Re: Help adding package to gitlab runners

[Thomas Huth]

On 13/09/2021 03.14, Jag Raman wrote:

Hi,

I'm wondering about the best way to install a dependency package on
GitLab runners.

I'm adding libvfio-user [1] as a submodule to QEMU. libvfio-user depends
on the availability of the "json-c" package. As such, we need to install this
package to build the library as part of QEMU.

I saw that we could add a "before_script" section to the jobs in
".gitlab-ci.d/buildtest.yml" - this section could have commands to install the
"json-c" package before running the job. However, this option is specific to
a job.

I wonder if there is a way to do this for all jobs. I saw that
"scripts/ci/setup/build-environment.yml" has a list of packages needed to
build QEMU - this one seems Ubuntu-specific.

How long does it take for changes made to this file (build-environment.yml)
to propagate? Are all QEMU's GitLab runners Ubuntu-based?


No, this file (build-environment.yml) is only used to prepare the non-shared 
custom runners (see .gitlab-ci.d/custom-runners.yml), which only run on the 
staging branch of the qemu-project (or if you supply your own non-x86 runners).


I think in your case, you likely want to modify the shared runners instead. 
For this, we're using containers that are prepared in the first two stages 
of the CI pipelines. You can modify the container definitions in 
tests/docker/dockerfiles/. Once you add your package there, it should get 
used directly the next time you push a branch with the modification to gitlab.


 HTH,
  Thomas

Re: [PATCH] hw/nvme: Return error for fused operations

[Klaus Jensen]

On Sep 10 16:50, Pankaj Raghav wrote:
> Currently, FUSED operations are not supported by QEMU. As per the 1.4 SPEC,
> controller should abort the command that requested a fused operation with 
> an INVALID FIELD error code if they are not supported.
> 
> 
> Signed-off-by: Pankaj Raghav 
> ---
>  hw/nvme/ctrl.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c
> index dc0e7b0030..d15a80a054 100644
> --- a/hw/nvme/ctrl.c
> +++ b/hw/nvme/ctrl.c
> @@ -3893,6 +3893,10 @@ static uint16_t nvme_io_cmd(NvmeCtrl *n, NvmeRequest 
> *req)
>  return ns->status;
>  }
>  
> +if (NVME_CMD_FLAGS_FUSE(req->cmd.flags)) {
> +return NVME_INVALID_FIELD;
> +}
> +
>  req->ns = ns;
>  
>  switch (req->cmd.opcode) {
> -- 
> 2.25.1
> 

I think this should be done in nvme_admin_cmd() as well?

You could hoist this to nvme_process_sq(), but I don't think it belongs
there. So better to just copy it.


signature.asc
Description: PGP signature

Re: [PATCH] qapi: define cleanup function for g_autoptr(Error)

[Markus Armbruster]

Paolo Bonzini  writes:

> Allow replacing calls to error_free() with g_autoptr(Error)
> declarations.
>
> Signed-off-by: Paolo Bonzini 
> ---
>  include/qapi/error.h | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/include/qapi/error.h b/include/qapi/error.h
> index 4a9260b0cc..8564657baf 100644
> --- a/include/qapi/error.h
> +++ b/include/qapi/error.h
> @@ -437,6 +437,8 @@ Error *error_copy(const Error *err);
>   */
>  void error_free(Error *err);
>  
> +G_DEFINE_AUTOPTR_CLEANUP_FUNC(Error, error_free);
> +
>  /*
>   * Convenience function to assert that *@errp is set, then silently free it.
>   */

I'd like to see at least one actual use.

Re: [PATCH] docs: link to archived Fedora code of conduct

[Markus Armbruster]

Paolo Bonzini  writes:

> Fedora has switched to a different CoC.  QEMU's own code of conduct
> is based on the previous version and cites it as a source.  Replace
> the link with one to the Wayback Machine.
>
> Signed-off-by: Paolo Bonzini 
> ---
>  docs/devel/code-of-conduct.rst | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/docs/devel/code-of-conduct.rst b/docs/devel/code-of-conduct.rst
> index 277b5250d1..195444d1b4 100644
> --- a/docs/devel/code-of-conduct.rst
> +++ b/docs/devel/code-of-conduct.rst
> @@ -55,6 +55,6 @@ Sources
>  ---
>  
>  This document is based on the `Fedora Code of Conduct
> -`__ and the
> -`Contributor Covenant version 1.3.0
> +`__
> +(as of April 2021) and the `Contributor Covenant version 1.3.0
>  `__.

Reviewed-by: Markus Armbruster 

Re: [PATCH 1/2] vfio/pci: Fix vfio-pci sub-page MMIO BAR mmaping in live migration

[Kunkun Jiang]

On 2021/9/11 6:24, Alex Williamson wrote:

On Fri, 10 Sep 2021 16:33:12 +0800
Kunkun Jiang  wrote:


Hi Alex,

On 2021/9/9 4:45, Alex Williamson wrote:

On Fri, 3 Sep 2021 17:36:10 +0800
Kunkun Jiang  wrote:
  

We expand MemoryRegions of vfio-pci sub-page MMIO BARs to
vfio_pci_write_config to improve IO performance.
The MemoryRegions of destination VM will not be expanded
successful in live migration, because their addresses have
been updated in vmstate_load_state (vfio_pci_load_config).

What's the call path through vfio_pci_write_config() that you're
relying on to get triggered to enable this and why wouldn't we just
walk all sub-page BARs in vfio_pci_load_config() to resolve the issue
then?  It's my understanding that we do this update in write-config
because it's required that the VM sizes the BAR before using it, which
is not the case when we resume from migration.  Thanks,

Let's take an example:

AArch64
host page granularity: 64KB
PCI device: *Bar2 size 32KB* [mem 0x800020-0x800020 64bit pref]

When enable Command register bit 1(Memory Space), the code flow is
as follows:

vfio_pci_write_config (addr: 4 val: 2 len: 2)
      // record the old address of each bar, 0x
      old_addr[bar] = pdev->io_regions[bar].addr;
      pci_default_write_config
      pci_update_mappings
      new_addr = pci_bar_address    // 0x800020
      r->addr = new_addr;
      memory_region_addr_subregion_overlap
      ...
*vfio_listener_region_add*
      alignment check of the ram section address and size
fail, return
*kvm_region_add*
      kvm_set_phys_mem
      alignment check of the ram section address and
size fail, return

      // old_addr[bar] != pdev->io_regions[bar].addr &&
      // 0 < vdev->bars[bar].region.size < qemu_real_host_page_size
      vfio_sub_page_bar_update_mapping
*bar size = qemu_real_host_page_size*
      ...
      vfio_listener_region_add
      map success
      kvm_region_add
      kvm_set_phys_mem
      map success

In live migration, only pci config data is sent to the destination VM.
Therefore, we need to update the bar's size before destination VM
using it.

In vfio_pci_load_config, the code flow is as follows:

vfio_pci_load_config
      vmstate_load_state
      *get_pci_config_device*
      pci_update_mappings
      ...
      // bar's addr is updated(0x800020), but bar's size
is still 32KB, so map failed
      vfio_pci_write_config
      // bar's addr will not be changed, so
vfio_sub_page_bar_update_mapping won't be called

My idea is that removing the check 'old_addr[bar] !=
pdev->io_regions[bar].addr' doesn't
affect the previous process. There's also a bar size check. In
vfio_sub_page_bar_update_mapping,
it will check if bar is mapped and page aligned.
1) If bar's addr is 0x, it will not pass the
vfio_sub_page_bar_update_mapping check.
2) If bar's size has been updated, it will not pass the bar size check
in vfio_pci_write_config.

The bar size check in vfio_pci_write_config() only tests if the vfio
region is >0 and bars[bar].region.size == qemu_real_host_page_size) once we setup
the sub-page support, I'm not convinced that's true.

So yes, sub-page-update can reject invalid addresses and we already
rely on it to do so, but the code being removed avoids that redundant
writes to the BAR won't trigger redundant MemoryRegion manipulation.
Maybe those are harmless, but that's not your argument for allowing it.

OTOH, why wouldn't vfio_pci_load_config() iterate sub-page BARs and try
to update them at that time?  Thanks,

Like this? I've tested it, and it's okay.

vfio_pci_load_config
{
 for (bar = 0; bar < PCI_ROM_SLOT; bar++) {
     if (old_addr[bar] != pdev->io_regions[bar].addr &&
 vdev->bars[bar].region.size > 0 &&
 vdev->bars[bar].region.size < qemu_real_host_page_size) {
 vfio_sub_page_bar_update_mapping(pdev, bar);
 }
 }
}


Thanks,
Kunkun Jiang


Alex


 

Remove the restriction on base address change in
vfio_pci_write_config for correct mmapping sub-page MMIO
BARs. Accroding to my analysis, the remaining parameter
verification is enough.

Fixes: c5e2fb3ce4d (vfio: Add save and load functions for VFIO PCI devices)
Reported-by: Nianyao Tang 
Reported-by: Qixin Gan 
Signed-off-by: Kunkun Jiang 
---
   hw/vfio/pci.c | 8 +---
   1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index e1ea1d8a23..891b211ddf 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -1189,18 +1189,12 @@ void vfio_pci_write_config(PCIDevice *pdev,
   }
   } else if (ranges_overlap(addr, len, PCI_BASE_ADDRESS_0, 24) ||
   range_covers_byte(addr, len, PCI_COMMAND)) {
-pcibus_t old_addr[PCI_NUM_REGIONS - 1];
   int bar;
   
-for (bar 

Help adding package to gitlab runners

[Jag Raman]

Hi,

I'm wondering about the best way to install a dependency package on
GitLab runners.

I'm adding libvfio-user [1] as a submodule to QEMU. libvfio-user depends
on the availability of the "json-c" package. As such, we need to install this
package to build the library as part of QEMU.

I saw that we could add a "before_script" section to the jobs in
".gitlab-ci.d/buildtest.yml" - this section could have commands to install the
"json-c" package before running the job. However, this option is specific to
a job.

I wonder if there is a way to do this for all jobs. I saw that
"scripts/ci/setup/build-environment.yml" has a list of packages needed to
build QEMU - this one seems Ubuntu-specific.

How long does it take for changes made to this file (build-environment.yml)
to propagate? Are all QEMU's GitLab runners Ubuntu-based?

Thank you very much!
--
Jag

[1]: https://github.com/nutanix/libvfio-user

[PATCH v9 11/11] hvf: arm: Adhere to SMCCC 1.3 section 5.2

[Alexander Graf]

The SMCCC 1.3 spec section 5.2 says

  The Unknown SMC Function Identifier is a sign-extended value of (-1)
  that is returned in the R0, W0 or X0 registers. An implementation must
  return this error code when it receives:

* An SMC or HVC call with an unknown Function Identifier
* An SMC or HVC call for a removed Function Identifier
* An SMC64/HVC64 call from AArch32 state

To comply with these statements, let's always return -1 when we encounter
an unknown HVC or SMC call.

Signed-off-by: Alexander Graf 

---

v7 -> v8:

  - fix checkpatch

v8 -> v9:

  - Remove Windows specifics and just comply with SMCCC spec
---
 target/arm/hvf/hvf.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index b62cfa3976..6a7ccfa91e 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -1177,7 +1177,8 @@ int hvf_vcpu_exec(CPUState *cpu)
 cpu_synchronize_state(cpu);
 if (hvf_handle_psci_call(cpu)) {
 trace_hvf_unknown_hvf(env->xregs[0]);
-hvf_raise_exception(cpu, EXCP_UDEF, syn_uncategorized());
+/* SMCCC 1.3 section 5.2 says every unknown HVC call returns -1 */
+env->xregs[0] = -1;
 }
 break;
 case EC_AA64_SMC:
@@ -1186,7 +1187,9 @@ int hvf_vcpu_exec(CPUState *cpu)
 advance_pc = true;
 } else {
 trace_hvf_unknown_smc(env->xregs[0]);
-hvf_raise_exception(cpu, EXCP_UDEF, syn_uncategorized());
+/* SMCCC 1.3 section 5.2 says every unknown SMC call returns -1 */
+env->xregs[0] = -1;
+advance_pc = true;
 }
 break;
 default:
-- 
2.30.1 (Apple Git-130)

[PATCH v9 08/11] arm: Add Hypervisor.framework build target

[Alexander Graf]

Now that we have all logic in place that we need to handle Hypervisor.framework
on Apple Silicon systems, let's add CONFIG_HVF for aarch64 as well so that we
can build it.

Signed-off-by: Alexander Graf 
Reviewed-by: Roman Bolshakov 
Tested-by: Roman Bolshakov  (x86 only)
Reviewed-by: Peter Maydell 
Reviewed-by: Sergio Lopez 

---

v1 -> v2:

  - Fix build on 32bit arm

v3 -> v4:

  - Remove i386-softmmu target

v6 -> v7:

  - Simplify HVF matching logic in meson build file
---
 meson.build| 7 +++
 target/arm/hvf/meson.build | 3 +++
 target/arm/meson.build | 2 ++
 3 files changed, 12 insertions(+)
 create mode 100644 target/arm/hvf/meson.build

diff --git a/meson.build b/meson.build
index a3e9b95846..cf91256c9a 100644
--- a/meson.build
+++ b/meson.build
@@ -77,6 +77,13 @@ else
 endif
 
 accelerator_targets = { 'CONFIG_KVM': kvm_targets }
+
+if cpu in ['aarch64']
+  accelerator_targets += {
+'CONFIG_HVF': ['aarch64-softmmu']
+  }
+endif
+
 if cpu in ['x86', 'x86_64', 'arm', 'aarch64']
   # i368 emulator provides xenpv machine type for multiple architectures
   accelerator_targets += {
diff --git a/target/arm/hvf/meson.build b/target/arm/hvf/meson.build
new file mode 100644
index 00..855e6cce5a
--- /dev/null
+++ b/target/arm/hvf/meson.build
@@ -0,0 +1,3 @@
+arm_softmmu_ss.add(when: [hvf, 'CONFIG_HVF'], if_true: files(
+  'hvf.c',
+))
diff --git a/target/arm/meson.build b/target/arm/meson.build
index 25a02bf276..50f152214a 100644
--- a/target/arm/meson.build
+++ b/target/arm/meson.build
@@ -60,5 +60,7 @@ arm_softmmu_ss.add(files(
   'psci.c',
 ))
 
+subdir('hvf')
+
 target_arch += {'arm': arm_ss}
 target_softmmu_arch += {'arm': arm_softmmu_ss}
-- 
2.30.1 (Apple Git-130)

[PATCH v9 07/11] hvf: arm: Implement PSCI handling

[Alexander Graf]

We need to handle PSCI calls. Most of the TCG code works for us,
but we can simplify it to only handle aa64 mode and we need to
handle SUSPEND differently.

This patch takes the TCG code as template and duplicates it in HVF.

To tell the guest that we support PSCI 0.2 now, update the check in
arm_cpu_initfn() as well.

Signed-off-by: Alexander Graf 
Reviewed-by: Sergio Lopez 

---

v6 -> v7:

  - This patch integrates "arm: Set PSCI to 0.2 for HVF"

v7 -> v8:

  - Do not advance for HVC, PC is already updated by hvf
  - Fix checkpatch error

v8 -> v9:

  - Use new hvf_raise_exception() prototype
  - Make cpu_off function void
  - Add comment about return value, use -1 for "not found"
  - Remove cpu_synchronize_state() when halted
---
 target/arm/cpu.c|   4 +-
 target/arm/hvf/hvf.c| 127 ++--
 target/arm/hvf/trace-events |   1 +
 3 files changed, 126 insertions(+), 6 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 551b15243d..c111b2ee32 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1093,8 +1093,8 @@ static void arm_cpu_initfn(Object *obj)
 cpu->psci_version = 1; /* By default assume PSCI v0.1 */
 cpu->kvm_target = QEMU_KVM_ARM_TARGET_NONE;
 
-if (tcg_enabled()) {
-cpu->psci_version = 2; /* TCG implements PSCI 0.2 */
+if (tcg_enabled() || hvf_enabled()) {
+cpu->psci_version = 2; /* TCG and HVF implement PSCI 0.2 */
 }
 }
 
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index 04da0dd4db..20d795366a 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -25,6 +25,7 @@
 #include "hw/irq.h"
 #include "qemu/main-loop.h"
 #include "sysemu/cpus.h"
+#include "arm-powerctl.h"
 #include "target/arm/cpu.h"
 #include "target/arm/internals.h"
 #include "trace/trace-target_arm_hvf.h"
@@ -48,6 +49,8 @@
 #define TMR_CTL_IMASK   (1 << 1)
 #define TMR_CTL_ISTATUS (1 << 2)
 
+static void hvf_wfi(CPUState *cpu);
+
 typedef struct HVFVTimer {
 /* Vtimer value during migration and paused state */
 uint64_t vtimer_val;
@@ -584,6 +587,116 @@ static void hvf_raise_exception(CPUState *cpu, uint32_t 
excp,
 arm_cpu_do_interrupt(cpu);
 }
 
+static void hvf_psci_cpu_off(ARMCPU *arm_cpu)
+{
+int32_t ret = arm_set_cpu_off(arm_cpu->mp_affinity);
+assert(ret == QEMU_ARM_POWERCTL_RET_SUCCESS);
+}
+
+/*
+ * Handle a PSCI call.
+ *
+ * Returns 0 on success
+ * -1 when the PSCI call is unknown,
+ */
+static int hvf_handle_psci_call(CPUState *cpu)
+{
+ARMCPU *arm_cpu = ARM_CPU(cpu);
+CPUARMState *env = _cpu->env;
+uint64_t param[4] = {
+env->xregs[0],
+env->xregs[1],
+env->xregs[2],
+env->xregs[3]
+};
+uint64_t context_id, mpidr;
+bool target_aarch64 = true;
+CPUState *target_cpu_state;
+ARMCPU *target_cpu;
+target_ulong entry;
+int target_el = 1;
+int32_t ret = 0;
+
+trace_hvf_psci_call(param[0], param[1], param[2], param[3],
+arm_cpu->mp_affinity);
+
+switch (param[0]) {
+case QEMU_PSCI_0_2_FN_PSCI_VERSION:
+ret = QEMU_PSCI_0_2_RET_VERSION_0_2;
+break;
+case QEMU_PSCI_0_2_FN_MIGRATE_INFO_TYPE:
+ret = QEMU_PSCI_0_2_RET_TOS_MIGRATION_NOT_REQUIRED; /* No trusted OS */
+break;
+case QEMU_PSCI_0_2_FN_AFFINITY_INFO:
+case QEMU_PSCI_0_2_FN64_AFFINITY_INFO:
+mpidr = param[1];
+
+switch (param[2]) {
+case 0:
+target_cpu_state = arm_get_cpu_by_id(mpidr);
+if (!target_cpu_state) {
+ret = QEMU_PSCI_RET_INVALID_PARAMS;
+break;
+}
+target_cpu = ARM_CPU(target_cpu_state);
+
+ret = target_cpu->power_state;
+break;
+default:
+/* Everything above affinity level 0 is always on. */
+ret = 0;
+}
+break;
+case QEMU_PSCI_0_2_FN_SYSTEM_RESET:
+qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
+/* QEMU reset and shutdown are async requests, but PSCI
+ * mandates that we never return from the reset/shutdown
+ * call, so power the CPU off now so it doesn't execute
+ * anything further.
+ */
+hvf_psci_cpu_off(arm_cpu);
+break;
+case QEMU_PSCI_0_2_FN_SYSTEM_OFF:
+qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
+hvf_psci_cpu_off(arm_cpu);
+break;
+case QEMU_PSCI_0_1_FN_CPU_ON:
+case QEMU_PSCI_0_2_FN_CPU_ON:
+case QEMU_PSCI_0_2_FN64_CPU_ON:
+mpidr = param[1];
+entry = param[2];
+context_id = param[3];
+ret = arm_set_cpu_on(mpidr, entry, context_id,
+ target_el, target_aarch64);
+break;
+case QEMU_PSCI_0_1_FN_CPU_OFF:
+case QEMU_PSCI_0_2_FN_CPU_OFF:
+hvf_psci_cpu_off(arm_cpu);
+break;
+case QEMU_PSCI_0_1_FN_CPU_SUSPEND:
+case QEMU_PSCI_0_2_FN_CPU_SUSPEND:
+

[PATCH v9 04/11] hvf: Add Apple Silicon support

[Alexander Graf]

With Apple Silicon available to the masses, it's a good time to add support
for driving its virtualization extensions from QEMU.

This patch adds all necessary architecture specific code to get basic VMs
working. It's still pretty raw, but definitely functional.

Known limitations:

  - Vtimer acknowledgement is hacky
  - Should implement more sysregs and fault on invalid ones then
  - WFI handling is missing, need to marry it with vtimer

Signed-off-by: Alexander Graf 
Reviewed-by: Roman Bolshakov 
Reviewed-by: Sergio Lopez 

---

v1 -> v2:

  - Merge vcpu kick function patch
  - Implement WFI handling (allows vCPUs to sleep)
  - Synchronize system registers (fixes OVMF crashes and reboot)
  - Don't always call cpu_synchronize_state()
  - Use more fine grained iothread locking
  - Populate aa64mmfr0 from hardware

v2 -> v3:

  - Advance PC on SMC
  - Use cp list interface for sysreg syncs
  - Do not set current_cpu
  - Fix sysreg isread mask
  - Move sysreg handling to functions
  - Remove WFI logic again
  - Revert to global iothread locking
  - Use Hypervisor.h on arm, hv.h does not contain aarch64 definitions

v3 -> v4:

  - No longer include Hypervisor.h

v5 -> v6:

  - Swap sysreg definition order. This way we're in line with asm outputs.

v6 -> v7:

  - Remove osdep.h include from hvf_int.h
  - Synchronize SIMD registers as well
  - Prepend 0x for hex values
  - Convert DPRINTF to trace points
  - Use main event loop (fixes gdbstub issues)
  - Remove PSCI support, inject UDEF on HVC/SMC
  - Change vtimer logic to look at ctl.istatus for vtimer mask sync
  - Add kick callback again (fixes remote CPU notification)

v7 -> v8:

  - Fix checkpatch errors

v8 -> v9:

  - Make kick function non-weak
  - Use arm_cpu_do_interrupt()
  - Remove CNTPCT_EL0 write case
  - Inject UDEF on invalid sysreg access
  - Add support for OS locking sysregs
  - Remove PMCCNTR_EL0 handling
  - Print PC on unhandled sysreg trace
  - Sync SP (x31) based on SP_EL0/SP_EL1
  - Fix SPSR_EL1 mapping
  - Only sync known sysregs, assert when syncing fails
  - Improve error message on unhandled ec
  - Move vtimer sync to post-exit (fixes disable corner case from
kvm-unit-tests)
  - Add vtimer offset, migration and pause logic
  - Flush registers only after EXCP checkers (fixes PSCI on race)
---
 MAINTAINERS |   5 +
 accel/hvf/hvf-accel-ops.c   |   9 +
 include/sysemu/hvf_int.h|  10 +-
 meson.build |   1 +
 target/arm/hvf/hvf.c| 793 
 target/arm/hvf/trace-events |  10 +
 target/i386/hvf/hvf.c   |   5 +
 7 files changed, 832 insertions(+), 1 deletion(-)
 create mode 100644 target/arm/hvf/hvf.c
 create mode 100644 target/arm/hvf/trace-events

diff --git a/MAINTAINERS b/MAINTAINERS
index 6c20634d63..d7915ec128 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -433,6 +433,11 @@ F: accel/accel-*.c
 F: accel/Makefile.objs
 F: accel/stubs/Makefile.objs
 
+Apple Silicon HVF CPUs
+M: Alexander Graf 
+S: Maintained
+F: target/arm/hvf/
+
 X86 HVF CPUs
 M: Cameron Esfahani 
 M: Roman Bolshakov 
diff --git a/accel/hvf/hvf-accel-ops.c b/accel/hvf/hvf-accel-ops.c
index 65d431868f..4f75927a8e 100644
--- a/accel/hvf/hvf-accel-ops.c
+++ b/accel/hvf/hvf-accel-ops.c
@@ -60,6 +60,10 @@
 
 HVFState *hvf_state;
 
+#ifdef __aarch64__
+#define HV_VM_DEFAULT NULL
+#endif
+
 /* Memory slots */
 
 hvf_slot *hvf_find_overlap_slot(uint64_t start, uint64_t size)
@@ -376,7 +380,11 @@ static int hvf_init_vcpu(CPUState *cpu)
 pthread_sigmask(SIG_BLOCK, NULL, );
 sigdelset(, SIG_IPI);
 
+#ifdef __aarch64__
+r = hv_vcpu_create(>hvf->fd, (hv_vcpu_exit_t **)>hvf->exit, 
NULL);
+#else
 r = hv_vcpu_create((hv_vcpuid_t *)>hvf->fd, HV_VCPU_DEFAULT);
+#endif
 cpu->vcpu_dirty = 1;
 assert_hvf_ok(r);
 
@@ -452,6 +460,7 @@ static void hvf_accel_ops_class_init(ObjectClass *oc, void 
*data)
 AccelOpsClass *ops = ACCEL_OPS_CLASS(oc);
 
 ops->create_vcpu_thread = hvf_start_vcpu_thread;
+ops->kick_vcpu_thread = hvf_kick_vcpu_thread;
 
 ops->synchronize_post_reset = hvf_cpu_synchronize_post_reset;
 ops->synchronize_post_init = hvf_cpu_synchronize_post_init;
diff --git a/include/sysemu/hvf_int.h b/include/sysemu/hvf_int.h
index 0466106d16..7c245c7b11 100644
--- a/include/sysemu/hvf_int.h
+++ b/include/sysemu/hvf_int.h
@@ -11,7 +11,11 @@
 #ifndef HVF_INT_H
 #define HVF_INT_H
 
+#ifdef __aarch64__
+#include 
+#else
 #include 
+#endif
 
 /* hvf_slot flags */
 #define HVF_SLOT_LOG (1 << 0)
@@ -40,11 +44,14 @@ struct HVFState {
 int num_slots;
 
 hvf_vcpu_caps *hvf_caps;
+uint64_t vtimer_offset;
 };
 extern HVFState *hvf_state;
 
 struct hvf_vcpu_state {
-int fd;
+uint64_t fd;
+void *exit;
+bool vtimer_masked;
 };
 
 void assert_hvf_ok(hv_return_t ret);
@@ -55,5 +62,6 @@ int hvf_vcpu_exec(CPUState *);
 hvf_slot *hvf_find_overlap_slot(uint64_t, uint64_t);
 int hvf_put_registers(CPUState *);
 int hvf_get_registers(CPUState *);
+void 

[PATCH v9 10/11] arm: tcg: Adhere to SMCCC 1.3 section 5.2

[Alexander Graf]

The SMCCC 1.3 spec section 5.2 says

  The Unknown SMC Function Identifier is a sign-extended value of (-1)
  that is returned in the R0, W0 or X0 registers. An implementation must
  return this error code when it receives:

* An SMC or HVC call with an unknown Function Identifier
* An SMC or HVC call for a removed Function Identifier
* An SMC64/HVC64 call from AArch32 state

To comply with these statements, let's always return -1 when we encounter
an unknown HVC or SMC call.

Signed-off-by: Alexander Graf 

---

v8 -> v9:

  - Remove Windows specifics and just comply with SMCCC spec
---
 target/arm/psci.c | 26 ++
 1 file changed, 2 insertions(+), 24 deletions(-)

diff --git a/target/arm/psci.c b/target/arm/psci.c
index 6709e28013..bee4aa8825 100644
--- a/target/arm/psci.c
+++ b/target/arm/psci.c
@@ -35,7 +35,6 @@ bool arm_is_psci_call(ARMCPU *cpu, int excp_type)
  * to EL2 or to EL3).
  */
 CPUARMState *env = >env;
-uint64_t param = is_a64(env) ? env->xregs[0] : env->regs[0];
 
 switch (excp_type) {
 case EXCP_HVC:
@@ -52,27 +51,7 @@ bool arm_is_psci_call(ARMCPU *cpu, int excp_type)
 return false;
 }
 
-switch (param) {
-case QEMU_PSCI_0_2_FN_PSCI_VERSION:
-case QEMU_PSCI_0_2_FN_MIGRATE_INFO_TYPE:
-case QEMU_PSCI_0_2_FN_AFFINITY_INFO:
-case QEMU_PSCI_0_2_FN64_AFFINITY_INFO:
-case QEMU_PSCI_0_2_FN_SYSTEM_RESET:
-case QEMU_PSCI_0_2_FN_SYSTEM_OFF:
-case QEMU_PSCI_0_1_FN_CPU_ON:
-case QEMU_PSCI_0_2_FN_CPU_ON:
-case QEMU_PSCI_0_2_FN64_CPU_ON:
-case QEMU_PSCI_0_1_FN_CPU_OFF:
-case QEMU_PSCI_0_2_FN_CPU_OFF:
-case QEMU_PSCI_0_1_FN_CPU_SUSPEND:
-case QEMU_PSCI_0_2_FN_CPU_SUSPEND:
-case QEMU_PSCI_0_2_FN64_CPU_SUSPEND:
-case QEMU_PSCI_0_1_FN_MIGRATE:
-case QEMU_PSCI_0_2_FN_MIGRATE:
-return true;
-default:
-return false;
-}
+return true;
 }
 
 void arm_handle_psci_call(ARMCPU *cpu)
@@ -194,10 +173,9 @@ void arm_handle_psci_call(ARMCPU *cpu)
 break;
 case QEMU_PSCI_0_1_FN_MIGRATE:
 case QEMU_PSCI_0_2_FN_MIGRATE:
+default:
 ret = QEMU_PSCI_RET_NOT_SUPPORTED;
 break;
-default:
-g_assert_not_reached();
 }
 
 err:
-- 
2.30.1 (Apple Git-130)

[PATCH v9 06/11] hvf: arm: Implement -cpu host

[Alexander Graf]

Now that we have working system register sync, we push more target CPU
properties into the virtual machine. That might be useful in some
situations, but is not the typical case that users want.

