Re: [PATCH v2 09/10] contrib/gitdm: add more individual contributors

2023-03-15 Thread Strahinja Jankovic 
On Fri, Mar 10, 2023 at 7:03 PM Alex Bennée  wrote:
>
> I'll only add names explicitly acked here. Let me know if you want
> contributions mapped to a company instead.
>
> Signed-off-by: Alex Bennée 
> Cc: Bernhard Beschow 
> Cc: Amarjargal Gundjalam 
> Cc: Bin Meng 
> Cc: Jason A. Donenfeld 
> Cc: Strahinja Jankovic 
> ---
>  contrib/gitdm/group-map-individuals | 5 +
>  1 file changed, 5 insertions(+)
>
> diff --git a/contrib/gitdm/group-map-individuals 
> b/contrib/gitdm/group-map-individuals
> index e2263a5ee3..0e4618f1ce 100644
> --- a/contrib/gitdm/group-map-individuals
> +++ b/contrib/gitdm/group-map-individuals
> @@ -38,3 +38,8 @@ p...@nowt.org
>  g...@xen0n.name
>  si...@simonsafar.com
>  research_tra...@irq.a4lg.com
> +shen...@gmail.com
> +bm...@tinylab.org
> +amarjarga...@gmail.com
> +strahinjapjanko...@gmail.com
> +ja...@zx2c4.com
> --
> 2.39.2
>

Acked-by: Strahinja Jankovic

Re: [PATCH] Use f-strings in python scripts

2023-03-15 Thread Markus Armbruster 
John Snow  writes:

[...]

> Until then, docstrings should use triple-double quotes. Any other
> string can use whatever quoting style happens to be most convenient
> for the string being written to minimize escaping. Consistency is nice
> where reasonable, but minimizing escapes by using different styles on
> an as-needed basis is a respectable and good thing.
>
> I glanced *very quickly* at these files and it looks like the style is
> to use double quotes for format strings and single quotes for constant
> strings. That seems fine to me.

I agree, and so does PEP 8:

String Quotes

In Python, single-quoted strings and double-quoted strings are the
same.  This PEP does not make a recommendation for this.  Pick a
rule and stick to it.  When a string contains single or double quote
characters, however, use the other one to avoid backslashes in the
string.  It improves readability.

For triple-quoted strings, always use double quote characters to be
consistent with the docstring convention in PEP 257.

[...]

Re: [PATCH v2 09/10] contrib/gitdm: add more individual contributors

2023-03-15 Thread Bin Meng 



On 2023/3/11 2:03:31, "Alex Bennée"  wrote:


I'll only add names explicitly acked here. Let me know if you want
contributions mapped to a company instead.

Signed-off-by: Alex Bennée 
Cc: Bernhard Beschow 
Cc: Amarjargal Gundjalam 
Cc: Bin Meng 
Cc: Jason A. Donenfeld 
Cc: Strahinja Jankovic 
---
 contrib/gitdm/group-map-individuals | 5 +
 1 file changed, 5 insertions(+)

diff --git a/contrib/gitdm/group-map-individuals 
b/contrib/gitdm/group-map-individuals
index e2263a5ee3..0e4618f1ce 100644
--- a/contrib/gitdm/group-map-individuals
+++ b/contrib/gitdm/group-map-individuals
@@ -38,3 +38,8 @@ p...@nowt.org
g...@xen0n.name
si...@simonsafar.com
research_tra...@irq.a4lg.com
+shen...@gmail.com
+bm...@tinylab.org
+amarjarga...@gmail.com
+strahinjapjanko...@gmail.com
+ja...@zx2c4.com
--




Acked-by: Bin Meng

Re: [PATCH v2 01/28] accel/tcg: Introduce translator_use_goto_tb

2023-03-15 Thread Wu, Fei 
On 3/16/2023 10:07 AM, Wu, Fei wrote:
> On 3/15/2023 2:15 AM, Richard Henderson wrote:
>> On 3/14/23 06:47, Wu, Fei wrote:
>>> On 3/13/2023 11:00 PM, Richard Henderson wrote:
 On 3/13/23 07:13, Wu, Fei2 wrote:
> Hi Richard,
>
> Sorry for disturbing you. I'm doing some perf profiling on
> qemu-riscv64,
> I see 10%+ faster to build stress-ng without the following patch. I
> know
> it's incorrect to just skip this patch, I'm wondering if we can do
> something on intercepting mmap/mprotect (very rare), e.g. even
> invalidating all the TBs, but keep the cross-page block chaining.

 It also affects breakpoints.

 I have no good ideas for how to keep cross-page block chaining without
 breaking either of these use cases.  If you come up with a good idea,
 please post on qemu-devel for discussion.

>>> Thank you for reply. I am new to qemu/tcg, lots of details and
>>> backgrounds need to catch up.
>>>
>>> If we only want to address user-mode qemu, and assume this cross-page
>>> chain, first page -> second page:
>>>
>>> * breakpoints. If a new bp is added to second page, the chain is hard to
>>> maintain, but it looks acceptable to flush all TBs and fall back to
>>> current non-cross-page implementation during debugging? I think It's
>>> different from the full system situation here:
>>> https://gitlab.com/qemu-project/qemu/-/issues/404
>>>
>>> * mprotect. If the 2nd page remains 'X' permission after mprotect, the
>>> chain is still valid, if it's changed to non-X, then the syscall
>>> interceptor will change the permission of corresponding host page to
>>> non-X, it will be segfault as expected?
>>>
>>> * mmap. I cannot figure out the situation. Is there any unit test for
>>> this, or could you please shed some light?
>> Also munmap, but handled via the same path through page_set_flags, see
>>
>>     if (inval_tb) {
>>     tb_invalidate_phys_range(start, end);
>>     }
>>
>> There is no unit test for mmap over an existing code page.
>> I believe we do have one for mprotect.
>>
>> You could plausibly add a global variable choosing between
>> link-all-pages and link-one-page modes; it would be protected by
>> mmap_lock.  For link-all-pages mode, the above tb_invalidate_phys_range
>> becomes tb_flush.  We probably want to start in link-one-page mode if
>> gdbstub is active, which is the only way to set breakpoints in user-only
>> mode.
>>
This is a good solution for gdbstub case, clean and simple. Current code
leverages tb_flush() during gdb, it looks ready to support
link-all-pages mode, I tried to test gdb with link-all-pages mode, and
didn't find any counter example yet.

>> I expect mprotect/mmap over existing executable pages to be extremely
>> rare.  I expect munmap of existing executable pages to be rare-ish, with
>> dlclose() being the most common case.  You might wish to change from
>> link-all-pages mode to link-one-page mode after one or more instances.
>>
Yes, I agree these calls are rare, so performance of this path is not
crucial. If I understand correctly, we need to avoid the situation when
the latter page is munmap-ed or changed to non executable protection,
then the jump from preceding TB to this one shouldn't happen. In
tb_invalidate_phys_range() -> do_tb_phys_invalidate(), it removes all
relative TBs from cache, and also unlinks/unchains these TBs from
preceding TBs, so next time guest attempts to run code in this munmap-ed
page, the chain doesn't exist anymore, the protection will be checked
and enforced.

Thanks,
Fei.

>> And as I said, this discussion should happen on qemu-devel.
>>
> My fault. I didn't notice the cc list, and initialized another thread:
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg949625.html
> 
> Would you prefer commenting there, or I move the content here?
> 
> Thanks,
> Fei.
> 
> 
>>
>> r~
>

[Bug 1703506] Re: SMT not supported by QEMU on AMD Ryzen CPU

2023-03-15 Thread Anthony Kamau 
I was able to avoid rebooting after following @Andrii's instructions -
https://bugs.launchpad.net/qemu/+bug/1703506/comments/19 - above:

systemctl stop libvirtd libvirtd-admin.socket libvirtd-ro.socket libvirtd.socket
sudo modprobe -r kvm_intel kvm
systemctl start libvirtd libvirtd-admin.socket libvirtd-ro.socket 
libvirtd.socket

These instructions to avoid rebooting might not work for those using a
non-Intel CPU as you'll have a different kernel module.  You can check
by running `lsmod | grep kvm`.

Cheers,
ak.

System info:
# inxi -CMz
Machine:
  Type: Laptop System: Dell product: Precision M6700 v: 01 serial: 
  Mobo: Dell model: 0JWMFY v: A00 serial:  UEFI: Dell v: A20 date: 
11/30/2018
CPU:
  Info: quad core model: Intel Core i7-3840QM bits: 64 type: MT MCP cache: L2: 
1024 KiB
  Speed (MHz): avg: 3607 min/max: 1200/3800 cores: 1: 3588 2: 3615 3: 3638 4: 
3588 5: 3588
6: 3638 7: 3617 8: 3588

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1703506

Title:
  SMT not supported by QEMU on AMD Ryzen CPU

Status in QEMU:
  Expired

Bug description:
  HyperThreading/SMT is supported by AMD Ryzen CPUs but results in this
  message when setting the topology to threads=2:

  qemu-system-x86_64: AMD CPU doesn't support hyperthreading. Please
  configure -smp options properly.

  Checking in a Windows 10 guest reveals that SMT is not enabled, and
  from what I understand, QEMU converts the topology from threads to
  cores internally on AMD CPUs. This appears to cause performance
  problems in the guest perhaps because programs are assuming that these
  threads are actual cores.

  Software: Linux 4.12, qemu 2.9.0 host with KVM enabled, Windows 10 pro
  guest

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1703506/+subscriptions

Re: [PATCH v2 01/28] accel/tcg: Introduce translator_use_goto_tb

2023-03-15 Thread Wu, Fei 
On 3/15/2023 2:15 AM, Richard Henderson wrote:
> On 3/14/23 06:47, Wu, Fei wrote:
>> On 3/13/2023 11:00 PM, Richard Henderson wrote:
>>> On 3/13/23 07:13, Wu, Fei2 wrote:
 Hi Richard,

 Sorry for disturbing you. I'm doing some perf profiling on
 qemu-riscv64,
 I see 10%+ faster to build stress-ng without the following patch. I
 know
 it's incorrect to just skip this patch, I'm wondering if we can do
 something on intercepting mmap/mprotect (very rare), e.g. even
 invalidating all the TBs, but keep the cross-page block chaining.
>>>
>>> It also affects breakpoints.
>>>
>>> I have no good ideas for how to keep cross-page block chaining without
>>> breaking either of these use cases.  If you come up with a good idea,
>>> please post on qemu-devel for discussion.
>>>
>> Thank you for reply. I am new to qemu/tcg, lots of details and
>> backgrounds need to catch up.
>>
>> If we only want to address user-mode qemu, and assume this cross-page
>> chain, first page -> second page:
>>
>> * breakpoints. If a new bp is added to second page, the chain is hard to
>> maintain, but it looks acceptable to flush all TBs and fall back to
>> current non-cross-page implementation during debugging? I think It's
>> different from the full system situation here:
>> https://gitlab.com/qemu-project/qemu/-/issues/404
>>
>> * mprotect. If the 2nd page remains 'X' permission after mprotect, the
>> chain is still valid, if it's changed to non-X, then the syscall
>> interceptor will change the permission of corresponding host page to
>> non-X, it will be segfault as expected?
>>
>> * mmap. I cannot figure out the situation. Is there any unit test for
>> this, or could you please shed some light?
> Also munmap, but handled via the same path through page_set_flags, see
> 
>     if (inval_tb) {
>     tb_invalidate_phys_range(start, end);
>     }
> 
> There is no unit test for mmap over an existing code page.
> I believe we do have one for mprotect.
> 
> You could plausibly add a global variable choosing between
> link-all-pages and link-one-page modes; it would be protected by
> mmap_lock.  For link-all-pages mode, the above tb_invalidate_phys_range
> becomes tb_flush.  We probably want to start in link-one-page mode if
> gdbstub is active, which is the only way to set breakpoints in user-only
> mode.
> 
> I expect mprotect/mmap over existing executable pages to be extremely
> rare.  I expect munmap of existing executable pages to be rare-ish, with
> dlclose() being the most common case.  You might wish to change from
> link-all-pages mode to link-one-page mode after one or more instances.
> 
> And as I said, this discussion should happen on qemu-devel.
> 
My fault. I didn't notice the cc list, and initialized another thread:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg949625.html

Would you prefer commenting there, or I move the content here?

Thanks,
Fei.


> 
> r~

Re: Enable cross-page block chaining for user mode tcg

2023-03-15 Thread Wu, Fei 
On 3/15/2023 10:40 PM, Wu, Fei wrote:
> Block chaining is one of the key performance factors of tcg. Currently
> tcg doesn't allow chaining across page boundary, an example can be found
> in gen_goto_tb() in target/riscv/translate.c.
> 
> For user-mode tcg, it's possible to enable cross-page chaining with
> careful attentions, assume there are chains like this:
> preceding page -> 1st page -> 2nd page
>   Nth page -> 2nd page
> 
> There are 2 situations to consider:
> 1. First page should not jump to 2nd page directly anymore, if there is
> a new breakpoint added to 3rd page, otherwise the breakpoint might not
> be hit. One method to address this problem is when receiving gdb
> commands, call tb_flush() to invalidate all the TBs, and make sure each
> TB can only contain single instruction later, no matter the new JIT-ed
> TBs use chain or not, the tcg core loop always has the chance to check
> if there is any breakpoint on each instruction. There could be other
> methods, but current tcg has already done this.
> 
3rd page is a typo, it's 2nd instead.

With the patch at the bottom:
* TBs in the page where breakpoint is added always contain single
instruction, it doesn't impact instruction count of TBs in other pages.
* The single instruction TBs at the same page of breakpoint do generate
lookup_tb_ptr because of the flag CF_NO_GOTO_TB.

I tried to add breakpoint & conditional breakpoint, ignore breakpoint
using the following testcase, and checked the info '-d in_asm,op', all
works. If you have any comments or any tests for me to try, please let
me know.

--
#define A1++a;
#define A10   A1 A1 A1 A1 A1 A1 A1 A1 A1 A1
#define A100  A10 A10 A10 A10 A10 A10 A10 A10 A10 A10
#define A500  A100 A100 A100 A100 A100
#define A1000 A100 A100 A100 A100 A100 A100 A100 A100 A100 A100

long func0(long a) {
A1000;
return a;
}

long func1(long a) {
int i;
for (i = 0; i < 1000; ++i) {
A1000;
}
return a;
}

int main() {
long a = 0;
long sum = 0;

while (1) {
sum += func1(a);
}
return 0;
}

Thanks,
Fei.

> 2. The protection of 2nd page has changed by mprotect/munmap, e.g. from
> executable (X) to non-executable (NX), it's an error if the 1st page
> jumps to 2nd page without checking the new protection. The point here is
> to invalidate TBs in 2nd page and unlink all the TBs which jumps to it,
> including 1st page and others(Nth in above chart). This is already done
> in page_set_flags(). A small testcase runs on user-mode guest:
> 
> void *page = mmap(NULL, pagesize,
> PROT_READ | PROT_WRITE | PROT_EXEC,
>   MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
> memcpy(page, func_add, pagesize);
> f = (FUNC)page;
> 
>   f(1, 1); // good
>   mprotect(f, pagesize, PROT_READ | PROT_EXEC);
>   f(1, 2); // good
>   mprotect(f, pagesize, PROT_READ);
>   f(1, 3); // segfault
> 
> So it looks like current tcg implementation is ready to enable
> cross-page chaining for user-mode. Correct?
> 
> diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
> index 7bda43ff61..822644c7a4 100644
> --- a/accel/tcg/translator.c
> +++ b/accel/tcg/translator.c
> @@ -25,8 +25,12 @@ bool translator_use_goto_tb(DisasContextBase *db,
> target_ulong dest)
>  return false;
>  }
> 
> +#ifdef CONFIG_USER_ONLY
> +return true;
> +#else
>  /* Check for the dest on the same page as the start of the TB.  */
>  return ((db->pc_first ^ dest) & TARGET_PAGE_MASK) == 0;
> +#endif
>  }
> 
>  void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns,
> 
> 
> Thanks,
> Fei.

Re: [PATCH] disas/riscv: Add support for XThead* instructions

2023-03-15 Thread LIU Zhiwei 



On 2023/3/15 21:35, Christoph Muellner wrote:

From: Christoph Müllner 

Support for emulating XThead* instruction has been added recently.
This patch adds support for these instructions to the RISC-V disassembler.


This patch doesn't scale well. It will make the custom encoding only 
work for XTHEAD*. I once sent a multiple disassemble path patch set  for 
custom extensions.

https://www.mail-archive.com/qemu-devel@nongnu.org/msg906222.html

We may continue this work based on that patch set.

Zhiwei



Co-developed-by: LIU Zhiwei 
Signed-off-by: Christoph Müllner 
---
  disas/riscv.c | 366 +-
  1 file changed, 365 insertions(+), 1 deletion(-)

diff --git a/disas/riscv.c b/disas/riscv.c
index d6b0fbe5e8..14f3faaef4 100644
--- a/disas/riscv.c
+++ b/disas/riscv.c
@@ -19,6 +19,7 @@
  
  #include "qemu/osdep.h"

  #include "disas/dis-asm.h"
+#include "qemu/bitops.h"
  
  
  /* types */

@@ -163,6 +164,12 @@ typedef enum {
  rv_codec_v_i,
  rv_codec_vsetvli,
  rv_codec_vsetivli,
+rv_codec_r2_imm5,
+rv_codec_r2,
+rv_codec_r2_imm6,
+rv_codec_r_imm2,
+rv_codec_r2_immhl,
+rv_codec_r2_imm2_imm5,
  } rv_codec;
  
  typedef enum {

@@ -935,6 +942,90 @@ typedef enum {
  rv_op_vsetvli = 766,
  rv_op_vsetivli = 767,
  rv_op_vsetvl = 768,
+/* XTheadBa */
+rv_op_th_addsl = 769,
+/* XTheadBb */
+rv_op_th_srri = 770,
+rv_op_th_srriw = 771,
+rv_op_th_ext = 772,
+rv_op_th_extu = 773,
+rv_op_th_ff0 = 774,
+rv_op_th_ff1 = 775,
+rv_op_th_rev = 776,
+rv_op_th_revw = 777,
+rv_op_th_tstnbz = 778,
+/* XTheadBs */
+rv_op_th_tst = 779,
+/* XTheadCondMov */
+rv_op_th_mveqz = 780,
+rv_op_th_mvnez = 781,
+/* XTheadFMemIdx */
+rv_op_th_flrd = 782,
+rv_op_th_flrw = 783,
+rv_op_th_flurd = 784,
+rv_op_th_flurw = 785,
+rv_op_th_fsrd = 786,
+rv_op_th_fsrw = 787,
+rv_op_th_fsurd = 788,
+rv_op_th_fsurw = 789,
+/* XTheadMac */
+rv_op_th_mula = 790,
+rv_op_th_mulah = 791,
+rv_op_th_mulaw = 792,
+rv_op_th_muls = 793,
+rv_op_th_mulsw = 794,
+rv_op_th_mulsh = 795,
+/* XTheadMemIdx */
+rv_op_th_lbia = 796,
+rv_op_th_lbib = 797,
+rv_op_th_lbuia = 798,
+rv_op_th_lbuib = 799,
+rv_op_th_lhia = 800,
+rv_op_th_lhib = 801,
+rv_op_th_lhuia = 802,
+rv_op_th_lhuib = 803,
+rv_op_th_lwia = 804,
+rv_op_th_lwib = 805,
+rv_op_th_lwuia = 806,
+rv_op_th_lwuib = 807,
+rv_op_th_ldia = 808,
+rv_op_th_ldib = 809,
+rv_op_th_sbia = 810,
+rv_op_th_sbib = 811,
+rv_op_th_shia = 812,
+rv_op_th_shib = 813,
+rv_op_th_swia = 814,
+rv_op_th_swib = 815,
+rv_op_th_sdia = 816,
+rv_op_th_sdib = 817,
+rv_op_th_lrb = 818,
+rv_op_th_lrbu = 819,
+rv_op_th_lrh = 820,
+rv_op_th_lrhu = 821,
+rv_op_th_lrw = 822,
+rv_op_th_lrwu = 823,
+rv_op_th_lrd = 824,
+rv_op_th_srb = 825,
+rv_op_th_srh = 826,
+rv_op_th_srw = 827,
+rv_op_th_srd = 828,
+rv_op_th_lurb = 829,
+rv_op_th_lurbu = 830,
+rv_op_th_lurh = 831,
+rv_op_th_lurhu = 832,
+rv_op_th_lurw = 833,
+rv_op_th_lurwu = 834,
+rv_op_th_lurd = 835,
+rv_op_th_surb = 836,
+rv_op_th_surh = 837,
+rv_op_th_surw = 838,
+rv_op_th_surd = 839,
+/* XTheadMemPair */
+rv_op_th_ldd = 840,
+rv_op_th_lwd = 841,
+rv_op_th_lwud = 842,
+rv_op_th_sdd = 843,
+rv_op_th_swd = 844,
  } rv_op;
  
  /* structures */

@@ -943,6 +1034,7 @@ typedef struct {
  uint64_t  pc;
  uint64_t  inst;
  int32_t   imm;
+int32_t   imm1;
  uint16_t  op;
  uint8_t   codec;
  uint8_t   rd;
@@ -1071,6 +1163,11 @@ static const char rv_vreg_name_sym[32][4] = {
  #define rv_fmt_vd_vm  "O\tDm"
  #define rv_fmt_vsetvli"O\t0,1,v"
  #define rv_fmt_vsetivli   "O\t0,u,v"
+#define rv_fmt_rd_rs1_rs2_imm "O\t0,1,2,i"
+#define rv_fmt_frd_rs1_rs2_imm"O\t3,1,2,i"
+#define rv_fmt_rd_rs1_immh_imml   "O\t0,1,i,j"
+#define rv_fmt_rd_rs1_immh_imml_addr  "O\t0,(1),i,j"
+#define rv_fmt_rd2_imm"O\t0,2,(1),i"
  
  /* pseudo-instruction constraints */
  
@@ -2066,7 +2163,91 @@ const rv_opcode_data opcode_data[] = {

  { "vsext.vf8", rv_codec_v_r, rv_fmt_vd_vs2_vm, NULL, rv_op_vsext_vf8, 
rv_op_vsext_vf8, 0 },
  { "vsetvli", rv_codec_vsetvli, rv_fmt_vsetvli, NULL, rv_op_vsetvli, 
rv_op_vsetvli, 0 },
  { "vsetivli", rv_codec_vsetivli, rv_fmt_vsetivli, NULL, rv_op_vsetivli, 
rv_op_vsetivli, 0 },
-{ "vsetvl", rv_codec_r, rv_fmt_rd_rs1_rs2, NULL, rv_op_vsetvl, 
rv_op_vsetvl, 0 }
+{ "vsetvl", rv_codec_r, rv_fmt_rd_rs1_rs2, NULL, rv_op_vsetvl, 
rv_op_vsetvl, 0 },
+/* XTheadBa */
+{ "th.addsl", rv_codec_r_imm2, rv_fmt_rd_rs1_rs2_imm, NULL, 0, 0, 0 },
+/* XTheadBb */
+{ "th.srri", rv_codec_r2_imm6, rv_fmt_rd_rs1_imm, NULL, 0, 0, 0},
+{ "th.srriw", rv_codec_

[PATCH v2] target/sh4: Honor QEMU_LOG_FILENAME with QEMU_LOG=cpu

2023-03-15 Thread Ilya Leoshkevich 
When using QEMU_LOG=cpu on sh4, QEMU_LOG_FILENAME is partially ignored.
Fix by using qemu_fprintf() instead of qemu_printf() in the respective
places.

Fixes: 90c84c560067 ("qom/cpu: Simplify how CPUClass:cpu_dump_state() prints")
Reviewed-by: Peter Maydell 
Reviewed-by: Yoshinori Sato 
Signed-off-by: Ilya Leoshkevich 
---

Resend of https://patchew.org/QEMU/20220725142854.177451-1-...@linux.ibm.com/
with a trivial rebase.

 target/sh4/translate.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index 97da8bce488..6e40d5dd6a1 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -171,16 +171,16 @@ void superh_cpu_dump_state(CPUState *cs, FILE *f, int 
flags)
 qemu_fprintf(f, "sgr=0x%08x dbr=0x%08x delayed_pc=0x%08x fpul=0x%08x\n",
  env->sgr, env->dbr, env->delayed_pc, env->fpul);
 for (i = 0; i < 24; i += 4) {
-qemu_printf("r%d=0x%08x r%d=0x%08x r%d=0x%08x r%d=0x%08x\n",
-   i, env->gregs[i], i + 1, env->gregs[i + 1],
-   i + 2, env->gregs[i + 2], i + 3, env->gregs[i + 3]);
+qemu_fprintf(f, "r%d=0x%08x r%d=0x%08x r%d=0x%08x r%d=0x%08x\n",
+ i, env->gregs[i], i + 1, env->gregs[i + 1],
+ i + 2, env->gregs[i + 2], i + 3, env->gregs[i + 3]);
 }
 if (env->flags & TB_FLAG_DELAY_SLOT) {
-qemu_printf("in delay slot (delayed_pc=0x%08x)\n",
-   env->delayed_pc);
+qemu_fprintf(f, "in delay slot (delayed_pc=0x%08x)\n",
+ env->delayed_pc);
 } else if (env->flags & TB_FLAG_DELAY_SLOT_COND) {
-qemu_printf("in conditional delay slot (delayed_pc=0x%08x)\n",
-   env->delayed_pc);
+qemu_fprintf(f, "in conditional delay slot (delayed_pc=0x%08x)\n",
+ env->delayed_pc);
 } else if (env->flags & TB_FLAG_DELAY_SLOT_RTE) {
 qemu_fprintf(f, "in rte delay slot (delayed_pc=0x%08x)\n",
  env->delayed_pc);
-- 
2.39.2

[RFC PATCH 02/10] KVM: selftests: Test that ftruncate to non-page-aligned size on a restrictedmem fd should fail

2023-03-15 Thread Ackerley Tng 
Signed-off-by: Ackerley Tng 
---
 tools/testing/selftests/vm/memfd_restricted.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/tools/testing/selftests/vm/memfd_restricted.c 
b/tools/testing/selftests/vm/memfd_restricted.c
index 43a512f273f7..9c4e6a0becbc 100644
--- a/tools/testing/selftests/vm/memfd_restricted.c
+++ b/tools/testing/selftests/vm/memfd_restricted.c
@@ -38,6 +38,11 @@ static void test_file_size(int fd)
 {
struct stat sb;
 
+   if (!ftruncate(fd, page_size + 1)) {
+   fail("ftruncate to non page-aligned sizes should fail\n");
+   return;
+   }
+
if (ftruncate(fd, page_size)) {
fail("ftruncate failed\n");
return;
-- 
2.40.0.rc2.332.ga46443480c-goog

[RFC PATCH 09/10] KVM: selftests: Add tests around sharing a restrictedmem fd

2023-03-15 Thread Ackerley Tng 
Tests that

+ Different memslots in the same VM should be able to share a
  restrictedmem_fd
+ A second VM cannot share the same offsets in a restrictedmem_fd
+ Different VMs should be able to share the same restrictedmem_fd, as
  long as the offsets in the restrictedmem_fd are different

Signed-off-by: Ackerley Tng 
---
 .../selftests/kvm/set_memory_region_test.c| 29 +--
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/tools/testing/selftests/kvm/set_memory_region_test.c 
b/tools/testing/selftests/kvm/set_memory_region_test.c
index cc727d11569e..789c413e2a67 100644
--- a/tools/testing/selftests/kvm/set_memory_region_test.c
+++ b/tools/testing/selftests/kvm/set_memory_region_test.c
@@ -401,7 +401,7 @@ static bool set_private_region_failed(struct kvm_vm *vm, 
void *hva,
 static void test_private_regions(void)
 {
int ret;
-   struct kvm_vm *vm;
+   struct kvm_vm *vm, *vm2;
void *mem;
int fd;
 
@@ -416,7 +416,7 @@ static void test_private_regions(void)
 
vm = __vm_create(shape, 1, 0);
 
-   mem = mmap(NULL, MEM_REGION_SIZE * 2, PROT_READ | PROT_WRITE,
+   mem = mmap(NULL, MEM_REGION_SIZE * 3, PROT_READ | PROT_WRITE,
   MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, -1, 0);
TEST_ASSERT(mem != MAP_FAILED, "Failed to mmap() host");
 
@@ -448,8 +448,31 @@ static void test_private_regions(void)
TEST_ASSERT(ret == -1 && errno == EINVAL,
"Set overlapping restrictedmem_offset should fail");
 
-   munmap(mem, MEM_REGION_SIZE * 2);
+   ret = __vm_set_user_memory_region2(vm, MEM_REGION_SLOT + 1,
+  KVM_MEM_PRIVATE,
+  MEM_REGION_GPA + MEM_REGION_SIZE,
+  MEM_REGION_SIZE,
+  mem + MEM_REGION_SIZE,
+  fd, MEM_REGION_SIZE);
+   TEST_ASSERT(!ret,
+   "Different memslots should be able to share a 
restrictedmem_fd");
+
+   vm2 = __vm_create(shape, 1, 0);
+   TEST_ASSERT(set_private_region_failed(vm2, mem + 2 * MEM_REGION_SIZE, 
fd, 0),
+   "Pages (offsets) of a restrictedmem_fd should be exclusive 
to a VM");
+
+   ret = __vm_set_user_memory_region2(vm2, MEM_REGION_SLOT,
+  KVM_MEM_PRIVATE,
+  MEM_REGION_GPA + 2 * MEM_REGION_SIZE,
+  MEM_REGION_SIZE,
+  mem + 2 * MEM_REGION_SIZE,
+  fd, 2 * MEM_REGION_SIZE);
+   TEST_ASSERT(!ret,
+   "Different VMs should be able to share a restrictedmem_fd");
+
+   munmap(mem, MEM_REGION_SIZE * 3);
kvm_vm_free(vm);
+   kvm_vm_free(vm2);
 }
 
 int main(int argc, char *argv[])
-- 
2.40.0.rc2.332.ga46443480c-goog

[RFC PATCH 08/10] KVM: selftests: Default private_mem_conversions_test to use 1 restrictedmem file for test data

2023-03-15 Thread Ackerley Tng 
Default the private/shared memory conversion tests to use a single
file (when multiple memslots are requested), while executing on
multiple vCPUs in parallel, to stress-test the restrictedmem subsystem.

Also add a flag to allow multiple files to be used.

Signed-off-by: Ackerley Tng 
---
 .../kvm/x86_64/private_mem_conversions_test.c | 52 ++-
 1 file changed, 38 insertions(+), 14 deletions(-)

diff --git a/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c 
b/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
index afaf8d0e52e6..ca30f0f05c39 100644
--- a/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
+++ b/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
@@ -324,7 +324,8 @@ void *thread_function(void *input)
 }
 
 static void add_memslot_for_vcpu(
-   struct kvm_vm *vm, enum vm_mem_backing_src_type src_type, uint8_t 
vcpu_id)
+   struct kvm_vm *vm, enum vm_mem_backing_src_type src_type, uint8_t 
vcpu_id,
+   int restrictedmem_fd, uint64_t restrictedmem_offset)
 {
uint64_t gpa = data_gpa_base_for_vcpu_id(vcpu_id);
uint32_t slot = DATA_SLOT_BASE + vcpu_id;
@@ -336,7 +337,8 @@ static void add_memslot_for_vcpu(
 
 static void test_mem_conversions(enum vm_mem_backing_src_type src_type,
 uint8_t nr_vcpus, uint32_t iterations,
-bool use_multiple_memslots)
+bool use_multiple_memslots,
+bool use_different_restrictedmem_files)
 {
struct kvm_vcpu *vcpus[KVM_MAX_VCPUS];
pthread_t threads[KVM_MAX_VCPUS];
@@ -356,21 +358,28 @@ static void test_mem_conversions(enum 
vm_mem_backing_src_type src_type,
vm_enable_cap(vm, KVM_CAP_EXIT_HYPERCALL, (1 << KVM_HC_MAP_GPA_RANGE));
 
npages_for_all_vcpus = DATA_SIZE / vm->page_size * nr_vcpus;
+   virt_map(vm, DATA_GPA_BASE, DATA_GPA_BASE, npages_for_all_vcpus);
 
if (use_multiple_memslots) {
-   for (i = 0; i < nr_vcpus; i++)
-   add_memslot_for_vcpu(vm, src_type, i);
+   int fd = memfd_restricted(0);
+   int offset = 0;
+
+   for (i = 0; i < nr_vcpus; i++) {
+   if (use_different_restrictedmem_files) {
+   if (i > 0)
+   fd = memfd_restricted(0);
+   } else {
+   offset = i * DATA_GPA_SPACING;
+   }
+
+   add_memslot_for_vcpu(vm, src_type, i, fd, offset);
+   }
} else {
vm_userspace_mem_region_add(
vm, src_type, DATA_GPA_BASE, DATA_SLOT_BASE,
npages_for_all_vcpus, KVM_MEM_PRIVATE);
}
 
-   virt_map(vm, DATA_GPA_BASE, DATA_GPA_BASE, npages_for_all_vcpus);
-
-   for (i = 0; i < nr_vcpus; i++)
-   add_memslot_for_vcpu(vm, src_type, i);
-
for (i = 0; i < nr_vcpus; i++) {
args[i].vm = vm;
args[i].vcpu = vcpus[i];
@@ -382,7 +391,7 @@ static void test_mem_conversions(enum 
vm_mem_backing_src_type src_type,
for (i = 0; i < nr_vcpus; i++)
pthread_join(threads[i], NULL);
 
-   if (!use_multiple_memslots)
+   if (!use_multiple_memslots || !use_different_restrictedmem_files)
test_invalidation_code_unbound(vm, 1, DATA_SIZE * nr_vcpus);
else
test_invalidation_code_unbound(vm, nr_vcpus, DATA_SIZE);
@@ -391,8 +400,9 @@ static void test_mem_conversions(enum 
vm_mem_backing_src_type src_type,
 static void usage(const char *command)
 {
puts("");
-   printf("usage: %s [-h] [-m] [-s mem-type] [-n number-of-vcpus] [-i 
number-of-iterations]\n",
-  command);
+   printf("usage: %s\n", command);
+   printf("   [-h] [-m] [-f] [-s mem-type]\n");
+   printf("   [-n number-of-vcpus] [-i number-of-iterations]\n");
puts("");
backing_src_help("-s");
puts("");
@@ -404,6 +414,9 @@ static void usage(const char *command)
puts("");
puts(" -m: use multiple memslots (default: use 1 memslot)");
puts("");
+   puts(" -f: use different restrictedmem files for each memslot");
+   puts(" (default: use 1 restrictedmem file for all memslots)");
+   puts("");
 }
 
 int main(int argc, char *argv[])
@@ -412,12 +425,13 @@ int main(int argc, char *argv[])
uint8_t nr_vcpus = 2;
uint32_t iterations = 10;
bool use_multiple_memslots = false;
+   bool use_different_restrictedmem_files = false;
int opt;
 
TEST_REQUIRE(kvm_has_cap(KVM_CAP_EXIT_HYPERCALL));
TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & 
BIT(KVM_X86_PROTECTED_VM));
 
-   while ((opt = getopt(argc, argv, "mhs:n:i:")) != -1) {
+   while ((opt = getopt(argc, argv, "fmhs:n:i:"))

[RFC PATCH 10/10] KVM: selftests: Test KVM exit behavior for private memory/access

2023-03-15 Thread Ackerley Tng 
"Testing private access when memslot gets deleted" tests the behavior
of KVM when a private memslot gets deleted while the VM is using the
private memslot. When KVM looks up the deleted (slot = NULL) memslot,
KVM should exit to userspace with KVM_EXIT_MEMORY_FAULT.

