[PATCH v4 5/8] vdpa: Check device ack in vhost_vdpa_net_load_rx_mode()

[Hawkins Jiawei]

Considering that vhost_vdpa_net_load_rx_mode() is only called
within vhost_vdpa_net_load_rx() now, this patch refactors
vhost_vdpa_net_load_rx_mode() to include a check for the
device's ack, simplifying the code and improving its maintainability.

Signed-off-by: Hawkins Jiawei 
Acked-by: Eugenio Pérez 
---
 net/vhost-vdpa.c | 76 
 1 file changed, 31 insertions(+), 45 deletions(-)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 7c67063469..116a06cc45 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -814,14 +814,24 @@ static int vhost_vdpa_net_load_rx_mode(VhostVDPAState *s,
 .iov_base = ,
 .iov_len = sizeof(on),
 };
-return vhost_vdpa_net_load_cmd(s, VIRTIO_NET_CTRL_RX,
-   cmd, , 1);
+ssize_t dev_written;
+
+dev_written = vhost_vdpa_net_load_cmd(s, VIRTIO_NET_CTRL_RX,
+  cmd, , 1);
+if (unlikely(dev_written < 0)) {
+return dev_written;
+}
+if (*s->status != VIRTIO_NET_OK) {
+return -EIO;
+}
+
+return 0;
 }
 
 static int vhost_vdpa_net_load_rx(VhostVDPAState *s,
   const VirtIONet *n)
 {
-ssize_t dev_written;
+ssize_t r;
 
 if (!virtio_vdev_has_feature(>parent_obj, VIRTIO_NET_F_CTRL_RX)) {
 return 0;
@@ -846,13 +856,9 @@ static int vhost_vdpa_net_load_rx(VhostVDPAState *s,
  * configuration only at live migration.
  */
 if (!n->mac_table.uni_overflow && !n->promisc) {
-dev_written = vhost_vdpa_net_load_rx_mode(s,
-VIRTIO_NET_CTRL_RX_PROMISC, 0);
-if (unlikely(dev_written < 0)) {
-return dev_written;
-}
-if (*s->status != VIRTIO_NET_OK) {
-return -EIO;
+r = vhost_vdpa_net_load_rx_mode(s, VIRTIO_NET_CTRL_RX_PROMISC, 0);
+if (unlikely(r < 0)) {
+return r;
 }
 }
 
@@ -874,13 +880,9 @@ static int vhost_vdpa_net_load_rx(VhostVDPAState *s,
  * configuration only at live migration.
  */
 if (n->mac_table.multi_overflow || n->allmulti) {
-dev_written = vhost_vdpa_net_load_rx_mode(s,
-VIRTIO_NET_CTRL_RX_ALLMULTI, 1);
-if (unlikely(dev_written < 0)) {
-return dev_written;
-}
-if (*s->status != VIRTIO_NET_OK) {
-return -EIO;
+r = vhost_vdpa_net_load_rx_mode(s, VIRTIO_NET_CTRL_RX_ALLMULTI, 1);
+if (unlikely(r < 0)) {
+return r;
 }
 }
 
@@ -899,13 +901,9 @@ static int vhost_vdpa_net_load_rx(VhostVDPAState *s,
  * configuration only at live migration.
  */
 if (n->alluni) {
-dev_written = vhost_vdpa_net_load_rx_mode(s,
-VIRTIO_NET_CTRL_RX_ALLUNI, 1);
-if (dev_written < 0) {
-return dev_written;
-}
-if (*s->status != VIRTIO_NET_OK) {
-return -EIO;
+r = vhost_vdpa_net_load_rx_mode(s, VIRTIO_NET_CTRL_RX_ALLUNI, 1);
+if (r < 0) {
+return r;
 }
 }
 
@@ -920,13 +918,9 @@ static int vhost_vdpa_net_load_rx(VhostVDPAState *s,
  * configuration only at live migration.
  */
 if (n->nomulti) {
-dev_written = vhost_vdpa_net_load_rx_mode(s,
-VIRTIO_NET_CTRL_RX_NOMULTI, 1);
-if (dev_written < 0) {
-return dev_written;
-}
-if (*s->status != VIRTIO_NET_OK) {
-return -EIO;
+r = vhost_vdpa_net_load_rx_mode(s, VIRTIO_NET_CTRL_RX_NOMULTI, 1);
+if (r < 0) {
+return r;
 }
 }
 
@@ -941,13 +935,9 @@ static int vhost_vdpa_net_load_rx(VhostVDPAState *s,
  * configuration only at live migration.
  */
 if (n->nouni) {
-dev_written = vhost_vdpa_net_load_rx_mode(s,
-VIRTIO_NET_CTRL_RX_NOUNI, 1);
-if (dev_written < 0) {
-return dev_written;
-}
-if (*s->status != VIRTIO_NET_OK) {
-return -EIO;
+r = vhost_vdpa_net_load_rx_mode(s, VIRTIO_NET_CTRL_RX_NOUNI, 1);
+if (r < 0) {
+return r;
 }
 }
 
@@ -962,13 +952,9 @@ static int vhost_vdpa_net_load_rx(VhostVDPAState *s,
  * configuration only at live migration.
  */
 if (n->nobcast) {
-dev_written = vhost_vdpa_net_load_rx_mode(s,
-VIRTIO_NET_CTRL_RX_NOBCAST, 1);
-if (dev_written < 0) {
-return dev_written;
-}
-if (*s->status != VIRTIO_NET_OK) {
-return -EIO;
+r = vhost_vdpa_net_load_rx_mode(s, VIRTIO_NET_CTRL_RX_NOBCAST, 1);
+if (r < 0) {
+return r;
 }
 }
 
-- 
2.25.1

[PATCH v4 8/8] vdpa: Send cvq state load commands in parallel

[Hawkins Jiawei]

This patch enables sending CVQ state load commands
in parallel at device startup by following steps:

  * Refactor vhost_vdpa_net_load_cmd() to iterate through
the control commands shadow buffers. This allows different
CVQ state load commands to use their own unique buffers.

  * Delay the polling and checking of buffers until either
the SVQ is full or control commands shadow buffers are full.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1578
Signed-off-by: Hawkins Jiawei 
---
v4:
  - refactor argument `cmds_in_flight` to `len` for
vhost_vdpa_net_svq_full()
  - check the return value of vhost_vdpa_net_svq_poll()
in vhost_vdpa_net_svq_flush() suggested by Eugenio
  - use iov_size(), vhost_vdpa_net_load_cursor_reset()
and iov_discard_front() to update the cursors instead of
accessing it directly according to Eugenio

v3: 
https://lore.kernel.org/all/3a002790e6c880af928c6470ecbf03e7c65a68bb.1689748694.git.yin31...@gmail.com/

 net/vhost-vdpa.c | 155 +--
 1 file changed, 97 insertions(+), 58 deletions(-)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index a71e8c9090..818464b702 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -646,6 +646,31 @@ static void 
vhost_vdpa_net_load_cursor_reset(VhostVDPAState *s,
 in_cursor->iov_len = vhost_vdpa_net_cvq_cmd_page_len();
 }
 
+/*
+ * Poll SVQ for multiple pending control commands and check the device's ack.
+ *
+ * Caller should hold the BQL when invoking this function.
+ *
+ * @s: The VhostVDPAState
+ * @len: The length of the pending status shadow buffer
+ */
+static ssize_t vhost_vdpa_net_svq_flush(VhostVDPAState *s, size_t len)
+{
+/* Device uses a one-byte length ack for each control command */
+ssize_t dev_written = vhost_vdpa_net_svq_poll(s, len);
+if (unlikely(dev_written != len)) {
+return -EIO;
+}
+
+/* check the device's ack */
+for (int i = 0; i < len; ++i) {
+if (s->status[i] != VIRTIO_NET_OK) {
+return -EIO;
+}
+}
+return 0;
+}
+
 static ssize_t vhost_vdpa_net_load_cmd(VhostVDPAState *s,
struct iovec *out_cursor,
struct iovec *in_cursor, uint8_t class,
@@ -660,10 +685,30 @@ static ssize_t vhost_vdpa_net_load_cmd(VhostVDPAState *s,
cmd_size = sizeof(ctrl) + data_size;
 struct iovec out, in;
 ssize_t r;
+unsigned dummy_cursor_iov_cnt;
 
 assert(data_size < vhost_vdpa_net_cvq_cmd_page_len() - sizeof(ctrl));
+if (vhost_vdpa_net_svq_available_slots(s) < 2 ||
+iov_size(out_cursor, 1) < cmd_size) {
+/*
+ * It is time to flush all pending control commands if SVQ is full
+ * or control commands shadow buffers are full.
+ *
+ * We can poll here since we've had BQL from the time
+ * we sent the descriptor.
+ */
+r = vhost_vdpa_net_svq_flush(s, in_cursor->iov_base -
+ (void *)s->status);
+if (unlikely(r < 0)) {
+return r;
+}
+
+vhost_vdpa_net_load_cursor_reset(s, out_cursor, in_cursor);
+}
+
 /* Each CVQ command has one out descriptor and one in descriptor */
 assert(vhost_vdpa_net_svq_available_slots(s) >= 2);
+assert(iov_size(out_cursor, 1) >= cmd_size);
 
 /* Prepare the buffer for out descriptor for the device */
 iov_copy(, 1, out_cursor, 1, 0, cmd_size);
@@ -681,11 +726,13 @@ static ssize_t vhost_vdpa_net_load_cmd(VhostVDPAState *s,
 return r;
 }
 
-/*
- * We can poll here since we've had BQL from the time
- * we sent the descriptor.
- */
-return vhost_vdpa_net_svq_poll(s, 1);
+/* iterate the cursors */
+dummy_cursor_iov_cnt = 1;
+iov_discard_front(_cursor, _cursor_iov_cnt, cmd_size);
+dummy_cursor_iov_cnt = 1;
+iov_discard_front(_cursor, _cursor_iov_cnt, sizeof(*s->status));
+
+return 0;
 }
 
 static int vhost_vdpa_net_load_mac(VhostVDPAState *s, const VirtIONet *n,
@@ -697,15 +744,12 @@ static int vhost_vdpa_net_load_mac(VhostVDPAState *s, 
const VirtIONet *n,
 .iov_base = (void *)n->mac,
 .iov_len = sizeof(n->mac),
 };
-ssize_t dev_written = vhost_vdpa_net_load_cmd(s, out_cursor, in_cursor,
-  VIRTIO_NET_CTRL_MAC,
-  VIRTIO_NET_CTRL_MAC_ADDR_SET,
-  , 1);
-if (unlikely(dev_written < 0)) {
-return dev_written;
-}
-if (*s->status != VIRTIO_NET_OK) {
-return -EIO;
+ssize_t r = vhost_vdpa_net_load_cmd(s, out_cursor, in_cursor,
+   VIRTIO_NET_CTRL_MAC,
+   VIRTIO_NET_CTRL_MAC_ADDR_SET,
+   , 1);
+if (unlikely(r < 0)) {
+   

[PATCH v4 4/8] vdpa: Avoid using vhost_vdpa_net_load_*() outside vhost_vdpa_net_load()

[Hawkins Jiawei]

Next patches in this series will refactor vhost_vdpa_net_load_cmd()
to iterate through the control commands shadow buffers, allowing QEMU
to send CVQ state load commands in parallel at device startup.

Considering that QEMU always forwards the CVQ command serialized
outside of vhost_vdpa_net_load(), it is more elegant to send the
CVQ commands directly without invoking vhost_vdpa_net_load_*() helpers.

Signed-off-by: Hawkins Jiawei 
---
v4:
  - pack CVQ command by iov_from_buf() instead of accessing
`out` directly suggested by Eugenio

v3: 
https://lore.kernel.org/all/428a8fac2a29b37757fa15ca747be93c0226cb1f.1689748694.git.yin31...@gmail.com/

 net/vhost-vdpa.c | 16 +---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index e6342b213f..7c67063469 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -1097,12 +1097,14 @@ static NetClientInfo net_vhost_vdpa_cvq_info = {
  */
 static int vhost_vdpa_net_excessive_mac_filter_cvq_add(VhostVDPAState *s,
VirtQueueElement *elem,
-   struct iovec *out)
+   struct iovec *out,
+   const struct iovec *in)
 {
 struct virtio_net_ctrl_mac mac_data, *mac_ptr;
 struct virtio_net_ctrl_hdr *hdr_ptr;
 uint32_t cursor;
 ssize_t r;
+uint8_t on = 1;
 
 /* parse the non-multicast MAC address entries from CVQ command */
 cursor = sizeof(*hdr_ptr);
@@ -1150,7 +1152,15 @@ static int 
vhost_vdpa_net_excessive_mac_filter_cvq_add(VhostVDPAState *s,
  * filter table to the vdpa device, it should send the
  * VIRTIO_NET_CTRL_RX_PROMISC CVQ command to enable promiscuous mode
  */
-r = vhost_vdpa_net_load_rx_mode(s, VIRTIO_NET_CTRL_RX_PROMISC, 1);
+cursor = 0;
+hdr_ptr = out->iov_base;
+out->iov_len = sizeof(*hdr_ptr) + sizeof(on);
+assert(out->iov_len < vhost_vdpa_net_cvq_cmd_page_len());
+
+hdr_ptr->class = VIRTIO_NET_CTRL_RX;
+hdr_ptr->cmd = VIRTIO_NET_CTRL_RX_PROMISC;
+iov_from_buf(out, 1, sizeof(*hdr_ptr), , sizeof(on));
+r = vhost_vdpa_net_cvq_add(s, out, 1, in, 1);
 if (unlikely(r < 0)) {
 return r;
 }
@@ -1268,7 +1278,7 @@ static int 
vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
  * the CVQ command direclty.
  */
 dev_written = vhost_vdpa_net_excessive_mac_filter_cvq_add(s, elem,
-  );
+, _in);
 if (unlikely(dev_written < 0)) {
 goto out;
 }
-- 
2.25.1

[PATCH v4 6/8] vdpa: Move vhost_svq_poll() to the caller of vhost_vdpa_net_cvq_add()

[Hawkins Jiawei]

This patch moves vhost_svq_poll() to the caller of
vhost_vdpa_net_cvq_add() and introduces a helper funtion.

By making this change, next patches in this series is
able to refactor vhost_vdpa_net_load_x() only to delay
the polling and checking process until either the SVQ
is full or control commands shadow buffers are full.

Signed-off-by: Hawkins Jiawei 
---
v4:
  - always check the return value of vhost_vdpa_net_svq_poll()
suggested Eugenio

v3: 
https://lore.kernel.org/all/152177c4e7082236fba9d31d535e40f8c2984349.1689748694.git.yin31...@gmail.com/

 net/vhost-vdpa.c | 53 +++-
 1 file changed, 43 insertions(+), 10 deletions(-)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 116a06cc45..d9b8b3cf6c 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -609,15 +609,21 @@ static ssize_t vhost_vdpa_net_cvq_add(VhostVDPAState *s,
 qemu_log_mask(LOG_GUEST_ERROR, "%s: No space on device queue\n",
   __func__);
 }
-return r;
 }
 
-/*
- * We can poll here since we've had BQL from the time we sent the
- * descriptor. Also, we need to take the answer before SVQ pulls by itself,
- * when BQL is released
- */
-return vhost_svq_poll(svq, 1);
+return r;
+}
+
+/*
+ * Convenience wrapper to poll SVQ for multiple control commands.
+ *
+ * Caller should hold the BQL when invoking this function, and should take
+ * the answer before SVQ pulls by itself when BQL is released.
+ */
+static ssize_t vhost_vdpa_net_svq_poll(VhostVDPAState *s, size_t 
cmds_in_flight)
+{
+VhostShadowVirtqueue *svq = g_ptr_array_index(s->vhost_vdpa.shadow_vqs, 0);
+return vhost_svq_poll(svq, cmds_in_flight);
 }
 
 /* Convenience wrapper to get number of available SVQ descriptors */
@@ -645,6 +651,7 @@ static ssize_t vhost_vdpa_net_load_cmd(VhostVDPAState *s, 
uint8_t class,
 .iov_base = s->status,
 .iov_len = sizeof(*s->status),
 };
+ssize_t r;
 
 assert(data_size < vhost_vdpa_net_cvq_cmd_page_len() - sizeof(ctrl));
 /* Each CVQ command has one out descriptor and one in descriptor */
@@ -657,7 +664,16 @@ static ssize_t vhost_vdpa_net_load_cmd(VhostVDPAState *s, 
uint8_t class,
 iov_to_buf(data_sg, data_num, 0,
s->cvq_cmd_out_buffer + sizeof(ctrl), data_size);
 
-return vhost_vdpa_net_cvq_add(s, , 1, , 1);
+r = vhost_vdpa_net_cvq_add(s, , 1, , 1);
+if (unlikely(r < 0)) {
+return r;
+}
+
+/*
+ * We can poll here since we've had BQL from the time
+ * we sent the descriptor.
+ */
+return vhost_vdpa_net_svq_poll(s, 1);
 }
 
 static int vhost_vdpa_net_load_mac(VhostVDPAState *s, const VirtIONet *n)
@@ -1150,6 +1166,15 @@ static int 
vhost_vdpa_net_excessive_mac_filter_cvq_add(VhostVDPAState *s,
 if (unlikely(r < 0)) {
 return r;
 }
+
+/*
+ * We can poll here since we've had BQL from the time
+ * we sent the descriptor.
+ */
+r = vhost_vdpa_net_svq_poll(s, 1);
+if (unlikely(r < sizeof(*s->status))) {
+return r;
+}
 if (*s->status != VIRTIO_NET_OK) {
 return sizeof(*s->status);
 }
@@ -1269,10 +1294,18 @@ static int 
vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
 goto out;
 }
 } else {
-dev_written = vhost_vdpa_net_cvq_add(s, , 1, _in, 1);
-if (unlikely(dev_written < 0)) {
+ssize_t r;
+r = vhost_vdpa_net_cvq_add(s, , 1, _in, 1);
+if (unlikely(r < 0)) {
+dev_written = r;
 goto out;
 }
+
+/*
+ * We can poll here since we've had BQL from the time
+ * we sent the descriptor.
+ */
+dev_written = vhost_vdpa_net_svq_poll(s, 1);
 }
 
 if (unlikely(dev_written < sizeof(status))) {
-- 
2.25.1

[PATCH v4 1/8] vhost: Add count argument to vhost_svq_poll()

[Hawkins Jiawei]

Next patches in this series will no longer perform an
immediate poll and check of the device's used buffers
for each CVQ state load command. Instead, they will
send CVQ state load commands in parallel by polling
multiple pending buffers at once.

To achieve this, this patch refactoring vhost_svq_poll()
to accept a new argument `num`, which allows vhost_svq_poll()
to wait for the device to use multiple elements,
rather than polling for a single element.

Signed-off-by: Hawkins Jiawei 
Acked-by: Eugenio Pérez 
---
v4:
  - refactor subject line suggested by Eugenio

v3: 
https://lore.kernel.org/all/77c1d8b358644b49992e6dbca55a5c9e62c941a8.1689748694.git.yin31...@gmail.com/

 hw/virtio/vhost-shadow-virtqueue.c | 36 ++
 hw/virtio/vhost-shadow-virtqueue.h |  2 +-
 net/vhost-vdpa.c   |  2 +-
 3 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/hw/virtio/vhost-shadow-virtqueue.c 
b/hw/virtio/vhost-shadow-virtqueue.c
index 49e5aed931..e731b1d2ea 100644
--- a/hw/virtio/vhost-shadow-virtqueue.c
+++ b/hw/virtio/vhost-shadow-virtqueue.c
@@ -514,29 +514,37 @@ static void vhost_svq_flush(VhostShadowVirtqueue *svq,
 }
 
 /**
- * Poll the SVQ for one device used buffer.
+ * Poll the SVQ to wait for the device to use the specified number
+ * of elements and return the total length written by the device.
  *
  * This function race with main event loop SVQ polling, so extra
  * synchronization is needed.
  *
- * Return the length written by the device.
+ * @svq: The svq
+ * @num: The number of elements that need to be used
  */
-size_t vhost_svq_poll(VhostShadowVirtqueue *svq)
+size_t vhost_svq_poll(VhostShadowVirtqueue *svq, size_t num)
 {
-int64_t start_us = g_get_monotonic_time();
-uint32_t len = 0;
+size_t len = 0;
+uint32_t r;
 
-do {
-if (vhost_svq_more_used(svq)) {
-break;
-}
+while (num--) {
+int64_t start_us = g_get_monotonic_time();
 
-if (unlikely(g_get_monotonic_time() - start_us > 10e6)) {
-return 0;
-}
-} while (true);
+do {
+if (vhost_svq_more_used(svq)) {
+break;
+}
+
+if (unlikely(g_get_monotonic_time() - start_us > 10e6)) {
+return len;
+}
+} while (true);
+
+vhost_svq_get_buf(svq, );
+len += r;
+}
 
-vhost_svq_get_buf(svq, );
 return len;
 }
 
diff --git a/hw/virtio/vhost-shadow-virtqueue.h 
b/hw/virtio/vhost-shadow-virtqueue.h
index 6efe051a70..5bce67837b 100644
--- a/hw/virtio/vhost-shadow-virtqueue.h
+++ b/hw/virtio/vhost-shadow-virtqueue.h
@@ -119,7 +119,7 @@ void vhost_svq_push_elem(VhostShadowVirtqueue *svq,
 int vhost_svq_add(VhostShadowVirtqueue *svq, const struct iovec *out_sg,
   size_t out_num, const struct iovec *in_sg, size_t in_num,
   VirtQueueElement *elem);
-size_t vhost_svq_poll(VhostShadowVirtqueue *svq);
+size_t vhost_svq_poll(VhostShadowVirtqueue *svq, size_t num);
 
 void vhost_svq_set_svq_kick_fd(VhostShadowVirtqueue *svq, int svq_kick_fd);
 void vhost_svq_set_svq_call_fd(VhostShadowVirtqueue *svq, int call_fd);
diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 73e9063fa0..3acda8591a 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -625,7 +625,7 @@ static ssize_t vhost_vdpa_net_cvq_add(VhostVDPAState *s, 
size_t out_len,
  * descriptor. Also, we need to take the answer before SVQ pulls by itself,
  * when BQL is released
  */
-return vhost_svq_poll(svq);
+return vhost_svq_poll(svq, 1);
 }
 
 static ssize_t vhost_vdpa_net_load_cmd(VhostVDPAState *s, uint8_t class,
-- 
2.25.1

[PATCH v4 7/8] vdpa: Introduce cursors to vhost_vdpa_net_loadx()

[Hawkins Jiawei]

This patch introduces two new arugments, `out_cursor`
and `in_cursor`, to vhost_vdpa_net_loadx(). Addtionally,
it includes a helper function
vhost_vdpa_net_load_cursor_reset() for resetting these
cursors.

Furthermore, this patch refactors vhost_vdpa_net_load_cmd()
so that vhost_vdpa_net_load_cmd() prepares buffers
for the device using the cursors arguments, instead
of directly accesses `s->cvq_cmd_out_buffer` and
`s->status` fields.

By making these change, next patches in this series
can refactor vhost_vdpa_net_load_cmd() directly to
iterate through the control commands shadow buffers,
allowing QEMU to send CVQ state load commands in parallel
at device startup.

Signed-off-by: Hawkins Jiawei 
---
v4:
  - use `struct iovec` instead of `void **` as cursor
suggested by Eugenio
  - add vhost_vdpa_net_load_cursor_reset() helper function
to reset the cursors
  - refactor vhost_vdpa_net_load_cmd() to prepare buffers
by iov_copy() instead of accessing `in` and `out` directly
suggested by Eugenio

v3: 
https://lore.kernel.org/all/bf390934673f2b613359ea9d7ac6c89199c31384.1689748694.git.yin31...@gmail.com/

 net/vhost-vdpa.c | 114 ---
 1 file changed, 77 insertions(+), 37 deletions(-)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index d9b8b3cf6c..a71e8c9090 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -633,7 +633,22 @@ static uint16_t 
vhost_vdpa_net_svq_available_slots(VhostVDPAState *s)
 return vhost_svq_available_slots(svq);
 }
 
-static ssize_t vhost_vdpa_net_load_cmd(VhostVDPAState *s, uint8_t class,
+static void vhost_vdpa_net_load_cursor_reset(VhostVDPAState *s,
+ struct iovec *out_cursor,
+ struct iovec *in_cursor)
+{
+/* reset the cursor of the output buffer for the device */
+out_cursor->iov_base = s->cvq_cmd_out_buffer;
+out_cursor->iov_len = vhost_vdpa_net_cvq_cmd_page_len();
+
+/* reset the cursor of the in buffer for the device */
+in_cursor->iov_base = s->status;
+in_cursor->iov_len = vhost_vdpa_net_cvq_cmd_page_len();
+}
+
+static ssize_t vhost_vdpa_net_load_cmd(VhostVDPAState *s,
+   struct iovec *out_cursor,
+   struct iovec *in_cursor, uint8_t class,
uint8_t cmd, const struct iovec 
*data_sg,
size_t data_num)
 {
@@ -641,28 +656,25 @@ static ssize_t vhost_vdpa_net_load_cmd(VhostVDPAState *s, 
uint8_t class,
 .class = class,
 .cmd = cmd,
 };
-size_t data_size = iov_size(data_sg, data_num);
-/* Buffers for the device */
-const struct iovec out = {
-.iov_base = s->cvq_cmd_out_buffer,
-.iov_len = sizeof(ctrl) + data_size,
-};
-const struct iovec in = {
-.iov_base = s->status,
-.iov_len = sizeof(*s->status),
-};
+size_t data_size = iov_size(data_sg, data_num),
+   cmd_size = sizeof(ctrl) + data_size;
+struct iovec out, in;
 ssize_t r;
 
 assert(data_size < vhost_vdpa_net_cvq_cmd_page_len() - sizeof(ctrl));
 /* Each CVQ command has one out descriptor and one in descriptor */
 assert(vhost_vdpa_net_svq_available_slots(s) >= 2);
 
-/* pack the CVQ command header */
-memcpy(s->cvq_cmd_out_buffer, , sizeof(ctrl));
+/* Prepare the buffer for out descriptor for the device */
+iov_copy(, 1, out_cursor, 1, 0, cmd_size);
+/* Prepare the buffer for in descriptor for the device. */
+iov_copy(, 1, in_cursor, 1, 0, sizeof(*s->status));
 
+/* pack the CVQ command header */
+iov_from_buf(, 1, 0, , sizeof(ctrl));
 /* pack the CVQ command command-specific-data */
 iov_to_buf(data_sg, data_num, 0,
-   s->cvq_cmd_out_buffer + sizeof(ctrl), data_size);
+   out.iov_base + sizeof(ctrl), data_size);
 
 r = vhost_vdpa_net_cvq_add(s, , 1, , 1);
 if (unlikely(r < 0)) {
@@ -676,14 +688,17 @@ static ssize_t vhost_vdpa_net_load_cmd(VhostVDPAState *s, 
uint8_t class,
 return vhost_vdpa_net_svq_poll(s, 1);
 }
 
-static int vhost_vdpa_net_load_mac(VhostVDPAState *s, const VirtIONet *n)
+static int vhost_vdpa_net_load_mac(VhostVDPAState *s, const VirtIONet *n,
+   struct iovec *out_cursor,
+   struct iovec *in_cursor)
 {
 if (virtio_vdev_has_feature(>parent_obj, VIRTIO_NET_F_CTRL_MAC_ADDR)) {
 const struct iovec data = {
 .iov_base = (void *)n->mac,
 .iov_len = sizeof(n->mac),
 };
-ssize_t dev_written = vhost_vdpa_net_load_cmd(s, VIRTIO_NET_CTRL_MAC,
+ssize_t dev_written = vhost_vdpa_net_load_cmd(s, out_cursor, in_cursor,
+  VIRTIO_NET_CTRL_MAC,
   VIRTIO_NET_CTRL_MAC_ADDR_SET,

[PATCH v4 0/8] vdpa: Send all CVQ state load commands in parallel

[Hawkins Jiawei]

This patchset allows QEMU to delay polling and checking the device
used buffer until either the SVQ is full or control commands shadow
buffers are full, instead of polling and checking immediately after
sending each SVQ control command, so that QEMU can send all the SVQ
control commands in parallel, which have better performance improvement.

I use vp_vdpa device to simulate vdpa device, and create 4094 VLANS in
guest to build a test environment for sending multiple CVQ state load
commands. This patch series can improve latency from 20455 us to
13732 us for about 4099 CVQ state load commands, about 1.64 us per command.

Note that this patch should be based on
patch "Vhost-vdpa Shadow Virtqueue VLAN support" at [1].

[1]. https://lore.kernel.org/all/cover.1690100802.git.yin31...@gmail.com/

TestStep

1. regression testing using vp-vdpa device
  - For L0 guest, boot QEMU with two virtio-net-pci net device with
`ctrl_vq`, `ctrl_rx`, `ctrl_rx_extra` features on, command line like:
  -device virtio-net-pci,disable-legacy=on,disable-modern=off,
iommu_platform=on,mq=on,ctrl_vq=on,guest_announce=off,
indirect_desc=off,queue_reset=off,ctrl_rx=on,ctrl_rx_extra=on,...

  - For L1 guest, apply the patch series and compile the source code,
start QEMU with two vdpa device with svq mode on, enable the `ctrl_vq`,
`ctrl_rx`, `ctrl_rx_extra` features on, command line like:
  -netdev type=vhost-vdpa,x-svq=true,...
  -device virtio-net-pci,mq=on,guest_announce=off,ctrl_vq=on,
ctrl_rx=on,ctrl_rx_extra=on...

  - For L2 source guest, run the following bash command:
```bash
#!/bin/sh

for idx1 in {0..9}
do
  for idx2 in {0..9}
  do
for idx3 in {0..6}
do
  ip link add macvlan$idx1$idx2$idx3 link eth0
address 4a:30:10:19:$idx1$idx2:1$idx3 type macvlan mode bridge
  ip link set macvlan$idx1$idx2$idx3 up
done
  done
done
```
  - Execute the live migration in L2 source monitor

  - Result
* with this series, QEMU should not trigger any error or warning.



2. perf using vp-vdpa device
  - For L0 guest, boot QEMU with two virtio-net-pci net device with
`ctrl_vq`, `ctrl_vlan` features on, command line like:
  -device virtio-net-pci,disable-legacy=on,disable-modern=off,
iommu_platform=on,mq=on,ctrl_vq=on,guest_announce=off,
indirect_desc=off,queue_reset=off,ctrl_vlan=on,...

  - For L1 guest, apply the patch series, then apply an addtional
patch to record the load time in microseconds as following:
```diff
diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index 6b958d6363..501b510fd2 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -295,7 +295,10 @@ static int vhost_net_start_one(struct vhost_net *net,
 }
 
 if (net->nc->info->load) {
+int64_t start_us = g_get_monotonic_time();
 r = net->nc->info->load(net->nc);
+error_report("vhost_vdpa_net_load() = %ld us",
+ g_get_monotonic_time() - start_us);
 if (r < 0) {
 goto fail;
 }
```

  - For L1 guest, compile the code, and start QEMU with two vdpa device
with svq mode on, enable the `ctrl_vq`, `ctrl_vlan` features on,
command line like:
  -netdev type=vhost-vdpa,x-svq=true,...
  -device virtio-net-pci,mq=on,guest_announce=off,ctrl_vq=on,
ctrl_vlan=on...

  - For L2 source guest, run the following bash command:
```bash
#!/bin/sh

for idx in {1..4094}
do
  ip link add link eth0 name vlan$idx type vlan id $idx
done
```

  - execute the live migration in L2 source monitor

  - Result
* with this series, QEMU should not trigger any warning
or error except something like "vhost_vdpa_net_load() = 13732 us"
* without this series, QEMU should not trigger any warning
or error except something like "vhost_vdpa_net_load() = 20455 us"

ChangeLog
=
v4:
  - refactor subject line suggested by Eugenio in patch
"vhost: Add count argument to vhost_svq_poll()"
  - split `in` to `vdpa_in` and `model_in` instead of reusing `in`
in vhost_vdpa_net_handle_ctrl_avail() suggested by Eugenio in patch
"vdpa: Use iovec for vhost_vdpa_net_cvq_add()"
  - pack CVQ command by iov_from_buf() instead of accessing
`out` directly suggested by Eugenio in patch
"vdpa: Avoid using vhost_vdpa_net_load_*() outside vhost_vdpa_net_load()"
  - always check the return value of vhost_vdpa_net_svq_poll()
suggested Eugenio in patch
"vdpa: Move vhost_svq_poll() to the caller of vhost_vdpa_net_cvq_add()"
  - use `struct iovec` instead of `void **` as cursor,
add vhost_vdpa_net_load_cursor_reset() helper function
to reset the cursors, refactor vhost_vdpa_net_load_cmd() to prepare buffers
by iov_copy() instead of accessing `in` and `out` directly
suggested by Eugenio in patch
"vdpa: Introduce cursors to vhost_vdpa_net_loadx()"
  - refactor argument `cmds_in_flight` to `len` for
vhost_vdpa_net_svq_full(), check the return value of
vhost_vdpa_net_svq_poll() in vhost_vdpa_net_svq_flush(),
use iov_size(), vhost_vdpa_net_load_cursor_reset()
and iov_discard_front() to update the 

[PATCH v4 2/8] vdpa: Use iovec for vhost_vdpa_net_cvq_add()

[Hawkins Jiawei]

Next patches in this series will no longer perform an
immediate poll and check of the device's used buffers
for each CVQ state load command. Consequently, there
will be multiple pending buffers in the shadow VirtQueue,
making it a must for every control command to have its
own buffer.

To achieve this, this patch refactor vhost_vdpa_net_cvq_add()
to accept `struct iovec`, which eliminates the coupling of
control commands to `s->cvq_cmd_out_buffer` and `s->status`,
allowing them to use their own buffer.

Signed-off-by: Hawkins Jiawei 
---
v4:
  - split `in` to `vdpa_in` and `model_in` instead of reusing `in`
in vhost_vdpa_net_handle_ctrl_avail() suggested by Eugenio

v3: 
https://lore.kernel.org/all/b1d473772ec4bcb254ab0d12430c9b1efe758606.1689748694.git.yin31...@gmail.com/

 net/vhost-vdpa.c | 39 ++-
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/net/vhost-vdpa.c b/net/vhost-vdpa.c
index 3acda8591a..a875767ee9 100644
--- a/net/vhost-vdpa.c
+++ b/net/vhost-vdpa.c
@@ -596,22 +596,14 @@ static void vhost_vdpa_net_cvq_stop(NetClientState *nc)
 vhost_vdpa_net_client_stop(nc);
 }
 
-static ssize_t vhost_vdpa_net_cvq_add(VhostVDPAState *s, size_t out_len,
-  size_t in_len)
+static ssize_t vhost_vdpa_net_cvq_add(VhostVDPAState *s,
+const struct iovec *out_sg, size_t out_num,
+const struct iovec *in_sg, size_t in_num)
 {
-/* Buffers for the device */
-const struct iovec out = {
-.iov_base = s->cvq_cmd_out_buffer,
-.iov_len = out_len,
-};
-const struct iovec in = {
-.iov_base = s->status,
-.iov_len = sizeof(virtio_net_ctrl_ack),
-};
 VhostShadowVirtqueue *svq = g_ptr_array_index(s->vhost_vdpa.shadow_vqs, 0);
 int r;
 
-r = vhost_svq_add(svq, , 1, , 1, NULL);
+r = vhost_svq_add(svq, out_sg, out_num, in_sg, in_num, NULL);
 if (unlikely(r != 0)) {
 if (unlikely(r == -ENOSPC)) {
 qemu_log_mask(LOG_GUEST_ERROR, "%s: No space on device queue\n",
@@ -637,6 +629,15 @@ static ssize_t vhost_vdpa_net_load_cmd(VhostVDPAState *s, 
uint8_t class,
 .cmd = cmd,
 };
 size_t data_size = iov_size(data_sg, data_num);
+/* Buffers for the device */
+const struct iovec out = {
+.iov_base = s->cvq_cmd_out_buffer,
+.iov_len = sizeof(ctrl) + data_size,
+};
+const struct iovec in = {
+.iov_base = s->status,
+.iov_len = sizeof(*s->status),
+};
 
 assert(data_size < vhost_vdpa_net_cvq_cmd_page_len() - sizeof(ctrl));
 
@@ -647,8 +648,7 @@ static ssize_t vhost_vdpa_net_load_cmd(VhostVDPAState *s, 
uint8_t class,
 iov_to_buf(data_sg, data_num, 0,
s->cvq_cmd_out_buffer + sizeof(ctrl), data_size);
 
-return vhost_vdpa_net_cvq_add(s, data_size + sizeof(ctrl),
-  sizeof(virtio_net_ctrl_ack));
+return vhost_vdpa_net_cvq_add(s, , 1, , 1);
 }
 
 static int vhost_vdpa_net_load_mac(VhostVDPAState *s, const VirtIONet *n)
@@ -1222,10 +1222,15 @@ static int 
vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
 .iov_base = s->cvq_cmd_out_buffer,
 };
 /* in buffer used for device model */
-const struct iovec in = {
+const struct iovec model_in = {
 .iov_base = ,
 .iov_len = sizeof(status),
 };
+/* in buffer used for vdpa device */
+const struct iovec vdpa_in = {
+.iov_base = s->status,
+.iov_len = sizeof(*s->status),
+};
 ssize_t dev_written = -EINVAL;
 
 out.iov_len = iov_to_buf(elem->out_sg, elem->out_num, 0,
@@ -1259,7 +1264,7 @@ static int 
vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
 goto out;
 }
 } else {
-dev_written = vhost_vdpa_net_cvq_add(s, out.iov_len, sizeof(status));
+dev_written = vhost_vdpa_net_cvq_add(s, , 1, _in, 1);
 if (unlikely(dev_written < 0)) {
 goto out;
 }
@@ -1275,7 +1280,7 @@ static int 
vhost_vdpa_net_handle_ctrl_avail(VhostShadowVirtqueue *svq,
 }
 
 status = VIRTIO_NET_ERR;
-virtio_net_handle_ctrl_iov(svq->vdev, , 1, , 1);
+virtio_net_handle_ctrl_iov(svq->vdev, _in, 1, , 1);
 if (status != VIRTIO_NET_OK) {
 error_report("Bad CVQ processing in model");
 }
-- 
2.25.1

[PATCH v4 1/2] target/i386: Avoid cpu number overflow in legacy topology

[Qian Wen]

The legacy topology enumerated by CPUID.1.EBX[23:16] is defined in SDM
Vol2:

Bits 23-16: Maximum number of addressable IDs for logical processors in
this physical package.

When threads_per_socket > 255, it will 1) overwrite bits[31:24] which is
apic_id, 2) bits [23:16] get truncated.

Specifically, if launching the VM with -smp 256, the value written to
EBX[23:16] is 0 because of data overflow. If the guest only supports
legacy topology, without V2 Extended Topology enumerated by CPUID.0x1f
or Extended Topology enumerated by CPUID.0x0b to support over 255 CPUs,
the return of the kernel invoking cpu_smt_allowed() is false and APs
(application processors) will fail to bring up. Then only CPU 0 is online,
and others are offline.

For example, launch VM via:
qemu-system-x86_64 -M q35,accel=kvm,kernel-irqchip=split \
-cpu qemu64,cpuid-0xb=off -smp 256 -m 32G \
-drive file=guest.img,if=none,id=virtio-disk0,format=raw \
-device virtio-blk-pci,drive=virtio-disk0,bootindex=1 --nographic

The guest shows:
CPU(s):   256
On-line CPU(s) list:  0
Off-line CPU(s) list: 1-255

To avoid this issue caused by overflow, limit the max value written to
EBX[23:16] to 255 as the HW does.

Signed-off-by: Qian Wen 
Reviewed-by: Zhao Liu 
Reviewed-by: Xiaoyao Li 
Reviewed-by: Isaku Yamahata 
---
 target/i386/cpu.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 00f913b638..fc0437bdb1 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6012,6 +6012,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 uint32_t die_offset;
 uint32_t limit;
 uint32_t signature[3];
+uint32_t threads_per_socket;
 X86CPUTopoInfo topo_info;
 
 topo_info.dies_per_pkg = env->nr_dies;
@@ -6053,8 +6054,9 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 *ecx |= CPUID_EXT_OSXSAVE;
 }
 *edx = env->features[FEAT_1_EDX];
-if (cs->nr_cores * cs->nr_threads > 1) {
-*ebx |= (cs->nr_cores * cs->nr_threads) << 16;
+threads_per_socket = cs->nr_cores * cs->nr_threads;
+if (threads_per_socket > 1) {
+*ebx |= MIN(threads_per_socket, 255) << 16;
 *edx |= CPUID_HT;
 }
 if (!cpu->enable_pmu) {
-- 
2.25.1

[PATCH v4 0/2] Fix overflow of the max number of IDs for logic processor and core

[Qian Wen]

CPUID.1.EBX[23:16]: Maximum number of addressable IDs for logical
processors in this physical package.
CPUID.4:EAX[31:26]: Maximum number of addressable IDs for processor cores
in the physical package.

