxsigdp where we put both results into the lower
> doubleword.
> 

Just a reminder - when sending a series, it's best to have a 0/9 cover
letter with all the other patches In-Reply-To the cover. More patch
submission tips at:
https://wiki.qemu.org/Contribute/SubmitAPatch

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

[Qemu-devel] [PATCH 5/5] iotests: Let 233 run concurrently

[Max Reitz]

common.nbd's nbd_server_set_tcp_port() tries to find a free port, and
then uses it for the whole test run.  However, this is racey because
even if the port was free at the beginning, there is no guarantee it
will continue to be available.  Therefore, 233 currently cannot reliably
be run concurrently with other NBD TCP tests.

This patch addresses the problem by dropping nbd_server_set_tcp_port(),
and instead finding a new port every time nbd_server_start_tcp_socket()
is invoked.  For this, we run qemu-nbd with --fork and on error evaluate
the output to see whether it contains "Address already in use".  If so,
we try the next port.

On success, we still want to continually redirect the output from
qemu-nbd to stderr.  To achieve both, we redirect qemu-nbd's stderr to a
FIFO that we then open in bash.  If the parent process exits with status
0 (which means that the server has started successfully), we launch a
background cat process that copies the FIFO to stderr.  On failure, we
read the whole content into a variable and then evaluate it.

While at it, use --fork in nbd_server_start_unix_socket(), too.  Doing
so allows us to drop nbd_server_wait_for_*_socket().

Note that the reason common.nbd did not use --fork before is that
qemu-nbd did not have --pid-file.

Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/233|  1 -
 tests/qemu-iotests/common.nbd | 93 ---
 2 files changed, 42 insertions(+), 52 deletions(-)

diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233
index b8b6c8cc4c..8682ea277c 100755
--- a/tests/qemu-iotests/233
+++ b/tests/qemu-iotests/233
@@ -50,7 +50,6 @@ _supported_proto file
 _supported_os Linux
 _require_command QEMU_NBD
 
-nbd_server_set_tcp_port
 tls_x509_init
 
 echo
diff --git a/tests/qemu-iotests/common.nbd b/tests/qemu-iotests/common.nbd
index 25fc9ffaa4..e003478a57 100644
--- a/tests/qemu-iotests/common.nbd
+++ b/tests/qemu-iotests/common.nbd
@@ -22,6 +22,11 @@
 nbd_unix_socket="${TEST_DIR}/qemu-nbd.sock"
 nbd_tcp_addr="127.0.0.1"
 nbd_pid_file="${TEST_DIR}/qemu-nbd.pid"
+nbd_stderr_fifo="${TEST_DIR}/qemu-nbd.fifo"
+
+# If bash version is >= 4.1, this will be overwritten by a dynamically
+# assigned file descriptor value.
+nbd_fifo_fd=10
 
 nbd_server_stop()
 {
@@ -34,76 +39,62 @@ nbd_server_stop()
 fi
 fi
 rm -f "$nbd_unix_socket"
-}
-
-nbd_server_wait_for_unix_socket()
-{
-pid=$1
-
-for ((i = 0; i < 300; i++))
-do
-if [ -r "$nbd_unix_socket" ]; then
-return
-fi
-kill -s 0 $pid 2>/dev/null
-if test $? != 0
-then
-echo "qemu-nbd unexpectedly quit"
-exit 1
-fi
-sleep 0.1
-done
-echo "Failed in check of unix socket created by qemu-nbd"
-exit 1
+rm -f "$nbd_stderr_fifo"
 }
 
 nbd_server_start_unix_socket()
 {
 nbd_server_stop
-$QEMU_NBD -v -t -k "$nbd_unix_socket" "$@" &
-nbd_server_wait_for_unix_socket $!
+$QEMU_NBD -v -t -k "$nbd_unix_socket" --fork "$@"
 }
 
-nbd_server_set_tcp_port()
+nbd_server_start_tcp_socket()
 {
-(ss --help) >/dev/null 2>&1 || _notrun "ss utility not found, skipping 
test"
+nbd_server_stop
 
+mkfifo "$nbd_stderr_fifo"
 for ((port = 10809; port <= 10909; port++))
 do
-if ! ss -tln | grep -sqE ":$port\b"; then
+# Redirect stderr to FIFO, so we can later decide whether we
+# want to read it or to redirect it to our stderr, depending
+# on whether the command fails or not
+$QEMU_NBD -v -t -b $nbd_tcp_addr -p $port --fork "$@" \
+2> "$nbd_stderr_fifo" &
+
+# Taken from common.qemu
+if [[ "${BASH_VERSINFO[0]}" -ge "5" ||
+("${BASH_VERSINFO[0]}" -ge "4" && "${BASH_VERSINFO[1]}" -ge "1") ]]
+then
+exec {nbd_fifo_fd}<"$nbd_stderr_fifo"
+else
+let _nbd_fifo_fd++
+eval "exec ${_nbd_fifo_fd}<'$nbd_stderr_fifo'"
+fi
+wait $!
+
+if test $? == 0
+then
+# Success, redirect qemu-nbd's stderr to our stderr
 nbd_tcp_port=$port
+(cat <&$nbd_fifo_fd >&2) &
+eval "exec $nbd_fifo_fd>&-"
 return
 fi
-done
 
-echo "Cannot find free TCP port for nbd in range 10809-10909"
-exit 1
-}
-
-nbd_server_wait_for_tcp_socket()
-{
-pid=$1
+# Failure, read the output
+output=$(cat <&$nbd_fifo_fd)
+eval "exec $nbd_fifo_fd>&-"
 
-for ((i = 0; i < 300; i++))
-do
-if ss -tln | grep -sqE ":$nbd_tcp_port\b"; then
-return
-fi
-kill -s 0 $pid 2>/dev/null
-if test $? != 0
+if ! echo "$output" | grep -q "Address already in use"
 then
-echo "qemu-nbd unexpectedly quit"
+# Unknown error, print it
+echo "$output" >&2
+rm -f "$nbd_stderr_fifo"
 exit 1
 fi
-sleep 0.1
 done
-