So let's add a -cpu host option that allows them to explicitly pass all
CPU capabilities of their host CPU into the guest.

Signed-off-by: Alexander Graf 
Acked-by: Roman Bolshakov 
Reviewed-by: Sergio Lopez 

---

v6 -> v7:

  - Move function define to own header
  - Do not propagate SVE features for HVF
  - Remove stray whitespace change
  - Verify that EL0 and EL1 do not allow AArch32 mode
  - Only probe host CPU features once

v8 -> v9:

  - Zero-initialize host_isar
  - Use M1 SCTLR reset value
---
 target/arm/cpu.c |  9 --
 target/arm/cpu.h |  2 ++
 target/arm/hvf/hvf.c | 76 
 target/arm/hvf_arm.h | 19 +++
 target/arm/kvm_arm.h |  2 --
 5 files changed, 104 insertions(+), 4 deletions(-)
 create mode 100644 target/arm/hvf_arm.h

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index d631c4683c..551b15243d 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -39,6 +39,7 @@
 #include "sysemu/tcg.h"
 #include "sysemu/hw_accel.h"
 #include "kvm_arm.h"
+#include "hvf_arm.h"
 #include "disas/capstone.h"
 #include "fpu/softfloat.h"
 
@@ -2058,15 +2059,19 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
*data)
 #endif /* CONFIG_TCG */
 }
 
-#ifdef CONFIG_KVM
+#if defined(CONFIG_KVM) || defined(CONFIG_HVF)
 static void arm_host_initfn(Object *obj)
 {
 ARMCPU *cpu = ARM_CPU(obj);
 
+#ifdef CONFIG_KVM
 kvm_arm_set_cpu_features_from_host(cpu);
 if (arm_feature(>env, ARM_FEATURE_AARCH64)) {
 aarch64_add_sve_properties(obj);
 }
+#else
+hvf_arm_set_cpu_features_from_host(cpu);
+#endif
 arm_cpu_post_init(obj);
 }
 
@@ -2126,7 +2131,7 @@ static void arm_cpu_register_types(void)
 {
 type_register_static(_cpu_type_info);
 
-#ifdef CONFIG_KVM
+#if defined(CONFIG_KVM) || defined(CONFIG_HVF)
 type_register_static(_arm_cpu_type_info);
 #endif
 }
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 6d60b64c15..fa9ccafdff 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3060,6 +3060,8 @@ bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
 #define ARM_CPU_TYPE_NAME(name) (name ARM_CPU_TYPE_SUFFIX)
 #define CPU_RESOLVING_TYPE TYPE_ARM_CPU
 
+#define TYPE_ARM_HOST_CPU "host-" TYPE_ARM_CPU
+
 #define cpu_signal_handler cpu_arm_signal_handler
 #define cpu_list arm_cpu_list
 
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index e9291f4b9c..04da0dd4db 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -17,6 +17,7 @@
 #include "sysemu/hvf.h"
 #include "sysemu/hvf_int.h"
 #include "sysemu/hw_accel.h"
+#include "hvf_arm.h"
 
 #include 
 
@@ -54,6 +55,16 @@ typedef struct HVFVTimer {
 
 static HVFVTimer vtimer;
 
+typedef struct ARMHostCPUFeatures {
+ARMISARegisters isar;
+uint64_t features;
+uint64_t midr;
+uint32_t reset_sctlr;
+const char *dtb_compatible;
+} ARMHostCPUFeatures;
+
+static ARMHostCPUFeatures arm_host_cpu_features;
+
 struct hvf_reg_match {
 int reg;
 uint64_t offset;
@@ -416,6 +427,71 @@ static uint64_t hvf_get_reg(CPUState *cpu, int rt)
 return val;
 }
 
+static void hvf_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
+{
+ARMISARegisters host_isar = {};
+const struct isar_regs {
+int reg;
+uint64_t *val;
+} regs[] = {
+{ HV_SYS_REG_ID_AA64PFR0_EL1, _isar.id_aa64pfr0 },
+{ HV_SYS_REG_ID_AA64PFR1_EL1, _isar.id_aa64pfr1 },
+{ HV_SYS_REG_ID_AA64DFR0_EL1, _isar.id_aa64dfr0 },
+{ HV_SYS_REG_ID_AA64DFR1_EL1, _isar.id_aa64dfr1 },
+{ HV_SYS_REG_ID_AA64ISAR0_EL1, _isar.id_aa64isar0 },
+{ HV_SYS_REG_ID_AA64ISAR1_EL1, _isar.id_aa64isar1 },
+{ HV_SYS_REG_ID_AA64MMFR0_EL1, _isar.id_aa64mmfr0 },
+{ HV_SYS_REG_ID_AA64MMFR1_EL1, _isar.id_aa64mmfr1 },
+{ HV_SYS_REG_ID_AA64MMFR2_EL1, _isar.id_aa64mmfr2 },
+};
+hv_vcpu_t fd;
+hv_vcpu_exit_t *exit;
+int i;
+
+ahcf->dtb_compatible = "arm,arm-v8";
+ahcf->features = (1ULL << ARM_FEATURE_V8) |
+ (1ULL << ARM_FEATURE_NEON) |
+ (1ULL << ARM_FEATURE_AARCH64) |
+ (1ULL << ARM_FEATURE_PMU) |
+ (1ULL << ARM_FEATURE_GENERIC_TIMER);
+
+/* We set up a small vcpu to extract host registers */
+
+assert_hvf_ok(hv_vcpu_create(, , NULL));
+for (i = 0; i < ARRAY_SIZE(regs); i++) {
+assert_hvf_ok(hv_vcpu_get_sys_reg(fd, regs[i].reg, regs[i].val));
+}
+assert_hvf_ok(hv_vcpu_get_sys_reg(fd, HV_SYS_REG_MIDR_EL1, >midr));
+assert_hvf_ok(hv_vcpu_destroy(fd));
+
+ahcf->isar = host_isar;
+
+/* M1 boot SCTLR from https://github.com/AsahiLinux/m1n1/issues/97 */
+ahcf->reset_sctlr = 0x30100180;
+/* OVMF chokes on boot if SPAN is not set, so default it to on */
+ahcf->reset_sctlr |= 

[PATCH v9 09/11] hvf: arm: Add rudimentary PMC support

[Alexander Graf]

We can expose cycle counters on the PMU easily. To be as compatible as
possible, let's do so, but make sure we don't expose any other architectural
counters that we can not model yet.

This allows OSs to work that require PMU support.

Signed-off-by: Alexander Graf 
---
 target/arm/hvf/hvf.c | 179 +++
 1 file changed, 179 insertions(+)

diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index 20d795366a..b62cfa3976 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -42,6 +42,18 @@
 #define SYSREG_OSLSR_EL1  SYSREG(2, 0, 1, 1, 4)
 #define SYSREG_OSDLR_EL1  SYSREG(2, 0, 1, 3, 4)
 #define SYSREG_CNTPCT_EL0 SYSREG(3, 3, 14, 0, 1)
+#define SYSREG_PMCR_EL0   SYSREG(3, 3, 9, 12, 0)
+#define SYSREG_PMUSERENR_EL0  SYSREG(3, 3, 9, 14, 0)
+#define SYSREG_PMCNTENSET_EL0 SYSREG(3, 3, 9, 12, 1)
+#define SYSREG_PMCNTENCLR_EL0 SYSREG(3, 3, 9, 12, 2)
+#define SYSREG_PMINTENCLR_EL1 SYSREG(3, 0, 9, 14, 2)
+#define SYSREG_PMOVSCLR_EL0   SYSREG(3, 3, 9, 12, 3)
+#define SYSREG_PMSWINC_EL0SYSREG(3, 3, 9, 12, 4)
+#define SYSREG_PMSELR_EL0 SYSREG(3, 3, 9, 12, 5)
+#define SYSREG_PMCEID0_EL0SYSREG(3, 3, 9, 12, 6)
+#define SYSREG_PMCEID1_EL0SYSREG(3, 3, 9, 12, 7)
+#define SYSREG_PMCCNTR_EL0SYSREG(3, 3, 9, 13, 0)
+#define SYSREG_PMCCFILTR_EL0  SYSREG(3, 3, 14, 15, 7)
 
 #define WFX_IS_WFE (1 << 0)
 
@@ -708,6 +720,40 @@ static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, 
uint32_t rt)
 val = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) /
   gt_cntfrq_period_ns(arm_cpu);
 break;
+case SYSREG_PMCR_EL0:
+val = env->cp15.c9_pmcr;
+break;
+case SYSREG_PMCCNTR_EL0:
+pmu_op_start(env);
+val = env->cp15.c15_ccnt;
+pmu_op_finish(env);
+break;
+case SYSREG_PMCNTENCLR_EL0:
+val = env->cp15.c9_pmcnten;
+break;
+case SYSREG_PMOVSCLR_EL0:
+val = env->cp15.c9_pmovsr;
+break;
+case SYSREG_PMSELR_EL0:
+val = env->cp15.c9_pmselr;
+break;
+case SYSREG_PMINTENCLR_EL1:
+val = env->cp15.c9_pminten;
+break;
+case SYSREG_PMCCFILTR_EL0:
+val = env->cp15.pmccfiltr_el0;
+break;
+case SYSREG_PMCNTENSET_EL0:
+val = env->cp15.c9_pmcnten;
+break;
+case SYSREG_PMUSERENR_EL0:
+val = env->cp15.c9_pmuserenr;
+break;
+case SYSREG_PMCEID0_EL0:
+case SYSREG_PMCEID1_EL0:
+/* We can't really count anything yet, declare all events invalid */
+val = 0;
+break;
 case SYSREG_OSLSR_EL1:
 val = env->cp15.oslsr_el1;
 break;
@@ -738,6 +784,82 @@ static int hvf_sysreg_read(CPUState *cpu, uint32_t reg, 
uint32_t rt)
 return 0;
 }
 
+static void pmu_update_irq(CPUARMState *env)
+{
+ARMCPU *cpu = env_archcpu(env);
+qemu_set_irq(cpu->pmu_interrupt, (env->cp15.c9_pmcr & PMCRE) &&
+(env->cp15.c9_pminten & env->cp15.c9_pmovsr));
+}
+
+static bool pmu_event_supported(uint16_t number)
+{
+return false;
+}
+
+/* Returns true if the counter (pass 31 for PMCCNTR) should count events using
+ * the current EL, security state, and register configuration.
+ */
+static bool pmu_counter_enabled(CPUARMState *env, uint8_t counter)
+{
+uint64_t filter;
+bool enabled, filtered = true;
+int el = arm_current_el(env);
+
+enabled = (env->cp15.c9_pmcr & PMCRE) &&
+  (env->cp15.c9_pmcnten & (1 << counter));
+
+if (counter == 31) {
+filter = env->cp15.pmccfiltr_el0;
+} else {
+filter = env->cp15.c14_pmevtyper[counter];
+}
+
+if (el == 0) {
+filtered = filter & PMXEVTYPER_U;
+} else if (el == 1) {
+filtered = filter & PMXEVTYPER_P;
+}
+
+if (counter != 31) {
+/*
+ * If not checking PMCCNTR, ensure the counter is setup to an event we
+ * support
+ */
+uint16_t event = filter & PMXEVTYPER_EVTCOUNT;
+if (!pmu_event_supported(event)) {
+return false;
+}
+}
+
+return enabled && !filtered;
+}
+
+static void pmswinc_write(CPUARMState *env, uint64_t value)
+{
+unsigned int i;
+for (i = 0; i < pmu_num_counters(env); i++) {
+/* Increment a counter's count iff: */
+if ((value & (1 << i)) && /* counter's bit is set */
+/* counter is enabled and not filtered */
+pmu_counter_enabled(env, i) &&
+/* counter is SW_INCR */
+(env->cp15.c14_pmevtyper[i] & PMXEVTYPER_EVTCOUNT) == 0x0) {
+/*
+ * Detect if this write causes an overflow since we can't predict
+ * PMSWINC overflows like we can for other events
+ */
+uint32_t new_pmswinc = env->cp15.c14_pmevcntr[i] + 1;
+
+if (env->cp15.c14_pmevcntr[i] & ~new_pmswinc & INT32_MIN) {
+env->cp15.c9_pmovsr |= (1 << i);
+pmu_update_irq(env);
+

[PATCH v9 00/11] hvf: Implement Apple Silicon Support

[Alexander Graf]

Now that Apple Silicon is widely available, people are obviously excited
to try and run virtualized workloads on them, such as Linux and Windows.

This patch set implements a fully functional version to get the ball
going on that. With this applied, I can successfully run both Linux and
Windows as guests. I am not aware of any limitations specific to
Hypervisor.framework apart from:

  - gdbstub debugging (breakpoints)
  - missing GICv3 support

To use hvf support, please make sure to run -M virt,highmem=off to fit
in M1's physical address space limits and use -cpu host.


Enjoy!

Alex

v1 -> v2:

  - New patch: hvf: Actually set SIG_IPI mask
  - New patch: hvf: Introduce hvf vcpu struct
  - New patch: hvf: arm: Mark CPU as dirty on reset
  - Removed patch: hw/arm/virt: Disable highmem when on hypervisor.framework
  - Removed patch: arm: Synchronize CPU on PSCI on
  - Fix build on 32bit arm
  - Merge vcpu kick function patch into ARM enablement
  - Implement WFI handling (allows vCPUs to sleep)
  - Synchronize system registers (fixes OVMF crashes and reboot)
  - Don't always call cpu_synchronize_state()
  - Use more fine grained iothread locking
  - Populate aa64mmfr0 from hardware
  - Make safe to ctrl-C entitlement application

v2 -> v3:

  - Removed patch: hvf: Actually set SIG_IPI mask
  - New patch: hvf: arm: Add support for GICv3
  - New patch: hvf: arm: Implement -cpu host
  - Advance PC on SMC
  - Use cp list interface for sysreg syncs
  - Do not set current_cpu
  - Fix sysreg isread mask
  - Move sysreg handling to functions
  - Remove WFI logic again
  - Revert to global iothread locking

v3 -> v4:

  - Removed patch: hvf: arm: Mark CPU as dirty on reset
  - New patch: hvf: Simplify post reset/init/loadvm hooks
  - Remove i386-softmmu target (meson.build for hvf target)
  - Combine both if statements (PSCI)
  - Use hv.h instead of Hypervisor.h for 10.15 compat
  - Remove manual inclusion of Hypervisor.h in common .c files
  - No longer include Hypervisor.h in arm hvf .c files
  - Remove unused exe_full variable
  - Reuse exe_name variable

v4 -> v5:

  - Use g_free() on destroy

v5 -> v6:

  - Switch SYSREG() macro order to the same as asm intrinsics

v6 -> v7:

  - Already merged: hvf: Add hypervisor entitlement to output binaries
  - Already merged: hvf: x86: Remove unused definitions
  - Patch split: hvf: Move common code out
-> hvf: Move assert_hvf_ok() into common directory
-> hvf: Move vcpu thread functions into common directory
-> hvf: Move cpu functions into common directory
-> hvf: Move hvf internal definitions into common header
-> hvf: Make hvf_set_phys_mem() static
-> hvf: Remove use of hv_uvaddr_t and hv_gpaddr_t
-> hvf: Split out common code on vcpu init and destroy
-> hvf: Use cpu_synchronize_state()
-> hvf: Make synchronize functions static
-> hvf: Remove hvf-accel-ops.h
  - New patch: hvf: arm: Implement PSCI handling
  - New patch: arm: Enable Windows 10 trusted SMCCC boot call
  - New patch: hvf: arm: Handle Windows 10 SMC call
  - Removed patch: "arm: Set PSCI to 0.2 for HVF" (included above)
  - Removed patch: "hvf: arm: Add support for GICv3" (deferred to later)
  - Remove osdep.h include from hvf_int.h
  - Synchronize SIMD registers as well
  - Prepend 0x for hex values
  - Convert DPRINTF to trace points
  - Use main event loop (fixes gdbstub issues)
  - Remove PSCI support, inject UDEF on HVC/SMC
  - Change vtimer logic to look at ctl.istatus for vtimer mask sync
  - Add kick callback again (fixes remote CPU notification)
  - Move function define to own header
  - Do not propagate SVE features for HVF
  - Remove stray whitespace change
  - Verify that EL0 and EL1 do not allow AArch32 mode
  - Only probe host CPU features once
  - Move WFI into function
  - Improve comment wording
  - Simplify HVF matching logic in meson build file

v7 -> v8:

  - checkpatch fixes
  - Do not advance for HVC, PC is already updated by hvf
(fixes Linux boot)

v8 -> v9:

  - [Merged] hvf: Move assert_hvf_ok() into common directory
  - [Merged] hvf: Move vcpu thread functions into common directory
  - [Merged] hvf: Move cpu functions into common directory
  - [Merged] hvf: Move hvf internal definitions into common header
  - [Merged] hvf: Make hvf_set_phys_mem() static
  - [Merged] hvf: Remove use of hv_uvaddr_t and hv_gpaddr_t
  - [Merged] hvf: Split out common code on vcpu init and destroy
  - [Merged] hvf: Use cpu_synchronize_state()
  - [Merged] hvf: Make synchronize functions static
  - [Merged] hvf: Remove hvf-accel-ops.h
  - [Merged] hvf: Introduce hvf vcpu struct
  - [Merged] hvf: Simplify post reset/init/loadvm hooks
  - [Dropped] arm: Enable Windows 10 trusted SMCCC boot call
  - [Dropped] hvf: arm: Handle Windows 10 SMC call
  - [New] arm: Move PMC register definitions to cpu.h
  - [New] hvf: Add execute to dirty log permission bitmap
  - [New] hvf: Introduce hvf_arch_init() callback
  - [New] hvf: arm: Implement PSCI handling
  - [New] 

[PATCH v9 05/11] arm/hvf: Add a WFI handler

[Alexander Graf]

From: Peter Collingbourne 

Sleep on WFI until the VTIMER is due but allow ourselves to be woken
up on IPI.

In this implementation IPI is blocked on the CPU thread at startup and
pselect() is used to atomically unblock the signal and begin sleeping.
The signal is sent unconditionally so there's no need to worry about
races between actually sleeping and the "we think we're sleeping"
state. It may lead to an extra wakeup but that's better than missing
it entirely.

Signed-off-by: Peter Collingbourne 
[agraf: Remove unused 'set' variable, always advance PC on WFX trap,
support vm stop / continue operations and cntv offsets]
Signed-off-by: Alexander Graf 
Acked-by: Roman Bolshakov 
Reviewed-by: Sergio Lopez 

---

v6 -> v7:

  - Move WFI into function
  - Improve comment wording

v8 -> v9:

  - Add support for cntv offsets
  - Improve code readability
---
 accel/hvf/hvf-accel-ops.c |  5 ++-
 include/sysemu/hvf_int.h  |  1 +
 target/arm/hvf/hvf.c  | 76 +++
 3 files changed, 79 insertions(+), 3 deletions(-)

diff --git a/accel/hvf/hvf-accel-ops.c b/accel/hvf/hvf-accel-ops.c
index 4f75927a8e..93976f4ece 100644
--- a/accel/hvf/hvf-accel-ops.c
+++ b/accel/hvf/hvf-accel-ops.c
@@ -370,15 +370,14 @@ static int hvf_init_vcpu(CPUState *cpu)
 cpu->hvf = g_malloc0(sizeof(*cpu->hvf));
 
 /* init cpu signals */
-sigset_t set;
 struct sigaction sigact;
 
 memset(, 0, sizeof(sigact));
 sigact.sa_handler = dummy_signal;
 sigaction(SIG_IPI, , NULL);
 
-pthread_sigmask(SIG_BLOCK, NULL, );
-sigdelset(, SIG_IPI);
+pthread_sigmask(SIG_BLOCK, NULL, >hvf->unblock_ipi_mask);
+sigdelset(>hvf->unblock_ipi_mask, SIG_IPI);
 
 #ifdef __aarch64__
 r = hv_vcpu_create(>hvf->fd, (hv_vcpu_exit_t **)>hvf->exit, 
NULL);
diff --git a/include/sysemu/hvf_int.h b/include/sysemu/hvf_int.h
index 7c245c7b11..6545f7cd61 100644
--- a/include/sysemu/hvf_int.h
+++ b/include/sysemu/hvf_int.h
@@ -52,6 +52,7 @@ struct hvf_vcpu_state {
 uint64_t fd;
 void *exit;
 bool vtimer_masked;
+sigset_t unblock_ipi_mask;
 };
 
 void assert_hvf_ok(hv_return_t ret);
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index f04324b598..e9291f4b9c 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -2,6 +2,7 @@
  * QEMU Hypervisor.framework support for Apple Silicon
 
  * Copyright 2020 Alexander Graf 
+ * Copyright 2020 Google LLC
  *
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
@@ -490,6 +491,7 @@ int hvf_arch_init_vcpu(CPUState *cpu)
 
 void hvf_kick_vcpu_thread(CPUState *cpu)
 {
+cpus_kick_thread(cpu);
 hv_vcpus_exit(>hvf->fd, 1);
 }
 
@@ -608,6 +610,77 @@ static uint64_t hvf_vtimer_val_raw(void)
 return mach_absolute_time() - hvf_state->vtimer_offset;
 }
 
+static uint64_t hvf_vtimer_val(void)
+{
+if (!runstate_is_running()) {
+/* VM is paused, the vtimer value is in vtimer.vtimer_val */
+return vtimer.vtimer_val;
+}
+
+return hvf_vtimer_val_raw();
+}
+
+static void hvf_wait_for_ipi(CPUState *cpu, struct timespec *ts)
+{
+/*
+ * Use pselect to sleep so that other threads can IPI us while we're
+ * sleeping.
+ */
+qatomic_mb_set(>thread_kicked, false);
+qemu_mutex_unlock_iothread();
+pselect(0, 0, 0, 0, ts, >hvf->unblock_ipi_mask);
+qemu_mutex_lock_iothread();
+}
+
+static void hvf_wfi(CPUState *cpu)
+{
+ARMCPU *arm_cpu = ARM_CPU(cpu);
+hv_return_t r;
+uint64_t ctl;
+uint64_t cval;
+int64_t ticks_to_sleep;
+uint64_t seconds;
+uint64_t nanos;
+
+if (cpu->interrupt_request & (CPU_INTERRUPT_HARD | CPU_INTERRUPT_FIQ)) {
+/* Interrupt pending, no need to wait */
+return;
+}
+
+r = hv_vcpu_get_sys_reg(cpu->hvf->fd, HV_SYS_REG_CNTV_CTL_EL0, );
+assert_hvf_ok(r);
+
+if (!(ctl & 1) || (ctl & 2)) {
+/* Timer disabled or masked, just wait for an IPI. */
+hvf_wait_for_ipi(cpu, NULL);
+return;
+}
+
+r = hv_vcpu_get_sys_reg(cpu->hvf->fd, HV_SYS_REG_CNTV_CVAL_EL0, );
+assert_hvf_ok(r);
+
+ticks_to_sleep = cval - hvf_vtimer_val();
+if (ticks_to_sleep < 0) {
+return;
+}
+
+nanos = ticks_to_sleep * gt_cntfrq_period_ns(arm_cpu);
+seconds = nanos / NANOSECONDS_PER_SECOND;
+nanos -= (seconds * NANOSECONDS_PER_SECOND);
+
+/*
+ * Don't sleep for less than the time a context switch would take,
+ * so that we can satisfy fast timer requests on the same CPU.
+ * Measurements on M1 show the sweet spot to be ~2ms.
+ */
+if (!seconds && nanos < (2 * SCALE_MS)) {
+return;
+}
+
+struct timespec ts = { seconds, nanos };
+hvf_wait_for_ipi(cpu, );
+}
+
 static void hvf_sync_vtimer(CPUState *cpu)
 {
 ARMCPU *arm_cpu = ARM_CPU(cpu);
@@ -728,6 +801,9 @@ int hvf_vcpu_exec(CPUState *cpu)
 }
 case EC_WFX_TRAP:
 advance_pc = true;
+ 

[PATCH v9 01/11] arm: Move PMC register definitions to cpu.h

[Alexander Graf]

We will need PMC register definitions in accel specific code later.
Move all constant definitions to common arm headers so we can reuse
them.

Signed-off-by: Alexander Graf 
---
 target/arm/cpu.h| 44 
 target/arm/helper.c | 44 
 2 files changed, 44 insertions(+), 44 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 6a987f65e4..6d60b64c15 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1550,6 +1550,50 @@ static inline void xpsr_write(CPUARMState *env, uint32_t 
val, uint32_t mask)
 #define HSTR_TTEE (1 << 16)
 #define HSTR_TJDBX (1 << 17)
 
+/* Definitions for the PMU registers */
+#define PMCRN_MASK  0xf800
+#define PMCRN_SHIFT 11
+#define PMCRLC  0x40
+#define PMCRDP  0x20
+#define PMCRX   0x10
+#define PMCRD   0x8
+#define PMCRC   0x4
+#define PMCRP   0x2
+#define PMCRE   0x1
+/*
+ * Mask of PMCR bits writeable by guest (not including WO bits like C, P,
+ * which can be written as 1 to trigger behaviour but which stay RAZ).
+ */
+#define PMCR_WRITEABLE_MASK (PMCRLC | PMCRDP | PMCRX | PMCRD | PMCRE)
+
+#define PMXEVTYPER_P  0x8000
+#define PMXEVTYPER_U  0x4000
+#define PMXEVTYPER_NSK0x2000
+#define PMXEVTYPER_NSU0x1000
+#define PMXEVTYPER_NSH0x0800
+#define PMXEVTYPER_M  0x0400
+#define PMXEVTYPER_MT 0x0200
+#define PMXEVTYPER_EVTCOUNT   0x
+#define PMXEVTYPER_MASK   (PMXEVTYPER_P | PMXEVTYPER_U | PMXEVTYPER_NSK | \
+   PMXEVTYPER_NSU | PMXEVTYPER_NSH | \
+   PMXEVTYPER_M | PMXEVTYPER_MT | \
+   PMXEVTYPER_EVTCOUNT)
+
+#define PMCCFILTR 0xf800
+#define PMCCFILTR_M   PMXEVTYPER_M
+#define PMCCFILTR_EL0 (PMCCFILTR | PMCCFILTR_M)
+
+static inline uint32_t pmu_num_counters(CPUARMState *env)
+{
+  return (env->cp15.c9_pmcr & PMCRN_MASK) >> PMCRN_SHIFT;
+}
+
+/* Bits allowed to be set/cleared for PMCNTEN* and PMINTEN* */
+static inline uint64_t pmu_counter_mask(CPUARMState *env)
+{
+  return (1 << 31) | ((1 << pmu_num_counters(env)) - 1);
+}
+
 /* Return the current FPSCR value.  */
 uint32_t vfp_get_fpscr(CPUARMState *env);
 void vfp_set_fpscr(CPUARMState *env, uint32_t val);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index a7ae78146d..17f1b05622 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1114,50 +1114,6 @@ static const ARMCPRegInfo v6_cp_reginfo[] = {
 REGINFO_SENTINEL
 };
 
-/* Definitions for the PMU registers */
-#define PMCRN_MASK  0xf800
-#define PMCRN_SHIFT 11
-#define PMCRLC  0x40
-#define PMCRDP  0x20
-#define PMCRX   0x10
-#define PMCRD   0x8
-#define PMCRC   0x4
-#define PMCRP   0x2
-#define PMCRE   0x1
-/*
- * Mask of PMCR bits writeable by guest (not including WO bits like C, P,
- * which can be written as 1 to trigger behaviour but which stay RAZ).
- */
-#define PMCR_WRITEABLE_MASK (PMCRLC | PMCRDP | PMCRX | PMCRD | PMCRE)
-
-#define PMXEVTYPER_P  0x8000
-#define PMXEVTYPER_U  0x4000
-#define PMXEVTYPER_NSK0x2000
-#define PMXEVTYPER_NSU0x1000
-#define PMXEVTYPER_NSH0x0800
-#define PMXEVTYPER_M  0x0400
-#define PMXEVTYPER_MT 0x0200
-#define PMXEVTYPER_EVTCOUNT   0x
-#define PMXEVTYPER_MASK   (PMXEVTYPER_P | PMXEVTYPER_U | PMXEVTYPER_NSK | \
-   PMXEVTYPER_NSU | PMXEVTYPER_NSH | \
-   PMXEVTYPER_M | PMXEVTYPER_MT | \
-   PMXEVTYPER_EVTCOUNT)
-
-#define PMCCFILTR 0xf800
-#define PMCCFILTR_M   PMXEVTYPER_M
-#define PMCCFILTR_EL0 (PMCCFILTR | PMCCFILTR_M)
-
-static inline uint32_t pmu_num_counters(CPUARMState *env)
-{
-  return (env->cp15.c9_pmcr & PMCRN_MASK) >> PMCRN_SHIFT;
-}
-
-/* Bits allowed to be set/cleared for PMCNTEN* and PMINTEN* */
-static inline uint64_t pmu_counter_mask(CPUARMState *env)
-{
-  return (1 << 31) | ((1 << pmu_num_counters(env)) - 1);
-}
-
 typedef struct pm_event {
 uint16_t number; /* PMEVTYPER.evtCount is 16 bits wide */
 /* If the event is supported on this CPU (used to generate PMCEID[01]) */
-- 
2.30.1 (Apple Git-130)

[PATCH v9 02/11] hvf: Add execute to dirty log permission bitmap

[Alexander Graf]

Hvf's permission bitmap during and after dirty logging does not include
the HV_MEMORY_EXEC permission. At least on Apple Silicon, this leads to
instruction faults once dirty logging was enabled.

Add the bit to make it work properly.

