[RFC PATCH 3/3] spapr: implement nested-hv support for the TCG virtual hypervisor

2022-02-09 Thread Nicholas Piggin
This implements the nested-hv hcall API for spapr under TCG.
It's still a bit rough around the edges, concept seems to work.

Some HV exceptions can be raised now in the TCG spapr machine when
running a nested guest. The main ones are the lev==1 syscall, the
hdecr, hdsi and hisi, and h_virt external interrupts. These are
dealt with in the interrupt delivery code by noticing MSR[HV] raised
and instead of switching the machine to HV mode, it exits the
H_ENTER_NESTED hcall with the interrupt vector as return value as
required by the hcall API.

Address translation is provided by the 2-level page table walker
that is implemented for the pnv machine. The partition scope page
table is pointed to the L1's partition scope, and a few tests have
to take into account that nested-hv translations are 2-level. This
could perhaps be tidied up a bit e.g., with a 'bool two_level = ...'
but it's surprisingly little code.

There is no TLB tagging between L1 and L2 translations at the moment
so the TLB is flushed on any L1<->L2 transition (hcall entry and exit).

XXX: stop doing atomic RC on page table walks (not for nested but in general)

not-yet-Signed-off-by: Nicholas Piggin 
---
 hw/ppc/ppc.c   |  20 +++
 hw/ppc/spapr.c |  16 ++
 hw/ppc/spapr_caps.c|   5 +-
 hw/ppc/spapr_hcall.c   | 316 +
 include/hw/ppc/ppc.h   |   3 +
 include/hw/ppc/spapr.h |  75 -
 target/ppc/cpu.h   |   6 +
 target/ppc/excp_helper.c   |  60 ---
 target/ppc/helper_regs.c   |   1 +
 target/ppc/mmu-book3s-v3.c |  20 ++-
 target/ppc/mmu-radix64.c   |  15 +-
 11 files changed, 499 insertions(+), 38 deletions(-)

diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
index a7c262db93..135900a6f4 100644
--- a/hw/ppc/ppc.c
+++ b/hw/ppc/ppc.c
@@ -1083,6 +1083,26 @@ clk_setup_cb cpu_ppc_tb_init (CPUPPCState *env, uint32_t 
freq)
 return &cpu_ppc_set_tb_clk;
 }
 
+void cpu_ppc_hdecr_init (CPUPPCState *env)
+{
+PowerPCCPU *cpu = env_archcpu(env);
+
+assert(env->tb_env->hdecr_timer == NULL);
+
+env->tb_env->hdecr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, 
&cpu_ppc_hdecr_cb,
+ cpu);
+}
+
+void cpu_ppc_hdecr_exit (CPUPPCState *env)
+{
+PowerPCCPU *cpu = env_archcpu(env);
+
+timer_free(env->tb_env->hdecr_timer);
+env->tb_env->hdecr_timer = NULL;
+
+cpu_ppc_hdecr_lower(cpu);
+}
+
 /* Specific helpers for POWER & PowerPC 601 RTC */
 void cpu_ppc601_store_rtcu (CPUPPCState *env, uint32_t value)
 {
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 3d6ec309dd..f0c3f726f2 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1273,6 +1273,8 @@ static void emulate_spapr_hypercall(PPCVirtualHypervisor 
*vhyp,
 if (msr_pr) {
 hcall_dprintf("Hypercall made with MSR[PR]=1\n");
 env->gpr[3] = H_PRIVILEGE;
+} else if (env->gpr[3] == KVMPPC_H_ENTER_NESTED) {
+spapr_enter_nested(cpu);
 } else {
 env->gpr[3] = spapr_hypercall(cpu, env->gpr[3], &env->gpr[4]);
 }
@@ -4465,6 +4467,17 @@ PowerPCCPU *spapr_find_cpu(int vcpu_id)
 return NULL;
 }
 
+static bool spapr_cpu_in_nested(PowerPCCPU *cpu)
+{
+return cpu->in_spapr_nested;
+}
+
+static target_ulong spapr_get_nested_ptcr(PowerPCCPU *cpu, target_ulong lpid)
+{
+SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
+return spapr->nested_ptcr;
+}
+
 static void spapr_cpu_exec_enter(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu)
 {
 SpaprCpuState *spapr_cpu = spapr_cpu_state(cpu);
@@ -4573,6 +4586,9 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 fwc->get_dev_path = spapr_get_fw_dev_path;
 nc->nmi_monitor_handler = spapr_nmi;
 smc->phb_placement = spapr_phb_placement;
+vhc->cpu_in_nested = spapr_cpu_in_nested;
+vhc->get_nested_ptcr = spapr_get_nested_ptcr;
+vhc->exit_nested = spapr_exit_nested;
 vhc->hypercall = emulate_spapr_hypercall;
 vhc->hpt_mask = spapr_hpt_mask;
 vhc->map_hptes = spapr_map_hptes;
diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index ed7c077a0d..a665245f6f 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -450,10 +450,7 @@ static void cap_nested_kvm_hv_apply(SpaprMachineState 
*spapr,
 return;
 }
 
-if (tcg_enabled()) {
-error_setg(errp, "No Nested KVM-HV support in TCG");
-error_append_hint(errp, "Try appending -machine cap-nested-hv=off\n");
-} else if (kvm_enabled()) {
+if (!tcg_enabled()) {
 if (!ppc_check_compat(cpu, CPU_POWERPC_LOGICAL_3_00, 0,
   spapr->max_compat_pvr)) {
 error_setg(errp, "Nested KVM-HV only supported on POWER9");
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 222c1b6bbd..8ffb13ada0 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -9,6 +9,7 @@
 #include "qemu/error-report.h"
 #include "exec/exec-all.h"
 #include "helper_regs.h"
+#include "hw/ppc/ppc.h"
 

Re: [PATCH 3/3] isa/piix4: Resolve global variables

2022-02-09 Thread Michael S. Tsirkin
On Thu, Feb 10, 2022 at 12:16:34AM +0100, BB wrote:
> Am 30. Januar 2022 23:53:42 MEZ schrieb "Philippe Mathieu-Daudé" 
> :
> >On 14/1/22 14:36, Peter Maydell wrote:
> >> On Wed, 12 Jan 2022 at 22:02, Bernhard Beschow  wrote:
> >>>
> >>> Now that piix4_set_irq's opaque parameter references own PIIX4State,
> >>> piix4_dev becomes redundant and pci_irq_levels can be moved into 
> >>> PIIX4State.
> >>>
> >>> Signed-off-by: Bernhard Beschow 
> >>> ---
> >>>   hw/isa/piix4.c| 22 +-
> >>>   include/hw/southbridge/piix.h |  2 --
> >>>   2 files changed, 9 insertions(+), 15 deletions(-)
> >>>
> >>> diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
> >>> index a31e9714cf..964e09cf7f 100644
> >>> --- a/hw/isa/piix4.c
> >>> +++ b/hw/isa/piix4.c
> >>> @@ -39,14 +39,14 @@
> >>>   #include "sysemu/runstate.h"
> >>>   #include "qom/object.h"
> >>>
> >>> -PCIDevice *piix4_dev;
> >>> -
> >>>   struct PIIX4State {
> >>>   PCIDevice dev;
> >>>   qemu_irq cpu_intr;
> >>>   qemu_irq *isa;
> >>>   qemu_irq i8259[ISA_NUM_IRQS];
> >>>
> >>> +int pci_irq_levels[PIIX_NUM_PIRQS];
> >>> +
> >> 
> >> I wondered how we were migrating this state, and the answer
> >> seems to be that we aren't (and weren't before, when it was
> >> a global variable, so this is a pre-existing bug).
> >
> >Indeed the migrated VM starts with PCI IRQ levels zeroed.
> >
> >> Does the malta platform support migration save/load?
> >
> >Maybe a "best effort" support, but not versioned machines.
> >
> >> We should probably add this field to the vmstate struct
> >> (which will be a migration compatibility break, which is OK
> >> as the malta board isn't versioned.)
> >
> >Yeah good catch.
> >
> >Bernhard, do you mind adding it?
> 
> Sure, I'll give it a try. Shall I submit a v2 of this patch series then? If 
> so, would it be ok to change the topic of the cover letter or would that be 
> confusing?

It's ok to change the subject of the cover letter.

> Last but not least: How to treat the version_id and the version parameters of 
> the new and existing fields?
> 
> Regards,
> 
> Bernhard.




[RFC PATCH 0/3] spapr: nested-hv support for TCG

2022-02-09 Thread Nicholas Piggin
Here's a little thing I've been hacking on. I was pretty amazed I
could even get it working, let alone being so small and not too
horrible to look at. A few people thought it would be useful for
prototyping and hacking and running kvm tests, etc. So, thoughts
on the overall idea and code structure?

There's possibly a few layering violations there with me short-cutting
and not calling vhc method for checking cpu in nested at least, and a
bit of cleanup and few loose ends, but hopefully nothing fundamentally
terrible.

It works and boots an L2 into a distro with unmodified Linux kernels
running in the L1 and L2.

Thanks,
Nick

Nicholas Piggin (3):
  target/ppc: raise HV interrupts for partition table entry problems
  spapr: prevent hdec timer being set up under virtual hypervisor
  spapr: implement nested-hv support for the TCG virtual hypervisor

 hw/ppc/ppc.c   |  22 ++-
 hw/ppc/spapr.c |  16 ++
 hw/ppc/spapr_caps.c|   5 +-
 hw/ppc/spapr_cpu_core.c|   6 +-
 hw/ppc/spapr_hcall.c   | 316 +
 include/hw/ppc/ppc.h   |   3 +
 include/hw/ppc/spapr.h |  75 -
 target/ppc/cpu.h   |   6 +
 target/ppc/excp_helper.c   |  60 ---
 target/ppc/helper_regs.c   |   1 +
 target/ppc/mmu-book3s-v3.c |  20 ++-
 target/ppc/mmu-radix64.c   |  19 +--
 12 files changed, 505 insertions(+), 44 deletions(-)

-- 
2.23.0




[RFC PATCH 1/3] target/ppc: raise HV interrupts for partition table entry problems

2022-02-09 Thread Nicholas Piggin
These are an HV exception. Not 100% sure what HDSISR bits to set in case of
an empty table -- not sure what hardware does.

not-yet-Signed-off-by: Nicholas Piggin 
---
 target/ppc/mmu-radix64.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
index 040c055bff..54fb3ce98d 100644
--- a/target/ppc/mmu-radix64.c
+++ b/target/ppc/mmu-radix64.c
@@ -560,13 +560,13 @@ static bool ppc_radix64_xlate_impl(PowerPCCPU *cpu, vaddr 
eaddr,
 } else {
 if (!ppc64_v3_get_pate(cpu, lpid, &pate)) {
 if (guest_visible) {
-ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_NOPTE);
+ppc_radix64_raise_hsi(cpu, access_type, eaddr, eaddr, 
DSISR_R_BADCONFIG);
 }
 return false;
 }
 if (!validate_pate(cpu, lpid, &pate)) {
 if (guest_visible) {
-ppc_radix64_raise_si(cpu, access_type, eaddr, 
DSISR_R_BADCONFIG);
+ppc_radix64_raise_hsi(cpu, access_type, eaddr, eaddr, 
DSISR_R_BADCONFIG);
 }
 return false;
 }
-- 
2.23.0




[RFC PATCH 2/3] spapr: prevent hdec timer being set up under virtual hypervisor

2022-02-09 Thread Nicholas Piggin
The spapr virtual hypervisor does not require the hdecr timer.
Remove it.

not-yet-Signed-off-by: Nicholas Piggin 
---
 hw/ppc/ppc.c| 2 +-
 hw/ppc/spapr_cpu_core.c | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
index 462c87dba8..a7c262db93 100644
--- a/hw/ppc/ppc.c
+++ b/hw/ppc/ppc.c
@@ -1072,7 +1072,7 @@ clk_setup_cb cpu_ppc_tb_init (CPUPPCState *env, uint32_t 
freq)
 }
 /* Create new timer */
 tb_env->decr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, &cpu_ppc_decr_cb, 
cpu);
-if (env->has_hv_mode) {
+if (env->has_hv_mode && !cpu->vhyp) {
 tb_env->hdecr_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, 
&cpu_ppc_hdecr_cb,
 cpu);
 } else {
diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index a781e97f8d..ed84713960 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -261,12 +261,12 @@ static bool spapr_realize_vcpu(PowerPCCPU *cpu, 
SpaprMachineState *spapr,
 return false;
 }
 
-/* Set time-base frequency to 512 MHz */
-cpu_ppc_tb_init(env, SPAPR_TIMEBASE_FREQ);
-
 cpu_ppc_set_vhyp(cpu, PPC_VIRTUAL_HYPERVISOR(spapr));
 kvmppc_set_papr(cpu);
 
+/* Set time-base frequency to 512 MHz. vhyp must be set first. */
+cpu_ppc_tb_init(env, SPAPR_TIMEBASE_FREQ);
+
 if (spapr_irq_cpu_intc_create(spapr, cpu, errp) < 0) {
 qdev_unrealize(DEVICE(cpu));
 return false;
-- 
2.23.0




[PATCH 0/4] OpenRISC Device Tree Support

2022-02-09 Thread Stafford Horne
This series adds device tree support for the OpenRISC SIM hardware.

The simulator will generate an FDT and pass it to the kernel.

For example:
  qemu-system-or1k -cpu or1200 -M or1k-sim \
-kernel /home/shorne/work/linux/vmlinux \
-initrd /home/shorne/work/linux/initramfs.cpio.gz \
-serial mon:stdio -nographic -gdb tcp::10001 -m 32

Using the linux kernel or1ksim_defconfig we can remove the built-in
dts and the kernel will boot as expected.  The real benefit here is
being able to specify an external initrd which qemu will load into
memory and the device tree will tell the kernel where to find it.

-Stafford

Stafford Horne (4):
  hw/openrisc/openrisc_sim: Create machine state for or1ksim
  hw/openrisc/openrisc_sim: Paramatarize initialization
  hw/openrisc/openrisc_sim; Add support for loading a decice tree
  hw/openrisc/openrisc_sim: Add support for initrd loading

 hw/openrisc/openrisc_sim.c | 261 +++--
 1 file changed, 247 insertions(+), 14 deletions(-)

-- 
2.31.1




[PATCH 1/4] hw/openrisc/openrisc_sim: Create machine state for or1ksim

2022-02-09 Thread Stafford Horne
This will allow us to attach machine state attributes like
the device tree fdt.

Signed-off-by: Stafford Horne 
---
 hw/openrisc/openrisc_sim.c | 31 +--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c
index 73fe383c2d..b83cc1c191 100644
--- a/hw/openrisc/openrisc_sim.c
+++ b/hw/openrisc/openrisc_sim.c
@@ -37,6 +37,18 @@
 
 #define KERNEL_LOAD_ADDR 0x100
 
+#define TYPE_OR1KSIM_MACHINE MACHINE_TYPE_NAME("or1k-sim")
+#define OR1KSIM_MACHINE(obj) \
+OBJECT_CHECK(Or1ksimState, (obj), TYPE_OR1KSIM_MACHINE)
+
+typedef struct Or1ksimState {
+/*< private >*/
+MachineState parent_obj;
+
+/*< public >*/
+
+} Or1ksimState;
+
 static struct openrisc_boot_info {
 uint32_t bootstrap_pc;
 } boot_info;
@@ -141,6 +153,7 @@ static void openrisc_sim_init(MachineState *machine)
 ram_addr_t ram_size = machine->ram_size;
 const char *kernel_filename = machine->kernel_filename;
 OpenRISCCPU *cpus[2] = {};
+Or1ksimState *s = OR1KSIM_MACHINE(machine);
 MemoryRegion *ram;
 qemu_irq serial_irq;
 int n;
@@ -183,8 +196,10 @@ static void openrisc_sim_init(MachineState *machine)
 openrisc_load_kernel(ram_size, kernel_filename);
 }
 
-static void openrisc_sim_machine_init(MachineClass *mc)
+static void openrisc_sim_machine_init(ObjectClass *oc, void *data)
 {
+MachineClass *mc = MACHINE_CLASS(oc);
+
 mc->desc = "or1k simulation";
 mc->init = openrisc_sim_init;
 mc->max_cpus = 2;
@@ -192,4 +207,16 @@ static void openrisc_sim_machine_init(MachineClass *mc)
 mc->default_cpu_type = OPENRISC_CPU_TYPE_NAME("or1200");
 }
 
-DEFINE_MACHINE("or1k-sim", openrisc_sim_machine_init)
+static const TypeInfo or1ksim_machine_typeinfo = {
+.name   = TYPE_OR1KSIM_MACHINE,
+.parent = TYPE_MACHINE,
+.class_init = openrisc_sim_machine_init,
+.instance_size = sizeof(Or1ksimState),
+};
+
+static void or1ksim_machine_init_register_types(void)
+{
+type_register_static(&or1ksim_machine_typeinfo);
+}
+
+type_init(or1ksim_machine_init_register_types)
-- 
2.31.1




[PATCH 2/4] hw/openrisc/openrisc_sim: Paramatarize initialization

2022-02-09 Thread Stafford Horne
Move magic numbers to variables and enums. These will be
reused for upcoming fdt initialization.

Signed-off-by: Stafford Horne 
---
 hw/openrisc/openrisc_sim.c | 42 ++
 1 file changed, 34 insertions(+), 8 deletions(-)

diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c
index b83cc1c191..5a0cc4d27e 100644
--- a/hw/openrisc/openrisc_sim.c
+++ b/hw/openrisc/openrisc_sim.c
@@ -49,6 +49,29 @@ typedef struct Or1ksimState {
 
 } Or1ksimState;
 
+enum {
+OR1KSIM_DRAM,
+OR1KSIM_UART,
+OR1KSIM_ETHOC,
+OR1KSIM_OMPIC,
+};
+
+enum {
+OR1KSIM_OMPIC_IRQ = 1,
+OR1KSIM_UART_IRQ = 2,
+OR1KSIM_ETHOC_IRQ = 4,
+};
+
+static const struct MemmapEntry {
+hwaddr base;
+hwaddr size;
+} or1ksim_memmap[] = {
+[OR1KSIM_DRAM] =  { 0x,  0 },
+[OR1KSIM_UART] =  { 0x9000,  0x100 },
+[OR1KSIM_ETHOC] = { 0x9200,  0x800 },
+[OR1KSIM_OMPIC] = { 0x9800, 16 },
+};
+
 static struct openrisc_boot_info {
 uint32_t bootstrap_pc;
 } boot_info;
@@ -177,21 +200,24 @@ static void openrisc_sim_init(MachineState *machine)
 memory_region_add_subregion(get_system_memory(), 0, ram);
 
 if (nd_table[0].used) {
-openrisc_sim_net_init(0x9200, 0x92000400, smp_cpus,
-  cpus, 4, nd_table);
+openrisc_sim_net_init(or1ksim_memmap[OR1KSIM_ETHOC].base,
+  or1ksim_memmap[OR1KSIM_ETHOC].base + 0x400,
+  smp_cpus, cpus,
+  OR1KSIM_ETHOC_IRQ, nd_table);
 }
 
 if (smp_cpus > 1) {
-openrisc_sim_ompic_init(0x9800, smp_cpus, cpus, 1);
+openrisc_sim_ompic_init(or1ksim_memmap[OR1KSIM_OMPIC].base, smp_cpus,
+cpus, OR1KSIM_OMPIC_IRQ);
 
-serial_irq = qemu_irq_split(get_cpu_irq(cpus, 0, 2),
-get_cpu_irq(cpus, 1, 2));
+serial_irq = qemu_irq_split(get_cpu_irq(cpus, 0, OR1KSIM_UART_IRQ),
+get_cpu_irq(cpus, 1, OR1KSIM_UART_IRQ));
 } else {
-serial_irq = get_cpu_irq(cpus, 0, 2);
+serial_irq = get_cpu_irq(cpus, 0, OR1KSIM_UART_IRQ);
 }
 
-serial_mm_init(get_system_memory(), 0x9000, 0, serial_irq,
-   115200, serial_hd(0), DEVICE_NATIVE_ENDIAN);
+serial_mm_init(get_system_memory(), or1ksim_memmap[OR1KSIM_UART].base, 0,
+   serial_irq, 115200, serial_hd(0), DEVICE_NATIVE_ENDIAN);
 
 openrisc_load_kernel(ram_size, kernel_filename);
 }
-- 
2.31.1




[PATCH 3/4] hw/openrisc/openrisc_sim; Add support for loading a decice tree

2022-02-09 Thread Stafford Horne
Using the device tree means that qemu can now directly tell
the kernel what hardware is configured rather than use having
to maintain and update a separate device tree file.

This patch adds device tree support for the OpenRISC simulator.
A device tree is built up based on the state of the configure
openrisc simulator.

This is then dumpt to memory and the load address is passed to the
kernel in register r3.

Signed-off-by: Stafford Horne 
---
 hw/openrisc/openrisc_sim.c | 158 -
 1 file changed, 154 insertions(+), 4 deletions(-)

diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c
index 5a0cc4d27e..d7c26af82c 100644
--- a/hw/openrisc/openrisc_sim.c
+++ b/hw/openrisc/openrisc_sim.c
@@ -29,14 +29,20 @@
 #include "net/net.h"
 #include "hw/loader.h"
 #include "hw/qdev-properties.h"
+#include "exec/address-spaces.h"
+#include "sysemu/device_tree.h"
 #include "sysemu/sysemu.h"
 #include "hw/sysbus.h"
 #include "sysemu/qtest.h"
 #include "sysemu/reset.h"
 #include "hw/core/split-irq.h"
 
+#include 
+
 #define KERNEL_LOAD_ADDR 0x100
 
+#define OR1KSIM_CLK_MHZ 2000
+
 #define TYPE_OR1KSIM_MACHINE MACHINE_TYPE_NAME("or1k-sim")
 #define OR1KSIM_MACHINE(obj) \
 OBJECT_CHECK(Or1ksimState, (obj), TYPE_OR1KSIM_MACHINE)
@@ -46,6 +52,8 @@ typedef struct Or1ksimState {
 MachineState parent_obj;
 
 /*< public >*/
+void *fdt;
+int fdt_size;
 
 } Or1ksimState;
 
@@ -74,6 +82,7 @@ static const struct MemmapEntry {
 
 static struct openrisc_boot_info {
 uint32_t bootstrap_pc;
+uint32_t fdt_addr;
 } boot_info;
 
 static void main_cpu_reset(void *opaque)
@@ -84,6 +93,7 @@ static void main_cpu_reset(void *opaque)
 cpu_reset(CPU(cpu));
 
 cpu_set_pc(cs, boot_info.bootstrap_pc);
+cpu_set_gpr(&cpu->env, 3, boot_info.fdt_addr);
 }
 
 static qemu_irq get_cpu_irq(OpenRISCCPU *cpus[], int cpunum, int irq_pin)
@@ -137,26 +147,29 @@ static void openrisc_sim_ompic_init(hwaddr base, int 
num_cpus,
 sysbus_mmio_map(s, 0, base);
 }
 
-static void openrisc_load_kernel(ram_addr_t ram_size,
+static hwaddr openrisc_load_kernel(ram_addr_t ram_size,
  const char *kernel_filename)
 {
 long kernel_size;
 uint64_t elf_entry;
+uint64_t high_addr;
 hwaddr entry;
 
 if (kernel_filename && !qtest_enabled()) {
 kernel_size = load_elf(kernel_filename, NULL, NULL, NULL,
-   &elf_entry, NULL, NULL, NULL, 1, EM_OPENRISC,
-   1, 0);
+   &elf_entry, NULL, &high_addr, NULL, 1,
+   EM_OPENRISC, 1, 0);
 entry = elf_entry;
 if (kernel_size < 0) {
 kernel_size = load_uimage(kernel_filename,
   &entry, NULL, NULL, NULL, NULL);
+high_addr = entry + kernel_size;
 }
 if (kernel_size < 0) {
 kernel_size = load_image_targphys(kernel_filename,
   KERNEL_LOAD_ADDR,
   ram_size - KERNEL_LOAD_ADDR);
+high_addr = KERNEL_LOAD_ADDR + kernel_size;
 }
 
 if (entry <= 0) {
@@ -168,7 +181,139 @@ static void openrisc_load_kernel(ram_addr_t ram_size,
 exit(1);
 }
 boot_info.bootstrap_pc = entry;
+
+return high_addr;
+}
+return 0;
+}
+
+static uint32_t openrisc_load_fdt(Or1ksimState *s, hwaddr load_start,
+uint64_t mem_size)
+{
+uint32_t fdt_addr;
+int fdtsize = fdt_totalsize(s->fdt);
+
+if (fdtsize <= 0) {
+error_report("invalid device-tree");
+exit(1);
+}
+
+/* We should put fdt right after the kernel */
+fdt_addr = ROUND_UP(load_start, 4);
+
+fdt_pack(s->fdt);
+/* copy in the device tree */
+qemu_fdt_dumpdtb(s->fdt, fdtsize);
+
+rom_add_blob_fixed_as("fdt", s->fdt, fdtsize, fdt_addr,
+  &address_space_memory);
+
+return fdt_addr;
+}
+
+static void openrisc_create_fdt(Or1ksimState *s,
+const struct MemmapEntry *memmap, int num_cpus, uint64_t mem_size,
+const char *cmdline)
+{
+void *fdt;
+int cpu;
+char *nodename;
+int pic_ph;
+
+fdt = s->fdt = create_device_tree(&s->fdt_size);
+if (!fdt) {
+error_report("create_device_tree() failed");
+exit(1);
+}
+
+qemu_fdt_setprop_string(fdt, "/", "compatible", "opencores,or1ksim");
+qemu_fdt_setprop_cell(fdt, "/", "#address-cells", 0x1);
+qemu_fdt_setprop_cell(fdt, "/", "#size-cells", 0x1);
+
+nodename = g_strdup_printf("/memory@%lx",
+   (long)memmap[OR1KSIM_DRAM].base);
+qemu_fdt_add_subnode(fdt, nodename);
+qemu_fdt_setprop_cells(fdt, nodename, "reg",
+   memmap[OR1KSIM_DRAM].base, mem_size);
+qemu_fdt_setprop_string(fdt, nodename, "device_type", "memory");
+g_free(nodename);
+
+qemu_fdt_add_sub

[PATCH 4/4] hw/openrisc/openrisc_sim: Add support for initrd loading

2022-02-09 Thread Stafford Horne
The loaded initrd is loaded into memory.  It's location and size is then
added to the device tree so the kernel knows where to find it.

Signed-off-by: Stafford Horne 
---
 hw/openrisc/openrisc_sim.c | 32 +++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c
index d7c26af82c..5354797e20 100644
--- a/hw/openrisc/openrisc_sim.c
+++ b/hw/openrisc/openrisc_sim.c
@@ -187,6 +187,32 @@ static hwaddr openrisc_load_kernel(ram_addr_t ram_size,
 return 0;
 }
 
+static hwaddr openrisc_load_initrd(Or1ksimState *s, const char *filename,
+hwaddr load_start, uint64_t mem_size)
+{
+int size;
+hwaddr start;
+
+/* We put the initrd right after the kernel; page aligned. */
+start = TARGET_PAGE_ALIGN(load_start);
+
+size = load_ramdisk(filename, start, mem_size - start);
+if (size < 0) {
+size = load_image_targphys(filename, start, mem_size - start);
+if (size < 0) {
+error_report("could not load ramdisk '%s'", filename);
+exit(1);
+}
+}
+
+qemu_fdt_setprop_cell(s->fdt, "/chosen",
+  "linux,initrd-start", start);
+qemu_fdt_setprop_cell(s->fdt, "/chosen",
+  "linux,initrd-end", start + size);
+
+return start + size;
+}
+
 static uint32_t openrisc_load_fdt(Or1ksimState *s, hwaddr load_start,
 uint64_t mem_size)
 {
@@ -198,7 +224,7 @@ static uint32_t openrisc_load_fdt(Or1ksimState *s, hwaddr 
load_start,
 exit(1);
 }
 
-/* We should put fdt right after the kernel */
+/* We put fdt right after the kernel and/or initrd. */
 fdt_addr = ROUND_UP(load_start, 4);
 
 fdt_pack(s->fdt);
@@ -369,6 +395,10 @@ static void openrisc_sim_init(MachineState *machine)
 machine->kernel_cmdline);
 
 load_addr = openrisc_load_kernel(ram_size, kernel_filename);
+if (machine->initrd_filename) {
+load_addr = openrisc_load_initrd(s, machine->initrd_filename,
+ load_addr, machine->ram_size);
+}
 boot_info.fdt_addr = openrisc_load_fdt(s, load_addr, machine->ram_size);
 }
 
-- 
2.31.1




[RFC PATCH v2 2/3] hw/intc: Support 32/64-bit mtimecmp and mtime accesses in RISC-V ACLINT

2022-02-09 Thread frank . chang
From: Frank Chang 

RISC-V privilege spec defines that:

* In RV32, memory-mapped writes to mtimecmp modify only one 32-bit part
  of the register.
* For RV64, naturally aligned 64-bit memory accesses to the mtime and
  mtimecmp registers are additionally supported and are atomic.

It's possible to perform both 32/64-bit read/write accesses to both
mtimecmp and mtime registers.

Signed-off-by: Frank Chang 
---
 hw/intc/riscv_aclint.c | 26 --
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/hw/intc/riscv_aclint.c b/hw/intc/riscv_aclint.c
index 3b598d8a7e..e7b103e83a 100644
--- a/hw/intc/riscv_aclint.c
+++ b/hw/intc/riscv_aclint.c
@@ -126,9 +126,9 @@ static uint64_t riscv_aclint_mtimer_read(void *opaque, 
hwaddr addr,
 qemu_log_mask(LOG_GUEST_ERROR,
   "aclint-mtimer: invalid hartid: %zu", hartid);
 } else if ((addr & 0x7) == 0) {
-/* timecmp_lo */
+/* timecmp_lo for RV32/RV64 or timecmp for RV64 */
 uint64_t timecmp = env->timecmp;
-return timecmp & 0x;
+return (size == 4) ? (timecmp & 0x) : timecmp;
 } else if ((addr & 0x7) == 4) {
 /* timecmp_hi */
 uint64_t timecmp = env->timecmp;
@@ -139,8 +139,9 @@ static uint64_t riscv_aclint_mtimer_read(void *opaque, 
hwaddr addr,
 return 0;
 }
 } else if (addr == mtimer->time_base) {
-/* time_lo */
-return cpu_riscv_read_rtc(mtimer->timebase_freq) & 0x;
+/* time_lo for RV32/RV64 or timecmp for RV64 */
+uint64_t rtc = cpu_riscv_read_rtc(mtimer->timebase_freq);
+return (size == 4) ? (rtc & 0x) : rtc;
 } else if (addr == mtimer->time_base + 4) {
 /* time_hi */
 return (cpu_riscv_read_rtc(mtimer->timebase_freq) >> 32) & 0x;
@@ -167,12 +168,17 @@ static void riscv_aclint_mtimer_write(void *opaque, 
hwaddr addr,
 qemu_log_mask(LOG_GUEST_ERROR,
   "aclint-mtimer: invalid hartid: %zu", hartid);
 } else if ((addr & 0x7) == 0) {
-/* timecmp_lo */
-uint64_t timecmp_hi = env->timecmp >> 32;
-riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu), hartid,
-timecmp_hi << 32 | (value & 0x),
-mtimer->timebase_freq);
-return;
+if (size == 4) {
+/* timecmp_lo for RV32/RV64 */
+uint64_t timecmp_hi = env->timecmp >> 32;
+riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu), 
hartid,
+timecmp_hi << 32 | (value & 0x),
+mtimer->timebase_freq);
+} else {
+/* timecmp for RV64 */
+riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu), 
hartid,
+  value, 
mtimer->timebase_freq);
+}
 } else if ((addr & 0x7) == 4) {
 /* timecmp_hi */
 uint64_t timecmp_lo = env->timecmp;
-- 
2.31.1




[RFC PATCH v2 0/3] Support ACLINT 32/64-bit mtimecmp/mtime read/write accesses

2022-02-09 Thread frank . chang
From: Frank Chang 

This patchset makes ACLINT mtime to be writable as RISC-V privilege
spec defines that mtime is exposed as a memory-mapped machine-mode
read-write register. Also, mtimecmp and mtime should be 32/64-bit memory
accessible registers.

This patchset is the updated verion of:
https://patchew.org/QEMU/20220126095448.2964-1-frank.ch...@sifive.com/

Changelog:

v2:
  * Support 32/64-bit mtimecmp/mtime memory accesses.
  * Add .impl.[min|max]_access_size declaration.

Frank Chang (3):
  hw/intc: Add .impl.[min|max]_access_size declaration in RISC-V ACLINT
  hw/intc: Support 32/64-bit mtimecmp and mtime accesses in RISC-V
ACLINT
  hw/intc: Make RISC-V ACLINT mtime MMIO register writable

 hw/intc/riscv_aclint.c | 87 +++---
 include/hw/intc/riscv_aclint.h |  1 +
 target/riscv/cpu.h |  8 ++--
 target/riscv/cpu_helper.c  |  4 +-
 4 files changed, 66 insertions(+), 34 deletions(-)

--
2.31.1




[RFC PATCH v2 1/3] hw/intc: Add .impl.[min|max]_access_size declaration in RISC-V ACLINT

2022-02-09 Thread frank . chang
From: Frank Chang 

If device's MemoryRegion doesn't have .impl.[min|max]_access_size
declaration, the default access_size_min would be 1 byte and
access_size_max would be 4 bytes (see: softmmu/memory.c).
This will cause a 64-bit memory access to ACLINT to be splitted into
two 32-bit memory accesses.

Signed-off-by: Frank Chang 
---
 hw/intc/riscv_aclint.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/hw/intc/riscv_aclint.c b/hw/intc/riscv_aclint.c
index f1a5d3d284..3b598d8a7e 100644
--- a/hw/intc/riscv_aclint.c
+++ b/hw/intc/riscv_aclint.c
@@ -208,6 +208,10 @@ static const MemoryRegionOps riscv_aclint_mtimer_ops = {
 .valid = {
 .min_access_size = 4,
 .max_access_size = 8
+},
+.impl = {
+.min_access_size = 4,
+.max_access_size = 8,
 }
 };
 
-- 
2.31.1




[RFC PATCH v2 3/3] hw/intc: Make RISC-V ACLINT mtime MMIO register writable

2022-02-09 Thread frank . chang
From: Frank Chang 

RISC-V privilege spec defines that mtime is exposed as a memory-mapped
machine-mode read-write register. However, as QEMU uses host monotonic
timer as timer source, this makes mtime to be read-only in RISC-V
ACLINT.

