RE: [RFC PATCH v3 6/9] hw/arm/virt-acpi-build: Use possible cpus in generation of MADT

[Salil Mehta]

> From: Qemu-arm [mailto:qemu-arm-bounces+salil.mehta=huawei@nongnu.org]
> On Behalf Of Yanan Wang
> Sent: Sunday, May 16, 2021 11:29 AM
> To: Peter Maydell ; Andrew Jones
> ; Michael S . Tsirkin ; Igor Mammedov
> ; Shannon Zhao ; Alistair
> Francis ; David Gibson
> ; qemu-devel@nongnu.org; qemu-...@nongnu.org
> Cc: Song Bao Hua (Barry Song) ; zhukeqian
> ; yangyicong ; Zengtao (B)
> ; Wanghaibin (D) ;
> yuzenghui ; Paolo Bonzini ;
> Philippe Mathieu-Daudé 
> Subject: [RFC PATCH v3 6/9] hw/arm/virt-acpi-build: Use possible cpus in
> generation of MADT
> 
> When building ACPI tables regarding CPUs we should always build
> them for the number of possible CPUs, not the number of present
> CPUs. So we create gicc nodes in MADT for possible cpus and then
> ensure only the present CPUs are marked ENABLED. Furthermore, it
> also needed if we are going to support CPU hotplug in the future.

Hi Yanan,
Yes, these changes are part of the QEMU patch-set I floated last year.

Link: https://www.mail-archive.com/qemu-devel@nongnu.org/msg712018.html


Perhaps I am missing something, but how this patch is related to the vcpu
topology support?

Thanks

> 
> Co-developed-by: Andrew Jones 
> Signed-off-by: Andrew Jones 
> Co-developed-by: Ying Fang 
> Signed-off-by: Ying Fang 
> Co-developed-by: Yanan Wang 
> Signed-off-by: Yanan Wang 
> ---
>  hw/arm/virt-acpi-build.c | 29 +
>  1 file changed, 25 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
> index a2d8e87616..4d64aeb865 100644
> --- a/hw/arm/virt-acpi-build.c
> +++ b/hw/arm/virt-acpi-build.c
> @@ -481,6 +481,9 @@ build_madt(GArray *table_data, BIOSLinker *linker,
> VirtMachineState *vms)
>  const int *irqmap = vms->irqmap;
>  AcpiMadtGenericDistributor *gicd;
>  AcpiMadtGenericMsiFrame *gic_msi;
> +MachineClass *mc = MACHINE_GET_CLASS(vms);
> +const CPUArchIdList *possible_cpus =
> mc->possible_cpu_arch_ids(MACHINE(vms));
> +bool pmu;
>  int i;
> 
>  acpi_data_push(table_data, sizeof(AcpiMultipleApicTable));
> @@ -491,11 +494,21 @@ build_madt(GArray *table_data, BIOSLinker *linker,
> VirtMachineState *vms)
>  gicd->base_address = cpu_to_le64(memmap[VIRT_GIC_DIST].base);
>  gicd->version = vms->gic_version;
> 
> -for (i = 0; i < MACHINE(vms)->smp.cpus; i++) {
> +for (i = 0; i < possible_cpus->len; i++) {
>  AcpiMadtGenericCpuInterface *gicc = acpi_data_push(table_data,
> sizeof(*gicc));
>  ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(i));
> 
> +/*
> + * PMU should have been either implemented for all CPUs or not,
> + * so we only get information from the first CPU, which could
> + * represent the others.
> + */
> +if (i == 0) {
> +pmu = arm_feature(&armcpu->env, ARM_FEATURE_PMU);
> +}
> +assert(!armcpu || arm_feature(&armcpu->env, ARM_FEATURE_PMU) == pmu);
> +
>  gicc->type = ACPI_APIC_GENERIC_CPU_INTERFACE;
>  gicc->length = sizeof(*gicc);
>  if (vms->gic_version == 2) {
> @@ -504,11 +517,19 @@ build_madt(GArray *table_data, BIOSLinker *linker,
> VirtMachineState *vms)
>  gicc->gicv_base_address =
> cpu_to_le64(memmap[VIRT_GIC_VCPU].base);
>  }
>  gicc->cpu_interface_number = cpu_to_le32(i);
> -gicc->arm_mpidr = cpu_to_le64(armcpu->mp_affinity);
> +gicc->arm_mpidr = cpu_to_le64(possible_cpus->cpus[i].arch_id);
>  gicc->uid = cpu_to_le32(i);
> -gicc->flags = cpu_to_le32(ACPI_MADT_GICC_ENABLED);
> 
> -if (arm_feature(&armcpu->env, ARM_FEATURE_PMU)) {
> +/*
> + * ACPI spec says that LAPIC entry for non present CPU may be
> + * omitted from MADT or it must be marked as disabled. Here we
> + * choose to also keep the disabled ones in MADT.
> + */
> +if (possible_cpus->cpus[i].cpu != NULL) {
> +gicc->flags = cpu_to_le32(ACPI_MADT_GICC_ENABLED);
> +}
> +
> +if (pmu) {
>  gicc->performance_interrupt = cpu_to_le32(PPI(VIRTUAL_PMU_IRQ));
>  }
>  if (vms->virt) {
> --
> 2.19.1
> 

Re: [PATCH 08/21] block/backup: stricter backup_calculate_cluster_size()

[Max Reitz]

On 17.05.21 08:44, Vladimir Sementsov-Ogievskiy wrote:

No reason to tolerate bdrv_get_info() errors except for ENOTSUP. Let's
just error-out, it's simpler and safer.


Hm, doesn’t look that much simpler to me.  Not sure how much safer it 
is, because the point was that in the target_does_cow case, we would 
like a cluster size hint, but it isn’t necessary.  So if we don’t get 
one, regardless of the reason, we use the default cluster size.  I don’t 
know why ENOTSUP should be treated in a special way there.


So I don’t know.

Max


Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
  block/backup.c | 14 +-
  1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/block/backup.c b/block/backup.c
index fe685e411b..fe7a1f1e37 100644
--- a/block/backup.c
+++ b/block/backup.c
@@ -367,7 +367,10 @@ static int64_t 
backup_calculate_cluster_size(BlockDriverState *target,
   * targets with a backing file, try to avoid COW if possible.
   */
  ret = bdrv_get_info(target, &bdi);
-if (ret == -ENOTSUP && !target_does_cow) {
+if (ret < 0 && ret != -ENOTSUP) {
+error_setg_errno(errp, -ret, "Failed to get target info");
+return ret;
+} else if (ret == -ENOTSUP && !target_does_cow) {
  /* Cluster size is not defined */
  warn_report("The target block device doesn't provide "
  "information about the block size and it doesn't have a "
@@ -376,14 +379,7 @@ static int64_t 
backup_calculate_cluster_size(BlockDriverState *target,
  "this default, the backup may be unusable",
  BACKUP_CLUSTER_SIZE_DEFAULT);
  return BACKUP_CLUSTER_SIZE_DEFAULT;
-} else if (ret < 0 && !target_does_cow) {
-error_setg_errno(errp, -ret,
-"Couldn't determine the cluster size of the target image, "
-"which has no backing file");
-error_append_hint(errp,
-"Aborting, since this may create an unusable destination image\n");
-return ret;
-} else if (ret < 0 && target_does_cow) {
+} else if (ret == -ENOTSUP && target_does_cow) {
  /* Not fatal; just trudge on ahead. */
  return BACKUP_CLUSTER_SIZE_DEFAULT;
  }

Re: [PATCH v5 1/1] docs/devel: Add VFIO device migration documentation

[Tarun Gupta (SW-GPU)]

Hi Alex, Cornelia,

Just wanted to confirm that this patch will be pulled in QEMU 6.1, right?

Thanks,
Tarun

On 4/18/2021 5:52 PM, Tarun Gupta wrote:

Document interfaces used for VFIO device migration. Added flow of state changes
during live migration with VFIO device.

Reviewed-by: Cornelia Huck 
Co-developed-by: Kirti Wankhede 
Signed-off-by: Kirti Wankhede 
Signed-off-by: Tarun Gupta 
---
Tested by building docs with new vfio-migration.rst file

v5:
- Fixed meta issues in commit message

v4:
- Added info about vfio_listener_log_global_[start|stop]
- Added info about `save_state` callback.
- Incorporated comments from v3.

v3:
- Add introductory line about VM migration in general.
- Remove occurcences of vfio_pin_pages() to describe pinning.
- Incorporated comments from v2

v2:
- Included the new vfio-migration.rst file in index.rst
- Updated dirty page tracking section, also added details about
   'pre-copy-dirty-page-tracking' opt-out option.
- Incorporated comments around wording of doc.

---
  MAINTAINERS   |   1 +
  docs/devel/index.rst  |   1 +
  docs/devel/vfio-migration.rst | 150 ++
  3 files changed, 152 insertions(+)
  create mode 100644 docs/devel/vfio-migration.rst

diff --git a/MAINTAINERS b/MAINTAINERS
index 36055f14c5..dea85faccf 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1823,6 +1823,7 @@ S: Supported
  F: hw/vfio/*
  F: include/hw/vfio/
  F: docs/igd-assign.txt
+F: docs/devel/vfio-migration.rst
  
  vfio-ccw

  M: Cornelia Huck 
diff --git a/docs/devel/index.rst b/docs/devel/index.rst
index 6cf7e2d233..e6e4f7907e 100644
--- a/docs/devel/index.rst
+++ b/docs/devel/index.rst
@@ -42,3 +42,4 @@ Contents:
 qom
 block-coroutine-wrapper
 multi-process
+   vfio-migration
diff --git a/docs/devel/vfio-migration.rst b/docs/devel/vfio-migration.rst
new file mode 100644
index 00..9ff6163c88
--- /dev/null
+++ b/docs/devel/vfio-migration.rst
@@ -0,0 +1,150 @@
+=
+VFIO device Migration
+=
+
+Migration of virtual machine involves saving the state for each device that
+the guest is running on source host and restoring this saved state on the
+destination host. This document details how saving and restoring of VFIO
+devices is done in QEMU.
+
+Migration of VFIO devices consists of two phases: the optional pre-copy phase,
+and the stop-and-copy phase. The pre-copy phase is iterative and allows to
+accommodate VFIO devices that have a large amount of data that needs to be
+transferred. The iterative pre-copy phase of migration allows for the guest to
+continue whilst the VFIO device state is transferred to the destination, this
+helps to reduce the total downtime of the VM. VFIO devices can choose to skip
+the pre-copy phase of migration by returning pending_bytes as zero during the
+pre-copy phase.
+
+A detailed description of the UAPI for VFIO device migration can be found in
+the comment for the ``vfio_device_migration_info`` structure in the header
+file linux-headers/linux/vfio.h.
+
+VFIO implements the device hooks for the iterative approach as follows:
+
+* A ``save_setup`` function that sets up the migration region and sets _SAVING
+  flag in the VFIO device state.
+
+* A ``load_setup`` function that sets up the migration region on the
+  destination and sets _RESUMING flag in the VFIO device state.
+
+* A ``save_live_pending`` function that reads pending_bytes from the vendor
+  driver, which indicates the amount of data that the vendor driver has yet to
+  save for the VFIO device.
+
+* A ``save_live_iterate`` function that reads the VFIO device's data from the
+  vendor driver through the migration region during iterative phase.
+
+* A ``save_state`` function to save the device config space if it is present.
+
+* A ``save_live_complete_precopy`` function that resets _RUNNING flag from the
+  VFIO device state and iteratively copies the remaining data for the VFIO
+  device until the vendor driver indicates that no data remains (pending bytes
+  is zero).
+
+* A ``load_state`` function that loads the config section and the data
+  sections that are generated by the save functions above
+
+* ``cleanup`` functions for both save and load that perform any migration
+  related cleanup, including unmapping the migration region
+
+
+The VFIO migration code uses a VM state change handler to change the VFIO
+device state when the VM state changes from running to not-running, and
+vice versa.
+
+Similarly, a migration state change handler is used to trigger a transition of
+the VFIO device state when certain changes of the migration state occur. For
+example, the VFIO device state is transitioned back to _RUNNING in case a
+migration failed or was canceled.
+
+System memory dirty pages tracking
+--
+
+A ``log_global_start`` and ``log_global_stop`` memory listener callback informs
+the VFIO IOMMU module to start and stop dirty page tracking. A ``log_sync``

Re: [PATCH 1/3] pc-bios/s390-ccw: Fix inline assembly for older versions of Clang

[Philippe Mathieu-Daudé]

On 5/17/21 6:14 PM, Cornelia Huck wrote:
> On Wed, 12 May 2021 19:15:48 +0200
> Thomas Huth  wrote:
> 
>> Clang versions before v11.0 insist on having the %rX or %cX register
>> names instead of just a number. Since our Travis-CI is currently
>> still using Clang v6.0, we have to fix this to avoid failing jobs.
>>
>> Signed-off-by: Thomas Huth 
>> ---
>>  pc-bios/s390-ccw/helper.h   | 2 +-
>>  pc-bios/s390-ccw/jump2ipl.c | 4 ++--
>>  pc-bios/s390-ccw/menu.c | 8 
>>  pc-bios/s390-ccw/virtio.c   | 2 +-
>>  4 files changed, 8 insertions(+), 8 deletions(-)
>>
>> diff --git a/pc-bios/s390-ccw/helper.h b/pc-bios/s390-ccw/helper.h
>> index dfcfea0ff0..3d0731c4c6 100644
>> --- a/pc-bios/s390-ccw/helper.h
>> +++ b/pc-bios/s390-ccw/helper.h
>> @@ -31,7 +31,7 @@ static inline void *u32toptr(uint32_t n)
>>  
>>  static inline void yield(void)
>>  {
>> -asm volatile ("diag 0,0,0x44"
>> +asm volatile ("diag %%r0,%%r0,0x44"
>>: :
>>: "memory", "cc");
>>  }
> 
> Sigh, this really looks uglier, but if it pleases the compiler...

Personally I find it easier to read, it makes obvious we are
accessing a register, not using an immediate value.

Re: [PATCH 3/3] pc-bios/s390-ccw: Add a proper prototype for main()

[Philippe Mathieu-Daudé]

On 5/14/21 12:09 PM, Thomas Huth wrote:
> On 12/05/2021 21.54, Philippe Mathieu-Daudé wrote:
>> On 5/12/21 7:15 PM, Thomas Huth wrote:
>>> Older versions of Clang complain if there is no prototype for main().
>>> Add one, and while we're at it, make sure that we use the same type
>>> for main.c and netmain.c - since the return value does not matter,
>>> declare the return type of main() as "void".
>>>
>>> Signed-off-by: Thomas Huth 
>>> ---
>>>   pc-bios/s390-ccw/main.c | 3 +--
>>>   pc-bios/s390-ccw/s390-ccw.h | 1 +
>>>   2 files changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
>>> index 5d2b7ba94d..835341457d 100644
>>> --- a/pc-bios/s390-ccw/main.c
>>> +++ b/pc-bios/s390-ccw/main.c
>>> @@ -281,7 +281,7 @@ static void probe_boot_device(void)
>>>   sclp_print("Could not find a suitable boot device (none
>>> specified)\n");
>>>   }
>>>   -int main(void)
>>> +void main(void)
>>>   {
>>>   sclp_setup();
>>>   css_setup();
>>> @@ -294,5 +294,4 @@ int main(void)
>>>   }
>>>     panic("Failed to load OS from hard disk\n");
>>> -    return 0; /* make compiler happy */
>>>   }
>>> diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
>>> index 79db69ff54..b88e0550ab 100644
>>> --- a/pc-bios/s390-ccw/s390-ccw.h
>>> +++ b/pc-bios/s390-ccw/s390-ccw.h
>>> @@ -57,6 +57,7 @@ void write_subsystem_identification(void);
>>>   void write_iplb_location(void);
>>>   extern char stack[PAGE_SIZE * 8]
>>> __attribute__((__aligned__(PAGE_SIZE)));
>>>   unsigned int get_loadparm_index(void);
>>> +void main(void);
>>
>> Can we keep the forward declaration in the source?
> 
> There are two main() functions, one in main.c and one in netmain.c,
> that's why I think it's better to declare the prototype only in one
> place, i.e. in a header?

Since it is a kludge to make the compiler happy, I'd rather keep
it local, but I don't mind much :)

Re: [PATCH v12 5/8] arm64: kvm: Save/restore MTE registers

[Marc Zyngier]

On Mon, 17 May 2021 13:32:36 +0100,
Steven Price  wrote:
> 
> Define the new system registers that MTE introduces and context switch
> them. The MTE feature is still hidden from the ID register as it isn't
> supported in a VM yet.
> 
> Signed-off-by: Steven Price 
> ---
>  arch/arm64/include/asm/kvm_host.h  |  6 ++
>  arch/arm64/include/asm/kvm_mte.h   | 66 ++
>  arch/arm64/include/asm/sysreg.h|  3 +-
>  arch/arm64/kernel/asm-offsets.c|  3 +
>  arch/arm64/kvm/hyp/entry.S |  7 +++
>  arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 21 +++
>  arch/arm64/kvm/sys_regs.c  | 22 ++--
>  7 files changed, 123 insertions(+), 5 deletions(-)
>  create mode 100644 arch/arm64/include/asm/kvm_mte.h
> 
> diff --git a/arch/arm64/include/asm/kvm_host.h 
> b/arch/arm64/include/asm/kvm_host.h
> index afaa5333f0e4..309e36cc1b42 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -208,6 +208,12 @@ enum vcpu_sysreg {
>   CNTP_CVAL_EL0,
>   CNTP_CTL_EL0,
>  
> + /* Memory Tagging Extension registers */
> + RGSR_EL1,   /* Random Allocation Tag Seed Register */
> + GCR_EL1,/* Tag Control Register */
> + TFSR_EL1,   /* Tag Fault Status Register (EL1) */
> + TFSRE0_EL1, /* Tag Fault Status Register (EL0) */
> +
>   /* 32bit specific registers. Keep them at the end of the range */
>   DACR32_EL2, /* Domain Access Control Register */
>   IFSR32_EL2, /* Instruction Fault Status Register */
> diff --git a/arch/arm64/include/asm/kvm_mte.h 
> b/arch/arm64/include/asm/kvm_mte.h
> new file mode 100644
> index ..6541c7d6ce06
> --- /dev/null
> +++ b/arch/arm64/include/asm/kvm_mte.h
> @@ -0,0 +1,66 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Copyright (C) 2020 ARM Ltd.
> + */
> +#ifndef __ASM_KVM_MTE_H
> +#define __ASM_KVM_MTE_H
> +
> +#ifdef __ASSEMBLY__
> +
> +#include 
> +
> +#ifdef CONFIG_ARM64_MTE
> +
> +.macro mte_switch_to_guest g_ctxt, h_ctxt, reg1
> +alternative_if_not ARM64_MTE
> + b   .L__skip_switch\@
> +alternative_else_nop_endif
> + mrs \reg1, hcr_el2
> + and \reg1, \reg1, #(HCR_ATA)
> + cbz \reg1, .L__skip_switch\@
> +
> + mrs_s   \reg1, SYS_RGSR_EL1
> + str \reg1, [\h_ctxt, #CPU_RGSR_EL1]
> + mrs_s   \reg1, SYS_GCR_EL1
> + str \reg1, [\h_ctxt, #CPU_GCR_EL1]
> +
> + ldr \reg1, [\g_ctxt, #CPU_RGSR_EL1]
> + msr_s   SYS_RGSR_EL1, \reg1
> + ldr \reg1, [\g_ctxt, #CPU_GCR_EL1]
> + msr_s   SYS_GCR_EL1, \reg1
> +
> +.L__skip_switch\@:
> +.endm
> +
> +.macro mte_switch_to_hyp g_ctxt, h_ctxt, reg1
> +alternative_if_not ARM64_MTE
> + b   .L__skip_switch\@
> +alternative_else_nop_endif
> + mrs \reg1, hcr_el2
> + and \reg1, \reg1, #(HCR_ATA)
> + cbz \reg1, .L__skip_switch\@
> +
> + mrs_s   \reg1, SYS_RGSR_EL1
> + str \reg1, [\g_ctxt, #CPU_RGSR_EL1]
> + mrs_s   \reg1, SYS_GCR_EL1
> + str \reg1, [\g_ctxt, #CPU_GCR_EL1]
> +
> + ldr \reg1, [\h_ctxt, #CPU_RGSR_EL1]
> + msr_s   SYS_RGSR_EL1, \reg1
> + ldr \reg1, [\h_ctxt, #CPU_GCR_EL1]
> + msr_s   SYS_GCR_EL1, \reg1

What is the rational for not having any synchronisation here? It is
quite uncommon to allocate memory at EL2, but VHE can perform all kind
of tricks.

> +
> +.L__skip_switch\@:
> +.endm
> +
> +#else /* CONFIG_ARM64_MTE */
> +
> +.macro mte_switch_to_guest g_ctxt, h_ctxt, reg1
> +.endm
> +
> +.macro mte_switch_to_hyp g_ctxt, h_ctxt, reg1
> +.endm
> +
> +#endif /* CONFIG_ARM64_MTE */
> +#endif /* __ASSEMBLY__ */
> +#endif /* __ASM_KVM_MTE_H */
> diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
> index 65d15700a168..347ccac2341e 100644
> --- a/arch/arm64/include/asm/sysreg.h
> +++ b/arch/arm64/include/asm/sysreg.h
> @@ -651,7 +651,8 @@
>  
>  #define INIT_SCTLR_EL2_MMU_ON
> \
>   (SCTLR_ELx_M  | SCTLR_ELx_C | SCTLR_ELx_SA | SCTLR_ELx_I |  \
> -  SCTLR_ELx_IESB | SCTLR_ELx_WXN | ENDIAN_SET_EL2 | SCTLR_EL2_RES1)
> +  SCTLR_ELx_IESB | SCTLR_ELx_WXN | ENDIAN_SET_EL2 |  \
> +  SCTLR_ELx_ITFSB | SCTLR_EL2_RES1)
>  
>  #define INIT_SCTLR_EL2_MMU_OFF \
>   (SCTLR_EL2_RES1 | ENDIAN_SET_EL2)
> diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c
> index 0cb34ccb6e73..6b489a8462f0 100644
> --- a/arch/arm64/kernel/asm-offsets.c
> +++ b/arch/arm64/kernel/asm-offsets.c
> @@ -111,6 +111,9 @@ int main(void)
>DEFINE(VCPU_WORKAROUND_FLAGS,  offsetof(struct kvm_vcpu, 
> arch.workaround_flags));
>DEFINE(VCPU_HCR_EL2,   offsetof(struct kvm_vcpu, 
> arch.hcr_el2));
>DEFINE(CPU_USER_PT_REGS,   offsetof(struct kvm_cpu_context, regs));
> +  DEFINE(CPU_RGSR_EL1,   offsetof(struct kvm_cpu_context, 
> sys_regs[RGSR_EL1]));
> +  DEFINE(CPU_GCR_EL1,   

Re: Best approach for supporting snapshots for QEMU's gdbstub?

[Luis Machado]

Hi,

On 5/14/21 1:06 PM, Alex Bennée wrote:

Hi,

I've been playing around with QEMU's reverse debugging support which
I have working with Pavel's latest patches for supporting virtio with
record/replay. Once you get the right command line it works well enough
although currently each step backwards requires replaying the entire
execution history until you get to the right point.

QEMU can quite easily snapshot the entire VM state so I was looking to
see what the best way to integrate this would be. As far as I can tell
there are two interfaces gdb supports: bookmarks and checkpoints.

As far as I can tell bookmarks where added as part of GDB's reverse
debugging support but attempting to use them from the gdbstub reports:

   (gdb) bookmark
   You can't do that when your target is `remote'

so I guess that would need an extension to the stub protocol to support?



Right. We don't support reverse step/next/continue for remote targets. I 
think this would be the most appropriate way to implement this feature 
in GDB. But it is not trivial.



The other option I found was checkpoints which seem to predate support
for reverse debugging. However:

   (gdb) checkpoint
   checkpoint: can't find fork function in inferior.

I couldn't tell what feature needs to be negotiated but I suspect it's
something like fork-events if the checkpoint mechanism is designed for
user space with a fork/freeze approach.


Checkpoints are an old mechanism for saving a snapshot from a process, 
but they don't support threaded inferiors and they need to be able to 
call fork.




We could of course just add a custom monitor command like the
qemu.sstep= command which could be used manually. However that would be
a QEMU gdbstub specific approach.


That would be an easy and quick way to allow GDB to control things in 
QEMU, but I wouldn't say it is the best. Monitor commands are basically 
a bypass of the RSP where GDB sends/receives commands to/from the remote 
target.




The other thing would be to be more intelligent on QEMU's side and save
snapshots each time we hit an event, for example each time we hit a
given breakpoint. However I do worry that might lead to snapshots
growing quite quickly.


GDB would need to be aware of such snapshots for them to be useful. 
Otherwise GDB wouldn't be able to use them to restore state.




Any thoughts/suggestions?

Re: [PATCH v12 4/8] arm64: kvm: Introduce MTE VM feature

[Marc Zyngier]

On Mon, 17 May 2021 13:32:35 +0100,
Steven Price  wrote:
> 
> Add a new VM feature 'KVM_ARM_CAP_MTE' which enables memory tagging
> for a VM. This will expose the feature to the guest and automatically
> tag memory pages touched by the VM as PG_mte_tagged (and clear the tag
> storage) to ensure that the guest cannot see stale tags, and so that
> the tags are correctly saved/restored across swap.
> 
> Actually exposing the new capability to user space happens in a later
> patch.

uber nit in $SUBJECT: "KVM: arm64:" is the preferred prefix (just like
patches 7 and 8).

> 
> Signed-off-by: Steven Price 
> ---
>  arch/arm64/include/asm/kvm_emulate.h |  3 +++
>  arch/arm64/include/asm/kvm_host.h|  3 +++
>  arch/arm64/kvm/hyp/exception.c   |  3 ++-
>  arch/arm64/kvm/mmu.c | 37 +++-
>  arch/arm64/kvm/sys_regs.c|  3 +++
>  include/uapi/linux/kvm.h |  1 +
>  6 files changed, 48 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm64/include/asm/kvm_emulate.h 
> b/arch/arm64/include/asm/kvm_emulate.h
> index f612c090f2e4..6bf776c2399c 100644
> --- a/arch/arm64/include/asm/kvm_emulate.h
> +++ b/arch/arm64/include/asm/kvm_emulate.h
> @@ -84,6 +84,9 @@ static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu)
>   if (cpus_have_const_cap(ARM64_MISMATCHED_CACHE_TYPE) ||
>   vcpu_el1_is_32bit(vcpu))
>   vcpu->arch.hcr_el2 |= HCR_TID2;
> +
> + if (kvm_has_mte(vcpu->kvm))
> + vcpu->arch.hcr_el2 |= HCR_ATA;
>  }
>  
>  static inline unsigned long *vcpu_hcr(struct kvm_vcpu *vcpu)
> diff --git a/arch/arm64/include/asm/kvm_host.h 
> b/arch/arm64/include/asm/kvm_host.h
> index 7cd7d5c8c4bc..afaa5333f0e4 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -132,6 +132,8 @@ struct kvm_arch {
>  
>   u8 pfr0_csv2;
>   u8 pfr0_csv3;
> + /* Memory Tagging Extension enabled for the guest */
> + bool mte_enabled;
>  };
>  
>  struct kvm_vcpu_fault_info {
> @@ -769,6 +771,7 @@ bool kvm_arm_vcpu_is_finalized(struct kvm_vcpu *vcpu);
>  #define kvm_arm_vcpu_sve_finalized(vcpu) \
>   ((vcpu)->arch.flags & KVM_ARM64_VCPU_SVE_FINALIZED)
>  
> +#define kvm_has_mte(kvm) (system_supports_mte() && (kvm)->arch.mte_enabled)
>  #define kvm_vcpu_has_pmu(vcpu)   \
>   (test_bit(KVM_ARM_VCPU_PMU_V3, (vcpu)->arch.features))
>  
> diff --git a/arch/arm64/kvm/hyp/exception.c b/arch/arm64/kvm/hyp/exception.c
> index 73629094f903..56426565600c 100644
> --- a/arch/arm64/kvm/hyp/exception.c
> +++ b/arch/arm64/kvm/hyp/exception.c
> @@ -112,7 +112,8 @@ static void enter_exception64(struct kvm_vcpu *vcpu, 
> unsigned long target_mode,
>   new |= (old & PSR_C_BIT);
>   new |= (old & PSR_V_BIT);
>  
> - // TODO: TCO (if/when ARMv8.5-MemTag is exposed to guests)
> + if (kvm_has_mte(vcpu->kvm))
> + new |= PSR_TCO_BIT;
>  
>   new |= (old & PSR_DIT_BIT);
>  
> diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
> index c5d1f3c87dbd..8660f6a03f51 100644
> --- a/arch/arm64/kvm/mmu.c
> +++ b/arch/arm64/kvm/mmu.c
> @@ -822,6 +822,31 @@ transparent_hugepage_adjust(struct kvm_memory_slot 
> *memslot,
>   return PAGE_SIZE;
>  }
>  
> +static int sanitise_mte_tags(struct kvm *kvm, unsigned long size,
> +  kvm_pfn_t pfn)

Nit: please order the parameters as address, then size.

> +{
> + if (kvm_has_mte(kvm)) {
> + /*
> +  * The page will be mapped in stage 2 as Normal Cacheable, so
> +  * the VM will be able to see the page's tags and therefore
> +  * they must be initialised first. If PG_mte_tagged is set,
> +  * tags have already been initialised.
> +  */
> + unsigned long i, nr_pages = size >> PAGE_SHIFT;
> + struct page *page = pfn_to_online_page(pfn);
> +
> + if (!page)
> + return -EFAULT;

Under which circumstances can this happen? We already have done a GUP
on the page, so I really can't see how the page can vanish from under
our feet.

> +
> + for (i = 0; i < nr_pages; i++, page++) {
> + if (!test_and_set_bit(PG_mte_tagged, &page->flags))
> + mte_clear_page_tags(page_address(page));

You seem to be doing this irrespective of the VMA being created with
PROT_MTE. This is fine form a guest perspective (all its memory should
be MTE capable). However, I can't see any guarantee that the VMM will
actually allocate memslots with PROT_MTE.

Aren't we missing some sanity checks at memslot registration time?

> + }
> + }
> +
> + return 0;
> +}
> +
>  static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
> struct kvm_memory_slot *memslot, unsigned long hva,
> unsigned long fault_status)
> @@ -971,8 +996,13 @@ static int user_mem_a

Re: [PATCH] fdc: check drive block device before usage (CVE-2021-20196)

[John Snow]

On 5/17/21 7:12 AM, P J P wrote:

+-- On Sat, 15 May 2021, Philippe Mathieu-Daudé wrote --+
| This patch misses the qtest companion with the reproducer
| provided by Alexander.

Do we need a revised patch[-series] including a qtest? OR it can be done at
merge time?

Thank you.
--
  - P J P
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D



Unknown, haven't dug into this patch and problem yet.

If you have the time to write a qtest reproducer, you can send it 
separately and I'll pick it up if everything looks correct.


Sorry for the FDC/ATA delays. Working on it.

(...Maintainers wanted!)

--js

Re: [PATCH 07/21] block-copy: always set BDRV_REQ_SERIALISING flag

[Max Reitz]

On 17.05.21 08:44, Vladimir Sementsov-Ogievskiy wrote:

It won't hurt in common case, so let's not bother with detecting image
fleecing.

Also, we want to simplify initialization interface of copy-before-write
filter as we are going to make it public.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
  block/copy-before-write.h  |  2 +-
  include/block/block-copy.h |  3 +--
  block/backup.c | 20 +---
  block/block-copy.c | 29 ++---
  block/copy-before-write.c  |  4 ++--
  5 files changed, 31 insertions(+), 27 deletions(-)


Reviewed-by: Max Reitz 

Re: [PATCH v3 6/9] qapi: normalize 'if' condition to IfPredicate tree

[John Snow]

On 5/17/21 7:18 AM, Marc-André Lureau wrote:



'if': 'COND'
'if': ['COND']
'if': { 'any': ['COND'] }


Actually, a simple list is short form for { 'all': [] }


Typo on my part. It maintains compatibility with what it used to mean, 
so it's good.


I wonder if we want *three* forms available directly in the schema. Can 
we condense it back down to two somehow? Could we possibly remove the 
list-less form?


(The less forms we have, the easier it is to offer e.g. intellisense 
plugins for vscode and things of that nature, which is something I have 
an interest in to improve the usability of the generator for 
contributors who are less invested in the QAPI subsystem.)


--js

Re: [PATCH v2] vhost-vdpa: Remove redundant declaration of address_space_memory

[Stefano Garzarella]

On Mon, May 17, 2021 at 08:32:46PM +0800, Xie Yongji wrote:

The symbol address_space_memory are already declared in
include/exec/address-spaces.h. So let's add this header file
and remove the redundant declaration in include/hw/virtio/vhost-vdpa.h.

Signed-off-by: Xie Yongji 
Reviewed-by: Philippe Mathieu-Daudé 
---
hw/virtio/vhost-vdpa.c | 1 +
include/hw/virtio/vhost-vdpa.h | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index 8f2fb9f10b2a..ee51863d280b 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -18,6 +18,7 @@
#include "hw/virtio/vhost-backend.h"
#include "hw/virtio/virtio-net.h"
#include "hw/virtio/vhost-vdpa.h"
+#include "exec/address-spaces.h"
#include "qemu/main-loop.h"
#include "cpu.h"
#include "trace.h"
diff --git a/include/hw/virtio/vhost-vdpa.h b/include/hw/virtio/vhost-vdpa.h
index 28ca65018ed7..ae9ee7adb2d0 100644
--- a/include/hw/virtio/vhost-vdpa.h
+++ b/include/hw/virtio/vhost-vdpa.h
@@ -21,5 +21,4 @@ typedef struct vhost_vdpa {
struct vhost_dev *dev;
} VhostVDPA;

-extern AddressSpace address_space_memory;
#endif
--
2.11.0




Reviewed-by: Stefano Garzarella 

Re: [PATCH 09/21] block/backup: move cluster size calculation to block-copy

[Max Reitz]

On 17.05.21 08:44, Vladimir Sementsov-Ogievskiy wrote:

The main consumer of cluster-size is block-copy. Let's calculate it
here instead of passing through backup-top.

We are going to publish copy-before-write filter soon, so it will be
created through options. But we don't want for now to make explicit
option for cluster-size, let's continue to calculate it automatically.
So, now is the time to get rid of cluster_size argument for
bdrv_cbw_append().

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
  block/copy-before-write.h  |  1 -
  include/block/block-copy.h |  5 ++--
  block/backup.c | 58 ++
  block/block-copy.c | 47 +-
  block/copy-before-write.c  | 10 +++
  5 files changed, 62 insertions(+), 59 deletions(-)


Reviewed-by: Max Reitz 

Re: [PATCH v3 3/9] qapi: start building an 'if' predicate tree

[John Snow]

On 5/17/21 7:18 AM, Marc-André Lureau wrote:
That's also what I thought (it was in my commit message comments). 


I did read them, I promise :)

Repeating myself, I'd defer this, there is no urge to make the code more 
complex yet. It can easily be done in a following iteration.


I think I can accept this, as long as we don't create a lot of work for 
ourselves splitting it back out later.


I think it'll be up to Markus, ultimately.

--js

Re: [PATCH 00/10] Python: delint iotests, machine.py and console_socket.py

[Emanuele Giuseppe Esposito]

On 17/05/2021 18:11, John Snow wrote:

On 5/12/21 5:46 PM, John Snow wrote:

gitlab CI: https://gitlab.com/jsnow/qemu/-/pipelines/301924893
branch: 
https://gitlab.com/jsnow/qemu/-/commits/python-package-pre-cleanup


This series serves as a pre-requisite for packaging the python series
and getting the linters running via CI. The first patch fixes a linter
error we've had for a while now; the subsequent 9 fix a new warning that
was recently added to pylint 2.8.x.

If there's nobody opposed, I'll take it through my Python queue,
including the iotests bits.

John Snow (10):
   python/console_socket: avoid one-letter variable
   python/machine: use subprocess.DEVNULL instead of
 open(os.path.devnull)
   python/machine: use subprocess.run instead of subprocess.Popen
   python/console_socket: Add a pylint ignore
   python/machine: Disable pylint warning for open() in _pre_launch
   python/machine: disable warning for Popen in _launch()
   iotests: use subprocess.run where possible
   iotests: use 'with open()' where applicable
   iotests: silence spurious consider-using-with warnings
   iotests: ensure that QemuIoInteractive definitely closes

  python/qemu/console_socket.py    | 11 ---
  python/qemu/machine.py   | 28 ++--
  tests/qemu-iotests/iotests.py    | 55 +++-
  tests/qemu-iotests/testrunner.py |  1 +
  4 files changed, 57 insertions(+), 38 deletions(-)



The iotests stuff was handled by Emanuele Giuseppe Esposito instead, and 
-- I must admit -- better than I did. Dropping patches 7-10.


Yes, patch 7-9 + the #pylint: disable= in patch 10 are covered in
"qemu-iotests: fix pylint 2.8 consider-using-with error"
https://patchew.org/QEMU/20210510190449.65948-1-eespo...@redhat.com/
that is merged.