Signed-off-by: Alexander Graf 
---
 accel/hvf/hvf-accel-ops.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/accel/hvf/hvf-accel-ops.c b/accel/hvf/hvf-accel-ops.c
index d1691be989..71cc2fa70f 100644
--- a/accel/hvf/hvf-accel-ops.c
+++ b/accel/hvf/hvf-accel-ops.c
@@ -239,12 +239,12 @@ static void hvf_set_dirty_tracking(MemoryRegionSection 
*section, bool on)
 if (on) {
 slot->flags |= HVF_SLOT_LOG;
 hv_vm_protect((uintptr_t)slot->start, (size_t)slot->size,
-  HV_MEMORY_READ);
+  HV_MEMORY_READ | HV_MEMORY_EXEC);
 /* stop tracking region*/
 } else {
 slot->flags &= ~HVF_SLOT_LOG;
 hv_vm_protect((uintptr_t)slot->start, (size_t)slot->size,
-  HV_MEMORY_READ | HV_MEMORY_WRITE);
+  HV_MEMORY_READ | HV_MEMORY_WRITE | HV_MEMORY_EXEC);
 }
 }
 
-- 
2.30.1 (Apple Git-130)

[PATCH v9 03/11] hvf: Introduce hvf_arch_init() callback

[Alexander Graf]

We will need to install a migration helper for the ARM hvf backend.
Let's introduce an arch callback for the overall hvf init chain to
do so.

Signed-off-by: Alexander Graf 
---
 accel/hvf/hvf-accel-ops.c | 3 ++-
 include/sysemu/hvf_int.h  | 1 +
 target/i386/hvf/hvf.c | 5 +
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/accel/hvf/hvf-accel-ops.c b/accel/hvf/hvf-accel-ops.c
index 71cc2fa70f..65d431868f 100644
--- a/accel/hvf/hvf-accel-ops.c
+++ b/accel/hvf/hvf-accel-ops.c
@@ -324,7 +324,8 @@ static int hvf_accel_init(MachineState *ms)
 
 hvf_state = s;
 memory_listener_register(_memory_listener, _space_memory);
-return 0;
+
+return hvf_arch_init();
 }
 
 static void hvf_accel_class_init(ObjectClass *oc, void *data)
diff --git a/include/sysemu/hvf_int.h b/include/sysemu/hvf_int.h
index 8b66a4e7d0..0466106d16 100644
--- a/include/sysemu/hvf_int.h
+++ b/include/sysemu/hvf_int.h
@@ -48,6 +48,7 @@ struct hvf_vcpu_state {
 };
 
 void assert_hvf_ok(hv_return_t ret);
+int hvf_arch_init(void);
 int hvf_arch_init_vcpu(CPUState *cpu);
 void hvf_arch_vcpu_destroy(CPUState *cpu);
 int hvf_vcpu_exec(CPUState *);
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 79ba4ed93a..abef24a9c8 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -206,6 +206,11 @@ static inline bool apic_bus_freq_is_known(CPUX86State *env)
 return env->apic_bus_freq != 0;
 }
 
+int hvf_arch_init(void)
+{
+return 0;
+}
+
 int hvf_arch_init_vcpu(CPUState *cpu)
 {
 X86CPU *x86cpu = X86_CPU(cpu);
-- 
2.30.1 (Apple Git-130)

Re: [PATCH v2] accel/tcg/user-exec: Fix read-modify-write of code on s390 hosts

[Richard Henderson]

On 8/3/21 3:16 PM, Ilya Leoshkevich wrote:

x86_64 dotnet/runtime uses cmpxchg for code patching. When running it
under s390x qemu-linux user, cpu_signal_handler() does not recognize
this as a write and does not restore PAGE_WRITE cleared by
tb_page_add(), incorrectly forwarding the signal to the guest code.

Signed-off-by: Ilya Leoshkevich
---

v1:https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg00464.html
v1 -> v2: Fix comment style, fix CSST detection (Richard).

  accel/tcg/user-exec.c | 48 ---
  1 file changed, 41 insertions(+), 7 deletions(-)


Queued, thanks.

r~

Re: [PATCH v4 00/16] tcg/s390x: host vector support

[Richard Henderson]

Ping.  The branch rebases to master without complaint.

r~

On 6/25/21 10:02 PM, Richard Henderson wrote:

Changes for v4:
   * Fix bug in RXB (david).

r~

Richard Henderson (16):
   tcg/s390x: Rename from tcg/s390
   tcg/s390x: Change FACILITY representation
   tcg/s390x: Merge TCG_AREG0 and TCG_REG_CALL_STACK into TCGReg
   tcg/s390x: Add host vector framework
   tcg/s390x: Implement tcg_out_ld/st for vector types
   tcg/s390x: Implement tcg_out_mov for vector types
   tcg/s390x: Implement tcg_out_dup*_vec
   tcg/s390x: Implement minimal vector operations
   tcg/s390x: Implement andc, orc, abs, neg, not vector operations
   tcg/s390x: Implement TCG_TARGET_HAS_mul_vec
   tcg/s390x: Implement vector shift operations
   tcg/s390x: Implement TCG_TARGET_HAS_minmax_vec
   tcg: Expand usadd/ussub with umin/umax
   tcg/s390x: Implement TCG_TARGET_HAS_sat_vec
   tcg/s390x: Implement TCG_TARGET_HAS_bitsel_vec
   tcg/s390x: Implement TCG_TARGET_HAS_cmpsel_vec

  meson.build  |   2 -
  tcg/{s390 => s390x}/tcg-target-con-set.h |   7 +
  tcg/{s390 => s390x}/tcg-target-con-str.h |   1 +
  tcg/{s390 => s390x}/tcg-target.h |  90 ++-
  tcg/s390x/tcg-target.opc.h   |  15 +
  tcg/tcg-op-vec.c |  37 +-
  tcg/{s390 => s390x}/tcg-target.c.inc | 925 +--
  7 files changed, 982 insertions(+), 95 deletions(-)
  rename tcg/{s390 => s390x}/tcg-target-con-set.h (86%)
  rename tcg/{s390 => s390x}/tcg-target-con-str.h (96%)
  rename tcg/{s390 => s390x}/tcg-target.h (67%)
  create mode 100644 tcg/s390x/tcg-target.opc.h
  rename tcg/{s390 => s390x}/tcg-target.c.inc (73%)

Re: [PATCH] user: Mark cpu_loop() with noreturn attribute

[Richard Henderson]

On 9/4/21 5:04 PM, Philippe Mathieu-Daudé wrote:

cpu_loop() never exits, so mark it with QEMU_NORETURN.

Signed-off-by: Philippe Mathieu-Daudé
---
  bsd-user/qemu.h   | 2 +-
  linux-user/qemu.h | 2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)


Queued, thanks.

r~

[PATCH v2 1/2] qemu-binfmt-conf.sh: fix -F option

[mwilck]

From: Martin Wilck 

qemu-binfmt-conf.sh should use "-F" as short option for "--qemu-suffix".
Fix the getopt call to make this work.

Signed-off-by: Martin Wilck 
---
v2: fixed overlong line to make patchew bot happy. Sorry for the long
delay, I'd missed the bot's reply.

---
 scripts/qemu-binfmt-conf.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scripts/qemu-binfmt-conf.sh b/scripts/qemu-binfmt-conf.sh
index fb504a4..c73a785 100755
--- a/scripts/qemu-binfmt-conf.sh
+++ b/scripts/qemu-binfmt-conf.sh
@@ -338,7 +338,9 @@ PERSISTENT=no
 PRESERVE_ARG0=no
 QEMU_SUFFIX=""
 
-options=$(getopt -o ds:Q:S:e:hc:p:g: -l 
debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,persistent:,preserve-argv0:
 -- "$@")
+_longopts="debian,systemd:,qemu-path:,qemu-suffix:,exportdir:,help,credential:,\
+persistent:,preserve-argv0:"
+options=$(getopt -o ds:Q:S:e:hc:p:g:F: -l ${_longopts} -- "$@")
 eval set -- "$options"
 
 while true ; do
-- 
2.33.0

Re: [PATCH v8 16/19] hvf: arm: Implement PSCI handling

[Richard Henderson]

On 9/12/21 2:37 PM, Alexander Graf wrote:


On 12.09.21 23:20, Richard Henderson wrote:

On 9/12/21 1:36 PM, Alexander Graf wrote:

I think the callsites would be clearer if you made the function
return true for "PSCI call handled", false for "not recognised,
give the guest an UNDEF". Code like
   if (hvf_handle_psci_call(cpu)) {
   stuff;
   }

looks like the 'stuff' is for the "psci call handled" case,
which at the moment it isn't.



This function merely follows standard C semantics along the lines of "0
means success, !0 is error". Isn't that what you would usually expect?


No, not really.  I expect stuff that returns error codes to return
negative integers on failure.  I expect stuff that returns a boolean
success/failure to return true on success.



Fair, I'll change it to return -1 then. Thanks!


Not quite the point I was making.  If the only two return values are -1/0, then bool 
false/true is in fact more appropriate.



r~

Re: [PATCH v8 16/19] hvf: arm: Implement PSCI handling

[Alexander Graf]

On 12.09.21 23:20, Richard Henderson wrote:
> On 9/12/21 1:36 PM, Alexander Graf wrote:
>>> I think the callsites would be clearer if you made the function
>>> return true for "PSCI call handled", false for "not recognised,
>>> give the guest an UNDEF". Code like
>>>   if (hvf_handle_psci_call(cpu)) {
>>>   stuff;
>>>   }
>>>
>>> looks like the 'stuff' is for the "psci call handled" case,
>>> which at the moment it isn't.
>>
>>
>> This function merely follows standard C semantics along the lines of "0
>> means success, !0 is error". Isn't that what you would usually expect?
>
> No, not really.  I expect stuff that returns error codes to return
> negative integers on failure.  I expect stuff that returns a boolean
> success/failure to return true on success.


Fair, I'll change it to return -1 then. Thanks!


Alex

Re: [PATCH] accel/tcg: assert insn_idx will always be valid before plugin_inject_cb

[Richard Henderson]

On 9/3/21 7:59 AM, Alex Bennée wrote:

Coverity doesn't know enough about how we have arranged our plugin TCG
ops to know we will always have incremented insn_idx before injecting
the callback. Let us assert it for the benefit of Coverity and protect
ourselves from accidentally breaking the assumption and triggering
harder to grok errors deeper in the code if we attempt a negative
indexed array lookup.

Fixes: Coverity 1459509
Signed-off-by: Alex Bennée 
---
  accel/tcg/plugin-gen.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
index 88e25c6df9..b38aa1bb36 100644
--- a/accel/tcg/plugin-gen.c
+++ b/accel/tcg/plugin-gen.c
@@ -820,10 +820,9 @@ static void pr_ops(void)
  static void plugin_gen_inject(const struct qemu_plugin_tb *plugin_tb)
  {
  TCGOp *op;
-int insn_idx;
+int insn_idx = -1;
  
  pr_ops();

-insn_idx = -1;
  QSIMPLEQ_FOREACH(op, _ctx->plugin_ops, plugin_link) {
  enum plugin_gen_from from = op->args[0];
  enum plugin_gen_cb type = op->args[1];
@@ -834,6 +833,7 @@ static void plugin_gen_inject(const struct qemu_plugin_tb 
*plugin_tb)
  type == PLUGIN_GEN_ENABLE_MEM_HELPER) {
  insn_idx++;
  }
+g_assert(from == PLUGIN_GEN_FROM_TB || insn_idx >= 0);
  plugin_inject_cb(plugin_tb, op, insn_idx);


Hmm.  This is the single caller of plugin_inject_cb.

I think we could simplify all of this by inlining it, so that we can put these blocks into 
their proper place within the switch.


Also, existing strageness in insn_idx being incremented for non-insns?  Should it be named 
something else?  I haven't looked at how it's really used in the end.



r~

Re: [PATCH 1/3] ui/console: replace QEMUFIFO with Fifo8

[Volker Rümelin]

@@ -2233,8 +2188,7 @@ static void text_console_do_init(Chardev
*chr, DisplayState *ds)
     int g_width = 80 * FONT_WIDTH;
     int g_height = 24 * FONT_HEIGHT;

-    s->out_fifo.buf = s->out_fifo_buf;
-    s->out_fifo.buf_size = sizeof(s->out_fifo_buf);
+    fifo8_create(>out_fifo, 16);


Missing a fif8_destroy() somewhere


Hi,

there's no function to close a text console. An opened text console 
remains open until QEMU exits. Currently QEMU doesn't free allocated 
text console resources.


With best regards,
Volker



     s->kbd_timer = timer_new_ms(QEMU_CLOCK_REALTIME,
kbd_send_chars, s);
     s->ds = ds;

Re: [PATCH v8 16/19] hvf: arm: Implement PSCI handling

[Richard Henderson]

On 9/12/21 1:36 PM, Alexander Graf wrote:

I think the callsites would be clearer if you made the function
return true for "PSCI call handled", false for "not recognised,
give the guest an UNDEF". Code like
  if (hvf_handle_psci_call(cpu)) {
  stuff;
  }

looks like the 'stuff' is for the "psci call handled" case,
which at the moment it isn't.



This function merely follows standard C semantics along the lines of "0
means success, !0 is error". Isn't that what you would usually expect?


No, not really.  I expect stuff that returns error codes to return negative integers on 
failure.  I expect stuff that returns a boolean success/failure to return true on success.



r~

Re: [PATCH v8 16/19] hvf: arm: Implement PSCI handling

[Alexander Graf]

On 15.06.21 14:54, Peter Maydell wrote:
> On Wed, 19 May 2021 at 21:23, Alexander Graf  wrote:
>> We need to handle PSCI calls. Most of the TCG code works for us,
>> but we can simplify it to only handle aa64 mode and we need to
>> handle SUSPEND differently.
>>
>> This patch takes the TCG code as template and duplicates it in HVF.
>>
>> To tell the guest that we support PSCI 0.2 now, update the check in
>> arm_cpu_initfn() as well.
>>
>> Signed-off-by: Alexander Graf 
>>
>> ---
>>
>> v6 -> v7:
>>
>>   - This patch integrates "arm: Set PSCI to 0.2 for HVF"
>>
>> v7 -> v8:
>>
>>   - Do not advance for HVC, PC is already updated by hvf
>>   - Fix checkpatch error
>
>> +static int /(ARMCPU *arm_cpu)
>> +{
>> +int32_t ret = 0;
>> +ret = arm_set_cpu_off(arm_cpu->mp_affinity);
>> +assert(ret == QEMU_ARM_POWERCTL_RET_SUCCESS);
>> +
>> +return 0;
> If you're always returning 0 you might as well just make
> it return void.
>
>> +}
>> +
>> +static int hvf_handle_psci_call(CPUState *cpu)
> I think the callsites would be clearer if you made the function
> return true for "PSCI call handled", false for "not recognised,
> give the guest an UNDEF". Code like
>  if (hvf_handle_psci_call(cpu)) {
>  stuff;
>  }
>
> looks like the 'stuff' is for the "psci call handled" case,
> which at the moment it isn't.


This function merely follows standard C semantics along the lines of "0
means success, !0 is error". Isn't that what you would usually expect?


>
> Either way, a comment for this function describing what its
> return value semantics are would be useful.


Sure, I can add one :)


>
>> +ARMCPU *arm_cpu = ARM_CPU(cpu);
>> +CPUARMState *env = _cpu->env;
>> +uint64_t param[4] = {
>> +env->xregs[0],
>> +env->xregs[1],
>> +env->xregs[2],
>> +env->xregs[3]
>> +};
>> +uint64_t context_id, mpidr;
>> +bool target_aarch64 = true;
>> +CPUState *target_cpu_state;
>> +ARMCPU *target_cpu;
>> +target_ulong entry;
>> +int target_el = 1;
>> +int32_t ret = 0;
>> +
>> +trace_hvf_psci_call(param[0], param[1], param[2], param[3],
>> +arm_cpu->mp_affinity);
>> +
>> +switch (param[0]) {
>> +case QEMU_PSCI_0_2_FN_PSCI_VERSION:
>> +ret = QEMU_PSCI_0_2_RET_VERSION_0_2;
>> +break;
>> +case QEMU_PSCI_0_2_FN_MIGRATE_INFO_TYPE:
>> +ret = QEMU_PSCI_0_2_RET_TOS_MIGRATION_NOT_REQUIRED; /* No trusted 
>> OS */
>> +break;
>> +case QEMU_PSCI_0_2_FN_AFFINITY_INFO:
>> +case QEMU_PSCI_0_2_FN64_AFFINITY_INFO:
>> +mpidr = param[1];
>> +
>> +switch (param[2]) {
>> +case 0:
>> +target_cpu_state = arm_get_cpu_by_id(mpidr);
>> +if (!target_cpu_state) {
>> +ret = QEMU_PSCI_RET_INVALID_PARAMS;
>> +break;
>> +}
>> +target_cpu = ARM_CPU(target_cpu_state);
>> +
>> +ret = target_cpu->power_state;
>> +break;
>> +default:
>> +/* Everything above affinity level 0 is always on. */
>> +ret = 0;
>> +}
>> +break;
>> +case QEMU_PSCI_0_2_FN_SYSTEM_RESET:
>> +qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
>> +/* QEMU reset and shutdown are async requests, but PSCI
>> + * mandates that we never return from the reset/shutdown
>> + * call, so power the CPU off now so it doesn't execute
>> + * anything further.
>> + */
>> +return hvf_psci_cpu_off(arm_cpu);
>> +case QEMU_PSCI_0_2_FN_SYSTEM_OFF:
>> +qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
>> +return hvf_psci_cpu_off(arm_cpu);
>> +case QEMU_PSCI_0_1_FN_CPU_ON:
>> +case QEMU_PSCI_0_2_FN_CPU_ON:
>> +case QEMU_PSCI_0_2_FN64_CPU_ON:
>> +mpidr = param[1];
>> +entry = param[2];
>> +context_id = param[3];
>> +ret = arm_set_cpu_on(mpidr, entry, context_id,
>> + target_el, target_aarch64);
>> +break;
>> +case QEMU_PSCI_0_1_FN_CPU_OFF:
>> +case QEMU_PSCI_0_2_FN_CPU_OFF:
>> +return hvf_psci_cpu_off(arm_cpu);
>> +case QEMU_PSCI_0_1_FN_CPU_SUSPEND:
>> +case QEMU_PSCI_0_2_FN_CPU_SUSPEND:
>> +case QEMU_PSCI_0_2_FN64_CPU_SUSPEND:
>> +/* Affinity levels are not supported in QEMU */
>> +if (param[1] & 0xfffe) {
>> +ret = QEMU_PSCI_RET_INVALID_PARAMS;
>> +break;
>> +}
>> +/* Powerdown is not supported, we always go into WFI */
>> +env->xregs[0] = 0;
>> +hvf_wfi(cpu);
>> +break;
>> +case QEMU_PSCI_0_1_FN_MIGRATE:
>> +case QEMU_PSCI_0_2_FN_MIGRATE:
>> +ret = QEMU_PSCI_RET_NOT_SUPPORTED;
>> +break;
>> +default:
>> +return 1;
>> +}
>> +
>> +env->xregs[0] = ret;
>> +return 0;
>> +}
>> +
>>  static uint64_t hvf_sysreg_read(CPUState *cpu, uint32_t 

Re: [PATCH v8 15/19] hvf: arm: Implement -cpu host

[Alexander Graf]

On 15.06.21 12:56, Peter Maydell wrote:
> On Wed, 19 May 2021 at 21:23, Alexander Graf  wrote:
>> Now that we have working system register sync, we push more target CPU
>> properties into the virtual machine. That might be useful in some
>> situations, but is not the typical case that users want.
>>
>> So let's add a -cpu host option that allows them to explicitly pass all
>> CPU capabilities of their host CPU into the guest.
>>
>> Signed-off-by: Alexander Graf 
>> Acked-by: Roman Bolshakov 
>>
>> ---
>>
>> v6 -> v7:
>>
>>   - Move function define to own header
>>   - Do not propagate SVE features for HVF
>>   - Remove stray whitespace change
>>   - Verify that EL0 and EL1 do not allow AArch32 mode
>>   - Only probe host CPU features once
>> +static void hvf_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
>> +{
>> +ARMISARegisters host_isar;
> Can you zero-initialize this (with "= { }"), please? That way we
> know we have zeroes in the aarch32 ID fields rather than random junk later...
>
>> +const struct isar_regs {
>> +int reg;
>> +uint64_t *val;
>> +} regs[] = {
>> +{ HV_SYS_REG_ID_AA64PFR0_EL1, _isar.id_aa64pfr0 },
>> +{ HV_SYS_REG_ID_AA64PFR1_EL1, _isar.id_aa64pfr1 },
>> +{ HV_SYS_REG_ID_AA64DFR0_EL1, _isar.id_aa64dfr0 },
>> +{ HV_SYS_REG_ID_AA64DFR1_EL1, _isar.id_aa64dfr1 },
>> +{ HV_SYS_REG_ID_AA64ISAR0_EL1, _isar.id_aa64isar0 },
>> +{ HV_SYS_REG_ID_AA64ISAR1_EL1, _isar.id_aa64isar1 },
>> +{ HV_SYS_REG_ID_AA64MMFR0_EL1, _isar.id_aa64mmfr0 },
>> +{ HV_SYS_REG_ID_AA64MMFR1_EL1, _isar.id_aa64mmfr1 },
>> +{ HV_SYS_REG_ID_AA64MMFR2_EL1, _isar.id_aa64mmfr2 },
>> +};
>> +hv_vcpu_t fd;
>> +hv_vcpu_exit_t *exit;
>> +int i;
>> +
>> +ahcf->dtb_compatible = "arm,arm-v8";
>> +ahcf->features = (1ULL << ARM_FEATURE_V8) |
>> + (1ULL << ARM_FEATURE_NEON) |
>> + (1ULL << ARM_FEATURE_AARCH64) |
>> + (1ULL << ARM_FEATURE_PMU) |
>> + (1ULL << ARM_FEATURE_GENERIC_TIMER);
>> +
>> +/* We set up a small vcpu to extract host registers */
>> +
>> +assert_hvf_ok(hv_vcpu_create(, , NULL));
>> +for (i = 0; i < ARRAY_SIZE(regs); i++) {
>> +assert_hvf_ok(hv_vcpu_get_sys_reg(fd, regs[i].reg, regs[i].val));
>> +}
>> +assert_hvf_ok(hv_vcpu_get_sys_reg(fd, HV_SYS_REG_MIDR_EL1, 
>> >midr));
>> +assert_hvf_ok(hv_vcpu_destroy(fd));
>> +
>> +ahcf->isar = host_isar;
>> +ahcf->reset_sctlr = 0x00c50078;
> Why this value in particular? Could we just ask the scratch HVF CPU
> for the value of SCTLR_EL1 rather than hardcoding something?


The fresh scratch hvf CPU has 0 as SCTLR. But I'm happy to put an actual
M1 copy of it here.


>
>> +
>> +/* Make sure we don't advertise AArch32 support for EL0/EL1 */
>> +g_assert((host_isar.id_aa64pfr0 & 0xff) == 0x11);
> This shouldn't really be an assert, I think. error_report() something
> and return false, and then arm_cpu_realizefn() will fail, which should
> cause us to exit.


I don't follow. We're filling in the -cpu host CPU template here. There
is no error path anywhere we could take. Or are you suggesting we only
error on realize? I don't see any obvious way how we could tell the
realize function that we don't want to expose AArch32 support for -cpu host.

This is a case that on today's systems can't happen - M1 does not
support AArch32 anywhere. So that assert could only ever hit if you run
macOS on non-Apple hardware (in which case I doubt hvf works as
intended) or if a new Apple CPU starts supporting AArch32 (again, very
unlikely).

So overall, I think the assert here is not too bad :)


Alex

Re: [PATCH v3 00/24] accel/tcg: Restrict TCGCPUOps::cpu_exec_interrupt() to sysemu

[Richard Henderson]

On 9/11/21 9:54 AM, Philippe Mathieu-Daudé wrote:

Philippe Mathieu-Daudé (24):
   target/avr: Remove pointless use of CONFIG_USER_ONLY definition
   target/i386: Restrict sysemu-only fpu_helper helpers
   target/i386: Simplify TARGET_X86_64 #ifdef'ry
   target/xtensa: Restrict do_transaction_failed() to sysemu
   accel/tcg: Rename user-mode do_interrupt hack as fake_user_interrupt
   target/alpha: Restrict cpu_exec_interrupt() handler to sysemu
   target/arm: Restrict cpu_exec_interrupt() handler to sysemu
   target/cris: Restrict cpu_exec_interrupt() handler to sysemu
   target/hppa: Restrict cpu_exec_interrupt() handler to sysemu
   target/i386: Restrict cpu_exec_interrupt() handler to sysemu
   target/i386: Move x86_cpu_exec_interrupt() under sysemu/ folder
   target/m68k: Restrict cpu_exec_interrupt() handler to sysemu
   target/microblaze: Restrict cpu_exec_interrupt() handler to sysemu
   target/mips: Restrict cpu_exec_interrupt() handler to sysemu
   target/nios2: Restrict cpu_exec_interrupt() handler to sysemu
   target/openrisc: Restrict cpu_exec_interrupt() handler to sysemu
   target/ppc: Restrict cpu_exec_interrupt() handler to sysemu
   target/riscv: Restrict cpu_exec_interrupt() handler to sysemu
   target/sh4: Restrict cpu_exec_interrupt() handler to sysemu
   target/sparc: Restrict cpu_exec_interrupt() handler to sysemu
   target/rx: Restrict cpu_exec_interrupt() handler to sysemu
   target/xtensa: Restrict cpu_exec_interrupt() handler to sysemu
   accel/tcg: Restrict TCGCPUOps::cpu_exec_interrupt() to sysemu
   user: Remove cpu_get_pic_interrupt() stubs


Queued, thanks.

r~

Re: [PATCH v4 21/30] target/ppc: Restrict has_work() handlers to sysemu and TCG

[Richard Henderson]

On 9/12/21 10:27 AM, Philippe Mathieu-Daudé wrote:

Restrict PowerPCCPUClass::has_work() and ppc_cpu_has_work()
- SysemuCPUOps::has_work() implementation - to TCG sysemu.

Signed-off-by: Philippe Mathieu-Daudé
---
  target/ppc/cpu-qom.h  |  4 +++-
  target/ppc/cpu_init.c | 24 ++--
  2 files changed, 21 insertions(+), 7 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v4 20/30] target/ppc: Introduce PowerPCCPUClass::has_work()

[Richard Henderson]

On 9/12/21 10:27 AM, Philippe Mathieu-Daudé wrote:

We're moving the hook from CPUState to TCGCPUOps. TCGCPUOps is
a const structure, so to avoid creating multiple versions of
the same structure, simply changing the has_work() handler,
introduce yet another indirection with a has_work() handler in
PowerPCCPUClass, and ppc_cpu_has_work() method which dispatch
to it.

Signed-off-by: Philippe Mathieu-Daudé
---
  target/ppc/cpu-qom.h  |  1 +
  target/ppc/cpu_init.c | 23 ++-
  2 files changed, 15 insertions(+), 9 deletions(-)


Reviewed-by: Richard Henderson 

r~

[RFC v5] virtio/vsock: add two more queues for datagram types

[Jiang Wang]

Datagram sockets are connectionless and unreliable.
The sender does not know the capacity of the receiver
and may send more packets than the receiver can handle.

Add two more dedicate virtqueues for datagram sockets,
so that it will not unfairly steal resources from
stream and future connection-oriented sockets.