In the second test, upon a private access to non-private memslot, KVM
should also exit to userspace with KVM_EXIT_MEMORY_FAULT.

Signed-off-by: Ackerley Tng 
---
 tools/testing/selftests/kvm/Makefile  |   1 +
 .../kvm/x86_64/private_mem_kvm_exits_test.c   | 124 ++
 2 files changed, 125 insertions(+)
 create mode 100644 
tools/testing/selftests/kvm/x86_64/private_mem_kvm_exits_test.c

diff --git a/tools/testing/selftests/kvm/Makefile 
b/tools/testing/selftests/kvm/Makefile
index bafee3c43b2e..0ad588852a1d 100644
--- a/tools/testing/selftests/kvm/Makefile
+++ b/tools/testing/selftests/kvm/Makefile
@@ -80,6 +80,7 @@ TEST_GEN_PROGS_x86_64 += x86_64/nested_exceptions_test
 TEST_GEN_PROGS_x86_64 += x86_64/platform_info_test
 TEST_GEN_PROGS_x86_64 += x86_64/pmu_event_filter_test
 TEST_GEN_PROGS_x86_64 += x86_64/private_mem_conversions_test
+TEST_GEN_PROGS_x86_64 += x86_64/private_mem_kvm_exits_test
 TEST_GEN_PROGS_x86_64 += x86_64/set_boot_cpu_id
 TEST_GEN_PROGS_x86_64 += x86_64/set_sregs_test
 TEST_GEN_PROGS_x86_64 += x86_64/smaller_maxphyaddr_emulation_test
diff --git a/tools/testing/selftests/kvm/x86_64/private_mem_kvm_exits_test.c 
b/tools/testing/selftests/kvm/x86_64/private_mem_kvm_exits_test.c
new file mode 100644
index ..c8667dfbbf0a
--- /dev/null
+++ b/tools/testing/selftests/kvm/x86_64/private_mem_kvm_exits_test.c
@@ -0,0 +1,124 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2022, Google LLC.
+ */
+#include "kvm_util_base.h"
+#include 
+#include 
+#include 
+#include "kvm_util.h"
+#include "processor.h"
+#include "test_util.h"
+
+/* Arbitrarily selected to avoid overlaps with anything else */
+#define EXITS_TEST_GVA 0xc000
+#define EXITS_TEST_GPA EXITS_TEST_GVA
+#define EXITS_TEST_NPAGES 1
+#define EXITS_TEST_SIZE (EXITS_TEST_NPAGES * PAGE_SIZE)
+#define EXITS_TEST_SLOT 10
+
+static uint64_t guest_repeatedly_read(void)
+{
+   volatile uint64_t value;
+
+   while (true)
+   value = *((uint64_t *) EXITS_TEST_GVA);
+
+   return value;
+}
+
+static uint32_t run_vcpu_get_exit_reason(struct kvm_vcpu *vcpu)
+{
+   vcpu_run(vcpu);
+
+   return vcpu->run->exit_reason;
+}
+
+const struct vm_shape protected_vm_shape = {
+   .mode = VM_MODE_DEFAULT,
+   .type = KVM_X86_PROTECTED_VM,
+};
+
+static void test_private_access_memslot_deleted(void)
+{
+   struct kvm_vm *vm;
+   struct kvm_vcpu *vcpu;
+   pthread_t vm_thread;
+   void *thread_return;
+   uint32_t exit_reason;
+
+   vm = vm_create_shape_with_one_vcpu(protected_vm_shape, &vcpu,
+  guest_repeatedly_read);
+
+   vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS,
+   EXITS_TEST_GPA, EXITS_TEST_SLOT,
+   EXITS_TEST_NPAGES,
+   KVM_MEM_PRIVATE);
+
+   virt_map(vm, EXITS_TEST_GVA, EXITS_TEST_GPA, EXITS_TEST_NPAGES);
+
+   /* Request to access page privately */
+   vm_mem_map_shared_or_private(vm, EXITS_TEST_GPA, EXITS_TEST_SIZE, 
false);
+
+   pr_info("Testing private access when memslot gets deleted\n");
+
+   pthread_create(&vm_thread, NULL,
+  (void *(*)(void *))run_vcpu_get_exit_reason,
+  (void *)vcpu);
+
+   vm_mem_region_delete(vm, EXITS_TEST_SLOT);
+
+   pthread_join(vm_thread, &thread_return);
+   exit_reason = (uint32_t)(uint64_t)thread_return;
+
+   ASSERT_EQ(exit_reason, KVM_EXIT_MEMORY_FAULT);
+   ASSERT_EQ(vcpu->run->memory.flags, KVM_MEMORY_EXIT_FLAG_PRIVATE);
+   ASSERT_EQ(vcpu->run->memory.gpa, EXITS_TEST_GPA);
+   ASSERT_EQ(vcpu->run->memory.size, EXITS_TEST_SIZE);
+
+   pr_info("\t ... PASSED\n");
+
+   kvm_vm_free(vm);
+}
+
+static void test_private_access_memslot_not_private(void)
+{
+   struct kvm_vm *vm;
+   struct kvm_vcpu *vcpu;
+   uint32_t exit_reason;
+
+   vm = vm_create_shape_with_one_vcpu(protected_vm_shape, &vcpu,
+  guest_repeatedly_read);
+
+   /* Add a non-private memslot (flags = 0) */
+   vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS,
+   EXITS_TEST_GPA, EXITS_TEST_SLOT,
+   EXITS_TEST_NPAGES, 0);
+
+   virt_map(vm, EXITS_TEST_GVA, EXITS_TEST_GPA, EXITS_TEST_NPAGES);
+
+   /* Request to access page privately */
+   vm_set_memory_attributes(vm, EXITS_TEST_GPA, EXITS_TEST_SIZE,
+KVM_MEMORY_ATTRIBUTE_PRIVATE);
+
+   pr_info("Testing private access to non-private memslot\n");
+
+   exit_reason = run_vcpu_get_exit_reason(vcpu);
+

[RFC PATCH 07/10] KVM: selftests: Add vm_userspace_mem_region_add_with_restrictedmem

2023-03-15 Thread Ackerley Tng 
Provide new function to allow restrictedmem's fd and offset to be
specified in selftests.

No functional change intended to vm_userspace_mem_region_add.

Signed-off-by: Ackerley Tng 
---
 .../selftests/kvm/include/kvm_util_base.h |  4 ++
 tools/testing/selftests/kvm/lib/kvm_util.c| 46 +--
 2 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/tools/testing/selftests/kvm/include/kvm_util_base.h 
b/tools/testing/selftests/kvm/include/kvm_util_base.h
index b6531a4063bb..c1ac82332ca4 100644
--- a/tools/testing/selftests/kvm/include/kvm_util_base.h
+++ b/tools/testing/selftests/kvm/include/kvm_util_base.h
@@ -486,6 +486,10 @@ void vm_userspace_mem_region_add(struct kvm_vm *vm,
enum vm_mem_backing_src_type src_type,
uint64_t guest_paddr, uint32_t slot, uint64_t npages,
uint32_t flags);
+void vm_userspace_mem_region_add_with_restrictedmem(struct kvm_vm *vm,
+   enum vm_mem_backing_src_type src_type,
+   uint64_t guest_paddr, uint32_t slot, uint64_t npages,
+   uint32_t flags, int restrictedmem_fd, uint64_t restrictedmem_offset);
 
 void vm_mem_region_set_flags(struct kvm_vm *vm, uint32_t slot, uint32_t flags);
 void vm_mem_region_move(struct kvm_vm *vm, uint32_t slot, uint64_t new_gpa);
diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c 
b/tools/testing/selftests/kvm/lib/kvm_util.c
index d0e6b10f140f..d6bfcfc5cdea 100644
--- a/tools/testing/selftests/kvm/lib/kvm_util.c
+++ b/tools/testing/selftests/kvm/lib/kvm_util.c
@@ -898,6 +898,43 @@ void vm_userspace_mem_region_add(struct kvm_vm *vm,
enum vm_mem_backing_src_type src_type,
uint64_t guest_paddr, uint32_t slot, uint64_t npages,
uint32_t flags)
+{
+   int restrictedmem_fd;
+
+   restrictedmem_fd = flags & KVM_MEM_PRIVATE ? memfd_restricted(0) : 0;
+   vm_userspace_mem_region_add_with_restrictedmem(
+   vm, src_type, guest_paddr, slot, npages, flags,
+   restrictedmem_fd, 0);
+}
+
+/*
+ * VM Userspace Memory Region Add With restrictedmem
+ *
+ * Input Args:
+ *   vm - Virtual Machine
+ *   src_type - Storage source for this region.
+ *  NULL to use anonymous memory.
+ *   guest_paddr - Starting guest physical address
+ *   slot - KVM region slot
+ *   npages - Number of physical pages
+ *   flags - KVM memory region flags (e.g. KVM_MEM_LOG_DIRTY_PAGES)
+ *   restrictedmem_fd - restrictedmem_fd for use with restrictedmem
+ *   restrictedmem_offset - offset within restrictedmem_fd to be used
+ *
+ * Output Args: None
+ *
+ * Return: None
+ *
+ * Allocates a memory area of the number of pages specified by npages
+ * and maps it to the VM specified by vm, at a starting physical address
+ * given by guest_paddr.  The region is created with a KVM region slot
+ * given by slot, which must be unique and < KVM_MEM_SLOTS_NUM.  The
+ * region is created with the flags given by flags.
+ */
+void vm_userspace_mem_region_add_with_restrictedmem(struct kvm_vm *vm,
+   enum vm_mem_backing_src_type src_type,
+   uint64_t guest_paddr, uint32_t slot, uint64_t npages,
+   uint32_t flags, int restrictedmem_fd, uint64_t restrictedmem_offset)
 {
int ret;
struct userspace_mem_region *region;
@@ -1011,8 +1048,8 @@ void vm_userspace_mem_region_add(struct kvm_vm *vm,
region->backing_src_type = src_type;
 
if (flags & KVM_MEM_PRIVATE) {
-   region->region.restrictedmem_fd = memfd_restricted(0);
-   region->region.restrictedmem_offset = 0;
+   region->region.restrictedmem_fd = restrictedmem_fd;
+   region->region.restrictedmem_offset = restrictedmem_offset;
 
TEST_ASSERT(region->region.restrictedmem_fd >= 0,
"Failed to create restricted memfd");
@@ -1030,10 +1067,11 @@ void vm_userspace_mem_region_add(struct kvm_vm *vm,
TEST_ASSERT(ret == 0, "KVM_SET_USER_MEMORY_REGION2 IOCTL failed,\n"
"  rc: %i errno: %i\n"
"  slot: %u flags: 0x%x\n"
-   "  guest_phys_addr: 0x%lx size: 0x%lx restricted fd: %d\n",
+   "  guest_phys_addr: 0x%lx size: 0x%lx\n"
+   "  restricted fd: %d restricted_offset: 0x%llx\n",
ret, errno, slot, flags,
guest_paddr, (uint64_t) region->region.memory_size,
-   region->region.restrictedmem_fd);
+   region->region.restrictedmem_fd, 
region->region.restrictedmem_offset);
 
/* Add to quick lookup data structures */
vm_userspace_mem_region_gpa_insert(&vm->regions.gpa_tree, region);
-- 
2.40.0.rc2.332.ga46443480c-goog

[RFC PATCH 05/10] KVM: selftests: Generalize private_mem_conversions_test for parallel execution

2023-03-15 Thread Ackerley Tng 
By running the private/shared memory conversion tests on multiple
vCPUs in parallel, we stress-test the restrictedmem subsystem to
test conversion of non-overlapping GPA ranges in multiple memslots.

Signed-off-by: Ackerley Tng 
---
 .../kvm/x86_64/private_mem_conversions_test.c | 203 +-
 1 file changed, 150 insertions(+), 53 deletions(-)

diff --git a/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c 
b/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
index 7741916818db..14aa90e9a89b 100644
--- a/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
+++ b/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
@@ -5,6 +5,7 @@
 #define _GNU_SOURCE /* for program_invocation_short_name */
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -22,9 +23,10 @@
 #include 
 #include 
 
-#define DATA_SLOT  10
-#define DATA_GPA   ((uint64_t)(1ull << 32))
-#define DATA_SIZE  ((uint64_t)(SZ_2M + PAGE_SIZE))
+#define DATA_SLOT_BASE   10
+#define DATA_GPA_BASE((uint64_t)(1ull << 32))
+#define DATA_SIZE((uint64_t)(SZ_2M + PAGE_SIZE))
+#define DATA_GPA_SPACING DATA_SIZE
 
 /* Horrific macro so that the line info is captured accurately :-( */
 #define memcmp_g(gpa, pattern,  size)  \
@@ -83,7 +85,9 @@ static void memcmp_ne_h(uint8_t *mem, uint8_t pattern, size_t 
size)
 #define REQUEST_HOST_R_PRIVATE(gpa, size, expected_pattern) \
ucall(UCALL_R_PRIVATE, 3, gpa, size, expected_pattern)
 
-static void guest_code(void)
+const uint8_t init_p = 0xcc;
+
+static void guest_test_conversions(uint64_t gpa_base)
 {
struct {
uint64_t offset;
@@ -96,17 +100,11 @@ static void guest_code(void)
GUEST_STAGE(PAGE_SIZE, SZ_2M),
GUEST_STAGE(SZ_2M, PAGE_SIZE),
};
-   const uint8_t init_p = 0xcc;
uint64_t j;
int i;
 
-   /* Memory should be shared by default. */
-   memset((void *)DATA_GPA, ~init_p, DATA_SIZE);
-   REQUEST_HOST_RW_SHARED(DATA_GPA, DATA_SIZE, ~init_p, init_p);
-   memcmp_g(DATA_GPA, init_p, DATA_SIZE);
-
for (i = 0; i < ARRAY_SIZE(stages); i++) {
-   uint64_t gpa = DATA_GPA + stages[i].offset;
+   uint64_t gpa = gpa_base + stages[i].offset;
uint64_t size = stages[i].size;
uint8_t p1 = 0x11;
uint8_t p2 = 0x22;
@@ -140,11 +138,11 @@ static void guest_code(void)
 * that shared memory still holds the initial pattern.
 */
memcmp_g(gpa, p2, size);
-   if (gpa > DATA_GPA)
-   memcmp_g(DATA_GPA, init_p, gpa - DATA_GPA);
-   if (gpa + size < DATA_GPA + DATA_SIZE)
+   if (gpa > gpa_base)
+   memcmp_g(gpa_base, init_p, gpa - gpa_base);
+   if (gpa + size < gpa_base + DATA_SIZE)
memcmp_g(gpa + size, init_p,
-(DATA_GPA + DATA_SIZE) - (gpa + size));
+(gpa_base + DATA_SIZE) - (gpa + size));
 
/*
 * Convert odd-number page frames back to shared to verify KVM
@@ -182,6 +180,19 @@ static void guest_code(void)
/* Reset the shared memory back to the initial pattern. */
memset((void *)gpa, init_p, size);
}
+}
+
+static void guest_code(uint64_t gpa_base, uint32_t iterations)
+{
+   int i;
+
+   /* Memory should be shared by default. */
+   memset((void *)gpa_base, ~init_p, DATA_SIZE);
+   REQUEST_HOST_RW_SHARED(gpa_base, DATA_SIZE, ~init_p, init_p);
+   memcmp_g(gpa_base, init_p, DATA_SIZE);
+
+   for (i = 0; i < iterations; i++)
+   guest_test_conversions(gpa_base);
 
GUEST_DONE();
 }
@@ -203,15 +214,27 @@ static void handle_exit_hypercall(struct kvm_vcpu *vcpu)
run->hypercall.ret = 0;
 }
 
-static void test_invalidation_code_unbound(struct kvm_vm *vm)
+static uint64_t data_gpa_base_for_vcpu_id(uint8_t n)
+{
+   return DATA_GPA_BASE + n * DATA_GPA_SPACING;
+}
+
+static void test_invalidation_code_unbound(struct kvm_vm *vm, uint8_t 
nr_memslots,
+  off_t data_size)
 {
-   uint32_t fd;
-   uint64_t offset;
-   struct userspace_mem_region *region;
+   struct {
+   uint32_t fd;
+   uint64_t offset;
+   } params[KVM_MAX_VCPUS];
+   int i;
+
+   for (i = 0; i < nr_memslots; i++) {
+   struct userspace_mem_region *region;
 
-   region = memslot2region(vm, DATA_SLOT);
-   fd = region->region.restrictedmem_fd;
-   offset = region->region.restrictedmem_offset;
+   region = memslot2region(vm, DATA_SLOT_BASE + i);
+   params[i].fd = region->region.restrictedmem_fd;
+   params[i].offset = region->region.restrictedmem_offset;
+   }
 
kvm_vm

[RFC PATCH 01/10] KVM: selftests: Test error message fixes for memfd_restricted selftests

2023-03-15 Thread Ackerley Tng 
Signed-off-by: Ackerley Tng 
---
 tools/testing/selftests/vm/memfd_restricted.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/vm/memfd_restricted.c 
b/tools/testing/selftests/vm/memfd_restricted.c
index 3a556b570129..43a512f273f7 100644
--- a/tools/testing/selftests/vm/memfd_restricted.c
+++ b/tools/testing/selftests/vm/memfd_restricted.c
@@ -49,12 +49,12 @@ static void test_file_size(int fd)
}
 
if (sb.st_size != page_size) {
-   fail("unexpected file size after ftruncate");
+   fail("unexpected file size after ftruncate\n");
return;
}
 
if (!ftruncate(fd, page_size * 2)) {
-   fail("unexpected ftruncate\n");
+   fail("size of file cannot be changed once set\n");
return;
}
 
-- 
2.40.0.rc2.332.ga46443480c-goog

[RFC PATCH 06/10] KVM: selftests: Default private_mem_conversions_test to use 1 memslot for test data

2023-03-15 Thread Ackerley Tng 
Default the private/shared memory conversion tests to use a single
memslot, while executing on multiple vCPUs in parallel, to stress-test
the restrictedmem subsystem.

Also add a flag to allow multiple memslots to be used.

Signed-off-by: Ackerley Tng 
---
 .../kvm/x86_64/private_mem_conversions_test.c | 30 +++
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c 
b/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
index 14aa90e9a89b..afaf8d0e52e6 100644
--- a/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
+++ b/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
@@ -335,7 +335,8 @@ static void add_memslot_for_vcpu(
 }
 
 static void test_mem_conversions(enum vm_mem_backing_src_type src_type,
-uint8_t nr_vcpus, uint32_t iterations)
+uint8_t nr_vcpus, uint32_t iterations,
+bool use_multiple_memslots)
 {
struct kvm_vcpu *vcpus[KVM_MAX_VCPUS];
pthread_t threads[KVM_MAX_VCPUS];
@@ -355,6 +356,16 @@ static void test_mem_conversions(enum 
vm_mem_backing_src_type src_type,
vm_enable_cap(vm, KVM_CAP_EXIT_HYPERCALL, (1 << KVM_HC_MAP_GPA_RANGE));
 
npages_for_all_vcpus = DATA_SIZE / vm->page_size * nr_vcpus;
+
+   if (use_multiple_memslots) {
+   for (i = 0; i < nr_vcpus; i++)
+   add_memslot_for_vcpu(vm, src_type, i);
+   } else {
+   vm_userspace_mem_region_add(
+   vm, src_type, DATA_GPA_BASE, DATA_SLOT_BASE,
+   npages_for_all_vcpus, KVM_MEM_PRIVATE);
+   }
+
virt_map(vm, DATA_GPA_BASE, DATA_GPA_BASE, npages_for_all_vcpus);
 
for (i = 0; i < nr_vcpus; i++)
@@ -371,13 +382,16 @@ static void test_mem_conversions(enum 
vm_mem_backing_src_type src_type,
for (i = 0; i < nr_vcpus; i++)
pthread_join(threads[i], NULL);
 
-   test_invalidation_code_unbound(vm, nr_vcpus, DATA_SIZE);
+   if (!use_multiple_memslots)
+   test_invalidation_code_unbound(vm, 1, DATA_SIZE * nr_vcpus);
+   else
+   test_invalidation_code_unbound(vm, nr_vcpus, DATA_SIZE);
 }
 
 static void usage(const char *command)
 {
puts("");
-   printf("usage: %s [-h] [-s mem-type] [-n number-of-vcpus] [-i 
number-of-iterations]\n",
+   printf("usage: %s [-h] [-m] [-s mem-type] [-n number-of-vcpus] [-i 
number-of-iterations]\n",
   command);
puts("");
backing_src_help("-s");
@@ -388,6 +402,8 @@ static void usage(const char *command)
puts(" -i: specify the number iterations of memory conversion");
puts(" tests to run. (default: 10)");
puts("");
+   puts(" -m: use multiple memslots (default: use 1 memslot)");
+   puts("");
 }
 
 int main(int argc, char *argv[])
@@ -395,12 +411,13 @@ int main(int argc, char *argv[])
enum vm_mem_backing_src_type src_type = DEFAULT_VM_MEM_SRC;
uint8_t nr_vcpus = 2;
uint32_t iterations = 10;
+   bool use_multiple_memslots = false;
int opt;
 
TEST_REQUIRE(kvm_has_cap(KVM_CAP_EXIT_HYPERCALL));
TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & 
BIT(KVM_X86_PROTECTED_VM));
 
-   while ((opt = getopt(argc, argv, "hs:n:i:")) != -1) {
+   while ((opt = getopt(argc, argv, "mhs:n:i:")) != -1) {
switch (opt) {
case 'n':
nr_vcpus = atoi_positive("nr_vcpus", optarg);
@@ -411,6 +428,9 @@ int main(int argc, char *argv[])
case 's':
src_type = parse_backing_src_type(optarg);
break;
+   case 'm':
+   use_multiple_memslots = true;
+   break;
case 'h':
default:
usage(argv[0]);
@@ -418,6 +438,6 @@ int main(int argc, char *argv[])
}
}
 
-   test_mem_conversions(src_type, nr_vcpus, iterations);
+   test_mem_conversions(src_type, nr_vcpus, iterations, 
use_multiple_memslots);
return 0;
 }
-- 
2.40.0.rc2.332.ga46443480c-goog

[RFC PATCH 04/10] KVM: selftests: Exercise restrictedmem allocation and truncation code after KVM invalidation code has been unbound

2023-03-15 Thread Ackerley Tng 
The kernel interfaces restrictedmem_bind and restrictedmem_unbind are
used by KVM to bind/unbind kvm functions to restrictedmem's
invalidate_start and invalidate_end callbacks.

After the KVM VM is freed, the KVM functions should have been unbound
from the restrictedmem_fd's callbacks.

In this test, we exercise fallocate to back and unback memory using
the restrictedmem fd, and we expect no problems (crashes) after the
KVM functions have been unbound.

Signed-off-by: Ackerley Tng 
---
 .../kvm/x86_64/private_mem_conversions_test.c | 26 ++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c 
b/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
index f2c1e4450b0e..7741916818db 100644
--- a/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
+++ b/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
@@ -203,6 +203,30 @@ static void handle_exit_hypercall(struct kvm_vcpu *vcpu)
run->hypercall.ret = 0;
 }
 
+static void test_invalidation_code_unbound(struct kvm_vm *vm)
+{
+   uint32_t fd;
+   uint64_t offset;
+   struct userspace_mem_region *region;
+
+   region = memslot2region(vm, DATA_SLOT);
+   fd = region->region.restrictedmem_fd;
+   offset = region->region.restrictedmem_offset;
+
+   kvm_vm_free(vm);
+
+   /*
+* At this point the KVM invalidation code should have been unbound from
+* the vm. We do allocation and truncation to exercise the restrictedmem
+* code. There should be no issues after the unbinding happens.
+*/
+   if (fallocate(fd, 0, offset, DATA_SIZE))
+   TEST_FAIL("Unexpected error in fallocate");
+   if (fallocate(fd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
+ offset, DATA_SIZE))
+   TEST_FAIL("Unexpected error in fallocate");
+}
+
 static void test_mem_conversions(enum vm_mem_backing_src_type src_type)
 {
struct kvm_vcpu *vcpu;
@@ -270,7 +294,7 @@ static void test_mem_conversions(enum 
vm_mem_backing_src_type src_type)
}
 
 done:
-   kvm_vm_free(vm);
+   test_invalidation_code_unbound(vm);
 }
 
 int main(int argc, char *argv[])
-- 
2.40.0.rc2.332.ga46443480c-goog

[RFC PATCH 03/10] KVM: selftests: Test that VM private memory should not be readable from host

2023-03-15 Thread Ackerley Tng 
After VM memory is remapped as private memory and guest has written to
private memory, request the host to read the corresponding hva for
that private memory.

The host should not be able to read the value in private memory.

This selftest shows that private memory contents of the guest are not
accessible to host userspace via the HVA.

Signed-off-by: Ackerley Tng 
---
 .../kvm/x86_64/private_mem_conversions_test.c | 54 ---
 1 file changed, 48 insertions(+), 6 deletions(-)

diff --git a/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c 
b/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
index ef9894340a2b..f2c1e4450b0e 100644
--- a/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
+++ b/tools/testing/selftests/kvm/x86_64/private_mem_conversions_test.c
@@ -47,6 +47,16 @@ static void memcmp_h(uint8_t *mem, uint8_t pattern, size_t 
size)
pattern, i, mem[i]);
 }
 
+static void memcmp_ne_h(uint8_t *mem, uint8_t pattern, size_t size)
+{
+   size_t i;
+
+   for (i = 0; i < size; i++)
+   TEST_ASSERT(mem[i] != pattern,
+   "Expected not to find 0x%x at offset %lu but got 
0x%x",
+   pattern, i, mem[i]);
+}
+
 /*
  * Run memory conversion tests with explicit conversion:
  * Execute KVM hypercall to map/unmap gpa range which will cause userspace exit
@@ -64,8 +74,14 @@ static void memcmp_h(uint8_t *mem, uint8_t pattern, size_t 
size)
 
 #define GUEST_STAGE(o, s) { .offset = o, .size = s }
 
-#define GUEST_SYNC4(gpa, size, current_pattern, new_pattern) \
-   ucall(UCALL_SYNC, 4, gpa, size, current_pattern, new_pattern)
+#define UCALL_RW_SHARED (0xca11 - 0)
+#define UCALL_R_PRIVATE (0xca11 - 1)
+
+#define REQUEST_HOST_RW_SHARED(gpa, size, current_pattern, new_pattern) \
+   ucall(UCALL_RW_SHARED, 4, gpa, size, current_pattern, new_pattern)
+
+#define REQUEST_HOST_R_PRIVATE(gpa, size, expected_pattern) \
+   ucall(UCALL_R_PRIVATE, 3, gpa, size, expected_pattern)
 
 static void guest_code(void)
 {
@@ -86,7 +102,7 @@ static void guest_code(void)
 
/* Memory should be shared by default. */
memset((void *)DATA_GPA, ~init_p, DATA_SIZE);
-   GUEST_SYNC4(DATA_GPA, DATA_SIZE, ~init_p, init_p);
+   REQUEST_HOST_RW_SHARED(DATA_GPA, DATA_SIZE, ~init_p, init_p);
memcmp_g(DATA_GPA, init_p, DATA_SIZE);
 
for (i = 0; i < ARRAY_SIZE(stages); i++) {
@@ -113,6 +129,12 @@ static void guest_code(void)
kvm_hypercall_map_private(gpa, size);
memset((void *)gpa, p2, size);
 
+   /*
+* Host should not be able to read the values written to private
+* memory
+*/
+   REQUEST_HOST_R_PRIVATE(gpa, size, p2);
+
/*
 * Verify that the private memory was set to pattern two, and
 * that shared memory still holds the initial pattern.
@@ -133,11 +155,20 @@ static void guest_code(void)
continue;
 
kvm_hypercall_map_shared(gpa + j, PAGE_SIZE);
-   GUEST_SYNC4(gpa + j, PAGE_SIZE, p1, p3);
+   REQUEST_HOST_RW_SHARED(gpa + j, PAGE_SIZE, p1, p3);
 
memcmp_g(gpa + j, p3, PAGE_SIZE);
}
 
+   /*
+* Even-number pages are still mapped as private, host should
+* not be able to read those values.
+*/
+   for (j = 0; j < size; j += PAGE_SIZE) {
+   if (!((j >> PAGE_SHIFT) & 1))
+   REQUEST_HOST_R_PRIVATE(gpa + j, PAGE_SIZE, p2);
+   }
+
/*
 * Convert the entire region back to shared, explicitly write
 * pattern three to fill in the even-number frames before
@@ -145,7 +176,7 @@ static void guest_code(void)
 */
kvm_hypercall_map_shared(gpa, size);
memset((void *)gpa, p3, size);
-   GUEST_SYNC4(gpa, size, p3, p4);
+   REQUEST_HOST_RW_SHARED(gpa, size, p3, p4);
memcmp_g(gpa, p4, size);
 
/* Reset the shared memory back to the initial pattern. */
@@ -209,7 +240,18 @@ static void test_mem_conversions(enum 
vm_mem_backing_src_type src_type)
switch (get_ucall(vcpu, &uc)) {
case UCALL_ABORT:
REPORT_GUEST_ASSERT_4(uc, "%lx %lx %lx %lx");
-   case UCALL_SYNC: {
+   case UCALL_R_PRIVATE: {
+   uint8_t *hva = addr_gpa2hva(vm, uc.args[0]);
+   uint64_t size = uc.args[1];
+
+   /*
+* Try to read hva for private gpa from host, should not
+* be able to read private data
+*/
+   memcmp_ne_h

[RFC PATCH 00/10] Additional selftests for restrictedmem

2023-03-15 Thread Ackerley Tng 
Hello,

This is a series containing additional selftests for restrictedmem,
prepared to be used with the next iteration of the restrictedmem
series after v10.

restrictedmem v10 is available at
https://lore.kernel.org/lkml/20221202061347.1070246-1-chao.p.p...@linux.intel.com/T/.

The tree can be found at
https://github.com/googleprodkernel/linux-cc/tree/restrictedmem-additional-selftests-rfc-v1/.

Dependencies
+ The next iteration of the restrictedmem series
+ branch: https://github.com/chao-p/linux/commits/privmem-v11.4
+ commit: 
https://github.com/chao-p/linux/tree/ddd2c92b268a2fdc6158f82a6169ad1a57f2a01d
+ Proposed fix to adjust VM's initial stack address to align with SysV
  ABI spec: 
https://lore.kernel.org/lkml/20230227180601.104318-1-ackerley...@google.com/

Ackerley Tng (10):
  KVM: selftests: Test error message fixes for memfd_restricted
selftests
  KVM: selftests: Test that ftruncate to non-page-aligned size on a
restrictedmem fd should fail
  KVM: selftests: Test that VM private memory should not be readable
from host
  KVM: selftests: Exercise restrictedmem allocation and truncation code
after KVM invalidation code has been unbound
  KVM: selftests: Generalize private_mem_conversions_test for parallel
execution
  KVM: selftests: Default private_mem_conversions_test to use 1 memslot
for test data
  KVM: selftests: Add vm_userspace_mem_region_add_with_restrictedmem
  KVM: selftests: Default private_mem_conversions_test to use 1
restrictedmem file for test data
  KVM: selftests: Add tests around sharing a restrictedmem fd
  KVM: selftests: Test KVM exit behavior for private memory/access

 tools/testing/selftests/kvm/Makefile  |   1 +
 .../selftests/kvm/include/kvm_util_base.h |   4 +
 tools/testing/selftests/kvm/lib/kvm_util.c|  46 ++-
 .../selftests/kvm/set_memory_region_test.c|  29 +-
 .../kvm/x86_64/private_mem_conversions_test.c | 295 +++---
 .../kvm/x86_64/private_mem_kvm_exits_test.c   | 124 
 tools/testing/selftests/vm/memfd_restricted.c |   9 +-
 7 files changed, 455 insertions(+), 53 deletions(-)
 create mode 100644 
tools/testing/selftests/kvm/x86_64/private_mem_kvm_exits_test.c

--
2.40.0.rc2.332.ga46443480c-goog

[PATCH v2 1/2] target/s390x: Fix R[NOX]SBG with T=1

2023-03-15 Thread Ilya Leoshkevich 
RXSBG usage in the "filetests" test from the wasmtime testsuite makes
tcg_reg_alloc_op() attempt to temp_load() a TEMP_VAL_DEAD temporary,
causing an assertion failure:

0x01000a70:  ec14 b040 3057  rxsbg%r1, %r4, 0xb0, 0x40, 0x30

OP after optimization and liveness analysis:
  01000a70 0004 0006
 rotl_i64 tmp2,r4,$0x30   dead: 1 2  pref=0x
 and_i64 tmp2,tmp2,$0x8000dead: 1  pref=0x
[xor_i64 tmp3,tmp3,tmp2   dead: 1 2  pref=0x]
 and_i64 cc_dst,tmp3,$0x8000  sync: 0  dead: 0 1 2  pref=0x
 mov_i64 psw_addr,$0x1000a76  sync: 0  dead: 0 1  pref=0x
 mov_i32 cc_op,$0x6   sync: 0  dead: 0 1  pref=0x
 call lookup_tb_ptr,$0x6,$1,tmp8,env  dead: 1  pref=none
 goto_ptr tmp8dead: 0
 set_label $L0
 exit_tb $0x7fffe809d183

../tcg/tcg.c:3865: tcg fatal error

The reason is that tmp3 does not have an initial value, which confuses
the register allocator. This also affects the correctness of the
results.

Fix by assigning R1 to it.

Fixes: d6c6372e186e ("target-s390: Implement R[NOX]SBG")
Reviewed-by: David Hildenbrand 
Signed-off-by: Ilya Leoshkevich 
---
 target/s390x/tcg/translate.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 14c3896d529..6dd2f41ad08 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -3696,10 +3696,13 @@ static DisasJumpType op_rosbg(DisasContext *s, DisasOps 
*o)
 int i4 = get_field(s, i4);
 int i5 = get_field(s, i5);
 uint64_t mask;
+TCGv_i64 tmp;
 
 /* If this is a test-only form, arrange to discard the result.  */
 if (i3 & 0x80) {
+tmp = o->out;
 o->out = tcg_temp_new_i64();
+tcg_gen_mov_i64(o->out, tmp);
 }
 
 i3 &= 63;
-- 
2.39.2

[PATCH v2 2/2] tests/tcg/s390x: Add rxsbg.c

2023-03-15 Thread Ilya Leoshkevich 
Add a small test for RXSBG with T=1 to prevent regressions.

