[PULL 09/16] hw/i386/microvm: Simplify using object_dynamic_cast()

[Michael Tokarev]

From: Philippe Mathieu-Daudé 

Use object_dynamic_cast() to determine if 'dev' is a TYPE_VIRTIO_MMIO.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Reviewed-by: Sergio Lopez 
Signed-off-by: Michael Tokarev 
---
 hw/i386/microvm.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c
index 3d606a20b4..7227a2156c 100644
--- a/hw/i386/microvm.c
+++ b/hw/i386/microvm.c
@@ -389,9 +389,8 @@ static void microvm_fix_kernel_cmdline(MachineState 
*machine)
 bus = sysbus_get_default();
 QTAILQ_FOREACH(kid, &bus->children, sibling) {
 DeviceState *dev = kid->child;
-ObjectClass *class = object_get_class(OBJECT(dev));
 
-if (class == object_class_by_name(TYPE_VIRTIO_MMIO)) {
+if (object_dynamic_cast(OBJECT(dev), TYPE_VIRTIO_MMIO)) {
 VirtIOMMIOProxy *mmio = VIRTIO_MMIO(OBJECT(dev));
 VirtioBusState *mmio_virtio_bus = &mmio->bus;
 BusState *mmio_bus = &mmio_virtio_bus->parent_obj;
-- 
2.39.2

[PULL 04/16] hw/remote: Fix vfu_cfg trace offset format

[Michael Tokarev]

From: Mattias Nissler 

The printed offset value is prefixed with 0x, but was actually printed
in decimal. To spare others the confusion, adjust the format specifier
to hexadecimal.

Signed-off-by: Mattias Nissler 
Reviewed-by: Jagannathan Raman 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Michael Tokarev 
---
 hw/remote/trace-events | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/remote/trace-events b/hw/remote/trace-events
index c167b3c7a5..0d1b7d56a5 100644
--- a/hw/remote/trace-events
+++ b/hw/remote/trace-events
@@ -5,8 +5,8 @@ mpqemu_recv_io_error(int cmd, int size, int nfds) "failed to 
receive %d size %d,
 
 # vfio-user-obj.c
 vfu_prop(const char *prop, const char *val) "vfu: setting %s as %s"
-vfu_cfg_read(uint32_t offset, uint32_t val) "vfu: cfg: 0x%u -> 0x%x"
-vfu_cfg_write(uint32_t offset, uint32_t val) "vfu: cfg: 0x%u <- 0x%x"
+vfu_cfg_read(uint32_t offset, uint32_t val) "vfu: cfg: 0x%x -> 0x%x"
+vfu_cfg_write(uint32_t offset, uint32_t val) "vfu: cfg: 0x%x <- 0x%x"
 vfu_dma_register(uint64_t gpa, size_t len) "vfu: registering GPA 0x%"PRIx64", 
%zu bytes"
 vfu_dma_unregister(uint64_t gpa) "vfu: unregistering GPA 0x%"PRIx64""
 vfu_bar_register(int i, uint64_t addr, uint64_t size) "vfu: BAR %d: addr 
0x%"PRIx64" size 0x%"PRIx64""
-- 
2.39.2

[PULL 00/16] trivial patches 2023-06-10

[Michael Tokarev]

Hi here!

This is my first pullreq in quite some years.

It looks like there has been quite some trivial patches which were forgotten,
so I thought I'd give it a shot at least.

And since I haven't done a PR in a while, I basically forgot how to do it
properly :)

Please note: there are 2 patches in there which are *not* reviewed.  Being
a trivial-patch collection, they're "obviously correct", - namely these are
spelling fixes ("information") and adding comments in linux-user/syscall.c.
If that's not okay, let's remove these 2 changes and apply the rest.

Thanks,

/mjt

The following changes since commit 5f9dd6a8ce3961db4ce47411ed2097ad88bdf5fc:

  Merge tag 'pull-9p-20230608' of https://github.com/cschoenebeck/qemu into 
staging (2023-06-08 08:47:35 -0700)

are available in the Git repository at:

  https://gitlab.com/mjt0k/qemu.git tags/trivial-patches-20230610

for you to fetch changes up to e928907105cfeb48b68cedce232bbd4784536707:

  linux-user: elfload: Specify -R is an option for qemu-user binaries 
(2023-06-10 09:40:46 +0300)


trivial-patches-20230610


Anastasia Belova (1):
  vnc: move assert in vnc_worker_thread_loop

Andrew Jeffery (2):
  linux-user: elfload: s/min_mmap_addr/mmap_min_addr/
  linux-user: elfload: Specify -R is an option for qemu-user binaries

Carlos Santos (1):
  meson: install keyboard maps only if necessary

Mattias Nissler (1):
  hw/remote: Fix vfu_cfg trace offset format

Michael Tokarev (4):
  hw/virtio/virtio-qmp.c: spelling: suppoted
  spelling: information
  block.c: add newline for "Detected format" warning
  linux-user: add comments for TARGET_NR_[gs]etgroups{,32}

Milan Zamazal (1):
  docs: Fix trivial typos in vhost-user.rst

Peter Maydell (1):
  linux-user: Return EINVAL for getgroups() with negative gidsetsize

Philippe Mathieu-Daudé (5):
  target/m68k/fpu_helper: Use FloatRelation enum to hold comparison result
  hw/core/cpu: Simplify realize() using MACHINE_GET_CLASS() macro
  hw/i386/microvm: Simplify using object_dynamic_cast()
  hw/pci/pci: Simplify pci_bar_address() using MACHINE_GET_CLASS() macro
  hw/usb/hcd-ehci-pci: Simplify using DEVICE_GET_CLASS() macro

 block.c|  2 +-
 docs/system/devices/vhost-user.rst |  4 ++--
 hw/core/cpu-common.c   |  3 +--
 hw/i386/microvm.c  |  3 +--
 hw/pci/pci.c   |  4 +---
 hw/remote/trace-events |  4 ++--
 hw/usb/hcd-ehci-pci.c  |  2 +-
 hw/virtio/virtio-qmp.c |  2 +-
 include/ui/clipboard.h |  2 +-
 linux-user/elfload.c   |  5 +++--
 linux-user/syscall.c   | 12 ++--
 pc-bios/keymaps/meson.build|  6 --
 qapi/cryptodev.json|  2 +-
 qga/qapi-schema.json   |  2 +-
 target/m68k/fpu_helper.c   |  4 ++--
 ui/vnc-jobs.c  |  3 ++-
 16 files changed, 30 insertions(+), 30 deletions(-)

[PULL 02/16] hw/virtio/virtio-qmp.c: spelling: suppoted

[Michael Tokarev]

Fixes: f3034ad71fcd0a6a58bc37830f182b307f089159
Signed-off-by: Michael Tokarev 
Reviewed-by: Stefan Weil 
---
 hw/virtio/virtio-qmp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/virtio/virtio-qmp.c b/hw/virtio/virtio-qmp.c
index b5e1835299..3528fc628d 100644
--- a/hw/virtio/virtio-qmp.c
+++ b/hw/virtio/virtio-qmp.c
@@ -331,7 +331,7 @@ static const qmp_virtio_feature_map_t 
virtio_net_feature_map[] = {
 static const qmp_virtio_feature_map_t virtio_scsi_feature_map[] = {
 FEATURE_ENTRY(VIRTIO_SCSI_F_INOUT, \
 "VIRTIO_SCSI_F_INOUT: Requests including read and writable data "
-"buffers suppoted"),
+"buffers supported"),
 FEATURE_ENTRY(VIRTIO_SCSI_F_HOTPLUG, \
 "VIRTIO_SCSI_F_HOTPLUG: Reporting and handling hot-plug events "
 "supported"),
-- 
2.39.2

[PULL 15/16] linux-user: elfload: s/min_mmap_addr/mmap_min_addr/

[Michael Tokarev]

From: Andrew Jeffery 

As-is the error message can cause some confusion as the mentioned sysctl
attribute name is wrong:

https://www.kernel.org/doc/html/latest/admin-guide/sysctl/vm.html#mmap-min-addr

Signed-off-by: Andrew Jeffery 
Reviewed-by: Michael Tokarev 
Signed-off-by: Michael Tokarev 
---
 linux-user/elfload.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index d80d68484b..76874833e3 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2798,7 +2798,7 @@ static void pgb_reserved_va(const char *image_name, 
abi_ulong guest_loaddr,
 if (addr == MAP_FAILED || addr != test) {
 error_report("Unable to reserve 0x%lx bytes of virtual address "
  "space at %p (%s) for use as guest address space (check 
your "
- "virtual memory ulimit setting, min_mmap_addr or reserve 
less "
+ "virtual memory ulimit setting, mmap_min_addr or reserve 
less "
  "using -R option)", reserved_va + 1, test, 
strerror(errno));
 exit(EXIT_FAILURE);
 }
-- 
2.39.2

Re: [PATCH] accel/kvm/kvm-all: Handle register access errors

[Akihiko Odaki]

On 2022/12/01 20:00, Akihiko Odaki wrote:

On 2022/12/01 19:40, Peter Maydell wrote:
On Thu, 1 Dec 2022 at 10:27, Akihiko Odaki  
wrote:


A register access error typically means something seriously wrong
happened so that anything bad can happen after that and recovery is
impossible.
Even failing one register access is catastorophic as
architecture-specific code are not written so that it torelates such
failures.

Make sure the VM stop and nothing worse happens if such an error occurs.

Signed-off-by: Akihiko Odaki 


In a similar vein there was also
https://lore.kernel.org/all/20220617144857.34189-1-pet...@redhat.com/
back in June, which on the one hand was less comprehensive but on
the other does the plumbing to pass the error upwards rather than
reporting it immediately at point of failure.

I'm in principle in favour but suspect we'll run into some corner
cases where we were happily ignoring not-very-important failures
(eg if you're running Linux as the host OS on a Mac M1 and your
host kernel doesn't have this fix:
https://lore.kernel.org/all/ynhz6cw5onr2e...@google.com/T/
then QEMU will go from "works by sheer luck" to "consistently
hits this error check"). So we should aim to land this extra
error checking early in the release cycle so we have plenty of
time to deal with any bug reports we get about it.

thanks
-- PMM


Actually I found this problem when I tried to run QEMU with KVM on M2 
MacBook Air and encountered a failure described and fixed at:

https://lore.kernel.org/all/20221201104914.28944-2-akihiko.od...@daynix.com/

Although the affected register was not really important, QEMU couldn't 
run the guest well enough because kvm_arch_put_registers for ARM64 is 
written in a way that it fails early. I guess the situation is not so 
different for other architectures as well.


I still agree that this should be postponed until a new release cycle 
starts as register saving/restoring is too important to fail.


Regards,
Akihiko Odaki


Hi,

QEMU 8.0 is already released so I think it's time to revisit this.

Regards,
Akihiko Odaki

Re: [PATCH] accel/kvm: Specify default IPA size for arm64

[Akihiko Odaki]

On 2023/04/24 19:58, Akihiko Odaki wrote:

On 2023/01/16 20:18, Peter Maydell wrote:
On Sat, 14 Jan 2023 at 06:49, Akihiko Odaki  
wrote:


On 2023/01/14 14:23, Richard Henderson wrote:

On 1/8/23 22:22, Akihiko Odaki wrote:

libvirt uses "none" machine type to test KVM availability. Before this
change, QEMU used to pass 0 as machine type when calling 
KVM_CREATE_VM.


The kernel documentation says:

On arm64, the physical address size for a VM (IPA Size limit) is
limited to 40bits by default. The limit can be configured if the host
supports the extension KVM_CAP_ARM_VM_IPA_SIZE. When supported, use
KVM_VM_TYPE_ARM_IPA_SIZE(IPA_Bits) to set the size in the machine 
type

identifier, where IPA_Bits is the maximum width of any physical
address used by the VM. The IPA_Bits is encoded in bits[7-0] of the
machine type identifier.

e.g, to configure a guest to use 48bit physical address size::

  vm_fd = ioctl(dev_fd, KVM_CREATE_VM, 
KVM_VM_TYPE_ARM_IPA_SIZE(48));


The requested size (IPA_Bits) must be:

   ==   =
    0   Implies default size, 40bits (for backward compatibility)
    N   Implies N bits, where N is a positive integer such that,
    32 <= N <= Host_IPA_Limit
   ==   =



Host_IPA_Limit is the maximum possible value for IPA_Bits on the host
and is dependent on the CPU capability and the kernel configuration.
The limit can be retrieved using KVM_CAP_ARM_VM_IPA_SIZE of the
KVM_CHECK_EXTENSION ioctl() at run-time.

Creation of the VM will fail if the requested IPA size (whether it is
implicit or explicit) is unsupported on the host.

https://docs.kernel.org/virt/kvm/api.html#kvm-create-vm

So if Host_IPA_Limit < 40, such KVM_CREATE_VM will fail, and libvirt
incorrectly thinks KVM is not available. This actually happened on M2
MacBook Air.

Fix this by specifying 32 for IPA_Bits as any arm64 system should
support the value according to the documentation.

Signed-off-by: Akihiko Odaki 
---
   accel/kvm/kvm-all.c | 4 
   1 file changed, 4 insertions(+)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index e86c33e0e6..776ac7efcc 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2294,7 +2294,11 @@ static int kvm_init(MachineState *ms)
   KVMState *s;
   const KVMCapabilityInfo *missing_cap;
   int ret;
+#ifdef TARGET_AARCH64
+    int type = 32;
+#else
   int type = 0;
+#endif


No need for an ifdef.  Down below we have,

  if (object_property_find(OBJECT(current_machine), "kvm-type")) {
  g_autofree char *kvm_type =
object_property_get_str(OBJECT(current_machine),
  
"kvm-type",
  
&error_abort);

  type = mc->kvm_type(ms, kvm_type);
  } else if (mc->kvm_type) {
  type = mc->kvm_type(ms, NULL);
  }

and the aarch64 -M virt machine provides virt_kvm_type as mc->kvm_type.

How did you hit this?  Are you trying to implement your own board 
model?


Looking at this, I'm surprised this is a board hook and not a cpu hook.
But I suppose the architecture specific 'type' can hide any number of
sins.  Anyway, if you are doing your own board model, I suggest
arranging to share the virt board hook -- maybe moving it to
target/arm/kvm.c in the process?



I hit this problem when I used libvirt; libvirt uses "none" machine type
to probe the availability of KVM and "none" machine type does not
provide kvm_type hook.

As the implementation of "none" machine type is shared among different
architectures, we cannot remove ifdef by moving it to the hook.

Although implementing the hook for "none" machine type is still
possible, I  think the default type should provide the lowest common
denominator and "none" machine type shouldn't try to work around when
the type is wrong. Otherwise it doesn't make sense to provide the 
"default".


Yes, the problem is that the 'none' board type is all
architecture-independent code, and so is this kvm_init() code, so
there's no obvious arm-specific place to say "pick the best IPA size
that will work for this host".

Perhaps we should create somewhere in here a target-arch specific
hook: we already have ifdefs in this function for S390X and PPC
(printing some special case error strings if the ioctl fails), so
maybe a hook that does "take the type provided by the machine hook,
if any, sanitize or reject it, do the ioctl call, print arch-specific
help/error messages if relevant" ? Paolo, do you have an opinion?

thanks
-- PMM


Hi Paolo,

I have sent this patch a while ago but it's kind of missed so I'm about 
to push this forward again. Can you have a look at this?


Regards,
Akihiko Odaki


ping?

Re: QEMU virt (arm64) does not honor reserved-memory set in device tree

[Gavin Shan]

Hi Mohd,

On 6/10/23 10:01 AM, Mohd Yusuf Abdul Hamid wrote:

I am trying to reserve a portion of the system memory in QEMU (arm64 virt), 
v7.2.1 - but the kernel never honors the reserved memory area and keeps using 
the area.

Say, I dumped out DTB and added:

reserved-memory {
   #address-cells = <0x02>;
   #size-cells = <0x02>;

   rsvdram@5000 {
   no-map;
   reg = <0x00 0x5000 0x00 0x2000>;
   };
};

When booted, /proc/iomem still shows the kernel is using the entire space - eg 
2GB.

Is this a supported feature or I would need to modify the virt.c and define 
scratch area for some device driver scratch area.



It relies on the guest kernel to handle the device-tree and the device-tree node
for the reserved map. I doubt if you had ACPI over device-tree in the guest 
kernel's
configuration. In this case, the reserved memory regions need to be specified in
ACPI tables instead of device-tree.

Thanks,
Gavin

QEMU virt (arm64) does not honor reserved-memory set in device tree

[Mohd Yusuf Abdul Hamid]

Hi,
I am trying to reserve a portion of the system memory in QEMU (arm64 virt),
v7.2.1 - but the kernel never honors the reserved memory area and keeps
using the area.

Say, I dumped out DTB and added:

reserved-memory {
  #address-cells = <0x02>;
  #size-cells = <0x02>;

  rsvdram@5000 {
  no-map;
  reg = <0x00 0x5000 0x00 0x2000>;
  };
};

When booted, /proc/iomem still shows the kernel is using the entire space -
eg 2GB.

Is this a supported feature or I would need to modify the virt.c and define
scratch area for some device driver scratch area.

Mohd Yusuf Abdul Hamid

Re: [EXT] Re: [Qemu RFC 0/7] Early enabling of DCD emulation in Qemu

[Shesha Bhushan Sreenivasamurthy]

From: Ira Weiny 
Sent: Friday, June 9, 2023 2:06 PM
To: ni...@outlook.com ; Ira Weiny ; 
Shesha Bhushan Sreenivasamurthy 
Cc: Shesha Bhushan Sreenivasamurthy ; Fan Ni 
; Jonathan Cameron ; 
qemu-devel@nongnu.org ; linux-...@vger.kernel.org 
; gregory.pr...@memverge.com 
; hch...@avery-design.com.tw 
; cbr...@avery-design.com 
; dan.j.willi...@intel.com ; 
Adam Manzanares ; d...@stgolabs.net 
; nmtadam.sams...@gmail.com 
Subject: [EXT] Re: [Qemu RFC 0/7] Early enabling of DCD emulation in Qemu 
 
External Email

--
ni...@outlook.com wrote:
> The 06/08/2023 08:43, Ira Weiny wrote:
> > Shesha Bhushan Sreenivasamurthy wrote:

[snip]

> 
> Hi Ira & Shesha,
> FYI. I reabased my patch series on top of the above branch and created a new
> branch here:
> 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_moking_qemu-2Ddcd-2Dpreview-2Dlatest_tree_dcd-2Dpreview&d=DwIBAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=Zta64bwn4nurTRpD4LY2OGr8KklkMRPn7Z_Qy0o4unU&m=SvyB_49EIFUT8-ZEVgIEYYjU6-zGTX4wb30kuNLUhkTSHYZK5-C0Gxr7uvefhtj4&s=MFD7qlSaTuy-w6aDmavIMbSP_aeaqZmSML7IVOX5jLs&e=
>  

Thanks!

> 
> It passes the same tests as shown here:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lore.kernel.org_linux-2Dcxl_6481f70fca5c2-5Fc82be29440-40iweiny-2Dmobl.notmuch_T_-23m76f6e85ce3d7292b1982960eb22086ee03922166&d=DwIBAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=Zta64bwn4nurTRpD4LY2OGr8KklkMRPn7Z_Qy0o4unU&m=SvyB_49EIFUT8-ZEVgIEYYjU6-zGTX4wb30kuNLUhkTSHYZK5-C0Gxr7uvefhtj4&s=e-fQOi0RzSZXxfSz37Bpz1sKtp7Yy0MWqonZnswK0RU&e=
>  

I've not gotten very far with this testing.  But I did find that regular
type 3 devices don't work with this change.  I used the patch below to get
this working.  Was there something I was missing to configure a non-DCD
device?

I don't particularly like adding another bool to this call stack.  Seems
like this calls for a flags field but I want to move on to DCD work so I
hacked this in.

I am working on the DCD FM-API commands here -
https://gitlab.com/sheshas/qemu-fmapi/-/tree/cxl-2023-05-25
-Shesha

Ira

commit ed27935044dcbd2c6ba71f8411b218621f3f4167
Author: Ira Weiny 
Date:   Fri Jun 9 13:56:33 2023 -0700

    hw/mem/cxl_type3: Exclude DCD from CEL when type3 is not DCD
    
    Per CXL 3.0 9.13.3 Dynamic Capacity Device (DCD) when the type 3 memory
    device does not have DCD support the CEL should not include DCD
    configuration commands.
    
    If the number of DC regions supported is 0 skip the DCD commands in the
    CEL.
    
    Applies on top of Fan Ni's work here:
    
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_moking_qemu-2Ddcd-2Dpreview-2Dlatest_tree_dcd-2Dpreview&d=DwIBAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=Zta64bwn4nurTRpD4LY2OGr8KklkMRPn7Z_Qy0o4unU&m=SvyB_49EIFUT8-ZEVgIEYYjU6-zGTX4wb30kuNLUhkTSHYZK5-C0Gxr7uvefhtj4&s=MFD7qlSaTuy-w6aDmavIMbSP_aeaqZmSML7IVOX5jLs&e=
 
    
    Not-yet-Signed-off-by: Ira Weiny 

diff --git a/hw/cxl/cxl-device-utils.c b/hw/cxl/cxl-device-utils.c
index a4a2c6a80004..262e35935563 100644
--- a/hw/cxl/cxl-device-utils.c
+++ b/hw/cxl/cxl-device-utils.c
@@ -288,7 +288,7 @@ static void mailbox_reg_init_common(CXLDeviceState 
*cxl_dstate)
 
 static void memdev_reg_init_common(CXLDeviceState *cxl_dstate) { }
 
-void cxl_device_register_init_common(CXLDeviceState *cxl_dstate)
+void cxl_device_register_init_common(CXLDeviceState *cxl_dstate, bool is_dcd)
 {
 uint64_t *cap_hdrs = cxl_dstate->caps_reg_state64;
 const int cap_count = 3;
@@ -307,7 +307,7 @@ void cxl_device_register_init_common(CXLDeviceState 
*cxl_dstate)
 cxl_device_cap_init(cxl_dstate, MEMORY_DEVICE, 0x4000, 1);
 memdev_reg_init_common(cxl_dstate);
 
-    cxl_initialize_mailbox(cxl_dstate, false);
+    cxl_initialize_mailbox(cxl_dstate, false, is_dcd);
 }
 
 void cxl_device_register_init_swcci(CXLDeviceState *cxl_dstate)
@@ -329,7 +329,7 @@ void cxl_device_register_init_swcci(CXLDeviceState 
*cxl_dstate)
 cxl_device_cap_init(cxl_dstate, MEMORY_DEVICE, 0x4000, 1);
 memdev_reg_init_common(cxl_dstate);
 
-    cxl_initialize_mailbox(cxl_dstate, true);
+    cxl_initialize_mailbox(cxl_dstate, true, false);
 }
 
 uint64_t cxl_device_get_timestamp(CXLDeviceState *cxl_dstate)
diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
index 93b26e717c94..80e9cb9a8f04 100644
--- a/hw/cxl/cxl-mailbox-utils.c
+++ b/hw/cxl/cxl-mailbox-utils.c
@@ -1526,7 +1526,8 @@ static void bg_timercb(void *opaque)
 }
 }
 
-void cxl_initialize_mailbox(CXLDeviceState *cxl_dstate, bool switch_cci)
+void cxl_initialize_mailbox(CXLDeviceState *cxl_dstate, bool switch_cci,
+    bool is_dcd)
 {
 if (!switch_cci) {
 cxl_dstate->cxl_cmd_set = cxl_cmd_set;
@@ -1534,6 +1535,9 @@ void cxl_initialize_mailbox(CXLDeviceState *cxl_dstate, 
bool switch_cci)
 cxl_dstate->cxl_cmd_set = cxl_cmd_set_sw;
 }
 for (int set = 0; set < 256; set++) {
+    if (!is_dcd && set == DCD_CONFIG) {
+   

Re: [PULL v4 09/10] hw/arm: introduce xenpvh machine

[Richard Henderson]

On 6/9/23 10:07, Stefano Stabellini wrote:

From: Vikram Garhwal

Add a new machine xenpvh which creates a IOREQ server to register/connect with
Xen Hypervisor.

Optional: When CONFIG_TPM is enabled, it also creates a tpm-tis-device, adds a
TPM emulator and connects to swtpm running on host machine via chardev socket
and support TPM functionalities for a guest domain.

Extra command line for aarch64 xenpvh QEMU to connect to swtpm:
 -chardev socket,id=chrtpm,path=/tmp/myvtpm2/swtpm-sock \
 -tpmdev emulator,id=tpm0,chardev=chrtpm \
 -machine tpm-base-addr=0x0c00 \

swtpm implements a TPM software emulator(TPM 1.2 & TPM 2) built on libtpms and
provides access to TPM functionality over socket, chardev and CUSE interface.
Github repo:https://github.com/stefanberger/swtpm
Example for starting swtpm on host machine:
 mkdir /tmp/vtpm2
 swtpm socket --tpmstate dir=/tmp/vtpm2 \
 --ctrl type=unixio,path=/tmp/vtpm2/swtpm-sock &

Signed-off-by: Vikram Garhwal
Signed-off-by: Stefano Stabellini
Reviewed-by: Stefano Stabellini
---
  docs/system/arm/xenpvh.rst|  34 +++
  docs/system/target-arm.rst|   1 +
  hw/arm/meson.build|   2 +
  hw/arm/xen_arm.c  | 181 ++
  include/hw/arm/xen_arch_hvm.h |   9 ++
  include/hw/xen/arch_hvm.h |   2 +
  6 files changed, 229 insertions(+)
  create mode 100644 docs/system/arm/xenpvh.rst
  create mode 100644 hw/arm/xen_arm.c
  create mode 100644 include/hw/arm/xen_arch_hvm.h


Fails testing.

Summary of Failures:
 10/423 qemu:qtest+qtest-aarch64 / qtest-aarch64/test-hmp  ERROR 
161.45s   killed by signal 6 SIGABRT
210/423 qemu:qtest+qtest-aarch64 / qtest-aarch64/qom-test  ERROR 
327.56s   killed by signal 6 SIGABRT


# starting QEMU: exec ./qemu-system-aarch64 -qtest unix:/tmp/qtest-669817.sock -qtest-log 
/dev/null -chardev socket,path=/tmp/qtest-669817.qmp,id=char0 -mon 
chardev=char0,mode=control -display none -machine xenpvh -accel qtest

qemu-system-aarch64: The -accel and "-machine accel=" options are incompatible
socket_accept failed: Resource temporarily unavailable
**
ERROR:../src/tests/qtest/libqtest.c:474:qtest_init_without_qmp_handshake: assertion 
failed: (s->fd >= 0 && s->qmp_fd >= 0)
Bail out! ERROR:../src/tests/qtest/libqtest.c:474:qtest_init_without_qmp_handshake: 
assertion failed: (s->fd >= 0 && s->qmp_fd >= 0)
../src/tests/qtest/libqtest.c:186: kill_qemu() tried to terminate QEMU process but 
encountered exit status 1 (expected 0)



r~

Re: [PATCH] hw/i386/pc: Clean up pc_machine_initfn

[Philippe Mathieu-Daudé]

On 9/6/23 18:41, Suravee Suthikulpanit wrote:

To use the newly introduced PC machine class local variable.

Suggedted-by: Igor Mammedov 


"Suggested-by"


Signed-off-by: Suravee Suthikulpanit 
---
  hw/i386/pc.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 33ffb03a32..f8d105e829 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1864,7 +1864,7 @@ static void pc_machine_initfn(Object *obj)
  pcms->smbios_entry_point_type = pcmc->default_smbios_ep_type;
  
  /* acpi build is enabled by default if machine supports it */

-pcms->acpi_build_enabled = PC_MACHINE_GET_CLASS(pcms)->has_acpi_build;
+pcms->acpi_build_enabled = pcmc->has_acpi_build;
  pcms->smbus_enabled = true;
  pcms->sata_enabled = true;
  pcms->i8042_enabled = true;

Re: [PATCH v3 5/5] intel_iommu: Optimize out some unnecessary UNMAP calls

[Peter Xu]

On Fri, Jun 09, 2023 at 05:49:06AM +, Duan, Zhenzhong wrote:
> Seems vtd_page_walk_one() already works in above way, checking mapping
> changes and calling kernel for changed entries?

Agreed in most cases, but the path this patch modified is not?  E.g. it
happens in rare cases where we simply want to unmap everything (e.g. on a
system reset, or invalid context entry)?

That's also why I'm curious whether perf of this path matters at all (and
assuming now we all agree that's the only goal now..), because afaiu it
didn't really trigger in common paths.