This patch makes mtime to be writable by recording the time delta value
between the mtime value to be written and the timer value at the time
mtime is written. Time delta value is then added back whenever the timer
value is retrieved.

Signed-off-by: Frank Chang 
---
 hw/intc/riscv_aclint.c | 65 ++
 include/hw/intc/riscv_aclint.h |  1 +
 target/riscv/cpu.h |  8 ++---
 target/riscv/cpu_helper.c  |  4 +--
 4 files changed, 50 insertions(+), 28 deletions(-)

diff --git a/hw/intc/riscv_aclint.c b/hw/intc/riscv_aclint.c
index e7b103e83a..2d7d7361be 100644
--- a/hw/intc/riscv_aclint.c
+++ b/hw/intc/riscv_aclint.c
@@ -38,12 +38,18 @@ typedef struct riscv_aclint_mtimer_callback {
 int num;
 } riscv_aclint_mtimer_callback;
 
-static uint64_t cpu_riscv_read_rtc(uint32_t timebase_freq)
+static uint64_t cpu_riscv_read_rtc_raw(uint32_t timebase_freq)
 {
 return muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL),
 timebase_freq, NANOSECONDS_PER_SECOND);
 }
 
+static uint64_t cpu_riscv_read_rtc(void *opaque)
+{
+RISCVAclintMTimerState *mtimer = opaque;
+return cpu_riscv_read_rtc_raw(mtimer->timebase_freq) + mtimer->time_delta;
+}
+
 /*
  * Called when timecmp is written to update the QEMU timer or immediately
  * trigger timer interrupt if mtimecmp <= current timer value.
@@ -51,13 +57,13 @@ static uint64_t cpu_riscv_read_rtc(uint32_t timebase_freq)
 static void riscv_aclint_mtimer_write_timecmp(RISCVAclintMTimerState *mtimer,
   RISCVCPU *cpu,
   int hartid,
-  uint64_t value,
-  uint32_t timebase_freq)
+  uint64_t value)
 {
+uint32_t timebase_freq = mtimer->timebase_freq;
 uint64_t next;
 uint64_t diff;
 
-uint64_t rtc_r = cpu_riscv_read_rtc(timebase_freq);
+uint64_t rtc_r = cpu_riscv_read_rtc(mtimer);
 
 cpu->env.timecmp = value;
 if (cpu->env.timecmp <= rtc_r) {
@@ -140,11 +146,11 @@ static uint64_t riscv_aclint_mtimer_read(void *opaque, 
hwaddr addr,
 }
 } else if (addr == mtimer->time_base) {
 /* time_lo for RV32/RV64 or timecmp for RV64 */
-uint64_t rtc = cpu_riscv_read_rtc(mtimer->timebase_freq);
+uint64_t rtc = cpu_riscv_read_rtc(mtimer);
 return (size == 4) ? (rtc & 0x) : rtc;
 } else if (addr == mtimer->time_base + 4) {
 /* time_hi */
-return (cpu_riscv_read_rtc(mtimer->timebase_freq) >> 32) & 0x;
+return (cpu_riscv_read_rtc(mtimer) >> 32) & 0x;
 }
 
 qemu_log_mask(LOG_UNIMP,
@@ -157,6 +163,7 @@ static void riscv_aclint_mtimer_write(void *opaque, hwaddr 
addr,
 uint64_t value, unsigned size)
 {
 RISCVAclintMTimerState *mtimer = opaque;
+int i;
 
 if (addr >= mtimer->timecmp_base &&
 addr < (mtimer->timecmp_base + (mtimer->num_harts << 3))) {
@@ -172,35 +179,49 @@ static void riscv_aclint_mtimer_write(void *opaque, 
hwaddr addr,
 /* timecmp_lo for RV32/RV64 */
 uint64_t timecmp_hi = env->timecmp >> 32;
 riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu), 
hartid,
-timecmp_hi << 32 | (value & 0x),
-mtimer->timebase_freq);
+timecmp_hi << 32 | (value & 0x));
 } else {
 /* timecmp for RV64 */
 riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu), 
hartid,
-  value, 
mtimer->timebase_freq);
+  value);
 }
 } else if ((addr & 0x7) == 4) {
 /* timecmp_hi */
 uint64_t timecmp_lo = env->timecmp;
 riscv_aclint_mtimer_write_timecmp(mtimer, RISCV_CPU(cpu), hartid,
-value << 32 | (timecmp_lo & 0x),
-mtimer->timebase_freq);
+value << 32 | (timecmp_lo & 0x));
 } else {
 qemu_log_mask(LOG_UNIMP,
   "aclint-mtimer: invalid timecmp write: %08x",
   (uint32_t)addr);
 }
 return;
-} else if (addr == mtimer->time_base) {
-/* time_lo */
-qemu_log_mask(LOG_UNIMP,
-  "aclint-mtimer: time_lo write not implemented");
-return;
-} else if (addr == mtimer->time_base + 4) {
-/* time_hi */
-qemu_log_mask(LOG_UNIMP,
-  "aclint-mtimer: time_hi write not implemented");
-return;
+} else if (addr == mtimer

Re: [PATCH v2 1/2] hw/misc: Supporting AST2600 HACE accumulative mode

2022-02-09 Thread Troy Lee
Hi Joel,

On Tue, Feb 8, 2022 at 6:46 PM Joel Stanley  wrote:
>
> Hello Troy,
>
> On Wed, 12 Jan 2022 at 08:10, Troy Lee  wrote:
> >
> > Accumulative mode will supply a initial state and append padding bit at
> > the end of hash stream.  However, the crypto library will padding those
> > bit automatically, so ripped it off from iov array.
> >
> > The aspeed ast2600 acculumative mode is described in datasheet
> > ast2600v10.pdf section 25.6.4:
> >  1. Allocationg and initiating accumulative hash digest write buffer
> > with initial state.
> > * Since QEMU crypto/hash api doesn't provide the API to set initial
> >   state of hash library, and the initial state is already setted by
> >   crypto library (gcrypt/glib/...), so skip this step.
> >  2. Calculating accumulative hash digest.
> > (a) When receiving the last accumulative data, software need to add
> > padding message at the end of the accumulative data. Padding
> > message described in specific of MD5, SHA-1, SHA224, SHA256,
> > SHA512, SHA512/224, SHA512/256.
> > * Since the crypto library (gcrypt/glib) already pad the
> >   padding message internally.
> > * This patch is to remove the padding message which fed byguest
> >   machine driver.
>
>
> I tested the latest aspeed SDK u-boot, loaded form mmc (with our mmc
> model that lives in Cedric's tree) and qemu crashed:
>
> #0  0x7fe867d44932 in ?? () from 
> /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
> #1  0x557aba2b6e22 in qcrypto_glib_hash_bytesv (alg= out>, iov=0x7fe8662ee0b0, niov=1, result=0x7fe8662ee0a8,
> resultlen=0x7fe8662ee0a0, errp=0x0) at ../crypto/hash-glib.c:68
> #2  0x557ab9f549ea in do_hash_operation (s=s@entry=0x7fe866e1b3b0,
> algo=5, sg_mode=sg_mode@entry=true, acc_mode=acc_mode@entry=true) at
> ../hw/misc/aspeed_hace.c:161
> #3  0x557ab9f54dd1 in aspeed_hace_write (opaque=,
> addr=12, data=262504, size=) at
> ../hw/misc/aspeed_hace.c:260
>
> WIthout your patch applied the HACE operation fails, as we do not have
> support for accumulative mode, but we do not crash.

I'll double check on this issue.

> >
> > Changes in v2:
> > - Coding style
> > - Add accumulative mode description in comment
> >
> > Signed-off-by: Troy Lee 
> > ---
> >  hw/misc/aspeed_hace.c | 43 ---
> >  include/hw/misc/aspeed_hace.h |  1 +
> >  2 files changed, 36 insertions(+), 8 deletions(-)
> >
> > diff --git a/hw/misc/aspeed_hace.c b/hw/misc/aspeed_hace.c
> > index 10f00e65f4..0710f44621 100644
> > --- a/hw/misc/aspeed_hace.c
> > +++ b/hw/misc/aspeed_hace.c
> > @@ -11,6 +11,7 @@
> >  #include "qemu/osdep.h"
> >  #include "qemu/log.h"
> >  #include "qemu/error-report.h"
> > +#include "qemu/bswap.h"
> >  #include "hw/misc/aspeed_hace.h"
> >  #include "qapi/error.h"
> >  #include "migration/vmstate.h"
> > @@ -27,6 +28,7 @@
> >
> >  #define R_HASH_SRC  (0x20 / 4)
> >  #define R_HASH_DEST (0x24 / 4)
> > +#define R_HASH_KEY_BUFF (0x28 / 4)
> >  #define R_HASH_SRC_LEN  (0x2c / 4)
> >
> >  #define R_HASH_CMD  (0x30 / 4)
> > @@ -94,7 +96,8 @@ static int hash_algo_lookup(uint32_t reg)
> >  return -1;
> >  }
> >
> > -static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode)
> > +static void do_hash_operation(AspeedHACEState *s, int algo, bool sg_mode,
> > +  bool acc_mode)
> >  {
> >  struct iovec iov[ASPEED_HACE_MAX_SG];
> >  g_autofree uint8_t *digest_buf;
> > @@ -103,6 +106,7 @@ static void do_hash_operation(AspeedHACEState *s, int 
> > algo, bool sg_mode)
> >
> >  if (sg_mode) {
> >  uint32_t len = 0;
> > +uint32_t total_len = 0;
> >
> >  for (i = 0; !(len & SG_LIST_LEN_LAST); i++) {
> >  uint32_t addr, src;
> > @@ -123,10 +127,26 @@ static void do_hash_operation(AspeedHACEState *s, int 
> > algo, bool sg_mode)
> >  MEMTXATTRS_UNSPECIFIED, NULL);
> >  addr &= SG_LIST_ADDR_MASK;
> >
> > -iov[i].iov_len = len & SG_LIST_LEN_MASK;
> > -plen = iov[i].iov_len;
> > +plen = len & SG_LIST_LEN_MASK;
> >  iov[i].iov_base = address_space_map(&s->dram_as, addr, &plen, 
> > false,
> >  MEMTXATTRS_UNSPECIFIED);
> > +
> > +if (acc_mode) {
> > +total_len += plen;
> > +
> > +if (len & SG_LIST_LEN_LAST) {
> > +/*
> > + * In the padding message, the last 64/128 bit 
> > represents
> > + * the total length of bitstream in big endian.
> > + * SHA-224, SHA-256 are 64 bit
> > + * SHA-384, SHA-512, SHA-512/224, SHA-512/256 are 128 
> > bit
> > + * However, we would not process such a huge bit 
> > stream.
> > + */
> > +plen -= total_len - (ldq_be_p(iov[i].iov_ba

Re: [PATCH] hw/vhost-user-i2c: Add support for VIRTIO_I2C_F_ZERO_LENGTH_REQUEST

2022-02-09 Thread Viresh Kumar
On 11-01-22, 20:28, Viresh Kumar wrote:
> VIRTIO_I2C_F_ZERO_LENGTH_REQUEST is a mandatory feature, that must be
> implemented by everyone. Add its support.
> 
> Signed-off-by: Viresh Kumar 
> ---
>  hw/virtio/vhost-user-i2c.c | 10 --
>  include/hw/virtio/vhost-user-i2c.h |  3 +++
>  2 files changed, 11 insertions(+), 2 deletions(-)

Ping.

-- 
viresh



Re: [PATCH v10 1/3] target/ppc: fix indent of function parameters

2022-02-09 Thread David Gibson
On Tue, Feb 08, 2022 at 04:48:36PM -0300, Daniel Henrique Barboza wrote:
> Fix indentation of powerpc_set_excp_state() and ppc_excp_apply_ail()
> parameters.
> 
> Signed-off-by: Daniel Henrique Barboza 

Reviewed-by: David Gibson 

> ---
>  target/ppc/excp_helper.c | 8 
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
> index c107953dec..8a49a4ab90 100644
> --- a/target/ppc/excp_helper.c
> +++ b/target/ppc/excp_helper.c
> @@ -265,9 +265,9 @@ static int powerpc_reset_wakeup(CPUState *cs, CPUPPCState 
> *env, int excp,
>   * ++
>   */
>  static void ppc_excp_apply_ail(PowerPCCPU *cpu, int excp_model, int excp,
> -  target_ulong msr,
> -  target_ulong *new_msr,
> -  target_ulong *vector)
> +   target_ulong msr,
> +   target_ulong *new_msr,
> +   target_ulong *vector)
>  {
>  #if defined(TARGET_PPC64)
>  CPUPPCState *env = &cpu->env;
> @@ -362,7 +362,7 @@ static void ppc_excp_apply_ail(PowerPCCPU *cpu, int 
> excp_model, int excp,
>  }
>  
>  static void powerpc_set_excp_state(PowerPCCPU *cpu,
> -  target_ulong vector, target_ulong 
> msr)
> +   target_ulong vector, target_ulong msr)
>  {
>  CPUState *cs = CPU(cpu);
>  CPUPPCState *env = &cpu->env;

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature


[PATCH v2 14/15] target/arm: Validate tlbi TG matches translation granule in use

2022-02-09 Thread Richard Henderson
For FEAT_LPA2, we will need other ARMVAParameters, which themselves
depend on the translation granule in use.  We might as well validate
that the given TG matches; the architecture "does not require that
the instruction invalidates any entries" if this is not true.

Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index e2551e693b..771de959dd 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4518,12 +4518,16 @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, 
ARMMMUIdx mmuidx,
  uint64_t value)
 {
 unsigned int page_size_granule, page_shift, num, scale, exponent;
+/* Extract one bit to represent the va selector in use. */
+uint64_t select = sextract64(value, 36, 1);
+ARMVAParameters param = aa64_va_parameters(env, select, mmuidx, true);
 TLBIRange ret = { };
 
 page_size_granule = extract64(value, 46, 2);
 
-if (page_size_granule == 0) {
-qemu_log_mask(LOG_GUEST_ERROR, "Invalid page size granule %d\n",
+/* The granule encoded in value must match the granule in use. */
+if (page_size_granule != (param.using64k ? 3 : param.using16k ? 2 : 1)) {
+qemu_log_mask(LOG_GUEST_ERROR, "Invalid tlbi page size granule %d\n",
   page_size_granule);
 return ret;
 }
@@ -4535,7 +4539,7 @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, 
ARMMMUIdx mmuidx,
 
 ret.length = (num + 1) << (exponent + page_shift);
 
-if (regime_has_2_ranges(mmuidx)) {
+if (param.select) {
 ret.base = sextract64(value, 0, 37);
 } else {
 ret.base = extract64(value, 0, 37);
-- 
2.25.1




[PATCH v2 15/15] target/arm: Implement FEAT_LPA2

2022-02-09 Thread Richard Henderson
This feature widens physical addresses (and intermediate physical
addresses for 2-stage translation) from 48 to 52 bits, when using
4k or 16k pages.

This introduces the DS bit to TCR_ELx, which is RES0 unless the
page size is enabled and supports LPA2, resulting in the effective
value of DS for a given table walk.  The DS bit changes the format
of the page table descriptor slightly, moving the PS field out to
TCR so that all pages have the same sharability and repurposing
those bits of the page table descriptor for the highest bits of
the output address.

Signed-off-by: Richard Henderson 
---
v2: Check DS in tlbi_aa64_get_range.
Check TGRAN4_2 and TGRAN16_2.
---
 target/arm/cpu.h   |  22 +
 target/arm/internals.h |   2 +
 target/arm/cpu64.c |   4 ++
 target/arm/helper.c| 102 +++--
 4 files changed, 115 insertions(+), 15 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c52d56f669..24d9fff170 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -4284,6 +4284,28 @@ static inline bool isar_feature_aa64_i8mm(const 
ARMISARegisters *id)
 return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, I8MM) != 0;
 }
 
+static inline bool isar_feature_aa64_tgran4_lpa2(const ARMISARegisters *id)
+{
+return FIELD_SEX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN4) >= 1;
+}
+
+static inline bool isar_feature_aa64_tgran4_2_lpa2(const ARMISARegisters *id)
+{
+unsigned t = FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN4_2);
+return t >= 3 || (t == 0 && isar_feature_aa64_tgran4_lpa2(id));
+}
+
+static inline bool isar_feature_aa64_tgran16_lpa2(const ARMISARegisters *id)
+{
+return FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN16) >= 2;
+}
+
+static inline bool isar_feature_aa64_tgran16_2_lpa2(const ARMISARegisters *id)
+{
+unsigned t = FIELD_EX64(id->id_aa64mmfr0, ID_AA64MMFR0, TGRAN16_2);
+return t >= 3 || (t == 0 && isar_feature_aa64_tgran16_lpa2(id));
+}
+
 static inline bool isar_feature_aa64_ccidx(const ARMISARegisters *id)
 {
 return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, CCIDX) != 0;
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 00af41d792..a34be2e459 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1056,6 +1056,7 @@ static inline uint32_t aarch64_pstate_valid_mask(const 
ARMISARegisters *id)
 typedef struct ARMVAParameters {
 unsigned tsz: 8;
 unsigned ps : 3;
+unsigned sh : 2;
 unsigned select : 1;
 bool tbi: 1;
 bool epd: 1;
@@ -1063,6 +1064,7 @@ typedef struct ARMVAParameters {
 bool using16k   : 1;
 bool using64k   : 1;
 bool tsz_oob: 1;  /* tsz has been clamped to legal range */
+bool ds : 1;
 } ARMVAParameters;
 
 ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 707ae7767f..9382c19e54 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -766,6 +766,10 @@ static void aarch64_max_initfn(Object *obj)
 
 t = cpu->isar.id_aa64mmfr0;
 t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 6); /* FEAT_LPA: 52 bits */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN16, 2); /* FEAT_LPA2: 52 bits */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN4, 1);  /* FEAT_LPA2: 52 bits */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN16_2, 3); /* FEAT_LPA2: 52 bits */
+t = FIELD_DP64(t, ID_AA64MMFR0, TGRAN4_2, 3);  /* FEAT_LPA2: 52 bits */
 cpu->isar.id_aa64mmfr0 = t;
 
 t = cpu->isar.id_aa64mmfr1;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 771de959dd..bf694d8324 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4544,6 +4544,14 @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, 
ARMMMUIdx mmuidx,
 } else {
 ret.base = extract64(value, 0, 37);
 }
+if (param.ds) {
+/*
+ * With DS=1, BaseADDR is always shifted 16 so that it is able
+ * to address all 52 va bits.  The input address is perforce
+ * aligned on a 64k boundary regardless of translation granule.
+ */
+page_shift = 16;
+}
 ret.base <<= page_shift;
 
 return ret;
@@ -11079,8 +11087,13 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool 
is_aa64, int level,
 const int grainsize = stride + 3;
 int startsizecheck;
 
-/* Negative levels are never allowed.  */
-if (level < 0) {
+/*
+ * Negative levels are usually not allowed...
+ * Except for FEAT_LPA2, 4k page table, 52-bit address space, which
+ * begins with level -1.  Note that previous feature tests will have
+ * eliminated this combination if it is not enabled.
+ */
+if (level < (inputsize == 52 && stride == 9 ? -1 : 0)) {
 return false;
 }
 
@@ -11221,8 +11234,9 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
ARMMMUIdx mmu_idx, bool data)
 {
 uint64_t tcr = regime

[PATCH v2 11/15] target/arm: Extend arm_fi_to_lfsc to level -1

2022-02-09 Thread Richard Henderson
With FEAT_LPA2, rather than introducing translation level 4,
we introduce level -1, below the current level 0.  Extend
arm_fi_to_lfsc to handle these faults.

Assert that this new translation level does not leak into
faults types for which it is not defined, which allows some
masking of fi->level to be removed.

Signed-off-by: Richard Henderson 
---
 target/arm/internals.h | 35 +--
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index 3d3d41ba2b..00af41d792 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -462,28 +462,51 @@ static inline uint32_t arm_fi_to_lfsc(ARMMMUFaultInfo *fi)
 case ARMFault_None:
 return 0;
 case ARMFault_AddressSize:
-fsc = fi->level & 3;
+assert(fi->level >= -1 && fi->level <= 3);
+if (fi->level < 0) {
+fsc = 0b101001;
+} else {
+fsc = fi->level;
+}
 break;
 case ARMFault_AccessFlag:
-fsc = (fi->level & 3) | (0x2 << 2);
+assert(fi->level >= 0 && fi->level <= 3);
+fsc = 0b001000 | fi->level;
 break;
 case ARMFault_Permission:
-fsc = (fi->level & 3) | (0x3 << 2);
+assert(fi->level >= 0 && fi->level <= 3);
+fsc = 0b001100 | fi->level;
 break;
 case ARMFault_Translation:
-fsc = (fi->level & 3) | (0x1 << 2);
+assert(fi->level >= -1 && fi->level <= 3);
+if (fi->level < 0) {
+fsc = 0b101011;
+} else {
+fsc = 0b000100 | fi->level;
+}
 break;
 case ARMFault_SyncExternal:
 fsc = 0x10 | (fi->ea << 12);
 break;
 case ARMFault_SyncExternalOnWalk:
-fsc = (fi->level & 3) | (0x5 << 2) | (fi->ea << 12);
+assert(fi->level >= -1 && fi->level <= 3);
+if (fi->level < 0) {
+fsc = 0b010011;
+} else {
+fsc = 0b010100 | fi->level;
+}
+fsc |= fi->ea << 12;
 break;
 case ARMFault_SyncParity:
 fsc = 0x18;
 break;
 case ARMFault_SyncParityOnWalk:
-fsc = (fi->level & 3) | (0x7 << 2);
+assert(fi->level >= -1 && fi->level <= 3);
+if (fi->level < 0) {
+fsc = 0b011011;
+} else {
+fsc = 0b011100 | fi->level;
+}
 break;
 case ARMFault_AsyncParity:
 fsc = 0x19;
-- 
2.25.1




[PATCH v2 06/15] target/arm: Use MAKE_64BIT_MASK to compute indexmask

2022-02-09 Thread Richard Henderson
The macro is a bit more readable than the inlined computation.

Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index cf38ebd816..94304804cb 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11516,8 +11516,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 level = startlevel;
 }
 
-indexmask_grainsize = (1ULL << (stride + 3)) - 1;
-indexmask = (1ULL << (inputsize - (stride * (4 - level - 1;
+indexmask_grainsize = MAKE_64BIT_MASK(0, stride + 3);
+indexmask = MAKE_64BIT_MASK(0, inputsize - (stride * (4 - level)));
 
 /* Now we can extract the actual base address from the TTBR */
 descaddr = extract64(ttbr, 0, 48);
-- 
2.25.1




[PATCH v2 10/15] target/arm: Implement FEAT_LPA

2022-02-09 Thread Richard Henderson
This feature widens physical addresses (and intermediate physical
addresses for 2-stage translation) from 48 to 52 bits, when using
64k pages.  The only thing left at this point is to handle the
extra bits in the TTBR and in the table descriptors.

Note that PAR_EL1 and HPFAR_EL2 are nominally extended, but we don't
mask out the high bits when writing to those registers, so no changes
are required there.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/cpu-param.h |  2 +-
 target/arm/cpu64.c |  2 +-
 target/arm/helper.c| 19 ---
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index 5f9c288b1a..b59d505761 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -10,7 +10,7 @@
 
 #ifdef TARGET_AARCH64
 # define TARGET_LONG_BITS 64
-# define TARGET_PHYS_ADDR_SPACE_BITS  48
+# define TARGET_PHYS_ADDR_SPACE_BITS  52
 # define TARGET_VIRT_ADDR_SPACE_BITS  52
 #else
 # define TARGET_LONG_BITS 32
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index d80a7eafac..707ae7767f 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -765,7 +765,7 @@ static void aarch64_max_initfn(Object *obj)
 cpu->isar.id_aa64pfr1 = t;
 
 t = cpu->isar.id_aa64mmfr0;
-t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 5); /* PARange: 48 bits */
+t = FIELD_DP64(t, ID_AA64MMFR0, PARANGE, 6); /* FEAT_LPA: 52 bits */
 cpu->isar.id_aa64mmfr0 = t;
 
 t = cpu->isar.id_aa64mmfr1;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 62935b06d0..9b1b1b2611 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11171,6 +11171,7 @@ static const uint8_t pamax_map[] = {
 [3] = 42,
 [4] = 44,
 [5] = 48,
+[6] = 52,
 };
 
 /* The cpu-specific constant value of PAMax; also used by hw/arm/virt. */
@@ -11562,11 +11563,15 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 descaddr = extract64(ttbr, 0, 48);
 
 /*
- * If the base address is out of range, raise AddressSizeFault.
+ * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [5:2] of TTBR.
+ *
+ * Otherwise, if the base address is out of range, raise AddressSizeFault.
  * In the pseudocode, this is !IsZero(baseregister<47:outputsize>),
  * but we've just cleared the bits above 47, so simplify the test.
  */
-if (descaddr >> outputsize) {
+if (outputsize > 48) {
+descaddr |= extract64(ttbr, 2, 4) << 48;
+} else if (descaddr >> outputsize) {
 level = 0;
 fault_type = ARMFault_AddressSize;
 goto do_fault;
@@ -11618,7 +11623,15 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 }
 
 descaddr = descriptor & descaddrmask;
-if (descaddr >> outputsize) {
+
+/*
+ * For FEAT_LPA and PS=6, bits [51:48] of descaddr are in [15:12]
+ * of descriptor.  Otherwise, if descaddr is out of range, raise
+ * AddressSizeFault.
+ */
+if (outputsize > 48) {
+descaddr |= extract64(descriptor, 12, 4) << 48;
+} else if (descaddr >> outputsize) {
 fault_type = ARMFault_AddressSize;
 goto do_fault;
 }
-- 
2.25.1




[PATCH v2 07/15] target/arm: Honor TCR_ELx.{I}PS

2022-02-09 Thread Richard Henderson
This field controls the output (intermediate) physical address size
of the translation process.  V8 requires to raise an AddressSize
fault if the page tables are programmed incorrectly, such that any
intermediate descriptor address, or the final translated address,
is out of range.

Add a PS field to ARMVAParameters, and properly compute outputsize
in get_phys_addr_lpae.  Test the descaddr as extracted from TTBR
and from page table entries.

Restrict descaddrmask so that we won't raise the fault for v7.

Reviewed-by: Alex Bennée 
Signed-off-by: Richard Henderson 
---
 target/arm/internals.h |  1 +
 target/arm/helper.c| 72 --
 2 files changed, 57 insertions(+), 16 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index fefd1fb8d8..3d3d41ba2b 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1032,6 +1032,7 @@ static inline uint32_t aarch64_pstate_valid_mask(const 
ARMISARegisters *id)
  */
 typedef struct ARMVAParameters {
 unsigned tsz: 8;
+unsigned ps : 3;
 unsigned select : 1;
 bool tbi: 1;
 bool epd: 1;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 94304804cb..015f992f02 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11147,17 +11147,19 @@ static uint8_t convert_stage2_attrs(CPUARMState *env, 
uint8_t s2attrs)
 }
 #endif /* !CONFIG_USER_ONLY */
 
+/* This mapping is common between ID_AA64MMFR0.PARANGE and TCR_ELx.{I}PS. */
+static const uint8_t pamax_map[] = {
+[0] = 32,
+[1] = 36,
+[2] = 40,
+[3] = 42,
+[4] = 44,
+[5] = 48,
+};
+
 /* The cpu-specific constant value of PAMax; also used by hw/arm/virt. */
 unsigned int arm_pamax(ARMCPU *cpu)
 {
-static const unsigned int pamax_map[] = {
-[0] = 32,
-[1] = 36,
-[2] = 40,
-[3] = 42,
-[4] = 44,
-[5] = 48,
-};
 unsigned int parange =
 FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE);
 
@@ -11208,7 +11210,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 {
 uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
 bool epd, hpd, using16k, using64k, tsz_oob;
-int select, tsz, tbi, max_tsz, min_tsz;
+int select, tsz, tbi, max_tsz, min_tsz, ps;
 
 if (!regime_has_2_ranges(mmu_idx)) {
 select = 0;
@@ -11222,6 +11224,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 hpd = extract32(tcr, 24, 1);
 }
 epd = false;
+ps = extract32(tcr, 16, 3);
 } else {
 /*
  * Bit 55 is always between the two regions, and is canonical for
@@ -11242,6 +11245,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 epd = extract32(tcr, 23, 1);
 hpd = extract64(tcr, 42, 1);
 }
+ps = extract64(tcr, 32, 3);
 }
 
 if (cpu_isar_feature(aa64_st, env_archcpu(env))) {
@@ -11270,6 +11274,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 
 return (ARMVAParameters) {
 .tsz = tsz,
+.ps = ps,
 .select = select,
 .tbi = tbi,
 .epd = epd,
@@ -11397,6 +11402,8 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 
 /* TODO: This code does not support shareability levels. */
 if (aarch64) {
+int ps;
+
 param = aa64_va_parameters(env, address, mmu_idx,
access_type != MMU_INST_FETCH);
 level = 0;
@@ -11417,7 +11424,16 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 
 addrsize = 64 - 8 * param.tbi;
 inputsize = 64 - param.tsz;
-outputsize = arm_pamax(cpu);
+
+/*
+ * Bound PS by PARANGE to find the effective output address size.
+ * ID_AA64MMFR0 is a read-only register so values outside of the
+ * supported mappings can be considered an implementation error.
+ */
+ps = FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE);
+ps = MIN(ps, param.ps);
+assert(ps < ARRAY_SIZE(pamax_map));
+outputsize = pamax_map[ps];
 } else {
 param = aa32_va_parameters(env, address, mmu_idx);
 level = 1;
@@ -11521,19 +11537,38 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 
 /* Now we can extract the actual base address from the TTBR */
 descaddr = extract64(ttbr, 0, 48);
+
+/*
+ * If the base address is out of range, raise AddressSizeFault.
+ * In the pseudocode, this is !IsZero(baseregister<47:outputsize>),
+ * but we've just cleared the bits above 47, so simplify the test.
+ */
+if (descaddr >> outputsize) {
+level = 0;
+fault_type = ARMFault_AddressSize;
+goto do_fault;
+}
+
 /*
  * We rely on this masking to clear the RES0 bits at the bottom of the TTBR
  * and also to mask out CnP (bit 0) which

[PATCH v2 09/15] target/arm: Implement FEAT_LVA

2022-02-09 Thread Richard Henderson
This feature is relatively small, as it applies only to
64k pages and thus requires no additional changes to the
table descriptor walking algorithm, only a change to the
minimum TSZ (which is the inverse of the maximum virtual
address space size).

Note that this feature widens VBAR_ELx, but we already
treat the register as being 64 bits wide.

Signed-off-by: Richard Henderson 
---
 target/arm/cpu-param.h | 2 +-
 target/arm/cpu.h   | 5 +
 target/arm/cpu64.c | 1 +
 target/arm/helper.c| 9 -
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu-param.h b/target/arm/cpu-param.h
index 7f38d33b8e..5f9c288b1a 100644
--- a/target/arm/cpu-param.h
+++ b/target/arm/cpu-param.h
@@ -11,7 +11,7 @@
 #ifdef TARGET_AARCH64
 # define TARGET_LONG_BITS 64
 # define TARGET_PHYS_ADDR_SPACE_BITS  48
-# define TARGET_VIRT_ADDR_SPACE_BITS  48
+# define TARGET_VIRT_ADDR_SPACE_BITS  52
 #else
 # define TARGET_LONG_BITS 32
 # define TARGET_PHYS_ADDR_SPACE_BITS  40
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c6a4d50e82..c52d56f669 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -4289,6 +4289,11 @@ static inline bool isar_feature_aa64_ccidx(const 
ARMISARegisters *id)
 return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, CCIDX) != 0;
 }
 
+static inline bool isar_feature_aa64_lva(const ARMISARegisters *id)
+{
+return FIELD_EX64(id->id_aa64mmfr2, ID_AA64MMFR2, VARANGE) != 0;
+}
+
 static inline bool isar_feature_aa64_tts2uxn(const ARMISARegisters *id)
 {
 return FIELD_EX64(id->id_aa64mmfr1, ID_AA64MMFR1, XNX) != 0;
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 8786be7783..d80a7eafac 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -781,6 +781,7 @@ static void aarch64_max_initfn(Object *obj)
 t = FIELD_DP64(t, ID_AA64MMFR2, UAO, 1);
 t = FIELD_DP64(t, ID_AA64MMFR2, CNP, 1); /* TTCNP */
 t = FIELD_DP64(t, ID_AA64MMFR2, ST, 1); /* TTST */
+t = FIELD_DP64(t, ID_AA64MMFR2, VARANGE, 1); /* FEAT_LPA */
 cpu->isar.id_aa64mmfr2 = t;
 
 t = cpu->isar.id_aa64zfr0;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index e5050816cf..62935b06d0 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11269,7 +11269,14 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 } else {
 max_tsz = 39;
 }
-min_tsz = 16;  /* TODO: ARMv8.2-LVA  */
+
+min_tsz = 16;
+if (using64k) {
+if (cpu_isar_feature(aa64_lva, env_archcpu(env))) {
+min_tsz = 12;
+}
+}
+/* TODO: FEAT_LPA2 */
 
 if (tsz > max_tsz) {
 tsz = max_tsz;
-- 
2.25.1




[PATCH v2 08/15] target/arm: Prepare DBGBVR and DBGWVR for FEAT_LVA

2022-02-09 Thread Richard Henderson
The original A.a revision of the AArch64 ARM required that we
force-extend the addresses in these registers from 49 bits.
This language has been loosened via a combination of IMPLEMENTATION
DEFINED and CONSTRAINTED UNPREDICTABLE to allow consideration of
the entire aligned address.

This means that we do not have to consider whether or not FEAT_LVA
is enabled, and decide from which bit an address might need to be
extended.

Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 32 
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 015f992f02..e5050816cf 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6421,11 +6421,18 @@ static void dbgwvr_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 ARMCPU *cpu = env_archcpu(env);
 int i = ri->crm;
 
-/* Bits [63:49] are hardwired to the value of bit [48]; that is, the
- * register reads and behaves as if values written are sign extended.
+/*
  * Bits [1:0] are RES0.
+ *
+ * It is IMPLEMENTATION DEFINED whether [63:49] ([63:53] with FEAT_LVA)
+ * are hardwired to the value of bit [48] ([52] with FEAT_LVA), or if
+ * they contain the value written.  It is CONSTRAINED UNPREDICTABLE
+ * whether the RESS bits are ignored when comparing an address.
+ *
+ * Therefore we are allowed to compare the entire register, which lets
+ * us avoid considering whether or not FEAT_LVA is actually enabled.
  */
-value = sextract64(value, 0, 49) & ~3ULL;
+value &= ~3ULL;
 
 raw_write(env, ri, value);
 hw_watchpoint_update(cpu, i);
@@ -6471,10 +6478,19 @@ void hw_breakpoint_update(ARMCPU *cpu, int n)
 case 0: /* unlinked address match */
 case 1: /* linked address match */
 {
-/* Bits [63:49] are hardwired to the value of bit [48]; that is,
- * we behave as if the register was sign extended. Bits [1:0] are
- * RES0. The BAS field is used to allow setting breakpoints on 16
- * bit wide instructions; it is CONSTRAINED UNPREDICTABLE whether
+/*
+ * Bits [1:0] are RES0.
+ *
+ * It is IMPLEMENTATION DEFINED whether bits [63:49]
+ * ([63:53] for FEAT_LVA) are hardwired to a copy of the sign bit
+ * of the VA field ([48] or [52] for FEAT_LVA), or whether the
+ * value is read as written.  It is CONSTRAINED UNPREDICTABLE
+ * whether the RESS bits are ignored when comparing an address.
+ * Therefore we are allowed to compare the entire register, which
+ * lets us avoid considering whether FEAT_LVA is actually enabled.
+ *
+ * The BAS field is used to allow setting breakpoints on 16-bit
+ * wide instructions; it is CONSTRAINED UNPREDICTABLE whether
  * a bp will fire if the addresses covered by the bp and the addresses
  * covered by the insn overlap but the insn doesn't start at the
  * start of the bp address range. We choose to require the insn and
@@ -6487,7 +6503,7 @@ void hw_breakpoint_update(ARMCPU *cpu, int n)
  * See also figure D2-3 in the v8 ARM ARM (DDI0487A.c).
  */
 int bas = extract64(bcr, 5, 4);
-addr = sextract64(bvr, 0, 49) & ~3ULL;
+addr = bvr & ~3ULL;
 if (bas == 0) {
 return;
 }
-- 
2.25.1




[PATCH v2 13/15] target/arm: Fix TLBIRange.base for 16k and 64k pages

2022-02-09 Thread Richard Henderson
The shift of the BaseADDR field depends on the translation
granule in use.

Fixes: 84940ed8255 ("target/arm: Add support for FEAT_TLBIRANGE")
Reported-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 8b1899ceef..e2551e693b 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4536,10 +4536,11 @@ static TLBIRange tlbi_aa64_get_range(CPUARMState *env, 
ARMMMUIdx mmuidx,
 ret.length = (num + 1) << (exponent + page_shift);
 
 if (regime_has_2_ranges(mmuidx)) {
-ret.base = sextract64(value, 0, 37) << TARGET_PAGE_BITS;
+ret.base = sextract64(value, 0, 37);
 } else {
-ret.base = extract64(value, 0, 37) << TARGET_PAGE_BITS;
+ret.base = extract64(value, 0, 37);
 }
+ret.base <<= page_shift;
 
 return ret;
 }
-- 
2.25.1




[PATCH v2 05/15] target/arm: Pass outputsize down to check_s2_mmu_setup

2022-02-09 Thread Richard Henderson
Pass down the width of the output address from translation.
For now this is still just PAMax, but a subsequent patch will
compute the correct value from TCR_ELx.{I}PS.

Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 21 ++---
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index fa0824e12c..cf38ebd816 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11063,7 +11063,7 @@ do_fault:
  * false otherwise.
  */
 static bool check_s2_mmu_setup(ARMCPU *cpu, bool is_aa64, int level,
-   int inputsize, int stride)
+   int inputsize, int stride, int outputsize)
 {
 const int grainsize = stride + 3;
 int startsizecheck;
@@ -11079,22 +11079,19 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool 
is_aa64, int level,
 }
 
 if (is_aa64) {
-CPUARMState *env = &cpu->env;
-unsigned int pamax = arm_pamax(cpu);
-
 switch (stride) {
 case 13: /* 64KB Pages.  */
-if (level == 0 || (level == 1 && pamax <= 42)) {
+if (level == 0 || (level == 1 && outputsize <= 42)) {
 return false;
 }
 break;
 case 11: /* 16KB Pages.  */
-if (level == 0 || (level == 1 && pamax <= 40)) {
+if (level == 0 || (level == 1 && outputsize <= 40)) {
 return false;
 }
 break;
 case 9: /* 4KB Pages.  */
-if (level == 0 && pamax <= 42) {
+if (level == 0 && outputsize <= 42) {
 return false;
 }
 break;
@@ -11103,8 +11100,8 @@ static bool check_s2_mmu_setup(ARMCPU *cpu, bool 
is_aa64, int level,
 }
 
 /* Inputsize checks.  */
-if (inputsize > pamax &&
-(arm_el_is_aa64(env, 1) || inputsize > 40)) {
+if (inputsize > outputsize &&
+(arm_el_is_aa64(&cpu->env, 1) || inputsize > 40)) {
 /* This is CONSTRAINED UNPREDICTABLE and we choose to fault.  */
 return false;
 }
@@ -11390,7 +11387,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 target_ulong page_size;
 uint32_t attrs;
 int32_t stride;
-int addrsize, inputsize;
+int addrsize, inputsize, outputsize;
 TCR *tcr = regime_tcr(env, mmu_idx);
 int ap, ns, xn, pxn;
 uint32_t el = regime_el(env, mmu_idx);
@@ -11420,11 +11417,13 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 
 addrsize = 64 - 8 * param.tbi;
 inputsize = 64 - param.tsz;
+outputsize = arm_pamax(cpu);
 } else {
 param = aa32_va_parameters(env, address, mmu_idx);
 level = 1;
 addrsize = (mmu_idx == ARMMMUIdx_Stage2 ? 40 : 32);
 inputsize = addrsize - param.tsz;
+outputsize = 40;
 }
 
 /*
@@ -11509,7 +11508,7 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 
 /* Check that the starting level is valid. */
 ok = check_s2_mmu_setup(cpu, aarch64, startlevel,
-inputsize, stride);
+inputsize, stride, outputsize);
 if (!ok) {
 fault_type = ARMFault_Translation;
 goto do_fault;
-- 
2.25.1




[PATCH v2 03/15] target/arm: Fault on invalid TCR_ELx.TxSZ

2022-02-09 Thread Richard Henderson
Without FEAT_LVA, the behaviour of programming an invalid value
is IMPLEMENTATION DEFINED.  With FEAT_LVA, programming an invalid
minimum value requires a Translation fault.

It is most self-consistent to choose to generate the fault always.

Signed-off-by: Richard Henderson 
---
v2: Continue to bound in aa64_va_parameters, so that PAuth gets
something it can use, but provide a flag for get_phys_addr_lpae
to raise a fault.
---
 target/arm/internals.h |  1 +
 target/arm/helper.c| 32 
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index 3f05748ea4..ef6c25d8cb 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -1055,6 +1055,7 @@ typedef struct ARMVAParameters {
 bool hpd: 1;
 bool using16k   : 1;
 bool using64k   : 1;
+bool tsz_oob: 1;  /* tsz has been clamped to legal range */
 } ARMVAParameters;
 
 ARMVAParameters aa64_va_parameters(CPUARMState *env, uint64_t va,
diff --git a/target/arm/helper.c b/target/arm/helper.c
index b5f80988c9..14cc866d8d 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11188,8 +11188,8 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
ARMMMUIdx mmu_idx, bool data)
 {
 uint64_t tcr = regime_tcr(env, mmu_idx)->raw_tcr;
-bool epd, hpd, using16k, using64k;
-int select, tsz, tbi, max_tsz;
+bool epd, hpd, using16k, using64k, tsz_oob;
+int select, tsz, tbi, max_tsz, min_tsz;
 
 if (!regime_has_2_ranges(mmu_idx)) {
 select = 0;
@@ -11230,9 +11230,17 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 } else {
 max_tsz = 39;
 }
+min_tsz = 16;  /* TODO: ARMv8.2-LVA  */
 
-tsz = MIN(tsz, max_tsz);
-tsz = MAX(tsz, 16);  /* TODO: ARMv8.2-LVA  */
+if (tsz > max_tsz) {
+tsz = max_tsz;
+tsz_oob = true;
+} else if (tsz < min_tsz) {
+tsz = min_tsz;
+tsz_oob = true;
+} else {
+tsz_oob = false;
+}
 
 /* Present TBI as a composite with TBID.  */
 tbi = aa64_va_parameter_tbi(tcr, mmu_idx);
@@ -11249,6 +11257,7 @@ ARMVAParameters aa64_va_parameters(CPUARMState *env, 
uint64_t va,
 .hpd = hpd,
 .using16k = using16k,
 .using64k = using64k,
+.tsz_oob = tsz_oob,
 };
 }
 
@@ -11372,6 +11381,21 @@ static bool get_phys_addr_lpae(CPUARMState *env, 
uint64_t address,
 param = aa64_va_parameters(env, address, mmu_idx,
access_type != MMU_INST_FETCH);
 level = 0;
+
+/*
+ * If TxSZ is programmed to a value larger than the maximum,
+ * or smaller than the effective minimum, it is IMPLEMENTATION
+ * DEFINED whether we behave as if the field were programmed
+ * within bounds, or if a level 0 Translation fault is generated.
+ *
+ * With FEAT_LVA, fault on less than minimum becomes required,
+ * so our choice is to always raise the fault.
+ */
+if (param.tsz_oob) {
+fault_type = ARMFault_Translation;
+goto do_fault;
+}
+
 addrsize = 64 - 8 * param.tbi;
 inputsize = 64 - param.tsz;
 } else {
-- 
2.25.1




[PATCH v2 12/15] target/arm: Introduce tlbi_aa64_get_range

2022-02-09 Thread Richard Henderson
Merge tlbi_aa64_range_get_length and tlbi_aa64_range_get_base,
returning a structure containing both results.  Pass in the
ARMMMUIdx, rather than the digested two_ranges boolean.

This is in preparation for FEAT_LPA2, where the interpretation
of 'value' depends on the effective value of DS for the regime.

Signed-off-by: Richard Henderson 
---
 target/arm/helper.c | 58 +++--
 1 file changed, 24 insertions(+), 34 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 9b1b1b2611..8b1899ceef 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4509,70 +4509,60 @@ static void tlbi_aa64_vae3is_write(CPUARMState *env, 
const ARMCPRegInfo *ri,
 }
 
 #ifdef TARGET_AARCH64
-static uint64_t tlbi_aa64_range_get_length(CPUARMState *env,
-   uint64_t value)
-{
-unsigned int page_shift;
-unsigned int page_size_granule;
-uint64_t num;
-uint64_t scale;
-uint64_t exponent;
+typedef struct {
+uint64_t base;
 uint64_t length;
+} TLBIRange;
+
+static TLBIRange tlbi_aa64_get_range(CPUARMState *env, ARMMMUIdx mmuidx,
+ uint64_t value)
+{
+unsigned int page_size_granule, page_shift, num, scale, exponent;
+TLBIRange ret = { };
 
-num = extract64(value, 39, 5);
-scale = extract64(value, 44, 2);
 page_size_granule = extract64(value, 46, 2);
 
 if (page_size_granule == 0) {
 qemu_log_mask(LOG_GUEST_ERROR, "Invalid page size granule %d\n",
   page_size_granule);
-return 0;
+return ret;
 }
 
 page_shift = (page_size_granule - 1) * 2 + 12;
-
+num = extract64(value, 39, 5);
+scale = extract64(value, 44, 2);
 exponent = (5 * scale) + 1;
-length = (num + 1) << (exponent + page_shift);
 
-return length;
-}
+ret.length = (num + 1) << (exponent + page_shift);
 
-static uint64_t tlbi_aa64_range_get_base(CPUARMState *env, uint64_t value,
-bool two_ranges)
-{
-/* TODO: ARMv8.7 FEAT_LPA2 */
-uint64_t pageaddr;
-
-if (two_ranges) {
-pageaddr = sextract64(value, 0, 37) << TARGET_PAGE_BITS;
+if (regime_has_2_ranges(mmuidx)) {
+ret.base = sextract64(value, 0, 37) << TARGET_PAGE_BITS;
 } else {
-pageaddr = extract64(value, 0, 37) << TARGET_PAGE_BITS;
+ret.base = extract64(value, 0, 37) << TARGET_PAGE_BITS;
 }
 
-return pageaddr;
+return ret;
 }
 
 static void do_rvae_write(CPUARMState *env, uint64_t value,
   int idxmap, bool synced)
 {
 ARMMMUIdx one_idx = ARM_MMU_IDX_A | ctz32(idxmap);
-bool two_ranges = regime_has_2_ranges(one_idx);
-uint64_t baseaddr, length;
+TLBIRange range;
 int bits;
 
-baseaddr = tlbi_aa64_range_get_base(env, value, two_ranges);
-length = tlbi_aa64_range_get_length(env, value);
-bits = tlbbits_for_regime(env, one_idx, baseaddr);
+range = tlbi_aa64_get_range(env, one_idx, value);
+bits = tlbbits_for_regime(env, one_idx, range.base);
 
 if (synced) {
 tlb_flush_range_by_mmuidx_all_cpus_synced(env_cpu(env),
-  baseaddr,
-  length,
+  range.base,
+  range.length,
   idxmap,
   bits);
 } else {
-tlb_flush_range_by_mmuidx(env_cpu(env), baseaddr,
-  length, idxmap, bits);
+tlb_flush_range_by_mmuidx(env_cpu(env), range.base,
+  range.length, idxmap, bits);
 }
 }
 
-- 
2.25.1




[PATCH v2 04/15] target/arm: Move arm_pamax out of line

2022-02-09 Thread Richard Henderson
We will shortly share parts of this function with other portions
of address translation.

Reviewed-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/arm/internals.h | 19 +--
 target/arm/helper.c| 22 ++
 2 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/target/arm/internals.h b/target/arm/internals.h
index ef6c25d8cb..fefd1fb8d8 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -243,24 +243,7 @@ static inline void update_spsel(CPUARMState *env, uint32_t 
imm)
  * Returns the implementation defined bit-width of physical addresses.
  * The ARMv8 reference manuals refer to this as PAMax().
  */
-static inline unsigned int arm_pamax(ARMCPU *cpu)
-{
-static const unsigned int pamax_map[] = {
-[0] = 32,
-[1] = 36,
-[2] = 40,
-[3] = 42,
-[4] = 44,
-[5] = 48,
-};
-unsigned int parange =
-FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE);
-
-/* id_aa64mmfr0 is a read-only register so values outside of the
- * supported mappings can be considered an implementation error.  */
-assert(parange < ARRAY_SIZE(pamax_map));
-return pamax_map[parange];
-}
+unsigned int arm_pamax(ARMCPU *cpu);
 
 /* Return true if extended addresses are enabled.
  * This is always the case if our translation regime is 64 bit,
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 14cc866d8d..fa0824e12c 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11150,6 +11150,28 @@ static uint8_t convert_stage2_attrs(CPUARMState *env, 
uint8_t s2attrs)
 }
 #endif /* !CONFIG_USER_ONLY */
 
+/* The cpu-specific constant value of PAMax; also used by hw/arm/virt. */
+unsigned int arm_pamax(ARMCPU *cpu)
+{
+static const unsigned int pamax_map[] = {
+[0] = 32,
+[1] = 36,
+[2] = 40,
+[3] = 42,
+[4] = 44,
+[5] = 48,
+};
+unsigned int parange =
+FIELD_EX64(cpu->isar.id_aa64mmfr0, ID_AA64MMFR0, PARANGE);
+
+/*
+ * id_aa64mmfr0 is a read-only register so values outside of the
+ * supported mappings can be considered an implementation error.
+ */
+assert(parange < ARRAY_SIZE(pamax_map));
+return pamax_map[parange];
+}
+
 static int aa64_va_parameter_tbi(uint64_t tcr, ARMMMUIdx mmu_idx)
 {
 if (regime_has_2_ranges(mmu_idx)) {
-- 
2.25.1




[PATCH v2 02/15] target/arm: Set TCR_EL1.TSZ for user-only

2022-02-09 Thread Richard Henderson
Set this as the kernel would, to 48 bits, to keep the computation
of the address space correct for PAuth.

Signed-off-by: Richard Henderson 
---
 target/arm/cpu.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 5a9c02a256..92f19f919a 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -206,10 +206,11 @@ static void arm_cpu_reset(DeviceState *dev)
 aarch64_sve_zcr_get_valid_len(cpu, cpu->sve_default_vq - 1);
 }
 /*
+ * Enable 48-bit address space (TODO: take reserved_va into account).
  * Enable TBI0 but not TBI1.
  * Note that this must match useronly_clean_ptr.
  */
-env->cp15.tcr_el[1].raw_tcr = (1ULL << 37);
+env->cp15.tcr_el[1].raw_tcr = 5 | (1ULL << 37);
 
 /* Enable MTE */
 if (cpu_isar_feature(aa64_mte, cpu)) {
-- 
2.25.1




[PATCH v2 00/15] target/arm: Implement LVA, LPA, LPA2 features

2022-02-09 Thread Richard Henderson
Changes for v2:
  * Introduce FIELD_SEX64, instead of open-coding w/ sextract64.
  * Set TCR_EL1 more completely for user-only.
  * Continue to bound tsz within aa64_va_parameters;
provide an out-of-bound indicator for raising AddressSize fault.
  * Split IPS patch.
  * Fix debug registers for LVA.
  * Fix long-format fsc for LPA2.
  * Fix TLBI page shift.
  * Validate TLBI granule vs TCR granule.

Not done:
  * Validate translation levels which accept blocks.

There is still no upstream kernel support for FEAT_LPA2,
so that is essentially untested.


r~


Richard Henderson (15):
  hw/registerfields: Add FIELD_SEX and FIELD_SDP
  target/arm: Set TCR_EL1.TSZ for user-only
  target/arm: Fault on invalid TCR_ELx.TxSZ
  target/arm: Move arm_pamax out of line
  target/arm: Pass outputsize down to check_s2_mmu_setup
  target/arm: Use MAKE_64BIT_MASK to compute indexmask
  target/arm: Honor TCR_ELx.{I}PS
  target/arm: Prepare DBGBVR and DBGWVR for FEAT_LVA
  target/arm: Implement FEAT_LVA
  target/arm: Implement FEAT_LPA
  target/arm: Extend arm_fi_to_lfsc to level -1
  target/arm: Introduce tlbi_aa64_get_range
  target/arm: Fix TLBIRange.base for 16k and 64k pages
  target/arm: Validate tlbi TG matches translation granule in use
  target/arm: Implement FEAT_LPA2

 include/hw/registerfields.h |  48 +-
 target/arm/cpu-param.h  |   4 +-
 target/arm/cpu.h|  27 +++
 target/arm/internals.h  |  58 ---
 target/arm/cpu.c|   3 +-
 target/arm/cpu64.c  |   7 +-
 target/arm/helper.c | 332 
 7 files changed, 378 insertions(+), 101 deletions(-)

-- 
2.25.1




[PATCH v2 01/15] hw/registerfields: Add FIELD_SEX and FIELD_SDP

2022-02-09 Thread Richard Henderson
Add new macros to manipulate signed fields within the register.

Suggested-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 include/hw/registerfields.h | 48 -
 1 file changed, 47 insertions(+), 1 deletion(-)

diff --git a/include/hw/registerfields.h b/include/hw/registerfields.h
index f2a3c9c41f..3a88e135d0 100644
--- a/include/hw/registerfields.h
+++ b/include/hw/registerfields.h
@@ -59,6 +59,19 @@
 extract64((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
   R_ ## reg ## _ ## field ## _LENGTH)
 
+#define FIELD_SEX8(storage, reg, field)   \
+sextract8((storage), R_ ## reg ## _ ## field ## _SHIFT,   \
+  R_ ## reg ## _ ## field ## _LENGTH)
+#define FIELD_SEX16(storage, reg, field)  \
+sextract16((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+   R_ ## reg ## _ ## field ## _LENGTH)
+#define FIELD_SEX32(storage, reg, field)  \
+sextract32((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+   R_ ## reg ## _ ## field ## _LENGTH)
+#define FIELD_SEX64(storage, reg, field)  \
+sextract64((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+   R_ ## reg ## _ ## field ## _LENGTH)
+
 /* Extract a field from an array of registers */
 #define ARRAY_FIELD_EX32(regs, reg, field)\
 FIELD_EX32((regs)[R_ ## reg], reg, field)
@@ -95,7 +108,40 @@
 _d; })
 #define FIELD_DP64(storage, reg, field, val) ({   \
 struct {  \
-uint64_t v:R_ ## reg ## _ ## field ## _LENGTH;\
+uint64_t v:R_ ## reg ## _ ## field ## _LENGTH;\
+} _v = { .v = val };  \
+uint64_t _d;  \
+_d = deposit64((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+  R_ ## reg ## _ ## field ## _LENGTH, _v.v);  \
+_d; })
+
+#define FIELD_SDP8(storage, reg, field, val) ({   \
+struct {  \
+signed int v:R_ ## reg ## _ ## field ## _LENGTH;  \
+} _v = { .v = val };  \
+uint8_t _d;   \
+_d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+  R_ ## reg ## _ ## field ## _LENGTH, _v.v);  \
+_d; })
+#define FIELD_SDP16(storage, reg, field, val) ({  \
+struct {  \
+signed int v:R_ ## reg ## _ ## field ## _LENGTH;  \
+} _v = { .v = val };  \
+uint16_t _d;  \
+_d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+  R_ ## reg ## _ ## field ## _LENGTH, _v.v);  \
+_d; })
+#define FIELD_SDP32(storage, reg, field, val) ({  \
+struct {  \
+signed int v:R_ ## reg ## _ ## field ## _LENGTH;  \
+} _v = { .v = val };  \
+uint32_t _d;  \
+_d = deposit32((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
+  R_ ## reg ## _ ## field ## _LENGTH, _v.v);  \
+_d; })
+#define FIELD_SDP64(storage, reg, field, val) ({  \
+struct {  \
+int64_t v:R_ ## reg ## _ ## field ## _LENGTH; \
 } _v = { .v = val };  \
 uint64_t _d;  \
 _d = deposit64((storage), R_ ## reg ## _ ## field ## _SHIFT,  \
-- 
2.25.1




Re: [PATCH] docs/system: riscv: Update description of CPU

2022-02-09 Thread Alistair Francis
On Wed, Feb 9, 2022 at 1:49 AM Yu Li  wrote:
>
> Since the hypervisor extension been non experimental and enabled for
> default CPU, the previous command is no longer available and the
> option `x-h=true` or `h=true` is also no longer required.
>
> Signed-off-by: Yu Li 

Thanks!

Applied to riscv-to-apply.next

Alistair

> ---
>   docs/system/riscv/virt.rst | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/docs/system/riscv/virt.rst b/docs/system/riscv/virt.rst
> index fa016584bf..08ce3c4177 100644
> --- a/docs/system/riscv/virt.rst
> +++ b/docs/system/riscv/virt.rst
> @@ -23,9 +23,9 @@ The ``virt`` machine supports the following devices:
>   * 1 generic PCIe host bridge
>   * The fw_cfg device that allows a guest to obtain data from QEMU
>
> -Note that the default CPU is a generic RV32GC/RV64GC. Optional extensions
> -can be enabled via command line parameters, e.g.: ``-cpu rv64,x-h=true``
> -enables the hypervisor extension for RV64.
> +The hypervisor extension has been enabled for the default CPU, so virtual
> +machines with hypervisor extension can simply be used without explicitly
> +declaring.
>
>   Hardware configuration information
>   --
> --
> 2.20.1
>



Re: [PATCH v9 0/5] support subsets of virtual memory extension

2022-02-09 Thread Alistair Francis
On Fri, Feb 4, 2022 at 12:32 PM Weiwei Li  wrote:
>
> This patchset implements virtual memory related RISC-V extensions: Svnapot 
> version 1.0, Svinval vesion 1.0, Svpbmt version 1.0.
>
> Specification:
> https://github.com/riscv/virtual-memory/tree/main/specs
>
> The port is available here:
> https://github.com/plctlab/plct-qemu/tree/plct-virtmem-upstream-v9
>
> To test this implementation, specify cpu argument with 
> 'svinval=true,svnapot=true,svpbmt=true'.
>
> This implementation can pass the riscv-tests for rv64ssvnapot.
>
> v9:
> * delete cast for PTE bits check
>
> v8:
> * rebase on 
> https://lore.kernel.org/qemu-devel/20220131110201.2303275-1-philipp.toms...@vrull.eu/
> * move variables to tops of function
> * add ULL for PTE_N and PTE_PMBT
> * add mask variable for napot_bits
>
> v7:
> * delete definition of PTE_PPN_MASK for TARGET_RISCV32
> * make riscv_cpu_sxl works for user mode
> * add commit msg for patch 2
>
> v6:
> * select ppn mask base on sxl
>
> v5:
> * merge patch 
> https://lore.kernel.org/qemu-devel/1569456861-8502-1-git-send-email-guo...@kernel.org/
> * relax pte attribute check
>
> v4:
> * fix encodings for hinval_vvma and hinval_gvma
> * partition inner PTE check into several steps
> * improve commit messages to describe changes
>
> v3:
> * drop "x-" in exposed properties
>
> v2:
> * add extension check for svnapot and svpbmt
>
> Guo Ren (1):
>   target/riscv: Ignore reserved bits in PTE for RV64
>
> Weiwei Li (4):
>   target/riscv: add PTE_A/PTE_D/PTE_U bits check for inner PTE
>   target/riscv: add support for svnapot extension
>   target/riscv: add support for svinval extension
>   target/riscv: add support for svpbmt extension

Thanks!

Applied to riscv-to-apply.next

Alistair

>
>  target/riscv/cpu.c  |  4 ++
>  target/riscv/cpu.h  | 16 +
>  target/riscv/cpu_bits.h |  6 ++
>  target/riscv/cpu_helper.c   | 34 +-
>  target/riscv/insn32.decode  |  7 ++
>  target/riscv/insn_trans/trans_svinval.c.inc | 75 +
>  target/riscv/translate.c|  1 +
>  7 files changed, 140 insertions(+), 3 deletions(-)
>  create mode 100644 target/riscv/insn_trans/trans_svinval.c.inc
>
> --
> 2.17.1
>
>



Re: [PATCH 6/6] target/arm: Implement FEAT_LPA2

2022-02-09 Thread Richard Henderson

On 1/8/22 01:39, Peter Maydell wrote:

(1) The handling of the BaseADDR field for TLB range
invalidates needs updating (there's a TODO to this effect in
tlbi_aa64_range_get_base()).

Side note: in that function, we shift the field by TARGET_PAGE_BITS,
but the docs say that the shift should depend on the configured
translation granule. Is that a bug?


Yes.


(2) There are some new long-form fault status codes with FEAT_LPA2,
corresponding to various fault types that can now occur at level -1.
arm_fi_to_lfsc() needs updating to handle fi->level being -1.
(You could do this bit as a preceding patch; it doesn't need to
be squashed into this one.)


Yep, thanks.


r~



[PATCH v2 06/12] Hexagon (tests/tcg/hexagon) test instructions that might set bits in USR

2022-02-09 Thread Taylor Simpson
Hexagon has ~200 instructions that set the saturate bit in USR, these
were broken into groups of similar instructions and one instruction
from each group is tested with at least one input that does not
saturate and at least one input that does saturate.

Signed-off-by: Taylor Simpson 
---
 tests/tcg/hexagon/usr.c   | 802 ++
 tests/tcg/hexagon/Makefile.target |   8 +-
 2 files changed, 809 insertions(+), 1 deletion(-)
 create mode 100644 tests/tcg/hexagon/usr.c

diff --git a/tests/tcg/hexagon/usr.c b/tests/tcg/hexagon/usr.c
new file mode 100644
index 00..327a46eeb4
--- /dev/null
+++ b/tests/tcg/hexagon/usr.c
@@ -0,0 +1,802 @@
+/*
+ *  Copyright(c) 2022 Qualcomm Innovation Center, Inc. All Rights Reserved.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+/*
+ * Test instructions that might set bits in user status register (USR)
+ */
+
+#include 
+#include 
+
+int err;
+
+static void __check(int line, uint32_t val, uint32_t expect)
+{
+if (val != expect) {
+printf("ERROR at line %d: %d != %d\n", line, val, expect);
+err++;
+}
+}
+
+#define check(RES, EXP) __check(__LINE__, RES, EXP)
+
+static void __check32(int line, uint32_t val, uint32_t expect)
+{
+if (val != expect) {
+printf("ERROR at line %d: 0x%08x != 0x%08x\n", line, val, expect);
+err++;
+}
+}
+
+#define check32(RES, EXP) __check32(__LINE__, RES, EXP)
+
+static void __check64(int line, uint64_t val, uint64_t expect)
+{
+if (val != expect) {
+printf("ERROR at line %d: 0x%016llx != 0x%016llx\n", line, val, 
expect);
+err++;
+}
+}
+
+#define check64(RES, EXP) __check64(__LINE__, RES, EXP)
+
+/*
+ * Some of the instructions tested are only available on certain versions
+ * of the Hexagon core
+ */
+#define CORE_HAS_AUDIO(__HEXAGON_ARCH__ >= 67 && 
defined(__HEXAGON_AUDIO__))
+#define CORE_IS_V67   (__HEXAGON_ARCH__ >= 67)
+
+/* Define the bits in Hexagon USR register */
+#define USR_OVF_BIT  0/* Sticky saturation overflow */
+#define USR_FPINVF_BIT   1/* IEEE FP invalid sticky flag */
+#define USR_FPDBZF_BIT   2/* IEEE FP divide-by-zero sticky flag */
+#define USR_FPOVFF_BIT   3/* IEEE FP overflow sticky flag */
+#define USR_FPUNFF_BIT   4/* IEEE FP underflow sticky flag */
+#define USR_FPINPF_BIT   5/* IEEE FP inexact sticky flag */
+
+/* Corresponding values in USR */
+#define USR_CLEAR0
+#define USR_OVF  (1 << USR_OVF_BIT)
+#define USR_FPINVF   (1 << USR_FPINVF_BIT)
+#define USR_FPDBZF   (1 << USR_FPDBZF_BIT)
+#define USR_FPOVFF   (1 << USR_FPOVFF_BIT)
+#define USR_FPUNFF   (1 << USR_FPUNFF_BIT)
+#define USR_FPINPF   (1 << USR_FPINPF_BIT)
+
+/*
+ * Templates for functions to execute an instruction
+ *
+ * The templates vary by the number of arguments and the types of the args
+ * and result.  We use one letter in the macro name for the result and each
+ * argument:
+ * x unknown (specified in a subsequent template) or don't care
+ * R register (32 bits)
+ * P pair (64 bits)
+ * p predicate
+ * I immediate
+ * Xxread/write
+ */
+
+#define CLEAR_USRBITS \
+"r2 = usr\n\t" \
+"r2 = clrbit(r2, #0)\n\t" \
+"r2 = clrbit(r2, #1)\n\t" \
+"r2 = clrbit(r2, #2)\n\t" \
+"r2 = clrbit(r2, #3)\n\t" \
+"r2 = clrbit(r2, #4)\n\t" \
+"r2 = clrbit(r2, #5)\n\t" \
+"usr = r2\n\t"
+
+/* Template for instructions with one register operand */
+#define FUNC_x_OP_x(RESTYPE, SRCTYPE, NAME, INSN) \
+static RESTYPE NAME(SRCTYPE src, uint32_t *usr_result) \
+{ \
+RESTYPE result; \
+uint32_t usr; \
+asm(CLEAR_USRBITS \
+INSN  "\n\t" \
+"%1 = usr\n\t" \
+: "=r"(result), "=r"(usr) \
+: "r"(src) \
+: "r2", "usr"); \
+  *usr_result = usr & 0x3f; \
+  return result; \
+}
+
+#define FUNC_R_OP_R(NAME, INSN) \
+FUNC_x_OP_x(uint32_t, uint32_t, NAME, INSN)
+
+#define FUNC_R_OP_P(NAME, INSN) \
+FUNC_x_OP_x(uint32_t, uint64_t, NAME, INSN)
+
+#define FUNC_P_OP_P(NAME, INSN) \
+FUNC_x_OP_x(uint64_t, uint64_t, NAME, INSN)
+
+#define FUNC_P_OP_R(NAME, INSN) \
+FUNC_x_OP_x(uint64_t, uint32_t, NAME, INSN)
+
+/*
+ * Template for instructions

[PATCH v2 01/12] Hexagon (target/hexagon) fix bug in circular addressing

2022-02-09 Thread Taylor Simpson
From: Michael Lambert 

Versions V3 and earlier should treat the "K_const" and "length" values
as unsigned.

Modified circ_test_v3() in tests/tcg/hexagon/circ.c to reproduce the bug

Signed-off-by: Michael Lambert 
Signed-off-by: Taylor Simpson 
---
 target/hexagon/op_helper.c | 6 +++---
 tests/tcg/hexagon/circ.c   | 5 +++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/target/hexagon/op_helper.c b/target/hexagon/op_helper.c
index 057baf9a48..47bd51e0ca 100644
--- a/target/hexagon/op_helper.c
+++ b/target/hexagon/op_helper.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -304,8 +304,8 @@ void HELPER(debug_commit_end)(CPUHexagonState *env, int 
has_st0, int has_st1)
 
 int32_t HELPER(fcircadd)(int32_t RxV, int32_t offset, int32_t M, int32_t CS)
 {
-int32_t K_const = sextract32(M, 24, 4);
-int32_t length = sextract32(M, 0, 17);
+uint32_t K_const = extract32(M, 24, 4);
+uint32_t length = extract32(M, 0, 17);
 uint32_t new_ptr = RxV + offset;
 uint32_t start_addr;
 uint32_t end_addr;
diff --git a/tests/tcg/hexagon/circ.c b/tests/tcg/hexagon/circ.c
index 67a1aa3054..354416eb6d 100644
--- a/tests/tcg/hexagon/circ.c
+++ b/tests/tcg/hexagon/circ.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -415,7 +415,8 @@ static void circ_test_v3(void)
 {
 int *p = wbuf;
 int size = 15;
-int K = 4;  /* 64 bytes */
+/* set high bit in K to test unsigned extract in fcirc */
+int K = 8;  /* 1024 bytes */
 int element;
 int i;
 
-- 
2.17.1



[PATCH v2 09/12] Hexagon (tests/tcg/hexagon) fix inline asm in preg_alias.c

2022-02-09 Thread Taylor Simpson
Replace consecutive inline asm blocks with a single one with proper
outputs/inputs/clobbers rather than making assumptions about register
values being carried between separate blocks.