Just wanted to point that maybe you want to keep part of patch 10, if 
you think that it is important :)


Emanuele

[PATCH v4 7/9] qapi: convert 'if' C-expressions to the new syntax tree

[marcandre . lureau]

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Hajnoczi 
Tested-by: John Snow 
---
 qapi/machine-target.json | 20 
 qapi/misc-target.json| 12 +++-
 2 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/qapi/machine-target.json b/qapi/machine-target.json
index e7811654b7..9b56b81bea 100644
--- a/qapi/machine-target.json
+++ b/qapi/machine-target.json
@@ -213,7 +213,9 @@
 ##
 { 'struct': 'CpuModelExpansionInfo',
   'data': { 'model': 'CpuModelInfo' },
-  'if': 'defined(TARGET_S390X) || defined(TARGET_I386) || defined(TARGET_ARM)' 
}
+  'if': { 'any': [ 'defined(TARGET_S390X)',
+   'defined(TARGET_I386)',
+   'defined(TARGET_ARM)'] } }
 
 ##
 # @query-cpu-model-expansion:
@@ -252,7 +254,9 @@
   'data': { 'type': 'CpuModelExpansionType',
 'model': 'CpuModelInfo' },
   'returns': 'CpuModelExpansionInfo',
-  'if': 'defined(TARGET_S390X) || defined(TARGET_I386) || defined(TARGET_ARM)' 
}
+  'if': { 'any': [ 'defined(TARGET_S390X)',
+   'defined(TARGET_I386)',
+   'defined(TARGET_ARM)' ] } }
 
 ##
 # @CpuDefinitionInfo:
@@ -316,7 +320,11 @@
 'typename': 'str',
 '*alias-of' : 'str',
 'deprecated' : 'bool' },
-  'if': 'defined(TARGET_PPC) || defined(TARGET_ARM) || defined(TARGET_I386) || 
defined(TARGET_S390X) || defined(TARGET_MIPS)' }
+  'if': { 'any': [ 'defined(TARGET_PPC)',
+   'defined(TARGET_ARM)',
+   'defined(TARGET_I386)',
+   'defined(TARGET_S390X)',
+   'defined(TARGET_MIPS)' ] } }
 
 ##
 # @query-cpu-definitions:
@@ -328,4 +336,8 @@
 # Since: 1.2
 ##
 { 'command': 'query-cpu-definitions', 'returns': ['CpuDefinitionInfo'],
-  'if': 'defined(TARGET_PPC) || defined(TARGET_ARM) || defined(TARGET_I386) || 
defined(TARGET_S390X) || defined(TARGET_MIPS)' }
+  'if': { 'any': [ 'defined(TARGET_PPC)',
+   'defined(TARGET_ARM)',
+   'defined(TARGET_I386)',
+   'defined(TARGET_S390X)',
+   'defined(TARGET_MIPS)' ] } }
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 6200c671be..835a74a072 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -23,7 +23,17 @@
 ##
 { 'event': 'RTC_CHANGE',
   'data': { 'offset': 'int' },
-  'if': 'defined(TARGET_ALPHA) || defined(TARGET_ARM) || defined(TARGET_HPPA) 
|| defined(TARGET_I386) || defined(TARGET_MIPS) || defined(TARGET_MIPS64) || 
defined(TARGET_PPC) || defined(TARGET_PPC64) || defined(TARGET_S390X) || 
defined(TARGET_SH4) || defined(TARGET_SPARC)' }
+  'if': { 'any': [ 'defined(TARGET_ALPHA)',
+   'defined(TARGET_ARM)',
+   'defined(TARGET_HPPA)',
+   'defined(TARGET_I386)',
+   'defined(TARGET_MIPS)',
+   'defined(TARGET_MIPS64)',
+   'defined(TARGET_PPC)',
+   'defined(TARGET_PPC64)',
+   'defined(TARGET_S390X)',
+   'defined(TARGET_SH4)',
+   'defined(TARGET_SPARC)' ] } }
 
 ##
 # @rtc-reset-reinjection:
-- 
2.29.0

Re: [PATCH v3 4/9] qapi: introduce IfPredicateList and IfAny

[John Snow]

On 5/17/21 7:18 AM, Marc-André Lureau wrote:

No, just the sake of doing things iteratively.


ACK, Understood!

--js

[PATCH v4 6/9] qapi: normalize 'if' condition to IfPredicate tree

[marcandre . lureau]

From: Marc-André Lureau 

Modify check_if() to build an IfPredicate tree (the schema
documentation is updated in a following patch).

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Hajnoczi 
Tested-by: John Snow 
---
 tests/unit/test-qmp-cmds.c|  1 +
 scripts/qapi/expr.py  | 53 ++--
 scripts/qapi/schema.py| 62 +--
 tests/qapi-schema/bad-if.err  |  3 +-
 tests/qapi-schema/doc-good.out| 12 ++--
 tests/qapi-schema/enum-if-invalid.err |  3 +-
 tests/qapi-schema/features-if-invalid.err |  2 +-
 tests/qapi-schema/qapi-schema-test.json   | 20 +++---
 tests/qapi-schema/qapi-schema-test.out| 59 ++
 .../qapi-schema/struct-member-if-invalid.err  |  2 +-
 10 files changed, 136 insertions(+), 81 deletions(-)

diff --git a/tests/unit/test-qmp-cmds.c b/tests/unit/test-qmp-cmds.c
index 1b0b7d99df..83efa39720 100644
--- a/tests/unit/test-qmp-cmds.c
+++ b/tests/unit/test-qmp-cmds.c
@@ -51,6 +51,7 @@ FeatureStruct1 *qmp_test_features0(bool has_fs0, 
FeatureStruct0 *fs0,
bool has_cfs1, CondFeatureStruct1 *cfs1,
bool has_cfs2, CondFeatureStruct2 *cfs2,
bool has_cfs3, CondFeatureStruct3 *cfs3,
+   bool has_cfs4, CondFeatureStruct4 *cfs4,
Error **errp)
 {
 return g_new0(FeatureStruct1, 1);
diff --git a/scripts/qapi/expr.py b/scripts/qapi/expr.py
index 496f7e0333..0a0ff73203 100644
--- a/scripts/qapi/expr.py
+++ b/scripts/qapi/expr.py
@@ -261,12 +261,13 @@ def check_if(expr: _JSONObject, info: QAPISourceInfo, 
source: str) -> None:
 """
 Normalize and validate the ``if`` member of an object.
 
-The ``if`` member may be either a ``str`` or a ``List[str]``.
-A ``str`` value will be normalized to ``List[str]``.
+The ``if`` field may be either a ``str``, a ``List[str]`` or a dict.
+A ``str`` element or a ``List[str]`` will be normalized to
+``{'all': List[str]}``.
 
 :forms:
   :sugared: ``Union[str, List[str]]``
-  :canonical: ``List[str]``
+  :canonical: ``Union[str, dict]``
 
 :param expr: The expression containing the ``if`` member to validate.
 :param info: QAPI schema source file information.
@@ -281,25 +282,41 @@ def check_if(expr: _JSONObject, info: QAPISourceInfo, 
source: str) -> None:
 if ifcond is None:
 return
 
-if isinstance(ifcond, list):
-if not ifcond:
-raise QAPISemError(
-info, "'if' condition [] of %s is useless" % source)
-else:
-# Normalize to a list
-ifcond = expr['if'] = [ifcond]
-
-for elt in ifcond:
-if not isinstance(elt, str):
+def normalize(cond: Union[str, List[str], object]) -> Union[str, object]:
+if isinstance(cond, str):
+if not cond.strip():
+raise QAPISemError(
+info,
+"'if' condition '%s' of %s makes no sense"
+% (cond, source))
+return cond
+if isinstance(cond, list):
+cond = {"all": cond}
+if not isinstance(cond, dict):
 raise QAPISemError(
 info,
-"'if' condition of %s must be a string or a list of strings"
-% source)
-if not elt.strip():
+"'if' condition of %s must be a string, "
+"a list of strings or a dict" % source)
+if len(cond) != 1:
 raise QAPISemError(
 info,
-"'if' condition '%s' of %s makes no sense"
-% (elt, source))
+"'if' condition dict of %s must have one key: "
+"'all', 'any' or 'not'" % source)
+check_keys(cond, info, "'if' condition", [],
+   ["all", "any", "not"])
+oper, operands = next(iter(cond.items()))
+if not operands:
+raise QAPISemError(
+info, "'if' condition [] of %s is useless" % source)
+if oper == "not":
+return {oper: normalize(operands)}
+if oper in ("all", "any") and not isinstance(operands, list):
+raise QAPISemError(
+info, "'%s' condition of %s must be a list" % (oper, source))
+operands = [normalize(o) for o in operands]
+return {oper: operands}
+
+expr['if'] = normalize(ifcond)
 
 
 def normalize_members(members: object) -> None:
diff --git a/scripts/qapi/schema.py b/scripts/qapi/schema.py
index 0c9675f3a2..07fb33834a 100644
--- a/scripts/qapi/schema.py
+++ b/scripts/qapi/schema.py
@@ -22,6 +22,8 @@
 from .common import (
 POINTER_SUFFIX,
 IfAll,
+IfAny,
+IfNot,
 IfOption,
 c_name,
 )
@@ -31,15 +33,14 @@
 
 
 class QAPISchemaIfCond:
-def __init__(self, ifcond=None):
-

Re: [PATCH v2 3/7] ACPI ERST: support for ACPI ERST feature

[Igor Mammedov]

On Mon, 17 May 2021 15:01:02 +
Eric DeVolder  wrote:

> Hi Igor,
> I've been working to transition ERST to use the hostmem-file object as the 
> backing store, as requested.
> 
> I have the backend-file object now in ERST, and I have a question for you. 
> This hostmem-file initializes
> itself from a file, but in looking at the code, I do not see that it ever 
> writes back to the file!? Furthermore,
> I don't see a "flush" type method to force writeback of data in the object 
> back to file?
> 
> The original ERST code would flush/write to the backing file each record as 
> it was created. I don't see
> any equivalent way of doing that with hostmem-file?

To force flush you can use memory_region_msync() on MemoryRegion that you get 
from hostmem backend.
But question is what are you trying to achieve with sync
  1. data persistence in case of QEMU crash
  2. data persistence in case of host crash

for the former you do not need explicit sync as memory buffers should be 
flushed to disk by kernel
if you put backend on nvdimm, you should get 2 without sync as well (see 
pmem=on property)

just do not forget that sync is not free, so if #1 is acceptable I'd avoid 
explicit sync.


> Please point out where I am misunderstanding.
> 
> Thanks,
> eric
> 
> 
> From: Igor Mammedov 
> Sent: Monday, May 3, 2021 12:07 PM
> To: Eric DeVolder 
> Cc: ehabk...@redhat.com ; m...@redhat.com 
> ; Konrad Wilk ; 
> qemu-devel@nongnu.org ; pbonz...@redhat.com 
> ; Boris Ostrovsky ; 
> r...@twiddle.net ; jus...@redhat.com 
> Subject: Re: [PATCH v2 3/7] ACPI ERST: support for ACPI ERST feature
> 
> On Mon, 3 May 2021 15:49:28 +
> Eric DeVolder  wrote:
> 
> > Igor,
> > I've rebased the original patches on to qemu-v6.0.0-rc4, and finally have 
> > everything working as it previously did.
> > I've started now to work to incorporate the HostMemoryBackendFile; that is 
> > progressing.
> > My question for you today is with regard to placing ERST device on PCI. The 
> > PCI example provided is a template device, and while I do find that 
> > helpful, I still do not understand how the ERST Actions, which contain GAS 
> > for describing the register accesses, would be patched/linked when a PCI 
> > bar is assigned. Or is there perhaps another way of obtaining the PCI BAR 
> > using ACPI semantics?  
> 
> current order of initialization is,
>  0. QEMU builds initial ACPI tables (unpatched, mainly used to gauge total 
> size of ACPI tables) and starts guest
>  1. guest firmware initializes PCI devices (including BARs)
>  2. guest reads ACPI tables from QEMU(via fwcfg)
>  2.1 reading ACPI tables traps into QEMU and QEMU rebuilds all ACPI tables 
> (including ERST)
>   at this time one can get info from PCI devices (probably 
> pci_get_bar_addr() is what you are looking for)
>   that were initialized by firmware and build tables using address.
>   Maybe it will need dynamic tables patching but lets get to that only if 
> rebuilding table won't be enough
> 
> 
> 
> > Thanks,
> > eric
> >
> > 
> > From: Igor Mammedov 
> > Sent: Wednesday, April 14, 2021 4:17 AM
> > To: Eric DeVolder 
> > Cc: ehabk...@redhat.com ; m...@redhat.com 
> > ; Konrad Wilk ; 
> > qemu-devel@nongnu.org ; pbonz...@redhat.com 
> > ; Boris Ostrovsky ; 
> > r...@twiddle.net ; jus...@redhat.com 
> > Subject: Re: [PATCH v2 3/7] ACPI ERST: support for ACPI ERST feature
> >
> > On Fri, 9 Apr 2021 15:54:47 +
> > Eric DeVolder  wrote:
> >  
> > > Hi Igor,
> > > Thank you for reviewing. I've responded inline below.
> > > eric
> > >
> > > 
> > > From: Igor Mammedov 
> > > Sent: Tuesday, April 6, 2021 2:31 PM
> > > To: Eric DeVolder 
> > > Cc: m...@redhat.com ; marcel.apfelb...@gmail.com 
> > > ; pbonz...@redhat.com ; 
> > > r...@twiddle.net ; ehabk...@redhat.com 
> > > ; qemu-devel@nongnu.org ; 
> > > Boris Ostrovsky ; kw...@oracle.com 
> > > 
> > > Subject: Re: [PATCH v2 3/7] ACPI ERST: support for ACPI ERST feature
> > >
> > > On Mon,  8 Feb 2021 15:57:55 -0500
> > > Eric DeVolder  wrote:
> > >  
> > > > This change implements the support for the ACPI ERST feature[1,2].
> > > >
> > > > The size of the ACPI ERST storage is declared via the QEMU
> > > > global parameter acpi-erst.size. The size can range from 64KiB
> > > > to to 64MiB. The default is 64KiB.
> > > >
> > > > The location of the ACPI ERST storage backing file is delared
> > > > via the QEMU global parameter acpi-erst.filename. The default
> > > > is acpi-erst.backing.
> > > >
> > > > [1] "Advanced Configuration and Power Interface Specification",
> > > > version 6.2, May 2017.
> > > > https://www.uefi.org/sites/default/files/resources/ACPI_6_2.pdf
> > > >
> > > > [2] "Unified Extensible Firmware Interface Specification",
> > > > version 2.8, March 2019.
> > > > 
> > > > https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_final.pdf
> > > >
> > > > Signed-off-by: Eric DeVolde

Re: [PATCH 09/11] include/exec: added functions to the stubs in exec-all.h

[Lucas Mateus Martins Araujo e Castro]

On 17/05/2021 00:58, David Gibson wrote:

On Thu, May 13, 2021 at 06:44:01PM -0500, Richard Henderson wrote:
65;6401;1c> On 5/13/21 9:03 AM, Lucas Mateus Martins Araujo e Castro wrote:

tlb_set_page is called by many ppc_hash64_handle_mmu_fault,
ppc_radix64_handle_mmu_fault and ppc_hash32_handle_mmu_fault, all of
which from what I've seen are only used inside #if
defined(CONFIG_SOFTMMU).

tlb_set_page should only be called from one place: ppc_cpu_tlb_fill.  The
other functions should fill in data, much like get_physical_address.



So what is the best way to deal with these tlb_set_page calls? Should
these part of the _handle_mmu_fault functions never be reached or should
these functions never be called?

There is some duplication between get_physical_address* and
*handle_mmu_fault that should be fixed.

What should be happening is that you have one function (per mmu type) that
takes a virtual address and resolves a physical address. This bit of code
should be written so that it is usable by both
CPUClass.get_phys_page_attrs_debug and TCGCPUOps.tlb_fill.  It appears as if
ppc_radix64_xlate is the right interface for this.

It appears that real mode handling is duplicated between hash64 and radix64,
which could be unified.

Any common handling between the hash and radix MMUs should go in
mmu-book3s-v3.*  That covers common things across the v3 (POWER9 and
later) MMUs which includes both hash and radix mode.


I'm not completely sure how this should be handled, there's a 
get_physical_address in mmu_helper.c but it's a static function and 
divided by processor families instead of MMU types, so 
get_physical_address_* should be a new function?


The new get_physical_address_* function would be a mmu-hash(32|64) that 
do something like ppc_radix64_xlate and add a function to mmu-book3s-v3 
that call either the radix64 or the hash64 function and also handle real 
mode access.


Also should the tlb_set_page calls in *_handle_mmu_fault be changed to 
ppc_cpu_tlb_fill or the function should themselves fill it?





You should only call tlb_set_page from TCGCPUOps.tlb_fill, aka
ppc_cpu_tlb_fill.  TCGCPUOps.tlb_fill is obviously TCG only.

The version you are looking at here is system emulation specific (sysemu,
!defined(CONFIG_USER_ONLY)).  There is a second version of this function,
with the same signature, that is used for user emulation in the helpfully
named user_only_helper.c.


r~


--
Lucas Mateus M. Araujo e Castro
Instituto de Pesquisas ELDORADO 


Departamento Computação Embarcada
Estagiario
Aviso Legal - Disclaimer 

[PULL 17/29] tests/tcg/tricore: Add fmul test

[Alex Bennée]

From: Bastian Koppelmann 

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Tested-by: Alex Bennée 
Message-Id: <20210305170045.869437-12-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-22-alex.ben...@linaro.org>

diff --git a/tests/tcg/tricore/Makefile.softmmu-target 
b/tests/tcg/tricore/Makefile.softmmu-target
index e7adb16af9..34da1f37de 100644
--- a/tests/tcg/tricore/Makefile.softmmu-target
+++ b/tests/tcg/tricore/Makefile.softmmu-target
@@ -8,6 +8,7 @@ TESTS += test_bmerge.tst
 TESTS += test_clz.tst
 TESTS += test_dvstep.tst
 TESTS += test_fadd.tst
+TESTS += test_fmul.tst
 
 QEMU_OPTS += -M tricore_testboard -nographic -kernel
 
diff --git a/tests/tcg/tricore/test_fmul.S b/tests/tcg/tricore/test_fmul.S
new file mode 100644
index 00..fb1f634b2d
--- /dev/null
+++ b/tests/tcg/tricore/test_fmul.S
@@ -0,0 +1,8 @@
+#include "macros.h"
+.text
+.global _start
+_start:
+TEST_D_DD_PSW(mul.f, 1, 0x974f4f0a, 0x84000b80, 0x1a0b1980, 0xbcbec42d)
+
+TEST_PASSFAIL
+
-- 
2.20.1

Re: [Qemu-devel] [PATCH 7/7] target/xtensa: move non-HELPER functions to helper.c

[Max Filippov]

On Mon, May 17, 2021 at 9:54 AM Philippe Mathieu-Daudé  wrote:
>
> On 5/17/21 5:35 PM, Max Filippov wrote:
> > On Mon, May 17, 2021 at 8:25 AM Max Filippov  wrote:
> >>
> >> On Mon, May 17, 2021 at 6:10 AM Philippe Mathieu-Daudé  
> >> wrote:
> >>>
> >>> On 5/17/21 2:11 PM, Max Filippov wrote:
>  On Mon, May 17, 2021 at 4:50 AM Max Filippov  wrote:
> >
> > Hi Philippe,
> >
> > On Sun, May 16, 2021 at 10:05 PM Philippe Mathieu-Daudé
> >  wrote:
> >>
> >> Hi Max,
> >>
> >> On Mon, Jan 14, 2019 at 8:52 AM Max Filippov  
> >> wrote:
> >>>
> >>> Move remaining non-HELPER functions from op_helper.c to helper.c.
> >>> No functional changes.
> >>>
> >>> Signed-off-by: Max Filippov 
> >>> ---
> >>>  target/xtensa/helper.c| 61 
> >>> ---
> >>>  target/xtensa/op_helper.c | 56 
> >>> ---
> >>>  2 files changed, 58 insertions(+), 59 deletions(-)
> >>
> >>> +void xtensa_cpu_do_unaligned_access(CPUState *cs,
> >>> +vaddr addr, MMUAccessType 
> >>> access_type,
> >>> +int mmu_idx, uintptr_t retaddr)
> >>> +{
> >>> +XtensaCPU *cpu = XTENSA_CPU(cs);
> >>> +CPUXtensaState *env = &cpu->env;
> >>> +
> >>> +if (xtensa_option_enabled(env->config, 
> >>> XTENSA_OPTION_UNALIGNED_EXCEPTION) &&
> >>> +!xtensa_option_enabled(env->config, 
> >>> XTENSA_OPTION_HW_ALIGNMENT)) {
> >>
> >> I know this is a simple code movement, but I wonder, what should
> >> happen when there is
> >> an unaligned fault and the options are disabled? Is this an impossible
> >> case (unreachable)?
> >
> > It should be unreachable when XTENSA_OPTION_UNALIGNED_EXCEPTION
> > is disabled. In that case the translation code generates access on 
> > aligned
> > addresses according to the xtensa ISA, see the function
> > gen_load_store_alignment in target/xtensa/translate.c
> 
>  There's also a case when both options are enabled, i.e. the
>  xtensa core has support for transparent unaligned access.
>  In that case the helper does nothing and the generic TCG
>  code is supposed to deal with the unaligned access correctly,
> >>>
> >>> IIRC we can simplify as:
> >>>
> >>> -- >8 --
> >>> diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c
> >>> index eeffee297d1..6e8a6cdc99e 100644
> >>> --- a/target/xtensa/helper.c
> >>> +++ b/target/xtensa/helper.c
> >>> @@ -270,13 +270,14 @@ void xtensa_cpu_do_unaligned_access(CPUState *cs,
> >>>  XtensaCPU *cpu = XTENSA_CPU(cs);
> >>>  CPUXtensaState *env = &cpu->env;
> >>>
> >>> -if (xtensa_option_enabled(env->config,
> >>> XTENSA_OPTION_UNALIGNED_EXCEPTION) &&
> >>> -!xtensa_option_enabled(env->config, XTENSA_OPTION_HW_ALIGNMENT)) 
> >>> {
> >>> -cpu_restore_state(CPU(cpu), retaddr, true);
> >>> -HELPER(exception_cause_vaddr)(env,
> >>> -  env->pc, 
> >>> LOAD_STORE_ALIGNMENT_CAUSE,
> >>> -  addr);
> >>> -}
> >>> +assert(xtensa_option_enabled(env->config,
> >>> + XTENSA_OPTION_UNALIGNED_EXCEPTION));
> >>
> >> This part -- yes.
> >>
> >>> +assert(!xtensa_option_enabled(env->config,
> >>> XTENSA_OPTION_HW_ALIGNMENT));
> >>
> >> This part -- no, because the call to the TCGCPUOps::do_unaligned_access
> >> is unconditional
> >
> > Oh, I've checked get_alignment_bits and now I see that it's conditional.
> > This change can be done then, but the translation part also needs to be 
> > changed
> > to put MO_UNALN on cores with XTENSA_OPTION_HW_ALIGNMENT.
>
> If you don't mind writing the patch, I'd prefer you do it because
> you have a better understanding and will likely get it right, otherwise
> I'll add it to my TODO and come back to it when other of my in-flight
> series get merged :)

Almost done, will send it after some testing.
Thanks for drawing my attention to it (:

-- 
Thanks.
-- Max

[PATCH v4 9/9] docs: update the documentation about schema configuration

[marcandre . lureau]

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Hajnoczi 
Tested-by: John Snow 
---
 docs/devel/qapi-code-gen.txt | 27 ---
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/docs/devel/qapi-code-gen.txt b/docs/devel/qapi-code-gen.txt
index edaaf7ec40..4a3fd02723 100644
--- a/docs/devel/qapi-code-gen.txt
+++ b/docs/devel/qapi-code-gen.txt
@@ -780,26 +780,31 @@ downstream command __com.redhat_drive-mirror.
 === Configuring the schema ===
 
 Syntax:
-COND = STRING
- | [ STRING, ... ]
+COND = CFG-ID
+ | [ COND, ... ]
+ | { 'all: [ COND, ... ] }
+ | { 'any: [ COND, ... ] }
+ | { 'not': COND }
 
-All definitions take an optional 'if' member.  Its value must be a
-string or a list of strings.  A string is shorthand for a list
-containing just that string.  The code generated for the definition
-will then be guarded by #if STRING for each STRING in the COND list.
+CFG-ID = STRING
+
+All definitions take an optional 'if' member. Its value must be a string, a 
list
+of strings or an object with a single member 'all', 'any' or 'not'. A string is
+shorthand for a list containing just that string. A list is a shorthand for a
+'all'-member object. The C code generated for the definition will then be 
guarded
+by an #if precessor expression generated from that condition: 'all': [COND, 
...]
+will generate '(COND && ...)', 'any': [COND, ...] '(COND || ...)', 'not': COND 
'!COND'.
 
 Example: a conditional struct
 
  { 'struct': 'IfStruct', 'data': { 'foo': 'int' },
-   'if': ['CONFIG_FOO', 'HAVE_BAR'] }
+   'if': { 'all': [ 'CONFIG_FOO', 'HAVE_BAR' ] } }
 
 gets its generated code guarded like this:
 
- #if defined(CONFIG_FOO)
- #if defined(HAVE_BAR)
+ #if defined(CONFIG_FOO) && defined(HAVE_BAR)
  ... generated code ...
- #endif /* defined(HAVE_BAR) */
- #endif /* defined(CONFIG_FOO) */
+ #endif /* defined(HAVE_BAR) && defined(CONFIG_FOO) */
 
 Individual members of complex types, commands arguments, and
 event-specific data can also be made conditional.  This requires the
-- 
2.29.0

Re: [Qemu-devel] [PATCH 7/7] target/xtensa: move non-HELPER functions to helper.c

[Philippe Mathieu-Daudé]

On 5/17/21 5:35 PM, Max Filippov wrote:
> On Mon, May 17, 2021 at 8:25 AM Max Filippov  wrote:
>>
>> On Mon, May 17, 2021 at 6:10 AM Philippe Mathieu-Daudé  
>> wrote:
>>>
>>> On 5/17/21 2:11 PM, Max Filippov wrote:
 On Mon, May 17, 2021 at 4:50 AM Max Filippov  wrote:
>
> Hi Philippe,
>
> On Sun, May 16, 2021 at 10:05 PM Philippe Mathieu-Daudé
>  wrote:
>>
>> Hi Max,
>>
>> On Mon, Jan 14, 2019 at 8:52 AM Max Filippov  wrote:
>>>
>>> Move remaining non-HELPER functions from op_helper.c to helper.c.
>>> No functional changes.
>>>
>>> Signed-off-by: Max Filippov 
>>> ---
>>>  target/xtensa/helper.c| 61 
>>> ---
>>>  target/xtensa/op_helper.c | 56 
>>> ---
>>>  2 files changed, 58 insertions(+), 59 deletions(-)
>>
>>> +void xtensa_cpu_do_unaligned_access(CPUState *cs,
>>> +vaddr addr, MMUAccessType 
>>> access_type,
>>> +int mmu_idx, uintptr_t retaddr)
>>> +{
>>> +XtensaCPU *cpu = XTENSA_CPU(cs);
>>> +CPUXtensaState *env = &cpu->env;
>>> +
>>> +if (xtensa_option_enabled(env->config, 
>>> XTENSA_OPTION_UNALIGNED_EXCEPTION) &&
>>> +!xtensa_option_enabled(env->config, 
>>> XTENSA_OPTION_HW_ALIGNMENT)) {
>>
>> I know this is a simple code movement, but I wonder, what should
>> happen when there is
>> an unaligned fault and the options are disabled? Is this an impossible
>> case (unreachable)?
>
> It should be unreachable when XTENSA_OPTION_UNALIGNED_EXCEPTION
> is disabled. In that case the translation code generates access on aligned
> addresses according to the xtensa ISA, see the function
> gen_load_store_alignment in target/xtensa/translate.c

 There's also a case when both options are enabled, i.e. the
 xtensa core has support for transparent unaligned access.
 In that case the helper does nothing and the generic TCG
 code is supposed to deal with the unaligned access correctly,
>>>
>>> IIRC we can simplify as:
>>>
>>> -- >8 --
>>> diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c
>>> index eeffee297d1..6e8a6cdc99e 100644
>>> --- a/target/xtensa/helper.c
>>> +++ b/target/xtensa/helper.c
>>> @@ -270,13 +270,14 @@ void xtensa_cpu_do_unaligned_access(CPUState *cs,
>>>  XtensaCPU *cpu = XTENSA_CPU(cs);
>>>  CPUXtensaState *env = &cpu->env;
>>>
>>> -if (xtensa_option_enabled(env->config,
>>> XTENSA_OPTION_UNALIGNED_EXCEPTION) &&
>>> -!xtensa_option_enabled(env->config, XTENSA_OPTION_HW_ALIGNMENT)) {
>>> -cpu_restore_state(CPU(cpu), retaddr, true);
>>> -HELPER(exception_cause_vaddr)(env,
>>> -  env->pc, LOAD_STORE_ALIGNMENT_CAUSE,
>>> -  addr);
>>> -}
>>> +assert(xtensa_option_enabled(env->config,
>>> + XTENSA_OPTION_UNALIGNED_EXCEPTION));
>>
>> This part -- yes.
>>
>>> +assert(!xtensa_option_enabled(env->config,
>>> XTENSA_OPTION_HW_ALIGNMENT));
>>
>> This part -- no, because the call to the TCGCPUOps::do_unaligned_access
>> is unconditional
> 
> Oh, I've checked get_alignment_bits and now I see that it's conditional.
> This change can be done then, but the translation part also needs to be 
> changed
> to put MO_UNALN on cores with XTENSA_OPTION_HW_ALIGNMENT.

If you don't mind writing the patch, I'd prefer you do it because
you have a better understanding and will likely get it right, otherwise
I'll add it to my TODO and come back to it when other of my in-flight
series get merged :)

Regards,

Phil.

[PATCH v4 8/9] qapi: make 'if' condition strings simple identifiers

[marcandre . lureau]

From: Marc-André Lureau 

Change the 'if' condition strings to be C-agnostic and be simple
identifiers.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Hajnoczi 
Tested-by: John Snow 
---
 docs/devel/qapi-code-gen.txt  |  8 +--
 qapi/block-core.json  | 16 ++---
 qapi/block-export.json|  6 +-
 qapi/char.json|  8 +--
 qapi/machine-target.json  | 40 ++---
 qapi/migration.json   | 10 ++--
 qapi/misc-target.json | 46 +++---
 qapi/qom.json | 10 ++--
 qapi/sockets.json |  4 +-
 qapi/ui.json  | 48 +++
 qga/qapi-schema.json  |  8 +--
 scripts/qapi/common.py|  2 +-
 scripts/qapi/expr.py  |  4 +-
 .../alternate-branch-if-invalid.err   |  2 +-
 tests/qapi-schema/bad-if-empty.err|  2 +-
 tests/qapi-schema/bad-if-list.err |  2 +-
 tests/qapi-schema/bad-if.json |  2 +-
 tests/qapi-schema/doc-good.json   |  6 +-
 tests/qapi-schema/doc-good.out|  6 +-
 tests/qapi-schema/doc-good.txt|  6 +-
 tests/qapi-schema/features-missing-name.json  |  2 +-
 tests/qapi-schema/qapi-schema-test.json   | 52 
 tests/qapi-schema/qapi-schema-test.out| 60 +--
 tests/qapi-schema/union-branch-if-invalid.err |  2 +-
 24 files changed, 176 insertions(+), 176 deletions(-)

diff --git a/docs/devel/qapi-code-gen.txt b/docs/devel/qapi-code-gen.txt
index c1cb6f987d..edaaf7ec40 100644
--- a/docs/devel/qapi-code-gen.txt
+++ b/docs/devel/qapi-code-gen.txt
@@ -791,7 +791,7 @@ will then be guarded by #if STRING for each STRING in the 
COND list.
 Example: a conditional struct
 
  { 'struct': 'IfStruct', 'data': { 'foo': 'int' },
-   'if': ['defined(CONFIG_FOO)', 'defined(HAVE_BAR)'] }
+   'if': ['CONFIG_FOO', 'HAVE_BAR'] }
 
 gets its generated code guarded like this:
 
@@ -810,7 +810,7 @@ member 'bar'
 
 { 'struct': 'IfStruct', 'data':
   { 'foo': 'int',
-'bar': { 'type': 'int', 'if': 'defined(IFCOND)'} } }
+'bar': { 'type': 'int', 'if': 'IFCOND'} } }
 
 A union's discriminator may not be conditional.
 
@@ -822,7 +822,7 @@ value 'bar'
 
 { 'enum': 'IfEnum', 'data':
   [ 'foo',
-{ 'name' : 'bar', 'if': 'defined(IFCOND)' } ] }
+{ 'name' : 'bar', 'if': 'IFCOND' } ] }
 
 Likewise, features can be conditional.  This requires the longhand
 form of FEATURE.
@@ -832,7 +832,7 @@ Example: a struct with conditional feature 
'allow-negative-numbers'
 { 'struct': 'TestType',
   'data': { 'number': 'int' },
   'features': [ { 'name': 'allow-negative-numbers',
-  'if': 'defined(IFCOND)' } ] }
+  'if': 'IFCOND' } ] }
 
 Please note that you are responsible to ensure that the C code will
 compile with an arbitrary combination of conditions, since the
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 2ea294129e..13fcdd6b91 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -2779,7 +2779,7 @@
 ##
 { 'enum': 'BlockdevAioOptions',
   'data': [ 'threads', 'native',
-{ 'name': 'io_uring', 'if': 'defined(CONFIG_LINUX_IO_URING)' } ] }
+{ 'name': 'io_uring', 'if': 'CONFIG_LINUX_IO_URING' } ] }
 
 ##
 # @BlockdevCacheOptions:
@@ -2817,7 +2817,7 @@
 'gluster', 'host_cdrom', 'host_device', 'http', 'https', 'iscsi',
 'luks', 'nbd', 'nfs', 'null-aio', 'null-co', 'nvme', 'parallels',
 'preallocate', 'qcow', 'qcow2', 'qed', 'quorum', 'raw', 'rbd',
-{ 'name': 'replication', 'if': 'defined(CONFIG_REPLICATION)' },
+{ 'name': 'replication', 'if': 'CONFIG_REPLICATION' },
 'ssh', 'throttle', 'vdi', 'vhdx', 'vmdk', 'vpc', 'vvfat' ] }
 
 ##
@@ -2859,10 +2859,10 @@
 '*locking': 'OnOffAuto',
 '*aio': 'BlockdevAioOptions',
 '*drop-cache': {'type': 'bool',
-'if': 'defined(CONFIG_LINUX)'},
+'if': 'CONFIG_LINUX'},
 '*x-check-cache-dropped': 'bool' },
   'features': [ { 'name': 'dynamic-auto-read-only',
-  'if': 'defined(CONFIG_POSIX)' } ] }
+  'if': 'CONFIG_POSIX' } ] }
 
 ##
 # @BlockdevOptionsNull:
@@ -3662,7 +3662,7 @@
 # Since: 2.9
 ##
 { 'enum' : 'ReplicationMode', 'data' : [ 'primary', 'secondary' ],
-  'if': 'defined(CONFIG_REPLICATION)' }
+  'if': 'CONFIG_REPLICATION' }
 
 ##
 # @BlockdevOptionsReplication:
@@ -3681,7 +3681,7 @@
   'base': 'BlockdevOptionsGenericFormat',
   'data': { 'mode': 'ReplicationMode',
 '*top-id': 'str' },
-  'if': 'defined(CONFIG_REPLICATION)' }
+  'if': 'CONFIG_REPLICATION' }
 
 ##
 # @NFSTransport:
@@ -4015,7 +4015,7 @@
   'raw':'BlockdevOptionsRaw',
   

[PULL 29/29] plugins/hotpages: Properly freed the hash table values

[Alex Bennée]

From: Mahmoud Mandour 

Allocated ``pages`` hash table through ``g_hash_table_new_full`` to
add a freeing function & destroyed the hash table on exit.