The current qemu code doesn't limit the value written to these two fields.
If the guest has a huge number of cores, APs (application processor) will
fail to bring up and the wrong info will be reported.
According to HW behavior, setting max value written to CPUID.1.EBX[23:16]
to 255, and CPUID.4:EAX[31:26] to 63.

---
Changes v3 -> v4:
  - Add "Reviewed-by" from Isaku and Xiaoyao.
  - Rebase to the v8.1.0.
Changes v2 -> v3:
  - Add patch 2.
  - Revise the commit message and comment to be clearer.
  - Using MIN() for limitation.
Changes v1 -> v2:
  - Revise the commit message and comment to more clearer.
  - Rebased to v8.1.0-rc2.

Qian Wen (2):
  target/i386: Avoid cpu number overflow in legacy topology
  target/i386: Avoid overflow of the cache parameter enumerated by leaf
4

 target/i386/cpu.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

base-commit:f5fe7c17ac4e309e47e78f0f9761aebc8d2f2c81
-- 
2.25.1

[PATCH v4 2/2] target/i386: Avoid overflow of the cache parameter enumerated by leaf 4

[Qian Wen]

According to SDM, CPUID.0x4:EAX[31:26] indicates the Maximum number of
addressable IDs for processor cores in the physical package. If we
launch over 64 cores VM, the 6-bit field will overflow, and the wrong
core_id number will be reported.

Since the HW reports 0x3f when the intel processor has over 64 cores,
limit the max value written to EBX[31:26] to 63, so max num_cores should
be 64.

Signed-off-by: Qian Wen 
Reviewed-by: Zhao Liu 
Reviewed-by: Xiaoyao Li 
Reviewed-by: Isaku Yamahata 
---
 target/i386/cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index fc0437bdb1..90fe0a6a46 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -248,7 +248,7 @@ static void encode_cache_cpuid4(CPUCacheInfo *cache,
 *eax = CACHE_TYPE(cache->type) |
CACHE_LEVEL(cache->level) |
(cache->self_init ? CACHE_SELF_INIT_LEVEL : 0) |
-   ((num_cores - 1) << 26) |
+   ((MIN(num_cores, 64) - 1) << 26) |
((num_apic_ids - 1) << 14);
 
 assert(cache->line_size > 0);
-- 
2.25.1

Re: [RFC PATCH v2 0/6] Add API for list cpu extensions

[LIU Zhiwei]

On 2023/8/28 21:58, Igor Mammedov wrote:

On Mon, 28 Aug 2023 16:45:30 +0800
LIU Zhiwei  wrote:


Some times we want to know what is the really mean of one cpu option.
For example, in RISC-V, we usually specify a cpu in this way:
-cpu rv64,v=on

If we don't look into the source code, we can't get the ISA extensions
of this -cpu command line.

In this patch set, we add one list_cpu_props API for common cores. It
will output the enabled ISA extensions.

In the near future, I will also list all possible user configurable
options and all possible extensions for this cpu.

In order to reuse the options parse code, I also add a QemuOptsList
for cpu.

After this patch, we can output the extensions for cpu,
"""
./qemu-system-riscv64 -cpu rv64,help
Enabled extensions:
 
rv64imafdch_zicbom_zicboz_zicsr_zifencei_zihintpause_zawrs_zfa_zba_zbb_zbc_zbs_sstc_svadu

It's not that easy to get features with values in general.
(many factors influence defaults, which may include:
  * properties set and/or added at realize time
  * defaults amended by machine type version
  * defaults amended by -global CLI options
)

To do that consensus was to query features after CPU object is realized.
Typically that implies starting dummy QEMU with needed CPU model and
then using query-cpu-model-expansion command to get actual property values.


I agree query-cpu-model-expansion command is necessary. But for users 
that manually


run qemu command line, it is difficult to for them to give a json-based 
input.


  
The task is solved by implementing query-cpu-model-expansion

command so that user (mainly management layer) could get defaults via QMP.
So if your goal is to get the given cpu defaults to mgmt layer
it is sufficient to implement query-cpu-model-expansion command for riscv.
(CC-ing libvirt folks to see if it picks up the command
automatically for every target or some more work would be needed
on their side as well)

PS:
no one cared about making -cpu name,help working till this moment
and certainly not for linux-user part.

To make this option work reliably it's would be necessary to make sure
that query-cpu-model-expansion work in user mode as well.




Also the timing when 'help' is processed should ensure that
machine is available/initialized (i.e. compat properties are in effect)


Agree. I can defer the helper handler process to the machine initialized 
stage.


Thanks,
Zhiwei



Once you have working query-cpu-model-expansion, your new -cpu foo,help handler
can translate json to human readable format that everyone would agree upon.


To get all configuable options for this cpu, use -device rv64-riscv-cpu,help
"""


v1->v2:

1) Give a hint to use -device cpu,help for configualbe options on cpu
2) Support list_cpu_props for linux user mode
3) Add default to some properties to make -device cpu,help output better


Todo:
1) Fix Daniel comments on KVM and cpu option check
2) Add support for other archs
3) Move qdev help function from qdev-monitor to qdev-property

LIU Zhiwei (6):
   cpu: Add new API cpu_type_by_name
   target/riscv: Add API list_cpu_props
   softmmu/vl: Add qemu_cpu_opts QemuOptsList
   target/riscv: Add default value for misa property
   target/riscv: Add defalut value for string property
   linux-user: Move qemu_cpu_opts to cpu.c

  cpu.c| 63 +---
  hw/core/qdev-prop-internal.h |  2 ++
  hw/core/qdev-properties.c|  7 
  include/exec/cpu-common.h|  3 ++
  include/hw/core/cpu.h| 11 +++
  include/hw/qdev-properties.h |  8 +
  linux-user/main.c| 10 ++
  softmmu/vl.c | 11 +++
  target/riscv/cpu.c   | 30 +
  target/riscv/cpu.h   |  2 ++
  10 files changed, 128 insertions(+), 19 deletions(-)

[RESEND] memory: avoid updating ioeventfds for some address_space

[hongmianquan]

When updating ioeventfds, we need to iterate all address spaces,
but some address spaces do not register eventfd_add|del call when
memory_listener_register() and they do nothing when updating ioeventfds.
So we can skip these AS in address_space_update_ioeventfds().

The overhead of memory_region_transaction_commit() can be significantly
reduced. For example, a VM with 8 vhost net devices and each one has
64 vectors, can reduce the time spent on memory_region_transaction_commit by 
20%.

Signed-off-by: hongmianquan 
---
 include/exec/memory.h |  1 +
 softmmu/memory.c  | 12 
 2 files changed, 13 insertions(+)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index 7f5c11a0cc..556f4f1871 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -1089,6 +1089,7 @@ struct AddressSpace {
 struct FlatView *current_map;
 
 int ioeventfd_nb;
+int ioeventfd_notifiers;
 struct MemoryRegionIoeventfd *ioeventfds;
 QTAILQ_HEAD(, MemoryListener) listeners;
 QTAILQ_ENTRY(AddressSpace) address_spaces_link;
diff --git a/softmmu/memory.c b/softmmu/memory.c
index 7d9494ce70..178816c845 100644
--- a/softmmu/memory.c
+++ b/softmmu/memory.c
@@ -842,6 +842,10 @@ static void address_space_update_ioeventfds(AddressSpace 
*as)
 AddrRange tmp;
 unsigned i;
 
+if (!as->ioeventfd_notifiers) {
+return;
+}
+
 /*
  * It is likely that the number of ioeventfds hasn't changed much, so use
  * the previous size as the starting value, with some headroom to avoid
@@ -3075,6 +3079,10 @@ void memory_listener_register(MemoryListener *listener, 
AddressSpace *as)
 }
 
 listener_add_address_space(listener, as);
+
+if (listener->eventfd_add || listener->eventfd_del) {
+as->ioeventfd_notifiers++;
+}
 }
 
 void memory_listener_unregister(MemoryListener *listener)
@@ -3083,6 +3091,10 @@ void memory_listener_unregister(MemoryListener *listener)
 return;
 }
 
+if (listener->eventfd_add || listener->eventfd_del) {
+listener->address_space->ioeventfd_notifiers--;
+}
+
 listener_del_address_space(listener, listener->address_space);
 QTAILQ_REMOVE(_listeners, listener, link);
 QTAILQ_REMOVE(>address_space->listeners, listener, link_as);
-- 
2.11.0

[PATCH] accel/tcg: mttcg remove false-negative halted assertion

[Nicholas Piggin]

mttcg asserts that an execution ending with EXCP_HALTED must have
cpu->halted. However between the event or instruction that sets
cpu->halted and requests exit and the assertion here, an
asynchronous event could clear cpu->halted.

This leads to crashes running AIX on ppc/pseries because it uses
H_CEDE/H_PROD hcalls, where H_CEDE sets self->halted = 1 and
H_PROD sets other cpu->halted = 0 and kicks it.

H_PROD could be turned into an interrupt to wake, but several other
places in ppc, sparc, and semihosting follow what looks like a similar
pattern setting halted = 0 directly. So remove this assertion.

Reported-by: Ivan Warren 
Signed-off-by: Nicholas Piggin 
---
 accel/tcg/tcg-accel-ops-mttcg.c | 11 ---
 1 file changed, 11 deletions(-)

diff --git a/accel/tcg/tcg-accel-ops-mttcg.c b/accel/tcg/tcg-accel-ops-mttcg.c
index b276262007..d0b6f288d9 100644
--- a/accel/tcg/tcg-accel-ops-mttcg.c
+++ b/accel/tcg/tcg-accel-ops-mttcg.c
@@ -98,17 +98,6 @@ static void *mttcg_cpu_thread_fn(void *arg)
 case EXCP_DEBUG:
 cpu_handle_guest_debug(cpu);
 break;
-case EXCP_HALTED:
-/*
- * during start-up the vCPU is reset and the thread is
- * kicked several times. If we don't ensure we go back
- * to sleep in the halted state we won't cleanly
- * start-up when the vCPU is enabled.
- *
- * cpu->halted should ensure we sleep in wait_io_event
- */
-g_assert(cpu->halted);
-break;
 case EXCP_ATOMIC:
 qemu_mutex_unlock_iothread();
 cpu_exec_step_atomic(cpu);
-- 
2.40.1

Re: [PATCH v11 0/9] rutabaga_gfx + gfxstream

[Gurchetan Singh]

On Fri, Aug 25, 2023 at 12:37 PM Alyssa Ross  wrote:

> Alyssa Ross  writes:
>
> > Gurchetan Singh  writes:
> >
> >> On Fri, Aug 25, 2023 at 12:11 AM Alyssa Ross  wrote:
> >>
> >>> Gurchetan Singh  writes:
> >>>
> >>> > On Wed, Aug 23, 2023 at 4:07 AM Alyssa Ross  wrote:
> >>> >
> >>> >> Gurchetan Singh  writes:
> >>> >>
> >>> >> > - Official "release commits" issued for rutabaga_gfx_ffi,
> >>> >> >   gfxstream, aemu-base.  For example, see crrev.com/c/4778941
> >>> >> >
> >>> >> > - The release commits can make packaging easier, though once
> >>> >> >   again all known users will likely just build from sources
> >>> >> >   anyways
> >>> >>
> >>> >> It's a small thing, but could there be actual tags, rather than just
> >>> >> blessed commits?  It'd just make them easier to find, and save a
> bit of
> >>> >> time in review for packages.
> >>> >>
> >>> >
> >>> > I added:
> >>> >
> >>> >
> >>>
> https://crosvm.dev/book/appendix/rutabaga_gfx.html#latest-releases-for-potential-packaging
> >>> >
> >>> > Tags are possible, but I want to clarify the use case before
> packaging.
> >>> > Where are you thinking of packaging it for (Debian??)? Are you mostly
> >>> > interested in Wayland passthrough (my guess) or gfxstream too?
> Depending
> >>> > your use case, we may be able to minimize the work involved.
> >>>
> >>> Packaging for Nixpkgs (where I already maintain what to my knowledge is
> >>> the only crosvm distro package).  I'm personally mostly interested in
> >>> Wayland passthroug, but I wouldn't be surprised if others are
> interested
> >>> in gfxstream.  The packaging work is already done, I've just been
> >>> holding off actually pushing the packages waiting for the stable
> >>> releases.
> >>>
> >>> The reason that tags would be useful is that it allows a reviewer of
> the
> >>> package to see at a glance that the package is built from a stable
> >>> release.  If it's just built from a commit hash, they have to go and
> >>> verify that it's a stable release, which is mildly annoying and
> >>> unconventional.
> >>>
> >>
> >> Understood.  Request to have gfxstream and AEMU v0.1.2 release tags
> made.
> >>
> >> For rutabaga_gfx_ffi, is the crates.io upload sufficient?
> >>
> >> https://crates.io/crates/rutabaga_gfx_ffi
> >>
> >> Debian, for example, treats crates.io as the source of truth and builds
> >> tooling around that.  I wonder if Nixpkgs as similar tooling around
> >> crates.io.
> >
> > We do, and I'll use the crates.io release for the package — good
> > suggestion, but it's still useful to also have a tag in a git repo.  It
> > makes it easier if I need to do a bisect, for example.  As a distro
> > developer, I'm frequently jumping across codebases I am not very
> > familiar with to try to track down regressions, etc., and it's much
> > easier when I don't have to learn some special quirk of the package like
> > not having git tags.
>
> Aha, trying to switch my package over to it has revealed that there is
> actually a reason not to use the crates.io release.  It doesn't include
> a Cargo.lock, which would mean we'd have to obtain one from elsewhere.
> Either from the crosvm git repo, at which point we might just get all
> the sources from there, or by vendoring a Cargo.lock into our own git
> tree for packages, which we try to avoid because when you have a lot of
> them, they become quite a large proportion of the overall size of the
> repo.
>

Ack.  Request to have a rutabaga release tag in crosvm also made, should be
complete in a few days.


>
> (This probably differs from Debian, etc., because in Nixpkgs, we don't
> package each crate dependency separately.  We only have packages for
> applications (or occasionally, C ABI libraries written in Rust), and
> each of those gets to bring in whatever crate dependencies it wants as
> part of its build.  This means we use the upstream Cargo.lock, and
> accept that different Rust packages will use lots of different versions
> of dependencies, which I don't believe is the case with other distros
> that take a more purist approach to Rust packaging.)
>

[PATCH v13 9/9] docs/system: add basic virtio-gpu documentation

[Gurchetan Singh]

This adds basic documentation for virtio-gpu.

Suggested-by: Akihiko Odaki 
Signed-off-by: Gurchetan Singh 
Tested-by: Alyssa Ross 
Tested-by: Emmanouil Pitsidianakis 
Tested-by: Akihiko Odaki 
Reviewed-by: Emmanouil Pitsidianakis 
Reviewed-by: Antonio Caggiano 
Reviewed-by: Akihiko Odaki 
---
 docs/system/device-emulation.rst   |   1 +
 docs/system/devices/virtio-gpu.rst | 112 +
 2 files changed, 113 insertions(+)
 create mode 100644 docs/system/devices/virtio-gpu.rst

diff --git a/docs/system/device-emulation.rst b/docs/system/device-emulation.rst
index 4491c4cbf7..1167f3a9f2 100644
--- a/docs/system/device-emulation.rst
+++ b/docs/system/device-emulation.rst
@@ -91,6 +91,7 @@ Emulated Devices
devices/nvme.rst
devices/usb.rst
devices/vhost-user.rst
+   devices/virtio-gpu.rst
devices/virtio-pmem.rst
devices/vhost-user-rng.rst
devices/canokey.rst
diff --git a/docs/system/devices/virtio-gpu.rst 
b/docs/system/devices/virtio-gpu.rst
new file mode 100644
index 00..21465e4ce2
--- /dev/null
+++ b/docs/system/devices/virtio-gpu.rst
@@ -0,0 +1,112 @@
+..
+   SPDX-License-Identifier: GPL-2.0-or-later
+
+virtio-gpu
+==
+
+This document explains the setup and usage of the virtio-gpu device.
+The virtio-gpu device paravirtualizes the GPU and display controller.
+
+Linux kernel support
+
+
+virtio-gpu requires a guest Linux kernel built with the
+``CONFIG_DRM_VIRTIO_GPU`` option.
+
+QEMU virtio-gpu variants
+
+
+QEMU virtio-gpu device variants come in the following form:
+
+ * ``virtio-vga[-BACKEND]``
+ * ``virtio-gpu[-BACKEND][-INTERFACE]``
+ * ``vhost-user-vga``
+ * ``vhost-user-pci``
+
+**Backends:** QEMU provides a 2D virtio-gpu backend, and two accelerated
+backends: virglrenderer ('gl' device label) and rutabaga_gfx ('rutabaga'
+device label).  There is a vhost-user backend that runs the graphics stack
+in a separate process for improved isolation.
+
+**Interfaces:** QEMU further categorizes virtio-gpu device variants based
+on the interface exposed to the guest. The interfaces can be classified
+into VGA and non-VGA variants. The VGA ones are prefixed with virtio-vga
+or vhost-user-vga while the non-VGA ones are prefixed with virtio-gpu or
+vhost-user-gpu.
+
+The VGA ones always use the PCI interface, but for the non-VGA ones, the
+user can further pick between MMIO or PCI. For MMIO, the user can suffix
+the device name with -device, though vhost-user-gpu does not support MMIO.
+For PCI, the user can suffix it with -pci. Without these suffixes, the
+platform default will be chosen.
+
+virtio-gpu 2d
+-
+
+The default 2D backend only performs 2D operations. The guest needs to
+employ a software renderer for 3D graphics.
+
+Typically, the software renderer is provided by `Mesa`_ or `SwiftShader`_.
+Mesa's implementations (LLVMpipe, Lavapipe and virgl below) work out of box
+on typical modern Linux distributions.
+
+.. parsed-literal::
+-device virtio-gpu
+
+.. _Mesa: https://www.mesa3d.org/
+.. _SwiftShader: https://github.com/google/swiftshader
+
+virtio-gpu virglrenderer
+
+
+When using virgl accelerated graphics mode in the guest, OpenGL API calls
+are translated into an intermediate representation (see `Gallium3D`_). The
+intermediate representation is communicated to the host and the
+`virglrenderer`_ library on the host translates the intermediate
+representation back to OpenGL API calls.
+
+.. parsed-literal::
+-device virtio-gpu-gl
+
+.. _Gallium3D: https://www.freedesktop.org/wiki/Software/gallium/
+.. _virglrenderer: https://gitlab.freedesktop.org/virgl/virglrenderer/
+
+virtio-gpu rutabaga
+---
+
+virtio-gpu can also leverage rutabaga_gfx to provide `gfxstream`_
+rendering and `Wayland display passthrough`_.  With the gfxstream rendering
+mode, GLES and Vulkan calls are forwarded to the host with minimal
+modification.
+
+The crosvm book provides directions on how to build a `gfxstream-enabled
+rutabaga`_ and launch a `guest Wayland proxy`_.
+
+This device does require host blob support (``hostmem`` field below). The
+``hostmem`` field specifies the size of virtio-gpu host memory window.
+This is typically between 256M and 8G.
+
+At least one capset (see colon separated ``capset_names`` below) must be
+specified when starting the device.  The currently supported
+``capset_names`` are ``gfxstream-vulkan`` and ``cross-domain`` on Linux
+guests. For Android guests, ``gfxstream-gles`` is also supported.
+
+The device will try to auto-detect the wayland socket path if the
+``cross-domain`` capset name is set.  The user may optionally specify
+``wayland_socket_path`` for non-standard paths.
+
+The ``wsi`` option can be set to ``surfaceless`` or ``headless``.
+Surfaceless doesn't create a native window surface, but does copy from the
+render target to the Pixman buffer if a virtio-gpu 2D hypercall is issued.
+Headless is like surfaceless, 

[PATCH v13 6/9] gfxstream + rutabaga: add initial support for gfxstream

[Gurchetan Singh]

This adds initial support for gfxstream and cross-domain.  Both
features rely on virtio-gpu blob resources and context types, which
are also implemented in this patch.

gfxstream has a long and illustrious history in Android graphics
paravirtualization.  It has been powering graphics in the Android
Studio Emulator for more than a decade, which is the main developer
platform.

Originally conceived by Jesse Hall, it was first known as "EmuGL" [a].
The key design characteristic was a 1:1 threading model and
auto-generation, which fit nicely with the OpenGLES spec.  It also
allowed easy layering with ANGLE on the host, which provides the GLES
implementations on Windows or MacOS enviroments.

gfxstream has traditionally been maintained by a single engineer, and
between 2015 to 2021, the goldfish throne passed to Frank Yang.
Historians often remark this glorious reign ("pax gfxstreama" is the
academic term) was comparable to that of Augustus and both Queen
Elizabeths.  Just to name a few accomplishments in a resplendent
panoply: higher versions of GLES, address space graphics, snapshot
support and CTS compliant Vulkan [b].

One major drawback was the use of out-of-tree goldfish drivers.
Android engineers didn't know much about DRM/KMS and especially TTM so
a simple guest to host pipe was conceived.

Luckily, virtio-gpu 3D started to emerge in 2016 due to the work of
the Mesa/virglrenderer communities.  In 2018, the initial virtio-gpu
port of gfxstream was done by Cuttlefish enthusiast Alistair Delva.
It was a symbol compatible replacement of virglrenderer [c] and named
"AVDVirglrenderer".  This implementation forms the basis of the
current gfxstream host implementation still in use today.

cross-domain support follows a similar arc.  Originally conceived by
Wayland aficionado David Reveman and crosvm enjoyer Zach Reizner in
2018, it initially relied on the downstream "virtio-wl" device.

In 2020 and 2021, virtio-gpu was extended to include blob resources
and multiple timelines by yours truly, features gfxstream/cross-domain
both require to function correctly.

Right now, we stand at the precipice of a truly fantastic possibility:
the Android Emulator powered by upstream QEMU and upstream Linux
kernel.  gfxstream will then be packaged properfully, and app
developers can even fix gfxstream bugs on their own if they encounter
them.

It's been quite the ride, my friends.  Where will gfxstream head next,
nobody really knows.  I wouldn't be surprised if it's around for
another decade, maintained by a new generation of Android graphics
enthusiasts.

Technical details:
  - Very simple initial display integration: just used Pixman
  - Largely, 1:1 mapping of virtio-gpu hypercalls to rutabaga function
calls

Next steps for Android VMs:
  - The next step would be improving display integration and UI interfaces
with the goal of the QEMU upstream graphics being in an emulator
release [d].

Next steps for Linux VMs for display virtualization:
  - For widespread distribution, someone needs to package Sommelier or the
wayland-proxy-virtwl [e] ideally into Debian main. In addition, newer
versions of the Linux kernel come with DRM_VIRTIO_GPU_KMS option,
which allows disabling KMS hypercalls.  If anyone cares enough, it'll
probably be possible to build a custom VM variant that uses this display
virtualization strategy.

[a] https://android-review.googlesource.com/c/platform/development/+/34470
[b] 
https://android-review.googlesource.com/q/topic:%22vulkan-hostconnection-start%22
[c] 
https://android-review.googlesource.com/c/device/generic/goldfish-opengl/+/761927
[d] https://developer.android.com/studio/releases/emulator
[e] https://github.com/talex5/wayland-proxy-virtwl

Signed-off-by: Gurchetan Singh 
Tested-by: Alyssa Ross 
Tested-by: Emmanouil Pitsidianakis 
Tested-by: Akihiko Odaki 
Reviewed-by: Emmanouil Pitsidianakis 
Reviewed-by: Antonio Caggiano 
Reviewed-by: Akihiko Odaki 
---
 hw/display/virtio-gpu-pci-rutabaga.c |   47 ++
 hw/display/virtio-gpu-rutabaga.c | 1119 ++
 hw/display/virtio-vga-rutabaga.c |   50 ++
 3 files changed, 1216 insertions(+)
 create mode 100644 hw/display/virtio-gpu-pci-rutabaga.c
 create mode 100644 hw/display/virtio-gpu-rutabaga.c
 create mode 100644 hw/display/virtio-vga-rutabaga.c

diff --git a/hw/display/virtio-gpu-pci-rutabaga.c 
b/hw/display/virtio-gpu-pci-rutabaga.c
new file mode 100644
index 00..c96729e198
--- /dev/null
+++ b/hw/display/virtio-gpu-pci-rutabaga.c
@@ -0,0 +1,47 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu/module.h"
+#include "hw/pci/pci.h"
+#include "hw/qdev-properties.h"
+#include "hw/virtio/virtio.h"
+#include "hw/virtio/virtio-bus.h"
+#include "hw/virtio/virtio-gpu-pci.h"
+#include "qom/object.h"
+
+#define TYPE_VIRTIO_GPU_RUTABAGA_PCI "virtio-gpu-rutabaga-pci"
+OBJECT_DECLARE_SIMPLE_TYPE(VirtIOGPURutabagaPCI, 

[PATCH v13 7/9] gfxstream + rutabaga: meson support

[Gurchetan Singh]

- Add meson detection of rutabaga_gfx
- Build virtio-gpu-rutabaga.c + associated vga/pci files when
  present

Signed-off-by: Gurchetan Singh 
Tested-by: Alyssa Ross 
Tested-by: Emmanouil Pitsidianakis 
Tested-by: Akihiko Odaki 
Reviewed-by: Emmanouil Pitsidianakis 
Reviewed-by: Antonio Caggiano 
Reviewed-by: Akihiko Odaki 
---
 hw/display/meson.build| 22 ++
 meson.build   |  7 +++
 meson_options.txt |  2 ++
 scripts/meson-buildoptions.sh |  3 +++
 4 files changed, 34 insertions(+)

diff --git a/hw/display/meson.build b/hw/display/meson.build
index 413ba4ab24..e362d625dd 100644
--- a/hw/display/meson.build
+++ b/hw/display/meson.build
@@ -79,6 +79,13 @@ if config_all_devices.has_key('CONFIG_VIRTIO_GPU')
  if_true: [files('virtio-gpu-gl.c', 
'virtio-gpu-virgl.c'), pixman, virgl])
 hw_display_modules += {'virtio-gpu-gl': virtio_gpu_gl_ss}
   endif
+
+  if rutabaga.found()
+virtio_gpu_rutabaga_ss = ss.source_set()
+virtio_gpu_rutabaga_ss.add(when: ['CONFIG_VIRTIO_GPU', rutabaga],
+   if_true: [files('virtio-gpu-rutabaga.c'), 
pixman])
+hw_display_modules += {'virtio-gpu-rutabaga': virtio_gpu_rutabaga_ss}
+  endif
 endif
 
 if config_all_devices.has_key('CONFIG_VIRTIO_PCI')
@@ -95,6 +102,12 @@ if config_all_devices.has_key('CONFIG_VIRTIO_PCI')
  if_true: [files('virtio-gpu-pci-gl.c'), pixman])
 hw_display_modules += {'virtio-gpu-pci-gl': virtio_gpu_pci_gl_ss}
   endif
+  if rutabaga.found()
+virtio_gpu_pci_rutabaga_ss = ss.source_set()
+virtio_gpu_pci_rutabaga_ss.add(when: ['CONFIG_VIRTIO_GPU', 
'CONFIG_VIRTIO_PCI', rutabaga],
+   if_true: 
[files('virtio-gpu-pci-rutabaga.c'), pixman])
+hw_display_modules += {'virtio-gpu-pci-rutabaga': 
virtio_gpu_pci_rutabaga_ss}
+  endif
 endif
 
 if config_all_devices.has_key('CONFIG_VIRTIO_VGA')
@@ -113,6 +126,15 @@ if config_all_devices.has_key('CONFIG_VIRTIO_VGA')
   virtio_vga_gl_ss.add(when: 'CONFIG_ACPI', if_true: files('acpi-vga.c'),
 if_false: files('acpi-vga-stub.c'))
   hw_display_modules += {'virtio-vga-gl': virtio_vga_gl_ss}
+
+  if rutabaga.found()
+virtio_vga_rutabaga_ss = ss.source_set()
+virtio_vga_rutabaga_ss.add(when: ['CONFIG_VIRTIO_VGA', rutabaga],
+   if_true: [files('virtio-vga-rutabaga.c'), 
pixman])
+virtio_vga_rutabaga_ss.add(when: 'CONFIG_ACPI', if_true: 
files('acpi-vga.c'),
+if_false: 
files('acpi-vga-stub.c'))
+hw_display_modules += {'virtio-vga-rutabaga': virtio_vga_rutabaga_ss}
+  endif
 endif
 
 system_ss.add(when: 'CONFIG_OMAP', if_true: files('omap_lcdc.c'))
diff --git a/meson.build b/meson.build
index 98e68ef0b1..293f388e53 100644
--- a/meson.build
+++ b/meson.build
@@ -1069,6 +1069,12 @@ if not get_option('virglrenderer').auto() or have_system 
or have_vhost_user_gpu
dependencies: virgl))
   endif
 endif
+rutabaga = not_found
+if not get_option('rutabaga_gfx').auto() or have_system or have_vhost_user_gpu
+  rutabaga = dependency('rutabaga_gfx_ffi',
+ method: 'pkg-config',
+ required: get_option('rutabaga_gfx'))
+endif
 blkio = not_found
 if not get_option('blkio').auto() or have_block
   blkio = dependency('blkio',
@@ -4272,6 +4278,7 @@ summary_info += {'libtasn1':  tasn1}
 summary_info += {'PAM':   pam}
 summary_info += {'iconv support': iconv}
 summary_info += {'virgl support': virgl}
+summary_info += {'rutabaga support':  rutabaga}
 summary_info += {'blkio support': blkio}
 summary_info += {'curl support':  curl}
 summary_info += {'Multipath support': mpathpersist}
diff --git a/meson_options.txt b/meson_options.txt
index aaea5ddd77..dea3bf7d9c 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -224,6 +224,8 @@ option('vmnet', type : 'feature', value : 'auto',
description: 'vmnet.framework network backend support')
 option('virglrenderer', type : 'feature', value : 'auto',
description: 'virgl rendering support')
+option('rutabaga_gfx', type : 'feature', value : 'auto',
+   description: 'rutabaga_gfx support')
 option('png', type : 'feature', value : 'auto',
description: 'PNG support with libpng')
 option('vnc', type : 'feature', value : 'auto',
diff --git a/scripts/meson-buildoptions.sh b/scripts/meson-buildoptions.sh
index 9da3fe299b..9a95b4f782 100644
--- a/scripts/meson-buildoptions.sh
+++ b/scripts/meson-buildoptions.sh
@@ -154,6 +154,7 @@ meson_options_help() {
   printf "%s\n" '  rbd Ceph block device driver'
   printf "%s\n" '  rdmaEnable RDMA-based migration'
   printf "%s\n" '  replication replication support'
+  printf "%s\n" '  rutabaga-gfxrutabaga_gfx support'
   printf "%s\n" '  sdl SDL 

[PATCH v13 3/9] virtio-gpu: hostmem

[Gurchetan Singh]

From: Gerd Hoffmann 

Use VIRTIO_GPU_SHM_ID_HOST_VISIBLE as id for virtio-gpu.

Signed-off-by: Antonio Caggiano 
Tested-by: Alyssa Ross 
Tested-by: Akihiko Odaki 
Acked-by: Michael S. Tsirkin 
Reviewed-by: Akihiko Odaki 
---
 hw/display/virtio-gpu-pci.c| 14 ++
 hw/display/virtio-gpu.c|  1 +
 hw/display/virtio-vga.c| 33 -
 include/hw/virtio/virtio-gpu.h |  5 +
 4 files changed, 44 insertions(+), 9 deletions(-)

diff --git a/hw/display/virtio-gpu-pci.c b/hw/display/virtio-gpu-pci.c
index 93f214ff58..da6a99f038 100644
--- a/hw/display/virtio-gpu-pci.c
+++ b/hw/display/virtio-gpu-pci.c
@@ -33,6 +33,20 @@ static void virtio_gpu_pci_base_realize(VirtIOPCIProxy 
*vpci_dev, Error **errp)
 DeviceState *vdev = DEVICE(g);
 int i;
 
+if (virtio_gpu_hostmem_enabled(g->conf)) {
+vpci_dev->msix_bar_idx = 1;
+vpci_dev->modern_mem_bar_idx = 2;
+memory_region_init(>hostmem, OBJECT(g), "virtio-gpu-hostmem",
+   g->conf.hostmem);
+pci_register_bar(_dev->pci_dev, 4,
+ PCI_BASE_ADDRESS_SPACE_MEMORY |
+ PCI_BASE_ADDRESS_MEM_PREFETCH |
+ PCI_BASE_ADDRESS_MEM_TYPE_64,
+ >hostmem);
+virtio_pci_add_shm_cap(vpci_dev, 4, 0, g->conf.hostmem,
+   VIRTIO_GPU_SHM_ID_HOST_VISIBLE);
+}
+
 virtio_pci_force_virtio_1(vpci_dev);
 if (!qdev_realize(vdev, BUS(_dev->bus), errp)) {
 return;
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index bbd5c6561a..48ef0d9fad 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -1509,6 +1509,7 @@ static Property virtio_gpu_properties[] = {
  256 * MiB),
 DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags,
 VIRTIO_GPU_FLAG_BLOB_ENABLED, false),
+DEFINE_PROP_SIZE("hostmem", VirtIOGPU, parent_obj.conf.hostmem, 0),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/hw/display/virtio-vga.c b/hw/display/virtio-vga.c
index e6fb0aa876..c8552ff760 100644
--- a/hw/display/virtio-vga.c
+++ b/hw/display/virtio-vga.c
@@ -115,17 +115,32 @@ static void virtio_vga_base_realize(VirtIOPCIProxy 
*vpci_dev, Error **errp)
 pci_register_bar(_dev->pci_dev, 0,
  PCI_BASE_ADDRESS_MEM_PREFETCH, >vram);
 
-/*
- * Configure virtio bar and regions
- *
- * We use bar #2 for the mmio regions, to be compatible with stdvga.
- * virtio regions are moved to the end of bar #2, to make room for
- * the stdvga mmio registers at the start of bar #2.
- */
-vpci_dev->modern_mem_bar_idx = 2;
-vpci_dev->msix_bar_idx = 4;
 vpci_dev->modern_io_bar_idx = 5;
 
+if (!virtio_gpu_hostmem_enabled(g->conf)) {
+/*
+ * Configure virtio bar and regions
+ *
+ * We use bar #2 for the mmio regions, to be compatible with stdvga.
+ * virtio regions are moved to the end of bar #2, to make room for
+ * the stdvga mmio registers at the start of bar #2.
+ */
+vpci_dev->modern_mem_bar_idx = 2;
+vpci_dev->msix_bar_idx = 4;
+} else {
+vpci_dev->msix_bar_idx = 1;
+vpci_dev->modern_mem_bar_idx = 2;
+memory_region_init(>hostmem, OBJECT(g), "virtio-gpu-hostmem",
+   g->conf.hostmem);
+pci_register_bar(_dev->pci_dev, 4,
+ PCI_BASE_ADDRESS_SPACE_MEMORY |
+ PCI_BASE_ADDRESS_MEM_PREFETCH |
+ PCI_BASE_ADDRESS_MEM_TYPE_64,
+ >hostmem);
+virtio_pci_add_shm_cap(vpci_dev, 4, 0, g->conf.hostmem,
+   VIRTIO_GPU_SHM_ID_HOST_VISIBLE);
+}
+
 if (!(vpci_dev->flags & VIRTIO_PCI_FLAG_PAGE_PER_VQ)) {
 /*
  * with page-per-vq=off there is no padding space we can use
diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h
index 8377c365ef..de4f624e94 100644
--- a/include/hw/virtio/virtio-gpu.h
+++ b/include/hw/virtio/virtio-gpu.h
@@ -108,12 +108,15 @@ enum virtio_gpu_base_conf_flags {
 (_cfg.flags & (1 << VIRTIO_GPU_FLAG_BLOB_ENABLED))
 #define virtio_gpu_context_init_enabled(_cfg) \
 (_cfg.flags & (1 << VIRTIO_GPU_FLAG_CONTEXT_INIT_ENABLED))
+#define virtio_gpu_hostmem_enabled(_cfg) \
+(_cfg.hostmem > 0)
 
 struct virtio_gpu_base_conf {
 uint32_t max_outputs;
 uint32_t flags;
 uint32_t xres;
 uint32_t yres;
+uint64_t hostmem;
 };
 
 struct virtio_gpu_ctrl_command {
@@ -137,6 +140,8 @@ struct VirtIOGPUBase {
 int renderer_blocked;
 int enable;
 
+MemoryRegion hostmem;
+
 struct virtio_gpu_scanout scanout[VIRTIO_GPU_MAX_SCANOUTS];
 
 int enabled_output_bitmask;
-- 
2.42.0.rc2.253.gd59a3bf2b4-goog

[PATCH v13 8/9] gfxstream + rutabaga: enable rutabaga

[Gurchetan Singh]

This change enables rutabaga to receive virtio-gpu-3d hypercalls
when it is active.

Signed-off-by: Gurchetan Singh 
Tested-by: Alyssa Ross 
Tested-by: Emmanouil Pitsidianakis 
Tested-by: Akihiko Odaki 
Reviewed-by: Antonio Caggiano 
Reviewed-by: Emmanouil Pitsidianakis 
Reviewed-by: Akihiko Odaki 
---
 hw/display/virtio-gpu-base.c | 3 ++-
 hw/display/virtio-gpu.c  | 5 +++--
 softmmu/qdev-monitor.c   | 3 +++
 softmmu/vl.c | 1 +
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/hw/display/virtio-gpu-base.c b/hw/display/virtio-gpu-base.c
index 4f2b0ba1f3..50c5373b65 100644
--- a/hw/display/virtio-gpu-base.c
+++ b/hw/display/virtio-gpu-base.c
@@ -223,7 +223,8 @@ virtio_gpu_base_get_features(VirtIODevice *vdev, uint64_t 
features,
 {
 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev);
 
-if (virtio_gpu_virgl_enabled(g->conf)) {
+if (virtio_gpu_virgl_enabled(g->conf) ||
+virtio_gpu_rutabaga_enabled(g->conf)) {
 features |= (1 << VIRTIO_GPU_F_VIRGL);
 }
 if (virtio_gpu_edid_enabled(g->conf)) {
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index 3e658f1fef..fe094addef 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -1361,8 +1361,9 @@ void virtio_gpu_device_realize(DeviceState *qdev, Error 
**errp)
 VirtIOGPU *g = VIRTIO_GPU(qdev);
 
 if (virtio_gpu_blob_enabled(g->parent_obj.conf)) {
-if (!virtio_gpu_have_udmabuf()) {
-error_setg(errp, "cannot enable blob resources without udmabuf");
+if (!virtio_gpu_rutabaga_enabled(g->parent_obj.conf) &&
+!virtio_gpu_have_udmabuf()) {
+error_setg(errp, "need rutabaga or udmabuf for blob resources");
 return;
 }
 
diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
index 74f4e41338..1b8005ae55 100644
--- a/softmmu/qdev-monitor.c
+++ b/softmmu/qdev-monitor.c
@@ -86,6 +86,9 @@ static const QDevAlias qdev_alias_table[] = {
 { "virtio-gpu-pci", "virtio-gpu", QEMU_ARCH_VIRTIO_PCI },
 { "virtio-gpu-gl-device", "virtio-gpu-gl", QEMU_ARCH_VIRTIO_MMIO },
 { "virtio-gpu-gl-pci", "virtio-gpu-gl", QEMU_ARCH_VIRTIO_PCI },
+{ "virtio-gpu-rutabaga-device", "virtio-gpu-rutabaga",
+  QEMU_ARCH_VIRTIO_MMIO },
+{ "virtio-gpu-rutabaga-pci", "virtio-gpu-rutabaga", QEMU_ARCH_VIRTIO_PCI },
 { "virtio-input-host-device", "virtio-input-host", QEMU_ARCH_VIRTIO_MMIO },
 { "virtio-input-host-ccw", "virtio-input-host", QEMU_ARCH_VIRTIO_CCW },
 { "virtio-input-host-pci", "virtio-input-host", QEMU_ARCH_VIRTIO_PCI },
diff --git a/softmmu/vl.c b/softmmu/vl.c
index b0b96f67fa..2f98eefdf3 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -216,6 +216,7 @@ static struct {
 { .driver = "ati-vga",  .flag = _vga   },
 { .driver = "vhost-user-vga",   .flag = _vga   },
 { .driver = "virtio-vga-gl",.flag = _vga   },
+{ .driver = "virtio-vga-rutabaga",  .flag = _vga   },
 };
 
 static QemuOptsList qemu_rtc_opts = {
-- 
2.42.0.rc2.253.gd59a3bf2b4-goog

[PATCH v13 1/9] virtio: Add shared memory capability

[Gurchetan Singh]

From: "Dr. David Alan Gilbert" 

Define a new capability type 'VIRTIO_PCI_CAP_SHARED_MEMORY_CFG' to allow
defining shared memory regions with sizes and offsets of 2^32 and more.
Multiple instances of the capability are allowed and distinguished
by a device-specific 'id'.

