Re: [PATCH v3 0/5] Fix LoongArch coverity error and cpu name bug

[Richard Henderson]

On 7/15/22 11:37, Xiaojuan Yang wrote:

This series fix some coverity errors and loongarch_cpu_class_by_name function
for LoongArch virt machine.

Only the loongarch_pch_pic patch(number 2/5) need to be reviewed in this v3
verison, and other patches have been reviewed.

Changes for v3:

1. In loongarch_pch_pic file, We should not use 'unsigned long'
type as argument when we use find_first_bit(), and we use
ctz64() to replace find_first_bit() to fix this bug.
2. It is not standard to use '1ULL << irq' to generate a irq mask.
So, we replace it with 'MAKE_64BIT_MASK(irq, 1)'.
3. Rewrite commit comments for op_helper patch(number 5/5).


Queued all of these, with fixes as described for patches 1 and 2.


r~



Changes for v2:

1. Use MAKE_64BIT_MASK(shift, len) to replace 'xxx << shift'.
2. Use ARRAY_SIZE(arrqy) to get the array size.
3. Add the assertion that 'cpu_model' resolve to a class of the
appropriate type.


Changes for v1:

1. Fix coverity errors such as out-of-bounds, integer overflow,
cond_at_most, etc.
2. Fix loongarch_cpu_class_by_name function.


Please help review
Thanks.

Xiaojuan Yang (5):
   target/loongarch/cpu: Fix cpu_class_by_name function
   hw/intc/loongarch_pch_pic: Fix bugs for update_irq function
   target/loongarch/cpu: Fix coverity errors about excp_names
   target/loongarch/tlb_helper: Fix coverity integer overflow error
   target/loongarch/op_helper: Fix coverity cond_at_most error

  hw/intc/loongarch_pch_pic.c   | 18 +++---
  target/loongarch/cpu.c| 15 ---
  target/loongarch/op_helper.c  |  2 +-
  target/loongarch/tlb_helper.c |  4 ++--
  4 files changed, 22 insertions(+), 17 deletions(-)

Re: [PATCH] roms/opensbi: Upgrade from v1.0 to v1.1

[Alistair Francis]

On Wed, Jul 13, 2022 at 7:06 PM Bin Meng  wrote:
>
> Upgrade OpenSBI from v1.0 to v1.1 and the pre-built bios images.
>
> The v1.1 release includes the following commits:
>
> 5b99603 lib: utils/ipi: Fix size check in aclint_mswi_cold_init()
> 6dde435 lib: utils/sys: Extend HTIF library to allow custom base address
> 8257262 platform: sifive_fu740: do not use a global in da9063_reset/shutdown
> fb688d9 platform: sifive_fu740: fix reset when watchdog is running
> 5d025eb lib: fix pointer of type 'void *' used in arithmetic
> 632f593 lib: sbi: Map only the counters enabled in hardware
> 3b7c204 lib: sbi: Disable interrupt during config matching
> a26dc60 lib: sbi: Disable interrupt and inhibit counting in M-mode during init
> 5d53b55 Makefile: fix build with binutils 2.38
> 6ad8917 lib: fix compilation when strings.h is included
> ce4c018 lib: utils/serial: Round UART8250 baud rate divisor to nearest integer
> 01250d0 include: sbi: Add AIA related CSR defines
> 8f96070 lib: sbi: Detect AIA CSRs at boot-time
> 65b4c7c lib: sbi: Use AIA CSRs for local interrupts when available
> 222132f lib: sbi: Add sbi_trap_set_external_irqfn() API
> 5f56314 lib: utils/irqchip: Allow multiple FDT irqchip drivers
> 1050940 include: sbi: Introduce nascent_init() platform callback
> 55e79f8 lib: sbi: Enable mie.MEIE bit for IPIs based on external interrupts.
> 9f73669 lib: utils/irqchip: Add IMSIC library
> 811da5c lib: utils/irqchip: Add FDT based driver for IMSIC
> 7127aaa lib: utils: Disable appropriate IMSIC DT nodes in fdt_fixups()
> 9979265 lib: utils/irqchip: Add APLIC initialization library
> 3461219 lib: utils/irqchip: Add FDT based driver for APLIC
> 8e2ef4f lib: utils: Disable appropriate APLIC DT nodes in fdt_fixups()
> 3a69cc1 lib: sbi: fix typo in is_region_subset
> f2ccf2f lib: sbi: verbose sbi_domain_root_add_memregion
> f3f4604 lib: sbi: Add a simple external interrupt handling framework
> 4998a71 lib: utils: serial: Initial commit of xlnx-uartlite
> 2dfbd3c lib: pmp_set/pmp_get moved errors from runtime to compile time
> b6b7220 firmware: Fix code for accessing hart_count and stack_size
> d552fc8 lib: Add error messages via conditional compilation for the future
> 555bdb1 include: Use static asserts for SBI_PLATFORM_xxx_OFFSET defines
> 1b42d3a include: Use static asserts for SBI_SCRATCH_xxx_OFFSET defines
> 7924a0b include: Use static asserts for FW_DYNAMIC_INFO_xxx_OFFSET defines
> 722f80d include: Add defines for [m|h|s]envcfg CSRs
> 31fecad lib: sbi: Detect menvcfg CSR at boot time
> 47d6765 lib: sbi: Enable Zicbo[m|z] extensions in the menvcfg CSR
> 794986f lib: sbi: Enable Svpbmt extension in the menvcfg CSR
> 499601a lib: sbi: Add Smstateen extension defines
> d44568a lib: sbi: Detect Smstateen CSRs at boot-time
> 3383d6a lib: irqchip/imsic: configure mstateen
> 5c5cbb5 lib: utils/serial: support 'reg-offset' property
> c1e47d0 include: correct the definition of MSTATUS_VS
> 9cd95e1 lib: sbi/hart: preserve csr validation value
> 4035ae9 docs: pmu: Improve the PMU DT bindings
> d62f6da lib: sbi: Implement Sstc extension
> 474a9d4 lib: sbi: Fix mstatus_init() for RV32 when Sscofpmf is not available
> e576b3e include: sbi: Define SBI_PMU_HW_EVENT_MAX to 256
> b0c9df5 lib: sbi: Fix mhpmeventh access for rv32 in absence of sscofpmf
> 1a754bb lib: sbi: Detect and print privileged spec version
> 5a6be99 lib: sbi: Remove 's' and 'u' from misa_string() output
> 5b8b377 lib: sbi: Update the name of ISA string printed at boot time
> d4b563c lib: sbi: Remove MCOUNTEREN and SCOUNTEREN hart features
> dbc3d8f lib: sbi: Remove MCOUNTINHIBT hart feature
> 97a17c2 lib: sbi: Remove MENVCFG hart feature
> a6ab94f lib: sbi: Fix AIA feature detection
> cad6c91 lib: sbi: Convert hart features into hart extensions
> be4903a lib: sbi: Detect hart features only once for each hart
> 994ace3 lib: sbi: Add sbi_hart_update_extension() function
> 023f0ad lib: sbi_platform: Add callback to populate HART extensions
> f726f2d Makefile: Allow generated C source to be anywhere in build directory
> 7fb474b Makefile: Add support for generating C array at compile time
> 73cf511 lib: utils/reset: Generate FDT reset driver list at compile-time
> 1e62705 lib: utils/serial: Generate FDT serial driver list at compile-time
> bfeb305 lib: utils/timer: Generate FDT timer driver list at compile-time
> 3a69d12 lib: utils/irqchip: Generate FDT irqchip driver list at compile-time
> 4ee0c57 lib: utils/ipi: Generate FDT ipi driver list at compile-time
> 998ed43 lib: utils/i2c: Generate FDT i2c adapter driver list at compile-time
> 4eacd82 lib: utils/gpio: Generate FDT gpio driver list at compile-time
> a3a3c60 platform: generic: Generate platform override module list at 
> compile-time
> 9a7a677 platform: generic: Move Sifive platform overrides into own directory
> 851c14d lib: utils/irqchip: fix typo when checking for CPU node
> 90a9dd2 lib: utils/fdt: introduce fdt_node_is_enabled()
> 616da52 lib: utils: check if CPU node is enabled
> 575bb4e platform: 

Re: [PATCH 1/1] target/riscv: Fix typo and restore Pointer Masking functionality for RISC-V

[Alistair Francis]

On Sun, Jul 17, 2022 at 8:17 PM Alexey Baturo  wrote:
>
> From: Alexey Baturo 
>
> Signed-off-by: Alexey Baturo 

Fixes: 4302bef9e178 ("target/riscv: Calculate address according to XLEN")

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/translate.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/target/riscv/translate.c b/target/riscv/translate.c
> index 63b04e8a94..86c19ea74e 100644
> --- a/target/riscv/translate.c
> +++ b/target/riscv/translate.c
> @@ -544,7 +544,7 @@ static TCGv get_address(DisasContext *ctx, int rs1, int 
> imm)
>
>  tcg_gen_addi_tl(addr, src1, imm);
>  if (ctx->pm_mask_enabled) {
> -tcg_gen_and_tl(addr, addr, pm_mask);
> +tcg_gen_andc_tl(addr, addr, pm_mask);
>  } else if (get_xl(ctx) == MXL_RV32) {
>  tcg_gen_ext32u_tl(addr, addr);
>  }
> --
> 2.30.2
>
>

Re: [PATCH v3 1/5] target/loongarch/cpu: Fix cpu_class_by_name function

[Richard Henderson]

On 7/19/22 12:16, Richard Henderson wrote:

On 7/15/22 11:37, Xiaojuan Yang wrote:

In loongarch_cpu_class_by_name(char *cpu_model) function,
the argument cpu_model already has the suffix '-loongarch-cpu',
so we should remove the LOONGARCH_CPU_TYPE_NAME(cpu_model) macro.
And add the assertion that 'cpu_model' resolves to a class of the
appropriate type.

Signed-off-by: Xiaojuan Yang 
Reviewed-by: Richard Henderson 


This patch causes tests to fail, e.g.

   TEST    float_convd on loongarch64

qemu-loongarch64: unable to find CPU model 'la464'

make[1]: *** [/home/rth/qemu/src/tests/tcg/multiarch/Makefile.target:29: run-float_convd] 
Error 1



What caused you assume that all cpu models are already suffixed?


Mm.  I suppose the use over in hw/loongarch/loongson3.c.
I will make this function match target/alpha/cpu.c, which checks cpu_model as-is, and then 
tries again with the suffix.



r~

Re: [PATCH] roms/opensbi: Upgrade from v1.0 to v1.1

[Alistair Francis]

On Wed, Jul 13, 2022 at 7:06 PM Bin Meng  wrote:
>
> Upgrade OpenSBI from v1.0 to v1.1 and the pre-built bios images.
>
> The v1.1 release includes the following commits:
>
> 5b99603 lib: utils/ipi: Fix size check in aclint_mswi_cold_init()
> 6dde435 lib: utils/sys: Extend HTIF library to allow custom base address
> 8257262 platform: sifive_fu740: do not use a global in da9063_reset/shutdown
> fb688d9 platform: sifive_fu740: fix reset when watchdog is running
> 5d025eb lib: fix pointer of type 'void *' used in arithmetic
> 632f593 lib: sbi: Map only the counters enabled in hardware
> 3b7c204 lib: sbi: Disable interrupt during config matching
> a26dc60 lib: sbi: Disable interrupt and inhibit counting in M-mode during init
> 5d53b55 Makefile: fix build with binutils 2.38
> 6ad8917 lib: fix compilation when strings.h is included
> ce4c018 lib: utils/serial: Round UART8250 baud rate divisor to nearest integer
> 01250d0 include: sbi: Add AIA related CSR defines
> 8f96070 lib: sbi: Detect AIA CSRs at boot-time
> 65b4c7c lib: sbi: Use AIA CSRs for local interrupts when available
> 222132f lib: sbi: Add sbi_trap_set_external_irqfn() API
> 5f56314 lib: utils/irqchip: Allow multiple FDT irqchip drivers
> 1050940 include: sbi: Introduce nascent_init() platform callback
> 55e79f8 lib: sbi: Enable mie.MEIE bit for IPIs based on external interrupts.
> 9f73669 lib: utils/irqchip: Add IMSIC library
> 811da5c lib: utils/irqchip: Add FDT based driver for IMSIC
> 7127aaa lib: utils: Disable appropriate IMSIC DT nodes in fdt_fixups()
> 9979265 lib: utils/irqchip: Add APLIC initialization library
> 3461219 lib: utils/irqchip: Add FDT based driver for APLIC
> 8e2ef4f lib: utils: Disable appropriate APLIC DT nodes in fdt_fixups()
> 3a69cc1 lib: sbi: fix typo in is_region_subset
> f2ccf2f lib: sbi: verbose sbi_domain_root_add_memregion
> f3f4604 lib: sbi: Add a simple external interrupt handling framework
> 4998a71 lib: utils: serial: Initial commit of xlnx-uartlite
> 2dfbd3c lib: pmp_set/pmp_get moved errors from runtime to compile time
> b6b7220 firmware: Fix code for accessing hart_count and stack_size
> d552fc8 lib: Add error messages via conditional compilation for the future
> 555bdb1 include: Use static asserts for SBI_PLATFORM_xxx_OFFSET defines
> 1b42d3a include: Use static asserts for SBI_SCRATCH_xxx_OFFSET defines
> 7924a0b include: Use static asserts for FW_DYNAMIC_INFO_xxx_OFFSET defines
> 722f80d include: Add defines for [m|h|s]envcfg CSRs
> 31fecad lib: sbi: Detect menvcfg CSR at boot time
> 47d6765 lib: sbi: Enable Zicbo[m|z] extensions in the menvcfg CSR
> 794986f lib: sbi: Enable Svpbmt extension in the menvcfg CSR
> 499601a lib: sbi: Add Smstateen extension defines
> d44568a lib: sbi: Detect Smstateen CSRs at boot-time
> 3383d6a lib: irqchip/imsic: configure mstateen
> 5c5cbb5 lib: utils/serial: support 'reg-offset' property
> c1e47d0 include: correct the definition of MSTATUS_VS
> 9cd95e1 lib: sbi/hart: preserve csr validation value
> 4035ae9 docs: pmu: Improve the PMU DT bindings
> d62f6da lib: sbi: Implement Sstc extension
> 474a9d4 lib: sbi: Fix mstatus_init() for RV32 when Sscofpmf is not available
> e576b3e include: sbi: Define SBI_PMU_HW_EVENT_MAX to 256
> b0c9df5 lib: sbi: Fix mhpmeventh access for rv32 in absence of sscofpmf
> 1a754bb lib: sbi: Detect and print privileged spec version
> 5a6be99 lib: sbi: Remove 's' and 'u' from misa_string() output
> 5b8b377 lib: sbi: Update the name of ISA string printed at boot time
> d4b563c lib: sbi: Remove MCOUNTEREN and SCOUNTEREN hart features
> dbc3d8f lib: sbi: Remove MCOUNTINHIBT hart feature
> 97a17c2 lib: sbi: Remove MENVCFG hart feature
> a6ab94f lib: sbi: Fix AIA feature detection
> cad6c91 lib: sbi: Convert hart features into hart extensions
> be4903a lib: sbi: Detect hart features only once for each hart
> 994ace3 lib: sbi: Add sbi_hart_update_extension() function
> 023f0ad lib: sbi_platform: Add callback to populate HART extensions
> f726f2d Makefile: Allow generated C source to be anywhere in build directory
> 7fb474b Makefile: Add support for generating C array at compile time
> 73cf511 lib: utils/reset: Generate FDT reset driver list at compile-time
> 1e62705 lib: utils/serial: Generate FDT serial driver list at compile-time
> bfeb305 lib: utils/timer: Generate FDT timer driver list at compile-time
> 3a69d12 lib: utils/irqchip: Generate FDT irqchip driver list at compile-time
> 4ee0c57 lib: utils/ipi: Generate FDT ipi driver list at compile-time
> 998ed43 lib: utils/i2c: Generate FDT i2c adapter driver list at compile-time
> 4eacd82 lib: utils/gpio: Generate FDT gpio driver list at compile-time
> a3a3c60 platform: generic: Generate platform override module list at 
> compile-time
> 9a7a677 platform: generic: Move Sifive platform overrides into own directory
> 851c14d lib: utils/irqchip: fix typo when checking for CPU node
> 90a9dd2 lib: utils/fdt: introduce fdt_node_is_enabled()
> 616da52 lib: utils: check if CPU node is enabled
> 575bb4e platform: 

Re: [PATCH v3 1/5] target/loongarch/cpu: Fix cpu_class_by_name function

[Richard Henderson]

On 7/15/22 11:37, Xiaojuan Yang wrote:

In loongarch_cpu_class_by_name(char *cpu_model) function,
the argument cpu_model already has the suffix '-loongarch-cpu',
so we should remove the LOONGARCH_CPU_TYPE_NAME(cpu_model) macro.
And add the assertion that 'cpu_model' resolves to a class of the
appropriate type.

Signed-off-by: Xiaojuan Yang 
Reviewed-by: Richard Henderson 


This patch causes tests to fail, e.g.

  TESTfloat_convd on loongarch64

qemu-loongarch64: unable to find CPU model 'la464'

make[1]: *** [/home/rth/qemu/src/tests/tcg/multiarch/Makefile.target:29: run-float_convd] 
Error 1



What caused you assume that all cpu models are already suffixed?


r~

Re: [PATCH v4 16/19] vdpa: Buffer CVQ support on shadow virtqueue

[Eugenio Perez Martin]

On Tue, Jul 19, 2022 at 7:42 AM Eugenio Perez Martin
 wrote:
>
> On Tue, Jul 19, 2022 at 4:39 AM Jason Wang  wrote:
> >
> >
> > 在 2022/7/18 18:29, Eugenio Pérez 写道:
> > > Introduce the control virtqueue support for vDPA shadow virtqueue. This
> > > is needed for advanced networking features like rx filtering.
> > >
> > > Virtio-net control VQ copies the descriptors to qemu's VA, so we avoid
> > > TOCTOU with the guest's or device's memory every time there is a device
> > > model change.  Otherwise, the guest could change the memory content in
> > > the time between qemu and the device read it.
> > >
> > > To demonstrate command handling, VIRTIO_NET_F_CTRL_MACADDR is
> > > implemented.  If the virtio-net driver changes MAC the virtio-net device
> > > model will be updated with the new one, and a rx filtering change event
> > > will be raised.
> > >
> > > More cvq commands could be added here straightforwardly but they have
> > > not been tested.
> > >
> > > Signed-off-by: Eugenio Pérez 
> > > ---
> > >   net/vhost-vdpa.c | 211 +--
> > >   1 file changed, 204 insertions(+), 7 deletions(-)
> > >
> > > diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
> > > index 2e3b6b10d8..3915b148c4 100644
> > > --- a/net/vhost-vdpa.c
> > > +++ b/net/vhost-vdpa.c
> > > @@ -33,6 +33,9 @@ typedef struct VhostVDPAState {
> > >   NetClientState nc;
> > >   struct vhost_vdpa vhost_vdpa;
> > >   VHostNetState *vhost_net;
> > > +
> > > +/* Control commands shadow buffers */
> > > +void *cvq_cmd_out_buffer, *cvq_cmd_in_buffer;
> > >   bool started;
> > >   } VhostVDPAState;
> > >
> > > @@ -131,6 +134,8 @@ static void vhost_vdpa_cleanup(NetClientState *nc)
> > >   {
> > >   VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
> > >
> > > +qemu_vfree(s->cvq_cmd_out_buffer);
> > > +qemu_vfree(s->cvq_cmd_in_buffer);
> > >   if (s->vhost_net) {
> > >   vhost_net_cleanup(s->vhost_net);
> > >   g_free(s->vhost_net);
> > > @@ -190,24 +195,191 @@ static NetClientInfo net_vhost_vdpa_info = {
> > >   .check_peer_type = vhost_vdpa_check_peer_type,
> > >   };
> > >
> > > +static void vhost_vdpa_cvq_unmap_buf(struct vhost_vdpa *v, void *addr)
> > > +{
> > > +VhostIOVATree *tree = v->iova_tree;
> > > +DMAMap needle = {
> > > +/*
> > > + * No need to specify size or to look for more translations since
> > > + * this contiguous chunk was allocated by us.
> > > + */
> > > +.translated_addr = (hwaddr)(uintptr_t)addr,
> > > +};
> > > +const DMAMap *map = vhost_iova_tree_find_iova(tree, &needle);
> > > +int r;
> > > +
> > > +if (unlikely(!map)) {
> > > +error_report("Cannot locate expected map");
> > > +return;
> > > +}
> > > +
> > > +r = vhost_vdpa_dma_unmap(v, map->iova, map->size + 1);
> > > +if (unlikely(r != 0)) {
> > > +error_report("Device cannot unmap: %s(%d)", g_strerror(r), r);
> > > +}
> > > +
> > > +vhost_iova_tree_remove(tree, map);
> > > +}
> > > +
> > > +static size_t vhost_vdpa_net_cvq_cmd_len(void)
> > > +{
> > > +/*
> > > + * MAC_TABLE_SET is the ctrl command that produces the longer out 
> > > buffer.
> > > + * In buffer is always 1 byte, so it should fit here
> > > + */
> > > +return sizeof(struct virtio_net_ctrl_hdr) +
> > > +   2 * sizeof(struct virtio_net_ctrl_mac) +
> > > +   MAC_TABLE_ENTRIES * ETH_ALEN;
> > > +}
> > > +
> > > +static size_t vhost_vdpa_net_cvq_cmd_page_len(void)
> > > +{
> > > +return ROUND_UP(vhost_vdpa_net_cvq_cmd_len(), 
> > > qemu_real_host_page_size());
> > > +}
> > > +
> > > +/** Copy and map a guest buffer. */
> > > +static bool vhost_vdpa_cvq_map_buf(struct vhost_vdpa *v,
> > > +   const struct iovec *out_data,
> > > +   size_t out_num, size_t data_len, void 
> > > *buf,
> > > +   size_t *written, bool write)
> > > +{
> > > +DMAMap map = {};
> > > +int r;
> > > +
> > > +if (unlikely(!data_len)) {
> > > +qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid legnth of %s 
> > > buffer\n",
> > > +  __func__, write ? "in" : "out");
> > > +return false;
> > > +}
> > > +
> > > +*written = iov_to_buf(out_data, out_num, 0, buf, data_len);
> > > +map.translated_addr = (hwaddr)(uintptr_t)buf;
> > > +map.size = vhost_vdpa_net_cvq_cmd_page_len() - 1;
> > > +map.perm = write ? IOMMU_RW : IOMMU_RO,
> > > +r = vhost_iova_tree_map_alloc(v->iova_tree, &map);
> > > +if (unlikely(r != IOVA_OK)) {
> > > +error_report("Cannot map injected element");
> > > +return false;
> > > +}
> > > +
> > > +r = vhost_vdpa_dma_map(v, map.iova, 
> > > vhost_vdpa_net_cvq_cmd_page_len(), buf,
> > > +   !write);
> > > +if (unlikely(r < 0)) {
> > > +goto dma_map_err;
> > > 

Re: [PATCH v4 16/19] vdpa: Buffer CVQ support on shadow virtqueue

[Eugenio Perez Martin]

On Tue, Jul 19, 2022 at 4:39 AM Jason Wang  wrote:
>
>
> 在 2022/7/18 18:29, Eugenio Pérez 写道:
> > Introduce the control virtqueue support for vDPA shadow virtqueue. This
> > is needed for advanced networking features like rx filtering.
> >
> > Virtio-net control VQ copies the descriptors to qemu's VA, so we avoid
> > TOCTOU with the guest's or device's memory every time there is a device
> > model change.  Otherwise, the guest could change the memory content in
> > the time between qemu and the device read it.
> >
> > To demonstrate command handling, VIRTIO_NET_F_CTRL_MACADDR is
> > implemented.  If the virtio-net driver changes MAC the virtio-net device
> > model will be updated with the new one, and a rx filtering change event
> > will be raised.
> >
> > More cvq commands could be added here straightforwardly but they have
> > not been tested.
> >
> > Signed-off-by: Eugenio Pérez 
> > ---
> >   net/vhost-vdpa.c | 211 +--
> >   1 file changed, 204 insertions(+), 7 deletions(-)
> >
> > diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
> > index 2e3b6b10d8..3915b148c4 100644
> > --- a/net/vhost-vdpa.c
> > +++ b/net/vhost-vdpa.c
> > @@ -33,6 +33,9 @@ typedef struct VhostVDPAState {
> >   NetClientState nc;
> >   struct vhost_vdpa vhost_vdpa;
> >   VHostNetState *vhost_net;
> > +
> > +/* Control commands shadow buffers */
> > +void *cvq_cmd_out_buffer, *cvq_cmd_in_buffer;
> >   bool started;
> >   } VhostVDPAState;
> >
> > @@ -131,6 +134,8 @@ static void vhost_vdpa_cleanup(NetClientState *nc)
> >   {
> >   VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
> >
> > +qemu_vfree(s->cvq_cmd_out_buffer);
> > +qemu_vfree(s->cvq_cmd_in_buffer);
> >   if (s->vhost_net) {
> >   vhost_net_cleanup(s->vhost_net);
> >   g_free(s->vhost_net);
> > @@ -190,24 +195,191 @@ static NetClientInfo net_vhost_vdpa_info = {
> >   .check_peer_type = vhost_vdpa_check_peer_type,
> >   };
> >
> > +static void vhost_vdpa_cvq_unmap_buf(struct vhost_vdpa *v, void *addr)
> > +{
> > +VhostIOVATree *tree = v->iova_tree;
> > +DMAMap needle = {
> > +/*
> > + * No need to specify size or to look for more translations since
> > + * this contiguous chunk was allocated by us.
> > + */
> > +.translated_addr = (hwaddr)(uintptr_t)addr,
> > +};
> > +const DMAMap *map = vhost_iova_tree_find_iova(tree, &needle);
> > +int r;
> > +
> > +if (unlikely(!map)) {
> > +error_report("Cannot locate expected map");
> > +return;
> > +}
> > +
> > +r = vhost_vdpa_dma_unmap(v, map->iova, map->size + 1);
> > +if (unlikely(r != 0)) {
> > +error_report("Device cannot unmap: %s(%d)", g_strerror(r), r);
> > +}
> > +
> > +vhost_iova_tree_remove(tree, map);
> > +}
> > +
> > +static size_t vhost_vdpa_net_cvq_cmd_len(void)
> > +{
> > +/*
> > + * MAC_TABLE_SET is the ctrl command that produces the longer out 
> > buffer.
> > + * In buffer is always 1 byte, so it should fit here
> > + */
> > +return sizeof(struct virtio_net_ctrl_hdr) +
> > +   2 * sizeof(struct virtio_net_ctrl_mac) +
> > +   MAC_TABLE_ENTRIES * ETH_ALEN;
> > +}
> > +
> > +static size_t vhost_vdpa_net_cvq_cmd_page_len(void)
> > +{
> > +return ROUND_UP(vhost_vdpa_net_cvq_cmd_len(), 
> > qemu_real_host_page_size());
> > +}
> > +
> > +/** Copy and map a guest buffer. */
> > +static bool vhost_vdpa_cvq_map_buf(struct vhost_vdpa *v,
> > +   const struct iovec *out_data,
> > +   size_t out_num, size_t data_len, void 
> > *buf,
> > +   size_t *written, bool write)
> > +{
> > +DMAMap map = {};
> > +int r;
> > +
> > +if (unlikely(!data_len)) {
> > +qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid legnth of %s buffer\n",
> > +  __func__, write ? "in" : "out");
> > +return false;
> > +}
> > +
> > +*written = iov_to_buf(out_data, out_num, 0, buf, data_len);
> > +map.translated_addr = (hwaddr)(uintptr_t)buf;
> > +map.size = vhost_vdpa_net_cvq_cmd_page_len() - 1;
> > +map.perm = write ? IOMMU_RW : IOMMU_RO,
> > +r = vhost_iova_tree_map_alloc(v->iova_tree, &map);
> > +if (unlikely(r != IOVA_OK)) {
> > +error_report("Cannot map injected element");
> > +return false;
> > +}
> > +
> > +r = vhost_vdpa_dma_map(v, map.iova, vhost_vdpa_net_cvq_cmd_page_len(), 
> > buf,
> > +   !write);
> > +if (unlikely(r < 0)) {
> > +goto dma_map_err;
> > +}
> > +
> > +return true;
> > +
> > +dma_map_err:
> > +vhost_iova_tree_remove(v->iova_tree, &map);
> > +return false;
> > +}
> > +
> >   /**
> > - * Forward buffer for the moment.
> > + * Copy the guest element into a dedicated buffer suitable to be sent to 
> > NIC
> > + *
> > + * @iov: [0] is the out buffe

Re: [PATCH v1] target/loongarch/cpu: Fix cpucfg default value

[Richard Henderson]

On 7/15/22 12:18, Xiaojuan Yang wrote:

We should config cpucfg[20] to set value for the scache's ways, sets,
and size arguments when loongarch cpu init. However, the old code
wirte 'sets argument' twice, so we change one of them to 'size argument'.

Signed-off-by: Xiaojuan Yang 
---
  target/loongarch/cpu.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index 89ea971cde..4cfce8c9d2 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -406,7 +406,7 @@ static void loongarch_la464_initfn(Object *obj)
  data = 0;
  data = FIELD_DP32(data, CPUCFG20, L3IU_WAYS, 15);
  data = FIELD_DP32(data, CPUCFG20, L3IU_SETS, 14);
-data = FIELD_DP32(data, CPUCFG20, L3IU_SETS, 6);
+data = FIELD_DP32(data, CPUCFG20, L3IU_SIZE, 6);


Reviewed-by: Richard Henderson 


r~


  env->cpucfg[20] = data;
  
  env->CSR_ASID = FIELD_DP64(0, CSR_ASID, ASIDBITS, 0xa);

Re: [PATCH v3 2/5] hw/intc/loongarch_pch_pic: Fix bugs for update_irq function

[Richard Henderson]

On 7/15/22 11:37, Xiaojuan Yang wrote:

Fix such errors:
1. We should not use 'unsigned long' type as argument when we use
find_first_bit(), and we use ctz64() to replace find_first_bit()
to fix this bug.
2. It is not standard to use '1ULL << irq' to generate a irq mask.
So, we replace it with 'MAKE_64BIT_MASK(irq, 1)'.

Fix coverity CID: 1489761 1489764 1489765

Signed-off-by: Xiaojuan Yang 
---
  hw/intc/loongarch_pch_pic.c | 18 +++---
  1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/hw/intc/loongarch_pch_pic.c b/hw/intc/loongarch_pch_pic.c
index 3c9814a3b4..8fa64d2030 100644
--- a/hw/intc/loongarch_pch_pic.c
+++ b/hw/intc/loongarch_pch_pic.c
@@ -15,22 +15,26 @@
  
  static void pch_pic_update_irq(LoongArchPCHPIC *s, uint64_t mask, int level)

  {
-unsigned long val;
+uint64_t val;
  int irq;
  
  if (level) {

  val = mask & s->intirr & ~s->int_mask;
  if (val) {
-irq = find_first_bit(&val, 64);
-s->intisr |= 0x1ULL << irq;
-qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 1);
+irq = ctz64(val);
+if (irq < 64) {


This test is always true, provable by the val != 0 test just above.


r~


+s->intisr |= MAKE_64BIT_MASK(irq, 1);
+qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 1);
+}
  }
  } else {
  val = mask & s->intisr;
  if (val) {
-irq = find_first_bit(&val, 64);
-s->intisr &= ~(0x1ULL << irq);
-qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 0);
+irq = ctz64(val);
+if (irq < 64) {
+s->intisr &= ~(MAKE_64BIT_MASK(irq, 1));
+qemu_set_irq(s->parent_irq[s->htmsi_vector[irq]], 0);
+}
  }
  }
  }

Re: [PATCH] tests/docker/dockerfiles: Add debian-loongarch-cross.docker

[Richard Henderson]

On 7/4/22 12:38, Richard Henderson wrote:

Use the pre-packaged toolchain provided by Loongson via github.

Signed-off-by: Richard Henderson 
---
  configure |  5 
  tests/docker/Makefile.include |  2 ++
  .../dockerfiles/debian-loongarch-cross.docker | 25 +++
  3 files changed, 32 insertions(+)
  create mode 100644 tests/docker/dockerfiles/debian-loongarch-cross.docker


Queued, with the change to the smaller gcc image suggested by Song Gao.


r~

Re: [PULL SUBSYSTEM qemu-pseries] pseries: Update SLOF firmware image

[Alexey Kardashevskiy]

I just pushed another update to SLOF but before I do pull request - I 
usually wait for it to sync up with git.qemu.org but the syncing does 
not seem happening this time, is that still supposed to work like that 
with gitlab too?



On 10/01/2022 16:04, Alexey Kardashevskiy wrote:

The following changes since commit 0625c7760d5451d7436ef0738f763c6bb5141919:

   target/ppc: do not call hreg_compute_hflags() in helper_store_mmcr0() 
(2022-01-04 07:55:35 +0100)

are available in the Git repository at:

   g...@github.com:aik/qemu.git tags/qemu-slof-20220110

for you to fetch changes up to 1c127fa8e2ff2b034ebf8e50faea2bbc5136afd2:

   pseries: Update SLOF firmware image (2022-01-10 15:31:14 +1100)


Alexey Kardashevskiy (1):
   pseries: Update SLOF firmware image

  pc-bios/README   |   2 +-
  pc-bios/slof.bin | Bin 991920 -> 992384 bytes
  roms/SLOF|   2 +-
  3 files changed, 2 insertions(+), 2 deletions(-)


*** Note: this is not for master, this is for pseries

The only change is that SLOF is compiled with -mcpu=power5
to make it work on PPC970 too.



--
Alexey

Re: [PATCH 1/8] hmat acpi: Don't require initiator value in -numa

[Liu, Jingqi]

On 7/18/2022 1:43 PM, Brice Goglin wrote:


Le 18/07/2022 à 05:17, Liu, Jingqi a écrit :


On 7/11/2022 6:44 PM, Hesham Almatary via wrote:

From: Brice Goglin 

The "Memory Proximity Domain Attributes" structure of the ACPI HMAT
has a "Processor Proximity Domain Valid" flag that is currently
always set because Qemu -numa requires an initiator=X value
when hmat=on. Unsetting this flag allows to create more complex
memory topologies by having multiple best initiators for a single
memory target.


Do you mean the memory-only numa node requires an initiator=X value ?

It would be better if you can explicitly provide cases in the 
description


for creating more complex memory topologies without initiator=X.



Hello

I wrote this text so I am going to reply. All nodes currently require 
an initiator= attribute. For CPU-node, that's usually OK. However it 
forces all nodes to have a best initiator that is exactly one single 
node. This prevents creating a topology where some memory has for best 
initiator the sum of 2 nodes for instance. There's an example below in 
the description. A real-world example would be a Xeon server with SNC 
enabled: there are 2 DDR per socket, one per SNC, but a single NVDIMM 
per socket covering both SNC. That NVDIMM node cannot have a single 
initiator value since its best initiator is both SNC. That's similar 
to the example below in the description


Reviewed-by: Jingqi Liu 

Got it. Thanks for your detailed example. It looks reasonable.

Jingqi



Brice





Thanks,

Jingqi


This patch allows -numa without initiator=X when hmat=on by keeping
the default value MAX_NODES in numa_state->nodes[i].initiator.
All places reading numa_state->nodes[i].initiator already check
whether it's different from MAX_NODES before using it.

Tested with
qemu-system-x86_64 -accel kvm \
  -machine pc,hmat=on \
  -drive if=pflash,format=raw,file=./OVMF.fd \
  -drive media=disk,format=qcow2,file=efi.qcow2 \
  -smp 4 \
  -m 3G \
  -object memory-backend-ram,size=1G,id=ram0 \
  -object memory-backend-ram,size=1G,id=ram1 \
  -object memory-backend-ram,size=1G,id=ram2 \
  -numa node,nodeid=0,memdev=ram0,cpus=0-1 \
  -numa node,nodeid=1,memdev=ram1,cpus=2-3 \
  -numa node,nodeid=2,memdev=ram2 \
  -numa 
hmat-lb,initiator=0,target=0,hierarchy=memory,data-type=access-latency,latency=10 
\
  -numa 
hmat-lb,initiator=0,target=0,hierarchy=memory,data-type=access-bandwidth,bandwidth=10485760 
\
  -numa 
hmat-lb,initiator=0,target=1,hierarchy=memory,data-type=access-latency,latency=20 
\
  -numa 
hmat-lb,initiator=0,target=1,hierarchy=memory,data-type=access-bandwidth,bandwidth=5242880 
\
  -numa 
hmat-lb,initiator=0,target=2,hierarchy=memory,data-type=access-latency,latency=30 
\
  -numa 
hmat-lb,initiator=0,target=2,hierarchy=memory,data-type=access-bandwidth,bandwidth=1048576 
\
  -numa 
hmat-lb,initiator=1,target=0,hierarchy=memory,data-type=access-latency,latency=20 
\
  -numa 
hmat-lb,initiator=1,target=0,hierarchy=memory,data-type=access-bandwidth,bandwidth=5242880 
\
  -numa 
hmat-lb,initiator=1,target=1,hierarchy=memory,data-type=access-latency,latency=10 
\
  -numa 
hmat-lb,initiator=1,target=1,hierarchy=memory,data-type=access-bandwidth,bandwidth=10485760 
\
  -numa 
hmat-lb,initiator=1,target=2,hierarchy=memory,data-type=access-latency,latency=30 
\
  -numa 
hmat-lb,initiator=1,target=2,hierarchy=memory,data-type=access-bandwidth,bandwidth=1048576
which reports NUMA node2 at same distance from both node0 and node1 
as seen in lstopo:

Machine (2966MB total) + Package P#0
   NUMANode P#2 (979MB)
   Group0
 NUMANode P#0 (980MB)
 Core P#0 + PU P#0
 Core P#1 + PU P#1
   Group0
 NUMANode P#1 (1007MB)
 Core P#2 + PU P#2
 Core P#3 + PU P#3

Before this patch, we had to add ",initiator=X" to "-numa 
node,nodeid=2,memdev=ram2".

