Re: Outreachy project task: Adding QEMU block layer APIs resembling Linux ZBD ioctls.

[Sam Li]

Hi Stefan,

Stefan Hajnoczi  于2022年6月1日周三 19:43写道：
>
> On Wed, 1 Jun 2022 at 06:47, Damien Le Moal
>  wrote:
> >
> > On 6/1/22 11:57, Sam Li wrote:
> > > Hi Stefan,
> > >
> > > Stefan Hajnoczi  于2022年5月30日周一 19:19写道：
> > >
> > >
> > >>
> > >> On Mon, 30 May 2022 at 06:09, Sam Li  wrote:
> > >>>
> > >>> Hi everyone,
> > >>> I'm Sam Li, working on the Outreachy project which is to add zoned
> > >>> device support to QEMU's virtio-blk emulation.
> > >>>
> > >>> For the first goal, adding QEMU block layer APIs resembling Linux ZBD
> > >>> ioctls, I think the naive approach would be to introduce a new stable
> > >>> struct zbd_zone descriptor for the library function interface. More
> > >>> specifically, what I'd like to add to the BlockDriver struct are:
> > >>> 1. zbd_info as zone block device information: includes numbers of
> > >>> zones, size of logical blocks, and physical blocks.
> > >>> 2. zbd_zone_type and zbd_zone_state
> > >>> 3. zbd_dev_model: host-managed zbd, host-aware zbd
> > >>> With those basic structs, we can start to implement new functions as
> > >>> bdrv*() APIs for BLOCK*ZONE ioctls.
> > >>>
> > >>> I'll start to finish this task based on the above description. If
> > >>> there is any problem or something I may miss in the design, please let
> > >>> me know.
> > >>
> > >> Hi Sam,
> > >> Can you propose function prototypes for the new BlockDriver callbacks
> > >> needed for zoned devices?
> > >
> > > I have made some modifications based on Damien's device in design part
> > > 1 and added the function prototypes in design part 2. If there is any
> > > problem or part I missed, please let me know.
> > >
> > > Design of Block Layer APIs in BlockDriver:
> > > 1. introduce a new stable struct zbd_zone descriptor for the library
> > > function interface.
> > >   a. zbd_info as zone block device information: includes numbers of
> > > zones, size of blocks, write granularity in byte(minimal write size
> > > and alignment
> > > - write granularity: 512e SMRs: writes in units of physical block
> > > size, 4096 bytes; NVMe ZNS write granularity is equal to the block
> > > size.
> > > - zone descriptor: start, length, capacity, write pointer, zone type
> > >   b. zbd_zone_type
> > > - zone type: conventional, sequential write required, sequential
> > > write preferred
> > >   c. zbd_dev_model: host-managed zbd, host-aware zbd
> >
> > This explanation is a little hard to understand. It seems to be mixing up
> > device level information and per-zone information. I think it would be a
> > lot simpler to write a struct definition to directly illustrate what you
> > are planning.
> >
> > It is something like this ?
> >
> > struct zbd_zone {
> > enum zone_type  type;
> > enum zone_cond  cond;
> > uint64_tstart;
> > uint32_tlength;
> > uint32_tcap;
> > uint64_twp;
> > };
> >
> > strcut zbd_dev {
> > enum zone_model model;
> > uint32_tblock_size;
> > uint32_twrite_granularity;
> > uint32_tnr_zones
> > struct zbd_zone *zones; /* array of zones */
> > };
> >
> > If yes, then my comments are as follows.
> >
> > For the device struct: It may be good to have also the maximum number of
> > open zones and the maximum number of active zones.
> >
> > For the zone struct: You may need to add a read-write lock per zone to be
> > able to write lock zones to ensure a sequential write pattern (virtio
> > devices can be multi-queue and so writes may be coming in from different
> > contexts) and to correctly emulate zone append operations with an atomic
> > update of the wp field.
> >
> > These need to be integrated into the generic block driver interface in
> > include/block/block_int-common.h or include/block/block-common.h.
>
> QEMU's block layer has a few ways of exposing information about block devices:
>
> int (*bdrv_get_info)(BlockDriverState *bs, BlockDriverInfo *bdi);
> ImageInfoSpecific *(*bdrv_get_specific_info)(BlockDriverState *bs,
> Error **errp);
>
> These fetch information from the BlockDriver and are good when a small
> amount of data is reported occassionally and consumed by the caller.
>
> For data that is continuously accessed or that could be large, it may
> be necessary for the data to reside inside BlockDriverState so that it
> can be accessed in place (without copying):
>
> void (*bdrv_refresh_limits)(BlockDriverState *bs, Error **errp);
>
> QEMU uses this for the BlockLimits struct (BlockDriverState::bl) that
> is continuously accessed by the block layer while processing I/O
> requests. The "refresh" function updates the data in case the
> underlying storage device has changed somehow. If no update function
> is necessary then data can simply be populated during .bdrv_open() and
> no new BlockDriver callback needs to be added.
>
> So in the simplest case BlockDriverState can be extended with a struct
> zbd_dev field that is populated 

Re: [RESEND PATCH] hw/dma: fix crash caused by race condition

[Stefan Hajnoczi]

On Thu, Jun 2, 2022, 02:04 Tong Zhang  wrote:
>
> Hi Stefan,
>
> On Wed, Jun 1, 2022 at 6:56 AM Stefan Hajnoczi  wrote:
> >
> > > > This patch makes sense to me. Can you rephrase your concern?
> > >
> > > The locking is around dbs->io_func().
> > >
> > > aio_context_acquire(dbs->ctx);
> > > dbs->acb = dbs->io_func()
> > > aio_context_release(dbs->ctx);
> > >
> > >
> > > So where exactly would the lock that's now still held stop someone from
> > > modifying dbs->acb = NULL at the beginning of the function, which seems
> > > to be not protected by that lock?
> > >
> > > Maybe I'm missing some locking magic due to the lock being a recursive 
> > > lock.
> >
> > Tong Zhang: Can you share a backtrace of all threads when the
> > assertion failure occurs?
> >
> Sorry I couldn't get the trace now -- but I can tell that we have some
> internal code uses
> this dma related code and will grab dbs->ctx lock in another thread
> and could overwrite dbs->acb.
>
> From my understanding, one of the reasons that the lock is required
> here is to protect dbs->acb,
> we could not reliably test io_func()'s return value after releasing
> the lock here.
>
> Since this code affects our internal code base and I did not reproduce
> on master branch,
> feel free to ignore it.

If this patch is unnecessary on qemu.git/master it raises the question
whether aio_context_acquire/release() should be removed from
dma_blk_cb(). It was added by:

commit 1919631e6b5562e474690853eca3c35610201e16
Author: Paolo Bonzini 
Date:   Mon Feb 13 14:52:31 2017 +0100

block: explicitly acquire aiocontext in bottom halves that need it

Paolo: Is dma_blk_cb() called without the AioContext lock (by
virtio-scsi or any code path with IOThreads)? David pointed out that
if that's the case then the dbs->acb is accessed without the lock at
the start of dma_blk_cb().

Stefan

RE: [RFC PATCH 00/13] Add a plugin to support out-of-band live migration for VFIO pass-through device

[Tian, Kevin]

Hi, Alex,

> From: Alex Williamson 
> Sent: Thursday, June 2, 2022 2:01 AM
> 
> On Wed, 1 Jun 2022 17:09:25 +
> "Dong, Eddie"  wrote:
> 
> > > -Original Message-
> > > From: Qemu-devel  > > bounces+eddie.dong=intel@nongnu.org> On Behalf Of Alex
> Williamson
> > > On Tue, 24 May 2022 14:18:35 +0800
> > > Lei Rao  wrote:
> > > > This proposal adopts a plugin mechanism (an example can be found in
> > > > [1]) given that IPU/DPU vendors usually implement proprietary
> > > > migration interfaces without a standard. But we are also open if an
> > > > alternative option makes better sense, e.g. via loadable modules (with
> > > > Qemu supporting gRPC or JSON-RPC support) or an IPC mechanism
> similar
> > > to vhost-user.
> > >
> > > AFAIU, QEMU is not interested in supporting plugin modules, especially
> > > proprietary ones.  I don't see that a case has really been made that this
> > > cannot be done in-band, through a vfio-pci variant driver, possibly
> making
> > > use of proprietary interfaces to a userspace agent if necessary (though
> > > please don't ask such to be accepted in-tree for the kernel either).  A 
> > > vfio-
> > > user device server might also host such proprietary, device specific 
> > > agents
> > > while supporting the standard, in-band migration interface.  Thanks,
> > >
> >
> > Thanks Alex. Removing plug-in module is not a problem.
> >
> > Do you mean to implement the migration and protocol handling inside
> > Qemu-client (probably vfio-client after the VFIO-user is merged)? Or
> > to build as part of libvfio-user? We can also build it as a separate
> > process of Qemu-server as part of Multi-Process Qemu.
> 
> AIUI, the QEMU "client" in a vfio-user configuration is simply QEMU
> itself.  The vfio-user "server" provides the actual device
> implementation, which could support different license models, depending
> on what libraries or existing code is incorporated to implement that
> server.  The QEMU remote machine type is simply a QEMU-based
> implementation of a vfio-user server.  The vfio-user server is analogous
> to a vfio-pci variant driver in the kernel/ioctl interface model.  The
> vfio-user client should be device agnostic, possibly with similar
> exceptions we have today via device specific quirk handling for the
> vfio kernel interface.
> 

Sounds like vfio-user is currently defined around virtual device
oriented usages, e.g.:

  - Client accesses virtual pci regions via VFIO_USER_REGION_READ/WRITE
or mmap if the server passes a shmem fd for a given region in
VFIO_USER_DEVICE_GET_REGION_INFO;

  - Client maps DMA memory to server via VFIO_USER_DMA_MAP/UNMAP;

  - Server access client memory via VFIO_USER_DMA_READ/WRITE or
mmap if client passes a fd for the DMA region when doing DMA_MAP;

  - Server delivers virtual interrupt to client via IPC e.g. eventfd;

But in this usage it is still expected to allow Qemu directly access the
physical device for performance. Turning to vfio-user suggests that it
may need to support a model where from kernel p.o.v the physical
device is assigned to vfio-user server but in the end vfio-user client
actually operates the device (or, 'partially'). 

'partially' comes from that mmap must be done by Qemu otherwise
we lose all the performance merit of passthrough while DMA map
and interrupt delivery may be still routed via server (for DMA map
this requires that the server can mmap the client's memory). Such
indirect routes does bring some overhead but it's less obvious than
losing mmap.

I'm not sure how it works w/o additional kernel-side cooperation
though. Currently there is only one fd to represent the entire 
kernel vfio device then how could the server delegate pci regions
to another process (client) for mmap?

If the server just passes the vfio device fd to the client then it's
not vfio-user any more.

Did I misunderstand your idea?

Thanks
Kevin

RE: [RFC 0/1] i2c/aspeed: Add slave device handling in new register mode

[Troy Lee]

Hi Cedric,

> -Original Message-
> From: Cédric Le Goater 
> Sent: Wednesday, June 1, 2022 3:10 PM
> To: Peter Delevoryas 
> Cc: qemu-...@nongnu.org; qemu-devel@nongnu.org; zhdan...@fb.com; Troy
> Lee ; Jamin Lin ;
> Steven Lee ; k.jen...@samsung.com; Joe
> Komlodi ; Joel Stanley ; Andrew
> Jeffery 
> Subject: Re: [RFC 0/1] i2c/aspeed: Add slave device handling in new register
> mode
> 
> [ Adding Joe ]
> 
> On 5/25/22 22:50, Peter Delevoryas wrote:
> > The AST2600/AST1030 new register mode patches[1] and the I2C slave
> > device patches[2] will be really useful, but we still need DMA slave
> > device handling in the new register mode too for the use-cases I'm
> > thinking of (OpenBIC Zephyr kernel using Aspeed SDK drivers[3]).
> >
> > My test images are on Github[4]. They can be used with the
> > ast1030-evb, or the oby35-cl and oby35-bb machines in the fb qemu
> branch[5].
> >
> > I'm submitting this as an RFC cause I just want to see how other
> > people expect these changes to be made based on the previously
> > submitted "new register mode" and "old register mode slave device" patches.
> 
> 
> Currently, my preferred approach would be to start with Joe's patchset because
> the registerfields conversion is a huge effort and it's adding new mode 
> support
> which should cover the needs for the AST1030 SoC [1].
> 
> Troy, could you please confirm this is OK with you ? I have pushed the patches
> on :
> 
>https://github.com/legoater/qemu/commits/aspeed-7.1
> 

Yes, I'm ok with this. We have tested Joe's patch set as well.

> Then, adding slave support for old [2] and new mode (this patch) shouldn't be
> too much of a problem since they are small.
> 

I'm looking forward to have slave device support, with that we could have more 
firmware test case in QEMU.

Thanks,
Troy Lee

> we lack a test case for this controller and writing a I2C Aspeed bus driver 
> for
> qtest is not an easy task.
> 
> It might be easier to start an ast2600-evb machine with a lightweight 
> userspace
> (buildroot, I can host that somewhere on GH) and run some I2C get/set/detect
> commands from a python/expect framework, like avocado.
> I2C devices can be added on the command line for the purpose.
> 
> 
> Thanks,
> 
> C.
> 
> 
> > Thanks,
> > Peter
> >
> > [1]
> > https://patchwork.kernel.org/project/qemu-devel/list/?series=626028
> > chive=both [2]
> > https://patchwork.kernel.org/project/qemu-devel/list/?series=627914
> > chive=both [3]
> > https://github.com/AspeedTech-
> BMC/zephyr/blob/db3dbcc9c52e67a47180890a
> > c938ed380b33f91c/drivers/i2c/i2c_aspeed.c#L1362-L1368
> > [4]
> > https://github.com/peterdelevoryas/OpenBIC/releases/tag/oby35-cl-2022.
> > 13.01 [5] https://github.com/facebook/openbmc-qemu
> >
> > Peter Delevoryas (1):
> >i2c/aspeed: Add slave device handling in new register mode
> >
> >   hw/i2c/aspeed_i2c.c | 118 ++-
> -
> >   include/hw/i2c/aspeed_i2c.h |  14 +++--
> >   2 files changed, 124 insertions(+), 8 deletions(-)
> >

Re: [PATCH] tcg/aarch64: Fix illegal insn from out-of-range shli

[Joel Stanley]

On Thu, 2 Jun 2022 at 01:17, Richard Henderson
 wrote:
>
> The masking in tcg_out_shl was incorrect, producing an
> illegal instruction, rather than merely unspecified results
> for the out-of-range shift.
>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1051
> Signed-off-by: Richard Henderson 

I can confirm this fixes the issue I reported, thanks Richard.

Tested-by: Joel Stanley 

> ---
>  tcg/aarch64/tcg-target.c.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc
> index 61e284bb5c..d997f7922a 100644
> --- a/tcg/aarch64/tcg-target.c.inc
> +++ b/tcg/aarch64/tcg-target.c.inc
> @@ -1261,7 +1261,7 @@ static inline void tcg_out_shl(TCGContext *s, TCGType 
> ext,
>  {
>  int bits = ext ? 64 : 32;
>  int max = bits - 1;
> -tcg_out_ubfm(s, ext, rd, rn, bits - (m & max), max - (m & max));
> +tcg_out_ubfm(s, ext, rd, rn, (bits - m) & max, (max - m) & max);
>  }
>
>  static inline void tcg_out_shr(TCGContext *s, TCGType ext,
> --
> 2.34.1
>
>

[PATCH v6 16/17] linux-user/strace: Adjust get_thread_area for m68k

[Richard Henderson]

Unlike i386, m68k get_thread_area has no arguments.

Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 linux-user/strace.list | 5 +
 1 file changed, 5 insertions(+)

diff --git a/linux-user/strace.list b/linux-user/strace.list
index 278596acd1..72e17b1acf 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -384,8 +384,13 @@
 { TARGET_NR_getsockopt, "getsockopt" , NULL, NULL, NULL },
 #endif
 #ifdef TARGET_NR_get_thread_area
+#if defined(TARGET_I386) && defined(TARGET_ABI32)
 { TARGET_NR_get_thread_area, "get_thread_area", "%s(0x"TARGET_ABI_FMT_lx")",
   NULL, NULL },
+#elif defined(TARGET_M68K)
+{ TARGET_NR_get_thread_area, "get_thread_area" , "%s()",
+  NULL, print_syscall_ret_addr },
+#endif
 #endif
 #ifdef TARGET_NR_gettid
 { TARGET_NR_gettid, "gettid" , "%s()", NULL, NULL },
-- 
2.34.1

[PATCH v6 15/17] linux-user/strace: Use is_error in print_syscall_err

[Richard Henderson]

Errors are not all negative numbers: use is_error.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 linux-user/strace.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index 9fa681dea9..7d882526da 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -689,7 +689,7 @@ print_syscall_err(abi_long ret)
 const char *errstr;
 
 qemu_log(" = ");
-if (ret < 0) {
+if (is_error(ret)) {
 errstr = target_strerror(-ret);
 if (errstr) {
 qemu_log("-1 errno=%d (%s)", (int)-ret, errstr);
-- 
2.34.1

[PATCH v6 13/17] target/m68k: Implement FTRAPcc

[Richard Henderson]

Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 target/m68k/translate.c | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index fa704e0c25..cc3bd4dd2b 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -5566,6 +5566,34 @@ DISAS_INSN(fscc)
 tcg_temp_free(tmp);
 }
 
+DISAS_INSN(ftrapcc)
+{
+DisasCompare c;
+uint16_t ext;
+int cond;
+
+ext = read_im16(env, s);
+cond = ext & 0x3f;
+
+/* Consume and discard the immediate operand. */
+switch (extract32(insn, 0, 3)) {
+case 2: /* ftrapcc.w */
+(void)read_im16(env, s);
+break;
+case 3: /* ftrapcc.l */
+(void)read_im32(env, s);
+break;
+case 4: /* ftrapcc (no operand) */
+break;
+default:
+/* ftrapcc registered with only valid opmodes */
+g_assert_not_reached();
+}
+
+gen_fcc_cond(, s, cond);
+do_trapcc(s, );
+}
+
 #if defined(CONFIG_SOFTMMU)
 DISAS_INSN(frestore)
 {
@@ -6191,6 +6219,8 @@ void register_m68k_insns (CPUM68KState *env)
 INSN(fbcc,  f280, ffc0, CF_FPU);
 INSN(fpu,   f200, ffc0, FPU);
 INSN(fscc,  f240, ffc0, FPU);
+INSN(ftrapcc,   f27a, fffe, FPU);   /* opmode 010, 011 */
+INSN(ftrapcc,   f27c, , FPU);   /* opmode 100 */
 INSN(fbcc,  f280, ff80, FPU);
 #if defined(CONFIG_SOFTMMU)
 INSN(frestore,  f340, ffc0, CF_FPU);
-- 
2.34.1

[PATCH v6 12/17] target/m68k: Implement TRAPV

[Richard Henderson]

Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 target/m68k/translate.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 83c2f73063..fa704e0c25 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -4910,6 +4910,14 @@ DISAS_INSN(trapcc)
 do_trapcc(s, );
 }
 
+DISAS_INSN(trapv)
+{
+DisasCompare c;
+
+gen_cc_cond(, s, 9); /* V set */
+do_trapcc(s, );
+}
+
 static void gen_load_fcr(DisasContext *s, TCGv res, int reg)
 {
 switch (reg) {
@@ -6073,6 +6081,7 @@ void register_m68k_insns (CPUM68KState *env)
 BASE(nop,   4e71, );
 INSN(rtd,   4e74, , RTD);
 BASE(rts,   4e75, );
+INSN(trapv, 4e76, , M68000);
 INSN(rtr,   4e77, , M68000);
 BASE(jump,  4e80, ffc0);
 BASE(jump,  4ec0, ffc0);
-- 
2.34.1

[PATCH v6 11/17] target/m68k: Implement TPF in terms of TRAPcc

[Richard Henderson]

TPF stands for "trap false", and is a long-form nop for ColdFire.
Re-use the immediate consumption code from trapcc; the insn will
already expand to a nop because of the TCG_COND_NEVER test
within do_trapcc.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 target/m68k/translate.c | 19 ++-
 1 file changed, 2 insertions(+), 17 deletions(-)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 61b624b3a1..83c2f73063 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -3075,22 +3075,6 @@ DISAS_INSN(addsubq)
 tcg_temp_free(dest);
 }
 
-DISAS_INSN(tpf)
-{
-switch (insn & 7) {
-case 2: /* One extension word.  */
-s->pc += 2;
-break;
-case 3: /* Two extension words.  */
-s->pc += 4;
-break;
-case 4: /* No extension words.  */
-break;
-default:
-disas_undef(env, s, insn);
-}
-}
-
 DISAS_INSN(branch)
 {
 int32_t offset;
@@ -6099,7 +6083,8 @@ void register_m68k_insns (CPUM68KState *env)
 INSN(dbcc,  50c8, f0f8, M68000);
 INSN(trapcc,50fa, f0fe, TRAPCC);   /* opmode 010, 011 */
 INSN(trapcc,50fc, f0ff, TRAPCC);   /* opmode 100 */
-INSN(tpf,   51f8, fff8, CF_ISA_A);
+INSN(trapcc,51fa, fffe, CF_ISA_A); /* TPF (trapf) opmode 010, 011 */
+INSN(trapcc,51fc, , CF_ISA_A); /* TPF (trapf) opmode 100 */
 
 /* Branch instructions.  */
 BASE(branch,6000, f000);
-- 
2.34.1

[PATCH v6 10/17] target/m68k: Implement TRAPcc

[Richard Henderson]

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/754
Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
v6: Use more exact masks for trapcc, to fix overlap with scc.
---
 target/m68k/cpu.h  |  2 ++
 linux-user/m68k/cpu_loop.c |  1 +
 target/m68k/cpu.c  |  1 +
 target/m68k/op_helper.c|  6 +
 target/m68k/translate.c| 49 ++
 5 files changed, 54 insertions(+), 5 deletions(-)

diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 558c3c67d6..4d8f48e8c7 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -534,6 +534,8 @@ enum m68k_features {
 M68K_FEATURE_MOVEC,
 /* Unaligned data accesses (680[2346]0) */
 M68K_FEATURE_UNALIGNED_DATA,
+/* TRAPcc insn. (680[2346]0, and CPU32) */
+M68K_FEATURE_TRAPCC,
 };
 
 static inline int m68k_feature(CPUM68KState *env, int feature)
diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c
index fcf9220552..3d3033155f 100644
--- a/linux-user/m68k/cpu_loop.c
+++ b/linux-user/m68k/cpu_loop.c
@@ -47,6 +47,7 @@ void cpu_loop(CPUM68KState *env)
 force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPN, env->pc);
 break;
 case EXCP_CHK:
+case EXCP_TRAPCC:
 force_sig_fault(TARGET_SIGFPE, TARGET_FPE_INTOVF, env->mmu.ar);
 break;
 case EXCP_DIV0:
diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index c7aeb7da9c..5f778773d1 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -162,6 +162,7 @@ static void m68020_cpu_initfn(Object *obj)
 m68k_set_feature(env, M68K_FEATURE_CHK2);
 m68k_set_feature(env, M68K_FEATURE_MSP);
 m68k_set_feature(env, M68K_FEATURE_UNALIGNED_DATA);
+m68k_set_feature(env, M68K_FEATURE_TRAPCC);
 }
 
 /*
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index aa62158eb9..61948d92bb 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -399,14 +399,10 @@ static void m68k_interrupt_all(CPUM68KState *env, int 
is_hw)
 do_stack_frame(env, , 2, oldsr, 0, env->pc);
 break;
 
-case EXCP_TRAPCC:
-/* FIXME: addr is not only env->pc */
-do_stack_frame(env, , 2, oldsr, env->pc, env->pc);
-break;
-
 case EXCP_CHK:
 case EXCP_DIV0:
 case EXCP_TRACE:
+case EXCP_TRAPCC:
 do_stack_frame(env, , 2, oldsr, env->mmu.ar, env->pc);
 break;
 
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 399d9232e4..61b624b3a1 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -4879,6 +4879,53 @@ DISAS_INSN(trap)
 gen_exception(s, s->pc, EXCP_TRAP0 + (insn & 0xf));
 }
 
+static void do_trapcc(DisasContext *s, DisasCompare *c)
+{
+if (c->tcond != TCG_COND_NEVER) {
+TCGLabel *over = NULL;
+
+update_cc_op(s);
+
+if (c->tcond != TCG_COND_ALWAYS) {
+/* Jump over if !c. */
+over = gen_new_label();
+tcg_gen_brcond_i32(tcg_invert_cond(c->tcond), c->v1, c->v2, over);
+}
+
+tcg_gen_movi_i32(QREG_PC, s->pc);
+gen_raise_exception_format2(s, EXCP_TRAPCC, s->base.pc_next);
+
+if (over != NULL) {
+gen_set_label(over);
+s->base.is_jmp = DISAS_NEXT;
+}
+}
+free_cond(c);
+}
+
+DISAS_INSN(trapcc)
+{
+DisasCompare c;
+
+/* Consume and discard the immediate operand. */
+switch (extract32(insn, 0, 3)) {
+case 2: /* trapcc.w */
+(void)read_im16(env, s);
+break;
+case 3: /* trapcc.l */
+(void)read_im32(env, s);
+break;
+case 4: /* trapcc (no operand) */
+break;
+default:
+/* trapcc registered with only valid opmodes */
+g_assert_not_reached();
+}
+
+gen_cc_cond(, s, extract32(insn, 8, 4));
+do_trapcc(s, );
+}
+
 static void gen_load_fcr(DisasContext *s, TCGv res, int reg)
 {
 switch (reg) {
@@ -6050,6 +6097,8 @@ void register_m68k_insns (CPUM68KState *env)
 INSN(scc,   50c0, f0f8, CF_ISA_A); /* Scc.B Dx   */
 INSN(scc,   50c0, f0c0, M68000);   /* Scc.B  */
 INSN(dbcc,  50c8, f0f8, M68000);
+INSN(trapcc,50fa, f0fe, TRAPCC);   /* opmode 010, 011 */
+INSN(trapcc,50fc, f0ff, TRAPCC);   /* opmode 100 */
 INSN(tpf,   51f8, fff8, CF_ISA_A);
 
 /* Branch instructions.  */
-- 
2.34.1

[PATCH v6 06/17] target/m68k: Fix address argument for EXCP_CHK

[Richard Henderson]

According to the M68040 Users Manual, section 8.4.3,
Six word stack frame (format 2), CHK, CHK2 (and others)
are supposed to record the next insn in PC and the
address of the trapping instruction in ADDRESS.

Create a raise_exception_format2 function to centralize recording
of the trapping pc in mmu.ar, plus advancing to the next insn.

Update m68k_interrupt_all to pass mmu.ar to do_stack_frame.
Update cpu_loop to pass mmu.ar to siginfo.si_addr, as the
kernel does in trap_c().

Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 target/m68k/cpu.h  |  6 +
 linux-user/m68k/cpu_loop.c |  2 +-
 target/m68k/op_helper.c| 54 --
 3 files changed, 36 insertions(+), 26 deletions(-)

diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index 9b3bf7a448..558c3c67d6 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -122,6 +122,12 @@ typedef struct CPUArchState {
 
 /* MMU status.  */
 struct {
+/*
+ * Holds the "address" value in between raising an exception
+ * and creation of the exception stack frame.
+ * Used for both Format 7 exceptions (Access, i.e. mmu)
+ * and Format 2 exceptions (chk, div0, trapcc, etc).
+ */
 uint32_t ar;
 uint32_t ssw;
 /* 68040 */
diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c
index 12e5d9cd53..e24d17e180 100644
--- a/linux-user/m68k/cpu_loop.c
+++ b/linux-user/m68k/cpu_loop.c
@@ -47,7 +47,7 @@ void cpu_loop(CPUM68KState *env)
 force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPN, env->pc);
 break;
 case EXCP_CHK:
-force_sig_fault(TARGET_SIGFPE, TARGET_FPE_INTOVF, env->pc);
+force_sig_fault(TARGET_SIGFPE, TARGET_FPE_INTOVF, env->mmu.ar);
 break;
 case EXCP_DIV0:
 force_sig_fault(TARGET_SIGFPE, TARGET_FPE_INTDIV, env->pc);
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 777869790b..750d65576f 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -397,13 +397,16 @@ static void m68k_interrupt_all(CPUM68KState *env, int 
is_hw)
 
 case EXCP_ILLEGAL:
 case EXCP_DIV0:
-case EXCP_CHK:
 case EXCP_TRAPCC:
 case EXCP_TRACE:
 /* FIXME: addr is not only env->pc */
 do_stack_frame(env, , 2, oldsr, env->pc, env->pc);
 break;
 
+case EXCP_CHK:
+do_stack_frame(env, , 2, oldsr, env->mmu.ar, env->pc);
+break;
+
 case EXCP_SPURIOUS ... EXCP_INT_LEVEL_7:
 if (is_hw && (oldsr & SR_M)) {
 do_stack_frame(env, , 0, oldsr, 0, env->pc);
@@ -548,6 +551,29 @@ void HELPER(raise_exception)(CPUM68KState *env, uint32_t 
tt)
 raise_exception(env, tt);
 }
 
+G_NORETURN static void
+raise_exception_format2(CPUM68KState *env, int tt, int ilen, uintptr_t raddr)
+{
+CPUState *cs = env_cpu(env);
+
+cs->exception_index = tt;
+
+/* Recover PC and CC_OP for the beginning of the insn.  */
+cpu_restore_state(cs, raddr, true);
+
+/* Flags are current in env->cc_*, or are undefined. */
+env->cc_op = CC_OP_FLAGS;
+
+/*
+ * Remember original pc in mmu.ar, for the Format 2 stack frame.
+ * Adjust PC to end of the insn.
+ */
+env->mmu.ar = env->pc;
+env->pc += ilen;
+
+cpu_loop_exit(cs);
+}
+
 void HELPER(divuw)(CPUM68KState *env, int destr, uint32_t den)
 {
 uint32_t num = env->dregs[destr];
@@ -1065,18 +1091,7 @@ void HELPER(chk)(CPUM68KState *env, int32_t val, int32_t 
ub)
 env->cc_c = 0 <= ub ? val < 0 || val > ub : val > ub && val < 0;
 
 if (val < 0 || val > ub) {
-CPUState *cs = env_cpu(env);
-
-/* Recover PC and CC_OP for the beginning of the insn.  */
-cpu_restore_state(cs, GETPC(), true);
-
-/* flags have been modified by gen_flush_flags() */
-env->cc_op = CC_OP_FLAGS;
-/* Adjust PC to end of the insn.  */
-env->pc += 2;
-
-cs->exception_index = EXCP_CHK;
-cpu_loop_exit(cs);
+raise_exception_format2(env, EXCP_CHK, 2, GETPC());
 }
 }
 
@@ -1097,17 +1112,6 @@ void HELPER(chk2)(CPUM68KState *env, int32_t val, 
int32_t lb, int32_t ub)
 env->cc_c = lb <= ub ? val < lb || val > ub : val > ub && val < lb;
 
 if (env->cc_c) {
-CPUState *cs = env_cpu(env);
-
-/* Recover PC and CC_OP for the beginning of the insn.  */
-cpu_restore_state(cs, GETPC(), true);
-
-/* flags have been modified by gen_flush_flags() */
-env->cc_op = CC_OP_FLAGS;
-/* Adjust PC to end of the insn.  */
-env->pc += 4;
-
-cs->exception_index = EXCP_CHK;
-cpu_loop_exit(cs);
+raise_exception_format2(env, EXCP_CHK, 4, GETPC());
 }
 }
-- 
2.34.1

[PATCH v6 08/17] target/m68k: Fix address argument for EXCP_TRACE

[Richard Henderson]

According to the M68040 Users Manual, section 8.4.3,
Six word stack frame (format 2), Trace (and others) is
supposed to record the next insn in PC and the address
of the trapping instruction in ADDRESS.

Create gen_raise_exception_format2 to record the trapping
pc in env->mmu.ar.  Update m68k_interrupt_all to pass the
value to do_stack_frame.  Update cpu_loop to handle EXCP_TRACE.

Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 linux-user/m68k/cpu_loop.c |  3 +++
 target/m68k/op_helper.c|  2 +-
 target/m68k/translate.c| 49 +-
 3 files changed, 36 insertions(+), 18 deletions(-)

diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c
index 6598bce3c4..fcf9220552 100644
--- a/linux-user/m68k/cpu_loop.c
+++ b/linux-user/m68k/cpu_loop.c
@@ -52,6 +52,9 @@ void cpu_loop(CPUM68KState *env)
 case EXCP_DIV0:
 force_sig_fault(TARGET_SIGFPE, TARGET_FPE_INTDIV, env->mmu.ar);
 break;
+case EXCP_TRACE:
+force_sig_fault(TARGET_SIGTRAP, TARGET_TRAP_TRACE, env->mmu.ar);
+break;
 case EXCP_TRAP0:
 {
 abi_long ret;
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 729ee0e934..3cb71c9140 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -397,13 +397,13 @@ static void m68k_interrupt_all(CPUM68KState *env, int 
is_hw)
 
 case EXCP_ILLEGAL:
 case EXCP_TRAPCC:
-case EXCP_TRACE:
 /* FIXME: addr is not only env->pc */
 do_stack_frame(env, , 2, oldsr, env->pc, env->pc);
 break;
 
 case EXCP_CHK:
 case EXCP_DIV0:
+case EXCP_TRACE:
 do_stack_frame(env, , 2, oldsr, env->mmu.ar, env->pc);
 break;
 
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index d775345bfa..399d9232e4 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -114,6 +114,7 @@ typedef struct DisasContext {
 DisasContextBase base;
 CPUM68KState *env;
 target_ulong pc;
+target_ulong pc_prev;
 CCOp cc_op; /* Current CC operation */
 int cc_op_synced;
 TCGv_i64 mactmp;
@@ -298,6 +299,21 @@ static void gen_raise_exception(int nr)
 tcg_temp_free_i32(tmp);
 }
 
+static void gen_raise_exception_format2(DisasContext *s, int nr,
+target_ulong this_pc)
+{
+/*
+ * Pass the address of the insn to the exception handler,
+ * for recording in the Format $2 (6-word) stack frame.
+ * Re-use mmu.ar for the purpose, since that's only valid
+ * after tlb_fill.
+ */
+tcg_gen_st_i32(tcg_constant_i32(this_pc), cpu_env,
+   offsetof(CPUM68KState, mmu.ar));
+gen_raise_exception(nr);
+s->base.is_jmp = DISAS_NORETURN;
+}
+
 static void gen_exception(DisasContext *s, uint32_t dest, int nr)
 {
 update_cc_op(s);
@@ -1494,12 +1510,13 @@ static void gen_exit_tb(DisasContext *s)
 } while (0)
 
 /* Generate a jump to an immediate address.  */
-static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
+static void gen_jmp_tb(DisasContext *s, int n, target_ulong dest,
+   target_ulong src)
 {
 if (unlikely(s->ss_active)) {
 update_cc_op(s);
 tcg_gen_movi_i32(QREG_PC, dest);
-gen_raise_exception(EXCP_TRACE);
+gen_raise_exception_format2(s, EXCP_TRACE, src);
 } else if (translator_use_goto_tb(>base, dest)) {
 tcg_gen_goto_tb(n);
 tcg_gen_movi_i32(QREG_PC, dest);
@@ -1548,9 +1565,9 @@ DISAS_INSN(dbcc)
 tcg_gen_addi_i32(tmp, tmp, -1);
 gen_partset_reg(OS_WORD, reg, tmp);
 tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, -1, l1);
-gen_jmp_tb(s, 1, base + offset);
+gen_jmp_tb(s, 1, base + offset, s->base.pc_next);
 gen_set_label(l1);
-gen_jmp_tb(s, 0, s->pc);
+gen_jmp_tb(s, 0, s->pc, s->base.pc_next);
 }
 
 DISAS_INSN(undef_mac)
@@ -3096,13 +3113,13 @@ DISAS_INSN(branch)
 /* Bcc */
 TCGLabel *l1 = gen_new_label();
 gen_jmpcc(s, ((insn >> 8) & 0xf) ^ 1, l1);
-gen_jmp_tb(s, 1, base + offset);
+gen_jmp_tb(s, 1, base + offset, s->base.pc_next);
 gen_set_label(l1);
-gen_jmp_tb(s, 0, s->pc);
+gen_jmp_tb(s, 0, s->pc, s->base.pc_next);
 } else {
 /* Unconditional branch.  */
 update_cc_op(s);
-gen_jmp_tb(s, 0, base + offset);
+gen_jmp_tb(s, 0, base + offset, s->base.pc_next);
 }
 }
 
@@ -5485,9 +5502,9 @@ DISAS_INSN(fbcc)
 l1 = gen_new_label();
 update_cc_op(s);
 gen_fjmpcc(s, insn & 0x3f, l1);
-gen_jmp_tb(s, 0, s->pc);
+gen_jmp_tb(s, 0, s->pc, s->base.pc_next);
 gen_set_label(l1);
-gen_jmp_tb(s, 1, base + offset);
+gen_jmp_tb(s, 1, base + offset, s->base.pc_next);
 }
 
 DISAS_INSN(fscc)
@@ -6158,6 +6175,8 @@ static void m68k_tr_init_disas_context(DisasContextBase 
*dcbase, CPUState *cpu)
 
 dc->env = env;
 dc->pc = dc->base.pc_first;
+/* 

[PATCH v6 09/17] target/m68k: Fix stack frame for EXCP_ILLEGAL

[Richard Henderson]

According to the M68040 Users Manual, section 8.4.1, Four word
stack frame (format 0), includes Illegal Instruction.  Use the
correct frame format, which does not use the ADDR argument.

Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 target/m68k/op_helper.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 3cb71c9140..aa62158eb9 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -391,11 +391,14 @@ static void m68k_interrupt_all(CPUM68KState *env, int 
is_hw)
 }
 break;
 
+case EXCP_ILLEGAL:
+do_stack_frame(env, , 0, oldsr, 0, env->pc);
+break;
+
 case EXCP_ADDRESS:
 do_stack_frame(env, , 2, oldsr, 0, env->pc);
 break;
 
-case EXCP_ILLEGAL:
 case EXCP_TRAPCC:
 /* FIXME: addr is not only env->pc */
 do_stack_frame(env, , 2, oldsr, env->pc, env->pc);
-- 
2.34.1

[PATCH v6 05/17] target/m68k: Remove retaddr in m68k_interrupt_all

[Richard Henderson]

The only value this variable holds is now env->pc.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/m68k/op_helper.c | 15 ++-
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 0f41c2dce3..777869790b 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -287,12 +287,9 @@ static void m68k_interrupt_all(CPUM68KState *env, int 
is_hw)
 {
 CPUState *cs = env_cpu(env);
 uint32_t sp;
-uint32_t retaddr;
 uint32_t vector;
 uint16_t sr, oldsr;
 
-retaddr = env->pc;
-
 if (!is_hw) {
 switch (cs->exception_index) {
 case EXCP_RTE:
@@ -385,7 +382,7 @@ static void m68k_interrupt_all(CPUM68KState *env, int is_hw)
 sp -= 4;
 cpu_stl_mmuidx_ra(env, sp, env->mmu.ar, MMU_KERNEL_IDX, 0);
 
-do_stack_frame(env, , 7, oldsr, 0, retaddr);
+do_stack_frame(env, , 7, oldsr, 0, env->pc);
 env->mmu.fault = false;
 if (qemu_loglevel_mask(CPU_LOG_INT)) {
 qemu_log(""
@@ -395,7 +392,7 @@ static void m68k_interrupt_all(CPUM68KState *env, int is_hw)
 break;
 
 case EXCP_ADDRESS:
-do_stack_frame(env, , 2, oldsr, 0, retaddr);
+do_stack_frame(env, , 2, oldsr, 0, env->pc);
 break;
 
 case EXCP_ILLEGAL:
@@ -404,12 +401,12 @@ static void m68k_interrupt_all(CPUM68KState *env, int 
is_hw)
 case EXCP_TRAPCC:
 case EXCP_TRACE:
 /* FIXME: addr is not only env->pc */
-do_stack_frame(env, , 2, oldsr, env->pc, retaddr);
+do_stack_frame(env, , 2, oldsr, env->pc, env->pc);
 break;
 
 case EXCP_SPURIOUS ... EXCP_INT_LEVEL_7:
 if (is_hw && (oldsr & SR_M)) {
-do_stack_frame(env, , 0, oldsr, 0, retaddr);
+do_stack_frame(env, , 0, oldsr, 0, env->pc);
 oldsr = sr;
 env->aregs[7] = sp;
 cpu_m68k_set_sr(env, sr & ~SR_M);
@@ -417,13 +414,13 @@ static void m68k_interrupt_all(CPUM68KState *env, int 
is_hw)
 if (!m68k_feature(env, M68K_FEATURE_UNALIGNED_DATA)) {
 sp &= ~1;
 }
-do_stack_frame(env, , 1, oldsr, 0, retaddr);
+do_stack_frame(env, , 1, oldsr, 0, env->pc);
 break;
 }
 /* fall through */
 
 default:
-do_stack_frame(env, , 0, oldsr, 0, retaddr);
+do_stack_frame(env, , 0, oldsr, 0, env->pc);
 break;
 }
 
-- 
2.34.1

[PATCH v6 04/17] linux-user/m68k: Handle EXCP_TRAP1 through EXCP_TRAP15

[Richard Henderson]

These are raised by guest instructions, and should not
fall through into the default abort case.

Signed-off-by: Richard Henderson 
---
 linux-user/m68k/cpu_loop.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c
index 56417f7401..12e5d9cd53 100644
--- a/linux-user/m68k/cpu_loop.c
+++ b/linux-user/m68k/cpu_loop.c
@@ -75,7 +75,11 @@ void cpu_loop(CPUM68KState *env)
 case EXCP_INTERRUPT:
 /* just indicate that signals should be handled asap */
 break;
+case EXCP_TRAP0 + 1 ... EXCP_TRAP0 + 14:
+force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLTRP, env->pc);
+break;
 case EXCP_DEBUG:
+case EXCP_TRAP15:
 force_sig_fault(TARGET_SIGTRAP, TARGET_TRAP_BRKPT, env->pc);
 break;
 case EXCP_ATOMIC:
-- 
2.34.1

[PATCH v6 14/17] tests/tcg/m68k: Add trap.c

[Richard Henderson]

Test various trap instructions: chk, div, trap, trapv, trapcc, ftrapcc,
and the signals and addresses that we expect from them.

Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 tests/tcg/m68k/trap.c  | 129 +
 tests/tcg/m68k/Makefile.target |   3 +
 2 files changed, 132 insertions(+)
 create mode 100644 tests/tcg/m68k/trap.c

diff --git a/tests/tcg/m68k/trap.c b/tests/tcg/m68k/trap.c
new file mode 100644
index 00..96cac18d4d
--- /dev/null
+++ b/tests/tcg/m68k/trap.c
@@ -0,0 +1,129 @@
+/*
+ * Test m68k trap addresses.
+ */
+
+#define _GNU_SOURCE 1
+#include 
+#include 
+#include 
+
+static int expect_sig;
+static int expect_si_code;
+static void *expect_si_addr;
+static greg_t expect_mc_pc;
+static volatile int got_signal;
+
+static void sig_handler(int sig, siginfo_t *si, void *puc)
+{
+ucontext_t *uc = puc;
+mcontext_t *mc = >uc_mcontext;
+
+assert(sig == expect_sig);
+assert(si->si_code == expect_si_code);
+assert(si->si_addr == expect_si_addr);
+assert(mc->gregs[R_PC] == expect_mc_pc);
+
+got_signal = 1;
+}
+
+#define FMT_INS [ad] "a"(_si_addr), [pc] "a"(_mc_pc)
+#define FMT0_STR(S) \
+"move.l #1f, (%[ad])\n\tmove.l #1f, (%[pc])\n" S "\n1:\n"
+#define FMT2_STR(S) \
+"move.l #0f, (%[ad])\n\tmove.l #1f, (%[pc])\n" S "\n1:\n"
+
+#define CHECK_SIG   do { assert(got_signal); got_signal = 0; } while (0)
+
+int main(int argc, char **argv)
+{
+struct sigaction act = {
+.sa_sigaction = sig_handler,
+.sa_flags = SA_SIGINFO
+};
+int t0, t1;
+
+sigaction(SIGILL, , NULL);
+sigaction(SIGTRAP, , NULL);
+sigaction(SIGFPE, , NULL);
+
+expect_sig = SIGFPE;
+expect_si_code = FPE_INTOVF;
+asm volatile(FMT2_STR("0:\tchk %0, %1") : : "d"(0), "d"(-1), FMT_INS);
+CHECK_SIG;
+
+#if 0
+/* FIXME: chk2 not correctly translated. */
+int bounds[2] = { 0, 1 };
+asm volatile(FMT2_STR("0:\tchk2.l %0, %1")
+ : : "m"(bounds), "d"(2), FMT_INS);
+CHECK_SIG;
+#endif
+
+asm volatile(FMT2_STR("cmp.l %0, %1\n0:\ttrapv")
+ : : "d"(INT_MIN), "d"(1), FMT_INS);
+CHECK_SIG;
+
+asm volatile(FMT2_STR("cmp.l %0, %0\n0:\ttrapeq")
+ : : "d"(0), FMT_INS);
+CHECK_SIG;
+
+asm volatile(FMT2_STR("cmp.l %0, %0\n0:\ttrapeq.w #0x1234")
+ : : "d"(0), FMT_INS);
+CHECK_SIG;
+
+asm volatile(FMT2_STR("cmp.l %0, %0\n0:\ttrapeq.l #0x12345678")
+ : : "d"(0), FMT_INS);
+CHECK_SIG;
+
+asm volatile(FMT2_STR("fcmp.x %0, %0\n0:\tftrapeq")
+ : : "f"(0.0L), FMT_INS);
+CHECK_SIG;
+
+expect_si_code = FPE_INTDIV;
+
+asm volatile(FMT2_STR("0:\tdivs.w %1, %0")
+ : "=d"(t0) : "d"(0), "0"(1), FMT_INS);
+CHECK_SIG;
+
+asm volatile(FMT2_STR("0:\tdivsl.l %2, %1:%0")
+ : "=d"(t0), "=d"(t1) : "d"(0), "0"(1), FMT_INS);
+CHECK_SIG;
+
+expect_sig = SIGILL;
+expect_si_code = ILL_ILLTRP;
+asm volatile(FMT0_STR("trap #1") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #2") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #3") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #4") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #5") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #6") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #7") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #8") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #9") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #10") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #11") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #12") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #13") : : FMT_INS);
+CHECK_SIG;
+asm volatile(FMT0_STR("trap #14") : : FMT_INS);
+CHECK_SIG;
+
+expect_sig = SIGTRAP;
+expect_si_code = TRAP_BRKPT;
+asm volatile(FMT0_STR("trap #15") : : FMT_INS);
+CHECK_SIG;
+
+return 0;
+}
diff --git a/tests/tcg/m68k/Makefile.target b/tests/tcg/m68k/Makefile.target
index 62f109eef4..1163c7ef03 100644
--- a/tests/tcg/m68k/Makefile.target
+++ b/tests/tcg/m68k/Makefile.target
@@ -3,5 +3,8 @@
 # m68k specific tweaks - specifically masking out broken tests
 #
 
+VPATH += $(SRC_PATH)/tests/tcg/m68k
+TESTS += trap
+
 # On m68k Linux supports 4k and 8k pages (but 8k is currently broken)
 EXTRA_RUNS+=run-test-mmap-4096 # run-test-mmap-8192
-- 
2.34.1

[PATCH v6 07/17] target/m68k: Fix pc, c flag, and address argument for EXCP_DIV0

[Richard Henderson]

According to the M68040 Users Manual, section 8.4.3,
Six word stack frame (format 2), Zero Div (and others)
is supposed to record the next insn in PC and the
address of the trapping instruction in ADDRESS.

While the N, Z and V flags are documented to be undefine on DIV0,
the C flag is documented as always cleared.

Update helper_div* to take the instruction length as an argument
and use raise_exception_format2.  Hoist the reset of the C flag
above the division by zero check.

Update m68k_interrupt_all to pass mmu.ar to do_stack_frame.
Update cpu_loop to pass mmu.ar to siginfo.si_addr, as the
kernel does in trap_c().

Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 target/m68k/helper.h   | 12 +-
 linux-user/m68k/cpu_loop.c |  2 +-
 target/m68k/op_helper.c| 48 +++---
 target/m68k/translate.c| 33 +-
 4 files changed, 52 insertions(+), 43 deletions(-)

diff --git a/target/m68k/helper.h b/target/m68k/helper.h
index 0a6b4146f6..f016c4c1c2 100644
--- a/target/m68k/helper.h
+++ b/target/m68k/helper.h
@@ -1,12 +1,12 @@
 DEF_HELPER_1(bitrev, i32, i32)
 DEF_HELPER_1(ff1, i32, i32)
 DEF_HELPER_FLAGS_2(sats, TCG_CALL_NO_RWG_SE, i32, i32, i32)
-DEF_HELPER_3(divuw, void, env, int, i32)
-DEF_HELPER_3(divsw, void, env, int, s32)
-DEF_HELPER_4(divul, void, env, int, int, i32)
-DEF_HELPER_4(divsl, void, env, int, int, s32)
-DEF_HELPER_4(divull, void, env, int, int, i32)
-DEF_HELPER_4(divsll, void, env, int, int, s32)
+DEF_HELPER_4(divuw, void, env, int, i32, int)
+DEF_HELPER_4(divsw, void, env, int, s32, int)
+DEF_HELPER_5(divul, void, env, int, int, i32, int)
+DEF_HELPER_5(divsl, void, env, int, int, s32, int)
+DEF_HELPER_5(divull, void, env, int, int, i32, int)
+DEF_HELPER_5(divsll, void, env, int, int, s32, int)
 DEF_HELPER_2(set_sr, void, env, i32)
 DEF_HELPER_3(cf_movec_to, void, env, i32, i32)
 DEF_HELPER_3(m68k_movec_to, void, env, i32, i32)
diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c
index e24d17e180..6598bce3c4 100644
--- a/linux-user/m68k/cpu_loop.c
+++ b/linux-user/m68k/cpu_loop.c
@@ -50,7 +50,7 @@ void cpu_loop(CPUM68KState *env)
 force_sig_fault(TARGET_SIGFPE, TARGET_FPE_INTOVF, env->mmu.ar);
 break;
 case EXCP_DIV0:
-force_sig_fault(TARGET_SIGFPE, TARGET_FPE_INTDIV, env->pc);
+force_sig_fault(TARGET_SIGFPE, TARGET_FPE_INTDIV, env->mmu.ar);
 break;
 case EXCP_TRAP0:
 {
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 750d65576f..729ee0e934 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -396,7 +396,6 @@ static void m68k_interrupt_all(CPUM68KState *env, int is_hw)
 break;
 
 case EXCP_ILLEGAL:
-case EXCP_DIV0:
 case EXCP_TRAPCC:
 case EXCP_TRACE:
 /* FIXME: addr is not only env->pc */
@@ -404,6 +403,7 @@ static void m68k_interrupt_all(CPUM68KState *env, int is_hw)
 break;
 
 case EXCP_CHK:
+case EXCP_DIV0:
 do_stack_frame(env, , 2, oldsr, env->mmu.ar, env->pc);
 break;
 
@@ -574,18 +574,19 @@ raise_exception_format2(CPUM68KState *env, int tt, int 
ilen, uintptr_t raddr)
 cpu_loop_exit(cs);
 }
 
-void HELPER(divuw)(CPUM68KState *env, int destr, uint32_t den)
+void HELPER(divuw)(CPUM68KState *env, int destr, uint32_t den, int ilen)
 {
 uint32_t num = env->dregs[destr];
 uint32_t quot, rem;
 
+env->cc_c = 0; /* always cleared, even if div0 */
+
 if (den == 0) {
-raise_exception_ra(env, EXCP_DIV0, GETPC());
+raise_exception_format2(env, EXCP_DIV0, ilen, GETPC());
 }
 quot = num / den;
 rem = num % den;
 
-env->cc_c = 0; /* always cleared, even if overflow */
 if (quot > 0x) {
 env->cc_v = -1;
 /*
@@ -601,18 +602,19 @@ void HELPER(divuw)(CPUM68KState *env, int destr, uint32_t 
den)
 env->cc_v = 0;
 }
 
-void HELPER(divsw)(CPUM68KState *env, int destr, int32_t den)
+void HELPER(divsw)(CPUM68KState *env, int destr, int32_t den, int ilen)
 {
 int32_t num = env->dregs[destr];
 uint32_t quot, rem;
 
+env->cc_c = 0; /* always cleared, even if overflow/div0 */
+
 if (den == 0) {
-raise_exception_ra(env, EXCP_DIV0, GETPC());
+raise_exception_format2(env, EXCP_DIV0, ilen, GETPC());
 }
 quot = num / den;
 rem = num % den;
 
-env->cc_c = 0; /* always cleared, even if overflow */
 if (quot != (int16_t)quot) {
 env->cc_v = -1;
 /* nothing else is modified */
@@ -629,18 +631,20 @@ void HELPER(divsw)(CPUM68KState *env, int destr, int32_t 
den)
 env->cc_v = 0;
 }
 
-void HELPER(divul)(CPUM68KState *env, int numr, int regr, uint32_t den)
+void HELPER(divul)(CPUM68KState *env, int numr, int regr,
+   uint32_t den, int ilen)
 {
 uint32_t num = env->dregs[numr];
 uint32_t quot, rem;
 
+env->cc_c = 0; /* always cleared, even if div0 */
+
 if (den 

[PATCH v6 03/17] target/m68k: Fix coding style in m68k_interrupt_all

[Richard Henderson]

Add parenthesis around & vs &&.

Remove assignment to sr in function call argument -- note that
sr is unused after the call, so the assignment was never needed,
only the result of the & expression.

Suggested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 target/m68k/op_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 2b94a6ec84..0f41c2dce3 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -408,11 +408,11 @@ static void m68k_interrupt_all(CPUM68KState *env, int 
is_hw)
 break;
 
 case EXCP_SPURIOUS ... EXCP_INT_LEVEL_7:
-if (is_hw && oldsr & SR_M) {
+if (is_hw && (oldsr & SR_M)) {
 do_stack_frame(env, , 0, oldsr, 0, retaddr);
 oldsr = sr;
 env->aregs[7] = sp;
-cpu_m68k_set_sr(env, sr &= ~SR_M);
+cpu_m68k_set_sr(env, sr & ~SR_M);
 sp = env->aregs[7];
 if (!m68k_feature(env, M68K_FEATURE_UNALIGNED_DATA)) {
 sp &= ~1;
-- 
2.34.1

[PATCH v6 02/17] target/m68k: Switch over exception type in m68k_interrupt_all

[Richard Henderson]

Replace an if ladder with a switch for clarity.

Reviewed-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 target/m68k/op_helper.c | 49 +
 1 file changed, 30 insertions(+), 19 deletions(-)

diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index d30f988ae0..2b94a6ec84 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -333,7 +333,8 @@ static void m68k_interrupt_all(CPUM68KState *env, int is_hw)
 sp &= ~1;
 }
 
-if (cs->exception_index == EXCP_ACCESS) {
+switch (cs->exception_index) {
+case EXCP_ACCESS:
 if (env->mmu.fault) {
 cpu_abort(cs, "DOUBLE MMU FAULT\n");
 }
@@ -391,29 +392,39 @@ static void m68k_interrupt_all(CPUM68KState *env, int 
is_hw)
  "ssw:  %08x ea:   %08x sfc:  %ddfc: %d\n",
  env->mmu.ssw, env->mmu.ar, env->sfc, env->dfc);
 }
-} else if (cs->exception_index == EXCP_ADDRESS) {
+break;
+
+case EXCP_ADDRESS:
 do_stack_frame(env, , 2, oldsr, 0, retaddr);
-} else if (cs->exception_index == EXCP_ILLEGAL ||
-   cs->exception_index == EXCP_DIV0 ||
-   cs->exception_index == EXCP_CHK ||
-   cs->exception_index == EXCP_TRAPCC ||
-   cs->exception_index == EXCP_TRACE) {
+break;
+
+case EXCP_ILLEGAL:
+case EXCP_DIV0:
+case EXCP_CHK:
+case EXCP_TRAPCC:
+case EXCP_TRACE:
 /* FIXME: addr is not only env->pc */
 do_stack_frame(env, , 2, oldsr, env->pc, retaddr);
-} else if (is_hw && oldsr & SR_M &&
-   cs->exception_index >= EXCP_SPURIOUS &&
-   cs->exception_index <= EXCP_INT_LEVEL_7) {
-do_stack_frame(env, , 0, oldsr, 0, retaddr);
-oldsr = sr;
-env->aregs[7] = sp;
-cpu_m68k_set_sr(env, sr &= ~SR_M);
-sp = env->aregs[7];
-if (!m68k_feature(env, M68K_FEATURE_UNALIGNED_DATA)) {
-sp &= ~1;
+break;
+
+case EXCP_SPURIOUS ... EXCP_INT_LEVEL_7:
+if (is_hw && oldsr & SR_M) {
+do_stack_frame(env, , 0, oldsr, 0, retaddr);
+oldsr = sr;
+env->aregs[7] = sp;
+cpu_m68k_set_sr(env, sr &= ~SR_M);
+sp = env->aregs[7];
+if (!m68k_feature(env, M68K_FEATURE_UNALIGNED_DATA)) {
+sp &= ~1;
+}
+do_stack_frame(env, , 1, oldsr, 0, retaddr);
+break;
 }
-do_stack_frame(env, , 1, oldsr, 0, retaddr);
-} else {
+/* fall through */
+
+default:
 do_stack_frame(env, , 0, oldsr, 0, retaddr);
+break;
 }
 
 env->aregs[7] = sp;
-- 
2.34.1

[PATCH v6 17/17] target/m68k: Mark helper_raise_exception as noreturn

[Richard Henderson]

Also mark raise_exception_ra and raise_exception, lest we
generate a warning about helper_raise_exception returning.

Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 target/m68k/helper.h| 2 +-
 target/m68k/op_helper.c | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/target/m68k/helper.h b/target/m68k/helper.h
index f016c4c1c2..c9bed2b884 100644
--- a/target/m68k/helper.h
+++ b/target/m68k/helper.h
@@ -109,7 +109,7 @@ DEF_HELPER_3(set_mac_extu, void, env, i32, i32)
 DEF_HELPER_2(flush_flags, void, env, i32)
 DEF_HELPER_2(set_ccr, void, env, i32)
 DEF_HELPER_FLAGS_1(get_ccr, TCG_CALL_NO_WG_SE, i32, env)
-DEF_HELPER_2(raise_exception, void, env, i32)
+DEF_HELPER_2(raise_exception, noreturn, env, i32)
 
 DEF_HELPER_FLAGS_3(bfffo_reg, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
 
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 61948d92bb..d9937ca8dc 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -532,7 +532,8 @@ bool m68k_cpu_exec_interrupt(CPUState *cs, int 
interrupt_request)
 
 #endif /* !CONFIG_USER_ONLY */
 
-static void raise_exception_ra(CPUM68KState *env, int tt, uintptr_t raddr)
+G_NORETURN static void
+raise_exception_ra(CPUM68KState *env, int tt, uintptr_t raddr)
 {
 CPUState *cs = env_cpu(env);
 
@@ -540,7 +541,7 @@ static void raise_exception_ra(CPUM68KState *env, int tt, 
uintptr_t raddr)
 cpu_loop_exit_restore(cs, raddr);
 }
 
-static void raise_exception(CPUM68KState *env, int tt)
+G_NORETURN static void raise_exception(CPUM68KState *env, int tt)
 {
 raise_exception_ra(env, tt, 0);
 }
-- 
2.34.1

[PATCH v6 01/17] target/m68k: Raise the TRAPn exception with the correct pc

[Richard Henderson]

Rather than adjust the PC in all of the consumers, raise
the exception with the correct PC in the first place.

Reviewed-by: Laurent Vivier 
Signed-off-by: Richard Henderson 
---
 linux-user/m68k/cpu_loop.c | 1 -
 target/m68k/op_helper.c| 9 -
 target/m68k/translate.c| 2 +-
 3 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c
index d1bf8548b7..56417f7401 100644
--- a/linux-user/m68k/cpu_loop.c
+++ b/linux-user/m68k/cpu_loop.c
@@ -56,7 +56,6 @@ void cpu_loop(CPUM68KState *env)
 {
 abi_long ret;
 n = env->dregs[0];
-env->pc += 2;
 ret = do_syscall(env,
  n,
  env->dregs[1],
diff --git a/target/m68k/op_helper.c b/target/m68k/op_helper.c
index 8decc61240..d30f988ae0 100644
--- a/target/m68k/op_helper.c
+++ b/target/m68k/op_helper.c
@@ -217,11 +217,6 @@ static void cf_interrupt_all(CPUM68KState *env, int is_hw)
 cpu_loop_exit(cs);
 return;
 }
-if (cs->exception_index >= EXCP_TRAP0
-&& cs->exception_index <= EXCP_TRAP15) {
-/* Move the PC after the trap instruction.  */
-retaddr += 2;
-}
 }
 
 vector = cs->exception_index << 2;
@@ -304,10 +299,6 @@ static void m68k_interrupt_all(CPUM68KState *env, int 
is_hw)
 /* Return from an exception.  */
 m68k_rte(env);
 return;
-case EXCP_TRAP0 ...  EXCP_TRAP15:
-/* Move the PC after the trap instruction.  */
-retaddr += 2;
-break;
 }
 }
 
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 4026572ed8..6d6d026e3c 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -4860,7 +4860,7 @@ DISAS_INSN(wdebug)
 
 DISAS_INSN(trap)
 {
-gen_exception(s, s->base.pc_next, EXCP_TRAP0 + (insn & 0xf));
+gen_exception(s, s->pc, EXCP_TRAP0 + (insn & 0xf));
 }
 
 static void gen_load_fcr(DisasContext *s, TCGv res, int reg)
-- 
2.34.1

[PATCH v6 00/17] target/m68k: Conditional traps + trap cleanup

[Richard Henderson]

Changes for v6:
  * Use exact masks for registering trapcc and ftrapcc.
These insn overlap illegal scc and fscc operands,
so we need to be exact about the registration.


r~


Richard Henderson (17):
  target/m68k: Raise the TRAPn exception with the correct pc
  target/m68k: Switch over exception type in m68k_interrupt_all
  target/m68k: Fix coding style in m68k_interrupt_all
  linux-user/m68k: Handle EXCP_TRAP1 through EXCP_TRAP15
  target/m68k: Remove retaddr in m68k_interrupt_all
  target/m68k: Fix address argument for EXCP_CHK
  target/m68k: Fix pc, c flag, and address argument for EXCP_DIV0
  target/m68k: Fix address argument for EXCP_TRACE
  target/m68k: Fix stack frame for EXCP_ILLEGAL
  target/m68k: Implement TRAPcc
  target/m68k: Implement TPF in terms of TRAPcc
  target/m68k: Implement TRAPV
  target/m68k: Implement FTRAPcc
  tests/tcg/m68k: Add trap.c
  linux-user/strace: Use is_error in print_syscall_err
  linux-user/strace: Adjust get_thread_area for m68k
  target/m68k: Mark helper_raise_exception as noreturn

 target/m68k/cpu.h  |   8 ++
 target/m68k/helper.h   |  14 +--
 linux-user/m68k/cpu_loop.c |  13 ++-
 linux-user/strace.c|   2 +-
 target/m68k/cpu.c  |   1 +
 target/m68k/op_helper.c| 173 +++--
 target/m68k/translate.c| 191 -
 tests/tcg/m68k/trap.c  | 129 ++
 linux-user/strace.list |   5 +
 tests/tcg/m68k/Makefile.target |   3 +
 10 files changed, 396 insertions(+), 143 deletions(-)
 create mode 100644 tests/tcg/m68k/trap.c

-- 
2.34.1

Re: [PATCH v2 3/3] target/riscv: Deprecate capitalized property names

[Alistair Francis]

On Wed, May 25, 2022 at 7:55 PM Tsukasa OI  wrote:
>
> This commit adds a deprecation note of capitalized property names of
> RISC-V CPU to documentation.
>
> Signed-off-by: Tsukasa OI 



> ---
>  docs/about/deprecated.rst | 10 ++
>  1 file changed, 10 insertions(+)
>
> diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
> index a92ae0f162..cfc9adcd4b 100644
> --- a/docs/about/deprecated.rst
> +++ b/docs/about/deprecated.rst
> @@ -300,6 +300,16 @@ Options are:
>  Device options
>  --
>
> +CPU options
> +'''
> +
> +Capitalized property names on RISC-V ``-cpu`` (since 7.1)
> +^

This should probably just be added under `linux-user mode CPUs` and
`System emulator CPUS` to avoid adding new sections

Alistair

> +
> +Using capitalized RISC-V CPU property names like ``-cpu rv64,Counters=on`` is
> +deprecated.  Use lowercase names instead (e.g. ``-cpu rv64,counters=on``).
> +
> +
>  Emulated device options
>  '''
>
> --
> 2.34.1
>

Re: [PATCH] loader: support loading large files (>=2GB)

[Alistair Francis]

On Tue, May 31, 2022 at 12:59 AM Philippe Mathieu-Daudé via
 wrote:
>
> Hi Peter,
>
> On 28/4/22 01:07, Peter Collingbourne wrote:
> > Currently the loader uses int as the return type for various APIs
> > that deal with file sizes, which leads to an error if the file
> > size is >=2GB, as it ends up being interpreted as a negative error
> > code. Furthermore, we do not tolerate short reads, which are possible
> > at least on Linux when attempting to read such large files in one
> > syscall.
> >
> > Fix the first problem by switching to 64-bit types for file sizes,
> > and fix the second by introducing a loop around the read syscall.
>
> Hmm maybe worth rebasing on this patch from Jamie which also
> fixes the format on 32-bit hosts:
> https://lore.kernel.org/qemu-devel/2021141141.3295094-2-ja...@nuviainc.com/
>
> (Personally I prefer to read ssize_t while reviewing instead
> of int64_t).

I agree with ssize_t as well, I have applied the patch from Jamie
which had fallen through the cracks.

If you can rebase this on top of the RISC-V queue and re-send it I'll
apply the other changes

Alistair

>
> While here, please have a look at this other patch from Jamie:
> https://lore.kernel.org/qemu-devel/2021141141.3295094-3-ja...@nuviainc.com/
>
> Also, Cc'ing the maintainer:
>
> $ ./scripts/get_maintainer.pl -f hw/core/generic-loader.c
> Alistair Francis  (maintainer:Generic Loader)
>
> > Signed-off-by: Peter Collingbourne 
> > ---
> >   hw/core/generic-loader.c |  2 +-
> >   hw/core/loader.c | 44 
> >   include/hw/loader.h  | 13 ++--
> >   3 files changed, 34 insertions(+), 25 deletions(-)
> >
> > diff --git a/hw/core/generic-loader.c b/hw/core/generic-loader.c
> > index c666545aa0..0891fa73c3 100644
> > --- a/hw/core/generic-loader.c
> > +++ b/hw/core/generic-loader.c
> > @@ -67,7 +67,7 @@ static void generic_loader_realize(DeviceState *dev, 
> > Error **errp)
> >   GenericLoaderState *s = GENERIC_LOADER(dev);
> >   hwaddr entry;
> >   int big_endian;
> > -int size = 0;
> > +int64_t size = 0;
> >
> >   s->set_pc = false;
> >
> > diff --git a/hw/core/loader.c b/hw/core/loader.c
> > index ca2f2431fb..d07c79c400 100644
> > --- a/hw/core/loader.c
> > +++ b/hw/core/loader.c
> > @@ -115,17 +115,17 @@ ssize_t read_targphys(const char *name,
> >   return did;
> >   }
> >
> > -int load_image_targphys(const char *filename,
> > -hwaddr addr, uint64_t max_sz)
> > +int64_t load_image_targphys(const char *filename,
> > +hwaddr addr, uint64_t max_sz)
> >   {
> >   return load_image_targphys_as(filename, addr, max_sz, NULL);
> >   }
> >
> >   /* return the size or -1 if error */
> > -int load_image_targphys_as(const char *filename,
> > -   hwaddr addr, uint64_t max_sz, AddressSpace *as)
> > +int64_t load_image_targphys_as(const char *filename,
> > +   hwaddr addr, uint64_t max_sz, AddressSpace 
> > *as)
> >   {
> > -int size;
> > +int64_t size;
> >
> >   size = get_image_size(filename);
> >   if (size < 0 || size > max_sz) {
> > @@ -139,9 +139,9 @@ int load_image_targphys_as(const char *filename,
> >   return size;
> >   }
> >
> > -int load_image_mr(const char *filename, MemoryRegion *mr)
> > +int64_t load_image_mr(const char *filename, MemoryRegion *mr)
> >   {
> > -int size;
> > +int64_t size;
> >
> >   if (!memory_access_is_direct(mr, false)) {
> >   /* Can only load an image into RAM or ROM */
> > @@ -963,7 +963,8 @@ int rom_add_file(const char *file, const char *fw_dir,
> >   {
> >   MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
> >   Rom *rom;
> > -int rc, fd = -1;
> > +int fd = -1;
> > +size_t bytes_read = 0;
> >   char devpath[100];
> >
> >   if (as && mr) {
> > @@ -1003,11 +1004,17 @@ int rom_add_file(const char *file, const char 
> > *fw_dir,
> >   rom->datasize = rom->romsize;
> >   rom->data = g_malloc0(rom->datasize);
> >   lseek(fd, 0, SEEK_SET);
> > -rc = read(fd, rom->data, rom->datasize);
> > -if (rc != rom->datasize) {
> > -fprintf(stderr, "rom: file %-20s: read error: rc=%d (expected 
> > %zd)\n",
> > -rom->name, rc, rom->datasize);
> > -goto err;
> > +while (bytes_read < rom->datasize) {
> > +ssize_t rc =
> > +read(fd, rom->data + bytes_read, rom->datasize - bytes_read);
> > +if (rc <= 0) {
> > +fprintf(stderr,
> > +"rom: file %-20s: read error: rc=%zd at position %zd "
> > +"(expected size %zd)\n",
> > +rom->name, rc, bytes_read, rom->datasize);
> > +goto err;
> > +}
> > +bytes_read += rc;
> >   }
> >   close(fd);
> >   rom_insert(rom);
> > @@ -1671,7 +1678,7 @@ typedef struct {
> >   HexLine line;
> >   uint8_t *bin_buf;
> 

Re: [PATCH v2 2/3] target/riscv: Make CPU property names lowercase

[Alistair Francis]

On Thu, May 26, 2022 at 1:27 AM Tsukasa OI  wrote:
>
> On 2022/05/25 21:10, Víctor Colombo wrote:
> > On 25/05/2022 06:54, Tsukasa OI wrote:
> >> Many CPU properties for RISC-V are in lowercase except those with
> >> "capitalized" (or CamelCase) names:
> >>
> >> -   Counters
> >> -   Zifencei
> >> -   Zicsr
> >> -   Zfh
> >> -   Zfhmin
> >> -   Zve32f
> >> -   Zve64f
> >>
> >> This commit makes lowercase names primary but keeps capitalized names
> >> as aliases (for backward comatibility, but with deprecated status).
> >
> > 'compatibility'
>
> I think I somehow pressed a backspace while finalizing.
> I submitted v2.1 (PATCH 2/3 only) and that should be fine.
>
> https://lists.gnu.org/archive/html/qemu-riscv/2022-05/msg00417.html

Do you mind re-sending the series, it's difficult to keep track of
single patch increments like this

>
> Thanks!
> Tsukasa
>
> >
> >>
> >> Signed-off-by: Tsukasa OI 
> >
> > Tested-by: Víctor Colombo 

Reviewed-by: Alistair Francis 

Alistair

> >
> >> ---
> >>   target/riscv/cpu.c | 27 ---
> >>   1 file changed, 20 insertions(+), 7 deletions(-)
> >>
> >> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> >> index 3f21563f2d..83262586e4 100644
> >> --- a/target/riscv/cpu.c
> >> +++ b/target/riscv/cpu.c
> >> @@ -840,6 +840,10 @@ static void riscv_cpu_init(Object *obj)
> >>   }
> >>
> >>   static Property riscv_cpu_properties[] = {
> >> +/*
> >> + * Names for ISA extensions and features should be in lowercase.
> >> + */
> >> +
> >>   /* Base ISA and single-letter standard extensions */
> >>   DEFINE_PROP_BOOL("i", RISCVCPU, cfg.ext_i, true),
> >>   DEFINE_PROP_BOOL("e", RISCVCPU, cfg.ext_e, false),
> >> @@ -855,11 +859,11 @@ static Property riscv_cpu_properties[] = {
> >>   DEFINE_PROP_BOOL("h", RISCVCPU, cfg.ext_h, true),
> >>
> >>   /* Standard unprivileged extensions */
> >> -DEFINE_PROP_BOOL("Zicsr", RISCVCPU, cfg.ext_icsr, true),
> >> -DEFINE_PROP_BOOL("Zifencei", RISCVCPU, cfg.ext_ifencei, true),
> >> +DEFINE_PROP_BOOL("zicsr", RISCVCPU, cfg.ext_icsr, true),
> >> +DEFINE_PROP_BOOL("zifencei", RISCVCPU, cfg.ext_ifencei, true),
> >>
> >> -DEFINE_PROP_BOOL("Zfh", RISCVCPU, cfg.ext_zfh, false),
> >> -DEFINE_PROP_BOOL("Zfhmin", RISCVCPU, cfg.ext_zfhmin, false),
> >> +DEFINE_PROP_BOOL("zfh", RISCVCPU, cfg.ext_zfh, false),
> >> +DEFINE_PROP_BOOL("zfhmin", RISCVCPU, cfg.ext_zfhmin, false),
> >>   DEFINE_PROP_BOOL("zfinx", RISCVCPU, cfg.ext_zfinx, false),
> >>   DEFINE_PROP_BOOL("zdinx", RISCVCPU, cfg.ext_zdinx, false),
> >>   DEFINE_PROP_BOOL("zhinx", RISCVCPU, cfg.ext_zhinx, false),
> >> @@ -884,8 +888,8 @@ static Property riscv_cpu_properties[] = {
> >>   DEFINE_PROP_BOOL("zksh", RISCVCPU, cfg.ext_zksh, false),
> >>   DEFINE_PROP_BOOL("zkt", RISCVCPU, cfg.ext_zkt, false),
> >>
> >> -DEFINE_PROP_BOOL("Zve32f", RISCVCPU, cfg.ext_zve32f, false),
> >> -DEFINE_PROP_BOOL("Zve64f", RISCVCPU, cfg.ext_zve64f, false),
> >> +DEFINE_PROP_BOOL("zve32f", RISCVCPU, cfg.ext_zve32f, false),
> >> +DEFINE_PROP_BOOL("zve64f", RISCVCPU, cfg.ext_zve64f, false),
> >>
> >>   /* Standard supervisor-level extensions */
> >>   DEFINE_PROP_BOOL("svinval", RISCVCPU, cfg.ext_svinval, false),
> >> @@ -893,7 +897,7 @@ static Property riscv_cpu_properties[] = {
> >>   DEFINE_PROP_BOOL("svpbmt", RISCVCPU, cfg.ext_svpbmt, false),
> >>
> >>   /* Base features */
> >> -DEFINE_PROP_BOOL("Counters", RISCVCPU, cfg.ext_counters, true),
> >> +DEFINE_PROP_BOOL("counters", RISCVCPU, cfg.ext_counters, true),
> >>   DEFINE_PROP_BOOL("mmu", RISCVCPU, cfg.mmu, true),
> >>   DEFINE_PROP_BOOL("pmp", RISCVCPU, cfg.pmp, true),
> >>   DEFINE_PROP_BOOL("debug", RISCVCPU, cfg.debug, true),
> >> @@ -922,6 +926,15 @@ static Property riscv_cpu_properties[] = {
> >>   /* Other options */
> >>   DEFINE_PROP_BOOL("short-isa-string", RISCVCPU,
> >> cfg.short_isa_string, false),
> >>
> >> +/* Capitalized aliases (deprecated and will be removed) */
> >> +DEFINE_PROP("Counters", RISCVCPU, cfg.ext_counters,
> >> qdev_prop_bool, bool),
> >> +DEFINE_PROP("Zifencei", RISCVCPU, cfg.ext_ifencei,
> >> qdev_prop_bool, bool),
> >> +DEFINE_PROP("Zicsr", RISCVCPU, cfg.ext_icsr, qdev_prop_bool, bool),
> >> +DEFINE_PROP("Zfh", RISCVCPU, cfg.ext_zfh, qdev_prop_bool, bool),
> >> +DEFINE_PROP("Zfhmin", RISCVCPU, cfg.ext_zfhmin, qdev_prop_bool,
> >> bool),
> >> +DEFINE_PROP("Zve32f", RISCVCPU, cfg.ext_zve32f, qdev_prop_bool,
> >> bool),
> >> +DEFINE_PROP("Zve64f", RISCVCPU, cfg.ext_zve64f, qdev_prop_bool,
> >> bool),
> >> +
> >>   DEFINE_PROP_END_OF_LIST(),
> >>   };
> >>
> >> --
> >> 2.34.1
> >>
> >>
> >
> > Best regards,
> >
>

[PATCH] tcg/aarch64: Fix illegal insn from out-of-range shli

[Richard Henderson]

The masking in tcg_out_shl was incorrect, producing an
illegal instruction, rather than merely unspecified results
for the out-of-range shift.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1051
Signed-off-by: Richard Henderson 
---
 tcg/aarch64/tcg-target.c.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tcg/aarch64/tcg-target.c.inc b/tcg/aarch64/tcg-target.c.inc
index 61e284bb5c..d997f7922a 100644
--- a/tcg/aarch64/tcg-target.c.inc
+++ b/tcg/aarch64/tcg-target.c.inc
@@ -1261,7 +1261,7 @@ static inline void tcg_out_shl(TCGContext *s, TCGType ext,
 {
 int bits = ext ? 64 : 32;
 int max = bits - 1;
-tcg_out_ubfm(s, ext, rd, rn, bits - (m & max), max - (m & max));
+tcg_out_ubfm(s, ext, rd, rn, (bits - m) & max, (max - m) & max);
 }
 
 static inline void tcg_out_shr(TCGContext *s, TCGType ext,
-- 
2.34.1

Re: [PATCH 1/2] hw/core/loader: return image sizes as ssize_t

[Alistair Francis]

On Fri, Nov 12, 2021 at 12:12 AM Jamie Iles  wrote:
>
> Various loader functions return an int which limits images to 2GB which
> is fine for things like a BIOS/kernel image, but if we want to be able
> to load memory images or large ramdisks then any file over 2GB would
> silently fail to load.
>
> Cc: Luc Michel 
> Signed-off-by: Jamie Iles 

Thanks!

Applied to riscv-to-apply.next

Alistair

> ---
>  hw/arm/armv7m.c  |  2 +-
>  hw/arm/boot.c|  8 ++--
>  hw/core/generic-loader.c |  2 +-
>  hw/core/loader.c | 81 +---
>  hw/i386/x86.c|  2 +-
>  hw/riscv/boot.c  |  5 ++-
>  include/hw/loader.h  | 55 +--
>  7 files changed, 80 insertions(+), 75 deletions(-)
>
> diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
> index 8d08db80be83..a6393dce7276 100644
> --- a/hw/arm/armv7m.c
> +++ b/hw/arm/armv7m.c
> @@ -552,7 +552,7 @@ static void armv7m_reset(void *opaque)
>
>  void armv7m_load_kernel(ARMCPU *cpu, const char *kernel_filename, int 
> mem_size)
>  {
> -int image_size;
> +ssize_t image_size;
>  uint64_t entry;
>  int big_endian;
>  AddressSpace *as;
> diff --git a/hw/arm/boot.c b/hw/arm/boot.c
> index 74ad397b1ff9..3853203438ba 100644
> --- a/hw/arm/boot.c
> +++ b/hw/arm/boot.c
> @@ -876,7 +876,7 @@ static int do_arm_linux_init(Object *obj, void *opaque)
>  return 0;
>  }
>
> -static int64_t arm_load_elf(struct arm_boot_info *info, uint64_t *pentry,
> +static ssize_t arm_load_elf(struct arm_boot_info *info, uint64_t *pentry,
>  uint64_t *lowaddr, uint64_t *highaddr,
>  int elf_machine, AddressSpace *as)
>  {
> @@ -887,7 +887,7 @@ static int64_t arm_load_elf(struct arm_boot_info *info, 
> uint64_t *pentry,
>  } elf_header;
>  int data_swab = 0;
>  bool big_endian;
> -int64_t ret = -1;
> +ssize_t ret = -1;
>  Error *err = NULL;
>
>
> @@ -1009,7 +1009,7 @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
>  /* Set up for a direct boot of a kernel image file. */
>  CPUState *cs;
>  AddressSpace *as = arm_boot_address_space(cpu, info);
> -int kernel_size;
> +ssize_t kernel_size;
>  int initrd_size;
>  int is_linux = 0;
>  uint64_t elf_entry;
> @@ -1098,7 +1098,7 @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
>
>  if (kernel_size > info->ram_size) {
>  error_report("kernel '%s' is too large to fit in RAM "
> - "(kernel size %d, RAM size %" PRId64 ")",
> + "(kernel size %zd, RAM size %" PRId64 ")",
>   info->kernel_filename, kernel_size, info->ram_size);
>  exit(1);
>  }
> diff --git a/hw/core/generic-loader.c b/hw/core/generic-loader.c
> index d14f932eea2e..bc1451da8f55 100644
> --- a/hw/core/generic-loader.c
> +++ b/hw/core/generic-loader.c
> @@ -66,7 +66,7 @@ static void generic_loader_realize(DeviceState *dev, Error 
> **errp)
>  GenericLoaderState *s = GENERIC_LOADER(dev);
>  hwaddr entry;
>  int big_endian;
> -int size = 0;
> +ssize_t size = 0;
>
>  s->set_pc = false;
>
> diff --git a/hw/core/loader.c b/hw/core/loader.c
> index 052a0fd7198b..348bbf535bd9 100644
> --- a/hw/core/loader.c
> +++ b/hw/core/loader.c
> @@ -115,17 +115,17 @@ ssize_t read_targphys(const char *name,
>  return did;
>  }
>
> -int load_image_targphys(const char *filename,
> -hwaddr addr, uint64_t max_sz)
> +ssize_t load_image_targphys(const char *filename,
> +hwaddr addr, uint64_t max_sz)
>  {
>  return load_image_targphys_as(filename, addr, max_sz, NULL);
>  }
>
>  /* return the size or -1 if error */
> -int load_image_targphys_as(const char *filename,
> -   hwaddr addr, uint64_t max_sz, AddressSpace *as)
> +ssize_t load_image_targphys_as(const char *filename,
> +   hwaddr addr, uint64_t max_sz, AddressSpace 
> *as)
>  {
> -int size;
> +ssize_t size;
>
>  size = get_image_size(filename);
>  if (size < 0 || size > max_sz) {
> @@ -139,9 +139,9 @@ int load_image_targphys_as(const char *filename,
>  return size;
>  }
>
> -int load_image_mr(const char *filename, MemoryRegion *mr)
> +ssize_t load_image_mr(const char *filename, MemoryRegion *mr)
>  {
> -int size;
> +ssize_t size;
>
>  if (!memory_access_is_direct(mr, false)) {
>  /* Can only load an image into RAM or ROM */
> @@ -223,8 +223,8 @@ static void bswap_ahdr(struct exec *e)
>   : (_N_SEGMENT_ROUND (_N_TXTENDADDR(x, target_page_size), 
> target_page_size)))
>
>
> -int load_aout(const char *filename, hwaddr addr, int max_sz,
> -  int bswap_needed, hwaddr target_page_size)
> +ssize_t load_aout(const char *filename, hwaddr addr, int max_sz,
> +  int bswap_needed, hwaddr target_page_size)
>  {
>  int fd;
>  ssize_t size, ret;
> @@ -618,13 

Re: [PATCH] hw/intc: sifive_plic: Avoid overflowing the addr_config buffer

[Alistair Francis]

On Wed, Jun 1, 2022 at 11:36 AM Alistair Francis
 wrote:
>
> From: Alistair Francis 
>
> Since commit ad40be27 "target/riscv: Support start kernel directly by
> KVM" we have been overflowing the addr_config on "M,MS..."
> configurations, as reported 
> https://gitlab.com/qemu-project/qemu/-/issues/1050.
>
> This commit changes the loop in sifive_plic_create() from iterating over
> the number of harts to just iterating over the addr_config. The
> addr_config is based on the hart_config, and will contain interrup details
> for all harts. This way we can't iterate past the end of addr_config.
>
> Fixes: ad40be27084536 ("target/riscv: Support start kernel directly by KVM")
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1050
> Signed-off-by: Alistair Francis 

Thanks!