Signed-off-by: Ilya Leoshkevich 
---
 tests/tcg/s390x/Makefile.target |  3 +++
 tests/tcg/s390x/rxsbg.c | 46 +
 2 files changed, 49 insertions(+)
 create mode 100644 tests/tcg/s390x/rxsbg.c

diff --git a/tests/tcg/s390x/Makefile.target b/tests/tcg/s390x/Makefile.target
index cf93b966862..3c940ac952e 100644
--- a/tests/tcg/s390x/Makefile.target
+++ b/tests/tcg/s390x/Makefile.target
@@ -29,10 +29,13 @@ TESTS+=clst
 TESTS+=long-double
 TESTS+=cdsg
 TESTS+=chrl
+TESTS+=rxsbg
 
 cdsg: CFLAGS+=-pthread
 cdsg: LDFLAGS+=-pthread
 
+rxsbg: CFLAGS+=-O2
+
 Z13_TESTS=vistr
 $(Z13_TESTS): CFLAGS+=-march=z13 -O2
 TESTS+=$(Z13_TESTS)
diff --git a/tests/tcg/s390x/rxsbg.c b/tests/tcg/s390x/rxsbg.c
new file mode 100644
index 000..4b155db304e
--- /dev/null
+++ b/tests/tcg/s390x/rxsbg.c
@@ -0,0 +1,46 @@
+/*
+ * Test the RXSBG instruction.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include 
+#include 
+
+static inline __attribute__((__always_inline__)) void
+rxsbg(unsigned long *r1, unsigned long r2, int i3, int i4, int i5, int *cc)
+{
+asm("rxsbg %[r1],%[r2],%[i3],%[i4],%[i5]\n"
+"ipm %[cc]"
+: [r1] "+r" (*r1), [cc] "=r" (*cc)
+: [r2] "r" (r2) , [i3] "i" (i3) , [i4] "i" (i4) , [i5] "i" (i5)
+: "cc");
+*cc = (*cc >> 28) & 3;
+}
+
+void test_cc0(void)
+{
+unsigned long r1 = 6;
+int cc;
+
+rxsbg(&r1, 3, 61 | 0x80, 62, 1, &cc);
+assert(r1 == 6);
+assert(cc == 0);
+}
+
+void test_cc1(void)
+{
+unsigned long r1 = 2;
+int cc;
+
+rxsbg(&r1, 3, 61 | 0x80, 62, 1, &cc);
+assert(r1 == 2);
+assert(cc == 1);
+}
+
+int main(void)
+{
+test_cc0();
+test_cc1();
+
+return EXIT_SUCCESS;
+}
-- 
2.39.2

[PATCH v2 0/2] target/s390x: Fix R[NOX]SBG with T=1

2023-03-15 Thread Ilya Leoshkevich 
v1: https://lists.gnu.org/archive/html/qemu-devel/2023-03/msg04493.html
v1 -> v2: Work around a clang issue (Thomas).
  Add cc=0 test, use more human-friendly constants.

Hi,

This series fixes ROTATE THEN  SELECTED BITS when
test-results control is on. The problem is the incorrect translation,
which confuses the register allocator.

Patch 1 is the fix, patch 2 adds a test.

Best regards,
Ilya

Ilya Leoshkevich (2):
  target/s390x: Fix R[NOX]SBG with T=1
  tests/tcg/s390x: Add rxsbg.c

 target/s390x/tcg/translate.c|  3 +++
 tests/tcg/s390x/Makefile.target |  3 +++
 tests/tcg/s390x/rxsbg.c | 46 +
 3 files changed, 52 insertions(+)
 create mode 100644 tests/tcg/s390x/rxsbg.c

-- 
2.39.2

Re: [PATCH] Use f-strings in python scripts

2023-03-15 Thread John Snow 
On Wed, Mar 15, 2023 at 8:13 AM Philippe Mathieu-Daudé
 wrote:
>
> On 15/3/23 12:16, Daniel P. Berrangé wrote:
> > On Wed, Mar 15, 2023 at 08:43:33AM +0100, Philippe Mathieu-Daudé wrote:
> >> Hi Marco,
> >>
> >> (+Python experts)
> >>
> >> On 13/3/23 18:25, Marco Liebel wrote:
> >>> Replace python 2 format string with f-strings
> >>>
> >>> Signed-off-by: Marco Liebel 
> >>> ---
> >>>target/hexagon/gen_helper_funcs.py  |  54 ++--
> >>>target/hexagon/gen_helper_protos.py |  10 +-
> >>>target/hexagon/gen_idef_parser_funcs.py |   8 +-
> >>>target/hexagon/gen_op_attribs.py|   4 +-
> >>>target/hexagon/gen_op_regs.py   |  10 +-
> >>>target/hexagon/gen_opcodes_def.py   |   2 +-
> >>>target/hexagon/gen_printinsn.py |  14 +-
> >>>target/hexagon/gen_shortcode.py |   2 +-
> >>>target/hexagon/gen_tcg_func_table.py|   2 +-
> >>>target/hexagon/gen_tcg_funcs.py | 317 +++-
> >>>target/hexagon/hex_common.py|   4 +-
> >>>11 files changed, 198 insertions(+), 229 deletions(-)
> >>
> >> These files use a mix of ', " and '''... Since you are modifying
> >> them, it would be nice to unify. I'm not sure there is a recommended
> >> style; matter of taste, I find the single quote (') less aggressive,
> >> then escaping it using ", and keeping ''' for multi-lines strings.
> >

I pretty much agree with Dan, it's best to use a formatting tool and
just stick with it. We don't have a unified standard across the code
base right now, and it would be rude to make that a pre-requisite of a
patch like this.
Until then, docstrings should use triple-double quotes. Any other
string can use whatever quoting style happens to be most convenient
for the string being written to minimize escaping. Consistency is nice
where reasonable, but minimizing escapes by using different styles on
an as-needed basis is a respectable and good thing.

I glanced *very quickly* at these files and it looks like the style is
to use double quotes for format strings and single quotes for constant
strings. That seems fine to me.

> > FWIW, rather than debating code style issues and coming up with a custom
> > set of rules for QEMU python code, my recommendation would be to consider
> > adopting 'black'
> >
> >https://black.readthedocs.io/en/stable/
> >
> > There is a trend with recent languages to offer an opinionated code
> > formatting tool as standard to maximise consistency across projects
> > in a given language. 'black' is a decent attempt to bring this to
> > the python world. I found it pretty liberating when doing recent
> > python work in libvirt, to be able to mostly not worry about formatting
> > anymore.
>
> Clever.
>
> So per 'black -t py37' the style is """, I was not even close.
>
> > The main downside is the bulk-reformat in the history, which can
> > make backports more challenging. For "git blame" you can use the
> > .git-blame-ignore-revs file to hide the reformats.
>
> TIL .git-blame-ignore-revs, thanks!
>

Huh, that's awesome.

[PATCH v3 08/12] target/s390x: Handle CLRL and CLGFRL with non-aligned addresses

2023-03-15 Thread Ilya Leoshkevich 
Use MO_ALIGN and let do_unaligned_access() generate a specification
exception.

Reported-by: Nina Schoetterl-Glausch 
Suggested-by: Nina Schoetterl-Glausch 
Reviewed-by: Richard Henderson 
Signed-off-by: Ilya Leoshkevich 
---
 target/s390x/tcg/translate.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index d3b8126d8c6..c67f8440db8 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -5866,7 +5866,8 @@ static void in2_mri2_32s(DisasContext *s, DisasOps *o)
 static void in2_mri2_32u(DisasContext *s, DisasOps *o)
 {
 o->in2 = tcg_temp_new_i64();
-tcg_gen_qemu_ld32u(o->in2, gen_ri2(s), get_mem_index(s));
+tcg_gen_qemu_ld_tl(o->in2, gen_ri2(s), get_mem_index(s),
+   MO_TEUL | MO_ALIGN);
 }
 #define SPEC_in2_mri2_32u 0
 
-- 
2.39.2

[PATCH v3 04/12] target/s390x: Handle LRL and LGFRL from non-aligned addresses

2023-03-15 Thread Ilya Leoshkevich 
Use MO_ALIGN and let do_unaligned_access() generate a specification
exception.

Reported-by: Nina Schoetterl-Glausch 
Suggested-by: Nina Schoetterl-Glausch 
Reviewed-by: Richard Henderson 
Signed-off-by: Ilya Leoshkevich 
---
 target/s390x/tcg/insn-data.h.inc | 14 +++---
 target/s390x/tcg/translate.c |  3 ++-
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/target/s390x/tcg/insn-data.h.inc b/target/s390x/tcg/insn-data.h.inc
index d439d803509..5aff4c0873a 100644
--- a/target/s390x/tcg/insn-data.h.inc
+++ b/target/s390x/tcg/insn-data.h.inc
@@ -410,12 +410,12 @@
 
 /* LOAD */
 C(0x1800, LR,  RR_a,  Z,   0, r2_o, 0, cond_r1r2_32, mov2, 0)
-C(0x5800, L,   RX_a,  Z,   0, a2, new, r1_32, ld32s, 0)
-C(0xe358, LY,  RXY_a, LD,  0, a2, new, r1_32, ld32s, 0)
+D(0x5800, L,   RX_a,  Z,   0, a2, new, r1_32, ld32s, 0, 0)
+D(0xe358, LY,  RXY_a, LD,  0, a2, new, r1_32, ld32s, 0, 0)
 C(0xb904, LGR, RRE,   Z,   0, r2_o, 0, r1, mov2, 0)
 C(0xb914, LGFR,RRE,   Z,   0, r2_32s, 0, r1, mov2, 0)
 D(0xe304, LG,  RXY_a, Z,   0, a2, r1, 0, ld64, 0, 0)
-C(0xe314, LGF, RXY_a, Z,   0, a2, r1, 0, ld32s, 0)
+D(0xe314, LGF, RXY_a, Z,   0, a2, r1, 0, ld32s, 0, 0)
 F(0x2800, LDR, RR_a,  Z,   0, f2, 0, f1, mov2, 0, IF_AFP1 | IF_AFP2)
 F(0x6800, LD,  RX_a,  Z,   0, m2_64, 0, f1, mov2, 0, IF_AFP1)
 F(0xed65, LDY, RXY_a, LD,  0, m2_64, 0, f1, mov2, 0, IF_AFP1)
@@ -426,9 +426,9 @@
 /* LOAD IMMEDIATE */
 C(0xc001, LGFI,RIL_a, EI,  0, i2, 0, r1, mov2, 0)
 /* LOAD RELATIVE LONG */
-C(0xc40d, LRL, RIL_b, GIE, 0, ri2, new, r1_32, ld32s, 0)
+D(0xc40d, LRL, RIL_b, GIE, 0, ri2, new, r1_32, ld32s, 0, MO_ALIGN)
 D(0xc408, LGRL,RIL_b, GIE, 0, ri2, r1, 0, ld64, 0, MO_ALIGN)
-C(0xc40c, LGFRL,   RIL_b, GIE, 0, ri2, r1, 0, ld32s, 0)
+D(0xc40c, LGFRL,   RIL_b, GIE, 0, ri2, r1, 0, ld32s, 0, MO_ALIGN)
 /* LOAD ADDRESS */
 C(0x4100, LA,  RX_a,  Z,   0, a2, 0, r1, mov2, 0)
 C(0xe371, LAY, RXY_a, LD,  0, a2, 0, r1, mov2, 0)
@@ -456,9 +456,9 @@
 C(0x1200, LTR, RR_a,  Z,   0, r2_o, 0, cond_r1r2_32, mov2, s32)
 C(0xb902, LTGR,RRE,   Z,   0, r2_o, 0, r1, mov2, s64)
 C(0xb912, LTGFR,   RRE,   Z,   0, r2_32s, 0, r1, mov2, s64)
-C(0xe312, LT,  RXY_a, EI,  0, a2, new, r1_32, ld32s, s64)
+D(0xe312, LT,  RXY_a, EI,  0, a2, new, r1_32, ld32s, s64, 0)
 D(0xe302, LTG, RXY_a, EI,  0, a2, r1, 0, ld64, s64, 0)
-C(0xe332, LTGF,RXY_a, GIE, 0, a2, r1, 0, ld32s, s64)
+D(0xe332, LTGF,RXY_a, GIE, 0, a2, r1, 0, ld32s, s64, 0)
 F(0xb302, LTEBR,   RRE,   Z,   0, e2, 0, cond_e1e2, mov2, f32, IF_BFP)
 F(0xb312, LTDBR,   RRE,   Z,   0, f2, 0, f1, mov2, f64, IF_BFP)
 F(0xb342, LTXBR,   RRE,   Z,   x2h, x2l, 0, x1_P, movx, f128, IF_BFP)
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index a40289512da..f89e1ce353b 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -2770,7 +2770,8 @@ static DisasJumpType op_ld16u(DisasContext *s, DisasOps 
*o)
 
 static DisasJumpType op_ld32s(DisasContext *s, DisasOps *o)
 {
-tcg_gen_qemu_ld32s(o->out, o->in2, get_mem_index(s));
+tcg_gen_qemu_ld_tl(o->out, o->in2, get_mem_index(s),
+   MO_TESL | s->insn->data);
 return DISAS_NEXT;
 }
 
-- 
2.39.2

[PATCH v3 09/12] target/s390x: Handle STRL to non-aligned addresses

2023-03-15 Thread Ilya Leoshkevich 
Use MO_ALIGN and let do_unaligned_access() generate a specification
exception.

Reported-by: Nina Schoetterl-Glausch 
Suggested-by: Nina Schoetterl-Glausch 
Reviewed-by: Richard Henderson 
Signed-off-by: Ilya Leoshkevich 
---
 target/s390x/tcg/insn-data.h.inc | 12 ++--
 target/s390x/tcg/translate.c |  3 ++-
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/target/s390x/tcg/insn-data.h.inc b/target/s390x/tcg/insn-data.h.inc
index 3abd2dbedd5..30c02b3fcd6 100644
--- a/target/s390x/tcg/insn-data.h.inc
+++ b/target/s390x/tcg/insn-data.h.inc
@@ -840,15 +840,15 @@
 F(0xed15, SQDB,RXE,   Z,   0, m2_64, new, f1, sqdb, 0, IF_BFP)
 
 /* STORE */
-C(0x5000, ST,  RX_a,  Z,   r1_o, a2, 0, 0, st32, 0)
-C(0xe350, STY, RXY_a, LD,  r1_o, a2, 0, 0, st32, 0)
+D(0x5000, ST,  RX_a,  Z,   r1_o, a2, 0, 0, st32, 0, 0)
+D(0xe350, STY, RXY_a, LD,  r1_o, a2, 0, 0, st32, 0, 0)
 C(0xe324, STG, RXY_a, Z,   r1_o, a2, 0, 0, st64, 0)
 F(0x6000, STD, RX_a,  Z,   f1, a2, 0, 0, st64, 0, IF_AFP1)
 F(0xed67, STDY,RXY_a, LD,  f1, a2, 0, 0, st64, 0, IF_AFP1)
-F(0x7000, STE, RX_a,  Z,   e1, a2, 0, 0, st32, 0, IF_AFP1)
-F(0xed66, STEY,RXY_a, LD,  e1, a2, 0, 0, st32, 0, IF_AFP1)
+E(0x7000, STE, RX_a,  Z,   e1, a2, 0, 0, st32, 0, 0, IF_AFP1)
+E(0xed66, STEY,RXY_a, LD,  e1, a2, 0, 0, st32, 0, 0, IF_AFP1)
 /* STORE RELATIVE LONG */
-C(0xc40f, STRL,RIL_b, GIE, r1_o, ri2, 0, 0, st32, 0)
+D(0xc40f, STRL,RIL_b, GIE, r1_o, ri2, 0, 0, st32, 0, MO_ALIGN)
 C(0xc40b, STGRL,   RIL_b, GIE, r1_o, ri2, 0, 0, st64, 0)
 /* STORE CHARACTER */
 C(0x4200, STC, RX_a,  Z,   r1_o, a2, 0, 0, st8, 0)
@@ -867,7 +867,7 @@
 /* STORE HALFWORD RELATIVE LONG */
 C(0xc407, STHRL,   RIL_b, GIE, r1_o, ri2, 0, 0, st16, 0)
 /* STORE HIGH */
-C(0xe3cb, STFH,RXY_a, HW,  r1_sr32, a2, 0, 0, st32, 0)
+D(0xe3cb, STFH,RXY_a, HW,  r1_sr32, a2, 0, 0, st32, 0, 0)
 /* STORE ON CONDITION */
 D(0xebf3, STOC,RSY_b, LOC, 0, 0, 0, 0, soc, 0, 0)
 D(0xebe3, STOCG,   RSY_b, LOC, 0, 0, 0, 0, soc, 0, 1)
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index c67f8440db8..8fd21425dba 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -4370,7 +4370,8 @@ static DisasJumpType op_st16(DisasContext *s, DisasOps *o)
 
 static DisasJumpType op_st32(DisasContext *s, DisasOps *o)
 {
-tcg_gen_qemu_st32(o->in1, o->in2, get_mem_index(s));
+tcg_gen_qemu_st_tl(o->in1, o->in2, get_mem_index(s),
+   MO_TEUL | s->insn->data);
 return DISAS_NEXT;
 }
 
-- 
2.39.2

[PATCH v3 05/12] target/s390x: Handle LLGFRL from non-aligned addresses

2023-03-15 Thread Ilya Leoshkevich 
Use MO_ALIGN and let do_unaligned_access() generate a specification
exception.

Reported-by: Nina Schoetterl-Glausch 
Suggested-by: Nina Schoetterl-Glausch 
Reviewed-by: Richard Henderson 
Signed-off-by: Ilya Leoshkevich 
---
 target/s390x/tcg/insn-data.h.inc | 6 +++---
 target/s390x/tcg/translate.c | 3 ++-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/target/s390x/tcg/insn-data.h.inc b/target/s390x/tcg/insn-data.h.inc
index 5aff4c0873a..3abd2dbedd5 100644
--- a/target/s390x/tcg/insn-data.h.inc
+++ b/target/s390x/tcg/insn-data.h.inc
@@ -502,16 +502,16 @@
 C(0xc405, LHRL,RIL_b, GIE, 0, ri2, new, r1_32, ld16s, 0)
 C(0xc404, LGHRL,   RIL_b, GIE, 0, ri2, r1, 0, ld16s, 0)
 /* LOAD HIGH */
-C(0xe3ca, LFH, RXY_a, HW,  0, a2, new, r1_32h, ld32u, 0)
+D(0xe3ca, LFH, RXY_a, HW,  0, a2, new, r1_32h, ld32u, 0, 0)
 /* LOAG HIGH AND TRAP */
 C(0xe3c8, LFHAT,   RXY_a, LAT, 0, m2_32u, r1, 0, lfhat, 0)
 /* LOAD LOGICAL */
 C(0xb916, LLGFR,   RRE,   Z,   0, r2_32u, 0, r1, mov2, 0)
-C(0xe316, LLGF,RXY_a, Z,   0, a2, r1, 0, ld32u, 0)
+D(0xe316, LLGF,RXY_a, Z,   0, a2, r1, 0, ld32u, 0, 0)
 /* LOAD LOGICAL AND TRAP */
 C(0xe39d, LLGFAT,  RXY_a, LAT, 0, a2, r1, 0, llgfat, 0)
 /* LOAD LOGICAL RELATIVE LONG */
-C(0xc40e, LLGFRL,  RIL_b, GIE, 0, ri2, r1, 0, ld32u, 0)
+D(0xc40e, LLGFRL,  RIL_b, GIE, 0, ri2, r1, 0, ld32u, 0, MO_ALIGN)
 /* LOAD LOGICAL CHARACTER */
 C(0xb994, LLCR,RRE,   EI,  0, r2_8u, 0, r1_32, mov2, 0)
 C(0xb984, LLGCR,   RRE,   EI,  0, r2_8u, 0, r1, mov2, 0)
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index f89e1ce353b..1f459f0f2bd 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -2777,7 +2777,8 @@ static DisasJumpType op_ld32s(DisasContext *s, DisasOps 
*o)
 
 static DisasJumpType op_ld32u(DisasContext *s, DisasOps *o)
 {
-tcg_gen_qemu_ld32u(o->out, o->in2, get_mem_index(s));
+tcg_gen_qemu_ld_tl(o->out, o->in2, get_mem_index(s),
+   MO_TEUL | s->insn->data);
 return DISAS_NEXT;
 }
 
-- 
2.39.2

[PATCH v3 11/12] target/s390x: Update do_unaligned_access() comment

2023-03-15 Thread Ilya Leoshkevich 
Relative long instructions now depend on do_unaligned_access() too.

Reviewed-by: Richard Henderson 
Signed-off-by: Ilya Leoshkevich 
---
 target/s390x/tcg/excp_helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/s390x/tcg/excp_helper.c b/target/s390x/tcg/excp_helper.c
index bc767f04438..cafdef77234 100644
--- a/target/s390x/tcg/excp_helper.c
+++ b/target/s390x/tcg/excp_helper.c
@@ -85,8 +85,8 @@ void HELPER(data_exception)(CPUS390XState *env, uint32_t dxc)
 
 /*
  * Unaligned accesses are only diagnosed with MO_ALIGN.  At the moment,
- * this is only for the atomic operations, for which we want to raise a
- * specification exception.
+ * this is only for the atomic and relative long operations, for which we want
+ * to raise a specification exception.
  */
 static G_NORETURN
 void do_unaligned_access(CPUState *cs, uintptr_t retaddr)
-- 
2.39.2

[PATCH v3 03/12] target/s390x: Handle LGRL from non-aligned addresses

2023-03-15 Thread Ilya Leoshkevich 
Use MO_ALIGN and let do_unaligned_access() generate a specification
exception.

Reported-by: Nina Schoetterl-Glausch 
Suggested-by: Nina Schoetterl-Glausch 
Reviewed-by: Richard Henderson 
Signed-off-by: Ilya Leoshkevich 
---
 target/s390x/tcg/insn-data.h.inc | 6 +++---
 target/s390x/tcg/translate.c | 3 ++-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/target/s390x/tcg/insn-data.h.inc b/target/s390x/tcg/insn-data.h.inc
index 6fe8ca51437..d439d803509 100644
--- a/target/s390x/tcg/insn-data.h.inc
+++ b/target/s390x/tcg/insn-data.h.inc
@@ -414,7 +414,7 @@
 C(0xe358, LY,  RXY_a, LD,  0, a2, new, r1_32, ld32s, 0)
 C(0xb904, LGR, RRE,   Z,   0, r2_o, 0, r1, mov2, 0)
 C(0xb914, LGFR,RRE,   Z,   0, r2_32s, 0, r1, mov2, 0)
-C(0xe304, LG,  RXY_a, Z,   0, a2, r1, 0, ld64, 0)
+D(0xe304, LG,  RXY_a, Z,   0, a2, r1, 0, ld64, 0, 0)
 C(0xe314, LGF, RXY_a, Z,   0, a2, r1, 0, ld32s, 0)
 F(0x2800, LDR, RR_a,  Z,   0, f2, 0, f1, mov2, 0, IF_AFP1 | IF_AFP2)
 F(0x6800, LD,  RX_a,  Z,   0, m2_64, 0, f1, mov2, 0, IF_AFP1)
@@ -427,7 +427,7 @@
 C(0xc001, LGFI,RIL_a, EI,  0, i2, 0, r1, mov2, 0)
 /* LOAD RELATIVE LONG */
 C(0xc40d, LRL, RIL_b, GIE, 0, ri2, new, r1_32, ld32s, 0)
-C(0xc408, LGRL,RIL_b, GIE, 0, ri2, r1, 0, ld64, 0)
+D(0xc408, LGRL,RIL_b, GIE, 0, ri2, r1, 0, ld64, 0, MO_ALIGN)
 C(0xc40c, LGFRL,   RIL_b, GIE, 0, ri2, r1, 0, ld32s, 0)
 /* LOAD ADDRESS */
 C(0x4100, LA,  RX_a,  Z,   0, a2, 0, r1, mov2, 0)
@@ -457,7 +457,7 @@
 C(0xb902, LTGR,RRE,   Z,   0, r2_o, 0, r1, mov2, s64)
 C(0xb912, LTGFR,   RRE,   Z,   0, r2_32s, 0, r1, mov2, s64)
 C(0xe312, LT,  RXY_a, EI,  0, a2, new, r1_32, ld32s, s64)
-C(0xe302, LTG, RXY_a, EI,  0, a2, r1, 0, ld64, s64)
+D(0xe302, LTG, RXY_a, EI,  0, a2, r1, 0, ld64, s64, 0)
 C(0xe332, LTGF,RXY_a, GIE, 0, a2, r1, 0, ld32s, s64)
 F(0xb302, LTEBR,   RRE,   Z,   0, e2, 0, cond_e1e2, mov2, f32, IF_BFP)
 F(0xb312, LTDBR,   RRE,   Z,   0, f2, 0, f1, mov2, f64, IF_BFP)
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 14c3896d529..a40289512da 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -2782,7 +2782,8 @@ static DisasJumpType op_ld32u(DisasContext *s, DisasOps 
*o)
 
 static DisasJumpType op_ld64(DisasContext *s, DisasOps *o)
 {
-tcg_gen_qemu_ld64(o->out, o->in2, get_mem_index(s));
+tcg_gen_qemu_ld_i64(o->out, o->in2, get_mem_index(s),
+MO_TEUQ | s->insn->data);
 return DISAS_NEXT;
 }
 
-- 
2.39.2

[PATCH v3 10/12] target/s390x: Handle STGRL to non-aligned addresses

2023-03-15 Thread Ilya Leoshkevich 
Use MO_ALIGN and let do_unaligned_access() generate a specification
exception.

Reported-by: Nina Schoetterl-Glausch 
Suggested-by: Nina Schoetterl-Glausch 
Reviewed-by: Richard Henderson 
Signed-off-by: Ilya Leoshkevich 
---
 target/s390x/tcg/insn-data.h.inc | 8 
 target/s390x/tcg/translate.c | 3 ++-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/target/s390x/tcg/insn-data.h.inc b/target/s390x/tcg/insn-data.h.inc
index 30c02b3fcd6..597d968b0e8 100644
--- a/target/s390x/tcg/insn-data.h.inc
+++ b/target/s390x/tcg/insn-data.h.inc
@@ -842,14 +842,14 @@
 /* STORE */
 D(0x5000, ST,  RX_a,  Z,   r1_o, a2, 0, 0, st32, 0, 0)
 D(0xe350, STY, RXY_a, LD,  r1_o, a2, 0, 0, st32, 0, 0)
-C(0xe324, STG, RXY_a, Z,   r1_o, a2, 0, 0, st64, 0)
-F(0x6000, STD, RX_a,  Z,   f1, a2, 0, 0, st64, 0, IF_AFP1)
-F(0xed67, STDY,RXY_a, LD,  f1, a2, 0, 0, st64, 0, IF_AFP1)
+D(0xe324, STG, RXY_a, Z,   r1_o, a2, 0, 0, st64, 0, 0)
+E(0x6000, STD, RX_a,  Z,   f1, a2, 0, 0, st64, 0, 0, IF_AFP1)
+E(0xed67, STDY,RXY_a, LD,  f1, a2, 0, 0, st64, 0, 0, IF_AFP1)
 E(0x7000, STE, RX_a,  Z,   e1, a2, 0, 0, st32, 0, 0, IF_AFP1)
 E(0xed66, STEY,RXY_a, LD,  e1, a2, 0, 0, st32, 0, 0, IF_AFP1)
 /* STORE RELATIVE LONG */
 D(0xc40f, STRL,RIL_b, GIE, r1_o, ri2, 0, 0, st32, 0, MO_ALIGN)
-C(0xc40b, STGRL,   RIL_b, GIE, r1_o, ri2, 0, 0, st64, 0)
+D(0xc40b, STGRL,   RIL_b, GIE, r1_o, ri2, 0, 0, st64, 0, MO_ALIGN)
 /* STORE CHARACTER */
 C(0x4200, STC, RX_a,  Z,   r1_o, a2, 0, 0, st8, 0)
 C(0xe372, STCY,RXY_a, LD,  r1_o, a2, 0, 0, st8, 0)
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 8fd21425dba..7626692df22 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -4377,7 +4377,8 @@ static DisasJumpType op_st32(DisasContext *s, DisasOps *o)
 
 static DisasJumpType op_st64(DisasContext *s, DisasOps *o)
 {
-tcg_gen_qemu_st64(o->in1, o->in2, get_mem_index(s));
+tcg_gen_qemu_st_i64(o->in1, o->in2, get_mem_index(s),
+MO_TEUQ | s->insn->data);
 return DISAS_NEXT;
 }
 
-- 
2.39.2

[PATCH v3 07/12] target/s390x: Handle CGRL and CLGRL with non-aligned addresses

2023-03-15 Thread Ilya Leoshkevich 
Use MO_ALIGN and let do_unaligned_access() generate a specification
exception.

Reported-by: Nina Schoetterl-Glausch 
Suggested-by: Nina Schoetterl-Glausch 
Reviewed-by: Richard Henderson 
Signed-off-by: Ilya Leoshkevich 
---
 target/s390x/tcg/translate.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 983bb4edc39..d3b8126d8c6 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -5873,7 +5873,8 @@ static void in2_mri2_32u(DisasContext *s, DisasOps *o)
 static void in2_mri2_64(DisasContext *s, DisasOps *o)
 {
 o->in2 = tcg_temp_new_i64();
-tcg_gen_qemu_ld64(o->in2, gen_ri2(s), get_mem_index(s));
+tcg_gen_qemu_ld_i64(o->in2, gen_ri2(s), get_mem_index(s),
+MO_TEUQ | MO_ALIGN);
 }
 #define SPEC_in2_mri2_64 0
 
-- 
2.39.2

[PATCH v3 00/12] target/s390x: Handle unaligned accesses

2023-03-15 Thread Ilya Leoshkevich 
v2: https://lists.gnu.org/archive/html/qemu-devel/2023-03/msg04231.html
v2 -> v3: Fix clang build (Thomas).

v1: https://lists.gnu.org/archive/html/qemu-devel/2023-03/msg03821.html
v1 -> v2: Use MO_ALIGN (Richard).

Patches that need review:
- [PATCH 12/12] tests/tcg/s390x: Test unaligned accesses

Hi,

This series makes accessing unaligned addresses with branching, LPSWE,
EXECUTE and relative long instructions fail with a specification
exception instead of succeeding.

Patches 1-10 are fixes, patch 11 adjusts a comment to reflect a change
done by fixes, patch 12 adds a number of softmmu and user tests.

Best regards,
Ilya

Ilya Leoshkevich (12):
  target/s390x: Handle branching to odd addresses
  target/s390x: Handle EXECUTE of odd addresses
  target/s390x: Handle LGRL from non-aligned addresses
  target/s390x: Handle LRL and LGFRL from non-aligned addresses
  target/s390x: Handle LLGFRL from non-aligned addresses
  target/s390x: Handle CRL and CGFRL with non-aligned addresses
  target/s390x: Handle CGRL and CLGRL with non-aligned addresses
  target/s390x: Handle CLRL and CLGFRL with non-aligned addresses
  target/s390x: Handle STRL to non-aligned addresses
  target/s390x: Handle STGRL to non-aligned addresses
  target/s390x: Update do_unaligned_access() comment
  tests/tcg/s390x: Test unaligned accesses

 target/s390x/cpu.h  |  9 +++
 target/s390x/tcg/excp_helper.c  |  4 +-
 target/s390x/tcg/insn-data.h.inc| 46 ++---
 target/s390x/tcg/mem_helper.c   | 12 +++-
 target/s390x/tcg/translate.c| 24 ---
 tests/tcg/s390x/Makefile.softmmu-target |  4 +-
 tests/tcg/s390x/Makefile.target |  3 +
 tests/tcg/s390x/asm-const.h | 13 
 tests/tcg/s390x/br-odd.S| 18 +
 tests/tcg/s390x/cgrl-unaligned.S| 17 +
 tests/tcg/s390x/clrl-unaligned.S| 15 +
 tests/tcg/s390x/crl-unaligned.S | 17 +
 tests/tcg/s390x/ex-odd.S| 17 +
 tests/tcg/s390x/lgrl-unaligned.S| 17 +
 tests/tcg/s390x/llgfrl-unaligned.S  | 17 +
 tests/tcg/s390x/lpswe-unaligned.S   | 17 +
 tests/tcg/s390x/lrl-unaligned.S | 17 +
 tests/tcg/s390x/pgm-specification.inc   | 90 +
 tests/tcg/s390x/pgm-specification.mak   | 15 +
 tests/tcg/s390x/stgrl-unaligned.S   | 17 +
 tests/tcg/s390x/strl-unaligned.S| 17 +
 21 files changed, 370 insertions(+), 36 deletions(-)
 create mode 100644 tests/tcg/s390x/asm-const.h
 create mode 100644 tests/tcg/s390x/br-odd.S
 create mode 100644 tests/tcg/s390x/cgrl-unaligned.S
 create mode 100644 tests/tcg/s390x/clrl-unaligned.S
 create mode 100644 tests/tcg/s390x/crl-unaligned.S
 create mode 100644 tests/tcg/s390x/ex-odd.S
 create mode 100644 tests/tcg/s390x/lgrl-unaligned.S
 create mode 100644 tests/tcg/s390x/llgfrl-unaligned.S
 create mode 100644 tests/tcg/s390x/lpswe-unaligned.S
 create mode 100644 tests/tcg/s390x/lrl-unaligned.S
 create mode 100644 tests/tcg/s390x/pgm-specification.inc
 create mode 100644 tests/tcg/s390x/pgm-specification.mak
 create mode 100644 tests/tcg/s390x/stgrl-unaligned.S
 create mode 100644 tests/tcg/s390x/strl-unaligned.S

-- 
2.39.2

[PATCH v3 06/12] target/s390x: Handle CRL and CGFRL with non-aligned addresses

2023-03-15 Thread Ilya Leoshkevich 
Use MO_ALIGN and let do_unaligned_access() generate a specification
exception.

Reported-by: Nina Schoetterl-Glausch 
Suggested-by: Nina Schoetterl-Glausch 
Reviewed-by: Richard Henderson 
Signed-off-by: Ilya Leoshkevich 
---
 target/s390x/tcg/translate.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 1f459f0f2bd..983bb4edc39 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -5858,7 +5858,8 @@ static void in2_mri2_16u(DisasContext *s, DisasOps *o)
 static void in2_mri2_32s(DisasContext *s, DisasOps *o)
 {
 o->in2 = tcg_temp_new_i64();
-tcg_gen_qemu_ld32s(o->in2, gen_ri2(s), get_mem_index(s));
+tcg_gen_qemu_ld_tl(o->in2, gen_ri2(s), get_mem_index(s),
+   MO_TESL | MO_ALIGN);
 }
 #define SPEC_in2_mri2_32s 0
 
-- 
2.39.2

[PATCH v3 12/12] tests/tcg/s390x: Test unaligned accesses

2023-03-15 Thread Ilya Leoshkevich 
Add a number of small test that check whether accessing unaligned
addresses in various ways leads to a specification exception.

Run these test both in softmmu and user configurations; expect a PGM
in one case and SIGILL in the other.