The lstopo output difference between initiator=1 and no initiator is:
@@ -1,10 +1,10 @@
  Machine (2966MB total) + Package P#0
+  NUMANode P#2 (979MB)
    Group0
  NUMANode P#0 (980MB)
  Core P#0 + PU P#0
  Core P#1 + PU P#1
    Group0
  NUMANode P#1 (1007MB)
-    NUMANode P#2 (979MB)
  Core P#2 + PU P#2
  Core P#3 + PU P#3

Corresponding changes in the HMAT MPDA structure:
@@ -49,10 +49,10 @@
  [078h 0120   2]   Structure Type :  [Memory 
Proximity Domain Attributes]

  [07Ah 0122   2] Reserved : 
  [07Ch 0124   4]   Length : 0028
-[080h 0128   2]    Flags (decoded below) : 0001
-    Processor Proximity Domain Valid : 1
+[080h 0128   2]    Flags (decoded below) : 
+    Processor Proximity Domain Valid : 0
  [082h 0130   2]    Reserved1 : 
-[084h 0132   4] Attached Initiator Proximity Domain : 0001
+[084h 0132   4] Attached Initiator Proximity Domain : 0080
  [088h 0136   4]  Memory Proximity Domain : 0002
  [08Ch 0140   4]    Reserved2 : 
  [090h 0144   8]    Reserved3

Re: [QEMU PATCH v2 4/6] nvdimm: Implement ACPI NVDIMM Label Methods

[Robert Hoo]

Ping...
On Fri, 2022-07-01 at 17:23 +0800, Robert Hoo wrote:
> On Thu, 2022-06-16 at 14:32 +0200, Igor Mammedov wrote:
> > On Mon, 30 May 2022 11:40:45 +0800
> > Robert Hoo  wrote:
> > 
> > > Recent ACPI spec [1] has defined NVDIMM Label Methods _LS{I,R,W},
> > > which
> > > depricates corresponding _DSM Functions defined by PMEM _DSM
> > > Interface spec
> > > [2].
> > > 
> > > In this implementation, we do 2 things
> > > 1. Generalize the QEMU<->ACPI BIOS NVDIMM interface, wrap it with
> > > ACPI
> > > method dispatch, _DSM is one of the branches. This also paves the
> > > way for
> > > adding other ACPI methods for NVDIMM.
> > > 2. Add _LS{I,R,W} method in each NVDIMM device in SSDT.
> > > ASL form of SSDT changes can be found in next test/qtest/bios-
> > > table-test
> > > commit message.
> > > 
> > > [1] ACPI Spec v6.4, 6.5.10 NVDIMM Label Methods
> > > https://uefi.org/sites/default/files/resources/ACPI_Spec_6_4_Jan22.pdf
> > > [2] Intel PMEM _DSM Interface Spec v2.0, 3.10 Deprecated
> > > Functions
> > > https://pmem.io/documents/IntelOptanePMem_DSM_Interface-V2.0.pdf
> > > 
> > > Signed-off-by: Robert Hoo 
> > > Reviewed-by: Jingqi Liu 
> > > ---
> > >  hw/acpi/nvdimm.c| 424 +++---
> > > --
> > > 
> > 
> > This patch is too large and doing to many things to be reviewable.
> > It needs to be split into smaller distinct chunks.
> > (however hold your horses and read on)
> > 
> > The patch it is too intrusive and my hunch is that it breaks
> > ABI and needs a bunch of compat knobs to work properly and
> > that I'd like to avoid unless there is not other way around
> > the problem.
> 
> Is the ABI here you mentioned the "struct NvdimmMthdIn{}" stuff?
> and the compat knobs refers to related functions' input/output
> params?
> 
> My thoughts is that eventually, sooner or later, more ACPI methods
> will
> be implemented per request, although now we can play the trick of
> wrapper new methods over the pipe of old _DSM implementation.
> Though this changes a little on existing struct NvdimmDsmIn {}, it
> paves the way for the future; and actually the change is more an
> extension or generalization, not fundamentally changes the framework.
> 
> In short, my point is the change/generalization/extension will be
> inevitable, even if not present.
> > 
> > I was skeptical about this approach during v1 review and
> > now I'm pretty much sure it's over-engineered and we can
> > just repack data we receive from existing label _DSM functions
> > to provide _LS{I,R,W} like it was suggested in v1.
> > It will be much simpler and affect only AML side without
> > complicating ABI and without any compat cruft and will work
> > with ping-pong migration without any issues.
> 
> Ostensibly it may looks simpler, actually not, I think. The AML
> "common
> pipe" NCAL() is already complex, it packs all _DSMs and NFIT()
> function
> logics there, packing new stuff in/through it will be bug-prone.
> Though this time we can avert touching it, as the new ACPI methods
> deprecating old _DSM functionally is almost the same.
> How about next time? are we going to always packing new methods logic
> in NCAL()?
> My point is that we should implement new methods as itself, of
> course,
> as a general programming rule, we can/should abstract common
> routines,
> but not packing them in one large function.
> > 
> > 
> > >  include/hw/mem/nvdimm.h |   6 +
> > >  2 files changed, 338 insertions(+), 92 deletions(-)
> > > 
> > > diff --git a/hw/acpi/nvdimm.c b/hw/acpi/nvdimm.c
> > > index 59b42afcf1..50ee85866b 100644
> > > --- a/hw/acpi/nvdimm.c
> > > +++ b/hw/acpi/nvdimm.c
> > > @@ -416,17 +416,22 @@ static void nvdimm_build_nfit(NVDIMMState
> > > *state, GArray *table_offsets,
> > >  
> > >  #define NVDIMM_DSM_MEMORY_SIZE  4096
> > >  
> > > -struct NvdimmDsmIn {
> > > +struct NvdimmMthdIn {
> > >  uint32_t handle;
> > > +uint32_t method;
> > > +uint8_t  args[4088];
> > > +} QEMU_PACKED;
> > > +typedef struct NvdimmMthdIn NvdimmMthdIn;
> > > +struct NvdimmDsmIn {
> > >  uint32_t revision;
> > >  uint32_t function;
> > >  /* the remaining size in the page is used by arg3. */
> > >  union {
> > > -uint8_t arg3[4084];
> > > +uint8_t arg3[4080];
> > >  };
> > >  } QEMU_PACKED;
> > >  typedef struct NvdimmDsmIn NvdimmDsmIn;
> > > -QEMU_BUILD_BUG_ON(sizeof(NvdimmDsmIn) !=
> > > NVDIMM_DSM_MEMORY_SIZE);
> > > +QEMU_BUILD_BUG_ON(sizeof(NvdimmMthdIn) !=
> > > NVDIMM_DSM_MEMORY_SIZE);
> > >  
> > >  struct NvdimmDsmOut {
> > >  /* the size of buffer filled by QEMU. */
> > > @@ -470,7 +475,8 @@ struct NvdimmFuncGetLabelDataIn {
> > >  } QEMU_PACKED;
> > >  typedef struct NvdimmFuncGetLabelDataIn
> > > NvdimmFuncGetLabelDataIn;
> > >  QEMU_BUILD_BUG_ON(sizeof(NvdimmFuncGetLabelDataIn) +
> > > -  offsetof(NvdimmDsmIn, arg3) >
> > > NVDIMM_DSM_MEMORY_SIZE);
> > > +  offsetof(NvdimmDsmIn, arg3) +
> > > offsetof(NvdimmMthdIn, args

Re: [PATCH] acpi/nvdimm: Define trace events for NVDIMM and substitute nvdimm_debug()

[Robert Hoo]

On Mon, 2022-07-18 at 15:41 +0200, Igor Mammedov wrote:
> On Mon, 18 Jul 2022 15:12:03 +0800
> Robert Hoo  wrote:
> [...]
> > BTW, during the unit test, I met some bios-table test error, 
> > https://gitlab.com/qemu-project/qemu/-/issues/1098, perhaps related
> > to
> > your patches in June.
> > https://patchwork.kernel.org/project/qemu-devel/cover/20220608135340.3304695-1-imamm...@redhat.com/
> 
> current master works for me.
> can you try a clean build?

Right, a clean download and build works on my side as well.
I'm going to close the bug. Sorry for false alarm.
> 

Re: [PATCH v4 16/19] vdpa: Buffer CVQ support on shadow virtqueue

[Jason Wang]

在 2022/7/18 18:29, Eugenio Pérez 写道:

Introduce the control virtqueue support for vDPA shadow virtqueue. This
is needed for advanced networking features like rx filtering.

Virtio-net control VQ copies the descriptors to qemu's VA, so we avoid
TOCTOU with the guest's or device's memory every time there is a device
model change.  Otherwise, the guest could change the memory content in
the time between qemu and the device read it.

To demonstrate command handling, VIRTIO_NET_F_CTRL_MACADDR is
implemented.  If the virtio-net driver changes MAC the virtio-net device
model will be updated with the new one, and a rx filtering change event
will be raised.

More cvq commands could be added here straightforwardly but they have
not been tested.

Signed-off-by: Eugenio Pérez 
---
  net/vhost-vdpa.c | 211 +--
  1 file changed, 204 insertions(+), 7 deletions(-)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 2e3b6b10d8..3915b148c4 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -33,6 +33,9 @@ typedef struct VhostVDPAState {
  NetClientState nc;
  struct vhost_vdpa vhost_vdpa;
  VHostNetState *vhost_net;
+
+/* Control commands shadow buffers */
+void *cvq_cmd_out_buffer, *cvq_cmd_in_buffer;
  bool started;
  } VhostVDPAState;
  
@@ -131,6 +134,8 @@ static void vhost_vdpa_cleanup(NetClientState *nc)

  {
  VhostVDPAState *s = DO_UPCAST(VhostVDPAState, nc, nc);
  
+qemu_vfree(s->cvq_cmd_out_buffer);

+qemu_vfree(s->cvq_cmd_in_buffer);
  if (s->vhost_net) {
  vhost_net_cleanup(s->vhost_net);
  g_free(s->vhost_net);
@@ -190,24 +195,191 @@ static NetClientInfo net_vhost_vdpa_info = {
  .check_peer_type = vhost_vdpa_check_peer_type,
  };
  
+static void vhost_vdpa_cvq_unmap_buf(struct vhost_vdpa *v, void *addr)

+{
+VhostIOVATree *tree = v->iova_tree;
+DMAMap needle = {
+/*
+ * No need to specify size or to look for more translations since
+ * this contiguous chunk was allocated by us.
+ */
+.translated_addr = (hwaddr)(uintptr_t)addr,
+};
+const DMAMap *map = vhost_iova_tree_find_iova(tree, &needle);
+int r;
+
+if (unlikely(!map)) {
+error_report("Cannot locate expected map");
+return;
+}
+
+r = vhost_vdpa_dma_unmap(v, map->iova, map->size + 1);
+if (unlikely(r != 0)) {
+error_report("Device cannot unmap: %s(%d)", g_strerror(r), r);
+}
+
+vhost_iova_tree_remove(tree, map);
+}
+
+static size_t vhost_vdpa_net_cvq_cmd_len(void)
+{
+/*
+ * MAC_TABLE_SET is the ctrl command that produces the longer out buffer.
+ * In buffer is always 1 byte, so it should fit here
+ */
+return sizeof(struct virtio_net_ctrl_hdr) +
+   2 * sizeof(struct virtio_net_ctrl_mac) +
+   MAC_TABLE_ENTRIES * ETH_ALEN;
+}
+
+static size_t vhost_vdpa_net_cvq_cmd_page_len(void)
+{
+return ROUND_UP(vhost_vdpa_net_cvq_cmd_len(), qemu_real_host_page_size());
+}
+
+/** Copy and map a guest buffer. */
+static bool vhost_vdpa_cvq_map_buf(struct vhost_vdpa *v,
+   const struct iovec *out_data,
+   size_t out_num, size_t data_len, void *buf,
+   size_t *written, bool write)
+{
+DMAMap map = {};
+int r;
+
+if (unlikely(!data_len)) {
+qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid legnth of %s buffer\n",
+  __func__, write ? "in" : "out");
+return false;
+}
+
+*written = iov_to_buf(out_data, out_num, 0, buf, data_len);
+map.translated_addr = (hwaddr)(uintptr_t)buf;
+map.size = vhost_vdpa_net_cvq_cmd_page_len() - 1;
+map.perm = write ? IOMMU_RW : IOMMU_RO,
+r = vhost_iova_tree_map_alloc(v->iova_tree, &map);
+if (unlikely(r != IOVA_OK)) {
+error_report("Cannot map injected element");
+return false;
+}
+
+r = vhost_vdpa_dma_map(v, map.iova, vhost_vdpa_net_cvq_cmd_page_len(), buf,
+   !write);
+if (unlikely(r < 0)) {
+goto dma_map_err;
+}
+
+return true;
+
+dma_map_err:
+vhost_iova_tree_remove(v->iova_tree, &map);
+return false;
+}
+
  /**
- * Forward buffer for the moment.
+ * Copy the guest element into a dedicated buffer suitable to be sent to NIC
+ *
+ * @iov: [0] is the out buffer, [1] is the in one
+ */
+static bool vhost_vdpa_net_cvq_map_elem(VhostVDPAState *s,
+VirtQueueElement *elem,
+struct iovec *iov)
+{
+size_t in_copied;
+bool ok;
+
+iov[0].iov_base = s->cvq_cmd_out_buffer;
+ok = vhost_vdpa_cvq_map_buf(&s->vhost_vdpa, elem->out_sg, elem->out_num,
+vhost_vdpa_net_cvq_cmd_len(), iov[0].iov_base,
+&iov[0].iov_len, false);
+if (unlikely(!ok)) {
+return false;
+}
+
+iov[1].iov_base

Re: [PATCH v4 18/19] vdpa: Add device migration blocker

[Jason Wang]

在 2022/7/18 18:29, Eugenio Pérez 写道:

Since the vhost-vdpa device is exposing _F_LOG, adding a migration blocker if
it uses CVQ.

Signed-off-by: Eugenio Pérez 
---
  include/hw/virtio/vhost-vdpa.h |  1 +
  hw/virtio/vhost-vdpa.c | 14 ++
  2 files changed, 15 insertions(+)

diff --git a/include/hw/virtio/vhost-vdpa.h b/include/hw/virtio/vhost-vdpa.h
index d85643..d10a89303e 100644
--- a/include/hw/virtio/vhost-vdpa.h
+++ b/include/hw/virtio/vhost-vdpa.h
@@ -35,6 +35,7 @@ typedef struct vhost_vdpa {
  bool shadow_vqs_enabled;
  /* IOVA mapping used by the Shadow Virtqueue */
  VhostIOVATree *iova_tree;
+Error *migration_blocker;
  GPtrArray *shadow_vqs;
  const VhostShadowVirtqueueOps *shadow_vq_ops;
  void *shadow_vq_ops_opaque;
diff --git a/hw/virtio/vhost-vdpa.c b/hw/virtio/vhost-vdpa.c
index beaaa7049a..795ed5a049 100644
--- a/hw/virtio/vhost-vdpa.c
+++ b/hw/virtio/vhost-vdpa.c
@@ -20,6 +20,7 @@
  #include "hw/virtio/vhost-shadow-virtqueue.h"
  #include "hw/virtio/vhost-vdpa.h"
  #include "exec/address-spaces.h"
+#include "migration/blocker.h"
  #include "qemu/cutils.h"
  #include "qemu/main-loop.h"
  #include "cpu.h"
@@ -1022,6 +1023,13 @@ static bool vhost_vdpa_svqs_start(struct vhost_dev *dev)
  return true;
  }
  
+if (v->migration_blocker) {

+int r = migrate_add_blocker(v->migration_blocker, &err);
+if (unlikely(r < 0)) {
+goto err_migration_blocker;
+}
+}
+
  for (i = 0; i < v->shadow_vqs->len; ++i) {
  VirtQueue *vq = virtio_get_queue(dev->vdev, dev->vq_index + i);
  VhostShadowVirtqueue *svq = g_ptr_array_index(v->shadow_vqs, i);
@@ -1064,6 +1072,9 @@ err:
  vhost_svq_stop(svq);
  }
  
+err_migration_blocker:

+error_reportf_err(err, "Cannot setup SVQ %u: ", i);



So I got this:

FAILED: libqemu-x86_64-softmmu.fa.p/hw_virtio_vhost-vdpa.c.o
cc -m64 -mcx16 -Ilibqemu-x86_64-softmmu.fa.p -I. -I.. -Itarget/i386 
-I../target/i386 -Iqapi -Itrace -Iui -Iui/shader -I/usr/include/pixman-1 
-I/usr/include/capstone -I/usr/include/glib-2.0 
-I/usr/lib/x86_64-linux-gnu/glib-2.0/include -fdiagnostics-color=auto 
-Wall -Winvalid-pch -Werror -std=gnu11 -O2 -g -isystem 
/home/devel/git/qemu/linux-headers -isystem linux-headers -iquote . 
-iquote /home/devel/git/qemu -iquote /home/devel/git/qemu/include 
-iquote /home/devel/git/qemu/tcg/i386 -pthread -U_FORTIFY_SOURCE 
-D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 
-D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wundef 
-Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common 
-fwrapv -Wold-style-declaration -Wold-style-definition -Wtype-limits 
-Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers 
-Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined 
-Wimplicit-fallthrough=2 -Wno-missing-include-dirs 
-Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -fPIE 
-isystem../linux-headers -isystemlinux-headers -DNEED_CPU_H 
'-DCONFIG_TARGET="x86_64-softmmu-config-target.h"' 
'-DCONFIG_DEVICES="x86_64-softmmu-config-devices.h"' -MD -MQ 
libqemu-x86_64-softmmu.fa.p/hw_virtio_vhost-vdpa.c.o -MF 
libqemu-x86_64-softmmu.fa.p/hw_virtio_vhost-vdpa.c.o.d -o 
libqemu-x86_64-softmmu.fa.p/hw_virtio_vhost-vdpa.c.o -c 
../hw/virtio/vhost-vdpa.c

../hw/virtio/vhost-vdpa.c: In function ‘vhost_vdpa_dev_start’:
../hw/virtio/vhost-vdpa.c:1076:5: error: ‘i’ may be used uninitialized 
in this function [-Werror=maybe-uninitialized]

 1076 | error_reportf_err(err, "Cannot setup SVQ %u: ", i);
  | ^~
../hw/virtio/vhost-vdpa.c:1020:14: note: ‘i’ was declared here
 1020 | unsigned i;
  |  ^
cc1: all warnings being treated as errors

And this error is kind of duplicated with the one that is reported in 
label "err" above.


Thanks



+
  return false;
  }
  
@@ -1083,6 +1094,9 @@ static bool vhost_vdpa_svqs_stop(struct vhost_dev *dev)

  }
  }
  
+if (v->migration_blocker) {

+migrate_del_blocker(v->migration_blocker);
+}
  return true;
  }
  

Re: [RFC PATCH v5 1/4] target/riscv: Add smstateen support

[Weiwei Li]

在 2022/7/18 下午11:37, Mayuresh Chitale 写道:

On Fri, 2022-07-08 at 07:44 +0800, Weiwei Li wrote:

在 2022/7/8 上午12:53, Mayuresh Chitale 写道:

On Sat, 2022-07-02 at 18:19 +0800, angell1518 wrote:

At 2022-06-04 00:04:22, "Mayuresh Chitale" <
mchit...@ventanamicro.com

wrote:
Smstateen extension specifies a mechanism to close
the potential covert channels that could cause security issues.

This patch adds the CSRs defined in the specification and
the corresponding predicates and read/write functions.

Signed-off-by: Mayuresh Chitale 
---
target/riscv/cpu.c  |   2 +
target/riscv/cpu.h  |   4 +
target/riscv/cpu_bits.h |  36 +++
target/riscv/csr.c  | 210



target/riscv/machine.c  |  21 
5 files changed, 273 insertions(+)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index e6e878ceb3..2d65ccd90f 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -913,6 +913,7 @@ static Property riscv_cpu_properties[] = {
  DEFINE_PROP_BOOL("mmu", RISCVCPU, cfg.mmu, true),
  DEFINE_PROP_BOOL("pmp", RISCVCPU, cfg.pmp, true),
  DEFINE_PROP_BOOL("debug", RISCVCPU, cfg.debug, true),
+DEFINE_PROP_BOOL("smstateen", RISCVCPU, cfg.ext_smstateen,

false),

  DEFINE_PROP_STRING("priv_spec", RISCVCPU, cfg.priv_spec),
  DEFINE_PROP_STRING("vext_spec", RISCVCPU, cfg.vext_spec),
@@ -1104,6 +1105,7 @@ static void riscv_isa_string_ext(RISCVCPU

*cpu, char **isa_str, int max_str_len)

  ISA_EDATA_ENTRY(zve64f, ext_zve64f),
  ISA_EDATA_ENTRY(zhinx, ext_zhinx),
  ISA_EDATA_ENTRY(zhinxmin, ext_zhinxmin),
+ISA_EDATA_ENTRY(smstateen, ext_smstateen),
  ISA_EDATA_ENTRY(svinval, ext_svinval),
  ISA_EDATA_ENTRY(svnapot, ext_svnapot),
  ISA_EDATA_ENTRY(svpbmt, ext_svpbmt),
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index f08c3e8813..1c269b77bd 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -327,6 +327,9 @@ struct CPUArchState {

  /* CSRs for execution enviornment configuration */
  uint64_t menvcfg;
+uint64_t mstateen[SMSTATEEN_MAX_COUNT];
+uint64_t hstateen[SMSTATEEN_MAX_COUNT];
+uint64_t sstateen[SMSTATEEN_MAX_COUNT];
  target_ulong senvcfg;
  uint64_t henvcfg;
#endif
@@ -411,6 +414,7 @@ struct RISCVCPUConfig {
  bool ext_zhinxmin;
  bool ext_zve32f;
  bool ext_zve64f;
+bool ext_smstateen;

  uint32_t mvendorid;
  uint64_t marchid;
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index 4a55c6a709..2a3ef26d21 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -208,6 +208,12 @@
/* Supervisor Configuration CSRs */
#define CSR_SENVCFG 0x10A

+/* Supervisor state CSRs */
+#define CSR_SSTATEEN0   0x10C
+#define CSR_SSTATEEN1   0x10D
+#define CSR_SSTATEEN2   0x10E
+#define CSR_SSTATEEN3   0x10F
+
/* Supervisor Trap Handling */
#define CSR_SSCRATCH0x140
#define CSR_SEPC0x141
@@ -257,6 +263,16 @@
#define CSR_HENVCFG 0x60A
#define CSR_HENVCFGH0x61A

+/* Hypervisor state CSRs */
+#define CSR_HSTATEEN0   0x60C
+#define CSR_HSTATEEN0H  0x61C
+#define CSR_HSTATEEN1   0x60D
+#define CSR_HSTATEEN1H  0x61D
+#define CSR_HSTATEEN2   0x60E
+#define CSR_HSTATEEN2H  0x61E
+#define CSR_HSTATEEN3   0x60F
+#define CSR_HSTATEEN3H  0x61F
+
/* Virtual CSRs */
#define CSR_VSSTATUS0x200
#define CSR_VSIE0x204
@@ -304,6 +320,26 @@
#define CSR_MENVCFG 0x30A
#define CSR_MENVCFGH0x31A

+/* Machine state CSRs */
+#define CSR_MSTATEEN0   0x30C
+#define CSR_MSTATEEN0H  0x31C
+#define CSR_MSTATEEN1   0x30D
+#define CSR_MSTATEEN1H  0x31D
+#define CSR_MSTATEEN2   0x30E
+#define CSR_MSTATEEN2H  0x31E
+#define CSR_MSTATEEN3   0x30F
+#define CSR_MSTATEEN3H  0x31F
+
+/* Common defines for all smstateen */
+#define SMSTATEEN_MAX_COUNT 4
+#define SMSTATEEN0_CS   0
+#define SMSTATEEN0_FCSR 0
+#define SMSTATEEN0_IMSIC58
+#define SMSTATEEN0_AIA  59
+#define SMSTATEEN0_SVSLCT   60
+#define SMSTATEEN0_HSENVCFG 62
+#define SMSTATEEN_STATEN63
+
/* Enhanced Physical Memory Protection (ePMP) */
#define CSR_MSECCFG 0x747
#define CSR_MSECCFGH0x757
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 409a209f14..324fefce59 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -247,6 +247,42 @@ static RISCVException
hmode32(CPURISCVState

*env, int csrno)

}

+static RISCVException mstateen(CPURISCVState *env, int csrno)
+{
+CPUState *cs = env_cpu(env);
+RISCVCPU *cpu = RISCV_CPU(cs);
+
+if (!cpu->cfg.ext_smstateen) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
+
+return any(env, csrno);
+}
+
+static RISCVException hstateen(CPURISCVState *env, int csrno)
+{
+CPUState *cs = env_cpu(env);
+RISCVCPU *cpu = RISCV_CPU(cs);
+
+if (!cpu->cfg.ext_smstateen) {
+return RISCV_EXCP_ILLEGAL_INST;
+}
+
+return hmod

Re: [PATCH V3 0/6] Improve the U/S/H extension related check

[Alistair Francis]

On Mon, Jul 18, 2022 at 11:10 PM Weiwei Li  wrote:
>
> This patchset tries to improve the U/S/H related check:
> * add check for the supported privilege modes conbinations: only supporting M,
> S mode is not a suggested combination
> * add check for "H extension depends on I extension"
> * add check for "H extension implicitly requires S mode"
> * add check for csrs only existed when U mode is supported
> * fix and simplify the checks in hmode/hmode32
>
> Any suggestions are welcome.
>
> v3:
> * Fix the issues suggested by Andrew Jones in commit messages
>
> v2:
> * update patch 3 to make the newlines start at the same position as above line
> * update patch 5 to add check for "H extension implicitly requires S mode"
>
> Weiwei Li (6):
>   target/riscv: Add check for supported privilege mode combinations
>   target/riscv: H extension depends on I extension
>   target/riscv: Fix checkpatch warning may triggered in csr_ops table
>   target/riscv: Add check for csrs existed with U extension
>   target/riscv: Fix checks in hmode/hmode32
>   target/riscv: Simplify the check in hmode to resue the check in
> riscv_csrrw_check

Thanks!

Applied to riscv-to-apply.next

Alistair

>
>  target/riscv/cpu.c |  17 ++
>  target/riscv/csr.c | 490 -
>  2 files changed, 278 insertions(+), 229 deletions(-)
>
> --
> 2.17.1
>
>

Re: [PATCH] util: Fix broken build on Haiku

[John Snow]

On Mon, Jul 18, 2022 at 1:20 PM Thomas Huth  wrote:
>
> A recent commit moved some Haiku-specific code parts from oslib-posix.c
> to cutils.c, but failed to move the corresponding header #include
> statement, too, so "make vm-build-haiku.x86_64" is currently broken.
> Fix it by moving the header #include, too.
>
> Fixes: 06680b15b4 ("include: move qemu_*_exec_dir() to cutils")
> Signed-off-by: Thomas Huth 

Thanks for this one !!

--js

Re: [PATCH v4 00/12] Improve reliability of VM tests

[John Snow]

On Mon, Jul 18, 2022 at 4:17 AM Thomas Huth  wrote:
>
> On 08/07/2022 17.34, John Snow wrote:
> > Note: patches 10-12 are included for testing simplicity, they shouldn't
> > be merged. They will be included in a forthcoming block PR.
> >
> > V4:
> >
> > - Addressed concern by Marc-Andre in patch 01.
> > - Squashed Ubuntu patches (rth)
> >
> > This patch series attempts to improve the reliability of several of the
> > VM test targets. In particular, both CentOS 8 tests are non-functional
> > because CentOS 8 was EOL at the beginning of this calendar year, with
> > repositories and mirrors going offline.
> >
> > I also remove the ubuntu.i386 test because we no longer support Ubuntu
> > 18.04 nor do we have explicit need of an i386 build test.
> >
> > After this series, I am able to successfully run every VM target on an
> > x86_64 host, except:
> >
> > - ubuntu.aarch64: Hangs often during testing, see below.
> > - centos.aarch64: Hangs often during testing, see below.
> > - haiku.x86_64: Build failures not addressed by this series, see
> >https://lists.gnu.org/archive/html/qemu-devel/2022-06/msg02103.html
> >
> > The unit tests that I see fail most often under aarch64 are:
> >
> > - virtio-net-failover: Seems to like to hang on openbsd
> > - migration-test: Tends to hang under aarch64 tcg
> >
> > Future work (next version? next series?);
> >
> > - Try to get centos.aarch64 working reliably under TCG
> > - Upgrade ubuntu.aarch64 to 20.04 after fixing centos.aarch64
> > - Fix the Haiku build test, if possible.
> > - Ensure I can reliably run and pass "make vm-build-all".
> >(Remove VMs from this recipe if necessary.)
>
> Not sure whether it's related to your patches, but when testing these I just
> got an error while running 'vm-build-openbsd' :
>
>  VM-BUILD openbsd
> fatal: not a valid object name:
> failed to archive qemu
> Failed to prepare guest environment
> Traceback (most recent call last):
>File "/home/thuth/devel/qemu/tests/vm/basevm.py", line 641, in main
>  vm.add_source_dir(args.build_qemu)
>File "/home/thuth/devel/qemu/tests/vm/basevm.py", line 277, in 
> add_source_dir
>  stdout=self._stdout, stderr=self._stderr)
>File "/usr/lib64/python3.6/subprocess.py", line 311, in check_call
>  raise CalledProcessError(retcode, cmd)
> subprocess.CalledProcessError: Command '['./scripts/archive-source.sh',
> '/home/thuth/tmp/qemu-build/vm-test-rm_z92hq.tmp/data-44e42.tar']' returned
> non-zero exit status 1.
>
> The error did not occur again when running the command again, though.
>
>   Thomas
>

I haven't seen this one before, admittedly. Looks like
scripts/archive-source.sh L52 choked?

git archive --format tar "$(tree_ish)" > "$tar_file"

I'm not sure what "fatal: not a valid object name:" might be referring
to. Maybe tree_ish picked up something that tasted bad? I really don't
know.

[PATCH v5 2/2] ui/gtk: a new array param monitor to specify the target displays

[Dongwon Kim]

New integer array parameter, 'monitor' is for specifying the target
monitors where individual GTK windows are placed upon launching.

Monitor numbers in the array are associated with virtual consoles
in the order of [VC0, VC1, VC2 ... VCn].

Every GTK window containing each VC will be placed in the region
of corresponding monitors.

Usage: -display gtk,monitor.=,..
   ex)-display gtk,monitor.0=1,monitor.1=0

Cc: Daniel P. Berrangé 
Cc: Markus Armbruster 
Cc: Philippe Mathieu-Daudé 
Cc: Paolo Bonzini 
Cc: Gerd Hoffmann 
Cc: Vivek Kasireddy 
Signed-off-by: Dongwon Kim 
---
 qapi/ui.json|  9 -
 qemu-options.hx |  3 ++-
 ui/gtk.c| 30 --
 3 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/qapi/ui.json b/qapi/ui.json
index 413371d5e8..ccc3e56f80 100644
--- a/qapi/ui.json
+++ b/qapi/ui.json
@@ -1195,12 +1195,19 @@
 #   assuming the guest will resize the display to match
 #   the window size then.  Otherwise it defaults to "off".
 #   Since 3.1
+# @monitor: List of physical monitor numbers where the GTK windows
+#   containing the virtual consoles VC0, VC1, ... are to be
+#   placed. If a mapping exists for a VC, then it is to be
+#   placed on that specific physical monitor; otherwise,
+#   it defaults to the monitor from where it was launched.
+#   (Since 7.1)
 #
 # Since: 2.12
 ##
 { 'struct'  : 'DisplayGTK',
   'data': { '*grab-on-hover' : 'bool',
-'*zoom-to-fit'   : 'bool'  } }
+'*zoom-to-fit'   : 'bool',
+'*monitor'   : ['uint16']  } }
 
 ##
 # @DisplayEGLHeadless:
diff --git a/qemu-options.hx b/qemu-options.hx
index 377d22fbd8..aabdfb0636 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1938,7 +1938,8 @@ DEF("display", HAS_ARG, QEMU_OPTION_display,
 #endif
 #if defined(CONFIG_GTK)
 "-display gtk[,full-screen=on|off][,gl=on|off][,grab-on-hover=on|off]\n"
-"[,show-cursor=on|off][,window-close=on|off]\n"
+"[,monitor.=][,show-cursor=on|off]"
+"[,window-close=on|off]\n"
 #endif
 #if defined(CONFIG_VNC)
 "-display vnc=[,]\n"
diff --git a/ui/gtk.c b/ui/gtk.c
index e6878c3209..7dad10b761 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -2316,6 +2316,10 @@ static void gtk_display_init(DisplayState *ds, 
DisplayOptions *opts)
 GtkDisplayState *s = g_malloc0(sizeof(*s));
 GdkDisplay *window_display;
 GtkIconTheme *theme;
+GtkWidget *win;
+GdkRectangle dest;
+uint16List *mon;
+int n_mon;
 int i;
 char *dir;
 
@@ -2393,10 +2397,32 @@ static void gtk_display_init(DisplayState *ds, 
DisplayOptions *opts)
 gtk_menu_item_activate(GTK_MENU_ITEM(s->untabify_item));
 }
 }
-if (opts->has_full_screen &&
-opts->full_screen) {
+
+if (opts->u.gtk.has_monitor) {
+i = 0;
+n_mon = gdk_display_get_n_monitors(window_display);
+for (mon = opts->u.gtk.monitor; mon; mon = mon->next) {
+if (mon->value < n_mon && i < s->nb_vcs) {
+win = s->vc[i].window ? s->vc[i].window : s->window;
+if (opts->full_screen) {
+gtk_window_fullscreen_on_monitor(
+GTK_WINDOW(win),
+gdk_display_get_default_screen(window_display),
+mon->value);
+} else {
+gdk_monitor_get_geometry(
+gdk_display_get_monitor(window_display, mon->value),
+&dest);
+gtk_window_move(GTK_WINDOW(win),
+dest.x, dest.y);
+}
+i++;
+}
+}
+} else if (opts->full_screen) {
 gtk_menu_item_activate(GTK_MENU_ITEM(s->full_screen_item));
 }
+
 if (opts->u.gtk.has_grab_on_hover &&
 opts->u.gtk.grab_on_hover) {
 gtk_menu_item_activate(GTK_MENU_ITEM(s->grab_on_hover_item));
-- 
2.20.1

[PATCH v5 1/2] ui/gtk: detach VCs for additional guest displays

[Dongwon Kim]

Detaching any addtional guest displays in case multiple displays are
assigned to the guest OS (e.g. max_outputs=n) so that all of them are
visible upon lauching.

Cc: Daniel P. Berrangé 
Cc: Markus Armbruster 
Cc: Philippe Mathieu-Daudé 
Cc: Paolo Bonzini 
Cc: Gerd Hoffmann 
Cc: Vivek Kasireddy 
Signed-off-by: Dongwon Kim 
---
 ui/gtk.c | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/ui/gtk.c b/ui/gtk.c
index 2a791dd2aa..e6878c3209 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -1361,6 +1361,11 @@ static void gd_menu_untabify(GtkMenuItem *item, void 
*opaque)
 
 g_signal_connect(vc->window, "delete-event",
  G_CALLBACK(gd_tab_window_close), vc);
+
+gtk_window_set_default_size(GTK_WINDOW(vc->window),
+surface_width(vc->gfx.ds),
+surface_height(vc->gfx.ds));
+
 gtk_widget_show_all(vc->window);
 
 if (qemu_console_is_graphic(vc->gfx.dcl.con)) {
@@ -2311,6 +2316,7 @@ static void gtk_display_init(DisplayState *ds, 
DisplayOptions *opts)
 GtkDisplayState *s = g_malloc0(sizeof(*s));
 GdkDisplay *window_display;
 GtkIconTheme *theme;
+int i;
 char *dir;
 
 if (!gtkinit) {
@@ -2381,7 +2387,12 @@ static void gtk_display_init(DisplayState *ds, 
DisplayOptions *opts)
 gtk_widget_set_sensitive(s->copy_item,
  vc && vc->type == GD_VC_VTE);
 #endif
-
+for (i = 1; i < s->nb_vcs; i++) {
+if (vc->type == GD_VC_GFX &&
+qemu_console_is_graphic(s->vc[i].gfx.dcl.con)) {
+gtk_menu_item_activate(GTK_MENU_ITEM(s->untabify_item));
+}
+}
 if (opts->has_full_screen &&
 opts->full_screen) {
 gtk_menu_item_activate(GTK_MENU_ITEM(s->full_screen_item));
-- 
2.20.1

[PATCH v5 0/2] handling guest multiple displays

[Dongwon Kim]

This patch seires is for adding some useful features for the guest os with
multi-displays. First patch is to make all of guest displays visible
when guest os is launched using "detach". Second patch is for providing
a method to assign each guest display to specific physical monitor,
which would be useful if someone wants to directly full-screen individual
guest scanouts to host's physical displays.

Changes in v5:

* ui/gtk: a new array param monitor to specify the target

  - rephrased the description of the new param, 'monitor' for clarification 

Changes in v4:

* ui/gtk: a new array param monitor to specify the target

  - changed "virtual-console" to an official term, "virtual console"
  - made if condition to check only 'full_screen' since 'has_full_screen' won't
affect the result as 'full_screen' is always false if 'has_full_screen' is 
false.