Applied to riscv-to-apply.next

Alistair

> ---
>  hw/intc/sifive_plic.c | 19 +--
>  1 file changed, 9 insertions(+), 10 deletions(-)
>
> diff --git a/hw/intc/sifive_plic.c b/hw/intc/sifive_plic.c
> index eebbcf33d4..56d60e9ac9 100644
> --- a/hw/intc/sifive_plic.c
> +++ b/hw/intc/sifive_plic.c
> @@ -431,7 +431,7 @@ DeviceState *sifive_plic_create(hwaddr addr, char 
> *hart_config,
>  uint32_t context_stride, uint32_t aperture_size)
>  {
>  DeviceState *dev = qdev_new(TYPE_SIFIVE_PLIC);
> -int i, j = 0;
> +int i;
>  SiFivePLICState *plic;
>
>  assert(enable_stride == (enable_stride & -enable_stride));
> @@ -451,18 +451,17 @@ DeviceState *sifive_plic_create(hwaddr addr, char 
> *hart_config,
>  sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, addr);
>
>  plic = SIFIVE_PLIC(dev);
> -for (i = 0; i < num_harts; i++) {
> -CPUState *cpu = qemu_get_cpu(hartid_base + i);
>
> -if (plic->addr_config[j].mode == PLICMode_M) {
> -j++;
> -qdev_connect_gpio_out(dev, num_harts + i,
> +for (i = 0; i < plic->num_addrs; i++) {
> +int cpu_num = plic->addr_config[i].hartid;
> +CPUState *cpu = qemu_get_cpu(hartid_base + cpu_num);
> +
> +if (plic->addr_config[i].mode == PLICMode_M) {
> +qdev_connect_gpio_out(dev, num_harts + cpu_num,
>qdev_get_gpio_in(DEVICE(cpu), IRQ_M_EXT));
>  }
> -
> -if (plic->addr_config[j].mode == PLICMode_S) {
> -j++;
> -qdev_connect_gpio_out(dev, i,
> +if (plic->addr_config[i].mode == PLICMode_S) {
> +qdev_connect_gpio_out(dev, cpu_num,
>qdev_get_gpio_in(DEVICE(cpu), IRQ_S_EXT));
>  }
>  }
> --
> 2.35.3
>

Re: [RESEND PATCH] hw/dma: fix crash caused by race condition

[Tong Zhang]

Hi Stefan,

On Wed, Jun 1, 2022 at 6:56 AM Stefan Hajnoczi  wrote:
>
> > > This patch makes sense to me. Can you rephrase your concern?
> >
> > The locking is around dbs->io_func().
> >
> > aio_context_acquire(dbs->ctx);
> > dbs->acb = dbs->io_func()
> > aio_context_release(dbs->ctx);
> >
> >
> > So where exactly would the lock that's now still held stop someone from
> > modifying dbs->acb = NULL at the beginning of the function, which seems
> > to be not protected by that lock?
> >
> > Maybe I'm missing some locking magic due to the lock being a recursive lock.
>
> Tong Zhang: Can you share a backtrace of all threads when the
> assertion failure occurs?
>
Sorry I couldn't get the trace now -- but I can tell that we have some
internal code uses
this dma related code and will grab dbs->ctx lock in another thread
and could overwrite dbs->acb.

>From my understanding, one of the reasons that the lock is required
here is to protect dbs->acb,
we could not reliably test io_func()'s return value after releasing
the lock here.

Since this code affects our internal code base and I did not reproduce
on master branch,
feel free to ignore it.

- Tong

> Stefan

Re: [RFC PATCH v4 11/36] i386/tdx: Initialize TDX before creating TD vcpus

[Xiaoyao Li]

On 6/1/2022 3:54 PM, Gerd Hoffmann wrote:

On Wed, Jun 01, 2022 at 03:20:46PM +0800, Xiaoyao Li wrote:

On 5/24/2022 2:57 PM, Gerd Hoffmann wrote:

Hi,
Maybe it's a bit more work to add VM-scope initialization support to
qemu.


If just introducing VM-scope initialization to QEMU, it would be easy. What
matters is what needs to be done inside VM-scope initialization.

For TDX, we need to settle down the features that configured for the TD.
Typically, the features are attributes of cpu object, parsed from "-cpu"
option and stored in cpu object.



2) create a CPU object when initializing machine object and collect all the
info from "-cpu" and drop it in the end; then why not do it when creating
1st vcpu like this patch.


Do VM-scope tdx initialization late enough that cpu objects are already
created at that point, so you can collect the info you need without a
dummy cpu?


new CPU object is created during creating each vcpu. So we have to use 
mutex and flag to ensure VM-scope initialization is executed only once.


And it's werid to hook  VM-scope initialization in the middle of the 
vcpu creating phase to satisfy "late enough", so we choose to do it just 
before calling KVM API to initializing vcpu.



I guess it could be helpful for the discussion when you can outine the
'big picture' for tdx initialization.  How does kvm accel setup look
like without TDX, and what additional actions are needed for TDX?  What
ordering requirements and other constrains exist?


To boot a TDX VM, it requires several changes/additional steps in the flow:

 1. specify the vm type KVM_X86_TDX_VM when creating VM with
IOCTL(KVM_CREATE_VM);
- When initializing KVM accel

 2. initialize VM scope configuration before creating any VCPU;

 3. initialize VCPU scope configuration;
- done inside machine_init_done_notifier;

 4. initialize virtual firmware in guest private memory before vcpu 
running;

- done inside machine_init_done_notifier;

 5. finalize the TD's measurement;
- done inside machine init_done_notifier;


And we are discussing where to do step 2).

We can find from the code of tdx_pre_create_vcpu(), that it needs
cpuid entries[] and attributes as input to KVM.

  cpuid entries[] is set up by kvm_x86_arch_cpuid() mainly based on
  'CPUX86State *env'

  attributes.pks is retrieved from env->features[]
  and attributes.pmu is retrieved from x86cpu->enable_pmu

to make VM-socpe data is consistent with VCPU data, we do choose the 
point late enough to ensure all the info/configurations from VCPU are 
settle down, that just before calling KVM API to do VCPU-scope 
configuration.



take care,
   Gerd

Re: [PATCH v3 3/4] xlnx_dp: Fix the interrupt disable logic

[Alistair Francis]

On Thu, Jun 2, 2022 at 3:32 AM  wrote:
>
> From: Sai Pavan Boddu 
>
> Fix interrupt disable logic. Mask value 1 indicates that interrupts are
> disabled.
>
> Signed-off-by: Sai Pavan Boddu 
> Reviewed-by: Edgar E. Iglesias 
> Signed-off-by: Frederic Konrad 

Acked-by: Alistair Francis 

Alistair

> ---
>  hw/display/xlnx_dp.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c
> index d0bea512bd..eed705219e 100644
> --- a/hw/display/xlnx_dp.c
> +++ b/hw/display/xlnx_dp.c
> @@ -889,7 +889,7 @@ static void xlnx_dp_write(void *opaque, hwaddr offset, 
> uint64_t value,
>  xlnx_dp_update_irq(s);
>  break;
>  case DP_INT_DS:
> -s->core_registers[DP_INT_MASK] |= ~value;
> +s->core_registers[DP_INT_MASK] |= value;
>  xlnx_dp_update_irq(s);
>  break;
>  default:
> --
> 2.25.1
>
>

Re: [PATCH v3 2/4] xlnx_dp: Introduce a vblank signal

[Alistair Francis]

On Thu, Jun 2, 2022 at 3:29 AM  wrote:
>
> From: Sai Pavan Boddu 
>
> Add a periodic timer which raises vblank at a frequency of 30Hz.
>
> Signed-off-by: Sai Pavan Boddu 
> Signed-off-by: Edgar E. Iglesias 
> Changes by fkonrad:
>   - Switched to transaction-based ptimer API.
>   - Added the DP_INT_VBLNK_START macro.
> Signed-off-by: Frederic Konrad 

Acked-by: Alistair Francis 

Alistair

> ---
>  hw/display/xlnx_dp.c | 28 +---
>  include/hw/display/xlnx_dp.h |  3 +++
>  2 files changed, 28 insertions(+), 3 deletions(-)
>
> diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c
> index 0378570459..d0bea512bd 100644
> --- a/hw/display/xlnx_dp.c
> +++ b/hw/display/xlnx_dp.c
> @@ -114,6 +114,7 @@
>  #define DP_TX_N_AUD (0x032C >> 2)
>  #define DP_TX_AUDIO_EXT_DATA(n) ((0x0330 + 4 * n) >> 2)
>  #define DP_INT_STATUS   (0x03A0 >> 2)
> +#define DP_INT_VBLNK_START  (1 << 13)
>  #define DP_INT_MASK (0x03A4 >> 2)
>  #define DP_INT_EN   (0x03A8 >> 2)
>  #define DP_INT_DS   (0x03AC >> 2)
> @@ -270,10 +271,15 @@ static const VMStateDescription vmstate_dp = {
>   DP_VBLEND_REG_ARRAY_SIZE),
>  VMSTATE_UINT32_ARRAY(audio_registers, XlnxDPState,
>   DP_AUDIO_REG_ARRAY_SIZE),
> +VMSTATE_PTIMER(vblank, XlnxDPState),
>  VMSTATE_END_OF_LIST()
>  }
>  };
>
> +#define DP_VBLANK_PTIMER_POLICY (PTIMER_POLICY_WRAP_AFTER_ONE_PERIOD | \
> + PTIMER_POLICY_CONTINUOUS_TRIGGER |\
> + PTIMER_POLICY_NO_IMMEDIATE_TRIGGER)
> +
>  static void xlnx_dp_update_irq(XlnxDPState *s);
>
>  static uint64_t xlnx_dp_audio_read(void *opaque, hwaddr offset, unsigned 
> size)
> @@ -773,6 +779,13 @@ static void xlnx_dp_write(void *opaque, hwaddr offset, 
> uint64_t value,
>  break;
>  case DP_TRANSMITTER_ENABLE:
>  s->core_registers[offset] = value & 0x01;
> +ptimer_transaction_begin(s->vblank);
> +if (value & 0x1) {
> +ptimer_run(s->vblank, 0);
> +} else {
> +ptimer_stop(s->vblank);
> +}
> +ptimer_transaction_commit(s->vblank);
>  break;
>  case DP_FORCE_SCRAMBLER_RESET:
>  /*
> @@ -1177,9 +1190,6 @@ static void xlnx_dp_update_display(void *opaque)
>  return;
>  }
>
> -s->core_registers[DP_INT_STATUS] |= (1 << 13);
> -xlnx_dp_update_irq(s);
> -
>  xlnx_dpdma_trigger_vsync_irq(s->dpdma);
>
>  /*
> @@ -1275,6 +1285,14 @@ static void xlnx_dp_finalize(Object *obj)
>  fifo8_destroy(>rx_fifo);
>  }
>
> +static void vblank_hit(void *opaque)
> +{
> +XlnxDPState *s = XLNX_DP(opaque);
> +
> +s->core_registers[DP_INT_STATUS] |= DP_INT_VBLNK_START;
> +xlnx_dp_update_irq(s);
> +}
> +
>  static void xlnx_dp_realize(DeviceState *dev, Error **errp)
>  {
>  XlnxDPState *s = XLNX_DP(dev);
> @@ -1309,6 +1327,10 @@ static void xlnx_dp_realize(DeviceState *dev, Error 
> **errp)
> );
>  AUD_set_volume_out(s->amixer_output_stream, 0, 255, 255);
>  xlnx_dp_audio_activate(s);
> +s->vblank = ptimer_init(vblank_hit, s, DP_VBLANK_PTIMER_POLICY);
> +ptimer_transaction_begin(s->vblank);
> +ptimer_set_freq(s->vblank, 30);
> +ptimer_transaction_commit(s->vblank);
>  }
>
>  static void xlnx_dp_reset(DeviceState *dev)
> diff --git a/include/hw/display/xlnx_dp.h b/include/hw/display/xlnx_dp.h
> index 1ef5a89ee7..e86a87f235 100644
> --- a/include/hw/display/xlnx_dp.h
> +++ b/include/hw/display/xlnx_dp.h
> @@ -35,6 +35,7 @@
>  #include "hw/dma/xlnx_dpdma.h"
>  #include "audio/audio.h"
>  #include "qom/object.h"
> +#include "hw/ptimer.h"
>
>  #define AUD_CHBUF_MAX_DEPTH (32 * KiB)
>  #define MAX_QEMU_BUFFER_SIZE(4 * KiB)
> @@ -107,6 +108,8 @@ struct XlnxDPState {
>   */
>  DPCDState *dpcd;
>  I2CDDCState *edid;
> +
> +ptimer_state *vblank;
>  };
>
>  #define TYPE_XLNX_DP "xlnx.v-dp"
> --
> 2.25.1
>
>

[PATCH] tcg/i386: Fix encoding of OPC_VPSRAQ for INDEX_op_sars_vec

[Richard Henderson]

We wanted the VPSRAQ variant with the scalar vector shift operand,
not the variant with an immediate operand.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1022
Fixes: 47b331b2a8da ("tcg/i386: Implement avx512 scalar shift")
Signed-off-by: Richard Henderson 
---
 tcg/i386/tcg-target.c.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc
index b5c6159853..d52206ba4d 100644
--- a/tcg/i386/tcg-target.c.inc
+++ b/tcg/i386/tcg-target.c.inc
@@ -375,7 +375,7 @@ static bool tcg_target_const_match(int64_t val, TCGType 
type, int ct)
 #define OPC_PSLLQ   (0xf3 | P_EXT | P_DATA16)
 #define OPC_PSRAW   (0xe1 | P_EXT | P_DATA16)
 #define OPC_PSRAD   (0xe2 | P_EXT | P_DATA16)
-#define OPC_VPSRAQ  (0x72 | P_EXT | P_DATA16 | P_VEXW | P_EVEX)
+#define OPC_VPSRAQ  (0xe2 | P_EXT | P_DATA16 | P_VEXW | P_EVEX)
 #define OPC_PSRLW   (0xd1 | P_EXT | P_DATA16)
 #define OPC_PSRLD   (0xd2 | P_EXT | P_DATA16)
 #define OPC_PSRLQ   (0xd3 | P_EXT | P_DATA16)
-- 
2.34.1

[RFC PATCH] RISC-V: Add Zawrs ISA extension support

[Christoph Muellner]

From: Christoph Muellner 

This patch adds support for the Zawrs ISA extension.
Given the current (incomplete) implementation of reservation sets
there seems to be no way to provide a full emulation of the WRS
instruction (wake on reservation set invalidation or timeout or
interrupt). Therefore, we just pretend that an interrupt occured,
exit the execution loop and finally continue execution.

The specification can be found here:
https://github.com/riscv/riscv-zawrs/blob/main/zawrs.adoc

Note, that the Zawrs extension is not frozen or ratified yet.
Therefore this patch is an RFC and not intended to get merged.

Signed-off-by: Christoph Muellner 
---
 target/riscv/cpu.c  |  1 +
 target/riscv/cpu.h  |  1 +
 target/riscv/insn32.decode  |  3 ++
 target/riscv/insn_trans/trans_rvzawrs.c.inc | 48 +
 target/riscv/translate.c|  1 +
 5 files changed, 54 insertions(+)
 create mode 100644 target/riscv/insn_trans/trans_rvzawrs.c.inc

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index a91253d4bd..3b43e5a03d 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -877,6 +877,7 @@ static Property riscv_cpu_properties[] = {
 DEFINE_PROP_BOOL("svnapot", RISCVCPU, cfg.ext_svnapot, false),
 DEFINE_PROP_BOOL("svpbmt", RISCVCPU, cfg.ext_svpbmt, false),
 
+DEFINE_PROP_BOOL("zawrs", RISCVCPU, cfg.ext_zawrs, true),
 DEFINE_PROP_BOOL("zba", RISCVCPU, cfg.ext_zba, true),
 DEFINE_PROP_BOOL("zbb", RISCVCPU, cfg.ext_zbb, true),
 DEFINE_PROP_BOOL("zbc", RISCVCPU, cfg.ext_zbc, true),
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index f08c3e8813..2ef2efe22e 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -380,6 +380,7 @@ struct RISCVCPUConfig {
 bool ext_h;
 bool ext_j;
 bool ext_v;
+bool ext_zawrs;
 bool ext_zba;
 bool ext_zbb;
 bool ext_zbc;
diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index 4033565393..ce20eab738 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -111,6 +111,9 @@ wfi 000100000101 0 000 0 1110011
 sfence_vma  0001001. . 000 0 1110011 @sfence_vma
 sfence_vm   000100000100 . 000 0 1110011 @sfence_vm
 
+# *** Zawrs Instruction Extension ***
+wrs 0001 . 000 0 1110011 @sfence_vm
+
 # *** RV32I Base Instruction Set ***
 lui     . 0110111 @u
 auipc   . 0010111 @u
diff --git a/target/riscv/insn_trans/trans_rvzawrs.c.inc 
b/target/riscv/insn_trans/trans_rvzawrs.c.inc
new file mode 100644
index 00..38b71d0085
--- /dev/null
+++ b/target/riscv/insn_trans/trans_rvzawrs.c.inc
@@ -0,0 +1,48 @@
+/*
+ * RISC-V translation routines for the RISC-V Zawrs Extension.
+ *
+ * Copyright (c) 2022 Christoph Muellner, christoph.muell...@vrull.io
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#define REQUIRE_ZAWRS(ctx) do { \
+if (!ctx->cfg_ptr->ext_zawrs) { \
+return false;   \
+}   \
+} while (0)
+
+static bool trans_wrs(DisasContext *ctx, arg_sfence_vm *a)
+{
+REQUIRE_ZAWRS(ctx);
+
+/*
+ * We may continue if one or more of the following conditions are met:
+ * a) reservation set is invalid
+ * b) rs1 != 0 and X(rs1) < time CSR
+ * c) interrupt observed
+ *
+ * A reservation set can be invalidated by any store to a reserved
+ * memory location. However, that's currently not implemented in QEMU.
+ * So let's just exit the CPU loop and pretend that an interrupt occured.
+ */
+
+/* Clear the load reservation  (if any).  */
+tcg_gen_movi_tl(load_res, -1);
+
+gen_set_pc_imm(ctx, ctx->pc_succ_insn);
+tcg_gen_exit_tb(NULL, 0);
+ctx->base.is_jmp = DISAS_NORETURN;
+
+return true;
+}
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 55a4713af2..3f0140d124 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -1005,6 +1005,7 @@ static uint32_t opcode_at(DisasContextBase *dcbase, 
target_ulong pc)
 #include "insn_trans/trans_rvh.c.inc"
 #include "insn_trans/trans_rvv.c.inc"
 #include "insn_trans/trans_rvb.c.inc"
+#include "insn_trans/trans_rvzawrs.c.inc"
 #include "insn_trans/trans_rvzfh.c.inc"
 #include "insn_trans/trans_rvk.c.inc"

[RFC PATCH] RISC-V: Add Zawrs ISA extension support

[Christoph Muellner]

This patch adds support for the Zawrs ISA extension.
Given the current (incomplete) implementation of reservation sets
there seems to be no way to provide a full emulation of the WRS
instruction (wake on reservation set invalidation or timeout or
interrupt). Therefore, we just pretend that an interrupt occured,
exit the execution loop and finally continue execution.

The specification can be found here:
https://github.com/riscv/riscv-zawrs/blob/main/zawrs.adoc

Note, that the Zawrs extension is not frozen or ratified yet.
Therefore this patch is an RFC and not intended to get merged.

Signed-off-by: Christoph Muellner 
---
 target/riscv/cpu.c  |  1 +
 target/riscv/cpu.h  |  1 +
 target/riscv/insn32.decode  |  3 ++
 target/riscv/insn_trans/trans_rvzawrs.c.inc | 48 +
 target/riscv/translate.c|  1 +
 5 files changed, 54 insertions(+)
 create mode 100644 target/riscv/insn_trans/trans_rvzawrs.c.inc

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index a91253d4bd..3b43e5a03d 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -877,6 +877,7 @@ static Property riscv_cpu_properties[] = {
 DEFINE_PROP_BOOL("svnapot", RISCVCPU, cfg.ext_svnapot, false),
 DEFINE_PROP_BOOL("svpbmt", RISCVCPU, cfg.ext_svpbmt, false),
 
+DEFINE_PROP_BOOL("zawrs", RISCVCPU, cfg.ext_zawrs, true),
 DEFINE_PROP_BOOL("zba", RISCVCPU, cfg.ext_zba, true),
 DEFINE_PROP_BOOL("zbb", RISCVCPU, cfg.ext_zbb, true),
 DEFINE_PROP_BOOL("zbc", RISCVCPU, cfg.ext_zbc, true),
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index f08c3e8813..2ef2efe22e 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -380,6 +380,7 @@ struct RISCVCPUConfig {
 bool ext_h;
 bool ext_j;
 bool ext_v;
+bool ext_zawrs;
 bool ext_zba;
 bool ext_zbb;
 bool ext_zbc;
diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index 4033565393..ce20eab738 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -111,6 +111,9 @@ wfi 000100000101 0 000 0 1110011
 sfence_vma  0001001. . 000 0 1110011 @sfence_vma
 sfence_vm   000100000100 . 000 0 1110011 @sfence_vm
 
+# *** Zawrs Instruction Extension ***
+wrs 0001 . 000 0 1110011 @sfence_vm
+
 # *** RV32I Base Instruction Set ***
 lui     . 0110111 @u
 auipc   . 0010111 @u
diff --git a/target/riscv/insn_trans/trans_rvzawrs.c.inc 
b/target/riscv/insn_trans/trans_rvzawrs.c.inc
new file mode 100644
index 00..38b71d0085
--- /dev/null
+++ b/target/riscv/insn_trans/trans_rvzawrs.c.inc
@@ -0,0 +1,48 @@
+/*
+ * RISC-V translation routines for the RISC-V Zawrs Extension.
+ *
+ * Copyright (c) 2022 Christoph Muellner, christoph.muell...@vrull.io
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#define REQUIRE_ZAWRS(ctx) do { \
+if (!ctx->cfg_ptr->ext_zawrs) { \
+return false;   \
+}   \
+} while (0)
+
+static bool trans_wrs(DisasContext *ctx, arg_sfence_vm *a)
+{
+REQUIRE_ZAWRS(ctx);
+
+/*
+ * We may continue if one or more of the following conditions are met:
+ * a) reservation set is invalid
+ * b) rs1 != 0 and X(rs1) < time CSR
+ * c) interrupt observed
+ *
+ * A reservation set can be invalidated by any store to a reserved
+ * memory location. However, that's currently not implemented in QEMU.
+ * So let's just exit the CPU loop and pretend that an interrupt occured.
+ */
+
+/* Clear the load reservation  (if any).  */
+tcg_gen_movi_tl(load_res, -1);
+
+gen_set_pc_imm(ctx, ctx->pc_succ_insn);
+tcg_gen_exit_tb(NULL, 0);
+ctx->base.is_jmp = DISAS_NORETURN;
+
+return true;
+}
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 55a4713af2..3f0140d124 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -1005,6 +1005,7 @@ static uint32_t opcode_at(DisasContextBase *dcbase, 
target_ulong pc)
 #include "insn_trans/trans_rvh.c.inc"
 #include "insn_trans/trans_rvv.c.inc"
 #include "insn_trans/trans_rvb.c.inc"
+#include "insn_trans/trans_rvzawrs.c.inc"
 #include "insn_trans/trans_rvzfh.c.inc"
 #include "insn_trans/trans_rvk.c.inc"
 #include 

Re: [RFC PATCH v2 4/6] hw/i2c: add asynchronous send

[Corey Minyard]

On Wed, Jun 01, 2022 at 11:08:29PM +0200, Klaus Jensen wrote:
> From: Klaus Jensen 
> 
> Add an asynchronous version of i2c_send() that requires the slave to
> explicitly acknowledge on the bus with i2c_ack().
> 
> The current master must use the new i2c_start_send_async() to indicate
> that it wants to do an asynchronous transfer. This allows the i2c core
> to check if the target slave supports this or not. This approach relies
> on adding a new enum i2c_event member, which is why a bunch of other
> devices needs changes in their event handling switches.

This would be easier to read if you split out the default return of -1
in all the devices to a separate patch.

You've already pointed out the lack of nack support.

I think this is ok outside of that.

-corey

> 
> Signed-off-by: Klaus Jensen 
> ---
>  hw/arm/pxa2xx.c|  2 ++
>  hw/display/sii9022.c   |  2 ++
>  hw/display/ssd0303.c   |  2 ++
>  hw/i2c/core.c  | 36 +++-
>  hw/i2c/smbus_slave.c   |  4 
>  hw/i2c/trace-events|  2 ++
>  hw/misc/ibm-cffps.c|  2 ++
>  hw/misc/ir35221.c  |  2 ++
>  hw/nvram/eeprom_at24c.c|  2 ++
>  hw/sensor/lsm303dlhc_mag.c |  2 ++
>  include/hw/i2c/i2c.h   | 16 
>  11 files changed, 71 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
> index f4f687df68ef..93dda83d7aa9 100644
> --- a/hw/arm/pxa2xx.c
> +++ b/hw/arm/pxa2xx.c
> @@ -1305,6 +1305,8 @@ static int pxa2xx_i2c_event(I2CSlave *i2c, enum 
> i2c_event event)
>  case I2C_NACK:
>  s->status |= 1 << 1; /* set ACKNAK */
>  break;
> +default:
> +return -1;
>  }
>  pxa2xx_i2c_update(s);
>  
> diff --git a/hw/display/sii9022.c b/hw/display/sii9022.c
> index b591a5878901..664fd4046d82 100644
> --- a/hw/display/sii9022.c
> +++ b/hw/display/sii9022.c
> @@ -76,6 +76,8 @@ static int sii9022_event(I2CSlave *i2c, enum i2c_event 
> event)
>  break;
>  case I2C_NACK:
>  break;
> +default:
> +return -1;
>  }
>  
>  return 0;
> diff --git a/hw/display/ssd0303.c b/hw/display/ssd0303.c
> index aeae22da9c29..d67b0ad7b529 100644
> --- a/hw/display/ssd0303.c
> +++ b/hw/display/ssd0303.c
> @@ -196,6 +196,8 @@ static int ssd0303_event(I2CSlave *i2c, enum i2c_event 
> event)
>  case I2C_NACK:
>  /* Nothing to do.  */
>  break;
> +default:
> +return -1;
>  }
>  
>  return 0;
> diff --git a/hw/i2c/core.c b/hw/i2c/core.c
> index 145dce60782a..d4ba8146bffb 100644
> --- a/hw/i2c/core.c
> +++ b/hw/i2c/core.c
> @@ -161,7 +161,8 @@ static int i2c_do_start_transfer(I2CBus *bus, uint8_t 
> address,
> start condition.  */
>  
>  if (sc->event) {
> -trace_i2c_event("start", s->address);
> +trace_i2c_event(event == I2C_START_SEND ? "start" : 
> "start_async",
> +s->address);
>  rv = sc->event(s, event);
>  if (rv && !bus->broadcast) {
>  if (bus_scanned) {
> @@ -212,6 +213,11 @@ int i2c_start_send(I2CBus *bus, uint8_t address)
>  return i2c_do_start_transfer(bus, address, I2C_START_SEND);
>  }
>  
> +int i2c_start_send_async(I2CBus *bus, uint8_t address)
> +{
> +return i2c_do_start_transfer(bus, address, I2C_START_SEND_ASYNC);
> +}
> +
>  void i2c_end_transfer(I2CBus *bus)
>  {
>  I2CSlaveClass *sc;
> @@ -261,6 +267,23 @@ int i2c_send(I2CBus *bus, uint8_t data)
>  return ret ? -1 : 0;
>  }
>  
> +int i2c_send_async(I2CBus *bus, uint8_t data)
> +{
> +I2CNode *node = QLIST_FIRST(>current_devs);
> +I2CSlave *slave = node->elt;
> +I2CSlaveClass *sc = I2C_SLAVE_GET_CLASS(slave);
> +
> +if (!sc->send_async) {
> +return -1;
> +}
> +
> +trace_i2c_send_async(slave->address, data);
> +
> +sc->send_async(slave, data);
> +
> +return 0;
> +}
> +
>  uint8_t i2c_recv(I2CBus *bus)
>  {
>  uint8_t data = 0xff;
> @@ -297,6 +320,17 @@ void i2c_nack(I2CBus *bus)
>  }
>  }
>  
> +void i2c_ack(I2CBus *bus)
> +{
> +if (!bus->bh) {
> +return;
> +}
> +
> +trace_i2c_ack();
> +
> +qemu_bh_schedule(bus->bh);
> +}
> +
>  static int i2c_slave_post_load(void *opaque, int version_id)
>  {
>  I2CSlave *dev = opaque;
> diff --git a/hw/i2c/smbus_slave.c b/hw/i2c/smbus_slave.c
> index 5d10e27664db..feb3ec633350 100644
> --- a/hw/i2c/smbus_slave.c
> +++ b/hw/i2c/smbus_slave.c
> @@ -143,6 +143,10 @@ static int smbus_i2c_event(I2CSlave *s, enum i2c_event 
> event)
>  dev->mode = SMBUS_CONFUSED;
>  break;
>  }
> +break;
> +
> +default:
> +return -1;
>  }
>  
>  return 0;
> diff --git a/hw/i2c/trace-events b/hw/i2c/trace-events
> index 209275ed2dc8..af181d43ee64 100644
> --- a/hw/i2c/trace-events
> +++ b/hw/i2c/trace-events
> @@ -4,7 +4,9 @@
>  
>  i2c_event(const char *event, uint8_t address) 

Re: [RFC PATCH v2 3/6] hw/i2c: support multiple masters

[Corey Minyard]

On Wed, Jun 01, 2022 at 11:08:28PM +0200, Klaus Jensen wrote:
> From: Klaus Jensen 
> 
> Allow slaves to master the bus by registering a bottom halve. If the bus
> is busy, the bottom halve is queued up. When a slave has succesfully
  ^ half
> mastered the bus, the bottom halve is scheduled.
   ^ half

"halve" is a verb that means to split something into two pieces.  Yes,
English is a strange language :).

Also, technically from an I2C point of view, masters master the bus and
slaves only respond.  The way it's phrased here and elsewhere sounds a
little strange from that point of view.

I'm ok with this patch.  It's straightforward.

> 
> Signed-off-by: Klaus Jensen 
> ---
>  hw/i2c/core.c| 34 +-
>  include/hw/i2c/i2c.h | 14 ++
>  2 files changed, 47 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/i2c/core.c b/hw/i2c/core.c
> index d0cb2d32fa44..145dce60782a 100644
> --- a/hw/i2c/core.c
> +++ b/hw/i2c/core.c
> @@ -13,6 +13,7 @@
>  #include "migration/vmstate.h"
>  #include "qapi/error.h"
>  #include "qemu/module.h"
> +#include "qemu/main-loop.h"
>  #include "trace.h"
>  
>  #define I2C_BROADCAST 0x00
> @@ -62,6 +63,7 @@ I2CBus *i2c_init_bus(DeviceState *parent, const char *name)
>  
>  bus = I2C_BUS(qbus_new(TYPE_I2C_BUS, parent, name));
>  QLIST_INIT(>current_devs);
> +QSIMPLEQ_INIT(>pending_masters);
>  vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, _i2c_bus, bus);
>  return bus;
>  }
> @@ -74,7 +76,7 @@ void i2c_slave_set_address(I2CSlave *dev, uint8_t address)
>  /* Return nonzero if bus is busy.  */
>  int i2c_bus_busy(I2CBus *bus)
>  {
> -return !QLIST_EMPTY(>current_devs);
> +return !QLIST_EMPTY(>current_devs) || bus->bh;
>  }
>  
>  bool i2c_scan_bus(I2CBus *bus, uint8_t address, bool broadcast,
> @@ -180,6 +182,26 @@ int i2c_start_transfer(I2CBus *bus, uint8_t address, 
> bool is_recv)
> : I2C_START_SEND);
>  }
>  
> +void i2c_bus_master(I2CBus *bus, QEMUBH *bh)
> +{
> +if (i2c_bus_busy(bus)) {
> +I2CPendingMaster *node = g_new(struct I2CPendingMaster, 1);
> +node->bh = bh;
> +
> +QSIMPLEQ_INSERT_TAIL(>pending_masters, node, entry);
> +
> +return;
> +}
> +
> +bus->bh = bh;
> +qemu_bh_schedule(bus->bh);
> +}
> +
> +void i2c_bus_release(I2CBus *bus)
> +{
> +bus->bh = NULL;
> +}
> +
>  int i2c_start_recv(I2CBus *bus, uint8_t address)
>  {
>  return i2c_do_start_transfer(bus, address, I2C_START_RECV);
> @@ -206,6 +228,16 @@ void i2c_end_transfer(I2CBus *bus)
>  g_free(node);
>  }
>  bus->broadcast = false;
> +
> +if (!QSIMPLEQ_EMPTY(>pending_masters)) {
> +I2CPendingMaster *node = QSIMPLEQ_FIRST(>pending_masters);
> +bus->bh = node->bh;
> +
> +QSIMPLEQ_REMOVE_HEAD(>pending_masters, entry);
> +g_free(node);
> +
> +qemu_bh_schedule(bus->bh);
> +}
>  }
>  
>  int i2c_send(I2CBus *bus, uint8_t data)
> diff --git a/include/hw/i2c/i2c.h b/include/hw/i2c/i2c.h
> index 5ca3b708c0be..be8bb8b78a60 100644
> --- a/include/hw/i2c/i2c.h
> +++ b/include/hw/i2c/i2c.h
> @@ -69,13 +69,25 @@ struct I2CNode {
>  QLIST_ENTRY(I2CNode) next;
>  };
>  
> +typedef struct I2CPendingMaster I2CPendingMaster;
> +
> +struct I2CPendingMaster {
> +QEMUBH *bh;
> +QSIMPLEQ_ENTRY(I2CPendingMaster) entry;
> +};
> +
>  typedef QLIST_HEAD(I2CNodeList, I2CNode) I2CNodeList;
> +typedef QSIMPLEQ_HEAD(I2CPendingMasters, I2CPendingMaster) I2CPendingMasters;
>  
>  struct I2CBus {
>  BusState qbus;
>  I2CNodeList current_devs;
> +I2CPendingMasters pending_masters;
>  uint8_t saved_address;
>  bool broadcast;
> +
> +/* Set from slave currently mastering the bus. */
> +QEMUBH *bh;
>  };
>  
>  I2CBus *i2c_init_bus(DeviceState *parent, const char *name);
> @@ -117,6 +129,8 @@ int i2c_start_send(I2CBus *bus, uint8_t address);
>  
>  void i2c_end_transfer(I2CBus *bus);
>  void i2c_nack(I2CBus *bus);
> +void i2c_bus_master(I2CBus *bus, QEMUBH *bh);
> +void i2c_bus_release(I2CBus *bus);
>  int i2c_send(I2CBus *bus, uint8_t data);
>  uint8_t i2c_recv(I2CBus *bus);
>  bool i2c_scan_bus(I2CBus *bus, uint8_t address, bool broadcast,
> -- 
> 2.36.1
> 


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [PATCH v3 6/7] hw/isa/piix4: QOM'ify PIIX4 PM creation

[Bernhard Beschow]

Am 30. Mai 2022 19:58:37 UTC schrieb Mark Cave-Ayland 
:
>On 29/05/2022 19:05, Bernhard Beschow wrote:
>
>> On Sun, May 29, 2022 at 11:25 AM Mark Cave-Ayland <
>> mark.cave-ayl...@ilande.co.uk> wrote:
>> 
>>> On 28/05/2022 20:20, Bernhard Beschow wrote:
>>> 
 Just like the real hardware, create the PIIX4 ACPI controller as part of
 the PIIX4 southbridge. This also mirrors how the IDE and USB functions
 are already created.
 
 Signed-off-by: Bernhard Beschow 
 ---
hw/isa/piix4.c| 25 ++---
hw/mips/malta.c   |  3 ++-
include/hw/southbridge/piix.h |  2 +-
3 files changed, 17 insertions(+), 13 deletions(-)
 
 diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
 index 96df21a610..217989227d 100644
 --- a/hw/isa/piix4.c
 +++ b/hw/isa/piix4.c
 @@ -49,6 +49,7 @@ struct PIIX4State {
RTCState rtc;
PCIIDEState ide;
UHCIState uhci;
 +PIIX4PMState pm;
/* Reset Control Register */
MemoryRegion rcr_mem;
uint8_t rcr;
 @@ -261,6 +262,14 @@ static void piix4_realize(PCIDevice *dev, Error
>>> **errp)
return;
}
 
 +/* ACPI controller */
 +qdev_prop_set_int32(DEVICE(>pm), "addr", dev->devfn + 3);
 +if (!qdev_realize(DEVICE(>pm), BUS(pci_bus), errp)) {
 +return;
 +}
 +qdev_connect_gpio_out(DEVICE(>pm), 0, s->isa[9]);
 +object_property_add_alias(OBJECT(s), "smbus", OBJECT(>pm),
>>> "i2c");
>>> 
>>> Now that the PM device is QOMified you don't actually need this alias
>>> anymore (see
>>> below). In general aliasing parts of contained devices onto the container
>>> isn't
>>> recommended, since it starts to blur the line between individual devices
>>> and then you
>>> find some wiring gets done to the container, some directly to the
>>> contained device
>>> and then it starts to get confusing quite quickly.
>>> 
pci_bus_irqs(pci_bus, piix4_set_irq, pci_slot_get_pirq, s,
>>> PIIX_NUM_PIRQS);
}
 
 @@ -271,6 +280,10 @@ static void piix4_init(Object *obj)
object_initialize_child(obj, "rtc", >rtc, TYPE_MC146818_RTC);
object_initialize_child(obj, "ide", >ide, "piix4-ide");
object_initialize_child(obj, "uhci", >uhci, "piix4-usb-uhci");
 +
 +object_initialize_child(obj, "pm", >pm, TYPE_PIIX4_PM);
 +qdev_prop_set_uint32(DEVICE(>pm), "smb_io_base", 0x1100);
 +qdev_prop_set_bit(DEVICE(>pm), "smm-enabled", 0);
}
 
static void piix4_class_init(ObjectClass *klass, void *data)
 @@ -312,7 +325,7 @@ static void piix4_register_types(void)
 
type_init(piix4_register_types)
 
 -DeviceState *piix4_create(PCIBus *pci_bus, I2CBus **smbus)
 +DeviceState *piix4_create(PCIBus *pci_bus)
{
PCIDevice *pci;
DeviceState *dev;
 @@ -322,15 +335,5 @@ DeviceState *piix4_create(PCIBus *pci_bus, I2CBus
>>> **smbus)
  TYPE_PIIX4_PCI_DEVICE);
dev = DEVICE(pci);
 
 -if (smbus) {
 -pci = pci_new(devfn + 3, TYPE_PIIX4_PM);
 -qdev_prop_set_uint32(DEVICE(pci), "smb_io_base", 0x1100);
 -qdev_prop_set_bit(DEVICE(pci), "smm-enabled", 0);
 -pci_realize_and_unref(pci, pci_bus, _fatal);
 -qdev_connect_gpio_out(DEVICE(pci), 0,
 -  qdev_get_gpio_in_named(dev, "isa", 9));
 -*smbus = I2C_BUS(qdev_get_child_bus(DEVICE(pci), "i2c"));
 -}
 -
return dev;
}
 diff --git a/hw/mips/malta.c b/hw/mips/malta.c
 index e446b25ad0..b0fc84ccbb 100644
 --- a/hw/mips/malta.c
 +++ b/hw/mips/malta.c
 @@ -1399,8 +1399,9 @@ void mips_malta_init(MachineState *machine)
empty_slot_init("GT64120", 0, 0x2000);
 
/* Southbridge */
 -dev = piix4_create(pci_bus, );
 +dev = piix4_create(pci_bus);
isa_bus = ISA_BUS(qdev_get_child_bus(dev, "isa.0"));
 +smbus = I2C_BUS(qdev_get_child_bus(dev, "smbus"));
>>> 
>>> It should now be possible to do something like this:
>>> 
>>>   pm_dev = DEVICE(object_resolve_path_component(OBJECT(dev), "pm"));
>>>   smbus = I2C_BUS(qdev_get_child_bus(pm_dev, "i2c"));
>>> 
>>> whereby we grab the reference to the PIIX4_PM device by resolving the "pm"
>>> child
>>> object and then use that to obtain the reference to smbus.
>>> 
>> 
>> Imagining the container device to be an abstraction layer for the
>> contained functionality I actually prefer the alias. Having it one
>> doesn't need to know that there is an internal device named "pm" and
>> one doesn't need to care about how many levels deep it is buried
>> inside the implementation. This allows for further refactoring the
>> PIIX4 without breaking its contract to its users.

Re: [PATCH v3 2/7] hw/isa/piix4: Use object_initialize_child() for embedded struct

[Bernhard Beschow]

Am 30. Mai 2022 11:38:30 UTC schrieb "Philippe Mathieu-Daudé" :
>On 28/5/22 21:20, Bernhard Beschow wrote:
>> Found-by: Peter Maydell 
>
>I suppose you refer to this thread:
>https://lore.kernel.org/qemu-devel/CAFEAcA_y69=iXMH75dHeNkxMa038Z7Xk63GW9fdcAFHJSWS=s...@mail.gmail.com/

Yes, correct.

>I'm going to change the tag to "Reported-by".

I'll take care of this in v4.

>Reviewed-by: Philippe Mathieu-Daudé 
>
>> Signed-off-by: Bernhard Beschow 
>> ---
>>   hw/isa/piix4.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>> 
>> diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
>> index 9a6d981037..1d04fb6a55 100644
>> --- a/hw/isa/piix4.c
>> +++ b/hw/isa/piix4.c
>> @@ -224,7 +224,7 @@ static void piix4_init(Object *obj)
>>   {
>>   PIIX4State *s = PIIX4_PCI_DEVICE(obj);
>>   -object_initialize(>rtc, sizeof(s->rtc), TYPE_MC146818_RTC);
>> +object_initialize_child(obj, "rtc", >rtc, TYPE_MC146818_RTC);
>>   }
>> static void piix4_class_init(ObjectClass *klass, void *data)

Re: [PATCH v3 1/7] include/hw/southbridge/piix: Aggregate all PIIX soughbridge type names

[Bernhard Beschow]

Am 30. Mai 2022 13:19:33 UTC schrieb "Philippe Mathieu-Daudé" :
>On 29/5/22 20:09, Bernhard Beschow wrote:
>> On Sun, May 29, 2022 at 11:05 AM Mark Cave-Ayland 
>> mailto:mark.cave-ayl...@ilande.co.uk>> wrote:
>> 
>> On 28/05/2022 20:20, Bernhard Beschow wrote:
>> 
>>  > TYPE_PIIX3_PCI_DEVICE resides there as already, so add the remaining
>>  > ones, too.
>>  >
>>  > Signed-off-by: Bernhard Beschow > >
>>  > Reviewed-by: Mark Cave-Ayland > >
>>  > Reviewed-by: Philippe Mathieu-Daudé > >
>>  > ---
>>  >   hw/isa/piix3.c                | 3 ---
>>  >   include/hw/isa/isa.h          | 2 --
>>  >   include/hw/southbridge/piix.h | 4 
>>  >   3 files changed, 4 insertions(+), 5 deletions(-)
>
>> One tiny nit here: there's a typo in the subject line which I missed
>> when reviewing v2.
>> 
>> s/soughbridge/southbridge/
>> 
>> 
>> Ack. Will fix in v3.
>
>Can do. Also, "include/" in subject is not helpful.

I'll take care of this in v4.