Reviewed-by: Richard Henderson 
Signed-off-by: Taylor Simpson 
---
 tests/tcg/hexagon/preg_alias.c | 46 --
 1 file changed, 22 insertions(+), 24 deletions(-)

diff --git a/tests/tcg/hexagon/preg_alias.c b/tests/tcg/hexagon/preg_alias.c
index 0cac469b78..9f7b125998 100644
--- a/tests/tcg/hexagon/preg_alias.c
+++ b/tests/tcg/hexagon/preg_alias.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -57,17 +57,15 @@ typedef union {
 
 static inline void creg_alias(int cval, PRegs *pregs)
 {
-  unsigned char val;
-  asm volatile("c4 = %0" : : "r"(cval));
-
-  asm volatile("%0 = p0" : "=r"(val));
-  pregs->pregs.p0 = val;
-  asm volatile("%0 = p1" : "=r"(val));
-  pregs->pregs.p1 = val;
-  asm volatile("%0 = p2" : "=r"(val));
-  pregs->pregs.p2 = val;
-  asm volatile("%0 = p3" : "=r"(val));
-  pregs->pregs.p3 = val;
+  asm("c4 = %4\n\t"
+  "%0 = p0\n\t"
+  "%1 = p1\n\t"
+  "%2 = p2\n\t"
+  "%3 = p3\n\t"
+  : "=r"(pregs->pregs.p0), "=r"(pregs->pregs.p1),
+"=r"(pregs->pregs.p2), "=r"(pregs->pregs.p3)
+  : "r"(cval)
+  : "c4", "p0", "p1", "p2", "p3");
 }
 
 int err;
@@ -83,19 +81,19 @@ static void check(int val, int expect)
 static inline void creg_alias_pair(unsigned int cval, PRegs *pregs)
 {
   unsigned long long cval_pair = (0xdeadbeefULL << 32) | cval;
-  unsigned char val;
   int c5;
-  asm volatile("c5:4 = %0" : : "r"(cval_pair));
-
-  asm volatile("%0 = p0" : "=r"(val));
-  pregs->pregs.p0 = val;
-  asm volatile("%0 = p1" : "=r"(val));
-  pregs->pregs.p1 = val;
-  asm volatile("%0 = p2" : "=r"(val));
-  pregs->pregs.p2 = val;
-  asm volatile("%0 = p3" : "=r"(val));
-  pregs->pregs.p3 = val;
-  asm volatile("%0 = c5" : "=r"(c5));
+
+  asm ("c5:4 = %5\n\t"
+   "%0 = p0\n\t"
+   "%1 = p1\n\t"
+   "%2 = p2\n\t"
+   "%3 = p3\n\t"
+   "%4 = c5\n\t"
+   : "=r"(pregs->pregs.p0), "=r"(pregs->pregs.p1),
+ "=r"(pregs->pregs.p2), "=r"(pregs->pregs.p3), "=r"(c5)
+   : "r"(cval_pair)
+   : "c4", "c5", "p0", "p1", "p2", "p3");
+
   check(c5, 0xdeadbeef);
 }
 
-- 
2.17.1



[PATCH v2 08/12] Hexagon (tests/tcg/hexagon) update overflow test

2022-02-09 Thread Taylor Simpson
Add a test that sets USR multiple times in a packet

Signed-off-by: Taylor Simpson 
---
 tests/tcg/hexagon/overflow.c | 61 +++-
 1 file changed, 60 insertions(+), 1 deletion(-)

diff --git a/tests/tcg/hexagon/overflow.c b/tests/tcg/hexagon/overflow.c
index 196fcf7f3a..94087851b0 100644
--- a/tests/tcg/hexagon/overflow.c
+++ b/tests/tcg/hexagon/overflow.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2021 Qualcomm Innovation Center, Inc. All Rights Reserved.
+ *  Copyright(c) 2021-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -72,6 +72,20 @@ int read_usr_overflow(void)
 return result & 1;
 }
 
+int get_usr_overflow(int usr)
+{
+return usr & 1;
+}
+
+int get_usr_fp_invalid(int usr)
+{
+return (usr >> 1) & 1;
+}
+
+int get_usr_lpcfg(int usr)
+{
+return (usr >> 8) & 0x3;
+}
 
 jmp_buf jmp_env;
 int usr_overflow;
@@ -82,6 +96,49 @@ static void sig_segv(int sig, siginfo_t *info, void *puc)
 longjmp(jmp_env, 1);
 }
 
+static void test_packet(void)
+{
+int convres;
+int satres;
+int usr;
+
+asm("r2 = usr\n\t"
+"r2 = clrbit(r2, #0)\n\t"/* clear overflow bit */
+"r2 = clrbit(r2, #1)\n\t"/* clear FP invalid bit */
+"usr = r2\n\t"
+"{\n\t"
+"%0 = convert_sf2uw(%3):chop\n\t"
+"%1 = satb(%4)\n\t"
+"}\n\t"
+"%2 = usr\n\t"
+: "=r"(convres), "=r"(satres), "=r"(usr)
+: "r"(0x6a051b86), "r"(0x0410eec0)
+: "r2", "usr");
+
+check(convres, 0x);
+check(satres, 0x7f);
+check(get_usr_overflow(usr), 1);
+check(get_usr_fp_invalid(usr), 1);
+
+asm("r2 = usr\n\t"
+"r2 = clrbit(r2, #0)\n\t"/* clear overflow bit */
+"usr = r2\n\t"
+"%2 = r2\n\t"
+"p3 = sp3loop0(1f, #1)\n\t"
+"1:\n\t"
+"{\n\t"
+"%0 = satb(%2)\n\t"
+"}:endloop0\n\t"
+"%1 = usr\n\t"
+: "=r"(satres), "=r"(usr)
+: "r"(0x0410eec0)
+: "r2", "usr", "p3", "sa0", "lc0");
+
+check(satres, 0x7f);
+check(get_usr_overflow(usr), 1);
+check(get_usr_lpcfg(usr), 2);
+}
+
 int main()
 {
 struct sigaction act;
@@ -102,6 +159,8 @@ int main()
 
 check(usr_overflow, 0);
 
+test_packet();
+
 puts(err ? "FAIL" : "PASS");
 return err ? EXIT_FAILURE : EXIT_SUCCESS;
 }
-- 
2.17.1



[PATCH v2 12/12] Hexagon (target/hexagon) assignment to c4 should wait until packet commit

2022-02-09 Thread Taylor Simpson
On Hexagon, c4 is an alias for predicate registers P3:0.  If we assign to
c4 inside a packet with reads from predicate registers, the predicate
reads should get the old values.

Test case added to tests/tcg/hexagon/preg_alias.c

Co-authored-by: Michael Lambert 
Signed-off-by: Taylor Simpson 
---
 target/hexagon/genptr.c| 14 -
 tests/tcg/hexagon/preg_alias.c | 38 ++
 2 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/target/hexagon/genptr.c b/target/hexagon/genptr.c
index 4419d30e23..cd6af4bceb 100644
--- a/target/hexagon/genptr.c
+++ b/target/hexagon/genptr.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -210,11 +210,15 @@ static inline void gen_read_ctrl_reg_pair(DisasContext 
*ctx, const int reg_num,
 }
 }
 
-static inline void gen_write_p3_0(TCGv control_reg)
+static void gen_write_p3_0(DisasContext *ctx, TCGv control_reg)
 {
+TCGv hex_p8 = tcg_temp_new();
 for (int i = 0; i < NUM_PREGS; i++) {
-tcg_gen_extract_tl(hex_pred[i], control_reg, i * 8, 8);
+tcg_gen_extract_tl(hex_p8, control_reg, i * 8, 8);
+gen_log_pred_write(ctx, i, hex_p8);
+ctx_log_pred_write(ctx, i);
 }
+tcg_temp_free(hex_p8);
 }
 
 /*
@@ -228,7 +232,7 @@ static inline void gen_write_ctrl_reg(DisasContext *ctx, 
int reg_num,
   TCGv val)
 {
 if (reg_num == HEX_REG_P3_0) {
-gen_write_p3_0(val);
+gen_write_p3_0(ctx, val);
 } else {
 gen_log_reg_write(reg_num, val);
 ctx_log_reg_write(ctx, reg_num);
@@ -250,7 +254,7 @@ static inline void gen_write_ctrl_reg_pair(DisasContext 
*ctx, int reg_num,
 if (reg_num == HEX_REG_P3_0) {
 TCGv val32 = tcg_temp_new();
 tcg_gen_extrl_i64_i32(val32, val);
-gen_write_p3_0(val32);
+gen_write_p3_0(ctx, val32);
 tcg_gen_extrh_i64_i32(val32, val);
 gen_log_reg_write(reg_num + 1, val32);
 tcg_temp_free(val32);
diff --git a/tests/tcg/hexagon/preg_alias.c b/tests/tcg/hexagon/preg_alias.c
index 9f7b125998..b04c45632c 100644
--- a/tests/tcg/hexagon/preg_alias.c
+++ b/tests/tcg/hexagon/preg_alias.c
@@ -97,6 +97,42 @@ static inline void creg_alias_pair(unsigned int cval, PRegs 
*pregs)
   check(c5, 0xdeadbeef);
 }
 
+static void test_packet(void)
+{
+/*
+ * Test that setting c4 inside a packet doesn't impact the predicates
+ * that are read during the packet.
+ */
+
+int result;
+int old_val = 0x001c;
+
+/* Test a predicated register transfer */
+result = old_val;
+asm (
+ "c4 = %1\n\t"
+ "{\n\t"
+ "c4 = %2\n\t"
+ "if (!p2) %0 = %3\n\t"
+ "}\n\t"
+ : "+r"(result)
+ : "r"(0x), "r"(0xff00), "r"(0x837ed653)
+ : "c4", "p0", "p1", "p2", "p3");
+check(result, old_val);
+
+/* Test a predicated store */
+result = 0x;
+asm ("c4 = %0\n\t"
+ "{\n\t"
+ "c4 = %1\n\t"
+ "if (!p2) memw(%2) = #0\n\t"
+ "}\n\t"
+ :
+ : "r"(0), "r"(0x), "r"(&result)
+ : "c4", "p0", "p1", "p2", "p3", "memory");
+check(result, 0x0);
+}
+
 int main()
 {
 int c4;
@@ -162,6 +198,8 @@ int main()
 creg_alias_pair(0x, &pregs);
 check(pregs.creg, 0x);
 
+test_packet();
+
 puts(err ? "FAIL" : "PASS");
 return err;
 }
-- 
2.17.1



[PATCH v2 05/12] Hexagon (target/hexagon) properly handle denorm in arch_sf_recip_common

2022-02-09 Thread Taylor Simpson
The arch_sf_recip_common function was calling float32_getexp which
adjusts for denorm, but the we actually need the raw exponent bits.

This function is called from 3 instructions
sfrecipa
sffixupn
sffixupd

Test cases added to tests/tcg/hexagon/fpstuff.c

Signed-off-by: Taylor Simpson 
---
 target/hexagon/fma_emu.h|  6 -
 target/hexagon/arch.c   |  6 ++---
 tests/tcg/hexagon/fpstuff.c | 44 ++---
 3 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/target/hexagon/fma_emu.h b/target/hexagon/fma_emu.h
index e3b99a8cf4..91591d6050 100644
--- a/target/hexagon/fma_emu.h
+++ b/target/hexagon/fma_emu.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -24,6 +24,10 @@ static inline bool is_finite(float64 x)
 }
 
 int32_t float64_getexp(float64 f64);
+static inline uint32_t float32_getexp_raw(float32 f32)
+{
+return extract32(f32, 23, 8);
+}
 int32_t float32_getexp(float32 f32);
 float32 infinite_float32(uint8_t sign);
 float32 internal_fmafx(float32 a, float32 b, float32 c,
diff --git a/target/hexagon/arch.c b/target/hexagon/arch.c
index 68a55b3bd4..da79b41c4d 100644
--- a/target/hexagon/arch.c
+++ b/target/hexagon/arch.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -298,8 +298,8 @@ int arch_sf_recip_common(float32 *Rs, float32 *Rt, float32 
*Rd, int *adjust,
 } else {
 PeV = 0x00;
 /* Basic checks passed */
-n_exp = float32_getexp(RsV);
-d_exp = float32_getexp(RtV);
+n_exp = float32_getexp_raw(RsV);
+d_exp = float32_getexp_raw(RtV);
 if ((n_exp - d_exp + SF_BIAS) <= SF_MANTBITS) {
 /* Near quotient underflow / inexact Q */
 PeV = 0x80;
diff --git a/tests/tcg/hexagon/fpstuff.c b/tests/tcg/hexagon/fpstuff.c
index 0dff429f4c..043f18fab3 100644
--- a/tests/tcg/hexagon/fpstuff.c
+++ b/tests/tcg/hexagon/fpstuff.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2020-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *  Copyright(c) 2020-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -38,6 +38,8 @@ const int SF_NaN_special =0x7f81;
 const int SF_ANY =0x3f80;
 const int SF_HEX_NAN =0x;
 const int SF_small_neg =  0xab98fba8;
+const int SF_denorm = 0x0001;
+const int SF_random = 0x346001d6;
 
 const long long DF_NaN =  0x7ff8ULL;
 const long long DF_ANY =  0x3f80ULL;
@@ -250,10 +252,11 @@ static void check_dfminmax(void)
 check_fpstatus(usr, FPINVF);
 }
 
-static void check_recip_exception(void)
+static void check_sfrecipa(void)
 {
 int result;
 int usr;
+int pred;
 
 /*
  * Check that sfrecipa doesn't set status bits when
@@ -329,6 +332,17 @@ static void check_recip_exception(void)
  : "r2", "p0", "usr");
 check32(result, 0x3f80);
 check_fpstatus(usr, 0);
+
+/*
+ * Check that sfrecipa properly handles denorm
+ */
+asm (CLEAR_FPSTATUS
+ "%0,p0 = sfrecipa(%2, %3)\n\t"
+ "%1 = p0\n\t"
+ : "=r"(result), "=r"(pred) : "r"(SF_denorm), "r"(SF_random)
+ : "p0", "usr");
+check32(result, 0x6a920001);
+check32(pred, 0x80);
 }
 
 static void check_canonical_NaN(void)
@@ -455,6 +469,28 @@ static void check_invsqrta(void)
 check32(predval, 0x0);
 }
 
+static void check_sffixupn(void)
+{
+int result;
+
+/* Check that sffixupn properly deals with denorm */
+asm volatile("%0 = sffixupn(%1, %2)\n\t"
+ : "=r"(result)
+ : "r"(SF_random), "r"(SF_denorm));
+check32(result, 0x246001d6);
+}
+
+static void check_sffixupd(void)
+{
+int result;
+
+/* Check that sffixupd properly deals with denorm */
+asm volatile("%0 = sffixupd(%1, %2)\n\t"
+ : "=r"(result)
+ : "r"(SF_denorm), "r"(SF_random));
+check32(result, 0x146001d6);
+}
+
 static void check_float2int_convs()
 {
 int res32;
@@ -602,9 +638,11 @@ int main()
 check_compare_exception();
 check_sfminmax();
 check_dfminmax();
-check_recip_exception();
+check_sfrecipa();
 check_canonical_NaN();
 

[PATCH v2 04/12] Hexagon (target/hexagon) properly handle SNaN in dfmin/dfmax/sfmin/sfmax

2022-02-09 Thread Taylor Simpson
The float??_minnum implementation differs from Hexagon for SNaN,
it returns NaN, but Hexagon returns the other input.  So, we add
checks for NaN before calling it.

test cases added in a subsequent patch to more extensively test USR bits

Signed-off-by: Taylor Simpson 
---
 target/hexagon/op_helper.c | 54 +-
 1 file changed, 48 insertions(+), 6 deletions(-)

diff --git a/target/hexagon/op_helper.c b/target/hexagon/op_helper.c
index 75dc0f23f0..7f40e09486 100644
--- a/target/hexagon/op_helper.c
+++ b/target/hexagon/op_helper.c
@@ -947,7 +947,17 @@ float32 HELPER(sfmax)(CPUHexagonState *env, float32 RsV, 
float32 RtV)
 {
 float32 RdV;
 arch_fpop_start(env);
-RdV = float32_maxnum(RsV, RtV, &env->fp_status);
+if (float32_is_signaling_nan(RsV, &env->fp_status) &&
+!float32_is_any_nan(RtV)) {
+RdV = RtV;
+float_raise(float_flag_invalid, &env->fp_status);
+} else if (!float32_is_any_nan(RsV) &&
+   float32_is_signaling_nan(RtV, &env->fp_status)) {
+RdV = RsV;
+float_raise(float_flag_invalid, &env->fp_status);
+} else {
+RdV = float32_maxnum(RsV, RtV, &env->fp_status);
+}
 arch_fpop_end(env);
 return RdV;
 }
@@ -956,7 +966,17 @@ float32 HELPER(sfmin)(CPUHexagonState *env, float32 RsV, 
float32 RtV)
 {
 float32 RdV;
 arch_fpop_start(env);
-RdV = float32_minnum(RsV, RtV, &env->fp_status);
+if (float32_is_signaling_nan(RsV, &env->fp_status) &&
+!float32_is_any_nan(RtV)) {
+RdV = RtV;
+float_raise(float_flag_invalid, &env->fp_status);
+} else if (!float32_is_any_nan(RsV) &&
+   float32_is_signaling_nan(RtV, &env->fp_status)) {
+RdV = RsV;
+float_raise(float_flag_invalid, &env->fp_status);
+} else {
+RdV = float32_minnum(RsV, RtV, &env->fp_status);
+}
 arch_fpop_end(env);
 return RdV;
 }
@@ -1040,9 +1060,20 @@ float64 HELPER(dfmax)(CPUHexagonState *env, float64 
RssV, float64 RttV)
 {
 float64 RddV;
 arch_fpop_start(env);
-RddV = float64_maxnum(RssV, RttV, &env->fp_status);
-if (float64_is_any_nan(RssV) || float64_is_any_nan(RttV)) {
+if (float64_is_signaling_nan(RssV, &env->fp_status) &&
+!float64_is_any_nan(RttV)) {
+RddV = RttV;
 float_raise(float_flag_invalid, &env->fp_status);
+} else if (!float64_is_any_nan(RssV) &&
+   float64_is_signaling_nan(RttV, &env->fp_status)) {
+RddV = RssV;
+float_raise(float_flag_invalid, &env->fp_status);
+} else {
+RddV = float64_maxnum(RssV, RttV, &env->fp_status);
+if (float64_is_quiet_nan(RssV, &env->fp_status) ||
+float64_is_quiet_nan(RttV, &env->fp_status)) {
+float_raise(float_flag_invalid, &env->fp_status);
+}
 }
 arch_fpop_end(env);
 return RddV;
@@ -1052,9 +1083,20 @@ float64 HELPER(dfmin)(CPUHexagonState *env, float64 
RssV, float64 RttV)
 {
 float64 RddV;
 arch_fpop_start(env);
-RddV = float64_minnum(RssV, RttV, &env->fp_status);
-if (float64_is_any_nan(RssV) || float64_is_any_nan(RttV)) {
+if (float64_is_signaling_nan(RssV, &env->fp_status) &&
+!float64_is_any_nan(RttV)) {
+RddV = RttV;
 float_raise(float_flag_invalid, &env->fp_status);
+} else if (!float64_is_any_nan(RssV) &&
+   float64_is_signaling_nan(RttV, &env->fp_status)) {
+RddV = RssV;
+float_raise(float_flag_invalid, &env->fp_status);
+} else {
+RddV = float64_minnum(RssV, RttV, &env->fp_status);
+if (float64_is_quiet_nan(RssV, &env->fp_status) ||
+float64_is_quiet_nan(RttV, &env->fp_status)) {
+float_raise(float_flag_invalid, &env->fp_status);
+}
 }
 arch_fpop_end(env);
 return RddV;
-- 
2.17.1



[PATCH v2 07/12] Hexagon (tests/tcg/hexagon) add floating point instructions to usr.c

2022-02-09 Thread Taylor Simpson
Tests to confirm floating point instructions are properly
setting exception bits in USR

Signed-off-by: Taylor Simpson 
---
 tests/tcg/hexagon/usr.c | 339 
 1 file changed, 339 insertions(+)

diff --git a/tests/tcg/hexagon/usr.c b/tests/tcg/hexagon/usr.c
index 327a46eeb4..a0006da25a 100644
--- a/tests/tcg/hexagon/usr.c
+++ b/tests/tcg/hexagon/usr.c
@@ -78,6 +78,34 @@ static void __check64(int line, uint64_t val, uint64_t 
expect)
 #define USR_FPUNFF   (1 << USR_FPUNFF_BIT)
 #define USR_FPINPF   (1 << USR_FPINPF_BIT)
 
+/* Some useful floating point values */
+const uint32_t SF_INF =  0x7f80;
+const uint32_t SF_QNaN = 0x7fc0;
+const uint32_t SF_SNaN = 0x7fb0;
+const uint32_t SF_QNaN_neg = 0xffc0;
+const uint32_t SF_SNaN_neg = 0xffb0;
+const uint32_t SF_HEX_NaN =  0x;
+const uint32_t SF_zero = 0x;
+const uint32_t SF_one =  0x3f80;
+const uint32_t SF_one_recip =0x3f7f0001; /* 0.9960...  */
+const uint32_t SF_one_invsqrta = 0x3f7f; /* 0.99609375 */
+const uint32_t SF_two =  0x4000;
+const uint32_t SF_four = 0x4080;
+const uint32_t SF_small_neg =0xab98fba8;
+const uint32_t SF_large_pos =0x5afa572e;
+
+const uint64_t DF_QNaN = 0x7ff8ULL;
+const uint64_t DF_SNaN = 0x7ff7ULL;
+const uint64_t DF_QNaN_neg = 0xfff8ULL;
+const uint64_t DF_SNaN_neg = 0xfff7ULL;
+const uint64_t DF_HEX_NaN =  0xULL;
+const uint64_t DF_zero = 0xULL;
+const uint64_t DF_any =  0x3f80ULL;
+const uint64_t DF_one =  0x3ff0ULL;
+const uint64_t DF_one_hh =   0x3ff001ff8000ULL; /* 1.00048... 
*/
+const uint64_t DF_small_neg =0xbd731f75ULL;
+const uint64_t DF_large_pos =0x7f81ULL;
+
 /*
  * Templates for functions to execute an instruction
  *
@@ -313,6 +341,29 @@ static RESTYPE NAME(RESTYPE result, SRC1TYPE src1, 
SRC2TYPE src2, uint8_t pred,\
 #define FUNC_XR_OP_RRp(NAME, INSN) \
 FUNC_Xx_OP_xxp(uint32_t, uint32_t, uint32_t, NAME, INSN)
 
+/* Template for compare instructions with two register operands */
+#define FUNC_CMP_xx(SRC1TYPE, SRC2TYPE, NAME, INSN) \
+static uint32_t NAME(SRC1TYPE src1, SRC2TYPE src2, uint32_t *usr_result) \
+{ \
+uint32_t result; \
+uint32_t usr; \
+asm(CLEAR_USRBITS \
+INSN "\n\t" \
+"%0 = p1\n\t" \
+"%1 = usr\n\t" \
+: "=r"(result), "=r"(usr) \
+: "r"(src1), "r"(src2) \
+: "p1", "r2", "usr"); \
+*usr_result = usr & 0x3f; \
+return result; \
+}
+
+#define FUNC_CMP_RR(NAME, INSN) \
+FUNC_CMP_xx(uint32_t, uint32_t, NAME, INSN)
+
+#define FUNC_CMP_PP(NAME, INSN) \
+FUNC_CMP_xx(uint64_t, uint64_t, NAME, INSN)
+
 /*
  * Function declarations using the templates
  */
@@ -383,6 +434,69 @@ FUNC_R_OP_RR(asr_r_r_sat,   "%0 = asr(%2, %3):sat")
 
 FUNC_XPp_OP_PP(ACS, "%0, p2 = vacsh(%3, %4)")
 
+/* Floating point */
+FUNC_R_OP_RR(sfmin, "%0 = sfmin(%2, %3)")
+FUNC_R_OP_RR(sfmax, "%0 = sfmax(%2, %3)")
+FUNC_R_OP_RR(sfadd, "%0 = sfadd(%2, %3)")
+FUNC_R_OP_RR(sfsub, "%0 = sfsub(%2, %3)")
+FUNC_R_OP_RR(sfmpy, "%0 = sfmpy(%2, %3)")
+FUNC_XR_OP_RR(sffma,"%0 += sfmpy(%2, %3)")
+FUNC_XR_OP_RR(sffms,"%0 -= sfmpy(%2, %3)")
+FUNC_CMP_RR(sfcmpuo,"p1 = sfcmp.uo(%2, %3)")
+FUNC_CMP_RR(sfcmpeq,"p1 = sfcmp.eq(%2, %3)")
+FUNC_CMP_RR(sfcmpgt,"p1 = sfcmp.gt(%2, %3)")
+FUNC_CMP_RR(sfcmpge,"p1 = sfcmp.ge(%2, %3)")
+
+FUNC_P_OP_PP(dfadd, "%0 = dfadd(%2, %3)")
+FUNC_P_OP_PP(dfsub, "%0 = dfsub(%2, %3)")
+
+#if CORE_IS_V67
+FUNC_P_OP_PP(dfmin, "%0 = dfmin(%2, %3)")
+FUNC_P_OP_PP(dfmax, "%0 = dfmax(%2, %3)")
+FUNC_XP_OP_PP(dfmpyhh,  "%0 += dfmpyhh(%2, %3)")
+#endif
+
+FUNC_CMP_PP(dfcmpuo,"p1 = dfcmp.uo(%2, %3)")
+FUNC_CMP_PP(dfcmpeq,"p1 = dfcmp.eq(%2, %3)")
+FUNC_CMP_PP(dfcmpgt,"p1 = dfcmp.gt(%2, %3)")
+FUNC_CMP_PP(dfcmpge,"p1 = dfcmp.ge(%2, %3)")
+
+/* Conversions from sf */
+FUNC_P_OP_R(conv_sf2df, "%0 = convert_sf2df(%2)")
+FUNC_R_OP_R(conv_sf2uw, "%0 = convert_sf2uw(%2)")
+FUNC_R_OP_R(conv_sf2w,  "%0 = convert_sf2w(%2)")
+FUNC_P_OP_R(conv_sf2ud, "%0 = convert_sf2ud(%2)")
+FUNC_P_OP_R(conv_sf2d,  "%0 = convert_sf2d(%2)")
+FUNC_R_OP_R(conv_sf2uw_chop,"%0 = convert_sf2uw(%2):chop")
+FUNC_R_OP_R(conv_sf2w_chop, "%0 = convert_sf2w(%2):chop")
+FUNC_P_OP_R(conv_sf2ud_chop,"%0 = convert_sf2ud(%2):chop")
+FUNC_P_OP_R(conv_sf2d_chop, "%0 = convert_sf2d(%2):chop")
+
+/* Conversions from df */
+FUNC_R_OP

[PATCH v2 11/12] Hexagon (target/hexagon) make VyV operands use a unique temp

2022-02-09 Thread Taylor Simpson
VyV operand is only used in the vshuff and vdeal instructions.  These
instructions write to both VyV and VxV operands.  In the case where
both operands are the same register, we need a separate location for
VyV.  We use the existing vtmp field in CPUHexagonState.

Test case added in tests/tcg/hexagon/hvx_misc.c

Signed-off-by: Taylor Simpson 
---
 tests/tcg/hexagon/hvx_misc.c| 45 +
 target/hexagon/gen_tcg_funcs.py |  9 +++
 2 files changed, 49 insertions(+), 5 deletions(-)

diff --git a/tests/tcg/hexagon/hvx_misc.c b/tests/tcg/hexagon/hvx_misc.c
index b896f5897e..6e2c9ab3cd 100644
--- a/tests/tcg/hexagon/hvx_misc.c
+++ b/tests/tcg/hexagon/hvx_misc.c
@@ -498,6 +498,49 @@ static void test_vsubuwsat_dv(void)
 check_output_w(__LINE__, 2);
 }
 
+static void test_vshuff(void)
+{
+/* Test that vshuff works when the two operands are the same register */
+const uint32_t splat = 0x089be55c;
+const uint32_t shuff = 0x454fa926;
+MMVector v0, v1;
+
+memset(expect, 0x12, sizeof(MMVector));
+memset(output, 0x34, sizeof(MMVector));
+
+asm volatile("v25 = vsplat(%0)\n\t"
+ "vshuff(v25, v25, %1)\n\t"
+ "vmem(%2 + #0) = v25\n\t"
+ : /* no outputs */
+ : "r"(splat), "r"(shuff), "r"(output)
+ : "v25", "memory");
+
+/*
+ * The semantics of Hexagon are the operands are pass-by-value, so create
+ * two copies of the vsplat result.
+ */
+for (int i = 0; i < MAX_VEC_SIZE_BYTES / 4; i++) {
+v0.uw[i] = splat;
+v1.uw[i] = splat;
+}
+/* Do the vshuff operation */
+for (int offset = 1; offset < MAX_VEC_SIZE_BYTES; offset <<= 1) {
+if (shuff & offset) {
+for (int k = 0; k < MAX_VEC_SIZE_BYTES; k++) {
+if (!(k & offset)) {
+uint8_t tmp = v0.ub[k];
+v0.ub[k] = v1.ub[k + offset];
+v1.ub[k + offset] = tmp;
+}
+}
+}
+}
+/* Put the result in the expect buffer for verification */
+expect[0] = v1;
+
+check_output_b(__LINE__, 1);
+}
+
 int main()
 {
 init_buffers();
@@ -533,6 +576,8 @@ int main()
 test_vadduwsat();
 test_vsubuwsat_dv();
 
+test_vshuff();
+
 puts(err ? "FAIL" : "PASS");
 return err ? 1 : 0;
 }
diff --git a/target/hexagon/gen_tcg_funcs.py b/target/hexagon/gen_tcg_funcs.py
index 1fd9de95d5..d72c689ad7 100755
--- a/target/hexagon/gen_tcg_funcs.py
+++ b/target/hexagon/gen_tcg_funcs.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 
 ##
-##  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+##  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
 ##
 ##  This program is free software; you can redistribute it and/or modify
 ##  it under the terms of the GNU General Public License as published by
@@ -164,7 +164,9 @@ def genptr_decl(f, tag, regtype, regid, regno):
 (regtype, regid, regno))
 f.write("const intptr_t %s%sV_off =\n" % \
 (regtype, regid))
-if (hex_common.is_tmp_result(tag)):
+if (regid == "y"):
+f.write("offsetof(CPUHexagonState, vtmp);\n")
+elif (hex_common.is_tmp_result(tag)):
 f.write("ctx_tmp_vreg_off(ctx, %s%sN, 1, true);\n" % \
 (regtype, regid))
 else:
@@ -379,9 +381,6 @@ def genptr_src_read(f, tag, regtype, regid):
 f.write("vreg_src_off(ctx, %s%sN),\n" % \
  (regtype, regid))
 f.write("sizeof(MMVector), sizeof(MMVector));\n")
-if (not hex_common.skip_qemu_helper(tag)):
-f.write("tcg_gen_addi_ptr(%s%sV, cpu_env, %s%sV_off);\n" % 
\
- (regtype, regid, regtype, regid))
 else:
 print("Bad register parse: ", regtype, regid)
 elif (regtype == "Q"):
-- 
2.17.1



[PATCH v2 03/12] Hexagon (target/hexagon) properly set FPINVF bit in sfcmp.uo and dfcmp.uo

2022-02-09 Thread Taylor Simpson
Instead of checking for nan arguments, use float??_unordered_quiet

test cases added in a subsequent patch to more extensively test USR bits

Signed-off-by: Taylor Simpson 
---
 target/hexagon/op_helper.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/target/hexagon/op_helper.c b/target/hexagon/op_helper.c
index 47bd51e0ca..75dc0f23f0 100644
--- a/target/hexagon/op_helper.c
+++ b/target/hexagon/op_helper.c
@@ -938,8 +938,7 @@ int32_t HELPER(sfcmpuo)(CPUHexagonState *env, float32 RsV, 
float32 RtV)
 {
 int32_t PdV;
 arch_fpop_start(env);
-PdV = f8BITSOF(float32_is_any_nan(RsV) ||
-   float32_is_any_nan(RtV));
+PdV = f8BITSOF(float32_unordered_quiet(RsV, RtV, &env->fp_status));
 arch_fpop_end(env);
 return PdV;
 }
@@ -1097,8 +1096,7 @@ int32_t HELPER(dfcmpuo)(CPUHexagonState *env, float64 
RssV, float64 RttV)
 {
 int32_t PdV;
 arch_fpop_start(env);
-PdV = f8BITSOF(float64_is_any_nan(RssV) ||
-   float64_is_any_nan(RttV));
+PdV = f8BITSOF(float64_unordered_quiet(RssV, RttV, &env->fp_status));
 arch_fpop_end(env);
 return PdV;
 }
-- 
2.17.1



[PATCH v2 00/12] Hexagon bug fixes and additional tests

2022-02-09 Thread Taylor Simpson
Fix bugs reported from Hexagon users

There is a pattern of issues setting bits in user status register (USR),
so I created new tests dedicated to instructions that might set USR.