Changes in v3:

* ui/gtk: a new array param monitor to specify the target

  - Revised commit message
  - Rewrote desription of the new parameter for clarification
  - 'for' loop that iterates through virtual consoles is actually executed only 
once
only if the condition is met so replaced it with 'if' statement

Changes in v2:

* ui/gtk: detach VCS for additional guest displays

  - must check if the type of VC is GD_VC_GFX before qemu_console_is_graphic
  - It is not needed to pre-calculate n_gfx_vcs to determine how many times 
"detach"
should be executed (n_gfx_vcs - 1) because the first virtual console (vc[0])
is always in graphic mode so we can simply detach all other graphic mode
virtual consoles.
  - making sure detached window's size same as original surface size

Dongwon Kim (2):
  ui/gtk: detach VCs for additional guest displays
  ui/gtk: a new array param monitor to specify the target displays

 qapi/ui.json|  9 -
 qemu-options.hx |  3 ++-
 ui/gtk.c| 41 +++--
 3 files changed, 49 insertions(+), 4 deletions(-)

-- 
2.20.1

Re: [PATCH V3 5/6] target/riscv: Fix checks in hmode/hmode32

[Alistair Francis]

On Mon, Jul 18, 2022 at 11:13 PM Weiwei Li  wrote:
>
> Add check for the implicit dependence between H and S
>
> Csrs only existed in RV32 will not trigger virtual instruction fault
> when not in RV32 based on section 8.6.1 of riscv-privileged spec
> (draft-20220717)
>
> Signed-off-by: Weiwei Li 
> Signed-off-by: Junqiang Wang 
> Reviewed-by: Andrew Jones 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/cpu.c | 5 +
>  target/riscv/csr.c | 9 ++---
>  2 files changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index b8ce0959cb..455787a940 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -738,6 +738,11 @@ static void riscv_cpu_realize(DeviceState *dev, Error 
> **errp)
>  return;
>  }
>
> +if (cpu->cfg.ext_h && !cpu->cfg.ext_s) {
> +error_setg(errp, "H extension implicitly requires S-mode");
> +return;
> +}
> +
>  if (cpu->cfg.ext_f && !cpu->cfg.ext_icsr) {
>  error_setg(errp, "F extension requires Zicsr");
>  return;
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index 5c69dc838c..cf15aa67b7 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -311,8 +311,7 @@ static int aia_smode32(CPURISCVState *env, int csrno)
>
>  static RISCVException hmode(CPURISCVState *env, int csrno)
>  {
> -if (riscv_has_ext(env, RVS) &&
> -riscv_has_ext(env, RVH)) {
> +if (riscv_has_ext(env, RVH)) {
>  /* Hypervisor extension is supported */
>  if ((env->priv == PRV_S && !riscv_cpu_virt_enabled(env)) ||
>  env->priv == PRV_M) {
> @@ -328,11 +327,7 @@ static RISCVException hmode(CPURISCVState *env, int 
> csrno)
>  static RISCVException hmode32(CPURISCVState *env, int csrno)
>  {
>  if (riscv_cpu_mxl(env) != MXL_RV32) {
> -if (!riscv_cpu_virt_enabled(env)) {
> -return RISCV_EXCP_ILLEGAL_INST;
> -} else {
> -return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
> -}
> +return RISCV_EXCP_ILLEGAL_INST;
>  }
>
>  return hmode(env, csrno);
> --
> 2.17.1
>
>

[PATCH 3/3] Hexagon (tests/tcg/hexagon) reference file for float_convd

[Taylor Simpson]

The test is in tests/tcg/multiarch/float_convd.c

Signed-off-by: Taylor Simpson 
---
 tests/tcg/hexagon/float_convd.ref | 988 ++
 1 file changed, 988 insertions(+)
 create mode 100644 tests/tcg/hexagon/float_convd.ref

diff --git a/tests/tcg/hexagon/float_convd.ref 
b/tests/tcg/hexagon/float_convd.ref
new file mode 100644
index 00..aba1e13e35
--- /dev/null
+++ b/tests/tcg/hexagon/float_convd.ref
@@ -0,0 +1,988 @@
+### Rounding to nearest
+from double: f64(nan:0x007ff4)
+  to single: f32(-nan:0x) (INVALID)
+   to int32: -1 (INVALID)
+   to int64: -1 (INVALID)
+  to uint32: -1 (INVALID)
+  to uint64: -1 (INVALID)
+from double: f64(-nan:0x00fff8)
+  to single: f32(-nan:0x) (OK)
+   to int32: -1 (INVALID)
+   to int64: -1 (INVALID)
+  to uint32: -1 (INVALID)
+  to uint64: -1 (INVALID)
+from double: f64(-inf:0x00fff0)
+  to single: f32(-inf:0xff80) (OK)
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from double: f64(-0x1.f000p+1023:0x00ffef)
+  to single: f32(-inf:0xff80) (OVERFLOW INEXACT )
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from double: f64(-0x1.fe00p+127:0x00c7efe000)
+  to single: f32(-0x1.fe00p+127:0xff7f) (OK)
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from double: f64(-0x1.fe00p+127:0x00c7efe000)
+  to single: f32(-0x1.fe00p+127:0xff7f) (OK)
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from double: f64(-0x1.1874b135ff654000p+103:0x00c661874b135ff654)
+  to single: f32(-0x1.1874b200p+103:0xf30c3a59) (INEXACT )
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from double: f64(-0x1.c0bab523323b9000p+99:0x00c62c0bab523323b9)
+  to single: f32(-0x1.c0bab600p+99:0xf1605d5b) (INEXACT )
+   to int32: -2147483648 (INVALID)
+   to int64: -9223372036854775808 (INVALID)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from double: f64(-0x1.p+1:0x00c000)
+  to single: f32(-0x1.p+1:0xc000) (OK)
+   to int32: -2 (OK)
+   to int64: -2 (OK)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from double: f64(-0x1.p+0:0x00bff0)
+  to single: f32(-0x1.p+0:0xbf80) (OK)
+   to int32: -1 (OK)
+   to int64: -1 (OK)
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from double: f64(-0x1.p-1022:0x008010)
+  to single: f32(-0x0.p+0:0x8000) (UNDERFLOW INEXACT )
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from double: f64(-0x1.p-126:0x00b810)
+  to single: f32(-0x1.p-126:0x8080) (OK)
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INVALID)
+  to uint64: 0 (INVALID)
+from double: f64(0x0.p+0:)
+  to single: f32(0x0.p+0:00) (OK)
+   to int32: 0 (OK)
+   to int64: 0 (OK)
+  to uint32: 0 (OK)
+  to uint64: 0 (OK)
+from double: f64(0x1.p-126:0x003810)
+  to single: f32(0x1.p-126:0x0080) (OK)
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INEXACT )
+  to uint64: 0 (INEXACT )
+from double: f64(0x1.0001c5f68000p-25:0x003e60001c5f68)
+  to single: f32(0x1.p-25:0x3300) (INEXACT )
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INEXACT )
+  to uint64: 0 (INEXACT )
+from double: f64(0x1.e6cb2fa82000p-25:0x003e6e6cb2fa82)
+  to single: f32(0x1.e600p-25:0x3373) (INEXACT )
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INEXACT )
+  to uint64: 0 (INEXACT )
+from double: f64(0x1.ff801a9af58a1000p-15:0x003f0ff801a9af58a1)
+  to single: f32(0x1.ff801a00p-15:0x387fc00d) (INEXACT )
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INEXACT )
+  to uint64: 0 (INEXACT )
+from double: f64(0x1.0c06a1ef5000p-14:0x003f10c06a1ef5)
+  to single: f32(0x1.0c00p-14:0x3886) (INEXACT )
+   to int32: 0 (INEXACT )
+   to int64: 0 (INEXACT )
+  to uint32: 0 (INEXACT )
+  to uint64: 0 (INEXACT )
+from double: f64(0x1.p+0:0x003ff0)
+  to single: f32(0x1.p+0:0x3f80) (OK)
+   to int32: 1 (OK)
+   to

[PATCH 0/3] Hexagon bug fixes and test improvements

[Taylor Simpson]

1) Fixes a bug in qemu-hexagon
2) Fixes a bug in a test case
3) Adds reference file for float_convd test case

Taylor Simpson (3):
  Hexagon (target/hexagon) make VyV operands use a unique temp
  Hexagon (tests/tcg/hexagon) Fix alignment in load_unpack.c
  Hexagon (tests/tcg/hexagon) reference file for float_convd

 tests/tcg/hexagon/hvx_misc.c  |  45 ++
 tests/tcg/hexagon/load_unpack.c   |  14 +-
 target/hexagon/gen_tcg_funcs.py   |   9 +-
 tests/tcg/hexagon/float_convd.ref | 988 ++
 4 files changed, 1044 insertions(+), 12 deletions(-)
 create mode 100644 tests/tcg/hexagon/float_convd.ref

-- 
2.17.1

[PATCH 1/3] Hexagon (target/hexagon) make VyV operands use a unique temp

[Taylor Simpson]

VyV operand is only used in the vshuff and vdeal instructions.  These
instructions write to both VyV and VxV operands.  In the case where
both operands are the same register, we need a separate location for
VyV.  We use the existing vtmp field in CPUHexagonState.

Test case added in tests/tcg/hexagon/hvx_misc.c

Signed-off-by: Taylor Simpson 
---
 tests/tcg/hexagon/hvx_misc.c| 45 +
 target/hexagon/gen_tcg_funcs.py |  9 +++
 2 files changed, 49 insertions(+), 5 deletions(-)

diff --git a/tests/tcg/hexagon/hvx_misc.c b/tests/tcg/hexagon/hvx_misc.c
index b896f5897e..6e2c9ab3cd 100644
--- a/tests/tcg/hexagon/hvx_misc.c
+++ b/tests/tcg/hexagon/hvx_misc.c
@@ -498,6 +498,49 @@ static void test_vsubuwsat_dv(void)
 check_output_w(__LINE__, 2);
 }
 
+static void test_vshuff(void)
+{
+/* Test that vshuff works when the two operands are the same register */
+const uint32_t splat = 0x089be55c;
+const uint32_t shuff = 0x454fa926;
+MMVector v0, v1;
+
+memset(expect, 0x12, sizeof(MMVector));
+memset(output, 0x34, sizeof(MMVector));
+
+asm volatile("v25 = vsplat(%0)\n\t"
+ "vshuff(v25, v25, %1)\n\t"
+ "vmem(%2 + #0) = v25\n\t"
+ : /* no outputs */
+ : "r"(splat), "r"(shuff), "r"(output)
+ : "v25", "memory");
+
+/*
+ * The semantics of Hexagon are the operands are pass-by-value, so create
+ * two copies of the vsplat result.
+ */
+for (int i = 0; i < MAX_VEC_SIZE_BYTES / 4; i++) {
+v0.uw[i] = splat;
+v1.uw[i] = splat;
+}
+/* Do the vshuff operation */
+for (int offset = 1; offset < MAX_VEC_SIZE_BYTES; offset <<= 1) {
+if (shuff & offset) {
+for (int k = 0; k < MAX_VEC_SIZE_BYTES; k++) {
+if (!(k & offset)) {
+uint8_t tmp = v0.ub[k];
+v0.ub[k] = v1.ub[k + offset];
+v1.ub[k + offset] = tmp;
+}
+}
+}
+}
+/* Put the result in the expect buffer for verification */
+expect[0] = v1;
+
+check_output_b(__LINE__, 1);
+}
+
 int main()
 {
 init_buffers();
@@ -533,6 +576,8 @@ int main()
 test_vadduwsat();
 test_vsubuwsat_dv();
 
+test_vshuff();
+
 puts(err ? "FAIL" : "PASS");
 return err ? 1 : 0;
 }
diff --git a/target/hexagon/gen_tcg_funcs.py b/target/hexagon/gen_tcg_funcs.py
index 1fd9de95d5..d72c689ad7 100755
--- a/target/hexagon/gen_tcg_funcs.py
+++ b/target/hexagon/gen_tcg_funcs.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 
 ##
-##  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+##  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
 ##
 ##  This program is free software; you can redistribute it and/or modify
 ##  it under the terms of the GNU General Public License as published by
@@ -164,7 +164,9 @@ def genptr_decl(f, tag, regtype, regid, regno):
 (regtype, regid, regno))
 f.write("const intptr_t %s%sV_off =\n" % \
 (regtype, regid))
-if (hex_common.is_tmp_result(tag)):
+if (regid == "y"):
+f.write("offsetof(CPUHexagonState, vtmp);\n")
+elif (hex_common.is_tmp_result(tag)):
 f.write("ctx_tmp_vreg_off(ctx, %s%sN, 1, true);\n" % \
 (regtype, regid))
 else:
@@ -379,9 +381,6 @@ def genptr_src_read(f, tag, regtype, regid):
 f.write("vreg_src_off(ctx, %s%sN),\n" % \
  (regtype, regid))
 f.write("sizeof(MMVector), sizeof(MMVector));\n")
-if (not hex_common.skip_qemu_helper(tag)):
-f.write("tcg_gen_addi_ptr(%s%sV, cpu_env, %s%sV_off);\n" % 
\
- (regtype, regid, regtype, regid))
 else:
 print("Bad register parse: ", regtype, regid)
 elif (regtype == "Q"):
-- 
2.17.1

[PATCH 2/3] Hexagon (tests/tcg/hexagon) Fix alignment in load_unpack.c

[Taylor Simpson]

The increment used in :brev tests was causing unaligned addresses
Change the increment and the relevant expected values

Signed-off-by: Taylor Simpson 
---
 tests/tcg/hexagon/load_unpack.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/tests/tcg/hexagon/load_unpack.c b/tests/tcg/hexagon/load_unpack.c
index 3575a37a28..4aa26fc388 100644
--- a/tests/tcg/hexagon/load_unpack.c
+++ b/tests/tcg/hexagon/load_unpack.c
@@ -245,7 +245,7 @@ TEST_pr(loadbsw4_pr, long long, S, 4, 0xff00ff00LL,
  */
 #define BxW_LOAD_pbr(SZ, RES, PTR) \
 __asm__( \
-"r4 = #(1 << (16 - 3))\n\t" \
+"r4 = #(1 << (16 - 4))\n\t" \
 "m0 = r4\n\t" \
 "%0 = mem" #SZ "(%1++m0:brev)\n\t" \
 : "=r"(RES), "+r"(PTR) \
@@ -273,15 +273,15 @@ void test_##NAME(void) \
 }
 
 TEST_pbr(loadbzw2_pbr, int, Z, 0x,
-0x00020081, 0x00060085, 0x00040083, 0x00080087)
+0x00020081, 0x000a0089, 0x00060085, 0x000e008d)
 TEST_pbr(loadbsw2_pbr, int, S, 0xff00,
-0x00020081, 0x00060085, 0x00040083, 0x00080087)
+0x00020081, 0x000aff89, 0x0006ff85, 0x000eff8d)
 TEST_pbr(loadbzw4_pbr, long long, Z, 0xLL,
-0x0004008300020081LL, 0x0008008700060085LL,
-0x0006008500040083LL, 0x000a008900080087LL)
+0x0004008300020081LL, 0x000c008b000a0089LL,
+0x0008008700060085LL, 0x0010008f000e008dLL)
 TEST_pbr(loadbsw4_pbr, long long, S, 0xff00ff00LL,
-0x0004008300020081LL, 0x0008008700060085LL,
-0x0006008500040083LL, 0x000a008900080087LL)
+0x0004008300020081LL, 0x000cff8b000aff89LL,
+0x0008ff870006ff85LL, 0x0010ff8f000eff8dLL)
 
 /*
  
-- 
2.17.1

[PULL 1/2] Hexagon (target/hexagon) fix store w/mem_noshuf & predicated load

[Taylor Simpson]

Call the CHECK_NOSHUF macro multiple times: once in the
fGEN_TCG_PRED_LOAD() and again in fLOAD().

Before this commit, a packet with a store and a predicated
load with mem_noshuf that gets encoded like this:

{ P0 = cmp.eq(R17,#0x0)
  memw(R18+#0x0) = R2
  if (!P0.new) R3 = memw(R17+#0x4) }

... would end up generating a branch over both the load
and the store like so:

...
brcond_i32 loc17,$0x0,eq,$L1
mov_i32 loc18,store_addr_1
qemu_st_i32 store_val32_1,store_addr_1,leul,0
qemu_ld_i32 loc16,loc7,leul,0
set_label $L1
...

Test cases added to tests/tcg/hexagon/mem_noshuf.c

Co-authored-by: Taylor Simpson 
Signed-off-by: Brian Cain 
Signed-off-by: Taylor Simpson 
Reviewed-by: Richard Henderson 
Message-Id: <20220707210546.15985-2-tsimp...@quicinc.com>
---
 target/hexagon/gen_tcg.h   |   2 +
 tests/tcg/hexagon/mem_noshuf.c | 122 +++--
 2 files changed, 119 insertions(+), 5 deletions(-)

diff --git a/target/hexagon/gen_tcg.h b/target/hexagon/gen_tcg.h
index c6f0879b6e..b0b6b3644e 100644
--- a/target/hexagon/gen_tcg.h
+++ b/target/hexagon/gen_tcg.h
@@ -343,6 +343,7 @@
 PRED;  \
 PRED_LOAD_CANCEL(LSB, EA); \
 tcg_gen_movi_tl(RdV, 0); \
+CHECK_NOSHUF; \
 tcg_gen_brcondi_tl(TCG_COND_EQ, LSB, 0, label); \
 fLOAD(1, SIZE, SIGN, EA, RdV); \
 gen_set_label(label); \
@@ -402,6 +403,7 @@
 PRED;  \
 PRED_LOAD_CANCEL(LSB, EA); \
 tcg_gen_movi_i64(RddV, 0); \
+CHECK_NOSHUF; \
 tcg_gen_brcondi_tl(TCG_COND_EQ, LSB, 0, label); \
 fLOAD(1, 8, u, EA, RddV); \
 gen_set_label(label); \
diff --git a/tests/tcg/hexagon/mem_noshuf.c b/tests/tcg/hexagon/mem_noshuf.c
index dd714d5e98..0f4064e700 100644
--- a/tests/tcg/hexagon/mem_noshuf.c
+++ b/tests/tcg/hexagon/mem_noshuf.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(c) 2019-2021 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
+ *  Copyright(c) 2019-2022 Qualcomm Innovation Center, Inc. All Rights 
Reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -84,6 +84,70 @@ MEM_NOSHUF32(mem_noshuf_sd_luh, long long,unsigned 
short,   memd, memuh)
 MEM_NOSHUF32(mem_noshuf_sd_lw,  long long,signed int,   memd, memw)
 MEM_NOSHUF64(mem_noshuf_sd_ld,  long long,signed long long, memd, memd)
 
+static inline int pred_lw_sw(int pred, int *p, int *q, int x, int y)
+{
+int ret;
+asm volatile("p0 = cmp.eq(%5, #0)\n\t"
+ "%0 = %3\n\t"
+ "{\n\t"
+ "memw(%1) = %4\n\t"
+ "if (!p0) %0 = memw(%2)\n\t"
+ "}:mem_noshuf\n"
+ : "=&r"(ret)
+ : "r"(p), "r"(q), "r"(x), "r"(y), "r"(pred)
+ : "p0", "memory");
+return ret;
+}
+
+static inline int pred_lw_sw_pi(int pred, int *p, int *q, int x, int y)
+{
+int ret;
+asm volatile("p0 = cmp.eq(%5, #0)\n\t"
+ "%0 = %3\n\t"
+ "r7 = %2\n\t"
+ "{\n\t"
+ "memw(%1) = %4\n\t"
+ "if (!p0) %0 = memw(r7++#4)\n\t"
+ "}:mem_noshuf\n"
+ : "=&r"(ret)
+ : "r"(p), "r"(q), "r"(x), "r"(y), "r"(pred)
+ : "r7", "p0", "memory");
+return ret;
+}
+
+static inline long long pred_ld_sd(int pred, long long *p, long long *q,
+   long long x, long long y)
+{
+unsigned long long ret;
+asm volatile("p0 = cmp.eq(%5, #0)\n\t"
+ "%0 = %3\n\t"
+ "{\n\t"
+ "memd(%1) = %4\n\t"
+ "if (!p0) %0 = memd(%2)\n\t"
+ "}:mem_noshuf\n"
+ : "=&r"(ret)
+ : "r"(p), "r"(q), "r"(x), "r"(y), "r"(pred)
+ : "p0", "memory");
+return ret;
+}
+
+static inline long long pred_ld_sd_pi(int pred, long long *p, long long *q,
+  long long x, long long y)
+{
+long long ret;
+asm volatile("p0 = cmp.eq(%5, #0)\n\t"
+ "%0 = %3\n\t"
+ "r7 = %2\n\t"
+ "{\n\t"
+ "memd(%1) = %4\n\t"
+ "if (!p0) %0 = memd(r7++#8)\n\t"
+ "}:mem_noshuf\n"
+ : "=&r"(ret)
+ : "r"(p), "r"(q), "r"(x), "r"(y), "r"(pred)
+ : "p0", "memory");
+return ret;
+}
+
 static inline unsigned int cancel_sw_lb(int pred, int *p, signed char *q, int 
x)
 {
 unsigned int ret;
@@ -126,18 +190,22 @@ typedef union {
 
 int err;
 
-static void check32(int n, int expect)
+#define check32(n, expect) check32_(n, expect, __LINE__)
+
+static void check32_(int n, int expect, int line)
 {
 if (n != expect) {
-printf("ERROR: 0x%08x != 0x%08x\n", n, expect);
+printf("ERROR: 0x%08

[PULL 2/2] Hexagon (target/hexagon) fix bug in mem_noshuf load exception

[Taylor Simpson]

The semantics of a mem_noshuf packet are that the store effectively
happens before the load.  However, in cases where the load raises an
exception, we cannot simply execute the store first.

This change adds a probe to check that the load will not raise an
exception before executing the store.

If the load is predicated, this requires special handling.  We check
the condition before performing the probe.  Since, we need the EA to
perform the check, we move the GET_EA portion inside CHECK_NOSHUF_PRED.

Test case added in tests/tcg/hexagon/mem_noshuf_exception.c

Suggested-by: Alessandro Di Federico 
Suggested-by: Anton Johansson 
Signed-off-by: Taylor Simpson 
Reviewed-by: Richard Henderson 
Message-Id: <20220707210546.15985-3-tsimp...@quicinc.com>
---
 target/hexagon/gen_tcg.h |  12 +-
 target/hexagon/helper.h  |   1 +
 target/hexagon/macros.h  |  37 --
 target/hexagon/genptr.c  |   7 ++
 target/hexagon/op_helper.c   |  23 +++-
 tests/tcg/hexagon/mem_noshuf_exception.c | 146 +++
 tests/tcg/hexagon/Makefile.target|   1 +
 7 files changed, 206 insertions(+), 21 deletions(-)
 create mode 100644 tests/tcg/hexagon/mem_noshuf_exception.c

diff --git a/target/hexagon/gen_tcg.h b/target/hexagon/gen_tcg.h
index b0b6b3644e..50634ac459 100644
--- a/target/hexagon/gen_tcg.h
+++ b/target/hexagon/gen_tcg.h
@@ -339,13 +339,13 @@
 do { \
 TCGv LSB = tcg_temp_local_new(); \
 TCGLabel *label = gen_new_label(); \
-GET_EA; \
+tcg_gen_movi_tl(EA, 0); \
 PRED;  \
+CHECK_NOSHUF_PRED(GET_EA, SIZE, LSB); \
 PRED_LOAD_CANCEL(LSB, EA); \
 tcg_gen_movi_tl(RdV, 0); \
-CHECK_NOSHUF; \
 tcg_gen_brcondi_tl(TCG_COND_EQ, LSB, 0, label); \
-fLOAD(1, SIZE, SIGN, EA, RdV); \
+fLOAD(1, SIZE, SIGN, EA, RdV); \
 gen_set_label(label); \
 tcg_temp_free(LSB); \
 } while (0)
@@ -399,13 +399,13 @@
 do { \
 TCGv LSB = tcg_temp_local_new(); \
 TCGLabel *label = gen_new_label(); \
-GET_EA; \
+tcg_gen_movi_tl(EA, 0); \
 PRED;  \
+CHECK_NOSHUF_PRED(GET_EA, 8, LSB); \
 PRED_LOAD_CANCEL(LSB, EA); \
 tcg_gen_movi_i64(RddV, 0); \
-CHECK_NOSHUF; \
 tcg_gen_brcondi_tl(TCG_COND_EQ, LSB, 0, label); \
-fLOAD(1, 8, u, EA, RddV); \
+fLOAD(1, 8, u, EA, RddV); \
 gen_set_label(label); \
 tcg_temp_free(LSB); \
 } while (0)
diff --git a/target/hexagon/helper.h b/target/hexagon/helper.h
index c89aa4ed4d..368f0b5708 100644
--- a/target/hexagon/helper.h
+++ b/target/hexagon/helper.h
@@ -104,6 +104,7 @@ DEF_HELPER_1(vwhist128q, void, env)
 DEF_HELPER_2(vwhist128m, void, env, s32)
 DEF_HELPER_2(vwhist128qm, void, env, s32)
 
+DEF_HELPER_4(probe_noshuf_load, void, env, i32, int, int)
 DEF_HELPER_2(probe_pkt_scalar_store_s0, void, env, int)
 DEF_HELPER_2(probe_hvx_stores, void, env, int)
 DEF_HELPER_3(probe_pkt_scalar_hvx_stores, void, env, int, int)
diff --git a/target/hexagon/macros.h b/target/hexagon/macros.h
index a78e84faa4..92eb8bbf05 100644
--- a/target/hexagon/macros.h
+++ b/target/hexagon/macros.h
@@ -87,11 +87,28 @@
  *
  *
  * For qemu, we look for a load in slot 0 when there is  a store in slot 1
- * in the same packet.  When we see this, we call a helper that merges the
- * bytes from the store buffer with the value loaded from memory.
+ * in the same packet.  When we see this, we call a helper that probes the
+ * load to make sure it doesn't fault.  Then, we process the store ahead of
+ * the actual load.
+
  */
-#define CHECK_NOSHUF \
+#define CHECK_NOSHUF(VA, SIZE) \
 do { \
+if (insn->slot == 0 && pkt->pkt_has_store_s1) { \
+probe_noshuf_load(VA, SIZE, ctx->mem_idx); \
+process_store(ctx, pkt, 1); \
+} \
+} while (0)
+
+#define CHECK_NOSHUF_PRED(GET_EA, SIZE, PRED) \
+do { \
+TCGLabel *label = gen_new_label(); \
+tcg_gen_brcondi_tl(TCG_COND_EQ, PRED, 0, label); \
+GET_EA; \
+if (insn->slot == 0 && pkt->pkt_has_store_s1) { \
+probe_noshuf_load(EA, SIZE, ctx->mem_idx); \
+} \
+gen_set_label(label); \
 if (insn->slot == 0 && pkt->pkt_has_store_s1) { \
 process_store(ctx, pkt, 1); \
 } \
@@ -99,37 +116,37 @@
 
 #define MEM_LOAD1s(DST, VA) \
 do { \
-CHECK_NOSHUF; \
+CHECK_NOSHUF(VA, 1); \
 tcg_gen_qemu_ld8s(DST, VA, ctx->mem_idx); \
 } while (0)
 #define MEM_LOAD1u(DST, VA) \
 do { \
-CHECK_NOSHUF; \
+CHECK_NOSHUF(VA, 1); \
 tcg_gen_qemu_ld8u(DST, VA, ctx->mem_idx); \
 } while (0)
 #define MEM_LOAD2s(DST, VA) \
 do { \
-CHECK_NOSHUF; \
+CHECK_NOSHUF(VA, 2); \
 tcg_gen_qemu_ld16s(DST, VA, ctx->mem_idx); \
 } while (0)
 #define MEM_LOAD2u(DST, VA) \
 do { \
-CHECK_NOSHUF; \

[PULL 0/2] Hexagon (target/hexagon) bug fixes for mem_noshuf

[Taylor Simpson]

The following changes since commit 24f01d220f56eab3268538ef10655b4fb2453fdf:

  Merge https://github.com/qemu/qemu into tip (2022-07-18 11:16:39 -0700)

are available in the Git repository at:

  https://github.com/quic/qemu tags/pull-hex-20220718

for you to fetch changes up to eb9072602617cb49c489aaf058f72695c2eaedc2:

  Hexagon (target/hexagon) fix bug in mem_noshuf load exception (2022-07-18 
11:20:09 -0700)


Recall that the semantics of a Hexagon mem_noshuf packet are that the
store effectively happens before the load.  There are two bug fixes
in this series.


Taylor Simpson (2):
  Hexagon (target/hexagon) fix store w/mem_noshuf & predicated load
  Hexagon (target/hexagon) fix bug in mem_noshuf load exception

 target/hexagon/gen_tcg.h |  10 ++-
 target/hexagon/helper.h  |   1 +
 target/hexagon/macros.h  |  37 +---
 target/hexagon/genptr.c  |   7 ++
 target/hexagon/op_helper.c   |  23 +++--
 tests/tcg/hexagon/mem_noshuf.c   | 122 --
 tests/tcg/hexagon/mem_noshuf_exception.c | 146 +++
 tests/tcg/hexagon/Makefile.target|   1 +
 8 files changed, 323 insertions(+), 24 deletions(-)
 create mode 100644 tests/tcg/hexagon/mem_noshuf_exception.c

Re: [PATCH] hw/riscv: virt: pass random seed to fdt

[Alistair Francis]

On Thu, Jul 14, 2022 at 3:29 AM Jason A. Donenfeld  wrote:
>
> Hi again,
>
> On Mon, Jul 11, 2022 at 06:45:42PM +0200, Jason A. Donenfeld wrote:
> > I've reproduced the problem and determined the root cause. This is a
> > generic issue with the mmio get_cycles() implementation before 5.9 on
> > no-MMU configs, which was fixed during the 5.9 cycle. I don't believe
> > that this is the only thing affected on that .0 kernel, where fixes were
> > ostensibly backported. Given the relative age of risc-v, the fact that
> > 5.8.0 was broken anyway, and that likely nobody is using this kernel in
> > that configuration without applying updates, I'm pretty sure my patch is
> > safe to apply. I'd recommend updating the broken kernel in your CI.
> >
> > Meanwhile, the rng-seed field is part of the DT spec. Holding back the
> > (virtual) hardware just because some random dot-zero non-LTS release had
> > a quickly fixed bug seems ridiculous, and the way in which progress gets
> > held up, hacks accumulate, and generally nothing good gets done. It will
> > only hamper security, functionality, and boot speed, while helping no
> > real practical case that can't be fixed in a better way.
> >
> > So I believe you should apply the rng-seed commit so that the RISC-V
> > machine honors that DT field.
> >
> > Regards,
> > Jason
> >
>
> Just following up on this... Hoping we can get this into a tree soon.

Yep! Sorry, I have been off sick for the last week.

I just updated my test images to a newer kernel, which means this
passes my tests

Thanks!

Applied to riscv-to-apply.next

Alistair

>
> Thanks,
> Jason

Re: [PATCH] i386: Disable BTS and PEBS

[Sean Christopherson]

On Mon, Jul 18, 2022, Paolo Bonzini wrote:
> This needs to be fixed in the kernel because old QEMU/new KVM is supported.

I can't object to adding a quirk for this since KVM is breaking userspace, but 
on
the KVM side we really need to stop "sanitizing" userspace inputs unless it puts
the host at risk, because inevitably it leads to needing a quirk.

> But apart from that, where does Linux check MSR_IA32_MISC_ENABLE_BTS_UNAVAIL
> and MSR_IA32_MISC_ENABLE_PEBS_UNAVAIL?

The kernel uses synthetic feature flags that are set by:

  static void init_intel(struct cpuinfo_x86 *c)

if (boot_cpu_has(X86_FEATURE_DS)) {
unsigned int l1, l2;

rdmsr(MSR_IA32_MISC_ENABLE, l1, l2);
if (!(l1 & (1<<11)))
set_cpu_cap(c, X86_FEATURE_BTS);
if (!(l1 & (1<<12)))
set_cpu_cap(c, X86_FEATURE_PEBS);
}

and consumed by:

  void __init intel_ds_init(void)

/*
 * No support for 32bit formats
 */
if (!boot_cpu_has(X86_FEATURE_DTES64))
return;

x86_pmu.bts  = boot_cpu_has(X86_FEATURE_BTS);
x86_pmu.pebs = boot_cpu_has(X86_FEATURE_PEBS);
x86_pmu.pebs_buffer_size = PEBS_BUFFER_SIZE;

Re: [PATCH] linux-user: Unconditionally use pipe2() syscall

[Laurent Vivier]

Le 18/07/2022 à 18:34, Helge Deller a écrit :

The pipe2() syscall is available on all Linux platforms since kernel
2.6.27, so use it unconditionally to emulate pipe() and pipe2().

Signed-off-by: Helge Deller 

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index dbebfa4a8b..b27a6552aa 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1586,21 +1586,12 @@ static abi_long do_ppoll(abi_long arg1, abi_long arg2, 
abi_long arg3,
  }
  #endif

-static abi_long do_pipe2(int host_pipe[], int flags)
-{
-#ifdef CONFIG_PIPE2
-return pipe2(host_pipe, flags);
-#else
-return -ENOSYS;
-#endif
-}
-
  static abi_long do_pipe(CPUArchState *cpu_env, abi_ulong pipedes,
  int flags, int is_pipe2)
  {
  int host_pipe[2];
  abi_long ret;
-ret = is_pipe2 ? do_pipe2(host_pipe, flags) : pipe(host_pipe);


It doesn't apply cleanly:

It seems this patch is applied on top of the one you want to replace (is_pipe2 
rather than flags).

Thanks,
Laurent

[PULL 38/40] pckbd: don't use legacy ps2_mouse_init() function

[Mark Cave-Ayland]

Instantiate the PS2 mouse device within KBDState using
object_initialize_child() in i8042_initfn() and i8042_mmio_init() and realize
it in i8042_realizefn() and i8042_mmio_realize() accordingly.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-39-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pckbd.c | 27 +++
 include/hw/input/i8042.h |  2 +-
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
index cb452f2612..0fc1af403e 100644
--- a/hw/input/pckbd.c
+++ b/hw/input/pckbd.c
@@ -286,7 +286,7 @@ static void kbd_queue(KBDState *s, int b, int aux)
 s->pending |= aux ? KBD_PENDING_CTRL_AUX : KBD_PENDING_CTRL_KBD;
 kbd_safe_update_irq(s);
 } else {
-ps2_queue(aux ? s->mouse : PS2_DEVICE(&s->ps2kbd), b);
+ps2_queue(aux ? PS2_DEVICE(&s->ps2mouse) : PS2_DEVICE(&s->ps2kbd), b);
 }
 }
 
@@ -410,7 +410,7 @@ static uint64_t kbd_read_data(void *opaque, hwaddr addr,
 }
 s->obdata = ps2_read_data(PS2_DEVICE(&s->ps2kbd));
 } else if (s->obsrc & KBD_OBSRC_MOUSE) {
-s->obdata = ps2_read_data(s->mouse);
+s->obdata = ps2_read_data(PS2_DEVICE(&s->ps2mouse));
 } else if (s->obsrc & KBD_OBSRC_CTRL) {
 s->obdata = kbd_dequeue(s);
 }
@@ -459,7 +459,7 @@ static void kbd_write_data(void *opaque, hwaddr addr,
 outport_write(s, val);
 break;
 case KBD_CCMD_WRITE_MOUSE:
-ps2_write_mouse(s->mouse, val);
+ps2_write_mouse(&s->ps2mouse, val);
 /* sending data to the mouse reenables PS/2 communication */
 s->mode &= ~KBD_MODE_DISABLE_MOUSE;
 kbd_safe_update_irq(s);
@@ -704,12 +704,15 @@ static void i8042_mmio_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
+if (!sysbus_realize(SYS_BUS_DEVICE(&ks->ps2mouse), errp)) {
+return;
+}
+
 qdev_connect_gpio_out(DEVICE(&ks->ps2kbd), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-kbd-input-irq",
  0));
 
-ks->mouse = ps2_mouse_init();
-qdev_connect_gpio_out(DEVICE(ks->mouse), PS2_DEVICE_IRQ,
+qdev_connect_gpio_out(DEVICE(&ks->ps2mouse), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-mouse-input-irq",
  0));
 }
@@ -722,6 +725,8 @@ static void i8042_mmio_init(Object *obj)
 ks->extended_state = true;
 
 object_initialize_child(obj, "ps2kbd", &ks->ps2kbd, TYPE_PS2_KBD_DEVICE);
+object_initialize_child(obj, "ps2mouse", &ks->ps2mouse,
+TYPE_PS2_MOUSE_DEVICE);
 
 qdev_init_gpio_out(DEVICE(obj), ks->irqs, 2);
 qdev_init_gpio_in_named(DEVICE(obj), i8042_mmio_set_kbd_irq,
@@ -785,7 +790,7 @@ void i8042_isa_mouse_fake_event(ISAKBDState *isa)
 {
 KBDState *s = &isa->kbd;
 
-ps2_mouse_fake_event(s->mouse);
+ps2_mouse_fake_event(&s->ps2mouse);
 }
 
 void i8042_setup_a20_line(ISADevice *dev, qemu_irq a20_out)
@@ -859,6 +864,8 @@ static void i8042_initfn(Object *obj)
   "i8042-cmd", 1);
 
 object_initialize_child(obj, "ps2kbd", &s->ps2kbd, TYPE_PS2_KBD_DEVICE);
+object_initialize_child(obj, "ps2mouse", &s->ps2mouse,
+TYPE_PS2_MOUSE_DEVICE);
 
 qdev_init_gpio_out_named(DEVICE(obj), &s->a20_out, I8042_A20_LINE, 1);
 
@@ -901,10 +908,14 @@ static void i8042_realizefn(DeviceState *dev, Error 
**errp)
   qdev_get_gpio_in_named(dev, "ps2-kbd-input-irq",
  0));
 
-s->mouse = ps2_mouse_init();
-qdev_connect_gpio_out(DEVICE(s->mouse), PS2_DEVICE_IRQ,
+if (!sysbus_realize(SYS_BUS_DEVICE(&s->ps2mouse), errp)) {
+return;
+}
+
+qdev_connect_gpio_out(DEVICE(&s->ps2mouse), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-mouse-input-irq",
  0));
+
 if (isa_s->kbd_throttle && !isa_s->kbd.extended_state) {
 warn_report(TYPE_I8042 ": can't enable kbd-throttle without"
 " extended-state, disabling kbd-throttle");
diff --git a/include/hw/input/i8042.h b/include/hw/input/i8042.h
index 8beb0ac01f..e199f1ece8 100644
--- a/include/hw/input/i8042.h
+++ b/include/hw/input/i8042.h
@@ -32,7 +32,7 @@ typedef struct KBDState {
 uint8_t cbdata;
 uint8_t pending_tmp;
 PS2KbdState ps2kbd;
-void *mouse;
+PS2MouseState ps2mouse;
 QEMUTimer *throttle_timer;
 
 qemu_irq irqs[2];
-- 
2.30.2

Re: [PATCH] tests: migration-test: Allow test to run without uffd

[Peter Xu]

Hi, Thomas,

On Mon, Jul 18, 2022 at 08:23:26PM +0200, Thomas Huth wrote:
> On 07/07/2022 20.46, Peter Xu wrote:
> > We used to stop running all tests if uffd is not detected.  However
> > logically that's only needed for postcopy not the rest of tests.
> > 
> > Keep running the rest when still possible.
> > 
> > Signed-off-by: Peter Xu 
> > ---
> >   tests/qtest/migration-test.c | 11 +--
> >   1 file changed, 5 insertions(+), 6 deletions(-)
> 
> Did you test your patch in the gitlab-CI? I just added it to my testing-next
> branch and the the test is failing reproducibly on macOS here:
> 
>  https://gitlab.com/thuth/qemu/-/jobs/2736260861#L6275
>  https://gitlab.com/thuth/qemu/-/jobs/2736623914#L6275
> 
> (without your patch the whole test is skipped instead)

Thanks for reporting this.

Is it easy to figure out which test was failing on your side?  I cannot
easily reproduce this here on a MacOS with M1.

Or any hint on how I could kick the same CI as you do would help too.  I
remembered I used to kick the test after any push with .gitlab-ci.yml but
it seems it's not triggering for some reason here.