Signed-off-by: Dr. David Alan Gilbert 
Signed-off-by: Antonio Caggiano 
Signed-off-by: Gurchetan Singh 
Tested-by: Alyssa Ross 
Tested-by: Huang Rui 
Tested-by: Akihiko Odaki 
Acked-by: Huang Rui 
Reviewed-by: Gurchetan Singh 
Reviewed-by: Akihiko Odaki 
---
 hw/virtio/virtio-pci.c | 18 ++
 include/hw/virtio/virtio-pci.h |  4 
 2 files changed, 22 insertions(+)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index edbc0daa18..da8c9ea12d 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1435,6 +1435,24 @@ static int virtio_pci_add_mem_cap(VirtIOPCIProxy *proxy,
 return offset;
 }
 
+int virtio_pci_add_shm_cap(VirtIOPCIProxy *proxy,
+   uint8_t bar, uint64_t offset, uint64_t length,
+   uint8_t id)
+{
+struct virtio_pci_cap64 cap = {
+.cap.cap_len = sizeof cap,
+.cap.cfg_type = VIRTIO_PCI_CAP_SHARED_MEMORY_CFG,
+};
+
+cap.cap.bar = bar;
+cap.cap.length = cpu_to_le32(length);
+cap.length_hi = cpu_to_le32(length >> 32);
+cap.cap.offset = cpu_to_le32(offset);
+cap.offset_hi = cpu_to_le32(offset >> 32);
+cap.cap.id = id;
+return virtio_pci_add_mem_cap(proxy, );
+}
+
 static uint64_t virtio_pci_common_read(void *opaque, hwaddr addr,
unsigned size)
 {
diff --git a/include/hw/virtio/virtio-pci.h b/include/hw/virtio/virtio-pci.h
index ab2051b64b..5a3f182f99 100644
--- a/include/hw/virtio/virtio-pci.h
+++ b/include/hw/virtio/virtio-pci.h
@@ -264,4 +264,8 @@ unsigned virtio_pci_optimal_num_queues(unsigned 
fixed_queues);
 void virtio_pci_set_guest_notifier_fd_handler(VirtIODevice *vdev, VirtQueue 
*vq,
   int n, bool assign,
   bool with_irqfd);
+
+int virtio_pci_add_shm_cap(VirtIOPCIProxy *proxy, uint8_t bar, uint64_t offset,
+   uint64_t length, uint8_t id);
+
 #endif
-- 
2.42.0.rc2.253.gd59a3bf2b4-goog

[PATCH v13 4/9] virtio-gpu: blob prep

[Gurchetan Singh]

From: Antonio Caggiano 

This adds preparatory functions needed to:

 - decode blob cmds
 - tracking iovecs

Signed-off-by: Antonio Caggiano 
Signed-off-by: Dmitry Osipenko 
Signed-off-by: Gurchetan Singh 
Tested-by: Alyssa Ross 
Tested-by: Emmanouil Pitsidianakis 
Tested-by: Akihiko Odaki 
Reviewed-by: Emmanouil Pitsidianakis 
Reviewed-by: Akihiko Odaki 
---
 hw/display/virtio-gpu.c  | 10 +++---
 include/hw/virtio/virtio-gpu-bswap.h | 15 +++
 include/hw/virtio/virtio-gpu.h   |  5 +
 3 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index 48ef0d9fad..3e658f1fef 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -33,15 +33,11 @@
 
 #define VIRTIO_GPU_VM_VERSION 1
 
-static struct virtio_gpu_simple_resource*
-virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
 static struct virtio_gpu_simple_resource *
 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id,
bool require_backing,
const char *caller, uint32_t *error);
 
-static void virtio_gpu_cleanup_mapping(VirtIOGPU *g,
-   struct virtio_gpu_simple_resource *res);
 static void virtio_gpu_reset_bh(void *opaque);
 
 void virtio_gpu_update_cursor_data(VirtIOGPU *g,
@@ -116,7 +112,7 @@ static void update_cursor(VirtIOGPU *g, struct 
virtio_gpu_update_cursor *cursor)
   cursor->resource_id ? 1 : 0);
 }
 
-static struct virtio_gpu_simple_resource *
+struct virtio_gpu_simple_resource *
 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id)
 {
 struct virtio_gpu_simple_resource *res;
@@ -904,8 +900,8 @@ void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g,
 g_free(iov);
 }
 
-static void virtio_gpu_cleanup_mapping(VirtIOGPU *g,
-   struct virtio_gpu_simple_resource *res)
+void virtio_gpu_cleanup_mapping(VirtIOGPU *g,
+struct virtio_gpu_simple_resource *res)
 {
 virtio_gpu_cleanup_mapping_iov(g, res->iov, res->iov_cnt);
 res->iov = NULL;
diff --git a/include/hw/virtio/virtio-gpu-bswap.h 
b/include/hw/virtio/virtio-gpu-bswap.h
index 637a0585d0..dd1975e2d4 100644
--- a/include/hw/virtio/virtio-gpu-bswap.h
+++ b/include/hw/virtio/virtio-gpu-bswap.h
@@ -70,6 +70,21 @@ virtio_gpu_create_blob_bswap(struct 
virtio_gpu_resource_create_blob *cblob)
 le64_to_cpus(>size);
 }
 
+static inline void
+virtio_gpu_map_blob_bswap(struct virtio_gpu_resource_map_blob *mblob)
+{
+virtio_gpu_ctrl_hdr_bswap(>hdr);
+le32_to_cpus(>resource_id);
+le64_to_cpus(>offset);
+}
+
+static inline void
+virtio_gpu_unmap_blob_bswap(struct virtio_gpu_resource_unmap_blob *ublob)
+{
+virtio_gpu_ctrl_hdr_bswap(>hdr);
+le32_to_cpus(>resource_id);
+}
+
 static inline void
 virtio_gpu_scanout_blob_bswap(struct virtio_gpu_set_scanout_blob *ssb)
 {
diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h
index de4f624e94..55973e112f 100644
--- a/include/hw/virtio/virtio-gpu.h
+++ b/include/hw/virtio/virtio-gpu.h
@@ -257,6 +257,9 @@ void virtio_gpu_base_fill_display_info(VirtIOGPUBase *g,
 void virtio_gpu_base_generate_edid(VirtIOGPUBase *g, int scanout,
struct virtio_gpu_resp_edid *edid);
 /* virtio-gpu.c */
+struct virtio_gpu_simple_resource *
+virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
+
 void virtio_gpu_ctrl_response(VirtIOGPU *g,
   struct virtio_gpu_ctrl_command *cmd,
   struct virtio_gpu_ctrl_hdr *resp,
@@ -275,6 +278,8 @@ int virtio_gpu_create_mapping_iov(VirtIOGPU *g,
   uint32_t *niov);
 void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g,
 struct iovec *iov, uint32_t count);
+void virtio_gpu_cleanup_mapping(VirtIOGPU *g,
+struct virtio_gpu_simple_resource *res);
 void virtio_gpu_process_cmdq(VirtIOGPU *g);
 void virtio_gpu_device_realize(DeviceState *qdev, Error **errp);
 void virtio_gpu_reset(VirtIODevice *vdev);
-- 
2.42.0.rc2.253.gd59a3bf2b4-goog

[PATCH v13 0/9] rutabaga_gfx + gfxstream

[Gurchetan Singh]

From: Gurchetan Singh 

Changes since v12:
- Added r-b tags from Antonio Caggiano and Akihiko Odaki
- Removed review version from commit messages
- I think we're good to merge since we've had multiple people test and review 
this series??

How to build both rutabaga and gfxstream guest/host libs:

https://crosvm.dev/book/appendix/rutabaga_gfx.html

Branch containing this patch series:

https://gitlab.com/gurchetansingh/qemu/-/commits/qemu-gfxstream-v13

Antonio Caggiano (2):
  virtio-gpu: CONTEXT_INIT feature
  virtio-gpu: blob prep

Dr. David Alan Gilbert (1):
  virtio: Add shared memory capability

Gerd Hoffmann (1):
  virtio-gpu: hostmem

Gurchetan Singh (5):
  gfxstream + rutabaga prep: added need defintions, fields, and options
  gfxstream + rutabaga: add initial support for gfxstream
  gfxstream + rutabaga: meson support
  gfxstream + rutabaga: enable rutabaga
  docs/system: add basic virtio-gpu documentation

 docs/system/device-emulation.rst |1 +
 docs/system/devices/virtio-gpu.rst   |  112 +++
 hw/display/meson.build   |   22 +
 hw/display/virtio-gpu-base.c |6 +-
 hw/display/virtio-gpu-pci-rutabaga.c |   47 ++
 hw/display/virtio-gpu-pci.c  |   14 +
 hw/display/virtio-gpu-rutabaga.c | 1119 ++
 hw/display/virtio-gpu.c  |   16 +-
 hw/display/virtio-vga-rutabaga.c |   50 ++
 hw/display/virtio-vga.c  |   33 +-
 hw/virtio/virtio-pci.c   |   18 +
 include/hw/virtio/virtio-gpu-bswap.h |   15 +
 include/hw/virtio/virtio-gpu.h   |   41 +
 include/hw/virtio/virtio-pci.h   |4 +
 meson.build  |7 +
 meson_options.txt|2 +
 scripts/meson-buildoptions.sh|3 +
 softmmu/qdev-monitor.c   |3 +
 softmmu/vl.c |1 +
 19 files changed, 1495 insertions(+), 19 deletions(-)
 create mode 100644 docs/system/devices/virtio-gpu.rst
 create mode 100644 hw/display/virtio-gpu-pci-rutabaga.c
 create mode 100644 hw/display/virtio-gpu-rutabaga.c
 create mode 100644 hw/display/virtio-vga-rutabaga.c

-- 
2.42.0.rc2.253.gd59a3bf2b4-goog

[PATCH v13 5/9] gfxstream + rutabaga prep: added need defintions, fields, and options

[Gurchetan Singh]

This modifies the common virtio-gpu.h file have the fields and
defintions needed by gfxstream/rutabaga, by VirtioGpuRutabaga.

Signed-off-by: Gurchetan Singh 
Tested-by: Alyssa Ross 
Tested-by: Emmanouil Pitsidianakis 
Tested-by: Akihiko Odaki 
Reviewed-by: Emmanouil Pitsidianakis 
Reviewed-by: Antonio Caggiano 
Reviewed-by: Akihiko Odaki 
---
 include/hw/virtio/virtio-gpu.h | 28 
 1 file changed, 28 insertions(+)

diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h
index 55973e112f..de06bcdba4 100644
--- a/include/hw/virtio/virtio-gpu.h
+++ b/include/hw/virtio/virtio-gpu.h
@@ -38,6 +38,9 @@ OBJECT_DECLARE_SIMPLE_TYPE(VirtIOGPUGL, VIRTIO_GPU_GL)
 #define TYPE_VHOST_USER_GPU "vhost-user-gpu"
 OBJECT_DECLARE_SIMPLE_TYPE(VhostUserGPU, VHOST_USER_GPU)
 
+#define TYPE_VIRTIO_GPU_RUTABAGA "virtio-gpu-rutabaga-device"
+OBJECT_DECLARE_SIMPLE_TYPE(VirtIOGPURutabaga, VIRTIO_GPU_RUTABAGA)
+
 struct virtio_gpu_simple_resource {
 uint32_t resource_id;
 uint32_t width;
@@ -94,6 +97,7 @@ enum virtio_gpu_base_conf_flags {
 VIRTIO_GPU_FLAG_DMABUF_ENABLED,
 VIRTIO_GPU_FLAG_BLOB_ENABLED,
 VIRTIO_GPU_FLAG_CONTEXT_INIT_ENABLED,
+VIRTIO_GPU_FLAG_RUTABAGA_ENABLED,
 };
 
 #define virtio_gpu_virgl_enabled(_cfg) \
@@ -108,6 +112,8 @@ enum virtio_gpu_base_conf_flags {
 (_cfg.flags & (1 << VIRTIO_GPU_FLAG_BLOB_ENABLED))
 #define virtio_gpu_context_init_enabled(_cfg) \
 (_cfg.flags & (1 << VIRTIO_GPU_FLAG_CONTEXT_INIT_ENABLED))
+#define virtio_gpu_rutabaga_enabled(_cfg) \
+(_cfg.flags & (1 << VIRTIO_GPU_FLAG_RUTABAGA_ENABLED))
 #define virtio_gpu_hostmem_enabled(_cfg) \
 (_cfg.hostmem > 0)
 
@@ -232,6 +238,28 @@ struct VhostUserGPU {
 bool backend_blocked;
 };
 
+#define MAX_SLOTS 4096
+
+struct MemoryRegionInfo {
+int used;
+MemoryRegion mr;
+uint32_t resource_id;
+};
+
+struct rutabaga;
+
+struct VirtIOGPURutabaga {
+VirtIOGPU parent_obj;
+
+struct MemoryRegionInfo memory_regions[MAX_SLOTS];
+char *capset_names;
+char *wayland_socket_path;
+char *wsi;
+bool headless;
+uint32_t num_capsets;
+struct rutabaga *rutabaga;
+};
+
 #define VIRTIO_GPU_FILL_CMD(out) do {   \
 size_t s;   \
 s = iov_to_buf(cmd->elem.out_sg, cmd->elem.out_num, 0,  \
-- 
2.42.0.rc2.253.gd59a3bf2b4-goog

[PATCH v13 2/9] virtio-gpu: CONTEXT_INIT feature

[Gurchetan Singh]

From: Antonio Caggiano 

The feature can be enabled when a backend wants it.

Signed-off-by: Antonio Caggiano 
Signed-off-by: Gurchetan Singh 
Tested-by: Alyssa Ross 
Tested-by: Akihiko Odaki 
Reviewed-by: Marc-André Lureau 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Akihiko Odaki 
---
 hw/display/virtio-gpu-base.c   | 3 +++
 include/hw/virtio/virtio-gpu.h | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/hw/display/virtio-gpu-base.c b/hw/display/virtio-gpu-base.c
index ca1fb7b16f..4f2b0ba1f3 100644
--- a/hw/display/virtio-gpu-base.c
+++ b/hw/display/virtio-gpu-base.c
@@ -232,6 +232,9 @@ virtio_gpu_base_get_features(VirtIODevice *vdev, uint64_t 
features,
 if (virtio_gpu_blob_enabled(g->conf)) {
 features |= (1 << VIRTIO_GPU_F_RESOURCE_BLOB);
 }
+if (virtio_gpu_context_init_enabled(g->conf)) {
+features |= (1 << VIRTIO_GPU_F_CONTEXT_INIT);
+}
 
 return features;
 }
diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h
index 390c4642b8..8377c365ef 100644
--- a/include/hw/virtio/virtio-gpu.h
+++ b/include/hw/virtio/virtio-gpu.h
@@ -93,6 +93,7 @@ enum virtio_gpu_base_conf_flags {
 VIRTIO_GPU_FLAG_EDID_ENABLED,
 VIRTIO_GPU_FLAG_DMABUF_ENABLED,
 VIRTIO_GPU_FLAG_BLOB_ENABLED,
+VIRTIO_GPU_FLAG_CONTEXT_INIT_ENABLED,
 };
 
 #define virtio_gpu_virgl_enabled(_cfg) \
@@ -105,6 +106,8 @@ enum virtio_gpu_base_conf_flags {
 (_cfg.flags & (1 << VIRTIO_GPU_FLAG_DMABUF_ENABLED))
 #define virtio_gpu_blob_enabled(_cfg) \
 (_cfg.flags & (1 << VIRTIO_GPU_FLAG_BLOB_ENABLED))
+#define virtio_gpu_context_init_enabled(_cfg) \
+(_cfg.flags & (1 << VIRTIO_GPU_FLAG_CONTEXT_INIT_ENABLED))
 
 struct virtio_gpu_base_conf {
 uint32_t max_outputs;
-- 
2.42.0.rc2.253.gd59a3bf2b4-goog

Re: [QEMU][PATCH v3 2/2] xen_arm: Initialize RAM and add hi/low memory regions

[Stefano Stabellini]

On Fri, 25 Aug 2023, Vikram Garhwal wrote:
> From: Oleksandr Tyshchenko 
> 
> In order to use virtio backends we need to initialize RAM for the
> xen-mapcache (which is responsible for mapping guest memory using foreign
> mapping) to work. Calculate and add hi/low memory regions based on
> machine->ram_size.
> 
> Use the constants defined in public header arch-arm.h to be aligned with the 
> xen
> toolstack.
> 
> While using this machine, the toolstack should then pass real ram_size using
> "-m" arg. If "-m" is not given, create a QEMU machine without IOREQ and other
> emulated devices like TPM and VIRTIO. This is done to keep this QEMU machine
> usable for /etc/init.d/xencommons.
> 
> Signed-off-by: Oleksandr Tyshchenko 
> Signed-off-by: Vikram Garhwal 
> ---
>  hw/arm/xen_arm.c | 53 
>  1 file changed, 53 insertions(+)
> 
> diff --git a/hw/arm/xen_arm.c b/hw/arm/xen_arm.c
> index d1e9f7b488..aa8b6171ad 100644
> --- a/hw/arm/xen_arm.c
> +++ b/hw/arm/xen_arm.c
> @@ -60,6 +60,8 @@ struct XenArmState {
>  } cfg;
>  };
>  
> +static MemoryRegion ram_lo, ram_hi;
> +
>  /*
>   * VIRTIO_MMIO_DEV_SIZE is imported from tools/libs/light/libxl_arm.c under 
> Xen
>   * repository.
> @@ -80,6 +82,14 @@ static int xendevicemodel_set_irq_level(
>  }
>  #endif
>  
> +#if defined(__i386__) || defined(__x86_64__)
> +#define GUEST_RAM_BANKS   2
> +#define GUEST_RAM0_BASE   0x4000ULL /* 3GB of low RAM @ 1GB */
> +#define GUEST_RAM0_SIZE   0xc000ULL
> +#define GUEST_RAM1_BASE   0x02ULL /* 1016GB of RAM @ 8GB */
> +#define GUEST_RAM1_SIZE   0xfeULL
> +#endif

Also here please move to include/hw/xen/xen_native.h


>  #if CONFIG_XEN_CTRL_INTERFACE_VERSION <= 41700
>  #define GUEST_VIRTIO_MMIO_BASE   xen_mk_ullong(0x0200)
>  #define GUEST_VIRTIO_MMIO_SIZE   xen_mk_ullong(0x0010)
> @@ -108,6 +118,39 @@ static void xen_create_virtio_mmio_devices(XenArmState 
> *xam)
>  }
>  }
>  
> +static void xen_init_ram(MachineState *machine)
> +{
> +MemoryRegion *sysmem = get_system_memory();
> +ram_addr_t block_len, ram_size[GUEST_RAM_BANKS];
> +
> +if (machine->ram_size <= GUEST_RAM0_SIZE) {
> +ram_size[0] = machine->ram_size;
> +ram_size[1] = 0;
> +block_len = GUEST_RAM0_BASE + ram_size[0];
> +} else {
> +ram_size[0] = GUEST_RAM0_SIZE;
> +ram_size[1] = machine->ram_size - GUEST_RAM0_SIZE;
> +block_len = GUEST_RAM1_BASE + ram_size[1];
> +}
> +
> +memory_region_init_ram(_memory, NULL, "xen.ram", block_len,
> +   _fatal);
> +
> +memory_region_init_alias(_lo, NULL, "xen.ram.lo", _memory,
> + GUEST_RAM0_BASE, ram_size[0]);
> +memory_region_add_subregion(sysmem, GUEST_RAM0_BASE, _lo);
> +DPRINTF("Initialized region xen.ram.lo: base 0x%llx size 0x%lx\n",
> +GUEST_RAM0_BASE, ram_size[0]);
> +
> +if (ram_size[1] > 0) {
> +memory_region_init_alias(_hi, NULL, "xen.ram.hi", _memory,
> + GUEST_RAM1_BASE, ram_size[1]);
> +memory_region_add_subregion(sysmem, GUEST_RAM1_BASE, _hi);
> +DPRINTF("Initialized region xen.ram.hi: base 0x%llx size 0x%lx\n",
> +GUEST_RAM1_BASE, ram_size[1]);
> +}
> +}
> +
>  void arch_handle_ioreq(XenIOState *state, ioreq_t *req)
>  {
>  hw_error("Invalid ioreq type 0x%x\n", req->type);
> @@ -157,6 +200,14 @@ static void xen_arm_init(MachineState *machine)
>  
>  xam->state =  g_new0(XenIOState, 1);
>  
> +if (machine->ram_size == 0) {
> +DPRINTF("ram_size not specified. QEMU machine started without IOREQ"
> +"(no emulated devices including Virtio)\n");
> +return;
> +}
> +
> +xen_init_ram(machine);
> +
>  xen_register_ioreq(xam->state, machine->smp.cpus, _memory_listener);
>  
>  xen_create_virtio_mmio_devices(xam);
> @@ -204,6 +255,8 @@ static void xen_arm_machine_class_init(ObjectClass *oc, 
> void *data)
>  mc->init = xen_arm_init;
>  mc->max_cpus = 1;
>  mc->default_machine_opts = "accel=xen";
> +/* Set explicitly here to make sure that real ram_size is passed */
> +mc->default_ram_size = 0;
>  
>  #ifdef CONFIG_TPM
>  object_class_property_add(oc, "tpm-base-addr", "uint64_t",
> -- 
> 2.17.1
> 

Re: [QEMU][PATCH v3 1/2] xen_arm: Create virtio-mmio devices during initialization

[Stefano Stabellini]

On Fri, 25 Aug 2023, Vikram Garhwal wrote:
> From: Oleksandr Tyshchenko 
> 
> In order to use virtio backends we need to allocate virtio-mmio
> parameters (irq and base) and register corresponding buses.
> 
> Use the constants defined in public header arch-arm.h to be
> aligned with the toolstack. So the number of current supported
> virtio-mmio devices is 10.
> 
> For the interrupts triggering use already existing on Arm
> device-model hypercall.
> 
> The toolstack should then insert the same amount of device nodes
> into guest device-tree.
> 
> Signed-off-by: Oleksandr Tyshchenko 
> Signed-off-by: Vikram Garhwal 
> ---
>  hw/arm/xen_arm.c | 51 
>  1 file changed, 51 insertions(+)
> 
> diff --git a/hw/arm/xen_arm.c b/hw/arm/xen_arm.c
> index 1d3e6d481a..d1e9f7b488 100644
> --- a/hw/arm/xen_arm.c
> +++ b/hw/arm/xen_arm.c
> @@ -26,6 +26,7 @@
>  #include "qapi/qapi-commands-migration.h"
>  #include "qapi/visitor.h"
>  #include "hw/boards.h"
> +#include "hw/irq.h"
>  #include "hw/sysbus.h"
>  #include "sysemu/block-backend.h"
>  #include "sysemu/tpm_backend.h"
> @@ -59,6 +60,54 @@ struct XenArmState {
>  } cfg;
>  };
>  
> +/*
> + * VIRTIO_MMIO_DEV_SIZE is imported from tools/libs/light/libxl_arm.c under 
> Xen
> + * repository.
> + *
> + * Origin: git://xenbits.xen.org/xen.git 2128143c114c
> + */
> +#define VIRTIO_MMIO_DEV_SIZE   0x200
> +
> +#define NR_VIRTIO_MMIO_DEVICES   \
> +   (GUEST_VIRTIO_MMIO_SPI_LAST - GUEST_VIRTIO_MMIO_SPI_FIRST)
> +
> +#if CONFIG_XEN_CTRL_INTERFACE_VERSION <= 41500
> +static int xendevicemodel_set_irq_level(
> +xendevicemodel_handle *dmod, domid_t domid, uint32_t irq,
> +unsigned int level)
> +{
> +return 0;
> +}
> +#endif
> +
> +#if CONFIG_XEN_CTRL_INTERFACE_VERSION <= 41700
> +#define GUEST_VIRTIO_MMIO_BASE   xen_mk_ullong(0x0200)
> +#define GUEST_VIRTIO_MMIO_SIZE   xen_mk_ullong(0x0010)
> +#define GUEST_VIRTIO_MMIO_SPI_FIRST   33
> +#define GUEST_VIRTIO_MMIO_SPI_LAST43
> +#endif

Thanks Vikram. Please move this compat definitions to
include/hw/xen/xen_native.h


> +static void xen_set_irq(void *opaque, int irq, int level)
> +{
> +xendevicemodel_set_irq_level(xen_dmod, xen_domid, irq, level);
> +}
> +
> +static void xen_create_virtio_mmio_devices(XenArmState *xam)
> +{
> +int i;
> +
> +for (i = 0; i < NR_VIRTIO_MMIO_DEVICES; i++) {
> +hwaddr base = GUEST_VIRTIO_MMIO_BASE + i * VIRTIO_MMIO_DEV_SIZE;
> +qemu_irq irq = qemu_allocate_irq(xen_set_irq, NULL,
> + GUEST_VIRTIO_MMIO_SPI_FIRST + i);
> +
> +sysbus_create_simple("virtio-mmio", base, irq);
> +
> +DPRINTF("Created virtio-mmio device %d: irq %d base 0x%lx\n",
> +i, GUEST_VIRTIO_MMIO_SPI_FIRST + i, base);
> +}
> +}
> +
>  void arch_handle_ioreq(XenIOState *state, ioreq_t *req)
>  {
>  hw_error("Invalid ioreq type 0x%x\n", req->type);
> @@ -110,6 +159,8 @@ static void xen_arm_init(MachineState *machine)
>  
>  xen_register_ioreq(xam->state, machine->smp.cpus, _memory_listener);
>  
> +xen_create_virtio_mmio_devices(xam);
> +
>  #ifdef CONFIG_TPM
>  if (xam->cfg.tpm_base_addr) {
>  xen_enable_tpm(xam);
> -- 
> 2.17.1
> 

[PULL 34/36] bsd-user: Add glue for statfs related system calls

[Warner Losh]

Add glue to call the following syscalls to the freebsd_syscall:

freebsd11_statfs
statfs
freebsd11_fstatfs
fstatfs
freebsd11_getfsstat
getfsstat

Signed-off-by: Warner Losh 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
---
 bsd-user/freebsd/os-syscall.c | 24 
 1 file changed, 24 insertions(+)

diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 73616a5be08..916a754bf8b 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -552,6 +552,30 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_freebsd_fhstatfs(arg1, arg2);
 break;
 
+case TARGET_FREEBSD_NR_freebsd11_statfs: /* statfs(2) */
+ret = do_freebsd11_statfs(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_statfs: /* statfs(2) */
+ret = do_freebsd_statfs(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_freebsd11_fstatfs: /* fstatfs(2) */
+ret = do_freebsd11_fstatfs(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_fstatfs: /* fstatfs(2) */
+ret = do_freebsd_fstatfs(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_freebsd11_getfsstat: /* getfsstat(2) */
+ret = do_freebsd11_getfsstat(arg1, arg2, arg3);
+break;
+
+case TARGET_FREEBSD_NR_getfsstat: /* getfsstat(2) */
+ret = do_freebsd_getfsstat(arg1, arg2, arg3);
+break;
+
 /*
  * sys{ctl, arch, call}
  */
-- 
2.41.0

[PULL 33/36] bsd-user: Add glue for getfh and related syscalls

[Warner Losh]

Add glue to call the following syscalls to the freebsd_syscall:

getfh
lgetfh
fhopen
freebsd11_fhstat
freebsd11_fhstatfs
fhstat
fhstatfs

Signed-off-by: Warner Losh 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
---
 bsd-user/freebsd/os-syscall.c | 28 
 1 file changed, 28 insertions(+)

diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index ade47a0d2f2..73616a5be08 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -524,6 +524,34 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_freebsd11_nlstat(arg1, arg2);
 break;
 
+case TARGET_FREEBSD_NR_getfh: /* getfh(2) */
+ret = do_freebsd_getfh(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_lgetfh: /* lgetfh(2) */
+ret = do_freebsd_lgetfh(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_fhopen: /* fhopen(2) */
+ret = do_freebsd_fhopen(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_freebsd11_fhstat: /* fhstat(2) */
+ret = do_freebsd11_fhstat(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_fhstat: /* fhstat(2) */
+ret = do_freebsd_fhstat(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_freebsd11_fhstatfs: /* fhstatfs(2) */
+ret = do_freebsd11_fhstatfs(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_fhstatfs: /* fhstatfs(2) */
+ret = do_freebsd_fhstatfs(arg1, arg2);
+break;
+
 /*
  * sys{ctl, arch, call}
  */
-- 
2.41.0

[PULL 27/36] bsd-user: Implement freebsd11 statfs related syscalls

[Warner Losh]

From: Michal Meloun 

Implement the freebsd11 variant of the following syscalls:
statfs(2)
fstatfs(2)
getfsstat(2)

Co-authored-by: Stacey Son 
Signed-off-by: Stacey Son 
Signed-off-by: Michal Meloun 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.h | 75 ++
 1 file changed, 75 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.h b/bsd-user/freebsd/os-stat.h
index 2e0c7245dfd..04a61fabd11 100644
--- a/bsd-user/freebsd/os-stat.h
+++ b/bsd-user/freebsd/os-stat.h
@@ -32,9 +32,15 @@ __sym_compat(fstatat, freebsd11_fstatat, FBSD_1.1);
 
 int freebsd11_fhstat(const fhandle_t *fhandle, struct freebsd11_stat *stat);
 __sym_compat(fhstat, freebsd11_fhstat, FBSD_1.0);
+int freebsd11_getfsstat(struct freebsd11_statfs *buf, long bufsize, int mode);
+__sym_compat(getfsstat, freebsd11_getfsstat, FBSD_1.0);
 int freebsd11_fhstatfs(const fhandle_t *fhandle, struct freebsd11_statfs * 
buf);
 __sym_compat(fhstatfs, freebsd11_fhstatfs, FBSD_1.0);
 int freebsd11_statfs(const char *path, struct freebsd11_statfs *buf);
+__sym_compat(statfs, freebsd11_statfs, FBSD_1.0);
+int freebsd11_fstatfs(int fd, struct freebsd11_statfs *buf);
+__sym_compat(fstatfs, freebsd11_fstatfs, FBSD_1.0);
+
 
 /* stat(2) */
 static inline abi_long do_freebsd11_stat(abi_long arg1, abi_long arg2)
@@ -293,6 +299,23 @@ static inline abi_long do_freebsd_fhstatfs(abi_ulong 
target_fhp_addr,
 return h2t_freebsd_statfs(target_stfs_addr, _stfs);
 }
 
+/* statfs(2) */
+static inline abi_long do_freebsd11_statfs(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p;
+struct freebsd11_statfs host_stfs;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(freebsd11_statfs(path(p), _stfs));
+UNLOCK_PATH(p, arg1);
+if (is_error(ret)) {
+return ret;
+}
+
+return h2t_freebsd11_statfs(arg2, _stfs);
+}
+
 /* statfs(2) */
 static inline abi_long do_freebsd_statfs(abi_long arg1, abi_long arg2)
 {
@@ -310,6 +333,20 @@ static inline abi_long do_freebsd_statfs(abi_long arg1, 
abi_long arg2)
 return h2t_freebsd_statfs(arg2, _stfs);
 }
 
+/* fstatfs(2) */
+static inline abi_long do_freebsd11_fstatfs(abi_long fd, abi_ulong target_addr)
+{
+abi_long ret;
+struct freebsd11_statfs host_stfs;
+
+ret = get_errno(freebsd11_fstatfs(fd, _stfs));
+if (is_error(ret)) {
+return ret;
+}
+
+return h2t_freebsd11_statfs(target_addr, _stfs);
+}
+
 /* fstatfs(2) */
 static inline abi_long do_freebsd_fstatfs(abi_long fd, abi_ulong target_addr)
 {
@@ -324,6 +361,44 @@ static inline abi_long do_freebsd_fstatfs(abi_long fd, 
abi_ulong target_addr)
 return h2t_freebsd_statfs(target_addr, _stfs);
 }
 
+/* getfsstat(2) */
+static inline abi_long do_freebsd11_getfsstat(abi_ulong target_addr,
+abi_long bufsize, abi_long flags)
+{
+abi_long ret;
+struct freebsd11_statfs *host_stfs;
+int count;
+long host_bufsize;
+
+count = bufsize / sizeof(struct target_freebsd11_statfs);
+
+/* if user buffer is NULL then return number of mounted FS's */
+if (target_addr == 0 || count == 0) {
+return get_errno(freebsd11_getfsstat(NULL, 0, flags));
+}
+
+/* XXX check count to be reasonable */
+host_bufsize = sizeof(struct freebsd11_statfs) * count;
+host_stfs = alloca(host_bufsize);
+if (!host_stfs) {
+return -TARGET_EINVAL;
+}
+
+ret = count = get_errno(freebsd11_getfsstat(host_stfs, host_bufsize, 
flags));
+if (is_error(ret)) {
+return ret;
+}
+
+while (count--) {
+if (h2t_freebsd11_statfs((target_addr +
+(count * sizeof(struct target_freebsd11_statfs))),
+_stfs[count])) {
+return -TARGET_EFAULT;
+}
+}
+return ret;
+}
+
 /* getfsstat(2) */
 static inline abi_long do_freebsd_getfsstat(abi_ulong target_addr,
 abi_long bufsize, abi_long flags)
-- 
2.41.0

[PULL 18/36] bsd-user: Implement target_to_host_fcntl_cmd

[Warner Losh]

From: Stacey Son 

Implement the stat conversion functions:
target_to_host_fcntl_cmd

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.c b/bsd-user/freebsd/os-stat.c
index 9eb01bf6645..2ce235d5dae 100644
--- a/bsd-user/freebsd/os-stat.c
+++ b/bsd-user/freebsd/os-stat.c
@@ -170,3 +170,11 @@ abi_long h2t_freebsd11_statfs(abi_ulong target_addr,
 return 0;
 }
 
+/*
+ * fcntl cmd conversion
+ */
+abi_long target_to_host_fcntl_cmd(int cmd)
+{
+return cmd;
+}
+
-- 
2.41.0

[PULL 29/36] bsd-user: Implement freebsd11 netbsd stat related syscalls

[Warner Losh]

From: Michal Meloun 

Forward declaration of the nstat syscalls:
nstat
nlstat
nfstat

Co-authored-by: Stacey Son 
Signed-off-by: Stacey Son 
Signed-off-by: Michal Meloun 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.h | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.h b/bsd-user/freebsd/os-stat.h
index 26909af455d..e31b2aab9e8 100644
--- a/bsd-user/freebsd/os-stat.h
+++ b/bsd-user/freebsd/os-stat.h
@@ -46,6 +46,13 @@ __sym_compat(getdirentries, freebsd11_getdirentries, 
FBSD_1.0);
 ssize_t freebsd11_getdents(int fd, char *buf, size_t nbytes);
 __sym_compat(getdents, freebsd11_getdents, FBSD_1.0);
 
+/* undocumented nstat system calls */
+int freebsd11_nstat(const char *path, struct freebsd11_stat *sb);
+__sym_compat(nstat, freebsd11_nstat, FBSD_1.0);
+int freebsd11_nlstat(const char *path, struct freebsd11_stat *sb);
+__sym_compat(nlstat, freebsd11_nlstat, FBSD_1.0);
+int freebsd11_nfstat(int fd, struct freebsd11_stat *sb);
+__sym_compat(nfstat, freebsd11_nfstat, FBSD_1.0);
 
 /* stat(2) */
 static inline abi_long do_freebsd11_stat(abi_long arg1, abi_long arg2)
-- 
2.41.0

[PULL 28/36] bsd-user: Implement freebsd11 getdirents related syscalls

[Warner Losh]

From: Michal Meloun 

Implement the freebsd11 variant of the following syscalls:
getdirentries(2)

Co-authored-by: Stacey Son 
Signed-off-by: Stacey Son 
Signed-off-by: Michal Meloun 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.h | 44 ++
 1 file changed, 44 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.h b/bsd-user/freebsd/os-stat.h
index 04a61fabd11..26909af455d 100644
--- a/bsd-user/freebsd/os-stat.h
+++ b/bsd-user/freebsd/os-stat.h
@@ -41,6 +41,11 @@ __sym_compat(statfs, freebsd11_statfs, FBSD_1.0);
 int freebsd11_fstatfs(int fd, struct freebsd11_statfs *buf);
 __sym_compat(fstatfs, freebsd11_fstatfs, FBSD_1.0);
 
+ssize_t freebsd11_getdirentries(int fd, char *buf, size_t nbytes, off_t 
*basep);
+__sym_compat(getdirentries, freebsd11_getdirentries, FBSD_1.0);
+ssize_t freebsd11_getdents(int fd, char *buf, size_t nbytes);
+__sym_compat(getdents, freebsd11_getdents, FBSD_1.0);
+
 
 /* stat(2) */
 static inline abi_long do_freebsd11_stat(abi_long arg1, abi_long arg2)
@@ -468,6 +473,45 @@ static inline abi_long do_freebsd11_getdents(abi_long arg1,
 return ret;
 }
 
+/* getdirecentries(2) */
+static inline abi_long do_freebsd11_getdirentries(abi_long arg1,
+abi_ulong arg2, abi_long nbytes, abi_ulong arg4)
+{
+abi_long ret;
+struct freebsd11_dirent *dirp;
+long basep;
+
+dirp = lock_user(VERIFY_WRITE, arg2, nbytes, 0);
+if (dirp == NULL) {
+return -TARGET_EFAULT;
+}
+ret = get_errno(freebsd11_getdirentries(arg1, (char *)dirp, nbytes, 
));
+if (!is_error(ret)) {
+struct freebsd11_dirent *de;
+int len = ret;
+int reclen;
+
+de = dirp;
+while (len > 0) {
+reclen = de->d_reclen;
+if (reclen > len) {
+return -TARGET_EFAULT;
+}
+de->d_reclen = tswap16(reclen);
+de->d_fileno = tswap32(de->d_fileno);
+len -= reclen;
+de = (struct freebsd11_dirent *)((void *)de + reclen);
+}
+}
+unlock_user(dirp, arg2, ret);
+if (arg4) {
+if (put_user(basep, arg4, abi_ulong)) {
+return -TARGET_EFAULT;
+}
+}
+return ret;
+}
+
 /* getdirecentries(2) */
 static inline abi_long do_freebsd_getdirentries(abi_long arg1,
 abi_ulong arg2, abi_long nbytes, abi_ulong arg4)
-- 
2.41.0

[PULL 30/36] bsd-user: Implement do_freebsd_realpathat syscall

[Warner Losh]

From: Mikaël Urankar 

Signed-off-by: Mikaël Urankar 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.h | 26 ++
 1 file changed, 26 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.h b/bsd-user/freebsd/os-stat.h
index e31b2aab9e8..b20e2707745 100644
--- a/bsd-user/freebsd/os-stat.h
+++ b/bsd-user/freebsd/os-stat.h
@@ -634,4 +634,30 @@ static inline abi_long do_freebsd_fcntl(abi_long arg1, 
abi_long arg2,
 return ret;
 }
 
+#if defined(__FreeBSD_version) && __FreeBSD_version >= 1300080
+extern int __realpathat(int fd, const char *path, char *buf, size_t size,
+int flags);
+/* https://svnweb.freebsd.org/base?view=revision=358172 */
+/* no man page */
+static inline abi_long do_freebsd_realpathat(abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+abi_long ret;
+void *p, *b;
+
+LOCK_PATH(p, arg2);
+b = lock_user(VERIFY_WRITE, arg3, arg4, 0);
+if (b == NULL) {
+UNLOCK_PATH(p, arg2);
+return -TARGET_EFAULT;
+}
+
+ret = get_errno(__realpathat(arg1, p, b, arg4, arg5));
+UNLOCK_PATH(p, arg2);
+unlock_user(b, arg3, ret);
+
+return ret;
+}
+#endif
+
 #endif /* BSD_USER_FREEBSD_OS_STAT_H */
-- 
2.41.0

[PULL 07/36] bsd-user: Declarations of h2t and t2h conversion functions.