Signed-off-by: Mahmoud Mandour 
Signed-off-by: Alex Bennée 
Message-Id: <20210422005043.3569-3-ma.mando...@gmail.com>
Message-Id: <20210505092259.8202-5-alex.ben...@linaro.org>

diff --git a/contrib/plugins/hotpages.c b/contrib/plugins/hotpages.c
index bf53267532..9cf7f02c77 100644
--- a/contrib/plugins/hotpages.c
+++ b/contrib/plugins/hotpages.c
@@ -97,13 +97,14 @@ static void plugin_exit(qemu_plugin_id_t id, void *p)
 g_list_free(it);
 }
 
+g_hash_table_destroy(pages);
 qemu_plugin_outs(report->str);
 }
 
 static void plugin_init(void)
 {
 page_mask = (page_size - 1);
-pages = g_hash_table_new(NULL, g_direct_equal);
+pages = g_hash_table_new_full(NULL, g_direct_equal, NULL, g_free);
 }
 
 static void vcpu_haddr(unsigned int cpu_index, qemu_plugin_meminfo_t meminfo,
-- 
2.20.1

[PATCH v4 5/9] qapi: add IfNot

[marcandre . lureau]

From: Marc-André Lureau 

Introduce IfNot predicate class, for 'not' condition expressions.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Hajnoczi 
Tested-by: John Snow 
---
 scripts/qapi/common.py | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/scripts/qapi/common.py b/scripts/qapi/common.py
index 4e5c3ebaae..8a23c1d4ef 100644
--- a/scripts/qapi/common.py
+++ b/scripts/qapi/common.py
@@ -239,6 +239,28 @@ def __eq__(self, other: object) -> bool:
 return self.option == other.option
 
 
+class IfNot(IfPredicate):
+def __init__(self, pred: IfPredicate):
+self.pred = pred
+
+def cgen(self) -> str:
+return "!" + self.pred.cgen()
+
+def docgen(self) -> str:
+return "not " + self.pred.docgen()
+
+def __bool__(self) -> bool:
+return bool(self.pred)
+
+def __repr__(self) -> str:
+return f"IfNot({self.pred!r})"
+
+def __eq__(self, other: object) -> bool:
+if not isinstance(other, type(self)):
+return False
+return self.pred == other.pred
+
+
 class IfPredicateList(IfPredicate):
 C_SEP = ""
 DOC_SEP = ""
-- 
2.29.0

[PATCH v4 4/9] qapi: introduce IfPredicateList and IfAny

[marcandre . lureau]

From: Marc-André Lureau 

Refactor IfAll class, to introduce a base class IfPredicateList and add
IfAny for the 'any' conditions.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Hajnoczi 
Tested-by: John Snow 
---
 scripts/qapi/common.py | 29 +
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/scripts/qapi/common.py b/scripts/qapi/common.py
index 86dc2b228b..4e5c3ebaae 100644
--- a/scripts/qapi/common.py
+++ b/scripts/qapi/common.py
@@ -239,15 +239,26 @@ def __eq__(self, other: object) -> bool:
 return self.option == other.option
 
 
-class IfAll(IfPredicate):
+class IfPredicateList(IfPredicate):
+C_SEP = ""
+DOC_SEP = ""
+
 def __init__(self, pred_list: Sequence[IfPredicate]):
 self.pred_list = pred_list
 
 def cgen(self) -> str:
-return " && ".join([p.cgen() for p in self.pred_list])
+sep = " " + self.C_SEP + " "
+gen = sep.join([p.cgen() for p in self.pred_list])
+if len(self.pred_list) <= 1:
+return gen
+return "(%s)" % gen
 
 def docgen(self) -> str:
-return " and ".join([p.docgen() for p in self.pred_list])
+sep = " " + self.DOC_SEP + " "
+gen = sep.join([p.docgen() for p in self.pred_list])
+if len(self.pred_list) <= 1:
+return gen
+return "(%s)" % gen
 
 def __bool__(self) -> bool:
 return bool(self.pred_list)
@@ -256,6 +267,16 @@ def __repr__(self) -> str:
 return f"{type(self).__name__}({self.pred_list!r})"
 
 def __eq__(self, other: object) -> bool:
-if not isinstance(other, IfAll):
+if not isinstance(other, type(self)):
 return NotImplemented
 return self.pred_list == other.pred_list
+
+
+class IfAll(IfPredicateList):
+C_SEP = "&&"
+DOC_SEP = "and"
+
+
+class IfAny(IfPredicateList):
+C_SEP = "||"
+DOC_SEP = "or"
-- 
2.29.0

[PULL 22/29] tests/tcg/ppc64le: tests for brh/brw/brd

[Alex Bennée]

From: Matheus Ferst 

Tests for Byte-Reverse Halfword, Word and Doubleword

[AJB: tweak to make rules for skip/plugins]

Signed-off-by: Matheus Ferst 
Signed-off-by: Alex Bennée 
Tested-by: Fabiano Rosas 
Message-Id: <20210423205757.1752480-3-matheus.fe...@eldorado.org.br>
Message-Id: <20210512102051.12134-28-alex.ben...@linaro.org>

diff --git a/tests/tcg/ppc64le/byte_reverse.c b/tests/tcg/ppc64le/byte_reverse.c
new file mode 100644
index 00..53b76fc2e2
--- /dev/null
+++ b/tests/tcg/ppc64le/byte_reverse.c
@@ -0,0 +1,21 @@
+#include 
+
+int main(void)
+{
+unsigned long var;
+
+var = 0xFEDCBA9876543210;
+asm("brh %0, %0" : "+r"(var));
+assert(var == 0xDCFE98BA54761032);
+
+var = 0xFEDCBA9876543210;
+asm("brw %0, %0" : "+r"(var));
+assert(var == 0x98BADCFE10325476);
+
+var = 0xFEDCBA9876543210;
+asm("brd %0, %0" : "+r"(var));
+assert(var == 0x1032547698BADCFE);
+
+return 0;
+}
+
diff --git a/tests/tcg/ppc64/Makefile.target b/tests/tcg/ppc64/Makefile.target
index 0c6a4585fc..a6a4ddaeca 100644
--- a/tests/tcg/ppc64/Makefile.target
+++ b/tests/tcg/ppc64/Makefile.target
@@ -10,4 +10,17 @@ PPC64_TESTS=bcdsub
 endif
 bcdsub: CFLAGS += -mpower8-vector
 
+PPC64_TESTS += byte_reverse
+ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_POWER10),)
+run-byte_reverse: QEMU_OPTS+=-cpu POWER10
+run-plugin-byte_reverse-with-%: QEMU_OPTS+=-cpu POWER10
+else
+byte_reverse:
+   $(call skip-test, "BUILD of $@", "missing compiler support")
+run-byte_reverse:
+   $(call skip-test, "RUN of byte_reverse", "not built")
+run-plugin-byte_reverse-with-%:
+   $(call skip-test, "RUN of byte_reverse ($*)", "not built")
+endif
+
 TESTS += $(PPC64_TESTS)
diff --git a/tests/tcg/ppc64le/Makefile.target 
b/tests/tcg/ppc64le/Makefile.target
index 1acfcff94a..c0c14ffbad 100644
--- a/tests/tcg/ppc64le/Makefile.target
+++ b/tests/tcg/ppc64le/Makefile.target
@@ -9,4 +9,17 @@ PPC64LE_TESTS=bcdsub
 endif
 bcdsub: CFLAGS += -mpower8-vector
 
+PPC64LE_TESTS += byte_reverse
+ifneq ($(DOCKER_IMAGE)$(CROSS_CC_HAS_POWER10),)
+run-byte_reverse: QEMU_OPTS+=-cpu POWER10
+run-plugin-byte_reverse-with-%: QEMU_OPTS+=-cpu POWER10
+else
+byte_reverse:
+   $(call skip-test, "BUILD of $@", "missing compiler support")
+run-byte_reverse:
+   $(call skip-test, "RUN of byte_reverse", "not built")
+run-plugin-byte_reverse-with-%:
+   $(call skip-test, "RUN of byte_reverse ($*)", "not built")
+endif
+
 TESTS += $(PPC64LE_TESTS)
-- 
2.20.1

[PULL 27/29] plugins: Move all typedef and type declaration to the front of the qemu-plugin.h

[Alex Bennée]

From: Yonggang Luo 

Signed-off-by: Yonggang Luo 
Signed-off-by: Alex Bennée 
Message-Id: <2021031818.434-3-luoyongg...@gmail.com>
Message-Id: <20210505092259.8202-3-alex.ben...@linaro.org>

diff --git a/include/qemu/qemu-plugin.h b/include/qemu/qemu-plugin.h
index 97cdfd7761..2cb17f3051 100644
--- a/include/qemu/qemu-plugin.h
+++ b/include/qemu/qemu-plugin.h
@@ -81,27 +81,6 @@ typedef struct qemu_info_t {
 };
 } qemu_info_t;
 
-/**
- * qemu_plugin_install() - Install a plugin
- * @id: this plugin's opaque ID
- * @info: a block describing some details about the guest
- * @argc: number of arguments
- * @argv: array of arguments (@argc elements)
- *
- * All plugins must export this symbol which is called when the plugin
- * is first loaded. Calling qemu_plugin_uninstall() from this function
- * is a bug.
- *
- * Note: @info is only live during the call. Copy any information we
- * want to keep. @argv remains valid throughout the lifetime of the
- * loaded plugin.
- *
- * Return: 0 on successful loading, !0 for an error.
- */
-QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id,
-   const qemu_info_t *info,
-   int argc, char **argv);
-
 /**
  * typedef qemu_plugin_simple_cb_t - simple callback
  * @id: the unique qemu_plugin_id_t
@@ -135,6 +114,98 @@ typedef void 
(*qemu_plugin_vcpu_simple_cb_t)(qemu_plugin_id_t id,
 typedef void (*qemu_plugin_vcpu_udata_cb_t)(unsigned int vcpu_index,
 void *userdata);
 
+/** struct qemu_plugin_tb - Opaque handle for a translation block */
+struct qemu_plugin_tb;
+/** struct qemu_plugin_insn - Opaque handle for a translated instruction */
+struct qemu_plugin_insn;
+
+/**
+ * enum qemu_plugin_cb_flags - type of callback
+ *
+ * @QEMU_PLUGIN_CB_NO_REGS: callback does not access the CPU's regs
+ * @QEMU_PLUGIN_CB_R_REGS: callback reads the CPU's regs
+ * @QEMU_PLUGIN_CB_RW_REGS: callback reads and writes the CPU's regs
+ *
+ * Note: currently unused, plugins cannot read or change system
+ * register state.
+ */
+enum qemu_plugin_cb_flags {
+QEMU_PLUGIN_CB_NO_REGS,
+QEMU_PLUGIN_CB_R_REGS,
+QEMU_PLUGIN_CB_RW_REGS,
+};
+
+enum qemu_plugin_mem_rw {
+QEMU_PLUGIN_MEM_R = 1,
+QEMU_PLUGIN_MEM_W,
+QEMU_PLUGIN_MEM_RW,
+};
+
+/**
+ * typedef qemu_plugin_vcpu_tb_trans_cb_t - translation callback
+ * @id: unique plugin id
+ * @tb: opaque handle used for querying and instrumenting a block.
+ */
+typedef void (*qemu_plugin_vcpu_tb_trans_cb_t)(qemu_plugin_id_t id,
+   struct qemu_plugin_tb *tb);
+
+/**
+ * enum qemu_plugin_op - describes an inline op
+ *
+ * @QEMU_PLUGIN_INLINE_ADD_U64: add an immediate value uint64_t
+ *
+ * Note: currently only a single inline op is supported.
+ */
+
+enum qemu_plugin_op {
+QEMU_PLUGIN_INLINE_ADD_U64,
+};
+
+/**
+ * typedef qemu_plugin_meminfo_t - opaque memory transaction handle
+ *
+ * This can be further queried using the qemu_plugin_mem_* query
+ * functions.
+ */
+typedef uint32_t qemu_plugin_meminfo_t;
+/** struct qemu_plugin_hwaddr - opaque hw address handle */
+struct qemu_plugin_hwaddr;
+
+typedef void
+(*qemu_plugin_vcpu_mem_cb_t)(unsigned int vcpu_index,
+ qemu_plugin_meminfo_t info, uint64_t vaddr,
+ void *userdata);
+
+typedef void
+(*qemu_plugin_vcpu_syscall_cb_t)(qemu_plugin_id_t id, unsigned int vcpu_index,
+ int64_t num, uint64_t a1, uint64_t a2,
+ uint64_t a3, uint64_t a4, uint64_t a5,
+ uint64_t a6, uint64_t a7, uint64_t a8);
+typedef void
+(*qemu_plugin_vcpu_syscall_ret_cb_t)(qemu_plugin_id_t id, unsigned int 
vcpu_idx,
+ int64_t num, int64_t ret);
+
+/**
+ * qemu_plugin_install() - Install a plugin
+ * @id: this plugin's opaque ID
+ * @info: a block describing some details about the guest
+ * @argc: number of arguments
+ * @argv: array of arguments (@argc elements)
+ *
+ * All plugins must export this symbol which is called when the plugin
+ * is first loaded. Calling qemu_plugin_uninstall() from this function
+ * is a bug.
+ *
+ * Note: @info is only live during the call. Copy any information we
+ * want to keep. @argv remains valid throughout the lifetime of the
+ * loaded plugin.
+ *
+ * Return: 0 on successful loading, !0 for an error.
+ */
+QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id,
+   const qemu_info_t *info,
+   int argc, char **argv);
+
 /**
  * qemu_plugin_uninstall() - Uninstall a plugin
  * @id: this plugin's opaque ID
@@ -205,41 +276,6 @@ void qemu_plugin_register_vcpu_idle_cb(qemu_plugin_id_t id,
 void qemu_plugin_register_vcpu_resume_cb(qemu_plugin_id_t id,
  qemu_plugin_vcpu_simple_cb_t c

[PATCH v4 3/9] qapi: start building an 'if' predicate tree

[marcandre . lureau]

From: Marc-André Lureau 

The following patches are going to express schema 'if' conditions in a
target language agnostic way. For that, let's start building a predicate
tree of the configuration options.

This intermediary steps still uses C-preprocessor expressions as
the predicates:

"if: [STR, ..]" is translated to a "IfCond -> IfAll ->
[IfOption, ..]" tree, which will generate "#if STR && .." C code.

Once the boolean operation tree nodes are introduced, the 'if'
expressions will be converted to replace the C syntax (no more
!defined(), &&, ...) and based only on option identifiers.

For now, the condition tree will be less expressive than a full C macro
expression as it will only support these operations: 'all', 'any' and
'not', the only ones needed so far.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Hajnoczi 
Tested-by: John Snow 
---
 docs/sphinx/qapidoc.py |  6 +--
 scripts/qapi/common.py | 51 ++
 scripts/qapi/schema.py | 17 ++--
 tests/qapi-schema/doc-good.out | 12 +++---
 tests/qapi-schema/qapi-schema-test.out | 58 +-
 tests/qapi-schema/test-qapi.py |  2 +-
 6 files changed, 102 insertions(+), 44 deletions(-)

diff --git a/docs/sphinx/qapidoc.py b/docs/sphinx/qapidoc.py
index b737949007..0f87fb16ce 100644
--- a/docs/sphinx/qapidoc.py
+++ b/docs/sphinx/qapidoc.py
@@ -112,12 +112,10 @@ def _make_section(self, title):
 def _nodes_for_ifcond(self, ifcond, with_if=True):
 """Return list of Text, literal nodes for the ifcond
 
-Return a list which gives text like ' (If: cond1, cond2, cond3)', where
-the conditions are in literal-text and the commas are not.
+Return a list which gives text like ' (If: condition)'.
 If with_if is False, we don't return the "(If: " and ")".
 """
-condlist = intersperse([nodes.literal('', c) for c in ifcond.ifcond],
-   nodes.Text(', '))
+condlist = [nodes.literal('', ifcond.docgen())]
 if not with_if:
 return condlist
 
diff --git a/scripts/qapi/common.py b/scripts/qapi/common.py
index 9ab1c9ca55..86dc2b228b 100644
--- a/scripts/qapi/common.py
+++ b/scripts/qapi/common.py
@@ -208,3 +208,54 @@ def gen_endif(cond: str) -> str:
 return mcgen('''
 #endif /* %(cond)s */
 ''', cond=cond)
+
+
+class IfPredicate:
+"""An 'if' condition predicate"""
+
+def cgen(self) -> str:
+raise NotImplementedError()
+
+def docgen(self) -> str:
+raise NotImplementedError()
+
+
+class IfOption(IfPredicate):
+def __init__(self, option: str):
+self.option = option
+
+def cgen(self) -> str:
+return self.option
+
+def docgen(self) -> str:
+return self.option
+
+def __repr__(self) -> str:
+return f"{type(self).__name__}({self.option!r})"
+
+def __eq__(self, other: object) -> bool:
+if not isinstance(other, IfOption):
+return NotImplemented
+return self.option == other.option
+
+
+class IfAll(IfPredicate):
+def __init__(self, pred_list: Sequence[IfPredicate]):
+self.pred_list = pred_list
+
+def cgen(self) -> str:
+return " && ".join([p.cgen() for p in self.pred_list])
+
+def docgen(self) -> str:
+return " and ".join([p.docgen() for p in self.pred_list])
+
+def __bool__(self) -> bool:
+return bool(self.pred_list)
+
+def __repr__(self) -> str:
+return f"{type(self).__name__}({self.pred_list!r})"
+
+def __eq__(self, other: object) -> bool:
+if not isinstance(other, IfAll):
+return NotImplemented
+return self.pred_list == other.pred_list
diff --git a/scripts/qapi/schema.py b/scripts/qapi/schema.py
index 0a187ba3f0..0c9675f3a2 100644
--- a/scripts/qapi/schema.py
+++ b/scripts/qapi/schema.py
@@ -19,7 +19,12 @@
 import re
 from typing import Optional
 
-from .common import POINTER_SUFFIX, c_name
+from .common import (
+POINTER_SUFFIX,
+IfAll,
+IfOption,
+c_name,
+)
 from .error import QAPISemError, QAPISourceError
 from .expr import check_exprs
 from .parser import QAPISchemaParser
@@ -28,18 +33,22 @@
 class QAPISchemaIfCond:
 def __init__(self, ifcond=None):
 self.ifcond = ifcond or []
+self.pred = IfAll([IfOption(opt) for opt in self.ifcond])
+
+def docgen(self):
+return self.pred.docgen()
 
 def cgen(self):
-return ' && '.join([i for i in self.ifcond])
+return self.pred.cgen()
 
 # Returns true if the condition is not void
 def __bool__(self):
-return bool(self.ifcond)
+return bool(self.pred)
 
 def __eq__(self, other):
 if not isinstance(other, QAPISchemaIfCond):
 return NotImplemented
-return self.ifcond == other.ifcond
+return self.pred == other.pred
 
 
 class QAPISchemaEntity:
diff --git a/tests/qapi-schema/doc-good.out b/tests/qapi-sch

Re: [PATCH v3 1/9] qapi: replace List[str] by QAPISchemaIfCond

[John Snow]

On 5/17/21 7:17 AM, Marc-André Lureau wrote:

Hi

On Thu, May 13, 2021 at 12:53 AM John Snow > wrote:


On 4/29/21 9:40 AM, marcandre.lur...@redhat.com
 wrote:
 > From: Marc-André Lureau mailto:marcandre.lur...@redhat.com>>
 >
 > Wrap the 'if' condition in a higher-level object. Not only this
allows
 > more type safety but also further refactoring without too much churn.
 >

Would have done it myself if I had gotten to it first. I like having a
named type for this, it matches the other properties we have.

 > The following patches will change the syntax of the schema 'if'
 > conditions to be predicate expressions, and will generate code for
 > different target languages (C, and Rust in another series).
 >
 > Signed-off-by: Marc-André Lureau mailto:marcandre.lur...@redhat.com>>
 > ---
 >   docs/sphinx/qapidoc.py     |  2 +-
 >   scripts/qapi/commands.py   |  4 +-
 >   scripts/qapi/events.py     |  5 ++-
 >   scripts/qapi/gen.py        | 14 +++
 >   scripts/qapi/introspect.py | 26 ++---
 >   scripts/qapi/schema.py     | 78
+++---
 >   scripts/qapi/types.py      | 33 
 >   scripts/qapi/visit.py      | 23 +--
 >   8 files changed, 110 insertions(+), 75 deletions(-)
 >
 > diff --git a/docs/sphinx/qapidoc.py b/docs/sphinx/qapidoc.py
 > index 87c67ab23f..b737949007 100644
 > --- a/docs/sphinx/qapidoc.py
 > +++ b/docs/sphinx/qapidoc.py
 > @@ -116,7 +116,7 @@ def _nodes_for_ifcond(self, ifcond,
with_if=True):
 >           the conditions are in literal-text and the commas are not.
 >           If with_if is False, we don't return the "(If: " and ")".
 >           """
 > -        condlist = intersperse([nodes.literal('', c) for c in
ifcond],
 > +        condlist = intersperse([nodes.literal('', c) for c in
ifcond.ifcond],
 >                                  nodes.Text(', '))
 >           if not with_if:
 >               return condlist
 > diff --git a/scripts/qapi/commands.py b/scripts/qapi/commands.py
 > index 0e13d51054..3654825968 100644
 > --- a/scripts/qapi/commands.py
 > +++ b/scripts/qapi/commands.py
 > @@ -17,7 +17,6 @@
 >       Dict,
 >       List,
 >       Optional,
 > -    Sequence,
 >       Set,
 >   )
 >
 > @@ -31,6 +30,7 @@
 >   from .schema import (
 >       QAPISchema,
 >       QAPISchemaFeature,
 > +    QAPISchemaIfCond,
 >       QAPISchemaObjectType,
 >       QAPISchemaType,
 >   )
 > @@ -301,7 +301,7 @@ def visit_end(self) -> None:
 >       def visit_command(self,
 >                         name: str,
 >                         info: Optional[QAPISourceInfo],
 > -                      ifcond: Sequence[str],
 > +                      ifcond: QAPISchemaIfCond,
 >                         features: List[QAPISchemaFeature],
 >                         arg_type: Optional[QAPISchemaObjectType],
 >                         ret_type: Optional[QAPISchemaType],
 > diff --git a/scripts/qapi/events.py b/scripts/qapi/events.py
 > index fee8c671e7..82475e84ec 100644
 > --- a/scripts/qapi/events.py
 > +++ b/scripts/qapi/events.py
 > @@ -12,7 +12,7 @@
 >   See the COPYING file in the top-level directory.
 >   """
 >
 > -from typing import List, Optional, Sequence
 > +from typing import List, Optional
 >
 >   from .common import c_enum_const, c_name, mcgen
 >   from .gen import QAPISchemaModularCVisitor, build_params, ifcontext
 > @@ -20,6 +20,7 @@
 >       QAPISchema,
 >       QAPISchemaEnumMember,
 >       QAPISchemaFeature,
 > +    QAPISchemaIfCond,
 >       QAPISchemaObjectType,
 >   )
 >   from .source import QAPISourceInfo
 > @@ -227,7 +228,7 @@ def visit_end(self) -> None:
 >       def visit_event(self,
 >                       name: str,
 >                       info: Optional[QAPISourceInfo],
 > -                    ifcond: Sequence[str],
 > +                    ifcond: QAPISchemaIfCond,
 >                       features: List[QAPISchemaFeature],
 >                       arg_type: Optional[QAPISchemaObjectType],
 >                       boxed: bool) -> None:
 > diff --git a/scripts/qapi/gen.py b/scripts/qapi/gen.py
 > index 1fa503bdbd..1c5b190276 100644
 > --- a/scripts/qapi/gen.py
 > +++ b/scripts/qapi/gen.py
 > @@ -18,7 +18,6 @@
 >       Dict,
 >       Iterator,
 >       Optional,
 > -    Sequence,
 >       Tuple,
 >   )
 >
 > @@ -32,6 +31,7 @@
 >       mcgen,
 >   )
 >   from .schema import (
 > +    QAPISchemaIfCond,
 >       QAPISchemaModule,
 >       QAPISchemaObjectType,
 >       QAPISchemaVisito

[PATCH v4 1/9] qapi: replace List[str] by QAPISchemaIfCond

[marcandre . lureau]

From: Marc-André Lureau 

Wrap the 'if' condition in a higher-level object. Not only this allows
more type safety but also further refactoring without too much churn.

The following patches will change the syntax of the schema 'if'
conditions to be predicate expressions, and will generate code for
different target languages (C, and Rust in another series).

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Hajnoczi 
Tested-by: John Snow 
---
 docs/sphinx/qapidoc.py |  2 +-
 scripts/qapi/commands.py   |  4 +-
 scripts/qapi/events.py |  5 ++-
 scripts/qapi/gen.py| 14 +++
 scripts/qapi/introspect.py | 26 ++--
 scripts/qapi/schema.py | 74 +++---
 scripts/qapi/types.py  | 33 +++
 scripts/qapi/visit.py  | 23 ++-
 tests/qapi-schema/test-qapi.py |  2 +-
 9 files changed, 106 insertions(+), 77 deletions(-)

diff --git a/docs/sphinx/qapidoc.py b/docs/sphinx/qapidoc.py
index 87c67ab23f..b737949007 100644
--- a/docs/sphinx/qapidoc.py
+++ b/docs/sphinx/qapidoc.py
@@ -116,7 +116,7 @@ def _nodes_for_ifcond(self, ifcond, with_if=True):
 the conditions are in literal-text and the commas are not.
 If with_if is False, we don't return the "(If: " and ")".
 """
-condlist = intersperse([nodes.literal('', c) for c in ifcond],
+condlist = intersperse([nodes.literal('', c) for c in ifcond.ifcond],
nodes.Text(', '))
 if not with_if:
 return condlist
diff --git a/scripts/qapi/commands.py b/scripts/qapi/commands.py
index 0e13d51054..3654825968 100644
--- a/scripts/qapi/commands.py
+++ b/scripts/qapi/commands.py
@@ -17,7 +17,6 @@
 Dict,
 List,
 Optional,
-Sequence,
 Set,
 )
 
@@ -31,6 +30,7 @@
 from .schema import (
 QAPISchema,
 QAPISchemaFeature,
+QAPISchemaIfCond,
 QAPISchemaObjectType,
 QAPISchemaType,
 )
@@ -301,7 +301,7 @@ def visit_end(self) -> None:
 def visit_command(self,
   name: str,
   info: Optional[QAPISourceInfo],
-  ifcond: Sequence[str],
+  ifcond: QAPISchemaIfCond,
   features: List[QAPISchemaFeature],
   arg_type: Optional[QAPISchemaObjectType],
   ret_type: Optional[QAPISchemaType],
diff --git a/scripts/qapi/events.py b/scripts/qapi/events.py
index fee8c671e7..82475e84ec 100644
--- a/scripts/qapi/events.py
+++ b/scripts/qapi/events.py
@@ -12,7 +12,7 @@
 See the COPYING file in the top-level directory.
 """
 
-from typing import List, Optional, Sequence
+from typing import List, Optional
 
 from .common import c_enum_const, c_name, mcgen
 from .gen import QAPISchemaModularCVisitor, build_params, ifcontext
@@ -20,6 +20,7 @@
 QAPISchema,
 QAPISchemaEnumMember,
 QAPISchemaFeature,
+QAPISchemaIfCond,
 QAPISchemaObjectType,
 )
 from .source import QAPISourceInfo
@@ -227,7 +228,7 @@ def visit_end(self) -> None:
 def visit_event(self,
 name: str,
 info: Optional[QAPISourceInfo],
-ifcond: Sequence[str],
+ifcond: QAPISchemaIfCond,
 features: List[QAPISchemaFeature],
 arg_type: Optional[QAPISchemaObjectType],
 boxed: bool) -> None:
diff --git a/scripts/qapi/gen.py b/scripts/qapi/gen.py
index 1fa503bdbd..1c5b190276 100644
--- a/scripts/qapi/gen.py
+++ b/scripts/qapi/gen.py
@@ -18,7 +18,6 @@
 Dict,
 Iterator,
 Optional,
-Sequence,
 Tuple,
 )
 
@@ -32,6 +31,7 @@
 mcgen,
 )
 from .schema import (
+QAPISchemaIfCond,
 QAPISchemaModule,
 QAPISchemaObjectType,
 QAPISchemaVisitor,
@@ -85,7 +85,7 @@ def write(self, output_dir: str) -> None:
 fp.write(text)
 
 
-def _wrap_ifcond(ifcond: Sequence[str], before: str, after: str) -> str:
+def _wrap_ifcond(ifcond: QAPISchemaIfCond, before: str, after: str) -> str:
 if before == after:
 return after   # suppress empty #if ... #endif
 
@@ -95,9 +95,9 @@ def _wrap_ifcond(ifcond: Sequence[str], before: str, after: 
str) -> str:
 if added[0] == '\n':
 out += '\n'
 added = added[1:]
-out += gen_if(ifcond)
+out += gen_if(ifcond.ifcond)
 out += added
-out += gen_endif(ifcond)
+out += gen_endif(ifcond.ifcond)
 return out
 
 
@@ -127,9 +127,9 @@ def build_params(arg_type: Optional[QAPISchemaObjectType],
 class QAPIGenCCode(QAPIGen):
 def __init__(self, fname: str):
 super().__init__(fname)
-self._start_if: Optional[Tuple[Sequence[str], str, str]] = None
+self._start_if: Optional[Tuple[QAPISchemaIfCond, str, str]] = None
 
-def start_if(self, ifcond: Sequence[str]) -> None:
+def start_if(self, ifcond: QAPISchemaIfCond) -> None:
 assert self._start_if is None
 self._start_if = (ifcond, s

[PULL 24/29] tests/tcg: don't allow clang as a cross compiler

[Alex Bennée]

Currently there are two problems.

The first is clang generates a preamble (that is always executed) to
stack xmm registers. This causes a ILLOP on the x86_64 softmmu tests
as SSE isn't enabled.

The second is the inline assembler in test-i386.c breaks clangs
compiler and I don't know how to fix it. Even with Theodore's patch
series (d5741445-7efd-4af1-8db2-e4afa93cb...@icloud.com) I still get
compiler failures.

For now lets just skip clang and allow it to fall back to the
containers which we know have compilers which work.

Signed-off-by: Alex Bennée 

diff --git a/tests/tcg/configure.sh b/tests/tcg/configure.sh
index d13d2bb388..016aa24ce4 100755
--- a/tests/tcg/configure.sh
+++ b/tests/tcg/configure.sh
@@ -105,6 +105,14 @@ for target in $target_list; do
   esac
 
   container_image=
+  container_hosts=
+  container_cross_cc=
+  container_cross_as=
+  container_cross_ld=
+
+  # suppress clang
+  supress_clang=
+
   case $target in
 aarch64-*)
   # We don't have any bigendian build tools so we only use this for AArch64
@@ -142,6 +150,7 @@ for target in $target_list; do
   container_hosts=x86_64
   container_image=fedora-i386-cross
   container_cross_cc=gcc
+  supress_clang=yes
   ;;
 m68k-*)
   container_hosts=x86_64
@@ -213,6 +222,7 @@ for target in $target_list; do
   container_hosts="aarch64 ppc64el x86_64"
   container_image=debian-amd64-cross
   container_cross_cc=x86_64-linux-gnu-gcc
+  supress_clang=yes
   ;;
 xtensa*-softmmu)
   container_hosts=x86_64
@@ -246,71 +256,75 @@ for target in $target_list; do
 if eval test "x\${cross_cc_$i+yes}" != xyes; then
   continue
 fi
+eval "target_compiler=\${cross_cc_$arch}"
 
-eval "target_compiler=\${cross_cc_$i}"
-if ! has $target_compiler; then
-  continue
-fi
-write_c_skeleton
-if ! do_compiler "$target_compiler" $target_compiler_cflags -o $TMPE $TMPC 
-static ; then
-  # For host systems we might get away with building without -static
-  if ! do_compiler "$target_compiler" $target_compiler_cflags -o $TMPE 
$TMPC ; then
-continue
-  fi
-  echo "CROSS_CC_GUEST_STATIC=y" >> $config_target_mak
-else
-  echo "CROSS_CC_GUEST_STATIC=y" >> $config_target_mak
+if has "$target_compiler"; then
+if test "$supress_clang" = yes &&
+$target_compiler --version | grep -qi "clang"; then
+got_cross_cc=no
+else
+write_c_skeleton
+if ! do_compiler "$target_compiler" $target_compiler_cflags \
+ -o $TMPE $TMPC -static ; then
+# For host systems we might get away with building without 
-static
+if do_compiler "$target_compiler" $target_compiler_cflags \
+   -o $TMPE $TMPC ; then
+got_cross_cc=yes
+echo "CROSS_CC_GUEST_STATIC=y" >> $config_target_mak
+echo "CROSS_CC_GUEST=$target_compiler" >> 
$config_target_mak
+fi
+else
+got_cross_cc=yes
+echo "CROSS_CC_GUEST_STATIC=y" >> $config_target_mak
+echo "CROSS_CC_GUEST=$target_compiler" >> $config_target_mak
+fi
+
+# Test for compiler features for optional tests. We only do this
+# for cross compilers because ensuring the docker containers based
+# compilers is a requirememt for adding a new test that needs a
+# compiler feature.
+case $target in
+aarch64-*)
+if do_compiler "$target_compiler" $target_compiler_cflags \
+   -march=armv8.1-a+sve -o $TMPE $TMPC; then
+echo "CROSS_CC_HAS_SVE=y" >> $config_target_mak
+fi
+if do_compiler "$target_compiler" $target_compiler_cflags \
+   -march=armv8.3-a -o $TMPE $TMPC; then
+echo "CROSS_CC_HAS_ARMV8_3=y" >> $config_target_mak
+fi
+if do_compiler "$target_compiler" $target_compiler_cflags \
+   -mbranch-protection=standard -o $TMPE 
$TMPC; then
+echo "CROSS_CC_HAS_ARMV8_BTI=y" >> $config_target_mak
+fi
+if do_compiler "$target_compiler" $target_compiler_cflags \
+   -march=armv8.5-a+memtag -o $TMPE $TMPC; then
+echo "CROSS_CC_HAS_ARMV8_MTE=y" >> $config_target_mak
+fi
+;;
+ppc*)
+if do_compiler "$target_compiler" $target_compiler_cflags \
+   -mpower8-vector -o $TMPE $TMPC; then
+echo "CROSS_CC_HAS_POWER8_VECTOR=y" >> 
$config_target_mak
+fi
+;;
+i386-l

Re: [PATCH 1/3] pc-bios/s390-ccw: Fix inline assembly for older versions of Clang

[Cornelia Huck]

On Wed, 12 May 2021 19:15:48 +0200
Thomas Huth  wrote:

> Clang versions before v11.0 insist on having the %rX or %cX register
> names instead of just a number. Since our Travis-CI is currently
> still using Clang v6.0, we have to fix this to avoid failing jobs.
> 
> Signed-off-by: Thomas Huth 
> ---
>  pc-bios/s390-ccw/helper.h   | 2 +-
>  pc-bios/s390-ccw/jump2ipl.c | 4 ++--
>  pc-bios/s390-ccw/menu.c | 8 
>  pc-bios/s390-ccw/virtio.c   | 2 +-
>  4 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/pc-bios/s390-ccw/helper.h b/pc-bios/s390-ccw/helper.h
> index dfcfea0ff0..3d0731c4c6 100644
> --- a/pc-bios/s390-ccw/helper.h
> +++ b/pc-bios/s390-ccw/helper.h
> @@ -31,7 +31,7 @@ static inline void *u32toptr(uint32_t n)
>  
>  static inline void yield(void)
>  {
> -asm volatile ("diag 0,0,0x44"
> +asm volatile ("diag %%r0,%%r0,0x44"
>: :
>: "memory", "cc");
>  }

Sigh, this really looks uglier, but if it pleases the compiler...

Reviewed-by: Cornelia Huck 

[PATCH v4 2/9] qapi: make gen_if/gen_endif take a simple string

[marcandre . lureau]

From: Marc-André Lureau 

Instead of building prepocessor conditions from a list of string, use
the result generated from QAPISchemaIfCond.cgen().