-- 
Peter Xu

Re: [Qemu RFC 0/7] Early enabling of DCD emulation in Qemu

[Ira Weiny]

ni...@outlook.com wrote:
> The 06/08/2023 08:43, Ira Weiny wrote:
> > Shesha Bhushan Sreenivasamurthy wrote:

[snip]

> 
> Hi Ira & Shesha,
> FYI. I reabased my patch series on top of the above branch and created a new
> branch here:
> 
> https://github.com/moking/qemu-dcd-preview-latest/tree/dcd-preview

Thanks!

> 
> It passes the same tests as shown here:
> https://lore.kernel.org/linux-cxl/6481f70fca5c2_c82be29440@iweiny-mobl.notmuch/T/#m76f6e85ce3d7292b1982960eb22086ee03922166

I've not gotten very far with this testing.  But I did find that regular
type 3 devices don't work with this change.  I used the patch below to get
this working.  Was there something I was missing to configure a non-DCD
device?

I don't particularly like adding another bool to this call stack.  Seems
like this calls for a flags field but I want to move on to DCD work so I
hacked this in.

Ira

commit ed27935044dcbd2c6ba71f8411b218621f3f4167
Author: Ira Weiny 
Date:   Fri Jun 9 13:56:33 2023 -0700

hw/mem/cxl_type3: Exclude DCD from CEL when type3 is not DCD

Per CXL 3.0 9.13.3 Dynamic Capacity Device (DCD) when the type 3 memory
device does not have DCD support the CEL should not include DCD
configuration commands.

If the number of DC regions supported is 0 skip the DCD commands in the
CEL.

Applies on top of Fan Ni's work here:
https://github.com/moking/qemu-dcd-preview-latest/tree/dcd-preview

Not-yet-Signed-off-by: Ira Weiny 

diff --git a/hw/cxl/cxl-device-utils.c b/hw/cxl/cxl-device-utils.c
index a4a2c6a80004..262e35935563 100644
--- a/hw/cxl/cxl-device-utils.c
+++ b/hw/cxl/cxl-device-utils.c
@@ -288,7 +288,7 @@ static void mailbox_reg_init_common(CXLDeviceState 
*cxl_dstate)
 
 static void memdev_reg_init_common(CXLDeviceState *cxl_dstate) { }
 
-void cxl_device_register_init_common(CXLDeviceState *cxl_dstate)
+void cxl_device_register_init_common(CXLDeviceState *cxl_dstate, bool is_dcd)
 {
 uint64_t *cap_hdrs = cxl_dstate->caps_reg_state64;
 const int cap_count = 3;
@@ -307,7 +307,7 @@ void cxl_device_register_init_common(CXLDeviceState 
*cxl_dstate)
 cxl_device_cap_init(cxl_dstate, MEMORY_DEVICE, 0x4000, 1);
 memdev_reg_init_common(cxl_dstate);
 
-cxl_initialize_mailbox(cxl_dstate, false);
+cxl_initialize_mailbox(cxl_dstate, false, is_dcd);
 }
 
 void cxl_device_register_init_swcci(CXLDeviceState *cxl_dstate)
@@ -329,7 +329,7 @@ void cxl_device_register_init_swcci(CXLDeviceState 
*cxl_dstate)
 cxl_device_cap_init(cxl_dstate, MEMORY_DEVICE, 0x4000, 1);
 memdev_reg_init_common(cxl_dstate);
 
-cxl_initialize_mailbox(cxl_dstate, true);
+cxl_initialize_mailbox(cxl_dstate, true, false);
 }
 
 uint64_t cxl_device_get_timestamp(CXLDeviceState *cxl_dstate)
diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
index 93b26e717c94..80e9cb9a8f04 100644
--- a/hw/cxl/cxl-mailbox-utils.c
+++ b/hw/cxl/cxl-mailbox-utils.c
@@ -1526,7 +1526,8 @@ static void bg_timercb(void *opaque)
 }
 }
 
-void cxl_initialize_mailbox(CXLDeviceState *cxl_dstate, bool switch_cci)
+void cxl_initialize_mailbox(CXLDeviceState *cxl_dstate, bool switch_cci,
+bool is_dcd)
 {
 if (!switch_cci) {
 cxl_dstate->cxl_cmd_set = cxl_cmd_set;
@@ -1534,6 +1535,9 @@ void cxl_initialize_mailbox(CXLDeviceState *cxl_dstate, 
bool switch_cci)
 cxl_dstate->cxl_cmd_set = cxl_cmd_set_sw;
 }
 for (int set = 0; set < 256; set++) {
+if (!is_dcd && set == DCD_CONFIG) {
+continue;
+}
 for (int cmd = 0; cmd < 256; cmd++) {
 if (cxl_dstate->cxl_cmd_set[set][cmd].handler) {
 struct cxl_cmd *c = &cxl_dstate->cxl_cmd_set[set][cmd];
diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c
index 329e8b5915b3..e6e6e125990c 100644
--- a/hw/mem/cxl_type3.c
+++ b/hw/mem/cxl_type3.c
@@ -1276,9 +1276,11 @@ static void ct3d_reset(DeviceState *dev)
 CXLType3Dev *ct3d = CXL_TYPE3(dev);
 uint32_t *reg_state = ct3d->cxl_cstate.crb.cache_mem_registers;
 uint32_t *write_msk = ct3d->cxl_cstate.crb.cache_mem_regs_write_mask;
+bool is_dcd;
 
 cxl_component_register_init_common(reg_state, write_msk, 
CXL2_TYPE3_DEVICE);
-cxl_device_register_init_common(&ct3d->cxl_dstate);
+is_dcd = (ct3d->dc.num_regions != 0);
+cxl_device_register_init_common(&ct3d->cxl_dstate, is_dcd);
 }
 
 static Property ct3_props[] = {
diff --git a/include/hw/cxl/cxl_device.h b/include/hw/cxl/cxl_device.h
index 1ccddcca7d0d..4621bba4f533 100644
--- a/include/hw/cxl/cxl_device.h
+++ b/include/hw/cxl/cxl_device.h
@@ -233,7 +233,7 @@ typedef struct cxl_device_state {
 void cxl_device_register_block_init(Object *obj, CXLDeviceState *dev);
 
 /* Set up default values for the register block */
-void cxl_device_register_init_common(CXLDeviceState *dev);
+void cxl_device_register_init_common(CXLDeviceState *dev, bool is_dcd);
 void cxl_device_register_init_swcci(CXLDeviceState *dev);
 
 /*

Re: [PATCH v3 2/8] target/arm: v8.3 PAC ID_AA64ISAR[12] feature-detection

[Richard Henderson]

On 6/9/23 10:23, Aaron Lindsay wrote:

+static inline int isar_feature_pauth_get_features(const ARMISARegisters *id)
+{
+if (isar_feature_aa64_pauth_arch_qarma5(id)) {
+return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, APA);
+} else if (isar_feature_aa64_pauth_arch_qarma3(id)) {
+return FIELD_EX64(id->id_aa64isar2, ID_AA64ISAR2, APA3);
+} else {
+return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, API);
+}
+}


As I mentioned in previous review, exactly one of these fields will be non-zero, so you 
can just OR them all together without the conditionals.



r~

Re: [PATCH v3 1/8] target/arm: Add ID_AA64ISAR2_EL1

[Richard Henderson]

On 6/9/23 10:23, Aaron Lindsay wrote:

--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -847,6 +847,7 @@ static bool 
hvf_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
  { HV_SYS_REG_ID_AA64DFR1_EL1, &host_isar.id_aa64dfr1 },
  { HV_SYS_REG_ID_AA64ISAR0_EL1, &host_isar.id_aa64isar0 },
  { HV_SYS_REG_ID_AA64ISAR1_EL1, &host_isar.id_aa64isar1 },
+{ HV_SYS_REG_ID_AA64ISAR2_EL1, &host_isar.id_aa64isar2 },


Sadly not defined for MacOSX13.1.sdk, and it's an enum so you can't #ifdef it 
either.

You'll need a meson probe for it.

Otherwise, looks good.


r~

Re: [PATCH 0/2] linux-user: Clarify error on failure to map guest address space

[Michael Tokarev]

27.03.2023 14:55, Andrew Jeffery wrote:

Hello,

This series is a couple of trivial improvements to the error message from 
linux-user's ELF loader
when it fails to mmap() the guest's address space. Both issues caused me brief 
confusion when trying
to sort myself out after hitting 
https://gitlab.com/qemu-project/qemu/-/issues/447

I've build tested the two as a sanity check.


Ping?  That seems like some nice rewording, but not my area..

Thanks!

/mjt

Re: [PATCH 21/22] target/arm/tcg: Remove inclusions of 'exec/helper-[proto/gen].h'

[Richard Henderson]

On 6/9/23 03:47, Philippe Mathieu-Daudé wrote:

diff --git a/target/arm/tcg/vec_helper.c b/target/arm/tcg/vec_helper.c
index 8fb44a8b7f..5621728271 100644
--- a/target/arm/tcg/vec_helper.c
+++ b/target/arm/tcg/vec_helper.c
@@ -19,12 +19,16 @@
  
  #include "qemu/osdep.h"

  #include "cpu.h"
-#include "exec/helper-proto.h"
  #include "tcg/tcg-gvec-desc.h"
  #include "fpu/softfloat.h"
  #include "qemu/int128.h"
  #include "vec_internal.h"
  
+#define HELPER_H "tcg/helper.h.inc"

+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H


I am surprised that helper.h.inc would be required here and in most of the other 
foo_helper.c, where helper-foo.h.inc has already been used.



r~

Re: [PATCH] vnc: move assert in vnc_worker_thread_loop

[Michael Tokarev]

09.06.2023 12:23, Anastasia Belova wrote:

job may be NULL if queue->exit is true. Check
it before dereference job.

Fixes: f31f9c1080 ("vnc: add magic cookie to VncState")
Signed-off-by: Anastasia Belova 
---
  ui/vnc-jobs.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ui/vnc-jobs.c b/ui/vnc-jobs.c
index 886f9bf611..fcca7ec632 100644
--- a/ui/vnc-jobs.c
+++ b/ui/vnc-jobs.c
@@ -250,12 +250,13 @@ static int vnc_worker_thread_loop(VncJobQueue *queue)
  /* Here job can only be NULL if queue->exit is true */
  job = QTAILQ_FIRST(&queue->jobs);
  vnc_unlock_queue(queue);
-assert(job->vs->magic == VNC_MAGIC);
  
  if (queue->exit) {

  return -1;
  }
  
+assert(job->vs->magic == VNC_MAGIC);

+


This is a good one, I like it :)

Reviewed-by: Michael Tokarev 

It can be applied though -trivial queue.

Thank you!

/mjt

[PATCH v2 07/10] block: Convert qmp_query_named_block_nodes to coroutine

[Fabiano Rosas]

From: Lin Ma 

We're converting callers of bdrv_get_allocated_file_size() to run in
coroutines because that function will be made asynchronous when called
(indirectly) from the QMP dispatcher.

This QMP command is a candidate because it indirectly calls
bdrv_get_allocated_file_size() through bdrv_block_device_info() ->
bdrv_query_image_info() -> bdrv_query_image_info().

The previous patches have determined that bdrv_query_image_info() and
bdrv_do_query_node_info() are coroutine-safe so we can just make the
QMP command run in a coroutine.

Signed-off-by: Lin Ma 
Signed-off-by: Fabiano Rosas 
---
 block.c  | 2 +-
 blockdev.c   | 6 +++---
 qapi/block-core.json | 3 ++-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/block.c b/block.c
index f94cee8930..abed744b60 100644
--- a/block.c
+++ b/block.c
@@ -6148,7 +6148,7 @@ BlockDeviceInfoList *bdrv_named_nodes_list(bool flat,
 
 list = NULL;
 QTAILQ_FOREACH(bs, &graph_bdrv_states, node_list) {
-BlockDeviceInfo *info = bdrv_block_device_info(NULL, bs, flat, errp);
+BlockDeviceInfo *info = bdrv_co_block_device_info(NULL, bs, flat, 
errp);
 if (!info) {
 qapi_free_BlockDeviceInfoList(list);
 return NULL;
diff --git a/blockdev.c b/blockdev.c
index e6eba61484..8b5f7d06c8 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -2818,9 +2818,9 @@ void qmp_drive_backup(DriveBackup *backup, Error **errp)
 blockdev_do_action(&action, errp);
 }
 
-BlockDeviceInfoList *qmp_query_named_block_nodes(bool has_flat,
- bool flat,
- Error **errp)
+BlockDeviceInfoList *coroutine_fn qmp_query_named_block_nodes(bool has_flat,
+  bool flat,
+  Error **errp)
 {
 bool return_flat = has_flat && flat;
 
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 5dd5f7e4b0..9d4c92f2c9 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -1972,7 +1972,8 @@
 { 'command': 'query-named-block-nodes',
   'returns': [ 'BlockDeviceInfo' ],
   'data': { '*flat': 'bool' },
-  'allow-preconfig': true }
+  'allow-preconfig': true,
+  'coroutine': true}
 
 ##
 # @XDbgBlockGraphNodeType:
-- 
2.35.3

[PATCH v2 09/10] block: Convert qmp_query_block() to coroutine_fn

[Fabiano Rosas]

This is another caller of bdrv_get_allocated_file_size() that needs to
be converted to a coroutine because that function will be made
asynchronous when called (indirectly) from the QMP dispatcher.

This QMP command is a candidate because it calls bdrv_do_query_node_info(),
which in turn calls bdrv_get_allocated_file_size().

We've determined bdrv_do_query_node_info() to be coroutine-safe (see
previous commits), so we can just put this QMP command in a coroutine.

Since qmp_query_block() now expects to run in a coroutine, its callers
need to be converted as well. Convert hmp_info_block(), which calls
only coroutine-safe code, including qmp_query_named_block_nodes()
which has been converted to coroutine in the previous patches.

Now that all callers of bdrv_[co_]block_device_info() are using the
coroutine version, a few things happen:

 - we can return to using bdrv_block_device_info() without a wrapper;

 - bdrv_get_allocated_file_size() can stop being mixed;

 - bdrv_co_get_allocated_file_size() needs to be put under the graph
   lock because it is being called wthout the wrapper;

 - bdrv_do_query_node_info() doesn't need to acquire the AioContext
   because it doesn't call aio_poll anymore;

Signed-off-by: Fabiano Rosas 
---
 block.c|  2 +-
 block/monitor/block-hmp-cmds.c |  2 +-
 block/qapi.c   | 18 +-
 hmp-commands-info.hx   |  1 +
 include/block/block-hmp-cmds.h |  2 +-
 include/block/block-io.h   |  2 +-
 include/block/qapi.h   | 12 
 qapi/block-core.json   |  2 +-
 8 files changed, 19 insertions(+), 22 deletions(-)

diff --git a/block.c b/block.c
index abed744b60..f94cee8930 100644
--- a/block.c
+++ b/block.c
@@ -6148,7 +6148,7 @@ BlockDeviceInfoList *bdrv_named_nodes_list(bool flat,
 
 list = NULL;
 QTAILQ_FOREACH(bs, &graph_bdrv_states, node_list) {
-BlockDeviceInfo *info = bdrv_co_block_device_info(NULL, bs, flat, 
errp);
+BlockDeviceInfo *info = bdrv_block_device_info(NULL, bs, flat, errp);
 if (!info) {
 qapi_free_BlockDeviceInfoList(list);
 return NULL;
diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
index 26116fe831..1049f9b006 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -742,7 +742,7 @@ static void print_block_info(Monitor *mon, BlockInfo *info,
 }
 }
 
-void hmp_info_block(Monitor *mon, const QDict *qdict)
+void coroutine_fn hmp_info_block(Monitor *mon, const QDict *qdict)
 {
 BlockInfoList *block_list, *info;
 BlockDeviceInfoList *blockdev_list, *blockdev;
diff --git a/block/qapi.c b/block/qapi.c
index 20660e15d6..3b4bc0b782 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -41,10 +41,10 @@
 #include "qemu/qemu-print.h"
 #include "sysemu/block-backend.h"
 
-BlockDeviceInfo *coroutine_fn bdrv_co_block_device_info(BlockBackend *blk,
-BlockDriverState *bs,
-bool flat,
-Error **errp)
+BlockDeviceInfo *coroutine_fn bdrv_block_device_info(BlockBackend *blk,
+ BlockDriverState *bs,
+ bool flat,
+ Error **errp)
 {
 ImageInfo **p_image_info;
 ImageInfo *backing_info;
@@ -235,8 +235,6 @@ static void bdrv_do_query_node_info(BlockDriverState *bs,
 int ret;
 Error *err = NULL;
 
-aio_context_acquire(bdrv_get_aio_context(bs));
-
 size = bdrv_getlength(bs);
 if (size < 0) {
 error_setg_errno(errp, -size, "Can't get image size '%s'",
@@ -249,7 +247,9 @@ static void bdrv_do_query_node_info(BlockDriverState *bs,
 info->filename= g_strdup(bs->filename);
 info->format  = g_strdup(bdrv_get_format_name(bs));
 info->virtual_size= size;
-info->actual_size = bdrv_get_allocated_file_size(bs);
+bdrv_graph_co_rdlock();
+info->actual_size = bdrv_co_get_allocated_file_size(bs);
+bdrv_graph_co_rdunlock();
 info->has_actual_size = info->actual_size >= 0;
 if (bs->encrypted) {
 info->encrypted = true;
@@ -305,7 +305,7 @@ static void bdrv_do_query_node_info(BlockDriverState *bs,
 }
 
 out:
-aio_context_release(bdrv_get_aio_context(bs));
+return;
 }
 
 /**
@@ -668,7 +668,7 @@ bdrv_query_bds_stats(BlockDriverState *bs, bool blk_level)
 return s;
 }
 
-BlockInfoList *qmp_query_block(Error **errp)
+BlockInfoList *coroutine_fn qmp_query_block(Error **errp)
 {
 BlockInfoList *head = NULL, **p_next = &head;
 BlockBackend *blk;
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
index 47d63d26db..996895f417 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
@@ -65,6 +65,7 @@ ERST
 .help   = "show info of one block device or all bl

[PATCH v2 01/10] block: Remove bdrv_query_block_node_info

[Fabiano Rosas]

The last call site of this function has been removed by commit
c04d0ab026 ("qemu-img: Let info print block graph").

Reviewed-by: Claudio Fontana 
Signed-off-by: Fabiano Rosas 
---
 block/qapi.c | 27 ---
 include/block/qapi.h |  3 ---
 2 files changed, 30 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index f34f95e0ef..79bf80c503 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -309,33 +309,6 @@ out:
 aio_context_release(bdrv_get_aio_context(bs));
 }
 
-/**
- * bdrv_query_block_node_info:
- * @bs: block node to examine
- * @p_info: location to store node information
- * @errp: location to store error information
- *
- * Store image information about @bs in @p_info.
- *
- * @p_info will be set only on success. On error, store error in @errp.
- */
-void bdrv_query_block_node_info(BlockDriverState *bs,
-BlockNodeInfo **p_info,
-Error **errp)
-{
-BlockNodeInfo *info;
-ERRP_GUARD();
-
-info = g_new0(BlockNodeInfo, 1);
-bdrv_do_query_node_info(bs, info, errp);
-if (*errp) {
-qapi_free_BlockNodeInfo(info);
-return;
-}
-
-*p_info = info;
-}
-
 /**
  * bdrv_query_image_info:
  * @bs: block node to examine
diff --git a/include/block/qapi.h b/include/block/qapi.h
index 18d48ddb70..8663971c58 100644
--- a/include/block/qapi.h
+++ b/include/block/qapi.h
@@ -36,9 +36,6 @@ BlockDeviceInfo *bdrv_block_device_info(BlockBackend *blk,
 int bdrv_query_snapshot_info_list(BlockDriverState *bs,
   SnapshotInfoList **p_list,
   Error **errp);
-void bdrv_query_block_node_info(BlockDriverState *bs,
-BlockNodeInfo **p_info,
-Error **errp);
 void bdrv_query_image_info(BlockDriverState *bs,
ImageInfo **p_info,
bool flat,
-- 
2.35.3

[PATCH v2 08/10] block: Don't query all block devices at hmp_nbd_server_start

[Fabiano Rosas]

We're currently doing a full query-block just to enumerate the devices
for qmp_nbd_server_add and then discarding the BlockInfoList
afterwards. Alter hmp_nbd_server_start to instead iterate explicitly
over the block_backends list.

This allows the removal of the dependency on qmp_query_block from
hmp_nbd_server_start. This is desirable because we're about to move
qmp_query_block into a coroutine and don't need to change the NBD code
at the same time.

Signed-off-by: Fabiano Rosas 
---
 block/monitor/block-hmp-cmds.c | 20 
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/block/monitor/block-hmp-cmds.c b/block/monitor/block-hmp-cmds.c
index ca2599de44..26116fe831 100644
--- a/block/monitor/block-hmp-cmds.c
+++ b/block/monitor/block-hmp-cmds.c
@@ -394,7 +394,7 @@ void hmp_nbd_server_start(Monitor *mon, const QDict *qdict)
 bool writable = qdict_get_try_bool(qdict, "writable", false);
 bool all = qdict_get_try_bool(qdict, "all", false);
 Error *local_err = NULL;
-BlockInfoList *block_list, *info;
+BlockBackend *blk;
 SocketAddress *addr;
 NbdServerAddOptions export;
 
@@ -419,18 +419,24 @@ void hmp_nbd_server_start(Monitor *mon, const QDict 
*qdict)
 return;
 }
 
-/* Then try adding all block devices.  If one fails, close all and
+/*
+ * Then try adding all block devices.  If one fails, close all and
  * exit.
  */
-block_list = qmp_query_block(NULL);
+for (blk = blk_all_next(NULL); blk; blk = blk_all_next(blk)) {
+BlockDriverState *bs = blk_bs(blk);
 
-for (info = block_list; info; info = info->next) {
-if (!info->value->inserted) {
+if (!*blk_name(blk) && !blk_get_attached_dev(blk)) {
+continue;
+}
+
+bs = bdrv_skip_implicit_filters(bs);
+if (!bs || !bs->drv) {
 continue;
 }
 
 export = (NbdServerAddOptions) {
-.device = info->value->device,
+.device = g_strdup(blk_name(blk)),
 .has_writable   = true,
 .writable   = writable,
 };
@@ -443,8 +449,6 @@ void hmp_nbd_server_start(Monitor *mon, const QDict *qdict)
 }
 }
 
-qapi_free_BlockInfoList(block_list);
-
 exit:
 hmp_handle_error(mon, local_err);
 }
-- 
2.35.3

[PATCH v2 04/10] block: Temporarily mark bdrv_co_get_allocated_file_size as mixed

[Fabiano Rosas]

Some callers of this function are about to be converted to run in
coroutines, so allow it to be executed both inside and outside a
coroutine while we convert all the callers.

This will be reverted once all callers of bdrv_do_query_node_info run
in a coroutine.

Signed-off-by: Fabiano Rosas 
Reviewed-by: Eric Blake 
---
 include/block/block-io.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/block/block-io.h b/include/block/block-io.h
index 43af816d75..f31e25cf56 100644
--- a/include/block/block-io.h
+++ b/include/block/block-io.h
@@ -87,7 +87,7 @@ int64_t co_wrapper_mixed_bdrv_rdlock 
bdrv_getlength(BlockDriverState *bs);
 int64_t coroutine_fn GRAPH_RDLOCK
 bdrv_co_get_allocated_file_size(BlockDriverState *bs);
 
-int64_t co_wrapper_bdrv_rdlock
+int64_t co_wrapper_mixed_bdrv_rdlock
 bdrv_get_allocated_file_size(BlockDriverState *bs);
 
 BlockMeasureInfo *bdrv_measure(BlockDriver *drv, QemuOpts *opts,
-- 
2.35.3

[PATCH v2 05/10] block: Convert bdrv_query_block_graph_info to coroutine

[Fabiano Rosas]

We're converting callers of bdrv_get_allocated_file_size() to run in
coroutines because that function will be made asynchronous when called
(indirectly) from the QMP dispatcher.

This function is a candidate because it calls bdrv_do_query_node_info(),
which in turn calls bdrv_get_allocated_file_size().

All the functions called from bdrv_do_query_node_info() onwards are
coroutine-safe, either have a coroutine version themselves[1] or are
mostly simple code/string manipulation[2].

1) bdrv_getlength(), bdrv_get_allocated_file_size(), bdrv_get_info(),
   bdrv_get_specific_info();

2) bdrv_refresh_filename(), bdrv_get_format_name(),
   bdrv_get_full_backing_filename(), bdrv_query_snapshot_info_list();

Signed-off-by: Fabiano Rosas 
---
 block/qapi.c | 12 +++-
 include/block/qapi.h |  6 +-
 qemu-img.c   |  2 --
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index 1cbb0935ff..a2e71edaff 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -375,7 +375,7 @@ fail:
 }
 
 /**
- * bdrv_query_block_graph_info:
+ * bdrv_co_query_block_graph_info:
  * @bs: root node to start from
  * @p_info: location to store image information
  * @errp: location to store error information
@@ -384,15 +384,17 @@ fail:
  *
  * @p_info will be set only on success. On error, store error in @errp.
  */
-void bdrv_query_block_graph_info(BlockDriverState *bs,
- BlockGraphInfo **p_info,
- Error **errp)
+void coroutine_fn bdrv_co_query_block_graph_info(BlockDriverState *bs,
+ BlockGraphInfo **p_info,
+ Error **errp)
 {
 BlockGraphInfo *info;
 BlockChildInfoList **children_list_tail;
 BdrvChild *c;
 ERRP_GUARD();
 
+assert_bdrv_graph_readable();
+
 info = g_new0(BlockGraphInfo, 1);
 bdrv_do_query_node_info(bs, qapi_BlockGraphInfo_base(info), errp);
 if (*errp) {
@@ -408,7 +410,7 @@ void bdrv_query_block_graph_info(BlockDriverState *bs,
 QAPI_LIST_APPEND(children_list_tail, c_info);
 
 c_info->name = g_strdup(c->name);
-bdrv_query_block_graph_info(c->bs, &c_info->info, errp);
+bdrv_co_query_block_graph_info(c->bs, &c_info->info, errp);
 if (*errp) {
 goto fail;
 }
diff --git a/include/block/qapi.h b/include/block/qapi.h
index 8663971c58..7035bcd1ae 100644
--- a/include/block/qapi.h
+++ b/include/block/qapi.h
@@ -25,6 +25,7 @@
 #ifndef BLOCK_QAPI_H
 #define BLOCK_QAPI_H
 
+#include "block/block-common.h"
 #include "block/graph-lock.h"
 #include "block/snapshot.h"
 #include "qapi/qapi-types-block-core.h"
@@ -41,7 +42,10 @@ void bdrv_query_image_info(BlockDriverState *bs,
bool flat,
bool skip_implicit_filters,
Error **errp);
-void GRAPH_RDLOCK
+void coroutine_fn GRAPH_RDLOCK
+bdrv_co_query_block_graph_info(BlockDriverState *bs, BlockGraphInfo **p_info,
+   Error **errp);
+void co_wrapper_bdrv_rdlock
 bdrv_query_block_graph_info(BlockDriverState *bs, BlockGraphInfo **p_info,
 Error **errp);
 
diff --git a/qemu-img.c b/qemu-img.c
index 27f48051b0..8066286f5e 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -2945,9 +2945,7 @@ static BlockGraphInfoList *collect_image_info_list(bool 
image_opts,
  * duplicate the backing chain information that we obtain by walking
  * the chain manually here.
  */
-bdrv_graph_rdlock_main_loop();
 bdrv_query_block_graph_info(bs, &info, &err);
-bdrv_graph_rdunlock_main_loop();
 
 if (err) {
 error_report_err(err);
-- 
2.35.3

[PATCH v2 10/10] block: Add a thread-pool version of fstat

[Fabiano Rosas]

From: João Silva 

The fstat call can take a long time to finish when running over
NFS. Add a version of it that runs in the thread pool.

Adapt one of its users, raw_co_get_allocated_file size to use the new
version. That function is called via QMP under the qemu_global_mutex
so it has a large chance of blocking VCPU threads in case it takes too
long to finish.