Thanks,
Bernhard

Re: [PATCH v3 1/4] xlnx_dp: fix the wrong register size

[Alistair Francis]

On Thu, Jun 2, 2022 at 3:26 AM  wrote:
>
> From: Frederic Konrad 
>
> The core and the vblend registers size are wrong, they should respectively be
> 0x3B0 and 0x1E0 according to:
>   
> https://www.xilinx.com/htmldocs/registers/ug1087/ug1087-zynq-ultrascale-registers.html.
>
> Let's fix that and use macros when creating the mmio region.
>
> Fixes: 58ac482a66d ("introduce xlnx-dp")
> Signed-off-by: Frederic Konrad 
> Reviewed-by: Edgar E. Iglesias 

Acked-by: Alistair Francis 

Alistair

> ---
>  hw/display/xlnx_dp.c | 17 ++---
>  include/hw/display/xlnx_dp.h |  9 +++--
>  2 files changed, 17 insertions(+), 9 deletions(-)
>
> diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c
> index 9bb781e312..0378570459 100644
> --- a/hw/display/xlnx_dp.c
> +++ b/hw/display/xlnx_dp.c
> @@ -1219,19 +1219,22 @@ static void xlnx_dp_init(Object *obj)
>  SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
>  XlnxDPState *s = XLNX_DP(obj);
>
> -memory_region_init(>container, obj, TYPE_XLNX_DP, 0xC050);
> +memory_region_init(>container, obj, TYPE_XLNX_DP, DP_CONTAINER_SIZE);
>
>  memory_region_init_io(>core_iomem, obj, _ops, s, TYPE_XLNX_DP
> -  ".core", 0x3AF);
> -memory_region_add_subregion(>container, 0x, >core_iomem);
> +  ".core", sizeof(s->core_registers));
> +memory_region_add_subregion(>container, DP_CORE_REG_OFFSET,
> +>core_iomem);
>
>  memory_region_init_io(>vblend_iomem, obj, _ops, s, TYPE_XLNX_DP
> -  ".v_blend", 0x1DF);
> -memory_region_add_subregion(>container, 0xA000, >vblend_iomem);
> +  ".v_blend", sizeof(s->vblend_registers));
> +memory_region_add_subregion(>container, DP_VBLEND_REG_OFFSET,
> +>vblend_iomem);
>
>  memory_region_init_io(>avbufm_iomem, obj, _ops, s, TYPE_XLNX_DP
> -  ".av_buffer_manager", 0x238);
> -memory_region_add_subregion(>container, 0xB000, >avbufm_iomem);
> +  ".av_buffer_manager", sizeof(s->avbufm_registers));
> +memory_region_add_subregion(>container, DP_AVBUF_REG_OFFSET,
> +>avbufm_iomem);
>
>  memory_region_init_io(>audio_iomem, obj, _ops, s, TYPE_XLNX_DP
>".audio", sizeof(s->audio_registers));
> diff --git a/include/hw/display/xlnx_dp.h b/include/hw/display/xlnx_dp.h
> index 8ab4733bb8..1ef5a89ee7 100644
> --- a/include/hw/display/xlnx_dp.h
> +++ b/include/hw/display/xlnx_dp.h
> @@ -39,10 +39,15 @@
>  #define AUD_CHBUF_MAX_DEPTH (32 * KiB)
>  #define MAX_QEMU_BUFFER_SIZE(4 * KiB)
>
> -#define DP_CORE_REG_ARRAY_SIZE  (0x3AF >> 2)
> +#define DP_CORE_REG_OFFSET  (0x)
> +#define DP_CORE_REG_ARRAY_SIZE  (0x3B0 >> 2)
> +#define DP_AVBUF_REG_OFFSET (0xB000)
>  #define DP_AVBUF_REG_ARRAY_SIZE (0x238 >> 2)
> -#define DP_VBLEND_REG_ARRAY_SIZE(0x1DF >> 2)
> +#define DP_VBLEND_REG_OFFSET(0xA000)
> +#define DP_VBLEND_REG_ARRAY_SIZE(0x1E0 >> 2)
> +#define DP_AUDIO_REG_OFFSET (0xC000)
>  #define DP_AUDIO_REG_ARRAY_SIZE (0x50 >> 2)
> +#define DP_CONTAINER_SIZE   (0xC050)
>
>  struct PixmanPlane {
>  pixman_format_code_t format;
> --
> 2.25.1
>
>

Re: [PULL 00/33] testing updates (gitlab, junit, lcitool, x-compile)

[Richard Henderson]

On 6/1/22 11:05, Alex Bennée wrote:

The following changes since commit 7077fcb9b68f058809c9dd9fd1dacae1881e886c:

   Merge tag 'vmbus-maint-20220530' of https://github.com/maciejsszmigiero/qemu 
into staging (2022-05-30 12:40:36 -0700)

are available in the Git repository at:

   https://github.com/stsquad/qemu.git tags/pull-testing-next-010622-3

for you to fetch changes up to 7266ecce502c31387a3cbf83d7297bc9cf27b139:

   docs/devel: clean-up the CI links in the docs (2022-06-01 18:55:04 +0100)


Various testing updates

   - fix some gitlab container dependencies
   - report meson test results via JUnit
   - fix meson display of enabled cross compilers
   - convert more cross build containers to lcitool and Debian 11
   - re-factor cross compiler detection
   - use test cross-compilers for building ROMs
   - disable CI runs by default (see docs)
   - fix some broken links in development documentation


Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/7.1 as 
appropriate.


r~






Alex Bennée (9):
   meson.build: fix summary display of test compilers
   tests/lcitool: fix up indentation to correct style
   tests/docker: update debian-armhf-cross with lcitool
   tests/docker: update debian-armel-cross with lcitool
   tests/docker: update debian-mipsel-cross with lcitool
   tests/docker: update debian-mips64el-cross with lcitool
   tests/docker: update debian-ppc64el-cross with lcitool
   tests/docker: update debian-amd64 with lcitool
   docs/devel: clean-up the CI links in the docs

Daniel P. Berrangé (5):
   gitlab: introduce a common base job template
   gitlab: convert Cirrus jobs to .base_job_template
   gitlab: convert static checks to .base_job_template
   gitlab: convert build/container jobs to .base_job_template
   gitlab: don't run CI jobs in forks by default

Marc-André Lureau (1):
   gitlab-ci: add meson JUnit test result into report

Paolo Bonzini (16):
   configure: do not define or use the CPP variable
   build: clean up ninja invocation
   build: add a more generic way to specify make->ninja dependencies
   build: do a full build before running TCG tests
   configure, meson: move symlinking of ROMs to meson
   tests/tcg: correct target CPU for sparc32
   tests/tcg: merge configure.sh back into main configure script
   configure: add missing cross compiler fallbacks
   configure: handle host compiler in probe_target_compiler
   configure: introduce --cross-prefix-*=
   configure: include more binutils in tests/tcg makefile
   configure: move symlink configuration earlier
   configure: enable cross-compilation of s390-ccw
   configure: enable cross-compilation of optionrom
   configure: enable cross compilation of vof
   configure: remove unused variables from config-host.mak

Thomas Huth (2):
   .gitlab-ci.d/container-cross: Fix RISC-V container dependencies / stages
   .gitlab-ci.d/crossbuilds: Fix the dependency of the cross-i386-tci job

  docs/devel/ci-jobs.rst.inc | 116 +++-
  docs/devel/ci.rst  |  11 +-
  docs/devel/submitting-a-patch.rst  |  36 +-
  docs/devel/testing.rst |   2 +
  configure  | 606 ++---
  Makefile   |   9 +-
  pc-bios/s390-ccw/netboot.mak   |   2 +-
  meson.build|   8 +-
  .gitlab-ci.d/base.yml  |  72 +++
  .gitlab-ci.d/buildtest-template.yml|  18 +-
  .gitlab-ci.d/buildtest.yml |  28 +-
  .gitlab-ci.d/cirrus.yml|  16 +-
  .gitlab-ci.d/container-cross.yml   |  24 +-
  .gitlab-ci.d/container-template.yml|   1 +
  .gitlab-ci.d/containers.yml|   3 +-
  .gitlab-ci.d/crossbuild-template.yml   |   3 +
  .gitlab-ci.d/crossbuilds.yml   |   2 +
  .gitlab-ci.d/qemu-project.yml  |   1 +
  .gitlab-ci.d/static_checks.yml |  19 +-
  .gitlab-ci.d/windows.yml   |   1 +
  pc-bios/meson.build|  17 +-
  pc-bios/optionrom/Makefile |   4 +-
  pc-bios/s390-ccw/Makefile  |   9 +-
  pc-bios/vof/Makefile   |  17 +-
  scripts/mtest2make.py  |   8 +-
  tests/Makefile.include |   4 +-
  tests/docker/Makefile.include  |   5 -
  tests/docker/dockerfiles/debian-amd64.docker   | 194 +--
  tests/docker/dockerfiles/debian-armel-cross.docker | 

[RFC PATCH v2 4/6] hw/i2c: add asynchronous send

[Klaus Jensen]

From: Klaus Jensen 

Add an asynchronous version of i2c_send() that requires the slave to
explicitly acknowledge on the bus with i2c_ack().

The current master must use the new i2c_start_send_async() to indicate
that it wants to do an asynchronous transfer. This allows the i2c core
to check if the target slave supports this or not. This approach relies
on adding a new enum i2c_event member, which is why a bunch of other
devices needs changes in their event handling switches.

Signed-off-by: Klaus Jensen 
---
 hw/arm/pxa2xx.c|  2 ++
 hw/display/sii9022.c   |  2 ++
 hw/display/ssd0303.c   |  2 ++
 hw/i2c/core.c  | 36 +++-
 hw/i2c/smbus_slave.c   |  4 
 hw/i2c/trace-events|  2 ++
 hw/misc/ibm-cffps.c|  2 ++
 hw/misc/ir35221.c  |  2 ++
 hw/nvram/eeprom_at24c.c|  2 ++
 hw/sensor/lsm303dlhc_mag.c |  2 ++
 include/hw/i2c/i2c.h   | 16 
 11 files changed, 71 insertions(+), 1 deletion(-)

diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index f4f687df68ef..93dda83d7aa9 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -1305,6 +1305,8 @@ static int pxa2xx_i2c_event(I2CSlave *i2c, enum i2c_event 
event)
 case I2C_NACK:
 s->status |= 1 << 1;   /* set ACKNAK */
 break;
+default:
+return -1;
 }
 pxa2xx_i2c_update(s);
 
diff --git a/hw/display/sii9022.c b/hw/display/sii9022.c
index b591a5878901..664fd4046d82 100644
--- a/hw/display/sii9022.c
+++ b/hw/display/sii9022.c
@@ -76,6 +76,8 @@ static int sii9022_event(I2CSlave *i2c, enum i2c_event event)
 break;
 case I2C_NACK:
 break;
+default:
+return -1;
 }
 
 return 0;
diff --git a/hw/display/ssd0303.c b/hw/display/ssd0303.c
index aeae22da9c29..d67b0ad7b529 100644
--- a/hw/display/ssd0303.c
+++ b/hw/display/ssd0303.c
@@ -196,6 +196,8 @@ static int ssd0303_event(I2CSlave *i2c, enum i2c_event 
event)
 case I2C_NACK:
 /* Nothing to do.  */
 break;
+default:
+return -1;
 }
 
 return 0;
diff --git a/hw/i2c/core.c b/hw/i2c/core.c
index 145dce60782a..d4ba8146bffb 100644
--- a/hw/i2c/core.c
+++ b/hw/i2c/core.c
@@ -161,7 +161,8 @@ static int i2c_do_start_transfer(I2CBus *bus, uint8_t 
address,
start condition.  */
 
 if (sc->event) {
-trace_i2c_event("start", s->address);
+trace_i2c_event(event == I2C_START_SEND ? "start" : "start_async",
+s->address);
 rv = sc->event(s, event);
 if (rv && !bus->broadcast) {
 if (bus_scanned) {
@@ -212,6 +213,11 @@ int i2c_start_send(I2CBus *bus, uint8_t address)
 return i2c_do_start_transfer(bus, address, I2C_START_SEND);
 }
 
+int i2c_start_send_async(I2CBus *bus, uint8_t address)
+{
+return i2c_do_start_transfer(bus, address, I2C_START_SEND_ASYNC);
+}
+
 void i2c_end_transfer(I2CBus *bus)
 {
 I2CSlaveClass *sc;
@@ -261,6 +267,23 @@ int i2c_send(I2CBus *bus, uint8_t data)
 return ret ? -1 : 0;
 }
 
+int i2c_send_async(I2CBus *bus, uint8_t data)
+{
+I2CNode *node = QLIST_FIRST(>current_devs);
+I2CSlave *slave = node->elt;
+I2CSlaveClass *sc = I2C_SLAVE_GET_CLASS(slave);
+
+if (!sc->send_async) {
+return -1;
+}
+
+trace_i2c_send_async(slave->address, data);
+
+sc->send_async(slave, data);
+
+return 0;
+}
+
 uint8_t i2c_recv(I2CBus *bus)
 {
 uint8_t data = 0xff;
@@ -297,6 +320,17 @@ void i2c_nack(I2CBus *bus)
 }
 }
 
+void i2c_ack(I2CBus *bus)
+{
+if (!bus->bh) {
+return;
+}
+
+trace_i2c_ack();
+
+qemu_bh_schedule(bus->bh);
+}
+
 static int i2c_slave_post_load(void *opaque, int version_id)
 {
 I2CSlave *dev = opaque;
diff --git a/hw/i2c/smbus_slave.c b/hw/i2c/smbus_slave.c
index 5d10e27664db..feb3ec633350 100644
--- a/hw/i2c/smbus_slave.c
+++ b/hw/i2c/smbus_slave.c
@@ -143,6 +143,10 @@ static int smbus_i2c_event(I2CSlave *s, enum i2c_event 
event)
 dev->mode = SMBUS_CONFUSED;
 break;
 }
+break;
+
+default:
+return -1;
 }
 
 return 0;
diff --git a/hw/i2c/trace-events b/hw/i2c/trace-events
index 209275ed2dc8..af181d43ee64 100644
--- a/hw/i2c/trace-events
+++ b/hw/i2c/trace-events
@@ -4,7 +4,9 @@
 
 i2c_event(const char *event, uint8_t address) "%s(addr:0x%02x)"
 i2c_send(uint8_t address, uint8_t data) "send(addr:0x%02x) data:0x%02x"
+i2c_send_async(uint8_t address, uint8_t data) "send_async(addr:0x%02x) 
data:0x%02x"
 i2c_recv(uint8_t address, uint8_t data) "recv(addr:0x%02x) data:0x%02x"
+i2c_ack(void) ""
 
 # aspeed_i2c.c
 
diff --git a/hw/misc/ibm-cffps.c b/hw/misc/ibm-cffps.c
index 042155bb7838..d69a727fd5f9 100644
--- a/hw/misc/ibm-cffps.c
+++ b/hw/misc/ibm-cffps.c
@@ -152,6 +152,8 @@ static int ibm_cffps_event(I2CSlave *i2c, enum i2c_event 
event)
 case I2C_FINISH:
  s->pointer = 0xFF;
 break;
+default:

Re: [PATCH v3 4/4] xlnx-zynqmp: fix the irq mapping for the display port and its dma

[Alistair Francis]

On Thu, Jun 2, 2022 at 3:29 AM  wrote:
>
> From: Frederic Konrad 
>
> When the display port has been initially implemented the device driver wasn't
> using interrupts.  Now that the display port driver waits for vblank interrupt
> it has been noticed that the irq mapping is wrong.  So use the value from the
> linux device tree and the ultrascale+ reference manual.
>
> Signed-off-by: Frederic Konrad 
> Reviewed-by: Edgar E. Iglesias 

Acked-by: Alistair Francis 

Alistair

> ---
>  hw/arm/xlnx-zynqmp.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
> index 375309e68e..383e177a00 100644
> --- a/hw/arm/xlnx-zynqmp.c
> +++ b/hw/arm/xlnx-zynqmp.c
> @@ -60,10 +60,10 @@
>  #define SERDES_SIZE 0x2
>
>  #define DP_ADDR 0xfd4a
> -#define DP_IRQ  113
> +#define DP_IRQ  0x77
>
>  #define DPDMA_ADDR  0xfd4c
> -#define DPDMA_IRQ   116
> +#define DPDMA_IRQ   0x7a
>
>  #define APU_ADDR0xfd5c
>  #define APU_IRQ 153
> --
> 2.25.1
>
>

[RFC PATCH v2 6/6] hw/misc: add a toy i2c echo device [DO NOT PULL]

[Klaus Jensen]

From: Klaus Jensen 

Add an example I2C device to demonstrate how a slave may master the bus
and send data asynchronously to another slave.

The device will echo whatever it is sent to the device identified by the
first byte received.

Signed-off-by: Klaus Jensen 
---
 hw/misc/i2c-echo.c  | 162 
 hw/misc/meson.build |   2 +
 2 files changed, 164 insertions(+)
 create mode 100644 hw/misc/i2c-echo.c

diff --git a/hw/misc/i2c-echo.c b/hw/misc/i2c-echo.c
new file mode 100644
index ..27992eff8c5b
--- /dev/null
+++ b/hw/misc/i2c-echo.c
@@ -0,0 +1,162 @@
+#include "qemu/osdep.h"
+#include "qemu/timer.h"
+#include "qemu/main-loop.h"
+#include "block/aio.h"
+#include "hw/i2c/i2c.h"
+
+#define TYPE_I2C_ECHO "i2c-echo"
+OBJECT_DECLARE_SIMPLE_TYPE(I2CEchoState, I2C_ECHO)
+
+enum i2c_echo_state {
+I2C_ECHO_STATE_IDLE,
+I2C_ECHO_STATE_REQUEST_MASTER,
+I2C_ECHO_STATE_START_SEND,
+I2C_ECHO_STATE_ACK,
+};
+
+typedef struct I2CEchoState {
+I2CSlave parent_obj;
+
+I2CBus *bus;
+
+enum i2c_echo_state state;
+QEMUBH *bh;
+
+unsigned int pos;
+uint8_t data[3];
+} I2CEchoState;
+
+static void i2c_echo_bh(void *opaque)
+{
+I2CEchoState *state = opaque;
+
+switch (state->state) {
+case I2C_ECHO_STATE_IDLE:
+return;
+
+case I2C_ECHO_STATE_REQUEST_MASTER:
+i2c_bus_master(state->bus, state->bh);
+state->state = I2C_ECHO_STATE_START_SEND;
+return;
+
+case I2C_ECHO_STATE_START_SEND:
+if (i2c_start_send_async(state->bus, state->data[0])) {
+goto release_bus;
+}
+
+state->pos++;
+state->state = I2C_ECHO_STATE_ACK;
+return;
+
+case I2C_ECHO_STATE_ACK:
+if (state->pos > 2) {
+break;
+}
+
+if (i2c_send_async(state->bus, state->data[state->pos++])) {
+break;
+}
+
+return;
+}
+
+
+i2c_end_transfer(state->bus);
+release_bus:
+i2c_bus_release(state->bus);
+
+state->state = I2C_ECHO_STATE_IDLE;
+}
+
+static int i2c_echo_event(I2CSlave *s, enum i2c_event event)
+{
+I2CEchoState *state = I2C_ECHO(s);
+
+switch (event) {
+case I2C_START_RECV:
+state->pos = 0;
+
+break;
+
+case I2C_START_SEND:
+state->pos = 0;
+
+break;
+
+case I2C_FINISH:
+state->pos = 0;
+state->state = I2C_ECHO_STATE_REQUEST_MASTER;
+qemu_bh_schedule(state->bh);
+
+break;
+
+case I2C_NACK:
+break;
+
+default:
+return -1;
+}
+
+return 0;
+}
+
+static uint8_t i2c_echo_recv(I2CSlave *s)
+{
+I2CEchoState *state = I2C_ECHO(s);
+
+if (state->pos > 2) {
+return 0xff;
+}
+
+return state->data[state->pos++];
+}
+
+static int i2c_echo_send(I2CSlave *s, uint8_t data)
+{
+I2CEchoState *state = I2C_ECHO(s);
+
+if (state->pos > 2) {
+return -1;
+}
+
+state->data[state->pos++] = data;
+
+return 0;
+}
+
+static void i2c_echo_realize(DeviceState *dev, Error **errp)
+{
+I2CEchoState *state = I2C_ECHO(dev);
+BusState *bus = qdev_get_parent_bus(dev);
+
+state->bus = I2C_BUS(bus);
+state->bh = qemu_bh_new(i2c_echo_bh, state);
+
+return;
+}
+
+static void i2c_echo_class_init(ObjectClass *oc, void *data)
+{
+I2CSlaveClass *sc = I2C_SLAVE_CLASS(oc);
+DeviceClass *dc = DEVICE_CLASS(oc);
+
+dc->realize = i2c_echo_realize;
+
+sc->event = i2c_echo_event;
+sc->recv = i2c_echo_recv;
+sc->send = i2c_echo_send;
+}
+
+static const TypeInfo i2c_echo = {
+.name = TYPE_I2C_ECHO,
+.parent = TYPE_I2C_SLAVE,
+.instance_size = sizeof(I2CEchoState),
+.class_init = i2c_echo_class_init,
+};
+
+static void register_types(void)
+{
+type_register_static(_echo);
+}
+
+type_init(register_types);
diff --git a/hw/misc/meson.build b/hw/misc/meson.build
index 0135d1975ceb..4132fe5e0bf7 100644
--- a/hw/misc/meson.build
+++ b/hw/misc/meson.build
@@ -125,6 +125,8 @@ softmmu_ss.add(when: 'CONFIG_NRF51_SOC', if_true: 
files('nrf51_rng.c'))
 
 softmmu_ss.add(when: 'CONFIG_GRLIB', if_true: files('grlib_ahb_apb_pnp.c'))
 
+softmmu_ss.add(when: 'CONFIG_I2C', if_true: files('i2c-echo.c'))
+
 specific_ss.add(when: 'CONFIG_AVR_POWER', if_true: files('avr_power.c'))
 
 specific_ss.add(when: 'CONFIG_IMX', if_true: files('imx6_src.c'))
-- 
2.36.1

[RFC PATCH v2 3/6] hw/i2c: support multiple masters

[Klaus Jensen]

From: Klaus Jensen 

Allow slaves to master the bus by registering a bottom halve. If the bus
is busy, the bottom halve is queued up. When a slave has succesfully
mastered the bus, the bottom halve is scheduled.

Signed-off-by: Klaus Jensen 
---
 hw/i2c/core.c| 34 +-
 include/hw/i2c/i2c.h | 14 ++
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/hw/i2c/core.c b/hw/i2c/core.c
index d0cb2d32fa44..145dce60782a 100644
--- a/hw/i2c/core.c
+++ b/hw/i2c/core.c
@@ -13,6 +13,7 @@
 #include "migration/vmstate.h"
 #include "qapi/error.h"
 #include "qemu/module.h"
+#include "qemu/main-loop.h"
 #include "trace.h"
 
 #define I2C_BROADCAST 0x00
@@ -62,6 +63,7 @@ I2CBus *i2c_init_bus(DeviceState *parent, const char *name)
 
 bus = I2C_BUS(qbus_new(TYPE_I2C_BUS, parent, name));
 QLIST_INIT(>current_devs);
+QSIMPLEQ_INIT(>pending_masters);
 vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, _i2c_bus, bus);
 return bus;
 }
@@ -74,7 +76,7 @@ void i2c_slave_set_address(I2CSlave *dev, uint8_t address)
 /* Return nonzero if bus is busy.  */
 int i2c_bus_busy(I2CBus *bus)
 {
-return !QLIST_EMPTY(>current_devs);
+return !QLIST_EMPTY(>current_devs) || bus->bh;
 }
 
 bool i2c_scan_bus(I2CBus *bus, uint8_t address, bool broadcast,
@@ -180,6 +182,26 @@ int i2c_start_transfer(I2CBus *bus, uint8_t address, bool 
is_recv)
: I2C_START_SEND);
 }
 
+void i2c_bus_master(I2CBus *bus, QEMUBH *bh)
+{
+if (i2c_bus_busy(bus)) {
+I2CPendingMaster *node = g_new(struct I2CPendingMaster, 1);
+node->bh = bh;
+
+QSIMPLEQ_INSERT_TAIL(>pending_masters, node, entry);
+
+return;
+}
+
+bus->bh = bh;
+qemu_bh_schedule(bus->bh);
+}
+
+void i2c_bus_release(I2CBus *bus)
+{
+bus->bh = NULL;
+}
+
 int i2c_start_recv(I2CBus *bus, uint8_t address)
 {
 return i2c_do_start_transfer(bus, address, I2C_START_RECV);
@@ -206,6 +228,16 @@ void i2c_end_transfer(I2CBus *bus)
 g_free(node);
 }
 bus->broadcast = false;
+
+if (!QSIMPLEQ_EMPTY(>pending_masters)) {
+I2CPendingMaster *node = QSIMPLEQ_FIRST(>pending_masters);
+bus->bh = node->bh;
+
+QSIMPLEQ_REMOVE_HEAD(>pending_masters, entry);
+g_free(node);
+
+qemu_bh_schedule(bus->bh);
+}
 }
 
 int i2c_send(I2CBus *bus, uint8_t data)
diff --git a/include/hw/i2c/i2c.h b/include/hw/i2c/i2c.h
index 5ca3b708c0be..be8bb8b78a60 100644
--- a/include/hw/i2c/i2c.h
+++ b/include/hw/i2c/i2c.h
@@ -69,13 +69,25 @@ struct I2CNode {
 QLIST_ENTRY(I2CNode) next;
 };
 
+typedef struct I2CPendingMaster I2CPendingMaster;
+
+struct I2CPendingMaster {
+QEMUBH *bh;
+QSIMPLEQ_ENTRY(I2CPendingMaster) entry;
+};
+
 typedef QLIST_HEAD(I2CNodeList, I2CNode) I2CNodeList;
+typedef QSIMPLEQ_HEAD(I2CPendingMasters, I2CPendingMaster) I2CPendingMasters;
 
 struct I2CBus {
 BusState qbus;
 I2CNodeList current_devs;
+I2CPendingMasters pending_masters;
 uint8_t saved_address;
 bool broadcast;
+
+/* Set from slave currently mastering the bus. */
+QEMUBH *bh;
 };
 
 I2CBus *i2c_init_bus(DeviceState *parent, const char *name);
@@ -117,6 +129,8 @@ int i2c_start_send(I2CBus *bus, uint8_t address);
 
 void i2c_end_transfer(I2CBus *bus);
 void i2c_nack(I2CBus *bus);
+void i2c_bus_master(I2CBus *bus, QEMUBH *bh);
+void i2c_bus_release(I2CBus *bus);
 int i2c_send(I2CBus *bus, uint8_t data);
 uint8_t i2c_recv(I2CBus *bus);
 bool i2c_scan_bus(I2CBus *bus, uint8_t address, bool broadcast,
-- 
2.36.1

[RFC PATCH v2 1/6] hw/i2c/aspeed: rework raise interrupt trace event

[Klaus Jensen]

From: Klaus Jensen 

Build a single string instead of having several parameters on the trace
event.

Suggested-by: Cédric Le Goater 
Signed-off-by: Klaus Jensen 
---
 hw/i2c/aspeed_i2c.c | 55 +++--
 hw/i2c/trace-events |  2 +-
 2 files changed, 44 insertions(+), 13 deletions(-)

diff --git a/hw/i2c/aspeed_i2c.c b/hw/i2c/aspeed_i2c.c
index 5fce516517a5..576425898b09 100644
--- a/hw/i2c/aspeed_i2c.c
+++ b/hw/i2c/aspeed_i2c.c
@@ -21,6 +21,7 @@
 #include "qemu/osdep.h"
 #include "hw/sysbus.h"
 #include "migration/vmstate.h"
+#include "qemu/cutils.h"
 #include "qemu/log.h"
 #include "qemu/module.h"
 #include "qemu/error-report.h"
@@ -31,6 +32,9 @@
 #include "hw/registerfields.h"
 #include "trace.h"
 
+#define ASPEED_I2C_TRACE_INTR_TEMPLATE \
+"pktdone|nak|ack|done|normal|abnormal|"
+
 static inline void aspeed_i2c_bus_raise_interrupt(AspeedI2CBus *bus)
 {
 AspeedI2CClass *aic = ASPEED_I2C_GET_CLASS(bus->controller);
@@ -38,23 +42,50 @@ static inline void 
aspeed_i2c_bus_raise_interrupt(AspeedI2CBus *bus)
 uint32_t intr_ctrl_reg = aspeed_i2c_bus_intr_ctrl_offset(bus);
 bool raise_irq;
 
-trace_aspeed_i2c_bus_raise_interrupt(bus->regs[reg_intr_sts],
-aspeed_i2c_bus_pkt_mode_en(bus) &&
-ARRAY_FIELD_EX32(bus->regs, I2CM_INTR_STS, PKT_CMD_DONE) ?
-   "pktdone|" : "",
-SHARED_ARRAY_FIELD_EX32(bus->regs, reg_intr_sts, TX_NAK) ? "nak|" : "",
-SHARED_ARRAY_FIELD_EX32(bus->regs, reg_intr_sts, TX_ACK) ? "ack|" : "",
-SHARED_ARRAY_FIELD_EX32(bus->regs, reg_intr_sts, RX_DONE) ? "done|"
-  : "",
-SHARED_ARRAY_FIELD_EX32(bus->regs, reg_intr_sts, NORMAL_STOP) ?
-"normal|" : "",
-SHARED_ARRAY_FIELD_EX32(bus->regs, reg_intr_sts, ABNORMAL) ? "abnormal"
-   : "");
+if (trace_event_get_state_backends(TRACE_ASPEED_I2C_BUS_RAISE_INTERRUPT)) {
+static const size_t BUF_SIZE = strlen(ASPEED_I2C_TRACE_INTR_TEMPLATE);
+g_autofree char *buf = g_malloc0(BUF_SIZE);
+
+/*
+ * Remember to update ASPEED_I2C_TRACE_INTR_TEMPLATE if you add a new
+ * status string.
+ */
+
+if (aspeed_i2c_bus_pkt_mode_en(bus) &&
+ARRAY_FIELD_EX32(bus->regs, I2CM_INTR_STS, PKT_CMD_DONE)) {
+pstrcat(buf, BUF_SIZE, "pktdone|");
+}
+
+if (SHARED_ARRAY_FIELD_EX32(bus->regs, reg_intr_sts, TX_NAK)) {
+pstrcat(buf, BUF_SIZE, "nak|");
+}
+
+if (SHARED_ARRAY_FIELD_EX32(bus->regs, reg_intr_sts, TX_ACK)) {
+pstrcat(buf, BUF_SIZE, "ack|");
+}
+
+if (SHARED_ARRAY_FIELD_EX32(bus->regs, reg_intr_sts, RX_DONE)) {
+pstrcat(buf, BUF_SIZE, "done|");
+}
+
+if (SHARED_ARRAY_FIELD_EX32(bus->regs, reg_intr_sts, NORMAL_STOP)) {
+pstrcat(buf, BUF_SIZE, "normal|");
+}
+
+if (SHARED_ARRAY_FIELD_EX32(bus->regs, reg_intr_sts, ABNORMAL)) {
+pstrcat(buf, BUF_SIZE, "abnormal|");
+}
+
+trace_aspeed_i2c_bus_raise_interrupt(bus->regs[reg_intr_sts], buf);
+}
+
 raise_irq = bus->regs[reg_intr_sts] & bus->regs[intr_ctrl_reg];
+
 /* In packet mode we don't mask off INTR_STS */
 if (!aspeed_i2c_bus_pkt_mode_en(bus)) {
 bus->regs[reg_intr_sts] &= bus->regs[intr_ctrl_reg];
 }
+
 if (raise_irq) {
 bus->controller->intr_status |= 1 << bus->id;
 qemu_irq_raise(aic->bus_get_irq(bus));
diff --git a/hw/i2c/trace-events b/hw/i2c/trace-events
index 85e4bddff936..209275ed2dc8 100644
--- a/hw/i2c/trace-events
+++ b/hw/i2c/trace-events
@@ -9,7 +9,7 @@ i2c_recv(uint8_t address, uint8_t data) "recv(addr:0x%02x) 
data:0x%02x"
 # aspeed_i2c.c
 
 aspeed_i2c_bus_cmd(uint32_t cmd, const char *cmd_flags, uint32_t count, 
uint32_t intr_status) "handling cmd=0x%x %s count=%d intr=0x%x"
-aspeed_i2c_bus_raise_interrupt(uint32_t intr_status, const char *str1, const 
char *str2, const char *str3, const char *str4, const char *str5, const char 
*str6) "handled intr=0x%x %s%s%s%s%s%s"
+aspeed_i2c_bus_raise_interrupt(uint32_t intr_status, const char *s) "handled 
intr=0x%x %s"
 aspeed_i2c_bus_read(uint32_t busid, uint64_t offset, unsigned size, uint64_t 
value) "bus[%d]: To 0x%" PRIx64 " of size %u: 0x%" PRIx64
 aspeed_i2c_bus_write(uint32_t busid, uint64_t offset, unsigned size, uint64_t 
value) "bus[%d]: To 0x%" PRIx64 " of size %u: 0x%" PRIx64
 aspeed_i2c_bus_send(const char *mode, int i, int count, uint8_t byte) "%s send 
%d/%d 0x%02x"
-- 
2.36.1

[RFC PATCH v2 2/6] hw/i2c/aspeed: add DEV_ADDR in old register mode

[Klaus Jensen]

From: Klaus Jensen 

Add support for writing and reading the device address register in old
register mode.

Signed-off-by: Klaus Jensen 
---
 hw/i2c/aspeed_i2c.c | 5 +++--
 include/hw/i2c/aspeed_i2c.h | 8 
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/hw/i2c/aspeed_i2c.c b/hw/i2c/aspeed_i2c.c
index 576425898b09..5a7eb5579b01 100644
--- a/hw/i2c/aspeed_i2c.c
+++ b/hw/i2c/aspeed_i2c.c
@@ -104,6 +104,7 @@ static uint64_t aspeed_i2c_bus_old_read(AspeedI2CBus *bus, 
hwaddr offset,
 case A_I2CD_AC_TIMING2:
 case A_I2CD_INTR_CTRL:
 case A_I2CD_INTR_STS:
+case A_I2CD_DEV_ADDR:
 case A_I2CD_POOL_CTRL:
 case A_I2CD_BYTE_BUF:
 /* Value is already set, don't do anything. */
@@ -741,8 +742,7 @@ static void aspeed_i2c_bus_old_write(AspeedI2CBus *bus, 
hwaddr offset,
 }
 break;
 case A_I2CD_DEV_ADDR:
-qemu_log_mask(LOG_UNIMP, "%s: slave mode not implemented\n",
-  __func__);
+bus->regs[R_I2CD_DEV_ADDR] = value;
 break;
 case A_I2CD_POOL_CTRL:
 bus->regs[R_I2CD_POOL_CTRL] &= ~0xff;
@@ -1060,6 +1060,7 @@ static void aspeed_i2c_bus_reset(DeviceState *dev)
 
 s->regs[R_I2CD_INTR_CTRL] = 0;
 s->regs[R_I2CD_INTR_STS] = 0;
+s->regs[R_I2CD_DEV_ADDR] = 0;
 s->regs[R_I2CD_CMD] = 0;
 s->regs[R_I2CD_BYTE_BUF] = 0;
 s->regs[R_I2CD_DMA_ADDR] = 0;
diff --git a/include/hw/i2c/aspeed_i2c.h b/include/hw/i2c/aspeed_i2c.h
index 79c6779c6c1e..03fe829a3a57 100644
--- a/include/hw/i2c/aspeed_i2c.h
+++ b/include/hw/i2c/aspeed_i2c.h
@@ -297,6 +297,14 @@ static inline uint32_t 
aspeed_i2c_bus_cmd_offset(AspeedI2CBus *bus)
 return R_I2CD_CMD;
 }
 
+static inline uint32_t aspeed_i2c_bus_dev_addr_offset(AspeedI2CBus *bus)
+{
+if (aspeed_i2c_is_new_mode(bus->controller)) {
+return R_I2CS_DEV_ADDR;
+}
+return R_I2CD_DEV_ADDR;
+}
+
 static inline uint32_t aspeed_i2c_bus_intr_ctrl_offset(AspeedI2CBus *bus)
 {
 if (aspeed_i2c_is_new_mode(bus->controller)) {
-- 
2.36.1

[RFC PATCH v2 5/6] hw/i2c/aspeed: add slave device in old register mode

[Klaus Jensen]

From: Klaus Jensen 

Add slave mode functionality for the Aspeed I2C controller in old
register mode. This is implemented by realizing an I2C slave device
owned by the I2C controller and attached to its own bus.

The I2C slave device only implements asynchronous sends on the bus, so
slaves not supporting that will not be able to communicate with it.

Signed-off-by: Klaus Jensen 
---
 hw/i2c/aspeed_i2c.c | 94 +
 include/hw/i2c/aspeed_i2c.h |  8 
 2 files changed, 92 insertions(+), 10 deletions(-)

diff --git a/hw/i2c/aspeed_i2c.c b/hw/i2c/aspeed_i2c.c
index 5a7eb5579b01..5904d5567bd2 100644
--- a/hw/i2c/aspeed_i2c.c
+++ b/hw/i2c/aspeed_i2c.c
@@ -33,7 +33,7 @@
 #include "trace.h"
 
 #define ASPEED_I2C_TRACE_INTR_TEMPLATE \
-"pktdone|nak|ack|done|normal|abnormal|"
+"pktdone|nak|ack|done|slave-match|normal|abnormal|"
 
 static inline void aspeed_i2c_bus_raise_interrupt(AspeedI2CBus *bus)
 {
@@ -68,6 +68,10 @@ static inline void 
aspeed_i2c_bus_raise_interrupt(AspeedI2CBus *bus)
 pstrcat(buf, BUF_SIZE, "done|");
 }
 
+if (ARRAY_FIELD_EX32(bus->regs, I2CD_INTR_STS, SLAVE_ADDR_RX_MATCH)) {
+pstrcat(buf, BUF_SIZE, "slave-match|");
+}
+
 if (SHARED_ARRAY_FIELD_EX32(bus->regs, reg_intr_sts, NORMAL_STOP)) {
 pstrcat(buf, BUF_SIZE, "normal|");
 }
@@ -710,9 +714,7 @@ static void aspeed_i2c_bus_old_write(AspeedI2CBus *bus, 
hwaddr offset,
 switch (offset) {
 case A_I2CD_FUN_CTRL:
 if (SHARED_FIELD_EX32(value, SLAVE_EN)) {
-qemu_log_mask(LOG_UNIMP, "%s: slave mode not implemented\n",
-  __func__);
-break;
+i2c_slave_set_address(bus->slave, bus->regs[R_I2CD_DEV_ADDR]);
 }
 bus->regs[R_I2CD_FUN_CTRL] = value & 0x0071C3FF;
 break;
@@ -733,12 +735,14 @@ static void aspeed_i2c_bus_old_write(AspeedI2CBus *bus, 
hwaddr offset,
 bus->controller->intr_status &= ~(1 << bus->id);
 qemu_irq_lower(aic->bus_get_irq(bus));
 }
-if (handle_rx && (SHARED_ARRAY_FIELD_EX32(bus->regs, R_I2CD_CMD,
-  M_RX_CMD) ||
-  SHARED_ARRAY_FIELD_EX32(bus->regs, R_I2CD_CMD,
-  M_S_RX_CMD_LAST))) {
-aspeed_i2c_handle_rx_cmd(bus);
-aspeed_i2c_bus_raise_interrupt(bus);
+if (handle_rx) {
+if (SHARED_ARRAY_FIELD_EX32(bus->regs, R_I2CD_CMD, M_RX_CMD) ||
+SHARED_ARRAY_FIELD_EX32(bus->regs, R_I2CD_CMD, 
M_S_RX_CMD_LAST)) {
+aspeed_i2c_handle_rx_cmd(bus);
+aspeed_i2c_bus_raise_interrupt(bus);
+} else if (aspeed_i2c_get_state(bus) == I2CD_STXD) {
+i2c_ack(bus->bus);
+}
 }
 break;
 case A_I2CD_DEV_ADDR:
@@ -1054,6 +1058,73 @@ static const TypeInfo aspeed_i2c_info = {
 .abstract   = true,
 };
 
+static int aspeed_i2c_bus_slave_event(I2CSlave *slave, enum i2c_event event)
+{
+BusState *qbus = qdev_get_parent_bus(DEVICE(slave));
+AspeedI2CBus *bus = ASPEED_I2C_BUS(qbus->parent);
+uint32_t reg_intr_sts = aspeed_i2c_bus_intr_sts_offset(bus);
+uint32_t reg_byte_buf = aspeed_i2c_bus_byte_buf_offset(bus);
+uint32_t value;
+
+switch (event) {
+case I2C_START_SEND_ASYNC:
+value = SHARED_ARRAY_FIELD_EX32(bus->regs, reg_byte_buf, TX_BUF);
+SHARED_ARRAY_FIELD_DP32(bus->regs, reg_byte_buf, RX_BUF, value << 1);
+
+ARRAY_FIELD_DP32(bus->regs, I2CD_INTR_STS, SLAVE_ADDR_RX_MATCH, 1);
+SHARED_ARRAY_FIELD_DP32(bus->regs, reg_intr_sts, RX_DONE, 1);
+
+aspeed_i2c_set_state(bus, I2CD_STXD);
+
+break;
+
+case I2C_FINISH:
+SHARED_ARRAY_FIELD_DP32(bus->regs, reg_intr_sts, NORMAL_STOP, 1);
+
+aspeed_i2c_set_state(bus, I2CD_IDLE);
+
+break;
+
+default:
+return -1;
+}
+
+aspeed_i2c_bus_raise_interrupt(bus);
+
+return 0;
+}
+
+static void aspeed_i2c_bus_slave_send_async(I2CSlave *slave, uint8_t data)
+{
+BusState *qbus = qdev_get_parent_bus(DEVICE(slave));
+AspeedI2CBus *bus = ASPEED_I2C_BUS(qbus->parent);
+uint32_t reg_intr_sts = aspeed_i2c_bus_intr_sts_offset(bus);
+uint32_t reg_byte_buf = aspeed_i2c_bus_byte_buf_offset(bus);
+
+SHARED_ARRAY_FIELD_DP32(bus->regs, reg_byte_buf, RX_BUF, data);
+SHARED_ARRAY_FIELD_DP32(bus->regs, reg_intr_sts, RX_DONE, 1);
+
+aspeed_i2c_bus_raise_interrupt(bus);
+}
+
+static void aspeed_i2c_bus_slave_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+I2CSlaveClass *sc = I2C_SLAVE_CLASS(klass);
+
+dc->desc = "Aspeed I2C Bus Slave";
+
+sc->event = aspeed_i2c_bus_slave_event;
+sc->send_async = aspeed_i2c_bus_slave_send_async;
+}
+
+static const TypeInfo aspeed_i2c_bus_slave_info = {
+.name   = 

[RFC PATCH v2 0/6] hw/i2c: i2c slave mode support

[Klaus Jensen]

From: Klaus Jensen 

Hi all,

This RFC series adds I2C "slave mode" support for the Aspeed I2C
controller as well as the necessary infrastructure in the i2c core to
support this.

v2 changes
~~
I finally got around to working on this again. I'm sorry for not
bringing a v2 to the table earlier.

Mad props to Peter and Jonathan for putting this series to work and
pushing it forward! Thanks!