[Warner Losh]

From: Stacey Son 

Declarations of functions that convert between host and target structs.

Co-authored-by: Michal Meloun 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/qemu-os.h | 50 ++
 bsd-user/qemu.h|  1 +
 2 files changed, 51 insertions(+)
 create mode 100644 bsd-user/freebsd/qemu-os.h

diff --git a/bsd-user/freebsd/qemu-os.h b/bsd-user/freebsd/qemu-os.h
new file mode 100644
index 000..12adc50928c
--- /dev/null
+++ b/bsd-user/freebsd/qemu-os.h
@@ -0,0 +1,50 @@
+/*
+ *  FreeBSD conversion extern declarations
+ *
+ *  Copyright (c) 2013 Stacey D. Son
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef QEMU_OS_H
+#define QEMU_OS_H
+
+/* qemu/osdep.h pulls in the rest */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+struct freebsd11_stat;
+
+/* os-stat.c */
+abi_long h2t_freebsd11_stat(abi_ulong target_addr,
+struct freebsd11_stat *host_st);
+abi_long h2t_freebsd11_nstat(abi_ulong target_addr,
+struct freebsd11_stat *host_st);
+abi_long t2h_freebsd_fhandle(fhandle_t *host_fh, abi_ulong target_addr);
+abi_long h2t_freebsd_fhandle(abi_ulong target_addr, fhandle_t *host_fh);
+abi_long h2t_freebsd11_statfs(abi_ulong target_addr,
+struct freebsd11_statfs *host_statfs);
+abi_long target_to_host_fcntl_cmd(int cmd);
+abi_long h2t_freebsd_stat(abi_ulong target_addr,
+struct stat *host_st);
+abi_long h2t_freebsd_statfs(abi_ulong target_addr,
+struct statfs *host_statfs);
+
+#endif /* QEMU_OS_H */
diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index ca791e18b22..4cfd5c63371 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -38,6 +38,7 @@ extern char **environ;
 #include "exec/gdbstub.h"
 #include "qemu/clang-tsa.h"
 
+#include "qemu-os.h"
 /*
  * This struct is used to hold certain information about the image.  Basically,
  * it replicates in user space what would be certain task_struct fields in the
-- 
2.41.0

[PULL 32/36] bsd-user: Add glue for the freebsd11_stat syscalls

[Warner Losh]

Add glue to call the freebsd11_stat syscalls to the freebsd_syscall:

freebsd11_stat
freebsd11_lstat
freebsd11_fstat
freebsd11_fstatat
freebsd11_nstat, freebsd11_nfstat, freebsd11_nlstat
fstatat
fstat

Signed-off-by: Warner Losh 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-syscall.c | 42 +++
 1 file changed, 42 insertions(+)

diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 2224a280ea2..ade47a0d2f2 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -36,6 +36,9 @@
 #include "bsd-file.h"
 #include "bsd-proc.h"
 
+/* *BSD dependent syscall shims */
+#include "os-stat.h"
+
 /* I/O */
 safe_syscall3(int, open, const char *, path, int, flags, mode_t, mode);
 safe_syscall4(int, openat, int, fd, const char *, path, int, flags, mode_t,
@@ -482,6 +485,45 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_bsd_undelete(arg1);
 break;
 
+/*
+ * stat system calls
+ */
+case TARGET_FREEBSD_NR_freebsd11_stat: /* stat(2) */
+ret = do_freebsd11_stat(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_freebsd11_lstat: /* lstat(2) */
+ret = do_freebsd11_lstat(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_freebsd11_fstat: /* fstat(2) */
+ret = do_freebsd11_fstat(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_fstat: /* fstat(2) */
+ret = do_freebsd_fstat(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_freebsd11_fstatat: /* fstatat(2) */
+ret = do_freebsd11_fstatat(arg1, arg2, arg3, arg4);
+break;
+
+case TARGET_FREEBSD_NR_fstatat: /* fstatat(2) */
+ret = do_freebsd_fstatat(arg1, arg2, arg3, arg4);
+break;
+
+case TARGET_FREEBSD_NR_freebsd11_nstat: /* undocumented */
+ret = do_freebsd11_nstat(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_freebsd11_nfstat: /* undocumented */
+ret = do_freebsd11_nfstat(arg1, arg2);
+break;
+
+case TARGET_FREEBSD_NR_freebsd11_nlstat: /* undocumented */
+ret = do_freebsd11_nlstat(arg1, arg2);
+break;
+
 /*
  * sys{ctl, arch, call}
  */
-- 
2.41.0

[PULL 36/36] bsd-user: Add missing break after do_bsd_preadv

[Warner Losh]

Without it, we'd call preadv, then write with weird parameters, which is
clearly not ideal...

Signed-off-by: Warner Losh 
Reviewed-by: Philippe Mathieu-Daudé 
Fixes: 770d8abae7 ("bsd-user/bsd-file.h: Meat of the write system calls")
Reviewed-by: Richard Henderson 
Message-Id: <20230820045419.89691-1-...@bsdimp.com>
---
 bsd-user/freebsd/os-syscall.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index e9b1b663af4..fa60df529ef 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -240,6 +240,7 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 
 case TARGET_FREEBSD_NR_preadv: /* preadv(2) */
 ret = do_bsd_preadv(cpu_env, arg1, arg2, arg3, arg4, arg5, arg6);
+break;
 
 case TARGET_FREEBSD_NR_write: /* write(2) */
 ret = do_bsd_write(arg1, arg2, arg3);
-- 
2.41.0

[PULL 14/36] bsd-user: Rename target_freebsd_time_t to target_time_t

[Warner Losh]

This is necessary for future code using target_time_t, in
bsd-user/syscall_defs.

Signed-off-by: Warner Losh 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
---
 bsd-user/syscall_defs.h | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/bsd-user/syscall_defs.h b/bsd-user/syscall_defs.h
index c6699c9943e..9c90616baae 100644
--- a/bsd-user/syscall_defs.h
+++ b/bsd-user/syscall_defs.h
@@ -45,9 +45,9 @@
  *
  */
 #if (!defined(TARGET_I386))
-typedef int64_t target_freebsd_time_t;
+typedef int64_t target_time_t;
 #else
-typedef int32_t target_freebsd_time_t;
+typedef int32_t target_time_t;
 #endif
 
 struct target_iovec {
@@ -102,7 +102,7 @@ typedef abi_long target_freebsd_suseconds_t;
 
 /* compare to sys/timespec.h */
 struct target_freebsd_timespec {
-target_freebsd_time_t   tv_sec; /* seconds */
+target_time_t   tv_sec; /* seconds */
 abi_longtv_nsec;/* and nanoseconds */
 #if !defined(TARGET_I386) && TARGET_ABI_BITS == 32
 abi_long _pad;
@@ -120,7 +120,7 @@ struct target_freebsd__umtx_time {
 };
 
 struct target_freebsd_timeval {
-target_freebsd_time_t   tv_sec; /* seconds */
+target_time_t   tv_sec; /* seconds */
 target_freebsd_suseconds_t  tv_usec;/* and microseconds */
 #if !defined(TARGET_I386) && TARGET_ABI_BITS == 32
 abi_long _pad;
-- 
2.41.0

[PULL 12/36] bsd-user: Add struct target_freebsd_fhandle and fcntl flags

[Warner Losh]

From: Stacey Son 

Add struct target_freebsd_fhandle and fcntl flags to
bsd-user/syscall_defs.h

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Acked-by: Richard Henderson 
Reviewed-by: Warner Losh 
Signed-off-by: Warner Losh 
---
 bsd-user/syscall_defs.h | 51 +
 1 file changed, 51 insertions(+)

diff --git a/bsd-user/syscall_defs.h b/bsd-user/syscall_defs.h
index 499a80f8bff..96ae90b0631 100644
--- a/bsd-user/syscall_defs.h
+++ b/bsd-user/syscall_defs.h
@@ -339,6 +339,57 @@ struct target_statfs {
 char  f_mntonname[1024];/* directory on which mounted */
 };
 
+/* File identifier. These are unique per filesystem on a single machine. */
+#define TARGET_MAXFIDSZ 16
+
+struct target_freebsd_fid {
+uint16_tfid_len;/* len of data in bytes */
+uint16_tfid_data0;  /* force longword align */
+charfid_data[TARGET_MAXFIDSZ];  /* data (variable len) */
+};
+
+/* Generic file handle */
+struct target_freebsd_fhandle {
+target_freebsd_fsid_t   fh_fsid;/* Filesystem id of mount point */
+struct target_freebsd_fid fh_fid;   /* Filesys specific id */
+};
+typedef struct target_freebsd_fhandle target_freebsd_fhandle_t;
+
+/*
+ * sys/fcntl.h
+ */
+#define TARGET_F_DUPFD  0
+#define TARGET_F_GETFD  1
+#define TARGET_F_SETFD  2
+#define TARGET_F_GETFL  3
+#define TARGET_F_SETFL  4
+#define TARGET_F_GETOWN 5
+#define TARGET_F_SETOWN 6
+#define TARGET_F_OGETLK 7
+#define TARGET_F_OSETLK 8
+#define TARGET_F_OSETLKW9
+#define TARGET_F_DUP2FD 10
+#define TARGET_F_GETLK  11
+#define TARGET_F_SETLK  12
+#define TARGET_F_SETLKW 13
+#define TARGET_F_SETLK_REMOTE   14
+#define TARGET_F_READAHEAD  15
+#define TARGET_F_RDAHEAD16
+#define TARGET_F_DUPFD_CLOEXEC 17
+#define TARGET_F_DUP2FD_CLOEXEC18
+/* FreeBSD-specific */
+#define TARGET_F_ADD_SEALS  19
+#define TARGET_F_GET_SEALS  20
+
+struct target_freebsd_flock {
+int64_t l_start;
+int64_t l_len;
+int32_t l_pid;
+int16_t l_type;
+int16_t l_whence;
+int32_t l_sysid;
+} QEMU_PACKED;
+
 #define safe_syscall0(type, name) \
 type safe_##name(void) \
 { \
-- 
2.41.0

[PULL 06/36] bsd-user; Update the definitions of __put_user and __get_user macros

[Warner Losh]

Use __builtin_choose_expr to avoid type promotion from ?:
in __put_user_e and __get_user_e macros.
Copied from linux-user/qemu.h, originally by Blue Swirl.

Signed-off-by: Warner Losh 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
---
 bsd-user/qemu.h   | 81 ---
 bsd-user/signal.c |  5 +--
 2 files changed, 35 insertions(+), 51 deletions(-)

diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index 61501c321b0..ca791e18b22 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -272,50 +272,37 @@ static inline bool access_ok(int type, abi_ulong addr, 
abi_ulong size)
  * These are usually used to access struct data members once the struct has 
been
  * locked - usually with lock_user_struct().
  */
-#define __put_user(x, hptr)\
-({\
-int size = sizeof(*hptr);\
-switch (size) {\
-case 1:\
-*(uint8_t *)(hptr) = (uint8_t)(typeof(*hptr))(x);\
-break;\
-case 2:\
-*(uint16_t *)(hptr) = tswap16((typeof(*hptr))(x));\
-break;\
-case 4:\
-*(uint32_t *)(hptr) = tswap32((typeof(*hptr))(x));\
-break;\
-case 8:\
-*(uint64_t *)(hptr) = tswap64((typeof(*hptr))(x));\
-break;\
-default:\
-abort();\
-} \
-0;\
-})
+#define __put_user_e(x, hptr, e)\
+do {\
+PRAGMA_DISABLE_PACKED_WARNING;  \
+(__builtin_choose_expr(sizeof(*(hptr)) == 1, stb_p, \
+__builtin_choose_expr(sizeof(*(hptr)) == 2, stw_##e##_p,\
+__builtin_choose_expr(sizeof(*(hptr)) == 4, stl_##e##_p,\
+__builtin_choose_expr(sizeof(*(hptr)) == 8, stq_##e##_p, abort  \
+((hptr), (x)), (void)0);\
+PRAGMA_REENABLE_PACKED_WARNING; \
+} while (0)
+
+#define __get_user_e(x, hptr, e)\
+do {\
+PRAGMA_DISABLE_PACKED_WARNING;  \
+((x) = (typeof(*hptr))( \
+__builtin_choose_expr(sizeof(*(hptr)) == 1, ldub_p, \
+__builtin_choose_expr(sizeof(*(hptr)) == 2, lduw_##e##_p,   \
+__builtin_choose_expr(sizeof(*(hptr)) == 4, ldl_##e##_p,\
+__builtin_choose_expr(sizeof(*(hptr)) == 8, ldq_##e##_p, abort  \
+(hptr)), (void)0);  \
+PRAGMA_REENABLE_PACKED_WARNING; \
+} while (0)
 
-#define __get_user(x, hptr) \
-({\
-int size = sizeof(*hptr);\
-switch (size) {\
-case 1:\
-x = (typeof(*hptr))*(uint8_t *)(hptr);\
-break;\
-case 2:\
-x = (typeof(*hptr))tswap16(*(uint16_t *)(hptr));\
-break;\
-case 4:\
-x = (typeof(*hptr))tswap32(*(uint32_t *)(hptr));\
-break;\
-case 8:\
-x = (typeof(*hptr))tswap64(*(uint64_t *)(hptr));\
-break;\
-default:\
-x = 0;\
-abort();\
-} \
-0;\
-})
+
+#if TARGET_BIG_ENDIAN
+# define __put_user(x, hptr)  __put_user_e(x, hptr, be)
+# define __get_user(x, hptr)  __get_user_e(x, hptr, be)
+#else
+# define __put_user(x, hptr)  __put_user_e(x, hptr, le)
+# define __get_user(x, hptr)  __get_user_e(x, hptr, le)
+#endif
 
 /*
  * put_user()/get_user() take a guest address and check access
@@ -328,10 +315,10 @@ static inline bool access_ok(int type, abi_ulong addr, 
abi_ulong size)
 ({  \
 abi_ulong __gaddr = (gaddr);\
 target_type *__hptr;\
-abi_long __ret; \
+abi_long __ret = 0; \
 __hptr = lock_user(VERIFY_WRITE, __gaddr, sizeof(target_type), 0);  \
 if (__hptr) {   \
-__ret = __put_user((x), __hptr);\
+__put_user((x), __hptr);\
 unlock_user(__hptr, __gaddr, sizeof(target_type));  \
 } else  \
 __ret = -TARGET_EFAULT; \
@@ -342,10 +329,10 @@ static inline bool access_ok(int type, abi_ulong addr, 
abi_ulong size)
 ({  \
 abi_ulong __gaddr = (gaddr);\
 target_type *__hptr;\
-abi_long __ret;  

[PULL 35/36] bsd-user: Add getdents and fcntl related system calls

[Warner Losh]

Add glue to call the following syscalls to the freebsd_syscall:

freebsd11_getdents
getdirentries
freebsd11_getdirentries
fcntl

Signed-off-by: Warner Losh 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-syscall.c | 16 
 1 file changed, 16 insertions(+)

diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index 916a754bf8b..e9b1b663af4 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -576,6 +576,22 @@ static abi_long freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 ret = do_freebsd_getfsstat(arg1, arg2, arg3);
 break;
 
+case TARGET_FREEBSD_NR_freebsd11_getdents: /* getdents(2) */
+ret = do_freebsd11_getdents(arg1, arg2, arg3);
+break;
+
+case TARGET_FREEBSD_NR_getdirentries: /* getdirentries(2) */
+ret = do_freebsd_getdirentries(arg1, arg2, arg3, arg4);
+break;
+
+case TARGET_FREEBSD_NR_freebsd11_getdirentries: /* getdirentries(2) */
+ret = do_freebsd11_getdirentries(arg1, arg2, arg3, arg4);
+break;
+case TARGET_FREEBSD_NR_fcntl: /* fcntl(2) */
+ret = do_freebsd_fcntl(arg1, arg2, arg3);
+break;
+
+
 /*
  * sys{ctl, arch, call}
  */
-- 
2.41.0

[PULL 23/36] bsd-user: Implement getdents related syscalls

[Warner Losh]

From: Stacey Son 

Implement the following syscalls:
getdents(2)
getdirecentries(2)

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.h | 72 ++
 1 file changed, 72 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.h b/bsd-user/freebsd/os-stat.h
index 9492c93c55a..7dc41cd0bfe 100644
--- a/bsd-user/freebsd/os-stat.h
+++ b/bsd-user/freebsd/os-stat.h
@@ -279,4 +279,76 @@ static inline abi_long do_freebsd_getfsstat(abi_ulong 
target_addr,
 return ret;
 }
 
+/* getdents(2) */
+static inline abi_long do_freebsd11_getdents(abi_long arg1,
+abi_ulong arg2, abi_long nbytes)
+{
+abi_long ret;
+struct freebsd11_dirent *dirp;
+
+dirp = lock_user(VERIFY_WRITE, arg2, nbytes, 0);
+if (dirp == NULL) {
+return -TARGET_EFAULT;
+}
+ret = get_errno(freebsd11_getdents(arg1, (char *)dirp, nbytes));
+if (!is_error(ret)) {
+struct freebsd11_dirent *de;
+int len = ret;
+int reclen;
+
+de = dirp;
+while (len > 0) {
+reclen = de->d_reclen;
+if (reclen > len) {
+return -TARGET_EFAULT;
+}
+de->d_reclen = tswap16(reclen);
+de->d_fileno = tswap32(de->d_fileno);
+len -= reclen;
+}
+}
+return ret;
+}
+
+/* getdirecentries(2) */
+static inline abi_long do_freebsd_getdirentries(abi_long arg1,
+abi_ulong arg2, abi_long nbytes, abi_ulong arg4)
+{
+abi_long ret;
+struct dirent *dirp;
+long basep;
+
+dirp = lock_user(VERIFY_WRITE, arg2, nbytes, 0);
+if (dirp == NULL) {
+return -TARGET_EFAULT;
+}
+ret = get_errno(getdirentries(arg1, (char *)dirp, nbytes, ));
+if (!is_error(ret)) {
+struct dirent *de;
+int len = ret;
+int reclen;
+
+de = dirp;
+while (len > 0) {
+reclen = de->d_reclen;
+if (reclen > len) {
+return -TARGET_EFAULT;
+}
+de->d_fileno = tswap64(de->d_fileno);
+de->d_off = tswap64(de->d_off);
+de->d_reclen = tswap16(de->d_reclen);
+de->d_namlen = tswap16(de->d_namlen);
+len -= reclen;
+de = (struct dirent *)((void *)de + reclen);
+}
+}
+unlock_user(dirp, arg2, ret);
+if (arg4) {
+if (put_user(basep, arg4, abi_ulong)) {
+return -TARGET_EFAULT;
+}
+}
+return ret;
+}
+
 #endif /* BSD_USER_FREEBSD_OS_STAT_H */
-- 
2.41.0

[PULL 16/36] bsd-user: Implement h2t_freebsd_fhandle t2h_freebsd_fhandle

[Warner Losh]

From: Stacey Son 

Implement the stat conversion functions:
h2t_freebsd_fhandle
t2h_freebsd_fhandle

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.c | 37 +
 1 file changed, 37 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.c b/bsd-user/freebsd/os-stat.c
index 8c73f7402c2..6716cee3e22 100644
--- a/bsd-user/freebsd/os-stat.c
+++ b/bsd-user/freebsd/os-stat.c
@@ -92,3 +92,40 @@ abi_long h2t_freebsd11_nstat(abi_ulong target_addr,
 return 0;
 }
 
+/*
+ * file handle conversion
+ */
+abi_long t2h_freebsd_fhandle(fhandle_t *host_fh, abi_ulong target_addr)
+{
+target_freebsd_fhandle_t *target_fh;
+
+if (!lock_user_struct(VERIFY_READ, target_fh, target_addr, 1)) {
+return -TARGET_EFAULT;
+}
+__get_user(host_fh->fh_fsid.val[0], _fh->fh_fsid.val[0]);
+__get_user(host_fh->fh_fsid.val[1], _fh->fh_fsid.val[0]);
+__get_user(host_fh->fh_fid.fid_len, _fh->fh_fid.fid_len);
+/* u_short fid_data0; */
+memcpy(host_fh->fh_fid.fid_data, target_fh->fh_fid.fid_data,
+TARGET_MAXFIDSZ);
+unlock_user_struct(target_fh, target_addr, 0);
+return 0;
+}
+
+abi_long h2t_freebsd_fhandle(abi_ulong target_addr, fhandle_t *host_fh)
+{
+target_freebsd_fhandle_t *target_fh;
+
+if (!lock_user_struct(VERIFY_WRITE, target_fh, target_addr, 0)) {
+return -TARGET_EFAULT;
+}
+__put_user(host_fh->fh_fsid.val[0], _fh->fh_fsid.val[0]);
+__put_user(host_fh->fh_fsid.val[1], _fh->fh_fsid.val[0]);
+__put_user(host_fh->fh_fid.fid_len, _fh->fh_fid.fid_len);
+/* u_short fid_data0; */
+memcpy(target_fh->fh_fid.fid_data, host_fh->fh_fid.fid_data,
+TARGET_MAXFIDSZ);
+unlock_user_struct(target_fh, target_addr, 1);
+return 0;
+}
+
-- 
2.41.0

[PULL 13/36] bsd-user: Define safe_fcntl macro in bsd-user/syscall_defs.h

[Warner Losh]

From: Kyle Evans 

Signed-off-by: Kyle Evans 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/syscall_defs.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/bsd-user/syscall_defs.h b/bsd-user/syscall_defs.h
index 96ae90b0631..c6699c9943e 100644
--- a/bsd-user/syscall_defs.h
+++ b/bsd-user/syscall_defs.h
@@ -437,6 +437,8 @@ type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 
arg4, \
 return safe_syscall(SYS_##name, arg1, arg2, arg3, arg4, arg5, arg6); \
 }
 
+#define safe_fcntl(...) safe_syscall(SYS_fcntl, __VA_ARGS__)
+
 /* So far all target and host bitmasks are the same */
 #undef  target_to_host_bitmask
 #define target_to_host_bitmask(x, tbl) (x)
-- 
2.41.0

[PULL 09/36] bsd-user: Add struct target_stat to bsd-user/syscall_defs.h

[Warner Losh]

From: Michal Meloun 

Signed-off-by: Michal Meloun 
Signed-off-by: Karim Taha 
Acked-by:  Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/syscall_defs.h | 38 ++
 1 file changed, 38 insertions(+)

diff --git a/bsd-user/syscall_defs.h b/bsd-user/syscall_defs.h
index 56198cc6a00..bd04b30a560 100644
--- a/bsd-user/syscall_defs.h
+++ b/bsd-user/syscall_defs.h
@@ -212,6 +212,44 @@ struct target_freebsd11_stat {
 unsigned int:(8 / 2) * (16 - (int)sizeof(struct target_freebsd_timespec));
 } __packed;
 
+#if defined(__i386__)
+#define TARGET_HAS_STAT_TIME_T_EXT   1
+#endif
+
+struct target_stat {
+uint64_t  st_dev;   /* inode's device */
+uint64_t  st_ino;   /* inode's number */
+uint64_t  st_nlink; /* number of hard links */
+int16_t   st_mode;  /* inode protection mode */
+int16_t   st_padding0;
+uint32_t  st_uid;   /* user ID of the file's owner */
+uint32_t  st_gid;   /* group ID of the file's group */
+int32_t   st_padding1;
+uint64_t  st_rdev;  /* device type */
+#ifdef TARGET_HAS_STAT_TIME_T_EXT
+int32_t   st_atim_ext;
+#endif
+struct  target_freebsd_timespec st_atim; /* time of last access */
+#ifdef TARGET_HAS_STAT_TIME_T_EXT
+int32_t   st_mtim_ext;
+#endif
+struct  target_freebsd_timespec st_mtim; /* time of last data modification 
*/
+#ifdef TARGET_HAS_STAT_TIME_T_EXT
+int32_t st_ctim_ext;
+#endif
+struct  target_freebsd_timespec st_ctim;/* time of last file status change 
*/
+#ifdef TARGET_HAS_STAT_TIME_T_EXT
+int32_t st_btim_ext;
+#endif
+struct  target_freebsd_timespec st_birthtim;   /* time of file creation */
+int64_t   st_size;  /* file size, in bytes */
+int64_t   st_blocks;/* blocks allocated for file */
+uint32_t  st_blksize;   /* optimal blocksize for I/O */
+uint32_t  st_flags; /* user defined flags for file */
+uint64_t  st_gen;   /* file generation number */
+uint64_t  st_spare[10];
+};
+
 #define safe_syscall0(type, name) \
 type safe_##name(void) \
 { \
-- 
2.41.0

[PULL 08/36] bsd-user: Add struct target_freebsd11_stat to bsd-user/syscall_defs

[Warner Losh]

From: Stacey Son 

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Acked-by: Richard Henderson 
Singed-off-by: Warner Losh 
---
 bsd-user/syscall_defs.h | 33 +
 1 file changed, 33 insertions(+)

diff --git a/bsd-user/syscall_defs.h b/bsd-user/syscall_defs.h
index aedfbf2d7db..56198cc6a00 100644
--- a/bsd-user/syscall_defs.h
+++ b/bsd-user/syscall_defs.h
@@ -179,6 +179,39 @@ struct target_freebsd__wrusage {
 struct target_freebsd_rusage wru_children;
 };
 
+/*
+ * sys/stat.h
+ */
+struct target_freebsd11_stat {
+uint32_t  st_dev;   /* inode's device */
+uint32_t  st_ino;   /* inode's number */
+int16_t   st_mode;  /* inode protection mode */
+int16_t   st_nlink; /* number of hard links */
+uint32_t  st_uid;   /* user ID of the file's owner */
+uint32_t  st_gid;   /* group ID of the file's group */
+uint32_t  st_rdev;  /* device type */
+struct  target_freebsd_timespec st_atim; /* time last accessed */
+struct  target_freebsd_timespec st_mtim; /* time last data modification */
+struct  target_freebsd_timespec st_ctim; /* time last file status change */
+int64_tst_size; /* file size, in bytes */
+int64_tst_blocks;   /* blocks allocated for file */
+uint32_t   st_blksize;  /* optimal blocksize for I/O */
+uint32_t   st_flags;/* user defined flags for file */
+uint32_t   st_gen;  /* file generation number */
+int32_tst_lspare;
+struct target_freebsd_timespec st_birthtim; /* time of file creation */
+/*
+ * Explicitly pad st_birthtim to 16 bytes so that the size of
+ * struct stat is backwards compatible.  We use bitfields instead
+ * of an array of chars so that this doesn't require a C99 compiler
+ * to compile if the size of the padding is 0.  We use 2 bitfields
+ * to cover up to 64 bits on 32-bit machines.  We assume that
+ * CHAR_BIT is 8...
+ */
+unsigned int:(8 / 2) * (16 - (int)sizeof(struct target_freebsd_timespec));
+unsigned int:(8 / 2) * (16 - (int)sizeof(struct target_freebsd_timespec));
+} __packed;
+
 #define safe_syscall0(type, name) \
 type safe_##name(void) \
 { \
-- 
2.41.0

[PULL 03/36] bsd-user: Remove image_info.start_brk

[Warner Losh]

From: Richard Henderson 

This has the same value is image_info.brk, which is also logged,
and is otherwise unused.

Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20230818175736.144194-4-richard.hender...@linaro.org>
Reviewed-by: Warner Losh 
Signed-off-by: Warner Losh 
---
 bsd-user/elfload.c | 2 +-
 bsd-user/main.c| 2 --
 bsd-user/qemu.h| 1 -
 3 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/bsd-user/elfload.c b/bsd-user/elfload.c
index 2d39e59258e..baf2f63d2f1 100644
--- a/bsd-user/elfload.c
+++ b/bsd-user/elfload.c
@@ -811,7 +811,7 @@ int load_elf_binary(struct bsd_binprm *bprm, struct 
target_pt_regs *regs,
bprm->stringp, _ex, load_addr,
et_dyn_addr, interp_load_addr, info);
 info->load_addr = reloc_func_desc;
-info->start_brk = info->brk = elf_brk;
+info->brk = elf_brk;
 info->start_stack = bprm->p;
 info->load_bias = 0;
 
diff --git a/bsd-user/main.c b/bsd-user/main.c
index 381bb18df80..f913cb55a72 100644
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -553,8 +553,6 @@ int main(int argc, char **argv)
 fprintf(f, "page layout changed following binary load\n");
 page_dump(f);
 
-fprintf(f, "start_brk   0x" TARGET_ABI_FMT_lx "\n",
-info->start_brk);
 fprintf(f, "end_code0x" TARGET_ABI_FMT_lx "\n",
 info->end_code);
 fprintf(f, "start_code  0x" TARGET_ABI_FMT_lx "\n",
diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index 898fe3e8b34..61501c321b0 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -50,7 +50,6 @@ struct image_info {
 abi_ulong end_code;
 abi_ulong start_data;
 abi_ulong end_data;
-abi_ulong start_brk;
 abi_ulong brk;
 abi_ulong rss;
 abi_ulong start_stack;
-- 
2.41.0

[PULL 11/36] bsd-user: Add struct target_statfs

[Warner Losh]

From: Michal Meloun 

Add struct target_statfs to bsd-user/syscall_defs.h

Signed-off-by: Michal Meloun 
Signed-off-by: Karim Taha 
Acked-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/syscall_defs.h | 25 +
 1 file changed, 25 insertions(+)

diff --git a/bsd-user/syscall_defs.h b/bsd-user/syscall_defs.h
index 51d8ff0dd8e..499a80f8bff 100644
--- a/bsd-user/syscall_defs.h
+++ b/bsd-user/syscall_defs.h
@@ -314,6 +314,31 @@ struct target_freebsd11_statfs {
 char f_mntonname[88];  /* dir on which mounted*/
 };
 
+struct target_statfs {
+uint32_t f_version; /* structure version number */
+uint32_t f_type;/* type of filesystem */
+uint64_t f_flags;   /* copy of mount exported flags */
+uint64_t f_bsize;   /* filesystem fragment size */
+uint64_t f_iosize;  /* optimal transfer block size */
+uint64_t f_blocks;  /* total data blocks in filesystem */
+uint64_t f_bfree;   /* free blocks in filesystem */
+int64_t  f_bavail;  /* free blocks avail to non-superuser */
+uint64_t f_files;   /* total file nodes in filesystem */
+int64_t  f_ffree;   /* free nodes avail to non-superuser */
+uint64_t f_syncwrites;  /* count of sync writes since mount */
+uint64_t f_asyncwrites; /* count of async writes since mount */
+uint64_t f_syncreads;   /* count of sync reads since mount */
+uint64_t f_asyncreads;  /* count of async reads since mount */
+uint64_t f_spare[10];   /* unused spare */
+uint32_t f_namemax; /* maximum filename length */
+uint32_t f_owner;   /* user that mounted the filesystem */
+target_freebsd_fsid_t f_fsid;   /* filesystem id */
+char  f_charspare[80];  /* spare string space */
+char  f_fstypename[16]; /* filesystem type name */
+char  f_mntfromname[1024];  /* mounted filesystem */
+char  f_mntonname[1024];/* directory on which mounted */
+};
+
 #define safe_syscall0(type, name) \
 type safe_##name(void) \
 { \
-- 
2.41.0

[PULL 05/36] bsd-user: Disable clang warnings

[Warner Losh]

From: Kyle Evans 

Implement PRAGMA_DISABLE_PACKED_WARNING and
PRAGMA_REENABLE_PACKED_WARNING macros in include/qemu/compiler.h.

Signed-off-by: Kyle Evans 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 include/qemu/compiler.h | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h
index a309f90c768..b0374425180 100644
--- a/include/qemu/compiler.h
+++ b/include/qemu/compiler.h
@@ -22,6 +22,36 @@
 #define QEMU_EXTERN_C extern
 #endif
 
+/*
+ * Tricky points:
+ * - Use __builtin_choose_expr to avoid type promotion from ?:,
+ * - Invalid sizes result in a compile time error stemming from
+ *   the fact that abort has no parameters.
+ * - It's easier to use the endian-specific unaligned load/store
+ *   functions than host-endian unaligned load/store plus tswapN.
+ * - The pragmas are necessary only to silence a clang false-positive
+ *   warning: see https://bugs.llvm.org/show_bug.cgi?id=39113 .
+ * - We have to disable -Wpragmas warnings to avoid a complaint about
+ *   an unknown warning type from older compilers that don't know about
+ *   -Waddress-of-packed-member.
+ * - gcc has bugs in its _Pragma() support in some versions, eg
+ *   https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83256 -- so we only
+ *   include the warning-suppression pragmas for clang
+ */
+#ifdef __clang__
+#define PRAGMA_DISABLE_PACKED_WARNING   \
+_Pragma("GCC diagnostic push"); \
+_Pragma("GCC diagnostic ignored \"-Wpragmas\"");\
+_Pragma("GCC diagnostic ignored \"-Waddress-of-packed-member\"")
+
+#define PRAGMA_REENABLE_PACKED_WARNING  \
+_Pragma("GCC diagnostic pop")
+
+#else
+#define PRAGMA_DISABLE_PACKED_WARNING
+#define PRAGMA_REENABLE_PACKED_WARNING
+#endif
+
 #if defined(_WIN32) && (defined(__x86_64__) || defined(__i386__))
 # define QEMU_PACKED __attribute__((gcc_struct, packed))
 #else
-- 
2.41.0

[PULL 31/36] bsd-user: Add os-stat.c to the build

[Warner Losh]

From: Karim Taha 

Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/meson.build | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bsd-user/freebsd/meson.build b/bsd-user/freebsd/meson.build
index f87c788e846..f2f047cca31 100644
--- a/bsd-user/freebsd/meson.build
+++ b/bsd-user/freebsd/meson.build
@@ -1,4 +1,5 @@
 bsd_user_ss.add(files(
+  'os-stat.c',
   'os-sys.c',
   'os-syscall.c',
 ))
-- 
2.41.0

[PULL 04/36] bsd-user: Move _WANT_FREEBSD macros to include/qemu/osdep.h

[Warner Losh]

move _WANT_FREEBSD macros from bsd-user/freebsd/os-syscall.c to
include/qemu/osdep.h in order to pull some struct defintions needed
later in the build.

Signed-off-by: Warner Losh 
Signed-off-by: Karim Taha 
Acked-by: Richard Henderson 
---
 bsd-user/freebsd/os-syscall.c | 11 ---
 include/qemu/osdep.h  | 13 +
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/bsd-user/freebsd/os-syscall.c b/bsd-user/freebsd/os-syscall.c
index de36c4b71c6..2224a280ea2 100644
--- a/bsd-user/freebsd/os-syscall.c
+++ b/bsd-user/freebsd/os-syscall.c
@@ -17,17 +17,6 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
-
-/*
- * We need the FreeBSD "legacy" definitions. Rust needs the FreeBSD 11 system
- * calls since it doesn't use libc at all, so we have to emulate that despite
- * FreeBSD 11 being EOL'd.
- */
-#define _WANT_FREEBSD11_STAT
-#define _WANT_FREEBSD11_STATFS
-#define _WANT_FREEBSD11_DIRENT
-#define _WANT_KERNEL_ERRNO
-#define _WANT_SEMUN
 #include "qemu/osdep.h"
 #include "qemu/cutils.h"
 #include "qemu/path.h"
diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index 21ef8f16995..2cae135280c 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -88,6 +88,19 @@ QEMU_EXTERN_C int daemon(int, int);
 #define __USE_MINGW_ANSI_STDIO 1
 #endif
 
+/*
+ * We need the FreeBSD "legacy" definitions. Rust needs the FreeBSD 11 system
+ * calls since it doesn't use libc at all, so we have to emulate that despite
+ * FreeBSD 11 being EOL'd.
+ */
+#ifdef __FreeBSD__
+#define _WANT_FREEBSD11_STAT
+#define _WANT_FREEBSD11_STATFS
+#define _WANT_FREEBSD11_DIRENT
+#define _WANT_KERNEL_ERRNO
+#define _WANT_SEMUN
+#endif
+
 #include 
 #include 
 #include 
-- 
2.41.0

[PULL 26/36] bsd-user: Implement freebsd11 fstat and fhstat related syscalls

[Warner Losh]

From: Michal Meloun 

Implement the freebsd11 variant of the following syscalls:
fstat(2)
fstatat(2)
fhstat(2)
fhstatfs(2)

Co-authored-by: Stacey Son 
Signed-off-by: Stacey Son 
Signed-off-by: Michal Meloun 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.h | 78 ++
 1 file changed, 78 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.h b/bsd-user/freebsd/os-stat.h
index aef55c8bb53..2e0c7245dfd 100644
--- a/bsd-user/freebsd/os-stat.h
+++ b/bsd-user/freebsd/os-stat.h
@@ -24,6 +24,17 @@ int freebsd11_stat(const char *path, struct freebsd11_stat 
*stat);
 __sym_compat(stat, freebsd11_stat, FBSD_1.0);
 int freebsd11_lstat(const char *path, struct freebsd11_stat *stat);
 __sym_compat(lstat, freebsd11_lstat, FBSD_1.0);
+int freebsd11_fstat(int fd, struct freebsd11_stat *stat);
+__sym_compat(fstat, freebsd11_fstat, FBSD_1.0);
+int freebsd11_fstatat(int fd, const char *path, struct freebsd11_stat *stat,
+int flag);
+__sym_compat(fstatat, freebsd11_fstatat, FBSD_1.1);
+
+int freebsd11_fhstat(const fhandle_t *fhandle, struct freebsd11_stat *stat);
+__sym_compat(fhstat, freebsd11_fhstat, FBSD_1.0);
+int freebsd11_fhstatfs(const fhandle_t *fhandle, struct freebsd11_statfs * 
buf);
+__sym_compat(fhstatfs, freebsd11_fhstatfs, FBSD_1.0);
+int freebsd11_statfs(const char *path, struct freebsd11_statfs *buf);
 
 /* stat(2) */
 static inline abi_long do_freebsd11_stat(abi_long arg1, abi_long arg2)
@@ -57,6 +68,19 @@ static inline abi_long do_freebsd11_lstat(abi_long arg1, 
abi_long arg2)
 return ret;
 }
 
+/* fstat(2) */
+static inline abi_long do_freebsd11_fstat(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+struct freebsd11_stat st;
+
+ret = get_errno(freebsd11_fstat(arg1, ));
+if (!is_error(ret))  {
+ret = h2t_freebsd11_stat(arg2, );
+}
+return ret;
+}
+
 /* fstat(2) */
 static inline abi_long do_freebsd_fstat(abi_long arg1, abi_long arg2)
 {
@@ -70,6 +94,23 @@ static inline abi_long do_freebsd_fstat(abi_long arg1, 
abi_long arg2)
 return ret;
 }
 
+/* fstatat(2) */
+static inline abi_long do_freebsd11_fstatat(abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4)
+{
+abi_long ret;
+void *p;
+struct freebsd11_stat st;
+
+LOCK_PATH(p, arg2);
+ret = get_errno(freebsd11_fstatat(arg1, p, , arg4));
+UNLOCK_PATH(p, arg2);
+if (!is_error(ret) && arg3) {
+ret = h2t_freebsd11_stat(arg3, );
+}
+return ret;
+}
+
 /* fstatat(2) */
 static inline abi_long do_freebsd_fstatat(abi_long arg1, abi_long arg2,
 abi_long arg3, abi_long arg4)
@@ -178,6 +219,24 @@ static inline abi_long do_freebsd_fhopen(abi_long arg1, 
abi_long arg2)
 return get_errno(fhopen(_fh, arg2));
 }
 
+/* fhstat(2) */
+static inline abi_long do_freebsd11_fhstat(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+fhandle_t host_fh;
+struct freebsd11_stat host_sb;
+
+ret = t2h_freebsd_fhandle(_fh, arg1);
+if (is_error(ret)) {
+return ret;
+}
+ret = get_errno(freebsd11_fhstat(_fh, _sb));
+if (is_error(ret)) {
+return ret;
+}
+return h2t_freebsd11_stat(arg2, _sb);
+}
+
 /* fhstat(2) */
 static inline abi_long do_freebsd_fhstat(abi_long arg1, abi_long arg2)
 {
@@ -196,6 +255,25 @@ static inline abi_long do_freebsd_fhstat(abi_long arg1, 
abi_long arg2)
 return h2t_freebsd_stat(arg2, _sb);
 }
 