Reviewed-by: Claudio Fontana 
Signed-off-by: João Silva 
Signed-off-by: Fabiano Rosas 
---
 block/file-posix.c  | 40 +---
 include/block/raw-aio.h |  4 +++-
 2 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/block/file-posix.c b/block/file-posix.c
index ac1ed54811..45232dc0f9 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -227,6 +227,9 @@ typedef struct RawPosixAIOData {
 struct {
 unsigned long op;
 } zone_mgmt;
+struct {
+struct stat *st;
+} fstat;
 };
 } RawPosixAIOData;
 
@@ -2614,6 +2617,34 @@ static void raw_close(BlockDriverState *bs)
 }
 }
 
+static int handle_aiocb_fstat(void *opaque)
+{
+RawPosixAIOData *aiocb = opaque;
+
+if (fstat(aiocb->aio_fildes, aiocb->fstat.st) < 0) {
+return -errno;
+}
+
+return 0;
+}
+
+static int coroutine_fn raw_co_fstat(BlockDriverState *bs, struct stat *st)
+{
+BDRVRawState *s = bs->opaque;
+RawPosixAIOData acb;
+
+acb = (RawPosixAIOData) {
+.bs = bs,
+.aio_fildes = s->fd,
+.aio_type   = QEMU_AIO_FSTAT,
+.fstat  = {
+.st = st,
+},
+};
+
+return raw_thread_pool_submit(handle_aiocb_fstat, &acb);
+}
+
 /**
  * Truncates the given regular file @fd to @offset and, when growing, fills the
  * new space according to @prealloc.
@@ -2853,11 +2884,14 @@ static int64_t coroutine_fn 
raw_co_getlength(BlockDriverState *bs)
 static int64_t coroutine_fn raw_co_get_allocated_file_size(BlockDriverState 
*bs)
 {
 struct stat st;
-BDRVRawState *s = bs->opaque;
+int ret;
 
-if (fstat(s->fd, &st) < 0) {
-return -errno;
+ret = raw_co_fstat(bs, &st);
+
+if (ret) {
+return ret;
 }
+
 return (int64_t)st.st_blocks * 512;
 }
 
diff --git a/include/block/raw-aio.h b/include/block/raw-aio.h
index 0f63c2800c..1f2c678461 100644
--- a/include/block/raw-aio.h
+++ b/include/block/raw-aio.h
@@ -31,6 +31,7 @@
 #define QEMU_AIO_ZONE_REPORT  0x0100
 #define QEMU_AIO_ZONE_MGMT0x0200
 #define QEMU_AIO_ZONE_APPEND  0x0400
+#define QEMU_AIO_FSTAT0x0800
 #define QEMU_AIO_TYPE_MASK \
 (QEMU_AIO_READ | \
  QEMU_AIO_WRITE | \
@@ -42,7 +43,8 @@
  QEMU_AIO_TRUNCATE | \
  QEMU_AIO_ZONE_REPORT | \
  QEMU_AIO_ZONE_MGMT | \
- QEMU_AIO_ZONE_APPEND)
+ QEMU_AIO_ZONE_APPEND | \
+ QEMU_AIO_FSTAT)
 
 /* AIO flags */
 #define QEMU_AIO_MISALIGNED   0x1000
-- 
2.35.3

[PATCH v2 06/10] block: Convert bdrv_block_device_info into co_wrapper

[Fabiano Rosas]

We're converting callers of bdrv_get_allocated_file_size() to run in
coroutines because that function will be made asynchronous when called
(indirectly) from the QMP dispatcher.

This function is a candidate because it calls bdrv_query_image_info()
-> bdrv_do_query_node_info() -> bdrv_get_allocated_file_size().

It is safe to turn this is a coroutine because the code it calls is
made up of either simple accessors and string manipulation functions
[1] or it has already been determined to be safe [2].

1) bdrv_refresh_filename(), bdrv_is_read_only(),
   blk_enable_write_cache(), bdrv_cow_bs(), blk_get_public(),
   throttle_group_get_name(), bdrv_write_threshold_get(),
   bdrv_query_dirty_bitmaps(), throttle_group_get_config(),
   bdrv_filter_or_cow_bs(), bdrv_skip_implicit_filters()

2) bdrv_do_query_node_info() (see previous commit);

Signed-off-by: Fabiano Rosas 
---
 block/qapi.c |  8 
 include/block/qapi.h | 12 
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index a2e71edaff..20660e15d6 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -41,10 +41,10 @@
 #include "qemu/qemu-print.h"
 #include "sysemu/block-backend.h"
 
-BlockDeviceInfo *bdrv_block_device_info(BlockBackend *blk,
-BlockDriverState *bs,
-bool flat,
-Error **errp)
+BlockDeviceInfo *coroutine_fn bdrv_co_block_device_info(BlockBackend *blk,
+BlockDriverState *bs,
+bool flat,
+Error **errp)
 {
 ImageInfo **p_image_info;
 ImageInfo *backing_info;
diff --git a/include/block/qapi.h b/include/block/qapi.h
index 7035bcd1ae..5cb0202791 100644
--- a/include/block/qapi.h
+++ b/include/block/qapi.h
@@ -30,10 +30,14 @@
 #include "block/snapshot.h"
 #include "qapi/qapi-types-block-core.h"
 
-BlockDeviceInfo *bdrv_block_device_info(BlockBackend *blk,
-BlockDriverState *bs,
-bool flat,
-Error **errp);
+BlockDeviceInfo *coroutine_fn bdrv_co_block_device_info(BlockBackend *blk,
+BlockDriverState *bs,
+bool flat,
+Error **errp);
+BlockDeviceInfo *co_wrapper bdrv_block_device_info(BlockBackend *blk,
+   BlockDriverState *bs,
+   bool flat,
+   Error **errp);
 int bdrv_query_snapshot_info_list(BlockDriverState *bs,
   SnapshotInfoList **p_list,
   Error **errp);
-- 
2.35.3

[PATCH v2 00/10] block: Make raw_co_get_allocated_file_size asynchronous

[Fabiano Rosas]

Hi,

The major change from the last version is that this time I'm moving
all of the callers of bdrv_get_allocated_file_size() into
coroutines. I had to make some temporary changes to avoid asserts
while not all the callers were converted.

I tried my best to explain why I think the changes are safe. To avoid
changing too much of the code I added a change that removes the
dependency of qmp_query_block from hmp_nbd_server_start, that way I
don't need to move all of the nbd code into a coroutine as well.

Based on:
 [PATCH v2 00/11] block: Re-enable the graph lock
 https://lore.kernel.org/r/20230605085711.21261-1-kw...@redhat.com

changes:

  - fixed duplicated commit message [Lin]
  - clarified why we need to convert info-block [Claudio]
  - added my rationale of why the changes are safe [Eric]
  - converted all callers to coroutines [Kevin]
  - made hmp_nbd_server_start don't depend on qmp_query_block

CI run: https://gitlab.com/farosas/qemu/-/pipelines/895525156
===
v1:
https://lore.kernel.org/r/20230523213903.18418-1-faro...@suse.de

As discussed in another thread [1], here's an RFC addressing a VCPU
softlockup encountered when issuing QMP commands that target a disk
placed on NFS.

Since QMP commands happen with the qemu_global_mutex locked, any
command that takes too long to finish will block other threads waiting
to take the global mutex. One such thread could be a VCPU thread going
out of the guest to handle IO.

This is the case when issuing the QMP command query-block, which
eventually calls raw_co_get_allocated_file_size(). This function makes
an 'fstat' call that has been observed to take a long time (seconds)
over NFS.

NFS latency issues aside, we can improve the situation by not blocking
VCPU threads while the command is running.

Move the 'fstat' call into the thread-pool and make the necessary
adaptations to ensure raw_co_get_allocated_file_size runs in a
coroutine in the block driver aio_context.

1- Question about QMP and BQL
https://lists.gnu.org/archive/html/qemu-devel/2023-05/msg03141.html

Fabiano Rosas (8):
  block: Remove bdrv_query_block_node_info
  block: Remove unnecessary variable in bdrv_block_device_info
  block: Allow the wrapper script to see functions declared in qapi.h
  block: Temporarily mark bdrv_co_get_allocated_file_size as mixed
  block: Convert bdrv_query_block_graph_info to coroutine
  block: Convert bdrv_block_device_info into co_wrapper
  block: Don't query all block devices at hmp_nbd_server_start
  block: Convert qmp_query_block() to coroutine_fn

João Silva (1):
  block: Add a thread-pool version of fstat

Lin Ma (1):
  block: Convert qmp_query_named_block_nodes to coroutine

 block/file-posix.c | 40 +--
 block/meson.build  |  1 +
 block/monitor/block-hmp-cmds.c | 22 ++-
 block/qapi.c   | 62 +-
 blockdev.c |  6 +--
 hmp-commands-info.hx   |  1 +
 include/block/block-hmp-cmds.h |  2 +-
 include/block/qapi.h   | 17 
 include/block/raw-aio.h|  4 +-
 qapi/block-core.json   |  5 ++-
 qemu-img.c |  2 -
 scripts/block-coroutine-wrapper.py |  1 +
 12 files changed, 90 insertions(+), 73 deletions(-)

-- 
2.35.3

[PATCH v2 03/10] block: Allow the wrapper script to see functions declared in qapi.h

[Fabiano Rosas]

The following patches will add co_wrapper annotations to functions
declared in qapi.h. Add that header to the set of files used by
block-coroutine-wrapper.py.

Signed-off-by: Fabiano Rosas 
---
 block/meson.build  | 1 +
 scripts/block-coroutine-wrapper.py | 1 +
 2 files changed, 2 insertions(+)

diff --git a/block/meson.build b/block/meson.build
index fb4332bd66..7ad6a396a4 100644
--- a/block/meson.build
+++ b/block/meson.build
@@ -150,6 +150,7 @@ block_gen_c = custom_target('block-gen.c',
   '../include/block/dirty-bitmap.h',
   '../include/block/block_int-io.h',
   '../include/block/block-global-state.h',
+  '../include/block/qapi.h',
   
'../include/sysemu/block-backend-global-state.h',
   '../include/sysemu/block-backend-io.h',
   'coroutines.h'
diff --git a/scripts/block-coroutine-wrapper.py 
b/scripts/block-coroutine-wrapper.py
index d4a183db61..814b62df26 100644
--- a/scripts/block-coroutine-wrapper.py
+++ b/scripts/block-coroutine-wrapper.py
@@ -44,6 +44,7 @@ def gen_header():
 #include "block/block-gen.h"
 #include "block/block_int.h"
 #include "block/dirty-bitmap.h"
+#include "block/qapi.h"
 """
 
 
-- 
2.35.3

[PATCH v2 02/10] block: Remove unnecessary variable in bdrv_block_device_info

[Fabiano Rosas]

The commit 5d8813593f ("block/qapi: Let bdrv_query_image_info()
recurse") removed the loop where we set the 'bs0' variable, so now it
is just the same as 'bs'.

Signed-off-by: Fabiano Rosas 
---
 block/qapi.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index 79bf80c503..1cbb0935ff 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -48,7 +48,7 @@ BlockDeviceInfo *bdrv_block_device_info(BlockBackend *blk,
 {
 ImageInfo **p_image_info;
 ImageInfo *backing_info;
-BlockDriverState *bs0, *backing;
+BlockDriverState *backing;
 BlockDeviceInfo *info;
 ERRP_GUARD();
 
@@ -145,7 +145,6 @@ BlockDeviceInfo *bdrv_block_device_info(BlockBackend *blk,
 
 info->write_threshold = bdrv_write_threshold_get(bs);
 
-bs0 = bs;
 p_image_info = &info->image;
 info->backing_file_depth = 0;
 
@@ -153,7 +152,7 @@ BlockDeviceInfo *bdrv_block_device_info(BlockBackend *blk,
  * Skip automatically inserted nodes that the user isn't aware of for
  * query-block (blk != NULL), but not for query-named-block-nodes
  */
-bdrv_query_image_info(bs0, p_image_info, flat, blk != NULL, errp);
+bdrv_query_image_info(bs, p_image_info, flat, blk != NULL, errp);
 if (*errp) {
 qapi_free_BlockDeviceInfo(info);
 return NULL;
-- 
2.35.3

Re: [PATCH 18/22] target/arm/tcg: Define SME set_svcr() helper in common 'helper.h'

[Richard Henderson]

On 6/9/23 03:47, Philippe Mathieu-Daudé wrote:

SME set_svcr() is called by handle_msr_i() in translate-a64.c.
To be able to restrict helper-sme.h.inc to SME-specific files,
move the set_svcr() helper definition into the common helper.h.

Signed-off-by: Philippe Mathieu-Daudé
---
  target/arm/helper.h | 1 +
  target/arm/tcg/helper-sme.h.inc | 2 --
  2 files changed, 1 insertion(+), 2 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 05/22] target/arm/tcg: Extract iwMMXt helpers from the generic 'helper.h'

[Richard Henderson]

On 6/9/23 03:47, Philippe Mathieu-Daudé wrote:

Signed-off-by: Philippe Mathieu-Daudé
---
  target/arm/helper.h|  96 +---
  target/arm/tcg/helper-iwmmxt.h.inc | 114 +
  2 files changed, 115 insertions(+), 95 deletions(-)
  create mode 100644 target/arm/tcg/helper-iwmmxt.h.inc


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 15/22] target/arm/tcg: Extract SVE2 definitions to 'helper-sve.h.inc'

[Richard Henderson]

On 6/9/23 03:47, Philippe Mathieu-Daudé wrote:

helper.h is used by all units, but not all require the
SVE2 definitions. We already have helper-sve.h.inc for
SVE* definitions, move them there. The next commit will
remove it from the common helper.h.

Signed-off-by: Philippe Mathieu-Daudé
---
  target/arm/helper.h | 46 -
  target/arm/tcg/helper-sve.h.inc | 46 +
  2 files changed, 46 insertions(+), 46 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 14/22] target/arm/tcg: Reduce 'helper-neon.h.inc' inclusion

[Richard Henderson]

On 6/9/23 03:47, Philippe Mathieu-Daudé wrote:

Instead of including helper-neon.h.inc via helper.h which
is included by all TCG files, restrict it to the few files
that require it.

Signed-off-by: Philippe Mathieu-Daudé
---
  target/arm/helper.h | 1 -
  target/arm/tcg/neon_helper.c| 6 +-
  target/arm/tcg/translate-a64.c  | 5 +
  target/arm/tcg/translate-neon.c | 6 ++
  target/arm/tcg/translate-sme.c  | 5 +
  target/arm/tcg/translate.c  | 5 +
  target/arm/tcg/vec_helper.c | 5 +
  7 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 2cf25f0605..82c34df538 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -608,5 +608,4 @@ DEF_HELPER_FLAGS_5(gvec_uclamp_d, TCG_CALL_NO_RWG,
  #include "tcg/helper-sme.h.inc"
  #endif
  
-#include "tcg/helper-neon.h.inc"

  #include "tcg/helper-mve.h.inc"
diff --git a/target/arm/tcg/neon_helper.c b/target/arm/tcg/neon_helper.c
index 0a4ab3e42c..3346a897ad 100644
--- a/target/arm/tcg/neon_helper.c
+++ b/target/arm/tcg/neon_helper.c
@@ -9,10 +9,14 @@
  #include "qemu/osdep.h"
  
  #include "cpu.h"

-#include "exec/helper-proto.h"
  #include "fpu/softfloat.h"
  #include "vec_internal.h"
  
+#define HELPER_H "tcg/helper-neon.h.inc"

+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+


Again, none of the *_helper.c need helper-gen.h.inc, only prototypes.


r~

Re: [PATCH 13/22] target/arm/tcg: Extract NEON definitions to 'helper-neon.h.inc'

[Richard Henderson]

On 6/9/23 03:47, Philippe Mathieu-Daudé wrote:

helper.h is used by all units, but not all require the NEON
definitions. Move them to a new header; the next commit will
remove it from the common helper.h.

Signed-off-by: Philippe Mathieu-Daudé
---
  target/arm/helper.h  | 206 +--
  target/arm/tcg/helper-neon.h.inc | 205 ++
  2 files changed, 206 insertions(+), 205 deletions(-)
  create mode 100644 target/arm/tcg/helper-neon.h.inc


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 12/22] target/arm/tcg: Move neon_tbl() from op_helper.c to neon_helper.c

[Richard Henderson]

On 6/9/23 03:47, Philippe Mathieu-Daudé wrote:

neon_tbl() helper is only called by NEON files. No need
to have it in the generic op_helper.c, move it with the
rest of the NEON helpers.

Signed-off-by: Philippe Mathieu-Daudé
---
  target/arm/tcg/neon_helper.c | 22 ++
  target/arm/tcg/op_helper.c   | 22 --
  2 files changed, 22 insertions(+), 22 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH v3 12/14] simpletrace: added simplified Analyzer2 class

[Mads Ynddal]

> On 8 Jun 2023, at 14.41, Mads Ynddal  wrote:
> 
> From: Mads Ynddal 
> 
> By moving the dynamic argument construction to keyword-arguments,
> we can remove all of the specialized handling, and streamline it.
> If a tracing method wants to access these, they can define the
> kwargs, or ignore it be placing `**kwargs` at the end of the
> function's arguments list.
> 
> Added deprecation warning to Analyzer class to make users aware
> of the Analyzer2 class. No removal date is planned.
> 
> Signed-off-by: Mads Ynddal 
> ---
> scripts/simpletrace.py | 72 ++
> 1 file changed, 72 insertions(+)

I noticed I'm missing Analyzer2 in __all__

Re: [PATCH 11/22] target/arm/tcg: Reduce 'helper-vfp.h.inc' inclusion

[Richard Henderson]

On 6/9/23 03:47, Philippe Mathieu-Daudé wrote:

Instead of including helper-vfp.h.inc via helper.h which
is included by all TCG files, restrict it to the few files
that require it.

Signed-off-by: Philippe Mathieu-Daudé
---
  target/arm/helper.h | 1 -
  target/arm/tcg/mve_helper.c | 5 +
  target/arm/tcg/sve_helper.c | 4 
  target/arm/tcg/translate-a64.c  | 5 +
  target/arm/tcg/translate-neon.c | 5 +
  target/arm/tcg/translate-vfp.c  | 6 ++
  target/arm/tcg/vec_helper.c | 5 +
  target/arm/vfp_helper.c | 5 +
  8 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 9d85675d17..4d1b7ec6b4 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -813,5 +813,4 @@ DEF_HELPER_FLAGS_5(gvec_uclamp_d, TCG_CALL_NO_RWG,
  #include "tcg/helper-sme.h.inc"
  #endif
  
-#include "tcg/helper-vfp.h.inc"

  #include "tcg/helper-mve.h.inc"
diff --git a/target/arm/tcg/mve_helper.c b/target/arm/tcg/mve_helper.c
index 403b345ea3..9914f45b16 100644
--- a/target/arm/tcg/mve_helper.c
+++ b/target/arm/tcg/mve_helper.c
@@ -27,6 +27,11 @@
  #include "tcg/tcg.h"
  #include "fpu/softfloat.h"
  
+#define HELPER_H "tcg/helper-vfp.h.inc"

+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H
+


Again, none of the *_helper.c need helper-gen.h.inc, only prototypes.


r~

Re: [PATCH 10/22] target/arm/tcg: Extract VFP definitions to 'helper-vfp.h.inc'

[Richard Henderson]

On 6/9/23 03:47, Philippe Mathieu-Daudé wrote:

helper.h is used by all units, but not all require the VFP
definitions. Move them to a new header; the next commit will
remove it from the common helper.h.

Signed-off-by: Philippe Mathieu-Daudé
---
  target/arm/helper.h | 137 +---
  target/arm/tcg/helper-vfp.h.inc | 136 +++
  2 files changed, 137 insertions(+), 136 deletions(-)
  create mode 100644 target/arm/tcg/helper-vfp.h.inc


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 09/22] target/arm/tcg: Reduce 'helper-iwmmxt.h.inc' inclusion

[Richard Henderson]

On 6/9/23 03:47, Philippe Mathieu-Daudé wrote:

Instead of including helper-iwmmxt.h.inc via helper.h which
is included by all TCG files, restrict it to the few files
that require it.

Signed-off-by: Philippe Mathieu-Daudé 
---
  target/arm/helper.h   | 1 -
  target/arm/tcg/iwmmxt_helper.c| 6 +-
  target/arm/tcg/translate-iwmmxt.c | 6 ++
  3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index c4a321c0ea..dd12fee107 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -949,5 +949,4 @@ DEF_HELPER_FLAGS_5(gvec_uclamp_d, TCG_CALL_NO_RWG,
  #include "tcg/helper-sme.h.inc"
  #endif
  
-#include "tcg/helper-iwmmxt.h.inc"

  #include "tcg/helper-mve.h.inc"
diff --git a/target/arm/tcg/iwmmxt_helper.c b/target/arm/tcg/iwmmxt_helper.c
index 610b1b2103..fa84b5f672 100644
--- a/target/arm/tcg/iwmmxt_helper.c
+++ b/target/arm/tcg/iwmmxt_helper.c
@@ -22,7 +22,11 @@
  #include "qemu/osdep.h"
  
  #include "cpu.h"

-#include "exec/helper-proto.h"
+
+#define HELPER_H "tcg/helper-iwmmxt.h.inc"
+#include "exec/helper-proto.h.inc"
+#include "exec/helper-gen.h.inc"
+#undef  HELPER_H


You should only require helper-proto.h.inc here.

Otherwise,
Reviewed-by: Richard Henderson 

This was exactly the sort of thing that I had in mind.


r~

Re: [PATCH v4 0/1] ROM migration

[Vladimir Sementsov-Ogievskiy]

On 09.06.23 18:55, Michael S. Tsirkin wrote:

This is tagged, pull request will be delayed due to kvm forum though.


OK, thanks!



On Fri, Jun 09, 2023 at 04:32:40PM +0300, Vladimir Sementsov-Ogievskiy wrote:

ping.

On 22.05.23 23:17, Vladimir Sementsov-Ogievskiy wrote:

v4:
preparation patches are already merged to master
01: fix false-positive "error: ‘size’ may be used uninitialized",
  keep r-bs

Vladimir Sementsov-Ogievskiy (1):
pci: ROM preallocation for incoming migration

   hw/pci/pci.c | 79 ++--
   1 file changed, 46 insertions(+), 33 deletions(-)



--
Best regards,
Vladimir




--
Best regards,
Vladimir

Re: [PATCH 08/22] target/arm/tcg: Extract iwmmxt code to translate-iwmmxt.c

[Richard Henderson]

On 6/9/23 03:47, Philippe Mathieu-Daudé wrote:

Extract 1300 lines from the big enough translate.c.

Signed-off-by: Philippe Mathieu-Daudé
---
  target/arm/tcg/translate-iwmmxt.c | 1334 +
  target/arm/tcg/translate.c| 1312 
  target/arm/tcg/meson.build|1 +
  3 files changed, 1335 insertions(+), 1312 deletions(-)
  create mode 100644 target/arm/tcg/translate-iwmmxt.c


Reviewed-by: Richard Henderson 


r~

Re: [PATCH] tcg/tci: Fix MemOpIdx operand index for 3-operand memops

[Richard Henderson]

On 6/8/23 09:58, Philippe Mathieu-Daudé wrote:

On 8/6/23 18:29, Richard Henderson wrote:

Cut and paste error from the 4-operand memops.

Fixes: ab64da797740 ("tcg/tci: Adjust passing of MemOpIdx")


I had this patch tagged for review but you were quicker
(not sure I'd have caught the issue although)


Signed-off-by: Richard Henderson 
---
  tcg/tci/tcg-target.c.inc | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)


Reviewed-by: Philippe Mathieu-Daudé 




Applied to master, though it hasn't completely greened the board.


r~

Re: [PULL 0/1] maintainers queue

[Richard Henderson]

On 6/8/23 11:21, Jagannathan Raman wrote:

The following changes since commit 45ae97993a75f975f1a01d25564724c7e10a543f:

   Merge tag 'pull-tricore-20230607' of https://github.com/bkoppelmann/qemu 
into staging (2023-06-07 11:45:22 -0700)

are available in the Git repository at:

   https://gitlab.com/jraman/qemu.git tags/pull-maintainers-20230608

for you to fetch changes up to c45309f7a40083e5034fcb19e27e3c0b1b5ec6cd:

   maintainers: update maintainers list for vfio-user & multi-process QEMU 
(2023-06-08 14:16:08 -0400)


maintainers: update maintainers list for vfio-user & multi-process QEMU

Signed-off-by: Jagannathan Raman 


Jagannathan Raman (1):
   maintainers: update maintainers list for vfio-user & multi-process QEMU

  MAINTAINERS | 1 -
  1 file changed, 1 deletion(-)



Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/8.1 as 
appropriate.


r~

[PATCH 5/5] cmd646: move device-specific BMDMA registers to separate memory region

[Mark Cave-Ayland]

The aim here is to eliminate any device-specific registers from the main BMDMA
bar memory region so it can potentially be moved into the shared PCI IDE device.

For each BMDMA bus create a new cmd646-bmdma-specific memory region representing
the device-specific BMDMA registers and then map them using aliases onto the
existing BMDMAState memory region.

Signed-off-by: Mark Cave-Ayland 
---
 hw/ide/cmd646.c | 111 +++-
 include/hw/ide/cmd646.h |   4 ++
 2 files changed, 90 insertions(+), 25 deletions(-)

diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
index 9103da581f..dd495f2e1b 100644
--- a/hw/ide/cmd646.c
+++ b/hw/ide/cmd646.c
@@ -90,7 +90,6 @@ static uint64_t bmdma_read(void *opaque, hwaddr addr,
unsigned size)
 {
 BMDMAState *bm = opaque;
-PCIDevice *pci_dev = PCI_DEVICE(bm->pci_dev);
 uint32_t val;
 
 if (size != 1) {
@@ -101,19 +100,9 @@ static uint64_t bmdma_read(void *opaque, hwaddr addr,
 case 0:
 val = bm->cmd;
 break;
-case 1:
-val = pci_dev->config[MRDMODE];
-break;
 case 2:
 val = bm->status;
 break;
-case 3:
-if (bm == &bm->pci_dev->bmdma[0]) {
-val = pci_dev->config[UDIDETCR0];
-} else {
-val = pci_dev->config[UDIDETCR1];
-}
-break;
 default:
 val = 0xff;
 break;
@@ -127,7 +116,6 @@ static void bmdma_write(void *opaque, hwaddr addr,
 uint64_t val, unsigned size)
 {
 BMDMAState *bm = opaque;
-PCIDevice *pci_dev = PCI_DEVICE(bm->pci_dev);
 
 if (size != 1) {
 return;
@@ -138,23 +126,10 @@ static void bmdma_write(void *opaque, hwaddr addr,
 case 0:
 bmdma_cmd_writeb(bm, val);
 break;
-case 1:
-pci_dev->config[MRDMODE] =
-(pci_dev->config[MRDMODE] & ~0x30) | (val & 0x30);
-cmd646_update_dma_interrupts(pci_dev);
-cmd646_update_irq(pci_dev);
-break;
 case 2:
 bm->status = (val & 0x60) | (bm->status & 1) |
  (bm->status & ~val & 0x06);
 break;
-case 3:
-if (bm == &bm->pci_dev->bmdma[0]) {
-pci_dev->config[UDIDETCR0] = val;
-} else {
-pci_dev->config[UDIDETCR1] = val;
-}
-break;
 }
 }
 
@@ -181,6 +156,91 @@ static void bmdma_setup_bar(PCIIDEState *d)
 }
 }
 
+static uint64_t cmd646_bmdma_read(void *opaque, hwaddr addr, unsigned size)
+{
+BMDMAState *bm = opaque;
+PCIDevice *pci_dev = PCI_DEVICE(bm->pci_dev);
+uint32_t val;
+
+if (size != 1) {
+return ((uint64_t)1 << (size * 8)) - 1;
+}
+
+switch (addr & 3) {
+case 1:
+val = pci_dev->config[MRDMODE];
+break;
+case 3:
+if (bm == &bm->pci_dev->bmdma[0]) {
+val = pci_dev->config[UDIDETCR0];
+} else {
+val = pci_dev->config[UDIDETCR1];
+}
+break;
+default:
+val = 0xff;
+break;
+}
+
+trace_bmdma_read_cmd646(addr, val);
+return val;
+}
+
+static void cmd646_bmdma_write(void *opaque, hwaddr addr, uint64_t val,
+   unsigned size)
+{
+BMDMAState *bm = opaque;
+PCIDevice *pci_dev = PCI_DEVICE(bm->pci_dev);
+
+if (size != 1) {
+return;
+}
+
+trace_bmdma_write_cmd646(addr, val);
+switch (addr & 3) {
+case 1:
+pci_dev->config[MRDMODE] =
+(pci_dev->config[MRDMODE] & ~0x30) | (val & 0x30);
+cmd646_update_dma_interrupts(pci_dev);
+cmd646_update_irq(pci_dev);
+break;
+case 3:
+if (bm == &bm->pci_dev->bmdma[0]) {
+pci_dev->config[UDIDETCR0] = val;
+} else {
+pci_dev->config[UDIDETCR1] = val;
+}
+break;
+}
+}
+
+static const MemoryRegionOps cmd646_bmdma_ops = {
+.read = cmd646_bmdma_read,
+.write = cmd646_bmdma_write,
+};
+
+static void cmd646_bmdma_setup(PCIIDEState *d)
+{
+CMD646IDEState *s = CMD646_IDE(d);
+BMDMAState *bm;
+int i;
+
+/* Setup aliases for device-specific BMDMA registers */
+for (i = 0; i < 2; i++) {
+bm = &d->bmdma[i];
+memory_region_init_io(&s->bmdma_mem[i], OBJECT(d), &cmd646_bmdma_ops,
+  bm, "cmd646-bmdma", 4);
+memory_region_init_alias(&s->bmdma_mem_alias[i][0], OBJECT(d),
+ "cmd646-bmdma[1]", &s->bmdma_mem[i], 0x1, 1);
+memory_region_add_subregion(&bm->extra_io, 0x1,
+&s->bmdma_mem_alias[i][0]);
+memory_region_init_alias(&s->bmdma_mem_alias[i][1], OBJECT(d),
+ "cmd646-bmdma[3]", &s->bmdma_mem[i], 0x3, 1);
+memory_region_add_subregion(&bm->extra_io, 0x3,
+&s->bmdma_mem_alias[i][1]);
+}
+}
+
 static void cmd646_update_irq(PCIDevice *pd)
 {
 int pci_level;
@

[PATCH 2/5] cmd646: create separate header and QOM type for CMD646_IDE

[Mark Cave-Ayland]

This will enable CMD646-specific fields to be added to CMD6464IDEState in
future.