Signed-off-by: Jiang Wang 
---
v1 -> v2: use qemu cmd option to control number of queues,
removed configuration settings for dgram.
v2 -> v3: use ioctl to get features and decide number of
virt queues, instead of qemu cmd option.
v3 -> v4: change DGRAM feature bit value to 2. Add an argument
in vhost_vsock_common_realize to indicate dgram is supported or not.
v4 -> v5: don't open dev to get vhostfd. Removed leftover definition of
enable_dgram

 hw/virtio/vhost-user-vsock.c  |  2 +-
 hw/virtio/vhost-vsock-common.c| 27 ---
 hw/virtio/vhost-vsock.c   | 27 ++-
 include/hw/virtio/vhost-vsock-common.h|  6 +++--
 include/hw/virtio/vhost-vsock.h   |  3 +++
 include/standard-headers/linux/virtio_vsock.h |  1 +
 6 files changed, 59 insertions(+), 7 deletions(-)

diff --git a/hw/virtio/vhost-user-vsock.c b/hw/virtio/vhost-user-vsock.c
index 6095ed7349..e9ec0e1c00 100644
--- a/hw/virtio/vhost-user-vsock.c
+++ b/hw/virtio/vhost-user-vsock.c
@@ -105,7 +105,7 @@ static void vuv_device_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
-vhost_vsock_common_realize(vdev, "vhost-user-vsock");
+vhost_vsock_common_realize(vdev, "vhost-user-vsock", false);
 
 vhost_dev_set_config_notifier(>vhost_dev, _ops);
 
diff --git a/hw/virtio/vhost-vsock-common.c b/hw/virtio/vhost-vsock-common.c
index 4ad6e234ad..f48b5a69df 100644
--- a/hw/virtio/vhost-vsock-common.c
+++ b/hw/virtio/vhost-vsock-common.c
@@ -17,6 +17,8 @@
 #include "hw/virtio/vhost-vsock.h"
 #include "qemu/iov.h"
 #include "monitor/monitor.h"
+#include 
+#include 
 
 int vhost_vsock_common_start(VirtIODevice *vdev)
 {
@@ -196,9 +198,10 @@ int vhost_vsock_common_post_load(void *opaque, int 
version_id)
 return 0;
 }
 
-void vhost_vsock_common_realize(VirtIODevice *vdev, const char *name)
+void vhost_vsock_common_realize(VirtIODevice *vdev, const char *name, bool 
enable_dgram)
 {
 VHostVSockCommon *vvc = VHOST_VSOCK_COMMON(vdev);
+int nvqs = MAX_VQS_WITHOUT_DGRAM;
 
 virtio_init(vdev, name, VIRTIO_ID_VSOCK,
 sizeof(struct virtio_vsock_config));
@@ -209,12 +212,22 @@ void vhost_vsock_common_realize(VirtIODevice *vdev, const 
char *name)
 vvc->trans_vq = virtio_add_queue(vdev, VHOST_VSOCK_QUEUE_SIZE,
vhost_vsock_common_handle_output);
 
+if (!enable_dgram)
+nvqs = MAX_VQS_WITHOUT_DGRAM;
+else {
+nvqs = MAX_VQS_WITH_DGRAM;
+vvc->dgram_recv_vq = virtio_add_queue(vdev, VHOST_VSOCK_QUEUE_SIZE,
+  
vhost_vsock_common_handle_output);
+vvc->dgram_trans_vq = virtio_add_queue(vdev, VHOST_VSOCK_QUEUE_SIZE,
+   
vhost_vsock_common_handle_output);
+}
+
 /* The event queue belongs to QEMU */
 vvc->event_vq = virtio_add_queue(vdev, VHOST_VSOCK_QUEUE_SIZE,
vhost_vsock_common_handle_output);
 
-vvc->vhost_dev.nvqs = ARRAY_SIZE(vvc->vhost_vqs);
-vvc->vhost_dev.vqs = vvc->vhost_vqs;
+vvc->vhost_dev.nvqs = nvqs;
+vvc->vhost_dev.vqs = g_new0(struct vhost_virtqueue, vvc->vhost_dev.nvqs);
 
 vvc->post_load_timer = NULL;
 }
@@ -227,6 +240,14 @@ void vhost_vsock_common_unrealize(VirtIODevice *vdev)
 
 virtio_delete_queue(vvc->recv_vq);
 virtio_delete_queue(vvc->trans_vq);
+if (vvc->vhost_dev.nvqs == MAX_VQS_WITH_DGRAM) {
+virtio_delete_queue(vvc->dgram_recv_vq);
+virtio_delete_queue(vvc->dgram_trans_vq);
+}
+
+if (vvc->vhost_dev.vqs)
+g_free(vvc->vhost_dev.vqs);
+
 virtio_delete_queue(vvc->event_vq);
 virtio_cleanup(vdev);
 }
diff --git a/hw/virtio/vhost-vsock.c b/hw/virtio/vhost-vsock.c
index 1b1a5c70ed..1fee25f144 100644
--- a/hw/virtio/vhost-vsock.c
+++ b/hw/virtio/vhost-vsock.c
@@ -20,9 +20,12 @@
 #include "hw/qdev-properties.h"
 #include "hw/virtio/vhost-vsock.h"
 #include "monitor/monitor.h"
+#include 
+#include 
 
 const int feature_bits[] = {
 VIRTIO_VSOCK_F_SEQPACKET,
+VIRTIO_VSOCK_F_DGRAM,
 VHOST_INVALID_FEATURE_BIT
 };
 
@@ -116,6 +119,8 @@ static uint64_t vhost_vsock_get_features(VirtIODevice *vdev,
 VHostVSockCommon *vvc = VHOST_VSOCK_COMMON(vdev);
 
 virtio_add_feature(_features, VIRTIO_VSOCK_F_SEQPACKET);
+if (vvc->vhost_dev.nvqs == MAX_VQS_WITH_DGRAM)
+virtio_add_feature(_features, VIRTIO_VSOCK_F_DGRAM);
 return vhost_get_features(>vhost_dev, feature_bits,
 requested_features);
 }
@@ -132,6 +137,24 @@ static const 

Re: [PATCH v4 26/30] target/sparc: Remove pointless use of CONFIG_TCG definition

[Richard Henderson]

On 9/12/21 10:27 AM, Philippe Mathieu-Daudé wrote:

The SPARC target only support TCG acceleration. Remove the CONFIG_TCG


supports


definition introduced by mistake in commit 78271684719 ("cpu: tcg_ops:
move to tcg-cpu-ops.h, keep a pointer in CPUClass").

Reported-by: Richard Henderson
Signed-off-by: Philippe Mathieu-Daudé
---
  target/sparc/cpu.c | 2 --
  1 file changed, 2 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 1/3] ui/console: replace QEMUFIFO with Fifo8

[Volker Rümelin]

Am 12.09.21 um 19:58 schrieb Volker Rümelin:


    @@ -1185,6 +1138,7 @@ void kbd_put_keysym_console(QemuConsole *s,
    int keysym)
         uint8_t buf[16], *q;
         CharBackend *be;
         int c;
    +    uint32_t free;


Better call it num_free, to avoid symbol clash (even if we don't use 
free() directly), it helps reading and can prevent mistakes.




Hi,

OK, I'll send a version 2 patch.



         if (!s || (s->console_type == GRAPHIC_CONSOLE))
             return;




    @@ -2233,8 +2188,7 @@ static void text_console_do_init(Chardev
    *chr, DisplayState *ds)
         int g_width = 80 * FONT_WIDTH;
         int g_height = 24 * FONT_HEIGHT;

    -    s->out_fifo.buf = s->out_fifo_buf;
    -    s->out_fifo.buf_size = sizeof(s->out_fifo_buf);
    +    fifo8_create(>out_fifo, 16);


Missing a fif8_destroy() somewhere



An opened text console stays open until QEMU exits. There's no 
text_console_close() function. Just like there's a ChardevClass open 
call but no close call. I think this is one of the many cases in QEMU 
where resources get allocated for the lifetime of QEMU.


Sorry, I think my last four sentences are simply wrong. Please ignore this.




With best regards,
Volker


         s->kbd_timer = timer_new_ms(QEMU_CLOCK_REALTIME,
    kbd_send_chars, s);
         s->ds = ds;

Re: [PATCH v4 01/30] accel/tcg: Restrict cpu_handle_halt() to sysemu

[Richard Henderson]

On 9/12/21 10:27 AM, Philippe Mathieu-Daudé wrote:

Commit 372579427a5 ("tcg: enable thread-per-vCPU") added the following
comment describing EXCP_HALTED in qemu_tcg_cpu_thread_fn():

 case EXCP_HALTED:
  /* during start-up the vCPU is reset and the thread is
   * kicked several times. If we don't ensure we go back
   * to sleep in the halted state we won't cleanly
   * start-up when the vCPU is enabled.
   *
   * cpu->halted should ensure we sleep in wait_io_event
   */
  g_assert(cpu->halted);
  break;

qemu_wait_io_event() is sysemu-specific, so we can restrict the
cpu_handle_halt() call in cpu_exec() to system emulation.

Signed-off-by: Philippe Mathieu-Daudé
---
v4: Reduce ifdef'ry to cpu_handle_halt (rth)
---
  accel/tcg/cpu-exec.c | 6 --
  1 file changed, 4 insertions(+), 2 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 1/3] ui/console: replace QEMUFIFO with Fifo8

[Volker Rümelin]

@@ -1185,6 +1138,7 @@ void kbd_put_keysym_console(QemuConsole *s,
int keysym)
     uint8_t buf[16], *q;
     CharBackend *be;
     int c;
+    uint32_t free;


Better call it num_free, to avoid symbol clash (even if we don't use 
free() directly), it helps reading and can prevent mistakes.




Hi,

OK, I'll send a version 2 patch.



     if (!s || (s->console_type == GRAPHIC_CONSOLE))
         return;




@@ -2233,8 +2188,7 @@ static void text_console_do_init(Chardev
*chr, DisplayState *ds)
     int g_width = 80 * FONT_WIDTH;
     int g_height = 24 * FONT_HEIGHT;

-    s->out_fifo.buf = s->out_fifo_buf;
-    s->out_fifo.buf_size = sizeof(s->out_fifo_buf);
+    fifo8_create(>out_fifo, 16);


Missing a fif8_destroy() somewhere



An opened text console stays open until QEMU exits. There's no 
text_console_close() function. Just like there's a ChardevClass open 
call but no close call. I think this is one of the many cases in QEMU 
where resources get allocated for the lifetime of QEMU.


With best regards,
Volker


     s->kbd_timer = timer_new_ms(QEMU_CLOCK_REALTIME,
kbd_send_chars, s);
     s->ds = ds;

Re: [PATCH 04/20] nubus: use bitmap to manage available slots

[Philippe Mathieu-Daudé]

On 9/12/21 9:48 AM, Mark Cave-Ayland wrote:
> Convert nubus_device_realize() to use a bitmap to manage available slots to 
> allow
> for future Nubus devices to be plugged into arbitrary slots from the command 
> line.
> 
> Update mac_nubus_bridge_init() to only allow slots 0x9 to 0xe on a Macintosh
> machines as documented in "Desigining Cards and Drivers for the Macintosh 
> Family".
> 
> Signed-off-by: Mark Cave-Ayland 
> ---
>  hw/nubus/mac-nubus-bridge.c |  3 +++
>  hw/nubus/nubus-bus.c|  2 +-
>  hw/nubus/nubus-device.c | 33 +++--
>  include/hw/nubus/nubus.h|  4 ++--
>  4 files changed, 33 insertions(+), 9 deletions(-)
> 
> diff --git a/hw/nubus/mac-nubus-bridge.c b/hw/nubus/mac-nubus-bridge.c
> index 7c329300b8..6e78f4c0b3 100644
> --- a/hw/nubus/mac-nubus-bridge.c
> +++ b/hw/nubus/mac-nubus-bridge.c
> @@ -18,6 +18,9 @@ static void mac_nubus_bridge_init(Object *obj)
>  
>  s->bus = NUBUS_BUS(qbus_create(TYPE_NUBUS_BUS, DEVICE(s), NULL));
>  
> +/* Macintosh only has slots 0x9 to 0xe available */
> +s->bus->slot_available_mask = 0x7e00;

So MAKE_64BIT_MASK(9, 6),

>  sysbus_init_mmio(sbd, >bus->super_slot_io);
>  sysbus_init_mmio(sbd, >bus->slot_io);
>  }
> diff --git a/hw/nubus/nubus-bus.c b/hw/nubus/nubus-bus.c
> index 5c13452308..f6d3655f51 100644
> --- a/hw/nubus/nubus-bus.c
> +++ b/hw/nubus/nubus-bus.c
> @@ -84,7 +84,7 @@ static void nubus_init(Object *obj)
>nubus, "nubus-slots",
>NUBUS_SLOT_NB * NUBUS_SLOT_SIZE);
>  
> -nubus->current_slot = NUBUS_FIRST_SLOT;
> +nubus->slot_available_mask = 0x;

and MAKE_64BIT_MASK(0, 16)?

>  }

Re: [PATCH 16/20] nubus-bridge: embed the NubusBus object directly within nubus-bridge

[Philippe Mathieu-Daudé]

On 9/12/21 9:49 AM, Mark Cave-Ayland wrote:
> Since nubus-bridge is a container for NubusBus then it should be embedded
> directly within the bridge device using qbus_create_inplace().
> 
> Signed-off-by: Mark Cave-Ayland 
> ---
>  hw/m68k/q800.c  | 2 +-
>  hw/nubus/mac-nubus-bridge.c | 7 ---
>  hw/nubus/nubus-bridge.c | 3 ++-
>  include/hw/nubus/nubus.h| 2 +-
>  4 files changed, 8 insertions(+), 6 deletions(-)

> diff --git a/hw/nubus/mac-nubus-bridge.c b/hw/nubus/mac-nubus-bridge.c
> index c16cfc4ab3..c23d5d508d 100644
> --- a/hw/nubus/mac-nubus-bridge.c
> +++ b/hw/nubus/mac-nubus-bridge.c
> @@ -18,18 +18,19 @@ static void mac_nubus_bridge_init(Object *obj)
>  MacNubusBridge *s = MAC_NUBUS_BRIDGE(obj);
>  NubusBridge *nb = NUBUS_BRIDGE(obj);
>  SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
> +NubusBus *bus = >bus;
>  
>  /* Macintosh only has slots 0x9 to 0xe available */
> -nb->bus->slot_available_mask = 0x7e00;
> +bus->slot_available_mask = 0x7e00;

Re-reading I'd use MAKE_64BIT_MASK(9, 6)
or eventually MAKE_64BIT_MASK(9, 0xe - 0x6 + 1).

Re: [PATCH 02/20] nubus-device: expose separate super slot memory region

[Philippe Mathieu-Daudé]

On 9/12/21 7:20 PM, Mark Cave-Ayland wrote:
> On 12/09/2021 16:50, Philippe Mathieu-Daudé wrote:
> 
>> On 9/12/21 9:48 AM, Mark Cave-Ayland wrote:
>>> According to "Designing Cards and Drivers for the Macintosh Family"
>>> each physical
>>> nubus slot can access 2 separate address ranges: a super slot memory
>>> region which
>>> is 256MB and a standard slot memory region which is 16MB.
>>>
>>> Currently a Nubus device uses the physical slot number to determine
>>> whether it is
>>> using a standard slot memory region or a super slot memory region
>>> rather than
>>> exposing both memory regions for use as required.
>>>
>>> Signed-off-by: Mark Cave-Ayland 
>>> ---
>>>   hw/nubus/nubus-device.c  | 36 ++--
>>>   include/hw/nubus/nubus.h |  1 +
>>>   2 files changed, 19 insertions(+), 18 deletions(-)
>>>
>>> diff --git a/hw/nubus/nubus-device.c b/hw/nubus/nubus-device.c
>>> index be01269563..36203848e5 100644
>>> --- a/hw/nubus/nubus-device.c
>>> +++ b/hw/nubus/nubus-device.c
>>> @@ -168,26 +168,26 @@ static void nubus_device_realize(DeviceState
>>> *dev, Error **errp)
>>>   }
>>>     nd->slot = nubus->current_slot++;
>>> -    name = g_strdup_printf("nubus-slot-%d", nd->slot);
>>> -
>>> -    if (nd->slot < NUBUS_FIRST_SLOT) {
>>> -    /* Super */
>>> -    slot_offset = (nd->slot - 6) * NUBUS_SUPER_SLOT_SIZE;
>>> -
>>> -    memory_region_init(>slot_mem, OBJECT(dev), name,
>>> -   NUBUS_SUPER_SLOT_SIZE);
>>> -    memory_region_add_subregion(>super_slot_io, slot_offset,
>>> -    >slot_mem);
>>> -    } else {
>>> -    /* Normal */
>>> -    slot_offset = nd->slot * NUBUS_SLOT_SIZE;
>>> -
>>> -    memory_region_init(>slot_mem, OBJECT(dev), name,
>>> NUBUS_SLOT_SIZE);
>>> -    memory_region_add_subregion(>slot_io, slot_offset,
>>> -    >slot_mem);
>>> -    }
>>>   +    /* Super */
>>> +    slot_offset = (nd->slot - 6) * NUBUS_SUPER_SLOT_SIZE;
>>> +
>>> +    name = g_strdup_printf("nubus-super-slot-%x", nd->slot);
>>> +    memory_region_init(>super_slot_mem, OBJECT(dev), name,
>>> +    NUBUS_SUPER_SLOT_SIZE);
>>> +    memory_region_add_subregion(>super_slot_io, slot_offset,
>>> +    >super_slot_mem);
>>> +    g_free(name);
>>> +
>>> +    /* Normal */
>>> +    slot_offset = nd->slot * NUBUS_SLOT_SIZE;
>>> +
>>> +    name = g_strdup_printf("nubus-slot-%x", nd->slot);
>>
>> I'd rather use "nubus-standard-slot-%x" or "nubus-normal-slot-%x"
>> to differentiate from super-bus. (This also applies to variable
>> names and trace events in this series).
> 
> I can see how this may seem ambiguous, however in "Designing Cards and
> Drivers for the Macintosh Family" the documentation always refers to
> "slot" as a standard slot so there shouldn't be any confusion for
> developers here.

OK, fine then.

>> Anyway,
>> Reviewed-by: Philippe Mathieu-Daudé 

[PATCH v4 30/30] accel: Add missing AccelOpsClass::has_work() and drop SysemuCPUOps one

[Philippe Mathieu-Daudé]

cpu_common_has_work() is the default has_work() implementation
and returns 'false'.

Explicit it for the QTest / HAX / HVF / NVMM / Xen accelerators
and remove cpu_common_has_work().

Since there are no more implementations of SysemuCPUOps::has_work,
remove it along with the assertion in cpu_has_work().

Reviewed-by: Richard Henderson 
Acked-by: Paul Durrant 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/core/cpu.h | 2 --
 accel/hvf/hvf-accel-ops.c | 6 ++
 accel/qtest/qtest.c   | 6 ++
 accel/xen/xen-all.c   | 6 ++
 hw/core/cpu-common.c  | 6 --
 softmmu/cpus.c| 9 ++---
 target/i386/hax/hax-accel-ops.c   | 6 ++
 target/i386/nvmm/nvmm-accel-ops.c | 6 ++
 8 files changed, 32 insertions(+), 15 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index e2dd171a13f..c64709b898c 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -89,7 +89,6 @@ struct SysemuCPUOps;
  * instantiatable CPU type.
  * @parse_features: Callback to parse command line arguments.
  * @reset_dump_flags: #CPUDumpFlags to use for reset logging.
- * @has_work: Callback for checking if there is work to do.
  * @memory_rw_debug: Callback for GDB memory access.
  * @dump_state: Callback for dumping state.
  * @get_arch_id: Callback for getting architecture-dependent CPU ID.
@@ -132,7 +131,6 @@ struct CPUClass {
 void (*parse_features)(const char *typename, char *str, Error **errp);
 
 int reset_dump_flags;
-bool (*has_work)(CPUState *cpu);
 int (*memory_rw_debug)(CPUState *cpu, vaddr addr,
uint8_t *buf, int len, bool is_write);
 void (*dump_state)(CPUState *cpu, FILE *, int flags);
diff --git a/accel/hvf/hvf-accel-ops.c b/accel/hvf/hvf-accel-ops.c
index d1691be9896..53c427ee42e 100644
--- a/accel/hvf/hvf-accel-ops.c
+++ b/accel/hvf/hvf-accel-ops.c
@@ -446,6 +446,11 @@ static void hvf_start_vcpu_thread(CPUState *cpu)
cpu, QEMU_THREAD_JOINABLE);
 }
 
+static bool hvf_cpu_has_work(CPUState *cpu)
+{
+return false;
+}
+
 static void hvf_accel_ops_class_init(ObjectClass *oc, void *data)
 {
 AccelOpsClass *ops = ACCEL_OPS_CLASS(oc);
@@ -456,6 +461,7 @@ static void hvf_accel_ops_class_init(ObjectClass *oc, void 
*data)
 ops->synchronize_post_init = hvf_cpu_synchronize_post_init;
 ops->synchronize_state = hvf_cpu_synchronize_state;
 ops->synchronize_pre_loadvm = hvf_cpu_synchronize_pre_loadvm;
+ops->has_work = hvf_cpu_has_work;
 };
 static const TypeInfo hvf_accel_ops_type = {
 .name = ACCEL_OPS_NAME("hvf"),
diff --git a/accel/qtest/qtest.c b/accel/qtest/qtest.c
index 7e6b8110d52..eb5a17cef18 100644
--- a/accel/qtest/qtest.c
+++ b/accel/qtest/qtest.c
@@ -47,12 +47,18 @@ static const TypeInfo qtest_accel_type = {
 };
 module_obj(TYPE_QTEST_ACCEL);
 
+static bool qtest_cpu_has_work(CPUState *cpu)
+{
+return false;
+}
+
 static void qtest_accel_ops_class_init(ObjectClass *oc, void *data)
 {
 AccelOpsClass *ops = ACCEL_OPS_CLASS(oc);
 
 ops->create_vcpu_thread = dummy_start_vcpu_thread;
 ops->get_virtual_clock = qtest_get_virtual_clock;
+ops->has_work = qtest_cpu_has_work;
 };
 
 static const TypeInfo qtest_accel_ops_type = {
diff --git a/accel/xen/xen-all.c b/accel/xen/xen-all.c
index 69aa7d018b2..fe5a37fa2e6 100644
--- a/accel/xen/xen-all.c
+++ b/accel/xen/xen-all.c
@@ -215,11 +215,17 @@ static const TypeInfo xen_accel_type = {
 .class_init = xen_accel_class_init,
 };
 
+static bool xen_cpu_has_work(CPUState *cpu)
+{
+return false;
+}
+
 static void xen_accel_ops_class_init(ObjectClass *oc, void *data)
 {
 AccelOpsClass *ops = ACCEL_OPS_CLASS(oc);
 
 ops->create_vcpu_thread = dummy_start_vcpu_thread;
+ops->has_work = xen_cpu_has_work;
 }
 
 static const TypeInfo xen_accel_ops_type = {
diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index e2f5a646046..5ed1ccdfdd5 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -143,11 +143,6 @@ static void cpu_common_reset(DeviceState *dev)
 }
 }
 
-static bool cpu_common_has_work(CPUState *cs)
-{
-return false;
-}
-
 ObjectClass *cpu_class_by_name(const char *typename, const char *cpu_model)
 {
 CPUClass *cc = CPU_CLASS(object_class_by_name(typename));
@@ -279,7 +274,6 @@ static void cpu_class_init(ObjectClass *klass, void *data)
 
 k->parse_features = cpu_common_parse_features;
 k->get_arch_id = cpu_common_get_arch_id;
-k->has_work = cpu_common_has_work;
 k->gdb_read_register = cpu_common_gdb_read_register;
 k->gdb_write_register = cpu_common_gdb_write_register;
 set_bit(DEVICE_CATEGORY_CPU, dc->categories);
diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index 6bce52ce561..e6dad2243c6 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -251,13 +251,8 @@ void cpu_interrupt(CPUState *cpu, int mask)
 
 bool cpu_has_work(CPUState *cpu)
 {
-CPUClass *cc = CPU_GET_CLASS(cpu);
-
-

[PATCH v4 29/30] target/xtensa: Restrict has_work() handler to sysemu

[Philippe Mathieu-Daudé]

Restrict has_work() to sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/xtensa/cpu.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/target/xtensa/cpu.c b/target/xtensa/cpu.c
index c1cbd03595e..5cb19a88819 100644
--- a/target/xtensa/cpu.c
+++ b/target/xtensa/cpu.c
@@ -43,18 +43,17 @@ static void xtensa_cpu_set_pc(CPUState *cs, vaddr value)
 cpu->env.pc = value;
 }
 
+#ifndef CONFIG_USER_ONLY
+
 static bool xtensa_cpu_has_work(CPUState *cs)
 {
-#ifndef CONFIG_USER_ONLY
 XtensaCPU *cpu = XTENSA_CPU(cs);
 
 return !cpu->env.runstall && cpu->env.pending_irq_level;
-#else
-return true;
-#endif
 }
 
-#ifdef CONFIG_USER_ONLY
+#else /* CONFIG_USER_ONLY*/
+
 static bool abi_call0;
 
 void xtensa_set_abi_call0(void)
@@ -66,7 +65,8 @@ bool xtensa_abi_call0(void)
 {
 return abi_call0;
 }
-#endif
+
+#endif /* CONFIG_USER_ONLY */
 
 static void xtensa_cpu_reset(DeviceState *dev)
 {
@@ -196,6 +196,7 @@ static const struct TCGCPUOps xtensa_tcg_ops = {
 .debug_excp_handler = xtensa_breakpoint_handler,
 
 #ifndef CONFIG_USER_ONLY
+.has_work = xtensa_cpu_has_work,
 .cpu_exec_interrupt = xtensa_cpu_exec_interrupt,
 .do_interrupt = xtensa_cpu_do_interrupt,
 .do_transaction_failed = xtensa_cpu_do_transaction_failed,
@@ -215,7 +216,6 @@ static void xtensa_cpu_class_init(ObjectClass *oc, void 
*data)
 device_class_set_parent_reset(dc, xtensa_cpu_reset, >parent_reset);
 
 cc->class_by_name = xtensa_cpu_class_by_name;
-cc->has_work = xtensa_cpu_has_work;
 cc->dump_state = xtensa_cpu_dump_state;
 cc->set_pc = xtensa_cpu_set_pc;
 cc->gdb_read_register = xtensa_cpu_gdb_read_register;
-- 
2.31.1

[PATCH v4 28/30] target/tricore: Restrict has_work() handler to sysemu

[Philippe Mathieu-Daudé]

Restrict has_work() to sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/tricore/cpu.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/target/tricore/cpu.c b/target/tricore/cpu.c
index b95682b7f04..419fa624bd5 100644
--- a/target/tricore/cpu.c
+++ b/target/tricore/cpu.c
@@ -62,10 +62,12 @@ static void tricore_cpu_reset(DeviceState *dev)
 cpu_state_reset(env);
 }
 
+#if !defined(CONFIG_USER_ONLY)
 static bool tricore_cpu_has_work(CPUState *cs)
 {
 return true;
 }
+#endif /* !CONFIG_USER_ONLY */
 
 static void tricore_cpu_realizefn(DeviceState *dev, Error **errp)
 {
@@ -154,6 +156,9 @@ static const struct TCGCPUOps tricore_tcg_ops = {
 .initialize = tricore_tcg_init,
 .synchronize_from_tb = tricore_cpu_synchronize_from_tb,
 .tlb_fill = tricore_cpu_tlb_fill,
+#if !defined(CONFIG_USER_ONLY)
+.has_work = tricore_cpu_has_work,
+#endif
 };
 
 static void tricore_cpu_class_init(ObjectClass *c, void *data)
@@ -167,7 +172,6 @@ static void tricore_cpu_class_init(ObjectClass *c, void 
*data)
 
 device_class_set_parent_reset(dc, tricore_cpu_reset, >parent_reset);
 cc->class_by_name = tricore_cpu_class_by_name;
-cc->has_work = tricore_cpu_has_work;
 
 cc->gdb_read_register = tricore_cpu_gdb_read_register;
 cc->gdb_write_register = tricore_cpu_gdb_write_register;
-- 
2.31.1

[PATCH v4 27/30] target/sparc: Restrict has_work() handler to sysemu

[Philippe Mathieu-Daudé]

Restrict has_work() to sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/sparc/cpu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index e83e305aa9d..4a63ed12644 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -702,6 +702,7 @@ static void sparc_cpu_synchronize_from_tb(CPUState *cs,
 cpu->env.npc = tb->cs_base;
 }
 
+#if !defined(CONFIG_USER_ONLY)
 static bool sparc_cpu_has_work(CPUState *cs)
 {
 SPARCCPU *cpu = SPARC_CPU(cs);
@@ -710,6 +711,7 @@ static bool sparc_cpu_has_work(CPUState *cs)
 return (cs->interrupt_request & CPU_INTERRUPT_HARD) &&
cpu_interrupts_enabled(env);
 }
+#endif /* !CONFIG_USER_ONLY */
 
 static char *sparc_cpu_type_name(const char *cpu_model)
 {
@@ -867,6 +869,7 @@ static const struct TCGCPUOps sparc_tcg_ops = {
 .tlb_fill = sparc_cpu_tlb_fill,
 
 #ifndef CONFIG_USER_ONLY
+.has_work = sparc_cpu_has_work,
 .cpu_exec_interrupt = sparc_cpu_exec_interrupt,
 .do_interrupt = sparc_cpu_do_interrupt,
 .do_transaction_failed = sparc_cpu_do_transaction_failed,
@@ -888,7 +891,6 @@ static void sparc_cpu_class_init(ObjectClass *oc, void 
*data)
 
 cc->class_by_name = sparc_cpu_class_by_name;
 cc->parse_features = sparc_cpu_parse_features;
-cc->has_work = sparc_cpu_has_work;
 cc->dump_state = sparc_cpu_dump_state;
 #if !defined(TARGET_SPARC64) && !defined(CONFIG_USER_ONLY)
 cc->memory_rw_debug = sparc_cpu_memory_rw_debug;
-- 
2.31.1

[PATCH v4 26/30] target/sparc: Remove pointless use of CONFIG_TCG definition

[Philippe Mathieu-Daudé]

The SPARC target only support TCG acceleration. Remove the CONFIG_TCG
definition introduced by mistake in commit 78271684719 ("cpu: tcg_ops:
move to tcg-cpu-ops.h, keep a pointer in CPUClass").

Reported-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/sparc/cpu.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/target/sparc/cpu.c b/target/sparc/cpu.c
index 5a8a4ce7506..e83e305aa9d 100644
--- a/target/sparc/cpu.c
+++ b/target/sparc/cpu.c
@@ -859,7 +859,6 @@ static const struct SysemuCPUOps sparc_sysemu_ops = {
 };
 #endif
 
-#ifdef CONFIG_TCG
 #include "hw/core/tcg-cpu-ops.h"
 
 static const struct TCGCPUOps sparc_tcg_ops = {
@@ -874,7 +873,6 @@ static const struct TCGCPUOps sparc_tcg_ops = {
 .do_unaligned_access = sparc_cpu_do_unaligned_access,
 #endif /* !CONFIG_USER_ONLY */
 };
-#endif /* CONFIG_TCG */
 
 static void sparc_cpu_class_init(ObjectClass *oc, void *data)
 {
-- 
2.31.1

[PATCH v4 25/30] target/sh4: Restrict has_work() handler to sysemu

[Philippe Mathieu-Daudé]

Restrict has_work() to sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/sh4/cpu.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/target/sh4/cpu.c b/target/sh4/cpu.c
index 2047742d03c..fb2116dc52e 100644
--- a/target/sh4/cpu.c
+++ b/target/sh4/cpu.c
@@ -58,13 +58,14 @@ static bool superh_io_recompile_replay_branch(CPUState *cs,
 }
 return false;
 }
-#endif
 
 static bool superh_cpu_has_work(CPUState *cs)
 {
 return cs->interrupt_request & CPU_INTERRUPT_HARD;
 }
 
+#endif /* !CONFIG_USER_ONLY */
+
 static void superh_cpu_reset(DeviceState *dev)
 {
 CPUState *s = CPU(dev);
@@ -239,6 +240,7 @@ static const struct TCGCPUOps superh_tcg_ops = {
 .tlb_fill = superh_cpu_tlb_fill,
 
 #ifndef CONFIG_USER_ONLY
+.has_work = superh_cpu_has_work,
 .cpu_exec_interrupt = superh_cpu_exec_interrupt,
 .do_interrupt = superh_cpu_do_interrupt,
 .do_unaligned_access = superh_cpu_do_unaligned_access,
@@ -258,7 +260,6 @@ static void superh_cpu_class_init(ObjectClass *oc, void 
*data)
 device_class_set_parent_reset(dc, superh_cpu_reset, >parent_reset);
 
 cc->class_by_name = superh_cpu_class_by_name;
-cc->has_work = superh_cpu_has_work;
 cc->dump_state = superh_cpu_dump_state;
 cc->set_pc = superh_cpu_set_pc;
 cc->gdb_read_register = superh_cpu_gdb_read_register;
-- 
2.31.1

[PATCH] tcg/arm: Reduce vector alignment requirement for NEON

[Richard Henderson]

With arm32, the ABI gives us 8-byte alignment for the stack.
While it's possible to realign the stack to provide 16-byte alignment,
it's far easier to simply not encode 16-byte alignment in the
VLD1 and VST1 instructions that we emit.