Signed-off-by: Marc-André Lureau 
---
 scripts/qapi/common.py | 22 ++
 scripts/qapi/gen.py|  4 ++--
 scripts/qapi/introspect.py |  4 ++--
 scripts/qapi/schema.py |  3 +++
 scripts/qapi/types.py  | 20 ++--
 scripts/qapi/visit.py  | 12 ++--
 6 files changed, 33 insertions(+), 32 deletions(-)

diff --git a/scripts/qapi/common.py b/scripts/qapi/common.py
index cbd3fd81d3..9ab1c9ca55 100644
--- a/scripts/qapi/common.py
+++ b/scripts/qapi/common.py
@@ -194,19 +194,17 @@ def guardend(name: str) -> str:
  name=c_fname(name).upper())
 
 
-def gen_if(ifcond: Sequence[str]) -> str:
-ret = ''
-for ifc in ifcond:
-ret += mcgen('''
+def gen_if(cond: str) -> str:
+if not cond:
+return ''
+return mcgen('''
 #if %(cond)s
-''', cond=ifc)
-return ret
+''', cond=cond)
 
 
-def gen_endif(ifcond: Sequence[str]) -> str:
-ret = ''
-for ifc in reversed(ifcond):
-ret += mcgen('''
+def gen_endif(cond: str) -> str:
+if not cond:
+return ''
+return mcgen('''
 #endif /* %(cond)s */
-''', cond=ifc)
-return ret
+''', cond=cond)
diff --git a/scripts/qapi/gen.py b/scripts/qapi/gen.py
index 1c5b190276..51a597a025 100644
--- a/scripts/qapi/gen.py
+++ b/scripts/qapi/gen.py
@@ -95,9 +95,9 @@ def _wrap_ifcond(ifcond: QAPISchemaIfCond, before: str, 
after: str) -> str:
 if added[0] == '\n':
 out += '\n'
 added = added[1:]
-out += gen_if(ifcond.ifcond)
+out += gen_if(ifcond.cgen())
 out += added
-out += gen_endif(ifcond.ifcond)
+out += gen_endif(ifcond.cgen())
 return out
 
 
diff --git a/scripts/qapi/introspect.py b/scripts/qapi/introspect.py
index 77a8c33ad4..474b08fd4d 100644
--- a/scripts/qapi/introspect.py
+++ b/scripts/qapi/introspect.py
@@ -124,10 +124,10 @@ def indent(level: int) -> str:
 if obj.comment:
 ret += indent(level) + f"/* {obj.comment} */\n"
 if obj.ifcond:
-ret += gen_if(obj.ifcond.ifcond)
+ret += gen_if(obj.ifcond.cgen())
 ret += _tree_to_qlit(obj.value, level)
 if obj.ifcond:
-ret += '\n' + gen_endif(obj.ifcond.ifcond)
+ret += '\n' + gen_endif(obj.ifcond.cgen())
 return ret
 
 ret = ''
diff --git a/scripts/qapi/schema.py b/scripts/qapi/schema.py
index 6d55add190..0a187ba3f0 100644
--- a/scripts/qapi/schema.py
+++ b/scripts/qapi/schema.py
@@ -29,6 +29,9 @@ class QAPISchemaIfCond:
 def __init__(self, ifcond=None):
 self.ifcond = ifcond or []
 
+def cgen(self):
+return ' && '.join([i for i in self.ifcond])
+
 # Returns true if the condition is not void
 def __bool__(self):
 return bool(self.ifcond)
diff --git a/scripts/qapi/types.py b/scripts/qapi/types.py
index 3673cf0f49..db9ff95bd1 100644
--- a/scripts/qapi/types.py
+++ b/scripts/qapi/types.py
@@ -51,13 +51,13 @@ def gen_enum_lookup(name: str,
 ''',
 c_name=c_name(name))
 for memb in members:
-ret += gen_if(memb.ifcond.ifcond)
+ret += gen_if(memb.ifcond.cgen())
 index = c_enum_const(name, memb.name, prefix)
 ret += mcgen('''
 [%(index)s] = "%(name)s",
 ''',
  index=index, name=memb.name)
-ret += gen_endif(memb.ifcond.ifcond)
+ret += gen_endif(memb.ifcond.cgen())
 
 ret += mcgen('''
 },
@@ -81,12 +81,12 @@ def gen_enum(name: str,
 c_name=c_name(name))
 
 for memb in enum_members:
-ret += gen_if(memb.ifcond.ifcond)
+ret += gen_if(memb.ifcond.cgen())
 ret += mcgen('''
 %(c_enum)s,
 ''',
  c_enum=c_enum_const(name, memb.name, prefix))
-ret += gen_endif(memb.ifcond.ifcond)
+ret += gen_endif(memb.ifcond.cgen())
 
 ret += mcgen('''
 } %(c_name)s;
@@ -126,7 +126,7 @@ def gen_array(name: str, element_type: QAPISchemaType) -> 
str:
 def gen_struct_members(members: List[QAPISchemaObjectTypeMember]) -> str:
 ret = ''
 for memb in members:
-ret += gen_if(memb.ifcond.ifcond)
+ret += gen_if(memb.ifcond.cgen())
 if memb.optional:
 ret += mcgen('''
 bool has_%(c_name)s;
@@ -136,7 +136,7 @@ def gen_struct_members(members: 
List[QAPISchemaObjectTypeMember]) -> str:
 %(c_type)s %(c_name)s;
 ''',
  c_type=memb.type.c_type(), c_name=c_name(memb.name))
-ret += gen_endif(memb.ifcond.ifcond)
+ret += gen_endif(memb.ifcond.cgen())
 return ret
 
 
@@ -159,7 +159,7 @@ def gen_object(name: str, ifcond: QAPISchemaIfCond,
 ret += mcgen('''
 
 ''')
-ret += gen_if(ifcond.ifcond)
+ret += gen_if(ifcond.cgen())
 ret += mcgen('''
 struct %(c_name)s {
 ''',
@@ -193,7 +193,7 @@ def gen_object(name: str, ifcond: QAPISchemaIfCond,
 ret

[PATCH v4 0/9] qapi: untie 'if' conditions from C preprocessor

[marcandre . lureau]

From: Marc-André Lureau 

Hi,

This series makes the 'if' conditions less liberal, by formalizing a simple
expression tree based on bare boolean logic of configure option identifiers.

(this allows to express conditions in Rust in my QAPI-Rust PoC series)

thanks

v4:
 - keep gen_if/gen_endif in common.py, reducing C codegen in schema.py
 - raise NotImplemented instead of False for unhandled __eq__
 - change check_if() to keep the json/raw form, add _make_if() to build a
   QAPISchemaIfCond
 - improve __repr__ usage
 - drop ABC usage
 - tweaks here and there
 - add various commit tags

v3:
 - rebasing on queued pt4 (after waiting for it to land)
 - improve documentation generation, to be more human-friendly
 - drop typing annotations from schema.py (not yet queued)
 - commit message tweaks

v2:
 - fix the normalization step to handle recursive expr
 - replace IfCond by QAPISchemaIf (JohnS)
 - commit message and documentation tweaks
 - mypy/flake8/isort

Marc-André Lureau (9):
  qapi: replace List[str] by QAPISchemaIfCond
  qapi: make gen_if/gen_endif take a simple string
  qapi: start building an 'if' predicate tree
  qapi: introduce IfPredicateList and IfAny
  qapi: add IfNot
  qapi: normalize 'if' condition to IfPredicate tree
  qapi: convert 'if' C-expressions to the new syntax tree
  qapi: make 'if' condition strings simple identifiers
  docs: update the documentation about schema configuration

 docs/devel/qapi-code-gen.txt  |  33 ++---
 docs/sphinx/qapidoc.py|   6 +-
 qapi/block-core.json  |  16 +--
 qapi/block-export.json|   6 +-
 qapi/char.json|   8 +-
 qapi/machine-target.json  |  28 +++--
 qapi/migration.json   |  10 +-
 qapi/misc-target.json |  36 --
 qapi/qom.json |  10 +-
 qapi/sockets.json |   4 +-
 qapi/ui.json  |  48 
 qga/qapi-schema.json  |   8 +-
 tests/unit/test-qmp-cmds.c|   1 +
 scripts/qapi/commands.py  |   4 +-
 scripts/qapi/common.py| 116 --
 scripts/qapi/events.py|   5 +-
 scripts/qapi/expr.py  |  53 +---
 scripts/qapi/gen.py   |  14 +--
 scripts/qapi/introspect.py|  26 ++--
 scripts/qapi/schema.py| 112 +
 scripts/qapi/types.py |  33 ++---
 scripts/qapi/visit.py |  23 ++--
 .../alternate-branch-if-invalid.err   |   2 +-
 tests/qapi-schema/bad-if-empty.err|   2 +-
 tests/qapi-schema/bad-if-list.err |   2 +-
 tests/qapi-schema/bad-if.err  |   3 +-
 tests/qapi-schema/bad-if.json |   2 +-
 tests/qapi-schema/doc-good.json   |   6 +-
 tests/qapi-schema/doc-good.out|  12 +-
 tests/qapi-schema/doc-good.txt|   6 +-
 tests/qapi-schema/enum-if-invalid.err |   3 +-
 tests/qapi-schema/features-if-invalid.err |   2 +-
 tests/qapi-schema/features-missing-name.json  |   2 +-
 tests/qapi-schema/qapi-schema-test.json   |  58 +
 tests/qapi-schema/qapi-schema-test.out|  67 +-
 .../qapi-schema/struct-member-if-invalid.err  |   2 +-
 tests/qapi-schema/test-qapi.py|   2 +-
 tests/qapi-schema/union-branch-if-invalid.err |   2 +-
 38 files changed, 493 insertions(+), 280 deletions(-)

-- 
2.29.0

Re: [PATCH 3/3] pc-bios/s390-ccw: Add a proper prototype for main()

[Cornelia Huck]

On Wed, 12 May 2021 19:15:50 +0200
Thomas Huth  wrote:

> Older versions of Clang complain if there is no prototype for main().
> Add one, and while we're at it, make sure that we use the same type
> for main.c and netmain.c - since the return value does not matter,
> declare the return type of main() as "void".
> 
> Signed-off-by: Thomas Huth 
> ---
>  pc-bios/s390-ccw/main.c | 3 +--
>  pc-bios/s390-ccw/s390-ccw.h | 1 +
>  2 files changed, 2 insertions(+), 2 deletions(-)

It's probably not strictly needed for both to have the same prototype,
but this looks sane to me.

Reviewed-by: Cornelia Huck 

Re: [RFC PATCH v3 6/9] hw/arm/virt-acpi-build: Use possible cpus in generation of MADT

[wangyanan (Y)]

Hi Drew,

On 2021/5/17 15:42, Andrew Jones wrote:

On Sun, May 16, 2021 at 06:28:57PM +0800, Yanan Wang wrote:

When building ACPI tables regarding CPUs we should always build
them for the number of possible CPUs, not the number of present
CPUs. So we create gicc nodes in MADT for possible cpus and then
ensure only the present CPUs are marked ENABLED. Furthermore, it
also needed if we are going to support CPU hotplug in the future.

Co-developed-by: Andrew Jones 
Signed-off-by: Andrew Jones 
Co-developed-by: Ying Fang 
Signed-off-by: Ying Fang 
Co-developed-by: Yanan Wang 
Signed-off-by: Yanan Wang 
---
  hw/arm/virt-acpi-build.c | 29 +
  1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index a2d8e87616..4d64aeb865 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -481,6 +481,9 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
VirtMachineState *vms)
  const int *irqmap = vms->irqmap;
  AcpiMadtGenericDistributor *gicd;
  AcpiMadtGenericMsiFrame *gic_msi;
+MachineClass *mc = MACHINE_GET_CLASS(vms);
+const CPUArchIdList *possible_cpus = 
mc->possible_cpu_arch_ids(MACHINE(vms));
+bool pmu;
  int i;
  
  acpi_data_push(table_data, sizeof(AcpiMultipleApicTable));

@@ -491,11 +494,21 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
VirtMachineState *vms)
  gicd->base_address = cpu_to_le64(memmap[VIRT_GIC_DIST].base);
  gicd->version = vms->gic_version;
  
-for (i = 0; i < MACHINE(vms)->smp.cpus; i++) {

+for (i = 0; i < possible_cpus->len; i++) {
  AcpiMadtGenericCpuInterface *gicc = acpi_data_push(table_data,
 sizeof(*gicc));
  ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(i));
  
+/*

+ * PMU should have been either implemented for all CPUs or not,
+ * so we only get information from the first CPU, which could
+ * represent the others.
+ */
+if (i == 0) {
+pmu = arm_feature(&armcpu->env, ARM_FEATURE_PMU);
+}
+assert(!armcpu || arm_feature(&armcpu->env, ARM_FEATURE_PMU) == pmu);

This doesn't belong in this patch. The commit message doesn't even mention
it. Also, I don't think we should do this here at all. If we want to
ensure that all cpus have a pmu when one does, then that should be done
somewhere like machvirt_init(), not in ACPI generation code which doesn't
even run for non-ACPI VMs.

Sorry, I should have stated the reason of this change in the commit message.
Actually code change here and mp_affinity part below aim to make it correct
to create gicc entries for all possible cpus.

We only initialize and realize cpuobj for present cpus in machvirt_init,
so that we will get null ARMCPU pointer here for the non-present cpus,
and consequently we won't able to check from "armcpu->env" for the
non-present cpus. The same about "armcpu->mp_affinity".

That's the reason I use PMU configuration of the first cpu to represent the
others. I assume all cpus should have a pmu when one does here since it's
how armcpu->env is initialized. And the assert seems not needed here.

Is there any better alternative way about this?

+
  gicc->type = ACPI_APIC_GENERIC_CPU_INTERFACE;
  gicc->length = sizeof(*gicc);
  if (vms->gic_version == 2) {
@@ -504,11 +517,19 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
VirtMachineState *vms)
  gicc->gicv_base_address = cpu_to_le64(memmap[VIRT_GIC_VCPU].base);
  }
  gicc->cpu_interface_number = cpu_to_le32(i);
-gicc->arm_mpidr = cpu_to_le64(armcpu->mp_affinity);
+gicc->arm_mpidr = cpu_to_le64(possible_cpus->cpus[i].arch_id);

Hmm, I think we may have a problem. I don't think there's any guarantee
that possible_cpus->cpus[i].arch_id == armcpu->mp_affinity, because
arch_id comes from virt_cpu_mp_affinity(), which is arm_cpu_mp_affinity,
but with a variable cluster size, however mp_affinity comes from
arm_cpu_mp_affinity with a set cluster size. Also, when KVM is used,
then all bets are off as to what mp_affinity is.

Right! Arch_id is initialized by virt_cpu_mp_affinity() in machvirt and then
mp_affinity is initialized by arch_id. Here they two have the same value.

But mp_affinity will be overridden in kvm_arch_init_vcpu() when KVM is
enabled. Here they two won't have the same value.

We need to add some code that ensures arch_id == mp_affinity,

Can we also update the arch_id at the same time when we change mp_affinity?

and, for
now, we should stick with mp_affinity, since, at least when KVM is used,
that's the correct one.
I also prefer sticking with mp_affinity, if the problem I explain about 
ARMCPU

above can be perfectly solved.

  gicc->uid = cpu_to_le32(i);
-gicc->flags = cpu_to_le32(ACPI_MADT_GICC_ENABLED);
  
-if (arm_feature(&armcpu->env, ARM_FEATURE_PMU)) {

+   

Re: [PATCH v6 04/26] plugins: Drop tcg_flags from struct qemu_plugin_dyn_cb

[Richard Henderson]

On 5/16/21 7:53 AM, Philippe Mathieu-Daudé wrote:

-op->args[*cb_idx + 1] = tcg_flags;
+op->args[*cb_idx + 1] = (*begin_op)->args[*cb_idx + 1];


I don't understand this change, can you explain?


This patch drops a mostly-unimplemented feature from plugins, where in theory 
the registration of the plugin would specify the TCG_CALL_* flags.


Instead, take the flags from the plugin template function -- i.e. copy them 
across from the original begin_op.



-static inline uint32_t cb_to_tcg_flags(enum qemu_plugin_cb_flags flags)
-{
-uint32_t ret;
-
-switch (flags) {
-case QEMU_PLUGIN_CB_RW_REGS:
-ret = 0;
-break;
-case QEMU_PLUGIN_CB_R_REGS:
-ret = TCG_CALL_NO_WG;
-break;
-case QEMU_PLUGIN_CB_NO_REGS:
-default:
-ret = TCG_CALL_NO_RWG;
-}
-return ret;
-}


This is where the plugin interface was supposed to convert flags from one form 
to another.  This got stored in a structure and then passed along as an 
argument to the function containing that first hunk above.



r~

[PULL 25/29] configure: use cc, not host_cc to set cross_cc for build arch

[Alex Bennée]

Otherwise you run into hilarity like trying when cross compiling a 32
bit ARM build on a 64 bit system trying to use host_cc to build 32 bit
test cases.

Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20210512102051.12134-32-alex.ben...@linaro.org>

diff --git a/configure b/configure
index df11c8bad0..9470fff09a 100755
--- a/configure
+++ b/configure
@@ -1651,7 +1651,7 @@ case "$cpu" in
 # No special flags required for other host CPUs
 esac
 
-eval "cross_cc_${cpu}=\$host_cc"
+eval "cross_cc_${cpu}=\$cc"
 cross_cc_vars="$cross_cc_vars cross_cc_${cpu}"
 QEMU_CFLAGS="$CPU_CFLAGS $QEMU_CFLAGS"
 
-- 
2.20.1

[PULL 16/29] tests/tcg/tricore: Add fadd test

[Alex Bennée]

From: Bastian Koppelmann 

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Tested-by: Alex Bennée 
Message-Id: <20210305170045.869437-11-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-21-alex.ben...@linaro.org>

diff --git a/tests/tcg/tricore/Makefile.softmmu-target 
b/tests/tcg/tricore/Makefile.softmmu-target
index 799b51191e..e7adb16af9 100644
--- a/tests/tcg/tricore/Makefile.softmmu-target
+++ b/tests/tcg/tricore/Makefile.softmmu-target
@@ -7,6 +7,7 @@ TESTS += test_abs.tst
 TESTS += test_bmerge.tst
 TESTS += test_clz.tst
 TESTS += test_dvstep.tst
+TESTS += test_fadd.tst
 
 QEMU_OPTS += -M tricore_testboard -nographic -kernel
 
diff --git a/tests/tcg/tricore/test_fadd.S b/tests/tcg/tricore/test_fadd.S
new file mode 100644
index 00..1a65054803
--- /dev/null
+++ b/tests/tcg/tricore/test_fadd.S
@@ -0,0 +1,16 @@
+#include "macros.h"
+.text
+.global _start
+_start:
+TEST_D_DD_PSW(add.f, 1, 0x7fc0, 0x0b80, 0xff85, 0x1234)
+TEST_D_DD_PSW(add.f, 2, 0xf9c0, 0x0b80, 0xf940, 0xf940)
+TEST_D_DD_PSW(add.f, 3, 0x8bb858ca, 0x0b80, 0x8b3858ca, 0x8b3858ca)
+TEST_D_DD_PSW(add.f, 4, 0x, 0x0b80, 0x00ff, 0x)
+TEST_D_DD_PSW(add.f, 5, 0x7fc0, 0x0b80, 0xfe52, 0x0a4cf70c)
+TEST_D_DD_PSW(add.f, 6, 0x9e6d5076, 0x84000b80, 0x9ded50ec, 0x9ded4fff)
+TEST_D_DD_PSW(add.f, 7, 0x, 0x04000b80, 0xe8bd, 0x)
+TEST_D_DD_PSW(add.f, 8, 0x7fc0, 0xc4000b80, 0xffad546e, 0xffad546e)
+TEST_D_DD_PSW(add.f, 9, 0x7fc0, 0x04000b80, 0xfffe, 0x0813)
+
+TEST_PASSFAIL
+
-- 
2.20.1

Re: [PATCH 06/21] block/backup: drop support for copy_range

[Max Reitz]

On 17.05.21 08:44, Vladimir Sementsov-Ogievskiy wrote:

copy_range is not a default behavior since 6a30f663d4c0b3c, and it's
now available only though x-perf experimantal argument, so it's OK to
drop it.

Even when backup is used to copy disk to same filesystem, and
filesystem supports zero-copy copy_range, copy_range is probably not
what we want for backup: backup has good property of making a copy of
active disk, with no impact to active disk itself (unlike creating a
snapshot). And if copy_range instead of copying data adds fs-level
references, and on next guest write COW operation occurs, it's seems
most possible, that new block will be allocated for original vm disk,
not for backup disk. Thus, fragmentation of original disk will
increase.


Good point.


We can simply add support back on demand. Now we want to publish
copy-before-write filter, and instead of thinking how to pass
use-copy-range argument to block-copy (create x-block-copy parameter
for new public filter driver, or may be set it by hand after filter
node creation?), instead of this let's just drop copy-range support in
backup for now.

After this patch copy-range support in block-copy becomes unused. Let's
keep it for a while, it won't hurt:

1. If there would be request for supporting copy_range in backup
(and/or in a new public copy-before-write filter), it will be easy
to satisfy it.

2. Probably, qemu-img convert will reuse block-copy, and qemu-img has
option to enable copy-range. qemu-img convert is not a backup, and
copy_range may be more reasonable for some cases in context of
qemu-img convert.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
  block/copy-before-write.h | 1 -
  block/backup.c| 3 +--
  block/copy-before-write.c | 4 +---
  3 files changed, 2 insertions(+), 6 deletions(-)


Reviewed-by: Max Reitz 

[PULL 19/29] tests/tcg/tricore: Add madd test

[Alex Bennée]

From: Bastian Koppelmann 

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Tested-by: Alex Bennée 
Message-Id: <20210305170045.869437-14-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-24-alex.ben...@linaro.org>

diff --git a/tests/tcg/tricore/macros.h b/tests/tcg/tricore/macros.h
index e6a41cd1a2..0d76fc403a 100644
--- a/tests/tcg/tricore/macros.h
+++ b/tests/tcg/tricore/macros.h
@@ -9,6 +9,7 @@
 /* Register definitions */
 #define DREG_RS1 %d0
 #define DREG_RS2 %d1
+#define DREG_RS3 %d4
 #define DREG_CALC_RESULT %d1
 #define DREG_CALC_PSW %d2
 #define DREG_CORRECT_PSW %d3
@@ -85,6 +86,23 @@ test_ ## num:
  \
 insn DREG_CALC_RESULT, DREG_RS1, DREG_RS2;  \
 )
 
+#define TEST_D_DDD_PSW(insn, num, result, psw, rs1, rs2, rs3) \
+TEST_CASE_PSW(num, DREG_CALC_RESULT, result, psw, \
+LI(DREG_RS1, rs1);\
+LI(DREG_RS2, rs2);\
+LI(DREG_RS3, rs3);\
+rstv; \
+insn DREG_CALC_RESULT, DREG_RS1, DREG_RS2, DREG_RS3;  \
+)
+
+#define TEST_D_DDI_PSW(insn, num, result, psw, rs1, rs2, imm) \
+TEST_CASE_PSW(num, DREG_CALC_RESULT, result, psw, \
+LI(DREG_RS1, rs1);\
+LI(DREG_RS2, rs2);\
+rstv; \
+insn DREG_CALC_RESULT, DREG_RS1, DREG_RS2, imm;   \
+)
+
 #define TEST_E_ED(insn, num, res_hi, res_lo, rs1_hi, rs1_lo, rs2) \
 TEST_CASE_E(num, res_lo, res_hi,  \
 LI(EREG_RS1_LO, rs1_lo);  \
diff --git a/tests/tcg/tricore/Makefile.softmmu-target 
b/tests/tcg/tricore/Makefile.softmmu-target
index fcc7b6c1c9..8de005523e 100644
--- a/tests/tcg/tricore/Makefile.softmmu-target
+++ b/tests/tcg/tricore/Makefile.softmmu-target
@@ -10,6 +10,7 @@ TESTS += test_dvstep.tst
 TESTS += test_fadd.tst
 TESTS += test_fmul.tst
 TESTS += test_ftoi.tst
+TESTS += test_madd.tst
 
 QEMU_OPTS += -M tricore_testboard -nographic -kernel
 
diff --git a/tests/tcg/tricore/test_madd.S b/tests/tcg/tricore/test_madd.S
new file mode 100644
index 00..5d839772bb
--- /dev/null
+++ b/tests/tcg/tricore/test_madd.S
@@ -0,0 +1,11 @@
+#include "macros.h"
+.text
+.global _start
+_start:
+TEST_D_DDI_PSW(madd,1, 0xfffd, 0x6b80, 0x, 
0x7fff,2)
+TEST_D_DDI_PSW(madd,2, 0x7fff, 0x6b80, 0x8001, 
0x7fff,2)
+TEST_D_DDD_PSW(madds.u, 3, 0x, 0x6b80, 0x, 0x8000, 
\
+ 0x8000)
+
+TEST_PASSFAIL
+
-- 
2.20.1

Re: [PATCH 1/5] docs: fix references to docs/devel/tracing.rst

[Cornelia Huck]

On Mon, 17 May 2021 17:16:58 +0200
Stefano Garzarella  wrote:

> Commit e50caf4a5c ("tracing: convert documentation to rST")
> converted docs/devel/tracing.txt to docs/devel/tracing.rst.
> 
> We still have several references to the old file, so let's fix them
> with the following command:
> 
>   sed -i s/tracing.txt/tracing.rst/ $(git grep -l docs/devel/tracing.txt)
> 
> Signed-off-by: Stefano Garzarella 
> ---
>  MAINTAINERS | 2 +-
>  accel/kvm/trace-events  | 2 +-
>  accel/tcg/trace-events  | 2 +-
>  audio/trace-events  | 2 +-
>  authz/trace-events  | 2 +-
>  backends/tpm/trace-events   | 2 +-
>  backends/trace-events   | 2 +-
>  block/trace-events  | 2 +-
>  chardev/trace-events| 2 +-
>  crypto/trace-events | 2 +-
>  hw/9pfs/trace-events| 2 +-
>  hw/acpi/trace-events| 2 +-
>  hw/adc/trace-events | 2 +-
>  hw/alpha/trace-events   | 2 +-
>  hw/arm/trace-events | 2 +-
>  hw/audio/trace-events   | 2 +-
>  hw/block/dataplane/trace-events | 2 +-
>  hw/block/trace-events   | 2 +-
>  hw/char/trace-events| 2 +-
>  hw/display/trace-events | 2 +-
>  hw/dma/trace-events | 2 +-
>  hw/gpio/trace-events| 2 +-
>  hw/hppa/trace-events| 2 +-
>  hw/i2c/trace-events | 2 +-
>  hw/i386/trace-events| 2 +-
>  hw/i386/xen/trace-events| 2 +-
>  hw/ide/trace-events | 2 +-
>  hw/input/trace-events   | 2 +-
>  hw/intc/trace-events| 2 +-
>  hw/isa/trace-events | 2 +-
>  hw/mem/trace-events | 2 +-
>  hw/misc/macio/trace-events  | 2 +-
>  hw/misc/trace-events| 2 +-
>  hw/net/trace-events | 2 +-
>  hw/nvram/trace-events   | 2 +-
>  hw/pci-host/trace-events| 2 +-
>  hw/pci/trace-events | 2 +-
>  hw/ppc/trace-events | 2 +-
>  hw/rdma/trace-events| 2 +-
>  hw/rdma/vmw/trace-events| 2 +-
>  hw/rtc/trace-events | 2 +-
>  hw/s390x/trace-events   | 2 +-
>  hw/scsi/trace-events| 2 +-
>  hw/sd/trace-events  | 2 +-
>  hw/sparc/trace-events   | 2 +-
>  hw/sparc64/trace-events | 2 +-
>  hw/timer/trace-events   | 2 +-
>  hw/tpm/trace-events | 2 +-
>  hw/usb/trace-events | 2 +-
>  hw/vfio/trace-events| 2 +-
>  hw/virtio/trace-events  | 2 +-
>  hw/watchdog/trace-events| 2 +-
>  hw/xen/trace-events | 2 +-
>  io/trace-events | 2 +-
>  linux-user/trace-events | 2 +-
>  migration/trace-events  | 2 +-
>  monitor/trace-events| 2 +-
>  nbd/trace-events| 2 +-
>  net/trace-events| 2 +-
>  qapi/trace-events   | 2 +-
>  qom/trace-events| 2 +-
>  scripts/simpletrace.py  | 2 +-
>  scsi/trace-events   | 2 +-
>  softmmu/trace-events| 2 +-
>  target/arm/trace-events | 2 +-
>  target/hppa/trace-events| 2 +-
>  target/i386/kvm/trace-events| 2 +-
>  target/i386/trace-events| 2 +-
>  target/mips/trace-events| 2 +-
>  target/ppc/trace-events | 2 +-
>  target/s390x/trace-events   | 2 +-
>  target/sparc/trace-events   | 2 +-
>  trace-events| 2 +-
>  ui/trace-events | 2 +-
>  util/trace-events   | 2 +-
>  75 files changed, 75 insertions(+), 75 deletions(-)

Acked-by: Cornelia Huck  (mostly for the s390x parts)

[PULL 14/29] tests/tcg/tricore: Add clz test

[Alex Bennée]

From: Bastian Koppelmann 

[AJB: dropped duplicate Makefile]

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Tested-by: Alex Bennée 
Message-Id: <20210305170045.869437-9-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-19-alex.ben...@linaro.org>

diff --git a/tests/tcg/tricore/Makefile.softmmu-target 
b/tests/tcg/tricore/Makefile.softmmu-target
index de6a2cc88e..a9b81545e2 100644
--- a/tests/tcg/tricore/Makefile.softmmu-target
+++ b/tests/tcg/tricore/Makefile.softmmu-target
@@ -5,6 +5,7 @@ ASFLAGS =
 
 TESTS += test_abs.tst
 TESTS += test_bmerge.tst
+TESTS += test_clz.tst
 
 QEMU_OPTS += -M tricore_testboard -nographic -kernel
 
diff --git a/tests/tcg/tricore/test_clz.S b/tests/tcg/tricore/test_clz.S
new file mode 100644
index 00..e03835f123
--- /dev/null
+++ b/tests/tcg/tricore/test_clz.S
@@ -0,0 +1,9 @@
+#include "macros.h"
+.text
+.global _start
+_start:
+TEST_D_D(cls.h, 1, 0x0, 0x6db17976)
+TEST_D_D(cls.h, 2, 0x000f000f, 0x0)
+
+TEST_PASSFAIL
+
-- 
2.20.1

[PULL 21/29] tests/tcg/tricore: Add muls test

[Alex Bennée]

From: Bastian Koppelmann 

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Tested-by: Alex Bennée 
Message-Id: <20210305170045.869437-16-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-26-alex.ben...@linaro.org>

diff --git a/tests/tcg/tricore/Makefile.softmmu-target 
b/tests/tcg/tricore/Makefile.softmmu-target
index 0fe6a86482..5007c60ce8 100644
--- a/tests/tcg/tricore/Makefile.softmmu-target
+++ b/tests/tcg/tricore/Makefile.softmmu-target
@@ -12,6 +12,7 @@ TESTS += test_fmul.tst
 TESTS += test_ftoi.tst
 TESTS += test_madd.tst
 TESTS += test_msub.tst
+TESTS += test_muls.tst
 
 QEMU_OPTS += -M tricore_testboard -nographic -kernel
 
diff --git a/tests/tcg/tricore/test_muls.S b/tests/tcg/tricore/test_muls.S
new file mode 100644
index 00..ca517556bc
--- /dev/null
+++ b/tests/tcg/tricore/test_muls.S
@@ -0,0 +1,9 @@
+#include "macros.h"
+.text
+.global _start
+_start:
+TEST_D_DD_PSW(muls.u, 1, 0x, 0x78000b80, 0x8001, 0x)
+TEST_D_DD_PSW(muls.u, 2, 0x, 0x6b80, 0xfffe, 0x)
+
+TEST_PASSFAIL
+
-- 
2.20.1

Re: [PATCH 00/10] Python: delint iotests, machine.py and console_socket.py

[John Snow]

On 5/12/21 5:46 PM, John Snow wrote:

gitlab CI: https://gitlab.com/jsnow/qemu/-/pipelines/301924893
branch: https://gitlab.com/jsnow/qemu/-/commits/python-package-pre-cleanup

This series serves as a pre-requisite for packaging the python series
and getting the linters running via CI. The first patch fixes a linter
error we've had for a while now; the subsequent 9 fix a new warning that
was recently added to pylint 2.8.x.

If there's nobody opposed, I'll take it through my Python queue,
including the iotests bits.

John Snow (10):
   python/console_socket: avoid one-letter variable
   python/machine: use subprocess.DEVNULL instead of
 open(os.path.devnull)
   python/machine: use subprocess.run instead of subprocess.Popen
   python/console_socket: Add a pylint ignore
   python/machine: Disable pylint warning for open() in _pre_launch
   python/machine: disable warning for Popen in _launch()
   iotests: use subprocess.run where possible
   iotests: use 'with open()' where applicable
   iotests: silence spurious consider-using-with warnings
   iotests: ensure that QemuIoInteractive definitely closes

  python/qemu/console_socket.py| 11 ---
  python/qemu/machine.py   | 28 ++--
  tests/qemu-iotests/iotests.py| 55 +++-
  tests/qemu-iotests/testrunner.py |  1 +
  4 files changed, 57 insertions(+), 38 deletions(-)



The iotests stuff was handled by Emanuele Giuseppe Esposito instead, and 
-- I must admit -- better than I did. Dropping patches 7-10.


--js

[PULL 18/29] tests/tcg/tricore: Add ftoi test

[Alex Bennée]

From: Bastian Koppelmann 

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Tested-by: Alex Bennée 
Message-Id: <20210305170045.869437-13-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-23-alex.ben...@linaro.org>

diff --git a/tests/tcg/tricore/macros.h b/tests/tcg/tricore/macros.h
index 59b4b9a352..e6a41cd1a2 100644
--- a/tests/tcg/tricore/macros.h
+++ b/tests/tcg/tricore/macros.h
@@ -70,6 +70,13 @@ test_ ## num:
  \
 insn DREG_CALC_RESULT, DREG_RS1;  \
 )
 
+#define TEST_D_D_PSW(insn, num, result, psw, rs1) \
+TEST_CASE_PSW(num, DREG_CALC_RESULT, result, psw, \
+LI(DREG_RS1, rs1);\
+rstv; \
+insn DREG_CORRECT_RESULT, DREG_RS1;   \
+)
+
 #define TEST_D_DD_PSW(insn, num, result, psw, rs1, rs2) \
 TEST_CASE_PSW(num, DREG_CALC_RESULT, result, psw,   \
 LI(DREG_RS1, rs1);  \
diff --git a/tests/tcg/tricore/Makefile.softmmu-target 
b/tests/tcg/tricore/Makefile.softmmu-target
index 34da1f37de..fcc7b6c1c9 100644
--- a/tests/tcg/tricore/Makefile.softmmu-target
+++ b/tests/tcg/tricore/Makefile.softmmu-target
@@ -9,6 +9,7 @@ TESTS += test_clz.tst
 TESTS += test_dvstep.tst
 TESTS += test_fadd.tst
 TESTS += test_fmul.tst
+TESTS += test_ftoi.tst
 
 QEMU_OPTS += -M tricore_testboard -nographic -kernel
 
diff --git a/tests/tcg/tricore/test_ftoi.S b/tests/tcg/tricore/test_ftoi.S
new file mode 100644
index 00..fb4af6b5aa
--- /dev/null
+++ b/tests/tcg/tricore/test_ftoi.S
@@ -0,0 +1,10 @@
+#include "macros.h"
+.text
+.global _start
+_start:
+TEST_D_D_PSW(ftoi, 1, 0x0, 0x84000b80, 0x05f6e605)
+TEST_D_D_PSW(ftoi, 2, 0x0, 0x04000b80, 0x00012200)
+TEST_D_D_PSW(ftoi, 3, 0x0, 0xc4000b80, 0x)
+
+TEST_PASSFAIL
+
-- 
2.20.1

[PULL 26/29] plugins: Update qemu-plugins.symbols to match qemu-plugins.h

[Alex Bennée]

From: Yonggang Luo 

Reorder the function symbols that consistence with qemu-plugins.h

Signed-off-by: Yonggang Luo 
Signed-off-by: Alex Bennée 
Message-Id: <2021031818.434-2-luoyongg...@gmail.com>
Message-Id: <20210505092259.8202-2-alex.ben...@linaro.org>

diff --git a/plugins/qemu-plugins.symbols b/plugins/qemu-plugins.symbols
index 4bdb381f48..a0ac1df62a 100644
--- a/plugins/qemu-plugins.symbols
+++ b/plugins/qemu-plugins.symbols
@@ -5,35 +5,34 @@
   qemu_plugin_register_vcpu_exit_cb;
   qemu_plugin_register_vcpu_idle_cb;
   qemu_plugin_register_vcpu_resume_cb;
-  qemu_plugin_register_vcpu_insn_exec_cb;
-  qemu_plugin_register_vcpu_insn_exec_inline;
-  qemu_plugin_register_vcpu_mem_cb;
-  qemu_plugin_register_vcpu_mem_haddr_cb;
-  qemu_plugin_register_vcpu_mem_inline;
-  qemu_plugin_ram_addr_from_host;
   qemu_plugin_register_vcpu_tb_trans_cb;
   qemu_plugin_register_vcpu_tb_exec_cb;
   qemu_plugin_register_vcpu_tb_exec_inline;
-  qemu_plugin_register_flush_cb;
-  qemu_plugin_register_vcpu_syscall_cb;
-  qemu_plugin_register_vcpu_syscall_ret_cb;
-  qemu_plugin_register_atexit_cb;
+  qemu_plugin_register_vcpu_insn_exec_cb;
+  qemu_plugin_register_vcpu_insn_exec_inline;
   qemu_plugin_tb_n_insns;
-  qemu_plugin_tb_get_insn;
   qemu_plugin_tb_vaddr;
+  qemu_plugin_tb_get_insn;
   qemu_plugin_insn_data;
   qemu_plugin_insn_size;
   qemu_plugin_insn_vaddr;
   qemu_plugin_insn_haddr;
-  qemu_plugin_insn_disas;
   qemu_plugin_mem_size_shift;
   qemu_plugin_mem_is_sign_extended;
   qemu_plugin_mem_is_big_endian;
   qemu_plugin_mem_is_store;
   qemu_plugin_get_hwaddr;
   qemu_plugin_hwaddr_is_io;
-  qemu_plugin_hwaddr_to_raddr;
+  qemu_plugin_hwaddr_phys_addr;
+  qemu_plugin_hwaddr_device_name;
+  qemu_plugin_register_vcpu_mem_cb;
+  qemu_plugin_register_vcpu_mem_inline;
+  qemu_plugin_register_vcpu_syscall_cb;
+  qemu_plugin_register_vcpu_syscall_ret_cb;
+  qemu_plugin_insn_disas;
   qemu_plugin_vcpu_for_each;
+  qemu_plugin_register_flush_cb;
+  qemu_plugin_register_atexit_cb;
   qemu_plugin_n_vcpus;
   qemu_plugin_n_max_vcpus;
   qemu_plugin_outs;
-- 
2.20.1

[PULL 23/29] tests/tcg: fix missing return

[Alex Bennée]

This was picked up when clang built the test.

Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20210512102051.12134-30-alex.ben...@linaro.org>

diff --git a/tests/tcg/multiarch/system/memory.c 
b/tests/tcg/multiarch/system/memory.c
index eb0ec6f8eb..41c7f66e2e 100644
--- a/tests/tcg/multiarch/system/memory.c
+++ b/tests/tcg/multiarch/system/memory.c
@@ -326,6 +326,7 @@ static bool do_unsigned_test(init_ufn fn)
 fn(i);
 ok = do_unsigned_reads(i);
 }
+return ok;
 #else
 fn(0);
 return do_unsigned_reads(0);
-- 
2.20.1

Re: [PATCH 5/5] docs: fix references to docs/devel/s390-dasd-ipl.rst

[Cornelia Huck]

On Mon, 17 May 2021 17:17:02 +0200
Stefano Garzarella  wrote:

> Commit cc3d15a5ea ("docs: rstfy s390 dasd ipl documentation")
> converted docs/devel/s390-dasd-ipl.txt to docs/devel/s390-dasd-ipl.rst.
> 
> We still have several references to the old file, so let's fix them
> with the following command:
> 
>   sed -i s/s390-dasd-ipl.txt/s390-dasd-ipl.rst/ \
>   $(git grep -l docs/devel/s390-dasd-ipl.txt)
> 
> Signed-off-by: Stefano Garzarella 
> ---
>  pc-bios/s390-ccw/dasd-ipl.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Acked-by: Cornelia Huck 

[PULL 20/29] tests/tcg/tricore: Add msub test

[Alex Bennée]

From: Bastian Koppelmann 

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Tested-by: Alex Bennée 
Message-Id: <20210305170045.869437-15-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-25-alex.ben...@linaro.org>

diff --git a/tests/tcg/tricore/Makefile.softmmu-target 
b/tests/tcg/tricore/Makefile.softmmu-target
index 8de005523e..0fe6a86482 100644
--- a/tests/tcg/tricore/Makefile.softmmu-target
+++ b/tests/tcg/tricore/Makefile.softmmu-target
@@ -11,6 +11,7 @@ TESTS += test_fadd.tst
 TESTS += test_fmul.tst
 TESTS += test_ftoi.tst
 TESTS += test_madd.tst
+TESTS += test_msub.tst
 
 QEMU_OPTS += -M tricore_testboard -nographic -kernel
 
diff --git a/tests/tcg/tricore/test_msub.S b/tests/tcg/tricore/test_msub.S
new file mode 100644
index 00..6dee87d99c
--- /dev/null
+++ b/tests/tcg/tricore/test_msub.S
@@ -0,0 +1,9 @@
+#include "macros.h"
+.text
+.global _start
+_start:
+TEST_D_DDI_PSW(msub, 1, 0xd2fbe5e0, 0x0b80,0x64003300, 0xff5420d4, 
-216)
+TEST_D_DDI_PSW(msub, 2, 0xfc10, 0x0b80,0xfe68, 0xfffd, 
-200)
+TEST_D_DDD_PSW(msubs.u, 3, 0x0, 0x6b80, 0x1, 0x, 0xffdb)
+TEST_PASSFAIL
+
-- 
2.20.1

[PULL 11/29] configure: Emit HOST_CC to config-host.mak

[Alex Bennée]

From: Bastian Koppelmann 

this is needed by the tricore-tcg-tests as tricore-gcc is not easily
available. Thus we rely on the HOST_CC to do the preprocessing of the
tricore assembly files.

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Message-Id: <20210305170045.869437-6-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-16-alex.ben...@linaro.org>

diff --git a/configure b/configure
index 0e4233fd8a..df11c8bad0 100755
--- a/configure
+++ b/configure
@@ -6164,6 +6164,7 @@ echo "GENISOIMAGE=$genisoimage" >> $config_host_mak
 echo "MESON=$meson" >> $config_host_mak
 echo "NINJA=$ninja" >> $config_host_mak
 echo "CC=$cc" >> $config_host_mak
+echo "HOST_CC=$host_cc" >> $config_host_mak
 if $iasl -h > /dev/null 2>&1; then
   echo "CONFIG_IASL=$iasl" >> $config_host_mak
 fi
-- 
2.20.1

[PULL 10/29] tests/tcg/tricore: Add build infrastructure

[Alex Bennée]

From: Bastian Koppelmann 

this includes the Makefile and linker script to build all the tests.

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Reviewed-by: Alex Bennée 
Message-Id: <20210305170045.869437-5-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-15-alex.ben...@linaro.org>

diff --git a/MAINTAINERS b/MAINTAINERS
index 7572859317..40bba0fc4c 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -349,6 +349,7 @@ S: Maintained
 F: target/tricore/
 F: hw/tricore/
 F: include/hw/tricore/
+F: tests/tcg/tricore/
 
 Multiarch Linux User Tests
 M: Alex Bennée 
diff --git a/tests/tcg/tricore/Makefile.softmmu-target 
b/tests/tcg/tricore/Makefile.softmmu-target
new file mode 100644
index 00..d64a99b95f
--- /dev/null
+++ b/tests/tcg/tricore/Makefile.softmmu-target
@@ -0,0 +1,15 @@
+TESTS_PATH = $(SRC_PATH)/tests/tcg/tricore
+
+LDFLAGS = -T$(TESTS_PATH)/link.ld
+ASFLAGS =
+
+QEMU_OPTS += -M tricore_testboard -nographic -kernel
+
+%.pS: $(TESTS_PATH)/%.S
+   $(HOST_CC) -E -o $@ $<
+
+%.o: %.pS
+   $(AS) $(ASFLAGS) -o $@ $<
+
+%.tst: %.o
+   $(LD) $(LDFLAGS) $< -o $@
diff --git a/tests/tcg/tricore/link.ld b/tests/tcg/tricore/link.ld
new file mode 100644
index 00..364bcdc00a
--- /dev/null
+++ b/tests/tcg/tricore/link.ld
@@ -0,0 +1,60 @@
+/* Default linker script, for normal executables */
+OUTPUT_FORMAT("elf32-tricore")
+OUTPUT_ARCH(tricore)
+ENTRY(_start)
+
+/* the internal ram description */
+MEMORY
+{
+  text_ram (rx!p): org = 0x8000, len = 15K
+  data_ram (w!xp): org = 0xd000, len = 130K
+}
+/*
+ * Define the sizes of the user and system stacks.
+ */
+__USTACK_SIZE = DEFINED (__USTACK_SIZE) ? __USTACK_SIZE : 1K ;
+/*
+ * Define the start address and the size of the context save area.
+ */
+__CSA_BEGIN =  0xd000 ;
+__CSA_SIZE =  8k ;
+__CSA_END = __CSA_BEGIN + __CSA_SIZE ;
+
+SECTIONS
+{
+  .text  :
+  {
+*(.text)
+. = ALIGN(8);
+  } > text_ram
+
+  .rodata :
+  {
+*(.rodata)
+*(.rodata1)
+  } > data_ram
+
+  .data :
+  {
+. = ALIGN(8) ;
+*(.data)
+*(.data.*)
+. = ALIGN(8) ;
+__USTACK = . + __USTACK_SIZE -768;
+
+  } > data_ram
+  /*
+   * Allocate space for BSS sections.
+   */
+  .bss  :
+  {
+BSS_BASE = . ;
+*(.bss)
+*(COMMON)
+. = ALIGN(8) ;
+  } > data_ram
+  /* Make sure CSA, stack and heap addresses are properly aligned.  */
+  _. = ASSERT ((__CSA_BEGIN & 0x3f) == 0 , "illegal CSA start address") ;
+  _. = ASSERT ((__CSA_SIZE & 0x3f) == 0 , "illegal CSA size") ;
+
+}
-- 
2.20.1

[PULL 15/29] tests/tcg/tricore: Add dvstep test

[Alex Bennée]

From: Bastian Koppelmann 

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Tested-by: Alex Bennée 
Message-Id: <20210305170045.869437-10-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-20-alex.ben...@linaro.org>

diff --git a/tests/tcg/tricore/macros.h b/tests/tcg/tricore/macros.h
index 52aa936c56..59b4b9a352 100644
--- a/tests/tcg/tricore/macros.h
+++ b/tests/tcg/tricore/macros.h
@@ -19,6 +19,18 @@
 
 #define DREG_DEV_ADDR %a15
 
+#define EREG_RS1 %e6
+#define EREG_RS1_LO %d6
+#define EREG_RS1_HI %d7
+#define EREG_RS2 %e8
+#define EREG_RS2_LO %d8
+#define EREG_RS2_HI %d9
+#define EREG_CALC_RESULT %e8
+#define EREG_CALC_RESULT_HI %d9
+#define EREG_CALC_RESULT_LO %d8
+#define EREG_CORRECT_RESULT_LO %d0
+#define EREG_CORRECT_RESULT_HI %d1
+
 /* Test case wrappers */
 #define TEST_CASE(num, testreg, correct, code...) \
 test_ ## num: \
@@ -27,6 +39,15 @@ test_ ## num: \
 mov DREG_TEST_NUM, num;   \
 jne testreg, DREG_CORRECT_RESULT, fail\
 
+#define TEST_CASE_E(num, correct_lo, correct_hi, code...)  \
+test_ ## num:  \
+code;  \
+mov DREG_TEST_NUM, num;\
+LI(EREG_CORRECT_RESULT_LO, correct_lo) \
+jne EREG_CALC_RESULT_LO, EREG_CORRECT_RESULT_LO, fail; \
+LI(EREG_CORRECT_RESULT_HI, correct_hi) \
+jne EREG_CALC_RESULT_HI, EREG_CORRECT_RESULT_HI, fail;
+
 #define TEST_CASE_PSW(num, testreg, correct, correct_psw, code...) \
 test_ ## num:  \
 code;  \
@@ -57,7 +78,13 @@ test_ ## num:
  \
 insn DREG_CALC_RESULT, DREG_RS1, DREG_RS2;  \
 )
 
-
+#define TEST_E_ED(insn, num, res_hi, res_lo, rs1_hi, rs1_lo, rs2) \
+TEST_CASE_E(num, res_lo, res_hi,  \
+LI(EREG_RS1_LO, rs1_lo);  \
+LI(EREG_RS1_HI, rs1_hi);  \
+LI(DREG_RS2, rs2);\
+insn EREG_CALC_RESULT, EREG_RS1, DREG_RS2;\
+)
 
 /* Pass/Fail handling part */
 #define TEST_PASSFAIL   \
diff --git a/tests/tcg/tricore/Makefile.softmmu-target 
b/tests/tcg/tricore/Makefile.softmmu-target
index a9b81545e2..799b51191e 100644
--- a/tests/tcg/tricore/Makefile.softmmu-target
+++ b/tests/tcg/tricore/Makefile.softmmu-target
@@ -6,6 +6,7 @@ ASFLAGS =
 TESTS += test_abs.tst
 TESTS += test_bmerge.tst
 TESTS += test_clz.tst
+TESTS += test_dvstep.tst
 
 QEMU_OPTS += -M tricore_testboard -nographic -kernel
 
diff --git a/tests/tcg/tricore/test_dvstep.S b/tests/tcg/tricore/test_dvstep.S
new file mode 100644
index 00..858dbc62dd
--- /dev/null
+++ b/tests/tcg/tricore/test_dvstep.S
@@ -0,0 +1,15 @@
+#include "macros.h"
+.text
+.global _start
+_start:
+#  Result   RS1RS2
+TEST_E_ED(dvstep,   1, 0x01ff, 0xfffe5cff, 0x0001, 0xfe5c, 0x0)
+TEST_E_ED(dvstep,   2, 0x, 0x00ff, 0x, 0x, 0x0)
+TEST_E_ED(dvstep,   3, 0xf000, 0x00fd, 0x01f0, 0x, 0x0)
+TEST_E_ED(dvstep,   4, 0xf000, 0x, 0x7ff0, 0x, 0x0)
+TEST_E_ED(dvstep.u, 5, 0xff00, 0x18ff, 0x, 0x0018, 0x0)
+TEST_E_ED(dvstep.u, 6, 0x0100, 0x, 0x0801, 0x, \
+   0xff2d)
+
+TEST_PASSFAIL
+
-- 
2.20.1

[PULL 07/29] tests/docker: Added libbpf library to the docker files.

[Alex Bennée]

From: Andrew Melnychenko 

The series of patches for eBPF RSS adds libbpf dependency for qemu.
https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg08887.html

With this patch, libbpf added:
  Alpine - added libbpf-dev
  Centos 8 - added libbpf-devel
  Fedora - added libbpf-devel

Signed-off-by: Andrew Melnychenko 
Signed-off-by: Alex Bennée 
Reviewed-by: Willian Rampazzo 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20210406082947.672708-2-and...@daynix.com>
Message-Id: <20210512102051.12134-11-alex.ben...@linaro.org>

diff --git a/tests/docker/dockerfiles/alpine.docker 
b/tests/docker/dockerfiles/alpine.docker
index 0ac46ddd91..7eeecacc46 100644
--- a/tests/docker/dockerfiles/alpine.docker
+++ b/tests/docker/dockerfiles/alpine.docker
@@ -20,6 +20,7 @@ ENV PACKAGES \
gnutls-dev \
gtk+3.0-dev \
libaio-dev \
+   libbpf-dev \
libcap-ng-dev \
libjpeg-turbo-dev \
libnfs-dev \
diff --git a/tests/docker/dockerfiles/centos8.docker 
b/tests/docker/dockerfiles/centos8.docker
index a8c6c528b0..efc1349cc8 100644
--- a/tests/docker/dockerfiles/centos8.docker
+++ b/tests/docker/dockerfiles/centos8.docker
@@ -14,6 +14,7 @@ ENV PACKAGES \
 git \
 glib2-devel \
 libaio-devel \
+libbpf-devel \
 libepoxy-devel \
 libfdt-devel \
 libgcrypt-devel \
diff --git a/tests/docker/dockerfiles/fedora.docker 
b/tests/docker/dockerfiles/fedora.docker
index d8fa16372d..0979c0e1f4 100644
--- a/tests/docker/dockerfiles/fedora.docker
+++ b/tests/docker/dockerfiles/fedora.docker
@@ -32,6 +32,7 @@ ENV PACKAGES \
 libcurl-devel \
 libepoxy-devel \
 libfdt-devel \
+libbpf-devel \
 libiscsi-devel \
 libjpeg-devel \
 libpmem-devel \
-- 
2.20.1

[PULL 28/29] plugins/hotblocks: Properly freed the hash table values

[Alex Bennée]

From: Mahmoud Mandour 

Freed the values stored in the hash table ``hotblocks``
returned by ``g_hash_table_get_values()`` by freeing the sorted
list and destroyed the hash table afterward.

Signed-off-by: Mahmoud Mandour 
Signed-off-by: Alex Bennée 
Message-Id: <20210422005043.3569-2-ma.mando...@gmail.com>
Message-Id: <20210505092259.8202-4-alex.ben...@linaro.org>

diff --git a/contrib/plugins/hotblocks.c b/contrib/plugins/hotblocks.c
index 4b08340143..64692c0670 100644
--- a/contrib/plugins/hotblocks.c
+++ b/contrib/plugins/hotblocks.c
@@ -68,10 +68,11 @@ static void plugin_exit(qemu_plugin_id_t id, void *p)
rec->insns, rec->exec_count);
 }
 
-g_list_free(it);
+g_list_free_full(it, g_free);
 g_mutex_unlock(&lock);
 }
 
+g_hash_table_destroy(hotblocks);
 qemu_plugin_outs(report->str);
 }
 
-- 
2.20.1

Re: [PATCH v12 3/8] arm64: mte: Sync tags for pages where PTE is untagged

[Marc Zyngier]

On Mon, 17 May 2021 13:32:34 +0100,
Steven Price  wrote:
> 
> A KVM guest could store tags in a page even if the VMM hasn't mapped
> the page with PROT_MTE. So when restoring pages from swap we will
> need to check to see if there are any saved tags even if !pte_tagged().
> 
> However don't check pages for which pte_access_permitted() returns false
> as these will not have been swapped out.
> 
> Signed-off-by: Steven Price 
> ---
>  arch/arm64/include/asm/pgtable.h |  9 +++--
>  arch/arm64/kernel/mte.c  | 16 ++--
>  2 files changed, 21 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/arm64/include/asm/pgtable.h 
> b/arch/arm64/include/asm/pgtable.h
> index 0b10204e72fc..275178a810c1 100644
> --- a/arch/arm64/include/asm/pgtable.h
> +++ b/arch/arm64/include/asm/pgtable.h
> @@ -314,8 +314,13 @@ static inline void set_pte_at(struct mm_struct *mm, 
> unsigned long addr,
>   if (pte_present(pte) && pte_user_exec(pte) && !pte_special(pte))
>   __sync_icache_dcache(pte);
>  
> - if (system_supports_mte() &&
> - pte_present(pte) && pte_tagged(pte) && !pte_special(pte))
> + /*
> +  * If the PTE would provide user space access to the tags associated
> +  * with it then ensure that the MTE tags are synchronised.  Exec-only
> +  * mappings don't expose tags (instruction fetches don't check tags).

I'm not sure I understand this comment. Of course, execution doesn't
match tags. But the memory could still have tags associated with
it. Does this mean such a page would lose its tags is swapped out?

Thanks,

M.

> +  */
> + if (system_supports_mte() && pte_present(pte) &&
> + pte_access_permitted(pte, false) && !pte_special(pte))
>   mte_sync_tags(ptep, pte);
>  
>   __check_racy_pte_update(mm, ptep, pte);
> diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
> index c88e778c2fa9..a604818c52c1 100644
> --- a/arch/arm64/kernel/mte.c
> +++ b/arch/arm64/kernel/mte.c
> @@ -33,11 +33,15 @@ DEFINE_STATIC_KEY_FALSE(mte_async_mode);
>  EXPORT_SYMBOL_GPL(mte_async_mode);
>  #endif
>  
> -static void mte_sync_page_tags(struct page *page, pte_t *ptep, bool 
> check_swap)
> +static void mte_sync_page_tags(struct page *page, pte_t *ptep, bool 
> check_swap,
> +bool pte_is_tagged)
>  {
>   unsigned long flags;
>   pte_t old_pte = READ_ONCE(*ptep);
>  
> + if (!is_swap_pte(old_pte) && !pte_is_tagged)
> + return;
> +
>   spin_lock_irqsave(&tag_sync_lock, flags);
>  
>   /* Recheck with the lock held */
> @@ -53,6 +57,9 @@ static void mte_sync_page_tags(struct page *page, pte_t 
> *ptep, bool check_swap)
>   }
>   }
>  
> + if (!pte_is_tagged)
> + goto out;
> +
>   page_kasan_tag_reset(page);
>   /*
>* We need smp_wmb() in between setting the flags and clearing the
> @@ -76,10 +83,15 @@ void mte_sync_tags(pte_t *ptep, pte_t pte)
>   bool check_swap = nr_pages == 1;
>   bool pte_is_tagged = pte_tagged(pte);
>  
> + /* Early out if there's nothing to do */
> + if (!check_swap && !pte_is_tagged)
> + return;
> +
>   /* if PG_mte_tagged is set, tags have already been initialised */
>   for (i = 0; i < nr_pages; i++, page++) {
>   if (!test_bit(PG_mte_tagged, &page->flags))
> - mte_sync_page_tags(page, ptep, check_swap);
> + mte_sync_page_tags(page, ptep, check_swap,
> +pte_is_tagged);
>   }
>  }
>  
> -- 
> 2.20.1
> 
> 

-- 
Without deviation from the norm, progress is not possible.

[PULL 12/29] tests/tcg/tricore: Add macros to create tests and first test 'abs'

[Alex Bennée]

From: Bastian Koppelmann 

This kind of tests is inspired by the riscv-tests repository. This adds
macros that makes it easy to create single instruction self containing
tests.

It is achieved by macros that create a test sequence for an
instruction and check for a supplied correct value. If the value is correct the
next instruction is tested. Otherwise we jump to fail handler that writes is
test number as a status code back to qemu that then exits on that status code.
If all tests pass we write back 0 as a status code and exit.

[AJB: add container_hosts]

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Reviewed-by: Alex Bennée 
Message-Id: <20210305170045.869437-7-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-17-alex.ben...@linaro.org>

diff --git a/tests/tcg/tricore/macros.h b/tests/tcg/tricore/macros.h
new file mode 100644
index 00..76c133132a
--- /dev/null
+++ b/tests/tcg/tricore/macros.h
@@ -0,0 +1,53 @@
+/* Helpers */
+#define LI(reg, val)   \
+mov.u reg, lo:val; \
+movh DREG_TEMP_LI, up:val; \
+or reg, reg, DREG_TEMP_LI; \
+
+/* Address definitions */
+#define TESTDEV_ADDR 0xf000
+/* Register definitions */
+#define DREG_RS1 %d0
+#define DREG_CALC_RESULT %d1
+#define DREG_TEMP_LI %d10
+#define DREG_TEMP %d11
+#define DREG_TEST_NUM %d14
+#define DREG_CORRECT_RESULT %d15
+
+#define DREG_DEV_ADDR %a15
+
+/* Test case wrappers */
+#define TEST_CASE(num, testreg, correct, code...) \
+test_ ## num: \
+code; \
+LI(DREG_CORRECT_RESULT, correct)  \
+mov DREG_TEST_NUM, num;   \
+jne testreg, DREG_CORRECT_RESULT, fail\
+
+/* Actual test case type
+ * e.g inst %dX, %dY  -> TEST_D_D
+ * inst %dX, %dY, %dZ -> TEST_D_DD
+ * inst %eX, %dY, %dZ -> TEST_E_DD
+ */
+#define TEST_D_D(insn, num, result, rs1)  \
+TEST_CASE(num, DREG_CALC_RESULT, result,  \
+LI(DREG_RS1, rs1);\
+insn DREG_CALC_RESULT, DREG_RS1;  \
+)
+
+/* Pass/Fail handling part */
+#define TEST_PASSFAIL   \
+j pass; \
+fail:   \
+LI(DREG_TEMP, TESTDEV_ADDR) \
+mov.a DREG_DEV_ADDR, DREG_TEMP; \
+st.w [DREG_DEV_ADDR], DREG_TEST_NUM;\
+debug;  \
+j fail; \
+pass:   \
+LI(DREG_TEMP, TESTDEV_ADDR) \
+mov.a DREG_DEV_ADDR, DREG_TEMP; \
+mov DREG_TEST_NUM, 0;   \
+st.w [DREG_DEV_ADDR], DREG_TEST_NUM;\
+debug;  \
+j pass;
diff --git a/tests/tcg/configure.sh b/tests/tcg/configure.sh
index cf6062a15f..d13d2bb388 100755
--- a/tests/tcg/configure.sh
+++ b/tests/tcg/configure.sh
@@ -203,6 +203,12 @@ for target in $target_list; do
   container_image=debian-sparc64-cross
   container_cross_cc=sparc64-linux-gnu-gcc
   ;;
+tricore-softmmu)
+  container_hosts=x86_64
+  container_image=debian-tricore-cross
+  container_cross_as=tricore-as
+  container_cross_ld=tricore-ld
+  ;;
 x86_64-*)
   container_hosts="aarch64 ppc64el x86_64"
   container_image=debian-amd64-cross
diff --git a/tests/tcg/tricore/Makefile.softmmu-target 
b/tests/tcg/tricore/Makefile.softmmu-target
index d64a99b95f..3b048e49fa 100644
--- a/tests/tcg/tricore/Makefile.softmmu-target
+++ b/tests/tcg/tricore/Makefile.softmmu-target
@@ -3,6 +3,8 @@ TESTS_PATH = $(SRC_PATH)/tests/tcg/tricore
 LDFLAGS = -T$(TESTS_PATH)/link.ld
 ASFLAGS =
 
+TESTS += test_abs.tst
+
 QEMU_OPTS += -M tricore_testboard -nographic -kernel
 
 %.pS: $(TESTS_PATH)/%.S
diff --git a/tests/tcg/tricore/test_abs.S b/tests/tcg/tricore/test_abs.S
new file mode 100644
index 00..e42240159a
--- /dev/null
+++ b/tests/tcg/tricore/test_abs.S
@@ -0,0 +1,7 @@
+#include "macros.h"
+.text
+.global _start
+_start:
+TEST_D_D(abs, 1, 0, 0)
+
+TEST_PASSFAIL
-- 
2.20.1

[PULL 06/29] tests/tcg: Use Hexagon Docker image

[Alex Bennée]

From: Alessandro Di Federico 

[PMD: Split from 'Add Hexagon Docker image' patch]

[AJB: add container_hosts]

Signed-off-by: Alessandro Di Federico 
Signed-off-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20210228222314.304787-5-f4...@amsat.org>
Message-Id: <20210512102051.12134-8-alex.ben...@linaro.org>

diff --git a/tests/tcg/configure.sh b/tests/tcg/configure.sh
index 8f20ce065d..cf6062a15f 100755
--- a/tests/tcg/configure.sh
+++ b/tests/tcg/configure.sh
@@ -128,6 +128,11 @@ for target in $target_list; do
   container_image=fedora-cris-cross
   container_cross_cc=cris-linux-gnu-gcc
   ;;
+hexagon-*)
+  container_hosts=x86_64
+  container_image=debian-hexagon-cross
+  container_cross_cc=hexagon-unknown-linux-musl-clang
+  ;;
 hppa-*)
   container_hosts=x86_64
   container_image=debian-hppa-cross
-- 
2.20.1

[PULL 04/29] tests/docker: add "fetch" sub-command

[Alex Bennée]

This simply wraps up fetching a build from the registry and tagging it
as the local build.

Signed-off-by: Alex Bennée 
Reviewed-by: Willian Rampazzo 
Message-Id: <20210512102051.12134-6-alex.ben...@linaro.org>

diff --git a/tests/docker/docker.py b/tests/docker/docker.py
index 7a14058801..4d9bb7c7ed 100755
--- a/tests/docker/docker.py
+++ b/tests/docker/docker.py
@@ -515,6 +515,23 @@ def run(self, args, argv):
 
 return 0
 
+class FetchCommand(SubCommand):
+""" Fetch a docker image from the registry. Args:  """
+name = "fetch"
+
+def args(self, parser):
+parser.add_argument("tag",
+help="Local tag for image")
+parser.add_argument("registry",
+help="Docker registry")
+
+def run(self, args, argv):
+dkr = Docker()
+dkr.command(cmd="pull", quiet=args.quiet,
+argv=["%s/%s" % (args.registry, args.tag)])
+dkr.command(cmd="tag", quiet=args.quiet,
+argv=["%s/%s" % (args.registry, args.tag), args.tag])
+
 
 class UpdateCommand(SubCommand):
 """ Update a docker image. Args:  """
-- 
2.20.1

[PULL 13/29] tests/tcg/tricore: Add bmerge test

[Alex Bennée]

From: Bastian Koppelmann 

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Tested-by: Alex Bennée 
Message-Id: <20210305170045.869437-8-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-18-alex.ben...@linaro.org>

diff --git a/tests/tcg/tricore/macros.h b/tests/tcg/tricore/macros.h
index 76c133132a..52aa936c56 100644
--- a/tests/tcg/tricore/macros.h
+++ b/tests/tcg/tricore/macros.h
@@ -8,7 +8,10 @@
 #define TESTDEV_ADDR 0xf000
 /* Register definitions */
 #define DREG_RS1 %d0
+#define DREG_RS2 %d1
 #define DREG_CALC_RESULT %d1
+#define DREG_CALC_PSW %d2
+#define DREG_CORRECT_PSW %d3
 #define DREG_TEMP_LI %d10
 #define DREG_TEMP %d11
 #define DREG_TEST_NUM %d14
@@ -24,6 +27,17 @@ test_ ## num: \
 mov DREG_TEST_NUM, num;   \
 jne testreg, DREG_CORRECT_RESULT, fail\
 
+#define TEST_CASE_PSW(num, testreg, correct, correct_psw, code...) \
+test_ ## num:  \
+code;  \
+LI(DREG_CORRECT_RESULT, correct)   \
+mov DREG_TEST_NUM, num;\
+jne testreg, DREG_CORRECT_RESULT, fail;\
+mfcr DREG_CALC_PSW, $psw;  \
+LI(DREG_CORRECT_PSW, correct_psw)  \
+mov DREG_TEST_NUM, num;\
+jne DREG_CALC_PSW, DREG_CORRECT_PSW, fail;
+
 /* Actual test case type
  * e.g inst %dX, %dY  -> TEST_D_D
  * inst %dX, %dY, %dZ -> TEST_D_DD
@@ -35,6 +49,16 @@ test_ ## num: \
 insn DREG_CALC_RESULT, DREG_RS1;  \
 )
 
+#define TEST_D_DD_PSW(insn, num, result, psw, rs1, rs2) \
+TEST_CASE_PSW(num, DREG_CALC_RESULT, result, psw,   \
+LI(DREG_RS1, rs1);  \
+LI(DREG_RS2, rs2);  \
+rstv;   \
+insn DREG_CALC_RESULT, DREG_RS1, DREG_RS2;  \
+)
+
+
+
 /* Pass/Fail handling part */
 #define TEST_PASSFAIL   \
 j pass; \
diff --git a/tests/tcg/tricore/Makefile.softmmu-target 
b/tests/tcg/tricore/Makefile.softmmu-target
index 3b048e49fa..de6a2cc88e 100644
--- a/tests/tcg/tricore/Makefile.softmmu-target
+++ b/tests/tcg/tricore/Makefile.softmmu-target
@@ -4,6 +4,7 @@ LDFLAGS = -T$(TESTS_PATH)/link.ld
 ASFLAGS =
 
 TESTS += test_abs.tst
+TESTS += test_bmerge.tst
 
 QEMU_OPTS += -M tricore_testboard -nographic -kernel
 
diff --git a/tests/tcg/tricore/test_bmerge.S b/tests/tcg/tricore/test_bmerge.S
new file mode 100644
index 00..8a0fa6d3f6
--- /dev/null
+++ b/tests/tcg/tricore/test_bmerge.S
@@ -0,0 +1,8 @@
+#include "macros.h"
+.text
+.global _start
+_start:
+TEST_D_DD_PSW(bmerge, 1, 0x57f7, 0x0b80, 0x001d, 0x)
+
+TEST_PASSFAIL
+
-- 
2.20.1

[PULL 03/29] tests/docker: allow "update" to add the current user

[Alex Bennée]

The current user functionality is used for cross compiling to avoid
complications with permissions when building test programs. However
for images that come from the registry we still need the ability to
add the user after the fact.

Signed-off-by: Alex Bennée 
Reviewed-by: Willian Rampazzo 
Message-Id: <20210512102051.12134-5-alex.ben...@linaro.org>

diff --git a/tests/docker/docker.py b/tests/docker/docker.py
index 9b3425fec2..7a14058801 100755
--- a/tests/docker/docker.py
+++ b/tests/docker/docker.py
@@ -517,7 +517,7 @@ def run(self, args, argv):
 
 
 class UpdateCommand(SubCommand):
-""" Update a docker image with new executables. Args:  """
+""" Update a docker image. Args:  """
 name = "update"
 
 def args(self, parser):
@@ -525,6 +525,9 @@ def args(self, parser):
 help="Image Tag")
 parser.add_argument("--executable",
 help="Executable to copy")
+parser.add_argument("--add-current-user", "-u", dest="user",
+action="store_true",
+help="Add the current user to image's passwd")
 
 def run(self, args, argv):
 # Create a temporary tarball with our whole build context and
@@ -564,6 +567,13 @@ def run(self, args, argv):
 
 df.write(u"ADD . /\n")
 
+if args.user:
+uid = os.getuid()
+uname = getpwuid(uid).pw_name
+df.write("\n")
+df.write("RUN id %s 2>/dev/null || useradd -u %d -U %s" %
+ (uname, uid, uname))
+
 df_bytes = BytesIO(bytes(df.getvalue(), "UTF-8"))
 
 df_tar = TarInfo(name="Dockerfile")
-- 
2.20.1

[PULL 08/29] tests/tcg: Run timeout cmds using --foreground

[Alex Bennée]

From: Bastian Koppelmann 

when trying to run successful short tests from the Makefile timeout would not
terminate. Rather it would wait until the time runs out. Excerpt from the
manpage:

--foreground
when not running timeout directly from a shell prompt,
allow COMMAND to read from the TTY and get TTY signals; in this mode, chil‐
dren of COMMAND will not be timed out

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Message-Id: <20210305170045.869437-3-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-13-alex.ben...@linaro.org>

diff --git a/tests/tcg/Makefile.target b/tests/tcg/Makefile.target
index cab8c6b3a2..b29fae4630 100644
--- a/tests/tcg/Makefile.target
+++ b/tests/tcg/Makefile.target
@@ -43,9 +43,10 @@ quiet-command = $(if $(V),$1,$(if $(2),@printf "  %-7s %s\n" 
$2 $3 && $1, @$1))
 
 # $1 = test name, $2 = cmd, $3 = desc
 ifdef CONFIG_USER_ONLY
-run-test = $(call quiet-command, timeout $(TIMEOUT) $2 > $1.out,"TEST",$3)
+run-test = $(call quiet-command, timeout --foreground $(TIMEOUT) $2 > $1.out, \
+   "TEST",$3)
 else
-run-test = $(call quiet-command, timeout $(TIMEOUT) $2,"TEST",$3)
+run-test = $(call quiet-command, timeout --foreground $(TIMEOUT) $2,"TEST",$3)
 endif
 
 # $1 = test name, $2 = reference
-- 
2.20.1

[PULL 05/29] docker: Add Hexagon image

[Alex Bennée]

This image is a little special because it takes a long time to build.
As such most users don't want to be doing that and just pull random
binaries from the ether as intended by the container gods. This
involves someone with credentials and a beefy machine running:

  make docker-image-debian-hexagon-cross V=1 NOCACHE=1 J=30
  docker tag qemu/debian-hexagon-cross 
registry.gitlab.com/qemu-project/qemu/qemu/debian-hexagon-cross
  docker push registry.gitlab.com/qemu-project/qemu/qemu/debian-hexagon-cross

With a suitable binary in the "cloud" a normal user will run:

  make docker-image-debian-hexagon-cross

or have it run for them through the dependency mechanism of our
over-engineered makefiles and get the binary they wanted. There are a
few wrinkles of course including needing to tweak the final image to
have the credentials of the user so we can actually do our cross
compiles.

Signed-off-by: Alex Bennée 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Willian Rampazzo 
Cc: Alessandro Di Federico 
Cc: Philippe Mathieu-Daudé 
Cc: Brian Cain 
Message-Id: <20210512102051.12134-7-alex.ben...@linaro.org>

diff --git a/MAINTAINERS b/MAINTAINERS
index 78561a223f..7572859317 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -197,6 +197,8 @@ F: linux-user/hexagon/
 F: tests/tcg/hexagon/
 F: disas/hexagon.c
 F: default-configs/targets/hexagon-linux-user.mak
+F: docker/dockerfiles/debian-hexagon-cross.docker
+F: docker/dockerfiles/debian-hexagon-cross.docker.d/build-toolchain.sh
 
 HPPA (PA-RISC) TCG CPUs
 M: Richard Henderson 
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 820423d718..8967ecf118 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -148,6 +148,28 @@ docker-image-debian-s390x-cross: docker-image-debian10
 docker-image-debian-sh4-cross: docker-image-debian10
 docker-image-debian-sparc64-cross: docker-image-debian10
 
+#
+# The build rule for hexagon-cross is special in so far for most of
+# the time we don't want to build it. While dockers caching does avoid
+# this most of the time sometimes we want to force the issue.
+#
+docker-image-debian-hexagon-cross: 
$(DOCKER_FILES_DIR)/debian-hexagon-cross.docker
+   $(if $(NOCACHE),
\
+   $(call quiet-command,   
\
+   $(DOCKER_SCRIPT) build -t qemu/debian-hexagon-cross -f 
$<   \
+   $(if $V,,--quiet) --no-cache
\
+   --registry $(DOCKER_REGISTRY) --extra-files 
\
+   
$(DOCKER_FILES_DIR)/debian-hexagon-cross.docker.d/build-toolchain.sh, \
+   "BUILD", "debian-hexagon-cross"),   
\
+   $(call quiet-command,   
\
+   $(DOCKER_SCRIPT) fetch $(if $V,,--quiet)
\
+   qemu/debian-hexagon-cross $(DOCKER_REGISTRY),   
\
+   "FETCH", "debian-hexagon-cross")
\
+   $(call quiet-command,   
\
+   $(DOCKER_SCRIPT) update $(if $V,,--quiet)   
\
+   qemu/debian-hexagon-cross --add-current-user,   
\
+   "PREPARE", "debian-hexagon-cross"))
+
 # Specialist build images, sometimes very limited tools
 docker-image-debian-tricore-cross: docker-image-debian10
 docker-image-debian-all-test-cross: docker-image-debian10
diff --git a/tests/docker/dockerfiles/debian-hexagon-cross.docker 
b/tests/docker/dockerfiles/debian-hexagon-cross.docker
new file mode 100644
index 00..d5dc299dc1
--- /dev/null
+++ b/tests/docker/dockerfiles/debian-hexagon-cross.docker
@@ -0,0 +1,45 @@
+#
+# Docker Hexagon cross-compiler target
+#
+# This docker target is used for building hexagon tests. As it also
+# needs to be able to build QEMU itself in CI we include it's
+# build-deps. It is also a "stand-alone" image so as not to be
+# triggered by re-builds on other base images given it takes a long
+# time to build.
+#
+FROM qemu/debian10
+
+# Install common build utilities
+RUN apt update && \
+DEBIAN_FRONTEND=noninteractive apt install -yy eatmydata && \
+DEBIAN_FRONTEND=noninteractive eatmydata \
+apt install -y --no-install-recommends \
+bison \
+cmake \
+flex \
+lld \
+rsync \
+wget
+
+ENV TOOLCHAIN_INSTALL /usr/local
+ENV ROOTFS /usr/local
+
+ENV LLVM_URL 
https://github.com/llvm/llvm-project/archive/bfcd21876adc3498065e4da92799f613e730d475.tar.gz
+ENV MUSL_URL 
https://github.com/quic/musl/archive/aff74b395fbf59cd7e93b3691905aa1af6c0778c.tar.gz
+ENV LINUX_URL https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.6.18.tar.

[PULL 01/29] tests/docker: fix copying of executable in "update"

[Alex Bennée]

We have the same symlink chasing problem when doing an "update"
operation. Fix that.