-- 
Peter Xu

[PULL 35/40] pckbd: introduce new vmstate_kbd_mmio VMStateDescription for the I8042_MMIO device

[Mark Cave-Ayland]

This enables us to register the VMStateDescription using the DeviceClass vmsd
property rather than having to call vmstate_register() from 
i8042_mmio_realize().

Note that this is a migration break for the MIPS magnum machine which is the 
only
user of the I8042_MMIO device.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-36-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pckbd.c | 14 +++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
index 9184411c3e..195a64f520 100644
--- a/hw/input/pckbd.c
+++ b/hw/input/pckbd.c
@@ -699,9 +699,6 @@ static void i8042_mmio_realize(DeviceState *dev, Error 
**errp)
 
 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->region);
 
-/* Note we can't use dc->vmsd without breaking migration compatibility */
-vmstate_register(NULL, 0, &vmstate_kbd, ks);
-
 ks->kbd = ps2_kbd_init();
 qdev_connect_gpio_out(DEVICE(ks->kbd), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-kbd-input-irq",
@@ -732,12 +729,23 @@ static Property i8042_mmio_properties[] = {
 DEFINE_PROP_END_OF_LIST(),
 };
 
+static const VMStateDescription vmstate_kbd_mmio = {
+.name = "pckbd-mmio",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_STRUCT(kbd, MMIOKBDState, 0, vmstate_kbd, KBDState),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static void i8042_mmio_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 
 dc->realize = i8042_mmio_realize;
 dc->reset = i8042_mmio_reset;
+dc->vmsd = &vmstate_kbd_mmio;
 device_class_set_props(dc, i8042_mmio_properties);
 set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
 }
-- 
2.30.2

Re: [PATCH v2] linux-user/hppa: Fix segfaults on page zero

[Laurent Vivier]

Le 18/07/2022 à 18:40, Helge Deller a écrit :

This program:

 int main(void) { asm("bv %r0(%r0)"); return 0; }

produces on real hppa hardware the expected segfault:

 SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x3} ---
 killed by SIGSEGV +++
 Segmentation fault

But when run on linux-user you get instead internal qemu errors:

ERROR: linux-user/hppa/cpu_loop.c:172:cpu_loop: code should not be reached
Bail out! ERROR: linux-user/hppa/cpu_loop.c:172:cpu_loop: code should not be 
reached
ERROR: accel/tcg/cpu-exec.c:933:cpu_exec: assertion failed: (cpu == current_cpu)
Bail out! ERROR: accel/tcg/cpu-exec.c:933:cpu_exec: assertion failed: (cpu == 
current_cpu)

Fix it by adding the missing case for the EXCP_IMP trap in
cpu_loop() and raise a segfault.

Signed-off-by: Helge Deller 
---
Changes:

v2: Dropped the "+++" in the commit message - it confused b4 and git-am.
 no functional changes.

---
diff --git a/linux-user/hppa/cpu_loop.c b/linux-user/hppa/cpu_loop.c
index a576d1a249..8f374aeef6 100644
--- a/linux-user/hppa/cpu_loop.c
+++ b/linux-user/hppa/cpu_loop.c
@@ -143,6 +143,9 @@ void cpu_loop(CPUHPPAState *env)
  env->iaoq_f = env->gr[31];
  env->iaoq_b = env->gr[31] + 4;
  break;
+case EXCP_IMP:
+force_sig_fault(TARGET_SIGSEGV, TARGET_SEGV_MAPERR, env->iaoq_f);
+break;
  case EXCP_ILL:
  force_sig_fault(TARGET_SIGILL, TARGET_ILL_ILLOPN, env->iaoq_f);
  break;




Applied to my linux-user-for-7.1 branch.

Thanks,
Laurent

[PULL 32/40] lasips2: don't use legacy ps2_kbd_init() function

[Mark Cave-Ayland]

Instantiate the PS2 keyboard device within LASIPS2KbdPort using
object_initialize_child() in lasips2_kbd_port_init() and realize it in
lasips2_kbd_port_realize() accordingly.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-33-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 10 +-
 include/hw/input/lasips2.h |  2 ++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 7bf6077b58..4b3264a02d 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -353,10 +353,15 @@ static const TypeInfo lasips2_port_info = {
 
 static void lasips2_kbd_port_realize(DeviceState *dev, Error **errp)
 {
+LASIPS2KbdPort *s = LASIPS2_KBD_PORT(dev);
 LASIPS2Port *lp = LASIPS2_PORT(dev);
 LASIPS2PortDeviceClass *lpdc = LASIPS2_PORT_GET_CLASS(lp);
 
-lp->ps2dev = ps2_kbd_init();
+if (!sysbus_realize(SYS_BUS_DEVICE(&s->kbd), errp)) {
+return;
+}
+
+lp->ps2dev = PS2_DEVICE(&s->kbd);
 lpdc->parent_realize(dev, errp);
 }
 
@@ -367,6 +372,9 @@ static void lasips2_kbd_port_init(Object *obj)
 
 memory_region_init_io(&lp->reg, obj, &lasips2_reg_ops, lp, "lasips2-kbd",
   0x100);
+
+object_initialize_child(obj, "kbd", &s->kbd, TYPE_PS2_KBD_DEVICE);
+
 lp->id = 0;
 lp->lasips2 = container_of(s, LASIPS2State, kbd_port);
 }
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index 9fe9e63a66..4a0ad999d7 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -52,6 +52,8 @@ OBJECT_DECLARE_SIMPLE_TYPE(LASIPS2KbdPort, LASIPS2_KBD_PORT)
 
 struct LASIPS2KbdPort {
 LASIPS2Port parent_obj;
+
+PS2KbdState kbd;
 };
 
 #define TYPE_LASIPS2_MOUSE_PORT "lasips2-mouse-port"
-- 
2.30.2

Re: [PATCH] python/qemu/qmp/legacy: Replace 'returns-whitelist' with the correct type

[Thomas Huth]

On 11/07/2022 22.30, John Snow wrote:

On Mon, Jul 11, 2022 at 5:57 AM Thomas Huth  wrote:


'returns-whitelist' has been renamed to 'command-returns-exceptions' in
commit b86df3747848 ("qapi: Rename pragma *-whitelist to *-exceptions").

Signed-off-by: Thomas Huth 
---
  python/qemu/qmp/legacy.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/qemu/qmp/legacy.py b/python/qemu/qmp/legacy.py
index 03b5574618..1951754455 100644
--- a/python/qemu/qmp/legacy.py
+++ b/python/qemu/qmp/legacy.py
@@ -50,7 +50,7 @@

  # QMPMessage can be outgoing commands or incoming events/returns.
  # QMPReturnValue is usually a dict/json object, but due to QAPI's
-# 'returns-whitelist', it can actually be anything.
+# 'command-returns-exceptions', it can actually be anything.
  #
  # {'return': {}} is a QMPMessage,
  # {} is the QMPReturnValue.
--
2.31.1



May I cajole you to send a MR to
https://gitlab.com/qemu-project/python-qemu-qmp ?


Sure, done now:

https://gitlab.com/qemu-project/python-qemu-qmp/-/merge_requests/9

 Thomas

[PULL 31/40] lasips2: switch register memory region to DEVICE_BIG_ENDIAN

[Mark Cave-Ayland]

The LASI device (and so also the LASIPS2 device) are only used for the HPPA
B160L machine which is a big endian architecture.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-32-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 09d909c843..7bf6077b58 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -245,7 +245,7 @@ static const MemoryRegionOps lasips2_reg_ops = {
 .min_access_size = 1,
 .max_access_size = 4,
 },
-.endianness = DEVICE_NATIVE_ENDIAN,
+.endianness = DEVICE_BIG_ENDIAN,
 };
 
 static void lasips2_realize(DeviceState *dev, Error **errp)
-- 
2.30.2

[PULL 40/40] pckbd: remove legacy i8042_mm_init() function

[Mark Cave-Ayland]

This legacy function is only used during the initialisation of the MIPS magnum
machine, so inline its functionality directly into mips_jazz_init() and then
remove it.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-41-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pckbd.c | 16 
 hw/mips/jazz.c   | 13 ++---
 include/hw/input/i8042.h |  2 --
 3 files changed, 10 insertions(+), 21 deletions(-)

diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
index 0fc1af403e..b92b63bedc 100644
--- a/hw/input/pckbd.c
+++ b/hw/input/pckbd.c
@@ -762,22 +762,6 @@ static void i8042_mmio_class_init(ObjectClass *klass, void 
*data)
 set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
 }
 
-MMIOKBDState *i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
-ram_addr_t size, hwaddr mask)
-{
-DeviceState *dev;
-
-dev = qdev_new(TYPE_I8042_MMIO);
-qdev_prop_set_uint64(dev, "mask", mask);
-qdev_prop_set_uint32(dev, "size", size);
-sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
-
-qdev_connect_gpio_out(dev, I8042_KBD_IRQ, kbd_irq);
-qdev_connect_gpio_out(dev, I8042_MOUSE_IRQ, mouse_irq);
-
-return I8042_MMIO(dev);
-}
-
 static const TypeInfo i8042_mmio_info = {
 .name  = TYPE_I8042_MMIO,
 .parent= TYPE_SYS_BUS_DEVICE,
diff --git a/hw/mips/jazz.c b/hw/mips/jazz.c
index 1eb8bd5018..6aefe9a61b 100644
--- a/hw/mips/jazz.c
+++ b/hw/mips/jazz.c
@@ -361,9 +361,16 @@ static void mips_jazz_init(MachineState *machine,
 memory_region_add_subregion(address_space, 0x80004000, rtc);
 
 /* Keyboard (i8042) */
-i8042 = i8042_mm_init(qdev_get_gpio_in(rc4030, 6),
-  qdev_get_gpio_in(rc4030, 7),
-  0x1000, 0x1);
+i8042 = I8042_MMIO(qdev_new(TYPE_I8042_MMIO));
+qdev_prop_set_uint64(DEVICE(i8042), "mask", 1);
+qdev_prop_set_uint32(DEVICE(i8042), "size", 0x1000);
+sysbus_realize_and_unref(SYS_BUS_DEVICE(i8042), &error_fatal);
+
+qdev_connect_gpio_out(DEVICE(i8042), I8042_KBD_IRQ,
+  qdev_get_gpio_in(rc4030, 6));
+qdev_connect_gpio_out(DEVICE(i8042), I8042_MOUSE_IRQ,
+  qdev_get_gpio_in(rc4030, 7));
+
 memory_region_add_subregion(address_space, 0x80005000,
 sysbus_mmio_get_region(SYS_BUS_DEVICE(i8042),
0));
diff --git a/include/hw/input/i8042.h b/include/hw/input/i8042.h
index e199f1ece8..9fb3f8d787 100644
--- a/include/hw/input/i8042.h
+++ b/include/hw/input/i8042.h
@@ -88,8 +88,6 @@ struct MMIOKBDState {
 #define I8042_A20_LINE "a20"
 
 
-MMIOKBDState *i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
-ram_addr_t size, hwaddr mask);
 void i8042_isa_mouse_fake_event(ISAKBDState *isa);
 void i8042_setup_a20_line(ISADevice *dev, qemu_irq a20_out);
 
-- 
2.30.2

[python-qemu-qmp MR #9] qemu/qmp/legacy: Replace 'returns-whitelist' with the correct type

[GitLab Bot]

Author: Thomas Huth - https://gitlab.com/thuth
Merge Request: 
https://gitlab.com/qemu-project/python-qemu-qmp/-/merge_requests/9
... from: thuth/python-qemu-qmp:fixes
... into: qemu-project/python-qemu-qmp:main

'returns-whitelist' has been renamed to 'command-returns-exceptions' in QEMU
commit b86df3747848 ("qapi: Rename pragma *-whitelist to *-exceptions").

---

This is an automated message. This bot will only relay the creation of new merge
requests and will not relay review comments, new revisions, or concluded merges.
Please follow the GitLab link to participate in review.

[PULL 21/40] lasips2: introduce lasips2_kbd_port_class_init() and lasips2_kbd_port_realize()

[Mark Cave-Ayland]

Introduce a new lasips2_kbd_port_class_init() function which uses a new
lasips2_kbd_port_realize() function to initialise the PS2 keyboard device.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-22-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 16 +++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 9535cab268..b4fdaed5cb 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -268,7 +268,6 @@ static void lasips2_realize(DeviceState *dev, Error **errp)
 return;
 }
 
-lp->ps2dev = ps2_kbd_init();
 qdev_connect_gpio_out(DEVICE(lp->ps2dev), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-kbd-input-irq",
  0));
@@ -331,6 +330,13 @@ static const TypeInfo lasips2_port_info = {
 .abstract  = true,
 };
 
+static void lasips2_kbd_port_realize(DeviceState *dev, Error **errp)
+{
+LASIPS2Port *lp = LASIPS2_PORT(dev);
+
+lp->ps2dev = ps2_kbd_init();
+}
+
 static void lasips2_kbd_port_init(Object *obj)
 {
 LASIPS2KbdPort *s = LASIPS2_KBD_PORT(obj);
@@ -342,11 +348,19 @@ static void lasips2_kbd_port_init(Object *obj)
 lp->parent = container_of(s, LASIPS2State, kbd_port);
 }
 
+static void lasips2_kbd_port_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->realize = lasips2_kbd_port_realize;
+}
+
 static const TypeInfo lasips2_kbd_port_info = {
 .name  = TYPE_LASIPS2_KBD_PORT,
 .parent= TYPE_LASIPS2_PORT,
 .instance_size = sizeof(LASIPS2KbdPort),
 .instance_init = lasips2_kbd_port_init,
+.class_init= lasips2_kbd_port_class_init,
 };
 
 static void lasips2_mouse_port_init(Object *obj)
-- 
2.30.2

[PULL 39/40] ps2: remove unused legacy ps2_mouse_init() function

[Mark Cave-Ayland]

Now that the legacy ps2_mouse_init() function is no longer used, it can be 
completely
removed along with its associated trace-event.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-40-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/ps2.c | 13 -
 hw/input/trace-events  |  1 -
 include/hw/input/ps2.h |  1 -
 3 files changed, 15 deletions(-)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index 5b1728ef02..05cf7111e3 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -1236,19 +1236,6 @@ static void ps2_mouse_realize(DeviceState *dev, Error 
**errp)
 qemu_input_handler_register(dev, &ps2_mouse_handler);
 }
 
-void *ps2_mouse_init(void)
-{
-DeviceState *dev;
-PS2MouseState *s;
-
-dev = qdev_new(TYPE_PS2_MOUSE_DEVICE);
-sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
-s = PS2_MOUSE_DEVICE(dev);
-
-trace_ps2_mouse_init(s);
-return s;
-}
-
 static void ps2_kbd_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
diff --git a/hw/input/trace-events b/hw/input/trace-events
index df998d13eb..29001a827d 100644
--- a/hw/input/trace-events
+++ b/hw/input/trace-events
@@ -41,7 +41,6 @@ ps2_mouse_fake_event(void *opaque) "%p"
 ps2_write_mouse(void *opaque, int val) "%p val %d"
 ps2_kbd_reset(void *opaque) "%p"
 ps2_mouse_reset(void *opaque) "%p"
-ps2_mouse_init(void *s) "%p"
 
 # hid.c
 hid_kbd_queue_full(void) "queue full"
diff --git a/include/hw/input/ps2.h b/include/hw/input/ps2.h
index 18fd10cc75..ff777582cd 100644
--- a/include/hw/input/ps2.h
+++ b/include/hw/input/ps2.h
@@ -98,7 +98,6 @@ struct PS2MouseState {
 OBJECT_DECLARE_SIMPLE_TYPE(PS2MouseState, PS2_MOUSE_DEVICE)
 
 /* ps2.c */
-void *ps2_mouse_init(void);
 void ps2_write_mouse(PS2MouseState *s, int val);
 void ps2_write_keyboard(PS2KbdState *s, int val);
 uint32_t ps2_read_data(PS2State *s);
-- 
2.30.2

[PULL 33/40] lasips2: don't use legacy ps2_mouse_init() function

[Mark Cave-Ayland]

Instantiate the PS2 mouse device within LASIPS2MousePort using
object_initialize_child() in lasips2_mouse_port_init() and realize it in
lasips2_mouse_port_realize() accordingly.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-34-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 10 +-
 include/hw/input/lasips2.h |  2 ++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 4b3264a02d..e602e3c986 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -398,10 +398,15 @@ static const TypeInfo lasips2_kbd_port_info = {
 
 static void lasips2_mouse_port_realize(DeviceState *dev, Error **errp)
 {
+LASIPS2MousePort *s = LASIPS2_MOUSE_PORT(dev);
 LASIPS2Port *lp = LASIPS2_PORT(dev);
 LASIPS2PortDeviceClass *lpdc = LASIPS2_PORT_GET_CLASS(lp);
 
-lp->ps2dev = ps2_mouse_init();
+if (!sysbus_realize(SYS_BUS_DEVICE(&s->mouse), errp)) {
+return;
+}
+
+lp->ps2dev = PS2_DEVICE(&s->mouse);
 lpdc->parent_realize(dev, errp);
 }
 
@@ -412,6 +417,9 @@ static void lasips2_mouse_port_init(Object *obj)
 
 memory_region_init_io(&lp->reg, obj, &lasips2_reg_ops, lp, "lasips2-mouse",
   0x100);
+
+object_initialize_child(obj, "mouse", &s->mouse, TYPE_PS2_MOUSE_DEVICE);
+
 lp->id = 1;
 lp->lasips2 = container_of(s, LASIPS2State, mouse_port);
 }
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index 4a0ad999d7..01911c50f9 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -61,6 +61,8 @@ OBJECT_DECLARE_SIMPLE_TYPE(LASIPS2MousePort, 
LASIPS2_MOUSE_PORT)
 
 struct LASIPS2MousePort {
 LASIPS2Port parent_obj;
+
+PS2MouseState mouse;
 };
 
 struct LASIPS2State {
-- 
2.30.2

[PULL 30/40] lasips2: standardise on lp name for LASIPS2Port variables

[Mark Cave-Ayland]

This is shorter to type and keeps the naming convention consistent within the
LASIPS2 device.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-31-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 52 +++---
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 0f392e2bee..09d909c843 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -139,28 +139,28 @@ static void lasips2_set_irq(void *opaque, int n, int 
level)
 static void lasips2_reg_write(void *opaque, hwaddr addr, uint64_t val,
   unsigned size)
 {
-LASIPS2Port *port = opaque;
+LASIPS2Port *lp = LASIPS2_PORT(opaque);
 
-trace_lasips2_reg_write(size, port->id, addr,
+trace_lasips2_reg_write(size, lp->id, addr,
 lasips2_write_reg_name(addr), val);
 
 switch (addr & 0xc) {
 case REG_PS2_CONTROL:
-port->control = val;
+lp->control = val;
 break;
 
 case REG_PS2_XMTDATA:
-if (port->control & LASIPS2_CONTROL_LOOPBACK) {
-port->buf = val;
-port->loopback_rbne = true;
-qemu_set_irq(port->irq, 1);
+if (lp->control & LASIPS2_CONTROL_LOOPBACK) {
+lp->buf = val;
+lp->loopback_rbne = true;
+qemu_set_irq(lp->irq, 1);
 break;
 }
 
-if (port->id) {
-ps2_write_mouse(PS2_MOUSE_DEVICE(port->ps2dev), val);
+if (lp->id) {
+ps2_write_mouse(PS2_MOUSE_DEVICE(lp->ps2dev), val);
 } else {
-ps2_write_keyboard(PS2_KBD_DEVICE(port->ps2dev), val);
+ps2_write_keyboard(PS2_KBD_DEVICE(lp->ps2dev), val);
 }
 break;
 
@@ -176,53 +176,53 @@ static void lasips2_reg_write(void *opaque, hwaddr addr, 
uint64_t val,
 
 static uint64_t lasips2_reg_read(void *opaque, hwaddr addr, unsigned size)
 {
-LASIPS2Port *port = opaque;
+LASIPS2Port *lp = LASIPS2_PORT(opaque);
 uint64_t ret = 0;
 
 switch (addr & 0xc) {
 case REG_PS2_ID:
-ret = port->id;
+ret = lp->id;
 break;
 
 case REG_PS2_RCVDATA:
-if (port->control & LASIPS2_CONTROL_LOOPBACK) {
-port->loopback_rbne = false;
-qemu_set_irq(port->irq, 0);
-ret = port->buf;
+if (lp->control & LASIPS2_CONTROL_LOOPBACK) {
+lp->loopback_rbne = false;
+qemu_set_irq(lp->irq, 0);
+ret = lp->buf;
 break;
 }
 
-ret = ps2_read_data(port->ps2dev);
+ret = ps2_read_data(lp->ps2dev);
 break;
 
 case REG_PS2_CONTROL:
-ret = port->control;
+ret = lp->control;
 break;
 
 case REG_PS2_STATUS:
 ret = LASIPS2_STATUS_DATSHD | LASIPS2_STATUS_CLKSHD;
 
-if (port->control & LASIPS2_CONTROL_DIAG) {
-if (!(port->control & LASIPS2_CONTROL_DATDIR)) {
+if (lp->control & LASIPS2_CONTROL_DIAG) {
+if (!(lp->control & LASIPS2_CONTROL_DATDIR)) {
 ret &= ~LASIPS2_STATUS_DATSHD;
 }
 
-if (!(port->control & LASIPS2_CONTROL_CLKDIR)) {
+if (!(lp->control & LASIPS2_CONTROL_CLKDIR)) {
 ret &= ~LASIPS2_STATUS_CLKSHD;
 }
 }
 
-if (port->control & LASIPS2_CONTROL_LOOPBACK) {
-if (port->loopback_rbne) {
+if (lp->control & LASIPS2_CONTROL_LOOPBACK) {
+if (lp->loopback_rbne) {
 ret |= LASIPS2_STATUS_RBNE;
 }
 } else {
-if (!ps2_queue_empty(port->ps2dev)) {
+if (!ps2_queue_empty(lp->ps2dev)) {
 ret |= LASIPS2_STATUS_RBNE;
 }
 }
 
-if (port->lasips2->int_status) {
+if (lp->lasips2->int_status) {
 ret |= LASIPS2_STATUS_CMPINTR;
 }
 break;
@@ -233,7 +233,7 @@ static uint64_t lasips2_reg_read(void *opaque, hwaddr addr, 
unsigned size)
 break;
 }
 
-trace_lasips2_reg_read(size, port->id, addr,
+trace_lasips2_reg_read(size, lp->id, addr,
lasips2_read_reg_name(addr), ret);
 return ret;
 }
-- 
2.30.2

[PULL 18/40] lasips2: introduce new LASIPS2_MOUSE_PORT QOM type

[Mark Cave-Ayland]

This will be soon be used to hold the underlying PS2_MOUSE_DEVICE object.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-19-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 7 +++
 include/hw/input/lasips2.h | 7 +++
 2 files changed, 14 insertions(+)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index b043f2e264..f70cf893f6 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -324,11 +324,18 @@ static const TypeInfo lasips2_kbd_port_info = {
 .instance_size = sizeof(LASIPS2KbdPort),
 };
 
+static const TypeInfo lasips2_mouse_port_info = {
+.name  = TYPE_LASIPS2_MOUSE_PORT,
+.parent= TYPE_LASIPS2_PORT,
+.instance_size = sizeof(LASIPS2MousePort),
+};
+
 static void lasips2_register_types(void)
 {
 type_register_static(&lasips2_info);
 type_register_static(&lasips2_port_info);
 type_register_static(&lasips2_kbd_port_info);
+type_register_static(&lasips2_mouse_port_info);
 }
 
 type_init(lasips2_register_types)
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index 504e2c06de..aab6a3500c 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -50,6 +50,13 @@ struct LASIPS2KbdPort {
 LASIPS2Port parent_obj;
 };
 
+#define TYPE_LASIPS2_MOUSE_PORT "lasips2-mouse-port"
+OBJECT_DECLARE_SIMPLE_TYPE(LASIPS2MousePort, LASIPS2_MOUSE_PORT)
+
+struct LASIPS2MousePort {
+LASIPS2Port parent_obj;
+};
+
 struct LASIPS2State {
 SysBusDevice parent_obj;
 
-- 
2.30.2

[PULL 37/40] ps2: remove unused legacy ps2_kbd_init() function

[Mark Cave-Ayland]

Now that the legacy ps2_kbd_init() function is no longer used, it can be 
completely
removed along with its associated trace-event.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-38-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/ps2.c | 13 -
 hw/input/trace-events  |  1 -
 include/hw/input/ps2.h |  1 -
 3 files changed, 15 deletions(-)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index 59bac28ac8..5b1728ef02 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -1224,19 +1224,6 @@ static void ps2_kbd_realize(DeviceState *dev, Error 
**errp)
 qemu_input_handler_register(dev, &ps2_keyboard_handler);
 }
 
-void *ps2_kbd_init(void)
-{
-DeviceState *dev;
-PS2KbdState *s;
-
-dev = qdev_new(TYPE_PS2_KBD_DEVICE);
-sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
-s = PS2_KBD_DEVICE(dev);
-
-trace_ps2_kbd_init(s);
-return s;
-}
-
 static QemuInputHandler ps2_mouse_handler = {
 .name  = "QEMU PS/2 Mouse",
 .mask  = INPUT_EVENT_MASK_BTN | INPUT_EVENT_MASK_REL,
diff --git a/hw/input/trace-events b/hw/input/trace-events
index e0bfe7f3ee..df998d13eb 100644
--- a/hw/input/trace-events
+++ b/hw/input/trace-events
@@ -41,7 +41,6 @@ ps2_mouse_fake_event(void *opaque) "%p"
 ps2_write_mouse(void *opaque, int val) "%p val %d"
 ps2_kbd_reset(void *opaque) "%p"
 ps2_mouse_reset(void *opaque) "%p"
-ps2_kbd_init(void *s) "%p"
 ps2_mouse_init(void *s) "%p"
 
 # hid.c
diff --git a/include/hw/input/ps2.h b/include/hw/input/ps2.h
index a78619d8cb..18fd10cc75 100644
--- a/include/hw/input/ps2.h
+++ b/include/hw/input/ps2.h
@@ -98,7 +98,6 @@ struct PS2MouseState {
 OBJECT_DECLARE_SIMPLE_TYPE(PS2MouseState, PS2_MOUSE_DEVICE)
 
 /* ps2.c */
-void *ps2_kbd_init(void);
 void *ps2_mouse_init(void);
 void ps2_write_mouse(PS2MouseState *s, int val);
 void ps2_write_keyboard(PS2KbdState *s, int val);
-- 
2.30.2

[PULL 36/40] pckbd: don't use legacy ps2_kbd_init() function

[Mark Cave-Ayland]

Instantiate the PS2 keyboard device within KBDState using
object_initialize_child() in i8042_initfn() and i8042_mmio_init() and realize
it in i8042_realizefn() and i8042_mmio_realize() accordingly.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-37-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pckbd.c | 29 +
 include/hw/input/i8042.h |  3 ++-
 2 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
index 195a64f520..cb452f2612 100644
--- a/hw/input/pckbd.c
+++ b/hw/input/pckbd.c
@@ -286,7 +286,7 @@ static void kbd_queue(KBDState *s, int b, int aux)
 s->pending |= aux ? KBD_PENDING_CTRL_AUX : KBD_PENDING_CTRL_KBD;
 kbd_safe_update_irq(s);
 } else {
-ps2_queue(aux ? s->mouse : s->kbd, b);
+ps2_queue(aux ? s->mouse : PS2_DEVICE(&s->ps2kbd), b);
 }
 }
 
@@ -408,7 +408,7 @@ static uint64_t kbd_read_data(void *opaque, hwaddr addr,
 timer_mod(s->throttle_timer,
   qemu_clock_get_us(QEMU_CLOCK_VIRTUAL) + 1000);
 }
-s->obdata = ps2_read_data(s->kbd);
+s->obdata = ps2_read_data(PS2_DEVICE(&s->ps2kbd));
 } else if (s->obsrc & KBD_OBSRC_MOUSE) {
 s->obdata = ps2_read_data(s->mouse);
 } else if (s->obsrc & KBD_OBSRC_CTRL) {
@@ -429,14 +429,15 @@ static void kbd_write_data(void *opaque, hwaddr addr,
 
 switch (s->write_cmd) {
 case 0:
-ps2_write_keyboard(s->kbd, val);
+ps2_write_keyboard(&s->ps2kbd, val);
 /* sending data to the keyboard reenables PS/2 communication */
 s->mode &= ~KBD_MODE_DISABLE_KBD;
 kbd_safe_update_irq(s);
 break;
 case KBD_CCMD_WRITE_MODE:
 s->mode = val;
-ps2_keyboard_set_translation(s->kbd, (s->mode & KBD_MODE_KCC) != 0);
+ps2_keyboard_set_translation(&s->ps2kbd,
+ (s->mode & KBD_MODE_KCC) != 0);
 /*
  * a write to the mode byte interrupt enable flags directly updates
  * the irq lines
@@ -699,10 +700,14 @@ static void i8042_mmio_realize(DeviceState *dev, Error 
**errp)
 
 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->region);
 
-ks->kbd = ps2_kbd_init();
-qdev_connect_gpio_out(DEVICE(ks->kbd), PS2_DEVICE_IRQ,
+if (!sysbus_realize(SYS_BUS_DEVICE(&ks->ps2kbd), errp)) {
+return;
+}
+
+qdev_connect_gpio_out(DEVICE(&ks->ps2kbd), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-kbd-input-irq",
  0));
+
 ks->mouse = ps2_mouse_init();
 qdev_connect_gpio_out(DEVICE(ks->mouse), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-mouse-input-irq",
@@ -716,6 +721,8 @@ static void i8042_mmio_init(Object *obj)
 
 ks->extended_state = true;
 
+object_initialize_child(obj, "ps2kbd", &ks->ps2kbd, TYPE_PS2_KBD_DEVICE);
+
 qdev_init_gpio_out(DEVICE(obj), ks->irqs, 2);
 qdev_init_gpio_in_named(DEVICE(obj), i8042_mmio_set_kbd_irq,
 "ps2-kbd-input-irq", 1);
@@ -851,6 +858,8 @@ static void i8042_initfn(Object *obj)
 memory_region_init_io(isa_s->io + 1, obj, &i8042_cmd_ops, s,
   "i8042-cmd", 1);
 
+object_initialize_child(obj, "ps2kbd", &s->ps2kbd, TYPE_PS2_KBD_DEVICE);
+
 qdev_init_gpio_out_named(DEVICE(obj), &s->a20_out, I8042_A20_LINE, 1);
 
 qdev_init_gpio_out(DEVICE(obj), s->irqs, 2);
@@ -884,10 +893,14 @@ static void i8042_realizefn(DeviceState *dev, Error 
**errp)
 isa_register_ioport(isadev, isa_s->io + 0, 0x60);
 isa_register_ioport(isadev, isa_s->io + 1, 0x64);
 
-s->kbd = ps2_kbd_init();
-qdev_connect_gpio_out(DEVICE(s->kbd), PS2_DEVICE_IRQ,
+if (!sysbus_realize(SYS_BUS_DEVICE(&s->ps2kbd), errp)) {
+return;
+}
+
+qdev_connect_gpio_out(DEVICE(&s->ps2kbd), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-kbd-input-irq",
  0));
+
 s->mouse = ps2_mouse_init();
 qdev_connect_gpio_out(DEVICE(s->mouse), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-mouse-input-irq",
diff --git a/include/hw/input/i8042.h b/include/hw/input/i8042.h
index ca933d8e1b..8beb0ac01f 100644
--- a/include/hw/input/i8042.h
+++ b/include/hw/input/i8042.h
@@ -10,6 +10,7 @@
 
 #include "hw/isa/isa.h"
 #include "hw/sysbus.h"
+#include "hw/input/ps2.h"
 #include "qom/object.h"
 
 #define I8042_KBD_IRQ  0
@@ -30,7 +31,7 @@ typedef struct KBDState {
 uint8_t obdata;
 uint8_t cbdata;
 uint8_t pending_tmp;
-void *kbd;
+PS2KbdState ps2kbd;
 void *mouse;
 QEMUTimer *throttle_timer;
 
-- 
2.30.2

[PULL 16/40] lasips2: QOMify LASIPS2Port

[Mark Cave-Ayland]

This becomes an abstract QOM type which will be a parent type for separate
keyboard and mouse port types.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-17-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c |  8 
 include/hw/input/lasips2.h | 14 ++
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index b539c4de7a..56bfd759af 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -311,9 +311,17 @@ static const TypeInfo lasips2_info = {
 .class_init= lasips2_class_init,
 };
 
+static const TypeInfo lasips2_port_info = {
+.name  = TYPE_LASIPS2_PORT,
+.parent= TYPE_DEVICE,
+.instance_size = sizeof(LASIPS2Port),
+.abstract  = true,
+};
+
 static void lasips2_register_types(void)
 {
 type_register_static(&lasips2_info);
+type_register_static(&lasips2_port_info);
 }
 
 type_init(lasips2_register_types)
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index 9746b7a132..f4514081fe 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -25,9 +25,15 @@
 #include "hw/sysbus.h"
 #include "hw/input/ps2.h"
 
-struct LASIPS2State;
-typedef struct LASIPS2Port {
-struct LASIPS2State *parent;
+#define TYPE_LASIPS2_PORT "lasips2-port"
+OBJECT_DECLARE_SIMPLE_TYPE(LASIPS2Port, LASIPS2_PORT)
+
+typedef struct LASIPS2State LASIPS2State;
+
+struct LASIPS2Port {
+DeviceState parent_obj;
+
+LASIPS2State *parent;
 MemoryRegion reg;
 PS2State *ps2dev;
 uint8_t id;
@@ -35,7 +41,7 @@ typedef struct LASIPS2Port {
 uint8_t buf;
 bool loopback_rbne;
 bool irq;
-} LASIPS2Port;
+};
 
 struct LASIPS2State {
 SysBusDevice parent_obj;
-- 
2.30.2

[PULL 29/40] lasips2: rename LASIPS2Port parent pointer to lasips2

[Mark Cave-Ayland]

This makes it clearer that the pointer is a reference to the LASIPS2 container
device rather than an implied part of the QOM hierarchy.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-30-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 6 +++---
 include/hw/input/lasips2.h | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 5ceb38c1af..0f392e2bee 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -222,7 +222,7 @@ static uint64_t lasips2_reg_read(void *opaque, hwaddr addr, 
unsigned size)
 }
 }
 
-if (port->parent->int_status) {
+if (port->lasips2->int_status) {
 ret |= LASIPS2_STATUS_CMPINTR;
 }
 break;
@@ -368,7 +368,7 @@ static void lasips2_kbd_port_init(Object *obj)
 memory_region_init_io(&lp->reg, obj, &lasips2_reg_ops, lp, "lasips2-kbd",
   0x100);
 lp->id = 0;
-lp->parent = container_of(s, LASIPS2State, kbd_port);
+lp->lasips2 = container_of(s, LASIPS2State, kbd_port);
 }
 
 static void lasips2_kbd_port_class_init(ObjectClass *klass, void *data)
@@ -405,7 +405,7 @@ static void lasips2_mouse_port_init(Object *obj)
 memory_region_init_io(&lp->reg, obj, &lasips2_reg_ops, lp, "lasips2-mouse",
   0x100);
 lp->id = 1;
-lp->parent = container_of(s, LASIPS2State, mouse_port);
+lp->lasips2 = container_of(s, LASIPS2State, mouse_port);
 }
 
 static void lasips2_mouse_port_class_init(ObjectClass *klass, void *data)
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index 7199f16622..9fe9e63a66 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -37,7 +37,7 @@ typedef struct LASIPS2State LASIPS2State;
 struct LASIPS2Port {
 DeviceState parent_obj;
 
-LASIPS2State *parent;
+LASIPS2State *lasips2;
 MemoryRegion reg;
 PS2State *ps2dev;
 uint8_t id;
-- 
2.30.2

[PULL 26/40] lasips2: add named input gpio to port for downstream PS2 device IRQ

[Mark Cave-Ayland]

The named input gpio is to be connected to the IRQ output of the downstream
PS2 device and used to drive the port IRQ. Initialise the named input gpio
in lasips2_port_init() and add new lasips2_port_class_init() and
lasips2_port_realize() functions to connect the PS2 device output gpio to
the new named input gpio.

Note that the reference to lasips2_port_realize() is stored in
LASIPS2PortDeviceClass but not yet used.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-27-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 32 ++--
 include/hw/input/lasips2.h |  2 ++
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 10494a2322..ec1661a8f1 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -322,11 +322,35 @@ static const TypeInfo lasips2_info = {
 .class_init= lasips2_class_init,
 };
 
+static void lasips2_port_set_irq(void *opaque, int n, int level)
+{
+LASIPS2Port *s = LASIPS2_PORT(opaque);
+
+qemu_set_irq(s->irq, level);
+}
+
+static void lasips2_port_realize(DeviceState *dev, Error **errp)
+{
+LASIPS2Port *s = LASIPS2_PORT(dev);
+
+qdev_connect_gpio_out(DEVICE(s->ps2dev), PS2_DEVICE_IRQ,
+  qdev_get_gpio_in_named(dev, "ps2-input-irq", 0));
+}
+
 static void lasips2_port_init(Object *obj)
 {
 LASIPS2Port *s = LASIPS2_PORT(obj);
 
 qdev_init_gpio_out(DEVICE(obj), &s->irq, 1);
+qdev_init_gpio_in_named(DEVICE(obj), lasips2_port_set_irq,
+"ps2-input-irq", 1);
+}
+
+static void lasips2_port_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->realize = lasips2_port_realize;
 }
 
 static const TypeInfo lasips2_port_info = {
@@ -360,8 +384,10 @@ static void lasips2_kbd_port_init(Object *obj)
 static void lasips2_kbd_port_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
+LASIPS2PortDeviceClass *lpdc = LASIPS2_PORT_CLASS(klass);
 
-dc->realize = lasips2_kbd_port_realize;
+device_class_set_parent_realize(dc, lasips2_kbd_port_realize,
+&lpdc->parent_realize);
 }
 
 static const TypeInfo lasips2_kbd_port_info = {
@@ -393,8 +419,10 @@ static void lasips2_mouse_port_init(Object *obj)
 static void lasips2_mouse_port_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
+LASIPS2PortDeviceClass *lpdc = LASIPS2_PORT_CLASS(klass);
 
-dc->realize = lasips2_mouse_port_realize;
+device_class_set_parent_realize(dc, lasips2_mouse_port_realize,
+&lpdc->parent_realize);
 }
 
 static const TypeInfo lasips2_mouse_port_info = {
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index 426aa1371f..35e0aa26eb 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -30,6 +30,8 @@ OBJECT_DECLARE_TYPE(LASIPS2Port, LASIPS2PortDeviceClass, 
LASIPS2_PORT)
 
 struct LASIPS2PortDeviceClass {
 DeviceClass parent;
+
+DeviceRealize parent_realize;
 };
 
 typedef struct LASIPS2State LASIPS2State;
-- 
2.30.2

[PULL 34/40] lasips2: update VMStateDescription for LASIPS2 device

[Mark Cave-Ayland]

Since this series has already introduced a migration break for the HPPA B160L
machine, we can use this opportunity to improve the VMStateDescription for
the LASIPS2 device.