Remove the assertion in temp_allocate_frame, limit natural alignment
to the provided stack alignment, and add a comment.

Reported-by: Richard W.M. Jones 
Signed-off-by: Richard Henderson 
---

I haven't seen the assertion with the various arm kernels that I happen
to have laying about.  I have not taken the time to build the combo
from the bug report:

[0.00] Linux version 5.14.0-60.fc36.armv7hl 
(mockbu...@buildvm-a32-12.iad2.fedoraproject.org) (gcc (GCC) 11.2.1 20210728 
(Red Hat 11.2.1-1), GNU ld version 2.37-9.fc36) #1 SMP Mon Aug 30 14:08:34 UTC 
2021

I thought about parameterizing this patch further, but I can't think of
another ISA that would be affected.  (i686 clumsily changed its abi 20
years ago to avoid faulting on vector spills; other isas so far have
allowed vectors to be unaligned.)


r~
---
 tcg/tcg.c|  8 +++-
 tcg/arm/tcg-target.c.inc | 13 +
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/tcg/tcg.c b/tcg/tcg.c
index 4142d42d77..ca5bcc4635 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -3060,7 +3060,13 @@ static void temp_allocate_frame(TCGContext *s, TCGTemp 
*ts)
 g_assert_not_reached();
 }
 
-assert(align <= TCG_TARGET_STACK_ALIGN);
+/*
+ * Assume the stack is sufficiently aligned.
+ * This affects e.g. ARM NEON, where we have 8 byte stack alignment
+ * and do not require 16 byte vector alignment.  This seems slightly
+ * easier than fully parameterizing the above switch statement.
+ */
+align = MIN(TCG_TARGET_STACK_ALIGN, align);
 off = ROUND_UP(s->current_frame_offset, align);
 
 /* If we've exhausted the stack frame, restart with a smaller TB. */
diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index e5b4f86841..8515717435 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -2477,8 +2477,13 @@ static void tcg_out_ld(TCGContext *s, TCGType type, 
TCGReg arg,
 tcg_out_vldst(s, INSN_VLD1 | 0x7d0, arg, arg1, arg2);
 return;
 case TCG_TYPE_V128:
-/* regs 2; size 8; align 16 */
-tcg_out_vldst(s, INSN_VLD1 | 0xae0, arg, arg1, arg2);
+/*
+ * We have only 8-byte alignment for the stack per the ABI.
+ * Rather than dynamically re-align the stack, it's easier
+ * to simply not request alignment beyond that.  So:
+ * regs 2; size 8; align 8
+ */
+tcg_out_vldst(s, INSN_VLD1 | 0xad0, arg, arg1, arg2);
 return;
 default:
 g_assert_not_reached();
@@ -2497,8 +2502,8 @@ static void tcg_out_st(TCGContext *s, TCGType type, 
TCGReg arg,
 tcg_out_vldst(s, INSN_VST1 | 0x7d0, arg, arg1, arg2);
 return;
 case TCG_TYPE_V128:
-/* regs 2; size 8; align 16 */
-tcg_out_vldst(s, INSN_VST1 | 0xae0, arg, arg1, arg2);
+/* See tcg_out_ld re alignment: regs 2; size 8; align 8 */
+tcg_out_vldst(s, INSN_VST1 | 0xad0, arg, arg1, arg2);
 return;
 default:
 g_assert_not_reached();
-- 
2.25.1

Re: [PATCH 11/20] nubus-device: add romfile property for loading declaration ROMs

[Philippe Mathieu-Daudé]

On 9/12/21 9:49 AM, Mark Cave-Ayland wrote:
> The declaration ROM is located at the top-most address of the standard slot
> space.
> 
> Signed-off-by: Mark Cave-Ayland 
> ---
>  hw/nubus/nubus-device.c  | 43 +++-
>  include/hw/nubus/nubus.h |  5 +
>  2 files changed, 47 insertions(+), 1 deletion(-)

> +/* Declaration ROM */

> +} else if (size > NUBUS_DECL_ROM_MAX_SIZE) {

I'd check for >= and define as (64 * KiB).

> +error_setg(errp, "romfile \"%s\" too large (maximum size 64K)",
> +   nd->romfile);
> +g_free(path);
> +return;
> +}

> diff --git a/include/hw/nubus/nubus.h b/include/hw/nubus/nubus.h
> index 87a97516c7..42f4c9dbb8 100644
> --- a/include/hw/nubus/nubus.h
> +++ b/include/hw/nubus/nubus.h
> @@ -39,12 +39,17 @@ struct NubusBus {
>  uint32_t slot_available_mask;
>  };
>  
> +#define NUBUS_DECL_ROM_MAX_SIZE0x

[PATCH v4 23/30] target/rx: Restrict has_work() handler to sysemu

[Philippe Mathieu-Daudé]

Restrict has_work() to sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/rx/cpu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/rx/cpu.c b/target/rx/cpu.c
index 25a4aa2976d..ac6b40b2716 100644
--- a/target/rx/cpu.c
+++ b/target/rx/cpu.c
@@ -41,11 +41,13 @@ static void rx_cpu_synchronize_from_tb(CPUState *cs,
 cpu->env.pc = tb->pc;
 }
 
+#if !defined(CONFIG_USER_ONLY)
 static bool rx_cpu_has_work(CPUState *cs)
 {
 return cs->interrupt_request &
 (CPU_INTERRUPT_HARD | CPU_INTERRUPT_FIR);
 }
+#endif /* !CONFIG_USER_ONLY */
 
 static void rx_cpu_reset(DeviceState *dev)
 {
@@ -189,6 +191,7 @@ static const struct TCGCPUOps rx_tcg_ops = {
 .tlb_fill = rx_cpu_tlb_fill,
 
 #ifndef CONFIG_USER_ONLY
+.has_work = rx_cpu_has_work,
 .cpu_exec_interrupt = rx_cpu_exec_interrupt,
 .do_interrupt = rx_cpu_do_interrupt,
 #endif /* !CONFIG_USER_ONLY */
@@ -206,7 +209,6 @@ static void rx_cpu_class_init(ObjectClass *klass, void 
*data)
   >parent_reset);
 
 cc->class_by_name = rx_cpu_class_by_name;
-cc->has_work = rx_cpu_has_work;
 cc->dump_state = rx_cpu_dump_state;
 cc->set_pc = rx_cpu_set_pc;
 
-- 
2.31.1

[PATCH v4 20/30] target/ppc: Introduce PowerPCCPUClass::has_work()

[Philippe Mathieu-Daudé]

We're moving the hook from CPUState to TCGCPUOps. TCGCPUOps is
a const structure, so to avoid creating multiple versions of
the same structure, simply changing the has_work() handler,
introduce yet another indirection with a has_work() handler in
PowerPCCPUClass, and ppc_cpu_has_work() method which dispatch
to it.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/ppc/cpu-qom.h  |  1 +
 target/ppc/cpu_init.c | 23 ++-
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/target/ppc/cpu-qom.h b/target/ppc/cpu-qom.h
index 5800fa324e8..36110112506 100644
--- a/target/ppc/cpu-qom.h
+++ b/target/ppc/cpu-qom.h
@@ -188,6 +188,7 @@ struct PowerPCCPUClass {
 uint32_t flags;
 int bfd_mach;
 uint32_t l1_dcache_size, l1_icache_size;
+bool (*has_work)(CPUState *cpu);
 #ifndef CONFIG_USER_ONLY
 unsigned int gdb_num_sprs;
 const char *gdb_spr_xml;
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 6aad01d1d3a..2f7d262b176 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -7621,7 +7621,6 @@ POWERPC_FAMILY(POWER7)(ObjectClass *oc, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(oc);
 PowerPCCPUClass *pcc = POWERPC_CPU_CLASS(oc);
-CPUClass *cc = CPU_CLASS(oc);
 
 dc->fw_name = "PowerPC,POWER7";
 dc->desc = "POWER7";
@@ -7630,7 +7629,7 @@ POWERPC_FAMILY(POWER7)(ObjectClass *oc, void *data)
 pcc->pcr_supported = PCR_COMPAT_2_06 | PCR_COMPAT_2_05;
 pcc->init_proc = init_proc_POWER7;
 pcc->check_pow = check_pow_nocheck;
-cc->has_work = cpu_has_work_POWER7;
+pcc->has_work = cpu_has_work_POWER7;
 pcc->insns_flags = PPC_INSNS_BASE | PPC_ISEL | PPC_STRING | PPC_MFTB |
PPC_FLOAT | PPC_FLOAT_FSEL | PPC_FLOAT_FRES |
PPC_FLOAT_FSQRT | PPC_FLOAT_FRSQRTE |
@@ -7789,7 +7788,6 @@ POWERPC_FAMILY(POWER8)(ObjectClass *oc, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(oc);
 PowerPCCPUClass *pcc = POWERPC_CPU_CLASS(oc);
-CPUClass *cc = CPU_CLASS(oc);
 
 dc->fw_name = "PowerPC,POWER8";
 dc->desc = "POWER8";
@@ -7798,7 +7796,7 @@ POWERPC_FAMILY(POWER8)(ObjectClass *oc, void *data)
 pcc->pcr_supported = PCR_COMPAT_2_07 | PCR_COMPAT_2_06 | PCR_COMPAT_2_05;
 pcc->init_proc = init_proc_POWER8;
 pcc->check_pow = check_pow_nocheck;
-cc->has_work = cpu_has_work_POWER8;
+pcc->has_work = cpu_has_work_POWER8;
 pcc->insns_flags = PPC_INSNS_BASE | PPC_ISEL | PPC_STRING | PPC_MFTB |
PPC_FLOAT | PPC_FLOAT_FSEL | PPC_FLOAT_FRES |
PPC_FLOAT_FSQRT | PPC_FLOAT_FRSQRTE |
@@ -8003,7 +8001,6 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(oc);
 PowerPCCPUClass *pcc = POWERPC_CPU_CLASS(oc);
-CPUClass *cc = CPU_CLASS(oc);
 
 dc->fw_name = "PowerPC,POWER9";
 dc->desc = "POWER9";
@@ -8013,7 +8010,7 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
  PCR_COMPAT_2_05;
 pcc->init_proc = init_proc_POWER9;
 pcc->check_pow = check_pow_nocheck;
-cc->has_work = cpu_has_work_POWER9;
+pcc->has_work = cpu_has_work_POWER9;
 pcc->insns_flags = PPC_INSNS_BASE | PPC_ISEL | PPC_STRING | PPC_MFTB |
PPC_FLOAT | PPC_FLOAT_FSEL | PPC_FLOAT_FRES |
PPC_FLOAT_FSQRT | PPC_FLOAT_FRSQRTE |
@@ -8212,7 +8209,6 @@ POWERPC_FAMILY(POWER10)(ObjectClass *oc, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(oc);
 PowerPCCPUClass *pcc = POWERPC_CPU_CLASS(oc);
-CPUClass *cc = CPU_CLASS(oc);
 
 dc->fw_name = "PowerPC,POWER10";
 dc->desc = "POWER10";
@@ -8223,7 +8219,7 @@ POWERPC_FAMILY(POWER10)(ObjectClass *oc, void *data)
  PCR_COMPAT_2_06 | PCR_COMPAT_2_05;
 pcc->init_proc = init_proc_POWER10;
 pcc->check_pow = check_pow_nocheck;
-cc->has_work = cpu_has_work_POWER10;
+pcc->has_work = cpu_has_work_POWER10;
 pcc->insns_flags = PPC_INSNS_BASE | PPC_ISEL | PPC_STRING | PPC_MFTB |
PPC_FLOAT | PPC_FLOAT_FSEL | PPC_FLOAT_FRES |
PPC_FLOAT_FSQRT | PPC_FLOAT_FRSQRTE |
@@ -8790,7 +8786,7 @@ static void ppc_cpu_set_pc(CPUState *cs, vaddr value)
 cpu->env.nip = value;
 }
 
-static bool ppc_cpu_has_work(CPUState *cs)
+static bool cpu_has_work_default(CPUState *cs)
 {
 PowerPCCPU *cpu = POWERPC_CPU(cs);
 CPUPPCState *env = >env;
@@ -8798,6 +8794,14 @@ static bool ppc_cpu_has_work(CPUState *cs)
 return msr_ee && (cs->interrupt_request & CPU_INTERRUPT_HARD);
 }
 
+static bool ppc_cpu_has_work(CPUState *cs)
+{
+PowerPCCPU *cpu = POWERPC_CPU(cs);
+PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
+
+return pcc->has_work(cs);
+}
+
 static void ppc_cpu_reset(DeviceState *dev)
 {
 CPUState *s = CPU(dev);
@@ -9037,6 +9041,7 @@ static void ppc_cpu_class_init(ObjectClass *oc, void 
*data)
 device_class_set_parent_unrealize(dc, ppc_cpu_unrealize,

[PATCH v4 21/30] target/ppc: Restrict has_work() handlers to sysemu and TCG

[Philippe Mathieu-Daudé]

Restrict PowerPCCPUClass::has_work() and ppc_cpu_has_work()
- SysemuCPUOps::has_work() implementation - to TCG sysemu.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/ppc/cpu-qom.h  |  4 +++-
 target/ppc/cpu_init.c | 24 ++--
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/target/ppc/cpu-qom.h b/target/ppc/cpu-qom.h
index 36110112506..ff2bafcde6f 100644
--- a/target/ppc/cpu-qom.h
+++ b/target/ppc/cpu-qom.h
@@ -188,8 +188,10 @@ struct PowerPCCPUClass {
 uint32_t flags;
 int bfd_mach;
 uint32_t l1_dcache_size, l1_icache_size;
-bool (*has_work)(CPUState *cpu);
 #ifndef CONFIG_USER_ONLY
+#ifdef CONFIG_TCG
+bool (*has_work)(CPUState *cpu);
+#endif /* CONFIG_TCG */
 unsigned int gdb_num_sprs;
 const char *gdb_spr_xml;
 #endif
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 2f7d262b176..5c134adeea9 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -7583,6 +7583,7 @@ static bool ppc_pvr_match_power7(PowerPCCPUClass *pcc, 
uint32_t pvr)
 return false;
 }
 
+#if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
 static bool cpu_has_work_POWER7(CPUState *cs)
 {
 PowerPCCPU *cpu = POWERPC_CPU(cs);
@@ -7616,6 +7617,7 @@ static bool cpu_has_work_POWER7(CPUState *cs)
 return msr_ee && (cs->interrupt_request & CPU_INTERRUPT_HARD);
 }
 }
+#endif /* CONFIG_TCG && !CONFIG_USER_ONLY */
 
 POWERPC_FAMILY(POWER7)(ObjectClass *oc, void *data)
 {
@@ -7629,7 +7631,6 @@ POWERPC_FAMILY(POWER7)(ObjectClass *oc, void *data)
 pcc->pcr_supported = PCR_COMPAT_2_06 | PCR_COMPAT_2_05;
 pcc->init_proc = init_proc_POWER7;
 pcc->check_pow = check_pow_nocheck;
-pcc->has_work = cpu_has_work_POWER7;
 pcc->insns_flags = PPC_INSNS_BASE | PPC_ISEL | PPC_STRING | PPC_MFTB |
PPC_FLOAT | PPC_FLOAT_FSEL | PPC_FLOAT_FRES |
PPC_FLOAT_FSQRT | PPC_FLOAT_FRSQRTE |
@@ -7672,6 +7673,7 @@ POWERPC_FAMILY(POWER7)(ObjectClass *oc, void *data)
 pcc->lpcr_pm = LPCR_P7_PECE0 | LPCR_P7_PECE1 | LPCR_P7_PECE2;
 pcc->mmu_model = POWERPC_MMU_2_06;
 #if defined(CONFIG_SOFTMMU)
+pcc->has_work = cpu_has_work_POWER7;
 pcc->hash64_opts = _hash64_opts_POWER7;
 pcc->lrg_decr_bits = 32;
 #endif
@@ -7742,6 +7744,7 @@ static bool ppc_pvr_match_power8(PowerPCCPUClass *pcc, 
uint32_t pvr)
 return false;
 }
 
+#if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
 static bool cpu_has_work_POWER8(CPUState *cs)
 {
 PowerPCCPU *cpu = POWERPC_CPU(cs);
@@ -7783,6 +7786,7 @@ static bool cpu_has_work_POWER8(CPUState *cs)
 return msr_ee && (cs->interrupt_request & CPU_INTERRUPT_HARD);
 }
 }
+#endif /* CONFIG_TCG && !CONFIG_USER_ONLY */
 
 POWERPC_FAMILY(POWER8)(ObjectClass *oc, void *data)
 {
@@ -7796,7 +7800,6 @@ POWERPC_FAMILY(POWER8)(ObjectClass *oc, void *data)
 pcc->pcr_supported = PCR_COMPAT_2_07 | PCR_COMPAT_2_06 | PCR_COMPAT_2_05;
 pcc->init_proc = init_proc_POWER8;
 pcc->check_pow = check_pow_nocheck;
-pcc->has_work = cpu_has_work_POWER8;
 pcc->insns_flags = PPC_INSNS_BASE | PPC_ISEL | PPC_STRING | PPC_MFTB |
PPC_FLOAT | PPC_FLOAT_FSEL | PPC_FLOAT_FRES |
PPC_FLOAT_FSQRT | PPC_FLOAT_FRSQRTE |
@@ -7846,6 +7849,7 @@ POWERPC_FAMILY(POWER8)(ObjectClass *oc, void *data)
LPCR_P8_PECE3 | LPCR_P8_PECE4;
 pcc->mmu_model = POWERPC_MMU_2_07;
 #if defined(CONFIG_SOFTMMU)
+pcc->has_work = cpu_has_work_POWER8;
 pcc->hash64_opts = _hash64_opts_POWER7;
 pcc->lrg_decr_bits = 32;
 pcc->n_host_threads = 8;
@@ -7939,6 +7943,7 @@ static bool ppc_pvr_match_power9(PowerPCCPUClass *pcc, 
uint32_t pvr)
 return false;
 }
 
+#if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
 static bool cpu_has_work_POWER9(CPUState *cs)
 {
 PowerPCCPU *cpu = POWERPC_CPU(cs);
@@ -7996,6 +8001,7 @@ static bool cpu_has_work_POWER9(CPUState *cs)
 return msr_ee && (cs->interrupt_request & CPU_INTERRUPT_HARD);
 }
 }
+#endif /* CONFIG_TCG && !CONFIG_USER_ONLY */
 
 POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
 {
@@ -8010,7 +8016,6 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
  PCR_COMPAT_2_05;
 pcc->init_proc = init_proc_POWER9;
 pcc->check_pow = check_pow_nocheck;
-pcc->has_work = cpu_has_work_POWER9;
 pcc->insns_flags = PPC_INSNS_BASE | PPC_ISEL | PPC_STRING | PPC_MFTB |
PPC_FLOAT | PPC_FLOAT_FSEL | PPC_FLOAT_FRES |
PPC_FLOAT_FSQRT | PPC_FLOAT_FRSQRTE |
@@ -8059,6 +8064,7 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
 pcc->lpcr_pm = LPCR_PDEE | LPCR_HDEE | LPCR_EEE | LPCR_DEE | LPCR_OEE;
 pcc->mmu_model = POWERPC_MMU_3_00;
 #if defined(CONFIG_SOFTMMU)
+pcc->has_work = cpu_has_work_POWER9;
 /* segment page size remain the same */
 pcc->hash64_opts = _hash64_opts_POWER7;
 pcc->radix_page_info = _radix_page_info;
@@ -8147,6 +8153,7 @@ static 

[PATCH v4 18/30] target/nios2: Restrict has_work() handler to sysemu

[Philippe Mathieu-Daudé]

Restrict has_work() to sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/nios2/cpu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/nios2/cpu.c b/target/nios2/cpu.c
index 947bb09bc1e..9938d7c2919 100644
--- a/target/nios2/cpu.c
+++ b/target/nios2/cpu.c
@@ -34,10 +34,12 @@ static void nios2_cpu_set_pc(CPUState *cs, vaddr value)
 env->regs[R_PC] = value;
 }
 
+#if !defined(CONFIG_USER_ONLY)
 static bool nios2_cpu_has_work(CPUState *cs)
 {
 return cs->interrupt_request & (CPU_INTERRUPT_HARD | CPU_INTERRUPT_NMI);
 }
+#endif /* !CONFIG_USER_ONLY */
 
 static void nios2_cpu_reset(DeviceState *dev)
 {
@@ -223,6 +225,7 @@ static const struct TCGCPUOps nios2_tcg_ops = {
 .tlb_fill = nios2_cpu_tlb_fill,
 
 #ifndef CONFIG_USER_ONLY
+.has_work = nios2_cpu_has_work,
 .cpu_exec_interrupt = nios2_cpu_exec_interrupt,
 .do_interrupt = nios2_cpu_do_interrupt,
 .do_unaligned_access = nios2_cpu_do_unaligned_access,
@@ -241,7 +244,6 @@ static void nios2_cpu_class_init(ObjectClass *oc, void 
*data)
 device_class_set_parent_reset(dc, nios2_cpu_reset, >parent_reset);
 
 cc->class_by_name = nios2_cpu_class_by_name;
-cc->has_work = nios2_cpu_has_work;
 cc->dump_state = nios2_cpu_dump_state;
 cc->set_pc = nios2_cpu_set_pc;
 cc->disas_set_info = nios2_cpu_disas_set_info;
-- 
2.31.1

[PATCH v4 12/30] target/hexagon: Remove unused has_work() handler

[Philippe Mathieu-Daudé]

has_work() is sysemu specific, and Hexagon target only provides
a linux-user implementation. Remove the unused hexagon_cpu_has_work().

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/hexagon/cpu.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/target/hexagon/cpu.c b/target/hexagon/cpu.c
index 3338365c16e..aa01974807c 100644
--- a/target/hexagon/cpu.c
+++ b/target/hexagon/cpu.c
@@ -189,11 +189,6 @@ static void hexagon_cpu_synchronize_from_tb(CPUState *cs,
 env->gpr[HEX_REG_PC] = tb->pc;
 }
 
-static bool hexagon_cpu_has_work(CPUState *cs)
-{
-return true;
-}
-
 void restore_state_to_opc(CPUHexagonState *env, TranslationBlock *tb,
   target_ulong *data)
 {
@@ -287,7 +282,6 @@ static void hexagon_cpu_class_init(ObjectClass *c, void 
*data)
 device_class_set_parent_reset(dc, hexagon_cpu_reset, >parent_reset);
 
 cc->class_by_name = hexagon_cpu_class_by_name;
-cc->has_work = hexagon_cpu_has_work;
 cc->dump_state = hexagon_dump_state;
 cc->set_pc = hexagon_cpu_set_pc;
 cc->gdb_read_register = hexagon_gdb_read_register;
-- 
2.31.1

[PATCH v4 22/30] target/riscv: Restrict has_work() handler to sysemu and TCG

[Philippe Mathieu-Daudé]

Restrict has_work() to TCG sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/riscv/cpu.c | 8 +++-
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 13575c14085..abb555a8bdb 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -335,9 +335,9 @@ static void riscv_cpu_synchronize_from_tb(CPUState *cs,
 env->pc = tb->pc;
 }
 
+#if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
 static bool riscv_cpu_has_work(CPUState *cs)
 {
-#ifndef CONFIG_USER_ONLY
 RISCVCPU *cpu = RISCV_CPU(cs);
 CPURISCVState *env = >env;
 /*
@@ -345,10 +345,8 @@ static bool riscv_cpu_has_work(CPUState *cs)
  * mode and delegation registers, but respect individual enables
  */
 return (env->mip & env->mie) != 0;
-#else
-return true;
-#endif
 }
+#endif /* CONFIG_TCG && !CONFIG_USER_ONLY */
 
 void restore_state_to_opc(CPURISCVState *env, TranslationBlock *tb,
   target_ulong *data)
@@ -647,6 +645,7 @@ static const struct TCGCPUOps riscv_tcg_ops = {
 .tlb_fill = riscv_cpu_tlb_fill,
 
 #ifndef CONFIG_USER_ONLY
+.has_work = riscv_cpu_has_work,
 .cpu_exec_interrupt = riscv_cpu_exec_interrupt,
 .do_interrupt = riscv_cpu_do_interrupt,
 .do_transaction_failed = riscv_cpu_do_transaction_failed,
@@ -666,7 +665,6 @@ static void riscv_cpu_class_init(ObjectClass *c, void *data)
 device_class_set_parent_reset(dc, riscv_cpu_reset, >parent_reset);
 
 cc->class_by_name = riscv_cpu_class_by_name;
-cc->has_work = riscv_cpu_has_work;
 cc->dump_state = riscv_cpu_dump_state;
 cc->set_pc = riscv_cpu_set_pc;
 cc->gdb_read_register = riscv_cpu_gdb_read_register;
-- 
2.31.1

[PATCH v4 15/30] target/m68k: Restrict has_work() handler to sysemu

[Philippe Mathieu-Daudé]

Restrict has_work() to sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/m68k/cpu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index 66d22d11895..ad5d26b5c9e 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -31,10 +31,12 @@ static void m68k_cpu_set_pc(CPUState *cs, vaddr value)
 cpu->env.pc = value;
 }
 
+#if !defined(CONFIG_USER_ONLY)
 static bool m68k_cpu_has_work(CPUState *cs)
 {
 return cs->interrupt_request & CPU_INTERRUPT_HARD;
 }
+#endif /* !CONFIG_USER_ONLY */
 
 static void m68k_set_feature(CPUM68KState *env, int feature)
 {
@@ -518,6 +520,7 @@ static const struct TCGCPUOps m68k_tcg_ops = {
 .tlb_fill = m68k_cpu_tlb_fill,
 
 #ifndef CONFIG_USER_ONLY
+.has_work = m68k_cpu_has_work,
 .cpu_exec_interrupt = m68k_cpu_exec_interrupt,
 .do_interrupt = m68k_cpu_do_interrupt,
 .do_transaction_failed = m68k_cpu_transaction_failed,
@@ -535,7 +538,6 @@ static void m68k_cpu_class_init(ObjectClass *c, void *data)
 device_class_set_parent_reset(dc, m68k_cpu_reset, >parent_reset);
 
 cc->class_by_name = m68k_cpu_class_by_name;
-cc->has_work = m68k_cpu_has_work;
 cc->dump_state = m68k_cpu_dump_state;
 cc->set_pc = m68k_cpu_set_pc;
 cc->gdb_read_register = m68k_cpu_gdb_read_register;
-- 
2.31.1

[PATCH v4 09/30] target/arm: Restrict has_work() handler to sysemu and TCG

[Philippe Mathieu-Daudé]

Restrict has_work() to TCG sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/cpu.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index ba0741b20e4..e11aa625a5f 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -73,8 +73,8 @@ void arm_cpu_synchronize_from_tb(CPUState *cs,
 env->regs[15] = tb->pc;
 }
 }
-#endif /* CONFIG_TCG */
 
+#ifndef CONFIG_USER_ONLY
 static bool arm_cpu_has_work(CPUState *cs)
 {
 ARMCPU *cpu = ARM_CPU(cs);
@@ -85,6 +85,9 @@ static bool arm_cpu_has_work(CPUState *cs)
  | CPU_INTERRUPT_VFIQ | CPU_INTERRUPT_VIRQ
  | CPU_INTERRUPT_EXITTB);
 }
+#endif /* !CONFIG_USER_ONLY */
+
+#endif /* CONFIG_TCG */
 
 void arm_register_pre_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
  void *opaque)
@@ -2017,6 +2020,7 @@ static const struct TCGCPUOps arm_tcg_ops = {
 .debug_excp_handler = arm_debug_excp_handler,
 
 #if !defined(CONFIG_USER_ONLY)
+.has_work = arm_cpu_has_work,
 .cpu_exec_interrupt = arm_cpu_exec_interrupt,
 .do_interrupt = arm_cpu_do_interrupt,
 .do_transaction_failed = arm_cpu_do_transaction_failed,
@@ -2041,7 +2045,6 @@ static void arm_cpu_class_init(ObjectClass *oc, void 
*data)
 device_class_set_parent_reset(dc, arm_cpu_reset, >parent_reset);
 
 cc->class_by_name = arm_cpu_class_by_name;
-cc->has_work = arm_cpu_has_work;
 cc->dump_state = arm_cpu_dump_state;
 cc->set_pc = arm_cpu_set_pc;
 cc->gdb_read_register = arm_cpu_gdb_read_register;
-- 
2.31.1

[PATCH v4 19/30] target/openrisc: Restrict has_work() handler to sysemu

[Philippe Mathieu-Daudé]

Restrict has_work() to sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/openrisc/cpu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/openrisc/cpu.c b/target/openrisc/cpu.c
index 27cb04152f9..3c368a1bde7 100644
--- a/target/openrisc/cpu.c
+++ b/target/openrisc/cpu.c
@@ -30,11 +30,13 @@ static void openrisc_cpu_set_pc(CPUState *cs, vaddr value)
 cpu->env.dflag = 0;
 }
 
+#if !defined(CONFIG_USER_ONLY)
 static bool openrisc_cpu_has_work(CPUState *cs)
 {
 return cs->interrupt_request & (CPU_INTERRUPT_HARD |
 CPU_INTERRUPT_TIMER);
 }
+#endif /* !CONFIG_USER_ONLY */
 
 static void openrisc_disas_set_info(CPUState *cpu, disassemble_info *info)
 {
@@ -189,6 +191,7 @@ static const struct TCGCPUOps openrisc_tcg_ops = {
 .tlb_fill = openrisc_cpu_tlb_fill,
 