This series is based off Cédric's aspeed-7.1 tree, so it includes the
register fields. This is all "old register mode", but Peter seems to
have added support in new mode.

There are some loose ends of course, i.e send_async doesn't handle
broadcast and asynchronous slaves being sent stuff can't nack. But I
wanted to get some feedback on the interface before I tackle that.

This series
~~~
Patch 1 and 2 are small Aspeed I2C changes/additions.

Patch 3 adds support for multiple masters in the i2c core, allowing
slaves to master the bus and (safely) issue i2c_send/recv().

Patch 4 adds an asynchronous send i2c_send_async(I2CBus *, uint8) on the
bus that must be paired with an explicit ack using i2c_ack(I2CBus *). We
have previously discussed how we wanted to handle the issue that some
slaves implement this and some do not. Using a QOM interface was up, but
couldn't figure out a good way to do it. I ended up decided against it
since I believe this have to be a run-time check anyway. The problem is
that a slave can master the bus and try to communicate with *anyone* on
the bus - and there is no reason why we should only allow asynchronous
slaves on the bus in that case, or whatever we would want to do when
devices are plugged. So, instead, the current master can issue an
i2c_start_send() and if that fails (because it isnt implemented by the
target slave) it can either bail out or use i2c_start_send_async() if it
itself supports it. This works the other way around as well of course,
but it is probably simpler to handle slaves that respond to
i2c_start_send(). This approach relies on adding a new i2c_event, which
is why a bunch of other devices needs changes in their event handling.

Patch 5 adds *partial* slave mode functionality to the emulated Aspeed
I2C controller, that is, it only supports asynchronous sends started by
another slave that is currently mastering the bus. No asynchronous
receive.

Finally, patch 6 adds an example device using this new API. The device
is a simple "echo" device that upon being sent a set of bytes uses the
first byte as the address of the slave to echo to.

With this combined I am able to boot up Linux on an emulated Aspeed 2600
evaluation board and have the i2c echo device write into a Linux slave
EEPROM. Assuming the echo device is on address 0x42:

  # echo slave-24c02 0x1064 > /sys/bus/i2c/devices/i2c-15/new_device
  i2c i2c-15: new_device: Instantiated device slave-24c02 at 0x64
  # i2cset -y 15 0x42 0x64 0x00 0xaa i
  # hexdump /sys/bus/i2c/devices/15-1064/slave-eeprom
  000 ffaa       
  010        
  *
  100

Klaus Jensen (6):
  hw/i2c/aspeed: rework raise interrupt trace event
  hw/i2c/aspeed: add DEV_ADDR in old register mode
  hw/i2c: support multiple masters
  hw/i2c: add asynchronous send
  hw/i2c/aspeed: add slave device in old register mode
  hw/misc: add a toy i2c echo device [DO NOT PULL]

 hw/arm/pxa2xx.c |   2 +
 hw/display/sii9022.c|   2 +
 hw/display/ssd0303.c|   2 +
 hw/i2c/aspeed_i2c.c | 152 -
 hw/i2c/core.c   |  70 +++-
 hw/i2c/smbus_slave.c|   4 +
 hw/i2c/trace-events |   4 +-
 hw/misc/i2c-echo.c  | 162 
 hw/misc/ibm-cffps.c |   2 +
 hw/misc/ir35221.c   |   2 +
 hw/misc/meson.build |   2 +
 hw/nvram/eeprom_at24c.c |   2 +
 hw/sensor/lsm303dlhc_mag.c  |   2 +
 include/hw/i2c/aspeed_i2c.h |  16 
 include/hw/i2c/i2c.h|  30 +++
 15 files changed, 428 insertions(+), 26 deletions(-)
 create mode 100644 hw/misc/i2c-echo.c

-- 
2.36.1

Re: [PATCH] tpm_crb: mark command buffer as dirty on request completion

[Stefan Berger]

On 4/11/22 10:47, Anthony PERARD via wrote:

From: Anthony PERARD 

At the moment, there doesn't seems to be any way to know that QEMU
made modification to the command buffer. This is potentially an issue
on Xen while migrating a guest, as modification to the buffer after
the migration as started could be ignored and not transfered to the
destination.

Mark the memory region of the command buffer as dirty once a request
is completed.

Signed-off-by: Anthony PERARD 

Reviewed-by: Stefan Berger 




---

I have only read code to find out whether the tpm-crb device was fine
with regards to migration, and I don't think there's anything that
could mark the memory region as dirty once a request is completed.

There is one call to memory_region_get_ram_ptr(), but nothing seems to
be done with the pointer is regards to ram migration. Am I wrong?

Thanks.
---
  hw/tpm/tpm_crb.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/hw/tpm/tpm_crb.c b/hw/tpm/tpm_crb.c
index aa9c00aad3..67db594c48 100644
--- a/hw/tpm/tpm_crb.c
+++ b/hw/tpm/tpm_crb.c
@@ -197,6 +197,7 @@ static void tpm_crb_request_completed(TPMIf *ti, int ret)
  ARRAY_FIELD_DP32(s->regs, CRB_CTRL_STS,
   tpmSts, 1); /* fatal error */
  }
+memory_region_set_dirty(>cmdmem, 0, CRB_CTRL_CMD_SIZE);
  }

  static enum TPMVersion tpm_crb_get_version(TPMIf *ti)

[PATCH qemu] target/i386: Fix x86_cpu_get_supported_cpuid parameter error in cpu_x86_cpuid

[~xiangyi]

From: Xiangyi Meng 

count should be the second parameter of x86_cpu_get_supported_cpuid.
If not, when guest is querying 0x12H related CPUID leafs, any of the
four registers will possibly be zero, incurring some strange behaviors, like,
virtual SGX is enabled by the user but the guest OS reports SGX1 instruction
is not supported, etc.

Signed-off-by: Xiangyi Meng 
---
 target/i386/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index bb6a5dd498..9fdfec9d8b 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5559,7 +5559,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
  * supports.  Features can be further restricted by userspace, but not
  * made more permissive.
  */
-x86_cpu_get_supported_cpuid(0x12, index, eax, ebx, ecx, edx);
+x86_cpu_get_supported_cpuid(0x12, count, eax, ebx, ecx, edx);
 
 if (count == 0) {
 *eax &= env->features[FEAT_SGX_12_0_EAX];
-- 
2.34.2

Re: [PATCH v10 13/14] vfio-user: handle device interrupts

[Jag Raman]

On Jun 1, 2022, at 2:30 PM, Alex Williamson 
mailto:alex.william...@redhat.com>> wrote:

On Wed, 1 Jun 2022 18:01:39 +
Jag Raman mailto:jag.ra...@oracle.com>> wrote:

On Jun 1, 2022, at 1:26 PM, Alex Williamson 
mailto:alex.william...@redhat.com>> wrote:

On Wed, 1 Jun 2022 17:00:54 +
Jag Raman mailto:jag.ra...@oracle.com>> wrote:

Hi Alex,

Just to add some more detail, the emulated PCI device in QEMU presently
maintains a MSIx table (PCIDevice->msix_table) and Pending Bit Array. In the
present VFIO PCI device implementation, QEMU leverages the same
MSIx table for interrupt masking/unmasking. The backend PCI device (such as
the passthru device) always thinks that the interrupt is unmasked and lets
QEMU manage masking.

Whereas in the vfio-user case, the client additionally pushes a copy of
emulated PCI device’s table downstream to the remote device. We did this
to allow a small set of devices (such as e1000e) to clear the
PBA (msix_clr_pending()). Secondly, the remote device uses its copy of the
MSIx table to determine if interrupt should be triggered - this would prevent
an interrupt from being sent to the client unnecessarily if it's masked.

We are wondering if pushing the MSIx table to the remote device and
reading PBA from it would diverge from the VFIO protocol specification?

From your comment, I understand it’s similar to VFIO protocol because VFIO
clients could mask an interrupt using VFIO_DEVICE_SET_IRQS ioctl +
VFIO_IRQ_SET_ACTION_MASK / _UNMASK flags. I observed that QEMU presently
does not use this approach and the kernel does not support it for MSI.

I believe the SET_IRQS ioctl definition is pre-enabled to support
masking and unmasking, we've just lacked kernel support to mask at the
device which leads to the hybrid approach we have today. Our intention
would be to use the current uAPI, to provide that masking support, at
which point we'd leave the PBA mapped to the device.

Thank you for clarifying!


So whether your proposal diverges from the VFIO uAPI depends on what
you mean by "pushing the MSIx table to the remote device". If that's
done by implementing the existing SET_IRQS masking support, then you're
spot on. OTOH, if you're actually pushing a copy of the MSIx table
from the client, that's certainly not how I had envisioned the kernel

In the current implementation - when the guest accesses the MSIx table and
PBA, the client passes these accesses through to the remote device.

I suppose you can do this because you don't need some means for the
client to register a notification mechanism for the interrupt, you can
already send notifications via the socket. But this is now a
divergence from the kernel vfio uapi and eliminates what is intended to
be a device agnostic interrupt interface.

If we switch to using SET_IRQS approach, we could use SET_IRQS
message for masking/unmasking, but still pass through the the PBA
access to the backend PCI device.

Yes.

So I think the question is, if we should switch vfio-user to SET_IRQS
now for masking or unmasking, or whenever QEMU does it in the future?
The PBA access would remain the same as it’s now - via device BAR.

I apologize that I'm constantly overwhelmed with requests that I
haven't reviewed it, but it seems like the client side would be far
more compliant to the vfio kernel interface if vfio-user did implement
an interpretation of the SET_IRQS ioctl. Potentially couldn't you also

Thanks for confirming! We’ll explore using SET_IRQS for masking
and unmasking.

make use of eventfds or define other data types to pass that would give
the client more flexibility in receiving interrupts? Thanks,

I think the libvfio-user library already uses eventfds to pass interrupts
to the client.

--
Jag


Alex

[PULL 20/33] configure: handle host compiler in probe_target_compiler

[Alex Bennée]

From: Paolo Bonzini 

In preparation for handling more binaries than just cc, handle
the case of "probe_target_compiler $cpu" directly in the function,
setting the target_* variables based on the ones that are used to
build QEMU.  The clang check also needs to be moved after this
fallback.

Signed-off-by: Paolo Bonzini 
Reviewed-by: Richard Henderson 
Message-Id: <20220517092616.1272238-10-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-21-alex.ben...@linaro.org>

diff --git a/configure b/configure
index fbf6d39f96..217c8b3cac 100755
--- a/configure
+++ b/configure
@@ -954,10 +954,6 @@ case $git_submodules_action in
 ;;
 esac
 
-if eval test -z "\${cross_cc_$cpu}"; then
-eval "cross_cc_${cpu}=\$cc"
-fi
-
 default_target_list=""
 mak_wilds=""
 
@@ -2008,13 +2004,6 @@ probe_target_compiler() {
   if eval test -n "\"\${cross_cc_$1}\""; then
 if eval has "\"\${cross_cc_$1}\""; then
   eval "target_cc=\"\${cross_cc_$1}\""
-  case $1 in
-i386|x86_64)
-  if $target_cc --version | grep -qi "clang"; then
-unset target_cc
-  fi
-  ;;
-  esac
 fi
   fi
   if eval test -n "\"\${cross_as_$1}\""; then
@@ -2027,6 +2016,20 @@ probe_target_compiler() {
   eval "target_ld=\"\${cross_ld_$1}\""
 fi
   fi
+  if test "$1" = $cpu; then
+: ${target_cc:=$cc}
+: ${target_as:=$as}
+: ${target_ld:=$ld}
+  fi
+  if test -n "$target_cc"; then
+case $1 in
+  i386|x86_64)
+if $target_cc --version | grep -qi "clang"; then
+  unset target_cc
+fi
+;;
+esac
+  fi
 }
 
 write_target_makefile() {
-- 
2.30.2

[PULL 23/33] configure: move symlink configuration earlier

[Alex Bennée]

From: Paolo Bonzini 

Ensure that the pc-bios/optionrom and pc-bios/s390-ccw directory
exist at the time when we'll write out the compiler configuration
for them.

Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
Message-Id: <20220517092616.1272238-13-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-24-alex.ben...@linaro.org>

diff --git a/configure b/configure
index ced8283b98..aa17b0fa55 100755
--- a/configure
+++ b/configure
@@ -2190,6 +2190,30 @@ if test "$QEMU_GA_VERSION" = ""; then
 QEMU_GA_VERSION=$(cat $source_path/VERSION)
 fi
 
+# Set up build tree symlinks that point back into the source tree
+# (these can be both files and directories).
+# Caution: avoid adding files or directories here using wildcards. This
+# will result in problems later if a new file matching the wildcard is
+# added to the source tree -- nothing will cause configure to be rerun
+# so the build tree will be missing the link back to the new file, and
+# tests might fail. Prefer to keep the relevant files in their own
+# directory and symlink the directory instead.
+LINKS="Makefile"
+LINKS="$LINKS tests/tcg/Makefile.target"
+LINKS="$LINKS pc-bios/optionrom/Makefile"
+LINKS="$LINKS pc-bios/s390-ccw/Makefile"
+LINKS="$LINKS .gdbinit scripts" # scripts needed by relative path in .gdbinit
+LINKS="$LINKS tests/avocado tests/data"
+LINKS="$LINKS tests/qemu-iotests/check"
+LINKS="$LINKS python"
+LINKS="$LINKS contrib/plugins/Makefile "
+for f in $LINKS ; do
+if [ -e "$source_path/$f" ]; then
+mkdir -p `dirname ./$f`
+symlink "$source_path/$f" "$f"
+fi
+done
+
 # Mac OS X ships with a broken assembler
 roms=
 if { test "$cpu" = "i386" || test "$cpu" = "x86_64"; } && \
@@ -2408,31 +2432,6 @@ if test "$safe_stack" = "yes"; then
   echo "CONFIG_SAFESTACK=y" >> $config_host_mak
 fi
 
-# If we're using a separate build tree, set it up now.
-# LINKS are things to symlink back into the source tree
-# (these can be both files and directories).
-# Caution: do not add files or directories here using wildcards. This
-# will result in problems later if a new file matching the wildcard is
-# added to the source tree -- nothing will cause configure to be rerun
-# so the build tree will be missing the link back to the new file, and
-# tests might fail. Prefer to keep the relevant files in their own
-# directory and symlink the directory instead.
-LINKS="Makefile"
-LINKS="$LINKS tests/tcg/Makefile.target"
-LINKS="$LINKS pc-bios/optionrom/Makefile"
-LINKS="$LINKS pc-bios/s390-ccw/Makefile"
-LINKS="$LINKS .gdbinit scripts" # scripts needed by relative path in .gdbinit
-LINKS="$LINKS tests/avocado tests/data"
-LINKS="$LINKS tests/qemu-iotests/check"
-LINKS="$LINKS python"
-LINKS="$LINKS contrib/plugins/Makefile "
-for f in $LINKS ; do
-if [ -e "$source_path/$f" ]; then
-mkdir -p `dirname ./$f`
-symlink "$source_path/$f" "$f"
-fi
-done
-
 # tests/tcg configuration
 (makefile=tests/tcg/Makefile.prereqs
 echo "# Automatically generated by configure - do not modify" > $makefile
-- 
2.30.2

[PULL 15/33] build: do a full build before running TCG tests

[Alex Bennée]

From: Paolo Bonzini 

TCG tests need both QEMU and firmware to be built, so do "ninja all" before
trying to run them.

Signed-off-by: Paolo Bonzini 
Reviewed-by: Richard Henderson 
Message-Id: <20220517092616.1272238-5-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-16-alex.ben...@linaro.org>

diff --git a/tests/Makefile.include b/tests/Makefile.include
index ec84b2ebc0..72ce0561f4 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -57,7 +57,7 @@ $(TCG_TESTS_TARGETS:%=build-tcg-tests-%): build-tcg-tests-%: 
$(BUILD_DIR)/tests/
 "BUILD","$* guest-tests")
 
 .PHONY: $(TCG_TESTS_TARGETS:%=run-tcg-tests-%)
-$(TCG_TESTS_TARGETS:%=run-tcg-tests-%): run-tcg-tests-%: build-tcg-tests-% 
$(if $(CONFIG_PLUGIN),test-plugins)
+$(TCG_TESTS_TARGETS:%=run-tcg-tests-%): run-tcg-tests-%: build-tcg-tests-%
$(call quiet-command, \
$(MAKE) -C tests/tcg/$* -f ../Makefile.target $(SUBDIR_MAKEFLAGS) \
 TARGET="$*" SRC_PATH="$(SRC_PATH)" SPEED=$(SPEED) run, 
\
@@ -74,6 +74,7 @@ $(TCG_TESTS_TARGETS:%=clean-tcg-tests-%): clean-tcg-tests-%:
 build-tcg: $(BUILD_TCG_TARGET_RULES)
 
 .PHONY: check-tcg
+.ninja-goals.check-tcg = all $(if $(CONFIG_PLUGIN),test-plugins)
 check-tcg: $(RUN_TCG_TARGET_RULES)
 
 .PHONY: clean-tcg
-- 
2.30.2

Re: [PATCH v10 13/14] vfio-user: handle device interrupts

[Alex Williamson]

On Wed, 1 Jun 2022 18:01:39 +
Jag Raman  wrote:

> > On Jun 1, 2022, at 1:26 PM, Alex Williamson  
> > wrote:
> > 
> > On Wed, 1 Jun 2022 17:00:54 +
> > Jag Raman  wrote:  
> >> 
> >> Hi Alex,
> >> 
> >> Just to add some more detail, the emulated PCI device in QEMU presently
> >> maintains a MSIx table (PCIDevice->msix_table) and Pending Bit Array. In 
> >> the
> >> present VFIO PCI device implementation, QEMU leverages the same
> >> MSIx table for interrupt masking/unmasking. The backend PCI device (such as
> >> the passthru device) always thinks that the interrupt is unmasked and lets
> >> QEMU manage masking.
> >> 
> >> Whereas in the vfio-user case, the client additionally pushes a copy of
> >> emulated PCI device’s table downstream to the remote device. We did this
> >> to allow a small set of devices (such as e1000e) to clear the
> >> PBA (msix_clr_pending()). Secondly, the remote device uses its copy of the
> >> MSIx table to determine if interrupt should be triggered - this would 
> >> prevent
> >> an interrupt from being sent to the client unnecessarily if it's masked.
> >> 
> >> We are wondering if pushing the MSIx table to the remote device and
> >> reading PBA from it would diverge from the VFIO protocol specification?
> >> 
> >> From your comment, I understand it’s similar to VFIO protocol because VFIO
> >> clients could mask an interrupt using VFIO_DEVICE_SET_IRQS ioctl +
> >> VFIO_IRQ_SET_ACTION_MASK / _UNMASK flags. I observed that QEMU presently
> >> does not use this approach and the kernel does not support it for MSI.  
> > 
> > I believe the SET_IRQS ioctl definition is pre-enabled to support
> > masking and unmasking, we've just lacked kernel support to mask at the
> > device which leads to the hybrid approach we have today.  Our intention
> > would be to use the current uAPI, to provide that masking support, at
> > which point we'd leave the PBA mapped to the device.  
> 
> Thank you for clarifying!
> 
> > 
> > So whether your proposal diverges from the VFIO uAPI depends on what
> > you mean by "pushing the MSIx table to the remote device".  If that's
> > done by implementing the existing SET_IRQS masking support, then you're
> > spot on.  OTOH, if you're actually pushing a copy of the MSIx table
> > from the client, that's certainly not how I had envisioned the kernel  
> 
> In the current implementation - when the guest accesses the MSIx table and
> PBA, the client passes these accesses through to the remote device.

I suppose you can do this because you don't need some means for the
client to register a notification mechanism for the interrupt, you can
already send notifications via the socket.  But this is now a
divergence from the kernel vfio uapi and eliminates what is intended to
be a device agnostic interrupt interface.

> If we switch to using SET_IRQS approach, we could use SET_IRQS
> message for masking/unmasking, but still pass through the the PBA
> access to the backend PCI device.

Yes.

> So I think the question is, if we should switch vfio-user to SET_IRQS
> now for masking or unmasking, or whenever QEMU does it in the future?
> The PBA access would remain the same as it’s now - via device BAR.

I apologize that I'm constantly overwhelmed with requests that I
haven't reviewed it, but it seems like the client side would be far
more compliant to the vfio kernel interface if vfio-user did implement
an interpretation of the SET_IRQS ioctl.  Potentially couldn't you also
make use of eventfds or define other data types to pass that would give
the client more flexibility in receiving interrupts?  Thanks,

Alex

[PULL 30/33] gitlab: convert static checks to .base_job_template

[Alex Bennée]

From: Daniel P. Berrangé 

This folds the static checks into using the base job
template rules, introducing one new variable

 - QEMU_JOB_ONLY_FORKS - a job that should never run
   on an upstream pipeline. The information it reports
   is only applicable to contributors in a pre-submission
   scenario, not time of merge.

Signed-off-by: Daniel P. Berrangé 
Message-Id: <20220526110705.59952-4-berra...@redhat.com>
[AJB: fix typo]
Signed-off-by: Alex Bennée 
Reviewed-by: Thomas Huth 
Message-Id: <20220527153603.887929-31-alex.ben...@linaro.org>

diff --git a/docs/devel/ci-jobs.rst.inc b/docs/devel/ci-jobs.rst.inc
index a539f502da..4c7e30ab08 100644
--- a/docs/devel/ci-jobs.rst.inc
+++ b/docs/devel/ci-jobs.rst.inc
@@ -66,6 +66,13 @@ by default due to need to conserve limited CI resources. It 
is
 available to be started manually by the contributor in the CI
 pipelines UI.
 
+QEMU_JOB_ONLY_FORKS
+~~~
+
+The job results are only of interest to contributors prior to
+submitting code. They are not required as part of the gating
+CI pipeline.
+
 Contributor controlled runtime variables
 
 
diff --git a/.gitlab-ci.d/base.yml b/.gitlab-ci.d/base.yml
index 5734caf9fe..e6953c77ae 100644
--- a/.gitlab-ci.d/base.yml
+++ b/.gitlab-ci.d/base.yml
@@ -16,6 +16,10 @@
 - if: '$QEMU_JOB_CIRRUS && ($CIRRUS_GITHUB_REPO == "" || $CIRRUS_API_TOKEN 
== "")'
   when: never
 
+# Jobs only intended for forks should always be skipped on upstream
+- if: '$QEMU_JOB_ONLY_FORKS == "1" && $CI_PROJECT_NAMESPACE == 
"qemu-project"'
+  when: never
+
 
 #
 # Stage 2: fine tune execution of jobs in specific scenarios
diff --git a/.gitlab-ci.d/static_checks.yml b/.gitlab-ci.d/static_checks.yml
index 94858e3272..289ad1359e 100644
--- a/.gitlab-ci.d/static_checks.yml
+++ b/.gitlab-ci.d/static_checks.yml
@@ -1,4 +1,5 @@
 check-patch:
+  extends: .base_job_template
   stage: build
   image: python:3.10-alpine
   needs: []
@@ -6,15 +7,13 @@ check-patch:
 - .gitlab-ci.d/check-patch.py
   variables:
 GIT_DEPTH: 1000
+QEMU_JOB_ONLY_FORKS: 1
   before_script:
 - apk -U add git perl
-  rules:
-- if: '$CI_PROJECT_NAMESPACE == "qemu-project"'
-  when: never
-- when: on_success
-  allow_failure: true
+  allow_failure: true
 
 check-dco:
+  extends: .base_job_template
   stage: build
   image: python:3.10-alpine
   needs: []
@@ -23,12 +22,9 @@ check-dco:
 GIT_DEPTH: 1000
   before_script:
 - apk -U add git
-  rules:
-- if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH == 
$CI_DEFAULT_BRANCH'
-  when: never
-- when: on_success
 
 check-python-pipenv:
+  extends: .base_job_template
   stage: test
   image: $CI_REGISTRY_IMAGE/qemu/python:latest
   script:
@@ -39,6 +35,7 @@ check-python-pipenv:
 job: python-container
 
 check-python-tox:
+  extends: .base_job_template
   stage: test
   image: $CI_REGISTRY_IMAGE/qemu/python:latest
   script:
@@ -46,8 +43,6 @@ check-python-tox:
   variables:
 GIT_DEPTH: 1
 QEMU_TOX_EXTRA_ARGS: --skip-missing-interpreters=false
+QEMU_JOB_OPTIONAL: 1
   needs:
 job: python-container
-  rules:
-- when: manual
-  allow_failure: true
-- 
2.30.2

[PULL 19/33] configure: add missing cross compiler fallbacks

[Alex Bennée]

From: Paolo Bonzini 

The arm compiler can be used for armeb, and the sparc64 compiler
can be used for sparc.

Signed-off-by: Paolo Bonzini 
Reviewed-by: Richard Henderson 
Message-Id: <20220517092616.1272238-9-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-20-alex.ben...@linaro.org>

diff --git a/configure b/configure
index f91ac632e7..fbf6d39f96 100755
--- a/configure
+++ b/configure
@@ -1827,6 +1827,7 @@ fi
 : ${cross_cc_cflags_aarch64_be="-mbig-endian"}
 : ${cross_cc_alpha="alpha-linux-gnu-gcc"}
 : ${cross_cc_arm="arm-linux-gnueabihf-gcc"}
+: ${cross_cc_armeb="$cross_cc_arm"}
 : ${cross_cc_cflags_armeb="-mbig-endian"}
 : ${cross_cc_hexagon="hexagon-unknown-linux-musl-clang"}
 : ${cross_cc_cflags_hexagon="-mv67 -O2 -static"}
@@ -1849,9 +1850,10 @@ fi
 : ${cross_cc_riscv64="riscv64-linux-gnu-gcc"}
 : ${cross_cc_s390x="s390x-linux-gnu-gcc"}
 : ${cross_cc_sh4="sh4-linux-gnu-gcc"}
-: ${cross_cc_cflags_sparc="-m32 -mcpu=supersparc"}
 : ${cross_cc_sparc64="sparc64-linux-gnu-gcc"}
 : ${cross_cc_cflags_sparc64="-m64 -mcpu=ultrasparc"}
+: ${cross_cc_sparc="$cross_cc_sparc64"}
+: ${cross_cc_cflags_sparc="-m32 -mcpu=supersparc"}
 : ${cross_cc_x86_64="x86_64-linux-gnu-gcc"}
 : ${cross_cc_cflags_x86_64="-m64"}
 
-- 
2.30.2

[PULL 33/33] docs/devel: clean-up the CI links in the docs

[Alex Bennée]

There where some broken links so fix those up with proper references
to the devel docs. I also did a little light copy-editing to reflect
the current state and broke up a paragraph to reduce the "wall of
text" effect.

Signed-off-by: Alex Bennée 
Reviewed-by: Daniel P. Berrangé 
Message-Id: <20220527153603.887929-34-alex.ben...@linaro.org>

diff --git a/docs/devel/ci-jobs.rst.inc b/docs/devel/ci-jobs.rst.inc
index 9118a61a17..1f28fec0d0 100644
--- a/docs/devel/ci-jobs.rst.inc
+++ b/docs/devel/ci-jobs.rst.inc
@@ -1,3 +1,5 @@
+.. _ci_var:
+
 Custom CI/CD variables
 ==
 
diff --git a/docs/devel/ci.rst b/docs/devel/ci.rst
index d106610096..ed88a2010b 100644
--- a/docs/devel/ci.rst
+++ b/docs/devel/ci.rst
@@ -1,12 +1,13 @@
+.. _ci:
+
 ==
 CI
 ==
 
-QEMU has configurations enabled for a number of different CI services.
-The most up to date information about them and their status can be
-found at::
-
-   https://wiki.qemu.org/Testing/CI
+Most of QEMU's CI is run on GitLab's infrastructure although a number
+of other CI services are used for specialised purposes. The most up to
+date information about them and their status can be found on the
+`project wiki testing page `_.
 
 .. include:: ci-definitions.rst.inc
 .. include:: ci-jobs.rst.inc
diff --git a/docs/devel/submitting-a-patch.rst 
b/docs/devel/submitting-a-patch.rst
index e51259eb9c..d3876ec1b7 100644
--- a/docs/devel/submitting-a-patch.rst
+++ b/docs/devel/submitting-a-patch.rst
@@ -204,23 +204,25 @@ log`` for these keywords for example usage.
 Test your patches
 ~
 
-Although QEMU has `continuous integration
-services `__ that attempt to test
-patches submitted to the list, it still saves everyone time if you have
-already tested that your patch compiles and works. Because QEMU is such
-a large project, it's okay to use configure arguments to limit what is
-built for faster turnaround during your development time; but it is
-still wise to also check that your patches work with a full build before
-submitting a series, especially if your changes might have an unintended
-effect on other areas of the code you don't normally experiment with.
-See `Testing `__ for more details on what tests are available.
-Also, it is a wise idea to include a testsuite addition as part of your
-patches - either to ensure that future changes won't regress your new
-feature, or to add a test which exposes the bug that the rest of your
-series fixes. Keeping separate commits for the test and the fix allows
-reviewers to rebase the test to occur first to prove it catches the
-problem, then again to place it last in the series so that bisection
-doesn't land on a known-broken state.
+Although QEMU uses various :ref:`ci` services that attempt to test
+patches submitted to the list, it still saves everyone time if you
+have already tested that your patch compiles and works. Because QEMU
+is such a large project the default configuration won't create a
+testing pipeline on GitLab when a branch is pushed. See the :ref:`CI
+variable documentation` for details on how to control the
+running of tests; but it is still wise to also check that your patches
+work with a full build before submitting a series, especially if your
+changes might have an unintended effect on other areas of the code you
+don't normally experiment with. See :ref:`testing` for more details on
+what tests are available.
+
+Also, it is a wise idea to include a testsuite addition as part of
+your patches - either to ensure that future changes won't regress your
+new feature, or to add a test which exposes the bug that the rest of
+your series fixes. Keeping separate commits for the test and the fix
+allows reviewers to rebase the test to occur first to prove it catches
+the problem, then again to place it last in the series so that
+bisection doesn't land on a known-broken state.
 
 .. _submitting_your_patches:
 
diff --git a/docs/devel/testing.rst b/docs/devel/testing.rst
index 5b60a31807..3f6ebd5073 100644
--- a/docs/devel/testing.rst
+++ b/docs/devel/testing.rst
@@ -1,3 +1,5 @@
+.. _testing:
+
 Testing in QEMU
 ===
 
-- 
2.30.2

[PULL 22/33] configure: include more binutils in tests/tcg makefile

[Alex Bennée]

From: Paolo Bonzini 

Firmware builds require paths to all the binutils; it is not enough to
use only cc, or even as/ld as in the case of tests/tcg/tricore.
Adjust the cross-compiler configurator to detect also ar, nm, objcopy,
ranlib and strip.

Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
Message-Id: <20220517092616.1272238-12-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-23-alex.ben...@linaro.org>

diff --git a/configure b/configure
index f55ae82a5d..ced8283b98 100755
--- a/configure
+++ b/configure
@@ -1880,11 +1880,21 @@ probe_target_compiler() {
   container_image=
   container_hosts=
   container_cross_cc=
+  container_cross_ar=
   container_cross_as=
   container_cross_ld=
+  container_cross_nm=
+  container_cross_objcopy=
+  container_cross_ranlib=
+  container_cross_strip=
   target_cc=
+  target_ar=
   target_as=
   target_ld=
+  target_nm=
+  target_objcopy=
+  target_ranlib=
+  target_strip=
 
   case $1 in
 aarch64) container_hosts="x86_64 aarch64" ;;
@@ -2023,8 +2033,13 @@ probe_target_compiler() {
 ;;
 esac
 : ${container_cross_cc:=${container_cross_prefix}gcc}
+: ${container_cross_ar:=${container_cross_prefix}ar}
 : ${container_cross_as:=${container_cross_prefix}as}
 : ${container_cross_ld:=${container_cross_prefix}ld}
+: ${container_cross_nm:=${container_cross_prefix}nm}
+: ${container_cross_objcopy:=${container_cross_prefix}objcopy}
+: ${container_cross_ranlib:=${container_cross_prefix}ranlib}
+: ${container_cross_strip:=${container_cross_prefix}strip}
   done
 
   eval "target_cflags=\${cross_cc_cflags_$1}"
@@ -2035,12 +2050,26 @@ probe_target_compiler() {
   else
 compute_target_variable $1 target_cc gcc
   fi
+  target_ccas=$target_cc
+  compute_target_variable $1 target_ar ar
   compute_target_variable $1 target_as as
   compute_target_variable $1 target_ld ld
+  compute_target_variable $1 target_nm nm
+  compute_target_variable $1 target_objcopy objcopy
+  compute_target_variable $1 target_ranlib ranlib
+  compute_target_variable $1 target_strip strip
   if test "$1" = $cpu; then
 : ${target_cc:=$cc}
+: ${target_ccas:=$ccas}
 : ${target_as:=$as}
 : ${target_ld:=$ld}
+: ${target_ar:=$ar}
+: ${target_as:=$as}
+: ${target_ld:=$ld}
+: ${target_nm:=$nm}
+: ${target_objcopy:=$objcopy}
+: ${target_ranlib:=$ranlib}
+: ${target_strip:=$strip}
   fi
   if test -n "$target_cc"; then
 case $1 in
@@ -2056,6 +2085,10 @@ probe_target_compiler() {
 write_target_makefile() {
   if test -n "$target_cc"; then
 echo "CC=$target_cc"
+echo "CCAS=$target_ccas"
+  fi
+  if test -n "$target_ar"; then
+echo "AR=$target_ar"
   fi
   if test -n "$target_as"; then
 echo "AS=$target_as"
@@ -2063,14 +2096,32 @@ write_target_makefile() {
   if test -n "$target_ld"; then
 echo "LD=$target_ld"
   fi
+  if test -n "$target_nm"; then
+echo "NM=$target_nm"
+  fi
+  if test -n "$target_objcopy"; then
+echo "OBJCOPY=$target_objcopy"
+  fi
+  if test -n "$target_ranlib"; then
+echo "RANLIB=$target_ranlib"
+  fi
+  if test -n "$target_strip"; then
+echo "STRIP=$target_strip"
+  fi
 }
 
 write_container_target_makefile() {
   if test -n "$container_cross_cc"; then
 echo "CC=\$(DOCKER_SCRIPT) cc --cc $container_cross_cc -i 
qemu/$container_image -s $source_path --"
+echo "CCAS=\$(DOCKER_SCRIPT) cc --cc $container_cross_cc -i 
qemu/$container_image -s $source_path --"
   fi
+  echo "AR=\$(DOCKER_SCRIPT) cc --cc $container_cross_ar -i 
qemu/$container_image -s $source_path --"
   echo "AS=\$(DOCKER_SCRIPT) cc --cc $container_cross_as -i 
qemu/$container_image -s $source_path --"
   echo "LD=\$(DOCKER_SCRIPT) cc --cc $container_cross_ld -i 
qemu/$container_image -s $source_path --"
+  echo "NM=\$(DOCKER_SCRIPT) cc --cc $container_cross_nm -i 
qemu/$container_image -s $source_path --"
+  echo "OBJCOPY=\$(DOCKER_SCRIPT) cc --cc $container_cross_objcopy -i 
qemu/$container_image -s $source_path --"
+  echo "RANLIB=\$(DOCKER_SCRIPT) cc --cc $container_cross_ranlib -i 
qemu/$container_image -s $source_path --"
+  echo "STRIP=\$(DOCKER_SCRIPT) cc --cc $container_cross_strip -i 
qemu/$container_image -s $source_path --"
 }
 
 
-- 
2.30.2

[PULL 29/33] gitlab: convert Cirrus jobs to .base_job_template

[Alex Bennée]

From: Daniel P. Berrangé 

This folds the Cirrus job rules into the base job
template, introducing two new variables

  - QEMU_JOB_CIRRUS - identifies the job as making
use of Cirrus CI via cirrus-run

  - QEMU_JOB_OPTIONAL - identifies the job as one
that is not run by default, primarily due to
resource constraints. It can be manually invoked
by users if they wish to validate that scenario.

Signed-off-by: Daniel P. Berrangé 
Message-Id: <20220526110705.59952-3-berra...@redhat.com>
Signed-off-by: Alex Bennée 
Reviewed-by: Thomas Huth 
Message-Id: <20220527153603.887929-30-alex.ben...@linaro.org>

diff --git a/docs/devel/ci-jobs.rst.inc b/docs/devel/ci-jobs.rst.inc
index eb6a9e6122..a539f502da 100644
--- a/docs/devel/ci-jobs.rst.inc
+++ b/docs/devel/ci-jobs.rst.inc
@@ -52,6 +52,20 @@ Maintainer controlled job variables
 The following variables may be set when defining a job in the
 CI configuration file.
 
+QEMU_JOB_CIRRUS
+~~~
+
+The job makes use of Cirrus CI infrastructure, requiring the
+configuration setup for cirrus-run to be present in the repository
+
+QEMU_JOB_OPTIONAL
+~
+
+The job is expected to be successful in general, but is not run
+by default due to need to conserve limited CI resources. It is
+available to be started manually by the contributor in the CI
+pipelines UI.
+
 Contributor controlled runtime variables
 
 
diff --git a/.gitlab-ci.d/base.yml b/.gitlab-ci.d/base.yml
index 10eb6ab8bc..5734caf9fe 100644
--- a/.gitlab-ci.d/base.yml
+++ b/.gitlab-ci.d/base.yml
@@ -12,12 +12,21 @@
 # want jobs to run
 #
 
+# Cirrus jobs can't run unless the creds / target repo are set
+- if: '$QEMU_JOB_CIRRUS && ($CIRRUS_GITHUB_REPO == "" || $CIRRUS_API_TOKEN 
== "")'
+  when: never
+
 
 #
 # Stage 2: fine tune execution of jobs in specific scenarios
 # where the catch all logic is inapprorpaite
 #
 
+# Optional jobs should not be run unless manually triggered
+- if: '$QEMU_JOB_OPTIONAL'
+  when: manual
+  allow_failure: true
+
 
 #
 # Stage 3: catch all logic applying to any job not matching
diff --git a/.gitlab-ci.d/cirrus.yml b/.gitlab-ci.d/cirrus.yml
index b96b22e269..609c364308 100644
--- a/.gitlab-ci.d/cirrus.yml
+++ b/.gitlab-ci.d/cirrus.yml
@@ -11,6 +11,7 @@
 # special care, because we can't just override it at the GitLab CI job
 # definition level or we risk breaking it completely.
 .cirrus_build_job:
+  extends: .base_job_template
   stage: build
   image: registry.gitlab.com/libvirt/libvirt-ci/cirrus-run:master
   needs: []
@@ -40,11 +41,8 @@
   <.gitlab-ci.d/cirrus/build.yml >.gitlab-ci.d/cirrus/$NAME.yml
 - cat .gitlab-ci.d/cirrus/$NAME.yml
 - cirrus-run -v --show-build-log always .gitlab-ci.d/cirrus/$NAME.yml
-  rules:
-# Allow on 'staging' branch and 'stable-X.Y-staging' branches only
-- if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH !~ 
/staging/'
-  when: never
-- if: "$CIRRUS_GITHUB_REPO && $CIRRUS_API_TOKEN"
+  variables:
+QEMU_JOB_CIRRUS: 1
 
 x64-freebsd-12-build:
   extends: .cirrus_build_job
@@ -90,11 +88,11 @@ x64-macos-11-base-build:
 
 # The following jobs run VM-based tests via KVM on a Linux-based Cirrus-CI job
 .cirrus_kvm_job:
+  extends: .base_job_template
   stage: build
   image: registry.gitlab.com/libvirt/libvirt-ci/cirrus-run:master
   needs: []
   timeout: 80m
-  allow_failure: true
   script:
 - sed -e "s|[@]CI_REPOSITORY_URL@|$CI_REPOSITORY_URL|g"
   -e "s|[@]CI_COMMIT_REF_NAME@|$CI_COMMIT_REF_NAME|g"
@@ -105,8 +103,10 @@ x64-macos-11-base-build:
   <.gitlab-ci.d/cirrus/kvm-build.yml >.gitlab-ci.d/cirrus/$NAME.yml
 - cat .gitlab-ci.d/cirrus/$NAME.yml
 - cirrus-run -v --show-build-log always .gitlab-ci.d/cirrus/$NAME.yml
-  rules:
-- when: manual
+  variables:
+QEMU_JOB_CIRRUS: 1
+QEMU_JOB_OPTIONAL: 1
+
 
 x86-netbsd:
   extends: .cirrus_kvm_job
-- 
2.30.2

[PULL 32/33] gitlab: don't run CI jobs in forks by default

[Alex Bennée]

From: Daniel P. Berrangé 

To preserve CI shared runner credits we don't want to run
pipelines on every push.

This sets up the config so that pipelines are never created
for contributors by default. To override this the QEMU_CI
variable can be set to a non-zero value. If set to 1, the
pipeline will be created but all jobs will remain manually
started. The contributor can selectively run jobs that they
care about. If set to 2, the pipeline will be created and
all jobs will immediately start.

This behavior can be controlled using push variables

  git push -o ci.variable=QEMU_CI=1

To make this more convenient define an alias

   git config --local alias.push-ci "push -o ci.variable=QEMU_CI=1"
   git config --local alias.push-ci-now "push -o ci.variable=QEMU_CI=2"

Which lets you run

  git push-ci

to create the pipeline, or

  git push-ci-now

to create and run the pipeline

Signed-off-by: Daniel P. Berrangé 
Message-Id: <20220526110705.59952-6-berra...@redhat.com>
[AJB: fix typo, replicate alias tips in ci.rst]
Signed-off-by: Alex Bennée 
Reviewed-by: Thomas Huth 
Message-Id: <20220527153603.887929-33-alex.ben...@linaro.org>

diff --git a/docs/devel/ci-jobs.rst.inc b/docs/devel/ci-jobs.rst.inc
index 0b4926e537..9118a61a17 100644
--- a/docs/devel/ci-jobs.rst.inc
+++ b/docs/devel/ci-jobs.rst.inc
@@ -28,6 +28,32 @@ For further information about how to set these variables, 
please refer to::
 
   
https://docs.gitlab.com/ee/user/project/push_options.html#push-options-for-gitlab-cicd
 
+Setting aliases in your git config
+--
+
+You can use aliases to make it easier to push branches with different
+CI configurations. For example define an alias for triggering CI:
+
+.. code::
+
+   git config --local alias.push-ci "push -o ci.variable=QEMU_CI=1"
+   git config --local alias.push-ci-now "push -o ci.variable=QEMU_CI=2"
+
+Which lets you run:
+
+.. code::
+
+   git push-ci
+
+to create the pipeline, or:
+
+.. code::
+
+   git push-ci-now
+
+to create and run the pipeline
+
+
 Variable naming and grouping
 
 
@@ -98,6 +124,18 @@ Contributor controlled runtime variables
 The following variables may be set by contributors to control
 job execution
 
+QEMU_CI
+~~~
+
+By default, no pipelines will be created on contributor forks
+in order to preserve CI credits
+
+Set this variable to 1 to create the pipelines, but leave all
+the jobs to be manually started from the UI
+
+Set this variable to 2 to create the pipelines and run all
+the jobs immediately, as was historicaly behaviour
+
 QEMU_CI_AVOCADO_TESTING
 ~~~
 By default, tests using the Avocado framework are not run automatically in
diff --git a/.gitlab-ci.d/base.yml b/.gitlab-ci.d/base.yml
index 4f091d5aad..f334f3ded7 100644
--- a/.gitlab-ci.d/base.yml
+++ b/.gitlab-ci.d/base.yml
@@ -28,6 +28,10 @@
 - if: '$QEMU_JOB_ONLY_FORKS == "1" && $CI_PROJECT_NAMESPACE == 
"qemu-project"'
   when: never
 
+# Forks don't get pipelines unless QEMU_CI=1 or QEMU_CI=2 is set
+- if: '$QEMU_CI != "1" && $QEMU_CI != "2" && $CI_PROJECT_NAMESPACE != 
"qemu-project"'
+  when: never
+
 # Avocado jobs don't run in forks unless $QEMU_CI_AVOCADO_TESTING is set
 - if: '$QEMU_JOB_AVOCADO && $QEMU_CI_AVOCADO_TESTING != "1" && 
$CI_PROJECT_NAMESPACE != "qemu-project"'
   when: never
@@ -59,5 +63,10 @@
 # an earlier criteria
 #
 
+# Forks pipeline jobs don't start automatically unless
+# QEMU_CI=2 is set
+- if: '$QEMU_CI != "2" && $CI_PROJECT_NAMESPACE != "qemu-project"'
+  when: manual
+
 # Jobs can run if any jobs they depend on were successfull
 - when: on_success
-- 
2.30.2

[PULL 25/33] configure: enable cross-compilation of optionrom

[Alex Bennée]

From: Paolo Bonzini 

While container-based cross compilers are not supported, this already makes
it possible to build x86 optionroms on any machine that has an installation
of GCC and binutils for 32- or 64-bit x86.

Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
Message-Id: <20220517092616.1272238-15-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-26-alex.ben...@linaro.org>

diff --git a/configure b/configure
index f509bce304..1ae5c950f0 100755
--- a/configure
+++ b/configure
@@ -2082,6 +2082,13 @@ probe_target_compiler() {
   fi
 }
 
+probe_target_compilers() {
+  for i; do
+probe_target_compiler $i
+test -n "$target_cc" && return 0
+  done
+}
+
 write_target_makefile() {
   if test -n "$target_cc"; then
 echo "CC=$target_cc"
@@ -2190,6 +2197,10 @@ if test "$QEMU_GA_VERSION" = ""; then
 QEMU_GA_VERSION=$(cat $source_path/VERSION)
 fi
 
+
+###
+# cross-compiled firmware targets
+
 # Set up build tree symlinks that point back into the source tree
 # (these can be both files and directories).
 # Caution: avoid adding files or directories here using wildcards. This
@@ -2216,19 +2227,27 @@ done
 
 # Mac OS X ships with a broken assembler
 roms=
-if { test "$cpu" = "i386" || test "$cpu" = "x86_64"; } && \
+probe_target_compilers i386 x86_64
+if test -n "$target_cc" &&
 test "$targetos" != "darwin" && test "$targetos" != "sunos" && \
 test "$targetos" != "haiku" && test "$softmmu" = yes ; then
 # Different host OS linkers have different ideas about the name of the ELF
 # emulation. Linux and OpenBSD/amd64 use 'elf_i386'; FreeBSD uses the _fbsd
 # variant; OpenBSD/i386 uses the _obsd variant; and Windows uses i386pe.
 for emu in elf_i386 elf_i386_fbsd elf_i386_obsd i386pe; do
-if "$ld" -verbose 2>&1 | grep -q "^[[:space:]]*$emu[[:space:]]*$"; then
+if "$target_ld" -verbose 2>&1 | grep -q 
"^[[:space:]]*$emu[[:space:]]*$"; then
 ld_i386_emulation="$emu"
-roms="optionrom"
 break
 fi
 done
+if test -n "$ld_i386_emulation"; then
+roms="optionrom"
+config_mak=pc-bios/optionrom/config.mak
+echo "# Automatically generated by configure - do not modify" > 
$config_mak
+echo "TOPSRC_DIR=$source_path" >> $config_mak
+echo "LD_I386_EMULATION=$ld_i386_emulation" >> $config_mak
+write_target_makefile >> $config_mak
+fi
 fi
 
 # Only build s390-ccw bios if the compiler has -march=z900 or -march=z10
@@ -2381,7 +2400,6 @@ echo "GLIB_LIBS=$glib_libs" >> $config_host_mak
 echo "GLIB_BINDIR=$glib_bindir" >> $config_host_mak
 echo "GLIB_VERSION=$(pkg-config --modversion glib-2.0)" >> $config_host_mak
 echo "QEMU_LDFLAGS=$QEMU_LDFLAGS" >> $config_host_mak
-echo "LD_I386_EMULATION=$ld_i386_emulation" >> $config_host_mak
 echo "STRIP=$strip" >> $config_host_mak
 echo "EXESUF=$EXESUF" >> $config_host_mak
 
@@ -2571,10 +2589,6 @@ for target in $target_list; do
 done
 echo "TCG_TESTS_TARGETS=$tcg_tests_targets" >> $makefile)
 
-config_mak=pc-bios/optionrom/config.mak
-echo "# Automatically generated by configure - do not modify" > $config_mak
-echo "TOPSRC_DIR=$source_path" >> $config_mak
-
 if test "$skip_meson" = no; then
   cross="config-meson.cross.new"
   meson_quote() {
diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile
index 17ccc76241..f639915b4f 100644
--- a/pc-bios/optionrom/Makefile
+++ b/pc-bios/optionrom/Makefile
@@ -6,7 +6,6 @@ all: multiboot.bin multiboot_dma.bin linuxboot.bin 
linuxboot_dma.bin kvmvapic.bi
 # Dummy command so that make thinks it has done something
@true
 
-include ../../config-host.mak
 CFLAGS = -O2 -g
 
 quiet-command = $(if $(V),$1,$(if $(2),@printf "  %-7s %s\n" $2 $3 && $1, @$1))
@@ -44,7 +43,6 @@ Wa = -Wa,
 override ASFLAGS += -32
 override CFLAGS += $(call cc-option, $(Wa)-32)
 
-LD_I386_EMULATION ?= elf_i386
 override LDFLAGS = -m $(LD_I386_EMULATION) -T $(SRC_DIR)/flat.lds
 
 pvh.img: pvh.o pvh_main.o
-- 
2.30.2

[PULL 26/33] configure: enable cross compilation of vof

[Alex Bennée]

From: Paolo Bonzini 

While container-based cross compilers are not supported, this already
makes it possible to build vof on any machine that has an installation
of GCC and binutils for 32- or 64-bit PowerPC.

Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
Message-Id: <20220517092616.1272238-16-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-27-alex.ben...@linaro.org>

diff --git a/configure b/configure
index 1ae5c950f0..11e7f30553 100755
--- a/configure
+++ b/configure
@@ -2213,6 +2213,7 @@ LINKS="Makefile"
 LINKS="$LINKS tests/tcg/Makefile.target"
 LINKS="$LINKS pc-bios/optionrom/Makefile"
 LINKS="$LINKS pc-bios/s390-ccw/Makefile"
+LINKS="$LINKS pc-bios/vof/Makefile"
 LINKS="$LINKS .gdbinit scripts" # scripts needed by relative path in .gdbinit
 LINKS="$LINKS tests/avocado tests/data"
 LINKS="$LINKS tests/qemu-iotests/check"
@@ -2250,6 +2251,15 @@ if test -n "$target_cc" &&
 fi
 fi
 
+probe_target_compilers ppc ppc64
+if test -n "$target_cc" && test "$softmmu" = yes; then
+roms="$roms vof"
+config_mak=pc-bios/vof/config.mak
+echo "# Automatically generated by configure - do not modify" > $config_mak
+echo "SRC_DIR=$source_path/pc-bios/vof" >> $config_mak
+write_target_makefile >> $config_mak
+fi
+
 # Only build s390-ccw bios if the compiler has -march=z900 or -march=z10
 # (which is the lowest architecture level that Clang supports)
 probe_target_compiler s390x
diff --git a/pc-bios/vof/Makefile b/pc-bios/vof/Makefile
index aa1678c4d8..391ac0d600 100644
--- a/pc-bios/vof/Makefile
+++ b/pc-bios/vof/Makefile
@@ -1,11 +1,10 @@
-all: build-all
+include config.mak
+VPATH=$(SRC_DIR)
+all: vof.bin
 
-build-all: vof.bin
-
-CROSS ?=
-CC = $(CROSS)gcc
-LD = $(CROSS)ld
-OBJCOPY = $(CROSS)objcopy
+CC ?= $(CROSS)gcc
+LD ?= $(CROSS)ld
+OBJCOPY ?= $(CROSS)objcopy
 
 %.o: %.S
$(CC) -m32 -mbig-endian -mcpu=power4 -c -o $@ $<
@@ -14,10 +13,12 @@ OBJCOPY = $(CROSS)objcopy
$(CC) -m32 -mbig-endian -mcpu=power4 -c -fno-stack-protector -o $@ $<
 
 vof.elf: entry.o main.o ci.o bootmem.o libc.o
-   $(LD) -nostdlib -e_start -Tvof.lds -EB -o $@ $^
+   $(LD) -nostdlib -e_start -T$(SRC_DIR)/vof.lds -EB -o $@ $^
 
 %.bin: %.elf
$(OBJCOPY) -O binary -j .text -j .data -j .toc -j .got2 $^ $@
 
 clean:
rm -f *.o vof.bin vof.elf *~
+
+.PHONY: all clean
-- 
2.30.2

[PULL 24/33] configure: enable cross-compilation of s390-ccw

[Alex Bennée]

From: Paolo Bonzini 

While container-based cross compilers are not supported, this already makes
it possible to build s390-ccw on any machine that has s390x GCC and binutils
installed.

Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
Message-Id: <20220517092616.1272238-14-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Acked-by: Thomas Huth 
Message-Id: <20220527153603.887929-25-alex.ben...@linaro.org>

diff --git a/configure b/configure
index aa17b0fa55..f509bce304 100755
--- a/configure
+++ b/configure
@@ -2231,24 +2231,32 @@ if { test "$cpu" = "i386" || test "$cpu" = "x86_64"; } 
&& \
 done
 fi
 
-# Only build s390-ccw bios if we're on s390x and the compiler has -march=z900
-# or -march=z10 (which is the lowest architecture level that Clang supports)
-if test "$cpu" = "s390x" ; then
+# Only build s390-ccw bios if the compiler has -march=z900 or -march=z10
+# (which is the lowest architecture level that Clang supports)
+probe_target_compiler s390x
+if test -n "$target_cc" && test "$softmmu" = yes; then
   write_c_skeleton
-  compile_prog "-march=z900" ""
+  do_compiler "$target_cc" $target_cc_cflags -march=z900 -o $TMPO -c $TMPC
   has_z900=$?
-  if [ $has_z900 = 0 ] || compile_object "-march=z10 -msoft-float -Werror"; 
then
+  if [ $has_z900 = 0 ] || do_compiler "$target_cc" $target_cc_cflags 
-march=z10 -msoft-float -Werror -o $TMPO -c $TMPC; then
 if [ $has_z900 != 0 ]; then
   echo "WARNING: Your compiler does not support the z900!"
   echo " The s390-ccw bios will only work with guest CPUs >= z10."
 fi
 roms="$roms s390-ccw"
+config_mak=pc-bios/s390-ccw/config-host.mak
+echo "# Automatically generated by configure - do not modify" > $config_mak
+echo "SRC_PATH=$source_path/pc-bios/s390-ccw" >> $config_mak
+write_target_makefile >> $config_mak
 # SLOF is required for building the s390-ccw firmware on s390x,
 # since it is using the libnet code from SLOF for network booting.
 git_submodules="${git_submodules} roms/SLOF"
   fi
 fi
 
+###
+# generate config-host.mak
+
 # Check that the C++ compiler exists and works with the C compiler.
 # All the QEMU_CXXFLAGS are based on QEMU_CFLAGS. Keep this at the end to 
don't miss any other that could be added.
 if has $cxx; then
diff --git a/pc-bios/s390-ccw/netboot.mak b/pc-bios/s390-ccw/netboot.mak
index 68b4d7edcb..1a06befa4b 100644
--- a/pc-bios/s390-ccw/netboot.mak
+++ b/pc-bios/s390-ccw/netboot.mak
@@ -1,5 +1,5 @@
 
-SLOF_DIR := $(SRC_PATH)/roms/SLOF
+SLOF_DIR := $(SRC_PATH)/../../roms/SLOF
 
 NETOBJS := start.o sclp.o cio.o virtio.o virtio-net.o jump2ipl.o netmain.o
 
diff --git a/pc-bios/s390-ccw/Makefile b/pc-bios/s390-ccw/Makefile
index 0eb68efc7b..6eb713bf37 100644
--- a/pc-bios/s390-ccw/Makefile
+++ b/pc-bios/s390-ccw/Makefile
@@ -2,8 +2,9 @@ all: build-all
 # Dummy command so that make thinks it has done something
@true
 
-include ../../config-host.mak
+include config-host.mak
 CFLAGS = -O2 -g
+MAKEFLAGS += -rR
 
 quiet-command = $(if $(V),$1,$(if $(2),@printf "  %-7s %s\n" $2 $3 && $1, @$1))
 cc-option = $(if $(shell $(CC) $1 $2 -S -o /dev/null -xc /dev/null \
@@ -11,7 +12,7 @@ cc-option = $(if $(shell $(CC) $1 $2 -S -o /dev/null -xc 
/dev/null \
 
 VPATH_SUFFIXES = %.c %.h %.S %.m %.mak %.sh %.rc Kconfig% %.json.in
 set-vpath = $(if $1,$(foreach PATTERN,$(VPATH_SUFFIXES),$(eval vpath 
$(PATTERN) $1)))
-$(call set-vpath, $(SRC_PATH)/pc-bios/s390-ccw)
+$(call set-vpath, $(SRC_PATH))
 
 # Flags for dependency generation
 QEMU_DGFLAGS = -MMD -MP -MT $@ -MF $(@D)/$(*F).d
@@ -49,8 +50,8 @@ s390-ccw.img: s390-ccw.elf
 
 $(OBJECTS): Makefile
 
-ifneq ($(wildcard $(SRC_PATH)/roms/SLOF/lib/libnet),)
-include $(SRC_PATH)/pc-bios/s390-ccw/netboot.mak
+ifneq ($(wildcard $(SRC_PATH)/../../roms/SLOF/lib/libnet),)
+include $(SRC_PATH)/netboot.mak
 else
 s390-netboot.img:
@echo "s390-netboot.img not built since roms/SLOF/ is not available."
-- 
2.30.2

[PULL 18/33] tests/tcg: merge configure.sh back into main configure script

[Alex Bennée]

From: Paolo Bonzini 

tests/tcg/configure.sh has a complicated story.

In the beginning its code ran as part of the creation of config-target.mak
files, and that is where it placed the information on the target compiler.
However, probing for the buildability of TCG tests required multiple
inclusions of config-target.mak in the _main_ Makefile (not in
Makefile.target, which took care of building the QEMU executables in
the pre-Meson era), which polluted the namespace.

Thus, it was moved to a separate directory.  It created small config-*.mak
files in $(BUILD_DIR)/tests/tcg.  Those were also included multiple
times, but at least they were small and manageable; this was also an
important step in disentangling the TCG tests from Makefile.target.

Since then, Meson has allowed the configure script to go on a diet.
A few compilation tests survive (mostly for sanitizers) but these days
it mostly takes care of command line parsing, looking for tools, and
setting up the environment for Meson to do its stuff.

It's time to extend configure with the capability to build for more
than just one target: not just tests, but also firmware.  As a first
step, integrate all the logic to find cross compilers in the configure
script, and move tests/tcg/configure.sh back there (though as a
separate loop, not integrated in the one that generates target
configurations for Meson).

tests/tcg is actually very close to being buildable as a standalone
project, so I actually expect the compiler tests to move back to
tests/tcg, as a "configure" script of sorts which would run at Make
time after the docker images are built.  The GCC tree has a similar idea
of doing only bare-bones tree-wide configuration and leaving the rest
for Make time.

Signed-off-by: Paolo Bonzini 
Acked-by: Richard Henderson 
Message-Id: <20220517092616.1272238-8-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-19-alex.ben...@linaro.org>

diff --git a/configure b/configure
index 7b6adc29fe..f91ac632e7 100755
--- a/configure
+++ b/configure
@@ -109,6 +109,20 @@ error_exit() {
 }
 
 do_compiler() {
+  # Run the compiler, capturing its output to the log. First argument
+  # is compiler binary to execute.
+  local compiler="$1"
+  shift
+  if test -n "$BASH_VERSION"; then eval '
+  echo >>config.log "
+funcs: ${FUNCNAME[*]}
+lines: ${BASH_LINENO[*]}"
+  '; fi
+  echo $compiler "$@" >> config.log
+  $compiler "$@" >> config.log 2>&1 || return $?
+}
+
+do_compiler_werror() {
 # Run the compiler, capturing its output to the log. First argument
 # is compiler binary to execute.
 compiler="$1"
@@ -142,15 +156,15 @@ lines: ${BASH_LINENO[*]}"
 }
 
 do_cc() {
-do_compiler "$cc" $CPU_CFLAGS "$@"
+do_compiler_werror "$cc" $CPU_CFLAGS "$@"
 }
 
 do_cxx() {
-do_compiler "$cxx" $CPU_CFLAGS "$@"
+do_compiler_werror "$cxx" $CPU_CFLAGS "$@"
 }
 
 do_objc() {
-do_compiler "$objcc" $CPU_CFLAGS "$@"
+do_compiler_werror "$objcc" $CPU_CFLAGS "$@"
 }
 
 # Append $2 to the variable named $1, with space separation
@@ -345,11 +359,9 @@ for opt do
   ;;
   --cross-cc-cflags-*) cc_arch=${opt#--cross-cc-cflags-}; 
cc_arch=${cc_arch%%=*}
   eval "cross_cc_cflags_${cc_arch}=\$optarg"
-  cross_cc_vars="$cross_cc_vars cross_cc_cflags_${cc_arch}"
   ;;
   --cross-cc-*) cc_arch=${opt#--cross-cc-}; cc_arch=${cc_arch%%=*}
 eval "cross_cc_${cc_arch}=\$optarg"
-cross_cc_vars="$cross_cc_vars cross_cc_${cc_arch}"
   ;;
   esac
 done
@@ -944,7 +956,6 @@ esac
 
 if eval test -z "\${cross_cc_$cpu}"; then
 eval "cross_cc_${cpu}=\$cc"
-cross_cc_vars="$cross_cc_vars cross_cc_${cpu}"
 fi
 
 default_target_list=""
@@ -1800,6 +1811,248 @@ case "$slirp" in
 ;;
 esac
 
+##
+# functions to probe cross compilers
+
+container="no"
+if test $use_containers = "yes"; then
+if has "docker" || has "podman"; then
+container=$($python $source_path/tests/docker/docker.py probe)
+fi
+fi
+
+# cross compilers defaults, can be overridden with --cross-cc-ARCH
+: ${cross_cc_aarch64="aarch64-linux-gnu-gcc"}
+: ${cross_cc_aarch64_be="$cross_cc_aarch64"}
+: ${cross_cc_cflags_aarch64_be="-mbig-endian"}
+: ${cross_cc_alpha="alpha-linux-gnu-gcc"}
+: ${cross_cc_arm="arm-linux-gnueabihf-gcc"}
+: ${cross_cc_cflags_armeb="-mbig-endian"}
+: ${cross_cc_hexagon="hexagon-unknown-linux-musl-clang"}
+: ${cross_cc_cflags_hexagon="-mv67 -O2 -static"}
+: ${cross_cc_hppa="hppa-linux-gnu-gcc"}
+: ${cross_cc_i386="i686-linux-gnu-gcc"}
+: ${cross_cc_cflags_i386="-m32"}
+: ${cross_cc_m68k="m68k-linux-gnu-gcc"}
+: ${cross_cc_microblaze="microblaze-linux-musl-gcc"}
+: ${cross_cc_mips64el="mips64el-linux-gnuabi64-gcc"}
+: ${cross_cc_mips64="mips64-linux-gnuabi64-gcc"}
+: ${cross_cc_mipsel="mipsel-linux-gnu-gcc"}
+: ${cross_cc_mips="mips-linux-gnu-gcc"}
+: ${cross_cc_nios2="nios2-linux-gnu-gcc"}
+: ${cross_cc_ppc="powerpc-linux-gnu-gcc"}
+: 

[PULL 28/33] gitlab: introduce a common base job template

[Alex Bennée]

From: Daniel P. Berrangé 

Currently job rules are spread across the various templates
and jobs, making it hard to understand exactly what runs in
what scenario. This leads to inconsistency in the rules and
increased maint burden.

The intent is that we introduce a common '.base_job_template'
which will have a general purpose 'rules:' block. No other
template or job should define 'rules:', but instead they must
rely on the inherited rules. To allow behaviour to be tweaked,
rules will be influenced by a number of variables with the
naming scheme 'QEMU_JOB_'.

Signed-off-by: Daniel P. Berrangé 
Message-Id: <20220526110705.59952-2-berra...@redhat.com>
Signed-off-by: Alex Bennée 
Reviewed-by: Thomas Huth 
Message-Id: <20220527153603.887929-29-alex.ben...@linaro.org>

diff --git a/docs/devel/ci-jobs.rst.inc b/docs/devel/ci-jobs.rst.inc
index 92e25872aa..eb6a9e6122 100644
--- a/docs/devel/ci-jobs.rst.inc
+++ b/docs/devel/ci-jobs.rst.inc
@@ -28,7 +28,35 @@ For further information about how to set these variables, 
please refer to::
 
   
https://docs.gitlab.com/ee/user/project/push_options.html#push-options-for-gitlab-cicd
 
-Here is a list of the most used variables:
+Variable naming and grouping
+
+
+The variables used by QEMU's CI configuration are grouped together
+in a handful of namespaces
+
+ * QEMU_JOB_ - variables to be defined in individual jobs
+   or templates, to influence the shared rules defined in the
+   .base_job_template.
+
+ * QEMU_CI_nnn - variables to be set by contributors in their
+   repository CI settings, or as git push variables, to influence
+   which jobs get run in a pipeline
+
+ * nnn - other misc variables not falling into the above
+   categories, or using different names for historical reasons
+   and not yet converted.
+
+Maintainer controlled job variables
+---
+
+The following variables may be set when defining a job in the
+CI configuration file.
+
+Contributor controlled runtime variables
+
+
+The following variables may be set by contributors to control
+job execution
 