 Changes in v2 
Make the _chop versions of float-to-int conversions use :chop insns in usr.c
Additional bug fixes
Fix inline  asm in preg_alias test
Bug in conv_df2uw_chop
Make VyV operands use a unique temp
Assignment to c4 should wait until packet commit



Michael Lambert (1):
  Hexagon (target/hexagon) fix bug in circular addressing

Taylor Simpson (11):
  Hexagon HVX (target/hexagon) fix bug in HVX saturate instructions
  Hexagon (target/hexagon) properly set FPINVF bit in sfcmp.uo and
dfcmp.uo
  Hexagon (target/hexagon) properly handle SNaN in
dfmin/dfmax/sfmin/sfmax
  Hexagon (target/hexagon) properly handle denorm in
arch_sf_recip_common
  Hexagon (tests/tcg/hexagon) test instructions that might set bits in
USR
  Hexagon (tests/tcg/hexagon) add floating point instructions to usr.c
  Hexagon (tests/tcg/hexagon) update overflow test
  Hexagon (tests/tcg/hexagon) fix inline asm in preg_alias.c
  Hexagon (target/hexagon) fix bug in conv_df2uw_chop
  Hexagon (target/hexagon) make VyV operands use a unique temp
  Hexagon (target/hexagon) assignment to c4 should wait until packet
commit

 target/hexagon/fma_emu.h  |6 +-
 target/hexagon/macros.h   |4 +-
 target/hexagon/arch.c |6 +-
 target/hexagon/genptr.c   |   14 +-
 target/hexagon/op_helper.c|   68 +-
 tests/tcg/hexagon/circ.c  |5 +-
 tests/tcg/hexagon/fpstuff.c   |   44 +-
 tests/tcg/hexagon/hvx_misc.c  |  116 ++-
 tests/tcg/hexagon/overflow.c  |   61 +-
 tests/tcg/hexagon/preg_alias.c|   84 ++-
 tests/tcg/hexagon/usr.c   | 1145 +
 target/hexagon/gen_tcg_funcs.py   |9 +-
 tests/tcg/hexagon/Makefile.target |8 +-
 13 files changed, 1508 insertions(+), 62 deletions(-)
 create mode 100644 tests/tcg/hexagon/usr.c

-- 
2.17.1



[PATCH v2 10/12] Hexagon (target/hexagon) fix bug in conv_df2uw_chop

2022-02-09 Thread Taylor Simpson
Fix typo that checked for 32 bit nan instead of 64 bit

Test case added in tests/tcg/hexagon/usr.c

Signed-off-by: Taylor Simpson 
---
 target/hexagon/op_helper.c | 2 +-
 tests/tcg/hexagon/usr.c| 4 
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/target/hexagon/op_helper.c b/target/hexagon/op_helper.c
index 7f40e09486..47729a48bd 100644
--- a/target/hexagon/op_helper.c
+++ b/target/hexagon/op_helper.c
@@ -829,7 +829,7 @@ uint32_t HELPER(conv_df2uw_chop)(CPUHexagonState *env, 
float64 RssV)
 uint32_t RdV;
 arch_fpop_start(env);
 /* Hexagon checks the sign before rounding */
-if (float64_is_neg(RssV) && !float32_is_any_nan(RssV)) {
+if (float64_is_neg(RssV) && !float64_is_any_nan(RssV)) {
 float_raise(float_flag_invalid, &env->fp_status);
 RdV = 0;
 } else {
diff --git a/tests/tcg/hexagon/usr.c b/tests/tcg/hexagon/usr.c
index a0006da25a..1b7d43baf4 100644
--- a/tests/tcg/hexagon/usr.c
+++ b/tests/tcg/hexagon/usr.c
@@ -1072,6 +1072,10 @@ int main()
 TEST_P_OP_P(conv_df2d,DF_SNaN,  0xULL,  
USR_FPINVF);
 TEST_R_OP_P(conv_df2uw_chop,  DF_QNaN,  0x, 
USR_FPINVF);
 TEST_R_OP_P(conv_df2uw_chop,  DF_SNaN,  0x, 
USR_FPINVF);
+
+/* Test for typo in HELPER(conv_df2uw_chop) */
+TEST_R_OP_P(conv_df2uw_chop, 0xff7f0001ULL, 0x, 
USR_FPINVF);
+
 TEST_R_OP_P(conv_df2w_chop,   DF_QNaN,  0x, 
USR_FPINVF);
 TEST_R_OP_P(conv_df2w_chop,   DF_SNaN,  0x, 
USR_FPINVF);
 TEST_P_OP_P(conv_df2ud_chop,  DF_QNaN,  0xULL,  
USR_FPINVF);
-- 
2.17.1



[PATCH v2 02/12] Hexagon HVX (target/hexagon) fix bug in HVX saturate instructions

2022-02-09 Thread Taylor Simpson
Two tests added to tests/tcg/hexagon/hvx_misc.c
v21.uw = vadd(v11.uw, v10.uw):sat
v25:24.uw = vsub(v17:16.uw, v27:26.uw):sat

Signed-off-by: Taylor Simpson 
---
 target/hexagon/macros.h  |  4 +-
 tests/tcg/hexagon/hvx_misc.c | 71 +++-
 2 files changed, 72 insertions(+), 3 deletions(-)

diff --git a/target/hexagon/macros.h b/target/hexagon/macros.h
index 19d103cad5..a78e84faa4 100644
--- a/target/hexagon/macros.h
+++ b/target/hexagon/macros.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -268,7 +268,7 @@ static inline void gen_pred_cancel(TCGv pred, int slot_num)
 
 #define fVSATUVALN(N, VAL) \
 ({ \
-(((int)(VAL)) < 0) ? 0 : ((1LL << (N)) - 1); \
+(((int64_t)(VAL)) < 0) ? 0 : ((1LL << (N)) - 1); \
 })
 #define fSATUVALN(N, VAL) \
 ({ \
diff --git a/tests/tcg/hexagon/hvx_misc.c b/tests/tcg/hexagon/hvx_misc.c
index 312bb98b41..b896f5897e 100644
--- a/tests/tcg/hexagon/hvx_misc.c
+++ b/tests/tcg/hexagon/hvx_misc.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2021 Qualcomm Innovation Center, Inc. All Rights Reserved.
+ *  Copyright(c) 2021-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -19,6 +19,7 @@
 #include 
 #include 
 #include 
+#include 
 
 int err;
 
@@ -432,6 +433,71 @@ TEST_PRED_OP2(pred_and, and, &, "")
 TEST_PRED_OP2(pred_and_n, and, &, "!")
 TEST_PRED_OP2(pred_xor, xor, ^, "")
 
+static void test_vadduwsat(void)
+{
+/*
+ * Test for saturation by adding two numbers that add to more than UINT_MAX
+ * and make sure the result saturates to UINT_MAX
+ */
+const uint32_t x = 0x;
+const uint32_t y = 0x000f;
+
+memset(expect, 0x12, sizeof(MMVector));
+memset(output, 0x34, sizeof(MMVector));
+
+asm volatile ("v10 = vsplat(%0)\n\t"
+  "v11 = vsplat(%1)\n\t"
+  "v21.uw = vadd(v11.uw, v10.uw):sat\n\t"
+  "vmem(%2+#0) = v21\n\t"
+  : /* no outputs */
+  : "r"(x), "r"(y), "r"(output)
+  : "v10", "v11", "v21", "memory");
+
+for (int j = 0; j < MAX_VEC_SIZE_BYTES / 4; j++) {
+expect[0].uw[j] = UINT_MAX;
+}
+
+check_output_w(__LINE__, 1);
+}
+
+static void test_vsubuwsat_dv(void)
+{
+/*
+ * Test for saturation by subtracting two numbers where the result is
+ * negative and make sure the result saturates to zero
+ *
+ * vsubuwsat_dv operates on an HVX register pair, so we'll have a
+ * pair of subtractions
+ * w - x < 0
+ * y - z < 0
+ */
+const uint32_t w = 0x00b7;
+const uint32_t x = 0xff4e;
+const uint32_t y = 0x31fe88e7;
+const uint32_t z = 0x7f79;
+
+memset(expect, 0x12, sizeof(MMVector) * 2);
+memset(output, 0x34, sizeof(MMVector) * 2);
+
+asm volatile ("v16 = vsplat(%0)\n\t"
+  "v17 = vsplat(%1)\n\t"
+  "v26 = vsplat(%2)\n\t"
+  "v27 = vsplat(%3)\n\t"
+  "v25:24.uw = vsub(v17:16.uw, v27:26.uw):sat\n\t"
+  "vmem(%4+#0) = v24\n\t"
+  "vmem(%4+#1) = v25\n\t"
+  : /* no outputs */
+  : "r"(w), "r"(y), "r"(x), "r"(z), "r"(output)
+  : "v16", "v17", "v24", "v25", "v26", "v27", "memory");
+
+for (int j = 0; j < MAX_VEC_SIZE_BYTES / 4; j++) {
+expect[0].uw[j] = 0x;
+expect[1].uw[j] = 0x;
+}
+
+check_output_w(__LINE__, 2);
+}
+
 int main()
 {
 init_buffers();
@@ -464,6 +530,9 @@ int main()
 test_pred_and_n(true);
 test_pred_xor(false);
 
+test_vadduwsat();
+test_vsubuwsat_dv();
+
 puts(err ? "FAIL" : "PASS");
 return err ? 1 : 0;
 }
-- 
2.17.1



Re: [PATCH] docs/system: riscv: Update description of CPU

2022-02-09 Thread Alistair Francis
On Wed, Feb 9, 2022 at 1:49 AM Yu Li  wrote:
>
> Since the hypervisor extension been non experimental and enabled for
> default CPU, the previous command is no longer available and the
> option `x-h=true` or `h=true` is also no longer required.
>
> Signed-off-by: Yu Li 

Reviewed-by: Alistair Francis 

Alistair

> ---
>   docs/system/riscv/virt.rst | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/docs/system/riscv/virt.rst b/docs/system/riscv/virt.rst
> index fa016584bf..08ce3c4177 100644
> --- a/docs/system/riscv/virt.rst
> +++ b/docs/system/riscv/virt.rst
> @@ -23,9 +23,9 @@ The ``virt`` machine supports the following devices:
>   * 1 generic PCIe host bridge
>   * The fw_cfg device that allows a guest to obtain data from QEMU
>
> -Note that the default CPU is a generic RV32GC/RV64GC. Optional extensions
> -can be enabled via command line parameters, e.g.: ``-cpu rv64,x-h=true``
> -enables the hypervisor extension for RV64.
> +The hypervisor extension has been enabled for the default CPU, so virtual
> +machines with hypervisor extension can simply be used without explicitly
> +declaring.
>
>   Hardware configuration information
>   --
> --
> 2.20.1
>



Re: [PATCH v5 0/2] Enable legacy LBR support for guest

2022-02-09 Thread Yang, Weijiang



On 2/9/2022 5:14 PM, Like Xu wrote:

Hi Weijiang,

On 23/1/2022 12:11 am, Yang Weijiang wrote:

KVM legacy LBR patches have been merged in kernel 5.12, this patchset
is to expose the feature to guest from the perf capability MSR. Qemu can
add LBR format in cpu option to achieve it, e.g., -cpu host,lbr-fmt=0x5,


Some older Intel CPUs may have lbr-fmt=LBR_FORMAT_32 (which is 0), would
you help verify that KVM is supported on these platforms ? If so, how 
do we enable

guest LBR form the QEMU side, w/ -cpu host,lbr-fmt=0x0 ?


Hi, Like, do you know which cpu model or platform so that I can have a 
test on?





the format should match host value in IA32_PERF_CAPABILITIES.

Note, KVM legacy LBR solution accelerates guest perf performace by 
LBR MSR

passthrough so it requires guest cpu model matches that of host's, i.e.,


Would you help add live migration support across host/guest CPU models 
when
hosts at both ends have the same number of LBR entries and the same 
lbr-fmt ?
Yes, I'm working on this part for Arch LBR, then enable it for legacy 
LBR as well.


Thanks,
Like Xu


only -cpu host is supported.

Change in v5:
1. This patchset is rebased on tip : 6621441db5
2. No functional change since v4.




Re: [PATCH 4/6] target/arm: Implement FEAT_LVA

2022-02-09 Thread Richard Henderson

On 1/7/22 07:23, Peter Maydell wrote:

On Wed, 8 Dec 2021 at 23:16, Richard Henderson
 wrote:


This feature is relatively small, as it applies only to
64k pages and thus requires no additional changes to the
table descriptor walking algorithm, only a change to the
minimum TSZ (which is the inverse of the maximum virtual
address space size).

Signed-off-by: Richard Henderson 


FEAT_LVA also expands the size of the VA field in
DBGBVR_EL1. We currently hardcode the size of that
in hw_breakpoint_update() where we do:
 addr = sextract64(bvr, 0, 49) & ~3ULL;

This is also true of DBGWVR_EL1, except that there
we seem to have chosen to take advantage of the spec
defining the high bits of the register as RESS (ie
sign-extended) and we always use all of the address bits
regardless. Maybe we could do something similar with DBGBVR.


We treat DBGBVR and DBGWVR similarly, with the exception that DVGBVR is context dependent, 
so we must wait until we interpret it together with DBGBCR.


However, I think the combination of IMPLEMENTATION DEFINED for storing the value as 
written and CONSTRAINED UNPREDICTABLE for comparing the RESS bits means that we're allowed 
to rely on Software to perform the appropriate extension and store and compare the entire 
register.


I'll fix this in a separate patch.


r~



Re: [PATCH v5 03/18] pci: isolated address space for PCI bus

2022-02-09 Thread Jag Raman


> On Feb 2, 2022, at 12:34 AM, Alex Williamson  
> wrote:
> 
> On Wed, 2 Feb 2022 01:13:22 +
> Jag Raman  wrote:
> 
>>> On Feb 1, 2022, at 5:47 PM, Alex Williamson  
>>> wrote:
>>> 
>>> On Tue, 1 Feb 2022 21:24:08 +
>>> Jag Raman  wrote:
>>> 
> On Feb 1, 2022, at 10:24 AM, Alex Williamson  
> wrote:
> 
> On Tue, 1 Feb 2022 09:30:35 +
> Stefan Hajnoczi  wrote:
> 
>> On Mon, Jan 31, 2022 at 09:16:23AM -0700, Alex Williamson wrote:
>>> On Fri, 28 Jan 2022 09:18:08 +
>>> Stefan Hajnoczi  wrote:
>>> 
 On Thu, Jan 27, 2022 at 02:22:53PM -0700, Alex Williamson wrote:  
> If the goal here is to restrict DMA between devices, ie. peer-to-peer
> (p2p), why are we trying to re-invent what an IOMMU already does? 
>
 
 The issue Dave raised is that vfio-user servers run in separate
 processses from QEMU with shared memory access to RAM but no direct
 access to non-RAM MemoryRegions. The virtiofs DAX Window BAR is one
 example of a non-RAM MemoryRegion that can be the source/target of DMA
 requests.
 
 I don't think IOMMUs solve this problem but luckily the vfio-user
 protocol already has messages that vfio-user servers can use as a
 fallback when DMA cannot be completed through the shared memory RAM
 accesses.
 
> In
> fact, it seems like an IOMMU does this better in providing an IOVA
> address space per BDF.  Is the dynamic mapping overhead too much?  
> What
> physical hardware properties or specifications could we leverage to
> restrict p2p mappings to a device?  Should it be governed by machine
> type to provide consistency between devices?  Should each "isolated"
> bus be in a separate root complex?  Thanks,
 
 There is a separate issue in this patch series regarding isolating the
 address space where BAR accesses are made (i.e. the global
 address_space_memory/io). When one process hosts multiple vfio-user
 server instances (e.g. a software-defined network switch with multiple
 ethernet devices) then each instance needs isolated memory and io 
 address
 spaces so that vfio-user clients don't cause collisions when they map
 BARs to the same address.
 
 I think the the separate root complex idea is a good solution. This
 patch series takes a different approach by adding the concept of
 isolated address spaces into hw/pci/.  
>>> 
>>> This all still seems pretty sketchy, BARs cannot overlap within the
>>> same vCPU address space, perhaps with the exception of when they're
>>> being sized, but DMA should be disabled during sizing.
>>> 
>>> Devices within the same VM context with identical BARs would need to
>>> operate in different address spaces.  For example a translation offset
>>> in the vCPU address space would allow unique addressing to the devices,
>>> perhaps using the translation offset bits to address a root complex and
>>> masking those bits for downstream transactions.
>>> 
>>> In general, the device simply operates in an address space, ie. an
>>> IOVA.  When a mapping is made within that address space, we perform a
>>> translation as necessary to generate a guest physical address.  The
>>> IOVA itself is only meaningful within the context of the address space,
>>> there is no requirement or expectation for it to be globally unique.
>>> 
>>> If the vfio-user server is making some sort of requirement that IOVAs
>>> are unique across all devices, that seems very, very wrong.  Thanks,
>>>   
>> 
>> Yes, BARs and IOVAs don't need to be unique across all devices.
>> 
>> The issue is that there can be as many guest physical address spaces as
>> there are vfio-user clients connected, so per-client isolated address
>> spaces are required. This patch series has a solution to that problem
>> with the new pci_isol_as_mem/io() API.
> 
> Sorry, this still doesn't follow for me.  A server that hosts multiple
> devices across many VMs (I'm not sure if you're referring to the device
> or the VM as a client) needs to deal with different address spaces per
> device.  The server needs to be able to uniquely identify every DMA,
> which must be part of the interface protocol.  But I don't see how that
> imposes a requirement of an isolated address space.  If we want the
> device isolated because we don't trust the server, that's where an IOMMU
> provides per device isolation.  What is the restriction of the
> per-client isolated address space and why do we need it?  The server
> needing to support multiple clients is not a sufficient answer to
> impose new PCI bus types with an implicit rest

Re: [RFC PATCH 12/15] hw/m68k: Restrict M68kCPU type to target/ code

2022-02-09 Thread Richard Henderson

On 2/10/22 10:09, Philippe Mathieu-Daudé wrote:

On 9/2/22 23:50, Richard Henderson wrote:

On 2/10/22 08:54, Philippe Mathieu-Daudé wrote:

Signed-off-by: Philippe Mathieu-Daudé 
---
  include/hw/m68k/mcf.h | 3 +--
  target/m68k/cpu-qom.h | 2 --
  target/m68k/cpu.h | 4 ++--
  3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/include/hw/m68k/mcf.h b/include/hw/m68k/mcf.h
index 8cbd587bbf..e84fcfb4ca 100644
--- a/include/hw/m68k/mcf.h
+++ b/include/hw/m68k/mcf.h
@@ -3,7 +3,6 @@
  /* Motorola ColdFire device prototypes.  */
  #include "exec/hwaddr.h"
-#include "target/m68k/cpu-qom.h"
  /* mcf_uart.c */
  uint64_t mcf_uart_read(void *opaque, hwaddr addr,
@@ -16,7 +15,7 @@ void mcf_uart_mm_init(hwaddr base, qemu_irq irq, Chardev 
*chr);
  /* mcf_intc.c */
  qemu_irq *mcf_intc_init(struct MemoryRegion *sysmem,
  hwaddr base,
-    M68kCPU *cpu);
+    ArchCPU *cpu);
  /* mcf5206.c */
  #define TYPE_MCF5206_MBAR "mcf5206-mbar"


This part is ok.


diff --git a/target/m68k/cpu-qom.h b/target/m68k/cpu-qom.h
index c2c0736b3b..ec75adad69 100644
--- a/target/m68k/cpu-qom.h
+++ b/target/m68k/cpu-qom.h
@@ -25,8 +25,6 @@
  #define TYPE_M68K_CPU "m68k-cpu"
-typedef struct ArchCPU M68kCPU;
-
  OBJECT_DECLARE_TYPE(ArchCPU, M68kCPUClass,
  M68K_CPU)
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 872e8ce637..90be69e714 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -156,14 +156,14 @@ typedef struct CPUArchState {
   *
   * A Motorola 68k CPU.
   */
-struct ArchCPU {
+typedef struct ArchCPU {
  /*< private >*/
  CPUState parent_obj;
  /*< public >*/
  CPUNegativeOffsetState neg;
  CPUM68KState env;
-};
+} M68kCPU;


I don't like these.  Rationale?


Short-term idea: hw/ models only have access to cpu-qom.h declarations
and opaque pointers to generic CPU objects.

hw/ should not include cpu.h at all. By restricting FooCPU to target/
code, hw/ files fail to compile if using FooCPU and not ArchCPU.


Yes, that would be ideal.  If you do want to bring the typedef into cpu.h, please keep it 
separate; it's easier to read.  Especially since one normally expects


typedef struct Foo {
  ...
} Foo;

and that's not what's happening here.


Long-term idea, each target/ is built as a module, exposing an uniform
arch-API.


That would be awesome, yes.


I'm still prototyping to see how to disentangle arch-specific hw which
access CPU internals (such ARM NVIC or MIPS ITU).


Complicated, yes.  If it comes to it, I would not be opposed to having these tightly 
coupled devices live in target/, but let's see if you can avoid it.



r~



Re: [PATCH 3/3] isa/piix4: Resolve global variables

2022-02-09 Thread BB
Am 30. Januar 2022 23:53:42 MEZ schrieb "Philippe Mathieu-Daudé" 
:
>On 14/1/22 14:36, Peter Maydell wrote:
>> On Wed, 12 Jan 2022 at 22:02, Bernhard Beschow  wrote:
>>>
>>> Now that piix4_set_irq's opaque parameter references own PIIX4State,
>>> piix4_dev becomes redundant and pci_irq_levels can be moved into PIIX4State.
>>>
>>> Signed-off-by: Bernhard Beschow 
>>> ---
>>>   hw/isa/piix4.c| 22 +-
>>>   include/hw/southbridge/piix.h |  2 --
>>>   2 files changed, 9 insertions(+), 15 deletions(-)
>>>
>>> diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
>>> index a31e9714cf..964e09cf7f 100644
>>> --- a/hw/isa/piix4.c
>>> +++ b/hw/isa/piix4.c
>>> @@ -39,14 +39,14 @@
>>>   #include "sysemu/runstate.h"
>>>   #include "qom/object.h"
>>>
>>> -PCIDevice *piix4_dev;
>>> -
>>>   struct PIIX4State {
>>>   PCIDevice dev;
>>>   qemu_irq cpu_intr;
>>>   qemu_irq *isa;
>>>   qemu_irq i8259[ISA_NUM_IRQS];
>>>
>>> +int pci_irq_levels[PIIX_NUM_PIRQS];
>>> +
>> 
>> I wondered how we were migrating this state, and the answer
>> seems to be that we aren't (and weren't before, when it was
>> a global variable, so this is a pre-existing bug).
>
>Indeed the migrated VM starts with PCI IRQ levels zeroed.
>
>> Does the malta platform support migration save/load?
>
>Maybe a "best effort" support, but not versioned machines.
>
>> We should probably add this field to the vmstate struct
>> (which will be a migration compatibility break, which is OK
>> as the malta board isn't versioned.)
>
>Yeah good catch.
>
>Bernhard, do you mind adding it?

Sure, I'll give it a try. Shall I submit a v2 of this patch series then? If so, 
would it be ok to change the topic of the cover letter or would that be 
confusing?

Last but not least: How to treat the version_id and the version parameters of 
the new and existing fields?

Regards,

Bernhard.




[PATCH 6/9] exec: Define MMUAccessType in 'exec/cpu-tlb.h' header

2022-02-09 Thread Philippe Mathieu-Daudé via
To reduce the inclusion of "hw/core/cpu.h", extract
MMUAccessType to its own "exec/cpu-tlb.h" header.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/exec/cpu-defs.h   |  1 +
 include/exec/cpu-tlb.h| 16 
 include/exec/cpu_ldst.h   |  1 +
 include/exec/exec-all.h   |  3 +++
 include/hw/core/cpu.h |  6 --
 include/hw/core/tcg-cpu-ops.h |  1 +
 target/arm/internals.h|  1 +
 target/mips/internal.h|  1 +
 target/ppc/internal.h |  2 ++
 target/ppc/mmu-hash32.h   |  2 ++
 target/ppc/mmu-hash64.h   |  2 ++
 target/ppc/mmu-radix64.h  |  2 ++
 target/s390x/s390x-internal.h |  2 ++
 13 files changed, 34 insertions(+), 6 deletions(-)
 create mode 100644 include/exec/cpu-tlb.h

diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index ba3cd32a1e..c7eefb8633 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -29,6 +29,7 @@
 #include "exec/hwaddr.h"
 #endif
 #include "exec/memattrs.h"
+#include "exec/cpu-tlb.h"
 #include "hw/core/cpu.h"
 
 #include "cpu-param.h"
diff --git a/include/exec/cpu-tlb.h b/include/exec/cpu-tlb.h
new file mode 100644
index 00..dccf91a817
--- /dev/null
+++ b/include/exec/cpu-tlb.h
@@ -0,0 +1,16 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * cpu-tlb.h: MMUAccessType definitions
+ *
+ */
+
+#ifndef EXEC_CPU_TLB_H
+#define EXEC_CPU_TLB_H
+
+typedef enum MMUAccessType {
+MMU_DATA_LOAD  = 0,
+MMU_DATA_STORE = 1,
+MMU_INST_FETCH = 2
+} MMUAccessType;
+
+#endif
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index 5c66de..3784316471 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -63,6 +63,7 @@
 #define CPU_LDST_H
 
 #include "exec/memopidx.h"
+#include "exec/cpu-tlb.h"
 #include "qemu/int128.h"
 #include "cpu.h"
 
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index d2cb0981f4..537f465f54 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -381,6 +381,9 @@ static inline void 
tlb_flush_range_by_mmuidx_all_cpus_synced(CPUState *cpu,
 {
 }
 #endif
+
+#include "exec/cpu-tlb.h"
+
 /**
  * probe_access:
  * @env: CPUArchState
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index c9d41e4ece..0b844cbf27 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -55,12 +55,6 @@ typedef struct CPUClass CPUClass;
 DECLARE_CLASS_CHECKERS(CPUClass, CPU,
TYPE_CPU)
 
-typedef enum MMUAccessType {
-MMU_DATA_LOAD  = 0,
-MMU_DATA_STORE = 1,
-MMU_INST_FETCH = 2
-} MMUAccessType;
-
 typedef struct CPUWatchpoint CPUWatchpoint;
 
 /* see tcg-cpu-ops.h */
diff --git a/include/hw/core/tcg-cpu-ops.h b/include/hw/core/tcg-cpu-ops.h
index e13898553a..2c81fff428 100644
--- a/include/hw/core/tcg-cpu-ops.h
+++ b/include/hw/core/tcg-cpu-ops.h
@@ -10,6 +10,7 @@
 #ifndef TCG_CPU_OPS_H
 #define TCG_CPU_OPS_H
 
+#include "exec/cpu-tlb.h"
 #include "hw/core/cpu.h"
 
 struct TCGCPUOps {
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 3f05748ea4..4c006aa6b4 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -25,6 +25,7 @@
 #ifndef TARGET_ARM_INTERNALS_H
 #define TARGET_ARM_INTERNALS_H
 
+#include "exec/cpu-tlb.h"
 #include "hw/registerfields.h"
 #include "tcg/tcg-gvec-desc.h"
 #include "syndrome.h"
diff --git a/target/mips/internal.h b/target/mips/internal.h
index ac6e03e2f2..f0f885005f 100644
--- a/target/mips/internal.h
+++ b/target/mips/internal.h
@@ -8,6 +8,7 @@
 #ifndef MIPS_INTERNAL_H
 #define MIPS_INTERNAL_H
 
+#include "exec/cpu-tlb.h"
 #include "exec/memattrs.h"
 #ifdef CONFIG_TCG
 #include "tcg/tcg-internal.h"
diff --git a/target/ppc/internal.h b/target/ppc/internal.h
index 6aa9484f34..20010f53e7 100644
--- a/target/ppc/internal.h
+++ b/target/ppc/internal.h
@@ -18,6 +18,8 @@
 #ifndef PPC_INTERNAL_H
 #define PPC_INTERNAL_H
 
+#include "exec/cpu-tlb.h"
+
 #define FUNC_MASK(name, ret_type, size, max_val)  \
 static inline ret_type name(uint##size##_t start, \
   uint##size##_t end) \
diff --git a/target/ppc/mmu-hash32.h b/target/ppc/mmu-hash32.h
index 3892b693d6..c6fcdebac5 100644
--- a/target/ppc/mmu-hash32.h
+++ b/target/ppc/mmu-hash32.h
@@ -3,6 +3,8 @@
 
 #ifndef CONFIG_USER_ONLY
 
+#include "exec/cpu-tlb.h"
+
 hwaddr get_pteg_offset32(PowerPCCPU *cpu, hwaddr hash);
 bool ppc_hash32_xlate(PowerPCCPU *cpu, vaddr eaddr, MMUAccessType access_type,
   hwaddr *raddrp, int *psizep, int *protp, int mmu_idx,
diff --git a/target/ppc/mmu-hash64.h b/target/ppc/mmu-hash64.h
index 1496955d38..002dc4aec7 100644
--- a/target/ppc/mmu-hash64.h
+++ b/target/ppc/mmu-hash64.h
@@ -3,6 +3,8 @@
 
 #ifndef CONFIG_USER_ONLY
 
+#include "exec/cpu-tlb.h"
+
 #ifdef TARGET_PPC64
 void dump_slb(PowerPCCPU *cpu);
 int ppc_store_slb(PowerPCCPU *cpu, target_ulong slot,
diff --git a/target/ppc/mmu-radix64.h b/target/ppc/mmu-radix64.h
index 4c768aa5cc..6019

Re: [PATCH v5 09/11] 9p: darwin: Implement compatibility for mknodat

2022-02-09 Thread Akihiko Odaki
On Thu, Feb 10, 2022 at 3:20 AM Will Cohen  wrote:
>
> On Wed, Feb 9, 2022 at 9:08 AM Christian Schoenebeck  
> wrote:
>>
>> On Mittwoch, 9. Februar 2022 14:33:25 CET Akihiko Odaki wrote:
>> > > I like the idea of switching it to __attribute__((weak)). I should note
>> > > that I'm not sure that I can actually fully test this out since I'm
>> > > getting stuck with the linker noting my undefined fake function during
>> > > the build, but the idea does make logical sense to me for the future fail
>> > > case and the happy case builds again when implemented with actual
>> > > pthread_fchdir_np:
>> > >
>> > > [1075/2909] Linking target qemu-nbd
>> > > FAILED: qemu-nbd
>> > > cc -m64 -mcx16  -o qemu-nbd qemu-nbd.p/qemu-nbd.c.o 
>> > > -Wl,-dead_strip_dylibs
>> > > -Wl,-headerpad_max_install_names -Wl,-undefined,error -Wl,-force_load
>> > > libblockdev.fa -Wl,-force_load libblock.fa -Wl,-force_load libcrypto.fa
>> > > -Wl,-force_load libauthz.fa -Wl,-force_load libqom.fa -Wl,-force_load
>> > > libio.fa -fstack-protector-strong
>> > > -Wl,-rpath,/usr/local/Cellar/gnutls/3.7.3/lib
>> > > -Wl,-rpath,/usr/local/Cellar/pixman/0.40.0/lib libqemuutil.a
>> > > libblockdev.fa libblock.fa libcrypto.fa libauthz.fa libqom.fa libio.fa
>> > > @block.syms /usr/local/Cellar/gnutls/3.7.3/lib/libgnutls.dylib -lutil
>> > > -L/usr/local/Cellar/glib/2.70.3/lib -L/usr/local/opt/gettext/lib
>> > > -lgio-2.0 -lgobject-2.0 -lglib-2.0 -lintl
>> > > -L/usr/local/Cellar/glib/2.70.3/lib -L/usr/local/opt/gettext/lib
>> > > -lgio-2.0 -lgobject-2.0 -lglib-2.0 -lintl -lm
>> > > -L/usr/local/Cellar/glib/2.70.3/lib -L/usr/local/opt/gettext/lib
>> > > -lgmodule-2.0 -lglib-2.0 -lintl
>> > > /usr/local/Cellar/pixman/0.40.0/lib/libpixman-1.dylib -lz -lxml2
>> > > -framework CoreFoundation -framework IOKit -lcurl
>> > > -L/usr/local/Cellar/glib/2.70.3/lib -L/usr/local/opt/gettext/lib
>> > > -lgmodule-2.0 -lglib-2.0 -lintl -lbz2
>> > > /usr/local/Cellar/libssh/0.9.6/lib/libssh.dylib -lpam>
>> > > Undefined symbols for architecture x86_64:
>> > >   "_pthread_fchdir_npfoo", referenced from:
>> > >   _qemu_mknodat in libblockdev.fa(os-posix.c.o)
>> > >
>> > > ld: symbol(s) not found for architecture x86_64
>> > > clang: error: linker command failed with exit code 1 (use -v to see
>> > > invocation) ninja: build stopped: subcommand failed.
>> > > make[1]: *** [run-ninja] Error 1
>> > > make: *** [all] Error 2
>> > >
>> > > With that caveat re testing in mind, unless there's another recommended
>> > > path forward, I think it makes sense to stick with __attribute__((weak))
>> > > and prepare v6 which incorporates this and all the other feedback from
>> > > this round.
>> > __attribute__((weak_import)), which explicitly marks the function as
>> > external, is more appropriate here. It is feature-equivalent with the
>> > availability attribute when the minimum deployment target is lower
>> > than the version which introduced the function.
>>
>> Thanks for chiming in on this macOS issue Akihiko!
>>
>> Are you sure that "weak_import" is still the preferred way? From behaviour 
>> PoV
>> I do not see any difference at all. I can't even tell what the intended
>> difference was, and QEMU currently only seems to use "weak" in the entire 
>> code
>> base.
>>
>> Googling around, "weak_import" seems to be required on ancient OS X versions
>> only and that it's now deprecated in favour of the more common "weak", no?
>>
>> Best regards,
>> Christian Schoenebeck
>
>
> Either way seems reasonable to me. For reference, what I'm seeing on Google 
> and what Christian may be referring to is a circa-2016 conversation on GCC 
> bugzilla, where a tentative conclusion seems to be that the distinction 
> between the two is small and weak is probably preferred now: 
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69179
>

GCC doesn't maintain features specific to Apple well so we should look
at clang. Compiling QEMU for macOS with GCC would result in errors
anyway because QEMU uses clang extensions like availability checks and
blocks for Apple's ABIs/APIs. clang still distinguishes
__attribute__((weak)) and __attribute__((weak_import)).

The present uses of __attribute__((weak)) in QEMU are correct and
shouldn't be replaced with __attribute__((weak_import)) even when
targeting macOS since they have default implementations and are
statically resolved.

Regards,
Akihiko Odaki



[PATCH 8/9] user: Declare target-agnostic prototypes in 'user/cpu-common.h'

2022-02-09 Thread Philippe Mathieu-Daudé via
Move user-mode common prototypes from "exec/exec-all.h"
to "user/cpu-common.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
 bsd-user/qemu.h |  2 --
 include/exec/cpu-all.h  |  3 +--
 include/exec/exec-all.h | 10 --
 include/user/cpu-common.h   | 36 
 include/user/cpu-target.h   |  1 +
 linux-user/exit.c   |  3 +--
 linux-user/user-internals.h | 10 --
 7 files changed, 39 insertions(+), 26 deletions(-)
 create mode 100644 include/user/cpu-common.h

diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index 2f67776b0b..afaf94412e 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -182,8 +182,6 @@ abi_long do_openbsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 abi_long arg2, abi_long arg3, abi_long arg4,
 abi_long arg5, abi_long arg6);
 void gemu_log(const char *fmt, ...) GCC_FMT_ATTR(1, 2);
-extern __thread CPUState *thread_cpu;
-void cpu_loop(CPUArchState *env);
 char *target_strerror(int err);
 int get_osversion(void);
 void fork_start(void);
diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 08b2894274..e9cf20560f 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -296,9 +296,8 @@ void *page_alloc_target_data(target_ulong address, size_t 
size);
  * at @address, as per page_alloc_target_data.
  */
 void *page_get_target_data(target_ulong address);
-#endif
 
-CPUArchState *cpu_copy(CPUArchState *env);
+#endif /* CONFIG_USER_ONLY */
 
 /* Flags for use in ENV->INTERRUPT_PENDING.
 