 #ifndef CONFIG_USER_ONLY
+.has_work = openrisc_cpu_has_work,
 .cpu_exec_interrupt = openrisc_cpu_exec_interrupt,
 .do_interrupt = openrisc_cpu_do_interrupt,
 #endif /* !CONFIG_USER_ONLY */
@@ -205,7 +208,6 @@ static void openrisc_cpu_class_init(ObjectClass *oc, void 
*data)
 device_class_set_parent_reset(dc, openrisc_cpu_reset, >parent_reset);
 
 cc->class_by_name = openrisc_cpu_class_by_name;
-cc->has_work = openrisc_cpu_has_work;
 cc->dump_state = openrisc_cpu_dump_state;
 cc->set_pc = openrisc_cpu_set_pc;
 cc->gdb_read_register = openrisc_cpu_gdb_read_register;
-- 
2.31.1

[PATCH v4 14/30] target/i386: Restrict has_work() handler to sysemu and TCG

[Philippe Mathieu-Daudé]

Restrict has_work() to TCG sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/i386/cpu.c | 6 --
 target/i386/tcg/tcg-cpu.c | 8 +++-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 04f59043804..b7417d29f44 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6548,11 +6548,6 @@ int x86_cpu_pending_interrupt(CPUState *cs, int 
interrupt_request)
 return 0;
 }
 
-static bool x86_cpu_has_work(CPUState *cs)
-{
-return x86_cpu_pending_interrupt(cs, cs->interrupt_request) != 0;
-}
-
 static void x86_disas_set_info(CPUState *cs, disassemble_info *info)
 {
 X86CPU *cpu = X86_CPU(cs);
@@ -6757,7 +6752,6 @@ static void x86_cpu_common_class_init(ObjectClass *oc, 
void *data)
 
 cc->class_by_name = x86_cpu_class_by_name;
 cc->parse_features = x86_cpu_parse_featurestr;
-cc->has_work = x86_cpu_has_work;
 cc->dump_state = x86_cpu_dump_state;
 cc->set_pc = x86_cpu_set_pc;
 cc->gdb_read_register = x86_cpu_gdb_read_register;
diff --git a/target/i386/tcg/tcg-cpu.c b/target/i386/tcg/tcg-cpu.c
index 3ecfae34cb5..aef050d0898 100644
--- a/target/i386/tcg/tcg-cpu.c
+++ b/target/i386/tcg/tcg-cpu.c
@@ -55,6 +55,11 @@ static void x86_cpu_synchronize_from_tb(CPUState *cs,
 }
 
 #ifndef CONFIG_USER_ONLY
+static bool x86_cpu_has_work(CPUState *cs)
+{
+return x86_cpu_pending_interrupt(cs, cs->interrupt_request) != 0;
+}
+
 static bool x86_debug_check_breakpoint(CPUState *cs)
 {
 X86CPU *cpu = X86_CPU(cs);
@@ -63,7 +68,7 @@ static bool x86_debug_check_breakpoint(CPUState *cs)
 /* RF disables all architectural breakpoints. */
 return !(env->eflags & RF_MASK);
 }
-#endif
+#endif /* CONFIG_USER_ONLY */
 
 #include "hw/core/tcg-cpu-ops.h"
 
@@ -76,6 +81,7 @@ static const struct TCGCPUOps x86_tcg_ops = {
 #ifdef CONFIG_USER_ONLY
 .fake_user_interrupt = x86_cpu_do_interrupt,
 #else
+.has_work = x86_cpu_has_work,
 .do_interrupt = x86_cpu_do_interrupt,
 .cpu_exec_interrupt = x86_cpu_exec_interrupt,
 .debug_excp_handler = breakpoint_handler,
-- 
2.31.1

[PATCH v4 24/30] target/s390x: Restrict has_work() handler to sysemu and TCG

[Philippe Mathieu-Daudé]

Restrict has_work() to TCG sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/s390x/cpu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index 7b7b05f1d3a..df8ade9021d 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -88,6 +88,7 @@ static void s390_cpu_set_pc(CPUState *cs, vaddr value)
 cpu->env.psw.addr = value;
 }
 
+#if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
 static bool s390_cpu_has_work(CPUState *cs)
 {
 S390CPU *cpu = S390_CPU(cs);
@@ -104,6 +105,7 @@ static bool s390_cpu_has_work(CPUState *cs)
 
 return s390_cpu_has_int(cpu);
 }
+#endif /* CONFIG_TCG && !CONFIG_USER_ONLY */
 
 /* S390CPUClass::reset() */
 static void s390_cpu_reset(CPUState *s, cpu_reset_type type)
@@ -269,6 +271,7 @@ static const struct TCGCPUOps s390_tcg_ops = {
 .tlb_fill = s390_cpu_tlb_fill,
 
 #if !defined(CONFIG_USER_ONLY)
+.has_work = s390_cpu_has_work,
 .cpu_exec_interrupt = s390_cpu_exec_interrupt,
 .do_interrupt = s390_cpu_do_interrupt,
 .debug_excp_handler = s390x_cpu_debug_excp_handler,
@@ -292,7 +295,6 @@ static void s390_cpu_class_init(ObjectClass *oc, void *data)
 
 scc->reset = s390_cpu_reset;
 cc->class_by_name = s390_cpu_class_by_name,
-cc->has_work = s390_cpu_has_work;
 cc->dump_state = s390_cpu_dump_state;
 cc->set_pc = s390_cpu_set_pc;
 cc->gdb_read_register = s390_cpu_gdb_read_register;
-- 
2.31.1

[PATCH v4 08/30] target/alpha: Restrict has_work() handler to sysemu

[Philippe Mathieu-Daudé]

Restrict has_work() to sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/alpha/cpu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/alpha/cpu.c b/target/alpha/cpu.c
index 93e16a2ffb4..1ca601cac5b 100644
--- a/target/alpha/cpu.c
+++ b/target/alpha/cpu.c
@@ -33,6 +33,7 @@ static void alpha_cpu_set_pc(CPUState *cs, vaddr value)
 cpu->env.pc = value;
 }
 
+#if !defined(CONFIG_USER_ONLY)
 static bool alpha_cpu_has_work(CPUState *cs)
 {
 /* Here we are checking to see if the CPU should wake up from HALT.
@@ -47,6 +48,7 @@ static bool alpha_cpu_has_work(CPUState *cs)
 | CPU_INTERRUPT_SMP
 | CPU_INTERRUPT_MCHK);
 }
+#endif /* !CONFIG_USER_ONLY */
 
 static void alpha_cpu_disas_set_info(CPUState *cpu, disassemble_info *info)
 {
@@ -221,6 +223,7 @@ static const struct TCGCPUOps alpha_tcg_ops = {
 .tlb_fill = alpha_cpu_tlb_fill,
 
 #ifndef CONFIG_USER_ONLY
+.has_work = alpha_cpu_has_work,
 .cpu_exec_interrupt = alpha_cpu_exec_interrupt,
 .do_interrupt = alpha_cpu_do_interrupt,
 .do_transaction_failed = alpha_cpu_do_transaction_failed,
@@ -238,7 +241,6 @@ static void alpha_cpu_class_init(ObjectClass *oc, void 
*data)
 >parent_realize);
 
 cc->class_by_name = alpha_cpu_class_by_name;
-cc->has_work = alpha_cpu_has_work;
 cc->dump_state = alpha_cpu_dump_state;
 cc->set_pc = alpha_cpu_set_pc;
 cc->gdb_read_register = alpha_cpu_gdb_read_register;
-- 
2.31.1

[PATCH v4 10/30] target/avr: Restrict has_work() handler to sysemu

[Philippe Mathieu-Daudé]

Restrict has_work() to sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/avr/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/avr/cpu.c b/target/avr/cpu.c
index 5d70e34dd54..6d51f91ca2c 100644
--- a/target/avr/cpu.c
+++ b/target/avr/cpu.c
@@ -195,6 +195,7 @@ static const struct SysemuCPUOps avr_sysemu_ops = {
 static const struct TCGCPUOps avr_tcg_ops = {
 .initialize = avr_cpu_tcg_init,
 .synchronize_from_tb = avr_cpu_synchronize_from_tb,
+.has_work = avr_cpu_has_work,
 .cpu_exec_interrupt = avr_cpu_exec_interrupt,
 .tlb_fill = avr_cpu_tlb_fill,
 .do_interrupt = avr_cpu_do_interrupt,
@@ -211,7 +212,6 @@ static void avr_cpu_class_init(ObjectClass *oc, void *data)
 
 cc->class_by_name = avr_cpu_class_by_name;
 
-cc->has_work = avr_cpu_has_work;
 cc->dump_state = avr_cpu_dump_state;
 cc->set_pc = avr_cpu_set_pc;
 cc->memory_rw_debug = avr_cpu_memory_rw_debug;
-- 
2.31.1

[PATCH v4 13/30] target/hppa: Restrict has_work() handler to sysemu

[Philippe Mathieu-Daudé]

Restrict has_work() to sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/hppa/cpu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/hppa/cpu.c b/target/hppa/cpu.c
index e8edd189bfc..be940ae2246 100644
--- a/target/hppa/cpu.c
+++ b/target/hppa/cpu.c
@@ -60,10 +60,12 @@ static void hppa_cpu_synchronize_from_tb(CPUState *cs,
 cpu->env.psw_n = (tb->flags & PSW_N) != 0;
 }
 
+#if !defined(CONFIG_USER_ONLY)
 static bool hppa_cpu_has_work(CPUState *cs)
 {
 return cs->interrupt_request & CPU_INTERRUPT_HARD;
 }
+#endif /* !CONFIG_USER_ONLY */
 
 static void hppa_cpu_disas_set_info(CPUState *cs, disassemble_info *info)
 {
@@ -147,6 +149,7 @@ static const struct TCGCPUOps hppa_tcg_ops = {
 .tlb_fill = hppa_cpu_tlb_fill,
 
 #ifndef CONFIG_USER_ONLY
+.has_work = hppa_cpu_has_work,
 .cpu_exec_interrupt = hppa_cpu_exec_interrupt,
 .do_interrupt = hppa_cpu_do_interrupt,
 .do_unaligned_access = hppa_cpu_do_unaligned_access,
@@ -163,7 +166,6 @@ static void hppa_cpu_class_init(ObjectClass *oc, void *data)
 >parent_realize);
 
 cc->class_by_name = hppa_cpu_class_by_name;
-cc->has_work = hppa_cpu_has_work;
 cc->dump_state = hppa_cpu_dump_state;
 cc->set_pc = hppa_cpu_set_pc;
 cc->gdb_read_register = hppa_cpu_gdb_read_register;
-- 
2.31.1

[PATCH v4 17/30] target/mips: Restrict has_work() handler to sysemu and TCG

[Philippe Mathieu-Daudé]

Restrict has_work() to TCG sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/mips/cpu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/mips/cpu.c b/target/mips/cpu.c
index 00e0c55d0e4..3639c03f8ea 100644
--- a/target/mips/cpu.c
+++ b/target/mips/cpu.c
@@ -128,6 +128,7 @@ static void mips_cpu_set_pc(CPUState *cs, vaddr value)
 mips_env_set_pc(>env, value);
 }
 
+#if defined(CONFIG_TCG) && !defined(CONFIG_USER_ONLY)
 static bool mips_cpu_has_work(CPUState *cs)
 {
 MIPSCPU *cpu = MIPS_CPU(cs);
@@ -172,6 +173,7 @@ static bool mips_cpu_has_work(CPUState *cs)
 }
 return has_work;
 }
+#endif /* CONFIG_TCG && !CONFIG_USER_ONLY */
 
 #include "cpu-defs.c.inc"
 
@@ -542,6 +544,7 @@ static const struct TCGCPUOps mips_tcg_ops = {
 .tlb_fill = mips_cpu_tlb_fill,
 
 #if !defined(CONFIG_USER_ONLY)
+.has_work = mips_cpu_has_work,
 .cpu_exec_interrupt = mips_cpu_exec_interrupt,
 .do_interrupt = mips_cpu_do_interrupt,
 .do_transaction_failed = mips_cpu_do_transaction_failed,
@@ -563,7 +566,6 @@ static void mips_cpu_class_init(ObjectClass *c, void *data)
 device_class_set_props(dc, mips_cpu_properties);
 
 cc->class_by_name = mips_cpu_class_by_name;
-cc->has_work = mips_cpu_has_work;
 cc->dump_state = mips_cpu_dump_state;
 cc->set_pc = mips_cpu_set_pc;
 cc->gdb_read_register = mips_cpu_gdb_read_register;
-- 
2.31.1

[PATCH v4 05/30] accel/kvm: Implement AccelOpsClass::has_work()

[Philippe Mathieu-Daudé]

Implement KVM has_work() handler in AccelOpsClass and
remove it from cpu_thread_is_idle() since cpu_has_work()
is already called.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 accel/kvm/kvm-accel-ops.c | 6 ++
 softmmu/cpus.c| 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/accel/kvm/kvm-accel-ops.c b/accel/kvm/kvm-accel-ops.c
index 7516c67a3f5..6f4d5df3a0d 100644
--- a/accel/kvm/kvm-accel-ops.c
+++ b/accel/kvm/kvm-accel-ops.c
@@ -74,6 +74,11 @@ static void kvm_start_vcpu_thread(CPUState *cpu)
cpu, QEMU_THREAD_JOINABLE);
 }
 
+static bool kvm_cpu_has_work(CPUState *cpu)
+{
+return kvm_halt_in_kernel();
+}
+
 static void kvm_accel_ops_class_init(ObjectClass *oc, void *data)
 {
 AccelOpsClass *ops = ACCEL_OPS_CLASS(oc);
@@ -83,6 +88,7 @@ static void kvm_accel_ops_class_init(ObjectClass *oc, void 
*data)
 ops->synchronize_post_init = kvm_cpu_synchronize_post_init;
 ops->synchronize_state = kvm_cpu_synchronize_state;
 ops->synchronize_pre_loadvm = kvm_cpu_synchronize_pre_loadvm;
+ops->has_work = kvm_cpu_has_work;
 }
 
 static const TypeInfo kvm_accel_ops_type = {
diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index 2a61dfd6287..3db7bd4eb4d 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -90,7 +90,7 @@ bool cpu_thread_is_idle(CPUState *cpu)
 return true;
 }
 if (!cpu->halted || cpu_has_work(cpu) ||
-kvm_halt_in_kernel() || whpx_apic_in_platform()) {
+whpx_apic_in_platform()) {
 return false;
 }
 return true;
-- 
2.31.1

[PATCH v4 06/30] accel/whpx: Implement AccelOpsClass::has_work()

[Philippe Mathieu-Daudé]

Implement WHPX has_work() handler in AccelOpsClass and
remove it from cpu_thread_is_idle() since cpu_has_work()
is already called.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 softmmu/cpus.c| 4 +---
 target/i386/whpx/whpx-accel-ops.c | 6 ++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index 3db7bd4eb4d..6bce52ce561 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -41,7 +41,6 @@
 #include "sysemu/replay.h"
 #include "sysemu/runstate.h"
 #include "sysemu/cpu-timers.h"
-#include "sysemu/whpx.h"
 #include "hw/boards.h"
 #include "hw/hw.h"
 #include "trace.h"
@@ -89,8 +88,7 @@ bool cpu_thread_is_idle(CPUState *cpu)
 if (cpu_is_stopped(cpu)) {
 return true;
 }
-if (!cpu->halted || cpu_has_work(cpu) ||
-whpx_apic_in_platform()) {
+if (!cpu->halted || cpu_has_work(cpu)) {
 return false;
 }
 return true;
diff --git a/target/i386/whpx/whpx-accel-ops.c 
b/target/i386/whpx/whpx-accel-ops.c
index 6bc47c53098..1f9c6d52c27 100644
--- a/target/i386/whpx/whpx-accel-ops.c
+++ b/target/i386/whpx/whpx-accel-ops.c
@@ -83,6 +83,11 @@ static void whpx_kick_vcpu_thread(CPUState *cpu)
 }
 }
 
+static bool whpx_cpu_has_work(CPUState *cpu)
+{
+return whpx_apic_in_platform();
+}
+
 static void whpx_accel_ops_class_init(ObjectClass *oc, void *data)
 {
 AccelOpsClass *ops = ACCEL_OPS_CLASS(oc);
@@ -94,6 +99,7 @@ static void whpx_accel_ops_class_init(ObjectClass *oc, void 
*data)
 ops->synchronize_post_init = whpx_cpu_synchronize_post_init;
 ops->synchronize_state = whpx_cpu_synchronize_state;
 ops->synchronize_pre_loadvm = whpx_cpu_synchronize_pre_loadvm;
+ops->has_work = whpx_cpu_has_work;
 }
 
 static const TypeInfo whpx_accel_ops_type = {
-- 
2.31.1

[PATCH v4 16/30] target/microblaze: Restrict has_work() handler to sysemu

[Philippe Mathieu-Daudé]

Restrict has_work() to sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/microblaze/cpu.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/microblaze/cpu.c b/target/microblaze/cpu.c
index 15db277925f..36e6e540483 100644
--- a/target/microblaze/cpu.c
+++ b/target/microblaze/cpu.c
@@ -92,12 +92,13 @@ static void mb_cpu_synchronize_from_tb(CPUState *cs,
 cpu->env.iflags = tb->flags & IFLAGS_TB_MASK;
 }
 
+#ifndef CONFIG_USER_ONLY
+
 static bool mb_cpu_has_work(CPUState *cs)
 {
 return cs->interrupt_request & (CPU_INTERRUPT_HARD | CPU_INTERRUPT_NMI);
 }
 
-#ifndef CONFIG_USER_ONLY
 static void mb_cpu_ns_axi_dp(void *opaque, int irq, int level)
 {
 MicroBlazeCPU *cpu = opaque;
@@ -142,7 +143,7 @@ static void microblaze_cpu_set_irq(void *opaque, int irq, 
int level)
 cpu_reset_interrupt(cs, type);
 }
 }
-#endif
+#endif /* !CONFIG_USER_ONLY */
 
 static void mb_cpu_reset(DeviceState *dev)
 {
@@ -368,6 +369,7 @@ static const struct TCGCPUOps mb_tcg_ops = {
 .tlb_fill = mb_cpu_tlb_fill,
 
 #ifndef CONFIG_USER_ONLY
+.has_work = mb_cpu_has_work,
 .cpu_exec_interrupt = mb_cpu_exec_interrupt,
 .do_interrupt = mb_cpu_do_interrupt,
 .do_transaction_failed = mb_cpu_transaction_failed,
@@ -386,8 +388,6 @@ static void mb_cpu_class_init(ObjectClass *oc, void *data)
 device_class_set_parent_reset(dc, mb_cpu_reset, >parent_reset);
 
 cc->class_by_name = mb_cpu_class_by_name;
-cc->has_work = mb_cpu_has_work;
-
 cc->dump_state = mb_cpu_dump_state;
 cc->set_pc = mb_cpu_set_pc;
 cc->gdb_read_register = mb_cpu_gdb_read_register;
-- 
2.31.1

[PATCH v4 07/30] accel/tcg: Implement AccelOpsClass::has_work() as stub

[Philippe Mathieu-Daudé]

Add TCG target-specific has_work() handler in TCGCPUOps,
and add tcg_cpu_has_work() as AccelOpsClass has_work()
implementation.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/core/tcg-cpu-ops.h |  4 
 accel/tcg/tcg-accel-ops.c | 12 
 2 files changed, 16 insertions(+)

diff --git a/include/hw/core/tcg-cpu-ops.h b/include/hw/core/tcg-cpu-ops.h
index 55123cb4d22..4a4c4053e3b 100644
--- a/include/hw/core/tcg-cpu-ops.h
+++ b/include/hw/core/tcg-cpu-ops.h
@@ -66,6 +66,10 @@ struct TCGCPUOps {
 void (*do_interrupt)(CPUState *cpu);
 #endif /* !CONFIG_USER_ONLY || !TARGET_I386 */
 #ifdef CONFIG_SOFTMMU
+/**
+ * @has_work: Callback for checking if there is work to do.
+ */
+bool (*has_work)(CPUState *cpu);
 /** @cpu_exec_interrupt: Callback for processing interrupts in cpu_exec */
 bool (*cpu_exec_interrupt)(CPUState *cpu, int interrupt_request);
 /**
diff --git a/accel/tcg/tcg-accel-ops.c b/accel/tcg/tcg-accel-ops.c
index 1a8e8390bd6..ed4ebe735fe 100644
--- a/accel/tcg/tcg-accel-ops.c
+++ b/accel/tcg/tcg-accel-ops.c
@@ -32,6 +32,7 @@
 #include "qemu/main-loop.h"
 #include "qemu/guest-random.h"
 #include "exec/exec-all.h"
+#include "hw/core/tcg-cpu-ops.h"
 
 #include "tcg-accel-ops.h"
 #include "tcg-accel-ops-mttcg.h"
@@ -73,6 +74,16 @@ int tcg_cpus_exec(CPUState *cpu)
 return ret;
 }
 
+static bool tcg_cpu_has_work(CPUState *cpu)
+{
+CPUClass *cc = CPU_GET_CLASS(cpu);
+
+if (!cc->tcg_ops->has_work) {
+return false;
+}
+return cc->tcg_ops->has_work(cpu);
+}
+
 /* mask must never be zero, except for A20 change call */
 void tcg_handle_interrupt(CPUState *cpu, int mask)
 {
@@ -108,6 +119,7 @@ static void tcg_accel_ops_init(AccelOpsClass *ops)
 ops->kick_vcpu_thread = rr_kick_vcpu_thread;
 ops->handle_interrupt = tcg_handle_interrupt;
 }
+ops->has_work = tcg_cpu_has_work;
 }
 
 static void tcg_accel_ops_class_init(ObjectClass *oc, void *data)
-- 
2.31.1

[PATCH v4 03/30] hw/core: Un-inline cpu_has_work()

[Philippe Mathieu-Daudé]

We want to make cpu_has_work() per-accelerator. Only declare its
prototype and move its definition to softmmu/cpus.c.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/core/cpu.h | 8 +---
 softmmu/cpus.c| 8 
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 2bd563e221f..e2dd171a13f 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -546,13 +546,7 @@ void cpu_dump_state(CPUState *cpu, FILE *f, int flags);
  *
  * Returns: %true if the CPU has work, %false otherwise.
  */
-static inline bool cpu_has_work(CPUState *cpu)
-{
-CPUClass *cc = CPU_GET_CLASS(cpu);
-
-g_assert(cc->has_work);
-return cc->has_work(cpu);
-}
+bool cpu_has_work(CPUState *cpu);
 
 /**
  * cpu_get_phys_page_attrs_debug:
diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index 071085f840b..7e2cb2c571b 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -251,6 +251,14 @@ void cpu_interrupt(CPUState *cpu, int mask)
 }
 }
 
+bool cpu_has_work(CPUState *cpu)
+{
+CPUClass *cc = CPU_GET_CLASS(cpu);
+
+g_assert(cc->has_work);
+return cc->has_work(cpu);
+}
+
 static int do_vm_stop(RunState state, bool send_stop)
 {
 int ret = 0;
-- 
2.31.1

[PATCH v4 01/30] accel/tcg: Restrict cpu_handle_halt() to sysemu

[Philippe Mathieu-Daudé]

Commit 372579427a5 ("tcg: enable thread-per-vCPU") added the following
comment describing EXCP_HALTED in qemu_tcg_cpu_thread_fn():

case EXCP_HALTED:
 /* during start-up the vCPU is reset and the thread is
  * kicked several times. If we don't ensure we go back
  * to sleep in the halted state we won't cleanly
  * start-up when the vCPU is enabled.
  *
  * cpu->halted should ensure we sleep in wait_io_event
  */
 g_assert(cpu->halted);
 break;

qemu_wait_io_event() is sysemu-specific, so we can restrict the
cpu_handle_halt() call in cpu_exec() to system emulation.

Signed-off-by: Philippe Mathieu-Daudé 
---
v4: Reduce ifdef'ry to cpu_handle_halt (rth)
---
 accel/tcg/cpu-exec.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 75dbc1e4e33..5fd1ed34222 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -588,8 +588,9 @@ static inline void tb_add_jump(TranslationBlock *tb, int n,
 
 static inline bool cpu_handle_halt(CPUState *cpu)
 {
+#ifndef CONFIG_USER_ONLY
 if (cpu->halted) {
-#if defined(TARGET_I386) && !defined(CONFIG_USER_ONLY)
+#if defined(TARGET_I386)
 if (cpu->interrupt_request & CPU_INTERRUPT_POLL) {
 X86CPU *x86_cpu = X86_CPU(cpu);
 qemu_mutex_lock_iothread();
@@ -597,13 +598,14 @@ static inline bool cpu_handle_halt(CPUState *cpu)
 cpu_reset_interrupt(cpu, CPU_INTERRUPT_POLL);
 qemu_mutex_unlock_iothread();
 }
-#endif
+#endif /* TARGET_I386 */
 if (!cpu_has_work(cpu)) {
 return true;
 }
 
 cpu->halted = 0;
 }
+#endif /* !CONFIG_USER_ONLY */
 
 return false;
 }
-- 
2.31.1

[PATCH v4 11/30] target/cris: Restrict has_work() handler to sysemu

[Philippe Mathieu-Daudé]

Restrict has_work() to sysemu.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/cris/cpu.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target/cris/cpu.c b/target/cris/cpu.c
index c2e7483f5bd..b9f30ba58fa 100644
--- a/target/cris/cpu.c
+++ b/target/cris/cpu.c
@@ -35,10 +35,12 @@ static void cris_cpu_set_pc(CPUState *cs, vaddr value)
 cpu->env.pc = value;
 }
 
+#if !defined(CONFIG_USER_ONLY)
 static bool cris_cpu_has_work(CPUState *cs)
 {
 return cs->interrupt_request & (CPU_INTERRUPT_HARD | CPU_INTERRUPT_NMI);
 }
+#endif /* !CONFIG_USER_ONLY */
 
 static void cris_cpu_reset(DeviceState *dev)
 {
@@ -208,6 +210,7 @@ static const struct TCGCPUOps crisv10_tcg_ops = {
 .tlb_fill = cris_cpu_tlb_fill,
 
 #ifndef CONFIG_USER_ONLY
+.has_work = cris_cpu_has_work,
 .cpu_exec_interrupt = cris_cpu_exec_interrupt,
 .do_interrupt = crisv10_cpu_do_interrupt,
 #endif /* !CONFIG_USER_ONLY */
@@ -294,7 +297,6 @@ static void cris_cpu_class_init(ObjectClass *oc, void *data)
 device_class_set_parent_reset(dc, cris_cpu_reset, >parent_reset);
 
 cc->class_by_name = cris_cpu_class_by_name;
-cc->has_work = cris_cpu_has_work;
 cc->dump_state = cris_cpu_dump_state;
 cc->set_pc = cris_cpu_set_pc;
 cc->gdb_read_register = cris_cpu_gdb_read_register;
-- 
2.31.1

[PATCH v4 04/30] sysemu: Introduce AccelOpsClass::has_work()

[Philippe Mathieu-Daudé]

Introduce an accelerator-specific has_work() handler.
Eventually call it from cpu_has_work().

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/sysemu/accel-ops.h | 5 +
 softmmu/cpus.c | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/include/sysemu/accel-ops.h b/include/sysemu/accel-ops.h
index 032f6979d76..de83f095f20 100644
--- a/include/sysemu/accel-ops.h
+++ b/include/sysemu/accel-ops.h
@@ -31,6 +31,11 @@ struct AccelOpsClass {
 void (*create_vcpu_thread)(CPUState *cpu); /* MANDATORY NON-NULL */
 void (*kick_vcpu_thread)(CPUState *cpu);
 
+/**
+ * @has_work: Callback for checking if there is work to do.
+ */
+bool (*has_work)(CPUState *cpu);
+
 void (*synchronize_post_reset)(CPUState *cpu);
 void (*synchronize_post_init)(CPUState *cpu);
 void (*synchronize_state)(CPUState *cpu);
diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index 7e2cb2c571b..2a61dfd6287 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -255,6 +255,9 @@ bool cpu_has_work(CPUState *cpu)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
 
+if (cpus_accel->has_work) {
+return cpus_accel->has_work(cpu);
+}
 g_assert(cc->has_work);
 return cc->has_work(cpu);
 }
-- 
2.31.1

[PATCH v4 02/30] hw/core: Restrict cpu_has_work() to sysemu

[Philippe Mathieu-Daudé]

cpu_has_work() is only called from system emulation code.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/core/cpu.h | 32 
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index bc864564cee..2bd563e221f 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -538,6 +538,22 @@ enum CPUDumpFlags {
 void cpu_dump_state(CPUState *cpu, FILE *f, int flags);
 
 #ifndef CONFIG_USER_ONLY
+/**
+ * cpu_has_work:
+ * @cpu: The vCPU to check.
+ *
+ * Checks whether the CPU has work to do.
+ *
+ * Returns: %true if the CPU has work, %false otherwise.
+ */
+static inline bool cpu_has_work(CPUState *cpu)
+{
+CPUClass *cc = CPU_GET_CLASS(cpu);
+
+g_assert(cc->has_work);
+return cc->has_work(cpu);
+}
+
 /**
  * cpu_get_phys_page_attrs_debug:
  * @cpu: The CPU to obtain the physical page address for.
@@ -636,22 +652,6 @@ CPUState *cpu_create(const char *typename);
  */
 const char *parse_cpu_option(const char *cpu_option);
 
-/**
- * cpu_has_work:
- * @cpu: The vCPU to check.
- *
- * Checks whether the CPU has work to do.
- *
- * Returns: %true if the CPU has work, %false otherwise.
- */
-static inline bool cpu_has_work(CPUState *cpu)
-{
-CPUClass *cc = CPU_GET_CLASS(cpu);
-
-g_assert(cc->has_work);
-return cc->has_work(cpu);
-}
-
 /**
  * qemu_cpu_is_self:
  * @cpu: The vCPU to check against.
-- 
2.31.1

[PATCH v4 00/30] accel: Move has_work() from SysemuCPUOps to AccelOpsClass

[Philippe Mathieu-Daudé]

Missing review:
- 0001-accel-tcg-Restrict-cpu_handle_halt-to-sysemu.patch
- 0020-target-ppc-Introduce-PowerPCCPUClass-has_work.patch
- 0021-target-ppc-Restrict-has_work-handlers-to-sysemu-and-.patch
- 0026-target-sparc-Remove-pointless-use-of-CONFIG_TCG-defi.patch

Hi,

CPU has_work() is a per-accelerator handler. This series
- explicit the KVM / WHPX implementations
- moves TCG implementations in AccelOpsClass
- explicit missing implementations (returning 'false').