Add the new int_status field to the VMStateDescription and remodel the ports
as separate VMSTATE_STRUCT instances representing each LASIPS2Port. Once this
is done, the migration stream can be updated to include buf and loopback_rbne
for each port (which is necessary since the values are accessed across separate
IO accesses), and drop the port id as this is hardcoded for each port type.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Message-Id: <20220712215251.7944-35-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 25 +++--
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index e602e3c986..ea7c07a2ba 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -35,15 +35,28 @@
 #include "qapi/error.h"
 
 
+static const VMStateDescription vmstate_lasips2_port = {
+.name = "lasips2-port",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT8(control, LASIPS2Port),
+VMSTATE_UINT8(buf, LASIPS2Port),
+VMSTATE_BOOL(loopback_rbne, LASIPS2Port),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static const VMStateDescription vmstate_lasips2 = {
 .name = "lasips2",
-.version_id = 0,
-.minimum_version_id = 0,
+.version_id = 1,
+.minimum_version_id = 1,
 .fields = (VMStateField[]) {
-VMSTATE_UINT8(kbd_port.parent_obj.control, LASIPS2State),
-VMSTATE_UINT8(kbd_port.parent_obj.id, LASIPS2State),
-VMSTATE_UINT8(mouse_port.parent_obj.control, LASIPS2State),
-VMSTATE_UINT8(mouse_port.parent_obj.id, LASIPS2State),
+VMSTATE_UINT8(int_status, LASIPS2State),
+VMSTATE_STRUCT(kbd_port.parent_obj, LASIPS2State, 1,
+   vmstate_lasips2_port, LASIPS2Port),
+VMSTATE_STRUCT(mouse_port.parent_obj, LASIPS2State, 1,
+   vmstate_lasips2_port, LASIPS2Port),
 VMSTATE_END_OF_LIST()
 }
 };
-- 
2.30.2

[PULL 25/40] lasips2: introduce LASIPS2PortDeviceClass for the LASIPS2_PORT device

[Mark Cave-Ayland]

This will soon be used to store the reference to the LASIPS2_PORT parent device
for LASIPS2_KBD_PORT and LASIPS2_MOUSE_PORT.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-26-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 2 ++
 include/hw/input/lasips2.h | 6 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 6b53153838..10494a2322 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -334,6 +334,8 @@ static const TypeInfo lasips2_port_info = {
 .parent= TYPE_DEVICE,
 .instance_init = lasips2_port_init,
 .instance_size = sizeof(LASIPS2Port),
+.class_init= lasips2_port_class_init,
+.class_size= sizeof(LASIPS2PortDeviceClass),
 .abstract  = true,
 };
 
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index a05f26cbd9..426aa1371f 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -26,7 +26,11 @@
 #include "hw/input/ps2.h"
 
 #define TYPE_LASIPS2_PORT "lasips2-port"
-OBJECT_DECLARE_SIMPLE_TYPE(LASIPS2Port, LASIPS2_PORT)
+OBJECT_DECLARE_TYPE(LASIPS2Port, LASIPS2PortDeviceClass, LASIPS2_PORT)
+
+struct LASIPS2PortDeviceClass {
+DeviceClass parent;
+};
 
 typedef struct LASIPS2State LASIPS2State;
 
-- 
2.30.2

[PULL 24/40] lasips2: introduce port IRQ and new lasips2_port_init() function

[Mark Cave-Ayland]

Introduce a new lasips2_port_init() QOM init function for the LASIPS2_PORT type
and use it to initialise a new gpio for use as a port IRQ. Add a new qemu_irq
representing the gpio as a new irq field within LASIPS2Port.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-25-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 8 
 include/hw/input/lasips2.h | 1 +
 2 files changed, 9 insertions(+)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 49e5c90b73..6b53153838 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -322,9 +322,17 @@ static const TypeInfo lasips2_info = {
 .class_init= lasips2_class_init,
 };
 
+static void lasips2_port_init(Object *obj)
+{
+LASIPS2Port *s = LASIPS2_PORT(obj);
+
+qdev_init_gpio_out(DEVICE(obj), &s->irq, 1);
+}
+
 static const TypeInfo lasips2_port_info = {
 .name  = TYPE_LASIPS2_PORT,
 .parent= TYPE_DEVICE,
+.instance_init = lasips2_port_init,
 .instance_size = sizeof(LASIPS2Port),
 .abstract  = true,
 };
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index 4c4b471737..a05f26cbd9 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -41,6 +41,7 @@ struct LASIPS2Port {
 uint8_t buf;
 bool loopback_rbne;
 bool birq;
+qemu_irq irq;
 };
 
 #define TYPE_LASIPS2_KBD_PORT "lasips2-kbd-port"
-- 
2.30.2

[PULL 17/40] lasips2: introduce new LASIPS2_KBD_PORT QOM type

[Mark Cave-Ayland]

This will be soon be used to hold the underlying PS2_KBD_DEVICE object.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-18-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 7 +++
 include/hw/input/lasips2.h | 7 +++
 2 files changed, 14 insertions(+)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 56bfd759af..b043f2e264 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -318,10 +318,17 @@ static const TypeInfo lasips2_port_info = {
 .abstract  = true,
 };
 
+static const TypeInfo lasips2_kbd_port_info = {
+.name  = TYPE_LASIPS2_KBD_PORT,
+.parent= TYPE_LASIPS2_PORT,
+.instance_size = sizeof(LASIPS2KbdPort),
+};
+
 static void lasips2_register_types(void)
 {
 type_register_static(&lasips2_info);
 type_register_static(&lasips2_port_info);
+type_register_static(&lasips2_kbd_port_info);
 }
 
 type_init(lasips2_register_types)
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index f4514081fe..504e2c06de 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -43,6 +43,13 @@ struct LASIPS2Port {
 bool irq;
 };
 
+#define TYPE_LASIPS2_KBD_PORT "lasips2-kbd-port"
+OBJECT_DECLARE_SIMPLE_TYPE(LASIPS2KbdPort, LASIPS2_KBD_PORT)
+
+struct LASIPS2KbdPort {
+LASIPS2Port parent_obj;
+};
+
 struct LASIPS2State {
 SysBusDevice parent_obj;
 
-- 
2.30.2

[PULL 28/40] lasips2: switch to using port-based IRQs

[Mark Cave-Ayland]

Now we can implement port-based IRQs by wiring the PS2 device IRQs to the
LASI2Port named input gpios rather than directly to the LASIPS2 device, and
generate the LASIPS2 output IRQ from the int_status bitmap representing the
individual port IRQs instead of the birq boolean.

This enables us to remove the separate PS2 keyboard and PS2 mouse named input
gpios from the LASIPS2 device and simplify the register implementation to
drive the port IRQ using qemu_set_irq() rather than accessing the LASIPS2
device IRQs directly. As a consequence the IRQ level logic in lasips2_set_irq()
can also be simplified accordingly.

For now this patch ignores adding the int_status bitmap and simply drops the
birq boolean from the vmstate_lasips2 VMStateDescription. This is because the
migration stream is already missing some required LASIPS2 fields, and as this
series already introduces a migration break for the lasips2 device it is
easiest to fix this in a follow-up patch.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Message-Id: <20220712215251.7944-29-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 59 --
 include/hw/input/lasips2.h |  7 ++---
 2 files changed, 20 insertions(+), 46 deletions(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 013d891af6..5ceb38c1af 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -42,10 +42,8 @@ static const VMStateDescription vmstate_lasips2 = {
 .fields = (VMStateField[]) {
 VMSTATE_UINT8(kbd_port.parent_obj.control, LASIPS2State),
 VMSTATE_UINT8(kbd_port.parent_obj.id, LASIPS2State),
-VMSTATE_BOOL(kbd_port.parent_obj.birq, LASIPS2State),
 VMSTATE_UINT8(mouse_port.parent_obj.control, LASIPS2State),
 VMSTATE_UINT8(mouse_port.parent_obj.id, LASIPS2State),
-VMSTATE_BOOL(mouse_port.parent_obj.birq, LASIPS2State),
 VMSTATE_END_OF_LIST()
 }
 };
@@ -119,10 +117,10 @@ static const char *lasips2_write_reg_name(uint64_t addr)
 
 static void lasips2_update_irq(LASIPS2State *s)
 {
-trace_lasips2_intr(s->kbd_port.parent_obj.birq |
-   s->mouse_port.parent_obj.birq);
-qemu_set_irq(s->irq, s->kbd_port.parent_obj.birq |
- s->mouse_port.parent_obj.birq);
+int level = s->int_status ? 1 : 0;
+
+trace_lasips2_intr(level);
+qemu_set_irq(s->irq, level);
 }
 
 static void lasips2_set_irq(void *opaque, int n, int level)
@@ -154,9 +152,8 @@ static void lasips2_reg_write(void *opaque, hwaddr addr, 
uint64_t val,
 case REG_PS2_XMTDATA:
 if (port->control & LASIPS2_CONTROL_LOOPBACK) {
 port->buf = val;
-port->birq = true;
 port->loopback_rbne = true;
-lasips2_update_irq(port->parent);
+qemu_set_irq(port->irq, 1);
 break;
 }
 
@@ -189,9 +186,8 @@ static uint64_t lasips2_reg_read(void *opaque, hwaddr addr, 
unsigned size)
 
 case REG_PS2_RCVDATA:
 if (port->control & LASIPS2_CONTROL_LOOPBACK) {
-port->birq = false;
 port->loopback_rbne = false;
-lasips2_update_irq(port->parent);
+qemu_set_irq(port->irq, 0);
 ret = port->buf;
 break;
 }
@@ -226,9 +222,8 @@ static uint64_t lasips2_reg_read(void *opaque, hwaddr addr, 
unsigned size)
 }
 }
 
-if (port->parent->kbd_port.parent_obj.birq ||
-port->parent->mouse_port.parent_obj.birq) {
-ret |= LASIPS2_STATUS_CMPINTR;
+if (port->parent->int_status) {
+ret |= LASIPS2_STATUS_CMPINTR;
 }
 break;
 
@@ -253,24 +248,6 @@ static const MemoryRegionOps lasips2_reg_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static void lasips2_set_kbd_irq(void *opaque, int n, int level)
-{
-LASIPS2State *s = LASIPS2(opaque);
-LASIPS2Port *port = LASIPS2_PORT(&s->kbd_port);
-
-port->birq = level;
-lasips2_update_irq(port->parent);
-}
-
-static void lasips2_set_mouse_irq(void *opaque, int n, int level)
-{
-LASIPS2State *s = LASIPS2(opaque);
-LASIPS2Port *port = LASIPS2_PORT(&s->mouse_port);
-
-port->birq = level;
-lasips2_update_irq(port->parent);
-}
-
 static void lasips2_realize(DeviceState *dev, Error **errp)
 {
 LASIPS2State *s = LASIPS2(dev);
@@ -281,18 +258,18 @@ static void lasips2_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
-qdev_connect_gpio_out(DEVICE(lp->ps2dev), PS2_DEVICE_IRQ,
-  qdev_get_gpio_in_named(dev, "ps2-kbd-input-irq",
- 0));
+qdev_connect_gpio_out(DEVICE(lp), 0,
+  qdev_get_gpio_in_named(dev, "lasips2-port-input-irq",
+ lp->id));
 
 lp = LASIPS2_PORT(&s->mouse_port);
 if (!(qdev_realize(DEVICE(lp), NULL, errp))) {

[PULL 14/40] lasips2: remove legacy lasips2_initfn() function

[Mark Cave-Ayland]

There is only one user of the legacy lasips2_initfn() function which is in
machine_hppa_init(), so inline its functionality into machine_hppa_init() and
then remove it.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-15-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/hppa/machine.c  |  6 --
 hw/input/lasips2.c | 12 
 include/hw/input/lasips2.h |  2 --
 3 files changed, 4 insertions(+), 16 deletions(-)

diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c
index 6080037cf1..e53d5f0fa7 100644
--- a/hw/hppa/machine.c
+++ b/hw/hppa/machine.c
@@ -280,8 +280,10 @@ static void machine_hppa_init(MachineState *machine)
 }
 
 /* PS/2 Keyboard/Mouse */
-dev = DEVICE(lasips2_initfn(qdev_get_gpio_in(lasi_dev,
- LASI_IRQ_PS2KBD_HPA)));
+dev = qdev_new(TYPE_LASIPS2);
+sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
+sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0,
+   qdev_get_gpio_in(lasi_dev, LASI_IRQ_PS2KBD_HPA));
 memory_region_add_subregion(addr_space, LASI_PS2KBD_HPA,
 sysbus_mmio_get_region(SYS_BUS_DEVICE(dev),
0));
diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 40f77baf3e..48237816a3 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -255,18 +255,6 @@ static void lasips2_set_mouse_irq(void *opaque, int n, int 
level)
 lasips2_update_irq(port->parent);
 }
 
-LASIPS2State *lasips2_initfn(qemu_irq irq)
-{
-DeviceState *dev;
-
-dev = qdev_new(TYPE_LASIPS2);
-sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
-
-sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq);
-
-return LASIPS2(dev);
-}
-
 static void lasips2_realize(DeviceState *dev, Error **errp)
 {
 LASIPS2State *s = LASIPS2(dev);
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index f051c970f0..868c5521d7 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -47,6 +47,4 @@ struct LASIPS2State {
 #define TYPE_LASIPS2 "lasips2"
 OBJECT_DECLARE_SIMPLE_TYPE(LASIPS2State, LASIPS2)
 
-LASIPS2State *lasips2_initfn(qemu_irq irq);
-
 #endif /* HW_INPUT_LASIPS2_H */
-- 
2.30.2

[PULL 22/40] lasips2: introduce lasips2_mouse_port_class_init() and lasips2_mouse_port_realize()

[Mark Cave-Ayland]

Introduce a new lasips2_mouse_port_class_init() function which uses a new
lasips2_mouse_port_realize() function to initialise the PS2 mouse device.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-23-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 16 +++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index b4fdaed5cb..ce87c66f2a 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -277,7 +277,6 @@ static void lasips2_realize(DeviceState *dev, Error **errp)
 return;
 }
 
-lp->ps2dev = ps2_mouse_init();
 qdev_connect_gpio_out(DEVICE(lp->ps2dev), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-mouse-input-irq",
  0));
@@ -363,6 +362,13 @@ static const TypeInfo lasips2_kbd_port_info = {
 .class_init= lasips2_kbd_port_class_init,
 };
 
+static void lasips2_mouse_port_realize(DeviceState *dev, Error **errp)
+{
+LASIPS2Port *lp = LASIPS2_PORT(dev);
+
+lp->ps2dev = ps2_mouse_init();
+}
+
 static void lasips2_mouse_port_init(Object *obj)
 {
 LASIPS2MousePort *s = LASIPS2_MOUSE_PORT(obj);
@@ -374,11 +380,19 @@ static void lasips2_mouse_port_init(Object *obj)
 lp->parent = container_of(s, LASIPS2State, mouse_port);
 }
 
+static void lasips2_mouse_port_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->realize = lasips2_mouse_port_realize;
+}
+
 static const TypeInfo lasips2_mouse_port_info = {
 .name  = TYPE_LASIPS2_MOUSE_PORT,
 .parent= TYPE_LASIPS2_PORT,
 .instance_size = sizeof(LASIPS2MousePort),
 .instance_init = lasips2_mouse_port_init,
+.class_init= lasips2_mouse_port_class_init,
 };
 
 static void lasips2_register_types(void)
-- 
2.30.2

[PULL 12/40] lasips2: don't use vmstate_register() in lasips2_realize()

[Mark Cave-Ayland]

Since lasips2 is a qdev device then vmstate_ps2_mouse can be registered using
the DeviceClass vmsd field instead.

Note that due to the use of the base parameter in the original 
vmstate_register()
function call, this is actually a migration break for the HPPA B160L machine.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-13-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 9223cb0af4..d4fa248729 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -272,8 +272,6 @@ static void lasips2_realize(DeviceState *dev, Error **errp)
 {
 LASIPS2State *s = LASIPS2(dev);
 
-vmstate_register(NULL, s->base, &vmstate_lasips2, s);
-
 s->kbd.dev = ps2_kbd_init();
 qdev_connect_gpio_out(DEVICE(s->kbd.dev), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-kbd-input-irq",
@@ -319,6 +317,7 @@ static void lasips2_class_init(ObjectClass *klass, void 
*data)
 DeviceClass *dc = DEVICE_CLASS(klass);
 
 dc->realize = lasips2_realize;
+dc->vmsd = &vmstate_lasips2;
 device_class_set_props(dc, lasips2_properties);
 set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
 }
-- 
2.30.2

[PULL 27/40] lasips2: add named input gpio to handle incoming port IRQs

[Mark Cave-Ayland]

The LASIPS2 device named input gpio is soon to be connected to the port output
IRQs. Add a new int_status field to LASIPS2State which is a bitmap representing
the port input IRQ status which will be enabled in the next patch.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Message-Id: <20220712215251.7944-28-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 15 +++
 include/hw/input/lasips2.h |  1 +
 2 files changed, 16 insertions(+)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index ec1661a8f1..013d891af6 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -125,6 +125,19 @@ static void lasips2_update_irq(LASIPS2State *s)
  s->mouse_port.parent_obj.birq);
 }
 
+static void lasips2_set_irq(void *opaque, int n, int level)
+{
+LASIPS2State *s = LASIPS2(opaque);
+
+if (level) {
+s->int_status |= BIT(n);
+} else {
+s->int_status &= ~BIT(n);
+}
+
+lasips2_update_irq(s);
+}
+
 static void lasips2_reg_write(void *opaque, hwaddr addr, uint64_t val,
   unsigned size)
 {
@@ -303,6 +316,8 @@ static void lasips2_init(Object *obj)
 "ps2-kbd-input-irq", 1);
 qdev_init_gpio_in_named(DEVICE(obj), lasips2_set_mouse_irq,
 "ps2-mouse-input-irq", 1);
+qdev_init_gpio_in_named(DEVICE(obj), lasips2_set_irq,
+"lasips2-port-input-irq", 2);
 }
 
 static void lasips2_class_init(ObjectClass *klass, void *data)
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index 35e0aa26eb..b79febf64b 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -69,6 +69,7 @@ struct LASIPS2State {
 
 LASIPS2KbdPort kbd_port;
 LASIPS2MousePort mouse_port;
+uint8_t int_status;
 qemu_irq irq;
 };
 
-- 
2.30.2

[PULL 13/40] lasips2: remove the qdev base property and the lasips2_properties array

[Mark Cave-Ayland]

The base property was only needed for use by vmstate_register() in order to
preserve migration compatibility. Now that the lasips2 migration state is
registered through the DeviceClass vmsd field, the base property and also
the lasips2_properties array can be removed completely as they are no longer
required.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-14-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/hppa/machine.c  | 3 +--
 hw/input/lasips2.c | 9 +
 include/hw/input/lasips2.h | 3 +--
 3 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/hw/hppa/machine.c b/hw/hppa/machine.c
index 44ecd446c3..6080037cf1 100644
--- a/hw/hppa/machine.c
+++ b/hw/hppa/machine.c
@@ -280,8 +280,7 @@ static void machine_hppa_init(MachineState *machine)
 }
 
 /* PS/2 Keyboard/Mouse */
-dev = DEVICE(lasips2_initfn(LASI_PS2KBD_HPA,
-qdev_get_gpio_in(lasi_dev,
+dev = DEVICE(lasips2_initfn(qdev_get_gpio_in(lasi_dev,
  LASI_IRQ_PS2KBD_HPA)));
 memory_region_add_subregion(addr_space, LASI_PS2KBD_HPA,
 sysbus_mmio_get_region(SYS_BUS_DEVICE(dev),
diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index d4fa248729..40f77baf3e 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -255,12 +255,11 @@ static void lasips2_set_mouse_irq(void *opaque, int n, 
int level)
 lasips2_update_irq(port->parent);
 }
 
-LASIPS2State *lasips2_initfn(hwaddr base, qemu_irq irq)
+LASIPS2State *lasips2_initfn(qemu_irq irq)
 {
 DeviceState *dev;
 
 dev = qdev_new(TYPE_LASIPS2);
-qdev_prop_set_uint64(dev, "base", base);
 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
 
 sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq);
@@ -307,18 +306,12 @@ static void lasips2_init(Object *obj)
 "ps2-mouse-input-irq", 1);
 }
 
-static Property lasips2_properties[] = {
-DEFINE_PROP_UINT64("base", LASIPS2State, base, UINT64_MAX),
-DEFINE_PROP_END_OF_LIST(),
-};
-
 static void lasips2_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 
 dc->realize = lasips2_realize;
 dc->vmsd = &vmstate_lasips2;
-device_class_set_props(dc, lasips2_properties);
 set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
 }
 
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index 03f0c9e9f9..f051c970f0 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -39,7 +39,6 @@ typedef struct LASIPS2Port {
 struct LASIPS2State {
 SysBusDevice parent_obj;
 
-hwaddr base;
 LASIPS2Port kbd;
 LASIPS2Port mouse;
 qemu_irq irq;
@@ -48,6 +47,6 @@ struct LASIPS2State {
 #define TYPE_LASIPS2 "lasips2"
 OBJECT_DECLARE_SIMPLE_TYPE(LASIPS2State, LASIPS2)
 
-LASIPS2State *lasips2_initfn(hwaddr base, qemu_irq irq);
+LASIPS2State *lasips2_initfn(qemu_irq irq);
 
 #endif /* HW_INPUT_LASIPS2_H */
-- 
2.30.2

[PULL 20/40] lasips2: move mouse port initialisation to new lasips2_mouse_port_init() function

[Mark Cave-Ayland]

Move the initialisation of the mouse port from lasips2_init() to
a new lasips2_mouse_port_init() function which will be invoked using
object_initialize_child() during the LASIPS2 device init.

Update LASIPS2State so that it now holds the new LASIPS2MousePort child object 
and
ensure that it is realised in lasips2_realize().

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-21-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 52 +-
 include/hw/input/lasips2.h |  2 +-
 2 files changed, 36 insertions(+), 18 deletions(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 74427c9990..9535cab268 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -43,9 +43,9 @@ static const VMStateDescription vmstate_lasips2 = {
 VMSTATE_UINT8(kbd_port.parent_obj.control, LASIPS2State),
 VMSTATE_UINT8(kbd_port.parent_obj.id, LASIPS2State),
 VMSTATE_BOOL(kbd_port.parent_obj.irq, LASIPS2State),
-VMSTATE_UINT8(mouse.control, LASIPS2State),
-VMSTATE_UINT8(mouse.id, LASIPS2State),
-VMSTATE_BOOL(mouse.irq, LASIPS2State),
+VMSTATE_UINT8(mouse_port.parent_obj.control, LASIPS2State),
+VMSTATE_UINT8(mouse_port.parent_obj.id, LASIPS2State),
+VMSTATE_BOOL(mouse_port.parent_obj.irq, LASIPS2State),
 VMSTATE_END_OF_LIST()
 }
 };
@@ -119,8 +119,10 @@ static const char *lasips2_write_reg_name(uint64_t addr)
 
 static void lasips2_update_irq(LASIPS2State *s)
 {
-trace_lasips2_intr(s->kbd_port.parent_obj.irq | s->mouse.irq);
-qemu_set_irq(s->irq, s->kbd_port.parent_obj.irq | s->mouse.irq);
+trace_lasips2_intr(s->kbd_port.parent_obj.irq |
+   s->mouse_port.parent_obj.irq);
+qemu_set_irq(s->irq, s->kbd_port.parent_obj.irq |
+ s->mouse_port.parent_obj.irq);
 }
 
 static void lasips2_reg_write(void *opaque, hwaddr addr, uint64_t val,
@@ -211,8 +213,9 @@ static uint64_t lasips2_reg_read(void *opaque, hwaddr addr, 
unsigned size)
 }
 }
 
-if (port->parent->kbd_port.parent_obj.irq || port->parent->mouse.irq) {
-ret |= LASIPS2_STATUS_CMPINTR;
+if (port->parent->kbd_port.parent_obj.irq ||
+port->parent->mouse_port.parent_obj.irq) {
+ret |= LASIPS2_STATUS_CMPINTR;
 }
 break;
 
@@ -249,7 +252,7 @@ static void lasips2_set_kbd_irq(void *opaque, int n, int 
level)
 static void lasips2_set_mouse_irq(void *opaque, int n, int level)
 {
 LASIPS2State *s = LASIPS2(opaque);
-LASIPS2Port *port = &s->mouse;
+LASIPS2Port *port = LASIPS2_PORT(&s->mouse_port);
 
 port->irq = level;
 lasips2_update_irq(port->parent);
@@ -269,8 +272,14 @@ static void lasips2_realize(DeviceState *dev, Error **errp)
 qdev_connect_gpio_out(DEVICE(lp->ps2dev), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-kbd-input-irq",
  0));
-s->mouse.ps2dev = ps2_mouse_init();
-qdev_connect_gpio_out(DEVICE(s->mouse.ps2dev), PS2_DEVICE_IRQ,
+
+lp = LASIPS2_PORT(&s->mouse_port);
+if (!(qdev_realize(DEVICE(lp), NULL, errp))) {
+return;
+}
+
+lp->ps2dev = ps2_mouse_init();
+qdev_connect_gpio_out(DEVICE(lp->ps2dev), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-mouse-input-irq",
  0));
 }
@@ -282,16 +291,13 @@ static void lasips2_init(Object *obj)
 
 object_initialize_child(obj, "lasips2-kbd-port", &s->kbd_port,
 TYPE_LASIPS2_KBD_PORT);
-
-s->mouse.id = 1;
-s->mouse.parent = s;
-
-memory_region_init_io(&s->mouse.reg, obj, &lasips2_reg_ops, &s->mouse,
-  "lasips2-mouse", 0x100);
+object_initialize_child(obj, "lasips2-mouse-port", &s->mouse_port,
+TYPE_LASIPS2_MOUSE_PORT);
 
 lp = LASIPS2_PORT(&s->kbd_port);
 sysbus_init_mmio(SYS_BUS_DEVICE(obj), &lp->reg);
-sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->mouse.reg);
+lp = LASIPS2_PORT(&s->mouse_port);
+sysbus_init_mmio(SYS_BUS_DEVICE(obj), &lp->reg);
 
 sysbus_init_irq(SYS_BUS_DEVICE(obj), &s->irq);
 
@@ -343,10 +349,22 @@ static const TypeInfo lasips2_kbd_port_info = {
 .instance_init = lasips2_kbd_port_init,
 };
 
+static void lasips2_mouse_port_init(Object *obj)
+{
+LASIPS2MousePort *s = LASIPS2_MOUSE_PORT(obj);
+LASIPS2Port *lp = LASIPS2_PORT(obj);
+
+memory_region_init_io(&lp->reg, obj, &lasips2_reg_ops, lp, "lasips2-mouse",
+  0x100);
+lp->id = 1;
+lp->parent = container_of(s, LASIPS2State, mouse_port);
+}
+
 static const TypeInfo lasips2_mouse_port_info = {
 .name  = TYPE_LASIPS2_MOUSE_PORT,
 .parent= TYPE_LASIPS2_PORT,
 .insta

[PULL 10/40] pl050: don't use legacy ps2_kbd_init() function

[Mark Cave-Ayland]

Instantiate the PS2 keyboard device within PL050KbdState using
object_initialize_child() in pl050_kbd_init() and realize it in
pl050_kbd_realize() accordingly.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-11-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pl050.c | 13 ++---
 include/hw/input/pl050.h |  2 ++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/hw/input/pl050.c b/hw/input/pl050.c
index fcc40758a3..64b579e877 100644
--- a/hw/input/pl050.c
+++ b/hw/input/pl050.c
@@ -160,17 +160,24 @@ static void pl050_realize(DeviceState *dev, Error **errp)
 static void pl050_kbd_realize(DeviceState *dev, Error **errp)
 {
 PL050DeviceClass *pdc = PL050_GET_CLASS(dev);
+PL050KbdState *s = PL050_KBD_DEVICE(dev);
 PL050State *ps = PL050(dev);
 
-ps->ps2dev = ps2_kbd_init();
+if (!sysbus_realize(SYS_BUS_DEVICE(&s->kbd), errp)) {
+return;
+}
+
+ps->ps2dev = PS2_DEVICE(&s->kbd);
 pdc->parent_realize(dev, errp);
 }
 
 static void pl050_kbd_init(Object *obj)
 {
-PL050State *s = PL050(obj);
+PL050KbdState *s = PL050_KBD_DEVICE(obj);
+PL050State *ps = PL050(obj);
 
-s->is_mouse = false;
+ps->is_mouse = false;
+object_initialize_child(obj, "kbd", &s->kbd, TYPE_PS2_KBD_DEVICE);
 }
 
 static void pl050_mouse_realize(DeviceState *dev, Error **errp)
diff --git a/include/hw/input/pl050.h b/include/hw/input/pl050.h
index 203f03a194..28f6216dc3 100644
--- a/include/hw/input/pl050.h
+++ b/include/hw/input/pl050.h
@@ -43,6 +43,8 @@ OBJECT_DECLARE_SIMPLE_TYPE(PL050KbdState, PL050_KBD_DEVICE)
 
 struct PL050KbdState {
 PL050State parent_obj;
+
+PS2KbdState kbd;
 };
 
 #define TYPE_PL050_MOUSE_DEVICE "pl050_mouse"
-- 
2.30.2

[PULL 15/40] lasips2: change LASIPS2State dev pointer from void to PS2State

[Mark Cave-Ayland]

This allows the compiler to enforce that the PS2 device pointer is always of
type PS2State. Update the name of the pointer from dev to ps2dev to emphasise
this type change.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-16-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 16 
 include/hw/input/lasips2.h |  3 ++-
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index 48237816a3..b539c4de7a 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -146,9 +146,9 @@ static void lasips2_reg_write(void *opaque, hwaddr addr, 
uint64_t val,
 }
 
 if (port->id) {
-ps2_write_mouse(port->dev, val);
+ps2_write_mouse(PS2_MOUSE_DEVICE(port->ps2dev), val);
 } else {
-ps2_write_keyboard(port->dev, val);
+ps2_write_keyboard(PS2_KBD_DEVICE(port->ps2dev), val);
 }
 break;
 
@@ -181,7 +181,7 @@ static uint64_t lasips2_reg_read(void *opaque, hwaddr addr, 
unsigned size)
 break;
 }
 
-ret = ps2_read_data(port->dev);
+ret = ps2_read_data(port->ps2dev);
 break;
 
 case REG_PS2_CONTROL:
@@ -206,7 +206,7 @@ static uint64_t lasips2_reg_read(void *opaque, hwaddr addr, 
unsigned size)
 ret |= LASIPS2_STATUS_RBNE;
 }
 } else {
-if (!ps2_queue_empty(port->dev)) {
+if (!ps2_queue_empty(port->ps2dev)) {
 ret |= LASIPS2_STATUS_RBNE;
 }
 }
@@ -259,12 +259,12 @@ static void lasips2_realize(DeviceState *dev, Error 
**errp)
 {
 LASIPS2State *s = LASIPS2(dev);
 
-s->kbd.dev = ps2_kbd_init();
-qdev_connect_gpio_out(DEVICE(s->kbd.dev), PS2_DEVICE_IRQ,
+s->kbd.ps2dev = ps2_kbd_init();
+qdev_connect_gpio_out(DEVICE(s->kbd.ps2dev), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-kbd-input-irq",
  0));
-s->mouse.dev = ps2_mouse_init();
-qdev_connect_gpio_out(DEVICE(s->mouse.dev), PS2_DEVICE_IRQ,
+s->mouse.ps2dev = ps2_mouse_init();
+qdev_connect_gpio_out(DEVICE(s->mouse.ps2dev), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-mouse-input-irq",
  0));
 }
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index 868c5521d7..9746b7a132 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -23,12 +23,13 @@
 
 #include "exec/hwaddr.h"
 #include "hw/sysbus.h"
+#include "hw/input/ps2.h"
 
 struct LASIPS2State;
 typedef struct LASIPS2Port {
 struct LASIPS2State *parent;
 MemoryRegion reg;
-void *dev;
+PS2State *ps2dev;
 uint8_t id;
 uint8_t control;
 uint8_t buf;
-- 
2.30.2

[PULL 23/40] lasips2: rename LASIPS2Port irq field to birq

[Mark Cave-Ayland]

The existing boolean irq field in LASIPS2Port will soon be replaced by a proper
qemu_irq, so rename the field to birq to allow the upcoming qemu_irq to use the
irq name.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-24-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 24 
 include/hw/input/lasips2.h |  2 +-
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index ce87c66f2a..49e5c90b73 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -42,10 +42,10 @@ static const VMStateDescription vmstate_lasips2 = {
 .fields = (VMStateField[]) {
 VMSTATE_UINT8(kbd_port.parent_obj.control, LASIPS2State),
 VMSTATE_UINT8(kbd_port.parent_obj.id, LASIPS2State),
-VMSTATE_BOOL(kbd_port.parent_obj.irq, LASIPS2State),
+VMSTATE_BOOL(kbd_port.parent_obj.birq, LASIPS2State),
 VMSTATE_UINT8(mouse_port.parent_obj.control, LASIPS2State),
 VMSTATE_UINT8(mouse_port.parent_obj.id, LASIPS2State),
-VMSTATE_BOOL(mouse_port.parent_obj.irq, LASIPS2State),
+VMSTATE_BOOL(mouse_port.parent_obj.birq, LASIPS2State),
 VMSTATE_END_OF_LIST()
 }
 };
@@ -119,10 +119,10 @@ static const char *lasips2_write_reg_name(uint64_t addr)
 
 static void lasips2_update_irq(LASIPS2State *s)
 {
-trace_lasips2_intr(s->kbd_port.parent_obj.irq |
-   s->mouse_port.parent_obj.irq);
-qemu_set_irq(s->irq, s->kbd_port.parent_obj.irq |
- s->mouse_port.parent_obj.irq);
+trace_lasips2_intr(s->kbd_port.parent_obj.birq |
+   s->mouse_port.parent_obj.birq);
+qemu_set_irq(s->irq, s->kbd_port.parent_obj.birq |
+ s->mouse_port.parent_obj.birq);
 }
 
 static void lasips2_reg_write(void *opaque, hwaddr addr, uint64_t val,
@@ -141,7 +141,7 @@ static void lasips2_reg_write(void *opaque, hwaddr addr, 
uint64_t val,
 case REG_PS2_XMTDATA:
 if (port->control & LASIPS2_CONTROL_LOOPBACK) {
 port->buf = val;
-port->irq = true;
+port->birq = true;
 port->loopback_rbne = true;
 lasips2_update_irq(port->parent);
 break;
@@ -176,7 +176,7 @@ static uint64_t lasips2_reg_read(void *opaque, hwaddr addr, 
unsigned size)
 
 case REG_PS2_RCVDATA:
 if (port->control & LASIPS2_CONTROL_LOOPBACK) {
-port->irq = false;
+port->birq = false;
 port->loopback_rbne = false;
 lasips2_update_irq(port->parent);
 ret = port->buf;
@@ -213,8 +213,8 @@ static uint64_t lasips2_reg_read(void *opaque, hwaddr addr, 
unsigned size)
 }
 }
 
-if (port->parent->kbd_port.parent_obj.irq ||
-port->parent->mouse_port.parent_obj.irq) {
+if (port->parent->kbd_port.parent_obj.birq ||
+port->parent->mouse_port.parent_obj.birq) {
 ret |= LASIPS2_STATUS_CMPINTR;
 }
 break;
@@ -245,7 +245,7 @@ static void lasips2_set_kbd_irq(void *opaque, int n, int 
level)
 LASIPS2State *s = LASIPS2(opaque);
 LASIPS2Port *port = LASIPS2_PORT(&s->kbd_port);
 
-port->irq = level;
+port->birq = level;
 lasips2_update_irq(port->parent);
 }
 
@@ -254,7 +254,7 @@ static void lasips2_set_mouse_irq(void *opaque, int n, int 
level)
 LASIPS2State *s = LASIPS2(opaque);
 LASIPS2Port *port = LASIPS2_PORT(&s->mouse_port);
 
-port->irq = level;
+port->birq = level;
 lasips2_update_irq(port->parent);
 }
 
diff --git a/include/hw/input/lasips2.h b/include/hw/input/lasips2.h
index 84807bec36..4c4b471737 100644
--- a/include/hw/input/lasips2.h
+++ b/include/hw/input/lasips2.h
@@ -40,7 +40,7 @@ struct LASIPS2Port {
 uint8_t control;
 uint8_t buf;
 bool loopback_rbne;
-bool irq;
+bool birq;
 };
 
 #define TYPE_LASIPS2_KBD_PORT "lasips2-kbd-port"
-- 
2.30.2

[PULL 05/40] pl050: introduce new PL050_MOUSE_DEVICE QOM type

[Mark Cave-Ayland]

This will be soon be used to hold the underlying PS2_MOUSE_DEVICE object.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-6-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pl050.c | 3 ++-
 include/hw/input/pl050.h | 7 +++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/input/pl050.c b/hw/input/pl050.c
index 7f4ac99081..88459997e0 100644
--- a/hw/input/pl050.c
+++ b/hw/input/pl050.c
@@ -189,9 +189,10 @@ static const TypeInfo pl050_kbd_info = {
 };
 
 static const TypeInfo pl050_mouse_info = {
-.name  = "pl050_mouse",
+.name  = TYPE_PL050_MOUSE_DEVICE,
 .parent= TYPE_PL050,
 .instance_init = pl050_mouse_init,
+.instance_size = sizeof(PL050MouseState),
 };
 
 static void pl050_init(Object *obj)
diff --git a/include/hw/input/pl050.h b/include/hw/input/pl050.h
index 9ce8794bd0..bb0e87ff45 100644
--- a/include/hw/input/pl050.h
+++ b/include/hw/input/pl050.h
@@ -39,4 +39,11 @@ struct PL050KbdState {
 PL050State parent_obj;
 };
 
+#define TYPE_PL050_MOUSE_DEVICE "pl050_mouse"
+OBJECT_DECLARE_SIMPLE_TYPE(PL050MouseState, PL050_MOUSE_DEVICE)
+
+struct PL050MouseState {
+PL050State parent_obj;
+};
+
 #endif
-- 
2.30.2

[PULL 09/40] pl050: introduce pl050_mouse_class_init() and pl050_mouse_realize()

[Mark Cave-Ayland]

Introduce a new pl050_mouse_class_init() function containing a call to
device_class_set_parent_realize() which calls a new pl050_mouse_realize()
function to initialise the PS2 mouse device.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-10-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pl050.c | 23 +++
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/hw/input/pl050.c b/hw/input/pl050.c
index 24363c007e..fcc40758a3 100644
--- a/hw/input/pl050.c
+++ b/hw/input/pl050.c
@@ -153,10 +153,6 @@ static void pl050_realize(DeviceState *dev, Error **errp)
 {
 PL050State *s = PL050(dev);
 
-if (s->is_mouse) {
-s->ps2dev = ps2_mouse_init();
-}
-
 qdev_connect_gpio_out(DEVICE(s->ps2dev), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-input-irq", 0));
 }
@@ -177,6 +173,15 @@ static void pl050_kbd_init(Object *obj)
 s->is_mouse = false;
 }
 
+static void pl050_mouse_realize(DeviceState *dev, Error **errp)
+{
+PL050DeviceClass *pdc = PL050_GET_CLASS(dev);
+PL050State *ps = PL050(dev);
+
+ps->ps2dev = ps2_mouse_init();
+pdc->parent_realize(dev, errp);
+}
+
 static void pl050_mouse_init(Object *obj)
 {
 PL050State *s = PL050(obj);
@@ -201,11 +206,21 @@ static const TypeInfo pl050_kbd_info = {
 .class_init= pl050_kbd_class_init,
 };
 
+static void pl050_mouse_class_init(ObjectClass *oc, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(oc);
+PL050DeviceClass *pdc = PL050_CLASS(oc);
+
+device_class_set_parent_realize(dc, pl050_mouse_realize,
+&pdc->parent_realize);
+}
+
 static const TypeInfo pl050_mouse_info = {
 .name  = TYPE_PL050_MOUSE_DEVICE,
 .parent= TYPE_PL050,
 .instance_init = pl050_mouse_init,
 .instance_size = sizeof(PL050MouseState),
+.class_init= pl050_mouse_class_init,
 };
 
 static void pl050_init(Object *obj)
-- 
2.30.2

[PULL 08/40] pl050: introduce pl050_kbd_class_init() and pl050_kbd_realize()

[Mark Cave-Ayland]

Introduce a new pl050_kbd_class_init() function containing a call to
device_class_set_parent_realize() which calls a new pl050_kbd_realize()
function to initialise the PS2 keyboard device.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-9-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pl050.c | 21 +++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/hw/input/pl050.c b/hw/input/pl050.c
index d7796b73a1..24363c007e 100644
--- a/hw/input/pl050.c
+++ b/hw/input/pl050.c
@@ -155,14 +155,21 @@ static void pl050_realize(DeviceState *dev, Error **errp)
 
 if (s->is_mouse) {
 s->ps2dev = ps2_mouse_init();
-} else {
-s->ps2dev = ps2_kbd_init();
 }
 
 qdev_connect_gpio_out(DEVICE(s->ps2dev), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-input-irq", 0));
 }
 
+static void pl050_kbd_realize(DeviceState *dev, Error **errp)
+{
+PL050DeviceClass *pdc = PL050_GET_CLASS(dev);
+PL050State *ps = PL050(dev);
+
+ps->ps2dev = ps2_kbd_init();
+pdc->parent_realize(dev, errp);
+}
+
 static void pl050_kbd_init(Object *obj)
 {
 PL050State *s = PL050(obj);
@@ -177,11 +184,21 @@ static void pl050_mouse_init(Object *obj)
 s->is_mouse = true;
 }
 
+static void pl050_kbd_class_init(ObjectClass *oc, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(oc);
+PL050DeviceClass *pdc = PL050_CLASS(oc);
+
+device_class_set_parent_realize(dc, pl050_kbd_realize,
+&pdc->parent_realize);
+}
+
 static const TypeInfo pl050_kbd_info = {
 .name  = TYPE_PL050_KBD_DEVICE,
 .parent= TYPE_PL050,
 .instance_init = pl050_kbd_init,
 .instance_size = sizeof(PL050KbdState),
+.class_init= pl050_kbd_class_init,
 };
 
 static const TypeInfo pl050_mouse_info = {
-- 
2.30.2

[PULL 19/40] lasips2: move keyboard port initialisation to new lasips2_kbd_port_init() function

[Mark Cave-Ayland]

Move the initialisation of the keyboard port from lasips2_init() to
a new lasips2_kbd_port_init() function which will be invoked using
object_initialize_child() during the LASIPS2 device init.