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index e8f14b6844..545cc16a67 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -639,16 +639,6 @@ static inline tb_page_addr_t 
get_page_addr_code_hostp(CPUArchState *env,
 return addr;
 }
 
-/**
- * adjust_signal_pc:
- * @pc: raw pc from the host signal ucontext_t.
- * @is_write: host memory operation was write, or read-modify-write.
- *
- * Alter @pc as required for unwinding.  Return the type of the
- * guest memory access -- host reads may be for guest execution.
- */
-MMUAccessType adjust_signal_pc(uintptr_t *pc, bool is_write);
-
 #else
 static inline void mmap_lock(void) {}
 static inline void mmap_unlock(void) {}
diff --git a/include/user/cpu-common.h b/include/user/cpu-common.h
new file mode 100644
index 00..267acb143a
--- /dev/null
+++ b/include/user/cpu-common.h
@@ -0,0 +1,36 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * cpu-target.h: user-mode target-agnostic execution prototypes
+ *
+ */
+
+#ifndef USER_CPU_COMMON_H
+#define USER_CPU_COMMON_H
+
+#include "exec/cpu-tlb.h"
+
+extern __thread CPUState *thread_cpu;
+
+/**
+ * adjust_signal_pc:
+ * @pc: raw pc from the host signal ucontext_t.
+ * @is_write: host memory operation was write, or read-modify-write.
+ *
+ * Alter @pc as required for unwinding.  Return the type of the
+ * guest memory access -- host reads may be for guest execution.
+ */
+MMUAccessType adjust_signal_pc(uintptr_t *pc, bool is_write);
+
+void QEMU_NORETURN cpu_loop(CPUArchState *env);
+
+CPUArchState *cpu_copy(CPUArchState *env);
+
+/**
+ * preexit_cleanup: housekeeping before the guest exits
+ *
+ * env: the CPU state
+ * code: the exit code
+ */
+void preexit_cleanup(CPUArchState *env, int code);
+
+#endif
diff --git a/include/user/cpu-target.h b/include/user/cpu-target.h
index e621fb9f3d..4fbdb35fa4 100644
--- a/include/user/cpu-target.h
+++ b/include/user/cpu-target.h
@@ -9,6 +9,7 @@
 
 #include "exec/cpu-tlb.h"
 #include "exec/cpu_ldst.h" /* abi_ptr */
+#include "user/cpu-common.h"
 
 /**
  * handle_sigsegv_accerr_write:
diff --git a/linux-user/exit.c b/linux-user/exit.c
index 10989f17f8..2c8a8dd75d 100644
--- a/linux-user/exit.c
+++ b/linux-user/exit.c
@@ -19,8 +19,7 @@
 #include "qemu/osdep.h"
 #include "qemu/plugin.h"
 #include "exec/gdbstub.h"
-#include "qemu.h"
-#include "user-internals.h"
+#include "user/cpu-common.h"
 #ifdef CONFIG_GPROF
 #include 
 #endif
diff --git a/linux-user/user-internals.h b/linux-user/user-internals.h
index 4d0f682aea..d17f3c9300 100644
--- a/linux-user/user-internals.h
+++ b/linux-user/user-internals.h
@@ -63,8 +63,6 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 abi_long arg2, abi_long arg3, abi_long arg4,
 abi_long arg5, abi_long arg6, abi_long arg7,
 abi_long arg8);
-extern __thread CPUState *thread_cpu;
-void QEMU_NORETURN cpu_loop(CPUArchState *env);
 const char *target_strerror(int err);
 int get_osversion(void);
 void init_qemu_uname_release(void);
@@ -166,14 +164,6 @@ static inline int regpairs_aligned(void *cpu_env, int num) 
{ return 1; }
 static inline int regpairs_aligned(void *cpu_env, int num) { return 0; }
 #endif
 
-/**
- * preexit_cleanup: housekeeping before the guest exits
- *
- * env: the CPU state
- * code: the exit code
- */
-void preexit_cleanup(CPUArchState *env, int code);
-
 /*
  * Inc

[PATCH 5/9] linux-user/cpu_loop: Add missing 'exec/cpu-all.h' header

2022-02-09 Thread Philippe Mathieu-Daudé via
env_cpu() is declared in "exec/cpu-all.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
 linux-user/cpu_loop-common.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/linux-user/cpu_loop-common.h b/linux-user/cpu_loop-common.h
index dc0042e4de..b0fd1ea3b1 100644
--- a/linux-user/cpu_loop-common.h
+++ b/linux-user/cpu_loop-common.h
@@ -20,6 +20,7 @@
 #ifndef CPU_LOOP_COMMON_H
 #define CPU_LOOP_COMMON_H
 
+#include "exec/cpu-all.h"
 #include "exec/log.h"
 #include "special-errno.h"
 
-- 
2.34.1




Re: [RFC PATCH 12/15] hw/m68k: Restrict M68kCPU type to target/ code

2022-02-09 Thread Philippe Mathieu-Daudé via

On 9/2/22 23:50, Richard Henderson wrote:

On 2/10/22 08:54, Philippe Mathieu-Daudé wrote:

Signed-off-by: Philippe Mathieu-Daudé 
---
  include/hw/m68k/mcf.h | 3 +--
  target/m68k/cpu-qom.h | 2 --
  target/m68k/cpu.h | 4 ++--
  3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/include/hw/m68k/mcf.h b/include/hw/m68k/mcf.h
index 8cbd587bbf..e84fcfb4ca 100644
--- a/include/hw/m68k/mcf.h
+++ b/include/hw/m68k/mcf.h
@@ -3,7 +3,6 @@
  /* Motorola ColdFire device prototypes.  */
  #include "exec/hwaddr.h"
-#include "target/m68k/cpu-qom.h"
  /* mcf_uart.c */
  uint64_t mcf_uart_read(void *opaque, hwaddr addr,
@@ -16,7 +15,7 @@ void mcf_uart_mm_init(hwaddr base, qemu_irq irq, 
Chardev *chr);

  /* mcf_intc.c */
  qemu_irq *mcf_intc_init(struct MemoryRegion *sysmem,
  hwaddr base,
-    M68kCPU *cpu);
+    ArchCPU *cpu);
  /* mcf5206.c */
  #define TYPE_MCF5206_MBAR "mcf5206-mbar"


This part is ok.


diff --git a/target/m68k/cpu-qom.h b/target/m68k/cpu-qom.h
index c2c0736b3b..ec75adad69 100644
--- a/target/m68k/cpu-qom.h
+++ b/target/m68k/cpu-qom.h
@@ -25,8 +25,6 @@
  #define TYPE_M68K_CPU "m68k-cpu"
-typedef struct ArchCPU M68kCPU;
-
  OBJECT_DECLARE_TYPE(ArchCPU, M68kCPUClass,
  M68K_CPU)
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 872e8ce637..90be69e714 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -156,14 +156,14 @@ typedef struct CPUArchState {
   *
   * A Motorola 68k CPU.
   */
-struct ArchCPU {
+typedef struct ArchCPU {
  /*< private >*/
  CPUState parent_obj;
  /*< public >*/
  CPUNegativeOffsetState neg;
  CPUM68KState env;
-};
+} M68kCPU;


I don't like these.  Rationale?


Short-term idea: hw/ models only have access to cpu-qom.h declarations
and opaque pointers to generic CPU objects.

hw/ should not include cpu.h at all. By restricting FooCPU to target/
code, hw/ files fail to compile if using FooCPU and not ArchCPU.


Long-term idea, each target/ is built as a module, exposing an uniform
arch-API.

I'm still prototyping to see how to disentangle arch-specific hw which
access CPU internals (such ARM NVIC or MIPS ITU).



[PATCH 7/9] user: Declare target-specific prototypes in 'user/cpu-target.h'

2022-02-09 Thread Philippe Mathieu-Daudé via
Move user-mode specific prototypes from "exec/exec-all.h"
to "user/cpu-target.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
 accel/tcg/user-exec.c|  1 +
 bsd-user/elfload.c   |  1 +
 bsd-user/main.c  |  1 +
 bsd-user/signal.c|  1 +
 include/exec/exec-all.h  | 41 
 include/user/cpu-target.h| 55 
 linux-user/aarch64/cpu_loop.c|  1 +
 linux-user/alpha/cpu_loop.c  |  1 +
 linux-user/arm/cpu_loop.c|  1 +
 linux-user/arm/signal.c  |  1 +
 linux-user/cris/cpu_loop.c   |  1 +
 linux-user/elfload.c |  1 +
 linux-user/hexagon/cpu_loop.c|  1 +
 linux-user/hppa/cpu_loop.c   |  1 +
 linux-user/hppa/signal.c |  1 +
 linux-user/i386/cpu_loop.c   |  1 +
 linux-user/linuxload.c   |  1 +
 linux-user/m68k/cpu_loop.c   |  1 +
 linux-user/main.c|  1 +
 linux-user/microblaze/cpu_loop.c |  1 +
 linux-user/mips/cpu_loop.c   |  1 +
 linux-user/mmap.c|  1 +
 linux-user/nios2/cpu_loop.c  |  1 +
 linux-user/openrisc/cpu_loop.c   |  1 +
 linux-user/ppc/cpu_loop.c|  1 +
 linux-user/ppc/signal.c  |  1 +
 linux-user/riscv/cpu_loop.c  |  1 +
 linux-user/s390x/cpu_loop.c  |  1 +
 linux-user/sh4/cpu_loop.c|  1 +
 linux-user/signal.c  |  1 +
 linux-user/sparc/cpu_loop.c  |  1 +
 linux-user/syscall.c |  1 +
 linux-user/uaccess.c |  1 +
 linux-user/xtensa/cpu_loop.c |  1 +
 34 files changed, 87 insertions(+), 41 deletions(-)
 create mode 100644 include/user/cpu-target.h

diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c
index 6f5d4933f0..c05bd84f1b 100644
--- a/accel/tcg/user-exec.c
+++ b/accel/tcg/user-exec.c
@@ -28,6 +28,7 @@
 #include "qemu/atomic128.h"
 #include "trace/trace-root.h"
 #include "tcg/tcg-ldst.h"
+#include "user/cpu-target.h"
 #include "internal.h"
 
 __thread uintptr_t helper_retaddr;
diff --git a/bsd-user/elfload.c b/bsd-user/elfload.c
index 142a5bfac2..d64b0de0f4 100644
--- a/bsd-user/elfload.c
+++ b/bsd-user/elfload.c
@@ -20,6 +20,7 @@
 #include "qemu/osdep.h"
 
 #include "qemu.h"
+#include "user/cpu-target.h"
 #include "disas/disas.h"
 #include "qemu/path.h"
 
diff --git a/bsd-user/main.c b/bsd-user/main.c
index f1d58e905e..93f7851fdd 100644
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -47,6 +47,7 @@
 #include "trace/control.h"
 #include "crypto/init.h"
 #include "qemu/guest-random.h"
+#include "user/cpu-target.h"
 
 #include "host-os.h"
 #include "target_arch_cpu.h"
diff --git a/bsd-user/signal.c b/bsd-user/signal.c
index 8a36b696d8..15af69c509 100644
--- a/bsd-user/signal.c
+++ b/bsd-user/signal.c
@@ -21,6 +21,7 @@
 #include "qemu/osdep.h"
 #include "qemu/log.h"
 #include "qemu.h"
+#include "user/cpu-target.h"
 #include "signal-common.h"
 #include "trace.h"
 #include "hw/core/tcg-cpu-ops.h"
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 537f465f54..e8f14b6844 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -649,47 +649,6 @@ static inline tb_page_addr_t 
get_page_addr_code_hostp(CPUArchState *env,
  */
 MMUAccessType adjust_signal_pc(uintptr_t *pc, bool is_write);
 
-/**
- * handle_sigsegv_accerr_write:
- * @cpu: the cpu context
- * @old_set: the sigset_t from the signal ucontext_t
- * @host_pc: the host pc, adjusted for the signal
- * @host_addr: the host address of the fault
- *
- * Return true if the write fault has been handled, and should be re-tried.
- */
-bool handle_sigsegv_accerr_write(CPUState *cpu, sigset_t *old_set,
- uintptr_t host_pc, abi_ptr guest_addr);
-
-/**
- * cpu_loop_exit_sigsegv:
- * @cpu: the cpu context
- * @addr: the guest address of the fault
- * @access_type: access was read/write/execute
- * @maperr: true for invalid page, false for permission fault
- * @ra: host pc for unwinding
- *
- * Use the TCGCPUOps hook to record cpu state, do guest operating system
- * specific things to raise SIGSEGV, and jump to the main cpu loop.
- */
-void QEMU_NORETURN cpu_loop_exit_sigsegv(CPUState *cpu, target_ulong addr,
- MMUAccessType access_type,
- bool maperr, uintptr_t ra);
-
-/**
- * cpu_loop_exit_sigbus:
- * @cpu: the cpu context
- * @addr: the guest address of the alignment fault
- * @access_type: access was read/write/execute
- * @ra: host pc for unwinding
- *
- * Use the TCGCPUOps hook to record cpu state, do guest operating system
- * specific things to raise SIGBUS, and jump to the main cpu loop.
- */
-void QEMU_NORETURN cpu_loop_exit_sigbus(CPUState *cpu, target_ulong addr,
-MMUAccessType access_type,
-uintptr_t ra);
-
 #else
 static inline void mmap_lock(void) {}
 static inline void mmap_unlock(void) {}
diff --git a/include/user/cpu-target.h 

[PATCH 9/9] user: Share preexit_cleanup() with linux and bsd implementations

2022-02-09 Thread Philippe Mathieu-Daudé via
preexit_cleanup() is not Linux specific, move it to common-user/.

Signed-off-by: Philippe Mathieu-Daudé 
---
 {linux-user => common-user}/exit.c | 0
 common-user/meson.build| 1 +
 linux-user/meson.build | 1 -
 3 files changed, 1 insertion(+), 1 deletion(-)
 rename {linux-user => common-user}/exit.c (100%)

diff --git a/linux-user/exit.c b/common-user/exit.c
similarity index 100%
rename from linux-user/exit.c
rename to common-user/exit.c
diff --git a/common-user/meson.build b/common-user/meson.build
index 26212dda5c..7204f8bd61 100644
--- a/common-user/meson.build
+++ b/common-user/meson.build
@@ -1,6 +1,7 @@
 common_user_inc += include_directories('host/' / host_arch)
 
 user_ss.add(files(
+  'exit.c',
   'safe-syscall.S',
   'safe-syscall-error.c',
 ))
diff --git a/linux-user/meson.build b/linux-user/meson.build
index de4320af05..25756a2518 100644
--- a/linux-user/meson.build
+++ b/linux-user/meson.build
@@ -9,7 +9,6 @@ common_user_inc += include_directories('include')
 
 linux_user_ss.add(files(
   'elfload.c',
-  'exit.c',
   'fd-trans.c',
   'linuxload.c',
   'main.c',
-- 
2.34.1




[PATCH 2/9] coverity-scan: Cover common-user/

2022-02-09 Thread Philippe Mathieu-Daudé via
common-user/ has been added in commit bbf15aaf7c
("common-user: Move safe-syscall.* from linux-user").

Signed-off-by: Philippe Mathieu-Daudé 
---
 scripts/coverity-scan/COMPONENTS.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/coverity-scan/COMPONENTS.md 
b/scripts/coverity-scan/COMPONENTS.md
index 183f26a32c..cea6695ecd 100644
--- a/scripts/coverity-scan/COMPONENTS.md
+++ b/scripts/coverity-scan/COMPONENTS.md
@@ -127,7 +127,7 @@ usb
   ~ (/qemu)?(/hw/usb/.*|/include/hw/usb/.*)
 
 user
-  ~ 
(/qemu)?(/linux-user/.*|/bsd-user/.*|/user-exec\.c|/thunk\.c|/include/exec/user/.*)
+  ~ 
(/qemu)?(/common-user/.*|/linux-user/.*|/bsd-user/.*|/user-exec\.c|/thunk\.c|/include/exec/user/.*)
 
 util
   ~ (/qemu)?(/util/.*|/include/qemu/.*)
-- 
2.34.1




[PATCH 4/9] linux-user/exit: Add missing 'qemu/plugin.h' header

2022-02-09 Thread Philippe Mathieu-Daudé via
qemu_plugin_user_exit() is declared in "qemu/plugin.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
 linux-user/exit.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/linux-user/exit.c b/linux-user/exit.c
index fa6ef0b9b4..10989f17f8 100644
--- a/linux-user/exit.c
+++ b/linux-user/exit.c
@@ -17,6 +17,7 @@
  *  along with this program; if not, see .
  */
 #include "qemu/osdep.h"
+#include "qemu/plugin.h"
 #include "exec/gdbstub.h"
 #include "qemu.h"
 #include "user-internals.h"
-- 
2.34.1




[PATCH 3/9] include: Move exec/user/ to user/

2022-02-09 Thread Philippe Mathieu-Daudé via
Avoid spreading the headers in multiple directories,
unify exec/user/ and user/.

Signed-off-by: Philippe Mathieu-Daudé 
---
 bsd-user/qemu.h | 4 ++--
 include/exec/cpu-all.h  | 2 +-
 include/{exec => }/user/abitypes.h  | 0
 include/user/safe-syscall.h | 6 +++---
 include/{exec => }/user/thunk.h | 2 +-
 linux-user/qemu.h   | 2 +-
 linux-user/thunk.c  | 2 +-
 linux-user/user-internals.h | 2 +-
 scripts/coverity-scan/COMPONENTS.md | 2 +-
 9 files changed, 11 insertions(+), 11 deletions(-)
 rename include/{exec => }/user/abitypes.h (100%)
 rename include/{exec => }/user/thunk.h (99%)

diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index 02921ac8b3..2f67776b0b 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -25,7 +25,7 @@
 
 #undef DEBUG_REMAP
 
-#include "exec/user/abitypes.h"
+#include "user/abitypes.h"
 
 extern char **environ;
 
@@ -36,7 +36,7 @@ enum BSDType {
 };
 extern enum BSDType bsd_type;
 
-#include "exec/user/thunk.h"
+#include "user/thunk.h"
 #include "target_arch.h"
 #include "syscall_defs.h"
 #include "target_syscall.h"
diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index c0f0fab28a..08b2894274 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -145,7 +145,7 @@ static inline void tswap64s(uint64_t *s)
 /* MMU memory access macros */
 
 #if defined(CONFIG_USER_ONLY)
-#include "exec/user/abitypes.h"
+#include "user/abitypes.h"
 
 /* On some host systems the guest address space is reserved on the host.
  * This allows the guest address space to be offset to a convenient location.
diff --git a/include/exec/user/abitypes.h b/include/user/abitypes.h
similarity index 100%
rename from include/exec/user/abitypes.h
rename to include/user/abitypes.h
diff --git a/include/user/safe-syscall.h b/include/user/safe-syscall.h
index 61a04e2b5a..b2cb76e05b 100644
--- a/include/user/safe-syscall.h
+++ b/include/user/safe-syscall.h
@@ -1,5 +1,5 @@
 /*
- * safe-syscall.h: prototypes for linux-user signal-race-safe syscalls
+ * safe-syscall.h: prototypes for user signal-race-safe syscalls
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -15,8 +15,8 @@
  *  along with this program; if not, see .
  */
 
-#ifndef LINUX_USER_SAFE_SYSCALL_H
-#define LINUX_USER_SAFE_SYSCALL_H
+#ifndef USER_SAFE_SYSCALL_H
+#define USER_SAFE_SYSCALL_H
 
 /**
  * safe_syscall:
diff --git a/include/exec/user/thunk.h b/include/user/thunk.h
similarity index 99%
rename from include/exec/user/thunk.h
rename to include/user/thunk.h
index 300a840d58..b5796f4304 100644
--- a/include/exec/user/thunk.h
+++ b/include/user/thunk.h
@@ -21,7 +21,7 @@
 #define THUNK_H
 
 #include "cpu.h"
-#include "exec/user/abitypes.h"
+#include "user/abitypes.h"
 
 /* types enums definitions */
 
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 7910ce59cc..b6775f112b 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -6,7 +6,7 @@
 
 #undef DEBUG_REMAP
 
-#include "exec/user/abitypes.h"
+#include "user/abitypes.h"
 
 #include "syscall_defs.h"
 #include "target_syscall.h"
diff --git a/linux-user/thunk.c b/linux-user/thunk.c
index dac4bf11c6..cd85bbc825 100644
--- a/linux-user/thunk.c
+++ b/linux-user/thunk.c
@@ -20,7 +20,7 @@
 #include "qemu/log.h"
 
 #include "qemu.h"
-#include "exec/user/thunk.h"
+#include "user/thunk.h"
 
 //#define DEBUG
 
diff --git a/linux-user/user-internals.h b/linux-user/user-internals.h
index a8fdd6933b..4d0f682aea 100644
--- a/linux-user/user-internals.h
+++ b/linux-user/user-internals.h
@@ -18,7 +18,7 @@
 #ifndef LINUX_USER_USER_INTERNALS_H
 #define LINUX_USER_USER_INTERNALS_H
 
-#include "exec/user/thunk.h"
+#include "user/thunk.h"
 #include "exec/exec-all.h"
 #include "qemu/log.h"
 
diff --git a/scripts/coverity-scan/COMPONENTS.md 
b/scripts/coverity-scan/COMPONENTS.md
index cea6695ecd..0571362a45 100644
--- a/scripts/coverity-scan/COMPONENTS.md
+++ b/scripts/coverity-scan/COMPONENTS.md
@@ -127,7 +127,7 @@ usb
   ~ (/qemu)?(/hw/usb/.*|/include/hw/usb/.*)
 
 user
-  ~ 
(/qemu)?(/common-user/.*|/linux-user/.*|/bsd-user/.*|/user-exec\.c|/thunk\.c|/include/exec/user/.*)
+  ~ 
(/qemu)?(/common-user/.*|/linux-user/.*|/bsd-user/.*|/user-exec\.c|/thunk\.c|/include/user/.*)
 
 util
   ~ (/qemu)?(/util/.*|/include/qemu/.*)
-- 
2.34.1




[PATCH 1/9] accel/tcg: Add missing 'tcg/tcg.h' header

2022-02-09 Thread Philippe Mathieu-Daudé via
Signed-off-by: Philippe Mathieu-Daudé 
---
 accel/tcg/tcg-accel-ops-icount.c | 1 +
 accel/tcg/tcg-accel-ops-mttcg.c  | 1 +
 accel/tcg/tcg-accel-ops-rr.c | 1 +
 accel/tcg/tcg-accel-ops.c| 1 +
 4 files changed, 4 insertions(+)

diff --git a/accel/tcg/tcg-accel-ops-icount.c b/accel/tcg/tcg-accel-ops-icount.c
index bdaf2c943b..379a9d44f4 100644
--- a/accel/tcg/tcg-accel-ops-icount.c
+++ b/accel/tcg/tcg-accel-ops-icount.c
@@ -31,6 +31,7 @@
 #include "qemu/main-loop.h"
 #include "qemu/guest-random.h"
 #include "exec/exec-all.h"
+#include "tcg/tcg.h"
 
 #include "tcg-accel-ops.h"
 #include "tcg-accel-ops-icount.h"
diff --git a/accel/tcg/tcg-accel-ops-mttcg.c b/accel/tcg/tcg-accel-ops-mttcg.c
index dc421c8fd7..de7dcb02e6 100644
--- a/accel/tcg/tcg-accel-ops-mttcg.c
+++ b/accel/tcg/tcg-accel-ops-mttcg.c
@@ -33,6 +33,7 @@
 #include "qemu/guest-random.h"
 #include "exec/exec-all.h"
 #include "hw/boards.h"
+#include "tcg/tcg.h"
 
 #include "tcg-accel-ops.h"
 #include "tcg-accel-ops-mttcg.h"
diff --git a/accel/tcg/tcg-accel-ops-rr.c b/accel/tcg/tcg-accel-ops-rr.c
index a805fb6bdd..889d0882a2 100644
--- a/accel/tcg/tcg-accel-ops-rr.c
+++ b/accel/tcg/tcg-accel-ops-rr.c
@@ -32,6 +32,7 @@
 #include "qemu/notify.h"
 #include "qemu/guest-random.h"
 #include "exec/exec-all.h"
+#include "tcg/tcg.h"
 
 #include "tcg-accel-ops.h"
 #include "tcg-accel-ops-rr.h"
diff --git a/accel/tcg/tcg-accel-ops.c b/accel/tcg/tcg-accel-ops.c
index ea7dcad674..58e4b09043 100644
--- a/accel/tcg/tcg-accel-ops.c
+++ b/accel/tcg/tcg-accel-ops.c
@@ -33,6 +33,7 @@
 #include "qemu/main-loop.h"
 #include "qemu/guest-random.h"
 #include "exec/exec-all.h"
+#include "tcg/tcg.h"
 
 #include "tcg-accel-ops.h"
 #include "tcg-accel-ops-mttcg.h"
-- 
2.34.1




[PATCH 0/9] exec: Split some user-mode specific declarations from 'exec/exec-all.h'

2022-02-09 Thread Philippe Mathieu-Daudé via
- Add missing headers
- Merge exec/user/ to user/
- Extract MMUAccessType from QOM "hw/core/cpu.h" to "exec/cpu-tlb.h"
- Extract user-specific declarations to "user/cpu-{common,target}.h"
- Share preexit_cleanup() from Linux with BSD

More to come, but flushing for early feedback.

Based-on: <20220209215446.58402-1-f4...@amsat.org>

Philippe Mathieu-Daudé (9):
  accel/tcg: Add missing 'tcg/tcg.h' header
  coverity-scan: Cover common-user/
  include: Move exec/user/ to user/
  linux-user/exit: Add missing 'qemu/plugin.h' header
  linux-user/cpu_loop: Add missing 'exec/cpu-all.h' header
  exec: Define MMUAccessType in 'exec/cpu-tlb.h' header
  user: Declare target-specific prototypes in 'user/cpu-target.h'
  user: Declare target-agnostic prototypes in 'user/cpu-common.h'
  user: Share preexit_cleanup() with linux and bsd implementations

 accel/tcg/tcg-accel-ops-icount.c|  1 +
 accel/tcg/tcg-accel-ops-mttcg.c |  1 +
 accel/tcg/tcg-accel-ops-rr.c|  1 +
 accel/tcg/tcg-accel-ops.c   |  1 +
 accel/tcg/user-exec.c   |  1 +
 bsd-user/elfload.c  |  1 +
 bsd-user/main.c |  1 +
 bsd-user/qemu.h |  6 ++--
 bsd-user/signal.c   |  1 +
 {linux-user => common-user}/exit.c  |  4 +--
 common-user/meson.build |  1 +
 include/exec/cpu-all.h  |  5 ++-
 include/exec/cpu-defs.h |  1 +
 include/exec/cpu-tlb.h  | 16 +
 include/exec/cpu_ldst.h |  1 +
 include/exec/exec-all.h | 54 ++--
 include/hw/core/cpu.h   |  6 
 include/hw/core/tcg-cpu-ops.h   |  1 +
 include/{exec => }/user/abitypes.h  |  0
 include/user/cpu-common.h   | 36 +++
 include/user/cpu-target.h   | 56 +
 include/user/safe-syscall.h |  6 ++--
 include/{exec => }/user/thunk.h |  2 +-
 linux-user/aarch64/cpu_loop.c   |  1 +
 linux-user/alpha/cpu_loop.c |  1 +
 linux-user/arm/cpu_loop.c   |  1 +
 linux-user/arm/signal.c |  1 +
 linux-user/cpu_loop-common.h|  1 +
 linux-user/cris/cpu_loop.c  |  1 +
 linux-user/elfload.c|  1 +
 linux-user/hexagon/cpu_loop.c   |  1 +
 linux-user/hppa/cpu_loop.c  |  1 +
 linux-user/hppa/signal.c|  1 +
 linux-user/i386/cpu_loop.c  |  1 +
 linux-user/linuxload.c  |  1 +
 linux-user/m68k/cpu_loop.c  |  1 +
 linux-user/main.c   |  1 +
 linux-user/meson.build  |  1 -
 linux-user/microblaze/cpu_loop.c|  1 +
 linux-user/mips/cpu_loop.c  |  1 +
 linux-user/mmap.c   |  1 +
 linux-user/nios2/cpu_loop.c |  1 +
 linux-user/openrisc/cpu_loop.c  |  1 +
 linux-user/ppc/cpu_loop.c   |  1 +
 linux-user/ppc/signal.c |  1 +
 linux-user/qemu.h   |  2 +-
 linux-user/riscv/cpu_loop.c |  1 +
 linux-user/s390x/cpu_loop.c |  1 +
 linux-user/sh4/cpu_loop.c   |  1 +
 linux-user/signal.c |  1 +
 linux-user/sparc/cpu_loop.c |  1 +
 linux-user/syscall.c|  1 +
 linux-user/thunk.c  |  2 +-
 linux-user/uaccess.c|  1 +
 linux-user/user-internals.h | 12 +--
 linux-user/xtensa/cpu_loop.c|  1 +
 scripts/coverity-scan/COMPONENTS.md |  2 +-
 target/arm/internals.h  |  1 +
 target/mips/internal.h  |  1 +
 target/ppc/internal.h   |  2 ++
 target/ppc/mmu-hash32.h |  2 ++
 target/ppc/mmu-hash64.h |  2 ++
 target/ppc/mmu-radix64.h|  2 ++
 target/s390x/s390x-internal.h   |  2 ++
 64 files changed, 178 insertions(+), 85 deletions(-)
 rename {linux-user => common-user}/exit.c (95%)
 create mode 100644 include/exec/cpu-tlb.h
 rename include/{exec => }/user/abitypes.h (100%)
 create mode 100644 include/user/cpu-common.h
 create mode 100644 include/user/cpu-target.h
 rename include/{exec => }/user/thunk.h (99%)

-- 
2.34.1




Re: [RFC PATCH 12/15] hw/m68k: Restrict M68kCPU type to target/ code

2022-02-09 Thread Richard Henderson

On 2/10/22 08:54, Philippe Mathieu-Daudé wrote:

Signed-off-by: Philippe Mathieu-Daudé 
---
  include/hw/m68k/mcf.h | 3 +--
  target/m68k/cpu-qom.h | 2 --
  target/m68k/cpu.h | 4 ++--
  3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/include/hw/m68k/mcf.h b/include/hw/m68k/mcf.h
index 8cbd587bbf..e84fcfb4ca 100644
--- a/include/hw/m68k/mcf.h
+++ b/include/hw/m68k/mcf.h
@@ -3,7 +3,6 @@
  /* Motorola ColdFire device prototypes.  */
  
  #include "exec/hwaddr.h"

-#include "target/m68k/cpu-qom.h"
  
  /* mcf_uart.c */

  uint64_t mcf_uart_read(void *opaque, hwaddr addr,
@@ -16,7 +15,7 @@ void mcf_uart_mm_init(hwaddr base, qemu_irq irq, Chardev 
*chr);
  /* mcf_intc.c */
  qemu_irq *mcf_intc_init(struct MemoryRegion *sysmem,
  hwaddr base,
-M68kCPU *cpu);
+ArchCPU *cpu);
  
  /* mcf5206.c */

  #define TYPE_MCF5206_MBAR "mcf5206-mbar"


This part is ok.


diff --git a/target/m68k/cpu-qom.h b/target/m68k/cpu-qom.h
index c2c0736b3b..ec75adad69 100644
--- a/target/m68k/cpu-qom.h
+++ b/target/m68k/cpu-qom.h
@@ -25,8 +25,6 @@
  
  #define TYPE_M68K_CPU "m68k-cpu"
  
-typedef struct ArchCPU M68kCPU;

-
  OBJECT_DECLARE_TYPE(ArchCPU, M68kCPUClass,
  M68K_CPU)
  
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h

index 872e8ce637..90be69e714 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -156,14 +156,14 @@ typedef struct CPUArchState {
   *
   * A Motorola 68k CPU.
   */
-struct ArchCPU {
+typedef struct ArchCPU {
  /*< private >*/
  CPUState parent_obj;
  /*< public >*/
  
  CPUNegativeOffsetState neg;

  CPUM68KState env;
-};
+} M68kCPU;


I don't like these.  Rationale?


r~




Re: [PATCH 11/15] target: Use ArchCPU as interface to target CPU

2022-02-09 Thread Richard Henderson

On 2/10/22 09:33, Philippe Mathieu-Daudé wrote:

-struct ArchCPU {
+typedef struct ArchCPU {
  /*< private >*/
  CPUState parent_obj;
  /*< public >*/
@@ -188,7 +188,7 @@ struct ArchCPU {
  uint32_t reset_addr;
  uint32_t exception_addr;
  uint32_t fast_tlb_miss_addr;
-};
+} Nios2CPU;


I think keeping the typedef separate, as you have done for the other targets, is easier to 
read.



r~



Re: [PATCH 11/15] target: Use ArchCPU as interface to target CPU

2022-02-09 Thread Richard Henderson

On 2/10/22 08:54, Philippe Mathieu-Daudé wrote:

diff --git a/target/hexagon/cpu.h b/target/hexagon/cpu.h
index 25c67e43a2..4dce40a360 100644
--- a/target/hexagon/cpu.h
+++ b/target/hexagon/cpu.h
@@ -143,7 +143,7 @@ typedef struct HexagonCPUClass {
  DeviceReset parent_reset;
  } HexagonCPUClass;
  
-typedef struct HexagonCPU {

+typedef struct ArchCPU {
  /*< private >*/
  CPUState parent_obj;
  /*< public >*/


There's still the typedef of ArchCPU below, which ought to be redundant now.
It may or may not be less confusing to separate out the typedef for HexagonCPU.
It definitely would be worthwhile to convert hexagon to OBJECT_DECLARE_TYPE (cc 
Taylor).


diff --git a/target/microblaze/cpu-qom.h b/target/microblaze/cpu-qom.h
index e520eefb12..8f11fe4d73 100644
--- a/target/microblaze/cpu-qom.h
+++ b/target/microblaze/cpu-qom.h
@@ -25,7 +25,9 @@
  
  #define TYPE_MICROBLAZE_CPU "microblaze-cpu"
  
-OBJECT_DECLARE_TYPE(MicroBlazeCPU, MicroBlazeCPUClass,

+typedef struct ArchCPU MicroBlazeCPU;
+
+OBJECT_DECLARE_TYPE(ArchCPU, MicroBlazeCPUClass,
  MICROBLAZE_CPU)
  
  /**

diff --git a/target/microblaze/cpu.h b/target/microblaze/cpu.h
index acfd35d3f7..d511b6b877 100644
--- a/target/microblaze/cpu.h
+++ b/target/microblaze/cpu.h
@@ -25,6 +25,8 @@
  #include "fpu/softfloat-types.h"
  
  typedef struct CPUArchState CPUMBState;

+typedef struct ArchCPU MicroBlazeCPU;


Duplicate typedef.


diff --git a/target/nios2/cpu.h b/target/nios2/cpu.h
index 629b9e2301..05def159b1 100644
--- a/target/nios2/cpu.h
+++ b/target/nios2/cpu.h
@@ -32,7 +32,7 @@ typedef struct CPUArchState CPUNios2State;
  
  #define TYPE_NIOS2_CPU "nios2-cpu"
  
-OBJECT_DECLARE_TYPE(Nios2CPU, Nios2CPUClass,

+OBJECT_DECLARE_TYPE(ArchCPU, Nios2CPUClass,
  NIOS2_CPU)
  
  /**

@@ -171,7 +171,7 @@ struct CPUArchState {
   *
   * A Nios2 CPU.
   */
-struct Nios2CPU {
+struct ArchCPU {
  /*< private >*/
  CPUState parent_obj;
  /*< public >*/


Missing Nios2CPU typedef.
Still have the 'typedef Nios2CPU ArchCPU' below.


diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 79144ddc24..5981be47d9 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -285,7 +285,7 @@ struct CPUArchState {
  uint64_t kvm_timer_frequency;
  };
  
-OBJECT_DECLARE_TYPE(RISCVCPU, RISCVCPUClass,

+OBJECT_DECLARE_TYPE(ArchCPU, RISCVCPUClass,
  RISCV_CPU)
  
  /**

@@ -309,7 +309,7 @@ struct RISCVCPUClass {
   *
   * A RISCV CPU.
   */
-struct RISCVCPU {
+struct ArchCPU {
  /*< private >*/
  CPUState parent_obj;
  /*< public >*/
@@ -430,7 +430,6 @@ void riscv_cpu_set_fflags(CPURISCVState *env, target_ulong);
  #define TB_FLAGS_MSTATUS_FS MSTATUS_FS
  #define TB_FLAGS_MSTATUS_VS MSTATUS_VS
  
-typedef RISCVCPU ArchCPU;

  #include "exec/cpu-all.h"
  
  FIELD(TB_FLAGS, MEM_IDX, 0, 3)


Missing RISCVCPU typedef.


r~



Re: [PATCH 11/15] target: Use ArchCPU as interface to target CPU

2022-02-09 Thread Philippe Mathieu-Daudé via

On 9/2/22 22:54, Philippe Mathieu-Daudé wrote:

ArchCPU is our interface with target-specific code. Use it as
a forward-declared opaque pointer (abstract type), having its
structure defined by each target.