Signed-off-by: Ilya Leoshkevich 
---
 tests/tcg/s390x/Makefile.softmmu-target |  4 +-
 tests/tcg/s390x/Makefile.target |  3 +
 tests/tcg/s390x/asm-const.h | 13 
 tests/tcg/s390x/br-odd.S| 18 +
 tests/tcg/s390x/cgrl-unaligned.S| 17 +
 tests/tcg/s390x/clrl-unaligned.S| 15 +
 tests/tcg/s390x/crl-unaligned.S | 17 +
 tests/tcg/s390x/ex-odd.S| 17 +
 tests/tcg/s390x/lgrl-unaligned.S| 17 +
 tests/tcg/s390x/llgfrl-unaligned.S  | 17 +
 tests/tcg/s390x/lpswe-unaligned.S   | 17 +
 tests/tcg/s390x/lrl-unaligned.S | 17 +
 tests/tcg/s390x/pgm-specification.inc   | 90 +
 tests/tcg/s390x/pgm-specification.mak   | 15 +
 tests/tcg/s390x/stgrl-unaligned.S   | 17 +
 tests/tcg/s390x/strl-unaligned.S| 17 +
 16 files changed, 310 insertions(+), 1 deletion(-)
 create mode 100644 tests/tcg/s390x/asm-const.h
 create mode 100644 tests/tcg/s390x/br-odd.S
 create mode 100644 tests/tcg/s390x/cgrl-unaligned.S
 create mode 100644 tests/tcg/s390x/clrl-unaligned.S
 create mode 100644 tests/tcg/s390x/crl-unaligned.S
 create mode 100644 tests/tcg/s390x/ex-odd.S
 create mode 100644 tests/tcg/s390x/lgrl-unaligned.S
 create mode 100644 tests/tcg/s390x/llgfrl-unaligned.S
 create mode 100644 tests/tcg/s390x/lpswe-unaligned.S
 create mode 100644 tests/tcg/s390x/lrl-unaligned.S
 create mode 100644 tests/tcg/s390x/pgm-specification.inc
 create mode 100644 tests/tcg/s390x/pgm-specification.mak
 create mode 100644 tests/tcg/s390x/stgrl-unaligned.S
 create mode 100644 tests/tcg/s390x/strl-unaligned.S

diff --git a/tests/tcg/s390x/Makefile.softmmu-target 
b/tests/tcg/s390x/Makefile.softmmu-target
index 725b6c598db..f32b7872e51 100644
--- a/tests/tcg/s390x/Makefile.softmmu-target
+++ b/tests/tcg/s390x/Makefile.softmmu-target
@@ -4,8 +4,10 @@ QEMU_OPTS=-action panic=exit-failure -kernel
 
 %: %.S
$(CC) -march=z13 -m64 -nostdlib -static -Wl,-Ttext=0 \
-   -Wl,--build-id=none $< -o $@
+   -Wl,--build-id=none -D__ASSEMBLY__ -DCONFIG_SOFTMMU $< -o $@
 
 TESTS += unaligned-lowcore
 TESTS += bal
 TESTS += sam
+
+include $(S390X_SRC)/pgm-specification.mak
diff --git a/tests/tcg/s390x/Makefile.target b/tests/tcg/s390x/Makefile.target
index cf93b966862..cd207237f17 100644
--- a/tests/tcg/s390x/Makefile.target
+++ b/tests/tcg/s390x/Makefile.target
@@ -33,6 +33,9 @@ TESTS+=chrl
 cdsg: CFLAGS+=-pthread
 cdsg: LDFLAGS+=-pthread
 
+include $(S390X_SRC)/pgm-specification.mak
+$(PGM_SPECIFICATION_TESTS): CFLAGS+=-x c
+
 Z13_TESTS=vistr
 $(Z13_TESTS): CFLAGS+=-march=z13 -O2
 TESTS+=$(Z13_TESTS)
diff --git a/tests/tcg/s390x/asm-const.h b/tests/tcg/s390x/asm-const.h
new file mode 100644
index 000..c7e2d6ddc45
--- /dev/null
+++ b/tests/tcg/s390x/asm-const.h
@@ -0,0 +1,13 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/* Based on linux kernel's arch/s390/include/asm/asm-const.h . */
+#ifndef ASM_CONST_H
+#define ASM_CONST_H
+
+#ifdef __ASSEMBLY__
+#define stringify_in_c(...) __VA_ARGS__
+#else
+#define __stringify_in_c(...) #__VA_ARGS__
+#define stringify_in_c(...) __stringify_in_c(__VA_ARGS__) " "
+#endif
+
+#endif
diff --git a/tests/tcg/s390x/br-odd.S b/tests/tcg/s390x/br-odd.S
new file mode 100644
index 000..9848c18d6e0
--- /dev/null
+++ b/tests/tcg/s390x/br-odd.S
@@ -0,0 +1,18 @@
+/*
+ * Test BRanching to a non-mapped odd address.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include "asm-const.h"
+
+#define CODE   
\
+stringify_in_c(lgrl %r1,addr;) 
\
+stringify_in_c(br %r1;)
+
+#define DATA   
\
+stringify_in_c(addr:;) 
\
+stringify_in_c(.quad 0x;)
+
+#define EXPECTED_OLD_PSWA 0x
+
+#include "pgm-specification.inc"
diff --git a/tests/tcg/s390x/cgrl-unaligned.S b/tests/tcg/s390x/cgrl-unaligned.S
new file mode 100644
index 000..573eaa5c849
--- /dev/null
+++ b/tests/tcg/s390x/cgrl-unaligned.S
@@ -0,0 +1,17 @@
+/*
+ * Test CGRL with a non-doubleword aligned address.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include "asm-const.h"
+
+#define CODE   
\
+stringify_in_c(expected_old_pswa:;)
\
+stringify_in_c(cgrl %r1,unaligned;)
+
+#define DATA   
\
+stringify_in_c(.long 0;)   
\
+

[PATCH v3 01/12] target/s390x: Handle branching to odd addresses

2023-03-15 Thread Ilya Leoshkevich 
Let branching happen and try to generate a new translation block with
an odd address. Generate a specification exception in
cpu_get_tb_cpu_state().

Reported-by: Harold Grovesteen 
Reported-by: Nina Schoetterl-Glausch 
Reviewed-by: Richard Henderson 
Signed-off-by: Ilya Leoshkevich 
---
 target/s390x/cpu.h | 9 +
 1 file changed, 9 insertions(+)

diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index 7d6d01325b2..0a76e96e078 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -29,6 +29,7 @@
 #include "cpu_models.h"
 #include "exec/cpu-defs.h"
 #include "qemu/cpu-float.h"
+#include "tcg/tcg_s390x.h"
 
 #define ELF_MACHINE_UNAME "S390X"
 
@@ -381,6 +382,14 @@ static inline int cpu_mmu_index(CPUS390XState *env, bool 
ifetch)
 static inline void cpu_get_tb_cpu_state(CPUS390XState* env, target_ulong *pc,
 target_ulong *cs_base, uint32_t *flags)
 {
+if (env->psw.addr & 1) {
+/*
+ * Instructions must be at even addresses.
+ * This needs to be checked before address translation.
+ */
+env->int_pgm_ilen = 2; /* see s390_cpu_tlb_fill() */
+tcg_s390_program_interrupt(env, PGM_SPECIFICATION, 0);
+}
 *pc = env->psw.addr;
 *cs_base = env->ex_value;
 *flags = (env->psw.mask >> FLAG_MASK_PSW_SHIFT) & FLAG_MASK_PSW;
-- 
2.39.2

[PATCH v3 02/12] target/s390x: Handle EXECUTE of odd addresses

2023-03-15 Thread Ilya Leoshkevich 
Generate a specification exception in the helper before trying to fetch
the instruction.

Reported-by: Nina Schoetterl-Glausch 
Reviewed-by: Richard Henderson 
Signed-off-by: Ilya Leoshkevich 
---
 target/s390x/tcg/mem_helper.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/target/s390x/tcg/mem_helper.c b/target/s390x/tcg/mem_helper.c
index 6835c26dda4..9d1c4bb7374 100644
--- a/target/s390x/tcg/mem_helper.c
+++ b/target/s390x/tcg/mem_helper.c
@@ -2468,8 +2468,16 @@ void HELPER(stpq_parallel)(CPUS390XState *env, uint64_t 
addr,
 */
 void HELPER(ex)(CPUS390XState *env, uint32_t ilen, uint64_t r1, uint64_t addr)
 {
-uint64_t insn = cpu_lduw_code(env, addr);
-uint8_t opc = insn >> 8;
+uint64_t insn;
+uint8_t opc;
+
+/* EXECUTE targets must be at even addresses.  */
+if (addr & 1) {
+tcg_s390_program_interrupt(env, PGM_SPECIFICATION, GETPC());
+}
+
+insn = cpu_lduw_code(env, addr);
+opc = insn >> 8;
 
 /* Or in the contents of R1[56:63].  */
 insn |= r1 & 0xff;
-- 
2.39.2

Re: [RFC QEMU PATCH 08/18] virtio-gpu: Initialize Venus

2023-03-15 Thread Dmitry Osipenko 
On 3/13/23 18:55, Huang Rui wrote:
> On Mon, Mar 13, 2023 at 01:51:03AM +0800, Dmitry Osipenko wrote:
>> On 3/12/23 12:22, Huang Rui wrote:
>>> From: Antonio Caggiano 
>>>
>>> Request Venus when initializing VirGL.
>>>
>>> Signed-off-by: Antonio Caggiano 
>>> ---
>>>  hw/display/virtio-gpu-virgl.c | 4 
>>>  1 file changed, 4 insertions(+)
>>>
>>> diff --git a/hw/display/virtio-gpu-virgl.c b/hw/display/virtio-gpu-virgl.c
>>> index fe03dc916f..f5ce206b93 100644
>>> --- a/hw/display/virtio-gpu-virgl.c
>>> +++ b/hw/display/virtio-gpu-virgl.c
>>> @@ -803,7 +803,11 @@ int virtio_gpu_virgl_init(VirtIOGPU *g)
>>>  {
>>>  int ret;
>>>  
>>> +#ifdef VIRGL_RENDERER_VENUS
>>> +ret = virgl_renderer_init(g, VIRGL_RENDERER_VENUS, &virtio_gpu_3d_cbs);
>>> +#else
>>>  ret = virgl_renderer_init(g, 0, &virtio_gpu_3d_cbs);
>>> +#endif
>>
>> Note that Venus now requires VIRGL_RENDERER_RENDER_SERVER flag to be
>> set. Please test the patches with the latest virglrenderer and etc.
>>
>> The #ifdef also doesn't allow adding new flags, it should look like:
>>
>> #ifdef VIRGL_RENDERER_VENUS
>> flags |= VIRGL_RENDERER_RENDER_SERVER;
>> #endif
>>
>> ret = virgl_renderer_init(g, flags, &virtio_gpu_3d_cbs);
> 
> In fact, we have rebased to the latest virglrenderer:
> 
> We check both VIRGL_RENDERER_RENDER_SERVER or VIRGL_RENDERER_VENUS in
> virglrenderer, alternative of them works.
> 
> https://gitlab.freedesktop.org/rui/virglrenderer/-/commit/c1322a8a84379b1ef7939f56c6761b0114716f45

All the extra changes you made to virglrenderer that Qemu depends on
need to go upstream. Please open all the relevant merge requests. Thanks!

-- 
Best regards,
Dmitry

Re: [PATCH 02/10] python: drop pipenv

2023-03-15 Thread John Snow 
On Wed, Mar 15, 2023 at 5:17 PM Philippe Mathieu-Daudé
 wrote:
>
> +Jan
>
> On 22/2/23 15:37, Paolo Bonzini wrote:
> > From: John Snow 
> >
> > The pipenv tool was nice in theory, but in practice it's just too hard
> > to update selectively, and it makes using it a pain. The qemu.qmp repo
> > dropped pipenv support a while back and it's been functioning just fine,
> > so I'm backporting that change here to qemu.git.
> >
> > Signed-off-by: John Snow 
> > Signed-off-by: Paolo Bonzini 
> > ---
> >   .gitlab-ci.d/static_checks.yml |   4 +-
> >   python/.gitignore  |   4 +-
> >   python/Makefile|  53 ++--
> >   python/Pipfile |  13 -
> >   python/Pipfile.lock| 347 -
> >   python/README.rst  |   3 -
> >   python/setup.cfg   |   4 +-
> >   python/tests/minreqs.txt   |  45 
> >   tests/docker/dockerfiles/python.docker |   1 -
> >   9 files changed, 86 insertions(+), 388 deletions(-)
> >   delete mode 100644 python/Pipfile
> >   delete mode 100644 python/Pipfile.lock
> >   create mode 100644 python/tests/minreqs.txt
> >
> > diff --git a/.gitlab-ci.d/static_checks.yml b/.gitlab-ci.d/static_checks.yml
> > index 289ad1359e3a..b4cbdbce2abf 100644
> > --- a/.gitlab-ci.d/static_checks.yml
> > +++ b/.gitlab-ci.d/static_checks.yml
> > @@ -23,12 +23,12 @@ check-dco:
> > before_script:
> >   - apk -U add git
> >
> > -check-python-pipenv:
> > +check-python-minreqs:
> > extends: .base_job_template
> > stage: test
> > image: $CI_REGISTRY_IMAGE/qemu/python:latest
> > script:
> > -- make -C python check-pipenv
> > +- make -C python check-minreqs
> > variables:
> >   GIT_DEPTH: 1
> > needs:
> > diff --git a/python/.gitignore b/python/.gitignore
> > index 904f324bb11a..c3ceb1ca0ab1 100644
> > --- a/python/.gitignore
> > +++ b/python/.gitignore
> > @@ -11,8 +11,8 @@ qemu.egg-info/
> >   .idea/
> >   .vscode/
> >
> > -# virtual environments (pipenv et al)
> > -.venv/
> > +# virtual environments
> > +.min-venv/
> >   .tox/
> >   .dev-venv/
> >
> > diff --git a/python/Makefile b/python/Makefile
> > index b170708398ab..c5bd6ff83ac9 100644
> > --- a/python/Makefile
> > +++ b/python/Makefile
> > @@ -1,15 +1,16 @@
> >   QEMU_VENV_DIR=.dev-venv
> > +QEMU_MINVENV_DIR=.min-venv
> >   QEMU_TOX_EXTRA_ARGS ?=
> >
> >   .PHONY: help
> >   help:
> >   @echo "python packaging help:"
> >   @echo ""
> > - @echo "make check-pipenv:"
> > - @echo "Run tests in pipenv's virtual environment."
> > + @echo "make check-minreqs:"
> > + @echo "Run tests in the minreqs virtual environment."
> >   @echo "These tests use the oldest dependencies."
> > - @echo "Requires: Python 3.6 and pipenv."
> > - @echo "Hint (Fedora): 'sudo dnf install python3.6 pipenv'"
> > + @echo "Requires: Python 3.6"
> > + @echo "Hint (Fedora): 'sudo dnf install python3.6'"
> >   @echo ""
> >   @echo "make check-tox:"
> >   @echo "Run tests against multiple python versions."
> > @@ -33,8 +34,8 @@ help:
> >   @echo "and install the qemu package in editable mode."
> >   @echo "(Can be used in or outside of a venv.)"
> >   @echo ""
> > - @echo "make pipenv"
> > - @echo "Creates pipenv's virtual environment (.venv)"
> > + @echo "make min-venv"
> > + @echo "Creates the minreqs virtual environment 
> > ($(QEMU_MINVENV_DIR))"
> >   @echo ""
> >   @echo "make dev-venv"
> >   @echo "Creates a simple venv for check-dev. ($(QEMU_VENV_DIR))"
> > @@ -43,21 +44,38 @@ help:
> >   @echo "Remove package build output."
> >   @echo ""
> >   @echo "make distclean:"
> > - @echo "remove pipenv/venv files, qemu package forwarder,"
> > + @echo "remove venv files, qemu package forwarder,"
> >   @echo "built distribution files, and everything from 'make 
> > clean'."
> >   @echo ""
> >   @echo -e "Have a nice day ^_^\n"
> >
> > -.PHONY: pipenv
> > -pipenv: .venv
> > -.venv: Pipfile.lock
> > - @PIPENV_VENV_IN_PROJECT=1 pipenv sync --dev --keep-outdated
> > - rm -f pyproject.toml
> > - @touch .venv
> > +.PHONY: pipenv check-pipenv
> > +pipenv check-pipenv:
> > + @echo "pipenv was dropped; try 'make check-minreqs' or 'make 
> > min-venv'"
> > + @exit 1
> >
> > -.PHONY: check-pipenv
> > -check-pipenv: pipenv
> > - @pipenv run make check
> > +.PHONY: min-venv
> > +min-venv: $(QEMU_MINVENV_DIR) $(QEMU_MINVENV_DIR)/bin/activate
> > +$(QEMU_MINVENV_DIR) $(QEMU_MINVENV_DIR)/bin/activate: setup.cfg 
> > tests/minreqs.txt
> > + @echo "VENV $(QEMU_MINVENV_DIR)"
> > + @python3.6 -m venv $(QEMU_MINVENV_DIR)
> > + @(  \
> > + echo "ACTIVATE $(QEMU_MINVENV_DIR)";\
> > + . $(QEMU_MINVEN

Re: [PATCH v2 30/32] contrib/gitdm: add revng to domain map

2023-03-15 Thread Alessandro Di Federico via 
On Wed, 15 Mar 2023 17:43:29 +
Alex Bennée  wrote:

> +rev.ng  revng

Can we have "rev.ng Labs"?
I suggested this in my previous e-mail too, but maybe it slipped away.

-- 
Alessandro Di Federico
rev.ng Labs

Re: [PATCH 2/4] hw/arm: Add WDT to Allwinner-A10 and Cubieboard

2023-03-15 Thread Strahinja Jankovic 
Hi Niek,

On Tue, Mar 14, 2023 at 10:21 PM Niek Linnenbank
 wrote:
>
> Hi Strahinja,
>
>
> On Sat, Mar 11, 2023 at 3:42 PM Strahinja Jankovic 
>  wrote:
>>
>> This patch adds WDT to Allwinner-A10 and Cubieboard.
>> WDT is added as an overlay to the Timer module memory map.
>>
>> Signed-off-by: Strahinja Jankovic 
>> ---
>>  docs/system/arm/cubieboard.rst | 1 +
>>  hw/arm/Kconfig | 1 +
>>  hw/arm/allwinner-a10.c | 7 +++
>>  include/hw/arm/allwinner-a10.h | 2 ++
>>  4 files changed, 11 insertions(+)
>>
>> diff --git a/docs/system/arm/cubieboard.rst b/docs/system/arm/cubieboard.rst
>> index 8d485f5435..58c4a2d3ea 100644
>> --- a/docs/system/arm/cubieboard.rst
>> +++ b/docs/system/arm/cubieboard.rst
>> @@ -15,3 +15,4 @@ Emulated devices:
>>  - USB controller
>>  - SATA controller
>>  - TWI (I2C) controller
>> +- Watchdog timer
>> diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
>> index b5aed4aff5..ec15248536 100644
>> --- a/hw/arm/Kconfig
>> +++ b/hw/arm/Kconfig
>> @@ -325,6 +325,7 @@ config ALLWINNER_A10
>>  select ALLWINNER_A10_PIC
>>  select ALLWINNER_A10_CCM
>>  select ALLWINNER_A10_DRAMC
>> +select ALLWINNER_WDT
>>  select ALLWINNER_EMAC
>>  select ALLWINNER_I2C
>>  select AXP209_PMU
>> diff --git a/hw/arm/allwinner-a10.c b/hw/arm/allwinner-a10.c
>> index b7ca795c71..b0ea3f7f66 100644
>> --- a/hw/arm/allwinner-a10.c
>> +++ b/hw/arm/allwinner-a10.c
>> @@ -38,6 +38,7 @@
>>  #define AW_A10_EHCI_BASE0x01c14000
>>  #define AW_A10_OHCI_BASE0x01c14400
>>  #define AW_A10_SATA_BASE0x01c18000
>> +#define AW_A10_WDT_BASE 0x01c20c90
>
>
> Unfortunately I couldn't find any details about the watchdog in the Allwinner 
> A10 datasheet "A10_Datasheet.pdf", except for a very brief
> summary in chapter 9.1 in the Timer Controller. But I did find that linux is 
> using this same base address and registers with the shared driver code in 
> drivers/watchdog/sunxi_wdt.c.

Thanks for the review. The User Manual for Allwinner A10 is available
at https://linux-sunxi.org/images/1/1e/Allwinner_A10_User_manual_V1.5.pdf,
watchdog registers are on pages 99-100.

Best regards,
Strahinja


>
> Looks good to me.
>
> Reviewed-by: Niek Linnenbank 
>
>>
>>  #define AW_A10_RTC_BASE 0x01c20d00
>>  #define AW_A10_I2C0_BASE0x01c2ac00
>>
>> @@ -92,6 +93,8 @@ static void aw_a10_init(Object *obj)
>>  object_initialize_child(obj, "mmc0", &s->mmc0, TYPE_AW_SDHOST_SUN4I);
>>
>>  object_initialize_child(obj, "rtc", &s->rtc, TYPE_AW_RTC_SUN4I);
>> +
>> +object_initialize_child(obj, "wdt", &s->wdt, TYPE_AW_WDT_SUN4I);
>>  }
>>
>>  static void aw_a10_realize(DeviceState *dev, Error **errp)
>> @@ -203,6 +206,10 @@ static void aw_a10_realize(DeviceState *dev, Error 
>> **errp)
>>  sysbus_realize(SYS_BUS_DEVICE(&s->i2c0), &error_fatal);
>>  sysbus_mmio_map(SYS_BUS_DEVICE(&s->i2c0), 0, AW_A10_I2C0_BASE);
>>  sysbus_connect_irq(SYS_BUS_DEVICE(&s->i2c0), 0, qdev_get_gpio_in(dev, 
>> 7));
>> +
>> +/* WDT */
>> +sysbus_realize(SYS_BUS_DEVICE(&s->wdt), &error_fatal);
>> +sysbus_mmio_map_overlap(SYS_BUS_DEVICE(&s->wdt), 0, AW_A10_WDT_BASE, 1);
>>  }
>>
>>  static void aw_a10_class_init(ObjectClass *oc, void *data)
>> diff --git a/include/hw/arm/allwinner-a10.h b/include/hw/arm/allwinner-a10.h
>> index 095afb225d..cd1465c613 100644
>> --- a/include/hw/arm/allwinner-a10.h
>> +++ b/include/hw/arm/allwinner-a10.h
>> @@ -13,6 +13,7 @@
>>  #include "hw/misc/allwinner-a10-ccm.h"
>>  #include "hw/misc/allwinner-a10-dramc.h"
>>  #include "hw/i2c/allwinner-i2c.h"
>> +#include "hw/watchdog/allwinner-wdt.h"
>>  #include "sysemu/block-backend.h"
>>
>>  #include "target/arm/cpu.h"
>> @@ -41,6 +42,7 @@ struct AwA10State {
>>  AwSdHostState mmc0;
>>  AWI2CState i2c0;
>>  AwRtcState rtc;
>> +AwWdtState wdt;
>>  MemoryRegion sram_a;
>>  EHCISysBusState ehci[AW_A10_NUM_USB];
>>  OHCISysBusState ohci[AW_A10_NUM_USB];
>> --
>> 2.30.2
>>
>
>
> --
> Niek Linnenbank
>

Re: [PATCH 1/4] hw/watchdog: Allwinner WDT emulation for system reset

2023-03-15 Thread Strahinja Jankovic 
)Hi Niek,

On Tue, Mar 14, 2023 at 10:14 PM Niek Linnenbank
 wrote:
>
> Hi Strahinja,
>
>
> On Sat, Mar 11, 2023 at 3:41 PM Strahinja Jankovic 
>  wrote:
>>
>> This patch adds basic support for Allwinner WDT.
>> Both sun4i and sun6i variants are supported.
>> However, interrupt generation is not supported, so WDT can be used only to 
>> trigger system reset.
>>
>> Signed-off-by: Strahinja Jankovic 
>> ---
>>  hw/watchdog/Kconfig |   4 +
>>  hw/watchdog/allwinner-wdt.c | 428 
>>  hw/watchdog/meson.build |   1 +
>>  hw/watchdog/trace-events|   7 +
>>  include/hw/watchdog/allwinner-wdt.h | 123 
>>  5 files changed, 563 insertions(+)
>>  create mode 100644 hw/watchdog/allwinner-wdt.c
>>  create mode 100644 include/hw/watchdog/allwinner-wdt.h
>>
>> diff --git a/hw/watchdog/Kconfig b/hw/watchdog/Kconfig
>> index 66e1d029e3..861fd00334 100644
>> --- a/hw/watchdog/Kconfig
>> +++ b/hw/watchdog/Kconfig
>> @@ -20,3 +20,7 @@ config WDT_IMX2
>>
>>  config WDT_SBSA
>>  bool
>> +
>> +config ALLWINNER_WDT
>> +bool
>> +select PTIMER
>> diff --git a/hw/watchdog/allwinner-wdt.c b/hw/watchdog/allwinner-wdt.c
>> new file mode 100644
>> index 00..cf16ec7a56
>> --- /dev/null
>> +++ b/hw/watchdog/allwinner-wdt.c
>> @@ -0,0 +1,428 @@
>> +/*
>> + * Allwinner Watchdog emulation
>> + *
>> + * Copyright (C) 2023 Strahinja Jankovic 
>> + *
>> + *  This file is derived from Allwinner RTC,
>> + *  by Niek Linnenbank.
>> + *
>> + * This program is free software: you can redistribute it and/or modify
>> + * it under the terms of the GNU General Public License as published by
>> + * the Free Software Foundation, either version 2 of the License, or
>> + * (at your option) any later version.
>> + *
>> + * This program is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>> + * GNU General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU General Public License
>> + * along with this program.  If not, see .
>> + */
>> +
>> +#include "qemu/osdep.h"
>> +#include "qemu/log.h"
>> +#include "qemu/units.h"
>> +#include "qemu/module.h"
>> +#include "trace.h"
>> +#include "hw/sysbus.h"
>> +#include "hw/registerfields.h"
>> +#include "hw/watchdog/allwinner-wdt.h"
>> +#include "sysemu/watchdog.h"
>> +#include "migration/vmstate.h"
>> +
>> +/* WDT registers */
>> +enum {
>> +REG_IRQ_EN = 0, /* Watchdog interrupt enable */
>
>
> Since we are doing a check "if (!c->regmap[offset])" below, should the enum 
> values begin with 1 instead?

Yes, you are correct. I will fix this.

>
>>
>> +REG_IRQ_STA,/* Watchdog interrupt status */
>> +REG_CTRL,   /* Watchdog control register */
>> +REG_CFG,/* Watchdog configuration register */
>> +REG_MODE,   /* Watchdog mode register */
>> +};
>> +
>> +/* Universal WDT register flags */
>> +#define WDT_RESTART_MASK(1 << 0)
>> +#define WDT_EN_MASK (1 << 0)
>> +
>> +/* sun4i specific WDT register flags */
>> +#define RST_EN_SUN4I_MASK   (1 << 1)
>> +#define INTV_VALUE_SUN4I_SHIFT  (3)
>> +#define INTV_VALUE_SUN4I_MASK   (0xfu << INTV_VALUE_SUN4I_SHIFT)
>> +
>> +/* sun6i specific WDT register flags */
>> +#define RST_EN_SUN6I_MASK   (1 << 0)
>> +#define KEY_FIELD_SUN6I_SHIFT   (1)
>> +#define KEY_FIELD_SUN6I_MASK(0xfffu << KEY_FIELD_SUN6I_SHIFT)
>> +#define KEY_FIELD_SUN6I (0xA57u)
>> +#define INTV_VALUE_SUN6I_SHIFT  (4)
>> +#define INTV_VALUE_SUN6I_MASK   (0xfu << INTV_VALUE_SUN6I_SHIFT)
>> +
>> +/* Map of INTV_VALUE to 0.5s units. */
>> +static const uint8_t allwinner_wdt_count_map[] = {
>> +1,
>> +2,
>> +4,
>> +6,
>> +8,
>> +10,
>> +12,
>> +16,
>> +20,
>> +24,
>> +28,
>> +32
>> +};
>> +
>> +/* WDT sun4i register map (offset to name) */
>> +const uint8_t allwinner_wdt_sun4i_regmap[] = {
>> +[0x] = REG_CTRL,
>> +[0x0004] = REG_MODE,
>> +};
>> +
>> +/* WDT sun6i register map (offset to name) */
>> +const uint8_t allwinner_wdt_sun6i_regmap[] = {
>> +[0x] = REG_IRQ_EN,
>> +[0x0004] = REG_IRQ_STA,
>> +[0x0010] = REG_CTRL,
>> +[0x0014] = REG_CFG,
>> +[0x0018] = REG_MODE,
>> +};
>> +
>> +static bool allwinner_wdt_sun4i_read(AwWdtState *s, uint32_t offset)
>> +{
>> +/* no sun4i specific registers currently implemented */
>> +return false;
>> +}
>> +
>> +static bool allwinner_wdt_sun4i_write(AwWdtState *s, uint32_t offset,
>> +  uint32_t data)
>> +{
>> +/* no sun4i specific registers currently implemented */
>> +return false;
>> +}
>> +
>> +static bool allwinner_wdt_sun4i_can_reset_system(AwWdtState *s)
>> +{
>> +if (s->regs[REG_MODE] & RST_EN_SUN6I_MASK) {
>> +return true;
>> +} else {
>>

Re: [PATCH v6 1/4] file-posix: add tracking of the zone write pointers

2023-03-15 Thread Damien Le Moal 
On 3/15/23 21:59, Sam Li wrote:
> Damien Le Moal  于2023年3月14日周二 11:49写道:
>>
>> On 3/14/23 11:23, Dmitry Fomichev wrote:
 @@ -3339,10 +3473,27 @@ static int coroutine_fn
 raw_co_zone_mgmt(BlockDriverState *bs, BlockZoneOp op,
  len >> BDRV_SECTOR_BITS);
  ret = raw_thread_pool_submit(bs, handle_aiocb_zone_mgmt, &acb);
  if (ret != 0) {
 +update_zones_wp(s->fd, wps, offset, index);
  ret = -errno;
  error_report("ioctl %s failed %d", op_name, ret);
 +goto out;
  }

 +if (zo == BLKRESETZONE && len == capacity) {
 +for (int i = 0; i < bs->bl.nr_zones; ++i) {
 +if (!BDRV_ZT_IS_CONV(wps->wp[i])) {
 +wps->wp[i] = i * bs->bl.zone_size;
>>>
>>> This will reset write pointers of all read-only zones that may exist on the
>>> device and make the data stored in those zones unreadable. R/O zones need 
>>> to be
>>> skipped in this loop.
>>
>> And offline zones need to be skipped as well.
> 
> I see. That can be done thanks to get_zones_wp() which can show the
> state of the zone at specific position.

I do not think so: a zone wp is invalid for read-only and offline zones. So you
cannot rely on the wp value to detect these states. Even a valid wp value would
not tell you if the zone is read only or offline anyway. You need to track these
states with flags set when doing the first report zone on startup and when doing
a report zone after an IO error.

> 
> Sam

-- 
Damien Le Moal
Western Digital Research

Re: [PATCH] coverity: physmem: use simple assertions instead of modelling

2023-03-15 Thread Paolo Bonzini 

On 3/15/23 15:28, Vladimir Sementsov-Ogievskiy wrote:

On 22.02.23 18:57, Peter Maydell wrote:

On Wed, 22 Feb 2023 at 14:19, Stefan Hajnoczi  wrote:


On Wed, 15 Feb 2023 at 15:22, Vladimir Sementsov-Ogievskiy
 wrote:


ping

[add Stefan]


I'm not familiar with the Coverity models. Peter Maydell is the 
maintainer.


We haven't run Coverity scans since September last year.


What's the problem with it? May I help somehow?


The container broke when libslirp was removed, and I've been 
procrastinating fixing it. :(


Paolo




There's no point making changes to our model until we've
fixed that. Paolo?

thanks
-- PMM

Re: [PATCH 02/10] python: drop pipenv

2023-03-15 Thread Philippe Mathieu-Daudé 

+Jan

On 22/2/23 15:37, Paolo Bonzini wrote:

From: John Snow 

The pipenv tool was nice in theory, but in practice it's just too hard
to update selectively, and it makes using it a pain. The qemu.qmp repo
dropped pipenv support a while back and it's been functioning just fine,
so I'm backporting that change here to qemu.git.

Signed-off-by: John Snow 
Signed-off-by: Paolo Bonzini 
---
  .gitlab-ci.d/static_checks.yml |   4 +-
  python/.gitignore  |   4 +-
  python/Makefile|  53 ++--
  python/Pipfile |  13 -
  python/Pipfile.lock| 347 -
  python/README.rst  |   3 -
  python/setup.cfg   |   4 +-
  python/tests/minreqs.txt   |  45 
  tests/docker/dockerfiles/python.docker |   1 -
  9 files changed, 86 insertions(+), 388 deletions(-)
  delete mode 100644 python/Pipfile
  delete mode 100644 python/Pipfile.lock
  create mode 100644 python/tests/minreqs.txt

diff --git a/.gitlab-ci.d/static_checks.yml b/.gitlab-ci.d/static_checks.yml
index 289ad1359e3a..b4cbdbce2abf 100644
--- a/.gitlab-ci.d/static_checks.yml
+++ b/.gitlab-ci.d/static_checks.yml
@@ -23,12 +23,12 @@ check-dco:
before_script:
  - apk -U add git
  
-check-python-pipenv:

+check-python-minreqs:
extends: .base_job_template
stage: test
image: $CI_REGISTRY_IMAGE/qemu/python:latest
script:
-- make -C python check-pipenv
+- make -C python check-minreqs
variables:
  GIT_DEPTH: 1
needs:
diff --git a/python/.gitignore b/python/.gitignore
index 904f324bb11a..c3ceb1ca0ab1 100644
--- a/python/.gitignore
+++ b/python/.gitignore
@@ -11,8 +11,8 @@ qemu.egg-info/
  .idea/
  .vscode/
  
-# virtual environments (pipenv et al)

-.venv/
+# virtual environments
+.min-venv/
  .tox/
  .dev-venv/
  
diff --git a/python/Makefile b/python/Makefile

index b170708398ab..c5bd6ff83ac9 100644
--- a/python/Makefile
+++ b/python/Makefile
@@ -1,15 +1,16 @@
  QEMU_VENV_DIR=.dev-venv
+QEMU_MINVENV_DIR=.min-venv
  QEMU_TOX_EXTRA_ARGS ?=
  
  .PHONY: help

  help:
@echo "python packaging help:"
@echo ""
-   @echo "make check-pipenv:"
-   @echo "Run tests in pipenv's virtual environment."
+   @echo "make check-minreqs:"
+   @echo "Run tests in the minreqs virtual environment."
@echo "These tests use the oldest dependencies."
-   @echo "Requires: Python 3.6 and pipenv."
-   @echo "Hint (Fedora): 'sudo dnf install python3.6 pipenv'"
+   @echo "Requires: Python 3.6"
+   @echo "Hint (Fedora): 'sudo dnf install python3.6'"
@echo ""
@echo "make check-tox:"
@echo "Run tests against multiple python versions."
@@ -33,8 +34,8 @@ help:
@echo "and install the qemu package in editable mode."
@echo "(Can be used in or outside of a venv.)"
@echo ""
-   @echo "make pipenv"
-   @echo "Creates pipenv's virtual environment (.venv)"
+   @echo "make min-venv"
+   @echo "Creates the minreqs virtual environment 
($(QEMU_MINVENV_DIR))"
@echo ""
@echo "make dev-venv"
@echo "Creates a simple venv for check-dev. ($(QEMU_VENV_DIR))"
@@ -43,21 +44,38 @@ help:
@echo "Remove package build output."
@echo ""
@echo "make distclean:"
-   @echo "remove pipenv/venv files, qemu package forwarder,"
+   @echo "remove venv files, qemu package forwarder,"
@echo "built distribution files, and everything from 'make clean'."
@echo ""
@echo -e "Have a nice day ^_^\n"
  
-.PHONY: pipenv

-pipenv: .venv
-.venv: Pipfile.lock
-   @PIPENV_VENV_IN_PROJECT=1 pipenv sync --dev --keep-outdated
-   rm -f pyproject.toml
-   @touch .venv
+.PHONY: pipenv check-pipenv
+pipenv check-pipenv:
+   @echo "pipenv was dropped; try 'make check-minreqs' or 'make min-venv'"
+   @exit 1
  
-.PHONY: check-pipenv

-check-pipenv: pipenv
-   @pipenv run make check
+.PHONY: min-venv
+min-venv: $(QEMU_MINVENV_DIR) $(QEMU_MINVENV_DIR)/bin/activate
+$(QEMU_MINVENV_DIR) $(QEMU_MINVENV_DIR)/bin/activate: setup.cfg 
tests/minreqs.txt
+   @echo "VENV $(QEMU_MINVENV_DIR)"
+   @python3.6 -m venv $(QEMU_MINVENV_DIR)
+   @(  \
+   echo "ACTIVATE $(QEMU_MINVENV_DIR)";  \
+   . $(QEMU_MINVENV_DIR)/bin/activate; \
+   echo "INSTALL -r tests/minreqs.txt $(QEMU_MINVENV_DIR)";\
+   pip install -r tests/minreqs.txt 1>/dev/null;\
+   echo "INSTALL -e qemu $(QEMU_MINVENV_DIR)";   \
+   pip install -e . 1>/dev/null;\
+   )
+   @touch $(QEMU_MINVENV_DIR)
+
+.PHONY: check-minreqs
+check-minreqs: min-venv
+   @(

Re: [PATCH RESEND v2 2/2] migration/xbzrle: fix out-of-bounds write with axv512

2023-03-15 Thread Juan Quintela 
Matheus Tavares Bernardino  wrote:
> xbzrle_encode_buffer_avx512() checks for overflows too scarcely in its
> outer loop, causing out-of-bounds writes:
>
> $ ../configure --target-list=aarch64-softmmu --enable-sanitizers 
> --enable-avx512bw
> $ make tests/unit/test-xbzrle && ./tests/unit/test-xbzrle
>
> ==5518==ERROR: AddressSanitizer: heap-buffer-overflow on address 
> 0x6210b100 at pc 0x561109a7714d bp 0x7ffed712a440 sp 0x7ffed712a430
> WRITE of size 1 at 0x6210b100 thread T0
> #0 0x561109a7714c in uleb128_encode_small ../util/cutils.c:831
> #1 0x561109b67f6a in xbzrle_encode_buffer_avx512 ../migration/xbzrle.c:275
> #2 0x5611099a7428 in test_encode_decode_overflow 
> ../tests/unit/test-xbzrle.c:153
> #3 0x7fb2fb65a58d  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7a58d)
> #4 0x7fb2fb65a333  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7a333)
> #5 0x7fb2fb65aa79 in g_test_run_suite 
> (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7aa79)
> #6 0x7fb2fb65aa94 in g_test_run 
> (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7aa94)
> #7 0x5611099a3a23 in main ../tests/unit/test-xbzrle.c:218
> #8 0x7fb2fa78c082 in __libc_start_main 
> (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
> #9 0x5611099a608d in _start (/qemu/build/tests/unit/test-xbzrle+0x28408d)
>
> 0x6210b100 is located 0 bytes to the right of 4096-byte region 
> [0x6210a100,0x6210b100)
> allocated by thread T0 here:
> #0 0x7fb2fb823a06 in __interceptor_calloc 
> ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153
> #1 0x7fb2fb637ef0 in g_malloc0 
> (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57ef0)
>
> Fix that by performing the overflow check in the inner loop, instead.
>
> Signed-off-by: Matheus Tavares Bernardino 

Reviewed-by: Juan Quintela 

queued.