Update LASIPS2State so that it now holds the new LASIPS2KbdPort child object and
ensure that it is realised in lasips2_realize().

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-20-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/lasips2.c | 47 ++
 include/hw/input/lasips2.h |  2 +-
 2 files changed, 34 insertions(+), 15 deletions(-)

diff --git a/hw/input/lasips2.c b/hw/input/lasips2.c
index f70cf893f6..74427c9990 100644
--- a/hw/input/lasips2.c
+++ b/hw/input/lasips2.c
@@ -40,9 +40,9 @@ static const VMStateDescription vmstate_lasips2 = {
 .version_id = 0,
 .minimum_version_id = 0,
 .fields = (VMStateField[]) {
-VMSTATE_UINT8(kbd.control, LASIPS2State),
-VMSTATE_UINT8(kbd.id, LASIPS2State),
-VMSTATE_BOOL(kbd.irq, LASIPS2State),
+VMSTATE_UINT8(kbd_port.parent_obj.control, LASIPS2State),
+VMSTATE_UINT8(kbd_port.parent_obj.id, LASIPS2State),
+VMSTATE_BOOL(kbd_port.parent_obj.irq, LASIPS2State),
 VMSTATE_UINT8(mouse.control, LASIPS2State),
 VMSTATE_UINT8(mouse.id, LASIPS2State),
 VMSTATE_BOOL(mouse.irq, LASIPS2State),
@@ -119,8 +119,8 @@ static const char *lasips2_write_reg_name(uint64_t addr)
 
 static void lasips2_update_irq(LASIPS2State *s)
 {
-trace_lasips2_intr(s->kbd.irq | s->mouse.irq);
-qemu_set_irq(s->irq, s->kbd.irq | s->mouse.irq);
+trace_lasips2_intr(s->kbd_port.parent_obj.irq | s->mouse.irq);
+qemu_set_irq(s->irq, s->kbd_port.parent_obj.irq | s->mouse.irq);
 }
 
 static void lasips2_reg_write(void *opaque, hwaddr addr, uint64_t val,
@@ -211,7 +211,7 @@ static uint64_t lasips2_reg_read(void *opaque, hwaddr addr, 
unsigned size)
 }
 }
 
-if (port->parent->kbd.irq || port->parent->mouse.irq) {
+if (port->parent->kbd_port.parent_obj.irq || port->parent->mouse.irq) {
 ret |= LASIPS2_STATUS_CMPINTR;
 }
 break;
@@ -240,7 +240,7 @@ static const MemoryRegionOps lasips2_reg_ops = {
 static void lasips2_set_kbd_irq(void *opaque, int n, int level)
 {
 LASIPS2State *s = LASIPS2(opaque);
-LASIPS2Port *port = &s->kbd;
+LASIPS2Port *port = LASIPS2_PORT(&s->kbd_port);
 
 port->irq = level;
 lasips2_update_irq(port->parent);
@@ -258,9 +258,15 @@ static void lasips2_set_mouse_irq(void *opaque, int n, int 
level)
 static void lasips2_realize(DeviceState *dev, Error **errp)
 {
 LASIPS2State *s = LASIPS2(dev);
+LASIPS2Port *lp;
 
-s->kbd.ps2dev = ps2_kbd_init();
-qdev_connect_gpio_out(DEVICE(s->kbd.ps2dev), PS2_DEVICE_IRQ,
+lp = LASIPS2_PORT(&s->kbd_port);
+if (!(qdev_realize(DEVICE(lp), NULL, errp))) {
+return;
+}
+
+lp->ps2dev = ps2_kbd_init();
+qdev_connect_gpio_out(DEVICE(lp->ps2dev), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-kbd-input-irq",
  0));
 s->mouse.ps2dev = ps2_mouse_init();
@@ -272,18 +278,19 @@ static void lasips2_realize(DeviceState *dev, Error 
**errp)
 static void lasips2_init(Object *obj)
 {
 LASIPS2State *s = LASIPS2(obj);
+LASIPS2Port *lp;
+
+object_initialize_child(obj, "lasips2-kbd-port", &s->kbd_port,
+TYPE_LASIPS2_KBD_PORT);
 
-s->kbd.id = 0;
 s->mouse.id = 1;
-s->kbd.parent = s;
 s->mouse.parent = s;
 
-memory_region_init_io(&s->kbd.reg, obj, &lasips2_reg_ops, &s->kbd,
-  "lasips2-kbd", 0x100);
 memory_region_init_io(&s->mouse.reg, obj, &lasips2_reg_ops, &s->mouse,
   "lasips2-mouse", 0x100);
 
-sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->kbd.reg);
+lp = LASIPS2_PORT(&s->kbd_port);
+sysbus_init_mmio(SYS_BUS_DEVICE(obj), &lp->reg);
 sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->mouse.reg);
 
 sysbus_init_irq(SYS_BUS_DEVICE(obj), &s->irq);
@@ -318,10 +325,22 @@ static const TypeInfo lasips2_port_info = {
 .abstract  = true,
 };
 
+static void lasips2_kbd_port_init(Object *obj)
+{
+LASIPS2KbdPort *s = LASIPS2_KBD_PORT(obj);
+LASIPS2Port *lp = LASIPS2_PORT(obj);
+
+memory_region_init_io(&lp->reg, obj, &lasips2_reg_ops, lp, "lasips2-kbd",
+  0x100);
+lp->id = 0;
+lp->parent = container_of(s, LASIPS2State, kbd_port);
+}
+
 static const TypeInfo lasips2_kbd_port_info = {
 .name  = TYPE_LASIPS2_KBD_PORT,
 .parent= TYPE_LASIPS2_PORT,
 .instance_size = sizeof(LASIPS2KbdPort),
+.instance_init = lasips2_kbd_port_init,
 };
 
 static const TypeInfo lasips2_mouse_port_info = {
diff --git a/include/hw/input/lasips2.h b/include/hw/inp

[PULL 03/40] pl050: change PL050State dev pointer from void to PS2State

[Mark Cave-Ayland]

This allows the compiler to enforce that the PS2 device pointer is always of
type PS2State. Update the name of the pointer from dev to ps2dev to emphasise
this type change.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-4-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pl050.c | 13 +++--
 include/hw/input/pl050.h |  2 +-
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/hw/input/pl050.c b/hw/input/pl050.c
index 8e32b8ed46..0d91b0eaea 100644
--- a/hw/input/pl050.c
+++ b/hw/input/pl050.c
@@ -101,7 +101,7 @@ static uint64_t pl050_read(void *opaque, hwaddr offset,
 }
 case 2: /* KMIDATA */
 if (s->pending) {
-s->last = ps2_read_data(s->dev);
+s->last = ps2_read_data(s->ps2dev);
 }
 return s->last;
 case 3: /* KMICLKDIV */
@@ -130,9 +130,9 @@ static void pl050_write(void *opaque, hwaddr offset,
 /* ??? This should toggle the TX interrupt line.  */
 /* ??? This means kbd/mouse can block each other.  */
 if (s->is_mouse) {
-ps2_write_mouse(s->dev, value);
+ps2_write_mouse(PS2_MOUSE_DEVICE(s->ps2dev), value);
 } else {
-ps2_write_keyboard(s->dev, value);
+ps2_write_keyboard(PS2_KBD_DEVICE(s->ps2dev), value);
 }
 break;
 case 3: /* KMICLKDIV */
@@ -158,11 +158,12 @@ static void pl050_realize(DeviceState *dev, Error **errp)
 sysbus_init_mmio(sbd, &s->iomem);
 sysbus_init_irq(sbd, &s->irq);
 if (s->is_mouse) {
-s->dev = ps2_mouse_init();
+s->ps2dev = ps2_mouse_init();
 } else {
-s->dev = ps2_kbd_init();
+s->ps2dev = ps2_kbd_init();
 }
-qdev_connect_gpio_out(DEVICE(s->dev), PS2_DEVICE_IRQ,
+
+qdev_connect_gpio_out(DEVICE(s->ps2dev), PS2_DEVICE_IRQ,
   qdev_get_gpio_in_named(dev, "ps2-input-irq", 0));
 }
 
diff --git a/include/hw/input/pl050.h b/include/hw/input/pl050.h
index 2bbf7a9d50..c1f6c5a1fb 100644
--- a/include/hw/input/pl050.h
+++ b/include/hw/input/pl050.h
@@ -23,7 +23,7 @@ struct PL050State {
 SysBusDevice parent_obj;
 
 MemoryRegion iomem;
-void *dev;
+PS2State *ps2dev;
 uint32_t cr;
 uint32_t clk;
 uint32_t last;
-- 
2.30.2

[PULL 11/40] pl050: don't use legacy ps2_mouse_init() function

[Mark Cave-Ayland]

Instantiate the PS2 mouse device within PL050MouseState using
object_initialize_child() in pl050_mouse_init() and realize it in
pl050_mouse_realize() accordingly.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-12-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pl050.c | 13 ++---
 include/hw/input/pl050.h |  2 ++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/hw/input/pl050.c b/hw/input/pl050.c
index 64b579e877..ec5e19285e 100644
--- a/hw/input/pl050.c
+++ b/hw/input/pl050.c
@@ -183,17 +183,24 @@ static void pl050_kbd_init(Object *obj)
 static void pl050_mouse_realize(DeviceState *dev, Error **errp)
 {
 PL050DeviceClass *pdc = PL050_GET_CLASS(dev);
+PL050MouseState *s = PL050_MOUSE_DEVICE(dev);
 PL050State *ps = PL050(dev);
 
-ps->ps2dev = ps2_mouse_init();
+if (!sysbus_realize(SYS_BUS_DEVICE(&s->mouse), errp)) {
+return;
+}
+
+ps->ps2dev = PS2_DEVICE(&s->mouse);
 pdc->parent_realize(dev, errp);
 }
 
 static void pl050_mouse_init(Object *obj)
 {
-PL050State *s = PL050(obj);
+PL050MouseState *s = PL050_MOUSE_DEVICE(obj);
+PL050State *ps = PL050(obj);
 
-s->is_mouse = true;
+ps->is_mouse = true;
+object_initialize_child(obj, "mouse", &s->mouse, TYPE_PS2_MOUSE_DEVICE);
 }
 
 static void pl050_kbd_class_init(ObjectClass *oc, void *data)
diff --git a/include/hw/input/pl050.h b/include/hw/input/pl050.h
index 28f6216dc3..89ec4fafc9 100644
--- a/include/hw/input/pl050.h
+++ b/include/hw/input/pl050.h
@@ -52,6 +52,8 @@ OBJECT_DECLARE_SIMPLE_TYPE(PL050MouseState, 
PL050_MOUSE_DEVICE)
 
 struct PL050MouseState {
 PL050State parent_obj;
+
+PS2MouseState mouse;
 };
 
 #endif
-- 
2.30.2

[PULL 06/40] pl050: move logic from pl050_realize() to pl050_init()

[Mark Cave-Ayland]

The logic for initialising the register memory region and the sysbus output IRQ
does not depend upon any device properties and so can be moved from
pl050_realize() to pl050_init().

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-7-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pl050.c | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/hw/input/pl050.c b/hw/input/pl050.c
index 88459997e0..e32d86005a 100644
--- a/hw/input/pl050.c
+++ b/hw/input/pl050.c
@@ -152,11 +152,7 @@ static const MemoryRegionOps pl050_ops = {
 static void pl050_realize(DeviceState *dev, Error **errp)
 {
 PL050State *s = PL050(dev);
-SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 
-memory_region_init_io(&s->iomem, OBJECT(s), &pl050_ops, s, "pl050", 
0x1000);
-sysbus_init_mmio(sbd, &s->iomem);
-sysbus_init_irq(sbd, &s->irq);
 if (s->is_mouse) {
 s->ps2dev = ps2_mouse_init();
 } else {
@@ -197,6 +193,13 @@ static const TypeInfo pl050_mouse_info = {
 
 static void pl050_init(Object *obj)
 {
+PL050State *s = PL050(obj);
+SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
+
+memory_region_init_io(&s->iomem, obj, &pl050_ops, s, "pl050", 0x1000);
+sysbus_init_mmio(sbd, &s->iomem);
+sysbus_init_irq(sbd, &s->irq);
+
 qdev_init_gpio_in_named(DEVICE(obj), pl050_set_irq, "ps2-input-irq", 1);
 }
 
-- 
2.30.2

[PULL 01/40] pl050: move PL050State from pl050.c to new pl050.h header file

[Mark Cave-Ayland]

This allows the QOM types in pl050.c to be used elsewhere by simply including
pl050.h.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-2-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pl050.c | 16 +---
 include/hw/input/pl050.h | 35 +++
 2 files changed, 36 insertions(+), 15 deletions(-)
 create mode 100644 include/hw/input/pl050.h

diff --git a/hw/input/pl050.c b/hw/input/pl050.c
index 209cc001cf..c7980b6ed7 100644
--- a/hw/input/pl050.c
+++ b/hw/input/pl050.c
@@ -19,26 +19,12 @@
 #include "hw/sysbus.h"
 #include "migration/vmstate.h"
 #include "hw/input/ps2.h"
+#include "hw/input/pl050.h"
 #include "hw/irq.h"
 #include "qemu/log.h"
 #include "qemu/module.h"
 #include "qom/object.h"
 
-#define TYPE_PL050 "pl050"
-OBJECT_DECLARE_SIMPLE_TYPE(PL050State, PL050)
-
-struct PL050State {
-SysBusDevice parent_obj;
-
-MemoryRegion iomem;
-void *dev;
-uint32_t cr;
-uint32_t clk;
-uint32_t last;
-int pending;
-qemu_irq irq;
-bool is_mouse;
-};
 
 static const VMStateDescription vmstate_pl050 = {
 .name = "pl050",
diff --git a/include/hw/input/pl050.h b/include/hw/input/pl050.h
new file mode 100644
index 00..2bbf7a9d50
--- /dev/null
+++ b/include/hw/input/pl050.h
@@ -0,0 +1,35 @@
+/*
+ * Arm PrimeCell PL050 Keyboard / Mouse Interface
+ *
+ * Copyright (c) 2006-2007 CodeSourcery.
+ * Written by Paul Brook
+ *
+ * This code is licensed under the GPL.
+ */
+
+#ifndef HW_PL050_H
+#define HW_PL050_H
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "migration/vmstate.h"
+#include "hw/input/ps2.h"
+#include "hw/irq.h"
+
+#define TYPE_PL050 "pl050"
+OBJECT_DECLARE_SIMPLE_TYPE(PL050State, PL050)
+
+struct PL050State {
+SysBusDevice parent_obj;
+
+MemoryRegion iomem;
+void *dev;
+uint32_t cr;
+uint32_t clk;
+uint32_t last;
+int pending;
+qemu_irq irq;
+bool is_mouse;
+};
+
+#endif
-- 
2.30.2

[PULL 00/40] qemu-sparc queue 20220718

[Mark Cave-Ayland]

The following changes since commit 782378973121addeb11b13fd12a6ac2e69faa33f:

  Merge tag 'pull-target-arm-20220718' of 
https://git.linaro.org/people/pmaydell/qemu-arm into staging (2022-07-18 
16:29:32 +0100)

are available in the Git repository at:

  https://github.com/mcayland/qemu.git tags/qemu-sparc-20220718

for you to fetch changes up to b704d63d094cc757c20c186ff40d692deb5e30de:

  pckbd: remove legacy i8042_mm_init() function (2022-07-18 19:28:46 +0100)


qemu-sparc queue
- This is the second half of the PS2 QOMification patchset


Mark Cave-Ayland (40):
  pl050: move PL050State from pl050.c to new pl050.h header file
  pl050: rename pl050_keyboard_init() to pl050_kbd_init()
  pl050: change PL050State dev pointer from void to PS2State
  pl050: introduce new PL050_KBD_DEVICE QOM type
  pl050: introduce new PL050_MOUSE_DEVICE QOM type
  pl050: move logic from pl050_realize() to pl050_init()
  pl050: introduce PL050DeviceClass for the PL050 device
  pl050: introduce pl050_kbd_class_init() and pl050_kbd_realize()
  pl050: introduce pl050_mouse_class_init() and pl050_mouse_realize()
  pl050: don't use legacy ps2_kbd_init() function
  pl050: don't use legacy ps2_mouse_init() function
  lasips2: don't use vmstate_register() in lasips2_realize()
  lasips2: remove the qdev base property and the lasips2_properties array
  lasips2: remove legacy lasips2_initfn() function
  lasips2: change LASIPS2State dev pointer from void to PS2State
  lasips2: QOMify LASIPS2Port
  lasips2: introduce new LASIPS2_KBD_PORT QOM type
  lasips2: introduce new LASIPS2_MOUSE_PORT QOM type
  lasips2: move keyboard port initialisation to new lasips2_kbd_port_init() 
function
  lasips2: move mouse port initialisation to new lasips2_mouse_port_init() 
function
  lasips2: introduce lasips2_kbd_port_class_init() and 
lasips2_kbd_port_realize()
  lasips2: introduce lasips2_mouse_port_class_init() and 
lasips2_mouse_port_realize()
  lasips2: rename LASIPS2Port irq field to birq
  lasips2: introduce port IRQ and new lasips2_port_init() function
  lasips2: introduce LASIPS2PortDeviceClass for the LASIPS2_PORT device
  lasips2: add named input gpio to port for downstream PS2 device IRQ
  lasips2: add named input gpio to handle incoming port IRQs
  lasips2: switch to using port-based IRQs
  lasips2: rename LASIPS2Port parent pointer to lasips2
  lasips2: standardise on lp name for LASIPS2Port variables
  lasips2: switch register memory region to DEVICE_BIG_ENDIAN
  lasips2: don't use legacy ps2_kbd_init() function
  lasips2: don't use legacy ps2_mouse_init() function
  lasips2: update VMStateDescription for LASIPS2 device
  pckbd: introduce new vmstate_kbd_mmio VMStateDescription for the 
I8042_MMIO device
  pckbd: don't use legacy ps2_kbd_init() function
  ps2: remove unused legacy ps2_kbd_init() function
  pckbd: don't use legacy ps2_mouse_init() function
  ps2: remove unused legacy ps2_mouse_init() function
  pckbd: remove legacy i8042_mm_init() function

 hw/hppa/machine.c  |   7 +-
 hw/input/lasips2.c | 320 +++--
 hw/input/pckbd.c   |  82 +++-
 hw/input/pl050.c   | 112 +++-
 hw/input/ps2.c |  26 
 hw/input/trace-events  |   2 -
 hw/mips/jazz.c |  13 +-
 include/hw/input/i8042.h   |   7 +-
 include/hw/input/lasips2.h |  57 +---
 include/hw/input/pl050.h   |  59 +
 include/hw/input/ps2.h |   2 -
 11 files changed, 466 insertions(+), 221 deletions(-)
 create mode 100644 include/hw/input/pl050.h

[PULL 07/40] pl050: introduce PL050DeviceClass for the PL050 device

[Mark Cave-Ayland]

This will soon be used to store the reference to the PL050 parent device
for PL050_KBD_DEVICE and PL050_MOUSE_DEVICE.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-8-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pl050.c | 2 ++
 include/hw/input/pl050.h | 8 +++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/input/pl050.c b/hw/input/pl050.c
index e32d86005a..d7796b73a1 100644
--- a/hw/input/pl050.c
+++ b/hw/input/pl050.c
@@ -216,6 +216,8 @@ static const TypeInfo pl050_type_info = {
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_init = pl050_init,
 .instance_size = sizeof(PL050State),
+.class_init= pl050_class_init,
+.class_size= sizeof(PL050DeviceClass),
 .abstract  = true,
 .class_init= pl050_class_init,
 };
diff --git a/include/hw/input/pl050.h b/include/hw/input/pl050.h
index bb0e87ff45..203f03a194 100644
--- a/include/hw/input/pl050.h
+++ b/include/hw/input/pl050.h
@@ -16,8 +16,14 @@
 #include "hw/input/ps2.h"
 #include "hw/irq.h"
 
+struct PL050DeviceClass {
+SysBusDeviceClass parent_class;
+
+DeviceRealize parent_realize;
+};
+
 #define TYPE_PL050 "pl050"
-OBJECT_DECLARE_SIMPLE_TYPE(PL050State, PL050)
+OBJECT_DECLARE_TYPE(PL050State, PL050DeviceClass, PL050)
 
 struct PL050State {
 SysBusDevice parent_obj;
-- 
2.30.2

[PULL 02/40] pl050: rename pl050_keyboard_init() to pl050_kbd_init()

[Mark Cave-Ayland]

This is for consistency with all of the other devices that use the PS2 keyboard
device.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-3-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pl050.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/input/pl050.c b/hw/input/pl050.c
index c7980b6ed7..8e32b8ed46 100644
--- a/hw/input/pl050.c
+++ b/hw/input/pl050.c
@@ -166,7 +166,7 @@ static void pl050_realize(DeviceState *dev, Error **errp)
   qdev_get_gpio_in_named(dev, "ps2-input-irq", 0));
 }
 
-static void pl050_keyboard_init(Object *obj)
+static void pl050_kbd_init(Object *obj)
 {
 PL050State *s = PL050(obj);
 
@@ -183,7 +183,7 @@ static void pl050_mouse_init(Object *obj)
 static const TypeInfo pl050_kbd_info = {
 .name  = "pl050_keyboard",
 .parent= TYPE_PL050,
-.instance_init = pl050_keyboard_init,
+.instance_init = pl050_kbd_init,
 };
 
 static const TypeInfo pl050_mouse_info = {
-- 
2.30.2

[PULL 04/40] pl050: introduce new PL050_KBD_DEVICE QOM type

[Mark Cave-Ayland]

This will be soon be used to hold the underlying PS2_KBD_DEVICE object.

Signed-off-by: Mark Cave-Ayland 
Tested-by: Helge Deller 
Acked-by: Helge Deller 
Reviewed-by: Peter Maydell 
Message-Id: <20220712215251.7944-5-mark.cave-ayl...@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé 
---
 hw/input/pl050.c | 3 ++-
 include/hw/input/pl050.h | 7 +++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/input/pl050.c b/hw/input/pl050.c
index 0d91b0eaea..7f4ac99081 100644
--- a/hw/input/pl050.c
+++ b/hw/input/pl050.c
@@ -182,9 +182,10 @@ static void pl050_mouse_init(Object *obj)
 }
 
 static const TypeInfo pl050_kbd_info = {
-.name  = "pl050_keyboard",
+.name  = TYPE_PL050_KBD_DEVICE,
 .parent= TYPE_PL050,
 .instance_init = pl050_kbd_init,
+.instance_size = sizeof(PL050KbdState),
 };
 
 static const TypeInfo pl050_mouse_info = {
diff --git a/include/hw/input/pl050.h b/include/hw/input/pl050.h
index c1f6c5a1fb..9ce8794bd0 100644
--- a/include/hw/input/pl050.h
+++ b/include/hw/input/pl050.h
@@ -32,4 +32,11 @@ struct PL050State {
 bool is_mouse;
 };
 
+#define TYPE_PL050_KBD_DEVICE "pl050_keyboard"
+OBJECT_DECLARE_SIMPLE_TYPE(PL050KbdState, PL050_KBD_DEVICE)
+
+struct PL050KbdState {
+PL050State parent_obj;
+};
+
 #endif
-- 
2.30.2

Re: [PATCH v4 2/3] target/ppc: Implement hashst and hashchk

[Lucas Mateus Martins Araujo e Castro]

On 15/07/2022 17:54, Víctor Colombo wrote:

Implementation for instructions hashst and hashchk, which were added
in Power ISA 3.1B.

It was decided to implement the hash algorithm from ground up in this
patch exactly as described in Power ISA.

Signed-off-by: Víctor Colombo
---
  target/ppc/excp_helper.c   | 82 ++
  target/ppc/helper.h|  2 +
  target/ppc/insn32.decode   |  8 +++
  target/ppc/translate.c |  5 ++
  target/ppc/translate/fixedpoint-impl.c.inc | 32 +
  5 files changed, 129 insertions(+)

diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index cb752b184a..fa5a737e22 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -2174,6 +2174,88 @@ void helper_td(CPUPPCState *env, target_ulong arg1, 
target_ulong arg2,
  #endif
  #endif

+static uint32_t helper_SIMON_LIKE_32_64(uint32_t x, uint64_t key, uint32_t 
lane)
+{
+const uint16_t c = 0xfffc;
+const uint64_t z0 = 0xfa2561cdf44ac398ULL;
+uint16_t z = 0, temp;
+uint16_t k[32], eff_k[32], xleft[33], xright[33], fxleft[32];
+
+for (int i = 3; i >= 0; i--) {
+k[i] = key & 0x;
+key >>= 16;
+}
+xleft[0] = x & 0x;
+xright[0] = (x >> 16) & 0x;
+
+for (int i = 0; i < 28; i++) {
+z = (z0 >> (63 - i)) & 1;
+temp = ror16(k[i + 3], 3) ^ k[i + 1];
+k[i + 4] = c ^ z ^ k[i] ^ temp ^ ror16(temp, 1);
+}
+
+for (int i = 0; i < 8; i++) {
+eff_k[4 * i + 0] = k[4 * i + ((0 + lane) % 4)];
+eff_k[4 * i + 1] = k[4 * i + ((1 + lane) % 4)];
+eff_k[4 * i + 2] = k[4 * i + ((2 + lane) % 4)];
+eff_k[4 * i + 3] = k[4 * i + ((3 + lane) % 4)];
+}
+
+for (int i = 0; i < 32; i++) {
+fxleft[i] = (rol16(xleft[i], 1) &
+rol16(xleft[i], 8)) ^ rol16(xleft[i], 2);
+xleft[i + 1] = xright[i] ^ fxleft[i] ^ eff_k[i];
+xright[i + 1] = xleft[i];
+}
+
+return (((uint32_t)xright[32]) << 16) | xleft[32];
+}
+
+static uint64_t hash_digest(uint64_t ra, uint64_t rb, uint64_t key)
+{
+uint64_t stage0_h = 0ULL, stage0_l = 0ULL;
+uint64_t stage1_h, stage1_l;
+
+for (int i = 0; i < 4; i++) {
+stage0_h |= ror64(rb & 0xff, 8 * (2 * i + 1));
+stage0_h |= ((ra >> 32) & 0xff) << (8 * 2 * i);
+stage0_l |= ror64((rb >> 32) & 0xff, 8 * (2 * i + 1));
+stage0_l |= (ra & 0xff) << (8 * 2 * i);
+rb >>= 8;
+ra >>= 8;
+}
+
+stage1_h = (uint64_t)helper_SIMON_LIKE_32_64(stage0_h >> 32, key, 0) << 32;
+stage1_h |= helper_SIMON_LIKE_32_64(stage0_h, key, 1);
+stage1_l = (uint64_t)helper_SIMON_LIKE_32_64(stage0_l >> 32, key, 2) << 32;
+stage1_l |= helper_SIMON_LIKE_32_64(stage0_l, key, 3);
+
+return stage1_h ^ stage1_l;
+}
+
+#include "qemu/guest-random.h"
+
+#define HELPER_HASH(op, key, store)   \
+void helper_##op(CPUPPCState *env, target_ulong ea, target_ulong ra,  \
+ target_ulong rb) \
+{ \
+uint64_t calculated_hash = hash_digest(ra, rb, key), loaded_hash; \
+  \
+if (store) {  \
+cpu_stq_data_ra(env, ea, calculated_hash, GETPC());   \
+} else {  \
+loaded_hash = cpu_ldq_data_ra(env, ea, GETPC());  \
+if (loaded_hash != calculated_hash) { \
+/* hashes don't match, trap */\
+raise_exception_err_ra(env, POWERPC_EXCP_PROGRAM, \
+POWERPC_EXCP_TRAP, GETPC());  \
+} \
+} \
+}

Maybe this macro could be 2 separate helpers so it's easier to debug.

Reviewed-by: Lucas Mateus Castro 


+
+HELPER_HASH(HASHST, env->spr[SPR_HASHKEYR], true)
+HELPER_HASH(HASHCHK, env->spr[SPR_HASHKEYR], false)
+
  #if !defined(CONFIG_USER_ONLY)

  #ifdef CONFIG_TCG
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 159b352f6e..5817af632b 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -4,6 +4,8 @@ DEF_HELPER_FLAGS_4(tw, TCG_CALL_NO_WG, void, env, tl, tl, i32)
  #if defined(TARGET_PPC64)
  DEF_HELPER_FLAGS_4(td, TCG_CALL_NO_WG, void, env, tl, tl, i32)
  #endif
+DEF_HELPER_4(HASHST, void, env, tl, tl, tl)
+DEF_HELPER_4(HASHCHK, void, env, tl, tl, tl)
  #if !defined(CONFIG_USER_ONLY)
  DEF_HELPER_2(store_msr, void, env, tl)
  DEF_HELPER_1(rfi, void, env)
diff --git a/target/ppc/i

Re: [PATCH v2 00/40] PS2 device QOMification - part 2

[Mark Cave-Ayland]

On 12/07/2022 22:52, Mark Cave-Ayland wrote:


Here is the follow-on series from part 1 which completes the work to remove
the legacy global device init functions for PS2 devices. Now that part 1 has
been applied, the hard part to remove the PS2 function callback and argument
has been completed and all that remains is to improve the PS2 device
QOMification to allow the legacy PS2 functions to be removed.

Patches 1-11 update the pl050 device to remove the use of ps2_kbd_init() and
ps2_mouse_init(), whilst patches 12-34 make some more involved changes to
the lasips2 device (in particular completing the LASIPS2Port abstraction)
before doing the same.

Finally patches 35-40 complete the process for the pckbd (I8042 and I8042_MMIO
devices) before removing the now unused ps2_kbd_init(), ps2_mouse_init() and
i8042_mm_init() functions.

Note that this series is a migration break for the HPPA B160L and MIPS magnum
machines: I've had agreement from both Helge and Hervé that this is worth
doing to allow the use of the DeviceClass vmsd property to set the
VMStateDescription rather than manually calling vmstate_register().

Signed-off-by: Mark Cave-Ayland 

Patches still requiring review for updated commit messages (no code changes
from v1): 27, 28 and 34

v2:
- Rebase onto master
- Add A-B and R-B tags from Helge and Peter
- s/jazz/magnum/ for consistency in commit message for patch 35
- Update commit messages in patches 27 and 28 to clarify why the int_status
   bitmap isn't immediately added to the vmstate_lasips2 VMStateDescription
- Update commit message in patch 34 to detail the extra changes to the
   vmstate_lasips2 VMStateDescription


Mark Cave-Ayland (40):
   pl050: move PL050State from pl050.c to new pl050.h header file
   pl050: rename pl050_keyboard_init() to pl050_kbd_init()
   pl050: change PL050State dev pointer from void to PS2State
   pl050: introduce new PL050_KBD_DEVICE QOM type
   pl050: introduce new PL050_MOUSE_DEVICE QOM type
   pl050: move logic from pl050_realize() to pl050_init()
   pl050: introduce PL050DeviceClass for the PL050 device
   pl050: introduce pl050_kbd_class_init() and pl050_kbd_realize()
   pl050: introduce pl050_mouse_class_init() and pl050_mouse_realize()
   pl050: don't use legacy ps2_kbd_init() function
   pl050: don't use legacy ps2_mouse_init() function
   lasips2: don't use vmstate_register() in lasips2_realize()
   lasips2: remove the qdev base property and the lasips2_properties
 array
   lasips2: remove legacy lasips2_initfn() function
   lasips2: change LASIPS2State dev pointer from void to PS2State
   lasips2: QOMify LASIPS2Port
   lasips2: introduce new LASIPS2_KBD_PORT QOM type
   lasips2: introduce new LASIPS2_MOUSE_PORT QOM type
   lasips2: move keyboard port initialisation to new
 lasips2_kbd_port_init() function
   lasips2: move mouse port initialisation to new
 lasips2_mouse_port_init() function
   lasips2: introduce lasips2_kbd_port_class_init() and
 lasips2_kbd_port_realize()
   lasips2: introduce lasips2_mouse_port_class_init() and
 lasips2_mouse_port_realize()
   lasips2: rename LASIPS2Port irq field to birq
   lasips2: introduce port IRQ and new lasips2_port_init() function
   lasips2: introduce LASIPS2PortDeviceClass for the LASIPS2_PORT device
   lasips2: add named input gpio to port for downstream PS2 device IRQ
   lasips2: add named input gpio to handle incoming port IRQs
   lasips2: switch to using port-based IRQs
   lasips2: rename LASIPS2Port parent pointer to lasips2
   lasips2: standardise on lp name for LASIPS2Port variables
   lasips2: switch register memory region to DEVICE_BIG_ENDIAN
   lasips2: don't use legacy ps2_kbd_init() function
   lasips2: don't use legacy ps2_mouse_init() function
   lasips2: update VMStateDescription for LASIPS2 device
   pckbd: introduce new vmstate_kbd_mmio VMStateDescription for the
 I8042_MMIO device
   pckbd: don't use legacy ps2_kbd_init() function
   ps2: remove unused legacy ps2_kbd_init() function
   pckbd: don't use legacy ps2_mouse_init() function
   ps2: remove unused legacy ps2_mouse_init() function
   pckbd: remove legacy i8042_mm_init() function

  hw/hppa/machine.c  |   7 +-
  hw/input/lasips2.c | 320 ++---
  hw/input/pckbd.c   |  82 ++
  hw/input/pl050.c   | 112 -
  hw/input/ps2.c |  26 ---
  hw/input/trace-events  |   2 -
  hw/mips/jazz.c |  13 +-
  include/hw/input/i8042.h   |   7 +-
  include/hw/input/lasips2.h |  57 +--
  include/hw/input/pl050.h   |  59 +++
  include/hw/input/ps2.h |   2 -
  11 files changed, 466 insertions(+), 221 deletions(-)
  create mode 100644 include/hw/input/pl050.h


I've queued this via my qemu-sparc branch.


ATB,

Mark.