Signed-off-by: Philippe Mathieu-Daudé 
---
  include/qemu/typedefs.h |  1 +
  target/alpha/cpu-qom.h  |  4 +++-
  target/alpha/cpu.h  |  4 +---
  target/arm/cpu-qom.h|  4 +++-
  target/arm/cpu.h|  2 --
  target/avr/cpu-qom.h|  4 +++-
  target/avr/cpu.h|  6 ++
  target/cris/cpu-qom.h   |  4 +++-
  target/cris/cpu.h   |  4 +---
  target/hexagon/cpu.h|  2 +-
  target/hppa/cpu-qom.h   |  4 +++-
  target/hppa/cpu.h   |  4 +---
  target/i386/cpu-qom.h   |  4 +++-
  target/i386/cpu.h   |  4 +---
  target/m68k/cpu-qom.h   |  4 +++-
  target/m68k/cpu.h   |  4 +---
  target/microblaze/cpu-qom.h |  4 +++-
  target/microblaze/cpu.h |  6 +++---
  target/mips/cpu-qom.h   |  4 +++-
  target/mips/cpu.h   |  4 +---
  target/nios2/cpu.h  |  4 ++--
  target/openrisc/cpu.h   | 11 ---
  target/ppc/cpu-qom.h|  4 +++-
  target/ppc/cpu.h|  4 +---
  target/riscv/cpu.h  |  5 ++---
  target/rx/cpu-qom.h |  4 +++-
  target/rx/cpu.h |  4 +---
  target/s390x/cpu-qom.h  |  4 +++-
  target/s390x/cpu.h  |  4 +---
  target/sh4/cpu-qom.h|  4 +++-
  target/sh4/cpu.h|  4 +---
  target/sparc/cpu-qom.h  |  4 +++-
  target/sparc/cpu.h  |  4 +---
  target/tricore/cpu-qom.h|  4 +++-
  target/tricore/cpu.h|  4 +---
  target/xtensa/cpu-qom.h |  4 +++-
  target/xtensa/cpu.h |  4 +---
  37 files changed, 76 insertions(+), 77 deletions(-)

...


diff --git a/target/arm/cpu-qom.h b/target/arm/cpu-qom.h
index a22bd506d0..b0a0724e8c 100644
--- a/target/arm/cpu-qom.h
+++ b/target/arm/cpu-qom.h
@@ -27,7 +27,9 @@ struct arm_boot_info;
  
  #define TYPE_ARM_CPU "arm-cpu"
  
-OBJECT_DECLARE_TYPE(ARMCPU, ARMCPUClass,

+typedef struct ArchCPU ARMCPU;
+
+OBJECT_DECLARE_TYPE(ArchCPU, ARMCPUClass,
  ARM_CPU)
  
  #define TYPE_ARM_MAX_CPU "max-" TYPE_ARM_CPU

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index a95a070647..a137c564c4 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3410,8 +3410,6 @@ static inline bool arm_cpu_data_is_big_endian(CPUARMState 
*env)
  }
  }
  
-typedef ARMCPU ArchCPU;

-
  #include "exec/cpu-all.h"
  
  /*

...


diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 79144ddc24..5981be47d9 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -285,7 +285,7 @@ struct CPUArchState {
  uint64_t kvm_timer_frequency;
  };
  
-OBJECT_DECLARE_TYPE(RISCVCPU, RISCVCPUClass,

+OBJECT_DECLARE_TYPE(ArchCPU, RISCVCPUClass,
  RISCV_CPU)
  
  /**

@@ -309,7 +309,7 @@ struct RISCVCPUClass {
   *
   * A RISCV CPU.
   */
-struct RISCVCPU {
+struct ArchCPU {
  /*< private >*/
  CPUState parent_obj;
  /*< public >*/
@@ -430,7 +430,6 @@ void riscv_cpu_set_fflags(CPURISCVState *env, target_ulong);
  #define TB_FLAGS_MSTATUS_FS MSTATUS_FS
  #define TB_FLAGS_MSTATUS_VS MSTATUS_VS
  
-typedef RISCVCPU ArchCPU;

  #include "exec/cpu-all.h"
  
  FIELD(TB_FLAGS, MEM_IDX, 0, 3)


Sorry I messed while rebasing, this hunk is missing:

-- >8 --
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index a137c564c4..a4bbca1812 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -774,7 +774,7 @@ typedef struct ARMISARegisters ARMISARegisters;
  *
  * An ARM CPU core.
  */
-struct ARMCPU {
+struct ArchCPU {
 /*< private >*/
 CPUState parent_obj;
 /*< public >*/
diff --git a/target/nios2/cpu.h b/target/nios2/cpu.h
index 05def159b1..6a243cfc06 100644
--- a/target/nios2/cpu.h
+++ b/target/nios2/cpu.h
@@ -171,7 +171,7 @@ struct CPUArchState {
  *
  * A Nios2 CPU.
  */
-struct ArchCPU {
+typedef struct ArchCPU {
 /*< private >*/
 CPUState parent_obj;
 /*< public >*/
@@ -188,7 +188,7 @@ struct ArchCPU {
 uint32_t reset_addr;
 uint32_t exception_addr;
 uint32_t fast_tlb_miss_addr;
-};
+} Nios2CPU;


 void nios2_tcg_init(void);
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 5981be47d9..d8fefcbc4e 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -309,7 +309,7 @@ struct RISCVCPUClass {
  *
  * A RISCV CPU.
  */
-struct ArchCPU {
+typedef struct ArchCPU {
 /*< private >*/
 CPUState parent_obj;
 /*< public >*/
@@ -357,7 +357,7 @@ struct ArchCPU {
 bool epmp;
 uint64_t resetvec;
 } cfg;
-};
+} RISCVCPU;

 static inline int riscv_has_ext(CPURISCVState *env, target_ulong ext)
 {
---



[PATCH 10/15] target: Use CPUArchState as interface to target-specific CPU state

2022-02-09 Thread Philippe Mathieu-Daudé via
While CPUState is our interface with generic code, CPUArchState is
our interface with target-specific code. Use CPUArchState as an
abstract type, defined by each target.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/exec/poison.h   | 2 --
 include/hw/core/cpu.h   | 2 +-
 include/qemu/typedefs.h | 1 +
 target/alpha/cpu.h  | 7 ++-
 target/arm/cpu.h| 3 +--
 target/avr/cpu.h| 7 ++-
 target/cris/cpu.h   | 3 +--
 target/hexagon/cpu.h| 8 ++--
 target/hppa/cpu.h   | 8 ++--
 target/i386/cpu.h   | 3 +--
 target/m68k/cpu.h   | 3 +--
 target/microblaze/cpu.h | 5 ++---
 target/mips/cpu.h   | 6 ++
 target/nios2/cpu.h  | 4 ++--
 target/openrisc/cpu.h   | 3 +--
 target/ppc/cpu-qom.h| 2 +-
 target/ppc/cpu.h| 3 +--
 target/riscv/cpu.h  | 5 ++---
 target/rx/cpu-qom.h | 2 --
 target/rx/cpu.h | 2 +-
 target/s390x/cpu-qom.h  | 4 ++--
 target/s390x/cpu.h  | 3 +--
 target/sh4/cpu.h| 3 +--
 target/sparc/cpu.h  | 5 ++---
 target/tricore/cpu.h| 6 ++
 target/xtensa/cpu.h | 7 +++
 26 files changed, 37 insertions(+), 70 deletions(-)

diff --git a/include/exec/poison.h b/include/exec/poison.h
index 7ad4ad18e8..7c5c02f03f 100644
--- a/include/exec/poison.h
+++ b/include/exec/poison.h
@@ -51,8 +51,6 @@
 #pragma GCC poison TARGET_PAGE_BITS
 #pragma GCC poison TARGET_PAGE_ALIGN
 
-#pragma GCC poison CPUArchState
-
 #pragma GCC poison CPU_INTERRUPT_HARD
 #pragma GCC poison CPU_INTERRUPT_EXITTB
 #pragma GCC poison CPU_INTERRUPT_HALT
diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 3f2b681281..c9d41e4ece 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -340,7 +340,7 @@ struct CPUState {
 AddressSpace *as;
 MemoryRegion *memory;
 
-void *env_ptr; /* CPUArchState */
+CPUArchState *env_ptr;
 IcountDecr *icount_decr_ptr;
 
 /* Accessed in parallel; all accesses must be atomic */
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index ee60eb3de4..c6f692b0dd 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -39,6 +39,7 @@ typedef struct CompatProperty CompatProperty;
 typedef struct CoMutex CoMutex;
 typedef struct ConfidentialGuestSupport ConfidentialGuestSupport;
 typedef struct CPUAddressSpace CPUAddressSpace;
+typedef struct CPUArchState CPUArchState;
 typedef struct CPUState CPUState;
 typedef struct DeviceListener DeviceListener;
 typedef struct DeviceState DeviceState;
diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index e819211503..cfd17fd265 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -197,9 +197,7 @@ enum {
 #define MMU_USER_IDX 1
 #define MMU_PHYS_IDX 2
 
-typedef struct CPUAlphaState CPUAlphaState;
-
-struct CPUAlphaState {
+typedef struct CPUArchState {
 uint64_t ir[31];
 float64 fir[31];
 uint64_t pc;
@@ -251,7 +249,7 @@ struct CPUAlphaState {
 uint32_t features;
 uint32_t amask;
 int implver;
-};
+} CPUAlphaState;
 
 /**
  * AlphaCPU:
@@ -285,7 +283,6 @@ int alpha_cpu_gdb_write_register(CPUState *cpu, uint8_t 
*buf, int reg);
 
 #define cpu_list alpha_cpu_list
 
-typedef CPUAlphaState CPUArchState;
 typedef AlphaCPU ArchCPU;
 
 #include "exec/cpu-all.h"
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c6a4d50e82..a95a070647 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -232,7 +232,7 @@ typedef struct CPUARMTBFlags {
 target_ulong flags2;
 } CPUARMTBFlags;
 
-typedef struct CPUARMState {
+typedef struct CPUArchState {
 /* Regs for current mode.  */
 uint32_t regs[16];
 
@@ -3410,7 +3410,6 @@ static inline bool arm_cpu_data_is_big_endian(CPUARMState 
*env)
 }
 }
 
-typedef CPUARMState CPUArchState;
 typedef ARMCPU ArchCPU;
 
 #include "exec/cpu-all.h"
diff --git a/target/avr/cpu.h b/target/avr/cpu.h
index dceacf3cd7..e4a990556b 100644
--- a/target/avr/cpu.h
+++ b/target/avr/cpu.h
@@ -108,9 +108,7 @@ typedef enum AVRFeature {
 AVR_FEATURE_RAMPZ,
 } AVRFeature;
 
-typedef struct CPUAVRState CPUAVRState;
-
-struct CPUAVRState {
+typedef struct CPUArchState {
 uint32_t pc_w; /* 0x003f up to 22 bits */
 
 uint32_t sregC; /* 0x0001 1 bit */
@@ -137,7 +135,7 @@ struct CPUAVRState {
 bool fullacc; /* CPU/MEM if true MEM only otherwise */
 
 uint64_t features;
-};
+} CPUAVRState;
 
 /**
  *  AVRCPU:
@@ -247,7 +245,6 @@ bool avr_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
   MMUAccessType access_type, int mmu_idx,
   bool probe, uintptr_t retaddr);
 
-typedef CPUAVRState CPUArchState;
 typedef AVRCPU ArchCPU;
 
 #include "exec/cpu-all.h"
diff --git a/target/cris/cpu.h b/target/cris/cpu.h
index b445b194ea..763d4f882e 100644
--- a/target/cris/cpu.h
+++ b/target/cris/cpu.h
@@ -105,7 +105,7 @@ typedef struct {
 uint32_t lo;
 } TLBSet;
 
-typedef struct CPUCRISState {
+typedef struct CPUArchState {
uint32_t regs[16];
/* 

Re: [PATCH 02/15] hw/m68k/mcf: Add missing 'exec/hwaddr.h' header

2022-02-09 Thread Richard Henderson

On 2/10/22 08:54, Philippe Mathieu-Daudé wrote:

hwaddr type is defined in "exec/hwaddr.h".

Signed-off-by: Philippe Mathieu-Daudé
---
  include/hw/m68k/mcf.h | 1 +
  1 file changed, 1 insertion(+)


Reviewed-by: Richard Henderson 

r~



Re: [PATCH 03/15] hw/tricore: Remove unused and incorrect header

2022-02-09 Thread Richard Henderson

On 2/10/22 08:54, Philippe Mathieu-Daudé wrote:

TriCore boards certainly don't need the ARM loader API :)

Signed-off-by: Philippe Mathieu-Daudé
---
  include/hw/tricore/triboard.h | 1 -
  1 file changed, 1 deletion(-)


Reviewed-by: Richard Henderson 

r~



Re: [PATCH] hw/block/fdc-isa: Respect QOM properties when building AML

2022-02-09 Thread Philippe Mathieu-Daudé via

On 9/2/22 20:15, Bernhard Beschow wrote:

Other ISA devices such as serial-isa use the properties in their
build_aml functions. fdc-isa not using them is probably an oversight.

Signed-off-by: Bernhard Beschow 
---
  hw/block/fdc-isa.c | 11 +++
  1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/hw/block/fdc-isa.c b/hw/block/fdc-isa.c
index 3bf64e0665..ab663dce93 100644
--- a/hw/block/fdc-isa.c
+++ b/hw/block/fdc-isa.c
@@ -216,6 +216,7 @@ int cmos_get_fd_drive_type(FloppyDriveType fd0)
  
  static void fdc_isa_build_aml(ISADevice *isadev, Aml *scope)

  {
+FDCtrlISABus *isa = ISA_FDC(isadev);
  Aml *dev;
  Aml *crs;
  int i;
@@ -227,11 +228,13 @@ static void fdc_isa_build_aml(ISADevice *isadev, Aml 
*scope)
  };
  
  crs = aml_resource_template();

-aml_append(crs, aml_io(AML_DECODE16, 0x03F2, 0x03F2, 0x00, 0x04));
-aml_append(crs, aml_io(AML_DECODE16, 0x03F7, 0x03F7, 0x00, 0x01));
-aml_append(crs, aml_irq_no_flags(6));
  aml_append(crs,
-aml_dma(AML_COMPATIBILITY, AML_NOTBUSMASTER, AML_TRANSFER8, 2));
+aml_io(AML_DECODE16, isa->iobase + 2, isa->iobase + 2, 0x00, 0x04));
+aml_append(crs,
+aml_io(AML_DECODE16, isa->iobase + 7, isa->iobase + 7, 0x00, 0x01));
+aml_append(crs, aml_irq_no_flags(isa->irq));
+aml_append(crs,
+aml_dma(AML_COMPATIBILITY, AML_NOTBUSMASTER, AML_TRANSFER8, isa->dma));
  
  dev = aml_device("FDC0");

  aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0700")));


Reviewed-by: Philippe Mathieu-Daudé 



[PATCH 07/15] target/i386/tcg/sysemu: Include missing 'exec/exec-all.h' header

2022-02-09 Thread Philippe Mathieu-Daudé via
excp_helper.c requires "exec/exec-all.h" for tlb_set_page_with_attrs()
and misc_helper.c for tlb_flush().

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/i386/tcg/sysemu/excp_helper.c | 1 +
 target/i386/tcg/sysemu/misc_helper.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/target/i386/tcg/sysemu/excp_helper.c 
b/target/i386/tcg/sysemu/excp_helper.c
index 5ba739fbed..5627772e7c 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -19,6 +19,7 @@
 
 #include "qemu/osdep.h"
 #include "cpu.h"
+#include "exec/exec-all.h"
 #include "tcg/helper-tcg.h"
 
 int get_pg_mode(CPUX86State *env)
diff --git a/target/i386/tcg/sysemu/misc_helper.c 
b/target/i386/tcg/sysemu/misc_helper.c
index 9ccaa054c4..3715c1e262 100644
--- a/target/i386/tcg/sysemu/misc_helper.c
+++ b/target/i386/tcg/sysemu/misc_helper.c
@@ -23,6 +23,7 @@
 #include "exec/helper-proto.h"
 #include "exec/cpu_ldst.h"
 #include "exec/address-spaces.h"
+#include "exec/exec-all.h"
 #include "tcg/helper-tcg.h"
 
 void helper_outb(CPUX86State *env, uint32_t port, uint32_t data)
-- 
2.34.1




[RFC PATCH 15/15] hw/sh4: Restrict SuperHCPU type to target/ code

2022-02-09 Thread Philippe Mathieu-Daudé via
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/sh4/sh.h  | 3 +--
 target/sh4/cpu-qom.h | 2 --
 target/sh4/cpu.h | 4 ++--
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/include/hw/sh4/sh.h b/include/hw/sh4/sh.h
index ec716cdd45..a4245399d5 100644
--- a/include/hw/sh4/sh.h
+++ b/include/hw/sh4/sh.h
@@ -28,7 +28,6 @@
 #define QEMU_HW_SH_H
 
 #include "hw/sh4/sh_intc.h"
-#include "target/sh4/cpu-qom.h"
 
 #define A7ADDR(x) ((x) & 0x1fff)
 #define P4ADDR(x) ((x) | 0xe000)
@@ -36,7 +35,7 @@
 /* sh7750.c */
 struct SH7750State;
 
-struct SH7750State *sh7750_init(SuperHCPU *cpu, MemoryRegion *sysmem);
+struct SH7750State *sh7750_init(ArchCPU *cpu, MemoryRegion *sysmem);
 
 typedef struct {
 /* The callback will be triggered if any of the designated lines change */
diff --git a/target/sh4/cpu-qom.h b/target/sh4/cpu-qom.h
index 64be55a924..d186ad40fa 100644
--- a/target/sh4/cpu-qom.h
+++ b/target/sh4/cpu-qom.h
@@ -29,8 +29,6 @@
 #define TYPE_SH7751R_CPU SUPERH_CPU_TYPE_NAME("sh7751r")
 #define TYPE_SH7785_CPU  SUPERH_CPU_TYPE_NAME("sh7785")
 
-typedef struct ArchCPU SuperHCPU;
-
 OBJECT_DECLARE_TYPE(ArchCPU, SuperHCPUClass,
 SUPERH_CPU)
 
diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h
index c72a30edfd..8e49163fb3 100644
--- a/target/sh4/cpu.h
+++ b/target/sh4/cpu.h
@@ -195,14 +195,14 @@ typedef struct CPUArchState {
  *
  * A SuperH CPU.
  */
-struct ArchCPU {
+typedef struct ArchCPU {
 /*< private >*/
 CPUState parent_obj;
 /*< public >*/
 
 CPUNegativeOffsetState neg;
 CPUSH4State env;
-};
+} SuperHCPU;
 
 
 void superh_cpu_dump_state(CPUState *cpu, FILE *f, int flags);
-- 
2.34.1




[RFC PATCH 13/15] hw/mips: Restrict MIPSCPU type to target/ code

2022-02-09 Thread Philippe Mathieu-Daudé via
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/mips/cpudevs.h | 6 ++
 target/mips/cpu-qom.h | 2 --
 target/mips/cpu.h | 4 ++--
 3 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/include/hw/mips/cpudevs.h b/include/hw/mips/cpudevs.h
index f7c9728fa9..6065932b0e 100644
--- a/include/hw/mips/cpudevs.h
+++ b/include/hw/mips/cpudevs.h
@@ -1,14 +1,12 @@
 #ifndef HW_MIPS_CPUDEVS_H
 #define HW_MIPS_CPUDEVS_H
 
-#include "target/mips/cpu-qom.h"
-
 /* Definitions for MIPS CPU internal devices.  */
 
 /* mips_int.c */
-void cpu_mips_irq_init_cpu(MIPSCPU *cpu);
+void cpu_mips_irq_init_cpu(ArchCPU *cpu);
 
 /* mips_timer.c */
-void cpu_mips_clock_init(MIPSCPU *cpu);
+void cpu_mips_clock_init(ArchCPU *cpu);
 
 #endif
diff --git a/target/mips/cpu-qom.h b/target/mips/cpu-qom.h
index 41f3d01a80..666084b09e 100644
--- a/target/mips/cpu-qom.h
+++ b/target/mips/cpu-qom.h
@@ -29,8 +29,6 @@
 #define TYPE_MIPS_CPU "mips-cpu"
 #endif
 
-typedef struct ArchCPU MIPSCPU;
-
 OBJECT_DECLARE_TYPE(ArchCPU, MIPSCPUClass,
 MIPS_CPU)
 
diff --git a/target/mips/cpu.h b/target/mips/cpu.h
index 09e98f64de..4aa95d0ce1 100644
--- a/target/mips/cpu.h
+++ b/target/mips/cpu.h
@@ -1171,7 +1171,7 @@ typedef struct CPUArchState {
  *
  * A MIPS CPU.
  */
-struct ArchCPU {
+typedef struct ArchCPU {
 /*< private >*/
 CPUState parent_obj;
 /*< public >*/
@@ -1187,7 +1187,7 @@ struct ArchCPU {
  * pipeline clock of the processor, not the issue width of the processor.
  */
 unsigned cp0_count_rate;
-};
+} MIPSCPU;
 
 
 void mips_cpu_list(void);
-- 
2.34.1




[PATCH 06/15] target/i386/cpu: Ensure accelerators set CPU addressble physical bits

2022-02-09 Thread Philippe Mathieu-Daudé via
The only accelerator allowed to use zero as default value is TCG.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/i386/cpu.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index aa9e636800..16523a78d9 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6384,6 +6384,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error 
**errp)
  * In this case, the default is the value used by TCG (40).
  */
 if (cpu->phys_bits == 0) {
+assert(tcg_enabled());
 cpu->phys_bits = TCG_PHYS_ADDR_BITS;
 }
 } else {
-- 
2.34.1




Re: [RFC PATCH] linux-user: trap internal SIGABRT's

2022-02-09 Thread Richard Henderson

On 2/9/22 22:22, Alex Bennée wrote:

linux-user wants to trap all signals in case they are related to the
guest. This however results in less than helpful core dumps when the
error is internal to QEMU. We can detect when an assert failure is in
progress by examining __glib_assert_msg and fall through to
cpu_abort() which will pretty print something before restoring the
default SIGABRT behaviour and dumping core.

Signed-off-by: Alex Bennée 
---
  linux-user/signal.c | 6 ++
  1 file changed, 6 insertions(+)

diff --git a/linux-user/signal.c b/linux-user/signal.c
index 32854bb375..8ecc1215f7 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -809,6 +809,8 @@ static inline void rewind_if_in_safe_syscall(void *puc)
  }
  }
  
+GLIB_VAR char *__glib_assert_msg;

+
  static void host_signal_handler(int host_sig, siginfo_t *info, void *puc)
  {
  CPUArchState *env = thread_cpu->env_ptr;
@@ -821,6 +823,10 @@ static void host_signal_handler(int host_sig, siginfo_t 
*info, void *puc)
  uintptr_t pc = 0;
  bool sync_sig = false;
  
+if (__glib_assert_msg) {

+cpu_abort(cpu, "internal QEMU error, aborting...");
+}


I think we should not be trapping SIGABRT.  I think we can preserve all guest behaviour 
wrt SIGABRT by stealing another SIGRTMIN value, and remapping the guest signal number.  We 
can produce the correct result for the system by mapping it back to host SIGABRT in 
core_dump_and_abort().



r~



[PATCH 08/15] target: Include missing 'cpu.h'

2022-02-09 Thread Philippe Mathieu-Daudé via
These target-specific files use the target-specific CPU state
but lack to include "cpu.h"; i.e.:

../target/riscv/pmp.h:61:23: error: unknown type name 'CPURISCVState'
void pmpcfg_csr_write(CPURISCVState *env, uint32_t reg_index,
  ^
../target/nios2/mmu.h:43:18: error: unknown type name 'CPUNios2State'
void mmu_flip_um(CPUNios2State *env, unsigned int um);
 ^
../target/microblaze/mmu.h:88:19: error: unknown type name 'CPUMBState'; 
did you mean 'CPUState'?
uint32_t mmu_read(CPUMBState *env, bool ea, uint32_t rn);
  ^~
  CPUState

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/microblaze/mmu.h | 2 ++
 target/mips/internal.h  | 1 +
 target/nios2/mmu.h  | 2 ++
 target/riscv/pmp.h  | 2 ++
 4 files changed, 7 insertions(+)

diff --git a/target/microblaze/mmu.h b/target/microblaze/mmu.h
index b6b4b9ad60..1068bd2d52 100644
--- a/target/microblaze/mmu.h
+++ b/target/microblaze/mmu.h
@@ -20,6 +20,8 @@
 #ifndef TARGET_MICROBLAZE_MMU_H
 #define TARGET_MICROBLAZE_MMU_H
 
+#include "cpu.h"
+
 #define MMU_R_PID0
 #define MMU_R_ZPR1
 #define MMU_R_TLBX   2
diff --git a/target/mips/internal.h b/target/mips/internal.h
index daddb05fd4..f705d6bfa6 100644
--- a/target/mips/internal.h
+++ b/target/mips/internal.h
@@ -12,6 +12,7 @@
 #ifdef CONFIG_TCG
 #include "tcg/tcg-internal.h"
 #endif
+#include "cpu.h"
 
 /*
  * MMU types, the first four entries have the same layout as the
diff --git a/target/nios2/mmu.h b/target/nios2/mmu.h
index 4f46fbb82e..d36b8cc86a 100644
--- a/target/nios2/mmu.h
+++ b/target/nios2/mmu.h
@@ -21,6 +21,8 @@
 #ifndef NIOS2_MMU_H
 #define NIOS2_MMU_H
 
+#include "cpu.h"
+
 typedef struct Nios2TLBEntry {
 target_ulong tag;
 target_ulong data;
diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h
index a9a0b363a7..fcb6b7c467 100644
--- a/target/riscv/pmp.h
+++ b/target/riscv/pmp.h
@@ -22,6 +22,8 @@
 #ifndef RISCV_PMP_H
 #define RISCV_PMP_H
 
+#include "cpu.h"
+
 typedef enum {
 PMP_READ  = 1 << 0,
 PMP_WRITE = 1 << 1,
-- 
2.34.1




[PATCH 05/15] cpu: Add missing 'exec/exec-all.h' and 'qemu/accel.h' headers

2022-02-09 Thread Philippe Mathieu-Daudé via
cpu.c requires "exec/exec-all.h" to call tlb_flush() and
"qemu/accel.h" to call accel_cpu_realizefn().

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 cpu.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cpu.c b/cpu.c
index 97d42b6b2a..6b4aa53775 100644
--- a/cpu.c
+++ b/cpu.c
@@ -35,10 +35,12 @@
 #include "sysemu/tcg.h"
 #include "sysemu/kvm.h"
 #include "sysemu/replay.h"
+#include "exec/exec-all.h"
 #include "exec/translate-all.h"
 #include "exec/log.h"
 #include "hw/core/accel-cpu.h"
 #include "trace/trace-root.h"
+#include "qemu/accel.h"
 
 uintptr_t qemu_host_page_size;
 intptr_t qemu_host_page_mask;
-- 
2.34.1




[PATCH 11/15] target: Use ArchCPU as interface to target CPU

2022-02-09 Thread Philippe Mathieu-Daudé via
ArchCPU is our interface with target-specific code. Use it as
a forward-declared opaque pointer (abstract type), having its
structure defined by each target.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/qemu/typedefs.h |  1 +
 target/alpha/cpu-qom.h  |  4 +++-
 target/alpha/cpu.h  |  4 +---
 target/arm/cpu-qom.h|  4 +++-
 target/arm/cpu.h|  2 --
 target/avr/cpu-qom.h|  4 +++-
 target/avr/cpu.h|  6 ++
 target/cris/cpu-qom.h   |  4 +++-
 target/cris/cpu.h   |  4 +---
 target/hexagon/cpu.h|  2 +-
 target/hppa/cpu-qom.h   |  4 +++-
 target/hppa/cpu.h   |  4 +---
 target/i386/cpu-qom.h   |  4 +++-
 target/i386/cpu.h   |  4 +---
 target/m68k/cpu-qom.h   |  4 +++-
 target/m68k/cpu.h   |  4 +---
 target/microblaze/cpu-qom.h |  4 +++-
 target/microblaze/cpu.h |  6 +++---
 target/mips/cpu-qom.h   |  4 +++-
 target/mips/cpu.h   |  4 +---
 target/nios2/cpu.h  |  4 ++--
 target/openrisc/cpu.h   | 11 ---
 target/ppc/cpu-qom.h|  4 +++-
 target/ppc/cpu.h|  4 +---
 target/riscv/cpu.h  |  5 ++---
 target/rx/cpu-qom.h |  4 +++-
 target/rx/cpu.h |  4 +---
 target/s390x/cpu-qom.h  |  4 +++-
 target/s390x/cpu.h  |  4 +---
 target/sh4/cpu-qom.h|  4 +++-
 target/sh4/cpu.h|  4 +---
 target/sparc/cpu-qom.h  |  4 +++-
 target/sparc/cpu.h  |  4 +---
 target/tricore/cpu-qom.h|  4 +++-
 target/tricore/cpu.h|  4 +---
 target/xtensa/cpu-qom.h |  4 +++-
 target/xtensa/cpu.h |  4 +---
 37 files changed, 76 insertions(+), 77 deletions(-)

diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index c6f692b0dd..c564f54c11 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -26,6 +26,7 @@ typedef struct AddressSpace AddressSpace;
 typedef struct AioContext AioContext;
 typedef struct Aml Aml;
 typedef struct AnnounceTimer AnnounceTimer;
+typedef struct ArchCPU ArchCPU;
 typedef struct BdrvDirtyBitmap BdrvDirtyBitmap;
 typedef struct BdrvDirtyBitmapIter BdrvDirtyBitmapIter;
 typedef struct BlockBackend BlockBackend;
diff --git a/target/alpha/cpu-qom.h b/target/alpha/cpu-qom.h
index 7bb9173c57..6fd2dec1a7 100644
--- a/target/alpha/cpu-qom.h
+++ b/target/alpha/cpu-qom.h
@@ -25,7 +25,9 @@
 
 #define TYPE_ALPHA_CPU "alpha-cpu"
 
-OBJECT_DECLARE_TYPE(AlphaCPU, AlphaCPUClass,
+typedef struct ArchCPU AlphaCPU;
+
+OBJECT_DECLARE_TYPE(ArchCPU, AlphaCPUClass,
 ALPHA_CPU)
 
 /**
diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index cfd17fd265..58f00b7814 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -257,7 +257,7 @@ typedef struct CPUArchState {
  *
  * An Alpha CPU.
  */
-struct AlphaCPU {
+struct ArchCPU {
 /*< private >*/
 CPUState parent_obj;
 /*< public >*/
@@ -283,8 +283,6 @@ int alpha_cpu_gdb_write_register(CPUState *cpu, uint8_t 
*buf, int reg);
 
 #define cpu_list alpha_cpu_list
 
-typedef AlphaCPU ArchCPU;
-
 #include "exec/cpu-all.h"
 
 enum {
diff --git a/target/arm/cpu-qom.h b/target/arm/cpu-qom.h
index a22bd506d0..b0a0724e8c 100644
--- a/target/arm/cpu-qom.h
+++ b/target/arm/cpu-qom.h
@@ -27,7 +27,9 @@ struct arm_boot_info;
 
 #define TYPE_ARM_CPU "arm-cpu"
 
-OBJECT_DECLARE_TYPE(ARMCPU, ARMCPUClass,
+typedef struct ArchCPU ARMCPU;
+
+OBJECT_DECLARE_TYPE(ArchCPU, ARMCPUClass,
 ARM_CPU)
 
 #define TYPE_ARM_MAX_CPU "max-" TYPE_ARM_CPU
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index a95a070647..a137c564c4 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3410,8 +3410,6 @@ static inline bool arm_cpu_data_is_big_endian(CPUARMState 
*env)
 }
 }
 
-typedef ARMCPU ArchCPU;
-
 #include "exec/cpu-all.h"
 
 /*
diff --git a/target/avr/cpu-qom.h b/target/avr/cpu-qom.h
index 14e5b3ce72..e212cac0b5 100644
--- a/target/avr/cpu-qom.h
+++ b/target/avr/cpu-qom.h
@@ -26,7 +26,9 @@
 
 #define TYPE_AVR_CPU "avr-cpu"
 
-OBJECT_DECLARE_TYPE(AVRCPU, AVRCPUClass,
+typedef struct ArchCPU AVRCPU;
+
+OBJECT_DECLARE_TYPE(ArchCPU, AVRCPUClass,
 AVR_CPU)
 
 /**
diff --git a/target/avr/cpu.h b/target/avr/cpu.h
index e4a990556b..55497f851d 100644
--- a/target/avr/cpu.h
+++ b/target/avr/cpu.h
@@ -143,14 +143,14 @@ typedef struct CPUArchState {
  *
  *  A AVR CPU.
  */
-typedef struct AVRCPU {
+struct ArchCPU {
 /*< private >*/
 CPUState parent_obj;
 /*< public >*/
 
 CPUNegativeOffsetState neg;
 CPUAVRState env;
-} AVRCPU;
+};
 
 extern const struct VMStateDescription vms_avr_cpu;
 
@@ -245,8 +245,6 @@ bool avr_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
   MMUAccessType access_type, int mmu_idx,
   bool probe, uintptr_t retaddr);
 
-typedef AVRCPU ArchCPU;
-
 #include "exec/cpu-all.h"
 
 #endif /* !defined (QEMU_AVR_CPU_H) */
diff --git a/target/cris/cpu-qom.h b/target/cris/cpu-qom.h
index 2596edc7e3..89

[PATCH 09/15] target: Use forward declared type instead of structure type

2022-02-09 Thread Philippe Mathieu-Daudé via
The CPU / CPU state are forward declared.