Signed-off-by: Mark Cave-Ayland 
---
 hw/ide/cmd646.c |  4 +++-
 include/hw/ide/cmd646.h | 38 ++
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 include/hw/ide/cmd646.h

diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
index 20f1e41d57..a3e227fba7 100644
--- a/hw/ide/cmd646.c
+++ b/hw/ide/cmd646.c
@@ -33,6 +33,7 @@
 #include "sysemu/reset.h"
 
 #include "hw/ide/pci.h"
+#include "hw/ide/cmd646.h"
 #include "trace.h"
 
 /* CMD646 specific */
@@ -339,9 +340,10 @@ static void cmd646_ide_class_init(ObjectClass *klass, void 
*data)
 }
 
 static const TypeInfo cmd646_ide_info = {
-.name  = "cmd646-ide",
+.name  = TYPE_CMD646_IDE,
 .parent= TYPE_PCI_IDE,
 .class_init= cmd646_ide_class_init,
+.instance_size = sizeof(CMD646IDEState),
 };
 
 static void cmd646_ide_register_types(void)
diff --git a/include/hw/ide/cmd646.h b/include/hw/ide/cmd646.h
new file mode 100644
index 00..4780b1132c
--- /dev/null
+++ b/include/hw/ide/cmd646.h
@@ -0,0 +1,38 @@
+/*
+ * QEMU IDE Emulation: PCI cmd646 support.
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ * Copyright (c) 2006 Openedhand Ltd.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef HW_IDE_CMD646_H
+#define HW_IDE_CMD646_H
+
+#define TYPE_CMD646_IDE "cmd646-ide"
+OBJECT_DECLARE_SIMPLE_TYPE(CMD646IDEState, CMD646_IDE)
+
+#include "hw/ide/pci.h"
+
+struct CMD646IDEState {
+PCIIDEState parent_obj;
+};
+
+#endif
-- 
2.30.2

[PATCH 3/5] cmd646: use TYPE_CMD646_IDE instead of hardcoded "cmd646-ide" string

[Mark Cave-Ayland]

Signed-off-by: Mark Cave-Ayland 
---
 hw/alpha/dp264.c   | 4 ++--
 hw/sparc64/sun4u.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index 03495e1e60..f2affecad9 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -13,7 +13,7 @@
 #include "alpha_sys.h"
 #include "qemu/error-report.h"
 #include "hw/rtc/mc146818rtc.h"
-#include "hw/ide/pci.h"
+#include "hw/ide/cmd646.h"
 #include "hw/isa/superio.h"
 #include "net/net.h"
 #include "qemu/cutils.h"
@@ -132,7 +132,7 @@ static void clipper_init(MachineState *machine)
 isa_create_simple(isa_bus, TYPE_SMC37C669_SUPERIO);
 
 /* IDE disk setup.  */
-pci_dev = pci_create_simple(pci_bus, -1, "cmd646-ide");
+pci_dev = pci_create_simple(pci_bus, -1, TYPE_CMD646_IDE);
 pci_ide_create_devs(pci_dev);
 
 /* Load PALcode.  Given that this is not "real" cpu palcode,
diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index e2858a0331..66b55eabd1 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -50,7 +50,7 @@
 #include "hw/sparc/sparc64.h"
 #include "hw/nvram/fw_cfg.h"
 #include "hw/sysbus.h"
-#include "hw/ide/pci.h"
+#include "hw/ide/cmd646.h"
 #include "hw/loader.h"
 #include "hw/fw-path-provider.h"
 #include "elf.h"
@@ -673,7 +673,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 qemu_macaddr_default_if_unset(&macaddr);
 }
 
-pci_dev = pci_new(PCI_DEVFN(3, 0), "cmd646-ide");
+pci_dev = pci_new(PCI_DEVFN(3, 0), TYPE_CMD646_IDE);
 qdev_prop_set_uint32(&pci_dev->qdev, "secondary", 1);
 pci_realize_and_unref(pci_dev, pci_busA, &error_fatal);
 pci_ide_create_devs(pci_dev);
-- 
2.30.2

[PATCH 1/5] cmd646: checkpatch fixes

[Mark Cave-Ayland]

Signed-off-by: Mark Cave-Ayland 
---
 hw/ide/cmd646.c | 13 +++--
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
index a68357c1c5..20f1e41d57 100644
--- a/hw/ide/cmd646.c
+++ b/hw/ide/cmd646.c
@@ -96,7 +96,7 @@ static uint64_t bmdma_read(void *opaque, hwaddr addr,
 return ((uint64_t)1 << (size * 8)) - 1;
 }
 
-switch(addr & 3) {
+switch (addr & 3) {
 case 0:
 val = bm->cmd;
 break;
@@ -133,7 +133,7 @@ static void bmdma_write(void *opaque, hwaddr addr,
 }
 
 trace_bmdma_write_cmd646(addr, val);
-switch(addr & 3) {
+switch (addr & 3) {
 case 0:
 bmdma_cmd_writeb(bm, val);
 break;
@@ -144,7 +144,8 @@ static void bmdma_write(void *opaque, hwaddr addr,
 cmd646_update_irq(pci_dev);
 break;
 case 2:
-bm->status = (val & 0x60) | (bm->status & 1) | (bm->status & ~val & 
0x06);
+bm->status = (val & 0x60) | (bm->status & 1) |
+ (bm->status & ~val & 0x06);
 break;
 case 3:
 if (bm == &bm->pci_dev->bmdma[0]) {
@@ -167,7 +168,7 @@ static void bmdma_setup_bar(PCIIDEState *d)
 int i;
 
 memory_region_init(&d->bmdma_bar, OBJECT(d), "cmd646-bmdma", 16);
-for(i = 0;i < 2; i++) {
+for (i = 0; i < 2; i++) {
 bm = &d->bmdma[i];
 memory_region_init_io(&bm->extra_io, OBJECT(d), &cmd646_bmdma_ops, bm,
   "cmd646-bmdma-bus", 4);
@@ -255,7 +256,7 @@ static void pci_cmd646_ide_realize(PCIDevice *dev, Error 
**errp)
 
 pci_conf[PCI_CLASS_PROG] = 0x8f;
 
-pci_conf[CNTRL] = CNTRL_EN_CH0; // enable IDE0
+pci_conf[CNTRL] = CNTRL_EN_CH0; /* enable IDE0 */
 if (d->secondary) {
 /* XXX: if not enabled, really disable the seconday IDE controller */
 pci_conf[CNTRL] |= CNTRL_EN_CH1; /* enable IDE1 */
@@ -289,7 +290,7 @@ static void pci_cmd646_ide_realize(PCIDevice *dev, Error 
**errp)
 pci_register_bar(dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &d->bmdma_bar);
 
 /* TODO: RST# value should be 0 */
-pci_conf[PCI_INTERRUPT_PIN] = 0x01; // interrupt on pin 1
+pci_conf[PCI_INTERRUPT_PIN] = 0x01; /* interrupt on pin 1 */
 
 qdev_init_gpio_in(ds, cmd646_set_irq, 2);
 for (i = 0; i < 2; i++) {
-- 
2.30.2

[PATCH 0/5] cmd646: move device-specific BMDMA registers to separate memory region

[Mark Cave-Ayland]

This series follows on from a comment I made on Bernhard's PCI IDE tidy-up 
series [1]
that it should be possible to further consolidate the BMDMA registers into the 
PCI
IDE device with some minor rework to the CMD646 device.

It does this by moving the CMD646 device-specific BMDMA registers to a separate
memory region, and then aliasing the device-specific BMDMA registers from 
the existing BMDMAState memory region. With this in place it should be fairly
trivial to extend the consolidation implementation in [1].

Before "info mtree" output:
8200-820f (prio 1, i/o): cmd646-bmdma
  8200-8203 (prio 0, i/o): cmd646-bmdma-bus
  8204-8207 (prio 0, i/o): cmd646-bmdma-ioport
  8208-820b (prio 0, i/o): cmd646-bmdma-bus
  820c-820f (prio 0, i/o): cmd646-bmdma-ioport

After "info mtree" output:
8200-820f (prio 1, i/o): cmd646-bmdma
  8200-8203 (prio 0, i/o): cmd646-bmdma-bus
8201-8201 (prio 0, i/o): alias cmd646-bmdma[1] 
@cmd646-bmdma 0001-0001
8203-8203 (prio 0, i/o): alias cmd646-bmdma[3] 
@cmd646-bmdma 0003-0003
  8204-8207 (prio 0, i/o): cmd646-bmdma-ioport
  8208-820b (prio 0, i/o): cmd646-bmdma-bus
8209-8209 (prio 0, i/o): alias cmd646-bmdma[1] 
@cmd646-bmdma 0001-0001
820b-820b (prio 0, i/o): alias cmd646-bmdma[3] 
@cmd646-bmdma 0003-0003
  820c-820f (prio 0, i/o): cmd646-bmdma-ioport

The series was tested by confirming that breakpoints on the CMD646-specific
BMDMA registers were being hit and that my test Debian install ISO still
boots under qemu-system-sparc64.

Signed-off-by: Mark Cave-Ayland 

[1] https://patchew.org/QEMU/20230422150728.176512-1-shen...@gmail.com/


Mark Cave-Ayland (5):
  cmd646: checkpatch fixes
  cmd646: create separate header and QOM type for CMD646_IDE
  cmd646: use TYPE_CMD646_IDE instead of hardcoded "cmd646-ide" string
  cmd646: rename cmd646_bmdma_ops to bmdma_ops
  cmd646: move device-specific BMDMA registers to separate memory region

 hw/alpha/dp264.c|   4 +-
 hw/ide/cmd646.c | 122 ++--
 hw/sparc64/sun4u.c  |   4 +-
 include/hw/ide/cmd646.h |  42 ++
 4 files changed, 139 insertions(+), 33 deletions(-)
 create mode 100644 include/hw/ide/cmd646.h

-- 
2.30.2

[PATCH 4/5] cmd646: rename cmd646_bmdma_ops to bmdma_ops

[Mark Cave-Ayland]

This is to allow us to use the cmd646_bmdma_ops name for the CMD646
device-specific registers in the next commit.

Signed-off-by: Mark Cave-Ayland 
---
 hw/ide/cmd646.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
index a3e227fba7..9103da581f 100644
--- a/hw/ide/cmd646.c
+++ b/hw/ide/cmd646.c
@@ -158,7 +158,7 @@ static void bmdma_write(void *opaque, hwaddr addr,
 }
 }
 
-static const MemoryRegionOps cmd646_bmdma_ops = {
+static const MemoryRegionOps bmdma_ops = {
 .read = bmdma_read,
 .write = bmdma_write,
 };
@@ -171,7 +171,7 @@ static void bmdma_setup_bar(PCIIDEState *d)
 memory_region_init(&d->bmdma_bar, OBJECT(d), "cmd646-bmdma", 16);
 for (i = 0; i < 2; i++) {
 bm = &d->bmdma[i];
-memory_region_init_io(&bm->extra_io, OBJECT(d), &cmd646_bmdma_ops, bm,
+memory_region_init_io(&bm->extra_io, OBJECT(d), &bmdma_ops, bm,
   "cmd646-bmdma-bus", 4);
 memory_region_add_subregion(&d->bmdma_bar, i * 8, &bm->extra_io);
 memory_region_init_io(&bm->addr_ioport, OBJECT(d),
-- 
2.30.2

Re: [PATCH] target/riscv/vector_helper.c: clean up reference of MTYPE

[Daniel Henrique Barboza]

On 6/8/23 02:35, Xiao Wang wrote:

There's no code using MTYPE, which was a concept used in older vector
implementation.

Signed-off-by: Xiao Wang 
---


Reviewed-by: Daniel Henrique Barboza 


  target/riscv/vector_helper.c | 6 +-
  1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
index f261e726c2..1e06e7447c 100644
--- a/target/riscv/vector_helper.c
+++ b/target/riscv/vector_helper.c
@@ -378,7 +378,7 @@ vext_ldst_us(void *vd, target_ulong base, CPURISCVState 
*env, uint32_t desc,
  
  /*

   * masked unit-stride load and store operation will be a special case of
- * stride, stride = NF * sizeof (MTYPE)
+ * stride, stride = NF * sizeof (ETYPE)
   */
  
  #define GEN_VEXT_LD_US(NAME, ETYPE, LOAD_FN)\

@@ -650,10 +650,6 @@ GEN_VEXT_LDFF(vle64ff_v, int64_t, lde_d)
  #define DO_MAX(N, M)  ((N) >= (M) ? (N) : (M))
  #define DO_MIN(N, M)  ((N) >= (M) ? (M) : (N))
  
-/* Unsigned min/max */

-#define DO_MAXU(N, M) DO_MAX((UMTYPE)N, (UMTYPE)M)
-#define DO_MINU(N, M) DO_MIN((UMTYPE)N, (UMTYPE)M)
-
  /*
   * load and store whole register instructions
   */

[PATCH] host/include/x86_64: Use __m128i for "x" constraints

[Richard Henderson]

The macOS catalina compiler produces an error for __int128_t
as the type for allocation with SSE inline asm constraint.
Create a new X86Int128Union type and use the vector type for
all SSE register inputs and outputs.

Signed-off-by: Richard Henderson 
---
 host/include/x86_64/host/atomic128-ldst.h | 25 ---
 .../x86_64/host/load-extract-al16-al8.h   |  8 +++---
 2 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/host/include/x86_64/host/atomic128-ldst.h 
b/host/include/x86_64/host/atomic128-ldst.h
index adc9332f91..8d6f909d3c 100644
--- a/host/include/x86_64/host/atomic128-ldst.h
+++ b/host/include/x86_64/host/atomic128-ldst.h
@@ -8,12 +8,19 @@
  * atomic primitive is meant to provide.
  */
 
-#ifndef AARCH64_ATOMIC128_LDST_H
-#define AARCH64_ATOMIC128_LDST_H
+#ifndef X86_64_ATOMIC128_LDST_H
+#define X86_64_ATOMIC128_LDST_H
 
 #ifdef CONFIG_INT128_TYPE
 #include "host/cpuinfo.h"
 #include "tcg/debug-assert.h"
+#include 
+
+typedef union {
+__m128i v;
+__int128_t i;
+Int128 s;
+} X86Int128Union;
 
 /*
  * Through clang 16, with -mcx16, __atomic_load_n is incorrectly
@@ -25,10 +32,10 @@
 
 static inline Int128 atomic16_read_ro(const Int128 *ptr)
 {
-Int128Alias r;
+X86Int128Union r;
 
 tcg_debug_assert(HAVE_ATOMIC128_RO);
-asm("vmovdqa %1, %0" : "=x" (r.i) : "m" (*ptr));
+asm("vmovdqa %1, %0" : "=x" (r.v) : "m" (*ptr));
 
 return r.s;
 }
@@ -36,10 +43,10 @@ static inline Int128 atomic16_read_ro(const Int128 *ptr)
 static inline Int128 atomic16_read_rw(Int128 *ptr)
 {
 __int128_t *ptr_align = __builtin_assume_aligned(ptr, 16);
-Int128Alias r;
+X86Int128Union r;
 
 if (HAVE_ATOMIC128_RO) {
-asm("vmovdqa %1, %0" : "=x" (r.i) : "m" (*ptr_align));
+asm("vmovdqa %1, %0" : "=x" (r.v) : "m" (*ptr_align));
 } else {
 r.i = __sync_val_compare_and_swap_16(ptr_align, 0, 0);
 }
@@ -49,10 +56,10 @@ static inline Int128 atomic16_read_rw(Int128 *ptr)
 static inline void atomic16_set(Int128 *ptr, Int128 val)
 {
 __int128_t *ptr_align = __builtin_assume_aligned(ptr, 16);
-Int128Alias new = { .s = val };
+X86Int128Union new = { .s = val };
 
 if (HAVE_ATOMIC128_RO) {
-asm("vmovdqa %1, %0" : "=m"(*ptr_align) : "x" (new.i));
+asm("vmovdqa %1, %0" : "=m"(*ptr_align) : "x" (new.v));
 } else {
 __int128_t old;
 do {
@@ -65,4 +72,4 @@ static inline void atomic16_set(Int128 *ptr, Int128 val)
 #include "host/include/generic/host/atomic128-ldst.h"
 #endif
 
-#endif /* AARCH64_ATOMIC128_LDST_H */
+#endif /* X86_64_ATOMIC128_LDST_H */
diff --git a/host/include/x86_64/host/load-extract-al16-al8.h 
b/host/include/x86_64/host/load-extract-al16-al8.h
index 31b6fe8c45..baa506b7b5 100644
--- a/host/include/x86_64/host/load-extract-al16-al8.h
+++ b/host/include/x86_64/host/load-extract-al16-al8.h
@@ -9,7 +9,7 @@
 #define X86_64_LOAD_EXTRACT_AL16_AL8_H
 
 #ifdef CONFIG_INT128_TYPE
-#include "host/cpuinfo.h"
+#include "host/atomic128-ldst.h"
 
 /**
  * load_atom_extract_al16_or_al8:
@@ -26,7 +26,7 @@ load_atom_extract_al16_or_al8(void *pv, int s)
 uintptr_t pi = (uintptr_t)pv;
 __int128_t *ptr_align = (__int128_t *)(pi & ~7);
 int shr = (pi & 7) * 8;
-Int128Alias r;
+X86Int128Union r;
 
 /*
  * ptr_align % 16 is now only 0 or 8.
@@ -35,9 +35,9 @@ load_atom_extract_al16_or_al8(void *pv, int s)
  * when ptr_align % 16 == 0 for 16-byte atomicity.
  */
 if ((cpuinfo & CPUINFO_ATOMIC_VMOVDQU) || (pi & 8)) {
-asm("vmovdqu %1, %0" : "=x" (r.i) : "m" (*ptr_align));
+asm("vmovdqu %1, %0" : "=x" (r.v) : "m" (*ptr_align));
 } else {
-asm("vmovdqa %1, %0" : "=x" (r.i) : "m" (*ptr_align));
+asm("vmovdqa %1, %0" : "=x" (r.v) : "m" (*ptr_align));
 }
 return int128_getlo(int128_urshift(r.s, shr));
 }
-- 
2.34.1

Re: [PATCH 07/22] target/arm/tcg: Expose some iwmmxt methods in 'translate.h'

[Richard Henderson]

On 6/9/23 03:47, Philippe Mathieu-Daudé wrote:

Expose a few methods and variables before extracting iwmmxt
code from translate.c.

Signed-off-by: Philippe Mathieu-Daudé
---
  target/arm/tcg/translate.h | 6 ++
  target/arm/tcg/translate.c | 8 
  2 files changed, 10 insertions(+), 4 deletions(-)


Reviewed-by: Richard Henderson 

Re: [PATCH 06/22] target/arm/tcg: Fix iwmmxt-related code style

[Richard Henderson]

On 6/9/23 03:47, Philippe Mathieu-Daudé wrote:

In order to be able to move the iwmmxt-related code,
fix its style to avoid:

   ERROR: braces {} are necessary for all arms of this statement
   ERROR: space prohibited before that '++' (ctx:WxB)

Signed-off-by: Philippe Mathieu-Daudé
---
  target/arm/tcg/translate.c | 227 +++--
  1 file changed, 141 insertions(+), 86 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 03/22] target/arm/tcg: Remove CONFIG_TCG #ifdef'ry check

[Richard Henderson]

On 6/9/23 03:46, Philippe Mathieu-Daudé wrote:

CONFIG_TCG is always defined within target/arm/tcg/.

Signed-off-by: Philippe Mathieu-Daudé
---
  target/arm/tcg/cpu32.c| 4 +---
  target/arm/tcg/m_helper.c | 6 --
  2 files changed, 1 insertion(+), 9 deletions(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH 02/22] accel/tcg/cpu-exec: Use generic 'helper-proto-common.h' header

[Richard Henderson]

On 6/9/23 03:46, Philippe Mathieu-Daudé wrote:

We only need lookup_tb_ptr() typedef.

Signed-off-by: Philippe Mathieu-Daudé
---
  accel/tcg/cpu-exec.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)


prototype, not typedef.

Reviewed-by: Richard Henderson 


r~

Re: [PATCH 01/22] plugins: Remove unused 'exec/helper-proto.h' header

[Richard Henderson]

On 6/9/23 03:46, Philippe Mathieu-Daudé wrote:

Signed-off-by: Philippe Mathieu-Daudé
---
  plugins/core.c | 1 -
  1 file changed, 1 deletion(-)


Reviewed-by: Richard Henderson 

r~

Re: [PATCH] host/include/x86_64: Use __m128i for "x" constraints

[Peter Maydell]

On Fri, 9 Jun 2023 at 18:58, Richard Henderson
 wrote:
>
> The macOS catalina compiler produces an error for __int128_t
> as the type for allocation with SSE inline asm constraint.
> Create a new X86Int128Union type and use the vector type for
> all SSE register inputs and outputs.
>
> Signed-off-by: Richard Henderson 
> ---
>  host/include/x86_64/host/atomic128-ldst.h | 25 ---
>  .../x86_64/host/load-extract-al16-al8.h   |  8 +++---
>  2 files changed, 20 insertions(+), 13 deletions(-)

Yep, this fixes the build on my x86 macos box; thanks!

Tested-by: Peter Maydell 

-- PMM

Re: [PATCH] target/arm: Return correct result for LDG when ATA=0

[Richard Henderson]

On 6/9/23 08:54, Peter Maydell wrote:

The LDG instruction loads the tag from a memory address (identified
by [Xn + offset]), and then merges that tag into the destination
register Xt. We implemented this correctly for the case when
allocation tags are enabled, but didn't get it right when ATA=0:
instead of merging the tag bits into Xt, we merged them into the
memory address [Xn + offset] and then set Xt to that.

Merge the tag bits into the old Xt value, as they should be.

Cc:qemu-sta...@nongnu.org
Fixes: c15294c1e36a7dd9b25 ("target/arm: Implement LDG, STG, ST2G instructions")
Signed-off-by: Peter Maydell
---
Spotted this while I was doing decodetree conversion stuff.
I guess nobody runs with MTE available but not turned on :-)


Indeed.  :-)

Reviewed-by: Richard Henderson 


r~

[PATCH v3 0/8] Implement Most ARMv8.3 Pointer Authentication Features

[Aaron Lindsay]

Changes from v2 of this patchset [0]:
- Remove properties for EPAC, Pauth2, FPAC, FPACCombined
- Separate out aa64isar2 addition into its own patch
- Comment clarifications
- Several code formatting/simplifications
- Rebase on top of latest upstream changes (for example, those which
  reorganized decoding PAC branch instructions)

[0] - https://lists.nongnu.org/archive/html/qemu-devel/2023-02/msg06494.html

Aaron Lindsay (8):
  target/arm: Add ID_AA64ISAR2_EL1
  target/arm: v8.3 PAC ID_AA64ISAR[12] feature-detection
  target/arm: Implement v8.3 QARMA3 PAC cipher
  target/arm: Implement v8.3 EnhancedPAC
  target/arm: Implement v8.3 Pauth2
  targer/arm: Inform helpers whether a PAC instruction is 'combined'
  target/arm: Implement v8.3 FPAC and FPACCOMBINE
  target/arm: Add CPU property for QARMA3, enable FPACCombined by
default

 target/arm/cpu.h   |  67 +++-
 target/arm/cpu64.c |  48 ++---
 target/arm/helper.c|   4 +-
 target/arm/hvf/hvf.c   |   1 +
 target/arm/kvm64.c |   2 +
 target/arm/syndrome.h  |   7 ++
 target/arm/tcg/helper-a64.h|   4 +
 target/arm/tcg/pauth_helper.c  | 189 ++---
 target/arm/tcg/translate-a64.c |  12 +--
 9 files changed, 270 insertions(+), 64 deletions(-)

-- 
2.25.1

[PATCH v3 2/8] target/arm: v8.3 PAC ID_AA64ISAR[12] feature-detection

[Aaron Lindsay]

Signed-off-by: Aaron Lindsay 
---
 target/arm/cpu.h  | 65 +--
 target/arm/tcg/pauth_helper.c |  2 +-
 2 files changed, 63 insertions(+), 4 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index df04c9a9ab..22dd898577 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3714,18 +3714,77 @@ static inline bool isar_feature_aa64_pauth(const 
ARMISARegisters *id)
 (FIELD_DP64(0, ID_AA64ISAR1, APA, 0xf) |
  FIELD_DP64(0, ID_AA64ISAR1, API, 0xf) |
  FIELD_DP64(0, ID_AA64ISAR1, GPA, 0xf) |
- FIELD_DP64(0, ID_AA64ISAR1, GPI, 0xf))) != 0;
+ FIELD_DP64(0, ID_AA64ISAR1, GPI, 0xf))) != 0 ||
+   (id->id_aa64isar2 &
+(FIELD_DP64(0, ID_AA64ISAR2, APA3, 0xf) |
+ FIELD_DP64(0, ID_AA64ISAR2, GPA3, 0xf))) != 0;
 }
 
-static inline bool isar_feature_aa64_pauth_arch(const ARMISARegisters *id)
+static inline bool isar_feature_aa64_pauth_arch_qarma5(const ARMISARegisters 
*id)
 {
 /*
- * Return true if pauth is enabled with the architected QARMA algorithm.
+ * Return true if pauth is enabled with the architected QARMA5 algorithm.
  * QEMU will always set APA+GPA to the same value.
  */
 return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, APA) != 0;
 }
 
+static inline bool isar_feature_aa64_pauth_arch_qarma3(const ARMISARegisters 
*id)
+{
+/*
+ * Return true if pauth is enabled with the architected QARMA3 algorithm.
+ * QEMU will always set APA3+GPA3 to the same result.
+ */
+return FIELD_EX64(id->id_aa64isar2, ID_AA64ISAR2, APA3) != 0;
+}
+
+static inline bool isar_feature_aa64_pauth_arch(const ARMISARegisters *id)
+{
+return isar_feature_aa64_pauth_arch_qarma5(id) ||
+isar_feature_aa64_pauth_arch_qarma3(id);
+}
+
+static inline int isar_feature_pauth_get_features(const ARMISARegisters *id)
+{
+if (isar_feature_aa64_pauth_arch_qarma5(id)) {
+return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, APA);
+} else if (isar_feature_aa64_pauth_arch_qarma3(id)) {
+return FIELD_EX64(id->id_aa64isar2, ID_AA64ISAR2, APA3);
+} else {
+return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, API);
+}
+}
+
+static inline bool isar_feature_aa64_pauth_epac(const ARMISARegisters *id)
+{
+/*
+ * Note that unlike most AArch64 features, EPAC is treated (in the ARM
+ * psedocode, at least) as not being implemented by larger values of this
+ * field. Our usage of '>=' rather than '==' here causes our implementation
+ * of PAC logic to diverge from ARM pseudocode - we must check that
+ * isar_feature_aa64_pauth2() returns false AND
+ * isar_feature_aa64_pauth_epac() returns true, where the pseudocode reads
+ * as if EPAC is not implemented if the value of this register is > 0b10.
+ * See the implementation of pauth_addpac() for an example.
+ */
+return isar_feature_pauth_get_features(id) >= 0b0010;
+}
+
+static inline bool isar_feature_aa64_pauth2(const ARMISARegisters *id)
+{
+return isar_feature_pauth_get_features(id) >= 0b0011;
+}
+
+static inline bool isar_feature_aa64_fpac(const ARMISARegisters *id)
+{
+return isar_feature_pauth_get_features(id) >= 0b0100;
+}
+
+static inline bool isar_feature_aa64_fpac_combine(const ARMISARegisters *id)
+{
+return isar_feature_pauth_get_features(id) >= 0b0101;
+}
+
 static inline bool isar_feature_aa64_tlbirange(const ARMISARegisters *id)
 {
 return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, TLB) == 2;
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index 62af569341..3ff4610a26 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -282,7 +282,7 @@ static uint64_t pauth_computepac_impdef(uint64_t data, 
uint64_t modifier,
 static uint64_t pauth_computepac(CPUARMState *env, uint64_t data,
  uint64_t modifier, ARMPACKey key)
 {
-if (cpu_isar_feature(aa64_pauth_arch, env_archcpu(env))) {
+if (cpu_isar_feature(aa64_pauth_arch_qarma5, env_archcpu(env))) {
 return pauth_computepac_architected(data, modifier, key);
 } else {
 return pauth_computepac_impdef(data, modifier, key);
-- 
2.25.1