+/* fhstatfs(2) */
+static inline abi_long do_freebsd11_fhstatfs(abi_ulong target_fhp_addr,
+abi_ulong target_stfs_addr)
+{
+abi_long ret;
+fhandle_t host_fh;
+struct freebsd11_statfs host_stfs;
+
+ret = t2h_freebsd_fhandle(_fh, target_fhp_addr);
+if (is_error(ret)) {
+return ret;
+}
+ret = get_errno(freebsd11_fhstatfs(_fh, _stfs));
+if (is_error(ret)) {
+return ret;
+}
+return h2t_freebsd11_statfs(target_stfs_addr, _stfs);
+}
+
 /* fhstatfs(2) */
 static inline abi_long do_freebsd_fhstatfs(abi_ulong target_fhp_addr,
 abi_ulong target_stfs_addr)
-- 
2.41.0

[PULL 17/36] bsd-user: Implement h2t_freebds11_statfs

[Warner Losh]

From: Stacey Son 

Implement the stat conversion functions:
h2t_freebds11_statfs

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.c | 41 ++
 1 file changed, 41 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.c b/bsd-user/freebsd/os-stat.c
index 6716cee3e22..9eb01bf6645 100644
--- a/bsd-user/freebsd/os-stat.c
+++ b/bsd-user/freebsd/os-stat.c
@@ -129,3 +129,44 @@ abi_long h2t_freebsd_fhandle(abi_ulong target_addr, 
fhandle_t *host_fh)
 return 0;
 }
 
+/*
+ *  file system stat
+ */
+abi_long h2t_freebsd11_statfs(abi_ulong target_addr,
+struct freebsd11_statfs *host_statfs)
+{
+struct target_freebsd11_statfs *target_statfs;
+
+if (!lock_user_struct(VERIFY_WRITE, target_statfs, target_addr, 0)) {
+return -TARGET_EFAULT;
+}
+__put_user(host_statfs->f_version, _statfs->f_version);
+__put_user(host_statfs->f_type, _statfs->f_type);
+__put_user(host_statfs->f_flags, _statfs->f_flags);
+__put_user(host_statfs->f_bsize, _statfs->f_bsize);
+__put_user(host_statfs->f_iosize, _statfs->f_iosize);
+__put_user(host_statfs->f_blocks, _statfs->f_blocks);
+__put_user(host_statfs->f_bfree, _statfs->f_bfree);
+__put_user(host_statfs->f_bavail, _statfs->f_bavail);
+__put_user(host_statfs->f_files, _statfs->f_files);
+__put_user(host_statfs->f_ffree, _statfs->f_ffree);
+__put_user(host_statfs->f_syncwrites, _statfs->f_syncwrites);
+__put_user(host_statfs->f_asyncwrites, _statfs->f_asyncwrites);
+__put_user(host_statfs->f_syncreads, _statfs->f_syncreads);
+__put_user(host_statfs->f_asyncreads, _statfs->f_asyncreads);
+/* uint64_t f_spare[10]; */
+__put_user(host_statfs->f_namemax, _statfs->f_namemax);
+__put_user(host_statfs->f_owner, _statfs->f_owner);
+__put_user(host_statfs->f_fsid.val[0], _statfs->f_fsid.val[0]);
+__put_user(host_statfs->f_fsid.val[1], _statfs->f_fsid.val[1]);
+/* char f_charspace[80]; */
+strncpy(target_statfs->f_fstypename, host_statfs->f_fstypename,
+sizeof(target_statfs->f_fstypename));
+strncpy(target_statfs->f_mntfromname, host_statfs->f_mntfromname,
+sizeof(target_statfs->f_mntfromname));
+strncpy(target_statfs->f_mntonname, host_statfs->f_mntonname,
+sizeof(target_statfs->f_mntonname));
+unlock_user_struct(target_statfs, target_addr, 1);
+return 0;
+}
+
-- 
2.41.0

[PULL 10/36] bsd-user: Add structs target_freebsd11_{nstat,statfs}

[Warner Losh]

From: Stacey Son 

Add structs target_freebsd11_nstat and target_freebsd11_statfs to
bsd-user/syscall_defs.h

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Acked-by: Richard Henderson 
---
 bsd-user/syscall_defs.h | 64 +
 1 file changed, 64 insertions(+)

diff --git a/bsd-user/syscall_defs.h b/bsd-user/syscall_defs.h
index bd04b30a560..51d8ff0dd8e 100644
--- a/bsd-user/syscall_defs.h
+++ b/bsd-user/syscall_defs.h
@@ -250,6 +250,70 @@ struct target_stat {
 uint64_t  st_spare[10];
 };
 
+
+/* struct nstat is the same as stat above but without the st_lspare field */
+struct target_freebsd11_nstat {
+uint32_t  st_dev;   /* inode's device */
+uint32_t  st_ino;   /* inode's number */
+int16_t   st_mode;  /* inode protection mode */
+int16_t   st_nlink; /* number of hard links */
+uint32_t  st_uid;   /* user ID of the file's owner */
+uint32_t  st_gid;   /* group ID of the file's group */
+uint32_t  st_rdev;  /* device type */
+struct  target_freebsd_timespec st_atim; /* time last accessed */
+struct  target_freebsd_timespec st_mtim; /* time last data modification */
+struct  target_freebsd_timespec st_ctim; /* time last file status change */
+int64_tst_size; /* file size, in bytes */
+int64_tst_blocks;   /* blocks allocated for file */
+uint32_t   st_blksize;  /* optimal blocksize for I/O */
+uint32_t   st_flags;/* user defined flags for file */
+uint32_t   st_gen;  /* file generation number */
+struct target_freebsd_timespec st_birthtim; /* time of file creation */
+/*
+ * Explicitly pad st_birthtim to 16 bytes so that the size of
+ * struct stat is backwards compatible.  We use bitfields instead
+ * of an array of chars so that this doesn't require a C99 compiler
+ * to compile if the size of the padding is 0.  We use 2 bitfields
+ * to cover up to 64 bits on 32-bit machines.  We assume that
+ * CHAR_BIT is 8...
+ */
+unsigned int:(8 / 2) * (16 - (int)sizeof(struct target_freebsd_timespec));
+unsigned int:(8 / 2) * (16 - (int)sizeof(struct target_freebsd_timespec));
+} __packed;
+
+/*
+ * sys/mount.h
+ */
+
+/* filesystem id type */
+typedef struct target_freebsd_fsid { int32_t val[2]; } target_freebsd_fsid_t;
+
+/* filesystem statistics */
+struct target_freebsd11_statfs {
+uint32_t f_version; /* structure version number */
+uint32_t f_type;/* type of filesystem */
+uint64_t f_flags;   /* copy of mount exported flags */
+uint64_t f_bsize;   /* filesystem fragment size */
+uint64_t f_iosize;  /* optimal transfer block size */
+uint64_t f_blocks;  /* total data blocks in filesystem */
+uint64_t f_bfree;   /* free blocks in filesystem */
+int64_t  f_bavail;  /* free blocks avail to non-superuser */
+uint64_t f_files;   /* total file nodes in filesystem */
+int64_t  f_ffree;   /* free nodes avail to non-superuser */
+uint64_t f_syncwrites;  /* count of sync writes since mount */
+uint64_t f_asyncwrites; /* count of async writes since mount */
+uint64_t f_syncreads;   /* count of sync reads since mount */
+uint64_t f_asyncreads;  /* count of async reads since mount */
+uint64_t f_spare[10];   /* unused spare */
+uint32_t f_namemax; /* maximum filename length */
+uint32_t f_owner;   /* user that mounted the filesystem */
+target_freebsd_fsid_t   f_fsid; /* filesystem id */
+char f_charspare[80];   /* spare string space */
+char f_fstypename[16];   /* filesys type name */
+char f_mntfromname[88];/* mount filesystem */
+char f_mntonname[88];  /* dir on which mounted*/
+};
+
 #define safe_syscall0(type, name) \
 type safe_##name(void) \
 { \
-- 
2.41.0

[PULL 20/36] bsd-user: Implement stat related syscalls

[Warner Losh]

From: Stacey Son 

Implement the following syscalls:
stat(2)
lstat(2)
fstat(2)
fstatat(2)
nstat
nfstat
nlstat

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.h | 130 +
 1 file changed, 130 insertions(+)
 create mode 100644 bsd-user/freebsd/os-stat.h

diff --git a/bsd-user/freebsd/os-stat.h b/bsd-user/freebsd/os-stat.h
new file mode 100644
index 000..f8f99b4a723
--- /dev/null
+++ b/bsd-user/freebsd/os-stat.h
@@ -0,0 +1,130 @@
+/*
+ *  stat related system call shims and definitions
+ *
+ *  Copyright (c) 2013 Stacey D. Son
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#ifndef BSD_USER_FREEBSD_OS_STAT_H
+#define BSD_USER_FREEBSD_OS_STAT_H
+
+/* stat(2) */
+static inline abi_long do_freebsd11_stat(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p;
+struct freebsd11_stat st;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(freebsd11_stat(path(p), ));
+UNLOCK_PATH(p, arg1);
+if (!is_error(ret)) {
+ret = h2t_freebsd11_stat(arg2, );
+}
+return ret;
+}
+
+/* lstat(2) */
+static inline abi_long do_freebsd11_lstat(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p;
+struct freebsd11_stat st;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(freebsd11_lstat(path(p), ));
+UNLOCK_PATH(p, arg1);
+if (!is_error(ret)) {
+ret = h2t_freebsd11_stat(arg2, );
+}
+return ret;
+}
+
+/* fstat(2) */
+static inline abi_long do_freebsd_fstat(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+struct stat st;
+
+ret = get_errno(fstat(arg1, ));
+if (!is_error(ret))  {
+ret = h2t_freebsd_stat(arg2, );
+}
+return ret;
+}
+
+/* fstatat(2) */
+static inline abi_long do_freebsd_fstatat(abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4)
+{
+abi_long ret;
+void *p;
+struct stat st;
+
+LOCK_PATH(p, arg2);
+ret = get_errno(fstatat(arg1, p, , arg4));
+UNLOCK_PATH(p, arg2);
+if (!is_error(ret) && arg3) {
+ret = h2t_freebsd_stat(arg3, );
+}
+return ret;
+}
+
+/* undocummented nstat(char *path, struct nstat *ub) syscall */
+static abi_long do_freebsd11_nstat(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p;
+struct freebsd11_stat st;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(freebsd11_nstat(path(p), ));
+UNLOCK_PATH(p, arg1);
+if (!is_error(ret)) {
+ret = h2t_freebsd11_nstat(arg2, );
+}
+return ret;
+}
+
+/* undocummented nfstat(int fd, struct nstat *sb) syscall */
+static abi_long do_freebsd11_nfstat(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+struct freebsd11_stat st;
+
+ret = get_errno(freebsd11_nfstat(arg1, ));
+if (!is_error(ret))  {
+ret = h2t_freebsd11_nstat(arg2, );
+}
+return ret;
+}
+
+/* undocummented nlstat(char *path, struct nstat *ub) syscall */
+static abi_long do_freebsd11_nlstat(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p;
+struct freebsd11_stat st;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(freebsd11_nlstat(path(p), ));
+UNLOCK_PATH(p, arg1);
+if (!is_error(ret)) {
+ret = h2t_freebsd11_nstat(arg2, );
+}
+return ret;
+}
+
+#endif /* BSD_USER_FREEBSD_OS_STAT_H */
-- 
2.41.0

[PULL 25/36] bsd-user: Implement freebsd11 stat related syscalls

[Warner Losh]

From: Michal Meloun 

Rename the following syscalls to the freebsd11 variant:
do_freebsd_lstat -> do_freebsd11_lstat
do_freebsd_stat -> do_freebsd11_stat

Co-authored-by: Stacey Son 
Signed-off-by: Stacey Son 
Signed-off-by: Michal Meloun 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.h | 5 +
 1 file changed, 5 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.h b/bsd-user/freebsd/os-stat.h
index 5d9323c7d1b..aef55c8bb53 100644
--- a/bsd-user/freebsd/os-stat.h
+++ b/bsd-user/freebsd/os-stat.h
@@ -20,6 +20,11 @@
 #ifndef BSD_USER_FREEBSD_OS_STAT_H
 #define BSD_USER_FREEBSD_OS_STAT_H
 
+int freebsd11_stat(const char *path, struct freebsd11_stat *stat);
+__sym_compat(stat, freebsd11_stat, FBSD_1.0);
+int freebsd11_lstat(const char *path, struct freebsd11_stat *stat);
+__sym_compat(lstat, freebsd11_lstat, FBSD_1.0);
+
 /* stat(2) */
 static inline abi_long do_freebsd11_stat(abi_long arg1, abi_long arg2)
 {
-- 
2.41.0

[PULL 01/36] bsd-user: Remove ELF_START_MMAP and image_info.start_mmap

[Warner Losh]

From: Richard Henderson 

The start_mmap value is write-only.
Remove the field and the defines that populated it.

Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20230818175736.144194-2-richard.hender...@linaro.org>
Reviewed-by: Warner Losh 
Signed-off-by: Warner Losh 
---
 bsd-user/arm/target_arch_elf.h| 1 -
 bsd-user/elfload.c| 1 -
 bsd-user/i386/target_arch_elf.h   | 1 -
 bsd-user/qemu.h   | 1 -
 bsd-user/x86_64/target_arch_elf.h | 1 -
 5 files changed, 5 deletions(-)

diff --git a/bsd-user/arm/target_arch_elf.h b/bsd-user/arm/target_arch_elf.h
index 935bce347fc..b1c0fd2b320 100644
--- a/bsd-user/arm/target_arch_elf.h
+++ b/bsd-user/arm/target_arch_elf.h
@@ -20,7 +20,6 @@
 #ifndef TARGET_ARCH_ELF_H
 #define TARGET_ARCH_ELF_H
 
-#define ELF_START_MMAP 0x8000
 #define ELF_ET_DYN_LOAD_ADDR0x50
 
 #define elf_check_arch(x) ((x) == EM_ARM)
diff --git a/bsd-user/elfload.c b/bsd-user/elfload.c
index 1f650bdde85..38a3439d2cd 100644
--- a/bsd-user/elfload.c
+++ b/bsd-user/elfload.c
@@ -738,7 +738,6 @@ int load_elf_binary(struct bsd_binprm *bprm, struct 
target_pt_regs *regs,
 /* OK, This is the point of no return */
 info->end_data = 0;
 info->end_code = 0;
-info->start_mmap = (abi_ulong)ELF_START_MMAP;
 info->mmap = 0;
 elf_entry = (abi_ulong) elf_ex.e_entry;
 
diff --git a/bsd-user/i386/target_arch_elf.h b/bsd-user/i386/target_arch_elf.h
index cbcd1f08e2f..4ac27b02e72 100644
--- a/bsd-user/i386/target_arch_elf.h
+++ b/bsd-user/i386/target_arch_elf.h
@@ -20,7 +20,6 @@
 #ifndef TARGET_ARCH_ELF_H
 #define TARGET_ARCH_ELF_H
 
-#define ELF_START_MMAP 0x8000
 #define ELF_ET_DYN_LOAD_ADDR0x01001000
 #define elf_check_arch(x) (((x) == EM_386) || ((x) == EM_486))
 
diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index 8f2d6a3c78b..178114b4234 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -52,7 +52,6 @@ struct image_info {
 abi_ulong end_data;
 abi_ulong start_brk;
 abi_ulong brk;
-abi_ulong start_mmap;
 abi_ulong mmap;
 abi_ulong rss;
 abi_ulong start_stack;
diff --git a/bsd-user/x86_64/target_arch_elf.h 
b/bsd-user/x86_64/target_arch_elf.h
index b2447118883..e51c2faf084 100644
--- a/bsd-user/x86_64/target_arch_elf.h
+++ b/bsd-user/x86_64/target_arch_elf.h
@@ -20,7 +20,6 @@
 #ifndef TARGET_ARCH_ELF_H
 #define TARGET_ARCH_ELF_H
 
-#define ELF_START_MMAP 0x2ab000ULL
 #define ELF_ET_DYN_LOAD_ADDR0x01021000
 #define elf_check_arch(x) (((x) == ELF_ARCH))
 
-- 
2.41.0

[PULL 19/36] bsd-uesr: Implement h2t_freebsd_stat and h2t_freebsd_statfs functions

[Warner Losh]

From: Michal Meloun 

They are the 64-bit variants of h2t_freebsd11_stat and
h2t_freebsd11_statfs, respectively

Signed-off-by: Michal Meloun 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.c | 82 ++
 1 file changed, 82 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.c b/bsd-user/freebsd/os-stat.c
index 2ce235d5dae..f0f9e609c3b 100644
--- a/bsd-user/freebsd/os-stat.c
+++ b/bsd-user/freebsd/os-stat.c
@@ -58,6 +58,50 @@ abi_long h2t_freebsd11_stat(abi_ulong target_addr,
 return 0;
 }
 
+abi_long h2t_freebsd_stat(abi_ulong target_addr,
+struct stat *host_st)
+{
+struct target_stat *target_st;
+
+if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0)) {
+return -TARGET_EFAULT;
+}
+memset(target_st, 0, sizeof(*target_st));
+__put_user(host_st->st_dev, _st->st_dev);
+__put_user(host_st->st_ino, _st->st_ino);
+__put_user(host_st->st_nlink, _st->st_nlink);
+__put_user(host_st->st_mode, _st->st_mode);
+__put_user(host_st->st_uid, _st->st_uid);
+__put_user(host_st->st_gid, _st->st_gid);
+__put_user(host_st->st_rdev, _st->st_rdev);
+__put_user(host_st->st_atim.tv_sec, _st->st_atim.tv_sec);
+__put_user(host_st->st_atim.tv_nsec, _st->st_atim.tv_nsec);
+#ifdef TARGET_HAS_STAT_TIME_T_EXT
+/*__put_user(host_st->st_mtim_ext, _st->st_mtim_ext); XXX */
+#endif
+__put_user(host_st->st_mtim.tv_sec, _st->st_mtim.tv_sec);
+__put_user(host_st->st_mtim.tv_nsec, _st->st_mtim.tv_nsec);
+#ifdef TARGET_HAS_STAT_TIME_T_EXT
+/*__put_user(host_st->st_ctim_ext, _st->st_ctim_ext); XXX */
+#endif
+__put_user(host_st->st_ctim.tv_sec, _st->st_ctim.tv_sec);
+__put_user(host_st->st_ctim.tv_nsec, _st->st_ctim.tv_nsec);
+#ifdef TARGET_HAS_STAT_TIME_T_EXT
+/*__put_user(host_st->st_birthtim_ext, _st->st_birthtim_ext); XXX */
+#endif
+__put_user(host_st->st_birthtim.tv_sec, _st->st_birthtim.tv_sec);
+__put_user(host_st->st_birthtim.tv_nsec, _st->st_birthtim.tv_nsec);
+
+__put_user(host_st->st_size, _st->st_size);
+__put_user(host_st->st_blocks, _st->st_blocks);
+__put_user(host_st->st_blksize, _st->st_blksize);
+__put_user(host_st->st_flags, _st->st_flags);
+__put_user(host_st->st_gen, _st->st_gen);
+unlock_user_struct(target_st, target_addr, 1);
+
+return 0;
+}
+
 abi_long h2t_freebsd11_nstat(abi_ulong target_addr,
 struct freebsd11_stat *host_st)
 {
@@ -170,6 +214,44 @@ abi_long h2t_freebsd11_statfs(abi_ulong target_addr,
 return 0;
 }
 
+abi_long h2t_freebsd_statfs(abi_ulong target_addr,
+struct statfs *host_statfs)
+{
+struct target_statfs *target_statfs;
+
+if (!lock_user_struct(VERIFY_WRITE, target_statfs, target_addr, 0)) {
+return -TARGET_EFAULT;
+}
+__put_user(host_statfs->f_version, _statfs->f_version);
+__put_user(host_statfs->f_type, _statfs->f_type);
+__put_user(host_statfs->f_flags, _statfs->f_flags);
+__put_user(host_statfs->f_bsize, _statfs->f_bsize);
+__put_user(host_statfs->f_iosize, _statfs->f_iosize);
+__put_user(host_statfs->f_blocks, _statfs->f_blocks);
+__put_user(host_statfs->f_bfree, _statfs->f_bfree);
+__put_user(host_statfs->f_bavail, _statfs->f_bavail);
+__put_user(host_statfs->f_files, _statfs->f_files);
+__put_user(host_statfs->f_ffree, _statfs->f_ffree);
+__put_user(host_statfs->f_syncwrites, _statfs->f_syncwrites);
+__put_user(host_statfs->f_asyncwrites, _statfs->f_asyncwrites);
+__put_user(host_statfs->f_syncreads, _statfs->f_syncreads);
+__put_user(host_statfs->f_asyncreads, _statfs->f_asyncreads);
+/* uint64_t f_spare[10]; */
+__put_user(host_statfs->f_namemax, _statfs->f_namemax);
+__put_user(host_statfs->f_owner, _statfs->f_owner);
+__put_user(host_statfs->f_fsid.val[0], _statfs->f_fsid.val[0]);
+__put_user(host_statfs->f_fsid.val[1], _statfs->f_fsid.val[1]);
+/* char f_charspace[80]; */
+strncpy(target_statfs->f_fstypename, host_statfs->f_fstypename,
+sizeof(target_statfs->f_fstypename));
+strncpy(target_statfs->f_mntfromname, host_statfs->f_mntfromname,
+sizeof(target_statfs->f_mntfromname));
+strncpy(target_statfs->f_mntonname, host_statfs->f_mntonname,
+sizeof(target_statfs->f_mntonname));
+unlock_user_struct(target_statfs, target_addr, 1);
+return 0;
+}
+
 /*
  * fcntl cmd conversion
  */
-- 
2.41.0

[PULL 15/36] bsd-user: Implement h2t_freebsd11_stat h2t_freebsd_nstat

[Warner Losh]

From: Stacey Son 

Implement the stat conversion functions:
h2t_freebsd11_stat
h2t_freebsd_nstat

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.c | 94 ++
 1 file changed, 94 insertions(+)
 create mode 100644 bsd-user/freebsd/os-stat.c

diff --git a/bsd-user/freebsd/os-stat.c b/bsd-user/freebsd/os-stat.c
new file mode 100644
index 000..8c73f7402c2
--- /dev/null
+++ b/bsd-user/freebsd/os-stat.c
@@ -0,0 +1,94 @@
+/*
+ *  FreeBSD stat related conversion routines
+ *
+ *  Copyright (c) 2013 Stacey D. Son
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+#include "qemu/osdep.h"
+
+#include "qemu.h"
+
+/*
+ * stat conversion
+ */
+abi_long h2t_freebsd11_stat(abi_ulong target_addr,
+struct freebsd11_stat *host_st)
+{
+struct target_freebsd11_stat *target_st;
+
+if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0)) {
+return -TARGET_EFAULT;
+}
+memset(target_st, 0, sizeof(*target_st));
+__put_user(host_st->st_dev, _st->st_dev);
+__put_user(host_st->st_ino, _st->st_ino);
+__put_user(host_st->st_mode, _st->st_mode);
+__put_user(host_st->st_nlink, _st->st_nlink);
+__put_user(host_st->st_uid, _st->st_uid);
+__put_user(host_st->st_gid, _st->st_gid);
+__put_user(host_st->st_rdev, _st->st_rdev);
+__put_user(host_st->st_atim.tv_sec, _st->st_atim.tv_sec);
+__put_user(host_st->st_atim.tv_nsec, _st->st_atim.tv_nsec);
+__put_user(host_st->st_mtim.tv_sec, _st->st_mtim.tv_sec);
+__put_user(host_st->st_mtim.tv_nsec, _st->st_mtim.tv_nsec);
+__put_user(host_st->st_ctim.tv_sec, _st->st_ctim.tv_sec);
+__put_user(host_st->st_ctim.tv_nsec, _st->st_ctim.tv_nsec);
+__put_user(host_st->st_size, _st->st_size);
+__put_user(host_st->st_blocks, _st->st_blocks);
+__put_user(host_st->st_blksize, _st->st_blksize);
+__put_user(host_st->st_flags, _st->st_flags);
+__put_user(host_st->st_gen, _st->st_gen);
+/* st_lspare not used */
+__put_user(host_st->st_birthtim.tv_sec, _st->st_birthtim.tv_sec);
+__put_user(host_st->st_birthtim.tv_nsec, _st->st_birthtim.tv_nsec);
+unlock_user_struct(target_st, target_addr, 1);
+
+return 0;
+}
+
+abi_long h2t_freebsd11_nstat(abi_ulong target_addr,
+struct freebsd11_stat *host_st)
+{
+struct target_freebsd11_nstat *target_st;
+
+if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0)) {
+return -TARGET_EFAULT;
+}
+memset(target_st, 0, sizeof(*target_st));
+__put_user(host_st->st_dev, _st->st_dev);
+__put_user(host_st->st_ino, _st->st_ino);
+__put_user(host_st->st_mode, _st->st_mode);
+__put_user(host_st->st_nlink, _st->st_nlink);
+__put_user(host_st->st_uid, _st->st_uid);
+__put_user(host_st->st_gid, _st->st_gid);
+__put_user(host_st->st_rdev, _st->st_rdev);
+__put_user(host_st->st_atim.tv_sec, _st->st_atim.tv_sec);
+__put_user(host_st->st_atim.tv_nsec, _st->st_atim.tv_nsec);
+__put_user(host_st->st_mtim.tv_sec, _st->st_mtim.tv_sec);
+__put_user(host_st->st_mtim.tv_nsec, _st->st_mtim.tv_nsec);
+__put_user(host_st->st_ctim.tv_sec, _st->st_ctim.tv_sec);
+__put_user(host_st->st_ctim.tv_nsec, _st->st_ctim.tv_nsec);
+__put_user(host_st->st_size, _st->st_size);
+__put_user(host_st->st_blocks, _st->st_blocks);
+__put_user(host_st->st_blksize, _st->st_blksize);
+__put_user(host_st->st_flags, _st->st_flags);
+__put_user(host_st->st_gen, _st->st_gen);
+__put_user(host_st->st_birthtim.tv_sec, _st->st_birthtim.tv_sec);
+__put_user(host_st->st_birthtim.tv_nsec, _st->st_birthtim.tv_nsec);
+unlock_user_struct(target_st, target_addr, 1);
+
+return 0;
+}
+
-- 
2.41.0

[PULL 21/36] bsd-user: Implement statfh related syscalls

[Warner Losh]

From: Stacey Son 

Implement the following syscalls:
getfh(2)
lgetfh(2)
fhopen(2)
fhstat(2)
fhstatfs(2)

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.h | 83 ++
 1 file changed, 83 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.h b/bsd-user/freebsd/os-stat.h
index f8f99b4a723..935663c0713 100644
--- a/bsd-user/freebsd/os-stat.h
+++ b/bsd-user/freebsd/os-stat.h
@@ -127,4 +127,87 @@ static abi_long do_freebsd11_nlstat(abi_long arg1, 
abi_long arg2)
 return ret;
 }
 
+/* getfh(2) */
+static abi_long do_freebsd_getfh(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p;
+fhandle_t host_fh;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(getfh(path(p), _fh));
+UNLOCK_PATH(p, arg1);
+if (is_error(ret)) {
+return ret;
+}
+return h2t_freebsd_fhandle(arg2, _fh);
+}
+
+/* lgetfh(2) */
+static inline abi_long do_freebsd_lgetfh(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p;
+fhandle_t host_fh;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(lgetfh(path(p), _fh));
+UNLOCK_PATH(p, arg1);
+if (is_error(ret)) {
+return ret;
+}
+return h2t_freebsd_fhandle(arg2, _fh);
+}
+
+/* fhopen(2) */
+static inline abi_long do_freebsd_fhopen(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+fhandle_t host_fh;
+
+ret = t2h_freebsd_fhandle(_fh, arg1);
+if (is_error(ret)) {
+return ret;
+}
+
+return get_errno(fhopen(_fh, arg2));
+}
+
+/* fhstat(2) */
+static inline abi_long do_freebsd_fhstat(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+fhandle_t host_fh;
+struct stat host_sb;
+
+ret = t2h_freebsd_fhandle(_fh, arg1);
+if (is_error(ret)) {
+return ret;
+}
+ret = get_errno(fhstat(_fh, _sb));
+if (is_error(ret)) {
+return ret;
+}
+return h2t_freebsd_stat(arg2, _sb);
+}
+
+/* fhstatfs(2) */
+static inline abi_long do_freebsd_fhstatfs(abi_ulong target_fhp_addr,
+abi_ulong target_stfs_addr)
+{
+abi_long ret;
+fhandle_t host_fh;
+struct statfs host_stfs;
+
+ret = t2h_freebsd_fhandle(_fh, target_fhp_addr);
+if (is_error(ret)) {
+return ret;
+}
+ret = get_errno(fhstatfs(_fh, _stfs));
+if (is_error(ret)) {
+return ret;
+}
+return h2t_freebsd_statfs(target_stfs_addr, _stfs);
+}
+
 #endif /* BSD_USER_FREEBSD_OS_STAT_H */
-- 
2.41.0

[PULL 00/36] 2023q3 bsd user patches

[Warner Losh]

The following changes since commit 50e7a40af372ee5931c99ef7390f5d3d6fbf6ec4:

  Merge tag 'pull-target-arm-20230824' of 
https://git.linaro.org/people/pmaydell/qemu-arm into staging (2023-08-24 
10:08:33 -0400)

are available in the Git repository at:

  g...@gitlab.com:bsdimp/qemu.git tags/2023q3-bsd-user-pull-request

for you to fetch changes up to f51e7c41acb4b17d28fc74f9f10df50a4a65fbcc:

  bsd-user: Add missing break after do_bsd_preadv (2023-08-28 12:16:18 -0600)


Pull request for bsd-user 2023 Q3 (first batch)

First batch of commits submitted by my GSoC student Karim Taha

These implement the stat, statfs, statfh and dirents system calls.

In addition, fix a missing break statment, and submit Richard Henderson's
elf stat mmap cleansup.
-BEGIN PGP SIGNATURE-
Comment: GPGTools - https://gpgtools.org

iQIzBAABCgAdFiEEIDX4lLAKo898zeG3bBzRKH2wEQAFAmTtL6EACgkQbBzRKH2w
EQALHQ//WOoHYxpNS1hy+oYIAvjW0JOqz9gCSFR0d56mDBShm7WO/9FZA6eGAzYQ
i5kBSVFwEBlM76K5vLTbRvCbCbAwlpAdMgI7HXValjspNhvu/66DNWmdil6GnXKu
4QRaM/QGrobmYrNmf4SdgyjlMVH7wGyTrCTpXfvPfktZLAbQq7dCyNPTsOYXJP2V
LASk8j2gyW6fDi3z1AxTNVfS7BJX6DWMhPhlvC/aUOLVVGgj9Hw9uxPaKXC1t47D
bpZ+wJb4GMkcsmuiGJ40CXowjQ+M1lBrA4rN+lTMJNttZJ+TUYmizTFkYhX+B28h
Q2JZy5eLXlsxxRByOkOwFczfDT6jlG4BlK4jmDOvKlrTPLaWIHjezztTavWIZDlU
ce1oXQo3KEdWoa/QEsuxLeBbE+uZpu5+NqLeCk1cU4GPks8nbAcD7BGl6dDHKXM4
8vCcOMZLwO+xi5Etgcf/MtTPMpSO0rD9fTq2VSdYX0H197mkOdyCDAXjfKPsBUIE
VLAnCFfajMNRc5ITobEbz4GiMD/xy5s8eDZNeefG8lgySpl9XB2Lvw7SWDz1imsL
nBgQH6RHznU65wEvVGtnCGMj5kIMbohY2AGR75iGkRdgR+t2zMjUIiaU/qivD+6z
IEJ2jqDWqtQb81jFNrFzJlsim+GYRl0HcaEmyye2bgf5LHRSSNM=
=ORJ7
-END PGP SIGNATURE-



Karim Taha (1):
  bsd-user: Add os-stat.c to the build

Kyle Evans (2):
  bsd-user: Disable clang warnings
  bsd-user: Define safe_fcntl macro in bsd-user/syscall_defs.h

Michal Meloun (8):
  bsd-user: Add struct target_stat to bsd-user/syscall_defs.h
  bsd-user: Add struct target_statfs
  bsd-uesr: Implement h2t_freebsd_stat and h2t_freebsd_statfs functions
  bsd-user: Implement freebsd11 stat related syscalls
  bsd-user: Implement freebsd11 fstat and fhstat related syscalls
  bsd-user: Implement freebsd11 statfs related syscalls
  bsd-user: Implement freebsd11 getdirents related syscalls
  bsd-user: Implement freebsd11 netbsd stat related syscalls

Mikaël Urankar (1):
  bsd-user: Implement do_freebsd_realpathat syscall

Richard Henderson (3):
  bsd-user: Remove ELF_START_MMAP and image_info.start_mmap
  bsd-user: Remove image_info.mmap
  bsd-user: Remove image_info.start_brk

Stacey Son (13):
  bsd-user: Declarations of h2t and t2h conversion functions.
  bsd-user: Add struct target_freebsd11_stat to bsd-user/syscall_defs
  bsd-user: Add structs target_freebsd11_{nstat,statfs}
  bsd-user: Add struct target_freebsd_fhandle and fcntl flags
  bsd-user: Implement h2t_freebsd11_stat h2t_freebsd_nstat
  bsd-user: Implement h2t_freebsd_fhandle t2h_freebsd_fhandle
  bsd-user: Implement h2t_freebds11_statfs
  bsd-user: Implement target_to_host_fcntl_cmd
  bsd-user: Implement stat related syscalls
  bsd-user: Implement statfh related syscalls
  bsd-user: Implement statfs related syscalls
  bsd-user: Implement getdents related syscalls
  bsd-user: Implement stat related syscalls

Warner Losh (8):
  bsd-user: Move _WANT_FREEBSD macros to include/qemu/osdep.h
  bsd-user; Update the definitions of __put_user and __get_user macros
  bsd-user: Rename target_freebsd_time_t to target_time_t
  bsd-user: Add glue for the freebsd11_stat syscalls
  bsd-user: Add glue for getfh and related syscalls
  bsd-user: Add glue for statfs related system calls
  bsd-user: Add getdents and fcntl related system calls
  bsd-user: Add missing break after do_bsd_preadv

 bsd-user/arm/target_arch_elf.h|   1 -
 bsd-user/elfload.c|   4 +-
 bsd-user/freebsd/meson.build  |   1 +
 bsd-user/freebsd/os-stat.c| 262 
 bsd-user/freebsd/os-stat.h| 663 ++
 bsd-user/freebsd/os-syscall.c | 122 +-
 bsd-user/freebsd/qemu-os.h|  50 +++
 bsd-user/i386/target_arch_elf.h   |   1 -
 bsd-user/main.c   |   2 -
 bsd-user/qemu.h   |  85 ++--
 bsd-user/signal.c |   5 +-
 bsd-user/syscall_defs.h   | 221 +-
 bsd-user/x86_64/target_arch_elf.h |   1 -
 include/qemu/compiler.h   |  30 ++
 include/qemu/osdep.h  |  13 +
 15 files changed, 1384 insertions(+), 77 deletions(-)
 create mode 100644 bsd-user/freebsd/os-stat.c
 create mode 100644 bsd-user/freebsd/os-stat.h
 create mode 100644 bsd-user/freebsd/qemu-os.h

-- 
2.41.0

[PULL 02/36] bsd-user: Remove image_info.mmap

[Warner Losh]

From: Richard Henderson 

This value is unused.

Signed-off-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20230818175736.144194-3-richard.hender...@linaro.org>
Reviewed-by: Warner Losh 
Signed-off-by: Warner Losh 
---
 bsd-user/elfload.c | 1 -
 bsd-user/qemu.h| 1 -
 2 files changed, 2 deletions(-)

diff --git a/bsd-user/elfload.c b/bsd-user/elfload.c
index 38a3439d2cd..2d39e59258e 100644
--- a/bsd-user/elfload.c
+++ b/bsd-user/elfload.c
@@ -738,7 +738,6 @@ int load_elf_binary(struct bsd_binprm *bprm, struct 
target_pt_regs *regs,
 /* OK, This is the point of no return */
 info->end_data = 0;
 info->end_code = 0;
-info->mmap = 0;
 elf_entry = (abi_ulong) elf_ex.e_entry;
 
 /* XXX Join this with PT_INTERP search? */
diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index 178114b4234..898fe3e8b34 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -52,7 +52,6 @@ struct image_info {
 abi_ulong end_data;
 abi_ulong start_brk;
 abi_ulong brk;
-abi_ulong mmap;
 abi_ulong rss;
 abi_ulong start_stack;
 abi_ulong entry;
-- 
2.41.0

[PULL 24/36] bsd-user: Implement stat related syscalls

[Warner Losh]

From: Stacey Son 

Implement the following syscalls:
fcntl(2)

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.h | 74 ++
 1 file changed, 74 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.h b/bsd-user/freebsd/os-stat.h
index 7dc41cd0bfe..5d9323c7d1b 100644
--- a/bsd-user/freebsd/os-stat.h
+++ b/bsd-user/freebsd/os-stat.h
@@ -351,4 +351,78 @@ static inline abi_long do_freebsd_getdirentries(abi_long 
arg1,
 return ret;
 }
 
+/* fcntl(2) */
+static inline abi_long do_freebsd_fcntl(abi_long arg1, abi_long arg2,
+abi_ulong arg3)
+{
+abi_long ret;
+int host_cmd;
+struct flock fl;
+struct target_freebsd_flock *target_fl;
+
+host_cmd = target_to_host_fcntl_cmd(arg2);
+if (host_cmd < 0) {
+return host_cmd;
+}
+switch (arg2) {
+case TARGET_F_GETLK:
+if (!lock_user_struct(VERIFY_READ, target_fl, arg3, 1)) {
+return -TARGET_EFAULT;
+}
+__get_user(fl.l_type, _fl->l_type);
+__get_user(fl.l_whence, _fl->l_whence);
+__get_user(fl.l_start, _fl->l_start);
+__get_user(fl.l_len, _fl->l_len);
+__get_user(fl.l_pid, _fl->l_pid);
+__get_user(fl.l_sysid, _fl->l_sysid);
+unlock_user_struct(target_fl, arg3, 0);
+ret = get_errno(safe_fcntl(arg1, host_cmd, ));
+if (!is_error(ret)) {
+if (!lock_user_struct(VERIFY_WRITE, target_fl, arg3, 0)) {
+return -TARGET_EFAULT;
+}
+__put_user(fl.l_type, _fl->l_type);
+__put_user(fl.l_whence, _fl->l_whence);
+__put_user(fl.l_start, _fl->l_start);
+__put_user(fl.l_len, _fl->l_len);
+__put_user(fl.l_pid, _fl->l_pid);
+__put_user(fl.l_sysid, _fl->l_sysid);
+unlock_user_struct(target_fl, arg3, 1);
+}
+break;
+
+case TARGET_F_SETLK:
+case TARGET_F_SETLKW:
+if (!lock_user_struct(VERIFY_READ, target_fl, arg3, 1)) {
+return -TARGET_EFAULT;
+}
+__get_user(fl.l_type, _fl->l_type);
+__get_user(fl.l_whence, _fl->l_whence);
+__get_user(fl.l_start, _fl->l_start);
+__get_user(fl.l_len, _fl->l_len);
+__get_user(fl.l_pid, _fl->l_pid);
+__get_user(fl.l_sysid, _fl->l_sysid);
+unlock_user_struct(target_fl, arg3, 0);
+ret = get_errno(safe_fcntl(arg1, host_cmd, ));
+break;
+
+case TARGET_F_DUPFD:
+case TARGET_F_DUP2FD:
+case TARGET_F_GETOWN:
+case TARGET_F_SETOWN:
+case TARGET_F_GETFD:
+case TARGET_F_SETFD:
+case TARGET_F_GETFL:
+case TARGET_F_SETFL:
+case TARGET_F_READAHEAD:
+case TARGET_F_RDAHEAD:
+case TARGET_F_ADD_SEALS:
+case TARGET_F_GET_SEALS:
+default:
+ret = get_errno(safe_fcntl(arg1, host_cmd, arg3));
+break;
+}
+return ret;
+}
+
 #endif /* BSD_USER_FREEBSD_OS_STAT_H */
-- 
2.41.0

[PULL 22/36] bsd-user: Implement statfs related syscalls

[Warner Losh]

From: Stacey Son 

Implement the following syscalls:
statfs(2)
fstatfs(2)
getfsstat(2)

Signed-off-by: Stacey Son 
Signed-off-by: Karim Taha 
Reviewed-by: Richard Henderson 
Signed-off-by: Warner Losh 
---
 bsd-user/freebsd/os-stat.h | 69 ++
 1 file changed, 69 insertions(+)

diff --git a/bsd-user/freebsd/os-stat.h b/bsd-user/freebsd/os-stat.h
index 935663c0713..9492c93c55a 100644
--- a/bsd-user/freebsd/os-stat.h
+++ b/bsd-user/freebsd/os-stat.h
@@ -210,4 +210,73 @@ static inline abi_long do_freebsd_fhstatfs(abi_ulong 
target_fhp_addr,
 return h2t_freebsd_statfs(target_stfs_addr, _stfs);
 }
 
+/* statfs(2) */
+static inline abi_long do_freebsd_statfs(abi_long arg1, abi_long arg2)
+{
+abi_long ret;
+void *p;
+struct statfs host_stfs;
+
+LOCK_PATH(p, arg1);
+ret = get_errno(statfs(path(p), _stfs));
+UNLOCK_PATH(p, arg1);
+if (is_error(ret)) {
+return ret;
+}
+
+return h2t_freebsd_statfs(arg2, _stfs);
+}
+
+/* fstatfs(2) */
+static inline abi_long do_freebsd_fstatfs(abi_long fd, abi_ulong target_addr)
+{
+abi_long ret;
+struct statfs host_stfs;
+
+ret = get_errno(fstatfs(fd, _stfs));
+if (is_error(ret)) {
+return ret;
+}
+
+return h2t_freebsd_statfs(target_addr, _stfs);
+}
+
+/* getfsstat(2) */
+static inline abi_long do_freebsd_getfsstat(abi_ulong target_addr,
+abi_long bufsize, abi_long flags)
+{
+abi_long ret;
+struct statfs *host_stfs;
+int count;
+long host_bufsize;
+
+count = bufsize / sizeof(struct target_statfs);
+
+/* if user buffer is NULL then return number of mounted FS's */
+if (target_addr == 0 || count == 0) {
+return get_errno(freebsd11_getfsstat(NULL, 0, flags));
+}
+
+/* XXX check count to be reasonable */
+host_bufsize = sizeof(struct statfs) * count;
+host_stfs = alloca(host_bufsize);
+if (!host_stfs) {
+return -TARGET_EINVAL;
+}
+
+ret = count = get_errno(getfsstat(host_stfs, host_bufsize, flags));
+if (is_error(ret)) {
+return ret;
+}
+
+while (count--) {
+if (h2t_freebsd_statfs((target_addr +
+(count * sizeof(struct target_statfs))),
+_stfs[count])) {
+return -TARGET_EFAULT;
+}
+}
+return ret;
+}
+
 #endif /* BSD_USER_FREEBSD_OS_STAT_H */
-- 
2.41.0

[PATCH v2 3/7] hw/fsi: Introduce IBM's cfam,fsi-slave

[Ninad Palsule]

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

The Common FRU Access Macro (CFAM), an address space containing
various "engines" that drive accesses on busses internal and external
to the POWER chip. Examples include the SBEFIFO and I2C masters. The
engines hang off of an internal Local Bus (LBUS) which is described
by the CFAM configuration block.