 QEMU_CI_AVOCADO_TESTING
 ~~~
@@ -38,6 +66,12 @@ these artifacts are not already cached, downloading them 
make the jobs
 reach the timeout limit). Set this variable to have the tests using the
 Avocado framework run automatically.
 
+Other misc variables
+
+
+These variables are primarily to control execution of jobs on
+private runners
+
 AARCH64_RUNNER_AVAILABLE
 
 If you've got access to an aarch64 host that can be used as a gitlab-CI
diff --git a/.gitlab-ci.d/base.yml b/.gitlab-ci.d/base.yml
new file mode 100644
index 00..10eb6ab8bc
--- /dev/null
+++ b/.gitlab-ci.d/base.yml
@@ -0,0 +1,28 @@
+
+# The order of rules defined here is critically important.
+# They are evaluated in order and first match wins.
+#
+# Thus we group them into a number of stages, ordered from
+# most restrictive to least restrictive
+#
+.base_job_template:
+  rules:
+#
+# Stage 1: exclude scenarios where we definitely don't
+# want jobs to run
+#
+
+
+#
+# Stage 2: fine tune execution of jobs in specific scenarios
+# where the catch all logic is inapprorpaite
+#
+
+
+#
+# Stage 3: catch all logic applying to any job not matching
+# an earlier criteria
+#
+
+# Jobs can run if any jobs they depend on were successfull
+- when: on_success
diff --git a/.gitlab-ci.d/qemu-project.yml b/.gitlab-ci.d/qemu-project.yml
index 871262fe0e..691d9bf5dc 100644
--- a/.gitlab-ci.d/qemu-project.yml
+++ b/.gitlab-ci.d/qemu-project.yml
@@ -2,6 +2,7 @@
 # https://gitlab.com/qemu-project/qemu/-/pipelines
 
 include:
+  - local: '/.gitlab-ci.d/base.yml'
   - local: '/.gitlab-ci.d/stages.yml'
   - local: '/.gitlab-ci.d/edk2.yml'
   - local: '/.gitlab-ci.d/opensbi.yml'
-- 
2.30.2

[PULL 11/33] tests/docker: update debian-amd64 with lcitool

[Alex Bennée]

The one minor wrinkle we need to account for is the netmap support
still requires building from source. We also include cscope and GNU
global as they are used in one of the builds.

Signed-off-by: Alex Bennée 
Cc: Philippe Mathieu-Daudé 
Cc: Luigi Rizzo 
Cc: Giuseppe Lettieri 
Cc: Vincenzo Maffione 
Reviewed-by: Daniel P. Berrangé 
Message-Id: <20220527153603.887929-12-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/containers.yml b/.gitlab-ci.d/containers.yml
index e9df90bbdd..be34cbc7ba 100644
--- a/.gitlab-ci.d/containers.yml
+++ b/.gitlab-ci.d/containers.yml
@@ -14,8 +14,7 @@ amd64-debian11-container:
 
 amd64-debian-container:
   extends: .container_job_template
-  stage: containers-layer2
-  needs: ['amd64-debian10-container']
+  stage: containers
   variables:
 NAME: debian-amd64
 
diff --git a/tests/docker/dockerfiles/debian-amd64.docker 
b/tests/docker/dockerfiles/debian-amd64.docker
index ed546edcd6..503e282802 100644
--- a/tests/docker/dockerfiles/debian-amd64.docker
+++ b/tests/docker/dockerfiles/debian-amd64.docker
@@ -1,59 +1,153 @@
+# THIS FILE WAS AUTO-GENERATED
 #
-# Docker x86_64 target
+#  $ lcitool dockerfile --layers all debian-11 qemu
 #
-# This docker target builds on the Debian Buster base image. Further
-# libraries which are not widely available are installed by hand.
-#
-FROM qemu/debian10
-MAINTAINER Philippe Mathieu-Daudé 
-
-RUN apt update && \
-DEBIAN_FRONTEND=noninteractive eatmydata \
-apt build-dep -yy qemu
+# https://gitlab.com/libvirt/libvirt-ci
 
-RUN apt update && \
-DEBIAN_FRONTEND=noninteractive eatmydata \
-apt install -y --no-install-recommends \
-cscope \
-genisoimage \
-exuberant-ctags \
-global \
-libbz2-dev \
-liblzo2-dev \
-libgcrypt20-dev \
-libfdt-dev \
-librdmacm-dev \
-libsasl2-dev \
-libsnappy-dev \
-libvte-dev \
-netcat-openbsd \
-openssh-client \
-python3-numpy \
-python3-opencv \
-python3-venv
+FROM docker.io/library/debian:11-slim
 
-# virgl
-RUN apt update && \
-DEBIAN_FRONTEND=noninteractive eatmydata \
-apt install -y --no-install-recommends \
-libegl1-mesa-dev \
-libepoxy-dev \
-libgbm-dev
-RUN git clone https://gitlab.freedesktop.org/virgl/virglrenderer.git 
/usr/src/virglrenderer && \
-cd /usr/src/virglrenderer && git checkout virglrenderer-0.8.0
-RUN cd /usr/src/virglrenderer && ./autogen.sh && ./configure --disable-tests 
&& make install
+RUN export DEBIAN_FRONTEND=noninteractive && \
+apt-get update && \
+apt-get install -y eatmydata && \
+eatmydata apt-get dist-upgrade -y && \
+eatmydata apt-get install --no-install-recommends -y \
+bash \
+bc \
+bsdextrautils \
+bzip2 \
+ca-certificates \
+ccache \
+clang \
+dbus \
+debianutils \
+diffutils \
+exuberant-ctags \
+findutils \
+g++ \
+gcc \
+gcovr \
+genisoimage \
+gettext \
+git \
+hostname \
+libaio-dev \
+libasan5 \
+libasound2-dev \
+libattr1-dev \
+libbpf-dev \
+libbrlapi-dev \
+libbz2-dev \
+libc6-dev \
+libcacard-dev \
+libcap-ng-dev \
+libcapstone-dev \
+libcurl4-gnutls-dev \
+libdaxctl-dev \
+libdrm-dev \
+libepoxy-dev \
+libfdt-dev \
+libffi-dev \
+libfuse3-dev \
+libgbm-dev \
+libgcrypt20-dev \
+libglib2.0-dev \
+libglusterfs-dev \
+libgnutls28-dev \
+libgtk-3-dev \
+libibumad-dev \
+libibverbs-dev \
+libiscsi-dev \
+libjemalloc-dev \
+libjpeg62-turbo-dev \
+liblttng-ust-dev \
+liblzo2-dev \
+libncursesw5-dev \
+libnfs-dev \
+libnuma-dev \
+libpam0g-dev \
+libpcre2-dev \
+libpixman-1-dev \
+libpmem-dev \
+libpng-dev \
+libpulse-dev \
+librbd-dev \
+librdmacm-dev \
+libsasl2-dev \
+libsdl2-dev \
+libsdl2-image-dev \
+libseccomp-dev \
+libselinux1-dev \
+libslirp-dev \
+libsnappy-dev \
+libspice-protocol-dev \
+libspice-server-dev \
+libssh-gcrypt-dev \
+libsystemd-dev \
+libtasn1-6-dev \
+libubsan1 \
+libudev-dev \
+liburing-dev \
+libusb-1.0-0-dev \
+libusbredirhost-dev \
+libvdeplug-dev \
+libvirglrenderer-dev \
+

[PULL 27/33] configure: remove unused variables from config-host.mak

[Alex Bennée]

From: Paolo Bonzini 

The only compiler variable that is still needed is $(CC), for
contrib/plugins/Makefile.  All firmware builds have their own
config-host.mak file.

Signed-off-by: Paolo Bonzini 
Message-Id: <20220517092616.1272238-17-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-28-alex.ben...@linaro.org>

diff --git a/configure b/configure
index 11e7f30553..b9ccff9067 100755
--- a/configure
+++ b/configure
@@ -2397,11 +2397,6 @@ echo "GENISOIMAGE=$genisoimage" >> $config_host_mak
 echo "MESON=$meson" >> $config_host_mak
 echo "NINJA=$ninja" >> $config_host_mak
 echo "CC=$cc" >> $config_host_mak
-echo "AR=$ar" >> $config_host_mak
-echo "AS=$as" >> $config_host_mak
-echo "CCAS=$ccas" >> $config_host_mak
-echo "OBJCOPY=$objcopy" >> $config_host_mak
-echo "LD=$ld" >> $config_host_mak
 echo "QEMU_CFLAGS=$QEMU_CFLAGS" >> $config_host_mak
 echo "QEMU_CXXFLAGS=$QEMU_CXXFLAGS" >> $config_host_mak
 echo "QEMU_OBJCFLAGS=$QEMU_OBJCFLAGS" >> $config_host_mak
@@ -2410,7 +2405,6 @@ echo "GLIB_LIBS=$glib_libs" >> $config_host_mak
 echo "GLIB_BINDIR=$glib_bindir" >> $config_host_mak
 echo "GLIB_VERSION=$(pkg-config --modversion glib-2.0)" >> $config_host_mak
 echo "QEMU_LDFLAGS=$QEMU_LDFLAGS" >> $config_host_mak
-echo "STRIP=$strip" >> $config_host_mak
 echo "EXESUF=$EXESUF" >> $config_host_mak
 
 # use included Linux headers
-- 
2.30.2

[PULL 13/33] build: clean up ninja invocation

[Alex Bennée]

From: Paolo Bonzini 

Fix an incorrect "@@:" and move "-d keepdepfile" to the NINJAFLAGS variable.

Signed-off-by: Paolo Bonzini 
Reviewed-by: Richard Henderson 
Message-Id: <20220517092616.1272238-3-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-14-alex.ben...@linaro.org>

diff --git a/Makefile b/Makefile
index b842dbccdb..fad312040f 100644
--- a/Makefile
+++ b/Makefile
@@ -143,7 +143,7 @@ MAKE.q = $(findstring q,$(firstword $(filter-out 
--%,$(MAKEFLAGS
 MAKE.nq = $(if $(word 2, $(MAKE.n) $(MAKE.q)),nq)
 NINJAFLAGS = $(if $V,-v) $(if $(MAKE.n), -n) $(if $(MAKE.k), -k0) \
 $(filter-out -j, $(lastword -j1 $(filter -l% -j%, $(MAKEFLAGS \
-
+-d keepdepfile
 ninja-cmd-goals = $(or $(MAKECMDGOALS), all)
 ninja-cmd-goals += $(foreach t, $(.check.build-suites), $(.check-$t.deps))
 ninja-cmd-goals += $(foreach t, $(.bench.build-suites), $(.bench-$t.deps))
@@ -160,8 +160,8 @@ $(ninja-targets): run-ninja
 # --output-sync line.
 run-ninja: config-host.mak
 ifneq ($(filter $(ninja-targets), $(ninja-cmd-goals)),)
-   +$(quiet-@)$(if $(MAKE.nq),@:, $(NINJA) -d keepdepfile \
-  $(NINJAFLAGS) $(sort $(filter $(ninja-targets), $(ninja-cmd-goals))) 
| cat)
+   +$(if $(MAKE.nq),@:,$(quiet-@)$(NINJA) $(NINJAFLAGS) \
+  $(sort $(filter $(ninja-targets), $(ninja-cmd-goals))) | cat)
 endif
 endif
 
-- 
2.30.2

[PULL 31/33] gitlab: convert build/container jobs to .base_job_template

[Alex Bennée]

From: Daniel P. Berrangé 

This converts the main build and container jobs to use the
base job rules, defining the following new variables

 - QEMU_JOB_SKIPPED - jobs that are known to be currently
   broken and should not be run. Can still be manually
   launched if desired.

 - QEMU_JOB_AVOCADO - jobs that run the Avocado integration
   test harness.

 - QEMU_JOB_PUBLISH - jobs that publish content after the
   branch is merged upstream

As build-tools-and-docs runs on master we declare the requirement of
building amd64-debian-container optional as it should already exits
once we merge.

Signed-off-by: Daniel P. Berrangé 
Message-Id: <20220526110705.59952-5-berra...@redhat.com>
[AJB: fix upstream typo, mention optional container req]
Signed-off-by: Alex Bennée 
Reviewed-by: Thomas Huth 
Message-Id: <20220527153603.887929-32-alex.ben...@linaro.org>

diff --git a/docs/devel/ci-jobs.rst.inc b/docs/devel/ci-jobs.rst.inc
index 4c7e30ab08..0b4926e537 100644
--- a/docs/devel/ci-jobs.rst.inc
+++ b/docs/devel/ci-jobs.rst.inc
@@ -73,6 +73,25 @@ The job results are only of interest to contributors prior to
 submitting code. They are not required as part of the gating
 CI pipeline.
 
+QEMU_JOB_SKIPPED
+
+
+The job is not reliably successsful in general, so is not
+currently suitable to be run by default. Ideally this should
+be a temporary marker until the problems can be addressed, or
+the job permanently removed.
+
+QEMU_JOB_PUBLISH
+
+
+The job is for publishing content after a branch has been
+merged into the upstream default branch.
+
+QEMU_JOB_AVOCADO
+
+
+The job runs the Avocado integration test suite
+
 Contributor controlled runtime variables
 
 
diff --git a/.gitlab-ci.d/base.yml b/.gitlab-ci.d/base.yml
index e6953c77ae..4f091d5aad 100644
--- a/.gitlab-ci.d/base.yml
+++ b/.gitlab-ci.d/base.yml
@@ -16,10 +16,22 @@
 - if: '$QEMU_JOB_CIRRUS && ($CIRRUS_GITHUB_REPO == "" || $CIRRUS_API_TOKEN 
== "")'
   when: never
 
+# Publishing jobs should only run on the default branch in upstream
+- if: '$QEMU_JOB_PUBLISH == "1" && $CI_PROJECT_NAMESPACE == "qemu-project" 
&& $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH'
+  when: never
+
+# Non-publishing jobs should only run on staging branches in upstream
+- if: '$QEMU_JOB_PUBLISH != "1" && $CI_PROJECT_NAMESPACE == "qemu-project" 
&& $CI_COMMIT_BRANCH !~ /staging/'
+  when: never
+
 # Jobs only intended for forks should always be skipped on upstream
 - if: '$QEMU_JOB_ONLY_FORKS == "1" && $CI_PROJECT_NAMESPACE == 
"qemu-project"'
   when: never
 
+# Avocado jobs don't run in forks unless $QEMU_CI_AVOCADO_TESTING is set
+- if: '$QEMU_JOB_AVOCADO && $QEMU_CI_AVOCADO_TESTING != "1" && 
$CI_PROJECT_NAMESPACE != "qemu-project"'
+  when: never
+
 
 #
 # Stage 2: fine tune execution of jobs in specific scenarios
@@ -31,6 +43,16 @@
   when: manual
   allow_failure: true
 
+# Skipped jobs should not be run unless manually triggered
+- if: '$QEMU_JOB_SKIPPED'
+  when: manual
+  allow_failure: true
+
+# Avocado jobs can be manually start in forks if $QEMU_CI_AVOCADO_TESTING 
is unset
+- if: '$QEMU_JOB_AVOCADO && $CI_PROJECT_NAMESPACE != "qemu-project"'
+  when: manual
+  allow_failure: true
+
 
 #
 # Stage 3: catch all logic applying to any job not matching
diff --git a/.gitlab-ci.d/buildtest-template.yml 
b/.gitlab-ci.d/buildtest-template.yml
index b381345dbc..73ecfabb8d 100644
--- a/.gitlab-ci.d/buildtest-template.yml
+++ b/.gitlab-ci.d/buildtest-template.yml
@@ -1,4 +1,5 @@
 .native_build_job_template:
+  extends: .base_job_template
   stage: build
   image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
   before_script:
@@ -27,6 +28,7 @@
   fi
 
 .common_test_job_template:
+  extends: .base_job_template
   stage: test
   image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
   script:
@@ -77,15 +79,5 @@
   after_script:
 - cd build
 - du -chs ${CI_PROJECT_DIR}/avocado-cache
-  rules:
-# Only run these jobs if running on the mainstream namespace,
-# or if the user set the QEMU_CI_AVOCADO_TESTING variable (either
-# in its namespace setting or via git-push option, see documentation
-# in /.gitlab-ci.yml of this repository).
-- if: '$CI_PROJECT_NAMESPACE == "qemu-project"'
-  when: on_success
-- if: '$QEMU_CI_AVOCADO_TESTING'
-  when: on_success
-# Otherwise, set to manual (the jobs are created but not run).
-- when: manual
-  allow_failure: true
+  variables:
+QEMU_JOB_AVOCADO: 1
diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
index e9620c3074..ecac3ec50c 100644
--- a/.gitlab-ci.d/buildtest.yml
+++ b/.gitlab-ci.d/buildtest.yml
@@ -360,12 +360,11 @@ build-cfi-aarch64:
 expire_in: 2 days
 paths:
  

[PULL 17/33] tests/tcg: correct target CPU for sparc32

[Alex Bennée]

From: Paolo Bonzini 

We do not want v8plus for pure sparc32, as the difference with the V8 ABI
are only meaningful on 64-bit CPUs suh as ultrasparc; supersparc is the
best CPU to use for 32-bit.

Signed-off-by: Paolo Bonzini 
Reviewed-by: Richard Henderson 
Message-Id: <20220517092616.1272238-7-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-18-alex.ben...@linaro.org>

diff --git a/tests/tcg/configure.sh b/tests/tcg/configure.sh
index 691d90abac..59f2403d1a 100755
--- a/tests/tcg/configure.sh
+++ b/tests/tcg/configure.sh
@@ -70,7 +70,7 @@ fi
 : ${cross_cc_riscv64="riscv64-linux-gnu-gcc"}
 : ${cross_cc_s390x="s390x-linux-gnu-gcc"}
 : ${cross_cc_sh4="sh4-linux-gnu-gcc"}
-: ${cross_cc_cflags_sparc="-m32 -mv8plus -mcpu=ultrasparc"}
+: ${cross_cc_cflags_sparc="-m32 -mcpu=supersparc"}
 : ${cross_cc_sparc64="sparc64-linux-gnu-gcc"}
 : ${cross_cc_cflags_sparc64="-m64 -mcpu=ultrasparc"}
 : ${cross_cc_x86_64="x86_64-linux-gnu-gcc"}
-- 
2.30.2

[PULL 09/33] tests/docker: update debian-mips64el-cross with lcitool

[Alex Bennée]

Use lcitool to update debian-mips64el-cross to a Debian 11 based system.

Signed-off-by: Alex Bennée 
Reviewed-by: Daniel P. Berrangé 
Message-Id: <20220527153603.887929-10-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
index 1a533e6fc0..411dc06bf8 100644
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -88,8 +88,7 @@ mips64-debian-cross-container:
 
 mips64el-debian-cross-container:
   extends: .container_job_template
-  stage: containers-layer2
-  needs: ['amd64-debian10-container']
+  stage: containers
   variables:
 NAME: debian-mips64el-cross
 
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 0ac5975419..d9f37ae8fa 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -93,7 +93,6 @@ docker-image-debian-hppa-cross: docker-image-debian10
 docker-image-debian-m68k-cross: docker-image-debian10
 docker-image-debian-mips-cross: docker-image-debian10
 docker-image-debian-mips64-cross: docker-image-debian10
-docker-image-debian-mips64el-cross: docker-image-debian10
 docker-image-debian-ppc64el-cross: docker-image-debian10
 docker-image-debian-sh4-cross: docker-image-debian10
 docker-image-debian-sparc64-cross: docker-image-debian10
diff --git a/tests/docker/dockerfiles/debian-mips64el-cross.docker 
b/tests/docker/dockerfiles/debian-mips64el-cross.docker
index c990b683b7..b02dcb7fd9 100644
--- a/tests/docker/dockerfiles/debian-mips64el-cross.docker
+++ b/tests/docker/dockerfiles/debian-mips64el-cross.docker
@@ -1,33 +1,162 @@
+# THIS FILE WAS AUTO-GENERATED
 #
-# Docker mips64el cross-compiler target
-#
-# This docker target builds on the debian Stretch base image.
+#  $ lcitool dockerfile --layers all --cross mips64el debian-11 qemu
 #
+# https://gitlab.com/libvirt/libvirt-ci
 
-FROM qemu/debian10
+FROM docker.io/library/debian:11-slim
 
-MAINTAINER Philippe Mathieu-Daudé 
+RUN export DEBIAN_FRONTEND=noninteractive && \
+apt-get update && \
+apt-get install -y eatmydata && \
+eatmydata apt-get dist-upgrade -y && \
+eatmydata apt-get install --no-install-recommends -y \
+bash \
+bc \
+bsdextrautils \
+bzip2 \
+ca-certificates \
+ccache \
+dbus \
+debianutils \
+diffutils \
+exuberant-ctags \
+findutils \
+gcovr \
+genisoimage \
+gettext \
+git \
+hostname \
+libpcre2-dev \
+libspice-protocol-dev \
+llvm \
+locales \
+make \
+meson \
+ncat \
+ninja-build \
+openssh-client \
+perl-base \
+pkgconf \
+python3 \
+python3-numpy \
+python3-opencv \
+python3-pillow \
+python3-pip \
+python3-sphinx \
+python3-sphinx-rtd-theme \
+python3-venv \
+python3-yaml \
+rpm2cpio \
+sed \
+sparse \
+tar \
+tesseract-ocr \
+tesseract-ocr-eng \
+texinfo && \
+eatmydata apt-get autoremove -y && \
+eatmydata apt-get autoclean -y && \
+sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+dpkg-reconfigure locales
 
-# Add the foreign architecture we want and install dependencies
-RUN dpkg --add-architecture mips64el && \
-apt update && \
-DEBIAN_FRONTEND=noninteractive eatmydata \
-apt install -y --no-install-recommends \
-gcc-mips64el-linux-gnuabi64
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
-RUN apt update && \
-DEBIAN_FRONTEND=noninteractive eatmydata \
-apt build-dep -yy -a mips64el --arch-only qemu
+RUN export DEBIAN_FRONTEND=noninteractive && \
+dpkg --add-architecture mips64el && \
+eatmydata apt-get update && \
+eatmydata apt-get dist-upgrade -y && \
+eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+eatmydata apt-get install --no-install-recommends -y \
+g++-mips64el-linux-gnuabi64 \
+gcc-mips64el-linux-gnuabi64 \
+libaio-dev:mips64el \
+libasound2-dev:mips64el \
+libattr1-dev:mips64el \
+libbpf-dev:mips64el \
+libbrlapi-dev:mips64el \
+libbz2-dev:mips64el \
+libc6-dev:mips64el \
+libcacard-dev:mips64el \
+libcap-ng-dev:mips64el \
+libcapstone-dev:mips64el \
+libcurl4-gnutls-dev:mips64el \
+libdaxctl-dev:mips64el \
+libdrm-dev:mips64el \
+libepoxy-dev:mips64el \
+libfdt-dev:mips64el \
+libffi-dev:mips64el \
+

[PULL 10/33] tests/docker: update debian-ppc64el-cross with lcitool

[Alex Bennée]

Use lcitool to update debian-ppc64el-cross to a Debian 11 based system.

Signed-off-by: Alex Bennée 
Reviewed-by: Daniel P. Berrangé 
Message-Id: <20220527153603.887929-11-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
index 411dc06bf8..147e667744 100644
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -114,8 +114,7 @@ powerpc-test-cross-container:
 
 ppc64el-debian-cross-container:
   extends: .container_job_template
-  stage: containers-layer2
-  needs: ['amd64-debian10-container']
+  stage: containers
   variables:
 NAME: debian-ppc64el-cross
 
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index d9f37ae8fa..e68f91b853 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -93,7 +93,6 @@ docker-image-debian-hppa-cross: docker-image-debian10
 docker-image-debian-m68k-cross: docker-image-debian10
 docker-image-debian-mips-cross: docker-image-debian10
 docker-image-debian-mips64-cross: docker-image-debian10
-docker-image-debian-ppc64el-cross: docker-image-debian10
 docker-image-debian-sh4-cross: docker-image-debian10
 docker-image-debian-sparc64-cross: docker-image-debian10
 
diff --git a/tests/docker/dockerfiles/debian-ppc64el-cross.docker 
b/tests/docker/dockerfiles/debian-ppc64el-cross.docker
index 5de12b01cd..bcf04bc90b 100644
--- a/tests/docker/dockerfiles/debian-ppc64el-cross.docker
+++ b/tests/docker/dockerfiles/debian-ppc64el-cross.docker
@@ -1,28 +1,164 @@
+# THIS FILE WAS AUTO-GENERATED
 #
-# Docker ppc64el cross-compiler target
+#  $ lcitool dockerfile --layers all --cross ppc64le debian-11 qemu
 #
-# This docker target builds on the debian Stretch base image.
-#
-FROM qemu/debian10
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:11-slim
 
-# Add the foreign architecture we want and install dependencies
-RUN dpkg --add-architecture ppc64el && \
-apt update && \
-apt install -yy crossbuild-essential-ppc64el
+RUN export DEBIAN_FRONTEND=noninteractive && \
+apt-get update && \
+apt-get install -y eatmydata && \
+eatmydata apt-get dist-upgrade -y && \
+eatmydata apt-get install --no-install-recommends -y \
+bash \
+bc \
+bsdextrautils \
+bzip2 \
+ca-certificates \
+ccache \
+dbus \
+debianutils \
+diffutils \
+exuberant-ctags \
+findutils \
+gcovr \
+genisoimage \
+gettext \
+git \
+hostname \
+libpcre2-dev \
+libspice-protocol-dev \
+llvm \
+locales \
+make \
+meson \
+ncat \
+ninja-build \
+openssh-client \
+perl-base \
+pkgconf \
+python3 \
+python3-numpy \
+python3-opencv \
+python3-pillow \
+python3-pip \
+python3-sphinx \
+python3-sphinx-rtd-theme \
+python3-venv \
+python3-yaml \
+rpm2cpio \
+sed \
+sparse \
+tar \
+tesseract-ocr \
+tesseract-ocr-eng \
+texinfo && \
+eatmydata apt-get autoremove -y && \
+eatmydata apt-get autoclean -y && \
+sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+dpkg-reconfigure locales
 
-RUN apt update && \
-DEBIAN_FRONTEND=noninteractive eatmydata \
-apt build-dep -yy -a ppc64el --arch-only qemu
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
-# Specify the cross prefix for this image (see tests/docker/common.rc)
+RUN export DEBIAN_FRONTEND=noninteractive && \
+dpkg --add-architecture ppc64el && \
+eatmydata apt-get update && \
+eatmydata apt-get dist-upgrade -y && \
+eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+eatmydata apt-get install --no-install-recommends -y \
+g++-powerpc64le-linux-gnu \
+gcc-powerpc64le-linux-gnu \
+libaio-dev:ppc64el \
+libasan5:ppc64el \
+libasound2-dev:ppc64el \
+libattr1-dev:ppc64el \
+libbpf-dev:ppc64el \
+libbrlapi-dev:ppc64el \
+libbz2-dev:ppc64el \
+libc6-dev:ppc64el \
+libcacard-dev:ppc64el \
+libcap-ng-dev:ppc64el \
+libcapstone-dev:ppc64el \
+libcurl4-gnutls-dev:ppc64el \
+libdaxctl-dev:ppc64el \
+libdrm-dev:ppc64el \
+libepoxy-dev:ppc64el \
+libfdt-dev:ppc64el \
+libffi-dev:ppc64el \
+libfuse3-dev:ppc64el \
+libgbm-dev:ppc64el \
+libgcrypt20-dev:ppc64el \
+

[PULL 14/33] build: add a more generic way to specify make->ninja dependencies

[Alex Bennée]

From: Paolo Bonzini 

Let any make target specify ninja goals that needs to be built for it
(though selecting the goals is _not_ recursive on depending targets)
instead of having a custom mechanism only for "make check" and "make
bench".

Signed-off-by: Paolo Bonzini 
Message-Id: <20220517092616.1272238-4-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-15-alex.ben...@linaro.org>

diff --git a/Makefile b/Makefile
index fad312040f..3c0d89057e 100644
--- a/Makefile
+++ b/Makefile
@@ -145,8 +145,7 @@ NINJAFLAGS = $(if $V,-v) $(if $(MAKE.n), -n) $(if 
$(MAKE.k), -k0) \
 $(filter-out -j, $(lastword -j1 $(filter -l% -j%, $(MAKEFLAGS \
 -d keepdepfile
 ninja-cmd-goals = $(or $(MAKECMDGOALS), all)
-ninja-cmd-goals += $(foreach t, $(.check.build-suites), $(.check-$t.deps))
-ninja-cmd-goals += $(foreach t, $(.bench.build-suites), $(.bench-$t.deps))
+ninja-cmd-goals += $(foreach g, $(MAKECMDGOALS), $(.ninja-goals.$g
 
 makefile-targets := build.ninja ctags TAGS cscope dist clean uninstall
 # "ninja -t targets" also lists all prerequisites.  If build system
diff --git a/scripts/mtest2make.py b/scripts/mtest2make.py
index 304634b71e..0fe81efbbc 100644
--- a/scripts/mtest2make.py
+++ b/scripts/mtest2make.py
@@ -81,12 +81,12 @@ def emit_prolog(suites, prefix):
 
 def emit_suite_deps(name, suite, prefix):
 deps = ' '.join(suite.deps)
-targets = f'{prefix}-{name} {prefix}-report-{name}.junit.xml {prefix} 
{prefix}-report.junit.xml'
+targets = [f'{prefix}-{name}', f'{prefix}-report-{name}.junit.xml', 
f'{prefix}', f'{prefix}-report.junit.xml',
+   f'{prefix}-build']
 print()
 print(f'.{prefix}-{name}.deps = {deps}')
-print(f'ifneq ($(filter {prefix}-build {targets}, $(MAKECMDGOALS)),)')
-print(f'.{prefix}.build-suites += {name}')
-print(f'endif')
+for t in targets:
+print(f'.ninja-goals.{t} += $(.{prefix}-{name}.deps)')
 
 def emit_suite(name, suite, prefix):
 emit_suite_deps(name, suite, prefix)
-- 
2.30.2

[PULL 12/33] configure: do not define or use the CPP variable

[Alex Bennée]

From: Paolo Bonzini 

Just hardcode $(CC) -E, it should be enough.

Signed-off-by: Paolo Bonzini 
Reviewed-by: Richard Henderson 
Message-Id: <20220517092616.1272238-2-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-13-alex.ben...@linaro.org>

diff --git a/configure b/configure
index f2baf2f526..c88ef94fec 100755
--- a/configure
+++ b/configure
@@ -376,7 +376,6 @@ fi
 ar="${AR-${cross_prefix}ar}"
 as="${AS-${cross_prefix}as}"
 ccas="${CCAS-$cc}"
-cpp="${CPP-$cc -E}"
 objcopy="${OBJCOPY-${cross_prefix}objcopy}"
 ld="${LD-${cross_prefix}ld}"
 ranlib="${RANLIB-${cross_prefix}ranlib}"
@@ -2014,7 +2013,6 @@ echo "CC=$cc" >> $config_host_mak
 echo "AR=$ar" >> $config_host_mak
 echo "AS=$as" >> $config_host_mak
 echo "CCAS=$ccas" >> $config_host_mak
-echo "CPP=$cpp" >> $config_host_mak
 echo "OBJCOPY=$objcopy" >> $config_host_mak
 echo "LD=$ld" >> $config_host_mak
 echo "QEMU_CFLAGS=$QEMU_CFLAGS" >> $config_host_mak
@@ -2257,7 +2255,6 @@ preserve_env() {
 preserve_env AR
 preserve_env AS
 preserve_env CC
-preserve_env CPP
 preserve_env CFLAGS
 preserve_env CXX
 preserve_env CXXFLAGS
diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile
index 2494ad9c25..17ccc76241 100644
--- a/pc-bios/optionrom/Makefile
+++ b/pc-bios/optionrom/Makefile
@@ -50,7 +50,7 @@ override LDFLAGS = -m $(LD_I386_EMULATION) -T 
$(SRC_DIR)/flat.lds
 pvh.img: pvh.o pvh_main.o
 
 %.o: %.S
-   $(call quiet-command,$(CPP) $(CPPFLAGS) -c -o - $< | $(AS) $(ASFLAGS) 
-o $@,"AS","$@")
+   $(call quiet-command,$(CC) $(CPPFLAGS) -E -o - $< | $(AS) $(ASFLAGS) -o 
$@,"AS","$@")
 
 %.o: %.c
$(call quiet-command,$(CC) $(CPPFLAGS) $(CFLAGS) -c $< -o $@,"CC","$@")
-- 
2.30.2

[PULL 05/33] tests/lcitool: fix up indentation to correct style

[Alex Bennée]

3 space indentation snuck into the initial commit. Clean it up before
we let it get established. I've also:

  - removed unused os import
  - added double lines between functions
  - added some comments and grouped and sorted the generation stanzas

My lint tool is also recommending using f-strings but that requires
python 3.6.

Signed-off-by: Alex Bennée 
Cc: Daniel P. Berrangé 
Reviewed-by: Daniel P. Berrangé 
Message-Id: <20220527153603.887929-6-alex.ben...@linaro.org>

diff --git a/tests/lcitool/refresh b/tests/lcitool/refresh
index fb49bbc441..dc1fc21ef9 100755
--- a/tests/lcitool/refresh
+++ b/tests/lcitool/refresh
@@ -13,14 +13,13 @@
 # the top-level directory.
 
 import sys
-import os
 import subprocess
 
 from pathlib import Path
 
 if len(sys.argv) != 1:
-   print("syntax: %s" % sys.argv[0], file=sys.stderr)
-   sys.exit(1)
+print("syntax: %s" % sys.argv[0], file=sys.stderr)
+sys.exit(1)
 
 self_dir = Path(__file__).parent
 src_dir = self_dir.parent.parent
@@ -30,76 +29,95 @@ lcitool_path = Path(self_dir, "libvirt-ci", "lcitool")
 
 lcitool_cmd = [lcitool_path, "--data-dir", self_dir]
 
+
 def atomic_write(filename, content):
-   tmp = filename.with_suffix(filename.suffix + ".tmp")
-   try:
-  with tmp.open("w") as fp:
- print(content, file=fp, end="")
- tmp.rename(filename)
-   except Exception as ex:
-  tmp.unlink()
-  raise
+tmp = filename.with_suffix(filename.suffix + ".tmp")
+try:
+with tmp.open("w") as fp:
+print(content, file=fp, end="")
+tmp.rename(filename)
+except Exception as ex:
+tmp.unlink()
+raise
+
 
 def generate(filename, cmd, trailer):
-   print("Generate %s" % filename)
-   lcitool=subprocess.run(cmd, capture_output=True)
+print("Generate %s" % filename)
+lcitool = subprocess.run(cmd, capture_output=True)
 
-   if lcitool.returncode != 0:
-  raise Exception("Failed to generate %s: %s" % (filename, lcitool.stderr))
+if lcitool.returncode != 0:
+raise Exception("Failed to generate %s: %s" % (filename, 
lcitool.stderr))
+
+content = lcitool.stdout.decode("utf8")
+if trailer is not None:
+content += trailer
+atomic_write(filename, content)
 
-   content = lcitool.stdout.decode("utf8")
-   if trailer is not None:
-  content += trailer
-   atomic_write(filename, content)
 
 def generate_dockerfile(host, target, cross=None, trailer=None):
-   filename = Path(src_dir, "tests", "docker", "dockerfiles", host + ".docker")
-   cmd = lcitool_cmd + ["dockerfile"]
-   if cross is not None:
-  cmd.extend(["--cross", cross])
-   cmd.extend([target, "qemu"])
-   generate(filename, cmd, trailer)
+filename = Path(src_dir, "tests", "docker", "dockerfiles", host + 
".docker")
+cmd = lcitool_cmd + ["dockerfile"]
+if cross is not None:
+cmd.extend(["--cross", cross])
+cmd.extend([target, "qemu"])
+generate(filename, cmd, trailer)
+
 
 def generate_cirrus(target, trailer=None):
-   filename = Path(src_dir, ".gitlab-ci.d", "cirrus", target + ".vars")
-   cmd = lcitool_cmd + ["variables", target, "qemu"]
-   generate(filename, cmd, trailer)
+filename = Path(src_dir, ".gitlab-ci.d", "cirrus", target + ".vars")
+cmd = lcitool_cmd + ["variables", target, "qemu"]
+generate(filename, cmd, trailer)
+
 
 ubuntu2004_tsanhack = [
-   "# Apply patch https://reviews.llvm.org/D75820\n;,
-   "# This is required for TSan in clang-10 to compile with QEMU.\n",
-   "RUN sed -i 's/^const/static const/g' 
/usr/lib/llvm-10/lib/clang/10.0.0/include/sanitizer/tsan_interface.h\n"
+"# Apply patch https://reviews.llvm.org/D75820\n;,
+"# This is required for TSan in clang-10 to compile with QEMU.\n",
+"RUN sed -i 's/^const/static const/g' 
/usr/lib/llvm-10/lib/clang/10.0.0/include/sanitizer/tsan_interface.h\n"
 ]
 
+
 def debian_cross_build(prefix, targets):
-   conf = "ENV QEMU_CONFIGURE_OPTS --cross-prefix=%s\n" % (prefix)
-   targets = "ENV DEF_TARGET_LIST %s\n" % (targets)
-   return "".join([conf, targets])
+conf = "ENV QEMU_CONFIGURE_OPTS --cross-prefix=%s\n" % (prefix)
+targets = "ENV DEF_TARGET_LIST %s\n" % (targets)
+return "".join([conf, targets])
 
+#
+# Update all the various build configurations.
+# Please keep each group sorted alphabetically for easy reading.
+#
 
 try:
-   generate_dockerfile("centos8", "centos-stream-8")
-   generate_dockerfile("fedora", "fedora-35")
-   generate_dockerfile("ubuntu2004", "ubuntu-2004",
-   trailer="".join(ubuntu2004_tsanhack))
-   generate_dockerfile("opensuse-leap", "opensuse-leap-152")
-   generate_dockerfile("alpine", "alpine-edge")
-
-   generate_dockerfile("debian-arm64-cross", "debian-11",
-   cross="aarch64",
-   trailer=debian_cross_build("aarch64-linux-gnu-",
-  
"aarch64-softmmu,aarch64-linux-user"))
-
-   generate_dockerfile("debian-s390x-cross", 

[PULL 07/33] tests/docker: update debian-armel-cross with lcitool

[Alex Bennée]

Use lcitool to update debian-armel-cross to a Debian 11 based system.

Signed-off-by: Alex Bennée 
Reviewed-by: Daniel P. Berrangé 
Message-Id: <20220527153603.887929-8-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
index 4d1830f3fc..caef7decf4 100644
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -27,8 +27,7 @@ arm64-debian-cross-container:
 
 armel-debian-cross-container:
   extends: .container_job_template
-  stage: containers-layer2
-  needs: ['amd64-debian10-container']
+  stage: containers
   variables:
 NAME: debian-armel-cross
 
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index d6e0710554..d9109bcc77 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -89,7 +89,6 @@ DOCKER_PARTIAL_IMAGES += fedora
 endif
 
 docker-image-debian-alpha-cross: docker-image-debian10
-docker-image-debian-armel-cross: docker-image-debian10
 docker-image-debian-hppa-cross: docker-image-debian10
 docker-image-debian-m68k-cross: docker-image-debian10
 docker-image-debian-mips-cross: docker-image-debian10
diff --git a/tests/docker/dockerfiles/debian-armel-cross.docker 
b/tests/docker/dockerfiles/debian-armel-cross.docker
index b7b1a3585f..a6153e5a83 100644
--- a/tests/docker/dockerfiles/debian-armel-cross.docker
+++ b/tests/docker/dockerfiles/debian-armel-cross.docker
@@ -1,26 +1,164 @@
+# THIS FILE WAS AUTO-GENERATED
 #
-# Docker armel cross-compiler target
+#  $ lcitool dockerfile --layers all --cross armv6l debian-11 qemu
 #
-# This docker target builds on the debian Stretch base image.
-#
-FROM qemu/debian10
-MAINTAINER Philippe Mathieu-Daudé 
+# https://gitlab.com/libvirt/libvirt-ci
+
+FROM docker.io/library/debian:11-slim
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+apt-get update && \
+apt-get install -y eatmydata && \
+eatmydata apt-get dist-upgrade -y && \
+eatmydata apt-get install --no-install-recommends -y \
+bash \
+bc \
+bsdextrautils \
+bzip2 \
+ca-certificates \
+ccache \
+dbus \
+debianutils \
+diffutils \
+exuberant-ctags \
+findutils \
+gcovr \
+genisoimage \
+gettext \
+git \
+hostname \
+libpcre2-dev \
+libspice-protocol-dev \
+llvm \
+locales \
+make \
+meson \
+ncat \
+ninja-build \
+openssh-client \
+perl-base \
+pkgconf \
+python3 \
+python3-numpy \
+python3-opencv \
+python3-pillow \
+python3-pip \
+python3-sphinx \
+python3-sphinx-rtd-theme \
+python3-venv \
+python3-yaml \
+rpm2cpio \
+sed \
+sparse \
+tar \
+tesseract-ocr \
+tesseract-ocr-eng \
+texinfo && \
+eatmydata apt-get autoremove -y && \
+eatmydata apt-get autoclean -y && \
+sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+dpkg-reconfigure locales
 
-# Add the foreign architecture we want and install dependencies
-RUN dpkg --add-architecture armel && \
-apt update && \
-apt install -yy crossbuild-essential-armel && \
-DEBIAN_FRONTEND=noninteractive eatmydata \
-apt build-dep -yy -a armel --arch-only qemu
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
-# Specify the cross prefix for this image (see tests/docker/common.rc)
+RUN export DEBIAN_FRONTEND=noninteractive && \
+dpkg --add-architecture armel && \
+eatmydata apt-get update && \
+eatmydata apt-get dist-upgrade -y && \
+eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+eatmydata apt-get install --no-install-recommends -y \
+g++-arm-linux-gnueabi \
+gcc-arm-linux-gnueabi \
+libaio-dev:armel \
+libasan5:armel \
+libasound2-dev:armel \
+libattr1-dev:armel \
+libbpf-dev:armel \
+libbrlapi-dev:armel \
+libbz2-dev:armel \
+libc6-dev:armel \
+libcacard-dev:armel \
+libcap-ng-dev:armel \
+libcapstone-dev:armel \
+libcurl4-gnutls-dev:armel \
+libdaxctl-dev:armel \
+libdrm-dev:armel \
+libepoxy-dev:armel \
+libfdt-dev:armel \
+libffi-dev:armel \
+libfuse3-dev:armel \
+libgbm-dev:armel \
+libgcrypt20-dev:armel \
+libglib2.0-dev:armel \
+libglusterfs-dev:armel \
+libgnutls28-dev:armel \
+libgtk-3-dev:armel \
+   

[PULL 08/33] tests/docker: update debian-mipsel-cross with lcitool

[Alex Bennée]

Use lcitool to update debian-mipsel-cross to a Debian 11 based system.

Signed-off-by: Alex Bennée 
Reviewed-by: Daniel P. Berrangé 
Message-Id: <20220527153603.887929-9-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
index caef7decf4..1a533e6fc0 100644
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -102,8 +102,7 @@ mips-debian-cross-container:
 
 mipsel-debian-cross-container:
   extends: .container_job_template
-  stage: containers-layer2
-  needs: ['amd64-debian10-container']
+  stage: containers
   variables:
 NAME: debian-mipsel-cross
 
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index d9109bcc77..0ac5975419 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -94,7 +94,6 @@ docker-image-debian-m68k-cross: docker-image-debian10
 docker-image-debian-mips-cross: docker-image-debian10
 docker-image-debian-mips64-cross: docker-image-debian10
 docker-image-debian-mips64el-cross: docker-image-debian10
-docker-image-debian-mipsel-cross: docker-image-debian10
 docker-image-debian-ppc64el-cross: docker-image-debian10
 docker-image-debian-sh4-cross: docker-image-debian10
 docker-image-debian-sparc64-cross: docker-image-debian10
diff --git a/tests/docker/dockerfiles/debian-mipsel-cross.docker 
b/tests/docker/dockerfiles/debian-mipsel-cross.docker
index 0e5dd42d3c..b6d99ae324 100644
--- a/tests/docker/dockerfiles/debian-mipsel-cross.docker
+++ b/tests/docker/dockerfiles/debian-mipsel-cross.docker
@@ -1,31 +1,162 @@
+# THIS FILE WAS AUTO-GENERATED
 #
-# Docker mipsel cross-compiler target
+#  $ lcitool dockerfile --layers all --cross mipsel debian-11 qemu
 #
-# This docker target builds on the debian Stretch base image.
-#
-FROM qemu/debian10
+# https://gitlab.com/libvirt/libvirt-ci
 
-MAINTAINER Philippe Mathieu-Daudé 
+FROM docker.io/library/debian:11-slim
 
-# Add the foreign architecture we want and install dependencies
-RUN dpkg --add-architecture mipsel
-RUN apt update && \
-DEBIAN_FRONTEND=noninteractive eatmydata \
-apt install -y --no-install-recommends \
-gcc-mipsel-linux-gnu
+RUN export DEBIAN_FRONTEND=noninteractive && \
+apt-get update && \
+apt-get install -y eatmydata && \
+eatmydata apt-get dist-upgrade -y && \
+eatmydata apt-get install --no-install-recommends -y \
+bash \
+bc \
+bsdextrautils \
+bzip2 \
+ca-certificates \
+ccache \
+dbus \
+debianutils \
+diffutils \
+exuberant-ctags \
+findutils \
+gcovr \
+genisoimage \
+gettext \
+git \
+hostname \
+libpcre2-dev \
+libspice-protocol-dev \
+llvm \
+locales \
+make \
+meson \
+ncat \
+ninja-build \
+openssh-client \
+perl-base \
+pkgconf \
+python3 \
+python3-numpy \
+python3-opencv \
+python3-pillow \
+python3-pip \
+python3-sphinx \
+python3-sphinx-rtd-theme \
+python3-venv \
+python3-yaml \
+rpm2cpio \
+sed \
+sparse \
+tar \
+tesseract-ocr \
+tesseract-ocr-eng \
+texinfo && \
+eatmydata apt-get autoremove -y && \
+eatmydata apt-get autoclean -y && \
+sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+dpkg-reconfigure locales
 
-RUN apt update && \
-DEBIAN_FRONTEND=noninteractive eatmydata \
-apt build-dep -yy -a mipsel --arch-only qemu
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
-# Specify the cross prefix for this image (see tests/docker/common.rc)
-ENV QEMU_CONFIGURE_OPTS --cross-prefix=mipsel-linux-gnu-
+RUN export DEBIAN_FRONTEND=noninteractive && \
+dpkg --add-architecture mipsel && \
+eatmydata apt-get update && \
+eatmydata apt-get dist-upgrade -y && \
+eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+eatmydata apt-get install --no-install-recommends -y \
+g++-mipsel-linux-gnu \
+gcc-mipsel-linux-gnu \
+libaio-dev:mipsel \
+libasound2-dev:mipsel \
+libattr1-dev:mipsel \
+libbpf-dev:mipsel \
+libbrlapi-dev:mipsel \
+libbz2-dev:mipsel \
+libc6-dev:mipsel \
+libcacard-dev:mipsel \
+libcap-ng-dev:mipsel \
+libcapstone-dev:mipsel \
+libcurl4-gnutls-dev:mipsel \
+libdaxctl-dev:mipsel \
+libdrm-dev:mipsel \
+libepoxy-dev:mipsel \
+libfdt-dev:mipsel \
+ 

[PULL 01/33] .gitlab-ci.d/container-cross: Fix RISC-V container dependencies / stages

[Alex Bennée]

From: Thomas Huth 

The "riscv64-debian-cross-container" job does not depend on any other
container job from the first stage, so we can move it to the first
stage, too.

The "riscv64-debian-test-cross-container" job needs the debian11
container, so we should add a proper "needs:" statement here.

Signed-off-by: Thomas Huth 
Message-Id: <20220524093141.91012-1-th...@redhat.com>
Signed-off-by: Alex Bennée 
Reviewed-by: Alistair Francis 
Message-Id: <20220527153603.887929-2-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
index e622ac2d21..ac15fce9b6 100644
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -125,7 +125,7 @@ ppc64el-debian-cross-container:
 
 riscv64-debian-cross-container:
   extends: .container_job_template
-  stage: containers-layer2
+  stage: containers
   # as we are currently based on 'sid/unstable' we may break so...
   allow_failure: true
   variables:
@@ -135,6 +135,7 @@ riscv64-debian-cross-container:
 riscv64-debian-test-cross-container:
   extends: .container_job_template
   stage: containers-layer2
+  needs: ['amd64-debian11-container']
   variables:
 NAME: debian-riscv64-test-cross
 
-- 
2.30.2

[PULL 21/33] configure: introduce --cross-prefix-*=

[Alex Bennée]

From: Paolo Bonzini 

Also in preparation for handling more binaries from the cross binutils,
support an option --cross-prefix-ARCH.  All cross_cc_* defaults are
replaced with cross_prefix_*; the cross_cc_* fallbacks are extended
to the cross-compilation prefix, but the compiler fallbacks remain
as well.  This way, for example, --cross-cc-arm=arm-linux-gnueabihf-clang
also applies to armeb binaries.

Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
Message-Id: <20220517092616.1272238-11-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-22-alex.ben...@linaro.org>

diff --git a/configure b/configure
index 217c8b3cac..f55ae82a5d 100755
--- a/configure
+++ b/configure
@@ -363,6 +363,11 @@ for opt do
   --cross-cc-*) cc_arch=${opt#--cross-cc-}; cc_arch=${cc_arch%%=*}
 eval "cross_cc_${cc_arch}=\$optarg"
   ;;
+  --cross-prefix-*[!a-zA-Z0-9_-]*=*) error_exit "Passed bad --cross-prefix-FOO 
option"
+  ;;
+  --cross-prefix-*) cc_arch=${opt#--cross-prefix-}; cc_arch=${cc_arch%%=*}
+eval "cross_prefix_${cc_arch}=\$optarg"
+  ;;
   esac
 done
 # OS specific
@@ -728,6 +733,8 @@ for opt do
   ;;
   --cross-cc-*)
   ;;
+  --cross-prefix-*)
+  ;;
   --enable-debug-info) meson_option_add -Ddebug=true
   ;;
   --disable-debug-info) meson_option_add -Ddebug=false
@@ -1016,6 +1023,7 @@ Advanced options (experts only):
   --extra-ldflags=LDFLAGS  append extra linker flags LDFLAGS
   --cross-cc-ARCH=CC   use compiler when building ARCH guest test cases
   --cross-cc-cflags-ARCH=  use compiler flags when building ARCH guest tests
+  --cross-prefix-ARCH=PREFIX cross compiler prefix when building ARCH guest 
test cases
   --make=MAKE  use specified make [$make]
   --python=PYTHON  use specified python [$python]
   --meson=MESONuse specified meson [$meson]
@@ -1818,44 +1826,54 @@ if test $use_containers = "yes"; then
 fi
 
 # cross compilers defaults, can be overridden with --cross-cc-ARCH
-: ${cross_cc_aarch64="aarch64-linux-gnu-gcc"}
+: ${cross_prefix_aarch64="aarch64-linux-gnu-"}
+: ${cross_prefix_aarch64_be="$cross_prefix_aarch64"}
+: ${cross_prefix_alpha="alpha-linux-gnu-"}
+: ${cross_prefix_arm="arm-linux-gnueabihf-"}
+: ${cross_prefix_armeb="$cross_prefix_arm"}
+: ${cross_prefix_hexagon="hexagon-unknown-linux-musl-"}
+: ${cross_prefix_hppa="hppa-linux-gnu-"}
+: ${cross_prefix_i386="i686-linux-gnu-"}
+: ${cross_prefix_m68k="m68k-linux-gnu-"}
+: ${cross_prefix_microblaze="microblaze-linux-musl-"}
+: ${cross_prefix_mips64el="mips64el-linux-gnuabi64-"}
+: ${cross_prefix_mips64="mips64-linux-gnuabi64-"}
+: ${cross_prefix_mipsel="mipsel-linux-gnu-"}
+: ${cross_prefix_mips="mips-linux-gnu-"}
+: ${cross_prefix_nios2="nios2-linux-gnu-"}
+: ${cross_prefix_ppc="powerpc-linux-gnu-"}
+: ${cross_prefix_ppc64="powerpc64-linux-gnu-"}
+: ${cross_prefix_ppc64le="$cross_prefix_ppc64"}
+: ${cross_prefix_riscv64="riscv64-linux-gnu-"}
+: ${cross_prefix_s390x="s390x-linux-gnu-"}
+: ${cross_prefix_sh4="sh4-linux-gnu-"}
+: ${cross_prefix_sparc64="sparc64-linux-gnu-"}
+: ${cross_prefix_sparc="$cross_prefix_sparc64"}
+: ${cross_prefix_x86_64="x86_64-linux-gnu-"}
+
 : ${cross_cc_aarch64_be="$cross_cc_aarch64"}
 : ${cross_cc_cflags_aarch64_be="-mbig-endian"}
-: ${cross_cc_alpha="alpha-linux-gnu-gcc"}
-: ${cross_cc_arm="arm-linux-gnueabihf-gcc"}
 : ${cross_cc_armeb="$cross_cc_arm"}
 : ${cross_cc_cflags_armeb="-mbig-endian"}
 : ${cross_cc_hexagon="hexagon-unknown-linux-musl-clang"}
 : ${cross_cc_cflags_hexagon="-mv67 -O2 -static"}
-: ${cross_cc_hppa="hppa-linux-gnu-gcc"}
-: ${cross_cc_i386="i686-linux-gnu-gcc"}
 : ${cross_cc_cflags_i386="-m32"}
-: ${cross_cc_m68k="m68k-linux-gnu-gcc"}
-: ${cross_cc_microblaze="microblaze-linux-musl-gcc"}
-: ${cross_cc_mips64el="mips64el-linux-gnuabi64-gcc"}
-: ${cross_cc_mips64="mips64-linux-gnuabi64-gcc"}
-: ${cross_cc_mipsel="mipsel-linux-gnu-gcc"}
-: ${cross_cc_mips="mips-linux-gnu-gcc"}
-: ${cross_cc_nios2="nios2-linux-gnu-gcc"}
-: ${cross_cc_ppc="powerpc-linux-gnu-gcc"}
 : ${cross_cc_cflags_ppc="-m32"}
-: ${cross_cc_ppc64="powerpc64-linux-gnu-gcc"}
 : ${cross_cc_cflags_ppc64="-m64 -mbig-endian"}
 : ${cross_cc_ppc64le="$cross_cc_ppc64"}
 : ${cross_cc_cflags_ppc64le="-m64 -mlittle-endian"}