As David said, we can still improve the code.

thanks, Juan.

Re: [PATCH RESEND v2 1/2] migration/xbzrle: use ctz64 to avoid undefined result

2023-03-15 Thread Juan Quintela 
Matheus Tavares Bernardino  wrote:
> __builtin_ctzll() produces undefined results when the argument is 0.
> This can be seen through test-xbzrle, which produces the following
> warning:
>
> ../migration/xbzrle.c:265: runtime error: passing zero to ctz(), which is not 
> a valid argument
>
> Replace __builtin_ctzll() with our ctz64() wrapper which properly
> handles 0.
>
> Signed-off-by: Matheus Tavares Bernardino 

Reviewed-by: Juan Quintela 

queued.

Re: [PATCH for-8.1 v2 25/26] target/riscv: rework write_misa()

2023-03-15 Thread Daniel Henrique Barboza 




On 3/15/23 02:25, liweiwei wrote:


On 2023/3/15 00:49, Daniel Henrique Barboza wrote:

write_misa() must use as much common logic as possible. We want to open
code just the bits that are exclusive to the CSR write operation and TCG
internals.

Rewrite write_misa() to work as follows:

- supress RVC right after verifying that we're not updating RVG;

- mask the write using misa_ext_mask to avoid enabling unsupported
   extensions;

- emulate the steps done by realize(): validate the candidate misa_ext
   val, then validate the configuration with the candidate misa_ext val,
   and finally commit the changes to cpu->cfg.

If any of the validation steps fails simply ignore the write operation.

Let's keep write_misa() as experimental for now until this logic gains
enough mileage.

Signed-off-by: Daniel Henrique Barboza 
---
  target/riscv/cpu.c | 12 +---
  target/riscv/cpu.h |  6 ++
  target/riscv/csr.c | 47 +-
  3 files changed, 32 insertions(+), 33 deletions(-)

diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 5bd92e1cda..4789a7b70d 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1027,9 +1027,8 @@ static void riscv_cpu_disable_priv_spec_isa_exts(RISCVCPU 
*cpu)
  }
-static void riscv_cpu_validate_misa_ext(CPURISCVState *env,
-    uint32_t misa_ext,
-    Error **errp)
+void riscv_cpu_validate_misa_ext(CPURISCVState *env, uint32_t misa_ext,
+ Error **errp)
  {
  Error *local_err = NULL;
@@ -1134,9 +1133,8 @@ static void riscv_cpu_validate_misa_mxl(RISCVCPU *cpu, 
Error **errp)
   * candidate misa_ext value. No changes in env->misa_ext
   * are made.
   */
-static void riscv_cpu_validate_extensions(RISCVCPU *cpu,
-  uint32_t misa_ext,
-  Error **errp)
+void riscv_cpu_validate_extensions(RISCVCPU *cpu, uint32_t misa_ext,
+   Error **errp)
  {
  if (cpu->cfg.epmp && !cpu->cfg.pmp) {
  /*
@@ -1227,7 +1225,7 @@ static void riscv_cpu_validate_extensions(RISCVCPU *cpu,
  }
  }
-static void riscv_cpu_commit_cpu_cfg(RISCVCPU *cpu)
+void riscv_cpu_commit_cpu_cfg(RISCVCPU *cpu)
  {
  if (cpu->cfg.ext_zk) {
  cpu->cfg.ext_zkn = true;
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index dbb4df9df0..ca2ba6a647 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -593,6 +593,12 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int 
size,
  char *riscv_isa_string(RISCVCPU *cpu);
  void riscv_cpu_list(void);
+void riscv_cpu_validate_misa_ext(CPURISCVState *env, uint32_t misa_ext,
+ Error **errp);
+void riscv_cpu_validate_extensions(RISCVCPU *cpu, uint32_t misa_ext,
+   Error **errp);
+void riscv_cpu_commit_cpu_cfg(RISCVCPU *cpu);
+
  #define cpu_list riscv_cpu_list
  #define cpu_mmu_index riscv_cpu_mmu_index
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 918d442ebd..6f26e7dbcd 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -1343,6 +1343,9 @@ static RISCVException read_misa(CPURISCVState *env, int 
csrno,
  static RISCVException write_misa(CPURISCVState *env, int csrno,
   target_ulong val)
  {
+    RISCVCPU *cpu = env_archcpu(env);
+    Error *local_err = NULL;
+
  if (!riscv_cpu_cfg(env)->misa_w) {
  /* drop write to misa */
  return RISCV_EXCP_NONE;
@@ -1353,47 +1356,39 @@ static RISCVException write_misa(CPURISCVState *env, 
int csrno,
  return RISCV_EXCP_NONE;
  }
-    /* 'I' or 'E' must be present */
-    if (!(val & (RVI | RVE))) {
-    /* It is not, drop write to misa */
-    return RISCV_EXCP_NONE;
-    }
-
-    /* 'E' excludes all other extensions */
-    if (val & RVE) {
-    /*
- * when we support 'E' we can do "val = RVE;" however
- * for now we just drop writes if 'E' is present.
- */
-    return RISCV_EXCP_NONE;
-    }
-
  /*
- * misa.MXL writes are not supported by QEMU.
- * Drop writes to those bits.
+ * Suppress 'C' if next instruction is not aligned
+ * TODO: this should check next_pc
   */
+    if ((val & RVC) && (GETPC() & ~3) != 0) {
+    val &= ~RVC;
+    }
  /* Mask extensions that are not supported by this hart */
  val &= env->misa_ext_mask;
-    /* 'D' depends on 'F', so clear 'D' if 'F' is not present */
-    if ((val & RVD) && !(val & RVF)) {
-    val &= ~RVD;
+    /* If nothing changed, do nothing. */
+    if (val == env->misa_ext) {
+    return RISCV_EXCP_NONE;
  }
  /*
- * Suppress 'C' if next instruction is not aligned
- * TODO: this should check next_pc
+ * This flow is similar to what riscv_cpu_realize() does,
+ * with the difference that we will update env->misa_ext
+ * value if everythin

Re: [PATCH] migration: Wait on preempt channel in preempt thread

2023-03-15 Thread Juan Quintela 
Peter Xu  wrote:
> QEMU main thread will wait until dest preempt channel established during
> processing the LISTEN command (within the whole postcopy PACKAGED data), by
> waiting on the semaphore postcopy_qemufile_dst_done.
>
> That's racy, because it's possible that the dest QEMU main thread hasn't
> yet accept()ed the new connection when processing the LISTEN event.  The
> sem_wait() will yield the main thread without being able to run anything
> else including the accept() of the new socket, which can cause deadlock
> within the main thread.
>
> To avoid the race, move the "wait channel" from main thread to the preempt
> thread right at the start.
>
> Reported-by: Peter Maydell 
> Fixes: 5655aab079 ("migration: Postpone postcopy preempt channel to be after 
> main")
> Reviewed-by: Daniel P. Berrangé 
> Signed-off-by: Peter Xu 

Reviewed-by: Juan Quintela 

queued.

Re: [PATCH v3 1/3] scripts/git.orderfile: Display QAPI script changes before schema ones

2023-03-15 Thread Juan Quintela 
Philippe Mathieu-Daudé  wrote:
> When modifying QAPI scripts and modifying C files along,
> it makes sense to display QAPI changes first.
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Juan Quintela

Re: [PATCH v3 3/3] qapi: Generate enum count as definition

2023-03-15 Thread Dr. David Alan Gilbert 
* Philippe Mathieu-Daudé (phi...@linaro.org) wrote:
> QAPI's gen_enum() generates QAPI enum values and the
> number of this values (as foo__MAX).
> The number of entries in an enum type is not part of
> the enumerated values, but we generate it as such.
> See for example:
> 
>   typedef enum OnOffAuto {
>   ON_OFF_AUTO_AUTO,
>   ON_OFF_AUTO_ON,
>   ON_OFF_AUTO_OFF,
>   ON_OFF_AUTO__MAX,<-
>   } OnOffAuto;
> 
> Instead of declaring the enum count as the last enumerated
> value, #define it, so it is not part of the enum.
> The previous example becomes:
> 
>   typedef enum OnOffAuto {
>   ON_OFF_AUTO_AUTO,
>   ON_OFF_AUTO_ON,
>   ON_OFF_AUTO_OFF,
>   #define ON_OFF_AUTO__MAX 3   <-
>   } OnOffAuto;
> 
> When iterating over a QAPISchemaEnumType, all possible
> values are covered. The 'default' switch case generated in
> gen_visit_object_members() is now unreachable, remove it.
> 
> Since Clang enables the -Wswitch warning by default [*],
> remove all pointless foo__MAX cases in switch statement,
> in order to avoid:
> 
>  audio/audio.c:2231:10: error: case value not in enumerated type 
> 'AudioFormat' (aka 'enum AudioFormat') [-Wswitch]
> case AUDIO_FORMAT__MAX:
>  ^
>  ui/input.c:233:14: error: case value not in enumerated type 'KeyValueKind' 
> (aka 'enum KeyValueKind') [-Wswitch]
> case KEY_VALUE_KIND__MAX:
>  ^
>  ...
> 
> [*] https://clang.llvm.org/docs/DiagnosticsReference.html#wswitch
> Reviewed-by: Richard Henderson 
> Reviewed-by: Juan Quintela 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  docs/devel/qapi-code-gen.rst |  4 ++--
>  scripts/qapi/types.py| 11 +++
>  scripts/qapi/visit.py|  2 --
>  audio/audio_template.h   |  3 ---
>  audio/audio.c|  6 --
>  migration/migration.c|  2 --
>  replay/replay-input.c| 12 
>  softmmu/tpm-hmp-cmds.c   |  2 --
>  ui/input-linux.c |  4 
>  ui/input.c   |  6 --
>  10 files changed, 9 insertions(+), 43 deletions(-)
> 
> diff --git a/docs/devel/qapi-code-gen.rst b/docs/devel/qapi-code-gen.rst
> index d684c7c24d..45b0da448d 100644
> --- a/docs/devel/qapi-code-gen.rst
> +++ b/docs/devel/qapi-code-gen.rst
> @@ -227,7 +227,7 @@ optional 'prefix' member overrides PREFIX.
>  
>  The generated C enumeration constants have values 0, 1, ..., N-1 (in
>  QAPI schema order), where N is the number of values.  There is an
> -additional enumeration constant PREFIX__MAX with value N.
> +additional definition constant PREFIX__MAX with value N.
>  
>  Do not use string or an integer type when an enumeration type can do
>  the job satisfactorily.
> @@ -1825,7 +1825,7 @@ Example::
>  
>  typedef enum example_QAPIEvent {
>  EXAMPLE_QAPI_EVENT_MY_EVENT,
> -EXAMPLE_QAPI_EVENT__MAX,
> +#define EXAMPLE_QAPI_EVENT__MAX 1
>  } example_QAPIEvent;
>  
>  #define example_QAPIEvent_str(val) \
> diff --git a/scripts/qapi/types.py b/scripts/qapi/types.py
> index 7a7be7315f..6459a6f925 100644
> --- a/scripts/qapi/types.py
> +++ b/scripts/qapi/types.py
> @@ -88,16 +88,13 @@ def gen_enum(name: str,
>   members: List[QAPISchemaEnumMember],
>   prefix: Optional[str] = None) -> str:
>  assert members
> -# append automatically generated _MAX value
> -enum_members = members + [QAPISchemaEnumMember('_MAX', None)]
> -
>  ret = mcgen('''
>  
>  typedef enum %(c_name)s {
>  ''',
>  c_name=c_name(name))
>  
> -for memb in enum_members:
> +for memb in members:
>  ret += memb.ifcond.gen_if()
>  ret += mcgen('''
>  %(c_enum)s,
> @@ -105,6 +102,12 @@ def gen_enum(name: str,
>   c_enum=c_enum_const(name, memb.name, prefix))
>  ret += memb.ifcond.gen_endif()
>  
> +ret += mcgen('''
> +#define %(c_name)s %(c_length)s
> +''',
> + c_name=c_enum_const(name, '_MAX', prefix),
> + c_length=len(members))
> +
>  ret += mcgen('''
>  } %(c_name)s;
>  ''',
> diff --git a/scripts/qapi/visit.py b/scripts/qapi/visit.py
> index 26a584ee4c..f66a31a963 100644
> --- a/scripts/qapi/visit.py
> +++ b/scripts/qapi/visit.py
> @@ -159,8 +159,6 @@ def gen_visit_object_members(name: str,
>  
>  ret += var.ifcond.gen_endif()
>  ret += mcgen('''
> -default:
> -abort();
>  }
>  ''')
>  
> diff --git a/audio/audio_template.h b/audio/audio_template.h
> index e42326c20d..d545c03afb 100644
> --- a/audio/audio_template.h
> +++ b/audio/audio_template.h
> @@ -376,9 +376,6 @@ AudiodevPerDirectionOptions *glue(audio_get_pdo_, 
> TYPE)(Audiodev *dev)
>  #endif
>  case AUDIODEV_DRIVER_WAV:
>  return dev->u.wav.TYPE;
> -
> -case AUDIODEV_DRIVER__MAX:
> -break;
>  }
>  abort();
>  }
> diff --git a/audio/audio.c b/audio/audio.c
> index 70b096713c..ea372288eb 100644
> --- a/audio/audio.c
> +++ b/audio/audio.c
> @@

RE: [PATCH v2 28/32] contrib/gitdm: add Amazon to the domain map

2023-03-15 Thread Durrant, Paul 
> -Original Message-
> From: Alex Bennée 
> Sent: 15 March 2023 17:43
> To: qemu-devel@nongnu.org
> Cc: Akihiko Odaki ; Marc-André Lureau
> ; qemu-ri...@nongnu.org; Riku Voipio
> ; Igor Mammedov ; Xiao Guangrong
> ; Thomas Huth ; Wainer dos
> Santos Moschetta ; Dr. David Alan Gilbert
> ; Alex Williamson ; Hao
> Wu ; Cleber Rosa ; Daniel Henrique
> Barboza ; Jan Kiszka ; Aurelien
> Jarno ; qemu-...@nongnu.org; Marcelo Tosatti
> ; Eduardo Habkost ; Alexandre
> Iooss ; Gerd Hoffmann ; Palmer
> Dabbelt ; Ilya Leoshkevich ; qemu-
> p...@nongnu.org; Juan Quintela ; Cédric Le Goater
> ; Darren Kenny ;
> k...@vger.kernel.org; Marcel Apfelbaum ; Peter
> Maydell ; Richard Henderson
> ; Stafford Horne ; Weiwei
> Li ; Sunil V L ; Stefan
> Hajnoczi ; Thomas Huth ; Vijai
> Kumar K ; Liu Zhiwei
> ; David Gibson
> ; Song Gao ; Paolo
> Bonzini ; Michael S. Tsirkin ; Niek
> Linnenbank ; Greg Kurz ; Laurent
> Vivier ; Qiuhao Li ; Philippe
> Mathieu-Daudé ; Xiaojuan Yang
> ; Mahmoud Mandour ;
> Alexander Bulekov ; Jiaxun Yang ;
> qemu-bl...@nongnu.org; Yanan Wang ; David
> Woodhouse ; qemu-s3...@nongnu.org; Strahinja Jankovic
> ; Bandan Das ; Alistair
> Francis ; Aleksandar Rikalo
> ; Tyrone Ting ; Kevin
> Wolf ; David Hildenbrand ; Beraldo
> Leal ; Beniamino Galvani ; Paul
> Durrant ; Bin Meng ; Sunil
> Muthuswamy ; Hanna Reitz ;
> Peter Xu ; Alex Bennée ; Graf
> (AWS), Alexander ; Durrant, Paul ;
> Woodhouse, David 
> Subject: [EXTERNAL] [PATCH v2 28/32] contrib/gitdm: add Amazon to the
> domain map
> 
> CAUTION: This email originated from outside of the organization. Do not
> click links or open attachments unless you can confirm the sender and know
> the content is safe.
> 
> 
> 
> We have multiple contributors from both .co.uk and .com versions of
> the address.
> 
> Signed-off-by: Alex Bennée 
> Cc: Alexander Graf 
> Cc: Paul Durrant 
> Cc: David Wooodhouse 
> Reviewed-by: Philippe Mathieu-Daudé 
> Message-Id: <20230310180332.2274827-7-alex.ben...@linaro.org>
> ---
>  contrib/gitdm/domain-map | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/contrib/gitdm/domain-map b/contrib/gitdm/domain-map
> index 4a988c5b5f..8dce276a1c 100644
> --- a/contrib/gitdm/domain-map
> +++ b/contrib/gitdm/domain-map
> @@ -4,6 +4,8 @@
>  # This maps email domains to nice easy to read company names
>  #
> 
> +amazon.com  Amazon
> +amazon.co.ukAmazon

You might want 'amazon.de' too but as far as it goes...

Reviewed-by: Paul Durrant 

>  amd.com AMD
>  aspeedtech.com  ASPEED Technology Inc.
>  baidu.com   Baidu
> --
> 2.39.2

RE: [PATCH v5 04/16] hw/9pfs: Implement Windows specific xxxdir() APIs

2023-03-15 Thread Shi, Guohuai 



> -Original Message-
> From: Christian Schoenebeck 
> Sent: Wednesday, March 15, 2023 00:06
> To: Greg Kurz ; qemu-devel@nongnu.org
> Cc: Shi, Guohuai ; Meng, Bin
> 
> Subject: Re: [PATCH v5 04/16] hw/9pfs: Implement Windows specific xxxdir()
> APIs
> 
> CAUTION: This email comes from a non Wind River email account!
> Do not click links or open attachments unless you recognize the sender and
> know the content is safe.
> 
> On Monday, February 20, 2023 11:08:03 AM CET Bin Meng wrote:
> > From: Guohuai Shi 
> >
> > This commit implements Windows specific xxxdir() APIs for safety
> > directory access.
> 
> That comment is seriously too short for this patch.
> 
> 1. You should describe the behaviour implementation that you have chosen and
> why you have chosen it.
> 
> 2. Like already said in the previous version of the patch, you should place a
> link to the discussion we had on this issue.
> 
> > Signed-off-by: Guohuai Shi 
> > Signed-off-by: Bin Meng 
> > ---
> >
> >  hw/9pfs/9p-util.h   |   6 +
> >  hw/9pfs/9p-util-win32.c | 443
> > 
> >  2 files changed, 449 insertions(+)
> >
> > diff --git a/hw/9pfs/9p-util.h b/hw/9pfs/9p-util.h index
> > 0f159fb4ce..c1c251fbd1 100644
> > --- a/hw/9pfs/9p-util.h
> > +++ b/hw/9pfs/9p-util.h
> > @@ -141,6 +141,12 @@ int unlinkat_win32(int dirfd, const char
> > *pathname, int flags);  int statfs_win32(const char *root_path, struct
> > statfs *stbuf);  int openat_dir(int dirfd, const char *name);  int
> > openat_file(int dirfd, const char *name, int flags, mode_t mode);
> > +DIR *opendir_win32(const char *full_file_name); int
> > +closedir_win32(DIR *pDir); struct dirent *readdir_win32(DIR *pDir);
> > +void rewinddir_win32(DIR *pDir); void seekdir_win32(DIR *pDir, long
> > +pos); long telldir_win32(DIR *pDir);
> >  #endif
> >
> >  static inline void close_preserve_errno(int fd) diff --git
> > a/hw/9pfs/9p-util-win32.c b/hw/9pfs/9p-util-win32.c index
> > a99d579a06..e9408f3c45 100644
> > --- a/hw/9pfs/9p-util-win32.c
> > +++ b/hw/9pfs/9p-util-win32.c
> > @@ -37,6 +37,16 @@
> >   *Windows does not support opendir, the directory fd is created by
> >   *CreateFile and convert to fd by _open_osfhandle(). Keep the fd open
> will
> >   *lock and protect the directory (can not be modified or replaced)
> > + *
> > + * 5. Neither Windows native APIs, nor MinGW provide a POSIX compatible
> API for
> > + *acquiring directory entries in a safe way. Calling those APIs
> (native
> > + *_findfirst() and _findnext() or MinGW's readdir(), seekdir() and
> > + *telldir()) directly can lead to an inconsistent state if directory
> is
> > + *modified in between, e.g. the same directory appearing more than
> once
> > + *in output, or directories not appearing at all in output even though
> they
> > + *were neither newly created nor deleted. POSIX does not define what
> happens
> > + *with deleted or newly created directories in between, but it
> guarantees a
> > + *consistent state.
> >   */
> >
> >  #include "qemu/osdep.h"
> > @@ -51,6 +61,25 @@
> >
> >  #define V9FS_MAGIC  0x53465039  /* string "9PFS" */
> >
> > +/*
> > + * MinGW and Windows does not provide a safe way to seek directory
> > +while other
> > + * thread is modifying the same directory.
> > + *
> > + * This structure is used to store sorted file id and ensure
> > +directory seek
> > + * consistency.
> > + */
> > +struct dir_win32 {
> > +struct dirent dd_dir;
> > +uint32_t offset;
> > +uint32_t total_entries;
> > +HANDLE hDir;
> > +uint32_t dir_name_len;
> > +uint64_t dot_id;
> > +uint64_t dot_dot_id;
> > +uint64_t *file_id_list;
> > +char dd_name[1];
> > +};
> > +
> >  /*
> >   * win32_error_to_posix - convert Win32 error to POSIX error number
> >   *
> > @@ -977,3 +1006,417 @@ int qemu_mknodat(int dirfd, const char *filename,
> mode_t mode, dev_t dev)
> >  errno = ENOTSUP;
> >  return -1;
> >  }
> > +
> > +static int file_id_compare(const void *id_ptr1, const void *id_ptr2)
> > +{
> > +uint64_t id[2];
> > +
> > +id[0] = *(uint64_t *)id_ptr1;
> > +id[1] = *(uint64_t *)id_ptr2;
> > +
> > +if (id[0] > id[1]) {
> > +return 1;
> > +} else if (id[0] < id[1]) {
> > +return -1;
> > +} else {
> > +return 0;
> > +}
> > +}
> > +
> > +static int get_next_entry(struct dir_win32 *stream) {
> > +HANDLE hDirEntry = INVALID_HANDLE_VALUE;
> > +char *entry_name;
> > +char *entry_start;
> > +FILE_ID_DESCRIPTOR fid;
> > +DWORD attribute;
> > +
> > +if (stream->file_id_list[stream->offset] == stream->dot_id) {
> > +strcpy(stream->dd_dir.d_name, ".");
> > +return 0;
> > +}
> > +
> > +if (stream->file_id_list[stream->offset] == stream->dot_dot_id) {
> > +strcpy(stream->dd_dir.d_name, "..");
> > +return 0;
> > +}
> > +
> > +fid.dwSize = sizeof(fid);
> > +fid.Type = FileIdType;
> > +
> > +

Re: [RFC 1/2] block: Split padded I/O vectors exceeding IOV_MAX

2023-03-15 Thread Stefan Hajnoczi 
On Wed, Mar 15, 2023 at 01:13:29PM +0100, Hanna Czenczek wrote:
> When processing vectored guest requests that are not aligned to the
> storage request alignment, we pad them by adding head and/or tail
> buffers for a read-modify-write cycle.
> 
> The guest can submit I/O vectors up to IOV_MAX (1024) in length, but
> with this padding, the vector can exceed that limit.  As of
> 4c002cef0e9abe7135d7916c51abce47f7fc1ee2 ("util/iov: make
> qemu_iovec_init_extended() honest"), we refuse to pad vectors beyond the
> limit, instead returning an error to the guest.
> 
> To the guest, this appears as a random I/O error.  We should not return
> an I/O error to the guest when it issued a perfectly valid request.
> 
> Before 4c002cef0e9abe7135d7916c51abce47f7fc1ee2, we just made the vector
> longer than IOV_MAX, which generally seems to work (because the guest
> assumes a smaller alignment than we really have, file-posix's
> raw_co_prw() will generally see bdrv_qiov_is_aligned() return false, and
> so emulate the request, so that the IOV_MAX does not matter).  However,
> that does not seem exactly great.
> 
> I see two ways to fix this problem:
> 1. We split such long requests into two requests.
> 2. We join some elements of the vector into new buffers to make it
>shorter.
> 
> I am wary of (1), because it seems like it may have unintended side
> effects.
> 
> (2) on the other hand seems relatively simple to implement, with
> hopefully few side effects, so this patch does that.

Looks like a reasonable solution. I think the code is correct and I
posted ideas for making it easier to understand.

> 
> Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2141964
> Signed-off-by: Hanna Czenczek 
> ---
>  block/io.c | 139 ++---
>  util/iov.c |   4 --
>  2 files changed, 133 insertions(+), 10 deletions(-)
> 
> diff --git a/block/io.c b/block/io.c
> index 8974d46941..ee226d23d6 100644
> --- a/block/io.c
> +++ b/block/io.c
> @@ -1435,6 +1435,12 @@ out:
>   * @merge_reads is true for small requests,
>   * if @buf_len == @head + bytes + @tail. In this case it is possible that 
> both
>   * head and tail exist but @buf_len == align and @tail_buf == @buf.
> + *
> + * @write is true for write requests, false for read requests.
> + *
> + * If padding makes the vector too long (exceeding IOV_MAX), then we need to
> + * merge existing vector elements into a single one.  @collapse_buf acts as 
> the
> + * bounce buffer in such cases.
>   */
>  typedef struct BdrvRequestPadding {
>  uint8_t *buf;
> @@ -1443,11 +1449,17 @@ typedef struct BdrvRequestPadding {
>  size_t head;
>  size_t tail;
>  bool merge_reads;
> +bool write;
>  QEMUIOVector local_qiov;
> +
> +uint8_t *collapse_buf;
> +size_t collapse_len;
> +QEMUIOVector collapsed_qiov;
>  } BdrvRequestPadding;
>  
>  static bool bdrv_init_padding(BlockDriverState *bs,
>int64_t offset, int64_t bytes,
> +  bool write,
>BdrvRequestPadding *pad)
>  {
>  int64_t align = bs->bl.request_alignment;
> @@ -1479,9 +1491,101 @@ static bool bdrv_init_padding(BlockDriverState *bs,
>  pad->tail_buf = pad->buf + pad->buf_len - align;
>  }
>  
> +pad->write = write;
> +
>  return true;
>  }
>  
> +/*
> + * If padding has made the IOV (`pad->local_qiov`) too long (more than 
> IOV_MAX
> + * elements), collapse some elements into a single one so that it adheres to 
> the
> + * IOV_MAX limit again.
> + *
> + * If collapsing, `pad->collapse_buf` will be used as a bounce buffer of 
> length
> + * `pad->collapse_len`.  `pad->collapsed_qiov` will contain the previous 
> entries
> + * (before collapsing), so that bdrv_padding_destroy() can copy the bounce
> + * buffer content back for read requests.

The distinction between "collapse" and "collapsed" is subtle. I didn't
guess it right, I thought collapsed_qiov is a QEMUIOVector for
collapse_buf/collapse_len.

Please choose a name for collapsed_qiov that makes this clearer. Maybe
pre_collapse_qiov (i.e. the local_qiov iovecs that were replaced by
bdrv_padding_collapse)?

> + *
> + * Note that we will not touch the padding head or tail entries here.  We 
> cannot
> + * move them to a bounce buffer, because for RMWs, both head and tail expect 
> to
> + * be in an aligned buffer with scratch space after (head) or before (tail) 
> to
> + * perform the read into (because the whole buffer must be aligned, but 
> head's
> + * and tail's lengths naturally cannot be aligned, because they provide 
> padding
> + * for unaligned requests).  A collapsed bounce buffer for multiple IOV 
> elements
> + * cannot provide such scratch space.

As someone who hasn't looked at this code for a while, I don't
understand this paragraph. Can you expand on why RMW is problematic
here? If not, don't worry, it's hard to explain iov juggling.

> + *
> + * Therefore, this function collapses

Re: [PATCH RESEND v2 2/2] migration/xbzrle: fix out-of-bounds write with axv512

2023-03-15 Thread Dr. David Alan Gilbert 
* Matheus Tavares Bernardino (quic_mathb...@quicinc.com) wrote:
> xbzrle_encode_buffer_avx512() checks for overflows too scarcely in its
> outer loop, causing out-of-bounds writes:
> 
> $ ../configure --target-list=aarch64-softmmu --enable-sanitizers 
> --enable-avx512bw
> $ make tests/unit/test-xbzrle && ./tests/unit/test-xbzrle
> 
> ==5518==ERROR: AddressSanitizer: heap-buffer-overflow on address 
> 0x6210b100 at pc 0x561109a7714d bp 0x7ffed712a440 sp 0x7ffed712a430
> WRITE of size 1 at 0x6210b100 thread T0
> #0 0x561109a7714c in uleb128_encode_small ../util/cutils.c:831
> #1 0x561109b67f6a in xbzrle_encode_buffer_avx512 ../migration/xbzrle.c:275
> #2 0x5611099a7428 in test_encode_decode_overflow 
> ../tests/unit/test-xbzrle.c:153
> #3 0x7fb2fb65a58d  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7a58d)
> #4 0x7fb2fb65a333  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7a333)
> #5 0x7fb2fb65aa79 in g_test_run_suite 
> (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7aa79)
> #6 0x7fb2fb65aa94 in g_test_run 
> (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7aa94)
> #7 0x5611099a3a23 in main ../tests/unit/test-xbzrle.c:218
> #8 0x7fb2fa78c082 in __libc_start_main 
> (/lib/x86_64-linux-gnu/libc.so.6+0x24082)
> #9 0x5611099a608d in _start (/qemu/build/tests/unit/test-xbzrle+0x28408d)
> 
> 0x6210b100 is located 0 bytes to the right of 4096-byte region 
> [0x6210a100,0x6210b100)
> allocated by thread T0 here:
> #0 0x7fb2fb823a06 in __interceptor_calloc 
> ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153
> #1 0x7fb2fb637ef0 in g_malloc0 
> (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57ef0)
> 
> Fix that by performing the overflow check in the inner loop, instead.
> 
> Signed-off-by: Matheus Tavares Bernardino 
> ---
>  migration/xbzrle.c | 7 +++
>  1 file changed, 3 insertions(+), 4 deletions(-)
> 
> diff --git a/migration/xbzrle.c b/migration/xbzrle.c
> index 21b92d4eae..c6f8b20917 100644
> --- a/migration/xbzrle.c
> +++ b/migration/xbzrle.c
> @@ -197,10 +197,6 @@ int xbzrle_encode_buffer_avx512(uint8_t *old_buf, 
> uint8_t *new_buf, int slen,
>  __m512i r = _mm512_set1_epi32(0);
>  
>  while (count512s) {
> -if (d + 2 > dlen) {
> -return -1;
> -}
> -
>  int bytes_to_check = 64;
>  uint64_t mask = 0x;
>  if (count512s == 1) {
> @@ -216,6 +212,9 @@ int xbzrle_encode_buffer_avx512(uint8_t *old_buf, uint8_t 
> *new_buf, int slen,
>  
>  bool is_same = (comp & 0x1);
>  while (bytes_to_check) {
> +if (d + 2 > dlen) {
> +return -1;
> +}

I agree that's better, so:

Reviewed-by: Dr. David Alan Gilbert 


but is it sufficient?
In that bytes_to_check loop there are 4 calls to uleb128_encode_small
with another one just off the end of the loop.
I've not figured out all the legal combos, but I'm pretty sure at least
a few can trigger in one iteration - so don't we need those checks
before ecah call?