Since v3:
- Remove pointless CONFIG_TCG uses (rth)
- Rework PPC patches, still using indirection

Since v2:
- Full rewrite, no more RFC.

Philippe Mathieu-Daudé (30):
  accel/tcg: Restrict cpu_handle_halt() to sysemu
  hw/core: Restrict cpu_has_work() to sysemu
  hw/core: Un-inline cpu_has_work()
  sysemu: Introduce AccelOpsClass::has_work()
  accel/kvm: Implement AccelOpsClass::has_work()
  accel/whpx: Implement AccelOpsClass::has_work()
  accel/tcg: Implement AccelOpsClass::has_work() as stub
  target/alpha: Restrict has_work() handler to sysemu
  target/arm: Restrict has_work() handler to sysemu and TCG
  target/avr: Restrict has_work() handler to sysemu
  target/cris: Restrict has_work() handler to sysemu
  target/hexagon: Remove unused has_work() handler
  target/hppa: Restrict has_work() handler to sysemu
  target/i386: Restrict has_work() handler to sysemu and TCG
  target/m68k: Restrict has_work() handler to sysemu
  target/microblaze: Restrict has_work() handler to sysemu
  target/mips: Restrict has_work() handler to sysemu and TCG
  target/nios2: Restrict has_work() handler to sysemu
  target/openrisc: Restrict has_work() handler to sysemu
  target/ppc: Introduce PowerPCCPUClass::has_work()
  target/ppc: Restrict has_work() handlers to sysemu and TCG
  target/riscv: Restrict has_work() handler to sysemu and TCG
  target/rx: Restrict has_work() handler to sysemu
  target/s390x: Restrict has_work() handler to sysemu and TCG
  target/sh4: Restrict has_work() handler to sysemu
  target/sparc: Remove pointless use of CONFIG_TCG definition
  target/sparc: Restrict has_work() handler to sysemu
  target/tricore: Restrict has_work() handler to sysemu
  target/xtensa: Restrict has_work() handler to sysemu
  accel: Add missing AccelOpsClass::has_work() and drop SysemuCPUOps one

 include/hw/core/cpu.h | 28 +--
 include/hw/core/tcg-cpu-ops.h |  4 
 include/sysemu/accel-ops.h|  5 +
 target/ppc/cpu-qom.h  |  3 +++
 accel/hvf/hvf-accel-ops.c |  6 +
 accel/kvm/kvm-accel-ops.c |  6 +
 accel/qtest/qtest.c   |  6 +
 accel/tcg/cpu-exec.c  |  6 +++--
 accel/tcg/tcg-accel-ops.c | 12 ++
 accel/xen/xen-all.c   |  6 +
 hw/core/cpu-common.c  |  6 -
 softmmu/cpus.c| 10 ++---
 target/alpha/cpu.c|  4 +++-
 target/arm/cpu.c  |  7 --
 target/avr/cpu.c  |  2 +-
 target/cris/cpu.c |  4 +++-
 target/hexagon/cpu.c  |  6 -
 target/hppa/cpu.c |  4 +++-
 target/i386/cpu.c |  6 -
 target/i386/hax/hax-accel-ops.c   |  6 +
 target/i386/nvmm/nvmm-accel-ops.c |  6 +
 target/i386/tcg/tcg-cpu.c |  8 ++-
 target/i386/whpx/whpx-accel-ops.c |  6 +
 target/m68k/cpu.c |  4 +++-
 target/microblaze/cpu.c   |  8 +++
 target/mips/cpu.c |  4 +++-
 target/nios2/cpu.c|  4 +++-
 target/openrisc/cpu.c |  4 +++-
 target/ppc/cpu_init.c | 37 ++-
 target/riscv/cpu.c|  8 +++
 target/rx/cpu.c   |  4 +++-
 target/s390x/cpu.c|  4 +++-
 target/sh4/cpu.c  |  5 +++--
 target/sparc/cpu.c|  6 ++---
 target/tricore/cpu.c  |  6 -
 target/xtensa/cpu.c   | 14 ++--
 36 files changed, 179 insertions(+), 86 deletions(-)

-- 
2.31.1

Re: [PATCH 02/20] nubus-device: expose separate super slot memory region

[Mark Cave-Ayland]

On 12/09/2021 16:50, Philippe Mathieu-Daudé wrote:


On 9/12/21 9:48 AM, Mark Cave-Ayland wrote:

According to "Designing Cards and Drivers for the Macintosh Family" each 
physical
nubus slot can access 2 separate address ranges: a super slot memory region 
which
is 256MB and a standard slot memory region which is 16MB.

Currently a Nubus device uses the physical slot number to determine whether it 
is
using a standard slot memory region or a super slot memory region rather than
exposing both memory regions for use as required.

Signed-off-by: Mark Cave-Ayland 
---
  hw/nubus/nubus-device.c  | 36 ++--
  include/hw/nubus/nubus.h |  1 +
  2 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/hw/nubus/nubus-device.c b/hw/nubus/nubus-device.c
index be01269563..36203848e5 100644
--- a/hw/nubus/nubus-device.c
+++ b/hw/nubus/nubus-device.c
@@ -168,26 +168,26 @@ static void nubus_device_realize(DeviceState *dev, Error 
**errp)
  }
  
  nd->slot = nubus->current_slot++;

-name = g_strdup_printf("nubus-slot-%d", nd->slot);
-
-if (nd->slot < NUBUS_FIRST_SLOT) {
-/* Super */
-slot_offset = (nd->slot - 6) * NUBUS_SUPER_SLOT_SIZE;
-
-memory_region_init(>slot_mem, OBJECT(dev), name,
-   NUBUS_SUPER_SLOT_SIZE);
-memory_region_add_subregion(>super_slot_io, slot_offset,
->slot_mem);
-} else {
-/* Normal */
-slot_offset = nd->slot * NUBUS_SLOT_SIZE;
-
-memory_region_init(>slot_mem, OBJECT(dev), name, NUBUS_SLOT_SIZE);
-memory_region_add_subregion(>slot_io, slot_offset,
->slot_mem);
-}
  
+/* Super */

+slot_offset = (nd->slot - 6) * NUBUS_SUPER_SLOT_SIZE;
+
+name = g_strdup_printf("nubus-super-slot-%x", nd->slot);
+memory_region_init(>super_slot_mem, OBJECT(dev), name,
+NUBUS_SUPER_SLOT_SIZE);
+memory_region_add_subregion(>super_slot_io, slot_offset,
+>super_slot_mem);
+g_free(name);
+
+/* Normal */
+slot_offset = nd->slot * NUBUS_SLOT_SIZE;
+
+name = g_strdup_printf("nubus-slot-%x", nd->slot);


I'd rather use "nubus-standard-slot-%x" or "nubus-normal-slot-%x"
to differentiate from super-bus. (This also applies to variable
names and trace events in this series).


I can see how this may seem ambiguous, however in "Designing Cards and Drivers for 
the Macintosh Family" the documentation always refers to "slot" as a standard slot so 
there shouldn't be any confusion for developers here.



Anyway,
Reviewed-by: Philippe Mathieu-Daudé 



ATB,

Mark.

Re: [PATCH 18/20] nubus: add support for slot IRQs

[Mark Cave-Ayland]

On 12/09/2021 17:00, Philippe Mathieu-Daudé wrote:


On 9/12/21 9:49 AM, Mark Cave-Ayland wrote:

Each Nubus slot has an IRQ line that can be used to request service from the
CPU. Connect the IRQs to the Nubus bridge so that they can be wired up using 
qdev
gpios accordingly, and introduce a new nubus_set_irq() function that can be used
by Nubus devices to control the slot IRQ.

Signed-off-by: Mark Cave-Ayland 
---
  hw/nubus/nubus-bridge.c  | 2 ++
  hw/nubus/nubus-device.c  | 8 
  include/hw/nubus/nubus.h | 6 ++
  3 files changed, 16 insertions(+)

diff --git a/hw/nubus/nubus-bridge.c b/hw/nubus/nubus-bridge.c
index 2c7c4ee121..0366d925a9 100644
--- a/hw/nubus/nubus-bridge.c
+++ b/hw/nubus/nubus-bridge.c
@@ -19,6 +19,8 @@ static void nubus_bridge_init(Object *obj)
  NubusBus *bus = >bus;
  
  qbus_create_inplace(bus, sizeof(s->bus), TYPE_NUBUS_BUS, DEVICE(s), NULL);

+
+qdev_init_gpio_out(DEVICE(s), bus->irqs, NUBUS_IRQS);
  }


I'm confused, the IRQs belong to the bus, but you create them
on the bridge device (I know, the bus is not a qdev)...


Following on the same logic from my previous mail: the IRQs already exist as physical 
lines within the bus, but they are published (i.e. connected) via the bridge to the 
CPU. This also allows the use of GPIOs to wire up the Nubus without having to devise 
a whole new set of Nubus infrastructure just for interrupts.


Certainly this feels different when you compare with PCI, but then I'd also argue 
that the existing PCI code predates QOM/qdev and if it were written today it would be 
done differently.



  static Property nubus_bridge_properties[] = {
diff --git a/hw/nubus/nubus-device.c b/hw/nubus/nubus-device.c
index f316eb7789..67ab281943 100644
--- a/hw/nubus/nubus-device.c
+++ b/hw/nubus/nubus-device.c
@@ -10,12 +10,20 @@
  
  #include "qemu/osdep.h"

  #include "qemu/datadir.h"
+#include "hw/irq.h"
  #include "hw/loader.h"
  #include "hw/nubus/nubus.h"
  #include "qapi/error.h"
  #include "qemu/error-report.h"
  
  
+void nubus_set_irq(NubusDevice *nd, int level)

+{
+NubusBus *nubus = NUBUS_BUS(qdev_get_parent_bus(DEVICE(nd)));
+
+qemu_set_irq(nubus->irqs[nd->slot], level);
+}
+
  static void nubus_device_realize(DeviceState *dev, Error **errp)
  {
  NubusBus *nubus = NUBUS_BUS(qdev_get_parent_bus(dev));
diff --git a/include/hw/nubus/nubus.h b/include/hw/nubus/nubus.h
index 503ebf0c1c..2b9c4c77ac 100644
--- a/include/hw/nubus/nubus.h
+++ b/include/hw/nubus/nubus.h
@@ -24,6 +24,8 @@
  #define NUBUS_FIRST_SLOT  0x0
  #define NUBUS_LAST_SLOT   0xf
  
+#define NUBUS_IRQS16

+
  #define TYPE_NUBUS_DEVICE "nubus-device"
  OBJECT_DECLARE_SIMPLE_TYPE(NubusDevice, NUBUS_DEVICE)
  
@@ -43,6 +45,8 @@ struct NubusBus {

  MemoryRegion slot_io;
  
  uint32_t slot_available_mask;

+
+qemu_irq irqs[NUBUS_IRQS];
  };
  
  #define NUBUS_DECL_ROM_MAX_SIZE0x

@@ -58,6 +62,8 @@ struct NubusDevice {
  MemoryRegion decl_rom;
  };
  
+void nubus_set_irq(NubusDevice *nd, int level);


... then the API only involves a device and a bus, the
bridge is hidden.


That's correct. All a Nubus device cares about is being able to raise and lower its 
IRQ line: the routing between the Nubus and the CPU is delegated to the Nubus bridge.



ATB,

Mark.

Re: [PATCH 00/20] nubus: bus, device, bridge, IRQ and address space improvements

[Mark Cave-Ayland]

On 12/09/2021 16:47, Philippe Mathieu-Daudé wrote:


On 9/12/21 9:48 AM, Mark Cave-Ayland wrote:

This patchset is the next set of changes required to boot MacOS on the q800 
machine. The
main aim of these patches is to improve the Nubus support so that devices can 
be plugged
into the Nubus from the command line i.e.

 -device nubus-macfb[,romfile=decl.rom]

At the moment the only device that can be plugged into the Nubus is the macfb 
framebuffer
however with these changes it is possible to take a ROM from a real Nubus card 
and
attempt to use it in QEMU, and also allow for future interfaces such as virtio.

Patches 1 to 6 move the logic which manages bus addresses from the NubusDevice 
into
the NubusBus itself, including the introduction of a bitmap to manage available
slots on the bus.

Patches 7 and 8 change the handling for unassigned (empty) slots to generate a 
bus
fault and add trace events to allow logging of empty slot accesses during Nubus
enumeration.

Patches 9 to 11 remove the existing stubs for generating the format block (the 
epilogue
of the Nubus device embedded ROM consisting of metadata and a checksum) and 
replace them
with a romfile device property to allow the entire Nubus ROM to be loaded from 
a file
into the ROM area, similar to a PCI option ROM.

Patch 12 moves the Nubus into its own separate address space whilst patches 13 
to 17
update the NubusBridge (and MacNubusBridge) devices to allow machines to map the
required slots from the Nubus address space using sysbus_mmio_map().

Finally patches 18 to 20 add support for Nubus IRQs and wire them up 
appropriately for
the q800 machine through VIA2, which is required for the next set of macfb 
updates.


Thanks for the review so far :)


Some questions:

- TYPE_NUBUS_BRIDGE is not abstract. So far, beside
   TYPE_MAC_NUBUS_BRIDGE, no other code use it. Could it
   be use as it? If so, shouldn't the code in
   mac_nubus_bridge_init() be moved to nubus_bridge_realize(),
   creating the slot alias regions generically using the
   slot range from slot_available_mask or using another
   property?


Not yet, but Nubus was available on non-Apple machines. Given that TYPE_NUBUS_BRIDGE 
and TYPE_MAC_NUBUS_BRIDGE are already there, it seems a shame to prevent anyone who 
wanted to experiment with Nubus in other ways by hard-coding in the Macintosh 
restrictions.



- Why is "slot-available-mask" a bridge device property and
   not a bus one?


Architecturally a Nubus always has 16 slots with 1 IRQ per slot (you can compare this 
with PCI always having 32 slots with 4 possible IRQs per slot). In the Macintosh 
design Apple restricted the available address space by mapping a partial address 
range onto the CPU bus, so I'd argue that this is an implementation property of the 
bridge. And of course device properties already exist which helps make things easier 
too :)



ATB,

Mark.

Re: [PATCH 07/20] nubus: add trace-events for unassigned slot accesses

[Mark Cave-Ayland]

On 12/09/2021 16:18, Philippe Mathieu-Daudé wrote:


On 9/12/21 9:49 AM, Mark Cave-Ayland wrote:

These allow tracing of the Nubus enumeration process by the guest OS.

Signed-off-by: Mark Cave-Ayland 
---
  hw/nubus/nubus-bus.c  | 10 +++---
  hw/nubus/trace-events |  7 +++
  hw/nubus/trace.h  |  1 +
  meson.build   |  1 +
  4 files changed, 16 insertions(+), 3 deletions(-)
  create mode 100644 hw/nubus/trace-events
  create mode 100644 hw/nubus/trace.h



@@ -38,7 +40,7 @@ static const MemoryRegionOps nubus_slot_ops = {
  .endianness = DEVICE_BIG_ENDIAN,
  .valid = {
  .min_access_size = 1,
-.max_access_size = 1,
+.max_access_size = 4,
  },
  };


This patch does a bit more that what is described.


Ah oops - presumably one of the OSs I was testing was probing with 32-bit accesses 
instead of 8-bit accesses and I made the adjustment to ensure the bus enumeration for 
empty slots appeared in the trace events.


I'll update the commit message accordingly.


@@ -60,7 +64,7 @@ static const MemoryRegionOps nubus_super_slot_ops = {
  .endianness = DEVICE_BIG_ENDIAN,
  .valid = {
  .min_access_size = 1,
-.max_access_size = 1,
+.max_access_size = 4,
  },
  };



ATB,

Mark.

Re: [PATCH 03/20] nubus-device: add device slot parameter

[Mark Cave-Ayland]

On 12/09/2021 16:15, Philippe Mathieu-Daudé wrote:


On 9/12/21 9:48 AM, Mark Cave-Ayland wrote:

This prepares for allowing Nubus devices to be placed in a specific slot instead
of always being auto-allocated by the bus itself.

Signed-off-by: Mark Cave-Ayland 
---
  hw/nubus/nubus-device.c  | 6 ++
  include/hw/nubus/nubus.h | 2 +-
  2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/hw/nubus/nubus-device.c b/hw/nubus/nubus-device.c
index 36203848e5..c1832f73da 100644
--- a/hw/nubus/nubus-device.c
+++ b/hw/nubus/nubus-device.c
@@ -191,12 +191,18 @@ static void nubus_device_realize(DeviceState *dev, Error 
**errp)
  nubus_register_format_block(nd);
  }
  
+static Property nubus_device_properties[] = {

+DEFINE_PROP_INT32("slot", NubusDevice, slot, -1),
+DEFINE_PROP_END_OF_LIST()
+};
+
  static void nubus_device_class_init(ObjectClass *oc, void *data)
  {
  DeviceClass *dc = DEVICE_CLASS(oc);
  
  dc->realize = nubus_device_realize;

  dc->bus_type = TYPE_NUBUS_BUS;
+device_class_set_props(dc, nubus_device_properties);


Can we reorder this after #4 where you sanity check 'slot'
in nubus_device_realize()? First sanity check, then expose
the property.


The slot number is already being checked at this point to ensure that it lies between 
NUBUS_FIRST_SLOT and NUBUS_LAST_SLOT (see the change to NUBUS_FIRST_SLOT in patch 4). 
Note that patch 4 also converts the range 0x9-0xf to the equivalent bitmask to ensure 
there should be no change in the available slots.



ATB,

Mark.

Re: [PATCH v2 9/9] linux-user: Drop unneeded includes from qemu.h

[Richard Henderson]

On 9/8/21 8:44 AM, Peter Maydell wrote:

Trim down the #includes in qemu.h where we can, either by
dropping unneeded headers or by moving them to user-internals.h.

This includes deleting a couple of #includes that appear at
weird points midway through the header file.

Signed-off-by: Peter Maydell
Reviewed-by: Philippe Mathieu-Daudé
---


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 8/9] linux-user: Don't include gdbstub.h in qemu.h

[Richard Henderson]

On 9/8/21 8:44 AM, Peter Maydell wrote:

Currently the linux-user qemu.h pulls in gdbstub.h. There's no real reason
why it should do this; include it directly from the C files which require
it, and drop the include line in qemu.h.

(Note that several of the C files previously relying on this indirect
include were going out of their way to only include gdbstub.h conditionally
on not CONFIG_USER_ONLY!)

Signed-off-by: Peter Maydell
Reviewed-by: Philippe Mathieu-Daudé
---


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 3/3] ui/console: remove chardev frontend connected test

[Marc-André Lureau]

On Sun, Sep 12, 2021 at 4:53 PM Volker Rümelin  wrote:

> The test if the chardev frontend is connected in
> kbd_put_keysym_console() is redundant, because the call
> to qemu_chr_be_can_write() in kbd_send_chars() tests
> the connected condition again.
>
> Remove the redundant test whether the chardev frontend
> is connected.
>
> Signed-off-by: Volker Rümelin 
>

Reviewed-by: Marc-André Lureau 

---
>  ui/console.c | 13 +
>  1 file changed, 5 insertions(+), 8 deletions(-)
>
> diff --git a/ui/console.c b/ui/console.c
> index 7b276bfc6c..a06442ed86 100644
> --- a/ui/console.c
> +++ b/ui/console.c
> @@ -28,10 +28,11 @@
>  #include "qapi/error.h"
>  #include "qapi/qapi-commands-ui.h"
>  #include "qemu/fifo8.h"
> +#include "qemu/main-loop.h"
>  #include "qemu/module.h"
>  #include "qemu/option.h"
>  #include "qemu/timer.h"
> -#include "chardev/char-fe.h"
> +#include "chardev/char.h"
>  #include "trace.h"
>  #include "exec/memory.h"
>  #include "io/channel-file.h"
> @@ -1126,7 +1127,6 @@ static void kbd_send_chars(QemuConsole *s)
>  void kbd_put_keysym_console(QemuConsole *s, int keysym)
>  {
>  uint8_t buf[16], *q;
> -CharBackend *be;
>  int c;
>  uint32_t free;
>
> @@ -1170,12 +1170,9 @@ void kbd_put_keysym_console(QemuConsole *s, int
> keysym)
>  if (s->echo) {
>  vc_chr_write(s->chr, buf, q - buf);
>  }
> -be = s->chr->be;
> -if (be && be->chr_read) {
> -free = fifo8_num_free(>out_fifo);
> -fifo8_push_all(>out_fifo, buf, MIN(free, q - buf));
> -kbd_send_chars(s);
> -}
> +free = fifo8_num_free(>out_fifo);
> +fifo8_push_all(>out_fifo, buf, MIN(free, q - buf));
> +kbd_send_chars(s);
>  break;
>  }
>  }
> --
> 2.31.1
>
>
>

-- 
Marc-André Lureau

Re: [PATCH v2 7/9] linux-user: Split linux-user internals out of qemu.h

[Richard Henderson]

On 9/8/21 8:44 AM, Peter Maydell wrote:

qemu.h is included in various non-linux-user files (which
mostly want the TaskState struct and the functions for
doing usermode access to guest addresses like lock_user(),
unlock_user(), get_user*(), etc).

Split out the parts that are only used in linux-user itself
into a new user-internals.h. This leaves qemu.h with basically
three things:
  * the definition of the TaskState struct
  * the user-access functions and macros
  * do_brk()
all of which are needed by code outside linux-user that
includes qemu.h.

The addition of all the extra #include lines was done with
   sed -i '/include.*qemu\.h/a #include "user-internals.h"' $(git grep -l 
'include.*qemu\.h' linux-user)
(and then undoing the change to fpa11.h).

Signed-off-by: Peter Maydell
---


Reviewed-by: Richard Henderson 

r~

[PATCH 0/2] Improve vhost-user VQ notifier unmap

[Xueming Li]

When vDPA applicaiton in client mode shutdown, unmapped VQ notifier
might being accessed by VM thread under hight tx traffic, it will
crash VM in rare conditon. This patch try to fix it with better RCU
sychronization of new flatview.

Xueming Li (2):
  vhost-user: fix VirtQ notifier cleanup
  vhost-user: remove VirtQ notifier restore

 hw/virtio/vhost-user.c | 38 --
 include/hw/virtio/vhost-user.h |  1 -
 2 files changed, 13 insertions(+), 26 deletions(-)

-- 
2.33.0

Re: [PATCH v2 6/9] linux-user: Split safe-syscall macro into its own header

[Richard Henderson]

On 9/8/21 8:44 AM, Peter Maydell wrote:

Split the safe-syscall macro from qemu.h into a new safe-syscall.h.

Signed-off-by: Peter Maydell
Reviewed-by: Philippe Mathieu-Daudé
---
  linux-user/qemu.h | 135 -
  linux-user/safe-syscall.h | 154 ++
  linux-user/syscall.c  |   1 +
  3 files changed, 155 insertions(+), 135 deletions(-)
  create mode 100644 linux-user/safe-syscall.h


Reviewed-by: Richard Henderson 



+#else
+
+/*
+ * Fallback for architectures which don't yet provide a safe-syscall assembly
+ * fragment; note that this is racy!
+ * This should go away when all host architectures have been updated.
+ */
+#define safe_syscall syscall


All native tcg hosts have been updated.  All that is left are those for which we fall back 
to tci.  At what point do we drop the fallback and simply make this a build error?



r~

[PATCH 1/2] vhost-user: fix VirtQ notifier cleanup

[Xueming Li]

When vhost-user device cleanup and unmmap notifier address, VM cpu
thread that writing the notifier failed with accessing invalid address.

To avoid this concurrent issue, wait memory flatview update by draining
rcu callbacks, then unmap notifiers.

Fixes: 44866521bd6e ("vhost-user: support registering external host notifiers")
Cc: tiwei@intel.com
Cc: qemu-sta...@nongnu.org
Cc: Yuwei Zhang 
Signed-off-by: Xueming Li 
---
 hw/virtio/vhost-user.c | 19 ---
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 2c8556237f..58722ab27c 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -1165,6 +1165,10 @@ static void vhost_user_host_notifier_remove(struct 
vhost_dev *dev,
 
 if (n->addr && n->set) {
 virtio_queue_set_host_notifier_mr(vdev, queue_idx, >mr, false);
+/* Wait VM threads accessing old flatview which contains notifier. */
+drain_call_rcu();
+munmap(n->addr, qemu_real_host_page_size);
+n->addr = NULL;
 n->set = false;
 }
 }
@@ -1502,12 +1506,7 @@ static int 
vhost_user_slave_handle_vring_host_notifier(struct vhost_dev *dev,
 
 n = >notifier[queue_idx];
 
-if (n->addr) {
-virtio_queue_set_host_notifier_mr(vdev, queue_idx, >mr, false);
-object_unparent(OBJECT(>mr));
-munmap(n->addr, page_size);
-n->addr = NULL;
-}
+vhost_user_host_notifier_remove(dev, queue_idx);
 
 if (area->u64 & VHOST_USER_VRING_NOFD_MASK) {
 return 0;
@@ -2484,11 +2483,17 @@ void vhost_user_cleanup(VhostUserState *user)
 for (i = 0; i < VIRTIO_QUEUE_MAX; i++) {
 if (user->notifier[i].addr) {
 object_unparent(OBJECT(>notifier[i].mr));
+}
+}
+memory_region_transaction_commit();
+/* Wait VM threads accessing old flatview which contains notifier. */
+drain_call_rcu();
+for (i = 0; i < VIRTIO_QUEUE_MAX; i++) {
+if (user->notifier[i].addr) {
 munmap(user->notifier[i].addr, qemu_real_host_page_size);
 user->notifier[i].addr = NULL;
 }
 }
-memory_region_transaction_commit();
 user->chr = NULL;
 }
 
-- 
2.33.0

[PATCH 2/2] vhost-user: remove VirtQ notifier restore

[Xueming Li]

When vhost-user vdpa client restart, VQ notifier resources become
invalid, no need to keep mmap, vdpa client will set VQ notifier after
reconnect.

Removes VQ notifier restore and related flags.

Fixes: 44866521bd6e ("vhost-user: support registering external host notifiers")
Cc: tiwei@intel.com
Cc: qemu-sta...@nongnu.org
Cc: Yuwei Zhang 
Signed-off-by: Xueming Li 
---
 hw/virtio/vhost-user.c | 19 +--
 include/hw/virtio/vhost-user.h |  1 -
 2 files changed, 1 insertion(+), 19 deletions(-)

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 58722ab27c..fc688db884 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -1143,19 +1143,6 @@ static int vhost_user_set_vring_num(struct vhost_dev 
*dev,
 return vhost_set_vring(dev, VHOST_USER_SET_VRING_NUM, ring);
 }
 
-static void vhost_user_host_notifier_restore(struct vhost_dev *dev,
- int queue_idx)
-{
-struct vhost_user *u = dev->opaque;
-VhostUserHostNotifier *n = >user->notifier[queue_idx];
-VirtIODevice *vdev = dev->vdev;
-
-if (n->addr && !n->set) {
-virtio_queue_set_host_notifier_mr(vdev, queue_idx, >mr, true);
-n->set = true;
-}
-}
-
 static void vhost_user_host_notifier_remove(struct vhost_dev *dev,
 int queue_idx)
 {
@@ -1163,21 +1150,18 @@ static void vhost_user_host_notifier_remove(struct 
vhost_dev *dev,
 VhostUserHostNotifier *n = >user->notifier[queue_idx];
 VirtIODevice *vdev = dev->vdev;
 
-if (n->addr && n->set) {
+if (n->addr) {
 virtio_queue_set_host_notifier_mr(vdev, queue_idx, >mr, false);
 /* Wait VM threads accessing old flatview which contains notifier. */
 drain_call_rcu();
 munmap(n->addr, qemu_real_host_page_size);
 n->addr = NULL;
-n->set = false;
 }
 }
 
 static int vhost_user_set_vring_base(struct vhost_dev *dev,
  struct vhost_vring_state *ring)
 {
-vhost_user_host_notifier_restore(dev, ring->index);
-
 return vhost_set_vring(dev, VHOST_USER_SET_VRING_BASE, ring);
 }
 
@@ -1536,7 +1520,6 @@ static int 
vhost_user_slave_handle_vring_host_notifier(struct vhost_dev *dev,
 }
 
 n->addr = addr;
-n->set = true;
 
 return 0;
 }
diff --git a/include/hw/virtio/vhost-user.h b/include/hw/virtio/vhost-user.h
index a9abca3288..f6012b2078 100644
--- a/include/hw/virtio/vhost-user.h
+++ b/include/hw/virtio/vhost-user.h
@@ -14,7 +14,6 @@
 typedef struct VhostUserHostNotifier {
 MemoryRegion mr;
 void *addr;
-bool set;
 } VhostUserHostNotifier;
 
 typedef struct VhostUserState {
-- 
2.33.0

Re: [PATCH v2 5/9] linux-user: Split mmap prototypes into user-mmap.h

[Richard Henderson]

On 9/8/21 8:44 AM, Peter Maydell wrote:

Split out the mmap prototypes into a new header user-mmap.h
which we only include where required.