[PATCH v3 7/8] target/arm: Implement v8.3 FPAC and FPACCOMBINE

[Aaron Lindsay]

Signed-off-by: Aaron Lindsay 
---
 target/arm/syndrome.h |  7 +++
 target/arm/tcg/pauth_helper.c | 16 
 2 files changed, 23 insertions(+)

diff --git a/target/arm/syndrome.h b/target/arm/syndrome.h
index d27d1bc31f..bf79c539d9 100644
--- a/target/arm/syndrome.h
+++ b/target/arm/syndrome.h
@@ -49,6 +49,7 @@ enum arm_exception_class {
 EC_SYSTEMREGISTERTRAP = 0x18,
 EC_SVEACCESSTRAP  = 0x19,
 EC_ERETTRAP   = 0x1a,
+EC_PACFAIL= 0x1c,
 EC_SMETRAP= 0x1d,
 EC_INSNABORT  = 0x20,
 EC_INSNABORT_SAME_EL  = 0x21,
@@ -231,6 +232,12 @@ static inline uint32_t syn_smetrap(SMEExceptionType etype, 
bool is_16bit)
 | (is_16bit ? 0 : ARM_EL_IL) | etype;
 }
 
+static inline uint32_t syn_pacfail(bool data, int keynumber)
+{
+int error_code = (data << 1) | keynumber;
+return (EC_PACFAIL << ARM_EL_EC_SHIFT) | ARM_EL_IL | error_code;
+}
+
 static inline uint32_t syn_pactrap(void)
 {
 return EC_PACTRAP << ARM_EL_EC_SHIFT;
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index 278d6d36bc..f42945257f 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -395,6 +395,13 @@ static uint64_t pauth_original_ptr(uint64_t ptr, 
ARMVAParameters param)
 }
 }
 
+static G_NORETURN
+void pauth_fail_exception(CPUARMState *env, bool data, int keynumber, 
uintptr_t ra)
+{
+int target_el = exception_target_el(env);
+raise_exception_ra(env, EXCP_UDEF, syn_pacfail(data, keynumber), 
target_el, ra);
+}
+
 static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
ARMPACKey *key, bool data, int keynumber,
uintptr_t ra, bool is_combined)
@@ -414,6 +421,15 @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, 
uint64_t modifier,
 uint64_t xor_mask = MAKE_64BIT_MASK(bot_bit, top_bit - bot_bit + 1) &
 ~MAKE_64BIT_MASK(55, 1);
 result = ptr ^ (pac & xor_mask);
+if (cpu_isar_feature(aa64_fpac_combine, cpu)
+|| (cpu_isar_feature(aa64_fpac, cpu) && !is_combined)) {
+int fpac_top = param.tbi ? 55 : 64;
+uint64_t fpac_mask = MAKE_64BIT_MASK(bot_bit, fpac_top - bot_bit);
+test = (result ^ sextract64(result, 55, 1)) & fpac_mask;
+if (unlikely(test)) {
+pauth_fail_exception(env, data, keynumber, ra);
+}
+}
 } else {
 test = (pac ^ ptr) & ~MAKE_64BIT_MASK(55, 1);
 if (unlikely(extract64(test, bot_bit, top_bit - bot_bit))) {
-- 
2.25.1

[PATCH v3 3/8] target/arm: Implement v8.3 QARMA3 PAC cipher

[Aaron Lindsay]

Signed-off-by: Aaron Lindsay 
Reviewed-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target/arm/tcg/pauth_helper.c | 54 ---
 1 file changed, 44 insertions(+), 10 deletions(-)

diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index 3ff4610a26..68942015e1 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -96,6 +96,21 @@ static uint64_t pac_sub(uint64_t i)
 return o;
 }
 
+static uint64_t pac_sub1(uint64_t i)
+{
+static const uint8_t sub1[16] = {
+0xa, 0xd, 0xe, 0x6, 0xf, 0x7, 0x3, 0x5,
+0x9, 0x8, 0x0, 0xc, 0xb, 0x1, 0x2, 0x4,
+};
+uint64_t o = 0;
+int b;
+
+for (b = 0; b < 64; b += 4) {
+o |= (uint64_t)sub1[(i >> b) & 0xf] << b;
+}
+return o;
+}
+
 static uint64_t pac_inv_sub(uint64_t i)
 {
 static const uint8_t inv_sub[16] = {
@@ -209,7 +224,7 @@ static uint64_t tweak_inv_shuffle(uint64_t i)
 }
 
 static uint64_t pauth_computepac_architected(uint64_t data, uint64_t modifier,
- ARMPACKey key)
+ ARMPACKey key, bool isqarma3)
 {
 static const uint64_t RC[5] = {
 0xull,
@@ -219,6 +234,7 @@ static uint64_t pauth_computepac_architected(uint64_t data, 
uint64_t modifier,
 0x452821E638D01377ull,
 };
 const uint64_t alpha = 0xC0AC29B7C97C50DDull;
+int iterations = isqarma3 ? 2 : 4;
 /*
  * Note that in the ARM pseudocode, key0 contains bits <127:64>
  * and key1 contains bits <63:0> of the 128-bit key.
@@ -231,7 +247,7 @@ static uint64_t pauth_computepac_architected(uint64_t data, 
uint64_t modifier,
 runningmod = modifier;
 workingval = data ^ key0;
 
-for (i = 0; i <= 4; ++i) {
+for (i = 0; i <= iterations; ++i) {
 roundkey = key1 ^ runningmod;
 workingval ^= roundkey;
 workingval ^= RC[i];
@@ -239,32 +255,48 @@ static uint64_t pauth_computepac_architected(uint64_t 
data, uint64_t modifier,
 workingval = pac_cell_shuffle(workingval);
 workingval = pac_mult(workingval);
 }
-workingval = pac_sub(workingval);
+if (isqarma3) {
+workingval = pac_sub1(workingval);
+} else {
+workingval = pac_sub(workingval);
+}
 runningmod = tweak_shuffle(runningmod);
 }
 roundkey = modk0 ^ runningmod;
 workingval ^= roundkey;
 workingval = pac_cell_shuffle(workingval);
 workingval = pac_mult(workingval);
-workingval = pac_sub(workingval);
+if (isqarma3) {
+workingval = pac_sub1(workingval);
+} else {
+workingval = pac_sub(workingval);
+}
 workingval = pac_cell_shuffle(workingval);
 workingval = pac_mult(workingval);
 workingval ^= key1;
 workingval = pac_cell_inv_shuffle(workingval);
-workingval = pac_inv_sub(workingval);
+if (isqarma3) {
+workingval = pac_sub1(workingval);
+} else {
+workingval = pac_inv_sub(workingval);
+}
 workingval = pac_mult(workingval);
 workingval = pac_cell_inv_shuffle(workingval);
 workingval ^= key0;
 workingval ^= runningmod;
-for (i = 0; i <= 4; ++i) {
-workingval = pac_inv_sub(workingval);
-if (i < 4) {
+for (i = 0; i <= iterations; ++i) {
+if (isqarma3) {
+workingval = pac_sub1(workingval);
+} else {
+workingval = pac_inv_sub(workingval);
+}
+if (i < iterations) {
 workingval = pac_mult(workingval);
 workingval = pac_cell_inv_shuffle(workingval);
 }
 runningmod = tweak_inv_shuffle(runningmod);
 roundkey = key1 ^ runningmod;
-workingval ^= RC[4 - i];
+workingval ^= RC[iterations - i];
 workingval ^= roundkey;
 workingval ^= alpha;
 }
@@ -283,7 +315,9 @@ static uint64_t pauth_computepac(CPUARMState *env, uint64_t 
data,
  uint64_t modifier, ARMPACKey key)
 {
 if (cpu_isar_feature(aa64_pauth_arch_qarma5, env_archcpu(env))) {
-return pauth_computepac_architected(data, modifier, key);
+return pauth_computepac_architected(data, modifier, key, false);
+} else if (cpu_isar_feature(aa64_pauth_arch_qarma3, env_archcpu(env))) {
+return pauth_computepac_architected(data, modifier, key, true);
 } else {
 return pauth_computepac_impdef(data, modifier, key);
 }
-- 
2.25.1

[PATCH v3 5/8] target/arm: Implement v8.3 Pauth2

[Aaron Lindsay]

Signed-off-by: Aaron Lindsay 
Reviewed-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target/arm/tcg/pauth_helper.c | 33 +++--
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index 1e9159c313..b0282d1a05 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -352,7 +352,9 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t 
ptr, uint64_t modifier,
  */
 test = sextract64(ptr, bot_bit, top_bit - bot_bit);
 if (test != 0 && test != -1) {
-if (cpu_isar_feature(aa64_pauth_epac, cpu)) {
+if (cpu_isar_feature(aa64_pauth2, cpu)) {
+/* No action required */
+} else if (cpu_isar_feature(aa64_pauth_epac, cpu)) {
 pac = 0;
 } else {
 /*
@@ -367,6 +369,9 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t 
ptr, uint64_t modifier,
  * Preserve the determination between upper and lower at bit 55,
  * and insert pointer authentication code.
  */
+if (cpu_isar_feature(aa64_pauth2, cpu)) {
+pac ^= ptr;
+}
 if (param.tbi) {
 ptr &= ~MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1);
 pac &= MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1);
@@ -393,26 +398,34 @@ static uint64_t pauth_original_ptr(uint64_t ptr, 
ARMVAParameters param)
 static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
ARMPACKey *key, bool data, int keynumber)
 {
+ARMCPU *cpu = env_archcpu(env);
 ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
 ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
 int bot_bit, top_bit;
-uint64_t pac, orig_ptr, test;
+uint64_t pac, orig_ptr, test, result;
 
 orig_ptr = pauth_original_ptr(ptr, param);
 pac = pauth_computepac(env, orig_ptr, modifier, *key);
 bot_bit = 64 - param.tsz;
 top_bit = 64 - 8 * param.tbi;
 
-test = (pac ^ ptr) & ~MAKE_64BIT_MASK(55, 1);
-if (unlikely(extract64(test, bot_bit, top_bit - bot_bit))) {
-int error_code = (keynumber << 1) | (keynumber ^ 1);
-if (param.tbi) {
-return deposit64(orig_ptr, 53, 2, error_code);
-} else {
-return deposit64(orig_ptr, 61, 2, error_code);
+if (cpu_isar_feature(aa64_pauth2, cpu)) {
+uint64_t xor_mask = MAKE_64BIT_MASK(bot_bit, top_bit - bot_bit + 1) &
+~MAKE_64BIT_MASK(55, 1);
+result = ptr ^ (pac & xor_mask);
+} else {
+test = (pac ^ ptr) & ~MAKE_64BIT_MASK(55, 1);
+if (unlikely(extract64(test, bot_bit, top_bit - bot_bit))) {
+int error_code = (keynumber << 1) | (keynumber ^ 1);
+if (param.tbi) {
+return deposit64(orig_ptr, 53, 2, error_code);
+} else {
+return deposit64(orig_ptr, 61, 2, error_code);
+}
 }
+result = orig_ptr;
 }
-return orig_ptr;
+return result;
 }
 
 static uint64_t pauth_strip(CPUARMState *env, uint64_t ptr, bool data)
-- 
2.25.1

[PATCH v3 8/8] target/arm: Add CPU property for QARMA3, enable FPACCombined by default

[Aaron Lindsay]

Signed-off-by: Aaron Lindsay 
---
 target/arm/cpu.h   |  1 +
 target/arm/cpu64.c | 48 +++---
 2 files changed, 34 insertions(+), 15 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 22dd898577..0c4c6c9c82 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1061,6 +1061,7 @@ struct ArchCPU {
  */
 bool prop_pauth;
 bool prop_pauth_impdef;
+bool prop_pauth_qarma3;
 bool prop_lpa2;
 
 /* DCZ blocksize, in log_2(words), ie low 4 bits of DCZID_EL0 */
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index 6eaf8e32cf..b0a5af7a31 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -473,9 +473,6 @@ void aarch64_add_sme_properties(Object *obj)
 
 void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
 {
-int arch_val = 0, impdef_val = 0;
-uint64_t t;
-
 /* Exit early if PAuth is enabled, and fall through to disable it */
 if ((kvm_enabled() || hvf_enabled()) && cpu->prop_pauth) {
 if (!cpu_isar_feature(aa64_pauth, cpu)) {
@@ -486,30 +483,50 @@ void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp)
 return;
 }
 
-/* TODO: Handle HaveEnhancedPAC, HaveEnhancedPAC2, HaveFPAC. */
+/* Write the features into the correct field for the algorithm in use */
 if (cpu->prop_pauth) {
+uint64_t t;
+
+if (cpu->prop_pauth_impdef && cpu->prop_pauth_qarma3) {
+error_setg(errp, "Cannot set both qarma3 ('pauth-qarma3') and "
+"impdef ('pauth-impdef') pointer authentication ciphers");
+return;
+}
+
+/* Implement FEAT_FPACCOMBINE for address authentication and enable
+ * generic authentication for the chosen cipher.
+ */
+int address_auth = 0b0101;
+int generic_auth = 0b0001;
+
 if (cpu->prop_pauth_impdef) {
-impdef_val = 1;
+t = cpu->isar.id_aa64isar1;
+t = FIELD_DP64(t, ID_AA64ISAR1, API, address_auth);
+t = FIELD_DP64(t, ID_AA64ISAR1, GPI, generic_auth);
+cpu->isar.id_aa64isar1 = t;
+} else if (cpu->prop_pauth_qarma3) {
+t = cpu->isar.id_aa64isar2;
+t = FIELD_DP64(t, ID_AA64ISAR2, APA3, address_auth);
+t = FIELD_DP64(t, ID_AA64ISAR2, GPA3, generic_auth);
+cpu->isar.id_aa64isar2 = t;
 } else {
-arch_val = 1;
+t = cpu->isar.id_aa64isar1;
+t = FIELD_DP64(t, ID_AA64ISAR1, APA, address_auth);
+t = FIELD_DP64(t, ID_AA64ISAR1, GPA, generic_auth);
+cpu->isar.id_aa64isar1 = t;
 }
-} else if (cpu->prop_pauth_impdef) {
-error_setg(errp, "cannot enable pauth-impdef without pauth");
+} else if (cpu->prop_pauth_impdef || cpu->prop_pauth_qarma3) {
+error_setg(errp, "cannot enable pauth-impdef or pauth-qarma3 without 
pauth");
 error_append_hint(errp, "Add pauth=on to the CPU property list.\n");
 }
-
-t = cpu->isar.id_aa64isar1;
-t = FIELD_DP64(t, ID_AA64ISAR1, APA, arch_val);
-t = FIELD_DP64(t, ID_AA64ISAR1, GPA, arch_val);
-t = FIELD_DP64(t, ID_AA64ISAR1, API, impdef_val);
-t = FIELD_DP64(t, ID_AA64ISAR1, GPI, impdef_val);
-cpu->isar.id_aa64isar1 = t;
 }
 
 static Property arm_cpu_pauth_property =
 DEFINE_PROP_BOOL("pauth", ARMCPU, prop_pauth, true);
 static Property arm_cpu_pauth_impdef_property =
 DEFINE_PROP_BOOL("pauth-impdef", ARMCPU, prop_pauth_impdef, false);
+static Property arm_cpu_pauth_qarma3_property =
+DEFINE_PROP_BOOL("pauth-qarma3", ARMCPU, prop_pauth_qarma3, false);
 
 void aarch64_add_pauth_properties(Object *obj)
 {
@@ -529,6 +546,7 @@ void aarch64_add_pauth_properties(Object *obj)
 cpu->prop_pauth = cpu_isar_feature(aa64_pauth, cpu);
 } else {
 qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_impdef_property);
+qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_qarma3_property);
 }
 }
 
-- 
2.25.1

[PATCH v3 4/8] target/arm: Implement v8.3 EnhancedPAC

[Aaron Lindsay]

Signed-off-by: Aaron Lindsay 
Reviewed-by: Peter Maydell 
Reviewed-by: Richard Henderson 
---
 target/arm/tcg/pauth_helper.c | 15 ++-
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index 68942015e1..1e9159c313 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -326,6 +326,7 @@ static uint64_t pauth_computepac(CPUARMState *env, uint64_t 
data,
 static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,
  ARMPACKey *key, bool data)
 {
+ARMCPU *cpu = env_archcpu(env);
 ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
 ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data, false);
 uint64_t pac, ext_ptr, ext, test;
@@ -351,11 +352,15 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t 
ptr, uint64_t modifier,
  */
 test = sextract64(ptr, bot_bit, top_bit - bot_bit);
 if (test != 0 && test != -1) {
-/*
- * Note that our top_bit is one greater than the pseudocode's
- * version, hence "- 2" here.
- */
-pac ^= MAKE_64BIT_MASK(top_bit - 2, 1);
+if (cpu_isar_feature(aa64_pauth_epac, cpu)) {
+pac = 0;
+} else {
+/*
+ * Note that our top_bit is one greater than the pseudocode's
+ * version, hence "- 2" here.
+ */
+pac ^= MAKE_64BIT_MASK(top_bit - 2, 1);
+}
 }
 
 /*
-- 
2.25.1

[PATCH v3 1/8] target/arm: Add ID_AA64ISAR2_EL1

[Aaron Lindsay]

Signed-off-by: Aaron Lindsay 
---
 target/arm/cpu.h | 1 +
 target/arm/helper.c  | 4 ++--
 target/arm/hvf/hvf.c | 1 +
 target/arm/kvm64.c   | 2 ++
 4 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 36c608f0e6..df04c9a9ab 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1023,6 +1023,7 @@ struct ArchCPU {
 uint32_t dbgdevid1;
 uint64_t id_aa64isar0;
 uint64_t id_aa64isar1;
+uint64_t id_aa64isar2;
 uint64_t id_aa64pfr0;
 uint64_t id_aa64pfr1;
 uint64_t id_aa64mmfr0;
diff --git a/target/arm/helper.c b/target/arm/helper.c
index d4bee43bd0..4ced2f71e5 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -8204,11 +8204,11 @@ void register_cp_regs_for_features(ARMCPU *cpu)
   .access = PL1_R, .type = ARM_CP_CONST,
   .accessfn = access_aa64_tid3,
   .resetvalue = cpu->isar.id_aa64isar1 },
-{ .name = "ID_AA64ISAR2_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
+{ .name = "ID_AA64ISAR2_EL1", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 2,
   .access = PL1_R, .type = ARM_CP_CONST,
   .accessfn = access_aa64_tid3,
-  .resetvalue = 0 },
+  .resetvalue = cpu->isar.id_aa64isar2 },
 { .name = "ID_AA64ISAR3_EL1_RESERVED", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 0, .crn = 0, .crm = 6, .opc2 = 3,
   .access = PL1_R, .type = ARM_CP_CONST,
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index 8f72624586..bf567b24db 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -847,6 +847,7 @@ static bool 
hvf_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
 { HV_SYS_REG_ID_AA64DFR1_EL1, &host_isar.id_aa64dfr1 },
 { HV_SYS_REG_ID_AA64ISAR0_EL1, &host_isar.id_aa64isar0 },
 { HV_SYS_REG_ID_AA64ISAR1_EL1, &host_isar.id_aa64isar1 },
+{ HV_SYS_REG_ID_AA64ISAR2_EL1, &host_isar.id_aa64isar2 },
 { HV_SYS_REG_ID_AA64MMFR0_EL1, &host_isar.id_aa64mmfr0 },
 { HV_SYS_REG_ID_AA64MMFR1_EL1, &host_isar.id_aa64mmfr1 },
 { HV_SYS_REG_ID_AA64MMFR2_EL1, &host_isar.id_aa64mmfr2 },
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index 94bbd9661f..e2d05d7fc0 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -306,6 +306,8 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
   ARM64_SYS_REG(3, 0, 0, 6, 0));
 err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64isar1,
   ARM64_SYS_REG(3, 0, 0, 6, 1));
+err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64isar2,
+  ARM64_SYS_REG(3, 0, 0, 6, 2));
 err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64mmfr0,
   ARM64_SYS_REG(3, 0, 0, 7, 0));
 err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64mmfr1,
-- 
2.25.1

[PATCH v3 6/8] targer/arm: Inform helpers whether a PAC instruction is 'combined'

[Aaron Lindsay]

An instruction is a 'combined' Pointer Authentication instruction if it
does something in addition to PAC - for instance, branching to or
loading an address from the authenticated pointer. Knowing whether a PAC
operation is 'combined' is needed to implement the FPACCOMBINE feature
for ARMv8.3.

Signed-off-by: Aaron Lindsay 
Reviewed-by: Richard Henderson 
---
 target/arm/tcg/helper-a64.h|  4 ++
 target/arm/tcg/pauth_helper.c  | 71 +++---
 target/arm/tcg/translate-a64.c | 12 +++---
 3 files changed, 68 insertions(+), 19 deletions(-)

diff --git a/target/arm/tcg/helper-a64.h b/target/arm/tcg/helper-a64.h
index 3d5957c11f..57cfd68569 100644
--- a/target/arm/tcg/helper-a64.h
+++ b/target/arm/tcg/helper-a64.h
@@ -90,9 +90,13 @@ DEF_HELPER_FLAGS_3(pacda, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_3(pacdb, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_3(pacga, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_3(autia, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autia_combined, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_3(autib, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autib_combined, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_3(autda, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autda_combined, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_3(autdb, TCG_CALL_NO_WG, i64, env, i64, i64)
+DEF_HELPER_FLAGS_3(autdb_combined, TCG_CALL_NO_WG, i64, env, i64, i64)
 DEF_HELPER_FLAGS_2(xpaci, TCG_CALL_NO_RWG_SE, i64, env, i64)
 DEF_HELPER_FLAGS_2(xpacd, TCG_CALL_NO_RWG_SE, i64, env, i64)
 
diff --git a/target/arm/tcg/pauth_helper.c b/target/arm/tcg/pauth_helper.c
index b0282d1a05..278d6d36bc 100644
--- a/target/arm/tcg/pauth_helper.c
+++ b/target/arm/tcg/pauth_helper.c
@@ -396,7 +396,8 @@ static uint64_t pauth_original_ptr(uint64_t ptr, 
ARMVAParameters param)
 }
 
 static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
-   ARMPACKey *key, bool data, int keynumber)
+   ARMPACKey *key, bool data, int keynumber,
+   uintptr_t ra, bool is_combined)
 {
 ARMCPU *cpu = env_archcpu(env);
 ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
@@ -518,44 +519,88 @@ uint64_t HELPER(pacga)(CPUARMState *env, uint64_t x, 
uint64_t y)
 return pac & 0xull;
 }
 
-uint64_t HELPER(autia)(CPUARMState *env, uint64_t x, uint64_t y)
+static uint64_t pauth_autia(CPUARMState *env, uint64_t x, uint64_t y,
+uintptr_t ra, bool is_combined)
 {
 int el = arm_current_el(env);
 if (!pauth_key_enabled(env, el, SCTLR_EnIA)) {
 return x;
 }
-pauth_check_trap(env, el, GETPC());
-return pauth_auth(env, x, y, &env->keys.apia, false, 0);
+pauth_check_trap(env, el, ra);
+return pauth_auth(env, x, y, &env->keys.apia, false, 0, ra, is_combined);
 }
 
-uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
+uint64_t HELPER(autia)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autia(env, x, y, GETPC(), false);
+}
+
+uint64_t HELPER(autia_combined)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autia(env, x, y, GETPC(), true);
+}
+
+static uint64_t pauth_autib(CPUARMState *env, uint64_t x, uint64_t y,
+uintptr_t ra, bool is_combined)
 {
 int el = arm_current_el(env);
 if (!pauth_key_enabled(env, el, SCTLR_EnIB)) {
 return x;
 }
-pauth_check_trap(env, el, GETPC());
-return pauth_auth(env, x, y, &env->keys.apib, false, 1);
+pauth_check_trap(env, el, ra);
+return pauth_auth(env, x, y, &env->keys.apib, false, 1, ra, is_combined);
 }
 
-uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
+uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autib(env, x, y, GETPC(), false);
+}
+
+uint64_t HELPER(autib_combined)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autib(env, x, y, GETPC(), true);
+}
+
+static uint64_t pauth_autda(CPUARMState *env, uint64_t x, uint64_t y,
+uintptr_t ra, bool is_combined)
 {
 int el = arm_current_el(env);
 if (!pauth_key_enabled(env, el, SCTLR_EnDA)) {
 return x;
 }
-pauth_check_trap(env, el, GETPC());
-return pauth_auth(env, x, y, &env->keys.apda, true, 0);
+pauth_check_trap(env, el, ra);
+return pauth_auth(env, x, y, &env->keys.apda, true, 0, ra, is_combined);
 }
 
-uint64_t HELPER(autdb)(CPUARMState *env, uint64_t x, uint64_t y)
+uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autda(env, x, y, GETPC(), false);
+}
+
+uint64_t HELPER(autda_combined)(CPUARMState *env, uint64_t x, uint64_t y)
+{
+return pauth_autda(env, x, y, GETPC(), true);
+}
+
+static uint64_t pauth_autdb(CPUARMState *env, uint64_t x, uint64_t y,
+uintptr_t ra, bool is_combined)
 {
 i

[PULL v4 10/10] meson.build: enable xenpv machine build for ARM

[Stefano Stabellini]

From: Vikram Garhwal 

Add CONFIG_XEN for aarch64 device to support build for ARM targets.

Signed-off-by: Vikram Garhwal 
Signed-off-by: Stefano Stabellini 
Reviewed-by: Alex Bennée 
---
 meson.build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index 481865bfa9..cfa98e9e25 100644
--- a/meson.build
+++ b/meson.build
@@ -136,7 +136,7 @@ endif
 if cpu in ['x86', 'x86_64', 'arm', 'aarch64']
   # i386 emulator provides xenpv machine type for multiple architectures
   accelerator_targets += {
-'CONFIG_XEN': ['i386-softmmu', 'x86_64-softmmu'],
+'CONFIG_XEN': ['i386-softmmu', 'x86_64-softmmu', 'aarch64-softmmu'],
   }
 endif
 if cpu in ['x86', 'x86_64']
-- 
2.25.1

[PULL v4 02/10] hw/i386/xen: rearrange xen_hvm_init_pc

[Stefano Stabellini]

From: Vikram Garhwal 

In preparation to moving most of xen-hvm code to an arch-neutral location,
move non IOREQ references to:
- xen_get_vmport_regs_pfn
- xen_suspend_notifier
- xen_wakeup_notifier
- xen_ram_init

towards the end of the xen_hvm_init_pc() function.

This is done to keep the common ioreq functions in one place which will be
moved to new function in next patch in order to make it common to both x86 and
aarch64 machines.