Dave

>  if (is_same) {
>  if (nzrun_len) {
>  d += uleb128_encode_small(dst + d, nzrun_len);
> -- 
> 2.39.1
> 
-- 
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [PATCH 2/2] tests/tcg/s390x: Add rxsbg.c

2023-03-15 Thread Ilya Leoshkevich 
On Wed, 2023-03-15 at 19:12 +0100, Thomas Huth wrote:
> On 15/03/2023 00.34, Ilya Leoshkevich wrote:
> > Add a small test for RXSBG with T=1 to prevent regressions.
> > 
> > Signed-off-by: Ilya Leoshkevich 
> > ---
> >   tests/tcg/s390x/Makefile.target |  1 +
> >   tests/tcg/s390x/rxsbg.c | 25 +
> >   2 files changed, 26 insertions(+)
> >   create mode 100644 tests/tcg/s390x/rxsbg.c
> > 
> > diff --git a/tests/tcg/s390x/Makefile.target
> > b/tests/tcg/s390x/Makefile.target
> > index cf93b966862..b4d0d704534 100644
> > --- a/tests/tcg/s390x/Makefile.target
> > +++ b/tests/tcg/s390x/Makefile.target
> > @@ -29,6 +29,7 @@ TESTS+=clst
> >   TESTS+=long-double
> >   TESTS+=cdsg
> >   TESTS+=chrl
> > +TESTS+=rxsbg
> >   
> >   cdsg: CFLAGS+=-pthread
> >   cdsg: LDFLAGS+=-pthread
> > diff --git a/tests/tcg/s390x/rxsbg.c b/tests/tcg/s390x/rxsbg.c
> > new file mode 100644
> > index 000..b7f35411899
> > --- /dev/null
> > +++ b/tests/tcg/s390x/rxsbg.c
> > @@ -0,0 +1,25 @@
> > +/*
> > + * Smoke test RXSBG instruction with T=1.
> > + * SPDX-License-Identifier: GPL-2.0-or-later
> > + */
> > +#include 
> > +#include 
> > +
> > +int main(void)
> > +{
> > +    unsigned long r1, r2, cc;
> > +
> > +    r1 = 0xc8dc86a225a77bb4;
> > +    r2 = 0xd6aff24fa3e7320;
> > +    cc = 0;
> > +    asm("rxsbg %[r1],%[r2],177,43,228\n"
> > +    "ipm %[cc]"
> > +    : [cc] "+r" (cc)
> > +    : [r1] "r" (r1)
> > +    , [r2] "r" (r2)
> > +    : "cc");
> > +    cc = (cc >> 28) & 1;
> > +    assert(cc == 1);
> > +
> > +    return EXIT_SUCCESS;
> > +}
> 
> This also fails with Clang 15:
> tests/tcg/s390x/rxsbg.c:15:9: error: invalid operand for instruction
>  asm("rxsbg %[r1],%[r2],177,43,228\n"
>  ^
> :1:23: note: instantiated into assembly here
>  rxsbg %r1,%r2,177,43,228
>   ^
> 
>   Thomas
> 

This seems to be a clang bug. PoP says:

Bit 1 of the I3 field and bits 0-1 of the I4 field (bits 17
and 24-25 of the instruction) are reserved and should
contain zeros; otherwise, the program may not oper-
ate compatibly in the future. Bits 0-1 of the I5 field
(bits 32-33 of the instruction) are ignored.

But LLVM has:

imm32zx8:$I4, imm32zx6:$I5

which looks like a mixup (should be imm32zx6 + imm32zx8 IMHO).

I guess there is not much we can do about this at the moment, so I will
choose another constant for the test and send a v2.

Re: [RFC 1/2] block: Split padded I/O vectors exceeding IOV_MAX

2023-03-15 Thread Eric Blake 
On Wed, Mar 15, 2023 at 01:13:29PM +0100, Hanna Czenczek wrote:
> When processing vectored guest requests that are not aligned to the
> storage request alignment, we pad them by adding head and/or tail
> buffers for a read-modify-write cycle.
> 
> The guest can submit I/O vectors up to IOV_MAX (1024) in length, but
> with this padding, the vector can exceed that limit.  As of
> 4c002cef0e9abe7135d7916c51abce47f7fc1ee2 ("util/iov: make
> qemu_iovec_init_extended() honest"), we refuse to pad vectors beyond the
> limit, instead returning an error to the guest.
> 
> To the guest, this appears as a random I/O error.  We should not return
> an I/O error to the guest when it issued a perfectly valid request.
> 
> Before 4c002cef0e9abe7135d7916c51abce47f7fc1ee2, we just made the vector
> longer than IOV_MAX, which generally seems to work (because the guest
> assumes a smaller alignment than we really have, file-posix's
> raw_co_prw() will generally see bdrv_qiov_is_aligned() return false, and
> so emulate the request, so that the IOV_MAX does not matter).  However,
> that does not seem exactly great.
> 
> I see two ways to fix this problem:
> 1. We split such long requests into two requests.
> 2. We join some elements of the vector into new buffers to make it
>shorter.
> 
> I am wary of (1), because it seems like it may have unintended side
> effects.
> 
> (2) on the other hand seems relatively simple to implement, with
> hopefully few side effects, so this patch does that.

Agreed that approach 2 is more conservative.

> 
> Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2141964
> Signed-off-by: Hanna Czenczek 
> ---
>  block/io.c | 139 ++---
>  util/iov.c |   4 --
>  2 files changed, 133 insertions(+), 10 deletions(-)
>  
> +/*
> + * If padding has made the IOV (`pad->local_qiov`) too long (more than 
> IOV_MAX
> + * elements), collapse some elements into a single one so that it adheres to 
> the
> + * IOV_MAX limit again.
> + *
> + * If collapsing, `pad->collapse_buf` will be used as a bounce buffer of 
> length
> + * `pad->collapse_len`.  `pad->collapsed_qiov` will contain the previous 
> entries
> + * (before collapsing), so that bdrv_padding_destroy() can copy the bounce
> + * buffer content back for read requests.
> + *
> + * Note that we will not touch the padding head or tail entries here.  We 
> cannot
> + * move them to a bounce buffer, because for RMWs, both head and tail expect 
> to
> + * be in an aligned buffer with scratch space after (head) or before (tail) 
> to
> + * perform the read into (because the whole buffer must be aligned, but 
> head's
> + * and tail's lengths naturally cannot be aligned, because they provide 
> padding
> + * for unaligned requests).  A collapsed bounce buffer for multiple IOV 
> elements
> + * cannot provide such scratch space.
> + *
> + * Therefore, this function collapses the first IOV elements after the
> + * (potential) head element.

It looks like you blindly pick the first one or two non-padding iovs
at the front of the array.  Would it be any wiser (in terms of less
memmove() action or even a smaller bounce buffer) to pick iovs at the
end of the array, and/or a sequential search for the smallest
neighboring iovs?  Or is that a micro-optimization that costs more
than it saves?

Would it be any easier to swap the order of padding vs. collapsing?
That is, we already know the user is giving us a long list of iovs; if
it is 1024 elements long, and we can detect that padding will be
needed, should we collapse before padding instead of padding, finding
that we now have 1026, and memmove'ing back into 1024?

But logic-wise, your patch looks correct to me.

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [PATCH v2 2/2] linux-user/m68k: Handle EXCP_ADDRESS in cpu_loop

2023-03-15 Thread Laurent Vivier 

Le 09/03/2023 à 21:16, Richard Henderson a écrit :

This exception can be raised by illegal instructions.

Signed-off-by: Richard Henderson 
---
  linux-user/m68k/cpu_loop.c |  5 -
  tests/tcg/m68k/excp-address.c  | 32 
  tests/tcg/m68k/Makefile.target |  1 +
  3 files changed, 37 insertions(+), 1 deletion(-)
  create mode 100644 tests/tcg/m68k/excp-address.c

diff --git a/linux-user/m68k/cpu_loop.c b/linux-user/m68k/cpu_loop.c
index caead1cb74..84b5d290c0 100644
--- a/linux-user/m68k/cpu_loop.c
+++ b/linux-user/m68k/cpu_loop.c
@@ -35,7 +35,10 @@ void cpu_loop(CPUM68KState *env)
  cpu_exec_end(cs);
  process_queued_cpu_work(cs);
  
-switch(trapnr) {

+switch (trapnr) {
+case EXCP_ADDRESS:
+force_sig_fault(TARGET_SIGBUS, TARGET_BUS_ADRALN, env->pc);
+break;
  case EXCP_ILLEGAL:
  case EXCP_LINEA:
  case EXCP_LINEF:
diff --git a/tests/tcg/m68k/excp-address.c b/tests/tcg/m68k/excp-address.c
new file mode 100644
index 00..1dbdddef58
--- /dev/null
+++ b/tests/tcg/m68k/excp-address.c
@@ -0,0 +1,32 @@
+/*
+ * Test m68k address exception
+ */
+
+#define _GNU_SOURCE 1
+#include 
+#include 
+
+static void sig_handler(int sig, siginfo_t *si, void *puc)
+{
+exit(0);
+}
+
+int main(int argc, char **argv)
+{
+struct sigaction act = {
+.sa_sigaction = sig_handler,
+.sa_flags = SA_SIGINFO
+};
+
+sigaction(SIGBUS, &act, NULL);
+
+/*
+ * addl %d0,#0 -- with immediate as destination is illegal.
+ * Buggy qemu interpreted the insn as 5 words: 2 for immediate source
+ * and another 2 for immediate destination.  Provide all that padding
+ * so that abort gets called.
+ */
+asm volatile(".word 0xd1bc,0,0,0,0");
+
+abort();
+}
diff --git a/tests/tcg/m68k/Makefile.target b/tests/tcg/m68k/Makefile.target
index 1163c7ef03..d3b0bc48a3 100644
--- a/tests/tcg/m68k/Makefile.target
+++ b/tests/tcg/m68k/Makefile.target
@@ -4,6 +4,7 @@
  #
  
  VPATH += $(SRC_PATH)/tests/tcg/m68k

+TESTS += excp-address
  TESTS += trap
  
  # On m68k Linux supports 4k and 8k pages (but 8k is currently broken)


Reviewed-by: Laurent Vivier 

I've tested tests/tcg/m68k/excp-address.c on a real hardware (Q800), and the result differs from the 
one from QEMU:


On Q800 (etch m68k, kernel 5.14.0):

$ ./excp-address
Illegal instruction
$ strace ./excp-address
...
rt_sigaction(SIGBUS, {0x8478, [], SA_SIGINFO}, NULL, 8) = 0
--- SIGILL (Illegal instruction) @ 0 (0) ---
+++ killed by SIGILL +++

With QEMU, we have:

# QEMU_STRACE= ./excp-address
...
677354 rt_sigaction(SIGBUS,0x40800454,NULL) = 0
--- SIGBUS {si_signo=SIGBUS, si_code=1, si_addr=0x84ce} ---
677354 exit_group(0)

Thanks,
Laurent

[PATCH 2/2] linux-user: Improve strace output of pread64() and pwrite64()

2023-03-15 Thread Helge Deller 
Make the strace look nicer for those two syscalls.

Signed-off-by: Helge Deller 
---
 linux-user/strace.c| 19 +++
 linux-user/strace.list |  4 ++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index aad2b62ca4..669200c4a4 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -3999,6 +3999,25 @@ print_tgkill(CPUArchState *cpu_env, const struct 
syscallname *name,
 }
 #endif

+#if defined(TARGET_NR_pread64) || defined(TARGET_NR_pwrite64)
+static void
+print_pread64(CPUArchState *cpu_env, const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+if (regpairs_aligned(cpu_env, TARGET_NR_pread64)) {
+arg3 = arg4;
+arg4 = arg5;
+}
+print_syscall_prologue(name);
+print_raw_param("%d", arg0, 0);
+print_pointer(arg1, 0);
+print_raw_param("%d", arg2, 0);
+print_raw_param("%" PRIu64, target_offset64(arg3, arg4), 1);
+print_syscall_epilogue(name);
+}
+#endif
+
 #ifdef TARGET_NR_statx
 static void
 print_statx(CPUArchState *cpu_env, const struct syscallname *name,
diff --git a/linux-user/strace.list b/linux-user/strace.list
index c7808ea118..6655d4f26d 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -1068,7 +1068,7 @@
 { TARGET_NR_prctl, "prctl" , NULL, NULL, NULL },
 #endif
 #ifdef TARGET_NR_pread64
-{ TARGET_NR_pread64, "pread64" , NULL, NULL, NULL },
+{ TARGET_NR_pread64, "pread64" , NULL, print_pread64, NULL },
 #endif
 #ifdef TARGET_NR_preadv
 { TARGET_NR_preadv, "preadv" , NULL, NULL, NULL },
@@ -1099,7 +1099,7 @@
 { TARGET_NR_putpmsg, "putpmsg" , NULL, NULL, NULL },
 #endif
 #ifdef TARGET_NR_pwrite64
-{ TARGET_NR_pwrite64, "pwrite64" , NULL, NULL, NULL },
+{ TARGET_NR_pwrite64, "pwrite64" , NULL, print_pread64, NULL },
 #endif
 #ifdef TARGET_NR_pwritev
 { TARGET_NR_pwritev, "pwritev" , NULL, NULL, NULL },
--
2.38.1

[PATCH 1/2] linux-user: Fix mmap2() syscall on 32-bit targets to allow file mapping beyond 4GB

2023-03-15 Thread Helge Deller 
The mmap2() syscall allows 32-bit guests to specify the offset into a
file in page units (instead of bytes, as done by mmap(2)).
On physical machines this allows 32-bit applications to map such parts
of large files which are stored beyond the 4GB limit.

Allow the same behaviour when emulating 32-bit guests with qemu.

For that switch the mmap2() function to always take an abi_ullong
(64-bit) offset parameter for target_mmap() and mmap_frag() to avoid an
arithmetical overflow when shifing a 32-bit offset parameter by
12 bits (=PAGE_SHIFT) and thus possibly overflow the abi_ulong (32-bit)
type.

Signed-off-by: Helge Deller 
---
 linux-user/mmap.c  | 9 +
 linux-user/syscall.c   | 2 +-
 linux-user/user-mmap.h | 2 +-
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 28135c9e6a..1bd60e28e6 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -192,7 +192,7 @@ error:
 /* map an incomplete host page */
 static int mmap_frag(abi_ulong real_start,
  abi_ulong start, abi_ulong end,
- int prot, int flags, int fd, abi_ulong offset)
+ int prot, int flags, int fd, abi_ullong offset)
 {
 abi_ulong real_end, addr;
 void *host_start;
@@ -430,10 +430,11 @@ abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size, 
abi_ulong align)

 /* NOTE: all the constants are the HOST ones */
 abi_long target_mmap(abi_ulong start, abi_ulong len, int target_prot,
- int flags, int fd, abi_ulong offset)
+ int flags, int fd, abi_ullong offset)
 {
-abi_ulong ret, end, real_start, real_end, retaddr, host_offset, host_len,
+abi_ulong ret, end, real_start, real_end, retaddr, host_len,
   passthrough_start = -1, passthrough_end = -1;
+abi_ullong host_offset;
 int page_flags, host_prot;

 mmap_lock();
@@ -621,7 +622,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int 
target_prot,
 /* map the middle (easier) */
 if (real_start < real_end) {
 void *p;
-unsigned long offset1;
+off_t offset1;
 if (flags & MAP_ANONYMOUS)
 offset1 = 0;
 else
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 24cea6fb6a..e0a6550769 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -10137,7 +10137,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int 
num, abi_long arg1,
 #endif
 ret = target_mmap(arg1, arg2, arg3,
   target_to_host_bitmask(arg4, mmap_flags_tbl),
-  arg5, arg6 << MMAP_SHIFT);
+  arg5, ((abi_ullong)arg6) << MMAP_SHIFT);
 return get_errno(ret);
 #endif
 case TARGET_NR_munmap:
diff --git a/linux-user/user-mmap.h b/linux-user/user-mmap.h
index 480ce1c114..72e99000d9 100644
--- a/linux-user/user-mmap.h
+++ b/linux-user/user-mmap.h
@@ -20,7 +20,7 @@

 int target_mprotect(abi_ulong start, abi_ulong len, int prot);
 abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
- int flags, int fd, abi_ulong offset);
+ int flags, int fd, abi_ullong offset);
 int target_munmap(abi_ulong start, abi_ulong len);
 abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
abi_ulong new_size, unsigned long flags,
--
2.38.1

Re: [PATCH v2 12/12] tests/tcg/s390x: Test unaligned accesses

2023-03-15 Thread Ilya Leoshkevich 
On Wed, 2023-03-15 at 19:09 +0100, Thomas Huth wrote:
> On 13/03/2023 16.38, Ilya Leoshkevich wrote:
> > Add a number of small test that check whether accessing unaligned
> > addresses in various ways leads to a specification exception.
> > 
> > Run these test both in softmmu and user configurations; expect a
> > PGM
> > in one case and SIGILL in the other.
> > 
> > Signed-off-by: Ilya Leoshkevich 
> > ---
> ...
> > diff --git a/tests/tcg/s390x/ex-odd.S b/tests/tcg/s390x/ex-odd.S
> > new file mode 100644
> > index 000..0427c79d8a4
> > --- /dev/null
> > +++ b/tests/tcg/s390x/ex-odd.S
> > @@ -0,0 +1,17 @@
> > +/*
> > + * Test EXECUTEing a non-mapped odd address.
> > + *
> > + * SPDX-License-Identifier: GPL-2.0-or-later
> > + */
> > +#include "asm-const.h"
> > +
> > +#define
> > CODE   
> >     \
> > +    stringify_in_c(    lgrl
> > %r1,odd_addr;) \
> > +   
> > stringify_in_c(expected_old_pswa:;)
> >     \
> > +    stringify_in_c(    ex 0,%r1;)
> 
> This fails to compile with Clang 15:
> 
> $ make check-tcg
>    BUILD   s390x-softmmu guest-tests
> tests/tcg/s390x/pgm-specification.inc:21:49: error: unknown token in
> expression
>  lgrl %r1,odd_addr; expected_old_pswa:; ex 0,%r1;
>  ^
>   Thomas
> 

This should be "ex 0,0(%r1)". I will retest with clang and post a v3.

Re: [PATCH 2/2] tests/tcg/s390x: Add rxsbg.c

2023-03-15 Thread Thomas Huth 

On 15/03/2023 00.34, Ilya Leoshkevich wrote:

Add a small test for RXSBG with T=1 to prevent regressions.

Signed-off-by: Ilya Leoshkevich 
---
  tests/tcg/s390x/Makefile.target |  1 +
  tests/tcg/s390x/rxsbg.c | 25 +
  2 files changed, 26 insertions(+)
  create mode 100644 tests/tcg/s390x/rxsbg.c

diff --git a/tests/tcg/s390x/Makefile.target b/tests/tcg/s390x/Makefile.target
index cf93b966862..b4d0d704534 100644
--- a/tests/tcg/s390x/Makefile.target
+++ b/tests/tcg/s390x/Makefile.target
@@ -29,6 +29,7 @@ TESTS+=clst
  TESTS+=long-double
  TESTS+=cdsg
  TESTS+=chrl
+TESTS+=rxsbg
  
  cdsg: CFLAGS+=-pthread

  cdsg: LDFLAGS+=-pthread
diff --git a/tests/tcg/s390x/rxsbg.c b/tests/tcg/s390x/rxsbg.c
new file mode 100644
index 000..b7f35411899
--- /dev/null
+++ b/tests/tcg/s390x/rxsbg.c
@@ -0,0 +1,25 @@
+/*
+ * Smoke test RXSBG instruction with T=1.
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include 
+#include 
+
+int main(void)
+{
+unsigned long r1, r2, cc;
+
+r1 = 0xc8dc86a225a77bb4;
+r2 = 0xd6aff24fa3e7320;
+cc = 0;
+asm("rxsbg %[r1],%[r2],177,43,228\n"
+"ipm %[cc]"
+: [cc] "+r" (cc)
+: [r1] "r" (r1)
+, [r2] "r" (r2)
+: "cc");
+cc = (cc >> 28) & 1;
+assert(cc == 1);
+
+return EXIT_SUCCESS;
+}


This also fails with Clang 15:
tests/tcg/s390x/rxsbg.c:15:9: error: invalid operand for instruction
asm("rxsbg %[r1],%[r2],177,43,228\n"
^
:1:23: note: instantiated into assembly here
rxsbg %r1,%r2,177,43,228
 ^

 Thomas

Re: [PATCH v2 12/12] tests/tcg/s390x: Test unaligned accesses

2023-03-15 Thread Thomas Huth 

On 13/03/2023 16.38, Ilya Leoshkevich wrote:

Add a number of small test that check whether accessing unaligned
addresses in various ways leads to a specification exception.

Run these test both in softmmu and user configurations; expect a PGM
in one case and SIGILL in the other.

Signed-off-by: Ilya Leoshkevich 
---

...

diff --git a/tests/tcg/s390x/ex-odd.S b/tests/tcg/s390x/ex-odd.S
new file mode 100644
index 000..0427c79d8a4
--- /dev/null
+++ b/tests/tcg/s390x/ex-odd.S
@@ -0,0 +1,17 @@
+/*
+ * Test EXECUTEing a non-mapped odd address.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#include "asm-const.h"
+
+#define CODE   
\
+stringify_in_c(lgrl %r1,odd_addr;) 
\
+stringify_in_c(expected_old_pswa:;)
\
+stringify_in_c(ex 0,%r1;)


This fails to compile with Clang 15:

$ make check-tcg
  BUILD   s390x-softmmu guest-tests
tests/tcg/s390x/pgm-specification.inc:21:49: error: unknown token in expression
lgrl %r1,odd_addr; expected_old_pswa:; ex 0,%r1;
^
 Thomas

Re: [PATCH RESEND v2 1/2] migration/xbzrle: use ctz64 to avoid undefined result

2023-03-15 Thread Dr. David Alan Gilbert 
* Matheus Tavares Bernardino (quic_mathb...@quicinc.com) wrote:
> __builtin_ctzll() produces undefined results when the argument is 0.
> This can be seen through test-xbzrle, which produces the following
> warning:
> 
> ../migration/xbzrle.c:265: runtime error: passing zero to ctz(), which is not 
> a valid argument
> 
> Replace __builtin_ctzll() with our ctz64() wrapper which properly
> handles 0.
> 
> Signed-off-by: Matheus Tavares Bernardino 

Reviewed-by: Dr. David Alan Gilbert 

> ---
>  migration/xbzrle.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/migration/xbzrle.c b/migration/xbzrle.c
> index 05366e86c0..21b92d4eae 100644
> --- a/migration/xbzrle.c
> +++ b/migration/xbzrle.c
> @@ -12,6 +12,7 @@
>   */
>  #include "qemu/osdep.h"
>  #include "qemu/cutils.h"
> +#include "qemu/host-utils.h"
>  #include "xbzrle.h"
>  
>  /*
> @@ -233,7 +234,7 @@ int xbzrle_encode_buffer_avx512(uint8_t *old_buf, uint8_t 
> *new_buf, int slen,
>  break;
>  }
>  never_same = false;
> -num = __builtin_ctzll(~comp);
> +num = ctz64(~comp);
>  num = (num < bytes_to_check) ? num : bytes_to_check;
>  zrun_len += num;
>  bytes_to_check -= num;
> @@ -262,7 +263,7 @@ int xbzrle_encode_buffer_avx512(uint8_t *old_buf, uint8_t 
> *new_buf, int slen,
>  nzrun_len += 64;
>  break;
>  }
> -num = __builtin_ctzll(comp);
> +num = ctz64(comp);
>  num = (num < bytes_to_check) ? num : bytes_to_check;
>  nzrun_len += num;
>  bytes_to_check -= num;
> -- 
> 2.39.1
> 
-- 
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[PATCH v2 22/32] iotests: connect stdin to /dev/null when running tests

2023-03-15 Thread Alex Bennée 
From: Daniel P. Berrangé 

Currently the tests have their stdin inherited from the test harness,
meaning they are connected to a TTY. The QEMU processes spawned by
certain tests, however, modify TTY settings and if the test exits
abnormally the settings might not be restored.

The python test harness thus has some logic which will capture the
initial TTY settings and restore them once all tests are finished.

This does not, however, take into account the possibility of many
copies of the 'check' program running in parallel. With parallel
execution, a later invokation may save the TTY state that QEMU has
already modified, and thus restore bad state leaving the TTY
non-functional.

None of the I/O tests shnould actually be interactive requiring
user input and so they should not require a TTY at all. To avoid
this while TTY save/restore complexity we can connect the test
stdin to /dev/null instead.

Signed-off-by: Daniel P. Berrangé 
Reviewed-by: Thomas Huth 
Acked-by: Hanna Czenczek 
Tested-by: Thomas Huth 
Message-Id: <20230303160727.3977246-6-berra...@redhat.com>
Signed-off-by: Alex Bennée 
---
 tests/qemu-iotests/testrunner.py | 22 ++
 1 file changed, 2 insertions(+), 20 deletions(-)

diff --git a/tests/qemu-iotests/testrunner.py b/tests/qemu-iotests/testrunner.py
index e734800b3d..81519ed6e2 100644
--- a/tests/qemu-iotests/testrunner.py
+++ b/tests/qemu-iotests/testrunner.py
@@ -24,12 +24,10 @@
 import subprocess
 import contextlib
 import json
-import termios
 import shutil
 import sys
 from multiprocessing import Pool
-from contextlib import contextmanager
-from typing import List, Optional, Iterator, Any, Sequence, Dict, \
+from typing import List, Optional, Any, Sequence, Dict, \
 ContextManager
 
 from testenv import TestEnv
@@ -56,22 +54,6 @@ def file_diff(file1: str, file2: str) -> List[str]:
 return res
 
 
-# We want to save current tty settings during test run,
-# since an aborting qemu call may leave things screwed up.
-@contextmanager
-def savetty() -> Iterator[None]:
-isterm = sys.stdin.isatty()
-if isterm:
-fd = sys.stdin.fileno()
-attr = termios.tcgetattr(fd)
-
-try:
-yield
-finally:
-if isterm:
-termios.tcsetattr(fd, termios.TCSADRAIN, attr)
-
-
 class LastElapsedTime(ContextManager['LastElapsedTime']):
 """ Cache for elapsed time for tests, to show it during new test run
 
@@ -169,7 +151,6 @@ def __enter__(self) -> 'TestRunner':
 self._stack = contextlib.ExitStack()
 self._stack.enter_context(self.env)
 self._stack.enter_context(self.last_elapsed)
-self._stack.enter_context(savetty())
 return self
 
 def __exit__(self, exc_type: Any, exc_value: Any, traceback: Any) -> None:
@@ -294,6 +275,7 @@ def do_run_test(self, test: str, mp: bool) -> TestResult:
 t0 = time.time()
 with f_bad.open('w', encoding="utf-8") as f:
 with subprocess.Popen(args, cwd=str(f_test.parent), env=env,
+  stdin=subprocess.DEVNULL,
   stdout=f, stderr=subprocess.STDOUT) as proc:
 try:
 proc.wait()
-- 
2.39.2

[PATCH v2 11/32] tcg: Clear plugin_mem_cbs on TB exit

2023-03-15 Thread Alex Bennée 
From: Richard Henderson 

Do this in cpu_tb_exec (normal exit) and cpu_loop_exit (exception),
adjacent to where we reset can_do_io.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1381
Signed-off-by: Richard Henderson 
Message-Id: <20230310195252.210956-2-richard.hender...@linaro.org>
Signed-off-by: Alex Bennée 
---
 accel/tcg/cpu-exec-common.c | 2 ++
 accel/tcg/cpu-exec.c| 5 +
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/accel/tcg/cpu-exec-common.c b/accel/tcg/cpu-exec-common.c
index c7bc8c6efa..176ea57281 100644
--- a/accel/tcg/cpu-exec-common.c
+++ b/accel/tcg/cpu-exec-common.c
@@ -65,6 +65,8 @@ void cpu_loop_exit(CPUState *cpu)
 {
 /* Undo the setting in cpu_tb_exec.  */
 cpu->can_do_io = 1;
+/* Undo any setting in generated code.  */
+qemu_plugin_disable_mem_helpers(cpu);
 siglongjmp(cpu->jmp_env, 1);
 }
 
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 56aaf58b9d..c815f2dbfd 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -459,6 +459,7 @@ cpu_tb_exec(CPUState *cpu, TranslationBlock *itb, int 
*tb_exit)
 qemu_thread_jit_execute();
 ret = tcg_qemu_tb_exec(env, tb_ptr);
 cpu->can_do_io = 1;
+qemu_plugin_disable_mem_helpers(cpu);
 /*
  * TODO: Delay swapping back to the read-write region of the TB
  * until we actually need to modify the TB.  The read-only copy,
@@ -526,7 +527,6 @@ static void cpu_exec_exit(CPUState *cpu)
 if (cc->tcg_ops->cpu_exec_exit) {
 cc->tcg_ops->cpu_exec_exit(cpu);
 }
-QEMU_PLUGIN_ASSERT(cpu->plugin_mem_cbs == NULL);
 }
 
 void cpu_exec_step_atomic(CPUState *cpu)
@@ -580,7 +580,6 @@ void cpu_exec_step_atomic(CPUState *cpu)
 qemu_mutex_unlock_iothread();
 }
 assert_no_pages_locked();
-qemu_plugin_disable_mem_helpers(cpu);
 }
 
 /*
@@ -1004,7 +1003,6 @@ cpu_exec_loop(CPUState *cpu, SyncClocks *sc)
 
 cpu_loop_exec_tb(cpu, tb, pc, &last_tb, &tb_exit);
 
-QEMU_PLUGIN_ASSERT(cpu->plugin_mem_cbs == NULL);
 /* Try to align the host and virtual clocks
if the guest is in advance */
 align_clocks(sc, cpu);
@@ -1029,7 +1027,6 @@ static int cpu_exec_setjmp(CPUState *cpu, SyncClocks *sc)
 if (qemu_mutex_iothread_locked()) {
 qemu_mutex_unlock_iothread();
 }
-qemu_plugin_disable_mem_helpers(cpu);
 
 assert_no_pages_locked();
 }
-- 
2.39.2

[PATCH v2 25/32] iotests: remove the check-block.sh script

2023-03-15 Thread Alex Bennée 
From: Daniel P. Berrangé 

Now that meson directly invokes the individual I/O tests, the
check-block.sh wrapper script is no longer required.

Signed-off-by: Daniel P. Berrangé 
Reviewed-by: Thomas Huth 
Acked-by: Hanna Czenczek 
Tested-by: Thomas Huth 
Message-Id: <20230303160727.3977246-9-berra...@redhat.com>
Signed-off-by: Alex Bennée 
---
 tests/check-block.sh | 43 ---
 1 file changed, 43 deletions(-)
 delete mode 100755 tests/check-block.sh

diff --git a/tests/check-block.sh b/tests/check-block.sh
deleted file mode 100755
index 5de2c1ba0b..00
--- a/tests/check-block.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/sh
-
-if [ "$#" -eq 0 ]; then
-echo "Usage: $0 fmt..." >&2
-exit 99
-fi
-
-# Honor the SPEED environment variable, just like we do it for "meson test"
-format_list="$@"
-if [ "$SPEED" = "slow" ] || [ "$SPEED" = "thorough" ]; then
-group=
-else
-group="-g auto"
-fi
-
-skip() {
-echo "1..0 #SKIP $*"
-exit 0
-}
-
-if [ -z "$(find . -name 'qemu-system-*' -print)" ]; then
-skip "No qemu-system binary available ==> Not running the qemu-iotests."
-fi
-
-cd tests/qemu-iotests
-
-# QEMU_CHECK_BLOCK_AUTO is used to disable some unstable sub-tests
-export QEMU_CHECK_BLOCK_AUTO=1
-export PYTHONUTF8=1
-# If make was called with -jN we want to call ./check with -j N. Extract the
-# flag from MAKEFLAGS, so that if it absent (or MAKEFLAGS is not defined), JOBS
-# would be an empty line otherwise JOBS is prepared string of flag with value:
-# "-j N"
-# Note, that the following works even if make was called with "-j N" or even
-# "--jobs N", as all these variants becomes simply "-jN" in MAKEFLAGS variable.
-JOBS=$(echo "$MAKEFLAGS" | sed -n 's/\(^\|.* \)-j\([0-9]\+\)\( .*\|$\)/-j 
\2/p')
-
-ret=0
-for fmt in $format_list ; do
-${PYTHON} ./check $JOBS -tap -$fmt $group || ret=1
-done
-
-exit $ret
-- 
2.39.2

[PATCH v2 29/32] contrib/gitdm: add Alibaba to the domain-map

2023-03-15 Thread Alex Bennée 
This replaces the previous attempt to add c-sky.com. Group everything
under Alibaba now.

Added as requested by LIU Zhiwei.

Signed-off-by: Alex Bennée 
Acked-by: Guo Ren 
Reviewed-by: Xuan Zhuo 
Reviewed-by: LIU Zhiwei 
Message-Id: <20230310180332.2274827-8-alex.ben...@linaro.org>
---
 contrib/gitdm/domain-map| 1 +
 contrib/gitdm/group-map-alibaba | 7 +++
 gitdm.config| 1 +
 3 files changed, 9 insertions(+)
 create mode 100644 contrib/gitdm/group-map-alibaba

diff --git a/contrib/gitdm/domain-map b/contrib/gitdm/domain-map
index 8dce276a1c..0b6c77eee0 100644
--- a/contrib/gitdm/domain-map
+++ b/contrib/gitdm/domain-map
@@ -4,6 +4,7 @@
 # This maps email domains to nice easy to read company names
 #
 
+linux.alibaba.com Alibaba
 amazon.com  Amazon
 amazon.co.ukAmazon
 amd.com AMD
diff --git a/contrib/gitdm/group-map-alibaba b/contrib/gitdm/group-map-alibaba
new file mode 100644
index 00..0ebbe6b06e
--- /dev/null
+++ b/contrib/gitdm/group-map-alibaba
@@ -0,0 +1,7 @@
+#
+# Alibaba contributors including its subsidiaries 
+#
+
+# c-sky.com, now part of T-Head, wholly-owned entity of Alibaba Group
+ren_...@c-sky.com
+zhiwei_...@c-sky.com
diff --git a/gitdm.config b/gitdm.config
index 907ffde017..df4ba829ca 100644
--- a/gitdm.config
+++ b/gitdm.config
@@ -31,6 +31,7 @@ EmailMap contrib/gitdm/domain-map
 # identifiable corporate emails. Please keep this list sorted.
 #
 
+GroupMap contrib/gitdm/group-map-alibaba Alibaba
 GroupMap contrib/gitdm/group-map-cadence Cadence Design Systems
 GroupMap contrib/gitdm/group-map-codeweavers CodeWeavers
 GroupMap contrib/gitdm/group-map-facebook Facebook
-- 
2.39.2

[PATCH v2 13/32] include/qemu/plugin: Remove QEMU_PLUGIN_ASSERT

2023-03-15 Thread Alex Bennée 
From: Richard Henderson 

This macro is no longer used.

Signed-off-by: Richard Henderson 
Message-Id: <20230310195252.210956-4-richard.hender...@linaro.org>
Signed-off-by: Alex Bennée 
---
 include/qemu/plugin.h | 4 
 1 file changed, 4 deletions(-)

diff --git a/include/qemu/plugin.h b/include/qemu/plugin.h
index fb338ba576..e0ebedef84 100644
--- a/include/qemu/plugin.h
+++ b/include/qemu/plugin.h
@@ -59,8 +59,6 @@ get_plugin_meminfo_rw(qemu_plugin_meminfo_t i)
 #ifdef CONFIG_PLUGIN
 extern QemuOptsList qemu_plugin_opts;
 
-#define QEMU_PLUGIN_ASSERT(cond) g_assert(cond)
-
 static inline void qemu_plugin_add_opts(void)
 {
 qemu_add_opts(&qemu_plugin_opts);
@@ -252,8 +250,6 @@ void qemu_plugin_user_postfork(bool is_child);
 
 #else /* !CONFIG_PLUGIN */
 
-#define QEMU_PLUGIN_ASSERT(cond)
-
 static inline void qemu_plugin_add_opts(void)
 { }
 
-- 
2.39.2

[PATCH v2 09/32] include/exec: fix kerneldoc definition

2023-03-15 Thread Alex Bennée 
The kerneldoc processor complains about the mismatched variable name.
Fix it.