Re: [PATCH] tests: migration-test: Allow test to run without uffd

[Thomas Huth]

On 07/07/2022 20.46, Peter Xu wrote:

We used to stop running all tests if uffd is not detected.  However
logically that's only needed for postcopy not the rest of tests.

Keep running the rest when still possible.

Signed-off-by: Peter Xu 
---
  tests/qtest/migration-test.c | 11 +--
  1 file changed, 5 insertions(+), 6 deletions(-)


Did you test your patch in the gitlab-CI? I just added it to my testing-next 
branch and the the test is failing reproducibly on macOS here:


 https://gitlab.com/thuth/qemu/-/jobs/2736260861#L6275
 https://gitlab.com/thuth/qemu/-/jobs/2736623914#L6275

(without your patch the whole test is skipped instead)

 Thomas

Re: [PATCH v4 3/3] target/ppc: Implement hashstp and hashchkp

[Lucas Mateus Martins Araujo e Castro]

Reviewed-by: Lucas Mateus Castro 

On 15/07/2022 17:54, Víctor Colombo wrote:

Implementation for instructions hashstp and hashchkp, the privileged
versions of hashst and hashchk, which were added in Power ISA 3.1B.

Signed-off-by: Víctor Colombo
---
  target/ppc/excp_helper.c   | 2 ++
  target/ppc/helper.h| 2 ++
  target/ppc/insn32.decode   | 2 ++
  target/ppc/translate/fixedpoint-impl.c.inc | 2 ++
  4 files changed, 8 insertions(+)

diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index fa5a737e22..847eff9213 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -2255,6 +2255,8 @@ void helper_##op(CPUPPCState *env, target_ulong ea, 
target_ulong ra,  \

  HELPER_HASH(HASHST, env->spr[SPR_HASHKEYR], true)
  HELPER_HASH(HASHCHK, env->spr[SPR_HASHKEYR], false)
+HELPER_HASH(HASHSTP, env->spr[SPR_HASHPKEYR], true)
+HELPER_HASH(HASHCHKP, env->spr[SPR_HASHPKEYR], false)

  #if !defined(CONFIG_USER_ONLY)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 5817af632b..122b2e9359 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -6,6 +6,8 @@ DEF_HELPER_FLAGS_4(td, TCG_CALL_NO_WG, void, env, tl, tl, i32)
  #endif
  DEF_HELPER_4(HASHST, void, env, tl, tl, tl)
  DEF_HELPER_4(HASHCHK, void, env, tl, tl, tl)
+DEF_HELPER_4(HASHSTP, void, env, tl, tl, tl)
+DEF_HELPER_4(HASHCHKP, void, env, tl, tl, tl)
  #if !defined(CONFIG_USER_ONLY)
  DEF_HELPER_2(store_msr, void, env, tl)
  DEF_HELPER_1(rfi, void, env)
diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index 544514565c..da08960fca 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -330,6 +330,8 @@ PEXTD   01 . . . 001000 -   @X

  HASHST  01 . . . 1011010010 .   @X_DW
  HASHCHK 01 . . . 100010 .   @X_DW
+HASHSTP 01 . . . 1010010010 .   @X_DW
+HASHCHKP01 . . . 1010110010 .   @X_DW

  ## BCD Assist

diff --git a/target/ppc/translate/fixedpoint-impl.c.inc 
b/target/ppc/translate/fixedpoint-impl.c.inc
index 41c06de8a2..1ba56cbed5 100644
--- a/target/ppc/translate/fixedpoint-impl.c.inc
+++ b/target/ppc/translate/fixedpoint-impl.c.inc
@@ -572,3 +572,5 @@ static bool do_hash(DisasContext *ctx, arg_X *a, bool priv,

  TRANS(HASHST, do_hash, false, gen_helper_HASHST)
  TRANS(HASHCHK, do_hash, false, gen_helper_HASHCHK)
+TRANS(HASHSTP, do_hash, true, gen_helper_HASHSTP)
+TRANS(HASHCHKP, do_hash, true, gen_helper_HASHCHKP)
--
2.25.1



--
Lucas Mateus M. Araujo e Castro
Instituto de Pesquisas ELDORADO 


Departamento Computação Embarcada
Analista de Software Trainee
Aviso Legal - Disclaimer 

Re: [PATCH v2 1/1] python/machine: Fix AF_UNIX path too long on macOS

[Peter Delevoryas]

On Mon, Jul 18, 2022 at 09:56:17AM +0100, Daniel P. Berrangé wrote:
> On Sat, Jul 16, 2022 at 10:34:34AM -0700, Peter Delevoryas wrote:
> > On macOS, private $TMPDIR's are the default. These $TMPDIR's are
> > generated from a user's unix UID and UUID [1], which can create a
> > relatively long path:
> > 
> > /var/folders/d7/rz20f6hd709c1ty8f6_6y_z4gn/T/
> > 
> > QEMU's avocado tests create a temporary directory prefixed by
> > "avo_qemu_sock_", and create QMP sockets within _that_ as well.
> > The QMP socket is unnecessarily long, because a temporary directory
> > is created for every QEMUMachine object.
> > 
> > /avo_qemu_sock_uh3w_dgc/qemu-37331-10bacf110-monitor.sock
> 
> 
> Looking at this again, I realize my suggestion for dealing with the
> second part of the path was mistaken.
> 
> The "qemu-37331-10bacf110-monitor.sock" part is combining two
> pieces.
> 
> First the result of
> 
>   f"qemu-{os.getpid()}-{id(self):02x}"
> 
> is
> 
>   qemu-37331-10bacf110
> 
> and the code later than appends '-monitor.sock'
> 
> So...
> 
> > 
> > The path limit for unix sockets on macOS is 104: [2]
> > 
> > /*
> >  * [XSI] Definitions for UNIX IPC domain.
> >  */
> > struct  sockaddr_un {
> 
> > unsigned char   sun_len;/* sockaddr len including null */
> > sa_family_t sun_family; /* [XSI] AF_UNIX */
> > charsun_path[104];  /* [XSI] path name (gag) */
> > };
> > 
> > This results in avocado tests failing on macOS because the QMP unix
> > socket can't be created, because the path is too long:
> > 
> > ERROR| Failed to establish connection: OSError: AF_UNIX path too long
> > 
> > This change reduces the size of both paths, and removes the unique
> > identification information from the socket name, since it seems to be
> > unnecessary.
> > 
> > This commit produces paths like the following:
> > 
> > pdel@pdel-mbp:/var/folders/d7/rz20f6hd709c1ty8f6_6y_z4gn/T
> > $ tree qemu*
> > qemu_oc7h7f3u
> > ├── qmp-console.sock
> > └── qmp-monitor.sock
> > 
> > [1] 
> > https://apple.stackexchange.com/questions/353832/why-is-mac-osx-temp-directory-in-weird-path
> > [2] 
> > /Library/Developer/CommandLineTools/SDKs/MacOSX12.3.sdk/usr/include/sys/un.h
> > 
> > Signed-off-by: Peter Delevoryas 
> > ---
> >  python/qemu/machine/machine.py | 2 +-
> >  tests/avocado/avocado_qemu/__init__.py | 2 +-
> >  2 files changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/python/qemu/machine/machine.py b/python/qemu/machine/machine.py
> > index 37191f433b..b1823966b3 100644
> > --- a/python/qemu/machine/machine.py
> > +++ b/python/qemu/machine/machine.py
> > @@ -157,7 +157,7 @@ def __init__(self,
> >  self._wrapper = wrapper
> >  self._qmp_timer = qmp_timer
> >  
> > -self._name = name or f"qemu-{os.getpid()}-{id(self):02x}"
> > +self._name = name or "qmp"
> 
> ...my suggestion here was wrong.
> 
> We don't need the os.getpid() unoiqueness because the tmpdir already
> ensures that is safe, but keeping 'id(self)' is a good idea, if the
> test case creates multiple machines concurrently. Bearing in mind we
> later append '-monitor.sock' we don't need 'qmp' in the self._name.

Yeah you're right, it's a good idea to make the QEMUMachine name unique.

When I made v2, I looked around to see if we were creating 2
QEMUMachine's concurrently. I didn't see anything, but looking again, I
see this in tests/migration/guestperf/engine.py:

if self._dst_host != "localhost":
dstmonaddr = ("localhost", 9001)
else:
dstmonaddr = "/var/tmp/qemu-dst-%d-monitor.sock" % os.getpid()
srcmonaddr = "/var/tmp/qemu-src-%d-monitor.sock" % os.getpid()

src = QEMUMachine(self._binary,
  args=self._get_src_args(hardware),
  wrapper=self._get_src_wrapper(hardware),
  name="qemu-src-%d" % os.getpid(),
  monitor_address=srcmonaddr)

dst = QEMUMachine(self._binary,
  args=self._get_dst_args(hardware, uri),
  wrapper=self._get_dst_wrapper(hardware),
  name="qemu-dst-%d" % os.getpid(),
  monitor_address=dstmonaddr)

This test case would probably still pass with this change, because the
monitor_address is specified, but I think you're right, it's a good idea
to make the default name different for each QEMUMachine instance to
avoid breaking anything.

> 
> So on reflection I think I should have suggested using:
> 
> self._name = name or f"{id(self):02x}"

+1, yeah I'll change it to that

> 
> And *in addition*, a few lines later change:
> 
> self._monitor_address = os.path.join(
> self.sock_dir, f"{self._name}-monitor.sock"
> )
> 
> To
> 
> self._monitor_address = os.path.join(
> self.sock_dir, f"{self._name}.qmp"
> )

Oh ok, yeah that looks good too. Tha

Re: [PATCH v4 1/3] target/ppc: Add HASHKEYR and HASHPKEYR SPRs

[Lucas Mateus Martins Araujo e Castro]

On 15/07/2022 17:54, Víctor Colombo wrote:

Add the Special Purpose Registers HASHKEYR and HASHPKEYR, which were
introduced by the Power ISA 3.1B. They are used by the new instructions
hashchk(p) and hashst(p).

The ISA states that the Operating System should generate the value for
these registers when creating a process, so it's its responsability to
do so. We initialize it with 0 for qemu-softmmu, and set a random 64
bits value for linux-user.

Signed-off-by: Víctor Colombo
---


Reviewed-by: Lucas Mateus Castro 



Is the way I did the random number generation ok?

---
  target/ppc/cpu.h  |  2 ++
  target/ppc/cpu_init.c | 28 
  2 files changed, 30 insertions(+)

diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index a4c893cfad..4551d81b5f 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1676,6 +1676,8 @@ void ppc_compat_add_property(Object *obj, const char 
*name,
  #define SPR_BOOKE_GIVOR14 (0x1BD)
  #define SPR_TIR   (0x1BE)
  #define SPR_PTCR  (0x1D0)
+#define SPR_HASHKEYR  (0x1D4)
+#define SPR_HASHPKEYR (0x1D5)
  #define SPR_BOOKE_SPEFSCR (0x200)
  #define SPR_Exxx_BBEAR(0x201)
  #define SPR_Exxx_BBTAR(0x202)
diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index d1493a660c..29c7752483 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -5700,6 +5700,33 @@ static void register_power9_mmu_sprs(CPUPPCState *env)
  #endif
  }

+static void register_power10_hash_sprs(CPUPPCState *env)
+{
+/*
+ * it's the OS responsability to generate a random value for the registers
+ * in each process' context. So, initialize it with 0 here.
+ */
+uint64_t hashkeyr_initial_value = 0, hashpkeyr_initial_value = 0;
+#if defined(CONFIG_USER_ONLY)
+/* in linux-user, setup the hash register with a random value */
+GRand *rand = g_rand_new();
+hashkeyr_initial_value =
+((uint64_t)g_rand_int(rand) << 32) | (uint64_t)g_rand_int(rand);
+hashpkeyr_initial_value =
+((uint64_t)g_rand_int(rand) << 32) | (uint64_t)g_rand_int(rand);
+g_rand_free(rand);
+#endif
+spr_register(env, SPR_HASHKEYR, "HASHKEYR",
+SPR_NOACCESS, SPR_NOACCESS,
+&spr_read_generic, &spr_write_generic,
+hashkeyr_initial_value);
+spr_register_hv(env, SPR_HASHPKEYR, "HASHPKEYR",
+SPR_NOACCESS, SPR_NOACCESS,
+SPR_NOACCESS, SPR_NOACCESS,
+&spr_read_generic, &spr_write_generic,
+hashpkeyr_initial_value);
+}
+
  /*
   * Initialize PMU counter overflow timers for Power8 and
   * newer Power chips when using TCG.
@@ -6484,6 +6511,7 @@ static void init_proc_POWER10(CPUPPCState *env)
  register_power8_book4_sprs(env);
  register_power8_rpr_sprs(env);
  register_power9_mmu_sprs(env);
+register_power10_hash_sprs(env);

  /* FIXME: Filter fields properly based on privilege level */
  spr_register_kvm_hv(env, SPR_PSSCR, "PSSCR", NULL, NULL, NULL, NULL,
--
2.25.1



--
Lucas Mateus M. Araujo e Castro
Instituto de Pesquisas ELDORADO 


Departamento Computação Embarcada
Analista de Software Trainee
Aviso Legal - Disclaimer 

[PATCH v2] aspeed: qcom: add block backed FRU devices

[Jae Hyun Yoo]

From: Graeme Gregory 

The FRU devices for dc-scm-v1 and firework on bus IF_NONE.

-drive file=$DC_SCM_FRU,format=raw,if=none,unit=0
-drive file=$FIREWORK_FRU,format=raw,if=none,unit=1

file must match FRU size of 128k

Signed-off-by: Graeme Gregory 
Signed-off-by: Jae Hyun Yoo 
Reviewed-by: C�dric Le Goater 
---
Changes in v2:
 * Changed 'qcom_dc_scm_fru_init' to a generic one so that it can be used
   by other machines too. (Patrick)

Discussions on v1:
https://lore.kernel.org/qemu-devel/20220622172830.101210-4-quic_jaeh...@quicinc.com/
This single patch was dropped from the series so I'm sending it again as a
separate patch.

 hw/arm/aspeed.c | 24 
 1 file changed, 24 insertions(+)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 4193a3d23d1d..aa9efd4c9723 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -440,6 +440,23 @@ static void at24c_eeprom_init(I2CBus *bus, uint8_t addr, 
uint32_t rsize)
 i2c_slave_realize_and_unref(i2c_dev, bus, &error_abort);
 }
 
+static void at24c_eeprom_init_from_drive(I2CBus *i2c_bus, uint8_t addr,
+ uint32_t rsize, int drv_bus,
+ int drv_unit)
+{
+I2CSlave *i2c_dev = i2c_slave_new("at24c-eeprom", addr);
+DeviceState *dev = DEVICE(i2c_dev);
+DriveInfo *dinfo = drive_get(IF_NONE, drv_bus, drv_unit);
+
+qdev_prop_set_uint32(dev, "rom-size", rsize);
+
+if (dinfo) {
+qdev_prop_set_drive(dev, "drive", blk_by_legacy_dinfo(dinfo));
+}
+
+i2c_slave_realize_and_unref(i2c_dev, i2c_bus, &error_abort);
+}
+
 static void palmetto_bmc_i2c_init(AspeedMachineState *bmc)
 {
 AspeedSoCState *soc = &bmc->soc;
@@ -975,6 +992,9 @@ static void qcom_dc_scm_bmc_i2c_init(AspeedMachineState 
*bmc)
 AspeedSoCState *soc = &bmc->soc;
 
 i2c_slave_create_simple(aspeed_i2c_get_bus(&soc->i2c, 15), "tmp105", 0x4d);
+
+at24c_eeprom_init_from_drive(aspeed_i2c_get_bus(&soc->i2c, 15), 0x53,
+ 128 * 1024, 0, 0);
 }
 
 static void qcom_dc_scm_firework_i2c_init(AspeedMachineState *bmc)
@@ -987,6 +1007,10 @@ static void 
qcom_dc_scm_firework_i2c_init(AspeedMachineState *bmc)
 
 /* Now create the Firework specific hardware */
 
+/* I2C4 */
+at24c_eeprom_init_from_drive(aspeed_i2c_get_bus(&soc->i2c, 4), 0x50,
+ 128 * 1024, 0, 1);
+
 /* I2C7 CPUVR MUX */
 cpuvr_mux = i2c_slave_create_simple(aspeed_i2c_get_bus(&soc->i2c, 7),
 "pca9546", 0x70);
-- 
2.25.1

Re: [PATCH v4 1/1] target/riscv: Add Zihintpause support

[Dao Lu]

ping

On Tue, Jul 5, 2022 at 10:49 AM Dao Lu  wrote:
>
> Added support for RISC-V PAUSE instruction from Zihintpause extension,
> enabled by default.
>
> Tested-by: Heiko Stuebner 
> Signed-off-by: Dao Lu 
> ---
>  target/riscv/cpu.c  |  2 ++
>  target/riscv/cpu.h  |  1 +
>  target/riscv/insn32.decode  |  7 ++-
>  target/riscv/insn_trans/trans_rvi.c.inc | 16 
>  4 files changed, 25 insertions(+), 1 deletion(-)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index ccacdee215..183fb37fdf 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -825,6 +825,7 @@ static Property riscv_cpu_properties[] = {
>  DEFINE_PROP_BOOL("Counters", RISCVCPU, cfg.ext_counters, true),
>  DEFINE_PROP_BOOL("Zifencei", RISCVCPU, cfg.ext_ifencei, true),
>  DEFINE_PROP_BOOL("Zicsr", RISCVCPU, cfg.ext_icsr, true),
> +DEFINE_PROP_BOOL("Zihintpause", RISCVCPU, cfg.ext_zihintpause, true),
>  DEFINE_PROP_BOOL("Zfh", RISCVCPU, cfg.ext_zfh, false),
>  DEFINE_PROP_BOOL("Zfhmin", RISCVCPU, cfg.ext_zfhmin, false),
>  DEFINE_PROP_BOOL("Zve32f", RISCVCPU, cfg.ext_zve32f, false),
> @@ -996,6 +997,7 @@ static void riscv_isa_string_ext(RISCVCPU *cpu, char 
> **isa_str, int max_str_len)
>   *extensions by an underscore.
>   */
>  struct isa_ext_data isa_edata_arr[] = {
> +ISA_EDATA_ENTRY(zihintpause, ext_zihintpause),
>  ISA_EDATA_ENTRY(zfh, ext_zfh),
>  ISA_EDATA_ENTRY(zfhmin, ext_zfhmin),
>  ISA_EDATA_ENTRY(zfinx, ext_zfinx),
> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> index fe6c9a2c92..e466a04a59 100644
> --- a/target/riscv/cpu.h
> +++ b/target/riscv/cpu.h
> @@ -394,6 +394,7 @@ struct RISCVCPUConfig {
>  bool ext_counters;
>  bool ext_ifencei;
>  bool ext_icsr;
> +bool ext_zihintpause;
>  bool ext_svinval;
>  bool ext_svnapot;
>  bool ext_svpbmt;
> diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
> index 4033565393..595fdcdad8 100644
> --- a/target/riscv/insn32.decode
> +++ b/target/riscv/insn32.decode
> @@ -149,7 +149,12 @@ srl  000 .. 101 . 0110011 @r
>  sra  010 .. 101 . 0110011 @r
>  or   000 .. 110 . 0110011 @r
>  and  000 .. 111 . 0110011 @r
> -fence pred:4 succ:4 - 000 - 000
> +
> +{
> +  pause   0001      0 000 0 000
> +  fence   pred:4 succ:4 - 000 - 000
> +}
> +
>  fence_i         - 001 - 000
>  csrrw . 001 . 1110011 @csr
>  csrrs . 010 . 1110011 @csr
> diff --git a/target/riscv/insn_trans/trans_rvi.c.inc 
> b/target/riscv/insn_trans/trans_rvi.c.inc
> index f1342f30f8..2fd07bc2e4 100644
> --- a/target/riscv/insn_trans/trans_rvi.c.inc
> +++ b/target/riscv/insn_trans/trans_rvi.c.inc
> @@ -796,6 +796,22 @@ static bool trans_srad(DisasContext *ctx, arg_srad *a)
>  return gen_shift(ctx, a, EXT_SIGN, tcg_gen_sar_tl, NULL);
>  }
>
> +static bool trans_pause(DisasContext *ctx, arg_pause *a)
> +{
> +if (!ctx->cfg_ptr->ext_zihintpause) {
> +return false;
> +}
> +
> +/*
> + * PAUSE is a no-op in QEMU,
> + * end the TB and return to main loop
> + */
> +gen_set_pc_imm(ctx, ctx->pc_succ_insn);
> +tcg_gen_exit_tb(NULL, 0);
> +ctx->base.is_jmp = DISAS_NORETURN;
> +
> +return true;
> +}
>
>  static bool trans_fence(DisasContext *ctx, arg_fence *a)
>  {
> --
> 2.25.1
>

[PULL 27/30] target/ppc: check tb_env != 0 before printing TBU/TBL/DECR

[Daniel Henrique Barboza]

From: Matheus Ferst 

When using "-machine none", env->tb_env is not allocated, causing the
segmentation fault reported in issue #85 (launchpad bug #811683). To
avoid this problem, check if the pointer != NULL before calling the
methods to print TBU/TBL/DECR.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/85
Signed-off-by: Matheus Ferst 
Reviewed-by: Daniel Henrique Barboza 
Message-Id: <20220714172343.80539-1-matheus.fe...@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza 
---
 target/ppc/cpu_init.c | 18 --
 target/ppc/monitor.c  |  9 +
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 4f2355e941..d1493a660c 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -7471,17 +7471,15 @@ void ppc_cpu_dump_state(CPUState *cs, FILE *f, int 
flags)
  "%08x iidx %d didx %d\n",
  env->msr, env->spr[SPR_HID0], env->hflags,
  cpu_mmu_index(env, true), cpu_mmu_index(env, false));
-#if !defined(NO_TIMER_DUMP)
-qemu_fprintf(f, "TB %08" PRIu32 " %08" PRIu64
 #if !defined(CONFIG_USER_ONLY)
- " DECR " TARGET_FMT_lu
-#endif
- "\n",
- cpu_ppc_load_tbu(env), cpu_ppc_load_tbl(env)
-#if !defined(CONFIG_USER_ONLY)
- , cpu_ppc_load_decr(env)
-#endif
-);
+if (env->tb_env) {
+qemu_fprintf(f, "TB %08" PRIu32 " %08" PRIu64
+ " DECR " TARGET_FMT_lu "\n", cpu_ppc_load_tbu(env),
+ cpu_ppc_load_tbl(env), cpu_ppc_load_decr(env));
+}
+#else
+qemu_fprintf(f, "TB %08" PRIu32 " %08" PRIu64 "\n", cpu_ppc_load_tbu(env),
+ cpu_ppc_load_tbl(env));
 #endif
 for (i = 0; i < 32; i++) {
 if ((i & (RGPL - 1)) == 0) {
diff --git a/target/ppc/monitor.c b/target/ppc/monitor.c
index 0b805ef6e9..8250b1304e 100644
--- a/target/ppc/monitor.c
+++ b/target/ppc/monitor.c
@@ -55,6 +55,9 @@ static target_long monitor_get_decr(Monitor *mon, const 
struct MonitorDef *md,
 int val)
 {
 CPUArchState *env = mon_get_cpu_env(mon);
+if (!env->tb_env) {
+return 0;
+}
 return cpu_ppc_load_decr(env);
 }
 
@@ -62,6 +65,9 @@ static target_long monitor_get_tbu(Monitor *mon, const struct 
MonitorDef *md,
int val)
 {
 CPUArchState *env = mon_get_cpu_env(mon);
+if (!env->tb_env) {
+return 0;
+}
 return cpu_ppc_load_tbu(env);
 }
 
@@ -69,6 +75,9 @@ static target_long monitor_get_tbl(Monitor *mon, const struct 
MonitorDef *md,
int val)
 {
 CPUArchState *env = mon_get_cpu_env(mon);
+if (!env->tb_env) {
+return 0;
+}
 return cpu_ppc_load_tbl(env);
 }
 
-- 
2.36.1

[PULL 28/30] ppc: Check partition and process table alignment

[Daniel Henrique Barboza]

From: Leandro Lupori 

Check if partition and process tables are properly aligned, in
their size, according to PowerISA 3.1B, Book III 6.7.6 programming
note. Hardware and KVM also raise an exception in these cases.

Signed-off-by: Leandro Lupori 
Reviewed-by: Fabiano Rosas 
Message-Id: <20220628133959.15131-2-leandro.lup...@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza 
---
 hw/ppc/spapr.c |  5 +
 hw/ppc/spapr_hcall.c   |  9 +
 target/ppc/mmu-book3s-v3.c |  5 +
 target/ppc/mmu-radix64.c   | 17 +
 4 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 3a5112899e..bc9ba6e6dc 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1336,6 +1336,11 @@ static bool spapr_get_pate(PPCVirtualHypervisor *vhyp, 
PowerPCCPU *cpu,
 patb = spapr->nested_ptcr & PTCR_PATB;
 pats = spapr->nested_ptcr & PTCR_PATS;
 
+/* Check if partition table is properly aligned */
+if (patb & MAKE_64BIT_MASK(0, pats + 12)) {
+return false;
+}
+
 /* Calculate number of entries */
 pats = 1ull << (pats + 12 - 4);
 if (pats <= lpid) {
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index d761a7d0c3..a8d4a6bcf0 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -920,6 +920,7 @@ static target_ulong h_register_process_table(PowerPCCPU 
*cpu,
 target_ulong page_size = args[2];
 target_ulong table_size = args[3];
 target_ulong update_lpcr = 0;
+target_ulong table_byte_size;
 uint64_t cproc;
 
 if (flags & ~FLAGS_MASK) { /* Check no reserved bits are set */
@@ -927,6 +928,14 @@ static target_ulong h_register_process_table(PowerPCCPU 
*cpu,
 }
 if (flags & FLAG_MODIFY) {
 if (flags & FLAG_REGISTER) {
+/* Check process table alignment */
+table_byte_size = 1ULL << (table_size + 12);
+if (proc_tbl & (table_byte_size - 1)) {
+qemu_log_mask(LOG_GUEST_ERROR,
+"%s: process table not properly aligned: proc_tbl 0x"
+TARGET_FMT_lx" proc_tbl_size 0x"TARGET_FMT_lx"\n",
+__func__, proc_tbl, table_byte_size);
+}
 if (flags & FLAG_RADIX) { /* Register new RADIX process table */
 if (proc_tbl & 0xfff || proc_tbl >> 60) {
 return H_P2;
diff --git a/target/ppc/mmu-book3s-v3.c b/target/ppc/mmu-book3s-v3.c
index f4985bae78..c8f69b3df9 100644
--- a/target/ppc/mmu-book3s-v3.c
+++ b/target/ppc/mmu-book3s-v3.c
@@ -28,6 +28,11 @@ bool ppc64_v3_get_pate(PowerPCCPU *cpu, target_ulong lpid, 
ppc_v3_pate_t *entry)
 uint64_t patb = cpu->env.spr[SPR_PTCR] & PTCR_PATB;
 uint64_t pats = cpu->env.spr[SPR_PTCR] & PTCR_PATS;
 
+/* Check if partition table is properly aligned */
+if (patb & MAKE_64BIT_MASK(0, pats + 12)) {
+return false;
+}
+
 /* Calculate number of entries */
 pats = 1ull << (pats + 12 - 4);
 if (pats <= lpid) {
diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
index 21ac958e48..9a8a2e2875 100644
--- a/target/ppc/mmu-radix64.c
+++ b/target/ppc/mmu-radix64.c
@@ -383,7 +383,7 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu,
 {
 CPUState *cs = CPU(cpu);
 CPUPPCState *env = &cpu->env;
-uint64_t offset, size, prtbe_addr, prtbe0, base_addr, nls, index, pte;
+uint64_t offset, size, prtb, prtbe_addr, prtbe0, base_addr, nls, index, 
pte;
 int fault_cause = 0, h_page_size, h_prot;
 hwaddr h_raddr, pte_addr;
 int ret;
@@ -393,9 +393,18 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU 
*cpu,
   __func__, access_str(access_type),
   eaddr, mmu_idx, pid);
 
+prtb = (pate.dw1 & PATE1_R_PRTB);
+size = 1ULL << ((pate.dw1 & PATE1_R_PRTS) + 12);
+if (prtb & (size - 1)) {
+/* Process Table not properly aligned */
+if (guest_visible) {
+ppc_radix64_raise_si(cpu, access_type, eaddr, DSISR_R_BADCONFIG);
+}
+return 1;
+}
+
 /* Index Process Table by PID to Find Corresponding Process Table Entry */
 offset = pid * sizeof(struct prtb_entry);
-size = 1ULL << ((pate.dw1 & PATE1_R_PRTS) + 12);
 if (offset >= size) {
 /* offset exceeds size of the process table */
 if (guest_visible) {
@@ -403,7 +412,7 @@ static int ppc_radix64_process_scoped_xlate(PowerPCCPU *cpu,
 }
 return 1;
 }
-prtbe_addr = (pate.dw1 & PATE1_R_PRTB) + offset;
+prtbe_addr = prtb + offset;
 
 if (vhyp_flat_addressing(cpu)) {
 prtbe0 = ldq_phys(cs->as, prtbe_addr);
@@ -568,7 +577,7 @@ static bool ppc_radix64_xlate_impl(PowerPCCPU *cpu, vaddr 
eaddr,
 return false;
 }
 
-/* Get Process Table */
+/* Get Partition Table */
 if (cpu->vhyp) {
 PPCVirtualHypervisorClass *vhc;
 vhc = PPC_VIRTUAL_HYPERVISOR_GET_CLASS(cpu->v

Re: [PATCH] util: Fix broken build on Haiku

[Marc-André Lureau]

On Mon, Jul 18, 2022 at 9:22 PM Thomas Huth  wrote:

> A recent commit moved some Haiku-specific code parts from oslib-posix.c
> to cutils.c, but failed to move the corresponding header #include
> statement, too, so "make vm-build-haiku.x86_64" is currently broken.
> Fix it by moving the header #include, too.
>
> Fixes: 06680b15b4 ("include: move qemu_*_exec_dir() to cutils")
> Signed-off-by: Thomas Huth 
>

Reviewed-by: Marc-André Lureau 


> ---
>  util/cutils.c  | 4 
>  util/oslib-posix.c | 4 
>  2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/util/cutils.c b/util/cutils.c
> index 8199dac598..cb43dda213 100644
> --- a/util/cutils.c
> +++ b/util/cutils.c
> @@ -35,6 +35,10 @@
>  #include 
>  #endif
>
> +#ifdef __HAIKU__
> +#include 
> +#endif
> +
>  #ifdef G_OS_WIN32
>  #include 
>  #include 
> diff --git a/util/oslib-posix.c b/util/oslib-posix.c
> index 7a34c1657c..bffec18869 100644
> --- a/util/oslib-posix.c
> +++ b/util/oslib-posix.c
> @@ -62,10 +62,6 @@
>  #include 
>  #endif
>
> -#ifdef __HAIKU__
> -#include 
> -#endif
> -
>  #include "qemu/mmap-alloc.h"
>
>  #ifdef CONFIG_DEBUG_STACK_USAGE
> --
> 2.31.1
>
>
>

-- 
Marc-André Lureau

[PULL 30/30] target/ppc: Check page dir/table base alignment

[Daniel Henrique Barboza]

From: Leandro Lupori 

According to PowerISA 3.1B, Book III 6.7.6 programming note, the
page directory base addresses are expected to be aligned to their
size. Real hardware seems to rely on that and will access the
wrong address if they are misaligned. This results in a
translation failure even if the page tables seem to be properly
populated.

Signed-off-by: Leandro Lupori 
Reviewed-by: Daniel Henrique Barboza 
Message-Id: <20220628133959.15131-4-leandro.lup...@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza 
---
 target/ppc/mmu-radix64.c | 28 
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/target/ppc/mmu-radix64.c b/target/ppc/mmu-radix64.c
index 705bff76be..00f2e9fa2e 100644
--- a/target/ppc/mmu-radix64.c
+++ b/target/ppc/mmu-radix64.c
@@ -265,7 +265,7 @@ static int ppc_radix64_next_level(AddressSpace *as, vaddr 
eaddr,
   uint64_t *pte_addr, uint64_t *nls,
   int *psize, uint64_t *pte, int *fault_cause)
 {
-uint64_t index, pde;
+uint64_t index, mask, nlb, pde;
 
 /* Read page  entry from guest address space */
 pde = ldq_phys(as, *pte_addr);
@@ -280,7 +280,17 @@ static int ppc_radix64_next_level(AddressSpace *as, vaddr 
eaddr,
 *nls = pde & R_PDE_NLS;
 index = eaddr >> (*psize - *nls);   /* Shift */
 index &= ((1UL << *nls) - 1);   /* Mask */
-*pte_addr = (pde & R_PDE_NLB) + (index * sizeof(pde));
+nlb = pde & R_PDE_NLB;
+mask = MAKE_64BIT_MASK(0, *nls + 3);
+
+if (nlb & mask) {
+qemu_log_mask(LOG_GUEST_ERROR,
+"%s: misaligned page dir/table base: 0x"TARGET_FMT_lx
+" page dir size: 0x"TARGET_FMT_lx"\n",
+__func__, nlb, mask + 1);
+nlb &= ~mask;
+}
+*pte_addr = nlb + index * sizeof(pde);
 }
 return 0;
 }
@@ -294,8 +304,18 @@ static int ppc_radix64_walk_tree(AddressSpace *as, vaddr 
eaddr,
 int level = 0;
 
 index = eaddr >> (*psize - nls);/* Shift */
-index &= ((1UL << nls) - 1);   /* Mask */
-*pte_addr = base_addr + (index * sizeof(pde));
+index &= ((1UL << nls) - 1);/* Mask */
+mask = MAKE_64BIT_MASK(0, nls + 3);
+
+if (base_addr & mask) {
+qemu_log_mask(LOG_GUEST_ERROR,
+"%s: misaligned page dir base: 0x"TARGET_FMT_lx
+" page dir size: 0x"TARGET_FMT_lx"\n",
+__func__, base_addr, mask + 1);
+base_addr &= ~mask;
+}
+*pte_addr = base_addr + index * sizeof(pde);
+
 do {
 int ret;
 
-- 
2.36.1

[PULL 24/30] target/ppc: Move slbfee to decodetree

[Daniel Henrique Barboza]

From: Lucas Coutinho 

Reviewed-by: Leandro Lupori 
Signed-off-by: Lucas Coutinho 
Message-Id: <20220701133507.740619-10-lucas.couti...@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza 
---
 target/ppc/helper.h  |  2 +-
 target/ppc/insn32.decode |  2 ++
 target/ppc/mmu-hash64.c  |  2 +-
 target/ppc/translate.c   | 26 ---
 target/ppc/translate/storage-ctrl-impl.c.inc | 34 
 5 files changed, 38 insertions(+), 28 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 0baa2ca0f3..ef2dc30194 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -679,7 +679,7 @@ DEF_HELPER_FLAGS_4(tlbie_isa300, TCG_CALL_NO_WG, void, \
 DEF_HELPER_FLAGS_3(SLBMTE, TCG_CALL_NO_RWG, void, env, tl, tl)
 DEF_HELPER_2(SLBMFEE, tl, env, tl)
 DEF_HELPER_2(SLBMFEV, tl, env, tl)
-DEF_HELPER_2(find_slb_vsid, tl, env, tl)
+DEF_HELPER_2(SLBFEE, tl, env, tl)
 DEF_HELPER_FLAGS_2(SLBIA, TCG_CALL_NO_RWG, void, env, i32)
 DEF_HELPER_FLAGS_2(SLBIE, TCG_CALL_NO_RWG, void, env, tl)
 DEF_HELPER_FLAGS_2(SLBIEG, TCG_CALL_NO_RWG, void, env, tl)
diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index 8b431c6f32..5049c98691 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -875,6 +875,8 @@ SLBMTE  01 . - . 0110010010 -   
@X_tb
 SLBMFEV 01 . - . 1101010011 -   @X_tb
 SLBMFEE 01 . - . 1110010011 -   @X_tb
 
+SLBFEE  01 . - . 010011 1   @X_tb
+
 ## TLB Management Instructions
 
 &X_tlbierb rs ric prs:bool r:bool
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 5d73d64436..7ec7a67a78 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -331,7 +331,7 @@ target_ulong helper_SLBMFEE(CPUPPCState *env, target_ulong 
rb)
 return rt;
 }
 
-target_ulong helper_find_slb_vsid(CPUPPCState *env, target_ulong rb)
+target_ulong helper_SLBFEE(CPUPPCState *env, target_ulong rb)
 {
 PowerPCCPU *cpu = env_archcpu(env);
 target_ulong rt = 0;
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index eae60f5370..d7a785164b 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -5351,31 +5351,6 @@ static void gen_mtsrin_64b(DisasContext *ctx)
 #endif /* defined(CONFIG_USER_ONLY) */
 }
 
-
-static void gen_slbfee_(DisasContext *ctx)
-{
-#if defined(CONFIG_USER_ONLY)
-gen_hvpriv_exception(ctx, POWERPC_EXCP_PRIV_OPC);
-#else
-TCGLabel *l1, *l2;
-
-if (unlikely(ctx->pr)) {
-gen_hvpriv_exception(ctx, POWERPC_EXCP_PRIV_OPC);
-return;
-}
-gen_helper_find_slb_vsid(cpu_gpr[rS(ctx->opcode)], cpu_env,
- cpu_gpr[rB(ctx->opcode)]);
-l1 = gen_new_label();
-l2 = gen_new_label();
-tcg_gen_trunc_tl_i32(cpu_crf[0], cpu_so);
-tcg_gen_brcondi_tl(TCG_COND_EQ, cpu_gpr[rS(ctx->opcode)], -1, l1);
-tcg_gen_ori_i32(cpu_crf[0], cpu_crf[0], CRF_EQ);
-tcg_gen_br(l2);
-gen_set_label(l1);
-tcg_gen_movi_tl(cpu_gpr[rS(ctx->opcode)], 0);
-gen_set_label(l2);
-#endif
-}
 #endif /* defined(TARGET_PPC64) */
 