The FSI slave: The slave is the terminal point of the FSI bus for
FSI symbols addressed to it. Slaves can be cascaded off of one
another. The slave's configuration registers appear in address space
of the CFAM to which it is attached.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
v2:
- Incorporated Joel's review comments.
---
 hw/fsi/Kconfig |   9 ++
 hw/fsi/cfam.c  | 235 +
 hw/fsi/fsi-slave.c | 109 +
 hw/fsi/meson.build |   2 +
 include/hw/fsi/cfam.h  |  61 ++
 include/hw/fsi/fsi-slave.h |  29 +
 6 files changed, 445 insertions(+)
 create mode 100644 hw/fsi/cfam.c
 create mode 100644 hw/fsi/fsi-slave.c
 create mode 100644 include/hw/fsi/cfam.h
 create mode 100644 include/hw/fsi/fsi-slave.h

diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
index 2a9c49f2c9..087980be22 100644
--- a/hw/fsi/Kconfig
+++ b/hw/fsi/Kconfig
@@ -1,3 +1,12 @@
+config CFAM
+bool
+select FSI
+select SCRATCHPAD
+select LBUS
+
+config FSI
+bool
+
 config SCRATCHPAD
 bool
 select LBUS
diff --git a/hw/fsi/cfam.c b/hw/fsi/cfam.c
new file mode 100644
index 00..19256050bd
--- /dev/null
+++ b/hw/fsi/cfam.c
@@ -0,0 +1,235 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM Common FRU Access Macro
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/bits.h"
+#include "hw/fsi/cfam.h"
+#include "hw/fsi/engine-scratchpad.h"
+
+#include "hw/qdev-properties.h"
+
+#define TO_REG(x)  ((x) >> 2)
+
+#define CFAM_ENGINE_CONFIG  TO_REG(0x04)
+
+#define CFAM_CONFIG_CHIP_IDTO_REG(0x00)
+#define CFAM_CONFIG_CHIP_ID_P9 0xc0022d15
+#define   CFAM_CONFIG_CHIP_ID_BREAK0xc0de
+
+static uint64_t cfam_config_read(void *opaque, hwaddr addr, unsigned size)
+{
+CFAMConfig *config;
+CFAMState *cfam;
+LBusNode *node;
+int i;
+
+config = CFAM_CONFIG(opaque);
+cfam = container_of(config, CFAMState, config);
+
+qemu_log_mask(LOG_UNIMP, "%s: read @0x%" HWADDR_PRIx " size=%d\n",
+  __func__, addr, size);
+
+assert(size == 4);
+assert(!(addr & 3));
+
+switch (addr) {
+case 0x00:
+return CFAM_CONFIG_CHIP_ID_P9;
+case 0x04:
+return ENGINE_CONFIG_NEXT
+| 0x0001/* slots */
+| 0x1000/* version */
+| ENGINE_CONFIG_TYPE_PEEK   /* type */
+| 0x000c;   /* crc */
+case 0x08:
+return ENGINE_CONFIG_NEXT
+| 0x0001/* slots */
+| 0x5000/* version */
+| ENGINE_CONFIG_TYPE_FSI/* type */
+| 0x000a;   /* crc */
+break;
+default:
+/* FIXME: Improve this */
+i = 0xc;
+QLIST_FOREACH(node, >lbus.devices, next) {
+if (i == addr) {
+return LBUS_DEVICE_GET_CLASS(node->ldev)->config;
+}
+i += size;
+}
+
+if (i == addr) {
+return 0;
+}
+
+return 0xc0de;
+}
+}
+
+static void cfam_config_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+CFAMConfig *s = CFAM_CONFIG(opaque);
+
+qemu_log_mask(LOG_UNIMP, "%s: write @0x%" HWADDR_PRIx " size=%d "
+  "value=%"PRIx64"\n", __func__, addr, size, data);
+
+assert(size == 4);
+assert(!(addr & 3));
+
+switch (TO_REG(addr)) {
+case CFAM_CONFIG_CHIP_ID:
+case CFAM_CONFIG_CHIP_ID + 4:
+if (data == CFAM_CONFIG_CHIP_ID_BREAK) {
+bus_cold_reset(qdev_get_parent_bus(DEVICE(s)));
+}
+break;
+default:
+qemu_log_mask(LOG_GUEST_ERROR, "%s: Not implemented: 0x%"
+  HWADDR_PRIx" for %u\n",
+  __func__, addr, size);
+}
+}
+
+static const struct MemoryRegionOps cfam_config_ops = {
+.read = cfam_config_read,
+.write = cfam_config_write,
+.endianness = DEVICE_BIG_ENDIAN,
+};
+
+static void cfam_config_realize(DeviceState *dev, Error **errp)
+{
+CFAMConfig *s = CFAM_CONFIG(dev);
+
+memory_region_init_io(>iomem, OBJECT(s), _config_ops, s,
+  TYPE_CFAM_CONFIG, 0x400);
+}
+
+static void cfam_config_reset(DeviceState *dev)
+{
+/* Config is read-only */
+}
+

[PATCH v2 7/7] hw/arm: Hook up FSI module in AST2600

[Ninad Palsule]

This patchset introduces IBM's Flexible Service Interface(FSI).

Time for some fun with inter-processor buses. FSI allows a service
processor access to the internal buses of a host POWER processor to
perform configuration or debugging.

FSI has long existed in POWER processes and so comes with some baggage,
including how it has been integrated into the ASPEED SoC.

Working backwards from the POWER processor, the fundamental pieces of
interest for the implementation are:

1. The Common FRU Access Macro (CFAM), an address space containing
   various "engines" that drive accesses on buses internal and external
   to the POWER chip. Examples include the SBEFIFO and I2C masters. The
   engines hang off of an internal Local Bus (LBUS) which is described
   by the CFAM configuration block.

2. The FSI slave: The slave is the terminal point of the FSI bus for
   FSI symbols addressed to it. Slaves can be cascaded off of one
   another. The slave's configuration registers appear in address space
   of the CFAM to which it is attached.

3. The FSI master: A controller in the platform service processor (e.g.
   BMC) driving CFAM engine accesses into the POWER chip. At the
   hardware level FSI is a bit-based protocol supporting synchronous and
   DMA-driven accesses of engines in a CFAM.

4. The On-Chip Peripheral Bus (OPB): A low-speed bus typically found in
   POWER processors. This now makes an appearance in the ASPEED SoC due
   to tight integration of the FSI master IP with the OPB, mainly the
   existence of an MMIO-mapping of the CFAM address straight onto a
   sub-region of the OPB address space.

5. An APB-to-OPB bridge enabling access to the OPB from the ARM core in
   the AST2600. Hardware limitations prevent the OPB from being directly
   mapped into APB, so all accesses are indirect through the bridge.

The implementation appears as following in the qemu device tree:

(qemu) info qtree
bus: main-system-bus
  type System
  ...
  dev: aspeed.apb2opb, id ""
gpio-out "sysbus-irq" 1
mmio 1e79b000/1000
bus: opb.1
  type opb
  dev: fsi.master, id ""
bus: fsi.bus.1
  type fsi.bus
  dev: cfam.config, id ""
  dev: cfam, id ""
bus: lbus.1
  type lbus
  dev: scratchpad, id ""
address = 0 (0x0)
bus: opb.0
  type opb
  dev: fsi.master, id ""
bus: fsi.bus.0
  type fsi.bus
  dev: cfam.config, id ""
  dev: cfam, id ""
bus: lbus.0
  type lbus
  dev: scratchpad, id ""
address = 0 (0x0)

The LBUS is modelled to maintain the qdev bus hierarchy and to take
advantage of the object model to automatically generate the CFAM
configuration block. The configuration block presents engines in the
order they are attached to the CFAM's LBUS. Engine implementations
should subclass the LBusDevice and set the 'config' member of
LBusDeviceClass to match the engine's type.

CFAM designs offer a lot of flexibility, for instance it is possible for
a CFAM to be simultaneously driven from multiple FSI links. The modeling
is not so complete; it's assumed that each CFAM is attached to a single
FSI slave (as a consequence the CFAM subclasses the FSI slave).

As for FSI, its symbols and wire-protocol are not modelled at all. This
is not necessary to get FSI off the ground thanks to the mapping of the
CFAM address space onto the OPB address space - the models follow this
directly and map the CFAM memory region into the OPB's memory region.
Future work includes supporting more advanced accesses that drive the
FSI master directly rather than indirectly via the CFAM mapping, which
will require implementing the FSI state machine and methods for each of
the FSI symbols on the slave. Further down the track we can also look at
supporting the bitbanged SoftFSI drivers in Linux by extending the FSI
slave model to resolve sequences of GPIO IRQs into FSI symbols, and
calling the associated symbol method on the slave to map the access onto
the CFAM.

Testing:
Tested by reading cfam config address 0 on rainier machine type.

root@p10bmc:~# pdbg -a getcfam 0x0
p0: 0x0 = 0xc0022d15

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
 hw/arm/aspeed_ast2600.c | 19 +++
 include/hw/arm/aspeed_soc.h |  4 
 2 files changed, 23 insertions(+)

diff --git a/hw/arm/aspeed_ast2600.c b/hw/arm/aspeed_ast2600.c
index a8b3a8065a..010c9cee8a 100644
--- a/hw/arm/aspeed_ast2600.c
+++ b/hw/arm/aspeed_ast2600.c
@@ -75,6 +75,8 @@ static const hwaddr aspeed_soc_ast2600_memmap[] = {
 [ASPEED_DEV_UART12]= 0x1E790600,
 [ASPEED_DEV_UART13]= 0x1E790700,
 [ASPEED_DEV_VUART] = 0x1E787000,
+[ASPEED_DEV_FSI1]  = 0x1E79B000,
+[ASPEED_DEV_FSI2]  

[PATCH v2 2/7] hw/fsi: Introduce IBM's scratchpad

[Ninad Palsule]

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

The LBUS device is embeded inside the scratchpad. The scratchpad
provides a non-functional registers. There is a 1-1 relation between
scratchpad and LBUS devices. Each LBUS device has 1K memory mapped in
the LBUS.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
v2:
- Incorporated Joel's review comments.
---
 hw/fsi/Kconfig |   4 ++
 hw/fsi/engine-scratchpad.c | 100 +
 hw/fsi/meson.build |   1 +
 include/hw/fsi/engine-scratchpad.h |  33 ++
 4 files changed, 138 insertions(+)
 create mode 100644 hw/fsi/engine-scratchpad.c
 create mode 100644 include/hw/fsi/engine-scratchpad.h

diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
index 687449e14e..2a9c49f2c9 100644
--- a/hw/fsi/Kconfig
+++ b/hw/fsi/Kconfig
@@ -1,2 +1,6 @@
+config SCRATCHPAD
+bool
+select LBUS
+
 config LBUS
 bool
diff --git a/hw/fsi/engine-scratchpad.c b/hw/fsi/engine-scratchpad.c
new file mode 100644
index 00..15a8f8cc66
--- /dev/null
+++ b/hw/fsi/engine-scratchpad.c
@@ -0,0 +1,100 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM scratchpad engine
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/engine-scratchpad.h"
+
+static uint64_t scratchpad_read(void *opaque, hwaddr addr, unsigned size)
+{
+ScratchPad *s = SCRATCHPAD(opaque);
+
+qemu_log_mask(LOG_UNIMP, "%s: read @0x%" HWADDR_PRIx " size=%d\n",
+  __func__, addr, size);
+
+if (addr) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: Out of bounds read: 0x%"HWADDR_PRIx" for %u\n",
+  __func__, addr, size);
+return 0;
+}
+
+return s->reg;
+}
+
+static void scratchpad_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+ScratchPad *s = SCRATCHPAD(opaque);
+
+qemu_log_mask(LOG_UNIMP, "%s: write @0x%" HWADDR_PRIx " size=%d "
+  "value=%"PRIx64"\n", __func__, addr, size, data);
+
+if (addr) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "%s: Out of bounds write: 0x%"HWADDR_PRIx" for %u\n",
+  __func__, addr, size);
+return;
+}
+
+s->reg = data;
+}
+
+static const struct MemoryRegionOps scratchpad_ops = {
+.read = scratchpad_read,
+.write = scratchpad_write,
+.endianness = DEVICE_BIG_ENDIAN,
+};
+
+static void scratchpad_realize(DeviceState *dev, Error **errp)
+{
+LBusDevice *ldev = LBUS_DEVICE(dev);
+
+memory_region_init_io(>iomem, OBJECT(ldev), _ops,
+  ldev, TYPE_SCRATCHPAD, 0x400);
+}
+
+static void scratchpad_reset(DeviceState *dev)
+{
+ScratchPad *s = SCRATCHPAD(dev);
+
+s->reg = 0;
+}
+
+static void scratchpad_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+LBusDeviceClass *ldc = LBUS_DEVICE_CLASS(klass);
+
+dc->realize = scratchpad_realize;
+dc->reset = scratchpad_reset;
+
+ldc->config =
+  ENGINE_CONFIG_NEXT/* valid */
+| 0x0001/* slots */
+| 0x1000/* version */
+| ENGINE_CONFIG_TYPE_SCRATCHPAD /* type */
+| 0x0007;   /* crc */
+}
+
+static const TypeInfo scratchpad_info = {
+.name = TYPE_SCRATCHPAD,
+.parent = TYPE_LBUS_DEVICE,
+.instance_size = sizeof(ScratchPad),
+.class_init = scratchpad_class_init,
+.class_size = sizeof(LBusDeviceClass),
+};
+
+static void scratchpad_register_types(void)
+{
+type_register_static(_info);
+}
+
+type_init(scratchpad_register_types);
diff --git a/hw/fsi/meson.build b/hw/fsi/meson.build
index e1007d5fea..f90e09ddab 100644
--- a/hw/fsi/meson.build
+++ b/hw/fsi/meson.build
@@ -1 +1,2 @@
 system_ss.add(when: 'CONFIG_LBUS', if_true: files('lbus.c'))
+system_ss.add(when: 'CONFIG_SCRATCHPAD', if_true: files('engine-scratchpad.c'))
diff --git a/include/hw/fsi/engine-scratchpad.h 
b/include/hw/fsi/engine-scratchpad.h
new file mode 100644
index 00..63bf89ac5a
--- /dev/null
+++ b/include/hw/fsi/engine-scratchpad.h
@@ -0,0 +1,33 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM scratchpad engne
+ */
+#ifndef FSI_ENGINE_SCRATCHPAD_H
+#define FSI_ENGINE_SCRATCHPAD_H
+
+#include "qemu/bitops.h"
+
+#include "hw/fsi/lbus.h"
+
+#define ENGINE_CONFIG_NEXT  BE_BIT(0)
+#define ENGINE_CONFIG_VPD   BE_BIT(1)
+#define ENGINE_CONFIG_SLOTS BE_GENMASK(8, 15)
+#define ENGINE_CONFIG_VERSION   BE_GENMASK(16, 19)
+#define ENGINE_CONFIG_TYPE  BE_GENMASK(20, 27)
+#define   ENGINE_CONFIG_TYPE_PEEK   (0x02 << 4)
+#define   ENGINE_CONFIG_TYPE_FSI(0x03 << 4)
+#define   

[PATCH v2 1/7] hw/fsi: Introduce IBM's Local bus

[Ninad Palsule]

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

The LBUS is modelled to maintain the qdev bus hierarchy and to take
advantage of the object model to automatically generate the CFAM
configuration block. The configuration block presents engines in the
order they are attached to the CFAM's LBUS. Engine implementations
should subclass the LBusDevice and set the 'config' member of
LBusDeviceClass to match the engine's type.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
v2:
- Incorporated Joel's review comments.
---
 hw/Kconfig|  1 +
 hw/fsi/Kconfig|  2 +
 hw/fsi/lbus.c | 94 +++
 hw/fsi/meson.build|  1 +
 hw/meson.build|  1 +
 include/hw/fsi/bits.h | 15 +++
 include/hw/fsi/lbus.h | 48 ++
 include/qemu/bitops.h |  6 +++
 8 files changed, 168 insertions(+)
 create mode 100644 hw/fsi/Kconfig
 create mode 100644 hw/fsi/lbus.c
 create mode 100644 hw/fsi/meson.build
 create mode 100644 include/hw/fsi/bits.h
 create mode 100644 include/hw/fsi/lbus.h

diff --git a/hw/Kconfig b/hw/Kconfig
index ba62ff6417..2ccb73add5 100644
--- a/hw/Kconfig
+++ b/hw/Kconfig
@@ -9,6 +9,7 @@ source core/Kconfig
 source cxl/Kconfig
 source display/Kconfig
 source dma/Kconfig
+source fsi/Kconfig
 source gpio/Kconfig
 source hyperv/Kconfig
 source i2c/Kconfig
diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
new file mode 100644
index 00..687449e14e
--- /dev/null
+++ b/hw/fsi/Kconfig
@@ -0,0 +1,2 @@
+config LBUS
+bool
diff --git a/hw/fsi/lbus.c b/hw/fsi/lbus.c
new file mode 100644
index 00..afb26ef7ea
--- /dev/null
+++ b/hw/fsi/lbus.c
@@ -0,0 +1,94 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM Local bus where FSI slaves are connected
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/lbus.h"
+
+#include "hw/qdev-properties.h"
+
+static void lbus_realize(BusState *bus, Error **errp)
+{
+LBusNode *node;
+LBus *lbus = LBUS(bus);
+
+memory_region_init(>mr, OBJECT(lbus), TYPE_LBUS,
+   (2 * 1024 * 1024) - 0x400);
+
+QLIST_FOREACH(node, >devices, next) {
+memory_region_add_subregion(>mr, node->ldev->address,
+>ldev->iomem);
+}
+}
+
+static void lbus_init(Object *o)
+{
+}
+
+static void lbus_class_init(ObjectClass *klass, void *data)
+{
+BusClass *k = BUS_CLASS(klass);
+k->realize = lbus_realize;
+}
+
+static const TypeInfo lbus_info = {
+.name = TYPE_LBUS,
+.parent = TYPE_BUS,
+.instance_init = lbus_init,
+.instance_size = sizeof(LBus),
+.class_init = lbus_class_init,
+};
+
+static Property lbus_device_props[] = {
+DEFINE_PROP_UINT32("address", LBusDevice, address, 0),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+DeviceState *lbus_create_device(LBus *bus, const char *type, uint32_t addr)
+{
+DeviceState *dev;
+LBusNode *node;
+
+dev = qdev_new(type);
+qdev_prop_set_uint8(dev, "address", addr);
+qdev_realize_and_unref(dev, >bus, _fatal);
+
+/* Move to post_load */
+node = g_malloc(sizeof(struct LBusNode));
+node->ldev = LBUS_DEVICE(dev);
+QLIST_INSERT_HEAD(>devices, node, next);
+
+return dev;
+}
+
+static void lbus_device_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->bus_type = TYPE_LBUS;
+device_class_set_props(dc, lbus_device_props);
+}
+
+static const TypeInfo lbus_device_type_info = {
+.name = TYPE_LBUS_DEVICE,
+.parent = TYPE_DEVICE,
+.instance_size = sizeof(LBusDevice),
+.abstract = true,
+.class_init = lbus_device_class_init,
+.class_size = sizeof(LBusDeviceClass),
+};
+
+static void lbus_register_types(void)
+{
+type_register_static(_info);
+type_register_static(_device_type_info);
+}
+
+type_init(lbus_register_types);
diff --git a/hw/fsi/meson.build b/hw/fsi/meson.build
new file mode 100644
index 00..e1007d5fea
--- /dev/null
+++ b/hw/fsi/meson.build
@@ -0,0 +1 @@
+system_ss.add(when: 'CONFIG_LBUS', if_true: files('lbus.c'))
diff --git a/hw/meson.build b/hw/meson.build
index c7ac7d3d75..6c71ee9cfa 100644
--- a/hw/meson.build
+++ b/hw/meson.build
@@ -43,6 +43,7 @@ subdir('virtio')
 subdir('watchdog')
 subdir('xen')
 subdir('xenpv')
+subdir('fsi')
 
 subdir('alpha')
 subdir('arm')
diff --git a/include/hw/fsi/bits.h b/include/hw/fsi/bits.h
new file mode 100644
index 00..338ae483cf
--- /dev/null
+++ b/include/hw/fsi/bits.h
@@ -0,0 +1,15 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * Bit operation macros
+ */
+#ifndef FSI_BITS_H
+#define FSI_BITS_H
+
+#define BE_BIT(x)  BIT(31 - (x))
+#define GENMASK(t, b) \
+(((1ULL << ((t) + 1)) - 1) & ~((1ULL << (b)) - 1))
+#define BE_GENMASK(t, b)   

Re: [PATCH v1 5/7] hw/fsi: IBM's On-chip Peripheral Bus

[Ninad Palsule]

Thanks for the review Joel.

On 8/28/23 23:59, Joel Stanley wrote:

On Fri, 25 Aug 2023 at 20:35, Ninad Palsule  wrote:

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

The On-Chip Peripheral Bus (OPB): A low-speed bus typically found in
POWER processors. This now makes an appearance in the ASPEED SoC due
to tight integration of the FSI master IP with the OPB, mainly the
existence of an MMIO-mapping of the CFAM address straight onto a
sub-region of the OPB address space.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 

Reviewed-by: Joel Stanley 


---
  hw/fsi/Kconfig   |   4 +
  hw/fsi/fsi-master.c  |   3 +-
  hw/fsi/meson.build   |   1 +
  hw/fsi/opb.c | 194 +++
  include/hw/fsi/opb.h |  45 ++
  5 files changed, 245 insertions(+), 2 deletions(-)
  create mode 100644 hw/fsi/opb.c
  create mode 100644 include/hw/fsi/opb.h

diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
index 087980be22..560ce536db 100644
--- a/hw/fsi/Kconfig
+++ b/hw/fsi/Kconfig
@@ -1,3 +1,7 @@
+config OPB
+bool
+select CFAM
+
  config CFAM
  bool
  select FSI
diff --git a/hw/fsi/fsi-master.c b/hw/fsi/fsi-master.c
index fe1693539a..ba00e2bb7d 100644
--- a/hw/fsi/fsi-master.c
+++ b/hw/fsi/fsi-master.c
@@ -13,8 +13,7 @@

  #include "hw/fsi/bits.h"
  #include "hw/fsi/fsi-master.h"
-
-#define TYPE_OP_BUS "opb"
+#include "hw/fsi/opb.h"

  #define TO_REG(x)   ((x) >> 2)

diff --git a/hw/fsi/meson.build b/hw/fsi/meson.build
index ca80d11cb9..cab645f4ea 100644
--- a/hw/fsi/meson.build
+++ b/hw/fsi/meson.build
@@ -2,3 +2,4 @@ system_ss.add(when: 'CONFIG_LBUS', if_true: files('lbus.c'))
  system_ss.add(when: 'CONFIG_SCRATCHPAD', if_true: 
files('engine-scratchpad.c'))
  system_ss.add(when: 'CONFIG_CFAM', if_true: files('cfam.c'))
  system_ss.add(when: 'CONFIG_FSI', if_true: 
files('fsi.c','fsi-master.c','fsi-slave.c'))
+system_ss.add(when: 'CONFIG_OPB', if_true: files('opb.c'))
diff --git a/hw/fsi/opb.c b/hw/fsi/opb.c
new file mode 100644
index 00..ac7693c001
--- /dev/null
+++ b/hw/fsi/opb.c
@@ -0,0 +1,194 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM On-chip Peripheral Bus
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/opb.h"
+
+static MemTxResult opb_read(OPBus *opb, hwaddr addr, void *data, size_t len)
+{
+return address_space_read(>as, addr, MEMTXATTRS_UNSPECIFIED, data,
+  len);
+}
+
+uint8_t opb_read8(OPBus *opb, hwaddr addr)
+{
+MemTxResult tx;
+uint8_t data;
+
+tx = opb_read(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+
+return data;
+}
+
+uint16_t opb_read16(OPBus *opb, hwaddr addr)
+{
+MemTxResult tx;
+uint16_t data;
+
+tx = opb_read(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+
+return data;
+}
+
+uint32_t opb_read32(OPBus *opb, hwaddr addr)
+{
+MemTxResult tx;
+uint32_t data;
+
+tx = opb_read(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+
+return data;
+}
+
+static MemTxResult opb_write(OPBus *opb, hwaddr addr, void *data, size_t len)
+{
+return address_space_write(>as, addr, MEMTXATTRS_UNSPECIFIED, data,
+   len);
+}
+
+void opb_write8(OPBus *opb, hwaddr addr, uint8_t data)
+{
+MemTxResult tx;
+
+tx = opb_write(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+}
+
+void opb_write16(OPBus *opb, hwaddr addr, uint16_t data)
+{
+MemTxResult tx;
+
+tx = opb_write(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+}
+
+void opb_write32(OPBus *opb, hwaddr addr, uint32_t data)
+{
+MemTxResult tx;
+
+tx = opb_write(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+}
+
+void opb_fsi_master_address(OPBus *opb, hwaddr addr)
+{
+memory_region_transaction_begin();
+memory_region_set_address(>fsi.iomem, addr);
+memory_region_transaction_commit();
+}
+
+void opb_opb2fsi_address(OPBus *opb, hwaddr addr)
+{
+memory_region_transaction_begin();
+memory_region_set_address(>fsi.opb2fsi, addr);
+memory_region_transaction_commit();
+}
+
+static uint64_t opb_unimplemented_read(void *opaque, hwaddr addr, unsigned 
size)
+{
+qemu_log_mask(LOG_UNIMP, "%s: read @0x%" HWADDR_PRIx " size=%d\n",
+  __func__, addr, size);
+
+return 0;
+}
+
+static void opb_unimplemented_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+qemu_log_mask(LOG_UNIMP, "%s: write @0x%" HWADDR_PRIx " size=%d "
+  "value=%"PRIx64"\n", __func__, addr, size, data);
+}
+
+static const struct MemoryRegionOps 

[PATCH v2 4/7] hw/fsi: Introduce IBM's FSI

[Ninad Palsule]

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

This commit models the FSI bus. CFAM is hanging out of FSI bus. The bus
is model such a way that it is embeded inside the FSI master which is a
bus controller.

The FSI master: A controller in the platform service processor (e.g.
BMC) driving CFAM engine accesses into the POWER chip. At the
hardware level FSI is a bit-based protocol supporting synchronous and
DMA-driven accesses of engines in a CFAM.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
v2:
- Incorporated review comments by Joel
---
 hw/fsi/cfam.c   |   3 +-
 hw/fsi/fsi-master.c | 203 
 hw/fsi/fsi.c|  54 ++
 hw/fsi/meson.build  |   2 +-
 include/hw/fsi/cfam.h   |   8 +-
 include/hw/fsi/fsi-master.h |  30 ++
 include/hw/fsi/fsi-slave.h  |   4 +-
 include/hw/fsi/fsi.h|  31 ++
 8 files changed, 327 insertions(+), 8 deletions(-)
 create mode 100644 hw/fsi/fsi-master.c
 create mode 100644 hw/fsi/fsi.c
 create mode 100644 include/hw/fsi/fsi-master.h
 create mode 100644 include/hw/fsi/fsi.h

diff --git a/hw/fsi/cfam.c b/hw/fsi/cfam.c
index 19256050bd..8e03e3a530 100644
--- a/hw/fsi/cfam.c
+++ b/hw/fsi/cfam.c
@@ -7,11 +7,12 @@
 
 #include "qemu/osdep.h"
 
+#include "qemu/bitops.h"
 #include "qapi/error.h"
 #include "qemu/log.h"
 
-#include "hw/fsi/bits.h"
 #include "hw/fsi/cfam.h"
+#include "hw/fsi/fsi.h"
 #include "hw/fsi/engine-scratchpad.h"
 
 #include "hw/qdev-properties.h"
diff --git a/hw/fsi/fsi-master.c b/hw/fsi/fsi-master.c
new file mode 100644
index 00..fe1693539a
--- /dev/null
+++ b/hw/fsi/fsi-master.c
@@ -0,0 +1,203 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM Flexible Service Interface master
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+
+#include "qemu/log.h"
+
+#include "hw/fsi/bits.h"
+#include "hw/fsi/fsi-master.h"
+
+#define TYPE_OP_BUS "opb"
+
+#define TO_REG(x)   ((x) >> 2)
+
+#define FSI_MMODE   TO_REG(0x000)
+#define   FSI_MMODE_IPOLL_DMA_ENBE_BIT(0)
+#define   FSI_MMODE_HW_ERROR_RECOVERY_ENBE_BIT(1)
+#define   FSI_MMODE_RELATIVE_ADDRESS_EN BE_BIT(2)
+#define   FSI_MMODE_PARITY_CHECK_EN BE_BIT(3)
+#define   FSI_MMODE_CLOCK_DIVIDER_0 BE_GENMASK(4, 13)
+#define   FSI_MMODE_CLOCK_DIVIDER_1 BE_GENMASK(14, 23)
+#define   FSI_MMODE_DEBUG_ENBE_BIT(24)
+
+#define FSI_MDELAY  TO_REG(0x004)
+#define   FSI_MDELAY_ECHO_0 BE_GENMASK(0, 3)
+#define   FSI_MDELAY_SEND_0 BE_GENMASK(4, 7)
+#define   FSI_MDELAY_ECHO_1 BE_GENMASK(8, 11)
+#define   FSI_MDELAY_SEND_1 BE_GENMASK(12, 15)
+
+#define FSI_MENP0   TO_REG(0x010)
+#define FSI_MENP32  TO_REG(0x014)
+#define FSI_MSENP0  TO_REG(0x018)
+#define FSI_MLEVP0  TO_REG(0x018)
+#define FSI_MSENP32 TO_REG(0x01c)
+#define FSI_MLEVP32 TO_REG(0x01c)
+#define FSI_MCENP0  TO_REG(0x020)
+#define FSI_MREFP0  TO_REG(0x020)
+#define FSI_MCENP32 TO_REG(0x024)
+#define FSI_MREFP32 TO_REG(0x024)
+
+#define FSI_MAEBTO_REG(0x070)
+#define   FSI_MAEB_ANY_CPU_ERRORBE_BIT(0)
+#define   FSI_MAEB_ANY_DMA_ERRORBE_GENMASK(1, 16)
+#define   FSI_MAEB_ANY_PARITY_ERROR BE_BIT(17)
+
+#define FSI_MVERTO_REG(0x074)
+#define   FSI_MVER_VERSION  BE_GENMASK(0, 7)
+#define   FSI_MVER_BRIDGES  BE_GENMASK(8, 15)
+#define   FSI_MVER_PORTSBE_GENMASK(16, 23)
+
+#define FSI_MRESP0  TO_REG(0x0d0)
+#define   FSI_MRESP0_RESET_PORT_GENERAL BE_BIT(0)
+#define   FSI_MRESP0_RESET_PORT_ERROR   BE_BIT(1)
+#define   FSI_MRESP0_RESET_ALL_BRIDGES_GENERAL  BE_BIT(2)
+#define   FSI_MRESP0_RESET_ALL_PORTS_GENERALBE_BIT(3)
+#define   FSI_MRESP0_RESET_MASTER   BE_BIT(4)
+#define   FSI_MRESP0_RESET_PARITY_ERROR_LATCH   BE_BIT(5)
+
+#define FSI_MRESB0  TO_REG(0x1d0)
+#define   FSI_MRESB0_RESET_GENERAL  BE_BIT(0)
+#define   FSI_MRESB0_RESET_ERRORBE_BIT(1)
+#define   FSI_MRESB0_SET_DMA_SUSPENDBE_BIT(5)
+#define   FSI_MRESB0_CLEAR_DMA_SUSPEND  BE_BIT(6)
+#define   FSI_MRESB0_SET_DELAY_MEASURE  BE_BIT(7)
+
+#define FSI_MECTRL  TO_REG(0x2e0)
+#define   FSI_MECTRL_TEST_PULSE 

[PATCH v2 6/7] hw/fsi: Aspeed APB2OPB interface

[Ninad Palsule]

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

An APB-to-OPB bridge enabling access to the OPB from the ARM core in
the AST2600. Hardware limitations prevent the OPB from being directly
mapped into APB, so all accesses are indirect through the bridge.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
v2:
- Incorporated review comments by Joel
---
 hw/arm/Kconfig  |   1 +
 hw/fsi/Kconfig  |   4 +
 hw/fsi/aspeed-apb2opb.c | 352 
 hw/fsi/meson.build  |   1 +
 hw/fsi/trace-events |   2 +
 hw/fsi/trace.h  |   1 +
 include/hw/fsi/aspeed-apb2opb.h |  33 +++
 meson.build |   1 +
 8 files changed, 395 insertions(+)
 create mode 100644 hw/fsi/aspeed-apb2opb.c
 create mode 100644 hw/fsi/trace-events
 create mode 100644 hw/fsi/trace.h
 create mode 100644 include/hw/fsi/aspeed-apb2opb.h

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 7e68348440..a6994cd9d7 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -589,6 +589,7 @@ config FSL_IMX7
 select PCI_EXPRESS_DESIGNWARE
 select SDHCI
 select UNIMP
+select APB2OPB_ASPEED
 
 config ARM_SMMUV3
 bool
diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
index 560ce536db..fbb021658d 100644
--- a/hw/fsi/Kconfig
+++ b/hw/fsi/Kconfig
@@ -1,3 +1,7 @@
+config APB2OPB_ASPEED
+bool
+select OPB
+
 config OPB
 bool
 select CFAM
diff --git a/hw/fsi/aspeed-apb2opb.c b/hw/fsi/aspeed-apb2opb.c
new file mode 100644
index 00..88eabd8a73
--- /dev/null
+++ b/hw/fsi/aspeed-apb2opb.c
@@ -0,0 +1,352 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * ASPEED APB-OPB FSI interface
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qom/object.h"
+#include "qapi/error.h"
+#include "trace.h"
+
+#include "hw/fsi/aspeed-apb2opb.h"
+#include "hw/qdev-core.h"
+
+#define TO_REG(x) (x >> 2)
+#define GENMASK(t, b) (((1ULL << ((t) + 1)) - 1) & ~((1ULL << (b)) - 1))
+
+#define APB2OPB_VERSIONTO_REG(0x00)
+#define   APB2OPB_VERSION_VER  GENMASK(7, 0)
+
+#define APB2OPB_TRIGGERTO_REG(0x04)
+#define   APB2OPB_TRIGGER_EN   BIT(0)
+
+#define APB2OPB_CONTROLTO_REG(0x08)
+#define   APB2OPB_CONTROL_OFF  GENMASK(31, 13)
+
+#define APB2OPB_OPB2FSITO_REG(0x0c)
+#define   APB2OPB_OPB2FSI_OFF  GENMASK(31, 22)
+
+#define APB2OPB_OPB0_SEL   TO_REG(0x10)
+#define APB2OPB_OPB1_SEL   TO_REG(0x28)
+#define   APB2OPB_OPB_SEL_EN   BIT(0)
+
+#define APB2OPB_OPB0_MODE  TO_REG(0x14)
+#define APB2OPB_OPB1_MODE  TO_REG(0x2c)
+#define   APB2OPB_OPB_MODE_RD  BIT(0)
+
+#define APB2OPB_OPB0_XFER  TO_REG(0x18)
+#define APB2OPB_OPB1_XFER  TO_REG(0x30)
+#define   APB2OPB_OPB_XFER_FULLBIT(1)
+#define   APB2OPB_OPB_XFER_HALFBIT(0)
+
+#define APB2OPB_OPB0_ADDR  TO_REG(0x1c)
+#define APB2OPB_OPB0_WRITE_DATATO_REG(0x20)
+
+#define APB2OPB_OPB1_DMA_ENTO_REG(0x24)
+#define APB2OPB_OPB1_DMA_EN_3  BIT(3)
+#define APB2OPB_OPB1_DMA_EN_2  BIT(2)
+#define APB2OPB_OPB1_DMA_EN_1  BIT(1)
+#define APB2OPB_OPB1_DMA_EN_0  BIT(0)
+
+#define APB2OPB_OPB1_ADDR  TO_REG(0x34)
+#define APB2OPB_OPB1_WRITE_DATA  TO_REG(0x38)
+
+#define APB2OPB_OPB_CLKTO_REG(0x3c)
+#define   APB2OPB_OPB_CLK_SYNC BIT(0)
+
+#define APB2OPB_IRQ_CLEAR  TO_REG(0x40)
+#define   APB2OPB_IRQ_CLEAR_EN BIT(0)
+
+#define APB2OPB_IRQ_MASK   TO_REG(0x44)
+#define   APB2OPB_IRQ_MASK_OPB1_TX_ACK BIT(17)
+#define   APB2OPB_IRQ_MASK_OPB0_TX_ACK BIT(16)
+#define   APB2OPB_IRQ_MASK_CH3_TCONT   BIT(15)
+#define   APB2OPB_IRQ_MASK_CH2_TCONT   BIT(14)
+#define   APB2OPB_IRQ_MASK_CH1_TCONT   BIT(13)
+#define   APB2OPB_IRQ_MASK_CH0_TCONT   BIT(12)
+#define   APB2OPB_IRQ_MASK_CH3_FIFO_EMPTY  BIT(11)
+#define   APB2OPB_IRQ_MASK_CH2_FIFO_EMPTY  BIT(10)
+#define   APB2OPB_IRQ_MASK_CH1_FIFO_EMPTY  BIT(9)
+#define   APB2OPB_IRQ_MASK_CH0_FIFO_EMPTY  BIT(8)
+#define   APB2OPB_IRQ_MASK_CH3_FIFO_FULL   BIT(7)
+#define   APB2OPB_IRQ_MASK_CH2_FIFO_FULL   BIT(6)
+#define   APB2OPB_IRQ_MASK_CH1_FIFO_FULL   BIT(5)
+#define   APB2OPB_IRQ_MASK_CH0_FIFO_FULL   BIT(4)
+#define   APB2OPB_IRQ_MASK_CH3_DMA_EOT BIT(3)
+#define   APB2OPB_IRQ_MASK_CH2_DMA_EOT BIT(2)
+#define   APB2OPB_IRQ_MASK_CH1_DMA_EOT BIT(1)
+#define   APB2OPB_IRQ_MASK_CH0_DMA_EOT BIT(0)
+
+#define APB2OPB_IRQ_STSTO_REG(0x48)
+#define   APB2OPB_IRQ_STS_MASTER_ERROR BIT(28)
+#define   APB2OPB_IRQ_STS_PORT_ERROR   BIT(27)