Message-Id: <20230310103123.2118519-11-alex.ben...@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
---
 include/exec/memory.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index 6fa0b071f0..15ade918ba 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -1738,7 +1738,7 @@ void memory_region_notify_iommu_one(IOMMUNotifier 
*notifier,
  *
  * @notifier: the notifier to be notified
  */
-void memory_region_unmap_iommu_notifier_range(IOMMUNotifier *n);
+void memory_region_unmap_iommu_notifier_range(IOMMUNotifier *notifier);
 
 
 /**
-- 
2.39.2

[PATCH v2 23/32] iotests: always use a unique sub-directory per test

2023-03-15 Thread Alex Bennée 
From: Daniel P. Berrangé 

The current test runner is only safe against parallel execution within
a single instance of the 'check' process, and only if -j is given a
value greater than 2. This prevents running multiple copies of the
'check' process for different test scenarios.

This change switches the output / socket directories to always include
the test name, image format and image protocol. This should allow full
parallelism of all distinct test scenarios. eg running both qcow2 and
raw tests at the same time, or both file and nbd tests at the same
time.

It would be possible to allow for parallelism of the same test scenario
by including the pid, but that would potentially let many directories
accumulate over time on failures, so is not done.

Signed-off-by: Daniel P. Berrangé 
Reviewed-by: Thomas Huth 
Acked-by: Hanna Czenczek 
Tested-by: Thomas Huth 
Message-Id: <20230303160727.3977246-7-berra...@redhat.com>
Signed-off-by: Alex Bennée 
---
 tests/qemu-iotests/testrunner.py | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/tests/qemu-iotests/testrunner.py b/tests/qemu-iotests/testrunner.py
index 81519ed6e2..7b322272e9 100644
--- a/tests/qemu-iotests/testrunner.py
+++ b/tests/qemu-iotests/testrunner.py
@@ -228,13 +228,11 @@ def find_reference(self, test: str) -> str:
 
 return f'{test}.out'
 
-def do_run_test(self, test: str, mp: bool) -> TestResult:
+def do_run_test(self, test: str) -> TestResult:
 """
 Run one test
 
 :param test: test file path
-:param mp: if true, we are in a multiprocessing environment, use
-   personal subdirectories for test run
 
 Note: this method may be called from subprocess, so it does not
 change ``self`` object in any way!
@@ -257,12 +255,14 @@ def do_run_test(self, test: str, mp: bool) -> TestResult:
 
 args = [str(f_test.resolve())]
 env = self.env.prepare_subprocess(args)
-if mp:
-# Split test directories, so that tests running in parallel don't
-# break each other.
-for d in ['TEST_DIR', 'SOCK_DIR']:
-env[d] = os.path.join(env[d], f_test.name)
-Path(env[d]).mkdir(parents=True, exist_ok=True)
+
+# Split test directories, so that tests running in parallel don't
+# break each other.
+for d in ['TEST_DIR', 'SOCK_DIR']:
+env[d] = os.path.join(
+env[d],
+f"{self.env.imgfmt}-{self.env.imgproto}-{f_test.name}")
+Path(env[d]).mkdir(parents=True, exist_ok=True)
 
 test_dir = env['TEST_DIR']
 f_bad = Path(test_dir, f_test.name + '.out.bad')
@@ -347,7 +347,7 @@ def run_test(self, test: str,
 testname = os.path.basename(test)
 print(f'# running {self.env.imgfmt} {testname}')
 
-res = self.do_run_test(test, mp)
+res = self.do_run_test(test)
 
 end = datetime.datetime.now().strftime('%H:%M:%S')
 self.test_print_one_line(test=test,
-- 
2.39.2

[PATCH v2 08/32] tests/tcg: disable pauth for aarch64 gdb tests

2023-03-15 Thread Alex Bennée 
You need a very new gdb to be able to run with pauth support otherwise
your likely to hit asserts and aborts. Disable pauth for now until we
can properly probe support in gdb.

Message-Id: <20230310103123.2118519-10-alex.ben...@linaro.org>
Reviewed-by: Richard Henderson 
Signed-off-by: Alex Bennée 
---
 tests/tcg/aarch64/Makefile.target | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/tcg/aarch64/Makefile.target 
b/tests/tcg/aarch64/Makefile.target
index 9e91a20b0d..8ffde3b0ed 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -84,6 +84,8 @@ TESTS += sha512-vector
 ifeq ($(HOST_GDB_SUPPORTS_ARCH),y)
 GDB_SCRIPT=$(SRC_PATH)/tests/guest-debug/run-test.py
 
+run-gdbstub-%: QEMU_OPTS=-cpu max,pauth=off
+
 run-gdbstub-sysregs: sysregs
$(call run-test, $@, $(GDB_SCRIPT) \
--gdb $(HAVE_GDB_BIN) \
-- 
2.39.2

[PATCH v2 31/32] contrib/gitdm: add more individual contributors

2023-03-15 Thread Alex Bennée 
I've only added the names explicitly acked.

Signed-off-by: Alex Bennée 
Cc: Bernhard Beschow 
Cc: Amarjargal Gundjalam 
Cc: Bin Meng 
Cc: Jason A. Donenfeld 
Cc: Strahinja Jankovic 
Acked-by: Bernhard Beschow 
Message-Id: <20230310180332.2274827-10-alex.ben...@linaro.org>
---
 contrib/gitdm/group-map-individuals | 1 +
 1 file changed, 1 insertion(+)

diff --git a/contrib/gitdm/group-map-individuals 
b/contrib/gitdm/group-map-individuals
index e2263a5ee3..3264c7383d 100644
--- a/contrib/gitdm/group-map-individuals
+++ b/contrib/gitdm/group-map-individuals
@@ -38,3 +38,4 @@ p...@nowt.org
 g...@xen0n.name
 si...@simonsafar.com
 research_tra...@irq.a4lg.com
+shen...@gmail.com
-- 
2.39.2

[PATCH v2 12/32] tcg: Drop plugin_gen_disable_mem_helpers from tcg_gen_exit_tb

2023-03-15 Thread Alex Bennée 
From: Richard Henderson 

Now that we call qemu_plugin_disable_mem_helpers in cpu_tb_exec,
we don't need to do this in generated code as well.

Signed-off-by: Richard Henderson 
Message-Id: <20230310195252.210956-3-richard.hender...@linaro.org>
Signed-off-by: Alex Bennée 
---
 tcg/tcg-op.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
index ddab20a6a6..3136cef81a 100644
--- a/tcg/tcg-op.c
+++ b/tcg/tcg-op.c
@@ -2808,7 +2808,6 @@ void tcg_gen_exit_tb(const TranslationBlock *tb, unsigned 
idx)
 tcg_debug_assert(idx == TB_EXIT_REQUESTED);
 }
 
-plugin_gen_disable_mem_helpers();
 tcg_gen_op1i(INDEX_op_exit_tb, val);
 }
 
-- 
2.39.2

[PATCH v2 28/32] contrib/gitdm: add Amazon to the domain map

2023-03-15 Thread Alex Bennée 
We have multiple contributors from both .co.uk and .com versions of
the address.

Signed-off-by: Alex Bennée 
Cc: Alexander Graf 
Cc: Paul Durrant 
Cc: David Wooodhouse 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20230310180332.2274827-7-alex.ben...@linaro.org>
---
 contrib/gitdm/domain-map | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/contrib/gitdm/domain-map b/contrib/gitdm/domain-map
index 4a988c5b5f..8dce276a1c 100644
--- a/contrib/gitdm/domain-map
+++ b/contrib/gitdm/domain-map
@@ -4,6 +4,8 @@
 # This maps email domains to nice easy to read company names
 #
 
+amazon.com  Amazon
+amazon.co.ukAmazon
 amd.com AMD
 aspeedtech.com  ASPEED Technology Inc.
 baidu.com   Baidu
-- 
2.39.2

[PATCH v2 30/32] contrib/gitdm: add revng to domain map

2023-03-15 Thread Alex Bennée 
Signed-off-by: Alex Bennée 
Cc: Anton Johansson 
Cc: Niccolò Izzo 
Cc: Paolo Montesel 
Reviewed-by: Alessandro Di Federico 
Message-Id: <20230310180332.2274827-9-alex.ben...@linaro.org>
---
 contrib/gitdm/domain-map | 1 +
 1 file changed, 1 insertion(+)

diff --git a/contrib/gitdm/domain-map b/contrib/gitdm/domain-map
index 0b6c77eee0..fa9cb5430f 100644
--- a/contrib/gitdm/domain-map
+++ b/contrib/gitdm/domain-map
@@ -36,6 +36,7 @@ oracle.com  Oracle
 proxmox.com Proxmox
 quicinc.com Qualcomm Innovation Center
 redhat.com  Red Hat
+rev.ng  revng
 rt-rk.com   RT-RK
 samsung.com Samsung
 siemens.com Siemens
-- 
2.39.2

[PATCH v2 10/32] tests/avocado: don't use tags to define drive

2023-03-15 Thread Alex Bennée 
We are abusing the avocado tags which are intended to provide test
selection metadata to provide parameters to our test. This works OK up
until the point you need to have ,'s in the field as this is the tag
separator character which is the case for a number of the drive
parameters. Fix this by making drive a parameter to the common helper
function.

Fixes: 267fe57c23 (tests: add tuxrun baseline test to avocado)
Message-Id: <20230310103123.2118519-12-alex.ben...@linaro.org>
Reviewed-by: David Woodhouse 
Signed-off-by: David Woodhouse 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Alex Bennée 
---
 tests/avocado/tuxrun_baselines.py | 60 +--
 1 file changed, 24 insertions(+), 36 deletions(-)

diff --git a/tests/avocado/tuxrun_baselines.py 
b/tests/avocado/tuxrun_baselines.py
index 30aaefc1d3..c3fb67f5dc 100644
--- a/tests/avocado/tuxrun_baselines.py
+++ b/tests/avocado/tuxrun_baselines.py
@@ -67,9 +67,6 @@ def setUp(self):
 # The name of the kernel Image file
 self.image = self.get_tag('image', "Image")
 
-# The block device drive type
-self.drive = self.get_tag('drive', "virtio-blk-device")
-
 self.root = self.get_tag('root', "vda")
 
 # Occasionally we need extra devices to hook things up
@@ -99,7 +96,7 @@ def fetch_tuxrun_assets(self, dt=None):
 
 return (kernel_image, self.workdir + "/rootfs.ext4", dtb)
 
-def prepare_run(self, kernel, disk, dtb=None, console_index=0):
+def prepare_run(self, kernel, disk, drive, dtb=None, console_index=0):
 """
 Setup to run and add the common parameters to the system
 """
@@ -121,10 +118,8 @@ def prepare_run(self, kernel, disk, dtb=None, 
console_index=0):
 if self.extradev:
 self.vm.add_args('-device', self.extradev)
 
-# Some machines already define a drive device
-if self.drive != "none":
-self.vm.add_args('-device',
- f"{self.drive},drive=hd0")
+self.vm.add_args('-device',
+ f"{drive},drive=hd0")
 
 # Some machines need an explicit DTB
 if dtb:
@@ -154,7 +149,9 @@ def run_tuxtest_tests(self, haltmsg):
 else:
 self.vm.wait()
 
-def common_tuxrun(self, dt=None, haltmsg="reboot: System halted",
+def common_tuxrun(self, dt=None,
+  drive="virtio-blk-device",
+  haltmsg="reboot: System halted",
   console_index=0):
 """
 Common path for LKFT tests. Unless we need to do something
@@ -163,7 +160,7 @@ def common_tuxrun(self, dt=None, haltmsg="reboot: System 
halted",
 """
 (kernel, disk, dtb) = self.fetch_tuxrun_assets(dt)
 
-self.prepare_run(kernel, disk, dtb, console_index)
+self.prepare_run(kernel, disk, drive, dtb, console_index)
 self.vm.launch()
 self.run_tuxtest_tests(haltmsg)
 
@@ -206,11 +203,11 @@ def test_armv5(self):
 :avocado: tags=machine:versatilepb
 :avocado: tags=tuxboot:armv5
 :avocado: tags=image:zImage
-:avocado: tags=drive:virtio-blk-pci
 :avocado: tags=console:ttyAMA0
 :avocado: tags=shutdown:nowait
 """
-self.common_tuxrun(dt="versatile-pb.dtb")
+self.common_tuxrun(drive="virtio-blk-pci",
+   dt="versatile-pb.dtb")
 
 def test_armv7(self):
 """
@@ -244,10 +241,9 @@ def test_i386(self):
 :avocado: tags=machine:q35
 :avocado: tags=tuxboot:i386
 :avocado: tags=image:bzImage
-:avocado: tags=drive:virtio-blk-pci
 :avocado: tags=shutdown:nowait
 """
-self.common_tuxrun()
+self.common_tuxrun(drive="virtio-blk-pci")
 
 def test_mips32(self):
 """
@@ -257,11 +253,10 @@ def test_mips32(self):
 :avocado: tags=endian:big
 :avocado: tags=tuxboot:mips32
 :avocado: tags=image:vmlinux
-:avocado: tags=drive:driver=ide-hd,bus=ide.0,unit=0
 :avocado: tags=root:sda
 :avocado: tags=shutdown:nowait
 """
-self.common_tuxrun()
+self.common_tuxrun(drive="driver=ide-hd,bus=ide.0,unit=0")
 
 def test_mips32el(self):
 """
@@ -270,11 +265,10 @@ def test_mips32el(self):
 :avocado: tags=cpu:mips32r6-generic
 :avocado: tags=tuxboot:mips32el
 :avocado: tags=image:vmlinux
-:avocado: tags=drive:driver=ide-hd,bus=ide.0,unit=0
 :avocado: tags=root:sda
 :avocado: tags=shutdown:nowait
 """
-self.common_tuxrun()
+self.common_tuxrun(drive="driver=ide-hd,bus=ide.0,unit=0")
 
 @skip("QEMU currently broken") # regression against stable QEMU
 def test_mips64(self):
@@ -284,11 +278,10 @@ def test_mips64(self):
 :avocado: tags=tuxboot:mips64
 :avocado: tags=endian:big
 :avocado: tags=image:vmlinux
-:avocado: tags=drive:driver=ide-hd,bu

[PATCH v2 19/32] iotests: allow test discovery before building

2023-03-15 Thread Alex Bennée 
From: Daniel P. Berrangé 

The 'check' script can be invoked in "dry run" mode, in which case it
merely does test discovery and prints out all their names. Despite only
doing test discovery it still validates that the various QEMU binaries
can be found. This makes it impossible todo test discovery prior to
building QEMU. This is a desirable feature to support, because it will
let meson discover tests.

Fortunately the code in the TestEnv constructor is ordered in a way
that makes this fairly trivial to achieve. We can just short circuit
the constructor after the basic directory paths have been set.

Reviewed-by: Thomas Huth 
Reviewed-by: Alex Bennée 
Signed-off-by: Daniel P. Berrangé 
Acked-by: Hanna Czenczek 
Tested-by: Thomas Huth 
Message-Id: <20230303160727.3977246-3-berra...@redhat.com>
Signed-off-by: Alex Bennée 
---
 tests/qemu-iotests/check  | 3 ++-
 tests/qemu-iotests/testenv.py | 7 ++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check
index da7e8a87fe..bb294ef556 100755
--- a/tests/qemu-iotests/check
+++ b/tests/qemu-iotests/check
@@ -145,7 +145,8 @@ if __name__ == '__main__':
   aiomode=args.aiomode, cachemode=args.cachemode,
   imgopts=args.imgopts, misalign=args.misalign,
   debug=args.debug, valgrind=args.valgrind,
-  gdb=args.gdb, qprint=args.print)
+  gdb=args.gdb, qprint=args.print,
+  dry_run=args.dry_run)
 
 if len(sys.argv) > 1 and sys.argv[-len(args.tests)-1] == '--':
 if not args.tests:
diff --git a/tests/qemu-iotests/testenv.py b/tests/qemu-iotests/testenv.py
index aa9d735414..9a37ad9152 100644
--- a/tests/qemu-iotests/testenv.py
+++ b/tests/qemu-iotests/testenv.py
@@ -178,7 +178,8 @@ def __init__(self, source_dir: str, build_dir: str,
  debug: bool = False,
  valgrind: bool = False,
  gdb: bool = False,
- qprint: bool = False) -> None:
+ qprint: bool = False,
+ dry_run: bool = False) -> None:
 self.imgfmt = imgfmt
 self.imgproto = imgproto
 self.aiomode = aiomode
@@ -218,6 +219,10 @@ def __init__(self, source_dir: str, build_dir: str,
 self.build_root = os.path.join(self.build_iotests, '..', '..')
 
 self.init_directories()
+
+if dry_run:
+return
+
 self.init_binaries()
 
 self.malloc_perturb_ = os.getenv('MALLOC_PERTURB_',
-- 
2.39.2

[PATCH v2 07/32] tests/tcg: add some help output for running individual tests

2023-03-15 Thread Alex Bennée 
So you can do:

  cd tests/tcg/aarch64-linux-user
  make -f ../Makefile.target help

To see the list of tests. You can then run each one individually.

Signed-off-by: Alex Bennée 
---
 tests/tcg/Makefile.target | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/tests/tcg/Makefile.target b/tests/tcg/Makefile.target
index a3b0aaf8af..8318caf924 100644
--- a/tests/tcg/Makefile.target
+++ b/tests/tcg/Makefile.target
@@ -201,3 +201,10 @@ clean:
 
 distclean:
rm -f config-cc.mak config-target.mak ../config-$(TARGET).mak
+
+.PHONY: help
+help:
+   @echo "TCG tests help $(TARGET_NAME)"
+   @echo "Built with $(CC)"
+   @echo "Available tests:"
+   @$(foreach t,$(RUN_TESTS),echo "  $t";)
-- 
2.39.2

[PATCH v2 24/32] iotests: register each I/O test separately with meson

2023-03-15 Thread Alex Bennée 
From: Daniel P. Berrangé 

Currently meson registers a single test that invokes an entire group of
I/O tests, hiding the test granularity from meson. There are various
downsides of doing this

 * You cannot ask 'meson test' to invoke a single I/O test
 * The meson test timeout can't be applied to the individual
   tests
 * Meson only gets a pass/fail for the overall I/O test group
   not individual tests
 * If a CI job gets killed by the GitLab timeout, we don't
   get visibility into how far through the I/O tests
   execution got.

This switches meson to perform test discovery by invoking 'check' in
dry-run mode. It then registers one meson test case for each I/O
test. Parallel execution remains disabled since the I/O tests do not
use self contained execution environments and thus conflict with
each other.

Signed-off-by: Daniel P. Berrangé 
Reviewed-by: Thomas Huth 
Acked-by: Hanna Czenczek 
Tested-by: Thomas Huth 
Message-Id: <20230303160727.3977246-8-berra...@redhat.com>
Signed-off-by: Alex Bennée 
---
 tests/qemu-iotests/meson.build | 35 --
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/tests/qemu-iotests/meson.build b/tests/qemu-iotests/meson.build
index 323a4acb6a..a162f683ef 100644
--- a/tests/qemu-iotests/meson.build
+++ b/tests/qemu-iotests/meson.build
@@ -32,16 +32,39 @@ foreach k, v : emulators
   endif
 endforeach
 
+qemu_iotests_check_cmd = files('check')
+
 foreach format, speed: qemu_iotests_formats
   if speed == 'quick'
 suites = 'block'
   else
 suites = ['block-' + speed, speed]
   endif
-  test('qemu-iotests ' + format, sh, args: [files('../check-block.sh'), 
format],
-   depends: qemu_iotests_binaries, env: qemu_iotests_env,
-   protocol: 'tap',
-   suite: suites,
-   timeout: 0,
-   is_parallel: false)
+
+  args = ['-tap', '-' + format]
+  if speed == 'quick'
+  args += ['-g', 'auto']
+  endif
+
+  rc = run_command(
+  [qemu_iotests_check_cmd] + args + ['-n'],
+  check: true,
+  )
+
+  foreach item: rc.stdout().strip().split()
+  args = ['-tap', '-' + format, item,
+  '--source-dir', meson.current_source_dir(),
+  '--build-dir', meson.current_build_dir()]
+  # Some individual tests take as long as 45 seconds
+  # Bump the timeout to 3 minutes for some headroom
+  # on slow machines to minimize spurious failures
+  test('io-' + format + '-' + item,
+   qemu_iotests_check_cmd,
+   args: args,
+   depends: qemu_iotests_binaries,
+   env: qemu_iotests_env,
+   protocol: 'tap',
+   timeout: 180,
+   suite: suites)
+  endforeach
 endforeach
-- 
2.39.2

[PATCH v2 05/32] gitlab: update centos-8-stream job

2023-03-15 Thread Alex Bennée 
A couple of clean-ups here:

  - inherit from the custom runners job for artefacts
  - call check-avocado directly
  - add some comments to the top about setup

Signed-off-by: Alex Bennée 
---
 .../custom-runners/centos-stream-8-x86_64.yml  | 18 ++
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/.gitlab-ci.d/custom-runners/centos-stream-8-x86_64.yml 
b/.gitlab-ci.d/custom-runners/centos-stream-8-x86_64.yml
index 068b0c4335..367424db78 100644
--- a/.gitlab-ci.d/custom-runners/centos-stream-8-x86_64.yml
+++ b/.gitlab-ci.d/custom-runners/centos-stream-8-x86_64.yml
@@ -1,4 +1,9 @@
+# All centos-stream-8 jobs should run successfully in an environment
+# setup by the scripts/ci/setup/stream/8/build-environment.yml task
+# "Installation of extra packages to build QEMU"
+
 centos-stream-8-x86_64:
+ extends: .custom_runner_template
  allow_failure: true
  needs: []
  stage: build
@@ -8,15 +13,6 @@ centos-stream-8-x86_64:
  rules:
  - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH =~ 
/^staging/'
  - if: "$CENTOS_STREAM_8_x86_64_RUNNER_AVAILABLE"
- artifacts:
-   name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
-   when: on_failure
-   expire_in: 7 days
-   paths:
- - build/tests/results/latest/results.xml
- - build/tests/results/latest/test-results
-   reports:
- junit: build/tests/results/latest/results.xml
  before_script:
  - JOBS=$(expr $(nproc) + 1)
  script:
@@ -25,6 +21,4 @@ centos-stream-8-x86_64:
  - ../scripts/ci/org.centos/stream/8/x86_64/configure
|| { cat config.log meson-logs/meson-log.txt; exit 1; }
  - make -j"$JOBS"
- - make NINJA=":" check
-   || { cat meson-logs/testlog.txt; exit 1; } ;
- - ../scripts/ci/org.centos/stream/8/x86_64/test-avocado
+ - make NINJA=":" check check-avocado
-- 
2.39.2

[PATCH v2 02/32] tests/docker: all add DOCKER_BUILDKIT to RUNC environment

2023-03-15 Thread Alex Bennée 
It seems we also need to pass DOCKER_BUILDKIT as an argument to docker
itself to get the full benefit of caching.

Signed-off-by: Alex Bennée 
Suggested-by: Fabiano Rosas 
---
 tests/docker/Makefile.include | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 54ed77f671..9401525325 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -39,7 +39,7 @@ docker-qemu-src: $(DOCKER_SRC_COPY)
 # General rule for building docker images.
 docker-image-%: $(DOCKER_FILES_DIR)/%.docker
  $(call quiet-command, \
-   $(RUNC) build   \
+   DOCKER_BUILDKIT=1 $(RUNC) build \
$(if $V,,--quiet)   \
$(if $(NOCACHE),--no-cache, \
$(if $(DOCKER_REGISTRY),--cache-from 
$(DOCKER_REGISTRY)/qemu/$*)) \
-- 
2.39.2

[PATCH v2 16/32] include/qemu: Split out plugin-event.h

2023-03-15 Thread Alex Bennée 
From: Richard Henderson 

The usage in hw/core/cpu.h only requires QEMU_PLUGIN_EV_MAX.

Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20230310195252.210956-7-richard.hender...@linaro.org>
Signed-off-by: Alex Bennée 
---
 include/hw/core/cpu.h   |  2 +-
 include/qemu/plugin-event.h | 26 ++
 include/qemu/plugin.h   | 17 +
 3 files changed, 28 insertions(+), 17 deletions(-)
 create mode 100644 include/qemu/plugin-event.h

diff --git a/include/hw/core/cpu.h b/include/hw/core/cpu.h
index 75689bff02..821e937020 100644
--- a/include/hw/core/cpu.h
+++ b/include/hw/core/cpu.h
@@ -30,7 +30,7 @@
 #include "qemu/rcu_queue.h"
 #include "qemu/queue.h"
 #include "qemu/thread.h"
-#include "qemu/plugin.h"
+#include "qemu/plugin-event.h"
 #include "qom/object.h"
 
 typedef int (*WriteCoreDumpFunction)(const void *buf, size_t size,
diff --git a/include/qemu/plugin-event.h b/include/qemu/plugin-event.h
new file mode 100644
index 00..7056d8427b
--- /dev/null
+++ b/include/qemu/plugin-event.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2017, Emilio G. Cota 
+ *
+ * License: GNU GPL, version 2 or later.
+ *   See the COPYING file in the top-level directory.
+ */
+#ifndef QEMU_PLUGIN_EVENT_H
+#define QEMU_PLUGIN_EVENT_H
+
+/*
+ * Events that plugins can subscribe to.
+ */
+enum qemu_plugin_event {
+QEMU_PLUGIN_EV_VCPU_INIT,
+QEMU_PLUGIN_EV_VCPU_EXIT,
+QEMU_PLUGIN_EV_VCPU_TB_TRANS,
+QEMU_PLUGIN_EV_VCPU_IDLE,
+QEMU_PLUGIN_EV_VCPU_RESUME,
+QEMU_PLUGIN_EV_VCPU_SYSCALL,
+QEMU_PLUGIN_EV_VCPU_SYSCALL_RET,
+QEMU_PLUGIN_EV_FLUSH,
+QEMU_PLUGIN_EV_ATEXIT,
+QEMU_PLUGIN_EV_MAX, /* total number of plugin events we support */
+};
+
+#endif /* QEMU_PLUGIN_EVENT_H */
diff --git a/include/qemu/plugin.h b/include/qemu/plugin.h
index e0ebedef84..6bf4bce188 100644
--- a/include/qemu/plugin.h
+++ b/include/qemu/plugin.h
@@ -12,24 +12,9 @@
 #include "qemu/error-report.h"
 #include "qemu/queue.h"
 #include "qemu/option.h"
+#include "qemu/plugin-event.h"
 #include "exec/memopidx.h"
 
-/*
- * Events that plugins can subscribe to.
- */
-enum qemu_plugin_event {
-QEMU_PLUGIN_EV_VCPU_INIT,
-QEMU_PLUGIN_EV_VCPU_EXIT,
-QEMU_PLUGIN_EV_VCPU_TB_TRANS,
-QEMU_PLUGIN_EV_VCPU_IDLE,
-QEMU_PLUGIN_EV_VCPU_RESUME,
-QEMU_PLUGIN_EV_VCPU_SYSCALL,
-QEMU_PLUGIN_EV_VCPU_SYSCALL_RET,
-QEMU_PLUGIN_EV_FLUSH,
-QEMU_PLUGIN_EV_ATEXIT,
-QEMU_PLUGIN_EV_MAX, /* total number of plugin events we support */
-};
-
 /*
  * Option parsing/processing.
  * Note that we can load an arbitrary number of plugins.
-- 
2.39.2

[PATCH v2 27/32] contrib/gitdm: Add SYRMIA to the domain map

2023-03-15 Thread Alex Bennée 
The company website lists QEMU amongst the things they work on so I
assume these are corporate contributions.

Signed-off-by: Alex Bennée 
Cc: Milica Lazarevic 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20230310180332.2274827-6-alex.ben...@linaro.org>
---
 contrib/gitdm/domain-map | 1 +
 1 file changed, 1 insertion(+)

diff --git a/contrib/gitdm/domain-map b/contrib/gitdm/domain-map
index 65e40fe8e1..4a988c5b5f 100644
--- a/contrib/gitdm/domain-map
+++ b/contrib/gitdm/domain-map
@@ -39,6 +39,7 @@ siemens.com Siemens
 sifive.com  SiFive
 suse.comSUSE
 suse.de SUSE
+syrmia.com  SYRMIA
 ventanamicro.com Ventana Micro Systems
 virtuozzo.com   Virtuozzo
 vrull.euVRULL
-- 
2.39.2

[PATCH v2 26/32] contrib/gitdm: Add ASPEED Technology to the domain map

2023-03-15 Thread Alex Bennée 
We have a number of contributors from this domain which is a corporate
endeavour.

Signed-off-by: Alex Bennée 
Cc: Steven Lee 
Cc: Troy Lee 
Cc: Howard Chiu 
Cc: Jamin Lin 
Reviewed-by: Troy Lee 
Message-Id: <20230310180332.2274827-4-alex.ben...@linaro.org>
---
 contrib/gitdm/domain-map | 1 +
 1 file changed, 1 insertion(+)

diff --git a/contrib/gitdm/domain-map b/contrib/gitdm/domain-map
index 8913a886c9..65e40fe8e1 100644
--- a/contrib/gitdm/domain-map
+++ b/contrib/gitdm/domain-map
@@ -5,6 +5,7 @@
 #
 
 amd.com AMD
+aspeedtech.com  ASPEED Technology Inc.
 baidu.com   Baidu
 bytedance.com   ByteDance
 cmss.chinamobile.com China Mobile
-- 
2.39.2

[PATCH v2 06/32] include/qemu: add documentation for memory callbacks

2023-03-15 Thread Alex Bennée 
Some API documentation was missed, rectify that.

Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1497
Signed-off-by: Alex Bennée 
---
 include/qemu/qemu-plugin.h | 47 ++
 1 file changed, 43 insertions(+), 4 deletions(-)

diff --git a/include/qemu/qemu-plugin.h b/include/qemu/qemu-plugin.h
index d0e9d03adf..50a9957279 100644
--- a/include/qemu/qemu-plugin.h
+++ b/include/qemu/qemu-plugin.h
@@ -481,17 +481,56 @@ uint64_t qemu_plugin_hwaddr_phys_addr(const struct 
qemu_plugin_hwaddr *haddr);
  */
 const char *qemu_plugin_hwaddr_device_name(const struct qemu_plugin_hwaddr *h);
 
-typedef void
-(*qemu_plugin_vcpu_mem_cb_t)(unsigned int vcpu_index,
- qemu_plugin_meminfo_t info, uint64_t vaddr,
- void *userdata);
+/**
+ * typedef qemu_plugin_vcpu_mem_cb_t - memory callback function type
+ * @vcpu_index: the executing vCPU
+ * @info: an opaque handle for further queries about the memory
+ * @vaddr: the virtual address of the transaction
+ * @userdata: any user data attached to the callback
+ */
+typedef void (*qemu_plugin_vcpu_mem_cb_t) (unsigned int vcpu_index,
+   qemu_plugin_meminfo_t info,
+   uint64_t vaddr,
+   void *userdata);
 
+/**
+ * qemu_plugin_register_vcpu_mem_cb() - register memory access callback
+ * @insn: handle for instruction to instrument
+ * @cb: callback of type qemu_plugin_vcpu_mem_cb_t
+ * @flags: (currently unused) callback flags
+ * @rw: monitor reads, writes or both
+ * @userdata: opaque pointer for userdata
+ *
+ * This registers a full callback for every memory access generated by
+ * an instruction. If the instruction doesn't access memory no
+ * callback will be made.
+ *
+ * The callback reports the vCPU the access took place on, the virtual
+ * address of the access and a handle for further queries. The user
+ * can attach some userdata to the callback for additional purposes.
+ *
+ * Other execution threads will continue to execute during the
+ * callback so the plugin is responsible for ensuring it doesn't get
+ * confused by making appropriate use of locking if required.
+ */
 void qemu_plugin_register_vcpu_mem_cb(struct qemu_plugin_insn *insn,
   qemu_plugin_vcpu_mem_cb_t cb,
   enum qemu_plugin_cb_flags flags,
   enum qemu_plugin_mem_rw rw,
   void *userdata);
 
+/**
+ * qemu_plugin_register_vcpu_mem_inline() - register an inline op to any 
memory access
+ * @insn: handle for instruction to instrument
+ * @rw: apply to reads, writes or both
+ * @op: the op, of type qemu_plugin_op
+ * @ptr: pointer memory for the op
+ * @imm: immediate data for @op
+ *
+ * This registers a inline op every memory access generated by the
+ * instruction. This provides for a lightweight but not thread-safe
+ * way of counting the number of operations done.
+ */
 void qemu_plugin_register_vcpu_mem_inline(struct qemu_plugin_insn *insn,
   enum qemu_plugin_mem_rw rw,
   enum qemu_plugin_op op, void *ptr,
-- 
2.39.2

[PATCH v2 14/32] *: Add missing includes of qemu/error-report.h

2023-03-15 Thread Alex Bennée 
From: Richard Henderson 

This had been pulled in via qemu/plugin.h from hw/core/cpu.h,
but that will be removed.

Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20230310195252.210956-5-richard.hender...@linaro.org>
[AJB: add various additional cases shown by CI]
Signed-off-by: Alex Bennée 
---
 accel/accel-softmmu.c  | 2 +-
 block/monitor/block-hmp-cmds.c | 1 +
 dump/dump.c| 1 +
 dump/win_dump.c| 1 +
 gdbstub/gdbstub.c  | 1 +
 hw/arm/collie.c| 2 ++
 hw/arm/cubieboard.c| 1 +
 hw/arm/musicpal.c  | 2 ++
 hw/arm/npcm7xx_boards.c| 2 ++
 hw/arm/nseries.c   | 2 ++
 hw/arm/omap_sx1.c  | 2 ++
 hw/arm/orangepi.c  | 1 +
 hw/arm/palm.c  | 2 ++
 hw/core/loader.c   | 1 +
 hw/core/machine-smp.c  | 2 ++
 hw/i386/kvm/xen_xenstore.c | 1 +
 hw/i386/sgx.c  | 1 +
 hw/intc/apic.c | 1 +
 hw/loongarch/acpi-build.c  | 1 +
 hw/loongarch/virt.c| 2 ++
 hw/m68k/next-cube.c| 1 +
 hw/m68k/q800.c | 1 +
 hw/m68k/virt.c | 1 +
 hw/mem/memory-device.c | 1 +
 hw/mem/sparse-mem.c| 1 +
 hw/openrisc/boot.c | 1 +
 hw/ppc/spapr_softmmu.c | 2 ++
 hw/riscv/opentitan.c   | 1 +
 hw/riscv/shakti_c.c| 1 +
 hw/riscv/virt-acpi-build.c | 1 +
 hw/vfio/display.c  | 1 +
 hw/vfio/igd.c  | 1 +
 hw/vfio/migration.c| 1 +
 linux-user/elfload.c   | 1 +
 migration/dirtyrate.c  | 1 +
 migration/exec.c   | 1 +
 target/i386/cpu.c  | 1 +
 target/i386/host-cpu.c | 1 +
 target/i386/sev.c  | 1 +
 target/i386/whpx/whpx-apic.c   | 1 +
 target/mips/cpu.c  | 1 +
 target/s390x/cpu-sysemu.c  | 1 +
 target/s390x/cpu_models.c  | 1 +
 target/s390x/diag.c| 2 ++
 ui/cocoa.m | 1 +
 45 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/accel/accel-softmmu.c b/accel/accel-softmmu.c
index f9cdafb148..9c804ba9e3 100644
--- a/accel/accel-softmmu.c
+++ b/accel/accel-softmmu.c
@@ -27,7 +27,7 @@
 #include "qemu/accel.h"
 #include "hw/boards.h"
 #include "sysemu/cpus.h"
-
+#include "qemu/error-report.h"
 #include "accel-softmmu.h"
 
 int accel_init_machine(AccelState *accel, MachineState *ms)
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
index 6aa5f1be0c..2846083546 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -48,6 +48,7 @@
 #include "qemu/option.h"
 #include "qemu/sockets.h"
 #include "qemu/cutils.h"
+#include "qemu/error-report.h"
 #include "sysemu/sysemu.h"
 #include "monitor/monitor.h"
 #include "monitor/hmp.h"
diff --git a/dump/dump.c b/dump/dump.c
index 544d5bce3a..1f1a6edcab 100644
--- a/dump/dump.c
+++ b/dump/dump.c
@@ -24,6 +24,7 @@
 #include "qapi/qapi-commands-dump.h"
 #include "qapi/qapi-events-dump.h"
 #include "qapi/qmp/qerror.h"
+#include "qemu/error-report.h"
 #include "qemu/main-loop.h"
 #include "hw/misc/vmcoreinfo.h"
 #include "migration/blocker.h"
diff --git a/dump/win_dump.c b/dump/win_dump.c
index 0152f7330a..b7bfaff379 100644
--- a/dump/win_dump.c
+++ b/dump/win_dump.c
@@ -11,6 +11,7 @@
 #include "qemu/osdep.h"
 #include "sysemu/dump.h"
 #include "qapi/error.h"
+#include "qemu/error-report.h"
 #include "qapi/qmp/qerror.h"
 #include "exec/cpu-defs.h"
 #include "hw/core/cpu.h"
diff --git a/gdbstub/gdbstub.c b/gdbstub/gdbstub.c
index d9e9bf9294..2a66371aa5 100644
--- a/gdbstub/gdbstub.c
+++ b/gdbstub/gdbstub.c
@@ -27,6 +27,7 @@
 #include "qemu/ctype.h"
 #include "qemu/cutils.h"
 #include "qemu/module.h"
+#include "qemu/error-report.h"
 #include "trace.h"
 #include "exec/gdbstub.h"
 #include "gdbstub/syscalls.h"
diff --git a/hw/arm/collie.c b/hw/arm/collie.c
index 9edff59370..a0ad1b8dc7 100644
--- a/hw/arm/collie.c
+++ b/hw/arm/collie.c
@@ -19,6 +19,8 @@
 #include "exec/address-spaces.h"
 #include "cpu.h"
 #include "qom/object.h"
+#include "qemu/error-report.h"
+
 
 #define RAM_SIZE(512 * MiB)
 #define FLASH_SIZE  (32 * MiB)
diff --git a/hw/arm/cubieboard.c b/hw/arm/cubieboard.c
index 71a7df1508..8c7fa91529 100644
--- a/hw/arm/cubieboard.c
+++ b/hw/arm/cubieboard.c
@@ -17,6 +17,7 @@
 
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "qemu/error-report.h"
 #include "hw/boards.h"
 #include "hw/qdev-properties.h"
 #include "hw/arm/allwinner-a10.h"
diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c
index 06d9add7c7..c9010b2ffb 100644
--- a/hw/arm/musicpal.c
+++ b/hw/arm/musicpal.c
@@ -37,6 +37,8 @@
 #include "qemu/cutils.h"
 #include "qom/object.h"
 #include "hw/net/mv88w8618_eth.h"
+#include "qemu/error-report.h"
+
 
 #define MP_MISC_BASE0x80002000
 #define MP_MISC_SIZE0x1000
diff --git a/hw/arm/npcm7xx_boards.c b/hw/arm/npc

[PATCH v2 17/32] include/qemu/plugin: Inline qemu_plugin_disable_mem_helpers

2023-03-15 Thread Alex Bennée 
From: Richard Henderson 

Now that we've broken the include loop with cpu.h,
we can bring this inline.

Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20230310195252.210956-8-richard.hender...@linaro.org>
Signed-off-by: Alex Bennée 
---
 include/qemu/plugin.h |  6 +-
 plugins/core.c| 11 ---
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/include/qemu/plugin.h b/include/qemu/plugin.h
index 6bf4bce188..bc0781cab8 100644
--- a/include/qemu/plugin.h
+++ b/include/qemu/plugin.h
@@ -14,6 +14,7 @@
 #include "qemu/option.h"
 #include "qemu/plugin-event.h"
 #include "exec/memopidx.h"
+#include "hw/core/cpu.h"
 
 /*
  * Option parsing/processing.
@@ -204,7 +205,10 @@ void qemu_plugin_atexit_cb(void);
 
 void qemu_plugin_add_dyn_cb_arr(GArray *arr);
 
-void qemu_plugin_disable_mem_helpers(CPUState *cpu);
+static inline void qemu_plugin_disable_mem_helpers(CPUState *cpu)
+{
+cpu->plugin_mem_cbs = NULL;
+}
 
 /**
  * qemu_plugin_user_exit(): clean-up callbacks before calling exit callbacks
diff --git a/plugins/core.c b/plugins/core.c
index 04632886b9..9912f2cfdb 100644
--- a/plugins/core.c
+++ b/plugins/core.c
@@ -553,17 +553,6 @@ void qemu_plugin_user_postfork(bool is_child)
 }
 }
 
-
-/*
- * Call this function after longjmp'ing to the main loop. It's possible that 
the
- * last instruction of a TB might have used helpers, and therefore the
- * "disable" instruction will never execute because it ended up as dead code.
- */
-void qemu_plugin_disable_mem_helpers(CPUState *cpu)
-{
-cpu->plugin_mem_cbs = NULL;
-}
-
 static bool plugin_dyn_cb_arr_cmp(const void *ap, const void *bp)
 {
 return ap == bp;
-- 
2.39.2

[PATCH v2 20/32] iotests: strip subdir path when listing tests

2023-03-15 Thread Alex Bennée 
From: Daniel P. Berrangé 

When asking 'check' to list individual tests by invoking it in dry run
mode, it prints the paths to the tests relative to the base of the
I/O test directory.

When asking 'check' to run an individual test, however, it mandates that
only the unqualified test name is given, without any path prefix. This
inconsistency makes it harder to ask for a list of tests and then invoke
each one.

Thus the test listing code is change to flatten the test names, by
printing only the base name, which can be directly invoked.

Reviewed-by: Alex Bennée 
Signed-off-by: Daniel P. Berrangé 
Acked-by: Hanna Czenczek 
Tested-by: Thomas Huth 
Message-Id: <20230303160727.3977246-4-berra...@redhat.com>
Signed-off-by: Alex Bennée 
---
 tests/qemu-iotests/check | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check
index bb294ef556..f2e9d27dcf 100755
--- a/tests/qemu-iotests/check
+++ b/tests/qemu-iotests/check
@@ -184,7 +184,7 @@ if __name__ == '__main__':
 sys.exit(str(e))
 
 if args.dry_run:
-print('\n'.join(tests))
+print('\n'.join([os.path.basename(t) for t in tests]))
 else:
 with TestRunner(env, tap=args.tap,
 color=args.color) as tr:
-- 
2.39.2

[PATCH v2 18/32] iotests: explicitly pass source/build dir to 'check' command

2023-03-15 Thread Alex Bennée 
From: Daniel P. Berrangé 

The 'check' script has some rather dubious logic whereby it assumes
that if invoked as a symlink, then it is running from a separate
source tree and build tree, otherwise it assumes the current working
directory is a combined source and build tree.

This doesn't work if you want to invoke the 'check' script using
its full source tree path while still using a split source and build
tree layout. This would be a typical situation with meson if you ask
it to find the 'check' script path using files('check').

Rather than trying to make the logic more magical, add support for
explicitly passing the dirs using --source-dir and --build-dir. If
either is omitted the current logic is maintained.

Signed-off-by: Daniel P. Berrangé 
Reviewed-by: Thomas Huth 
Acked-by: Hanna Czenczek 
Tested-by: Thomas Huth 
Message-Id: <20230303160727.3977246-2-berra...@redhat.com>
Signed-off-by: Alex Bennée 
---
 tests/qemu-iotests/check  | 25 +++--
 tests/qemu-iotests/testenv.py | 13 -
 2 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/tests/qemu-iotests/check b/tests/qemu-iotests/check
index 9bdda1394e..da7e8a87fe 100755
--- a/tests/qemu-iotests/check
+++ b/tests/qemu-iotests/check
@@ -26,9 +26,23 @@ from findtests import TestFinder
 from testenv import TestEnv
 from testrunner import TestRunner
 
+def get_default_path(follow_link=False):
+"""
+Try to automagically figure out the path we are running from.
+"""
+# called from the build tree?
+if os.path.islink(sys.argv[0]):
+if follow_link:
+return os.path.dirname(os.readlink(sys.argv[0]))
+else:
+return os.path.dirname(os.path.abspath(sys.argv[0]))
+else:  # or source tree?
+return os.getcwd()
 
 def make_argparser() -> argparse.ArgumentParser:
-p = argparse.ArgumentParser(description="Test run options")
+p = argparse.ArgumentParser(
+description="Test run options",
+formatter_class=argparse.ArgumentDefaultsHelpFormatter)
 
 p.add_argument('-n', '--dry-run', action='store_true',
help='show me, do not run tests')
@@ -113,6 +127,11 @@ def make_argparser() -> argparse.ArgumentParser:
'middle of the process.')
 g_sel.add_argument('tests', metavar='TEST_FILES', nargs='*',
help='tests to run, or "--" followed by a command')
+g_sel.add_argument('--build-dir', default=get_default_path(),
+   help='Path to iotests build directory')
+g_sel.add_argument('--source-dir',
+   default=get_default_path(follow_link=True),
+   help='Path to iotests build directory')
 
 return p
 
@@ -120,7 +139,9 @@ def make_argparser() -> argparse.ArgumentParser:
 if __name__ == '__main__':
 args = make_argparser().parse_args()
 
-env = TestEnv(imgfmt=args.imgfmt, imgproto=args.imgproto,
+env = TestEnv(source_dir=args.source_dir,
+  build_dir=args.build_dir,
+  imgfmt=args.imgfmt, imgproto=args.imgproto,
   aiomode=args.aiomode, cachemode=args.cachemode,
   imgopts=args.imgopts, misalign=args.misalign,
   debug=args.debug, valgrind=args.valgrind,
diff --git a/tests/qemu-iotests/testenv.py b/tests/qemu-iotests/testenv.py
index a864c74b12..aa9d735414 100644
--- a/tests/qemu-iotests/testenv.py
+++ b/tests/qemu-iotests/testenv.py
@@ -170,7 +170,8 @@ def root(*names: str) -> str:
 if not isxfile(b):
 sys.exit('Not executable: ' + b)
 
-def __init__(self, imgfmt: str, imgproto: str, aiomode: str,
+def __init__(self, source_dir: str, build_dir: str,
+ imgfmt: str, imgproto: str, aiomode: str,
  cachemode: Optional[str] = None,
  imgopts: Optional[str] = None,
  misalign: bool = False,
@@ -211,14 +212,8 @@ def __init__(self, imgfmt: str, imgproto: str, aiomode: 
str,
 # which are needed to initialize some environment variables. They are
 # used by init_*() functions as well.
 
-if os.path.islink(sys.argv[0]):
-# called from the build tree
-self.source_iotests = os.path.dirname(os.readlink(sys.argv[0]))
-self.build_iotests = os.path.dirname(os.path.abspath(sys.argv[0]))
-else:
-# called from the source tree
-self.source_iotests = os.getcwd()
-self.build_iotests = self.source_iotests
+self.source_iotests = source_dir
+self.build_iotests = build_dir
 
 self.build_root = os.path.join(self.build_iotests, '..', '..')
 
-- 
2.39.2

[PATCH v2 21/32] iotests: print TAP protocol version when reporting tests

2023-03-15 Thread Alex Bennée 
From: Daniel P. Berrangé 

Recently meson started complaining that TAP test reports don't include
the TAP protocol version. While this warning is bogus and has since been
removed from Meson, it looks like good practice to include this header
going forward. The GLib library test harness has started unconditionally
printing the version, so this brings the I/O tests into line.

Reviewed-by: Thomas Huth 
Reviewed-by: Alex Bennée 
Signed-off-by: Daniel P. Berrangé 
Acked-by: Hanna Czenczek 
Tested-by: Thomas Huth 
Message-Id: <20230303160727.3977246-5-berra...@redhat.com>
Signed-off-by: Alex Bennée 
---
 tests/qemu-iotests/testrunner.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/qemu-iotests/testrunner.py b/tests/qemu-iotests/testrunner.py
index 5a771da86e..e734800b3d 100644
--- a/tests/qemu-iotests/testrunner.py
+++ b/tests/qemu-iotests/testrunner.py
@@ -391,6 +391,7 @@ def run_tests(self, tests: List[str], jobs: int = 1) -> 
bool:
 casenotrun = []
 
 if self.tap:
+print('TAP version 13')
 self.env.print_env('# ')
 print('1..%d' % len(tests))
 else:
-- 
2.39.2

[PATCH v2 15/32] *: Add missing includes of qemu/plugin.h

2023-03-15 Thread Alex Bennée 
From: Richard Henderson 

This had been pulled in from hw/core/cpu.h,
but that will be removed.

Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20230310195252.210956-6-richard.hender...@linaro.org>
[AJB: also syscall-trace.h]
Signed-off-by: Alex Bennée 
---
 include/user/syscall-trace.h | 1 +
 accel/tcg/cpu-exec-common.c  | 1 +
 cpu.c| 1 +
 linux-user/exit.c| 1 +
 linux-user/syscall.c | 1 +
 5 files changed, 5 insertions(+)

diff --git a/include/user/syscall-trace.h b/include/user/syscall-trace.h
index c5a220da34..90bda7631c 100644
--- a/include/user/syscall-trace.h
+++ b/include/user/syscall-trace.h
@@ -11,6 +11,7 @@
 #define SYSCALL_TRACE_H
 
 #include "exec/user/abitypes.h"
+#include "qemu/plugin.h"
 #include "trace/trace-root.h"
 
 /*
diff --git a/accel/tcg/cpu-exec-common.c b/accel/tcg/cpu-exec-common.c
index 176ea57281..e7962c9348 100644
--- a/accel/tcg/cpu-exec-common.c
+++ b/accel/tcg/cpu-exec-common.c
@@ -21,6 +21,7 @@
 #include "sysemu/cpus.h"
 #include "sysemu/tcg.h"
 #include "exec/exec-all.h"
+#include "qemu/plugin.h"
 
 bool tcg_allowed;
 
diff --git a/cpu.c b/cpu.c
index 567b23af46..849bac062c 100644
--- a/cpu.c
+++ b/cpu.c
@@ -42,6 +42,7 @@
 #include "hw/core/accel-cpu.h"
 #include "trace/trace-root.h"
 #include "qemu/accel.h"
+#include "qemu/plugin.h"
 
 uintptr_t qemu_host_page_size;
 intptr_t qemu_host_page_mask;
diff --git a/linux-user/exit.c b/linux-user/exit.c
index fd49d76f45..3017d28a3c 100644
--- a/linux-user/exit.c
+++ b/linux-user/exit.c
@@ -21,6 +21,7 @@
 #include "gdbstub/syscalls.h"
 #include "qemu.h"
 #include "user-internals.h"
+#include "qemu/plugin.h"
 #ifdef CONFIG_GPROF
 #include 
 #endif
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 24cea6fb6a..27871641f4 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -22,6 +22,7 @@
 #include "qemu/path.h"
 #include "qemu/memfd.h"
 #include "qemu/queue.h"
+#include "qemu/plugin.h"
 #include "target_mman.h"
 #include 
 #include 
-- 
2.39.2

[PATCH v2 03/32] scripts/ci: add libslirp-devel to build-environment

2023-03-15 Thread Alex Bennée 
Without libslip enabled we won't have user networking which means the
KVM tests won't run.

Reviewed-by: Thomas Huth 
Signed-off-by: Alex Bennée 
---
 scripts/ci/org.centos/stream/8/build-environment.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/ci/org.centos/stream/8/build-environment.yml 
b/scripts/ci/org.centos/stream/8/build-environment.yml
index 0d094d70c3..1ead77e2cb 100644
--- a/scripts/ci/org.centos/stream/8/build-environment.yml
+++ b/scripts/ci/org.centos/stream/8/build-environment.yml
@@ -55,6 +55,7 @@
   - librados-devel
   - librbd-devel
   - libseccomp-devel
+  - libslirp-devel
   - libssh-devel
   - libxkbcommon-devel
   - lzo-devel
-- 
2.39.2

[PATCH v2 32/32] contrib/gitdm: add group map for AMD

2023-03-15 Thread Alex Bennée 
AMD recently acquired Xilinx and contributors have been transitioning
their emails across.

Signed-off-by: Alex Bennée 
Cc: Vikram Garhwal 
Cc: Stefano Stabellini 
Cc: Sai Pavan Boddu 
Cc: Tong Ho 
Reviewed-by: Francisco Iglesias 
Message-Id: <20230310180332.2274827-11-alex.ben...@linaro.org>
---
 contrib/gitdm/domain-map| 1 -
 contrib/gitdm/group-map-amd | 8 
 gitdm.config| 1 +
 3 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 contrib/gitdm/group-map-amd

diff --git a/contrib/gitdm/domain-map b/contrib/gitdm/domain-map
index fa9cb5430f..f78c69fa54 100644
--- a/contrib/gitdm/domain-map
+++ b/contrib/gitdm/domain-map
@@ -49,6 +49,5 @@ virtuozzo.com   Virtuozzo
 vrull.euVRULL
 wdc.com Western Digital
 windriver.com   Wind River
-xilinx.com  Xilinx
 yadro.com   YADRO
 yandex-team.ru  Yandex
diff --git a/contrib/gitdm/group-map-amd b/contrib/gitdm/group-map-amd
new file mode 100644
index 00..bda4239a8a
--- /dev/null
+++ b/contrib/gitdm/group-map-amd
@@ -0,0 +1,8 @@
+# AMD acquired Xilinx and contributors have been slowly updating emails
+
+edgar.igles...@xilinx.com
+fnu.vik...@xilinx.com
+francisco.igles...@xilinx.com
+sai.pavan.bo...@xilinx.com
+stefano.stabell...@xilinx.com
+tong...@xilinx.com
diff --git a/gitdm.config b/gitdm.config
index df4ba829ca..9db43ca142 100644
--- a/gitdm.config
+++ b/gitdm.config
@@ -32,6 +32,7 @@ EmailMap contrib/gitdm/domain-map
 #
 
 GroupMap contrib/gitdm/group-map-alibaba Alibaba
+GroupMap contrib/gitdm/group-map-amd AMD
 GroupMap contrib/gitdm/group-map-cadence Cadence Design Systems
 GroupMap contrib/gitdm/group-map-codeweavers CodeWeavers
 GroupMap contrib/gitdm/group-map-facebook Facebook
-- 
2.39.2

[PATCH v2 01/32] tests/avocado: update AArch64 tests to Alpine 3.17.2

2023-03-15 Thread Alex Bennée 
From: Marcin Juszkiewicz 

To test Alpine boot on SBSA-Ref target we need Alpine Linux
'standard' image as 'virt' one lacks kernel modules.

So to minimalize Avocado cache I move test to 'standard' image.

Signed-off-by: Marcin Juszkiewicz 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20230310103123.2118519-2-alex.ben...@linaro.org>
Message-Id: <20230302191146.1790560-1-marcin.juszkiew...@linaro.org>
---
 tests/avocado/machine_aarch64_virt.py | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/avocado/machine_aarch64_virt.py 
b/tests/avocado/machine_aarch64_virt.py
index 25dab8dc00..a90dc6ff4b 100644
--- a/tests/avocado/machine_aarch64_virt.py
+++ b/tests/avocado/machine_aarch64_virt.py
@@ -38,11 +38,11 @@ def test_alpine_virt_tcg_gic_max(self):
 :avocado: tags=accel:tcg
 """
 iso_url = ('https://dl-cdn.alpinelinux.org/'
-   'alpine/v3.16/releases/aarch64/'
-   'alpine-virt-3.16.3-aarch64.iso')
+   'alpine/v3.17/releases/aarch64/'
+   'alpine-standard-3.17.2-aarch64.iso')
 
 # Alpine use sha256 so I recalculated this myself
-iso_sha1 = '0683bc089486d55c91bf6607d5ecb93925769bc0'
+iso_sha1 = '76284fcd7b41fe899b0c2375ceb8470803eea839'
 iso_path = self.fetch_asset(iso_url, asset_hash=iso_sha1)
 
 self.vm.set_console()
@@ -65,7 +65,7 @@ def test_alpine_virt_tcg_gic_max(self):
 self.vm.add_args('-object', 'rng-random,id=rng0,filename=/dev/urandom')
 
 self.vm.launch()
-self.wait_for_console_pattern('Welcome to Alpine Linux 3.16')
+self.wait_for_console_pattern('Welcome to Alpine Linux 3.17')
 
 
 def common_aarch64_virt(self, machine):
-- 
2.39.2

[PATCH v2 04/32] scripts/ci: update gitlab-runner playbook to handle CentOS

2023-03-15 Thread Alex Bennée 
This was broken when we moved to using the pre-built packages as we
didn't take care to ensure we used RPMs where required.

NB: I could never get this to complete on my test setup but I suspect
this was down to network connectivity and timeouts while downloading.

Fixes: 69c4befba1 (scripts/ci: update gitlab-runner playbook to use latest 
runner)
Signed-off-by: Alex Bennée 
---
 scripts/ci/setup/gitlab-runner.yml | 20 ++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/scripts/ci/setup/gitlab-runner.yml 
b/scripts/ci/setup/gitlab-runner.yml
index 95d4199c03..1a1b270ff2 100644
--- a/scripts/ci/setup/gitlab-runner.yml
+++ b/scripts/ci/setup/gitlab-runner.yml
@@ -48,13 +48,29 @@
 - debug:
 msg: gitlab-runner arch is {{ gitlab_runner_arch }}
 
-- name: Download the matching gitlab-runner
+- name: Download the matching gitlab-runner (DEB)
   get_url:
 dest: "/root/"
 url: 
"https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_{{ 
gitlab_runner_arch }}.deb"
+  when:
+- ansible_facts['distribution'] == 'Ubuntu'
+
+- name: Download the matching gitlab-runner (RPM)
+  get_url:
+dest: "/root/"
+url: 
"https://gitlab-runner-downloads.s3.amazonaws.com/latest/rpm/gitlab-runner_{{ 
gitlab_runner_arch }}.rpm"
+  when:
+- ansible_facts['distribution'] == 'CentOS'
 
-- name: Install gitlab-runner via package manager
+- name: Install gitlab-runner via package manager (DEB)
   apt: deb="/root/gitlab-runner_{{ gitlab_runner_arch }}.deb"
+  when:
+- ansible_facts['distribution'] == 'Ubuntu'
+
+- name: Install gitlab-runner via package manager (RPM)
+  yum: name="/root/gitlab-runner_{{ gitlab_runner_arch }}.rpm"
+  when:
+- ansible_facts['distribution'] == 'CentOS'
 
 - name: Register the gitlab-runner
   command: "/usr/bin/gitlab-runner register --non-interactive --url {{ 
gitlab_runner_server_url }} --registration-token {{ 
gitlab_runner_registration_token }} --executor shell --tag-list {{ 
ansible_facts[\"architecture\"] }},{{ ansible_facts[\"distribution\"]|lower 
}}_{{ ansible_facts[\"distribution_version\"] }} --description '{{ 
ansible_facts[\"distribution\"] }} {{ ansible_facts[\"distribution_version\"] 
}} {{ ansible_facts[\"architecture\"] }} ({{ ansible_facts[\"os_family\"] }})'"
-- 
2.39.2

[PATCH v2 00/32] tweaks and fixes for 8.0-rc1 (tests, plugins, docs)

2023-03-15 Thread Alex Bennée 
As usual for softfreeze I switch from my usual maintainer trees to
collecting up miscellaneous fixes and tweaks as we stabilise the
build. I was intending to send it as a PR but I had to squash a number
of CI failures by adding stuff to:

  *: Add missing includes of qemu/error-report.h
  *: Add missing includes of qemu/plugin.h

so I thought it was worth another spin and I can cut the PR from this
if the reviews are ok.

Since v1:
  - grabbed Daniel's iotest cleanup for CI
  - new version of Richard's plugin fix
  - a number of gitdm updates

I've left:
  tests/tcg: disable pauth for aarch64 gdb tests

in for now, but I can easily drop it for the PR as it seems the
consensus is there will be stable updates to gdb that no longer crash
on our pauth support.

The following still need review:

 - contrib/gitdm: add more individual contributors (1 acks, 1 sobs)
 - tests/tcg: add some help output for running individual tests
 - include/qemu: add documentation for memory callbacks
 - gitlab: update centos-8-stream job
 - scripts/ci: update gitlab-runner playbook to handle CentOS
 - tests/docker: all add DOCKER_BUILDKIT to RUNC environment

Alex Bennée (16):
  tests/docker: all add DOCKER_BUILDKIT to RUNC environment
  scripts/ci: add libslirp-devel to build-environment
  scripts/ci: update gitlab-runner playbook to handle CentOS
  gitlab: update centos-8-stream job
  include/qemu: add documentation for memory callbacks
  tests/tcg: add some help output for running individual tests
  tests/tcg: disable pauth for aarch64 gdb tests
  include/exec: fix kerneldoc definition
  tests/avocado: don't use tags to define drive
  contrib/gitdm: Add ASPEED Technology to the domain map
  contrib/gitdm: Add SYRMIA to the domain map
  contrib/gitdm: add Amazon to the domain map
  contrib/gitdm: add Alibaba to the domain-map
  contrib/gitdm: add revng to domain map
  contrib/gitdm: add more individual contributors
  contrib/gitdm: add group map for AMD

Daniel P. Berrangé (8):
  iotests: explicitly pass source/build dir to 'check' command
  iotests: allow test discovery before building
  iotests: strip subdir path when listing tests
  iotests: print TAP protocol version when reporting tests
  iotests: connect stdin to /dev/null when running tests
  iotests: always use a unique sub-directory per test
  iotests: register each I/O test separately with meson
  iotests: remove the check-block.sh script

Marcin Juszkiewicz (1):
  tests/avocado: update AArch64 tests to Alpine 3.17.2

Richard Henderson (7):
  tcg: Clear plugin_mem_cbs on TB exit
  tcg: Drop plugin_gen_disable_mem_helpers from tcg_gen_exit_tb
  include/qemu/plugin: Remove QEMU_PLUGIN_ASSERT
  *: Add missing includes of qemu/error-report.h
  *: Add missing includes of qemu/plugin.h
  include/qemu: Split out plugin-event.h
  include/qemu/plugin: Inline qemu_plugin_disable_mem_helpers

 include/exec/memory.h |  2 +-
 include/hw/core/cpu.h |  2 +-
 include/qemu/plugin-event.h   | 26 
 include/qemu/plugin.h | 27 ++---
 include/qemu/qemu-plugin.h| 47 +--
 include/user/syscall-trace.h  |  1 +
 accel/accel-softmmu.c |  2 +-
 accel/tcg/cpu-exec-common.c   |  3 +
 accel/tcg/cpu-exec.c  |  5 +-
 block/monitor/block-hmp-cmds.c|  1 +
 cpu.c |  1 +
 dump/dump.c   |  1 +
 dump/win_dump.c   |  1 +
 gdbstub/gdbstub.c |  1 +
 hw/arm/collie.c   |  2 +
 hw/arm/cubieboard.c   |  1 +
 hw/arm/musicpal.c |  2 +
 hw/arm/npcm7xx_boards.c   |  2 +
 hw/arm/nseries.c  |  2 +
 hw/arm/omap_sx1.c |  2 +
 hw/arm/orangepi.c |  1 +
 hw/arm/palm.c |  2 +
 hw/core/loader.c  |  1 +
 hw/core/machine-smp.c |  2 +
 hw/i386/kvm/xen_xenstore.c|  1 +
 hw/i386/sgx.c |  1 +
 hw/intc/apic.c|  1 +
 hw/loongarch/acpi-build.c |  1 +
 hw/loongarch/virt.c   |  2 +
 hw/m68k/next-cube.c   |  1 +
 hw/m68k/q800.c|  1 +
 hw/m68k/virt.c|  1 +
 hw/mem/memory-device.c|  1 +
 hw/mem/sparse-mem.c   |  1 +
 hw/openrisc/boot.c|  1 +
 hw/ppc/spapr_softmmu.c|  2 +
 hw/riscv/opentitan.c  |  1 +
 hw/riscv/shakti_c.c   |  1 +
 hw/riscv/virt-acpi-build.c

Re: [PATCH] vdpa: fix emulated guest announce feature status handling

2023-03-15 Thread Gautam Dawar 



On 3/3/23 20:28, Eugenio Perez Martin wrote:

Caution: This message originated from an External Source. Use proper caution 
when opening attachments, clicking links, or responding.


On Fri, Mar 3, 2023 at 12:58 PM Gautam Dawar  wrote:

Guest announce capability is emulated by qemu in the .avail_handler
shadow virtqueue operation. It updates the status to success in
`*s->status` but incorrectly fetches the command execution
status from local variable `status` later in call to iov_from_buf().
As `status` is initialized to VIRTIO_NET_ERR, it results in a
warning "Failed to ack link announce" in virtio_net driver's
virtnet_ack_link_announce() function after VM Live Migration.
Also, I noticed an invalid check in vhost_vdpa_net_handle_ctrl_avail()
that reports an error because status is not updated in call to
virtio_net_handle_ctrl_iov():


status should be updated through &in. It is declared as:
const struct iovec in = {
 .iov_base = &status,
 .iov_len = sizeof(status),
 };

And it should be filled at the end of virtio_net_handle_ctrl_iov with a call to:
 s = iov_from_buf(in_sg, in_num, 0, &status, sizeof(status));


Apologies for a delayed response. This totally makes sense and I've not 
been able to reproduce this issue.




How do you obtain different values? Maybe const optimizations is
invalid and the compiler thinks virtio_net_handle_ctrl_iov will never
change status?

Thanks!


I think the issue might have been a result of incorrectly returning 
VIRTIO_NET_F_GUEST_ANNOUNCE in the device features without handling of 
VIRTIO_NET_CTRL_ANNOUNCE_ACK in the parent vdpa driver.


We can drop this patch.

Gautam


 virtio_net_handle_ctrl_iov(svq->vdev, &in, 1, &out, 1);
 if (status != VIRTIO_NET_OK) {
 error_report("Bad CVQ processing in model");
 }
Adding an optional OUT status parameter to virtio_net_handle_ctrl_iov()
would help resolving this issue and also send the correct status
value to the virtio-net driver.

Signed-off-by: Gautam Dawar 
---
  hw/net/virtio-net.c| 9 +++--
  include/hw/virtio/virtio-net.h | 3 ++-
  net/vhost-vdpa.c   | 3 +--
  3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 3ae909041a..36a75592da 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1503,7 +1503,8 @@ static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
  size_t virtio_net_handle_ctrl_iov(VirtIODevice *vdev,
const struct iovec *in_sg, unsigned in_num,
const struct iovec *out_sg,
-  unsigned out_num)
+  unsigned out_num,
+ virtio_net_ctrl_ack *status_out)
  {
  VirtIONet *n = VIRTIO_NET(vdev);
  struct virtio_net_ctrl_hdr ctrl;
@@ -1514,6 +1515,8 @@ size_t virtio_net_handle_ctrl_iov(VirtIODevice *vdev,
  if (iov_size(in_sg, in_num) < sizeof(status) ||
  iov_size(out_sg, out_num) < sizeof(ctrl)) {
  virtio_error(vdev, "virtio-net ctrl missing headers");
+   if (status_out)
+   *status_out = status;
  return 0;
  }

@@ -1540,6 +1543,8 @@ size_t virtio_net_handle_ctrl_iov(VirtIODevice *vdev,
  assert(s == sizeof(status));

  g_free(iov2);
+if (status_out)
+   *status_out = status;
  return sizeof(status);
  }

@@ -1555,7 +1560,7 @@ static void virtio_net_handle_ctrl(VirtIODevice *vdev, 
VirtQueue *vq)
  }

  written = virtio_net_handle_ctrl_iov(vdev, elem->in_sg, elem->in_num,
- elem->out_sg, elem->out_num);
+ elem->out_sg, elem->out_num, 
NULL);
  if (written > 0) {
  virtqueue_push(vq, elem, written);
  virtio_notify(vdev, vq);
diff --git a/include/hw/virtio/virtio-net.h b/include/hw/virtio/virtio-net.h
index ef234ffe7e..da76cc414d 100644
--- a/include/hw/virtio/virtio-net.h
+++ b/include/hw/virtio/virtio-net.h
@@ -224,7 +224,8 @@ struct VirtIONet {
  size_t virtio_net_handle_ctrl_iov(VirtIODevice *vdev,
const struct iovec *in_sg, unsigned in_num,
const struct iovec *out_sg,
-  unsigned out_num);
+  unsigned out_num,
+ virtio_net_ctrl_ack *status);
  void virtio_net_set_netclient_name(VirtIONet *n, const char *name,
 const char *type);

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index de5ed8ff22..c72b338633 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -638,8 +638,7 @@ static int 
vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
  return VIRTIO_NET_ERR;
  }

-status = VIRTIO_NET_ERR;
-virtio_net_handle_ctrl_iov(svq->vdev, &in, 1, &out, 1);
+virtio

Re: [PATCH v2 02/30] include/exec/memop: Add bits describing atomicity

2023-03-15 Thread Philippe Mathieu-Daudé 

On 16/2/23 03:57, Richard Henderson wrote:

These bits may be used to describe the precise atomicity
requirements of the guest, which may then be used to
constrain the methods by which it may be emulated by the host.

For instance, the AArch64 LDP (32-bit) instruction changes
semantics with ARMv8.4 LSE2, from

   MO_64 | MO_ATMAX_4 | MO_ATOM_IFALIGN
   (64-bits, single-copy atomic only on 4 byte units,
nonatomic if not aligned by 4),

to

   MO_64 | MO_ATMAX_SIZE | MO_ATOM_WITHIN16
   (64-bits, single-copy atomic within a 16 byte block)

The former may be implemented with two 4 byte loads, or
a single 8 byte load if that happens to be efficient on
the host.  The latter may not, and may also require a
helper when misaligned.

Signed-off-by: Richard Henderson 
---
  include/exec/memop.h | 36 
  1 file changed, 36 insertions(+)


Reviewed-by: Philippe Mathieu-Daudé

Re: [PATCH v2 14/30] tcg/i386: Add have_atomic16

2023-03-15 Thread Philippe Mathieu-Daudé 

On 16/2/23 03:57, Richard Henderson wrote:

Notice when Intel or AMD have guaranteed that vmovdqa is atomic.
The new variable will also be used in generated code.

Signed-off-by: Richard Henderson 
---
  include/qemu/cpuid.h  | 18 ++
  tcg/i386/tcg-target.h |  1 +
  tcg/i386/tcg-target.c.inc | 27 +++
  3 files changed, 46 insertions(+)

diff --git a/include/qemu/cpuid.h b/include/qemu/cpuid.h



+/*
+ * Signatures for different CPU implementations as returned from Leaf 0.
+ */
+
+#ifndef signature_INTEL_ecx
+/* "Genu" "ineI" "ntel" */
+#define signature_INTEL_ebx 0x756e6547
+#define signature_INTEL_edx 0x49656e69
+#define signature_INTEL_ecx 0x6c65746e
+#endif
+
+#ifndef signature_AMD_ecx
+/* "Auth" "enti" "cAMD" */
+#define signature_AMD_ebx   0x68747541
+#define signature_AMD_edx   0x69746e65
+#define signature_AMD_ecx   0x444d4163
+#endif


Hmm, I see the "??? Irritating that we have the same information in
target/i386/." comment from commit 5dd8990841 ("util: Introduce
include/qemu/cpuid.h") :/

  1   2   3   >