Signed-off-by: Vikram Garhwal 
Signed-off-by: Stefano Stabellini 
Reviewed-by: Paul Durrant 
---
 hw/i386/xen/xen-hvm.c | 49 ++-
 1 file changed, 25 insertions(+), 24 deletions(-)

diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c
index ab8f1b61ee..7a7764240e 100644
--- a/hw/i386/xen/xen-hvm.c
+++ b/hw/i386/xen/xen-hvm.c
@@ -1419,12 +1419,6 @@ void xen_hvm_init_pc(PCMachineState *pcms, MemoryRegion 
**ram_memory)
 state->exit.notify = xen_exit_notifier;
 qemu_add_exit_notifier(&state->exit);
 
-state->suspend.notify = xen_suspend_notifier;
-qemu_register_suspend_notifier(&state->suspend);
-
-state->wakeup.notify = xen_wakeup_notifier;
-qemu_register_wakeup_notifier(&state->wakeup);
-
 /*
  * Register wake-up support in QMP query-current-machine API
  */
@@ -1435,23 +1429,6 @@ void xen_hvm_init_pc(PCMachineState *pcms, MemoryRegion 
**ram_memory)
 goto err;
 }
 
-rc = xen_get_vmport_regs_pfn(xen_xc, xen_domid, &ioreq_pfn);
-if (!rc) {
-DPRINTF("shared vmport page at pfn %lx\n", ioreq_pfn);
-state->shared_vmport_page =
-xenforeignmemory_map(xen_fmem, xen_domid, PROT_READ|PROT_WRITE,
- 1, &ioreq_pfn, NULL);
-if (state->shared_vmport_page == NULL) {
-error_report("map shared vmport IO page returned error %d 
handle=%p",
- errno, xen_xc);
-goto err;
-}
-} else if (rc != -ENOSYS) {
-error_report("get vmport regs pfn returned error %d, rc=%d",
- errno, rc);
-goto err;
-}
-
 /* Note: cpus is empty at this point in init */
 state->cpu_by_vcpu_id = g_new0(CPUState *, max_cpus);
 
@@ -1490,7 +1467,6 @@ void xen_hvm_init_pc(PCMachineState *pcms, MemoryRegion 
**ram_memory)
 #else
 xen_map_cache_init(NULL, state);
 #endif
-xen_ram_init(pcms, ms->ram_size, ram_memory);
 
 qemu_add_vm_change_state_handler(xen_hvm_change_state_handler, state);
 
@@ -1511,6 +1487,31 @@ void xen_hvm_init_pc(PCMachineState *pcms, MemoryRegion 
**ram_memory)
 QLIST_INIT(&xen_physmap);
 xen_read_physmap(state);
 
+state->suspend.notify = xen_suspend_notifier;
+qemu_register_suspend_notifier(&state->suspend);
+
+state->wakeup.notify = xen_wakeup_notifier;
+qemu_register_wakeup_notifier(&state->wakeup);
+
+rc = xen_get_vmport_regs_pfn(xen_xc, xen_domid, &ioreq_pfn);
+if (!rc) {
+DPRINTF("shared vmport page at pfn %lx\n", ioreq_pfn);
+state->shared_vmport_page =
+xenforeignmemory_map(xen_fmem, xen_domid, PROT_READ|PROT_WRITE,
+ 1, &ioreq_pfn, NULL);
+if (state->shared_vmport_page == NULL) {
+error_report("map shared vmport IO page returned error %d 
handle=%p",
+ errno, xen_xc);
+goto err;
+}
+} else if (rc != -ENOSYS) {
+error_report("get vmport regs pfn returned error %d, rc=%d",
+ errno, rc);
+goto err;
+}
+
+xen_ram_init(pcms, ms->ram_size, ram_memory);
+
 /* Disable ACPI build because Xen handles it */
 pcms->acpi_build_enabled = false;
 
-- 
2.25.1

[PULL v4 06/10] hw/xen/xen-hvm-common: skip ioreq creation on ioreq registration failure

[Stefano Stabellini]

From: Stefano Stabellini 

On ARM it is possible to have a functioning xenpv machine with only the
PV backends and no IOREQ server. If the IOREQ server creation fails continue
to the PV backends initialization.

Also, moved the IOREQ registration and mapping subroutine to new function
xen_do_ioreq_register().

Signed-off-by: Stefano Stabellini 
Signed-off-by: Vikram Garhwal 
Reviewed-by: Stefano Stabellini 
Reviewed-by: Paul Durrant 
---
 hw/xen/xen-hvm-common.c | 57 +++--
 1 file changed, 38 insertions(+), 19 deletions(-)

diff --git a/hw/xen/xen-hvm-common.c b/hw/xen/xen-hvm-common.c
index a31b067404..cb82f4b83d 100644
--- a/hw/xen/xen-hvm-common.c
+++ b/hw/xen/xen-hvm-common.c
@@ -764,27 +764,12 @@ void xen_shutdown_fatal_error(const char *fmt, ...)
 qemu_system_shutdown_request(SHUTDOWN_CAUSE_HOST_ERROR);
 }
 
-void xen_register_ioreq(XenIOState *state, unsigned int max_cpus,
-MemoryListener xen_memory_listener)
+static void xen_do_ioreq_register(XenIOState *state,
+   unsigned int max_cpus,
+   MemoryListener xen_memory_listener)
 {
 int i, rc;
 
-setup_xen_backend_ops();
-
-state->xce_handle = qemu_xen_evtchn_open();
-if (state->xce_handle == NULL) {
-perror("xen: event channel open");
-goto err;
-}
-
-state->xenstore = xs_daemon_open();
-if (state->xenstore == NULL) {
-perror("xen: xenstore open");
-goto err;
-}
-
-xen_create_ioreq_server(xen_domid, &state->ioservid);
-
 state->exit.notify = xen_exit_notifier;
 qemu_add_exit_notifier(&state->exit);
 
@@ -849,12 +834,46 @@ void xen_register_ioreq(XenIOState *state, unsigned int 
max_cpus,
 QLIST_INIT(&state->dev_list);
 device_listener_register(&state->device_listener);
 
+return;
+
+err:
+error_report("xen hardware virtual machine initialisation failed");
+exit(1);
+}
+
+void xen_register_ioreq(XenIOState *state, unsigned int max_cpus,
+MemoryListener xen_memory_listener)
+{
+int rc;
+
+setup_xen_backend_ops();
+
+state->xce_handle = qemu_xen_evtchn_open();
+if (state->xce_handle == NULL) {
+perror("xen: event channel open");
+goto err;
+}
+
+state->xenstore = xs_daemon_open();
+if (state->xenstore == NULL) {
+perror("xen: xenstore open");
+goto err;
+}
+
+rc = xen_create_ioreq_server(xen_domid, &state->ioservid);
+if (!rc) {
+xen_do_ioreq_register(state, max_cpus, xen_memory_listener);
+} else {
+warn_report("xen: failed to create ioreq server");
+}
+
 xen_bus_init();
 
 xen_be_init();
 
 return;
+
 err:
-error_report("xen hardware virtual machine initialisation failed");
+error_report("xen hardware virtual machine backend registration failed");
 exit(1);
 }
-- 
2.25.1

[PULL v4 05/10] include/hw/xen/xen_common: return error from xen_create_ioreq_server

[Stefano Stabellini]

From: Stefano Stabellini 

From: Stefano Stabellini 

This is done to prepare for enabling xenpv support for ARM architecture.
On ARM it is possible to have a functioning xenpv machine with only the
PV backends and no IOREQ server. If the IOREQ server creation fails,
continue to the PV backends initialization.

Signed-off-by: Stefano Stabellini 
Signed-off-by: Vikram Garhwal 
Reviewed-by: Stefano Stabellini 
Reviewed-by: Paul Durrant 
---
 include/hw/xen/xen_native.h | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/include/hw/xen/xen_native.h b/include/hw/xen/xen_native.h
index f11eb423e3..4dce905fde 100644
--- a/include/hw/xen/xen_native.h
+++ b/include/hw/xen/xen_native.h
@@ -463,8 +463,8 @@ static inline void xen_unmap_pcidev(domid_t dom,
   PCI_FUNC(pci_dev->devfn));
 }
 
-static inline void xen_create_ioreq_server(domid_t dom,
-   ioservid_t *ioservid)
+static inline int xen_create_ioreq_server(domid_t dom,
+  ioservid_t *ioservid)
 {
 int rc = xendevicemodel_create_ioreq_server(xen_dmod, dom,
 HVM_IOREQSRV_BUFIOREQ_ATOMIC,
@@ -472,12 +472,14 @@ static inline void xen_create_ioreq_server(domid_t dom,
 
 if (rc == 0) {
 trace_xen_ioreq_server_create(*ioservid);
-return;
+return rc;
 }
 
 *ioservid = 0;
 use_default_ioreq_server = true;
 trace_xen_default_ioreq_server();
+
+return rc;
 }
 
 static inline void xen_destroy_ioreq_server(domid_t dom,
-- 
2.25.1

[PULL v4 09/10] hw/arm: introduce xenpvh machine

[Stefano Stabellini]

From: Vikram Garhwal 

Add a new machine xenpvh which creates a IOREQ server to register/connect with
Xen Hypervisor.

Optional: When CONFIG_TPM is enabled, it also creates a tpm-tis-device, adds a
TPM emulator and connects to swtpm running on host machine via chardev socket
and support TPM functionalities for a guest domain.

Extra command line for aarch64 xenpvh QEMU to connect to swtpm:
-chardev socket,id=chrtpm,path=/tmp/myvtpm2/swtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-machine tpm-base-addr=0x0c00 \

swtpm implements a TPM software emulator(TPM 1.2 & TPM 2) built on libtpms and
provides access to TPM functionality over socket, chardev and CUSE interface.
Github repo: https://github.com/stefanberger/swtpm
Example for starting swtpm on host machine:
mkdir /tmp/vtpm2
swtpm socket --tpmstate dir=/tmp/vtpm2 \
--ctrl type=unixio,path=/tmp/vtpm2/swtpm-sock &

Signed-off-by: Vikram Garhwal 
Signed-off-by: Stefano Stabellini 
Reviewed-by: Stefano Stabellini 
---
 docs/system/arm/xenpvh.rst|  34 +++
 docs/system/target-arm.rst|   1 +
 hw/arm/meson.build|   2 +
 hw/arm/xen_arm.c  | 181 ++
 include/hw/arm/xen_arch_hvm.h |   9 ++
 include/hw/xen/arch_hvm.h |   2 +
 6 files changed, 229 insertions(+)
 create mode 100644 docs/system/arm/xenpvh.rst
 create mode 100644 hw/arm/xen_arm.c
 create mode 100644 include/hw/arm/xen_arch_hvm.h

diff --git a/docs/system/arm/xenpvh.rst b/docs/system/arm/xenpvh.rst
new file mode 100644
index 00..e1655c7ab8
--- /dev/null
+++ b/docs/system/arm/xenpvh.rst
@@ -0,0 +1,34 @@
+XENPVH (``xenpvh``)
+=
+This machine creates a IOREQ server to register/connect with Xen Hypervisor.
+
+When TPM is enabled, this machine also creates a tpm-tis-device at a user input
+tpm base address, adds a TPM emulator and connects to a swtpm application
+running on host machine via chardev socket. This enables xenpvh to support TPM
+functionalities for a guest domain.
+
+More information about TPM use and installing swtpm linux application can be
+found at: docs/specs/tpm.rst.
+
+Example for starting swtpm on host machine:
+.. code-block:: console
+
+mkdir /tmp/vtpm2
+swtpm socket --tpmstate dir=/tmp/vtpm2 \
+--ctrl type=unixio,path=/tmp/vtpm2/swtpm-sock &
+
+Sample QEMU xenpvh commands for running and connecting with Xen:
+.. code-block:: console
+
+qemu-system-aarch64 -xen-domid 1 \
+-chardev socket,id=libxl-cmd,path=qmp-libxl-1,server=on,wait=off \
+-mon chardev=libxl-cmd,mode=control \
+-chardev socket,id=libxenstat-cmd,path=qmp-libxenstat-1,server=on,wait=off 
\
+-mon chardev=libxenstat-cmd,mode=control \
+-xen-attach -name guest0 -vnc none -display none -nographic \
+-machine xenpvh -m 1301 \
+-chardev socket,id=chrtpm,path=tmp/vtpm2/swtpm-sock \
+-tpmdev emulator,id=tpm0,chardev=chrtpm -machine tpm-base-addr=0x0C00
+
+In above QEMU command, last two lines are for connecting xenpvh QEMU to swtpm
+via chardev socket.
diff --git a/docs/system/target-arm.rst b/docs/system/target-arm.rst
index a12b6bca05..790ac1b8a2 100644
--- a/docs/system/target-arm.rst
+++ b/docs/system/target-arm.rst
@@ -107,6 +107,7 @@ undocumented; you can get a complete list by running
arm/stm32
arm/virt
arm/xlnx-versal-virt
+   arm/xenpvh
 
 Emulated CPU architecture support
 =
diff --git a/hw/arm/meson.build b/hw/arm/meson.build
index 870ec67376..4f94f821b0 100644
--- a/hw/arm/meson.build
+++ b/hw/arm/meson.build
@@ -63,6 +63,8 @@ arm_ss.add(when: 'CONFIG_FSL_IMX7', if_true: 
files('fsl-imx7.c', 'mcimx7d-sabre.
 arm_ss.add(when: 'CONFIG_ARM_SMMUV3', if_true: files('smmuv3.c'))
 arm_ss.add(when: 'CONFIG_FSL_IMX6UL', if_true: files('fsl-imx6ul.c', 
'mcimx6ul-evk.c'))
 arm_ss.add(when: 'CONFIG_NRF51_SOC', if_true: files('nrf51_soc.c'))
+arm_ss.add(when: 'CONFIG_XEN', if_true: files('xen_arm.c'))
+arm_ss.add_all(xen_ss)
 
 softmmu_ss.add(when: 'CONFIG_ARM_SMMUV3', if_true: files('smmu-common.c'))
 softmmu_ss.add(when: 'CONFIG_EXYNOS4', if_true: files('exynos4_boards.c'))
diff --git a/hw/arm/xen_arm.c b/hw/arm/xen_arm.c
new file mode 100644
index 00..19b1cb81ad
--- /dev/null
+++ b/hw/arm/xen_arm.c
@@ -0,0 +1,181 @@
+/*
+ * QEMU ARM Xen PVH Machine
+ *
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "A

[PULL v4 08/10] meson.build: do not set have_xen_pci_passthrough for aarch64 targets

[Stefano Stabellini]

From: Stefano Stabellini 

have_xen_pci_passthrough is only used for Xen x86 VMs.

Signed-off-by: Stefano Stabellini 
Reviewed-by: Alex Bennée 
---
 meson.build | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meson.build b/meson.build
index 34306a6205..481865bfa9 100644
--- a/meson.build
+++ b/meson.build
@@ -1726,6 +1726,8 @@ have_xen_pci_passthrough = 
get_option('xen_pci_passthrough') \
error_message: 'Xen PCI passthrough requested but Xen not enabled') 
\
   .require(targetos == 'linux',
error_message: 'Xen PCI passthrough not available on this 
platform') \
+  .require(cpu == 'x86'  or cpu == 'x86_64',
+   error_message: 'Xen PCI passthrough not available on this 
platform') \
   .allowed()
 
 
-- 
2.25.1

[PULL v4 07/10] hw/xen/xen-hvm-common: Use g_new and error_report

[Stefano Stabellini]

From: Vikram Garhwal 

Replace g_malloc with g_new and perror with error_report.

Signed-off-by: Vikram Garhwal 
Reviewed-by: Stefano Stabellini 
Reviewed-by: Paul Durrant 
---
 hw/xen/xen-hvm-common.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/xen/xen-hvm-common.c b/hw/xen/xen-hvm-common.c
index cb82f4b83d..42339c96bd 100644
--- a/hw/xen/xen-hvm-common.c
+++ b/hw/xen/xen-hvm-common.c
@@ -33,7 +33,7 @@ void xen_ram_alloc(ram_addr_t ram_addr, ram_addr_t size, 
MemoryRegion *mr,
 trace_xen_ram_alloc(ram_addr, size);
 
 nr_pfn = size >> TARGET_PAGE_BITS;
-pfn_list = g_malloc(sizeof (*pfn_list) * nr_pfn);
+pfn_list = g_new(xen_pfn_t, nr_pfn);
 
 for (i = 0; i < nr_pfn; i++) {
 pfn_list[i] = (ram_addr >> TARGET_PAGE_BITS) + i;
@@ -730,7 +730,7 @@ void destroy_hvm_domain(bool reboot)
 return;
 }
 if (errno != ENOTTY /* old Xen */) {
-perror("xendevicemodel_shutdown failed");
+error_report("xendevicemodel_shutdown failed with error %d", 
errno);
 }
 /* well, try the old thing then */
 }
@@ -784,7 +784,7 @@ static void xen_do_ioreq_register(XenIOState *state,
 }
 
 /* Note: cpus is empty at this point in init */
-state->cpu_by_vcpu_id = g_malloc0(max_cpus * sizeof(CPUState *));
+state->cpu_by_vcpu_id = g_new0(CPUState *, max_cpus);
 
 rc = xen_set_ioreq_server_state(xen_domid, state->ioservid, true);
 if (rc < 0) {
@@ -793,7 +793,7 @@ static void xen_do_ioreq_register(XenIOState *state,
 goto err;
 }
 
-state->ioreq_local_port = g_malloc0(max_cpus * sizeof (evtchn_port_t));
+state->ioreq_local_port = g_new0(evtchn_port_t, max_cpus);
 
 /* FIXME: how about if we overflow the page here? */
 for (i = 0; i < max_cpus; i++) {
@@ -850,13 +850,13 @@ void xen_register_ioreq(XenIOState *state, unsigned int 
max_cpus,
 
 state->xce_handle = qemu_xen_evtchn_open();
 if (state->xce_handle == NULL) {
-perror("xen: event channel open");
+error_report("xen: event channel open failed with error %d", errno);
 goto err;
 }
 
 state->xenstore = xs_daemon_open();
 if (state->xenstore == NULL) {
-perror("xen: xenstore open");
+error_report("xen: xenstore open failed with error %d", errno);
 goto err;
 }
 
-- 
2.25.1

[PULL v4 04/10] xen-hvm: reorganize xen-hvm and move common function to xen-hvm-common

[Stefano Stabellini]

From: Stefano Stabellini 

This patch does following:
1. creates arch_handle_ioreq() and arch_xen_set_memory(). This is done in
preparation for moving most of xen-hvm code to an arch-neutral location,
move the x86-specific portion of xen_set_memory to arch_xen_set_memory.
Also, move handle_vmport_ioreq to arch_handle_ioreq.

2. Pure code movement: move common functions to hw/xen/xen-hvm-common.c
Extract common functionalities from hw/i386/xen/xen-hvm.c and move them to
hw/xen/xen-hvm-common.c. These common functions are useful for creating
an IOREQ server.

xen_hvm_init_pc() contains the architecture independent code for creating
and mapping a IOREQ server, connecting memory and IO listeners, initializing
a xen bus and registering backends. Moved this common xen code to a new
function xen_register_ioreq() which can be used by both x86 and ARM 
machines.

Following functions are moved to hw/xen/xen-hvm-common.c:
xen_vcpu_eport(), xen_vcpu_ioreq(), xen_ram_alloc(), xen_set_memory(),
xen_region_add(), xen_region_del(), xen_io_add(), xen_io_del(),
xen_device_realize(), xen_device_unrealize(),
cpu_get_ioreq_from_shared_memory(), cpu_get_ioreq(), do_inp(),
do_outp(), rw_phys_req_item(), read_phys_req_item(),
write_phys_req_item(), cpu_ioreq_pio(), cpu_ioreq_move(),
cpu_ioreq_config(), handle_ioreq(), handle_buffered_iopage(),
handle_buffered_io(), cpu_handle_ioreq(), xen_main_loop_prepare(),
xen_hvm_change_state_handler(), xen_exit_notifier(),
xen_map_ioreq_server(), destroy_hvm_domain() and
xen_shutdown_fatal_error()

3. Removed static type from below functions:
1. xen_region_add()
2. xen_region_del()
3. xen_io_add()
4. xen_io_del()
5. xen_device_realize()
6. xen_device_unrealize()
7. xen_hvm_change_state_handler()
8. cpu_ioreq_pio()
9. xen_exit_notifier()

4. Replace TARGET_PAGE_SIZE with XC_PAGE_SIZE to match the page side with Xen.

Signed-off-by: Vikram Garhwal 
Signed-off-by: Stefano Stabellini 
Acked-by: Stefano Stabellini 
---
 hw/i386/xen/trace-events|   14 -
 hw/i386/xen/xen-hvm.c   | 1016 ++-
 hw/xen/meson.build  |5 +-
 hw/xen/trace-events |   14 +
 hw/xen/xen-hvm-common.c |  860 ++
 include/hw/i386/xen_arch_hvm.h  |   11 +
 include/hw/xen/arch_hvm.h   |3 +
 include/hw/xen/xen-hvm-common.h |   99 +++
 8 files changed, 1054 insertions(+), 968 deletions(-)
 create mode 100644 hw/xen/xen-hvm-common.c
 create mode 100644 include/hw/i386/xen_arch_hvm.h
 create mode 100644 include/hw/xen/arch_hvm.h
 create mode 100644 include/hw/xen/xen-hvm-common.h

diff --git a/hw/i386/xen/trace-events b/hw/i386/xen/trace-events
index a0c89d91c4..5d0a8d6dcf 100644
--- a/hw/i386/xen/trace-events
+++ b/hw/i386/xen/trace-events
@@ -7,17 +7,3 @@ xen_platform_log(char *s) "xen platform: %s"
 xen_pv_mmio_read(uint64_t addr) "WARNING: read from Xen PV Device MMIO space 
(address 0x%"PRIx64")"
 xen_pv_mmio_write(uint64_t addr) "WARNING: write to Xen PV Device MMIO space 
(address 0x%"PRIx64")"
 
-# xen-hvm.c
-xen_ram_alloc(unsigned long ram_addr, unsigned long size) "requested: 0x%lx, 
size 0x%lx"
-xen_client_set_memory(uint64_t start_addr, unsigned long size, bool log_dirty) 
"0x%"PRIx64" size 0x%lx, log_dirty %i"
-handle_ioreq(void *req, uint32_t type, uint32_t dir, uint32_t df, uint32_t 
data_is_ptr, uint64_t addr, uint64_t data, uint32_t count, uint32_t size) 
"I/O=%p type=%d dir=%d df=%d ptr=%d port=0x%"PRIx64" data=0x%"PRIx64" count=%d 
size=%d"
-handle_ioreq_read(void *req, uint32_t type, uint32_t df, uint32_t data_is_ptr, 
uint64_t addr, uint64_t data, uint32_t count, uint32_t size) "I/O=%p read 
type=%d df=%d ptr=%d port=0x%"PRIx64" data=0x%"PRIx64" count=%d size=%d"
-handle_ioreq_write(void *req, uint32_t type, uint32_t df, uint32_t 
data_is_ptr, uint64_t addr, uint64_t data, uint32_t count, uint32_t size) 
"I/O=%p write type=%d df=%d ptr=%d port=0x%"PRIx64" data=0x%"PRIx64" count=%d 
size=%d"
-cpu_ioreq_pio(void *req, uint32_t dir, uint32_t df, uint32_t data_is_ptr, 
uint64_t addr, uint64_t data, uint32_t count, uint32_t size) "I/O=%p pio dir=%d 
df=%d ptr=%d port=0x%"PRIx64" data=0x%"PRIx64" count=%d size=%d"
-cpu_ioreq_pio_read_reg(void *req, uint64_t data, uint64_t addr, uint32_t size) 
"I/O=%p pio read reg data=0x%"PRIx64" port=0x%"PRIx64" size=%d"
-cpu_ioreq_pio_write_reg(void *req, uint64_t data, uint64_t addr, uint32_t 
size) "I/O=%p pio write reg data=0x%"PRIx64" port=0x%"PRIx64" size=%d"
-cpu_ioreq_move(void *req, uint32_t dir, uint32_t df, uint32_t data_is_ptr, 
uint64_t addr, uint64_t data, uint32_t count, uint32_t size) "I/O=%p copy 
dir=%d df=%d ptr=%d port=0x%"PRIx64" data=0x%"PRIx64" count=%d size=%d"
-xen_map_resource_ioreq(uint32_t id, void *addr) "id: %u addr: %p"
-cpu_ioreq_config_read(void *req, uint32_t sbdf, uint32_t reg, 

[PULL v4 01/10] hw/i386/xen/: move xen-mapcache.c to hw/xen/

[Stefano Stabellini]

From: Vikram Garhwal 

xen-mapcache.c contains common functions which can be used for enabling Xen on
aarch64 with IOREQ handling. Moving it out from hw/i386/xen to hw/xen to make it
accessible for both aarch64 and x86.

Signed-off-by: Vikram Garhwal 
Signed-off-by: Stefano Stabellini 
Reviewed-by: Paul Durrant 
---
 hw/i386/meson.build  | 1 +
 hw/i386/xen/meson.build  | 1 -
 hw/i386/xen/trace-events | 5 -
 hw/xen/meson.build   | 4 
 hw/xen/trace-events  | 5 +
 hw/{i386 => }/xen/xen-mapcache.c | 0
 6 files changed, 10 insertions(+), 6 deletions(-)
 rename hw/{i386 => }/xen/xen-mapcache.c (100%)

diff --git a/hw/i386/meson.build b/hw/i386/meson.build
index 213e2e82b3..cfdbfdcbcb 100644
--- a/hw/i386/meson.build
+++ b/hw/i386/meson.build
@@ -33,5 +33,6 @@ subdir('kvm')
 subdir('xen')
 
 i386_ss.add_all(xenpv_ss)
+i386_ss.add_all(xen_ss)
 
 hw_arch += {'i386': i386_ss}
diff --git a/hw/i386/xen/meson.build b/hw/i386/xen/meson.build
index 2e64a34e16..3dc4c4f106 100644
--- a/hw/i386/xen/meson.build
+++ b/hw/i386/xen/meson.build
@@ -1,6 +1,5 @@
 i386_ss.add(when: 'CONFIG_XEN', if_true: files(
   'xen-hvm.c',
-  'xen-mapcache.c',
   'xen_apic.c',
   'xen_pvdevice.c',
 ))
diff --git a/hw/i386/xen/trace-events b/hw/i386/xen/trace-events
index 5d6be61090..a0c89d91c4 100644
--- a/hw/i386/xen/trace-events
+++ b/hw/i386/xen/trace-events
@@ -21,8 +21,3 @@ xen_map_resource_ioreq(uint32_t id, void *addr) "id: %u addr: 
%p"
 cpu_ioreq_config_read(void *req, uint32_t sbdf, uint32_t reg, uint32_t size, 
uint32_t data) "I/O=%p sbdf=0x%x reg=%u size=%u data=0x%x"
 cpu_ioreq_config_write(void *req, uint32_t sbdf, uint32_t reg, uint32_t size, 
uint32_t data) "I/O=%p sbdf=0x%x reg=%u size=%u data=0x%x"
 
-# xen-mapcache.c
-xen_map_cache(uint64_t phys_addr) "want 0x%"PRIx64
-xen_remap_bucket(uint64_t index) "index 0x%"PRIx64
-xen_map_cache_return(void* ptr) "%p"
-
diff --git a/hw/xen/meson.build b/hw/xen/meson.build
index 19c6aabc7c..202752e557 100644
--- a/hw/xen/meson.build
+++ b/hw/xen/meson.build
@@ -26,3 +26,7 @@ else
 endif
 
 specific_ss.add_all(when: ['CONFIG_XEN', xen], if_true: xen_specific_ss)
+
+xen_ss = ss.source_set()
+
+xen_ss.add(when: 'CONFIG_XEN', if_true: files('xen-mapcache.c'))
diff --git a/hw/xen/trace-events b/hw/xen/trace-events
index 55c9e1df68..f977c7c8c6 100644
--- a/hw/xen/trace-events
+++ b/hw/xen/trace-events
@@ -41,3 +41,8 @@ xs_node_vprintf(char *path, char *value) "%s %s"
 xs_node_vscanf(char *path, char *value) "%s %s"
 xs_node_watch(char *path) "%s"
 xs_node_unwatch(char *path) "%s"
+
+# xen-mapcache.c
+xen_map_cache(uint64_t phys_addr) "want 0x%"PRIx64
+xen_remap_bucket(uint64_t index) "index 0x%"PRIx64
+xen_map_cache_return(void* ptr) "%p"
diff --git a/hw/i386/xen/xen-mapcache.c b/hw/xen/xen-mapcache.c
similarity index 100%
rename from hw/i386/xen/xen-mapcache.c
rename to hw/xen/xen-mapcache.c
-- 
2.25.1

[PULL v4 03/10] hw/i386/xen/xen-hvm: move x86-specific fields out of XenIOState

[Stefano Stabellini]

From: Stefano Stabellini 

In preparation to moving most of xen-hvm code to an arch-neutral location, move:
- shared_vmport_page
- log_for_dirtybit
- dirty_bitmap
- suspend
- wakeup

out of XenIOState struct as these are only used on x86, especially the ones
related to dirty logging.
Updated XenIOState can be used for both aarch64 and x86.

Also, remove free_phys_offset as it was unused.