  $ git grep -E 'struct [A-Za-z]+CPU\ \*'
  target/arm/hvf_arm.h:16:void hvf_arm_set_cpu_features_from_host(struct ARMCPU 
*cpu);
  target/openrisc/cpu.h:234:int (*cpu_openrisc_map_address_code)(struct 
OpenRISCCPU *cpu,
  target/openrisc/cpu.h:238:int (*cpu_openrisc_map_address_data)(struct 
OpenRISCCPU *cpu,

  $ git grep -E 'struct CPU[A-Za-z]+State\ \*'
  target/mips/internal.h:137:int (*map_address)(struct CPUMIPSState *env, 
hwaddr *physical, int *prot,
  target/mips/internal.h:139:void (*helper_tlbwi)(struct CPUMIPSState *env);
  target/mips/internal.h:140:void (*helper_tlbwr)(struct CPUMIPSState *env);
  target/mips/internal.h:141:void (*helper_tlbp)(struct CPUMIPSState *env);
  target/mips/internal.h:142:void (*helper_tlbr)(struct CPUMIPSState *env);
  target/mips/internal.h:143:void (*helper_tlbinv)(struct CPUMIPSState 
*env);
  target/mips/internal.h:144:void (*helper_tlbinvf)(struct CPUMIPSState 
*env);
  target/xtensa/cpu.h:347:struct CPUXtensaState *env;

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/arm/hvf_arm.h   |  2 +-
 target/mips/internal.h | 14 +++---
 target/openrisc/cpu.h  |  4 ++--
 target/xtensa/cpu.h|  2 +-
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/target/arm/hvf_arm.h b/target/arm/hvf_arm.h
index ea238cff83..9a9d1a0bf5 100644
--- a/target/arm/hvf_arm.h
+++ b/target/arm/hvf_arm.h
@@ -13,6 +13,6 @@
 
 #include "cpu.h"
 
-void hvf_arm_set_cpu_features_from_host(struct ARMCPU *cpu);
+void hvf_arm_set_cpu_features_from_host(ARMCPU *cpu);
 
 #endif
diff --git a/target/mips/internal.h b/target/mips/internal.h
index f705d6bfa6..ac6e03e2f2 100644
--- a/target/mips/internal.h
+++ b/target/mips/internal.h
@@ -134,14 +134,14 @@ struct r4k_tlb_t {
 struct CPUMIPSTLBContext {
 uint32_t nb_tlb;
 uint32_t tlb_in_use;
-int (*map_address)(struct CPUMIPSState *env, hwaddr *physical, int *prot,
+int (*map_address)(CPUMIPSState *env, hwaddr *physical, int *prot,
target_ulong address, MMUAccessType access_type);
-void (*helper_tlbwi)(struct CPUMIPSState *env);
-void (*helper_tlbwr)(struct CPUMIPSState *env);
-void (*helper_tlbp)(struct CPUMIPSState *env);
-void (*helper_tlbr)(struct CPUMIPSState *env);
-void (*helper_tlbinv)(struct CPUMIPSState *env);
-void (*helper_tlbinvf)(struct CPUMIPSState *env);
+void (*helper_tlbwi)(CPUMIPSState *env);
+void (*helper_tlbwr)(CPUMIPSState *env);
+void (*helper_tlbp)(CPUMIPSState *env);
+void (*helper_tlbr)(CPUMIPSState *env);
+void (*helper_tlbinv)(CPUMIPSState *env);
+void (*helper_tlbinvf)(CPUMIPSState *env);
 union {
 struct {
 r4k_tlb_t tlb[MIPS_TLB_MAX];
diff --git a/target/openrisc/cpu.h b/target/openrisc/cpu.h
index ee069b080c..5711591520 100644
--- a/target/openrisc/cpu.h
+++ b/target/openrisc/cpu.h
@@ -231,11 +231,11 @@ typedef struct CPUOpenRISCTLBContext {
 OpenRISCTLBEntry itlb[TLB_SIZE];
 OpenRISCTLBEntry dtlb[TLB_SIZE];
 
-int (*cpu_openrisc_map_address_code)(struct OpenRISCCPU *cpu,
+int (*cpu_openrisc_map_address_code)(OpenRISCCPU *cpu,
  hwaddr *physical,
  int *prot,
  target_ulong address, int rw);
-int (*cpu_openrisc_map_address_data)(struct OpenRISCCPU *cpu,
+int (*cpu_openrisc_map_address_data)(OpenRISCCPU *cpu,
  hwaddr *physical,
  int *prot,
  target_ulong address, int rw);
diff --git a/target/xtensa/cpu.h b/target/xtensa/cpu.h
index 02143f2f77..f2165b17e2 100644
--- a/target/xtensa/cpu.h
+++ b/target/xtensa/cpu.h
@@ -344,7 +344,7 @@ typedef struct XtensaGdbRegmap {
 } XtensaGdbRegmap;
 
 typedef struct XtensaCcompareTimer {
-struct CPUXtensaState *env;
+CPUXtensaState *env;
 QEMUTimer *timer;
 } XtensaCcompareTimer;
 
-- 
2.34.1




[RFC PATCH 14/15] hw/sparc: Restrict SPARCCPU type to target/ code

2022-02-09 Thread Philippe Mathieu-Daudé via
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/sparc/sparc64.h | 4 +---
 target/sparc/cpu-qom.h | 2 --
 target/sparc/cpu.h | 4 ++--
 3 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/include/hw/sparc/sparc64.h b/include/hw/sparc/sparc64.h
index 4ced36fb5a..605ae4448c 100644
--- a/include/hw/sparc/sparc64.h
+++ b/include/hw/sparc/sparc64.h
@@ -1,11 +1,9 @@
 #ifndef HW_SPARC_SPARC64_H
 #define HW_SPARC_SPARC64_H
 
-#include "target/sparc/cpu-qom.h"
-
 #define IVEC_MAX 0x40
 
-SPARCCPU *sparc64_cpu_devinit(const char *cpu_type, uint64_t prom_addr);
+ArchCPU *sparc64_cpu_devinit(const char *cpu_type, uint64_t prom_addr);
 
 void sparc64_cpu_set_ivec_irq(void *opaque, int irq, int level);
 
diff --git a/target/sparc/cpu-qom.h b/target/sparc/cpu-qom.h
index d5f90cffd4..36cadd 100644
--- a/target/sparc/cpu-qom.h
+++ b/target/sparc/cpu-qom.h
@@ -29,8 +29,6 @@
 #define TYPE_SPARC_CPU "sparc-cpu"
 #endif
 
-typedef struct ArchCPU SPARCCPU;
-
 OBJECT_DECLARE_TYPE(ArchCPU, SPARCCPUClass,
 SPARC_CPU)
 
diff --git a/target/sparc/cpu.h b/target/sparc/cpu.h
index abb38db674..8452a62ea8 100644
--- a/target/sparc/cpu.h
+++ b/target/sparc/cpu.h
@@ -556,14 +556,14 @@ struct CPUArchState {
  *
  * A SPARC CPU.
  */
-struct ArchCPU {
+typedef struct ArchCPU {
 /*< private >*/
 CPUState parent_obj;
 /*< public >*/
 
 CPUNegativeOffsetState neg;
 CPUSPARCState env;
-};
+} SPARCCPU;
 
 
 #ifndef CONFIG_USER_ONLY
-- 
2.34.1




[PATCH 02/15] hw/m68k/mcf: Add missing 'exec/hwaddr.h' header

2022-02-09 Thread Philippe Mathieu-Daudé via
hwaddr type is defined in "exec/hwaddr.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/m68k/mcf.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/hw/m68k/mcf.h b/include/hw/m68k/mcf.h
index decf17ce42..8cbd587bbf 100644
--- a/include/hw/m68k/mcf.h
+++ b/include/hw/m68k/mcf.h
@@ -2,6 +2,7 @@
 #define HW_MCF_H
 /* Motorola ColdFire device prototypes.  */
 
+#include "exec/hwaddr.h"
 #include "target/m68k/cpu-qom.h"
 
 /* mcf_uart.c */
-- 
2.34.1




[PATCH 03/15] hw/tricore: Remove unused and incorrect header

2022-02-09 Thread Philippe Mathieu-Daudé via
TriCore boards certainly don't need the ARM loader API :)

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/tricore/triboard.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/include/hw/tricore/triboard.h b/include/hw/tricore/triboard.h
index f3844be447..094c8bd563 100644
--- a/include/hw/tricore/triboard.h
+++ b/include/hw/tricore/triboard.h
@@ -21,7 +21,6 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "hw/boards.h"
-#include "hw/arm/boot.h"
 #include "sysemu/sysemu.h"
 #include "exec/address-spaces.h"
 #include "qom/object.h"
-- 
2.34.1




[RFC PATCH 12/15] hw/m68k: Restrict M68kCPU type to target/ code

2022-02-09 Thread Philippe Mathieu-Daudé via
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/hw/m68k/mcf.h | 3 +--
 target/m68k/cpu-qom.h | 2 --
 target/m68k/cpu.h | 4 ++--
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/include/hw/m68k/mcf.h b/include/hw/m68k/mcf.h
index 8cbd587bbf..e84fcfb4ca 100644
--- a/include/hw/m68k/mcf.h
+++ b/include/hw/m68k/mcf.h
@@ -3,7 +3,6 @@
 /* Motorola ColdFire device prototypes.  */
 
 #include "exec/hwaddr.h"
-#include "target/m68k/cpu-qom.h"
 
 /* mcf_uart.c */
 uint64_t mcf_uart_read(void *opaque, hwaddr addr,
@@ -16,7 +15,7 @@ void mcf_uart_mm_init(hwaddr base, qemu_irq irq, Chardev 
*chr);
 /* mcf_intc.c */
 qemu_irq *mcf_intc_init(struct MemoryRegion *sysmem,
 hwaddr base,
-M68kCPU *cpu);
+ArchCPU *cpu);
 
 /* mcf5206.c */
 #define TYPE_MCF5206_MBAR "mcf5206-mbar"
diff --git a/target/m68k/cpu-qom.h b/target/m68k/cpu-qom.h
index c2c0736b3b..ec75adad69 100644
--- a/target/m68k/cpu-qom.h
+++ b/target/m68k/cpu-qom.h
@@ -25,8 +25,6 @@
 
 #define TYPE_M68K_CPU "m68k-cpu"
 
-typedef struct ArchCPU M68kCPU;
-
 OBJECT_DECLARE_TYPE(ArchCPU, M68kCPUClass,
 M68K_CPU)
 
diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 872e8ce637..90be69e714 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -156,14 +156,14 @@ typedef struct CPUArchState {
  *
  * A Motorola 68k CPU.
  */
-struct ArchCPU {
+typedef struct ArchCPU {
 /*< private >*/
 CPUState parent_obj;
 /*< public >*/
 
 CPUNegativeOffsetState neg;
 CPUM68KState env;
-};
+} M68kCPU;
 
 
 #ifndef CONFIG_USER_ONLY
-- 
2.34.1




[PATCH 04/15] exec/cpu_ldst: Include 'cpu.h' to get target_ulong definition

2022-02-09 Thread Philippe Mathieu-Daudé via
Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 include/exec/cpu_ldst.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index a878fd0105..5c66de 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -64,6 +64,7 @@
 
 #include "exec/memopidx.h"
 #include "qemu/int128.h"
+#include "cpu.h"
 
 #if defined(CONFIG_USER_ONLY)
 /* sparc32plus has 64bit long but 32bit space address
-- 
2.34.1




[PATCH 01/15] meson: Display libfdt as disabled when system emulation is disabled

2022-02-09 Thread Philippe Mathieu-Daudé via
When configuring QEMU with --disable-system, meson keeps showing
libfdt as "auto". Mark it as disabled instead.

Acked-by: Paolo Bonzini 
Signed-off-by: Philippe Mathieu-Daudé 
---
 meson.build | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index 571af34b7d..3c274386bb 100644
--- a/meson.build
+++ b/meson.build
@@ -2271,8 +2271,8 @@ if get_option('cfi') and slirp_opt == 'system'
 endif
 
 fdt = not_found
-fdt_opt = get_option('fdt')
 if have_system
+  fdt_opt = get_option('fdt')
   if fdt_opt in ['enabled', 'auto', 'system']
 have_internal = fs.exists(meson.current_source_dir() / 
'dtc/libfdt/Makefile.libfdt')
 fdt = cc.find_library('fdt', kwargs: static_kwargs,
@@ -2315,6 +2315,8 @@ if have_system
 fdt = declare_dependency(link_with: libfdt,
  include_directories: fdt_inc)
   endif
+else
+  fdt_opt = 'disabled'
 endif
 if not fdt.found() and fdt_required.length() > 0
   error('fdt not available but required by targets ' + ', '.join(fdt_required))
-- 
2.34.1




[PATCH 00/15] target: Use ArchCPU & CPUArchState as abstract interface to target CPU

2022-02-09 Thread Philippe Mathieu-Daudé via
Hi Richard,

Kind of respin of the "exec: Move translation declarations to
'translate-all.h'" series, but without modifying translate-all.h :)
(same same but different).

Last patches are RFC, not sure worthwhile (at least for now).

Based-on: <20220207082756.82600-1-f4...@amsat.org>
"exec: Remove 'qemu/log.h' from 'exec-all.h'"

Philippe Mathieu-Daudé (15):
  meson: Display libfdt as disabled when system emulation is disabled
  hw/m68k/mcf: Add missing 'exec/hwaddr.h' header
  hw/tricore: Remove unused and incorrect header
  exec/cpu_ldst: Include 'cpu.h' to get target_ulong definition
  cpu: Add missing 'exec/exec-all.h' and 'qemu/accel.h' headers
  target/i386/cpu: Ensure accelerators set CPU addressble physical bits
  target/i386/tcg/sysemu: Include missing 'exec/exec-all.h' header
  target: Include missing 'cpu.h'
  target: Use forward declared type instead of structure type
  target: Use CPUArchState as interface to target-specific CPU state
  target: Use ArchCPU as interface to target CPU
  hw/m68k: Restrict M68kCPU type to target/ code
  hw/mips: Restrict MIPSCPU type to target/ code
  hw/sparc: Restrict SPARCCPU type to target/ code
  hw/sh4: Restrict SuperHCPU type to target/ code

 cpu.c|  2 ++
 include/exec/cpu_ldst.h  |  1 +
 include/exec/poison.h|  2 --
 include/hw/core/cpu.h|  2 +-
 include/hw/m68k/mcf.h|  4 ++--
 include/hw/mips/cpudevs.h|  6 ++
 include/hw/sh4/sh.h  |  3 +--
 include/hw/sparc/sparc64.h   |  4 +---
 include/hw/tricore/triboard.h|  1 -
 include/qemu/typedefs.h  |  2 ++
 meson.build  |  4 +++-
 target/alpha/cpu-qom.h   |  4 +++-
 target/alpha/cpu.h   | 11 +++
 target/arm/cpu-qom.h |  4 +++-
 target/arm/cpu.h |  5 +
 target/arm/hvf_arm.h |  2 +-
 target/avr/cpu-qom.h |  4 +++-
 target/avr/cpu.h | 13 -
 target/cris/cpu-qom.h|  4 +++-
 target/cris/cpu.h|  7 ++-
 target/hexagon/cpu.h | 10 +++---
 target/hppa/cpu-qom.h|  4 +++-
 target/hppa/cpu.h| 12 +++-
 target/i386/cpu-qom.h|  4 +++-
 target/i386/cpu.c|  1 +
 target/i386/cpu.h|  7 ++-
 target/i386/tcg/sysemu/excp_helper.c |  1 +
 target/i386/tcg/sysemu/misc_helper.c |  1 +
 target/m68k/cpu-qom.h|  2 +-
 target/m68k/cpu.h|  9 +++--
 target/microblaze/cpu-qom.h  |  4 +++-
 target/microblaze/cpu.h  | 11 +--
 target/microblaze/mmu.h  |  2 ++
 target/mips/cpu-qom.h|  2 +-
 target/mips/cpu.h| 12 
 target/mips/internal.h   | 15 ---
 target/nios2/cpu.h   |  8 
 target/nios2/mmu.h   |  2 ++
 target/openrisc/cpu.h| 18 +++---
 target/ppc/cpu-qom.h |  6 --
 target/ppc/cpu.h |  7 ++-
 target/riscv/cpu.h   | 10 --
 target/riscv/pmp.h   |  2 ++
 target/rx/cpu-qom.h  |  6 +++---
 target/rx/cpu.h  |  6 ++
 target/s390x/cpu-qom.h   |  8 +---
 target/s390x/cpu.h   |  7 ++-
 target/sh4/cpu-qom.h |  2 +-
 target/sh4/cpu.h |  9 +++--
 target/sparc/cpu-qom.h   |  2 +-
 target/sparc/cpu.h   | 11 ---
 target/tricore/cpu-qom.h |  4 +++-
 target/tricore/cpu.h | 10 +++---
 target/xtensa/cpu-qom.h  |  4 +++-
 target/xtensa/cpu.h  | 13 +
 55 files changed, 142 insertions(+), 175 deletions(-)

-- 
2.34.1




Re: [PATCH 13/13] exec: Move translation declarations to 'translate-all.h'

2022-02-09 Thread Philippe Mathieu-Daudé via

On 9/2/22 00:00, Richard Henderson wrote:

On 2/9/22 02:22, Philippe Mathieu-Daudé wrote:

Translation declarations are only useful to TCG accelerator.

Signed-off-by: Philippe Mathieu-Daudé 


Ug.

So, like, what's you vision of exec-all.h vs translate-all.h? Certainly 
there's not much in translate-all.h at the moment. Taking a case at 
random, what has gdbstub.c got to do with "translation" as opposed to 
"execution"?


I would expect some documetation updates to the top of these headers.  I 
don't see why everything has to move all at once, especially since 
translate-all.h already includes exec-all.h.


I can see that exec-all.h is currently a garbage bag, but I strongly 
suspect that you're moving too much here.


I ended with an almost empty exec-all.h; IOW indeed translate-all.h and
exec-all.h are the same mixed bag. What I'm pursuing is extract APIs
such migration and ramblock stuff, but there are so many inter
dependencies that it is hard to sort the patchset (or split it in
series on the same topic but no more than 20 patches).



Re: [PATCH 10/13] target: Use CPUArchState as interface to target-specific CPU state

2022-02-09 Thread Philippe Mathieu-Daudé via

On 8/2/22 23:40, Richard Henderson wrote:

On 2/9/22 02:22, Philippe Mathieu-Daudé wrote:

While CPUState is our interface with generic code, CPUArchState is
our interface with target-specific code. Use CPUArchState as an
abstract type, defined by each target.

Signed-off-by: Philippe Mathieu-Daudé 
---
  include/exec/poison.h   | 2 --
  include/hw/core/cpu.h   | 2 +-
  include/qemu/typedefs.h | 1 +
  target/alpha/cpu.h  | 6 ++
  target/arm/cpu.h    | 2 +-
  target/avr/cpu.h    | 6 ++
  target/cris/cpu.h   | 2 +-
  target/hexagon/cpu.h    | 5 ++---
  target/hppa/cpu.h   | 6 ++
  target/i386/cpu.h   | 2 +-
  target/m68k/cpu.h   | 2 +-
  target/microblaze/cpu.h | 4 ++--
  target/mips/cpu.h   | 5 ++---
  target/nios2/cpu.h  | 4 ++--
  target/openrisc/cpu.h   | 2 +-
  target/ppc/cpu-qom.h    | 2 +-
  target/ppc/cpu.h    | 3 +--
  target/riscv/cpu.h  | 4 ++--
  target/rx/cpu-qom.h | 2 --
  target/rx/cpu.h | 2 +-
  target/s390x/cpu-qom.h  | 2 +-
  target/s390x/cpu.h  | 2 +-
  target/sh4/cpu.h    | 2 +-
  target/sparc/cpu.h  | 4 ++--
  target/tricore/cpu.h    | 5 ++---
  target/xtensa/cpu.h | 6 +++---
  26 files changed, 36 insertions(+), 49 deletions(-)


Nice.

It's tempting to purge CPUFooState entirely, which would eliminate e.g. 
patch 8, and put the onus on having cpu.h (and thus the actual 
definition of CPUArchState) in scope to the C file that includes those 
headers.


I tried but I doubt the result code will please maintainers. I went
back and inverted the typedef, to keep CPUFooState. Maybe a simple
aesthetic concern... I can post (on top of the respin) if you are
interested.

Thanks,

Phil.



Re: [PATCH] Deprecate C virtiofsd

2022-02-09 Thread Peter Maydell
On Wed, 9 Feb 2022 at 16:57, Dr. David Alan Gilbert (git)
 wrote:
>
> From: "Dr. David Alan Gilbert" 
>
> There's a nice new Rust implementation out there; recommend people
> do new work on that.
>
> Signed-off-by: Dr. David Alan Gilbert 
> ---
>  docs/about/deprecated.rst | 14 ++
>  1 file changed, 14 insertions(+)
>
> diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
> index 47a594a3b6..3a0e15f8f5 100644
> --- a/docs/about/deprecated.rst
> +++ b/docs/about/deprecated.rst
> @@ -454,3 +454,17 @@ nanoMIPS ISA
>
>  The ``nanoMIPS`` ISA has never been upstreamed to any compiler toolchain.
>  As it is hard to generate binaries for it, declare it deprecated.
> +
> +Tools
> +-
> +
> +virtiofsd
> +'
> +
> +There is a new Rust implementation of ``virtiofs`` at

I guess there's a missing "d" here ?

> +``https://gitlab.com/virtio-fs/virtiofsd``;
> +since this is now marked stable, new development should be done on that
> +rather than the existing C version in the QEMU tree.
> +The C version will still accept fixes and patches that
> +are already in development for the moment.

thanks
-- PMM



Re: [PATCH 1/1] virtio: fix feature negotiation for ACCESS_PLATFORM

2022-02-09 Thread Halil Pasic
On Wed, 09 Feb 2022 18:24:56 +0100
Cornelia Huck  wrote:

> On Wed, Feb 09 2022, Halil Pasic  wrote:
> 
> > Unlike most virtio features ACCESS_PLATFORM is considered mandatory by
> > QEMU, i.e. the driver must accept it if offered by the device. The
> > virtio specification says that the driver SHOULD accept the
> > ACCESS_PLATFORM feature if offered, and that the device MAY fail to
> > operate if ACCESS_PLATFORM was offered but not negotiated.  
> 
> Maybe add
> 
> (see the "{Driver,Device} Requirements: Reserved Feature Bits" sections
> in the virtio spec)
> 
> ?

I can add that, but I doubt people will have trouble finding it anyway.
There are 6 mentions of ACCESS_PLATFORM in the spec, so unless somebody
is using the dead tree version...
[..]
> > @@ -78,16 +78,19 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, 
> > Error **errp)
> >  return;
> >  }
> >  
> > -vdev_has_iommu = virtio_host_has_feature(vdev, 
> > VIRTIO_F_IOMMU_PLATFORM);
> > -if (klass->get_dma_as != NULL && has_iommu) {
> > +vdev->dma_as = &address_space_memory;
> > +if (has_iommu) {
> > +vdev_has_iommu = virtio_host_has_feature(vdev, 
> > VIRTIO_F_IOMMU_PLATFORM);
> > +/* Fail FEATURE_OK if the device tries to drop IOMMU_PLATFORM */  
> 
> I must admit that the more I stare at this code, the more confused I
> get. We run this function during device realization, and the reason that
> the feature bit might have gotten lost is that the ->get_features()
> device callback dropped it. This happens before the driver is actually
> involved; the check whether the *driver* dropped the feature is done
> during feature validation, which is another code path. 
[moved text from here]
> 
> >  virtio_add_feature(&vdev->host_features, VIRTIO_F_IOMMU_PLATFORM); 
> > [Mark 1]


Let us have a look at 
static int virtio_validate_features(VirtIODevice *vdev) 
{   
VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev);   

if (virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM) &&   
!virtio_vdev_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) {  
return -EFAULT; 
[Mark 2]  
}   
[..]

So were it not of the [Mark 1] we could not hit [Mark 2] if the feature
bit was lost because the ->get_features() callback dropped it. Yes,
feature negotiation is another code path, but the two are interdependent
in a non-trivial way. That is why I added that comment.

[moved here]
> So what we do
> here is failing device realization if a backend doesn't support
> IOMMU_PLATFORM, isn't it?

Not really. We fail the device realization if !vdev_has_iommu &&
vdev->dma_as != &address_space_memory, that is the device does not
support address translation, but we need it to support address
translation because ->dma_as != &address_space memory. If however
->dma_as == &address_space memory we carry on happily even if ->get_features() 
dropped
IOMMU_PLATFORM, because we don't actually need an iova -> gpa
translation. This is the case with virtiofs confidential guests for
example.

But we still don't want the guest dropping ACCESS_PLATFORM, because it is
still mandatory, because the device won't operate correctly unless the
driver grants access to the pieces of memory that the device needs to
access. The underlying mechanism of granting access may not have
anything to do with an IOMMU though.

Does it make sense now?

> > -vdev->dma_as = klass->get_dma_as(qbus->parent);
> > -if (!vdev_has_iommu && vdev->dma_as != &address_space_memory) {
> > -error_setg(errp,
> > +if (klass->get_dma_as) {
> > +vdev->dma_as = klass->get_dma_as(qbus->parent);
> > +if (!vdev_has_iommu && vdev->dma_as != &address_space_memory) {
> > +error_setg(errp,
> > "iommu_platform=true is not supported by the 
> > device");
> > +return;
> > +}
> >  }
> > -} else {
> > -vdev->dma_as = &address_space_memory;
> >  }
> >  }
> >
> 
> 




[PATCH] hw/block/fdc-isa: Respect QOM properties when building AML

2022-02-09 Thread Bernhard Beschow
Other ISA devices such as serial-isa use the properties in their
build_aml functions. fdc-isa not using them is probably an oversight.

Signed-off-by: Bernhard Beschow 
---
 hw/block/fdc-isa.c | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/hw/block/fdc-isa.c b/hw/block/fdc-isa.c
index 3bf64e0665..ab663dce93 100644
--- a/hw/block/fdc-isa.c
+++ b/hw/block/fdc-isa.c
@@ -216,6 +216,7 @@ int cmos_get_fd_drive_type(FloppyDriveType fd0)
 
 static void fdc_isa_build_aml(ISADevice *isadev, Aml *scope)
 {
+FDCtrlISABus *isa = ISA_FDC(isadev);
 Aml *dev;
 Aml *crs;
 int i;
@@ -227,11 +228,13 @@ static void fdc_isa_build_aml(ISADevice *isadev, Aml 
*scope)
 };
 
 crs = aml_resource_template();
-aml_append(crs, aml_io(AML_DECODE16, 0x03F2, 0x03F2, 0x00, 0x04));
-aml_append(crs, aml_io(AML_DECODE16, 0x03F7, 0x03F7, 0x00, 0x01));
-aml_append(crs, aml_irq_no_flags(6));
 aml_append(crs,
-aml_dma(AML_COMPATIBILITY, AML_NOTBUSMASTER, AML_TRANSFER8, 2));
+aml_io(AML_DECODE16, isa->iobase + 2, isa->iobase + 2, 0x00, 0x04));
+aml_append(crs,
+aml_io(AML_DECODE16, isa->iobase + 7, isa->iobase + 7, 0x00, 0x01));
+aml_append(crs, aml_irq_no_flags(isa->irq));
+aml_append(crs,
+aml_dma(AML_COMPATIBILITY, AML_NOTBUSMASTER, AML_TRANSFER8, isa->dma));
 
 dev = aml_device("FDC0");
 aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0700")));
-- 
2.35.1




Re: [PATCH] Deprecate C virtiofsd

2022-02-09 Thread Vivek Goyal
On Wed, Feb 09, 2022 at 04:50:40PM +, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" 
> 
> There's a nice new Rust implementation out there; recommend people
> do new work on that.
> 
> Signed-off-by: Dr. David Alan Gilbert 

Acked-by: Vivek Goyal 

Vivek

> ---
>  docs/about/deprecated.rst | 14 ++
>  1 file changed, 14 insertions(+)
> 
> diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
> index 47a594a3b6..3a0e15f8f5 100644
> --- a/docs/about/deprecated.rst
> +++ b/docs/about/deprecated.rst
> @@ -454,3 +454,17 @@ nanoMIPS ISA
>  
>  The ``nanoMIPS`` ISA has never been upstreamed to any compiler toolchain.
>  As it is hard to generate binaries for it, declare it deprecated.
> +
> +Tools
> +-
> +
> +virtiofsd
> +'
> +
> +There is a new Rust implementation of ``virtiofs`` at
> +``https://gitlab.com/virtio-fs/virtiofsd``;
> +since this is now marked stable, new development should be done on that
> +rather than the existing C version in the QEMU tree.
> +The C version will still accept fixes and patches that
> +are already in development for the moment.
> +
> -- 
> 2.34.1
> 




Re: [PATCH v2 0/2] Python: setuptools v60+ workaround

2022-02-09 Thread John Snow
On Fri, Feb 4, 2022 at 5:18 PM John Snow  wrote:
>
> Long story short: Python 3.7/3.8 on Fedora with setuptools v60.0.0+
> together create a bug that ultimately causes pylint to fail. See the
> first commit message for more detail.
>
> I sent out a hotfix two weeks ago to fix this behavior on our CI, but
> there's a better workaround. This adds the better workaround and reverts
> the hotfix.
>
> John Snow (2):
>   Python: add setuptools v60.0 workaround
>   Revert "python: pin setuptools below v60.0.0"
>
>  python/Makefile| 2 --
>  python/setup.cfg   | 1 -
>  python/tests/iotests-pylint.sh | 3 ++-
>  python/tests/pylint.sh | 3 ++-
>  4 files changed, 4 insertions(+), 5 deletions(-)
>
> --
> 2.34.1
>

Assuming no news is good news. I'm staging this to my Python branch,
and intend to send a PR after I get an ACK on '[PATCH 0/4] iotests:
finalize switch to async QMP' -- so there's time to veto this if you
have concerns.

--js




Re: [PATCH v4 23/42] tests/acpi: allow CEDT table addition

2022-02-09 Thread Michael S. Tsirkin
On Wed, Feb 09, 2022 at 06:18:01PM +, Jonathan Cameron wrote:
> On Mon, 24 Jan 2022 17:16:46 +
> Jonathan Cameron  wrote:
> 
> > From: Ben Widawsky 
> > 
> > Following patches will add a new ACPI table, the
> > CXL Early Discovery Table (CEDT).
> > 
> > Signed-off-by: Ben Widawsky 
> > Signed-off-by: Jonathan Cameron 
> > ---
> >  tests/data/acpi/pc/CEDT | 0
> >  tests/data/acpi/q35/CEDT| 0
> >  tests/qtest/bios-tables-test-allowed-diff.h | 2 ++
> >  3 files changed, 2 insertions(+)
> > 
> > diff --git a/tests/data/acpi/pc/CEDT b/tests/data/acpi/pc/CEDT
> > new file mode 100644
> > index 00..e69de29bb2
> > diff --git a/tests/data/acpi/q35/CEDT b/tests/data/acpi/q35/CEDT
> > new file mode 100644
> > index 00..e69de29bb2
> > diff --git a/tests/qtest/bios-tables-test-allowed-diff.h 
> > b/tests/qtest/bios-tables-test-allowed-diff.h
> > index dfb8523c8b..9b07f1e1ff 100644
> > --- a/tests/qtest/bios-tables-test-allowed-diff.h
> > +++ b/tests/qtest/bios-tables-test-allowed-diff.h
> > @@ -1 +1,3 @@
> >  /* List of comma-separated changed AML files to ignore */
> > +"tests/data/acpi/pc/CEDT",
> > +"tests/data/acpi/q35/CEDT",
> 
> Whilst reordering the series to allow partial sets to be picked up
> it occurred to me that there is reason why we should now generate a CEDT
> table unless cxl=on is set for the relevant machine.

Absolutely. But this is just an example, it's an instance of
a bigger issue: skipping new features when they are off
reduces the chance of legacy guest breakage.

> Adding the relevant conditions means we can avoid this dance
> to add effectively empty CEDT tables.  I have added a proper
> test for to bios-test-tables but that can be introduced once
> everything is in place, rather than as we go along (whereas
> for qtests/cxl-test.c I am doing a series of updates as the 
> functionality is built up.).
> 
> Makes for a simpler patch series to update.
> 
> Jonathan




Re: [PATCH] MAINTAINERS: python - remove ehabkost and add bleal

2022-02-09 Thread John Snow
On Wed, Feb 9, 2022 at 10:29 AM Eduardo Habkost  wrote:
>
> On Mon, 7 Feb 2022 at 19:05, John Snow  wrote:
> >
> > Eduardo Habkost has left Red Hat and has other daily responsibilities to
> > attend to. In order to stop spamming him on every series, remove him as
> > "Reviewer" for the python/ library dir and add Beraldo Leal instead.
> >
> > For the "python scripts" stanza (which is separate due to level of
> > support), replace Eduardo as maintainer with myself.
> >
> > (Thanks for all of your hard work, Eduardo!)
>
> Thank you! And my apologies for not sending the MAINTAINERS patch
> myself. I'm being unable to deal with the amount of QEMU-related
> traffic directed to my email address.
>
> Acked-by: Eduardo Habkost 
>

I assure you no apologies are necessary!

Thanks, I've staged this patch to my Python branch.
--js




  1   2   3   >