Signed-off-by: Alex Bennée 
Reviewed-by: Willian Rampazzo 
Inspired-by: 5e33f7fead ("tests/docker: better handle symlinked libs")
Message-Id: <20210512102051.12134-3-alex.ben...@linaro.org>

diff --git a/tests/docker/docker.py b/tests/docker/docker.py
index d28df4c140..0435a55d10 100755
--- a/tests/docker/docker.py
+++ b/tests/docker/docker.py
@@ -548,7 +548,14 @@ def run(self, args, argv):
 libs = _get_so_libs(args.executable)
 if libs:
 for l in libs:
-tmp_tar.add(os.path.realpath(l), arcname=l)
+so_path = os.path.dirname(l)
+name = os.path.basename(l)
+real_l = os.path.realpath(l)
+try:
+tmp_tar.add(real_l, arcname="%s/%s" % (so_path, name))
+except FileNotFoundError:
+print("Couldn't add %s/%s to archive" % (so_path, name))
+pass
 
 # Create a Docker buildfile
 df = StringIO()
-- 
2.20.1

Re: [PATCH 0/5] docs: fix references to files converted to rST

[Philippe Mathieu-Daudé]

On 5/17/21 5:16 PM, Stefano Garzarella wrote:
> Trivial patches that fix references to old files in docs/ converted
> to rST.
> 
> Broken references found running:
> 
> for f in $(git grep -oh "docs.*txt")
> do
> test -f "$f" || echo "$f not exists"
> done
> 
> Stefano Garzarella (5):
>   docs: fix references to docs/devel/tracing.rst
>   docs: fix references to docs/devel/atomics.rst
>   docs: fix references to docs/devel/build-system.rst
>   docs: fix references to docs/specs/tpm.rst
>   docs: fix references to docs/devel/s390-dasd-ipl.rst

Reviewed-by: Philippe Mathieu-Daudé 

[PULL 02/29] tests/docker: make executable an optional argument to "update"

[Alex Bennée]

We're going to extend the abilities of the command shortly.

Signed-off-by: Alex Bennée 
Reviewed-by: Willian Rampazzo 
Message-Id: <20210512102051.12134-4-alex.ben...@linaro.org>

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 9f464cb92c..820423d718 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -248,7 +248,7 @@ docker-run: docker-qemu-src
$(if $(EXECUTABLE), \
$(call quiet-command,   \
$(DOCKER_SCRIPT) update \
-   $(IMAGE) $(EXECUTABLE), \
+   $(IMAGE) --executable $(EXECUTABLE),\
"  COPYING $(EXECUTABLE) to $(IMAGE)"))
$(call quiet-command,   \
$(DOCKER_SCRIPT) run\
diff --git a/tests/docker/docker.py b/tests/docker/docker.py
index 0435a55d10..9b3425fec2 100755
--- a/tests/docker/docker.py
+++ b/tests/docker/docker.py
@@ -523,7 +523,7 @@ class UpdateCommand(SubCommand):
 def args(self, parser):
 parser.add_argument("tag",
 help="Image Tag")
-parser.add_argument("executable",
+parser.add_argument("--executable",
 help="Executable to copy")
 
 def run(self, args, argv):
@@ -532,35 +532,37 @@ def run(self, args, argv):
 tmp = tempfile.NamedTemporaryFile(suffix="dckr.tar.gz")
 tmp_tar = TarFile(fileobj=tmp, mode='w')
 
-# Add the executable to the tarball, using the current
-# configured binfmt_misc path. If we don't get a path then we
-# only need the support libraries copied
-ff, enabled = _check_binfmt_misc(args.executable)
-
-if not enabled:
-print("binfmt_misc not enabled, update disabled")
-return 1
-
-if ff:
-tmp_tar.add(args.executable, arcname=ff)
-
-# Add any associated libraries
-libs = _get_so_libs(args.executable)
-if libs:
-for l in libs:
-so_path = os.path.dirname(l)
-name = os.path.basename(l)
-real_l = os.path.realpath(l)
-try:
-tmp_tar.add(real_l, arcname="%s/%s" % (so_path, name))
-except FileNotFoundError:
-print("Couldn't add %s/%s to archive" % (so_path, name))
-pass
-
 # Create a Docker buildfile
 df = StringIO()
 df.write(u"FROM %s\n" % args.tag)
-df.write(u"ADD . /\n")
+
+if args.executable:
+# Add the executable to the tarball, using the current
+# configured binfmt_misc path. If we don't get a path then we
+# only need the support libraries copied
+ff, enabled = _check_binfmt_misc(args.executable)
+
+if not enabled:
+print("binfmt_misc not enabled, update disabled")
+return 1
+
+if ff:
+tmp_tar.add(args.executable, arcname=ff)
+
+# Add any associated libraries
+libs = _get_so_libs(args.executable)
+if libs:
+for l in libs:
+so_path = os.path.dirname(l)
+name = os.path.basename(l)
+real_l = os.path.realpath(l)
+try:
+tmp_tar.add(real_l, arcname="%s/%s" % (so_path, name))
+except FileNotFoundError:
+print("Couldn't add %s/%s to archive" % (so_path, 
name))
+pass
+
+df.write(u"ADD . /\n")
 
 df_bytes = BytesIO(bytes(df.getvalue(), "UTF-8"))
 
-- 
2.20.1

[PULL 09/29] hw/tricore: Add testdevice for tests in tests/tcg/

[Alex Bennée]

From: Bastian Koppelmann 

this device is used to verify the correctness of regression tests by
allowing guests to write their exit status to this device. This is then
used by qemu to exit using the written status.

Signed-off-by: Bastian Koppelmann 
Signed-off-by: Alex Bennée 
Reviewed-by: Alex Bennée 
Message-Id: <20210305170045.869437-4-kbast...@mail.uni-paderborn.de>
Message-Id: <20210512102051.12134-14-alex.ben...@linaro.org>

diff --git a/include/hw/tricore/tricore_testdevice.h 
b/include/hw/tricore/tricore_testdevice.h
new file mode 100644
index 00..2c56c51bcb
--- /dev/null
+++ b/include/hw/tricore/tricore_testdevice.h
@@ -0,0 +1,38 @@
+/*
+ *  Copyright (c) 2018-2021  Bastian Koppelmann Paderborn University
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+
+#ifndef HW_TRICORE_TESTDEV_H
+#define HW_TRICORE_TESTDEV_H
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+
+#define TYPE_TRICORE_TESTDEVICE "tricore_testdevice"
+#define TRICORE_TESTDEVICE(obj) \
+OBJECT_CHECK(TriCoreTestDeviceState, (obj), TYPE_TRICORE_TESTDEVICE)
+
+typedef struct {
+/*  */
+SysBusDevice parent_obj;
+
+/*  */
+MemoryRegion iomem;
+
+} TriCoreTestDeviceState;
+
+#endif
diff --git a/hw/tricore/tricore_testboard.c b/hw/tricore/tricore_testboard.c
index 51658d9e37..b6810e3be0 100644
--- a/hw/tricore/tricore_testboard.c
+++ b/hw/tricore/tricore_testboard.c
@@ -27,6 +27,7 @@
 #include "hw/loader.h"
 #include "elf.h"
 #include "hw/tricore/tricore.h"
+#include "hw/tricore/tricore_testdevice.h"
 #include "qemu/error-report.h"
 
 
@@ -56,6 +57,7 @@ static void tricore_testboard_init(MachineState *machine, int 
board_id)
 {
 TriCoreCPU *cpu;
 CPUTriCoreState *env;
+TriCoreTestDeviceState *test_dev;
 
 MemoryRegion *sysmem = get_system_memory();
 MemoryRegion *ext_cram = g_new(MemoryRegion, 1);
@@ -87,6 +89,12 @@ static void tricore_testboard_init(MachineState *machine, 
int board_id)
 memory_region_add_subregion(sysmem, 0xf005, pcp_data);
 memory_region_add_subregion(sysmem, 0xf006, pcp_text);
 
+test_dev = g_new(TriCoreTestDeviceState, 1);
+object_initialize(test_dev, sizeof(TriCoreTestDeviceState),
+  TYPE_TRICORE_TESTDEVICE);
+memory_region_add_subregion(sysmem, 0xf000, &test_dev->iomem);
+
+
 tricoretb_binfo.ram_size = machine->ram_size;
 tricoretb_binfo.kernel_filename = machine->kernel_filename;
 
diff --git a/hw/tricore/tricore_testdevice.c b/hw/tricore/tricore_testdevice.c
new file mode 100644
index 00..a1563aa568
--- /dev/null
+++ b/hw/tricore/tricore_testdevice.c
@@ -0,0 +1,82 @@
+/*
+ *  Copyright (c) 2018-2021 Bastian Koppelmann Paderborn University
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/qdev-properties.h"
+#include "hw/tricore/tricore_testdevice.h"
+
+static void tricore_testdevice_write(void *opaque, hwaddr offset,
+  uint64_t value, unsigned size)
+{
+exit(value);
+}
+
+static uint64_t tricore_testdevice_read(void *opaque, hwaddr offset,
+ unsigned size)
+{
+return 0xdeadbeef;
+}
+
+static void tricore_testdevice_reset(DeviceState *dev)
+{
+}
+
+static const MemoryRegionOps tricore_testdevice_ops = {
+.read = tricore_testdevice_read,
+.write = tricore_testdevice_write,
+.valid = {
+.min_access_size = 4,
+.max_access_size = 4,
+},
+.endianness = DEVICE_NATIVE_ENDIAN,
+};
+
+static void tricore_testdevice_init(Object *obj)
+{
+TriCoreTestDeviceState *s = TRICORE_TESTDEVICE(obj);
+   /* map memory */
+memory_region_init_io(&s->iomem, OBJECT(s), &tricore_testd

[PULL 00/29] testing and plugin updates

[Alex Bennée]

The following changes since commit 6005ee07c380cbde44292f5f6c96e7daa70f4f7d:

  Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 
(2021-05-16 17:22:46 +0100)

are available in the Git repository at:

  https://github.com/stsquad/qemu.git 
tags/pull-testing-and-plugin-updates-170521-2

for you to fetch changes up to e3ac6f02999e88b9f8fb85013121a9408d07b6e2:

  plugins/hotpages: Properly freed the hash table values (2021-05-17 14:38:44 
+0100)


testing and plugin updates:

  - various fixes for binfmt_misc docker images
  - add hexagon check-tcg support docker image
  - add tricore check-tcg support
  - add missing ppc64le tests
  - don't use host_cc for test fallback
  - check-tcg configure.sh tweaks for cross compile/clang
  - fix some memory leaks in plugins


Alessandro Di Federico (1):
  tests/tcg: Use Hexagon Docker image

Alex Bennée (8):
  tests/docker: fix copying of executable in "update"
  tests/docker: make executable an optional argument to "update"
  tests/docker: allow "update" to add the current user
  tests/docker: add "fetch" sub-command
  docker: Add Hexagon image
  tests/tcg: fix missing return
  tests/tcg: don't allow clang as a cross compiler
  configure: use cc, not host_cc to set cross_cc for build arch

Andrew Melnychenko (1):
  tests/docker: Added libbpf library to the docker files.

Bastian Koppelmann (14):
  tests/tcg: Run timeout cmds using --foreground
  hw/tricore: Add testdevice for tests in tests/tcg/
  tests/tcg/tricore: Add build infrastructure
  configure: Emit HOST_CC to config-host.mak
  tests/tcg/tricore: Add macros to create tests and first test 'abs'
  tests/tcg/tricore: Add bmerge test
  tests/tcg/tricore: Add clz test
  tests/tcg/tricore: Add dvstep test
  tests/tcg/tricore: Add fadd test
  tests/tcg/tricore: Add fmul test
  tests/tcg/tricore: Add ftoi test
  tests/tcg/tricore: Add madd test
  tests/tcg/tricore: Add msub test
  tests/tcg/tricore: Add muls test

Mahmoud Mandour (2):
  plugins/hotblocks: Properly freed the hash table values
  plugins/hotpages: Properly freed the hash table values

Matheus Ferst (1):
  tests/tcg/ppc64le: tests for brh/brw/brd

Yonggang Luo (2):
  plugins: Update qemu-plugins.symbols to match qemu-plugins.h
  plugins: Move all typedef and type declaration to the front of the 
qemu-plugin.h

 configure  |   3 +-
 include/hw/tricore/tricore_testdevice.h|  38 +
 include/qemu/qemu-plugin.h | 187 ++---
 tests/tcg/tricore/macros.h | 129 ++
 contrib/plugins/hotblocks.c|   3 +-
 contrib/plugins/hotpages.c |   3 +-
 hw/tricore/tricore_testboard.c |   8 +
 hw/tricore/tricore_testdevice.c|  82 +
 tests/tcg/multiarch/system/memory.c|   1 +
 tests/tcg/ppc64le/byte_reverse.c   |  21 +++
 MAINTAINERS|   3 +
 hw/tricore/meson.build |   1 +
 plugins/qemu-plugins.symbols   |  25 ++-
 tests/docker/Makefile.include  |  24 ++-
 tests/docker/docker.py |  78 ++---
 tests/docker/dockerfiles/alpine.docker |   1 +
 tests/docker/dockerfiles/centos8.docker|   1 +
 .../docker/dockerfiles/debian-hexagon-cross.docker |  45 +
 .../build-toolchain.sh | 141 
 tests/docker/dockerfiles/fedora.docker |   1 +
 tests/tcg/Makefile.target  |   5 +-
 tests/tcg/configure.sh | 149 +---
 tests/tcg/ppc64/Makefile.target|  13 ++
 tests/tcg/ppc64le/Makefile.target  |  13 ++
 tests/tcg/tricore/Makefile.softmmu-target  |  26 +++
 tests/tcg/tricore/link.ld  |  60 +++
 tests/tcg/tricore/test_abs.S   |   7 +
 tests/tcg/tricore/test_bmerge.S|   8 +
 tests/tcg/tricore/test_clz.S   |   9 +
 tests/tcg/tricore/test_dvstep.S|  15 ++
 tests/tcg/tricore/test_fadd.S  |  16 ++
 tests/tcg/tricore/test_fmul.S  |   8 +
 tests/tcg/tricore/test_ftoi.S  |  10 ++
 tests/tcg/tricore/test_madd.S  |  11 ++
 tests/tcg/tricore/test_msub.S  |   9 +
 tests/tcg/tricore/test_muls.S  |   9 +
 36 files changed, 966 insertions(+), 197 deletions(-)
 create mode 100644 include/hw/tricore/tricore_testdevice.h
 create mode 100644 tests/tcg/tricore/macr

Re: [RFC PATCH 08/11] target/ppc: wrapped some TCG only logic with ifdefs

[Richard Henderson]

On 5/16/21 11:10 PM, David Gibson wrote:

Removing excp_helper.c gives linker errors for the functions:

* ppc_cpu_do_system_reset, on hw/ppc/pnv.c and hw/ppc/spapr.c


Oof, that's a bit tricky.  We definitely do need this system reset
injection for KVM as well as TCG.  Unfortunately it calls into
powerpc_excp() which I think has a bunch of TCG specific stuff as
well.

Long term, I think the thing would be to remove the giant ugly
multiplexer in powerpc_excp() in favour of different entry points.
But that's a big job.

Short term, littering it with ifdefs might be the least worst we can
do.  Richard, any better ideas?


Nope, no better ideas here.


r~

Re: [PATCH 05/21] block: rename backup-top to copy-before-write

[Max Reitz]

On 17.05.21 08:44, Vladimir Sementsov-Ogievskiy wrote:

We are going to convert backup_top to full featured public filter,
which can be used in separate of backup job. Start from renaming from
"how it used" to "what it does".


Is this safe?  The name was externally visible in queries after all. 
(I’m not saying it is unsafe, I just don’t know and would like to know 
whether you’ve considered this already.)


(Regardless, renaming files and so on is fine, of course.)


While updating comments in 283 iotest, drop and rephrase also things
about ".active", as this field is now dropped, and filter doesn't have
"inactive" mode.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
  block/{backup-top.h => copy-before-write.h} |  28 +++---
  block/backup.c  |  22 ++---
  block/{backup-top.c => copy-before-write.c} | 100 ++--
  MAINTAINERS |   4 +-
  block/meson.build   |   2 +-
  tests/qemu-iotests/283  |  35 +++
  tests/qemu-iotests/283.out  |   4 +-
  7 files changed, 95 insertions(+), 100 deletions(-)
  rename block/{backup-top.h => copy-before-write.h} (56%)
  rename block/{backup-top.c => copy-before-write.c} (62%)


[...]


diff --git a/block/backup-top.c b/block/copy-before-write.c
similarity index 62%
rename from block/backup-top.c
rename to block/copy-before-write.c
index 425e3778be..40e91832d7 100644
--- a/block/backup-top.c
+++ b/block/copy-before-write.c


[...]


@@ -32,25 +32,25 @@


[...]


-static coroutine_fn int backup_top_cbw(BlockDriverState *bs, uint64_t offset,
-   uint64_t bytes, BdrvRequestFlags flags)
+static coroutine_fn int cbw_cbw(BlockDriverState *bs, uint64_t offset,
+uint64_t bytes, BdrvRequestFlags flags)


I’m sure you noticed it, too, but cbw_cbw() is weird.  Perhaps 
cbw_do_cbw() at least?


Max

Re: [RFC PATCH v3 8/9] hw/arm/virt-acpi-build: Generate PPTT table

[wangyanan (Y)]

On 2021/5/17 22:45, Andrew Jones wrote:

On Mon, May 17, 2021 at 09:43:34PM +0800, wangyanan (Y) wrote:

BTW, it seems patch 1 and 5 were possibly missed for some review.
Any comments for them too? Thanks!

I reviewed them and agreed with them, but you already provided my
s-o-b on them, so I didn't bother giving an r-b. Feel free to add
my r-b to both, if you'd like.

I see, thanks !

Thanks,
drew

.

Re: [PATCH 50/72] softfloat: Move minmax_flags to softfloat-parts.c.inc

[Richard Henderson]

On 5/17/21 8:14 AM, David Hildenbrand wrote:

This patch introduces two issues:

1. Comparing two negative numbers is broken. We have to
invert the a_less result.

2. The check "flags & minmax_ismag" is broken because
"minmax_ismag = 4 | minmax_isnum" and it, therefore,
also triggers for "flags = minmax_isnum"


Thanks.  I guess I should assume from this that these tests are not enabled, 
and I should fix that as well.



r~

Re: [PATCH 01/21] block: introduce bdrv_replace_child_bs()

[Max Reitz]

On 17.05.21 16:30, Vladimir Sementsov-Ogievskiy wrote:

17.05.2021 15:09, Max Reitz wrote:

On 17.05.21 08:44, Vladimir Sementsov-Ogievskiy wrote:

Add function to transactionally replace bs inside BdrvChild.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
  include/block/block.h |  2 ++
  block.c   | 36 
  2 files changed, 38 insertions(+)


As you may guess, I know little about the rewritten replacing 
functions, so this is kind of difficult to review for me.  However, 
nothing looks out of place, and the function looks sufficiently 
similar to bdrv_replace_node_common() to make me happy.



diff --git a/include/block/block.h b/include/block/block.h
index 82185965ff..f9d5fcb108 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -361,6 +361,8 @@ int bdrv_append(BlockDriverState *bs_new, 
BlockDriverState *bs_top,

  Error **errp);
  int bdrv_replace_node(BlockDriverState *from, BlockDriverState *to,
    Error **errp);
+int bdrv_replace_child_bs(BdrvChild *child, BlockDriverState *new_bs,
+  Error **errp);
  BlockDriverState *bdrv_insert_node(BlockDriverState *bs, QDict 
*node_options,

 int flags, Error **errp);
  int bdrv_drop_filter(BlockDriverState *bs, Error **errp);
diff --git a/block.c b/block.c
index 9ad725d205..755fa53d85 100644
--- a/block.c
+++ b/block.c
@@ -4961,6 +4961,42 @@ out:
  return ret;
  }
+int bdrv_replace_child_bs(BdrvChild *child, BlockDriverState *new_bs,
+  Error **errp)
+{
+    int ret;
+    Transaction *tran = tran_new();
+    g_autoptr(GHashTable) found = NULL;
+    g_autoptr(GSList) refresh_list = NULL;
+    BlockDriverState *old_bs = child->bs;
+
+    if (old_bs) {


Hm.  Can child->bs be ever NULL?


Hmm. Most probably not :)

In some intermediate states we don't have bs in child, but it shouldn't 
be the place where bdrv_replace_child_bs is called.





+    bdrv_ref(old_bs);
+    bdrv_drained_begin(old_bs);
+    }
+    bdrv_drained_begin(new_bs);


(I was wondering why we couldn’t handle the new_bs == NULL case here 
to replace bdrv_remove_filter_or_cow_child(), but then I realized it’s 
probably because that’s kind of difficult, precisely because child->bs 
at least should generally be non-NULL.  Which is why 
bdrv_remove_filter_or_cow_child() needs to add its own transaction 
entry to handle the BdrvChild object and the pointer to it.


Hence me wondering whether we could assume child->bs not to be NULL.)


bdrv_remove_filter_or_cow_child() is "lower leve" function: it doesn't 
do drained section nor permission update. And new 
bdrv_replace_child_bs() is public function, which cares about these things.





+
+    bdrv_replace_child(child, new_bs, tran);
+
+    found = g_hash_table_new(NULL, NULL);
+    if (old_bs) {
+    refresh_list = bdrv_topological_dfs(refresh_list, found, 
old_bs);

+    }
+    refresh_list = bdrv_topological_dfs(refresh_list, found, new_bs);
+
+    ret = bdrv_list_refresh_perms(refresh_list, NULL, tran, errp);


Speaking of bdrv_remove_filter_or_cow_child(): That function doesn’t 
refresh permissions.  I think it’s correct to do it here, so the 
following question doesn’t really concern this patch, but: Why don’t 
we do it there?


I guess it’s because we expect the node to go away anyway, so we don’t 
need to refresh the permissions.  And that assumption should hold true 
right now, given its callers.  But is that a safe assumption in 
general?  Would there be a problem if we refreshed permissions there?  
Or is not refreshing permissions just part of the function’s interface?




Caller of bdrv_remove_filter_or_cow_child() should care about 
permissions:  bdrv_replace_node_common() do this, and 
bdrv_set_backing_noperm() has "_noperm" in the name..


OK.  Makes me wonder why bdrv_remove_filter_or_cow_child() then doesn’t 
have _noperm in its name, or why its comment doesn’t explain this 
interface contract, but, well. :)


The main impact of previous big rework of permission is new scheme of 
working with permission update:


  - first do all graph modifications, not thinking about permissions
  - refresh permissions for the whole updated subgraph
  - if refresh failed, rollback all the modifications (main sense if 
transactions here and there is possibility to do this rollback)


So a lot of internal functions with @tran argument don't update 
permissions. But of course, we should care to update permissions after 
any graph modification.


Ah, OK.  Makes sense, thanks.

Max

[Bug 1883268] Re: random errors on aarch64 when executing __aarch64_cas8_acq_rel

[Christophe Lyon]

Opened ticket on gitlab: https://gitlab.com/qemu-
project/qemu/-/issues/333


** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #333
   https://gitlab.com/qemu-project/qemu/-/issues/333

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1883268

Title:
  random errors on aarch64 when executing __aarch64_cas8_acq_rel

Status in QEMU:
  Incomplete

Bug description:
  Hello,

  Since I upgraded to qemu-5.0 when executing the GCC testsuite,
  I've noticed random failures of g++.dg/ext/sync-4.C.

  I'm attaching the source of the testcase, the binary executable and
  the qemu traces (huge, 111MB!) starting at main (with qemu-aarch64
  -cpu cortex-a57 -R 0 -d
  in_asm,int,exec,cpu,unimp,guest_errors,nochain)

  The traces where generated by a CI build, I built the executable
  manually but I expect it to be the same as the one executed by CI.

  In seems the problem occurs in f13, which leads to a call to abort()

  The preprocessed version of f13/t13 are as follows:
  static bool f13 (void *p) __attribute__ ((noinline));
  static bool f13 (void *p)
  {
return (__sync_bool_compare_and_swap((ditype*)p, 1, 2));
  }
  static void t13 ()
  {
try {
  f13(0);
}
catch (...) {
  return;
}
abort();
  }

  
  When looking at the execution traces at address 0x00400c9c, main calls f13, 
which in turn calls __aarch64_cas8_acq_rel (at 0x00401084)
  __aarch64_cas8_acq_rel returns to f13 (address 0x0040113c), then f13 returns 
to main (0x0040108c) which then calls abort (0x00400ca0)

  I'm not quite sure what's wrong :-(

  I've not noticed such random problems with native aarch64 hardware.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1883268/+subscriptions

Re: [PATCH v6 77/82] target/arm: Fix decode for VDOT (indexed)

[Richard Henderson]

On 5/16/21 11:09 AM, Peter Maydell wrote:

On Sat, 15 May 2021 at 18:13, Richard Henderson
 wrote:


On 5/13/21 2:25 PM, Peter Maydell wrote:

-VDOT_scalar 1110 0 . 10   1101 . q:1 index:1 u:1 rm:4 \
-   vm=%vm_dp vn=%vn_dp vd=%vd_dp
+VDOT_scalar 1110 0 . 10   1101 . q:1 index:1 u:1 vm:4 \
+   vn=%vn_dp vd=%vd_dp


Is it possible to make this kind of bug a decodetree error?
It seems unlikely that there's a use for having a bit which is
decoded both by a %foo field specification and also in some
other way...


That's not what's happening here.  This has separate fields "rm" and "vm"
decoded in different ways.


But they overlap: rm:4 in the pattern itself is using bits [3:0],
and "vm=%vm_dp" is also using [3:0] because the %vm_dp field
specifier is defined as "5:1 0:4". I'm suggesting that if the
pattern uses a field specifier we should check that none of the
bits in that field specifier are used in the pattern for some
other purpose (here 'u' and 'rm').


We do this, more or less, for sve:

# Three register operand, with governing predicate, vector element size
@rda_pg_rn_rm    esz:2 . rm:5  ... pg:3 rn:5 rd:5 \
&rprrr_esz ra=%reg_movprfx

where ra and rd overlap.  Though ra and rd overlap exactly, so perhaps that's 
not quite the same as vm above, overlapping both rm and index.



r~

Re: [PATCH 04/21] qdev: allow setting drive property for realized device

[Max Reitz]

On 17.05.21 08:44, Vladimir Sementsov-Ogievskiy wrote:

We need an ability to insert filters above top block node, attached to
block device. It can't be achieved with blockdev-reopen command. So, we
want do it with help of qom-set.

Intended usage:

1. blockdev-add, creating the filter, which child is at top node A,
attached to some guest block device.


Is a “not” missing here, i.e. “not attached to any guest block device”? 
 I would have thought one would create a filtered tree that is not in 
use by any frontend, so that the filter need not take any permissions.



2. qom-set, to change bs attached to root blk from original node to
newly create filter.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
  hw/core/qdev-properties-system.c | 30 ++
  1 file changed, 22 insertions(+), 8 deletions(-)


Looks good, just one question: (well, two, one was above)


diff --git a/hw/core/qdev-properties-system.c b/hw/core/qdev-properties-system.c
index 2760c21f11..7d97562654 100644
--- a/hw/core/qdev-properties-system.c
+++ b/hw/core/qdev-properties-system.c


[...]


@@ -196,6 +209,7 @@ static void release_drive(Object *obj, const char *name, 
void *opaque)
  const PropertyInfo qdev_prop_drive = {
  .name  = "str",
  .description = "Node name or ID of a block device to use as a backend",
+.realized_set_allowed = true,
  .get   = get_drive,
  .set   = set_drive,
  .release = release_drive,


Why not for qdev_prop_drive_iothread?

Max

Re: [Qemu-devel] [PATCH 7/7] target/xtensa: move non-HELPER functions to helper.c

[Max Filippov]

On Mon, May 17, 2021 at 8:25 AM Max Filippov  wrote:
>
> On Mon, May 17, 2021 at 6:10 AM Philippe Mathieu-Daudé  
> wrote:
> >
> > On 5/17/21 2:11 PM, Max Filippov wrote:
> > > On Mon, May 17, 2021 at 4:50 AM Max Filippov  wrote:
> > >>
> > >> Hi Philippe,
> > >>
> > >> On Sun, May 16, 2021 at 10:05 PM Philippe Mathieu-Daudé
> > >>  wrote:
> > >>>
> > >>> Hi Max,
> > >>>
> > >>> On Mon, Jan 14, 2019 at 8:52 AM Max Filippov  wrote:
> > 
> >  Move remaining non-HELPER functions from op_helper.c to helper.c.
> >  No functional changes.
> > 
> >  Signed-off-by: Max Filippov 
> >  ---
> >   target/xtensa/helper.c| 61 
> >  ---
> >   target/xtensa/op_helper.c | 56 
> >  ---
> >   2 files changed, 58 insertions(+), 59 deletions(-)
> > >>>
> >  +void xtensa_cpu_do_unaligned_access(CPUState *cs,
> >  +vaddr addr, MMUAccessType 
> >  access_type,
> >  +int mmu_idx, uintptr_t retaddr)
> >  +{
> >  +XtensaCPU *cpu = XTENSA_CPU(cs);
> >  +CPUXtensaState *env = &cpu->env;
> >  +
> >  +if (xtensa_option_enabled(env->config, 
> >  XTENSA_OPTION_UNALIGNED_EXCEPTION) &&
> >  +!xtensa_option_enabled(env->config, 
> >  XTENSA_OPTION_HW_ALIGNMENT)) {
> > >>>
> > >>> I know this is a simple code movement, but I wonder, what should
> > >>> happen when there is
> > >>> an unaligned fault and the options are disabled? Is this an impossible
> > >>> case (unreachable)?
> > >>
> > >> It should be unreachable when XTENSA_OPTION_UNALIGNED_EXCEPTION
> > >> is disabled. In that case the translation code generates access on 
> > >> aligned
> > >> addresses according to the xtensa ISA, see the function
> > >> gen_load_store_alignment in target/xtensa/translate.c
> > >
> > > There's also a case when both options are enabled, i.e. the
> > > xtensa core has support for transparent unaligned access.
> > > In that case the helper does nothing and the generic TCG
> > > code is supposed to deal with the unaligned access correctly,
> >
> > IIRC we can simplify as:
> >
> > -- >8 --
> > diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c
> > index eeffee297d1..6e8a6cdc99e 100644
> > --- a/target/xtensa/helper.c
> > +++ b/target/xtensa/helper.c
> > @@ -270,13 +270,14 @@ void xtensa_cpu_do_unaligned_access(CPUState *cs,
> >  XtensaCPU *cpu = XTENSA_CPU(cs);
> >  CPUXtensaState *env = &cpu->env;
> >
> > -if (xtensa_option_enabled(env->config,
> > XTENSA_OPTION_UNALIGNED_EXCEPTION) &&
> > -!xtensa_option_enabled(env->config, XTENSA_OPTION_HW_ALIGNMENT)) {
> > -cpu_restore_state(CPU(cpu), retaddr, true);
> > -HELPER(exception_cause_vaddr)(env,
> > -  env->pc, LOAD_STORE_ALIGNMENT_CAUSE,
> > -  addr);
> > -}
> > +assert(xtensa_option_enabled(env->config,
> > + XTENSA_OPTION_UNALIGNED_EXCEPTION));
>
> This part -- yes.
>
> > +assert(!xtensa_option_enabled(env->config,
> > XTENSA_OPTION_HW_ALIGNMENT));
>
> This part -- no, because the call to the TCGCPUOps::do_unaligned_access
> is unconditional

Oh, I've checked get_alignment_bits and now I see that it's conditional.
This change can be done then, but the translation part also needs to be changed
to put MO_UNALN on cores with XTENSA_OPTION_HW_ALIGNMENT.

-- 
Thanks.
-- Max

Re: [PATCH v5 0/7] eBPF RSS support for virtio-net

[Yuri Benditovich]

On Fri, May 14, 2021 at 4:43 PM Michael S. Tsirkin  wrote:
>
> On Thu, Mar 25, 2021 at 05:35:22PM +0200, Andrew Melnychenko wrote:
> > This set of patches introduces the usage of eBPF for packet steering
> > and RSS hash calculation:
> > * RSS(Receive Side Scaling) is used to distribute network packets to
> > guest virtqueues by calculating packet hash
> > * Additionally adding support for the usage of RSS with vhost
> >
> > The eBPF works on kernels 5.8+
> > On earlier kerneld it fails to load and the RSS feature is reported
> > only without vhost and implemented in 'in-qemu' software.
> >
> > Implementation notes:
> > Linux TAP TUNSETSTEERINGEBPF ioctl was used to set the eBPF program.
> > Added libbpf dependency and eBPF support.
> > The eBPF program is part of the qemu and presented as an array
> > of BPF ELF file data. The eBPF array file initially generated by bpftool.
> > The compilation of eBPF is not part of QEMU build and can be done
> > using provided Makefile.ebpf.
> > Added changes to virtio-net and vhost, primary eBPF RSS is used.
> > 'in-qemu' RSS used in the case of hash population and as a fallback option.
> > For vhost, the hash population feature is not reported to the guest.
> >
> > Please also see the documentation in PATCH 6/7.
>
> Reviewed-by: Michael S. Tsirkin 
>
> > Known issues:
> > * hash population not supported by eBPF RSS: 'in-qemu' RSS used
> > as a fallback, also, hash population feature is not reported to guests
> > with vhost.
>
> Could we instead fail init when RSS is requested and vhost is
> enabled? we can't do it for on by default features but we can
> for off by default ones ...
>
Of course this is possible.
I hope we do not need to stop the merge (it is in progress) and this
can be done in a separate patch and after some discussion.
Notes for the discussion:
1. We are not talking about RSS (it does not contradict with vhost
anymore), this is about "hash report".
2. Linux guest does not acknowledge this feature and for Linux VM
there is no motivation to enable it at all. So it looks like the issue
is minor, if any.
3. Currently we clear this feature with vhost but there is nothing
specific to the "hash report" feature; we clear it during a check of
vhost features (as well as other features dependent on vhost). If/when
this feature will be supported by the kernel - we'll not disable it
automatically. You suggest to fail the init for "hash + vhost"
explicitly without any special reason.
4. In general I think failing init is not the best behavior of qemu,
it is typically used in case of a really significant problem. Absence
of this feature is not something that leads to unexpected behavior or
significant performance loss.  Maybe a warning is enough?




> > * IPv6 extensions still in progress.
> >
> > Changes since v1:
> > * using libbpf instead of direct 'bpf' system call.
> > * added libbpf dependency to the configure/meson scripts.
> > * changed python script for eBPF .h file generation.
> > * changed eBPF program - reading L3 proto from ethernet frame.
> > * added TUNSETSTEERINGEBPF define for TUN.
> > * changed the maintainer's info.
> > * added license headers.
> > * refactored code.
> >
> > Changes since v2:
> > * using bpftool for eBPF skeleton generation.
> > * ebpf_rss is refactored to use skeleton generated by bpftool.
> > * added/adjasted license in comment sections and in eBPF file.
> > * rss.bpf.c and Makefile.ebpf moved to the tool/ebpf folder.
> > * virtio-net eBPF rss refactored. Now eBPF initialized during realize().
> >
> > Changes since v3:
> > * rebased to last master.
> > * fixed issue with failed build without libbpf.
> > * fixed ebpf loading without rss option.
> > * refactored labels in ebpf_rss.c
> >
> > Changes since v4:
> > * refactored configure/meson script.
> > * added checks for load_bytes in ebpf.
> > * documentation added to the index.
> > * refactored Makefile and rss.bpf.c.
> > * rebased to last master.
> >
> > Andrew (7):
> >   net/tap: Added TUNSETSTEERINGEBPF code.
> >   net: Added SetSteeringEBPF method for NetClientState.
> >   ebpf: Added eBPF RSS program.
> >   ebpf: Added eBPF RSS loader.
> >   virtio-net: Added eBPF RSS to virtio-net.
> >   docs: Added eBPF documentation.
> >   MAINTAINERS: Added eBPF maintainers information.
> >
> >  MAINTAINERS|   8 +
> >  configure  |   8 +-
> >  docs/devel/ebpf_rss.rst| 125 
> >  docs/devel/index.rst   |   1 +
> >  ebpf/ebpf_rss-stub.c   |  40 +++
> >  ebpf/ebpf_rss.c| 165 ++
> >  ebpf/ebpf_rss.h|  44 +++
> >  ebpf/meson.build   |   1 +
> >  ebpf/rss.bpf.skeleton.h| 423 +
> >  ebpf/trace-events  |   4 +
> >  ebpf/trace.h   |   2 +
> >  hw/net/vhost_net.c |   3 +
> >  hw/net/virtio-net.c| 115 ++-
> >  include/hw/virtio/virtio-net.h |   4 +
> >  include/net/net.h  |   2 

Re: [Qemu-devel] [PATCH 7/7] target/xtensa: move non-HELPER functions to helper.c

[Max Filippov]

On Mon, May 17, 2021 at 6:10 AM Philippe Mathieu-Daudé  wrote:
>
> On 5/17/21 2:11 PM, Max Filippov wrote:
> > On Mon, May 17, 2021 at 4:50 AM Max Filippov  wrote:
> >>
> >> Hi Philippe,
> >>
> >> On Sun, May 16, 2021 at 10:05 PM Philippe Mathieu-Daudé
> >>  wrote:
> >>>
> >>> Hi Max,
> >>>
> >>> On Mon, Jan 14, 2019 at 8:52 AM Max Filippov  wrote:
> 
>  Move remaining non-HELPER functions from op_helper.c to helper.c.
>  No functional changes.
> 
>  Signed-off-by: Max Filippov 
>  ---
>   target/xtensa/helper.c| 61 
>  ---
>   target/xtensa/op_helper.c | 56 
>  ---
>   2 files changed, 58 insertions(+), 59 deletions(-)
> >>>
>  +void xtensa_cpu_do_unaligned_access(CPUState *cs,
>  +vaddr addr, MMUAccessType 
>  access_type,
>  +int mmu_idx, uintptr_t retaddr)
>  +{
>  +XtensaCPU *cpu = XTENSA_CPU(cs);
>  +CPUXtensaState *env = &cpu->env;
>  +
>  +if (xtensa_option_enabled(env->config, 
>  XTENSA_OPTION_UNALIGNED_EXCEPTION) &&
>  +!xtensa_option_enabled(env->config, 
>  XTENSA_OPTION_HW_ALIGNMENT)) {
> >>>
> >>> I know this is a simple code movement, but I wonder, what should
> >>> happen when there is
> >>> an unaligned fault and the options are disabled? Is this an impossible
> >>> case (unreachable)?
> >>
> >> It should be unreachable when XTENSA_OPTION_UNALIGNED_EXCEPTION
> >> is disabled. In that case the translation code generates access on aligned
> >> addresses according to the xtensa ISA, see the function
> >> gen_load_store_alignment in target/xtensa/translate.c
> >
> > There's also a case when both options are enabled, i.e. the
> > xtensa core has support for transparent unaligned access.
> > In that case the helper does nothing and the generic TCG
> > code is supposed to deal with the unaligned access correctly,
>
> IIRC we can simplify as:
>
> -- >8 --
> diff --git a/target/xtensa/helper.c b/target/xtensa/helper.c
> index eeffee297d1..6e8a6cdc99e 100644
> --- a/target/xtensa/helper.c
> +++ b/target/xtensa/helper.c
> @@ -270,13 +270,14 @@ void xtensa_cpu_do_unaligned_access(CPUState *cs,
>  XtensaCPU *cpu = XTENSA_CPU(cs);
>  CPUXtensaState *env = &cpu->env;
>
> -if (xtensa_option_enabled(env->config,
> XTENSA_OPTION_UNALIGNED_EXCEPTION) &&
> -!xtensa_option_enabled(env->config, XTENSA_OPTION_HW_ALIGNMENT)) {
> -cpu_restore_state(CPU(cpu), retaddr, true);
> -HELPER(exception_cause_vaddr)(env,
> -  env->pc, LOAD_STORE_ALIGNMENT_CAUSE,
> -  addr);
> -}
> +assert(xtensa_option_enabled(env->config,
> + XTENSA_OPTION_UNALIGNED_EXCEPTION));

This part -- yes.