Signed-off-by: Stefano Stabellini 
Signed-off-by: Vikram Garhwal 
Reviewed-by: Paul Durrant 
Reviewed-by: Alex Bennée 
---
 hw/i386/xen/xen-hvm.c | 58 ---
 1 file changed, 27 insertions(+), 31 deletions(-)

diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c
index 7a7764240e..01bf947f1c 100644
--- a/hw/i386/xen/xen-hvm.c
+++ b/hw/i386/xen/xen-hvm.c
@@ -74,6 +74,7 @@ struct shared_vmport_iopage {
 };
 typedef struct shared_vmport_iopage shared_vmport_iopage_t;
 #endif
+static shared_vmport_iopage_t *shared_vmport_page;
 
 static inline uint32_t xen_vcpu_eport(shared_iopage_t *shared_page, int i)
 {
@@ -96,6 +97,11 @@ typedef struct XenPhysmap {
 } XenPhysmap;
 
 static QLIST_HEAD(, XenPhysmap) xen_physmap;
+static const XenPhysmap *log_for_dirtybit;
+/* Buffer used by xen_sync_dirty_bitmap */
+static unsigned long *dirty_bitmap;
+static Notifier suspend;
+static Notifier wakeup;
 
 typedef struct XenPciDevice {
 PCIDevice *pci_dev;
@@ -106,7 +112,6 @@ typedef struct XenPciDevice {
 typedef struct XenIOState {
 ioservid_t ioservid;
 shared_iopage_t *shared_page;
-shared_vmport_iopage_t *shared_vmport_page;
 buffered_iopage_t *buffered_io_page;
 xenforeignmemory_resource_handle *fres;
 QEMUTimer *buffered_io_timer;
@@ -126,14 +131,8 @@ typedef struct XenIOState {
 MemoryListener io_listener;
 QLIST_HEAD(, XenPciDevice) dev_list;
 DeviceListener device_listener;
-hwaddr free_phys_offset;
-const XenPhysmap *log_for_dirtybit;
-/* Buffer used by xen_sync_dirty_bitmap */
-unsigned long *dirty_bitmap;
 
 Notifier exit;
-Notifier suspend;
-Notifier wakeup;
 } XenIOState;
 
 /* Xen specific function for piix pci */
@@ -463,10 +462,10 @@ static int xen_remove_from_physmap(XenIOState *state,
 }
 
 QLIST_REMOVE(physmap, list);
-if (state->log_for_dirtybit == physmap) {
-state->log_for_dirtybit = NULL;
-g_free(state->dirty_bitmap);
-state->dirty_bitmap = NULL;
+if (log_for_dirtybit == physmap) {
+log_for_dirtybit = NULL;
+g_free(dirty_bitmap);
+dirty_bitmap = NULL;
 }
 g_free(physmap);
 
@@ -627,16 +626,16 @@ static void xen_sync_dirty_bitmap(XenIOState *state,
 return;
 }
 
-if (state->log_for_dirtybit == NULL) {
-state->log_for_dirtybit = physmap;
-state->dirty_bitmap = g_new(unsigned long, bitmap_size);
-} else if (state->log_for_dirtybit != physmap) {
+if (log_for_dirtybit == NULL) {
+log_for_dirtybit = physmap;
+dirty_bitmap = g_new(unsigned long, bitmap_size);
+} else if (log_for_dirtybit != physmap) {
 /* Only one range for dirty bitmap can be tracked. */
 return;
 }
 
 rc = xen_track_dirty_vram(xen_domid, start_addr >> TARGET_PAGE_BITS,
-  npages, state->dirty_bitmap);
+  npages, dirty_bitmap);
 if (rc < 0) {
 #ifndef ENODATA
 #define ENODATA  ENOENT
@@ -651,7 +650,7 @@ static void xen_sync_dirty_bitmap(XenIOState *state,
 }
 
 for (i = 0; i < bitmap_size; i++) {
-unsigned long map = state->dirty_bitmap[i];
+unsigned long map = dirty_bitmap[i];
 while (map != 0) {
 j = ctzl(map);
 map &= ~(1ul << j);
@@ -677,12 +676,10 @@ static void xen_log_start(MemoryListener *listener,
 static void xen_log_stop(MemoryListener *listener, MemoryRegionSection 
*section,
  int old, int new)
 {
-XenIOState *state = container_of(listener, XenIOState, memory_listener);
-
 if (old & ~new & (1 << DIRTY_MEMORY_VGA)) {
-state->log_for_dirtybit = NULL;
-g_free(state->dirty_bitmap);
-state->dirty_bitmap = NULL;
+log_for_dirtybit = NULL;
+g_free(dirty_bitmap);
+dirty_bitmap = NULL;
 /* Disable dirty bit tracking */
 xen_track_dirty_vram(xen_domid, 0, 0, NULL);
 }
@@ -1022,9 +1019,9 @@ static void handle_vmport_ioreq(XenIOState *state, 
ioreq_t *req)
 {
 vmware_regs_t *vmport_regs;
 
-assert(state->shared_vmport_page);
+assert(shared_vmport_page);
 vmport_regs =
-&state->shared_vmport_page->vcpu_vmport_regs[state->send_vcpu];
+&shared_vmport_page->vcpu_vmport_regs[state->send_vcpu];
 QEMU_BUILD_BUG_ON(sizeof(*req) < sizeof(*vmport_regs));
 
 current_cpu = state->cpu_by_vcpu_id[state->send_vcpu];
@@ -1472,7 +1469,6 @@ void xen_hvm_init_pc(PCMachineState *pcms, MemoryRegion 
**ram_memory)
 
 state->memory_listener = xen_memory_listener;

[PULL v4 0/10] xenpvh4-tag

[Stefano Stabellini]

Hi Peter,

Vikram fixed the gitlab test problem again. This time I am providing
proof that it is not introducing build regressions:

baseline: https://gitlab.com/sstabellini/qemu/-/pipelines/894578994
with new commits: https://gitlab.com/sstabellini/qemu/-/pipelines/894471770

Cheers,

Stefano


The following changes since commit 5f9dd6a8ce3961db4ce47411ed2097ad88bdf5fc:

  Merge tag 'pull-9p-20230608' of https://github.com/cschoenebeck/qemu into 
staging (2023-06-08 08:47:35 -0700)

are available in the Git repository at:

  https://gitlab.com/sstabellini/qemu xenpvh4-tag

for you to fetch changes up to 236c27fd61dd0961631076a56286dd108fe5ef1f:

  meson.build: enable xenpv machine build for ARM (2023-06-08 16:54:31 -0700)


Stefano Stabellini (5):
  hw/i386/xen/xen-hvm: move x86-specific fields out of XenIOState
  xen-hvm: reorganize xen-hvm and move common function to xen-hvm-common
  include/hw/xen/xen_common: return error from xen_create_ioreq_server
  hw/xen/xen-hvm-common: skip ioreq creation on ioreq registration failure
  meson.build: do not set have_xen_pci_passthrough for aarch64 targets

Vikram Garhwal (5):
  hw/i386/xen/: move xen-mapcache.c to hw/xen/
  hw/i386/xen: rearrange xen_hvm_init_pc
  hw/xen/xen-hvm-common: Use g_new and error_report
  hw/arm: introduce xenpvh machine
  meson.build: enable xenpv machine build for ARM

 docs/system/arm/xenpvh.rst   |   34 ++
 docs/system/target-arm.rst   |1 +
 hw/arm/meson.build   |2 +
 hw/arm/xen_arm.c |  181 +++
 hw/i386/meson.build  |1 +
 hw/i386/xen/meson.build  |1 -
 hw/i386/xen/trace-events |   19 -
 hw/i386/xen/xen-hvm.c| 1075 --
 hw/xen/meson.build   |7 +
 hw/xen/trace-events  |   19 +
 hw/xen/xen-hvm-common.c  |  879 +++
 hw/{i386 => }/xen/xen-mapcache.c |0
 include/hw/arm/xen_arch_hvm.h|9 +
 include/hw/i386/xen_arch_hvm.h   |   11 +
 include/hw/xen/arch_hvm.h|5 +
 include/hw/xen/xen-hvm-common.h  |   99 
 include/hw/xen/xen_native.h  |8 +-
 meson.build  |4 +-
 18 files changed, 1347 insertions(+), 1008 deletions(-)
 create mode 100644 docs/system/arm/xenpvh.rst
 create mode 100644 hw/arm/xen_arm.c
 create mode 100644 hw/xen/xen-hvm-common.c
 rename hw/{i386 => }/xen/xen-mapcache.c (100%)
 create mode 100644 include/hw/arm/xen_arch_hvm.h
 create mode 100644 include/hw/i386/xen_arch_hvm.h
 create mode 100644 include/hw/xen/arch_hvm.h
 create mode 100644 include/hw/xen/xen-hvm-common.h

Re: [PATCH v2] linux-user: Return EINVAL for getgroups() with negative gidsetsize

[Michael Tokarev]

09.06.2023 19:29, Peter Maydell wrote:

Coverity doesn't like the way we might end up calling getgroups()
with a NULL grouplist pointer. This is fine for the special case
of gidsetsize == 0, but we will also do it if the guest passes
us a negative gidsetsize. (CID 1512465)

Explicitly fail the negative gidsetsize with EINVAL, as the kernel
does. This means we definitely only call the libc getgroups()
with valid parameters. It also brings the getgroups() code in
to line with the setgroups() code.

Possibly Coverity may still complain about getgroups(0, NULL), but
that would be a false positive.

Signed-off-by: Peter Maydell 
---
v2: also change TARGET_NR_getgroups32 code


Reviewed-by: Michael Tokarev 

This can be applied to -trivial just fine, I think.  There's another
change in there already in exactly this area.

Thank you Peter!

/mjt

[PATCH] hw/i386/pc: Clean up pc_machine_initfn

[Suravee Suthikulpanit]

To use the newly introduced PC machine class local variable.

Suggedted-by: Igor Mammedov 
Signed-off-by: Suravee Suthikulpanit 
---
 hw/i386/pc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 33ffb03a32..f8d105e829 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1864,7 +1864,7 @@ static void pc_machine_initfn(Object *obj)
 pcms->smbios_entry_point_type = pcmc->default_smbios_ep_type;
 
 /* acpi build is enabled by default if machine supports it */
-pcms->acpi_build_enabled = PC_MACHINE_GET_CLASS(pcms)->has_acpi_build;
+pcms->acpi_build_enabled = pcmc->has_acpi_build;
 pcms->smbus_enabled = true;
 pcms->sata_enabled = true;
 pcms->i8042_enabled = true;
-- 
2.34.1

Re: [PATCH v6 1/2] hw/i386/pc: Default to use SMBIOS 3.0 for newer machine models

[Suthikulpanit, Suravee]

On 6/8/2023 3:40 PM, Igor Mammedov wrote:

On Wed, 7 Jun 2023 15:57:16 -0500
Suravee Suthikulpanit  wrote:


Currently, pc-q35 and pc-i44fx machine models are default to use SMBIOS 2.8
(32-bit entry point). Since SMBIOS 3.0 (64-bit entry point) is now fully
supported since QEMU 7.0, default to use SMBIOS 3.0 for newer machine
models. This is necessary to avoid the following message when launching
a VM with large number of vcpus.

"SMBIOS 2.1 table length 66822 exceeds 65535"

Signed-off-by: Suravee Suthikulpanit

Looks good to me (see comment below for extra cleanup possibility):

Reviewed-by: Igor Mammedov


---
  hw/i386/pc.c | 4 +++-
  hw/i386/pc_piix.c| 5 +
  hw/i386/pc_q35.c | 5 +
  include/hw/i386/pc.h | 1 +
  4 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index bb62c994fa..33ffb03a32 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1853,6 +1853,7 @@ static void pc_machine_set_max_fw_size(Object *obj, 
Visitor *v,
  static void pc_machine_initfn(Object *obj)
  {
  PCMachineState *pcms = PC_MACHINE(obj);
+PCMachineClass *pcmc = PC_MACHINE_GET_CLASS(pcms);

since you introduce this local,
I suggest you to post an extra clean up patch on top of this series

here is a line to cleanup with 'pcmc'

 /* acpi build is enabled by default if machine supports it */
 pcms->acpi_build_enabled = PC_MACHINE_GET_CLASS(pcms)->has_acpi_build;


Sure just sent out the "[PATCH] hw/i386/pc: Clean up pc_machine_initfn".

Thanks,
Suravee

[PATCH v2] linux-user: Return EINVAL for getgroups() with negative gidsetsize

[Peter Maydell]

Coverity doesn't like the way we might end up calling getgroups()
with a NULL grouplist pointer. This is fine for the special case
of gidsetsize == 0, but we will also do it if the guest passes
us a negative gidsetsize. (CID 1512465)

Explicitly fail the negative gidsetsize with EINVAL, as the kernel
does. This means we definitely only call the libc getgroups()
with valid parameters. It also brings the getgroups() code in
to line with the setgroups() code.

Possibly Coverity may still complain about getgroups(0, NULL), but
that would be a false positive.

Signed-off-by: Peter Maydell 
---
v2: also change TARGET_NR_getgroups32 code
---
 linux-user/syscall.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 83685f0aa59..bb29444ca7e 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -11676,7 +11676,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int 
num, abi_long arg1,
 g_autofree gid_t *grouplist = NULL;
 int i;
 
-if (gidsetsize > NGROUPS_MAX) {
+if (gidsetsize > NGROUPS_MAX || gidsetsize < 0) {
 return -TARGET_EINVAL;
 }
 if (gidsetsize > 0) {
@@ -12012,7 +12012,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int 
num, abi_long arg1,
 g_autofree gid_t *grouplist = NULL;
 int i;
 
-if (gidsetsize > NGROUPS_MAX) {
+if (gidsetsize > NGROUPS_MAX || gidsetsize < 0) {
 return -TARGET_EINVAL;
 }
 if (gidsetsize > 0) {
-- 
2.34.1

Re: arm: couple of finalize_memop related oddities

[Peter Maydell]

On Fri, 9 Jun 2023 at 17:03, Richard Henderson
 wrote:
>
> On 6/9/23 03:47, Peter Maydell wrote:
> > I noticed a couple of finalize_memop related oddities while I
> > was rebasing my decodetree series:
> >
> > (1) in disas_ldst_reg_imm9(), we calculate a memop, but then
> > when we call gen_mte_check1_mmuidx() we don't pass the memop
> > as that function's memop argument, we just pass size. Everywhere
> > else that calls gen_mte_check* functions passes memop. Intentional?
>
> No, looks like a bug.
>
> > (2) disas_ldst_reg_roffset() and disas_ldst_reg_unsigned_imm()
> > use finalize_memop() for both vector and normal register
> > loads/stores. Should they be using finalize_memop_asimd()
> > for the vector versions?
> >
> > (3) disas_ldst_multiple_struct() and disas_ldst_single_struct()
> > use finalize_memop() even though they always load/store
> > vector registers. Should they be using finalize_memop_asimd() ?
>
> Yes.
>
> Everywhere that uses CreateAccDescASIMD in the pseudocode should use 
> finalize_memop_asimd
> for clarity.  (If size is never 128-bit then it will be same as just 
> finalize_memop, so
> some of those places were not actual bugs.  But definitely unclear.)

OK, thanks. The rebase of my decodetree patches for ld/st
turned out hairy enough that I think I'll resend a v2 of
that, so I'll add in some patches at the start that fix
these finalize_memop bits before the conversion.

-- PMM

Re: arm: couple of finalize_memop related oddities

[Richard Henderson]

On 6/9/23 03:47, Peter Maydell wrote:

I noticed a couple of finalize_memop related oddities while I
was rebasing my decodetree series:

(1) in disas_ldst_reg_imm9(), we calculate a memop, but then
when we call gen_mte_check1_mmuidx() we don't pass the memop
as that function's memop argument, we just pass size. Everywhere
else that calls gen_mte_check* functions passes memop. Intentional?


No, looks like a bug.


(2) disas_ldst_reg_roffset() and disas_ldst_reg_unsigned_imm()
use finalize_memop() for both vector and normal register
loads/stores. Should they be using finalize_memop_asimd()
for the vector versions?

(3) disas_ldst_multiple_struct() and disas_ldst_single_struct()
use finalize_memop() even though they always load/store
vector registers. Should they be using finalize_memop_asimd() ?


Yes.

Everywhere that uses CreateAccDescASIMD in the pseudocode should use finalize_memop_asimd 
for clarity.  (If size is never 128-bit then it will be same as just finalize_memop, so 
some of those places were not actual bugs.  But definitely unclear.)



r~

Re: [PATCH v4 0/1] ROM migration

[Michael S. Tsirkin]

This is tagged, pull request will be delayed due to kvm forum though.

On Fri, Jun 09, 2023 at 04:32:40PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> ping.
> 
> On 22.05.23 23:17, Vladimir Sementsov-Ogievskiy wrote:
> > v4:
> > preparation patches are already merged to master
> > 01: fix false-positive "error: ‘size’ may be used uninitialized",
> >  keep r-bs
> > 
> > Vladimir Sementsov-Ogievskiy (1):
> >pci: ROM preallocation for incoming migration
> > 
> >   hw/pci/pci.c | 79 ++--
> >   1 file changed, 46 insertions(+), 33 deletions(-)
> > 
> 
> -- 
> Best regards,
> Vladimir

[PATCH] target/arm: Return correct result for LDG when ATA=0

[Peter Maydell]

The LDG instruction loads the tag from a memory address (identified
by [Xn + offset]), and then merges that tag into the destination
register Xt. We implemented this correctly for the case when
allocation tags are enabled, but didn't get it right when ATA=0:
instead of merging the tag bits into Xt, we merged them into the
memory address [Xn + offset] and then set Xt to that.

Merge the tag bits into the old Xt value, as they should be.

Cc: qemu-sta...@nongnu.org
Fixes: c15294c1e36a7dd9b25 ("target/arm: Implement LDG, STG, ST2G instructions")
Signed-off-by: Peter Maydell 
---
Spotted this while I was doing decodetree conversion stuff.
I guess nobody runs with MTE available but not turned on :-)
---
 target/arm/tcg/translate-a64.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c
index aa93f37e216..9ead91a450b 100644
--- a/target/arm/tcg/translate-a64.c
+++ b/target/arm/tcg/translate-a64.c
@@ -4187,9 +4187,13 @@ static void disas_ldst_tag(DisasContext *s, uint32_t 
insn)
 if (s->ata) {
 gen_helper_ldg(tcg_rt, cpu_env, addr, tcg_rt);
 } else {
+/*
+ * Tag access disabled: we must check for aborts on the load
+ * load from [rn+offset], and then insert a 0 tag into rt.
+ */
 clean_addr = clean_data_tbi(s, addr);
 gen_probe_access(s, clean_addr, MMU_DATA_LOAD, MO_8);
-gen_address_with_allocation_tag0(tcg_rt, addr);
+gen_address_with_allocation_tag0(tcg_rt, tcg_rt);
 }
 } else {
 tcg_rt = cpu_reg_sp(s, rt);
-- 
2.34.1

Re: [PATCH v14 08/10] Adding info [tb-list|tb] commands to HMP (WIP)

[Peter Maydell]

On Fri, 9 Jun 2023 at 15:32, Wu, Fei  wrote:
>
> On 6/8/2023 5:23 PM, Peter Maydell wrote:
> > On Thu, 8 Jun 2023 at 08:44, Wu, Fei  wrote:
> >> Is there any existing function to convert ram_addr_t to guest pa?
> >
> > Such a function would not be well-defined, because a block of RAM
> > as specified by a ram_addr_t could be present at (aliased to) multiple
> > guest physical addresses, or even currently not mapped to any guest
> > physical address at all. And it could be present at different physical
> > addresses for different vCPUs.
> >
> Thank you, Peter. What's the scenario of the last different physical
> addresses for different vCPUs?

You can have a board with two different CPUs, where one of them
has a RAM MemoryRegion that it puts at address A in its address
space, and the other puts it at address B. This is most likely
with 'heterogenous' configurations where you have an application
processor A and a board-support processor B. (I don't know if
we actually have any board models like that currently, but it's
logically possible.)

> For this specific case, I found I don't have to convert ram_addr_t to
> gpa, the real requirement is converting ram_addr_t to hva, this one
> seems well defined using qemu_map_ram_ptr(0, ram_addr) ?

That does work for ram_addr_t to hva, but
but note the warning on the comment above that function:
you need to be in an RCU critical section to avoid some other
thread coming along and de-allocating the RAM under your feet.

(Also it's tempting to remove that support for passing in 0
as the RAMBlock, because every other use in the codebase seems
to pass in a RAMBlock pointer.)

thanks
-- PMM

[PATCH v3 0/8] misc AHCI cleanups

[Niklas Cassel]

From: Niklas Cassel 

Hello John,

Here comes some misc AHCI cleanups.

Most are related to error handling.

Please review.

Changes since v2:
-Squashed in the test commits that were sent out as a separate series into
 the patch "hw/ide/ahci: PxCI should not get cleared when ERR_STAT is set",
 and reordered some of the patches, such that each and every commit passes
 the ahci test suite as a separate unit. This way it will be possible to
 perform a git bisect without seeing any failures in the ahci test suite.


Kind regards,
Niklas

Niklas Cassel (8):
  hw/ide/ahci: remove stray backslash
  hw/ide/core: set ERR_STAT in unsupported command completion
  hw/ide/ahci: write D2H FIS when processing NCQ command
  hw/ide/ahci: simplify and document PxCI handling
  hw/ide/ahci: PxSACT and PxCI is cleared when PxCMD.ST is cleared
  hw/ide/ahci: PxCI should not get cleared when ERR_STAT is set
  hw/ide/ahci: fix ahci_write_fis_sdb()
  hw/ide/ahci: fix broken SError handling

 hw/ide/ahci.c | 112 +++---
 hw/ide/core.c |   2 +-
 tests/qtest/libqos/ahci.c | 106 +++-
 tests/qtest/libqos/ahci.h |   8 +--
 4 files changed, 164 insertions(+), 64 deletions(-)

-- 
2.40.1

Re: [PATCH 0/4] hw/nvme: tp4146 misc

[Jesper Devantier]

On Wed, May 24, 2023 at 01:19:00PM +0200, Klaus Jensen wrote:
> From: Klaus Jensen 
> 
> A set of fixes and small quality-of-life improvements for the TP4146
> ("Flexible Data Placement") support.
> 
> Klaus Jensen (4):
>   hw/nvme: fix verification of number of ruhis
>   hw/nvme: verify uniqueness of reclaim unit handle identifiers
>   hw/nvme: add placement handle list ranges
>   docs: update hw/nvme documentation for TP4146
> 
>  docs/system/devices/nvme.rst | 37 +++-
>  hw/nvme/ns.c | 55 
>  hw/nvme/subsys.c |  6 ++--
>  3 files changed, 84 insertions(+), 14 deletions(-)
> 
> -- 
> 2.40.0
> 
> 

Looks good to me :)

Reviewed-by: Jesper Wendel Devantier 

[PATCH] 9pfs: deprecate 'proxy' backend

[Christian Schoenebeck]

As recent CVE-2023-2861 once again showed, the 9p 'proxy' fs driver is in
bad shape. Using the 'proxy' backend was already discouraged for safety
reasons before and we recommended to use the 'local' backend instead,
but now it is time to officially deprecate the 'proxy' backend.

Signed-off-by: Christian Schoenebeck 
---
 MAINTAINERS   |  7 +++
 docs/about/deprecated.rst | 17 +
 fsdev/qemu-fsdev.c|  5 +
 meson.build   |  2 +-
 softmmu/vl.c  |  5 +
 5 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 436b3f0afe..185d694b2e 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2118,13 +2118,20 @@ S: Odd Fixes
 W: https://wiki.qemu.org/Documentation/9p
 F: hw/9pfs/
 X: hw/9pfs/xen-9p*
+X: hw/9pfs/9p-proxy*
 F: fsdev/
+X: fsdev/virtfs-proxy-helper.c
 F: docs/tools/virtfs-proxy-helper.rst
 F: tests/qtest/virtio-9p-test.c
 F: tests/qtest/libqos/virtio-9p*
 T: git https://gitlab.com/gkurz/qemu.git 9p-next
 T: git https://github.com/cschoenebeck/qemu.git 9p.next
 
+virtio-9p-proxy
+F: hw/9pfs/9p-proxy*
+F: fsdev/virtfs-proxy-helper.c
+S: Obsolete
+
 virtio-blk
 M: Stefan Hajnoczi 
 L: qemu-bl...@nongnu.org
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 0743459862..9b2c780365 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -343,6 +343,23 @@ the addition of volatile memory support, it is now 
necessary to distinguish
 between persistent and volatile memory backends.  As such, memdev is deprecated
 in favor of persistent-memdev.
 
+``-fsdev proxy`` and ``-virtfs proxy`` (since 8.1)
+^^
+
+The 9p ``proxy`` filesystem backend driver has been deprecated and will be
+removed in a future version of QEMU. Please use ``-fsdev local`` or
+``-virtfs local`` for using the ``local`` 9p filesystem backend instead.
+
+The 9p ``proxy`` backend was originally developed as an alternative to the 9p
+``local`` backend. The idea was to enhance security by dispatching actual low
+level filesystem operations from 9p server (QEMU process) over to a separate
+process (the virtfs-proxy-helper binary). However this alternative never gained
+momentum. The proxy backend is much slower than the local backend, hasn't seen
+any development in years, and showed to be less secure, especially due to the
+fact that its helper daemon must be run as root, whereas with the local backend
+QEMU is typically run as unprivileged user and allows to tighten behaviour by
+mapping permissions et al.
+
 
 Block device options
 
diff --git a/fsdev/qemu-fsdev.c b/fsdev/qemu-fsdev.c
index 3da64e9f72..242f54ab49 100644
--- a/fsdev/qemu-fsdev.c
+++ b/fsdev/qemu-fsdev.c
@@ -133,6 +133,11 @@ int qemu_fsdev_add(QemuOpts *opts, Error **errp)
 }
 
 if (fsdriver) {
+if (strncmp(fsdriver, "proxy", 5) == 0) {
+warn_report("'-fsdev proxy' is deprecated, use '-fsdev local' "
+"instead");
+}
+
 for (i = 0; i < ARRAY_SIZE(FsDrivers); i++) {
 if (strcmp(FsDrivers[i].name, fsdriver) == 0) {
 break;
diff --git a/meson.build b/meson.build
index 34306a6205..05c01b72bb 100644
--- a/meson.build
+++ b/meson.build
@@ -4170,7 +4170,7 @@ if have_block
   summary_info += {'Block whitelist (ro)': 
get_option('block_drv_ro_whitelist')}
   summary_info += {'Use block whitelist in tools': 
get_option('block_drv_whitelist_in_tools')}
   summary_info += {'VirtFS (9P) support':have_virtfs}
-  summary_info += {'VirtFS (9P) Proxy Helper support': 
have_virtfs_proxy_helper}
+  summary_info += {'VirtFS (9P) Proxy Helper support (deprecated)': 
have_virtfs_proxy_helper}
   summary_info += {'Live block migration': 
config_host_data.get('CONFIG_LIVE_BLOCK_MIGRATION')}
   summary_info += {'replication support': 
config_host_data.get('CONFIG_REPLICATION')}
   summary_info += {'bochs support': get_option('bochs').allowed()}
diff --git a/softmmu/vl.c b/softmmu/vl.c
index b0b96f67fa..e60648b591 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -3102,6 +3102,11 @@ void qemu_init(int argc, char **argv)
 error_report("Usage: -virtfs fsdriver,mount_tag=tag");
 exit(1);
 }
+if (strncmp(qemu_opt_get(opts, "fsdriver"), "proxy", 5) == 0) {
+warn_report("'-virtfs proxy' is deprecated, use "
+"'-virtfs local' instead");
+}
+
 fsdev = qemu_opts_create(qemu_find_opts("fsdev"),
  qemu_opts_id(opts) ?:
  qemu_opt_get(opts, "mount_tag"),
-- 
2.30.2

Re: [EXT] Re: Concept of LD-ID in QEMU

[Jonathan Cameron via]

On Thu, 8 Jun 2023 23:38:34 +
Shesha Bhushan Sreenivasamurthy  wrote:

> Hi,
> 
> Thinking a bit more, LD in CXL are PCIe endpoint functions. Therefore 1-1 
> mapping of cxl-i2c device per PCIe device is sufficient, and we use function 
> number in BDF as the LD-ID. Does it makes sense ?

LDs are PCIe endpoint functions (always function 0) as seen from the Virtual
Heirarchies (as they end up under a particular vPBB - which look like a
downstream port of a switch to the host) but they aren't from a more general
topology point of view of actual fabric topology and when we are tunneling we
address them via physical port, not virtual port I think (not read that bit
of the spec for a while). See figure 7-23 in CXL 3.0

Outer tunneling command targets a port number (unwrapped at the switch),
inner one targets the LD - unwrapped at the MLD and sent to appropriate LD
including FM owned LD (if I understand this stack directly).

Also no relationship between BDF and LD-ID so don't do that as the maximum
ID is only 16 which would rather limit your PCI toplogies if that's the BDF as
well.

For now just do what you originally said and add an ID (starting from 0).
We can probably do that automatically once more infrastructure is in place.