[PATCH v2 5/7] hw/fsi: IBM's On-chip Peripheral Bus

[Ninad Palsule]

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

The On-Chip Peripheral Bus (OPB): A low-speed bus typically found in
POWER processors. This now makes an appearance in the ASPEED SoC due
to tight integration of the FSI master IP with the OPB, mainly the
existence of an MMIO-mapping of the CFAM address straight onto a
sub-region of the OPB address space.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
v2:
- Incorporated review comment by Joel.
---
 hw/fsi/Kconfig   |   4 +
 hw/fsi/fsi-master.c  |   6 +-
 hw/fsi/meson.build   |   1 +
 hw/fsi/opb.c | 194 +++
 include/hw/fsi/opb.h |  43 ++
 5 files changed, 244 insertions(+), 4 deletions(-)
 create mode 100644 hw/fsi/opb.c
 create mode 100644 include/hw/fsi/opb.h

diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
index 087980be22..560ce536db 100644
--- a/hw/fsi/Kconfig
+++ b/hw/fsi/Kconfig
@@ -1,3 +1,7 @@
+config OPB
+bool
+select CFAM
+
 config CFAM
 bool
 select FSI
diff --git a/hw/fsi/fsi-master.c b/hw/fsi/fsi-master.c
index fe1693539a..46103f84e9 100644
--- a/hw/fsi/fsi-master.c
+++ b/hw/fsi/fsi-master.c
@@ -7,14 +7,12 @@
 
 #include "qemu/osdep.h"
 
+#include "qemu/bitops.h"
 #include "qapi/error.h"
-
 #include "qemu/log.h"
 
-#include "hw/fsi/bits.h"
 #include "hw/fsi/fsi-master.h"
-
-#define TYPE_OP_BUS "opb"
+#include "hw/fsi/opb.h"
 
 #define TO_REG(x)   ((x) >> 2)
 
diff --git a/hw/fsi/meson.build b/hw/fsi/meson.build
index ca80d11cb9..cab645f4ea 100644
--- a/hw/fsi/meson.build
+++ b/hw/fsi/meson.build
@@ -2,3 +2,4 @@ system_ss.add(when: 'CONFIG_LBUS', if_true: files('lbus.c'))
 system_ss.add(when: 'CONFIG_SCRATCHPAD', if_true: files('engine-scratchpad.c'))
 system_ss.add(when: 'CONFIG_CFAM', if_true: files('cfam.c'))
 system_ss.add(when: 'CONFIG_FSI', if_true: 
files('fsi.c','fsi-master.c','fsi-slave.c'))
+system_ss.add(when: 'CONFIG_OPB', if_true: files('opb.c'))
diff --git a/hw/fsi/opb.c b/hw/fsi/opb.c
new file mode 100644
index 00..ac7693c001
--- /dev/null
+++ b/hw/fsi/opb.c
@@ -0,0 +1,194 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM On-chip Peripheral Bus
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/opb.h"
+
+static MemTxResult opb_read(OPBus *opb, hwaddr addr, void *data, size_t len)
+{
+return address_space_read(>as, addr, MEMTXATTRS_UNSPECIFIED, data,
+  len);
+}
+
+uint8_t opb_read8(OPBus *opb, hwaddr addr)
+{
+MemTxResult tx;
+uint8_t data;
+
+tx = opb_read(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+
+return data;
+}
+
+uint16_t opb_read16(OPBus *opb, hwaddr addr)
+{
+MemTxResult tx;
+uint16_t data;
+
+tx = opb_read(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+
+return data;
+}
+
+uint32_t opb_read32(OPBus *opb, hwaddr addr)
+{
+MemTxResult tx;
+uint32_t data;
+
+tx = opb_read(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+
+return data;
+}
+
+static MemTxResult opb_write(OPBus *opb, hwaddr addr, void *data, size_t len)
+{
+return address_space_write(>as, addr, MEMTXATTRS_UNSPECIFIED, data,
+   len);
+}
+
+void opb_write8(OPBus *opb, hwaddr addr, uint8_t data)
+{
+MemTxResult tx;
+
+tx = opb_write(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+}
+
+void opb_write16(OPBus *opb, hwaddr addr, uint16_t data)
+{
+MemTxResult tx;
+
+tx = opb_write(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+}
+
+void opb_write32(OPBus *opb, hwaddr addr, uint32_t data)
+{
+MemTxResult tx;
+
+tx = opb_write(opb, addr, , sizeof(data));
+/* FIXME: improve error handling */
+assert(!tx);
+}
+
+void opb_fsi_master_address(OPBus *opb, hwaddr addr)
+{
+memory_region_transaction_begin();
+memory_region_set_address(>fsi.iomem, addr);
+memory_region_transaction_commit();
+}
+
+void opb_opb2fsi_address(OPBus *opb, hwaddr addr)
+{
+memory_region_transaction_begin();
+memory_region_set_address(>fsi.opb2fsi, addr);
+memory_region_transaction_commit();
+}
+
+static uint64_t opb_unimplemented_read(void *opaque, hwaddr addr, unsigned 
size)
+{
+qemu_log_mask(LOG_UNIMP, "%s: read @0x%" HWADDR_PRIx " size=%d\n",
+  __func__, addr, size);
+
+return 0;
+}
+
+static void opb_unimplemented_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned size)
+{
+qemu_log_mask(LOG_UNIMP, "%s: write @0x%" HWADDR_PRIx " size=%d "
+  "value=%"PRIx64"\n", __func__, addr, size, data);
+}
+
+static const struct MemoryRegionOps opb_unimplemented_ops = {

[PATCH v2 0/7] Introduce model for IBM's FSI

[Ninad Palsule]

Hello,

Please review the patch-set version 2.
I have incorporated review comments from Joel.

Ninad Palsule (7):
  hw/fsi: Introduce IBM's Local bus
  hw/fsi: Introduce IBM's scratchpad
  hw/fsi: Introduce IBM's cfam,fsi-slave
  hw/fsi: Introduce IBM's FSI
  hw/fsi: IBM's On-chip Peripheral Bus
  hw/fsi: Aspeed APB2OPB interface
  hw/arm: Hook up FSI module in AST2600

 hw/Kconfig |   1 +
 hw/arm/Kconfig |   1 +
 hw/arm/aspeed_ast2600.c|  19 ++
 hw/fsi/Kconfig |  23 ++
 hw/fsi/aspeed-apb2opb.c| 352 +
 hw/fsi/cfam.c  | 236 +++
 hw/fsi/engine-scratchpad.c | 100 
 hw/fsi/fsi-master.c| 201 
 hw/fsi/fsi-slave.c | 109 +
 hw/fsi/fsi.c   |  54 +
 hw/fsi/lbus.c  |  94 
 hw/fsi/meson.build |   6 +
 hw/fsi/opb.c   | 194 
 hw/fsi/trace-events|   2 +
 hw/fsi/trace.h |   1 +
 hw/meson.build |   1 +
 include/hw/arm/aspeed_soc.h|   4 +
 include/hw/fsi/aspeed-apb2opb.h|  33 +++
 include/hw/fsi/bits.h  |  15 ++
 include/hw/fsi/cfam.h  |  61 +
 include/hw/fsi/engine-scratchpad.h |  33 +++
 include/hw/fsi/fsi-master.h|  30 +++
 include/hw/fsi/fsi-slave.h |  29 +++
 include/hw/fsi/fsi.h   |  31 +++
 include/hw/fsi/lbus.h  |  48 
 include/hw/fsi/opb.h   |  43 
 include/qemu/bitops.h  |   6 +
 meson.build|   1 +
 28 files changed, 1728 insertions(+)
 create mode 100644 hw/fsi/Kconfig
 create mode 100644 hw/fsi/aspeed-apb2opb.c
 create mode 100644 hw/fsi/cfam.c
 create mode 100644 hw/fsi/engine-scratchpad.c
 create mode 100644 hw/fsi/fsi-master.c
 create mode 100644 hw/fsi/fsi-slave.c
 create mode 100644 hw/fsi/fsi.c
 create mode 100644 hw/fsi/lbus.c
 create mode 100644 hw/fsi/meson.build
 create mode 100644 hw/fsi/opb.c
 create mode 100644 hw/fsi/trace-events
 create mode 100644 hw/fsi/trace.h
 create mode 100644 include/hw/fsi/aspeed-apb2opb.h
 create mode 100644 include/hw/fsi/bits.h
 create mode 100644 include/hw/fsi/cfam.h
 create mode 100644 include/hw/fsi/engine-scratchpad.h
 create mode 100644 include/hw/fsi/fsi-master.h
 create mode 100644 include/hw/fsi/fsi-slave.h
 create mode 100644 include/hw/fsi/fsi.h
 create mode 100644 include/hw/fsi/lbus.h
 create mode 100644 include/hw/fsi/opb.h

-- 
2.39.2

Re: [PATCH v1 4/7] hw/fsi: Introduce IBM's FSI

[Ninad Palsule]

Thanks for the review, Joel.

On 8/28/23 23:57, Joel Stanley wrote:

On Fri, 25 Aug 2023 at 20:44, Ninad Palsule  wrote:

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

This commit models the FSI bus. CFAM is hanging out of FSI bus. The bus
is model such a way that it is embeded inside the FSI master which is a
bus controller.

The FSI master: A controller in the platform service processor (e.g.
BMC) driving CFAM engine accesses into the POWER chip. At the
hardware level FSI is a bit-based protocol supporting synchronous and
DMA-driven accesses of engines in a CFAM.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 

Reviewed-by: Joel Stanley 


---
  hw/fsi/cfam.c   |   1 +
  hw/fsi/fsi-master.c | 203 
  hw/fsi/fsi.c|  54 ++
  hw/fsi/meson.build  |   2 +-
  include/hw/fsi/cfam.h   |   2 -
  include/hw/fsi/fsi-master.h |  30 ++
  include/hw/fsi/fsi.h|  35 +++
  7 files changed, 324 insertions(+), 3 deletions(-)
  create mode 100644 hw/fsi/fsi-master.c
  create mode 100644 hw/fsi/fsi.c
  create mode 100644 include/hw/fsi/fsi-master.h
  create mode 100644 include/hw/fsi/fsi.h

diff --git a/hw/fsi/cfam.c b/hw/fsi/cfam.c
index 19256050bd..12ce31cac4 100644
--- a/hw/fsi/cfam.c
+++ b/hw/fsi/cfam.c
@@ -12,6 +12,7 @@

  #include "hw/fsi/bits.h"
  #include "hw/fsi/cfam.h"
+#include "hw/fsi/fsi.h"
  #include "hw/fsi/engine-scratchpad.h"

  #include "hw/qdev-properties.h"
diff --git a/hw/fsi/fsi-master.c b/hw/fsi/fsi-master.c
new file mode 100644
index 00..fe1693539a
--- /dev/null
+++ b/hw/fsi/fsi-master.c
@@ -0,0 +1,203 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM Flexible Service Interface master
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+
+#include "qemu/log.h"
+
+#include "hw/fsi/bits.h"
+#include "hw/fsi/fsi-master.h"
+
+#define TYPE_OP_BUS "opb"
+
+#define TO_REG(x)   ((x) >> 2)
+
+#define FSI_MMODE   TO_REG(0x000)
+#define   FSI_MMODE_IPOLL_DMA_ENBE_BIT(0)
+#define   FSI_MMODE_HW_ERROR_RECOVERY_ENBE_BIT(1)
+#define   FSI_MMODE_RELATIVE_ADDRESS_EN BE_BIT(2)
+#define   FSI_MMODE_PARITY_CHECK_EN BE_BIT(3)
+#define   FSI_MMODE_CLOCK_DIVIDER_0 BE_GENMASK(4, 13)
+#define   FSI_MMODE_CLOCK_DIVIDER_1 BE_GENMASK(14, 23)
+#define   FSI_MMODE_DEBUG_ENBE_BIT(24)
+
+#define FSI_MDELAY  TO_REG(0x004)
+#define   FSI_MDELAY_ECHO_0 BE_GENMASK(0, 3)
+#define   FSI_MDELAY_SEND_0 BE_GENMASK(4, 7)
+#define   FSI_MDELAY_ECHO_1 BE_GENMASK(8, 11)
+#define   FSI_MDELAY_SEND_1 BE_GENMASK(12, 15)
+
+#define FSI_MENP0   TO_REG(0x010)
+#define FSI_MENP32  TO_REG(0x014)
+#define FSI_MSENP0  TO_REG(0x018)
+#define FSI_MLEVP0  TO_REG(0x018)
+#define FSI_MSENP32 TO_REG(0x01c)
+#define FSI_MLEVP32 TO_REG(0x01c)
+#define FSI_MCENP0  TO_REG(0x020)
+#define FSI_MREFP0  TO_REG(0x020)
+#define FSI_MCENP32 TO_REG(0x024)
+#define FSI_MREFP32 TO_REG(0x024)
+
+#define FSI_MAEBTO_REG(0x070)
+#define   FSI_MAEB_ANY_CPU_ERRORBE_BIT(0)
+#define   FSI_MAEB_ANY_DMA_ERRORBE_GENMASK(1, 16)
+#define   FSI_MAEB_ANY_PARITY_ERROR BE_BIT(17)
+
+#define FSI_MVERTO_REG(0x074)
+#define   FSI_MVER_VERSION  BE_GENMASK(0, 7)
+#define   FSI_MVER_BRIDGES  BE_GENMASK(8, 15)
+#define   FSI_MVER_PORTSBE_GENMASK(16, 23)
+
+#define FSI_MRESP0  TO_REG(0x0d0)
+#define   FSI_MRESP0_RESET_PORT_GENERAL BE_BIT(0)
+#define   FSI_MRESP0_RESET_PORT_ERROR   BE_BIT(1)
+#define   FSI_MRESP0_RESET_ALL_BRIDGES_GENERAL  BE_BIT(2)
+#define   FSI_MRESP0_RESET_ALL_PORTS_GENERALBE_BIT(3)
+#define   FSI_MRESP0_RESET_MASTER   BE_BIT(4)
+#define   FSI_MRESP0_RESET_PARITY_ERROR_LATCH   BE_BIT(5)
+
+#define FSI_MRESB0  TO_REG(0x1d0)
+#define   FSI_MRESB0_RESET_GENERAL  BE_BIT(0)
+#define   FSI_MRESB0_RESET_ERRORBE_BIT(1)
+#define   FSI_MRESB0_SET_DMA_SUSPENDBE_BIT(5)
+#define   FSI_MRESB0_CLEAR_DMA_SUSPEND  BE_BIT(6)
+#define   FSI_MRESB0_SET_DELAY_MEASURE  BE_BIT(7)
+
+#define FSI_MECTRL  TO_REG(0x2e0)
+#define   FSI_MECTRL_TEST_PULSE BE_GENMASK(0, 7)
+#define   

Re: [PATCH v1 6/7] hw/fsi: Aspeed APB2OPB interface

[Ninad Palsule]

Hi Joel,

On 8/28/23 23:55, Joel Stanley wrote:

On Fri, 25 Aug 2023 at 20:31, Ninad Palsule  wrote:

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

An APB-to-OPB bridge enabling access to the OPB from the ARM core in
the AST2600. Hardware limitations prevent the OPB from being directly
mapped into APB, so all accesses are indirect through the bridge.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
  hw/arm/Kconfig  |   1 +
  hw/fsi/Kconfig  |   4 +
  hw/fsi/aspeed-apb2opb.c | 346 
  hw/fsi/meson.build  |   1 +
  hw/fsi/trace-events |   2 +
  hw/fsi/trace.h  |   1 +
  include/hw/fsi/aspeed-apb2opb.h |  32 +++
  meson.build |   1 +
  8 files changed, 388 insertions(+)
  create mode 100644 hw/fsi/aspeed-apb2opb.c
  create mode 100644 hw/fsi/trace-events
  create mode 100644 hw/fsi/trace.h
  create mode 100644 include/hw/fsi/aspeed-apb2opb.h

diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
index 7e68348440..a6994cd9d7 100644
--- a/hw/arm/Kconfig
+++ b/hw/arm/Kconfig
@@ -589,6 +589,7 @@ config FSL_IMX7
  select PCI_EXPRESS_DESIGNWARE
  select SDHCI
  select UNIMP
+select APB2OPB_ASPEED

  config ARM_SMMUV3
  bool
diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
index 560ce536db..fbb021658d 100644
--- a/hw/fsi/Kconfig
+++ b/hw/fsi/Kconfig
@@ -1,3 +1,7 @@
+config APB2OPB_ASPEED
+bool
+select OPB
+
  config OPB
  bool
  select CFAM
diff --git a/hw/fsi/aspeed-apb2opb.c b/hw/fsi/aspeed-apb2opb.c
new file mode 100644
index 00..bbc63f2eb3
--- /dev/null
+++ b/hw/fsi/aspeed-apb2opb.c
@@ -0,0 +1,346 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * ASPEED APB-OPB FSI interface
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "qom/object.h"
+#include "qapi/error.h"
+#include "trace.h"
+
+#include "hw/fsi/aspeed-apb2opb.h"
+#include "hw/qdev-core.h"
+
+#define TO_REG(x) (x >> 2)
+#define GENMASK(t, b) (((1ULL << ((t) + 1)) - 1) & ~((1ULL << (b)) - 1))

We should put this in a common header.

Moved it to bitops.h



+
+#define APB2OPB_VERSIONTO_REG(0x00)
+#define   APB2OPB_VERSION_VER  GENMASK(7, 0)
+
+#define APB2OPB_TRIGGERTO_REG(0x04)
+#define   APB2OPB_TRIGGER_EN   BIT(0)
+
+#define APB2OPB_CONTROLTO_REG(0x08)
+#define   APB2OPB_CONTROL_OFF  GENMASK(31, 13)
+
+#define APB2OPB_OPB2FSITO_REG(0x0c)
+#define   APB2OPB_OPB2FSI_OFF  GENMASK(31, 22)
+
+#define APB2OPB_OPB0_SEL   TO_REG(0x10)
+#define APB2OPB_OPB1_SEL   TO_REG(0x28)
+#define   APB2OPB_OPB_SEL_EN   BIT(0)
+
+#define APB2OPB_OPB0_MODE  TO_REG(0x14)
+#define APB2OPB_OPB1_MODE  TO_REG(0x2c)
+#define   APB2OPB_OPB_MODE_RD  BIT(0)
+
+#define APB2OPB_OPB0_XFER  TO_REG(0x18)
+#define APB2OPB_OPB1_XFER  TO_REG(0x30)
+#define   APB2OPB_OPB_XFER_FULLBIT(1)
+#define   APB2OPB_OPB_XFER_HALFBIT(0)
+
+#define APB2OPB_OPB0_ADDR  TO_REG(0x1c)
+#define APB2OPB_OPB0_WRITE_DATATO_REG(0x20)
+
+#define APB2OPB_OPB1_DMA_ENTO_REG(0x24)
+#define APB2OPB_OPB1_DMA_EN_3  BIT(3)
+#define APB2OPB_OPB1_DMA_EN_2  BIT(2)
+#define APB2OPB_OPB1_DMA_EN_1  BIT(1)
+#define APB2OPB_OPB1_DMA_EN_0  BIT(0)
+
+#define APB2OPB_OPB1_ADDR  TO_REG(0x34)
+#define APB2OPB_OPB1_WRITE_DATA  TO_REG(0x38)
+
+#define APB2OPB_OPB_CLKTO_REG(0x3c)
+#define   APB2OPB_OPB_CLK_SYNC BIT(0)
+
+#define APB2OPB_IRQ_CLEAR  TO_REG(0x40)
+#define   APB2OPB_IRQ_CLEAR_EN BIT(0)
+
+#define APB2OPB_IRQ_MASK   TO_REG(0x44)
+#define   APB2OPB_IRQ_MASK_OPB1_TX_ACK BIT(17)
+#define   APB2OPB_IRQ_MASK_OPB0_TX_ACK BIT(16)
+#define   APB2OPB_IRQ_MASK_CH3_TCONT   BIT(15)
+#define   APB2OPB_IRQ_MASK_CH2_TCONT   BIT(14)
+#define   APB2OPB_IRQ_MASK_CH1_TCONT   BIT(13)
+#define   APB2OPB_IRQ_MASK_CH0_TCONT   BIT(12)
+#define   APB2OPB_IRQ_MASK_CH3_FIFO_EMPTY  BIT(11)
+#define   APB2OPB_IRQ_MASK_CH2_FIFO_EMPTY  BIT(10)
+#define   APB2OPB_IRQ_MASK_CH1_FIFO_EMPTY  BIT(9)
+#define   APB2OPB_IRQ_MASK_CH0_FIFO_EMPTY  BIT(8)
+#define   APB2OPB_IRQ_MASK_CH3_FIFO_FULL   BIT(7)
+#define   APB2OPB_IRQ_MASK_CH2_FIFO_FULL   BIT(6)
+#define   APB2OPB_IRQ_MASK_CH1_FIFO_FULL   BIT(5)
+#define   APB2OPB_IRQ_MASK_CH0_FIFO_FULL   BIT(4)
+#define   APB2OPB_IRQ_MASK_CH3_DMA_EOT BIT(3)
+#define   APB2OPB_IRQ_MASK_CH2_DMA_EOT BIT(2)
+#define   APB2OPB_IRQ_MASK_CH1_DMA_EOT BIT(1)
+#define   APB2OPB_IRQ_MASK_CH0_DMA_EOT BIT(0)
+
+#define APB2OPB_IRQ_STS 

Re: [PATCH v1 7/7] hw/arm: Hook up FSI module in AST2600

[Ninad Palsule]

Hi Joel,

On 8/28/23 23:48, Joel Stanley wrote:

On Fri, 25 Aug 2023 at 20:35, Ninad Palsule  wrote:

This patchset introduces IBM's Flexible Service Interface(FSI).

Time for some fun with inter-processor buses. FSI allows a service
processor access to the internal buses of a host POWER processor to
perform configuration or debugging.

FSI has long existed in POWER processes and so comes with some baggage,
including how it has been integrated into the ASPEED SoC.

Working backwards from the POWER processor, the fundamental pieces of
interest for the implementation are:

1. The Common FRU Access Macro (CFAM), an address space containing
various "engines" that drive accesses on buses internal and external
to the POWER chip. Examples include the SBEFIFO and I2C masters. The
engines hang off of an internal Local Bus (LBUS) which is described
by the CFAM configuration block.

2. The FSI slave: The slave is the terminal point of the FSI bus for
FSI symbols addressed to it. Slaves can be cascaded off of one
another. The slave's configuration registers appear in address space
of the CFAM to which it is attached.

3. The FSI master: A controller in the platform service processor (e.g.
BMC) driving CFAM engine accesses into the POWER chip. At the
hardware level FSI is a bit-based protocol supporting synchronous and
DMA-driven accesses of engines in a CFAM.

4. The On-Chip Peripheral Bus (OPB): A low-speed bus typically found in
POWER processors. This now makes an appearance in the ASPEED SoC due
to tight integration of the FSI master IP with the OPB, mainly the
existence of an MMIO-mapping of the CFAM address straight onto a
sub-region of the OPB address space.

5. An APB-to-OPB bridge enabling access to the OPB from the ARM core in
the AST2600. Hardware limitations prevent the OPB from being directly
mapped into APB, so all accesses are indirect through the bridge.

The implementation appears as following in the qemu device tree:

 (qemu) info qtree
 bus: main-system-bus
   type System
   ...
   dev: aspeed.apb2opb, id ""
 gpio-out "sysbus-irq" 1
 mmio 1e79b000/1000
 bus: opb.1
   type opb
   dev: fsi.master, id ""
 bus: fsi.bus.1
   type fsi.bus
   dev: cfam.config, id ""
   dev: cfam, id ""
 bus: lbus.1
   type lbus
   dev: scratchpad, id ""
 address = 0 (0x0)
 bus: opb.0
   type opb
   dev: fsi.master, id ""
 bus: fsi.bus.0
   type fsi.bus
   dev: cfam.config, id ""
   dev: cfam, id ""
 bus: lbus.0
   type lbus
   dev: scratchpad, id ""
 address = 0 (0x0)

The LBUS is modelled to maintain the qdev bus hierarchy and to take
advantage of the object model to automatically generate the CFAM
configuration block. The configuration block presents engines in the
order they are attached to the CFAM's LBUS. Engine implementations
should subclass the LBusDevice and set the 'config' member of
LBusDeviceClass to match the engine's type.

CFAM designs offer a lot of flexibility, for instance it is possible for
a CFAM to be simultaneously driven from multiple FSI links. The modeling
is not so complete; it's assumed that each CFAM is attached to a single
FSI slave (as a consequence the CFAM subclasses the FSI slave).

As for FSI, its symbols and wire-protocol are not modelled at all. This
is not necessary to get FSI off the ground thanks to the mapping of the
CFAM address space onto the OPB address space - the models follow this
directly and map the CFAM memory region into the OPB's memory region.
Future work includes supporting more advanced accesses that drive the
FSI master directly rather than indirectly via the CFAM mapping, which
will require implementing the FSI state machine and methods for each of
the FSI symbols on the slave. Further down the track we can also look at
supporting the bitbanged SoftFSI drivers in Linux by extending the FSI
slave model to resolve sequences of GPIO IRQs into FSI symbols, and
calling the associated symbol method on the slave to map the access onto
the CFAM.

Testing:
Tested by reading cfam config address 0 on rainier machine. We can
ignore the error line as it is not related.
root@p10bmc:~# pdbg -a getcfam 0x0
Unable to open dtb file '/var/lib/phosphor-software-manager/pnor/rw/DEVTREE'

Delete this line (and the explanation). It's something to follow up
with the version of pdbg that openbmc has, but unrelated to this
patch.

Done.



p0: 0x0 = 0xc0022d15

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
  hw/arm/aspeed_ast2600.c | 15 +++
  include/hw/arm/aspeed_soc.h |  4 
  2 files changed, 19 insertions(+)

diff --git 

Re: [PATCH v1 1/7] hw/fsi: Introduce IBM's Local bus

[Ninad Palsule]

Hi Joel,

On 8/28/23 23:34, Joel Stanley wrote:

On Fri, 25 Aug 2023 at 20:31, Ninad Palsule  wrote:

This is a part of patchset where IBM's Flexible Service Interface is
introduced.

The LBUS is modelled to maintain the qdev bus hierarchy and to take
advantage of the object model to automatically generate the CFAM
configuration block. The configuration block presents engines in the
order they are attached to the CFAM's LBUS. Engine implementations
should subclass the LBusDevice and set the 'config' member of
LBusDeviceClass to match the engine's type.

Signed-off-by: Andrew Jeffery 
Signed-off-by: Cédric Le Goater 
Signed-off-by: Ninad Palsule 
---
  hw/Kconfig|  1 +
  hw/fsi/Kconfig|  2 +
  hw/fsi/lbus.c | 94 +++
  hw/fsi/meson.build|  1 +
  hw/meson.build|  1 +
  include/hw/fsi/bits.h | 15 +++
  include/hw/fsi/lbus.h | 57 ++
  7 files changed, 171 insertions(+)
  create mode 100644 hw/fsi/Kconfig
  create mode 100644 hw/fsi/lbus.c
  create mode 100644 hw/fsi/meson.build
  create mode 100644 include/hw/fsi/bits.h
  create mode 100644 include/hw/fsi/lbus.h

diff --git a/hw/Kconfig b/hw/Kconfig
index ba62ff6417..2ccb73add5 100644
--- a/hw/Kconfig
+++ b/hw/Kconfig
@@ -9,6 +9,7 @@ source core/Kconfig
  source cxl/Kconfig
  source display/Kconfig
  source dma/Kconfig
+source fsi/Kconfig
  source gpio/Kconfig
  source hyperv/Kconfig
  source i2c/Kconfig
diff --git a/hw/fsi/Kconfig b/hw/fsi/Kconfig
new file mode 100644
index 00..687449e14e
--- /dev/null
+++ b/hw/fsi/Kconfig
@@ -0,0 +1,2 @@
+config LBUS
+bool
diff --git a/hw/fsi/lbus.c b/hw/fsi/lbus.c
new file mode 100644
index 00..afb26ef7ea
--- /dev/null
+++ b/hw/fsi/lbus.c
@@ -0,0 +1,94 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * IBM Local bus where FSI slaves are connected
+ */
+
+#include "qemu/osdep.h"
+
+#include "qapi/error.h"
+#include "qemu/log.h"
+
+#include "hw/fsi/lbus.h"
+
+#include "hw/qdev-properties.h"
+
+static void lbus_realize(BusState *bus, Error **errp)
+{
+LBusNode *node;
+LBus *lbus = LBUS(bus);
+
+memory_region_init(>mr, OBJECT(lbus), TYPE_LBUS,
+   (2 * 1024 * 1024) - 0x400);
+
+QLIST_FOREACH(node, >devices, next) {
+memory_region_add_subregion(>mr, node->ldev->address,
+>ldev->iomem);
+}
+}
+
+static void lbus_init(Object *o)
+{
+}
+
+static void lbus_class_init(ObjectClass *klass, void *data)
+{
+BusClass *k = BUS_CLASS(klass);
+k->realize = lbus_realize;
+}
+
+static const TypeInfo lbus_info = {
+.name = TYPE_LBUS,
+.parent = TYPE_BUS,
+.instance_init = lbus_init,
+.instance_size = sizeof(LBus),
+.class_init = lbus_class_init,
+};
+
+static Property lbus_device_props[] = {
+DEFINE_PROP_UINT32("address", LBusDevice, address, 0),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+DeviceState *lbus_create_device(LBus *bus, const char *type, uint32_t addr)
+{
+DeviceState *dev;
+LBusNode *node;
+
+dev = qdev_new(type);
+qdev_prop_set_uint8(dev, "address", addr);
+qdev_realize_and_unref(dev, >bus, _fatal);
+
+/* Move to post_load */
+node = g_malloc(sizeof(struct LBusNode));
+node->ldev = LBUS_DEVICE(dev);
+QLIST_INSERT_HEAD(>devices, node, next);
+
+return dev;
+}
+
+static void lbus_device_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->bus_type = TYPE_LBUS;
+device_class_set_props(dc, lbus_device_props);
+}
+
+static const TypeInfo lbus_device_type_info = {
+.name = TYPE_LBUS_DEVICE,
+.parent = TYPE_DEVICE,
+.instance_size = sizeof(LBusDevice),
+.abstract = true,
+.class_init = lbus_device_class_init,
+.class_size = sizeof(LBusDeviceClass),
+};
+
+static void lbus_register_types(void)
+{
+type_register_static(_info);
+type_register_static(_device_type_info);
+}
+
+type_init(lbus_register_types);
diff --git a/hw/fsi/meson.build b/hw/fsi/meson.build
new file mode 100644
index 00..e1007d5fea
--- /dev/null
+++ b/hw/fsi/meson.build
@@ -0,0 +1 @@
+system_ss.add(when: 'CONFIG_LBUS', if_true: files('lbus.c'))
diff --git a/hw/meson.build b/hw/meson.build
index c7ac7d3d75..6c71ee9cfa 100644
--- a/hw/meson.build
+++ b/hw/meson.build
@@ -43,6 +43,7 @@ subdir('virtio')
  subdir('watchdog')
  subdir('xen')
  subdir('xenpv')
+subdir('fsi')

  subdir('alpha')
  subdir('arm')
diff --git a/include/hw/fsi/bits.h b/include/hw/fsi/bits.h
new file mode 100644
index 00..338ae483cf
--- /dev/null
+++ b/include/hw/fsi/bits.h
@@ -0,0 +1,15 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * Copyright (C) 2023 IBM Corp.
+ *
+ * Bit operation macros
+ */
+#ifndef FSI_BITS_H
+#define FSI_BITS_H
+
+#define BE_BIT(x)  BIT(31 - (x))
+#define GENMASK(t, b) \
+(((1ULL << ((t) + 1)) - 1) & ~((1ULL << (b)) - 1))

Re: [PATCH v2 00/48] tcg patch queue

[Stefan Hajnoczi]

On Thu, 24 Aug 2023 at 14:29, Richard Henderson
 wrote:
>
> The following changes since commit 50e7a40af372ee5931c99ef7390f5d3d6fbf6ec4:
>
>   Merge tag 'pull-target-arm-20230824' of 
> https://git.linaro.org/people/pmaydell/qemu-arm into staging (2023-08-24 
> 10:08:33 -0400)
>
> are available in the Git repository at:
>
>   https://gitlab.com/rth7680/qemu.git tags/pull-tcg-20230823-2
>
> for you to fetch changes up to 4daad8d9d6b9d426beb8ce505d2164ba36ea3168:
>
>   tcg: spelling fixes (2023-08-24 11:22:42 -0700)
>
> 
> accel/*: Widen pc/saved_insn for *_sw_breakpoint
> accel/tcg: Replace remaining target_ulong in system-mode accel
> tcg: spelling fixes
> tcg: Document bswap, hswap, wswap byte patterns
> tcg: Introduce negsetcond opcodes
> tcg: Fold deposit with zero to and
> tcg: Unify TCG_TARGET_HAS_extr[lh]_i64_i32
> tcg/i386: Drop BYTEH deposits for 64-bit
> tcg/i386: Allow immediate as input to deposit
> target/*: Use tcg_gen_negsetcond_*

Hi Richard,
I'm seeing a segfault in "make docker-test-tcg@debian-tricore-cross"
after this pull request.

Note that it has already been merged into qemu.git/master. CI actually
caught it but I accidentally pushed staging to master.

Stefan

>
> 
> Anton Johansson (9):
>   accel/kvm: Widen pc/saved_insn for kvm_sw_breakpoint
>   accel/hvf: Widen pc/saved_insn for hvf_sw_breakpoint
>   sysemu/kvm: Use vaddr for kvm_arch_[insert|remove]_hw_breakpoint
>   sysemu/hvf: Use vaddr for hvf_arch_[insert|remove]_hw_breakpoint
>   include/exec: Replace target_ulong with abi_ptr in cpu_[st|ld]*()
>   include/exec: typedef abi_ptr to vaddr in softmmu
>   include/exec: Widen tlb_hit/tlb_hit_page()
>   accel/tcg: Widen address arg in tlb_compare_set()
>   accel/tcg: Update run_on_cpu_data static assert
>
> Mark Cave-Ayland (1):
>   docs/devel/tcg-ops: fix missing newlines in "Host vector operations"
>
> Michael Tokarev (1):
>   tcg: spelling fixes
>
> Philippe Mathieu-Daudé (9):
>   docs/devel/tcg-ops: Bury mentions of trunc_shr_i64_i32()
>   tcg/tcg-op: Document bswap16_i32() byte pattern
>   tcg/tcg-op: Document bswap16_i64() byte pattern
>   tcg/tcg-op: Document bswap32_i32() byte pattern
>   tcg/tcg-op: Document bswap32_i64() byte pattern
>   tcg/tcg-op: Document bswap64_i64() byte pattern
>   tcg/tcg-op: Document hswap_i32/64() byte pattern
>   tcg/tcg-op: Document wswap_i64() byte pattern
>   target/cris: Fix a typo in gen_swapr()
>
> Richard Henderson (28):
>   target/m68k: Use tcg_gen_deposit_i32 in gen_partset_reg
>   tcg/i386: Drop BYTEH deposits for 64-bit
>   tcg: Fold deposit with zero to and
>   tcg/i386: Allow immediate as input to deposit_*
>   tcg: Unify TCG_TARGET_HAS_extr[lh]_i64_i32
>   tcg: Introduce negsetcond opcodes
>   tcg: Use tcg_gen_negsetcond_*
>   target/alpha: Use tcg_gen_movcond_i64 in gen_fold_mzero
>   target/arm: Use tcg_gen_negsetcond_*
>   target/m68k: Use tcg_gen_negsetcond_*
>   target/openrisc: Use tcg_gen_negsetcond_*
>   target/ppc: Use tcg_gen_negsetcond_*
>   target/sparc: Use tcg_gen_movcond_i64 in gen_edge
>   target/tricore: Replace gen_cond_w with tcg_gen_negsetcond_tl
>   tcg/ppc: Implement negsetcond_*
>   tcg/ppc: Use the Set Boolean Extension
>   tcg/aarch64: Implement negsetcond_*
>   tcg/arm: Implement negsetcond_i32
>   tcg/riscv: Implement negsetcond_*
>   tcg/s390x: Implement negsetcond_*
>   tcg/sparc64: Implement negsetcond_*
>   tcg/i386: Merge tcg_out_brcond{32,64}
>   tcg/i386: Merge tcg_out_setcond{32,64}
>   tcg/i386: Merge tcg_out_movcond{32,64}
>   tcg/i386: Use CMP+SBB in tcg_out_setcond
>   tcg/i386: Clear dest first in tcg_out_setcond if possible
>   tcg/i386: Use shift in tcg_out_setcond
>   tcg/i386: Implement negsetcond_*
>
>  docs/devel/tcg-ops.rst |  15 +-
>  accel/tcg/atomic_template.h|  16 +-
>  include/exec/cpu-all.h |   4 +-
>  include/exec/cpu_ldst.h|  28 +--
>  include/sysemu/hvf.h   |  12 +-
>  include/sysemu/kvm.h   |  12 +-
>  include/tcg/tcg-op-common.h|   4 +
>  include/tcg/tcg-op.h   |   2 +
>  include/tcg/tcg-opc.h  |   6 +-
>  include/tcg/tcg.h  |   4 +-
>  tcg/aarch64/tcg-target.h   |   5 +-
>  tcg/arm/tcg-target.h   |   1 +
>  tcg/i386/tcg-target-con-set.h  |   2 +-
>  tcg/i386/tcg-target-con-str.h  |   1 -
>  tcg/i386/tcg-target.h  |   9 +-
>  tcg/loongarch64/tcg-target.h   |   6 +-
>  tcg/mips/tcg-target.h  |   5 +-
>  tcg/ppc/tcg-target.h   |   5 +-
>  

Re: [PATCH 6/7] vhost-user: allow "vhost_set_vring" to wait for a reply

[Philippe Mathieu-Daudé]

On 27/8/23 20:29, Laszlo Ersek wrote:

The "vhost_set_vring" function already centralizes the common parts of
"vhost_user_set_vring_num", "vhost_user_set_vring_base" and
"vhost_user_set_vring_enable". We'll want to allow some of those callers
to wait for a reply.

Therefore, rebase "vhost_set_vring" from just "vhost_user_write" to
"vhost_user_write_msg", exposing the "wait_for_reply" parameter.

This is purely refactoring -- there is no observable change. That's
because:

- all three callers pass in "false" for "wait_for_reply", which disables
   all logic in "vhost_user_write_msg" except the call to
   "vhost_user_write";

- the fds=NULL and fd_num=0 arguments of the original "vhost_user_write"
   call inside "vhost_set_vring" are hard-coded within
   "vhost_user_write_msg".

Cc: "Michael S. Tsirkin"  (supporter:vhost)
Cc: Eugenio Perez Martin 
Cc: German Maglione 
Cc: Liu Jiang 
Cc: Sergio Lopez Pascual 
Cc: Stefano Garzarella 
Signed-off-by: Laszlo Ersek 
---
  hw/virtio/vhost-user.c | 11 ++-
  1 file changed, 6 insertions(+), 5 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH 4/7] vhost-user: flatten "enforce_reply" into "vhost_user_write_msg"

[Philippe Mathieu-Daudé]

On 27/8/23 20:29, Laszlo Ersek wrote:

At this point, only "vhost_user_write_msg" calls "enforce_reply"; embed
the latter into the former.

This is purely refactoring -- no observable change.