Signed-off-by: Peter Maydell
---
  linux-user/qemu.h  | 14 --
  linux-user/user-mmap.h | 34 ++
  linux-user/elfload.c   |  1 +
  linux-user/flatload.c  |  1 +
  linux-user/i386/cpu_loop.c |  1 +
  linux-user/main.c  |  1 +
  linux-user/mmap.c  |  1 +
  linux-user/syscall.c   |  1 +
  8 files changed, 40 insertions(+), 14 deletions(-)
  create mode 100644 linux-user/user-mmap.h


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 4/9] linux-user: Split loader-related prototypes into loader.h

[Richard Henderson]

On 9/8/21 8:44 AM, Peter Maydell wrote:

Split guest-binary loader prototypes out into a new header
loader.h which we include only where required.

Signed-off-by: Peter Maydell
---
  linux-user/loader.h| 59 ++
  linux-user/qemu.h  | 40 
  linux-user/elfload.c   |  1 +
  linux-user/flatload.c  |  1 +
  linux-user/linuxload.c |  1 +
  linux-user/main.c  |  1 +
  linux-user/signal.c|  1 +
  linux-user/syscall.c   |  1 +
  8 files changed, 65 insertions(+), 40 deletions(-)
  create mode 100644 linux-user/loader.h


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 3/9] linux-user: Split signal-related prototypes into signal-common.h

[Richard Henderson]

On 9/8/21 8:43 AM, Peter Maydell wrote:

Split the signal related prototypes into the existing header file
signal-common.h, and include it in those places that now require it.

Signed-off-by: Peter Maydell
---
v1->v2: use existing signal-common.h instead of new header
---
  linux-user/qemu.h| 36 
  linux-user/signal-common.h   | 36 
  linux-user/aarch64/cpu_loop.c|  1 +
  linux-user/alpha/cpu_loop.c  |  1 +
  linux-user/arm/cpu_loop.c|  1 +
  linux-user/cris/cpu_loop.c   |  1 +
  linux-user/fd-trans.c|  1 +
  linux-user/hexagon/cpu_loop.c|  1 +
  linux-user/hppa/cpu_loop.c   |  1 +
  linux-user/i386/cpu_loop.c   |  1 +
  linux-user/m68k/cpu_loop.c   |  1 +
  linux-user/main.c|  1 +
  linux-user/microblaze/cpu_loop.c |  1 +
  linux-user/mips/cpu_loop.c   |  1 +
  linux-user/nios2/cpu_loop.c  |  1 +
  linux-user/openrisc/cpu_loop.c   |  1 +
  linux-user/ppc/cpu_loop.c|  1 +
  linux-user/riscv/cpu_loop.c  |  1 +
  linux-user/s390x/cpu_loop.c  |  1 +
  linux-user/sh4/cpu_loop.c|  1 +
  linux-user/sparc/cpu_loop.c  |  1 +
  linux-user/syscall.c |  1 +
  linux-user/xtensa/cpu_loop.c |  1 +
  23 files changed, 57 insertions(+), 36 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v2 2/9] linux-user: Split strace prototypes into strace.h

[Richard Henderson]

On 9/8/21 8:43 AM, Peter Maydell wrote:

The functions implemented in strace.c are only used in a few files in
linux-user; split them out of qemu.h and into a new strace.h header
which we include in the places that need it.

Signed-off-by: Peter Maydell
Reviewed-by: Philippe Mathieu-Daudé
---
  linux-user/qemu.h| 18 --
  linux-user/strace.h  | 38 ++
  linux-user/signal.c  |  1 +
  linux-user/strace.c  |  2 ++
  linux-user/syscall.c |  1 +
  5 files changed, 42 insertions(+), 18 deletions(-)
  create mode 100644 linux-user/strace.h


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 18/20] nubus: add support for slot IRQs

[Philippe Mathieu-Daudé]

On 9/12/21 9:49 AM, Mark Cave-Ayland wrote:
> Each Nubus slot has an IRQ line that can be used to request service from the
> CPU. Connect the IRQs to the Nubus bridge so that they can be wired up using 
> qdev
> gpios accordingly, and introduce a new nubus_set_irq() function that can be 
> used
> by Nubus devices to control the slot IRQ.
> 
> Signed-off-by: Mark Cave-Ayland 
> ---
>  hw/nubus/nubus-bridge.c  | 2 ++
>  hw/nubus/nubus-device.c  | 8 
>  include/hw/nubus/nubus.h | 6 ++
>  3 files changed, 16 insertions(+)
> 
> diff --git a/hw/nubus/nubus-bridge.c b/hw/nubus/nubus-bridge.c
> index 2c7c4ee121..0366d925a9 100644
> --- a/hw/nubus/nubus-bridge.c
> +++ b/hw/nubus/nubus-bridge.c
> @@ -19,6 +19,8 @@ static void nubus_bridge_init(Object *obj)
>  NubusBus *bus = >bus;
>  
>  qbus_create_inplace(bus, sizeof(s->bus), TYPE_NUBUS_BUS, DEVICE(s), 
> NULL);
> +
> +qdev_init_gpio_out(DEVICE(s), bus->irqs, NUBUS_IRQS);
>  }

I'm confused, the IRQs belong to the bus, but you create them
on the bridge device (I know, the bus is not a qdev)...

>  static Property nubus_bridge_properties[] = {
> diff --git a/hw/nubus/nubus-device.c b/hw/nubus/nubus-device.c
> index f316eb7789..67ab281943 100644
> --- a/hw/nubus/nubus-device.c
> +++ b/hw/nubus/nubus-device.c
> @@ -10,12 +10,20 @@
>  
>  #include "qemu/osdep.h"
>  #include "qemu/datadir.h"
> +#include "hw/irq.h"
>  #include "hw/loader.h"
>  #include "hw/nubus/nubus.h"
>  #include "qapi/error.h"
>  #include "qemu/error-report.h"
>  
>  
> +void nubus_set_irq(NubusDevice *nd, int level)
> +{
> +NubusBus *nubus = NUBUS_BUS(qdev_get_parent_bus(DEVICE(nd)));
> +
> +qemu_set_irq(nubus->irqs[nd->slot], level);
> +}
> +
>  static void nubus_device_realize(DeviceState *dev, Error **errp)
>  {
>  NubusBus *nubus = NUBUS_BUS(qdev_get_parent_bus(dev));
> diff --git a/include/hw/nubus/nubus.h b/include/hw/nubus/nubus.h
> index 503ebf0c1c..2b9c4c77ac 100644
> --- a/include/hw/nubus/nubus.h
> +++ b/include/hw/nubus/nubus.h
> @@ -24,6 +24,8 @@
>  #define NUBUS_FIRST_SLOT  0x0
>  #define NUBUS_LAST_SLOT   0xf
>  
> +#define NUBUS_IRQS16
> +
>  #define TYPE_NUBUS_DEVICE "nubus-device"
>  OBJECT_DECLARE_SIMPLE_TYPE(NubusDevice, NUBUS_DEVICE)
>  
> @@ -43,6 +45,8 @@ struct NubusBus {
>  MemoryRegion slot_io;
>  
>  uint32_t slot_available_mask;
> +
> +qemu_irq irqs[NUBUS_IRQS];
>  };
>  
>  #define NUBUS_DECL_ROM_MAX_SIZE0x
> @@ -58,6 +62,8 @@ struct NubusDevice {
>  MemoryRegion decl_rom;
>  };
>  
> +void nubus_set_irq(NubusDevice *nd, int level);

... then the API only involves a device and a bus, the
bridge is hidden.

Re: [PATCH v2 1/9] linux-user: Fix coding style nits in qemu.h

[Richard Henderson]

On 9/8/21 8:43 AM, Peter Maydell wrote:

We're about to move a lot of the code in qemu.h out into different
header files; fix the coding style nits first so that checkpatch
is happy with the pure code-movement patches. This is mostly
block-comment style but also a few whitespace issues.

Signed-off-by: Peter Maydell
Reviewed-by: Philippe Mathieu-Daudé
---
  linux-user/qemu.h | 47 ++-
  1 file changed, 30 insertions(+), 17 deletions(-)


Reviewed-by: Richard Henderson 

r~

[PULL 8/9] tcg/ppc: Ensure _CALL_SYSV is set for 32-bit ELF

[Richard Henderson]

Clang only sets _CALL_ELF for ppc64, and nothing at all to specify
the ABI for ppc32.  Make a good guess based on other symbols.

Reported-by: Brad Smith 
Signed-off-by: Richard Henderson 
---
 tcg/ppc/tcg-target.c.inc | 21 ++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index 2202ce017e..5e1fac914a 100644
--- a/tcg/ppc/tcg-target.c.inc
+++ b/tcg/ppc/tcg-target.c.inc
@@ -25,9 +25,24 @@
 #include "elf.h"
 #include "../tcg-pool.c.inc"
 
-#if !defined _CALL_DARWIN && defined __APPLE__
-#define _CALL_DARWIN 1
-#endif
+/*
+ * Standardize on the _CALL_FOO symbols used by GCC:
+ * Apple XCode does not define _CALL_DARWIN.
+ * Clang defines _CALL_ELF (64-bit) but not _CALL_SYSV (32-bit).
+ */
+#if !defined(_CALL_SYSV) && \
+!defined(_CALL_DARWIN) && \
+!defined(_CALL_AIX) && \
+!defined(_CALL_ELF)
+# if defined(__APPLE__)
+#  define _CALL_DARWIN
+# elif defined(__ELF__) && TCG_TARGET_REG_BITS == 32
+#  define _CALL_SYSV
+# else
+#  error "Unknown ABI"
+# endif
+#endif 
+
 #ifdef _CALL_SYSV
 # define TCG_TARGET_CALL_ALIGN_ARGS   1
 #endif
-- 
2.25.1

Re: [PATCH 2/3] ui/console: replace kbd_timer with chr_accept_input callback

[Marc-André Lureau]

On Sun, Sep 12, 2021 at 5:03 PM Volker Rümelin  wrote:

> There's a ChardevClass chr_accept_input() callback function that
> can replace the write retry timer.
>
> Signed-off-by: Volker Rümelin 
>

Reviewed-by: Marc-André Lureau 

---
>  ui/console.c | 28 +---
>  1 file changed, 13 insertions(+), 15 deletions(-)
>
> diff --git a/ui/console.c b/ui/console.c
> index e6ce29024c..7b276bfc6c 100644
> --- a/ui/console.c
> +++ b/ui/console.c
> @@ -116,7 +116,6 @@ struct QemuConsole {
>  Chardev *chr;
>  /* fifo for key pressed */
>  Fifo8 out_fifo;
> -QEMUTimer *kbd_timer;
>  CoQueue dump_queue;
>
>  QTAILQ_ENTRY(QemuConsole) next;
> @@ -1106,30 +1105,21 @@ static int vc_chr_write(Chardev *chr, const
> uint8_t *buf, int len)
>  return len;
>  }
>
> -static void kbd_send_chars(void *opaque)
> +static void kbd_send_chars(QemuConsole *s)
>  {
> -QemuConsole *s = opaque;
>  uint32_t len, avail;
>
>  len = qemu_chr_be_can_write(s->chr);
>  avail = fifo8_num_used(>out_fifo);
> -if (len > avail) {
> -len = avail;
> -}
> -while (len > 0) {
> +while (len > 0 && avail > 0) {
>  const uint8_t *buf;
>  uint32_t size;
>
> -buf = fifo8_pop_buf(>out_fifo, len, );
> +buf = fifo8_pop_buf(>out_fifo, MIN(len, avail), );
>  qemu_chr_be_write(s->chr, (uint8_t *)buf, size);
> -len -= size;
> +len = qemu_chr_be_can_write(s->chr);
>  avail -= size;
>  }
> -/* characters are pending: we send them a bit later (XXX:
> -   horrible, should change char device API) */
> -if (avail > 0) {
> -timer_mod(s->kbd_timer, qemu_clock_get_ms(QEMU_CLOCK_REALTIME) +
> 1);
> -}
>  }
>
>  /* called when an ascii key is pressed */
> @@ -2141,6 +2131,14 @@ int qemu_console_get_height(QemuConsole *con, int
> fallback)
>  return con ? surface_height(con->surface) : fallback;
>  }
>
> +static void vc_chr_accept_input(Chardev *chr)
> +{
> +VCChardev *drv = VC_CHARDEV(chr);
> +QemuConsole *s = drv->console;
> +
> +kbd_send_chars(s);
> +}
> +
>  static void vc_chr_set_echo(Chardev *chr, bool echo)
>  {
>  VCChardev *drv = VC_CHARDEV(chr);
> @@ -2189,7 +2187,6 @@ static void text_console_do_init(Chardev *chr,
> DisplayState *ds)
>  int g_height = 24 * FONT_HEIGHT;
>
>  fifo8_create(>out_fifo, 16);
> -s->kbd_timer = timer_new_ms(QEMU_CLOCK_REALTIME, kbd_send_chars, s);
>  s->ds = ds;
>
>  s->y_displayed = 0;
> @@ -2439,6 +2436,7 @@ static void char_vc_class_init(ObjectClass *oc, void
> *data)
>  cc->parse = qemu_chr_parse_vc;
>  cc->open = vc_chr_open;
>  cc->chr_write = vc_chr_write;
> +cc->chr_accept_input = vc_chr_accept_input;
>  cc->chr_set_echo = vc_chr_set_echo;
>  }
>
> --
> 2.31.1
>
>
>

-- 
Marc-André Lureau

[PULL 5/9] tcg: Remove tcg_global_reg_new defines

[Richard Henderson]

From: Bin Meng 

Since commit 1c2adb958fc0 ("tcg: Initialize cpu_env generically"),
these tcg_global_reg_new_ macros are not used anywhere.

Signed-off-by: Bin Meng 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20210816143507.11200-1-bmeng...@gmail.com>
Signed-off-by: Richard Henderson 
---
 include/tcg/tcg-op.h| 2 --
 target/hppa/translate.c | 3 ---
 2 files changed, 5 deletions(-)

diff --git a/include/tcg/tcg-op.h b/include/tcg/tcg-op.h
index 2a654f350c..0545a6224c 100644
--- a/include/tcg/tcg-op.h
+++ b/include/tcg/tcg-op.h
@@ -843,7 +843,6 @@ static inline void tcg_gen_plugin_cb_end(void)
 
 #if TARGET_LONG_BITS == 32
 #define tcg_temp_new() tcg_temp_new_i32()
-#define tcg_global_reg_new tcg_global_reg_new_i32
 #define tcg_global_mem_new tcg_global_mem_new_i32
 #define tcg_temp_local_new() tcg_temp_local_new_i32()
 #define tcg_temp_free tcg_temp_free_i32
@@ -851,7 +850,6 @@ static inline void tcg_gen_plugin_cb_end(void)
 #define tcg_gen_qemu_st_tl tcg_gen_qemu_st_i32
 #else
 #define tcg_temp_new() tcg_temp_new_i64()
-#define tcg_global_reg_new tcg_global_reg_new_i64
 #define tcg_global_mem_new tcg_global_mem_new_i64
 #define tcg_temp_local_new() tcg_temp_local_new_i64()
 #define tcg_temp_free tcg_temp_free_i64
diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index 3ce22cdd09..c3698cf067 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -34,7 +34,6 @@
 
 #undef TCGv
 #undef tcg_temp_new
-#undef tcg_global_reg_new
 #undef tcg_global_mem_new
 #undef tcg_temp_local_new
 #undef tcg_temp_free
@@ -59,7 +58,6 @@
 #define TCGv_reg TCGv_i64
 
 #define tcg_temp_new tcg_temp_new_i64
-#define tcg_global_reg_new   tcg_global_reg_new_i64
 #define tcg_global_mem_new   tcg_global_mem_new_i64
 #define tcg_temp_local_new   tcg_temp_local_new_i64
 #define tcg_temp_freetcg_temp_free_i64
@@ -155,7 +153,6 @@
 #else
 #define TCGv_reg TCGv_i32
 #define tcg_temp_new tcg_temp_new_i32
-#define tcg_global_reg_new   tcg_global_reg_new_i32
 #define tcg_global_mem_new   tcg_global_mem_new_i32
 #define tcg_temp_local_new   tcg_temp_local_new_i32
 #define tcg_temp_freetcg_temp_free_i32
-- 
2.25.1

[PULL 7/9] tcg/ppc: Replace TCG_TARGET_CALL_DARWIN with _CALL_DARWIN

[Richard Henderson]

If __APPLE__, ensure that _CALL_DARWIN is set, then remove
our local TCG_TARGET_CALL_DARWIN.

Signed-off-by: Richard Henderson 
---
 tcg/ppc/tcg-target.c.inc | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tcg/ppc/tcg-target.c.inc b/tcg/ppc/tcg-target.c.inc
index e0f4665213..2202ce017e 100644
--- a/tcg/ppc/tcg-target.c.inc
+++ b/tcg/ppc/tcg-target.c.inc
@@ -25,8 +25,8 @@
 #include "elf.h"
 #include "../tcg-pool.c.inc"
 
-#if defined _CALL_DARWIN || defined __APPLE__
-#define TCG_TARGET_CALL_DARWIN
+#if !defined _CALL_DARWIN && defined __APPLE__
+#define _CALL_DARWIN 1
 #endif
 #ifdef _CALL_SYSV
 # define TCG_TARGET_CALL_ALIGN_ARGS   1
@@ -169,7 +169,7 @@ static const int tcg_target_call_oarg_regs[] = {
 };
 
 static const int tcg_target_callee_save_regs[] = {
-#ifdef TCG_TARGET_CALL_DARWIN
+#ifdef _CALL_DARWIN
 TCG_REG_R11,
 #endif
 TCG_REG_R14,
@@ -2372,7 +2372,7 @@ static void tcg_out_nop_fill(tcg_insn_unit *p, int count)
 # define LINK_AREA_SIZE(6 * SZR)
 # define LR_OFFSET (1 * SZR)
 # define TCG_TARGET_CALL_STACK_OFFSET  (LINK_AREA_SIZE + 8 * SZR)
-#elif defined(TCG_TARGET_CALL_DARWIN)
+#elif defined(_CALL_DARWIN)
 # define LINK_AREA_SIZE(6 * SZR)
 # define LR_OFFSET (2 * SZR)
 #elif TCG_TARGET_REG_BITS == 64
-- 
2.25.1

[PULL 9/9] tcg/arm: Fix tcg_out_vec_op function signature

[Richard Henderson]

From: "Jose R. Ziviani" 

Commit 5e8892db93 fixed several function signatures but tcg_out_vec_op
for arm is missing. It causes a build error on armv6 and armv7:

tcg-target.c.inc:2718:42: error: argument 5 of type 'const TCGArg *'
{aka 'const unsigned int *'} declared as a pointer [-Werror=array-parameter=]
   const TCGArg *args, const int *const_args)
  ~~^~~~
../tcg/tcg.c:120:41: note: previously declared as an array 'const TCGArg[16]'
{aka 'const unsigned int[16]'}
   const TCGArg args[TCG_MAX_OP_ARGS],
  ~~^~~~

Signed-off-by: Jose R. Ziviani 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20210908185338.7927-1-jzivi...@suse.de>
Signed-off-by: Richard Henderson 
---
 tcg/arm/tcg-target.c.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tcg/arm/tcg-target.c.inc b/tcg/arm/tcg-target.c.inc
index 007ceee68e..e5b4f86841 100644
--- a/tcg/arm/tcg-target.c.inc
+++ b/tcg/arm/tcg-target.c.inc
@@ -2715,7 +2715,8 @@ static const ARMInsn vec_cmp0_insn[16] = {
 
 static void tcg_out_vec_op(TCGContext *s, TCGOpcode opc,
unsigned vecl, unsigned vece,
-   const TCGArg *args, const int *const_args)
+   const TCGArg args[TCG_MAX_OP_ARGS],
+   const int const_args[TCG_MAX_OP_ARGS])
 {
 TCGType type = vecl + TCG_TYPE_V64;
 unsigned q = vecl;
-- 
2.25.1

[PULL 2/9] accel/tcg: Clear PAGE_WRITE before translation

[Richard Henderson]

From: Ilya Leoshkevich 

translate_insn() implementations fetch instruction bytes piecemeal,
which can cause qemu-user to generate inconsistent translations if
another thread modifies them concurrently [1].

Fix by making pages containing translated instruction non-writable
right before loading instruction bytes from them.

[1] https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg00644.html

Signed-off-by: Ilya Leoshkevich 
Message-Id: <20210805204835.158918-1-...@linux.ibm.com>
Signed-off-by: Richard Henderson 
---
 include/exec/translate-all.h |  1 +
 include/exec/translator.h| 39 ++--
 accel/tcg/translate-all.c| 59 +---
 accel/tcg/translator.c   | 39 
 4 files changed, 97 insertions(+), 41 deletions(-)

diff --git a/include/exec/translate-all.h b/include/exec/translate-all.h
index a557b4e2bb..9f646389af 100644
--- a/include/exec/translate-all.h
+++ b/include/exec/translate-all.h
@@ -33,6 +33,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, 
tb_page_addr_t end);
 void tb_check_watchpoint(CPUState *cpu, uintptr_t retaddr);
 
 #ifdef CONFIG_USER_ONLY
+void page_protect(tb_page_addr_t page_addr);
 int page_unprotect(target_ulong address, uintptr_t pc);
 #endif
 
diff --git a/include/exec/translator.h b/include/exec/translator.h
index 6c054e8d05..9bc46eda59 100644
--- a/include/exec/translator.h
+++ b/include/exec/translator.h
@@ -23,6 +23,7 @@
 #include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
 #include "exec/plugin-gen.h"
+#include "exec/translate-all.h"
 #include "tcg/tcg.h"
 
 
@@ -74,6 +75,17 @@ typedef struct DisasContextBase {
 int num_insns;
 int max_insns;
 bool singlestep_enabled;
+#ifdef CONFIG_USER_ONLY
+/*
+ * Guest address of the last byte of the last protected page.
+ *
+ * Pages containing the translated instructions are made non-writable in
+ * order to achieve consistency in case another thread is modifying the
+ * code while translate_insn() fetches the instruction bytes piecemeal.
+ * Such writer threads are blocked on mmap_lock() in page_unprotect().
+ */
+target_ulong page_protect_end;
+#endif
 } DisasContextBase;
 
 /**
@@ -156,28 +168,23 @@ bool translator_use_goto_tb(DisasContextBase *db, 
target_ulong dest);
  */
 
 #define GEN_TRANSLATOR_LD(fullname, type, load_fn, swap_fn) \
-static inline type  \
-fullname ## _swap(CPUArchState *env, DisasContextBase *dcbase,  \
-  abi_ptr pc, bool do_swap) \
-{   \
-type ret = load_fn(env, pc);\
-if (do_swap) {  \
-ret = swap_fn(ret); \
-}   \
-plugin_insn_append(, sizeof(ret));  \
-return ret; \
-}   \
+type fullname ## _swap(CPUArchState *env, DisasContextBase *dcbase, \
+   abi_ptr pc, bool do_swap);   \
 static inline type fullname(CPUArchState *env,  \
 DisasContextBase *dcbase, abi_ptr pc)   \
 {   \
 return fullname ## _swap(env, dcbase, pc, false);   \
 }
 
-GEN_TRANSLATOR_LD(translator_ldub, uint8_t, cpu_ldub_code, /* no swap */)
-GEN_TRANSLATOR_LD(translator_ldsw, int16_t, cpu_ldsw_code, bswap16)
-GEN_TRANSLATOR_LD(translator_lduw, uint16_t, cpu_lduw_code, bswap16)
-GEN_TRANSLATOR_LD(translator_ldl, uint32_t, cpu_ldl_code, bswap32)
-GEN_TRANSLATOR_LD(translator_ldq, uint64_t, cpu_ldq_code, bswap64)
+#define FOR_EACH_TRANSLATOR_LD(F)   \
+F(translator_ldub, uint8_t, cpu_ldub_code, /* no swap */)   \
+F(translator_ldsw, int16_t, cpu_ldsw_code, bswap16) \
+F(translator_lduw, uint16_t, cpu_lduw_code, bswap16)\
+F(translator_ldl, uint32_t, cpu_ldl_code, bswap32)  \
+F(translator_ldq, uint64_t, cpu_ldq_code, bswap64)
+
+FOR_EACH_TRANSLATOR_LD(GEN_TRANSLATOR_LD)
+
 #undef GEN_TRANSLATOR_LD
 
 #endif  /* EXEC__TRANSLATOR_H */
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index bbfcfb698c..fb9ebfad9e 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -1297,31 +1297,8 @@ static inline void tb_page_add(PageDesc *p, 
TranslationBlock *tb,
 invalidate_page_bitmap(p);
 
 #if defined(CONFIG_USER_ONLY)
-if (p->flags & PAGE_WRITE) {
-target_ulong addr;
-PageDesc *p2;
-

[PULL 4/9] accel/tcg: remove redundant TCG_KICK_PERIOD define

[Richard Henderson]

From: Luc Michel 

The TCG_KICK_PERIOD macro is already defined in tcg-accel-ops-rr.h.
Remove it from tcg-accel-ops-rr.c.

Signed-off-by: Luc Michel 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-Id: <20210811141229.12470-1-lmic...@kalray.eu>
Signed-off-by: Richard Henderson 
---
 accel/tcg/tcg-accel-ops-rr.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/accel/tcg/tcg-accel-ops-rr.c b/accel/tcg/tcg-accel-ops-rr.c
index c02c061ecb..a5fd26190e 100644
--- a/accel/tcg/tcg-accel-ops-rr.c
+++ b/accel/tcg/tcg-accel-ops-rr.c
@@ -60,8 +60,6 @@ void rr_kick_vcpu_thread(CPUState *unused)
 static QEMUTimer *rr_kick_vcpu_timer;
 static CPUState *rr_current_cpu;
 
-#define TCG_KICK_PERIOD (NANOSECONDS_PER_SECOND / 10)
-
 static inline int64_t rr_next_kick_time(void)
 {
 return qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + TCG_KICK_PERIOD;
-- 
2.25.1

[PULL 6/9] include/qemu: Use builtins for bswap

[Richard Henderson]

All supported compilers have builtins for this.
Drop all of the complicated system detection stuff.

Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20210708181743.750220-1-richard.hender...@linaro.org>
Signed-off-by: Richard Henderson 
---
 meson.build  |  6 -
 include/qemu/bswap.h | 53 +++-
 2 files changed, 3 insertions(+), 56 deletions(-)

diff --git a/meson.build b/meson.build
index 9a64d16943..306797c604 100644
--- a/meson.build
+++ b/meson.build
@@ -1332,8 +1332,6 @@ config_host_data.set('HAVE_STRCHRNUL', 
cc.has_function('strchrnul'))
 config_host_data.set('HAVE_SYSTEM_FUNCTION', cc.has_function('system', prefix: 
'#include '))
 
 # has_header_symbol
-config_host_data.set('CONFIG_BYTESWAP_H',
- cc.has_header_symbol('byteswap.h', 'bswap_32'))
 config_host_data.set('CONFIG_EPOLL_CREATE1',
  cc.has_header_symbol('sys/epoll.h', 'epoll_create1'))
 config_host_data.set('CONFIG_HAS_ENVIRON',
@@ -1353,10 +1351,6 @@ config_host_data.set('CONFIG_INOTIFY',
  cc.has_header_symbol('sys/inotify.h', 'inotify_init'))
 config_host_data.set('CONFIG_INOTIFY1',
  cc.has_header_symbol('sys/inotify.h', 'inotify_init1'))
-config_host_data.set('CONFIG_MACHINE_BSWAP_H',
- cc.has_header_symbol('machine/bswap.h', 'bswap32',
-  prefix: '''#include 
- #include 
'''))
 config_host_data.set('CONFIG_PRCTL_PR_SET_TIMERSLACK',
  cc.has_header_symbol('sys/prctl.h', 'PR_SET_TIMERSLACK'))
 config_host_data.set('CONFIG_RTNETLINK',
diff --git a/include/qemu/bswap.h b/include/qemu/bswap.h
index 2d3bb8bbed..9e12bd8073 100644
--- a/include/qemu/bswap.h
+++ b/include/qemu/bswap.h
@@ -1,73 +1,26 @@
 #ifndef BSWAP_H
 #define BSWAP_H
 
-#ifdef CONFIG_MACHINE_BSWAP_H
-# include 
-# include 
-#elif defined(__FreeBSD__)
-# include 
-#elif defined(__HAIKU__)
-# include 
-#elif defined(CONFIG_BYTESWAP_H)
-# include 
-#define BSWAP_FROM_BYTESWAP
-# else
-#define BSWAP_FROM_FALLBACKS
-#endif /* ! CONFIG_MACHINE_BSWAP_H */
-
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 #include "fpu/softfloat-types.h"
 
-#ifdef BSWAP_FROM_BYTESWAP
 static inline uint16_t bswap16(uint16_t x)
 {
-return bswap_16(x);
+return __builtin_bswap16(x);
 }
 
 static inline uint32_t bswap32(uint32_t x)
 {
-return bswap_32(x);
+return __builtin_bswap32(x);
 }
 
 static inline uint64_t bswap64(uint64_t x)
 {
-return bswap_64(x);
+return __builtin_bswap64(x);
 }
-#endif
-
-#ifdef BSWAP_FROM_FALLBACKS
-static inline uint16_t bswap16(uint16_t x)
-{
-return (((x & 0x00ff) << 8) |
-((x & 0xff00) >> 8));
-}
-
-static inline uint32_t bswap32(uint32_t x)
-{
-return (((x & 0x00ffU) << 24) |
-((x & 0xff00U) <<  8) |
-((x & 0x00ffU) >>  8) |
-((x & 0xff00U) >> 24));
-}
-
-static inline uint64_t bswap64(uint64_t x)
-{
-return (((x & 0x00ffULL) << 56) |
-((x & 0xff00ULL) << 40) |
-((x & 0x00ffULL) << 24) |
-((x & 0xff00ULL) <<  8) |
-((x & 0x00ffULL) >>  8) |
-((x & 0xff00ULL) >> 24) |
-((x & 0x00ffULL) >> 40) |
-((x & 0xff00ULL) >> 56));
-}
-#endif
-
-#undef BSWAP_FROM_BYTESWAP
-#undef BSWAP_FROM_FALLBACKS
 
 static inline void bswap16s(uint16_t *s)
 {
-- 
2.25.1