Jonathan


> 
> From: Jonathan Cameron 
> Sent: Thursday, June 8, 2023 3:36 AM
> To: Shesha Bhushan Sreenivasamurthy 
> Cc: linux-...@vger.kernel.org ; 
> <"qemu-devel@nongnu.org" 
> Subject: [EXT] Re: Concept of LD-ID in QEMU 
>  
> External Email
> 
> --
> 
> Shesha,
> 
> You've sent an email with the 'In-reply-to' set to one of Terry's patches.
> Please check why that happened and make sure you don't do that in future as
> it hides your unrelated thread in email clients and the archives!
> 
> See
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lore.kernel.org_linux-2Dcxl_20230607221651.2454764-2D1-2Dterry.bowman-40amd.com_T_-23t&d=DwIFAw&c=nKjWec2b6R0mOyPaz7xtfQ&r=Zta64bwn4nurTRpD4LY2OGr8KklkMRPn7Z_Qy0o4unU&m=ZMaAF9tkNCKfk8gYXMiPERZeIhavaQ7MdKtqCbShRF6w5ISrgHqAl6XDOONYbprZ&s=ERVX40JlAgnvRvPLm8sYZalsYDbpUU7YAqI0Ol0faPI&e=
>   
> for example
> 
> ss - Apologies. Will be careful.
> 
> Jonathan
> 
> On Thu, 8 Jun 2023 11:31:53 +0100
> Jonathan Cameron  wrote:
> 
> > On Wed, 7 Jun 2023 23:01:11 +
> > Shesha Bhushan Sreenivasamurthy  wrote:
> >   
> > > Hi,
> > > For DCD sideband there needs to be LD-ID. Is the following approach 
> > > acceptable?    
> > 
> > QEMU question so +CC qemu-devel
> >   
> > > 
> > >  -device 
> > > cxl-type3,bus=swport0,volatile-memdev=vmem0,dc-memdev=vmem1,id=cxl-vmem0,num-dc-regions=2,ldid=0
> > >  \
> > >  -device 
> > > cxl-type3,bus=swport0,volatile-memdev=vmem1,dc-memdev=vmem2,id=cxl-vmem1,num-dc-regions=2,ldid=1
> > >  \    
> > 
> > Those will be PCI functions at this level so you can't do this until we 
> > have more advanced switch support
> > (it has to know about multiple VHs - right now we only support fixed config 
> > switches).  You could connect them
> > to different switch ports - effectively that will be what it looks like 
> > when we do emulate a configurable switch.
> >   
> > >  -device 
> > > i2c_mctp_cxl,bus=aspeed.i2c.bus.0,address=24,target=cxl-vmem0,cxl-vmem1")
> > > 
> > > With this configuration, the same i2c device is handing both LDs and in 
> > > FMAPI commands we use the LDID specified above.    
> > 
> > This effectively becomes a partial implementation of either an MLD or an 
> > MH-SLD
> > To manage the actual memory access, those will almost certainly need a 
> > bunch of other shared
> > infrastructure.  So I'd ultimately expect the i2c_mctp_cxl device to target 
> > whatever
> > device represents that shared infrastructure - it might be a separate 
> > device or a 'lead' type 3 device.
> > 
> > So I'm not sure how this will fit together longer term.  We need same 
> > infrastructure
> > to work for a mailbox CCI on a MH-SLD/MLD as well and in that case there 
> > isn't a separate
> > device to which we can provide multiple targets as you've done in your 
> > proposal here.
> > 
> > So I think we need to work out how to handle all of (I've probably 
> > forgotten something)
> > X marks done or in progress.
> > 
> > X 1) i2c_mctp_cxl to an SLD (no PCI Mailbox definition for this one)
> >   2) i2c_mctp_cxl directly to an MLD (your case)
> > X 3) i2c_mctp_cxl to a fixed config switch (single fixed VH no MLD capable 
> > ports)
> > X 4) PCI mailbox via switch CCI device that fixed config switch (no MLD 
> > capable ports)
> >    Even with this simple design some fun things you can do.
> >   5) i2c_mctp_cxl to a configurable switch (probably a separate as yet to 
> >be defined management interface - that messes with hotplug)
> >   6) PCI mailbox via switch CCI to configurable switch (again to defined 
> >management interface).
> >   7) i2c_mctp_cxl to an MH-SLD - probably to which ever device also has 
> >support for
> >  tunneling to 

[PATCH v3 2/8] hw/ide/core: set ERR_STAT in unsupported command completion

[Niklas Cassel]

From: Niklas Cassel 

Currently, the first time sending an unsupported command
(e.g. READ LOG DMA EXT) will not have ERR_STAT set in the completion.
Sending the unsupported command again, will correctly have ERR_STAT set.

When ide_cmd_permitted() returns false, it calls ide_abort_command().
ide_abort_command() first calls ide_transfer_stop(), which will call
ide_transfer_halt() and ide_cmd_done(), after that ide_abort_command()
sets ERR_STAT in status.

ide_cmd_done() for AHCI will call ahci_write_fis_d2h() which writes the
current status in the FIS, and raises an IRQ. (The status here will not
have ERR_STAT set!).

Thus, we cannot call ide_transfer_stop() before setting ERR_STAT, as
ide_transfer_stop() will result in the FIS being written and an IRQ
being raised.

The reason why it works the second time, is that ERR_STAT will still
be set from the previous command, so when writing the FIS, the
completion will correctly have ERR_STAT set.

Set ERR_STAT before writing the FIS (calling cmd_done), so that we will
raise an error IRQ correctly when receiving an unsupported command.

Signed-off-by: Niklas Cassel 
---
 hw/ide/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index de48ff9f86..07971c0218 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -533,9 +533,9 @@ BlockAIOCB *ide_issue_trim(
 
 void ide_abort_command(IDEState *s)
 {
-ide_transfer_stop(s);
 s->status = READY_STAT | ERR_STAT;
 s->error = ABRT_ERR;
+ide_transfer_stop(s);
 }
 
 static void ide_set_retry(IDEState *s)
-- 
2.40.1

Re: Reducing vdpa migration downtime because of memory pin / maps

[Eugenio Perez Martin]

On Fri, Jun 9, 2023 at 12:39 AM Si-Wei Liu  wrote:
>
>
> On 6/7/23 01:08, Eugenio Perez Martin wrote:
> > On Wed, Jun 7, 2023 at 12:43 AM Si-Wei Liu  wrote:
> >> Sorry for reviving this old thread, I lost the best timing to follow up
> >> on this while I was on vacation. I have been working on this and found
> >> out some discrepancy, please see below.
> >>
> >> On 4/5/23 04:37, Eugenio Perez Martin wrote:
> >>> Hi!
> >>>
> >>> As mentioned in the last upstream virtio-networking meeting, one of
> >>> the factors that adds more downtime to migration is the handling of
> >>> the guest memory (pin, map, etc). At this moment this handling is
> >>> bound to the virtio life cycle (DRIVER_OK, RESET). In that sense, the
> >>> destination device waits until all the guest memory / state is
> >>> migrated to start pinning all the memory.
> >>>
> >>> The proposal is to bind it to the char device life cycle (open vs
> >>> close),
> >> Hmmm, really? If it's the life cycle for char device, the next guest /
> >> qemu launch on the same vhost-vdpa device node won't make it work.
> >>
> > Maybe my sentence was not accurate, but I think we're on the same page here.
> >
> > Two qemu instances opening the same char device at the same time are
> > not allowed, and vhost_vdpa_release clean all the maps. So the next
> > qemu that opens the char device should see a clean device anyway.
>
> I mean the pin can't be done at the time of char device open, where the
> user address space is not known/bound yet. The earliest point possible
> for pinning would be until the vhost_attach_mm() call from SET_OWNER is
> done.

Maybe we are deviating, let me start again.

Using QEMU code, what I'm proposing is to modify the lifecycle of the
.listener member of struct vhost_vdpa.

At this moment, the memory listener is registered at
vhost_vdpa_dev_start(dev, started=true) call for the last vhost_dev,
and is unregistered in both vhost_vdpa_reset_status and
vhost_vdpa_cleanup.

My original proposal was just to move the memory listener registration
to the last vhost_vdpa_init, and remove the unregister from
vhost_vdpa_reset_status. The calls to vhost_vdpa_dma_map/unmap would
be the same, the device should not realize this change.

One of the concerns was that it could delay VM initialization, and I
didn't profile it but I think that may be the case. I'm not sure about
the right fix but I think the change is easy to profile. If that is
the case, we could:
* use a flag (listener->address_space ?) and only register the
listener in _init if waiting for a migration, do it in _start
otherwise.
* something like io_uring, where the map can be done in parallel and
we can fail _start if some of them fails.

> Actually I think the counterpart vhost_detach_mm() only gets
> handled in vhost_vdpa_release() at device close time is a resulting
> artifact and amiss of today's vhost protocol - the opposite RESET_OWNER
> call is not made mandatory hence only seen implemented in vhost-net
> device today. One qemu instance could well exec(3) another new qemu
> instance to live upgrade itself while keeping all emulated devices and
> guest alive. The current vhost design simply prohibits this from happening.
>

Ok, I was not aware of this. Thanks for explaining it!

>
> >
> >>>so all the guest memory can be pinned for all the guest / qemu
> >>> lifecycle.
> >> I think to tie pinning to guest / qemu process life cycle makes more
> >> sense. Essentially this pinning part needs to be decoupled from the
> >> iotlb mapping abstraction layer, and can / should work as a standalone
> >> uAPI. Such that QEMU at the destination may launch and pin all guest's
> >> memory as needed without having to start the device, while awaiting any
> >> incoming migration request. Though problem is, there's no existing vhost
> >> uAPI that could properly serve as the vehicle for that. SET_OWNER /
> >> SET_MEM_TABLE / RESET_OWNER seems a remote fit.. Any objection against
> >> introducing a new but clean vhost uAPI for pinning guest pages, subject
> >> to guest's life cycle?
> >>
> > I think that to pin or not pin memory maps should be a kernel
> > decision, not to be driven by qemu.
>
> It's kernel decision for sure. I am with this part.
>
> > I'm not against it if needed, but
> > let me know if the current "clean at close" address your concerns.
>
> To better facilitate QEMU exec (live update) case, I propose we add new
> vhost uAPI pair for explicit pinning request - which would live with
> user mm's, or more precisely qemu instance's lifecycle.
>

Ok I see your problem better now, but I think it should be solved at
kernel level. Does that live update need to forcefully unpin and pin
the memory again, or that is just a consequence of how it works the
memory listener right now?

Why not extend the RESET_OWNER to the rest of devices? It seems the
most natural way to me.

Thanks!


> >
> >> Another concern is the use_va stuff, originally it tags to the device
> >> level and is made static at t

[PATCH v3 4/8] hw/ide/ahci: simplify and document PxCI handling

[Niklas Cassel]

From: Niklas Cassel 

The AHCI spec states that:
For NCQ, PxCI is cleared on command queued successfully.

For non-NCQ, PxCI is cleared on command completed successfully.
(A non-NCQ command that completes with error does not clear PxCI.)

The current QEMU implementation either clears PxCI in check_cmd(),
or in ahci_cmd_done().

check_cmd() will clear PxCI for a command if handle_cmd() returns 0.
handle_cmd() will return -1 if BUSY or DRQ is set.

The QEMU implementation for NCQ commands will currently not set BUSY
or DRQ, so they will always have PxCI cleared by handle_cmd().
ahci_cmd_done() will never even get called for NCQ commands.

Non-NCQ commands are executed by ide_bus_exec_cmd().
Non-NCQ commands in QEMU are implemented either in a sync or in an async
way.

For non-NCQ commands implemented in a sync way, the command handler will
return true, and when ide_bus_exec_cmd() sees that a command handler
returns true, it will call ide_cmd_done() (which will call
ahci_cmd_done()). For a command implemented in a sync way,
ahci_cmd_done() will do nothing (since busy_slot is not set). Instead,
after ide_bus_exec_cmd() has finished, check_cmd() will clear PxCI for
these commands.

For non-NCQ commands implemented in an async way (using either aiocb or
pio_aiocb), the command handler will return false, ide_bus_exec_cmd()
will not call ide_cmd_done(), instead it is expected that the async
callback function will call ide_cmd_done() once the async command is
done. handle_cmd() will set busy_slot, if and only if BUSY or DRQ is
set, and this is checked _after_ ide_bus_exec_cmd() has returned.
handle_cmd() will return -1, so check_cmd() will not clear PxCI.
When the async callback calls ide_cmd_done() (which will call
ahci_cmd_done()), it will see that busy_slot is set, and
ahci_cmd_done() will clear PxCI.

This seems racy, since busy_slot is set _after_ ide_bus_exec_cmd() has
returned. The callback might come before busy_slot gets set. And it is
quite confusing that ahci_cmd_done() will be called for all non-NCQ
commands when the command is done, but will only clear PxCI in certain
cases, even though it will always write a D2H FIS and raise an IRQ.

Even worse, in the case where ahci_cmd_done() does not clear PxCI, it
still raises an IRQ. Host software might thus read an old PxCI value,
since PxCI is cleared (by check_cmd()) after the IRQ has been raised.

Try to simplify this by always setting busy_slot for non-NCQ commands,
such that ahci_cmd_done() will always be responsible for clearing PxCI
for non-NCQ commands.

For NCQ commands, clear PxCI when we receive the D2H FIS, but before
raising the IRQ, see AHCI 1.3.1, section 5.3.8, states RegFIS:Entry and
RegFIS:ClearCI.

Signed-off-by: Niklas Cassel 
---
 hw/ide/ahci.c | 70 ---
 1 file changed, 50 insertions(+), 20 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 4b272397fd..3deaf01add 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -41,9 +41,10 @@
 #include "trace.h"
 
 static void check_cmd(AHCIState *s, int port);
-static int handle_cmd(AHCIState *s, int port, uint8_t slot);
+static void handle_cmd(AHCIState *s, int port, uint8_t slot);
 static void ahci_reset_port(AHCIState *s, int port);
 static bool ahci_write_fis_d2h(AHCIDevice *ad, bool d2h_fis_i);
+static void ahci_clear_cmd_issue(AHCIDevice *ad, uint8_t slot);
 static void ahci_init_d2h(AHCIDevice *ad);
 static int ahci_dma_prepare_buf(const IDEDMA *dma, int32_t limit);
 static bool ahci_map_clb_address(AHCIDevice *ad);
@@ -591,9 +592,8 @@ static void check_cmd(AHCIState *s, int port)
 
 if ((pr->cmd & PORT_CMD_START) && pr->cmd_issue) {
 for (slot = 0; (slot < 32) && pr->cmd_issue; slot++) {
-if ((pr->cmd_issue & (1U << slot)) &&
-!handle_cmd(s, port, slot)) {
-pr->cmd_issue &= ~(1U << slot);
+if (pr->cmd_issue & (1U << slot)) {
+handle_cmd(s, port, slot);
 }
 }
 }
@@ -1123,6 +1123,22 @@ static void process_ncq_command(AHCIState *s, int port, 
const uint8_t *cmd_fis,
 return;
 }
 
+/*
+ * A NCQ command clears the bit in PxCI after the command has been QUEUED
+ * successfully (ERROR not set, BUSY and DRQ cleared).
+ *
+ * For NCQ commands, PxCI will always be cleared here.
+ *
+ * (Once the NCQ command is COMPLETED, the device will send a SDB FIS with
+ * the interrupt bit set, which will clear PxSACT and raise an interrupt.)
+ */
+ahci_clear_cmd_issue(ad, slot);
+
+/*
+ * In reality, for NCQ commands, PxCI is cleared after receiving a D2H FIS
+ * without the interrupt bit set, but since ahci_write_fis_d2h() can raise
+ * an IRQ on error, we need to call them in reverse order.
+ */
 ahci_write_fis_d2h(ad, false);
 
 ncq_tfs->used = 1;
@@ -1197,6 +1213,7 @@ static void handle_reg_h2d_fis(AHCIState *s, int port,
 {
 IDEState *ide_state = &s->dev[port].por

[PATCH v3 7/8] hw/ide/ahci: fix ahci_write_fis_sdb()

[Niklas Cassel]

From: Niklas Cassel 

When there is an error, we need to raise a TFES error irq, see AHCI 1.3.1,
5.3.13.1 SDB:Entry.

If ERR_STAT is set, we jump to state ERR:FatalTaskfile, which will raise
a TFES IRQ unconditionally, regardless if the I bit is set in the FIS or
not.

Thus, we should never raise a normal IRQ after having sent an error IRQ.

It is valid to signal successfully completed commands as finished in the
same SDB FIS that generates the error IRQ. The important thing is that
commands that did not complete successfully (e.g. commands that were
aborted, do not get the finished bit set).

Before this commit, there was never a TFES IRQ raised on NCQ error.

Signed-off-by: Niklas Cassel 
---
 hw/ide/ahci.c | 10 --
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 12aaadc554..ef6c9fc378 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -806,8 +806,14 @@ static void ahci_write_fis_sdb(AHCIState *s, 
NCQTransferState *ncq_tfs)
 pr->scr_act &= ~ad->finished;
 ad->finished = 0;
 
-/* Trigger IRQ if interrupt bit is set (which currently, it always is) */
-if (sdb_fis->flags & 0x40) {
+/*
+ * TFES IRQ is always raised if ERR_STAT is set, regardless of I bit.
+ * If ERR_STAT is not set, trigger SDBS IRQ if interrupt bit is set
+ * (which currently, it always is).
+ */
+if (sdb_fis->status & ERR_STAT) {
+ahci_trigger_irq(s, ad, AHCI_PORT_IRQ_BIT_TFES);
+} else if (sdb_fis->flags & 0x40) {
 ahci_trigger_irq(s, ad, AHCI_PORT_IRQ_BIT_SDBS);
 }
 }
-- 
2.40.1

Re: [PATCH v3 4/5] intel_iommu: Fix address space unmap

[Peter Xu]

On Fri, Jun 09, 2023 at 03:31:46AM +, Duan, Zhenzhong wrote:
> 
> 
> >-Original Message-
> >From: Peter Xu 
> >Sent: Thursday, June 8, 2023 9:48 PM
> >To: Duan, Zhenzhong 
> >Cc: qemu-devel@nongnu.org; m...@redhat.com; jasow...@redhat.com;
> >pbonz...@redhat.com; richard.hender...@linaro.org; edua...@habkost.net;
> >marcel.apfelb...@gmail.com; alex.william...@redhat.com;
> >c...@redhat.com; da...@redhat.com; phi...@linaro.org;
> >kwankh...@nvidia.com; c...@nvidia.com; Liu, Yi L ; Peng,
> >Chao P 
> >Subject: Re: [PATCH v3 4/5] intel_iommu: Fix address space unmap
> >
> >On Thu, Jun 08, 2023 at 05:52:30PM +0800, Zhenzhong Duan wrote:
> >> During address space unmap, corresponding IOVA tree entries are also
> >> removed. But DMAMap is set beyond notifier's scope by 1, so in theory
> >> there is possibility to remove a continuous entry above the notifier's
> >> scope but falling in adjacent notifier's scope.
> >
> >This function is only called in "loop over all notifiers" case (or replay() 
> >that just
> >got removed, but even so there'll be only 1 notifier normally iiuc at least 
> >for
> >vt-d), hopefully it means no bug exist (no Fixes needed, no backport needed
> >either), but still worth fixing it up.
> 
> Not two notifiers as vtd-ir splits for vt-d?

The two notifiers will all be attached to the same IOMMU mr, so
IOMMU_NOTIFIER_FOREACH() will loop over them all always?

And this actually shouldn't matter, IMHO, as the IR split has the
0xfeeX hole only, so when notifying with end=0xfee0 (comparing to
end=0xfedf) it shouldn't make a difference iiuc because there should
have no iova entry at 0xfee0 anyway in the tree.

-- 
Peter Xu

Re: [PATCH] build: further refine build.ninja rules

[Philippe Mathieu-Daudé]

On 8/6/23 15:43, Paolo Bonzini wrote:

In commit b0fcc6fc7fc1 ("build: rebuild build.ninja using
"meson setup --reconfigure"", 2023-05-19) I changed the build.ninja
rule in the Makefile to use "meson setup" so that the Makefile would
pick up a changed path to the meson binary.

However, there was a reason why build.ninja was rebuilt using $(NINJA)
itself.  Namely, ninja has its own cache of file modification times,
and if it does not know about the modification that was done outside
its control, it will *also* try to regenerate build.ninja.  This can be
simply by running "make" on a fresh tree immediately after "configure";
that will trigger an unnecessary meson run.

So, apply a refinement to the rule in order to cover both cases:

- track the meson binary that was used (and that is embedded in
   build.ninja's reconfigure rules); to do this, write build.ninja.stamp
   right after executing meson successfully

- if it changed, force usage of "$(MESON) setup --reconfigure" to
   update the path in the reconfigure rule

- if it didn't change, use "$(NINJA) build.ninja" just like before
   commit b0fcc6fc7fc1.

Reported-by: Mark Cave-Ayland 
Signed-off-by: Paolo Bonzini 
---
  Makefile  | 17 +
  configure |  1 +
  2 files changed, 14 insertions(+), 4 deletions(-)


Tested-by: Philippe Mathieu-Daudé 

[PATCH v2 2/2] qmp: update virtio feature maps, vhost-user-gpio instrospection

[Jonah Palmer]

Add new virtio transport feature to transport feature map:
 - VIRTIO_F_RING_RESET

Add new vhost-user protocol feature to vhost-user protocol feature map
and enumeration:
 - VHOST_USER_PROTOCOL_F_STATUS

Add new virtio device features for several virtio devices to their
respective feature mappings:

virtio-blk:
 - VIRTIO_BLK_F_SECURE_ERASE

virtio-net:
 - VIRTIO_NET_F_NOTF_COAL
 - VIRTIO_NET_F_GUEST_USO4
 - VIRTIO_NET_F_GUEST_USO6
 - VIRTIO_NET_F_HOST_USO

virtio/vhost-user-gpio:
 - VIRTIO_GPIO_F_IRQ
 - VHOST_F_LOG_ALL
 - VHOST_USER_F_PROTOCOL_FEATURES

virtio-bt:
 - VIRTIO_BT_F_VND_HCI
 - VIRTIO_BT_F_MSFT_EXT
 - VIRTIO_BT_F_AOSP_EXT
 - VIRTIO_BT_F_CONFIG_V2

virtio-scmi:
 - VIRTIO_SCMI_F_P2A_CHANNELS
 - VIRTIO_SCMI_F_SHARED_MEMORY

Add support for introspection on vhost-user-gpio devices.

Signed-off-by: Jonah Palmer 
---
 hw/virtio/vhost-user-gpio.c |  7 
 hw/virtio/virtio-qmp.c  | 79 +++--
 2 files changed, 83 insertions(+), 3 deletions(-)

diff --git a/hw/virtio/vhost-user-gpio.c b/hw/virtio/vhost-user-gpio.c
index d6927b610a..e88ca5370f 100644
--- a/hw/virtio/vhost-user-gpio.c
+++ b/hw/virtio/vhost-user-gpio.c
@@ -205,6 +205,12 @@ static void vu_gpio_guest_notifier_mask(VirtIODevice 
*vdev, int idx, bool mask)
 vhost_virtqueue_mask(&gpio->vhost_dev, vdev, idx, mask);
 }
 
+static struct vhost_dev *vu_gpio_get_vhost(VirtIODevice *vdev)
+{
+VHostUserGPIO *gpio = VHOST_USER_GPIO(vdev);
+return &gpio->vhost_dev;
+}
+
 static void do_vhost_user_cleanup(VirtIODevice *vdev, VHostUserGPIO *gpio)
 {
 virtio_delete_queue(gpio->command_vq);
@@ -413,6 +419,7 @@ static void vu_gpio_class_init(ObjectClass *klass, void 
*data)
 vdc->get_config = vu_gpio_get_config;
 vdc->set_status = vu_gpio_set_status;
 vdc->guest_notifier_mask = vu_gpio_guest_notifier_mask;
+vdc->get_vhost = vu_gpio_get_vhost;
 }
 
 static const TypeInfo vu_gpio_info = {
diff --git a/hw/virtio/virtio-qmp.c b/hw/virtio/virtio-qmp.c
index e936cc8ce5..140c420d87 100644
--- a/hw/virtio/virtio-qmp.c
+++ b/hw/virtio/virtio-qmp.c
@@ -53,6 +53,7 @@ enum VhostUserProtocolFeature {
 VHOST_USER_PROTOCOL_F_RESET_DEVICE = 13,
 VHOST_USER_PROTOCOL_F_INBAND_NOTIFICATIONS = 14,
 VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS = 15,
+VHOST_USER_PROTOCOL_F_STATUS = 16,
 VHOST_USER_PROTOCOL_F_MAX
 };
 
@@ -79,6 +80,8 @@ static const qmp_virtio_feature_map_t virtio_transport_map[] 
= {
 "VIRTIO_F_ORDER_PLATFORM: Memory accesses ordered by platform"),
 FEATURE_ENTRY(VIRTIO_F_SR_IOV, \
 "VIRTIO_F_SR_IOV: Device supports single root I/O virtualization"),
+FEATURE_ENTRY(VIRTIO_F_RING_RESET, \
+"VIRTIO_F_RING_RESET: Driver can reset individual VQs"),
 /* Virtio ring transport features */
 FEATURE_ENTRY(VIRTIO_RING_F_INDIRECT_DESC, \
 "VIRTIO_RING_F_INDIRECT_DESC: Indirect descriptors supported"),
@@ -134,6 +137,9 @@ static const qmp_virtio_feature_map_t 
vhost_user_protocol_map[] = {
 FEATURE_ENTRY(VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS, \
 "VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS: Configuration for "
 "memory slots supported"),
+FEATURE_ENTRY(VHOST_USER_PROTOCOL_F_STATUS, \
+"VHOST_USER_PROTOCOL_F_STATUS: Querying and notifying back-end "
+"device statuses supported"),
 { -1, "" }
 };
 
@@ -176,6 +182,8 @@ static const qmp_virtio_feature_map_t 
virtio_blk_feature_map[] = {
 "VIRTIO_BLK_F_DISCARD: Discard command supported"),
 FEATURE_ENTRY(VIRTIO_BLK_F_WRITE_ZEROES, \
 "VIRTIO_BLK_F_WRITE_ZEROES: Write zeroes command supported"),
+FEATURE_ENTRY(VIRTIO_BLK_F_SECURE_ERASE, \
+"VIRTIO_BLK_F_SECURE_ERASE: Secure erase supported"),
 FEATURE_ENTRY(VIRTIO_BLK_F_ZONED, \
 "VIRTIO_BLK_F_ZONED: Zoned block devices"),
 #ifndef VIRTIO_BLK_NO_LEGACY
@@ -299,6 +307,14 @@ static const qmp_virtio_feature_map_t 
virtio_net_feature_map[] = {
 FEATURE_ENTRY(VIRTIO_NET_F_CTRL_MAC_ADDR, \
 "VIRTIO_NET_F_CTRL_MAC_ADDR: MAC address set through control "
 "channel"),
+FEATURE_ENTRY(VIRTIO_NET_F_NOTF_COAL, \
+"VIRTIO_NET_F_NOTF_COAL: Device supports coalescing 
notifications"),
+FEATURE_ENTRY(VIRTIO_NET_F_GUEST_USO4, \
+"VIRTIO_NET_F_GUEST_USO4: Driver can receive USOv4"),
+FEATURE_ENTRY(VIRTIO_NET_F_GUEST_USO6, \
+"VIRTIO_NET_F_GUEST_USO4: Driver can receive USOv6"),
+FEATURE_ENTRY(VIRTIO_NET_F_HOST_USO, \
+"VIRTIO_NET_F_HOST_USO: Device can receive USO"),
 FEATURE_ENTRY(VIRTIO_NET_F_HASH_REPORT, \
 "VIRTIO_NET_F_HASH_REPORT: Hash reporting supported"),
 FEATURE_ENTRY(VIRTIO_NET_F_RSS, \
@@ -469,6 +485,48 @@ static const qmp_virtio_feature_map_t 
virtio_rng_feature_map[] = {
 };
 #endif
 
+/* virtio/vhost-gpio features mapping */
+#ifdef CONFIG_VIRTIO_GPIO
+static const qmp_virtio_feature_map_t virtio_gpio_feature_

Re: [PATCH 00/22] target/arm/tcg: Remove inclusions of 'exec/helper-[proto/gen].h'

[Philippe Mathieu-Daudé]

On 9/6/23 12:46, Philippe Mathieu-Daudé wrote:

Hi,

This series tries to do what Richard suggested in [*]:

   Targets that have a tcg/ subdir should have helper.h.inc
   moved into there.  At the end, include/exec/helper-gen.h
   and include/exec/helper-proto.h become unused and go away.

but only for the ARM target, to first see if this is heading
in the correct direction.

Instead of having TCG generated helpers included by all
translate/helper units, they are reduced to the few places
really needing them. I expect the build step to be slighly
improved, since the compiler doesn't have to compile and
track unused helpers definitions.




  42 files changed, 2100 insertions(+), 1804 deletions(-)
  create mode 100644 target/arm/tcg/helper-iwmmxt.h.inc
  create mode 100644 target/arm/tcg/helper-neon.h.inc
  create mode 100644 target/arm/tcg/helper-vfp.h.inc
  create mode 100644 target/arm/tcg/translate-iwmmxt.c


Note to myself, these new files miss a license.

Perhaps we could have a check for SPDX in checkpatch.pl, along with
"added, moved or deleted file(s), does MAINTAINERS need updating?".