> +assert(!xtensa_option_enabled(env->config,
> XTENSA_OPTION_HW_ALIGNMENT));

This part -- no, because the call to the TCGCPUOps::do_unaligned_access
is unconditional and would happen on CPUs that have
XTENSA_OPTION_HW_ALIGNMENT enabled. They could have a different
CPUClass::tcg_ops, but I'm not sure it's worth it.

-- 
Thanks.
-- Max

[PATCH 5/5] docs: fix references to docs/devel/s390-dasd-ipl.rst

[Stefano Garzarella]

Commit cc3d15a5ea ("docs: rstfy s390 dasd ipl documentation")
converted docs/devel/s390-dasd-ipl.txt to docs/devel/s390-dasd-ipl.rst.

We still have several references to the old file, so let's fix them
with the following command:

  sed -i s/s390-dasd-ipl.txt/s390-dasd-ipl.rst/ \
  $(git grep -l docs/devel/s390-dasd-ipl.txt)

Signed-off-by: Stefano Garzarella 
---
 pc-bios/s390-ccw/dasd-ipl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pc-bios/s390-ccw/dasd-ipl.c b/pc-bios/s390-ccw/dasd-ipl.c
index 71cbae2f16..254bb1a15e 100644
--- a/pc-bios/s390-ccw/dasd-ipl.c
+++ b/pc-bios/s390-ccw/dasd-ipl.c
@@ -205,7 +205,7 @@ static void run_ipl2(SubChannelId schid, uint16_t cutype, 
uint32_t addr)
 
 /*
  * Limitations in vfio-ccw support complicate the IPL process. Details can
- * be found in docs/devel/s390-dasd-ipl.txt
+ * be found in docs/devel/s390-dasd-ipl.rst
  */
 void dasd_ipl(SubChannelId schid, uint16_t cutype)
 {
-- 
2.31.1

RE: [RFC PATCH v3 4/4] hw/arm/virt: Parse -smp cluster parameter in virt_smp_parse

[Salil Mehta]

> From: Qemu-devel
> [mailto:qemu-devel-bounces+salil.mehta=huawei@nongnu.org] On Behalf Of
> Yanan Wang
> Sent: Sunday, May 16, 2021 11:32 AM
> To: Peter Maydell ; Paolo Bonzini
> ; Andrew Jones ; Michael S . Tsirkin
> ; Igor Mammedov ; Shannon Zhao
> ; qemu-devel@nongnu.org; qemu-...@nongnu.org
> Cc: Song Bao Hua (Barry Song) ; Philippe
> Mathieu-Daudé ; wangyanan (Y) ;
> Zengtao (B) ; Wanghaibin (D)
> ; yuzenghui ; yangyicong
> ; zhukeqian 
> Subject: [RFC PATCH v3 4/4] hw/arm/virt: Parse -smp cluster parameter in
> virt_smp_parse
> 
> There is a separate function virt_smp_parse() in hw/virt/arm.c used
> to parse cpu topology for the ARM machines. So add parsing of -smp
> cluster parameter in it, then total number of logical cpus will be
> calculated like: max_cpus = sockets * clusters * cores * threads.
> 
> Note, we will assume multi-cluster in one socket is not supported
> and default the value of clusters to 1, if it's not explicitly
> specified in -smp cmdline.
> 
> Signed-off-by: Yanan Wang 
> ---
>  hw/arm/virt.c | 32 ++--
>  1 file changed, 18 insertions(+), 14 deletions(-)
> 
> diff --git a/hw/arm/virt.c b/hw/arm/virt.c
> index 7de822e491..678d5ef36c 100644
> --- a/hw/arm/virt.c
> +++ b/hw/arm/virt.c
> @@ -2642,8 +2642,8 @@ static int virt_kvm_type(MachineState *ms, const char
> *type_str)
>   * with the -smp cmdlines when parsing them.
>   *
>   * We require that at least one of cpus or maxcpus must be provided.
> - * Threads will default to 1 if not provided. Sockets and cores must
> - * be either both provided or both not.
> + * Clusters and threads will default to 1 if they are not provided.
> + * Sockets and cores must be either both provided or both not.
>   *
>   * Note, if neither sockets nor cores are specified, we will calculate
>   * all the missing values just like smp_parse() does, but will disable
> @@ -2652,15 +2652,18 @@ static int virt_kvm_type(MachineState *ms, const char
> *type_str)
>  static void virt_smp_parse(MachineState *ms, QemuOpts *opts)
>  {
>  VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(ms);
> +VirtMachineState *vms = VIRT_MACHINE(ms);
> 
>  if (opts) {
>  unsigned cpus = qemu_opt_get_number(opts, "cpus", 0);
>  unsigned maxcpus = qemu_opt_get_number(opts, "maxcpus", 0);
>  unsigned sockets = qemu_opt_get_number(opts, "sockets", 0);
> +unsigned clusters = qemu_opt_get_number(opts, "clusters", 0);
>  unsigned cores = qemu_opt_get_number(opts, "cores", 0);
>  unsigned threads = qemu_opt_get_number(opts, "threads", 0);
> 
> -/* Default threads to 1 if not provided */
> +/* Default clusters and threads to 1 if not provided */
> +clusters = clusters > 0 ? clusters : 1;
>  threads = threads > 0 ? threads : 1;
> 
>  if (cpus == 0 && maxcpus == 0) {
> @@ -2676,13 +2679,13 @@ static void virt_smp_parse(MachineState *ms, QemuOpts
> *opts)
>  cores = 1;
>  if (cpus == 0) {
>  sockets = 1;
> -cpus = sockets * cores * threads;
> +cpus = sockets * clusters * cores * threads;
>  } else {
>  maxcpus = maxcpus > 0 ? maxcpus : cpus;
> -sockets = maxcpus / (cores * threads);
> +sockets = maxcpus / (clusters * cores * threads);
>  }
>  } else if (sockets > 0 && cores > 0) {
> -cpus = cpus > 0 ? cpus : sockets * cores * threads;
> +cpus = cpus > 0 ? cpus : sockets * clusters * cores * threads;
>  maxcpus = maxcpus > 0 ? maxcpus : cpus;
>  } else {
>  error_report("sockets and cores must be both provided "
> @@ -2695,25 +2698,26 @@ static void virt_smp_parse(MachineState *ms, QemuOpts
> *opts)
>  exit(1);
>  }
> 
> -if (sockets * cores * threads < cpus) {
> +if (sockets * clusters * cores * threads < cpus) {
>  error_report("cpu topology: "
> - "sockets (%u) * cores (%u) * threads (%u) < "
> - "smp_cpus (%u)",
> - sockets, cores, threads, cpus);
> + "sockets (%u) * clusters (%u) * cores (%u) * "
> + "threads (%u) < smp_cpus (%u)",
> + sockets, clusters, cores, threads, cpus);
>  exit(1);
>  }
> 
> -if (sockets * cores * threads != maxcpus) {
> +if (sockets * clusters * cores * threads != maxcpus) {
>  error_report("cpu topology: "
> - "sockets (%u) * cores (%u) * threads (%u) "
> - "!= maxcpus (%u)",
> - sockets, cores, threads, maxcpus);
> + "sockets (%u) * clusters (%u) * cores (%u) * "
> + "threads (%u) != maxcpus (%u)",
> + sockets, clusters, cores, threads, maxcpus);
>

[PATCH 4/5] docs: fix references to docs/specs/tpm.rst

[Stefano Garzarella]

Commit 6e8a3ff6ed ("docs/specs/tpm: reST-ify TPM documentation")
converted docs/specs/tpm.txt to docs/specs/tpm.rst.

We still have several references to the old file, so let's fix them
with the following command:

  sed -i s/tpm.txt/tpm.rst/ $(git grep -l docs/specs/tpm.txt)

Signed-off-by: Stefano Garzarella 
---
 hw/acpi/tpm.c| 2 +-
 hw/tpm/tpm_ppi.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/acpi/tpm.c b/hw/acpi/tpm.c
index b96459e45b..cdc0227536 100644
--- a/hw/acpi/tpm.c
+++ b/hw/acpi/tpm.c
@@ -57,7 +57,7 @@ void tpm_build_ppi_acpi(TPMIf *tpm, Aml *dev)
aml_operation_region(
"TPP3", AML_SYSTEM_MEMORY,
aml_int(TPM_PPI_ADDR_BASE +
-   0x15a /* movv, docs/specs/tpm.txt */),
+   0x15a /* movv, docs/specs/tpm.rst */),
0x1));
 field = aml_field("TPP3", AML_BYTE_ACC, AML_NOLOCK, AML_PRESERVE);
 aml_append(field, aml_named_field("MOVV", 8));
diff --git a/hw/tpm/tpm_ppi.c b/hw/tpm/tpm_ppi.c
index 72d7a3d926..362edcc5c9 100644
--- a/hw/tpm/tpm_ppi.c
+++ b/hw/tpm/tpm_ppi.c
@@ -23,7 +23,7 @@
 
 void tpm_ppi_reset(TPMPPI *tpmppi)
 {
-if (tpmppi->buf[0x15a /* movv, docs/specs/tpm.txt */] & 0x1) {
+if (tpmppi->buf[0x15a /* movv, docs/specs/tpm.rst */] & 0x1) {
 GuestPhysBlockList guest_phys_blocks;
 GuestPhysBlock *block;
 
-- 
2.31.1

[PATCH 0/5] docs: fix references to files converted to rST

[Stefano Garzarella]

Trivial patches that fix references to old files in docs/ converted
to rST.

Broken references found running:

for f in $(git grep -oh "docs.*txt")
do
test -f "$f" || echo "$f not exists"
done

Stefano Garzarella (5):
  docs: fix references to docs/devel/tracing.rst
  docs: fix references to docs/devel/atomics.rst
  docs: fix references to docs/devel/build-system.rst
  docs: fix references to docs/specs/tpm.rst
  docs: fix references to docs/devel/s390-dasd-ipl.rst

 docs/devel/lockcnt.txt  | 2 +-
 include/qemu/atomic.h   | 4 ++--
 include/qemu/atomic128.h| 2 +-
 hw/acpi/tpm.c   | 2 +-
 hw/tpm/tpm_ppi.c| 2 +-
 pc-bios/s390-ccw/dasd-ipl.c | 2 +-
 MAINTAINERS | 4 ++--
 accel/kvm/trace-events  | 2 +-
 accel/tcg/trace-events  | 2 +-
 audio/trace-events  | 2 +-
 authz/trace-events  | 2 +-
 backends/tpm/trace-events   | 2 +-
 backends/trace-events   | 2 +-
 block/trace-events  | 2 +-
 chardev/trace-events| 2 +-
 crypto/trace-events | 2 +-
 hw/9pfs/trace-events| 2 +-
 hw/acpi/trace-events| 2 +-
 hw/adc/trace-events | 2 +-
 hw/alpha/trace-events   | 2 +-
 hw/arm/trace-events | 2 +-
 hw/audio/trace-events   | 2 +-
 hw/block/dataplane/trace-events | 2 +-
 hw/block/trace-events   | 2 +-
 hw/char/trace-events| 2 +-
 hw/display/trace-events | 2 +-
 hw/dma/trace-events | 2 +-
 hw/gpio/trace-events| 2 +-
 hw/hppa/trace-events| 2 +-
 hw/i2c/trace-events | 2 +-
 hw/i386/trace-events| 2 +-
 hw/i386/xen/trace-events| 2 +-
 hw/ide/trace-events | 2 +-
 hw/input/trace-events   | 2 +-
 hw/intc/trace-events| 2 +-
 hw/isa/trace-events | 2 +-
 hw/mem/trace-events | 2 +-
 hw/misc/macio/trace-events  | 2 +-
 hw/misc/trace-events| 2 +-
 hw/net/trace-events | 2 +-
 hw/nvram/trace-events   | 2 +-
 hw/pci-host/trace-events| 2 +-
 hw/pci/trace-events | 2 +-
 hw/ppc/trace-events | 2 +-
 hw/rdma/trace-events| 2 +-
 hw/rdma/vmw/trace-events| 2 +-
 hw/rtc/trace-events | 2 +-
 hw/s390x/trace-events   | 2 +-
 hw/scsi/trace-events| 2 +-
 hw/sd/trace-events  | 2 +-
 hw/sparc/trace-events   | 2 +-
 hw/sparc64/trace-events | 2 +-
 hw/timer/trace-events   | 2 +-
 hw/tpm/trace-events | 2 +-
 hw/usb/trace-events | 2 +-
 hw/vfio/trace-events| 2 +-
 hw/virtio/trace-events  | 2 +-
 hw/watchdog/trace-events| 2 +-
 hw/xen/trace-events | 2 +-
 io/trace-events | 2 +-
 linux-user/trace-events | 2 +-
 migration/trace-events  | 2 +-
 monitor/trace-events| 2 +-
 nbd/trace-events| 2 +-
 net/trace-events| 2 +-
 qapi/trace-events   | 2 +-
 qom/trace-events| 2 +-
 scripts/simpletrace.py  | 2 +-
 scsi/trace-events   | 2 +-
 softmmu/trace-events| 2 +-
 target/arm/trace-events | 2 +-
 target/hppa/trace-events| 2 +-
 target/i386/kvm/trace-events| 2 +-
 target/i386/trace-events| 2 +-
 target/mips/trace-events| 2 +-
 target/ppc/trace-events | 2 +-
 target/s390x/trace-events   | 2 +-
 target/sparc/trace-events   | 2 +-
 tcg/README  | 2 +-
 tests/qapi-schema/meson.build   | 2 +-
 trace-events| 2 +-
 ui/trace-events | 2 +-
 util/trace-events   | 2 +-
 83 files changed, 85 insertions(+), 85 deletions(-)

-- 
2.31.1

[PATCH 1/5] docs: fix references to docs/devel/tracing.rst

[Stefano Garzarella]

Commit e50caf4a5c ("tracing: convert documentation to rST")
converted docs/devel/tracing.txt to docs/devel/tracing.rst.

We still have several references to the old file, so let's fix them
with the following command:

  sed -i s/tracing.txt/tracing.rst/ $(git grep -l docs/devel/tracing.txt)

Signed-off-by: Stefano Garzarella 
---
 MAINTAINERS | 2 +-
 accel/kvm/trace-events  | 2 +-
 accel/tcg/trace-events  | 2 +-
 audio/trace-events  | 2 +-
 authz/trace-events  | 2 +-
 backends/tpm/trace-events   | 2 +-
 backends/trace-events   | 2 +-
 block/trace-events  | 2 +-
 chardev/trace-events| 2 +-
 crypto/trace-events | 2 +-
 hw/9pfs/trace-events| 2 +-
 hw/acpi/trace-events| 2 +-
 hw/adc/trace-events | 2 +-
 hw/alpha/trace-events   | 2 +-
 hw/arm/trace-events | 2 +-
 hw/audio/trace-events   | 2 +-
 hw/block/dataplane/trace-events | 2 +-
 hw/block/trace-events   | 2 +-
 hw/char/trace-events| 2 +-
 hw/display/trace-events | 2 +-
 hw/dma/trace-events | 2 +-
 hw/gpio/trace-events| 2 +-
 hw/hppa/trace-events| 2 +-
 hw/i2c/trace-events | 2 +-
 hw/i386/trace-events| 2 +-
 hw/i386/xen/trace-events| 2 +-
 hw/ide/trace-events | 2 +-
 hw/input/trace-events   | 2 +-
 hw/intc/trace-events| 2 +-
 hw/isa/trace-events | 2 +-
 hw/mem/trace-events | 2 +-
 hw/misc/macio/trace-events  | 2 +-
 hw/misc/trace-events| 2 +-
 hw/net/trace-events | 2 +-
 hw/nvram/trace-events   | 2 +-
 hw/pci-host/trace-events| 2 +-
 hw/pci/trace-events | 2 +-
 hw/ppc/trace-events | 2 +-
 hw/rdma/trace-events| 2 +-
 hw/rdma/vmw/trace-events| 2 +-
 hw/rtc/trace-events | 2 +-
 hw/s390x/trace-events   | 2 +-
 hw/scsi/trace-events| 2 +-
 hw/sd/trace-events  | 2 +-
 hw/sparc/trace-events   | 2 +-
 hw/sparc64/trace-events | 2 +-
 hw/timer/trace-events   | 2 +-
 hw/tpm/trace-events | 2 +-
 hw/usb/trace-events | 2 +-
 hw/vfio/trace-events| 2 +-
 hw/virtio/trace-events  | 2 +-
 hw/watchdog/trace-events| 2 +-
 hw/xen/trace-events | 2 +-
 io/trace-events | 2 +-
 linux-user/trace-events | 2 +-
 migration/trace-events  | 2 +-
 monitor/trace-events| 2 +-
 nbd/trace-events| 2 +-
 net/trace-events| 2 +-
 qapi/trace-events   | 2 +-
 qom/trace-events| 2 +-
 scripts/simpletrace.py  | 2 +-
 scsi/trace-events   | 2 +-
 softmmu/trace-events| 2 +-
 target/arm/trace-events | 2 +-
 target/hppa/trace-events| 2 +-
 target/i386/kvm/trace-events| 2 +-
 target/i386/trace-events| 2 +-
 target/mips/trace-events| 2 +-
 target/ppc/trace-events | 2 +-
 target/s390x/trace-events   | 2 +-
 target/sparc/trace-events   | 2 +-
 trace-events| 2 +-
 ui/trace-events | 2 +-
 util/trace-events   | 2 +-
 75 files changed, 75 insertions(+), 75 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 78561a223f..c9ab4c0f63 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2688,7 +2688,7 @@ F: scripts/tracetool.py
 F: scripts/tracetool/
 F: scripts/qemu-trace-stap*
 F: docs/tools/qemu-trace-stap.rst
-F: docs/devel/tracing.txt
+F: docs/devel/tracing.rst
 T: git https://github.com/stefanha/qemu.git tracing
 
 TPM
diff --git a/accel/kvm/trace-events b/accel/kvm/trace-events
index e15ae8980d..4d459dd745 100644
--- a/accel/kvm/trace-events
+++ b/accel/kvm/trace-events
@@ -1,4 +1,4 @@
-# See docs/devel/tracing.txt for syntax documentation.
+# See docs/devel/tracing.rst for syntax documentation.
 
 # kvm-all.c
 kvm_ioctl(int type, void *arg) "type 0x%x, arg %p"
diff --git a/accel/tcg/trace-events b/accel/tcg/trace-events
index 6eefb37f5d..59eab96f26 100644
--- a/accel/tcg/trace-events
+++ b/accel/tcg/trace-events
@@ -1,4 +1,4 @@
-# See docs/devel/tracing.txt for syntax documentation.
+# See docs/devel/tracing.rst for syntax documentation.
 
 # TCG related tracing
 # cpu-exec.c
diff --git a/audio/trace-events b/audio/trace-events
index 6aec535763..957c92337b 100644
--- a/audio/trace-events
+++ b/audio/trace-events
@@ -1,4 +1,4 @@
-# See docs/devel/tracing.txt for syntax documentation.
+# See docs/devel/tracing.rst for syntax documentation.
 
 # alsaaudio.c
 alsa_revents(int revents) "revents = %d"
diff --git a/authz/trace-events b/authz/trace-events
index e62ebb36b7..9c255dafb6 100644
--- a/authz/trace-events
+++ b/authz/trace-events
@@ -1,4 +1,4 @@
-# See docs/devel/tracing.txt for syntax documentation.
+# See docs/devel/tracing.rst for syntax docum

[PATCH 3/5] docs: fix references to docs/devel/build-system.rst

[Stefano Garzarella]

Commit a14f0bf165 ("docs: convert build system documentation to rST")
converted docs/devel/build-system.txt to docs/devel/build-system.rst.

We still have several references to the old file, so let's fix them
with the following command:

  sed -i s/build-system.txt/build-system.rst/ \
  $(git grep -l docs/devel/build-system.txt)

Signed-off-by: Stefano Garzarella 
---
 MAINTAINERS   | 2 +-
 tests/qapi-schema/meson.build | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index c9ab4c0f63..d74b26b8b6 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3355,7 +3355,7 @@ Documentation
 Build system architecture
 M: Daniel P. Berrange 
 S: Odd Fixes
-F: docs/devel/build-system.txt
+F: docs/devel/build-system.rst
 
 GIT Data Mining Config
 M: Alex Bennée 
diff --git a/tests/qapi-schema/meson.build b/tests/qapi-schema/meson.build
index d7163e6601..d96a300439 100644
--- a/tests/qapi-schema/meson.build
+++ b/tests/qapi-schema/meson.build
@@ -202,7 +202,7 @@ schemas = [
 
 # Because people may want to use test-qapi.py from the command line, we
 # are not using the "#! /usr/bin/env python3" trick here.  See
-# docs/devel/build-system.txt
+# docs/devel/build-system.rst
 test('QAPI schema regression tests', python, args: files('test-qapi.py', 
schemas),
  env: test_env, suite: ['qapi-schema', 'qapi-frontend'])
 
-- 
2.31.1

[PATCH 2/5] docs: fix references to docs/devel/atomics.rst

[Stefano Garzarella]

Commit 15e8699f00 ("atomics: convert to reStructuredText") converted
docs/devel/atomics.txt to docs/devel/atomics.rst.

We still have several references to the old file, so let's fix them
with the following command:

  sed -i s/atomics.txt/atomics.rst/ $(git grep -l docs/devel/atomics.txt)

Signed-off-by: Stefano Garzarella 
---
 docs/devel/lockcnt.txt   | 2 +-
 include/qemu/atomic.h| 4 ++--
 include/qemu/atomic128.h | 2 +-
 tcg/README   | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/devel/lockcnt.txt b/docs/devel/lockcnt.txt
index 2d85462fe3..a3fb3bc5d8 100644
--- a/docs/devel/lockcnt.txt
+++ b/docs/devel/lockcnt.txt
@@ -145,7 +145,7 @@ can also be more efficient in two ways:
 - on some platforms, one can implement QemuLockCnt to hold the lock
   and the mutex in a single word, making the fast path no more expensive
   than simply managing a counter using atomic operations (see
-  docs/devel/atomics.txt).  This can be very helpful if concurrent access to
+  docs/devel/atomics.rst).  This can be very helpful if concurrent access to
   the data structure is expected to be rare.
 
 
diff --git a/include/qemu/atomic.h b/include/qemu/atomic.h
index 8f4b3a80fb..3ccf84fd46 100644
--- a/include/qemu/atomic.h
+++ b/include/qemu/atomic.h
@@ -8,7 +8,7 @@
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
  *
- * See docs/devel/atomics.txt for discussion about the guarantees each
+ * See docs/devel/atomics.rst for discussion about the guarantees each
  * atomic primitive is meant to provide.
  */
 
@@ -432,7 +432,7 @@
  * sequentially consistent operations.
  *
  * As long as they are used as paired operations they are safe to
- * use. See docs/devel/atomics.txt for more discussion.
+ * use. See docs/devel/atomics.rst for more discussion.
  */
 
 #ifndef qatomic_mb_read
diff --git a/include/qemu/atomic128.h b/include/qemu/atomic128.h
index ad2bcf45b4..adb9a1a260 100644
--- a/include/qemu/atomic128.h
+++ b/include/qemu/atomic128.h
@@ -6,7 +6,7 @@
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
  *
- * See docs/devel/atomics.txt for discussion about the guarantees each
+ * See docs/devel/atomics.rst for discussion about the guarantees each
  * atomic primitive is meant to provide.
  */
 
diff --git a/tcg/README b/tcg/README
index 0cf9e2727c..8510d823e3 100644
--- a/tcg/README
+++ b/tcg/README
@@ -461,7 +461,7 @@ when MTTCG is enabled.
 The guest translators should generate this opcode for all guest instructions
 which have ordering side effects.
 
-Please see docs/devel/atomics.txt for more information on memory barriers.
+Please see docs/devel/atomics.rst for more information on memory barriers.
 
 * 64-bit guest on 32-bit host support
 
-- 
2.31.1

Re: [RFC PATCH v3 4/4] hw/arm/virt: Parse -smp cluster parameter in virt_smp_parse

[wangyanan (Y)]

Hi Drew,

On 2021/5/17 17:12, Andrew Jones wrote:

On Sun, May 16, 2021 at 06:32:28PM +0800, Yanan Wang wrote:

There is a separate function virt_smp_parse() in hw/virt/arm.c used
to parse cpu topology for the ARM machines. So add parsing of -smp
cluster parameter in it, then total number of logical cpus will be
calculated like: max_cpus = sockets * clusters * cores * threads.

Note, we will assume multi-cluster in one socket is not supported
and default the value of clusters to 1, if it's not explicitly
specified in -smp cmdline.

Signed-off-by: Yanan Wang 
---
  hw/arm/virt.c | 32 ++--
  1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 7de822e491..678d5ef36c 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2642,8 +2642,8 @@ static int virt_kvm_type(MachineState *ms, const char 
*type_str)
   * with the -smp cmdlines when parsing them.
   *
   * We require that at least one of cpus or maxcpus must be provided.
- * Threads will default to 1 if not provided. Sockets and cores must
- * be either both provided or both not.
+ * Clusters and threads will default to 1 if they are not provided.
+ * Sockets and cores must be either both provided or both not.
   *
   * Note, if neither sockets nor cores are specified, we will calculate
   * all the missing values just like smp_parse() does, but will disable
@@ -2652,15 +2652,18 @@ static int virt_kvm_type(MachineState *ms, const char 
*type_str)
  static void virt_smp_parse(MachineState *ms, QemuOpts *opts)
  {
  VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(ms);
+VirtMachineState *vms = VIRT_MACHINE(ms);
  
  if (opts) {

  unsigned cpus = qemu_opt_get_number(opts, "cpus", 0);
  unsigned maxcpus = qemu_opt_get_number(opts, "maxcpus", 0);
  unsigned sockets = qemu_opt_get_number(opts, "sockets", 0);
+unsigned clusters = qemu_opt_get_number(opts, "clusters", 0);
  unsigned cores = qemu_opt_get_number(opts, "cores", 0);
  unsigned threads = qemu_opt_get_number(opts, "threads", 0);
  
-/* Default threads to 1 if not provided */

+/* Default clusters and threads to 1 if not provided */
+clusters = clusters > 0 ? clusters : 1;
  threads = threads > 0 ? threads : 1;
  
  if (cpus == 0 && maxcpus == 0) {

@@ -2676,13 +2679,13 @@ static void virt_smp_parse(MachineState *ms, QemuOpts 
*opts)
  cores = 1;
  if (cpus == 0) {
  sockets = 1;
-cpus = sockets * cores * threads;
+cpus = sockets * clusters * cores * threads;
  } else {
  maxcpus = maxcpus > 0 ? maxcpus : cpus;
-sockets = maxcpus / (cores * threads);
+sockets = maxcpus / (clusters * cores * threads);
  }
  } else if (sockets > 0 && cores > 0) {
-cpus = cpus > 0 ? cpus : sockets * cores * threads;
+cpus = cpus > 0 ? cpus : sockets * clusters * cores * threads;
  maxcpus = maxcpus > 0 ? maxcpus : cpus;
  } else {
  error_report("sockets and cores must be both provided "
@@ -2695,25 +2698,26 @@ static void virt_smp_parse(MachineState *ms, QemuOpts 
*opts)
  exit(1);
  }
  
-if (sockets * cores * threads < cpus) {

+if (sockets * clusters * cores * threads < cpus) {
  error_report("cpu topology: "
- "sockets (%u) * cores (%u) * threads (%u) < "
- "smp_cpus (%u)",
- sockets, cores, threads, cpus);
+ "sockets (%u) * clusters (%u) * cores (%u) * "
+ "threads (%u) < smp_cpus (%u)",
+ sockets, clusters, cores, threads, cpus);
  exit(1);
  }
  
-if (sockets * cores * threads != maxcpus) {

+if (sockets * clusters * cores * threads != maxcpus) {
  error_report("cpu topology: "
- "sockets (%u) * cores (%u) * threads (%u) "
- "!= maxcpus (%u)",
- sockets, cores, threads, maxcpus);
+ "sockets (%u) * clusters (%u) * cores (%u) * "
+ "threads (%u) != maxcpus (%u)",
+ sockets, clusters, cores, threads, maxcpus);
  exit(1);
  }
  
  ms->smp.cpus = cpus;

  ms->smp.max_cpus = maxcpus;
  ms->smp.sockets = sockets;
+vms->smp_clusters = clusters;
  ms->smp.cores = cores;
  ms->smp.threads = threads;
  }
--
2.19.1


After reworking "[RFC PATCH v3 9/9] hw/arm/virt: Add separate -smp parsing
function for ARM machines", this should also be reworked and fully tested,
possibly using a standalone test, as as I suggested in the other review.

Ok, I will make full test.

Thanks,
Yanan

Thanks,
drew

.

Re: [RFC PATCH v3 1/4] vl.c: Add -smp, clusters=* command line support for ARM cpu

[wangyanan (Y)]

On 2021/5/17 17:07, Andrew Jones wrote:

On Sun, May 16, 2021 at 06:32:25PM +0800, Yanan Wang wrote:

In implementations of ARM architecture, at most there could be a
cpu hierarchy like "sockets/dies/clusters/cores/threads" defined.
For example, ARM64 server chip Kunpeng 920 totally has 2 sockets,
2 NUMA nodes (also means cpu dies) in each socket, 6 clusters in
each NUMA node, 4 cores in each cluster, and doesn't support SMT.
Clusters within the same NUMA share a L3 cache and cores within
the same cluster share a L2 cache.

The cache affinity of ARM cluster has been proved to improve the
kernel scheduling performance and a patchset has been posted, in
which a general sched_domain for clusters was added and a cluster
level was added in the arch-neutral cpu topology struct like below.

struct cpu_topology {
 int thread_id;
 int core_id;
 int cluster_id;
 int package_id;
 int llc_id;
 cpumask_t thread_sibling;
 cpumask_t core_sibling;
 cpumask_t cluster_sibling;
 cpumask_t llc_sibling;
}

In virtuallization, exposing the cluster level topology to guest
kernel may also improve the scheduling performance. So let's add
the -smp, clusters=* command line support for ARM cpu, then users
will be able to define a four-level cpu hierarchy for machines
and it will be sockets/clusters/cores/threads.

Because we only support clusters for ARM cpu currently, a new member
"smp_clusters" is only added to the VirtMachineState structure.

Signed-off-by: Yanan Wang 
---
  include/hw/arm/virt.h |  1 +
  qemu-options.hx   | 26 +++---
  softmmu/vl.c  |  3 +++
  3 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h
index f546dd2023..74fff9667b 100644
--- a/include/hw/arm/virt.h
+++ b/include/hw/arm/virt.h
@@ -156,6 +156,7 @@ struct VirtMachineState {
  char *pciehb_nodename;
  const int *irqmap;
  int fdt_size;
+unsigned smp_clusters;
  uint32_t clock_phandle;
  uint32_t gic_phandle;
  uint32_t msi_phandle;
diff --git a/qemu-options.hx b/qemu-options.hx
index bd97086c21..245eb415a6 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -184,25 +184,29 @@ SRST
  ERST
  
  DEF("smp", HAS_ARG, QEMU_OPTION_smp,

-"-smp 
[cpus=]n[,maxcpus=cpus][,cores=cores][,threads=threads][,dies=dies][,sockets=sockets]\n"
+"-smp 
[cpus=]n[,maxcpus=cpus][,cores=cores][,threads=threads][,clusters=clusters][,dies=dies][,sockets=sockets]\n"
  "set the number of CPUs to 'n' [default=1]\n"
  "maxcpus= maximum number of total cpus, including\n"
  "offline CPUs for hotplug, etc\n"
-"cores= number of CPU cores on one socket (for PC, it's on one 
die)\n"
+"cores= number of CPU cores on one socket\n"
+"(it's on one die for PC, and on one cluster for ARM)\n"
  "threads= number of threads on one CPU core\n"
+"clusters= number of CPU clusters on one socket (for ARM 
only)\n"
  "dies= number of CPU dies on one socket (for PC only)\n"
  "sockets= number of discrete sockets in the system\n",
  QEMU_ARCH_ALL)
  SRST
-``-smp 
[cpus=]n[,cores=cores][,threads=threads][,dies=dies][,sockets=sockets][,maxcpus=maxcpus]``
-Simulate an SMP system with n CPUs. On the PC target, up to 255 CPUs
-are supported. On Sparc32 target, Linux limits the number of usable
-CPUs to 4. For the PC target, the number of cores per die, the
-number of threads per cores, the number of dies per packages and the
-total number of sockets can be specified. Missing values will be
-computed. If any on the three values is given, the total number of
-CPUs n can be omitted. maxcpus specifies the maximum number of
-hotpluggable CPUs.
+``-smp 
[cpus=]n[,cores=cores][,threads=threads][,clusters=clusters][,dies=dies][,sockets=sockets][,maxcpus=maxcpus]``
+Simulate an SMP system with n CPUs. On the PC target, up to 255
+CPUs are supported. On the Sparc32 target, Linux limits the number
+of usable CPUs to 4. For the PC target, the number of threads per
+core, the number of cores per die, the number of dies per package
+and the total number of sockets can be specified. For the ARM target,
+the number of threads per core, the number of cores per cluster, the
+number of clusters per socket and the total number of sockets can be
+specified. And missing values will be computed. If any of the five

   ^ Why did you add this 'And'?

My fault.. I will drop it.

+values is given, the total number of CPUs n can be omitted.

The last two sentences are not valid for Arm, which requires most of its
parameters to be given.
Yes, indeed. I think I should state more *clearly* about these two 
sentences.

Will rearrange the Doc in v4.