 /***  Lookaside buffer management  ***/
@@ -6805,7 +6780,6 @@ GEN_HANDLER2(mfsrin_64b, "mfsrin", 0x1F, 0x13, 0x14, 
0x001F0001,
 GEN_HANDLER2(mtsr_64b, "mtsr", 0x1F, 0x12, 0x06, 0x0010F801, PPC_SEGMENT_64B),
 GEN_HANDLER2(mtsrin_64b, "mtsrin", 0x1F, 0x12, 0x07, 0x001F0001,
  PPC_SEGMENT_64B),
-GEN_HANDLER2(slbfee_, "slbfee.", 0x1F, 0x13, 0x1E, 0x001F, 
PPC_SEGMENT_64B),
 #endif
 GEN_HANDLER(tlbia, 0x1F, 0x12, 0x0B, 0x03FFFC01, PPC_MEM_TLBIA),
 /*
diff --git a/target/ppc/translate/storage-ctrl-impl.c.inc 
b/target/ppc/translate/storage-ctrl-impl.c.inc
index f0854b137f..d7e2bb185f 100644
--- a/target/ppc/translate/storage-ctrl-impl.c.inc
+++ b/target/ppc/translate/storage-ctrl-impl.c.inc
@@ -107,6 +107,40 @@ static bool trans_SLBMFEE(DisasContext *ctx, arg_SLBMFEE 
*a)
 return true;
 }
 
+static bool trans_SLBFEE(DisasContext *ctx, arg_SLBFEE *a)
+{
+REQUIRE_64BIT(ctx);
+REQUIRE_INSNS_FLAGS(ctx, SEGMENT_64B);
+
+#if defined(CONFIG_USER_ONLY)
+gen_inval_exception(ctx, POWERPC_EXCP_PRIV_REG);
+#else
+
+#if defined(TARGET_PPC64)
+TCGLabel *l1, *l2;
+
+if (unlikely(ctx->pr)) {
+gen_inval_exception(ctx, POWERPC_EXCP_PRIV_REG);
+return true;
+}
+gen_helper_SLBFEE(cpu_gpr[a->rt], cpu_env,
+ cpu_gpr[a->rb]);
+l1 = gen_new_label();
+l2 = gen_new_label();
+tcg_gen_trunc_tl_i32(cpu_crf[0], cpu_so);
+tcg_gen_brcondi_tl(TCG_COND_EQ, cpu_gpr[a->rt], -1, l1);
+tcg_gen_ori_i32(cpu_crf[0], cpu_crf[0], CRF_EQ);
+tcg_gen_br(l2);
+gen_set_label(l1);
+tcg_gen_movi_tl(cpu_gpr[a->rt], 0);
+gen_set_label(l2);
+#else
+qemu_build_not_reached();
+#endif
+#endif
+return true;
+}
+
 static bool do_tlbie(DisasCon

[PULL 20/30] target/ppc: Move slbia to decodetree

[Daniel Henrique Barboza]

From: Lucas Coutinho 

Reviewed-by: Leandro Lupori 
Signed-off-by: Lucas Coutinho 
Message-Id: <20220701133507.740619-6-lucas.couti...@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza 
---
 target/ppc/helper.h  |  2 +-
 target/ppc/insn32.decode |  5 +
 target/ppc/mmu-hash64.c  |  2 +-
 target/ppc/translate.c   | 17 -
 target/ppc/translate/storage-ctrl-impl.c.inc | 14 ++
 5 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index e5e59d1924..c243d9550a 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -680,7 +680,7 @@ DEF_HELPER_FLAGS_3(store_slb, TCG_CALL_NO_RWG, void, env, 
tl, tl)
 DEF_HELPER_2(load_slb_esid, tl, env, tl)
 DEF_HELPER_2(load_slb_vsid, tl, env, tl)
 DEF_HELPER_2(find_slb_vsid, tl, env, tl)
-DEF_HELPER_FLAGS_2(slbia, TCG_CALL_NO_RWG, void, env, i32)
+DEF_HELPER_FLAGS_2(SLBIA, TCG_CALL_NO_RWG, void, env, i32)
 DEF_HELPER_FLAGS_2(SLBIE, TCG_CALL_NO_RWG, void, env, tl)
 DEF_HELPER_FLAGS_2(SLBIEG, TCG_CALL_NO_RWG, void, env, tl)
 #endif
diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index 9df73ce30f..0e214b359c 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -146,6 +146,9 @@
 &X_imm8 xt imm:uint8_t
 @X_imm8 .. . .. imm:8 .. .  &X_imm8 
xt=%x_xt
 
+&X_ih   ih:uint8_t
+@X_ih   .. .. ih:3 . . .. . &X_ih
+
 &X_rb   rb
 @X_rb   .. . . rb:5 .. .&X_rb
 
@@ -865,6 +868,8 @@ VMODUQ  000100 . . . 1101011@VX
 SLBIE   01 - - . 0110110010 -   @X_rb
 SLBIEG  01 . - . 0111010010 -   @X_tb
 
+SLBIA   01 --... - - 010010 -   @X_ih
+
 ## TLB Management Instructions
 
 &X_tlbierb rs ric prs:bool r:bool
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index a842fbd6f6..dd2c7e588f 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -101,7 +101,7 @@ void dump_slb(PowerPCCPU *cpu)
 }
 
 #ifdef CONFIG_TCG
-void helper_slbia(CPUPPCState *env, uint32_t ih)
+void helper_SLBIA(CPUPPCState *env, uint32_t ih)
 {
 PowerPCCPU *cpu = env_archcpu(env);
 int starting_entry;
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 591b6dc817..4435865388 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -5450,22 +5450,6 @@ static void gen_tlbsync(DisasContext *ctx)
 }
 
 #if defined(TARGET_PPC64)
-/* slbia */
-static void gen_slbia(DisasContext *ctx)
-{
-#if defined(CONFIG_USER_ONLY)
-GEN_PRIV(ctx);
-#else
-uint32_t ih = (ctx->opcode >> 21) & 0x7;
-TCGv_i32 t0 = tcg_const_i32(ih);
-
-CHK_SV(ctx);
-
-gen_helper_slbia(cpu_env, t0);
-tcg_temp_free_i32(t0);
-#endif /* defined(CONFIG_USER_ONLY) */
-}
-
 /* slbsync */
 static void gen_slbsync(DisasContext *ctx)
 {
@@ -6869,7 +6853,6 @@ GEN_HANDLER(tlbia, 0x1F, 0x12, 0x0B, 0x03FFFC01, 
PPC_MEM_TLBIA),
  */
 GEN_HANDLER(tlbsync, 0x1F, 0x16, 0x11, 0x03FFF801, PPC_MEM_TLBSYNC),
 #if defined(TARGET_PPC64)
-GEN_HANDLER(slbia, 0x1F, 0x12, 0x0F, 0x031FFC01, PPC_SLBI),
 GEN_HANDLER_E(slbsync, 0x1F, 0x12, 0x0A, 0x03FFF801, PPC_NONE, PPC2_ISA300),
 #endif
 GEN_HANDLER(eciwx, 0x1F, 0x16, 0x0D, 0x0001, PPC_EXTERN),
diff --git a/target/ppc/translate/storage-ctrl-impl.c.inc 
b/target/ppc/translate/storage-ctrl-impl.c.inc
index d699a370f5..c454ce8c7f 100644
--- a/target/ppc/translate/storage-ctrl-impl.c.inc
+++ b/target/ppc/translate/storage-ctrl-impl.c.inc
@@ -51,6 +51,20 @@ static bool trans_SLBIEG(DisasContext *ctx, arg_SLBIEG *a)
 return true;
 }
 
+static bool trans_SLBIA(DisasContext *ctx, arg_SLBIA *a)
+{
+REQUIRE_64BIT(ctx);
+REQUIRE_INSNS_FLAGS(ctx, SLBI);
+REQUIRE_SV(ctx);
+
+#if !defined(CONFIG_USER_ONLY) && defined(TARGET_PPC64)
+gen_helper_SLBIA(cpu_env, tcg_constant_i32(a->ih));
+#else
+qemu_build_not_reached();
+#endif
+return true;
+}
+
 static bool do_tlbie(DisasContext *ctx, arg_X_tlbie *a, bool local)
 {
 #if defined(CONFIG_USER_ONLY)
-- 
2.36.1

[PULL 25/30] target/ppc: Move slbsync to decodetree

[Daniel Henrique Barboza]

From: Lucas Coutinho 

Reviewed-by: Leandro Lupori 
Signed-off-by: Lucas Coutinho 
Message-Id: <20220701133507.740619-11-lucas.couti...@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza 
---
 target/ppc/insn32.decode |  2 ++
 target/ppc/translate.c   | 17 -
 target/ppc/translate/storage-ctrl-impl.c.inc | 14 ++
 3 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index 5049c98691..781051e993 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -877,6 +877,8 @@ SLBMFEE 01 . - . 1110010011 -   
@X_tb
 
 SLBFEE  01 . - . 010011 1   @X_tb
 
+SLBSYNC 01 - - - 0101010010 -
+
 ## TLB Management Instructions
 
 &X_tlbierb rs ric prs:bool r:bool
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index d7a785164b..5a18ee577f 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -5388,20 +5388,6 @@ static void gen_tlbsync(DisasContext *ctx)
 #endif /* defined(CONFIG_USER_ONLY) */
 }
 
-#if defined(TARGET_PPC64)
-/* slbsync */
-static void gen_slbsync(DisasContext *ctx)
-{
-#if defined(CONFIG_USER_ONLY)
-GEN_PRIV(ctx);
-#else
-CHK_SV(ctx);
-gen_check_tlb_flush(ctx, true);
-#endif /* defined(CONFIG_USER_ONLY) */
-}
-
-#endif  /* defined(TARGET_PPC64) */
-
 /***  External control ***/
 /* Optional: */
 
@@ -6787,9 +6773,6 @@ GEN_HANDLER(tlbia, 0x1F, 0x12, 0x0B, 0x03FFFC01, 
PPC_MEM_TLBIA),
  * different ISA versions
  */
 GEN_HANDLER(tlbsync, 0x1F, 0x16, 0x11, 0x03FFF801, PPC_MEM_TLBSYNC),
-#if defined(TARGET_PPC64)
-GEN_HANDLER_E(slbsync, 0x1F, 0x12, 0x0A, 0x03FFF801, PPC_NONE, PPC2_ISA300),
-#endif
 GEN_HANDLER(eciwx, 0x1F, 0x16, 0x0D, 0x0001, PPC_EXTERN),
 GEN_HANDLER(ecowx, 0x1F, 0x16, 0x09, 0x0001, PPC_EXTERN),
 GEN_HANDLER2(tlbld_6xx, "tlbld", 0x1F, 0x12, 0x1E, 0x03FF0001, PPC_6xx_TLB),
diff --git a/target/ppc/translate/storage-ctrl-impl.c.inc 
b/target/ppc/translate/storage-ctrl-impl.c.inc
index d7e2bb185f..5c569a3c75 100644
--- a/target/ppc/translate/storage-ctrl-impl.c.inc
+++ b/target/ppc/translate/storage-ctrl-impl.c.inc
@@ -141,6 +141,20 @@ static bool trans_SLBFEE(DisasContext *ctx, arg_SLBFEE *a)
 return true;
 }
 
+static bool trans_SLBSYNC(DisasContext *ctx, arg_SLBSYNC *a)
+{
+REQUIRE_64BIT(ctx);
+REQUIRE_INSNS_FLAGS2(ctx, ISA300);
+REQUIRE_SV(ctx);
+
+#if !defined(CONFIG_USER_ONLY) && defined(TARGET_PPC64)
+gen_check_tlb_flush(ctx, true);
+#else
+qemu_build_not_reached();
+#endif
+return true;
+}
+
 static bool do_tlbie(DisasContext *ctx, arg_X_tlbie *a, bool local)
 {
 #if defined(CONFIG_USER_ONLY)
-- 
2.36.1

[PULL 21/30] target/ppc: Move slbmte to decodetree

[Daniel Henrique Barboza]

From: Lucas Coutinho 

Reviewed-by: Leandro Lupori 
Signed-off-by: Lucas Coutinho 
Message-Id: <20220701133507.740619-7-lucas.couti...@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza 
---
 target/ppc/helper.h  |  2 +-
 target/ppc/insn32.decode |  2 ++
 target/ppc/mmu-hash64.c  |  2 +-
 target/ppc/translate.c   | 14 --
 target/ppc/translate/storage-ctrl-impl.c.inc | 14 ++
 5 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index c243d9550a..98d6c40ac0 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -676,7 +676,7 @@ DEF_HELPER_FLAGS_2(tlbiva, TCG_CALL_NO_RWG, void, env, tl)
 #if defined(TARGET_PPC64)
 DEF_HELPER_FLAGS_4(tlbie_isa300, TCG_CALL_NO_WG, void, \
 env, tl, tl, i32)
-DEF_HELPER_FLAGS_3(store_slb, TCG_CALL_NO_RWG, void, env, tl, tl)
+DEF_HELPER_FLAGS_3(SLBMTE, TCG_CALL_NO_RWG, void, env, tl, tl)
 DEF_HELPER_2(load_slb_esid, tl, env, tl)
 DEF_HELPER_2(load_slb_vsid, tl, env, tl)
 DEF_HELPER_2(find_slb_vsid, tl, env, tl)
diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index 0e214b359c..2fc6e9cb27 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -870,6 +870,8 @@ SLBIEG  01 . - . 0111010010 -   
@X_tb
 
 SLBIA   01 --... - - 010010 -   @X_ih
 
+SLBMTE  01 . - . 0110010010 -   @X_tb
+
 ## TLB Management Instructions
 
 &X_tlbierb rs ric prs:bool r:bool
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index dd2c7e588f..1922960608 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -309,7 +309,7 @@ static int ppc_find_slb_vsid(PowerPCCPU *cpu, target_ulong 
rb,
 return 0;
 }
 
-void helper_store_slb(CPUPPCState *env, target_ulong rb, target_ulong rs)
+void helper_SLBMTE(CPUPPCState *env, target_ulong rb, target_ulong rs)
 {
 PowerPCCPU *cpu = env_archcpu(env);
 
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 4435865388..169e97a706 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -5351,19 +5351,6 @@ static void gen_mtsrin_64b(DisasContext *ctx)
 #endif /* defined(CONFIG_USER_ONLY) */
 }
 
-/* slbmte */
-static void gen_slbmte(DisasContext *ctx)
-{
-#if defined(CONFIG_USER_ONLY)
-GEN_PRIV(ctx);
-#else
-CHK_SV(ctx);
-
-gen_helper_store_slb(cpu_env, cpu_gpr[rB(ctx->opcode)],
- cpu_gpr[rS(ctx->opcode)]);
-#endif /* defined(CONFIG_USER_ONLY) */
-}
-
 static void gen_slbmfee(DisasContext *ctx)
 {
 #if defined(CONFIG_USER_ONLY)
@@ -6841,7 +6828,6 @@ GEN_HANDLER2(mfsrin_64b, "mfsrin", 0x1F, 0x13, 0x14, 
0x001F0001,
 GEN_HANDLER2(mtsr_64b, "mtsr", 0x1F, 0x12, 0x06, 0x0010F801, PPC_SEGMENT_64B),
 GEN_HANDLER2(mtsrin_64b, "mtsrin", 0x1F, 0x12, 0x07, 0x001F0001,
  PPC_SEGMENT_64B),
-GEN_HANDLER2(slbmte, "slbmte", 0x1F, 0x12, 0x0C, 0x001F0001, PPC_SEGMENT_64B),
 GEN_HANDLER2(slbmfee, "slbmfee", 0x1F, 0x13, 0x1C, 0x001F0001, 
PPC_SEGMENT_64B),
 GEN_HANDLER2(slbmfev, "slbmfev", 0x1F, 0x13, 0x1A, 0x001F0001, 
PPC_SEGMENT_64B),
 GEN_HANDLER2(slbfee_, "slbfee.", 0x1F, 0x13, 0x1E, 0x001F, 
PPC_SEGMENT_64B),
diff --git a/target/ppc/translate/storage-ctrl-impl.c.inc 
b/target/ppc/translate/storage-ctrl-impl.c.inc
index c454ce8c7f..47d672d29a 100644
--- a/target/ppc/translate/storage-ctrl-impl.c.inc
+++ b/target/ppc/translate/storage-ctrl-impl.c.inc
@@ -65,6 +65,20 @@ static bool trans_SLBIA(DisasContext *ctx, arg_SLBIA *a)
 return true;
 }
 
+static bool trans_SLBMTE(DisasContext *ctx, arg_SLBMTE *a)
+{
+REQUIRE_64BIT(ctx);
+REQUIRE_INSNS_FLAGS(ctx, SEGMENT_64B);
+REQUIRE_SV(ctx);
+
+#if !defined(CONFIG_USER_ONLY) && defined(TARGET_PPC64)
+gen_helper_SLBMTE(cpu_env, cpu_gpr[a->rb], cpu_gpr[a->rt]);
+#else
+qemu_build_not_reached();
+#endif
+return true;
+}
+
 static bool do_tlbie(DisasContext *ctx, arg_X_tlbie *a, bool local)
 {
 #if defined(CONFIG_USER_ONLY)
-- 
2.36.1

[PULL 23/30] target/ppc: Move slbmfee to decodetree

[Daniel Henrique Barboza]

From: Lucas Coutinho 

Reviewed-by: Leandro Lupori 
Signed-off-by: Lucas Coutinho 
Message-Id: <20220701133507.740619-9-lucas.couti...@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza 
---
 target/ppc/helper.h  |  2 +-
 target/ppc/insn32.decode |  1 +
 target/ppc/mmu-hash64.c  |  2 +-
 target/ppc/translate.c   | 13 -
 target/ppc/translate/storage-ctrl-impl.c.inc | 14 ++
 5 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index d1f9dff58f..0baa2ca0f3 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -677,7 +677,7 @@ DEF_HELPER_FLAGS_2(tlbiva, TCG_CALL_NO_RWG, void, env, tl)
 DEF_HELPER_FLAGS_4(tlbie_isa300, TCG_CALL_NO_WG, void, \
 env, tl, tl, i32)
 DEF_HELPER_FLAGS_3(SLBMTE, TCG_CALL_NO_RWG, void, env, tl, tl)
-DEF_HELPER_2(load_slb_esid, tl, env, tl)
+DEF_HELPER_2(SLBMFEE, tl, env, tl)
 DEF_HELPER_2(SLBMFEV, tl, env, tl)
 DEF_HELPER_2(find_slb_vsid, tl, env, tl)
 DEF_HELPER_FLAGS_2(SLBIA, TCG_CALL_NO_RWG, void, env, i32)
diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index 0e002999bd..8b431c6f32 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -873,6 +873,7 @@ SLBIA   01 --... - - 010010 -   
@X_ih
 SLBMTE  01 . - . 0110010010 -   @X_tb
 
 SLBMFEV 01 . - . 1101010011 -   @X_tb
+SLBMFEE 01 . - . 1110010011 -   @X_tb
 
 ## TLB Management Instructions
 
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 7854b91043..5d73d64436 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -319,7 +319,7 @@ void helper_SLBMTE(CPUPPCState *env, target_ulong rb, 
target_ulong rs)
 }
 }
 
-target_ulong helper_load_slb_esid(CPUPPCState *env, target_ulong rb)
+target_ulong helper_SLBMFEE(CPUPPCState *env, target_ulong rb)
 {
 PowerPCCPU *cpu = env_archcpu(env);
 target_ulong rt = 0;
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index e48a306036..eae60f5370 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -5351,18 +5351,6 @@ static void gen_mtsrin_64b(DisasContext *ctx)
 #endif /* defined(CONFIG_USER_ONLY) */
 }
 
-static void gen_slbmfee(DisasContext *ctx)
-{
-#if defined(CONFIG_USER_ONLY)
-GEN_PRIV(ctx);
-#else
-CHK_SV(ctx);
-
-gen_helper_load_slb_esid(cpu_gpr[rS(ctx->opcode)], cpu_env,
- cpu_gpr[rB(ctx->opcode)]);
-#endif /* defined(CONFIG_USER_ONLY) */
-}
-
 
 static void gen_slbfee_(DisasContext *ctx)
 {
@@ -6817,7 +6805,6 @@ GEN_HANDLER2(mfsrin_64b, "mfsrin", 0x1F, 0x13, 0x14, 
0x001F0001,
 GEN_HANDLER2(mtsr_64b, "mtsr", 0x1F, 0x12, 0x06, 0x0010F801, PPC_SEGMENT_64B),
 GEN_HANDLER2(mtsrin_64b, "mtsrin", 0x1F, 0x12, 0x07, 0x001F0001,
  PPC_SEGMENT_64B),
-GEN_HANDLER2(slbmfee, "slbmfee", 0x1F, 0x13, 0x1C, 0x001F0001, 
PPC_SEGMENT_64B),
 GEN_HANDLER2(slbfee_, "slbfee.", 0x1F, 0x13, 0x1E, 0x001F, 
PPC_SEGMENT_64B),
 #endif
 GEN_HANDLER(tlbia, 0x1F, 0x12, 0x0B, 0x03FFFC01, PPC_MEM_TLBIA),
diff --git a/target/ppc/translate/storage-ctrl-impl.c.inc 
b/target/ppc/translate/storage-ctrl-impl.c.inc
index 11f44e9366..f0854b137f 100644
--- a/target/ppc/translate/storage-ctrl-impl.c.inc
+++ b/target/ppc/translate/storage-ctrl-impl.c.inc
@@ -93,6 +93,20 @@ static bool trans_SLBMFEV(DisasContext *ctx, arg_SLBMFEV *a)
 return true;
 }
 
+static bool trans_SLBMFEE(DisasContext *ctx, arg_SLBMFEE *a)
+{
+REQUIRE_64BIT(ctx);
+REQUIRE_INSNS_FLAGS(ctx, SEGMENT_64B);
+REQUIRE_SV(ctx);
+
+#if !defined(CONFIG_USER_ONLY) && defined(TARGET_PPC64)
+gen_helper_SLBMFEE(cpu_gpr[a->rt], cpu_env, cpu_gpr[a->rb]);
+#else
+qemu_build_not_reached();
+#endif
+return true;
+}
+
 static bool do_tlbie(DisasContext *ctx, arg_X_tlbie *a, bool local)
 {
 #if defined(CONFIG_USER_ONLY)
-- 
2.36.1

[PULL 19/30] target/ppc: Move slbieg to decodetree

[Daniel Henrique Barboza]

From: Lucas Coutinho 

Reviewed-by: Leandro Lupori 
Signed-off-by: Lucas Coutinho 
Message-Id: <20220701133507.740619-5-lucas.couti...@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza 
---
 target/ppc/helper.h  |  2 +-
 target/ppc/insn32.decode |  1 +
 target/ppc/mmu-hash64.c  |  2 +-
 target/ppc/translate.c   | 13 -
 target/ppc/translate/storage-ctrl-impl.c.inc | 14 ++
 5 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 7c93037257..e5e59d1924 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -682,7 +682,7 @@ DEF_HELPER_2(load_slb_vsid, tl, env, tl)
 DEF_HELPER_2(find_slb_vsid, tl, env, tl)
 DEF_HELPER_FLAGS_2(slbia, TCG_CALL_NO_RWG, void, env, i32)
 DEF_HELPER_FLAGS_2(SLBIE, TCG_CALL_NO_RWG, void, env, tl)
-DEF_HELPER_FLAGS_2(slbieg, TCG_CALL_NO_RWG, void, env, tl)
+DEF_HELPER_FLAGS_2(SLBIEG, TCG_CALL_NO_RWG, void, env, tl)
 #endif
 DEF_HELPER_FLAGS_2(load_sr, TCG_CALL_NO_RWG, tl, env, tl)
 DEF_HELPER_FLAGS_3(store_sr, TCG_CALL_NO_RWG, void, env, tl, tl)
diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index 0fe6c33805..9df73ce30f 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -863,6 +863,7 @@ VMODUQ  000100 . . . 1101011@VX
 ## SLB Management Instructions
 
 SLBIE   01 - - . 0110110010 -   @X_rb
+SLBIEG  01 . - . 0111010010 -   @X_tb
 
 ## TLB Management Instructions
 
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 03f71a82ec..a842fbd6f6 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -202,7 +202,7 @@ void helper_SLBIE(CPUPPCState *env, target_ulong addr)
 __helper_slbie(env, addr, false);
 }
 
-void helper_slbieg(CPUPPCState *env, target_ulong addr)
+void helper_SLBIEG(CPUPPCState *env, target_ulong addr)
 {
 __helper_slbie(env, addr, true);
 }
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 244eefd965..591b6dc817 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -5466,18 +5466,6 @@ static void gen_slbia(DisasContext *ctx)
 #endif /* defined(CONFIG_USER_ONLY) */
 }
 
-/* slbieg */
-static void gen_slbieg(DisasContext *ctx)
-{
-#if defined(CONFIG_USER_ONLY)
-GEN_PRIV(ctx);
-#else
-CHK_SV(ctx);
-
-gen_helper_slbieg(cpu_env, cpu_gpr[rB(ctx->opcode)]);
-#endif /* defined(CONFIG_USER_ONLY) */
-}
-
 /* slbsync */
 static void gen_slbsync(DisasContext *ctx)
 {
@@ -6882,7 +6870,6 @@ GEN_HANDLER(tlbia, 0x1F, 0x12, 0x0B, 0x03FFFC01, 
PPC_MEM_TLBIA),
 GEN_HANDLER(tlbsync, 0x1F, 0x16, 0x11, 0x03FFF801, PPC_MEM_TLBSYNC),
 #if defined(TARGET_PPC64)
 GEN_HANDLER(slbia, 0x1F, 0x12, 0x0F, 0x031FFC01, PPC_SLBI),
-GEN_HANDLER_E(slbieg, 0x1F, 0x12, 0x0E, 0x001F0001, PPC_NONE, PPC2_ISA300),
 GEN_HANDLER_E(slbsync, 0x1F, 0x12, 0x0A, 0x03FFF801, PPC_NONE, PPC2_ISA300),
 #endif
 GEN_HANDLER(eciwx, 0x1F, 0x16, 0x0D, 0x0001, PPC_EXTERN),
diff --git a/target/ppc/translate/storage-ctrl-impl.c.inc 
b/target/ppc/translate/storage-ctrl-impl.c.inc
index 3fa64be067..d699a370f5 100644
--- a/target/ppc/translate/storage-ctrl-impl.c.inc
+++ b/target/ppc/translate/storage-ctrl-impl.c.inc
@@ -37,6 +37,20 @@ static bool trans_SLBIE(DisasContext *ctx, arg_SLBIE *a)
 return true;
 }
 
+static bool trans_SLBIEG(DisasContext *ctx, arg_SLBIEG *a)
+{
+REQUIRE_64BIT(ctx);
+REQUIRE_INSNS_FLAGS2(ctx, ISA300);
+REQUIRE_SV(ctx);
+
+#if !defined(CONFIG_USER_ONLY) && defined(TARGET_PPC64)
+gen_helper_SLBIEG(cpu_env, cpu_gpr[a->rb]);
+#else
+qemu_build_not_reached();
+#endif
+return true;
+}
+
 static bool do_tlbie(DisasContext *ctx, arg_X_tlbie *a, bool local)
 {
 #if defined(CONFIG_USER_ONLY)
-- 
2.36.1

[PULL 14/30] target/ppc: Move tlbie[l] to decode tree

[Daniel Henrique Barboza]

From: Leandro Lupori 

Also decode RIC, PRS and R operands.

Signed-off-by: Leandro Lupori 
Reviewed-by: Daniel Henrique Barboza 
Message-Id: <20220712193741.59134-2-leandro.lup...@eldorado.org.br>
[danielhb: mark bit 31 in @X_tlbie pattern as ignored]
Signed-off-by: Daniel Henrique Barboza 
---
 target/ppc/cpu_init.c|  4 +-
 target/ppc/insn32.decode |  8 ++
 target/ppc/translate.c   | 64 +-
 target/ppc/translate/storage-ctrl-impl.c.inc | 87 
 4 files changed, 99 insertions(+), 64 deletions(-)
 create mode 100644 target/ppc/translate/storage-ctrl-impl.c.inc

diff --git a/target/ppc/cpu_init.c b/target/ppc/cpu_init.c
index 769031375d..4f2355e941 100644
--- a/target/ppc/cpu_init.c
+++ b/target/ppc/cpu_init.c
@@ -6373,7 +6373,7 @@ POWERPC_FAMILY(POWER9)(ObjectClass *oc, void *data)
PPC_FLOAT_EXT |
PPC_CACHE | PPC_CACHE_ICBI | PPC_CACHE_DCBZ |
PPC_MEM_SYNC | PPC_MEM_EIEIO |
-   PPC_MEM_TLBSYNC |
+   PPC_MEM_TLBIE | PPC_MEM_TLBSYNC |
PPC_64B | PPC_64H | PPC_64BX | PPC_ALTIVEC |
PPC_SEGMENT_64B | PPC_SLBI |
PPC_POPCNTB | PPC_POPCNTWD |
@@ -6591,7 +6591,7 @@ POWERPC_FAMILY(POWER10)(ObjectClass *oc, void *data)
PPC_FLOAT_EXT |
PPC_CACHE | PPC_CACHE_ICBI | PPC_CACHE_DCBZ |
PPC_MEM_SYNC | PPC_MEM_EIEIO |
-   PPC_MEM_TLBSYNC |
+   PPC_MEM_TLBIE | PPC_MEM_TLBSYNC |
PPC_64B | PPC_64H | PPC_64BX | PPC_ALTIVEC |
PPC_SEGMENT_64B | PPC_SLBI |
PPC_POPCNTB | PPC_POPCNTWD |
diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index f7653ef9d5..092e01113f 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -856,3 +856,11 @@ VMODSD  000100 . . . 1001011@VX
 VMODUD  000100 . . . 11011001011@VX
 VMODSQ  000100 . . . 1111011@VX
 VMODUQ  000100 . . . 1101011@VX
+
+## TLB Management Instructions
+
+&X_tlbierb rs ric prs:bool r:bool
+@X_tlbie.. rs:5 - ric:2 prs:1 r:1 rb:5 .. - &X_tlbie
+
+TLBIE   01 . - .. . . . 0100110010 -@X_tlbie
+TLBIEL  01 . - .. . . . 0100010010 -@X_tlbie
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index da11472877..440ec8a700 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -5424,64 +5424,6 @@ static void gen_tlbia(DisasContext *ctx)
 #endif  /* defined(CONFIG_USER_ONLY) */
 }
 
-/* tlbiel */
-static void gen_tlbiel(DisasContext *ctx)
-{
-#if defined(CONFIG_USER_ONLY)
-GEN_PRIV;
-#else
-bool psr = (ctx->opcode >> 17) & 0x1;
-
-if (ctx->pr || (!ctx->hv && !psr && ctx->hr)) {
-/*
- * tlbiel is privileged except when PSR=0 and HR=1, making it
- * hypervisor privileged.
- */
-GEN_PRIV;
-}
-
-gen_helper_tlbie(cpu_env, cpu_gpr[rB(ctx->opcode)]);
-#endif /* defined(CONFIG_USER_ONLY) */
-}
-
-/* tlbie */
-static void gen_tlbie(DisasContext *ctx)
-{
-#if defined(CONFIG_USER_ONLY)
-GEN_PRIV;
-#else
-bool psr = (ctx->opcode >> 17) & 0x1;
-TCGv_i32 t1;
-
-if (ctx->pr) {
-/* tlbie is privileged... */
-GEN_PRIV;
-} else if (!ctx->hv) {
-if (!ctx->gtse || (!psr && ctx->hr)) {
-/*
- * ... except when GTSE=0 or when PSR=0 and HR=1, making it
- * hypervisor privileged.
- */
-GEN_PRIV;
-}
-}
-
-if (NARROW_MODE(ctx)) {
-TCGv t0 = tcg_temp_new();
-tcg_gen_ext32u_tl(t0, cpu_gpr[rB(ctx->opcode)]);
-gen_helper_tlbie(cpu_env, t0);
-tcg_temp_free(t0);
-} else {
-gen_helper_tlbie(cpu_env, cpu_gpr[rB(ctx->opcode)]);
-}
-t1 = tcg_temp_new_i32();
-tcg_gen_ld_i32(t1, cpu_env, offsetof(CPUPPCState, tlb_need_flush));
-tcg_gen_ori_i32(t1, t1, TLB_NEED_GLOBAL_FLUSH);
-tcg_gen_st_i32(t1, cpu_env, offsetof(CPUPPCState, tlb_need_flush));
-tcg_temp_free_i32(t1);
-#endif /* defined(CONFIG_USER_ONLY) */
-}
-
 /* tlbsync */
 static void gen_tlbsync(DisasContext *ctx)
 {
@@ -6683,6 +6625,8 @@ static bool resolve_PLS_D(DisasContext *ctx, arg_D *d, 
arg_PLS_D *a)
 
 #include "translate/branch-impl.c.inc"
 
+#include "translate/storage-ctrl-impl.c.inc"
+
 /* Handles lfdp */
 static void gen_dform39(DisasContext *ctx)
 {
@@ -6921,10 +6865,6 @@ GEN_HANDLER(tlbia, 0x1F, 0x12, 0x0B, 0x03FFFC01, 
PPC_MEM_TLBIA),
  * XXX Those instructions will need to be handled differently for
  * different ISA versions
  */
-GEN_HANDLER(tlbiel, 0x1F, 0x12, 0x08, 0x001F0001, PPC_MEM_TLBIE),
-GEN_HANDLER(tlbie, 

[PULL 22/30] target/ppc: Move slbmfev to decodetree

[Daniel Henrique Barboza]

From: Lucas Coutinho 

Reviewed-by: Leandro Lupori 
Signed-off-by: Lucas Coutinho 
Message-Id: <20220701133507.740619-8-lucas.couti...@eldorado.org.br>
Signed-off-by: Daniel Henrique Barboza 
---
 target/ppc/helper.h  |  2 +-
 target/ppc/insn32.decode |  2 ++
 target/ppc/mmu-hash64.c  |  2 +-
 target/ppc/translate.c   | 12 
 target/ppc/translate/storage-ctrl-impl.c.inc | 14 ++
 5 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 98d6c40ac0..d1f9dff58f 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -678,7 +678,7 @@ DEF_HELPER_FLAGS_4(tlbie_isa300, TCG_CALL_NO_WG, void, \
 env, tl, tl, i32)
 DEF_HELPER_FLAGS_3(SLBMTE, TCG_CALL_NO_RWG, void, env, tl, tl)
 DEF_HELPER_2(load_slb_esid, tl, env, tl)
-DEF_HELPER_2(load_slb_vsid, tl, env, tl)
+DEF_HELPER_2(SLBMFEV, tl, env, tl)
 DEF_HELPER_2(find_slb_vsid, tl, env, tl)
 DEF_HELPER_FLAGS_2(SLBIA, TCG_CALL_NO_RWG, void, env, i32)
 DEF_HELPER_FLAGS_2(SLBIE, TCG_CALL_NO_RWG, void, env, tl)
diff --git a/target/ppc/insn32.decode b/target/ppc/insn32.decode
index 2fc6e9cb27..0e002999bd 100644
--- a/target/ppc/insn32.decode
+++ b/target/ppc/insn32.decode
@@ -872,6 +872,8 @@ SLBIA   01 --... - - 010010 -   
@X_ih
 
 SLBMTE  01 . - . 0110010010 -   @X_tb
 
+SLBMFEV 01 . - . 1101010011 -   @X_tb
+
 ## TLB Management Instructions
 
 &X_tlbierb rs ric prs:bool r:bool
diff --git a/target/ppc/mmu-hash64.c b/target/ppc/mmu-hash64.c
index 1922960608..7854b91043 100644
--- a/target/ppc/mmu-hash64.c
+++ b/target/ppc/mmu-hash64.c
@@ -343,7 +343,7 @@ target_ulong helper_find_slb_vsid(CPUPPCState *env, 
target_ulong rb)
 return rt;
 }
 
-target_ulong helper_load_slb_vsid(CPUPPCState *env, target_ulong rb)
+target_ulong helper_SLBMFEV(CPUPPCState *env, target_ulong rb)
 {
 PowerPCCPU *cpu = env_archcpu(env);
 target_ulong rt = 0;
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 169e97a706..e48a306036 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -5363,17 +5363,6 @@ static void gen_slbmfee(DisasContext *ctx)
 #endif /* defined(CONFIG_USER_ONLY) */
 }
 
-static void gen_slbmfev(DisasContext *ctx)
-{
-#if defined(CONFIG_USER_ONLY)
-GEN_PRIV(ctx);
-#else
-CHK_SV(ctx);
-
-gen_helper_load_slb_vsid(cpu_gpr[rS(ctx->opcode)], cpu_env,
- cpu_gpr[rB(ctx->opcode)]);
-#endif /* defined(CONFIG_USER_ONLY) */
-}
 
 static void gen_slbfee_(DisasContext *ctx)
 {
@@ -6829,7 +6818,6 @@ GEN_HANDLER2(mtsr_64b, "mtsr", 0x1F, 0x12, 0x06, 
0x0010F801, PPC_SEGMENT_64B),
 GEN_HANDLER2(mtsrin_64b, "mtsrin", 0x1F, 0x12, 0x07, 0x001F0001,
  PPC_SEGMENT_64B),
 GEN_HANDLER2(slbmfee, "slbmfee", 0x1F, 0x13, 0x1C, 0x001F0001, 
PPC_SEGMENT_64B),
-GEN_HANDLER2(slbmfev, "slbmfev", 0x1F, 0x13, 0x1A, 0x001F0001, 
PPC_SEGMENT_64B),
 GEN_HANDLER2(slbfee_, "slbfee.", 0x1F, 0x13, 0x1E, 0x001F, 
PPC_SEGMENT_64B),
 #endif
 GEN_HANDLER(tlbia, 0x1F, 0x12, 0x0B, 0x03FFFC01, PPC_MEM_TLBIA),
diff --git a/target/ppc/translate/storage-ctrl-impl.c.inc 
b/target/ppc/translate/storage-ctrl-impl.c.inc
index 47d672d29a..11f44e9366 100644
--- a/target/ppc/translate/storage-ctrl-impl.c.inc
+++ b/target/ppc/translate/storage-ctrl-impl.c.inc
@@ -79,6 +79,20 @@ static bool trans_SLBMTE(DisasContext *ctx, arg_SLBMTE *a)
 return true;
 }
 
+static bool trans_SLBMFEV(DisasContext *ctx, arg_SLBMFEV *a)
+{
+REQUIRE_64BIT(ctx);
+REQUIRE_INSNS_FLAGS(ctx, SEGMENT_64B);
+REQUIRE_SV(ctx);
+
+#if !defined(CONFIG_USER_ONLY) && defined(TARGET_PPC64)
+gen_helper_SLBMFEV(cpu_gpr[a->rt], cpu_env, cpu_gpr[a->rb]);
+#else
+qemu_build_not_reached();
+#endif
+return true;
+}
+
 static bool do_tlbie(DisasContext *ctx, arg_X_tlbie *a, bool local)
 {
 #if defined(CONFIG_USER_ONLY)
-- 
2.36.1