Cc: "Michael S. Tsirkin"  (supporter:vhost)
Cc: Eugenio Perez Martin 
Cc: German Maglione 
Cc: Liu Jiang 
Cc: Sergio Lopez Pascual 
Cc: Stefano Garzarella 
Signed-off-by: Laszlo Ersek 
---
  hw/virtio/vhost-user.c | 32 
  1 file changed, 13 insertions(+), 19 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH 3/7] vhost-user: factor out "vhost_user_write_msg"

[Philippe Mathieu-Daudé]

On 27/8/23 20:29, Laszlo Ersek wrote:

The tails of the "vhost_user_set_vring_addr" and "vhost_user_set_u64"
functions are now byte-for-byte identical. Factor the common tail out to a
new function called "vhost_user_write_msg".

This is purely refactoring -- no observable change.

Cc: "Michael S. Tsirkin"  (supporter:vhost)
Cc: Eugenio Perez Martin 
Cc: German Maglione 
Cc: Liu Jiang 
Cc: Sergio Lopez Pascual 
Cc: Stefano Garzarella 
Signed-off-by: Laszlo Ersek 
---
  hw/virtio/vhost-user.c | 66 +---
  1 file changed, 28 insertions(+), 38 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v2 16/16] virtio-mem: Mark memslot alias memory regions unmergeable

[Philippe Mathieu-Daudé]

On 25/8/23 15:21, David Hildenbrand wrote:

Let's mark the memslot alias memory regions as unmergable, such that
flatview and vhost won't merge adjacent memory region aliases and we can
atomically map/unmap individual aliases without affecting adjacent
alias memory regions.

This handles vhost and vfio in multiple-memslot mode correctly (which do
not support atomic memslot updates) and avoids the temporary removal of
large memslots, which can be an expensive operation. For example, vfio
might have to unpin + repin a lot of memory, which is undesired.

Signed-off-by: David Hildenbrand 
---
  hw/virtio/virtio-mem.c | 6 ++
  1 file changed, 6 insertions(+)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v2 15/16] memory,vhost: Allow for marking memory device memory regions unmergeable

[Philippe Mathieu-Daudé]

On 25/8/23 15:21, David Hildenbrand wrote:

Let's allow for marking memory regions unmergeable, to teach
flatview code and vhost to not merge adjacent aliases to the same memory
region into a larger memory section; instead, we want separate aliases to
stay separate such that we can atomically map/unmap aliases without
affecting other aliases.

This is desired for virtio-mem mapping device memory located on a RAM
memory region via multiple aliases into a memory region container,
resulting in separate memslots that can get (un)mapped atomically.

As an example with virtio-mem, the layout would look something like this:
   [...]
   00024000-0020bfff (prio 0, i/o): device-memory
 00024000-00043fff (prio 0, i/o): virtio-mem
   00024000-00027fff (prio 0, ram): alias memslot-0 @mem2 
-3fff
   00028000-0002bfff (prio 0, ram): alias memslot-1 @mem2 
4000-7fff
   0002c000-0002 (prio 0, ram): alias memslot-2 @mem2 
8000-bfff
   [...]

Without unmergable memory regions, all three memslots would get merged into
a single memory section. For example, when mapping another alias (e.g.,
virtio-mem-memslot-3) or when unmapping any of the mapped aliases,
memory listeners will first get notified about the removal of the big
memory section to then get notified about re-adding of the new
(differently merged) memory section(s).

In an ideal world, memory listeners would be able to deal with that
atomically, like KVM nowadays does. However, (a) supporting this for other
memory listeners (vhost-user, vfio) is fairly hard: temporary removal
can result in all kinds of issues on concurrent access to guest memory;
and (b) this handling is undesired, because temporarily removing+readding
can consume quite some time on bigger memslots and is not efficient
(e.g., vfio unpinning and repinning pages ...).

Let's allow for marking a memory region unmergeable, such that we
can atomically (un)map aliases to the same memory region, similar to
(un)mapping individual DIMMs.

Similarly, teach vhost code to not redo what flatview core stopped doing:
don't merge such sections. Merging in vhost code is really only relevant
for handling random holes in boot memory where; without this merging,
the vhost-user backend wouldn't be able to mmap() some boot memory
backed on hugetlb.

We'll use this for virtio-mem next.

Signed-off-by: David Hildenbrand 
---
  hw/virtio/vhost.c |  4 ++--
  include/exec/memory.h | 22 ++
  softmmu/memory.c  | 31 +--
  3 files changed, 49 insertions(+), 8 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH v2 04/16] kvm: Return number of free memslots

[Philippe Mathieu-Daudé]

On 25/8/23 15:21, David Hildenbrand wrote:

Let's return the number of free slots instead of only checking if there
is a free slot. While at it, check all address spaces, which will also
consider SMM under x86 correctly.

Make the stub return UINT_MAX, such that we can call the function
unconditionally.

This is a preparation for memory devices that consume multiple memslots.

Signed-off-by: David Hildenbrand 
---
  accel/kvm/kvm-all.c  | 33 -
  accel/stubs/kvm-stub.c   |  4 ++--
  hw/mem/memory-device.c   |  2 +-
  include/sysemu/kvm.h |  2 +-
  include/sysemu/kvm_int.h |  1 +
  5 files changed, 25 insertions(+), 17 deletions(-)




diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c
index 235dc661bc..f39997d86e 100644
--- a/accel/stubs/kvm-stub.c
+++ b/accel/stubs/kvm-stub.c
@@ -109,9 +109,9 @@ int kvm_irqchip_remove_irqfd_notifier_gsi(KVMState *s, 
EventNotifier *n,
  return -ENOSYS;
  }
  
-bool kvm_has_free_slot(MachineState *ms)

+unsigned int kvm_get_free_memslots(void)
  {
-return false;
+return UINT_MAX;


Isn't it clearer returning 0 here and keeping kvm_enabled() below?


  }
  
  void kvm_init_cpu_signals(CPUState *cpu)

diff --git a/hw/mem/memory-device.c b/hw/mem/memory-device.c
index 667d56bd29..7c24685796 100644
--- a/hw/mem/memory-device.c
+++ b/hw/mem/memory-device.c
@@ -59,7 +59,7 @@ static void memory_device_check_addable(MachineState *ms, 
MemoryRegion *mr,
  const uint64_t size = memory_region_size(mr);
  
  /* we will need a new memory slot for kvm and vhost */

-if (kvm_enabled() && !kvm_has_free_slot(ms)) {
+if (!kvm_get_free_memslots()) {


(here)


  error_setg(errp, "hypervisor has no free memory slots left");
  return;
  }




diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h
index 511b42bde5..8b09e78b12 100644
--- a/include/sysemu/kvm_int.h
+++ b/include/sysemu/kvm_int.h
@@ -40,6 +40,7 @@ typedef struct KVMMemoryUpdate {
  typedef struct KVMMemoryListener {
  MemoryListener listener;
  KVMSlot *slots;
+int nr_used_slots;


Preferably using 'unsigned' here:

Reviewed-by: Philippe Mathieu-Daudé 

[PATCH v2 09/11] target/xtensa: Include missing 'qemu/atomic.h' header

[Philippe Mathieu-Daudé]

Since commit fa92bd4af7 ("target/xtensa: fix access to
the INTERRUPT SR") these files use QEMU atomic API.
Explicit the header inclusion instead of relying on
implicit and indirect inclusion.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/xtensa/pic_cpu.c| 1 +
 target/xtensa/exc_helper.c | 1 +
 target/xtensa/op_helper.c  | 1 +
 3 files changed, 3 insertions(+)

diff --git a/hw/xtensa/pic_cpu.c b/hw/xtensa/pic_cpu.c
index 6c9447565d..8cef88c61b 100644
--- a/hw/xtensa/pic_cpu.c
+++ b/hw/xtensa/pic_cpu.c
@@ -30,6 +30,7 @@
 #include "hw/irq.h"
 #include "qemu/log.h"
 #include "qemu/timer.h"
+#include "qemu/atomic.h"
 
 void check_interrupts(CPUXtensaState *env)
 {
diff --git a/target/xtensa/exc_helper.c b/target/xtensa/exc_helper.c
index 43f6a862de..91354884f7 100644
--- a/target/xtensa/exc_helper.c
+++ b/target/xtensa/exc_helper.c
@@ -31,6 +31,7 @@
 #include "cpu.h"
 #include "exec/helper-proto.h"
 #include "qemu/host-utils.h"
+#include "qemu/atomic.h"
 #include "exec/exec-all.h"
 
 void HELPER(exception)(CPUXtensaState *env, uint32_t excp)
diff --git a/target/xtensa/op_helper.c b/target/xtensa/op_helper.c
index 03e2c1889a..7bb8cd6726 100644
--- a/target/xtensa/op_helper.c
+++ b/target/xtensa/op_helper.c
@@ -30,6 +30,7 @@
 #include "exec/helper-proto.h"
 #include "qemu/host-utils.h"
 #include "exec/exec-all.h"
+#include "qemu/atomic.h"
 #include "qemu/timer.h"
 
 #ifndef CONFIG_USER_ONLY
-- 
2.41.0

[PATCH v2 00/11] target/translate: Remove unused "exec/cpu_ldst.h" / "qemu/main-loop.h"

[Philippe Mathieu-Daudé]

Yet another boring 'header cleanups' series :/

Since v1:
- Addressed Richard review comment
- Added Richard R-b tag
- 3 more patches around 'qemu/qatomic.h'

Philippe Mathieu-Daudé (11):
  target/ppc/pmu: Include missing 'qemu/timer.h' header
  target/riscv/pmu: Restrict 'qemu/log.h' include to source
  target/translate: Include missing 'exec/cpu_ldst.h' header
  target/translate: Remove unnecessary 'exec/cpu_ldst.h' header
  target/translate: Restrict 'exec/cpu_ldst.h' to user emulation
  target/helpers: Remove unnecessary 'exec/cpu_ldst.h' header
  target/helper: Remove unnecessary 'qemu/main-loop.h' header
  target/mips: Remove unused headers in lcsr_helper.c
  target/xtensa: Include missing 'qemu/atomic.h' header
  qemu/processor: Remove unused 'qemu/atomic.h' header
  exec/translation-block: Clean up includes

 include/exec/exec-all.h  | 2 +-
 include/exec/translation-block.h | 6 +++---
 include/qemu/processor.h | 2 --
 target/riscv/pmu.h   | 3 ---
 hw/xtensa/pic_cpu.c  | 1 +
 target/alpha/translate.c | 1 -
 target/arm/ptw.c | 1 -
 target/avr/helper.c  | 1 +
 target/cris/op_helper.c  | 1 -
 target/hexagon/translate.c   | 1 -
 target/hppa/translate.c  | 1 -
 target/i386/tcg/fpu_helper.c | 1 +
 target/i386/tcg/sysemu/excp_helper.c | 1 +
 target/loongarch/cpu.c   | 1 +
 target/loongarch/iocsr_helper.c  | 1 -
 target/loongarch/op_helper.c | 1 -
 target/m68k/translate.c  | 1 -
 target/microblaze/translate.c| 1 -
 target/mips/tcg/fpu_helper.c | 1 -
 target/mips/tcg/ldst_helper.c| 1 +
 target/mips/tcg/msa_helper.c | 1 +
 target/mips/tcg/sysemu/lcsr_helper.c | 5 -
 target/nios2/op_helper.c | 1 -
 target/nios2/translate.c | 1 -
 target/openrisc/translate.c  | 1 -
 target/ppc/int_helper.c  | 1 -
 target/ppc/machine.c | 1 -
 target/ppc/mem_helper.c  | 1 -
 target/ppc/mmu_common.c  | 1 -
 target/ppc/mmu_helper.c  | 1 -
 target/ppc/power8-pmu.c  | 2 +-
 target/ppc/translate.c   | 2 --
 target/riscv/csr.c   | 1 -
 target/riscv/m128_helper.c   | 1 -
 target/riscv/op_helper.c | 2 +-
 target/riscv/pmu.c   | 1 +
 target/riscv/vector_helper.c | 1 +
 target/s390x/tcg/crypto_helper.c | 1 -
 target/s390x/tcg/excp_helper.c   | 1 -
 target/s390x/tcg/fpu_helper.c| 1 -
 target/s390x/tcg/misc_helper.c   | 1 -
 target/sh4/translate.c   | 1 -
 target/sparc/translate.c | 1 -
 target/xtensa/dbg_helper.c   | 1 -
 target/xtensa/exc_helper.c   | 1 +
 target/xtensa/fpu_helper.c   | 1 -
 target/xtensa/mmu_helper.c   | 2 --
 target/xtensa/op_helper.c| 3 +--
 target/xtensa/win_helper.c   | 1 -
 49 files changed, 17 insertions(+), 51 deletions(-)

-- 
2.41.0

[PATCH v2 11/11] exec/translation-block: Clean up includes

[Philippe Mathieu-Daudé]

'qemu/atomic.h' and 'exec/target_page.h' are not used.
'qemu/interval-tree.h' is only required for user emulation.

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/exec/translation-block.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/exec/translation-block.h b/include/exec/translation-block.h
index 5119924927..b785751774 100644
--- a/include/exec/translation-block.h
+++ b/include/exec/translation-block.h
@@ -7,11 +7,11 @@
 #ifndef EXEC_TRANSLATION_BLOCK_H
 #define EXEC_TRANSLATION_BLOCK_H
 
-#include "qemu/atomic.h"
 #include "qemu/thread.h"
-#include "qemu/interval-tree.h"
 #include "exec/cpu-common.h"
-#include "exec/target_page.h"
+#ifdef CONFIG_USER_ONLY
+#include "qemu/interval-tree.h"
+#endif
 
 /*
  * Page tracking code uses ram addresses in system mode, and virtual
-- 
2.41.0

[PATCH v2 06/11] target/helpers: Remove unnecessary 'exec/cpu_ldst.h' header

[Philippe Mathieu-Daudé]

These files don't use the CPU ld/st API, remove the unnecessary
"exec/cpu_ldst.h" header.

Reviewed-by: Richard Henderson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 target/riscv/pmu.h   | 1 -
 target/cris/op_helper.c  | 1 -
 target/mips/tcg/fpu_helper.c | 1 -
 target/mips/tcg/sysemu/lcsr_helper.c | 1 -
 target/s390x/tcg/excp_helper.c   | 1 -
 target/s390x/tcg/fpu_helper.c| 1 -
 target/xtensa/mmu_helper.c   | 1 -
 target/xtensa/op_helper.c| 1 -
 8 files changed, 8 deletions(-)

diff --git a/target/riscv/pmu.h b/target/riscv/pmu.h
index d2be06a133..60fdd6f42c 100644
--- a/target/riscv/pmu.h
+++ b/target/riscv/pmu.h
@@ -18,7 +18,6 @@
 
 #include "cpu.h"
 #include "qemu/main-loop.h"
-#include "exec/exec-all.h"
 
 bool riscv_pmu_ctr_monitor_instructions(CPURISCVState *env,
 uint32_t target_ctr);
diff --git a/target/cris/op_helper.c b/target/cris/op_helper.c
index 40cb74ce73..98a9aaf504 100644
--- a/target/cris/op_helper.c
+++ b/target/cris/op_helper.c
@@ -24,7 +24,6 @@
 #include "exec/helper-proto.h"
 #include "qemu/host-utils.h"
 #include "exec/exec-all.h"
-#include "exec/cpu_ldst.h"
 
 //#define CRIS_OP_HELPER_DEBUG
 
diff --git a/target/mips/tcg/fpu_helper.c b/target/mips/tcg/fpu_helper.c
index 8ce56ed7c8..45d593de48 100644
--- a/target/mips/tcg/fpu_helper.c
+++ b/target/mips/tcg/fpu_helper.c
@@ -25,7 +25,6 @@
 #include "internal.h"
 #include "exec/helper-proto.h"
 #include "exec/exec-all.h"
-#include "exec/cpu_ldst.h"
 #include "fpu/softfloat.h"
 #include "fpu_helper.h"
 
diff --git a/target/mips/tcg/sysemu/lcsr_helper.c 
b/target/mips/tcg/sysemu/lcsr_helper.c
index 942143d209..8f97d04313 100644
--- a/target/mips/tcg/sysemu/lcsr_helper.c
+++ b/target/mips/tcg/sysemu/lcsr_helper.c
@@ -13,7 +13,6 @@
 #include "qemu/host-utils.h"
 #include "exec/helper-proto.h"
 #include "exec/exec-all.h"
-#include "exec/cpu_ldst.h"
 
 #define GET_MEMTXATTRS(cas) \
 ((MemTxAttrs){.requester_id = env_cpu(cas)->cpu_index})
diff --git a/target/s390x/tcg/excp_helper.c b/target/s390x/tcg/excp_helper.c
index b7116d0577..b875bf14e5 100644
--- a/target/s390x/tcg/excp_helper.c
+++ b/target/s390x/tcg/excp_helper.c
@@ -23,7 +23,6 @@
 #include "cpu.h"
 #include "exec/helper-proto.h"
 #include "exec/exec-all.h"
-#include "exec/cpu_ldst.h"
 #include "s390x-internal.h"
 #include "tcg_s390x.h"
 #ifndef CONFIG_USER_ONLY
diff --git a/target/s390x/tcg/fpu_helper.c b/target/s390x/tcg/fpu_helper.c
index c329b31261..d8bd5748fa 100644
--- a/target/s390x/tcg/fpu_helper.c
+++ b/target/s390x/tcg/fpu_helper.c
@@ -23,7 +23,6 @@
 #include "s390x-internal.h"
 #include "tcg_s390x.h"
 #include "exec/exec-all.h"
-#include "exec/cpu_ldst.h"
 #include "exec/helper-proto.h"
 #include "fpu/softfloat.h"
 
diff --git a/target/xtensa/mmu_helper.c b/target/xtensa/mmu_helper.c
index fa66e8e867..57b75882c4 100644
--- a/target/xtensa/mmu_helper.c
+++ b/target/xtensa/mmu_helper.c
@@ -34,7 +34,6 @@
 #include "exec/helper-proto.h"
 #include "qemu/host-utils.h"
 #include "exec/exec-all.h"
-#include "exec/cpu_ldst.h"
 
 #define XTENSA_MPU_SEGMENT_MASK 0x001f
 #define XTENSA_MPU_ACC_RIGHTS_MASK 0x0f00
diff --git a/target/xtensa/op_helper.c b/target/xtensa/op_helper.c
index 1af7becc54..10a2b51f91 100644
--- a/target/xtensa/op_helper.c
+++ b/target/xtensa/op_helper.c
@@ -31,7 +31,6 @@
 #include "exec/helper-proto.h"
 #include "qemu/host-utils.h"
 #include "exec/exec-all.h"
-#include "exec/cpu_ldst.h"
 #include "qemu/timer.h"
 
 #ifndef CONFIG_USER_ONLY
-- 
2.41.0

[PATCH v2 02/11] target/riscv/pmu: Restrict 'qemu/log.h' include to source

[Philippe Mathieu-Daudé]

Declarations from "riscv/pmu.h" don't need anything from "qemu/log.h",
reduce it's inclusion to the source.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/riscv/pmu.h | 1 -
 target/riscv/pmu.c | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/pmu.h b/target/riscv/pmu.h
index 0c819ca983..d2be06a133 100644
--- a/target/riscv/pmu.h
+++ b/target/riscv/pmu.h
@@ -16,7 +16,6 @@
  * this program.  If not, see .
  */
 
-#include "qemu/log.h"
 #include "cpu.h"
 #include "qemu/main-loop.h"
 #include "exec/exec-all.h"
diff --git a/target/riscv/pmu.c b/target/riscv/pmu.c
index db06b3882f..36f6307d28 100644
--- a/target/riscv/pmu.c
+++ b/target/riscv/pmu.c
@@ -17,6 +17,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/log.h"
 #include "cpu.h"
 #include "pmu.h"
 #include "sysemu/cpu-timers.h"
-- 
2.41.0

[PATCH v2 08/11] target/mips: Remove unused headers in lcsr_helper.c

[Philippe Mathieu-Daudé]

This files only access the address_space_ld/st API, declared
in "exec/cpu-all.h", already included by "cpu.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
---
 target/mips/tcg/sysemu/lcsr_helper.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/target/mips/tcg/sysemu/lcsr_helper.c 
b/target/mips/tcg/sysemu/lcsr_helper.c
index fb57bcbb78..25e03572fe 100644
--- a/target/mips/tcg/sysemu/lcsr_helper.c
+++ b/target/mips/tcg/sysemu/lcsr_helper.c
@@ -8,10 +8,7 @@
 
 #include "qemu/osdep.h"
 #include "cpu.h"
-#include "internal.h"
-#include "qemu/host-utils.h"
 #include "exec/helper-proto.h"
-#include "exec/exec-all.h"
 
 #define GET_MEMTXATTRS(cas) \
 ((MemTxAttrs){.requester_id = env_cpu(cas)->cpu_index})
-- 
2.41.0

[PATCH v2 10/11] qemu/processor: Remove unused 'qemu/atomic.h' header

[Philippe Mathieu-Daudé]

Signed-off-by: Philippe Mathieu-Daudé 
---
 include/qemu/processor.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/include/qemu/processor.h b/include/qemu/processor.h
index 8e16c9277d..9f0dcdf28f 100644
--- a/include/qemu/processor.h
+++ b/include/qemu/processor.h
@@ -7,8 +7,6 @@
 #ifndef QEMU_PROCESSOR_H
 #define QEMU_PROCESSOR_H
 
-#include "qemu/atomic.h"
-
 #if defined(__i386__) || defined(__x86_64__)
 # define cpu_relax() asm volatile("rep; nop" ::: "memory")
 
-- 
2.41.0

[PATCH v2 01/11] target/ppc/pmu: Include missing 'qemu/timer.h' header

[Philippe Mathieu-Daudé]

Since commit c2eff582a3 ("target/ppc: PMU basic cycle count for
pseries TCG") pmu_update_cycles() uses QEMU_CLOCK_VIRTUAL and
calls qemu_clock_get_ns(), both defined in "qemu/timer.h".

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/ppc/power8-pmu.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/ppc/power8-pmu.c b/target/ppc/power8-pmu.c
index 7bb4bf81f7..2537cded83 100644
--- a/target/ppc/power8-pmu.c
+++ b/target/ppc/power8-pmu.c
@@ -16,6 +16,7 @@
 #include "exec/exec-all.h"
 #include "exec/helper-proto.h"
 #include "qemu/error-report.h"
+#include "qemu/timer.h"
 #include "qemu/main-loop.h"
 #include "hw/ppc/ppc.h"
 #include "power8-pmu.h"
-- 
2.41.0

[PATCH v2 07/11] target/helper: Remove unnecessary 'qemu/main-loop.h' header

[Philippe Mathieu-Daudé]

"qemu/main-loop.h" declares functions related to QEMU's
main loop mutex, which these files don't access. Remove
the unused "qemu/main-loop.h" header.

Signed-off-by: Philippe Mathieu-Daudé 
---
 target/riscv/pmu.h   | 1 -
 target/arm/ptw.c | 1 -
 target/loongarch/iocsr_helper.c  | 1 -
 target/loongarch/op_helper.c | 1 -
 target/mips/tcg/sysemu/lcsr_helper.c | 1 -
 target/nios2/op_helper.c | 1 -
 target/ppc/int_helper.c  | 1 -
 target/ppc/machine.c | 1 -
 target/ppc/mem_helper.c  | 1 -
 target/ppc/mmu_common.c  | 1 -
 target/ppc/mmu_helper.c  | 1 -
 target/ppc/power8-pmu.c  | 1 -
 target/ppc/translate.c   | 1 -
 target/riscv/csr.c   | 1 -
 target/riscv/m128_helper.c   | 1 -
 target/riscv/op_helper.c | 1 -
 target/s390x/tcg/crypto_helper.c | 1 -
 target/s390x/tcg/misc_helper.c   | 1 -
 target/xtensa/dbg_helper.c   | 1 -
 target/xtensa/fpu_helper.c   | 1 -
 target/xtensa/mmu_helper.c   | 1 -
 target/xtensa/op_helper.c| 1 -
 target/xtensa/win_helper.c   | 1 -
 23 files changed, 23 deletions(-)

diff --git a/target/riscv/pmu.h b/target/riscv/pmu.h
index 60fdd6f42c..2bfb71ba87 100644
--- a/target/riscv/pmu.h
+++ b/target/riscv/pmu.h
@@ -17,7 +17,6 @@
  */
 
 #include "cpu.h"
-#include "qemu/main-loop.h"
 
 bool riscv_pmu_ctr_monitor_instructions(CPURISCVState *env,
 uint32_t target_ctr);
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index bfbab26b9b..a4b0172df3 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -9,7 +9,6 @@
 #include "qemu/osdep.h"
 #include "qemu/log.h"
 #include "qemu/range.h"
-#include "qemu/main-loop.h"
 #include "exec/exec-all.h"
 #include "cpu.h"
 #include "internals.h"
diff --git a/target/loongarch/iocsr_helper.c b/target/loongarch/iocsr_helper.c
index dda9845d6c..6cd01d5f09 100644
--- a/target/loongarch/iocsr_helper.c
+++ b/target/loongarch/iocsr_helper.c
@@ -6,7 +6,6 @@
  */
 
 #include "qemu/osdep.h"
-#include "qemu/main-loop.h"
 #include "cpu.h"
 #include "qemu/host-utils.h"
 #include "exec/helper-proto.h"
diff --git a/target/loongarch/op_helper.c b/target/loongarch/op_helper.c
index cf84f20aba..fe79c62fa4 100644
--- a/target/loongarch/op_helper.c
+++ b/target/loongarch/op_helper.c
@@ -7,7 +7,6 @@
 
 #include "qemu/osdep.h"
 #include "qemu/log.h"
-#include "qemu/main-loop.h"
 #include "cpu.h"
 #include "qemu/host-utils.h"
 #include "exec/helper-proto.h"
diff --git a/target/mips/tcg/sysemu/lcsr_helper.c 
b/target/mips/tcg/sysemu/lcsr_helper.c
index 8f97d04313..fb57bcbb78 100644
--- a/target/mips/tcg/sysemu/lcsr_helper.c
+++ b/target/mips/tcg/sysemu/lcsr_helper.c
@@ -7,7 +7,6 @@
  */
 
 #include "qemu/osdep.h"
-#include "qemu/main-loop.h"
 #include "cpu.h"
 #include "internal.h"
 #include "qemu/host-utils.h"
diff --git a/target/nios2/op_helper.c b/target/nios2/op_helper.c
index 0aaf33ffc2..5017457c5e 100644
--- a/target/nios2/op_helper.c
+++ b/target/nios2/op_helper.c
@@ -22,7 +22,6 @@
 #include "cpu.h"
 #include "exec/helper-proto.h"
 #include "exec/exec-all.h"
-#include "qemu/main-loop.h"
 
 void helper_raise_exception(CPUNios2State *env, uint32_t index)
 {
diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c
index 834da80fe3..96cdb3c7e3 100644
--- a/target/ppc/int_helper.c
+++ b/target/ppc/int_helper.c
@@ -21,7 +21,6 @@
 #include "cpu.h"
 #include "internal.h"
 #include "qemu/host-utils.h"
-#include "qemu/main-loop.h"
 #include "qemu/log.h"
 #include "exec/helper-proto.h"
 #include "crypto/aes.h"
diff --git a/target/ppc/machine.c b/target/ppc/machine.c
index 134b16c625..1270a1f7fc 100644
--- a/target/ppc/machine.c
+++ b/target/ppc/machine.c
@@ -7,7 +7,6 @@
 #include "mmu-hash64.h"
 #include "migration/cpu.h"
 #include "qapi/error.h"
-#include "qemu/main-loop.h"
 #include "kvm_ppc.h"
 #include "power8-pmu.h"
 
diff --git a/target/ppc/mem_helper.c b/target/ppc/mem_helper.c
index 46eae65819..c7535481d6 100644
--- a/target/ppc/mem_helper.c
+++ b/target/ppc/mem_helper.c
@@ -21,7 +21,6 @@
 #include "cpu.h"
 #include "exec/exec-all.h"
 #include "qemu/host-utils.h"
-#include "qemu/main-loop.h"
 #include "exec/helper-proto.h"
 #include "helper_regs.h"
 #include "exec/cpu_ldst.h"
diff --git a/target/ppc/mmu_common.c b/target/ppc/mmu_common.c
index 8c000e250d..6ca5d12207 100644
--- a/target/ppc/mmu_common.c
+++ b/target/ppc/mmu_common.c
@@ -28,7 +28,6 @@
 #include "exec/log.h"
 #include "helper_regs.h"
 #include "qemu/error-report.h"
-#include "qemu/main-loop.h"
 #include "qemu/qemu-print.h"
 #include "internal.h"
 #include "mmu-book3s-v3.h"
diff --git a/target/ppc/mmu_helper.c b/target/ppc/mmu_helper.c
index d3ea7588f9..f87d35379a 100644
--- a/target/ppc/mmu_helper.c
+++ b/target/ppc/mmu_helper.c
@@ -28,7 +28,6 @@
 #include "exec/log.h"
 #include "helper_regs.h"
 #include "qemu/error-report.h"
-#include 

[PATCH v2 05/11] target/translate: Restrict 'exec/cpu_ldst.h' to user emulation

[Philippe Mathieu-Daudé]

Only handle_sigsegv_accerr_write(), declared with user
emulation, requires "exec/cpu_ldst.h" (for the abi_ptr
typedef).

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
---
 include/exec/exec-all.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index d02517e95f..b2f5cd4c2a 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -21,7 +21,7 @@
 #define EXEC_ALL_H
 
 #include "cpu.h"
-#ifdef CONFIG_TCG
+#if defined(CONFIG_USER_ONLY)
 #include "exec/cpu_ldst.h"
 #endif
 #include "exec/translation-block.h"
-- 
2.41.0

[PATCH v2 04/11] target/translate: Remove unnecessary 'exec/cpu_ldst.h' header

[Philippe Mathieu-Daudé]

All these files only access the translator_ld/st API declared
in "exec/translator.h". The CPU ld/st API from declared in
"exec/cpu_ldst.h" is not used, remove it.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
---
 target/alpha/translate.c  | 1 -
 target/hexagon/translate.c| 1 -
 target/hppa/translate.c   | 1 -
 target/m68k/translate.c   | 1 -
 target/microblaze/translate.c | 1 -
 target/nios2/translate.c  | 1 -
 target/openrisc/translate.c   | 1 -
 target/ppc/translate.c| 1 -
 target/sh4/translate.c| 1 -
 target/sparc/translate.c  | 1 -
 10 files changed, 10 deletions(-)

diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index 0839182a1f..9be912c50c 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -24,7 +24,6 @@
 #include "qemu/host-utils.h"
 #include "exec/exec-all.h"
 #include "tcg/tcg-op.h"
-#include "exec/cpu_ldst.h"
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 #include "exec/translator.h"
diff --git a/target/hexagon/translate.c b/target/hexagon/translate.c
index 708339198e..c00254e4d5 100644
--- a/target/hexagon/translate.c
+++ b/target/hexagon/translate.c
@@ -23,7 +23,6 @@
 #include "exec/helper-gen.h"
 #include "exec/helper-proto.h"
 #include "exec/translation-block.h"
-#include "exec/cpu_ldst.h"
 #include "exec/log.h"
 #include "internal.h"
 #include "attribs.h"
diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index e3af668252..c04dc15228 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -23,7 +23,6 @@
 #include "qemu/host-utils.h"
 #include "exec/exec-all.h"
 #include "tcg/tcg-op.h"
-#include "exec/cpu_ldst.h"
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 #include "exec/translator.h"
diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 15b3701b8f..9e224fe796 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -25,7 +25,6 @@
 #include "tcg/tcg-op.h"
 #include "qemu/log.h"
 #include "qemu/qemu-print.h"
-#include "exec/cpu_ldst.h"
 #include "exec/translator.h"
 
 #include "exec/helper-proto.h"
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 7e7f837c63..d02c16296a 100644
--- a/target/microblaze/translate.c
+++ b/target/microblaze/translate.c
@@ -24,7 +24,6 @@
 #include "exec/exec-all.h"
 #include "tcg/tcg-op.h"
 #include "exec/helper-proto.h"
-#include "exec/cpu_ldst.h"
 #include "exec/helper-gen.h"
 #include "exec/translator.h"
 #include "qemu/qemu-print.h"
diff --git a/target/nios2/translate.c b/target/nios2/translate.c
index 4264c7ec6b..dfc546d3bb 100644
--- a/target/nios2/translate.c
+++ b/target/nios2/translate.c
@@ -29,7 +29,6 @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 #include "exec/log.h"
-#include "exec/cpu_ldst.h"
 #include "exec/translator.h"
 #include "qemu/qemu-print.h"
 #include "semihosting/semihost.h"
diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
index 7c6f80daf1..d65758449f 100644
--- a/target/openrisc/translate.c
+++ b/target/openrisc/translate.c
@@ -26,7 +26,6 @@
 #include "qemu/log.h"
 #include "qemu/bitops.h"
 #include "qemu/qemu-print.h"
-#include "exec/cpu_ldst.h"
 #include "exec/translator.h"
 
 #include "exec/helper-proto.h"
diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 74796ec7ba..49b6a757b7 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -27,7 +27,6 @@
 #include "tcg/tcg-op-gvec.h"
 #include "qemu/host-utils.h"
 #include "qemu/main-loop.h"
-#include "exec/cpu_ldst.h"
 
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index 49c87d7a01..c1e590feb3 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -22,7 +22,6 @@
 #include "disas/disas.h"
 #include "exec/exec-all.h"
 #include "tcg/tcg-op.h"
-#include "exec/cpu_ldst.h"
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 #include "exec/translator.h"
diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index fa80a91161..3bf0ab8135 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -25,7 +25,6 @@
 #include "exec/helper-proto.h"
 #include "exec/exec-all.h"
 #include "tcg/tcg-op.h"
-#include "exec/cpu_ldst.h"
 
 #include "exec/helper-gen.h"
 
-- 
2.41.0

[PATCH v2 03/11] target/translate: Include missing 'exec/cpu_ldst.h' header

[Philippe Mathieu-Daudé]

All these files access the CPU LD/ST API declared in "exec/cpu_ldst.h".

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
---
 target/avr/helper.c  | 1 +
 target/i386/tcg/fpu_helper.c | 1 +
 target/i386/tcg/sysemu/excp_helper.c | 1 +
 target/loongarch/cpu.c   | 1 +
 target/mips/tcg/ldst_helper.c| 1 +
 target/mips/tcg/msa_helper.c | 1 +
 target/riscv/op_helper.c | 1 +
 target/riscv/vector_helper.c | 1 +
 8 files changed, 8 insertions(+)

diff --git a/target/avr/helper.c b/target/avr/helper.c
index e6e7d51487..fdc9884ea0 100644
--- a/target/avr/helper.c
+++ b/target/avr/helper.c
@@ -24,6 +24,7 @@
 #include "cpu.h"
 #include "hw/core/tcg-cpu-ops.h"
 #include "exec/exec-all.h"
+#include "exec/cpu_ldst.h"
 #include "exec/address-spaces.h"
 #include "exec/helper-proto.h"
 
diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c
index 6f3741b635..4430d3d380 100644
--- a/target/i386/tcg/fpu_helper.c
+++ b/target/i386/tcg/fpu_helper.c
@@ -21,6 +21,7 @@
 #include 
 #include "cpu.h"
 #include "tcg-cpu.h"
+#include "exec/cpu_ldst.h"
 #include "exec/helper-proto.h"
 #include "fpu/softfloat.h"
 #include "fpu/softfloat-macros.h"
diff --git a/target/i386/tcg/sysemu/excp_helper.c 
b/target/i386/tcg/sysemu/excp_helper.c
index b5f0abffa3..226689a4f2 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -19,6 +19,7 @@
 
 #include "qemu/osdep.h"
 #include "cpu.h"
+#include "exec/cpu_ldst.h"
 #include "exec/exec-all.h"
 #include "tcg/helper-tcg.h"
 
diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index 27fc6e1f33..65f9320e34 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -11,6 +11,7 @@
 #include "qapi/error.h"
 #include "qemu/module.h"
 #include "sysemu/qtest.h"
+#include "exec/cpu_ldst.h"
 #include "exec/exec-all.h"
 #include "cpu.h"
 #include "internals.h"
diff --git a/target/mips/tcg/ldst_helper.c b/target/mips/tcg/ldst_helper.c
index c1a8380e34..97056d00a2 100644
--- a/target/mips/tcg/ldst_helper.c
+++ b/target/mips/tcg/ldst_helper.c
@@ -24,6 +24,7 @@
 #include "cpu.h"
 #include "exec/helper-proto.h"
 #include "exec/exec-all.h"
+#include "exec/cpu_ldst.h"
 #include "exec/memop.h"
 #include "internal.h"
 
diff --git a/target/mips/tcg/msa_helper.c b/target/mips/tcg/msa_helper.c
index 29b31d70fe..c8597b9e30 100644
--- a/target/mips/tcg/msa_helper.c
+++ b/target/mips/tcg/msa_helper.c
@@ -22,6 +22,7 @@
 #include "internal.h"
 #include "tcg/tcg.h"
 #include "exec/exec-all.h"
+#include "exec/cpu_ldst.h"
 #include "exec/helper-proto.h"
 #include "exec/memop.h"
 #include "fpu/softfloat.h"
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index 9cdb9cdd06..7e2f1908ee 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -23,6 +23,7 @@
 #include "internals.h"
 #include "qemu/main-loop.h"
 #include "exec/exec-all.h"
+#include "exec/cpu_ldst.h"
 #include "exec/helper-proto.h"
 
 /* Exceptions processing helpers */
diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c
index bf7e0029a1..bc9e151aa9 100644
--- a/target/riscv/vector_helper.c
+++ b/target/riscv/vector_helper.c
@@ -22,6 +22,7 @@
 #include "cpu.h"
 #include "exec/memop.h"
 #include "exec/exec-all.h"
+#include "exec/cpu_ldst.h"
 #include "exec/helper-proto.h"
 #include "fpu/softfloat.h"
 #include "tcg/tcg-gvec-desc.h"
-- 
2.41.0

Re: [PATCH 7/8] target/helper: Remove unnecessary 'qemu/main-loop.h' header

[Philippe Mathieu-Daudé]

On 28/8/23 23:45, Philippe Mathieu-Daudé wrote:

On 28/8/23 20:40, Richard Henderson wrote:

On 8/28/23 07:55, Philippe Mathieu-Daudé wrote:

"qemu/main-loop.h" declares functions related to QEMU's
main loop mutex, which these files don't access. Remove
the unused "qemu/main-loop.h" header.

Signed-off-by: Philippe Mathieu-Daudé 
---
  target/riscv/pmu.h   | 2 --
  target/xtensa/mmu_helper.c   | 2 --
  target/xtensa/op_helper.c    | 2 --


At least these 3 files do two things.


I can compile these files adding '#error' in "qemu/main-loop.h".


Doh now I got it, I also remove "exec/cpu_ldst.h". Probably
a failed rebase, sorry...

Re: [PATCH 7/8] target/helper: Remove unnecessary 'qemu/main-loop.h' header

[Philippe Mathieu-Daudé]

On 28/8/23 20:40, Richard Henderson wrote:

On 8/28/23 07:55, Philippe Mathieu-Daudé wrote:

"qemu/main-loop.h" declares functions related to QEMU's
main loop mutex, which these files don't access. Remove
the unused "qemu/main-loop.h" header.

Signed-off-by: Philippe Mathieu-Daudé 
---
  target/riscv/pmu.h   | 2 --
  target/xtensa/mmu_helper.c   | 2 --
  target/xtensa/op_helper.c    | 2 --


At least these 3 files do two things.


I can compile these files adding '#error' in "qemu/main-loop.h".

Re: [PATCH] tcg: Remove vecop_list check from tcg_gen_not_vec

[Philippe Mathieu-Daudé]

On 28/8/23 21:39, Richard Henderson wrote:

The not pattern is always available via generic expansion.
See 


commit 11978f6f58 ("tcg: Fix expansion of INDEX_op_not_vec") and the


debug block in tcg_can_emit_vecop_list.

Signed-off-by: Richard Henderson 
---
  tcg/tcg-op-vec.c | 7 +++
  1 file changed, 3 insertions(+), 4 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé 

Re: [PATCH 05/10] accel/tcg: Merge cpu_transaction_failed into io_failed

[Philippe Mathieu-Daudé]

On 28/8/23 20:55, Richard Henderson wrote:

Push computation down into the if statements to the point
the data is used.

Signed-off-by: Richard Henderson 
---
  accel/tcg/cputlb.c | 33 +
  1 file changed, 13 insertions(+), 20 deletions(-)


Reviewed-by: Philippe Mathieu-Daudé