Thanks,
Yanan

Maxcpus
+specifies the maxim

[Bug 1924912] Re: VirtIO drivers don't work on Windows: "GLib: Too many handles to wait for!" crash

[kleines Filmröllchen]

Moved to https://gitlab.com/qemu-project/qemu/-/issues/332

** Changed in: qemu
   Status: Incomplete => Fix Released

** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #332
   https://gitlab.com/qemu-project/qemu/-/issues/332

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1924912

Title:
  VirtIO drivers don't work on Windows: "GLib: Too many handles to wait
  for!" crash

Status in QEMU:
  Fix Released

Bug description:
  I ran SerenityOS  out of WSL2
  with native Windows QEMU. The system runs fine on the Linux QEMU (with
  Windows X-Server). However, with Windows QEMU I get a hard crash after
  the following output:

  ```
  [#0 colonel(0:0)]: Scheduler[0]: idle loop running
  [init_stage2(2:2)]: PCI [:00:00:00] PCI::ID [8086:1237]
  [init_stage2(2:2)]: PCI [:00:01:00] PCI::ID [8086:7000]
  [init_stage2(2:2)]: PCI [:00:01:01] PCI::ID [8086:7010]
  [init_stage2(2:2)]: PCI [:00:01:02] PCI::ID [8086:7020]
  [init_stage2(2:2)]: PCI [:00:01:03] PCI::ID [8086:7113]
  [init_stage2(2:2)]: PCI [:00:02:00] PCI::ID [1234:]
  [init_stage2(2:2)]: PCI [:00:03:00] PCI::ID [8086:2922]
  [init_stage2(2:2)]: PCI [:00:04:00] PCI::ID [1af4:1003]
  [init_stage2(2:2)]: PCI [:00:05:00] PCI::ID [1af4:1005]
  [init_stage2(2:2)]: PCI [:00:06:00] PCI::ID [8086:100e]
  [#0 init_stage2(2:2)]: BXVGA: framebuffer @ P0xf800
  [#0 init_stage2(2:2)]: BXVGADevice resolution set to 1024x768 (pitch=4096)
  [init_stage2(2:2)]: UHCI: Controller found PCI::ID [8086:7020] @ PCI 
[:00:01:02]
  [init_stage2(2:2)]: UHCI: I/O base IO c080
  [init_stage2(2:2)]: UHCI: Interrupt line: 11
  [#0 init_stage2(2:2)]: UHCI: Allocated framelist at physical address 
P0x00e4
  [#0 init_stage2(2:2)]: UHCI: Framelist is at virtual address V0xc115d000
  [#0 init_stage2(2:2)]: UHCI: QH(0xc115f000) @ 14946304: link_ptr=14946338, 
element_link_ptr=1
  [#0 init_stage2(2:2)]: UHCI: QH(0xc115f020) @ 14946336: link_ptr=14946370, 
element_link_ptr=1
  [#0 init_stage2(2:2)]: UHCI: QH(0xc115f040) @ 14946368: link_ptr=14946402, 
element_link_ptr=1
  [#0 init_stage2(2:2)]: UHCI: QH(0xc115f060) @ 14946400: link_ptr=14946434, 
element_link_ptr=1
  [#0 init_stage2(2:2)]: UHCI: QH(0xc115f080) @ 14946432: link_ptr=14958593, 
element_link_ptr=1
  [#0 init_stage2(2:2)]: UHCI: Reset completed
  [#0 init_stage2(2:2)]: UHCI: Started
  [#0 init_stage2(2:2)]: DMIExpose: SMBIOS 32bit Entry point @ P0x000f5870
  [#0 init_stage2(2:2)]: DMIExpose: Data table @ P0x000f5890
  [#0 init_stage2(2:2)]: VirtIOConsole: Found @ PCI [:00:04:00]
  [#0 init_stage2(2:2)]: Trying to unregister unused handler (?)
  [#0 init_stage2(2:2)]: VirtIOConsole: Multi port is not yet supported!
  [#0 init_stage2(2:2)]: VirtIOConsole: cols: 0, rows: 0, max nr ports 0
  qemu-system-i386.exe: warning: GLib: Too many handles to wait for!
  ```

  The lines starting with [ are SerenityOS output; QEMU warns "GLib: Too
  many handles to wait for!" and crashes right after (can't even Ctrl-C
  in the WSL command line, force-close in Windows necessary). A window
  is still spawned but as the OS already switched out of text mode, just
  a black screen is visible as QEMU crashes.

  I first thought this to be an issue with SerenityOS and reported it
  over there: . The
  kernel devs pointed out that this seems to be a VirtIO driver/device
  issue on the Windows build of QEMU, because the Serenity kernel tries
  to initialize VirtIO devices which apparently crashes QEMU. There will
  be mitigations from the SerenityOS side (by allowing to disable VirtIO
  on boot) but it would of course be great if QEMU handled this
  properly.

  Version info: Both QEMU 6.0.0-rc3 and 5.2.0 exhibit this issue.
  Windows release is 20H2, WSL2 is running Debian 10.9. SerenityOS has
  no proper version but it was reproduced on the most current commits as
  of 18/04/2021.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1924912/+subscriptions

Re: [RFC PATCH v3 3/9] hw/arm/virt: Add cpu-map to device tree

[wangyanan (Y)]

Hi Drew,

On 2021/5/17 14:41, Andrew Jones wrote:

On Sun, May 16, 2021 at 06:28:54PM +0800, Yanan Wang wrote:

From: Andrew Jones 

Support device tree CPU topology descriptions.

In accordance with the Devicetree Specification, the Linux Doc
"arm/cpus.yaml" requires that cpus and cpu nodes in the DT are
present. And we meet the requirement by creating /cpus/cpu@*
nodes for members within ms->smp.cpus.

Correspondingly, we should also create subnodes in cpu-map for
the present cpus, each of which relates to an unique cpu node.

Signed-off-by: Andrew Jones 
Co-developed-by: Yanan Wang 
Signed-off-by: Yanan Wang 
---
  hw/arm/virt.c | 41 -
  1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index c07841e3a4..e5dcdebdbc 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -349,10 +349,11 @@ static void fdt_add_cpu_nodes(const VirtMachineState *vms)
  int cpu;
  int addr_cells = 1;
  const MachineState *ms = MACHINE(vms);
+const VirtMachineClass *vmc = VIRT_MACHINE_GET_CLASS(vms);
  int smp_cpus = ms->smp.cpus;
  
  /*

- * From Documentation/devicetree/bindings/arm/cpus.txt
+ *  See Linux Documentation/devicetree/bindings/arm/cpus.yaml

Rather than aligning the top line with the lower lines, we could remove
the extra space from the lower lines. Or, leave the formatting as it was,
by putting 'See' where 'From' was, like I did in my original patch.

I think I prefer removing the extra space from the lower lines, which is
the right thing to do.

   *  On ARM v8 64-bit systems value should be set to 2,
   *  that corresponds to the MPIDR_EL1 register size.
   *  If MPIDR_EL1[63:32] value is equal to 0 on all CPUs
@@ -405,8 +406,46 @@ static void fdt_add_cpu_nodes(const VirtMachineState *vms)
  ms->possible_cpus->cpus[cs->cpu_index].props.node_id);
  }
  
+if (!vmc->no_cpu_topology) {

+qemu_fdt_setprop_cell(ms->fdt, nodename, "phandle",
+  qemu_fdt_alloc_phandle(ms->fdt));
+}
+
  g_free(nodename);
  }
+
+if (!vmc->no_cpu_topology) {
+/*
+ * See Linux Documentation/devicetree/bindings/cpu/cpu-topology.txt
+ * In a SMP system, the hierarchy of CPUs is defined through four
+ * entities that are used to describe the layout of physical CPUs

s/entities/levels/

Above comment was completely from Linux Doc cpu-topology.txt. See [1].
I think entities may be more reasonable than levels here, since there can be
multiple levels of clusters in cpu-map which makes the total not four.

[1] 
https://github.com/torvalds/linux/blob/master/Documentation/devicetree/bindings/cpu/cpu-topology.txt

+ * in the system: socket/cluster/core/thread.

The comment says there are four levels including 'cluster', but there's no
'cluster' below.

According to Doc [1] (line 114), a socket node's child nodes must be
*one or more* cluster nodes which means cluster is mandatory to be
socket's child in DT.

So I think maybe we should just keep the comment as-is, and change
the map-path from /cpus/cpu-map/socket*/cores*/threads* to
/cpus/cpu-map/socket*/cluster0/cores*/threads* in this patch?

Thanks,
Yanan

+ */
+qemu_fdt_add_subnode(ms->fdt, "/cpus/cpu-map");
+
+for (cpu = smp_cpus - 1; cpu >= 0; cpu--) {
+char *cpu_path = g_strdup_printf("/cpus/cpu@%d", cpu);
+char *map_path;
+
+if (ms->smp.threads > 1) {
+map_path = g_strdup_printf(
+"/cpus/cpu-map/%s%d/%s%d/%s%d",
+"socket", cpu / (ms->smp.cores * ms->smp.threads),
+"core", (cpu / ms->smp.threads) % ms->smp.cores,
+"thread", cpu % ms->smp.threads);
+} else {
+map_path = g_strdup_printf(
+"/cpus/cpu-map/%s%d/%s%d",
+"socket", cpu / ms->smp.cores,
+"core", cpu % ms->smp.cores);
+}
+qemu_fdt_add_path(ms->fdt, map_path);
+qemu_fdt_setprop_phandle(ms->fdt, map_path, "cpu", cpu_path);
+
+g_free(map_path);
+g_free(cpu_path);
+}
+}
  }
  
  static void fdt_add_its_gic_node(VirtMachineState *vms)

--
2.19.1


Thanks,
drew

.

Re: [PATCH v2 3/7] ACPI ERST: support for ACPI ERST feature

[Eric DeVolder]

Hi Igor,
I've been working to transition ERST to use the hostmem-file object as the 
backing store, as requested.

I have the backend-file object now in ERST, and I have a question for you. This 
hostmem-file initializes
itself from a file, but in looking at the code, I do not see that it ever 
writes back to the file!? Furthermore,
I don't see a "flush" type method to force writeback of data in the object back 
to file?

The original ERST code would flush/write to the backing file each record as it 
was created. I don't see
any equivalent way of doing that with hostmem-file?

Please point out where I am misunderstanding.

Thanks,
eric


From: Igor Mammedov 
Sent: Monday, May 3, 2021 12:07 PM
To: Eric DeVolder 
Cc: ehabk...@redhat.com ; m...@redhat.com 
; Konrad Wilk ; qemu-devel@nongnu.org 
; pbonz...@redhat.com ; Boris 
Ostrovsky ; r...@twiddle.net ; 
jus...@redhat.com 
Subject: Re: [PATCH v2 3/7] ACPI ERST: support for ACPI ERST feature

On Mon, 3 May 2021 15:49:28 +
Eric DeVolder  wrote:

> Igor,
> I've rebased the original patches on to qemu-v6.0.0-rc4, and finally have 
> everything working as it previously did.
> I've started now to work to incorporate the HostMemoryBackendFile; that is 
> progressing.
> My question for you today is with regard to placing ERST device on PCI. The 
> PCI example provided is a template device, and while I do find that helpful, 
> I still do not understand how the ERST Actions, which contain GAS for 
> describing the register accesses, would be patched/linked when a PCI bar is 
> assigned. Or is there perhaps another way of obtaining the PCI BAR using ACPI 
> semantics?

current order of initialization is,
 0. QEMU builds initial ACPI tables (unpatched, mainly used to gauge total size 
of ACPI tables) and starts guest
 1. guest firmware initializes PCI devices (including BARs)
 2. guest reads ACPI tables from QEMU(via fwcfg)
 2.1 reading ACPI tables traps into QEMU and QEMU rebuilds all ACPI tables 
(including ERST)
  at this time one can get info from PCI devices (probably 
pci_get_bar_addr() is what you are looking for)
  that were initialized by firmware and build tables using address.
  Maybe it will need dynamic tables patching but lets get to that only if 
rebuilding table won't be enough



> Thanks,
> eric
>
> 
> From: Igor Mammedov 
> Sent: Wednesday, April 14, 2021 4:17 AM
> To: Eric DeVolder 
> Cc: ehabk...@redhat.com ; m...@redhat.com 
> ; Konrad Wilk ; 
> qemu-devel@nongnu.org ; pbonz...@redhat.com 
> ; Boris Ostrovsky ; 
> r...@twiddle.net ; jus...@redhat.com 
> Subject: Re: [PATCH v2 3/7] ACPI ERST: support for ACPI ERST feature
>
> On Fri, 9 Apr 2021 15:54:47 +
> Eric DeVolder  wrote:
>
> > Hi Igor,
> > Thank you for reviewing. I've responded inline below.
> > eric
> >
> > 
> > From: Igor Mammedov 
> > Sent: Tuesday, April 6, 2021 2:31 PM
> > To: Eric DeVolder 
> > Cc: m...@redhat.com ; marcel.apfelb...@gmail.com 
> > ; pbonz...@redhat.com ; 
> > r...@twiddle.net ; ehabk...@redhat.com 
> > ; qemu-devel@nongnu.org ; Boris 
> > Ostrovsky ; kw...@oracle.com 
> > Subject: Re: [PATCH v2 3/7] ACPI ERST: support for ACPI ERST feature
> >
> > On Mon,  8 Feb 2021 15:57:55 -0500
> > Eric DeVolder  wrote:
> >
> > > This change implements the support for the ACPI ERST feature[1,2].
> > >
> > > The size of the ACPI ERST storage is declared via the QEMU
> > > global parameter acpi-erst.size. The size can range from 64KiB
> > > to to 64MiB. The default is 64KiB.
> > >
> > > The location of the ACPI ERST storage backing file is delared
> > > via the QEMU global parameter acpi-erst.filename. The default
> > > is acpi-erst.backing.
> > >
> > > [1] "Advanced Configuration and Power Interface Specification",
> > > version 6.2, May 2017.
> > > https://www.uefi.org/sites/default/files/resources/ACPI_6_2.pdf
> > >
> > > [2] "Unified Extensible Firmware Interface Specification",
> > > version 2.8, March 2019.
> > > https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_final.pdf
> > >
> > > Signed-off-by: Eric DeVolder 
> >
> > items 2/4/5 from v1 review still need to be addressed.
> >
> > >
> > > 2. patch is too big to review, please split it up in smaller chunks.
> > >
> > > EJD: Done.
> >
> > (separating a header and a makefile rule doesn't make much sense)
> >
> > it should be split at least on part that implements device model and ACPI 
> > parts
> >
> > EJD: I'll rebase this patch set on qemu-6 and accommodate your suggestions 
> > with how to split/organize the patch set.
> >
> > [...]
> > >
> > > 4. Maybe instead of SYSBUS device, implement it as a PCI device and
> > >use its BAR/control registers for pstore storage and control interface.
> > >It could save you headache of picking address where to map it +
> > >it would take care of migration part automatically, as firmware
> > >would do it for you and then QEMU could 

Re: [PATCH 14/14] machine: add smp compound property

[Igor Mammedov]

On Thu, 13 May 2021 12:29:01 -0400
Paolo Bonzini  wrote:

> Make -smp syntactic sugar for a compound property "-machine
> smp.{cores,threads,cpu,...}".  machine_smp_parse is replaced by the
> setter for the property.
> 
> numa-test will now cover the new syntax, while other tests
> still use -smp.
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  hw/core/machine.c   | 108 +---
>  softmmu/vl.c|  33 +---
>  tests/qtest/numa-test.c |  22 
>  3 files changed, 95 insertions(+), 68 deletions(-)
> 
> diff --git a/hw/core/machine.c b/hw/core/machine.c
> index 55e878fc3e..f33c9ce78c 100644
> --- a/hw/core/machine.c
> +++ b/hw/core/machine.c
> @@ -19,6 +19,7 @@
>  #include "hw/loader.h"
>  #include "qapi/error.h"
>  #include "qapi/qapi-visit-common.h"
> +#include "qapi/qapi-visit-machine.h"
>  #include "qapi/visitor.h"
>  #include "hw/sysbus.h"
>  #include "sysemu/cpus.h"
> @@ -797,6 +798,57 @@ static void smp_parse(MachineState *ms, SMPConfiguration 
> *config, Error **errp)
>  ms->smp.sockets = sockets;
>  }
>  
> +static void machine_get_smp(Object *obj, Visitor *v, const char *name,
> +void *opaque, Error **errp)
> +{
> +MachineState *ms = MACHINE(obj);
> +SMPConfiguration *config = &(SMPConfiguration){
> +.has_cores = true, .cores = ms->smp.cores,
> +.has_sockets = true, .sockets = ms->smp.sockets,
> +.has_dies = true, .dies = ms->smp.dies,
> +.has_threads = true, .threads = ms->smp.threads,
> +.has_cpus = true, .cpus = ms->smp.cpus,
> +.has_maxcpus = true, .maxcpus = ms->smp.max_cpus,
> +};

why did you choose to set all has_foo to true?

> +if (!visit_type_SMPConfiguration(v, name, &config, &error_abort)) {
> +return;
> +}
> +}
> +
> +static void machine_set_smp(Object *obj, Visitor *v, const char *name,
> +void *opaque, Error **errp)
> +{
> +MachineClass *mc = MACHINE_GET_CLASS(obj);
> +MachineState *ms = MACHINE(obj);
> +SMPConfiguration *config;
> +ERRP_GUARD();
> +
> +if (!visit_type_SMPConfiguration(v, name, &config, errp)) {
> +return;
> +}
> +
> +mc->smp_parse(ms, config, errp);
> +if (errp) {
> +goto out_free;
> +}
> +
> +/* sanity-check smp_cpus and max_cpus against mc */
> +if (ms->smp.cpus < mc->min_cpus) {
> +error_setg(errp, "Invalid SMP CPUs %d. The min CPUs "
> +   "supported by machine '%s' is %d",
> +   ms->smp.cpus,
> +   mc->name, mc->min_cpus);
> +} else if (ms->smp.max_cpus > mc->max_cpus) {
> +error_setg(errp, "Invalid SMP CPUs %d. The max CPUs "
> +   "supported by machine '%s' is %d",
> +   current_machine->smp.max_cpus,
> +   mc->name, mc->max_cpus);
> +}
> +
> +out_free:
> +qapi_free_SMPConfiguration(config);
> +}
> +
>  static void machine_class_init(ObjectClass *oc, void *data)
>  {
>  MachineClass *mc = MACHINE_CLASS(oc);
> @@ -836,6 +888,12 @@ static void machine_class_init(ObjectClass *oc, void 
> *data)
>  object_class_property_set_description(oc, "dumpdtb",
>  "Dump current dtb to a file and quit");
>  
> +object_class_property_add(oc, "smp", "SMPConfiguration",
> +machine_get_smp, machine_set_smp,
> +NULL, NULL);
> +object_class_property_set_description(oc, "smp",
> +"CPU topology");
> +
>  object_class_property_add(oc, "phandle-start", "int",
>  machine_get_phandle_start, machine_set_phandle_start,
>  NULL, NULL);
> @@ -1124,56 +1182,6 @@ MemoryRegion *machine_consume_memdev(MachineState 
> *machine,
>  return ret;
>  }
>  
> -bool machine_smp_parse(MachineState *ms, QemuOpts *opts, Error **errp)
> -{
> -MachineClass *mc = MACHINE_GET_CLASS(ms);
> -ERRP_GUARD();
> -
> -if (opts) {
> -SMPConfiguration config = {
> -.has_cpus = !!qemu_opt_get(opts, "cpus"),
> -.cpus = qemu_opt_get_number(opts, "cpus", 0),
> -.has_sockets = !!qemu_opt_get(opts, "sockets"),
> -.sockets = qemu_opt_get_number(opts, "sockets", 0),
> -.has_dies = !!qemu_opt_get(opts, "dies"),
> -.dies = qemu_opt_get_number(opts, "dies", 0),
> -.has_cores = !!qemu_opt_get(opts, "cores"),
> -.cores = qemu_opt_get_number(opts, "cores", 0),
> -.has_threads = !!qemu_opt_get(opts, "threads"),
> -.threads = qemu_opt_get_number(opts, "threads", 0),
> -.has_maxcpus = !!qemu_opt_get(opts, "maxcpus"),
> -.maxcpus = qemu_opt_get_number(opts, "maxcpus", 0),
> -};
> -
> -mc->smp_parse(ms, &config, errp);
> -if (*errp) {
> -return false;
> -}
> -}
> -
> -/* sanity-check smp_cpus and max_cpus against mc */
> -if (ms->smp.cpus < mc->min_cpus) {
> -error_setg(errp,

[PATCH v3 3/5] blkdebug: track all actions

[Emanuele Giuseppe Esposito]

Add a counter for each action that a rule can trigger.
This is mainly used to keep track of how many coroutine_yield()
we need to perform after processing all rules in the list.

Co-developed-by: Paolo Bonzini 
Signed-off-by: Emanuele Giuseppe Esposito 
---
 block/blkdebug.c | 17 -
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/block/blkdebug.c b/block/blkdebug.c
index e37f999254..388b5ed615 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -74,6 +74,7 @@ enum {
 ACTION_INJECT_ERROR,
 ACTION_SET_STATE,
 ACTION_SUSPEND,
+ACTION__MAX,
 };
 
 typedef struct BlkdebugRule {
@@ -791,22 +792,22 @@ static void suspend_request(BlockDriverState *bs, 
BlkdebugRule *rule)
 qemu_coroutine_yield();
 }
 
-static bool process_rule(BlockDriverState *bs, struct BlkdebugRule *rule,
-bool injected)
+static void process_rule(BlockDriverState *bs, struct BlkdebugRule *rule,
+ int *action_count)
 {
 BDRVBlkdebugState *s = bs->opaque;
 
 /* Only process rules for the current state */
 if (rule->state && rule->state != s->state) {
-return injected;
+return;
 }
 
 /* Take the action */
+action_count[rule->action]++;
 switch (rule->action) {
 case ACTION_INJECT_ERROR:
-if (!injected) {
+if (action_count[ACTION_INJECT_ERROR] == 1) {
 QSIMPLEQ_INIT(&s->active_rules);
-injected = true;
 }
 QSIMPLEQ_INSERT_HEAD(&s->active_rules, rule, active_next);
 break;
@@ -819,21 +820,19 @@ static bool process_rule(BlockDriverState *bs, struct 
BlkdebugRule *rule,
 suspend_request(bs, rule);
 break;
 }
-return injected;
 }
 
 static void blkdebug_debug_event(BlockDriverState *bs, BlkdebugEvent event)
 {
 BDRVBlkdebugState *s = bs->opaque;
 struct BlkdebugRule *rule, *next;
-bool injected;
+int actions_count[ACTION__MAX] = { 0 };
 
 assert((int)event >= 0 && event < BLKDBG__MAX);
 
-injected = false;
 s->new_state = s->state;
 QLIST_FOREACH_SAFE(rule, &s->rules[event], next, next) {
-injected = process_rule(bs, rule, injected);
+process_rule(bs, rule, actions_count);
 }
 s->state = s->new_state;
 }
-- 
2.30.2

Re: [PATCH 1/3] virtiofsd: Find original inode ID of mount points

[Vivek Goyal]

On Wed, May 12, 2021 at 02:55:42PM +0200, Max Reitz wrote:
> Mount point directories represent two inodes: On one hand, they are a
> normal directory on their parent filesystem.  On the other, they are the
> root node of the filesystem mounted there.  Thus, they have two inode
> IDs.
> 
> Right now, we only report the latter inode ID (i.e. the inode ID of the
> mounted filesystem's root node).  This is fine once the guest has
> auto-mounted a submount there (so this inode ID goes with a device ID
> that is distinct from the parent filesystem), but before the auto-mount,
> they have the device ID of the parent and the inode ID for the submount.
> This is problematic because this is likely exactly the same
> st_dev/st_ino combination as the parent filesystem's root node.  This
> leads to problems for example with `find`, which will thus complain
> about a filesystem loop if it has visited the parent filesystem's root
> node before, and then refuse to descend into the submount.
> 
> There is a way to find the mount directory's original inode ID, and that
> is to readdir(3) the parent directory, look for the mount directory, and
> read the dirent.d_ino field.  Using this, we can let lookup and
> readdirplus return that original inode ID, which the guest will thus
> show until the submount is auto-mounted.  (Then, it will invoke getattr
> and that stat(2) call will return the inode ID for the submount.)
> 
> Signed-off-by: Max Reitz 
> ---
>  tools/virtiofsd/passthrough_ll.c | 104 +--
>  1 file changed, 99 insertions(+), 5 deletions(-)
> 
> diff --git a/tools/virtiofsd/passthrough_ll.c 
> b/tools/virtiofsd/passthrough_ll.c
> index 1553d2ef45..110b6e7e5b 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -968,14 +968,87 @@ static int do_statx(struct lo_data *lo, int dirfd, 
> const char *pathname,
>  return 0;
>  }
>  
> +/*
> + * Use readdir() to find mp_name's inode ID on the parent's filesystem.
> + * (For mount points, stat() will only return the inode ID on the
> + * filesystem mounted there, i.e. the root directory's inode ID.  The
> + * mount point originally was a directory on the parent filesystem,
> + * though, and so has a different inode ID there.  When passing
> + * submount information to the guest, we need to pass this other ID,
> + * so the guest can use it as the inode ID until the submount is
> + * auto-mounted.  (At which point the guest will invoke getattr and
> + * find the inode ID on the submount.))
> + *
> + * Return 0 on success, and -errno otherwise.  *pino is set only in
> + * case of success.
> + */
> +static int get_mp_ino_on_parent(const struct lo_inode *dir, const char 
> *mp_name,
> +ino_t *pino)
> +{
> +int dirfd = -1;
> +int ret;
> +DIR *dp = NULL;
> +
> +dirfd = openat(dir->fd, ".", O_RDONLY);
> +if (dirfd < 0) {
> +ret = -errno;
> +goto out;
> +}
> +
> +dp = fdopendir(dirfd);
> +if (!dp) {
> +ret = -errno;
> +goto out;
> +}
> +/* Owned by dp now */
> +dirfd = -1;
> +
> +while (true) {
> +struct dirent *de;
> +
> +errno = 0;
> +de = readdir(dp);
> +if (!de) {
> +ret = errno ? -errno : -ENOENT;
> +goto out;
> +}
> +
> +if (!strcmp(de->d_name, mp_name)) {
> +*pino = de->d_ino;
> +ret = 0;
> +goto out;
> +}
> +}
> +
> +out:
> +if (dp) {
> +closedir(dp);
> +}
> +if (dirfd >= 0) {
> +close(dirfd);
> +}
> +return ret;
> +}
> +
>  /*
>   * Increments nlookup on the inode on success. unref_inode_lolocked() must be
>   * called eventually to decrement nlookup again. If inodep is non-NULL, the
>   * inode pointer is stored and the caller must call lo_inode_put().
> + *
> + * If parent_fs_st_ino is true, the entry is a mount point, and submounts are
> + * announced to the guest, set e->attr.st_ino to the entry's inode ID on its
> + * parent filesystem instead of its inode ID on the filesystem mounted on it.
> + * (For mount points, the entry encompasses two inodes: One on the parent FS,
> + * and one on the mounted FS (where it is the root node), so it has two inode
> + * IDs.  When looking up entries, we should show the guest the parent FS's 
> inode
> + * ID, because as long as the guest has not auto-mounted the submount, it 
> should
> + * see that original ID.  Once it does perform the auto-mount, it will invoke
> + * getattr and see the root node's inode ID.)
>   */
>  static int lo_do_lookup(fuse_req_t req, fuse_ino_t parent, const char *name,
>  struct fuse_entry_param *e,
> -struct lo_inode **inodep)
> +struct lo_inode **inodep,
> +bool parent_fs_st_ino)
>  {
>  int newfd;
>  int res;
> @@ -984,6 +1057,7 @@ static int lo_do_lookup(fuse_req_t 

[PATCH v3 1/5] blkdebug: refactor removal of a suspended request

[Emanuele Giuseppe Esposito]

Extract to a separate function.  Do not rely on FOREACH_SAFE, which is
only "safe" if the *current* node is removed---not if another node is
removed.  Instead, just walk the entire list from the beginning when
asked to resume all suspended requests with a given tag.

Co-developed-by: Paolo Bonzini 
Signed-off-by: Emanuele Giuseppe Esposito 
---
 block/blkdebug.c | 28 +---
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/block/blkdebug.c b/block/blkdebug.c
index 2c0b9b0ee8..8f19d991fa 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -793,7 +793,6 @@ static void suspend_request(BlockDriverState *bs, 
BlkdebugRule *rule)
 printf("blkdebug: Resuming request '%s'\n", r.tag);
 }
 
-QLIST_REMOVE(&r, next);
 g_free(r.tag);
 }
 
@@ -869,25 +868,35 @@ static int blkdebug_debug_breakpoint(BlockDriverState 
*bs, const char *event,
 return 0;
 }
 
-static int blkdebug_debug_resume(BlockDriverState *bs, const char *tag)
+static int resume_req_by_tag(BDRVBlkdebugState *s, const char *tag, bool all)
 {
-BDRVBlkdebugState *s = bs->opaque;
-BlkdebugSuspendedReq *r, *next;
+BlkdebugSuspendedReq *r;
 
-QLIST_FOREACH_SAFE(r, &s->suspended_reqs, next, next) {
+retry:
+QLIST_FOREACH(r, &s->suspended_reqs, next) {
 if (!strcmp(r->tag, tag)) {
+QLIST_REMOVE(r, next);
 qemu_coroutine_enter(r->co);
+if (all) {
+goto retry;
+}
 return 0;
 }
 }
 return -ENOENT;
 }
 
+static int blkdebug_debug_resume(BlockDriverState *bs, const char *tag)
+{
+BDRVBlkdebugState *s = bs->opaque;
+
+return resume_req_by_tag(s, tag, false);
+}
+
 static int blkdebug_debug_remove_breakpoint(BlockDriverState *bs,
 const char *tag)
 {
 BDRVBlkdebugState *s = bs->opaque;
-BlkdebugSuspendedReq *r, *r_next;
 BlkdebugRule *rule, *next;
 int i, ret = -ENOENT;
 
@@ -900,11 +909,8 @@ static int 
blkdebug_debug_remove_breakpoint(BlockDriverState *bs,
 }
 }
 }
-QLIST_FOREACH_SAFE(r, &s->suspended_reqs, next, r_next) {
-if (!strcmp(r->tag, tag)) {
-qemu_coroutine_enter(r->co);
-ret = 0;
-}
+if (resume_req_by_tag(s, tag, true) == 0) {
+ret = 0;
 }
 return ret;
 }
-- 
2.30.2

Re: [PATCH v12 1/8] arm64: mte: Handle race when synchronising tags

[Steven Price]

On 17/05/2021 15:03, Marc Zyngier wrote:
> Hi Steven,

Hi Marc,

> On Mon, 17 May 2021 13:32:32 +0100,
> Steven Price  wrote:
>>
>> mte_sync_tags() used test_and_set_bit() to set the PG_mte_tagged flag
>> before restoring/zeroing the MTE tags. However if another thread were to
>> race and attempt to sync the tags on the same page before the first
>> thread had completed restoring/zeroing then it would see the flag is
>> already set and continue without waiting. This would potentially expose
>> the previous contents of the tags to user space, and cause any updates
>> that user space makes before the restoring/zeroing has completed to
>> potentially be lost.
>>
>> Since this code is run from atomic contexts we can't just lock the page
>> during the process. Instead implement a new (global) spinlock to protect
>> the mte_sync_page_tags() function.
>>
>> Fixes: 34bfeea4a9e9 ("arm64: mte: Clear the tags when a page is mapped in 
>> user-space with PROT_MTE")
>> Signed-off-by: Steven Price 
>> ---
>> ---
>>  arch/arm64/kernel/mte.c | 21 ++---
>>  1 file changed, 18 insertions(+), 3 deletions(-)
>>
>> diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
>> index 125a10e413e9..c88e778c2fa9 100644
>> --- a/arch/arm64/kernel/mte.c
>> +++ b/arch/arm64/kernel/mte.c
>> @@ -25,6 +25,7 @@
>>  u64 gcr_kernel_excl __ro_after_init;
>>  
>>  static bool report_fault_once = true;
>> +static spinlock_t tag_sync_lock;
> 
> What initialises this spinlock? Have you tried this with lockdep? I'd
> expect it to be defined with DEFINE_SPINLOCK(), which always does the
> right thing.

You of course are absolute right, and this will blow up with lockdep.
Sorry about that. DEFINE_SPINLOCK() solves the problem.

Thanks,

Steve

[PATCH v3 5/5] blkdebug: protect rules and suspended_reqs with a lock

[Emanuele Giuseppe Esposito]

Co-developed-by: Paolo Bonzini 
Signed-off-by: Emanuele Giuseppe Esposito 
---
 block/blkdebug.c | 53 
 1 file changed, 40 insertions(+), 13 deletions(-)

diff --git a/block/blkdebug.c b/block/blkdebug.c
index dffd869b32..cf8b088ce7 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -54,6 +54,7 @@ typedef struct BDRVBlkdebugState {
 /* For blkdebug_refresh_filename() */
 char *config_file;
 
+QemuMutex lock;
 QLIST_HEAD(, BlkdebugRule) rules[BLKDBG__MAX];
 QSIMPLEQ_HEAD(, BlkdebugRule) active_rules;
 QLIST_HEAD(, BlkdebugSuspendedReq) suspended_reqs;
@@ -245,7 +246,9 @@ static int add_rule(void *opaque, QemuOpts *opts, Error 
**errp)
 };
 
 /* Add the rule */
+qemu_mutex_lock(&s->lock);
 QLIST_INSERT_HEAD(&s->rules[event], rule, next);
+qemu_mutex_unlock(&s->lock);
 
 return 0;
 }
@@ -468,6 +471,7 @@ static int blkdebug_open(BlockDriverState *bs, QDict 
*options, int flags,
 int ret;
 uint64_t align;
 
+qemu_mutex_init(&s->lock);
 opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort);
 if (!qemu_opts_absorb_qdict(opts, options, errp)) {
 ret = -EINVAL;
@@ -568,6 +572,7 @@ static int blkdebug_open(BlockDriverState *bs, QDict 
*options, int flags,
 ret = 0;
 out:
 if (ret < 0) {
+qemu_mutex_destroy(&s->lock);
 g_free(s->config_file);
 }
 qemu_opts_del(opts);
@@ -582,6 +587,7 @@ static int rule_check(BlockDriverState *bs, uint64_t 
offset, uint64_t bytes,
 int error;
 bool immediately;
 
+qemu_mutex_lock(&s->lock);
 QSIMPLEQ_FOREACH(rule, &s->active_rules, active_next) {
 uint64_t inject_offset = rule->options.inject.offset;
 
@@ -595,6 +601,7 @@ static int rule_check(BlockDriverState *bs, uint64_t 
offset, uint64_t bytes,
 }
 
 if (!rule || !rule->options.inject.error) {
+qemu_mutex_unlock(&s->lock);
 return 0;
 }
 
@@ -606,6 +613,7 @@ static int rule_check(BlockDriverState *bs, uint64_t 
offset, uint64_t bytes,
 remove_rule(rule);
 }
 
+qemu_mutex_unlock(&s->lock);
 if (!immediately) {
 aio_co_schedule(qemu_get_current_aio_context(), qemu_coroutine_self());
 qemu_coroutine_yield();
@@ -771,8 +779,10 @@ static void blkdebug_close(BlockDriverState *bs)
 }
 
 g_free(s->config_file);
+qemu_mutex_destroy(&s->lock);
 }
 
+/* Called with lock held.  */
 static void suspend_request(BlockDriverState *bs, BlkdebugRule *rule)
 {
 BDRVBlkdebugState *s = bs->opaque;
@@ -791,6 +801,7 @@ static void suspend_request(BlockDriverState *bs, 
BlkdebugRule *rule)
 }
 }
 
+/* Called with lock held.  */
 static void process_rule(BlockDriverState *bs, struct BlkdebugRule *rule,
  int *action_count)
 {
@@ -829,9 +840,11 @@ static void blkdebug_debug_event(BlockDriverState *bs, 
BlkdebugEvent event)
 
 assert((int)event >= 0 && event < BLKDBG__MAX);
 
-s->new_state = s->state;
-QLIST_FOREACH_SAFE(rule, &s->rules[event], next, next) {
-process_rule(bs, rule, actions_count);
+WITH_QEMU_LOCK_GUARD(&s->lock) {
+s->new_state = s->state;
+QLIST_FOREACH_SAFE(rule, &s->rules[event], next, next) {
+process_rule(bs, rule, actions_count);
+}
 }
 
 while (actions_count[ACTION_SUSPEND] > 0) {
@@ -839,7 +852,9 @@ static void blkdebug_debug_event(BlockDriverState *bs, 
BlkdebugEvent event)
 actions_count[ACTION_SUSPEND]--;
 }
 
+qemu_mutex_lock(&s->lock);
 s->state = s->new_state;
+qemu_mutex_unlock(&s->lock);
 }
 
 static int blkdebug_debug_breakpoint(BlockDriverState *bs, const char *event,
@@ -862,11 +877,14 @@ static int blkdebug_debug_breakpoint(BlockDriverState 
*bs, const char *event,
 .options.suspend.tag = g_strdup(tag),
 };
 
+qemu_mutex_lock(&s->lock);
 QLIST_INSERT_HEAD(&s->rules[blkdebug_event], rule, next);
+qemu_mutex_unlock(&s->lock);
 
 return 0;
 }
 
+/* Called with lock held.  */
 static int resume_req_by_tag(BDRVBlkdebugState *s, const char *tag, bool all)
 {
 BlkdebugSuspendedReq *r;
@@ -884,7 +902,9 @@ retry:
 g_free(r->tag);
 g_free(r);
 
+qemu_mutex_unlock(&s->lock);
 qemu_coroutine_enter(co);
+qemu_mutex_lock(&s->lock);
 
 if (all) {
 goto retry;
@@ -898,8 +918,12 @@ retry:
 static int blkdebug_debug_resume(BlockDriverState *bs, const char *tag)
 {
 BDRVBlkdebugState *s = bs->opaque;
+int rc;
 
-return resume_req_by_tag(s, tag, false);
+qemu_mutex_lock(&s->lock);
+rc = resume_req_by_tag(s, tag, false);
+qemu_mutex_unlock(&s->lock);
+return rc;
 }
 
 static int blkdebug_debug_remove_breakpoint(BlockDriverState *bs,
@@ -909,17 +933,19 @@ static int 
blkdebug_debug_remove_breakpoint(BlockDriverState *bs,
 BlkdebugRule *rule, *next;
 int i, ret = -ENOENT;
 
-for (i = 0; i < BLKDBG__MA