-: ${cross_cc_riscv64="riscv64-linux-gnu-gcc"}
-: ${cross_cc_s390x="s390x-linux-gnu-gcc"}
-: ${cross_cc_sh4="sh4-linux-gnu-gcc"}
-: ${cross_cc_sparc64="sparc64-linux-gnu-gcc"}
 : ${cross_cc_cflags_sparc64="-m64 -mcpu=ultrasparc"}
 : ${cross_cc_sparc="$cross_cc_sparc64"}
 : ${cross_cc_cflags_sparc="-m32 -mcpu=supersparc"}
-: ${cross_cc_x86_64="x86_64-linux-gnu-gcc"}
 : ${cross_cc_cflags_x86_64="-m64"}
 
-# tricore is special as it doesn't have a compiler
-: ${cross_as_tricore="tricore-as"}
-: ${cross_ld_tricore="tricore-ld"}
+compute_target_variable() {
+  if eval test -n "\"\${cross_prefix_$1}\""; then
+if eval has "\"\${cross_prefix_$1}\$3\""; then
+  eval "$2=\"\${cross_prefix_$1}\$3\""
+fi
+  fi
+}
 

[PULL 04/33] meson.build: fix summary display of test compilers

[Alex Bennée]

The recent refactoring of configure.sh dropped a number of variables
we relied on for printing out information. Make it simpler.

Fixes: eebf199c09 (tests/tcg: invoke Makefile.target directly from QEMU's 
makefile)
Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
Message-Id: <20220527153603.887929-5-alex.ben...@linaro.org>

diff --git a/meson.build b/meson.build
index bf318d9cbb..bc6234c85e 100644
--- a/meson.build
+++ b/meson.build
@@ -3735,12 +3735,8 @@ foreach target: target_dirs
 config_cross_tcg = keyval.load(tcg_mak)
 target = config_cross_tcg['TARGET_NAME']
 compiler = ''
-if 'DOCKER_CROSS_CC_GUEST' in config_cross_tcg
-  summary_info += {target + ' tests': 
config_cross_tcg['DOCKER_CROSS_CC_GUEST'] +
-  ' via ' + 
config_cross_tcg['DOCKER_IMAGE']}
-elif 'CROSS_CC_GUEST' in config_cross_tcg
-  summary_info += {target + ' tests'
-: config_cross_tcg['CROSS_CC_GUEST'] }
+if 'CC' in config_cross_tcg
+  summary_info += {target + ' tests': config_cross_tcg['CC']}
 endif
endif
 endforeach
-- 
2.30.2

[PULL 06/33] tests/docker: update debian-armhf-cross with lcitool

[Alex Bennée]

Use lcitool to update debian-armhf-cross to a Debian 11 based system.

Signed-off-by: Alex Bennée 
Reviewed-by: Daniel P. Berrangé 
Message-Id: <20220527153603.887929-7-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
index ac15fce9b6..4d1830f3fc 100644
--- a/.gitlab-ci.d/container-cross.yml
+++ b/.gitlab-ci.d/container-cross.yml
@@ -34,8 +34,7 @@ armel-debian-cross-container:
 
 armhf-debian-cross-container:
   extends: .container_job_template
-  stage: containers-layer2
-  needs: ['amd64-debian10-container']
+  stage: containers
   variables:
 NAME: debian-armhf-cross
 
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index ca2157db46..d6e0710554 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -90,7 +90,6 @@ endif
 
 docker-image-debian-alpha-cross: docker-image-debian10
 docker-image-debian-armel-cross: docker-image-debian10
-docker-image-debian-armhf-cross: docker-image-debian10
 docker-image-debian-hppa-cross: docker-image-debian10
 docker-image-debian-m68k-cross: docker-image-debian10
 docker-image-debian-mips-cross: docker-image-debian10
diff --git a/tests/docker/dockerfiles/debian-armhf-cross.docker 
b/tests/docker/dockerfiles/debian-armhf-cross.docker
index 25d7618833..a2ebce96f8 100644
--- a/tests/docker/dockerfiles/debian-armhf-cross.docker
+++ b/tests/docker/dockerfiles/debian-armhf-cross.docker
@@ -1,29 +1,165 @@
+# THIS FILE WAS AUTO-GENERATED
 #
-# Docker armhf cross-compiler target
+#  $ lcitool dockerfile --layers all --cross armv7l debian-11 qemu
 #
-# This docker target builds on the debian Stretch base image.
-#
-FROM qemu/debian10
+# https://gitlab.com/libvirt/libvirt-ci
 
-# Add the foreign architecture we want and install dependencies
-RUN dpkg --add-architecture armhf
-RUN apt update && \
-DEBIAN_FRONTEND=noninteractive eatmydata \
-apt install -y --no-install-recommends \
-crossbuild-essential-armhf
-RUN apt update && \
-DEBIAN_FRONTEND=noninteractive eatmydata \
-apt build-dep -yy -a armhf --arch-only qemu
+FROM docker.io/library/debian:11-slim
 
-# Specify the cross prefix for this image (see tests/docker/common.rc)
-ENV QEMU_CONFIGURE_OPTS --cross-prefix=arm-linux-gnueabihf-
-ENV DEF_TARGET_LIST arm-softmmu,arm-linux-user,armeb-linux-user
+RUN export DEBIAN_FRONTEND=noninteractive && \
+apt-get update && \
+apt-get install -y eatmydata && \
+eatmydata apt-get dist-upgrade -y && \
+eatmydata apt-get install --no-install-recommends -y \
+bash \
+bc \
+bsdextrautils \
+bzip2 \
+ca-certificates \
+ccache \
+dbus \
+debianutils \
+diffutils \
+exuberant-ctags \
+findutils \
+gcovr \
+genisoimage \
+gettext \
+git \
+hostname \
+libpcre2-dev \
+libspice-protocol-dev \
+llvm \
+locales \
+make \
+meson \
+ncat \
+ninja-build \
+openssh-client \
+perl-base \
+pkgconf \
+python3 \
+python3-numpy \
+python3-opencv \
+python3-pillow \
+python3-pip \
+python3-sphinx \
+python3-sphinx-rtd-theme \
+python3-venv \
+python3-yaml \
+rpm2cpio \
+sed \
+sparse \
+tar \
+tesseract-ocr \
+tesseract-ocr-eng \
+texinfo && \
+eatmydata apt-get autoremove -y && \
+eatmydata apt-get autoclean -y && \
+sed -Ei 's,^# (en_US\.UTF-8 .*)$,\1,' /etc/locale.gen && \
+dpkg-reconfigure locales
+
+ENV LANG "en_US.UTF-8"
+ENV MAKE "/usr/bin/make"
+ENV NINJA "/usr/bin/ninja"
+ENV PYTHON "/usr/bin/python3"
+ENV CCACHE_WRAPPERSDIR "/usr/libexec/ccache-wrappers"
 
-RUN apt update && \
-DEBIAN_FRONTEND=noninteractive eatmydata \
-apt install -y --no-install-recommends \
-libbz2-dev:armhf \
-liblzo2-dev:armhf \
-librdmacm-dev:armhf \
-libsnappy-dev:armhf \
-libxen-dev:armhf
+RUN export DEBIAN_FRONTEND=noninteractive && \
+dpkg --add-architecture armhf && \
+eatmydata apt-get update && \
+eatmydata apt-get dist-upgrade -y && \
+eatmydata apt-get install --no-install-recommends -y dpkg-dev && \
+eatmydata apt-get install --no-install-recommends -y \
+g++-arm-linux-gnueabihf \
+gcc-arm-linux-gnueabihf \
+libaio-dev:armhf \
+libasan5:armhf \
+libasound2-dev:armhf \
+libattr1-dev:armhf \
+libbpf-dev:armhf \
+libbrlapi-dev:armhf \
+libbz2-dev:armhf \
+libc6-dev:armhf \
+libcacard-dev:armhf \
+libcap-ng-dev:armhf \
+

[PULL 16/33] configure, meson: move symlinking of ROMs to meson

[Alex Bennée]

From: Paolo Bonzini 

This is useful because pc-bios/meson.build already has a list of all ROM
files, and thus does not need to use wildcards.  The problems with
wildcards are mentioned above the definition of the LINKS variable,
but then the recommendation is disattended.

Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
Message-Id: <20220517092616.1272238-6-pbonz...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-17-alex.ben...@linaro.org>

diff --git a/configure b/configure
index c88ef94fec..7b6adc29fe 100755
--- a/configure
+++ b/configure
@@ -2100,21 +2100,6 @@ LINKS="$LINKS tests/avocado tests/data"
 LINKS="$LINKS tests/qemu-iotests/check"
 LINKS="$LINKS python"
 LINKS="$LINKS contrib/plugins/Makefile "
-for bios_file in \
-$source_path/pc-bios/*.bin \
-$source_path/pc-bios/*.elf \
-$source_path/pc-bios/*.lid \
-$source_path/pc-bios/*.rom \
-$source_path/pc-bios/*.dtb \
-$source_path/pc-bios/*.img \
-$source_path/pc-bios/openbios-* \
-$source_path/pc-bios/u-boot.* \
-$source_path/pc-bios/palcode-* \
-$source_path/pc-bios/qemu_vga.ndrv
-
-do
-LINKS="$LINKS pc-bios/$(basename $bios_file)"
-done
 for f in $LINKS ; do
 if [ -e "$source_path/$f" ]; then
 mkdir -p `dirname ./$f`
diff --git a/pc-bios/meson.build b/pc-bios/meson.build
index c86dedf7df..41ba1c0ec7 100644
--- a/pc-bios/meson.build
+++ b/pc-bios/meson.build
@@ -23,7 +23,7 @@ if unpack_edk2_blobs
   endforeach
 endif
 
-blobs = files(
+blobs = [
   'bios.bin',
   'bios-256k.bin',
   'bios-microvm.bin',
@@ -83,11 +83,18 @@ blobs = files(
   'npcm7xx_bootrom.bin',
   'vof.bin',
   'vof-nvram.bin',
-)
+]
 
-if get_option('install_blobs')
-  install_data(blobs, install_dir: qemu_datadir)
-endif
+ln_s = [find_program('ln', required: true), '-sf']
+foreach f : blobs
+  roms += custom_target(f,
+build_by_default: have_system,
+output: f,
+input: files('meson.build'),# dummy input
+install: get_option('install_blobs'),
+install_dir: qemu_datadir,
+command: [ ln_s, meson.project_source_root() / 'pc-bios' / f, 
'@OUTPUT@' ])
+endforeach
 
 subdir('descriptors')
 subdir('keymaps')
-- 
2.30.2

[PULL 00/33] testing updates (gitlab, junit, lcitool, x-compile)

[Alex Bennée]

The following changes since commit 7077fcb9b68f058809c9dd9fd1dacae1881e886c:

  Merge tag 'vmbus-maint-20220530' of https://github.com/maciejsszmigiero/qemu 
into staging (2022-05-30 12:40:36 -0700)

are available in the Git repository at:

  https://github.com/stsquad/qemu.git tags/pull-testing-next-010622-3

for you to fetch changes up to 7266ecce502c31387a3cbf83d7297bc9cf27b139:

  docs/devel: clean-up the CI links in the docs (2022-06-01 18:55:04 +0100)


Various testing updates

  - fix some gitlab container dependencies
  - report meson test results via JUnit
  - fix meson display of enabled cross compilers
  - convert more cross build containers to lcitool and Debian 11
  - re-factor cross compiler detection
  - use test cross-compilers for building ROMs
  - disable CI runs by default (see docs)
  - fix some broken links in development documentation


Alex Bennée (9):
  meson.build: fix summary display of test compilers
  tests/lcitool: fix up indentation to correct style
  tests/docker: update debian-armhf-cross with lcitool
  tests/docker: update debian-armel-cross with lcitool
  tests/docker: update debian-mipsel-cross with lcitool
  tests/docker: update debian-mips64el-cross with lcitool
  tests/docker: update debian-ppc64el-cross with lcitool
  tests/docker: update debian-amd64 with lcitool
  docs/devel: clean-up the CI links in the docs

Daniel P. Berrangé (5):
  gitlab: introduce a common base job template
  gitlab: convert Cirrus jobs to .base_job_template
  gitlab: convert static checks to .base_job_template
  gitlab: convert build/container jobs to .base_job_template
  gitlab: don't run CI jobs in forks by default

Marc-André Lureau (1):
  gitlab-ci: add meson JUnit test result into report

Paolo Bonzini (16):
  configure: do not define or use the CPP variable
  build: clean up ninja invocation
  build: add a more generic way to specify make->ninja dependencies
  build: do a full build before running TCG tests
  configure, meson: move symlinking of ROMs to meson
  tests/tcg: correct target CPU for sparc32
  tests/tcg: merge configure.sh back into main configure script
  configure: add missing cross compiler fallbacks
  configure: handle host compiler in probe_target_compiler
  configure: introduce --cross-prefix-*=
  configure: include more binutils in tests/tcg makefile
  configure: move symlink configuration earlier
  configure: enable cross-compilation of s390-ccw
  configure: enable cross-compilation of optionrom
  configure: enable cross compilation of vof
  configure: remove unused variables from config-host.mak

Thomas Huth (2):
  .gitlab-ci.d/container-cross: Fix RISC-V container dependencies / stages
  .gitlab-ci.d/crossbuilds: Fix the dependency of the cross-i386-tci job

 docs/devel/ci-jobs.rst.inc | 116 +++-
 docs/devel/ci.rst  |  11 +-
 docs/devel/submitting-a-patch.rst  |  36 +-
 docs/devel/testing.rst |   2 +
 configure  | 606 ++---
 Makefile   |   9 +-
 pc-bios/s390-ccw/netboot.mak   |   2 +-
 meson.build|   8 +-
 .gitlab-ci.d/base.yml  |  72 +++
 .gitlab-ci.d/buildtest-template.yml|  18 +-
 .gitlab-ci.d/buildtest.yml |  28 +-
 .gitlab-ci.d/cirrus.yml|  16 +-
 .gitlab-ci.d/container-cross.yml   |  24 +-
 .gitlab-ci.d/container-template.yml|   1 +
 .gitlab-ci.d/containers.yml|   3 +-
 .gitlab-ci.d/crossbuild-template.yml   |   3 +
 .gitlab-ci.d/crossbuilds.yml   |   2 +
 .gitlab-ci.d/qemu-project.yml  |   1 +
 .gitlab-ci.d/static_checks.yml |  19 +-
 .gitlab-ci.d/windows.yml   |   1 +
 pc-bios/meson.build|  17 +-
 pc-bios/optionrom/Makefile |   4 +-
 pc-bios/s390-ccw/Makefile  |   9 +-
 pc-bios/vof/Makefile   |  17 +-
 scripts/mtest2make.py  |   8 +-
 tests/Makefile.include |   4 +-
 tests/docker/Makefile.include  |   5 -
 tests/docker/dockerfiles/debian-amd64.docker   | 194 +--
 tests/docker/dockerfiles/debian-armel-cross.docker | 178 +-
 tests/docker/dockerfiles/debian-armhf-cross.docker | 184 ++-
 .../dockerfiles/debian-mips64el-cross.docker   | 177 +-
 .../docker/dockerfiles/debian-mipsel-cross.docker  | 179 +-
 

[PULL 03/33] gitlab-ci: add meson JUnit test result into report

[Alex Bennée]

From: Marc-André Lureau 

This allows the gitlab UI to show the test results in different ways,
see doc:

  https://docs.gitlab.com/ee/ci/unit_test_reports.html#how-it-works

Previous we only reports avocado test results (.avocado_test_job_template),
with this change, the qemu/meson tests are also covered.

Signed-off-by: Marc-André Lureau 
Message-Id: <20220525173411.612224-1-marcandre.lur...@redhat.com>
[AJB: expand the commit description]
Signed-off-by: Alex Bennée 
Reviewed-by: Thomas Huth 
Message-Id: <20220527153603.887929-4-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/buildtest-template.yml 
b/.gitlab-ci.d/buildtest-template.yml
index dc6d67aacf..b381345dbc 100644
--- a/.gitlab-ci.d/buildtest-template.yml
+++ b/.gitlab-ci.d/buildtest-template.yml
@@ -44,6 +44,8 @@
 expire_in: 7 days
 paths:
   - build/meson-logs/testlog.txt
+reports:
+  junit: build/meson-logs/testlog.junit.xml
 
 .avocado_test_job_template:
   extends: .common_test_job_template
-- 
2.30.2

[PULL 02/33] .gitlab-ci.d/crossbuilds: Fix the dependency of the cross-i386-tci job

[Alex Bennée]

From: Thomas Huth 

The cross-i386-tci job uses the fedora-i386-cross image, so we should make sure
that the corresponding job that builds it (the i386-fedora-cross-container job)
has finished before we start the TCI job.

Signed-off-by: Thomas Huth 
Reviewed-by: Richard Henderson 
Message-Id: <20220524092600.89997-1-th...@redhat.com>
Signed-off-by: Alex Bennée 
Message-Id: <20220527153603.887929-3-alex.ben...@linaro.org>

diff --git a/.gitlab-ci.d/crossbuilds.yml b/.gitlab-ci.d/crossbuilds.yml
index 17d6cb3e45..4a5fb6ea2a 100644
--- a/.gitlab-ci.d/crossbuilds.yml
+++ b/.gitlab-ci.d/crossbuilds.yml
@@ -62,6 +62,8 @@ cross-i386-user:
 cross-i386-tci:
   extends: .cross_accel_build_job
   timeout: 60m
+  needs:
+job: i386-fedora-cross-container
   variables:
 IMAGE: fedora-i386-cross
 ACCEL: tcg-interpreter
-- 
2.30.2

Re: [PATCH v10 13/14] vfio-user: handle device interrupts

[Jag Raman]

> On Jun 1, 2022, at 1:26 PM, Alex Williamson  
> wrote:
> 
> On Wed, 1 Jun 2022 17:00:54 +
> Jag Raman  wrote:
>> 
>> Hi Alex,
>> 
>> Just to add some more detail, the emulated PCI device in QEMU presently
>> maintains a MSIx table (PCIDevice->msix_table) and Pending Bit Array. In the
>> present VFIO PCI device implementation, QEMU leverages the same
>> MSIx table for interrupt masking/unmasking. The backend PCI device (such as
>> the passthru device) always thinks that the interrupt is unmasked and lets
>> QEMU manage masking.
>> 
>> Whereas in the vfio-user case, the client additionally pushes a copy of
>> emulated PCI device’s table downstream to the remote device. We did this
>> to allow a small set of devices (such as e1000e) to clear the
>> PBA (msix_clr_pending()). Secondly, the remote device uses its copy of the
>> MSIx table to determine if interrupt should be triggered - this would prevent
>> an interrupt from being sent to the client unnecessarily if it's masked.
>> 
>> We are wondering if pushing the MSIx table to the remote device and
>> reading PBA from it would diverge from the VFIO protocol specification?
>> 
>> From your comment, I understand it’s similar to VFIO protocol because VFIO
>> clients could mask an interrupt using VFIO_DEVICE_SET_IRQS ioctl +
>> VFIO_IRQ_SET_ACTION_MASK / _UNMASK flags. I observed that QEMU presently
>> does not use this approach and the kernel does not support it for MSI.
> 
> I believe the SET_IRQS ioctl definition is pre-enabled to support
> masking and unmasking, we've just lacked kernel support to mask at the
> device which leads to the hybrid approach we have today.  Our intention
> would be to use the current uAPI, to provide that masking support, at
> which point we'd leave the PBA mapped to the device.

Thank you for clarifying!

> 
> So whether your proposal diverges from the VFIO uAPI depends on what
> you mean by "pushing the MSIx table to the remote device".  If that's
> done by implementing the existing SET_IRQS masking support, then you're
> spot on.  OTOH, if you're actually pushing a copy of the MSIx table
> from the client, that's certainly not how I had envisioned the kernel

In the current implementation - when the guest accesses the MSIx table and
PBA, the client passes these accesses through to the remote device.

If we switch to using SET_IRQS approach, we could use SET_IRQS
message for masking/unmasking, but still pass through the the PBA
access to the backend PCI device.

So I think the question is, if we should switch vfio-user to SET_IRQS
now for masking or unmasking, or whenever QEMU does it in the future?
The PBA access would remain the same as it’s now - via device BAR.

Thank you!
--
Jag

> interface.  Thanks,
> 
> Alex
> 

Re: [RFC PATCH 00/13] Add a plugin to support out-of-band live migration for VFIO pass-through device

[Alex Williamson]

On Wed, 1 Jun 2022 17:09:25 +
"Dong, Eddie"  wrote:

> > -Original Message-
> > From: Qemu-devel  > bounces+eddie.dong=intel@nongnu.org> On Behalf Of Alex Williamson  
> > On Tue, 24 May 2022 14:18:35 +0800
> > Lei Rao  wrote:
> > > This proposal adopts a plugin mechanism (an example can be found in
> > > [1]) given that IPU/DPU vendors usually implement proprietary
> > > migration interfaces without a standard. But we are also open if an
> > > alternative option makes better sense, e.g. via loadable modules (with
> > > Qemu supporting gRPC or JSON-RPC support) or an IPC mechanism similar  
> > to vhost-user.
> > 
> > AFAIU, QEMU is not interested in supporting plugin modules, especially
> > proprietary ones.  I don't see that a case has really been made that this
> > cannot be done in-band, through a vfio-pci variant driver, possibly making
> > use of proprietary interfaces to a userspace agent if necessary (though
> > please don't ask such to be accepted in-tree for the kernel either).  A 
> > vfio-
> > user device server might also host such proprietary, device specific agents
> > while supporting the standard, in-band migration interface.  Thanks,
> >   
> 
> Thanks Alex. Removing plug-in module is not a problem.
> 
> Do you mean to implement the migration and protocol handling inside
> Qemu-client (probably vfio-client after the VFIO-user is merged)? Or
> to build as part of libvfio-user? We can also build it as a separate
> process of Qemu-server as part of Multi-Process Qemu.

AIUI, the QEMU "client" in a vfio-user configuration is simply QEMU
itself.  The vfio-user "server" provides the actual device
implementation, which could support different license models, depending
on what libraries or existing code is incorporated to implement that
server.  The QEMU remote machine type is simply a QEMU-based
implementation of a vfio-user server.  The vfio-user server is analogous
to a vfio-pci variant driver in the kernel/ioctl interface model.  The
vfio-user client should be device agnostic, possibly with similar
exceptions we have today via device specific quirk handling for the
vfio kernel interface.

> In here, the protocol between host CPU and SoC is based on gRPC,
> which support Rust code in client (Host CPU side here) more than
> C/C++. Do you have any suggestion to better support Rust code with
> Qemu C/C++ code? 

I'm not qualified to provide suggestions regarding Rust code
integration with QEMU, but I think that's only required if the device
specific migration support is on the "client".  As above, I don't think
that's the correct model, the vfio migration protocol is meant to
support any device specific requirements on the device end of the
connection, ie. the "server" end for vfio-user, which can be an
entirely separate, non-QEMU based process.  I think there are also ways
to write kernel drivers in Rust, so possibly a kernel interface
vfio-pci variant driver could also work.  Thanks,

Alex

Re: [PATCH v10 13/14] vfio-user: handle device interrupts

[Alex Williamson]

On Wed, 1 Jun 2022 17:00:54 +
Jag Raman  wrote:
> 
> Hi Alex,
> 
> Just to add some more detail, the emulated PCI device in QEMU presently
> maintains a MSIx table (PCIDevice->msix_table) and Pending Bit Array. In the
> present VFIO PCI device implementation, QEMU leverages the same
> MSIx table for interrupt masking/unmasking. The backend PCI device (such as
> the passthru device) always thinks that the interrupt is unmasked and lets
> QEMU manage masking.
> 
> Whereas in the vfio-user case, the client additionally pushes a copy of
> emulated PCI device’s table downstream to the remote device. We did this
> to allow a small set of devices (such as e1000e) to clear the
> PBA (msix_clr_pending()). Secondly, the remote device uses its copy of the
> MSIx table to determine if interrupt should be triggered - this would prevent
> an interrupt from being sent to the client unnecessarily if it's masked.
> 
> We are wondering if pushing the MSIx table to the remote device and
> reading PBA from it would diverge from the VFIO protocol specification?
> 
> From your comment, I understand it’s similar to VFIO protocol because VFIO
> clients could mask an interrupt using VFIO_DEVICE_SET_IRQS ioctl +
> VFIO_IRQ_SET_ACTION_MASK / _UNMASK flags. I observed that QEMU presently
> does not use this approach and the kernel does not support it for MSI.

I believe the SET_IRQS ioctl definition is pre-enabled to support
masking and unmasking, we've just lacked kernel support to mask at the
device which leads to the hybrid approach we have today.  Our intention
would be to use the current uAPI, to provide that masking support, at
which point we'd leave the PBA mapped to the device.

So whether your proposal diverges from the VFIO uAPI depends on what
you mean by "pushing the MSIx table to the remote device".  If that's
done by implementing the existing SET_IRQS masking support, then you're
spot on.  OTOH, if you're actually pushing a copy of the MSIx table
from the client, that's certainly not how I had envisioned the kernel
interface.  Thanks,

Alex

[PATCH v3 3/4] xlnx_dp: Fix the interrupt disable logic

[frederic.konrad]

From: Sai Pavan Boddu 

Fix interrupt disable logic. Mask value 1 indicates that interrupts are
disabled.

Signed-off-by: Sai Pavan Boddu 
Reviewed-by: Edgar E. Iglesias 
Signed-off-by: Frederic Konrad 
---
 hw/display/xlnx_dp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c
index d0bea512bd..eed705219e 100644
--- a/hw/display/xlnx_dp.c
+++ b/hw/display/xlnx_dp.c
@@ -889,7 +889,7 @@ static void xlnx_dp_write(void *opaque, hwaddr offset, 
uint64_t value,
 xlnx_dp_update_irq(s);
 break;
 case DP_INT_DS:
-s->core_registers[DP_INT_MASK] |= ~value;
+s->core_registers[DP_INT_MASK] |= value;
 xlnx_dp_update_irq(s);
 break;
 default:
-- 
2.25.1

[PATCH v3 4/4] xlnx-zynqmp: fix the irq mapping for the display port and its dma

[frederic.konrad]

From: Frederic Konrad 

When the display port has been initially implemented the device driver wasn't
using interrupts.  Now that the display port driver waits for vblank interrupt
it has been noticed that the irq mapping is wrong.  So use the value from the
linux device tree and the ultrascale+ reference manual.

Signed-off-by: Frederic Konrad 
Reviewed-by: Edgar E. Iglesias 
---
 hw/arm/xlnx-zynqmp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
index 375309e68e..383e177a00 100644
--- a/hw/arm/xlnx-zynqmp.c
+++ b/hw/arm/xlnx-zynqmp.c
@@ -60,10 +60,10 @@
 #define SERDES_SIZE 0x2
 
 #define DP_ADDR 0xfd4a
-#define DP_IRQ  113
+#define DP_IRQ  0x77
 
 #define DPDMA_ADDR  0xfd4c
-#define DPDMA_IRQ   116
+#define DPDMA_IRQ   0x7a
 
 #define APU_ADDR0xfd5c
 #define APU_IRQ 153
-- 
2.25.1

[PATCH v3 2/4] xlnx_dp: Introduce a vblank signal

[frederic.konrad]

From: Sai Pavan Boddu 

Add a periodic timer which raises vblank at a frequency of 30Hz.

Signed-off-by: Sai Pavan Boddu 
Signed-off-by: Edgar E. Iglesias 
Changes by fkonrad:
  - Switched to transaction-based ptimer API.
  - Added the DP_INT_VBLNK_START macro.
Signed-off-by: Frederic Konrad 
---
 hw/display/xlnx_dp.c | 28 +---
 include/hw/display/xlnx_dp.h |  3 +++
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c
index 0378570459..d0bea512bd 100644
--- a/hw/display/xlnx_dp.c
+++ b/hw/display/xlnx_dp.c
@@ -114,6 +114,7 @@
 #define DP_TX_N_AUD (0x032C >> 2)
 #define DP_TX_AUDIO_EXT_DATA(n) ((0x0330 + 4 * n) >> 2)
 #define DP_INT_STATUS   (0x03A0 >> 2)
+#define DP_INT_VBLNK_START  (1 << 13)
 #define DP_INT_MASK (0x03A4 >> 2)
 #define DP_INT_EN   (0x03A8 >> 2)
 #define DP_INT_DS   (0x03AC >> 2)
@@ -270,10 +271,15 @@ static const VMStateDescription vmstate_dp = {
  DP_VBLEND_REG_ARRAY_SIZE),
 VMSTATE_UINT32_ARRAY(audio_registers, XlnxDPState,
  DP_AUDIO_REG_ARRAY_SIZE),
+VMSTATE_PTIMER(vblank, XlnxDPState),
 VMSTATE_END_OF_LIST()
 }
 };
 
+#define DP_VBLANK_PTIMER_POLICY (PTIMER_POLICY_WRAP_AFTER_ONE_PERIOD | \
+ PTIMER_POLICY_CONTINUOUS_TRIGGER |\
+ PTIMER_POLICY_NO_IMMEDIATE_TRIGGER)
+
 static void xlnx_dp_update_irq(XlnxDPState *s);
 
 static uint64_t xlnx_dp_audio_read(void *opaque, hwaddr offset, unsigned size)
@@ -773,6 +779,13 @@ static void xlnx_dp_write(void *opaque, hwaddr offset, 
uint64_t value,
 break;
 case DP_TRANSMITTER_ENABLE:
 s->core_registers[offset] = value & 0x01;
+ptimer_transaction_begin(s->vblank);
+if (value & 0x1) {
+ptimer_run(s->vblank, 0);
+} else {
+ptimer_stop(s->vblank);
+}
+ptimer_transaction_commit(s->vblank);
 break;
 case DP_FORCE_SCRAMBLER_RESET:
 /*
@@ -1177,9 +1190,6 @@ static void xlnx_dp_update_display(void *opaque)
 return;
 }
 
-s->core_registers[DP_INT_STATUS] |= (1 << 13);
-xlnx_dp_update_irq(s);
-
 xlnx_dpdma_trigger_vsync_irq(s->dpdma);
 
 /*
@@ -1275,6 +1285,14 @@ static void xlnx_dp_finalize(Object *obj)
 fifo8_destroy(>rx_fifo);
 }
 
+static void vblank_hit(void *opaque)
+{
+XlnxDPState *s = XLNX_DP(opaque);
+
+s->core_registers[DP_INT_STATUS] |= DP_INT_VBLNK_START;
+xlnx_dp_update_irq(s);
+}
+
 static void xlnx_dp_realize(DeviceState *dev, Error **errp)
 {
 XlnxDPState *s = XLNX_DP(dev);
@@ -1309,6 +1327,10 @@ static void xlnx_dp_realize(DeviceState *dev, Error 
**errp)
);
 AUD_set_volume_out(s->amixer_output_stream, 0, 255, 255);
 xlnx_dp_audio_activate(s);
+s->vblank = ptimer_init(vblank_hit, s, DP_VBLANK_PTIMER_POLICY);
+ptimer_transaction_begin(s->vblank);
+ptimer_set_freq(s->vblank, 30);
+ptimer_transaction_commit(s->vblank);
 }
 
 static void xlnx_dp_reset(DeviceState *dev)
diff --git a/include/hw/display/xlnx_dp.h b/include/hw/display/xlnx_dp.h
index 1ef5a89ee7..e86a87f235 100644
--- a/include/hw/display/xlnx_dp.h
+++ b/include/hw/display/xlnx_dp.h
@@ -35,6 +35,7 @@
 #include "hw/dma/xlnx_dpdma.h"
 #include "audio/audio.h"
 #include "qom/object.h"
+#include "hw/ptimer.h"
 
 #define AUD_CHBUF_MAX_DEPTH (32 * KiB)
 #define MAX_QEMU_BUFFER_SIZE(4 * KiB)
@@ -107,6 +108,8 @@ struct XlnxDPState {
  */
 DPCDState *dpcd;
 I2CDDCState *edid;
+
+ptimer_state *vblank;
 };
 
 #define TYPE_XLNX_DP "xlnx.v-dp"
-- 
2.25.1

[PATCH v3 1/4] xlnx_dp: fix the wrong register size

[frederic.konrad]

From: Frederic Konrad 

The core and the vblend registers size are wrong, they should respectively be
0x3B0 and 0x1E0 according to:
  
https://www.xilinx.com/htmldocs/registers/ug1087/ug1087-zynq-ultrascale-registers.html.

Let's fix that and use macros when creating the mmio region.

Fixes: 58ac482a66d ("introduce xlnx-dp")
Signed-off-by: Frederic Konrad 
Reviewed-by: Edgar E. Iglesias 
---
 hw/display/xlnx_dp.c | 17 ++---
 include/hw/display/xlnx_dp.h |  9 +++--
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c
index 9bb781e312..0378570459 100644
--- a/hw/display/xlnx_dp.c
+++ b/hw/display/xlnx_dp.c
@@ -1219,19 +1219,22 @@ static void xlnx_dp_init(Object *obj)
 SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
 XlnxDPState *s = XLNX_DP(obj);
 
-memory_region_init(>container, obj, TYPE_XLNX_DP, 0xC050);
+memory_region_init(>container, obj, TYPE_XLNX_DP, DP_CONTAINER_SIZE);
 
 memory_region_init_io(>core_iomem, obj, _ops, s, TYPE_XLNX_DP
-  ".core", 0x3AF);
-memory_region_add_subregion(>container, 0x, >core_iomem);
+  ".core", sizeof(s->core_registers));
+memory_region_add_subregion(>container, DP_CORE_REG_OFFSET,
+>core_iomem);
 
 memory_region_init_io(>vblend_iomem, obj, _ops, s, TYPE_XLNX_DP
-  ".v_blend", 0x1DF);
-memory_region_add_subregion(>container, 0xA000, >vblend_iomem);
+  ".v_blend", sizeof(s->vblend_registers));
+memory_region_add_subregion(>container, DP_VBLEND_REG_OFFSET,
+>vblend_iomem);
 
 memory_region_init_io(>avbufm_iomem, obj, _ops, s, TYPE_XLNX_DP
-  ".av_buffer_manager", 0x238);
-memory_region_add_subregion(>container, 0xB000, >avbufm_iomem);
+  ".av_buffer_manager", sizeof(s->avbufm_registers));
+memory_region_add_subregion(>container, DP_AVBUF_REG_OFFSET,
+>avbufm_iomem);
 
 memory_region_init_io(>audio_iomem, obj, _ops, s, TYPE_XLNX_DP
   ".audio", sizeof(s->audio_registers));
diff --git a/include/hw/display/xlnx_dp.h b/include/hw/display/xlnx_dp.h
index 8ab4733bb8..1ef5a89ee7 100644
--- a/include/hw/display/xlnx_dp.h
+++ b/include/hw/display/xlnx_dp.h
@@ -39,10 +39,15 @@
 #define AUD_CHBUF_MAX_DEPTH (32 * KiB)
 #define MAX_QEMU_BUFFER_SIZE(4 * KiB)
 
-#define DP_CORE_REG_ARRAY_SIZE  (0x3AF >> 2)
+#define DP_CORE_REG_OFFSET  (0x)
+#define DP_CORE_REG_ARRAY_SIZE  (0x3B0 >> 2)
+#define DP_AVBUF_REG_OFFSET (0xB000)
 #define DP_AVBUF_REG_ARRAY_SIZE (0x238 >> 2)
-#define DP_VBLEND_REG_ARRAY_SIZE(0x1DF >> 2)
+#define DP_VBLEND_REG_OFFSET(0xA000)
+#define DP_VBLEND_REG_ARRAY_SIZE(0x1E0 >> 2)
+#define DP_AUDIO_REG_OFFSET (0xC000)
 #define DP_AUDIO_REG_ARRAY_SIZE (0x50 >> 2)
+#define DP_CONTAINER_SIZE   (0xC050)
 
 struct PixmanPlane {
 pixman_format_code_t format;
-- 
2.25.1

[PATCH v3 0/4] xlnx-zcu102: fix the display port.

[frederic.konrad]

From: Frederic Konrad 

Hi,

This patch set fixes some issues with the DisplayPort for the ZCU102:

The first patch fixes the wrong register size and thus the risk of register
overflow.

The three other one add a vblank interrupt required by the linux driver:
  - When using the VNC graphic backend and leaving it unconnected, in the best
case the gfx_update callback is called once every 3000ms which is
insufficient for the driver.  This is fixed by providing a VBLANK interrupt
from a ptimer.
  - This requirement revealed two issues with the IRQ numbers and the
interrupt disable logic fixed by the two last patches.

Tested by:
  - booting Petalinux with the framebuffer enabled.
  - migrating the running guest and ensure that the vblank timer still fire 
correctly.

Best Regards,
Fred

v2 -> v3:
  * Added a VMSTATE in order to migrate the vblank timer as suggested
by Peter Maydell (Patch 2).
  * Rebased on 0cac736e.
v1 -> v2:
  * Better use of the ptimer API by using a correct POLICY as suggested
by Peter Maydell (Patch 2).
  * Rebased on 78ac2eeb.

Frederic Konrad (2):
  xlnx_dp: fix the wrong register size
  xlnx-zynqmp: fix the irq mapping for the display port and its dma

Sai Pavan Boddu (2):
  xlnx_dp: Introduce a vblank signal
  xlnx_dp: Fix the interrupt disable logic

 hw/arm/xlnx-zynqmp.c |  4 +--
 hw/display/xlnx_dp.c | 47 +++-
 include/hw/display/xlnx_dp.h | 12 +++--
 3 files changed, 48 insertions(+), 15 deletions(-)

-- 
2.25.1

Re: [PATCH v10 13/14] vfio-user: handle device interrupts

[Jag Raman]

On May 31, 2022, at 5:45 PM, Alex Williamson 
mailto:alex.william...@redhat.com>> wrote:

On Tue, 31 May 2022 22:03:14 +0100
Stefan Hajnoczi mailto:stefa...@gmail.com>> wrote:

On Tue, 31 May 2022 at 21:11, Alex Williamson
mailto:alex.william...@redhat.com>> wrote:

On Tue, 31 May 2022 15:01:57 +
Jag Raman mailto:jag.ra...@oracle.com>> wrote:

On May 25, 2022, at 10:53 AM, Stefan Hajnoczi 
mailto:stefa...@redhat.com>> wrote:

On Tue, May 24, 2022 at 11:30:32AM -0400, Jagannathan Raman wrote:
Forward remote device's interrupts to the guest

Signed-off-by: Elena Ufimtseva 
mailto:elena.ufimts...@oracle.com>>
Signed-off-by: John G Johnson 
mailto:john.g.john...@oracle.com>>
Signed-off-by: Jagannathan Raman 
mailto:jag.ra...@oracle.com>>
---
include/hw/pci/pci.h  |  13 
include/hw/remote/vfio-user-obj.h |   6 ++
hw/pci/msi.c  |  16 ++--
hw/pci/msix.c |  10 ++-
hw/pci/pci.c  |  13 
hw/remote/machine.c   |  14 +++-
hw/remote/vfio-user-obj.c | 123 ++
stubs/vfio-user-obj.c |   6 ++
MAINTAINERS   |   1 +
hw/remote/trace-events|   1 +
stubs/meson.build |   1 +
11 files changed, 193 insertions(+), 11 deletions(-)
create mode 100644 include/hw/remote/vfio-user-obj.h
create mode 100644 stubs/vfio-user-obj.c

It would be great if Michael Tsirkin and Alex Williamson would review
this.

Hi Michael and Alex,

Do you have any thoughts on this patch?

Ultimately this is just how to insert callbacks to replace the default
MSI/X triggers so you can send a vector# over the wire for a remote
machine, right?  I'll let the code owners, Michael and Marcel, comment
if they have grand vision how to architect this differently.  Thanks,

An earlier version of the patch intercepted MSI-X at the msix_notify()
level, replacing the entire function. This patch replaces
msix_get_message() and msi_send_message(), leaving the masking logic
in place.

I haven't seen the latest vfio-user client implementation for QEMU,
but if the idea is to allow the guest to directly control the
vfio-user device's MSI-X table's mask bits, then I think this is a
different design from VFIO kernel where masking is emulated by QEMU
and not passed through to the PCI device.

Essentially what's happening here is an implementation of an interrupt
handler callback in the remote QEMU instance.  The default handler is
to simply write the MSI message data at the MSI message address of the
vCPU, vfio-user replaces that with hijacking the MSI message itself to
simply report the vector# so that the "handler", ie. trigger, can
forward it to the client.  That's very analogous to the kernel
implementation.

The equivalent masking we have today with vfio kernel would happen on
the client side, where the MSI/X code might instead set a pending bit
if the vector is masked on the client.  Likewise the possibility
remains, just as it does on the kernel side, that the guest masking a
vector could be relayed over ioctl/socket to set the equivalent mask on
the host/remote.

Hi Alex,

Just to add some more detail, the emulated PCI device in QEMU presently
maintains a MSIx table (PCIDevice->msix_table) and Pending Bit Array. In the
present VFIO PCI device implementation, QEMU leverages the same
MSIx table for interrupt masking/unmasking. The backend PCI device (such as
the passthru device) always thinks that the interrupt is unmasked and lets
QEMU manage masking.

Whereas in the vfio-user case, the client additionally pushes a copy of
emulated PCI device’s table downstream to the remote device. We did this
to allow a small set of devices (such as e1000e) to clear the
PBA (msix_clr_pending()). Secondly, the remote device uses its copy of the
MSIx table to determine if interrupt should be triggered - this would prevent
an interrupt from being sent to the client unnecessarily if it's masked.

We are wondering if pushing the MSIx table to the remote device and
reading PBA from it would diverge from the VFIO protocol specification?

From your comment, I understand it’s similar to VFIO protocol because VFIO
clients could mask an interrupt using VFIO_DEVICE_SET_IRQS ioctl +
VFIO_IRQ_SET_ACTION_MASK / _UNMASK flags. I observed that QEMU presently
does not use this approach and the kernel does not support it for MSI.

Thank you!
--
Jag

RE: [RFC PATCH 00/13] Add a plugin to support out-of-band live migration for VFIO pass-through device

[Dong, Eddie]

> -Original Message-
> From: Qemu-devel  bounces+eddie.dong=intel@nongnu.org> On Behalf Of Alex Williamson
> Sent: Thursday, May 26, 2022 11:44 AM
> To: Rao, Lei 
> Cc: Tian, Kevin ; Dong, Eddie
> ; Zeng, Jason ;
> quint...@redhat.com; dgilb...@redhat.com; Li, Yadong
> ; Liu, Yi L ; qemu-
> de...@nongnu.org
> Subject: Re: [RFC PATCH 00/13] Add a plugin to support out-of-band live
> migration for VFIO pass-through device
> 
> On Tue, 24 May 2022 14:18:35 +0800
> Lei Rao  wrote:
> 
> > Migration of a VFIO passthrough device can be supported by using a
> > device specific kernel driver to save/restore the device state thru
> > device specific interfaces. But this approach doesn't work for devices
> > that lack a state migration interface, e.g. NVMe.
> >
> > On the other hand, Infrastructure Process Unit (IPU) or Data
> > Processing Unit
> > (DPU) vendors may choose to implement an out-of-band interface from
> > the SoC to help manage the state of such non-migratable devices e.g.
> > via gRPC or JSON-RPC protocols.
> >
> > This RFC attempts to support such out-of-band migration interface by
> > introducing the concept of migration backends in vfio. The existing
> > logic around vfio migration uAPI is now called the 'local' backend while a
> new 'out-of-band'
> > backend is further introduced allowing vfio to redirect VMState ops to
> > an external plugin.
> >
> > Currently, the backend migration Ops is defined close to
> > SaveVMHandlers. We also considered whether there is value of
> > abstracting it in a lower level e.g. close to vfio migration uAPI but
> > no clear conclusion. Hence this is one part which we'd like to hear
> suggestions.
> >
> > This proposal adopts a plugin mechanism (an example can be found in
> > [1]) given that IPU/DPU vendors usually implement proprietary
> > migration interfaces without a standard. But we are also open if an
> > alternative option makes better sense, e.g. via loadable modules (with
> > Qemu supporting gRPC or JSON-RPC support) or an IPC mechanism similar
> to vhost-user.
> 
> AFAIU, QEMU is not interested in supporting plugin modules, especially
> proprietary ones.  I don't see that a case has really been made that this
> cannot be done in-band, through a vfio-pci variant driver, possibly making
> use of proprietary interfaces to a userspace agent if necessary (though
> please don't ask such to be accepted in-tree for the kernel either).  A vfio-
> user device server might also host such proprietary, device specific agents
> while supporting the standard, in-band migration interface.  Thanks,
> 

Thanks Alex. Removing plug-in module is not a problem.

Do you mean to implement the migration and protocol handling inside Qemu-client 
(probably vfio-client after the VFIO-user is merged)? Or to build as part of 
libvfio-user? We can also build it as a separate process of Qemu-server as part 
of Multi-Process Qemu.

In here, the protocol between host CPU and SoC is based on gRPC, which support 
Rust code in client (Host CPU side here) more than C/C++. Do you have any 
suggestion to better support Rust code with Qemu C/C++ code? 


Thx Eddie




> Alex
> 
> >
> > The following graph describes the overall component relationship:
> >
> >  ++
> >  | QEMU   |
> >  | ++ |
> >  | |VFIO Live Migration Framework   | |
> >  | |+--+| |
> >  | || VFIOMigrationOps || |
> >  | |+---^-^+| |
> >  | || | | |
> >  | |+---v---+ +---v+| |
> >  | || LM Backend Via| | LM Backend Via || |
> >  | ||   Device Fd   | |Plugins || |
> >  | |+---^---+ | +--+| |
> >  | || | |Plugin Ops++-++
> >  | || +-+--+| ||
> >  | ||   | |  
> > +-v--+
> >  | ++---+ |  |  Vendor Specific 
> >   |
> >  |  | |  |Plugins(.so)  
> >   |
> >  +--+-+  
> > +--+-+
> >   UserSpace |   |
> > +-  |
> >   Kernel|   |
> > |   |
> >  +--v--+|
> >  |Kernel VFIO Driver   ||
> >  |+-+  ||
> >  ||

[PATCH v10 14/16] target/hexagon: import parser for idef-parser

[Anton Johansson via]

Signed-off-by: Alessandro Di Federico 
Signed-off-by: Paolo Montesel 
Signed-off-by: Anton Johansson 
Reviewed-by: Taylor Simpson 
---
 target/hexagon/idef-parser/idef-parser.y|  961 
 target/hexagon/idef-parser/parser-helpers.c | 2346 +++
 target/hexagon/idef-parser/parser-helpers.h |  372 +++
 target/hexagon/meson.build  |   25 +
 4 files changed, 3704 insertions(+)
 create mode 100644 target/hexagon/idef-parser/idef-parser.y
 create mode 100644 target/hexagon/idef-parser/parser-helpers.c
 create mode 100644 target/hexagon/idef-parser/parser-helpers.h

diff --git a/target/hexagon/idef-parser/idef-parser.y 
b/target/hexagon/idef-parser/idef-parser.y
new file mode 100644
index 00..096cca2d17
--- /dev/null
+++ b/target/hexagon/idef-parser/idef-parser.y
@@ -0,0 +1,961 @@
+%{
+/*
+ *  Copyright(c) 2019-2022 rev.ng Labs Srl. All Rights Reserved.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "idef-parser.h"
+#include "parser-helpers.h"
+#include "idef-parser.tab.h"
+#include "idef-parser.yy.h"
+
+/* Uncomment this to disable yyasserts */
+/* #define NDEBUG */
+
+#define ERR_LINE_CONTEXT 40
+
+%}
+
+%lex-param {void *scanner}
+%parse-param {void *scanner}
+%parse-param {Context *c}
+
+%define parse.error verbose
+%define parse.lac full
+%define api.pure full
+
+%locations
+
+%union {
+GString *string;
+HexValue rvalue;
+HexSat sat;
+HexCast cast;
+HexExtract extract;
+HexMpy mpy;
+HexSignedness signedness;
+int index;
+}
+
+/* Tokens */
+%start input
+
+%expect 1
+
+%token IN INAME VAR
+%token ABS CROUND ROUND CIRCADD COUNTONES INC DEC ANDA ORA XORA PLUSPLUS ASL
+%token ASR LSR EQ NEQ LTE GTE MIN MAX ANDL FOR ICIRC IF MUN FSCR FCHK SXT
+%token ZXT CONSTEXT LOCNT BREV SIGN LOAD STORE PC NPC LPCFG
+%token CANCEL IDENTITY PART1 ROTL INSBITS SETBITS EXTRANGE
+%token CAST4_8U FAIL CARRY_FROM_ADD ADDSAT64 LSBNEW
+%token TYPE_SIZE_T TYPE_INT TYPE_SIGNED TYPE_UNSIGNED TYPE_LONG
+
+%token  REG IMM PRED
+%token  ELSE
+%token  MPY
+%token  SAT
+%token  CAST DEPOSIT SETHALF
+%token  EXTRACT
+%type  INAME
+%type  rvalue lvalue VAR assign_statement var var_decl var_type
+%type  FAIL
+%type  TYPE_SIGNED TYPE_UNSIGNED TYPE_INT TYPE_LONG TYPE_SIZE_T
+%type  if_stmt IF
+%type  SIGN
+
+/* Operator Precedences */
+%left MIN MAX
+%left '('
+%left ','
+%left '='
+%right CIRCADD
+%right INC DEC ANDA ORA XORA
+%left '?' ':'
+%left ANDL
+%left '|'
+%left '^' ANDOR
+%left '&'
+%left EQ NEQ
+%left '<' '>' LTE GTE
+%left ASL ASR LSR
+%right ABS
+%left '-' '+'
+%left '*' '/' '%' MPY
+%right '~' '!'
+%left '['
+%right CAST
+%right LOCNT BREV
+
+/* Bison Grammar */
+%%
+
+/* Input file containing the description of each hexagon instruction */
+input : instructions
+  {
+  YYACCEPT;
+  }
+  ;
+
+instructions : instruction instructions
+ | %empty
+ ;
+
+instruction : INAME
+  {
+  gen_inst(c, $1);
+  }
+  arguments
+  {
+  EMIT_SIG(c, ")");
+  EMIT_HEAD(c, "{\n");
+  }
+  code
+  {
+  gen_inst_code(c, &@1);
+  }
+| error /* Recover gracefully after instruction compilation error 
*/
+  {
+  free_instruction(c);
+  }
+;
+
+arguments : '(' ')'
+  | '(' argument_list ')';
+
+argument_list : argument_decl ',' argument_list
+  | argument_decl
+  ;
+
+var : VAR
+  {
+  track_string(c, $1.var.name);
+  $$ = $1;
+  }
+;
+
+/*
+ * Here the integer types are defined from valid combinations of
+ * `signed`, `unsigned`, `int`, and `long` tokens. The `signed`
+ * and `unsigned` tokens are here assumed to always be placed
+ * first in the type declaration, which is not the case in
+ * normal C. Similarly, `int` is assumed to always be placed
+ * last in the type.
+ */
+type_int : TYPE_INT
+ | TYPE_SIGNED
+ | TYPE_SIGNED TYPE_INT;
+type_uint : TYPE_UNSIGNED
+  | TYPE_UNSIGNED TYPE_INT;
+type_ulonglong : TYPE_UNSIGNED TYPE_LONG TYPE_LONG
+   | TYPE_UNSIGNED TYPE_LONG TYPE_LONG TYPE_INT;
+
+/*
+ * Here the various valid int types defined above specify
+ * their `signedness` and `bit_width`. The LP64 convention
+ * is assumed where longs are 64-bit, long longs are then
+ * assumed to also be 64-bit.
+ */
+var_type : TYPE_SIZE_T
+   {
+  yyassert(c, &@1, $1.bit_width <= 64,
+   "Variables with size > 64-bit are